[Qemu-devel] [PATCH] iotests: Print full path of bad output if mismatch

[Fam Zheng]

So it is easier to copy paste the path.

Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/check | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index d504b6e455..4583a0c269 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -353,7 +353,7 @@ do
 else
 echo " - output mismatch (see $seq.out.bad)"
 mv $tmp.out $seq.out.bad
-$diff -w "$reference" $seq.out.bad
+$diff -w "$reference" $(realpath $seq.out.bad)
 err=true
 fi
 fi
-- 
2.13.5

[Qemu-devel] [PATCH 3/3] iotests: Add "quit during block migration" case 195

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/195 | 97 ++
 tests/qemu-iotests/195.out | 19 +
 tests/qemu-iotests/group   |  1 +
 3 files changed, 117 insertions(+)
 create mode 100755 tests/qemu-iotests/195
 create mode 100644 tests/qemu-iotests/195.out

diff --git a/tests/qemu-iotests/195 b/tests/qemu-iotests/195
new file mode 100755
index 00..f732b56854
--- /dev/null
+++ b/tests/qemu-iotests/195
@@ -0,0 +1,97 @@
+#!/bin/bash
+#
+# Test quit during block migration (migrate -b) doesn't crash
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=f...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1 # failure is the default!
+
+MIG_SOCKET="${TEST_DIR}/migrate"
+
+_cleanup()
+{
+rm -f "${MIG_SOCKET}"
+rm -f "${TEST_IMG}.dest"
+_cleanup_test_img
+_cleanup_qemu
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt qcow2 raw qed dmg quorum
+_supported_proto file
+_supported_os Linux
+
+size=64M
+_make_test_img $size
+TEST_IMG="${TEST_IMG}.dest" _make_test_img $size
+
+echo
+echo === Starting VMs ===
+echo
+
+qemu_comm_method="qmp"
+
+_launch_qemu \
+-drive file="${TEST_IMG}",cache=$CACHEMODE,driver=$IMGFMT,id=disk
+src=$QEMU_HANDLE
+_send_qemu_cmd $src "{ 'execute': 'qmp_capabilities' }" 'return'
+
+_launch_qemu \
+-drive file="${TEST_IMG}.dest",cache=$CACHEMODE,driver=$IMGFMT,id=disk \
+-incoming "unix:${MIG_SOCKET}"
+dest=$QEMU_HANDLE
+_send_qemu_cmd $dest "{ 'execute': 'qmp_capabilities' }" 'return'
+
+echo
+echo === Do block migration to destination ===
+echo
+
+reply="$(_send_qemu_cmd $src \
+"{ 'execute': 'migrate',
+   'arguments': { 'uri': 'unix:${MIG_SOCKET}', 'blk': true } }" \
+'return\|error')"
+echo "$reply"
+if echo "$reply" | grep "compiled without old-style" > /dev/null; then
+_notrun "migrate -b support not compiled in"
+fi
+
+echo
+echo === Shut down and check image ===
+echo
+
+_send_qemu_cmd $src '{"execute":"quit"}' 'return'
+_cleanup_qemu
+
+_check_test_img
+TEST_IMG="${TEST_IMG}.dest" _check_test_img
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/195.out b/tests/qemu-iotests/195.out
new file mode 100644
index 00..36b2fc5e83
--- /dev/null
+++ b/tests/qemu-iotests/195.out
@@ -0,0 +1,19 @@
+QA output created by 195
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
+Formatting 'TEST_DIR/t.IMGFMT.dest', fmt=IMGFMT size=67108864
+
+=== Starting VMs ===
+
+{"return": {}}
+{"return": {}}
+
+=== Do block migration to destination ===
+
+{"return": {}}
+
+=== Shut down and check image ===
+
+{"return": {}}
+No errors were found on the image.
+No errors were found on the image.
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 94e764865a..e7e8fcc722 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -189,3 +189,4 @@
 190 rw auto quick
 192 rw auto quick
 194 rw auto migration quick
+195 rw auto migration quick
-- 
2.13.5

[Qemu-devel] [PATCH 2/3] migration: Cancel migration at exit

[Fam Zheng]

bdrv_close_all() would abort() due to op blockers added by BMDS, clean
up migration states when main loop quits to avoid that.

Signed-off-by: Fam Zheng 
---
 include/migration/misc.h | 1 +
 migration/migration.c| 7 ++-
 vl.c | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/include/migration/misc.h b/include/migration/misc.h
index c079b7771b..b9a26b0898 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
@@ -54,5 +54,6 @@ bool migration_has_failed(MigrationState *);
 /* ...and after the device transmission */
 bool migration_in_postcopy_after_devices(MigrationState *);
 void migration_global_dump(Monitor *mon);
+void migrate_cancel(void);
 
 #endif
diff --git a/migration/migration.c b/migration/migration.c
index 959e8ec88e..2c844945c7 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1274,11 +1274,16 @@ void qmp_migrate(const char *uri, bool has_blk, bool 
blk,
 }
 }
 
-void qmp_migrate_cancel(Error **errp)
+void migrate_cancel(void)
 {
 migrate_fd_cancel(migrate_get_current());
 }
 
+void qmp_migrate_cancel(Error **errp)
+{
+migrate_cancel();
+}
+
 void qmp_migrate_set_cache_size(int64_t value, Error **errp)
 {
 MigrationState *s = migrate_get_current();
diff --git a/vl.c b/vl.c
index fb1f05b937..abbe61f40b 100644
--- a/vl.c
+++ b/vl.c
@@ -87,6 +87,7 @@ int main(int argc, char **argv)
 #include "sysemu/blockdev.h"
 #include "hw/block/block.h"
 #include "migration/misc.h"
+#include "migration/savevm.h"
 #include "migration/snapshot.h"
 #include "migration/global_state.h"
 #include "sysemu/tpm.h"
@@ -4799,6 +4800,8 @@ int main(int argc, char **argv, char **envp)
 iothread_stop_all();
 
 pause_all_vcpus();
+migrate_cancel();
+qemu_savevm_state_cleanup();
 bdrv_close_all();
 res_free();
 
-- 
2.13.5

[Qemu-devel] [PATCH 0/3] migration: Fix crash by cleaning up before quit

[Fam Zheng]

Quit command causes asssertion failure in block layer due to op blockers added
by BMDS, if there is an active block migration.

Fixing this by calling migration cleaning up functions at the end of main()
before bdrv_close_all() is called.

Fam Zheng (3):
  migration: Allow ram_save_cleanup to be called with empty state
  migration: Cancel migration at exit
  iotests: Add "quit during block migration" case 195

 include/migration/misc.h   |  1 +
 migration/migration.c  |  7 +++-
 migration/ram.c|  3 ++
 tests/qemu-iotests/195 | 97 ++
 tests/qemu-iotests/195.out | 19 +
 tests/qemu-iotests/group   |  1 +
 vl.c   |  3 ++
 7 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100755 tests/qemu-iotests/195
 create mode 100644 tests/qemu-iotests/195.out

-- 
2.13.5

[Qemu-devel] [PATCH 1/3] migration: Allow ram_save_cleanup to be called with empty state

[Fam Zheng]

So that we can do cleanup unconditionally at the end of main().

Signed-off-by: Fam Zheng 
---
 migration/ram.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migration/ram.c b/migration/ram.c
index e18b3e2d4f..37e6a71241 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1365,6 +1365,9 @@ static void ram_save_cleanup(void *opaque)
 RAMState **rsp = opaque;
 RAMBlock *block;
 
+if (!rsp || !*rsp) {
+return;
+}
 /* caller have hold iothread lock or is in a bh, so there is
  * no writing race against this migration_bitmap
  */
-- 
2.13.5

Re: [Qemu-devel] [PATCH 2/3] kvm: check KVM_CAP_NR_VCPUS with kvm_vm_check_extension()

[Thomas Huth]

On 14.09.2017 21:25, Greg Kurz wrote:
> On a modern server-class ppc host with the following CPU topology:
> 
> Architecture:  ppc64le
> Byte Order:Little Endian
> CPU(s):32
> On-line CPU(s) list:   0,8,16,24
> Off-line CPU(s) list:  1-7,9-15,17-23,25-31
> Thread(s) per core:1
> 
> If both KVM PR and KVM HV loaded and we pass:
> 
> -machine pseries,accel=kvm,kvm-type=PR -smp 8
> 
> We expect QEMU to warn that this exceeds the number of online CPUs:
> 
> Warning: Number of SMP cpus requested (8) exceeds the recommended
>  cpus supported by KVM (4)
> Warning: Number of hotpluggable cpus requested (8) exceeds the
>  recommended cpus supported by KVM (4)
> 
> but nothing is printed...
> 
> This happens because on ppc the KVM_CAP_NR_VCPUS capability is VM
> specific  ndreally depends on the KVM type, but we currently use it
> as a global capability. And KVM returns a fallback value based on
> KVM HV being present. Maybe KVM on POWER shouldn't presume anything
> as long as it doesn't have a VM, but in all cases, we should call
> KVM_CREATE_VM first and use KVM_CAP_NR_VCPUS as a VM capability.
> 
> This patch hence changes kvm_recommended_vcpus() accordingly and
> moves the sanity checking of smp_cpus after the VM creation.
> 
> It is okay for the other archs that also implement KVM_CAP_NR_VCPUS,
> ie, mips, s390, x86 and arm, because they don't depend on the VM
> being created or not.
> 
> Signed-off-by: Greg Kurz 
> ---
>  accel/kvm/kvm-all.c |   45 +++--
>  1 file changed, 23 insertions(+), 22 deletions(-)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index 323c567cfb68..d10534de2da1 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -1533,7 +1533,7 @@ static void kvm_irqchip_create(MachineState *machine, 
> KVMState *s)
>   */
>  static int kvm_recommended_vcpus(KVMState *s)
>  {
> -int ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS);
> +int ret = kvm_vm_check_extension(s, KVM_CAP_NR_VCPUS);
>  return (ret) ? ret : 4;
>  }
>  
> @@ -1623,27 +1623,6 @@ static int kvm_init(MachineState *ms)
>  s->nr_slots = 32;
>  }
>  
> -/* check the vcpu limits */
> -soft_vcpus_limit = kvm_recommended_vcpus(s);
> -hard_vcpus_limit = kvm_max_vcpus(s);
> -
> -while (nc->name) {
> -if (nc->num > soft_vcpus_limit) {
> -fprintf(stderr,
> -"Warning: Number of %s cpus requested (%d) exceeds "
> -"the recommended cpus supported by KVM (%d)\n",
> -nc->name, nc->num, soft_vcpus_limit);
> -
> -if (nc->num > hard_vcpus_limit) {
> -fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
> -"the maximum cpus supported by KVM (%d)\n",
> -nc->name, nc->num, hard_vcpus_limit);
> -exit(1);
> -}
> -}
> -nc++;
> -}
> -
>  kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
>  if (mc->kvm_type) {
>  type = mc->kvm_type(kvm_type);
> @@ -1678,6 +1657,28 @@ static int kvm_init(MachineState *ms)
>  }
>  
>  s->vmfd = ret;
> +
> +/* check the vcpu limits */
> +soft_vcpus_limit = kvm_recommended_vcpus(s);
> +hard_vcpus_limit = kvm_max_vcpus(s);
> +
> +while (nc->name) {
> +if (nc->num > soft_vcpus_limit) {
> +fprintf(stderr,
> +"Warning: Number of %s cpus requested (%d) exceeds "
> +"the recommended cpus supported by KVM (%d)\n",
> +nc->name, nc->num, soft_vcpus_limit);
> +
> +if (nc->num > hard_vcpus_limit) {
> +fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
> +"the maximum cpus supported by KVM (%d)\n",
> +nc->name, nc->num, hard_vcpus_limit);
> +exit(1);
> +}
> +}
> +nc++;
> +}
> +
>  missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
>  if (!missing_cap) {
>  missing_cap =
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 1/3] kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension()

[Thomas Huth]

On 14.09.2017 21:25, Greg Kurz wrote:
> On a server-class ppc host, this capability depends on the KVM type,
> ie, HV or PR. If both KVM are present in the kernel, we will always
> get the HV specific value, even if we explicitely requested PR on
> the command line.
> 
> This can have an impact if we're using hugepages or a balloon device.
> 
> Since we've already created the VM at the time any user calls
> kvm_has_sync_mmu(), switching to kvm_vm_check_extension() is
> enough to fix any potential issue.
> 
> It is okay for the other archs that also implement KVM_CAP_SYNC_MMU,
> ie, mips, s390, x86 and arm, because they don't depend on the VM being
> created or not.
> 
> Signed-off-by: Greg Kurz 
> ---
>  accel/kvm/kvm-all.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index f85553a85194..323c567cfb68 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -2234,7 +2234,7 @@ int kvm_device_access(int fd, int group, uint64_t attr,
>  /* Return 1 on success, 0 on failure */
>  int kvm_has_sync_mmu(void)
>  {
> -return kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
> +return kvm_vm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
>  }

Reviewed-by: Thomas Huth 

... but while you're at it, maybe it would be better to use a bool
variable for the state of this extension, too, and only check for the
extension one time at the end of kvm_init() ? kvm_has_sync_mmu() is
apparently used multiple times in other source files, so we might be
able to save some cycles by doing the syscall only once?

 Thomas

Re: [Qemu-devel] [PATCH 3/3] ppc/kvm: check some capabilities with kvm_vm_check_extension()

[Thomas Huth]

On 14.09.2017 21:25, Greg Kurz wrote:
> The following capabilities are VM specific:
> - KVM_CAP_PPC_SMT_POSSIBLE
> - KVM_CAP_PPC_HTAB_FD

BTW, looks like kvmppc_has_cap_htab_fd() is dead code ... should we
either remove it or check it somewhere?

> - KVM_CAP_PPC_ALLOC_HTAB
> 
> If both KVM HV and KVM PR are present, checking them always return
> the HV value, even if we explicitely requested to use PR.
> 
> This has no visible effect for KVM_CAP_PPC_ALLOC_HTAB, because we also
> try the KVM_PPC_ALLOCATE_HTAB ioctl which is only suppored by HV. As
> a consequence, the spapr code doesn't even check KVM_CAP_PPC_HTAB_FD.
>
> However, this will cause kvmppc_hint_smt_possible(), introduced by
> commit fa98fbfcdfcb9, to report several VSMT modes (eg, Available
> VSMT modes: 8 4 2 1) whereas PR only support mode 1.
> 
> This patch fixes all three anyway to use kvm_vm_check_extension(). It
> is okay since the VM is already created at the time kvm_arch_init() or
> kvmppc_reset_htab() is called.
> 
> Signed-off-by: Greg Kurz 
> ---
>  target/ppc/kvm.c |6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 1deaf106d2b9..208c70e81426 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -131,7 +131,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  cap_interrupt_level = kvm_check_extension(s, KVM_CAP_PPC_IRQ_LEVEL);
>  cap_segstate = kvm_check_extension(s, KVM_CAP_PPC_SEGSTATE);
>  cap_booke_sregs = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_SREGS);
> -cap_ppc_smt_possible = kvm_check_extension(s, KVM_CAP_PPC_SMT_POSSIBLE);
> +cap_ppc_smt_possible = kvm_vm_check_extension(s, 
> KVM_CAP_PPC_SMT_POSSIBLE);
>  cap_ppc_rma = kvm_check_extension(s, KVM_CAP_PPC_RMA);
>  cap_spapr_tce = kvm_check_extension(s, KVM_CAP_SPAPR_TCE);
>  cap_spapr_tce_64 = kvm_check_extension(s, KVM_CAP_SPAPR_TCE_64);
> @@ -143,7 +143,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  cap_ppc_watchdog = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_WATCHDOG);
>  /* Note: we don't set cap_papr here, because this capability is
>   * only activated after this by kvmppc_set_papr() */
> -cap_htab_fd = kvm_check_extension(s, KVM_CAP_PPC_HTAB_FD);
> +cap_htab_fd = kvm_vm_check_extension(s, KVM_CAP_PPC_HTAB_FD);
>  cap_fixup_hcalls = kvm_check_extension(s, KVM_CAP_PPC_FIXUP_HCALL);
>  cap_ppc_smt = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT);
>  cap_htm = kvm_vm_check_extension(s, KVM_CAP_PPC_HTM);
> @@ -2353,7 +2353,7 @@ int kvmppc_reset_htab(int shift_hint)
>  /* Full emulation, tell caller to allocate htab itself */
>  return 0;
>  }
> -if (kvm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) {
> +if (kvm_vm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) {
>  int ret;
>  ret = kvm_vm_ioctl(kvm_state, KVM_PPC_ALLOCATE_HTAB, );
>  if (ret == -ENOTTY) {

Looking at the comment in the code after the "if (ret == -ENOTTY)" line,
it sounds like there is a bug in the kernel and the
KVM_CAP_PPC_ALLOC_HTAB should depend on the hv_enabled variable, too?
Anyway, that's another topic, your patch is fine!

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PULL 00/18] ppc-for-2.11 queue 20170915

[David Gibson]

On Thu, Sep 14, 2017 at 09:26:49PM -0700, no-re...@patchew.org wrote:
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Subject: [Qemu-devel] [PULL 00/18] ppc-for-2.11 queue 20170915
> Message-id: 20170915035130.8354-1-da...@gibson.dropbear.id.au
> Type: series
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> 
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
> 
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> 
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
> echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
> if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> then
> failed=1
> echo
> fi
> n=$((n+1))
> done
> 
> exit $failed
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> 872afb4d17 ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr()
> 7a25c28fcc spapr_events: use QTAILQ_FOREACH_SAFE() in 
> spapr_clear_pending_events()
> 925177495a spapr_cpu_core: cleaning up qdev_get_machine() calls
> e0a96b5c4d spapr_pci: don't create 64-bit MMIO window if we don't need to
> 1851b264d5 spapr_pci: convert sprintf() to g_strdup_printf()
> e62bfeb753 spapr_cpu_core: fail gracefully with non-pseries machine types
> d68c815c09 xics: fix several error leaks
> 165724544b vfio, spapr: Fix levels calculation
> e0d3f60741 spapr_pci: handle FDT creation errors with _FDT()
> 9d82d580aa spapr_pci: use the common _FDT() helper
> fe74e07d9f spapr: fix CAS-generated reset
> 53b3f63411 ppc/xive: fix OV5_XIVE_EXPLOIT bits
> 48ced9b1af spapr: only update SDR1 once per-cpu during CAS
> 868444ad8c spapr_pci: use g_strdup_printf()
> dbfa7f0124 spapr_pci: drop useless check in spapr_populate_pci_child_dt()
> 2d5463163b spapr_pci: drop useless check in spapr_phb_vfio_get_loc_code()
> 0d760c3eed hw/ppc/spapr.c: cleaning up qdev_get_machine() calls
> 2add13654e net: Add SunGEM device emulation as found on Apple UniNorth
> 
> === OUTPUT BEGIN ===
> Checking PATCH 1/18: net: Add SunGEM device emulation as found on Apple 
> UniNorth...
> Checking PATCH 2/18: hw/ppc/spapr.c: cleaning up qdev_get_machine() calls...
> Checking PATCH 3/18: spapr_pci: drop useless check in 
> spapr_phb_vfio_get_loc_code()...
> Checking PATCH 4/18: spapr_pci: drop useless check in 
> spapr_populate_pci_child_dt()...
> Checking PATCH 5/18: spapr_pci: use g_strdup_printf()...
> Checking PATCH 6/18: spapr: only update SDR1 once per-cpu during CAS...
> Checking PATCH 7/18: ppc/xive: fix OV5_XIVE_EXPLOIT bits...
> Checking PATCH 8/18: spapr: fix CAS-generated reset...
> Checking PATCH 9/18: spapr_pci: use the common _FDT() helper...
> Checking PATCH 10/18: spapr_pci: handle FDT creation errors with _FDT()...
> Checking PATCH 11/18: vfio, spapr: Fix levels calculation...
> Checking PATCH 12/18: xics: fix several error leaks...
> Checking PATCH 13/18: spapr_cpu_core: fail gracefully with non-pseries 
> machine types...
> Checking PATCH 14/18: spapr_pci: convert sprintf() to g_strdup_printf()...
> Checking PATCH 15/18: spapr_pci: don't create 64-bit MMIO window if we don't 
> need to...
> ERROR: spaces required around that '-' (ctx:VxV)
> #55: FILE: hw/ppc/spapr_pci.c:1625:
> +if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
> ^
> 
> ERROR: spaces required around that '-' (ctx:VxV)
> #62: FILE: hw/ppc/spapr_pci.c:1632:
> +if (sphb->mem64_win_addr != (hwaddr)-1) {
>  ^
>

These are false positives, a patch for checkpatch.pl is in the works.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 00/10] Support the Capstone disassembler

[Philippe Mathieu-Daudé]

On 09/14/2017 03:35 PM, Richard Henderson wrote:

As occasionally discussed on this list, due to licensing conflicts,
we are restricted to a version of libopcodes that pre-dates its
upstream re-licensing to gplv3.  That makes our copy rather old
and dated.

I've already seen this as problematic for s390x guest.  I'm sure
the same problem exists for Power8+, though I haven't looked.
As we go forward with vector operations we'll see this for x86 host.

An alternative is to use a BSD-licensed disassembler:

   https://www.capstone-engine.org/

This is an actively maintained project derived from llvm.  Moreover,
it is already in the major Linux distributions, which makes it easy
to phase in its use.

I've arranged the code such that we attempt to use capstone first,
and if that initialization fails, fall back to the existing code
from binutils.


r~


Richard Henderson (10):
   target/i386: Convert to disas_set_info hook
   target/ppc: Convert to disas_set_info hook
   disas: Remove unused flags arguments
   disas: Support the Capstone disassembler library
   target/i386: Support Capstone in disas_set_info
   target/arm: Support Capstone in disas_set_info
   target/ppc: Support Capstone in disas_set_info
   target/s390x: Support Capstone in disas_set_info
   target/sparc: Support Capstone in disas_set_info
   target/mips: Support Capstone in disas_set_info


At least this msg disappeared:

"Disassembler disagrees with translator over instruction decoding"

i386 comparison:

 
 IN:
 0xfc30:  cli
-0xfc31:  mov%eax,%ebp
-0xfc34:  mov$0x1,%al
-0xfc36:  out%al,$0x80
-0xfc38:  xor%eax,%eax
+0xfc31:  movl %eax, %ebp
+0xfc34:  movb $1, %al
+0xfc36:  outb %al, $0x80
+0xfc38:  xorl %eax, %eax

 IN:
 0x000fd5b8:  cli
 0x000fd5b9:  cld
-0x000fd5ba:  push   %ds
-0x000fd5bb:  push   %eax
+0x000fd5ba:  pushw%ds
+0x000fd5bb:  pushl%eax
-0x000fd5bd:  mov$0xe000,%eax
-0x000fd5c3:  mov%ax,%ds
-0x000fd5c5:  mov0xf2f8,%eax
+0x000fd5bd:  movl $0xe000, %eax
+0x000fd5c3:  movw %ax, %ds
+0x000fd5c5:  movl 0xf2f8, %eax
+0x000fd5c9:  subl $0x28, %eax
-0x000fd5c9:  sub$0x28,%eax
+0x000fd5cd:  popl 0x1c(%eax)
+0x000fd5d2:  popw (%eax)
-0x000fd5cd:  addr32 popl 0x1c(%eax)
-0x000fd5d2:  addr32 popw (%eax)

For i386, arm, mips32/64:
Tested-by: Philippe Mathieu-Daudé 

This series but patch 4/10:
Reviewed-by: Philippe Mathieu-Daudé 

Regards,

Phil.

Re: [Qemu-devel] [PATCH 04/10] disas: Support the Capstone disassembler library

[Philippe Mathieu-Daudé]

Hi Richard,

see inlined comments.

On 09/14/2017 03:35 PM, Richard Henderson wrote:

If configured, prefer this over our rather dated copy of the
GPLv2-only binutils.  This will be especially apparent with
the proposed vector extensions to TCG, as disas/i386.c does
not handle AVX.

Signed-off-by: Richard Henderson 
---
  include/disas/bfd.h  |  4 ++
  include/disas/capstone.h | 38 +++
  disas.c  | 99 ++--
  configure| 17 +
  4 files changed, 146 insertions(+), 12 deletions(-)
  create mode 100644 include/disas/capstone.h

diff --git a/include/disas/bfd.h b/include/disas/bfd.h
index b01e002b4c..0f4ecdeb88 100644
--- a/include/disas/bfd.h
+++ b/include/disas/bfd.h
@@ -377,6 +377,10 @@ typedef struct disassemble_info {
/* Command line options specific to the target disassembler.  */
char * disassembler_options;
  
+  /* Options for Capstone disassembly.  */

+  int cap_arch;
+  int cap_mode;
+
  } disassemble_info;
  
  

diff --git a/include/disas/capstone.h b/include/disas/capstone.h
new file mode 100644
index 00..84e214956d
--- /dev/null
+++ b/include/disas/capstone.h
@@ -0,0 +1,38 @@
+#ifndef QEMU_CAPSTONE_H
+#define QEMU_CAPSTONE_H 1
+
+#ifdef CONFIG_CAPSTONE
+
+#include 
+
+#else
+
+/* Just enough to allow backends to init without ifdefs.  */
+
+#define CS_ARCH_ARM -1
+#define CS_ARCH_ARM64   -1
+#define CS_ARCH_MIPS-1
+#define CS_ARCH_X86 -1
+#define CS_ARCH_PPC -1
+#define CS_ARCH_SPARC   -1
+#define CS_ARCH_SYSZ-1
+
+#define CS_MODE_LITTLE_ENDIAN0
+#define CS_MODE_BIG_ENDIAN   0
+#define CS_MODE_ARM  0
+#define CS_MODE_16   0
+#define CS_MODE_32   0
+#define CS_MODE_64   0
+#define CS_MODE_THUMB0
+#define CS_MODE_MCLASS   0
+#define CS_MODE_V8   0
+#define CS_MODE_MICRO0
+#define CS_MODE_MIPS30
+#define CS_MODE_MIPS32R6 0
+#define CS_MODE_MIPSGP64 0
+#define CS_MODE_V9   0
+#define CS_MODE_MIPS32   0
+#define CS_MODE_MIPS64   0
+
+#endif /* CONFIG_CAPSTONE */
+#endif /* QEMU_CAPSTONE_H */
diff --git a/disas.c b/disas.c
index ad675dc361..76ea76b026 100644
--- a/disas.c
+++ b/disas.c
@@ -6,6 +6,7 @@
  
  #include "cpu.h"

  #include "disas/disas.h"
+#include "disas/capstone.h"
  
  typedef struct CPUDebug {

  struct disassemble_info info;
@@ -171,6 +172,57 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
  return print_insn_objdump(pc, info, "OBJD-T");
  }
  
+static bool cap_disas(disassemble_info *info, uint64_t pc, size_t size)


I'd rather use:

..,, target_ulong code, ...

+{


uint64_t pc = (uint64_t)code;


+bool ret = false;


Isn't it cleaner to have a stubs/disas_capstone.c?


+#ifdef CONFIG_CAPSTONE


this check here once:

if (info->cap_arch < 0) {
return false;
}


+csh handle;


cs_err err;


+cs_insn *insn;
+uint8_t *buf;
+const uint8_t *cbuf;
+uint64_t pc_start;
+cs_mode cap_mode = info->cap_mode;
+
+cap_mode += (info->endian == BFD_ENDIAN_BIG ? CS_MODE_BIG_ENDIAN
+ : CS_MODE_LITTLE_ENDIAN);
+


assert(size); ?


+if (cs_open(info->cap_arch, cap_mode, ) != CS_ERR_OK) {


err = cs_open(info->cap_arch, cap_mode, );
if (err != CS_ERR_OK) {
(*info->fprintf_func)(info->stream, "Capstone: %s\n",
  cs_strerror(err));


+goto err0;
+}
+
+/* ??? There probably ought to be a better place to put this.  */


looks fine.


+if (info->cap_arch == CS_ARCH_X86) {
+/* We don't care about errors (if for some reason the library
+   is compiled without AT syntax); the user will just have
+   to deal with the Intel syntax.  */
+cs_option(handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_ATT);
+}
+
+insn = cs_malloc(handle);
+if (insn == NULL) {
+goto err1;
+}
+
+cbuf = buf = g_malloc(size);


if (buf == NULL) {
goto err2;
}


+info->read_memory_func(pc, buf, size, info);
+
+pc_start = pc;
+while (cs_disasm_iter(handle, , , , insn)) {
+(*info->fprintf_func)(info->stream,
+  "0x%08" PRIx64 ":  %-12s %s\n",
+  pc_start, insn->mnemonic, insn->op_str);
+pc_start = pc;
+}
+ret = true;
+


cs_free(insn, 1);
err2:


+g_free(buf);
+ err1:
+cs_close();
+ err0:
+#endif /* CONFIG_CAPSTONE */
+return ret;
+}
+
  /* Disassemble this for me please... (debugging).  */
  void target_disas(FILE *out, CPUState *cpu, target_ulong code,
target_ulong size)
@@ -188,6 +240,8 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
  s.info.buffer_vma = code;
  s.info.buffer_length = size;
  s.info.print_address_func = 

Re: [Qemu-devel] [RFC 00/15] QMP: out-of-band (OOB) execution support

[Peter Xu]

On Thu, Sep 14, 2017 at 07:53:15PM +0100, Dr. David Alan Gilbert wrote:
> * Marc-André Lureau (marcandre.lur...@gmail.com) wrote:
> > Hi
> > 
> > On Thu, Sep 14, 2017 at 9:50 AM, Peter Xu  wrote:
> > > This series was born from this one:
> > >
> > >   https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04310.html
> > >
> > > The design comes from Markus, and also the whole-bunch-of discussions
> > > in previous thread.  My heartful thanks to Markus, Daniel, Dave,
> > > Stefan, etc. on discussing the topic (...again!), providing shiny
> > > ideas and suggestions.  Finally we got such a solution that seems to
> > > satisfy everyone.
> > >
> > > I re-started the versioning since this series is totally different
> > > from previous one.  Now it's version 1.
> > >
> > > In case new reviewers come along the way without reading previous
> > > discussions, I will try to do a summary on what this is all about.
> > >
> > > What is OOB execution?
> > > ==
> > >
> > > It's the shortcut of Out-Of-Band execution, its name is given by
> > > Markus.  It's a way to quickly execute a QMP request.  Say, originally
> > > QMP is going throw these steps:
> > >
> > >   JSON Parser --> QMP Dispatcher --> Respond
> > >   /|\(2)(3) |
> > >(1) |   \|/ (4)
> > >+-  main thread  +
> > >
> > > The requests are executed by the so-called QMP-dispatcher after the
> > > JSON is parsed.  If OOB is on, we run the command directly in the
> > > parser and quickly returns.
> > 
> > All commands should have the "id" field mandatory in this case, else
> > the client will not distinguish the replies coming from the last/oob
> > and the previous commands.
> > 
> > This should probably be enforced upfront by client capability checks,
> > more below.

Hmm yes since the oob commands are actually running in async way,
request ID should be needed here.  However I'm not sure whether
enabling the whole "request ID" thing is too big for this "try to be
small" oob change... And IMHO it suites better to be part of the whole
async work (no matter which implementation we'll use).

How about this: we make "id" mandatory for "run-oob" requests only.
For oob commands, they will always have ID then no ordering issue, and
we can do it async; for the rest of non-oob commands, we still allow
them to go without ID, and since they are not oob, they'll always be
done in order as well.  Would this work?

