[Qemu-devel] [PULL 1/1] block/nvme: fix Coverity reports

2018-02-28 Thread Fam Zheng 
From: Paolo Bonzini 

1) string not null terminated in sysfs_find_group_file

2) NULL pointer dereference and dead local variable in nvme_init.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Fam Zheng 

Message-Id: <20180213015240.9352-1-f...@redhat.com>
Signed-off-by: Fam Zheng 
---
 block/nvme.c| 10 +++---
 util/vfio-helpers.c |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/block/nvme.c b/block/nvme.c
index 10bffbbf2f..75078022f6 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -645,7 +645,7 @@ static int nvme_init(BlockDriverState *bs, const char 
*device, int namespace,
 aio_set_event_notifier(bdrv_get_aio_context(bs), >irq_notifier,
false, nvme_handle_event, nvme_poll_cb);
 
-nvme_identify(bs, namespace, errp);
+nvme_identify(bs, namespace, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 ret = -EIO;
@@ -666,8 +666,12 @@ fail_queue:
 nvme_free_queue_pair(bs, s->queues[0]);
 fail:
 g_free(s->queues);
-qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
-qemu_vfio_close(s->vfio);
+if (s->regs) {
+qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
+}
+if (s->vfio) {
+qemu_vfio_close(s->vfio);
+}
 event_notifier_cleanup(>irq_notifier);
 return ret;
 }
diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
index f478b68400..006674c916 100644
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -104,7 +104,7 @@ static char *sysfs_find_group_file(const char *device, 
Error **errp)
 char *path = NULL;
 
 sysfs_link = g_strdup_printf("/sys/bus/pci/devices/%s/iommu_group", 
device);
-sysfs_group = g_malloc(PATH_MAX);
+sysfs_group = g_malloc0(PATH_MAX);
 if (readlink(sysfs_link, sysfs_group, PATH_MAX - 1) == -1) {
 error_setg_errno(errp, errno, "Failed to find iommu group sysfs path");
 goto out;
-- 
2.14.3

[Qemu-devel] [PULL 0/1] Block patches 2018-03-01

2018-02-28 Thread Fam Zheng 
The following changes since commit 6697439794f72b3501ee16bb95d16854f9981421:

  Merge remote-tracking branch 'remotes/kraxel/tags/usb-20180227-pull-request' 
into staging (2018-02-27 17:50:46 +)

are available in the Git repository at:

  git://github.com/famz/qemu.git tags/staging-pull-request

for you to fetch changes up to 78d8c99e297eba32897d8a5bdaa005670549d6f7:

  block/nvme: fix Coverity reports (2018-03-01 15:21:46 +0800)



Coverity error fix for nvme://



Paolo Bonzini (1):
  block/nvme: fix Coverity reports

 block/nvme.c| 10 +++---
 util/vfio-helpers.c |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

-- 
2.14.3

Re: [Qemu-devel] [PATCH 1/1] s390/kvm: implement clearing part of IPL clear

2018-02-28 Thread Christian Borntraeger 


On 03/01/2018 04:58 AM, Thomas Huth wrote:
> On 28.02.2018 20:53, Christian Borntraeger wrote:
>> When a guests reboots with diagnose 308 subcode 3 it requests the memory
>> to be cleared. We did not do it so far. This does not only violate the
>> architecture, it also misses the chance to free up that memory on
>> reboot, which would help on host memory over commitment.  By using
>> ram_block_discard_range we can cover both cases.
> 
> Sounds like a good idea. I wonder whether that release_all_ram()
> function should maybe rather reside in exec.c, so that other machines
> that want to clear all RAM at reset time can use it, too?

You already added Paolo, David - good.
I am open to that. As an alternative we can certainly move this function
from s390x/kvm.c to exec.c at a later point in time if a 2nd user comes along.

> 
>> Signed-off-by: Christian Borntraeger 
>> ---
>>  target/s390x/kvm.c | 19 +++
>>  1 file changed, 19 insertions(+)
>>
>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>> index 8f3a422288..2e145ad5c3 100644
>> --- a/target/s390x/kvm.c
>> +++ b/target/s390x/kvm.c
>> @@ -34,6 +34,8 @@
>>  #include "qapi/error.h"
>>  #include "qemu/error-report.h"
>>  #include "qemu/timer.h"
>> +#include "qemu/rcu_queue.h"
>> +#include "sysemu/cpus.h"
>>  #include "sysemu/sysemu.h"
>>  #include "sysemu/hw_accel.h"
>>  #include "hw/boards.h"
>> @@ -41,6 +43,7 @@
>>  #include "sysemu/device_tree.h"
>>  #include "exec/gdbstub.h"
>>  #include "exec/address-spaces.h"
>> +#include "exec/ram_addr.h"
>>  #include "trace.h"
>>  #include "qapi-event.h"
>>  #include "hw/s390x/s390-pci-inst.h"
>> @@ -1841,6 +1844,14 @@ static int kvm_arch_handle_debug_exit(S390CPU *cpu)
>>  return ret;
>>  }
>>  
>> +static void release_all_rams(void)
> 
> s/rams/ram/ maybe?

yes.
> 
>> +{
>> +struct RAMBlock *rb;
>> +
>> +QLIST_FOREACH_RCU(rb, _list.blocks, next)
>> +ram_block_discard_range(rb, 0, rb->used_length);
> 
> From a coding style point of view, I think there should be curly braces
> around ram_block_discard_range() ?

yes.
> 
>> +}
>> +
>>  int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
>>  {
>>  S390CPU *cpu = S390_CPU(cs);
>> @@ -1853,6 +1864,14 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
>> *run)
>>  ret = handle_intercept(cpu);
>>  break;
>>  case KVM_EXIT_S390_RESET:
>> +if (run->s390_reset_flags & KVM_S390_RESET_CLEAR) {
>> +/*
>> + * We will stop other CPUs anyway, avoid spurious crashes 
>> and
>> + * get all CPUs out. The reset will take care of the resume.
>> + */
>> +pause_all_vcpus();
>> +release_all_rams();
>> +}
>>  s390_reipl_request();
>>  break;
>>  case KVM_EXIT_S390_TSCH:
>>
> 
> Apart from the cosmetic nits, patch looks good to me.

Thanks. Will wait with the resend till Paolo,David have some comments.

Re: [Qemu-devel] [PATCH v8 09/21] null: Switch to .bdrv_co_block_status()

2018-02-28 Thread Vladimir Sementsov-Ogievskiy 

26.02.2018 17:05, Kevin Wolf wrote:

Am 24.02.2018 um 00:38 hat Eric Blake geschrieben:

On 02/23/2018 11:05 AM, Kevin Wolf wrote:

Am 23.02.2018 um 17:43 hat Eric Blake geschrieben:

OFFSET_VALID | DATA might be excusable because I can see that it's
convenient that a protocol driver refers to itself as *file instead of
returning NULL there and then the offset is valid (though it would be
pointless to actually follow the file pointer), but OFFSET_VALID without
DATA probably isn't.

So OFFSET_VALID | DATA for a protocol BDS is not just convenient, but
necessary to avoid breaking qemu-img map output.  But you are also right
that OFFSET_VALID without data makes little sense at a protocol layer. So
with that in mind, I'm auditing all of the protocol layers to make sure
OFFSET_VALID ends up as something sane.

That's one way to look at it.

The other way is that qemu-img map shouldn't ask the protocol layer for
its offset because it already knows the offset (it is what it passes as
a parameter to bdrv_co_block_status).

Anyway, it's probably not worth changing the interface, we should just
make sure that the return values of the individual drivers are
consistent.

Yet another inconsistency, and it's making me scratch my head today.

By the way, in my byte-based stuff that is now pending on your tree, I tried
hard to NOT change semantics or the set of flags returned by a given driver,
and we agreed that's why you'd accept the series as-is and make me do this
followup exercise.  But it's looking like my followups may end up touching a
lot of the same drivers again, now that I'm looking at what the semantics
SHOULD be (and whatever I do end up tweaking, I will at least make sure that
iotests is still happy with it).

Hm, that's unfortunate, but I don't think we should hold up your first
series just so we can touch the drivers only once.


First, let's read what states the NBD spec is proposing:


It defines the following flags for the flags field:

 NBD_STATE_HOLE (bit 0): if set, the block represents a hole (and future 
writes to that area may cause fragmentation or encounter an ENOSPC error); if 
clear, the block is allocated or the server could not otherwise determine its 
status. Note that the use of NBD_CMD_TRIM is related to this status, but that 
the server MAY report a hole even where NBD_CMD_TRIM has not been requested, 
and also that a server MAY report that the block is allocated even where 
NBD_CMD_TRIM has been requested.
 NBD_STATE_ZERO (bit 1): if set, the block contents read as all zeroes; if 
clear, the block contents are not known. Note that the use of 
NBD_CMD_WRITE_ZEROES is related to this status, but that the server MAY report 
zeroes even where NBD_CMD_WRITE_ZEROES has not been requested, and also that a 
server MAY report unknown content even where NBD_CMD_WRITE_ZEROES has been 
requested.

It is not an error for a server to report that a region of the export has both 
NBD_STATE_HOLE set and NBD_STATE_ZERO clear. The contents of such an area are 
undefined, and a client reading such an area should make no assumption as to 
its contents or stability.

So here's how Vladimir proposed implementing it in his series (written
before my byte-based block status stuff went in to your tree):
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04038.html

Server side (3/9):

+int ret = bdrv_block_status_above(bs, NULL, offset, tail_bytes,
,
+  NULL, NULL);
+if (ret < 0) {
+return ret;
+}
+
+flags = (ret & BDRV_BLOCK_ALLOCATED ? 0 : NBD_STATE_HOLE) |
+(ret & BDRV_BLOCK_ZERO  ? NBD_STATE_ZERO : 0);

Client side (6/9):

+*pnum = extent.length >> BDRV_SECTOR_BITS;
+return (extent.flags & NBD_STATE_HOLE ? 0 : BDRV_BLOCK_DATA) |
+   (extent.flags & NBD_STATE_ZERO ? BDRV_BLOCK_ZERO : 0);

Does anything there strike you as odd?

Two things I noticed while reading the above:

1. NBD doesn't consider backing files, so the definition of holes
becomes ambiguous. Is a hole any block that isn't allocated in the
top layer (may cause fragmentation or encounter an ENOSPC error) or
is it any block that isn't allocated anywhere in the whole backing
chain (may read as non-zero)?

Considering that there is a separate NBD_STATE_ZERO and nothing
forbids a state of NBD_STATE_HOLE without NBD_STATE_ZERO, maybe the
former is more useful. The code you quote implements the latter.

Maybe if we go with the former, we should add a note to the NBD spec
that explictly says that NBD_STATE_HOLE doesn't imply any specific
content that is returned on reads.

2. Using BDRV_BLOCK_ALLOCATED to determine NBD_STATE_HOLE seems wrong. A
(not preallocated) zero cluster in qcow2 returns BDRV_BLOCK_ALLOCATED
(because we don't fall through to the backing file) even though I
think it's a hole. BDRV_BLOCK_DATA should be used there (which makes
it consistent with

Re: [Qemu-devel] [PATCH v2] iotests: Test creating overlay when guest running

2018-02-28 Thread Fam Zheng 
On Wed, 02/14 09:26, Fam Zheng wrote:
> Ping?

Ping?

[Qemu-devel] [PATCH] use g_path_get_basename instead of basename

2018-02-28 Thread Julia Suvorova via Qemu-devel 
basename(3) and dirname(3) modify their argument and may return
pointers to statically allocated memory which may be overwritten by
subsequent calls.
g_path_get_basename and g_path_get_dirname have no such issues, and
therefore more preferable.

Signed-off-by: Julia Suvorova 
---
 fsdev/virtfs-proxy-helper.c |  6 +-
 hw/s390x/s390-ccw.c | 17 +++--
 hw/vfio/ccw.c   |  7 +--
 hw/vfio/pci.c   |  6 --
 hw/vfio/platform.c  |  6 --
 qemu-io.c   |  8 +++-
 qemu-nbd.c  |  5 -
 qga/commands-posix.c|  4 ++--
 8 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index 8e48500..da3452f 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -787,6 +787,8 @@ error:
 
 static void usage(char *prog)
 {
+char *base_filename = g_path_get_basename(prog);
+
 fprintf(stderr, "usage: %s\n"
 " -p|--path  9p path to export\n"
 " {-f|--fd } socket file descriptor to be 
used\n"
@@ -795,7 +797,9 @@ static void usage(char *prog)
 " access to this socket\n"
 " \tNote: -s & -f can not be used together\n"
 " [-n|--nodaemon] Run as a normal program\n",
-basename(prog));
+base_filename);
+
+g_free(base_filename);
 }
 
 static int process_reply(int sock, int type,
diff --git a/hw/s390x/s390-ccw.c b/hw/s390x/s390-ccw.c
index 7fc1c60..460dbab 100644
--- a/hw/s390x/s390-ccw.c
+++ b/hw/s390x/s390-ccw.c
@@ -34,7 +34,7 @@ static void s390_ccw_get_dev_info(S390CCWDevice *cdev,
   Error **errp)
 {
 unsigned int cssid, ssid, devid;
-char dev_path[PATH_MAX] = {0}, *tmp;
+char dev_path[PATH_MAX] = {0}, *dir_name, *dir_path;
 
 if (!sysfsdev) {
 error_setg(errp, "No host device provided");
@@ -48,18 +48,23 @@ static void s390_ccw_get_dev_info(S390CCWDevice *cdev,
 return;
 }
 
-cdev->mdevid = g_strdup(basename(dev_path));
+cdev->mdevid = g_path_get_basename(dev_path);
 
-tmp = basename(dirname(dev_path));
-if (sscanf(tmp, "%2x.%1x.%4x", , , ) != 3) {
-error_setg_errno(errp, errno, "Failed to read %s", tmp);
-return;
+dir_path = g_path_get_dirname(dev_path);
+dir_name = g_path_get_basename(dir_path);
+if (sscanf(dir_name, "%2x.%1x.%4x", , , ) != 3) {
+error_setg_errno(errp, errno, "Failed to read %s", dir_name);
+goto out;
 }
 
 cdev->hostid.cssid = cssid;
 cdev->hostid.ssid = ssid;
 cdev->hostid.devid = devid;
 cdev->hostid.valid = true;
+
+out:
+g_free(dir_path);
+g_free(dir_name);
 }
 
 static void s390_ccw_realize(S390CCWDevice *cdev, char *sysfsdev, Error **errp)
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index 16713f2..c0566a9 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -300,7 +300,7 @@ static void vfio_put_device(VFIOCCWDevice *vcdev)
 
 static VFIOGroup *vfio_ccw_get_group(S390CCWDevice *cdev, Error **errp)
 {
-char *tmp, group_path[PATH_MAX];
+char *tmp, *group_name, group_path[PATH_MAX];
 ssize_t len;
 int groupid;
 
@@ -317,10 +317,13 @@ static VFIOGroup *vfio_ccw_get_group(S390CCWDevice *cdev, 
Error **errp)
 
 group_path[len] = 0;
 
-if (sscanf(basename(group_path), "%d", ) != 1) {
+group_name = g_path_get_basename(group_path);
+if (sscanf(group_name, "%d", ) != 1) {
 error_setg(errp, "vfio: failed to read %s", group_path);
+g_free(group_name);
 return NULL;
 }
+g_free(group_name);
 
 return vfio_get_group(groupid, _space_memory, errp);
 }
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 033cc8d..ba03136 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2807,7 +2807,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
 return;
 }
 
-vdev->vbasedev.name = g_strdup(basename(vdev->vbasedev.sysfsdev));
+vdev->vbasedev.name = g_path_get_basename(vdev->vbasedev.sysfsdev);
 vdev->vbasedev.ops = _pci_ops;
 vdev->vbasedev.type = VFIO_DEVICE_TYPE_PCI;
 vdev->vbasedev.dev = >pdev.qdev;
@@ -2824,11 +2824,13 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
 
 group_path[len] = 0;
 
-group_name = basename(group_path);
+group_name = g_path_get_basename(group_path);
 if (sscanf(group_name, "%d", ) != 1) {
 error_setg_errno(errp, errno, "failed to read %s", group_path);
+g_free(group_name);
 goto error;
 }
+g_free(group_name);
 
 trace_vfio_realize(vdev->vbasedev.name, groupid);
 
diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index 0d4bc0a..15dbae8 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -561,7 +561,7 @@ static int vfio_base_device_init(VFIODevice *vbasedev, 
Error **errp)
 /* @sysfsdev takes precedence over @host */
 if (vbasedev->sysfsdev) {
 g_free(vbasedev->name);
-

Re: [Qemu-devel] [PATCH v3 00/16] block/mirror: Add active-sync mirroring

2018-02-28 Thread Fam Zheng 
On Wed, 02/28 19:04, Max Reitz wrote:
> v3: [Fam]
> - Patch 5: Drop shadowing ret declaration
> - Patch 11: Added
> - Patch 12: Add comment on how @iter is modified by
> bdrv_dirty_iter_next_area()
> - Patch 14:
>   - Squashed old patch 12 into this one
>   - Don't forget write_zeroes and discard
> - Patch 15: %s/passive/background/
> - Patch 16: Write some zeroes so we can see those are actively copied,
> too (i.e. test the changes to patch 14 from v2)

Reviewed-by: Fam Zheng

Re: [Qemu-devel] [PATCH] migration: Fix block failure cases

2018-02-28 Thread Peter Xu 
On Wed, Feb 28, 2018 at 04:49:37PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> This fixes a couple of cases where the block migration capability
> doesn't get cleared when a migration failed.
> 
> 1) When block migration is compiled out:
>   (qemu) migrate -d -b  "exec:cat > /dev/null"
>   QEMU compiled without old-style (blk/-b, inc/-i) block migration
>   Use drive_mirror+NBD instead.
>   (qemu) migrate_set_capability xbzrle off
>   QEMU compiled without old-style (blk/-b, inc/-i) block migration
>   Use drive_mirror+NBD instead.
> 
>   This corresponds to https://bugzilla.redhat.com/show_bug.cgi?id=1550022
> 
> 2) When a migration with a bad protocol is tried:
>   (qemu) migrate -d -b "foo:bah"
>   Parameter 'uri' expects a valid migration protocol
>   (qemu) info migrate_capabilities
>   xbzrle: off
>   rdma-pin-all: off
>   auto-converge: off
>   zero-blocks: off
>   compress: off
>   events: off
>   postcopy-ram: off
>   x-colo: off
>   release-ram: off
>   block: on   <<-
>   return-path: off
>   pause-before-switchover: off
>   x-multifd: off
> 
> Fixes: 2833c59b947
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/migration.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index b913b98803..da0e4a1f56 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -1391,11 +1391,12 @@ void qmp_migrate(const char *uri, bool has_blk, bool 
> blk,
>  return;
>  }
>  migrate_set_block_enabled(true, _err);
> +s->must_remove_block_options = true;
>  if (local_err) {
>  error_propagate(errp, local_err);
> +block_cleanup_parameters(s);
>  return;
>  }
> -s->must_remove_block_options = true;
>  }
>  
>  if (has_inc && inc) {
> @@ -1417,11 +1418,10 @@ void qmp_migrate(const char *uri, bool has_blk, bool 
> blk,
>  } else if (strstart(uri, "fd:", )) {
>  fd_start_outgoing_migration(s, p, _err);
>  } else {
> -error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "uri",
> +error_setg(_err, QERR_INVALID_PARAMETER_VALUE, "uri",
> "a valid migration protocol");
>  migrate_set_state(>state, MIGRATION_STATUS_SETUP,
>MIGRATION_STATUS_FAILED);
> -return;
>  }
>  
>  if (local_err) {
> -- 
> 2.14.3
> 

Ouch...

Instead it seems to be my fault in 4a84214ebe ("migration: provide
migrate_caps_check()", 2017-07-18).  For now I cannot understand why I
did that before since it's obviously strange if without this
squashed...

diff --git a/migration/migration.c b/migration/migration.c
index 0aa596f867..88ed9375aa 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -747,13 +747,15 @@ void 
qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
 {
 MigrationState *s = migrate_get_current();
 MigrationCapabilityStatusList *cap;
+bool cap_list[MIGRATION_CAPABILITY__MAX];
 
 if (migration_is_setup_or_active(s->state)) {
 error_setg(errp, QERR_MIGRATION_ACTIVE);
 return;
 }
 
-if (!migrate_caps_check(s->enabled_capabilities, params, errp)) {
+memcpy(cap_list, s->enabled_capabilities, sizeof(cap_list));
+if (!migrate_caps_check(cap_list, params, errp)) {
 return;
 }

Otherwise I'll get:

(qemu) migrate_set_capability postcopy-ram on  
(qemu) migrate_set_capability compress on  
Postcopy is not currently compatible with compression  
(qemu) info migrate_capabilities   
xbzrle: off
rdma-pin-all: off  
auto-converge: off 
zero-blocks: off   
compress: on <- :(
events: off
postcopy-ram: on   
x-colo: off
release-ram: off   
block: off 
return-path: off   
pause-before-switchover: off   
x-multifd: off
 
And it looks very likely that this should solve the block bug too.

(So I think either I got a brain fart last July, or now...)

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v3 11/16] test-hbitmap: Add non-advancing iter_next tests

2018-02-28 Thread Fam Zheng 
On Wed, 02/28 19:05, Max Reitz wrote:
> Add a function that wraps hbitmap_iter_next() and always calls it in
> non-advancing mode first, and in advancing mode next.  The result should
> always be the same.
> 
> By using this function everywhere we called hbitmap_iter_next() before,
> we should get good test coverage for non-advancing hbitmap_iter_next().

Haha, clever!

