Re: [Qemu-devel] [PATCH] block/mirror: fix fail to cancel when VM has heavy BLK IO

[Liang Li]

On Thu, Jan 25, 2018 at 08:48:22AM -0600, Eric Blake wrote:
> On 01/24/2018 10:59 PM, Liang Li wrote:
> >>
> >> There's ongoing work on adding async mirroring; this may be a better
> >> solution to the issue you are seeing.
> >>
> >> https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg05419.html
> >>
> > Hi Eric,
> > 
> > Thinks for your information, I didn't know libvirt depends on 
> > 'block-job-cancel'
> > for some of the block related operations.
> > 
> > It's seems a new interface should provided by qemu for use case that just
> > for aborting block job and don't care abort the mirror data integrality, and
> > libvirt can make use of this new interface.
> > 
> > Do you think this is the right direction?
> 
> I don't know if it is better to wait for the new async mirroring code to
> land, or to just propose a new QMP command that can force-quit an
> ongoing mirror in the READY state, but you are correct that the only
> safe way to do it is by adding a new command (or a new optional flag to
> the existing block-job-cancel command).
> 

Active sync does not conflict with the new QMP command, no need to wait.
The current QMP command is:

{ 'command': 'block-job-cancel', 'data': { 'device': 'str', '*force': 'bool' } }

'force' has other meaning which is not used by libvirt, for the change, there
are 3 options:

a. Now that 'force' is not used by libvirt and it current semantic is not very 
useful,
we can change it's semantic to force-quit without syncing.

b. change 'force' from bool to flag, and bit 0 is used for it's original 
meaning.

c. add another bool parameter.


which is the best one?

Thanks!

Liang 


> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 

Re: [Qemu-devel] [PATCH v2 06/11] target/arm: Decode aa32 armv8.1 two reg and a scalar

[Richard Henderson]

On 01/15/2018 09:47 AM, Peter Maydell wrote:
> On 18 December 2017 at 17:24, Richard Henderson
>  wrote:
>> Signed-off-by: Richard Henderson 
>> ---
>>  target/arm/translate.c | 38 +++---
>>  1 file changed, 35 insertions(+), 3 deletions(-)
>>
>> diff --git a/target/arm/translate.c b/target/arm/translate.c
>> index a9587ae242..1a0b0eaced 100644
>> --- a/target/arm/translate.c
>> +++ b/target/arm/translate.c
>> @@ -6973,11 +6973,43 @@ static int disas_neon_data_insn(DisasContext *s, 
>> uint32_t insn)
>>  }
>>  neon_store_reg64(cpu_V0, rd + pass);
>>  }
>> +break;
>> +case 14: /* VQRDMLAH scalar */
>> +case 15: /* VQRDMLSH scalar */
>> +if (!arm_dc_feature(s, ARM_FEATURE_V8_1_SIMD)) {
>> +return 1;
>> +}
>> +if (u && ((rd | rn) & 1)) {
>> +return 1;
>> +}
> 
> The pseudocode also has UNDEF if Q==1 && Vm<0> == 1 

Not for the indexed version, encoding A2.

> 
>> +tmp2 = neon_get_scalar(size, rm);
>> +for (pass = 0; pass < (u ? 4 : 2); pass++) {
>> +void (*fn)(TCGv_i32, TCGv_env, TCGv_i32,
>> +   TCGv_i32, TCGv_i32);
> 
> Can we define a typedef for this, please ?

What would you name it?


r~

Re: [Qemu-devel] [PATCH v1 0/6] Extend vhost-user to support VFIO based accelerators

[Stefan Hajnoczi]

On Thu, Jan 25, 2018 at 4:10 PM, Liang, Cunming  wrote:
>> -Original Message-
>> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
>> Sent: Thursday, January 25, 2018 10:22 PM
>> To: Bie, Tiwei 
>> Cc: qemu-devel@nongnu.org; virtio-...@lists.oasis-open.org;
>> m...@redhat.com; alex.william...@redhat.com; jasow...@redhat.com;
>> pbonz...@redhat.com; stefa...@redhat.com; Tan, Jianfeng
>> ; Liang, Cunming ;
>> Wang, Xiao W ; Wang, Zhihong
>> ; Daly, Dan 
>> Subject: Re: [Qemu-devel] [PATCH v1 0/6] Extend vhost-user to support
>> VFIO based accelerators
>>
>> On Thu, Jan 25, 2018 at 12:03:22PM +0800, Tiwei Bie wrote:
>> > Why extend vhost-user for vDPA
>> > ==
>> >
>> > We have already implemented various virtual switches (e.g. OVS-DPDK)
>> > based on vhost-user for VMs in the Cloud. They are purely software
>> > running on CPU cores. When we have accelerators for such NFVi
>> > applications, it's ideal if the applications could keep using the
>> > original interface (i.e. vhost-user netdev) with QEMU, and
>> > infrastructure is able to decide when and how to switch between CPU
>> > and
>> accelerators within the interface.
>> > And the switching (i.e. switch between CPU and accelerators) can be
>> > done flexibly and quickly inside the applications.
>> >
>> > More details about this can be found from the Cunming's discussions
>> > on the RFC patch set.
>> >
>> > The previous links:
>> > RFC:
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg04844.htm
>> > l
>>
>> Is vDPA also useful in the simpler use case where there is no NFVi 
>> application?
> There're separate patches to have non-DPDK vDPA(aka. vhost-vfio, a new vhost 
> backend proposed) support, which is the scope of stage-II as we mentioned in 
> community call.
> Stay tuned for the RFC patch. Main idea is that the virtio compatible device 
> driver register as a mdev to talk with qemu vhost-vfio.

Thanks!

Stefan

[Qemu-devel] [PATCH v11 04/20] tcg: Add generic vector expanders

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 Makefile.target  |2 +-
 accel/tcg/tcg-runtime.h  |   29 +
 tcg/tcg-gvec-desc.h  |   49 ++
 tcg/tcg-op-gvec.h|  198 +++
 tcg/tcg-op.h |1 +
 tcg/tcg-opc.h|6 +
 tcg/tcg.h|   27 +
 accel/tcg/tcg-runtime-gvec.c |  325 +++
 tcg/tcg-op-gvec.c| 1308 ++
 tcg/tcg-op-vec.c |   33 +-
 tcg/tcg.c|   13 +-
 accel/tcg/Makefile.objs  |2 +-
 configure|   48 ++
 13 files changed, 2023 insertions(+), 18 deletions(-)
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 accel/tcg/tcg-runtime-gvec.c
 create mode 100644 tcg/tcg-op-gvec.c

diff --git a/Makefile.target b/Makefile.target
index 7f30a1e725..6549481096 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -93,7 +93,7 @@ all: $(PROGS) stap
 # cpu emulator library
 obj-y += exec.o
 obj-y += accel/
-obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o
+obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o tcg/tcg-op-gvec.o
 obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 1df17d0ba9..76ee41ce58 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -134,3 +134,32 @@ GEN_ATOMIC_HELPERS(xor_fetch)
 GEN_ATOMIC_HELPERS(xchg)
 
 #undef GEN_ATOMIC_HELPERS
+
+DEF_HELPER_FLAGS_3(gvec_mov, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_dup8, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup16, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup32, TCG_CALL_NO_RWG, void, ptr, i32, i32)
+DEF_HELPER_FLAGS_3(gvec_dup64, TCG_CALL_NO_RWG, void, ptr, i32, i64)
+
+DEF_HELPER_FLAGS_4(gvec_add8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_add64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_sub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_neg8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_neg64, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_not, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_and, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_or, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/tcg-gvec-desc.h b/tcg/tcg-gvec-desc.h
new file mode 100644
index 00..3b4c2d9c69
--- /dev/null
+++ b/tcg/tcg-gvec-desc.h
@@ -0,0 +1,49 @@
+/*
+ * Generic vector operation descriptor
+ *
+ * Copyright (c) 2018 Linaro
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/* ??? These bit widths are set for ARM SVE, maxing out at 256 byte vectors. */
+#define SIMD_OPRSZ_SHIFT   0
+#define SIMD_OPRSZ_BITS5
+
+#define SIMD_MAXSZ_SHIFT   (SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
+#define SIMD_MAXSZ_BITS5
+
+#define SIMD_DATA_SHIFT(SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
+#define SIMD_DATA_BITS (32 - SIMD_DATA_SHIFT)
+
+/* Create a descriptor from components.  */
+uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data);
+
+/* Extract the operation size from a descriptor.  */
+static inline intptr_t simd_oprsz(uint32_t desc)
+{
+return (extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS) + 1) * 8;
+}
+
+/* Extract the max vector size from a descriptor.  */
+static inline intptr_t simd_maxsz(uint32_t desc)
+{
+  

[Qemu-devel] [PATCH v11 08/20] tcg: Add generic helpers for saturating arithmetic

[Richard Henderson]

No vector ops as yet.  SSE only has direct support for 8- and 16-bit
saturation; handling 32- and 64-bit saturation is much more expensive.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  20 
 tcg/tcg-op-gvec.h|  10 ++
 accel/tcg/tcg-runtime-gvec.c | 268 +++
 tcg/tcg-op-gvec.c|  92 +++
 4 files changed, 390 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 54f7e78b09..f224a975e8 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -157,6 +157,26 @@ DEF_HELPER_FLAGS_4(gvec_mul16, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_mul32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_mul64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_ssadd8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ssadd16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ssadd32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ssadd64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_sssub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sssub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sssub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_sssub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_usadd8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_usadd16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_usadd32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_usadd64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_ussub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ussub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ussub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ussub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_3(gvec_neg8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index abe909df39..03ced440c2 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -179,6 +179,16 @@ void tcg_gen_gvec_sub(unsigned vece, uint32_t dofs, 
uint32_t aofs,
 void tcg_gen_gvec_mul(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
 
+/* Saturated arithmetic.  */
+void tcg_gen_gvec_ssadd(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_sssub(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_usadd(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_ussub(unsigned vece, uint32_t dofs, uint32_t aofs,
+uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
+
 void tcg_gen_gvec_and(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
 void tcg_gen_gvec_or(unsigned vece, uint32_t dofs, uint32_t aofs,
diff --git a/accel/tcg/tcg-runtime-gvec.c b/accel/tcg/tcg-runtime-gvec.c
index 59d7a0a2fe..e6f99babcd 100644
--- a/accel/tcg/tcg-runtime-gvec.c
+++ b/accel/tcg/tcg-runtime-gvec.c
@@ -547,3 +547,271 @@ DO_CMP2(64)
 #undef DO_CMP0
 #undef DO_CMP1
 #undef DO_CMP2
+
+void HELPER(gvec_ssadd8)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(int8_t)) {
+int r = *(int8_t *)(a + i) + *(int8_t *)(b + i);
+if (r > INT8_MAX) {
+r = INT8_MAX;
+} else if (r < INT8_MIN) {
+r = INT8_MIN;
+}
+*(int8_t *)(d + i) = r;
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_ssadd16)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(int16_t)) {
+int r = *(int16_t *)(a + i) + *(int16_t *)(b + i);
+if (r > INT16_MAX) {
+r = INT16_MAX;
+} else if (r < INT16_MIN) {
+r = INT16_MIN;
+}
+*(int16_t *)(d + i) = r;
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_ssadd32)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(int32_t)) {
+int32_t ai = *(int32_t *)(a + i);
+int32_t bi = *(int32_t *)(b + i);
+int32_t di = ai + bi;
+if (((di ^ ai) &~ (ai ^ bi)) < 0) {
+  

[Qemu-devel] [PATCH v11 00/20] tcg: generic vector operations

[Richard Henderson]

Changes since v11:
  * Use dup_const more.
  * Cleanup some gvec 2i and 2s routines.
  * Use more helpers and less gotos in target/arm/translate-a64.c.

Changes since v10:
  * Squashed a fixup patch which escaped my attention while preparing
the patch set.  Ho hum.

Changes since v9:
  * Detect whether __attribute__((vector_size(16))) operations are
supported by the host compiler.  This includes the case affecting
ppc64 where gcc-4.8.5 crashes.  Note that gcc-7.2 does pass the
test on ppc64.

  * Dropped support for vector interleaves and element size changes.
My target/arm patches were failing RISU checks on a big-endian host.
I need to re-think what to do about host endianness and target
representation of vector operations crossing lanes.  For now, only
support generic vector operations that are agnostic to element order.


r~


Richard Henderson (20):
  tcg: Allow multiple word entries into the constant pool
  tcg: Add types and basic operations for host vectors
  tcg: Standardize integral arguments to expanders
  tcg: Add generic vector expanders
  tcg: Add generic vector ops for constant shifts
  tcg: Add generic vector ops for comparisons
  tcg: Add generic vector ops for multiplication
  tcg: Add generic helpers for saturating arithmetic
  tcg: Add generic vector helpers with a scalar operand
  tcg/optimize: Handle vector opcodes during optimize
  target/arm: Align vector registers
  target/arm: Use vector infrastructure for aa64 add/sub/logic
  target/arm: Use vector infrastructure for aa64 mov/not/neg
  target/arm: Use vector infrastructure for aa64 dup/movi
  target/arm: Use vector infrastructure for aa64 constant shifts
  target/arm: Use vector infrastructure for aa64 compares
  target/arm: Use vector infrastructure for aa64 multiplies
  target/arm: Use vector infrastructure for aa64 orr/bic immediate
  tcg/i386: Add vector operations
  tcg/aarch64: Add vector operations

 Makefile.target  |4 +-
 accel/tcg/tcg-runtime.h  |  118 +++
 target/arm/cpu.h |2 +-
 tcg/aarch64/tcg-target.h |   25 +-
 tcg/aarch64/tcg-target.opc.h |3 +
 tcg/i386/tcg-target.h|   41 +-
 tcg/i386/tcg-target.opc.h|   13 +
 tcg/tcg-gvec-desc.h  |   49 +
 tcg/tcg-op-gvec.h|  306 ++
 tcg/tcg-op.h |   52 +-
 tcg/tcg-opc.h|   46 +
 tcg/tcg.h|   87 ++
 accel/tcg/tcg-runtime-gvec.c |  997 +++
 target/arm/translate-a64.c   |  979 ++-
 tcg/aarch64/tcg-target.inc.c |  588 ++-
 tcg/i386/tcg-target.inc.c|  987 ++-
 tcg/optimize.c   |  150 +--
 tcg/tcg-op-gvec.c| 2215 ++
 tcg/tcg-op-vec.c |  389 
 tcg/tcg-op.c |   42 +-
 tcg/tcg-pool.inc.c   |  115 ++-
 tcg/tcg.c|  125 ++-
 accel/tcg/Makefile.objs  |2 +-
 configure|   48 +
 tcg/README   |   86 ++
 25 files changed, 6973 insertions(+), 496 deletions(-)
 create mode 100644 tcg/aarch64/tcg-target.opc.h
 create mode 100644 tcg/i386/tcg-target.opc.h
 create mode 100644 tcg/tcg-gvec-desc.h
 create mode 100644 tcg/tcg-op-gvec.h
 create mode 100644 accel/tcg/tcg-runtime-gvec.c
 create mode 100644 tcg/tcg-op-gvec.c
 create mode 100644 tcg/tcg-op-vec.c

-- 
2.14.3

[Qemu-devel] [PATCH v11 20/20] tcg/aarch64: Add vector operations

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.h |  25 +-
 tcg/aarch64/tcg-target.opc.h |   3 +
 tcg/aarch64/tcg-target.inc.c | 588 +++
 3 files changed, 569 insertions(+), 47 deletions(-)
 create mode 100644 tcg/aarch64/tcg-target.opc.h

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index c2525066ab..9aea1d1771 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -31,13 +31,22 @@ typedef enum {
 TCG_REG_SP = 31,
 TCG_REG_XZR = 31,
 
+TCG_REG_V0 = 32, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+TCG_REG_V8, TCG_REG_V9, TCG_REG_V10, TCG_REG_V11,
+TCG_REG_V12, TCG_REG_V13, TCG_REG_V14, TCG_REG_V15,
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
+
 /* Aliases.  */
 TCG_REG_FP = TCG_REG_X29,
 TCG_REG_LR = TCG_REG_X30,
 TCG_AREG0  = TCG_REG_X19,
 } TCGReg;
 
-#define TCG_TARGET_NB_REGS 32
+#define TCG_TARGET_NB_REGS 64
 
 /* used for function call generation */
 #define TCG_REG_CALL_STACK  TCG_REG_SP
@@ -113,6 +122,20 @@ typedef enum {
 #define TCG_TARGET_HAS_mulsh_i641
 #define TCG_TARGET_HAS_direct_jump  1
 
+#define TCG_TARGET_HAS_v64  1
+#define TCG_TARGET_HAS_v128 1
+#define TCG_TARGET_HAS_v256 0
+
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  1
+#define TCG_TARGET_HAS_not_vec  1
+#define TCG_TARGET_HAS_neg_vec  1
+#define TCG_TARGET_HAS_shi_vec  1
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_cmp_vec  1
+#define TCG_TARGET_HAS_mul_vec  1
+
 #define TCG_TARGET_DEFAULT_MO (0)
 
 static inline void flush_icache_range(uintptr_t start, uintptr_t stop)
diff --git a/tcg/aarch64/tcg-target.opc.h b/tcg/aarch64/tcg-target.opc.h
new file mode 100644
index 00..4816a6c3d4
--- /dev/null
+++ b/tcg/aarch64/tcg-target.opc.h
@@ -0,0 +1,3 @@
+/* Target-specific opcodes for host vector expansion.  These will be
+   emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+   consider these to be UNSPEC with names.  */
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 150530f30e..be3192078d 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -20,10 +20,15 @@ QEMU_BUILD_BUG_ON(TCG_TYPE_I32 != 0 || TCG_TYPE_I64 != 1);
 
 #ifdef CONFIG_DEBUG_TCG
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
-"%x0", "%x1", "%x2", "%x3", "%x4", "%x5", "%x6", "%x7",
-"%x8", "%x9", "%x10", "%x11", "%x12", "%x13", "%x14", "%x15",
-"%x16", "%x17", "%x18", "%x19", "%x20", "%x21", "%x22", "%x23",
-"%x24", "%x25", "%x26", "%x27", "%x28", "%fp", "%x30", "%sp",
+"x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
+"x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15",
+"x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
+"x24", "x25", "x26", "x27", "x28", "fp", "x30", "sp",
+
+"v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7",
+"v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15",
+"v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23",
+"v24", "v25", "v26", "v27", "v28", "fp", "v30", "v31",
 };
 #endif /* CONFIG_DEBUG_TCG */
 
@@ -43,6 +48,14 @@ static const int tcg_target_reg_alloc_order[] = {
 /* X19 reserved for AREG0 */
 /* X29 reserved as fp */
 /* X30 reserved as temporary */
+
+TCG_REG_V0, TCG_REG_V1, TCG_REG_V2, TCG_REG_V3,
+TCG_REG_V4, TCG_REG_V5, TCG_REG_V6, TCG_REG_V7,
+/* V8 - V15 are call-saved, and skipped.  */
+TCG_REG_V16, TCG_REG_V17, TCG_REG_V18, TCG_REG_V19,
+TCG_REG_V20, TCG_REG_V21, TCG_REG_V22, TCG_REG_V23,
+TCG_REG_V24, TCG_REG_V25, TCG_REG_V26, TCG_REG_V27,
+TCG_REG_V28, TCG_REG_V29, TCG_REG_V30, TCG_REG_V31,
 };
 
 static const int tcg_target_call_iarg_regs[8] = {
@@ -54,6 +67,7 @@ static const int tcg_target_call_oarg_regs[1] = {
 };
 
 #define TCG_REG_TMP TCG_REG_X30
+#define TCG_VEC_TMP TCG_REG_V31
 
 #ifndef CONFIG_SOFTMMU
 /* Note that XZR cannot be encoded in the address base register slot,
@@ -119,9 +133,13 @@ static const char 
*target_parse_constraint(TCGArgConstraint *ct,
const char *ct_str, TCGType type)
 {
 switch (*ct_str++) {
-case 'r':
+case 'r': /* general registers */
 ct->ct |= TCG_CT_REG;
-ct->u.regs = 0xu;
+ct->u.regs |= 0xu;
+break;
+case 'w': /* advsimd registers */
+ct->ct |= TCG_CT_REG;
+ct->u.regs |= 0xull;
 break;
 case 'l': /* qemu_ld / qemu_st address, data_reg */
 ct->ct |= 

[Qemu-devel] [PATCH v11 02/20] tcg: Add types and basic operations for host vectors

[Richard Henderson]

Nothing uses or enables them yet.

Signed-off-by: Richard Henderson 
---
 Makefile.target  |   4 +-
 tcg/tcg-op.h |  27 +
 tcg/tcg-opc.h|  25 +
 tcg/tcg.h|  56 +++
 tcg/tcg-op-vec.c | 292 +++
 tcg/tcg.c|  96 +-
 tcg/README   |  49 ++
 7 files changed, 543 insertions(+), 6 deletions(-)
 create mode 100644 tcg/tcg-op-vec.c

diff --git a/Makefile.target b/Makefile.target
index f9a9da7e7c..7f30a1e725 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -93,8 +93,8 @@ all: $(PROGS) stap
 # cpu emulator library
 obj-y += exec.o
 obj-y += accel/
-obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
-obj-$(CONFIG_TCG) += tcg/tcg-common.o
+obj-$(CONFIG_TCG) += tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o
+obj-$(CONFIG_TCG) += tcg/tcg-common.o tcg/optimize.o
 obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
 obj-y += fpu/softfloat.o
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index ca07b32b65..0c02d86b8b 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -35,6 +35,10 @@ void tcg_gen_op4(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg);
 void tcg_gen_op5(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
 void tcg_gen_op6(TCGOpcode, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg, TCGArg);
 
+void vec_gen_2(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg);
+void vec_gen_3(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg, TCGArg);
+void vec_gen_4(TCGOpcode, TCGType, unsigned, TCGArg, TCGArg, TCGArg, TCGArg);
+
 static inline void tcg_gen_op1_i32(TCGOpcode opc, TCGv_i32 a1)
 {
 tcg_gen_op1(opc, tcgv_i32_arg(a1));
@@ -903,6 +907,27 @@ void tcg_gen_atomic_or_fetch_i64(TCGv_i64, TCGv, TCGv_i64, 
TCGArg, TCGMemOp);
 void tcg_gen_atomic_xor_fetch_i32(TCGv_i32, TCGv, TCGv_i32, TCGArg, TCGMemOp);
 void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, TCGv_i64, TCGArg, TCGMemOp);
 
+void tcg_gen_mov_vec(TCGv_vec, TCGv_vec);
+void tcg_gen_dup_i32_vec(unsigned vece, TCGv_vec, TCGv_i32);
+void tcg_gen_dup_i64_vec(unsigned vece, TCGv_vec, TCGv_i64);
+void tcg_gen_dup8i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup16i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup32i_vec(TCGv_vec, uint32_t);
+void tcg_gen_dup64i_vec(TCGv_vec, uint64_t);
+void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_and_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_or_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_xor_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_andc_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_orc_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+void tcg_gen_neg_vec(unsigned vece, TCGv_vec r, TCGv_vec a);
+
+void tcg_gen_ld_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
+void tcg_gen_st_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
+void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
+
 #if TARGET_LONG_BITS == 64
 #define tcg_gen_movi_tl tcg_gen_movi_i64
 #define tcg_gen_mov_tl tcg_gen_mov_i64
@@ -1001,6 +1026,7 @@ void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, 
TCGv_i64, TCGArg, TCGMemOp);
 #define tcg_gen_atomic_and_fetch_tl tcg_gen_atomic_and_fetch_i64
 #define tcg_gen_atomic_or_fetch_tl tcg_gen_atomic_or_fetch_i64
 #define tcg_gen_atomic_xor_fetch_tl tcg_gen_atomic_xor_fetch_i64
+#define tcg_gen_dup_tl_vec  tcg_gen_dup_i64_vec
 #else
 #define tcg_gen_movi_tl tcg_gen_movi_i32
 #define tcg_gen_mov_tl tcg_gen_mov_i32
@@ -1098,6 +1124,7 @@ void tcg_gen_atomic_xor_fetch_i64(TCGv_i64, TCGv, 
TCGv_i64, TCGArg, TCGMemOp);
 #define tcg_gen_atomic_and_fetch_tl tcg_gen_atomic_and_fetch_i32
 #define tcg_gen_atomic_or_fetch_tl tcg_gen_atomic_or_fetch_i32
 #define tcg_gen_atomic_xor_fetch_tl tcg_gen_atomic_xor_fetch_i32
+#define tcg_gen_dup_tl_vec  tcg_gen_dup_i32_vec
 #endif
 
 #if UINTPTR_MAX == UINT32_MAX
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 956fb1e9f3..b851ad4bca 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -204,8 +204,33 @@ DEF(qemu_ld_i64, DATA64_ARGS, TLADDR_ARGS, 1,
 DEF(qemu_st_i64, 0, TLADDR_ARGS + DATA64_ARGS, 1,
 TCG_OPF_CALL_CLOBBER | TCG_OPF_SIDE_EFFECTS | TCG_OPF_64BIT)
 
+/* Host vector support.  */
+
+#define IMPLVEC  TCG_OPF_VECTOR | IMPL(TCG_TARGET_MAYBE_vec)
+
+DEF(mov_vec, 1, 1, 0, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
+DEF(dupi_vec, 1, 0, 1, TCG_OPF_VECTOR | TCG_OPF_NOT_PRESENT)
+
+DEF(dup_vec, 1, 1, 0, IMPLVEC)
+DEF(dup2_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_REG_BITS == 32))
+
+DEF(ld_vec, 1, 1, 1, IMPLVEC)
+DEF(st_vec, 0, 2, 1, IMPLVEC)
+
+DEF(add_vec, 1, 2, 0, IMPLVEC)
+DEF(sub_vec, 1, 2, 0, IMPLVEC)
+DEF(neg_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_neg_vec))
+
+DEF(and_vec, 1, 2, 0, IMPLVEC)
+DEF(or_vec, 1, 2, 0, IMPLVEC)
+DEF(xor_vec, 1, 2, 0, 

Re: [Qemu-devel] [RFC 0/2] virtio-vhost-user: add virtio-vhost-user device

[Jason Wang]

On 2018年01月25日 22:48, Michael S. Tsirkin wrote:

On Thu, Jan 25, 2018 at 03:07:23PM +0100, Paolo Bonzini wrote:

On 23/01/2018 17:07, Michael S. Tsirkin wrote:

It's not clear to me how to do this. E.g need a way to report failure to VM2
or #PF?

Why would there be a failure? qemu running vm1 would be responsible for
preventing access to vm2's memory not mapped through an IOMMU.
Basically munmap these.

Access to VM2's memory would use VM2's configured IOVAs for VM1's
requester id.  VM2's QEMU send device IOTLB messages to VM1's QEMU,
which would remap VM2's memory on the fly into VM1's BAR2.

Right. Almost.


That would be extremely slow for dynamic mappings.



One problem is that IOVA range is bigger than RAM range,
so you will have trouble making arbitrary virtual addresses
fit in a BAR.

This is why I suggested a hybrid approach where
translation happens within guest, qemu only does protection.

Another problem with it is that IOMMU has page granularity
while with hugetlbfs we might not be able to remap at that
granularity.

Not sure what to do about it - teach host to break
up pages? Pass limitation to guest through virtio-iommu?


If we decide to go virtio IOMMU, maybe device can limit its IOVA range too.

Thanks



Ideas?


It's not trivial to do it efficiently, but it's possible.  The important
thing is that, if VM2 has an IOMMU, QEMU must *not* connect to a
virtio-vhost-user device that lacks IOTLB support.  But that would be a
vhost-user bug, not a virtio-vhost-user bug---and that's the beauty of
Stefan's approach. :)

Paolo

Re: [Qemu-devel] [virtio-dev] Re: [PATCH v1 6/6] vhost-user: add VFIO based accelerators support

[Tiwei Bie]

On Fri, Jan 26, 2018 at 11:41:27AM +0800, Jason Wang wrote:
> On 2018年01月26日 07:59, Michael S. Tsirkin wrote:
> > > The virtual IOMMU isn't supported by the accelerators for now.
> > > Because vhost-user currently lacks of an efficient way to share
> > > the IOMMU table in VM to vhost backend. That's why the software
> > > implementation of virtual IOMMU support in vhost-user backend
> > > can't support dynamic mapping well.
> > What exactly is meant by that? vIOMMU seems to work for people,
> > it's not that fast if you change mappings all the time,
> > but e.g. dpdk within guest doesn't.
> 
> Yes, software implementation support dynamic mapping for sure. I think the
> point is, current vhost-user backend can not program hardware IOMMU. So it
> can not let hardware accelerator to cowork with software vIOMMU.

Vhost-user backend can program hardware IOMMU. Currently
vhost-user backend (or more precisely the vDPA driver in
vhost-user backend) will use the memory table (delivered
by the VHOST_USER_SET_MEM_TABLE message) to program the
IOMMU via vfio, and that's why accelerators can use the
GPA (guest physical address) in descriptors directly.

Theoretically, we can use the IOVA mapping info (delivered
by the VHOST_USER_IOTLB_MSG message) to program the IOMMU,
and accelerators will be able to use IOVA. But the problem
is that in vhost-user QEMU won't push all the IOVA mappings
to backend directly. Backend needs to ask for those info
when it meets a new IOVA. Such design and implementation
won't work well for dynamic mappings anyway and couldn't
be supported by hardware accelerators.

> I think
> that's another call to implement the offloaded path inside qemu which has
> complete support for vIOMMU co-operated VFIO.

Yes, that's exactly what we want. After revisiting the
last paragraph in the commit message, I found it's not
really accurate. The practicability of dynamic mappings
support is a common issue for QEMU. It also exists for
vfio (hw/vfio in QEMU). If QEMU needs to trap all the
map/unmap events, the data path performance couldn't be
high. If we want to thoroughly fix this issue especially
for vfio (hw/vfio in QEMU), we need to have the offload
path Jason mentioned in QEMU. And I think accelerators
could use it too.

Best regards,
Tiwei Bie

> 
> Thanks
> 
> > 
> > > Once this problem is solved
> > > in vhost-user, virtual IOMMU can be supported by accelerators
> > > too, and the IOMMU feature bit checking in this patch can be
> > > removed.
> > Given it works with software backends right now, I suspect
> > this will be up to you guys to address.
> > 
> 

[Qemu-devel] [PATCH v11 16/20] target/arm: Use vector infrastructure for aa64 compares

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 93 +-
 1 file changed, 59 insertions(+), 34 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 38400560db..c928c4787c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7209,6 +7209,28 @@ static void 
disas_simd_scalar_three_reg_diff(DisasContext *s, uint32_t insn)
 }
 }
 
+/* CMTST : test is "if (X & Y != 0)". */
+static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_and_i32(d, a, b);
+tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i32(d, d);
+}
+
+static void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_and_i64(d, a, b);
+tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
+tcg_gen_neg_i64(d, d);
+}
+
+static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_and_vec(vece, d, a, b);
+tcg_gen_dupi_vec(vece, a, 0);
+tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
+}
+
 static void handle_3same_64(DisasContext *s, int opcode, bool u,
 TCGv_i64 tcg_rd, TCGv_i64 tcg_rn, TCGv_i64 tcg_rm)
 {
@@ -7252,10 +7274,7 @@ static void handle_3same_64(DisasContext *s, int opcode, 
bool u,
 cond = TCG_COND_EQ;
 goto do_cmop;
 }
-/* CMTST : test is "if (X & Y != 0)". */
-tcg_gen_and_i64(tcg_rd, tcg_rn, tcg_rm);
-tcg_gen_setcondi_i64(TCG_COND_NE, tcg_rd, tcg_rd, 0);
-tcg_gen_neg_i64(tcg_rd, tcg_rd);
+gen_cmtst_i64(tcg_rd, tcg_rn, tcg_rm);
 break;
 case 0x8: /* SSHL, USHL */
 if (u) {
@@ -9737,6 +9756,22 @@ static void disas_simd_3same_float(DisasContext *s, 
uint32_t insn)
 /* Integer op subgroup of C3.6.16. */
 static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
 {
+static const GVecGen3 cmtst_op[4] = {
+{ .fni4 = gen_helper_neon_tst_u8,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_8 },
+{ .fni4 = gen_helper_neon_tst_u16,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_16 },
+{ .fni4 = gen_cmtst_i32,
+  .fniv = gen_cmtst_vec,
+  .vece = MO_32 },
+{ .fni8 = gen_cmtst_i64,
+  .fniv = gen_cmtst_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .vece = MO_64 },
+};
+
 int is_q = extract32(insn, 30, 1);
 int u = extract32(insn, 29, 1);
 int size = extract32(insn, 22, 2);
@@ -9745,6 +9780,7 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 int rn = extract32(insn, 5, 5);
 int rd = extract32(insn, 0, 5);
 int pass;
+TCGCond cond;
 
 switch (opcode) {
 case 0x13: /* MUL, PMUL */
@@ -9792,6 +9828,25 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_add, size);
 }
 return;
+case 0x11:
+if (!u) { /* CMTST */
+gen_gvec_op3(s, is_q, rd, rn, rm, _op[size]);
+return;
+}
+/* else CMEQ */
+cond = TCG_COND_EQ;
+goto do_gvec_cmp;
+case 0x06: /* CMGT, CMHI */
+cond = u ? TCG_COND_GTU : TCG_COND_GT;
+goto do_gvec_cmp;
+case 0x07: /* CMGE, CMHS */
+cond = u ? TCG_COND_GEU : TCG_COND_GE;
+do_gvec_cmp:
+tcg_gen_gvec_cmp(cond, size, vec_full_reg_offset(s, rd),
+ vec_full_reg_offset(s, rn),
+ vec_full_reg_offset(s, rm),
+ is_q ? 16 : 8, vec_full_reg_size(s));
+return;
 }
 
 if (size == 3) {
@@ -9874,26 +9929,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genenvfn = fns[size][u];
 break;
 }
-case 0x6: /* CMGT, CMHI */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_cgt_s8, gen_helper_neon_cgt_u8 },
-{ gen_helper_neon_cgt_s16, gen_helper_neon_cgt_u16 },
-{ gen_helper_neon_cgt_s32, gen_helper_neon_cgt_u32 },
-};
-genfn = fns[size][u];
-break;
-}
-case 0x7: /* CMGE, CMHS */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_cge_s8, gen_helper_neon_cge_u8 },
-{ gen_helper_neon_cge_s16, gen_helper_neon_cge_u16 },
-{ gen_helper_neon_cge_s32, gen_helper_neon_cge_u32 },
-};
-genfn = fns[size][u];
-break;
-}
 case 0x8: /* SSHL, USHL */
 {
 static NeonGenTwoOpFn * const fns[3][2] = {
@@ -9966,16 +10001,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t 

[Qemu-devel] [PATCH v11 05/20] tcg: Add generic vector ops for constant shifts

[Richard Henderson]

Opcodes are added for scalar and vector shifts, but considering the
varied semantics of these do not expose them to the front ends.  Do
go ahead and provide them in case they are needed for backend expansion.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  15 +++
 tcg/tcg-op-gvec.h|  35 ++
 tcg/tcg-op.h |   4 +
 tcg/tcg-opc.h|  12 ++
 tcg/tcg.h|   3 +
 accel/tcg/tcg-runtime-gvec.c | 144 ++
 tcg/tcg-op-gvec.c| 276 +++
 tcg/tcg-op-vec.c |  45 +++
 tcg/tcg.c|  12 ++
 tcg/README   |  29 +
 10 files changed, 575 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 76ee41ce58..df23c9aea9 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -163,3 +163,18 @@ DEF_HELPER_FLAGS_4(gvec_or, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_shl8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shl64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_shr8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_shr64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_3(gvec_sar8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+DEF_HELPER_FLAGS_3(gvec_sar64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 5a7d640a9d..b9f9eb7b84 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -95,6 +95,25 @@ typedef struct {
 bool prefer_i64;
 } GVecGen2;
 