> > 
> > > Yeah I know in current code the parser calls dispatcher directly
> > > (please see handle_qmp_command()).  However it's not true again after
> > > this series (parser will has its own IO thread, and dispatcher will
> > > still be run in main thread).  So this OOB does brings something
> > > different.
> > >
> > > There are more details on why OOB and the difference/relationship
> > > between OOB, async QMP, block/general jobs, etc.. but IMHO that's
> > > slightly out of topic (and believe me, it's not easy for me to
> > > summarize that).  For more information, please refers to [1].
> > >
> > > Summary ends here.
> > >
> > > Some Implementation Details
> > > ===
> > >
> > > Again, I mentioned that the old QMP workflow is this:
> > >
> > >   JSON Parser --> QMP Dispatcher --> Respond
> > >   /|\(2)(3) |
> > >(1) |   \|/ (4)
> > >+-  main thread  +
> > >
> > > What this series does is, firstly:
> > >
> > >   JSON Parser QMP Dispatcher --> Respond
> > >   /|\ |   /|\   (4) |
> > >|  | (2)| (3)|  (5)
> > >(1) |  +->  |   \|/
> > >+-  main thread  <---+
> > >
> > > And further:
> > >
> > >queue/kick
> > >  JSON Parser ==> QMP Dispatcher --> Respond
> > >  /|\ | (3)   /|\(4)|
> > >   (1) |  | (2)||  (5)
> > >   | \|/   |   \|/
> > > IO thread main thread  <---+
> > 
> > Is the queue per monitor or per client?

The queue is currently global. I think yes maybe at least we can do it
per monitor, but I am not sure whether that is urgent or can be
postponed.  After all now QMPRequest (please refer to patch 11) is
defined as (mon, id, req) tuple, so at least "id" namespace is
per-monitor.

> > And is the dispatching going
> > to be processed even if the client is disconnected, and are new
> > clients going to receive the replies from previous clients
> > commands?

[1]

(will discuss together below)

> > I
> > believe there should be a per-client context, so there won't be "id"
> > request conflicts.

I'd say I am not familiar with this "client" idea, since after all
IMHO one monitor is currently designed to mostly work with a single
client. Say, unix sockets, 

Re: [Qemu-devel] [PULL 00/18] ppc-for-2.11 queue 20170915

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULL 00/18] ppc-for-2.11 queue 20170915
Message-id: 20170915035130.8354-1-da...@gibson.dropbear.id.au
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
872afb4d17 ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr()
7a25c28fcc spapr_events: use QTAILQ_FOREACH_SAFE() in 
spapr_clear_pending_events()
925177495a spapr_cpu_core: cleaning up qdev_get_machine() calls
e0a96b5c4d spapr_pci: don't create 64-bit MMIO window if we don't need to
1851b264d5 spapr_pci: convert sprintf() to g_strdup_printf()
e62bfeb753 spapr_cpu_core: fail gracefully with non-pseries machine types
d68c815c09 xics: fix several error leaks
165724544b vfio, spapr: Fix levels calculation
e0d3f60741 spapr_pci: handle FDT creation errors with _FDT()
9d82d580aa spapr_pci: use the common _FDT() helper
fe74e07d9f spapr: fix CAS-generated reset
53b3f63411 ppc/xive: fix OV5_XIVE_EXPLOIT bits
48ced9b1af spapr: only update SDR1 once per-cpu during CAS
868444ad8c spapr_pci: use g_strdup_printf()
dbfa7f0124 spapr_pci: drop useless check in spapr_populate_pci_child_dt()
2d5463163b spapr_pci: drop useless check in spapr_phb_vfio_get_loc_code()
0d760c3eed hw/ppc/spapr.c: cleaning up qdev_get_machine() calls
2add13654e net: Add SunGEM device emulation as found on Apple UniNorth

=== OUTPUT BEGIN ===
Checking PATCH 1/18: net: Add SunGEM device emulation as found on Apple 
UniNorth...
Checking PATCH 2/18: hw/ppc/spapr.c: cleaning up qdev_get_machine() calls...
Checking PATCH 3/18: spapr_pci: drop useless check in 
spapr_phb_vfio_get_loc_code()...
Checking PATCH 4/18: spapr_pci: drop useless check in 
spapr_populate_pci_child_dt()...
Checking PATCH 5/18: spapr_pci: use g_strdup_printf()...
Checking PATCH 6/18: spapr: only update SDR1 once per-cpu during CAS...
Checking PATCH 7/18: ppc/xive: fix OV5_XIVE_EXPLOIT bits...
Checking PATCH 8/18: spapr: fix CAS-generated reset...
Checking PATCH 9/18: spapr_pci: use the common _FDT() helper...
Checking PATCH 10/18: spapr_pci: handle FDT creation errors with _FDT()...
Checking PATCH 11/18: vfio, spapr: Fix levels calculation...
Checking PATCH 12/18: xics: fix several error leaks...
Checking PATCH 13/18: spapr_cpu_core: fail gracefully with non-pseries machine 
types...
Checking PATCH 14/18: spapr_pci: convert sprintf() to g_strdup_printf()...
Checking PATCH 15/18: spapr_pci: don't create 64-bit MMIO window if we don't 
need to...
ERROR: spaces required around that '-' (ctx:VxV)
#55: FILE: hw/ppc/spapr_pci.c:1625:
+if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
^

ERROR: spaces required around that '-' (ctx:VxV)
#62: FILE: hw/ppc/spapr_pci.c:1632:
+if (sphb->mem64_win_addr != (hwaddr)-1) {
 ^

total: 2 errors, 0 warnings, 26 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 16/18: spapr_cpu_core: cleaning up qdev_get_machine() calls...
Checking PATCH 17/18: spapr_events: use QTAILQ_FOREACH_SAFE() in 
spapr_clear_pending_events()...
Checking PATCH 18/18: ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr()...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PULL 12/18] xics: fix several error leaks

[David Gibson]

From: Greg Kurz 

If object_property_get_link() fails then it allocates an error, which
must be freed before returning. The error_get_pretty() function is
merely an accessor to the error message and doesn't free anything.

The error.h header indicates how to do it right:

 * Pass an existing error to the caller with the message modified:
 * error_propagate(errp, err);
 * error_prepend(errp, "Could not frobnicate '%s': ", name);

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/intc/xics.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index a84ba51ad8..80c33be02e 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -306,8 +306,8 @@ static void icp_realize(DeviceState *dev, Error **errp)
 
 obj = object_property_get_link(OBJECT(dev), ICP_PROP_XICS, );
 if (!obj) {
-error_setg(errp, "%s: required link '" ICP_PROP_XICS "' not found: %s",
-   __func__, error_get_pretty(err));
+error_propagate(errp, err);
+error_prepend(errp, "required link '" ICP_PROP_XICS "' not found: ");
 return;
 }
 
@@ -315,8 +315,8 @@ static void icp_realize(DeviceState *dev, Error **errp)
 
 obj = object_property_get_link(OBJECT(dev), ICP_PROP_CPU, );
 if (!obj) {
-error_setg(errp, "%s: required link '" ICP_PROP_CPU "' not found: %s",
-   __func__, error_get_pretty(err));
+error_propagate(errp, err);
+error_prepend(errp, "required link '" ICP_PROP_CPU "' not found: ");
 return;
 }
 
@@ -641,8 +641,8 @@ static void ics_base_realize(DeviceState *dev, Error **errp)
 
 obj = object_property_get_link(OBJECT(dev), ICS_PROP_XICS, );
 if (!obj) {
-error_setg(errp, "%s: required link '" ICS_PROP_XICS "' not found: %s",
-   __func__, error_get_pretty(err));
+error_propagate(errp, err);
+error_prepend(errp, "required link '" ICS_PROP_XICS "' not found: ");
 return;
 }
 ics->xics = XICS_FABRIC(obj);
-- 
2.13.5

[Qemu-devel] [PULL 13/18] spapr_cpu_core: fail gracefully with non-pseries machine types

[David Gibson]

From: Greg Kurz 

Since commit 7cca3e466eb0 ("ppc: spapr: Move VCPU ID calculation into
sPAPR"), QEMU aborts when started with a *-spapr-cpu-core device and
a non-pseries machine.

Let's rely on the already existing call to object_dynamic_cast() instead
of using the SPAPR_MACHINE() macro.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_cpu_core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 85037ef71e..3f7ef20910 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -213,7 +213,7 @@ error:
 
 static void spapr_cpu_core_realize(DeviceState *dev, Error **errp)
 {
-sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+sPAPRMachineState *spapr;
 sPAPRCPUCore *sc = SPAPR_CPU_CORE(OBJECT(dev));
 sPAPRCPUCoreClass *scc = SPAPR_CPU_CORE_GET_CLASS(OBJECT(dev));
 CPUCore *cc = CPU_CORE(OBJECT(dev));
@@ -223,7 +223,8 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error 
**errp)
 void *obj;
 int i, j;
 
-if (!object_dynamic_cast(qdev_get_machine(), TYPE_SPAPR_MACHINE)) {
+spapr = (sPAPRMachineState *) qdev_get_machine();
+if (!object_dynamic_cast((Object *) spapr, TYPE_SPAPR_MACHINE)) {
 error_setg(errp, "spapr-cpu-core needs a pseries machine");
 return;
 }
-- 
2.13.5

[Qemu-devel] [PULL 17/18] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()

[David Gibson]

From: Greg Kurz 

QTAILQ_FOREACH_SAFE() must be used when removing the current element
inside the loop block.

This fixes a user-after-free error introduced by commit 56258174238eb
and reported by Coverity (CID 1381017).

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_events.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 66b8164f30..e377fc7dde 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState 
*spapr,
 
 void spapr_clear_pending_events(sPAPRMachineState *spapr)
 {
-sPAPREventLogEntry *entry = NULL;
+sPAPREventLogEntry *entry = NULL, *next_entry;
 
-QTAILQ_FOREACH(entry, >pending_events, next) {
+QTAILQ_FOREACH_SAFE(entry, >pending_events, next, next_entry) {
 QTAILQ_REMOVE(>pending_events, entry, next);
 g_free(entry->extended_log);
 g_free(entry);
-- 
2.13.5

[Qemu-devel] [PULL 10/18] spapr_pci: handle FDT creation errors with _FDT()

[David Gibson]

From: Greg Kurz 

libfdt failures when creating the FDT should cause QEMU to terminate.

Let's use the _FDT() macro which does just that instead of propagating
the error to the caller. spapr_populate_pci_child_dt() no longer needs
to return a value in this case.

Note that, on the way, this get rids of the following nonsensical lines:

g_assert(!ret);
if (ret) {

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 30 +++---
 1 file changed, 7 insertions(+), 23 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index abb9f05e7b..75cd939223 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1204,12 +1204,12 @@ static gchar *pci_get_node_name(PCIDevice *dev)
 static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState *phb,
 PCIDevice *pdev);
 
-static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
+static void spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
sPAPRPHBState *sphb)
 {
 ResourceProps rp;
 bool is_bridge = false;
-int pci_status, err;
+int pci_status;
 char *buf = NULL;
 uint32_t drc_index = spapr_phb_get_pci_drc_index(sphb, dev);
 uint32_t ccode = pci_default_read_config(dev, PCI_CLASS_PROG, 3);
@@ -1274,11 +1274,8 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
  ccode & 0xff)));
 
 buf = spapr_phb_get_loc_code(sphb, dev);
-err = fdt_setprop_string(fdt, offset, "ibm,loc-code", buf);
+_FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf));
 g_free(buf);
-if (err < 0) {
-return err;
-}
 
 if (drc_index) {
 _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
@@ -1306,27 +1303,21 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
 if (sphb->pcie_ecs && pci_is_express(dev)) {
 _FDT(fdt_setprop_cell(fdt, offset, "ibm,pci-config-space-type", 0x1));
 }
-
-return 0;
 }
 
 /* create OF node for pci device and required OF DT properties */
 static int spapr_create_pci_child_dt(sPAPRPHBState *phb, PCIDevice *dev,
  void *fdt, int node_offset)
 {
-int offset, ret;
+int offset;
 gchar *nodename;
 
 nodename = pci_get_node_name(dev);
-offset = fdt_add_subnode(fdt, node_offset, nodename);
+_FDT(offset = fdt_add_subnode(fdt, node_offset, nodename));
 g_free(nodename);
 
-ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb);
+spapr_populate_pci_child_dt(dev, fdt, offset, phb);
 
-g_assert(!ret);
-if (ret) {
-return 0;
-}
 return offset;
 }
 
@@ -1416,10 +1407,6 @@ static void spapr_pci_plug(HotplugHandler *plug_handler,
 
 fdt = create_device_tree(_size);
 fdt_start_offset = spapr_create_pci_child_dt(phb, pdev, fdt, 0);
-if (!fdt_start_offset) {
-error_setg(_err, "Failed to create pci child device tree node");
-goto out;
-}
 
 spapr_drc_attach(drc, DEVICE(pdev), fdt, fdt_start_offset, _err);
 if (local_err) {
@@ -2114,11 +2101,8 @@ int spapr_populate_pci_dt(sPAPRPHBState *phb,
 
 /* Start populating the FDT */
 nodename = g_strdup_printf("pci@%" PRIx64, phb->buid);
-bus_off = fdt_add_subnode(fdt, 0, nodename);
+_FDT(bus_off = fdt_add_subnode(fdt, 0, nodename));
 g_free(nodename);
-if (bus_off < 0) {
-return bus_off;
-}
 
 /* Write PHB properties */
 _FDT(fdt_setprop_string(fdt, bus_off, "device_type", "pci"));
-- 
2.13.5

Re: [Qemu-devel] [RFC 00/15] QMP: out-of-band (OOB) execution support

[Peter Xu]

On Thu, Sep 14, 2017 at 07:56:04PM +0100, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > This series was born from this one:
> > 
> >   https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04310.html
> 
> Are patches 1..6 separable and mergable without the rest ?

Yes I think so.

(I was always trying to put pre-requisite patches like these ones at
 the front of any of my series rather than separating them into more
 series, since I thought it is convenient for me to manage them (or
 add new ones when respin), and also easier for reviewers (so people
 don't need to try to find the dependencies).  And since I put them at
 the head, we can easily merge them without rebasing issue when they
 are good while the rest may still need further work.  Hopefully this
 is the right thing to do.)

-- 
Peter Xu

[Qemu-devel] [PULL 15/18] spapr_pci: don't create 64-bit MMIO window if we don't need to

[David Gibson]

From: Greg Kurz 

When running a pseries-2.2 or older machine type, we get the following
lines in info mtree:

address-space: memory
...
- (prio 0, i/o): alias
 pci@8002000.mmio64-alias @p...@8002000.mmio
  -

address-space: cpu-memory
...
- (prio 0, i/o): alias
 pci@8002000.mmio64-alias @p...@8002000.mmio
  -

The same thing occurs when running a pseries-2.7 with

-global spapr-pci-host-bridge.mem_win_size=2147483648

This happens because we always create a 64-bit MMIO window, even if
we didn't explicitely requested it (ie, mem64_win_size == 0) and the
32-bit window is below 2GiB. It doesn't seem to have an impact on the
guest though because spapr_populate_pci_dt() doesn't advertise the
bogus windows when mem64_win_size == 0.

Since these memory regions don't induce any state, we can safely
choose to not create them when their address is equal to -1,
without breaking migration from existing setups.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 7d84b9766e..cf54160526 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1622,13 +1622,19 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
 >mem32window);
 
-namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
-memory_region_init_alias(>mem64window, OBJECT(sphb),
- namebuf, >memspace,
- sphb->mem64_win_pciaddr, sphb->mem64_win_size);
-g_free(namebuf);
-memory_region_add_subregion(get_system_memory(), sphb->mem64_win_addr,
->mem64window);
+if (sphb->mem64_win_pciaddr != (hwaddr)-1) {
+namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
+memory_region_init_alias(>mem64window, OBJECT(sphb),
+ namebuf, >memspace,
+ sphb->mem64_win_pciaddr, 
sphb->mem64_win_size);
+g_free(namebuf);
+
+if (sphb->mem64_win_addr != (hwaddr)-1) {
+memory_region_add_subregion(get_system_memory(),
+sphb->mem64_win_addr,
+>mem64window);
+}
+}
 
 /* Initialize IO regions */
 namebuf = g_strdup_printf("%s.io", sphb->dtbusname);
-- 
2.13.5

[Qemu-devel] [PULL 09/18] spapr_pci: use the common _FDT() helper

[David Gibson]

From: Greg Kurz 

All other users in hw/ppc already consider an error when building
the FDT to be fatal, even on hotplug paths. There's no valid reason
for spapr_pci to behave differently. So let's used the common _FDT()
helper which terminates QEMU when libfdt fails.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 6da73fe6bc..abb9f05e7b 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -40,7 +40,7 @@
 #include "trace.h"
 #include "qemu/error-report.h"
 #include "qapi/qmp/qerror.h"
-
+#include "hw/ppc/fdt.h"
 #include "hw/pci/pci_bridge.h"
 #include "hw/pci/pci_bus.h"
 #include "hw/pci/pci_ids.h"
@@ -61,14 +61,6 @@
 #define RTAS_TYPE_MSI   1
 #define RTAS_TYPE_MSIX  2
 
-#define _FDT(exp) \
-do { \
-int ret = (exp);   \
-if (ret < 0) { \
-return ret;\
-}  \
-} while (0)
-
 sPAPRPHBState *spapr_pci_find_phb(sPAPRMachineState *spapr, uint64_t buid)
 {
 sPAPRPHBState *sphb;
-- 
2.13.5

[Qemu-devel] [PULL 16/18] spapr_cpu_core: cleaning up qdev_get_machine() calls

[David Gibson]

From: Greg Kurz 

This patch removes the qdev_get_machine() calls that are made
in spapr_cpu_core.c in situations where we can get an existing
pointer for the MachineState by either passing it as an argument
to the function or by using other already available pointers.

Credits to Daniel Henrique Barboza for the idea and the changelog
text.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_cpu_core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 3f7ef20910..c08ee7571a 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -174,10 +174,10 @@ static void spapr_cpu_core_unrealizefn(DeviceState *dev, 
Error **errp)
 g_free(sc->threads);
 }
 
-static void spapr_cpu_core_realize_child(Object *child, Error **errp)
+static void spapr_cpu_core_realize_child(Object *child,
+ sPAPRMachineState *spapr, Error 
**errp)
 {
 Error *local_err = NULL;
-sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 CPUState *cs = CPU(child);
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 Object *obj;
@@ -266,7 +266,7 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error 
**errp)
 for (j = 0; j < cc->nr_threads; j++) {
 obj = sc->threads + j * size;
 
-spapr_cpu_core_realize_child(obj, _err);
+spapr_cpu_core_realize_child(obj, spapr, _err);
 if (local_err) {
 goto err;
 }
-- 
2.13.5

[Qemu-devel] [PULL 07/18] ppc/xive: fix OV5_XIVE_EXPLOIT bits

[David Gibson]

From: Cédric Le Goater 

On POWER9, the Client Architecture Support (CAS) negotiation process
determines whether the guest operates in XIVE Legacy compatibility or
in XIVE exploitation mode. Now that we have initial guest support for
the XIVE interrupt controller, let's fix the bits definition which have
evolved in the latest specs.

The platform advertises the XIVE Exploitation Mode support using the
property "ibm,arch-vec-5-platform-support-vec-5", byte 23 bits 0-1 :

 - 0b00 XIVE legacy mode Only
 - 0b01 XIVE exploitation mode Only
 - 0b10 XIVE legacy or exploitation mode

The OS asks for XIVE Exploitation Mode support using the property
"ibm,architecture-vec-5", byte 23 bits 0-1:

 - 0b00 XIVE legacy mode Only
 - 0b01 XIVE exploitation mode Only

Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c  | 2 +-
 include/hw/ppc/spapr_ovec.h | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 06a008b43c..f680f28a15 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -937,7 +937,7 @@ static void spapr_dt_ov5_platform_support(void *fdt, int 
chosen)
 PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
 
 char val[2 * 4] = {
-23, 0x00, /* Xive mode: 0 = legacy (as in ISA 2.7), 1 = Exploitation */
+23, 0x00, /* Xive mode, filled in below. */
 24, 0x00, /* Hash/Radix, filled in below. */
 25, 0x00, /* Hash options: Segment Tables == no, GTSE == no. */
 26, 0x40, /* Radix options: GTSE == yes. */
diff --git a/include/hw/ppc/spapr_ovec.h b/include/hw/ppc/spapr_ovec.h
index 9edfa5ff75..bf25e5d954 100644
--- a/include/hw/ppc/spapr_ovec.h
+++ b/include/hw/ppc/spapr_ovec.h
@@ -51,7 +51,8 @@ typedef struct sPAPROptionVector sPAPROptionVector;
 #define OV5_FORM1_AFFINITY  OV_BIT(5, 0)
 #define OV5_HP_EVT  OV_BIT(6, 5)
 #define OV5_HPT_RESIZE  OV_BIT(6, 7)
-#define OV5_XIVE_EXPLOITOV_BIT(23, 7)
+#define OV5_XIVE_BOTH   OV_BIT(23, 0)
+#define OV5_XIVE_EXPLOITOV_BIT(23, 1) /* 1=exploitation 0=legacy */
 
 /* ISA 3.00 MMU features: */
 #define OV5_MMU_BOTHOV_BIT(24, 0) /* Radix and hash */
-- 
2.13.5

[Qemu-devel] [PULL 01/18] net: Add SunGEM device emulation as found on Apple UniNorth

[David Gibson]

From: Benjamin Herrenschmidt 

This adds a simplistic emulation of the Sun GEM ethernet controller
found in Apple ASICs.

Currently we only support the Apple UniNorth 1.x variant, but the
other Apple or Sun variants should mostly be a matter of adding
PCI IDs options.

We have a very primitive emulation of a single Broadcom 5201 PHY
which is supported by the MacOS driver.

This model brings out-of-the-box networking to MacOS 9, and all
versions of OS X I tried with the mac99 platform.

Further improvements from Mark:
- Remove sungem.h file, moving constants into sungem.c as required
- Switch to using tracepoints for debugging
- Split register blocks into separate memory regions
- Use arrays in SunGEMState to hold register values
- Add state-saving support

Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 default-configs/ppc-softmmu.mak |1 +
 hw/net/Makefile.objs|1 +
 hw/net/sungem.c | 1447 +++
 hw/net/trace-events |   44 ++
 hw/pci/pci.c|2 +
 include/hw/pci/pci_ids.h|1 +
 6 files changed, 1496 insertions(+)
 create mode 100644 hw/net/sungem.c

diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
index d4d44eb66b..a3972c55fe 100644
--- a/default-configs/ppc-softmmu.mak
+++ b/default-configs/ppc-softmmu.mak
@@ -18,6 +18,7 @@ CONFIG_PREP_PCI=y
 CONFIG_I82378=y
 CONFIG_PC87312=y
 CONFIG_MACIO=y
+CONFIG_SUNGEM=y
 CONFIG_PCSPK=y
 CONFIG_CS4231A=y
 CONFIG_CUDA=y
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index 5ddaffe63a..7e87d0176b 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -27,6 +27,7 @@ common-obj-$(CONFIG_CADENCE) += cadence_gem.o
 common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
 common-obj-$(CONFIG_LANCE) += lance.o
 common-obj-$(CONFIG_FTGMAC100) += ftgmac100.o
+common-obj-$(CONFIG_SUNGEM) += sungem.o
 
 obj-$(CONFIG_ETRAXFS) += etraxfs_eth.o
 obj-$(CONFIG_COLDFIRE) += mcf_fec.o
diff --git a/hw/net/sungem.c b/hw/net/sungem.c
new file mode 100644
index 00..dffa0c90f3
--- /dev/null
+++ b/hw/net/sungem.c
@@ -0,0 +1,1447 @@
+/*
+ * QEMU model of SUN GEM ethernet controller
+ *
+ * As found in Apple ASICs among others
+ *
+ * Copyright 2016 Ben Herrenschmidt
+ * Copyright 2017 Mark Cave-Ayland
+ */
+
+#include "qemu/osdep.h"
+#include "hw/pci/pci.h"
+#include "qemu/log.h"
+#include "net/net.h"
+#include "net/checksum.h"
+#include "hw/net/mii.h"
+#include "sysemu/sysemu.h"
+#include "trace.h"
+/* For crc32 */
+#include 
+
+#define TYPE_SUNGEM "sungem"
+
+#define SUNGEM(obj) OBJECT_CHECK(SunGEMState, (obj), TYPE_SUNGEM)
+
+#define MAX_PACKET_SIZE 9016
+
+#define SUNGEM_MMIO_SIZE0x20
+
+/* Global registers */
+#define SUNGEM_MMIO_GREG_SIZE   0x2000
+
+#define GREG_SEBSTATE 0xUL/* SEB State Register */
+
+#define GREG_STAT 0x000CUL/* Status Register */
+#define GREG_STAT_TXINTME 0x0001/* TX INTME frame transferred */
+#define GREG_STAT_TXALL   0x0002/* All TX frames transferred */
+#define GREG_STAT_TXDONE  0x0004/* One TX frame transferred */
+#define GREG_STAT_RXDONE  0x0010/* One RX frame arrived */
+#define GREG_STAT_RXNOBUF 0x0020/* No free RX buffers available */
+#define GREG_STAT_RXTAGERR0x0040/* RX tag framing is corrupt */
+#define GREG_STAT_TXMAC   0x4000/* TX MAC signalled interrupt */
+#define GREG_STAT_RXMAC   0x8000/* RX MAC signalled interrupt */
+#define GREG_STAT_MAC 0x0001/* MAC Control signalled irq */
+#define GREG_STAT_TXNR0xfff8/* == TXDMA_TXDONE reg val */
+#define GREG_STAT_TXNR_SHIFT  19
+
+/* These interrupts are edge latches in the status register,
+ * reading it (or writing the corresponding bit in IACK) will
+ * clear them
+ */
+#define GREG_STAT_LATCH   (GREG_STAT_TXALL  | GREG_STAT_TXINTME | \
+   GREG_STAT_RXDONE | GREG_STAT_RXDONE |  \
+   GREG_STAT_RXNOBUF | GREG_STAT_RXTAGERR)
+
+#define GREG_IMASK0x0010UL/* Interrupt Mask Register */
+#define GREG_IACK 0x0014UL/* Interrupt ACK Register */
+#define GREG_STAT20x001CUL/* Alias of GREG_STAT */
+#define GREG_PCIESTAT 0x1000UL/* PCI Error Status Register */
+#define GREG_PCIEMASK 0x1004UL/* PCI Error Mask Register */
+
+#define GREG_SWRST0x1010UL/* Software Reset Register */
+#define GREG_SWRST_TXRST  0x0001/* TX Software Reset */
+#define GREG_SWRST_RXRST  0x0002/* RX Software Reset */
+#define GREG_SWRST_RSTOUT 0x0004/* Force RST# pin active */
+
+/* TX DMA Registers */
+#define SUNGEM_MMIO_TXDMA_SIZE   0x1000
+
+#define TXDMA_KICK0xUL/* TX 

[Qemu-devel] [PULL 18/18] ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr()

[David Gibson]

From: Greg Kurz 

If the host has both KVM PR and KVM HV loaded and we pass:

-machine pseries,accel=kvm,kvm-type=PR

the kvmppc_is_pr() returns false instead of true. Since the helper
is mostly used as fallback, it doesn't have any real impact with
recent kernels. A notable exception is the workaround to allow
migration between compatible hosts with different PVRs (eg, POWER8
and POWER8E), since KVM still doesn't provide a way to check if a
specific PVR is supported (see commit c363a37a450f for details).

According to the official KVM API documentation [1], KVM_PPC_GET_PVINFO
is "vm ioctl", but we check it as a global ioctl. The following function
in KVM is hence called with kvm == NULL and considers we're in HV mode.

int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
{
int r;
/* Assume we're using HV mode when the HV module is loaded */
int hv_enabled = kvmppc_hv_ops ? 1 : 0;

if (kvm) {
/*
 * Hooray - we know which VM type we're running on. Depend on
 * that rather than the guess above.
 */
hv_enabled = is_kvmppc_hv_enabled(kvm);
}

Let's use kvm_vm_check_extension() to fix the issue.

[1] https://www.kernel.org/doc/Documentation/virtual/kvm/api.txt

Signed-off-by: Greg Kurz 
Reviewed-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 target/ppc/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 6442dfcb95..1deaf106d2 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -120,7 +120,7 @@ static void kvm_kick_cpu(void *opaque)
 static bool kvmppc_is_pr(KVMState *ks)
 {
 /* Assume KVM-PR if the GET_PVINFO capability is available */
-return kvm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0;
+return kvm_vm_check_extension(ks, KVM_CAP_PPC_GET_PVINFO) != 0;
 }
 
 static int kvm_ppc_register_host_cpu_type(void);
-- 
2.13.5

[Qemu-devel] [PULL 14/18] spapr_pci: convert sprintf() to g_strdup_printf()

[David Gibson]

From: Greg Kurz 

In order to follow a QEMU common practice.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 21 -
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 75cd939223..7d84b9766e 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1609,34 +1609,37 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 
 sphb->dtbusname = g_strdup_printf("pci@%" PRIx64, sphb->buid);
 
-namebuf = alloca(strlen(sphb->dtbusname) + 32);
-
 /* Initialize memory regions */
-sprintf(namebuf, "%s.mmio", sphb->dtbusname);
+namebuf = g_strdup_printf("%s.mmio", sphb->dtbusname);
 memory_region_init(>memspace, OBJECT(sphb), namebuf, UINT64_MAX);
+g_free(namebuf);
 
-sprintf(namebuf, "%s.mmio32-alias", sphb->dtbusname);
+namebuf = g_strdup_printf("%s.mmio32-alias", sphb->dtbusname);
 memory_region_init_alias(>mem32window, OBJECT(sphb),
  namebuf, >memspace,
  SPAPR_PCI_MEM_WIN_BUS_OFFSET, sphb->mem_win_size);
+g_free(namebuf);
 memory_region_add_subregion(get_system_memory(), sphb->mem_win_addr,
 >mem32window);
 
-sprintf(namebuf, "%s.mmio64-alias", sphb->dtbusname);
+namebuf = g_strdup_printf("%s.mmio64-alias", sphb->dtbusname);
 memory_region_init_alias(>mem64window, OBJECT(sphb),
  namebuf, >memspace,
  sphb->mem64_win_pciaddr, sphb->mem64_win_size);
+g_free(namebuf);
 memory_region_add_subregion(get_system_memory(), sphb->mem64_win_addr,
 >mem64window);
 
 /* Initialize IO regions */
-sprintf(namebuf, "%s.io", sphb->dtbusname);
+namebuf = g_strdup_printf("%s.io", sphb->dtbusname);
 memory_region_init(>iospace, OBJECT(sphb),
namebuf, SPAPR_PCI_IO_WIN_SIZE);
+g_free(namebuf);
 
-sprintf(namebuf, "%s.io-alias", sphb->dtbusname);
+namebuf = g_strdup_printf("%s.io-alias", sphb->dtbusname);
 memory_region_init_alias(>iowindow, OBJECT(sphb), namebuf,
  >iospace, 0, SPAPR_PCI_IO_WIN_SIZE);
+g_free(namebuf);
 memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
 >iowindow);
 
@@ -1654,10 +1657,10 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
  * Later the guest might want to create another DMA window
  * which will become another memory subregion.
  */
-sprintf(namebuf, "%s.iommu-root", sphb->dtbusname);
-
+namebuf = g_strdup_printf("%s.iommu-root", sphb->dtbusname);
 memory_region_init(>iommu_root, OBJECT(sphb),
namebuf, UINT64_MAX);
+g_free(namebuf);
 address_space_init(>iommu_as, >iommu_root,
sphb->dtbusname);
 
-- 
2.13.5

[Qemu-devel] [PULL 02/18] hw/ppc/spapr.c: cleaning up qdev_get_machine() calls

[David Gibson]

From: Daniel Henrique Barboza 

This patch removes the qdev_get_machine() calls that are made in
spapr.c in situations where we can get an existing pointer for
the MachineState by either passing it as an argument to the function
or by using other already available pointers.

