Re: [Qemu-devel] [Bug 1490611] Re: Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to the result file, which Microsoft Azure rejects as invalid

[ChristianEhrhardt]

On Fri, Feb 17, 2017 at 11:29 PM, Nish Aravamudan <
nish.aravamu...@canonical.com> wrote:

> I believe Christian has it on his todo for the next SRU, though;
> Christian, could you confirm?
>

Yes, that is correct.
Sorry for the inconvenient delay due to the chain SRUs.
But at least the bigger ones we need to unbundle to make sure not making
things worse for end-users when SRU'ing.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1490611

Title:
  Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to
  the result file, which Microsoft Azure rejects as invalid

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Xenial:
  In Progress

Bug description:
  [Impact]

   * Starting with a raw disk image, using "qemu-img convert" to convert
  from raw to VHD results in the output VHD file's virtual size being
  aligned to the nearest 516096 bytes (16 heads x 63 sectors per head x
  512 bytes per sector), instead of preserving the input file's size as
  the output VHD's virtual disk size.

   * Microsoft Azure requires that disk images (VHDs) submitted for
  upload have virtual sizes aligned to a megabyte boundary. (Ex. 4096MB,
  4097MB, 4098MB, etc. are OK, 4096.5MB is rejected with an error.) This
  is reflected in Microsoft's documentation: https://azure.microsoft.com
  /en-us/documentation/articles/virtual-machines-linux-create-upload-
  vhd-generic/

   * The fix for this bug is a backport from upstream.
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fb9245c2610932d33ce14

  [Test Case]

   * This is reproducible with the following set of commands (including
  the Azure command line tools from https://github.com/Azure/azure-
  xplat-cli). For the following example, I used qemu version 2.2.1:

  $ dd if=/dev/zero of=source-disk.img bs=1M count=4096

  $ stat source-disk.img
    File: ‘source-disk.img’
    Size: 4294967296  Blocks: 798656 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247963Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:48:02.613988480 -0700
  Modify: 2015-08-18 09:48:02.825985646 -0700
  Change: 2015-08-18 09:48:02.825985646 -0700
   Birth: -

  $ qemu-img convert -f raw -o subformat=fixed -O vpc source-disk.img
  dest-disk.vhd

  $ stat dest-disk.vhd
    File: ‘dest-disk.vhd’
    Size: 4296499712  Blocks: 535216 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247964Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:50:22.252077624 -0700
  Modify: 2015-08-18 09:49:24.424868868 -0700
  Change: 2015-08-18 09:49:24.424868868 -0700
   Birth: -

  $ azure vm image create testimage1 dest-disk.vhd -o linux -l "West US"
  info:Executing command vm image create
  + Retrieving storage accounts
  info:VHD size : 4097 MB
  info:Uploading 4195800.5 KB
  Requested:100.0% Completed:100.0% Running:   0 Time: 1m 0s Speed:  6744 KB/s
  info:https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd was 
uploaded successfully
  error:   The VHD 
https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd has an 
unsupported virtual size of 4296499200 bytes.  The size must be a whole number 
(in MBs).
  info:Error information has been recorded to /home/smkent/.azure/azure.err
  error:   vm image create command failed

   * A fixed qemu-img will not result in an error during azure image
  creation. It will require passing -o force_size, which will leverage
  the backported functionality.

  [Regression Potential]

   * The upstream fix introduces a qemu-img option (-o force_size) which
  is unset by default. The regression potential is very low, as a
  result.

  ...

  I also ran the above commands using qemu 2.4.0, which resulted in the
  same error as the conversion behavior is the same.

  However, qemu 2.1.1 and earlier (including qemu 2.0.0 installed by
  Ubuntu 14.04) does not pad the virtual disk size during conversion.
  Using qemu-img convert from qemu versions <=2.1.1 results in a VHD
  that is exactly the size of the raw input file plus 512 bytes (for the
  VHD footer). Those qemu versions do not attempt to realign the disk.
  As a result, Azure accepts VHD files created using those versions of
  qemu-img convert for upload.

  Is there a reason why newer qemu realigns the converted VHD file? It
  would be useful if an option were added to disable this feature, as
  current versions of qemu cannot be used to create VHD files for Azure
  using Microsoft's official instructions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1490611/+subscriptions

Re: [Qemu-devel] [PATCH v8 2/5] hw/intc/arm_gicv3_kvm: Add ICC_SRE_EL1 register to vmstate

[Vijay Kilari]

Hi Peter,

On Fri, Feb 17, 2017 at 7:25 PM, Peter Maydell  wrote:
> On 17 February 2017 at 06:31,   wrote:
>> From: Vijaya Kumar K 
>>
>> To Save and Restore ICC_SRE_EL1 register introduce vmstate
>> subsection and load only if non-zero.
>> Also initialize icc_sre_el1 with to 0x7 in pre_load
>> function.
>>
>> Signed-off-by: Vijaya Kumar K 
>> ---
>>  hw/intc/arm_gicv3_common.c | 32 
>>  include/hw/intc/arm_gicv3_common.h |  1 +
>>  2 files changed, 33 insertions(+)
>>
>> diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
>> index 16b9b0f..e62480e 100644
>> --- a/hw/intc/arm_gicv3_common.c
>> +++ b/hw/intc/arm_gicv3_common.c
>> @@ -70,6 +70,34 @@ static const VMStateDescription vmstate_gicv3_cpu_virt = {
>>  }
>>  };
>>
>> +static int icc_sre_el1_reg_pre_load(void *opaque)
>> +{
>> +GICv3CPUState *cs = opaque;
>> +
>> +/* By default enable SRE and disable IRQ & FIQ bypass. */
>> +cs->icc_sre_el1 = 0x7;
>
> Why do we need the pre_load function? I would have
> expected that reset would have given us these defaults
> already.
>
>> +return 0;
>> +}
>> +
>> +static bool icc_sre_el1_reg_needed(void *opaque)
>> +{
>> +GICv3CPUState *cs = opaque;
>> +
>> +return cs->icc_sre_el1 != 0;
>
> I expected this to say "we need to transfer the value if
> it isn't 0x7" (since the current situation of migration
> is "we assume that the value is 0x7").
>
> Something should probably fail inbound migration for TCG
> if the value isn't 0x7, for that matter.
>
> Is there a situation where KVM might allow a value other
> than 0x7?

In KVM, the SRE_EL1 value is 0x1. During save, value
read from KVM is 0x1 though we reset to 0x7.

>
>> +}
>> +
>> +const VMStateDescription vmstate_gicv3_cpu_sre_el1 = {
>> +.name = "arm_gicv3_cpu/sre_el1",
>> +.version_id = 1,
>> +.minimum_version_id = 1,
>> +.pre_load = icc_sre_el1_reg_pre_load,
>> +.needed = icc_sre_el1_reg_needed,
>> +.fields = (VMStateField[]) {
>> +VMSTATE_UINT64(icc_sre_el1, GICv3CPUState),
>> +VMSTATE_END_OF_LIST()
>> +}
>> +};
>> +
>>  static const VMStateDescription vmstate_gicv3_cpu = {
>>  .name = "arm_gicv3_cpu",
>>  .version_id = 1,
>> @@ -100,6 +128,10 @@ static const VMStateDescription vmstate_gicv3_cpu = {
>>  .subsections = (const VMStateDescription * []) {
>>  _gicv3_cpu_virt,
>>  NULL
>> +},
>> +.subsections = (const VMStateDescription * []) {
>> +_gicv3_cpu_sre_el1,
>> +NULL
>>  }
>>  };
>>
>> diff --git a/include/hw/intc/arm_gicv3_common.h 
>> b/include/hw/intc/arm_gicv3_common.h
>> index 4156051..bccdfe1 100644
>> --- a/include/hw/intc/arm_gicv3_common.h
>> +++ b/include/hw/intc/arm_gicv3_common.h
>> @@ -172,6 +172,7 @@ struct GICv3CPUState {
>>  uint8_t gicr_ipriorityr[GIC_INTERNAL];
>>
>>  /* CPU interface */
>> +uint64_t icc_sre_el1;
>>  uint64_t icc_ctlr_el1[2];
>>  uint64_t icc_pmr_el1;
>>  uint64_t icc_bpr[3];
>> --
>> 1.9.1
>
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU

[Thomas Huth]

On 19.02.2017 04:55, Philippe Mathieu-Daudé wrote:
> On 02/17/2017 05:27 AM, Ziyue Yang wrote:
>> From: Ziyue Yang 
>>
>> Currently mon_get_cpu always dereferences first_cpu without checking
>> whether it's a valid pointer. This commit adds check before
>> dereferencing,
>> and reports "No CPU" info if there isn't any CPU then returns NULL.
>>
>> Signed-off-by: Ziyue Yang 
> 
> Reviewed-by: Philippe Mathieu-Daudé 
> 
>> ---
>>  monitor.c | 10 +++---
>>  1 file changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/monitor.c b/monitor.c
>> index 3cd72a9bab..6b25cf7a2b 100644
>> --- a/monitor.c
>> +++ b/monitor.c
>> @@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
>>  CPUState *mon_get_cpu(void)
>>  {
>>  if (!cur_mon->mon_cpu) {
>> +if (!first_cpu) {
>> +monitor_printf(cur_mon, "No CPU available on this
>> machine\n");
>> +return NULL;
>> +}
>>  monitor_set_cpu(first_cpu->cpu_index);
>>  }
>>  cpu_synchronize_state(cur_mon->mon_cpu);
>> @@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
>>  static int is_valid_option(const char *c, const char *typestr)
>>  {
>>  char option[3];
>> -
>> +
>>  option[0] = '-';
>>  option[1] = *c;
>>  option[2] = '\0';
>> -
>> +
>>  typestr = strstr(typestr, option);
>>  return (typestr != NULL);
>>  }
>> @@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>>  p++;
>>  if(c != *p) {
>>  if(!is_valid_option(p, typestr)) {
>> -
>> +
>>  monitor_printf(mon, "%s: unsupported
>> option -%c\n",
>> cmd->name, *p);
>>  goto fail;

Your patch contains some unnecessary white space changes, please try to
avoid that! (or send a separate "beautification" patch to fix these).

 Thomas

Re: [Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine

[Thomas Huth]

On 17.02.2017 09:27, Ziyue Yang wrote:
> From: Ziyue Yang 
> 
> Many QEMU monitor commands, like "info lapic", "info tlb" and so on
> use mon_get_cpu or related wrappers to access CPU info without checking
> whether the CPU exists.
> This patch series fix the "info lapic" case, and is the base of the incoming
> patch series aiming to eliminate segfaults caused by other QEMU commands
> trying to access CPU that doesn't exist.

 Hi,

FYI, I've posted a patch for all of these monitor commands that crash
without CPU already last month:

https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg02602.html

 Thomas

Re: [Qemu-devel] [Qemu-ppc] [QEMU-PPC] [PATCH V3 02/10] target/ppc: Fix LPCR DPFD mask define

[Balbir Singh]

On Mon, Feb 20, 2017 at 03:04:30PM +1100, Suraj Jitindar Singh wrote:
> The DPFD field in the LPCR is 3 bits wide. This has always been defined
> as 0x3 << shift which indicates a 2 bit field, which is incorrect.
> Correct this.
> 
> Signed-off-by: Suraj Jitindar Singh 
> ---

Acked-by: Balbir Singh 

Re: [Qemu-devel] [PATCH 0/3] block devices record/replay update

[Pavel Dovgalyuk]

Destination host unreachable.

Ping again.

Pavel Dovgalyuk

> -Original Message-
> From: Pavel Dovgalyuk [mailto:dovga...@ispras.ru]
> Sent: Monday, February 13, 2017 8:05 AM
> To: 'Pavel Dovgalyuk'; qemu-devel@nongnu.org
> Cc: kw...@redhat.com; pbonz...@redhat.com; qemu-bl...@nongnu.org; 
> mre...@redhat.com
> Subject: RE: [PATCH 0/3] block devices record/replay update
> 
> Ping?
> 
> Pavel Dovgalyuk
> 
> > -Original Message-
> > From: Pavel Dovgalyuk [mailto:pavel.dovga...@ispras.ru]
> > Sent: Tuesday, January 31, 2017 2:57 PM
> > To: qemu-devel@nongnu.org
> > Cc: kw...@redhat.com; pbonz...@redhat.com; dovga...@ispras.ru; 
> > qemu-bl...@nongnu.org;
> > mre...@redhat.com
> > Subject: [PATCH 0/3] block devices record/replay update
> >
> > This set of patches includes several fixes for preserving
> > the state of the block device images while recording and replaying
> > virtual machine execution.
> >
> > blkreplay driver now creates temporary overlay for underlaying devices
> > This patch implicitly enables '-snapshot' behavior in record/replay mode.
> > blkreplay layer creates temporary overlays on top of underlaying
> > disk images. It is needed, because creating an overlay over blkreplay
> > with explicit '-snapshot' option breaks the determinism.
> >
> > ---
> >
> > Pavel Dovgalyuk (3):
> >   block: implement bdrv_snapshot_goto for blkreplay
> >   blkreplay: create temporary overlay for underlaying devices
> >   replay: disable default snapshot for record/replay
> >
> >
> >  block/blkreplay.c |   84 
> > +
> >  stubs/replay.c|1 +
> >  vl.c  |   10 +-
> >  3 files changed, 93 insertions(+), 2 deletions(-)
> >
> > --
> > Pavel Dovgalyuk

Re: [Qemu-devel] [Qemu-ppc] [QEMU-PPC] [PATCH V3 01/10] target/ppc/POWER9: Add ISAv3.00 MMU definition

[Balbir Singh]

On Mon, Feb 20, 2017 at 03:04:29PM +1100, Suraj Jitindar Singh wrote:
> POWER9 processors implement the mmu as defined in version 3.00 of the ISA.
> 
> Add a definition for this mmu model and set the POWER9 cpu model to use
> this mmu model.
> 
> Signed-off-by: Suraj Jitindar Singh 
> ---
>  target/ppc/cpu-qom.h| 5 -
>  target/ppc/mmu_helper.c | 2 ++
>  target/ppc/translate_init.c | 3 +--
>  3 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
> index b7977ba..4e3132b 100644
> --- a/target/ppc/cpu-qom.h
> +++ b/target/ppc/cpu-qom.h
> @@ -86,10 +86,13 @@ enum powerpc_mmu_t {
>  POWERPC_MMU_2_07   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
>   | POWERPC_MMU_64K
>   | POWERPC_MMU_AMR | 0x0004,
> -/* FIXME Add POWERPC_MMU_3_OO defines */
>  /* Architecture 2.07 "degraded" (no 1T segments)   */
>  POWERPC_MMU_2_07a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
>   | 0x0004,
> +/* Architecture 3.00 variant   */
> +POWERPC_MMU_3_00   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
> + | POWERPC_MMU_64K
> + | POWERPC_MMU_AMR | 0x0005,

I wonder if we need a POWERPC_MMU_RADIX that we can then attach
with future versions

Balbir Singh.

Re: [Qemu-devel] kvm bug in __rmap_clear_dirty during live migration

[Han, Huaitong]

Hi, Gaohuai

I tried to debug the problem, and I found the indirect cause may be that
the rmap value is not cleared when KVM mmu page is freed. I have read
code without the root cause. Can you stable reproduce the the issue?
Many guesses need to be verified.


On Mon, 2017-02-20 at 10:17 +0800, hangaohuai wrote:
> Hi, Kai Huang and Xiao Guangrong.
> 
> For the problem mentioned above, there may be a bug related to PML and 
> probably on Broadwell CPUs.
> 
> I've been reading the code for PML for days, but I haven't found any clews. 
> Do you have any idea about this BUG ?
> 
> Hope you can help!
> 
> On 2017/2/10 23:28, Chris Friesen wrote:
> >
> > Well, not so much solved as worked around it.
> >
> > It seems that the problem only showed up on Broadwell, which made us wonder 
> > about something hardware specific.
> >
> > Setting "kvm-intel.eptad=0" in the kernel boot args seems to mask the 
> > problem for us.
> >
> > Chris
> >
> > On 02/10/2017 03:11 AM, Herongguang (Stephen) wrote:
> >> Hi, Chris Friesen, did you solve the problem?
> >>
> >> On 2017/2/9 22:37, Herongguang (Stephen) wrote:
> >>> Hi.
> >>> I had a problem when I just repeatedly live migrate a vm between two 
> >>> compute
> >>> nodes.
> >>> The phenomenon was that the KVM module was crashed and then the host 
> >>> rebooted.
> >>> However I cannot reliably trigger this BUG.
> >>>
> >>> The backtrace is the same as 
> >>> http://www.spinics.net/lists/kvm/msg138475.html.
> >>>
> >>> The crash is triggered when function __rmap_clear_dirty is invoked and an
> >>> invalid page(0x7f183000) is visited.
> >>> The value %rdi is 0x7f183000, which is obviously not a valid 
> >>> kernel
> >>> pointer for x86_64.
> >>> The assembly of __rmap_clear_dirty is:
> >>>  0xa04d9ac0 <__rmap_clear_dirty>:callq 
> >>> 0x816543d0
> >>> 
> >>>  0xa04d9ac5 <__rmap_clear_dirty+5>:  push %rbp
> >>>  0xa04d9ac6 <__rmap_clear_dirty+6>:  mov %rsp,%rbp
> >>>  0xa04d9ac9 <__rmap_clear_dirty+9>:  push %rbx
> >>>  0xa04d9aca <__rmap_clear_dirty+10>: sub $0x18,%rsp
> >>>  0xa04d9ace <__rmap_clear_dirty+14>: mov (%rsi),%rdi
> >>>  0xa04d9ad1 <__rmap_clear_dirty+17>: mov %gs:0x28,%rax
> >>>  0xa04d9ada <__rmap_clear_dirty+26>: mov %rax,-0x10(%rbp)
> >>>  0xa04d9ade <__rmap_clear_dirty+30>: xor %eax,%eax
> >>>  0xa04d9ae0 <__rmap_clear_dirty+32>: test %rdi,%rdi
> >>>  0xa04d9ae3 <__rmap_clear_dirty+35>: je 0xa04d9b78
> >>>  0xa04d9ae9 <__rmap_clear_dirty+41>: test $0x1,%dil
> >>>  0xa04d9aed <__rmap_clear_dirty+45>: je 0xa04d9b98
> >>>  0xa04d9af3 <__rmap_clear_dirty+51>: and 
> >>> $0xfffe,%rdi
> >>>  0xa04d9af7 <__rmap_clear_dirty+55>: movl $0x0,-0x18(%rbp)
> >>>  0xa04d9afe <__rmap_clear_dirty+62>: mov %rdi,-0x20(%rbp)
> >>>  0xa04d9b02 <__rmap_clear_dirty+66>: mov (%rdi),%rdi
> >>>  0xa04d9b05 <__rmap_clear_dirty+69>: test %rdi,%rdi
> >>> ...
> >>>
> >>> The details of the environment is:
> >>> Host info: x86_64 CentOS 7 kernel (3.10.0-327.36.58.10_2.x86_64, slightly
> >>> modified). The CPU is Broadwell Intel(R) Xeon(R) CPU E5-2618L v4 @ 
> >>> 2.20GHz.
> >>> Kmod info: version is 4.4.36
> >>> What I know is that the parameter PML(Page Modification Logging) is 
> >>> enabled by
> >>> default.
> >>>  # cat /sys/module/kvm_intel/parameters/pml
> >>>  # Y
> >>>
> >>> Below is the crash message:
> >>> [1548777.924180] kvm: zapping shadow pages for mmio generation wraparound
> >>> [1548777.947844] HTB: quantum of class 10001 is big. Consider r2q change.
> >>> [1548778.185389] kvm: zapping shadow pages for mmio generation wraparound
> >>> [1548778.994801] BUG: unable to handle kernel paging request at 
> >>> 7f183000
> >>> [1548779.002135] IP: [] __rmap_clear_dirty+0x4a/0xf0 
> >>> [kvm]
> >>> [1548779.009151] PGD 1f8452067 PUD 0
> >>> [1548779.012774] Thread overran stack, or stack corrupted
> >>> [1548779.018076] Oops:  [#1] SMP
> >>> [1548779.027050] collected_len = 1048570, LOG_BUF_LEN_LOCAL = 1048576
> >>> [1548779.042039] kbox: no notify die func register. no need to notify
> >>> [1548779.048392] do nothing after die!
> >>> [1548779.052071] Modules linked in: kboxdriver(O) kbox(O) sch_htb
> >>> ip_set_hash_net ip6table_filter ip6_tables iptable_filter igb_uio(OE) uio
> >>> bridge dm_service_time dm_multipath iscsi_tcp libiscsi_tcp libiscsi
> >>> scsi_transport_iscsi 8021q garp stp mrp llc vfat fat isofs ext4 jbd2 xfs
> >>> sha512_generic dev_connlimit(O) bum(O) ip_set nfnetlink prio(O) nat(O)
> >>> vport_vxlan(O) openvswitch(O) nf_defrag_ipv6 gre ib_uverbs(OVE) 
> >>> hotpatch(OE)
> >>> sigma_serial(O) pmcint(O) guest_kbox_ram(O) signo_catch(O) mlx4_ib(OVE)
> >>> mlx4_en(OVE) 

[Qemu-devel] [Bug 696530] Re: qemu-0.13.0-r2 special keys different when using -alt-grab

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/696530

Title:
  qemu-0.13.0-r2 special keys different when using -alt-grab

Status in QEMU:
  Expired

Bug description:
  I use -alt-grab with qemu-0.13.0-r2 and special keys like Ctrl-Alt-f
  for full screen did not work for me with a windows guest. They work
  normally when omitting the -alt-grab startup parameter.