+typedef struct {
+/* Expand inline as a 64-bit or 32-bit integer.
+   Only one of these will be non-NULL.  */
+void (*fni8)(TCGv_i64, TCGv_i64, int64_t);
+void (*fni4)(TCGv_i32, TCGv_i32, int32_t);
+/* Expand inline with a host vector type.  */
+void (*fniv)(unsigned, TCGv_vec, TCGv_vec, int64_t);
+/* Expand out-of-line helper w/descriptor.  */
+gen_helper_gvec_2 *fno;
+/* The opcode, if any, to which this corresponds.  */
+TCGOpcode opc;
+/* The vector element size, if applicable.  */
+uint8_t vece;
+/* Prefer i64 to v64.  */
+bool prefer_i64;
+/* Load dest as a 3rd source operand.  */
+bool load_dest;
+} GVecGen2i;
+
 typedef struct {
 /* Expand inline as a 64-bit or 32-bit integer.
Only one of these will be non-NULL.  */
@@ -137,6 +156,8 @@ typedef struct {
 
 void tcg_gen_gvec_2(uint32_t dofs, uint32_t aofs,
 uint32_t oprsz, uint32_t maxsz, const GVecGen2 *);
+void tcg_gen_gvec_2i(uint32_t dofs, uint32_t aofs, uint32_t oprsz,
+ uint32_t maxsz, int64_t c, const GVecGen2i *);
 void tcg_gen_gvec_3(uint32_t dofs, uint32_t aofs, uint32_t bofs,
 uint32_t oprsz, uint32_t maxsz, const GVecGen3 *);
 void tcg_gen_gvec_4(uint32_t dofs, uint32_t aofs, uint32_t bofs, uint32_t cofs,
@@ -179,6 +200,13 @@ void tcg_gen_gvec_dup16i(uint32_t dofs, uint32_t s, 
uint32_t m, uint16_t x);
 void tcg_gen_gvec_dup32i(uint32_t dofs, uint32_t s, uint32_t m, uint32_t x);
 void tcg_gen_gvec_dup64i(uint32_t dofs, uint32_t s, uint32_t m, uint64_t x);
 
+void tcg_gen_gvec_shli(unsigned vece, uint32_t dofs, uint32_t aofs,
+   int64_t shift, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_shri(unsigned vece, uint32_t dofs, uint32_t aofs,
+   int64_t shift, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_sari(unsigned vece, uint32_t dofs, uint32_t aofs,
+   int64_t shift, uint32_t oprsz, uint32_t maxsz);
+
 /*
  * 64-bit vector operations.  Use these when the register has been allocated
  * with tcg_global_mem_new_i64, and so we cannot also address it via pointer.
@@ -196,3 +224,10 @@ void tcg_gen_vec_add32_i64(TCGv_i64 d, TCGv_i64 a, 
TCGv_i64 b);
 void tcg_gen_vec_sub8_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 void tcg_gen_vec_sub16_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 void tcg_gen_vec_sub32_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
+
+void tcg_gen_vec_shl8i_i64(TCGv_i64 d, TCGv_i64 a, int64_t);
+void tcg_gen_vec_shl16i_i64(TCGv_i64 d, TCGv_i64 a, int64_t);
+void tcg_gen_vec_shr8i_i64(TCGv_i64 d, TCGv_i64 a, int64_t);
+void tcg_gen_vec_shr16i_i64(TCGv_i64 d, 

[Qemu-devel] [PATCH v11 15/20] target/arm: Use vector infrastructure for aa64 constant shifts

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 423 +
 1 file changed, 350 insertions(+), 73 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 48088dbb29..38400560db 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -87,6 +87,8 @@ typedef void CryptoThreeOpFn(TCGv_ptr, TCGv_ptr, TCGv_ptr);
 
 /* Note that the gvec expanders operate on offsets + sizes.  */
 typedef void GVecGen2Fn(unsigned, uint32_t, uint32_t, uint32_t, uint32_t);
+typedef void GVecGen2iFn(unsigned, uint32_t, uint32_t, int64_t,
+ uint32_t, uint32_t);
 typedef void GVecGen3Fn(unsigned, uint32_t, uint32_t,
 uint32_t, uint32_t, uint32_t);
 
@@ -640,6 +642,16 @@ static void gen_gvec_fn2(DisasContext *s, bool is_q, int 
rd, int rn,
 is_q ? 16 : 8, vec_full_reg_size(s));
 }
 
+/* Expand a 2-operand + immediate AdvSIMD vector operation using
+ * an expander function.
+ */
+static void gen_gvec_fn2i(DisasContext *s, bool is_q, int rd, int rn,
+  int64_t imm, GVecGen2iFn *gvec_fn, int vece)
+{
+gvec_fn(vece, vec_full_reg_offset(s, rd), vec_full_reg_offset(s, rn),
+imm, is_q ? 16 : 8, vec_full_reg_size(s));
+}
+
 /* Expand a 3-operand AdvSIMD vector operation using an expander function.  */
 static void gen_gvec_fn3(DisasContext *s, bool is_q, int rd, int rn, int rm,
  GVecGen3Fn *gvec_fn, int vece)
@@ -648,6 +660,16 @@ static void gen_gvec_fn3(DisasContext *s, bool is_q, int 
rd, int rn, int rm,
 vec_full_reg_offset(s, rm), is_q ? 16 : 8, vec_full_reg_size(s));
 }
 
+/* Expand a 2-operand + immediate AdvSIMD vector operation using
+ * an op descriptor.
+ */
+static void gen_gvec_op2i(DisasContext *s, bool is_q, int rd,
+  int rn, int64_t imm, const GVecGen2i *gvec_op)
+{
+tcg_gen_gvec_2i(vec_full_reg_offset(s, rd), vec_full_reg_offset(s, rn),
+is_q ? 16 : 8, vec_full_reg_size(s), imm, gvec_op);
+}
+
 /* Expand a 3-operand AdvSIMD vector operation using an op descriptor.  */
 static void gen_gvec_op3(DisasContext *s, bool is_q, int rd,
  int rn, int rm, const GVecGen3 *gvec_op)
@@ -6512,32 +6534,6 @@ static void handle_shri_with_rndacc(TCGv_i64 tcg_res, 
TCGv_i64 tcg_src,
 }
 }
 
-/* Common SHL/SLI - Shift left with an optional insert */
-static void handle_shli_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
- bool insert, int shift)
-{
-if (insert) { /* SLI */
-tcg_gen_deposit_i64(tcg_res, tcg_res, tcg_src, shift, 64 - shift);
-} else { /* SHL */
-tcg_gen_shli_i64(tcg_res, tcg_src, shift);
-}
-}
-
-/* SRI: shift right with insert */
-static void handle_shri_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
- int size, int shift)
-{
-int esize = 8 << size;
-
-/* shift count same as element size is valid but does nothing;
- * special case to avoid potential shift by 64.
- */
-if (shift != esize) {
-tcg_gen_shri_i64(tcg_src, tcg_src, shift);
-tcg_gen_deposit_i64(tcg_res, tcg_res, tcg_src, 0, esize - shift);
-}
-}
-
 /* SSHR[RA]/USHR[RA] - Scalar shift right (optional rounding/accumulate) */
 static void handle_scalar_simd_shri(DisasContext *s,
 bool is_u, int immh, int immb,
@@ -6588,7 +6584,14 @@ static void handle_scalar_simd_shri(DisasContext *s,
 tcg_rd = (accumulate || insert) ? read_fp_dreg(s, rd) : tcg_temp_new_i64();
 
 if (insert) {
-handle_shri_with_ins(tcg_rd, tcg_rn, size, shift);
+/* shift count same as element size is valid but does nothing;
+ * special case to avoid potential shift by 64.
+ */
+int esize = 8 << size;
+if (shift != esize) {
+tcg_gen_shri_i64(tcg_rn, tcg_rn, shift);
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, 0, esize - shift);
+}
 } else {
 handle_shri_with_rndacc(tcg_rd, tcg_rn, tcg_round,
 accumulate, is_u, size, shift);
@@ -6626,7 +6629,11 @@ static void handle_scalar_simd_shli(DisasContext *s, 
bool insert,
 tcg_rn = read_fp_dreg(s, rn);
 tcg_rd = insert ? read_fp_dreg(s, rd) : tcg_temp_new_i64();
 
-handle_shli_with_ins(tcg_rd, tcg_rn, insert, shift);
+if (insert) {
+tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, shift, 64 - shift);
+} else {
+tcg_gen_shli_i64(tcg_rd, tcg_rn, shift);
+}
 
 write_fp_dreg(s, rd, tcg_rd);
 
@@ -8356,16 +8363,195 @@ static void 
disas_simd_scalar_two_reg_misc(DisasContext *s, uint32_t insn)
 }
 }
 
+static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
+{
+tcg_gen_vec_sar8i_i64(a, a, shift);
+tcg_gen_vec_add8_i64(d, d, a);
+}
+
+static void gen_ssra16_i64(TCGv_i64 d, 

[Qemu-devel] [PATCH v11 14/20] target/arm: Use vector infrastructure for aa64 dup/movi

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 81 +++---
 1 file changed, 33 insertions(+), 48 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 11310f1a7a..48088dbb29 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5890,10 +5890,7 @@ static void handle_simd_dupe(DisasContext *s, int is_q, 
int rd, int rn,
  int imm5)
 {
 int size = ctz32(imm5);
-int esize = 8 << size;
-int elements = (is_q ? 128 : 64) / esize;
-int index, i;
-TCGv_i64 tmp;
+int index = imm5 >> (size + 1);
 
 if (size > 3 || (size == 3 && !is_q)) {
 unallocated_encoding(s);
@@ -5904,20 +5901,9 @@ static void handle_simd_dupe(DisasContext *s, int is_q, 
int rd, int rn,
 return;
 }
 
-index = imm5 >> (size + 1);
-
-tmp = tcg_temp_new_i64();
-read_vec_element(s, tmp, rn, index, size);
-
-for (i = 0; i < elements; i++) {
-write_vec_element(s, tmp, rd, i, size);
-}
-
-if (!is_q) {
-clear_vec_high(s, rd);
-}
-
-tcg_temp_free_i64(tmp);
+tcg_gen_gvec_dup_mem(size, vec_full_reg_offset(s, rd),
+ vec_reg_offset(s, rn, index, size),
+ is_q ? 16 : 8, vec_full_reg_size(s));
 }
 
 /* DUP (element, scalar)
@@ -5966,9 +5952,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, 
int rd, int rn,
  int imm5)
 {
 int size = ctz32(imm5);
-int esize = 8 << size;
-int elements = (is_q ? 128 : 64)/esize;
-int i = 0;
+uint32_t dofs, oprsz, maxsz;
 
 if (size > 3 || ((size == 3) && !is_q)) {
 unallocated_encoding(s);
@@ -5979,12 +5963,11 @@ static void handle_simd_dupg(DisasContext *s, int is_q, 
int rd, int rn,
 return;
 }
 
-for (i = 0; i < elements; i++) {
-write_vec_element(s, cpu_reg(s, rn), rd, i, size);
-}
-if (!is_q) {
-clear_vec_high(s, rd);
-}
+dofs = vec_full_reg_offset(s, rd);
+oprsz = is_q ? 16 : 8;
+maxsz = vec_full_reg_size(s);
+
+tcg_gen_gvec_dup_i64(size, dofs, oprsz, maxsz, cpu_reg(s, rn));
 }
 
 /* INS (Element)
@@ -6175,7 +6158,6 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t 
insn)
 bool is_neg = extract32(insn, 29, 1);
 bool is_q = extract32(insn, 30, 1);
 uint64_t imm = 0;
-TCGv_i64 tcg_rd, tcg_imm;
 int i;
 
 if (o2 != 0 || ((cmode == 0xf) && is_neg && !is_q)) {
@@ -6257,32 +6239,35 @@ static void disas_simd_mod_imm(DisasContext *s, 
uint32_t insn)
 imm = ~imm;
 }
 
-tcg_imm = tcg_const_i64(imm);
-tcg_rd = new_tmp_a64(s);
+if (!((cmode & 0x9) == 0x1 || (cmode & 0xd) == 0x9)) {
+/* MOVI or MVNI, with MVNI negation handled above.  */
+tcg_gen_gvec_dup64i(vec_full_reg_offset(s, rd), is_q ? 16 : 8,
+vec_full_reg_size(s), imm);
+} else {
+TCGv_i64 tcg_imm = tcg_const_i64(imm);
+TCGv_i64 tcg_rd = new_tmp_a64(s);
 
-for (i = 0; i < 2; i++) {
-int foffs = i ? fp_reg_hi_offset(s, rd) : fp_reg_offset(s, rd, MO_64);
+for (i = 0; i < 2; i++) {
+int foffs = vec_reg_offset(s, rd, i, MO_64);
 
-if (i == 1 && !is_q) {
-/* non-quad ops clear high half of vector */
-tcg_gen_movi_i64(tcg_rd, 0);
-} else if ((cmode & 0x9) == 0x1 || (cmode & 0xd) == 0x9) {
-tcg_gen_ld_i64(tcg_rd, cpu_env, foffs);
-if (is_neg) {
-/* AND (BIC) */
-tcg_gen_and_i64(tcg_rd, tcg_rd, tcg_imm);
+if (i == 1 && !is_q) {
+/* non-quad ops clear high half of vector */
+tcg_gen_movi_i64(tcg_rd, 0);
 } else {
-/* ORR */
-tcg_gen_or_i64(tcg_rd, tcg_rd, tcg_imm);
+tcg_gen_ld_i64(tcg_rd, cpu_env, foffs);
+if (is_neg) {
+/* AND (BIC) */
+tcg_gen_and_i64(tcg_rd, tcg_rd, tcg_imm);
+} else {
+/* ORR */
+tcg_gen_or_i64(tcg_rd, tcg_rd, tcg_imm);
+}
 }
-} else {
-/* MOVI */
-tcg_gen_mov_i64(tcg_rd, tcg_imm);
+tcg_gen_st_i64(tcg_rd, cpu_env, foffs);
 }
-tcg_gen_st_i64(tcg_rd, cpu_env, foffs);
-}
 
-tcg_temp_free_i64(tcg_imm);
+tcg_temp_free_i64(tcg_imm);
+}
 }
 
 /* AdvSIMD scalar copy
-- 
2.14.3

[Qemu-devel] [PATCH v11 18/20] target/arm: Use vector infrastructure for aa64 orr/bic immediate

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 28 +---
 1 file changed, 5 insertions(+), 23 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 64a2c2df59..d688a699be 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -6180,7 +6180,6 @@ static void disas_simd_mod_imm(DisasContext *s, uint32_t 
insn)
 bool is_neg = extract32(insn, 29, 1);
 bool is_q = extract32(insn, 30, 1);
 uint64_t imm = 0;
-int i;
 
 if (o2 != 0 || ((cmode == 0xf) && is_neg && !is_q)) {
 unallocated_encoding(s);
@@ -6266,29 +6265,12 @@ static void disas_simd_mod_imm(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_dup64i(vec_full_reg_offset(s, rd), is_q ? 16 : 8,
 vec_full_reg_size(s), imm);
 } else {
-TCGv_i64 tcg_imm = tcg_const_i64(imm);
-TCGv_i64 tcg_rd = new_tmp_a64(s);
-
-for (i = 0; i < 2; i++) {
-int foffs = vec_reg_offset(s, rd, i, MO_64);
-
-if (i == 1 && !is_q) {
-/* non-quad ops clear high half of vector */
-tcg_gen_movi_i64(tcg_rd, 0);
-} else {
-tcg_gen_ld_i64(tcg_rd, cpu_env, foffs);
-if (is_neg) {
-/* AND (BIC) */
-tcg_gen_and_i64(tcg_rd, tcg_rd, tcg_imm);
-} else {
-/* ORR */
-tcg_gen_or_i64(tcg_rd, tcg_rd, tcg_imm);
-}
-}
-tcg_gen_st_i64(tcg_rd, cpu_env, foffs);
+/* ORR or BIC, with BIC negation to AND handled above.  */
+if (is_neg) {
+gen_gvec_fn2i(s, is_q, rd, rd, imm, tcg_gen_gvec_andi, MO_64);
+} else {
+gen_gvec_fn2i(s, is_q, rd, rd, imm, tcg_gen_gvec_ori, MO_64);
 }
-
-tcg_temp_free_i64(tcg_imm);
 }
 }
 
-- 
2.14.3

[Qemu-devel] [PATCH v11 03/20] tcg: Standardize integral arguments to expanders

[Richard Henderson]

Some functions use intN_t arguments, some use uintN_t, some just
used "unsigned".  To aid putting function pointers in tables, we
need consistency.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 tcg/tcg-op.h | 16 
 tcg/tcg-op.c | 42 +-
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 0c02d86b8b..a684ab5890 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -269,12 +269,12 @@ void tcg_gen_mb(TCGBar);
 void tcg_gen_addi_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
 void tcg_gen_subfi_i32(TCGv_i32 ret, int32_t arg1, TCGv_i32 arg2);
 void tcg_gen_subi_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
-void tcg_gen_andi_i32(TCGv_i32 ret, TCGv_i32 arg1, uint32_t arg2);
+void tcg_gen_andi_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
 void tcg_gen_ori_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
 void tcg_gen_xori_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
-void tcg_gen_shli_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2);
-void tcg_gen_shri_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2);
-void tcg_gen_sari_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2);
+void tcg_gen_shli_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
+void tcg_gen_shri_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
+void tcg_gen_sari_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
 void tcg_gen_muli_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2);
 void tcg_gen_div_i32(TCGv_i32 ret, TCGv_i32 arg1, TCGv_i32 arg2);
 void tcg_gen_rem_i32(TCGv_i32 ret, TCGv_i32 arg1, TCGv_i32 arg2);
@@ -458,12 +458,12 @@ static inline void tcg_gen_not_i32(TCGv_i32 ret, TCGv_i32 
arg)
 void tcg_gen_addi_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
 void tcg_gen_subfi_i64(TCGv_i64 ret, int64_t arg1, TCGv_i64 arg2);
 void tcg_gen_subi_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
-void tcg_gen_andi_i64(TCGv_i64 ret, TCGv_i64 arg1, uint64_t arg2);
+void tcg_gen_andi_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
 void tcg_gen_ori_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
 void tcg_gen_xori_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
-void tcg_gen_shli_i64(TCGv_i64 ret, TCGv_i64 arg1, unsigned arg2);
-void tcg_gen_shri_i64(TCGv_i64 ret, TCGv_i64 arg1, unsigned arg2);
-void tcg_gen_sari_i64(TCGv_i64 ret, TCGv_i64 arg1, unsigned arg2);
+void tcg_gen_shli_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
+void tcg_gen_shri_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
+void tcg_gen_sari_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
 void tcg_gen_muli_i64(TCGv_i64 ret, TCGv_i64 arg1, int64_t arg2);
 void tcg_gen_div_i64(TCGv_i64 ret, TCGv_i64 arg1, TCGv_i64 arg2);
 void tcg_gen_rem_i64(TCGv_i64 ret, TCGv_i64 arg1, TCGv_i64 arg2);
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index 0c509bfe46..3467787323 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -140,7 +140,7 @@ void tcg_gen_subi_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t 
arg2)
 }
 }
 
-void tcg_gen_andi_i32(TCGv_i32 ret, TCGv_i32 arg1, uint32_t arg2)
+void tcg_gen_andi_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2)
 {
 TCGv_i32 t0;
 /* Some cases can be optimized here.  */
@@ -148,17 +148,17 @@ void tcg_gen_andi_i32(TCGv_i32 ret, TCGv_i32 arg1, 
uint32_t arg2)
 case 0:
 tcg_gen_movi_i32(ret, 0);
 return;
-case 0xu:
+case -1:
 tcg_gen_mov_i32(ret, arg1);
 return;
-case 0xffu:
+case 0xff:
 /* Don't recurse with tcg_gen_ext8u_i32.  */
 if (TCG_TARGET_HAS_ext8u_i32) {
 tcg_gen_op2_i32(INDEX_op_ext8u_i32, ret, arg1);
 return;
 }
 break;
-case 0xu:
+case 0x:
 if (TCG_TARGET_HAS_ext16u_i32) {
 tcg_gen_op2_i32(INDEX_op_ext16u_i32, ret, arg1);
 return;
@@ -199,9 +199,9 @@ void tcg_gen_xori_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t 
arg2)
 }
 }
 
-void tcg_gen_shli_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2)
+void tcg_gen_shli_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2)
 {
-tcg_debug_assert(arg2 < 32);
+tcg_debug_assert(arg2 >= 0 && arg2 < 32);
 if (arg2 == 0) {
 tcg_gen_mov_i32(ret, arg1);
 } else {
@@ -211,9 +211,9 @@ void tcg_gen_shli_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned 
arg2)
 }
 }
 
-void tcg_gen_shri_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2)
+void tcg_gen_shri_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2)
 {
-tcg_debug_assert(arg2 < 32);
+tcg_debug_assert(arg2 >= 0 && arg2 < 32);
 if (arg2 == 0) {
 tcg_gen_mov_i32(ret, arg1);
 } else {
@@ -223,9 +223,9 @@ void tcg_gen_shri_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned 
arg2)
 }
 }
 
-void tcg_gen_sari_i32(TCGv_i32 ret, TCGv_i32 arg1, unsigned arg2)
+void tcg_gen_sari_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2)
 {
-tcg_debug_assert(arg2 < 32);
+tcg_debug_assert(arg2 >= 0 && arg2 < 32);
 if (arg2 == 0) {
 

[Qemu-devel] [PATCH v11 17/20] target/arm: Use vector infrastructure for aa64 multiplies

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 154 +
 1 file changed, 129 insertions(+), 25 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c928c4787c..64a2c2df59 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -9753,6 +9753,66 @@ static void disas_simd_3same_float(DisasContext *s, 
uint32_t insn)
 }
 }
 
+static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u8(a, a, b);
+gen_helper_neon_add_u8(d, d, a);
+}
+
+static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u16(a, a, b);
+gen_helper_neon_add_u16(d, d, a);
+}
+
+static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_mul_i32(a, a, b);
+tcg_gen_add_i32(d, d, a);
+}
+
+static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_mul_i64(a, a, b);
+tcg_gen_add_i64(d, d, a);
+}
+
+static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_mul_vec(vece, a, a, b);
+tcg_gen_add_vec(vece, d, d, a);
+}
+
+static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u8(a, a, b);
+gen_helper_neon_sub_u8(d, d, a);
+}
+
+static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+gen_helper_neon_mul_u16(a, a, b);
+gen_helper_neon_sub_u16(d, d, a);
+}
+
+static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
+{
+tcg_gen_mul_i32(a, a, b);
+tcg_gen_sub_i32(d, d, a);
+}
+
+static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
+{
+tcg_gen_mul_i64(a, a, b);
+tcg_gen_sub_i64(d, d, a);
+}
+
+static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
+{
+tcg_gen_mul_vec(vece, a, a, b);
+tcg_gen_sub_vec(vece, d, d, a);
+}
+
 /* Integer op subgroup of C3.6.16. */
 static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
 {
@@ -9771,6 +9831,52 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
   .prefer_i64 = TCG_TARGET_REG_BITS == 64,
   .vece = MO_64 },
 };
+static const GVecGen3 mla_op[4] = {
+{ .fni4 = gen_mla8_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_8 },
+{ .fni4 = gen_mla16_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_16 },
+{ .fni4 = gen_mla32_i32,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_32 },
+{ .fni8 = gen_mla64_i64,
+  .fniv = gen_mla_vec,
+  .opc = INDEX_op_mul_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .load_dest = true,
+  .vece = MO_64 },
+};
+static const GVecGen3 mls_op[4] = {
+{ .fni4 = gen_mls8_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_8 },
+{ .fni4 = gen_mls16_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_16 },
+{ .fni4 = gen_mls32_i32,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .load_dest = true,
+  .vece = MO_32 },
+{ .fni8 = gen_mls64_i64,
+  .fniv = gen_mls_vec,
+  .opc = INDEX_op_mul_vec,
+  .prefer_i64 = TCG_TARGET_REG_BITS == 64,
+  .load_dest = true,
+  .vece = MO_64 },
+};
 
 int is_q = extract32(insn, 30, 1);
 int u = extract32(insn, 29, 1);
@@ -9828,6 +9934,19 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_add, size);
 }
 return;
+case 0x13: /* MUL, PMUL */
+if (!u) { /* MUL */
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_mul, size);
+return;
+}
+break;
+case 0x12: /* MLA, MLS */
+if (u) {
+gen_gvec_op3(s, is_q, rd, rn, rm, _op[size]);
+} else {
+gen_gvec_op3(s, is_q, rd, rn, rm, _op[size]);
+}
+return;
 case 0x11:
 if (!u) { /* CMTST */
 gen_gvec_op3(s, is_q, rd, rn, rm, _op[size]);
@@ -10002,23 +10121,10 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 break;
 }
 case 0x13: /* MUL, PMUL */
-if (u) {
-/* PMUL */
-assert(size == 0);
-genfn = gen_helper_neon_mul_p8;
-break;
-}
-/* fall through : MUL */
-case 0x12: /* MLA, MLS */
-{
-static 

[Qemu-devel] [PATCH v11 06/20] tcg: Add generic vector ops for comparisons

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  30 +
 tcg/tcg-op-gvec.h|   4 ++
 tcg/tcg-op.h |   3 +
 tcg/tcg-opc.h|   2 +
 accel/tcg/tcg-runtime-gvec.c |  36 +++
 tcg/tcg-op-gvec.c| 151 +++
 tcg/tcg-op-vec.c |  23 +++
 tcg/tcg.c|   2 +
 tcg/README   |   4 ++
 9 files changed, 255 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index df23c9aea9..c840debc40 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -178,3 +178,33 @@ DEF_HELPER_FLAGS_3(gvec_sar8i, TCG_CALL_NO_RWG, void, ptr, 
ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_sar16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_sar32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_sar64i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_eq8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_eq64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_ne8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ne64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_lt8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_lt64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_le8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_le64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_ltu8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_ltu64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
+DEF_HELPER_FLAGS_4(gvec_leu8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_leu64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index b9f9eb7b84..60a17ee908 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -207,6 +207,10 @@ void tcg_gen_gvec_shri(unsigned vece, uint32_t dofs, 
uint32_t aofs,
 void tcg_gen_gvec_sari(unsigned vece, uint32_t dofs, uint32_t aofs,
int64_t shift, uint32_t oprsz, uint32_t maxsz);
 
+void tcg_gen_gvec_cmp(TCGCond cond, unsigned vece, uint32_t dofs,
+  uint32_t aofs, uint32_t bofs,
+  uint32_t oprsz, uint32_t maxsz);
+
 /*
  * 64-bit vector operations.  Use these when the register has been allocated
  * with tcg_global_mem_new_i64, and so we cannot also address it via pointer.
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 98e2dfbe90..113d9a6c3a 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -929,6 +929,9 @@ void tcg_gen_shli_vec(unsigned vece, TCGv_vec r, TCGv_vec 
a, int64_t i);
 void tcg_gen_shri_vec(unsigned vece, TCGv_vec r, TCGv_vec a, int64_t i);
 void tcg_gen_sari_vec(unsigned vece, TCGv_vec r, TCGv_vec a, int64_t i);
 
+void tcg_gen_cmp_vec(TCGCond cond, unsigned vece, TCGv_vec r,
+ TCGv_vec a, TCGv_vec b);
+
 void tcg_gen_ld_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
 void tcg_gen_st_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset);
 void tcg_gen_stl_vec(TCGv_vec r, TCGv_ptr base, TCGArg offset, TCGType t);
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 43ef67bf46..13c0eed3da 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -240,6 +240,8 @@ DEF(shlv_vec, 1, 2, 0, IMPLVEC | 
IMPL(TCG_TARGET_HAS_shv_vec))
 DEF(shrv_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_shv_vec))
 DEF(sarv_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_shv_vec))
 
+DEF(cmp_vec, 1, 2, 1, IMPLVEC)
+
 DEF(last_generic, 0, 0, 0, TCG_OPF_NOT_PRESENT)
 
 #if TCG_TARGET_MAYBE_vec
diff --git a/accel/tcg/tcg-runtime-gvec.c b/accel/tcg/tcg-runtime-gvec.c
index f0964aadb2..f2b0cba4a2 100644
--- a/accel/tcg/tcg-runtime-gvec.c
+++ b/accel/tcg/tcg-runtime-gvec.c
@@ -467,3 +467,39 @@ void HELPER(gvec_sar64i)(void *d, void *a, uint32_t desc)
 }
 clear_high(d, oprsz, desc);
 }
+
+/* If vectors are enabled, the compiler fills in -1 for true.
+   Otherwise, we must take care of 

[Qemu-devel] [PATCH v11 09/20] tcg: Add generic vector helpers with a scalar operand

[Richard Henderson]

Use dup to convert a non-constant scalar to a third vector.

Add addition, multiplication, and logical operations with an immediate.
Add addition, subtraction, multiplication, and logical operations with
a non-constant scalar.  Allow for the front-end to build operations in
which the scalar operand comes first.

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  19 +++
 tcg/tcg-op-gvec.h|  59 ++-
 accel/tcg/tcg-runtime-gvec.c | 180 +
 tcg/tcg-op-gvec.c| 361 ++-
 4 files changed, 617 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index f224a975e8..2536959a18 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -147,16 +147,31 @@ DEF_HELPER_FLAGS_4(gvec_add16, TCG_CALL_NO_RWG, void, 
ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_add32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_add64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_adds8, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_adds16, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_adds32, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_adds64, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_4(gvec_sub8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_subs8, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_subs16, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_subs32, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_subs64, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_4(gvec_mul8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_mul16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_mul32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_mul64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_muls8, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_muls16, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_muls32, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_muls64, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_4(gvec_ssadd8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_ssadd16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_ssadd32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
@@ -189,6 +204,10 @@ DEF_HELPER_FLAGS_4(gvec_xor, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_andc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_orc, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_ands, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_xors, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+DEF_HELPER_FLAGS_4(gvec_ors, TCG_CALL_NO_RWG, void, ptr, ptr, i64, i32)
+
 DEF_HELPER_FLAGS_3(gvec_shl8i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_shl16i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_shl32i, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 03ced440c2..ff43a29a0b 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -35,6 +35,12 @@ void tcg_gen_gvec_2_ool(uint32_t dofs, uint32_t aofs,
 uint32_t oprsz, uint32_t maxsz, int32_t data,
 gen_helper_gvec_2 *fn);
 
+/* Similarly, passing an extra data value.  */
+typedef void gen_helper_gvec_2i(TCGv_ptr, TCGv_ptr, TCGv_i64, TCGv_i32);
+void tcg_gen_gvec_2i_ool(uint32_t dofs, uint32_t aofs, TCGv_i64 c,
+ uint32_t oprsz, uint32_t maxsz, int32_t data,
+ gen_helper_gvec_2i *fn);
+
 /* Similarly, passing an extra pointer (e.g. env or float_status).  */
 typedef void gen_helper_gvec_2_ptr(TCGv_ptr, TCGv_ptr, TCGv_ptr, TCGv_i32);
 void tcg_gen_gvec_2_ptr(uint32_t dofs, uint32_t aofs,
@@ -102,8 +108,10 @@ typedef struct {
 void (*fni4)(TCGv_i32, TCGv_i32, int32_t);
 /* Expand inline with a host vector type.  */
 void (*fniv)(unsigned, TCGv_vec, TCGv_vec, int64_t);
-/* Expand out-of-line helper w/descriptor.  */
+/* Expand out-of-line helper w/descriptor, data in descriptor.  */
 gen_helper_gvec_2 *fno;
+/* Expand out-of-line helper w/descriptor, data as argument.  */
+gen_helper_gvec_2i *fnoi;
 /* The opcode, if any, to which this corresponds.  */
 TCGOpcode opc;
 /* The vector element size, if applicable.  */
@@ -114,6 +122,27 @@ typedef struct {
 bool load_dest;
 } GVecGen2i;
 

[Qemu-devel] [PATCH v11 11/20] target/arm: Align vector registers

[Richard Henderson]

Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index d2bb59eded..8d41f783dc 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -492,7 +492,7 @@ typedef struct CPUARMState {
  * the two execution states, and means we do not need to explicitly
  * map these registers when changing states.
  */
-uint64_t regs[64];
+uint64_t regs[64] QEMU_ALIGNED(16);
 
 uint32_t xregs[16];
 /* We store these fpcsr fields separately for convenience.  */
-- 
2.14.3

[Qemu-devel] [PATCH v11 19/20] tcg/i386: Add vector operations

[Richard Henderson]

The x86 vector instruction set is extremely irregular.  With newer
editions, Intel has filled in some of the blanks.  However, we don't
get many 64-bit operations until SSE4.2, introduced in 2009.

The subsequent edition was for AVX1, introduced in 2011, which added
three-operand addressing, and adjusts how all instructions should be
encoded.

Given the relatively narrow 2 year window between possible to support
and desirable to support, and to vastly simplify code maintainence,
I am only planning to support AVX1 and later cpus.

Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.h |  41 +-
 tcg/i386/tcg-target.opc.h |  13 +
 tcg/i386/tcg-target.inc.c | 987 +++---
 3 files changed, 987 insertions(+), 54 deletions(-)
 create mode 100644 tcg/i386/tcg-target.opc.h

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index b89dababf4..9fdf37f23c 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -30,10 +30,10 @@
 
 #ifdef __x86_64__
 # define TCG_TARGET_REG_BITS  64
-# define TCG_TARGET_NB_REGS   16
+# define TCG_TARGET_NB_REGS   32
 #else
 # define TCG_TARGET_REG_BITS  32
-# define TCG_TARGET_NB_REGS8
+# define TCG_TARGET_NB_REGS   24
 #endif
 
 typedef enum {
@@ -56,6 +56,26 @@ typedef enum {
 TCG_REG_R13,
 TCG_REG_R14,
 TCG_REG_R15,
+
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+TCG_REG_XMM6,
+TCG_REG_XMM7,
+
+/* 64-bit registers; likewise always define.  */
+TCG_REG_XMM8,
+TCG_REG_XMM9,
+TCG_REG_XMM10,
+TCG_REG_XMM11,
+TCG_REG_XMM12,
+TCG_REG_XMM13,
+TCG_REG_XMM14,
+TCG_REG_XMM15,
+
 TCG_REG_RAX = TCG_REG_EAX,
 TCG_REG_RCX = TCG_REG_ECX,
 TCG_REG_RDX = TCG_REG_EDX,
@@ -77,6 +97,8 @@ typedef enum {
 
 extern bool have_bmi1;
 extern bool have_popcnt;
+extern bool have_avx1;
+extern bool have_avx2;
 
 /* optional instructions */
 #define TCG_TARGET_HAS_div2_i32 1
@@ -146,6 +168,21 @@ extern bool have_popcnt;
 #define TCG_TARGET_HAS_mulsh_i640
 #endif
 
+/* We do not support older SSE systems, only beginning with AVX1.  */
+#define TCG_TARGET_HAS_v64  have_avx1
+#define TCG_TARGET_HAS_v128 have_avx1
+#define TCG_TARGET_HAS_v256 have_avx2
+
+#define TCG_TARGET_HAS_andc_vec 1
+#define TCG_TARGET_HAS_orc_vec  0
+#define TCG_TARGET_HAS_not_vec  0
+#define TCG_TARGET_HAS_neg_vec  0
+#define TCG_TARGET_HAS_shi_vec  1
+#define TCG_TARGET_HAS_shs_vec  0
+#define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_cmp_vec  1
+#define TCG_TARGET_HAS_mul_vec  1
+
 #define TCG_TARGET_deposit_i32_valid(ofs, len) \
 (((ofs) == 0 && (len) == 8) || ((ofs) == 8 && (len) == 8) || \
  ((ofs) == 0 && (len) == 16))
diff --git a/tcg/i386/tcg-target.opc.h b/tcg/i386/tcg-target.opc.h
new file mode 100644
index 00..e5fa88ba25
--- /dev/null
+++ b/tcg/i386/tcg-target.opc.h
@@ -0,0 +1,13 @@
+/* Target-specific opcodes for host vector expansion.  These will be
+   emitted by tcg_expand_vec_op.  For those familiar with GCC internals,
+   consider these to be UNSPEC with names.  */
+
+DEF(x86_shufps_vec, 1, 2, 1, IMPLVEC)
+DEF(x86_vpblendvb_vec, 1, 3, 0, IMPLVEC)
+DEF(x86_blend_vec, 1, 2, 1, IMPLVEC)
+DEF(x86_packss_vec, 1, 2, 0, IMPLVEC)
+DEF(x86_packus_vec, 1, 2, 0, IMPLVEC)
+DEF(x86_psrldq_vec, 1, 1, 1, IMPLVEC)
+DEF(x86_vperm2i128_vec, 1, 2, 1, IMPLVEC)
+DEF(x86_punpckl_vec, 1, 2, 0, IMPLVEC)
+DEF(x86_punpckh_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 63d27f10e7..fc05909d1d 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -28,9 +28,14 @@
 static const char * const tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 #if TCG_TARGET_REG_BITS == 64
 "%rax", "%rcx", "%rdx", "%rbx", "%rsp", "%rbp", "%rsi", "%rdi",
-"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
 #else
 "%eax", "%ecx", "%edx", "%ebx", "%esp", "%ebp", "%esi", "%edi",
+#endif
+"%r8",  "%r9",  "%r10", "%r11", "%r12", "%r13", "%r14", "%r15",
+"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7",
+#if TCG_TARGET_REG_BITS == 64
+"%xmm8", "%xmm9", "%xmm10", "%xmm11",
+"%xmm12", "%xmm13", "%xmm14", "%xmm15",
 #endif
 };
 #endif
@@ -60,6 +65,28 @@ static const int tcg_target_reg_alloc_order[] = {
 TCG_REG_ECX,
 TCG_REG_EDX,
 TCG_REG_EAX,
+#endif
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+#ifndef _WIN64
+/* The Win64 ABI has xmm6-xmm15 as caller-saves, and we do not save
+   any of them.  Therefore only allow xmm0-xmm5 to be allocated.  */
+TCG_REG_XMM6,
+TCG_REG_XMM7,
+#if TCG_TARGET_REG_BITS == 64
+TCG_REG_XMM8,
+TCG_REG_XMM9,
+TCG_REG_XMM10,
+TCG_REG_XMM11,
+  

[Qemu-devel] [PATCH v11 10/20] tcg/optimize: Handle vector opcodes during optimize

[Richard Henderson]

Trivial move and constant propagation.  Some identity and constant
function folding, but nothing that requires knowledge of the size
of the vector element.

Signed-off-by: Richard Henderson 
---
 tcg/optimize.c | 150 +
 1 file changed, 77 insertions(+), 73 deletions(-)

diff --git a/tcg/optimize.c b/tcg/optimize.c
index 2cbbeefd53..d4ea67e541 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -32,6 +32,11 @@
 glue(glue(case INDEX_op_, x), _i32):\
 glue(glue(case INDEX_op_, x), _i64)
 
+#define CASE_OP_32_64_VEC(x)\
+glue(glue(case INDEX_op_, x), _i32):\
+glue(glue(case INDEX_op_, x), _i64):\
+glue(glue(case INDEX_op_, x), _vec)
+
 struct tcg_temp_info {
 bool is_const;
 TCGTemp *prev_copy;
@@ -108,40 +113,6 @@ static void init_arg_info(struct tcg_temp_info *infos,
 init_ts_info(infos, temps_used, arg_temp(arg));
 }
 
-static int op_bits(TCGOpcode op)
-{
-const TCGOpDef *def = _op_defs[op];
-return def->flags & TCG_OPF_64BIT ? 64 : 32;
-}
-
-static TCGOpcode op_to_mov(TCGOpcode op)
-{
-switch (op_bits(op)) {
-case 32:
-return INDEX_op_mov_i32;
-case 64:
-return INDEX_op_mov_i64;
-default:
-fprintf(stderr, "op_to_mov: unexpected return value of "
-"function op_bits.\n");
-tcg_abort();
-}
-}
-
-static TCGOpcode op_to_movi(TCGOpcode op)
-{
-switch (op_bits(op)) {
-case 32:
-return INDEX_op_movi_i32;
-case 64:
-return INDEX_op_movi_i64;
-default:
-fprintf(stderr, "op_to_movi: unexpected return value of "
-"function op_bits.\n");
-tcg_abort();
-}
-}
-
 static TCGTemp *find_better_copy(TCGContext *s, TCGTemp *ts)
 {
 TCGTemp *i;
@@ -199,11 +170,23 @@ static bool args_are_copies(TCGArg arg1, TCGArg arg2)
 
 static void tcg_opt_gen_movi(TCGContext *s, TCGOp *op, TCGArg dst, TCGArg val)
 {
-TCGOpcode new_op = op_to_movi(op->opc);
+const TCGOpDef *def;
+TCGOpcode new_op;
 tcg_target_ulong mask;
 struct tcg_temp_info *di = arg_info(dst);
 
+def = _op_defs[op->opc];
+if (def->flags & TCG_OPF_VECTOR) {
+new_op = INDEX_op_dupi_vec;
+} else if (def->flags & TCG_OPF_64BIT) {
+new_op = INDEX_op_movi_i64;
+} else {
+new_op = INDEX_op_movi_i32;
+}
 op->opc = new_op;
+/* TCGOP_VECL and TCGOP_VECE remain unchanged.  */
+op->args[0] = dst;
+op->args[1] = val;
 
 reset_temp(dst);
 di->is_const = true;
@@ -214,15 +197,13 @@ static void tcg_opt_gen_movi(TCGContext *s, TCGOp *op, 
TCGArg dst, TCGArg val)
 mask |= ~0xull;
 }
 di->mask = mask;
-
-op->args[0] = dst;
-op->args[1] = val;
 }
 
 static void tcg_opt_gen_mov(TCGContext *s, TCGOp *op, TCGArg dst, TCGArg src)
 {
 TCGTemp *dst_ts = arg_temp(dst);
 TCGTemp *src_ts = arg_temp(src);
+const TCGOpDef *def;
 struct tcg_temp_info *di;
 struct tcg_temp_info *si;
 tcg_target_ulong mask;
@@ -236,9 +217,16 @@ static void tcg_opt_gen_mov(TCGContext *s, TCGOp *op, 
TCGArg dst, TCGArg src)
 reset_ts(dst_ts);
 di = ts_info(dst_ts);
 si = ts_info(src_ts);
-new_op = op_to_mov(op->opc);
-
+def = _op_defs[op->opc];
+if (def->flags & TCG_OPF_VECTOR) {
+new_op = INDEX_op_mov_vec;
+} else if (def->flags & TCG_OPF_64BIT) {
+new_op = INDEX_op_mov_i64;
+} else {
+new_op = INDEX_op_mov_i32;
+}
 op->opc = new_op;
+/* TCGOP_VECL and TCGOP_VECE remain unchanged.  */
 op->args[0] = dst;
 op->args[1] = src;
 
@@ -417,8 +405,9 @@ static TCGArg do_constant_folding_2(TCGOpcode op, TCGArg x, 
TCGArg y)
 
 static TCGArg do_constant_folding(TCGOpcode op, TCGArg x, TCGArg y)
 {
+const TCGOpDef *def = _op_defs[op];
 TCGArg res = do_constant_folding_2(op, x, y);
-if (op_bits(op) == 32) {
+if (!(def->flags & TCG_OPF_64BIT)) {
 res = (int32_t)res;
 }
 return res;
@@ -508,13 +497,12 @@ static TCGArg do_constant_folding_cond(TCGOpcode op, 
TCGArg x,
 tcg_target_ulong xv = arg_info(x)->val;
 tcg_target_ulong yv = arg_info(y)->val;
 if (arg_is_const(x) && arg_is_const(y)) {
-switch (op_bits(op)) {
-case 32:
-return do_constant_folding_cond_32(xv, yv, c);
-case 64:
+const TCGOpDef *def = _op_defs[op];
+tcg_debug_assert(!(def->flags & TCG_OPF_VECTOR));
+if (def->flags & TCG_OPF_64BIT) {
 return do_constant_folding_cond_64(xv, yv, c);
-default:
-tcg_abort();
+} else {
+return do_constant_folding_cond_32(xv, yv, c);
 }
 } else if (args_are_copies(x, y)) {
 return do_constant_folding_cond_eq(c);
@@ -653,11 +641,11 @@ void tcg_optimize(TCGContext *s)
 
 /* For commutative operations make constant second argument */

[Qemu-devel] [PATCH v11 12/20] target/arm: Use vector infrastructure for aa64 add/sub/logic

[Richard Henderson]

Reviewed-by: Alex Bennée 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 200 +
 1 file changed, 128 insertions(+), 72 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index eed64c73e5..5a4e62ae0f 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "tcg-op.h"
+#include "tcg-op-gvec.h"
 #include "qemu/log.h"
 #include "arm_ldst.h"
 #include "translate.h"
@@ -84,6 +85,10 @@ typedef void CryptoTwoOpFn(TCGv_ptr, TCGv_ptr);
 typedef void CryptoThreeOpIntFn(TCGv_ptr, TCGv_ptr, TCGv_i32);
 typedef void CryptoThreeOpFn(TCGv_ptr, TCGv_ptr, TCGv_ptr);
 
+/* Note that the gvec expanders operate on offsets + sizes.  */
+typedef void GVecGen3Fn(unsigned, uint32_t, uint32_t,
+uint32_t, uint32_t, uint32_t);
+
 /* initialize TCG globals.  */
 void a64_translate_init(void)
 {
@@ -548,6 +553,14 @@ static TCGv_ptr vec_full_reg_ptr(DisasContext *s, int 
regno)
 return ret;
 }
 
+/* Return the byte size of the "whole" vector register, VL / 8.  */
+static inline int vec_full_reg_size(DisasContext *s)
+{
+/* FIXME SVE: We should put the composite ZCR_EL* value into tb->flags.
+   In the meantime this is just the AdvSIMD length of 128.  */
+return 128 / 8;
+}
+
 /* Return the offset into CPUARMState of a slice (from
  * the least significant end) of FP register Qn (ie
  * Dn, Sn, Hn or Bn).
@@ -618,6 +631,23 @@ static TCGv_ptr get_fpstatus_ptr(void)
 return statusptr;
 }
 
+/* Expand a 3-operand AdvSIMD vector operation using an expander function.  */
+static void gen_gvec_fn3(DisasContext *s, bool is_q, int rd, int rn, int rm,
+ GVecGen3Fn *gvec_fn, int vece)
+{
+gvec_fn(vece, vec_full_reg_offset(s, rd), vec_full_reg_offset(s, rn),
+vec_full_reg_offset(s, rm), is_q ? 16 : 8, vec_full_reg_size(s));
+}
+
+/* Expand a 3-operand AdvSIMD vector operation using an op descriptor.  */
+static void gen_gvec_op3(DisasContext *s, bool is_q, int rd,
+ int rn, int rm, const GVecGen3 *gvec_op)
+{
+tcg_gen_gvec_3(vec_full_reg_offset(s, rd), vec_full_reg_offset(s, rn),
+   vec_full_reg_offset(s, rm), is_q ? 16 : 8,
+   vec_full_reg_size(s), gvec_op);
+}
+
 /* Set ZF and NF based on a 64 bit result. This is alas fiddlier
  * than the 32 bit equivalent.
  */
@@ -9072,85 +9102,111 @@ static void disas_simd_three_reg_diff(DisasContext *s, 
uint32_t insn)
 }
 }
 
+static void gen_bsl_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rm);
+tcg_gen_and_i64(rn, rn, rd);
+tcg_gen_xor_i64(rd, rm, rn);
+}
+
+static void gen_bit_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_and_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bif_i64(TCGv_i64 rd, TCGv_i64 rn, TCGv_i64 rm)
+{
+tcg_gen_xor_i64(rn, rn, rd);
+tcg_gen_andc_i64(rn, rn, rm);
+tcg_gen_xor_i64(rd, rd, rn);
+}
+
+static void gen_bsl_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rm);
+tcg_gen_and_vec(vece, rn, rn, rd);
+tcg_gen_xor_vec(vece, rd, rm, rn);
+}
+
+static void gen_bit_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+tcg_gen_and_vec(vece, rn, rn, rm);
+tcg_gen_xor_vec(vece, rd, rd, rn);
+}
+
+static void gen_bif_vec(unsigned vece, TCGv_vec rd, TCGv_vec rn, TCGv_vec rm)
+{
+tcg_gen_xor_vec(vece, rn, rn, rd);
+tcg_gen_andc_vec(vece, rn, rn, rm);
+tcg_gen_xor_vec(vece, rd, rd, rn);
+}
+
 /* Logic op (opcode == 3) subgroup of C3.6.16. */
 static void disas_simd_3same_logic(DisasContext *s, uint32_t insn)
 {
+static const GVecGen3 bsl_op = {
+.fni8 = gen_bsl_i64,
+.fniv = gen_bsl_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+static const GVecGen3 bit_op = {
+.fni8 = gen_bit_i64,
+.fniv = gen_bit_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+static const GVecGen3 bif_op = {
+.fni8 = gen_bif_i64,
+.fniv = gen_bif_vec,
+.prefer_i64 = TCG_TARGET_REG_BITS == 64,
+.load_dest = true
+};
+
 int rd = extract32(insn, 0, 5);
 int rn = extract32(insn, 5, 5);
 int rm = extract32(insn, 16, 5);
 int size = extract32(insn, 22, 2);
 bool is_u = extract32(insn, 29, 1);
 bool is_q = extract32(insn, 30, 1);
-TCGv_i64 tcg_op1, tcg_op2, tcg_res[2];
-int pass;
 
 if (!fp_access_check(s)) {
 return;
 }
 
-tcg_op1 = tcg_temp_new_i64();
-tcg_op2 = tcg_temp_new_i64();
-tcg_res[0] = tcg_temp_new_i64();
-

[Qemu-devel] [PATCH v11 07/20] tcg: Add generic vector ops for multiplication

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-runtime.h  |  5 +
 tcg/tcg-op-gvec.h|  2 ++
 tcg/tcg-op.h |  1 +
 tcg/tcg-opc.h|  1 +
 tcg/tcg.h|  1 +
 accel/tcg/tcg-runtime-gvec.c | 44 
 tcg/tcg-op-gvec.c| 29 +
 tcg/tcg-op-vec.c | 22 ++
 tcg/tcg.c|  2 ++
 tcg/README   |  4 
 10 files changed, 111 insertions(+)

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index c840debc40..54f7e78b09 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -152,6 +152,11 @@ DEF_HELPER_FLAGS_4(gvec_sub16, TCG_CALL_NO_RWG, void, ptr, 
ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 DEF_HELPER_FLAGS_4(gvec_sub64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_4(gvec_mul8, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul16, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul32, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_4(gvec_mul64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32)
+
 DEF_HELPER_FLAGS_3(gvec_neg8, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg16, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
 DEF_HELPER_FLAGS_3(gvec_neg32, TCG_CALL_NO_RWG, void, ptr, ptr, i32)
diff --git a/tcg/tcg-op-gvec.h b/tcg/tcg-op-gvec.h
index 60a17ee908..abe909df39 100644
--- a/tcg/tcg-op-gvec.h
+++ b/tcg/tcg-op-gvec.h
@@ -176,6 +176,8 @@ void tcg_gen_gvec_add(unsigned vece, uint32_t dofs, 
uint32_t aofs,
   uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
 void tcg_gen_gvec_sub(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
+void tcg_gen_gvec_mul(unsigned vece, uint32_t dofs, uint32_t aofs,
+  uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
 
 void tcg_gen_gvec_and(unsigned vece, uint32_t dofs, uint32_t aofs,
   uint32_t bofs, uint32_t oprsz, uint32_t maxsz);
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 113d9a6c3a..75bb55aeac 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -917,6 +917,7 @@ void tcg_gen_dup64i_vec(TCGv_vec, uint64_t);
 void tcg_gen_dupi_vec(unsigned vece, TCGv_vec, uint64_t);
 void tcg_gen_add_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_sub_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
+void tcg_gen_mul_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_and_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_or_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
 void tcg_gen_xor_vec(unsigned vece, TCGv_vec r, TCGv_vec a, TCGv_vec b);
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 13c0eed3da..d81a6c4535 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -219,6 +219,7 @@ DEF(st_vec, 0, 2, 1, IMPLVEC)
 
 DEF(add_vec, 1, 2, 0, IMPLVEC)
 DEF(sub_vec, 1, 2, 0, IMPLVEC)
+DEF(mul_vec, 1, 2, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_mul_vec))
 DEF(neg_vec, 1, 1, 0, IMPLVEC | IMPL(TCG_TARGET_HAS_neg_vec))
 
 DEF(and_vec, 1, 2, 0, IMPLVEC)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 8c19a1f41d..9e2d909a4a 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -181,6 +181,7 @@ typedef uint64_t TCGRegSet;
 #define TCG_TARGET_HAS_shi_vec  0
 #define TCG_TARGET_HAS_shs_vec  0
 #define TCG_TARGET_HAS_shv_vec  0
+#define TCG_TARGET_HAS_mul_vec  0
 #else
 #define TCG_TARGET_MAYBE_vec1
 #endif
diff --git a/accel/tcg/tcg-runtime-gvec.c b/accel/tcg/tcg-runtime-gvec.c
index f2b0cba4a2..59d7a0a2fe 100644
--- a/accel/tcg/tcg-runtime-gvec.c
+++ b/accel/tcg/tcg-runtime-gvec.c
@@ -166,6 +166,50 @@ void HELPER(gvec_sub64)(void *d, void *a, void *b, 
uint32_t desc)
 clear_high(d, oprsz, desc);
 }
 
+void HELPER(gvec_mul8)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(vec8)) {
+*(vec8 *)(d + i) = *(vec8 *)(a + i) * *(vec8 *)(b + i);
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_mul16)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(vec16)) {
+*(vec16 *)(d + i) = *(vec16 *)(a + i) * *(vec16 *)(b + i);
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_mul32)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; i += sizeof(vec32)) {
+*(vec32 *)(d + i) = *(vec32 *)(a + i) * *(vec32 *)(b + i);
+}
+clear_high(d, oprsz, desc);
+}
+
+void HELPER(gvec_mul64)(void *d, void *a, void *b, uint32_t desc)
+{
+intptr_t oprsz = simd_oprsz(desc);
+intptr_t i;
+
+for (i = 0; i < oprsz; 

Re: [Qemu-devel] [virtio-dev] Re: [PATCH v1 6/6] vhost-user: add VFIO based accelerators support

[Jason Wang]

On 2018年01月26日 07:59, Michael S. Tsirkin wrote:

The virtual IOMMU isn't supported by the accelerators for now.
Because vhost-user currently lacks of an efficient way to share
the IOMMU table in VM to vhost backend. That's why the software
implementation of virtual IOMMU support in vhost-user backend
can't support dynamic mapping well.

What exactly is meant by that? vIOMMU seems to work for people,
it's not that fast if you change mappings all the time,
but e.g. dpdk within guest doesn't.


Yes, software implementation support dynamic mapping for sure. I think 
the point is, current vhost-user backend can not program hardware IOMMU. 
So it can not let hardware accelerator to cowork with software vIOMMU. I 
think that's another call to implement the offloaded path inside qemu 
which has complete support for vIOMMU co-operated VFIO.


Thanks




Once this problem is solved
in vhost-user, virtual IOMMU can be supported by accelerators
too, and the IOMMU feature bit checking in this patch can be
removed.

Given it works with software backends right now, I suspect
this will be up to you guys to address.

Re: [Qemu-devel] [PATCH 2/5] lockable: add QemuLockable

[Fam Zheng]

On Fri, Jan 26, 2018 at 1:59 AM, Paolo Bonzini  wrote:
> diff --git a/include/qemu/lockable.h b/include/qemu/lockable.h
> new file mode 100644
> index 00..f527d0ddb2
> --- /dev/null
> +++ b/include/qemu/lockable.h
> @@ -0,0 +1,88 @@
> +/*
> + * Polymorphic locking functions (aka poor man templates)
> + *
> + * Copyright Red Hat, Inc. 2017

It's curious why then change you made in v2 (2017 - 2018) is reverted
in v3 (similar to the commit message). I can fix this and other typos
when applying.

Fam

[Qemu-devel] [PATCH v2] tap: close fd conditionally when error occured

[Jay Zhou]

If netdev_add tap,id=net0,...,vhost=on failed in net_init_tap_one(),
the followed up device_add virtio-net-pci,netdev=net0 will fail
too, prints:

  TUNSETOFFLOAD ioctl() failed: Bad file descriptor TUNSETOFFLOAD
  ioctl() failed: Bad file descriptor

The reason is that the fd of tap is closed when error occured after
calling net_init_tap_one().

The fd should be closed when calling net_init_tap_one failed:
  - if tap_set_sndbuf() failed
  - if tap_set_sndbuf() succeeded but vhost failed to initialize with
vhostforce flag on
The fd should not be closed just because vhost failed to initialize
but without vhostforce flag. So the followed up device_add can fall
back to userspace virtio successfully.

Suggested-by: Michael S. Tsirkin 
Suggested-by: Igor Mammedov 
Suggested-by: Jason Wang 
Signed-off-by: Jay Zhou 
---
 net/tap.c | 40 
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/net/tap.c b/net/tap.c
index 979e622..8042c7d 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -648,12 +648,6 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
 TAPState *s = net_tap_fd_init(peer, model, name, fd, vnet_hdr);
 int vhostfd;
 
-tap_set_sndbuf(s->fd, tap, );
-if (err) {
-error_propagate(errp, err);
-return;
-}
-
 if (tap->has_fd || tap->has_fds) {
 snprintf(s->nc.info_str, sizeof(s->nc.info_str), "fd=%d", fd);
 } else if (tap->has_helper) {
@@ -781,6 +775,12 @@ int net_init_tap(const Netdev *netdev, const char *name,
 
 vnet_hdr = tap_probe_vnet_hdr(fd);
 
+tap_set_sndbuf(fd, tap, );
+if (err) {
+error_propagate(errp, err);
+return -1;
+}
+
 net_init_tap_one(tap, peer, "tap", name, NULL,
  script, downscript,
  vhostfdname, vnet_hdr, fd, );
@@ -832,6 +832,12 @@ int net_init_tap(const Netdev *netdev, const char *name,
 goto free_fail;
 }
 
+tap_set_sndbuf(fd, tap, );
+if (err) {
+error_propagate(errp, err);
+goto free_fail;
+}
+
 net_init_tap_one(tap, peer, "tap", name, ifname,
  script, downscript,
  tap->has_vhostfds ? vhost_fds[i] : NULL,
@@ -872,12 +878,21 @@ free_fail:
 fcntl(fd, F_SETFL, O_NONBLOCK);
 vnet_hdr = tap_probe_vnet_hdr(fd);
 
+tap_set_sndbuf(fd, tap, );
+if (err) {
+error_propagate(errp, err);
+close(fd);
+return -1;
+}
+
 net_init_tap_one(tap, peer, "bridge", name, ifname,
  script, downscript, vhostfdname,
  vnet_hdr, fd, );
 if (err) {
 error_propagate(errp, err);
-close(fd);
+if (tap->has_vhostforce && tap->vhostforce) {
+close(fd);
+}
 return -1;
 }
 } else {
@@ -910,13 +925,22 @@ free_fail:
 }
 }
 
+tap_set_sndbuf(fd, tap, );
+if (err) {
+error_propagate(errp, err);
+close(fd);
+return -1;
+}
+
 net_init_tap_one(tap, peer, "tap", name, ifname,
  i >= 1 ? "no" : script,
  i >= 1 ? "no" : downscript,
  vhostfdname, vnet_hdr, fd, );
 if (err) {
 error_propagate(errp, err);
-close(fd);
+if (tap->has_vhostforce && tap->vhostforce) {
+close(fd);
+}
 return -1;
 }
 }
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 0/8] x86 queue, 2018-01-17

[Eduardo Habkost]

On Tue, Jan 23, 2018 at 03:33:56PM -0600, Michael Roth wrote:
> Quoting Eduardo Habkost (2018-01-23 13:31:18)
> > On Tue, Jan 23, 2018 at 12:15:27PM -0600, Michael Roth wrote:
> > > Quoting Christian Borntraeger (2018-01-23 03:59:39)
> > > > 
> > > > 
> > > > On 01/23/2018 09:40 AM, Christian Ehrhardt wrote:
> > > > > On Thu, Jan 18, 2018 at 2:51 PM, Peter Maydell 
> > > > >  wrote:
> > > > >> On 18 January 2018 at 02:01, Eduardo Habkost  
> > > > >> wrote:
> > > > >>> The following changes since commit 
> > > > >>> 8e5dc9ba49743b46d955ec7dacb04e42ae7ada7c:
> > > > >>>
> > > > >>>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180116' 
> > > > >>> into staging (2018-01-16 17:36:39 +)
> > > > >>>
> > > > >>> are available in the Git repository at:
> > > > >>>
> > > > >>>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
> > > > >>>
> > > > >>> for you to fetch changes up to 
> > > > >>> 6cfbc54e8903a9bcc0346119949162d040c144c1:
> > > > >>>
> > > > >>>   i386: Add EPYC-IBPB CPU model (2018-01-17 23:54:39 -0200)
> > > > >>>
> > > > >>> 
> > > > >>> x86 queue, 2018-01-17
> > > > >>>
> > > > >>> Highlight: new CPU models that expose CPU features that guests
> > > > >>> can use to mitigate CVE-2017-5715 (Spectre variant #2).
> > > > >>>
> > > > >>
> > > > >> Applied, thanks.
> > > > >>
> > > > >> -- PMM
> > > > >>
> > > > > 
> > > > > Hi,
> > > > > I was kind of clinging to [1] so far and had the expectation that all
> > > > > those would be wrapped up in 2.11.1 once ready.
> > > > > I see that the s390x changes are targeted to qemu-stable (well to
> > > > > admit I suggested so referring the article above).
> > > > > So I'd expected to see this series to show up on qemu-stable as well
> > > > > but haven't seen it so far.
> > > > > 
> > > > > Therefore I wanted to ask if there was a change of plans in that
> > > > > regard or if it needs just a few days more to see (part of) this
> > > > > series on qemu-stable and on its way into 2.11.1?
> > > > > 
> > > > > [1]: https://www.qemu.org/2018/01/04/spectre/
> > > > 
> > > > Adding Michael,
> > > > 
> > > > Yes, I think it makes sense to have the guest enablement for the 
> > > > spectre 
> > > > mitigations available in 2.11.1 for all architectures that provide it. 
> > > > (this queue for x86, Connies pending S390 patches, whatever Power
> > > > and arm will do).
> > > 
> > > That's my plan as well, but IIUC the QEMU side of these patches rely on
> > > a KVM flag that in turn relies on this series:
> > > 
> > >   https://lkml.org/lkml/2018/1/20/158
> > 
> > Actually it depends on:
> > https://lkml.org/lkml/2018/1/9/329
> > ([PATCH v2 0/8] KVM: x86: expose CVE-2017-5715 ("Spectre variant 2") 
> > mitigations to guest)
> > 
> > The ability to expose IBRS to guests doesn't seem to depend on
> > the host kernel using IBRS to protect itself.  But I guess it
> > will be easier to merge that code after Linux developers decide
> > what they'll do.  Paolo, what's your take on this?
> > 
> > Note that there are released OSes that use IBRS (Windows and
> > RHEL), so even if upstream Linux decide to not rely on IBRS,
> > users will probably want to expose IBRS to VMs as soon as KVM
> > becomes able to do that.
> 
> I didn't really consider that angle, but I think anyone supporting such
> guests will tend to be relying on their host distros for the fixes, and
> distros will want their own guest types covered as well (looks like RHEL
> already has its bases covered in this regard, maybe Hyper-V too WRT to
> Windows guests..)

Well, who exactly is the audience for -stable?  Doesn't it
include people who run (or let their users run) Windows or RHEL
guests?


> 
> > 
> > BUT:
> > 
> > > 
> > > But that's still in RFC and Linus seems to have reservations with the
> > > current code. Since coordinating these all this to users/downstreams is
> > > somewhat of a mess I was thinking we should accompany the 2.11.1 release
> > > with a blog post on the various options/backports/microcode needed 
> > > throughout
> > > the stack to enable the fixes, but until there's a stable patchset on
> > > the linux side I'm not sure there's much worth in putting out the 2.11.1
> > > release (if I'm missing something here please let me know).
> > 
> > I'm inclined to agree.  I merged the -IBRS CPU models expecting
> > that the fixes would be included quickly in upstream Linux too,
> > but it was not the case.
> > 
> > To be honest, I don't think adding new CPU models are the proper
> > solution for the problem.  They are just a quick solution that
> > doesn't require intrusive changes in the management stack.
> > 
> > Meltdown & Spectre made us painfully aware of limitations of
> > management stacks out there (esp. OpenStack): they normally don't
> > have an easy mechanism to enable CPU features that are not part
> > of an existing CPU model name.  A good 

Re: [Qemu-devel] [PATCH v5 2/3] xlnx-zynqmp-rtc: Add basic time support

[Alistair Francis]

On Thu, Jan 25, 2018 at 3:36 AM, Peter Maydell  wrote:
> On 23 January 2018 at 22:24, Alistair Francis
>  wrote:
>> Allow the guest to determine the time set from the QEMU command line.
>>
>> This includes adding a trace event to debug the new time.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>>  static const VMStateDescription vmstate_rtc = {
>>  .name = TYPE_XLNX_ZYNQMP_RTC,
>>  .version_id = 1,
>>  .minimum_version_id = 1,
>> +.post_load = rtc_post_load,
>>  .fields = (VMStateField[]) {
>>  VMSTATE_UINT32_ARRAY(regs, XlnxZynqMPRTC, XLNX_ZYNQMP_RTC_R_MAX),
>> +VMSTATE_INT32(current_tm.tm_sec, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_min, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_hour, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_wday, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_mday, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_mon, XlnxZynqMPRTC),
>> +VMSTATE_INT32(current_tm.tm_year, XlnxZynqMPRTC),
>
> I'm still not sure about having the current_tm struct fields
> here rather than whatever the hardware's natural representation
> of the current time is. Can you explain why you think this
> is the best approach?

This means that the only thing we have to track is the time that the
user set, either through the QEMU command line arguments as an
override or the original starting time. Then from there we can always
calculate the correct offset based on our current time.

I don't see a nicer way, otherwise we need to recalculate the natural
representation before and after migration using something more
complex. This way it's always the same logic, we just run it at init
and after migration.

Alistair

>
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH v1 6/6] vhost-user: add VFIO based accelerators support

[Michael S. Tsirkin]

On Thu, Jan 25, 2018 at 12:03:28PM +0800, Tiwei Bie wrote:
> This patch does some small extensions to vhost-user protocol to
> support VFIO based accelerators, and makes it possible to get the
> similar performance of VFIO based PCI passthru while keeping the
> virtio device emulation in QEMU.
> 
> Any virtio ring compatible devices potentially can be used as the
> vhost data path accelerators. We can setup the accelerator based
> on the informations (e.g. memory table, features, ring info, etc)
> available on the vhost backend. And accelerator will be able to use
> the virtio ring provided by the virtio driver in the VM directly.
> So the virtio driver in the VM can exchange e.g. network packets
> with the accelerator directly via the virtio ring.
> 
> But for vhost-user, the critical issue in this case is that the
> data path performance is relatively low and some host threads are
> needed for the data path, because some necessary mechanisms are
> missing to support:
> 
> 1) guest driver notifies the device directly;
> 2) device interrupts the guest directly;
> 
> So this patch does some small extensions to vhost-user protocol
> to make both of them possible. It leverages the same mechanisms
> as the VFIO based PCI passthru.
> 
> A new protocol feature bit is added to negotiate the accelerator
> feature support. Two new slave message types are added to control
> the notify region and queue interrupt passthru for each queue.
> >From the view of vhost-user protocol design, it's very flexible.
> The passthru can be enabled/disabled for each queue individually,
> and it's possible to accelerate each queue by different devices.
> 
> The key difference with PCI passthru is that, in this case only
> the data path of the device (e.g. DMA ring, notify region and
> queue interrupt) is pass-throughed to the VM, the device control
> path (e.g. PCI configuration space and MMIO regions) is still
> defined and emulated by QEMU.
> 
> The benefits of keeping virtio device emulation in QEMU compared
> with virtio device PCI passthru include (but not limit to):
> 
> - consistent device interface for guest OS in the VM;
> - max flexibility on the hardware (i.e. the accelerators) design;
> - leveraging the existing virtio live-migration framework;
> 
> The virtual IOMMU isn't supported by the accelerators for now.
> Because vhost-user currently lacks of an efficient way to share
> the IOMMU table in VM to vhost backend. That's why the software
> implementation of virtual IOMMU support in vhost-user backend
> can't support dynamic mapping well.

What exactly is meant by that? vIOMMU seems to work for people,
it's not that fast if you change mappings all the time,
but e.g. dpdk within guest doesn't.

> Once this problem is solved
> in vhost-user, virtual IOMMU can be supported by accelerators
> too, and the IOMMU feature bit checking in this patch can be
> removed.

Given it works with software backends right now, I suspect
this will be up to you guys to address.