The following changes were made:

- spapr_node0_size: static function that is called two times:
at spapr_setup_hpt_and_vrma and ppc_spapr_init. In both cases we can
pass an existing MachineState pointer to it.

- spapr_build_fdt: MachineState pointer can be retrieved from
the existing sPAPRMachineState pointer.

- spapr_boot_set: the opaque in the first arg is a sPAPRMachineState
pointer as we can see inside ppc_spapr_init:

qemu_register_boot_set(spapr_boot_set, spapr);

We can get a MachineState pointer from it.

- spapr_machine_device_plug and spapr_machine_device_unplug_request: the
MachineState, sPAPRMachineState, MachineClass and sPAPRMachineClass pointers
can all be retrieved from the HotplugHandler pointer.

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 19 +--
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index caffa12763..06a008b43c 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -391,10 +391,8 @@ static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState 
*spapr)
 return ret;
 }
 
-static hwaddr spapr_node0_size(void)
+static hwaddr spapr_node0_size(MachineState *machine)
 {
-MachineState *machine = MACHINE(qdev_get_machine());
-
 if (nb_numa_nodes) {
 int i;
 for (i = 0; i < nb_numa_nodes; ++i) {
@@ -1052,7 +1050,7 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
  hwaddr rtas_addr,
  hwaddr rtas_size)
 {
-MachineState *machine = MACHINE(qdev_get_machine());
+MachineState *machine = MACHINE(spapr);
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
 int ret;
@@ -1372,7 +1370,7 @@ void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr)
 spapr_reallocate_hpt(spapr, hpt_shift, _fatal);
 
 if (spapr->vrma_adjust) {
-spapr->rma_size = kvmppc_rma_size(spapr_node0_size(),
+spapr->rma_size = kvmppc_rma_size(spapr_node0_size(MACHINE(spapr)),
   spapr->htab_shift);
 }
 /* We're setting up a hash table, so that means we're not radix */
@@ -2033,7 +2031,7 @@ static SaveVMHandlers savevm_htab_handlers = {
 static void spapr_boot_set(void *opaque, const char *boot_device,
Error **errp)
 {
-MachineState *machine = MACHINE(qdev_get_machine());
+MachineState *machine = MACHINE(opaque);
 machine->boot_order = g_strdup(boot_device);
 }
 
@@ -2235,7 +2233,7 @@ static void ppc_spapr_init(MachineState *machine)
 MemoryRegion *rma_region;
 void *rma = NULL;
 hwaddr rma_alloc_size;
-hwaddr node0_size = spapr_node0_size();
+hwaddr node0_size = spapr_node0_size(machine);
 long load_limit, fw_size;
 char *filename;
 Error *resize_hpt_err = NULL;
@@ -3298,7 +3296,8 @@ out:
 static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
-sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(qdev_get_machine());
+MachineState *ms = MACHINE(hotplug_dev);
+sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(ms);
 
 if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
 int node;
@@ -3347,8 +3346,8 @@ static void spapr_machine_device_plug(HotplugHandler 
*hotplug_dev,
 static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev,
 DeviceState *dev, Error **errp)
 {
-sPAPRMachineState *sms = SPAPR_MACHINE(qdev_get_machine());
-MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
+sPAPRMachineState *sms = SPAPR_MACHINE(OBJECT(hotplug_dev));
+MachineClass *mc = MACHINE_GET_CLASS(sms);
 
 if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
 if (spapr_ovec_test(sms->ov5_cas, OV5_HP_EVT)) {
-- 
2.13.5

[Qemu-devel] [PULL 05/18] spapr_pci: use g_strdup_printf()

[David Gibson]

From: Greg Kurz 

Building strings with g_strdup_printf() instead of snprintf() is
a QEMU common practice.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index cd8efb1812..6da73fe6bc 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -61,8 +61,6 @@
 #define RTAS_TYPE_MSI   1
 #define RTAS_TYPE_MSIX  2
 
-#define FDT_NAME_MAX  128
-
 #define _FDT(exp) \
 do { \
 int ret = (exp);   \
@@ -1194,7 +1192,7 @@ static const char *pci_find_device_name(uint8_t class, 
uint8_t subclass,
 return name;
 }
 
-static void pci_get_node_name(char *nodename, int len, PCIDevice *dev)
+static gchar *pci_get_node_name(PCIDevice *dev)
 {
 int slot = PCI_SLOT(dev->devfn);
 int func = PCI_FUNC(dev->devfn);
@@ -1205,9 +1203,9 @@ static void pci_get_node_name(char *nodename, int len, 
PCIDevice *dev)
 ccode & 0xff);
 
 if (func != 0) {
-snprintf(nodename, len, "%s@%x,%x", name, slot, func);
+return g_strdup_printf("%s@%x,%x", name, slot, func);
 } else {
-snprintf(nodename, len, "%s@%x", name, slot);
+return g_strdup_printf("%s@%x", name, slot);
 }
 }
 
@@ -1325,10 +1323,12 @@ static int spapr_create_pci_child_dt(sPAPRPHBState 
*phb, PCIDevice *dev,
  void *fdt, int node_offset)
 {
 int offset, ret;
-char nodename[FDT_NAME_MAX];
+gchar *nodename;
 
-pci_get_node_name(nodename, FDT_NAME_MAX, dev);
+nodename = pci_get_node_name(dev);
 offset = fdt_add_subnode(fdt, node_offset, nodename);
+g_free(nodename);
+
 ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb);
 
 g_assert(!ret);
@@ -2072,7 +2072,7 @@ int spapr_populate_pci_dt(sPAPRPHBState *phb,
   void *fdt)
 {
 int bus_off, i, j, ret;
-char nodename[FDT_NAME_MAX];
+gchar *nodename;
 uint32_t bus_range[] = { cpu_to_be32(0), cpu_to_be32(0xff) };
 struct {
 uint32_t hi;
@@ -2121,8 +2121,9 @@ int spapr_populate_pci_dt(sPAPRPHBState *phb,
 sPAPRFDT s_fdt;
 
 /* Start populating the FDT */
-snprintf(nodename, FDT_NAME_MAX, "pci@%" PRIx64, phb->buid);
+nodename = g_strdup_printf("pci@%" PRIx64, phb->buid);
 bus_off = fdt_add_subnode(fdt, 0, nodename);
+g_free(nodename);
 if (bus_off < 0) {
 return bus_off;
 }
-- 
2.13.5

[Qemu-devel] [PULL 06/18] spapr: only update SDR1 once per-cpu during CAS

[David Gibson]

From: Greg Kurz 

Commit b55d295e3ec9 added the possibility to support HPT resizing with KVM.
In the case of PR, we need to pass the userspace address of the HPT to KVM
using the SDR1 slot.
This is handled by kvmppc_update_sdr1() which uses CPU_FOREACH() to update
all CPUs. It is hence not needed to call kvmppc_update_sdr1() for each CPU.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 14 +-
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 8b3c0e17e7..6ab8c188f3 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1559,20 +1559,16 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 }
 
 if (spapr->htab_shift < maxshift) {
-CPUState *cs;
-
 /* Guest doesn't know about HPT resizing, so we
  * pre-emptively resize for the maximum permitted RAM.  At
  * the point this is called, nothing should have been
  * entered into the existing HPT */
 spapr_reallocate_hpt(spapr, maxshift, _fatal);
-CPU_FOREACH(cs) {
-if (kvm_enabled()) {
-/* For KVM PR, update the HPT pointer */
-target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab
-| (spapr->htab_shift - 18);
-kvmppc_update_sdr1(sdr1);
-}
+if (kvm_enabled()) {
+/* For KVM PR, update the HPT pointer */
+target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab
+| (spapr->htab_shift - 18);
+kvmppc_update_sdr1(sdr1);
 }
 }
 }
-- 
2.13.5

[Qemu-devel] [PULL 08/18] spapr: fix CAS-generated reset

[David Gibson]

From: Cédric Le Goater 

The OV5_MMU_RADIX_300 requires special handling in the CAS negotiation
process. It is cleared from the option vector of the guest before
evaluating the changes and re-added later. But, when testing for a
possible CAS reset :

spapr->cas_reboot = spapr_ovec_diff(ov5_updates,
ov5_cas_old, spapr->ov5_cas);

the bit OV5_MMU_RADIX_300 will each time be seen as removed from the
previous OV5 set, hence generating a reset loop.

Fix this problem by also clearing the same bit in the ov5_cas_old set.

Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 6ab8c188f3..57bb411394 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1581,6 +1581,13 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
  * to worry about this for now.
  */
 ov5_cas_old = spapr_ovec_clone(spapr->ov5_cas);
+
+/* also clear the radix/hash bit from the current ov5_cas bits to
+ * be in sync with the newly ov5 bits. Else the radix bit will be
+ * seen as being removed and this will generate a reset loop
+ */
+spapr_ovec_clear(ov5_cas_old, OV5_MMU_RADIX_300);
+
 /* full range of negotiated ov5 capabilities */
 spapr_ovec_intersect(spapr->ov5_cas, spapr->ov5, ov5_guest);
 spapr_ovec_cleanup(ov5_guest);
-- 
2.13.5

[Qemu-devel] [PULL 00/18] ppc-for-2.11 queue 20170915

[David Gibson]

The following changes since commit 3dabde1128b671f36ac6cb36b97b273139964420:

  Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20170914' into 
staging (2017-09-14 16:33:02 +0100)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.11-20170915

for you to fetch changes up to 70a0c19e83aa4c71c879d51e426e89e4b3d4e014:

  ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr() (2017-09-15 10:29:48 
+1000)


ppc patch queue 2017-09-15

Here's the current batch of accumulated ppc patches.  These are all
pretty simple bugfixes or cleanups, no big new features here.


Alexey Kardashevskiy (1):
  vfio, spapr: Fix levels calculation

Benjamin Herrenschmidt (1):
  net: Add SunGEM device emulation as found on Apple UniNorth

Cédric Le Goater (2):
  ppc/xive: fix OV5_XIVE_EXPLOIT bits
  spapr: fix CAS-generated reset

Daniel Henrique Barboza (1):
  hw/ppc/spapr.c: cleaning up qdev_get_machine() calls

Greg Kurz (13):
  spapr_pci: drop useless check in spapr_phb_vfio_get_loc_code()
  spapr_pci: drop useless check in spapr_populate_pci_child_dt()
  spapr_pci: use g_strdup_printf()
  spapr: only update SDR1 once per-cpu during CAS
  spapr_pci: use the common _FDT() helper
  spapr_pci: handle FDT creation errors with _FDT()
  xics: fix several error leaks
  spapr_cpu_core: fail gracefully with non-pseries machine types
  spapr_pci: convert sprintf() to g_strdup_printf()
  spapr_pci: don't create 64-bit MMIO window if we don't need to
  spapr_cpu_core: cleaning up qdev_get_machine() calls
  spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()
  ppc/kvm: use kvm_vm_check_extension() in kvmppc_is_pr()

 default-configs/ppc-softmmu.mak |1 +
 hw/intc/xics.c  |   12 +-
 hw/net/Makefile.objs|1 +
 hw/net/sungem.c | 1447 +++
 hw/net/trace-events |   44 ++
 hw/pci/pci.c|2 +
 hw/ppc/spapr.c  |   21 +-
 hw/ppc/spapr_cpu_core.c |   11 +-
 hw/ppc/spapr_events.c   |4 +-
 hw/ppc/spapr_hcall.c|   21 +-
 hw/ppc/spapr_pci.c  |  106 ++-
 hw/vfio/spapr.c |2 +-
 include/hw/pci/pci_ids.h|1 +
 include/hw/ppc/spapr_ovec.h |3 +-
 target/ppc/kvm.c|2 +-
 15 files changed, 1580 insertions(+), 98 deletions(-)
 create mode 100644 hw/net/sungem.c

[Qemu-devel] [PULL 04/18] spapr_pci: drop useless check in spapr_populate_pci_child_dt()

[David Gibson]

From: Greg Kurz 

spapr_phb_get_loc_code() either returns a non-null pointer, or aborts
if g_strdup_printf() failed to allocate memory.

Signed-off-by: Greg Kurz 
[dwg: Grammatical fix to commit message]
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index ef982f2ef3..cd8efb1812 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1282,12 +1282,8 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
 pci_find_device_name((ccode >> 16) & 0xff,
  (ccode >> 8) & 0xff,
  ccode & 0xff)));
-buf = spapr_phb_get_loc_code(sphb, dev);
-if (!buf) {
-error_report("Failed setting the ibm,loc-code");
-return -1;
-}
 
+buf = spapr_phb_get_loc_code(sphb, dev);
 err = fdt_setprop_string(fdt, offset, "ibm,loc-code", buf);
 g_free(buf);
 if (err < 0) {
-- 
2.13.5

[Qemu-devel] [PULL 03/18] spapr_pci: drop useless check in spapr_phb_vfio_get_loc_code()

[David Gibson]

From: Greg Kurz 

g_strdup_printf() either returns a non-null pointer, or aborts if it
failed to allocate memory.

Signed-off-by: Greg Kurz 
[dwg: Grammatical fix to commit message]
Acked-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_pci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index d7880f257a..ef982f2ef3 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -766,7 +766,7 @@ static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState 
*sphb,  PCIDevice *pdev)
 /* Construct the path of the file that will give us the DT location */
 path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
 g_free(host);
-if (!path || !g_file_get_contents(path, , NULL, NULL)) {
+if (!g_file_get_contents(path, , NULL, NULL)) {
 goto err_out;
 }
 g_free(path);
@@ -774,7 +774,7 @@ static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState 
*sphb,  PCIDevice *pdev)
 /* Construct and read from host device tree the loc-code */
 path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
 g_free(buf);
-if (!path || !g_file_get_contents(path, , NULL, NULL)) {
+if (!g_file_get_contents(path, , NULL, NULL)) {
 goto err_out;
 }
 return buf;
-- 
2.13.5

[Qemu-devel] [PULL 11/18] vfio, spapr: Fix levels calculation

[David Gibson]

From: Alexey Kardashevskiy 

The existing tries to round up the number of pages but @pages is always
calculated as the rounded up value minus one  which makes ctz64() always
return 0 and have create.levels always set 1.

This removes wrong "-1" and allows having more than 1 levels. This becomes
handy for >128GB guests with standard 64K pages as this requires blocks
with zone order 9 and the popular limit of CONFIG_FORCE_MAX_ZONEORDER=9
means that only blocks up to order 8 are allowed.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: David Gibson 
---
 hw/vfio/spapr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
index 32fd6a9b54..259397c002 100644
--- a/hw/vfio/spapr.c
+++ b/hw/vfio/spapr.c
@@ -163,7 +163,7 @@ int vfio_spapr_create_window(VFIOContainer *container,
  */
 entries = create.window_size >> create.page_shift;
 pages = MAX((entries * sizeof(uint64_t)) / getpagesize(), 1);
-pages = MAX(pow2ceil(pages) - 1, 1); /* Round up */
+pages = MAX(pow2ceil(pages), 1); /* Round up */
 create.levels = ctz64(pages) / 6 + 1;
 
 ret = ioctl(container->fd, VFIO_IOMMU_SPAPR_TCE_CREATE, );
-- 
2.13.5

Re: [Qemu-devel] [RFC 00/15] QMP: out-of-band (OOB) execution support

[Peter Xu]

On Thu, Sep 14, 2017 at 04:19:11PM +0100, Stefan Hajnoczi wrote:
> On Thu, Sep 14, 2017 at 01:15:09PM +0200, Marc-André Lureau wrote:
> > There should be a limit in the number of requests the thread can
> > queue. Before the patch, the limit was enforced by system socket
> > buffering I think. Now, should oob commands still be processed even if
> > the queue is full? If so, the thread can't be suspended.
> 
> I agree.
> 
> Memory usage must be bounded.  The number of requests is less important
> than the amount of memory consumed by them.
> 
> Existing QMP clients that send multiple QMP commands without waiting for
> replies need to rethink their strategy because OOB commands cannot be
> processed if queued non-OOB commands consume too much memory.

Thanks for pointing out this.  Yes the memory usage problem is valid,
as Markus pointed out as well in previous discussions (in "Flow
Control" section of that long reply).  Hopefully this series basically
can work from design prospective, then I'll add this flow control in
next version.

Regarding to what we should do if the limit is reached: Markus
provided a few options, but the one I prefer most is that we don't
respond, but send an event showing that a command is dropped.
However, I would like it not queued, but a direct reply (after all,
it's an event, and we should not need to care much on ordering of it).
Then we can get rid of the babysitting of those "to be failed"
requests asap, meanwhile we don't lose anything IMHO.

I think I also missed at least a unit test for this new interface.
Again, I'll add it after the whole idea is proved solid.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 1/3] kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension()

[David Gibson]

On Thu, Sep 14, 2017 at 09:25:22PM +0200, Greg Kurz wrote:
> On a server-class ppc host, this capability depends on the KVM type,
> ie, HV or PR. If both KVM are present in the kernel, we will always
> get the HV specific value, even if we explicitely requested PR on
> the command line.
> 
> This can have an impact if we're using hugepages or a balloon device.
> 
> Since we've already created the VM at the time any user calls
> kvm_has_sync_mmu(), switching to kvm_vm_check_extension() is
> enough to fix any potential issue.
> 
> It is okay for the other archs that also implement KVM_CAP_SYNC_MMU,
> ie, mips, s390, x86 and arm, because they don't depend on the VM being
> created or not.
> 
> Signed-off-by: Greg Kurz 

Reviewed-by: David Gibson 

> ---
>  accel/kvm/kvm-all.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index f85553a85194..323c567cfb68 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -2234,7 +2234,7 @@ int kvm_device_access(int fd, int group, uint64_t attr,
>  /* Return 1 on success, 0 on failure */
>  int kvm_has_sync_mmu(void)
>  {
> -return kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
> +return kvm_vm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
>  }
>  
>  int kvm_has_vcpu_events(void)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC 14/15] qmp: support out-of-band (oob) execution

[Peter Xu]

On Thu, Sep 14, 2017 at 04:33:34PM +0100, Stefan Hajnoczi wrote:
> On Thu, Sep 14, 2017 at 03:50:35PM +0800, Peter Xu wrote:
> > diff --git a/docs/devel/qapi-code-gen.txt b/docs/devel/qapi-code-gen.txt
> > index 61fa167..47d16bb 100644
> > --- a/docs/devel/qapi-code-gen.txt
> > +++ b/docs/devel/qapi-code-gen.txt
> > @@ -665,6 +665,16 @@ allowed to run out-of-band can also be introspected 
> > using
> >  query-qmp-schema command.  Please see the section "Client JSON
> >  Protocol introspection" for more information.
> >  
> > +To execute a command in out-of-band way, we need to specify the
> > +"control" field in the request, with "run-oob" set to true. Example:
> > +
> > + => { "execute": "command-support-oob",
> > +  "arguments": { ... },
> > +  "control": { "run-oob": true } }
> > + <= { "return": { } }
> > +
> > +Without it, even the commands that supports out-of-band execution will
> > +still be run in-band.
> 
> Is there a more relevant place to document QMP run-oob behavior than the
> "How to use the QAPI code generator document"?

I agree, but I don't really know it. :(

Markus, could you provide a hint?

> 
> > @@ -3963,6 +3964,16 @@ static void handle_qmp_command(JSONMessageParser 
> > *parser, GQueue *tokens,
> >  req_obj->id = id;
> >  req_obj->req = req;
> >  
> > +if (qmp_is_oob(req)) {
> > +/*
> > + * Trigger fast-path to handle the out-of-band request, by
> > + * executing the command directly in parser.
> > + */
> > +trace_monitor_qmp_cmd_out_of_band(qobject_get_str(req_obj->id));
> > +monitor_qmp_dispatch_one(req_obj);
> > +return;
> > +}
> 
> A "fast-path" is a performance optimization.  OOB is not a performance
> optimization, it changes the semantics of command execution.  Please
> mention the semantics of OOB command execution instead.

I'll remove the "fast-path" wording and try to think out something
better than this comment.  After I know a good place to document, I
can put it there as well.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 2/3] kvm: check KVM_CAP_NR_VCPUS with kvm_vm_check_extension()

[David Gibson]

On Thu, Sep 14, 2017 at 09:25:32PM +0200, Greg Kurz wrote:
1;4803;0c> On a modern server-class ppc host with the following CPU topology:
> 
> Architecture:  ppc64le
> Byte Order:Little Endian
> CPU(s):32
> On-line CPU(s) list:   0,8,16,24
> Off-line CPU(s) list:  1-7,9-15,17-23,25-31
> Thread(s) per core:1
> 
> If both KVM PR and KVM HV loaded and we pass:
> 
> -machine pseries,accel=kvm,kvm-type=PR -smp 8
> 
> We expect QEMU to warn that this exceeds the number of online CPUs:
> 
> Warning: Number of SMP cpus requested (8) exceeds the recommended
>  cpus supported by KVM (4)
> Warning: Number of hotpluggable cpus requested (8) exceeds the
>  recommended cpus supported by KVM (4)
> 
> but nothing is printed...
> 
> This happens because on ppc the KVM_CAP_NR_VCPUS capability is VM
> specific  ndreally depends on the KVM type, but we currently use it
> as a global capability. And KVM returns a fallback value based on
> KVM HV being present. Maybe KVM on POWER shouldn't presume anything
> as long as it doesn't have a VM, but in all cases, we should call
> KVM_CREATE_VM first and use KVM_CAP_NR_VCPUS as a VM capability.
> 
> This patch hence changes kvm_recommended_vcpus() accordingly and
> moves the sanity checking of smp_cpus after the VM creation.
> 
> It is okay for the other archs that also implement KVM_CAP_NR_VCPUS,
> ie, mips, s390, x86 and arm, because they don't depend on the VM
> being created or not.
> 
> Signed-off-by: Greg Kurz 

Reviewed-by: David Gibson 

> ---
>  accel/kvm/kvm-all.c |   45 +++--
>  1 file changed, 23 insertions(+), 22 deletions(-)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index 323c567cfb68..d10534de2da1 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -1533,7 +1533,7 @@ static void kvm_irqchip_create(MachineState *machine, 
> KVMState *s)
>   */
>  static int kvm_recommended_vcpus(KVMState *s)
>  {
> -int ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS);
> +int ret = kvm_vm_check_extension(s, KVM_CAP_NR_VCPUS);
>  return (ret) ? ret : 4;
>  }
>  
> @@ -1623,27 +1623,6 @@ static int kvm_init(MachineState *ms)
>  s->nr_slots = 32;
>  }
>  
> -/* check the vcpu limits */
> -soft_vcpus_limit = kvm_recommended_vcpus(s);
> -hard_vcpus_limit = kvm_max_vcpus(s);
> -
> -while (nc->name) {
> -if (nc->num > soft_vcpus_limit) {
> -fprintf(stderr,
> -"Warning: Number of %s cpus requested (%d) exceeds "
> -"the recommended cpus supported by KVM (%d)\n",
> -nc->name, nc->num, soft_vcpus_limit);
> -
> -if (nc->num > hard_vcpus_limit) {
> -fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
> -"the maximum cpus supported by KVM (%d)\n",
> -nc->name, nc->num, hard_vcpus_limit);
> -exit(1);
> -}
> -}
> -nc++;
> -}
> -
>  kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
>  if (mc->kvm_type) {
>  type = mc->kvm_type(kvm_type);
> @@ -1678,6 +1657,28 @@ static int kvm_init(MachineState *ms)
>  }
>  
>  s->vmfd = ret;
> +
> +/* check the vcpu limits */
> +soft_vcpus_limit = kvm_recommended_vcpus(s);
> +hard_vcpus_limit = kvm_max_vcpus(s);
> +
> +while (nc->name) {
> +if (nc->num > soft_vcpus_limit) {
> +fprintf(stderr,
> +"Warning: Number of %s cpus requested (%d) exceeds "
> +"the recommended cpus supported by KVM (%d)\n",
> +nc->name, nc->num, soft_vcpus_limit);
> +
> +if (nc->num > hard_vcpus_limit) {
> +fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
> +"the maximum cpus supported by KVM (%d)\n",
> +nc->name, nc->num, hard_vcpus_limit);
> +exit(1);
> +}
> +}
> +nc++;
> +}
> +
>  missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
>  if (!missing_cap) {
>  missing_cap =
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 10/10] target/mips: Support Capstone in disas_set_info

[Philippe Mathieu-Daudé]

On 09/14/2017 03:35 PM, Richard Henderson wrote:

Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Richard Henderson 
---
  target/mips/cpu.h|  2 ++
  target/mips/cpu.c|  8 
  target/mips/translate_init.c | 36 
  3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 74f6a5b098..dca713825d 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1118,4 +1118,6 @@ static inline void QEMU_NORETURN 
do_raise_exception(CPUMIPSState *env,
  do_raise_exception_err(env, exception, 0, pc);
  }
  
+void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info);

+
  #endif /* MIPS_CPU_H */
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 1bb66b7a5a..898f1b3759 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -111,14 +111,6 @@ static void mips_cpu_reset(CPUState *s)
  #endif
  }
  
-static void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info) {

-#ifdef TARGET_WORDS_BIGENDIAN
-info->print_insn = print_insn_big_mips;
-#else
-info->print_insn = print_insn_little_mips;
-#endif
-}
-


this clashes with the pending mips-cpu-qomify series, however the 
conflict is benign and easy fixable, I expect your series to enter first.



  static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
  {
  CPUState *cs = CPU(dev);
diff --git a/target/mips/translate_init.c b/target/mips/translate_init.c
index 255d25bacd..1d43b3c36d 100644
--- a/target/mips/translate_init.c
+++ b/target/mips/translate_init.c
@@ -947,3 +947,39 @@ static void msa_reset(CPUMIPSState *env)
  /* set proper signanling bit meaning ("1" means "quiet") */
  set_snan_bit_is_one(0, >active_tc.msa_fp_status);
  }
+
+#include "disas/capstone.h"
+
+void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info)
+{
+MIPSCPU *cpu = MIPS_CPU(s);
+CPUMIPSState *env = >env;
+int insn_flags = env->cpu_model->insn_flags;
+int cap_mode;


int cap_mode = 0; ?


+
+#ifdef TARGET_WORDS_BIGENDIAN
+info->print_insn = print_insn_big_mips;
+#else
+info->print_insn = print_insn_little_mips;
+#endif
+
+cap_mode = 0;
+if (insn_flags & ISA_MIPS3) {
+cap_mode |= CS_MODE_MIPS3;
+}
+if (insn_flags & ISA_MIPS32) {
+cap_mode |= CS_MODE_MIPS32;
+}
+if (insn_flags & ISA_MIPS64) {
+cap_mode |= CS_MODE_MIPS64;
+}
+if (insn_flags & ISA_MIPS32R6) {
+cap_mode |= CS_MODE_MIPS32R6;
+}


quite an improvement for the MIPS target!


+#ifdef TARGET_MIPS64
+cap_mode |= CS_MODE_MIPSGP64;
+#endif
+
+info->cap_arch = CS_ARCH_MIPS;
+info->cap_mode = cap_mode;
+}

Re: [Qemu-devel] [PATCH] amd_iommu: Return error on machines with no PCI

[Peter Xu]

On Thu, Sep 14, 2017 at 05:31:38PM -0300, Eduardo Habkost wrote:
> On Thu, Sep 14, 2017 at 10:24:23PM +0200, Thomas Huth wrote:
> > On 14.09.2017 22:18, Mohammed Gamal wrote:
> > > Starting the following command line causes a segfault
> > > qemu-system-x86_64 -S -machine isapc,accel=kvm -device amd-iommu
> > > 
> > > This is due to the fact that the machine type 'isapc' doesn't have
> > > a PCI bus, while amd_iommu doesn't check if the machine has PCI support
> > > and subsequently does a null-pointer access. AMD IOMMU shouldn't even work
> > > if the target machine doesn't have PCI.
> > > 
> > > Add a check for PCI on the given machine type and return an error if PCI
> > > is not supported.
> > > 
> > > Signed-off-by: Mohammed Gamal 
> > > ---
> > >  hw/i386/amd_iommu.c | 7 +++
> > >  1 file changed, 7 insertions(+)
> > > 
> > > diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
> > > index 334938a..9a667b7 100644
> > > --- a/hw/i386/amd_iommu.c
> > > +++ b/hw/i386/amd_iommu.c
> > > @@ -1153,6 +1153,13 @@ static void amdvi_realize(DeviceState *dev, Error 
> > > **err)
> > >  }
> > >  
> > >  bus = pcms->bus;
> > > +
> > > +if (!bus) {
> > > +error_setg(err, "Machine-type '%s' does not support PCI",
> > > +   mc->name);
> > > +return;
> > > +}
> > > +
> > >  s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
> > >   amdvi_uint64_equal, g_free, g_free);
> > >  
> > > 
> > 
> > Patch looks fine to me, but I think it would also be sufficient to
> > change the check at the beginning of the function to test "if (!pcms ||
> > !pcms->bus)" instead of just "if (!pcms)" ... the error message
> > "Machine-type 'xxx' not supported by amd-iommu" is also adequate if
> > there is no PCI bus available on the system.
> 
> I agree this would be much simpler.

Even, shall we move the pcms && bus check into x86_iommu_realize()
directly?  Then we will only need one single patch for Intel/AMD, and
it's also a cleanup.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [RFC] Buffers/caches in VirtIO Balloon driver stats

[Wei Wang]

On 09/12/2017 10:29 PM, Tomáš Golembiovský wrote:

On Tue, 29 Aug 2017 20:01:53 +0800
Wei Wang  wrote:


On 08/29/2017 05:57 PM, Stefan Hajnoczi wrote:

On Sun, Aug 27, 2017 at 11:30:33PM +0200, Tomáš Golembiovský wrote:

Hi,

I have CCed the relevant mailing lists and people most recently involved
in virtio-balloon discussions.  Hopefully this will help get the right
people to see your questions.
  

We'd like to include information about reclaimable memory into the
statistics in VirtiO Balloon driver. Namely, we'd like to include
counters for bufferes and caches of Linux kernel. The patch itself is
pretty trivial -- no problem there. But before we do that I'd like to
get some input from the QEMU community.

1) Is there any reason not to have the stats there?

Could you please share the usages of reclaimable memory via the stats?

I'll go ahead then and start sending patches. What would be the proper
course of action here? Send patch for the driver first, or send patch
for QEMU first or send both patches right away?


If you have both ready, I think it would be fine to send them all.






2) Considering the balloon device is multiplatform (Linux, BSD,
Windows), is there a problem with including buffers/caches? These seem
to be specific to the Linux virtual memory subsystem. Of course, other
OSes could just report zeros. Are there some internal stats on those
OSes that could be filled in? I don't now if such or similar statistic
are available on BSD. On Windows only SystemCache stat looks like
something relevant. Anyone familiar with those OSes has any suggestions?

   

One of the solutions that I'm thinking about is to make virtio
platform-ware.

This is not necessary. IIUC the driver does not need to send all the
stats. We can simply treat those stats as specific to Linux driver and
other drivers will not send them. Then QEMU will treat them as if zero
was reported.


Just had a quick check, I think that should function well too.
QEMU will report -1 for the stats.

Best,
Wei

Re: [Qemu-devel] [PATCH] scsi-bus: correct responses for INQUIRY and REQUEST SENSE

[Michael Roth]

Quoting Paolo Bonzini (2017-08-22 08:20:23)
> On 19/08/2017 00:55, Laszlo Ersek wrote:
> > Reported-by: Laszlo Ersek 
> > Fixes: ded6ddc5a7b95217557fa360913d1213e12d4a6d
> 
> And also:
> 
> Cc: qemu-sta...@nongnu.org

FYI patch freeze for v2.10.1 is Sep 25th. Hannes, were you planning to
resend with the suggested commit msg changes? (Or maybe having a willing
maintainer add them?)