[Qemu-devel] [Bug 1658141] Re: QEMU's default msrs handling causes Windows 10 64 bit to crash

2018-02-28 Thread Samuel Delarosbil 
It appears this bug affects me too with very similar symptons, but this
time, it's while launching the recently released game "Puyo Poyo Tetris"
using Steam in the guest VM.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1658141

Title:
  QEMU's default msrs handling causes Windows 10 64 bit to crash

Status in QEMU:
  New

Bug description:
  Wine uses QEMU to run its conformance test suite on Windows virtual
  machines. Wine's conformance tests check the behavior of various
  Windows APIs and verify that they behave as expected.

  One such test checks handling of exceptions down. When run on Windows 10 64 
bit in QEMU it triggers a "KMOD_EXCEPTION_NOT_HANDLED" BSOD in the VM. See:
  https://bugs.winehq.org/show_bug.cgi?id=40240

  
  To reproduce this bug:
  * Pick a Windows 10 64 bit VM on an Intel host.

  * Start the VM. I'm pretty sure any qemu command will do but here's what I 
used:
qemu-system-x86_64 -machine pc-i440fx-2.1,accel=kvm -cpu core2duo,+nx -m 
2048 -hda /var/lib/libvirt/images/wtbw1064.qcow2

  * Grab the attached source code. The tar file is a bit big at 85KB
  because I had to include some Wine headers. However the source file
  proper, exception.c, is only 85 lines, including the LGPL header.

  * Compile the source code with MinGW by typing 'make'. This produces a
  32 bit exception.exe executable. I'll attach it for good measure.

  * Put exception.exe on the VM and run it.

  
  After investigation it turns out this happens:
   * Only for Windows 10 64 bit guests. Windows 10 32 bit and older Windows 
versions are unaffected.

   * Only on Intel hosts. At least both my Xeon E3-1226 v3 and i7-4790K
  hosts are impacted but not my Opteron 6128 one.

   * It does not seem to depend on the emulated CPU type: on the Intel hosts 
this happened with both 
  core2duo,nx and 'copy the host configuration' and did not depend on the 
number of emulated cpus/cores.

   * This happened with both QEMU 2.1 and 2.7, and both the 3.16.0 and
  4.8.11 Linux kernels, both on Debian 8.6 and Debian Testing.

  
  After searching for quite some time I discovered that the kvm kernel module 
was sneaking the following messages into /var/log/syslog precisely when the 
BSOD happens:

  Dec 16 13:43:48 vm3 kernel: [  191.624802] kvm [2064]: vcpu0, guest rIP: 
0xf803cb3c0bf3 kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x1, nop
  Dec 16 13:43:48 vm3 kernel: [  191.624835] kvm [2064]: vcpu0, guest rIP: 
0xf803cb3c0c5c unhandled rdmsr: 0x1c9

  A search on the Internet turned up a post suggesting to change kvm's
  ignore_msrs setting:

 echo 1 >/sys/module/kvm/parameters/ignore_msrs

  
https://www.reddit.com/r/VFIO/comments/42dj7n/some_games_crash_to_biosboot_on_launch/

  This does actually work and provides a workaround at least.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1658141/+subscriptions

Re: [Qemu-devel] [PATCH 14/14] qio/chardev: specify gcontext for TLS handshake

2018-02-28 Thread Peter Xu 
On Wed, Feb 28, 2018 at 01:22:37PM +, Daniel P. Berrangé wrote:
> On Wed, Feb 28, 2018 at 01:06:33PM +0800, Peter Xu wrote:
> > We allow the TLS code to be run with non-default gcontext by providing a
> > new qio_channel_tls_handshake_full() API.
> > 
> > With the new API, we can re-setup the TLS handshake GSource by calling
> > it again with the correct gcontext.  Any call to the function will clean
> > up existing GSource tasks, and re-setup using the new gcontext.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c| 30 +---
> >  include/io/channel-tls.h | 22 +++-
> >  io/channel-tls.c | 91 
> > 
> >  3 files changed, 123 insertions(+), 20 deletions(-)
> > 
> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > index 164a64ff34..406d33c04f 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > @@ -72,6 +72,9 @@ typedef struct {
> >  
> >  static gboolean socket_reconnect_timeout(gpointer opaque);
> >  static void tcp_chr_telnet_init(Chardev *chr);
> > +static void tcp_chr_tls_handshake_setup(Chardev *chr,
> > +QIOChannelTLS *tioc,
> > +GMainContext *context);
> >  
> >  static void tcp_chr_reconn_timer_cancel(SocketChardev *s)
> >  {
> > @@ -570,6 +573,7 @@ static void tcp_chr_telnet_destroy(SocketChardev *s)
> >  static void tcp_chr_update_read_handler(Chardev *chr)
> >  {
> >  SocketChardev *s = SOCKET_CHARDEV(chr);
> > +QIOChannelTLS *tioc;
> >  
> >  if (s->listener) {
> >  /*
> > @@ -589,6 +593,17 @@ static void tcp_chr_update_read_handler(Chardev *chr)
> >  qio_task_context_set(s->thread_task, chr->gcontext);
> >  }
> >  
> > +tioc = (QIOChannelTLS *)object_dynamic_cast(OBJECT(s->ioc),
> > +TYPE_QIO_CHANNEL_TLS);
> > +if (tioc) {
> > +/*
> > + * TLS session enabled; reconfigure things up.  Note that, if
> > + * there is existing handshake task, it'll be cleaned up first
> > + * in QIO code.
> > + */
> > +tcp_chr_tls_handshake_setup(chr, tioc, chr->gcontext);
> > +}
> 
> This is crazy - we should not be looking at specific implementations of
> the channel. If the TLS object needs to use a specific GMainContext we
> should make sure that is done right from the start and not try to change
> the GMainContext on the fly.

I'm not sure whether I can do it since current code has already let
the chardev frontends depend on the backends, so we cannot simply let
it be reverted (setup context basically means we need to have the
frontend be inited before backends since the context is now
frontend-specific).

However I'm thinking maybe I can postpone some of the chardev
initialization process after everything has been setup.  Then it'll
look like:

- init chardev backends, phase 1 (e.g., only create chardevs but
  postpone open)
- init chardev frontends (e.g., monitors)
- init chardev backends, phase 2 (e.g., do the real socket open work)

Actually I already spotted an existing user of it
(muxes_realize_notify).  Maybe I can do similar thing to postpone some
of the socket chardev operations after machine init finished.  Thanks,

-- 
Peter Xu

[Qemu-devel] [PATCH] hw/ppc/spapr, e500: Use new property "stdout-path" for boot console

2018-02-28 Thread Nikunj A Dadhania 
Linux kernel commit 2a9d832cc9aae21ea827520fef635b6c49a06c6d
(of: Add bindings for chosen node, stdout-path) deprecated chosen property
"linux,stdout-path" and "stdout".

Introduce the new property "stdout-path" and continue supporting the older
property to remain compatible with existing/older firmware. This older property
can be deprecated after 5 years.

Signed-off-by: Nikunj A Dadhania 
---
 hw/ppc/e500.c  | 7 +++
 hw/ppc/spapr.c | 7 +++
 2 files changed, 14 insertions(+)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index a40d3ec3e3..a325a95015 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -119,7 +119,14 @@ static void dt_serial_create(void *fdt, unsigned long long 
offset,
 qemu_fdt_setprop_string(fdt, "/aliases", alias, ser);
 
 if (defcon) {
+/*
+ * "linux,stdout-path" and "stdout" properties are deprecated by linux
+ * kernel. New platforms should only use the "stdout-path" property. 
Set
+ * the new property and continue using older property to remain
+ * compatible with the existing firmware.
+ */
 qemu_fdt_setprop_string(fdt, "/chosen", "linux,stdout-path", ser);
+qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", ser);
 }
 }
 
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 83c9d66dd5..58a44edc4a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1062,7 +1062,14 @@ static void spapr_dt_chosen(sPAPRMachineState *spapr, 
void *fdt)
 }
 
 if (!spapr->has_graphics && stdout_path) {
+/*
+ * "linux,stdout-path" and "stdout" properties are deprecated by linux
+ * kernel. New platforms should only use the "stdout-path" property. 
Set
+ * the new property and continue using older property to remain
+ * compatible with the existing firmware.
+ */
 _FDT(fdt_setprop_string(fdt, chosen, "linux,stdout-path", 
stdout_path));
+_FDT(fdt_setprop_string(fdt, chosen, "stdout-path", stdout_path));
 }
 
 spapr_dt_ov5_platform_support(fdt, chosen);
-- 
2.14.3

[Qemu-devel] [PATCH] hw/arm: Use more CONFIG switches to decide which object files should be linked

2018-02-28 Thread Thomas Huth 
A lot of ARM object files are linked into the executable unconditionally,
even though we have corresponding CONFIG switches like CONFIG_PXA2XX or
CONFIG_OMAP. We should make sure to use these switches in the Makefile so
that the users can disable certain unwanted boards and devices more easily.
Also introduce the new switch CONFIG_STRONGARM to be able to disable the
"Collie" machine if it is not wanted.

Signed-off-by: Thomas Huth 
---
 default-configs/arm-softmmu.mak |  2 ++
 hw/arm/Makefile.objs| 26 +-
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index ca34cf4..43f382a 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -133,3 +133,5 @@ CONFIG_GPIO_KEY=y
 CONFIG_MSF2=y
 CONFIG_FW_CFG_DMA=y
 CONFIG_XILINX_AXI=y
+
+CONFIG_STRONGARM=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 1c896ba..5e1e0a9 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,15 +1,23 @@
-obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
-obj-$(CONFIG_DIGIC) += digic_boards.o
-obj-y += integratorcp.o mainstone.o musicpal.o nseries.o
-obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
-obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-y += boot.o virt.o sysbus-fdt.o
 obj-$(CONFIG_ACPI) += virt-acpi-build.o
-obj-y += netduino2.o
-obj-y += sysbus-fdt.o
+obj-$(CONFIG_ARM_V7M) += highbank.o netduino2.o vexpress.o
+obj-$(CONFIG_ASPEED_SOC) += integratorcp.o musicpal.o versatilepb.o
+obj-$(CONFIG_DIGIC) += digic_boards.o
+obj-$(CONFIG_EXYNOS4) += exynos4_boards.o
+obj-$(CONFIG_NSERIES) += nseries.o
+obj-$(CONFIG_OMAP) += omap_sx1.o palm.o
+obj-$(CONFIG_PXA2XX) += gumstix.o spitz.o mainstone.o tosa.o z2.o
+obj-$(CONFIG_REALVIEW) += realview.o
+obj-$(CONFIG_STELLARIS) += stellaris.o
+obj-$(CONFIG_STRONGARM) += collie.o
+obj-$(CONFIG_ZYNQ) += xilinx_zynq.o
 
-obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
+obj-$(CONFIG_ARM_V7M) += armv7m.o
+obj-$(CONFIG_EXYNOS4) += exynos4210.o
+obj-$(CONFIG_PXA2XX) += pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
-obj-y += omap1.o omap2.o strongarm.o
+obj-$(CONFIG_OMAP) += omap1.o omap2.o
+obj-$(CONFIG_STRONGARM) += strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
-- 
1.8.3.1

[Qemu-devel] Fwd: Outreachy/GSOC Aspirant for Vulkan-ize_virgl Project

2018-02-28 Thread Anusha Srivastava 
Hi,

Is it possible to take this project up now for Outreachy/GSOC 2018 ?

Regards,
Anusha Srivastava



-- Forwarded message --
From: Anusha Srivastava 
Date: 28 February 2018 at 23:10
Subject: Re: Outreachy 2017-DecemberMarch Aspirant for Vulkan-ize_virgl Project
To: Stefan Hajnoczi 
Cc: Marc-André Lureau 


Stefan/Marc-Andre,

Is it possible to take this project up now for Outreachy/GSOC 2018 ?

Regards,
Anusha Srivastava


On 27 September 2017 at 11:41, Stefan Hajnoczi  wrote:
>> I would like to participate to Outreachy 2017-DecemberMarch  by contributing
>> to "Vulkan-ize_virgl" Project under Qemu as listed here -
>> https://wiki.qemu.org/Outreachy_2017_MayAugust#Vulkan-ize_virgl
>>
>>
>> I have worked a lot with qemu and find this project a match for my technical
>> skills.
>>
>> Kindly let me know how to go ahead with this.
>
> Hi,
> QEMU is not participating in Outreachy 2017 December-March.
>
> If you want to contribute outside Outreachy, then maybe Marc-André can
> discuss it further with you.
>
> Stefan

Re: [Qemu-devel] [PATCH 04/14] migration: let incoming side use thread context

2018-02-28 Thread Peter Xu 
On Wed, Feb 28, 2018 at 09:10:58AM +, Daniel P. Berrangé wrote:
> On Wed, Feb 28, 2018 at 01:06:23PM +0800, Peter Xu wrote:
> > The old incoming migration is running in main thread and default
> > gcontext.  With the new qio_channel_add_watch_full() we can now let it
> > run in the thread's own gcontext (if there is one).
> > 
> > Currently this patch does nothing alone.  But when any of the incoming
> > migration is run in another iothread (e.g., the upcoming migrate-recover
> > command), this patch will bind the incoming logic to the iothread
> > instead of the main thread (which may already get page faulted and
> > hanged).
> > 
> > RDMA is not considered for now since it's not even using the QIO APIs at
> > all.
> 
> Errm, yes, it is.
> 
>   struct QIOChannelRDMA {
> QIOChannel parent;
> RDMAContext *rdma;
> QEMUFile *file;
> size_t len;
> bool blocking; /* XXX we don't actually honour this yet */
>   };
>   

Ah, you are right. :)

I should say that "it's not using QIO watch framework" since it's
using qemu_set_fd_handler() so it's always on main thread.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH qemu v2] qmp: Add qom-list-properties to list QOM object properties

2018-02-28 Thread David Gibson 
On Mon, Feb 26, 2018 at 07:22:59PM +1100, Alexey Kardashevskiy wrote:
> There is already 'device-list-properties' which does most of the job,
> however it does not handle everything returned by qom-list-types such
> as machines as they inherit directly from TYPE_OBJECT and not TYPE_DEVICE.
> It does not handle abstract classes either.
> 
> This adds a new qom-list-properties command which prints properties
> of a specific class and its instance. It is pretty much a simplified copy
> of the device-list-properties handler.
> 
> Since it creates an object instance, device properties should appear
> in the output as they are copied to QOM properties at the instance_init
> hook.
> 
> This adds a object_class_property_iter_init() helper to allow class
> properties enumeration uses it in the new QMP command to allow properties
> listing for abstract classes.
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
> Changes:
> v2:
> * added abstract classes support, now things like "pci-device" or
> "spapr-machine" show properties, previously these would produce
> an "abstract class" error
> ---
>  qapi-schema.json | 29 +
>  include/qom/object.h | 16 
>  qmp.c| 49 +
>  qom/object.c |  7 +++
>  4 files changed, 101 insertions(+)
> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 0262b9f..fa5f189 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -1455,6 +1455,35 @@
>'returns': [ 'DevicePropertyInfo' ] }
>  
>  ##
> +# @QOMPropertyInfo:
> +#
> +# Information about object properties.
> +#
> +# @name: the name of the property
> +# @type: the typename of the property
> +# @description: if specified, the description of the property.
> +#
> +# Since: 2.12
> +##
> +{ 'struct': 'QOMPropertyInfo',
> +  'data': { 'name': 'str', 'type': 'str', '*description': 'str' } }

So, this has identical contents to DevicePropertyInfo, and is very
similar to ObjectPropertyInfo.  Is there any way we could consolidate
those types?

> +##
> +# @qom-list-properties:
> +#
> +# List properties associated with a QOM object.
> +#
> +# @typename: the type name of an object
> +#
> +# Returns: a list of QOMPropertyInfo describing object properties
> +#
> +# Since: 2.12
> +##
> +{ 'command': 'qom-list-properties',
> +  'data': { 'typename': 'str'},
> +  'returns': [ 'QOMPropertyInfo' ] }
> +
> +##
>  # @xen-set-global-dirty-log:
>  #
>  # Enable or disable the global dirty log mode.
> diff --git a/include/qom/object.h b/include/qom/object.h
> index dc73d59..ef07d78 100644
> --- a/include/qom/object.h
> +++ b/include/qom/object.h
> @@ -1017,6 +1017,22 @@ void object_property_iter_init(ObjectPropertyIterator 
> *iter,
> Object *obj);
>  
>  /**
> + * object_class_property_iter_init:
> + * @klass: the class
> + *
> + * Initializes an iterator for traversing all properties
> + * registered against an object class and all parent classes.
> + *
> + * It is forbidden to modify the property list while iterating,
> + * whether removing or adding properties.
> + *
> + * This can be used on abstract classes as it does not create a temporary
> + * instance.
> + */
> +void object_class_property_iter_init(ObjectPropertyIterator *iter,
> + ObjectClass *klass);
> +
> +/**
>   * object_property_iter_next:
>   * @iter: the iterator instance
>   *
> diff --git a/qmp.c b/qmp.c
> index 793f6f3..151d3d7 100644
> --- a/qmp.c
> +++ b/qmp.c
> @@ -576,6 +576,55 @@ DevicePropertyInfoList *qmp_device_list_properties(const 
> char *typename,
>  return prop_list;
>  }
>  
> +QOMPropertyInfoList *qmp_qom_list_properties(const char *typename,
> + Error **errp)
> +{
> +ObjectClass *klass;
> +Object *obj = NULL;
> +ObjectProperty *prop;
> +ObjectPropertyIterator iter;
> +QOMPropertyInfoList *prop_list = NULL;
> +
> +klass = object_class_by_name(typename);
> +if (klass == NULL) {
> +error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> +  "Class '%s' not found", typename);
> +return NULL;
> +}
> +
> +klass = object_class_dynamic_cast(klass, TYPE_OBJECT);
> +if (klass == NULL) {
> +error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "typename", 
> TYPE_OBJECT);
> +return NULL;
> +}
> +
> +if (object_class_is_abstract(klass)) {
> +object_class_property_iter_init(, klass);

I like the idea of adding abstract classes in principle, but I'm a
little concerned about the effect of this in practice, because it only
lists class properties.

Although nearly all properties in qemu *should* be class properties,
they're nearly all defined as instance properties in practice.  AFAICT
this is just because most people didn't get the memo on class
properties and how to use them.

Just listing class properties in general might be ok - it

Re: [Qemu-devel] [PATCHv3 00/12] macio: remove legacy macio_init() function

2018-02-28 Thread David Gibson 
On Wed, Feb 28, 2018 at 08:32:31PM +, Mark Cave-Ayland wrote:
> This patchset eliminates the legacy macio_init() function used to setup the
> ESCC and PIC memory regions and instead allows the macio device to be
> instantiated directly via qdev, wiring up the ESCC internally using sysbus 
> MMIO
> memory regions and the PIC via QOM object links.
> 
> The biggest surprise in this patchset was the need to QOMify the heathrow
> device which apparently up until now has never required any of these 
> new-fangled
> APIs from the last decade such as qdev and QOM.
> 
> There's still some follow-up work to do with the PCI host bridge wiring but it
> seems to me that this is a good preparation step.
> 
> Signed-off-by: Mark Cave-Ayland 

Applied to ppc-for-2.12, thanks.

> 
> v3:
> - Rebase onto master
> - Add extra R-B tags from David and Philippe
> - Add patch 8 to move KVM openpic declarations into separate openpic_kvm.h 
> file
>   (fixes compilation of ppc-linux-user)
> 
> v2:
> - Rebase onto master
> - Add R-B tags from David
> - Rework patch 4 ("heathrow: convert to trace-events") as suggested by David
> 
> 
> Mark Cave-Ayland (12):
>   macio: embed DBDMA device directly within macio
>   macio: move ESCC device within the macio device
>   heathrow: QOMify heathrow PIC
>   heathrow: convert to trace-events
>   heathrow: change heathrow_pic_init() to return the heathrow device
>   macio: move macio related structures and defines into separate macio.h
> file
>   mac_oldworld: use object link to pass heathrow PIC object to macio
>   openpic: move KVM-specific declarations into separate openpic_kvm.h
> file
>   openpic: move OpenPIC state and related definitions to openpic.h
>   mac_newworld: use object link to pass OpenPIC object to macio
>   macio: move setting of CUDA timebase frequency to
> macio_common_realize()
>   macio: remove macio_init() function
> 
>  hw/intc/heathrow_pic.c | 166 
> +
>  hw/intc/openpic.c  | 157 --
>  hw/intc/openpic_kvm.c  |   1 +
>  hw/intc/trace-events   |   5 ++
>  hw/misc/macio/macio.c  | 150 +
>  hw/ppc/e500.c  |   1 +
>  hw/ppc/mac.h   |  10 +--
>  hw/ppc/mac_newworld.c  |  56 +-
>  hw/ppc/mac_oldworld.c  |  50 +
>  include/hw/intc/heathrow_pic.h |  49 
>  include/hw/misc/macio/macio.h  |  79 
>  include/hw/ppc/openpic.h   | 160 ++-
>  include/hw/ppc/openpic_kvm.h   |   7 ++
>  target/ppc/kvm-stub.c  |   2 +-
>  14 files changed, 494 insertions(+), 399 deletions(-)
>  create mode 100644 include/hw/intc/heathrow_pic.h
>  create mode 100644 include/hw/misc/macio/macio.h
>  create mode 100644 include/hw/ppc/openpic_kvm.h
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 1/1] s390/kvm: implement clearing part of IPL clear

2018-02-28 Thread Thomas Huth 
On 28.02.2018 20:53, Christian Borntraeger wrote:
> When a guests reboots with diagnose 308 subcode 3 it requests the memory
> to be cleared. We did not do it so far. This does not only violate the
> architecture, it also misses the chance to free up that memory on
> reboot, which would help on host memory over commitment.  By using
> ram_block_discard_range we can cover both cases.

Sounds like a good idea. I wonder whether that release_all_ram()
function should maybe rather reside in exec.c, so that other machines
that want to clear all RAM at reset time can use it, too?

