date:20180114




On 2018年01月10日 22:32, Thomas Huth wrote:

QEMU can emulate hubs to connect NICs and netdevs. This is currently
primarily used for the mis-named 'vlan' feature of the networking
subsystem. Now the 'vlan' feature has been marked as deprecated, since
its name is rather confusing and the users often rather mis-configure
their network when trying to use it. But while the 'vlan' parameter
should be removed at one point in time, the basic idea of emulating
a hub in QEMU is still good: It's useful for bundling up the output of
multiple NICs into one single l2tp netdev for example.

Now to be able to use the hubport feature without 'vlan's, there is one
missing piece: The possibility to connect a hubport to a netdev, too.
This patch adds this possibility by introducing a new "netdev=..."
parameter to the hubports.

To bundle up the output of multiple NICs into one socket netdev, you can
now run QEMU with these parameters for example:

qemu-system-ppc64 ... -netdev socket,id=s1,connect=:11122 \
 -netdev hubport,hubid=1,id=h1,netdev=s1 \
 -netdev hubport,hubid=1,id=h2 -device e1000,netdev=h2 \
 -netdev hubport,hubid=1,id=h3 -device virtio-net-pci,netdev=h3

For using the socket netdev, you have got to start another QEMU as the
receiving side first, for example with network dumping enabled:

qemu-system-x86_64 -M isapc -netdev socket,id=s0,listen=:11122 \
 -device ne2k_isa,netdev=s0 \
 -object filter-dump,id=f1,netdev=s0,file=/tmp/dump.dat

After the ppc64 guest tried to boot from both NICs, you can see in the
dump file (using Wireshark, for example), that the output of both NICs
(the e1000 and the virtio-net-pci) has been successfully transfered
via the socket netdev in this case.

Suggested-by: Paolo Bonzini 
Signed-off-by: Thomas Huth 
---
  See also the original discussion here for some more information:
  https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg05650.html

  net/hub.c   | 23 ++-
  qapi/net.json   |  4 +++-
  qemu-options.hx |  8 +---
  3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/net/hub.c b/net/hub.c
index 14b4eec..0638729 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -13,6 +13,7 @@
   */
  
  #include "qemu/osdep.h"

+#include "qapi/error.h"
  #include "monitor/monitor.h"
  #include "net/net.h"
  #include "clients.h"
@@ -286,12 +287,32 @@ int net_init_hubport(const Netdev *netdev, const char 
*name,
   NetClientState *peer, Error **errp)
  {
  const NetdevHubPortOptions *hubport;
+NetClientState *hubncs;
  
  assert(netdev->type == NET_CLIENT_DRIVER_HUBPORT);

  assert(!peer);
  hubport = >u.hubport;
  
-net_hub_add_port(hubport->hubid, name);

+hubncs = net_hub_add_port(hubport->hubid, name);
+if (!hubncs) {
+error_setg(errp, "failed to add port to hub %i with id '%s'",
+   hubport->hubid, name);
+return -1;
+}
+
+if (hubport->has_netdev) {
+NetClientState *hubpeer;
+
+hubpeer = qemu_find_netdev(hubport->netdev);
+if (!hubpeer) {
+error_setg(errp, "netdev '%s' not found", hubport->netdev);
+return -1;
+}
+assert(!hubncs->peer && !hubpeer->peer);
+hubncs->peer = hubpeer;
+hubpeer->peer = hubncs;
+}
+


Instead of open coding here, maybe you can pass peer to 
net_hub_port_new() and let qemu_new_net_client() do this for you.


And since it was a hub, do we need to send to its netdev too inside 
net_hub_receive()?


Thanks


  return 0;
  }
  
diff --git a/qapi/net.json b/qapi/net.json

index 4beff5d..e41e046 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -410,12 +410,14 @@
  # Connect two or more net clients through a software hub.
  #
  # @hubid: hub identifier number
+# @netdev: used to connect hub to a netdev instead of a device (since 2.12)
  #
  # Since: 1.2
  ##
  { 'struct': 'NetdevHubPortOptions',
'data': {
-'hubid': 'int32' } }
+'hubid': 'int32',
+'*netdev':'str' } }
  
  ##

  # @NetdevNetmapOptions:
diff --git a/qemu-options.hx b/qemu-options.hx
index 678181c..9ec4af7 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2017,7 +2017,7 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
  #endif
  "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n"
  "configure a vhost-user network, backed by a chardev 
'dev'\n"
-"-netdev hubport,id=str,hubid=n\n"
+"-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
  "configure a hub port on QEMU VLAN 'n'\n", QEMU_ARCH_ALL)
  DEF("net", HAS_ARG, QEMU_OPTION_net,
  "-net 
nic[,vlan=n][,netdev=nd][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n"
@@ -2445,13 +2445,15 @@ vde_switch -F -sock /tmp/myswitch
  qemu-system-i386 linux.img -net nic -net vde,sock=/tmp/myswitch
  @end example
  
-@item -netdev hubport,id=@var{id},hubid=@var{hubid}

+@item -netdev

[Qemu-devel] [PATCH 2/2] spapr: Adjust default VSMT value for better migration compatibility

fa98fbfc "PC: KVM: Support machine option to set VSMT mode" introduced the
"vsmt" parameter for the pseries machine type, which controls the spacing
of the vcpu ids of thread 0 for each virtual core.  This was done to bring
some consistency and stability to how that was done, while still allowing
backwards compatibility for migration and otherwise.

The default value we used for vsmt was set to the max of the host's
advertised default number of threads and the number of vthreads per vcore
in the guest.  This was done to continue running without extra parameters
on older KVM versions which don't allow the VSMT value to be changed.

Unfortunately, even that smaller than before leakage of host configuration
into guest visible configuration still breaks things.  Specifically a guest
with 4 (or less) vthread/vcore will get a different vsmt value when
running on a POWER8 (vsmt==8) and POWER9 (vsmt==4) host.  That means the
vcpu ids don't line up so you can't migrate between them, though you should
be able to.

Long term we really want to make vsmt == smp_threads for sufficiently
new machine types.  However, that means that qemu will then require a
sufficiently recent KVM (one which supports changing VSMT) - that's still
not widely enough deployed to be really comfortable to do.

In the meantime we some default that will work as often as possible.
This patch changes that default to 8 in all circumstances.  This does
change guest visible behaviour (including for existing machine versions)
for many cases - just not the most common/important case.

Following is case by case justification for why this is still the least
worst option.  Note that any of the old behaviours can still be duplicated
after this patch, it's just that it requires manual intervention by
setting the vsmt property on the command line.

KVM HV on POWER8 host:
   This is the overwhelmingly common case in production setups, and is
   unchanged by design.  POWER8 hosts will advertise a default VSMT mode
   of 8, and > 8 vthreads/vcore isn't permitted

KVM HV on POWER7 host:
   Will break, but POWER7s allowing KVM were never released to the public.

KVM HV on POWER9 host:
   Not yet released to the public, breaking this now will reduce other
   breakage later.

KVM HV on PowerPC 970:
   Will theoretically break it, but it was barely supported to begin with
   and already required various user visible hacks to work.  Also so old
   that I just don't care.

TCG:
   This is the nastiest one; it means migration of TCG guests (without
   manual vsmt setting) will break.  Since TCG is rarely used in production
   I think this is worth it for the other benefits.  It does also remove
   one more barrier to TCG<->KVM migration which could be interesting for
   debugging applications.

KVM PR:
   As with TCG, this will break migration of existing configurations,
   without adding extra manual vsmt options.  As with TCG, it is rare in
   production so I think the benefits outweigh breakages.

Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e35214bfc3..8e5ef7c9de 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2305,9 +2305,14 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
*spapr, Error **errp)
 }
 /* In this case, spapr->vsmt has been set by the command line */
 } else {
-/* Choose a VSMT mode that may be higher than necessary but is
- * likely to be compatible with hosts that don't have VSMT. */
-spapr->vsmt = MAX(kvm_smt, smp_threads);
+/*
+ * Default VSMT value is tricky, because we need it to be as
+ * consistent as possible (for migration), but this requires
+ * changing it for at least some existing cases.  We pick 8 as
+ * the value that we'd get with KVM on POWER8, the
+ * overwhelmingly common case in production systems.
+ */
+spapr->vsmt = 8;
 }
 
 /* KVM: If necessary, set the SMT mode: */
-- 
2.14.3

[Qemu-devel] [PATCH 0/2] Further VSMT fixes

Here are some follow on fixes to Ziviani's proposed changes to VSMT
handling.  This should fix migration of POWER8 compat mode guests
between POWER8 and POWER9 hosts.

The changes are simple, the rationale's rather more complex.

David Gibson (2):
  target/ppc: Clarify compat mode max_threads value
  spapr: Adjust default VSMT value for better migration compatibility

 hw/ppc/spapr.c  | 15 ++-
 target/ppc/compat.c | 25 +
 target/ppc/cpu.h|  2 +-
 3 files changed, 28 insertions(+), 14 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH 1/2] target/ppc: Clarify compat mode max_threads value

We recently had some discussions that were sidetracked for a while, because
nearly everyone misapprehended the purpose of the 'max_threads' field in
the compatiblity modes table.  It's all about guest expectations, not host
expectations or support (that's handled elsewhere).

In an attempt to avoid a repeat of that confusion, rename the field to
'max_vthreads' and add an explanatory comment.

Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c  |  4 ++--
 target/ppc/compat.c | 25 +
 target/ppc/cpu.h|  2 +-
 3 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3e528fe91e..e35214bfc3 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -345,7 +345,7 @@ static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState 
*spapr)
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 DeviceClass *dc = DEVICE_GET_CLASS(cs);
 int index = spapr_vcpu_id(cpu);
-int compat_smt = MIN(smp_threads, ppc_compat_max_threads(cpu));
+int compat_smt = MIN(smp_threads, ppc_compat_max_vthreads(cpu));
 
 if ((index % smt) != 0) {
 continue;
@@ -503,7 +503,7 @@ static void spapr_populate_cpu_dt(CPUState *cs, void *fdt, 
int offset,
 size_t page_sizes_prop_size;
 uint32_t vcpus_per_socket = smp_threads * smp_cores;
 uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
-int compat_smt = MIN(smp_threads, ppc_compat_max_threads(cpu));
+int compat_smt = MIN(smp_threads, ppc_compat_max_vthreads(cpu));
 sPAPRDRConnector *drc;
 int drc_index;
 uint32_t radix_AP_encodings[PPC_PAGE_SIZES_MAX_SZ];
diff --git a/target/ppc/compat.c b/target/ppc/compat.c
index 276b5b52c2..807c906f68 100644
--- a/target/ppc/compat.c
+++ b/target/ppc/compat.c
@@ -32,7 +32,16 @@ typedef struct {
 uint32_t pvr;
 uint64_t pcr;
 uint64_t pcr_level;
-int max_threads;
+
+/*
+ * Maximum allowed virtual threads per virtual core
+ *
+ * This is to stop older guests getting confused by seeing more
+ * threads than they think the cpu can support.  Usually it's
+ * equal to the number of threads supported on bare metal
+ * hardware, but not always (see POWER9).
+ */
+int max_vthreads;
 } CompatInfo;
 
 static const CompatInfo compat_table[] = {
@@ -45,28 +54,28 @@ static const CompatInfo compat_table[] = {
 .pcr = PCR_COMPAT_3_00 | PCR_COMPAT_2_07 | PCR_COMPAT_2_06 |
PCR_COMPAT_2_05 | PCR_TM_DIS | PCR_VSX_DIS,
 .pcr_level = PCR_COMPAT_2_05,
-.max_threads = 2,
+.max_vthreads = 2,
 },
 { /* POWER7, ISA2.06 */
 .name = "power7",
 .pvr = CPU_POWERPC_LOGICAL_2_06,
 .pcr = PCR_COMPAT_3_00 | PCR_COMPAT_2_07 | PCR_COMPAT_2_06 | 
PCR_TM_DIS,
 .pcr_level = PCR_COMPAT_2_06,
-.max_threads = 4,
+.max_vthreads = 4,
 },
 {
 .name = "power7+",
 .pvr = CPU_POWERPC_LOGICAL_2_06_PLUS,
 .pcr = PCR_COMPAT_3_00 | PCR_COMPAT_2_07 | PCR_COMPAT_2_06 | 
PCR_TM_DIS,
 .pcr_level = PCR_COMPAT_2_06,
-.max_threads = 4,
+.max_vthreads = 4,
 },
 { /* POWER8, ISA2.07 */
 .name = "power8",
 .pvr = CPU_POWERPC_LOGICAL_2_07,
 .pcr = PCR_COMPAT_3_00 | PCR_COMPAT_2_07,
 .pcr_level = PCR_COMPAT_2_07,
-.max_threads = 8,
+.max_vthreads = 8,
 },
 { /* POWER9, ISA3.00 */
 .name = "power9",
@@ -80,7 +89,7 @@ static const CompatInfo compat_table[] = {
  * confusing if half of the threads disappear from the guest
  * if it announces it's POWER9 aware at CAS time.
  */
-.max_threads = 8,
+.max_vthreads = 8,
 },
 };
 
@@ -192,14 +201,14 @@ void ppc_set_compat_all(uint32_t compat_pvr, Error **errp)
 }
 }
 
-int ppc_compat_max_threads(PowerPCCPU *cpu)
+int ppc_compat_max_vthreads(PowerPCCPU *cpu)
 {
 const CompatInfo *compat = compat_by_pvr(cpu->compat_pvr);
 int n_threads = CPU(cpu)->nr_threads;
 
 if (cpu->compat_pvr) {
 g_assert(compat);
-n_threads = MIN(n_threads, compat->max_threads);
+n_threads = MIN(n_threads, compat->max_vthreads);
 }
 
 return n_threads;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index a5e49f23e9..dc6820c5eb 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1395,7 +1395,7 @@ void ppc_set_compat(PowerPCCPU *cpu, uint32_t compat_pvr, 
Error **errp);
 #if !defined(CONFIG_USER_ONLY)
 void ppc_set_compat_all(uint32_t compat_pvr, Error **errp);
 #endif
-int ppc_compat_max_threads(PowerPCCPU *cpu);
+int ppc_compat_max_vthreads(PowerPCCPU *cpu);
 void ppc_compat_add_property(Object *obj, const char *name,
  uint32_t *compat_pvr, const char *basedesc,
  Error **errp);
-- 
2.14.3

Re: [Qemu-devel] [PATCH] tap: close fd conditionally when error occured




On 2018年01月12日 15:30, Jay Zhou wrote:

If netdev_add tap,id=net0,vhost=on failed in net_init_tap_one(),
the followed up device_add virtio-net-pci,netdev=net0 will fail
too, prints:

   TUNSETOFFLOAD ioctl() failed: Bad file descriptor TUNSETOFFLOAD
   ioctl() failed: Bad file descriptor

The reason is that the fd of tap is closed when error occured after
calling net_init_tap_one().

I think the fd should be closed in these two case:
   1.tap_set_sndbuf() failed
   2.tap_set_sndbuf() succeeded but vhost failed to initialize with
 vhostforce flag on
Meanwhile, the fd should not be closed just because vhost failed to
initialize but without vhostforce flag. So the followed up device_add
can fall back to userspace virtio successfully.

Suggested-by: Michael S. Tsirkin 
Suggested-by: Igor Mammedov 
Suggested-by: Jason Wang 
Signed-off-by: Jay Zhou 
---
  net/tap.c | 18 +-
  1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/net/tap.c b/net/tap.c
index 979e622..3ed72eb 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -651,6 +651,9 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
  tap_set_sndbuf(s->fd, tap, );
  if (err) {
  error_propagate(errp, err);
+if (!tap->has_fd && !tap->has_fds) {
+close(fd);
+}
  return;
  }
  
@@ -687,14 +690,14 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,

  vhostfd = monitor_fd_param(cur_mon, vhostfdname, );
  if (vhostfd == -1) {
  error_propagate(errp, err);
-return;
+goto cleanup;
  }
  } else {
  vhostfd = open("/dev/vhost-net", O_RDWR);
  if (vhostfd < 0) {
  error_setg_errno(errp, errno,
   "tap: open vhost char device failed");
-return;
+goto cleanup;
  }
  fcntl(vhostfd, F_SETFL, O_NONBLOCK);
  }
@@ -704,11 +707,18 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
  if (!s->vhost_net) {
  error_setg(errp,
 "vhost-net requested but could not be initialized");


So error_setg() is not appropriate here consider it was not trated as an 
error. We probably just need some warning.



-return;
+goto cleanup;
  }
  } else if (vhostfdname) {
  error_setg(errp, "vhostfd(s)= is not valid without vhost");
  }
+
+cleanup:
+if (!tap->has_fd && !tap->has_fds && tap->has_vhostforce &&
+tap->vhostforce) {
+close(fd);


I would still let caller to decide whether or not to close the fd.

Thanks


+}
+return;
  }
  
  static int get_fds(char *str, char *fds[], int max)

@@ -877,7 +887,6 @@ free_fail:
   vnet_hdr, fd, );
  if (err) {
  error_propagate(errp, err);
-close(fd);
  return -1;
  }
  } else {
@@ -916,7 +925,6 @@ free_fail:
   vhostfdname, vnet_hdr, fd, );
  if (err) {
  error_propagate(errp, err);
-close(fd);
  return -1;
  }
  }

Re: [Qemu-devel] [PATCH RESEND v1 1/2] i386: Add Intel Processor Trace feature support

2018-01-14 Thread Kang, Luwei

> > From: Chao Peng 
> >
> > Expose Intel Processor Trace feature to guest.
> >
> > Signed-off-by: Chao Peng 
> > Signed-off-by: Luwei Kang 
> > ---
> >  target/i386/cpu.c | 19 ++-  target/i386/cpu.h |  1 +
> > target/i386/kvm.c | 23 +++
> >  3 files changed, 42 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c index
> > 3818d72..57f8370 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -427,7 +427,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] 
> > = {
> >  NULL, NULL, "mpx", NULL,
> >  "avx512f", "avx512dq", "rdseed", "adx",
> >  "smap", "avx512ifma", "pcommit", "clflushopt",
> > -"clwb", NULL, "avx512pf", "avx512er",
> > +"clwb", "intel-pt", "avx512pf", "avx512er",
> >  "avx512cd", "sha-ni", "avx512bw", "avx512vl",
> >  },
> >  .cpuid_eax = 7,
> > @@ -3006,6 +3006,23 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
> > uint32_t count,
> >  }
> >  break;
> >  }
> > +case 0x14: {
> > +if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) &&
> > + kvm_enabled()) {
> > +KVMState *s = cs->kvm_state;
> > +
> > +*eax = kvm_arch_get_supported_cpuid(s, 0x14, count, R_EAX);
> > +*ebx = kvm_arch_get_supported_cpuid(s, 0x14, count, R_EBX);
> > +*ecx = kvm_arch_get_supported_cpuid(s, 0x14, count, R_ECX);
> > +*edx = kvm_arch_get_supported_cpuid(s, 0x14, count,
> > + R_EDX);
> 
> If you are forwarding host info directly to the guest, the feature is not 
> migration-safe.  The new feature needs to be added to
> feature_word_info[FEAT_7_0_EBX].unmigratable_flags.
> 

Hi,
 Thanks for you review. I want to support Intel PT live migration and patch 
[2/2] to do this. I don't understand  why need to add this feature in 
feature_word_info[FEAT_7_0_EBX].unmigratable_flags first to disable live 
migration.

Thanks,
Luwei Kang

> 
> > +} else {
> > +*eax = 0;
> > +*ebx = 0;
> > +*ecx = 0;
> > +*edx = 0;
> > +}
> > +break;
> > +}
> >  case 0x4000:
> >  /*
> >   * CPUID code in kvm_arch_init_vcpu() ignores stuff diff
> > --git a/target/i386/cpu.h b/target/i386/cpu.h index 62c4742..58a4b6c
> > 100644
> > --- a/target/i386/cpu.h
> > +++ b/target/i386/cpu.h
> > @@ -642,6 +642,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
> > #define CPUID_7_0_EBX_PCOMMIT  (1U << 22) /* Persistent Commit */
> > #define CPUID_7_0_EBX_CLFLUSHOPT (1U << 23) /* Flush a Cache Line Optimized 
> > */
> >  #define CPUID_7_0_EBX_CLWB (1U << 24) /* Cache Line Write Back */
> > +#define CPUID_7_0_EBX_INTEL_PT (1U << 25) /* Intel Processor Trace */
> >  #define CPUID_7_0_EBX_AVX512PF (1U << 26) /* AVX-512 Prefetch */
> > #define CPUID_7_0_EBX_AVX512ER (1U << 27) /* AVX-512 Exponential and
> > Reciprocal */  #define CPUID_7_0_EBX_AVX512CD (1U << 28) /* AVX-512
> > Conflict Detection */ diff --git a/target/i386/kvm.c
> > b/target/i386/kvm.c index 6f69e2f..e13ab58 100644
> > --- a/target/i386/kvm.c
> > +++ b/target/i386/kvm.c
> > @@ -863,6 +863,29 @@ int kvm_arch_init_vcpu(CPUState *cs)
> >  c = _data.entries[cpuid_i++];
> >  }
> >  break;
> > +case 0x14: {
> > +uint32_t times;
> > +
> > +c->function = i;
> > +c->index = 0;
> > +c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
> > +cpu_x86_cpuid(env, i, 0, >eax, >ebx, >ecx, >edx);
> > +times = c->eax;
> > +
> > +for (j = 1; j <= times; ++j) {
> > +if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
> > +fprintf(stderr, "cpuid_data is full, no space for "
> > +"cpuid(eax:0x14,ecx:0x%x)\n", j);
> > +abort();
> > +}
> > +c = _data.entries[cpuid_i++];
> > +c->function = i;
> > +c->index = j;
> > +c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
> > +cpu_x86_cpuid(env, i, j, >eax, >ebx, >ecx, 
> > >edx);
> > +}
> > +break;
> > +}
> >  default:
> >  c->function = i;
> >  c->flags = 0;
> > --
> > 1.8.3.1
> >
> 
> --
> Eduardo

[Qemu-devel] [QEMU-PPC] [PATCH V4 1/6] target/ppc/kvm: Add cap_ppc_safe_[cache/bounds_check/indirect_branch]

Add three new kvm capabilities used to represent the level of host support
for three corresponding workarounds.

Host support for each of the capabilities is queried through the
new ioctl KVM_PPC_GET_CPU_CHAR which returns four uint64 quantities. The
first two, character and behaviour, represent the available
characteristics of the cpu and the behaviour of the cpu respectively.
The second two, c_mask and b_mask, represent the mask of known bits for
the character and beheviour dwords respectively.

Signed-off-by: Suraj Jitindar Singh 
---

V3 -> V4:
- Move kvmppc_get_cpu_characteristics() function implementation to fix
  compilation on some targets.

---
 include/hw/ppc/spapr.h  | 12 +
 linux-headers/asm-powerpc/kvm.h |  8 ++
 linux-headers/linux/kvm.h   |  3 +++
 target/ppc/kvm.c| 58 +
 target/ppc/kvm_ppc.h| 18 +
 5 files changed, 99 insertions(+)

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 0f5628f22e..eded0ea57d 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -295,6 +295,18 @@ struct sPAPRMachineState {
 #define H_DABRX_KERNEL (1ULL<<(63-62))
 #define H_DABRX_USER   (1ULL<<(63-63))
 
+/* Values for KVM_PPC_GET_CPU_CHAR & H_GET_CPU_CHARACTERISTICS */
+#define H_CPU_CHAR_SPEC_BAR_ORI31   PPC_BIT(0)
+#define H_CPU_CHAR_BCCTRL_SERIALISEDPPC_BIT(1)
+#define H_CPU_CHAR_L1D_FLUSH_ORI30  PPC_BIT(2)
+#define H_CPU_CHAR_L1D_FLUSH_TRIG2  PPC_BIT(3)
+#define H_CPU_CHAR_L1D_THREAD_PRIV  PPC_BIT(4)
+#define H_CPU_CHAR_HON_BRANCH_HINTS PPC_BIT(5)
+#define H_CPU_CHAR_THR_RECONF_TRIG  PPC_BIT(6)
+#define H_CPU_BEHAV_FAVOUR_SECURITY PPC_BIT(0)
+#define H_CPU_BEHAV_L1D_FLUSH_PRPPC_BIT(1)
+#define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR   PPC_BIT(2)
+
 /* Each control block has to be on a 4K boundary */
 #define H_CB_ALIGNMENT 4096
 
diff --git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kvm.h
index 61d6049f4c..5d2cb26848 100644
--- a/linux-headers/asm-powerpc/kvm.h
+++ b/linux-headers/asm-powerpc/kvm.h
@@ -443,6 +443,14 @@ struct kvm_ppc_rmmu_info {
__u32   ap_encodings[8];
 };
 
+/* For KVM_PPC_GET_CPU_CHAR */
+struct kvm_ppc_cpu_char {
+__u64   character;  /* characteristics of the CPU */
+__u64   behaviour;  /* recommended software behaviour */
+__u64   c_mask; /* valid bits in character */
+__u64   b_mask; /* valid bits in behaviour */
+};
+
 /* Per-vcpu XICS interrupt controller state */
 #define KVM_REG_PPC_ICP_STATE  (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0x8c)
 
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index ce6c2f11f4..c35f1bd363 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -932,6 +932,7 @@ struct kvm_ppc_resize_hpt {
 #define KVM_CAP_HYPERV_SYNIC2 148
 #define KVM_CAP_HYPERV_VP_INDEX 149
 #define KVM_CAP_S390_AIS_MIGRATION 150
+#define KVM_CAP_PPC_GET_CPU_CHAR 151
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
@@ -1261,6 +1262,8 @@ struct kvm_s390_ucas_mapping {
 #define KVM_PPC_CONFIGURE_V3_MMU  _IOW(KVMIO,  0xaf, struct kvm_ppc_mmuv3_cfg)
 /* Available with KVM_CAP_PPC_RADIX_MMU */
 #define KVM_PPC_GET_RMMU_INFO_IOW(KVMIO,  0xb0, struct kvm_ppc_rmmu_info)
+/* Available with KVM_CAP_PPC_GET_CPU_CHAR */
+#define KVM_PPC_GET_CPU_CHAR  _IOR(KVMIO,  0xb1, struct kvm_ppc_cpu_char)
 
 /* ioctl for vm fd */
 #define KVM_CREATE_DEVICE_IOWR(KVMIO,  0xe0, struct kvm_create_device)
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 914be687e7..b16f731522 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -89,6 +89,9 @@ static int cap_mmu_radix;
 static int cap_mmu_hash_v3;
 static int cap_resize_hpt;
 static int cap_ppc_pvr_compat;
+static int cap_ppc_safe_cache;
+static int cap_ppc_safe_bounds_check;
+static int cap_ppc_safe_indirect_branch;
 
 static uint32_t debug_inst_opcode;
 
@@ -121,6 +124,7 @@ static bool kvmppc_is_pr(KVMState *ks)
 }
 
 static int kvm_ppc_register_host_cpu_type(MachineState *ms);
+static void kvmppc_get_cpu_characteristics(KVMState *s);
 
 int kvm_arch_init(MachineState *ms, KVMState *s)
 {
@@ -147,6 +151,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_mmu_radix = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_RADIX);
 cap_mmu_hash_v3 = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3);
 cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
+kvmppc_get_cpu_characteristics(s);
 /*
  * Note: setting it to false because there is not such capability
  * in KVM at this moment.
@@ -2456,6 +2461,59 @@ bool kvmppc_has_cap_mmu_hash_v3(void)
 return cap_mmu_hash_v3;
 }
 
+static void kvmppc_get_cpu_characteristics(KVMState *s)
+{
+struct kvm_ppc_cpu_char c;
+int ret;
+
+/* Assume broken */
+

Re: [Qemu-devel] vhost-pci and virtio-vhost-user




On 2018年01月12日 18:18, Stefan Hajnoczi wrote:

Form what I'm understanding, vhost-pci tries to build a scalable V2V private
datapath. But according to what you describe here, virito-vhost-user tries
to make it possible to implement the device inside another VM. I understand
the goal of vhost-pci could be done on top, but it looks to me it would then
rather similar to the design of Xen driver domain. So I can not figure out
how it can be done in a high performance way.

vhost-pci and virtio-vhost-user both have the same goal.  They allow
a VM to implement a vhost device (net, scsi, blk, etc).

Looks not, if I read the code correctly, vhost-pci has a device
implementation in qemu, and in slave VM it only have a vhost-pci-net driver.

You are right that the current "[PATCH v3 0/7] Vhost-pci for inter-VM
communication" does not reach this goal yet.  The patch series focusses
on a subset of vhost-user-net for poll mode drivers.

But the goal is to eventually let VMs implement any vhost device type.
Even if Wei, you, or I don't implement scsi, for example, someone else
should be able to do it based on vhost-pci or virtio-vhost-user.

Wei: Do you agree?


This allows
software defined network or storage appliances running inside a VM to
provide I/O services to other VMs.

Well, I think we can do it even with the existed virtio or whatever other
emulated device which should not be bounded to any specific kind of device.

Please explain the approach you have in mind.


I just fail understand why we can't do software defined network or 
storage with exist virtio device/drivers (or are there any shortcomings 
that force us to invent new infrastructure).





And what's more important, according to the kvm 2016 slides of vhost-pci,
the motivation of vhost-pci is not building SDN but a chain of VNFs. So
bypassing the central vswitch through a private VM2VM path does make sense.
(Though whether or not vhost-pci is the best choice is still questionable).

This is probably my fault.  Maybe my networking terminology is wrong.  I
consider "virtual network functions" to be part of "software-defined
networking" use cases.  I'm not implying there must be a central virtual
switch.

To rephrase: vhost-pci enables exitless VM2VM communication.


The problem is, exitless is not what vhost-pci invents, it could be 
achieved now when both sides are doing busypolling.





   To the other VMs the devices look
like regular virtio devices.

I'm not sure I understand your reference to the Xen driver domain or
performance.

So what proposed here is basically memory sharing and event notification
through eventfd, this model have been used by Xen for many years through
grant table and event channel. Xen use this to move the backend
implementation from dom0 to a driver domain which has direct access to some
hardwares. Consider the case of network, it can then implement xen netback
inside driver domain which can access hardware NIC directly.

This makes sense for Xen and for performance since driver domain (backend)
can access hardware directly and event was triggered through lower overhead
hypercall (or it can do busypolling). But for virtio-vhost-user, unless you
want SRIOV based solutions inside the slave VM, I believe we won't want to
go back to Xen since the hardware virtualization can bring extra overheads.

Okay, this point is about the NFV use case.  I can't answer that because
I'm not familiar with it.

Even if the NFV use case is not ideal for VMs, there are many other use
cases for VMs implementing vhost devices.  In the cloud the VM is the
first-class object that users can manage.  They do not have the ability
to run vhost-user processes on the host.  Therefore I/O appliances need
to be able to run as VMs and vhost-pci (or virtio-vhost-user) solve that
problem.


The question is why must use vhost-user? E.g in the case of SDN, you can 
easily deploy an OVS instance with openflow inside a VM and it works 
like a charm.





   Both vhost-pci and virtio-vhost-user work using shared
memory access to the guest RAM of the other VM.  Therefore they can poll
virtqueues and avoid vmexit.  They do also support cross-VM interrupts,
thanks to QEMU setting up irqfd/ioeventfd appropriately on the host.

Stefan

So in conclusion, consider the complexity, I would suggest to figure out
whether or not this (either vhost-pci or virito-vhost-user) is really
required before moving ahead. E.g, for VM2VM direct network path, this looks
simply an issue of network topology instead of the problem of device, so
there's a lot of trick, for vhost-user one can easily image to write an
application (or use testpmd) to build a zerocopied VM2VM datapath, isn't
this not sufficient for the case?

See above, I described the general cloud I/O appliance use case.

Stefan


So I understand vhost-user could be used to build I/O appliance. What I 
don't understand is, the advantages of using vhost-user or why we must 
use it inside a guest.


Thanks

Re: [Qemu-devel] [PATCH v2 2/2] ppc: spapr: Check if thread argument is supported by host KVM

On Sun, Jan 14, 2018 at 05:23:49PM -0200, Jose Ricardo Ziviani wrote:
> QEMU currently checks whether SMT passed is valid or not. However, it
> doesn't check if KVM supports such mode when kvm is enabled.

That's not really true - the attempt to actually set the vsmt mode in
KVM later on in spapr_set_vsmt_mode() will fail if KVM can't support
the number of threads.

The error added here might be a bit easier to understand, since it
doesn't refer to vsmt modes, which might just confuse the issue.

The change isn't urgent, though.

> This patch relies on KVM_CAP_PPC_SMT_POSSIBLE to make it sure that QEMU
> will either set a valid SMT mode or warn an error message and quit.
> 
> Signed-off-by: Jose Ricardo Ziviani 
> ---
>  hw/ppc/spapr.c   | 10 ++
>  target/ppc/kvm.c |  5 +
>  target/ppc/kvm_ppc.h |  6 ++
>  3 files changed, 21 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index d1acfe8858..aed4d25fc4 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2261,12 +2261,22 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
> *spapr, Error **errp)
>   "on a pseries machine");
>  goto out;
>  }
> +
>  if (!is_power_of_2(smp_threads)) {
>  error_setg(_err, "Cannot support %d threads/core on a pseries "
>   "machine because it must be a power of 2", smp_threads);
>  goto out;
>  }
>  
> +if (kvm_enabled() && kvmppc_cap_smt_possible() > 0) {
> +if ((kvmppc_cap_smt_possible() & smp_threads) != smp_threads) {
> +error_setg(_err, "KVM does not support %d threads/core.",
> +smp_threads);
> +kvmppc_hint_smt_possible(_err);
> +goto out;
> +}
> +}

I'd like to see a fallback for kernels that don't support the
smt_possible cap and vsmt mode setting (for those, we must have
smp_threads <= kvm_smt).