  After quite a long time, I found out that I have to add the shift key
  to the keys from the documentation when I use the -alt-grab option.

  Probably -ctrl-grab behaves similarly. It would be really nice to have
  this documented in the default documentation in the man page as has
  not been documented there yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/696530/+subscriptions

[Qemu-devel] [QEMU-PPC] [PATCH V3 06/10] target/ppc: Don't gen an SDR1 on POWER9 and rework register creation

[Suraj Jitindar Singh]

POWER9 doesn't have a storage description register 1 (SDR1) which is used
to store the base and size of the hash table. Thus we don't need to
generate this register on the POWER9 cpu model and thus shouldn't read or
write to it either. While we're here, init_proc_book3s_64 is a convoluted
mess which attempts to be a generic function which will then call cpu model
specific register gen functions, but we're calling it from a cpu model
specific function (pcc->init_proc) anyway. So instead of going from
cpu specific function -> generic function -> cpu specific functions, why
not just call the cpu specific register gen functions directly from the
cpu specific init_proc() function removing the need for init_proc_book3s_64
function altogether and hopefully clarifying the cpu model specific
register generation.

We rename ppc_hash64_set_sdr1->ppc_hash64_store_hpt to better represent
that the generic use of the function is to set the htab_[mask/base] and
sdr1 only if appropriate, and update call sites accordingly.

We update ppc_cpu_dump_state so that "info registers" will only display
the value of sdr1 if the register has been generated.

Finally, as mentioned above the register generation for the pcc->init_proc
function for 970, POWER5+, POWER7, POWER8 and POWER9 has been reworked
for improved clarity. Instead of calling init_proc_book3s_64 which then
attempts to generate the correct registers through a mess of if
statements, we remove this function and instead call the appropriate
register generation functions directly. This follows the register
generation model followed for earlier cpu models (pre-970) whereby cpu
specific registers are generated directly in the init_proc function
and makes it easier to add/remove specific registers for new cpu models.

Signed-off-by: Suraj Jitindar Singh 

---

V2->V3:
- Add rework of register generation
---
 target/ppc/mmu-hash64.c |  17 ++-
 target/ppc/mmu-hash64.h |   4 +-
 target/ppc/mmu_helper.c |   2 +-
 target/ppc/translate.c  |   7 +-
 target/ppc/translate_init.c | 316 +++-
 5 files changed, 218 insertions(+), 128 deletions(-)

diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 7c5d589..3e17a9f 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -285,13 +285,12 @@ target_ulong helper_load_slb_vsid(CPUPPCState *env, 
target_ulong rb)
 /*
  * 64-bit hash table MMU handling
  */
-void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
- Error **errp)
+void ppc_hash64_store_hpt(PowerPCCPU *cpu, target_ulong value,
+  Error **errp)
 {
 CPUPPCState *env = >env;
 target_ulong htabsize = value & SDR_64_HTABSIZE;
 
-env->spr[SPR_SDR1] = value;
 if (htabsize > 28) {
 error_setg(errp,
"Invalid HTABSIZE 0x" TARGET_FMT_lx" stored in SDR1",
@@ -300,6 +299,14 @@ void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong 
value,
 }
 env->htab_mask = (1ULL << (htabsize + 18 - 7)) - 1;
 env->htab_base = value & SDR_64_HTABORG;
+
+switch (env->mmu_model) {
+case POWERPC_MMU_3_00:
+break; /* Power 9 doesn't have an SDR1 */
+default:
+env->spr[SPR_SDR1] = value;
+break;
+}
 }
 
 void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
@@ -313,8 +320,8 @@ void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void 
*hpt, int shift,
 } else {
 env->external_htab = MMU_HASH64_KVM_MANAGED_HPT;
 }
-ppc_hash64_set_sdr1(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
-_err);
+ppc_hash64_store_hpt(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
+ _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
index 7a0b7fc..2c00bce 100644
--- a/target/ppc/mmu-hash64.h
+++ b/target/ppc/mmu-hash64.h
@@ -91,8 +91,8 @@ void ppc_hash64_update_rmls(CPUPPCState *env);
 #define HPTE64_V_1TB_SEG0x4000ULL
 #define HPTE64_V_VRMA_MASK  0x4001ff00ULL
 
-void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
- Error **errp);
+void ppc_hash64_store_hpt(PowerPCCPU *cpu, target_ulong value,
+  Error **errp);
 void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
  Error **errp);
 
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 172a305..2911266 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -2005,7 +2005,7 @@ void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
 PowerPCCPU *cpu = ppc_env_get_cpu(env);
 Error *local_err = NULL;
 
-ppc_hash64_set_sdr1(cpu, value, _err);
+ppc_hash64_store_hpt(cpu, value, _err);
 if (local_err) {
 

[Qemu-devel] [QEMU-PPC] [PATCH V3 09/10] target/ppc/POWER9: Add cpu_has_work function for POWER9

[Suraj Jitindar Singh]

The cpu has work function is used to mask interrupts used to determine
if there is work for the cpu based on the LPCR. Add a function to do this
for POWER9 and add it to the POWER9 cpu definition. This is similar to that
for POWER8 except using the LPCR bits as defined for POWER9.

Signed-off-by: Suraj Jitindar Singh 
Reviewed-by: David Gibson 
---
 target/ppc/translate_init.c | 45 +
 1 file changed, 45 insertions(+)

diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 7661c21..840d62e 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8846,10 +8846,54 @@ static bool ppc_pvr_match_power9(PowerPCCPUClass *pcc, 
uint32_t pvr)
 return false;
 }
 
+static bool cpu_has_work_POWER9(CPUState *cs)
+{
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+CPUPPCState *env = >env;
+
+if (cs->halted) {
+if (!(cs->interrupt_request & CPU_INTERRUPT_HARD)) {
+return false;
+}
+/* External Exception */
+if ((env->pending_interrupts & (1u << PPC_INTERRUPT_EXT)) &&
+(env->spr[SPR_LPCR] & LPCR_EEE)) {
+return true;
+}
+/* Decrementer Exception */
+if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DECR)) &&
+(env->spr[SPR_LPCR] & LPCR_DEE)) {
+return true;
+}
+/* Machine Check or Hypervisor Maintenance Exception */
+if ((env->pending_interrupts & (1u << PPC_INTERRUPT_MCK |
+1u << PPC_INTERRUPT_HMI)) && (env->spr[SPR_LPCR] & LPCR_OEE)) {
+return true;
+}
+/* Privileged Doorbell Exception */
+if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DOORBELL)) &&
+(env->spr[SPR_LPCR] & LPCR_PDEE)) {
+return true;
+}
+/* Hypervisor Doorbell Exception */
+if ((env->pending_interrupts & (1u << PPC_INTERRUPT_HDOORBELL)) &&
+(env->spr[SPR_LPCR] & LPCR_HDEE)) {
+return true;
+}
+if (env->pending_interrupts & (1u << PPC_INTERRUPT_RESET)) {
+return true;
+}
+return false;
+} else {
+return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
+}
+}
+
 POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
+CPUClass *cc = CPU_CLASS(oc);
 
 dc->fw_name = "PowerPC,POWER9";
 dc->desc = "POWER9";
@@ -8860,6 +8904,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
  PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER9;
 pcc->check_pow = check_pow_nocheck;
+cc->has_work = cpu_has_work_POWER9;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 08/10] target/ppc/POWER9: Add POWER9 pa-features definition

[Suraj Jitindar Singh]

Add a pa-features definition which includes all of the new fields which
have been added, note we don't claim support for any of these new features
at this stage.

Signed-off-by: Suraj Jitindar Singh 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 2fbf193..cef950d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -356,6 +356,20 @@ static void spapr_populate_pa_features(CPUPPCState *env, 
void *fdt, int offset)
 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
 0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
 0x80, 0x00, 0x80, 0x00, 0x00, 0x00 };
+/* Currently we don't advertise any of the "new" ISAv3.00 functionality */
+uint8_t pa_features_300[] = { 64, 0,
+0xf6, 0x1f, 0xc7, 0xc0, 0x80, 0xf0, /*  0 -  5 */
+0x80, 0x00, 0x00, 0x00, 0x00, 0x00, /*  6 - 11 */
+0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 12 - 17 */
+0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 18 - 23 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 24 - 29 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 30 - 35 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 36 - 41 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 42 - 47 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 48 - 53 */
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 54 - 59 */
+0x00, 0x00, 0x00, 0x00   }; /* 60 - 63 */
+
 uint8_t *pa_features;
 size_t pa_size;
 
@@ -370,6 +384,10 @@ static void spapr_populate_pa_features(CPUPPCState *env, 
void *fdt, int offset)
 pa_features = pa_features_207;
 pa_size = sizeof(pa_features_207);
 break;
+case POWERPC_MMU_3_00:
+pa_features = pa_features_300;
+pa_size = sizeof(pa_features_300);
+break;
 default:
 return;
 }
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 05/10] target/ppc: Add patb_entry to sPAPRMachineState

[Suraj Jitindar Singh]

ISA v3.00 adds the idea of a partition table which is used to store the
address translation details for all partitions on the system. The partition
table consists of double word entries indexed by partition id where the second
double word contains the location of the process table in guest memory. The
process table is registered by the guest via a h-call.

We need somewhere to store the address of the process table so we add an entry
to the sPAPRMachineState struct called patb_entry to represent the second
doubleword of a single partition table entry corresponding to the current
guest. We need to store this value so we know if the guest is using radix or
hash translation and the location of the corresponding process table in guest
memory. Since we only have a single guest per qemu instance, we only need one
entry.

Since the partition table is technically a hypervisor resource we require that
access to it is abstracted by the virtual hypervisor through the calls
[set/get]_patbe(). Currently the value of the entry is never set (and thus
defaults to 0 indicating hash), but it will be required to both implement
POWER9 kvm support and tcg radix support.

We also add this field to be migrated as part of the sPAPRMachineState as we
will need it on the receiving side as the guest will never tell us this
information again and we need it to perform translation.

Signed-off-by: Suraj Jitindar Singh 

---

V2->V3:
- Only add patbe to migration stream if non-zero
---
 hw/ppc/spapr.c | 29 +
 include/hw/ppc/spapr.h |  1 +
 target/ppc/cpu.h   |  1 +
 3 files changed, 31 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e465d7a..2fbf193 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1018,6 +1018,13 @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor 
*vhyp,
 }
 }
 
+static uint64_t spapr_get_patbe(PPCVirtualHypervisor *vhyp)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(vhyp);
+
+return spapr->patb_entry;
+}
+
 #define HPTE(_table, _i)   (void *)(((uint64_t *)(_table)) + ((_i) * 2))
 #define HPTE_VALID(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_VALID)
 #define HPTE_DIRTY(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & 
HPTE64_V_HPTE_DIRTY)
@@ -1141,6 +1148,8 @@ static void ppc_spapr_reset(void)
 /* Check for unknown sysbus devices */
 foreach_dynamic_sysbus_device(find_unknown_sysbus_device, NULL);
 
+spapr->patb_entry = 0;
+
 /* Allocate and/or reset the hash page table */
 spapr_reallocate_hpt(spapr,
  spapr_hpt_shift_for_ramsize(machine->maxram_size),
@@ -1327,6 +1336,24 @@ static const VMStateDescription vmstate_spapr_ov5_cas = {
 },
 };
 
+static bool spapr_patb_entry_needed(void *opaque)
+{
+sPAPRMachineState *spapr = opaque;
+
+return !!spapr->patb_entry;
+}
+
+static const VMStateDescription vmstate_spapr_patb_entry = {
+.name = "spapr_patb_entry",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_patb_entry_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(patb_entry, sPAPRMachineState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static const VMStateDescription vmstate_spapr = {
 .name = "spapr",
 .version_id = 3,
@@ -1344,6 +1371,7 @@ static const VMStateDescription vmstate_spapr = {
 },
 .subsections = (const VMStateDescription*[]) {
 _spapr_ov5_cas,
+_spapr_patb_entry,
 NULL
 }
 };
@@ -2733,6 +2761,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 nc->nmi_monitor_handler = spapr_nmi;
 smc->phb_placement = spapr_phb_placement;
 vhc->hypercall = emulate_spapr_hypercall;
+vhc->get_patbe = spapr_get_patbe;
 }
 
 static const TypeInfo spapr_machine_info = {
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index a2d8964..c6a929a 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -63,6 +63,7 @@ struct sPAPRMachineState {
 
 void *htab;
 uint32_t htab_shift;
+uint64_t patb_entry; /* Process tbl registed in H_REGISTER_PROCESS_TABLE */
 hwaddr rma_size;
 int vrma_adjust;
 ssize_t rtas_size;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 425e79d..684d632 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1218,6 +1218,7 @@ struct PPCVirtualHypervisor {
 struct PPCVirtualHypervisorClass {
 InterfaceClass parent;
 void (*hypercall)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
+uint64_t (*get_patbe)(PPCVirtualHypervisor *vhyp);
 };
 
 #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor"
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 03/10] target/ppc/POWER9: Adapt LPCR handling for POWER9

[Suraj Jitindar Singh]

The logical partitioning control register controls a threads operation
based on the partition it is currently executing. Add new definitions and
update the mask used when writing to the LPCR based on the POWER9 spec.

Signed-off-by: Suraj Jitindar Singh 
---
 target/ppc/cpu.h| 18 ++
 target/ppc/mmu-hash64.c |  8 
 target/ppc/translate_init.c | 24 ++--
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index bb96dd5..425e79d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -384,12 +384,19 @@ struct ppc_slb_t {
 #define LPCR_DPFD (0x7ull << LPCR_DPFD_SHIFT)
 #define LPCR_VRMASD_SHIFT (63 - 16)
 #define LPCR_VRMASD   (0x1full << LPCR_VRMASD_SHIFT)
+/* P9: Power-saving mode Exit Cause Enable (Upper Section) Mask */
+#define LPCR_PECE_U_SHIFT (63 - 19)
+#define LPCR_PECE_U_MASK  (0x7ull << LPCR_PECE_U_SHIFT)
+#define LPCR_HVEE (1ull << (63 - 17)) /* Hypervisor Virt Exit Enable */
 #define LPCR_RMLS_SHIFT   (63 - 37)
 #define LPCR_RMLS (0xfull << LPCR_RMLS_SHIFT)
 #define LPCR_ILE  (1ull << (63 - 38))
 #define LPCR_AIL_SHIFT(63 - 40)  /* Alternate interrupt location */
 #define LPCR_AIL  (3ull << LPCR_AIL_SHIFT)
+#define LPCR_UPRT (1ull << (63 - 41)) /* Use Process Table */
+#define LPCR_EVIRT(1ull << (63 - 42)) /* Enhanced Virtualisation */
 #define LPCR_ONL  (1ull << (63 - 45))
+#define LPCR_LD   (1ull << (63 - 46)) /* Large Decrementer */
 #define LPCR_P7_PECE0 (1ull << (63 - 49))
 #define LPCR_P7_PECE1 (1ull << (63 - 50))
 #define LPCR_P7_PECE2 (1ull << (63 - 51))
@@ -398,11 +405,22 @@ struct ppc_slb_t {
 #define LPCR_P8_PECE2 (1ull << (63 - 49))
 #define LPCR_P8_PECE3 (1ull << (63 - 50))
 #define LPCR_P8_PECE4 (1ull << (63 - 51))
+/* P9: Power-saving mode Exit Cause Enable (Lower Section) Mask */
+#define LPCR_PECE_L_SHIFT (63 - 51)
+#define LPCR_PECE_L_MASK  (0x1full << LPCR_PECE_L_SHIFT)
+#define LPCR_PDEE (1ull << (63 - 47)) /* Privileged Doorbell Exit EN */
+#define LPCR_HDEE (1ull << (63 - 48)) /* Hyperv Doorbell Exit Enable */
+#define LPCR_EEE  (1ull << (63 - 49)) /* External Exit Enable*/
+#define LPCR_DEE  (1ull << (63 - 50)) /* Decrementer Exit Enable */
+#define LPCR_OEE  (1ull << (63 - 51)) /* Other Exit Enable   */
 #define LPCR_MER  (1ull << (63 - 52))
+#define LPCR_GTSE (1ull << (63 - 53)) /* Guest Translation Shootdown */
 #define LPCR_TC   (1ull << (63 - 54))
+#define LPCR_HEIC (1ull << (63 - 59)) /* HV Extern Interrupt Control */
 #define LPCR_LPES0(1ull << (63 - 60))
 #define LPCR_LPES1(1ull << (63 - 61))
 #define LPCR_RMI  (1ull << (63 - 62))
+#define LPCR_HVICE(1ull << (63 - 62)) /* HV Virtualisation Int Enable 
*/
 #define LPCR_HDICE(1ull << (63 - 63))
 
 #define msr_sf   ((env->msr >> MSR_SF)   & 1)
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index bb78fb5..24d9901 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -1050,6 +1050,14 @@ void helper_store_lpcr(CPUPPCState *env, target_ulong 
val)
   LPCR_P8_PECE2 | LPCR_P8_PECE3 | LPCR_P8_PECE4 |
   LPCR_MER | LPCR_TC | LPCR_LPES0 | LPCR_HDICE);
 break;
+case POWERPC_MMU_3_00: /* P9 */
+lpcr = val & (LPCR_VPM1 | LPCR_ISL | LPCR_KBV | LPCR_DPFD |
+  (LPCR_PECE_U_MASK & LPCR_HVEE) | LPCR_ILE | LPCR_AIL |
+  LPCR_UPRT | LPCR_EVIRT | LPCR_ONL |
+  (LPCR_PECE_L_MASK & (LPCR_PDEE | LPCR_HDEE | LPCR_EEE |
+  LPCR_DEE | LPCR_OEE)) | LPCR_MER | LPCR_GTSE | LPCR_TC |
+  LPCR_HEIC | LPCR_LPES0 | LPCR_HVICE | LPCR_HDICE);
+break;
 default:
 ;
 }
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 84bf125..be35cbd 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8870,12 +8870,24 @@ void cpu_ppc_set_papr(PowerPCCPU *cpu)
 lpcr->default_value &= ~LPCR_RMLS;
 lpcr->default_value |= 1ull << LPCR_RMLS_SHIFT;
 
-/* P7 and P8 has slightly different PECE bits, mostly because P8 adds
- * bit 47 and 48 which are reserved on P7. Here we set them all, which
- * will work as expected for both implementations
- */
-lpcr->default_value |= LPCR_P8_PECE0 | LPCR_P8_PECE1 | LPCR_P8_PECE2 |
-   LPCR_P8_PECE3 | LPCR_P8_PECE4;
+switch (env->mmu_model) {
+case POWERPC_MMU_3_00:
+/* By default we choose legacy mode and switch to new hash or radix
+ * when a register process table hcall is made. So disable process
+ * tables and guest translation shootdown by default
+ */
+lpcr->default_value &= ~(LPCR_UPRT | LPCR_GTSE);
+   

[Qemu-devel] [QEMU-PPC] [PATCH V3 10/10] hw/ppc/spapr: Add POWER9 to pseries cpu models

[Suraj Jitindar Singh]

Add POWER9 cpu to list of spapr core models which allows it to be specified
as the cpu model for a pseries guest (e.g. -machine pseries -cpu POWER9).