> Signed-off-by: Christian Borntraeger 
> ---
>  target/s390x/kvm.c | 19 +++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> index 8f3a422288..2e145ad5c3 100644
> --- a/target/s390x/kvm.c
> +++ b/target/s390x/kvm.c
> @@ -34,6 +34,8 @@
>  #include "qapi/error.h"
>  #include "qemu/error-report.h"
>  #include "qemu/timer.h"
> +#include "qemu/rcu_queue.h"
> +#include "sysemu/cpus.h"
>  #include "sysemu/sysemu.h"
>  #include "sysemu/hw_accel.h"
>  #include "hw/boards.h"
> @@ -41,6 +43,7 @@
>  #include "sysemu/device_tree.h"
>  #include "exec/gdbstub.h"
>  #include "exec/address-spaces.h"
> +#include "exec/ram_addr.h"
>  #include "trace.h"
>  #include "qapi-event.h"
>  #include "hw/s390x/s390-pci-inst.h"
> @@ -1841,6 +1844,14 @@ static int kvm_arch_handle_debug_exit(S390CPU *cpu)
>  return ret;
>  }
>  
> +static void release_all_rams(void)

s/rams/ram/ maybe?

> +{
> +struct RAMBlock *rb;
> +
> +QLIST_FOREACH_RCU(rb, _list.blocks, next)
> +ram_block_discard_range(rb, 0, rb->used_length);

>From a coding style point of view, I think there should be curly braces
around ram_block_discard_range() ?

> +}
> +
>  int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
>  {
>  S390CPU *cpu = S390_CPU(cs);
> @@ -1853,6 +1864,14 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
> *run)
>  ret = handle_intercept(cpu);
>  break;
>  case KVM_EXIT_S390_RESET:
> +if (run->s390_reset_flags & KVM_S390_RESET_CLEAR) {
> +/*
> + * We will stop other CPUs anyway, avoid spurious crashes and
> + * get all CPUs out. The reset will take care of the resume.
> + */
> +pause_all_vcpus();
> +release_all_rams();
> +}
>  s390_reipl_request();
>  break;
>  case KVM_EXIT_S390_TSCH:
> 

Apart from the cosmetic nits, patch looks good to me.

 Thomas

Re: [Qemu-devel] [PATCH] vfio-ccw: license text should indicate GPL v2 or later

2018-02-28 Thread Dong Jia Shi 
* Cornelia Huck  [2018-02-27 18:32:51 +0100]:

> The license text currently specifies "any version" of the GPL. It
> is unlikely that GPL v1 was ever intended; change this to the
> standard "or any later version" text.
> 
> Cc: Dong Jia Shi 
> Cc: Xiao Feng Ren 
> Cc: Pierre Morel 
> Signed-off-by: Cornelia Huck 
> ---
>  hw/vfio/ccw.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
> index 16713f2c52..4e5855741a 100644
> --- a/hw/vfio/ccw.c
> +++ b/hw/vfio/ccw.c
> @@ -6,8 +6,8 @@
>   *Xiao Feng Ren 
>   *Pierre Morel 
>   *
> - * This work is licensed under the terms of the GNU GPL, version 2 or(at
> - * your option) any version. See the COPYING file in the top-level
> + * This work is licensed under the terms of the GNU GPL, version 2 or (at
> + * your option) any later version. See the COPYING file in the top-level
>   * directory.
>   */
> 
Dunno why the word 'later' is missing... could be some copy/paste
mistake.

Reviewed-by: Dong Jia Shi 

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH 04/14] migration: let incoming side use thread context

2018-02-28 Thread Peter Xu 
On Wed, Feb 28, 2018 at 05:43:50PM +, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > The old incoming migration is running in main thread and default
> > gcontext.  With the new qio_channel_add_watch_full() we can now let it
> > run in the thread's own gcontext (if there is one).
> > 
> > Currently this patch does nothing alone.  But when any of the incoming
> > migration is run in another iothread (e.g., the upcoming migrate-recover
> > command), this patch will bind the incoming logic to the iothread
> > instead of the main thread (which may already get page faulted and
> > hanged).
> 
> Does this make any difference to the Postcopy listener thread, which
> takes over reading from the main thread once in postcopy mode?
> (See savevm.c:postcopy_ram_listen_thread).

It should not.  It should only affect when use sends a
"migrate-recover" with "run-oob=true".  The rest should be the same as
before.  And since the postcopy ram load thread is a standalone thread
with its own initial thread stack (so it's not really in a gmainloop),
I can hardly tell how that can be affected since it'll always use its
own thread stack.

Or, have I missed anything?

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 05/16] block/mirror: Convert to coroutines

2018-02-28 Thread Fam Zheng 
On Wed, 02/28 18:07, Max Reitz wrote:
> On 2018-02-28 15:13, Max Reitz wrote:
> > On 2018-02-27 08:44, Fam Zheng wrote:
> >> On Mon, 01/22 23:07, Max Reitz wrote:
> >>> @@ -101,7 +105,7 @@ static BlockErrorAction 
> >>> mirror_error_action(MirrorBlockJob *s, bool read,
> >>>  }
> >>>  }
> >>>  
> >>> -static void mirror_iteration_done(MirrorOp *op, int ret)
> >>> +static void coroutine_fn mirror_iteration_done(MirrorOp *op, int ret)
> >>>  {
> >>>  MirrorBlockJob *s = op->s;
> >>>  struct iovec *iov;
> >>
> >> I think we want s/qemu_coroutine_enter/aio_co_wake/ in 
> >> mirror_iteration_done().
> >> As an AIO callback before, this didn't matter, but now we are in an 
> >> terminating
> >> coroutine, so it is pointless to defer the termination, or even risky in 
> >> that we
> >> are in a aio_context_acquire/release section, but have already decremented
> >> s->in_flight, which is fishy.
> > 
> > I guess I'll still do the replacement, regardless of whether the next
> > patch overwrites it again...
> 
> Maybe I don't.  Doing this breaks iotest 041 because the
> assert(data.done) in bdrv_co_yield_to_drain() fails.
> 
> Not sure why that is, but under the circumstance I guess it's best to
> just pretend this never happened, continue to use qemu_coroutine_enter()
> and just replace it in the next patch.
> 
> As for in_flight: What is the issue there?  We mostly need that to know
> how many I/O requests are actually running, that is, how much buffer
> space is used, how many I/O is done concurrently, etc. (and later we
> need the in-flight information so that we don't access the target in
> overlapping areas concurrently).  But it doesn't seem to be about how
> many coroutines there are.
> 
> So as long as the s->in_flight decrement is done in the same critical
> section as the op is deleted, we should be good...?

I don't have a specific problem in my mind but is just generally concerned about
the "if (s->in_flight == 0)" checks around mirror_exit.

Fam

Re: [Qemu-devel] [PATCH v4] tap: setting error appropriately when calling net_init_tap_one()

2018-02-28 Thread Zhoujian (jay) 
Ping ...

> -Original Message-
> From: Zhoujian (jay)
> Sent: Tuesday, February 06, 2018 8:54 PM
> To: qemu-devel@nongnu.org
> Cc: jasow...@redhat.com; m...@redhat.com; imamm...@redhat.com; Huangweidong 
> (C)
> ; wangxin (U) ; Gonglei
> (Arei) ; Zhoujian (jay) 
> Subject: [PATCH v4] tap: setting error appropriately when calling
> net_init_tap_one()
> 
> If netdev_add tap,id=net0,...,vhost=on failed in net_init_tap_one(), the
> followed up device_add virtio-net-pci,netdev=net0 will fail too, prints:
> 
>TUNSETOFFLOAD ioctl() failed: Bad file descriptor TUNSETOFFLOAD
>ioctl() failed: Bad file descriptor
> 
> The reason is that the fd of tap is closed when error occured after calling
> net_init_tap_one().
> 
> The fd should be closed when calling net_init_tap_one failed:
>- if tap_set_sndbuf() failed
>- if tap_set_sndbuf() succeeded but vhost failed to open or
>  initialize with vhostforce flag on
> The fd should not be closed just because vhost failed to open or initialize
> but without vhostforce flag. So the followed up device_add can fall back to
> userspace virtio successfully.
> 
> Suggested-by: Michael S. Tsirkin 
> Suggested-by: Igor Mammedov 
> Suggested-by: Jason Wang 
> Signed-off-by: Jay Zhou 
> ---
> v4: - reduce duplication
> - close the fd by caller
> - tweak the title
> 
> v3: - set errp appropriately
> ---
>  include/net/vhost_net.h |  3 +++
>  net/tap.c   | 24 ++--
>  2 files changed, 21 insertions(+), 6 deletions(-)
> 
> diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h index
> afc1499..77e4739 100644
> --- a/include/net/vhost_net.h
> +++ b/include/net/vhost_net.h
> @@ -4,6 +4,9 @@
>  #include "net/net.h"
>  #include "hw/virtio/vhost-backend.h"
> 
> +#define VHOST_NET_INIT_FAILED \
> +"vhost-net requested but could not be initialized"
> +
>  struct vhost_net;
>  typedef struct vhost_net VHostNetState;
> 
> diff --git a/net/tap.c b/net/tap.c
> index 979e622..14d230f 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -686,14 +686,23 @@ static void net_init_tap_one(const NetdevTapOptions
> *tap, NetClientState *peer,
>  if (vhostfdname) {
>  vhostfd = monitor_fd_param(cur_mon, vhostfdname, );
>  if (vhostfd == -1) {
> -error_propagate(errp, err);
> +if (tap->has_vhostforce && tap->vhostforce) {
> +error_propagate(errp, err);
> +} else {
> +warn_report_err(err);
> +}
>  return;
>  }
>  } else {
>  vhostfd = open("/dev/vhost-net", O_RDWR);
>  if (vhostfd < 0) {
> -error_setg_errno(errp, errno,
> - "tap: open vhost char device failed");
> +if (tap->has_vhostforce && tap->vhostforce) {
> +error_setg_errno(errp, errno,
> + "tap: open vhost char device failed");
> +} else {
> +warn_report("tap: open vhost char device failed: %s",
> +strerror(errno));
> +}
>  return;
>  }
>  fcntl(vhostfd, F_SETFL, O_NONBLOCK); @@ -702,12 +711,15 @@
> static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState
> *peer,
> 
>  s->vhost_net = vhost_net_init();
>  if (!s->vhost_net) {
> -error_setg(errp,
> -   "vhost-net requested but could not be initialized");
> +if (tap->has_vhostforce && tap->vhostforce) {
> +error_setg(errp, VHOST_NET_INIT_FAILED);
> +} else {
> +warn_report(VHOST_NET_INIT_FAILED);
> +}
>  return;
>  }
>  } else if (vhostfdname) {
> -error_setg(errp, "vhostfd(s)= is not valid without vhost");
> +warn_report("vhostfd(s)= is not valid without vhost");
>  }
>  }
> 
> --
> 1.8.3.1
>

Re: [Qemu-devel] [PATCH v2 0/4] vl: introduce vm_shutdown()

2018-02-28 Thread Fam Zheng 
On Wed, 02/28 18:19, Stefan Hajnoczi wrote:
> v2:
>  * Tackle the .ioeventfd_stop() vs vq handler race by removing the ioeventfd
>from a BH in the IOThread [Fam]
> 
> There are several race conditions in virtio-blk/virtio-scsi dataplane code.
> This patch series addresses them, see the commit description for details on 
> the
> individual cases.

This doesn't apply to master. Which branch is it based off?

Fam

[Qemu-devel] [PATCH] iotests: Skip test for ENOMEM error

2018-02-28 Thread Fam Zheng 
The AFL image is to exercise the code validating image size, which
doesn't work on 32 bit or when out of memory (there is a large
allocation before the interesting point). So check that and skip the
test, instead of faking the result.

Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/059 | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/059 b/tests/qemu-iotests/059
index 40f89eae18..530bbbe6ce 100755
--- a/tests/qemu-iotests/059
+++ b/tests/qemu-iotests/059
@@ -152,9 +152,8 @@ done
 echo
 echo "=== Testing afl image with a very large capacity ==="
 _use_sample_img afl9.vmdk.bz2
-# The sed makes this test pass on machines with little RAM
-# (and also with 32 bit builds)
-_img_info | sed -e 's/Cannot allocate memory/Invalid argument/'
+_img_info | grep -q 'Cannot allocate memory' && _notrun "Insufficent memory, 
skipped test"
+_img_info
 _cleanup_test_img
 
 # success, all done
-- 
2.14.3

Re: [Qemu-devel] [PATCH v3] iotests: Fix CID for VMDK afl image

2018-02-28 Thread Fam Zheng 
On Wed, 02/28 18:50, Max Reitz wrote:
> On 2018-02-02 06:23, Fam Zheng wrote:
> > This reverts commit 76bf133c4 which updated the reference output, and
> > fixed the reference image, because the code path we want to exercise is
> > actually the invalid image size.
> > 
> > The descriptor block in the image, which includes the CID to verify, has 
> > been
> > invalid since the reference image was added. Since commit 9877860e7bd we 
> > report
> > this error earlier than the "file too large", so 059.out mismatches.
> > 
> > The binary change is generated along the operations of:
> > 
> >   $ bunzip2 afl9.vmdk.bz2
> >   $ qemu-img create -f vmdk fix.vmdk 1G
> >   $ dd if=afl9.vmdk of=fix.vmdk bs=512 count=1 conv=notrunc
> >   $ mv fix.vmdk afl9.vmdk
> >   $ bzip2 afl9.vmdk
> > 
> > Signed-off-by: Fam Zheng 
> > 
> > ---
> 
> Could you rebase this on master (so only the _notrun portion remains)?
> It appears that v2 has hit master already...

OK, will do!

Fam

Re: [Qemu-devel] [PATCH 05/16] translate-all: iterate over TBs in a page with PAGE_FOR_EACH_TB

2018-02-28 Thread Richard Henderson 
On 02/28/2018 02:50 PM, Emilio G. Cota wrote:
> Is this any better?
> 
> #define TB_FOR_EACH_TAGGED(head, tb, n, field)  \
> for (n = (head) & 1, tb = (TranslationBlock *)((head) & ~1);\
>  tb; tb = (TranslationBlock *)tb->field[n], n = (uintptr_t)tb & 1, \
>  tb = (TranslationBlock *)((uintptr_t)tb & ~1))

Yes, thanks.


r~

Re: [Qemu-devel] [PATCH 05/16] translate-all: iterate over TBs in a page with PAGE_FOR_EACH_TB

2018-02-28 Thread Emilio G. Cota 
On Wed, Feb 28, 2018 at 13:40:15 -0800, Richard Henderson wrote:
> On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> > +/* list iterators for lists of tagged pointers in TranslationBlock */
> > +#define TB_FOR_EACH_TAGGED(head, tb, n, field)  \
> > +for (n = (head) & 1,\
> > + tb = (TranslationBlock *)((head) & ~1);\
> > + tb;\
> > + tb = (TranslationBlock *)tb->field[n], \
> > + n = (uintptr_t)tb & 1, \
> > + tb = (TranslationBlock *)((uintptr_t)tb & ~1))
> > +
> > +#define PAGE_FOR_EACH_TB(pagedesc, tb, n)   \
> > +TB_FOR_EACH_TAGGED((pagedesc)->first_tb, tb, n, page_next)
> > +
> 
> I'm not sure I like the generalization of TB_FOR_EACH_TAGGED.  Do you use it
> for anything besides PAGE_FOR_EACH_TB?

Yes, see patch 13. I've added the following comment to the commit log:
 - Introduce the TB_FOR_EACH_TAGGED macro, and use it to define
   PAGE_FOR_EACH_TB, which improves readability. Note that
   TB_FOR_EACH_TAGGED will gain another user in a subsequent patch.

> Weird indentation in the clauses.

Is this any better?

#define TB_FOR_EACH_TAGGED(head, tb, n, field)  \
for (n = (head) & 1, tb = (TranslationBlock *)((head) & ~1);\
 tb; tb = (TranslationBlock *)tb->field[n], n = (uintptr_t)tb & 1, \
 tb = (TranslationBlock *)((uintptr_t)tb & ~1))

> Otherwise,
> Reviewed-by: Richard Henderson 

Thanks,

Emilio

[Qemu-devel] [PATCH v2 3/5] hw/gpio: Add the xlnx-pmu-iomod-gpo device

2018-02-28 Thread Alistair Francis 
Signed-off-by: Alistair Francis 
---

 include/hw/gpio/xlnx-pmu-iomod-gp.h |  52 +
 hw/gpio/xlnx-pmu-iomod-gp.c | 150 
 hw/gpio/Makefile.objs   |   2 +
 3 files changed, 204 insertions(+)
 create mode 100644 include/hw/gpio/xlnx-pmu-iomod-gp.h
 create mode 100644 hw/gpio/xlnx-pmu-iomod-gp.c

diff --git a/include/hw/gpio/xlnx-pmu-iomod-gp.h 
b/include/hw/gpio/xlnx-pmu-iomod-gp.h
new file mode 100644
index 00..0ee162829b
--- /dev/null
+++ b/include/hw/gpio/xlnx-pmu-iomod-gp.h
@@ -0,0 +1,52 @@
+/*
+ * QEMU model of Xilinx I/O Module GPO
+ *
+ * Copyright (c) 2013 Xilinx Inc
+ * Written by Edgar E. Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_XLNX_ZYNQMP_IOMOD_GPIO_H
+#define HW_XLNX_ZYNQMP_IOMOD_GPIO_H
+
+#include "qemu/osdep.h"
+
+#define TYPE_XLNX_ZYNQMP_IOMOD_GPIO "xlnx.pmu_iomodule_gpio"
+
+#define XLNX_ZYNQMP_IOMOD_GPIO(obj) \
+ OBJECT_CHECK(XlnxPMUIOGPIO, (obj), TYPE_XLNX_ZYNQMP_IOMOD_GPIO)
+
+#define XLNX_ZYNQMP_IOMOD_GPIO_R_MAX (0x00 + 1)
+
+typedef struct XlnxPMUIOGPIO {
+SysBusDevice parent_obj;
+MemoryRegion iomem;
+
+uint32_t size;
+
+/* GPO */
+uint32_t init;
+qemu_irq outputs[32];
+
+uint32_t regs[XLNX_ZYNQMP_IOMOD_GPIO_R_MAX];
+RegisterInfo regs_info[XLNX_ZYNQMP_IOMOD_GPIO_R_MAX];
+} XlnxPMUIOGPIO;
+
+#endif /* HW_XLNX_ZYNQMP_IOMOD_GPIO_H */
diff --git a/hw/gpio/xlnx-pmu-iomod-gp.c b/hw/gpio/xlnx-pmu-iomod-gp.c
new file mode 100644
index 00..0e45a89b44
--- /dev/null
+++ b/hw/gpio/xlnx-pmu-iomod-gp.c
@@ -0,0 +1,150 @@
+/*
+ * QEMU model of Xilinx I/O Module GPO
+ *
+ * Copyright (c) 2013 Xilinx Inc
+ * Written by Edgar E. Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/register.h"
+#include "qemu/log.h"
+#include "hw/gpio/xlnx-pmu-iomod-gp.h"
+
+#ifndef XLNX_ZYNQMP_IOMOD_GPIO_DEBUG
+#define XLNX_ZYNQMP_IOMOD_GPIO_DEBUG 0
+#endif
+
+REG32(GPO0, 0x00)
+
+static void xlnx_iomod_gpio_gpo0_prew(RegisterInfo *reg, uint64_t value)
+{
+XlnxPMUIOGPIO *s = XLNX_ZYNQMP_IOMOD_GPIO(reg->opaque);
+unsigned int i;
+
+for (i = 0; i < s->size; i++) {
+bool flag = !!(value & (1 << i));
+qemu_set_irq(s->outputs[i], flag);
+}
+}
+
+static uint64_t xlnx_iomod_gpio_gpo0_postr(RegisterInfo *reg, uint64_t value)
+{
+return 0;
+}
+
+static const RegisterAccessInfo xlnx_iomod_gpio_regs_info[] = {
+{   .name = "GPO0",  .addr = A_GPO0,
+.post_write = xlnx_iomod_gpio_gpo0_prew,
+.post_read = xlnx_iomod_gpio_gpo0_postr,
+}
+};
+
+static void xlnx_iomod_gpio_reset(DeviceState *dev)
+{
+XlnxPMUIOGPIO *s = XLNX_ZYNQMP_IOMOD_GPIO(dev);
+int i;
+
+for (i = 0; i < ARRAY_SIZE(s->regs_info); ++i) {

[Qemu-devel] [PATCH v2 4/5] hw/gpio: Add support for the xlnx-pmu-iomod-gpi device

2018-02-28 Thread Alistair Francis 
Add support for setting the device and either input or output.