> +
>  /* Detemine the VSMT mode to use: */
>  if (vsmt_user) {
>  if (spapr->vsmt < smp_threads) {
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 914be687e7..4a8ff4d63c 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -2456,6 +2456,11 @@ bool kvmppc_has_cap_mmu_hash_v3(void)
>  return cap_mmu_hash_v3;
>  }
>  
> +int kvmppc_cap_smt_possible(void)
> +{
> +return cap_ppc_smt_possible;
> +}
> +
>  PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void)
>  {
>  uint32_t host_pvr = mfpvr();
> diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> index ecb55493cc..2221850723 100644
> --- a/target/ppc/kvm_ppc.h
> +++ b/target/ppc/kvm_ppc.h
> @@ -59,6 +59,7 @@ bool kvmppc_has_cap_fixup_hcalls(void);
>  bool kvmppc_has_cap_htm(void);
>  bool kvmppc_has_cap_mmu_radix(void);
>  bool kvmppc_has_cap_mmu_hash_v3(void);
> +int kvmppc_cap_smt_possible(void);
>  int kvmppc_enable_hwrng(void);
>  int kvmppc_put_books_sregs(PowerPCCPU *cpu);
>  PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void);
> @@ -290,6 +291,11 @@ static inline bool kvmppc_has_cap_mmu_hash_v3(void)
>  return false;
>  }
>  
> +static inline int kvmppc_cap_smt_possible(void)
> +{
> +return 0;
> +}
> +
>  static inline int kvmppc_enable_hwrng(void)
>  {
>  return -1;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH qemu] configure: Allow capstone=git only if git update is not disabled

2018-01-14 Thread Thomas Huth

On 15.01.2018 03:35, Alexey Kardashevskiy wrote:
> Even with --disable-git-update, ./configure tries updating the capstone
> submodule instead of marking it "no"; this disables capstone submodule
> if git update is disabled.
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
>  configure | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/configure b/configure
> index 89bd662..92c21b3 100755
> --- a/configure
> +++ b/configure
> @@ -4502,7 +4502,7 @@ case "$capstone" in
>"" | yes)
>  if $pkg_config capstone; then
>capstone=system
> -elif test -e "${source_path}/.git" ; then
> +elif test -e "${source_path}/.git" -a $git_update = 'yes' ; then
>capstone=git
>  elif test -e "${source_path}/capstone/Makefile" ; then
>capstone=internal
> 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [RFC PATCH 1/3] vfio: ccw: introduce schib region

2018-01-14 Thread Dong Jia Shi

* Cornelia Huck  [2018-01-11 15:16:59 +0100]:

Hi Conny,

> On Thu, 11 Jan 2018 04:04:19 +0100
> Dong Jia Shi  wrote:
> 
> > This introduces a new region for vfio-ccw to provide subchannel
> > information for user space.
> > 
> > Signed-off-by: Dong Jia Shi 
> > ---
> >  drivers/s390/cio/vfio_ccw_fsm.c | 21 ++
> >  drivers/s390/cio/vfio_ccw_ops.c | 79 
> > +++--
> >  drivers/s390/cio/vfio_ccw_private.h |  3 ++
> >  include/uapi/linux/vfio.h   |  1 +
> >  include/uapi/linux/vfio_ccw.h   |  6 +++
> >  5 files changed, 90 insertions(+), 20 deletions(-)
> > 
> > diff --git a/drivers/s390/cio/vfio_ccw_fsm.c 
> > b/drivers/s390/cio/vfio_ccw_fsm.c
> > index c30420c517b1..be081ccabea3 100644
> > --- a/drivers/s390/cio/vfio_ccw_fsm.c
> > +++ b/drivers/s390/cio/vfio_ccw_fsm.c
> > @@ -172,6 +172,22 @@ static void fsm_irq(struct vfio_ccw_private *private,
> > complete(private->completion);
> >  }
> >  
> > +static void fsm_update_subch(struct vfio_ccw_private *private,
> > +enum vfio_ccw_event event)
> > +{
> > +   struct subchannel *sch;
> > +
> > +   sch = private->sch;
> > +   if (cio_update_schib(sch)) {
> 
> This implies device gone. Do we also want to trigger some event, or
> just wait until a machine check comes around and we're notified in the
> normal way? (Probably the latter.)
> 
We'd need to handle machine checks better anyway, and we can trigger
event there. I think we can choose the latter one.

> > +   private->schib_region.cc = 3;
> > +   return;
> > +   }
> > +
> > +   private->schib_region.cc = 0;
> > +   memcpy(private->schib_region.schib_area, >schib,
> > +  sizeof(sch->schib));
> 
> We might want to add documentation that schib_area contains the schib
> from the last successful invocation of stsch (if any). That makes sense
> as the schib remains unchanged for cc=3 after stsch anyway, but it
> can't hurt to spell it out.
> 
PoP doesn't say anything about the content of SCHIB when cc=3. So it's
fine to remain the last content I guess. I can add comments here and
document in vfio-ccw.txt. Ok?

> > +}
> > +
> >  /*
> >   * Device statemachine
> >   */
> > @@ -180,25 +196,30 @@ fsm_func_t 
> > *vfio_ccw_jumptable[NR_VFIO_CCW_STATES][NR_VFIO_CCW_EVENTS] = {
> > [VFIO_CCW_EVENT_NOT_OPER]   = fsm_nop,
> > [VFIO_CCW_EVENT_IO_REQ] = fsm_io_error,
> > [VFIO_CCW_EVENT_INTERRUPT]  = fsm_disabled_irq,
> > +   [VFIO_CCW_EVENT_UPDATE_SUBCH]   = fsm_update_subch,
> > },
> > [VFIO_CCW_STATE_STANDBY] = {
> > [VFIO_CCW_EVENT_NOT_OPER]   = fsm_notoper,
> > [VFIO_CCW_EVENT_IO_REQ] = fsm_io_error,
> > [VFIO_CCW_EVENT_INTERRUPT]  = fsm_irq,
> > +   [VFIO_CCW_EVENT_UPDATE_SUBCH]   = fsm_update_subch,
> > },
> > [VFIO_CCW_STATE_IDLE] = {
> > [VFIO_CCW_EVENT_NOT_OPER]   = fsm_notoper,
> > [VFIO_CCW_EVENT_IO_REQ] = fsm_io_request,
> > [VFIO_CCW_EVENT_INTERRUPT]  = fsm_irq,
> > +   [VFIO_CCW_EVENT_UPDATE_SUBCH]   = fsm_update_subch,
> > },
> > [VFIO_CCW_STATE_BOXED] = {
> > [VFIO_CCW_EVENT_NOT_OPER]   = fsm_notoper,
> > [VFIO_CCW_EVENT_IO_REQ] = fsm_io_busy,
> > [VFIO_CCW_EVENT_INTERRUPT]  = fsm_irq,
> > +   [VFIO_CCW_EVENT_UPDATE_SUBCH]   = fsm_update_subch,
> > },
> > [VFIO_CCW_STATE_BUSY] = {
> > [VFIO_CCW_EVENT_NOT_OPER]   = fsm_notoper,
> > [VFIO_CCW_EVENT_IO_REQ] = fsm_io_busy,
> > [VFIO_CCW_EVENT_INTERRUPT]  = fsm_irq,
> > +   [VFIO_CCW_EVENT_UPDATE_SUBCH]   = fsm_update_subch,
> 
> Does it makes to trigger this through the state machine if we always do
> the same action and never change state?
Yes. Ah, are you implying that we can call update_subch directly without
state machine involved? If so, I agree. There seems no benifit to add
a new VFIO_CCW_EVENT_UPDATE_SUBCH event to the FSM.

> 
> > },
> >  };
> 
> Else, looks good.
> 
Thanks for the comments. :)

-- 
Dong Jia Shi

[Qemu-devel] [QEMU-PPC] [PATCH V3 5/6] target/ppc/spapr_caps: Add new tristate cap safe_indirect_branch

Add new tristate cap cap-ibs to represent the indirect branch
serialisation capability.

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr.c |  2 ++
 hw/ppc/spapr_caps.c| 39 +++
 include/hw/ppc/spapr.h |  5 -
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 02a0cb656b..269c1c7857 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1793,6 +1793,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_dfp,
 _spapr_cap_cfpc,
 _spapr_cap_sbbc,
+_spapr_cap_ibs,
 NULL
 }
 };
@@ -3867,6 +3868,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
 smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
+smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
 spapr_caps_add_properties(smc, _abort);
 }
 
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 518e019cf7..0b36333a85 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -202,6 +202,17 @@ static void cap_safe_bounds_check_apply(sPAPRMachineState 
*spapr, uint8_t val,
 }
 }
 
+static void cap_safe_indirect_branch_apply(sPAPRMachineState *spapr,
+   uint8_t val, Error **errp)
+{
+if (tcg_enabled() && val) {
+/* TODO - for now only allow broken for TCG */
+error_setg(errp, "Requested safe indirect branch capability level not 
supported by tcg, try a different value for cap-ibs");
+} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_indirect_branch())) 
{
+error_setg(errp, "Requested safe indirect branch capability level not 
supported by kvm, try a different value for cap-ibs");
+}
+}
+
 #define VALUE_DESC_TRISTATE " (broken, workaround, fixed)"
 
 sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
@@ -250,6 +261,15 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .type = "string",
 .apply = cap_safe_bounds_check_apply,
 },
+[SPAPR_CAP_IBS] = {
+.name = "ibs",
+.description = "Indirect Branch Serialisation" VALUE_DESC_TRISTATE,
+.index = SPAPR_CAP_IBS,
+.get = spapr_cap_get_tristate,
+.set = spapr_cap_set_tristate,
+.type = "string",
+.apply = cap_safe_indirect_branch_apply,
+},
 };
 
 static sPAPRCapabilities default_caps_with_cpu(sPAPRMachineState *spapr,
@@ -424,6 +444,25 @@ const VMStateDescription vmstate_spapr_cap_sbbc = {
 },
 };
 
+static bool spapr_cap_ibs_needed(void *opaque)
+{
+sPAPRMachineState *spapr = opaque;
+
+return spapr->cmd_line_caps[SPAPR_CAP_IBS] &&
+   (spapr->eff.caps[SPAPR_CAP_IBS] != spapr->def.caps[SPAPR_CAP_IBS]);
+}
+
+const VMStateDescription vmstate_spapr_cap_ibs = {
+.name = "spapr/cap/ibs",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_cap_ibs_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(mig.caps[SPAPR_CAP_IBS], sPAPRMachineState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 void spapr_caps_reset(sPAPRMachineState *spapr)
 {
 sPAPRCapabilities default_caps;
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index c65be62e92..549d7a4134 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -64,8 +64,10 @@ typedef enum {
 #define SPAPR_CAP_CFPC  0x03
 /* Speculation Barrier Bounds Checking */
 #define SPAPR_CAP_SBBC  0x04
+/* Indirect Branch Serialisation */
+#define SPAPR_CAP_IBS   0x05
 /* Num Caps */
-#define SPAPR_CAP_NUM   (SPAPR_CAP_SBBC + 1)
+#define SPAPR_CAP_NUM   (SPAPR_CAP_IBS + 1)
 
 /*
  * Capability Values
@@ -785,6 +787,7 @@ extern const VMStateDescription vmstate_spapr_cap_vsx;
 extern const VMStateDescription vmstate_spapr_cap_dfp;
 extern const VMStateDescription vmstate_spapr_cap_cfpc;
 extern const VMStateDescription vmstate_spapr_cap_sbbc;
+extern const VMStateDescription vmstate_spapr_cap_ibs;
 
 static inline uint8_t spapr_get_cap(sPAPRMachineState *spapr, int cap)
 {
-- 
2.13.6

[Qemu-devel] [QEMU-PPC] [PATCH V3 3/6] target/ppc/spapr_caps: Add new tristate cap safe_cache

Add new tristate cap cap-cfpc to represent the cache flush on privilege
change capability.

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr.c |  2 ++
 hw/ppc/spapr_caps.c| 40 
 include/hw/ppc/spapr.h |  5 -
 3 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3e528fe91e..5d62dc9968 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1791,6 +1791,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_htm,
 _spapr_cap_vsx,
 _spapr_cap_dfp,
+_spapr_cap_cfpc,
 NULL
 }
 };
@@ -3863,6 +3864,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
+smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
 spapr_caps_add_properties(smc, _abort);
 }
 
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 436250d77b..bc2b2c3590 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -180,6 +180,18 @@ static void cap_dfp_apply(sPAPRMachineState *spapr, 
uint8_t val, Error **errp)
 }
 }
 
+static void cap_safe_cache_apply(sPAPRMachineState *spapr, uint8_t val,
+ Error **errp)
+{
+if (tcg_enabled() && val) {
+/* TODO - for now only allow broken for TCG */
+error_setg(errp, "Requested safe cache capability level not supported 
by tcg, try a different value for cap-cfpc");
+} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_cache())) {
+error_setg(errp, "Requested safe cache capability level not supported 
by kvm, try a different value for cap-cfpc");
+}
+}
+
+#define VALUE_DESC_TRISTATE " (broken, workaround, fixed)"
 
 sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 [SPAPR_CAP_HTM] = {
@@ -209,6 +221,15 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .type = "bool",
 .apply = cap_dfp_apply,
 },
+[SPAPR_CAP_CFPC] = {
+.name = "cfpc",
+.description = "Cache Flush on Privilege Change" VALUE_DESC_TRISTATE,
+.index = SPAPR_CAP_CFPC,
+.get = spapr_cap_get_tristate,
+.set = spapr_cap_set_tristate,
+.type = "string",
+.apply = cap_safe_cache_apply,
+},
 };
 
 static sPAPRCapabilities default_caps_with_cpu(sPAPRMachineState *spapr,
@@ -345,6 +366,25 @@ const VMStateDescription vmstate_spapr_cap_dfp = {
 },
 };
 
+static bool spapr_cap_cfpc_needed(void *opaque)
+{
+sPAPRMachineState *spapr = opaque;
+
+return spapr->cmd_line_caps[SPAPR_CAP_CFPC] &&
+   (spapr->eff.caps[SPAPR_CAP_CFPC] != 
spapr->def.caps[SPAPR_CAP_CFPC]);
+}
+
+const VMStateDescription vmstate_spapr_cap_cfpc = {
+.name = "spapr/cap/cfpc",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_cap_cfpc_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(mig.caps[SPAPR_CAP_CFPC], sPAPRMachineState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 void spapr_caps_reset(sPAPRMachineState *spapr)
 {
 sPAPRCapabilities default_caps;
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 61bb3632c4..ff476693d1 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -60,8 +60,10 @@ typedef enum {
 #define SPAPR_CAP_VSX   0x01
 /* Decimal Floating Point */
 #define SPAPR_CAP_DFP   0x02
+/* Cache Flush on Privilege Change */
+#define SPAPR_CAP_CFPC  0x03
 /* Num Caps */
-#define SPAPR_CAP_NUM   (SPAPR_CAP_DFP + 1)
+#define SPAPR_CAP_NUM   (SPAPR_CAP_CFPC + 1)
 
 /*
  * Capability Values
@@ -779,6 +781,7 @@ int spapr_caps_pre_save(void *opaque);
 extern const VMStateDescription vmstate_spapr_cap_htm;
 extern const VMStateDescription vmstate_spapr_cap_vsx;
 extern const VMStateDescription vmstate_spapr_cap_dfp;
+extern const VMStateDescription vmstate_spapr_cap_cfpc;
 
 static inline uint8_t spapr_get_cap(sPAPRMachineState *spapr, int cap)
 {
-- 
2.13.6

[Qemu-devel] [QEMU-PPC] [PATCH V3 6/6] target/ppc/spapr: Add H-Call H_GET_CPU_CHARACTERISTICS

The new H-Call H_GET_CPU_CHARACTERISTICS is used by the guest to query
behaviours and available characteristics of the cpu.

Implement the handler for this new H-Call which formulates its response
based on the setting of the spapr_caps cap-cfpc, cap-sbbc and cap-ibs.

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr_hcall.c   | 66 ++
 include/hw/ppc/spapr.h |  1 +
 2 files changed, 67 insertions(+)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 51eba52e86..a693d3b852 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1654,6 +1654,69 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
 return H_SUCCESS;
 }
 
+static target_ulong h_get_cpu_characteristics(PowerPCCPU *cpu,
+  sPAPRMachineState *spapr,
+  target_ulong opcode,
+  target_ulong *args)
+{
+uint64_t characteristics = H_CPU_CHAR_HON_BRANCH_HINTS &
+  ~H_CPU_CHAR_THR_RECONF_TRIG;
+uint64_t behaviour = H_CPU_BEHAV_FAVOUR_SECURITY;
+uint8_t safe_cache = spapr_get_cap(spapr, SPAPR_CAP_CFPC);
+uint8_t safe_bounds_check = spapr_get_cap(spapr, SPAPR_CAP_SBBC);
+uint8_t safe_indirect_branch = spapr_get_cap(spapr, SPAPR_CAP_IBS);
+
+switch (safe_cache) {
+case SPAPR_CAP_WORKAROUND:
+characteristics |= H_CPU_CHAR_L1D_FLUSH_ORI30;
+characteristics |= H_CPU_CHAR_L1D_FLUSH_TRIG2;
+characteristics |= H_CPU_CHAR_L1D_THREAD_PRIV;
+behaviour |= H_CPU_BEHAV_L1D_FLUSH_PR;
+break;
+case SPAPR_CAP_FIXED:
+break;
+default: /* broken */
+if (safe_cache != SPAPR_CAP_BROKEN) {
+error_report("Invalid value for cap-cfpc (%d), assuming broken",
+ safe_cache);
+}
+behaviour |= H_CPU_BEHAV_L1D_FLUSH_PR;
+break;
+}
+
+switch (safe_bounds_check) {
+case SPAPR_CAP_WORKAROUND:
+characteristics |= H_CPU_CHAR_SPEC_BAR_ORI31;
+behaviour |= H_CPU_BEHAV_BNDS_CHK_SPEC_BAR;
+break;
+case SPAPR_CAP_FIXED:
+break;
+default: /* broken */
+if (safe_bounds_check != SPAPR_CAP_BROKEN) {
+error_report("Invalid value for cap-sbbc (%d), assuming broken",
+ safe_bounds_check);
+}
+behaviour |= H_CPU_BEHAV_BNDS_CHK_SPEC_BAR;
+break;
+}
+
+switch (safe_indirect_branch) {
+case SPAPR_CAP_FIXED:
+characteristics |= H_CPU_CHAR_BCCTRL_SERIALISED;
+default: /* broken */
+if (safe_indirect_branch != SPAPR_CAP_BROKEN) {
+error_report("Invalid value for cap-ibs (%d), assuming broken",
+ safe_indirect_branch);
+}
+break;
+}
+
+args[0] = characteristics;
+args[1] = behaviour;
+
+return H_SUCCESS;
+}
+
 static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1];
 static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - 
KVMPPC_HCALL_BASE + 1];
 
@@ -1733,6 +1796,9 @@ static void hypercall_register_types(void)
 spapr_register_hypercall(H_INVALIDATE_PID, h_invalidate_pid);
 spapr_register_hypercall(H_REGISTER_PROC_TBL, h_register_process_table);
 
+/* hcall-get-cpu-characteristics */
+spapr_register_hypercall(H_GET_CPU_CHARACTERISTICS, 
h_get_cpu_characteristics);
+
 /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate
  * here between the "CI" and the "CACHE" variants, they will use whatever
  * mapping attributes qemu is using. When using KVM, the kernel will
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 549d7a4134..62c077ac20 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -404,6 +404,7 @@ struct sPAPRMachineState {
 #define H_GET_HCA_INFO  0x1B8
 #define H_GET_PERF_COUNT0x1BC
 #define H_MANAGE_TRACE  0x1C0
+#define H_GET_CPU_CHARACTERISTICS 0x1C8
 #define H_FREE_LOGICAL_LAN_BUFFER 0x1D4
 #define H_QUERY_INT_STATE   0x1E4
 #define H_POLL_PENDING  0x1D8
-- 
2.13.6

[Qemu-devel] [QEMU-PPC] [PATCH V3 1/6] target/ppc/kvm: Add cap_ppc_safe_[cache/bounds_check/indirect_branch]

Add three new kvm capabilities used to represent the level of host support
for three corresponding workarounds.

Host support for each of the capabilities is queried through the
new ioctl KVM_PPC_GET_CPU_CHAR which returns four uint64 quantities. The
first two, character and behaviour, represent the available
characteristics of the cpu and the behaviour of the cpu respectively.
The second two, c_mask and b_mask, represent the mask of known bits for
the character and beheviour dwords respectively.

Signed-off-by: Suraj Jitindar Singh 
---
 include/hw/ppc/spapr.h  | 12 +
 linux-headers/asm-powerpc/kvm.h |  8 ++
 linux-headers/linux/kvm.h   |  3 +++
 target/ppc/kvm.c| 58 +
 target/ppc/kvm_ppc.h| 18 +
 5 files changed, 99 insertions(+)

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 0f5628f22e..eded0ea57d 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -295,6 +295,18 @@ struct sPAPRMachineState {
 #define H_DABRX_KERNEL (1ULL<<(63-62))
 #define H_DABRX_USER   (1ULL<<(63-63))
 
+/* Values for KVM_PPC_GET_CPU_CHAR & H_GET_CPU_CHARACTERISTICS */
+#define H_CPU_CHAR_SPEC_BAR_ORI31   PPC_BIT(0)
+#define H_CPU_CHAR_BCCTRL_SERIALISEDPPC_BIT(1)
+#define H_CPU_CHAR_L1D_FLUSH_ORI30  PPC_BIT(2)
+#define H_CPU_CHAR_L1D_FLUSH_TRIG2  PPC_BIT(3)
+#define H_CPU_CHAR_L1D_THREAD_PRIV  PPC_BIT(4)
+#define H_CPU_CHAR_HON_BRANCH_HINTS PPC_BIT(5)
+#define H_CPU_CHAR_THR_RECONF_TRIG  PPC_BIT(6)
+#define H_CPU_BEHAV_FAVOUR_SECURITY PPC_BIT(0)
+#define H_CPU_BEHAV_L1D_FLUSH_PRPPC_BIT(1)
+#define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR   PPC_BIT(2)
+
 /* Each control block has to be on a 4K boundary */
 #define H_CB_ALIGNMENT 4096
 
diff --git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kvm.h
index 61d6049f4c..5d2cb26848 100644
--- a/linux-headers/asm-powerpc/kvm.h
+++ b/linux-headers/asm-powerpc/kvm.h
@@ -443,6 +443,14 @@ struct kvm_ppc_rmmu_info {
__u32   ap_encodings[8];
 };
 
+/* For KVM_PPC_GET_CPU_CHAR */
+struct kvm_ppc_cpu_char {
+__u64   character;  /* characteristics of the CPU */
+__u64   behaviour;  /* recommended software behaviour */
+__u64   c_mask; /* valid bits in character */
+__u64   b_mask; /* valid bits in behaviour */
+};
+
 /* Per-vcpu XICS interrupt controller state */
 #define KVM_REG_PPC_ICP_STATE  (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0x8c)
 
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index ce6c2f11f4..c35f1bd363 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -932,6 +932,7 @@ struct kvm_ppc_resize_hpt {
 #define KVM_CAP_HYPERV_SYNIC2 148
 #define KVM_CAP_HYPERV_VP_INDEX 149
 #define KVM_CAP_S390_AIS_MIGRATION 150
+#define KVM_CAP_PPC_GET_CPU_CHAR 151
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
@@ -1261,6 +1262,8 @@ struct kvm_s390_ucas_mapping {
 #define KVM_PPC_CONFIGURE_V3_MMU  _IOW(KVMIO,  0xaf, struct kvm_ppc_mmuv3_cfg)
 /* Available with KVM_CAP_PPC_RADIX_MMU */
 #define KVM_PPC_GET_RMMU_INFO_IOW(KVMIO,  0xb0, struct kvm_ppc_rmmu_info)
+/* Available with KVM_CAP_PPC_GET_CPU_CHAR */
+#define KVM_PPC_GET_CPU_CHAR  _IOR(KVMIO,  0xb1, struct kvm_ppc_cpu_char)
 
 /* ioctl for vm fd */
 #define KVM_CREATE_DEVICE_IOWR(KVMIO,  0xe0, struct kvm_create_device)
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 914be687e7..8cce855cab 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -89,6 +89,9 @@ static int cap_mmu_radix;
 static int cap_mmu_hash_v3;
 static int cap_resize_hpt;
 static int cap_ppc_pvr_compat;
+static int cap_ppc_safe_cache;
+static int cap_ppc_safe_bounds_check;
+static int cap_ppc_safe_indirect_branch;
 
 static uint32_t debug_inst_opcode;
 
@@ -121,6 +124,7 @@ static bool kvmppc_is_pr(KVMState *ks)
 }
 
 static int kvm_ppc_register_host_cpu_type(MachineState *ms);
+static void kvmppc_get_cpu_characteristics(KVMState *s);
 
 int kvm_arch_init(MachineState *ms, KVMState *s)
 {
@@ -147,6 +151,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_mmu_radix = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_RADIX);
 cap_mmu_hash_v3 = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3);
 cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
+kvmppc_get_cpu_characteristics(s);
 /*
  * Note: setting it to false because there is not such capability
  * in KVM at this moment.
@@ -372,6 +377,44 @@ struct ppc_radix_page_info *kvm_get_radix_page_info(void)
 return radix_page_info;
 }
 
+static void kvmppc_get_cpu_characteristics(KVMState *s)
+{
+struct kvm_ppc_cpu_char c;
+int ret;
+
+/* Assume broken */
+cap_ppc_safe_cache = 0;
+cap_ppc_safe_bounds_check = 0;
+cap_ppc_safe_indirect_branch = 0;
+
+ret =

[Qemu-devel] [QEMU-PPC] [PATCH V3 2/6] target/ppc/spapr_caps: Add support for tristate spapr_capabilities

spapr_caps are used to represent the level of support for various
capabilities related to the spapr machine type. Currently there is
only support for boolean capabilities.

Add support for tristate capabilities by implementing their get/set
functions. These capabilities can have the values 0, 1 or 2
corresponding to broken, workaround and fixed.

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr_caps.c| 60 ++
 include/hw/ppc/spapr.h |  4 
 2 files changed, 64 insertions(+)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index d5c9ce774a..436250d77b 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -73,6 +73,66 @@ static void spapr_cap_set_bool(Object *obj, Visitor *v, 
const char *name,
 spapr->eff.caps[cap->index] = value ? SPAPR_CAP_ON : SPAPR_CAP_OFF;
 }
 
+static void spapr_cap_get_tristate(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+char *val = NULL;
+uint8_t value = spapr_get_cap(spapr, cap->index);
+
+switch (value) {
+case SPAPR_CAP_BROKEN:
+val = g_strdup("broken");
+break;
+case SPAPR_CAP_WORKAROUND:
+val = g_strdup("workaround");
+break;
+case SPAPR_CAP_FIXED:
+val = g_strdup("fixed");
+break;
+default:
+error_setg(errp, "Invalid value (%d) for cap-%s", value, cap->name);
+return;
+}
+
+visit_type_str(v, name, , errp);
+g_free(val);
+}
+
+static void spapr_cap_set_tristate(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+char *val;
+Error *local_err = NULL;
+uint8_t value;
+
+visit_type_str(v, name, , _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+if (!strcasecmp(val, "broken")) {
+value = SPAPR_CAP_BROKEN;
+} else if (!strcasecmp(val, "workaround")) {
+value = SPAPR_CAP_WORKAROUND;
+} else if (!strcasecmp(val, "fixed")) {
+value = SPAPR_CAP_FIXED;
+} else {
+error_setg(errp, "Invalid capability mode \"%s\" for cap-%s", val,
+   cap->name);
+goto out;
+}
+
+spapr->cmd_line_caps[cap->index] = true;
+spapr->eff.caps[cap->index] = value;
+out:
+g_free(val);
+}
+
 static void cap_htm_apply(sPAPRMachineState *spapr, uint8_t val, Error **errp)
 {
 if (!val) {
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index eded0ea57d..61bb3632c4 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -69,6 +69,10 @@ typedef enum {
 /* Bool Caps */
 #define SPAPR_CAP_OFF   0x00
 #define SPAPR_CAP_ON0x01
+/* Broken | Workaround | Fixed Caps */
+#define SPAPR_CAP_BROKEN0x00
+#define SPAPR_CAP_WORKAROUND0x01
+#define SPAPR_CAP_FIXED 0x02
 
 typedef struct sPAPRCapabilities sPAPRCapabilities;
 struct sPAPRCapabilities {
-- 
2.13.6

[Qemu-devel] [QEMU-PPC] [PATCH V3 4/6] target/ppc/spapr_caps: Add new tristate cap safe_bounds_check

Add new tristate cap cap-sbbc to represent the speculation barrier
bounds checking capability.

Signed-off-by: Suraj Jitindar Singh 
---
 hw/ppc/spapr.c |  2 ++
 hw/ppc/spapr_caps.c| 39 +++
 include/hw/ppc/spapr.h |  5 -
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5d62dc9968..02a0cb656b 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1792,6 +1792,7 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_vsx,
 _spapr_cap_dfp,
 _spapr_cap_cfpc,
+_spapr_cap_sbbc,
 NULL
 }
 };
@@ -3865,6 +3866,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
+smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
 spapr_caps_add_properties(smc, _abort);
 }
 
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index bc2b2c3590..518e019cf7 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -191,6 +191,17 @@ static void cap_safe_cache_apply(sPAPRMachineState *spapr, 
uint8_t val,
 }
 }
 
+static void cap_safe_bounds_check_apply(sPAPRMachineState *spapr, uint8_t val,
+Error **errp)
+{
+if (tcg_enabled() && val) {
+/* TODO - for now only allow broken for TCG */
+error_setg(errp, "Requested safe bounds check capability level not 
supported by tcg, try a different value for cap-sbbc");
+} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_bounds_check())) {
+error_setg(errp, "Requested safe bounds check capability level not 
supported by kvm, try a different value for cap-sbbc");
+}
+}
+
 #define VALUE_DESC_TRISTATE " (broken, workaround, fixed)"
 
 sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
@@ -230,6 +241,15 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .type = "string",
 .apply = cap_safe_cache_apply,
 },
+[SPAPR_CAP_SBBC] = {
+.name = "sbbc",
+.description = "Speculation Barrier Bounds Checking" 
VALUE_DESC_TRISTATE,
+.index = SPAPR_CAP_SBBC,
+.get = spapr_cap_get_tristate,
+.set = spapr_cap_set_tristate,
+.type = "string",
+.apply = cap_safe_bounds_check_apply,
+},
 };
 
 static sPAPRCapabilities default_caps_with_cpu(sPAPRMachineState *spapr,
@@ -385,6 +405,25 @@ const VMStateDescription vmstate_spapr_cap_cfpc = {
 },
 };
 
+static bool spapr_cap_sbbc_needed(void *opaque)
+{
+sPAPRMachineState *spapr = opaque;
+
+return spapr->cmd_line_caps[SPAPR_CAP_SBBC] &&
+   (spapr->eff.caps[SPAPR_CAP_SBBC] != 
spapr->def.caps[SPAPR_CAP_SBBC]);
+}
+
+const VMStateDescription vmstate_spapr_cap_sbbc = {
+.name = "spapr/cap/sbbc",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_cap_sbbc_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(mig.caps[SPAPR_CAP_SBBC], sPAPRMachineState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 void spapr_caps_reset(sPAPRMachineState *spapr)
 {
 sPAPRCapabilities default_caps;
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index ff476693d1..c65be62e92 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -62,8 +62,10 @@ typedef enum {
 #define SPAPR_CAP_DFP   0x02
 /* Cache Flush on Privilege Change */
 #define SPAPR_CAP_CFPC  0x03
+/* Speculation Barrier Bounds Checking */
+#define SPAPR_CAP_SBBC  0x04
 /* Num Caps */
-#define SPAPR_CAP_NUM   (SPAPR_CAP_CFPC + 1)
+#define SPAPR_CAP_NUM   (SPAPR_CAP_SBBC + 1)
 
 /*
  * Capability Values
@@ -782,6 +784,7 @@ extern const VMStateDescription vmstate_spapr_cap_htm;
 extern const VMStateDescription vmstate_spapr_cap_vsx;
 extern const VMStateDescription vmstate_spapr_cap_dfp;
 extern const VMStateDescription vmstate_spapr_cap_cfpc;
+extern const VMStateDescription vmstate_spapr_cap_sbbc;
 
 static inline uint8_t spapr_get_cap(sPAPRMachineState *spapr, int cap)
 {
-- 
2.13.6

[Qemu-devel] [QEMU-PPC] [PATCH V3 0/6] target/ppc: Rework spapr_caps

The following patch series adds 3 new tristate capabilities and their
associated handling.

A new H-Call is implemented which a guest will use to query the
requirement for and availability of workarounds for certain cpu
behaviours.

Applies on top of David's tree: ppc-for-2.12

The first patch from the previous revision has already been merged:
hw/ppc/spapr_caps: Rework spapr_caps to use uint8 internal representation

The main changes to V3 are:
- Split up the addition of the tristate caps into 5 patches
  - 1/6 query the caps from the hypervisor and parse the new return format
  - 2/6 add support for the new caps
  - 3-5/6 add each of the three new caps
- Patch 6/6 Unchanged

Suraj Jitindar Singh (6):
  target/ppc/kvm: Add cap_ppc_safe_[cache/bounds_check/indirect_branch]
  target/ppc/spapr_caps: Add support for tristate spapr_capabilities
  target/ppc/spapr_caps: Add new tristate cap safe_cache
  target/ppc/spapr_caps: Add new tristate cap safe_bounds_check
  target/ppc/spapr_caps: Add new tristate cap safe_indirect_branch
  target/ppc/spapr: Add H-Call H_GET_CPU_CHARACTERISTICS

 hw/ppc/spapr.c  |   6 ++
 hw/ppc/spapr_caps.c | 178 
 hw/ppc/spapr_hcall.c|  66 +++
 include/hw/ppc/spapr.h  |  28 ++-
 linux-headers/asm-powerpc/kvm.h |   8 ++
 linux-headers/linux/kvm.h   |   3 +
 target/ppc/kvm.c|  58 +
 target/ppc/kvm_ppc.h|  18 
 8 files changed, 364 insertions(+), 1 deletion(-)

-- 
2.13.6

Re: [Qemu-devel] [PATCH v2 1/2] ppc: Change Power9 compat table to support at most 8 threads/core

On Sun, Jan 14, 2018 at 05:23:48PM -0200, Jose Ricardo Ziviani wrote:
> Increases the max smt mode to 8 for Power9. That's because KVM supports
> smt emulation in this platform so QEMU should allow users to use it as
> well.
> 
> Today if we try to pass -smp ...,threads=8, QEMU will silently truncate
> it to smt4 mode and may cause a crash if we try to perform a cpu
> hotplug.
> 
> Signed-off-by: Jose Ricardo Ziviani 

Applied, with the addition of a comment explaining why we want this
despite the hardware limit.

> ---
>  target/ppc/compat.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/ppc/compat.c b/target/ppc/compat.c
> index ad8f93c064..d1770cdc6f 100644
> --- a/target/ppc/compat.c
> +++ b/target/ppc/compat.c
> @@ -73,7 +73,7 @@ static const CompatInfo compat_table[] = {
>  .pvr = CPU_POWERPC_LOGICAL_3_00,
>  .pcr = PCR_COMPAT_3_00,
>  .pcr_level = PCR_COMPAT_3_00,
> -.max_threads = 4,
> +.max_threads = 8,
>  },
>  };
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [Bug 1743214] Re: OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread MVoloshin

It looks like this bug affects only QEMU for Windows.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1743214

Title:
  OS/2 Warp 3 support broken in 2.11

Status in QEMU:
  New

Bug description:
  Hello, I used to run OS/2 Warp 3 on QEMU with the following command line: 
qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img -boot c. It runs 
OK on QEMU 2.10, but immediately gives TRAP 0006 (invalid opcode?) on QEMU 2.11 
(see screenshot).
  If it is important I have Fixpack 40 and GRADD installed in OS/2.
  Here is the image:
  https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1743214/+subscriptions

[Qemu-devel] [PATCH] scsi: handle the special parameters

2018-01-14 Thread linzhecheng

scsi_disk_emulate_command calls
scsi_build_sense(NULL, 0, outbuf, r->buflen,
  (req->cmd.buf[1] & 1) == 0);
But scsi_convert_sense doesn't handle the case when in_buf is NULL
or in_len is 0, which will lead to segfault.