This now allows a POWER9 cpu to boot to userspace in tcg emulation for a
pseries machine with a legacy kernel.

Signed-off-by: Suraj Jitindar Singh 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_cpu_core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 9dddaeb..71253f9 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -360,6 +360,9 @@ static const char *spapr_core_models[] = {
 
 /* POWER8NVL */
 "POWER8NVL_v1.0",
+
+/* POWER9 */
+"POWER9_v1.0",
 };
 
 void spapr_cpu_core_class_init(ObjectClass *oc, void *data)
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 07/10] target/ppc/POWER9: Add POWER9 mmu fault handler

[Suraj Jitindar Singh]

Add a new mmu fault handler for the POWER9 cpu and add it as the handler
for the POWER9 cpu definition.

This handler checks if the guest is radix or hash based on the value in the
partition table entry and calls the correct fault handler accordingly.

The hash fault handling code has also been updated to check if the
partition is using segment tables.

Currently only legacy hash (no segment tables) is supported.

Signed-off-by: Suraj Jitindar Singh 

---

V2->V3:
- error_report on attempt to use segment tables instead of just LOG()
- Rename mmu.h -> mmu-book3s-v3.h
---
 target/ppc/mmu-book3s-v3.h  | 50 +
 target/ppc/mmu-hash64.c |  8 
 target/ppc/mmu_helper.c | 40 
 target/ppc/translate_init.c |  3 ++-
 4 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 target/ppc/mmu-book3s-v3.h

diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
new file mode 100644
index 000..9375921
--- /dev/null
+++ b/target/ppc/mmu-book3s-v3.h
@@ -0,0 +1,50 @@
+/*
+ *  PowerPC emulation generic mmu definitions for qemu.
+ *
+ *  Copyright (c) 2017 Suraj Jitindar Singh, IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef MMU_H
+#define MMU_H
+
+#ifndef CONFIG_USER_ONLY
+
+/* Partition Table Entry Fields */
+#define PATBE1_GR 0x8000
+
+#ifdef TARGET_PPC64
+
+static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
+{
+return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
+}
+
+static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
+{
+PPCVirtualHypervisorClass *vhc =
+PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
+
+return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
+}
+
+int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
+  int mmu_idx);
+
+#endif /* TARGET_PPC64 */
+
+#endif /* CONFIG_USER_ONLY */
+
+#endif /* MMU_H */
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 3e17a9f..a581b50 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -27,6 +27,7 @@
 #include "kvm_ppc.h"
 #include "mmu-hash64.h"
 #include "exec/log.h"
+#include "mmu-book3s-v3.h"
 
 //#define DEBUG_SLB
 
@@ -767,6 +768,13 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr,
 /* 2. Translation is on, so look up the SLB */
 slb = slb_lookup(cpu, eaddr);
 if (!slb) {
+/* No entry found, check if in-memory segment tables are in use */
+if (ppc64_use_proc_tbl(cpu)) {
+/* TODO - Unsupported */
+error_report("Segment Table Support Unimplemented");
+abort();
+}
+/* Segment still not found, generate the appropriate interrupt */
 if (rwx == 2) {
 cs->exception_index = POWERPC_EXCP_ISEG;
 env->error_code = 0;
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 2911266..527123c 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -28,6 +28,8 @@
 #include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "helper_regs.h"
+#include "qemu/error-report.h"
+#include "mmu-book3s-v3.h"
 
 //#define DEBUG_MMU
 //#define DEBUG_BATS
@@ -1280,6 +1282,17 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
CPUPPCState *env)
 case POWERPC_MMU_2_07a:
 dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
 break;
+case POWERPC_MMU_3_00:
+if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
+/* TODO - Unsupported */
+} else {
+if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
+/* TODO - Unsupported */
+} else {
+dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
+break;
+}
+}
 #endif
 default:
 qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
@@ -1421,6 +1434,17 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 case POWERPC_MMU_2_07:
 case POWERPC_MMU_2_07a:
 return ppc_hash64_get_phys_page_debug(cpu, addr);
+case POWERPC_MMU_3_00:
+if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
+/* TODO - Unsupported */
+} else {
+if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
+/* TODO - Unsupported 

[Qemu-devel] [QEMU-PPC] [PATCH V3 02/10] target/ppc: Fix LPCR DPFD mask define

[Suraj Jitindar Singh]

The DPFD field in the LPCR is 3 bits wide. This has always been defined
as 0x3 << shift which indicates a 2 bit field, which is incorrect.
Correct this.

Signed-off-by: Suraj Jitindar Singh 
---
 target/ppc/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index bc2a2ce..bb96dd5 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -381,7 +381,7 @@ struct ppc_slb_t {
 #define LPCR_ISL  (1ull << (63 - 2))
 #define LPCR_KBV  (1ull << (63 - 3))
 #define LPCR_DPFD_SHIFT   (63 - 11)
-#define LPCR_DPFD (0x3ull << LPCR_DPFD_SHIFT)
+#define LPCR_DPFD (0x7ull << LPCR_DPFD_SHIFT)
 #define LPCR_VRMASD_SHIFT (63 - 16)
 #define LPCR_VRMASD   (0x1full << LPCR_VRMASD_SHIFT)
 #define LPCR_RMLS_SHIFT   (63 - 37)
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 04/10] target/ppc/POWER9: Direct all instr and data storage interrupts to the hypv

[Suraj Jitindar Singh]

The vpm0 bit was removed from the LPCR in POWER9, this bit controlled
whether ISI and DSI interrupts were directed to the hypervisor or the
partition. These interrupts now go to the hypervisor irrespective, thus
it is no longer necessary to check the vmp0 bit in the LPCR.

Signed-off-by: Suraj Jitindar Singh 
Reviewed-by: David Gibson 
---
 target/ppc/mmu-hash64.c | 20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 24d9901..7c5d589 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -640,7 +640,15 @@ static void ppc_hash64_set_isi(CPUState *cs, CPUPPCState 
*env,
 if (msr_ir) {
 vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
 } else {
-vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+switch (env->mmu_model) {
+case POWERPC_MMU_3_00:
+/* Field deprecated in ISAv3.00 - interrupts always go to hyperv */
+vpm = true;
+break;
+default:
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+break;
+}
 }
 if (vpm && !msr_hv) {
 cs->exception_index = POWERPC_EXCP_HISI;
@@ -658,7 +666,15 @@ static void ppc_hash64_set_dsi(CPUState *cs, CPUPPCState 
*env, uint64_t dar,
 if (msr_dr) {
 vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
 } else {
-vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+switch (env->mmu_model) {
+case POWERPC_MMU_3_00:
+/* Field deprecated in ISAv3.00 - interrupts always go to hyperv */
+vpm = true;
+break;
+default:
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+break;
+}
 }
 if (vpm && !msr_hv) {
 cs->exception_index = POWERPC_EXCP_HDSI;
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 00/10] target/ppc: Implement POWER9 pseries tcg legacy support

[Suraj Jitindar Singh]

This is V3 of the patch series to implement tcg emulation support for a
POWER9 cpu model for the pseries machine type running a legacy kernel.
That is a kernel which doesn't use the new radix mmu mode or the new hash
mmu mode with segment tables.

To use a POWER9 cpu provide the command line option "-cpu POWER9".

This series attempts to avoid precluding KVM-HV support for the POWER9
cpu model but doesn't attempt to support KVM-PR or the powernv machine
for the POWER9 cpu model as these aren't currently supported or
implemented and further code changes will be required in the event these
are implemented.

This series is used as a base to implement radix support.

The changes from V2 are as follows:

 - Only migrate the partition table entry on non-zero value
 - Change how register generation works to simplify adding/removing
   registers
 - Rename mmu.h -> mmu-book3s-v3.h
 - Error report and abort on attempt to use segment tables

Suraj Jitindar Singh (10):
  target/ppc/POWER9: Add ISAv3.00 MMU definition
  target/ppc: Fix LPCR DPFD mask define
  target/ppc/POWER9: Adapt LPCR handling for POWER9
  target/ppc/POWER9: Direct all instr and data storage interrupts to the
hypv
  target/ppc: Add patb_entry to sPAPRMachineState
  target/ppc: Don't gen an SDR1 on POWER9 and rework register creation
  target/ppc/POWER9: Add POWER9 mmu fault handler
  target/ppc/POWER9: Add POWER9 pa-features definition
  target/ppc/POWER9: Add cpu_has_work function for POWER9
  hw/ppc/spapr: Add POWER9 to pseries cpu models

 hw/ppc/spapr.c  |  47 ++
 hw/ppc/spapr_cpu_core.c |   3 +
 include/hw/ppc/spapr.h  |   1 +
 target/ppc/cpu-qom.h|   5 +-
 target/ppc/cpu.h|  21 ++-
 target/ppc/mmu-book3s-v3.h  |  50 ++
 target/ppc/mmu-hash64.c |  53 +-
 target/ppc/mmu-hash64.h |   4 +-
 target/ppc/mmu_helper.c |  44 -
 target/ppc/translate.c  |   7 +-
 target/ppc/translate_init.c | 391 ++--
 11 files changed, 485 insertions(+), 141 deletions(-)
 create mode 100644 target/ppc/mmu-book3s-v3.h

-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V3 01/10] target/ppc/POWER9: Add ISAv3.00 MMU definition

[Suraj Jitindar Singh]

POWER9 processors implement the mmu as defined in version 3.00 of the ISA.

Add a definition for this mmu model and set the POWER9 cpu model to use
this mmu model.

Signed-off-by: Suraj Jitindar Singh 
---
 target/ppc/cpu-qom.h| 5 -
 target/ppc/mmu_helper.c | 2 ++
 target/ppc/translate_init.c | 3 +--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
index b7977ba..4e3132b 100644
--- a/target/ppc/cpu-qom.h
+++ b/target/ppc/cpu-qom.h
@@ -86,10 +86,13 @@ enum powerpc_mmu_t {
 POWERPC_MMU_2_07   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
  | POWERPC_MMU_64K
  | POWERPC_MMU_AMR | 0x0004,
-/* FIXME Add POWERPC_MMU_3_OO defines */
 /* Architecture 2.07 "degraded" (no 1T segments)   */
 POWERPC_MMU_2_07a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
  | 0x0004,
+/* Architecture 3.00 variant   */
+POWERPC_MMU_3_00   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
+ | POWERPC_MMU_64K
+ | POWERPC_MMU_AMR | 0x0005,
 };
 
 /*/
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index f746f53..172a305 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -1935,6 +1935,7 @@ void ppc_tlb_invalidate_all(CPUPPCState *env)
 case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_07:
 case POWERPC_MMU_2_07a:
+case POWERPC_MMU_3_00:
 #endif /* defined(TARGET_PPC64) */
 env->tlb_need_flush = 0;
 tlb_flush(CPU(cpu));
@@ -1974,6 +1975,7 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, 
target_ulong addr)
 case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_07:
 case POWERPC_MMU_2_07a:
+case POWERPC_MMU_3_00:
 /* tlbie invalidate TLBs for all segments */
 /* XXX: given the fact that there are too many segments to invalidate,
  *  and we still don't have a tlb_flush_mask(env, n, mask) in QEMU,
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 76f79fa..84bf125 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8816,8 +8816,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 (1ull << MSR_PMM) |
 (1ull << MSR_RI) |
 (1ull << MSR_LE);
-/* Using 2.07 defines until new radix model is added. */
-pcc->mmu_model = POWERPC_MMU_2_07;
+pcc->mmu_model = POWERPC_MMU_3_00;
 #if defined(CONFIG_SOFTMMU)
 pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault;
 /* segment page size remain the same */
-- 
2.5.5

[Qemu-devel] [PATCH] vfio/pci-quirks.c: Disable stolen memory for igd VFIO

[Xiong Zhang]

From: XiongZhang 

If IGD isn't assigned at 00:02.0 in UPT and host bios enable stolen
memory, seabios won't reseave stolen memory in E820 for guest. Then
both Intel graphic driver and others in guest could use stolen
memory, this will generate system hang. So we should disable stolen
memory in this case.

Bugzilla:https://bugs.freedesktop.org/show_bug.cgi?id=99028
 https://bugs.freedesktop.org/show_bug.cgi?id=99025

Signed-off-by: Xiong Zhang 
Tested-by: Terrence Xu 
---
 hw/vfio/pci-quirks.c | 63 ++--
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 1e97bc4..015d0c2 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -1364,14 +1364,43 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 uint32_t gmch;
 uint16_t cmd_orig, cmd;
 
+/* This must be an Intel VGA device. */
+if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
+!vfio_is_vga(vdev) || nr != 4) {
+return;
+}
+
 /*
- * This must be an Intel VGA device at address 00:02.0 for us to even
- * consider enabling legacy mode.  The vBIOS has dependencies on the
- * PCI bus address.
+ * IGD is not a standard, they like to change their specs often.  We
+ * only attempt to support back to SandBridge and we hope that newer
+ * devices maintain compatibility with generation 8.
  */
-if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
-!vfio_is_vga(vdev) || nr != 4 ||
->pdev != pci_find_device(pci_device_root_bus(>pdev),
+gen = igd_gen(vdev);
+if (gen != 6 && gen != 8) {
+error_report("IGD device %s is unsupported in legacy mode, "
+ "try SandyBridge or newer", vdev->vbasedev.name);
+return;
+}
+/*
+ * If this isn't at address 00:02.0, bios won't reserv stolen
+ * memory in E820, then others could use stolen memory. If guest
+ * graphic driver still use stolen memory, system maybe hang.
+ * so we set stolen memory size to 0 and guest graphic driver won't
+ * use stolen memory.
+ */
+gmch = vfio_pci_read_config(>pdev, IGD_GMCH, 4);
+gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));
+
+/* GMCH is read-only, emulated */
+pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
+pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0);
+pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0);
+
+/*
+ * This must be at address 00:02.0 for us to even onsider enabling
+ * legacy mode.  The vBIOS has dependencies on the PCI bus address.
+ */
+if (>pdev != pci_find_device(pci_device_root_bus(>pdev),
0, PCI_DEVFN(0x2, 0))) {
 return;
 }
@@ -1391,18 +1420,6 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 }
 
 /*
- * IGD is not a standard, they like to change their specs often.  We
- * only attempt to support back to SandBridge and we hope that newer
- * devices maintain compatibility with generation 8.
- */
-gen = igd_gen(vdev);
-if (gen != 6 && gen != 8) {
-error_report("IGD device %s is unsupported in legacy mode, "
- "try SandyBridge or newer", vdev->vbasedev.name);
-return;
-}
-
-/*
  * Most of what we're doing here is to enable the ROM to run, so if
  * there's no ROM, there's no point in setting up this quirk.
  * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM support.
@@ -1457,8 +1474,6 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 goto out;
 }
 
-gmch = vfio_pci_read_config(>pdev, IGD_GMCH, 4);
-
 /*
  * If IGD VGA Disable is clear (expected) and VGA is not already enabled,
  * try to enable it.  Probably shouldn't be using legacy mode without VGA,
@@ -1526,12 +1541,11 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
  * when IVD (IGD VGA Disable) is clear, but the claim is that it's unused,
  * so let's not waste VM memory for it.
  */
-gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));
-
 if (vdev->igd_gms) {
 if (vdev->igd_gms <= 0x10) {
 gms_mb = vdev->igd_gms * 32;
 gmch |= vdev->igd_gms << (gen < 8 ? 3 : 8);
+pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
 } else {
 error_report("Unsupported IGD GMS value 0x%x", vdev->igd_gms);
 vdev->igd_gms = 0;
@@ -1551,11 +1565,6 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 fw_cfg_add_file(fw_cfg_find(), "etc/igd-bdsm-size",
 bdsm_size, sizeof(*bdsm_size));
 
-/* GMCH is read-only, emulated */
-pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
-pci_set_long(vdev->pdev.wmask + 

Re: [Qemu-devel] [PATCH v3 0/4] colo-compare: fix some bugs

[Jason Wang]

On 2017年02月17日 10:53, zhanghailiang wrote:

This series includes two parts: codes optimization and bug fix.
patch 1 tries to move timer process into colo compare thread as
a new coroutine.
patch 2 ~ 4 fixe some bugs of colo compare.

v2->v3:
  - change the definition of remove_fd_in_watch() instead of
introducing a function (Marc-André Lureau's suggestion)
v1->v2:
  - Squash patch 3 of last version into patch 2. (ZhangChen's suggestion)

zhanghailiang (4):
   colo-compare: use g_timeout_source_new() to process the stale packets
   colo-compare: kick compare thread to exit after some cleanup in
 finalization
   char: remove the right fd been watched in qemu_chr_fe_set_handlers()
   colo-compare: Fix removing fds been watched incorrectly in
 finalization

  chardev/char-fd.c |   6 +--
  chardev/char-io.c |   8 ++--
  chardev/char-io.h |   2 +-
  chardev/char-pty.c|   2 +-
  chardev/char-socket.c |   4 +-
  chardev/char-udp.c|   6 +--
  chardev/char.c|   2 +-
  net/colo-compare.c| 115 ++
  8 files changed, 74 insertions(+), 71 deletions(-)



Applied, thanks.

Re: [Qemu-devel] [PATCH] vfio/pci-quirks.c: Disable stolen memory for igd VFIO

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PATCH] vfio/pci-quirks.c: Disable stolen memory for igd 
VFIO
Message-id: 20170220111716.10471-1-xiong.y.zh...@intel.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170220111716.10471-1-xiong.y.zh...@intel.com -> 
patchew/20170220111716.10471-1-xiong.y.zh...@intel.com
Switched to a new branch 'test'
f533dc3 vfio/pci-quirks.c: Disable stolen memory for igd VFIO

=== OUTPUT BEGIN ===
Checking PATCH 1/1: vfio/pci-quirks.c: Disable stolen memory for igd VFIO...
ERROR: code indent should never use tabs
#38: FILE: hw/vfio/pci-quirks.c:1370:
+^I/* This must be an Intel VGA device. */$

ERROR: code indent should never use tabs
#39: FILE: hw/vfio/pci-quirks.c:1371:
+^Iif (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||$

ERROR: braces {} are necessary for all arms of this statement
#39: FILE: hw/vfio/pci-quirks.c:1371:
+   if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
[...]