> Signed-off-by: Tiwei Bie 
> ---
>  docs/interop/vhost-user.txt|  57 
>  hw/virtio/vhost-user.c | 201 
> +
>  include/hw/virtio/vhost-user.h |  17 
>  3 files changed, 275 insertions(+)
> 
> diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> index 954771d0d8..15e917019a 100644
> --- a/docs/interop/vhost-user.txt
> +++ b/docs/interop/vhost-user.txt
> @@ -116,6 +116,15 @@ Depending on the request type, payload can be:
>  - 3: IOTLB invalidate
>  - 4: IOTLB access fail
>  
> + * Vring area description
> +   ---
> +   | u64 | size | offset |
> +   ---
> +
> +   u64: a 64-bit unsigned integer
> +   Size: a 64-bit size
> +   Offset: a 64-bit offset
> +
>  In QEMU the vhost-user message is implemented with the following struct:
>  
>  typedef struct VhostUserMsg {
> @@ -129,6 +138,7 @@ typedef struct VhostUserMsg {
>  VhostUserMemory memory;
>  VhostUserLog log;
>  struct vhost_iotlb_msg iotlb;
> +VhostUserVringArea area;
>  };
>  } QEMU_PACKED VhostUserMsg;
>  
> @@ -317,6 +327,17 @@ The fd is provided via VHOST_USER_SET_SLAVE_REQ_FD 
> ancillary data.
>  A slave may then send VHOST_USER_SLAVE_* messages to the master
>  using this fd communication channel.
>  
> +VFIO based accelerators
> +---
> +
> +The VFIO based accelerators feature is a protocol extension. It is supported
> +when the protocol feature VHOST_USER_PROTOCOL_F_VFIO (bit 7) is set.
> +
> +The vhost-user backend will set the accelerator context via slave channel,
> +and QEMU just needs to handle those messages passively. The accelerator
> +context will be set for each queue independently. So the page-per-vq property
> +should also be enabled.
> +
>  Protocol features
>  -
>  
> @@ -327,6 +348,7 @@ Protocol features
>  #define VHOST_USER_PROTOCOL_F_MTU4
>  #define 

Re: [Qemu-devel] [PULL 0/8] x86 queue, 2018-01-17

[Michael Roth]

Quoting Eduardo Habkost (2018-01-23 13:31:18)
> On Tue, Jan 23, 2018 at 12:15:27PM -0600, Michael Roth wrote:
> > Quoting Christian Borntraeger (2018-01-23 03:59:39)
> > > 
> > > 
> > > On 01/23/2018 09:40 AM, Christian Ehrhardt wrote:
> > > > On Thu, Jan 18, 2018 at 2:51 PM, Peter Maydell 
> > > >  wrote:
> > > >> On 18 January 2018 at 02:01, Eduardo Habkost  
> > > >> wrote:
> > > >>> The following changes since commit 
> > > >>> 8e5dc9ba49743b46d955ec7dacb04e42ae7ada7c:
> > > >>>
> > > >>>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20180116' 
> > > >>> into staging (2018-01-16 17:36:39 +)
> > > >>>
> > > >>> are available in the Git repository at:
> > > >>>
> > > >>>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
> > > >>>
> > > >>> for you to fetch changes up to 
> > > >>> 6cfbc54e8903a9bcc0346119949162d040c144c1:
> > > >>>
> > > >>>   i386: Add EPYC-IBPB CPU model (2018-01-17 23:54:39 -0200)
> > > >>>
> > > >>> 
> > > >>> x86 queue, 2018-01-17
> > > >>>
> > > >>> Highlight: new CPU models that expose CPU features that guests
> > > >>> can use to mitigate CVE-2017-5715 (Spectre variant #2).
> > > >>>
> > > >>
> > > >> Applied, thanks.
> > > >>
> > > >> -- PMM
> > > >>
> > > > 
> > > > Hi,
> > > > I was kind of clinging to [1] so far and had the expectation that all
> > > > those would be wrapped up in 2.11.1 once ready.
> > > > I see that the s390x changes are targeted to qemu-stable (well to
> > > > admit I suggested so referring the article above).
> > > > So I'd expected to see this series to show up on qemu-stable as well
> > > > but haven't seen it so far.
> > > > 
> > > > Therefore I wanted to ask if there was a change of plans in that
> > > > regard or if it needs just a few days more to see (part of) this
> > > > series on qemu-stable and on its way into 2.11.1?
> > > > 
> > > > [1]: https://www.qemu.org/2018/01/04/spectre/
> > > 
> > > Adding Michael,
> > > 
> > > Yes, I think it makes sense to have the guest enablement for the spectre 
> > > mitigations available in 2.11.1 for all architectures that provide it. 
> > > (this queue for x86, Connies pending S390 patches, whatever Power
> > > and arm will do).
> > 
> > That's my plan as well, but IIUC the QEMU side of these patches rely on
> > a KVM flag that in turn relies on this series:
> > 
> >   https://lkml.org/lkml/2018/1/20/158
> 
> Actually it depends on:
> https://lkml.org/lkml/2018/1/9/329
> ([PATCH v2 0/8] KVM: x86: expose CVE-2017-5715 ("Spectre variant 2") 
> mitigations to guest)
> 
> The ability to expose IBRS to guests doesn't seem to depend on
> the host kernel using IBRS to protect itself.  But I guess it
> will be easier to merge that code after Linux developers decide
> what they'll do.  Paolo, what's your take on this?
> 
> Note that there are released OSes that use IBRS (Windows and
> RHEL), so even if upstream Linux decide to not rely on IBRS,
> users will probably want to expose IBRS to VMs as soon as KVM
> becomes able to do that.

I didn't really consider that angle, but I think anyone supporting such
guests will tend to be relying on their host distros for the fixes, and
distros will want their own guest types covered as well (looks like RHEL
already has its bases covered in this regard, maybe Hyper-V too WRT to
Windows guests..)

> 
> BUT:
> 
> > 
> > But that's still in RFC and Linus seems to have reservations with the
> > current code. Since coordinating these all this to users/downstreams is
> > somewhat of a mess I was thinking we should accompany the 2.11.1 release
> > with a blog post on the various options/backports/microcode needed 
> > throughout
> > the stack to enable the fixes, but until there's a stable patchset on
> > the linux side I'm not sure there's much worth in putting out the 2.11.1
> > release (if I'm missing something here please let me know).
> 
> I'm inclined to agree.  I merged the -IBRS CPU models expecting
> that the fixes would be included quickly in upstream Linux too,
> but it was not the case.
> 
> To be honest, I don't think adding new CPU models are the proper
> solution for the problem.  They are just a quick solution that
> doesn't require intrusive changes in the management stack.
> 
> Meltdown & Spectre made us painfully aware of limitations of
> management stacks out there (esp. OpenStack): they normally don't
> have an easy mechanism to enable CPU features that are not part
> of an existing CPU model name.  A good management stack would be
> able to use, e.g., "-cpu Westmere,+spec-ctrl" instead of
> "Westmere-IBRS" if it knows all the hosts on a given
> cluster/migration-set/whatever-it-is-called support the feature.
> The same applies to other flags like ibpb and pcid.
> 
> There's work being done on OpenStack to fix this,
> e.g.: https://review.openstack.org/#/c/534384/
> 
> 
> That said, we will probably want to include MSR code and 

Re: [Qemu-devel] [PATCH 0/3]

[Michael Roth]

Quoting Sameeh Jubran (2018-01-22 08:24:29)
> Ping.

I think I would still prefer the alternative series I sent. Your
approach may be more correct/elegant but the asynchronous event-handling
nature of it makes it inherently more different to debug than the
boring synchronous loop in my series. There's also more work needed to
get this in shape and I honestly don't think it's worth the extra effort
it will take.

But if you feel strongly enough about it I wouldn't be opposed to a hybrid
of the 2 approaches that basically boils down to the following:

1) Base your code on top of my full series here:

 https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg06157.html

2) Drop the udev side of your code and only implement the
   win32 side of your code.

3) Modify your handle_serial_device_events() logic to not actually
   manage closing/opening the Channel, but to simply set a global flag,
   e.g. ga_state->channel_path_available appropriately based on
   DBT_DEVICEARRIVAL/DBT_DEVICEREMOVECOMPLETE. And since it's a
   win32-only optimization make sure it's just set to true permanently
   for !win32.

   Then use that flag as an optimization to the retry loop
   in run_agent() that was introduced in patch 4 of my series:
   
   static int run_agent(GAState *s)
   {
   int ret = EXIT_SUCCESS;
   
   s->force_exit = false;
   
   do {
   ret = run_agent_once(s);
   if (s->config->retry_path && !s->force_exit) {
   g_warning("agent stopped unexpectedly, restarting...");
   sleep(QGA_RETRY_INTERVAL);
   }
   } while (s->config->retry_path && !s->force_exit);
   
   return ret;
   }
   
   by having your code changes introduce something like this:

   static int run_agent(GAState *s)
   {
   int ret = EXIT_SUCCESS;
   
   s->force_exit = false;
   
   do {
   ret = run_agent_once(s);
   if (s->config->retry_path && !s->force_exit) {
   g_warning("agent stopped unexpectedly, restarting...");
   while (!ga_state->channel_path_available) {
 g_warning("waiting for channel path...");
 sleep(QGA_RETRY_INTERVAL);
   }
   }
   } while (s->config->retry_path && !s->force_exit);
   
   return ret;
   }

   It's still a loop but at least it's not trial-and-error based. If
   you want to get fancy with it though you can use something based
   around WaitForSingleObject or SetEvent to avoid gratuitous looping.

I think that would be much easier to make sense of, and it also lets us
handle this for POSIX without necessarily commiting to udev event loops
(though it also leaves that option open if we really wanted to).

It should also allow you to drop all your changes to the Channel code
since it's based around the changes I made to have Channel
implementations exit cleanly if their underlying device dies.

> 
> On Fri, Oct 27, 2017 at 10:08 AM, Sameeh Jubran  wrote:
> 
> 
> 
> On Fri, Oct 27, 2017 at 2:51 AM, Michael Roth 
> wrote:
> 
> Quoting Sameeh Jubran (2017-08-13 10:58:46)
> > From: Sameeh Jubran 
> >
> > This series fixes qemu-ga's behaviour upon facing a missing serial/
> serial
> > driver by listening to the serial device's events.
> >
> > For more info on why this series is needed checkout the commit
> message
> > of the third patch and the following bugzilla: https://
> bugzilla.redhat.com/show_bug.cgi?id=990629.
> >
> > Sameeh Jubran (3):
> >   qga: Channel: Add functions for checking serial status
> >   qga: main: make qga config and socket activation global
> >   qga: Prevent qemu-ga exit if serial doesn't exist
> 
> Hi Sameeh,
> 
> The event handling stuff is spiffy and could be useful for other
> use-cases
> (e.g. cpu/mem hotplug events that can be consumed by management), but
> since
> the actual bug here is somewhat of an edge case (we *could* just tell
> people that installing the agent before virtio-serial drivers is a 
> bug,
> or that unplugging the agent's communication channel is a bad idea),
> I'm not too comfortable with adding this much complexity unless 
> there's
> a stronger argument for it.
> 
> I can relate to your concerns, it is somehow an edge case but I think that
> this
> is the elegant way to handle it instead of just polling forever. This 
> patch
> series
> is more related to Windows than Linux as this edge case is much more 
> common
> on Windows since when the virtio-serial driver is installed sometimes
> usually
> it requires a post-installation reboot and when the system is up, qemu-ga
> runs before
> the virtio-serial driver is fully configured and it fails to load and then
> 

Re: [Qemu-devel] [PATCH] AMD Processor Topology Information

[Babu Moger]

Hi Stanislav,
I am working on to support hyperthreading feature on kvm/qemu guests for
AMD EPYC family of processors. I saw your patch series
https://patchwork.ozlabs.org/patch/834022/.
I am planning to refresh these patches with few changes. Let me know
if it is fine with you.
Thanks
Babu

Re: [Qemu-devel] [PATCH V4 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

[Pavel Pisa]

Hello Paolo,

thanks for suggestions. I understand and fully agree with your
request to switch to QOM. I have succeed with that for CAN devices
some time ago. It worth to be done for the rest of the objects
but I fear that I do not find time to complete QOMification
in reasonable future. Contributions/suggestions from other
are welcomed. I can look for students for GSoC at our university
or under other funding.

On Thursday 25 of January 2018 14:58:41 Paolo Bonzini wrote:
> On 23/01/2018 22:42, Pavel Pisa wrote:
> > Do you think QOM based? I would like it to be implemented
> > that way but I need some assistance where to look how this
> > object kind should be implemented and from which base object
> > inherit from. But I prefer to left that for later work.
> >
> > I would definitely like to use some mechanism which allows
> > to get rid of externally visible pointer and need to assign
> > it in the stub. It has been my initial idea and your review
> > sumbled across this hack as well. But I need suggestion what
> > is the preferred way for QEMU.
>
> The best way would be a QOM object.  That is, you would do
>
>-object can-bus,id=canbus0
>-object can-host-socketcan,id=can0-host,canbus=canbus0,if=can0
>-device kvaser_pci,canbus=canbus0

I would prefer to allow CAN emulation to be used without
explicit can-bus object creation specified on the command line.
The bus object could be created when requested by
can-host-socketcan or device (kvaser_pci) automatically.

When multiple QOM object are put on the list then the list content
should be preserved over save+restore (mostly hypothetical question
for now). There should be probably used some other construct instead
of

  QTAILQ_HEAD(, CanBusClientState) clients;
  QTAILQ_ENTRY(CanBusState) next;

> In the current version, it's not clear to me:
>
> * what it means if multiple controllers have the same canbus

That is fully supported and sane configuration.
CAN is publis/subscribe network in principle
so sending message from one controller to another
one on the host side is intended and can be used
to test drivers even if host connection is
not available/supported on given OS/setup.
Interconnection of multiple controllers with
host CAN bus is functional as well.

> * what it means if multiple controllers with the same canbus have
> different host interfaces

It is legitimate but probably not much usesfull/intended setup.
It would result is bridging two host CAN busses
together. It would work because SocketCAN does not
deliver message back to the socket which has been used to send
it by default. Connecting twice to the same SocketCAN bus
would lead to infinite message loop.

Connection of given can bus to the host twice can be prevented
if host connection flag is included in CanBusState and if it is
already set then next host connection attempt would be reported
as error.

> Separating the QOM objects is a bit more work, but it makes the
> semantics clearer.  The classes would be:
>
> - can-bus and an abstract class can-host, which would inherit directly
> from TYPE_OBJECT and implement TYPE_USER_CREATABLE
>
> - can-host-socketcan, which would inherit from can-host (and take the
> TYPE_USER_CREATABLE implementation from there)
>
> while CanBusClientState and CanBusClientInfo need not be QOMified.

May it be, can-host-socketcan can be based directly on TYPE_OBJECT,
because only QEMU CAN bus specific part is CanBusClientState which
allows it to connect to the CAN bus same way as other CAN controllers
connect to the bus.

> can-host's class structure would define a function pointer corresponding
> to what you have now for the function pointer, more or less---except
> that allocation is handled by QOM and the method only has to do the
> connection.  You would have something like this:
>
> static void can_host_disconnect(CANHost *ch, Error **errp)
> {
> CANHostClass *chc = CAN_HOST_GET_CLASS(ch);
>
> chc->disconnect(ch);
> }
>
> static void can_host_connect(CANHost *ch, Error **errp)
> {
> CANHostClass *chc = CAN_HOST_GET_CLASS(ch);
> Error *local_err = NULL;
>
> chc->connect(ch, _err);
> if (local_err) {
> error_propagate(errp, local_err);
> return;
> }
>
> can_bus_insert_client(ch->bus, >bus_client, local_err);
> if (local_err) {
> can_host_disconnect(ch);
> error_propagate(errp, local_err);
> return;
> }
> }
>
> and TYPE_USER_CREATABLE's "complete" method would simply invoke
> can_host_connect.  For can-host-socketcan, chc->connect would be
> assigned something like this:
>
> static void can_host_socketcan_connect(CANHost *ch, Error **errp)
> {
> CANHostSocketCAN *chs = CAN_HOST_SOCKETCAN(ch);
>
> s = socket(PF_CAN, SOCK_RAW, CAN_RAW);
> if (s < 0) {
> error_setg_errno(errp, errno "CAN_RAW socket create failed");
> return;
> }
>
> addr.can_family = AF_CAN;
> memset(_name, 0, sizeof(ifr.ifr_name));
> strcpy(ifr.ifr_name, 

Re: [Qemu-devel] [PATCH v1] migration: change blocktime type to uint32_t

[Eric Blake]

On 01/25/2018 10:43 AM, Alexey Perevalov wrote:
> Initially int64_t was used, but on PowerPC architecture,
> clang doesn't have atomic_*_8 function, so it produces
> link time error.
> 
> QEMU is working with time as with 64bit value, but by
> fact 32 bit is enough with CLOCK_REALTIME. In this case
> blocktime will keep only 1200 hours time interval.
> 
> Signed-off-by: Alexey Perevalov 
> ---

> +++ b/qapi/migration.json
> @@ -175,8 +175,8 @@
> '*setup-time': 'int',
> '*cpu-throttle-percentage': 'int',
> '*error-desc': 'str',
> -   '*postcopy-blocktime' : 'int64',
> -   '*postcopy-vcpu-blocktime': ['int64']} }
> +   '*postcopy-blocktime' : 'uint32',
> +   '*postcopy-vcpu-blocktime': ['uint32']} }

Questionable to change types if this had been released already - but
these fields are marked 'since 2.12' so you can change them at will up
until the release.

Acked-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 0/5] coroutine-lock: polymorphic CoQueue

[Eric Blake]

On 01/25/2018 11:59 AM, Paolo Bonzini wrote:
> There are cases in which a queued coroutine must be restarted from
> non-coroutine context (with qemu_co_enter_next).  In this cases,
> qemu_co_enter_next also needs to be thread-safe, but it cannot use a
> CoMutex and so cannot qemu_co_queue_wait.  This happens in curl (which
> right now is rolling its own list of Coroutines) and will happen in
> Fam's NVMe driver as well.
> 
> This series extracts the idea of a polymorphic lockable object
> from my "scoped lock guard" proposal, and applies it to CoQueue.
> The implementation of QemuLockable is similar to C11 _Generic, but
> redone using the preprocessor and GCC builtins for compatibility.
> 
> In general, while a bit on the esoteric side, the functionality used
> to emulate _Generic is fairly old in GCC, and the builtins are already
> used by include/qemu/atomic.h; the series was tested with Fedora 27 (boot
> Damn Small Linux via http) and CentOS 6 (compiled only).
> 
> Paolo
> 
> v1->v2: fix typos and copyright year
> 
> v2->v3: add tests, fix brown paper bag bug, avoid -Waddress errors

I spotted a few typos, but did not rigorously test it enough to leave
R-b.  At any rate, writing polymorphic code in C is an interesting
exercise, so it was fun learning from this thread.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/5] coroutine-lock: make qemu_co_enter_next thread-safe

[Eric Blake]

On 01/25/2018 11:59 AM, Paolo Bonzini wrote:
> qemu_co_queue_next does not need to release and re-acquire the mutex,
> because the queued coroutine does not run immediately.  However, this
> does not hold for qemu_co_enter_next.  Now that qemu_co_queue_wait
> can synchronize (via QemuLockable) with code that is not running in
> coroutine context, it's important that code using qemu_co_enter_next
> can easily use a standardized locking idiom.
> 
> First of all, qemu_co_enter_next must use aio_co_wake to restart the
> coroutine.  Second, the function gains a second argument, a QemuLockable*,
> and the comments of qemu_co_queue_next and qemu_co_queue_restart_all
> are adjusted to clarify the difference.
> 
> Signed-off-by: Paolo Bonzini 
> ---

>  /**
> - * Restarts all coroutines in the CoQueue and leaves the queue empty.
> + * Empties the CoQueue; all coroutines in it will run in FIFO orer as soon

s/orer/order/

> + * as the current one yields.
>   */
>  void coroutine_fn qemu_co_queue_restart_all(CoQueue *queue);


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/5] lockable: add QemuLockable

[Eric Blake]

On 01/25/2018 11:59 AM, Paolo Bonzini wrote:
> QemuLockable is a polymorphic lock type that takes an object and
> knows which function to use for locking and unlocking.  The
> implementation could use C11 _Generic, but since the support is
> not very widespread I am instead using __builtin_choose_expr and
> __builtin_types_compatible_p, which are already used by
> include/qemu/atomic.h.
> 
> QemuLockable can be used to implement lock guards, or to pass around
> a lock in such a way that a function can release it and re-acquire it.
> The next patch will do this for CoQueue.
> 
> Signed-off-by: Paolo Bonzini 
> ---

> +
> +static inline __attribute__((__always_inline__)) QemuLockable *
> +qemu_make_lockable(void *x, QemuLockable *lockable)
> +{
> +/* We cannot test this in a macro, otherwise we get * compiler

Spurious '*' ?

> + * warnings like "the address of 'm' will always evaluate as 'true'".
> + */
> +return x ? lockable : NULL;
> +}
> +

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/4] Updates based on feedback.

[Justin Terry (VM) via Qemu-devel]

Hey Stefan,

Your welcome! Excited to help.

I have only tried Ubuntu and Windows guests. Is there a set you would recommend 
to try out?

As for limitations, this set of patches allows for both bios and efi based 
boots (we have been using TianoCore). We will continue to submit patches around 
performance tuning on the platform but basic functionality is up and running in 
this set. The VGA interrupt path can be improved and we are looking at options 
here to make this a smoother experience. And as mentioned in the update we 
don't have CPUID support fully implemented yet for migration scenarios. Was 
there a specific set of things you were wondering that I could investigate or 
provide clarity on?

Thanks,
Justin

> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Thursday, January 25, 2018 3:02 AM
> To: Justin Terry (VM) 
> Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; r...@twiddle.net;
> ehabk...@redhat.com; crosthwaite.pe...@gmail.com
> Subject: Re: [Qemu-devel] [PATCH v2 0/4] Updates based on feedback.
> 
> On Mon, Jan 22, 2018 at 01:07:45PM -0800, Justin Terry (VM) via Qemu-devel
> wrote:
> > Updates based on review feedback.
> >
> > 1. Fixes style issues and properly ran the scripts/checkpatch pre 
> > submission.
> > 2. Added migration blockers for CPUID, dirty memory tracking, and
> XSAVE/XRSTOR.
> > 3. Fixed some bugs around register states when using bios vs efi.
> >
> > Justin Terry (VM) (4):
> >   Add the Windows Hypervisor Platform accelerator.
> >   Add the WHPX vcpu API
> >   Introduce the WHPX impl
> >   Add the WHPX acceleration enlightenments
> 
> This could be huge for QEMU on Windows users.  Thanks for doing this!
> 
> Which guest OSes have you tested?
> 
> What are the known limitations (after all, the code is quite small and maybe 
> not
> everything is implemented yet in this patch series)?
> 
> Stefan

Re: [Qemu-devel] [PATCH V1 1/1] tests: Add migration test for aarch64

[Dr. David Alan Gilbert]

* Wei Huang (w...@redhat.com) wrote:
> This patch adds the migration test support for aarch64. The test code,
> which implements the same functionality as x86, is compiled into a binary
> and booted as a kernel in qemu. Here are the design ideas:
> 
>  * We choose this -kernel design because aarch64 QEMU doesn't provide a
>built-in fw like x86 does. So instead of relying on a boot loader, we
>use -kernel approach for aarch64.
>  * The serial output is sent to PL011 directly.
>  * The physical memory base for mach-virt machine is 0x4000. We change
>the start_address and end_address for aarch64.
> 
> RFC->V1:
>  * aarch64 kernel blob is defined as an uint32_t array
>  * The test code is re-written to address a data caching issue under KVM.
>Tests passed under both x86 and aarch64.
>  * Re-use init_bootfile_x86() for both x86 and aarch64
>  * Other minor fixes
> 
> Note that the test code is as the following:
> 
> .section .text
> 
> .globl  start
> 
> start:
> /* disable MMU to use phys mem address */
> mrs x0, sctlr_el1
> bic x0, x0, #(1<<0)
> msr sctlr_el1, x0
> isb
> 
> /* output char 'A' to PL011 */
> mov w4, #65
> mov x5, #0x900
> strbw4, [x5]
> 
> /* w6 keeps a counter so we can limit the output speed */
> mov w6, #0
> 
> /* phys mem base addr = 0x4000 */
> mov x3, #(0x4000 + 100 *1024*1024) /* traverse 1M-100M */
> mov x2, #(0x4000 + 1 * 1024*1024)
> 
> /* clean up memory first */
> mov w1, #0  
> clean:
> strbw1, [x2]
> add x2, x2, #(4096)
> cmp x2, x3
> ble clean
> 
> /* main body */
> mainloop:
> mov x2, #(0x4000 + 1 * 1024*1024)
> 
> innerloop:
> /* clean cache because el2 might still cache guest data under KVM */
> dc  civac, x2

Can you explain a bit more about that please;  if it's guest
visible acorss migration, doesn't that suggest we need the cache clear
in KVM or QEMU?

Dave

> ldrbw1, [x2]
> add w1, w1, #1
> and w1, w1, #(0xff)
> strbw1, [x2]
> 
> add x2, x2, #(4096)
> cmp x2, x3
> blt innerloop
> 
> add w6, w6, #1
> and w6, w6, #(0xff)
> cmp w6, #0
> bne mainloop
> 
> /* output char 'B' to PL011 */
> mov w4, #66
> mov x5, #0x900
> strbw4, [x5]
> 
> bl  mainloop
> 
> The code is compiled with the following commands:
>  > gcc -c -o fill.o fill.s
>  > gcc -O2 -o fill.elf -Wl,-T,/tmp/flat.lds,--build-id=none,-Ttext=4008 \
>-nostdlib fill.o
>  > objcopy -O binary fill.elf fill.flat
>  > truncate -c -s 144 ./fill.flat
>  > xxd -g 4 -c 24 -e fill.flat | awk '{print "0x"$2 ", " "0x"$3 ", " "0x"C$4 
> ", " "0x"C$5 ", " "0x"$6 ", " "0x"C$7 "," }'
> 
> The linker file (borrowed from KVM unit test) is defined as:
> 
> SECTIONS
> {
> .text : { *(.init) *(.text) *(.text.*) }
> . = ALIGN(64K);
> etext = .;
> .data : {
> *(.data)
> }
> . = ALIGN(16);
> .rodata : { *(.rodata) }
> . = ALIGN(16);
> .bss : { *(.bss) }
> . = ALIGN(64K);
> edata = .;
> . += 64K;
> . = ALIGN(64K);
> /*
>  * stack depth is 16K for arm and PAGE_SIZE for arm64, see THREAD_SIZE
>  * sp must be 16 byte aligned for arm64, and 8 byte aligned for arm
>  * sp must always be strictly less than the true stacktop
>  */
> stackptr = . - 16;
> stacktop = .;
> }
> 
> ENTRY(start)
> 
> Signed-off-by: Wei Huang 
> ---
>  tests/Makefile.include |  1 +
>  tests/migration-test.c | 37 +++--
>  2 files changed, 32 insertions(+), 6 deletions(-)
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index b4bcc872f2..2a520e53ab 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -357,6 +357,7 @@ check-qtest-arm-y += tests/test-arm-mptimer$(EXESUF)
>  gcov-files-arm-y += hw/timer/arm_mptimer.c
>  
>  check-qtest-aarch64-y = tests/numa-test$(EXESUF)
> +check-qtest-aarch64-y += tests/migration-test$(EXESUF)
>  
>  check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
>  
> diff --git a/tests/migration-test.c b/tests/migration-test.c
> index be598d3257..3237fe93b2 100644
> --- a/tests/migration-test.c
> +++ b/tests/migration-test.c
> @@ -22,8 +22,8 @@
>  
>  #define MIN_NVRAM_SIZE 8192 /* from spapr_nvram.c */
>  
> -const unsigned start_address = 1024 * 1024;
> -const unsigned end_address = 100 * 1024 * 1024;
> +unsigned start_address = 1024 * 1024;
> +unsigned end_address = 100 * 1024 * 1024;
>  bool got_stop;
>  
>  #if defined(__linux__)
> @@ -79,7 +79,7 @@ static const char *tmpfs;
>  /* A simple PC boot sector that modifies memory (1-100MB) quickly
>   * 

Re: [Qemu-devel] [PATCH v1] migration: change blocktime type to uint32_t

[Dr. David Alan Gilbert]

* Alexey Perevalov (a.pereva...@samsung.com) wrote:
> Initially int64_t was used, but on PowerPC architecture,
> clang doesn't have atomic_*_8 function, so it produces
> link time error.
> 
> QEMU is working with time as with 64bit value, but by
> fact 32 bit is enough with CLOCK_REALTIME. In this case
> blocktime will keep only 1200 hours time interval.
> 
> Signed-off-by: Alexey Perevalov 
> ---
>  hmp.c|  4 ++--
>  migration/postcopy-ram.c | 47 ++-
>  migration/trace-events   |  4 ++--
>  qapi/migration.json  |  4 ++--
>  4 files changed, 36 insertions(+), 23 deletions(-)
> 
> diff --git a/hmp.c b/hmp.c
> index c6bab53..3c376b3 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -265,7 +265,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>  }
>  
>  if (info->has_postcopy_blocktime) {
> -monitor_printf(mon, "postcopy blocktime: %" PRId64 "\n",
> +monitor_printf(mon, "postcopy blocktime: %u\n",
> info->postcopy_blocktime);
>  }
>  
> @@ -273,7 +273,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>  Visitor *v;
>  char *str;
>  v = string_output_visitor_new(false, );
> -visit_type_int64List(v, NULL, >postcopy_vcpu_blocktime, NULL);
> +visit_type_uint32List(v, NULL, >postcopy_vcpu_blocktime, NULL);
>  visit_complete(v, );
>  monitor_printf(mon, "postcopy vcpu blocktime: %s\n", str);
>  g_free(str);
> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> index 7814da5..ce91de8 100644
> --- a/migration/postcopy-ram.c
> +++ b/migration/postcopy-ram.c
> @@ -63,14 +63,14 @@ struct PostcopyDiscardState {
>  
>  typedef struct PostcopyBlocktimeContext {
>  /* time when page fault initiated per vCPU */
> -int64_t *page_fault_vcpu_time;
> +uint32_t *page_fault_vcpu_time;
>  /* page address per vCPU */
>  uintptr_t *vcpu_addr;
> -int64_t total_blocktime;
> +uint32_t total_blocktime;
>  /* blocktime per vCPU */
> -int64_t *vcpu_blocktime;
> +uint32_t *vcpu_blocktime;
>  /* point in time when last page fault was initiated */
> -int64_t last_begin;
> +uint32_t last_begin;
>  /* number of vCPU are suspended */
>  int smp_cpus_down;
>  
> @@ -99,22 +99,22 @@ static void migration_exit_cb(Notifier *n, void *data)
>  static struct PostcopyBlocktimeContext *blocktime_context_new(void)
>  {
>  PostcopyBlocktimeContext *ctx = g_new0(PostcopyBlocktimeContext, 1);
> -ctx->page_fault_vcpu_time = g_new0(int64_t, smp_cpus);
> +ctx->page_fault_vcpu_time = g_new0(uint32_t, smp_cpus);
>  ctx->vcpu_addr = g_new0(uintptr_t, smp_cpus);
> -ctx->vcpu_blocktime = g_new0(int64_t, smp_cpus);
> +ctx->vcpu_blocktime = g_new0(uint32_t, smp_cpus);
>  
>  ctx->exit_notifier.notify = migration_exit_cb;
>  qemu_add_exit_notifier(>exit_notifier);
>  return ctx;
>  }
>  
> -static int64List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
> +static uint32List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
>  {
> -int64List *list = NULL, *entry = NULL;
> +uint32List *list = NULL, *entry = NULL;
>  int i;
>  
>  for (i = smp_cpus - 1; i >= 0; i--) {
> -entry = g_new0(int64List, 1);
> +entry = g_new0(uint32List, 1);
>  entry->value = ctx->vcpu_blocktime[i];
>  entry->next = list;
>  list = entry;
> @@ -145,7 +145,7 @@ void 
> fill_destination_postcopy_migration_info(MigrationInfo *info)
>  info->postcopy_vcpu_blocktime = get_vcpu_blocktime_list(bc);
>  }
>  
> -static uint64_t get_postcopy_total_blocktime(void)
> +static uint32_t get_postcopy_total_blocktime(void)
>  {
>  MigrationIncomingState *mis = migration_incoming_get_current();
>  PostcopyBlocktimeContext *bc = mis->blocktime_ctx;
> @@ -619,6 +619,16 @@ static int get_mem_fault_cpu_index(uint32_t pid)
>  return -1;
>  }
>  
> +static uint32_t get_least_significant_part(int64_t value)
> +{
> +unsigned char *t = (unsigned char *)
> +#if defined(HOST_WORDS_BIGENDIAN)
> +return t[4] << 24 | t[5] << 16 | t[6] << 8 | t[7] << 0;
> +#else
> +return t[0] << 0 | t[1] << 8 | t[2] << 16 | t[3] << 24;
> +#endif /* HOST_WORDS_BIGENDIAN */
> +}

This doesn't feel right.
Firstly, we're doing a check for the magic value of read_vcpu_time==0 in
mark_postcopy_blocktime_end - so we have to be careful not to hit it.
Just masking the bottom 32bits of time means we've got a (rare) chance
of hitting that; but we've got a much less rare change of hitting
the case where one of the measurements happens after the roll-over
of the bottom 32bits.
If you stored a time at the start of the postcopy and just
subtracted that from 'now' you're probably OK though.

Anding a 64bit value with 0x and casting is probably much
easier than shifting etc.

Dave


>  /*
>   * This function is being called 

Re: [Qemu-devel] [PATCH v2] sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr

[Eric Blake]

On 01/25/2018 11:14 AM, Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange" 
> 
> The inet_parse() function looks for 'ipv4' and 'ipv6' flags, but only
> treats them as bare bool flags. The normal QemuOpts parsing would allow
> on/off values to be set too.
> 
> This updates inet_parse() so that its handling of the 'ipv4' and 'ipv6'
> flags matches that done by QemuOpts.
> 
> This impacts the NBD block driver parsing the legacy filename syntax and
> the migration code parsing the socket scheme.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  util/qemu-sockets.c | 44 
>  1 file changed, 40 insertions(+), 4 deletions(-)
> 

> +if (len == 0 || (len == 3 && strncmp(optstr, "=on", len) == 0)) {

Good: no parens around 'len == 3'

> +*val = true;
> +} else if ((len == 4) && strncmp(optstr, "=off", len) == 0) {

Not so good: redundant parens around 'len == 4'

Bad: Inconsistency between the two forms.

With those made consistent, this matches the logic in the static
util/qemu-option.c:parse_option_bool(), so it makes sense.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2] docs: update information for TLS certificate management

[Eric Blake]

On 01/25/2018 11:09 AM, Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange" 
> 
> The current docs for TLS assume only VNC is using TLS. Some of the information
> is also outdated (ie lacking subject alt name info for certs). Rewrite it to
> more accurately reflect the current situation.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
> 
> Changed in v2:
> 
>  - Much content editting  / fixes (Eric)

Does it count if I find "editing" typos in the part that doesn't land in
git? :)

> +@subsection Configuring SASL mechanisms
> +
> +The following documentation assumes use of the Cyrus SASL implementation on a
> +Linux host, but the principals should apply to any other SASL implementation
> +or host. When SASL is enabled, the mechanism configuration will be loaded 
> from
> +system default SASL service config /etc/sasl2/qemu.conf. If running QEMU as 
> an
> +unprivileged user, an environment variable SASL_CONF_PATH can be used to make
> +behaviour suddenly changedit search alternate locations for the service 
> config.

s/suddenly changedit/change to/?  Not sure if that's what you meant
there, or if you omitted words in addition to the space

> +The saslpasswd2 program can be used to populate the passwd.db file with
> +accounts.
> +
> +Other SASL configurations will be left as an exercise for the reader. Note 
> that
> +all mechanisms except GSSAPI, should be combined with use of TLS to ensure a

either "mechanisms, except GSSAPI," or "mechanisms except GSSAPI" (using
just one comma is wrong; the choice between the other two forms depend
on whether you want a pause for emphasis)

> +
> +Almost all network services in QEMU have the ability to use TLS for
> +session data encryption, along with x509 certificates for simple
> +client authentication. What follows is a description of how to
> +generate certificates suitable for usage with QEMU, and applies to
> +the VNC server, character devices with the TCP backend, NBD server
> +and client, and migration sever and client.

s/sever/server/


> +@node tls_creds_setup
> +@subsection TLS x509 credential configuration
>  
> -@node vnc_setup_sasl
> +QEMU has a standard mechanism for loading x509 credentials that will be
> +used for network services and clients. It requires specifying the
> +@code{tls-creds-x509} class name to the @code{-object} command line

Note that qemu accepts both -object and --object,...

> +argument for the system emulators. This also works for the helper tools
> +like @code{qemu-nbd} and @code{qemu-img}, but is named @code{--object}.

...while you are correct that other tools do not accept -object.  I
argue, as one of our bite-sized tasks, that we should just use
@code{--object} everywhere and not bother documenting the single-dash
crutch that qemu has.

https://wiki.qemu.org/BiteSizedTasks#Consistent_option_usage_in_documentation

Getting closer, and when it comes to documentation, anything is better
than nothing, so I trust that you'll fix my comments and can add:
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [qemu-web PATCH] Link to git web view on contribute page

[Eric Blake]

I was looking for a web view of qemu.git for reference, but
my first try was at https://www.qemu.org/contribute/ which
mentions how to clone but with no link for browsing.  Meanwhile,
the download page pointed people to the list of all repos (and
even then, only after you switch to the Source code tab), rather
than the qemu.git repo.  Make the link easier to find.

Signed-off-by: Eric Blake 
---
 _download/source.html | 2 +-
 contribute.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/_download/source.html b/_download/source.html
index d64d7ba..33cba41 100644
--- a/_download/source.html
+++ b/_download/source.html
@@ -9,7 +9,7 @@
{% include releases.html %}

or stay on the bleeding edge with the
-  https://git.qemu.org/;>git repository!
+  https://git.qemu.org/?p=qemu.git;>git repository!