Signed-off-by: linzhecheng 
---
 scsi/utils.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/scsi/utils.c b/scsi/utils.c
index ddae650a99..b769e80c12 100644
--- a/scsi/utils.c
+++ b/scsi/utils.c
@@ -322,6 +322,10 @@ int scsi_convert_sense(uint8_t *in_buf, int in_len,
 SCSISense sense;
 bool fixed_in;
 
+if (!in_buf || !in_len) {
+return 0;
+}
+
 fixed_in = (in_buf[0] & 2) == 0;
 if (in_len && fixed == fixed_in) {
 memcpy(buf, in_buf, MIN(len, in_len));
-- 
2.12.2.windows.2

Re: [Qemu-devel] [PATCH qemu 0/3] spapr/iommu: Enable in-kernel TCE acceleration via VFIO KVM device

On 03/01/18 04:51, Paolo Bonzini wrote:
> On 02/01/2018 06:28, Alexey Kardashevskiy wrote:
>> This is my current queue of the in-kernel TCE acceleration
>> enablement.
>>
>> Changes since 
>> https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg01918.html :
>> * 3 patches instead of one, one per maintainership area;
>> * added memory_region_iommu_get_attr();
>> * removed set_attr() as there is no use for it now;
>> * folded the chunk in vfio_listener_region_add() under
>> VFIO_SPAPR_TCE_v2_IOMMU branch as the acceleration is only
>> enabled when DMA memory is preregistered and this is only supported
>> by the v2 IOMMU.
>>
>> This is based on sha1
>> ad59cde Cédric Le Goater "target/ppc: more use of the PPC_*() macros".
>>
>> Please comment. Thanks.
>>
>>
>>
>> Alexey Kardashevskiy (3):
>>   memory/iommu: Add get_attr()
>>   vfio/spapr: Use iommu memory region's get_attr()
>>   spapr/iommu: Enable in-kernel TCE acceleration via VFIO KVM device
>>
>>  include/exec/memory.h | 22 ++
>>  target/ppc/kvm_ppc.h  |  6 ++
>>  hw/ppc/spapr_iommu.c  | 19 +++
>>  hw/vfio/common.c  | 26 ++
>>  memory.c  | 13 +
>>  target/ppc/kvm.c  |  7 ++-
>>  hw/vfio/trace-events  |  1 +
>>  7 files changed, 93 insertions(+), 1 deletion(-)
>>
> 
> Alex, if this is okay for you, please pick it up yourself.

Alex, ping?


> 
> Thanks,
> 
> Paolo
> 


-- 
Alexey

Re: [Qemu-devel] [PATCH qemu v2] kvm: Add kvm_set_user_memory tracepoint

Ping? It is quite simple...



On 02/01/18 14:40, Alexey Kardashevskiy wrote:
> On 15/12/17 20:46, Darren Kenny wrote:
>> On Fri, Dec 15, 2017 at 04:23:26PM +1100, Alexey Kardashevskiy wrote:
>>> This adds a tracepoint to trace the KVM_SET_USER_MEMORY_REGION ioctl
>>> parameters which is quite useful for debugging VFIO memory regions
>>> being actually registered with KVM.
>>>
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>> Changes:
>>> v2:
>>> * added forgotten change to trace-events
>>> ---
>>> accel/kvm/kvm-all.c    | 6 +-
>>> accel/kvm/trace-events | 1 +
>>> 2 files changed, 6 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
>>> index f290f48..b91fcb7 100644
>>> --- a/accel/kvm/kvm-all.c
>>> +++ b/accel/kvm/kvm-all.c
>>> @@ -235,6 +235,7 @@ static int
>>> kvm_set_user_memory_region(KVMMemoryListener *kml, KVMSlot *slot)
>>> {
>>>     KVMState *s = kvm_state;
>>>     struct kvm_userspace_memory_region mem;
>>> +    int ret;
>>>
>>>     mem.slot = slot->slot | (kml->as_id << 16);
>>>     mem.guest_phys_addr = slot->start_addr;
>>> @@ -248,7 +249,10 @@ static int
>>> kvm_set_user_memory_region(KVMMemoryListener *kml, KVMSlot *slot)
>>>     kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, );
>>>     }
>>>     mem.memory_size = slot->memory_size;
>>> -    return kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, );
>>> +    ret = kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, );
>>> +    trace_kvm_set_user_memory(mem.slot, mem.flags, mem.guest_phys_addr,
>>> +  mem.memory_size, mem.userspace_addr, ret);
>>> +    return ret;
>>> }
>>>
>>> int kvm_destroy_vcpu(CPUState *cpu)
>>> diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events
>>> index f89ba55..58e98ef 100644
>>> --- a/accel/kvm/trace-events
>>> +++ b/accel/kvm/trace-events
>>> @@ -12,4 +12,5 @@ kvm_irqchip_commit_routes(void) ""
>>> kvm_irqchip_add_msi_route(char *name, int vector, int virq) "dev %s
>>> vector %d virq %d"
>>> kvm_irqchip_update_msi_route(int virq) "Updating MSI route virq=%d"
>>> kvm_irqchip_release_virq(int virq) "virq %d"
>>> +kvm_set_user_memory(uint32_t slot, uint32_t flags, uint64_t
>>> guest_phys_addr, uint64_t memory_size, uint64_t userspace_addr, int ret)
>>> "Slot#%d flags=0x%x gpa=0x%"PRIx64 " size=0x%"PRIx64 " ua=0x%"PRIx64 "
>>> ret=%d"
>>
>> Should the slot not be %u?:
>>
>>   "Slot#%u ...
> 
> 
> Could be, repost?
> 
> 
>>
>> Otherwise,
>>
>> Reviewed-by: Darren Kenny 
>>
>> Thanks,
>>
>> Darren.
>>
> 
> 


-- 
Alexey

Re: [Qemu-devel] [RFC] qid path collision issues in 9pfs

2018-01-14 Thread Antonios Motakis



On 13-Jan-18 00:14, Greg Kurz wrote:
> On Fri, 12 Jan 2018 19:32:10 +0800
> Antonios Motakis  wrote:
> 
>> Hello all,
>>
> 
> Hi Antonios,
> 
> I see you have attached a patch to this email... this really isn't the 
> preferred
> way to do things since it prevents to comment the patch (at least with my mail
> client). The appropriate way would have been to send the patch with a cover
> letter, using git-send-email for example.

I apologize for attaching the patch, I should have known better!

> 
>> We have found an issue in the 9p implementation of QEMU, with how qid paths 
>> are generated, which can cause qid path collisions and several issues caused 
>> by them. In our use case (running containers under VMs) these have proven to 
>> be critical.
>>
> 
> Ouch...
> 
>> In particular, stat_to_qid in hw/9pfs/9p.c generates a qid path using the 
>> inode number of the file as input. According to the 9p spec the path should 
>> be able to uniquely identify a file, distinct files should not share a path 
>> value.
>>
>> The current implementation that defines qid.path = inode nr works fine as 
>> long as there are not files from multiple partitions visible under the 9p 
>> share. In that case, distinct files from different devices are allowed to 
>> have the same inode number. So with multiple partitions, we have a very high 
>> probability of qid path collisions.
>>
>> How to demonstrate the issue:
>> 1) Prepare a problematic share:
>>  - mount one partition under share/p1/ with some files inside
>>  - mount another one *with identical contents* under share/p2/
>>  - confirm that both partitions have files with same inode nr, size, etc
>> 2) Demonstrate breakage:
>>  - start a VM with a virtio-9p pointing to the share
>>  - mount 9p share with FSCACHE on
>>  - keep open share/p1/file
>>  - open and write to share/p2/file
>>
>> What should happen is, the guest will consider share/p1/file and 
>> share/p2/file to be the same file, and since we are using the cache it will 
>> not reopen it. We intended to write to partition 2, but we just wrote to 
>> partition 1. This is just one example on how the guest may rely on qid paths 
>> being unique.
>>
>> In the use case of containers where we commonly have a few containers per 
>> VM, all based on similar images, these kind of qid path collisions are very 
>> common and they seem to cause all kinds of funny behavior (sometimes very 
>> subtle).
>>
>> To avoid this situation, the device id of a file needs to be also taken as 
>> input for generating a qid path. Unfortunately, the size of both inode nr + 
>> device id together would be 96 bits, while we have only 64 bits for the qid 
>> path, so we can't just append them and call it a day :(
>>
>> We have thought of a few approaches, but we would definitely like to hear 
>> what the upstream maintainers and community think:
>>
>> * Full fix: Change the 9p protocol
>>
>> We would need to support a longer qid path, based on a virtio feature flag. 
>> This would take reworking of host and guest parts of virtio-9p, so both QEMU 
>> and Linux for most users.
>>
> 
> I agree for a longer qid path, but we shouldn't tie it to a virtio flag since
> 9p is transport agnostic. And it happens to be used with a variety of 
> transports.
> QEMU has both virtio-9p and a Xen backend for example.
> 
>> * Fallback and/or interim solutions
>>
>> A virtio feature flag may be refused by the guest, so we think we still need 
>> to make collisions less likely even with 64 bit paths. E.g.
> 
> In all cases, we would need a fallback solution to support current
> guest setups. Also there are several 9p server implementations out
> there (ganesha, diod, kvmtool) that are currently used with linux
> clients... it will take some time to get everyone in sync :-\
> 
>> 1. XOR the device id with inode nr to produce the qid path (we attach a 
>> proof of concept patch)
> 
> Hmm... this would still allow collisions. Not good for fallback.
> 
>> 2. 64 bit hash of device id and inode nr
> 
> Same here.
> 
>> 3. other ideas, such as allocating new qid paths and keep a look up table of 
>> some sorts (possibly too expensive)
>>
> 
> This would be acceptable for fallback.

Maybe we can use the QEMU hash table 
(https://github.com/qemu/qemu/blob/master/util/qht.c) but I wonder if it scales 
to millions of entries. Do you think it is appropriate in this case?

I was thinking on how to implement something like this, without having to 
maintain millions of entries... One option we could consider is to split the 
bits into a directly-mapped part, and a lookup part. For example:

Inode =
[ 10 first bits ] + [ 54 lowest bits ]

A hash table maps [ inode 10 first bits ] + [ device id ] => [ 10 bit prefix ]
The prefix is uniquely allocated for each input.

Qid path = 
[ 10 bit prefix ] + [ inode 54 lowest bits ]

Since inodes are not completely random, and we usually have a handful of device 
IDs, we get a much smaller number of

Re: [Qemu-devel] [PATCH v2 0/5] vfio/pci: MSI-X MMIO relocation

On 11/01/18 06:01, Alex Williamson wrote:
> v1: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03350.html
> 
> See patch 5/5 for a thorough description.  v2 changes the 'auto'
> behavior as we've determined that there's no algorithm which has even
> a likely chance of success.  Instead, auto is now a placeholder for
> a device/platform lookup for known good combinations (though if I'm
> pessimistic, even that might depend on guest and driver versions).
> Thanks,



Tested-by: Alexey Kardashevskiy 




> 
> Alex
> 
> ---
> 
> Alex Williamson (5):
>   vfio/pci: Fixup VFIOMSIXInfo comment
>   vfio/pci: Add base BAR MemoryRegion
>   vfio/pci: Emulate BARs
>   qapi: Create DEFINE_PROP_OFF_AUTO_PCIBAR
>   vfio/pci: Allow relocating MSI-X MMIO
> 
> 
>  hw/core/qdev-properties.c|   11 +++
>  hw/vfio/pci.c|  175 
> ++
>  hw/vfio/pci.h|6 +
>  hw/vfio/trace-events |2 
>  include/hw/qdev-properties.h |4 +
>  qapi/common.json |   26 ++
>  6 files changed, 206 insertions(+), 18 deletions(-)
> 


-- 
Alexey

Re: [Qemu-devel] question about share flatviews

On 14/01/18 23:20, CheneyLin wrote:
> Hi， Paolo,
> 
> Alexey
> commit 967dc9b
> 
> commit 967dc9b
> 
> 
> commit 967dc9b
> 
> commit 967dc9b Share FlatView's and dispatch trees between address spaces
> 
>  commit 967dc9b.
> 
> . 
> 
> I'm wondering why we have to shares flatviews between different ASes.

Flatviews are only shared between address spaces which have the same root
MR, basically.

> In my
> opinion, arch like x86 only have two ASes(memory AS and io AS), each AS is
> related with only one flatview. Their ASes are definitely different.

Sure, and they are not shared as memory AS and IO AS have different MRs are
a root.


-- 
Alexey

Re: [Qemu-devel] [PATCH V4 6/7] CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.

On 01/14/2018 05:14 PM, p...@cmp.felk.cvut.cz wrote:
> From: Deniz Eren 
> 
> Signed-off-by: Deniz Eren 
> Signed-off-by: Pavel Pisa 
> ---
>  hw/can/Makefile.objs |   1 +
>  hw/can/can_pcm3680_pci.c | 336 
> +++
>  2 files changed, 337 insertions(+)
>  create mode 100644 hw/can/can_pcm3680_pci.c
> 
> diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
> index c9d07b9b16..6a328f0c3a 100644
> --- a/hw/can/Makefile.objs
> +++ b/hw/can/Makefile.objs
> @@ -9,4 +9,5 @@ common-obj-y += can_host_stub.o
>  endif
>  common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
>  common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
> +common-obj-$(CONFIG_CAN_PCI) += can_pcm3680_pci.o
>  endif
> diff --git a/hw/can/can_pcm3680_pci.c b/hw/can/can_pcm3680_pci.c
> new file mode 100644
> index 00..e85b61849a
> --- /dev/null
> +++ b/hw/can/can_pcm3680_pci.c
> @@ -0,0 +1,336 @@
> +/*
> + * PCM-3680i PCI CAN device (SJA1000 based) emulation
> + *
> + * Copyright (c) 2016 Deniz Eren (deniz.e...@icloud.com)
> + *
> + * Based on Kvaser PCI CAN device (SJA1000 based) emulation implemented by
> + * Jin Yang and Pavel Pisa
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/event_notifier.h"
> +#include "qemu/thread.h"
> +#include "qemu/sockets.h"
> +#include "qemu/error-report.h"
> +#include "chardev/char.h"
> +#include "hw/hw.h"
> +#include "hw/pci/pci.h"
> +#include "can/can_emu.h"
> +
> +#include "can_sja1000.h"
> +
> +#define TYPE_CAN_PCI_DEV "pcm3680_pci"
> +
> +#define PCM3680i_PCI_DEV(obj) \
> +OBJECT_CHECK(Pcm3680iPCIState, (obj), TYPE_CAN_PCI_DEV)
> +
> +/* the PCI device and vendor IDs */
> +#ifndef PCM3680i_PCI_VENDOR_ID1
> +#define PCM3680i_PCI_VENDOR_ID1 0x13fe
> +#endif
> +
> +#ifndef PCM3680i_PCI_DEVICE_ID1
> +#define PCM3680i_PCI_DEVICE_ID1 0xc002
> +#endif
> +
> +#define PCM3680i_PCI_SJA_RANGE 0x200
> +
> +#define PCM3680i_PCI_BYTES_PER_SJA 0x20
> +
> +typedef struct Pcm3680iPCIState {
> +/*< private >*/
> +PCIDevice   dev;
> +/*< public >*/
> +MemoryRegionsja_io[2];
> +
> +CanSJA1000State sja_state[2];
> +qemu_irqirq;
> +
> +char*model; /* The model that support, only SJA1000 now. */
> +char*canbus[2];
> +char*host[2];
> +} Pcm3680iPCIState;
> +
> +static void pcm3680i_pci_irq_raise(void *opaque)
> +{
> +Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
> +
> +qemu_irq_raise(d->irq);
> +}
> +
> +static void pcm3680i_pci_irq_lower(void *opaque)
> +{
> +Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
> +
> +qemu_irq_lower(d->irq);
> +}
> +
> +static void
> +pcm3680i_pci_reset(void *opaque)

static void pcm3680i_pci_reset(void *opaque)

> +{
> +Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
> +CanSJA1000State *s1 = >sja_state[0];
> +CanSJA1000State *s2 = >sja_state[1];
> +
> +can_sja_hardware_reset(s1);
> +can_sja_hardware_reset(s2);
> +}
> +
> +static uint64_t pcm3680i_pci_sja1_io_read(void *opaque, hwaddr addr,
> +  unsigned size)
> +{
> +Pcm3680iPCIState *d = opaque;
> +CanSJA1000State *s = >sja_state[0];
> +
> +if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
> +return 0;
> +}
> +
> +return can_sja_mem_read(s, addr, size);
> +}
> +
> +static void pcm3680i_pci_sja1_io_write(void *opaque, hwaddr addr,
> +   uint64_t data, unsigned size)
> +{
> +Pcm3680iPCIState *d = opaque;
> +CanSJA1000State *s = >sja_state[0];
> +
> +if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
> +return;
> +}
> +
> +can_sja_mem_write(s, addr, data, size);
> +}
> +
> +static uint64_t pcm3680i_pci_sja2_io_read(void *opaque, hwaddr addr,
> +

Re: [Qemu-devel] vhost-pci and virtio-vhost-user

On 2018年01月12日 13:20, Yang, Zhiyong wrote:

Both vhost-pci and virtio-vhost-user work using shared memory access
to the guest RAM of the other VM. Therefore they can poll virtqueues
and avoid vmexit. They do also support cross-VM interrupts, thanks to
QEMU setting up irqfd/ioeventfd appropriately on the host.

Stefan

So in conclusion, consider the complexity, I would suggest to figure out
whether or not this (either vhost-pci or virito-vhost-user) is really required
before moving ahead. E.g, for VM2VM direct network path, this looks simply
an issue of network topology instead of the problem of device, so there's a
lot of trick, for vhost-user one can easily image to write an application (or
use
testpmd) to build a zerocopied VM2VM datapath, isn't this not sufficient for
the case?

As far as I know, dequeue zero copied feature of vhost user PMD can't help
improve throughput for small packest ,such as 64 bytes.
On the contrary, it causes perf drop. The feature mainly helps large packets
throughput.

Can you explain why? And what's the number of:

1) 64B/1500B zerocopy
2) 64B/1500B datacopy
3) 64B/1500B vhost-pci

It makes make feel that vhost-pci is dedicated for small bytes? We
probably don't want a solution for just a specific size of packets.

Vhostpci can bring the following advantages compared to traditional solution(vhost/virtio PMD pairs)

1. higher throughput for two VMs. ( Let us see the following case, if we use
NIC passthrough way to two 2 VMs, vhostpci RX or TX is handled running 1
single core in VM1, virtio PMD is similar on VM2,
Only RX or TX is handled running on one single core.
for traditional solution, except each virtio PMD is running inside each VM,
at least one extra core is needed for vhost user RX and TX as an mediator.
In this case, the bottleneck lies in the two vhost user ports running on one
single core, which has double workload.

Does this still make sense for packet size other than 64 byte (e.g 1500B)?

2. Low latencies (have shorter data path than tradition soluton, doesn't need
to pass host OS any more by vhost user)

Is this still true if you do busy polling on both sides?

3. reduce nearly 50% cores because OVS is not involved again if we apply
vhostpci/virtio to VMs-chain case.

Well the differences to me is, copy in guest vs copy in host.

- vhost-pci move the copy from host process to pmd in guest, it probably
save cores but sacrifice the performance of pmd which needs do copy now
- exist OVS may occupy more cores in host, but if saves the ability of
guest pmd

From the view of performance, it looks to me that copy in host is
faster since it has less overhead e.g vmexits. Vhost-pci probably needs
more vcpus to compete with current solution.

Thanks

Thanks
Zhiyong

Re: [Qemu-devel] [PATCH V4 4/7] CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.

On 01/14/2018 05:14 PM, p...@cmp.felk.cvut.cz wrote:
> From: Pavel Pisa 
> 
> Signed-off-by: Pavel Pisa 
> ---
>  default-configs/pci.mak |   1 +
>  hw/can/Makefile.objs|   1 +
>  hw/can/can_kvaser_pci.c | 375 
> 
>  3 files changed, 377 insertions(+)
>  create mode 100644 hw/can/can_kvaser_pci.c
> 
> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> index 979b649fe5..72c0802ced 100644
> --- a/default-configs/pci.mak
> +++ b/default-configs/pci.mak
> @@ -33,6 +33,7 @@ CONFIG_SERIAL_ISA=y
>  CONFIG_SERIAL_PCI=y
>  CONFIG_CAN_CORE=y
>  CONFIG_CAN_SJA1000=y
> +CONFIG_CAN_PCI=y
>  CONFIG_IPACK=y
>  CONFIG_WDT_IB6300ESB=y
>  CONFIG_PCI_TESTDEV=y
> diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
> index 3c4bf3bfc1..c9d07b9b16 100644
> --- a/hw/can/Makefile.objs
> +++ b/hw/can/Makefile.objs
> @@ -8,4 +8,5 @@ else
>  common-obj-y += can_host_stub.o
>  endif
>  common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
> +common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
>  endif
> diff --git a/hw/can/can_kvaser_pci.c b/hw/can/can_kvaser_pci.c
> new file mode 100644
> index 00..7e3f28d83c
> --- /dev/null
> +++ b/hw/can/can_kvaser_pci.c
> @@ -0,0 +1,375 @@
> +/*
> + * Kvaser PCI CAN device (SJA1000 based) emulation
> + *
> + * Copyright (c) 2013-2014 Jin Yang
> + * Copyright (c) 2014-2018 Pavel Pisa
> + *
> + * Partially based on educational PCIexpress APOHW hardware
> + * emulator used fro class A0B36APO at CTU FEE course by
> + *Rostislav Lisovy and Pavel Pisa
> + *
> + * Initial development supported by Google GSoC 2013 from RTEMS project slot
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/event_notifier.h"
> +#include "qemu/thread.h"
> +#include "qemu/sockets.h"
> +#include "qemu/error-report.h"
> +#include "chardev/char.h"
> +#include "hw/hw.h"
> +#include "hw/pci/pci.h"
> +#include "can/can_emu.h"
> +
> +#include "can_sja1000.h"
> +
> +#define TYPE_CAN_PCI_DEV "kvaser_pci"
> +
> +#define KVASER_PCI_DEV(obj) \
> +OBJECT_CHECK(KvaserPCIState, (obj), TYPE_CAN_PCI_DEV)
> +
> +#ifndef KVASER_PCI_VENDOR_ID1
> +#define KVASER_PCI_VENDOR_ID1 0x10e8/* the PCI device and vendor IDs 
> */
> +#endif
> +
> +#ifndef KVASER_PCI_DEVICE_ID1
> +#define KVASER_PCI_DEVICE_ID1 0x8406
> +#endif
> +
> +#define KVASER_PCI_S5920_RANGE0x80
> +#define KVASER_PCI_SJA_RANGE  0x80
> +#define KVASER_PCI_XILINX_RANGE   0x8
> +
> +#define KVASER_PCI_BYTES_PER_SJA  0x20
> +
> +#define S5920_OMB 0x0C
> +#define S5920_IMB 0x1C
> +#define S5920_MBEF0x34
> +#define S5920_INTCSR  0x38
> +#define S5920_RCR 0x3C
> +#define S5920_PTCR0x60
> +
> +#define S5920_INTCSR_ADDON_INTENABLE_M0x2000
> +#define S5920_INTCSR_INTERRUPT_ASSERTED_M 0x80
> +
> +#define KVASER_PCI_XILINX_VERINT  7   /* Lower nibble simulate interrupts,
> + high nibble version number. */
> +
> +#define KVASER_PCI_XILINX_VERSION_NUMBER 13
> +
> +typedef struct KvaserPCIState {
> +/*< private >*/
> +PCIDevice   dev;
> +/*< public >*/
> +MemoryRegions5920_io;
> +MemoryRegionsja_io;
> +MemoryRegionxilinx_io;
> +
> +CanSJA1000State sja_state;
> +qemu_irqirq;
> +
> +uint32_ts5920_intcsr;
> +uint32_ts5920_irqstate;
> +
> +char*model; /* The model that support, only SJA1000 now. */
> +char*canbus;
> +char*host;
> +} KvaserPCIState;
> +
> +static void kvaser_pci_irq_raise(void *opaque)
> +{
> +KvaserPCIState *d = (KvaserPCIState *)opaque;
> +d->s5920_irqstate = 1;
> +
> +if (d->s5920_intcsr & S5920_INTCSR_ADDON_INTENABLE_M) {
> +

Re: [Qemu-devel] [PATCH V4 3/7] CAN bus SJA1000 chip register level emulation for QEMU

On 01/14/2018 05:14 PM, p...@cmp.felk.cvut.cz wrote:
> From: Pavel Pisa 
> 
> The core SJA1000 support is independent of following
> patches which map SJA1000 chip to PCI boards.
> 
> The work is based on Jin Yang GSoC 2013 work funded
> by Google and mentored in frame of RTEMS project GSoC
> slot donated to QEMU.
> 
> Rewritten for QEMU-2.0+ versions and architecture cleanup
> by Pavel Pisa (Czech Technical University in Prague).
> 
> Signed-off-by: Pavel Pisa 
> ---
>  default-configs/pci.mak |1 +
>  hw/can/Makefile.objs|1 +
>  hw/can/can_sja1000.c| 1013 
> +++
>  hw/can/can_sja1000.h|  167 
>  4 files changed, 1182 insertions(+)
>  create mode 100644 hw/can/can_sja1000.c
>  create mode 100644 hw/can/can_sja1000.h
> 
> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> index bbe11887a1..979b649fe5 100644
> --- a/default-configs/pci.mak
> +++ b/default-configs/pci.mak
> @@ -32,6 +32,7 @@ CONFIG_SERIAL=y
>  CONFIG_SERIAL_ISA=y
>  CONFIG_SERIAL_PCI=y
>  CONFIG_CAN_CORE=y
> +CONFIG_CAN_SJA1000=y
>  CONFIG_IPACK=y
>  CONFIG_WDT_IB6300ESB=y
>  CONFIG_PCI_TESTDEV=y
> diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
> index f999085f7a..3c4bf3bfc1 100644
> --- a/hw/can/Makefile.objs
> +++ b/hw/can/Makefile.objs
> @@ -7,4 +7,5 @@ common-obj-y += can_socketcan.o
>  else
>  common-obj-y += can_host_stub.o
>  endif
> +common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
>  endif
> diff --git a/hw/can/can_sja1000.c b/hw/can/can_sja1000.c
> new file mode 100644
> index 00..7f7a6ea244
> --- /dev/null
> +++ b/hw/can/can_sja1000.c
> @@ -0,0 +1,1013 @@
> +/*
> + * CAN device - SJA1000 chip emulation for QEMU
> + *
> + * Copyright (c) 2013-2014 Jin Yang
> + * Copyright (c) 2014-2018 Pavel Pisa
> + *
> + * Initial development supported by Google GSoC 2013 from RTEMS project slot
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "chardev/char.h"
> +#include "hw/hw.h"
> +#include "can/can_emu.h"
> +
> +#include "can_sja1000.h"
> +
> +#ifndef DEBUG_FILTER
> +#define DEBUG_FILTER 0
> +#endif /*DEBUG_FILTER*/
> +
> +#ifndef DEBUG_CAN
> +#define DEBUG_CAN 0
> +#endif /*DEBUG_CAN*/
> +
> +#define DPRINTF(fmt, ...) \
> +do { \
> +if (DEBUG_CAN) { \
> +qemu_log("[cansja]: " fmt , ## __VA_ARGS__); \
> +} \
> +} while (0)
> +
> +static void can_sja_software_reset(CanSJA1000State *s)
> +{
> +s->mode&= ~0x31;
> +s->mode|= 0x01;
> +s->status_pel  &= ~0x37;
> +s->status_pel  |= 0x34;
> +
> +s->rxbuf_start = 0x00;
> +s->rxmsg_cnt   = 0x00;
> +s->rx_cnt  = 0x00;
> +}
> +
> +void can_sja_hardware_reset(CanSJA1000State *s)
> +{
> +/* Reset by hardware, p10 */
> +s->mode= 0x01;
> +s->status_pel  = 0x3c;
> +s->interrupt_pel = 0x00;
> +s->clock   = 0x00;
> +s->rxbuf_start = 0x00;
> +s->rxmsg_cnt   = 0x00;
> +s->rx_cnt  = 0x00;
> +
> +s->control = 0x01;
> +s->status_bas  = 0x0c;
> +s->interrupt_bas = 0x00;
> +
> +s->irq_lower(s->irq_opaque);
> +}
> +
> +static
> +void can_sja_single_filter(struct qemu_can_filter *filter,
> +const uint8_t *acr,  const uint8_t *amr, int extended)
> +{
> +if (extended) {
> +filter->can_id = (uint32_t)acr[0] << 21;
> +filter->can_id |= (uint32_t)acr[1] << 13;
> +filter->can_id |= (uint32_t)acr[2] << 5;
> +filter->can_id |= (uint32_t)acr[3] >> 3;
> +if (acr[3] & 4) {
> +filter->can_id |= QEMU_CAN_RTR_FLAG;
> +}

I hope we inline that later...

> +
> +filter->can_mask = (uint32_t)amr[0] << 21;
> +filter->can_mask |= (uint32_t)amr[1] << 13;
> +filter->can_mask |= (uint32_t)amr[2] << 5;
> +

Re: [Qemu-devel] [PATCH V4 2/7] CAN bus support to connect bust to Linux host SocketCAN interface.

Hi Pavel,

I'm CC'ing the QEMU Sockets maintainer to ask them a quick review of the
socket part.

On 01/14/2018 05:14 PM, p...@cmp.felk.cvut.cz wrote:
> From: Pavel Pisa 
> 
> Connection to the real host CAN bus network through
> SocketCAN network interface is available only for Linux
> host system. Mechanism is generic, support for another
> CAN API and operating systems can be implemented in future.
> 
> Signed-off-by: Pavel Pisa 
> ---
>  hw/can/Makefile.objs   |   4 +
>  hw/can/can_socketcan.c | 314 
> +
>  2 files changed, 318 insertions(+)
>  create mode 100644 hw/can/can_socketcan.c
> 
> diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
> index 1028d7c455..f999085f7a 100644
> --- a/hw/can/Makefile.objs
> +++ b/hw/can/Makefile.objs
> @@ -2,5 +2,9 @@
>  
>  ifeq ($(CONFIG_CAN_CORE),y)
>  common-obj-y += can_core.o
> +ifeq ($(CONFIG_LINUX),y)
> +common-obj-y += can_socketcan.o
> +else
>  common-obj-y += can_host_stub.o
>  endif
> +endif
> diff --git a/hw/can/can_socketcan.c b/hw/can/can_socketcan.c
> new file mode 100644
> index 00..f6df747c5a
> --- /dev/null
> +++ b/hw/can/can_socketcan.c
> @@ -0,0 +1,314 @@
> +/*
> + * CAN socketcan support to connect to the Linux host SocketCAN interfaces
> + *
> + * Copyright (c) 2013-2014 Jin Yang
> + * Copyright (c) 2014-2018 Pavel Pisa
> + *
> + * Initial development supported by Google GSoC 2013 from RTEMS project slot
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "qemu/error-report.h"
> +#include "chardev/char.h"
> +#include "qemu/sockets.h"
> +#include "qemu/error-report.h"
> +#include "hw/hw.h"
> +#include "can/can_emu.h"
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#ifndef DEBUG_CAN
> +#define DEBUG_CAN 0
> +#endif /*DEBUG_CAN*/
> +
> +#define CAN_READ_BUF_LEN  5
> +typedef struct {
> +CanBusClientState  bus_client;
> +qemu_can_filter*rfilter;
> +intrfilter_num;
> +can_err_mask_t err_mask;
> +
> +qemu_can_frame buf[CAN_READ_BUF_LEN];
> +intbufcnt;
> +intbufptr;
> +
> +intfd;
> +} CanBusSocketcanConnectState;
> +

Please move those checks out of the function, to call them once at build
time and not at runtime.

/* Check that QEMU and Linux kernel flags encoding matches */
QEMU_BUILD_BUG_ON(QEMU_CAN_EFF_FLAG == CAN_EFF_FLAG);
QEMU_BUILD_BUG_ON(QEMU_CAN_RTR_FLAG == CAN_RTR_FLAG);
QEMU_BUILD_BUG_ON(QEMU_CAN_ERR_FLAG == CAN_ERR_FLAG);
QEMU_BUILD_BUG_ON(QEMU_CAN_INV_FILTER == CAN_INV_FILTER);
QEMU_BUILD_BUG_ON(offsetof(qemu_can_frame, data)
  == offsetof(struct can_frame, data));

> +static void can_bus_socketcan_display_msg(struct qemu_can_frame *msg)
> +{
> +int i;
> +
> +/* Check that QEMU and Linux kernel flags encoding matches */
> +assert(QEMU_CAN_EFF_FLAG == CAN_EFF_FLAG);
> +assert(QEMU_CAN_RTR_FLAG == CAN_RTR_FLAG);
> +assert(QEMU_CAN_ERR_FLAG == CAN_ERR_FLAG);
> +
> +assert(QEMU_CAN_INV_FILTER == CAN_INV_FILTER);
> +
> +assert(offsetof(qemu_can_frame, data) == offsetof(struct can_frame, 
> data));

^ those

> +
> +qemu_log_lock();
> +qemu_log("[cansocketcan]: %03X [%01d] %s %s",
> + msg->can_id & QEMU_CAN_EFF_MASK,
> + msg->can_dlc,
> + msg->can_id & QEMU_CAN_EFF_FLAG ? "EFF" : "SFF",
> + msg->can_id & QEMU_CAN_RTR_FLAG ? "RTR" : "DAT");
> +
> +for (i = 0; i < msg->can_dlc; i++) {
> +qemu_log(" %02X", msg->data[i]);
> +}
> +qemu_log("\n");

I'd rather use tracepoints, but since this is restricted by DEBUG_CAN
this doesn't bother the user console, so ok.

> +qemu_log_flush();
> +qemu_log_unlock();
> +}
> +
> +static void can_bus_socketcan_read(void

Re: [Qemu-devel] [QEMU-PPC] [PATCH 0/3] target/ppc: Rework spapr_caps

On Fri, Jan 12, 2018 at 04:33:42PM +1100, Suraj Jitindar Singh wrote:
> The following patch series reworks the implementation of spapr_caps
> to allow for a increased number of possible values in the internal
> representation.
> 
> It also adds 3 new tristate capabilities.
> 
> A new H-Call is implemented which a guest will use to query the 
> requirement for and availability of workarounds for certain cpu 
> behaviours.
> 
> Applies on top of David's series - spapr: Add optional capabilities
> Based on ppc-for-2.12
> 
> The patches could be split up more, but in the interest of getting
> them out there they are as they are.