ERROR: code indent should never use tabs
#40: FILE: hw/vfio/pci-quirks.c:1372:
+^I^I!vfio_is_vga(vdev) || nr != 4)$

ERROR: code indent should never use tabs
#41: FILE: hw/vfio/pci-quirks.c:1373:
+^I^Ireturn;$

ERROR: code indent should never use tabs
#43: FILE: hw/vfio/pci-quirks.c:1375:
+^I/*$

ERROR: code indent should never use tabs
#44: FILE: hw/vfio/pci-quirks.c:1376:
+^I * IGD is not a standard, they like to change their specs often.  We$

ERROR: code indent should never use tabs
#45: FILE: hw/vfio/pci-quirks.c:1377:
+^I * only attempt to support back to SandBridge and we hope that newer$

ERROR: code indent should never use tabs
#46: FILE: hw/vfio/pci-quirks.c:1378:
+^I * devices maintain compatibility with generation 8.$

ERROR: code indent should never use tabs
#47: FILE: hw/vfio/pci-quirks.c:1379:
+^I */$

ERROR: code indent should never use tabs
#48: FILE: hw/vfio/pci-quirks.c:1380:
+^Igen = igd_gen(vdev);$

ERROR: code indent should never use tabs
#49: FILE: hw/vfio/pci-quirks.c:1381:
+^Iif (gen != 6 && gen != 8) {$

ERROR: code indent should never use tabs
#50: FILE: hw/vfio/pci-quirks.c:1382:
+^I^Ierror_report("IGD device %s is unsupported in legacy mode, "$

ERROR: code indent should never use tabs
#51: FILE: hw/vfio/pci-quirks.c:1383:
+^I^I^I "try SandyBridge or newer", vdev->vbasedev.name);$

ERROR: code indent should never use tabs
#52: FILE: hw/vfio/pci-quirks.c:1384:
+^I^Ireturn;$

ERROR: code indent should never use tabs
#53: FILE: hw/vfio/pci-quirks.c:1385:
+^I}$

ERROR: code indent should never use tabs
#54: FILE: hw/vfio/pci-quirks.c:1386:
+^I/*$

ERROR: code indent should never use tabs
#55: FILE: hw/vfio/pci-quirks.c:1387:
+^I * If this isn't at address 00:02.0, bios won't reserv stolen$

ERROR: code indent should never use tabs
#56: FILE: hw/vfio/pci-quirks.c:1388:
+^I * memory in E820, then others could use stolen memory. If guest$

ERROR: code indent should never use tabs
#57: FILE: hw/vfio/pci-quirks.c:1389:
+^I * graphic driver still use stolen memory, system maybe hang.$

ERROR: code indent should never use tabs
#58: FILE: hw/vfio/pci-quirks.c:1390:
+^I * so we set stolen memory size to 0 and guest graphic driver won't$

ERROR: code indent should never use tabs
#59: FILE: hw/vfio/pci-quirks.c:1391:
+^I * use stolen memory.$

ERROR: code indent should never use tabs
#60: FILE: hw/vfio/pci-quirks.c:1392:
+^I */$

ERROR: code indent should never use tabs
#61: FILE: hw/vfio/pci-quirks.c:1393:
+^Igmch = vfio_pci_read_config(>pdev, IGD_GMCH, 4);$

ERROR: code indent should never use tabs
#62: FILE: hw/vfio/pci-quirks.c:1394:
+^Igmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));$

ERROR: code indent should never use tabs
#64: FILE: hw/vfio/pci-quirks.c:1396:
+^I/* GMCH is read-only, emulated */$

ERROR: code indent should never use tabs
#65: FILE: hw/vfio/pci-quirks.c:1397:
+^Ipci_set_long(vdev->pdev.config + IGD_GMCH, gmch);$

ERROR: code indent should never use tabs
#66: FILE: hw/vfio/pci-quirks.c:1398:
+^Ipci_set_long(vdev->pdev.wmask + IGD_GMCH, 0);$

ERROR: code indent should never use tabs
#67: FILE: hw/vfio/pci-quirks.c:1399:
+^Ipci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0);$

ERROR: code indent should never use tabs
#69: FILE: hw/vfio/pci-quirks.c:1401:
+^I/*$

ERROR: code indent should never use tabs
#70: FILE: hw/vfio/pci-quirks.c:1402:

[Qemu-devel] [PATCH] vfio/pci-quirks.c: Disable stolen memory for igd VFIO

[Xiong Zhang]

From: XiongZhang 

If IGD isn't assigned at 00:02.0 in UPT and host bios enable stolen
memory, seabios won't reseave stolen memory in E820 for guest. Then
both Intel graphic driver and others in guest could use stolen
memory, this will generate system hang. So we should disable stolen
memory in this case.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99028
https://bugs.freedesktop.org/show_bug.cgi?id=99025

Signed-off-by: Xiong Zhang 
Tested-by: Terrence Xu 
---
 hw/vfio/pci-quirks.c | 71 +---
 1 file changed, 39 insertions(+), 32 deletions(-)

diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 1e97bc4..3c03577 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -1364,17 +1364,44 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 uint32_t gmch;
 uint16_t cmd_orig, cmd;
 
-/*
- * This must be an Intel VGA device at address 00:02.0 for us to even
- * consider enabling legacy mode.  The vBIOS has dependencies on the
- * PCI bus address.
- */
-if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
-!vfio_is_vga(vdev) || nr != 4 ||
->pdev != pci_find_device(pci_device_root_bus(>pdev),
-   0, PCI_DEVFN(0x2, 0))) {
-return;
-}
+   /* This must be an Intel VGA device. */
+   if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
+   !vfio_is_vga(vdev) || nr != 4)
+   return;
+
+   /*
+* IGD is not a standard, they like to change their specs often.  We
+* only attempt to support back to SandBridge and we hope that newer
+* devices maintain compatibility with generation 8.
+*/
+   gen = igd_gen(vdev);
+   if (gen != 6 && gen != 8) {
+   error_report("IGD device %s is unsupported in legacy mode, "
+"try SandyBridge or newer", vdev->vbasedev.name);
+   return;
+   }
+   /*
+* If this isn't at address 00:02.0, bios won't reserv stolen
+* memory in E820, then others could use stolen memory. If guest
+* graphic driver still use stolen memory, system maybe hang.
+* so we set stolen memory size to 0 and guest graphic driver won't
+* use stolen memory.
+*/
+   gmch = vfio_pci_read_config(>pdev, IGD_GMCH, 4);
+   gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));
+
+   /* GMCH is read-only, emulated */
+   pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
+   pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0);
+   pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0);
+
+   /*
+* This must be at address 00:02.0 for us to even onsider enabling
+* legacy mode.  The vBIOS has dependencies on the PCI bus address.
+*/
+   if (>pdev != pci_find_device(pci_device_root_bus(>pdev),
+  0, PCI_DEVFN(0x2, 0)))
+   return;
 
 /*
  * We need to create an LPC/ISA bridge at PCI bus address 00:1f.0 that we
@@ -1391,18 +1418,6 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 }
 
 /*
- * IGD is not a standard, they like to change their specs often.  We
- * only attempt to support back to SandBridge and we hope that newer
- * devices maintain compatibility with generation 8.
- */
-gen = igd_gen(vdev);
-if (gen != 6 && gen != 8) {
-error_report("IGD device %s is unsupported in legacy mode, "
- "try SandyBridge or newer", vdev->vbasedev.name);
-return;
-}
-
-/*
  * Most of what we're doing here is to enable the ROM to run, so if
  * there's no ROM, there's no point in setting up this quirk.
  * NB. We only seem to get BIOS ROMs, so a UEFI VM would need CSM support.
@@ -1457,8 +1472,6 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
 goto out;
 }
 
-gmch = vfio_pci_read_config(>pdev, IGD_GMCH, 4);
-
 /*
  * If IGD VGA Disable is clear (expected) and VGA is not already enabled,
  * try to enable it.  Probably shouldn't be using legacy mode without VGA,
@@ -1526,12 +1539,11 @@ static void vfio_probe_igd_bar4_quirk(VFIOPCIDevice 
*vdev, int nr)
  * when IVD (IGD VGA Disable) is clear, but the claim is that it's unused,
  * so let's not waste VM memory for it.
  */
-gmch &= ~((gen < 8 ? 0x1f : 0xff) << (gen < 8 ? 3 : 8));
-
 if (vdev->igd_gms) {
 if (vdev->igd_gms <= 0x10) {
 gms_mb = vdev->igd_gms * 32;
 gmch |= vdev->igd_gms << (gen < 8 ? 3 : 8);
+   pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
 } else {
 error_report("Unsupported IGD GMS value 0x%x", vdev->igd_gms);
 vdev->igd_gms = 0;
@@ 

Re: [Qemu-devel] kvm bug in __rmap_clear_dirty during live migration

[hangaohuai]

Hi, Kai Huang and Xiao Guangrong.

For the problem mentioned above, there may be a bug related to PML and probably 
on Broadwell CPUs.

I've been reading the code for PML for days, but I haven't found any clews. Do 
you have any idea about this BUG ?

Hope you can help!

On 2017/2/10 23:28, Chris Friesen wrote:
>
> Well, not so much solved as worked around it.
>
> It seems that the problem only showed up on Broadwell, which made us wonder 
> about something hardware specific.
>
> Setting "kvm-intel.eptad=0" in the kernel boot args seems to mask the problem 
> for us.
>
> Chris
>
> On 02/10/2017 03:11 AM, Herongguang (Stephen) wrote:
>> Hi, Chris Friesen, did you solve the problem?
>>
>> On 2017/2/9 22:37, Herongguang (Stephen) wrote:
>>> Hi.
>>> I had a problem when I just repeatedly live migrate a vm between two compute
>>> nodes.
>>> The phenomenon was that the KVM module was crashed and then the host 
>>> rebooted.
>>> However I cannot reliably trigger this BUG.
>>>
>>> The backtrace is the same as 
>>> http://www.spinics.net/lists/kvm/msg138475.html.
>>>
>>> The crash is triggered when function __rmap_clear_dirty is invoked and an
>>> invalid page(0x7f183000) is visited.
>>> The value %rdi is 0x7f183000, which is obviously not a valid kernel
>>> pointer for x86_64.
>>> The assembly of __rmap_clear_dirty is:
>>>  0xa04d9ac0 <__rmap_clear_dirty>:callq 
>>> 0x816543d0
>>> 
>>>  0xa04d9ac5 <__rmap_clear_dirty+5>:  push %rbp
>>>  0xa04d9ac6 <__rmap_clear_dirty+6>:  mov %rsp,%rbp
>>>  0xa04d9ac9 <__rmap_clear_dirty+9>:  push %rbx
>>>  0xa04d9aca <__rmap_clear_dirty+10>: sub $0x18,%rsp
>>>  0xa04d9ace <__rmap_clear_dirty+14>: mov (%rsi),%rdi
>>>  0xa04d9ad1 <__rmap_clear_dirty+17>: mov %gs:0x28,%rax
>>>  0xa04d9ada <__rmap_clear_dirty+26>: mov %rax,-0x10(%rbp)
>>>  0xa04d9ade <__rmap_clear_dirty+30>: xor %eax,%eax
>>>  0xa04d9ae0 <__rmap_clear_dirty+32>: test %rdi,%rdi
>>>  0xa04d9ae3 <__rmap_clear_dirty+35>: je 0xa04d9b78
>>>  0xa04d9ae9 <__rmap_clear_dirty+41>: test $0x1,%dil
>>>  0xa04d9aed <__rmap_clear_dirty+45>: je 0xa04d9b98
>>>  0xa04d9af3 <__rmap_clear_dirty+51>: and 
>>> $0xfffe,%rdi
>>>  0xa04d9af7 <__rmap_clear_dirty+55>: movl $0x0,-0x18(%rbp)
>>>  0xa04d9afe <__rmap_clear_dirty+62>: mov %rdi,-0x20(%rbp)
>>>  0xa04d9b02 <__rmap_clear_dirty+66>: mov (%rdi),%rdi
>>>  0xa04d9b05 <__rmap_clear_dirty+69>: test %rdi,%rdi
>>> ...
>>>
>>> The details of the environment is:
>>> Host info: x86_64 CentOS 7 kernel (3.10.0-327.36.58.10_2.x86_64, slightly
>>> modified). The CPU is Broadwell Intel(R) Xeon(R) CPU E5-2618L v4 @ 2.20GHz.
>>> Kmod info: version is 4.4.36
>>> What I know is that the parameter PML(Page Modification Logging) is enabled 
>>> by
>>> default.
>>>  # cat /sys/module/kvm_intel/parameters/pml
>>>  # Y
>>>
>>> Below is the crash message:
>>> [1548777.924180] kvm: zapping shadow pages for mmio generation wraparound
>>> [1548777.947844] HTB: quantum of class 10001 is big. Consider r2q change.
>>> [1548778.185389] kvm: zapping shadow pages for mmio generation wraparound
>>> [1548778.994801] BUG: unable to handle kernel paging request at 
>>> 7f183000
>>> [1548779.002135] IP: [] __rmap_clear_dirty+0x4a/0xf0 [kvm]
>>> [1548779.009151] PGD 1f8452067 PUD 0
>>> [1548779.012774] Thread overran stack, or stack corrupted
>>> [1548779.018076] Oops:  [#1] SMP
>>> [1548779.027050] collected_len = 1048570, LOG_BUF_LEN_LOCAL = 1048576
>>> [1548779.042039] kbox: no notify die func register. no need to notify
>>> [1548779.048392] do nothing after die!
>>> [1548779.052071] Modules linked in: kboxdriver(O) kbox(O) sch_htb
>>> ip_set_hash_net ip6table_filter ip6_tables iptable_filter igb_uio(OE) uio
>>> bridge dm_service_time dm_multipath iscsi_tcp libiscsi_tcp libiscsi
>>> scsi_transport_iscsi 8021q garp stp mrp llc vfat fat isofs ext4 jbd2 xfs
>>> sha512_generic dev_connlimit(O) bum(O) ip_set nfnetlink prio(O) nat(O)
>>> vport_vxlan(O) openvswitch(O) nf_defrag_ipv6 gre ib_uverbs(OVE) hotpatch(OE)
>>> sigma_serial(O) pmcint(O) guest_kbox_ram(O) signo_catch(O) mlx4_ib(OVE)
>>> mlx4_en(OVE) vxlan ip6_udp_tunnel udp_tunnel ib_sa(OVE) ib_mad(OVE) ptp
>>> ib_core(OVE) ib_addr(OVE) pps_core ib_netlink(OVE) intel_powerclamp coretemp
>>> intel_rapl crc32_pclmul crc32c_intel ipmi_devintf(OVE) ghash_clmulni_intel
>>> mlx4_core(OVE) aesni_intel kvm_intel(O) igb(OVE) lrw gf128mul i2c_algo_bit
>>> glue_helper
>>> [1548779.125577]  iTCO_wdt ablk_helper kvm(O) iTCO_vendor_support sg cryptd
>>> compat(OVE) dca sb_edac i2c_i801 kbox_pci(OVE) i2c_core edac_core pcspkr
>>> lpc_ich shpchp mfd_core ipmi_si(OVE) ipmi_msghandler(OVE) 

[Qemu-devel] [Resend RFC PATCH 3/4] Intel iommu: Add Intel IOMMU fault event callback

[Lan Tianyu]

This patch is to deal with fault event reported from IOMMU driver.

Signed-off-by: Lan Tianyu 
---
 hw/i386/intel_iommu.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 9b1ba1b..79507d2 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2286,6 +2286,30 @@ static void vtd_iommu_notify_flag_changed(MemoryRegion 
*iommu,
 }
 }
 
+static void vtd_iommu_notify_fault_event(MemoryRegion *iommu,
+ IOMMUFaultInfo *info)
+{
+VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
+IntelIOMMUState *s = vtd_as->iommu_state;
+bool is_fpd_set = false;
+uint8_t bus_num = pci_bus_num(vtd_as->bus);
+uint8_t devfn = vtd_as->devfn;
+VTDContextEntry ce;
+
+/* Replace source id with device's vbdf */
+info->sid = vtd_make_source_id(bus_num, devfn);
+
+if (!vtd_dev_to_context_entry(s, bus_num, devfn, )) {
+is_fpd_set = ce.lo & VTD_CONTEXT_ENTRY_FPD;
+if (is_fpd_set) {
+trace_vtd_fault_disabled();
+} else {
+vtd_report_dmar_fault(s, info->sid, info->addr,
+  info->fault_reason, info->is_write);
+}
+}
+}
+
 static const VMStateDescription vtd_vmstate = {
 .name = "iommu-intel",
 .version_id = 1,
@@ -2816,6 +2840,7 @@ static void vtd_init(IntelIOMMUState *s)
 
 s->iommu_ops.translate = vtd_iommu_translate;
 s->iommu_ops.notify_flag_changed = vtd_iommu_notify_flag_changed;
+s->iommu_ops.notify_fault_event = vtd_iommu_notify_fault_event;
 s->iommu_ops.replay = vtd_iommu_replay;
 s->root = 0;
 s->root_extended = false;
-- 
1.8.3.1

[Qemu-devel] [Resend RFC PATCH 0/4] VT-d: Inject fault event from IOMMU hardware

[Lan Tianyu]

Resend patchset due to wrong Qemu devel mail address. Sorry for noise.

This patchset proposes a solution for vIOMMU to get hardware IOMMU
fault event and info. Motivation is to make vIOMMU inject associated
fault event when pIOMMU reports fault event. vIOMMU is in charge of
transforming fault info and inject to guest. The feature is also very
important to support first level translation(Translation request with
PASID) in VM which requires vIOMMU to inject device page request to VM.

VFIO can get notification and read fault info via new VFIO cmds.
Add fault event handler in the memory IOMMU ops and Intel IOMMU 
device model needs to register its fault event callback. VFIO
will call the callback via memory wrapper function when get
fault notification.

This patches is prototype code and just passes build test. IOMMU driver
new interface is still in the design stage. This patches is to confirm
interface between Qemu and VFIO kernel driver is on the right way.

Very appreciate for comments. 

Lan Tianyu (4):
  VFIO: Set eventfd for IOMMU fault event via new vfio cmd
  Memory: Introduce IOMMU fault event callback
  Intel iommu: Add Intel IOMMU fault event callback
  VFIO: Read IOMMU fault info from kernel space when get fault event

 hw/i386/intel_iommu.c | 25 
 hw/vfio/common.c  | 88 +++
 include/exec/memory.h | 19 ++
 include/hw/vfio/vfio-common.h |  3 ++
 linux-headers/linux/vfio.h| 35 +
 memory.c  |  8 
 6 files changed, 178 insertions(+)

-- 
1.8.3.1

[Qemu-devel] [Resend RFC PATCH 4/4] VFIO: Read IOMMU fault info from kernel space when get fault event

[Lan Tianyu]

This patch is to implement fault event handler with new vfio cmd to
get fault info and notify vIOMMU device model.

Signed-off-by: Lan Tianyu 
---
 hw/vfio/common.c   | 51 ++
 linux-headers/linux/vfio.h | 22 
 2 files changed, 73 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 628b424..4f76e26 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -297,6 +297,57 @@ static bool 
vfio_listener_skipped_section(MemoryRegionSection *section)
 
 static void vfio_iommu_fault(void *opaque)
 {
+VFIOContainer *container = opaque;
+struct vfio_iommu_type1_get_fault_info *info;
+struct vfio_iommu_fault_info *fault_info;
+MemoryRegion *mr = container->space->as->root;
+int count = 0, i, ret;
+IOMMUFaultInfo tmp;
+
+if (!event_notifier_test_and_clear(>fault_notifier)) {
+return;
+}
+
+info = g_malloc0(sizeof(*info));
+if (!info) {
+error_report("vfio: Fail to allocate memory");
+return;
+}
+
+info->argsz = sizeof(*info);
+
+ret = ioctl(container->fd, VFIO_IOMMU_GET_FAULT_INFO, info);
+if (ret && ret != -ENOSPC) {
+error_report("vfio: Can't get fault info");
+goto err_exit;
+}
+
+count = info->count;
+if (count <= 0) {
+goto err_exit;
+}
+
+info = g_realloc(info, sizeof(*info) + count * sizeof(*fault_info));
+info->argsz = sizeof(*info) + count * sizeof(*fault_info);
+fault_info = info->fault_info;
+
+ret = ioctl(container->fd, VFIO_IOMMU_GET_FAULT_INFO, info);
+if (ret) {
+error_report("vfio: Can't get fault info");
+goto err_exit;
+}
+
+for (i = 0; i < info->count; i++) {
+tmp.addr = fault_info[i].addr;
+tmp.sid = fault_info[i].sid;
+tmp.fault_reason = fault_info[i].fault_reason;
+tmp.is_write = fault_info[i].is_write;
+
+memory_region_iommu_fault_notify(mr, );
+}
+
+err_exit:
+g_free(info);
 }
 
 static int vfio_set_iommu_fault_notifier(struct VFIOContainer *container)
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index ca890ee..8b172f5 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -550,6 +550,28 @@ struct vfio_iommu_type1_set_fault_eventfd {
 
 #define VFIO_IOMMU_SET_FAULT_EVENTFD   _IO(VFIO_TYPE, VFIO_BASE + 17)
 
+/*
+ * VFIO_IOMMU_GET_FAULT_INFO   _IO(VFIO_TYPE, VFIO_BASE + 18)
+ *
+ * Return IOMMU fault info to userspace.
+ */
+
+struct vfio_iommu_fault_info {
+   __u64   addr;
+   __u16   sid;
+   __u8fault_reason;
+   __u8is_write:1;
+};
+
+struct vfio_iommu_type1_get_fault_info {
+   __u32   argsz;
+   __u32   flags;
+   __u32   count;
+   struct vfio_iommu_fault_info fault_info[];
+};
+
+#define VFIO_IOMMU_GET_FAULT_INFO  _IO(VFIO_TYPE, VFIO_BASE + 18)
+
 /*  Additional API for SPAPR TCE (Server POWERPC) IOMMU  */
 
 /*
-- 
1.8.3.1

[Qemu-devel] [Resend RFC PATCH 1/4] VFIO: Set eventfd for IOMMU fault event via new vfio cmd

[Lan Tianyu]

This patch is to assign an event fd to VFIO IOMMU type1 driver
in order to get notification when IOMMU driver reports fault event.