Signed-off-by: Alistair Francis 
---

 include/hw/gpio/xlnx-pmu-iomod-gp.h |  7 -
 hw/gpio/xlnx-pmu-iomod-gp.c | 55 -
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/include/hw/gpio/xlnx-pmu-iomod-gp.h 
b/include/hw/gpio/xlnx-pmu-iomod-gp.h
index 0ee162829b..d682693742 100644
--- a/include/hw/gpio/xlnx-pmu-iomod-gp.h
+++ b/include/hw/gpio/xlnx-pmu-iomod-gp.h
@@ -33,18 +33,23 @@
 #define XLNX_ZYNQMP_IOMOD_GPIO(obj) \
  OBJECT_CHECK(XlnxPMUIOGPIO, (obj), TYPE_XLNX_ZYNQMP_IOMOD_GPIO)
 
-#define XLNX_ZYNQMP_IOMOD_GPIO_R_MAX (0x00 + 1)
+#define XLNX_ZYNQMP_IOMOD_GPIO_R_MAX (0x20 + 1)
 
 typedef struct XlnxPMUIOGPIO {
 SysBusDevice parent_obj;
 MemoryRegion iomem;
 
+bool input;
 uint32_t size;
 
 /* GPO */
 uint32_t init;
 qemu_irq outputs[32];
 
+/* GPI */
+uint32_t ien;
+qemu_irq parent_irq;
+
 uint32_t regs[XLNX_ZYNQMP_IOMOD_GPIO_R_MAX];
 RegisterInfo regs_info[XLNX_ZYNQMP_IOMOD_GPIO_R_MAX];
 } XlnxPMUIOGPIO;
diff --git a/hw/gpio/xlnx-pmu-iomod-gp.c b/hw/gpio/xlnx-pmu-iomod-gp.c
index 0e45a89b44..467d844ae0 100644
--- a/hw/gpio/xlnx-pmu-iomod-gp.c
+++ b/hw/gpio/xlnx-pmu-iomod-gp.c
@@ -1,5 +1,5 @@
 /*
- * QEMU model of Xilinx I/O Module GPO
+ * QEMU model of Xilinx I/O Module GPO and GPI
  *
  * Copyright (c) 2013 Xilinx Inc
  * Written by Edgar E. Iglesias 
@@ -34,12 +34,17 @@
 #endif
 
 REG32(GPO0, 0x00)
+REG32(GPI0, 0x20)
 
 static void xlnx_iomod_gpio_gpo0_prew(RegisterInfo *reg, uint64_t value)
 {
 XlnxPMUIOGPIO *s = XLNX_ZYNQMP_IOMOD_GPIO(reg->opaque);
 unsigned int i;
 
+if (s->input) {
+return;
+}
+
 for (i = 0; i < s->size; i++) {
 bool flag = !!(value & (1 << i));
 qemu_set_irq(s->outputs[i], flag);
@@ -51,10 +56,50 @@ static uint64_t xlnx_iomod_gpio_gpo0_postr(RegisterInfo 
*reg, uint64_t value)
 return 0;
 }
 
+static void xlnx_iomod_gpio_irq_handler(void *opaque, int irq, int level)
+{
+XlnxPMUIOGPIO *s = XLNX_ZYNQMP_IOMOD_GPIO(opaque);
+uint32_t old = s->regs[R_GPI0];
+
+if (!s->input) {
+return;
+}
+
+/* If enable is set for @irq pin, update @irq pin in GPI and
+ * trigger interrupt if transition is 0 -> 1.
+ */
+if (s->ien & (1 << irq)) {
+s->regs[R_GPI0] &= ~(1 << irq);
+s->regs[R_GPI0] |= level << irq;
+/* On input pin transition 0->1 trigger interrupt. */
+if ((old != s->regs[R_GPI0]) && level) {
+qemu_irq_pulse(s->parent_irq);
+}
+}
+}
+
+/* Called when someone writes into LOCAL GPIx_ENABLE */
+static void xlnx_iomod_gpio_ien_handler(void *opaque, int n, int level)
+{
+XlnxPMUIOGPIO *s = XLNX_ZYNQMP_IOMOD_GPIO(opaque);
+
+if (!s->input) {
+return;
+}
+
+s->ien = level;
+
+/* Clear all GPIs that got disabled */
+s->regs[R_GPI0] &= s->ien;
+}
+
 static const RegisterAccessInfo xlnx_iomod_gpio_regs_info[] = {
 {   .name = "GPO0",  .addr = A_GPO0,
 .post_write = xlnx_iomod_gpio_gpo0_prew,
 .post_read = xlnx_iomod_gpio_gpo0_postr,
+},{ .name = "GPI0",  .addr = A_GPI0,
+.rsvd = 0x300030,
+.ro = 0xffcfffcf,
 }
 };
 
@@ -68,6 +113,9 @@ static void xlnx_iomod_gpio_reset(DeviceState *dev)
 }
 
 xlnx_iomod_gpio_gpo0_prew(>regs_info[R_GPO0], s->init);
+
+/* Disable all interrupts initially. */
+s->ien = 0;
 }
 
 static const MemoryRegionOps xlnx_iomod_gpio_ops = {
@@ -86,6 +134,9 @@ static void xlnx_iomod_gpio_realize(DeviceState *dev, Error 
**errp)
 
 assert(s->size <= 32);
 qdev_init_gpio_out(dev, s->outputs, s->size);
+
+qdev_init_gpio_in_named(dev, xlnx_iomod_gpio_irq_handler, "GPI", 32);
+qdev_init_gpio_in_named(dev, xlnx_iomod_gpio_ien_handler, "IEN", 32);
 }
 
 static void xlnx_iomod_gpio_init(Object *obj)
@@ -107,6 +158,7 @@ static void xlnx_iomod_gpio_init(Object *obj)
 0x0,
 _array->mem);
 sysbus_init_mmio(sbd, >iomem);
+sysbus_init_irq(sbd, >parent_irq);
 }
 
 static const VMStateDescription vmstate_xlnx_iomod_gpio = {
@@ -119,6 +171,7 @@ static const VMStateDescription vmstate_xlnx_iomod_gpio = {
 };
 
 static Property xlnx_iomod_gpio_properties[] = {
+DEFINE_PROP_BOOL("input", XlnxPMUIOGPIO, input, false),
 DEFINE_PROP_UINT32("size", XlnxPMUIOGPIO, size, 0),
 DEFINE_PROP_UINT32("gpo-init", XlnxPMUIOGPIO, init, 0),
 DEFINE_PROP_END_OF_LIST(),
-- 
2.14.1

[Qemu-devel] [PATCH v2 0/5] Add and connect the PMU IOModule devices

2018-02-28 Thread Alistair Francis 
V2:
 - Add the GPO and GPI devices as well


Alistair Francis (5):
  timer: Initial commit of xlnx-pmu-iomod-pit device
  xlnx-zynqmp-pmu: Connect the PMU IOMOD PIT devices
  hw/gpio: Add the xlnx-pmu-iomod-gpo device
  hw/gpio: Add support for the xlnx-pmu-iomod-gpi device
  xlnx-zynqmp-pmu: Connect the IOMOD GPI/GPO devices

 include/hw/gpio/xlnx-pmu-iomod-gp.h   |  57 
 include/hw/timer/xlnx-pmu-iomod-pit.h |  58 
 hw/gpio/xlnx-pmu-iomod-gp.c   | 203 
 hw/microblaze/xlnx-zynqmp-pmu.c   | 108 +++
 hw/timer/xlnx-pmu-iomod-pit.c | 241 ++
 hw/gpio/Makefile.objs |   2 +
 hw/timer/Makefile.objs|   2 +
 7 files changed, 671 insertions(+)
 create mode 100644 include/hw/gpio/xlnx-pmu-iomod-gp.h
 create mode 100644 include/hw/timer/xlnx-pmu-iomod-pit.h
 create mode 100644 hw/gpio/xlnx-pmu-iomod-gp.c
 create mode 100644 hw/timer/xlnx-pmu-iomod-pit.c

-- 
2.14.1

[Qemu-devel] [PATCH v2 5/5] xlnx-zynqmp-pmu: Connect the IOMOD GPI/GPO devices

2018-02-28 Thread Alistair Francis 
Signed-off-by: Alistair Francis 
---

 hw/microblaze/xlnx-zynqmp-pmu.c | 77 +++--
 1 file changed, 75 insertions(+), 2 deletions(-)

diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c
index 35a2314ffb..fa5f0bfcf1 100644
--- a/hw/microblaze/xlnx-zynqmp-pmu.c
+++ b/hw/microblaze/xlnx-zynqmp-pmu.c
@@ -27,6 +27,7 @@
 #include "hw/intc/xlnx-zynqmp-ipi.h"
 #include "hw/intc/xlnx-pmu-iomod-intc.h"
 #include "hw/timer/xlnx-pmu-iomod-pit.h"
+#include "hw/gpio/xlnx-pmu-iomod-gp.h"
 
 /* Define the PMU device */
 
@@ -43,6 +44,9 @@
 #define XLNX_ZYNQMP_PMU_NUM_IPIS4
 #define XLNX_ZYNQMP_PMU_NUM_PITS4
 
+#define XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS4
+#define XLNX_ZYNQMP_PMU_NUM_IOMOD_GPOS4
+
 static const uint64_t ipi_addr[XLNX_ZYNQMP_PMU_NUM_IPIS] = {
 0xFF34, 0xFF35, 0xFF36, 0xFF37,
 };
@@ -57,6 +61,17 @@ static const uint64_t pit_irq[XLNX_ZYNQMP_PMU_NUM_PITS] = {
 3, 4, 5, 6,
 };
 
+static const uint64_t iomod_gpi_addr[XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS] = {
+0xFFD40020, 0xFFD40024, 0xFFD40028, 0xFFD4002C,
+};
+static const uint64_t iomod_gpi_irq[XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS] = {
+11, 12, 13, 14,
+};
+
+static const uint64_t iomod_gpo_addr[XLNX_ZYNQMP_PMU_NUM_IOMOD_GPOS] = {
+0xFFD40010, 0xFFD40014, 0xFFD40018, 0xFFD4001C,
+};
+
 typedef struct XlnxZynqMPPMUSoCState {
 /*< private >*/
 DeviceState parent_obj;
@@ -156,6 +171,8 @@ static void xlnx_zynqmp_pmu_init(MachineState *machine)
 MemoryRegion *pmu_rom = g_new(MemoryRegion, 1);
 MemoryRegion *pmu_ram = g_new(MemoryRegion, 1);
 XlnxZynqMPIPI *ipi[XLNX_ZYNQMP_PMU_NUM_IPIS];
+XlnxPMUIOGPIO *iomod_gpi[XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS];
+XlnxPMUIOGPIO *iomod_gpo[XLNX_ZYNQMP_PMU_NUM_IOMOD_GPOS];
 XlnxPMUPIT *pit[XLNX_ZYNQMP_PMU_NUM_PITS];
 qemu_irq irq[32];
 qemu_irq tmp_irq;
@@ -197,10 +214,60 @@ static void xlnx_zynqmp_pmu_init(MachineState *machine)
 sysbus_connect_irq(SYS_BUS_DEVICE(ipi[i]), 0, irq[ipi_irq[i]]);
 }
 
+/* Create and connect the IOMOD GPI device */
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS; i++) {
+iomod_gpi[i] = g_new0(XlnxPMUIOGPIO, 1);
+object_initialize(iomod_gpi[i], sizeof(XlnxPMUIOGPIO),
+  TYPE_XLNX_ZYNQMP_IOMOD_GPIO);
+qdev_set_parent_bus(DEVICE(iomod_gpi[i]), sysbus_get_default());
+}
+
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IOMOD_GPIS; i++) {
+object_property_set_bool(OBJECT(iomod_gpi[i]), true, "input",
+ _abort);
+object_property_set_uint(OBJECT(iomod_gpi[i]), 0x20, "size",
+ _abort);
+object_property_set_bool(OBJECT(iomod_gpi[i]), true, "realized",
+ _abort);
+sysbus_mmio_map(SYS_BUS_DEVICE(iomod_gpi[i]), 0, iomod_gpi_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(iomod_gpi[i]), 0,
+   irq[iomod_gpi_irq[i]]);
+/* The other GPIO lines connect to the ARM side of the SoC. When we
+ * have a way to model MicroBlaze QEMU and ARM QEMU together we can
+ * connect the GPIO lines.
+ */
+}
+
+/* Create and connect the IOMOD GPO device */
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IOMOD_GPOS; i++) {
+iomod_gpo[i] = g_new0(XlnxPMUIOGPIO, 1);
+object_initialize(iomod_gpo[i], sizeof(XlnxPMUIOGPIO),
+  TYPE_XLNX_ZYNQMP_IOMOD_GPIO);
+qdev_set_parent_bus(DEVICE(iomod_gpo[i]), sysbus_get_default());
+}
+
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_IOMOD_GPOS; i++) {
+object_property_set_bool(OBJECT(iomod_gpo[i]), false, "input",
+ _abort);
+if (i) {
+object_property_set_uint(OBJECT(iomod_gpo[i]), 0x20, "size",
+ _abort);
+} else {
+object_property_set_uint(OBJECT(iomod_gpo[i]), 0x09, "size",
+ _abort);
+}
+object_property_set_uint(OBJECT(iomod_gpo[i]), 0x00, "gpo-init",
+ _abort);
+object_property_set_bool(OBJECT(iomod_gpo[i]), true, "realized",
+ _abort);
+sysbus_mmio_map(SYS_BUS_DEVICE(iomod_gpo[i]), 0, iomod_gpo_addr[i]);
+}
+
 /* Create and connect the IOMOD PIT devices */
 for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_PITS; i++) {
 pit[i] = g_new0(XlnxPMUPIT, 1);
-object_initialize(pit[i], sizeof(XlnxPMUPIT), 
TYPE_XLNX_ZYNQMP_IOMODULE_PIT);
+object_initialize(pit[i], sizeof(XlnxPMUPIT),
+  TYPE_XLNX_ZYNQMP_IOMODULE_PIT);
 qdev_set_parent_bus(DEVICE(pit[i]), sysbus_get_default());
 }
 
@@ -219,7 +286,13 @@ static void xlnx_zynqmp_pmu_init(MachineState *machine)
 tmp_irq = qdev_get_gpio_in_named(DEVICE(pit[2]), "ps_hit_in", 0);

[Qemu-devel] [PATCH v2 2/5] xlnx-zynqmp-pmu: Connect the PMU IOMOD PIT devices

2018-02-28 Thread Alistair Francis 
Signed-off-by: Alistair Francis 
---

 hw/microblaze/xlnx-zynqmp-pmu.c | 35 +++
 1 file changed, 35 insertions(+)

diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c
index 999a5657cf..35a2314ffb 100644
--- a/hw/microblaze/xlnx-zynqmp-pmu.c
+++ b/hw/microblaze/xlnx-zynqmp-pmu.c
@@ -26,6 +26,7 @@
 
 #include "hw/intc/xlnx-zynqmp-ipi.h"
 #include "hw/intc/xlnx-pmu-iomod-intc.h"
+#include "hw/timer/xlnx-pmu-iomod-pit.h"
 
 /* Define the PMU device */
 
@@ -40,6 +41,7 @@
 #define XLNX_ZYNQMP_PMU_INTC_ADDR   0xFFD4
 
 #define XLNX_ZYNQMP_PMU_NUM_IPIS4
+#define XLNX_ZYNQMP_PMU_NUM_PITS4
 
 static const uint64_t ipi_addr[XLNX_ZYNQMP_PMU_NUM_IPIS] = {
 0xFF34, 0xFF35, 0xFF36, 0xFF37,
@@ -48,6 +50,13 @@ static const uint64_t ipi_irq[XLNX_ZYNQMP_PMU_NUM_IPIS] = {
 19, 20, 21, 22,
 };
 
+static const uint64_t pit_addr[XLNX_ZYNQMP_PMU_NUM_PITS] = {
+0xFFD40040, 0xFFD40050, 0xFFD40060, 0xFFD40070,
+};
+static const uint64_t pit_irq[XLNX_ZYNQMP_PMU_NUM_PITS] = {
+3, 4, 5, 6,
+};
+
 typedef struct XlnxZynqMPPMUSoCState {
 /*< private >*/
 DeviceState parent_obj;
@@ -147,7 +156,9 @@ static void xlnx_zynqmp_pmu_init(MachineState *machine)
 MemoryRegion *pmu_rom = g_new(MemoryRegion, 1);
 MemoryRegion *pmu_ram = g_new(MemoryRegion, 1);
 XlnxZynqMPIPI *ipi[XLNX_ZYNQMP_PMU_NUM_IPIS];
+XlnxPMUPIT *pit[XLNX_ZYNQMP_PMU_NUM_PITS];
 qemu_irq irq[32];
+qemu_irq tmp_irq;
 int i;
 
 /* Create the ROM */
@@ -186,6 +197,30 @@ static void xlnx_zynqmp_pmu_init(MachineState *machine)
 sysbus_connect_irq(SYS_BUS_DEVICE(ipi[i]), 0, irq[ipi_irq[i]]);
 }
 
+/* Create and connect the IOMOD PIT devices */
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_PITS; i++) {
+pit[i] = g_new0(XlnxPMUPIT, 1);
+object_initialize(pit[i], sizeof(XlnxPMUPIT), 
TYPE_XLNX_ZYNQMP_IOMODULE_PIT);
+qdev_set_parent_bus(DEVICE(pit[i]), sysbus_get_default());
+}
+
+for (i = 0; i < XLNX_ZYNQMP_PMU_NUM_PITS; i++) {
+object_property_set_bool(OBJECT(pit[i]), true, "realized",
+ _abort);
+sysbus_mmio_map(SYS_BUS_DEVICE(pit[i]), 0, pit_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(pit[i]), 0, irq[pit_irq[i]]);
+}
+
+/* PIT1 hits into PIT0 */
+tmp_irq = qdev_get_gpio_in_named(DEVICE(pit[0]), "ps_hit_in", 0);
+qdev_connect_gpio_out_named(DEVICE(pit[1]), "ps_hit_out", 0, tmp_irq);
+
+/* PIT3 hits into PIT2 */
+tmp_irq = qdev_get_gpio_in_named(DEVICE(pit[2]), "ps_hit_in", 0);
+qdev_connect_gpio_out_named(DEVICE(pit[3]), "ps_hit_out", 0, tmp_irq);
+
+/* TODO: PIT0 and PIT2 "ps_config" GPIO goes to The GPO1 device. */
+
 /* Load the kernel */
 microblaze_load_kernel(>cpu, XLNX_ZYNQMP_PMU_RAM_ADDR,
machine->ram_size,
-- 
2.14.1

[Qemu-devel] [PATCH v2 1/5] timer: Initial commit of xlnx-pmu-iomod-pit device

2018-02-28 Thread Alistair Francis 
Signed-off-by: Alistair Francis 
---
V2:
 - Use UINT32_MAX and uint64_t in xlnx_iomod_pit_ctr_pr()
 - Name frequency varaible frequency_hz
 - Shorten R_MAX #define

 include/hw/timer/xlnx-pmu-iomod-pit.h |  58 
 hw/timer/xlnx-pmu-iomod-pit.c | 241 ++
 hw/timer/Makefile.objs|   2 +
 3 files changed, 301 insertions(+)
 create mode 100644 include/hw/timer/xlnx-pmu-iomod-pit.h
 create mode 100644 hw/timer/xlnx-pmu-iomod-pit.c

diff --git a/include/hw/timer/xlnx-pmu-iomod-pit.h 
b/include/hw/timer/xlnx-pmu-iomod-pit.h
new file mode 100644
index 00..75cac6bedd
--- /dev/null
+++ b/include/hw/timer/xlnx-pmu-iomod-pit.h
@@ -0,0 +1,58 @@
+/*
+ * QEMU model of Xilinx I/O Module PIT
+ *
+ * Copyright (c) 2013 Xilinx Inc
+ * Written by Edgar E. Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ptimer.h"
+
+#define TYPE_XLNX_ZYNQMP_IOMODULE_PIT "xlnx.pmu_iomodule_pit"
+
+#define XLNX_ZYNQMP_IOMODULE_PIT(obj) \
+ OBJECT_CHECK(XlnxPMUPIT, (obj), TYPE_XLNX_ZYNQMP_IOMODULE_PIT)
+
+#define XLNX_ZYNQMP_IOMOD_PIT_R_MAX (0x08 + 1)
+
+typedef struct XlnxPMUPIT {
+SysBusDevice parent_obj;
+MemoryRegion iomem;
+
+QEMUBH *bh;
+ptimer_state *ptimer;
+
+qemu_irq irq;
+/* IRQ to pulse out when present timer hits zero */
+qemu_irq hit_out;
+
+/* Counter in Pre-Scalar(ps) Mode */
+uint32_t ps_counter;
+/* ps_mode irq-in to enable/disable pre-scalar */
+bool ps_enable;
+/* State var to remember hit_in level */
+bool ps_level;
+
+uint32_t frequency_hz;
+
+uint32_t regs[XLNX_ZYNQMP_IOMOD_PIT_R_MAX];
+RegisterInfo regs_info[XLNX_ZYNQMP_IOMOD_PIT_R_MAX];
+} XlnxPMUPIT;
diff --git a/hw/timer/xlnx-pmu-iomod-pit.c b/hw/timer/xlnx-pmu-iomod-pit.c
new file mode 100644
index 00..a6bdc5211d
--- /dev/null
+++ b/hw/timer/xlnx-pmu-iomod-pit.c
@@ -0,0 +1,241 @@
+/*
+ * QEMU model of Xilinx I/O Module PIT
+ *
+ * Copyright (c) 2013 Xilinx Inc
+ * Written by Edgar E. Iglesias 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+#include "hw/register.h"
+#include "qemu/main-loop.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "hw/timer/xlnx-pmu-iomod-pit.h"
+
+#ifndef XLNX_ZYNQMP_IOMODULE_PIT_ERR_DEBUG
+#define XLNX_ZYNQMP_IOMODULE_PIT_ERR_DEBUG 0
+#endif
+
+REG32(PIT_PRELOAD, 0x00)
+REG32(PIT_COUNTER, 0x04)
+REG32(PIT_CONTROL, 0x08)
+FIELD(PIT_CONTROL, PRELOAD, 1, 1)
+FIELD(PIT_CONTROL, EN, 0, 1)
+
+static uint64_t xlnx_iomod_pit_ctr_pr(RegisterInfo *reg, uint64_t val)
+{
+XlnxPMUPIT *s = XLNX_ZYNQMP_IOMODULE_PIT(reg->opaque);
+uint64_t ret;
+
+if (s->ps_enable) {
+ret = s->ps_counter;
+} else {
+

Re: [Qemu-devel] [PATCH v2 00/11] linux-user support for target/xtensa

2018-02-28 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180228221609.11265-1-jcmvb...@gmail.com
Subject: [Qemu-devel] [PATCH v2 00/11] linux-user support for target/xtensa