I've applied 1/3.  2/3 will need rework since the necessary kvm
changes were nacked, 3/3 isn't much use without it, so I'll wait on a
respin of those.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 08/21] sdhci: add v3 capabilities

On Fri, Jan 12, 2018 at 9:08 PM, Alistair Francis
 wrote:
> On Thu, Jan 11, 2018 at 12:56 PM, Philippe Mathieu-Daudé
>  wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/sd/sdhci-internal.h | 21 +
>>  include/hw/sd/sdhci.h  |  2 ++
>>  hw/sd/sdhci.c  | 22 --
>>  3 files changed, 43 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
>> index 4ed9727ec3..ac4704eb61 100644
>> --- a/hw/sd/sdhci-internal.h
>> +++ b/hw/sd/sdhci-internal.h
>> @@ -43,6 +43,7 @@
>>  #define SDHC_TRNS_DMA  0x0001
>>  #define SDHC_TRNS_BLK_CNT_EN   0x0002
>>  #define SDHC_TRNS_ACMD12   0x0004
>> +#define SDHC_TRNS_ACMD23   0x0008 /* since v3 */
>>  #define SDHC_TRNS_READ 0x0010
>>  #define SDHC_TRNS_MULTI0x0020
>>  #define SDHC_TRNMOD_MASK   0x0037
>> @@ -183,12 +184,23 @@ FIELD(SDHC_ACMD12ERRSTS, TIMEOUT_ERR,  1, 1);
>>  FIELD(SDHC_ACMD12ERRSTS, CRC_ERR,  2, 1);
>>  FIELD(SDHC_ACMD12ERRSTS, INDEX_ERR,4, 1);
>>
>> +/* Host Control Register 2 (since v3) */
>> +#define SDHC_HOSTCTL2  0x3E
>
> Why not use the REG() macro here?

Because this is a 16-bit register, and I don't want to confuse with REG32()

Although the A_ address is correct, the R_ index only works if all
REG() are from the same size.

We should add some alignment check, I was thinking about using
_Static_assert() in the macros.

>
> Besides that the patch looks good.
>
> Reviewed-by: Alistair Francis 

Thanks!

>
> Alistair
>
>
>> +FIELD(SDHC_HOSTCTL2, UHS_MODE_SEL, 0, 3);
>> +FIELD(SDHC_HOSTCTL2, V18_ENA,  3, 1); /* UHS-I only */
>> +FIELD(SDHC_HOSTCTL2, DRIVER_STRENGTH,  4, 2); /* UHS-I only */
>> +FIELD(SDHC_HOSTCTL2, EXECUTE_TUNING,   6, 1); /* UHS-I only */
>> +FIELD(SDHC_HOSTCTL2, SAMPLING_CLKSEL,  7, 1); /* UHS-I only */
>> +FIELD(SDHC_HOSTCTL2, ASYNC_INT,   14, 1);
>> +FIELD(SDHC_HOSTCTL2, PRESET_ENA,  15, 1);
>> +
>>  /* HWInit Capabilities Register 0x05E80080 */
>>  #define SDHC_CAPAB 0x40
>>  FIELD(SDHC_CAPAB, TOCLKFREQ,   0, 6);
>>  FIELD(SDHC_CAPAB, TOUNIT,  7, 1);
>>  FIELD(SDHC_CAPAB, BASECLKFREQ, 8, 8);
>>  FIELD(SDHC_CAPAB, MAXBLOCKLENGTH, 16, 2);
>> +FIELD(SDHC_CAPAB, EMBEDDED_8BIT,  18, 1); /* since v3 */
>>  FIELD(SDHC_CAPAB, ADMA2,  19, 1); /* since v2 */
>>  FIELD(SDHC_CAPAB, ADMA1,  20, 1); /* v1 only? */
>>  FIELD(SDHC_CAPAB, HIGHSPEED,  21, 1);
>> @@ -198,6 +210,15 @@ FIELD(SDHC_CAPAB, V33,24, 1);
>>  FIELD(SDHC_CAPAB, V30,25, 1);
>>  FIELD(SDHC_CAPAB, V18,26, 1);
>>  FIELD(SDHC_CAPAB, BUS64BIT,   28, 1); /* since v2 */
>> +FIELD(SDHC_CAPAB, ASYNC_INT,  29, 1); /* since v3 */
>> +FIELD(SDHC_CAPAB, SLOT_TYPE,  30, 2); /* since v3 */
>> +FIELD(SDHC_CAPAB, BUS_SPEED,  32, 3); /* since v3 */
>> +FIELD(SDHC_CAPAB, DRIVER_STRENGTH,36, 3); /* since v3 */
>> +FIELD(SDHC_CAPAB, DRIVER_TYPE_A,  36, 1); /* since v3 */
>> +FIELD(SDHC_CAPAB, DRIVER_TYPE_C,  37, 1); /* since v3 */
>> +FIELD(SDHC_CAPAB, DRIVER_TYPE_D,  38, 1); /* since v3 */
>> +FIELD(SDHC_CAPAB, TIMER_RETUNNING,40, 4); /* since v3 */
>> +FIELD(SDHC_CAPAB, SDR50_TUNNING,  45, 1); /* since v3 */
>>
>>  /* HWInit Maximum Current Capabilities Register 0x0 */
>>  #define SDHC_MAXCURR   0x48
>> diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
>> index 26b50583af..f45e911065 100644
>> --- a/include/hw/sd/sdhci.h
>> +++ b/include/hw/sd/sdhci.h
>> @@ -104,6 +104,8 @@ typedef struct SDHCIState {
>>  /* v2 */
>>  bool adma1, adma2;
>>  bool bus64;
>> +/* v3 */
>> +uint8_t slot_type, sdr, strength;
>>  } cap;
>>  } SDHCIState;
>>
>> diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
>> index ab4ffeca1d..773eb68fd6 100644
>> --- a/hw/sd/sdhci.c
>> +++ b/hw/sd/sdhci.c
>> @@ -63,6 +63,18 @@ static void sdhci_init_capareg(SDHCIState *s, Error 
>> **errp)
>>  uint32_t val;
>>
>>  switch (s->spec_version) {
>> +case 3:
>> +val = FIELD_EX64(capareg, SDHC_CAPAB, SLOT_TYPE);
>> +if (val) {
>> +error_setg(errp, "slot-type not supported");
>> +return;
>> +}
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, SLOT_TYPE, val);
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, BUS_SPEED, s->cap.sdr);
>> +capareg = FIELD_DP64(capareg, SDHC_CAPAB, DRIVER_STRENGTH,
>> + s->cap.strength);
>> +
>> +/* fallback */
>>  case 2: /* default version */
>>  capareg = FIELD_DP64(capareg, SDHC_CAPAB, ADMA1, s->cap.adma1);
>>  capareg = FIELD_DP64(capareg, SDHC_CAPAB, ADMA2, s->cap.adma2);
>> @@ -1169,8 +1181,11 @@ static inline

[Qemu-devel] [PATCH qemu] configure: Allow capstone=git only if git update is not disabled

Even with --disable-git-update, ./configure tries updating the capstone
submodule instead of marking it "no"; this disables capstone submodule
if git update is disabled.

Signed-off-by: Alexey Kardashevskiy 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 89bd662..92c21b3 100755
--- a/configure
+++ b/configure
@@ -4502,7 +4502,7 @@ case "$capstone" in
   "" | yes)
 if $pkg_config capstone; then
   capstone=system
-elif test -e "${source_path}/.git" ; then
+elif test -e "${source_path}/.git" -a $git_update = 'yes' ; then
   capstone=git
 elif test -e "${source_path}/capstone/Makefile" ; then
   capstone=internal
-- 
2.11.0

Re: [Qemu-devel] [Qemu-arm] [PATCH] hw/intc/armv7m: Support byte and halfword accesses to CFSR

Hi Peter,

On 12/08/2017 11:12 AM, Peter Maydell wrote:
> The Configurable Fault Status Register for ARMv7M and v8M is
> supposed to be byte and halfword accessible, but we were only

"aligned halfword"

> implementing word accesses. Add support for the other access
> sizes, which are used by the Zephyr RTOS.
> 
> Signed-off-by: Peter Maydell 
> Reported-by: Andy Gross 
> ---
>  hw/intc/armv7m_nvic.c | 38 ++
>  1 file changed, 22 insertions(+), 16 deletions(-)
> 
> diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
> index 5d9c883..dc8e2f1 100644
> --- a/hw/intc/armv7m_nvic.c
> +++ b/hw/intc/armv7m_nvic.c
> @@ -896,13 +896,6 @@ static uint32_t nvic_readl(NVICState *s, uint32_t 
> offset, MemTxAttrs attrs)
>  val |= (1 << 8);
>  }
>  return val;
> -case 0xd28: /* Configurable Fault Status.  */
> -/* The BFSR bits [15:8] are shared between security states
> - * and we store them in the NS copy
> - */
> -val = cpu->env.v7m.cfsr[attrs.secure];
> -val |= cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
> -return val;
>  case 0xd2c: /* Hard Fault Status.  */
>  return cpu->env.v7m.hfsr;
>  case 0xd30: /* Debug Fault Status.  */
> @@ -1280,15 +1273,6 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
> uint32_t value,
>  s->vectors[ARMV7M_EXCP_DEBUG].active = (value & (1 << 8)) != 0;
>  nvic_irq_update(s);
>  break;
> -case 0xd28: /* Configurable Fault Status.  */
> -cpu->env.v7m.cfsr[attrs.secure] &= ~value; /* W1C */
> -if (attrs.secure) {
> -/* The BFSR bits [15:8] are shared between security states
> - * and we store them in the NS copy.
> - */
> -cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
> -}
> -break;
>  case 0xd2c: /* Hard Fault Status.  */
>  cpu->env.v7m.hfsr &= ~value; /* W1C */
>  break;
> @@ -1667,6 +1651,14 @@ static MemTxResult nvic_sysreg_read(void *opaque, 
> hwaddr addr,
>  val = deposit32(val, i * 8, 8, get_prio(s, hdlidx, sbank));
>  }
>  break;
> +case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
> +/* The BFSR bits [15:8] are shared between security states
> + * and we store them in the NS copy
> + */
> +val = s->cpu->env.v7m.cfsr[attrs.secure];
> +val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
> +val = extract32(val, (offset - 0xd28) * 8, size * 8);
> +break;

we have:

static const MemoryRegionOps nvic_sysreg_ops = {
.read_with_attrs = nvic_sysreg_read,
.write_with_attrs = nvic_sysreg_write,
.endianness = DEVICE_NATIVE_ENDIAN,
};

with:
/* If true, unaligned accesses are supported.  Otherwise unaligned
 * accesses throw machine checks.
 */
bool unaligned;

So unaligned halfword should throw excp.

We could add an explicit ".unaligned = false,"

>  case 0xfe0 ... 0xfff: /* ID.  */
>  if (offset & 3) {
>  val = 0;
> @@ -1765,6 +1757,20 @@ static MemTxResult nvic_sysreg_write(void *opaque, 
> hwaddr addr,
>  }
>  nvic_irq_update(s);
>  return MEMTX_OK;
> +case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
> +/* All bits are W1C, so construct 32 bit value with 0s in
> + * the parts not written by the access size
> + */

This comment is welcomed :)

> +value <<= ((offset - 0xd28) * 8);
> +
> +s->cpu->env.v7m.cfsr[attrs.secure] &= ~value;
> +if (attrs.secure) {
> +/* The BFSR bits [15:8] are shared between security states
> + * and we store them in the NS copy.
> + */
> +s->cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & 
> R_V7M_CFSR_BFSR_MASK);
> +}
> +return MEMTX_OK;
>  }
>  if (size == 4) {
>  nvic_writel(s, offset, value, attrs);

Reviewed-by: Philippe Mathieu-Daudé 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 3/3] qdev: use device_class_set_parent_realize/unrealize/reset()

On Sat, Jan 13, 2018 at 11:04:12PM -0300, Philippe Mathieu-Daudé wrote:
1;5002;0c> changes generated using the following Coccinelle patch:
> 
>   @@
>   type DeviceParentClass;
>   DeviceParentClass *pc;
>   DeviceClass *dc;
>   identifier parent_fn;
>   identifier child_fn;
>   @@
>   (
>   +device_class_set_parent_realize(dc, child_fn, >parent_fn);
>   -pc->parent_fn = dc->realize;
>   ...
>   -dc->realize = child_fn;
>   |
>   +device_class_set_parent_unrealize(dc, child_fn, >parent_fn);
>   -pc->parent_fn = dc->unrealize;
>   ...
>   -dc->unrealize = child_fn;
>   |
>   +device_class_set_parent_reset(dc, child_fn, >parent_fn);
>   -pc->parent_fn = dc->reset;
>   ...
>   -dc->reset = child_fn;
>   )
> 
> Signed-off-by: Philippe Mathieu-Daudé 

PPC parts

Acked-by: David Gibson 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [QEMU-PPC] [PATCH V2 2/3] hw/spapr/spapr_caps: Add new caps safe_[cache/bounds_check/indirect_branch]

This patch adds three new capabilities:
cap-cfpc -> safe_cache
cap-sbbc -> safe_bounds_check
cap-ibs  -> safe_indirect_branch

Each capability is tristate with the possible values "broken",
"workaround" or "fixed". Add generic getter and setter functions for
this new capability type. Add these new capabilities to the capabilities
list. The maximum value for the capabilities is queried from kvm through
new kvm capabilities. The requested values are considered to be
compatible if kvm can support an equal or higher value for each
capability.

Note: For TCG we only allow broken for each of these until we decide on
  a mitigation technique.

---

V1 -> V2:
- No need to ensure kvm_vm_check_extension has positive return value as
  it checks itself.
---
 hw/ppc/spapr.c|   6 ++
 hw/ppc/spapr_caps.c   | 181 ++
 include/hw/ppc/spapr.h|  15 +++-
 linux-headers/linux/kvm.h |   3 +
 target/ppc/kvm.c  |  23 ++
 target/ppc/kvm_ppc.h  |  18 +
 6 files changed, 245 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3e528fe91e..269c1c7857 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1791,6 +1791,9 @@ static const VMStateDescription vmstate_spapr = {
 _spapr_cap_htm,
 _spapr_cap_vsx,
 _spapr_cap_dfp,
+_spapr_cap_cfpc,
+_spapr_cap_sbbc,
+_spapr_cap_ibs,
 NULL
 }
 };
@@ -3863,6 +3866,9 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
 smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
+smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
+smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
+smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
 spapr_caps_add_properties(smc, _abort);
 }
 
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index f95a78547d..1c0c2c8253 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -74,6 +74,66 @@ static void spapr_cap_set_bool(Object *obj, Visitor *v, 
const char *name,
 spapr->eff.caps[cap->index] = value ? SPAPR_CAP_ON : SPAPR_CAP_OFF;
 }
 
+static void spapr_cap_get_tristate(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+char *val = NULL;
+uint8_t value = spapr_get_cap(spapr, cap->index);
+
+switch (value) {
+case SPAPR_CAP_BROKEN:
+val = g_strdup("broken");
+break;
+case SPAPR_CAP_WORKAROUND:
+val = g_strdup("workaround");
+break;
+case SPAPR_CAP_FIXED:
+val = g_strdup("fixed");
+break;
+default:
+error_setg(errp, "Invalid value (%d) for cap-%s", value, cap->name);
+return;
+}
+
+visit_type_str(v, name, , errp);
+g_free(val);
+}
+
+static void spapr_cap_set_tristate(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+char *val;
+Error *local_err = NULL;
+uint8_t value;
+
+visit_type_str(v, name, , _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+if (!strcasecmp(val, "broken")) {
+value = SPAPR_CAP_BROKEN;
+} else if (!strcasecmp(val, "workaround")) {
+value = SPAPR_CAP_WORKAROUND;
+} else if (!strcasecmp(val, "fixed")) {
+value = SPAPR_CAP_FIXED;
+} else {
+error_setg(errp, "Invalid capability mode \"%s\" for cap-%s", val,
+   cap->name);
+goto out;
+}
+
+spapr->cmd_line_caps[cap->index] = true;
+spapr->eff.caps[cap->index] = value;
+out:
+g_free(val);
+}
+
 static void cap_htm_apply(sPAPRMachineState *spapr, uint8_t val, Error **errp)
 {
 if (!val) {
@@ -121,6 +181,40 @@ static void cap_dfp_apply(sPAPRMachineState *spapr, 
uint8_t val, Error **errp)
 }
 }
 
+static void cap_safe_cache_apply(sPAPRMachineState *spapr, uint8_t val,
+ Error **errp)
+{
+if (tcg_enabled() && val) {
+/* TODO - for now only allow broken for TCG */
+error_setg(errp, "Requested safe cache capability level not supported 
by tcg, try a different value for cap-cfpc");
+} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_cache())) {
+error_setg(errp, "Requested safe cache capability level not supported 
by kvm, try a different value for cap-cfpc");
+}
+}
+
+static void cap_safe_bounds_check_apply(sPAPRMachineState *spapr, uint8_t val,
+Error **errp)
+{
+if (tcg_enabled() && val) {
+/* TODO - for now only allow broken for TCG */
+error_setg(errp,

[Qemu-devel] [PATCH] xilinx_spips: Correct usage of an uninitialized local variable

2018-01-14 Thread Francisco Iglesias

Coverity found that the variable tx_rx in the function
xilinx_spips_flush_txfifo was being used uninitialized (CID 1383841). This
patch corrects this by always initializing tx_rx to zeros.

Signed-off-by: Francisco Iglesias 
---
 hw/ssi/xilinx_spips.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index d8187fa..77e1bbe 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -210,6 +210,8 @@
 #define SNOOP_NONE 0xEE
 #define SNOOP_STRIPING 0
 
+#define MAX_NUM_EFFECTIVE_BUSSES 2
+
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
 return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
@@ -573,7 +575,7 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
 for (;;) {
 int i;
 uint8_t tx = 0;
-uint8_t tx_rx[num_effective_busses(s)];
+uint8_t tx_rx[MAX_NUM_EFFECTIVE_BUSSES] = { 0 };
 uint8_t dummy_cycles = 0;
 uint8_t addr_length;
 
-- 
2.9.3

Re: [Qemu-devel] [Bug 1743214] [NEW] OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread BALATON Zoltan


On Sun, 14 Jan 2018, Stefan Weil wrote:

Zoltan, did you run the test with KVM enabled?

I‌ get a crash when I run the image with latest QEMU on Linux with TCG.


No, I've used the same command as in the bug report. Now I've retried with 
explicit -M pc,accel=tcg and -M pc,accel=kvm and it boots without problem 
for me both ways on Linux. If it crashes for you maybe you could try 
bisecting, that's what I was trying to do to help but I can't reproduce 
it.


Regards,
BALATON Zoltan

[Qemu-devel] QEMU with Spice/GL breaks on nvidia

2018-01-14 Thread Jeff Cook

Please see discussion at https://github.com/anholt/libepoxy/issues/148
regarding a recent breakage between QEMU and the nvidia driver.
The gist seems to be that commit
86c0522c63e84ee9a98b9cd9cf6588faba1bac23 introduces mechanisms that
check for EGL extensions at build time instead of runtime. nvidia does
not provide the requested extension, resulting in a crash when the Spice
window is loaded.
Thanks
Jeff

[Qemu-devel] [Bug 1654137] Re: Ctrl-A b not working in 2.8.0

2018-01-14 Thread Paul Goyette

This bug is no longer fixed.  See also bug #1743191

** Changed in: qemu
   Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1654137

Title:
  Ctrl-A b not working in 2.8.0

Status in QEMU:
  In Progress

Bug description:
  With a recent update from 2.7.0 to 2.8.0 I have discovered that I can
  no longer send a "break" to the VM.  Ctrl-A b is simply ignored.
  Other Ctrl-A sequences seem to work correctly.

  This is on a NetBSD amd64 system, version 7.99.53, and qemu was
  installed on this system from source.

  Reverting to the previous install restores "break" capability.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1654137/+subscriptions

Re: [Qemu-devel] [Bug 1743214] [NEW] OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread Stefan Weil

Am 14.01.2018 um 14:24 schrieb BALATON Zoltan:
> On Sun, 14 Jan 2018, MVoloshin wrote:
>> Hello, I used to run OS/2 Warp 3 on QEMU with the following command
>> line: qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img
>> -boot c. It runs OK on QEMU 2.10, but immediately gives TRAP 0006
>> (invalid opcode?) on QEMU 2.11 (see screenshot).
>>
>> If it is important I have Fixpack 40 and GRADD installed in OS/2.
>> Here is the image:
>> https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5
> 
> This image boots for me without problem with latest version from git so
> either it's already fixed or the problem is elsewhere. Can you try
> latest git version? If it still does not work with that maybe you need
> to provide more details, like configure options or what host arch/OS are
> you on.


Zoltan, did you run the test with KVM enabled?

I‌ get a crash when I run the image with latest QEMU on Linux with TCG.

Stefan

[Qemu-devel] [PATCH V4 7/7] CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation added.

From: Deniz Eren 

Signed-off-by: Deniz Eren 
Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs  |   1 +
 hw/can/can_mioe3680_pci.c | 336 ++
 2 files changed, 337 insertions(+)
 create mode 100644 hw/can/can_mioe3680_pci.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 6a328f0c3a..8fcc455800 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -10,4 +10,5 @@ endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
 common-obj-$(CONFIG_CAN_PCI) += can_pcm3680_pci.o
+common-obj-$(CONFIG_CAN_PCI) += can_mioe3680_pci.o
 endif
diff --git a/hw/can/can_mioe3680_pci.c b/hw/can/can_mioe3680_pci.c
new file mode 100644
index 00..7e761a838a
--- /dev/null
+++ b/hw/can/can_mioe3680_pci.c
@@ -0,0 +1,336 @@
+/*
+ * MIOe-3680 PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2016 Deniz Eren (deniz.e...@icloud.com)
+ *
+ * Based on Kvaser PCI CAN device (SJA1000 based) emulation implemented by
+ * Jin Yang and Pavel Pisa
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "mioe3680_pci"
+
+#define MIOe3680_PCI_DEV(obj) \
+OBJECT_CHECK(Mioe3680PCIState, (obj), TYPE_CAN_PCI_DEV)
+
+/* the PCI device and vendor IDs */
+#ifndef MIOe3680_PCI_VENDOR_ID1
+#define MIOe3680_PCI_VENDOR_ID1 0x13fe
+#endif
+
+#ifndef MIOe3680_PCI_DEVICE_ID1
+#define MIOe3680_PCI_DEVICE_ID1 0xc302
+#endif
+
+#define MIOe3680_PCI_SJA_RANGE 0x800
+
+#define MIOe3680_PCI_BYTES_PER_SJA 0x80
+
+typedef struct Mioe3680PCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegionsja_io[2];
+
+CanSJA1000State sja_state[2];
+qemu_irqirq;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus[2];
+char*host[2];
+} Mioe3680PCIState;
+
+static void mioe3680_pci_irq_raise(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+
+qemu_irq_raise(d->irq);
+}
+
+static void mioe3680_pci_irq_lower(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+
+qemu_irq_lower(d->irq);
+}
+
+static void
+mioe3680_pci_reset(void *opaque)
+{
+Mioe3680PCIState *d = (Mioe3680PCIState *)opaque;
+CanSJA1000State *s1 = >sja_state[0];
+CanSJA1000State *s2 = >sja_state[1];
+
+can_sja_hardware_reset(s1);
+can_sja_hardware_reset(s2);
+}
+
+static uint64_t mioe3680_pci_sja1_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr >> 2, size);
+}
+
+static void mioe3680_pci_sja1_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return;
+}
+
+can_sja_mem_write(s, addr >> 2, data, size);
+}
+
+static uint64_t mioe3680_pci_sja2_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Mioe3680PCIState *d = opaque;
+CanSJA1000State *s = >sja_state[1];
+
+if (addr >= MIOe3680_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr >> 2, size);
+}
+
+static void mioe3680_pci_sja2_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned

[Qemu-devel] [PATCH V4 5/7] QEMU CAN bus emulation documentation

From: Pavel Pisa 

Signed-off-by: Pavel Pisa 
---
 docs/can.txt | 78 
 1 file changed, 78 insertions(+)
 create mode 100644 docs/can.txt

diff --git a/docs/can.txt b/docs/can.txt
new file mode 100644
index 00..ac3170e947
--- /dev/null
+++ b/docs/can.txt
@@ -0,0 +1,78 @@
+QEMU CAN bus emulation support
+==
+
+The CAN bus emulation provides mechanism to connect multiple
+emulated CAN controller chips together by one or multiple CAN busses
+(the controller device "canbus"  parameter). The individual busses
+can be connected to host system CAN API (at this time only Linux
+SocketCAN is supported).
+
+The concept of busses is generic and different CAN controllers
+can be implemented for it but at this time only SJA1000 chip
+controller is implemented.
+
+The PCI addon card hardware has been selected as the first CAN
+interface to implement because such device can be easily connected
+to systems with different CPU architectures (x86, PowerPC, ARM, etc.).
+
+The project has been initially started in frame of RTEMS GSoC 2013
+slot by Jin Yang under our mentoring  The initial idea was to provide generic
+CAN subsystem for RTEMS. But lack of common environment for code and RTEMS
+testing lead to goal change to provide environment which provides complete
+emulated environment for testing and RTEMS GSoC slot has been donated
+to work on CAN hardware emulation on QEMU.
+
+Examples how to use CAN emulation
+=
+
+When QEMU with CAN PCI support is compiled then one of the next
+CAN boards can be selected
+
+ (1) CAN bus Kvaser PCI CAN-S (single SJA1000 channel) boad. QEMU startup 
options
+-device kvaser_pci,canbus=canbus0
+Add "host" parameter to connect device to host system CAN bus
+-device kvaser_pci,canbus=canbus0,host=can0
+
+ (2) CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation
+-device pcm3680_pci,canbus=canbus0,host=can0
+
+ (3) CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation
+-device mioe3680_pci,canbus=canbus0,host=can0
+
+
+The ''kvaser_pci'' board/device model is compatible with and has been tested 
with
+''kvaser_pci'' driver included in mainline Linux kernel.
+The tested setup was Linux 4.9 kernel on the host and guest side.
+
+Next parameters has been used for qemu-system-x86_64
+
+qemu-system-x86_64 -enable-kvm -kernel /boot/vmlinuz-4.9.0-4-amd64 \
+  -initrd ramdisk.cpio \
+  -virtfs local,path=shareddir,security_model=none,mount_tag=shareddir \
+  -vga cirrus \
+  -device kvaser_pci,canbus=canbus0,host=can0 \
+  -nographic -append "console=ttyS0"
+
+The list of parameters for qemu-system-arm
+
+qemu-system-arm -cpu arm1176 -m 256 -M versatilepb \
+  -kernel kernel-qemu-arm1176-versatilepb \
+  -hda rpi-wheezy-overlay \
+  -append "console=ttyAMA0 root=/dev/sda2 ro init=/sbin/init-overlay" \
+  -nographic \
+  -virtfs local,path=shareddir,security_model=none,mount_tag=shareddir \
+  -device kvaser_pci,canbus=canbus0,host=can0 \
+
+Links to other resources
+
+
+ (1) Repository with development branch can-pci at Czech Technical University
+ https://gitlab.fel.cvut.cz/canbus/qemu-canbus
+ (2) GitHub repository with can-pci and our other changes included
+ https://gitlab.fel.cvut.cz/canbus/qemu-canbus
+ (3) RTEMS page describing project
+ https://devel.rtems.org/wiki/Developer/Simulators/QEMU/CANEmulation
+ (4) RTLWS 2015 article about the projevt and its use with CANopen emulation
+ http://rtime.felk.cvut.cz/publications/public/rtlws2015-qemu-can.pdf
+ Slides
+ 
http://rtime.felk.cvut.cz/publications/public/rtlws2015-qemu-can-slides.pdf
-- 
2.11.0

[Qemu-devel] [PATCH V4 4/7] CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.

From: Pavel Pisa 

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |   1 +
 hw/can/Makefile.objs|   1 +
 hw/can/can_kvaser_pci.c | 375 
 3 files changed, 377 insertions(+)
 create mode 100644 hw/can/can_kvaser_pci.c

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 979b649fe5..72c0802ced 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -33,6 +33,7 @@ CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
 CONFIG_CAN_CORE=y
 CONFIG_CAN_SJA1000=y
+CONFIG_CAN_PCI=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 3c4bf3bfc1..c9d07b9b16 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -8,4 +8,5 @@ else
 common-obj-y += can_host_stub.o
 endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
+common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
 endif
diff --git a/hw/can/can_kvaser_pci.c b/hw/can/can_kvaser_pci.c
new file mode 100644
index 00..7e3f28d83c
--- /dev/null
+++ b/hw/can/can_kvaser_pci.c
@@ -0,0 +1,375 @@
+/*
+ * Kvaser PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Partially based on educational PCIexpress APOHW hardware
+ * emulator used fro class A0B36APO at CTU FEE course by
+ *Rostislav Lisovy and Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "kvaser_pci"
+
+#define KVASER_PCI_DEV(obj) \
+OBJECT_CHECK(KvaserPCIState, (obj), TYPE_CAN_PCI_DEV)
+
+#ifndef KVASER_PCI_VENDOR_ID1
+#define KVASER_PCI_VENDOR_ID1 0x10e8/* the PCI device and vendor IDs */
+#endif
+
+#ifndef KVASER_PCI_DEVICE_ID1
+#define KVASER_PCI_DEVICE_ID1 0x8406
+#endif
+
+#define KVASER_PCI_S5920_RANGE0x80
+#define KVASER_PCI_SJA_RANGE  0x80
+#define KVASER_PCI_XILINX_RANGE   0x8
+
+#define KVASER_PCI_BYTES_PER_SJA  0x20
+
+#define S5920_OMB 0x0C
+#define S5920_IMB 0x1C
+#define S5920_MBEF0x34
+#define S5920_INTCSR  0x38
+#define S5920_RCR 0x3C
+#define S5920_PTCR0x60
+
+#define S5920_INTCSR_ADDON_INTENABLE_M0x2000
+#define S5920_INTCSR_INTERRUPT_ASSERTED_M 0x80
+
+#define KVASER_PCI_XILINX_VERINT  7   /* Lower nibble simulate interrupts,
+ high nibble version number. */
+
+#define KVASER_PCI_XILINX_VERSION_NUMBER 13
+
+typedef struct KvaserPCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegions5920_io;
+MemoryRegionsja_io;
+MemoryRegionxilinx_io;
+
+CanSJA1000State sja_state;
+qemu_irqirq;
+
+uint32_ts5920_intcsr;
+uint32_ts5920_irqstate;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus;
+char*host;
+} KvaserPCIState;
+
+static void kvaser_pci_irq_raise(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+d->s5920_irqstate = 1;
+
+if (d->s5920_intcsr & S5920_INTCSR_ADDON_INTENABLE_M) {
+qemu_irq_raise(d->irq);
+}
+}
+
+static void kvaser_pci_irq_lower(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+d->s5920_irqstate = 0;
+qemu_irq_lower(d->irq);
+}
+
+static void
+kvaser_pci_reset(void *opaque)
+{
+KvaserPCIState *d = (KvaserPCIState *)opaque;
+CanSJA1000State *s = >sja_state;
+
+

[Qemu-devel] [PATCH V4 6/7] CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.

From: Deniz Eren 

Signed-off-by: Deniz Eren 
Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs |   1 +
 hw/can/can_pcm3680_pci.c | 336 +++
 2 files changed, 337 insertions(+)
 create mode 100644 hw/can/can_pcm3680_pci.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index c9d07b9b16..6a328f0c3a 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -9,4 +9,5 @@ common-obj-y += can_host_stub.o
 endif
 common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 common-obj-$(CONFIG_CAN_PCI) += can_kvaser_pci.o
+common-obj-$(CONFIG_CAN_PCI) += can_pcm3680_pci.o
 endif
diff --git a/hw/can/can_pcm3680_pci.c b/hw/can/can_pcm3680_pci.c
new file mode 100644
index 00..e85b61849a
--- /dev/null
+++ b/hw/can/can_pcm3680_pci.c
@@ -0,0 +1,336 @@
+/*
+ * PCM-3680i PCI CAN device (SJA1000 based) emulation
+ *
+ * Copyright (c) 2016 Deniz Eren (deniz.e...@icloud.com)
+ *
+ * Based on Kvaser PCI CAN device (SJA1000 based) emulation implemented by
+ * Jin Yang and Pavel Pisa
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#define TYPE_CAN_PCI_DEV "pcm3680_pci"
+
+#define PCM3680i_PCI_DEV(obj) \
+OBJECT_CHECK(Pcm3680iPCIState, (obj), TYPE_CAN_PCI_DEV)
+
+/* the PCI device and vendor IDs */
+#ifndef PCM3680i_PCI_VENDOR_ID1
+#define PCM3680i_PCI_VENDOR_ID1 0x13fe
+#endif
+
+#ifndef PCM3680i_PCI_DEVICE_ID1
+#define PCM3680i_PCI_DEVICE_ID1 0xc002
+#endif
+
+#define PCM3680i_PCI_SJA_RANGE 0x200
+
+#define PCM3680i_PCI_BYTES_PER_SJA 0x20
+
+typedef struct Pcm3680iPCIState {
+/*< private >*/
+PCIDevice   dev;
+/*< public >*/
+MemoryRegionsja_io[2];
+
+CanSJA1000State sja_state[2];
+qemu_irqirq;
+
+char*model; /* The model that support, only SJA1000 now. */
+char*canbus[2];
+char*host[2];
+} Pcm3680iPCIState;
+
+static void pcm3680i_pci_irq_raise(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+
+qemu_irq_raise(d->irq);
+}
+
+static void pcm3680i_pci_irq_lower(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+
+qemu_irq_lower(d->irq);
+}
+
+static void
+pcm3680i_pci_reset(void *opaque)
+{
+Pcm3680iPCIState *d = (Pcm3680iPCIState *)opaque;
+CanSJA1000State *s1 = >sja_state[0];
+CanSJA1000State *s2 = >sja_state[1];
+
+can_sja_hardware_reset(s1);
+can_sja_hardware_reset(s2);
+}
+
+static uint64_t pcm3680i_pci_sja1_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr, size);
+}
+
+static void pcm3680i_pci_sja1_io_write(void *opaque, hwaddr addr,
+   uint64_t data, unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[0];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return;
+}
+
+can_sja_mem_write(s, addr, data, size);
+}
+
+static uint64_t pcm3680i_pci_sja2_io_read(void *opaque, hwaddr addr,
+  unsigned size)
+{
+Pcm3680iPCIState *d = opaque;
+CanSJA1000State *s = >sja_state[1];
+
+if (addr >= PCM3680i_PCI_BYTES_PER_SJA) {
+return 0;
+}
+
+return can_sja_mem_read(s, addr, size);
+}
+
+static void pcm3680i_pci_sja2_io_write(void *opaque, hwaddr addr, uint64_t 
data,
+ unsigned size)
+{
+Pcm3680iPCIState *d

[Qemu-devel] [PATCH V4 2/7] CAN bus support to connect bust to Linux host SocketCAN interface.