Signed-off-by: Lan Tianyu 
---
 hw/vfio/common.c  | 37 +
 include/hw/vfio/vfio-common.h |  3 +++
 linux-headers/linux/vfio.h| 13 +
 3 files changed, 53 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 6b33b9f..628b424 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -33,6 +33,7 @@
 #include "qemu/error-report.h"
 #include "qemu/range.h"
 #include "sysemu/kvm.h"
+#include "sysemu/sysemu.h"
 #include "trace.h"
 #include "qapi/error.h"
 
@@ -294,6 +295,34 @@ static bool 
vfio_listener_skipped_section(MemoryRegionSection *section)
section->offset_within_address_space & (1ULL << 63);
 }
 
+static void vfio_iommu_fault(void *opaque)
+{
+}
+
+static int vfio_set_iommu_fault_notifier(struct VFIOContainer *container)
+{
+struct vfio_iommu_type1_set_fault_eventfd eventfd;
+int ret;
+
+ret = event_notifier_init(>fault_notifier, 0);
+if (ret < 0) {
+error_report("vfio: Failed to init notifier for IOMMU fault event");
+return ret;
+}
+
+eventfd.fd = event_notifier_get_fd(>fault_notifier);
+eventfd.argsz = sizeof(eventfd);
+
+ret = ioctl(container->fd, VFIO_IOMMU_SET_FAULT_EVENTFD, );
+if (ret < 0) {
+error_report("vfio: Failed to set notifier for IOMMU fault event");
+return ret;
+}
+
+qemu_set_fd_handler(eventfd.fd, vfio_iommu_fault, NULL, container);
+return 0;
+}
+
 /* Called with rcu_read_lock held.  */
 static bool vfio_get_vaddr(IOMMUTLBEntry *iotlb, void **vaddr,
bool *read_only)
@@ -1103,6 +1132,14 @@ static int vfio_connect_container(VFIOGroup *group, 
AddressSpace *as,
 goto listener_release_exit;
 }
 
+if (memory_region_is_iommu(container->space->as->root)) {
+if (vfio_set_iommu_fault_notifier(container)) {
+error_setg_errno(errp, -ret,
+"Fail to set IOMMU fault notifier");
+goto listener_release_exit;
+}
+}
+
 container->initialized = true;
 
 QLIST_INIT(>group_list);
diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
index c582de1..1b594c6 100644
--- a/include/hw/vfio/vfio-common.h
+++ b/include/hw/vfio/vfio-common.h
@@ -26,6 +26,7 @@
 #include "exec/memory.h"
 #include "qemu/queue.h"
 #include "qemu/notify.h"
+#include "qemu/event_notifier.h"
 #ifdef CONFIG_LINUX
 #include 
 #endif
@@ -81,6 +82,8 @@ typedef struct VFIOContainer {
 unsigned iommu_type;
 int error;
 bool initialized;
+EventNotifier fault_notifier;
+
 /*
  * This assumes the host IOMMU can support only a single
  * contiguous IOVA window.  We may need to generalize that in
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 759b850..ca890ee 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -537,6 +537,19 @@ struct vfio_iommu_type1_dma_unmap {
 #define VFIO_IOMMU_ENABLE  _IO(VFIO_TYPE, VFIO_BASE + 15)
 #define VFIO_IOMMU_DISABLE _IO(VFIO_TYPE, VFIO_BASE + 16)
 
+/*
+ * VFIO_IOMMU_SET_FAULT_EVENT_FD   _IO(VFIO_TYPE, VFIO_BASE + 17)
+ * 
+ * Receive eventfd from userspace to notify fault event from IOMMU.
+ */
+struct vfio_iommu_type1_set_fault_eventfd {
+   __u32   argsz;
+   __u32   flags;
+   __u32   fd;
+};
+
+#define VFIO_IOMMU_SET_FAULT_EVENTFD   _IO(VFIO_TYPE, VFIO_BASE + 17)
+
 /*  Additional API for SPAPR TCE (Server POWERPC) IOMMU  */
 
 /*
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] vl: disable default cdrom when using explicitely scsi-hd

[Markus Armbruster]

Hervé Poussineau  writes:

> Hi,
>
> Le 09/01/2017 à 14:48, Paolo Bonzini a écrit :
>>
>>
>> On 09/01/2017 13:49, Markus Armbruster wrote:
>>> Hervé Poussineau  writes:
>>>
 'ide-hd', 'ide-cd' and 'scsi-cd' devices already disable default cdrom.
 Make it the same for 'scsi-hd'.

 That way, we can add/replace the device on lun=2 without using -nodefaults.
>>>
>>> Yes, but it might upset existing usage that relies on the default
>>> CD-ROM.  In my opinion, making your needs explicit is better than
>>> relying on defaults, but that doesn't mean we can change the defaults
>>> unthinkingly.  Definitely not qemu-trivial.
>>>
>>> Opinions on the change?
>>
>> The original rationale for the change was "ide-hd has to suppress the
>> default CD-ROM, or else you can't put one on secondary master without
>> -nodefaults" but the same applies for scsi-hd vs. lun=1.
>>
>> So I'm not sure, but I lean towards accepting the patch.
>>
>> Paolo
>
> Paolo, Markus, so what is the conclusion?
> Accepting the patch, or refusing it?

Suggest to repost with the commit message updated to mention the
backwards incompatibility, and why you think it's okay.
cc: John Snow , cc: qemu-bl...@nongnu.org

Re: [Qemu-devel] [PATCH v4 1/3] i386/cpu: add crash-information QOM property

[Markus Armbruster]

Eric Blake  writes:

> On 02/14/2017 12:25 AM, Denis V. Lunev wrote:
>> From: Anton Nefedov 
>> 
>> Windows reports BSOD parameters through Hyper-V crash MSRs. This
>> information is very useful for initial crash analysis and thus
>> it would be nice to have a way to fetch it.
>> 
>> Signed-off-by: Anton Nefedov 
>> Signed-off-by: Denis V. Lunev 
>> ---
>
>> +++ b/qapi-schema.json
>> @@ -5846,6 +5846,30 @@
>>'data': [ 'pause', 'poweroff' ] }
>>  
>>  ##
>> +# @GuestPanicInformation:
>> +#
>> +# Information about a guest panic
>> +#
>> +# Since: 2.9
>> +##
>> +{'union': 'GuestPanicInformation',
>> + 'data': { 'hyper-v': 'GuestPanicInformationHyperV' } }
>> +
>
> Markus has been trying to eliminate the addition of new "simple unions"
> - while they are syntactically shorter in the .json file, they are
> bulkier over the wire with extra {} nesting, and more verbose in the C
> code, when compared to using a flat union instead.  I won't necessarily
> hold up this patch as-is, but if we are going to avoid new simple
> unions, we have to change this before 2.9 bakes in the {} nesting (we
> can convert a simple union to a flat union without breaking QMP
> back-compat, but it's messier than if we avoid the nesting to begin with).

We should not add new simple unions.  Please have a look at my
"[PATCH 0/2] Flatten simple unions where we still can".

Message-Id: <1486569864-17005-1-git-send-email-arm...@redhat.com>
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01689.html

[Qemu-devel] [PATCH v9 2/2] block/vxhs.c: Add qemu-iotests for new block device type "vxhs"

[Ashish Mittal]

These changes use a vxhs test server that is a part of the following
repository:
https://github.com/VeritasHyperScale/libqnio.git

Signed-off-by: Ashish Mittal 
---
v9 changelog:
(1) Dropped second argument to set_prog_path(). We will pick up the test
server location from the user's PATH env setting.

v8/v7 changelog:
(1) No changes.

v6 changelog:
(1) Added iotests for VxHS block device.

 tests/qemu-iotests/common|  6 ++
 tests/qemu-iotests/common.config | 13 +
 tests/qemu-iotests/common.filter |  1 +
 tests/qemu-iotests/common.rc | 19 +++
 4 files changed, 39 insertions(+)

diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index b6274be..318a81d 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -158,6 +158,7 @@ check options
 -nfstest nfs
 -archipelagotest archipelago
 -luks   test luks
+-vxhs   test vxhs
 -xdiff  graphical mode diff
 -nocacheuse O_DIRECT on backing file
 -misalign   misalign memory allocations
@@ -261,6 +262,11 @@ testlist options
 xpand=false
 ;;
 
+-vxhs)
+IMGPROTO=vxhs
+xpand=false
+;;
+
 -ssh)
 IMGPROTO=ssh
 xpand=false
diff --git a/tests/qemu-iotests/common.config b/tests/qemu-iotests/common.config
index 55527aa..c4b51b3 100644
--- a/tests/qemu-iotests/common.config
+++ b/tests/qemu-iotests/common.config
@@ -105,6 +105,10 @@ if [ -z "$QEMU_NBD_PROG" ]; then
 export QEMU_NBD_PROG="`set_prog_path qemu-nbd`"
 fi
 
+if [ -z "$QEMU_VXHS_PROG" ]; then
+export QEMU_VXHS_PROG="`set_prog_path qnio_server`"
+fi
+
 _qemu_wrapper()
 {
 (
@@ -156,10 +160,19 @@ _qemu_nbd_wrapper()
 )
 }
 
+_qemu_vxhs_wrapper()
+{
+(
+echo $BASHPID > "${TEST_DIR}/qemu-vxhs.pid"
+exec "$QEMU_VXHS_PROG" $QEMU_VXHS_OPTIONS "$@"
+)
+}
+
 export QEMU=_qemu_wrapper
 export QEMU_IMG=_qemu_img_wrapper
 export QEMU_IO=_qemu_io_wrapper
 export QEMU_NBD=_qemu_nbd_wrapper
+export QEMU_VXHS=_qemu_vxhs_wrapper
 
 QEMU_IMG_EXTRA_ARGS=
 if [ "$IMGOPTSSYNTAX" = "true" ]; then
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 4befd86..9766a48 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -123,6 +123,7 @@ _filter_img_info()
 -e "s#$TEST_DIR#TEST_DIR#g" \
 -e "s#$IMGFMT#IMGFMT#g" \
 -e 's#nbd://127.0.0.1:10810$#TEST_DIR/t.IMGFMT#g' \
+-e 's#json.*vdisk-id.*vxhs"}}#TEST_DIR/t.IMGFMT#' \
 -e "/encrypted: yes/d" \
 -e "/cluster_size: [0-9]\\+/d" \
 -e "/table_size: [0-9]\\+/d" \
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index a3d904f..1eb735e 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -89,6 +89,9 @@ else
 TEST_IMG=$TEST_DIR/t.$IMGFMT
 elif [ "$IMGPROTO" = "archipelago" ]; then
 TEST_IMG="archipelago:at.$IMGFMT"
+elif [ "$IMGPROTO" = "vxhs" ]; then
+TEST_IMG_FILE=$TEST_DIR/t.$IMGFMT
+TEST_IMG="vxhs://127.0.0.1:/t.$IMGFMT"
 else
 TEST_IMG=$IMGPROTO:$TEST_DIR/t.$IMGFMT
 fi
@@ -175,6 +178,12 @@ _make_test_img()
 eval "$QEMU_NBD -v -t -b 127.0.0.1 -p 10810 -f $IMGFMT  $TEST_IMG_FILE 
&"
 sleep 1 # FIXME: qemu-nbd needs to be listening before we continue
 fi
+
+# Start QNIO server on image directory for vxhs protocol
+if [ $IMGPROTO = "vxhs" ]; then
+eval "$QEMU_VXHS -d  $TEST_DIR &"
+sleep 1 # Wait for server to come up.
+fi
 }
 
 _rm_test_img()
@@ -201,6 +210,16 @@ _cleanup_test_img()
 fi
 rm -f "$TEST_IMG_FILE"
 ;;
+vxhs)
+if [ -f "${TEST_DIR}/qemu-vxhs.pid" ]; then
+local QEMU_VXHS_PID
+read QEMU_VXHS_PID < "${TEST_DIR}/qemu-vxhs.pid"
+kill ${QEMU_VXHS_PID} >/dev/null 2>&1
+rm -f "${TEST_DIR}/qemu-vxhs.pid"
+fi
+rm -f "$TEST_IMG_FILE"
+;;
+
 file)
 _rm_test_img "$TEST_DIR/t.$IMGFMT"
 _rm_test_img "$TEST_DIR/t.$IMGFMT.orig"
-- 
2.5.5

[Qemu-devel] [PATCH v9 1/2] block/vxhs.c: Add support for a new block device type called "vxhs"

[Ashish Mittal]

Source code for the qnio library that this code loads can be downloaded from:
https://github.com/VeritasHyperScale/libqnio.git

Sample command line using JSON syntax:
./x86_64-softmmu/qemu-system-x86_64 -name instance-0008 -S -vnc 0.0.0.0:0
-k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
-msg timestamp=on
'json:{"driver":"vxhs","vdisk-id":"c3e9095a-a5ee-4dce-afeb-2a59fb387410",
"server":{"host":"172.172.17.4","port":""}}'

Sample command line using URI syntax:
qemu-img convert -f raw -O raw -n
/var/lib/nova/instances/_base/0c5eacd5ebea5ed914b6a3e7b18f1ce734c386ad
vxhs://192.168.0.1:/c6718f6b-0401-441d-a8c3-1f0064d75ee0

Signed-off-by: Ashish Mittal 
---

v9 changelog:
(1) Fixes for all the review comments from v8. I have left the definition
of VXHS_UUID_DEF unchanged pending a better suggestion.
(2) qcow2 tests now pass on the vxhs test server.
(3) Packaging changes for libvxhs will be checked in to the git repo soon.
(4) I have not moved extern QemuUUID qemu_uuid to a separate header file.

v8 changelog:
(1) Security implementation for libqnio present in branch 'securify'.
Please use 'securify' branch for building libqnio and testing
with this patch.
(2) Renamed libqnio to libvxhs.
(3) Pass instance ID to libvxhs for SSL authentication.

v7 changelog:
(1) IO failover code has moved out to the libqnio library.
(2) Fixes for issues reported by Stefan on v6.
(3) Incorporated the QEMUBH patch provided by Stefan.
This is a replacement for the pipe mechanism used earlier.
(4) Fixes to the buffer overflows reported in libqnio.
(5) Input validations in vxhs.c to prevent any buffer overflows for 
arguments passed to libqnio.

v6 changelog:
(1) Added qemu-iotests for VxHS as a new patch in the series.
(2) Replaced release version from 2.8 to 2.9 in block-core.json.

v5 changelog:
(1) Incorporated v4 review comments.

v4 changelog:
(1) Incorporated v3 review comments on QAPI changes.
(2) Added refcounting for device open/close.
Free library resources on last device close.

v3 changelog:
(1) Added QAPI schema for the VxHS driver.

v2 changelog:
(1) Changes done in response to v1 comments.

 block/Makefile.objs  |   2 +
 block/trace-events   |  16 ++
 block/vxhs.c | 527 +++
 configure|  40 
 qapi/block-core.json |  20 +-
 5 files changed, 603 insertions(+), 2 deletions(-)
 create mode 100644 block/vxhs.c

diff --git a/block/Makefile.objs b/block/Makefile.objs
index c6bd14e..75675b4 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -19,6 +19,7 @@ block-obj-$(CONFIG_LIBNFS) += nfs.o
 block-obj-$(CONFIG_CURL) += curl.o
 block-obj-$(CONFIG_RBD) += rbd.o
 block-obj-$(CONFIG_GLUSTERFS) += gluster.o
+block-obj-$(CONFIG_VXHS) += vxhs.o
 block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
 block-obj-$(CONFIG_LIBSSH2) += ssh.o
 block-obj-y += accounting.o dirty-bitmap.o
@@ -39,6 +40,7 @@ rbd.o-cflags   := $(RBD_CFLAGS)
 rbd.o-libs := $(RBD_LIBS)
 gluster.o-cflags   := $(GLUSTERFS_CFLAGS)
 gluster.o-libs := $(GLUSTERFS_LIBS)
+vxhs.o-libs:= $(VXHS_LIBS)
 ssh.o-cflags   := $(LIBSSH2_CFLAGS)
 ssh.o-libs := $(LIBSSH2_LIBS)
 archipelago.o-libs := $(ARCHIPELAGO_LIBS)
diff --git a/block/trace-events b/block/trace-events
index 0bc5c0a..f193079 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -110,3 +110,19 @@ qed_aio_write_data(void *s, void *acb, int ret, uint64_t 
offset, size_t len) "s
 qed_aio_write_prefill(void *s, void *acb, uint64_t start, size_t len, uint64_t 
offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_postfill(void *s, void *acb, uint64_t start, size_t len, 
uint64_t offset) "s %p acb %p start %"PRIu64" len %zu offset %"PRIu64
 qed_aio_write_main(void *s, void *acb, int ret, uint64_t offset, size_t len) 
"s %p acb %p ret %d offset %"PRIu64" len %zu"
+
+# block/vxhs.c
+vxhs_iio_callback(int error) "ctx is NULL: error %d"
+vxhs_iio_callback_chnfail(int err, int error) "QNIO channel failed, no i/o %d, 
%d"
+vxhs_iio_callback_unknwn(int opcode, int err) "unexpected opcode %d, errno %d"
+vxhs_aio_rw_invalid(int req) "Invalid I/O request iodir %d"
+vxhs_aio_rw_ioerr(char *guid, int iodir, uint64_t size, uint64_t off, void 
*acb, int ret, int err) "IO ERROR (vDisk %s) FOR : Read/Write = %d size = %lu 
offset = %lu ACB = %p. Error = %d, errno = %d"
+vxhs_get_vdisk_stat_err(char *guid, int ret, int err) "vDisk (%s) stat ioctl 
failed, ret = %d, errno = %d"
+vxhs_get_vdisk_stat(char *vdisk_guid, uint64_t vdisk_size) "vDisk %s stat 
ioctl returned size %lu"
+vxhs_complete_aio(void *acb, uint64_t ret) "aio failed acb %p ret %ld"
+vxhs_parse_uri_filename(const char *filename) "URI passed via 
bdrv_parse_filename %s"
+vxhs_open_vdiskid(const char *vdisk_id) "Opening vdisk-id %s"
+vxhs_open_hostinfo(char *of_vsa_addr, int port) "Adding host %s:%d to 
BDRVVXHSState"
+vxhs_open_iio_open(const 

[Qemu-devel] [PATCH] risu-m68k: update fpregs

[Laurent Vivier]

f_fpregs is a 2d array, not 1d:

 typedef struct fpregset
 {
   int f_pcr;
   int f_psr;
   int f_fpiaddr;
 #ifdef __mcoldfire__
   int f_fpregs[8][2];
 #else
   int f_fpregs[8][3];
 #endif
 } fpregset_t;

For the moment, we don't manage ColdFire case, only 680x0.