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1519709965-29833-1-git-send-email-c...@braap.org -> 
patchew/1519709965-29833-1-git-send-email-c...@braap.org
 * [new tag]   patchew/20180228221609.11265-1-jcmvb...@gmail.com -> 
patchew/20180228221609.11265-1-jcmvb...@gmail.com
Switched to a new branch 'test'
dcccaafe47 MAINTAINERS: fix W: address for xtensa
e98bb39328 qemu-binfmt-conf.sh: add qemu-xtensa
c76d7fa337 target/xtensa: add linux-user support
623d335530 linux-user: drop unused target_msync function
a482435763 linux-user: fix target_mprotect/target_munmap error return values
1a5815f993 linux-user: fix assertion in shmdt
c126572faf linux-user: fix mmap/munmap/mprotect/mremap/shmat
6394f2caff target/xtensa: support MTTCG
bd2fa3e12c target/xtensa: use correct number of registers in gdbstub
7c57593be6 target/xtensa: mark register windows in the dump
2443667b5c target/xtensa: dump correct physical registers

=== OUTPUT BEGIN ===
Checking PATCH 1/11: target/xtensa: dump correct physical registers...
Checking PATCH 2/11: target/xtensa: mark register windows in the dump...
Checking PATCH 3/11: target/xtensa: use correct number of registers in 
gdbstub...
Checking PATCH 4/11: target/xtensa: support MTTCG...
Checking PATCH 5/11: linux-user: fix mmap/munmap/mprotect/mremap/shmat...
Checking PATCH 6/11: linux-user: fix assertion in shmdt...
Checking PATCH 7/11: linux-user: fix target_mprotect/target_munmap error return 
values...
Checking PATCH 8/11: linux-user: drop unused target_msync function...
Checking PATCH 9/11: target/xtensa: add linux-user support...
ERROR: code indent should never use tabs
#677: FILE: linux-user/syscall_defs.h:1396:
+#define TARGET_MAP_FIXED^I0x10^I^I/* Interpret addr exactly */$

ERROR: code indent should never use tabs
#678: FILE: linux-user/syscall_defs.h:1397:
+#define TARGET_MAP_ANONYMOUS^I0x0800^I^I/* don't use a file */$

ERROR: code indent should never use tabs
#679: FILE: linux-user/syscall_defs.h:1398:
+#define TARGET_MAP_GROWSDOWN^I0x1000^I^I/* stack-like segment */$

ERROR: code indent should never use tabs
#680: FILE: linux-user/syscall_defs.h:1399:
+#define TARGET_MAP_DENYWRITE^I0x2000^I^I/* ETXTBSY */$

ERROR: code indent should never use tabs
#681: FILE: linux-user/syscall_defs.h:1400:
+#define TARGET_MAP_EXECUTABLE^I0x4000^I^I/* mark it as an executable */$

ERROR: code indent should never use tabs
#682: FILE: linux-user/syscall_defs.h:1401:
+#define TARGET_MAP_LOCKED^I0x8000^I^I/* pages are locked */$

WARNING: line over 80 characters
#683: FILE: linux-user/syscall_defs.h:1402:
+#define TARGET_MAP_NORESERVE   0x0400  /* don't check for reservations 
*/

ERROR: code indent should never use tabs
#683: FILE: linux-user/syscall_defs.h:1402:
+#define TARGET_MAP_NORESERVE^I0x0400^I^I/* don't check for reservations */$

WARNING: line over 80 characters
#684: FILE: linux-user/syscall_defs.h:1403:
+#define TARGET_MAP_POPULATE0x1 /* populate (prefault) 
pagetables */

ERROR: code indent should never use tabs
#684: FILE: linux-user/syscall_defs.h:1403:
+#define TARGET_MAP_POPULATE^I0x1^I^I/* populate (prefault) pagetables */$

ERROR: code indent should never use tabs
#685: FILE: linux-user/syscall_defs.h:1404:
+#define TARGET_MAP_NONBLOCK^I0x2^I^I/* do not block on IO */$

ERROR: code indent should never use tabs
#686: FILE: linux-user/syscall_defs.h:1405:
+#define TARGET_MAP_STACK^I0x4$

WARNING: line over 80 characters
#848: FILE: linux-user/xtensa/syscall_nr.h:87:
+#define TARGET_NR_utime   64 /* glibc 2.3.3 ?? 
*/

WARNING: line over 80 characters
#950: FILE: linux-user/xtensa/syscall_nr.h:189:
+#define TARGET_NR_reserved152152 /* 
set_thread_area */

WARNING: line over 80 characters
#951: FILE: linux-user/xtensa/syscall_nr.h:190:
+#define TARGET_NR_reserved153153 /* 
get_thread_area */

WARNING: line over 80 characters
#1669: FILE: linux-user/xtensa/termbits.h:292:
+#define TARGET_TCSBRKP _IOW('T', 37, int)   /* Needed for POSIX 
tcsendbreak()*/

ERROR: line over 90 characters

Re: [Qemu-devel] [PATCH 07/16] translate-all: remove hole in PageDesc

2018-02-28 Thread Richard Henderson 
On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> Groundwork for supporting parallel TCG generation.
> 
> Move the hole to the end of the struct, so that a u32
> field can be added there without bloating the struct.
> 
> Signed-off-by: Emilio G. Cota 
> ---
>  accel/tcg/translate-all.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 08/16] translate-all: work page-by-page in tb_invalidate_phys_range_1

2018-02-28 Thread Richard Henderson 
On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> So that we pass a same-page range to tb_invalidate_phys_page_range,
> instead of always passing an end address that could be on a different
> page.
> 
> As discussed with Peter Maydell on the list [1], tb_invalidate_phys_page_range
> doesn't actually do much with 'end', which explains why we have never
> hit a bug despite going against what the comment on top of
> tb_invalidate_phys_page_range requires:
> 
>> * Invalidate all TBs which intersect with the target physical address range
>> * [start;end[. NOTE: start and end must refer to the *same* physical page.
> The appended honours the comment, which avoids confusion.
> 
> While at it, rework the loop into a for loop, which is less error prone
> (e.g. "continue" won't result in an infinite loop).
> 
> [1] https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg09165.html
> 
> Signed-off-by: Emilio G. Cota 
> ---

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 09/16] translate-all: move tb_invalidate_phys_page_range up in the file

2018-02-28 Thread Richard Henderson 
On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> This greatly simplifies next commit's diff.
> 
> Signed-off-by: Emilio G. Cota 
> ---
>  accel/tcg/translate-all.c | 77 
> ---
>  1 file changed, 39 insertions(+), 38 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [patches] Re: [PULL] RISC-V QEMU Port Submission

2018-02-28 Thread Emilio G. Cota 
On Wed, Feb 28, 2018 at 13:09:11 +1300, Michael Clark wrote:
> BTW somewhat coincidentally, the binary translator I wrote; RV8, which is
> practicaly twice as fast as QEMU only supports privileged ISA v1.9.1 and I
> personally want to keep binary compatiblity with it.
(snip)
> - https://rv8.io/
> - https://rv8.io/bench
> - https://anarch128.org/~mclark/rv8-carrv.pdf
> - https://anarch128.org/~mclark/rv8-slides.pdf

What QEMU versions did you use for those comparisons? I wonder if
the recent indirect branch handling improvements were included in those
(this work was merged in 2.10 for aarch64). Also, 2.7 is quite a bit
faster than previous versions for user-mode due to the use of QHT,
although you probably used a later version.

BTW after the merge you might want to look into optimizing indirect
branches (and cross-page direct jumps in softmmu) for riscv in qemu.
See examples with
$ git log -Stcg_gen_lookup_and_goto_ptr

Cheers,

Emilio

[Qemu-devel] [PATCH v2 11/11] MAINTAINERS: fix W: address for xtensa

2018-02-28 Thread Max Filippov 
Signed-off-by: Max Filippov 
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index a334a25e5df0..33c4ef0935dc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -279,7 +279,7 @@ T: git git://github.com/ehabkost/qemu.git x86-next
 
 Xtensa
 M: Max Filippov 
-W: http://wiki.osll.spb.ru/doku.php?id=etc:users:jcmvbkbc:qemu-target-xtensa
+W: http://wiki.osll.ru/doku.php?id=etc:users:jcmvbkbc:qemu-target-xtensa
 S: Maintained
 F: target/xtensa/
 F: hw/xtensa/
-- 
2.11.0

Re: [Qemu-devel] [PATCH v2 3/5] target/i386: Add support for CPUID_8000_001E for AMD

2018-02-28 Thread Moger, Babu 

> -Original Message-
> From: Radim Krčmář [mailto:rkrc...@redhat.com]
> Sent: Wednesday, February 28, 2018 12:24 PM
> To: Moger, Babu 
> Cc: pbonz...@redhat.com; r...@twiddle.net; ehabk...@redhat.com;
> mtosa...@redhat.com; qemu-devel@nongnu.org; k...@vger.kernel.org;
> p...@polepetko.eu; Hook, Gary 
> Subject: Re: [PATCH v2 3/5] target/i386: Add support for CPUID_8000_001E
> for AMD
> 
> 2018-02-23 21:30-0500, Babu Moger:
> > From: Stanislav Lanci 
> >
> > Populate threads/core_id/apic_ids/socket_id when CPUID_EXT3_TOPOEXT
> > feature is supported. This is required to support hyperthreading
> > feature on AMD CPUS. These are supported via CPUID_8000_001E
> extended
> > functions.
> >
> > Signed-off-by: Stanislav Lanci 
> > Signed-off-by: Babu Moger 
> > ---
> >  target/i386/cpu.c | 8 
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> > index a5a480e..191e850 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -3666,6 +3666,14 @@ void cpu_x86_cpuid(CPUX86State *env,
> uint32_t index, uint32_t count,
> >  *edx = 0;
> >  }
> >  break;
> > +case 0x801E:
> > +if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) {
> > +*eax = cpu->apic_id;
> > +*ebx = (cs->nr_threads - 1) << 8 | cpu->core_id;
> 
> Do we somewhere assert that AMD cannot have cpu->core_id > 255?
> (qemu does allow weird configurations.)

I don't see specific assert on core_id.   But, I see that qemu does not allow 
nr_cores more than 255.
Also I see that core_id is iterated based on nr_cores.  If you strongly believe 
we need to add assert here, I will add it. 
Let me know.
 
> Thanks.
> 
> > +*ecx = cpu->socket_id;
> > +*edx = 0;
> > +}
> > +break;
> >  case 0xC000:
> >  *eax = env->cpuid_xlevel2;
> >  *ebx = 0;
> > --
> > 1.8.3.1
> >

[Qemu-devel] [PATCH v2 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat

2018-02-28 Thread Max Filippov 
In linux-user QEMU that runs for a target with TARGET_ABI_BITS bigger
than L1_MAP_ADDR_SPACE_BITS an assertion in page_set_flags fires when
mmap, munmap, mprotect, mremap or shmat is called for an address outside
the guest address space. mmap and mprotect should return ENOMEM in such
case.

Introduce macro guest_range_valid that verifies if address range is
within guest address space and does not wrap around. Use that macro in
mmap/munmap/mprotect/mremap/shmat for error checking.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 include/exec/cpu-all.h  |  2 +-
 include/exec/cpu_ldst.h | 12 +++-
 linux-user/mmap.c   | 20 +++-
 linux-user/syscall.c|  3 +++
 4 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 0b141683f095..12bd049997ac 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -160,7 +160,7 @@ extern int have_guest_base;
 extern unsigned long reserved_va;
 
 #define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
-(1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+(2ul << (TARGET_VIRT_ADDR_SPACE_BITS - 1)) - 1)
 #else
 
 #include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 191f2e962a3c..bbf6988bc725 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -53,14 +53,16 @@
 
 #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
 #define h2g_valid(x) 1
+#define guest_valid(x) 1
 #else
-#define h2g_valid(x) ({ \
-unsigned long __guest = (unsigned long)(x) - guest_base; \
-(__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
-(!reserved_va || (__guest < reserved_va)); \
-})
+#define h2g_valid(x) guest_valid((unsigned long)(x) - guest_base)
+#define guest_valid(x) ((x) <= GUEST_ADDR_MAX)
 #endif
 
+#define guest_range_valid(start, len) \
+({unsigned long l = (len); \
+ guest_valid(l) && (start) <= GUEST_ADDR_MAX - l; })
+
 #define h2g_nocheck(x) ({ \
 unsigned long __ret = (unsigned long)(x) - guest_base; \
 (abi_ulong)__ret; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 0fbfd6dff20d..df81f9b803b6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -80,8 +80,9 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 end = start + len;
-if (end < start)
-return -EINVAL;
+if (!guest_range_valid(start, len)) {
+return -ENOMEM;
+}
 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
 if (len == 0)
 return 0;
@@ -481,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
 * It can fail only on 64-bit host with 32-bit target.
 * On any other target/host host mmap() handles this error correctly.
 */
-if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
-errno = EINVAL;
+if (!guest_range_valid(start, len)) {
+errno = ENOMEM;
 goto fail;
 }
 
@@ -622,8 +623,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
 if (start & ~TARGET_PAGE_MASK)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
-if (len == 0)
+if (len == 0 || !guest_range_valid(start, len)) {
 return -EINVAL;
+}
+
 mmap_lock();
 end = start + len;
 real_start = start & qemu_host_page_mask;
@@ -678,6 +681,13 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 int prot;
 void *host_addr;
 
+if (!guest_range_valid(old_addr, old_size) ||
+((flags & MREMAP_FIXED) &&
+ !guest_range_valid(new_addr, new_size))) {
+errno = ENOMEM;
+return -1;
+}
+
 mmap_lock();
 
 if (flags & MREMAP_FIXED) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e24f43c4a259..79245e73784f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4900,6 +4900,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
 return -TARGET_EINVAL;
 }
 }
+if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) {
+return -TARGET_EINVAL;
+}
 
 mmap_lock();
 
-- 
2.11.0

[Qemu-devel] [PATCH v2 09/11] target/xtensa: add linux-user support

2018-02-28 Thread Max Filippov 
Import list of syscalls from the kernel source. Conditionalize code/data
that is only used with softmmu. Implement exception handlers. Implement
signal hander (only the core registers for now, no coprocessors or TIE).

Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
Changes v1->v2:
- add definition of TARGET_TIOCGPTPEER to linux-user/xtensa/termbits.h
- Cc linux-user maintainers

 default-configs/xtensa-linux-user.mak   |   1 +
 default-configs/xtensaeb-linux-user.mak |   1 +
 linux-user/elfload.c|  58 +
 linux-user/main.c   | 245 ++
 linux-user/signal.c | 257 ++-
 linux-user/syscall.c|   2 +
 linux-user/syscall_defs.h   |  65 -
 linux-user/xtensa/syscall.h |   0
 linux-user/xtensa/syscall_nr.h  | 437 
 linux-user/xtensa/target_cpu.h  |  22 ++
 linux-user/xtensa/target_elf.h  |  16 ++
 linux-user/xtensa/target_signal.h   |  28 ++
 linux-user/xtensa/target_structs.h  |  28 ++
 linux-user/xtensa/target_syscall.h  |  49 
 linux-user/xtensa/termbits.h| 328 
 target/xtensa/Makefile.objs |   3 +-
 target/xtensa/cpu.c |  26 +-
 target/xtensa/cpu.h |  56 ++--
 target/xtensa/helper.c  |  30 +++
 target/xtensa/helper.h  |   4 +
 target/xtensa/op_helper.c   |  50 +++-
 target/xtensa/translate.c   |  43 +++-
 22 files changed, 1705 insertions(+), 44 deletions(-)
 create mode 100644 default-configs/xtensa-linux-user.mak
 create mode 100644 default-configs/xtensaeb-linux-user.mak
 create mode 100644 linux-user/xtensa/syscall.h
 create mode 100644 linux-user/xtensa/syscall_nr.h
 create mode 100644 linux-user/xtensa/target_cpu.h
 create mode 100644 linux-user/xtensa/target_elf.h
 create mode 100644 linux-user/xtensa/target_signal.h
 create mode 100644 linux-user/xtensa/target_structs.h
 create mode 100644 linux-user/xtensa/target_syscall.h
 create mode 100644 linux-user/xtensa/termbits.h

diff --git a/default-configs/xtensa-linux-user.mak 
b/default-configs/xtensa-linux-user.mak
new file mode 100644
index ..fd1d350ee944
--- /dev/null
+++ b/default-configs/xtensa-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for xtensa-linux-user
diff --git a/default-configs/xtensaeb-linux-user.mak 
b/default-configs/xtensaeb-linux-user.mak
new file mode 100644
index ..fd1d350ee944
--- /dev/null
+++ b/default-configs/xtensaeb-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for xtensa-linux-user
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 0208022445f0..7815311aaadc 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1315,6 +1315,64 @@ static inline void init_thread(struct target_pt_regs 
*regs,
 
 #endif /* TARGET_HPPA */
 
+#ifdef TARGET_XTENSA
+
+#define ELF_START_MMAP 0x2000
+
+#define ELF_CLASS   ELFCLASS32
+#define ELF_ARCHEM_XTENSA
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->windowbase = 0;
+regs->windowstart = 1;
+regs->areg[1] = infop->start_stack;
+regs->pc = infop->entry;
+}
+
+/* See linux kernel: arch/xtensa/include/asm/elf.h.  */
+#define ELF_NREG 128
+typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
+
+enum {
+TARGET_REG_PC,
+TARGET_REG_PS,
+TARGET_REG_LBEG,
+TARGET_REG_LEND,
+TARGET_REG_LCOUNT,
+TARGET_REG_SAR,
+TARGET_REG_WINDOWSTART,
+TARGET_REG_WINDOWBASE,
+TARGET_REG_THREADPTR,
+TARGET_REG_AR0 = 64,
+};
+
+static void elf_core_copy_regs(target_elf_gregset_t *regs,
+   const CPUXtensaState *env)
+{
+unsigned i;
+
+(*regs)[TARGET_REG_PC] = tswapreg(env->pc);
+(*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM);
+(*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]);
+(*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]);
+(*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]);
+(*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]);
+(*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]);
+(*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]);
+(*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]);
+xtensa_sync_phys_from_window((CPUXtensaState *)env);
+for (i = 0; i < env->config->nareg; ++i) {
+(*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]);
+}
+}
+
+#define USE_ELF_CORE_DUMP
+#define ELF_EXEC_PAGESIZE   4096
+
+#endif /* TARGET_XTENSA */
+
 #ifndef ELF_PLATFORM
 #define ELF_PLATFORM (NULL)
 #endif
diff --git a/linux-user/main.c b/linux-user/main.c
index bbeb78fb892b..1e7c6c02a80a 100644
---

[Qemu-devel] [PATCH v2 10/11] qemu-binfmt-conf.sh: add qemu-xtensa

2018-02-28 Thread Max Filippov 
Register qemu-xtensa and qemu-xtensaeb for transparent linux userspace
emulation.

Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 scripts/qemu-binfmt-conf.sh | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index ea5a7487457c..4efc5812aaa9 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
-# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390/HPPA
+# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390/HPPA/Xtensa
 # program execution by the kernel
 
 qemu_target_list="i386 i486 alpha arm armeb sparc32plus ppc ppc64 ppc64le m68k 
\
 mips mipsel mipsn32 mipsn32el mips64 mips64el \
-sh4 sh4eb s390x aarch64 aarch64_be hppa"
+sh4 sh4eb s390x aarch64 aarch64_be hppa xtensa xtensaeb"
 
 
i386_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'
 
i386_mask='\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
@@ -100,6 +100,14 @@ 
hppa_magic='\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
 
hppa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 hppa_family=hppa
 
+xtensa_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x5e\x00'
+xtensa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+xtensa_family=xtensa
+
+xtensaeb_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x5e'
+xtensaeb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
+xtensaeb_family=xtensaeb
+
 qemu_get_family() {
 cpu=${HOST_ARCH:-$(uname -m)}
 case "$cpu" in
-- 
2.11.0

[Qemu-devel] [PATCH v2 03/11] target/xtensa: use correct number of registers in gdbstub

2018-02-28 Thread Max Filippov 
System emulation should provide access to all registers, userspace
emulation should only provide access to unprivileged registers.
Record register flags from GDB register map definition, calculate both
num_regs and num_core_regs if either is zero. Use num_regs in system
emulation, num_core_regs in userspace emulation gdbstub.