> 
> 
> Thanks to both!
> 
> Paolo
> 

Re: [Qemu-devel] [Qemu-stable] [PATCH v2 0/2] vhost-user-bridge reconnect regression

[Michael Roth]

Quoting Marc-André Lureau (2017-08-29 10:57:01)
> Hi
> 
> On Tue, Aug 29, 2017 at 5:34 PM, Michael S. Tsirkin  wrote:
> > On Tue, Aug 29, 2017 at 05:27:49PM +0200, Marc-André Lureau wrote:
> >> Hi,
> >>
> >> libvhost-user doesn't support resuming with the same trick vubr had
> >> since commit 523b018dde3b7650fe5401d0499b30cf2f117515. The following
> >> two patches fix that regression.
> >
> >
> > Thanks! Do we need this in 2.10? If not pls ping after 2.10 is out.
> 
> I think it's not necessary since the regression appeared in 2.9
> already, and it's a manual test.
> 
> I'll ping after 2.10

FYI I'm looking to get v2.10.1 out this month, freeze will likely be set for
Sep. 25th if you're looking to get this in.

> 
> >
> >> Thanks
> >>
> >> Marc-André Lureau (2):
> >>   libvhost-user: support resuming vq->last_avail_idx based on used_idx
> >>   vhost-user-bridge: fix resume regression (since 2.9)
> >>
> >>  contrib/libvhost-user/libvhost-user.h |  7 +++
> >>  contrib/libvhost-user/libvhost-user.c | 13 +
> >>  tests/vhost-user-bridge.c |  7 +++
> >>  3 files changed, 27 insertions(+)
> >>
> >> --
> >> 2.14.1.146.gd35faa819
> >
> 
> 
> 
> -- 
> Marc-André Lureau
> 

Re: [Qemu-devel] [Qemu-block] [PATCH] rbd: Detect rbd image resizes and propagate them

[Adam Wolfe Gordon via Qemu-devel]

On Wed, Sep 13, 2017 at 6:47 PM, John Snow  wrote:
> On 09/13/2017 05:36 PM, Adam Wolfe Gordon via Qemu-devel wrote:
>> On Wed, Sep 13, 2017 at 2:53 PM, John Snow  wrote:
>> We have a storage orchestration service that manages our ceph block
>> storage clusters and doesn't interact directly with qemu. Volumes get
>> resized through the orchestration service, which (after doing some
>
> resized bigger, one hopes ...

Indeed! That's actually one of the reasons for this change: it's much
easier to guarantee that we're always resizing bigger if all resizes
are issued in the same place.

>> Previously, we would notify the VM of the resize by issuing a
>> blockresize via qmp after doing the resize itself externally. That
>> meant we were actually resizing the rbd image twice (though the second
>> was, hopefully, a no-op). We occasionally had trouble with the resize
>> issued by qemu getting stuck and blocking the qemu main thread.
>> Detecting the out-of-band resize lets us avoid the extra rbd_resize
>> call and means that we never modify an rbd image's metadata from qemu.
>>
>
> Hm, I see... It sounds like you want an operation here that lets us
> detect medium changes without actually attempting to orchestrate one.
>
> It smells like you want the second half of bdrv_truncate without
> actually issuing the call. Perhaps you could split this function into
> its two halves, and in the event of an external resize being detected,
> you could call the latter-half portion of bdrv_truncate.

Yes, I think that agrees with what Jason Dillaman suggested yesterday,
and makes sense to me. Will do that for a v2 of this patch.

> ...if the drive is configured to automatically detect those events, that
> is. Conceivably not all resize events that QEMU *could* detect *should*
> automatically result in guest-visible changes as soon as they occur.

Good point. I can add an option for this to the rbd driver. My gut
feeling is that the default should be off (i.e., the existing
behavior) to avoid any surprises for users who upgrade.

Thanks for the review. I'll get a v2 out as time allows.

-- awg

Re: [Qemu-devel] [PATCH v2 5/5] arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly

[Alistair Francis]

On Thu, Sep 14, 2017 at 12:50 AM, Igor Mammedov  wrote:
> On Thu, 14 Sep 2017 00:47:20 -0300
> Philippe Mathieu-Daudé  wrote:
>
>> Hi Igor,
>>
>> awesome clean refactor!
> Thanks,
>
> there is more patches on this topic for other targets to post
> but it's waiting on 1-3/5 to land in master so it would be
> easier for maintainers to verify/test them without fishing out
> dependencies from mail list.
>
> hopefully everything will land in 2.11 so we won't have to deal
> with cpu_model anywhere except of one place vl.c.
>
>> just 1 comment inlined.
>>
>> On 09/13/2017 01:04 PM, Igor Mammedov wrote:
>> > there are 2 use cases to deal with:
>> >1: fixed CPU models per board/soc
>> >2: boards with user configurable cpu_model and fallback to
>> >   default cpu_model if user hasn't specified one explicitly
>> >
>> > For the 1st
>> >drop intermediate cpu_model parsing and use const cpu type
>> >directly, which replaces:
>> >   typename = object_class_get_name(
>> > cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
>> >   object_new(typename)
>> >with
>> >   object_new(FOO_CPU_TYPE_NAME)
>> >or
>> >   cpu_generic_init(BASE_CPU_TYPE, "my cpu model")
>> >with
>> >   cpu_create(FOO_CPU_TYPE_NAME)
>> >
>> > as result 1st use case doesn't have to invoke not necessary
>> > translation and not needed code is removed.
>> >
>> > For the 2nd
>> >   1: set default cpu type with MachineClass::default_cpu_type and
>> >   2: use generic cpu_model parsing that done before machine_init()
>> >  is run and:
>> >  2.1: drop custom cpu_model parsing where pattern is:
>> > typename = object_class_get_name(
>> > cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
>> > [parse_features(typename, cpu_model, ) ]
>> >
>> >  2.2: or replace cpu_generic_init() which does what
>> >   2.1 does + create_cpu(typename) with just
>> >   create_cpu(machine->cpu_type)
>> > as result cpu_name -> cpu_type translation is done using
>> > generic machine code one including parsing optional features
>> > if supported/present (removes a bunch of duplicated cpu_model
>> > parsing code) and default cpu type is defined in an uniform way
>> > within machine_class_init callbacks instead of adhoc places
>> > in boadr's machine_init code.
>> >
>> > Signed-off-by: Igor Mammedov 
>> > Reviewed-by: Eduardo Habkost 
>> > ---
>> > v2:
>> >   - fix merge conflicts with ignore_memory_transaction_failures
>> >   - fix couple merge conflicts where SoC type string where replaced by 
>> > type macro
>> >   - keep plain prefix string in: strncmp(cpu_type, "pxa27", 5)
>> >   - s/"%s" ARM_CPU_TYPE_SUFFIX/ARM_CPU_TYPE_NAME("%s")/
>> > ---
> [...]
>
>> > diff --git a/hw/arm/virt.c b/hw/arm/virt.c
>> > index fe96557..fe26e99 100644
>> > --- a/hw/arm/virt.c
>> > +++ b/hw/arm/virt.c
>> > @@ -163,13 +163,13 @@ static const int a15irqmap[] = {
>> >   };
>> >
>> >   static const char *valid_cpus[] = {
>> > -"cortex-a15",
>> > -"cortex-a53",
>> > -"cortex-a57",
>> > -"host",
>> > +ARM_CPU_TYPE_NAME("cortex-a15"),
>> > +ARM_CPU_TYPE_NAME("cortex-a53"),
>> > +ARM_CPU_TYPE_NAME("cortex-a57"),
>> > +ARM_CPU_TYPE_NAME("host"),
>> >   };
>> >
>> > -static bool cpuname_valid(const char *cpu)
>> > +static bool cpu_type_valid(const char *cpu)
>> >   {
>> >   int i;
>>
>> I'd just change this by:
>>
>> static bool cpuname_valid(const char *cpu)
>> {
>>  static const char *valid_cpus[] = {
>>  ARM_CPU_TYPE_NAME("cortex-a15"),
>>  ARM_CPU_TYPE_NAME("cortex-a53"),
>>  ARM_CPU_TYPE_NAME("cortex-a57"),
>>  };
>>  int i;
>>
>>  for (i = 0; i < ARRAY_SIZE(valid_cpus); i++) {
>>  if (strcmp(cpu, valid_cpus[i]) == 0) {
>>  return true;
>>  }
>>  }
>
>>  return kvm_enabled() && !strcmp(cpu, ARM_CPU_TYPE_NAME("host");
> here is one more case to consider for valid_cpus refactoring,
> CCing Alistair.

Thanks, I have a few comments I need to look at for this. I'm going to
hold off until this series lands though.

Thanks,
Alistair

>
>> }
>>
>> Anyway this can be a later patch.
> this check might be removed or superseded by generic valid_cpus work
> that Alistair is working on, anyways it should be part of that work
> as change is not directly related to this series.
>
>
> [...]

[Qemu-devel] [Bug 1716767] Re: file(1) fails with "Invalid argument" on qemu-sh4-user

[Thomas Huth]

Please post patches to the qemu-devel mailing list for discussion
instead of attaching them to the bugtracker. Thanks!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716767

Title:
  file(1) fails with "Invalid argument" on qemu-sh4-user

Status in QEMU:
  New

Bug description:
  We recently discovered that file(1) fails on qemu-sh4-user when
  running on an ELF file:

  (sid_sh4)root@vs94:/# file /bin/bash
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  Running with "-d" yields more output:

  (sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail
  322: >> 7 byte&,=97,"(ARM)"]
  0 == 97 = 0
  mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1)
  mget/96 @7: 
\000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000
 
\000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000

  323: >> 7 byte&,=-1,"(embedded)"]
  0 == 18446744073709551615 = 0
  [try softmagic 1]
  [try elf -1]
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  It seems that the comparison above has a bogus (overflown?) value.

  On actual hardware, it works:

  root@tirpitz:~> file /bin/bash
  /bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld-linux.so.2, 
BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, 
stripped
  root@tirpitz:~>

  I have uploaded a chroot with Debian unstable which allows to
  reproduce the issue:

  > https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716767/+subscriptions

Re: [Qemu-devel] [PATCH v2 3/6] aarch64-softmmu.mak: Use an ARM specific config

[Alistair Francis]

On Thu, Sep 14, 2017 at 5:50 AM, Peter Maydell  wrote:
> On 1 September 2017 at 22:00, Alistair Francis
>  wrote:
>> In preperation for having an ARM and MicroBlaze ZynqMP machine let's
>> split out the current ARM specific config options.
>>
>> Signed-off-by: Alistair Francis 
>
> Acked-by: Peter Maydell 

Thanks Peter.

>
> I'm assuming this series is going be reviewed and go into
> master via a microblaze tree, not the arm one...

I talked to Edgar and that is the plan.

Thanks,
Alistair

>
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH] amd_iommu: Return error on machines with no PCI

[Eduardo Habkost]

On Thu, Sep 14, 2017 at 10:24:23PM +0200, Thomas Huth wrote:
> On 14.09.2017 22:18, Mohammed Gamal wrote:
> > Starting the following command line causes a segfault
> > qemu-system-x86_64 -S -machine isapc,accel=kvm -device amd-iommu
> > 
> > This is due to the fact that the machine type 'isapc' doesn't have
> > a PCI bus, while amd_iommu doesn't check if the machine has PCI support
> > and subsequently does a null-pointer access. AMD IOMMU shouldn't even work
> > if the target machine doesn't have PCI.
> > 
> > Add a check for PCI on the given machine type and return an error if PCI
> > is not supported.
> > 
> > Signed-off-by: Mohammed Gamal 
> > ---
> >  hw/i386/amd_iommu.c | 7 +++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
> > index 334938a..9a667b7 100644
> > --- a/hw/i386/amd_iommu.c
> > +++ b/hw/i386/amd_iommu.c
> > @@ -1153,6 +1153,13 @@ static void amdvi_realize(DeviceState *dev, Error 
> > **err)
> >  }
> >  
> >  bus = pcms->bus;
> > +
> > +if (!bus) {
> > +error_setg(err, "Machine-type '%s' does not support PCI",
> > +   mc->name);
> > +return;
> > +}
> > +
> >  s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
> >   amdvi_uint64_equal, g_free, g_free);
> >  
> > 
> 
> Patch looks fine to me, but I think it would also be sufficient to
> change the check at the beginning of the function to test "if (!pcms ||
> !pcms->bus)" instead of just "if (!pcms)" ... the error message
> "Machine-type 'xxx' not supported by amd-iommu" is also adequate if
> there is no PCI bus available on the system.

I agree this would be much simpler.

-- 
Eduardo

Re: [Qemu-devel] [PATCH] intel_iommu: Return error on machines with no PCI

[Thomas Huth]

On 14.09.2017 22:17, Mohammed Gamal wrote:
> Starting the following command line causes a segfault
> qemu-system-x86_64 -S -machine isapc,accel=kvm -device intel-iommu
> 
> This is due to the fact that the machine type 'isapc' doesn't have
> a PCI bus, while intel_iommu doesn't check if the machine has PCI support
> and subsequently does a null-pointer access. Intel IOMMU shouldn't even work
> if the target machine doesn't have PCI.
> 
> Add a check for PCI on the given machine type and return an error if PCI
> is not supported.
> 
> Signed-off-by: Mohammed Gamal 
> ---
>  hw/i386/intel_iommu.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
> index 3a5bb0b..fab0b4b 100644
> --- a/hw/i386/intel_iommu.c
> +++ b/hw/i386/intel_iommu.c
> @@ -3041,6 +3041,13 @@ static void vtd_realize(DeviceState *dev, Error **errp)
>  }
>  
>  bus = pcms->bus;
> +
> +if (!bus) {
> +error_setg(errp, "Machine-type '%s' does not support PCI",
> +   mc->name);
> +return;
> +}
> +
>  x86_iommu->type = TYPE_INTEL;
>  
>  if (!vtd_decide_config(s, errp)) {
> 

Patch looks basically fine to me, too, but I think I'd also rather
change the "if (!pcms)" at the beginning of the function into "if (!pcms
|| !pcms->bus)" here to use the same error message for both cases.

 Thomas

Re: [Qemu-devel] [PATCH] amd_iommu: Return error on machines with no PCI

[Thomas Huth]

On 14.09.2017 22:18, Mohammed Gamal wrote:
> Starting the following command line causes a segfault
> qemu-system-x86_64 -S -machine isapc,accel=kvm -device amd-iommu
> 
> This is due to the fact that the machine type 'isapc' doesn't have
> a PCI bus, while amd_iommu doesn't check if the machine has PCI support
> and subsequently does a null-pointer access. AMD IOMMU shouldn't even work
> if the target machine doesn't have PCI.
> 
> Add a check for PCI on the given machine type and return an error if PCI
> is not supported.
> 
> Signed-off-by: Mohammed Gamal 
> ---
>  hw/i386/amd_iommu.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
> index 334938a..9a667b7 100644
> --- a/hw/i386/amd_iommu.c
> +++ b/hw/i386/amd_iommu.c
> @@ -1153,6 +1153,13 @@ static void amdvi_realize(DeviceState *dev, Error 
> **err)
>  }
>  
>  bus = pcms->bus;
> +
> +if (!bus) {
> +error_setg(err, "Machine-type '%s' does not support PCI",
> +   mc->name);
> +return;
> +}
> +
>  s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
>   amdvi_uint64_equal, g_free, g_free);
>  
> 

Patch looks fine to me, but I think it would also be sufficient to
change the check at the beginning of the function to test "if (!pcms ||
!pcms->bus)" instead of just "if (!pcms)" ... the error message
"Machine-type 'xxx' not supported by amd-iommu" is also adequate if
there is no PCI bus available on the system.

 Thomas

Re: [Qemu-devel] [PATCH v8 06/13] qemu.py: make sure we only remove files we create

[Amador Pahim]

On Thu, Sep 14, 2017 at 10:18 PM, Eduardo Habkost  wrote:
> On Thu, Sep 14, 2017 at 10:05:50PM +0200, Amador Pahim wrote:
>> On Thu, Sep 14, 2017 at 9:46 PM, Eduardo Habkost  wrote:
>> > On Thu, Sep 14, 2017 at 09:38:13PM +0200, Amador Pahim wrote:
>> >> On Tue, Sep 5, 2017 at 5:18 AM, Fam Zheng  wrote:
>> >> > On Fri, 09/01 13:28, Amador Pahim wrote:
> [...]
>> >> >> +else:
>> >> >> +if not isinstance(self._monitor_address, tuple):
>> >> >> +self._created_files.append(self._monitor_address)
>> >> >> +
>> >> >> +try:
>> >> >> +flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY
>> >> >> +os.open(self._qemu_log_path, flags)
>> >> >
>> >> > Why change to os.open() instead of open()?
>> >>
>> >> I want to create the file only if it does not exist. The open() flag
>> >> 'x' is available only in python 3.3. For python <3.3, we need the
>> >> os.open() to have that feature.
>> >
>> > I'm not sure this extra complexity is really necessary.  We could
>> > fix all that by using mkdtemp() and deleting the temporary
>> > directory on shutdown.
>>
>> I thought about that, but I foresee the question: hat happens if
>> between the mkdtemp and the file creation (i.e. self._qemu_log_path)
>> someone goes in that directory and creates a file with the same name
>> of the self._qemu_log_path? Are we going to overwrite it? Ok, very
>> unlikely, but possible. This extra step takes care of that.
>
> If someone creates a file inside a directory we created using
> mkdtemp(), we will just delete it.  Why would that be a problem?

Ok then. That simplifies the control a lot.
Thanks.

>
> --
> Eduardo

[Qemu-devel] [PATCH] amd_iommu: Return error on machines with no PCI

[Mohammed Gamal]

Starting the following command line causes a segfault
qemu-system-x86_64 -S -machine isapc,accel=kvm -device amd-iommu

This is due to the fact that the machine type 'isapc' doesn't have
a PCI bus, while amd_iommu doesn't check if the machine has PCI support
and subsequently does a null-pointer access. AMD IOMMU shouldn't even work
if the target machine doesn't have PCI.

Add a check for PCI on the given machine type and return an error if PCI
is not supported.

Signed-off-by: Mohammed Gamal 
---
 hw/i386/amd_iommu.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 334938a..9a667b7 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1153,6 +1153,13 @@ static void amdvi_realize(DeviceState *dev, Error **err)
 }
 
 bus = pcms->bus;
+
+if (!bus) {
+error_setg(err, "Machine-type '%s' does not support PCI",
+   mc->name);
+return;
+}
+
 s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
  amdvi_uint64_equal, g_free, g_free);
 
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v8 06/13] qemu.py: make sure we only remove files we create

[Eduardo Habkost]

On Thu, Sep 14, 2017 at 10:05:50PM +0200, Amador Pahim wrote:
> On Thu, Sep 14, 2017 at 9:46 PM, Eduardo Habkost  wrote:
> > On Thu, Sep 14, 2017 at 09:38:13PM +0200, Amador Pahim wrote:
> >> On Tue, Sep 5, 2017 at 5:18 AM, Fam Zheng  wrote:
> >> > On Fri, 09/01 13:28, Amador Pahim wrote:
[...]
> >> >> +else:
> >> >> +if not isinstance(self._monitor_address, tuple):
> >> >> +self._created_files.append(self._monitor_address)
> >> >> +
> >> >> +try:
> >> >> +flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY
> >> >> +os.open(self._qemu_log_path, flags)
> >> >
> >> > Why change to os.open() instead of open()?
> >>
> >> I want to create the file only if it does not exist. The open() flag
> >> 'x' is available only in python 3.3. For python <3.3, we need the
> >> os.open() to have that feature.
> >
> > I'm not sure this extra complexity is really necessary.  We could
> > fix all that by using mkdtemp() and deleting the temporary
> > directory on shutdown.
> 
> I thought about that, but I foresee the question: hat happens if
> between the mkdtemp and the file creation (i.e. self._qemu_log_path)
> someone goes in that directory and creates a file with the same name
> of the self._qemu_log_path? Are we going to overwrite it? Ok, very
> unlikely, but possible. This extra step takes care of that.

If someone creates a file inside a directory we created using
mkdtemp(), we will just delete it.  Why would that be a problem?

-- 
Eduardo

[Qemu-devel] [PATCH] amd_iommu: Return error on machines with no PCI

[Mohammed Gamal]

Starting the following command line causes a segfault
qemu-system-x86_64 -S -machine isapc,accel=kvm -device amd-iommu

This is due to the fact that the machine type 'isapc' doesn't have
a PCI bus, while amd_iommu doesn't check if the machine has PCI support
and subsequently does a null-pointer access. AMD IOMMU shouldn't even work
if the target machine doesn't have PCI.

Add a check for PCI on the given machine type and return an error if PCI
is not supported.

Signed-off-by: Mohammed Gamal 
---
 hw/i386/amd_iommu.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 334938a..9a667b7 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1153,6 +1153,13 @@ static void amdvi_realize(DeviceState *dev, Error **err)
 }
 
 bus = pcms->bus;
+
+if (!bus) {
+error_setg(err, "Machine-type '%s' does not support PCI",
+   mc->name);
+return;
+}
+
 s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
  amdvi_uint64_equal, g_free, g_free);
 
-- 
1.8.3.1

[Qemu-devel] [PATCH] intel_iommu: Return error on machines with no PCI

[Mohammed Gamal]

Starting the following command line causes a segfault
qemu-system-x86_64 -S -machine isapc,accel=kvm -device intel-iommu

This is due to the fact that the machine type 'isapc' doesn't have
a PCI bus, while intel_iommu doesn't check if the machine has PCI support
and subsequently does a null-pointer access. Intel IOMMU shouldn't even work
if the target machine doesn't have PCI.

Add a check for PCI on the given machine type and return an error if PCI
is not supported.

Signed-off-by: Mohammed Gamal 
---
 hw/i386/intel_iommu.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 3a5bb0b..fab0b4b 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3041,6 +3041,13 @@ static void vtd_realize(DeviceState *dev, Error **errp)
 }
 
 bus = pcms->bus;
+
+if (!bus) {
+error_setg(errp, "Machine-type '%s' does not support PCI",
+   mc->name);
+return;
+}
+
 x86_iommu->type = TYPE_INTEL;
 
 if (!vtd_decide_config(s, errp)) {
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v8 06/13] qemu.py: make sure we only remove files we create

[Amador Pahim]

On Thu, Sep 14, 2017 at 9:46 PM, Eduardo Habkost  wrote:
> On Thu, Sep 14, 2017 at 09:38:13PM +0200, Amador Pahim wrote:
>> On Tue, Sep 5, 2017 at 5:18 AM, Fam Zheng  wrote:
>> > On Fri, 09/01 13:28, Amador Pahim wrote:
>> >> To launch a VM, we need to create basically two files: the monitor
>> >> socket (if it's a UNIX socket) and the qemu log file.
>> >>
>> >> For the qemu log file, we currently just open the path, which will
>> >> create the file if it does not exist or overwrite the file if it does
>> >> exist.
>> >>
>> >> For the monitor socket, if it already exists, we are currently removing
>> >> it, even if it's not created by us.
>> >>
>> >> This patch moves to pre_launch() the responsibility to make sure we only
>> >> create files that are not pre-existent and to populate a list of
>> >> controlled files. This list will then be used as the reference of
>> >> files to remove during the cleanup (post_shutdown()).
>> >>
>> >> Signed-off-by: Amador Pahim 
>> >> ---
>> >>  scripts/qemu.py | 30 +++---
>> >>  1 file changed, 23 insertions(+), 7 deletions(-)
>> >>
>> >> diff --git a/scripts/qemu.py b/scripts/qemu.py
>> >> index 3ebe5ee0a4..c26e1412f9 100644
>> >> --- a/scripts/qemu.py
>> >> +++ b/scripts/qemu.py
>> >> @@ -41,6 +41,7 @@ class QEMUMachine(object):
>> >>  monitor_address = os.path.join(test_dir, name + 
>> >> "-monitor.sock")
>> >>  self._monitor_address = monitor_address
>> >>  self._qemu_log_path = os.path.join(test_dir, name + ".log")
>> >> +self._qemu_log_fd = None
>> >>  self._popen = None
>> >>  self._binary = binary
>> >>  self._args = list(args) # Force copy args in case we modify them
>> >> @@ -50,6 +51,7 @@ class QEMUMachine(object):
>> >>  self._socket_scm_helper = socket_scm_helper
>> >>  self._debug = debug
>> >>  self._qemu_full_args = None
>> >> +self._created_files = []
>> >>
>> >>  # This can be used to add an unused monitor instance.
>> >>  def add_monitor_telnet(self, ip, port):
>> >> @@ -128,30 +130,44 @@ class QEMUMachine(object):
>> >>  '-display', 'none', '-vga', 'none']
>> >>
>> >>  def _pre_launch(self):
>> >> -self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address, 
>> >> server=True,
>> >> -debug=self._debug)
>> >> +try:
>> >> +self._qmp = 
>> >> qmp.qmp.QEMUMonitorProtocol(self._monitor_address,
>> >> +server=True,
>> >> +debug=self._debug)
>> >> +except:
>> >> +raise
>> >
>> > What's the point of "except: raise"? It seems useless.
>>
>> The point is to execute the block in the else only when no exception
>> happens. When some exception happens, I want to raise it without
>> executing the else block.
>
> Isn't this exactly what Python does when an exception is raised
> with no "try" block?

Sure, cleaning this up.

>
>
>>
>> >
>> >> +else:
>> >> +if not isinstance(self._monitor_address, tuple):
>> >> +self._created_files.append(self._monitor_address)
>> >> +
>> >> +try:
>> >> +flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY
>> >> +os.open(self._qemu_log_path, flags)
>> >
>> > Why change to os.open() instead of open()?
>>
>> I want to create the file only if it does not exist. The open() flag
>> 'x' is available only in python 3.3. For python <3.3, we need the
>> os.open() to have that feature.
>
> I'm not sure this extra complexity is really necessary.  We could
> fix all that by using mkdtemp() and deleting the temporary
> directory on shutdown.

I thought about that, but I foresee the question: hat happens if
between the mkdtemp and the file creation (i.e. self._qemu_log_path)
someone goes in that directory and creates a file with the same name
of the self._qemu_log_path? Are we going to overwrite it? Ok, very
unlikely, but possible. This extra step takes care of that.

>
>>
>> >
>> >> +except:
>> >> +raise
>> >> +else:
>> >> +self._created_files.append(self._qemu_log_path)
>> >> +self._qemu_log_fd = open(self._qemu_log_path, 'wb')
>> >>
>> >>  def _post_launch(self):
>> >>  self._qmp.accept()
>> >>
>> >>  def _post_shutdown(self):
>> >> -if not isinstance(self._monitor_address, tuple):
>> >> -self._remove_if_exists(self._monitor_address)
>> >> -self._remove_if_exists(self._qemu_log_path)
>> >> +while self._created_files:
>> >> +self._remove_if_exists(self._created_files.pop())
>> >>
>> >>  def launch(self):
>> >>  '''Launch the VM and establish a QMP connection'''
>> >>  self._iolog = None
>> >>  self._qemu_full_args = None
>> >>  devnull = 

Re: [Qemu-devel] [PATCH RESEND v7 0/3] Red Hat PCI bridge resource reserve capability

[Kevin O'Connor]

On Thu, Sep 14, 2017 at 11:15:43AM +0300, Aleksandr Bezzubikov wrote:
> 2017-09-10 22:40 GMT+03:00 Marcel Apfelbaum :
> > On 10/09/2017 21:34, Aleksandr Bezzubikov wrote:
> >> And what about this series? The matching QEMU series has been applied,
> >> that's why there should be no problems with picking this series up for
> >> SeaBIOS
> >>
> >
> > Hi Aleksandr,
> >
> > Since SeaBIOS is a different project, we need to monitor the QEMU
> > patches by ourselves and only then ask the maintainer to merge the
> > patches if he has no objections, of course. (no automated process)
> >
> > Can you please verify the series still applies to SeaBIOS AS IS
> > and run a quick test against today's QEMU master branch?
> > Can you please give Kevin your OK before he proceeds with the merge?
> 
> Just did it, it's sitll OK and works fine. That's why this series can
> be merged AS IS.

Thanks.  I committed this series.  (I did prune some spurious trailing
newlines during the commit).

-Kevin

Re: [Qemu-devel] [PATCH v2 3/7] mips: split cpu_mips_realize_env() out of cpu_mips_init()

[Eduardo Habkost]

On Wed, Aug 30, 2017 at 07:52:21PM -0300, Philippe Mathieu-Daudé wrote:
> so it can be used in mips_cpu_realizefn() in the next commit
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> Tested-by: Igor Mammedov 
> Tested-by: James Hogan 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v8 06/13] qemu.py: make sure we only remove files we create

[Eduardo Habkost]

On Thu, Sep 14, 2017 at 09:38:13PM +0200, Amador Pahim wrote:
> On Tue, Sep 5, 2017 at 5:18 AM, Fam Zheng  wrote:
> > On Fri, 09/01 13:28, Amador Pahim wrote:
> >> To launch a VM, we need to create basically two files: the monitor
> >> socket (if it's a UNIX socket) and the qemu log file.
> >>
> >> For the qemu log file, we currently just open the path, which will
> >> create the file if it does not exist or overwrite the file if it does
> >> exist.
> >>
> >> For the monitor socket, if it already exists, we are currently removing
> >> it, even if it's not created by us.
> >>
> >> This patch moves to pre_launch() the responsibility to make sure we only
> >> create files that are not pre-existent and to populate a list of
> >> controlled files. This list will then be used as the reference of
> >> files to remove during the cleanup (post_shutdown()).
> >>
> >> Signed-off-by: Amador Pahim 
> >> ---
> >>  scripts/qemu.py | 30 +++---
> >>  1 file changed, 23 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/scripts/qemu.py b/scripts/qemu.py
> >> index 3ebe5ee0a4..c26e1412f9 100644
> >> --- a/scripts/qemu.py
> >> +++ b/scripts/qemu.py
> >> @@ -41,6 +41,7 @@ class QEMUMachine(object):
> >>  monitor_address = os.path.join(test_dir, name + 
> >> "-monitor.sock")
> >>  self._monitor_address = monitor_address
> >>  self._qemu_log_path = os.path.join(test_dir, name + ".log")
> >> +self._qemu_log_fd = None
> >>  self._popen = None
> >>  self._binary = binary
> >>  self._args = list(args) # Force copy args in case we modify them
> >> @@ -50,6 +51,7 @@ class QEMUMachine(object):
> >>  self._socket_scm_helper = socket_scm_helper
> >>  self._debug = debug
> >>  self._qemu_full_args = None
> >> +self._created_files = []
> >>
> >>  # This can be used to add an unused monitor instance.
> >>  def add_monitor_telnet(self, ip, port):
> >> @@ -128,30 +130,44 @@ class QEMUMachine(object):
> >>  '-display', 'none', '-vga', 'none']
> >>
> >>  def _pre_launch(self):
> >> -self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address, 
> >> server=True,
> >> -debug=self._debug)
> >> +try:
> >> +self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address,
> >> +server=True,
> >> +debug=self._debug)
> >> +except:
> >> +raise
> >
> > What's the point of "except: raise"? It seems useless.
> 
> The point is to execute the block in the else only when no exception
> happens. When some exception happens, I want to raise it without
> executing the else block.

Isn't this exactly what Python does when an exception is raised
with no "try" block?


> 
> >
> >> +else:
> >> +if not isinstance(self._monitor_address, tuple):
> >> +self._created_files.append(self._monitor_address)
> >> +
> >> +try:
> >> +flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY
> >> +os.open(self._qemu_log_path, flags)
> >
> > Why change to os.open() instead of open()?
> 
> I want to create the file only if it does not exist. The open() flag
> 'x' is available only in python 3.3. For python <3.3, we need the
> os.open() to have that feature.