From: Pavel Pisa 

Connection to the real host CAN bus network through
SocketCAN network interface is available only for Linux
host system. Mechanism is generic, support for another
CAN API and operating systems can be implemented in future.

Signed-off-by: Pavel Pisa 
---
 hw/can/Makefile.objs   |   4 +
 hw/can/can_socketcan.c | 314 +
 2 files changed, 318 insertions(+)
 create mode 100644 hw/can/can_socketcan.c

diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index 1028d7c455..f999085f7a 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -2,5 +2,9 @@
 
 ifeq ($(CONFIG_CAN_CORE),y)
 common-obj-y += can_core.o
+ifeq ($(CONFIG_LINUX),y)
+common-obj-y += can_socketcan.o
+else
 common-obj-y += can_host_stub.o
 endif
+endif
diff --git a/hw/can/can_socketcan.c b/hw/can/can_socketcan.c
new file mode 100644
index 00..f6df747c5a
--- /dev/null
+++ b/hw/can/can_socketcan.c
@@ -0,0 +1,314 @@
+/*
+ * CAN socketcan support to connect to the Linux host SocketCAN interfaces
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qemu/error-report.h"
+#include "chardev/char.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+#include 
+#include 
+#include 
+#include 
+
+#ifndef DEBUG_CAN
+#define DEBUG_CAN 0
+#endif /*DEBUG_CAN*/
+
+#define CAN_READ_BUF_LEN  5
+typedef struct {
+CanBusClientState  bus_client;
+qemu_can_filter*rfilter;
+intrfilter_num;
+can_err_mask_t err_mask;
+
+qemu_can_frame buf[CAN_READ_BUF_LEN];
+intbufcnt;
+intbufptr;
+
+intfd;
+} CanBusSocketcanConnectState;
+
+static void can_bus_socketcan_display_msg(struct qemu_can_frame *msg)
+{
+int i;
+
+/* Check that QEMU and Linux kernel flags encoding matches */
+assert(QEMU_CAN_EFF_FLAG == CAN_EFF_FLAG);
+assert(QEMU_CAN_RTR_FLAG == CAN_RTR_FLAG);
+assert(QEMU_CAN_ERR_FLAG == CAN_ERR_FLAG);
+
+assert(QEMU_CAN_INV_FILTER == CAN_INV_FILTER);
+
+assert(offsetof(qemu_can_frame, data) == offsetof(struct can_frame, data));
+
+qemu_log_lock();
+qemu_log("[cansocketcan]: %03X [%01d] %s %s",
+ msg->can_id & QEMU_CAN_EFF_MASK,
+ msg->can_dlc,
+ msg->can_id & QEMU_CAN_EFF_FLAG ? "EFF" : "SFF",
+ msg->can_id & QEMU_CAN_RTR_FLAG ? "RTR" : "DAT");
+
+for (i = 0; i < msg->can_dlc; i++) {
+qemu_log(" %02X", msg->data[i]);
+}
+qemu_log("\n");
+qemu_log_flush();
+qemu_log_unlock();
+}
+
+static void can_bus_socketcan_read(void *opaque)
+{
+CanBusSocketcanConnectState *c;
+c = (CanBusSocketcanConnectState *)opaque;
+
+
+
+/* CAN_READ_BUF_LEN for multiple messages syscall is possible for future */
+c->bufcnt = read(c->fd, c->buf, sizeof(qemu_can_frame));
+if (c->bufcnt < 0) {
+warn_report("CAN bus host read failed (%s)", strerror(errno));
+return;
+}
+
+can_bus_client_send(>bus_client, c->buf, 1);
+
+if (DEBUG_CAN) {
+can_bus_socketcan_display_msg(c->buf);
+}
+}
+
+static int can_bus_socketcan_can_receive(CanBusClientState *client)
+{
+CanBusSocketcanConnectState *c;
+c = container_of(client, CanBusSocketcanConnectState, bus_client);
+
+if (c->fd < 0) {
+return -1;
+}
+
+return 1;
+}
+
+static ssize_t can_bus_socketcan_receive(CanBusClientState *client,
+const qemu_can_frame *frames, size_t frames_cnt)
+{
+CanBusSocketcanConnectState *c;
+c = container_of(client, CanBusSocketcanConnectState, bus_client);
+size_t

[Qemu-devel] [PATCH V4 3/7] CAN bus SJA1000 chip register level emulation for QEMU

From: Pavel Pisa 

The core SJA1000 support is independent of following
patches which map SJA1000 chip to PCI boards.

The work is based on Jin Yang GSoC 2013 work funded
by Google and mentored in frame of RTEMS project GSoC
slot donated to QEMU.

Rewritten for QEMU-2.0+ versions and architecture cleanup
by Pavel Pisa (Czech Technical University in Prague).

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |1 +
 hw/can/Makefile.objs|1 +
 hw/can/can_sja1000.c| 1013 +++
 hw/can/can_sja1000.h|  167 
 4 files changed, 1182 insertions(+)
 create mode 100644 hw/can/can_sja1000.c
 create mode 100644 hw/can/can_sja1000.h

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index bbe11887a1..979b649fe5 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -32,6 +32,7 @@ CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
 CONFIG_CAN_CORE=y
+CONFIG_CAN_SJA1000=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
index f999085f7a..3c4bf3bfc1 100644
--- a/hw/can/Makefile.objs
+++ b/hw/can/Makefile.objs
@@ -7,4 +7,5 @@ common-obj-y += can_socketcan.o
 else
 common-obj-y += can_host_stub.o
 endif
+common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
 endif
diff --git a/hw/can/can_sja1000.c b/hw/can/can_sja1000.c
new file mode 100644
index 00..7f7a6ea244
--- /dev/null
+++ b/hw/can/can_sja1000.c
@@ -0,0 +1,1013 @@
+/*
+ * CAN device - SJA1000 chip emulation for QEMU
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "chardev/char.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+#include "can_sja1000.h"
+
+#ifndef DEBUG_FILTER
+#define DEBUG_FILTER 0
+#endif /*DEBUG_FILTER*/
+
+#ifndef DEBUG_CAN
+#define DEBUG_CAN 0
+#endif /*DEBUG_CAN*/
+
+#define DPRINTF(fmt, ...) \
+do { \
+if (DEBUG_CAN) { \
+qemu_log("[cansja]: " fmt , ## __VA_ARGS__); \
+} \
+} while (0)
+
+static void can_sja_software_reset(CanSJA1000State *s)
+{
+s->mode&= ~0x31;
+s->mode|= 0x01;
+s->status_pel  &= ~0x37;
+s->status_pel  |= 0x34;
+
+s->rxbuf_start = 0x00;
+s->rxmsg_cnt   = 0x00;
+s->rx_cnt  = 0x00;
+}
+
+void can_sja_hardware_reset(CanSJA1000State *s)
+{
+/* Reset by hardware, p10 */
+s->mode= 0x01;
+s->status_pel  = 0x3c;
+s->interrupt_pel = 0x00;
+s->clock   = 0x00;
+s->rxbuf_start = 0x00;
+s->rxmsg_cnt   = 0x00;
+s->rx_cnt  = 0x00;
+
+s->control = 0x01;
+s->status_bas  = 0x0c;
+s->interrupt_bas = 0x00;
+
+s->irq_lower(s->irq_opaque);
+}
+
+static
+void can_sja_single_filter(struct qemu_can_filter *filter,
+const uint8_t *acr,  const uint8_t *amr, int extended)
+{
+if (extended) {
+filter->can_id = (uint32_t)acr[0] << 21;
+filter->can_id |= (uint32_t)acr[1] << 13;
+filter->can_id |= (uint32_t)acr[2] << 5;
+filter->can_id |= (uint32_t)acr[3] >> 3;
+if (acr[3] & 4) {
+filter->can_id |= QEMU_CAN_RTR_FLAG;
+}
+
+filter->can_mask = (uint32_t)amr[0] << 21;
+filter->can_mask |= (uint32_t)amr[1] << 13;
+filter->can_mask |= (uint32_t)amr[2] << 5;
+filter->can_mask |= (uint32_t)amr[3] >> 3;
+filter->can_mask = ~filter->can_mask & QEMU_CAN_EFF_MASK;
+if (!(amr[3] & 4)) {
+filter->can_mask |= QEMU_CAN_RTR_FLAG;
+}
+} else {
+filter->can_id = (uint32_t)acr[0] << 3;
+filter->can_id |= (uint32_t)acr[1] >> 5;
+if (acr[1] & 0x10) {
+filter->can_id |=

[Qemu-devel] [PATCH V4 1/7] CAN bus simple messages transport implementation for QEMU

From: Pavel Pisa 

The CanBusState state structure is created for each
emulated CAN channel. Individual clients/emulated
CAN interfaces or host interface connection registers
to the bus by CanBusClientState structure.

The CAN core is prepared to support connection to the
real host CAN bus network. The commit with such support
for Linux SocketCAN follows.

Implementation is as simple as possible, no migration,
messages prioritization and queuing considered for now.
But it is intended to be extended when need arises.

Development repository and more documentation at

https://gitlab.fel.cvut.cz/canbus/qemu-canbus

The work is based on Jin Yang GSoC 2013 work funded
by Google and mentored in frame of RTEMS project GSoC
slot donated to QEMU.

Rewritten for QEMU-2.0+ versions and architecture cleanup
by Pavel Pisa (Czech Technical University in Prague).

Signed-off-by: Pavel Pisa 
---
 default-configs/pci.mak |   1 +
 hw/Makefile.objs|   1 +
 hw/can/Makefile.objs|   6 +++
 hw/can/can_core.c   | 136 
 hw/can/can_host_stub.c  |  36 +
 include/can/can_emu.h   | 131 ++
 6 files changed, 311 insertions(+)
 create mode 100644 hw/can/Makefile.objs
 create mode 100644 hw/can/can_core.c
 create mode 100644 hw/can/can_host_stub.c
 create mode 100644 include/can/can_emu.h

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index e514bdef42..bbe11887a1 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -31,6 +31,7 @@ CONFIG_ESP_PCI=y
 CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
 CONFIG_SERIAL_PCI=y
+CONFIG_CAN_CORE=y
 CONFIG_IPACK=y
 CONFIG_WDT_IB6300ESB=y
 CONFIG_PCI_TESTDEV=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index cf4cb2010b..9d84b8faaa 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -6,6 +6,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += block/
 devices-dirs-$(CONFIG_SOFTMMU) += bt/
 devices-dirs-$(CONFIG_SOFTMMU) += char/
 devices-dirs-$(CONFIG_SOFTMMU) += cpu/
+devices-dirs-$(CONFIG_SOFTMMU) += can/
 devices-dirs-$(CONFIG_SOFTMMU) += display/
 devices-dirs-$(CONFIG_SOFTMMU) += dma/
 devices-dirs-$(CONFIG_SOFTMMU) += gpio/
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
new file mode 100644
index 00..1028d7c455
--- /dev/null
+++ b/hw/can/Makefile.objs
@@ -0,0 +1,6 @@
+# CAN bus interfaces emulation and infrastructure
+
+ifeq ($(CONFIG_CAN_CORE),y)
+common-obj-y += can_core.o
+common-obj-y += can_host_stub.o
+endif
diff --git a/hw/can/can_core.c b/hw/can/can_core.c
new file mode 100644
index 00..41c458c792
--- /dev/null
+++ b/hw/can/can_core.c
@@ -0,0 +1,136 @@
+/*
+ * CAN common CAN bus emulation support
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014-2018 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "chardev/char.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+static QTAILQ_HEAD(, CanBusState) can_buses =
+QTAILQ_HEAD_INITIALIZER(can_buses);
+
+CanBusState *can_bus_find_by_name(const char *name, bool create_missing)
+{
+CanBusState *bus;
+
+if (name == NULL) {
+name = "canbus0";
+}
+
+QTAILQ_FOREACH(bus, _buses, next) {
+if (!strcmp(bus->name, name)) {
+return bus;
+}
+}
+
+if (!create_missing) {
+return 0;
+}
+
+bus = g_malloc0(sizeof(*bus));
+if (bus == NULL) {
+return NULL;
+}
+
+QTAILQ_INIT(>clients);
+
+bus->name = g_strdup(name);
+
+QTAILQ_INSERT_TAIL(_buses, bus, next);
+return bus;
+}
+
+int can_bus_insert_client(CanBusState *bus, CanBusClientState *client)
+{
+client->bus = bus;
+QTAILQ_INSERT_TAIL(>clients, client, next);
+

[Qemu-devel] [PATCH V4 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

From: Pavel Pisa 

Basic emulation of CAN bus controller and interconnection for QEMU.

Patches version 4:
Resolve comments longer than 80 characters to suppress
all warnings reported by scripts/checkpatch.pl.
Follow all suggestions from Frederic Konrad review.
Replace all printf and perror calls by QEMU equivalents.
Include Deniz Eren signed-off confimation.

Patches version 3:
Support to connect to host SocketCAN interface has been
separated from the core bus implementation. Only simple
statically initialize pointer to the connection function
is used, no QOM concept for now.
SJA1000 message filters redone and code unified where
possible.
Basic documentation added.
QEMU_ALIGNED used in definition of CAN frame structure,
structure and defines are separated from Linux/SocketCAN
API defined ones to allow to keep QEMU message format
independed from host system one. Check for correspondence
to socketcan defines added.

Patches version 2:
The bus emulation and the SJA1000 chip emulation introduced
by individual patches as suggested by Frederic Konrad.
Simple example board to test SJA1000 as single memory-mapped BAR
has been omitted in a new series because emulation of real
existing boards can provide same functions now.
Conditionalized debug printfs changed to be exposed to compiler
syntax check as suggested in review.

The work has been started by Jin Yang in the frame of GSoC 2013 slot
contributed by RTEMS project which has been looking for environment
to allow develop and test CAN drivers for multiple CPU architectures.

I have menthored the project and then done substantial code cleanup
and update to QOM. Deniz Eren then used emulation for SJA1000 base card
driver development for other operating system and contributed
PCM-3680I and MIOe-3680 support.

Some page about the project

  https://gitlab.fel.cvut.cz/canbus/qemu-canbus/wikis/home

FEE CTU GitLab repository with can-pci branch for 2.3, 2.4, 2.7, 2.8, 2.10
and 2.11 QEMU version is available in the repository

  https://gitlab.fel.cvut.cz/canbus/qemu-canbus/tree/can-pci

mirror at GitHub

  https://github.com/CTU-IIG/qemu

There are many areas for improvement and extension of the code still
(for example freeze and migration is not implemented. CAN controllers
use proper QOM model but bus/interconnection emulation uses simple broadcast
connection which is required for CAN, but it is not based on QEMU bus model).
I have tried to look into QEMU VLANs implementation but it
does not map straightforward to CAN and I would need some help/opinion
from more advanced developers to decide what is their right
mapping to CAN.

CAN-FD support would be interesting requires other developers/
companies contributions or setup of some project to allow invite
some students and colleagues from my university into project.

But I believe that (even in its actual state) provided solution
is great help for embedded systems developers when they can connect
SocketCAN from one or more embedded systems running in virtual
environment together or with Linux host SocketCAN virtual
or real bus interfaces.

We have even tested our generic CANopen device configured
for CANopen 401 profile for generic I/O running in the virtual
system which can control GPIO inputs/outputs through virtual
industrial I/O card.

Generally QEMU can be interesting setup which allows
to test complete industrial and automotive applications
in virtual environment even before real hardware is availabe.

Deniz Eren (2):
  CAN bus PCM-3680I PCI (dual SJA1000 channel) emulation added.
  CAN bus MIOe-3680 PCI (dual SJA1000 channel) emulation added.

Pavel Pisa (5):
  CAN bus simple messages transport implementation for QEMU
  CAN bus support to connect bust to Linux host SocketCAN interface.
  CAN bus SJA1000 chip register level emulation for QEMU
  CAN bus Kvaser PCI CAN-S (single SJA1000 channel) emulation added.
  QEMU CAN bus emulation documentation

 default-configs/pci.mak   |3 +
 docs/can.txt  |   78 
 hw/Makefile.objs  |1 +
 hw/can/Makefile.objs  |   14 +
 hw/can/can_core.c |  136 ++
 hw/can/can_host_stub.c|   36 ++
 hw/can/can_kvaser_pci.c   |  375 +
 hw/can/can_mioe3680_pci.c |  336 +++
 hw/can/can_pcm3680_pci.c  |  336 +++
 hw/can/can_sja1000.c  | 1013 +
 hw/can/can_sja1000.h  |  167 
 hw/can/can_socketcan.c|  314 ++
 include/can/can_emu.h |  131 ++
 13 files changed, 2940 insertions(+)
 create mode 100644 docs/can.txt
 create mode 100644 hw/can/Makefile.objs
 create mode 100644 hw/can/can_core.c
 create mode 100644 hw/can/can_host_stub.c
 create mode 100644 hw/can/can_kvaser_pci.c
 create mode 100644 hw/can/can_mioe3680_pci.c
 create mode 100644 hw/can/can_pcm3680_pci.c
 create mode 100644 hw/can/can_sja1000.c
 create mode 100644 hw/can/can_sja1000.h
 create mode 100644 hw/can/can_socketcan.c
 create mode

[Qemu-devel] [PATCH v2 2/2] ppc: spapr: Check if thread argument is supported by host KVM

2018-01-14 Thread Jose Ricardo Ziviani

QEMU currently checks whether SMT passed is valid or not. However, it
doesn't check if KVM supports such mode when kvm is enabled.

This patch relies on KVM_CAP_PPC_SMT_POSSIBLE to make it sure that QEMU
will either set a valid SMT mode or warn an error message and quit.

Signed-off-by: Jose Ricardo Ziviani 
---
 hw/ppc/spapr.c   | 10 ++
 target/ppc/kvm.c |  5 +
 target/ppc/kvm_ppc.h |  6 ++
 3 files changed, 21 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index d1acfe8858..aed4d25fc4 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2261,12 +2261,22 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
*spapr, Error **errp)
  "on a pseries machine");
 goto out;
 }
+
 if (!is_power_of_2(smp_threads)) {
 error_setg(_err, "Cannot support %d threads/core on a pseries "
  "machine because it must be a power of 2", smp_threads);
 goto out;
 }
 
+if (kvm_enabled() && kvmppc_cap_smt_possible() > 0) {
+if ((kvmppc_cap_smt_possible() & smp_threads) != smp_threads) {
+error_setg(_err, "KVM does not support %d threads/core.",
+smp_threads);
+kvmppc_hint_smt_possible(_err);
+goto out;
+}
+}
+
 /* Detemine the VSMT mode to use: */
 if (vsmt_user) {
 if (spapr->vsmt < smp_threads) {
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 914be687e7..4a8ff4d63c 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2456,6 +2456,11 @@ bool kvmppc_has_cap_mmu_hash_v3(void)
 return cap_mmu_hash_v3;
 }
 
+int kvmppc_cap_smt_possible(void)
+{
+return cap_ppc_smt_possible;
+}
+
 PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void)
 {
 uint32_t host_pvr = mfpvr();
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index ecb55493cc..2221850723 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -59,6 +59,7 @@ bool kvmppc_has_cap_fixup_hcalls(void);
 bool kvmppc_has_cap_htm(void);
 bool kvmppc_has_cap_mmu_radix(void);
 bool kvmppc_has_cap_mmu_hash_v3(void);
+int kvmppc_cap_smt_possible(void);
 int kvmppc_enable_hwrng(void);
 int kvmppc_put_books_sregs(PowerPCCPU *cpu);
 PowerPCCPUClass *kvm_ppc_get_host_cpu_class(void);
@@ -290,6 +291,11 @@ static inline bool kvmppc_has_cap_mmu_hash_v3(void)
 return false;
 }
 
+static inline int kvmppc_cap_smt_possible(void)
+{
+return 0;
+}
+
 static inline int kvmppc_enable_hwrng(void)
 {
 return -1;
-- 
2.14.3

[Qemu-devel] [PATCH v2 0/2] Small fixes for SMT guests in Power9

2018-01-14 Thread Jose Ricardo Ziviani

v2:
 - divided in two patches:
(1) enables smt8 mode to P9 guests
(2) checks if host supports the # of threads/core required
limitation: doesn't check guest running in compat mode

This patchset contains 2 changes:

(1) A P9 guest defined like -smp sockets=1,cores=1,threads=8 will be silently
changed to threads=4:

(guest) # lscpu
Architecture:  ppc64le
Byte Order:Little Endian
CPU(s):4
On-line CPU(s) list:   0-3
Thread(s) per core:4
Core(s) per socket:1
Socket(s): 1
NUMA node(s):  1
...
(qemu) info cpus
* CPU #0: nip=0xc00db9cc thread_id=9440
  CPU #1: nip=0xc00db9cc thread_id=9441
  CPU #2: nip=0xc00db9cc thread_id=9442
  CPU #3: nip=0xc00db9cc thread_id=9443
  CPU #4: nip=0x0100 (halted) thread_id=9444
  CPU #5: nip=0x0100 (halted) thread_id=9445
  CPU #6: nip=0x0100 (halted) thread_id=9446
  CPU #7: nip=0x0100 (halted) thread_id=9447

This patch enables P9 guests to use emulated smt because KVM supports it:

(guest) # lscpu
Architecture:  ppc64le
Byte Order:Little Endian
CPU(s):8
On-line CPU(s) list:   0-7
Thread(s) per core:8
Core(s) per socket:1
Socket(s): 1
NUMA node(s):  1

(qemu) info cpus
* CPU #0: nip=0xc00d30ac thread_id=68400
  CPU #1: nip=0xc00d30ac thread_id=68401
  CPU #2: nip=0xc00d30ac thread_id=68402
  CPU #3: nip=0xc00d30ac thread_id=68403
  CPU #4: nip=0xc00d30ac thread_id=68404
  CPU #5: nip=0xc00d30ac thread_id=68405
  CPU #6: nip=0xc00d30ac thread_id=68406
  CPU #7: nip=0xc00d30ac thread_id=68407

CPU hotplugging also works as expected:

(qemu) device_add host-spapr-cpu-core,id=core8,core-id=8
(qemu) info cpus
* CPU #0: nip=0xc00d30ac thread_id=68400
  CPU #1: nip=0xc00d30ac thread_id=68401
  CPU #2: nip=0xc00d30ac thread_id=68402
  CPU #3: nip=0xc00d30ac thread_id=68403
  CPU #4: nip=0xc00d30ac thread_id=68404
  CPU #5: nip=0xc00d30ac thread_id=68405
  CPU #6: nip=0xc00d30ac thread_id=68406
  CPU #7: nip=0xc00d30ac thread_id=68407
  CPU #8: nip=0xc00d30ac thread_id=68492
  CPU #9: nip=0xc00d30ac thread_id=68493
  CPU #10: nip=0xc00d30ac thread_id=68494
  CPU #11: nip=0xc00d30ac thread_id=68495
  CPU #12: nip=0xc00d30ac thread_id=68496
  CPU #13: nip=0xc00d30ac thread_id=68497
  CPU #14: nip=0xc00d30ac thread_id=68498
  CPU #15: nip=0xc00d30ac thread_id=68499

(guest) # lscpu
Architecture:  ppc64le
Byte Order:Little Endian
CPU(s):16
On-line CPU(s) list:   0-15
Thread(s) per core:8
Core(s) per socket:2
Socket(s): 1
NUMA node(s):  1

(2) Checks if KVM supports the number of threads required

If users try to pass more threads/core than the host supports it displays an
error message and quits:

qemu-system-ppc64: KVM does not support 8 threads/core.
Available VSMT modes: 4 2 1.

Jose Ricardo Ziviani (2):
  ppc: Change Power9 compat table to support at most 8 threads/core
  ppc: spapr: Check if thread argument is supported by host KVM

 hw/ppc/spapr.c   | 10 ++
 target/ppc/compat.c  |  2 +-
 target/ppc/kvm.c |  5 +
 target/ppc/kvm_ppc.h |  6 ++
 4 files changed, 22 insertions(+), 1 deletion(-)

-- 
2.14.3

[Qemu-devel] [PATCH v2 1/2] ppc: Change Power9 compat table to support at most 8 threads/core

2018-01-14 Thread Jose Ricardo Ziviani

Increases the max smt mode to 8 for Power9. That's because KVM supports
smt emulation in this platform so QEMU should allow users to use it as
well.

Today if we try to pass -smp ...,threads=8, QEMU will silently truncate
it to smt4 mode and may cause a crash if we try to perform a cpu
hotplug.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/compat.c b/target/ppc/compat.c
index ad8f93c064..d1770cdc6f 100644
--- a/target/ppc/compat.c
+++ b/target/ppc/compat.c
@@ -73,7 +73,7 @@ static const CompatInfo compat_table[] = {
 .pvr = CPU_POWERPC_LOGICAL_3_00,
 .pcr = PCR_COMPAT_3_00,
 .pcr_level = PCR_COMPAT_3_00,
-.max_threads = 4,
+.max_threads = 8,
 },
 };
 
-- 
2.14.3

Re: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and tracepoint conversions

2018-01-14 Thread no-reply

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180114104751.21965-1-mark.cave-ayl...@ilande.co.uk
Subject: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and tracepoint 
conversions

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
68e33f523f sparc64: convert hw/sparc64/sparc64.c from DPRINTF macros to trace 
events
3ac895348d sabre: convert from SABRE_DPRINTF macro to trace-events
5b44f0019e pci: add trace-events support for hw/pci-host
a625765105 apb: rename apb.c to sabre.c
8ef3083a55 sun4u: rename apb variables and constants
349fc89fe8 apb: rename QOM type from TYPE_APB to TYPE_SABRE
74cbac48cd apb: QOMify sabre PCI host bridge
787f76fc03 apb: change pbm_pci_host prefix functions to use sabre_pci prefix
65b67f4892 apb: rename APB functions to use sabre prefix
3bdf1030e7 simba: rename PBMPCIBridge and QOM types to reflect simba naming
b645abcfb6 apb: split simba PCI bridge into hw/pci-bridge/simba.c

=== OUTPUT BEGIN ===
Checking PATCH 1/11: apb: split simba PCI bridge into hw/pci-bridge/simba.c...
Checking PATCH 2/11: simba: rename PBMPCIBridge and QOM types to reflect simba 
naming...
Checking PATCH 3/11: apb: rename APB functions to use sabre prefix...
Checking PATCH 4/11: apb: change pbm_pci_host prefix functions to use sabre_pci 
prefix...
Checking PATCH 5/11: apb: QOMify sabre PCI host bridge...
Checking PATCH 6/11: apb: rename QOM type from TYPE_APB to TYPE_SABRE...
Checking PATCH 7/11: sun4u: rename apb variables and constants...
Checking PATCH 8/11: apb: rename apb.c to sabre.c...
ERROR: do not use C99 // comments
#86: FILE: hw/pci-host/sabre.c:41:
+//#define DEBUG_SABRE

total: 1 errors, 0 warnings, 188 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/11: pci: add trace-events support for hw/pci-host...
Checking PATCH 10/11: sabre: convert from SABRE_DPRINTF macro to trace-events...
Checking PATCH 11/11: sparc64: convert hw/sparc64/sparc64.c from DPRINTF macros 
to trace events...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH 06/29] hw/isa: add a generic isa_superio_init()

On 01/07/2018 11:45 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/isa/superio.h | 17 +
>  hw/isa/isa-superio.c | 45 +
>  MAINTAINERS  |  2 ++
>  hw/isa/Makefile.objs |  1 +
>  4 files changed, 65 insertions(+)
>  create mode 100644 include/hw/isa/superio.h
>  create mode 100644 hw/isa/isa-superio.c
> 
> diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
> new file mode 100644
> index 00..e685b96653
> --- /dev/null
> +++ b/include/hw/isa/superio.h
> @@ -0,0 +1,17 @@
> +/*
> + * Generic ISA Super I/O
> + *
> + * Copyright (c) 2018 Philippe Mathieu-Daudé
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +#ifndef HW_ISA_SUPERIO_H
> +#define HW_ISA_SUPERIO_H
> +
> +#include "hw/isa/isa.h"
> +
> +ISADevice *isa_superio_init(ISABus *isa_bus, int serial_count,
> +int parallel_count, int drive_count);

This approach is simple enough, but how Hervé wrote hw/isa/pc87312.c is
way cleaner, so I'll respin using it.

> +
> +#endif
> diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
> new file mode 100644
> index 00..93d8457c6b
> --- /dev/null
> +++ b/hw/isa/isa-superio.c
> @@ -0,0 +1,45 @@
> +/*
> + * Generic ISA Super I/O
> + *
> + * Copyright (c) 2018 Philippe Mathieu-Daudé
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +#include "qemu/osdep.h"
> +#include "qemu/error-report.h"
> +#include "sysemu/blockdev.h"
> +#include "hw/isa/superio.h"
> +#include "hw/char/serial.h"
> +#include "hw/char/parallel.h"
> +#include "hw/block/fdc.h"
> +#include "hw/input/i8042.h"
> +
> +ISADevice *isa_superio_init(ISABus *isa_bus, int serial_count,
> +int parallel_count, int drive_count)
> +{
> +serial_hds_isa_init(isa_bus, 0, serial_count);
> +
> +parallel_hds_isa_init(isa_bus, parallel_count);
> +
> +if (drive_count) {
> +DriveInfo **fd;
> +int i;
> +
> +if (drive_count > MAX_FD) {
> +warn_report("superio: ignoring %d floppy controllers",
> +drive_count - MAX_FD);
> +drive_count = MAX_FD;
> +}
> +fd = g_new(DriveInfo *, drive_count);
> +
> +for (i = 0; i < drive_count; i++) {
> +fd[i] = drive_get(IF_FLOPPY, 0, i);
> +}
> +fdctrl_init_isa(isa_bus, fd);
> +
> +g_free(fd); /* FIXME */
> +}
> +
> +return isa_create_simple(isa_bus, TYPE_I8042);
> +}
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 7f9e98a046..6f867da743 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -875,6 +875,7 @@ F: hw/input/pckbd.c
>  F: hw/intc/apic*
>  F: hw/intc/ioapic*
>  F: hw/intc/i8259*
> +F: hw/isa/isa-superio.c
>  F: hw/misc/debugexit.c
>  F: hw/misc/pc-testdev.c
>  F: hw/timer/hpet*
> @@ -885,6 +886,7 @@ F: include/hw/display/vga.h
>  F: include/hw/char/parallel.h
>  F: include/hw/dma/i8257.h
>  F: include/hw/i2c/pm_smbus.h
> +F: include/hw/isa/superio.h
>  F: include/hw/input/i8042.h
>  F: include/hw/timer/hpet.h
>  F: include/hw/timer/i8254*
> diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
> index fb37c55cf2..cac655ba58 100644
> --- a/hw/isa/Makefile.objs
> +++ b/hw/isa/Makefile.objs
> @@ -1,4 +1,5 @@
>  common-obj-$(CONFIG_ISA_BUS) += isa-bus.o
> +common-obj-$(CONFIG_ISA_BUS) += isa-superio.o
>  common-obj-$(CONFIG_APM) += apm.o
>  common-obj-$(CONFIG_I82378) += i82378.o
>  common-obj-$(CONFIG_PC87312) += pc87312.o
>

Re: [Qemu-devel] [PATCH] hw/i2c: QOM'ify i2c slave

On 01/14/2018 12:34 PM, Peter Maydell wrote:
> On 14 January 2018 at 02:45, Philippe Mathieu-Daudé  wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/i2c/core.c | 12 ++--
>>  1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/hw/i2c/core.c b/hw/i2c/core.c
>> index 59068f157e..c84dbfb884 100644
>> --- a/hw/i2c/core.c
>> +++ b/hw/i2c/core.c
>> @@ -8,6 +8,7 @@
>>   */
>>
>>  #include "qemu/osdep.h"
>> +#include "qapi/error.h"
>>  #include "hw/i2c/i2c.h"
>>
>>  typedef struct I2CNode I2CNode;
>> @@ -276,16 +277,15 @@ const VMStateDescription vmstate_i2c_slave = {
>>  }
>>  };
>>
>> -static int i2c_slave_qdev_init(DeviceState *dev)
>> +static void i2c_slave_realize(DeviceState *dev, Error **errp)
>>  {
>>  I2CSlave *s = I2C_SLAVE(dev);
>>  I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
>>
>> -if (sc->init) {
>> -return sc->init(s);
>> +if (sc->init && sc->init(s)) {
>> +error_setg(errp, "i2c slave initialization failed");
>> +return;
>>  }
>> -
>> -return 0;
>>  }
>>
>>  DeviceState *i2c_create_slave(I2CBus *bus, const char *name, uint8_t addr)
>> @@ -301,7 +301,7 @@ DeviceState *i2c_create_slave(I2CBus *bus, const char 
>> *name, uint8_t addr)
>>  static void i2c_slave_class_init(ObjectClass *klass, void *data)
>>  {
>>  DeviceClass *k = DEVICE_CLASS(klass);
>> -k->init = i2c_slave_qdev_init;
>> +k->realize = i2c_slave_realize;
>>  set_bit(DEVICE_CATEGORY_MISC, k->categories);
>>  k->bus_type = TYPE_I2C_BUS;
>>  k->props = i2c_props;
> 
> This is changing the semantics of the I2CSlaveClass::init
> method. Is that really OK? (If nothing else, it means
> that we end up with a method named init which is called
> at realize time, which is confusing, and which doesn't
> have an API like realize which allows it to fill in
> an Error**.)

I see your point and missed it.

I'll respin this patch once I2CSlaveClass is correctly converted to
realize().

Thanks,

Phil.

Re: [Qemu-devel] [PATCH] sysbus: convert init() to realize()

On 01/14/2018 12:32 PM, Peter Maydell wrote:
> On 14 January 2018 at 02:52, Philippe Mathieu-Daudé  wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/core/sysbus.c | 11 ++-
>>  1 file changed, 6 insertions(+), 5 deletions(-)
>>
>> diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
>> index 5d0887f499..0531eb60ce 100644
>> --- a/hw/core/sysbus.c
>> +++ b/hw/core/sysbus.c
>> @@ -18,6 +18,7 @@
>>   */
>>
>>  #include "qemu/osdep.h"
>> +#include "qapi/error.h"
>>  #include "hw/sysbus.h"
>>  #include "monitor/monitor.h"
>>  #include "exec/address-spaces.h"
>> @@ -200,15 +201,15 @@ void sysbus_init_ioports(SysBusDevice *dev, uint32_t 
>> ioport, uint32_t size)
>>  }
>>  }
>>
>> -static int sysbus_device_init(DeviceState *dev)
>> +static void sysbus_device_realize(DeviceState *dev, Error **errp)
>>  {
>>  SysBusDevice *sd = SYS_BUS_DEVICE(dev);
>>  SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
>>
>> -if (!sbc->init) {
>> -return 0;
>> +if (sbc->init && sbc->init(sd)) {
>> +error_setg(errp, "sysbus device initialization failed");
>> +return;
>>  }
>> -return sbc->init(sd);
>>  }
>>
>>  DeviceState *sysbus_create_varargs(const char *name,
>> @@ -324,7 +325,7 @@ MemoryRegion *sysbus_address_space(SysBusDevice *dev)
>>  static void sysbus_device_class_init(ObjectClass *klass, void *data)
>>  {
>>  DeviceClass *k = DEVICE_CLASS(klass);
>> -k->init = sysbus_device_init;
>> +k->realize = sysbus_device_realize;
>>  k->bus_type = TYPE_SYSTEM_BUS;
>>  /*
>>   * device_add plugs devices into a suitable bus.  For "real" buses,
> 
> This doesn't look right. SysBus::init is something we're trying
> to deprecate, I think, so we should be looking to complete
> that process, not changing its semantics so it isn't called
> until Device::realize.