Signed-off-by: Max Filippov 
---
 target/xtensa/cpu.h  |  1 +
 target/xtensa/gdbstub.c  | 14 --
 target/xtensa/helper.c   | 28 
 target/xtensa/overlay_tool.h | 11 ---
 4 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 49c2e3cf9a1b..255cc9e08ed9 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -310,6 +310,7 @@ typedef struct xtensa_tlb {
 
 typedef struct XtensaGdbReg {
 int targno;
+unsigned flags;
 int type;
 int group;
 unsigned size;
diff --git a/target/xtensa/gdbstub.c b/target/xtensa/gdbstub.c
index d78a1b437dbf..a8ea98d03fb8 100644
--- a/target/xtensa/gdbstub.c
+++ b/target/xtensa/gdbstub.c
@@ -28,9 +28,14 @@ int xtensa_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 XtensaCPU *cpu = XTENSA_CPU(cs);
 CPUXtensaState *env = >env;
 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
+#ifdef CONFIG_USER_ONLY
+int num_regs = env->config->gdb_regmap.num_core_regs;
+#else
+int num_regs = env->config->gdb_regmap.num_regs;
+#endif
 unsigned i;
 
-if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
+if (n < 0 || n >= num_regs) {
 return 0;
 }
 
@@ -81,8 +86,13 @@ int xtensa_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 CPUXtensaState *env = >env;
 uint32_t tmp;
 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
+#ifdef CONFIG_USER_ONLY
+int num_regs = env->config->gdb_regmap.num_core_regs;
+#else
+int num_regs = env->config->gdb_regmap.num_regs;
+#endif
 
-if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
+if (n < 0 || n >= num_regs) {
 return 0;
 }
 
diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index 5009fecedcb0..34885038d554 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -88,19 +88,31 @@ static void init_libisa(XtensaConfig *config)
 
 void xtensa_finalize_config(XtensaConfig *config)
 {
-unsigned i, n = 0;
-
 if (config->isa_internal) {
 init_libisa(config);
 }
-if (config->gdb_regmap.num_regs) {
-return;
-}
 
-for (i = 0; config->gdb_regmap.reg[i].targno >= 0; ++i) {
-n += (config->gdb_regmap.reg[i].type != 6);
+if (config->gdb_regmap.num_regs == 0 ||
+config->gdb_regmap.num_core_regs == 0) {
+unsigned i;
+unsigned n_regs = 0;
+unsigned n_core_regs = 0;
+
+for (i = 0; config->gdb_regmap.reg[i].targno >= 0; ++i) {
+if (config->gdb_regmap.reg[i].type != 6) {
+++n_regs;
+if ((config->gdb_regmap.reg[i].flags & 0x1) == 0) {
+++n_core_regs;
+}
+}
+}
+if (config->gdb_regmap.num_regs == 0) {
+config->gdb_regmap.num_regs = n_regs;
+}
+if (config->gdb_regmap.num_core_regs == 0) {
+config->gdb_regmap.num_core_regs = n_core_regs;
+}
 }
-config->gdb_regmap.num_regs = n;
 }
 
 void xtensa_register_core(XtensaConfigList *node)
diff --git a/target/xtensa/overlay_tool.h b/target/xtensa/overlay_tool.h
index 589dd6285089..b24ad11fec1c 100644
--- a/target/xtensa/overlay_tool.h
+++ b/target/xtensa/overlay_tool.h
@@ -25,9 +25,14 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#define XTREG(idx, ofs, bi, sz, al, no, flags, cp, typ, grp, name, \
-a1, a2, a3, a4, a5, a6) \
-{ .targno = (no), .type = (typ), .group = (grp), .size = (sz) },
+#define XTREG(idx, ofs, bi, sz, al, no, fl, cp, typ, grp, name, \
+  a1, a2, a3, a4, a5, a6) { \
+.targno = (no), \
+.flags = (fl), \
+.type = (typ), \
+.group = (grp), \
+.size = (sz), \
+},
 #define XTREG_END { .targno = -1 },
 
 #ifndef XCHAL_HAVE_DEPBITS
-- 
2.11.0

[Qemu-devel] [PATCH v2 07/11] linux-user: fix target_mprotect/target_munmap error return values

2018-02-28 Thread Max Filippov 
target_mprotect/target_munmap return value goes through get_errno at the
call site, thus the functions must either set errno to host error code
and return -1 or return negative guest error code. Do the latter.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/mmap.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index df81f9b803b6..84b15c9a1699 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -77,11 +77,11 @@ int target_mprotect(abi_ulong start, abi_ulong len, int 
prot)
 #endif
 
 if ((start & ~TARGET_PAGE_MASK) != 0)
-return -EINVAL;
+return -TARGET_EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 end = start + len;
 if (!guest_range_valid(start, len)) {
-return -ENOMEM;
+return -TARGET_ENOMEM;
 }
 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
 if (len == 0)
@@ -621,10 +621,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
start, len);
 #endif
 if (start & ~TARGET_PAGE_MASK)
-return -EINVAL;
+return -TARGET_EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 if (len == 0 || !guest_range_valid(start, len)) {
-return -EINVAL;
+return -TARGET_EINVAL;
 }
 
 mmap_lock();
-- 
2.11.0

[Qemu-devel] [PATCH v2 08/11] linux-user: drop unused target_msync function

2018-02-28 Thread Max Filippov 
target_msync is not used, remove its declaration and implementation.

Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/mmap.c | 17 -
 linux-user/qemu.h |  1 -
 2 files changed, 18 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 84b15c9a1699..9168a2051c34 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -754,20 +754,3 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 mmap_unlock();
 return new_addr;
 }
-
-int target_msync(abi_ulong start, abi_ulong len, int flags)
-{
-abi_ulong end;
-
-if (start & ~TARGET_PAGE_MASK)
-return -EINVAL;
-len = TARGET_PAGE_ALIGN(len);
-end = start + len;
-if (end < start)
-return -EINVAL;
-if (end == start)
-return 0;
-
-start &= qemu_host_page_mask;
-return msync(g2h(start), end - start, flags);
-}
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index f4b4ca72adb0..23712bbca860 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -428,7 +428,6 @@ int target_munmap(abi_ulong start, abi_ulong len);
 abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
abi_ulong new_size, unsigned long flags,
abi_ulong new_addr);
-int target_msync(abi_ulong start, abi_ulong len, int flags);
 extern unsigned long last_brk;
 extern abi_ulong mmap_next_start;
 abi_ulong mmap_find_vma(abi_ulong, abi_ulong);
-- 
2.11.0

[Qemu-devel] [PATCH v2 01/11] target/xtensa: dump correct physical registers

2018-02-28 Thread Max Filippov 
xtensa_cpu_dump_state outputs CPU physical registers as is, without
synchronization from current window. That may result in different values
printed for the current window and corresponding physical registers.
Synchronize physical registers from window before dumping.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Filippov 
---
 target/xtensa/translate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 671d934ff424..3ad86d4508e4 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1215,6 +1215,7 @@ void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
 (i % 4) == 3 ? '\n' : ' ');
 }
 
+xtensa_sync_phys_from_window(env);
 cpu_fprintf(f, "\n");
 
 for (i = 0; i < env->config->nareg; ++i) {
-- 
2.11.0

[Qemu-devel] [PATCH v2 02/11] target/xtensa: mark register windows in the dump

2018-02-28 Thread Max Filippov 
Add arrows that mark beginning of register windows and position of the
current window in the windowed register file.

Signed-off-by: Max Filippov 
---
 target/xtensa/translate.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 3ad86d4508e4..5969d7c3cd96 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1219,8 +1219,13 @@ void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
 cpu_fprintf(f, "\n");
 
 for (i = 0; i < env->config->nareg; ++i) {
-cpu_fprintf(f, "AR%02d=%08x%c", i, env->phys_regs[i],
-(i % 4) == 3 ? '\n' : ' ');
+cpu_fprintf(f, "AR%02d=%08x ", i, env->phys_regs[i]);
+if (i % 4 == 3) {
+bool ws = (env->sregs[WINDOW_START] & (1 << (i / 4))) != 0;
+bool cw = env->sregs[WINDOW_BASE] == i / 4;
+
+cpu_fprintf(f, "%c%c\n", ws ? '<' : ' ', cw ? '=' : ' ');
+}
 }
 
 if (xtensa_option_enabled(env->config, XTENSA_OPTION_FP_COPROCESSOR)) {
-- 
2.11.0

[Qemu-devel] [PATCH v2 04/11] target/xtensa: support MTTCG

2018-02-28 Thread Max Filippov 
- emit TCG barriers for MEMW, EXTW, S32RI and L32AI;
- do atomic_cmpxchg_i32 for S32C1I.

Cc: Emilio G. Cota 
Signed-off-by: Max Filippov 
---
 configure |  1 +
 target/xtensa/cpu.h   |  3 +++
 target/xtensa/translate.c | 46 +++---
 3 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/configure b/configure
index 39f3a4300163..f83bdeb2a550 100755
--- a/configure
+++ b/configure
@@ -6813,6 +6813,7 @@ case "$target_name" in
   ;;
   xtensa|xtensaeb)
 TARGET_ARCH=xtensa
+mttcg="yes"
   ;;
   *)
 error_exit "Unsupported target CPU"
diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 255cc9e08ed9..d9d3b33a7052 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -31,6 +31,9 @@
 #define ALIGNED_ONLY
 #define TARGET_LONG_BITS 32
 
+/* Xtensa processors have a weak memory model */
+#define TCG_GUEST_DEFAULT_MO  (0)
+
 #define CPUArchState struct CPUXtensaState
 
 #include "qemu-common.h"
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 5969d7c3cd96..c06d30d17960 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1664,9 +1664,15 @@ static void translate_ldst(DisasContext *dc, const 
uint32_t arg[],
 gen_load_store_alignment(dc, par[0] & MO_SIZE, addr, par[1]);
 }
 if (par[2]) {
+if (par[1]) {
+tcg_gen_mb(TCG_BAR_STRL | TCG_MO_ALL);
+}
 tcg_gen_qemu_st_tl(cpu_R[arg[0]], addr, dc->cring, par[0]);
 } else {
 tcg_gen_qemu_ld_tl(cpu_R[arg[0]], addr, dc->cring, par[0]);
+if (par[1]) {
+tcg_gen_mb(TCG_BAR_LDAQ | TCG_MO_ALL);
+}
 }
 tcg_temp_free(addr);
 }
@@ -1823,6 +1829,12 @@ static void translate_mac16(DisasContext *dc, const 
uint32_t arg[],
 }
 }
 
+static void translate_memw(DisasContext *dc, const uint32_t arg[],
+   const uint32_t par[])
+{
+tcg_gen_mb(TCG_BAR_SC | TCG_MO_ALL);
+}
+
 static void translate_minmax(DisasContext *dc, const uint32_t arg[],
  const uint32_t par[])
 {
@@ -2193,29 +2205,33 @@ static void translate_setb_expstate(DisasContext *dc, 
const uint32_t arg[],
 tcg_gen_ori_i32(cpu_UR[EXPSTATE], cpu_UR[EXPSTATE], 1u << arg[0]);
 }
 
+#ifdef CONFIG_USER_ONLY
+static void gen_check_atomctl(DisasContext *dc, TCGv_i32 addr)
+{
+}
+#else
+static void gen_check_atomctl(DisasContext *dc, TCGv_i32 addr)
+{
+TCGv_i32 tpc = tcg_const_i32(dc->pc);
+
+gen_helper_check_atomctl(cpu_env, tpc, addr);
+tcg_temp_free(tpc);
+}
+#endif
+
 static void translate_s32c1i(DisasContext *dc, const uint32_t arg[],
  const uint32_t par[])
 {
 if (gen_window_check2(dc, arg[0], arg[1])) {
-TCGLabel *label = gen_new_label();
 TCGv_i32 tmp = tcg_temp_local_new_i32();
 TCGv_i32 addr = tcg_temp_local_new_i32();
-TCGv_i32 tpc;
 
 tcg_gen_mov_i32(tmp, cpu_R[arg[0]]);
 tcg_gen_addi_i32(addr, cpu_R[arg[1]], arg[2]);
 gen_load_store_alignment(dc, 2, addr, true);
-
-tpc = tcg_const_i32(dc->pc);
-gen_helper_check_atomctl(cpu_env, tpc, addr);
-tcg_gen_qemu_ld32u(cpu_R[arg[0]], addr, dc->cring);
-tcg_gen_brcond_i32(TCG_COND_NE, cpu_R[arg[0]],
-   cpu_SR[SCOMPARE1], label);
-
-tcg_gen_qemu_st32(tmp, addr, dc->cring);
-
-gen_set_label(label);
-tcg_temp_free(tpc);
+gen_check_atomctl(dc, addr);
+tcg_gen_atomic_cmpxchg_i32(cpu_R[arg[0]], addr, cpu_SR[SCOMPARE1],
+   tmp, dc->cring, MO_32);
 tcg_temp_free(addr);
 tcg_temp_free(tmp);
 }
@@ -2828,7 +2844,7 @@ static const XtensaOpcodeOps core_ops[] = {
 .translate = translate_extui,
 }, {
 .name = "extw",
-.translate = translate_nop,
+.translate = translate_memw,
 }, {
 .name = "hwwdtlba",
 .translate = translate_ill,
@@ -2945,7 +2961,7 @@ static const XtensaOpcodeOps core_ops[] = {
 .par = (const uint32_t[]){TCG_COND_GEU},
 }, {
 .name = "memw",
-.translate = translate_nop,
+.translate = translate_memw,
 }, {
 .name = "min",
 .translate = translate_minmax,
-- 
2.11.0

[Qemu-devel] [PATCH v2 06/11] linux-user: fix assertion in shmdt

2018-02-28 Thread Max Filippov 
shmdt fails to call mmap_lock/mmap_unlock around page_set_flags,
resulting in the following assertion:
  page_set_flags: Assertion `have_mmap_lock()' failed.

Wrap shmdt internals into mmap_lock/mmap_unlock.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/syscall.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 79245e73784f..595b26fdd8f3 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4947,6 +4947,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
 static inline abi_long do_shmdt(abi_ulong shmaddr)
 {
 int i;
+abi_long rv;
+
+mmap_lock();
 
 for (i = 0; i < N_SHM_REGIONS; ++i) {
 if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
@@ -4955,8 +4958,11 @@ static inline abi_long do_shmdt(abi_ulong shmaddr)
 break;
 }
 }
+rv = get_errno(shmdt(g2h(shmaddr)));
+
+mmap_unlock();
 
-return get_errno(shmdt(g2h(shmaddr)));
+return rv;
 }
 
 #ifdef TARGET_NR_ipc
-- 
2.11.0

[Qemu-devel] [PATCH v2 00/11] linux-user support for target/xtensa

2018-02-28 Thread Max Filippov 
Hello,

this series adds linux-user support for target/xtensa.
It starts with a small cleanup for xtensa registers dumping.
It adds support for debugging linux-user process with xtensa-linux-gdb
(as opposed to xtensa-elf-gdb), which can only access unprivileged
registers.
It then enables MTTCG for xtensa.
It continues with a cleanup in linux-user/mmap area making sure that it
works correctly with limited 30-bit-wide user address space.
It then imports xtensa-specific definitions from the linux kernel,
conditionalizes user-only/softmmu-only code and adds handlers for signals
exceptions, process/thread creation and core registers dumping.

Changes v1->v2:
- add definition of TARGET_TIOCGPTPEER to linux-user/xtensa/termbits.h
- Cc linux-user maintainers

Max Filippov (11):
  target/xtensa: dump correct physical registers
  target/xtensa: mark register windows in the dump
  target/xtensa: use correct number of registers in gdbstub
  target/xtensa: support MTTCG
  linux-user: fix mmap/munmap/mprotect/mremap/shmat
  linux-user: fix assertion in shmdt
  linux-user: fix target_mprotect/target_munmap error return values
  linux-user: drop unused target_msync function
  target/xtensa: add linux-user support
  qemu-binfmt-conf.sh: add qemu-xtensa
  MAINTAINERS: fix W: address for xtensa

 MAINTAINERS |   2 +-
 configure   |   1 +
 default-configs/xtensa-linux-user.mak   |   1 +
 default-configs/xtensaeb-linux-user.mak |   1 +
 include/exec/cpu-all.h  |   2 +-
 include/exec/cpu_ldst.h |  12 +-
 linux-user/elfload.c|  58 +
 linux-user/main.c   | 245 ++
 linux-user/mmap.c   |  43 ++--
 linux-user/qemu.h   |   1 -
 linux-user/signal.c | 257 ++-
 linux-user/syscall.c|  13 +-
 linux-user/syscall_defs.h   |  65 -
 linux-user/xtensa/syscall.h |   0
 linux-user/xtensa/syscall_nr.h  | 437 
 linux-user/xtensa/target_cpu.h  |  22 ++
 linux-user/xtensa/target_elf.h  |  16 ++
 linux-user/xtensa/target_signal.h   |  28 ++
 linux-user/xtensa/target_structs.h  |  28 ++
 linux-user/xtensa/target_syscall.h  |  49 
 linux-user/xtensa/termbits.h| 328 
 scripts/qemu-binfmt-conf.sh |  12 +-
 target/xtensa/Makefile.objs |   3 +-
 target/xtensa/cpu.c |  26 +-
 target/xtensa/cpu.h |  60 +++--
 target/xtensa/gdbstub.c |  14 +-
 target/xtensa/helper.c  |  58 -
 target/xtensa/helper.h  |   4 +
 target/xtensa/op_helper.c   |  50 +++-
 target/xtensa/overlay_tool.h|  11 +-
 target/xtensa/translate.c   |  99 ++--
 31 files changed, 1836 insertions(+), 110 deletions(-)
 create mode 100644 default-configs/xtensa-linux-user.mak
 create mode 100644 default-configs/xtensaeb-linux-user.mak
 create mode 100644 linux-user/xtensa/syscall.h
 create mode 100644 linux-user/xtensa/syscall_nr.h
 create mode 100644 linux-user/xtensa/target_cpu.h
 create mode 100644 linux-user/xtensa/target_elf.h
 create mode 100644 linux-user/xtensa/target_signal.h
 create mode 100644 linux-user/xtensa/target_structs.h
 create mode 100644 linux-user/xtensa/target_syscall.h
 create mode 100644 linux-user/xtensa/termbits.h

-- 
2.11.0

Re: [Qemu-devel] [PATCH 06/16] translate-all: make l1_map lockless

2018-02-28 Thread Richard Henderson 
On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> Groundwork for supporting parallel TCG generation.
> 
> We never remove entries from the radix tree, so we can use cmpxchg
> to implement lockless insertions.
> 
> Signed-off-by: Emilio G. Cota 
> ---
>  accel/tcg/translate-all.c   | 24 ++--
>  docs/devel/multi-thread-tcg.txt |  4 ++--
>  2 files changed, 16 insertions(+), 12 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v10 00/29] x86: Secure Encrypted Virtualization (AMD)

2018-02-28 Thread Brijesh Singh 
Please ignore the cover letters patch count (00/29), the series contains
28 patches. thanks


On 2/28/18 3:10 PM, Brijesh Singh wrote:
> This patch series provides support for AMD's new Secure Encrypted 
> Virtualization (SEV) feature.
>
> SEV is an extension to the AMD-V architecture which supports running
> multiple VMs under the control of a hypervisor. The SEV feature allows
> the memory contents of a virtual machine (VM) to be transparently encrypted
> with a key unique to the guest VM. The memory controller contains a
> high performance encryption engine which can be programmed with multiple
> keys for use by a different VMs in the system. The programming and
> management of these keys is handled by the AMD Secure Processor firmware
> which exposes a commands for these tasks.
>
> The KVM SEV patch series introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP)
> which is used by qemu to issue the SEV commands to assist performing
> common hypervisor activities such as a launching, running, snapshooting,
> migration and debugging guests.
>
> The following links provide additional details:
>
> AMD Memory Encryption whitepaper:
>  
> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
>
> AMD64 Architecture Programmer's Manual:
> http://support.amd.com/TechDocs/24593.pdf
> SME is section 7.10
> SEV is section 15.34
>
> Secure Encrypted Virutualization Key Management:
> http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
>
> KVM Forum slides:
> http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
>
> Video of the KVM Forum Talk:
> https://www.youtube.com/watch?v=RcvQ1xN55Ew
>
> ---
>
> The complete patch series is available :
> https://github.com/codomania/qemu/tree/v10
>
> Using these patches we have succesfully booted and tested a guest both with 
> and
> without SEV enabled.
>
> TODO:
>
> * Add SEV guest migration support
> * Add SEV guest snapshot and restore support
>
> Changes since v9:
> - move sev specific header definition in target/i386/sev_i386.h
> - add new QMP query-sev-capabilities - the command will be used by libvirt
>   to query the SEV capabilities information.
> - move sev specific QMP command implementation in target/i386/monitor.c. The
>   sev commands are disabled for non x86 architecture
> - update 'info sev' command to display human readiable format for policy
> - use g_new0 to allocate to structure memory
> - update qemu-options.hx to include cbitspos and reduced-phys-bit field
>
> Changes since v8:
> - update 'query-sev' command to use enum type for SEV state.
> - populate memory encryption cpuid when only SEV is enabled.
>
>
> Changes since v7:
> - move sev.c from accel/kvm to target/i386
> - update query-sev-launch-measure to return error when measurement is not 
> available
> - update flatview_read to use slow path when attrs.debug=1 is set
> - fix the buffer overflow
> - use '-' when adding new member in SevInfo QMP structure
>
> Changes since v6:
> - add support to specify cbitpos in sev-guest object
> - add 'info sev' HMP command
> - add 'query-sev' and 'query-launch-measure' QMP commands
> - rework the logic to query the memory encryption mask when walking
>   guest pagetable for debug
>
> Changes since v5:
> - drop MEMTXTATTRS_DEBUG macro, caller now specify attrs.debug=1 when needed.
> - drop DPRINTF and use trace points to output the debug messages
>
> Changes since v4:
> - extend sev-guest object to add new properties 'dh-cert-file', 
> 'session-file' etc.
> - emit SEV_MEASUREMENT event when measurement is available
> - add migration blocker
> - add memory encryption cpuid support
> - rebase the series with recent qemu tree
>
> Changes since v3:
> - update to newer SEV spec (0.12 -> 0.14)
> - update to newer KVM RFC and use KVM_MEMORY_ENCRYPTION_OP ioctl instead
> of KVM_ISSUE_SEV.
> - add support to encrypt plfash
>
> Changes since v2:
> - rename ram_ops to ram_debug_ops
> - use '-' rather than '_' when adding new member in KvmInfo struct
> - update sev object to use link properties when referencing other objects
> - use ldq_phys_debug in tlb_info_64 and mem_info_64.
> - remove sev-guest-policy object, we will revisit it after basic SEV
> guest support is merged.
> - remove kernel API from doc and add SEV guest LAUNCH model. The doc will
> be updated as we integerate the remaining SEV APIs.
>
> Changes since v1:
> - Added Documentation
> - Added security-policy object.
> - Drop sev config parsing support and create new objects to get/set SEV
> specific parameters
> - Added sev-guest-info object.
> - Added sev-launch-info object.
> - Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding
> a non SEV memory encrytion object without modifying interfaces.
> - Drop patch to load OS image at fixed location.
> - updated LAUNCH_FINISH command structure. Now the structure contains
> just 'measurement' field. Other fields are not

[Qemu-devel] [PATCH v10 28/28] tests/qmp-test: blacklist sev specific qmp commands

2018-02-28 Thread Brijesh Singh 
Blacklist the following commands to fix the 'make check' failure.

query-sev-launch-measure: it returns meaninful data only when we launch
SEV guest otherwise the command returns an error.

query-sev: it return an error when SEV is not available on host (e.g non
X86 platform or KVM is disabled at the build time)

query-sev-capabilities: it returns an error when SEV feature is not
available on host machine.