Signed-off-by: Laurent Vivier 
---
 risu_reginfo_m68k.c | 29 ++---
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/risu_reginfo_m68k.c b/risu_reginfo_m68k.c
index c9d21cc..d0d47d9 100644
--- a/risu_reginfo_m68k.c
+++ b/risu_reginfo_m68k.c
@@ -31,9 +31,9 @@ void reginfo_init(struct reginfo *ri, ucontext_t *uc)
 ri->fpregs.f_psr = uc->uc_mcontext.fpregs.f_psr;
 ri->fpregs.f_fpiaddr = uc->uc_mcontext.fpregs.f_fpiaddr;
 for (i = 0; i < 8; i++) {
-memcpy(>fpregs.f_fpregs[i * 3],
-   >uc_mcontext.fpregs.f_fpregs[i * 3],
-   3 * sizeof(int));
+memcpy(ri->fpregs.f_fpregs[i],
+   uc->uc_mcontext.fpregs.f_fpregs[i],
+   sizeof(ri->fpregs.f_fpregs[0]));
 }
 }
 
@@ -64,9 +64,9 @@ int reginfo_is_eq(struct reginfo *m, struct reginfo *a, 
ucontext_t *uc)
 }
 
 for (i = 0; i < 8; i++) {
-if (m->fpregs.f_fpregs[i * 3] != a->fpregs.f_fpregs[i * 3] ||
-m->fpregs.f_fpregs[i * 3 + 1] != a->fpregs.f_fpregs[i * 3 + 1] ||
-m->fpregs.f_fpregs[i * 3 + 2] != a->fpregs.f_fpregs[i * 3 + 2]) {
+if (m->fpregs.f_fpregs[i][0] != a->fpregs.f_fpregs[i][0] ||
+m->fpregs.f_fpregs[i][1] != a->fpregs.f_fpregs[i][1] ||
+m->fpregs.f_fpregs[i][2] != a->fpregs.f_fpregs[i][2]) {
 return 0;
 }
 }
@@ -93,8 +93,8 @@ void reginfo_dump(struct reginfo *ri, int is_master)
 
 for (i = 0; i < 8; i++) {
 fprintf(stderr, "\tFP%d: %08x %08x %08x\n", i,
-ri->fpregs.f_fpregs[i * 3], ri->fpregs.f_fpregs[i * 3 + 1],
-ri->fpregs.f_fpregs[i * 3 + 2]);
+ri->fpregs.f_fpregs[i][0], ri->fpregs.f_fpregs[i][1],
+ri->fpregs.f_fpregs[i][2]);
 }
 
 fprintf(stderr, "\n");
@@ -134,15 +134,14 @@ int reginfo_dump_mismatch(struct reginfo *m, struct 
reginfo *a, FILE *f)
 }
 
 for (i = 0; i < 8; i++) {
-if (m->fpregs.f_fpregs[i * 3] != a->fpregs.f_fpregs[i * 3] ||
-m->fpregs.f_fpregs[i * 3 + 1] != a->fpregs.f_fpregs[i * 3 + 1] ||
-m->fpregs.f_fpregs[i * 3 + 2] != a->fpregs.f_fpregs[i * 3 + 2]) {
+if (m->fpregs.f_fpregs[i][0] != a->fpregs.f_fpregs[i][0] ||
+m->fpregs.f_fpregs[i][1] != a->fpregs.f_fpregs[i][1] ||
+m->fpregs.f_fpregs[i][2] != a->fpregs.f_fpregs[i][2]) {
 fprintf(f, "Mismatch: Register FP%d\n", i);
 fprintf(f, "m: [%08x %08x %08x] != a: [%08x %08x %08x]\n",
-m->fpregs.f_fpregs[i * 3], m->fpregs.f_fpregs[i * 3 + 1],
-m->fpregs.f_fpregs[i * 3 + 2], a->fpregs.f_fpregs[i * 3],
-a->fpregs.f_fpregs[i * 3 + 1],
-a->fpregs.f_fpregs[i * 3 + 2]);
+m->fpregs.f_fpregs[i][0], m->fpregs.f_fpregs[i][1],
+m->fpregs.f_fpregs[i][2], a->fpregs.f_fpregs[i][0],
+a->fpregs.f_fpregs[i][1], a->fpregs.f_fpregs[i][2]);
 }
 }
 
-- 
2.9.3

[Qemu-devel] [PATCH v3] ARM i.MX timers: fix software reset

[Kurban Mallachiev]

Hello!

Problem: function imx_gpt_reset is used for soft (requested by guest) 
and hard resets. But soft and hard resets should have different 
behaviour (hard reset should clear all registers, while soft reset 
should preserve some bits).


Patch changelog:
v1 -> v2: use different approach, patch completely rewritten
v2 -> v3: in software reset add preserving of CLKSRC bit as manual says

---
Software reset function clears CR bits that should not be cleared and
preserve bits that should be cleared.

Signed-off-by: Kurban Mallachiev 
---
 hw/timer/imx_gpt.c | 27 +--
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 010ccbf207..3ea18ff5de 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -296,18 +296,21 @@ static uint64_t imx_gpt_read(void *opaque, hwaddr 
offset, unsigned size)

 return reg_value;
 }

-static void imx_gpt_reset(DeviceState *dev)
+static void imx_gpt_reset_common(IMXGPTState *s, int is_soft_reset)
 {
-IMXGPTState *s = IMX_GPT(dev);
-
 /* stop timer */
 ptimer_stop(s->timer);

 /*
  * Soft reset doesn't touch some bits; hard reset clears them
  */
-s->cr &= ~(GPT_CR_EN|GPT_CR_ENMOD|GPT_CR_STOPEN|GPT_CR_DOZEN|
-   GPT_CR_WAITEN|GPT_CR_DBGEN);
+if (is_soft_reset) {
+s->cr &= GPT_CR_EN|GPT_CR_ENMOD|GPT_CR_STOPEN|GPT_CR_DOZEN|
+   GPT_CR_WAITEN|GPT_CR_DBGEN|
+   GPT_CR_CLKSRC_MASK<cr = 0;
+}
 s->sr = 0;
 s->pr = 0;
 s->ir = 0;
@@ -333,6 +336,18 @@ static void imx_gpt_reset(DeviceState *dev)
 }
 }

+static void imx_gpt_soft_reset(DeviceState *dev)
+{
+IMXGPTState *s = IMX_GPT(dev);
+imx_gpt_reset_common(s, 1);
+}
+
+static void imx_gpt_reset(DeviceState *dev)
+{
+IMXGPTState *s = IMX_GPT(dev);
+imx_gpt_reset_common(s, 0);
+}
+
 static void imx_gpt_write(void *opaque, hwaddr offset, uint64_t value,
   unsigned size)
 {
@@ -348,7 +363,7 @@ static void imx_gpt_write(void *opaque, hwaddr 
offset, uint64_t value,

 s->cr = value & ~0x7c14;
 if (s->cr & GPT_CR_SWR) { /* force reset */
 /* handle the reset */
-imx_gpt_reset(DEVICE(s));
+imx_gpt_soft_reset(DEVICE(s));
 } else {
 /* set our freq, as the source might have changed */
 imx_gpt_set_freq(s);
--
2.11.1

Re: [Qemu-devel] [RFC] virtio-pci: Allow PCIe virtio devices on root bus

[Andrea Bolognani]

On Thu, 2017-02-16 at 21:14 +0200, Marcel Apfelbaum wrote:
>  > Wait, actually.. we have two possible directions to go, both of which
>  > have been mentioned in the thread, but I don't think we've settled on
>  > one:
>  >
>  > 1) Have pseries create a PCIe bus (as my first cut draft does).
>  >
>  > That should allow pure PCIe devices to appear either under a port or
>  > (more usually for PAPR) as "integrated endpoints".  In addition we'd
>  > need as suggested above a "pcie_hybrid_type()" function that would
>  > tell hybrid devices to also appear as PCIe rather than PCI.
>  >
>  > 2) Have pseries create a vanilla PCI bus (or a special PAPR PCI
>  >variant)
>  >
>  > Appearing as vanilla PCI would in a number of ways more closely match
>  > the way PCI buses are handled on PAPR.  However, we still need to
>  > connect PCIe devices to it.  So we'd need some 'bus_accepts_pcie()'
>  > hook and use that (in place of pci_bus_is_express()) to determine both
>  > whether we can attach pure PCIe devices and that hybrid devices should
>  > appear as PCIe rather than plain PCI.
>  >
>  >
>  > Based on the immediately preceding discussion, I was leaning towards
>  > (2).  Is that your feeling as well?
> 
> I also like option (2).

After catching up with the thread, I tend to agree.

I've also been thinking about what libvirt would need to
do to adapt to the changes proposed here, and I believe the
answer to be: not much, really.

The current code already places VirtIO devices on the root
bus, even though it does so because it assumes pSeries
guests are not PCIe capable; same for XHCI, and pretty much
all other devices including those assigned through VFIO.

Basically, as far as I can tell, the changes proposed here
would only affect the guest (eg. ability to access the
extended config space), not how the devices would have to
be placed on the various buses. Or did I miss something?

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [Qemu-devel] [PATCH 3/9] armv7m: Rewrite NVIC to not use any GIC code

[Michael Davidsaver]

On 02/18/2017 01:38 PM, Peter Maydell wrote:
> On 18 February 2017 at 17:45, Michael Davidsaver  
> wrote:
>> On 02/16/2017 09:11 AM, Peter Maydell wrote:
>>> I haven't actually checked real hardware behaviour, but I think
>>> we can fairly safely implement this as not checking the IPSR
>>> exception field. (We might as well go with the "reads 1 in
>>> handler mode" choice of UNKNOWN that the M3 documents, though.)
>>
>> For what it's worth, I dug up my TI TM4C1294 eval board and re-ran
>> test10.c [1] which is designed to probe this behavior by nesting
>> exceptions PendSV within SVC.  RETTOBASE is 0x800 in ICSR.
> 
> That's a Cortex-M4. From the test it looks like it
> has a different choice of UNKNOWN behaviour for
> the value in Handler mode, so real code in the field
> isn't going to be relying on that and it doesn't
> matter what we choose.

I've been away from arm/m for too long to claim any detailed knowledge
of the documentation.  My intent here is only to provide a data point w/
real hardware, not to interpret it.

> I don't think the test looks at the "what happens if the
> exception in the IPSR exception field isn't actually
> active" case, right?

Correct.

[Qemu-devel] [PATCH 06/10] sm501: Fix device endianness

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c  |  6 +++---
 hw/display/sm501_template.h | 31 ++-
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 9091bb5..3d32a3c 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -846,7 +846,7 @@ static const MemoryRegionOps sm501_system_config_ops = {
 .min_access_size = 4,
 .max_access_size = 4,
 },
-.endianness = DEVICE_NATIVE_ENDIAN,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static uint32_t sm501_palette_read(void *opaque, hwaddr addr)
@@ -1082,7 +1082,7 @@ static const MemoryRegionOps sm501_disp_ctrl_ops = {
 .min_access_size = 4,
 .max_access_size = 4,
 },
-.endianness = DEVICE_NATIVE_ENDIAN,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static uint64_t sm501_2d_engine_read(void *opaque, hwaddr addr,
@@ -1170,7 +1170,7 @@ static const MemoryRegionOps sm501_2d_engine_ops = {
 .min_access_size = 4,
 .max_access_size = 4,
 },
-.endianness = DEVICE_NATIVE_ENDIAN,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 /* draw line functions for all console modes */
diff --git a/hw/display/sm501_template.h b/hw/display/sm501_template.h
index 832ee61..5b516d6 100644
--- a/hw/display/sm501_template.h
+++ b/hw/display/sm501_template.h
@@ -64,10 +64,16 @@ static void glue(draw_line16_, PIXEL_NAME)(
 uint8_t r, g, b;
 
 do {
-rgb565 = lduw_p(s);
-r = ((rgb565 >> 11) & 0x1f) << 3;
-g = ((rgb565 >>  5) & 0x3f) << 2;
-b = ((rgb565 >>  0) & 0x1f) << 3;
+rgb565 = lduw_le_p(s);
+#if defined(TARGET_WORDS_BIGENDIAN)
+r = (rgb565 >> 8) & 0xf8;
+g = (rgb565 >> 3) & 0xfc;
+b = (rgb565 << 3) & 0xf8;
+#else
+b = (rgb565 >> 8) & 0xf8;
+g = (rgb565 >> 3) & 0xfc;
+r = (rgb565 << 3) & 0xf8;
+#endif
 *(PIXEL_TYPE *)d = glue(rgb_to_pixel, PIXEL_NAME)(r, g, b);
 s += 2;
 d += BPP;
@@ -80,15 +86,14 @@ static void glue(draw_line32_, PIXEL_NAME)(
 uint8_t r, g, b;
 
 do {
-ldub_p(s);
 #if defined(TARGET_WORDS_BIGENDIAN)
+r = s[0];
+g = s[1];
+b = s[2];
+#else
 r = s[1];
 g = s[2];
 b = s[3];
-#else
-b = s[0];
-g = s[1];
-r = s[2];
 #endif
 *(PIXEL_TYPE *)d = glue(rgb_to_pixel, PIXEL_NAME)(r, g, b);
 s += 4;
@@ -103,7 +108,7 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State *s, 
int crt,
  uint8_t *palette, int c_y, uint8_t *d, int width)
 {
 int x, i;
-uint8_t *pixval, bitset = 0;
+uint8_t *pixval, r, g, b, bitset = 0;
 
 /* get hardware cursor pattern */
 uint32_t cursor_addr = get_hwc_address(s, crt);
@@ -129,9 +134,9 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State *s, 
int crt,
 /* write pixel */
 if (v) {
 v--;
-uint8_t r = palette[v * 3 + 0];
-uint8_t g = palette[v * 3 + 1];
-uint8_t b = palette[v * 3 + 2];
+r = palette[v * 3 + 0];
+g = palette[v * 3 + 1];
+b = palette[v * 3 + 2];
 *(PIXEL_TYPE *)d = glue(rgb_to_pixel, PIXEL_NAME)(r, g, b);
 }
 d += BPP;
-- 
2.7.4

[Qemu-devel] [PATCH 05/10] sm501: Add missing arbitration control register

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index e966896..9091bb5 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -474,6 +474,7 @@ typedef struct SM501State {
 uint32_t gpio_31_0_control;
 uint32_t gpio_63_32_control;
 uint32_t dram_control;
+uint32_t arbitration_control;
 uint32_t irq_mask;
 uint32_t misc_timing;
 uint32_t power_mode_control;
@@ -757,6 +758,9 @@ static uint64_t sm501_system_config_read(void *opaque, 
hwaddr addr,
 case SM501_DRAM_CONTROL:
 ret = (s->dram_control & 0x07F107C0) | s->local_mem_size_index << 13;
 break;
+case SM501_ARBTRTN_CONTROL:
+ret = s->arbitration_control;
+break;
 case SM501_IRQ_MASK:
 ret = s->irq_mask;
 break;
@@ -809,6 +813,9 @@ static void sm501_system_config_write(void *opaque, hwaddr 
addr,
 /* TODO : check validity of size change */
 s->dram_control |=  value & 0x7FC3;
 break;
+case SM501_ARBTRTN_CONTROL:
+s->arbitration_control =  value & 0x3777;
+break;
 case SM501_IRQ_MASK:
 s->irq_mask = value;
 break;
-- 
2.7.4

[Qemu-devel] [PATCH 01/10] sm501: Fixed code style and a few typos in comments

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c  | 1132 ++-
 hw/display/sm501_template.h |   52 +-
 2 files changed, 594 insertions(+), 590 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 040a0b9..4f40dee 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -38,7 +38,7 @@
 /*
  * Status: 2010/05/07
  *   - Minimum implementation for Linux console : mmio regs and CRT layer.
- *   - 2D grapihcs acceleration partially supported : only fill rectangle.
+ *   - 2D graphics acceleration partially supported : only fill rectangle.
  *
  * TODO:
  *   - Panel support
@@ -49,13 +49,13 @@
  *   - Performance tuning
  */
 
-//#define DEBUG_SM501
-//#define DEBUG_BITBLT
+/*#define DEBUG_SM501*/
+/*#define DEBUG_BITBLT*/
 
 #ifdef DEBUG_SM501
 #define SM501_DPRINTF(fmt, ...) printf(fmt, ## __VA_ARGS__)
 #else
-#define SM501_DPRINTF(fmt, ...) do {} while(0)
+#define SM501_DPRINTF(fmt, ...) do {} while (0)
 #endif
 
 
@@ -65,379 +65,379 @@
 
 /* System Configuration area */
 /* System config base */
-#define SM501_SYS_CONFIG   (0x00)
+#define SM501_SYS_CONFIG(0x00)
 
 /* config 1 */
-#define SM501_SYSTEM_CONTROL   (0x00)
+#define SM501_SYSTEM_CONTROL(0x00)
 
-#define SM501_SYSCTRL_PANEL_TRISTATE   (1<<0)
-#define SM501_SYSCTRL_MEM_TRISTATE (1<<1)
-#define SM501_SYSCTRL_CRT_TRISTATE (1<<2)
+#define SM501_SYSCTRL_PANEL_TRISTATE(1 << 0)
+#define SM501_SYSCTRL_MEM_TRISTATE  (1 << 1)
+#define SM501_SYSCTRL_CRT_TRISTATE  (1 << 2)
 
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_MASK (3<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_1(0<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_2(1<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_4(2<<4)
-#define SM501_SYSCTRL_PCI_SLAVE_BURST_8(3<<4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_MASK (3 << 4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_1 (0 << 4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_2 (1 << 4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_4 (2 << 4)
+#define SM501_SYSCTRL_PCI_SLAVE_BURST_8 (3 << 4)
 
-#define SM501_SYSCTRL_PCI_CLOCK_RUN_EN (1<<6)
-#define SM501_SYSCTRL_PCI_RETRY_DISABLE(1<<7)
-#define SM501_SYSCTRL_PCI_SUBSYS_LOCK  (1<<11)
-#define SM501_SYSCTRL_PCI_BURST_READ_EN(1<<15)
+#define SM501_SYSCTRL_PCI_CLOCK_RUN_EN  (1 << 6)
+#define SM501_SYSCTRL_PCI_RETRY_DISABLE (1 << 7)
+#define SM501_SYSCTRL_PCI_SUBSYS_LOCK   (1 << 11)
+#define SM501_SYSCTRL_PCI_BURST_READ_EN (1 << 15)
 
 /* miscellaneous control */
 
-#define SM501_MISC_CONTROL (0x04)
+#define SM501_MISC_CONTROL  (0x04)
 
-#define SM501_MISC_BUS_SH  (0x0)
-#define SM501_MISC_BUS_PCI (0x1)
-#define SM501_MISC_BUS_XSCALE  (0x2)
-#define SM501_MISC_BUS_NEC (0x6)
-#define SM501_MISC_BUS_MASK(0x7)
+#define SM501_MISC_BUS_SH   (0x0)
+#define SM501_MISC_BUS_PCI  (0x1)
+#define SM501_MISC_BUS_XSCALE   (0x2)
+#define SM501_MISC_BUS_NEC  (0x6)
+#define SM501_MISC_BUS_MASK (0x7)
 
-#define SM501_MISC_VR_62MB (1<<3)
-#define SM501_MISC_CDR_RESET   (1<<7)
-#define SM501_MISC_USB_LB  (1<<8)
-#define SM501_MISC_USB_SLAVE   (1<<9)
-#define SM501_MISC_BL_1(1<<10)
-#define SM501_MISC_MC  (1<<11)
-#define SM501_MISC_DAC_POWER   (1<<12)
-#define SM501_MISC_IRQ_INVERT  (1<<16)
-#define SM501_MISC_SH  (1<<17)
+#define SM501_MISC_VR_62MB  (1 << 3)
+#define SM501_MISC_CDR_RESET(1 << 7)
+#define SM501_MISC_USB_LB   (1 << 8)
+#define SM501_MISC_USB_SLAVE(1 << 9)
+#define SM501_MISC_BL_1 (1 << 10)
+#define SM501_MISC_MC   (1 << 11)
+#define SM501_MISC_DAC_POWER(1 << 12)
+#define SM501_MISC_IRQ_INVERT   (1 << 16)
+#define SM501_MISC_SH   (1 << 17)
 
-#define SM501_MISC_HOLD_EMPTY  (0<<18)
-#define SM501_MISC_HOLD_8  (1<<18)
-#define SM501_MISC_HOLD_16 (2<<18)
-#define SM501_MISC_HOLD_24 (3<<18)
-#define SM501_MISC_HOLD_32 (4<<18)
-#define SM501_MISC_HOLD_MASK   (7<<18)
+#define SM501_MISC_HOLD_EMPTY   (0 << 18)
+#define SM501_MISC_HOLD_8   (1 << 18)
+#define SM501_MISC_HOLD_16  (2 << 18)
+#define SM501_MISC_HOLD_24  (3 << 18)
+#define SM501_MISC_HOLD_32  (4 << 18)
+#define SM501_MISC_HOLD_MASK(7 << 18)
 
-#define SM501_MISC_FREQ_12 (1<<24)
-#define SM501_MISC_PNL_24BIT   (1<<25)
-#define SM501_MISC_8051_LE (1<<26)
+#define SM501_MISC_FREQ_12  (1 << 24)
+#define SM501_MISC_PNL_24BIT(1 << 25)
+#define SM501_MISC_8051_LE  (1 << 26)
 
 
 
-#define SM501_GPIO31_0_CONTROL 

[Qemu-devel] [PATCH 00/10] Improvements for sm501 display controller emulation

[BALATON Zoltan]

This series improves the sm501 display controller emulation fixing
endianness problems that caused mixed up colors in LE hosts, fix hardware
cursor and adding panel layer support and some missing registers. The
first few patches update the code style and QOMify the device before
changes are made to it in subsequent patches.