Ok, I think if I put all those related patches altogether in the same
series this will make more sens.

[Qemu-devel] [PULL 0/5] slirp updates

warning: redirection vers https://people.debian.org/~sthibault/qemu.git/
The following changes since commit 7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac:

  Merge remote-tracking branch 'remotes/kraxel/tags/vnc-20180112-pull-request' 
into staging (2018-01-12 16:01:30 +)

are available in the Git repository at:

  http://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

for you to fetch changes up to 318116a6ff36bee13c725a247a9395e80bcfbd6b:

  slirp: add in6_dhcp_multicast() (2018-01-14 18:16:13 +0100)


slirp updates


Philippe Mathieu-Daudé (5):
  slirp: avoid IN6_IS_ADDR_UNSPECIFIED(), rather use in6_zero()
  slirp: remove unused header
  slirp: remove unnecessary struct declaration
  slirp: removed unused code
  slirp: add in6_dhcp_multicast()

 slirp/dhcpv6.h|  3 +++
 slirp/ip.h| 13 -
 slirp/ip6_icmp.c  |  6 +++---
 slirp/libslirp.h  |  1 -
 slirp/ndp_table.c |  4 ++--
 slirp/slirp.h |  1 -
 slirp/udp6.c  |  2 +-
 7 files changed, 9 insertions(+), 21 deletions(-)

[Qemu-devel] [PULL 4/5] slirp: removed unused code

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Signed-off-by: Samuel Thibault 
---
 slirp/ip.h | 13 -
 1 file changed, 13 deletions(-)

diff --git a/slirp/ip.h b/slirp/ip.h
index 1df6723357..59cf4aa918 100644
--- a/slirp/ip.h
+++ b/slirp/ip.h
@@ -233,17 +233,4 @@ struct ipasfrag {
 #define ipf_next ipf_link.next
 #define ipf_prev ipf_link.prev
 
-/*
- * Structure stored in mbuf in inpcb.ip_options
- * and passed to ip_output when ip options are in use.
- * The actual length of the options (including ipopt_dst)
- * is in m_len.
- */
-#define MAX_IPOPTLEN   40
-
-struct ipoption {
-   struct  in_addr ipopt_dst;  /* first-hop dst if source routed */
-   int8_t  ipopt_list[MAX_IPOPTLEN];   /* options proper */
-} QEMU_PACKED;
-
 #endif
-- 
2.15.1

[Qemu-devel] [PULL 1/5] slirp: avoid IN6_IS_ADDR_UNSPECIFIED(), rather use in6_zero()

From: Philippe Mathieu-Daudé 

Host: Mac OS 10.12.5
Compiler: Apple LLVM version 8.1.0 (clang-802.0.42)

  slirp/ip6_icmp.c:80:38: warning: taking address of packed member 'ip_src' of 
class or
structure 'ip6' may result in an unaligned pointer value
[-Waddress-of-packed-member]
  IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
   ^~
  /usr/include/netinet6/in6.h:238:42: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
  ((*(const __uint32_t *)(const void *)(&(a)->s6_addr[0]) == 0) && \
  ^

Reported-by: John Arbuckle 
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Thibault 
---
 slirp/ip6_icmp.c  | 6 +++---
 slirp/ndp_table.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index 777eb574be..ee333d05a2 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -77,7 +77,7 @@ void icmp6_send_error(struct mbuf *m, uint8_t type, uint8_t 
code)
 DEBUG_ARGS((dfd, " type = %d, code = %d\n", type, code));
 
 if (IN6_IS_ADDR_MULTICAST(>ip_src) ||
-IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
+in6_zero(>ip_src)) {
 /* TODO icmp error? */
 return;
 }
@@ -272,7 +272,7 @@ static void ndp_send_na(Slirp *slirp, struct ip6 *ip, 
struct icmp6 *icmp)
 struct mbuf *t = m_get(slirp);
 struct ip6 *rip = mtod(t, struct ip6 *);
 rip->ip_src = icmp->icmp6_nns.target;
-if (IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
+if (in6_zero(>ip_src)) {
 rip->ip_dst = (struct in6_addr)ALLNODES_MULTICAST;
 } else {
 rip->ip_dst = ip->ip_src;
@@ -350,7 +350,7 @@ static void ndp_input(struct mbuf *m, Slirp *slirp, struct 
ip6 *ip,
 && icmp->icmp6_code == 0
 && !IN6_IS_ADDR_MULTICAST(>icmp6_nns.target)
 && ntohs(ip->ip_pl) >= ICMP6_NDP_NS_MINLEN
-&& (!IN6_IS_ADDR_UNSPECIFIED(>ip_src)
+&& (!in6_zero(>ip_src)
 || in6_solicitednode_multicast(>ip_dst))) {
 if (in6_equal_host(>icmp6_nns.target)) {
 /* Gratuitous NDP */
diff --git a/slirp/ndp_table.c b/slirp/ndp_table.c
index 9d4c39b45c..e1676a0a7b 100644
--- a/slirp/ndp_table.c
+++ b/slirp/ndp_table.c
@@ -23,7 +23,7 @@ void ndp_table_add(Slirp *slirp, struct in6_addr ip_addr,
 ethaddr[0], ethaddr[1], ethaddr[2],
 ethaddr[3], ethaddr[4], ethaddr[5]));
 
-if (IN6_IS_ADDR_MULTICAST(_addr) || IN6_IS_ADDR_UNSPECIFIED(_addr)) {
+if (IN6_IS_ADDR_MULTICAST(_addr) || in6_zero(_addr)) {
 /* Do not register multicast or unspecified addresses */
 DEBUG_CALL(" abort: do not register multicast or unspecified address");
 return;
@@ -60,7 +60,7 @@ bool ndp_table_search(Slirp *slirp, struct in6_addr ip_addr,
 DEBUG_ARG("ip = %s", addrstr);
 #endif
 
-assert(!IN6_IS_ADDR_UNSPECIFIED(_addr));
+assert(!in6_zero(_addr));
 
 /* Multicast address: fec0::abcd:efgh/8 -> 33:33:ab:cd:ef:gh */
 if (IN6_IS_ADDR_MULTICAST(_addr)) {
-- 
2.15.1

[Qemu-devel] [PULL 3/5] slirp: remove unnecessary struct declaration

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Thibault 
---
 slirp/libslirp.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index f90f0f524c..540b3e5903 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -3,7 +3,6 @@
 
 #include "qemu-common.h"
 
-struct Slirp;
 typedef struct Slirp Slirp;
 
 int get_dns_addr(struct in_addr *pdns_addr);
-- 
2.15.1

[Qemu-devel] [PULL 5/5] slirp: add in6_dhcp_multicast()

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Thibault 
---
 slirp/dhcpv6.h | 3 +++
 slirp/udp6.c   | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/slirp/dhcpv6.h b/slirp/dhcpv6.h
index 9189cd3f2d..3373f6cb89 100644
--- a/slirp/dhcpv6.h
+++ b/slirp/dhcpv6.h
@@ -17,6 +17,9 @@
 0x00, 0x00, 0x00, 0x00,\
 0x00, 0x01, 0x00, 0x02 } }
 
+#define in6_dhcp_multicast(a)\
+in6_equal(a, &(struct in6_addr)ALLDHCP_MULTICAST)
+
 void dhcpv6_input(struct sockaddr_in6 *srcsas, struct mbuf *m);
 
 #endif
diff --git a/slirp/udp6.c b/slirp/udp6.c
index 9fa314bc2d..7c4a6b003a 100644
--- a/slirp/udp6.c
+++ b/slirp/udp6.c
@@ -65,7 +65,7 @@ void udp6_input(struct mbuf *m)
 /* handle DHCPv6 */
 if (ntohs(uh->uh_dport) == DHCPV6_SERVER_PORT &&
 (in6_equal(>ip_dst, >vhost_addr6) ||
- in6_equal(>ip_dst, &(struct in6_addr)ALLDHCP_MULTICAST))) {
+ in6_dhcp_multicast(>ip_dst))) {
 m->m_data += iphlen;
 m->m_len -= iphlen;
 dhcpv6_input(, m);
-- 
2.15.1

[Qemu-devel] [PULL 2/5] slirp: remove unused header

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Tested-by: Thomas Huth 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/slirp/slirp.h b/slirp/slirp.h
index 898ec9516d..06febfc78b 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -1,7 +1,6 @@
 #ifndef SLIRP_H
 #define SLIRP_H
 
-#include "qemu/host-utils.h"
 #include "slirp_config.h"
 
 #ifdef _WIN32
-- 
2.15.1

Re: [Qemu-devel] [PATCH 09/11] pci: add trace-events support for hw/pci-host

2018-01-14 Thread Marcel Apfelbaum


On 14/01/2018 15:32, Philippe Mathieu-Daudé wrote:

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 

Not sure this is worth a separate commit (I'd squash it in the next
patch), still:


I agree, no need to add a new directory to the trace list
while we don't have a trace events file.

Thanks,
Marcel


Reviewed-by: Philippe Mathieu-Daudé 

CC: Michael S. Tsirkin 
CC: Marcel Apfelbaum 
---
  Makefile.objs| 1 +
  hw/pci-host/trace-events | 1 +
  2 files changed, 2 insertions(+)
  create mode 100644 hw/pci-host/trace-events

diff --git a/Makefile.objs b/Makefile.objs
index c8b1bba593..6aa793ce4f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -149,6 +149,7 @@ trace-events-subdirs += hw/i386/xen
  trace-events-subdirs += hw/9pfs
  trace-events-subdirs += hw/ppc
  trace-events-subdirs += hw/pci
+trace-events-subdirs += hw/pci-host
  trace-events-subdirs += hw/s390x
  trace-events-subdirs += hw/vfio
  trace-events-subdirs += hw/acpi
diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
new file mode 100644
index 00..9284b1fbad
--- /dev/null
+++ b/hw/pci-host/trace-events
@@ -0,0 +1 @@
+# See docs/devel/tracing.txt for syntax documentation.

Re: [Qemu-devel] [PATCH] hw/i2c: QOM'ify i2c slave

2018-01-14 Thread Peter Maydell

On 14 January 2018 at 02:45, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/i2c/core.c | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/hw/i2c/core.c b/hw/i2c/core.c
> index 59068f157e..c84dbfb884 100644
> --- a/hw/i2c/core.c
> +++ b/hw/i2c/core.c
> @@ -8,6 +8,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qapi/error.h"
>  #include "hw/i2c/i2c.h"
>
>  typedef struct I2CNode I2CNode;
> @@ -276,16 +277,15 @@ const VMStateDescription vmstate_i2c_slave = {
>  }
>  };
>
> -static int i2c_slave_qdev_init(DeviceState *dev)
> +static void i2c_slave_realize(DeviceState *dev, Error **errp)
>  {
>  I2CSlave *s = I2C_SLAVE(dev);
>  I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s);
>
> -if (sc->init) {
> -return sc->init(s);
> +if (sc->init && sc->init(s)) {
> +error_setg(errp, "i2c slave initialization failed");
> +return;
>  }
> -
> -return 0;
>  }
>
>  DeviceState *i2c_create_slave(I2CBus *bus, const char *name, uint8_t addr)
> @@ -301,7 +301,7 @@ DeviceState *i2c_create_slave(I2CBus *bus, const char 
> *name, uint8_t addr)
>  static void i2c_slave_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *k = DEVICE_CLASS(klass);
> -k->init = i2c_slave_qdev_init;
> +k->realize = i2c_slave_realize;
>  set_bit(DEVICE_CATEGORY_MISC, k->categories);
>  k->bus_type = TYPE_I2C_BUS;
>  k->props = i2c_props;

This is changing the semantics of the I2CSlaveClass::init
method. Is that really OK? (If nothing else, it means
that we end up with a method named init which is called
at realize time, which is confusing, and which doesn't
have an API like realize which allows it to fill in
an Error**.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] sysbus: convert init() to realize()

2018-01-14 Thread Peter Maydell

On 14 January 2018 at 02:52, Philippe Mathieu-Daudé  wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/core/sysbus.c | 11 ++-
>  1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
> index 5d0887f499..0531eb60ce 100644
> --- a/hw/core/sysbus.c
> +++ b/hw/core/sysbus.c
> @@ -18,6 +18,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qapi/error.h"
>  #include "hw/sysbus.h"
>  #include "monitor/monitor.h"
>  #include "exec/address-spaces.h"
> @@ -200,15 +201,15 @@ void sysbus_init_ioports(SysBusDevice *dev, uint32_t 
> ioport, uint32_t size)
>  }
>  }
>
> -static int sysbus_device_init(DeviceState *dev)
> +static void sysbus_device_realize(DeviceState *dev, Error **errp)
>  {
>  SysBusDevice *sd = SYS_BUS_DEVICE(dev);
>  SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
>
> -if (!sbc->init) {
> -return 0;
> +if (sbc->init && sbc->init(sd)) {
> +error_setg(errp, "sysbus device initialization failed");
> +return;
>  }
> -return sbc->init(sd);
>  }
>
>  DeviceState *sysbus_create_varargs(const char *name,
> @@ -324,7 +325,7 @@ MemoryRegion *sysbus_address_space(SysBusDevice *dev)
>  static void sysbus_device_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *k = DEVICE_CLASS(klass);
> -k->init = sysbus_device_init;
> +k->realize = sysbus_device_realize;
>  k->bus_type = TYPE_SYSTEM_BUS;
>  /*
>   * device_add plugs devices into a suitable bus.  For "real" buses,

This doesn't look right. SysBus::init is something we're trying
to deprecate, I think, so we should be looking to complete
that process, not changing its semantics so it isn't called
until Device::realize.

thanks
-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH] get_phys_addr_pmsav7: Support AP=0b111 for v7M

Hi Peter, Andy,

> On 8 December 2017 at 14:13, Peter Maydell  wrote:
>> For PMSAv7, the v7A/R Arm ARM defines that setting AP to 0b111
>> is an UNPREDICTABLE reserved combination. However, for v7M
>> this value is documented as having the same behaviour as 0b110:
>> read-only for both privileged and unprivileged. Accept this
>> value on an M profile core rather than treating it as a guest
>> error and a no-access page.

So, checking "Access permission checking":

v7-AR:
 case perms.ap of
   when ‘000’ abort = TRUE;
   when ‘001’ abort = !ispriv;
   when ‘010’ abort = !ispriv && iswrite;
   when ‘011’ abort = FALSE;
   when ‘100’ UNPREDICTABLE;
   when ‘101’ abort = !ispriv || iswrite;
   when ‘110’ abort = iswrite;
   when ‘111’
 if MemorySystemArchitecture() == MemArch_VMSA then
   abort = iswrite
 else
   UNPREDICTABLE;

v7-M:
 case perms.ap of
   when ‘000’ fault = TRUE;
   when ‘001’ fault = !ispriv;
   when ‘010’ fault = !ispriv && iswrite;
   when ‘011’ fault = FALSE;
   when ‘100’ UNPREDICTABLE;
   when ‘101’ fault = !ispriv || iswrite;
   when ‘110’ fault = iswrite;
   when ‘111’ fault = iswrite;
   otherwise UNPREDICTABLE;

You are indeed correct.

Having a 3bits perms.ap, I wonder how you can reach the 'otherwise'
case... :)

// Access permissions descriptor
type Permissions is (
 bits(3) ap, // Access Permission bits
 bit xn // Execute Never bit
)

This appears in the "Access permissions field encoding" table:

```
The AP bits, AP[2:0], are used for access permissions.
...
110 Read-only Read-only Privileged and unprivileged read-only
111 Read-only Read-only Privileged and unprivileged read-only
```

However I think this v7-M PMSAv7 behaviour is not obviously
differentiated in the  Architecture Reference Manual:

```
ARMv7-M supports the standard PMSAv7 of the ARMv7-R architecture
profile, with the following extensions:

• An optimized two register update model, where software can select the
region to update by writing to the
MPU Region Base Address Register. This optimization applies to the first
sixteen memory regions (0 ≤
RegionNumber ≤ 0xF) only.

• The MPU Region Base Address Register and the MPU Region Attribute and
Size Register pairs are aliased
in three consecutive dual-word locations. Using the two register update
model, software can modify up to
four regions by writing the appropriate even number of words using a
single STM multi-word store instruction.
```

They might add smth such:

"and with the following differences/restrictions: ..."

>>
>> Reported-by: Andy Gross 
>> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

>> ---
>>  target/arm/helper.c | 14 ++
>>  1 file changed, 14 insertions(+)
>>
>> diff --git a/target/arm/helper.c b/target/arm/helper.c
>> index 91a9300..2f53dd8 100644
>> --- a/target/arm/helper.c
>> +++ b/target/arm/helper.c
>> @@ -9229,6 +9229,13 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, 
>> uint32_t address,
>>  case 6:
>>  *prot |= PAGE_READ | PAGE_EXEC;
>>  break;
>> +case 7:
>> +/* for v7M, same as 6; for R profile a reserved value */
>> +if (arm_feature(env, ARM_FEATURE_M)) {
>> +*prot |= PAGE_READ | PAGE_EXEC;
>> +break;
>> +}
>> +/* fall through */
>>  default:
>>  qemu_log_mask(LOG_GUEST_ERROR,
>>"DRACR[%d]: Bad value for AP bits: 0x%"
>> @@ -9247,6 +9254,13 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, 
>> uint32_t address,
>>  case 6:
>>  *prot |= PAGE_READ | PAGE_EXEC;
>>  break;
>> +case 7:
>> +/* for v7M, same as 6; for R profile a reserved value */
>> +if (arm_feature(env, ARM_FEATURE_M)) {
>> +*prot |= PAGE_READ | PAGE_EXEC;
>> +break;
>> +}
>> +/* fall through */
>>  default:
>>  qemu_log_mask(LOG_GUEST_ERROR,
>>"DRACR[%d]: Bad value for AP bits: 0x%"
>> --
>> 2.7.4
> 



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] memory: set ioeventfd_update_pending after address_space_update_ioeventfds

2018-01-14 Thread linzhecheng

We should set ioeventfd_update_pending same as memory_region_update_pending.

Signed-off-by: linzhecheng 
---
 memory.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/memory.c b/memory.c
index 4b41fb8..0cf39d0 100644
--- a/memory.c
+++ b/memory.c
@@ -1091,6 +1091,7 @@ void memory_region_transaction_commit(void)
 address_space_update_ioeventfds(as);
 }
 memory_region_update_pending = false;
+ioeventfd_update_pending = false;
 MEMORY_LISTENER_CALL_GLOBAL(commit, Forward);
 } else if (ioeventfd_update_pending) {
 QTAILQ_FOREACH(as, _spaces, address_spaces_link) {
-- 
1.8.3.1

[Qemu-devel] question about share flatviews

2018-01-14 Thread CheneyLin

Hi， Paolo,

Alexey
Alexey
Alexey
Alexey
Alexey
Alexey
Alexey
Alexey
Alexey
Alexey：

commit 967dc9b

commit 967dc9b
commit 967dc9b
commit 967dc9b Share FlatView's and dispatch trees between address spaces
 commit 967dc9b.
. 

I'm wondering why we have to shares flatviews between different ASes. In my 
opinion, arch like x86 only have two ASes(memory AS and io AS), each AS is 
related with only one flatview. Their ASes are definitely different.

[Qemu-devel] [Bug 1743214] Re: OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread MVoloshin

I used QEMU 2.11 for Windows from Stephan Weil
(http://qemu.weilnetz.de/). I have Windows 10 (v1709) x64.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1743214

Title:
  OS/2 Warp 3 support broken in 2.11

Status in QEMU:
  New

Bug description:
  Hello, I used to run OS/2 Warp 3 on QEMU with the following command line: 
qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img -boot c. It runs 
OK on QEMU 2.10, but immediately gives TRAP 0006 (invalid opcode?) on QEMU 2.11 
(see screenshot).
  If it is important I have Fixpack 40 and GRADD installed in OS/2.
  Here is the image:
  https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1743214/+subscriptions

Re: [Qemu-devel] [PATCH 11/11] sparc64: convert hw/sparc64/sparc64.c from DPRINTF macros to trace events

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/sparc64/sparc64.c| 85 
> -
>  hw/sparc64/trace-events | 18 +++
>  2 files changed, 52 insertions(+), 51 deletions(-)
> 
> diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
> index 95a06f00b2..408388945e 100644
> --- a/hw/sparc64/sparc64.c
> +++ b/hw/sparc64/sparc64.c
> @@ -28,25 +28,9 @@
>  #include "hw/char/serial.h"
>  #include "hw/sparc/sparc64.h"
>  #include "qemu/timer.h"
> +#include "trace.h"
>  
>  
> -//#define DEBUG_IRQ
> -//#define DEBUG_TIMER
> -
> -#ifdef DEBUG_IRQ
> -#define CPUIRQ_DPRINTF(fmt, ...)\
> -do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
> -#else
> -#define CPUIRQ_DPRINTF(fmt, ...)
> -#endif
> -
> -#ifdef DEBUG_TIMER
> -#define TIMER_DPRINTF(fmt, ...)  \
> -do { printf("TIMER: " fmt , ## __VA_ARGS__); } while (0)
> -#else
> -#define TIMER_DPRINTF(fmt, ...)
> -#endif
> -
>  #define TICK_MAX 0x7fffULL
>  
>  void cpu_check_irqs(CPUSPARCState *env)
> @@ -73,8 +57,7 @@ void cpu_check_irqs(CPUSPARCState *env)
> is (2 << psrpil). */
>  if (pil < (2 << env->psrpil)) {
>  if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
> -CPUIRQ_DPRINTF("Reset CPU IRQ (current interrupt %x)\n",
> -   env->interrupt_index);
> +trace_sparc64_cpu_check_irqs_reset_irq(env->interrupt_index);
>  env->interrupt_index = 0;
>  cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
>  }
> @@ -92,22 +75,21 @@ void cpu_check_irqs(CPUSPARCState *env)
>  
>  if (unlikely(env->tl > 0 && cpu_tsptr(env)->tt > 
> new_interrupt
>&& ((cpu_tsptr(env)->tt & 0x1f0) == TT_EXTINT))) {
> -CPUIRQ_DPRINTF("Not setting CPU IRQ: TL=%d "
> -   "current %x >= pending %x\n",
> -   env->tl, cpu_tsptr(env)->tt, 
> new_interrupt);
> +trace_sparc64_cpu_check_irqs_noset_irq(env->tl,
> +  cpu_tsptr(env)->tt,
> +  new_interrupt);

80 cols limit striking again...

>  } else if (old_interrupt != new_interrupt) {
>  env->interrupt_index = new_interrupt;
> -CPUIRQ_DPRINTF("Set CPU IRQ %d old=%x new=%x\n", i,
> -   old_interrupt, new_interrupt);
> +trace_sparc64_cpu_check_irqs_set_irq(i, old_interrupt,
> + new_interrupt);
>  cpu_interrupt(cs, CPU_INTERRUPT_HARD);
>  }
>  break;
>  }
>  }
>  } else if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
> -CPUIRQ_DPRINTF("Interrupts disabled, pil=%08x pil_in=%08x 
> softint=%08x "
> -   "current interrupt %x\n",
> -   pil, env->pil_in, env->softint, env->interrupt_index);
> +trace_sparc64_cpu_check_irqs_disabled(pil, env->pil_in, env->softint,
> +  env->interrupt_index);
>  env->interrupt_index = 0;
>  cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
>  }
> @@ -131,7 +113,7 @@ void sparc64_cpu_set_ivec_irq(void *opaque, int irq, int 
> level)
>  
>  if (level) {
>  if (!(env->ivec_status & 0x20)) {
> -CPUIRQ_DPRINTF("Raise IVEC IRQ %d\n", irq);
> +trace_sparc64_cpu_ivec_raise_irq(irq);
>  cs = CPU(cpu);
>  cs->halted = 0;
>  env->interrupt_index = TT_IVEC;
> @@ -143,7 +125,7 @@ void sparc64_cpu_set_ivec_irq(void *opaque, int irq, int 
> level)
>  }
>  } else {
>  if (env->ivec_status & 0x20) {
> -CPUIRQ_DPRINTF("Lower IVEC IRQ %d\n", irq);
> +trace_sparc64_cpu_ivec_lower_irq(irq);
>  cs = CPU(cpu);
>  env->ivec_status &= ~0x20;
>  cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
> @@ -216,10 +198,10 @@ static void tick_irq(void *opaque)
>  CPUTimer *timer = env->tick;
>  
>  if (timer->disabled) {
> -CPUIRQ_DPRINTF("tick_irq: softint disabled\n");
> +trace_sparc64_cpu_tick_irq_disabled();
>  return;
>  } else {
> -CPUIRQ_DPRINTF("tick: fire\n");
> +trace_sparc64_cpu_tick_irq_fire();
>  }
>  
>  env->softint |= SOFTINT_TIMER;
> @@ -234,10 +216,10 @@ static void stick_irq(void *opaque)
>  CPUTimer *timer = env->stick;
>  
>  if (timer->disabled) {
> -CPUIRQ_DPRINTF("stick_irq: softint disabled\n");
> +trace_sparc64_cpu_stick_irq_disabled();
>  return;
>  } else {
> -CPUIRQ_DPRINTF("stick:

Re: [Qemu-devel] [PATCH 10/11] sabre: convert from SABRE_DPRINTF macro to trace-events

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/pci-host/sabre.c  | 32 ++--
>  hw/pci-host/trace-events | 10 ++
>  2 files changed, 20 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/pci-host/sabre.c b/hw/pci-host/sabre.c
> index 4054c17598..2268a41dd9 100644
> --- a/hw/pci-host/sabre.c
> +++ b/hw/pci-host/sabre.c
> @@ -36,16 +36,7 @@
>  #include "exec/address-spaces.h"
>  #include "qapi/error.h"
>  #include "qemu/log.h"
> -
> -/* debug sabre */
> -//#define DEBUG_SABRE
> -
> -#ifdef DEBUG_SABRE
> -#define SABRE_DPRINTF(fmt, ...) \
> -do { printf("sabre: " fmt , ## __VA_ARGS__); } while (0)
> -#else
> -#define SABRE_DPRINTF(fmt, ...)
> -#endif
> +#include "trace.h"
>  
>  /*
>   * Chipset docs:
> @@ -69,8 +60,7 @@ do { printf("sabre: " fmt , ## __VA_ARGS__); } while (0)
>  
>  static inline void sabre_set_request(SabreState *s, unsigned int irq_num)
>  {
> -SABRE_DPRINTF("%s: request irq %d\n", __func__, irq_num);
> -
> +trace_sabre_set_request(irq_num);
>  s->irq_request = irq_num;
>  qemu_set_irq(s->ivec_irqs[irq_num], 1);
>  }
> @@ -108,7 +98,7 @@ static inline void sabre_check_irqs(SabreState *s)
>  
>  static inline void sabre_clear_request(SabreState *s, unsigned int irq_num)
>  {
> -SABRE_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
> +trace_sabre_clear_request(irq_num);
>  qemu_set_irq(s->ivec_irqs[irq_num], 0);
>  s->irq_request = NO_IRQ_REQUEST;
>  }
> @@ -125,8 +115,7 @@ static void sabre_config_write(void *opaque, hwaddr addr,
>  {
>  SabreState *s = opaque;
>  
> -SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__,
> -  addr, val);
> +trace_sabre_config_write(addr, val);
>  
>  switch (addr & 0x) {
>  case 0x30 ... 0x4f: /* DMA error registers */
> @@ -250,7 +239,7 @@ static uint64_t sabre_config_read(void *opaque,
>  val = 0;
>  break;
>  }
> -SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, 
> val);
> +trace_sabre_config_read(addr, val);
>  
>  return val;
>  }
> @@ -267,8 +256,7 @@ static void sabre_pci_config_write(void *opaque, hwaddr 
> addr,
>  SabreState *s = opaque;
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
>  
> -SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__,
> -  addr, val);
> +trace_sabre_pci_config_write(addr, val);
>  pci_data_write(phb->bus, addr, val, size);
>  }
>  
> @@ -280,7 +268,7 @@ static uint64_t sabre_pci_config_read(void *opaque, 
> hwaddr addr,
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
>  
>  ret = pci_data_read(phb->bus, addr, size);
> -SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, 
> ret);
> +trace_sabre_pci_config_read(addr, ret);
>  return ret;
>  }
>  
> @@ -318,7 +306,8 @@ static void pci_sabre_set_irq(void *opaque, int irq_num, 
> int level)
>  {
>  SabreState *s = opaque;
>  
> -SABRE_DPRINTF("%s: set irq_in %d level %d\n", __func__, irq_num, level);
> +trace_sabre_pci_set_irq(irq_num, level);
> +
>  /* PCI IRQ map onto the first 32 INO.  */
>  if (irq_num < 32) {
>  if (level) {
> @@ -332,8 +321,7 @@ static void pci_sabre_set_irq(void *opaque, int irq_num, 
> int level)
>  } else {
>  /* OBIO IRQ map onto the next 32 INO.  */
>  if (level) {
> -SABRE_DPRINTF("%s: set irq %d level %d\n", __func__, irq_num,
> -  level);
> +trace_sabre_pci_set_obio_irq(irq_num, level);
>  s->pci_irq_in |= 1ULL << irq_num;
>  if ((s->irq_request == NO_IRQ_REQUEST)
>  && (s->obio_irq_map[irq_num - 32] & PBM_PCI_IMR_ENABLED)) {
> diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
> index 9284b1fbad..32dfc84692 100644
> --- a/hw/pci-host/trace-events
> +++ b/hw/pci-host/trace-events
> @@ -1 +1,11 @@
>  # See docs/devel/tracing.txt for syntax documentation.
> +
> +# hw/pci-host/sabre.c
> +sabre_set_request(int irq_num) "request irq %d"

unsigned int irq_num, %u?

or maybe simpler to change sabre_clear_request() to take an int.

> +sabre_clear_request(int irq_num) "clear request irq %d"

ditto.

> +sabre_config_write(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
> 0x%"PRIx64
> +sabre_config_read(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
> 0x%"PRIx64
> +sabre_pci_config_write(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
> 0x%"PRIx64
> +sabre_pci_config_read(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
> 0x%"PRIx64

Cool, you cared about replacing TARGET_FMT_plx by PRIx64 :)

> +sabre_pci_set_irq(int irq_num, int level) "set irq_in %d level %d"
> +sabre_pci_set_obio_irq(int irq_num, int level) "set irq %d level %d"

Reviewed-by: Philippe Mathieu-Daudé

Re: [Qemu-devel] [PATCH 09/11] pci: add trace-events support for hw/pci-host

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 

Not sure this is worth a separate commit (I'd squash it in the next
patch), still:
Reviewed-by: Philippe Mathieu-Daudé 

> CC: Michael S. Tsirkin 
> CC: Marcel Apfelbaum 
> ---
>  Makefile.objs| 1 +
>  hw/pci-host/trace-events | 1 +
>  2 files changed, 2 insertions(+)
>  create mode 100644 hw/pci-host/trace-events
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index c8b1bba593..6aa793ce4f 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -149,6 +149,7 @@ trace-events-subdirs += hw/i386/xen
>  trace-events-subdirs += hw/9pfs
>  trace-events-subdirs += hw/ppc
>  trace-events-subdirs += hw/pci
> +trace-events-subdirs += hw/pci-host
>  trace-events-subdirs += hw/s390x
>  trace-events-subdirs += hw/vfio
>  trace-events-subdirs += hw/acpi
> diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
> new file mode 100644
> index 00..9284b1fbad
> --- /dev/null
> +++ b/hw/pci-host/trace-events
> @@ -0,0 +1 @@
> +# See docs/devel/tracing.txt for syntax documentation.
>

Re: [Qemu-devel] [PATCH 08/11] apb: rename apb.c to sabre.c

Hi Mark,

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> This is the final stage in correcting the naming convention with respect to
> sabre, APB and PBM. It is effectively a file rename from apb.c to sabre.c
> along with touching up a few constants to remove the remaining references
> to APB.
> 
> Note that as part of the rename process the configuration variable
> CONFIG_PCI_APB is changed to CONFIG_PCI_SABRE.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  default-configs/sparc64-softmmu.mak|  2 +-
>  hw/pci-host/Makefile.objs  |  2 +-
>  hw/pci-host/{apb.c => sabre.c} | 57 
> +-
>  hw/sparc64/sun4u.c |  2 +-
>  include/hw/pci-host/{apb.h => sabre.h} |  2 +-
>  5 files changed, 33 insertions(+), 32 deletions(-)
>  rename hw/pci-host/{apb.c => sabre.c} (91%)
>  rename include/hw/pci-host/{apb.h => sabre.h} (97%)
> 
> diff --git a/default-configs/sparc64-softmmu.mak 
> b/default-configs/sparc64-softmmu.mak
> index 9b742a7b41..52edafe547 100644
> --- a/default-configs/sparc64-softmmu.mak
> +++ b/default-configs/sparc64-softmmu.mak
> @@ -11,7 +11,7 @@ CONFIG_PCKBD=y
>  CONFIG_FDC=y
>  CONFIG_IDE_ISA=y
>  CONFIG_IDE_CMD646=y
> -CONFIG_PCI_APB=y
> +CONFIG_PCI_SABRE=y
>  CONFIG_SIMBA=y
>  CONFIG_SUNHME=y
>  CONFIG_MC146818RTC=y
> diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
> index 9c7909cf44..4b69f737b5 100644
> --- a/hw/pci-host/Makefile.objs
> +++ b/hw/pci-host/Makefile.objs
> @@ -11,7 +11,7 @@ common-obj-$(CONFIG_PPCE500_PCI) += ppce500.o
>  # ARM devices
>  common-obj-$(CONFIG_VERSATILE_PCI) += versatile.o
>  
> -common-obj-$(CONFIG_PCI_APB) += apb.o
> +common-obj-$(CONFIG_PCI_SABRE) += sabre.o
>  common-obj-$(CONFIG_FULONG) += bonito.o
>  common-obj-$(CONFIG_PCI_PIIX) += piix.o
>  common-obj-$(CONFIG_PCI_Q35) += q35.o
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/sabre.c
> similarity index 91%
> rename from hw/pci-host/apb.c
> rename to hw/pci-host/sabre.c
> index f6c5dbd469..4054c17598 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/sabre.c
> @@ -1,8 +1,9 @@
>  /*
> - * QEMU Ultrasparc APB PCI host
> + * QEMU Ultrasparc Sabre PCI host (PBM)
>   *
>   * Copyright (c) 2006 Fabrice Bellard
>   * Copyright (c) 2012,2013 Artyom Tarasenko
> + * Copyright (c) 2018 Mark Cave-Ayland
>   *
>   * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
>   * of this software and associated documentation files (the "Software"), to 
> deal
> @@ -23,10 +24,6 @@
>   * THE SOFTWARE.
>   */
>  
> -/* XXX This file and most of its contents are somewhat misnamed.  The
> -   Ultrasparc PCI host is called the PCI Bus Module (PBM).  The APB is
> -   the secondary PCI bridge.  */
> -
>  #include "qemu/osdep.h"
>  #include "hw/sysbus.h"
>  #include "hw/pci/pci.h"
> @@ -34,20 +31,20 @@
>  #include "hw/pci/pci_bridge.h"
>  #include "hw/pci/pci_bus.h"
>  #include "hw/pci-bridge/simba.h"
> -#include "hw/pci-host/apb.h"
> +#include "hw/pci-host/sabre.h"
>  #include "sysemu/sysemu.h"
>  #include "exec/address-spaces.h"
>  #include "qapi/error.h"
>  #include "qemu/log.h"
>  
> -/* debug APB */
> -//#define DEBUG_APB
> +/* debug sabre */
> +//#define DEBUG_SABRE
>  
> -#ifdef DEBUG_APB
> -#define APB_DPRINTF(fmt, ...) \
> -do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
> +#ifdef DEBUG_SABRE
> +#define SABRE_DPRINTF(fmt, ...) \
> +do { printf("sabre: " fmt , ## __VA_ARGS__); } while (0)
>  #else
> -#define APB_DPRINTF(fmt, ...)
> +#define SABRE_DPRINTF(fmt, ...)