Cc: "Daniel P. Berrangé" 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Reviewed-by: "Dr. David Alan Gilbert" 
Signed-off-by: Brijesh Singh 
---
Hi Dave,

I updated the patch to include other SEV specific QMP command so that
build passes on non x86 arch, I have still kept your R-b, if you don't agree
with changes then let me know.

thanks
 tests/qmp-test.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 580848307ad1..50573dbf4fbd 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -203,6 +203,11 @@ static bool query_is_blacklisted(const char *cmd)
 "query-gic-capabilities", /* arm */
 /* Success depends on target-specific build configuration: */
 "query-pci",  /* CONFIG_PCI */
+/* Success depends on launching SEV guest */
+"query-sev-launch-measure",
+/* Success depends on Host or Hypervisor SEV support */
+"query-sev",
+"query-sev-capabilities",
 NULL
 };
 int i;
-- 
2.14.3

[Qemu-devel] [PATCH v10 27/28] sev/i386: add sev_get_capabilities()

2018-02-28 Thread Brijesh Singh 
The function can be used to get the current SEV capabilities.
The capabilities include platform diffie-hellman key (pdh) and certificate
chain. The key can be provided to the external entities which wants to
establish a trusted channel between SEV firmware and guest owner.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/monitor.c  | 10 ++-
 target/i386/sev-stub.c |  5 
 target/i386/sev.c  | 78 ++
 target/i386/sev_i386.h |  1 +
 4 files changed, 93 insertions(+), 1 deletion(-)

diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 1b55dd0fff88..b914915d9171 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -740,5 +740,13 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error 
**errp)
 
 SevCapability *qmp_query_sev_capabilities(Error **errp)
 {
-return NULL;
+SevCapability *data;
+
+data = sev_get_capabilities();
+if (!data) {
+error_setg(errp, "SEV feature is not available");
+return NULL;
+}
+
+return data;
 }
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index 2f61c32ec975..59a003a4ebe6 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -44,3 +44,8 @@ char *sev_get_launch_measurement(void)
 {
 return NULL;
 }
+
+SevCapability *sev_get_capabilities(void)
+{
+return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index ad94eeace1b0..20279177cdcd 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -421,6 +421,84 @@ sev_get_info(void)
 return info;
 }
 
+static int
+sev_get_pdh_info(int fd, guchar **pdh, size_t *pdh_len, guchar **cert_chain,
+ size_t *cert_chain_len)
+{
+guchar *pdh_data, *cert_chain_data;
+struct sev_user_data_pdh_cert_export export = {};
+int err, r;
+
+/* query the certificate length */
+r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, , );
+if (r < 0) {
+if (err != SEV_RET_INVALID_LEN) {
+error_report("failed to export PDH cert ret=%d fw_err=%d (%s)",
+ r, err, fw_error_to_str(err));
+return 1;
+}
+}
+
+pdh_data = g_new(guchar, export.pdh_cert_len);
+cert_chain_data = g_new(guchar, export.cert_chain_len);
+export.pdh_cert_address = (unsigned long)pdh_data;
+export.cert_chain_address = (unsigned long)cert_chain_data;
+
+r = sev_platform_ioctl(fd, SEV_PDH_CERT_EXPORT, , );
+if (r < 0) {
+error_report("failed to export PDH cert ret=%d fw_err=%d (%s)",
+ r, err, fw_error_to_str(err));
+goto e_free;
+}
+
+*pdh = pdh_data;
+*pdh_len = export.pdh_cert_len;
+*cert_chain = cert_chain_data;
+*cert_chain_len = export.cert_chain_len;
+return 0;
+
+e_free:
+g_free(pdh_data);
+g_free(cert_chain_data);
+return 1;
+}
+
+SevCapability *
+sev_get_capabilities(void)
+{
+SevCapability *cap;
+guchar *pdh_data, *cert_chain_data;
+size_t pdh_len = 0, cert_chain_len = 0;
+uint32_t ebx;
+int fd;
+
+fd = open(DEFAULT_SEV_DEVICE, O_RDWR);
+if (fd < 0) {
+error_report("%s: Failed to open %s '%s'", __func__,
+ DEFAULT_SEV_DEVICE, strerror(errno));
+return NULL;
+}
+
+if (sev_get_pdh_info(fd, _data, _len,
+ _chain_data, _chain_len)) {
+return NULL;
+}
+
+cap = g_new0(SevCapability, 1);
+cap->pdh = g_base64_encode(pdh_data, pdh_len);
+cap->cert_chain = g_base64_encode(cert_chain_data, cert_chain_len);
+
+host_cpuid(0x801F, 0, NULL, , NULL, NULL);
+cap->cbitpos = ebx & 0x3f;
+cap->reduced_phys_bits = (ebx  >> 6) & 0x3f;
+
+g_free(pdh_data);
+g_free(cert_chain_data);
+
+close(fd);
+return cap;
+}
+
 static int
 sev_read_file_base64(const char *filename, guchar **data, gsize *len)
 {
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
index 2ecca66f6e64..cc89e273ccf6 100644
--- a/target/i386/sev_i386.h
+++ b/target/i386/sev_i386.h
@@ -43,6 +43,7 @@ extern SevInfo *sev_get_info(void);
 extern uint32_t sev_get_cbit_position(void);
 extern uint32_t sev_get_reduced_phys_bits(void);
 extern char *sev_get_launch_measurement(void);
+extern SevCapability *sev_get_capabilities(void);
 
 typedef struct QSevGuestInfo QSevGuestInfo;
 typedef struct QSevGuestInfoClass QSevGuestInfoClass;
-- 
2.14.3

Re: [Qemu-devel] [PATCH 05/16] translate-all: iterate over TBs in a page with PAGE_FOR_EACH_TB

2018-02-28 Thread Richard Henderson 
On 02/26/2018 09:39 PM, Emilio G. Cota wrote:
> +/* list iterators for lists of tagged pointers in TranslationBlock */
> +#define TB_FOR_EACH_TAGGED(head, tb, n, field)  \
> +for (n = (head) & 1,\
> + tb = (TranslationBlock *)((head) & ~1);\
> + tb;\
> + tb = (TranslationBlock *)tb->field[n], \
> + n = (uintptr_t)tb & 1, \
> + tb = (TranslationBlock *)((uintptr_t)tb & ~1))
> +
> +#define PAGE_FOR_EACH_TB(pagedesc, tb, n)   \
> +TB_FOR_EACH_TAGGED((pagedesc)->first_tb, tb, n, page_next)
> +

I'm not sure I like the generalization of TB_FOR_EACH_TAGGED.  Do you use it
for anything besides PAGE_FOR_EACH_TB?

Weird indentation in the clauses.

Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 00/11] linux-user support for target/xtensa

2018-02-28 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180228210616.2756-1-jcmvb...@gmail.com
Subject: [Qemu-devel] [PATCH 00/11] linux-user support for target/xtensa

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20180228210616.2756-1-jcmvb...@gmail.com -> 
patchew/20180228210616.2756-1-jcmvb...@gmail.com
Switched to a new branch 'test'
2a75fa6c21 MAINTAINERS: fix W: address for xtensa
1cdcd90c21 qemu-binfmt-conf.sh: add qemu-xtensa
aa55fecbe6 target/xtensa: add linux-user support
67b3a53744 linux-user: drop unused target_msync function
8b029f422a linux-user: fix target_mprotect/target_munmap error return values
8a566c02e7 linux-user: fix assertion in shmdt
09b77eda84 linux-user: fix mmap/munmap/mprotect/mremap/shmat
e4b4e32ec4 target/xtensa: support MTTCG
ab1725dca7 target/xtensa: use correct number of registers in gdbstub
32124175d5 target/xtensa: mark register windows in the dump
678d883680 target/xtensa: dump correct physical registers

=== OUTPUT BEGIN ===
Checking PATCH 1/11: target/xtensa: dump correct physical registers...
Checking PATCH 2/11: target/xtensa: mark register windows in the dump...
Checking PATCH 3/11: target/xtensa: use correct number of registers in 
gdbstub...
Checking PATCH 4/11: target/xtensa: support MTTCG...
Checking PATCH 5/11: linux-user: fix mmap/munmap/mprotect/mremap/shmat...
Checking PATCH 6/11: linux-user: fix assertion in shmdt...
Checking PATCH 7/11: linux-user: fix target_mprotect/target_munmap error return 
values...
Checking PATCH 8/11: linux-user: drop unused target_msync function...
Checking PATCH 9/11: target/xtensa: add linux-user support...
ERROR: code indent should never use tabs
#675: FILE: linux-user/syscall_defs.h:1396:
+#define TARGET_MAP_FIXED^I0x10^I^I/* Interpret addr exactly */$

ERROR: code indent should never use tabs
#676: FILE: linux-user/syscall_defs.h:1397:
+#define TARGET_MAP_ANONYMOUS^I0x0800^I^I/* don't use a file */$

ERROR: code indent should never use tabs
#677: FILE: linux-user/syscall_defs.h:1398:
+#define TARGET_MAP_GROWSDOWN^I0x1000^I^I/* stack-like segment */$

ERROR: code indent should never use tabs
#678: FILE: linux-user/syscall_defs.h:1399:
+#define TARGET_MAP_DENYWRITE^I0x2000^I^I/* ETXTBSY */$

ERROR: code indent should never use tabs
#679: FILE: linux-user/syscall_defs.h:1400:
+#define TARGET_MAP_EXECUTABLE^I0x4000^I^I/* mark it as an executable */$

ERROR: code indent should never use tabs
#680: FILE: linux-user/syscall_defs.h:1401:
+#define TARGET_MAP_LOCKED^I0x8000^I^I/* pages are locked */$

WARNING: line over 80 characters
#681: FILE: linux-user/syscall_defs.h:1402:
+#define TARGET_MAP_NORESERVE   0x0400  /* don't check for reservations 
*/

ERROR: code indent should never use tabs
#681: FILE: linux-user/syscall_defs.h:1402:
+#define TARGET_MAP_NORESERVE^I0x0400^I^I/* don't check for reservations */$

WARNING: line over 80 characters
#682: FILE: linux-user/syscall_defs.h:1403:
+#define TARGET_MAP_POPULATE0x1 /* populate (prefault) 
pagetables */

ERROR: code indent should never use tabs
#682: FILE: linux-user/syscall_defs.h:1403:
+#define TARGET_MAP_POPULATE^I0x1^I^I/* populate (prefault) pagetables */$

ERROR: code indent should never use tabs
#683: FILE: linux-user/syscall_defs.h:1404:
+#define TARGET_MAP_NONBLOCK^I0x2^I^I/* do not block on IO */$

ERROR: code indent should never use tabs
#684: FILE: linux-user/syscall_defs.h:1405:
+#define TARGET_MAP_STACK^I0x4$

WARNING: line over 80 characters
#846: FILE: linux-user/xtensa/syscall_nr.h:87:
+#define TARGET_NR_utime   64 /* glibc 2.3.3 ?? 
*/

WARNING: line over 80 characters
#948: FILE: linux-user/xtensa/syscall_nr.h:189:
+#define TARGET_NR_reserved152152 /* 
set_thread_area */

WARNING: line over 80 characters
#949: FILE: linux-user/xtensa/syscall_nr.h:190:
+#define TARGET_NR_reserved153153 /* 
get_thread_area */

WARNING: line over 80 characters
#1667: FILE: linux-user/xtensa/termbits.h:292:
+#define TARGET_TCSBRKP _IOW('T', 37, int)   /* Needed for POSIX 
tcsendbreak()*/

ERROR: line over 90 characters
#1677: FILE: linux-user/xtensa/termbits.h:302:
+#define TARGET_TIOCGPTN_IOR('T',0x30, unsigned int) /* Get Pty Number (of 
pty-mux device) */

[Qemu-devel] [PATCH v10 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active

2018-02-28 Thread Brijesh Singh 
When SEV is enabled, CPUID 0x8000_001F should provide additional
information regarding the feature (such as which page table bit is used
to mark the pages as encrypted etc).

The details for memory encryption CPUID is available in AMD APM
(https://support.amd.com/TechDocs/24594.pdf) Section E.4.17

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/cpu.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b5e431e769da..7a3cec59402b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -26,6 +26,7 @@
 #include "sysemu/hvf.h"
 #include "sysemu/cpus.h"
 #include "kvm_i386.h"
+#include "sev_i386.h"
 
 #include "qemu/error-report.h"
 #include "qemu/option.h"
@@ -3612,6 +3613,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ecx = 0;
 *edx = 0;
 break;
+case 0x801F:
+*eax = sev_enabled() ? 0x2 : 0;
+*ebx = sev_get_cbit_position();
+*ebx |= sev_get_reduced_phys_bits() << 6;
+*ecx = 0;
+*edx = 0;
+break;
 default:
 /* reserved values: zero */
 *eax = 0;
@@ -4041,6 +4049,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error 
**errp)
 if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
 x86_cpu_adjust_level(cpu, >cpuid_min_xlevel, 0x800A);
 }
+
+/* SEV requires CPUID[0x801F] */
+if (sev_enabled()) {
+x86_cpu_adjust_level(cpu, >cpuid_min_xlevel, 0x801F);
+}
 }
 
 /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
-- 
2.14.3

[Qemu-devel] [PATCH v10 23/28] qmp: add query-sev-launch-measure command

2018-02-28 Thread Brijesh Singh 
The command can be used by libvirt to retrieve the measurement of SEV guest.
This measurement is a signature of the memory contents that was encrypted
through the LAUNCH_UPDATE_DATA.

Cc: "Daniel P. Berrangé" 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Signed-off-by: Brijesh Singh 
---
 monitor.c |  7 +++
 qapi-schema.json  | 29 +
 target/i386/monitor.c | 17 +
 3 files changed, 53 insertions(+)

diff --git a/monitor.c b/monitor.c
index 356d550aaf2d..d0ebd5906d9d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -984,6 +984,7 @@ static void qmp_unregister_commands_hack(void)
 #ifndef TARGET_I386
 qmp_unregister_command(_commands, "rtc-reset-reinjection");
 qmp_unregister_command(_commands, "query-sev");
+qmp_unregister_command(_commands, "query-sev-launch-measure");
 #endif
 #ifndef TARGET_S390X
 qmp_unregister_command(_commands, "dump-skeys");
@@ -4164,6 +4165,12 @@ SevInfo *qmp_query_sev(Error **errp)
 error_setg(errp, QERR_FEATURE_DISABLED, "query-sev");
 return NULL;
 }
+
+SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp)
+{
+error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure");
+return NULL;
+}
 #endif
 
 #ifndef TARGET_S390X
diff --git a/qapi-schema.json b/qapi-schema.json
index 467a06460ead..facf2138df6b 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3250,3 +3250,32 @@
 #
 ##
 { 'command': 'query-sev', 'returns': 'SevInfo' }
+
+##
+# @SevLaunchMeasureInfo:
+#
+# SEV Guest Launch measurement information
+#
+# @data: the measurement value encoded in base64
+#
+# Since: 2.12
+#
+##
+{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} }
+
+##
+# @query-sev-launch-measure:
+#
+# Query the SEV guest launch information.
+#
+# Returns: The @SevLaunchMeasureInfo for the guest
+#
+# Since: 2.12
+#
+# Example:
+#
+# -> { "execute": "query-sev-launch-measure" }
+# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
+#
+##
+{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 64d459f80f0c..577d50eebaaa 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -720,3 +720,20 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict)
 monitor_printf(mon, "SEV is not enabled\n");
 }
 }
+
+SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp)
+{
+char *data;
+SevLaunchMeasureInfo *info;
+
+data = sev_get_launch_measurement();
+if (!data) {
+error_setg(errp, "Measurement is not available");
+return NULL;
+}
+
+info = g_malloc0(sizeof(*info));
+info->data = data;
+
+return info;
+}
-- 
2.14.3

[Qemu-devel] [PATCH v10 18/28] sev/i386: add support to LAUNCH_MEASURE command

2018-02-28 Thread Brijesh Singh 
During machine creation we encrypted the guest bios image, the
LAUNCH_MEASURE command can be used to retrieve the measurement of
the encrypted memory region. This measurement is a signature of
the memory contents that can be sent to the guest owner as an
attestation that the memory was encrypted correctly by the firmware.
VM management tools like libvirt can query the measurement using
query-sev-launch-measure QMP command.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/sev-stub.c   |  5 
 target/i386/sev.c| 63 
 target/i386/sev_i386.h   |  2 ++
 target/i386/trace-events |  1 +
 4 files changed, 71 insertions(+)

diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index c86d8c139237..2f61c32ec975 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -39,3 +39,8 @@ uint32_t sev_get_reduced_phys_bits(void)
 {
 return 0;
 }
+
+char *sev_get_launch_measurement(void)
+{
+return NULL;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index a25722bdb934..a61c100ef47b 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -510,6 +510,68 @@ sev_launch_update_data(uint8_t *addr, uint64_t len)
 return ret;
 }
 
+static void
+sev_launch_get_measure(Notifier *notifier, void *unused)
+{
+int ret, error;
+guchar *data;
+SEVState *s = sev_state;
+struct kvm_sev_launch_measure *measurement;
+
+if (!sev_check_state(SEV_STATE_LUPDATE)) {
+return;
+}
+
+measurement = g_new0(struct kvm_sev_launch_measure, 1);
+
+/* query the measurement blob length */
+ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_MEASURE,
+measurement, );
+if (!measurement->len) {
+error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
+ __func__, ret, error, fw_error_to_str(errno));
+goto free_measurement;
+}
+
+data = g_new0(guchar, measurement->len);
+measurement->uaddr = (unsigned long)data;
+
+/* get the measurement blob */
+ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_MEASURE,
+measurement, );
+if (ret) {
+error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'",
+ __func__, ret, error, fw_error_to_str(errno));
+goto free_data;
+}
+
+sev_set_guest_state(SEV_STATE_LSECRET);
+
+/* encode the measurement value and emit the event */
+s->measurement = g_base64_encode(data, measurement->len);
+trace_kvm_sev_launch_measurement(s->measurement);
+
+free_data:
+g_free(data);
+free_measurement:
+g_free(measurement);
+}
+
+char *
+sev_get_launch_measurement(void)
+{
+if (sev_state &&
+sev_state->state >= SEV_STATE_LSECRET) {
+return g_strdup(sev_state->measurement);
+}
+
+return NULL;
+}
+
+static Notifier sev_machine_done_notify = {
+.notify = sev_launch_get_measure,
+};
+
 void *
 sev_guest_init(const char *id)
 {
@@ -590,6 +652,7 @@ sev_guest_init(const char *id)
 }
 
 ram_block_notifier_add(_ram_notifier);
+qemu_add_machine_init_done_notifier(_machine_done_notify);
 
 return s;
 err:
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
index 68019d6f39a5..2ecca66f6e64 100644
--- a/target/i386/sev_i386.h
+++ b/target/i386/sev_i386.h
@@ -42,6 +42,7 @@ extern uint64_t sev_get_me_mask(void);
 extern SevInfo *sev_get_info(void);
 extern uint32_t sev_get_cbit_position(void);
 extern uint32_t sev_get_reduced_phys_bits(void);
+extern char *sev_get_launch_measurement(void);
 
 typedef struct QSevGuestInfo QSevGuestInfo;
 typedef struct QSevGuestInfoClass QSevGuestInfoClass;
@@ -83,6 +84,7 @@ struct SEVState {
 uint32_t handle;
 int sev_fd;
 SevState state;
+gchar *measurement;
 };
 
 typedef struct SEVState SEVState;
diff --git a/target/i386/trace-events b/target/i386/trace-events
index c0cd8e93217f..f7a1a1e6b85c 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -13,3 +13,4 @@ kvm_memcrypt_unregister_region(void *addr, size_t len) "addr 
%p len 0x%lu"
 kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
 kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x 
session %p pdh %p"
 kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64
+kvm_sev_launch_measurement(const char *value) "data %s"
-- 
2.14.3

[Qemu-devel] [PATCH v10 21/28] sev/i386: add debug encrypt and decrypt commands

2018-02-28 Thread Brijesh Singh 
KVM_SEV_DBG_DECRYPT and KVM_SEV_DBG_ENCRYPT commands are used for
decrypting and encrypting guest memory region. The command works only if
the guest policy allows the debugging.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 accel/kvm/kvm-all.c  |  1 +
 stubs/sev.c  |  4 
 target/i386/sev.c| 57 
 target/i386/trace-events |  1 +
 4 files changed, 63 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 4974c00c46fb..f53d4ca503b0 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1681,6 +1681,7 @@ static int kvm_init(MachineState *ms)
 }
 
 kvm_state->memcrypt_encrypt_data = sev_encrypt_data;
+kvm_state->memcrypt_debug_ops = sev_set_debug_ops;
 }
 
 ret = kvm_arch_init(ms, s);
diff --git a/stubs/sev.c b/stubs/sev.c
index 2e20f3b73a5b..73f5c7f93a67 100644
--- a/stubs/sev.c
+++ b/stubs/sev.c
@@ -15,6 +15,10 @@
 #include "qemu-common.h"
 #include "sysemu/sev.h"
 
+void sev_set_debug_ops(void *handle, MemoryRegion *mr)
+{
+}
+
 int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
 {
 return 1;
diff --git a/target/i386/sev.c b/target/i386/sev.c
index c341257fcc14..23c2b6183f33 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -24,6 +24,7 @@
 #define DEFAULT_SEV_DEVICE  "/dev/sev"
 
 static SEVState *sev_state;
+static MemoryRegionRAMReadWriteOps  sev_ops;
 
 static const char *const sev_fw_errlist[] = {
 "",
@@ -600,6 +601,46 @@ sev_vm_state_change(void *opaque, int running, RunState 
state)
 }
 }
 
+static int
+sev_dbg_enc_dec(uint8_t *dst, const uint8_t *src, uint32_t len, bool write)
+{
+int ret, error;
+struct kvm_sev_dbg dbg;
+
+dbg.src_uaddr = (unsigned long)src;
+dbg.dst_uaddr = (unsigned long)dst;
+dbg.len = len;
+
+trace_kvm_sev_debug(write ? "encrypt" : "decrypt", src, dst, len);
+ret = sev_ioctl(sev_state->sev_fd,
+write ? KVM_SEV_DBG_ENCRYPT : KVM_SEV_DBG_DECRYPT,
+, );
+if (ret) {
+error_report("%s (%s) %#llx->%#llx+%#x ret=%d fw_error=%d '%s'",
+ __func__, write ? "write" : "read", dbg.src_uaddr,
+ dbg.dst_uaddr, dbg.len, ret, error,
+ fw_error_to_str(error));
+}
+
+return ret;
+}
+
+static int
+sev_mem_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
+{
+assert(attrs.debug);
+
+return sev_dbg_enc_dec(dst, src, len, false);
+}
+
+static int
+sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
+{
+assert(attrs.debug);
+
+return sev_dbg_enc_dec(dst, src, len, true);
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -703,6 +744,22 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
 return 0;
 }
 
+void
+sev_set_debug_ops(void *handle, MemoryRegion *mr)
+{
+SEVState *s = (SEVState *)handle;
+
+/* If policy does not allow debug then no need to register ops */
+if (s->policy & SEV_POLICY_NODBG) {
+return;
+}
+
+sev_ops.read = sev_mem_read;
+sev_ops.write = sev_mem_write;
+
+memory_region_set_ram_debug_ops(mr, _ops);
+}
+
 static void
 sev_register_types(void)
 {
diff --git a/target/i386/trace-events b/target/i386/trace-events
index b1fbde6e40fe..00aa6e98d810 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -15,3 +15,4 @@ kvm_sev_launch_start(int policy, void *session, void *pdh) 
"policy 0x%x session
 kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64
 kvm_sev_launch_measurement(const char *value) "data %s"
 kvm_sev_launch_finish(void) ""
+kvm_sev_debug(const char *op, const uint8_t *src, uint8_t *dst, int len) "(%s) 
src %p dst %p len %d"
-- 
2.14.3

[Qemu-devel] [PATCH v10 17/28] target/i386: encrypt bios rom

2018-02-28 Thread Brijesh Singh 
SEV requires that guest bios must be encrypted before booting the guest.