Build instructions

diff --git a/contribute.md b/contribute.md
index 88baee6..eb0f281 100644
--- a/contribute.md
+++ b/contribute.md
@@ -5,7 +5,7 @@ permalink: /contribute/

 * Report a bug: 
[https://bugs.launchpad.net/qemu/](https://bugs.launchpad.net/qemu/)[How to 
report a bug](report-a-bug/)

-* Clone the git repository: `git clone git://git.qemu.org/qemu.git`
+* Clone ([or browse](https://git.qemu.org/?p=qemu.git)) the git repository: 
`git clone git://git.qemu.org/qemu.git`

 * Join the mailing list: 
[qemu-devel@nongnu.org](https://lists.nongnu.org/mailman/listinfo/qemu-devel)[See
 the list of QEMU mailing lists](https://wiki.qemu.org/MailingLists)

-- 
2.14.3

Re: [Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

On 25 January 2018 at 13:43, Peter Maydell <peter.mayd...@linaro.org> wrote:
>
> Arm queue built up to a point where it seems worth sending:
> various bug fixes, plus RTH's refactoring in preparation for SVE.
>
> thanks
> -- PMM
>
>
> The following changes since commit 0f79bfe38a2cf0f43c7ea4959da7f8ebd7858f3d:
>
>   Merge remote-tracking branch 
> 'remotes/vivier2/tags/linux-user-for-2.12-pull-request' into staging 
> (2018-01-25 09:53:53 +)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20180125
>
> for you to fetch changes up to 24da047af0e99a83fcc0d50b86c0f2627f7418b3:
>
>   pl110: Implement vertical compare/next base interrupts (2018-01-25 11:45:30 
> +)
>
> 
> target-arm queue:
>  * target/arm: Fix address truncation in 64-bit pagetable walks
>  * i.MX: Fix FEC/ENET receive functions
>  * target/arm: preparatory refactoring for SVE emulation
>  * hw/intc/arm_gic: Prevent the GIC from signaling an IRQ when it's "active 
> and pending"
>  * hw/intc/arm_gic: Fix C_RPR value on idle priority
>  * hw/intc/arm_gic: Fix group priority computation for group 1 IRQs
>  * hw/intc/arm_gic: Fix the NS view of C_BPR when C_CTRL.CBPR is 1
>  * hw/arm/virt: Check that the CPU realize method succeeded
>  * sdhci: fix a NULL pointer dereference due to uninitialized AddressSpace 
> object
>  * xilinx_spips: Correct usage of an uninitialized local variable
>  * pl110: Implement vertical compare/next base interrupts
>

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 3/5] coroutine-lock: convert CoQueue to use QemuLockable

[Paolo Bonzini]

There are cases in which a queued coroutine must be restarted from
non-coroutine context (with qemu_co_enter_next).  In this cases,
qemu_co_enter_next also needs to be thread-safe, but it cannot use
a CoMutex and so cannot qemu_co_queue_wait.  Use QemuLockable so
that the CoQueue can interchangeably use CoMutex or QemuMutex.

Signed-off-by: Paolo Bonzini 
---
 include/qemu/coroutine.h   |  6 +-
 util/qemu-coroutine-lock.c | 12 +++-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index 8a5129741c..1e5f0957e6 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -183,7 +183,9 @@ void qemu_co_queue_init(CoQueue *queue);
  * caller of the coroutine.  The mutex is unlocked during the wait and
  * locked again afterwards.
  */
-void coroutine_fn qemu_co_queue_wait(CoQueue *queue, CoMutex *mutex);
+#define qemu_co_queue_wait(queue, lock) \
+qemu_co_queue_wait_impl(queue, QEMU_MAKE_LOCKABLE(lock))
+void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock);
 
 /**
  * Restarts the next coroutine in the CoQueue and removes it from the queue.
@@ -271,4 +273,6 @@ void coroutine_fn qemu_co_sleep_ns(QEMUClockType type, 
int64_t ns);
  */
 void coroutine_fn yield_until_fd_readable(int fd);
 
+#include "qemu/lockable.h"
+
 #endif /* QEMU_COROUTINE_H */
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index 846ff9167f..2a66fc1467 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -40,13 +40,13 @@ void qemu_co_queue_init(CoQueue *queue)
 QSIMPLEQ_INIT(>entries);
 }
 
-void coroutine_fn qemu_co_queue_wait(CoQueue *queue, CoMutex *mutex)
+void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock)
 {
 Coroutine *self = qemu_coroutine_self();
 QSIMPLEQ_INSERT_TAIL(>entries, self, co_queue_next);
 
-if (mutex) {
-qemu_co_mutex_unlock(mutex);
+if (lock) {
+qemu_lockable_unlock(lock);
 }
 
 /* There is no race condition here.  Other threads will call
@@ -60,9 +60,11 @@ void coroutine_fn qemu_co_queue_wait(CoQueue *queue, CoMutex 
*mutex)
 /* TODO: OSv implements wait morphing here, where the wakeup
  * primitive automatically places the woken coroutine on the
  * mutex's queue.  This avoids the thundering herd effect.
+ * This could be implemented for CoMutexes, but not really for
+ * other cases of QemuLockable.
  */
-if (mutex) {
-qemu_co_mutex_lock(mutex);
+if (lock) {
+qemu_lockable_lock(lock);
 }
 }
 
-- 
2.14.3

[Qemu-devel] [PATCH 4/5] coroutine-lock: make qemu_co_enter_next thread-safe

[Paolo Bonzini]

qemu_co_queue_next does not need to release and re-acquire the mutex,
because the queued coroutine does not run immediately.  However, this
does not hold for qemu_co_enter_next.  Now that qemu_co_queue_wait
can synchronize (via QemuLockable) with code that is not running in
coroutine context, it's important that code using qemu_co_enter_next
can easily use a standardized locking idiom.

First of all, qemu_co_enter_next must use aio_co_wake to restart the
coroutine.  Second, the function gains a second argument, a QemuLockable*,
and the comments of qemu_co_queue_next and qemu_co_queue_restart_all
are adjusted to clarify the difference.

Signed-off-by: Paolo Bonzini 
---
 fsdev/qemu-fsdev-throttle.c |  4 ++--
 include/qemu/coroutine.h| 15 ++-
 util/qemu-coroutine-lock.c  | 10 --
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/fsdev/qemu-fsdev-throttle.c b/fsdev/qemu-fsdev-throttle.c
index 49eebb5412..1dc07fbc12 100644
--- a/fsdev/qemu-fsdev-throttle.c
+++ b/fsdev/qemu-fsdev-throttle.c
@@ -20,13 +20,13 @@
 static void fsdev_throttle_read_timer_cb(void *opaque)
 {
 FsThrottle *fst = opaque;
-qemu_co_enter_next(>throttled_reqs[false]);
+qemu_co_enter_next(>throttled_reqs[false], NULL);
 }
 
 static void fsdev_throttle_write_timer_cb(void *opaque)
 {
 FsThrottle *fst = opaque;
-qemu_co_enter_next(>throttled_reqs[true]);
+qemu_co_enter_next(>throttled_reqs[true], NULL);
 }
 
 void fsdev_throttle_parse_opts(QemuOpts *opts, FsThrottle *fst, Error **errp)
diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index 1e5f0957e6..6fdbc837c0 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -188,21 +188,26 @@ void qemu_co_queue_init(CoQueue *queue);
 void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock);
 
 /**
- * Restarts the next coroutine in the CoQueue and removes it from the queue.
+ * Removes the next coroutine from the CoQueue; it will run as soon as the
+ * current one yields.
  *
- * Returns true if a coroutine was restarted, false if the queue is empty.
+ * Returns true if a coroutine was removed, false if the queue is empty.
  */
 bool coroutine_fn qemu_co_queue_next(CoQueue *queue);
 
 /**
- * Restarts all coroutines in the CoQueue and leaves the queue empty.
+ * Empties the CoQueue; all coroutines in it will run in FIFO orer as soon
+ * as the current one yields.
  */
 void coroutine_fn qemu_co_queue_restart_all(CoQueue *queue);
 
 /**
- * Enter the next coroutine in the queue
+ * Immediately enter the next coroutine in the queue.  Release the mutex
+ * while it runs.
  */
-bool qemu_co_enter_next(CoQueue *queue);
+#define qemu_co_enter_next(queue, lock) \
+qemu_co_enter_next_impl(queue, QEMU_MAKE_LOCKABLE(lock))
+bool qemu_co_enter_next_impl(CoQueue *queue, QemuLockable *lock);
 
 /**
  * Checks if the CoQueue is empty.
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index 2a66fc1467..78fb79acf8 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -132,7 +132,7 @@ void coroutine_fn qemu_co_queue_restart_all(CoQueue *queue)
 qemu_co_queue_do_restart(queue, false);
 }
 
-bool qemu_co_enter_next(CoQueue *queue)
+bool qemu_co_enter_next_impl(CoQueue *queue, QemuLockable *lock)
 {
 Coroutine *next;
 
@@ -142,7 +142,13 @@ bool qemu_co_enter_next(CoQueue *queue)
 }
 
 QSIMPLEQ_REMOVE_HEAD(>entries, co_queue_next);
-qemu_coroutine_enter(next);
+if (lock) {
+qemu_lockable_unlock(lock);
+}
+aio_co_wake(next);
+if (lock) {
+qemu_lockable_lock(lock);
+}
 return true;
 }
 
-- 
2.14.3

[Qemu-devel] [PATCH 5/5] curl: convert to CoQueue

[Paolo Bonzini]

Now that CoQueues can use a QemuMutex for thread-safety, there is no
need for curl to roll its own coroutine queue.  Coroutines can be
placed directly on the queue instead of using a list of CURLAIOCBs.

Signed-off-by: Paolo Bonzini 
---
 block/curl.c | 20 
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/block/curl.c b/block/curl.c
index 35cf417f59..cd578d3d14 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -101,8 +101,6 @@ typedef struct CURLAIOCB {
 
 size_t start;
 size_t end;
-
-QSIMPLEQ_ENTRY(CURLAIOCB) next;
 } CURLAIOCB;
 
 typedef struct CURLSocket {
@@ -138,7 +136,7 @@ typedef struct BDRVCURLState {
 bool accept_range;
 AioContext *aio_context;
 QemuMutex mutex;
-QSIMPLEQ_HEAD(, CURLAIOCB) free_state_waitq;
+CoQueue free_state_waitq;
 char *username;
 char *password;
 char *proxyusername;
@@ -538,7 +536,6 @@ static int curl_init_state(BDRVCURLState *s, CURLState 
*state)
 /* Called with s->mutex held.  */
 static void curl_clean_state(CURLState *s)
 {
-CURLAIOCB *next;
 int j;
 for (j = 0; j < CURL_NUM_ACB; j++) {
 assert(!s->acb[j]);
@@ -556,13 +553,7 @@ static void curl_clean_state(CURLState *s)
 
 s->in_use = 0;
 
-next = QSIMPLEQ_FIRST(>s->free_state_waitq);
-if (next) {
-QSIMPLEQ_REMOVE_HEAD(>s->free_state_waitq, next);
-qemu_mutex_unlock(>s->mutex);
-aio_co_wake(next->co);
-qemu_mutex_lock(>s->mutex);
-}
+qemu_co_enter_next(>s->free_state_waitq, >s->mutex);
 }
 
 static void curl_parse_filename(const char *filename, QDict *options,
@@ -784,7 +775,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, 
int flags,
 }
 
 DPRINTF("CURL: Opening %s\n", file);
-QSIMPLEQ_INIT(>free_state_waitq);
+qemu_co_queue_init(>free_state_waitq);
 s->aio_context = bdrv_get_aio_context(bs);
 s->url = g_strdup(file);
 qemu_mutex_lock(>mutex);
@@ -888,10 +879,7 @@ static void curl_setup_preadv(BlockDriverState *bs, 
CURLAIOCB *acb)
 if (state) {
 break;
 }
-QSIMPLEQ_INSERT_TAIL(>free_state_waitq, acb, next);
-qemu_mutex_unlock(>mutex);
-qemu_coroutine_yield();
-qemu_mutex_lock(>mutex);
+qemu_co_queue_wait(>free_state_waitq, >mutex);
 }
 
 if (curl_init_state(s, state) < 0) {
-- 
2.14.3

[Qemu-devel] [PATCH 2/5] lockable: add QemuLockable

[Paolo Bonzini]

QemuLockable is a polymorphic lock type that takes an object and
knows which function to use for locking and unlocking.  The
implementation could use C11 _Generic, but since the support is
not very widespread I am instead using __builtin_choose_expr and
__builtin_types_compatible_p, which are already used by
include/qemu/atomic.h.

QemuLockable can be used to implement lock guards, or to pass around
a lock in such a way that a function can release it and re-acquire it.
The next patch will do this for CoQueue.

Signed-off-by: Paolo Bonzini 
---
v2->v3: now it works :(  Also, QEMU_MAKE_LOCKABLE(NULL) returns NULL.
The argument of QEMU_MAKE_LOCKABLE is expected to be a constant,
so the test is optimized away.

 include/qemu/compiler.h  | 40 ++
 include/qemu/coroutine.h |  4 +--
 include/qemu/lockable.h  | 88 
 include/qemu/thread.h|  5 ++-
 include/qemu/typedefs.h  |  4 +++
 tests/test-coroutine.c   | 25 ++
 6 files changed, 161 insertions(+), 5 deletions(-)
 create mode 100644 include/qemu/lockable.h

diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index 340e5fdc09..5179bedb1e 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -111,4 +111,44 @@
 #define GCC_FMT_ATTR(n, m)
 #endif
 
+/* Implement C11 _Generic via GCC builtins.  Example:
+ *
+ *QEMU_GENERIC(x, (float, sinf), (long double, sinl), sin) (x)
+ *
+ * The first argument is the discriminator.  The last is the default value.
+ * The middle ones are tuples in "(type, expansion)" format.
+ */
+
+/* First, find out the number of generic cases.  */
+#define QEMU_GENERIC(x, ...) \
+QEMU_GENERIC_(typeof(x), __VA_ARGS__, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0)
+
+/* There will be extra arguments, but they are not used.  */
+#define QEMU_GENERIC_(x, a0, a1, a2, a3, a4, a5, a6, a7, a8, a9, count, ...) \
+QEMU_GENERIC##count(x, a0, a1, a2, a3, a4, a5, a6, a7, a8, a9)
+
+/* Two more helper macros, this time to extract items from a parenthesized
+ * list.
+ */
+#define QEMU_FIRST_(a, b) a
+#define QEMU_SECOND_(a, b) b
+
+/* ... and a final one for the common part of the "recursion".  */
+#define QEMU_GENERIC_IF(x, type_then, else_)   
\
+__builtin_choose_expr(__builtin_types_compatible_p(x,  
\
+   QEMU_FIRST_ type_then), 
\
+  QEMU_SECOND_ type_then, else_)
+
+/* CPP poor man's "recursion".  */
+#define QEMU_GENERIC1(x, a0, ...) (a0)
+#define QEMU_GENERIC2(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC1(x, 
__VA_ARGS__))
+#define QEMU_GENERIC3(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC2(x, 
__VA_ARGS__))
+#define QEMU_GENERIC4(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC3(x, 
__VA_ARGS__))
+#define QEMU_GENERIC5(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC4(x, 
__VA_ARGS__))
+#define QEMU_GENERIC6(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC5(x, 
__VA_ARGS__))
+#define QEMU_GENERIC7(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC6(x, 
__VA_ARGS__))
+#define QEMU_GENERIC8(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC7(x, 
__VA_ARGS__))
+#define QEMU_GENERIC9(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC8(x, 
__VA_ARGS__))
+#define QEMU_GENERIC10(x, a0, ...) QEMU_GENERIC_IF(x, a0, QEMU_GENERIC9(x, 
__VA_ARGS__))
+
 #endif /* COMPILER_H */
diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index ce2eb73670..8a5129741c 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -121,7 +121,7 @@ bool qemu_coroutine_entered(Coroutine *co);
  * Provides a mutex that can be used to synchronise coroutines
  */
 struct CoWaitRecord;
-typedef struct CoMutex {
+struct CoMutex {
 /* Count of pending lockers; 0 for a free mutex, 1 for an
  * uncontended mutex.
  */
@@ -142,7 +142,7 @@ typedef struct CoMutex {
 unsigned handoff, sequence;
 
 Coroutine *holder;
-} CoMutex;
+};
 
 /**
  * Initialises a CoMutex. This must be called before any other operation is 
used
diff --git a/include/qemu/lockable.h b/include/qemu/lockable.h
new file mode 100644
index 00..f527d0ddb2
--- /dev/null
+++ b/include/qemu/lockable.h
@@ -0,0 +1,88 @@
+/*
+ * Polymorphic locking functions (aka poor man templates)
+ *
+ * Copyright Red Hat, Inc. 2017
+ *
+ * Author: Paolo Bonzini 
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_LOCKABLE_H
+#define QEMU_LOCKABLE_H
+
+#include "qemu/coroutine.h"
+#include "qemu/thread.h"
+
+typedef void QemuLockUnlockFunc(void *);
+
+struct QemuLockable {
+void *object;
+QemuLockUnlockFunc *lock;
+QemuLockUnlockFunc *unlock;
+};
+
+/* This function gives link-time errors if an invalid, non-NULL
+ * pointer type is passed to 

[Qemu-devel] [PATCH v3 0/5] coroutine-lock: polymorphic CoQueue

[Paolo Bonzini]

There are cases in which a queued coroutine must be restarted from
non-coroutine context (with qemu_co_enter_next).  In this cases,
qemu_co_enter_next also needs to be thread-safe, but it cannot use a
CoMutex and so cannot qemu_co_queue_wait.  This happens in curl (which
right now is rolling its own list of Coroutines) and will happen in
Fam's NVMe driver as well.

This series extracts the idea of a polymorphic lockable object
from my "scoped lock guard" proposal, and applies it to CoQueue.
The implementation of QemuLockable is similar to C11 _Generic, but
redone using the preprocessor and GCC builtins for compatibility.

In general, while a bit on the esoteric side, the functionality used
to emulate _Generic is fairly old in GCC, and the builtins are already
used by include/qemu/atomic.h; the series was tested with Fedora 27 (boot
Damn Small Linux via http) and CentOS 6 (compiled only).

Paolo

v1->v2: fix typos and copyright year

v2->v3: add tests, fix brown paper bag bug, avoid -Waddress errors

Paolo Bonzini (5):
  test-coroutine: add simple CoMutex test
  lockable: add QemuLockable
  coroutine-lock: convert CoQueue to use QemuLockable
  coroutine-lock: make qemu_co_enter_next thread-safe
  curl: convert to CoQueue

 block/curl.c| 20 +++
 fsdev/qemu-fsdev-throttle.c |  4 +--
 include/qemu/compiler.h | 40 +
 include/qemu/coroutine.h| 25 -
 include/qemu/lockable.h | 88 +
 include/qemu/thread.h   |  5 ++-
 include/qemu/typedefs.h |  4 +++
 tests/test-coroutine.c  | 75 --
 util/qemu-coroutine-lock.c  | 22 
 9 files changed, 245 insertions(+), 38 deletions(-)
 create mode 100644 include/qemu/lockable.h

-- 
2.14.3

[Qemu-devel] [PATCH 1/5] test-coroutine: add simple CoMutex test

[Paolo Bonzini]

In preparation for adding a similar test using QemuLockable, add a very
simple testcase that has two interleaved calls to lock and unlock.

Signed-off-by: Paolo Bonzini 
---
 tests/test-coroutine.c | 50 --
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/tests/test-coroutine.c b/tests/test-coroutine.c
index 76c646107e..010cb95ad6 100644
--- a/tests/test-coroutine.c
+++ b/tests/test-coroutine.c
@@ -175,7 +175,7 @@ static void coroutine_fn c1_fn(void *opaque)
 qemu_coroutine_enter(c2);
 }
 
-static void test_co_queue(void)
+static void test_no_dangling_access(void)
 {
 Coroutine *c1;
 Coroutine *c2;
@@ -195,6 +195,51 @@ static void test_co_queue(void)
 *c1 = tmp;
 }
 
+static bool locked = false;
+static int done;
+
+static void coroutine_fn mutex_fn(void *opaque)
+{
+CoMutex *m = opaque;
+qemu_co_mutex_lock(m);
+assert(!locked);
+locked = true;
+qemu_coroutine_yield();
+locked = false;
+qemu_co_mutex_unlock(m);
+done++;
+}
+
+static void do_test_co_mutex(CoroutineEntry *entry, void *opaque)
+{
+Coroutine *c1 = qemu_coroutine_create(entry, opaque);
+Coroutine *c2 = qemu_coroutine_create(entry, opaque);
+
+done = 0;
+qemu_coroutine_enter(c1);
+g_assert(locked);
+qemu_coroutine_enter(c2);
+
+/* Unlock queues c2.  It is then started automatically when c1 yields or
+ * terminates.
+ */
+qemu_coroutine_enter(c1);
+g_assert_cmpint(done, ==, 1);
+g_assert(locked);
+
+qemu_coroutine_enter(c2);
+g_assert_cmpint(done, ==, 2);
+g_assert(!locked);
+}
+
+static void test_co_mutex(void)
+{
+CoMutex m;
+
+qemu_co_mutex_init();
+do_test_co_mutex(mutex_fn, );
+}
+
 /*
  * Check that creation, enter, and return work
  */
@@ -422,7 +467,7 @@ int main(int argc, char **argv)
  * crash, so skip it.
  */
 if (CONFIG_COROUTINE_POOL) {
-g_test_add_func("/basic/co_queue", test_co_queue);
+g_test_add_func("/basic/no-dangling-access", test_no_dangling_access);
 }
 
 g_test_add_func("/basic/lifecycle", test_lifecycle);
@@ -432,6 +477,7 @@ int main(int argc, char **argv)
 g_test_add_func("/basic/entered", test_entered);
 g_test_add_func("/basic/in_coroutine", test_in_coroutine);
 g_test_add_func("/basic/order", test_order);
+g_test_add_func("/locking/co-mutex", test_co_mutex);
 if (g_test_perf()) {
 g_test_add_func("/perf/lifecycle", perf_lifecycle);
 g_test_add_func("/perf/nesting", perf_nesting);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1] migration: change blocktime type to uint32_t

[Philippe Mathieu-Daudé]

Hi Alexey,

On Thu, Jan 25, 2018 at 1:43 PM, Alexey Perevalov
 wrote:
> Initially int64_t was used, but on PowerPC architecture,
> clang doesn't have atomic_*_8 function, so it produces
> link time error.
>
> QEMU is working with time as with 64bit value, but by
> fact 32 bit is enough with CLOCK_REALTIME. In this case
> blocktime will keep only 1200 hours time interval.
>
> Signed-off-by: Alexey Perevalov 
> ---
>  hmp.c|  4 ++--
>  migration/postcopy-ram.c | 47 ++-
>  migration/trace-events   |  4 ++--
>  qapi/migration.json  |  4 ++--
>  4 files changed, 36 insertions(+), 23 deletions(-)
>
> diff --git a/hmp.c b/hmp.c
> index c6bab53..3c376b3 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -265,7 +265,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>  }
>
>  if (info->has_postcopy_blocktime) {
> -monitor_printf(mon, "postcopy blocktime: %" PRId64 "\n",
> +monitor_printf(mon, "postcopy blocktime: %u\n",
> info->postcopy_blocktime);
>  }
>
> @@ -273,7 +273,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>  Visitor *v;
>  char *str;
>  v = string_output_visitor_new(false, );
> -visit_type_int64List(v, NULL, >postcopy_vcpu_blocktime, NULL);
> +visit_type_uint32List(v, NULL, >postcopy_vcpu_blocktime, NULL);
>  visit_complete(v, );
>  monitor_printf(mon, "postcopy vcpu blocktime: %s\n", str);
>  g_free(str);
> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> index 7814da5..ce91de8 100644
> --- a/migration/postcopy-ram.c
> +++ b/migration/postcopy-ram.c
> @@ -63,14 +63,14 @@ struct PostcopyDiscardState {
>
>  typedef struct PostcopyBlocktimeContext {
>  /* time when page fault initiated per vCPU */
> -int64_t *page_fault_vcpu_time;
> +uint32_t *page_fault_vcpu_time;
>  /* page address per vCPU */
>  uintptr_t *vcpu_addr;
> -int64_t total_blocktime;
> +uint32_t total_blocktime;
>  /* blocktime per vCPU */
> -int64_t *vcpu_blocktime;
> +uint32_t *vcpu_blocktime;
>  /* point in time when last page fault was initiated */
> -int64_t last_begin;
> +uint32_t last_begin;
>  /* number of vCPU are suspended */
>  int smp_cpus_down;
>
> @@ -99,22 +99,22 @@ static void migration_exit_cb(Notifier *n, void *data)
>  static struct PostcopyBlocktimeContext *blocktime_context_new(void)
>  {
>  PostcopyBlocktimeContext *ctx = g_new0(PostcopyBlocktimeContext, 1);
> -ctx->page_fault_vcpu_time = g_new0(int64_t, smp_cpus);
> +ctx->page_fault_vcpu_time = g_new0(uint32_t, smp_cpus);
>  ctx->vcpu_addr = g_new0(uintptr_t, smp_cpus);
> -ctx->vcpu_blocktime = g_new0(int64_t, smp_cpus);
> +ctx->vcpu_blocktime = g_new0(uint32_t, smp_cpus);
>
>  ctx->exit_notifier.notify = migration_exit_cb;
>  qemu_add_exit_notifier(>exit_notifier);
>  return ctx;
>  }
>
> -static int64List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
> +static uint32List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
>  {
> -int64List *list = NULL, *entry = NULL;
> +uint32List *list = NULL, *entry = NULL;
>  int i;
>
>  for (i = smp_cpus - 1; i >= 0; i--) {
> -entry = g_new0(int64List, 1);
> +entry = g_new0(uint32List, 1);
>  entry->value = ctx->vcpu_blocktime[i];
>  entry->next = list;
>  list = entry;
> @@ -145,7 +145,7 @@ void 
> fill_destination_postcopy_migration_info(MigrationInfo *info)
>  info->postcopy_vcpu_blocktime = get_vcpu_blocktime_list(bc);
>  }
>
> -static uint64_t get_postcopy_total_blocktime(void)
> +static uint32_t get_postcopy_total_blocktime(void)
>  {
>  MigrationIncomingState *mis = migration_incoming_get_current();
>  PostcopyBlocktimeContext *bc = mis->blocktime_ctx;
> @@ -619,6 +619,16 @@ static int get_mem_fault_cpu_index(uint32_t pid)
>  return -1;
>  }
>
> +static uint32_t get_least_significant_part(int64_t value)
> +{
> +unsigned char *t = (unsigned char *)
> +#if defined(HOST_WORDS_BIGENDIAN)
> +return t[4] << 24 | t[5] << 16 | t[6] << 8 | t[7] << 0;
> +#else
> +return t[0] << 0 | t[1] << 8 | t[2] << 16 | t[3] << 24;
> +#endif /* HOST_WORDS_BIGENDIAN */

Isn't it the same than:

 return ldq_he_p(); /* silently casted to uint32_t */

> +}
> +
>  /*
>   * This function is being called when pagefault occurs. It
>   * tracks down vCPU blocking time.
> @@ -634,6 +644,7 @@ static void mark_postcopy_blocktime_begin(uintptr_t addr, 
> uint32_t ptid,
>  MigrationIncomingState *mis = migration_incoming_get_current();
>  PostcopyBlocktimeContext *dc = mis->blocktime_ctx;
>  int64_t now_ms;
> +uint32_t least_now;
>
>  if (!dc || ptid == 0) {
>  return;
> @@ -644,13 +655,14 @@ static void mark_postcopy_blocktime_begin(uintptr_t 
> addr, uint32_t ptid,
>

Re: [Qemu-devel] [PATCH v10.5 17/20] target/arm: Use vector infrastructure for aa64 multiplies

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 171 
> -
>  1 file changed, 138 insertions(+), 33 deletions(-)
>

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v10.5 00/20] tcg: generic vector operations

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Richard Henderson (21):
>   tcg: Allow multiple word entries into the constant pool
>   tcg: Add types and basic operations for host vectors
>   tcg: Standardize integral arguments to expanders
>   tcg: Add generic vector expanders
>   tcg: Loosen vec_gen_op* typecheck rules
>   tcg: Add generic vector ops for constant shifts
>   tcg: Add generic vector ops for comparisons
>   tcg: Add generic vector ops for multiplication
>   tcg: Add generic helpers for saturating arithmetic
>   tcg: Add generic vector helpers with a scalar operand
>   tcg/optimize: Handle vector opcodes during optimize
>   target/arm: Align vector registers
>   target/arm: Use vector infrastructure for aa64 add/sub/logic
>   target/arm: Use vector infrastructure for aa64 mov/not/neg
>   target/arm: Use vector infrastructure for aa64 dup/movi
>   target/arm: Use vector infrastructure for aa64 constant shifts
>   target/arm: Use vector infrastructure for aa64 compares
>   target/arm: Use vector infrastructure for aa64 multiplies
>   target/arm: Use vector infrastructure for aa64 orr/bic immediate
>   tcg/i386: Add vector operations
>   tcg/aarch64: Add vector operations

I've reviewed the arm frontend patches, at least. The tcg backend
stuff is a combination of huge patches and not an area of the
code I'm familiar with, so I've left those in the hope that
somebody else will look at them...

thanks
-- PMM

[Qemu-devel] [PATCH v3 1/3] hw/usb/ccid: Make ccid_card_init() take an error parameter

[Philippe Mathieu-Daudé]

From: Mao Zhongyi 

Replace init() of CCIDCardClass with realize, then convert
ccid_card_init(), ccid_card_initfn() and it's callbacks to
take an Error** in ordor to report the error more clearly.

Signed-off-by: Mao Zhongyi 
Signed-off-by: Cao jin 
[PMD: fixed s->card assignation in ccid_card_realize()]
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/usb/ccid.h |  2 +-
 hw/usb/ccid-card-emulated.c   | 44 +--
 hw/usb/ccid-card-passthru.c   | 12 ++--
 hw/usb/dev-smartcard-reader.c | 37 
 4 files changed, 50 insertions(+), 45 deletions(-)

diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
index 1f070116d6..6c6c10188d 100644
--- a/hw/usb/ccid.h
+++ b/hw/usb/ccid.h
@@ -34,7 +34,7 @@ typedef struct CCIDCardClass {
 const uint8_t *apdu,
 uint32_t len);
 void (*exitfn)(CCIDCardState *card);
-int (*initfn)(CCIDCardState *card);
+void (*realize)(CCIDCardState *card, Error **errp);
 } CCIDCardClass;
 
 /*
diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index e646eb243b..daefd9f8f4 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -35,6 +35,7 @@
 #include "qemu/thread.h"
 #include "qemu/main-loop.h"
 #include "ccid.h"
+#include "qapi/error.h"
 
 #define DPRINTF(card, lvl, fmt, ...) \
 do {\
@@ -401,10 +402,10 @@ static void card_event_handler(EventNotifier *notifier)
 qemu_mutex_unlock(>event_list_mutex);
 }
 
-static int init_event_notifier(EmulatedState *card)
+static int init_event_notifier(EmulatedState *card, Error **errp)
 {
 if (event_notifier_init(>notifier, false) < 0) {
-DPRINTF(card, 2, "event notifier creation failed\n");
+error_setg(errp, "ccid-card-emul: event notifier creation failed");
 return -1;
 }
 event_notifier_set_handler(>notifier, card_event_handler);
@@ -480,7 +481,7 @@ static uint32_t parse_enumeration(char *str,
 return ret;
 }
 
-static int emulated_initfn(CCIDCardState *base)
+static void emulated_realize(CCIDCardState *base, Error **errp)
 {
 EmulatedState *card = EMULATED_CCID_CARD(base);
 VCardEmulError ret;
@@ -494,8 +495,8 @@ static int emulated_initfn(CCIDCardState *base)
 qemu_cond_init(>handle_apdu_cond);
 card->reader = NULL;
 card->quit_apdu_thread = 0;
-if (init_event_notifier(card) < 0) {
-return -1;
+if (init_event_notifier(card, errp) < 0) {
+return;
 }
 
 card->backend = 0;
@@ -505,11 +506,11 @@ static int emulated_initfn(CCIDCardState *base)
 }
 
 if (card->backend == 0) {
-printf("backend must be one of:\n");
+error_setg(errp, "backend must be one of:");
 for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
-printf("%s\n", ptable->name);
+error_append_hint(errp, "%s\n", ptable->name);
 }
-return -1;
+return;
 }
 
 /* TODO: a passthru backened that works on local machine. third card 
type?*/
@@ -517,34 +518,33 @@ static int emulated_initfn(CCIDCardState *base)
 if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != NULL) 
{
 ret = emulated_initialize_vcard_from_certificates(card);
 } else {
-printf("%s: you must provide all three certs for"
-   " certificates backend\n", TYPE_EMULATED_CCID);
-return -1;
+error_setg(errp, "%s: you must provide all three certs for"
+   " certificates backend", TYPE_EMULATED_CCID);
+return;
 }
 } else {
 if (card->backend != BACKEND_NSS_EMULATED) {
-printf("%s: bad backend specified. The options are:\n%s (default),"
-" %s.\n", TYPE_EMULATED_CCID, BACKEND_NSS_EMULATED_NAME,
-BACKEND_CERTIFICATES_NAME);
-return -1;
+error_setg(errp, "%s: bad backend specified. The options are:%s"
+   " (default), %s.", TYPE_EMULATED_CCID,
+   BACKEND_NSS_EMULATED_NAME, BACKEND_CERTIFICATES_NAME);
+return;
 }
 if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != NULL) 
{
-printf("%s: unexpected cert parameters to nss emulated backend\n",
-   TYPE_EMULATED_CCID);
-return -1;
+error_setg(errp, "%s: unexpected cert parameters to nss emulated "
+   "backend", TYPE_EMULATED_CCID);
+return;
 }
 /* default to mirroring the local hardware readers */
 ret = wrap_vcard_emul_init(NULL);
 }
 if (ret != VCARD_EMUL_OK) {
-printf("%s: failed to initialize vcard\n", TYPE_EMULATED_CCID);
-return -1;
+error_setg(errp, "%s: failed to initialize vcard", 

[Qemu-devel] [PATCH v3 2/3] usb-ccid: inline ccid_card_initfn() in ccid_card_realize()

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/usb/dev-smartcard-reader.c | 25 +++--
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index 0092493f4e..85f5f2247b 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -510,20 +510,6 @@ static void ccid_card_exitfn(CCIDCardState *card)
 
 }
 
-static void ccid_card_initfn(CCIDCardState *card, Error **errp)
-{
-CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
-Error *local_err = NULL;
-
-if (cc->realize) {
-cc->realize(card, _err);
-if (local_err != NULL) {
-error_propagate(errp, local_err);
-return;
-}
-}
-}
-
 static bool ccid_has_pending_answers(USBCCIDState *s)
 {
 return s->pending_answers_num > 0;
@@ -1302,6 +1288,7 @@ static int ccid_card_exit(DeviceState *qdev)
 static void ccid_card_realize(DeviceState *qdev, Error **errp)
 {
 CCIDCardState *card = CCID_CARD(qdev);
+CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
 USBDevice *dev = USB_DEVICE(qdev->parent_bus->parent);
 USBCCIDState *s = USB_CCID_DEV(dev);
 Error *local_err = NULL;
@@ -1315,10 +1302,12 @@ static void ccid_card_realize(DeviceState *qdev, Error 
**errp)
 error_setg(errp, "usb-ccid card already full, not adding");
 return;
 }
-ccid_card_initfn(card, _err);
-if (local_err != NULL) {
-error_propagate(errp, local_err);
-return;
+if (cc->realize) {
+cc->realize(card, _err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
 }
 s->card = card;
 }
-- 
2.15.1

Re: [Qemu-devel] [PATCH v10.5 18/20] target/arm: Use vector infrastructure for aa64 orr/bic immediate

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 38 +-
>  1 file changed, 17 insertions(+), 21 deletions(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH v2] sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr

[Daniel P . Berrangé]

From: "Daniel P. Berrange" 

The inet_parse() function looks for 'ipv4' and 'ipv6' flags, but only
treats them as bare bool flags. The normal QemuOpts parsing would allow
on/off values to be set too.