I'm not sure this extra complexity is really necessary.  We could
fix all that by using mkdtemp() and deleting the temporary
directory on shutdown.

> 
> >
> >> +except:
> >> +raise
> >> +else:
> >> +self._created_files.append(self._qemu_log_path)
> >> +self._qemu_log_fd = open(self._qemu_log_path, 'wb')
> >>
> >>  def _post_launch(self):
> >>  self._qmp.accept()
> >>
> >>  def _post_shutdown(self):
> >> -if not isinstance(self._monitor_address, tuple):
> >> -self._remove_if_exists(self._monitor_address)
> >> -self._remove_if_exists(self._qemu_log_path)
> >> +while self._created_files:
> >> +self._remove_if_exists(self._created_files.pop())
> >>
> >>  def launch(self):
> >>  '''Launch the VM and establish a QMP connection'''
> >>  self._iolog = None
> >>  self._qemu_full_args = None
> >>  devnull = open(os.path.devnull, 'rb')
> >> -qemulog = open(self._qemu_log_path, 'wb')
> >>  try:
> >>  self._pre_launch()
> >>  self._qemu_full_args = (self._wrapper + [self._binary] +
> >>  self._base_args() + self._args)
> >>  self._popen = subprocess.Popen(self._qemu_full_args,
> >> stdin=devnull,
> >> -   stdout=qemulog,
> >> +   

Re: [Qemu-devel] [PATCH v8 06/13] qemu.py: make sure we only remove files we create

[Amador Pahim]

On Tue, Sep 5, 2017 at 5:18 AM, Fam Zheng  wrote:
> On Fri, 09/01 13:28, Amador Pahim wrote:
>> To launch a VM, we need to create basically two files: the monitor
>> socket (if it's a UNIX socket) and the qemu log file.
>>
>> For the qemu log file, we currently just open the path, which will
>> create the file if it does not exist or overwrite the file if it does
>> exist.
>>
>> For the monitor socket, if it already exists, we are currently removing
>> it, even if it's not created by us.
>>
>> This patch moves to pre_launch() the responsibility to make sure we only
>> create files that are not pre-existent and to populate a list of
>> controlled files. This list will then be used as the reference of
>> files to remove during the cleanup (post_shutdown()).
>>
>> Signed-off-by: Amador Pahim 
>> ---
>>  scripts/qemu.py | 30 +++---
>>  1 file changed, 23 insertions(+), 7 deletions(-)
>>
>> diff --git a/scripts/qemu.py b/scripts/qemu.py
>> index 3ebe5ee0a4..c26e1412f9 100644
>> --- a/scripts/qemu.py
>> +++ b/scripts/qemu.py
>> @@ -41,6 +41,7 @@ class QEMUMachine(object):
>>  monitor_address = os.path.join(test_dir, name + "-monitor.sock")
>>  self._monitor_address = monitor_address
>>  self._qemu_log_path = os.path.join(test_dir, name + ".log")
>> +self._qemu_log_fd = None
>>  self._popen = None
>>  self._binary = binary
>>  self._args = list(args) # Force copy args in case we modify them
>> @@ -50,6 +51,7 @@ class QEMUMachine(object):
>>  self._socket_scm_helper = socket_scm_helper
>>  self._debug = debug
>>  self._qemu_full_args = None
>> +self._created_files = []
>>
>>  # This can be used to add an unused monitor instance.
>>  def add_monitor_telnet(self, ip, port):
>> @@ -128,30 +130,44 @@ class QEMUMachine(object):
>>  '-display', 'none', '-vga', 'none']
>>
>>  def _pre_launch(self):
>> -self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address, 
>> server=True,
>> -debug=self._debug)
>> +try:
>> +self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address,
>> +server=True,
>> +debug=self._debug)
>> +except:
>> +raise
>
> What's the point of "except: raise"? It seems useless.

The point is to execute the block in the else only when no exception
happens. When some exception happens, I want to raise it without
executing the else block.

>
>> +else:
>> +if not isinstance(self._monitor_address, tuple):
>> +self._created_files.append(self._monitor_address)
>> +
>> +try:
>> +flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY
>> +os.open(self._qemu_log_path, flags)
>
> Why change to os.open() instead of open()?

I want to create the file only if it does not exist. The open() flag
'x' is available only in python 3.3. For python <3.3, we need the
os.open() to have that feature.

>
>> +except:
>> +raise
>> +else:
>> +self._created_files.append(self._qemu_log_path)
>> +self._qemu_log_fd = open(self._qemu_log_path, 'wb')
>>
>>  def _post_launch(self):
>>  self._qmp.accept()
>>
>>  def _post_shutdown(self):
>> -if not isinstance(self._monitor_address, tuple):
>> -self._remove_if_exists(self._monitor_address)
>> -self._remove_if_exists(self._qemu_log_path)
>> +while self._created_files:
>> +self._remove_if_exists(self._created_files.pop())
>>
>>  def launch(self):
>>  '''Launch the VM and establish a QMP connection'''
>>  self._iolog = None
>>  self._qemu_full_args = None
>>  devnull = open(os.path.devnull, 'rb')
>> -qemulog = open(self._qemu_log_path, 'wb')
>>  try:
>>  self._pre_launch()
>>  self._qemu_full_args = (self._wrapper + [self._binary] +
>>  self._base_args() + self._args)
>>  self._popen = subprocess.Popen(self._qemu_full_args,
>> stdin=devnull,
>> -   stdout=qemulog,
>> +   stdout=self._qemu_log_fd,
>> stderr=subprocess.STDOUT,
>> shell=False)
>>  self._post_launch()
>> --
>> 2.13.5
>>
>
> Fam

Re: [Qemu-devel] [PATCH v2 0/3] hostmem-file: Add "discard-data" option

[Eduardo Habkost]

Series queued on machine-next.

On Thu, Aug 24, 2017 at 04:23:12PM -0300, Eduardo Habkost wrote:
> This series adds a new "discard-data" option to
> memory-backend-file.  The new option will be useful if somebody
> is sharing RAM contents on a pre-existing file using share=on,
> but don't need data to be flushed to disk when QEMU exits.
> 
> Internally, it will trigger a madvise(MADV_REMOVE) call when the
> memory backend is removed or when QEMU exits.
> 
> To make we actually trigger the new code when QEMU exits, the
> first patch in the series ensures we destroy all user-created
> objects when exiting QEMU.
> 
> Changes v1 -> v2:
> * Original subject line of v1 was:
>   '[PATCH 0/5] hostmem-file: Add "persistent" option'
> * Replaced 'persistent=no' with 'discard-data=yes', to make it
>   clear that the flag will destroy data on the backing file.
> * Use qemu_madvise() instead of madvise()
>   * New patch added to series: "osdep: define QEMU_MADV_REMOVE"
> * Call qemu_madvise() directly from the backend unparent()
>   method, insteead of adding a new flag to the memory API and
>   reusing ram_block_discard_range()
>   * In addition to simplifying the code a lot, this fixes a bug,
> because v1 relied on getting the memory region reference
> count back to 0, which doesn't happen when QEMU is exiting
> because there's no machine cleanup code to ensure that.
> 
> Eduardo Habkost (3):
>   vl: Clean up user-creatable objects when exiting
>   osdep: Define QEMU_MADV_REMOVE
>   hostmem-file: Add "discard-data" option
> 
>  include/qemu/osdep.h|  7 +++
>  include/qom/object_interfaces.h |  8 
>  backends/hostmem-file.c | 29 +
>  qom/object_interfaces.c |  5 +
>  vl.c|  1 +
>  qemu-options.hx |  5 -
>  6 files changed, 54 insertions(+), 1 deletion(-)
> 
> -- 
> 2.9.4
> 
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v8 00/13] scripts/qemu.py fixes and cleanups

[Eduardo Habkost]

Patches 01-05 were queued on my python-next branch:
https://github.com/ehabkost/qemu/commits/python-next

Please use python-next as base for v9, as I plan to submit a pull
request with the contents of python-next soon.


On Fri, Sep 01, 2017 at 01:28:16PM +0200, Amador Pahim wrote:
> Changes v1->v2:
>  - Style fixes to make checkpatch.pl happy.
>  - Rebased.
> Changes v2->v3:
>  - Fix typo in patch 3 ("qemu.py: make 'args' public") commit message.
> Changes v3->v4:
>  - Squash the 2 first commits since they are co-dependant.
>  - Cleanup launch() and shutdown().
>  - Reorder the commits, putting the rename of self._args first.
>  - Rebased.
> Changes v4->v5:
>  - Break the cleanup commit into logical changes and include in the
>commit messages the rationale for making them.
> Changes v5->v6:
>  - Remove the commit to rename self._args.
>  - Fix is_running() return before first call to maunch().
>  - Use python logging system.
>  - Include the full command line on negative exit code error message.
>  - Use os.path.null instead of /dev/null.
>  - Improve the control over the created/deleted files.
> Changes v6->v7:
>  - Split commits in self-contained/atomic changes.
>  - Addressed the comments from previous version, basically improving the
>logging messages and the control over created files. See individual
>commit messages for details.
> Changes v7->v8:
>  - Rebased.
>  - Reorder commits to avoid break->fix sequence.
>  - Split commits "use poll() instead of 'returncode'" and "refactor
>launch()".
>  - Don't ignore errors in _load_io_log(). Instead, check if we created
>the file before reading it.
>  - Use LOG.warn() instead of LOG.debug() for the negative exit code
>message.
>  - Fix the exception name called in commits "launch vm only if it's not
>running" and "don't launch again before shutdown()".
>  - Minor style fixes.
> 
> Amador Pahim (13):
>   qemu.py: fix is_running() return before first launch()
>   qemu.py: avoid writing to stdout/stderr
>   qemu.py: use os.path.null instead of /dev/null
>   qemu.py: improve message on negative exit code
>   qemu.py: include debug information on launch error
>   qemu.py: make sure we only remove files we create
>   qemu.py: close _qemu_log_path on cleanup
>   qemu.py: refactor launch()
>   qemu.py: always cleanup on shutdown()
>   qemu.py: use poll() instead of 'returncode'
>   qemu.py: cleanup redundant calls in launch()
>   qemu.py: launch vm only if it's not running
>   qemu.py: don't launch again before shutdown()
> 
>  scripts/qemu.py | 136 
> +---
>  1 file changed, 101 insertions(+), 35 deletions(-)
> 
> -- 
> 2.13.5
> 
> 

-- 
Eduardo

[Qemu-devel] [PATCH 3/3] ppc/kvm: check some capabilities with kvm_vm_check_extension()

[Greg Kurz]

The following capabilities are VM specific:
- KVM_CAP_PPC_SMT_POSSIBLE
- KVM_CAP_PPC_HTAB_FD
- KVM_CAP_PPC_ALLOC_HTAB

If both KVM HV and KVM PR are present, checking them always return
the HV value, even if we explicitely requested to use PR.

This has no visible effect for KVM_CAP_PPC_ALLOC_HTAB, because we also
try the KVM_PPC_ALLOCATE_HTAB ioctl which is only suppored by HV. As
a consequence, the spapr code doesn't even check KVM_CAP_PPC_HTAB_FD.

However, this will cause kvmppc_hint_smt_possible(), introduced by
commit fa98fbfcdfcb9, to report several VSMT modes (eg, Available
VSMT modes: 8 4 2 1) whereas PR only support mode 1.

This patch fixes all three anyway to use kvm_vm_check_extension(). It
is okay since the VM is already created at the time kvm_arch_init() or
kvmppc_reset_htab() is called.

Signed-off-by: Greg Kurz 
---
 target/ppc/kvm.c |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 1deaf106d2b9..208c70e81426 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -131,7 +131,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_interrupt_level = kvm_check_extension(s, KVM_CAP_PPC_IRQ_LEVEL);
 cap_segstate = kvm_check_extension(s, KVM_CAP_PPC_SEGSTATE);
 cap_booke_sregs = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_SREGS);
-cap_ppc_smt_possible = kvm_check_extension(s, KVM_CAP_PPC_SMT_POSSIBLE);
+cap_ppc_smt_possible = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT_POSSIBLE);
 cap_ppc_rma = kvm_check_extension(s, KVM_CAP_PPC_RMA);
 cap_spapr_tce = kvm_check_extension(s, KVM_CAP_SPAPR_TCE);
 cap_spapr_tce_64 = kvm_check_extension(s, KVM_CAP_SPAPR_TCE_64);
@@ -143,7 +143,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_ppc_watchdog = kvm_check_extension(s, KVM_CAP_PPC_BOOKE_WATCHDOG);
 /* Note: we don't set cap_papr here, because this capability is
  * only activated after this by kvmppc_set_papr() */
-cap_htab_fd = kvm_check_extension(s, KVM_CAP_PPC_HTAB_FD);
+cap_htab_fd = kvm_vm_check_extension(s, KVM_CAP_PPC_HTAB_FD);
 cap_fixup_hcalls = kvm_check_extension(s, KVM_CAP_PPC_FIXUP_HCALL);
 cap_ppc_smt = kvm_vm_check_extension(s, KVM_CAP_PPC_SMT);
 cap_htm = kvm_vm_check_extension(s, KVM_CAP_PPC_HTM);
@@ -2353,7 +2353,7 @@ int kvmppc_reset_htab(int shift_hint)
 /* Full emulation, tell caller to allocate htab itself */
 return 0;
 }
-if (kvm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) {
+if (kvm_vm_check_extension(kvm_state, KVM_CAP_PPC_ALLOC_HTAB)) {
 int ret;
 ret = kvm_vm_ioctl(kvm_state, KVM_PPC_ALLOCATE_HTAB, );
 if (ret == -ENOTTY) {

[Qemu-devel] [PATCH 1/3] kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension()

[Greg Kurz]

On a server-class ppc host, this capability depends on the KVM type,
ie, HV or PR. If both KVM are present in the kernel, we will always
get the HV specific value, even if we explicitely requested PR on
the command line.

This can have an impact if we're using hugepages or a balloon device.

Since we've already created the VM at the time any user calls
kvm_has_sync_mmu(), switching to kvm_vm_check_extension() is
enough to fix any potential issue.

It is okay for the other archs that also implement KVM_CAP_SYNC_MMU,
ie, mips, s390, x86 and arm, because they don't depend on the VM being
created or not.

Signed-off-by: Greg Kurz 
---
 accel/kvm/kvm-all.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index f85553a85194..323c567cfb68 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2234,7 +2234,7 @@ int kvm_device_access(int fd, int group, uint64_t attr,
 /* Return 1 on success, 0 on failure */
 int kvm_has_sync_mmu(void)
 {
-return kvm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
+return kvm_vm_check_extension(kvm_state, KVM_CAP_SYNC_MMU);
 }
 
 int kvm_has_vcpu_events(void)

[Qemu-devel] [PATCH 0/3] kvm: use kvm_vm_check_extension() with VM capabilities

[Greg Kurz]

Some VM capabilities are currently checked with kvm_check_extension(). This
doesn't have any impact for most host architectures because they don't depend
on the KVM type. However, this is a problem for server-class ppc hosts that
can support the PR and HV KVM types. Both implementations can co-exist in the
kernel at the same time and we decide which one will be used with the "type"
argument of the KVM_CREATE_VM ioctl.

Each KVM type has a different set of capabilities, and checking them with
kvm_check_extension() will always cause KVM to assume we're in HV mode,
even if they are VM specific and we have explicitely requested to run in
PR mode. This may produce unexpected results.

A similar issue was recently fix in the ppc code:

https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg03751.html

This series goes a bit further, and turns more kvm_check_extension() into
kvm_vm_check_extension() where appropriate.

--
Greg

---

Greg Kurz (3):
  kvm: check KVM_CAP_SYNC_MMU with kvm_vm_check_extension()
  kvm: check KVM_CAP_NR_VCPUS with kvm_vm_check_extension()
  ppc/kvm: check some capabilities with kvm_vm_check_extension()


 accel/kvm/kvm-all.c |   47 ---
 target/ppc/kvm.c|6 +++---
 2 files changed, 27 insertions(+), 26 deletions(-)

[Qemu-devel] [PATCH 2/3] kvm: check KVM_CAP_NR_VCPUS with kvm_vm_check_extension()

[Greg Kurz]

On a modern server-class ppc host with the following CPU topology:

Architecture:  ppc64le
Byte Order:Little Endian
CPU(s):32
On-line CPU(s) list:   0,8,16,24
Off-line CPU(s) list:  1-7,9-15,17-23,25-31
Thread(s) per core:1

If both KVM PR and KVM HV loaded and we pass:

-machine pseries,accel=kvm,kvm-type=PR -smp 8

We expect QEMU to warn that this exceeds the number of online CPUs:

Warning: Number of SMP cpus requested (8) exceeds the recommended
 cpus supported by KVM (4)
Warning: Number of hotpluggable cpus requested (8) exceeds the
 recommended cpus supported by KVM (4)

but nothing is printed...

This happens because on ppc the KVM_CAP_NR_VCPUS capability is VM
specific  ndreally depends on the KVM type, but we currently use it
as a global capability. And KVM returns a fallback value based on
KVM HV being present. Maybe KVM on POWER shouldn't presume anything
as long as it doesn't have a VM, but in all cases, we should call
KVM_CREATE_VM first and use KVM_CAP_NR_VCPUS as a VM capability.

This patch hence changes kvm_recommended_vcpus() accordingly and
moves the sanity checking of smp_cpus after the VM creation.

It is okay for the other archs that also implement KVM_CAP_NR_VCPUS,
ie, mips, s390, x86 and arm, because they don't depend on the VM
being created or not.

Signed-off-by: Greg Kurz 
---
 accel/kvm/kvm-all.c |   45 +++--
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 323c567cfb68..d10534de2da1 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1533,7 +1533,7 @@ static void kvm_irqchip_create(MachineState *machine, 
KVMState *s)
  */
 static int kvm_recommended_vcpus(KVMState *s)
 {
-int ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS);
+int ret = kvm_vm_check_extension(s, KVM_CAP_NR_VCPUS);
 return (ret) ? ret : 4;
 }
 
@@ -1623,27 +1623,6 @@ static int kvm_init(MachineState *ms)
 s->nr_slots = 32;
 }
 
-/* check the vcpu limits */
-soft_vcpus_limit = kvm_recommended_vcpus(s);
-hard_vcpus_limit = kvm_max_vcpus(s);
-
-while (nc->name) {
-if (nc->num > soft_vcpus_limit) {
-fprintf(stderr,
-"Warning: Number of %s cpus requested (%d) exceeds "
-"the recommended cpus supported by KVM (%d)\n",
-nc->name, nc->num, soft_vcpus_limit);
-
-if (nc->num > hard_vcpus_limit) {
-fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
-"the maximum cpus supported by KVM (%d)\n",
-nc->name, nc->num, hard_vcpus_limit);
-exit(1);
-}
-}
-nc++;
-}
-
 kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
 if (mc->kvm_type) {
 type = mc->kvm_type(kvm_type);
@@ -1678,6 +1657,28 @@ static int kvm_init(MachineState *ms)
 }
 
 s->vmfd = ret;
+
+/* check the vcpu limits */
+soft_vcpus_limit = kvm_recommended_vcpus(s);
+hard_vcpus_limit = kvm_max_vcpus(s);
+
+while (nc->name) {
+if (nc->num > soft_vcpus_limit) {
+fprintf(stderr,
+"Warning: Number of %s cpus requested (%d) exceeds "
+"the recommended cpus supported by KVM (%d)\n",
+nc->name, nc->num, soft_vcpus_limit);
+
+if (nc->num > hard_vcpus_limit) {
+fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
+"the maximum cpus supported by KVM (%d)\n",
+nc->name, nc->num, hard_vcpus_limit);
+exit(1);
+}
+}
+nc++;
+}
+
 missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
 if (!missing_cap) {
 missing_cap =

Re: [Qemu-devel] [PATCH v2] osdep: Fix ROUND_UP(64-bit, 32-bit)

[Richard Henderson]

On 09/14/2017 06:49 AM, Eric Blake wrote:
> When using bit-wise operations that exploit the power-of-two
> nature of the second argument of ROUND_UP(), we still need to
> ensure that the mask is as wide as the first argument (done
> by using a ternary to force proper arithmetic promotion).
> Unpatched, ROUND_UP(2ULL*1024*1024*1024*1024, 512U) produces 0,
> instead of the intended 2TiB, because negation of an unsigned
> 32-bit quantity followed by widening to 64-bits does not
> sign-extend the mask.
> 
> Broken since its introduction in commit 292c8e50 (v1.5.0).
> Callers that passed the same width type to both macro parameters,
> or that had other code to ensure the first parameter's maximum
> runtime value did not exceed the second parameter's width, are
> unaffected, but I did not audit to see which (if any) existing
> clients of the macro could trigger incorrect behavior (I found
> the bug while adding a new use of the macro).
> 
> While preparing the patch, checkpatch complained about poor
> spacing, so I also fixed that here and in the nearby DIV_ROUND_UP.
> 
> CC: qemu-triv...@nongnu.org
> CC: qemu-sta...@nongnu.org
> Signed-off-by: Eric Blake 
> 
> ---
> v2: use ternary instead of addition of 0 [Laszlo], improve commit message
> ---
>  include/qemu/osdep.h | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [Qemu-devel] [Bug 1716767] Re: file(1) fails with "Invalid argument" on qemu-sh4-user

[John Paul Adrian Glaubitz]

On 09/13/2017 08:37 PM, James Clarke wrote:
> With the attached patch, qemu-sh4-static now works for file:

I can also confirm that the patch fixes the problem for me.

Would be great if it could get merged in one form or another.

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716767

Title:
  file(1) fails with "Invalid argument" on qemu-sh4-user

Status in QEMU:
  New

Bug description:
  We recently discovered that file(1) fails on qemu-sh4-user when
  running on an ELF file:

  (sid_sh4)root@vs94:/# file /bin/bash
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  Running with "-d" yields more output:

  (sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail
  322: >> 7 byte&,=97,"(ARM)"]
  0 == 97 = 0
  mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1)
  mget/96 @7: 
\000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000
 
\000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000

  323: >> 7 byte&,=-1,"(embedded)"]
  0 == 18446744073709551615 = 0
  [try softmagic 1]
  [try elf -1]
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  It seems that the comparison above has a bogus (overflown?) value.

  On actual hardware, it works:

  root@tirpitz:~> file /bin/bash
  /bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld-linux.so.2, 
BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, 
stripped
  root@tirpitz:~>

  I have uploaded a chroot with Debian unstable which allows to
  reproduce the issue:

  > https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716767/+subscriptions

[Qemu-devel] [Bug 932490] Re: Qemu fails on -fda /dev/fd0 when no medium is present

[Thomas Huth]

** Changed in: qemu
   Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/932490

Title:
  Qemu fails on -fda /dev/fd0 when no medium is present

Status in QEMU:
  Won't Fix

Bug description:
  # qemu-system-x86_64 --version
  QEMU emulator version 1.0 (qemu-kvm-1.0), Copyright (c) 2003-2008 Fabrice 
Bellard

  # qemu-system-x86_64 -fda /dev/fd0
  qemu-system-x86_64: -fda /dev/fd0: could not open disk image /dev/fd0: No 
such device or address

  Starting with a medium (floppy disk) inserted, then removing or
  changing the medium works fine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/932490/+subscriptions

[Qemu-devel] [PATCH 3/4] tcg/sparc: Fully convert tcg_target_op_def

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/sparc/tcg-target.inc.c | 239 ++---
 1 file changed, 137 insertions(+), 102 deletions(-)

diff --git a/tcg/sparc/tcg-target.inc.c b/tcg/sparc/tcg-target.inc.c
index 1da4debbaf..bc673bd8c6 100644
--- a/tcg/sparc/tcg-target.inc.c
+++ b/tcg/sparc/tcg-target.inc.c
@@ -1632,112 +1632,147 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
 }
 }
 
-static const TCGTargetOpDef sparc_op_defs[] = {
-{ INDEX_op_exit_tb, { } },
-{ INDEX_op_goto_tb, { } },
-{ INDEX_op_br, { } },
-{ INDEX_op_goto_ptr, { "r" } },
-
-{ INDEX_op_ld8u_i32, { "r", "r" } },
-{ INDEX_op_ld8s_i32, { "r", "r" } },
-{ INDEX_op_ld16u_i32, { "r", "r" } },
-{ INDEX_op_ld16s_i32, { "r", "r" } },
-{ INDEX_op_ld_i32, { "r", "r" } },
-{ INDEX_op_st8_i32, { "rZ", "r" } },
-{ INDEX_op_st16_i32, { "rZ", "r" } },
-{ INDEX_op_st_i32, { "rZ", "r" } },
-
-{ INDEX_op_add_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_mul_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_div_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_divu_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_sub_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_and_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_andc_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_or_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_orc_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_xor_i32, { "r", "rZ", "rJ" } },
-
-{ INDEX_op_shl_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_shr_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_sar_i32, { "r", "rZ", "rJ" } },
-
-{ INDEX_op_neg_i32, { "r", "rJ" } },
-{ INDEX_op_not_i32, { "r", "rJ" } },
-
-{ INDEX_op_brcond_i32, { "rZ", "rJ" } },
-{ INDEX_op_setcond_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_movcond_i32, { "r", "rZ", "rJ", "rI", "0" } },
-
-{ INDEX_op_add2_i32, { "r", "r", "rZ", "rZ", "rJ", "rJ" } },
-{ INDEX_op_sub2_i32, { "r", "r", "rZ", "rZ", "rJ", "rJ" } },
-{ INDEX_op_mulu2_i32, { "r", "r", "rZ", "rJ" } },
-{ INDEX_op_muls2_i32, { "r", "r", "rZ", "rJ" } },
-
-{ INDEX_op_ld8u_i64, { "R", "r" } },
-{ INDEX_op_ld8s_i64, { "R", "r" } },
-{ INDEX_op_ld16u_i64, { "R", "r" } },
-{ INDEX_op_ld16s_i64, { "R", "r" } },
-{ INDEX_op_ld32u_i64, { "R", "r" } },
-{ INDEX_op_ld32s_i64, { "R", "r" } },
-{ INDEX_op_ld_i64, { "R", "r" } },
-{ INDEX_op_st8_i64, { "RZ", "r" } },
-{ INDEX_op_st16_i64, { "RZ", "r" } },
-{ INDEX_op_st32_i64, { "RZ", "r" } },
-{ INDEX_op_st_i64, { "RZ", "r" } },
-
-{ INDEX_op_add_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_mul_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_div_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_divu_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_sub_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_and_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_andc_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_or_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_orc_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_xor_i64, { "R", "RZ", "RJ" } },
-
-{ INDEX_op_shl_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_shr_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_sar_i64, { "R", "RZ", "RJ" } },
-
-{ INDEX_op_neg_i64, { "R", "RJ" } },
-{ INDEX_op_not_i64, { "R", "RJ" } },
-
-{ INDEX_op_ext32s_i64, { "R", "R" } },
-{ INDEX_op_ext32u_i64, { "R", "R" } },
-{ INDEX_op_ext_i32_i64, { "R", "r" } },
-{ INDEX_op_extu_i32_i64, { "R", "r" } },
-{ INDEX_op_extrl_i64_i32,  { "r", "R" } },
-{ INDEX_op_extrh_i64_i32,  { "r", "R" } },
-
-{ INDEX_op_brcond_i64, { "RZ", "RJ" } },
-{ INDEX_op_setcond_i64, { "R", "RZ", "RJ" } },
-{ INDEX_op_movcond_i64, { "R", "RZ", "RJ", "RI", "0" } },
-
-{ INDEX_op_add2_i64, { "R", "R", "RZ", "RZ", "RJ", "RI" } },
-{ INDEX_op_sub2_i64, { "R", "R", "RZ", "RZ", "RJ", "RI" } },
-{ INDEX_op_muluh_i64, { "R", "RZ", "RZ" } },
-
-{ INDEX_op_qemu_ld_i32, { "r", "A" } },
-{ INDEX_op_qemu_ld_i64, { "R", "A" } },
-{ INDEX_op_qemu_st_i32, { "sZ", "A" } },
-{ INDEX_op_qemu_st_i64, { "SZ", "A" } },
-
-{ INDEX_op_mb, { } },
-{ -1 },
-};
-
 static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode op)
 {
-int i, n = ARRAY_SIZE(sparc_op_defs);
+static const TCGTargetOpDef r = { .args_ct_str = { "r" } };
+static const TCGTargetOpDef r_r = { .args_ct_str = { "r", "r" } };
+static const TCGTargetOpDef R_r = { .args_ct_str = { "R", "r" } };
+static const TCGTargetOpDef r_R = { .args_ct_str = { "r", "R" } };
+static const TCGTargetOpDef R_R = { .args_ct_str = { "R", "R" } };
+static const TCGTargetOpDef r_A = { .args_ct_str = { "r", "A" } };
+static const TCGTargetOpDef R_A = { .args_ct_str = { "R", "A" } };
+static const TCGTargetOpDef rZ_r = { .args_ct_str = { "rZ", "r" } };
+static const TCGTargetOpDef RZ_r = { .args_ct_str = { "RZ", "r" } };
+static const TCGTargetOpDef sZ_A = { .args_ct_str = { "sZ", "A" } };
+static const TCGTargetOpDef 

[Qemu-devel] [PATCH 4/4] tcg/mips: Fully convert tcg_target_op_def

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/mips/tcg-target.inc.c | 324 --
 1 file changed, 170 insertions(+), 154 deletions(-)

diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
index 1c09ec7d5b..ce4030602f 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -2163,166 +2163,182 @@ static inline void tcg_out_op(TCGContext *s, 
TCGOpcode opc,
 }
 }
 
-static const TCGTargetOpDef mips_op_defs[] = {
-{ INDEX_op_exit_tb, { } },
-{ INDEX_op_goto_tb, { } },
-{ INDEX_op_br, { } },
-{ INDEX_op_goto_ptr, { "r" } },
-
-{ INDEX_op_ld8u_i32, { "r", "r" } },
-{ INDEX_op_ld8s_i32, { "r", "r" } },
-{ INDEX_op_ld16u_i32, { "r", "r" } },
-{ INDEX_op_ld16s_i32, { "r", "r" } },
-{ INDEX_op_ld_i32, { "r", "r" } },
-{ INDEX_op_st8_i32, { "rZ", "r" } },
-{ INDEX_op_st16_i32, { "rZ", "r" } },
-{ INDEX_op_st_i32, { "rZ", "r" } },
-
-{ INDEX_op_add_i32, { "r", "rZ", "rJ" } },
-{ INDEX_op_mul_i32, { "r", "rZ", "rZ" } },
-#if !use_mips32r6_instructions
-{ INDEX_op_muls2_i32, { "r", "r", "rZ", "rZ" } },
-{ INDEX_op_mulu2_i32, { "r", "r", "rZ", "rZ" } },
-#endif
-{ INDEX_op_mulsh_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_muluh_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_div_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_divu_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_rem_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_remu_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_sub_i32, { "r", "rZ", "rN" } },
-
-{ INDEX_op_and_i32, { "r", "rZ", "rIK" } },
-{ INDEX_op_nor_i32, { "r", "rZ", "rZ" } },
-{ INDEX_op_not_i32, { "r", "rZ" } },
-{ INDEX_op_or_i32, { "r", "rZ", "rIZ" } },
-{ INDEX_op_xor_i32, { "r", "rZ", "rIZ" } },
-
-{ INDEX_op_shl_i32, { "r", "rZ", "ri" } },
-{ INDEX_op_shr_i32, { "r", "rZ", "ri" } },
-{ INDEX_op_sar_i32, { "r", "rZ", "ri" } },
-{ INDEX_op_rotr_i32, { "r", "rZ", "ri" } },
-{ INDEX_op_rotl_i32, { "r", "rZ", "ri" } },
-{ INDEX_op_clz_i32,  { "r", "r", "rWZ" } },
-
-{ INDEX_op_bswap16_i32, { "r", "r" } },
-{ INDEX_op_bswap32_i32, { "r", "r" } },
-
-{ INDEX_op_ext8s_i32, { "r", "rZ" } },
-{ INDEX_op_ext16s_i32, { "r", "rZ" } },
-
-{ INDEX_op_deposit_i32, { "r", "0", "rZ" } },
-{ INDEX_op_extract_i32, { "r", "r" } },
-
-{ INDEX_op_brcond_i32, { "rZ", "rZ" } },
-#if use_mips32r6_instructions
-{ INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "rZ" } },
-#else
-{ INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "0" } },
-#endif
-{ INDEX_op_setcond_i32, { "r", "rZ", "rZ" } },
+static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode op)
+{
+static const TCGTargetOpDef r = { .args_ct_str = { "r" } };
+static const TCGTargetOpDef r_r = { .args_ct_str = { "r", "r" } };
+static const TCGTargetOpDef r_L = { .args_ct_str = { "r", "L" } };
+static const TCGTargetOpDef rZ_r = { .args_ct_str = { "rZ", "r" } };
+static const TCGTargetOpDef SZ_S = { .args_ct_str = { "SZ", "S" } };
+static const TCGTargetOpDef rZ_rZ = { .args_ct_str = { "rZ", "rZ" } };
+static const TCGTargetOpDef r_r_L = { .args_ct_str = { "r", "r", "L" } };
+static const TCGTargetOpDef r_L_L = { .args_ct_str = { "r", "L", "L" } };
+static const TCGTargetOpDef r_r_ri = { .args_ct_str = { "r", "r", "ri" } };
+static const TCGTargetOpDef r_r_rI = { .args_ct_str = { "r", "r", "rI" } };
+static const TCGTargetOpDef r_r_rJ = { .args_ct_str = { "r", "r", "rJ" } };
+static const TCGTargetOpDef SZ_S_S = { .args_ct_str = { "SZ", "S", "S" } };
+static const TCGTargetOpDef SZ_SZ_S
+= { .args_ct_str = { "SZ", "SZ", "S" } };
+static const TCGTargetOpDef SZ_SZ_S_S
+= { .args_ct_str = { "SZ", "SZ", "S", "S" } };
+static const TCGTargetOpDef r_rZ_rN
+= { .args_ct_str = { "r", "rZ", "rN" } };
+static const TCGTargetOpDef r_rZ_rZ
+= { .args_ct_str = { "r", "rZ", "rZ" } };
+static const TCGTargetOpDef r_r_rIK
+= { .args_ct_str = { "r", "r", "rIK" } };
+static const TCGTargetOpDef r_r_rWZ
+= { .args_ct_str = { "r", "r", "rWZ" } };
+static const TCGTargetOpDef r_r_r_r
+= { .args_ct_str = { "r", "r", "r", "r" } };
+static const TCGTargetOpDef r_r_L_L
+= { .args_ct_str = { "r", "r", "L", "L" } };
+static const TCGTargetOpDef dep
+= { .args_ct_str = { "r", "0", "rZ" } };
+static const TCGTargetOpDef movc
+= { .args_ct_str = { "r", "rZ", "rZ", "rZ", "0" } };
+static const TCGTargetOpDef movc_r6
+= { .args_ct_str = { "r", "rZ", "rZ", "rZ", "rZ" } };
+static const TCGTargetOpDef add2
+= { .args_ct_str = { "r", "r", "rZ", "rZ", "rN", "rN" } };
+static const TCGTargetOpDef br2
+= { .args_ct_str = { "rZ", "rZ", "rZ", "rZ" } };
+static const TCGTargetOpDef setc2
+= { .args_ct_str = { "r", "rZ", "rZ", "rZ", "rZ" } };
+
+switch (op) 

[Qemu-devel] 087 failing without aio

[Dr. David Alan Gilbert]

Hi Kevin,
  087 fails if you've not built with aio, do we have
any easy tests that let us skip it?