Including qemu-trivial list as well, both because some of the patches
are trivial and also I'm not sure how actively maintained this part is
so that also may need attention from the trivial list to get this merged.

The changes were tested with sh4 image at
https://people.debian.org/~aurel32/qemu/sh4/
which accepts video= kernel parameter to excercise different screen modes.

BALATON Zoltan (10):
  sm501: Fixed code style and a few typos in comments
  sm501: Use defines instead of constants where available
  sm501: QOMify
  sm501: Add emulation of chip connected via PCI
  sm501: Add missing arbitration control register
  sm501: Fix device endianness
  sm501: Fix hardware cursor
  sm501: Add support for panel layer
  sm501: Add some more missing registers
  ppc: Add SM501 device in config for ppc and ppcemb targets

 default-configs/ppc-softmmu.mak|1 +
 default-configs/ppcemb-softmmu.mak |1 +
 hw/display/sm501.c | 1546 
 hw/display/sm501_template.h|   92 +--
 hw/sh4/r2d.c   |   11 +-
 include/hw/devices.h   |5 -
 6 files changed, 920 insertions(+), 736 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH 04/10] sm501: Add emulation of chip connected via PCI

[BALATON Zoltan]

Only the display controller part is created automatically on PCI

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c  | 58 +
 hw/display/sm501_template.h |  8 +++
 2 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index b592022..e966896 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -31,6 +31,7 @@
 #include "ui/console.h"
 #include "hw/devices.h"
 #include "hw/sysbus.h"
+#include "hw/pci/pci.h"
 #include "qemu/range.h"
 #include "ui/pixel_ops.h"
 #include "exec/address-spaces.h"
@@ -460,7 +461,6 @@ typedef struct SM501State {
 QemuConsole *con;
 
 /* status & internal resources */
-hwaddr base;
 uint32_t local_mem_size_index;
 uint8_t *local_mem;
 MemoryRegion local_mem_region;
@@ -1397,12 +1397,11 @@ static const GraphicHwOps sm501_ops = {
 .gfx_update  = sm501_update_display,
 };
 
-static void sm501_init(SM501State *s, DeviceState *dev, uint32_t base,
+static void sm501_init(SM501State *s, DeviceState *dev,
uint32_t local_mem_bytes)
 {
 MemoryRegion *mr;
 
-s->base = base;
 s->local_mem_size_index = get_local_mem_size_index(local_mem_bytes);
 SM501_DPRINTF("sm501 local mem size=%x. index=%d\n", get_local_mem_size(s),
   s->local_mem_size_index);
@@ -1457,7 +1456,7 @@ static void sm501_realize_sysbus(DeviceState *dev, Error 
**errp)
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 DeviceState *usb_dev;
 
-sm501_init(>state, dev, s->base, s->vram_size);
+sm501_init(>state, dev, s->vram_size);
 sysbus_init_mmio(sbd, >state.local_mem_region);
 sysbus_init_mmio(sbd, >state.mmio_region);
 
@@ -1505,9 +1504,60 @@ static const TypeInfo sm501_sysbus_info = {
 .class_init= sm501_sysbus_class_init,
 };
 
+#define TYPE_PCI_SM501 "sm501"
+#define PCI_SM501(obj) OBJECT_CHECK(SM501PCIState, (obj), TYPE_PCI_SM501)
+
+typedef struct {
+/*< private >*/
+PCIDevice parent_obj;
+/*< public >*/
+SM501State state;
+uint32_t vram_size;
+} SM501PCIState;
+
+static void sm501_realize_pci(PCIDevice *dev, Error **errp)
+{
+SM501PCIState *s = PCI_SM501(dev);
+
+sm501_init(>state, DEVICE(dev), s->vram_size);
+pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ >state.local_mem_region);
+pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
+ >state.mmio_region);
+}
+
+static Property sm501_pci_properties[] = {
+DEFINE_PROP_UINT32("vram-size", SM501PCIState, vram_size,
+   64 * 1024 * 1024),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sm501_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+k->realize = sm501_realize_pci;
+k->vendor_id = 0x126f;
+k->device_id = 0x0501;
+k->class_id = PCI_CLASS_DISPLAY_OTHER;
+set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+dc->desc = "SM501 Display Controller";
+dc->props = sm501_pci_properties;
+dc->hotpluggable = false;
+}
+
+static const TypeInfo sm501_pci_info = {
+.name  = TYPE_PCI_SM501,
+.parent= TYPE_PCI_DEVICE,
+.instance_size = sizeof(SM501PCIState),
+.class_init= sm501_pci_class_init,
+};
+
 static void sm501_register_types(void)
 {
 type_register_static(_sysbus_info);
+type_register_static(_pci_info);
 }
 
 type_init(sm501_register_types)
diff --git a/hw/display/sm501_template.h b/hw/display/sm501_template.h
index 16e500b..832ee61 100644
--- a/hw/display/sm501_template.h
+++ b/hw/display/sm501_template.h
@@ -103,13 +103,13 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State 
*s, int crt,
  uint8_t *palette, int c_y, uint8_t *d, int width)
 {
 int x, i;
-uint8_t bitset = 0;
+uint8_t *pixval, bitset = 0;
 
 /* get hardware cursor pattern */
 uint32_t cursor_addr = get_hwc_address(s, crt);
 assert(0 <= c_y && c_y < SM501_HWC_HEIGHT);
 cursor_addr += SM501_HWC_WIDTH * c_y / 4;  /* 4 pixels per byte */
-cursor_addr += s->base;
+pixval = s->local_mem + cursor_addr;
 
 /* get cursor position */
 x = get_hwc_x(s, crt);
@@ -120,8 +120,8 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State *s, 
int crt,
 
 /* get pixel value */
 if (i % 4 == 0) {
-bitset = ldub_phys(_space_memory, cursor_addr);
-cursor_addr++;
+bitset = ldub_p(pixval);
+pixval++;
 }
 v = bitset & 3;
 bitset >>= 2;
-- 
2.7.4

[Qemu-devel] [PATCH 08/10] sm501: Add support for panel layer

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c | 73 +++---
 1 file changed, 37 insertions(+), 36 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 1bd0303..2e1c4b7 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -2,6 +2,7 @@
  * QEMU SM501 Device
  *
  * Copyright (c) 2008 Shin-ichiro KAWASAKI
+ * Copyright (c) 2016 BALATON Zoltan
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to 
deal
@@ -41,8 +42,11 @@
  *   - Minimum implementation for Linux console : mmio regs and CRT layer.
  *   - 2D graphics acceleration partially supported : only fill rectangle.
  *
- * TODO:
+ * Status: 2016/12/04
+ *   - Misc fixes: endianness, hardware cursor
  *   - Panel support
+ *
+ * TODO:
  *   - Touch panel support
  *   - USB support
  *   - UART support
@@ -1297,53 +1301,62 @@ static inline int get_depth_index(DisplaySurface 
*surface)
 }
 }
 
-static void sm501_draw_crt(SM501State *s)
+static void sm501_update_display(void *opaque)
 {
+SM501State *s = (SM501State *)opaque;
 DisplaySurface *surface = qemu_console_surface(s->con);
 int y, c_x, c_y;
-uint8_t *hwc_src, *src = s->local_mem;
-int width = get_width(s, 1);
-int height = get_height(s, 1);
-int src_bpp = get_bpp(s, 1);
+int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0;
+int width = get_width(s, crt);
+int height = get_height(s, crt);
+int src_bpp = get_bpp(s, crt);
 int dst_bpp = surface_bytes_per_pixel(surface);
-uint32_t *palette = (uint32_t *)>dc_palette[SM501_DC_CRT_PALETTE -
-   SM501_DC_PANEL_PALETTE];
-uint8_t hwc_palette[3 * 3];
-int ds_depth_index = get_depth_index(surface);
+int dst_depth_index = get_depth_index(surface);
 draw_line_func *draw_line = NULL;
 draw_hwc_line_func *draw_hwc_line = NULL;
 int full_update = 0;
 int y_start = -1;
 ram_addr_t page_min = ~0l;
 ram_addr_t page_max = 0l;
-ram_addr_t offset = 0;
+ram_addr_t offset;
+uint32_t *palette;
+uint8_t hwc_palette[3 * 3];
+uint8_t *hwc_src;
+
+if (!((crt ? s->dc_crt_control : s->dc_panel_control)
+  & SM501_DC_CRT_CONTROL_ENABLE)) {
+return;
+}
+
+palette = (uint32_t *)(crt ? >dc_palette[SM501_DC_CRT_PALETTE -
+SM501_DC_PANEL_PALETTE]
+   : >dc_palette[0]);
 
 /* choose draw_line function */
 switch (src_bpp) {
 case 1:
-draw_line = draw_line8_funcs[ds_depth_index];
+draw_line = draw_line8_funcs[dst_depth_index];
 break;
 case 2:
-draw_line = draw_line16_funcs[ds_depth_index];
+draw_line = draw_line16_funcs[dst_depth_index];
 break;
 case 4:
-draw_line = draw_line32_funcs[ds_depth_index];
+draw_line = draw_line32_funcs[dst_depth_index];
 break;
 default:
-printf("sm501 draw crt : invalid DC_CRT_CONTROL=%x.\n",
-   s->dc_crt_control);
+printf("sm501 update display : invalid control register value.\n");
 abort();
 break;
 }
 
 /* set up to draw hardware cursor */
-if (is_hwc_enabled(s, 1)) {
+if (is_hwc_enabled(s, crt)) {
 /* choose cursor draw line function */
-draw_hwc_line = draw_hwc_line_funcs[ds_depth_index];
-hwc_src = get_hwc_address(s, 1);
-c_x = get_hwc_x(s, 1);
-c_y = get_hwc_y(s, 1);
-get_hwc_palette(s, 1, hwc_palette);
+draw_hwc_line = draw_hwc_line_funcs[dst_depth_index];
+hwc_src = get_hwc_address(s, crt);
+c_x = get_hwc_x(s, crt);
+c_y = get_hwc_y(s, crt);
+get_hwc_palette(s, crt, hwc_palette);
 }
 
 /* adjust console size */
@@ -1357,7 +1370,7 @@ static void sm501_draw_crt(SM501State *s)
 
 /* draw each line according to conditions */
 memory_region_sync_dirty_bitmap(>local_mem_region);
-for (y = 0; y < height; y++) {
+for (y = 0, offset = 0; y < height; y++, offset += width * src_bpp) {
 int update, update_hwc;
 ram_addr_t page0 = offset;
 ram_addr_t page1 = offset + width * src_bpp - 1;
@@ -1375,7 +1388,7 @@ static void sm501_draw_crt(SM501State *s)
 d +=  y * width * dst_bpp;
 
 /* draw graphics layer */
-draw_line(d, src, width, palette);
+draw_line(d, s->local_mem + offset, width, palette);
 
 /* draw hardware cursor */
 if (update_hwc) {
@@ -1398,9 +1411,6 @@ static void sm501_draw_crt(SM501State *s)
 y_start = -1;
 }
 }
-
-src += width * src_bpp;
-offset += width * src_bpp;
 }
 
 /* complete flush to display */
@@ -1416,15 +1426,6 @@ static void 

[Qemu-devel] [PATCH 03/10] sm501: QOMify

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c   | 133 +++
 hw/sh4/r2d.c |  11 -
 include/hw/devices.h |   5 --
 3 files changed, 101 insertions(+), 48 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 4eb085c..b592022 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -58,8 +58,8 @@
 #define SM501_DPRINTF(fmt, ...) do {} while (0)
 #endif
 
-
 #define MMIO_BASE_OFFSET 0x3e0
+#define MMIO_SIZE 0x20
 
 /* SM501 register definitions taken from "linux/include/linux/sm501-regs.h" */
 
@@ -464,6 +464,7 @@ typedef struct SM501State {
 uint32_t local_mem_size_index;
 uint8_t *local_mem;
 MemoryRegion local_mem_region;
+MemoryRegion mmio_region;
 uint32_t last_width;
 uint32_t last_height;
 
@@ -1396,20 +1397,14 @@ static const GraphicHwOps sm501_ops = {
 .gfx_update  = sm501_update_display,
 };
 
-void sm501_init(MemoryRegion *address_space_mem, uint32_t base,
-uint32_t local_mem_bytes, qemu_irq irq, Chardev *chr)
+static void sm501_init(SM501State *s, DeviceState *dev, uint32_t base,
+   uint32_t local_mem_bytes)
 {
-SM501State *s;
-DeviceState *dev;
-MemoryRegion *sm501_system_config = g_new(MemoryRegion, 1);
-MemoryRegion *sm501_disp_ctrl = g_new(MemoryRegion, 1);
-MemoryRegion *sm501_2d_engine = g_new(MemoryRegion, 1);
-
-/* allocate management data region */
-s = g_new0(SM501State, 1);
+MemoryRegion *mr;
+
 s->base = base;
 s->local_mem_size_index = get_local_mem_size_index(local_mem_bytes);
-SM501_DPRINTF("local mem size=%x. index=%d\n", get_local_mem_size(s),
+SM501_DPRINTF("sm501 local mem size=%x. index=%d\n", get_local_mem_size(s),
   s->local_mem_size_index);
 s->system_control = 0x0010; /* 2D engine FIFO empty */
 s->misc_control = SM501_MISC_IRQ_INVERT; /* assumes SH, active=low */
@@ -1417,46 +1412,102 @@ void sm501_init(MemoryRegion *address_space_mem, 
uint32_t base,
 s->dc_crt_control = 0x0001;
 
 /* allocate local memory */
-memory_region_init_ram(>local_mem_region, NULL, "sm501.local",
+memory_region_init_ram(>local_mem_region, OBJECT(dev), "sm501.local",
local_mem_bytes, _fatal);
 vmstate_register_ram_global(>local_mem_region);
 memory_region_set_log(>local_mem_region, true, DIRTY_MEMORY_VGA);
 s->local_mem = memory_region_get_ram_ptr(>local_mem_region);
-memory_region_add_subregion(address_space_mem, base, >local_mem_region);
-
-/* map mmio */
-memory_region_init_io(sm501_system_config, NULL, _system_config_ops,
-  s, "sm501-system-config", 0x6c);
-memory_region_add_subregion(address_space_mem, base + MMIO_BASE_OFFSET,
-sm501_system_config);
-memory_region_init_io(sm501_disp_ctrl, NULL, _disp_ctrl_ops, s,
+
+/* allocate mmio */
+memory_region_init(>mmio_region, OBJECT(dev), "sm501.mmio", MMIO_SIZE);
+mr = g_new(MemoryRegion, 1);
+memory_region_init_io(mr, OBJECT(dev), _system_config_ops, s,
+  "sm501-system-config", 0x6c);
+memory_region_add_subregion(>mmio_region, SM501_SYS_CONFIG, mr);
+mr = g_new(MemoryRegion, 1);
+memory_region_init_io(mr, OBJECT(dev), _disp_ctrl_ops, s,
   "sm501-disp-ctrl", 0x1000);
-memory_region_add_subregion(address_space_mem,
-base + MMIO_BASE_OFFSET + SM501_DC,
-sm501_disp_ctrl);
-memory_region_init_io(sm501_2d_engine, NULL, _2d_engine_ops, s,
+memory_region_add_subregion(>mmio_region, SM501_DC, mr);
+mr = g_new(MemoryRegion, 1);
+memory_region_init_io(mr, OBJECT(dev), _2d_engine_ops, s,
   "sm501-2d-engine", 0x54);
-memory_region_add_subregion(address_space_mem,
-base + MMIO_BASE_OFFSET + SM501_2D_ENGINE,
-sm501_2d_engine);
+memory_region_add_subregion(>mmio_region, SM501_2D_ENGINE, mr);
+
+/* create qemu graphic console */
+s->con = graphic_console_init(DEVICE(dev), 0, _ops, s);
+}
+
+#define TYPE_SYSBUS_SM501 "sysbus-sm501"
+#define SYSBUS_SM501(obj) \
+OBJECT_CHECK(SM501SysBusState, (obj), TYPE_SYSBUS_SM501)
+
+typedef struct {
+/*< private >*/
+SysBusDevice parent_obj;
+/*< public >*/
+SM501State state;
+uint32_t vram_size;
+uint32_t base;
+void *chr_state;
+} SM501SysBusState;
+
+static void sm501_realize_sysbus(DeviceState *dev, Error **errp)
+{
+SM501SysBusState *s = SYSBUS_SM501(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+DeviceState *usb_dev;
+
+sm501_init(>state, dev, s->base, s->vram_size);
+sysbus_init_mmio(sbd, >state.local_mem_region);
+sysbus_init_mmio(sbd, >state.mmio_region);
 
 /* bridge to usb host emulation module */
-

[Qemu-devel] [PATCH 07/10] sm501: Fix hardware cursor

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c  | 169 +---
 hw/display/sm501_template.h |  25 +++
 2 files changed, 107 insertions(+), 87 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 3d32a3c..1bd0303 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -550,6 +550,24 @@ static uint32_t get_local_mem_size_index(uint32_t size)
 return index;
 }
 
+static inline int get_width(SM501State *s, int crt)
+{
+int width = crt ? s->dc_crt_h_total : s->dc_panel_h_total;
+return (width & 0x0FFF) + 1;
+}
+
+static inline int get_height(SM501State *s, int crt)
+{
+int height = crt ? s->dc_crt_v_total : s->dc_panel_v_total;
+return (height & 0x0FFF) + 1;
+}
+
+static inline int get_bpp(SM501State *s, int crt)
+{
+int bpp = crt ? s->dc_crt_control : s->dc_panel_control;
+return (8 << (bpp & 3)) / 8;
+}
+
 /**
  * Check the availability of hardware cursor.
  * @param crt  0 for PANEL, 1 for CRT.
@@ -564,10 +582,10 @@ static inline int is_hwc_enabled(SM501State *state, int 
crt)
  * Get the address which holds cursor pattern data.
  * @param crt  0 for PANEL, 1 for CRT.
  */
-static inline uint32_t get_hwc_address(SM501State *state, int crt)
+static inline uint8_t *get_hwc_address(SM501State *state, int crt)
 {
 uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
-return (addr & 0x03F0)/* >> 4*/;
+return state->local_mem + (addr & 0x03F0);
 }
 
 /**
@@ -593,50 +611,48 @@ static inline uint32_t get_hwc_x(SM501State *state, int 
crt)
 }
 