I wouldn't worry about APB_DPRINTF and directly remove it in patch #10.

>  #endif
>  
>  /*
> @@ -72,7 +69,7 @@ do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
>  
>  static inline void sabre_set_request(SabreState *s, unsigned int irq_num)
>  {
> -APB_DPRINTF("%s: request irq %d\n", __func__, irq_num);
> +SABRE_DPRINTF("%s: request irq %d\n", __func__, irq_num);
>  
>  s->irq_request = irq_num;
>  qemu_set_irq(s->ivec_irqs[irq_num], 1);
> @@ -111,7 +108,7 @@ static inline void sabre_check_irqs(SabreState *s)
>  
>  static inline void sabre_clear_request(SabreState *s, unsigned int irq_num)
>  {
> -APB_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
> +SABRE_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
>  qemu_set_irq(s->ivec_irqs[irq_num], 0);
>  s->irq_request = NO_IRQ_REQUEST;
>  }
> @@ -128,7 +125,8 @@ static void sabre_config_write(void *opaque, hwaddr addr,
>  {
>  SabreState *s = opaque;
>  
> -APB_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__, 
> addr, val);
> +SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__,
> +  addr, val);
>  
>  switch (addr & 0x) {
>  case 0x30 ... 0x4f: /* DMA error registers */
> @@ -252,7 +250,7 @@ static uint64_t sabre_config_read(void *opaque,
>  val = 0;
>  break;
>  }
> -APB_DPRINTF("%s: addr "

Re: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and tracepoint conversions

On 01/14/2018 08:21 AM, Mark Cave-Ayland wrote:
> On 14/01/18 11:15, no-re...@patchew.org wrote:
>> Hi,
>>
>> This series seems to have some coding style problems. See output below
>> for
>> more information:
>>
>> Type: series
>> Message-id: 20180114104751.21965-1-mark.cave-ayl...@ilande.co.uk
>> Subject: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and
>> tracepoint conversions
> 
> (lots cut)
> 
>> === OUTPUT BEGIN ===
>> Checking PATCH 1/11: apb: split simba PCI bridge into
>> hw/pci-bridge/simba.c...
>> Checking PATCH 2/11: simba: rename PBMPCIBridge and QOM types to
>> reflect simba naming...
>> Checking PATCH 3/11: apb: rename APB functions to use sabre prefix...
>> Checking PATCH 4/11: apb: change pbm_pci_host prefix functions to use
>> sabre_pci prefix...
>> Checking PATCH 5/11: apb: QOMify sabre PCI host bridge...
>> Checking PATCH 6/11: apb: rename QOM type from TYPE_APB to TYPE_SABRE...
>> Checking PATCH 7/11: sun4u: rename apb variables and constants...
>> Checking PATCH 8/11: apb: rename apb.c to sabre.c...
>> ERROR: do not use C99 // comments
>> #86: FILE: hw/pci-host/sabre.c:41:
>> +//#define DEBUG_SABRE
>>
>> total: 1 errors, 0 warnings, 188 lines checked
>>
>> Your patch has style problems, please review.  If any of these errors
>> are false positives report them to the maintainer, see
>> CHECKPATCH in MAINTAINERS.
>>
>> Checking PATCH 9/11: pci: add trace-events support for hw/pci-host...
>> Checking PATCH 10/11: sabre: convert from SABRE_DPRINTF macro to
>> trace-events...
>> Checking PATCH 11/11: sparc64: convert hw/sparc64/sparc64.c from
>> DPRINTF macros to trace events...
>> === OUTPUT END ===
>>
>> Test command exited with code: 1
> 
> This is fine - it's just a side-effect of renaming DEBUG_APB to
> DEBUG_SABRE as part of the APB to sabre rename, and in fact this code is
> completely removed in patch 10 with the conversion to tracepoints.

This can be avoided moving patch #8 after #10, although not worthy IMHO.

Re: [Qemu-devel] [Bug 1743214] [NEW] OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread BALATON Zoltan


On Sun, 14 Jan 2018, MVoloshin wrote:
Hello, I used to run OS/2 Warp 3 on QEMU with the following command 
line: qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img 
-boot c. It runs OK on QEMU 2.10, but immediately gives TRAP 0006 
(invalid opcode?) on QEMU 2.11 (see screenshot).


If it is important I have Fixpack 40 and GRADD installed in OS/2.
Here is the image:
https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5


This image boots for me without problem with latest version from git so 
either it's already fixed or the problem is elsewhere. Can you try latest 
git version? If it still does not work with that maybe you need to provide 
more details, like configure options or what host arch/OS are you on.

Re: [Qemu-devel] [PATCH 07/11] sun4u: rename apb variables and constants

Hi Mark,

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> In order to reflect the previous change of TYPE_APB to TYPE_SABRE, update
> the corresponding variable names to keep the terminology consistent.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/sparc64/sun4u.c | 41 +
>  1 file changed, 21 insertions(+), 20 deletions(-)
> 
> diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
> index b8f685847a..fb18afaaa6 100644
> --- a/hw/sparc64/sun4u.c
> +++ b/hw/sparc64/sun4u.c
> @@ -55,9 +55,9 @@
>  #define CMDLINE_ADDR 0x003ff000
>  #define PROM_SIZE_MAX(4 * 1024 * 1024)
>  #define PROM_VADDR   0x000ffd0ULL
> -#define APB_SPECIAL_BASE 0x1feULL
> -#define APB_MEM_BASE 0x1ffULL
> -#define APB_PCI_IO_BASE  (APB_SPECIAL_BASE + 0x0200ULL)
> +#define PBM_SPECIAL_BASE 0x1feULL
> +#define PBM_MEM_BASE 0x1ffULL
> +#define PBM_PCI_IO_BASE  (PBM_SPECIAL_BASE + 0x0200ULL)
>  #define PROM_FILENAME"openbios-sparc64"
>  #define NVRAM_SIZE   0x2000
>  #define MAX_IDE_BUS  2
> @@ -465,7 +465,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
>  Nvram *nvram;
>  unsigned int i;
>  uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, 
> kernel_entry;
> -SabreState *apb;
> +SabreState *sabre;
>  PCIBus *pci_bus, *pci_busA, *pci_busB;
>  PCIDevice *ebus, *pci_dev;
>  SysBusDevice *s;
> @@ -489,23 +489,24 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
>  prom_init(hwdef->prom_addr, bios_name);
>  
>  /* Init sabre (PCI host bridge) */
> -apb = SABRE_DEVICE(qdev_create(NULL, TYPE_SABRE));
> -qdev_prop_set_uint64(DEVICE(apb), "special-base", APB_SPECIAL_BASE);
> -qdev_prop_set_uint64(DEVICE(apb), "mem-base", APB_MEM_BASE);
> -object_property_set_link(OBJECT(apb), OBJECT(iommu), "iommu", 
> _abort);
> -qdev_init_nofail(DEVICE(apb));
> +sabre = SABRE_DEVICE(qdev_create(NULL, TYPE_SABRE));
> +qdev_prop_set_uint64(DEVICE(sabre), "special-base", PBM_SPECIAL_BASE);
> +qdev_prop_set_uint64(DEVICE(sabre), "mem-base", PBM_MEM_BASE);
> +object_property_set_link(OBJECT(sabre), OBJECT(iommu), "iommu",
> + _abort);
> +qdev_init_nofail(DEVICE(sabre));
>  
>  /* Wire up PCI interrupts to CPU */
>  for (i = 0; i < IVEC_MAX; i++) {
> -qdev_connect_gpio_out_named(DEVICE(apb), "ivec-irq", i,
> +qdev_connect_gpio_out_named(DEVICE(sabre), "ivec-irq", i,
>  qdev_get_gpio_in_named(DEVICE(cpu), "ivec-irq", i));
>  }
>  
> -pci_bus = PCI_HOST_BRIDGE(apb)->bus;
> -pci_busA = pci_bridge_get_sec_bus(apb->bridgeA);
> -pci_busB = pci_bridge_get_sec_bus(apb->bridgeB);
> +pci_bus = PCI_HOST_BRIDGE(sabre)->bus;
> +pci_busA = pci_bridge_get_sec_bus(sabre->bridgeA);
> +pci_busB = pci_bridge_get_sec_bus(sabre->bridgeB);
>  
> -/* Only in-built Simba PBMs can exist on the root bus, slot 0 on busA is
> +/* Only in-built Simba APBs can exist on the root bus, slot 0 on busA is

This single change might go in patch #2 instead.

Anyway:
Reviewed-by: Philippe Mathieu-Daudé 

> reserved (leaving no slots free after on-board devices) however slots
> 0-3 are free on busB */
>  pci_bus->slot_reserved_mask = 0xfffc;
> @@ -517,17 +518,17 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
>   hwdef->console_serial_base);
>  qdev_init_nofail(DEVICE(ebus));
>  
> -/* Wire up "well-known" ISA IRQs to APB legacy obio IRQs */
> +/* Wire up "well-known" ISA IRQs to PBM legacy obio IRQs */
>  qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 7,
> -qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_LPT_IRQ));
> +qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_LPT_IRQ));
>  qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 6,
> -qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_FDD_IRQ));
> +qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_FDD_IRQ));
>  qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 1,
> -qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_KBD_IRQ));
> +qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_KBD_IRQ));
>  qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 12,
> -qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_MSE_IRQ));
> +qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_MSE_IRQ));
>  qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 4,
> -qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_SER_IRQ));
> +qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_SER_IRQ));
>  
>  pci_dev = pci_create_simple(pci_busA, PCI_DEVFN(2, 0), "VGA");
>  
>

Re: [Qemu-devel] [PATCH 06/11] apb: rename QOM type from TYPE_APB to TYPE_SABRE

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Similarly rename the corresponding APBState typedef to SabreState.
> 
> Signed-off-by: Mark Cave-Ayland 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/pci-host/apb.c | 30 +++---
>  hw/sparc64/sun4u.c|  6 +++---
>  include/hw/pci-host/apb.h | 10 +-
>  3 files changed, 23 insertions(+), 23 deletions(-)
> 
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
> index 36c6251816..f6c5dbd469 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/apb.c
> @@ -70,7 +70,7 @@ do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
>  
>  #define NO_IRQ_REQUEST (MAX_IVEC + 1)
>  
> -static inline void sabre_set_request(APBState *s, unsigned int irq_num)
> +static inline void sabre_set_request(SabreState *s, unsigned int irq_num)
>  {
>  APB_DPRINTF("%s: request irq %d\n", __func__, irq_num);
>  
> @@ -78,7 +78,7 @@ static inline void sabre_set_request(APBState *s, unsigned 
> int irq_num)
>  qemu_set_irq(s->ivec_irqs[irq_num], 1);
>  }
>  
> -static inline void sabre_check_irqs(APBState *s)
> +static inline void sabre_check_irqs(SabreState *s)
>  {
>  unsigned int i;
>  
> @@ -109,7 +109,7 @@ static inline void sabre_check_irqs(APBState *s)
>  }
>  }
>  
> -static inline void sabre_clear_request(APBState *s, unsigned int irq_num)
> +static inline void sabre_clear_request(SabreState *s, unsigned int irq_num)
>  {
>  APB_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
>  qemu_set_irq(s->ivec_irqs[irq_num], 0);
> @@ -126,7 +126,7 @@ static AddressSpace *sabre_pci_dma_iommu(PCIBus *bus, 
> void *opaque, int devfn)
>  static void sabre_config_write(void *opaque, hwaddr addr,
> uint64_t val, unsigned size)
>  {
> -APBState *s = opaque;
> +SabreState *s = opaque;
>  
>  APB_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__, 
> addr, val);
>  
> @@ -204,7 +204,7 @@ static void sabre_config_write(void *opaque, hwaddr addr,
>  static uint64_t sabre_config_read(void *opaque,
>hwaddr addr, unsigned size)
>  {
> -APBState *s = opaque;
> +SabreState *s = opaque;
>  uint32_t val;
>  
>  switch (addr & 0x) {
> @@ -266,7 +266,7 @@ static const MemoryRegionOps sabre_config_ops = {
>  static void sabre_pci_config_write(void *opaque, hwaddr addr,
> uint64_t val, unsigned size)
>  {
> -APBState *s = opaque;
> +SabreState *s = opaque;
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
>  
>  APB_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__, 
> addr, val);
> @@ -277,7 +277,7 @@ static uint64_t sabre_pci_config_read(void *opaque, 
> hwaddr addr,
>unsigned size)
>  {
>  uint32_t ret;
> -APBState *s = opaque;
> +SabreState *s = opaque;
>  PCIHostState *phb = PCI_HOST_BRIDGE(s);
>  
>  ret = pci_data_read(phb->bus, addr, size);
> @@ -317,7 +317,7 @@ static int pci_simbaB_map_irq(PCIDevice *pci_dev, int 
> irq_num)
>  
>  static void pci_sabre_set_irq(void *opaque, int irq_num, int level)
>  {
> -APBState *s = opaque;
> +SabreState *s = opaque;
>  
>  APB_DPRINTF("%s: set irq_in %d level %d\n", __func__, irq_num, level);
>  /* PCI IRQ map onto the first 32 INO.  */
> @@ -347,7 +347,7 @@ static void pci_sabre_set_irq(void *opaque, int irq_num, 
> int level)
>  
>  static void sabre_reset(DeviceState *d)
>  {
> -APBState *s = APB_DEVICE(d);
> +SabreState *s = SABRE_DEVICE(d);
>  PCIDevice *pci_dev;
>  unsigned int i;
>  uint16_t cmd;
> @@ -385,7 +385,7 @@ static const MemoryRegionOps pci_config_ops = {
>  
>  static void sabre_realize(DeviceState *dev, Error **errp)
>  {
> -APBState *s = APB_DEVICE(dev);
> +SabreState *s = SABRE_DEVICE(dev);
>  PCIHostState *phb = PCI_HOST_BRIDGE(dev);
>  SysBusDevice *sbd = SYS_BUS_DEVICE(s);
>  PCIDevice *pci_dev;
> @@ -430,7 +430,7 @@ static void sabre_realize(DeviceState *dev, Error **errp)
>  
>  static void sabre_init(Object *obj)
>  {
> -APBState *s = APB_DEVICE(obj);
> +SabreState *s = SABRE_DEVICE(obj);
>  SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
>  unsigned int i;
>  
> @@ -509,8 +509,8 @@ static const TypeInfo sabre_pci_info = {
>  };
>  
>  static Property sabre_properties[] = {
> -DEFINE_PROP_UINT64("special-base", APBState, special_base, 0),
> -DEFINE_PROP_UINT64("mem-base", APBState, mem_base, 0),
> +DEFINE_PROP_UINT64("special-base", SabreState, special_base, 0),
> +DEFINE_PROP_UINT64("mem-base", SabreState, mem_base, 0),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> @@ -525,9 +525,9 @@ static void sabre_class_init(ObjectClass *klass, void 
> *data)
>  }
>  
>  static const TypeInfo sabre_info = {
> -.name  = TYPE_APB,
> +.name  = TYPE_SABRE,
>  .parent=

Re: [Qemu-devel] [PATCH 05/11] apb: QOMify sabre PCI host bridge

Hi Mark,

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 

This device is already QOM'ified, but now the QOM abstract inheritance
is clearer, so:
Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/pci-host/apb.c |  6 +++---
>  include/hw/pci-host/apb.h | 14 +++---
>  2 files changed, 14 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
> index 98c5f344f7..36c6251816 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/apb.c
> @@ -407,7 +407,7 @@ static void sabre_realize(DeviceState *dev, Error **errp)
>   >pci_ioport,
>   0, 32, TYPE_PCI_BUS);
>  
> -pci_create_simple(phb->bus, 0, "pbm-pci");
> +pci_create_simple(phb->bus, 0, TYPE_SABRE_PCI_DEVICE);
>  
>  /* IOMMU */
>  memory_region_add_subregion_overlap(>apb_config, 0x200,
> @@ -498,9 +498,9 @@ static void sabre_pci_class_init(ObjectClass *klass, void 
> *data)
>  }
>  
>  static const TypeInfo sabre_pci_info = {
> -.name  = "pbm-pci",
> +.name  = TYPE_SABRE_PCI_DEVICE,
>  .parent= TYPE_PCI_DEVICE,
> -.instance_size = sizeof(PCIDevice),
> +.instance_size = sizeof(SabrePCIState),
>  .class_init= sabre_pci_class_init,
>  .interfaces = (InterfaceInfo[]) {
>  { INTERFACE_CONVENTIONAL_PCI_DEVICE },
> diff --git a/include/hw/pci-host/apb.h b/include/hw/pci-host/apb.h
> index 41de012396..470863639a 100644
> --- a/include/hw/pci-host/apb.h
> +++ b/include/hw/pci-host/apb.h
> @@ -14,9 +14,13 @@
>  #define OBIO_MSE_IRQ 0x2a
>  #define OBIO_SER_IRQ 0x2b
>  
> -#define TYPE_APB "pbm"
> -#define APB_DEVICE(obj) \
> -OBJECT_CHECK(APBState, (obj), TYPE_APB)
> +typedef struct SabrePCIState {
> +PCIDevice parent_obj;
> +} SabrePCIState;
> +
> +#define TYPE_SABRE_PCI_DEVICE "sabre-pci"
> +#define SABRE_PCI_DEVICE(obj) \
> +OBJECT_CHECK(SabrePCIState, (obj), TYPE_SABRE_PCI_DEVICE)
>  
>  typedef struct APBState {
>  PCIHostState parent_obj;
> @@ -41,4 +45,8 @@ typedef struct APBState {
>  unsigned int nr_resets;
>  } APBState;
>  
> +#define TYPE_APB "apb"
> +#define APB_DEVICE(obj) \
> +OBJECT_CHECK(APBState, (obj), TYPE_APB)
> +
>  #endif
>

Re: [Qemu-devel] [PATCH 04/11] apb: change pbm_pci_host prefix functions to use sabre_pci prefix

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> This is the proper name for the PBM host bridge as referenced in the Sun
> documentation.
> 
> Signed-off-by: Mark Cave-Ayland 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/pci-host/apb.c | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
> index d5c459a2df..98c5f344f7 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/apb.c
> @@ -472,7 +472,7 @@ static void sabre_init(Object *obj)
>  sysbus_init_mmio(sbd, >pci_ioport);
>  }
>  
> -static void sabre_pci_host_realize(PCIDevice *d, Error **errp)
> +static void sabre_pci_realize(PCIDevice *d, Error **errp)
>  {
>  pci_set_word(d->config + PCI_COMMAND,
>   PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
> @@ -481,12 +481,12 @@ static void sabre_pci_host_realize(PCIDevice *d, Error 
> **errp)
>   PCI_STATUS_DEVSEL_MEDIUM);
>  }
>  
> -static void sabre_pci_host_class_init(ObjectClass *klass, void *data)
> +static void sabre_pci_class_init(ObjectClass *klass, void *data)
>  {
>  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  
> -k->realize = sabre_pci_host_realize;
> +k->realize = sabre_pci_realize;
>  k->vendor_id = PCI_VENDOR_ID_SUN;
>  k->device_id = PCI_DEVICE_ID_SUN_SABRE;
>  k->class_id = PCI_CLASS_BRIDGE_HOST;
> @@ -497,11 +497,11 @@ static void sabre_pci_host_class_init(ObjectClass 
> *klass, void *data)
>  dc->user_creatable = false;
>  }
>  
> -static const TypeInfo pbm_pci_host_info = {
> +static const TypeInfo sabre_pci_info = {
>  .name  = "pbm-pci",
>  .parent= TYPE_PCI_DEVICE,
>  .instance_size = sizeof(PCIDevice),
> -.class_init= sabre_pci_host_class_init,
> +.class_init= sabre_pci_class_init,
>  .interfaces = (InterfaceInfo[]) {
>  { INTERFACE_CONVENTIONAL_PCI_DEVICE },
>  { },
> @@ -535,7 +535,7 @@ static const TypeInfo sabre_info = {
>  static void sabre_register_types(void)
>  {
>  type_register_static(_info);
> -type_register_static(_pci_host_info);
> +type_register_static(_pci_info);
>  }
>  
>  type_init(sabre_register_types)
>

Re: [Qemu-devel] [PATCH 03/11] apb: rename APB functions to use sabre prefix

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> As hinted in the comment at the top of the file, the naming convention for the
> APB types/QOM functions isn't correct. As a starting point we can at least
> rename the APB type and related functions to improve the readability of apb.c.

comment you remove later, ok.

> 
> Signed-off-by: Mark Cave-Ayland 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/pci-host/apb.c | 109 
> +++---
>  include/hw/pci-host/apb.h |   1 -
>  2 files changed, 54 insertions(+), 56 deletions(-)
> 
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
> index 43ee42d170..d5c459a2df 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/apb.c
> @@ -70,7 +70,7 @@ do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
>  
>  #define NO_IRQ_REQUEST (MAX_IVEC + 1)
>  
> -static inline void pbm_set_request(APBState *s, unsigned int irq_num)
> +static inline void sabre_set_request(APBState *s, unsigned int irq_num)
>  {
>  APB_DPRINTF("%s: request irq %d\n", __func__, irq_num);
>  
> @@ -78,14 +78,13 @@ static inline void pbm_set_request(APBState *s, unsigned 
> int irq_num)
>  qemu_set_irq(s->ivec_irqs[irq_num], 1);
>  }
>  
> -static inline void pbm_check_irqs(APBState *s)
> +static inline void sabre_check_irqs(APBState *s)
>  {
> -
>  unsigned int i;
>  
>  /* Previous request is not acknowledged, resubmit */
>  if (s->irq_request != NO_IRQ_REQUEST) {
> -pbm_set_request(s, s->irq_request);
> +sabre_set_request(s, s->irq_request);
>  return;
>  }
>  /* no request pending */
> @@ -95,7 +94,7 @@ static inline void pbm_check_irqs(APBState *s)
>  for (i = 0; i < 32; i++) {
>  if (s->pci_irq_in & (1ULL << i)) {
>  if (s->pci_irq_map[i >> 2] & PBM_PCI_IMR_ENABLED) {
> -pbm_set_request(s, i);
> +sabre_set_request(s, i);
>  return;
>  }
>  }
> @@ -103,28 +102,28 @@ static inline void pbm_check_irqs(APBState *s)
>  for (i = 32; i < 64; i++) {
>  if (s->pci_irq_in & (1ULL << i)) {
>  if (s->obio_irq_map[i - 32] & PBM_PCI_IMR_ENABLED) {
> -pbm_set_request(s, i);
> +sabre_set_request(s, i);
>  break;
>  }
>  }
>  }
>  }
>  
> -static inline void pbm_clear_request(APBState *s, unsigned int irq_num)
> +static inline void sabre_clear_request(APBState *s, unsigned int irq_num)
>  {
>  APB_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
>  qemu_set_irq(s->ivec_irqs[irq_num], 0);
>  s->irq_request = NO_IRQ_REQUEST;
>  }
>  
> -static AddressSpace *pbm_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
> +static AddressSpace *sabre_pci_dma_iommu(PCIBus *bus, void *opaque, int 
> devfn)
>  {
>  IOMMUState *is = opaque;
>  
>  return >iommu_as;
>  }
>  
> -static void apb_config_writel (void *opaque, hwaddr addr,
> +static void sabre_config_write(void *opaque, hwaddr addr,
> uint64_t val, unsigned size)
>  {
>  APBState *s = opaque;
> @@ -141,9 +140,9 @@ static void apb_config_writel (void *opaque, hwaddr addr,
>  s->pci_irq_map[ino] &= PBM_PCI_IMR_MASK;
>  s->pci_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
>  if ((s->irq_request == ino) && !(val & ~PBM_PCI_IMR_MASK)) {
> -pbm_clear_request(s, ino);
> +sabre_clear_request(s, ino);
>  }
> -pbm_check_irqs(s);
> +sabre_check_irqs(s);
>  }
>  break;
>  case 0x1000 ... 0x107f: /* OBIO interrupt control */
> @@ -153,17 +152,17 @@ static void apb_config_writel (void *opaque, hwaddr 
> addr,
>  s->obio_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
>  if ((s->irq_request == (ino | 0x20))
>   && !(val & ~PBM_PCI_IMR_MASK)) {
> -pbm_clear_request(s, ino | 0x20);
> +sabre_clear_request(s, ino | 0x20);
>  }
> -pbm_check_irqs(s);
> +sabre_check_irqs(s);
>  }
>  break;
>  case 0x1400 ... 0x14ff: /* PCI interrupt clear */
>  if (addr & 4) {
>  unsigned int ino = (addr & 0xff) >> 5;
>  if ((s->irq_request / 4)  == ino) {
> -pbm_clear_request(s, s->irq_request);
> -pbm_check_irqs(s);
> +sabre_clear_request(s, s->irq_request);
> +sabre_check_irqs(s);
>  }
>  }
>  break;
> @@ -171,8 +170,8 @@ static void apb_config_writel (void *opaque, hwaddr addr,
>  if (addr & 4) {
>  unsigned int ino = ((addr & 0xff) >> 3) | 0x20;
>  if (s->irq_request == ino) {
> -pbm_clear_request(s, ino);
> -pbm_check_irqs(s);
> +sabre_clear_request(s, ino);
> +

Re: [Qemu-devel] [PATCH 02/11] simba: rename PBMPCIBridge and QOM types to reflect simba naming

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Here we rename PBMPCIBridge to SimbaPCIBridge and the QOM type from
> TYPE_PBM_PCI_BRIDGE to TYPE_SIMBA_PCI_BRIDGE in improve the clarity
> of the device name.
> 
> Also touch up the relevant spots in apb.c and various other function
> names as appropriate.
> 
> Signed-off-by: Mark Cave-Ayland 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/pci-bridge/simba.c | 22 +++---
>  hw/pci-host/apb.c | 12 ++--
>  include/hw/pci-bridge/simba.h | 10 +-
>  3 files changed, 22 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/pci-bridge/simba.c b/hw/pci-bridge/simba.c
> index 05ba6f0f34..dea4c8c5e7 100644
> --- a/hw/pci-bridge/simba.c
> +++ b/hw/pci-bridge/simba.c
> @@ -36,7 +36,7 @@
>   * http://www.sun.com/processors/manuals/805-1251.pdf
>   */
>  
> -static void apb_pci_bridge_realize(PCIDevice *dev, Error **errp)
> +static void simba_pci_bridge_realize(PCIDevice *dev, Error **errp)
>  {
>  /*
>   * command register:
> @@ -47,7 +47,7 @@ static void apb_pci_bridge_realize(PCIDevice *dev, Error 
> **errp)
>   *   the reset value should be zero unless the boot pin is tied high
>   *   (which is true) and thus it should be PCI_COMMAND_MEMORY.
>   */
> -PBMPCIBridge *br = PBM_PCI_BRIDGE(dev);
> +SimbaPCIBridge *br = SIMBA_PCI_BRIDGE(dev);
>  
>  pci_bridge_initfn(dev, TYPE_PCI_BUS);
>  
> @@ -65,12 +65,12 @@ static void apb_pci_bridge_realize(PCIDevice *dev, Error 
> **errp)
>  pci_bridge_update_mappings(PCI_BRIDGE(br));
>  }
>  
> -static void pbm_pci_bridge_class_init(ObjectClass *klass, void *data)
> +static void simba_pci_bridge_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
>  
> -k->realize = apb_pci_bridge_realize;
> +k->realize = simba_pci_bridge_realize;
>  k->exit = pci_bridge_exitfn;
>  k->vendor_id = PCI_VENDOR_ID_SUN;
>  k->device_id = PCI_DEVICE_ID_SUN_SIMBA;
> @@ -82,20 +82,20 @@ static void pbm_pci_bridge_class_init(ObjectClass *klass, 
> void *data)
>  dc->vmsd = _pci_device;
>  }
>  
> -static const TypeInfo pbm_pci_bridge_info = {
> -.name  = TYPE_PBM_PCI_BRIDGE,
> +static const TypeInfo simba_pci_bridge_info = {
> +.name  = TYPE_SIMBA_PCI_BRIDGE,
>  .parent= TYPE_PCI_BRIDGE,
> -.class_init= pbm_pci_bridge_class_init,
> -.instance_size = sizeof(PBMPCIBridge),
> +.class_init= simba_pci_bridge_class_init,
> +.instance_size = sizeof(SimbaPCIBridge),
>  .interfaces = (InterfaceInfo[]) {
>  { INTERFACE_CONVENTIONAL_PCI_DEVICE },
>  { },
>  },
>  };
>  
> -static void pbm_register_types(void)
> +static void simba_register_types(void)
>  {
> -type_register_static(_pci_bridge_info);
> +type_register_static(_pci_bridge_info);
>  }
>  
> -type_init(pbm_register_types)
> +type_init(simba_register_types)
> diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
> index 3a5c046794..43ee42d170 100644
> --- a/hw/pci-host/apb.c
> +++ b/hw/pci-host/apb.c
> @@ -293,7 +293,7 @@ static int pci_apb_map_irq(PCIDevice *pci_dev, int 
> irq_num)
>  return irq_num;
>  }
>  
> -static int pci_pbmA_map_irq(PCIDevice *pci_dev, int irq_num)
> +static int pci_simbaA_map_irq(PCIDevice *pci_dev, int irq_num)
>  {
>  /* The on-board devices have fixed (legacy) OBIO intnos */
>  switch (PCI_SLOT(pci_dev->devfn)) {
> @@ -311,7 +311,7 @@ static int pci_pbmA_map_irq(PCIDevice *pci_dev, int 
> irq_num)
>  return ((PCI_SLOT(pci_dev->devfn) << 2) + irq_num) & 0x1f;
>  }
>  
> -static int pci_pbmB_map_irq(PCIDevice *pci_dev, int irq_num)
> +static int pci_simbaB_map_irq(PCIDevice *pci_dev, int irq_num)
>  {
>  return (0x10 + (PCI_SLOT(pci_dev->devfn) << 2) + irq_num) & 0x1f;
>  }
> @@ -417,15 +417,15 @@ static void pci_pbm_realize(DeviceState *dev, Error 
> **errp)
>  
>  /* APB secondary busses */
>  pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 0), true,
> -   TYPE_PBM_PCI_BRIDGE);
> +   TYPE_SIMBA_PCI_BRIDGE);
>  s->bridgeB = PCI_BRIDGE(pci_dev);
> -pci_bridge_map_irq(s->bridgeB, "pciB", pci_pbmB_map_irq);
> +pci_bridge_map_irq(s->bridgeB, "pciB", pci_simbaB_map_irq);
>  qdev_init_nofail(_dev->qdev);
>  
>  pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 1), true,
> -   TYPE_PBM_PCI_BRIDGE);
> +   TYPE_SIMBA_PCI_BRIDGE);
>  s->bridgeA = PCI_BRIDGE(pci_dev);
> -pci_bridge_map_irq(s->bridgeA, "pciA", pci_pbmA_map_irq);
> +pci_bridge_map_irq(s->bridgeA, "pciA", pci_simbaA_map_irq);
>  qdev_init_nofail(_dev->qdev);
>  }
>  
> diff --git a/include/hw/pci-bridge/simba.h b/include/hw/pci-bridge/simba.h
> index 5ab1330236..fac56ab1cf

Re: [Qemu-devel] [PATCH 01/11] apb: split simba PCI bridge into hw/pci-bridge/simba.c

Hi Mark,

On 01/14/2018 07:47 AM, Mark Cave-Ayland wrote:
> Move the QOM type and macros into a new include/hw/pci-bridge/simba.h
> file, and add a new CONFIG_SIMBA Makefile.objs variable which is enabled
> for sparc64-softmmu builds only.
> 
> Signed-off-by: Mark Cave-Ayland 
> CC: Michael S. Tsirkin 
> CC: Marcel Apfelbaum 
> ---
>  default-configs/sparc64-softmmu.mak |   1 +
>  hw/pci-bridge/Makefile.objs |   2 +
>  hw/pci-bridge/simba.c   | 101 
> 
>  hw/pci-host/apb.c   |  62 +-
>  include/hw/pci-bridge/simba.h   |  38 ++
>  include/hw/pci-host/apb.h   |   9 

I recommend you to use the scripts/git.orderfile, such code movement
result slightly easier to review.