(I was building on a cleanly installed borrowed farm box for a different
architecture and hadn't installed the full set).

=== aio=native without O_DIRECT ===

Testing:
QMP_VERSION
{"return": {}}
{"error": {"class": "GenericError", "desc": "aio=native was specified, but is 
not supported in this build."}}
{"return": {}}
{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"SHUTDOWN", "data": {"guest": false}}


Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH 0/4] tcg: Fully convert tcg_target_op_def

[Richard Henderson]

The tcg/aarch64 version has already been posted as a part
of my vector operations patch set.  This is simply source
code quality improvement, therefore I skip tcg/tci.  But
this takes care of all of the rest.


r~


Richard Henderson (4):
  tcg/arm: Fully convert tcg_target_op_def
  tcg/ppc: Fully convert tcg_target_op_def
  tcg/sparc: Fully convert tcg_target_op_def
  tcg/mips: Fully convert tcg_target_op_def

 tcg/arm/tcg-target.inc.c   | 186 +++---
 tcg/mips/tcg-target.inc.c  | 324 -
 tcg/ppc/tcg-target.inc.c   | 321 +++-
 tcg/sparc/tcg-target.inc.c | 239 +++--
 4 files changed, 582 insertions(+), 488 deletions(-)

-- 
2.13.5

[Qemu-devel] [PATCH 1/4] tcg/arm: Fully convert tcg_target_op_def

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.inc.c | 186 +++
 1 file changed, 107 insertions(+), 79 deletions(-)

diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index 14599a8685..98a12535a5 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -2060,91 +2060,119 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode 
opc,
 }
 }
 
-static const TCGTargetOpDef arm_op_defs[] = {
-{ INDEX_op_exit_tb, { } },
-{ INDEX_op_goto_tb, { } },
-{ INDEX_op_br, { } },
-{ INDEX_op_goto_ptr, { "r" } },
-
-{ INDEX_op_ld8u_i32, { "r", "r" } },
-{ INDEX_op_ld8s_i32, { "r", "r" } },
-{ INDEX_op_ld16u_i32, { "r", "r" } },
-{ INDEX_op_ld16s_i32, { "r", "r" } },
-{ INDEX_op_ld_i32, { "r", "r" } },
-{ INDEX_op_st8_i32, { "r", "r" } },
-{ INDEX_op_st16_i32, { "r", "r" } },
-{ INDEX_op_st_i32, { "r", "r" } },
-
-/* TODO: "r", "r", "ri" */
-{ INDEX_op_add_i32, { "r", "r", "rIN" } },
-{ INDEX_op_sub_i32, { "r", "rI", "rIN" } },
-{ INDEX_op_mul_i32, { "r", "r", "r" } },
-{ INDEX_op_mulu2_i32, { "r", "r", "r", "r" } },
-{ INDEX_op_muls2_i32, { "r", "r", "r", "r" } },
-{ INDEX_op_and_i32, { "r", "r", "rIK" } },
-{ INDEX_op_andc_i32, { "r", "r", "rIK" } },
-{ INDEX_op_or_i32, { "r", "r", "rI" } },
-{ INDEX_op_xor_i32, { "r", "r", "rI" } },
-{ INDEX_op_neg_i32, { "r", "r" } },
-{ INDEX_op_not_i32, { "r", "r" } },
-
-{ INDEX_op_shl_i32, { "r", "r", "ri" } },
-{ INDEX_op_shr_i32, { "r", "r", "ri" } },
-{ INDEX_op_sar_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotl_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotr_i32, { "r", "r", "ri" } },
-{ INDEX_op_clz_i32, { "r", "r", "rIK" } },
-{ INDEX_op_ctz_i32, { "r", "r", "rIK" } },
-
-{ INDEX_op_brcond_i32, { "r", "rIN" } },
-{ INDEX_op_setcond_i32, { "r", "r", "rIN" } },
-{ INDEX_op_movcond_i32, { "r", "r", "rIN", "rIK", "0" } },
-
-{ INDEX_op_add2_i32, { "r", "r", "r", "r", "rIN", "rIK" } },
-{ INDEX_op_sub2_i32, { "r", "r", "rI", "rI", "rIN", "rIK" } },
-{ INDEX_op_brcond2_i32, { "r", "r", "rIN", "rIN" } },
-{ INDEX_op_setcond2_i32, { "r", "r", "r", "rIN", "rIN" } },
-
-#if TARGET_LONG_BITS == 32
-{ INDEX_op_qemu_ld_i32, { "r", "l" } },
-{ INDEX_op_qemu_ld_i64, { "r", "r", "l" } },
-{ INDEX_op_qemu_st_i32, { "s", "s" } },
-{ INDEX_op_qemu_st_i64, { "s", "s", "s" } },
-#else
-{ INDEX_op_qemu_ld_i32, { "r", "l", "l" } },
-{ INDEX_op_qemu_ld_i64, { "r", "r", "l", "l" } },
-{ INDEX_op_qemu_st_i32, { "s", "s", "s" } },
-{ INDEX_op_qemu_st_i64, { "s", "s", "s", "s" } },
-#endif
-
-{ INDEX_op_bswap16_i32, { "r", "r" } },
-{ INDEX_op_bswap32_i32, { "r", "r" } },
-
-{ INDEX_op_ext8s_i32, { "r", "r" } },
-{ INDEX_op_ext16s_i32, { "r", "r" } },
-{ INDEX_op_ext16u_i32, { "r", "r" } },
+static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode op)
+{
+static const TCGTargetOpDef r = { .args_ct_str = { "r" } };
+static const TCGTargetOpDef r_r = { .args_ct_str = { "r", "r" } };
+static const TCGTargetOpDef s_s = { .args_ct_str = { "s", "s" } };
+static const TCGTargetOpDef r_l = { .args_ct_str = { "r", "l" } };
+static const TCGTargetOpDef r_r_r = { .args_ct_str = { "r", "r", "r" } };
+static const TCGTargetOpDef r_r_l = { .args_ct_str = { "r", "r", "l" } };
+static const TCGTargetOpDef r_l_l = { .args_ct_str = { "r", "l", "l" } };
+static const TCGTargetOpDef s_s_s = { .args_ct_str = { "s", "s", "s" } };
+static const TCGTargetOpDef r_r_ri = { .args_ct_str = { "r", "r", "ri" } };
+static const TCGTargetOpDef r_r_rI = { .args_ct_str = { "r", "r", "rI" } };
+static const TCGTargetOpDef r_r_rIN
+= { .args_ct_str = { "r", "r", "rIN" } };
+static const TCGTargetOpDef r_r_rIK
+= { .args_ct_str = { "r", "r", "rIK" } };
+static const TCGTargetOpDef r_r_r_r
+= { .args_ct_str = { "r", "r", "r", "r" } };
+static const TCGTargetOpDef r_r_l_l
+= { .args_ct_str = { "r", "r", "l", "l" } };
+static const TCGTargetOpDef s_s_s_s
+= { .args_ct_str = { "s", "s", "s", "s" } };
+static const TCGTargetOpDef br
+= { .args_ct_str = { "r", "rIN" } };
+static const TCGTargetOpDef dep
+= { .args_ct_str = { "r", "0", "rZ" } };
+static const TCGTargetOpDef movc
+= { .args_ct_str = { "r", "r", "rIN", "rIK", "0" } };
+static const TCGTargetOpDef add2
+= { .args_ct_str = { "r", "r", "r", "r", "rIN", "rIK" } };
+static const TCGTargetOpDef sub2
+= { .args_ct_str = { "r", "r", "rI", "rI", "rIN", "rIK" } };
+static const TCGTargetOpDef br2
+= { .args_ct_str = { "r", "r", "rIN", "rIN" } };
+static const TCGTargetOpDef setc2
+= { .args_ct_str = { "r", "r", "r", "rIN", "rIN" } };
+
+switch (op) {
+case INDEX_op_goto_ptr:
+return 
 

[Qemu-devel] [PATCH 2/4] tcg/ppc: Fully convert tcg_target_op_def

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.inc.c | 321 +--
 1 file changed, 168 insertions(+), 153 deletions(-)

diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 8ffc7a7205..879885b68b 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -2596,166 +2596,181 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, 
const TCGArg *args,
 }
 }
 
-static const TCGTargetOpDef ppc_op_defs[] = {
-{ INDEX_op_exit_tb, { } },
-{ INDEX_op_goto_tb, { } },
-{ INDEX_op_br, { } },
-{ INDEX_op_goto_ptr, { "r" } },
-
-{ INDEX_op_ld8u_i32, { "r", "r" } },
-{ INDEX_op_ld8s_i32, { "r", "r" } },
-{ INDEX_op_ld16u_i32, { "r", "r" } },
-{ INDEX_op_ld16s_i32, { "r", "r" } },
-{ INDEX_op_ld_i32, { "r", "r" } },
-
-{ INDEX_op_st8_i32, { "r", "r" } },
-{ INDEX_op_st16_i32, { "r", "r" } },
-{ INDEX_op_st_i32, { "r", "r" } },
-
-{ INDEX_op_add_i32, { "r", "r", "ri" } },
-{ INDEX_op_mul_i32, { "r", "r", "rI" } },
-{ INDEX_op_div_i32, { "r", "r", "r" } },
-{ INDEX_op_divu_i32, { "r", "r", "r" } },
-{ INDEX_op_sub_i32, { "r", "rI", "ri" } },
-{ INDEX_op_and_i32, { "r", "r", "ri" } },
-{ INDEX_op_or_i32, { "r", "r", "ri" } },
-{ INDEX_op_xor_i32, { "r", "r", "ri" } },
-{ INDEX_op_andc_i32, { "r", "r", "ri" } },
-{ INDEX_op_orc_i32, { "r", "r", "ri" } },
-{ INDEX_op_eqv_i32, { "r", "r", "ri" } },
-{ INDEX_op_nand_i32, { "r", "r", "r" } },
-{ INDEX_op_nor_i32, { "r", "r", "r" } },
-{ INDEX_op_clz_i32, { "r", "r", "rZW" } },
-{ INDEX_op_ctz_i32, { "r", "r", "rZW" } },
-{ INDEX_op_ctpop_i32, { "r", "r" } },
-
-{ INDEX_op_shl_i32, { "r", "r", "ri" } },
-{ INDEX_op_shr_i32, { "r", "r", "ri" } },
-{ INDEX_op_sar_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotl_i32, { "r", "r", "ri" } },
-{ INDEX_op_rotr_i32, { "r", "r", "ri" } },
-
-{ INDEX_op_neg_i32, { "r", "r" } },
-{ INDEX_op_not_i32, { "r", "r" } },
-{ INDEX_op_ext8s_i32, { "r", "r" } },
-{ INDEX_op_ext16s_i32, { "r", "r" } },
-{ INDEX_op_bswap16_i32, { "r", "r" } },
-{ INDEX_op_bswap32_i32, { "r", "r" } },
-
-{ INDEX_op_brcond_i32, { "r", "ri" } },
-{ INDEX_op_setcond_i32, { "r", "r", "ri" } },
-{ INDEX_op_movcond_i32, { "r", "r", "ri", "rZ", "rZ" } },
-
-{ INDEX_op_deposit_i32, { "r", "0", "rZ" } },
-{ INDEX_op_extract_i32, { "r", "r" } },
-
-{ INDEX_op_muluh_i32, { "r", "r", "r" } },
-{ INDEX_op_mulsh_i32, { "r", "r", "r" } },
-
-#if TCG_TARGET_REG_BITS == 64
-{ INDEX_op_ld8u_i64, { "r", "r" } },
-{ INDEX_op_ld8s_i64, { "r", "r" } },
-{ INDEX_op_ld16u_i64, { "r", "r" } },
-{ INDEX_op_ld16s_i64, { "r", "r" } },
-{ INDEX_op_ld32u_i64, { "r", "r" } },
-{ INDEX_op_ld32s_i64, { "r", "r" } },
-{ INDEX_op_ld_i64, { "r", "r" } },
-
-{ INDEX_op_st8_i64, { "r", "r" } },
-{ INDEX_op_st16_i64, { "r", "r" } },
-{ INDEX_op_st32_i64, { "r", "r" } },
-{ INDEX_op_st_i64, { "r", "r" } },
-
-{ INDEX_op_add_i64, { "r", "r", "rT" } },
-{ INDEX_op_sub_i64, { "r", "rI", "rT" } },
-{ INDEX_op_and_i64, { "r", "r", "ri" } },
-{ INDEX_op_or_i64, { "r", "r", "rU" } },
-{ INDEX_op_xor_i64, { "r", "r", "rU" } },
-{ INDEX_op_andc_i64, { "r", "r", "ri" } },
-{ INDEX_op_orc_i64, { "r", "r", "r" } },
-{ INDEX_op_eqv_i64, { "r", "r", "r" } },
-{ INDEX_op_nand_i64, { "r", "r", "r" } },
-{ INDEX_op_nor_i64, { "r", "r", "r" } },
-{ INDEX_op_clz_i64, { "r", "r", "rZW" } },
-{ INDEX_op_ctz_i64, { "r", "r", "rZW" } },
-{ INDEX_op_ctpop_i64, { "r", "r" } },
-
-{ INDEX_op_shl_i64, { "r", "r", "ri" } },
-{ INDEX_op_shr_i64, { "r", "r", "ri" } },
-{ INDEX_op_sar_i64, { "r", "r", "ri" } },
-{ INDEX_op_rotl_i64, { "r", "r", "ri" } },
-{ INDEX_op_rotr_i64, { "r", "r", "ri" } },
-
-{ INDEX_op_mul_i64, { "r", "r", "rI" } },
-{ INDEX_op_div_i64, { "r", "r", "r" } },
-{ INDEX_op_divu_i64, { "r", "r", "r" } },
-
-{ INDEX_op_neg_i64, { "r", "r" } },
-{ INDEX_op_not_i64, { "r", "r" } },
-{ INDEX_op_ext8s_i64, { "r", "r" } },
-{ INDEX_op_ext16s_i64, { "r", "r" } },
-{ INDEX_op_ext32s_i64, { "r", "r" } },
-{ INDEX_op_ext_i32_i64, { "r", "r" } },
-{ INDEX_op_extu_i32_i64, { "r", "r" } },
-{ INDEX_op_bswap16_i64, { "r", "r" } },
-{ INDEX_op_bswap32_i64, { "r", "r" } },
-{ INDEX_op_bswap64_i64, { "r", "r" } },
-
-{ INDEX_op_brcond_i64, { "r", "ri" } },
-{ INDEX_op_setcond_i64, { "r", "r", "ri" } },
-{ INDEX_op_movcond_i64, { "r", "r", "ri", "rZ", "rZ" } },
-
-{ INDEX_op_deposit_i64, { "r", "0", "rZ" } },
-{ INDEX_op_extract_i64, { "r", "r" } },
-
-{ INDEX_op_mulsh_i64, { "r", "r", "r" } },
-{ INDEX_op_muluh_i64, { "r", "r", "r" } },
-#endif
+static const TCGTargetOpDef *tcg_target_op_def(TCGOpcode op)
+{
+static const TCGTargetOpDef r = { 

Re: [Qemu-devel] [RFC 00/15] QMP: out-of-band (OOB) execution support

[Dr. David Alan Gilbert]

* Peter Xu (pet...@redhat.com) wrote:
> This series was born from this one:
> 
>   https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04310.html

Are patches 1..6 separable and mergable without the rest ?

Dave

> The design comes from Markus, and also the whole-bunch-of discussions
> in previous thread.  My heartful thanks to Markus, Daniel, Dave,
> Stefan, etc. on discussing the topic (...again!), providing shiny
> ideas and suggestions.  Finally we got such a solution that seems to
> satisfy everyone.
> 
> I re-started the versioning since this series is totally different
> from previous one.  Now it's version 1.
> 
> In case new reviewers come along the way without reading previous
> discussions, I will try to do a summary on what this is all about.
> 
> What is OOB execution?
> ==
> 
> It's the shortcut of Out-Of-Band execution, its name is given by
> Markus.  It's a way to quickly execute a QMP request.  Say, originally
> QMP is going throw these steps:
> 
>   JSON Parser --> QMP Dispatcher --> Respond
>   /|\(2)(3) |
>(1) |   \|/ (4)
>+-  main thread  +
> 
> The requests are executed by the so-called QMP-dispatcher after the
> JSON is parsed.  If OOB is on, we run the command directly in the
> parser and quickly returns.
> 
> Yeah I know in current code the parser calls dispatcher directly
> (please see handle_qmp_command()).  However it's not true again after
> this series (parser will has its own IO thread, and dispatcher will
> still be run in main thread).  So this OOB does brings something
> different.
> 
> There are more details on why OOB and the difference/relationship
> between OOB, async QMP, block/general jobs, etc.. but IMHO that's
> slightly out of topic (and believe me, it's not easy for me to
> summarize that).  For more information, please refers to [1].
> 
> Summary ends here.
> 
> Some Implementation Details
> ===
> 
> Again, I mentioned that the old QMP workflow is this:
> 
>   JSON Parser --> QMP Dispatcher --> Respond
>   /|\(2)(3) |
>(1) |   \|/ (4)
>+-  main thread  +
> 
> What this series does is, firstly:
> 
>   JSON Parser QMP Dispatcher --> Respond
>   /|\ |   /|\   (4) |
>|  | (2)| (3)|  (5)
>(1) |  +->  |   \|/
>+-  main thread  <---+
> 
> And further:
> 
>queue/kick
>  JSON Parser ==> QMP Dispatcher --> Respond
>  /|\ | (3)   /|\(4)|
>   (1) |  | (2)||  (5)
>   | \|/   |   \|/
> IO thread main thread  <---+
> 
> Then it introduced the "allow-oob" parameter in QAPI schema to define
> commands, and "run-oob" flag to let oob-allowed command to run in the
> parser.
> 
> The last patch enables this for "migrate-incoming" command.
> 
> Please review.  Thanks.
> 
> [1] https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04310.html
> 
> Peter Xu (15):
>   char-io: fix possible race on IOWatchPoll
>   qobject: allow NULL for qstring_get_str()
>   qobject: introduce qobject_to_str()
>   monitor: move skip_flush into monitor_data_init
>   qjson: add "opaque" field to JSONMessageParser
>   monitor: move the cur_mon hack deeper for QMP
>   monitor: unify global init
>   monitor: create IO thread
>   monitor: allow to use IO thread for parsing
>   monitor: introduce monitor_qmp_respond()
>   monitor: separate QMP parser and dispatcher
>   monitor: enable IO thread for (qmp & !mux) typed
>   qapi: introduce new cmd option "allow-oob"
>   qmp: support out-of-band (oob) execution
>   qmp: let migrate-incoming allow out-of-band
> 
>  chardev/char-io.c|  15 ++-
>  docs/devel/qapi-code-gen.txt |  51 ++-
>  include/monitor/monitor.h|   2 +-
>  include/qapi/qmp/dispatch.h  |   2 +
>  include/qapi/qmp/json-streamer.h |   8 +-
>  include/qapi/qmp/qstring.h   |   1 +
>  monitor.c| 283 
> +++
>  qapi/introspect.json |   6 +-
>  qapi/migration.json  |   3 +-
>  qapi/qmp-dispatch.c  |  34 +
>  qga/main.c   |   5 +-
>  qobject/json-streamer.c  |   7 +-
>  qobject/qjson.c  |   5 +-
>  qobject/qstring.c|  13 +-
>  scripts/qapi-commands.py |  19 ++-
>  scripts/qapi-introspect.py   |  10 +-
>  scripts/qapi.py  |  15 ++-
>  scripts/qapi2texi.py |   2 +-
>  tests/libqtest.c |   5 +-
>  tests/qapi-schema/test-qapi.py   |   2 +-
>  trace-events |   2 +
>  vl.c |   3 +-
>  22 files changed, 398 insertions(+), 

Re: [Qemu-devel] [RFC 00/15] QMP: out-of-band (OOB) execution support

[Dr. David Alan Gilbert]

* Marc-André Lureau (marcandre.lur...@gmail.com) wrote:
> Hi
> 
> On Thu, Sep 14, 2017 at 9:50 AM, Peter Xu  wrote:
> > This series was born from this one:
> >
> >   https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04310.html
> >
> > The design comes from Markus, and also the whole-bunch-of discussions
> > in previous thread.  My heartful thanks to Markus, Daniel, Dave,
> > Stefan, etc. on discussing the topic (...again!), providing shiny
> > ideas and suggestions.  Finally we got such a solution that seems to
> > satisfy everyone.
> >
> > I re-started the versioning since this series is totally different
> > from previous one.  Now it's version 1.
> >
> > In case new reviewers come along the way without reading previous
> > discussions, I will try to do a summary on what this is all about.
> >
> > What is OOB execution?
> > ==
> >
> > It's the shortcut of Out-Of-Band execution, its name is given by
> > Markus.  It's a way to quickly execute a QMP request.  Say, originally
> > QMP is going throw these steps:
> >
> >   JSON Parser --> QMP Dispatcher --> Respond
> >   /|\(2)(3) |
> >(1) |   \|/ (4)
> >+-  main thread  +
> >
> > The requests are executed by the so-called QMP-dispatcher after the
> > JSON is parsed.  If OOB is on, we run the command directly in the
> > parser and quickly returns.
> 
> All commands should have the "id" field mandatory in this case, else
> the client will not distinguish the replies coming from the last/oob
> and the previous commands.
> 
> This should probably be enforced upfront by client capability checks,
> more below.
> 
> > Yeah I know in current code the parser calls dispatcher directly
> > (please see handle_qmp_command()).  However it's not true again after
> > this series (parser will has its own IO thread, and dispatcher will
> > still be run in main thread).  So this OOB does brings something
> > different.
> >
> > There are more details on why OOB and the difference/relationship
> > between OOB, async QMP, block/general jobs, etc.. but IMHO that's
> > slightly out of topic (and believe me, it's not easy for me to
> > summarize that).  For more information, please refers to [1].
> >
> > Summary ends here.
> >
> > Some Implementation Details
> > ===
> >
> > Again, I mentioned that the old QMP workflow is this:
> >
> >   JSON Parser --> QMP Dispatcher --> Respond
> >   /|\(2)(3) |
> >(1) |   \|/ (4)
> >+-  main thread  +
> >
> > What this series does is, firstly:
> >
> >   JSON Parser QMP Dispatcher --> Respond
> >   /|\ |   /|\   (4) |
> >|  | (2)| (3)|  (5)
> >(1) |  +->  |   \|/
> >+-  main thread  <---+
> >
> > And further:
> >
> >queue/kick
> >  JSON Parser ==> QMP Dispatcher --> Respond
> >  /|\ | (3)   /|\(4)|
> >   (1) |  | (2)||  (5)
> >   | \|/   |   \|/
> > IO thread main thread  <---+
> 
> Is the queue per monitor or per client? And is the dispatching going
> to be processed even if the client is disconnected, and are new
> clients going to receive the replies from previous clients commands? I
> believe there should be a per-client context, so there won't be "id"
> request conflicts.
> 
> >
> > Then it introduced the "allow-oob" parameter in QAPI schema to define
> > commands, and "run-oob" flag to let oob-allowed command to run in the
> > parser.
> 
> From a protocol point of view, I find that "run-oob" distinction per
> command a bit pointless. It helps with legacy client that wouldn't
> expect out-of-order replies if qemu were to run oob commands oob by
> default though. Clients shouldn't care about how/where a command is
> being queued or not. If they send a command, they want it processed as
> quickly as possible. However, it can be interesting to know if the
> implementation of the command will be able to deliver oob, so that
> data in the introspection could be useful.
> 
> I would rather propose a client/server capability in qmp_capabilities,
> call it "oob":
> 
> This capability indicates oob commands support.

The problem is indicating which commands support oob as opposed to
indicating whether oob is present at all.  Future versions will
probably make more commands oob-able and a client will want to know
whether it can rely on a particular command being non-blocking.

> An oob command is a regular client message request with the "id"
> member mandatory, but the reply may be delivered
> out of order by the server if the client supports
> it too.
> 
> If both the server and the client have the "oob" capability, the
> server can handle 

[Qemu-devel] [PATCH 06/10] target/arm: Support Capstone in disas_set_info

[Richard Henderson]

Cc: qemu-...@nongnu.org
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.c | 21 ++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a1acce3c7a..92159ca0b1 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -33,6 +33,7 @@
 #include "sysemu/sysemu.h"
 #include "sysemu/hw_accel.h"
 #include "kvm_arm.h"
+#include "disas/capstone.h"
 
 static void arm_cpu_set_pc(CPUState *cs, vaddr value)
 {
@@ -476,10 +477,24 @@ static void arm_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 #if defined(CONFIG_ARM_A64_DIS)
 info->print_insn = print_insn_arm_a64;
 #endif
-} else if (env->thumb) {
-info->print_insn = print_insn_thumb1;
+info->cap_arch = CS_ARCH_ARM64;
 } else {
-info->print_insn = print_insn_arm;
+int cap_mode;
+if (env->thumb) {
+info->print_insn = print_insn_thumb1;
+cap_mode = CS_MODE_THUMB;
+} else {
+info->print_insn = print_insn_arm;
+cap_mode = CS_MODE_ARM;
+}
+if (arm_feature(env, ARM_FEATURE_V8)) {
+cap_mode |= CS_MODE_V8;
+}
+if (arm_feature(env, ARM_FEATURE_M)) {
+cap_mode |= CS_MODE_MCLASS;
+}
+info->cap_arch = CS_ARCH_ARM;
+info->cap_mode = cap_mode;
 }
 if (bswap_code(arm_sctlr_b(env))) {
 #ifdef TARGET_WORDS_BIGENDIAN
-- 
2.13.5

[Qemu-devel] [PATCH 05/10] target/i386: Support Capstone in disas_set_info

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/i386/cpu.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b869a69c53..c3980b3864 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -51,6 +51,8 @@
 #include "hw/i386/apic_internal.h"
 #endif
 
+#include "disas/capstone.h"
+
 
 /* Cache topology CPUID constants: */
 
@@ -4108,6 +4110,11 @@ static void x86_disas_set_info(CPUState *cs, 
disassemble_info *info)
   : env->hflags & HF_CS32_MASK ? bfd_mach_i386_i386
   : bfd_mach_i386_i8086);
 info->print_insn = print_insn_i386;
+
+info->cap_arch = CS_ARCH_X86;
+info->cap_mode = (env->hflags & HF_CS64_MASK ? CS_MODE_64
+  : env->hflags & HF_CS32_MASK ? CS_MODE_32
+  : CS_MODE_16);
 }
 
 static Property x86_cpu_properties[] = {
-- 
2.13.5

[Qemu-devel] [PATCH 03/10] disas: Remove unused flags arguments

[Richard Henderson]

Now that every target is using the disas_set_info hook,
the flags argument is unused.  Remove it.