 /**
- * Get the cursor position in x coordinate.
+ * Get the hardware cursor palette.
  * @param crt  0 for PANEL, 1 for CRT.
- * @param index  0, 1, 2 or 3 which specifies color of corsor dot.
+ * @param palette  pointer to a [3 * 3] array to store color values in
  */
-static inline uint16_t get_hwc_color(SM501State *state, int crt, int index)
+static inline void get_hwc_palette(SM501State *state, int crt, uint8_t 
*palette)
 {
-uint32_t color_reg = 0;
-uint16_t color_565 = 0;
-
-if (index == 0) {
-return 0;
-}
-
-switch (index) {
-case 1:
-case 2:
-color_reg = crt ? state->dc_crt_hwc_color_1_2
-: state->dc_panel_hwc_color_1_2;
-break;
-case 3:
-color_reg = crt ? state->dc_crt_hwc_color_3
-: state->dc_panel_hwc_color_3;
-break;
-default:
-printf("invalid hw cursor color.\n");
-abort();
-}
+int i;
+uint32_t color_reg;
+uint16_t rgb565;
+
+for (i = 0; i < 3; i++) {
+if (i + 1 == 3) {
+color_reg = crt ? state->dc_crt_hwc_color_3
+: state->dc_panel_hwc_color_3;
+} else {
+color_reg = crt ? state->dc_crt_hwc_color_1_2
+: state->dc_panel_hwc_color_1_2;
+}
 
-switch (index) {
-case 1:
-case 3:
-color_565 = (uint16_t)(color_reg & 0x);
-break;
-case 2:
-color_565 = (uint16_t)((color_reg >> 16) & 0x);
-break;
+if (i + 1 == 2) {
+rgb565 = (color_reg >> 16) & 0x;
+} else {
+rgb565 = color_reg & 0x;
+}
+palette[i * 3 + 0] = (rgb565 << 3) & 0xf8; /* red */
+palette[i * 3 + 1] = (rgb565 >> 3) & 0xfc; /* green */
+palette[i * 3 + 2] = (rgb565 >> 8) & 0xf8; /* blue */
 }
-return color_565;
 }
 
-static int within_hwc_y_range(SM501State *state, int y, int crt)
+static inline void hwc_invalidate(SM501State *s, int crt)
 {
-int hwc_y = get_hwc_y(state, crt);
-return (hwc_y <= y && y < hwc_y + SM501_HWC_HEIGHT);
+int w = get_width(s, crt);
+int h = get_height(s, crt);
+int bpp = get_bpp(s, crt);
+int start = get_hwc_y(s, crt);
+int end = MIN(h, start + SM501_HWC_HEIGHT) + 1;
+
+start *= w * bpp;
+end *= w * bpp;
+
+memory_region_set_dirty(>local_mem_region, start, end - start);
 }
 
 static void sm501_2d_operation(SM501State *s)
@@ -1017,10 +1033,18 @@ static void sm501_disp_ctrl_write(void *opaque, hwaddr 
addr,
 break;
 
 case SM501_DC_PANEL_HWC_ADDR:
-s->dc_panel_hwc_addr = value & 0x8FF0;
+value &= 0x8FF0;
+if (value != s->dc_panel_hwc_addr) {
+hwc_invalidate(s, 0);
+s->dc_panel_hwc_addr = value;
+}
 break;
 case SM501_DC_PANEL_HWC_LOC:
-s->dc_panel_hwc_location = value & 0x0FFF0FFF;
+value &= 0x0FFF0FFF;
+if (value != s->dc_panel_hwc_location) {
+hwc_invalidate(s, 0);
+s->dc_panel_hwc_location = value;
+}
 break;
 case SM501_DC_PANEL_HWC_COLOR_1_2:
 s->dc_panel_hwc_color_1_2 = value;
@@ -1052,10 +1076,18 @@ static void sm501_disp_ctrl_write(void *opaque, hwaddr 
addr,
 break;
 
 case 

[Qemu-devel] [PATCH 02/10] sm501: Use defines instead of constants where available

[BALATON Zoltan]

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c  | 8 
 hw/display/sm501_template.h | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 4f40dee..4eb085c 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -555,7 +555,7 @@ static uint32_t get_local_mem_size_index(uint32_t size)
 static inline int is_hwc_enabled(SM501State *state, int crt)
 {
 uint32_t addr = crt ? state->dc_crt_hwc_addr : state->dc_panel_hwc_addr;
-return addr & 0x8000;
+return addr & SM501_HWC_EN;
 }
 
 /**
@@ -1411,9 +1411,9 @@ void sm501_init(MemoryRegion *address_space_mem, uint32_t 
base,
 s->local_mem_size_index = get_local_mem_size_index(local_mem_bytes);
 SM501_DPRINTF("local mem size=%x. index=%d\n", get_local_mem_size(s),
   s->local_mem_size_index);
-s->system_control = 0x0010;
-s->misc_control = 0x1000; /* assumes SH, active=low */
-s->dc_panel_control = 0x0001;
+s->system_control = 0x0010; /* 2D engine FIFO empty */
+s->misc_control = SM501_MISC_IRQ_INVERT; /* assumes SH, active=low */
+s->dc_panel_control = 0x0001; /* FIFO level 3 */
 s->dc_crt_control = 0x0001;
 
 /* allocate local memory */
diff --git a/hw/display/sm501_template.h b/hw/display/sm501_template.h
index aeeac5d..16e500b 100644
--- a/hw/display/sm501_template.h
+++ b/hw/display/sm501_template.h
@@ -108,7 +108,7 @@ static void glue(draw_hwc_line_, PIXEL_NAME)(SM501State *s, 
int crt,
 /* get hardware cursor pattern */
 uint32_t cursor_addr = get_hwc_address(s, crt);
 assert(0 <= c_y && c_y < SM501_HWC_HEIGHT);
-cursor_addr += 64 * c_y / 4;  /* 4 pixels per byte */
+cursor_addr += SM501_HWC_WIDTH * c_y / 4;  /* 4 pixels per byte */
 cursor_addr += s->base;
 
 /* get cursor position */
-- 
2.7.4

[Qemu-devel] [PATCH 10/10] ppc: Add SM501 device in config for ppc and ppcemb targets

[BALATON Zoltan]

This is not used by default on any emulated machine yet but it is
still useful to have it compiled so it can be added from the command
line for clients that can use it (e.g. MorphOS has no driver for any
other emulated video cards but can output via SM501)

Signed-off-by: BALATON Zoltan 
---
 default-configs/ppc-softmmu.mak| 1 +
 default-configs/ppcemb-softmmu.mak | 1 +
 2 files changed, 2 insertions(+)

diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
index 09c1d45..1f1cd85 100644
--- a/default-configs/ppc-softmmu.mak
+++ b/default-configs/ppc-softmmu.mak
@@ -45,6 +45,7 @@ CONFIG_OPENPIC_KVM=$(and $(CONFIG_E500),$(CONFIG_KVM))
 CONFIG_PLATFORM_BUS=y
 CONFIG_ETSEC=y
 CONFIG_LIBDECNUMBER=y
+CONFIG_SM501=y
 # For PReP
 CONFIG_SERIAL_ISA=y
 CONFIG_MC146818RTC=y
diff --git a/default-configs/ppcemb-softmmu.mak 
b/default-configs/ppcemb-softmmu.mak
index 7f56004..94340de 100644
--- a/default-configs/ppcemb-softmmu.mak
+++ b/default-configs/ppcemb-softmmu.mak
@@ -15,3 +15,4 @@ CONFIG_I8259=y
 CONFIG_XILINX=y
 CONFIG_XILINX_ETHLITE=y
 CONFIG_LIBDECNUMBER=y
+CONFIG_SM501=y
-- 
2.7.4

[Qemu-devel] [PATCH 09/10] sm501: Add some more missing registers

[BALATON Zoltan]

Write only to allow clients to initialise these without failing

Signed-off-by: BALATON Zoltan 
---
 hw/display/sm501.c | 42 ++
 1 file changed, 42 insertions(+)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index 2e1c4b7..16a00cc 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -508,6 +508,8 @@ typedef struct SM501State {
 uint32_t dc_panel_hwc_color_1_2;
 uint32_t dc_panel_hwc_color_3;
 
+uint32_t dc_video_control;
+
 uint32_t dc_crt_control;
 uint32_t dc_crt_fb_addr;
 uint32_t dc_crt_fb_offset;
@@ -527,12 +529,21 @@ typedef struct SM501State {
 uint32_t twoD_control;
 uint32_t twoD_pitch;
 uint32_t twoD_foreground;
+uint32_t twoD_background;
 uint32_t twoD_stretch;
+uint32_t twoD_color_compare;
 uint32_t twoD_color_compare_mask;
 uint32_t twoD_mask;
+uint32_t twoD_clip_tl;
+uint32_t twoD_clip_br;
+uint32_t twoD_mono_pattern_low;
+uint32_t twoD_mono_pattern_high;
 uint32_t twoD_window_width;
 uint32_t twoD_source_base;
 uint32_t twoD_destination_base;
+uint32_t twoD_alpha;
+uint32_t twoD_wrap;
+uint32_t twoD_status;
 
 } SM501State;
 
@@ -1057,6 +1068,10 @@ static void sm501_disp_ctrl_write(void *opaque, hwaddr 
addr,
 s->dc_panel_hwc_color_3 = value & 0x;
 break;
 
+case SM501_DC_VIDEO_CONTROL:
+s->dc_video_control = value & 0x0003;
+break;
+
 case SM501_DC_CRT_CONTROL:
 s->dc_crt_control = value & 0x0003;
 break;
@@ -1174,15 +1189,33 @@ static void sm501_2d_engine_write(void *opaque, hwaddr 
addr,
 case SM501_2D_FOREGROUND:
 s->twoD_foreground = value;
 break;
+case SM501_2D_BACKGROUND:
+s->twoD_background = value;
+break;
 case SM501_2D_STRETCH:
 s->twoD_stretch = value;
 break;
+case SM501_2D_COLOR_COMPARE:
+s->twoD_color_compare = value;
+break;
 case SM501_2D_COLOR_COMPARE_MASK:
 s->twoD_color_compare_mask = value;
 break;
 case SM501_2D_MASK:
 s->twoD_mask = value;
 break;
+case SM501_2D_CLIP_TL:
+s->twoD_clip_tl = value;
+break;
+case SM501_2D_CLIP_BR:
+s->twoD_clip_br = value;
+break;
+case SM501_2D_MONO_PATTERN_LOW:
+s->twoD_mono_pattern_low = value;
+break;
+case SM501_2D_MONO_PATTERN_HIGH:
+s->twoD_mono_pattern_high = value;
+break;
 case SM501_2D_WINDOW_WIDTH:
 s->twoD_window_width = value;
 break;
@@ -1192,6 +1225,15 @@ static void sm501_2d_engine_write(void *opaque, hwaddr 
addr,
 case SM501_2D_DESTINATION_BASE:
 s->twoD_destination_base = value;
 break;
+case SM501_2D_ALPHA:
+s->twoD_alpha = value;
+break;
+case SM501_2D_WRAP:
+s->twoD_wrap = value;
+break;
+case SM501_2D_STATUS:
+s->twoD_status = value;
+break;
 default:
 printf("sm501 2d engine : not implemented register write."
" addr=%x, val=%x\n", (int)addr, (unsigned)value);
-- 
2.7.4

Re: [Qemu-devel] Fix build break during configuration on musl-libc based Linux systems.

[Peter Maydell]

On 19 February 2017 at 07:22, Chad Joan  wrote:
> I suspect I'm going to encounter this problem again as I try to make small
> fixes for more projects, so it might be worth it for me to spend a small
> amount of time at some point setting up a mail client that I can send git
> patches with.  Or perhaps I can just move the patch(es) onto another machine
> (ex: my personal laptop) and send it with 'git send-email' from there,
> instead of needing to install a mail client that is outside of my normal
> workflow.  I am not comfortable with putting smtp login information onto the
> server that I am using for this work.

Yes, I'd do that. If you do git format-patch on one machine you can
then copy the patch files onto another where you do git send-email
(my workflow actually involves something similar to this).

Or if the machine you're running on is a server with limited
development facilities you might prefer to do development
entirely on a different machine and then on the server
just do a git fetch or git pull from the git tree on your
development machine to build it. (I do this when I'm doing
build tests, since there usually isn't a nice dev environment
with my preferred editor and tools and so on on the test
machine.) Then your patches are all on the dev machine to
start with.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 2/5] m68k: implement server and client side

[Laurent Vivier]

Le 18/02/2017 à 23:37, Peter Maydell a écrit :
> On 7 February 2017 at 18:33, Laurent Vivier  wrote:
>> This also adds the basic test file and the configuration update.
>>
>> This implementation can only test instructions with values in register and
>> no memory access.
>>
>> Signed-off-by: Laurent Vivier 
> 
> Hi; I got round to setting up my machine with an m68k cross
> compiler so I can at least compile-test the other target
> architectures, and I noticed this code generates compiler
> warnings:
> 
>> +/* reginfo_dump: print state to a stream, returns nonzero on success */
>> +void reginfo_dump(struct reginfo *ri, int is_master)
>> +{
>> +int i;
>> +if (is_master) {
>> +fprintf(stderr, "  pc\e[1;101;37m0x%08x\e[0m\n",
>> +ri->pc);
>> +}
>> +fprintf(stderr, "\tPC: %08x\n", ri->gregs[R_PC]);
>> +fprintf(stderr, "\tPS: %04x\n", ri->gregs[R_PS]);
>> +
>> +for (i = 0; i < 8; i++) {
>> +fprintf(stderr, "\tD%d: %8x\tA%d: %8x\n", i, ri->gregs[i],
>> +i, ri->gregs[i + 8]);
>> +}
>> +
>> +
>> +for (i = 0; i < 8; i++) {
>> +fprintf(stderr, "\tFP%d: %08x %08x %08x\n", i,
>> +ri->fpregs.f_fpregs[i * 3], ri->fpregs.f_fpregs[i * 3 + 1],
>> +ri->fpregs.f_fpregs[i * 3 + 2]);
> 
> /home/pm215/risu/risu_reginfo_m68k.c:95:37: warning: format ‘%x’
> expects argument of type ‘unsigned int’, but argument 4 has type ‘int
> *’ [-Wformat=]
>  fprintf(stderr, "\tFP%d: %08x %08x %08x\n", i,
>  ^
> 
> and similarly for the other 3 f_fpregs[] arguments here
> and in the fprintf calls in reginfo_dump_mismatch().
> 
> Looking at the m68k sys/ucontext.h its definition of
> struct fpregset is
> #ifdef __mcoldfire__
>   int f_fpregs[8][2];
> #else
>   int f_fpregs[8][3];
> #endif
> 
> so it's a 2d array, not a 1d array.

In fact, in etch-m68k, there are two definitions of fpregset:

/usr/include/sys/ucontext.h

typedef struct fpregset
{
  int f_fpregs[8][3];
  int f_pcr;
  int f_psr;
  int f_fpiaddr;
} fpregset_t;

/usr/include/asm/ucontext.h

typedef struct fpregset {
int f_fpcntl[3];
int f_fpregs[8*3];
} fpregset_t;

This is the one used by the kernel:

arch/m68k/include/asm/ucontext.h

typedef struct fpregset {
int f_fpcntl[3];
int f_fpregs[8*3];
} fpregset_t;

In the past, as the one from sys/ucontext.h was not compatible with the
one from the kernel, I have updated my system to use the one from the
kernel.

But in debian unstable, we have now:

typedef struct fpregset
{
  int f_pcr;
  int f_psr;
  int f_fpiaddr;
#ifdef __mcoldfire__
  int f_fpregs[8][2];
#else
  int f_fpregs[8][3];
#endif
} fpregset_t;

And this is compatible with the kernel one.

So I'm going to update the RISU code to use the 2d array.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v5] linux-user: Add sockopts for IPv6 ping and IPv6 traceroute

[Laurent Vivier]

Le 18/02/2017 à 23:31, Helge Deller a écrit :
> Add the neccessary sockopts for ping and traceroute on IPv6.
> 
> This fixes the following qemu warnings with IPv6:
> Unsupported ancillary data: 0/2
> Unsupported ancillary data: 0/11
> Unsupported ancillary data: 41/25
> Unsupported setsockopt level=0 optname=12 
> Unsupported setsockopt level=41 optname=16
> Unsupported setsockopt level=41 optname=25
> Unsupported setsockopt level=41 optname=50
> Unsupported setsockopt level=41 optname=51
> Unsupported setsockopt level=41 optname=8
> Unsupported setsockopt level=58 optname=1
> 
> Tested with hppa-linux-user (big-endian) on x86_64 (little-endian).
> 
> Signed-off-by: Helge Deller 

Reviewed-by: Laurent Vivier 

> 
> ---
> Changes to v4: (all suggested by Laurent Vivier)
> - Handle AF_INET6 in host_to_target_sockaddr()
> - Drop length check for IP_TTL and SOL_IPV6
> - Trunk optlen length in ICMPV6_FILTER if necessary
> 
> Changes to v3:
> - Fix up checkpatch fallouts
> 
> Changes to v2: (all suggested by Laurent Vivier)
> - Drop goto statements and replaced by real code
> - New function host_to_target_sockaddr_in6()
> - Fix IPV6_PKTINFO which uses in6_pktinfo instead of uint32_t
> - Move one IPV6_CHECKSUM from SOL_ICMPV6 to SOL_IPV6
> - Fix ICMPV6_FILTER to use icmpv6_filter
> 
> Changes to v1:
> - Added IPV6_PKTINFO sockopt as reported by Philippe Mathieu-Daudé
> 
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index f569f82..b9d10e7 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -57,6 +57,8 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
>  #include 
>  #include 
>  #include 
> +#include 
> +#include 
>  #include "qemu-common.h"
>  #ifdef CONFIG_TIMERFD
>  #include 
> @@ -1634,6 +1636,11 @@ static inline abi_long 
> host_to_target_sockaddr(abi_ulong target_addr,
>  struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
>  target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
>  target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
> +} else if (addr->sa_family == AF_INET6 &&
> +   len >= sizeof(struct target_sockaddr_in6)) {
> +struct target_sockaddr_in6 *target_in6 =
> +   (struct target_sockaddr_in6 *)target_saddr;
> +target_in6->sin6_scope_id = tswap16(target_in6->sin6_scope_id);
>  }
>  unlock_user(target_saddr, target_addr, len);
>  
> @@ -1839,6 +1846,78 @@ static inline abi_long host_to_target_cmsg(struct 
> target_msghdr *target_msgh,
>  }
>  break;
>  
> +case SOL_IP:
> +switch (cmsg->cmsg_type) {
> +case IP_TTL:
> +{
> +uint32_t *v = (uint32_t *)data;
> +uint32_t *t_int = (uint32_t *)target_data;
> +
> +__put_user(*v, t_int);
> +break;
> +}
> +case IP_RECVERR:
> +{
> +struct errhdr_t {
> +   struct sock_extended_err ee;
> +   struct sockaddr_in offender;
> +};
> +struct errhdr_t *errh = (struct errhdr_t *)data;
> +struct errhdr_t *target_errh =
> +(struct errhdr_t *)target_data;
> +
> +__put_user(errh->ee.ee_errno, _errh->ee.ee_errno);
> +__put_user(errh->ee.ee_origin, _errh->ee.ee_origin);
> +__put_user(errh->ee.ee_type,  _errh->ee.ee_type);
> +__put_user(errh->ee.ee_code, _errh->ee.ee_code);
> +__put_user(errh->ee.ee_pad, _errh->ee.ee_pad);
> +__put_user(errh->ee.ee_info, _errh->ee.ee_info);
> +__put_user(errh->ee.ee_data, _errh->ee.ee_data);
> +host_to_target_sockaddr((unsigned long) 
> _errh->offender,
> +(void *) >offender, sizeof(errh->offender));
> +break;
> +}
> +default:
> +goto unimplemented;
> +}
> +break;
> +
> +case SOL_IPV6:
> +switch (cmsg->cmsg_type) {
> +case IPV6_HOPLIMIT:
> +{
> +uint32_t *v = (uint32_t *)data;
> +uint32_t *t_int = (uint32_t *)target_data;
> +
> +__put_user(*v, t_int);
> +break;
> +}
> +case IPV6_RECVERR:
> +{
> +struct errhdr6_t {
> +   struct sock_extended_err ee;
> +   struct sockaddr_in6 offender;
> +};
> +struct errhdr6_t *errh = (struct errhdr6_t *)data;
> +struct errhdr6_t *target_errh =
> +(struct errhdr6_t *)target_data;
> +
> +__put_user(errh->ee.ee_errno, _errh->ee.ee_errno);
> +__put_user(errh->ee.ee_origin, _errh->ee.ee_origin);
> +__put_user(errh->ee.ee_type,