This updates inet_parse() so that its handling of the 'ipv4' and 'ipv6'
flags matches that done by QemuOpts.

This impacts the NBD block driver parsing the legacy filename syntax and
the migration code parsing the socket scheme.

Signed-off-by: Daniel P. Berrange 
---
 util/qemu-sockets.c | 44 
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index d6a1e1759e..300ebce795 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -554,6 +554,33 @@ err:
 }
 
 /* compatibility wrapper */
+static int inet_parse_flag(const char *flagname, const char *optstr, bool *val,
+   Error **errp)
+{
+char *end;
+size_t len;
+
+end = strstr(optstr, ",");
+if (end) {
+if (end[1] == ',') { /* Reject 'ipv6=on,,foo' */
+error_setg(errp, "error parsing '%s' flag '%s'", flagname, optstr);
+return -1;
+}
+len = end - optstr;
+} else {
+len = strlen(optstr);
+}
+if (len == 0 || (len == 3 && strncmp(optstr, "=on", len) == 0)) {
+*val = true;
+} else if ((len == 4) && strncmp(optstr, "=off", len) == 0) {
+*val = false;
+} else {
+error_setg(errp, "error parsing '%s' flag '%s'", flagname, optstr);
+return -1;
+}
+return 0;
+}
+
 int inet_parse(InetSocketAddress *addr, const char *str, Error **errp)
 {
 const char *optstr, *h;
@@ -561,6 +588,7 @@ int inet_parse(InetSocketAddress *addr, const char *str, 
Error **errp)
 char port[33];
 int to;
 int pos;
+char *begin;
 
 memset(addr, 0, sizeof(*addr));
 
@@ -602,11 +630,19 @@ int inet_parse(InetSocketAddress *addr, const char *str, 
Error **errp)
 addr->has_to = true;
 addr->to = to;
 }
-if (strstr(optstr, ",ipv4")) {
-addr->ipv4 = addr->has_ipv4 = true;
+begin = strstr(optstr, ",ipv4");
+if (begin) {
+if (inet_parse_flag("ipv4", begin + 5, >ipv4, errp) < 0) {
+return -1;
+}
+addr->has_ipv4 = true;
 }
-if (strstr(optstr, ",ipv6")) {
-addr->ipv6 = addr->has_ipv6 = true;
+begin = strstr(optstr, ",ipv6");
+if (begin) {
+if (inet_parse_flag("ipv6", begin + 5, >ipv6, errp) < 0) {
+return -1;
+}
+addr->has_ipv6 = true;
 }
 return 0;
 }
-- 
2.14.3

Re: [Qemu-devel] [PATCH v10.5 16/20] target/arm: Use vector infrastructure for aa64 compares

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 96 
> ++
>  1 file changed, 62 insertions(+), 34 deletions(-)


Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH v2] docs: update information for TLS certificate management

[Daniel P . Berrangé]

From: "Daniel P. Berrange" 

The current docs for TLS assume only VNC is using TLS. Some of the information
is also outdated (ie lacking subject alt name info for certs). Rewrite it to
more accurately reflect the current situation.

Signed-off-by: Daniel P. Berrange 
---

Changed in v2:

 - Much content editting  / fixes (Eric)

 qemu-doc.texi | 364 +++---
 1 file changed, 273 insertions(+), 91 deletions(-)

diff --git a/qemu-doc.texi b/qemu-doc.texi
index 3e9eb819a6..8ef7754f80 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -140,6 +140,7 @@ accelerator is required to use more than one host CPU for 
emulation.
 * direct_linux_boot::  Direct Linux Boot
 * pcsys_usb::  USB emulation
 * vnc_security::   VNC security
+* network_tls::TLS setup for network services
 * gdb_usage::  GDB usage
 * pcsys_os_specific::  Target OS specific information
 @end menu
@@ -1160,25 +1161,104 @@ with the aforementioned TLS + x509 options:
 qemu-system-i386 [...OPTIONS...] -vnc :1,tls,x509,sasl -monitor stdio
 @end example
 
+@node vnc_setup_sasl
+
+@subsection Configuring SASL mechanisms
+
+The following documentation assumes use of the Cyrus SASL implementation on a
+Linux host, but the principals should apply to any other SASL implementation
+or host. When SASL is enabled, the mechanism configuration will be loaded from
+system default SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
+unprivileged user, an environment variable SASL_CONF_PATH can be used to make
+behaviour suddenly changedit search alternate locations for the service config.
+
+If the TLS option is enabled for VNC, then it will provide session encryption,
+otherwise the SASL mechanism will have to provide encryption. In the latter
+case the list of possible plugins that can be used is drastically reduced. In
+fact only the GSSAPI SASL mechanism provides an acceptable level of security
+by modern standards. Previous versions of QEMU referred to the DIGEST-MD5
+mechanism, however, it has multiple serious flaws described in detail in
+RFC 6331 and thus should never be used any more. The SCRAM-SHA-1 mechanism
+provides a simple username/password auth facility similar to DIGEST-MD5, but
+does not support session encryption, so can only be used in combination with
+TLS.
+
+When not using TLS the recommended configuration is
+
+@example
+mech_list: gssapi
+keytab: /etc/qemu/krb5.tab
+@end example
+
+This says to use the 'GSSAPI' mechanism with the Kerberos v5 protocol, with
+the server principal stored in /etc/qemu/krb5.tab. For this to work the
+administrator of your KDC must generate a Kerberos principal for the server,
+with a name of 'qemu/somehost.example.com@@EXAMPLE.COM' replacing
+'somehost.example.com' with the fully qualified host name of the machine
+running QEMU, and 'EXAMPLE.COM' with the Kerberos Realm.
+
+When using TLS, if username+password authentication is desired, then a
+reasonable configuration is
+
+@example
+mech_list: scram-sha-1
+sasldb_path: /etc/qemu/passwd.db
+@end example
+
+The saslpasswd2 program can be used to populate the passwd.db file with
+accounts.
+
+Other SASL configurations will be left as an exercise for the reader. Note that
+all mechanisms except GSSAPI, should be combined with use of TLS to ensure a
+secure data channel.
 
-@node vnc_generate_cert
-@subsection Generating certificates for VNC
 
-The GNU TLS packages provides a command called @code{certtool} which can
-be used to generate certificates and keys in PEM format. At a minimum it
-is necessary to setup a certificate authority, and issue certificates to
-each server. If using certificates for authentication, then each client
-will also need to be issued a certificate. The recommendation is for the
-server to keep its certificates in either @code{/etc/pki/qemu} or for
-unprivileged users in @code{$HOME/.pki/qemu}.
+@node network_tls
+@section TLS setup for network services
+
+Almost all network services in QEMU have the ability to use TLS for
+session data encryption, along with x509 certificates for simple
+client authentication. What follows is a description of how to
+generate certificates suitable for usage with QEMU, and applies to
+the VNC server, character devices with the TCP backend, NBD server
+and client, and migration sever and client.
+
+At a high level, QEMU requires certificates and private keys to be
+provided in PEM format. Aside from the core fields, the certificates
+should include various extension data sets, including v3 basic
+constraints data, key purpose, key usage and subject alt name.
+
+The GNUTLS package includes a command called @code{certtool} which can
+be used to easily generate certificates and keys in the required format
+with expected data present. Alternatively a certificate management
+service may be used.
+
+At a minimum it is necessary to setup a certificate authority, and
+issue 

[Qemu-devel] [PATCH v3 3/3] usb-ccid: convert CCIDCardClass::exitfn() -> unrealize()

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/usb/ccid.h |  4 +++-
 hw/usb/ccid-card-emulated.c   |  4 ++--
 hw/usb/ccid-card-passthru.c   |  1 +
 hw/usb/dev-smartcard-reader.c | 25 +++--
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
index 6c6c10188d..3920733f13 100644
--- a/hw/usb/ccid.h
+++ b/hw/usb/ccid.h
@@ -28,13 +28,15 @@ typedef struct CCIDCardInfo CCIDCardInfo;
  * into the smartcard device (hw/ccid-card-*.c)
  */
 typedef struct CCIDCardClass {
+/*< private >*/
 DeviceClass parent_class;
+/*< public >*/
 const uint8_t *(*get_atr)(CCIDCardState *card, uint32_t *len);
 void (*apdu_from_guest)(CCIDCardState *card,
 const uint8_t *apdu,
 uint32_t len);
-void (*exitfn)(CCIDCardState *card);
 void (*realize)(CCIDCardState *card, Error **errp);
+void (*unrealize)(CCIDCardState *card, Error **errp);
 } CCIDCardClass;
 
 /*
diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index daefd9f8f4..ea42e4681d 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -547,7 +547,7 @@ static void emulated_realize(CCIDCardState *base, Error 
**errp)
card, QEMU_THREAD_JOINABLE);
 }
 
-static void emulated_exitfn(CCIDCardState *base)
+static void emulated_unrealize(CCIDCardState *base, Error **errp)
 {
 EmulatedState *card = EMULATED_CCID_CARD(base);
 VEvent *vevent = vevent_new(VEVENT_LAST, NULL, NULL);
@@ -582,7 +582,7 @@ static void emulated_class_initfn(ObjectClass *klass, void 
*data)
 CCIDCardClass *cc = CCID_CARD_CLASS(klass);
 
 cc->realize = emulated_realize;
-cc->exitfn = emulated_exitfn;
+cc->unrealize = emulated_unrealize;
 cc->get_atr = emulated_get_atr;
 cc->apdu_from_guest = emulated_apdu_from_guest;
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
index b7dd3602dc..085ed2c667 100644
--- a/hw/usb/ccid-card-passthru.c
+++ b/hw/usb/ccid-card-passthru.c
@@ -9,6 +9,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include 
 #include "chardev/char-fe.h"
 #include "qemu/error-report.h"
diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index 85f5f2247b..e6468057a0 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -500,16 +500,6 @@ static void ccid_card_apdu_from_guest(CCIDCardState *card,
 }
 }
 
-static void ccid_card_exitfn(CCIDCardState *card)
-{
-CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
-
-if (cc->exitfn) {
-cc->exitfn(card);
-}
-
-}
-
 static bool ccid_has_pending_answers(USBCCIDState *s)
 {
 return s->pending_answers_num > 0;
@@ -1271,18 +1261,25 @@ void ccid_card_card_inserted(CCIDCardState *card)
 ccid_on_slot_change(s, true);
 }
 
-static int ccid_card_exit(DeviceState *qdev)
+static void ccid_card_unrealize(DeviceState *qdev, Error **errp)
 {
 CCIDCardState *card = CCID_CARD(qdev);
+CCIDCardClass *cc = CCID_CARD_GET_CLASS(card);
 USBDevice *dev = USB_DEVICE(qdev->parent_bus->parent);
 USBCCIDState *s = USB_CCID_DEV(dev);
+Error *local_err = NULL;
 
 if (ccid_card_inserted(s)) {
 ccid_card_card_removed(card);
 }
-ccid_card_exitfn(card);
+if (cc->unrealize) {
+cc->unrealize(card, _err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
+}
 s->card = NULL;
-return 0;
 }
 
 static void ccid_card_realize(DeviceState *qdev, Error **errp)
@@ -1472,7 +1469,7 @@ static void ccid_card_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *k = DEVICE_CLASS(klass);
 k->bus_type = TYPE_CCID_BUS;
 k->realize = ccid_card_realize;
-k->exit = ccid_card_exit;
+k->unrealize = ccid_card_unrealize;
 k->props = ccid_props;
 }
 
-- 
2.15.1

Re: [Qemu-devel] [PATCH v10.5 15/20] target/arm: Use vector infrastructure for aa64 constant shifts

[Richard Henderson]

On 01/25/2018 09:03 AM, Peter Maydell wrote:
> On 17 January 2018 at 16:14, Richard Henderson
>  wrote:
>> Signed-off-by: Richard Henderson 
>> ---
>>  target/arm/translate-a64.c | 386 
>> ++---
>>  1 file changed, 329 insertions(+), 57 deletions(-)
>>
>> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
>> index 2495414603..1b5005637d 100644
>> --- a/target/arm/translate-a64.c
>> +++ b/target/arm/translate-a64.c
>> @@ -6489,17 +6489,6 @@ static void handle_shri_with_rndacc(TCGv_i64 tcg_res, 
>> TCGv_i64 tcg_src,
>>  }
>>  }
>>
>> -/* Common SHL/SLI - Shift left with an optional insert */
>> -static void handle_shli_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
>> - bool insert, int shift)
>> -{
>> -if (insert) { /* SLI */
>> -tcg_gen_deposit_i64(tcg_res, tcg_res, tcg_src, shift, 64 - shift);
>> -} else { /* SHL */
>> -tcg_gen_shli_i64(tcg_res, tcg_src, shift);
>> -}
>> -}
>> -
>>  /* SRI: shift right with insert */
>>  static void handle_shri_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
>>   int size, int shift)
>> @@ -6603,7 +6592,11 @@ static void handle_scalar_simd_shli(DisasContext *s, 
>> bool insert,
>>  tcg_rn = read_fp_dreg(s, rn);
>>  tcg_rd = insert ? read_fp_dreg(s, rd) : tcg_temp_new_i64();
>>
>> -handle_shli_with_ins(tcg_rd, tcg_rn, insert, shift);
>> +if (insert) {
>> +tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, shift, 64 - shift);
>> +} else {
>> +tcg_gen_shli_i64(tcg_rd, tcg_rn, shift);
>> +}
> 
> It looks like you're folding handle_shli_with_ins() into its
> now only callsite, but handle_shri_with_ins() has been left as
> its own function?

I didn't notice that.  I'll have a look.


>> +static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
>> +{
>> +uint64_t mask = (0xff >> shift) * (-1ull / 0xff);
>> +TCGv_i64 t = tcg_temp_new_i64();
>> +
>> +tcg_gen_shri_i64(t, a, shift);
>> +tcg_gen_andi_i64(t, t, mask);
>> +tcg_gen_andi_i64(d, d, ~mask);
>> +tcg_gen_or_i64(d, d, t);
>> +tcg_temp_free_i64(t);
> 
> The previous code was able to work with just shifts and deposits --
> why do we need to open-code this kind of mask-and-or now? Is this
> because we now operate an i64 at a time when we used to operate
> on smaller quantities at once?

Yes, exactly.  It's now 4 total operations instead of 16.

I should also tidy this to use a new dup_const function that's been introduced
since I first wrote this code...


r~

[Qemu-devel] [PATCH v3 0/3] usb-ccid: convert to realize/unrealize

[Philippe Mathieu-Daudé]

Hi Gerd, this is the previous patch rebased.

since v2:
- fixed an incorrectly placed assignment in ccid_card_realize()
- rebased

Regards,

Phil.

Mao Zhongyi (1):
  hw/usb/ccid: Make ccid_card_init() take an error parameter

Philippe Mathieu-Daudé (2):
  usb-ccid: inline ccid_card_initfn() in ccid_card_realize()
  usb-ccid: convert CCIDCardClass::exitfn() -> unrealize()

 hw/usb/ccid.h |  6 +++--
 hw/usb/ccid-card-emulated.c   | 48 -
 hw/usb/ccid-card-passthru.c   | 13 -
 hw/usb/dev-smartcard-reader.c | 63 +++
 4 files changed, 62 insertions(+), 68 deletions(-)

-- 
2.15.1

Re: [Qemu-devel] [PATCH v10.5 12/20] target/arm: Use vector infrastructure for aa64 add/sub/logic

[Richard Henderson]

On 01/25/2018 08:44 AM, Peter Maydell wrote:
>> +/* Return the offset info CPUARMState of the "whole" vector register Qn.  */
>> +static inline int vec_full_reg_offset(DisasContext *s, int regno)
>> +{
>> +assert_fp_access_checked(s);
>> +return offsetof(CPUARMState, vfp.regs[regno * 2]);
>> +}
> 
> This function is already in the preparatory SVE code in target-arm.next,
> so it should go away on rebase...

Ok.

> 
>> +
>> +/* Return the byte size of the "whole" vector register, VL / 8.  */
>> +static inline int vec_full_reg_size(DisasContext *s)
>> +{
>> +/* FIXME SVE: We should put the composite ZCR_EL* value into tb->flags.
>> +   In the meantime this is just the AdvSIMD length of 128.  */
>> +return 128 / 8;
>> +}
> 
> ...and this is fixed in your other patchset with the leftovers from
> that preparatory set, right? What's the plan for what sequence we
> put these into master?

I had previously assumed that this patch set would go in before all of the
other SVE prep work, though it doesn't seem to be working out that way...

I'd like this one to go in next, fwiw.

> Have you done risu-testing on this patchset?

Yes, I've run the full set of aarch64 risu tests.


r~

Re: [Qemu-devel] [PATCH v10.5 15/20] target/arm: Use vector infrastructure for aa64 constant shifts

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 386 
> ++---
>  1 file changed, 329 insertions(+), 57 deletions(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 2495414603..1b5005637d 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -6489,17 +6489,6 @@ static void handle_shri_with_rndacc(TCGv_i64 tcg_res, 
> TCGv_i64 tcg_src,
>  }
>  }
>
> -/* Common SHL/SLI - Shift left with an optional insert */
> -static void handle_shli_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
> - bool insert, int shift)
> -{
> -if (insert) { /* SLI */
> -tcg_gen_deposit_i64(tcg_res, tcg_res, tcg_src, shift, 64 - shift);
> -} else { /* SHL */
> -tcg_gen_shli_i64(tcg_res, tcg_src, shift);
> -}
> -}
> -
>  /* SRI: shift right with insert */
>  static void handle_shri_with_ins(TCGv_i64 tcg_res, TCGv_i64 tcg_src,
>   int size, int shift)
> @@ -6603,7 +6592,11 @@ static void handle_scalar_simd_shli(DisasContext *s, 
> bool insert,
>  tcg_rn = read_fp_dreg(s, rn);
>  tcg_rd = insert ? read_fp_dreg(s, rd) : tcg_temp_new_i64();
>
> -handle_shli_with_ins(tcg_rd, tcg_rn, insert, shift);
> +if (insert) {
> +tcg_gen_deposit_i64(tcg_rd, tcg_rd, tcg_rn, shift, 64 - shift);
> +} else {
> +tcg_gen_shli_i64(tcg_rd, tcg_rn, shift);
> +}

It looks like you're folding handle_shli_with_ins() into its
now only callsite, but handle_shri_with_ins() has been left as
its own function?

> +static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
> +{
> +uint64_t mask = (0xff >> shift) * (-1ull / 0xff);
> +TCGv_i64 t = tcg_temp_new_i64();
> +
> +tcg_gen_shri_i64(t, a, shift);
> +tcg_gen_andi_i64(t, t, mask);
> +tcg_gen_andi_i64(d, d, ~mask);
> +tcg_gen_or_i64(d, d, t);
> +tcg_temp_free_i64(t);

The previous code was able to work with just shifts and deposits --
why do we need to open-code this kind of mask-and-or now? Is this
because we now operate an i64 at a time when we used to operate
on smaller quantities at once?

thanks
-- PMM

Re: [Qemu-devel] [PULL] qemu-sparc updates

[Peter Maydell]

On 25 January 2018 at 13:48, Mark Cave-Ayland
 wrote:
> Sorry yes, those format strings were taken from some very old code so I
> should have paid a bit more attention.
>
> I've fixed up these events and re-pushed the qemu-sparc-signed tag to github
> which should resolve the issue.

Thanks, applied the updated version.

-- PMM

Re: [Qemu-devel] [Bug 1737194] Re: Windows NT 4.0 fails to boot from qcow2 installation

[Peter Maydell]

On 25 January 2018 at 16:43, John Arbuckle  wrote:
>> On Jan 25, 2018, at 11:16 AM, Peter Maydell  wrote:
>> If you configure with --disable-tools does it manage to build,
>> or does it just go on to fail to link the main QEMU binary
>> with the same error?

> It still fails to build:

That's a shame. Thanks for testing. I guess there was a bug that
we fixed at some point but figuring out what the bug fix was and
backporting it to the commits to be tested is probably too much
effort to be worthwhile.

-- PMM

Re: [Qemu-devel] [PATCH v2] qemu-io: fix EOF Ctrl-D handling in qemu-io readline code

[Daniel P . Berrangé]

ping, does any block maintainer want to queue this one ?

On Fri, Dec 08, 2017 at 01:34:16PM +, Daniel P. Berrange wrote:
> qemu-io puts the TTY into non-canonical mode, which means no EOF processing is
> done and thus getchar() will never return the EOF constant. Instead we have to
> query the TTY attributes to determine the configured EOF character (usually
> Ctrl-D / 0x4), and then explicitly check for that value. This fixes the
> regression that prevented Ctrl-D from triggering an exit of qemu-io that has
> existed since readline was first added in
> 
>   commit 0cf17e181798063c3824c8200ba46f25f54faa1a
>   Author: Stefan Hajnoczi 
>   Date:   Thu Nov 14 11:54:17 2013 +0100
> 
> qemu-io: use readline.c
> 
> Signed-off-by: Daniel P. Berrange 
> ---
> Changed in v2:
> 
>   - Query termios settings for EOF character
> 
>  qemu-io.c | 26 +-
>  1 file changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/qemu-io.c b/qemu-io.c
> index c70bde3eb1..fa4972d734 100644
> --- a/qemu-io.c
> +++ b/qemu-io.c
> @@ -10,6 +10,9 @@
>  #include "qemu/osdep.h"
>  #include 
>  #include 
> +#ifndef _WIN32
> +#include 
> +#endif
>  
>  #include "qapi/error.h"
>  #include "qemu-io.h"
> @@ -41,6 +44,26 @@ static bool imageOpts;
>  
>  static ReadLineState *readline_state;
>  
> +static int ttyEOF;
> +
> +static int get_eof_char(void)
> +{
> +#ifdef _WIN32
> +return 0x4; /* Ctrl-D */
> +#else
> +struct termios tty;
> +if (tcgetattr(STDIN_FILENO, ) != 0) {
> +if (errno == ENOTTY) {
> +return 0x0; /* just expect read() == 0 */
> +} else {
> +return 0x4; /* Ctrl-D */
> +}
> +}
> +
> +return tty.c_cc[VEOF];
> +#endif
> +}
> +
>  static int close_f(BlockBackend *blk, int argc, char **argv)
>  {
>  blk_unref(qemuio_blk);
> @@ -322,7 +345,7 @@ static char *fetchline_readline(void)
>  readline_start(readline_state, get_prompt(), 0, readline_func, );
>  while (!line) {
>  int ch = getchar();
> -if (ch == EOF) {
> +if (ttyEOF != 0x0 && ch == ttyEOF) {
>  break;
>  }
>  readline_handle_byte(readline_state, ch);
> @@ -592,6 +615,7 @@ int main(int argc, char **argv)
>  qemuio_add_command(_cmd);
>  
>  if (isatty(STDIN_FILENO)) {
> +ttyEOF = get_eof_char();
>  readline_state = readline_init(readline_printf_func,
> readline_flush_func,
> NULL,
> -- 
> 2.14.3
> 

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] (v2. forward to qemu )-Panic with ext4, nbd, qemu-img, block

[Eric Blake]

On 01/21/2018 08:06 PM, Hongzhi, Song wrote:
> Hello,
> 
> I create a virtual disk-image using qemu-img.
> 
> And then I use /dev/nbd to map the image.
> 
> I mount the /dev/nbd to a local dir with ext4-format
> 
> Finally, I have some trouble about ext4-filesystem and block device,
> with using demand of rsync or dd to write the image.
> 
> Reproduce :
> 
>     qemu-img create test.img 2G
> 
>     mkfs.ext4 -F test.img
> 
>  qemu-nbd -f raw -c /dev/nbd0 test.img
> 
>  mount -r ext4 /dev/nbd0 LOCAL_DIR/
> 
>     rsync -av META_DATA_DIR/  LOCAL_DIR/
> 
> Qemu Version:
> 
>     QEMU emulator version 2.10.0

There have been some bug fixes in the NBD code in qemu 2.11; does using
a newer version make a difference in your results?


> Detail:
> 
> 
> 329.11 EXT4-fs (nbd0): mounted filesystem with ordered data mode. Opts:
> (null)
> 329.12 block nbd0: Connection timed out
> 329.13 block nbd0: shutting down sockets

This sounds like a log of the kernel side; but it is rather sparse on
details on why the kernel lost the connection to the socket provided by
qemu-nbd -c.  Is there any chance we can get a corresponding trace from
qemu-nbd when reproducing the lost connection?

> 329.14 blk_update_request: I/O error, dev nbd0, sector 304384
> 329.15 blk_update_request: I/O error, dev nbd0, sector 304640
> 329.16 blk_update_request: I/O error, dev nbd0, sector 304896
> 329.17 blk_update_request: I/O error, dev nbd0, sector 305152
> 329.18 blk_update_request: I/O error, dev nbd0, sector 305408
> 329.19 blk_update_request: I/O error, dev nbd0, sector 305664
> 329.20 blk_update_request: I/O error, dev nbd0, sector 305920
> 329.21 blk_update_request: I/O error, dev nbd0, sector 306176
> 329.22 blk_update_request: I/O error, dev nbd0, sector 306432
> 329.23 blk_update_request: I/O error, dev nbd0, sector 306688
> 329.24 EXT4-fs warning (device nbd0): ext4_end_bio:322: I/O error -5
> writing to inode 160 (offset 8388608 size 8388608 starting block 38400)

Everything else in the trace looks like fallout from the initial lost
connection - once the kernel can't communicate to the NBD server, it has
to fail all pending and subsequent I/O requests to /dev/nbd0.  But until
we can figure out why the connection is dropped, seeing this part of the
trace doesn't add any information about the root cause.

But oddly enough, once things go south in the kernel nbd module, it
leads to a full-on kernel bug:

> GRNDSDP1.86B.0036.R05.1407140519 07/14/2014
> 329.51 Workqueue: writeback wb_workfn (flush-43:0)
> 329.52 task: 977bec759e00 task.stack: a2930524c000
> 329.53 RIP: 0010:submit_bh_wbc+0x155/0x160
> 329.54 RSP: 0018:a2930524f7e0 EFLAGS: 00010246
> 329.55 RAX: 00620005 RBX: 977f05cddc18 RCX: 
> 329.56 RDX: 977f05cddc18 RSI: 00020800 RDI: 0001
> 329.57 RBP: a2930524f808 R08: ff00 R09: 00ff
> 329.58 R10: a2930524f920 R11: 058c R12: a598
> 329.59 R13: ba15c500 R14: 977fe1bab400 R15: 977fea643000
> 329.60 FS: () GS:977befa0()
> knlGS:
> 329.61 CS: 0010 DS:  ES:  CR0: 80050033
> 329.62 CR2: 7f7d7010 CR3: 00035ce0e000 CR4: 001406e0
> 329.63 Call Trace:
> 329.64 __sync_dirty_buffer+0x41/0xa0
> 329.65 ext4_commit_super+0x1d6/0x2a0
> 329.66 __ext4_error_inode+0xb2/0x170

> 329.99 JBD2: Error -5 detected when updating journal superblock for nbd0-8.
> 329.100 Aborting journal on device nbd0-8.
> 329.101 [ cut here ]
> 329.102 kernel BUG at /kernel-source//fs/buffer.c:3091!

Well, that should certainly be reported to the kernel folks; nothing
qemu can do about it (a userspace socket serving NBD data should not be
able to cause the kernel NBD client to result in a subsequent kernel
crash, regardless of how bad data loss is when the socket disappears out
from under the kernel).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] Drop remaining bits of ia64 host support

[Richard Henderson]

On 01/25/2018 08:19 AM, Peter Maydell wrote:
> We dropped support for ia64 host CPUs in the 2.11 release (removing
> the TCG backend for it, and advertising the support as being
> completely removed in the changelog).  However there are a few bits
> and pieces of code still floating about.  Remove those, too.
> 
> We can drop the check in configure for "ia64 or hppa host?"
> entirely, because we don't support hppa hosts either any more.
> 
> Signed-off-by: Peter Maydell 
> ---

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PULL 0/3] Usb 20180125 v2 patches

[Philippe Mathieu-Daudé]

On 01/25/2018 01:43 PM, Gerd Hoffmann wrote:
> The following changes since commit 834a336eb911db8a8ca00e760ee6a85faca19414:
> 
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2018-01-24 19:24:26 +)
> 
> are available in the git repository at:
> 
>   git://git.kraxel.org/qemu tags/usb-20180125-v2-pull-request
> 
> for you to fetch changes up to 112d9cb43c70658b890559ff6dcfc5d9e821f368:
> 
>   usb-storage: Fix share-rw option parsing (2018-01-25 17:26:07 +0100)
> 
> 
> usb: -usbdevice cleanups, storage fix, ccid cleanup.
> 
> 
> 
> Fam Zheng (1):
>   usb-storage: Fix share-rw option parsing
> 
> Mao Zhongyi (1):
>   hw/usb/ccid: Make ccid_card_init() take an error parameter

NACK s->card not set in ccid_card_realize() ?

> 
> Thomas Huth (1):
>   usb: Remove legacy -usbdevice options (host, serial, disk and net)
> 
>  hw/usb/ccid.h |   2 +-
>  include/hw/scsi/scsi.h|   1 +
>  include/hw/usb.h  |   1 -
>  hw/scsi/scsi-bus.c|   9 ++-
>  hw/usb/ccid-card-emulated.c   |  44 ++---
>  hw/usb/ccid-card-passthru.c   |  12 ++--
>  hw/usb/dev-network.c  |  26 
>  hw/usb/dev-serial.c   |  30 -
>  hw/usb/dev-smartcard-reader.c |  34 +-
>  hw/usb/dev-storage.c  |  61 +-
>  hw/usb/host-legacy.c  | 144 
> --
>  hw/usb/host-stub.c|   6 --
>  vl.c  |  15 -
>  hw/usb/Makefile.objs  |   2 +-
>  qemu-options.hx   |  19 --
>  15 files changed, 60 insertions(+), 346 deletions(-)
>  delete mode 100644 hw/usb/host-legacy.c
> 

Re: [Qemu-devel] [Bug 1737194] Re: Windows NT 4.0 fails to boot from qcow2 installation

[John Arbuckle]

> On Jan 25, 2018, at 11:16 AM, Peter Maydell  wrote:
> 
> On 25 January 2018 at 15:58, John Arbuckle  wrote:
>> I did try to build at commits 306ec6c3cece7004429c79c1ac93d49919f1f1cc
>> and e689f7c668cbd9d08f330e17c3dd3a059c9553d3. Both failed to build on my
>> Mac OS X system. Here is the error message I usually saw:
>> 
>>  LINK  qemu-io
>> Undefined symbols for architecture x86_64:
>>  "_use_rt_clock", referenced from:
>>  _bdrv_acct_start in block.o
>>  _bdrv_acct_done in block.o
>> Undefined symbols for architecture x86_64:
>>  _qemu_clock_get_ns in qemu-timer.o
>>  "_use_rt_clock", referenced from:
>>  _bdrv_acct_start in block.o
>>  _bdrv_acct_done in block.o
>>  _qemu_clock_get_ns in qemu-timer.o
> 
> If you configure with --disable-tools does it manage to build,
> or does it just go on to fail to link the main QEMU binary
> with the same error? (We've had some issues in the past I think
> where configure put libraries on the main binary link line but
> not on the tools link lines, so maybe worth a try...)
> 
> thanks
> -- PMM
> 

It still fails to build:

Build commands: ./configure --disable-tools --target-list=i386-softmmu
&& make -j 4

QEMU at commit: 306ec6c3cece7004429c79c1ac93d49919f1f1cc

  LINK  i386-softmmu/qemu-system-i386
Undefined symbols for architecture x86_64:
  "_use_rt_clock", referenced from:
  _bdrv_acct_start in block.o
  _bdrv_acct_done in block.o
  _qemu_clock_get_ns in qemu-timer.o
  _cpu_get_clock in cpus.o
  _cpu_enable_ticks in cpus.o
  _cpu_disable_ticks in cpus.o
  _icount_warp_rt in cpus.o
  ...
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [qemu-system-i386] Error 1
make: *** [subdir-i386-softmmu] Error 2

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1737194

Title:
  Windows NT 4.0 fails to boot from qcow2 installation

Status in QEMU:
  New

Bug description:
  Windows NT 4.0 will not boot from an installation more than once if
  installed in a qcow2 image file. A quick fix to this problem is to use
  the qcow format instead.

  Steps to reproduce this issue:

  Create the image file:
  qemu-img create -f qcow2 winnt4.qcow2 1G

  Boot from a Windows NT 4.0 Workstation CD:
  qemu-system-i386 -hda winnt4.qcow2 -cdrom /dev/cdrom -boot d -m 128 -cpu 
pentium -vga cirrus

  During the installation process you have the choise between FAT and
  NTFS. You can pick anyone.

  After finishing the installation the guest will reboot to install
  additional items. Once this is done the guest will be bootable. Eject
  any CD media from QEMU and reboot. You will then see Windows NT 4.0
  booting up to the desktop. Go to "Start->Shut down" to shut down. Then
  when Windows is ready quit QEMU.

  Now try to boot using this command:
  qemu-system-i386 -hda winnt4.qcow2 -boot c -m 128 -cpu pentium -vga cirrus 
   
  The BIOS screen will display an error message:

  For NTFS: 
  Booting from Hard Disk...
  A disk read error occurred.
  Insert a system diskette and restart
  the system.

  For FAT:
  No bootable device.

  Additional information:
  qemu-system-i386 version: 2.10.1
  qemu-img version: 2.10.92 (v2.11.0-rc4-dirty)

  If you don't have a Windows NT 4.0 Workstation installation CD, you may 
download one from here:
  https://winworldpc.com/product/windows-nt-40/40

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1737194/+subscriptions

Re: [Qemu-devel] [PATCH v10.5 14/20] target/arm: Use vector infrastructure for aa64 dup/movi

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 83 
> +++---
>  1 file changed, 34 insertions(+), 49 deletions(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 219cc1e19d..2495414603 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -5863,38 +5863,24 @@ static void disas_simd_across_lanes(DisasContext *s, 
> uint32_t insn)
>   *
>   * size: encoded in imm5 (see ARM ARM LowestSetBit())
>   */
> +

Stray whitespace change

>  static void handle_simd_dupe(DisasContext *s, int is_q, int rd, int rn,
>   int imm5)
>  {
>  int size = ctz32(imm5);
> -int esize = 8 << size;
> -int elements = (is_q ? 128 : 64) / esize;
> -int index, i;
> -TCGv_i64 tmp;
> +int index = imm5 >> (size + 1);
>
>  if (size > 3 || (size == 3 && !is_q)) {
>  unallocated_encoding(s);
>  return;
>  }
> -

Ditto.


Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PULL 2/3] hw/usb/ccid: Make ccid_card_init() take an error parameter

[Philippe Mathieu-Daudé]

On Thu, Jan 25, 2018 at 1:45 PM, Philippe Mathieu-Daudé
 wrote:
> Hi Gerd,
>
> On Thu, Jan 25, 2018 at 6:16 AM, Gerd Hoffmann  wrote:
>> From: Mao Zhongyi 
>>
>> Replace init() of CCIDCardClass with realize, then convert
>> ccid_card_init(), ccid_card_initfn() and it's callbacks to
>> take an Error** in ordor to report the error more clearly.
>>
>> Cc: Gerd Hoffmann 
>> Cc: Marc-André Lureau 
>> Cc: Cao jin 
>>
>> Signed-off-by: Mao Zhongyi 
>> Signed-off-by: Cao jin 
>> Message-id: 
>> a8b7c670cb61b8096291f5730af62f4230a3e7fa.1514187411.git.maozy.f...@cn.fujitsu.com
>> Signed-off-by: Gerd Hoffmann 
>> ---
>>  hw/usb/ccid.h |  2 +-
>>  hw/usb/ccid-card-emulated.c   | 44 
>> +--
>>  hw/usb/ccid-card-passthru.c   | 12 ++--
>>  hw/usb/dev-smartcard-reader.c | 34 ++---
>>  4 files changed, 48 insertions(+), 44 deletions(-)
>>
>> diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
>> index 1f070116d6..6c6c10188d 100644
>> --- a/hw/usb/ccid.h
>> +++ b/hw/usb/ccid.h
>> @@ -34,7 +34,7 @@ typedef struct CCIDCardClass {
>>  const uint8_t *apdu,
>>  uint32_t len);
>>  void (*exitfn)(CCIDCardState *card);
>> -int (*initfn)(CCIDCardState *card);
>> +void (*realize)(CCIDCardState *card, Error **errp);
>>  } CCIDCardClass;
>>
>>  /*
>> diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
>> index e646eb243b..daefd9f8f4 100644
>> --- a/hw/usb/ccid-card-emulated.c
>> +++ b/hw/usb/ccid-card-emulated.c
>> @@ -35,6 +35,7 @@
>>  #include "qemu/thread.h"
>>  #include "qemu/main-loop.h"
>>  #include "ccid.h"
>> +#include "qapi/error.h"
>>
>>  #define DPRINTF(card, lvl, fmt, ...) \
>>  do {\
>> @@ -401,10 +402,10 @@ static void card_event_handler(EventNotifier *notifier)
>>  qemu_mutex_unlock(>event_list_mutex);
>>  }
>>
>> -static int init_event_notifier(EmulatedState *card)
>> +static int init_event_notifier(EmulatedState *card, Error **errp)
>>  {
>>  if (event_notifier_init(>notifier, false) < 0) {
>> -DPRINTF(card, 2, "event notifier creation failed\n");
>> +error_setg(errp, "ccid-card-emul: event notifier creation failed");
>>  return -1;
>>  }
>>  event_notifier_set_handler(>notifier, card_event_handler);
>> @@ -480,7 +481,7 @@ static uint32_t parse_enumeration(char *str,
>>  return ret;
>>  }
>>
>> -static int emulated_initfn(CCIDCardState *base)
>> +static void emulated_realize(CCIDCardState *base, Error **errp)
>>  {
>>  EmulatedState *card = EMULATED_CCID_CARD(base);
>>  VCardEmulError ret;
>> @@ -494,8 +495,8 @@ static int emulated_initfn(CCIDCardState *base)
>>  qemu_cond_init(>handle_apdu_cond);
>>  card->reader = NULL;
>>  card->quit_apdu_thread = 0;
>> -if (init_event_notifier(card) < 0) {
>> -return -1;
>> +if (init_event_notifier(card, errp) < 0) {
>> +return;
>>  }
>>
>>  card->backend = 0;
>> @@ -505,11 +506,11 @@ static int emulated_initfn(CCIDCardState *base)
>>  }
>>
>>  if (card->backend == 0) {
>> -printf("backend must be one of:\n");
>> +error_setg(errp, "backend must be one of:");
>>  for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
>> -printf("%s\n", ptable->name);
>> +error_append_hint(errp, "%s\n", ptable->name);
>>  }
>> -return -1;
>> +return;
>>  }
>>
>>  /* TODO: a passthru backened that works on local machine. third card 
>> type?*/
>> @@ -517,34 +518,33 @@ static int emulated_initfn(CCIDCardState *base)
>>  if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != 
>> NULL) {
>>  ret = emulated_initialize_vcard_from_certificates(card);
>>  } else {
>> -printf("%s: you must provide all three certs for"
>> -   " certificates backend\n", TYPE_EMULATED_CCID);
>> -return -1;
>> +error_setg(errp, "%s: you must provide all three certs for"
>> +   " certificates backend", TYPE_EMULATED_CCID);
>> +return;
>>  }
>>  } else {
>>  if (card->backend != BACKEND_NSS_EMULATED) {
>> -printf("%s: bad backend specified. The options are:\n%s 
>> (default),"
>> -" %s.\n", TYPE_EMULATED_CCID, BACKEND_NSS_EMULATED_NAME,
>> -BACKEND_CERTIFICATES_NAME);
>> -return -1;
>> +error_setg(errp, "%s: bad backend specified. The options are:%s"
>> +   " (default), %s.", TYPE_EMULATED_CCID,
>> +   BACKEND_NSS_EMULATED_NAME, 
>> BACKEND_CERTIFICATES_NAME);
>> +return;
>>  }
>>  

Re: [Qemu-devel] [PATCH v10.5 13/20] target/arm: Use vector infrastructure for aa64 mov/not/neg

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 43 ++-
>  1 file changed, 38 insertions(+), 5 deletions(-)
>

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [Bug 1737194] Re: Windows NT 4.0 fails to boot from qcow2 installation

[John Arbuckle]

> # WinNT 4 Terminal Server
> 
> Most of the time, NTLDR will fire up normally. But every so often...
> 
>   SeaBIOS (version 
> rel-1.7.3-117-g31b8b4e-20131206_080705-nilsson.home.kraxel.org)
> 
>   Booting from Hard Disk...
>   A disk read error occurred.
>   Insert a system diskette and restart
>   the system.
> 
> (NB. You're seeing the old SeaBIOS version included with e689f7c, which was 
> the first buggy commit.)
> 
> If NT gets past this point without erroring out (ie, it makes it to the boot 
> menu), the rest of the system is 100% fine and there are no other disk I/O 
> issues whatsoever. For example, on QEMU 2.9.0 I was able to enable disk 
> compression, answer "Yes" to "Compress entire disk now?" and have the process 
> fully complete. No hitches.
> 

I tried adding -M isapc to my Windows NT 4.0 VM's arguments and I saw
the same error message at first. Then I tried it again by making a few
changes. I played with the network card settings and removed the "-M
isapc" argument to make things work again. Then I went back and added
the "-M isapc" option again and Windows booted. I restarted several
times and didn't see the error message. I am using qemu-system-i386
version 2.10.1. Just to see if I could see any of the disk errors you
saw I ran in the command prompt "chkdsk c:" a couple of times. It came
back with no errors every time.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1737194

Title:
  Windows NT 4.0 fails to boot from qcow2 installation

Status in QEMU:
  New

Bug description:
  Windows NT 4.0 will not boot from an installation more than once if
  installed in a qcow2 image file. A quick fix to this problem is to use
  the qcow format instead.

  Steps to reproduce this issue:

  Create the image file:
  qemu-img create -f qcow2 winnt4.qcow2 1G

  Boot from a Windows NT 4.0 Workstation CD:
  qemu-system-i386 -hda winnt4.qcow2 -cdrom /dev/cdrom -boot d -m 128 -cpu 
pentium -vga cirrus

  During the installation process you have the choise between FAT and
  NTFS. You can pick anyone.

  After finishing the installation the guest will reboot to install
  additional items. Once this is done the guest will be bootable. Eject
  any CD media from QEMU and reboot. You will then see Windows NT 4.0
  booting up to the desktop. Go to "Start->Shut down" to shut down. Then
  when Windows is ready quit QEMU.

  Now try to boot using this command:
  qemu-system-i386 -hda winnt4.qcow2 -boot c -m 128 -cpu pentium -vga cirrus 
   
  The BIOS screen will display an error message:

  For NTFS: 
  Booting from Hard Disk...
  A disk read error occurred.
  Insert a system diskette and restart
  the system.

  For FAT:
  No bootable device.

  Additional information:
  qemu-system-i386 version: 2.10.1
  qemu-img version: 2.10.92 (v2.11.0-rc4-dirty)

  If you don't have a Windows NT 4.0 Workstation installation CD, you may 
download one from here:
  https://winworldpc.com/product/windows-nt-40/40

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1737194/+subscriptions

Re: [Qemu-devel] [PATCH v10.5 12/20] target/arm: Use vector infrastructure for aa64 add/sub/logic

[Peter Maydell]

On 17 January 2018 at 16:14, Richard Henderson
 wrote:
> Reviewed-by: Alex Bennée 
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 207 
> +
>  1 file changed, 134 insertions(+), 73 deletions(-)
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 70c1e08a36..b97bc9b83c 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -21,6 +21,7 @@
>  #include "cpu.h"
>  #include "exec/exec-all.h"
>  #include "tcg-op.h"
> +#include "tcg-op-gvec.h"
>  #include "qemu/log.h"
>  #include "arm_ldst.h"
>  #include "translate.h"
> @@ -83,6 +84,10 @@ typedef void NeonGenOneOpFn(TCGv_i64, TCGv_i64);
>  typedef void CryptoTwoOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32);
>  typedef void CryptoThreeOpEnvFn(TCGv_ptr, TCGv_i32, TCGv_i32, TCGv_i32);
>
> +/* Note that the gvec expanders operate on offsets + sizes.  */
> +typedef void GVecGen3Fn(unsigned, uint32_t, uint32_t,
> +uint32_t, uint32_t, uint32_t);
> +
>  /* initialize TCG globals.  */
>  void a64_translate_init(void)
>  {
> @@ -535,6 +540,21 @@ static inline int vec_reg_offset(DisasContext *s, int 
> regno,
>  return offs;
>  }
>
> +/* Return the offset info CPUARMState of the "whole" vector register Qn.  */
> +static inline int vec_full_reg_offset(DisasContext *s, int regno)
> +{
> +assert_fp_access_checked(s);
> +return offsetof(CPUARMState, vfp.regs[regno * 2]);
> +}

This function is already in the preparatory SVE code in target-arm.next,
so it should go away on rebase...

> +
> +/* Return the byte size of the "whole" vector register, VL / 8.  */
> +static inline int vec_full_reg_size(DisasContext *s)
> +{
> +/* FIXME SVE: We should put the composite ZCR_EL* value into tb->flags.
> +   In the meantime this is just the AdvSIMD length of 128.  */
> +return 128 / 8;
> +}

...and this is fixed in your other patchset with the leftovers from
that preparatory set, right? What's the plan for what sequence we
put these into master?

Have you done risu-testing on this patchset?

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH v1] migration: change blocktime type to uint32_t

[Alexey Perevalov]

Initially int64_t was used, but on PowerPC architecture,
clang doesn't have atomic_*_8 function, so it produces
link time error.

QEMU is working with time as with 64bit value, but by
fact 32 bit is enough with CLOCK_REALTIME. In this case
blocktime will keep only 1200 hours time interval.

Signed-off-by: Alexey Perevalov 
---
 hmp.c|  4 ++--
 migration/postcopy-ram.c | 47 ++-
 migration/trace-events   |  4 ++--
 qapi/migration.json  |  4 ++--
 4 files changed, 36 insertions(+), 23 deletions(-)

diff --git a/hmp.c b/hmp.c
index c6bab53..3c376b3 100644
--- a/hmp.c
+++ b/hmp.c
@@ -265,7 +265,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
 }
 
 if (info->has_postcopy_blocktime) {
-monitor_printf(mon, "postcopy blocktime: %" PRId64 "\n",
+monitor_printf(mon, "postcopy blocktime: %u\n",
info->postcopy_blocktime);
 }
 
@@ -273,7 +273,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
 Visitor *v;
 char *str;
 v = string_output_visitor_new(false, );
-visit_type_int64List(v, NULL, >postcopy_vcpu_blocktime, NULL);
+visit_type_uint32List(v, NULL, >postcopy_vcpu_blocktime, NULL);
 visit_complete(v, );
 monitor_printf(mon, "postcopy vcpu blocktime: %s\n", str);
 g_free(str);
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 7814da5..ce91de8 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -63,14 +63,14 @@ struct PostcopyDiscardState {
 
 typedef struct PostcopyBlocktimeContext {
 /* time when page fault initiated per vCPU */
-int64_t *page_fault_vcpu_time;
+uint32_t *page_fault_vcpu_time;
 /* page address per vCPU */
 uintptr_t *vcpu_addr;
-int64_t total_blocktime;
+uint32_t total_blocktime;
 /* blocktime per vCPU */
-int64_t *vcpu_blocktime;
+uint32_t *vcpu_blocktime;
 /* point in time when last page fault was initiated */
-int64_t last_begin;
+uint32_t last_begin;
 /* number of vCPU are suspended */
 int smp_cpus_down;
 
@@ -99,22 +99,22 @@ static void migration_exit_cb(Notifier *n, void *data)
 static struct PostcopyBlocktimeContext *blocktime_context_new(void)
 {
 PostcopyBlocktimeContext *ctx = g_new0(PostcopyBlocktimeContext, 1);
-ctx->page_fault_vcpu_time = g_new0(int64_t, smp_cpus);
+ctx->page_fault_vcpu_time = g_new0(uint32_t, smp_cpus);
 ctx->vcpu_addr = g_new0(uintptr_t, smp_cpus);
-ctx->vcpu_blocktime = g_new0(int64_t, smp_cpus);
+ctx->vcpu_blocktime = g_new0(uint32_t, smp_cpus);
 
 ctx->exit_notifier.notify = migration_exit_cb;
 qemu_add_exit_notifier(>exit_notifier);
 return ctx;
 }
 
-static int64List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
+static uint32List *get_vcpu_blocktime_list(PostcopyBlocktimeContext *ctx)
 {
-int64List *list = NULL, *entry = NULL;
+uint32List *list = NULL, *entry = NULL;
 int i;
 
 for (i = smp_cpus - 1; i >= 0; i--) {
-entry = g_new0(int64List, 1);
+entry = g_new0(uint32List, 1);
 entry->value = ctx->vcpu_blocktime[i];
 entry->next = list;
 list = entry;
@@ -145,7 +145,7 @@ void fill_destination_postcopy_migration_info(MigrationInfo 
*info)
 info->postcopy_vcpu_blocktime = get_vcpu_blocktime_list(bc);
 }
 
-static uint64_t get_postcopy_total_blocktime(void)
+static uint32_t get_postcopy_total_blocktime(void)
 {
 MigrationIncomingState *mis = migration_incoming_get_current();
 PostcopyBlocktimeContext *bc = mis->blocktime_ctx;
@@ -619,6 +619,16 @@ static int get_mem_fault_cpu_index(uint32_t pid)
 return -1;
 }
 
+static uint32_t get_least_significant_part(int64_t value)
+{
+unsigned char *t = (unsigned char *)
+#if defined(HOST_WORDS_BIGENDIAN)
+return t[4] << 24 | t[5] << 16 | t[6] << 8 | t[7] << 0;
+#else
+return t[0] << 0 | t[1] << 8 | t[2] << 16 | t[3] << 24;
+#endif /* HOST_WORDS_BIGENDIAN */
+}
+
 /*
  * This function is being called when pagefault occurs. It
  * tracks down vCPU blocking time.
@@ -634,6 +644,7 @@ static void mark_postcopy_blocktime_begin(uintptr_t addr, 
uint32_t ptid,
 MigrationIncomingState *mis = migration_incoming_get_current();
 PostcopyBlocktimeContext *dc = mis->blocktime_ctx;
 int64_t now_ms;
+uint32_t least_now;
 
 if (!dc || ptid == 0) {
 return;
@@ -644,13 +655,14 @@ static void mark_postcopy_blocktime_begin(uintptr_t addr, 
uint32_t ptid,
 }
 
 now_ms = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
+least_now = get_least_significant_part(now_ms);
 if (dc->vcpu_addr[cpu] == 0) {
 atomic_inc(>smp_cpus_down);
 }
 
-atomic_xchg__nocheck(>last_begin, now_ms);
-atomic_xchg__nocheck(>page_fault_vcpu_time[cpu], now_ms);
-atomic_xchg__nocheck(>vcpu_addr[cpu], addr);
+atomic_xchg(>last_begin, least_now);
+

[Qemu-devel] [PATCH v1] Fix build on ppc platform in migration/postcopy-ram.c

[Alexey Perevalov]

It was a problem with 64 atomics on ppc in migration/postcopy-ram.c reported by
Philippe Mathieu-Daudé .


I didn't check on ppc due to debina installation inside docker is failed,
but I have my own debian on qemu-system-ppc, but build is still going.
It also was tested on Ubuntu16.04 on i386.

This commit is based on commit ee264eb32c14f076c964fc34ee66f6f95cce2080
"Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.12-20180121' into 
staging"

Alexey Perevalov (1):
  migration: change blocktime type to uint32_t

 hmp.c|  4 ++--
 migration/postcopy-ram.c | 47 ++-
 migration/trace-events   |  4 ++--
 qapi/migration.json  |  4 ++--
 4 files changed, 36 insertions(+), 23 deletions(-)

-- 
2.7.4

[Qemu-devel] [PULL 3/3] usb-storage: Fix share-rw option parsing

[Gerd Hoffmann]

From: Fam Zheng 

Because usb-storage creates an internal scsi device, we should propagate
options. We already do so for bootindex etc, but failed to take care of
share-rw. Fix it in an apparent way: add a new parameter to
scsi_bus_legacy_add_drive and pass in s->conf.share_rw.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Fam Zheng 
Reviewed-by: Darren Kenny 
Message-id: 20180117005222.4781-1-f...@redhat.com
Signed-off-by: Gerd Hoffmann 
---
 include/hw/scsi/scsi.h | 1 +
 hw/scsi/scsi-bus.c | 9 -
 hw/usb/dev-storage.c   | 3 ++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
index 23a8ee6a7d..802a647cdc 100644
--- a/include/hw/scsi/scsi.h
+++ b/include/hw/scsi/scsi.h
@@ -151,6 +151,7 @@ static inline SCSIBus *scsi_bus_from_device(SCSIDevice *d)
 
 SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
   int unit, bool removable, int bootindex,
+  bool share_rw,
   const char *serial, Error **errp);
 void scsi_bus_legacy_handle_cmdline(SCSIBus *bus, bool deprecated);
 void scsi_legacy_handle_cmdline(void);
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index 965becf31f..05e501efd3 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -224,6 +224,7 @@ static void scsi_qdev_unrealize(DeviceState *qdev, Error 
**errp)
 /* handle legacy '-drive if=scsi,...' cmd line args */
 SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
   int unit, bool removable, int bootindex,
+  bool share_rw,
   const char *serial, Error **errp)
 {
 const char *driver;
@@ -254,6 +255,12 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, 
BlockBackend *blk,
 object_unparent(OBJECT(dev));
 return NULL;
 }
+object_property_set_bool(OBJECT(dev), share_rw, "share-rw", );
+if (err != NULL) {
+error_propagate(errp, err);
+object_unparent(OBJECT(dev));
+return NULL;
+}
 object_property_set_bool(OBJECT(dev), true, "realized", );
 if (err != NULL) {
 error_propagate(errp, err);
@@ -288,7 +295,7 @@ void scsi_bus_legacy_handle_cmdline(SCSIBus *bus, bool 
deprecated)
 }
 }
 scsi_bus_legacy_add_drive(bus, blk_by_legacy_dinfo(dinfo),
-  unit, false, -1, NULL, _fatal);
+  unit, false, -1, false, NULL, _fatal);
 }
 loc_pop();
 }
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index e44a5c72cf..b56c75a73a 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -633,7 +633,8 @@ static void usb_msd_storage_realize(USBDevice *dev, Error 
**errp)
 scsi_bus_new(>bus, sizeof(s->bus), DEVICE(dev),
  _msd_scsi_info_storage, NULL);
 scsi_dev = scsi_bus_legacy_add_drive(>bus, blk, 0, !!s->removable,
- s->conf.bootindex, dev->serial,
+ s->conf.bootindex, s->conf.share_rw,
+ dev->serial,
  errp);
 blk_unref(blk);
 if (!scsi_dev) {
-- 
2.9.3

Re: [Qemu-devel] [PULL 2/3] hw/usb/ccid: Make ccid_card_init() take an error parameter

[Philippe Mathieu-Daudé]

Hi Gerd,

On Thu, Jan 25, 2018 at 6:16 AM, Gerd Hoffmann  wrote:
> From: Mao Zhongyi 
>
> Replace init() of CCIDCardClass with realize, then convert
> ccid_card_init(), ccid_card_initfn() and it's callbacks to
> take an Error** in ordor to report the error more clearly.
>
> Cc: Gerd Hoffmann 
> Cc: Marc-André Lureau 
> Cc: Cao jin 
>
> Signed-off-by: Mao Zhongyi 
> Signed-off-by: Cao jin 
> Message-id: 
> a8b7c670cb61b8096291f5730af62f4230a3e7fa.1514187411.git.maozy.f...@cn.fujitsu.com
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/usb/ccid.h |  2 +-
>  hw/usb/ccid-card-emulated.c   | 44 
> +--
>  hw/usb/ccid-card-passthru.c   | 12 ++--
>  hw/usb/dev-smartcard-reader.c | 34 ++---
>  4 files changed, 48 insertions(+), 44 deletions(-)
>
> diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
> index 1f070116d6..6c6c10188d 100644
> --- a/hw/usb/ccid.h
> +++ b/hw/usb/ccid.h
> @@ -34,7 +34,7 @@ typedef struct CCIDCardClass {
>  const uint8_t *apdu,
>  uint32_t len);
>  void (*exitfn)(CCIDCardState *card);
> -int (*initfn)(CCIDCardState *card);
> +void (*realize)(CCIDCardState *card, Error **errp);
>  } CCIDCardClass;
>
>  /*
> diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
> index e646eb243b..daefd9f8f4 100644
> --- a/hw/usb/ccid-card-emulated.c
> +++ b/hw/usb/ccid-card-emulated.c
> @@ -35,6 +35,7 @@
>  #include "qemu/thread.h"
>  #include "qemu/main-loop.h"
>  #include "ccid.h"
> +#include "qapi/error.h"
>
>  #define DPRINTF(card, lvl, fmt, ...) \
>  do {\
> @@ -401,10 +402,10 @@ static void card_event_handler(EventNotifier *notifier)
>  qemu_mutex_unlock(>event_list_mutex);
>  }
>
> -static int init_event_notifier(EmulatedState *card)
> +static int init_event_notifier(EmulatedState *card, Error **errp)
>  {
>  if (event_notifier_init(>notifier, false) < 0) {
> -DPRINTF(card, 2, "event notifier creation failed\n");
> +error_setg(errp, "ccid-card-emul: event notifier creation failed");
>  return -1;
>  }
>  event_notifier_set_handler(>notifier, card_event_handler);
> @@ -480,7 +481,7 @@ static uint32_t parse_enumeration(char *str,
>  return ret;
>  }
>
> -static int emulated_initfn(CCIDCardState *base)
> +static void emulated_realize(CCIDCardState *base, Error **errp)
>  {
>  EmulatedState *card = EMULATED_CCID_CARD(base);
>  VCardEmulError ret;
> @@ -494,8 +495,8 @@ static int emulated_initfn(CCIDCardState *base)
>  qemu_cond_init(>handle_apdu_cond);
>  card->reader = NULL;
>  card->quit_apdu_thread = 0;
> -if (init_event_notifier(card) < 0) {
> -return -1;
> +if (init_event_notifier(card, errp) < 0) {
> +return;
>  }
>
>  card->backend = 0;
> @@ -505,11 +506,11 @@ static int emulated_initfn(CCIDCardState *base)
>  }
>
>  if (card->backend == 0) {
> -printf("backend must be one of:\n");
> +error_setg(errp, "backend must be one of:");
>  for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
> -printf("%s\n", ptable->name);
> +error_append_hint(errp, "%s\n", ptable->name);
>  }
> -return -1;
> +return;
>  }
>
>  /* TODO: a passthru backened that works on local machine. third card 
> type?*/
> @@ -517,34 +518,33 @@ static int emulated_initfn(CCIDCardState *base)
>  if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != 
> NULL) {
>  ret = emulated_initialize_vcard_from_certificates(card);
>  } else {
> -printf("%s: you must provide all three certs for"
> -   " certificates backend\n", TYPE_EMULATED_CCID);
> -return -1;
> +error_setg(errp, "%s: you must provide all three certs for"
> +   " certificates backend", TYPE_EMULATED_CCID);
> +return;
>  }
>  } else {
>  if (card->backend != BACKEND_NSS_EMULATED) {
> -printf("%s: bad backend specified. The options are:\n%s 
> (default),"
> -" %s.\n", TYPE_EMULATED_CCID, BACKEND_NSS_EMULATED_NAME,
> -BACKEND_CERTIFICATES_NAME);
> -return -1;
> +error_setg(errp, "%s: bad backend specified. The options are:%s"
> +   " (default), %s.", TYPE_EMULATED_CCID,
> +   BACKEND_NSS_EMULATED_NAME, BACKEND_CERTIFICATES_NAME);
> +return;
>  }
>  if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != 
> NULL) {
> -printf("%s: unexpected cert parameters to nss emulated 
> backend\n",
> -   TYPE_EMULATED_CCID);
> -

[Qemu-devel] [PULL 0/3] Usb 20180125 v2 patches

[Gerd Hoffmann]

The following changes since commit 834a336eb911db8a8ca00e760ee6a85faca19414:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
(2018-01-24 19:24:26 +)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/usb-20180125-v2-pull-request

for you to fetch changes up to 112d9cb43c70658b890559ff6dcfc5d9e821f368:

  usb-storage: Fix share-rw option parsing (2018-01-25 17:26:07 +0100)


usb: -usbdevice cleanups, storage fix, ccid cleanup.



Fam Zheng (1):
  usb-storage: Fix share-rw option parsing

Mao Zhongyi (1):
  hw/usb/ccid: Make ccid_card_init() take an error parameter

Thomas Huth (1):
  usb: Remove legacy -usbdevice options (host, serial, disk and net)

 hw/usb/ccid.h |   2 +-
 include/hw/scsi/scsi.h|   1 +
 include/hw/usb.h  |   1 -
 hw/scsi/scsi-bus.c|   9 ++-
 hw/usb/ccid-card-emulated.c   |  44 ++---
 hw/usb/ccid-card-passthru.c   |  12 ++--
 hw/usb/dev-network.c  |  26 
 hw/usb/dev-serial.c   |  30 -
 hw/usb/dev-smartcard-reader.c |  34 +-
 hw/usb/dev-storage.c  |  61 +-
 hw/usb/host-legacy.c  | 144 --
 hw/usb/host-stub.c|   6 --
 vl.c  |  15 -
 hw/usb/Makefile.objs  |   2 +-
 qemu-options.hx   |  19 --
 15 files changed, 60 insertions(+), 346 deletions(-)
 delete mode 100644 hw/usb/host-legacy.c

-- 
2.9.3

[Qemu-devel] [PULL 2/3] hw/usb/ccid: Make ccid_card_init() take an error parameter

[Gerd Hoffmann]

From: Mao Zhongyi 

Replace init() of CCIDCardClass with realize, then convert
ccid_card_init(), ccid_card_initfn() and it's callbacks to
take an Error** in ordor to report the error more clearly.

Cc: Gerd Hoffmann 
Cc: Marc-André Lureau 
Cc: Cao jin 

Signed-off-by: Mao Zhongyi 
Signed-off-by: Cao jin 
Message-id: 
a8b7c670cb61b8096291f5730af62f4230a3e7fa.1514187411.git.maozy.f...@cn.fujitsu.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/ccid.h |  2 +-
 hw/usb/ccid-card-emulated.c   | 44 +--
 hw/usb/ccid-card-passthru.c   | 12 ++--
 hw/usb/dev-smartcard-reader.c | 34 ++---
 4 files changed, 48 insertions(+), 44 deletions(-)

diff --git a/hw/usb/ccid.h b/hw/usb/ccid.h
index 1f070116d6..6c6c10188d 100644
--- a/hw/usb/ccid.h
+++ b/hw/usb/ccid.h
@@ -34,7 +34,7 @@ typedef struct CCIDCardClass {
 const uint8_t *apdu,
 uint32_t len);
 void (*exitfn)(CCIDCardState *card);
-int (*initfn)(CCIDCardState *card);
+void (*realize)(CCIDCardState *card, Error **errp);
 } CCIDCardClass;
 
 /*
diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c
index e646eb243b..daefd9f8f4 100644
--- a/hw/usb/ccid-card-emulated.c
+++ b/hw/usb/ccid-card-emulated.c
@@ -35,6 +35,7 @@
 #include "qemu/thread.h"
 #include "qemu/main-loop.h"
 #include "ccid.h"
+#include "qapi/error.h"
 
 #define DPRINTF(card, lvl, fmt, ...) \
 do {\
@@ -401,10 +402,10 @@ static void card_event_handler(EventNotifier *notifier)
 qemu_mutex_unlock(>event_list_mutex);
 }
 
-static int init_event_notifier(EmulatedState *card)
+static int init_event_notifier(EmulatedState *card, Error **errp)
 {
 if (event_notifier_init(>notifier, false) < 0) {
-DPRINTF(card, 2, "event notifier creation failed\n");
+error_setg(errp, "ccid-card-emul: event notifier creation failed");
 return -1;
 }
 event_notifier_set_handler(>notifier, card_event_handler);
@@ -480,7 +481,7 @@ static uint32_t parse_enumeration(char *str,
 return ret;
 }
 
-static int emulated_initfn(CCIDCardState *base)
+static void emulated_realize(CCIDCardState *base, Error **errp)
 {
 EmulatedState *card = EMULATED_CCID_CARD(base);
 VCardEmulError ret;
@@ -494,8 +495,8 @@ static int emulated_initfn(CCIDCardState *base)
 qemu_cond_init(>handle_apdu_cond);
 card->reader = NULL;
 card->quit_apdu_thread = 0;
-if (init_event_notifier(card) < 0) {
-return -1;
+if (init_event_notifier(card, errp) < 0) {
+return;
 }
 
 card->backend = 0;
@@ -505,11 +506,11 @@ static int emulated_initfn(CCIDCardState *base)
 }
 
 if (card->backend == 0) {
-printf("backend must be one of:\n");
+error_setg(errp, "backend must be one of:");
 for (ptable = backend_enum_table; ptable->name != NULL; ++ptable) {
-printf("%s\n", ptable->name);
+error_append_hint(errp, "%s\n", ptable->name);
 }
-return -1;
+return;
 }
 
 /* TODO: a passthru backened that works on local machine. third card 
type?*/
@@ -517,34 +518,33 @@ static int emulated_initfn(CCIDCardState *base)
 if (card->cert1 != NULL && card->cert2 != NULL && card->cert3 != NULL) 
{
 ret = emulated_initialize_vcard_from_certificates(card);
 } else {
-printf("%s: you must provide all three certs for"
-   " certificates backend\n", TYPE_EMULATED_CCID);
-return -1;
+error_setg(errp, "%s: you must provide all three certs for"
+   " certificates backend", TYPE_EMULATED_CCID);
+return;
 }
 } else {
 if (card->backend != BACKEND_NSS_EMULATED) {
-printf("%s: bad backend specified. The options are:\n%s (default),"
-" %s.\n", TYPE_EMULATED_CCID, BACKEND_NSS_EMULATED_NAME,
-BACKEND_CERTIFICATES_NAME);
-return -1;
+error_setg(errp, "%s: bad backend specified. The options are:%s"
+   " (default), %s.", TYPE_EMULATED_CCID,
+   BACKEND_NSS_EMULATED_NAME, BACKEND_CERTIFICATES_NAME);
+return;
 }
 if (card->cert1 != NULL || card->cert2 != NULL || card->cert3 != NULL) 
{
-printf("%s: unexpected cert parameters to nss emulated backend\n",
-   TYPE_EMULATED_CCID);
-return -1;
+error_setg(errp, "%s: unexpected cert parameters to nss emulated "
+   "backend", TYPE_EMULATED_CCID);
+return;
 }
 /* default to mirroring the local hardware readers */
 ret = wrap_vcard_emul_init(NULL);
 }
 if (ret != VCARD_EMUL_OK) {
-   

[Qemu-devel] [PULL 1/3] usb: Remove legacy -usbdevice options (host, serial, disk and net)

[Gerd Hoffmann]

From: Thomas Huth 

The option have been marked as deprecated since QEMU 2.10, and so far
nobody complained that the host, serial, disk and net options are urgently
required anymore. So let's now get rid at least of this legacy pile, to
simplify the usb code quite a bit.

This patch removes the usbdevices host, serial, disk and net. These devices
use their own complicated parameter parsing mechanisms, so they are just
ugly to maintain, without real benefit for the users (the users can use the
corresponding "-device" parameters instead which have the same complexity
as the "-usbdevice" devices here).

Note that the other rather simple -usbdevice options (mouse, tablet, etc.)
are not removed yet (the code is really simple here, so it does not hurt
much to keep it), as well as the two devices "braille" and "bt" which are
easier to use with -usbdevice than with -device.

Signed-off-by: Thomas Huth 
Message-id: 1515519171-20315-1-git-send-email-th...@redhat.com

[kraxel] delete some usb_host_device_open() leftovers.