Signed-off-by: Richard Henderson 
---
 include/disas/disas.h |  4 ++--
 include/exec/log.h|  4 ++--
 disas.c   | 15 ---
 monitor.c |  3 +--
 target/alpha/translate.c  |  2 +-
 target/arm/translate-a64.c|  3 +--
 target/arm/translate.c|  3 +--
 target/cris/translate.c   |  3 +--
 target/hppa/translate.c   |  2 +-
 target/i386/translate.c   |  2 +-
 target/lm32/translate.c   |  2 +-
 target/m68k/translate.c   |  2 +-
 target/microblaze/translate.c |  2 +-
 target/mips/translate.c   |  2 +-
 target/nios2/translate.c  |  2 +-
 target/openrisc/translate.c   |  2 +-
 target/ppc/translate.c|  2 +-
 target/s390x/translate.c  |  2 +-
 target/sh4/translate.c|  2 +-
 target/sparc/translate.c  |  2 +-
 target/tricore/translate.c|  2 +-
 target/unicore32/translate.c  |  2 +-
 target/xtensa/translate.c |  2 +-
 23 files changed, 28 insertions(+), 39 deletions(-)

diff --git a/include/disas/disas.h b/include/disas/disas.h
index e549ca24a1..4d48c13c65 100644
--- a/include/disas/disas.h
+++ b/include/disas/disas.h
@@ -9,10 +9,10 @@
 /* Disassemble this for me please... (debugging). */
 void disas(FILE *out, void *code, unsigned long size);
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
-  target_ulong size, int flags);
+  target_ulong size);
 
 void monitor_disas(Monitor *mon, CPUState *cpu,
-   target_ulong pc, int nb_insn, int is_physical, int flags);
+   target_ulong pc, int nb_insn, int is_physical);
 
 /* Look up symbol for debugging purpose.  Returns "" if unknown. */
 const char *lookup_symbol(target_ulong orig_addr);
diff --git a/include/exec/log.h b/include/exec/log.h
index ba1c9b5682..c249307911 100644
--- a/include/exec/log.h
+++ b/include/exec/log.h
@@ -38,9 +38,9 @@ static inline void log_cpu_state_mask(int mask, CPUState 
*cpu, int flags)
 #ifdef NEED_CPU_H
 /* disas() and target_disas() to qemu_logfile: */
 static inline void log_target_disas(CPUState *cpu, target_ulong start,
-target_ulong len, int flags)
+target_ulong len)
 {
-target_disas(qemu_logfile, cpu, start, len, flags);
+target_disas(qemu_logfile, cpu, start, len);
 }
 
 static inline void log_disas(void *code, unsigned long size)
diff --git a/disas.c b/disas.c
index 3a375a3b6c..ad675dc361 100644
--- a/disas.c
+++ b/disas.c
@@ -171,15 +171,9 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 return print_insn_objdump(pc, info, "OBJD-T");
 }
 
-/* Disassemble this for me please... (debugging). 'flags' has the following
-   values:
-i386 - 1 means 16 bit code, 2 means 64 bit code
-ppc  - bits 0:15 specify (optionally) the machine instruction set;
-   bit 16 indicates little endian.
-other targets - unused
- */
+/* Disassemble this for me please... (debugging).  */
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
-  target_ulong size, int flags)
+  target_ulong size)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 target_ulong pc;
@@ -336,10 +330,9 @@ monitor_read_memory (bfd_vma memaddr, bfd_byte *myaddr, 
int length,
 return 0;
 }
 
-/* Disassembler for the monitor.
-   See target_disas for a description of flags. */
+/* Disassembler for the monitor.  */
 void monitor_disas(Monitor *mon, CPUState *cpu,
-   target_ulong pc, int nb_insn, int is_physical, int flags)
+   target_ulong pc, int nb_insn, int is_physical)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 int count, i;
diff --git a/monitor.c b/monitor.c
index a0f43f27e7..2125b54101 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1309,8 +1309,7 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 }
 
 if (format == 'i') {
-int flags = 0;
-monitor_disas(mon, cs, addr, count, is_physical, flags);
+monitor_disas(mon, cs, addr, count, is_physical);
 return;
 }
 
diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index 5a92c4accb..e9a245f9c5 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -3048,7 +3048,7 @@ static void alpha_tr_tb_stop(DisasContextBase *dcbase, 
CPUState *cpu)
 static void alpha_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
 {
 qemu_log("IN: %s\n", lookup_symbol(dcbase->pc_first));
-log_target_disas(cpu, dcbase->pc_first, dcbase->tb->size, 1);
+log_target_disas(cpu, dcbase->pc_first, dcbase->tb->size);
 }
 
 static const TranslatorOps alpha_tr_ops = {
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 9017e30510..a3984c9a0d 100644
--- a/target/arm/translate-a64.c
+++ 

[Qemu-devel] [PATCH 10/10] target/mips: Support Capstone in disas_set_info

[Richard Henderson]

Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Richard Henderson 
---
 target/mips/cpu.h|  2 ++
 target/mips/cpu.c|  8 
 target/mips/translate_init.c | 36 
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 74f6a5b098..dca713825d 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1118,4 +1118,6 @@ static inline void QEMU_NORETURN 
do_raise_exception(CPUMIPSState *env,
 do_raise_exception_err(env, exception, 0, pc);
 }
 
+void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info);
+
 #endif /* MIPS_CPU_H */
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 1bb66b7a5a..898f1b3759 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -111,14 +111,6 @@ static void mips_cpu_reset(CPUState *s)
 #endif
 }
 
-static void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info) {
-#ifdef TARGET_WORDS_BIGENDIAN
-info->print_insn = print_insn_big_mips;
-#else
-info->print_insn = print_insn_little_mips;
-#endif
-}
-
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
diff --git a/target/mips/translate_init.c b/target/mips/translate_init.c
index 255d25bacd..1d43b3c36d 100644
--- a/target/mips/translate_init.c
+++ b/target/mips/translate_init.c
@@ -947,3 +947,39 @@ static void msa_reset(CPUMIPSState *env)
 /* set proper signanling bit meaning ("1" means "quiet") */
 set_snan_bit_is_one(0, >active_tc.msa_fp_status);
 }
+
+#include "disas/capstone.h"
+
+void mips_cpu_disas_set_info(CPUState *s, disassemble_info *info)
+{
+MIPSCPU *cpu = MIPS_CPU(s);
+CPUMIPSState *env = >env;
+int insn_flags = env->cpu_model->insn_flags;
+int cap_mode;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+info->print_insn = print_insn_big_mips;
+#else
+info->print_insn = print_insn_little_mips;
+#endif
+
+cap_mode = 0;
+if (insn_flags & ISA_MIPS3) {
+cap_mode |= CS_MODE_MIPS3;
+}
+if (insn_flags & ISA_MIPS32) {
+cap_mode |= CS_MODE_MIPS32;
+}
+if (insn_flags & ISA_MIPS64) {
+cap_mode |= CS_MODE_MIPS64;
+}
+if (insn_flags & ISA_MIPS32R6) {
+cap_mode |= CS_MODE_MIPS32R6;
+}
+#ifdef TARGET_MIPS64
+cap_mode |= CS_MODE_MIPSGP64;
+#endif
+
+info->cap_arch = CS_ARCH_MIPS;
+info->cap_mode = cap_mode;
+}
-- 
2.13.5

[Qemu-devel] [PATCH 01/10] target/i386: Convert to disas_set_info hook

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 disas.c | 22 ++
 monitor.c   | 21 -
 target/i386/cpu.c   | 12 
 target/i386/translate.c |  8 +---
 4 files changed, 15 insertions(+), 48 deletions(-)

diff --git a/disas.c b/disas.c
index d6a1eb9c8e..2be716fdb2 100644
--- a/disas.c
+++ b/disas.c
@@ -205,16 +205,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 cc->disas_set_info(cpu, );
 }
 
-#if defined(TARGET_I386)
-if (flags == 2) {
-s.info.mach = bfd_mach_x86_64;
-} else if (flags == 1) {
-s.info.mach = bfd_mach_i386_i8086;
-} else {
-s.info.mach = bfd_mach_i386_i386;
-}
-s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_PPC)
+#if defined(TARGET_PPC)
 if ((flags >> 16) & 1) {
 s.info.endian = BFD_ENDIAN_LITTLE;
 }
@@ -390,16 +381,7 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 cc->disas_set_info(cpu, );
 }
 
-#if defined(TARGET_I386)
-if (flags == 2) {
-s.info.mach = bfd_mach_x86_64;
-} else if (flags == 1) {
-s.info.mach = bfd_mach_i386_i8086;
-} else {
-s.info.mach = bfd_mach_i386_i386;
-}
-s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_PPC)
+#if defined(TARGET_PPC)
 if (flags & 0x) {
 /* If we have a precise definition of the instruction set, use it. */
 s.info.mach = flags & 0x;
diff --git a/monitor.c b/monitor.c
index 9239f7adde..3f3ebc31ef 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1310,27 +1310,6 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 
 if (format == 'i') {
 int flags = 0;
-#ifdef TARGET_I386
-CPUArchState *env = mon_get_cpu_env();
-if (wsize == 2) {
-flags = 1;
-} else if (wsize == 4) {
-flags = 0;
-} else {
-/* as default we use the current CS size */
-flags = 0;
-if (env) {
-#ifdef TARGET_X86_64
-if ((env->efer & MSR_EFER_LMA) &&
-(env->segs[R_CS].flags & DESC_L_MASK))
-flags = 2;
-else
-#endif
-if (!(env->segs[R_CS].flags & DESC_B_MASK))
-flags = 1;
-}
-}
-#endif
 #ifdef TARGET_PPC
 CPUArchState *env = mon_get_cpu_env();
 flags = msr_le << 16;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 69676e13e1..b869a69c53 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4099,6 +4099,17 @@ static bool x86_cpu_has_work(CPUState *cs)
 !(env->hflags & HF_SMM_MASK));
 }
 
+static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
+{
+X86CPU *cpu = X86_CPU(cs);
+CPUX86State *env = >env;
+
+info->mach = (env->hflags & HF_CS64_MASK ? bfd_mach_x86_64
+  : env->hflags & HF_CS32_MASK ? bfd_mach_i386_i386
+  : bfd_mach_i386_i8086);
+info->print_insn = print_insn_i386;
+}
+
 static Property x86_cpu_properties[] = {
 #ifdef CONFIG_USER_ONLY
 /* apic_id = 0 by default for *-user, see commit 9886e834 */
@@ -4204,6 +4215,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 #endif
 cc->cpu_exec_enter = x86_cpu_exec_enter;
 cc->cpu_exec_exit = x86_cpu_exec_exit;
+cc->disas_set_info = x86_disas_set_info;
 
 dc->user_creatable = true;
 }
diff --git a/target/i386/translate.c b/target/i386/translate.c
index de0c989763..06c2cb9e64 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -8526,15 +8526,9 @@ static void i386_tr_disas_log(const DisasContextBase 
*dcbase,
   CPUState *cpu)
 {
 DisasContext *dc = container_of(dcbase, DisasContext, base);
-int disas_flags = !dc->code32;
 
 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
-#ifdef TARGET_X86_64
-if (dc->code64) {
-disas_flags = 2;
-}
-#endif
-log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size, disas_flags);
+log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size, 0);
 }
 
 static const TranslatorOps i386_tr_ops = {
-- 
2.13.5

[Qemu-devel] [PATCH 09/10] target/sparc: Support Capstone in disas_set_info

[Richard Henderson]

Cc: Mark Cave-Ayland 
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 0806d699e6..7eabf410de 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -24,6 +24,7 @@
 #include "exec/exec-all.h"
 #include "hw/qdev-properties.h"
 #include "qapi/visitor.h"
+#include "disas/capstone.h"
 
 //#define DEBUG_FEATURES
 
@@ -99,8 +100,10 @@ static bool sparc_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 static void cpu_sparc_disas_set_info(CPUState *cpu, disassemble_info *info)
 {
 info->print_insn = print_insn_sparc;
+info->cap_arch = CS_ARCH_SPARC;
 #ifdef TARGET_SPARC64
 info->mach = bfd_mach_sparc_v9b;
+info->cap_mode = CS_MODE_V9;
 #endif
 }
 
-- 
2.13.5

[Qemu-devel] [PATCH 04/10] disas: Support the Capstone disassembler library

[Richard Henderson]

If configured, prefer this over our rather dated copy of the
GPLv2-only binutils.  This will be especially apparent with
the proposed vector extensions to TCG, as disas/i386.c does
not handle AVX.

Signed-off-by: Richard Henderson 
---
 include/disas/bfd.h  |  4 ++
 include/disas/capstone.h | 38 +++
 disas.c  | 99 ++--
 configure| 17 +
 4 files changed, 146 insertions(+), 12 deletions(-)
 create mode 100644 include/disas/capstone.h

diff --git a/include/disas/bfd.h b/include/disas/bfd.h
index b01e002b4c..0f4ecdeb88 100644
--- a/include/disas/bfd.h
+++ b/include/disas/bfd.h
@@ -377,6 +377,10 @@ typedef struct disassemble_info {
   /* Command line options specific to the target disassembler.  */
   char * disassembler_options;
 
+  /* Options for Capstone disassembly.  */
+  int cap_arch;
+  int cap_mode;
+
 } disassemble_info;
 
 
diff --git a/include/disas/capstone.h b/include/disas/capstone.h
new file mode 100644
index 00..84e214956d
--- /dev/null
+++ b/include/disas/capstone.h
@@ -0,0 +1,38 @@
+#ifndef QEMU_CAPSTONE_H
+#define QEMU_CAPSTONE_H 1
+
+#ifdef CONFIG_CAPSTONE
+
+#include 
+
+#else
+
+/* Just enough to allow backends to init without ifdefs.  */
+
+#define CS_ARCH_ARM -1
+#define CS_ARCH_ARM64   -1
+#define CS_ARCH_MIPS-1
+#define CS_ARCH_X86 -1
+#define CS_ARCH_PPC -1
+#define CS_ARCH_SPARC   -1
+#define CS_ARCH_SYSZ-1
+
+#define CS_MODE_LITTLE_ENDIAN0
+#define CS_MODE_BIG_ENDIAN   0
+#define CS_MODE_ARM  0
+#define CS_MODE_16   0
+#define CS_MODE_32   0
+#define CS_MODE_64   0
+#define CS_MODE_THUMB0
+#define CS_MODE_MCLASS   0
+#define CS_MODE_V8   0
+#define CS_MODE_MICRO0
+#define CS_MODE_MIPS30
+#define CS_MODE_MIPS32R6 0
+#define CS_MODE_MIPSGP64 0
+#define CS_MODE_V9   0
+#define CS_MODE_MIPS32   0
+#define CS_MODE_MIPS64   0
+
+#endif /* CONFIG_CAPSTONE */
+#endif /* QEMU_CAPSTONE_H */
diff --git a/disas.c b/disas.c
index ad675dc361..76ea76b026 100644
--- a/disas.c
+++ b/disas.c
@@ -6,6 +6,7 @@
 
 #include "cpu.h"
 #include "disas/disas.h"
+#include "disas/capstone.h"
 
 typedef struct CPUDebug {
 struct disassemble_info info;
@@ -171,6 +172,57 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 return print_insn_objdump(pc, info, "OBJD-T");
 }
 
+static bool cap_disas(disassemble_info *info, uint64_t pc, size_t size)
+{
+bool ret = false;
+#ifdef CONFIG_CAPSTONE
+csh handle;
+cs_insn *insn;
+uint8_t *buf;
+const uint8_t *cbuf;
+uint64_t pc_start;
+cs_mode cap_mode = info->cap_mode;
+
+cap_mode += (info->endian == BFD_ENDIAN_BIG ? CS_MODE_BIG_ENDIAN
+ : CS_MODE_LITTLE_ENDIAN);
+
+if (cs_open(info->cap_arch, cap_mode, ) != CS_ERR_OK) {
+goto err0;
+}
+
+/* ??? There probably ought to be a better place to put this.  */
+if (info->cap_arch == CS_ARCH_X86) {
+/* We don't care about errors (if for some reason the library
+   is compiled without AT syntax); the user will just have
+   to deal with the Intel syntax.  */
+cs_option(handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_ATT);
+}
+
+insn = cs_malloc(handle);
+if (insn == NULL) {
+goto err1;
+}
+
+cbuf = buf = g_malloc(size);
+info->read_memory_func(pc, buf, size, info);
+
+pc_start = pc;
+while (cs_disasm_iter(handle, , , , insn)) {
+(*info->fprintf_func)(info->stream,
+  "0x%08" PRIx64 ":  %-12s %s\n",
+  pc_start, insn->mnemonic, insn->op_str);
+pc_start = pc;
+}
+ret = true;
+
+g_free(buf);
+ err1:
+cs_close();
+ err0:
+#endif /* CONFIG_CAPSTONE */
+return ret;
+}
+
 /* Disassemble this for me please... (debugging).  */
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
   target_ulong size)
@@ -188,6 +240,8 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 s.info.buffer_vma = code;
 s.info.buffer_length = size;
 s.info.print_address_func = generic_print_address;
+s.info.cap_arch = -1;
+s.info.cap_mode = 0;
 
 #ifdef TARGET_WORDS_BIGENDIAN
 s.info.endian = BFD_ENDIAN_BIG;
@@ -199,6 +253,10 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 cc->disas_set_info(cpu, );
 }
 
+if (s.info.cap_arch >= 0 && cap_disas(, code, size)) {
+return;
+}
+
 if (s.info.print_insn == NULL) {
 s.info.print_insn = print_insn_od_target;
 }
@@ -206,18 +264,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 for (pc = code; size > 0; pc += count, size -= count) {
fprintf(out, "0x" TARGET_FMT_lx ":  ", pc);
count = 

[Qemu-devel] [PATCH 08/10] target/s390x: Support Capstone in disas_set_info

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/s390x/cpu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 74b3e4fd0d..a4f7ff3da8 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -42,6 +42,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/s390x/sclp.h"
 #endif
+#include "disas/capstone.h"
 
 #define CR0_RESET   0xE0UL
 #define CR14_RESET  0xC200UL;
@@ -172,6 +173,7 @@ static void s390_cpu_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 {
 info->mach = bfd_mach_s390_64;
 info->print_insn = print_insn_s390;
+info->cap_arch = CS_ARCH_SYSZ;
 }
 
 static void s390_cpu_realizefn(DeviceState *dev, Error **errp)
-- 
2.13.5

[Qemu-devel] [PATCH 02/10] target/ppc: Convert to disas_set_info hook

[Richard Henderson]

Cc: qemu-...@nongnu.org
Signed-off-by: Richard Henderson 
---
 disas.c | 33 -
 monitor.c   |  5 -
 target/ppc/translate.c  |  5 +
 target/ppc/translate_init.c | 21 +
 4 files changed, 22 insertions(+), 42 deletions(-)

diff --git a/disas.c b/disas.c
index 2be716fdb2..3a375a3b6c 100644
--- a/disas.c
+++ b/disas.c
@@ -205,23 +205,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 cc->disas_set_info(cpu, );
 }
 
-#if defined(TARGET_PPC)
-if ((flags >> 16) & 1) {
-s.info.endian = BFD_ENDIAN_LITTLE;
-}
-if (flags & 0x) {
-/* If we have a precise definition of the instruction set, use it. */
-s.info.mach = flags & 0x;
-} else {
-#ifdef TARGET_PPC64
-s.info.mach = bfd_mach_ppc64;
-#else
-s.info.mach = bfd_mach_ppc;
-#endif
-}
-s.info.disassembler_options = (char *)"any";
-s.info.print_insn = print_insn_ppc;
-#endif
 if (s.info.print_insn == NULL) {
 s.info.print_insn = print_insn_od_target;
 }
@@ -381,22 +364,6 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 cc->disas_set_info(cpu, );
 }
 
-#if defined(TARGET_PPC)
-if (flags & 0x) {
-/* If we have a precise definition of the instruction set, use it. */
-s.info.mach = flags & 0x;
-} else {
-#ifdef TARGET_PPC64
-s.info.mach = bfd_mach_ppc64;
-#else
-s.info.mach = bfd_mach_ppc;
-#endif
-}
-if ((flags >> 16) & 1) {
-s.info.endian = BFD_ENDIAN_LITTLE;
-}
-s.info.print_insn = print_insn_ppc;
-#endif
 if (!s.info.print_insn) {
 monitor_printf(mon, "0x" TARGET_FMT_lx
": Asm output not supported on this arch\n", pc);
diff --git a/monitor.c b/monitor.c
index 3f3ebc31ef..a0f43f27e7 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1310,11 +1310,6 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 
 if (format == 'i') {
 int flags = 0;
-#ifdef TARGET_PPC
-CPUArchState *env = mon_get_cpu_env();
-flags = msr_le << 16;
-flags |= env->bfd_mach;
-#endif
 monitor_disas(mon, cs, addr, count, is_physical, flags);
 return;
 }
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 606b605ba0..bc155f1036 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7395,12 +7395,9 @@ void gen_intermediate_code(CPUState *cs, struct 
TranslationBlock *tb)
 #if defined(DEBUG_DISAS)
 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
 && qemu_log_in_addr_range(pc_start)) {
-int flags;
-flags = env->bfd_mach;
-flags |= ctx.le_mode << 16;
 qemu_log_lock();
 qemu_log("IN: %s\n", lookup_symbol(pc_start));
-log_target_disas(cs, pc_start, ctx.nip - pc_start, flags);
+log_target_disas(cs, pc_start, ctx.nip - pc_start, 0);
 qemu_log("\n");
 qemu_log_unlock();
 }
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index c827d1e388..c7b4a7c02a 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -10644,6 +10644,26 @@ static gchar *ppc_gdb_arch_name(CPUState *cs)
 #endif
 }
 
+static void ppc_disas_set_info(CPUState *cs, disassemble_info *info)
+{
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+CPUPPCState *env = >env;
+
+if ((env->hflags >> MSR_LE) & 1) {
+info->endian = BFD_ENDIAN_LITTLE;
+}
+info->mach = env->bfd_mach;
+if (!env->bfd_mach) {
+#ifdef TARGET_PPC64
+info->mach = bfd_mach_ppc64;
+#else
+info->mach = bfd_mach_ppc;
+#endif
+}
+info->disassembler_options = (char *)"any";
+info->print_insn = print_insn_ppc;
+}
+
 static Property ppc_cpu_properties[] = {
 DEFINE_PROP_BOOL("pre-2.8-migration", PowerPCCPU, pre_2_8_migration, 
false),
 DEFINE_PROP_BOOL("pre-2.10-migration", PowerPCCPU, pre_2_10_migration,
@@ -10705,6 +10725,7 @@ static void ppc_cpu_class_init(ObjectClass *oc, void 
*data)
 #ifndef CONFIG_USER_ONLY
 cc->virtio_is_big_endian = ppc_cpu_is_big_endian;
 #endif
+cc->disas_set_info = ppc_disas_set_info;
 
 dc->fw_name = "PowerPC,UNKNOWN";
 }
-- 
2.13.5

[Qemu-devel] [PATCH 07/10] target/ppc: Support Capstone in disas_set_info

[Richard Henderson]

Cc: qemu-...@nongnu.org
Signed-off-by: Richard Henderson 
---
 target/ppc/translate_init.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index c7b4a7c02a..b976784d21 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -35,6 +35,7 @@
 #include "mmu-book3s-v3.h"
 #include "sysemu/qtest.h"
 #include "qemu/cutils.h"
+#include "disas/capstone.h"
 
 //#define PPC_DUMP_CPU
 //#define PPC_DEBUG_SPR
@@ -10662,6 +10663,11 @@ static void ppc_disas_set_info(CPUState *cs, 
disassemble_info *info)
 }
 info->disassembler_options = (char *)"any";
 info->print_insn = print_insn_ppc;
+
+info->cap_arch = CS_ARCH_PPC;
+#ifdef TARGET_PPC64
+info->cap_mode = CS_MODE_64;
+#endif
 }
 
 static Property ppc_cpu_properties[] = {
-- 
2.13.5

[Qemu-devel] [PATCH 00/10] Support the Capstone disassembler

[Richard Henderson]

As occasionally discussed on this list, due to licensing conflicts,
we are restricted to a version of libopcodes that pre-dates its
upstream re-licensing to gplv3.  That makes our copy rather old
and dated.

I've already seen this as problematic for s390x guest.  I'm sure
the same problem exists for Power8+, though I haven't looked.
As we go forward with vector operations we'll see this for x86 host.

An alternative is to use a BSD-licensed disassembler:

  https://www.capstone-engine.org/

This is an actively maintained project derived from llvm.  Moreover,
it is already in the major Linux distributions, which makes it easy
to phase in its use.

I've arranged the code such that we attempt to use capstone first,
and if that initialization fails, fall back to the existing code
from binutils.


r~


Richard Henderson (10):
  target/i386: Convert to disas_set_info hook
  target/ppc: Convert to disas_set_info hook
  disas: Remove unused flags arguments
  disas: Support the Capstone disassembler library
  target/i386: Support Capstone in disas_set_info
  target/arm: Support Capstone in disas_set_info
  target/ppc: Support Capstone in disas_set_info
  target/s390x: Support Capstone in disas_set_info
  target/sparc: Support Capstone in disas_set_info
  target/mips: Support Capstone in disas_set_info

 include/disas/bfd.h   |   4 ++
 include/disas/capstone.h  |  38 ++
 include/disas/disas.h |   4 +-
 include/exec/log.h|   4 +-
 target/mips/cpu.h |   2 +
 disas.c   | 161 +++---
 monitor.c |  29 +---
 target/alpha/translate.c  |   2 +-
 target/arm/cpu.c  |  21 +-
 target/arm/translate-a64.c|   3 +-
 target/arm/translate.c|   3 +-
 target/cris/translate.c   |   3 +-
 target/hppa/translate.c   |   2 +-
 target/i386/cpu.c |  19 +
 target/i386/translate.c   |   8 +--
 target/lm32/translate.c   |   2 +-
 target/m68k/translate.c   |   2 +-
 target/microblaze/translate.c |   2 +-
 target/mips/cpu.c |   8 ---
 target/mips/translate.c   |   2 +-
 target/mips/translate_init.c  |  36 ++
 target/nios2/translate.c  |   2 +-
 target/openrisc/translate.c   |   2 +-
 target/ppc/translate.c|   5 +-
 target/ppc/translate_init.c   |  27 +++
 target/s390x/cpu.c|   2 +
 target/s390x/translate.c  |   2 +-
 target/sh4/translate.c|   2 +-
 target/sparc/cpu.c|   3 +
 target/sparc/translate.c  |   2 +-
 target/tricore/translate.c|   2 +-
 target/unicore32/translate.c  |   2 +-
 target/xtensa/translate.c |   2 +-
 configure |  17 +
 34 files changed, 279 insertions(+), 146 deletions(-)
 create mode 100644 include/disas/capstone.h

-- 
2.13.5

Re: [Qemu-devel] [PATCH v2 3/5] vl.c: convert cpu_model to cpu type and set of global properties before machine_init()

[Philippe Mathieu-Daudé]

On 09/13/2017 01:04 PM, Igor Mammedov wrote:

All machines that support user specified cpu_model either call
cpu_generic_init() or cpu_class_by_name()/CPUClass::parse_features
to parse feature string and to get CPU type to create.

Which leads to code duplication and hard-codding default CPU model
within machine_foo_init() code. Which makes it impossible to
get CPU type before machine_init() is run.

So instead of setting default CPUs models and doing parsing in
target specific machine_foo_init() in various ways, provide
a generic data driven cpu_model parsing before machine_init()
is called.

in follow up per target patches, it will allow to:
   * define default CPU type in consistent/generic manner
 per machine type and drop custom code that fallbacks
 to default if cpu_model is NULL
   * drop custom features parsing in targets and do it
 in centralized way.
   * for cases of
   cpu_generic_init(TYPE_BASE/DEFAULT_CPU, "some_cpu")
 replace it with
   cpu_create(machine->cpu_type) || cpu_create(TYPE_FOO)
 depending if CPU type is user settable or not.
 not doing useless parsing and clearly documenting where
 CPU model is user settable or fixed one.

Patch allows machine subclasses to define default CPU type
per machine class at class_init() time and if that is set
generic code will parse cpu_model into a MachineState::cpu_type
which will be used to create CPUs for that machine instance
and allows gradual per board conversion.

Signed-off-by: Igor Mammedov 


Acked-by: Philippe Mathieu-Daudé 


---
Target specific changes will split into separate per target/machine
patches to make changes reviewable.
---
  include/hw/boards.h |  6 ++
  vl.c| 10 ++
  2 files changed, 16 insertions(+)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 7f044d1..6b67ada 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -125,6 +125,10 @@ typedef struct {
   *Caller is responsible for freeing returned list.
   * @has_hotpluggable_cpus:
   *If true, board supports CPUs creation with -device/device_add.
+ * @default_cpu_type:
+ *specifies default CPU_TYPE, which will be used for parsing target
+ *specific features and for creating CPUs if CPU name wasn't provided
+ *explicitly at CLI
   * @minimum_page_bits:
   *If non-zero, the board promises never to create a CPU with a page size
   *smaller than this, so QEMU can use a more efficient larger page
@@ -177,6 +181,7 @@ struct MachineClass {
  GArray *compat_props;
  const char *hw_version;
  ram_addr_t default_ram_size;
+const char *default_cpu_type;
  bool option_rom_has_mr;
  bool rom_file_has_mr;
  int minimum_page_bits;
@@ -231,6 +236,7 @@ struct MachineState {
  char *kernel_cmdline;
  char *initrd_filename;
  const char *cpu_model;
+const char *cpu_type;
  AccelState *accelerator;
  CPUArchIdList *possible_cpus;
  };
diff --git a/vl.c b/vl.c
index fb1f05b..034180f 100644
--- a/vl.c
+++ b/vl.c
@@ -4636,6 +4636,16 @@ int main(int argc, char **argv, char **envp)
  current_machine->boot_order = boot_order;
  current_machine->cpu_model = cpu_model;
  
+

+/* parse features once if machine provides default cpu_type */
+if (machine_class->default_cpu_type) {
+current_machine->cpu_type = machine_class->default_cpu_type;
+if (cpu_model) {
+current_machine->cpu_type =
+cpu_parse_cpu_model(machine_class->default_cpu_type, 
cpu_model);
+}
+}
+
  machine_run_board_init(current_machine);
  
  realtime_init();

Re: [Qemu-devel] [PATCH v2 11/19] s390x: allow only 1 CPU with TCG

[David Hildenbrand]

On 06.09.2017 23:20, Richard Henderson wrote:
> On 09/06/2017 11:16 AM, Matthew Rosato wrote:
>> On 09/04/2017 11:43 AM, David Hildenbrand wrote:
>>> Specifying more than 1 CPU (e.g. -smp 5) leads to SIGP errors (the
>>> guest tries to bring these CPUs up but fails), because we don't support
>>> multiple CPUs on s390x under TCG.
>>>
>>> Let's bail out if more than 1 is specified, so we don't raise people's
>>> hope. Make it a define, so we can easily bump it up later.
>>>
>>> Signed-off-by: David Hildenbrand 
>>> ---
>>
>> Makes sense.  Ran the described environment without this patch (errors)
>> and again with this patch (graceful exit w/ message).
>>
>> Tested-by: Matthew Rosato 
> 
> Can someone review
> 
>   http://patchwork.ozlabs.org/patch/760010/
> 
> which does at least start to add the SIGP support.

FWIW, I started factoring out today KVM SIGP code to make it usable by TCG.

I also started adding the missing SIGP instructions the kernel handles
for KVM. I dropped the old TCG SIGP handling code and completely reuse
the new SIGP code. I already got boot/reboot/shutdown  properly running
(implementing STOP and RESTART interrupts like KVM has).

But its still quite hacky and there are is a bunch of stuff to clean up,
especially:
- external interrupt handling (the queue approach we have right now is
  no good for external calls and emergency signals)
- floating interrupt support (io interrupts always going to CPU 0 is a
  hack)

I think I can at least implement SIGP properly and fix the external call
stuff. floating interrupts might require more thought.

Aurelien, please tell me if you are currently still working on this, so
we can coordinate.

Thanks!

> 
> Once tcg can bring up 2 cpus, I see no reason it couldn't bring up N.  I don't
> see the point of the define.
> 
> 
> r~
> 


-- 

Thanks,

David

Re: [Qemu-devel] [Qemu devel v8 PATCH 2/5] msf2: Microsemi Smartfusion2 System Register block

[Philippe Mathieu-Daudé]

+static uint64_t msf2_sysreg_read(void *opaque, hwaddr offset,
+unsigned size)
+{
+MSF2SysregState *s = opaque;
+uint32_t ret = 0;
+
+offset >>= 2;
+if (offset < ARRAY_SIZE(s->regs)) {



This comment is controversial, I'll let Peter nod.