>  6 files changed, 143 insertions(+), 70 deletions(-)
>  create mode 100644 hw/pci-bridge/simba.c
>  create mode 100644 include/hw/pci-bridge/simba.h
> 
> diff --git a/default-configs/sparc64-softmmu.mak 
> b/default-configs/sparc64-softmmu.mak
> index 3e177bbd7b..9b742a7b41 100644
> --- a/default-configs/sparc64-softmmu.mak
> +++ b/default-configs/sparc64-softmmu.mak
> @@ -12,6 +12,7 @@ CONFIG_FDC=y
>  CONFIG_IDE_ISA=y
>  CONFIG_IDE_CMD646=y
>  CONFIG_PCI_APB=y
> +CONFIG_SIMBA=y
>  CONFIG_SUNHME=y
>  CONFIG_MC146818RTC=y
>  CONFIG_ISA_TESTDEV=y
> diff --git a/hw/pci-bridge/Makefile.objs b/hw/pci-bridge/Makefile.objs
> index 1b05023662..47065f87d9 100644
> --- a/hw/pci-bridge/Makefile.objs
> +++ b/hw/pci-bridge/Makefile.objs
> @@ -6,3 +6,5 @@ common-obj-$(CONFIG_IOH3420) += ioh3420.o
>  common-obj-$(CONFIG_I82801B11) += i82801b11.o
>  # NewWorld PowerMac
>  common-obj-$(CONFIG_DEC_PCI) += dec.o
> +# Sun4u
> +common-obj-$(CONFIG_SIMBA) += simba.o
> diff --git a/hw/pci-bridge/simba.c b/hw/pci-bridge/simba.c
> new file mode 100644
> index 00..05ba6f0f34
> --- /dev/null
> +++ b/hw/pci-bridge/simba.c
> @@ -0,0 +1,101 @@
> +/*
> + * QEMU Simba PCI bridge
> + *
> + * Copyright (c) 2006 Fabrice Bellard
> + * Copyright (c) 2012,2013 Artyom Tarasenko
> + * Copyright (c) 2018 Mark Cave-Ayland
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/pci/pci.h"
> +#include "hw/pci/pci_bridge.h"
> +#include "hw/pci/pci_bus.h"
> +#include "hw/pci-bridge/simba.h"
> +
> +/*
> + * Chipset docs:
> + * APB: "Advanced PCI Bridge (APB) User's Manual",
> + * http://www.sun.com/processors/manuals/805-1251.pdf
> + */
> +
> +static void apb_pci_bridge_realize(PCIDevice *dev, Error **errp)
> +{
> +/*
> + * command register:
> + * According to PCI bridge spec, after reset
> + *   bus master bit is off
> + *   memory space enable bit is off
> + * According to manual (805-1251.pdf).
> + *   the reset value should be zero unless the boot pin is tied high
> + *   (which is true) and thus it should be PCI_COMMAND_MEMORY.
> + */
> +PBMPCIBridge *br = PBM_PCI_BRIDGE(dev);
> +
> +pci_bridge_initfn(dev, TYPE_PCI_BUS);
> +
> +pci_set_word(dev->config + PCI_COMMAND, PCI_COMMAND_MEMORY);
> +pci_set_word(dev->config + PCI_STATUS,
> + PCI_STATUS_FAST_BACK | PCI_STATUS_66MHZ |
> + PCI_STATUS_DEVSEL_MEDIUM);
> +
> +/* Allow 32-bit IO addresses */
> +pci_set_word(dev->config + PCI_IO_BASE, PCI_IO_RANGE_TYPE_32);
> +pci_set_word(dev->config + PCI_IO_LIMIT, PCI_IO_RANGE_TYPE_32);
> +pci_set_word(dev->wmask + PCI_IO_BASE_UPPER16, 0x);
> +pci_set_word(dev->wmask + PCI_IO_LIMIT_UPPER16, 0x);
> +
> +pci_bridge_update_mappings(PCI_BRIDGE(br));
> +}
> +
> +static void pbm_pci_bridge_class_init(ObjectClass *klass, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(klass);
> +PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
> +
> +k->realize = apb_pci_bridge_realize;

[Qemu-devel] [Bug 1743214] [NEW] OS/2 Warp 3 support broken in 2.11

2018-01-14 Thread MVoloshin

Public bug reported:

Hello, I used to run OS/2 Warp 3 on QEMU with the following command line: 
qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img -boot c. It runs 
OK on QEMU 2.10, but immediately gives TRAP 0006 (invalid opcode?) on QEMU 2.11 
(see screenshot).
If it is important I have Fixpack 40 and GRADD installed in OS/2.
Here is the image:
https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: broken i386 os2 support trap warp

** Attachment added: "trap.PNG"
   https://bugs.launchpad.net/bugs/1743214/+attachment/5036800/+files/trap.PNG

** Tags added: i386

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1743214

Title:
  OS/2 Warp 3 support broken in 2.11

Status in QEMU:
  New

Bug description:
  Hello, I used to run OS/2 Warp 3 on QEMU with the following command line: 
qemu-system-i386 -vga cirrus -soundhw sb16 -hda os2warp3v2.img -boot c. It runs 
OK on QEMU 2.10, but immediately gives TRAP 0006 (invalid opcode?) on QEMU 2.11 
(see screenshot).
  If it is important I have Fixpack 40 and GRADD installed in OS/2.
  Here is the image:
  https://drive.google.com/open?id=15umPecy7JlPLKUP6520MB_87CfrCDWO5

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1743214/+subscriptions

Re: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and tracepoint conversions


On 14/01/18 11:15, no-re...@patchew.org wrote:

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180114104751.21965-1-mark.cave-ayl...@ilande.co.uk
Subject: [Qemu-devel] [PATCH 00/11] sun4u: APB tidy-up/rename and tracepoint 
conversions


(lots cut)


=== OUTPUT BEGIN ===
Checking PATCH 1/11: apb: split simba PCI bridge into hw/pci-bridge/simba.c...
Checking PATCH 2/11: simba: rename PBMPCIBridge and QOM types to reflect simba 
naming...
Checking PATCH 3/11: apb: rename APB functions to use sabre prefix...
Checking PATCH 4/11: apb: change pbm_pci_host prefix functions to use sabre_pci 
prefix...
Checking PATCH 5/11: apb: QOMify sabre PCI host bridge...
Checking PATCH 6/11: apb: rename QOM type from TYPE_APB to TYPE_SABRE...
Checking PATCH 7/11: sun4u: rename apb variables and constants...
Checking PATCH 8/11: apb: rename apb.c to sabre.c...
ERROR: do not use C99 // comments
#86: FILE: hw/pci-host/sabre.c:41:
+//#define DEBUG_SABRE

total: 1 errors, 0 warnings, 188 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 9/11: pci: add trace-events support for hw/pci-host...
Checking PATCH 10/11: sabre: convert from SABRE_DPRINTF macro to trace-events...
Checking PATCH 11/11: sparc64: convert hw/sparc64/sparc64.c from DPRINTF macros 
to trace events...
=== OUTPUT END ===

Test command exited with code: 1


This is fine - it's just a side-effect of renaming DEBUG_APB to 
DEBUG_SABRE as part of the APB to sabre rename, and in fact this code is 
completely removed in patch 10 with the conversion to tracepoints.



ATB,

Mark.

[Qemu-devel] [Bug 1654137] Re: Ctrl-A b not working in 2.8.0

2018-01-14 Thread Andreas Gustafsson

This is broken again as of revision
7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac.

Bisection shows it was broken by commit 
df85a78bf83d85627de27f492e78e73bbbd3df4a,
"char: move mux to its own file".  Somewhat confusingly, this commit predates 
the fix
(fb5e19d2e1472e96d72d5e4d89c20033f8ab345c), but it is part of a branch that was 
merged
after the fix, in merge commit 2d6752d38d8acda6aae674a72b72be05482a58eb.  
Apparently
this caused a reversion to an old version of the mux code that still has the 
bug.

Credit for discovering the regression goes to Paul Goyette.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1654137

Title:
  Ctrl-A b not working in 2.8.0

Status in QEMU:
  Fix Released

Bug description:
  With a recent update from 2.7.0 to 2.8.0 I have discovered that I can
  no longer send a "break" to the VM.  Ctrl-A b is simply ignored.
  Other Ctrl-A sequences seem to work correctly.

  This is on a NetBSD amd64 system, version 7.99.53, and qemu was
  installed on this system from source.

  Reverting to the previous install restores "break" capability.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1654137/+subscriptions

[Qemu-devel] [PATCH 09/11] pci: add trace-events support for hw/pci-host

Signed-off-by: Mark Cave-Ayland 
CC: Michael S. Tsirkin 
CC: Marcel Apfelbaum 
---
 Makefile.objs| 1 +
 hw/pci-host/trace-events | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 hw/pci-host/trace-events

diff --git a/Makefile.objs b/Makefile.objs
index c8b1bba593..6aa793ce4f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -149,6 +149,7 @@ trace-events-subdirs += hw/i386/xen
 trace-events-subdirs += hw/9pfs
 trace-events-subdirs += hw/ppc
 trace-events-subdirs += hw/pci
+trace-events-subdirs += hw/pci-host
 trace-events-subdirs += hw/s390x
 trace-events-subdirs += hw/vfio
 trace-events-subdirs += hw/acpi
diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
new file mode 100644
index 00..9284b1fbad
--- /dev/null
+++ b/hw/pci-host/trace-events
@@ -0,0 +1 @@
+# See docs/devel/tracing.txt for syntax documentation.
-- 
2.11.0

[Qemu-devel] [PATCH 10/11] sabre: convert from SABRE_DPRINTF macro to trace-events

Signed-off-by: Mark Cave-Ayland 
---
 hw/pci-host/sabre.c  | 32 ++--
 hw/pci-host/trace-events | 10 ++
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/hw/pci-host/sabre.c b/hw/pci-host/sabre.c
index 4054c17598..2268a41dd9 100644
--- a/hw/pci-host/sabre.c
+++ b/hw/pci-host/sabre.c
@@ -36,16 +36,7 @@
 #include "exec/address-spaces.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
-
-/* debug sabre */
-//#define DEBUG_SABRE
-
-#ifdef DEBUG_SABRE
-#define SABRE_DPRINTF(fmt, ...) \
-do { printf("sabre: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define SABRE_DPRINTF(fmt, ...)
-#endif
+#include "trace.h"
 
 /*
  * Chipset docs:
@@ -69,8 +60,7 @@ do { printf("sabre: " fmt , ## __VA_ARGS__); } while (0)
 
 static inline void sabre_set_request(SabreState *s, unsigned int irq_num)
 {
-SABRE_DPRINTF("%s: request irq %d\n", __func__, irq_num);
-
+trace_sabre_set_request(irq_num);
 s->irq_request = irq_num;
 qemu_set_irq(s->ivec_irqs[irq_num], 1);
 }
@@ -108,7 +98,7 @@ static inline void sabre_check_irqs(SabreState *s)
 
 static inline void sabre_clear_request(SabreState *s, unsigned int irq_num)
 {
-SABRE_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
+trace_sabre_clear_request(irq_num);
 qemu_set_irq(s->ivec_irqs[irq_num], 0);
 s->irq_request = NO_IRQ_REQUEST;
 }
@@ -125,8 +115,7 @@ static void sabre_config_write(void *opaque, hwaddr addr,
 {
 SabreState *s = opaque;
 
-SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__,
-  addr, val);
+trace_sabre_config_write(addr, val);
 
 switch (addr & 0x) {
 case 0x30 ... 0x4f: /* DMA error registers */
@@ -250,7 +239,7 @@ static uint64_t sabre_config_read(void *opaque,
 val = 0;
 break;
 }
-SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, val);
+trace_sabre_config_read(addr, val);
 
 return val;
 }
@@ -267,8 +256,7 @@ static void sabre_pci_config_write(void *opaque, hwaddr 
addr,
 SabreState *s = opaque;
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
 
-SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " val %" PRIx64 "\n", __func__,
-  addr, val);
+trace_sabre_pci_config_write(addr, val);
 pci_data_write(phb->bus, addr, val, size);
 }
 
@@ -280,7 +268,7 @@ static uint64_t sabre_pci_config_read(void *opaque, hwaddr 
addr,
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
 
 ret = pci_data_read(phb->bus, addr, size);
-SABRE_DPRINTF("%s: addr " TARGET_FMT_plx " -> %x\n", __func__, addr, ret);
+trace_sabre_pci_config_read(addr, ret);
 return ret;
 }
 
@@ -318,7 +306,8 @@ static void pci_sabre_set_irq(void *opaque, int irq_num, 
int level)
 {
 SabreState *s = opaque;
 
-SABRE_DPRINTF("%s: set irq_in %d level %d\n", __func__, irq_num, level);
+trace_sabre_pci_set_irq(irq_num, level);
+
 /* PCI IRQ map onto the first 32 INO.  */
 if (irq_num < 32) {
 if (level) {
@@ -332,8 +321,7 @@ static void pci_sabre_set_irq(void *opaque, int irq_num, 
int level)
 } else {
 /* OBIO IRQ map onto the next 32 INO.  */
 if (level) {
-SABRE_DPRINTF("%s: set irq %d level %d\n", __func__, irq_num,
-  level);
+trace_sabre_pci_set_obio_irq(irq_num, level);
 s->pci_irq_in |= 1ULL << irq_num;
 if ((s->irq_request == NO_IRQ_REQUEST)
 && (s->obio_irq_map[irq_num - 32] & PBM_PCI_IMR_ENABLED)) {
diff --git a/hw/pci-host/trace-events b/hw/pci-host/trace-events
index 9284b1fbad..32dfc84692 100644
--- a/hw/pci-host/trace-events
+++ b/hw/pci-host/trace-events
@@ -1 +1,11 @@
 # See docs/devel/tracing.txt for syntax documentation.
+
+# hw/pci-host/sabre.c
+sabre_set_request(int irq_num) "request irq %d"
+sabre_clear_request(int irq_num) "clear request irq %d"
+sabre_config_write(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
0x%"PRIx64
+sabre_config_read(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 0x%"PRIx64
+sabre_pci_config_write(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
0x%"PRIx64
+sabre_pci_config_read(uint64_t addr, uint64_t val) "addr 0x%"PRIx64" val 
0x%"PRIx64
+sabre_pci_set_irq(int irq_num, int level) "set irq_in %d level %d"
+sabre_pci_set_obio_irq(int irq_num, int level) "set irq %d level %d"
-- 
2.11.0

[Qemu-devel] [PATCH 11/11] sparc64: convert hw/sparc64/sparc64.c from DPRINTF macros to trace events

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sparc64.c| 85 -
 hw/sparc64/trace-events | 18 +++
 2 files changed, 52 insertions(+), 51 deletions(-)

diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
index 95a06f00b2..408388945e 100644
--- a/hw/sparc64/sparc64.c
+++ b/hw/sparc64/sparc64.c
@@ -28,25 +28,9 @@
 #include "hw/char/serial.h"
 #include "hw/sparc/sparc64.h"
 #include "qemu/timer.h"
+#include "trace.h"
 
 
-//#define DEBUG_IRQ
-//#define DEBUG_TIMER
-
-#ifdef DEBUG_IRQ
-#define CPUIRQ_DPRINTF(fmt, ...)\
-do { printf("CPUIRQ: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define CPUIRQ_DPRINTF(fmt, ...)
-#endif
-
-#ifdef DEBUG_TIMER
-#define TIMER_DPRINTF(fmt, ...)  \
-do { printf("TIMER: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define TIMER_DPRINTF(fmt, ...)
-#endif
-
 #define TICK_MAX 0x7fffULL
 
 void cpu_check_irqs(CPUSPARCState *env)
@@ -73,8 +57,7 @@ void cpu_check_irqs(CPUSPARCState *env)
is (2 << psrpil). */
 if (pil < (2 << env->psrpil)) {
 if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
-CPUIRQ_DPRINTF("Reset CPU IRQ (current interrupt %x)\n",
-   env->interrupt_index);
+trace_sparc64_cpu_check_irqs_reset_irq(env->interrupt_index);
 env->interrupt_index = 0;
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
 }
@@ -92,22 +75,21 @@ void cpu_check_irqs(CPUSPARCState *env)
 
 if (unlikely(env->tl > 0 && cpu_tsptr(env)->tt > new_interrupt
   && ((cpu_tsptr(env)->tt & 0x1f0) == TT_EXTINT))) {
-CPUIRQ_DPRINTF("Not setting CPU IRQ: TL=%d "
-   "current %x >= pending %x\n",
-   env->tl, cpu_tsptr(env)->tt, new_interrupt);
+trace_sparc64_cpu_check_irqs_noset_irq(env->tl,
+  cpu_tsptr(env)->tt,
+  new_interrupt);
 } else if (old_interrupt != new_interrupt) {
 env->interrupt_index = new_interrupt;
-CPUIRQ_DPRINTF("Set CPU IRQ %d old=%x new=%x\n", i,
-   old_interrupt, new_interrupt);
+trace_sparc64_cpu_check_irqs_set_irq(i, old_interrupt,
+ new_interrupt);
 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
 }
 break;
 }
 }
 } else if (cs->interrupt_request & CPU_INTERRUPT_HARD) {
-CPUIRQ_DPRINTF("Interrupts disabled, pil=%08x pil_in=%08x softint=%08x 
"
-   "current interrupt %x\n",
-   pil, env->pil_in, env->softint, env->interrupt_index);
+trace_sparc64_cpu_check_irqs_disabled(pil, env->pil_in, env->softint,
+  env->interrupt_index);
 env->interrupt_index = 0;
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
 }
@@ -131,7 +113,7 @@ void sparc64_cpu_set_ivec_irq(void *opaque, int irq, int 
level)
 
 if (level) {
 if (!(env->ivec_status & 0x20)) {
-CPUIRQ_DPRINTF("Raise IVEC IRQ %d\n", irq);
+trace_sparc64_cpu_ivec_raise_irq(irq);
 cs = CPU(cpu);
 cs->halted = 0;
 env->interrupt_index = TT_IVEC;
@@ -143,7 +125,7 @@ void sparc64_cpu_set_ivec_irq(void *opaque, int irq, int 
level)
 }
 } else {
 if (env->ivec_status & 0x20) {
-CPUIRQ_DPRINTF("Lower IVEC IRQ %d\n", irq);
+trace_sparc64_cpu_ivec_lower_irq(irq);
 cs = CPU(cpu);
 env->ivec_status &= ~0x20;
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
@@ -216,10 +198,10 @@ static void tick_irq(void *opaque)
 CPUTimer *timer = env->tick;
 
 if (timer->disabled) {
-CPUIRQ_DPRINTF("tick_irq: softint disabled\n");
+trace_sparc64_cpu_tick_irq_disabled();
 return;
 } else {
-CPUIRQ_DPRINTF("tick: fire\n");
+trace_sparc64_cpu_tick_irq_fire();
 }
 
 env->softint |= SOFTINT_TIMER;
@@ -234,10 +216,10 @@ static void stick_irq(void *opaque)
 CPUTimer *timer = env->stick;
 
 if (timer->disabled) {
-CPUIRQ_DPRINTF("stick_irq: softint disabled\n");
+trace_sparc64_cpu_stick_irq_disabled();
 return;
 } else {
-CPUIRQ_DPRINTF("stick: fire\n");
+trace_sparc64_cpu_stick_irq_fire();
 }
 
 env->softint |= SOFTINT_STIMER;
@@ -252,10 +234,10 @@ static void hstick_irq(void *opaque)
 CPUTimer *timer = env->hstick;
 
 if (timer->disabled) {
-CPUIRQ_DPRINTF("hstick_irq: softint disabled\n");
+

[Qemu-devel] [PATCH 02/11] simba: rename PBMPCIBridge and QOM types to reflect simba naming

Here we rename PBMPCIBridge to SimbaPCIBridge and the QOM type from
TYPE_PBM_PCI_BRIDGE to TYPE_SIMBA_PCI_BRIDGE in improve the clarity
of the device name.

Also touch up the relevant spots in apb.c and various other function
names as appropriate.

Signed-off-by: Mark Cave-Ayland 
---
 hw/pci-bridge/simba.c | 22 +++---
 hw/pci-host/apb.c | 12 ++--
 include/hw/pci-bridge/simba.h | 10 +-
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/hw/pci-bridge/simba.c b/hw/pci-bridge/simba.c
index 05ba6f0f34..dea4c8c5e7 100644
--- a/hw/pci-bridge/simba.c
+++ b/hw/pci-bridge/simba.c
@@ -36,7 +36,7 @@
  * http://www.sun.com/processors/manuals/805-1251.pdf
  */
 
-static void apb_pci_bridge_realize(PCIDevice *dev, Error **errp)
+static void simba_pci_bridge_realize(PCIDevice *dev, Error **errp)
 {
 /*
  * command register:
@@ -47,7 +47,7 @@ static void apb_pci_bridge_realize(PCIDevice *dev, Error 
**errp)
  *   the reset value should be zero unless the boot pin is tied high
  *   (which is true) and thus it should be PCI_COMMAND_MEMORY.
  */
-PBMPCIBridge *br = PBM_PCI_BRIDGE(dev);
+SimbaPCIBridge *br = SIMBA_PCI_BRIDGE(dev);
 
 pci_bridge_initfn(dev, TYPE_PCI_BUS);
 
@@ -65,12 +65,12 @@ static void apb_pci_bridge_realize(PCIDevice *dev, Error 
**errp)
 pci_bridge_update_mappings(PCI_BRIDGE(br));
 }
 
-static void pbm_pci_bridge_class_init(ObjectClass *klass, void *data)
+static void simba_pci_bridge_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
-k->realize = apb_pci_bridge_realize;
+k->realize = simba_pci_bridge_realize;
 k->exit = pci_bridge_exitfn;
 k->vendor_id = PCI_VENDOR_ID_SUN;
 k->device_id = PCI_DEVICE_ID_SUN_SIMBA;
@@ -82,20 +82,20 @@ static void pbm_pci_bridge_class_init(ObjectClass *klass, 
void *data)
 dc->vmsd = _pci_device;
 }
 
-static const TypeInfo pbm_pci_bridge_info = {
-.name  = TYPE_PBM_PCI_BRIDGE,
+static const TypeInfo simba_pci_bridge_info = {
+.name  = TYPE_SIMBA_PCI_BRIDGE,
 .parent= TYPE_PCI_BRIDGE,
-.class_init= pbm_pci_bridge_class_init,
-.instance_size = sizeof(PBMPCIBridge),
+.class_init= simba_pci_bridge_class_init,
+.instance_size = sizeof(SimbaPCIBridge),
 .interfaces = (InterfaceInfo[]) {
 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
 { },
 },
 };
 
-static void pbm_register_types(void)
+static void simba_register_types(void)
 {
-type_register_static(_pci_bridge_info);
+type_register_static(_pci_bridge_info);
 }
 
-type_init(pbm_register_types)
+type_init(simba_register_types)
diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
index 3a5c046794..43ee42d170 100644
--- a/hw/pci-host/apb.c
+++ b/hw/pci-host/apb.c
@@ -293,7 +293,7 @@ static int pci_apb_map_irq(PCIDevice *pci_dev, int irq_num)
 return irq_num;
 }
 
-static int pci_pbmA_map_irq(PCIDevice *pci_dev, int irq_num)
+static int pci_simbaA_map_irq(PCIDevice *pci_dev, int irq_num)
 {
 /* The on-board devices have fixed (legacy) OBIO intnos */
 switch (PCI_SLOT(pci_dev->devfn)) {
@@ -311,7 +311,7 @@ static int pci_pbmA_map_irq(PCIDevice *pci_dev, int irq_num)
 return ((PCI_SLOT(pci_dev->devfn) << 2) + irq_num) & 0x1f;
 }
 
-static int pci_pbmB_map_irq(PCIDevice *pci_dev, int irq_num)
+static int pci_simbaB_map_irq(PCIDevice *pci_dev, int irq_num)
 {
 return (0x10 + (PCI_SLOT(pci_dev->devfn) << 2) + irq_num) & 0x1f;
 }
@@ -417,15 +417,15 @@ static void pci_pbm_realize(DeviceState *dev, Error 
**errp)
 
 /* APB secondary busses */
 pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 0), true,
-   TYPE_PBM_PCI_BRIDGE);
+   TYPE_SIMBA_PCI_BRIDGE);
 s->bridgeB = PCI_BRIDGE(pci_dev);
-pci_bridge_map_irq(s->bridgeB, "pciB", pci_pbmB_map_irq);
+pci_bridge_map_irq(s->bridgeB, "pciB", pci_simbaB_map_irq);
 qdev_init_nofail(_dev->qdev);
 
 pci_dev = pci_create_multifunction(phb->bus, PCI_DEVFN(1, 1), true,
-   TYPE_PBM_PCI_BRIDGE);
+   TYPE_SIMBA_PCI_BRIDGE);
 s->bridgeA = PCI_BRIDGE(pci_dev);
-pci_bridge_map_irq(s->bridgeA, "pciA", pci_pbmA_map_irq);
+pci_bridge_map_irq(s->bridgeA, "pciA", pci_simbaA_map_irq);
 qdev_init_nofail(_dev->qdev);
 }
 
diff --git a/include/hw/pci-bridge/simba.h b/include/hw/pci-bridge/simba.h
index 5ab1330236..fac56ab1cf 100644
--- a/include/hw/pci-bridge/simba.h
+++ b/include/hw/pci-bridge/simba.h
@@ -28,11 +28,11 @@
 #include "hw/pci/pci_bridge.h"
 
 
-typedef struct PBMPCIBridge {
+typedef struct SimbaPCIBridge {
 /*< private >*/
 PCIBridge parent_obj;
-} PBMPCIBridge;
+} SimbaPCIBridge;
 
-#define TYPE_PBM_PCI_BRIDGE "pbm-bridge"
-#define PBM_PCI_BRIDGE(obj) \
-

[Qemu-devel] [PATCH 07/11] sun4u: rename apb variables and constants

In order to reflect the previous change of TYPE_APB to TYPE_SABRE, update
the corresponding variable names to keep the terminology consistent.

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c | 41 +
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index b8f685847a..fb18afaaa6 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -55,9 +55,9 @@
 #define CMDLINE_ADDR 0x003ff000
 #define PROM_SIZE_MAX(4 * 1024 * 1024)
 #define PROM_VADDR   0x000ffd0ULL
-#define APB_SPECIAL_BASE 0x1feULL
-#define APB_MEM_BASE 0x1ffULL
-#define APB_PCI_IO_BASE  (APB_SPECIAL_BASE + 0x0200ULL)
+#define PBM_SPECIAL_BASE 0x1feULL
+#define PBM_MEM_BASE 0x1ffULL
+#define PBM_PCI_IO_BASE  (PBM_SPECIAL_BASE + 0x0200ULL)
 #define PROM_FILENAME"openbios-sparc64"
 #define NVRAM_SIZE   0x2000
 #define MAX_IDE_BUS  2
@@ -465,7 +465,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 Nvram *nvram;
 unsigned int i;
 uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, kernel_entry;
-SabreState *apb;
+SabreState *sabre;
 PCIBus *pci_bus, *pci_busA, *pci_busB;
 PCIDevice *ebus, *pci_dev;
 SysBusDevice *s;
@@ -489,23 +489,24 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 prom_init(hwdef->prom_addr, bios_name);
 
 /* Init sabre (PCI host bridge) */
-apb = SABRE_DEVICE(qdev_create(NULL, TYPE_SABRE));
-qdev_prop_set_uint64(DEVICE(apb), "special-base", APB_SPECIAL_BASE);
-qdev_prop_set_uint64(DEVICE(apb), "mem-base", APB_MEM_BASE);
-object_property_set_link(OBJECT(apb), OBJECT(iommu), "iommu", 
_abort);
-qdev_init_nofail(DEVICE(apb));
+sabre = SABRE_DEVICE(qdev_create(NULL, TYPE_SABRE));
+qdev_prop_set_uint64(DEVICE(sabre), "special-base", PBM_SPECIAL_BASE);
+qdev_prop_set_uint64(DEVICE(sabre), "mem-base", PBM_MEM_BASE);
+object_property_set_link(OBJECT(sabre), OBJECT(iommu), "iommu",
+ _abort);
+qdev_init_nofail(DEVICE(sabre));
 
 /* Wire up PCI interrupts to CPU */
 for (i = 0; i < IVEC_MAX; i++) {
-qdev_connect_gpio_out_named(DEVICE(apb), "ivec-irq", i,
+qdev_connect_gpio_out_named(DEVICE(sabre), "ivec-irq", i,
 qdev_get_gpio_in_named(DEVICE(cpu), "ivec-irq", i));
 }
 
-pci_bus = PCI_HOST_BRIDGE(apb)->bus;
-pci_busA = pci_bridge_get_sec_bus(apb->bridgeA);
-pci_busB = pci_bridge_get_sec_bus(apb->bridgeB);
+pci_bus = PCI_HOST_BRIDGE(sabre)->bus;
+pci_busA = pci_bridge_get_sec_bus(sabre->bridgeA);
+pci_busB = pci_bridge_get_sec_bus(sabre->bridgeB);
 
-/* Only in-built Simba PBMs can exist on the root bus, slot 0 on busA is
+/* Only in-built Simba APBs can exist on the root bus, slot 0 on busA is
reserved (leaving no slots free after on-board devices) however slots
0-3 are free on busB */
 pci_bus->slot_reserved_mask = 0xfffc;
@@ -517,17 +518,17 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
  hwdef->console_serial_base);
 qdev_init_nofail(DEVICE(ebus));
 
-/* Wire up "well-known" ISA IRQs to APB legacy obio IRQs */
+/* Wire up "well-known" ISA IRQs to PBM legacy obio IRQs */
 qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 7,
-qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_LPT_IRQ));
+qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_LPT_IRQ));
 qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 6,
-qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_FDD_IRQ));
+qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_FDD_IRQ));
 qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 1,
-qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_KBD_IRQ));
+qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_KBD_IRQ));
 qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 12,
-qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_MSE_IRQ));
+qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_MSE_IRQ));
 qdev_connect_gpio_out_named(DEVICE(ebus), "isa-irq", 4,
-qdev_get_gpio_in_named(DEVICE(apb), "pbm-irq", OBIO_SER_IRQ));
+qdev_get_gpio_in_named(DEVICE(sabre), "pbm-irq", OBIO_SER_IRQ));
 
 pci_dev = pci_create_simple(pci_busA, PCI_DEVFN(2, 0), "VGA");
 
-- 
2.11.0

[Qemu-devel] [PATCH 03/11] apb: rename APB functions to use sabre prefix

As hinted in the comment at the top of the file, the naming convention for the
APB types/QOM functions isn't correct. As a starting point we can at least
rename the APB type and related functions to improve the readability of apb.c.

Signed-off-by: Mark Cave-Ayland 
---
 hw/pci-host/apb.c | 109 +++---
 include/hw/pci-host/apb.h |   1 -
 2 files changed, 54 insertions(+), 56 deletions(-)

diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
index 43ee42d170..d5c459a2df 100644
--- a/hw/pci-host/apb.c
+++ b/hw/pci-host/apb.c
@@ -70,7 +70,7 @@ do { printf("APB: " fmt , ## __VA_ARGS__); } while (0)
 
 #define NO_IRQ_REQUEST (MAX_IVEC + 1)
 
-static inline void pbm_set_request(APBState *s, unsigned int irq_num)
+static inline void sabre_set_request(APBState *s, unsigned int irq_num)
 {
 APB_DPRINTF("%s: request irq %d\n", __func__, irq_num);
 
@@ -78,14 +78,13 @@ static inline void pbm_set_request(APBState *s, unsigned 
int irq_num)
 qemu_set_irq(s->ivec_irqs[irq_num], 1);
 }
 
-static inline void pbm_check_irqs(APBState *s)
+static inline void sabre_check_irqs(APBState *s)
 {
-
 unsigned int i;
 
 /* Previous request is not acknowledged, resubmit */
 if (s->irq_request != NO_IRQ_REQUEST) {
-pbm_set_request(s, s->irq_request);
+sabre_set_request(s, s->irq_request);
 return;
 }
 /* no request pending */
@@ -95,7 +94,7 @@ static inline void pbm_check_irqs(APBState *s)
 for (i = 0; i < 32; i++) {
 if (s->pci_irq_in & (1ULL << i)) {
 if (s->pci_irq_map[i >> 2] & PBM_PCI_IMR_ENABLED) {
-pbm_set_request(s, i);
+sabre_set_request(s, i);
 return;
 }
 }
@@ -103,28 +102,28 @@ static inline void pbm_check_irqs(APBState *s)
 for (i = 32; i < 64; i++) {
 if (s->pci_irq_in & (1ULL << i)) {
 if (s->obio_irq_map[i - 32] & PBM_PCI_IMR_ENABLED) {
-pbm_set_request(s, i);
+sabre_set_request(s, i);
 break;
 }
 }
 }
 }
 
-static inline void pbm_clear_request(APBState *s, unsigned int irq_num)
+static inline void sabre_clear_request(APBState *s, unsigned int irq_num)
 {
 APB_DPRINTF("%s: clear request irq %d\n", __func__, irq_num);
 qemu_set_irq(s->ivec_irqs[irq_num], 0);
 s->irq_request = NO_IRQ_REQUEST;
 }
 
-static AddressSpace *pbm_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
+static AddressSpace *sabre_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
 {
 IOMMUState *is = opaque;
 
 return >iommu_as;
 }
 
-static void apb_config_writel (void *opaque, hwaddr addr,
+static void sabre_config_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
 {
 APBState *s = opaque;
@@ -141,9 +140,9 @@ static void apb_config_writel (void *opaque, hwaddr addr,
 s->pci_irq_map[ino] &= PBM_PCI_IMR_MASK;
 s->pci_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
 if ((s->irq_request == ino) && !(val & ~PBM_PCI_IMR_MASK)) {
-pbm_clear_request(s, ino);
+sabre_clear_request(s, ino);
 }
-pbm_check_irqs(s);
+sabre_check_irqs(s);
 }
 break;
 case 0x1000 ... 0x107f: /* OBIO interrupt control */
@@ -153,17 +152,17 @@ static void apb_config_writel (void *opaque, hwaddr addr,
 s->obio_irq_map[ino] |= val & ~PBM_PCI_IMR_MASK;
 if ((s->irq_request == (ino | 0x20))
  && !(val & ~PBM_PCI_IMR_MASK)) {
-pbm_clear_request(s, ino | 0x20);
+sabre_clear_request(s, ino | 0x20);
 }
-pbm_check_irqs(s);
+sabre_check_irqs(s);
 }
 break;
 case 0x1400 ... 0x14ff: /* PCI interrupt clear */
 if (addr & 4) {
 unsigned int ino = (addr & 0xff) >> 5;
 if ((s->irq_request / 4)  == ino) {
-pbm_clear_request(s, s->irq_request);
-pbm_check_irqs(s);
+sabre_clear_request(s, s->irq_request);
+sabre_check_irqs(s);
 }
 }
 break;
@@ -171,8 +170,8 @@ static void apb_config_writel (void *opaque, hwaddr addr,
 if (addr & 4) {
 unsigned int ino = ((addr & 0xff) >> 3) | 0x20;
 if (s->irq_request == ino) {
-pbm_clear_request(s, ino);
-pbm_check_irqs(s);
+sabre_clear_request(s, ino);
+sabre_check_irqs(s);
 }
 }
 break;
@@ -202,7 +201,7 @@ static void apb_config_writel (void *opaque, hwaddr addr,
 }
 }
 
-static uint64_t apb_config_readl (void *opaque,
+static uint64_t sabre_config_read(void *opaque,
   hwaddr addr, unsigned size)
 {
 APBState *s = opaque;
@@ -258,14 +257,14 @@ static uint64_t

[Qemu-devel] [PATCH 06/11] apb: rename QOM type from TYPE_APB to TYPE_SABRE