Signed-off-by: Gerd Hoffmann 
---
 include/hw/usb.h |   1 -
 hw/usb/dev-network.c |  26 --
 hw/usb/dev-serial.c  |  30 ---
 hw/usb/dev-storage.c |  58 -
 hw/usb/host-legacy.c | 144 ---
 hw/usb/host-stub.c   |   6 ---
 vl.c |  15 --
 hw/usb/Makefile.objs |   2 +-
 qemu-options.hx  |  19 ---
 9 files changed, 1 insertion(+), 300 deletions(-)
 delete mode 100644 hw/usb/host-legacy.c

diff --git a/include/hw/usb.h b/include/hw/usb.h
index 9dd9c6f0d9..a5080adecc 100644
--- a/include/hw/usb.h
+++ b/include/hw/usb.h
@@ -466,7 +466,6 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream);
 void usb_generic_async_ctrl_complete(USBDevice *s, USBPacket *p);
 
 /* usb-linux.c */
-USBDevice *usb_host_device_open(USBBus *bus, const char *devname);
 void hmp_info_usbhost(Monitor *mon, const QDict *qdict);
 bool usb_host_dev_is_scsi_storage(USBDevice *usbdev);
 
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 85fc81bf43..aea7edcf31 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -1382,31 +1382,6 @@ static void usb_net_instance_init(Object *obj)
   >qdev, NULL);
 }
 
-static USBDevice *usb_net_init(USBBus *bus, const char *cmdline)
-{
-Error *local_err = NULL;
-USBDevice *dev;
-QemuOpts *opts;
-int idx;
-
-opts = qemu_opts_parse_noisily(qemu_find_opts("net"), cmdline, false);
-if (!opts) {
-return NULL;
-}
-qemu_opt_set(opts, "type", "nic", _abort);
-qemu_opt_set(opts, "model", "usb", _abort);
-
-idx = net_client_init(opts, false, _err);
-if (local_err) {
-error_report_err(local_err);
-return NULL;
-}
-
-dev = usb_create(bus, "usb-net");
-qdev_set_nic_properties(>qdev, _table[idx]);
-return dev;
-}
-
 static const VMStateDescription vmstate_usb_net = {
 .name = "usb-net",
 .unmigratable = 1,
@@ -1446,7 +1421,6 @@ static const TypeInfo net_info = {
 static void usb_net_register_types(void)
 {
 type_register_static(_info);
-usb_legacy_register(TYPE_USB_NET, "net", usb_net_init);
 }
 
 type_init(usb_net_register_types)
diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c
index 94b5c34afe..2829dda391 100644
--- a/hw/usb/dev-serial.c
+++ b/hw/usb/dev-serial.c
@@ -509,35 +509,6 @@ static void usb_serial_realize(USBDevice *dev, Error 
**errp)
 }
 }
 
-static USBDevice *usb_serial_init(USBBus *bus, const char *filename)
-{
-USBDevice *dev;
-Chardev *cdrv;
-char label[32];
-static int index;
-
-if (*filename == ':') {
-filename++;
-} else if (*filename) {
-error_report("unrecognized serial USB option %s", filename);
-return NULL;
-}
-if (!*filename) {
-error_report("character device specification needed");
-return NULL;
-}
-
-snprintf(label, sizeof(label), "usbserial%d", index++);
-cdrv = qemu_chr_new(label, filename);
-if (!cdrv)
-return NULL;
-
-dev = usb_create(bus, "usb-serial");
-qdev_prop_set_chr(>qdev, "chardev", cdrv);
-
-return dev;
-}
-
 static USBDevice *usb_braille_init(USBBus *bus, const char *unused)
 {
 USBDevice *dev;
@@ -624,7 +595,6 @@ static void usb_serial_register_types(void)
 {
 type_register_static(_serial_dev_type_info);
 type_register_static(_info);
-usb_legacy_register("usb-serial", "serial", usb_serial_init);
 type_register_static(_info);
 usb_legacy_register("usb-braille", "braille", usb_braille_init);
 }
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 9722ac854c..e44a5c72cf 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -666,63 +666,6 @@ static void usb_msd_bot_realize(USBDevice *dev, Error 
**errp)
 usb_msd_handle_reset(dev);
 }
 
-static USBDevice *usb_msd_init(USBBus *bus, const char 

Re: [Qemu-devel] [PATCH v2] linux-user: Implement ioctl cmd TIOCGPTPEER

[Laurent Vivier]

Le 25/01/2018 à 14:18, Andreas Schwab a écrit :
> With glibc 2.27 the openpty function will prefer the TIOCGPTPEER ioctl.
> 
> Signed-off-by: Andreas Schwab 
> ---
> v2: handle host with old kernel headers
> ---
>  linux-user/aarch64/termbits.h| 2 ++
>  linux-user/alpha/termbits.h  | 1 +
>  linux-user/arm/termbits.h| 1 +
>  linux-user/cris/termbits.h   | 1 +
>  linux-user/hppa/termbits.h   | 2 ++
>  linux-user/i386/termbits.h   | 1 +
>  linux-user/ioctls.h  | 3 +++
>  linux-user/m68k/termbits.h   | 1 +
>  linux-user/microblaze/termbits.h | 1 +
>  linux-user/mips/termbits.h   | 1 +
>  linux-user/nios2/termbits.h  | 2 ++
>  linux-user/openrisc/termbits.h   | 2 ++
>  linux-user/ppc/termbits.h| 1 +
>  linux-user/s390x/termbits.h  | 1 +
>  linux-user/sh4/termbits.h| 1 +
>  linux-user/sparc/termbits.h  | 1 +
>  linux-user/sparc64/termbits.h| 1 +
>  linux-user/syscall.c | 9 +
>  linux-user/tilegx/termbits.h | 1 +
>  linux-user/x86_64/termbits.h | 1 +
>  20 files changed, 34 insertions(+)
> 
...
> diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
> index 35cad6f944..586c794639 100644
> --- a/linux-user/ioctls.h
> +++ b/linux-user/ioctls.h
> @@ -40,6 +40,9 @@
>   IOCTL(TIOCSETD, IOC_W, MK_PTR(TYPE_INT))
>   IOCTL(TIOCGPTN, IOC_R, MK_PTR(TYPE_INT))
>   IOCTL(TIOCSPTLCK, IOC_W, MK_PTR(TYPE_INT))
> +#ifdef TIOCGPTPEER
> + IOCTL_SPECIAL(TIOCGPTPEER, 0, do_ioctl_tiocgptpeer, TYPE_INT)
> +#endif
>   IOCTL(FIOCLEX, 0, TYPE_NULL)
>   IOCTL(FIONCLEX, 0, TYPE_NULL)
>   IOCTL(FIOASYNC, IOC_W, MK_PTR(TYPE_INT))
...
> diff --git a/linux-user/sparc/termbits.h b/linux-user/sparc/termbits.h
> index 691600d27a..98268936dc 100644
> --- a/linux-user/sparc/termbits.h
> +++ b/linux-user/sparc/termbits.h
> @@ -245,6 +245,7 @@ struct target_termios {
>  /* Get minor device of a pty master's FD -- Solaris equiv is ISPTM */
>  #define TARGET_TIOCGPTN  TARGET_IOR('t', 134, unsigned int) /* Get Pty 
> Number */
>  #define TARGET_TIOCSPTLCKTARGET_IOW('t', 135, int) /* Lock/unlock PTY */
> +#define TARGET_TIOCGPTPEER  TARGET_IO('T', 137) /* Safely open the slave 
> */

On sparc, it's:

#define TIOCGPTPEER TARGET_IO('t', 137) /* Safely open the slave */

>  
>  /* Little f */
>  #define TARGET_FIOCLEX   TARGET_IO('f', 1)
> diff --git a/linux-user/sparc64/termbits.h b/linux-user/sparc64/termbits.h
> index 691600d27a..98268936dc 100644
> --- a/linux-user/sparc64/termbits.h
> +++ b/linux-user/sparc64/termbits.h
> @@ -245,6 +245,7 @@ struct target_termios {
>  /* Get minor device of a pty master's FD -- Solaris equiv is ISPTM */
>  #define TARGET_TIOCGPTN  TARGET_IOR('t', 134, unsigned int) /* Get Pty 
> Number */
>  #define TARGET_TIOCSPTLCKTARGET_IOW('t', 135, int) /* Lock/unlock PTY */
> +#define TARGET_TIOCGPTPEER  TARGET_IO('T', 137) /* Safely open the slave 
> */

#define TIOCGPTPEER TARGET_IO('t', 137) /* Safely open the slave */

If you fix that, you can add:

Reviewed-by: Laurent Vivier 

Thanks,
Laurent

Re: [Qemu-devel] [PULL 0/1] Vga 20180125 patches

[Peter Maydell]

On 25 January 2018 at 09:34, Gerd Hoffmann <kra...@redhat.com> wrote:
> The following changes since commit 834a336eb911db8a8ca00e760ee6a85faca19414:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2018-01-24 19:24:26 +)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/vga-20180125-pull-request
>
> for you to fetch changes up to 191f59dc17396bb5a8da50f8c59b6e0a430711a4:
>
>   vga: check the validation of memory addr when draw text (2018-01-25 
> 10:18:39 +0100)
>
> 
> vga: fix for CVE-2018-5683
>
> 
>
> linzhecheng (1):
>   vga: check the validation of memory addr when draw text
>
>  hw/display/vga.c | 3 +++
>  1 file changed, 3 insertions(+)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 0/3] Usb 20180125 patches

[Gerd Hoffmann]

On Thu, Jan 25, 2018 at 03:28:38PM +, Peter Maydell wrote:
> On 25 January 2018 at 09:16, Gerd Hoffmann  wrote:
> > Thomas Huth (1):
> >   usb: Remove legacy -usbdevice options (host, serial, disk and net)
> 
> Hi. This fails to build on FreeBSD:
> 
>   LINKarm-softmmu/qemu-system-arm
> ../vl.o: In function `usb_device_add':
> /root/qemu/vl.c:1471: undefined reference to `usb_host_device_open'
> 
> There's still a call to that function in vl.c inside an
> ifndef CONFIG_LINUX...
> 
> If we can really remove the function we should get rid of the
> stub in hw/usb/host-stub.c and the prototype in usb.h too.

Indeed.  I'll fix it up.

The lines in vl.c dead code anyway since we switched to libusb and
dropped the linux/bsd specific usb-host code, so it all can simply be
deleted.

cheers,
  Gerd

[Qemu-devel] [PATCH] Drop remaining bits of ia64 host support

[Peter Maydell]

We dropped support for ia64 host CPUs in the 2.11 release (removing
the TCG backend for it, and advertising the support as being
completely removed in the changelog).  However there are a few bits
and pieces of code still floating about.  Remove those, too.

We can drop the check in configure for "ia64 or hppa host?"
entirely, because we don't support hppa hosts either any more.

Signed-off-by: Peter Maydell 
---
You could in theory have before this commit tried to still use ia64
hosts with the TCI interpreter, but there's no point in supporting
ia64 hosts with TCI but not proper TCG.

The next bit of cleanup I'd like to do after this is get rid
of the "uname -m" fallback in the configure cpu-detection code...


 configure|  5 -
 include/qemu/processor.h |  3 ---
 include/qemu/timer.h |  9 -
 accel/tcg/user-exec.c| 33 -
 linux-user/syscall.c |  7 +--
 5 files changed, 1 insertion(+), 56 deletions(-)

diff --git a/configure b/configure
index 044c6fa..2f12c77 100755
--- a/configure
+++ b/configure
@@ -636,8 +636,6 @@ elif check_define _ARCH_PPC ; then
   fi
 elif check_define __mips__ ; then
   cpu="mips"
-elif check_define __ia64__ ; then
-  cpu="ia64"
 elif check_define __s390__ ; then
   if check_define __s390x__ ; then
 cpu="s390x"
@@ -4744,9 +4742,6 @@ if test "$coroutine_pool" = ""; then
 fi
 
 if test "$debug_stack_usage" = "yes"; then
-  if test "$cpu" = "ia64" -o "$cpu" = "hppa"; then
-error_exit "stack usage debugging is not supported for $cpu"
-  fi
   if test "$coroutine_pool" = "yes"; then
 echo "WARN: disabling coroutine pool for stack usage debugging"
 coroutine_pool=no
diff --git a/include/qemu/processor.h b/include/qemu/processor.h
index 8b25702..8e16c92 100644
--- a/include/qemu/processor.h
+++ b/include/qemu/processor.h
@@ -12,9 +12,6 @@
 #if defined(__i386__) || defined(__x86_64__)
 # define cpu_relax() asm volatile("rep; nop" ::: "memory")
 
-#elif defined(__ia64__)
-# define cpu_relax() asm volatile("hint @pause" ::: "memory")
-
 #elif defined(__aarch64__)
 # define cpu_relax() asm volatile("yield" ::: "memory")
 
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 1b518bc..3b5a54b 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -931,15 +931,6 @@ static inline int64_t cpu_get_host_ticks(void)
 return val;
 }
 
-#elif defined(__ia64)
-
-static inline int64_t cpu_get_host_ticks(void)
-{
-int64_t val;
-asm volatile ("mov %0 = ar.itc" : "=r"(val) :: "memory");
-return val;
-}
-
 #elif defined(__s390__)
 
 static inline int64_t cpu_get_host_ticks(void)
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index c973752..eb95cda 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -503,39 +503,6 @@ int cpu_signal_handler(int host_signum, void *pinfo, void 
*puc)
 return handle_cpu_signal(pc, info, is_write, >uc_sigmask);
 }
 
-#elif defined(__ia64)
-
-#ifndef __ISR_VALID
-  /* This ought to be in ... */
-# define __ISR_VALID1
-#endif
-
-int cpu_signal_handler(int host_signum, void *pinfo, void *puc)
-{
-siginfo_t *info = pinfo;
-ucontext_t *uc = puc;
-unsigned long ip;
-int is_write = 0;
-
-ip = uc->uc_mcontext.sc_ip;
-switch (host_signum) {
-case SIGILL:
-case SIGFPE:
-case SIGSEGV:
-case SIGBUS:
-case SIGTRAP:
-if (info->si_code && (info->si_segvflags & __ISR_VALID)) {
-/* ISR.W (write-access) is bit 33:  */
-is_write = (info->si_isr >> 33) & 1;
-}
-break;
-
-default:
-break;
-}
-return handle_cpu_signal(ip, info, is_write, (sigset_t *)>uc_sigmask);
-}
-
 #elif defined(__s390__)
 
 int cpu_signal_handler(int host_signum, void *pinfo,
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7437894..df1edf0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -36,10 +36,6 @@
 #include 
 #include 
 #include 
-#ifdef __ia64__
-int __clone2(int (*fn)(void *), void *child_stack_base,
- size_t stack_size, int flags, void *arg, ...);
-#endif
 #include 
 #include 
 #include 
@@ -246,8 +242,7 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 
arg4,type5 arg5,   \
 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
 
-#if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
-defined(__s390x__)
+#if defined(__alpha__) || defined(__x86_64__) || defined(__s390x__)
 #define __NR__llseek __NR_lseek
 #endif
 
-- 
2.7.4

Re: [Qemu-devel] [Bug 1737194] Re: Windows NT 4.0 fails to boot from qcow2 installation

[Peter Maydell]

On 25 January 2018 at 15:58, John Arbuckle  wrote:
> I did try to build at commits 306ec6c3cece7004429c79c1ac93d49919f1f1cc
> and e689f7c668cbd9d08f330e17c3dd3a059c9553d3. Both failed to build on my
> Mac OS X system. Here is the error message I usually saw:
>
>   LINK  qemu-io
> Undefined symbols for architecture x86_64:
>   "_use_rt_clock", referenced from:
>   _bdrv_acct_start in block.o
>   _bdrv_acct_done in block.o
> Undefined symbols for architecture x86_64:
>   _qemu_clock_get_ns in qemu-timer.o
>   "_use_rt_clock", referenced from:
>   _bdrv_acct_start in block.o
>   _bdrv_acct_done in block.o
>   _qemu_clock_get_ns in qemu-timer.o

If you configure with --disable-tools does it manage to build,
or does it just go on to fail to link the main QEMU binary
with the same error? (We've had some issues in the past I think
where configure put libraries on the main binary link line but
not on the tools link lines, so maybe worth a try...)

thanks
-- PMM

Re: [Qemu-devel] [PATCH v1 0/6] Extend vhost-user to support VFIO based accelerators

[Liang, Cunming]

> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Thursday, January 25, 2018 10:22 PM
> To: Bie, Tiwei 
> Cc: qemu-devel@nongnu.org; virtio-...@lists.oasis-open.org; 
> m...@redhat.com; alex.william...@redhat.com; jasow...@redhat.com; 
> pbonz...@redhat.com; stefa...@redhat.com; Tan, Jianfeng 
> ; Liang, Cunming ; 
> Wang, Xiao W ; Wang, Zhihong 
> ; Daly, Dan 
> Subject: Re: [Qemu-devel] [PATCH v1 0/6] Extend vhost-user to support 
> VFIO based accelerators
> 
> On Thu, Jan 25, 2018 at 12:03:22PM +0800, Tiwei Bie wrote:
> > Why extend vhost-user for vDPA
> > ==
> >
> > We have already implemented various virtual switches (e.g. OVS-DPDK) 
> > based on vhost-user for VMs in the Cloud. They are purely software 
> > running on CPU cores. When we have accelerators for such NFVi 
> > applications, it's ideal if the applications could keep using the 
> > original interface (i.e. vhost-user netdev) with QEMU, and 
> > infrastructure is able to decide when and how to switch between CPU 
> > and
> accelerators within the interface.
> > And the switching (i.e. switch between CPU and accelerators) can be 
> > done flexibly and quickly inside the applications.
> >
> > More details about this can be found from the Cunming's discussions 
> > on the RFC patch set.
> >
> > The previous links:
> > RFC:
> > http://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg04844.htm
> > l
> 
> Is vDPA also useful in the simpler use case where there is no NFVi 
> application?
There're separate patches to have non-DPDK vDPA(aka. vhost-vfio, a new vhost 
backend proposed) support, which is the scope of stage-II as we mentioned in 
community call.
Stay tuned for the RFC patch. Main idea is that the virtio compatible device 
driver register as a mdev to talk with qemu vhost-vfio. 

> 
> In other words, you have virtio-net inside the guest and vhost-net on the 
> host.
> You'd like to accelerate the virtio-net NIC using the hardware's vDPA support.
> 
> DPDK requires dedicated logical cores and hugepages.  Those resources 
> will not be used (wasted) if you just want to enable vDPA but have no 
> DPDK packet processing application.
> 
> How can this use case be supported without wasting resources?
> 
> Stefan

Re: [Qemu-devel] [RFC] qid path collision issues in 9pfs

[Veaceslav Falico]

On 1/25/2018 3:46 PM, Veaceslav Falico wrote:
> Hi,
> 
> sorry for the late reply, we're acutally working on it internally...
> 
> On 1/19/2018 7:05 PM, Greg Kurz wrote:
>> On Fri, 19 Jan 2018 17:37:58 +0100
>> Veaceslav Falico  wrote:
>>
>>> On 1/19/2018 4:52 PM, Eduard Shishkin wrote:


 On 1/19/2018 11:27 AM, Greg Kurz wrote:  
> On Mon, 15 Jan 2018 11:49:31 +0800
> Antonios Motakis  wrote:
>  
>> On 13-Jan-18 00:14, Greg Kurz wrote:  
>>> On Fri, 12 Jan 2018 19:32:10 +0800
>>> Antonios Motakis  wrote:
>>>  
 Hello all,
  
>>>
>>> Hi Antonios,
>>>
>>> I see you have attached a patch to this email... this really isn't the 
>>> preferred
>>> way to do things since it prevents to comment the patch (at least with 
>>> my mail
>>> client). The appropriate way would have been to send the patch with a 
>>> cover
>>> letter, using git-send-email for example.  
>>
>> I apologize for attaching the patch, I should have known better!
>>  
>
> np :)
>  
>>>  
 We have found an issue in the 9p implementation of QEMU, with how qid 
 paths are generated, which can cause qid path collisions and several 
 issues caused by them. In our use case (running containers under VMs) 
 these have proven to be critical.
  
>>>
>>> Ouch...
>>>  
 In particular, stat_to_qid in hw/9pfs/9p.c generates a qid path using 
 the inode number of the file as input. According to the 9p spec the 
 path should be able to uniquely identify a file, distinct files should 
 not share a path value.

 The current implementation that defines qid.path = inode nr works fine 
 as long as there are not files from multiple partitions visible under 
 the 9p share. In that case, distinct files from different devices are 
 allowed to have the same inode number. So with multiple partitions, we 
 have a very high probability of qid path collisions.

 How to demonstrate the issue:
 1) Prepare a problematic share:
  - mount one partition under share/p1/ with some files inside
  - mount another one *with identical contents* under share/p2/
  - confirm that both partitions have files with same inode nr, size, 
 etc
 2) Demonstrate breakage:
  - start a VM with a virtio-9p pointing to the share
  - mount 9p share with FSCACHE on
  - keep open share/p1/file
  - open and write to share/p2/file

 What should happen is, the guest will consider share/p1/file and 
 share/p2/file to be the same file, and since we are using the cache it 
 will not reopen it. We intended to write to partition 2, but we just 
 wrote to partition 1. This is just one example on how the guest may 
 rely on qid paths being unique.

 In the use case of containers where we commonly have a few containers 
 per VM, all based on similar images, these kind of qid path collisions 
 are very common and they seem to cause all kinds of funny behavior 
 (sometimes very subtle).

 To avoid this situation, the device id of a file needs to be also 
 taken as input for generating a qid path. Unfortunately, the size of 
 both inode nr + device id together would be 96 bits, while we have 
 only 64 bits for the qid path, so we can't just append them and call 
 it a day :(

 We have thought of a few approaches, but we would definitely like to 
 hear what the upstream maintainers and community think:

 * Full fix: Change the 9p protocol

 We would need to support a longer qid path, based on a virtio feature 
 flag. This would take reworking of host and guest parts of virtio-9p, 
 so both QEMU and Linux for most users.
  
>>>
>>> I agree for a longer qid path, but we shouldn't tie it to a virtio flag 
>>> since
>>> 9p is transport agnostic. And it happens to be used with a variety of 
>>> transports.
>>> QEMU has both virtio-9p and a Xen backend for example.
>>>  
 * Fallback and/or interim solutions

 A virtio feature flag may be refused by the guest, so we think we 
 still need to make collisions less likely even with 64 bit paths. E.g. 
  
>>>
>>> In all cases, we would need a fallback solution to support current
>>> guest setups. Also there are several 9p server implementations out
>>> there (ganesha, diod, kvmtool) that are currently used with linux
>>> clients... it will take some time to get everyone in sync :-\
>>>  
 1. XOR the device id with inode nr to produce the 

Re: [Qemu-devel] [Bug 1737194] Re: Windows NT 4.0 fails to boot from qcow2 installation

[John Arbuckle]

> On Jan 25, 2018, at 2:53 AM, i336_  wrote:
> 
> Hi,
> 
> I've been experiencing various disk I/O issues with Windows NT too, as
> well as with Windows 3.1. I think `-M isapc` may be to blame somehow.
> 
> I've documented my experiences over at
> https://bugs.launchpad.net/qemu/+bug/1745312.
> 
> That report contains information on how to lift out and build the
> before-and-after QEMU commits that I think relate to this being broken.
> John Arbuckle, perhaps you could run through that and see if you
> continue to have issues.
> 
> I was initially going to post that report as a comment in this thread,
> until I realized I was having I/O issues on multiple operating systems.
> 
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1737194
> 
> Title:
>  Windows NT 4.0 fails to boot from qcow2 installation
> 
> Status in QEMU:
>  New
> 
> Bug description:
>  Windows NT 4.0 will not boot from an installation more than once if
>  installed in a qcow2 image file. A quick fix to this problem is to use
>  the qcow format instead.
> 
>  Steps to reproduce this issue:
> 
>  Create the image file:
>  qemu-img create -f qcow2 winnt4.qcow2 1G
> 
>  Boot from a Windows NT 4.0 Workstation CD:
>  qemu-system-i386 -hda winnt4.qcow2 -cdrom /dev/cdrom -boot d -m 128 -cpu 
> pentium -vga cirrus
> 
>  During the installation process you have the choise between FAT and
>  NTFS. You can pick anyone.
> 
>  After finishing the installation the guest will reboot to install
>  additional items. Once this is done the guest will be bootable. Eject
>  any CD media from QEMU and reboot. You will then see Windows NT 4.0
>  booting up to the desktop. Go to "Start->Shut down" to shut down. Then
>  when Windows is ready quit QEMU.
> 
>  Now try to boot using this command:
>  qemu-system-i386 -hda winnt4.qcow2 -boot c -m 128 -cpu pentium -vga cirrus 
> 
>  The BIOS screen will display an error message:
> 
>  For NTFS: 
>  Booting from Hard Disk...
>  A disk read error occurred.
>  Insert a system diskette and restart
>  the system.
> 
>  For FAT:
>  No bootable device.
> 
>  Additional information:
>  qemu-system-i386 version: 2.10.1
>  qemu-img version: 2.10.92 (v2.11.0-rc4-dirty)
> 
>  If you don't have a Windows NT 4.0 Workstation installation CD, you may 
> download one from here:
>  https://winworldpc.com/product/windows-nt-40/40
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1737194/+subscriptions

I did try to build at commits 306ec6c3cece7004429c79c1ac93d49919f1f1cc
and e689f7c668cbd9d08f330e17c3dd3a059c9553d3. Both failed to build on my
Mac OS X system. Here is the error message I usually saw:

  LINK  qemu-io
Undefined symbols for architecture x86_64:
  "_use_rt_clock", referenced from:
  _bdrv_acct_start in block.o
  _bdrv_acct_done in block.o
Undefined symbols for architecture x86_64:
  _qemu_clock_get_ns in qemu-timer.o
  "_use_rt_clock", referenced from:
  _bdrv_acct_start in block.o
  _bdrv_acct_done in block.o
  _qemu_clock_get_ns in qemu-timer.o

In your report you mention using the raw disk image format and VHD(x). I
have had great success with the qcow image format. Could you try it and
let us know if it fixes things for you?

To create a qcow image file:
 qemu-img create -f qcow .qcow 1G

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1737194

Title:
  Windows NT 4.0 fails to boot from qcow2 installation

Status in QEMU:
  New

Bug description:
  Windows NT 4.0 will not boot from an installation more than once if
  installed in a qcow2 image file. A quick fix to this problem is to use
  the qcow format instead.

  Steps to reproduce this issue:

  Create the image file:
  qemu-img create -f qcow2 winnt4.qcow2 1G

  Boot from a Windows NT 4.0 Workstation CD:
  qemu-system-i386 -hda winnt4.qcow2 -cdrom /dev/cdrom -boot d -m 128 -cpu 
pentium -vga cirrus

  During the installation process you have the choise between FAT and
  NTFS. You can pick anyone.

  After finishing the installation the guest will reboot to install
  additional items. Once this is done the guest will be bootable. Eject
  any CD media from QEMU and reboot. You will then see Windows NT 4.0
  booting up to the desktop. Go to "Start->Shut down" to shut down. Then
  when Windows is ready quit QEMU.

  Now try to boot using this command:
  qemu-system-i386 -hda winnt4.qcow2 -boot c -m 128 -cpu pentium -vga cirrus 
   
  The BIOS screen will display an error message:

  For NTFS: 
  Booting from Hard Disk...
  A disk read error occurred.
  Insert a system diskette and restart
  the system.

  For FAT:
  No bootable device.

  Additional information:
  qemu-system-i386 version: 2.10.1
  qemu-img version: 2.10.92 (v2.11.0-rc4-dirty)

  If you don't have a Windows NT 4.0 Workstation installation CD, you may 

[Qemu-devel] [PATCH] migration: convert socket server to QIONetListener

[Daniel P . Berrangé]

From: "Daniel P. Berrange" 

Instead of creating a QIOChannelSocket directly for the migration
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

Signed-off-by: Daniel P. Berrange 
---
 migration/socket.c | 48 
 1 file changed, 16 insertions(+), 32 deletions(-)

diff --git a/migration/socket.c b/migration/socket.c
index 3a8232dd2d..d0ef50765c 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -24,6 +24,7 @@
 #include "migration.h"
 #include "qemu-file.h"
 #include "io/channel-socket.h"
+#include "io/net-listener.h"
 #include "trace.h"
 
 
@@ -130,34 +131,20 @@ void unix_start_outgoing_migration(MigrationState *s,
 }
 
 
-static gboolean socket_accept_incoming_migration(QIOChannel *ioc,
- GIOCondition condition,
- gpointer opaque)
+static void socket_accept_incoming_migration(QIONetListener *listener,
+ QIOChannelSocket *cioc,
+ gpointer opaque)
 {
-QIOChannelSocket *sioc;
-Error *err = NULL;
-
-sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
- );
-if (!sioc) {
-error_report("could not accept migration connection (%s)",
- error_get_pretty(err));
-goto out;
-}
-
 trace_migration_socket_incoming_accepted();
 
-qio_channel_set_name(QIO_CHANNEL(sioc), "migration-socket-incoming");
-migration_channel_process_incoming(QIO_CHANNEL(sioc));
-object_unref(OBJECT(sioc));
+qio_channel_set_name(QIO_CHANNEL(cioc), "migration-socket-incoming");
+migration_channel_process_incoming(QIO_CHANNEL(cioc));
 
-out:
 if (migration_has_all_channels()) {
 /* Close listening socket as its no longer needed */
-qio_channel_close(ioc, NULL);
-return G_SOURCE_REMOVE;
-} else {
-return G_SOURCE_CONTINUE;
+qio_net_listener_disconnect(listener);
+
+object_unref(OBJECT(listener));
 }
 }
 
@@ -165,21 +152,18 @@ out:
 static void socket_start_incoming_migration(SocketAddress *saddr,
 Error **errp)
 {
-QIOChannelSocket *listen_ioc = qio_channel_socket_new();
+QIONetListener *listener = qio_net_listener_new();
 
-qio_channel_set_name(QIO_CHANNEL(listen_ioc),
- "migration-socket-listener");
+qio_net_listener_set_name(listener, "migration-socket-listener");
 
-if (qio_channel_socket_listen_sync(listen_ioc, saddr, errp) < 0) {
-object_unref(OBJECT(listen_ioc));
+if (qio_net_listener_open_sync(listener, saddr, errp) < 0) {
+object_unref(OBJECT(listener));
 return;
 }
 
-qio_channel_add_watch(QIO_CHANNEL(listen_ioc),
-  G_IO_IN,
-  socket_accept_incoming_migration,
-  listen_ioc,
-  (GDestroyNotify)object_unref);
+qio_net_listener_set_client_func(listener,
+ socket_accept_incoming_migration,
+ NULL, NULL);
 }
 
 void tcp_start_incoming_migration(const char *host_port, Error **errp)
-- 
2.14.3

Re: [Qemu-devel] [PATCH] char-pty: avoid assertion warning

[Marc-Andre Lureau]

Hi

On Fri, Jan 26, 2018 at 12:40 AM, Peng Hao  wrote:
> g_source_unref(s->open_source) in pty_chr_timer may trigger a assertion like 
> this:
> g_source_unref: assertion 'source != NULL' failed.
> pty_chr_update_read_handler_locked-->pty_chr_state(chr, 0) may be called
> in pty_chr_timer, pty_chr_state(chr, 0) will call 
> g_source_unref(s->open_source)
> and set s->open_source=NULL.

Peter already sent "[PATCH] chardev: fix incorrect unref of source",
queued by Paolo,
thanks

>
> Signed-off-by: Peng Hao 
> ---
>  chardev/char-pty.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/chardev/char-pty.c b/chardev/char-pty.c
> index 89315e6..da0f286 100644
> --- a/chardev/char-pty.c
> +++ b/chardev/char-pty.c
> @@ -58,8 +58,10 @@ static gboolean pty_chr_timer(gpointer opaque)
>
>  qemu_mutex_lock(>chr_write_lock);
>  s->timer_src = NULL;
> -g_source_unref(s->open_source);
> -s->open_source = NULL;
> +if (s->open_source) {
> +g_source_unref(s->open_source);
> +s->open_source = NULL;
> +}
>  if (!s->connected) {
>  /* Next poll ... */
>  pty_chr_update_read_handler_locked(chr);
> --
> 1.8.3.1
>

Re: [Qemu-devel] [qemu-s390x] [PATCH v4 07/10] s390-ccw: read stage2 boot loader data to find menu

[Collin L. Walling]

On 01/25/2018 10:25 AM, Thomas Huth wrote:

On 23.01.2018 19:26, Collin L. Walling wrote:

Read the stage2 boot loader data block-by-block. We scan the
current block for the string "zIPL" to detect the start of the
boot menu banner. We then load the adjacent blocks (previous
block and next block) to account for the possibility of menu
data spanning multiple blocks.

Signed-off-by: Collin L. Walling 
---
  pc-bios/s390-ccw/bootmap.c | 94 +++---
  pc-bios/s390-ccw/bootmap.h |  1 +
  pc-bios/s390-ccw/menu.c|  5 +++
  pc-bios/s390-ccw/menu.h|  1 +
  4 files changed, 96 insertions(+), 5 deletions(-)

Looks good to me now!

Reviewed-by: Thomas Huth 


Thanks! The only change I plan on is moving the Stage1b struct declaration
to this patch, as per your suggestion on another patch review.

--
- Collin L Walling

Re: [Qemu-devel] [PATCH v4 08/10] s390-ccw: print zipl boot menu

[Thomas Huth]

On 23.01.2018 19:26, Collin L. Walling wrote:
> When the boot menu options are present and the guest's
> disk has been configured by the zipl tool, then the user
> will be presented with an interactive boot menu with
> labeled entries. An example of what the menu might look
> like:
> 
> zIPL v1.37.1-build-20170714 interactive boot menu.
> 
>   0. default (linux-4.13.0)
> 
>   1. linux-4.13.0
>   2. performance
>   3. kvm
> 
> Signed-off-by: Collin L. Walling 
> ---
>  pc-bios/s390-ccw/menu.c | 51 
> -
>  1 file changed, 50 insertions(+), 1 deletion(-)

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 0/3] input: add keys and mouse buttons to virtio input

[Daniel P . Berrangé]

On Thu, Jan 25, 2018 at 04:29:23PM +0100, Gerd Hoffmann wrote:
> On Mon, Jan 15, 2018 at 03:32:33PM +, Daniel P. Berrange wrote:
> > On Mon, Jan 15, 2018 at 04:18:53PM +0100, Gerd Hoffmann wrote:
> > >   Hi,
> > > 
> > > > Miika S (3):
> > > >   input: add mouse side buttons to virtio input
> > > >   input: virtio: don't send mouse wheel event twice
> > > 
> > > Cherry-picked these two ad the kbd update depends on the not-yet merged
> > > keycodemapdb update for virtio-keyboard.
> > 
> > It is merged actually in, so you can include the keycode fix too:
> > 
> > https://git.qemu.org/gitweb.cgi?p=keycodemapdb.git;a=commit;h=05dad417e9d0b37ee1fba33056d91a6b734b3357
> 
> To be exact: it conflicts (and I think also is obsoleted by) your patch
> "hw: convert virtio-input-hid device to keycodemapdb".

That patch doesn't touch keycodemapdb.

I did obsolete it though in an unrelated series:

  https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg03528.html

You should be fine to just include all 3 of the patches in this series,
if you do a pull request for this series, before that py3 series gets
pulled.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 0/3] input: add keys and mouse buttons to virtio input

[Gerd Hoffmann]

On Mon, Jan 15, 2018 at 03:32:33PM +, Daniel P. Berrange wrote:
> On Mon, Jan 15, 2018 at 04:18:53PM +0100, Gerd Hoffmann wrote:
> >   Hi,
> > 
> > > Miika S (3):
> > >   input: add mouse side buttons to virtio input
> > >   input: virtio: don't send mouse wheel event twice
> > 
> > Cherry-picked these two ad the kbd update depends on the not-yet merged
> > keycodemapdb update for virtio-keyboard.
> 
> It is merged actually in, so you can include the keycode fix too:
> 
> https://git.qemu.org/gitweb.cgi?p=keycodemapdb.git;a=commit;h=05dad417e9d0b37ee1fba33056d91a6b734b3357

To be exact: it conflicts (and I think also is obsoleted by) your patch
"hw: convert virtio-input-hid device to keycodemapdb".

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v4 07/10] s390-ccw: read stage2 boot loader data to find menu

[Thomas Huth]

On 23.01.2018 19:26, Collin L. Walling wrote:
> Read the stage2 boot loader data block-by-block. We scan the
> current block for the string "zIPL" to detect the start of the
> boot menu banner. We then load the adjacent blocks (previous
> block and next block) to account for the possibility of menu
> data spanning multiple blocks.
> 
> Signed-off-by: Collin L. Walling 
> ---
>  pc-bios/s390-ccw/bootmap.c | 94 
> +++---
>  pc-bios/s390-ccw/bootmap.h |  1 +
>  pc-bios/s390-ccw/menu.c|  5 +++
>  pc-bios/s390-ccw/menu.h|  1 +
>  4 files changed, 96 insertions(+), 5 deletions(-)

Looks good to me now!

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PULL 0/3] Usb 20180125 patches

[Peter Maydell]

On 25 January 2018 at 09:16, Gerd Hoffmann <kra...@redhat.com> wrote:
> The following changes since commit 834a336eb911db8a8ca00e760ee6a85faca19414:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2018-01-24 19:24:26 +)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/usb-20180125-pull-request
>
> for you to fetch changes up to 2aef004483e34a42021dc98a3646971dc152cb1b:
>
>   usb-storage: Fix share-rw option parsing (2018-01-25 09:50:30 +0100)
>
> 
> usb: -usbdevice cleanups, storage fix, ccid cleanup.
>
> 
>
> Fam Zheng (1):
>   usb-storage: Fix share-rw option parsing
>
> Mao Zhongyi (1):
>   hw/usb/ccid: Make ccid_card_init() take an error parameter
>
> Thomas Huth (1):
>   usb: Remove legacy -usbdevice options (host, serial, disk and net)

Hi. This fails to build on FreeBSD:

  LINKarm-softmmu/qemu-system-arm
../vl.o: In function `usb_device_add':
/root/qemu/vl.c:1471: undefined reference to `usb_host_device_open'

There's still a call to that function in vl.c inside an
ifndef CONFIG_LINUX...

If we can really remove the function we should get rid of the
stub in hw/usb/host-stub.c and the prototype in usb.h too.

thanks
-- PMM