The SYSREG behaves differently regarding which bus access it (CPU, AHB).
You are implementing CPU access to the SYSREG, the registers have

different

permissions when accessed by the CPU. (see the SmartFusion2 User Guide:
Table 21-1 "Register Types" and Table 21-2 "Register Map").




CPU is also one of the bus masters in AHB matrix (Fig 6.1 in page 248).


I was worried about Fabric access but Peter remembered me QEMU doesn't 
model it ;)



I'd think of this stub:

switch(reg) {
case register_supported1:
case register_supported2:
case register_supported3:
ret = s->regs[offset];
trace_msf2_sysreg_read(offset, ret);
break;
case RO-U:
qemu_log_mask(LOG_GUEST_ERROR, "Illegal AHB access 0x%08"...
break;
case W1P:
qemu_log_mask(LOG_GUEST_ERROR, "Illegal read access ...
break;
case RW:
case RW-P:
case RO:
case RO-P:
default:
ret = s->regs[offset];
qemu_log_mask(LOG_UNIMP, "...
break;
}




This sounds good to me and will fix later by rearranging registers in enum
sorted
based on type (RO, RW, etc.,) and use those ranges in switch case.


The Register API (hw/register.h) is helpful to check such properties but 
might turn your code harder to read.




This doesn't look entirely right, since this is the read interface.
Shouldn't we be allowing pretty much all of these register types
except maybe W1P to do a read?



Peter, some of the registers are not allowed to access by CPU and are only
set during
device programming. For those registers Philippe is suggesting to log
"Illegal AHB access"
when guest is trying to read/write.


I was worried about accessing those registers when the flash 
WriteProtect bit is set, however the eNVM flash library is not Open 
Source, it is unlikely a guest access those registers, and if it is the 
library then MicroSemi already tried it on real hardware.

There is probably no need to worry about "Illegal AHB access" :)


On the other hand, in the write function we should probably not allow
writes to registers documented as read only.


Surely.

trace_msf2_sysreg_write(offset, s->regs[offset], ret);

switch(reg) {
case register_supported1:
case register_supported2:
case register_supported3:
   s->regs[offset] = ret;
   break;
case RO:
case RO-P:
case RO-U:
   qemu_log_mask(LOG_GUEST_ERROR, "Illegal write access on RO...
   break;
default:
   qemu_log_mask(LOG_UNIMP, "...
   break;
}

[Qemu-devel] [PULL 02/18] target/arm: Clear exclusive monitor on v7M reset, exception entry/exit

[Peter Maydell]

For M profile we must clear the exclusive monitor on reset, exception
entry and exception exit.  We weren't doing any of these things; fix
this bug.

Signed-off-by: Peter Maydell 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Message-id: 1505137930-13255-3-git-send-email-peter.mayd...@linaro.org
---
 target/arm/internals.h | 10 ++
 target/arm/cpu.c   |  6 ++
 target/arm/helper.c|  2 ++
 target/arm/op_helper.c |  2 +-
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 5d7f24c..a315354 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -444,6 +444,16 @@ void arm_handle_psci_call(ARMCPU *cpu);
 #endif
 
 /**
+ * arm_clear_exclusive: clear the exclusive monitor
+ * @env: CPU env
+ * Clear the CPU's exclusive monitor, like the guest CLREX instruction.
+ */
+static inline void arm_clear_exclusive(CPUARMState *env)
+{
+env->exclusive_addr = -1;
+}
+
+/**
  * ARMMMUFaultInfo: Information describing an ARM MMU Fault
  * @s2addr: Address that caused a fault at stage 2
  * @stage2: True if we faulted at stage 2
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a1acce3..412e94c 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -235,6 +235,12 @@ static void arm_cpu_reset(CPUState *s)
 env->regs[15] = 0x;
 }
 
+/* M profile requires that reset clears the exclusive monitor;
+ * A profile does not, but clearing it makes more sense than having it
+ * set with an exclusive access on address zero.
+ */
+arm_clear_exclusive(env);
+
 env->vfp.xregs[ARM_VFP_FPEXC] = 0;
 #endif
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 329e517..668e367 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6175,6 +6175,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)
 
 armv7m_nvic_acknowledge_irq(env->nvic);
 switch_v7m_sp(env, 0);
+arm_clear_exclusive(env);
 /* Clear IT bits */
 env->condexec_bits = 0;
 env->regs[14] = lr;
@@ -6354,6 +6355,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 }
 
 /* Otherwise, we have a successful exception exit. */
+arm_clear_exclusive(env);
 qemu_log_mask(CPU_LOG_INT, "...successful exception return\n");
 }
 
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index d1bca46..6a60464 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -1022,7 +1022,7 @@ void HELPER(exception_return)(CPUARMState *env)
 
 aarch64_save_sp(env, cur_el);
 
-env->exclusive_addr = -1;
+arm_clear_exclusive(env);
 
 /* We must squash the PSTATE.SS bit to zero unless both of the
  * following hold:
-- 
2.7.4

[Qemu-devel] [PULL 03/18] target/arm: Get PRECISERR and IBUSERR the right way round

[Peter Maydell]

For a bus fault, the M profile BFSR bit PRECISERR means a bus
fault on a data access, and IBUSERR means a bus fault on an
instruction access. We had these the wrong way around; fix this.

Signed-off-by: Peter Maydell 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Message-id: 1505137930-13255-4-git-send-email-peter.mayd...@linaro.org
---
 target/arm/helper.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 668e367..1741e0d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6430,15 +6430,15 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
 case 0x8: /* External Abort */
 switch (cs->exception_index) {
 case EXCP_PREFETCH_ABORT:
-env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_PRECISERR_MASK;
-qemu_log_mask(CPU_LOG_INT, "...with CFSR.PRECISERR\n");
+env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_IBUSERR_MASK;
+qemu_log_mask(CPU_LOG_INT, "...with CFSR.IBUSERR\n");
 break;
 case EXCP_DATA_ABORT:
 env->v7m.cfsr[M_REG_NS] |=
-(R_V7M_CFSR_IBUSERR_MASK | R_V7M_CFSR_BFARVALID_MASK);
+(R_V7M_CFSR_PRECISERR_MASK | R_V7M_CFSR_BFARVALID_MASK);
 env->v7m.bfar = env->exception.vaddress;
 qemu_log_mask(CPU_LOG_INT,
-  "...with CFSR.IBUSERR and BFAR 0x%x\n",
+  "...with CFSR.PRECISERR and BFAR 0x%x\n",
   env->v7m.bfar);
 break;
 }
-- 
2.7.4

[Qemu-devel] [PULL 08/18] xlnx-ep108: Rename to ZCU102

[Peter Maydell]

From: Alistair Francis 

The EP108 is a early access development board. Now that silicon is in
production people have access to the ZCU102. Let's rename the internal
QEMU files and variables to use the ZCU102.

There is no functional change here as the EP108 is still a valid board
option.

Signed-off-by: Alistair Francis 
Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Maydell 
---
 hw/arm/Makefile.objs   |  2 +-
 hw/arm/{xlnx-ep108.c => xlnx-zcu102.c} | 30 +++---
 2 files changed, 16 insertions(+), 16 deletions(-)
 rename hw/arm/{xlnx-ep108.c => xlnx-zcu102.c} (85%)

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a2e56ec..5ee6f7d 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,7 +13,7 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-zcu102.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-zcu102.c
similarity index 85%
rename from hw/arm/xlnx-ep108.c
rename to hw/arm/xlnx-zcu102.c
index c339cd4..e9702ed 100644
--- a/hw/arm/xlnx-ep108.c
+++ b/hw/arm/xlnx-zcu102.c
@@ -1,5 +1,5 @@
 /*
- * Xilinx ZynqMP EP108 board
+ * Xilinx ZynqMP ZCU102 board
  *
  * Copyright (C) 2015 Xilinx Inc
  * Written by Peter Crosthwaite 
@@ -25,16 +25,16 @@
 #include "exec/address-spaces.h"
 #include "qemu/log.h"
 
-typedef struct XlnxEP108 {
+typedef struct XlnxZCU102 {
 XlnxZynqMPState soc;
 MemoryRegion ddr_ram;
-} XlnxEP108;
+} XlnxZCU102;
 
-static struct arm_boot_info xlnx_ep108_binfo;
+static struct arm_boot_info xlnx_zcu102_binfo;
 
-static void xlnx_ep108_init(MachineState *machine)
+static void xlnx_zcu102_init(MachineState *machine)
 {
-XlnxEP108 *s = g_new0(XlnxEP108, 1);
+XlnxZCU102 *s = g_new0(XlnxZCU102, 1);
 int i;
 uint64_t ram_size = machine->ram_size;
 
@@ -47,7 +47,7 @@ static void xlnx_ep108_init(MachineState *machine)
 }
 
 if (ram_size < 0x0800) {
-qemu_log("WARNING: RAM size 0x%" PRIx64 " is small for EP108",
+qemu_log("WARNING: RAM size 0x%" PRIx64 " is small for ZCU102",
  ram_size);
 }
 
@@ -108,18 +108,18 @@ static void xlnx_ep108_init(MachineState *machine)
 
 /* TODO create and connect IDE devices for ide_drive_get() */
 
-xlnx_ep108_binfo.ram_size = ram_size;
-xlnx_ep108_binfo.kernel_filename = machine->kernel_filename;
-xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline;
-xlnx_ep108_binfo.initrd_filename = machine->initrd_filename;
-xlnx_ep108_binfo.loader_start = 0;
-arm_load_kernel(s->soc.boot_cpu_ptr, _ep108_binfo);
+xlnx_zcu102_binfo.ram_size = ram_size;
+xlnx_zcu102_binfo.kernel_filename = machine->kernel_filename;
+xlnx_zcu102_binfo.kernel_cmdline = machine->kernel_cmdline;
+xlnx_zcu102_binfo.initrd_filename = machine->initrd_filename;
+xlnx_zcu102_binfo.loader_start = 0;
+arm_load_kernel(s->soc.boot_cpu_ptr, _zcu102_binfo);
 }
 
 static void xlnx_ep108_machine_init(MachineClass *mc)
 {
 mc->desc = "Xilinx ZynqMP EP108 board";
-mc->init = xlnx_ep108_init;
+mc->init = xlnx_zcu102_init;
 mc->block_default_type = IF_IDE;
 mc->units_per_default_bus = 1;
 mc->ignore_memory_transaction_failures = true;
@@ -130,7 +130,7 @@ DEFINE_MACHINE("xlnx-ep108", xlnx_ep108_machine_init)
 static void xlnx_zcu102_machine_init(MachineClass *mc)
 {
 mc->desc = "Xilinx ZynqMP ZCU102 board";
-mc->init = xlnx_ep108_init;
+mc->init = xlnx_zcu102_init;
 mc->block_default_type = IF_IDE;
 mc->units_per_default_bus = 1;
 mc->ignore_memory_transaction_failures = true;
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 5/5] arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly

[Alistair Francis]

On Wed, Sep 13, 2017 at 9:04 AM, Igor Mammedov  wrote:
> there are 2 use cases to deal with:
>   1: fixed CPU models per board/soc
>   2: boards with user configurable cpu_model and fallback to
>  default cpu_model if user hasn't specified one explicitly
>
> For the 1st
>   drop intermediate cpu_model parsing and use const cpu type
>   directly, which replaces:
>  typename = object_class_get_name(
>cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
>  object_new(typename)
>   with
>  object_new(FOO_CPU_TYPE_NAME)
>   or
>  cpu_generic_init(BASE_CPU_TYPE, "my cpu model")
>   with
>  cpu_create(FOO_CPU_TYPE_NAME)
>
> as result 1st use case doesn't have to invoke not necessary
> translation and not needed code is removed.
>
> For the 2nd
>  1: set default cpu type with MachineClass::default_cpu_type and
>  2: use generic cpu_model parsing that done before machine_init()
> is run and:
> 2.1: drop custom cpu_model parsing where pattern is:
>typename = object_class_get_name(
>cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
>[parse_features(typename, cpu_model, ) ]
>
> 2.2: or replace cpu_generic_init() which does what
>  2.1 does + create_cpu(typename) with just
>  create_cpu(machine->cpu_type)
> as result cpu_name -> cpu_type translation is done using
> generic machine code one including parsing optional features
> if supported/present (removes a bunch of duplicated cpu_model
> parsing code) and default cpu type is defined in an uniform way
> within machine_class_init callbacks instead of adhoc places
> in boadr's machine_init code.
>
> Signed-off-by: Igor Mammedov 
> Reviewed-by: Eduardo Habkost 

Fox the Xilinx and Netduino stuff:

Reviewed-by: Alistair Francis 

Thanks,
Alistair

> ---
> v2:
>  - fix merge conflicts with ignore_memory_transaction_failures
>  - fix couple merge conflicts where SoC type string where replaced by type 
> macro
>  - keep plain prefix string in: strncmp(cpu_type, "pxa27", 5)
>  - s/"%s" ARM_CPU_TYPE_SUFFIX/ARM_CPU_TYPE_NAME("%s")/
> ---
>  include/hw/arm/armv7m.h|  2 +-
>  include/hw/arm/aspeed_soc.h|  2 +-
>  include/hw/arm/stm32f205_soc.h |  2 +-
>  target/arm/cpu.h   |  3 +++
>  hw/arm/armv7m.c| 40 +---
>  hw/arm/aspeed_soc.c| 13 +---
>  hw/arm/collie.c| 10 +++--
>  hw/arm/exynos4210.c|  6 +-
>  hw/arm/gumstix.c   |  5 +++--
>  hw/arm/highbank.c  | 10 -
>  hw/arm/integratorcp.c  | 30 ++-
>  hw/arm/mainstone.c |  9 -
>  hw/arm/mps2.c  | 17 +++-
>  hw/arm/musicpal.c  |  7 ++-
>  hw/arm/netduino2.c |  2 +-
>  hw/arm/nseries.c   |  4 +++-
>  hw/arm/omap1.c |  7 ++-
>  hw/arm/omap2.c |  4 ++--
>  hw/arm/omap_sx1.c  |  5 -
>  hw/arm/palm.c  |  5 +++--
>  hw/arm/pxa2xx.c| 10 -
>  hw/arm/realview.c  | 25 +--
>  hw/arm/spitz.c | 12 ++-
>  hw/arm/stellaris.c | 16 +++
>  hw/arm/stm32f205_soc.c |  4 ++--
>  hw/arm/strongarm.c | 10 +++--
>  hw/arm/tosa.c  |  4 
>  hw/arm/versatilepb.c   | 15 +++---
>  hw/arm/vexpress.c  | 32 +
>  hw/arm/virt.c  | 46 
> +-
>  hw/arm/xilinx_zynq.c   | 10 ++---
>  hw/arm/z2.c|  9 +++--
>  target/arm/cpu.c   |  2 +-
>  33 files changed, 114 insertions(+), 264 deletions(-)
>
> diff --git a/include/hw/arm/armv7m.h b/include/hw/arm/armv7m.h
> index 10eb058..68cb30d 100644
> --- a/include/hw/arm/armv7m.h
> +++ b/include/hw/arm/armv7m.h
> @@ -55,7 +55,7 @@ typedef struct ARMv7MState {
>  MemoryRegion container;
>
>  /* Properties */
> -char *cpu_model;
> +char *cpu_type;
>  /* MemoryRegion the board provides to us (with its devices, RAM, etc) */
>  MemoryRegion *board_memory;
>  } ARMv7MState;
> diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
> index 0b88baa..f26914a 100644
> --- a/include/hw/arm/aspeed_soc.h
> +++ b/include/hw/arm/aspeed_soc.h
> @@ -49,7 +49,7 @@ typedef struct AspeedSoCState {
>
>  typedef struct AspeedSoCInfo {
>  const char *name;
> -const char *cpu_model;
> +const char *cpu_type;
>  uint32_t silicon_rev;
>  hwaddr sdram_base;
>  uint64_t sram_size;
> diff --git a/include/hw/arm/stm32f205_soc.h b/include/hw/arm/stm32f205_soc.h
> index e2dce11..922a733 100644
> --- a/include/hw/arm/stm32f205_soc.h
> +++ b/include/hw/arm/stm32f205_soc.h
> @@ -52,7 +52,7 @@ typedef 

[Qemu-devel] [PULL 09/18] xlnx-zcu102: Manually create the machines

[Peter Maydell]

From: Alistair Francis 

In preperation for future work let's manually create the Xilnx machines.
This will allow us to set properties for the machines in the future.

Signed-off-by: Alistair Francis 
Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Maydell 
---
 hw/arm/xlnx-zcu102.c | 74 +++-
 1 file changed, 67 insertions(+), 7 deletions(-)

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
index e9702ed..5b1f184 100644
--- a/hw/arm/xlnx-zcu102.c
+++ b/hw/arm/xlnx-zcu102.c
@@ -26,15 +26,24 @@
 #include "qemu/log.h"
 
 typedef struct XlnxZCU102 {
+MachineState parent_obj;
+
 XlnxZynqMPState soc;
 MemoryRegion ddr_ram;
 } XlnxZCU102;
 
+#define TYPE_ZCU102_MACHINE   MACHINE_TYPE_NAME("xlnx-zcu102")
+#define ZCU102_MACHINE(obj) \
+OBJECT_CHECK(XlnxZCU102, (obj), TYPE_ZCU102_MACHINE)
+
+#define TYPE_EP108_MACHINE   MACHINE_TYPE_NAME("xlnx-ep108")
+#define EP108_MACHINE(obj) \
+OBJECT_CHECK(XlnxZCU102, (obj), TYPE_EP108_MACHINE)
+
 static struct arm_boot_info xlnx_zcu102_binfo;
 
-static void xlnx_zcu102_init(MachineState *machine)
+static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState *machine)
 {
-XlnxZCU102 *s = g_new0(XlnxZCU102, 1);
 int i;
 uint64_t ram_size = machine->ram_size;
 
@@ -116,19 +125,56 @@ static void xlnx_zcu102_init(MachineState *machine)
 arm_load_kernel(s->soc.boot_cpu_ptr, _zcu102_binfo);
 }
 
-static void xlnx_ep108_machine_init(MachineClass *mc)
+static void xlnx_ep108_init(MachineState *machine)
+{
+XlnxZCU102 *s = EP108_MACHINE(machine);
+
+xlnx_zynqmp_init(s, machine);
+}
+
+static void xlnx_ep108_machine_instance_init(Object *obj)
 {
+}
+
+static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
 mc->desc = "Xilinx ZynqMP EP108 board";
-mc->init = xlnx_zcu102_init;
+mc->init = xlnx_ep108_init;
 mc->block_default_type = IF_IDE;
 mc->units_per_default_bus = 1;
 mc->ignore_memory_transaction_failures = true;
 }
 
-DEFINE_MACHINE("xlnx-ep108", xlnx_ep108_machine_init)
+static const TypeInfo xlnx_ep108_machine_init_typeinfo = {
+.name   = MACHINE_TYPE_NAME("xlnx-ep108"),
+.parent = TYPE_MACHINE,
+.class_init = xlnx_ep108_machine_class_init,
+.instance_init = xlnx_ep108_machine_instance_init,
+.instance_size = sizeof(XlnxZCU102),
+};
 
-static void xlnx_zcu102_machine_init(MachineClass *mc)
+static void xlnx_ep108_machine_init_register_types(void)
 {
+type_register_static(_ep108_machine_init_typeinfo);
+}
+
+static void xlnx_zcu102_init(MachineState *machine)
+{
+XlnxZCU102 *s = ZCU102_MACHINE(machine);
+
+xlnx_zynqmp_init(s, machine);
+}
+
+static void xlnx_zcu102_machine_instance_init(Object *obj)
+{
+}
+
+static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
 mc->desc = "Xilinx ZynqMP ZCU102 board";
 mc->init = xlnx_zcu102_init;
 mc->block_default_type = IF_IDE;
@@ -136,4 +182,18 @@ static void xlnx_zcu102_machine_init(MachineClass *mc)
 mc->ignore_memory_transaction_failures = true;
 }
 
-DEFINE_MACHINE("xlnx-zcu102", xlnx_zcu102_machine_init)
+static const TypeInfo xlnx_zcu102_machine_init_typeinfo = {
+.name   = MACHINE_TYPE_NAME("xlnx-zcu102"),
+.parent = TYPE_MACHINE,
+.class_init = xlnx_zcu102_machine_class_init,
+.instance_init = xlnx_zcu102_machine_instance_init,
+.instance_size = sizeof(XlnxZCU102),
+};
+
+static void xlnx_zcu102_machine_init_register_types(void)
+{
+type_register_static(_zcu102_machine_init_typeinfo);
+}
+
+type_init(xlnx_zcu102_machine_init_register_types)
+type_init(xlnx_ep108_machine_init_register_types)
-- 
2.7.4

[Qemu-devel] [PULL 07/18] target/arm: Rename 'type' to 'excret' in do_v7m_exception_exit()

[Peter Maydell]

In the v7M and v8M ARM ARM, the magic exception return values are
referred to as EXC_RETURN values, and in QEMU we use V7M_EXCRET_*
constants to define bits within them. Rename the 'type' variable
which holds the exception return value in do_v7m_exception_exit()
to excret, making it clearer that it does hold an EXC_RETURN value.

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Message-id: 1505137930-13255-8-git-send-email-peter.mayd...@linaro.org
---
 target/arm/helper.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index a502e4e..4f41841 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6212,7 +6212,7 @@ static void v7m_push_stack(ARMCPU *cpu)
 static void do_v7m_exception_exit(ARMCPU *cpu)
 {
 CPUARMState *env = >env;
-uint32_t type;
+uint32_t excret;
 uint32_t xpsr;
 bool ufault = false;
 bool return_to_sp_process = false;
@@ -6233,18 +6233,19 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  * the target value up between env->regs[15] and env->thumb in
  * gen_bx(). Reconstitute it.
  */
-type = env->regs[15];
+excret = env->regs[15];
 if (env->thumb) {
-type |= 1;
+excret |= 1;
 }
 
 qemu_log_mask(CPU_LOG_INT, "Exception return: magic PC %" PRIx32
   " previous exception %d\n",
-  type, env->v7m.exception);
+  excret, env->v7m.exception);
 
-if ((type & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) {
+if ((excret & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) {
 qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero high bits in exception 
"
-  "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", type);
+  "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n",
+  excret);
 }
 
 if (env->v7m.exception != ARMV7M_EXCP_NMI) {
@@ -6255,7 +6256,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.)
  */
 if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
-int es = type & R_V7M_EXCRET_ES_MASK;
+int es = excret & R_V7M_EXCRET_ES_MASK;
 if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) {
 env->v7m.faultmask[es] = 0;
 }
@@ -6283,7 +6284,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 g_assert_not_reached();
 }
 
-switch (type & 0xf) {
+switch (excret & 0xf) {
 case 1: /* Return to Handler */
 return_to_handler = true;
 break;
@@ -6306,7 +6307,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  */
 env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
-v7m_exception_taken(cpu, type);
+v7m_exception_taken(cpu, excret);
 qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
   "stackframe: failed exception return integrity check\n");
 return;
@@ -6341,14 +6342,14 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 
 /* The restored xPSR exception field will be zero if we're
  * resuming in Thread mode. If that doesn't match what the
- * exception return type specified then this is a UsageFault.
+ * exception return excret specified then this is a UsageFault.
  */
 if (return_to_handler != arm_v7m_is_handler_mode(env)) {
 /* Take an INVPC UsageFault by pushing the stack again. */
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
 env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
 v7m_push_stack(cpu);
-v7m_exception_taken(cpu, type);
+v7m_exception_taken(cpu, excret);
 qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: "
   "failed exception return integrity check\n");
 return;
-- 
2.7.4

[Qemu-devel] [PULL 10/18] xlnx-zcu102: Add a machine level secure property

[Peter Maydell]

From: Alistair Francis 

Add a machine level secure property. This defaults to false and can be
set to true using this machine command line argument:
-machine xlnx-zcu102,secure=on

This follows what the ARM virt machine does.

This property only applies to the ZCU102 machine. The EP108 machine does
not have this property.

Signed-off-by: Alistair Francis 
Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Maydell 
---
 hw/arm/xlnx-zcu102.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
index 5b1f184..bd573c4 100644
--- a/hw/arm/xlnx-zcu102.c
+++ b/hw/arm/xlnx-zcu102.c
@@ -30,6 +30,8 @@ typedef struct XlnxZCU102 {
 
 XlnxZynqMPState soc;
 MemoryRegion ddr_ram;
+
+bool secure;
 } XlnxZCU102;
 
 #define TYPE_ZCU102_MACHINE   MACHINE_TYPE_NAME("xlnx-zcu102")
@@ -42,6 +44,20 @@ typedef struct XlnxZCU102 {
 
 static struct arm_boot_info xlnx_zcu102_binfo;
 
+static bool zcu102_get_secure(Object *obj, Error **errp)
+{
+XlnxZCU102 *s = ZCU102_MACHINE(obj);
+
+return s->secure;
+}
+
+static void zcu102_set_secure(Object *obj, bool value, Error **errp)
+{
+XlnxZCU102 *s = ZCU102_MACHINE(obj);
+
+s->secure = value;
+}
+
 static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState *machine)
 {
 int i;
@@ -69,6 +85,8 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState 
*machine)
 
 object_property_set_link(OBJECT(>soc), OBJECT(>ddr_ram),
  "ddr-ram", _abort);
+object_property_set_bool(OBJECT(>soc), s->secure, "secure",
+ _fatal);
 
 object_property_set_bool(OBJECT(>soc), true, "realized", _fatal);
 
@@ -134,6 +152,10 @@ static void xlnx_ep108_init(MachineState *machine)
 
 static void xlnx_ep108_machine_instance_init(Object *obj)
 {
+XlnxZCU102 *s = EP108_MACHINE(obj);
+
+/* EP108, we don't support setting secure */
+s->secure = false;
 }
 
 static void xlnx_ep108_machine_class_init(ObjectClass *oc, void *data)
@@ -169,6 +191,16 @@ static void xlnx_zcu102_init(MachineState *machine)
 
 static void xlnx_zcu102_machine_instance_init(Object *obj)
 {
+XlnxZCU102 *s = ZCU102_MACHINE(obj);
+
+/* Default to secure mode being disabled */
+s->secure = false;
+object_property_add_bool(obj, "secure", zcu102_get_secure,
+ zcu102_set_secure, NULL);
+object_property_set_description(obj, "secure",
+"Set on/off to enable/disable the ARM "
+"Security Extensions (TrustZone)",
+NULL);
 }
 
 static void xlnx_zcu102_machine_class_init(ObjectClass *oc, void *data)
-- 
2.7.4

[Qemu-devel] [PULL 06/18] target/arm: Add and use defines for EXCRET constants

[Peter Maydell]

The exception-return magic values get some new bits in v8M, which
makes some bit definitions for them worthwhile.

We don't use the bit definitions for the switch on the low bits
which checks the return type for v7M, because this is defined
in the v7M ARM ARM as a set of valid values rather than via
per-bit checks.

Signed-off-by: Peter Maydell 
Reviewed-by: Alistair Francis 
Message-id: 1505137930-13255-7-git-send-email-peter.mayd...@linaro.org
---
 target/arm/internals.h | 10 ++
 target/arm/helper.c| 14 +-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index a315354..18be370 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -61,6 +61,16 @@ FIELD(V7M_CONTROL, NPRIV, 0, 1)
 FIELD(V7M_CONTROL, SPSEL, 1, 1)
 FIELD(V7M_CONTROL, FPCA, 2, 1)
 
+/* Bit definitions for v7M exception return payload */
+FIELD(V7M_EXCRET, ES, 0, 1)
+FIELD(V7M_EXCRET, RES0, 1, 1)
+FIELD(V7M_EXCRET, SPSEL, 2, 1)
+FIELD(V7M_EXCRET, MODE, 3, 1)
+FIELD(V7M_EXCRET, FTYPE, 4, 1)
+FIELD(V7M_EXCRET, DCRS, 5, 1)
+FIELD(V7M_EXCRET, S, 6, 1)
+FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
+
 /*
  * For AArch64, map a given EL to an index in the banked_spsr array.
  * Note that this mapping and the AArch32 mapping defined in bank_number()
diff --git a/target/arm/helper.c b/target/arm/helper.c
index fdd5cc6..a502e4e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6242,7 +6242,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
   " previous exception %d\n",
   type, env->v7m.exception);
 
-if (extract32(type, 5, 23) != extract32(-1, 5, 23)) {
+if ((type & R_V7M_EXCRET_RES1_MASK) != R_V7M_EXCRET_RES1_MASK) {
 qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero high bits in exception 
"
   "exit PC value 0x%" PRIx32 " are UNPREDICTABLE\n", type);
 }
@@ -6255,7 +6255,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  * which security state's faultmask to clear. (v8M ARM ARM R_KBNF.)
  */
 if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
-int es = type & 1;
+int es = type & R_V7M_EXCRET_ES_MASK;
 if (armv7m_nvic_raw_execution_priority(env->nvic) >= 0) {
 env->v7m.faultmask[es] = 0;
 }
@@ -6491,12 +6491,16 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
 return; /* Never happens.  Keep compiler happy.  */
 }
 
-lr = 0xfff1;
+lr = R_V7M_EXCRET_RES1_MASK |
+R_V7M_EXCRET_S_MASK |
+R_V7M_EXCRET_DCRS_MASK |
+R_V7M_EXCRET_FTYPE_MASK |
+R_V7M_EXCRET_ES_MASK;
 if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) {
-lr |= 4;
+lr |= R_V7M_EXCRET_SPSEL_MASK;
 }
 if (!arm_v7m_is_handler_mode(env)) {
-lr |= 8;
+lr |= R_V7M_EXCRET_MODE_MASK;
 }
 
 v7m_push_stack(cpu);
-- 
2.7.4

[Qemu-devel] [PULL 05/18] target/arm: Remove unnecessary '| 0xf0000000' from do_v7m_exception_exit()

[Peter Maydell]

In do_v7m_exception_exit(), there's no need to force the high 4
bits of 'type' to 1 when calling v7m_exception_taken(), because
we know that they're always 1 or we could not have got to this
"handle return to magic exception return address" code. Remove
the unnecessary ORs.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Acked-by: Alistair Francis 
Message-id: 1505137930-13255-6-git-send-email-peter.mayd...@linaro.org
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1741e0d..fdd5cc6 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6306,7 +6306,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  */
 env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
-v7m_exception_taken(cpu, type | 0xf000);
+v7m_exception_taken(cpu, type);
 qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
   "stackframe: failed exception return integrity check\n");
 return;
@@ -6348,7 +6348,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
 env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
 v7m_push_stack(cpu);
-v7m_exception_taken(cpu, type | 0xf000);
+v7m_exception_taken(cpu, type);
 qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: "
   "failed exception return integrity check\n");
 return;
-- 
2.7.4

[Qemu-devel] [PULL 16/18] hw/arm/virt: Set INTx/gsi mapping

[Peter Maydell]

From: Pranavkumar Sawargaonkar 

Let's provide the GPEX host bridge with the INTx/gsi mapping. This is
needed for INTx/gsi routing.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Tushar Jagad 
Signed-off-by: Eric Auger 
Reviewed-by: Andrew Jones 
Tested-by: Feng Kan 
Message-id: 1505296004-6798-3-git-send-email-eric.au...@redhat.com
Signed-off-by: Peter Maydell 
---
 hw/arm/virt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index fe96557..cfd834d 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1057,6 +1057,7 @@ static void create_pcie(const VirtMachineState *vms, 
qemu_irq *pic)
 
 for (i = 0; i < GPEX_NUM_IRQS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
+gpex_set_irq_num(GPEX_HOST(dev), i, irq + i);
 }
 
 pci = PCI_HOST_BRIDGE(dev);
-- 
2.7.4