Cc: "Michael S. Tsirkin" 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 hw/i386/pc_sysfw.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 4325575e7d82..73ac783f2055 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -113,6 +113,8 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
 pflash_t *system_flash;
 MemoryRegion *flash_mem;
 char name[64];
+void *flash_ptr;
+int ret, flash_size;
 
 sector_bits = 12;
 sector_size = 1 << sector_bits;
@@ -169,6 +171,17 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
 if (unit == 0) {
 flash_mem = pflash_cfi01_get_memory(system_flash);
 pc_isa_bios_init(rom_memory, flash_mem, size);
+
+/* Encrypt the pflash boot ROM */
+if (kvm_memcrypt_enabled()) {
+flash_ptr = memory_region_get_ram_ptr(flash_mem);
+flash_size = memory_region_size(flash_mem);
+ret = kvm_memcrypt_encrypt_data(flash_ptr, flash_size);
+if (ret) {
+error_report("failed to encrypt pflash rom");
+exit(1);
+}
+}
 }
 }
 }
-- 
2.14.3

[Qemu-devel] [PATCH v10 16/28] sev/i386: add command to encrypt guest memory region

2018-02-28 Thread Brijesh Singh 
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory
region using the VM Encryption Key created using LAUNCH_START.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 accel/kvm/kvm-all.c  |  2 ++
 stubs/sev.c  |  5 +
 target/i386/sev.c| 43 +++
 target/i386/trace-events |  1 +
 4 files changed, 51 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 4468c8fe002c..4974c00c46fb 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1679,6 +1679,8 @@ static int kvm_init(MachineState *ms)
 if (!kvm_state->memcrypt_handle) {
 goto err;
 }
+
+kvm_state->memcrypt_encrypt_data = sev_encrypt_data;
 }
 
 ret = kvm_arch_init(ms, s);
diff --git a/stubs/sev.c b/stubs/sev.c
index 4a5cc5569e5f..2e20f3b73a5b 100644
--- a/stubs/sev.c
+++ b/stubs/sev.c
@@ -15,6 +15,11 @@
 #include "qemu-common.h"
 #include "sysemu/sev.h"
 
+int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
+{
+return 1;
+}
+
 void *sev_guest_init(const char *id)
 {
 return NULL;
diff --git a/target/i386/sev.c b/target/i386/sev.c
index b867ffbc0eae..a25722bdb934 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -100,6 +100,13 @@ fw_error_to_str(int code)
 return sev_fw_errlist[code];
 }
 
+static bool
+sev_check_state(SevState state)
+{
+assert(sev_state);
+return sev_state->state == state ? true : false;
+}
+
 static void
 sev_set_guest_state(SevState new_state)
 {
@@ -480,6 +487,29 @@ sev_launch_start(SEVState *s)
 return 0;
 }
 
+static int
+sev_launch_update_data(uint8_t *addr, uint64_t len)
+{
+int ret, fw_error;
+struct kvm_sev_launch_update_data update;
+
+if (!addr || !len) {
+return 1;
+}
+
+update.uaddr = (__u64)addr;
+update.len = len;
+trace_kvm_sev_launch_update_data(addr, len);
+ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA,
+, _error);
+if (ret) {
+error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'",
+__func__, ret, fw_error, fw_error_to_str(fw_error));
+}
+
+return ret;
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -568,6 +598,19 @@ err:
 return NULL;
 }
 
+int
+sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
+{
+assert(handle);
+
+/* if SEV is in update state then encrypt the data else do nothing */
+if (sev_check_state(SEV_STATE_LUPDATE)) {
+return sev_launch_update_data(ptr, len);
+}
+
+return 0;
+}
+
 static void
 sev_register_types(void)
 {
diff --git a/target/i386/trace-events b/target/i386/trace-events
index 9402251e9991..c0cd8e93217f 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -12,3 +12,4 @@ kvm_memcrypt_register_region(void *addr, size_t len) "addr %p 
len 0x%lu"
 kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
 kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
 kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x 
session %p pdh %p"
+kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64
-- 
2.14.3

[Qemu-devel] [PATCH v10 15/28] sev/i386: add command to create launch memory encryption context

2018-02-28 Thread Brijesh Singh 
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK).
The encryption key created with the command will be used for encrypting
the bootstrap images (such as guest bios).

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/sev.c| 86 
 target/i386/trace-events |  2 ++
 2 files changed, 88 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 8ee6159b2bfc..b867ffbc0eae 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -100,6 +100,17 @@ fw_error_to_str(int code)
 return sev_fw_errlist[code];
 }
 
+static void
+sev_set_guest_state(SevState new_state)
+{
+assert(new_state < SEV_STATE__MAX);
+assert(sev_state);
+
+trace_kvm_sev_change_state(SevState_str(sev_state->state),
+   SevState_str(new_state));
+sev_state->state = new_state;
+}
+
 static void
 sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
 {
@@ -400,6 +411,75 @@ sev_get_info(void)
 return info;
 }
 
+static int
+sev_read_file_base64(const char *filename, guchar **data, gsize *len)
+{
+gsize sz;
+gchar *base64;
+GError *error = NULL;
+
+if (!g_file_get_contents(filename, , , )) {
+error_report("failed to read '%s' (%s)", filename, error->message);
+return -1;
+}
+
+*data = g_base64_decode(base64, len);
+return 0;
+}
+
+static int
+sev_launch_start(SEVState *s)
+{
+gsize sz;
+int ret = 1;
+int fw_error;
+QSevGuestInfo *sev = s->sev_info;
+struct kvm_sev_launch_start *start;
+guchar *session = NULL, *dh_cert = NULL;
+
+start = g_new0(struct kvm_sev_launch_start, 1);
+
+start->handle = object_property_get_int(OBJECT(sev), "handle",
+_abort);
+start->policy = object_property_get_int(OBJECT(sev), "policy",
+_abort);
+if (sev->session_file) {
+if (sev_read_file_base64(sev->session_file, , ) < 0) {
+return 1;
+}
+start->session_uaddr = (unsigned long)session;
+start->session_len = sz;
+}
+
+if (sev->dh_cert_file) {
+if (sev_read_file_base64(sev->dh_cert_file, _cert, ) < 0) {
+return 1;
+}
+start->dh_uaddr = (unsigned long)dh_cert;
+start->dh_len = sz;
+}
+
+trace_kvm_sev_launch_start(start->policy, session, dh_cert);
+ret = sev_ioctl(s->sev_fd, KVM_SEV_LAUNCH_START, start, _error);
+if (ret < 0) {
+error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'",
+__func__, ret, fw_error, fw_error_to_str(fw_error));
+return 1;
+}
+
+object_property_set_int(OBJECT(sev), start->handle, "handle",
+_abort);
+sev_set_guest_state(SEV_STATE_LUPDATE);
+s->handle = start->handle;
+s->policy = start->policy;
+
+g_free(start);
+g_free(session);
+g_free(dh_cert);
+
+return 0;
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -473,6 +553,12 @@ sev_guest_init(const char *id)
 goto err;
 }
 
+ret = sev_launch_start(s);
+if (ret) {
+error_report("%s: failed to create encryption context", __func__);
+goto err;
+}
+
 ram_block_notifier_add(_ram_notifier);
 
 return s;
diff --git a/target/i386/trace-events b/target/i386/trace-events
index ffa3d2250425..9402251e9991 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -10,3 +10,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes"
 kvm_sev_init(void) ""
 kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu"
 kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
+kvm_sev_change_state(const char *old, const char *new) "%s -> %s"
+kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x 
session %p pdh %p"
-- 
2.14.3

[Qemu-devel] [PATCH v10 11/28] sev/i386: add command to initialize the memory encryption context

2018-02-28 Thread Brijesh Singh 
When memory encryption is enabled, KVM_SEV_INIT command is used to
initialize the platform. The command loads the SEV related persistent
data from non-volatile storage and initializes the platform context.
This command should be first issued before invoking any other guest
commands provided by the SEV firmware.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 accel/kvm/kvm-all.c   |  15 
 include/sysemu/sev.h  |  22 +
 stubs/Makefile.objs   |   1 +
 stubs/sev.c   |  21 +
 target/i386/Makefile.objs |   2 +-
 target/i386/monitor.c |  11 ++-
 target/i386/sev-stub.c|  41 +
 target/i386/sev.c | 222 ++
 target/i386/sev_i386.h|  29 ++
 target/i386/trace-events  |   3 +
 10 files changed, 364 insertions(+), 3 deletions(-)
 create mode 100644 include/sysemu/sev.h
 create mode 100644 stubs/sev.c
 create mode 100644 target/i386/sev-stub.c

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index b91fcb7160d3..300fc3cd44ce 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -38,6 +38,7 @@
 #include "qemu/event_notifier.h"
 #include "trace.h"
 #include "hw/irq.h"
+#include "sysemu/sev.h"
 
 #include "hw/boards.h"
 
@@ -103,6 +104,9 @@ struct KVMState
 #endif
 KVMMemoryListener memory_listener;
 QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
+
+/* memory encryption */
+void *memcrypt_handle;
 };
 
 KVMState *kvm_state;
@@ -1636,6 +1640,17 @@ static int kvm_init(MachineState *ms)
 
 kvm_state = s;
 
+/*
+ * if memory encryption object is specified then initialize the memory
+ * encryption context.
+ */
+if (ms->memory_encryption) {
+kvm_state->memcrypt_handle = sev_guest_init(ms->memory_encryption);
+if (!kvm_state->memcrypt_handle) {
+goto err;
+}
+}
+
 ret = kvm_arch_init(ms, s);
 if (ret < 0) {
 goto err;
diff --git a/include/sysemu/sev.h b/include/sysemu/sev.h
new file mode 100644
index ..3f6a26e92789
--- /dev/null
+++ b/include/sysemu/sev.h
@@ -0,0 +1,22 @@
+/*
+ * QEMU Secure Encrypted Virutualization (SEV) support
+ *
+ * Copyright: Advanced Micro Devices, 2016-2018
+ *
+ * Authors:
+ *  Brijesh Singh 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_SEV_H
+#define QEMU_SEV_H
+
+#include "sysemu/kvm.h"
+
+void *sev_guest_init(const char *id);
+int sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len);
+void sev_set_debug_ops(void *handle, MemoryRegion *mr);
+#endif
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index 2d59d8409162..31b36fdfdb88 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -43,3 +43,4 @@ stub-obj-y += xen-common.o
 stub-obj-y += xen-hvm.o
 stub-obj-y += pci-host-piix.o
 stub-obj-y += ram-block.o
+stub-obj-y += sev.o
diff --git a/stubs/sev.c b/stubs/sev.c
new file mode 100644
index ..4a5cc5569e5f
--- /dev/null
+++ b/stubs/sev.c
@@ -0,0 +1,21 @@
+/*
+ * QEMU SEV stub
+ *
+ * Copyright Advanced Micro Devices 2018
+ *
+ * Authors:
+ *  Brijesh Singh 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "sysemu/sev.h"
+
+void *sev_guest_init(const char *id)
+{
+return NULL;
+}
diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs
index 76aeaeae2750..741cb080eb17 100644
--- a/target/i386/Makefile.objs
+++ b/target/i386/Makefile.objs
@@ -5,7 +5,7 @@ obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o 
mpx_helper.o
 obj-$(CONFIG_TCG) += seg_helper.o smm_helper.o svm_helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o arch_memory_mapping.o arch_dump.o monitor.o
 obj-$(CONFIG_KVM) += kvm.o hyperv.o sev.o
-obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
+obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o sev-stub.o
 # HAX support
 ifdef CONFIG_WIN32
 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index f429b1fc5383..e2f02c4be95c 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -670,6 +670,13 @@ void hmp_info_io_apic(Monitor *mon, const QDict *qdict)
 
 SevInfo *qmp_query_sev(Error **errp)
 {
-error_setg(errp, "SEV feature is not available");
-return NULL;
+SevInfo *info;
+
+info = sev_get_info();
+if (!info) {
+error_setg(errp, "SEV feature is not available");
+return NULL;
+}
+
+return info;
 }
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
new file mode 100644
index ..c86d8c139237
--- /dev/null
+++ b/target/i386/sev-stub.c
@@ -0,0 +1,41

[Qemu-devel] [PATCH v10 14/28] hmp: add 'info sev' command

2018-02-28 Thread Brijesh Singh 
The command can be used to show the SEV information when memory
encryption is enabled on AMD platform.

Cc: Eric Blake 
Cc: "Daniel P. Berrangé" 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Reviewed-by: "Dr. David Alan Gilbert" 
Signed-off-by: Brijesh Singh 
---

Hi Dave,

I updated the patch to address your comment on making this x86 specific, but
still kept your R-b, if you don't agree with changes then let me know.

thanks

 hmp-commands-info.hx  | 16 
 hmp.h |  1 +
 target/i386/monitor.c | 20 
 3 files changed, 37 insertions(+)

diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index ad590a4ffb2b..ddfcd5adcca6 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -867,6 +867,22 @@ Display the amount of initially allocated and present 
hotpluggable (if
 enabled) memory in bytes.
 ETEXI
 
+#if defined(TARGET_I386)
+{
+.name   = "sev",
+.args_type  = "",
+.params = "",
+.help   = "show SEV information",
+.cmd= hmp_info_sev,
+},
+#endif
+
+STEXI
+@item info sev
+@findex info sev
+Show SEV information.
+ETEXI
+
 STEXI
 @end table
 ETEXI
diff --git a/hmp.h b/hmp.h
index 1143db44a760..4ca1a77b2c1f 100644
--- a/hmp.h
+++ b/hmp.h
@@ -146,5 +146,6 @@ void hmp_info_ramblock(Monitor *mon, const QDict *qdict);
 void hmp_hotpluggable_cpus(Monitor *mon, const QDict *qdict);
 void hmp_info_vm_generation_id(Monitor *mon, const QDict *qdict);
 void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict);
+void hmp_info_sev(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index e2f02c4be95c..e664030dbd72 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -29,6 +29,7 @@
 #include "qapi/qmp/qdict.h"
 #include "hw/i386/pc.h"
 #include "sysemu/kvm.h"
+#include "sysemu/sev.h"
 #include "hmp.h"
 #include "sev_i386.h"
 #include "qmp-commands.h"
@@ -680,3 +681,22 @@ SevInfo *qmp_query_sev(Error **errp)
 
 return info;
 }
+
+void hmp_info_sev(Monitor *mon, const QDict *qdict)
+{
+SevInfo *info = sev_get_info();
+
+if (info && info->enabled) {
+monitor_printf(mon, "handle: %d\n", info->handle);
+monitor_printf(mon, "state: %s\n", SevState_str(info->state));
+monitor_printf(mon, "build: %d\n", info->build_id);
+monitor_printf(mon, "api version: %d.%d\n",
+   info->api_major, info->api_minor);
+monitor_printf(mon, "debug: %s\n",
+   info->policy & SEV_POLICY_NODBG ? "off" : "on");
+monitor_printf(mon, "key-sharing: %s\n",
+   info->policy & SEV_POLICY_NOKS ? "off" : "on");
+} else {
+monitor_printf(mon, "SEV is not enabled\n");
+}
+}
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 1/5] target/i386: Fix a minor typo found while reviwing

2018-02-28 Thread Moger, Babu 

> -Original Message-
> From: Radim Krčmář [mailto:rkrc...@redhat.com]
> Sent: Wednesday, February 28, 2018 11:38 AM
> To: Moger, Babu 
> Cc: pbonz...@redhat.com; r...@twiddle.net; ehabk...@redhat.com;
> mtosa...@redhat.com; qemu-devel@nongnu.org; k...@vger.kernel.org;
> p...@polepetko.eu; Hook, Gary 
> Subject: Re: [PATCH v2 1/5] target/i386: Fix a minor typo found while
> reviwing
> 
> 2018-02-23 21:30-0500, Babu Moger:
> > Changed KVM_CPUID_FLAG_SIGNIFCANT_INDEX to
> KVM_CPUID_FLAG_SIGNIFICANT_INDEX
> >
> > Signed-off-by: Babu Moger 
> > ---
> >  linux-headers/asm-x86/kvm.h | 2 +-
> >  target/i386/kvm.c   | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
> > index f3a9604..6aec661 100644
> > --- a/linux-headers/asm-x86/kvm.h
> > +++ b/linux-headers/asm-x86/kvm.h
> > @@ -220,7 +220,7 @@ struct kvm_cpuid_entry2 {
> > __u32 padding[3];
> >  };
> >
> > -#define KVM_CPUID_FLAG_SIGNIFCANT_INDEX(1 << 0)
> 
> The typo is in the original kernel header and we periodically copy it
> over with scripts/update-linux-headers.sh, so this change would only add
> overhead in the long run.

Yes. I see that now.

> 
> I'd keep the typo.

Sure. I will drop this patch. Let me not complicate things.

> 
> (The alternative is to add KVM_CPUID_FLAG_SIGNIFICANT_INDEX to the
> linux
>  header, so there would be both variants and use the correct one here.)
> 
> Thanks.
> 
> > +#define KVM_CPUID_FLAG_SIGNIFICANT_INDEX   (1 << 0)
> >  #define KVM_CPUID_FLAG_STATEFUL_FUNC   (1 << 1)
> >  #define KVM_CPUID_FLAG_STATE_READ_NEXT (1 << 2)
> >
> > diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> > index ad4b159..85856b6 100644
> > --- a/target/i386/kvm.c
> > +++ b/target/i386/kvm.c
> > @@ -844,7 +844,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
> >  break;
> >  }
> >  c->function = i;
> > -c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
> > +c->flags = KVM_CPUID_FLAG_SIGNIFICANT_INDEX;
> >  c->index = j;
> >  cpu_x86_cpuid(env, i, j, >eax, >ebx, >ecx, 
> > >edx);
> >
> > --
> > 1.8.3.1
> >

[Qemu-devel] [PATCH v10 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object

2018-02-28 Thread Brijesh Singh 
Add a new memory encryption object 'sev-guest'. The object will be used
to create enrypted VMs on AMD EPYC CPU. The object provides the properties
to pass guest owner's public Diffie-hellman key, guest policy and session
information required to create the memory encryption context within the
SEV firmware.

e.g to launch SEV guest
 # $QEMU \
-object sev-guest,id=sev0 \
-machine ,memory-encryption=sev0

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 docs/amd-memory-encryption.txt |  17 +++
 qemu-options.hx|  44 
 target/i386/Makefile.objs  |   2 +-
 target/i386/sev.c  | 228 +
 target/i386/sev_i386.h |  61 +++
 5 files changed, 351 insertions(+), 1 deletion(-)
 create mode 100644 target/i386/sev.c
 create mode 100644 target/i386/sev_i386.h

diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
index 72a92b6c6353..8711da9ed598 100644
--- a/docs/amd-memory-encryption.txt
+++ b/docs/amd-memory-encryption.txt
@@ -35,10 +35,21 @@ in bad measurement). The guest policy is a 4-byte data 
structure containing
 several flags that restricts what can be done on running SEV guest.
 See KM Spec section 3 and 6.2 for more details.
 
+The guest policy can be provided via the 'policy' property (see below)
+
+# ${QEMU} \
+   sev-guest,id=sev0,policy=0x1...\
+
 Guest owners provided DH certificate and session parameters will be used to
 establish a cryptographic session with the guest owner to negotiate keys used
 for the attestation.
 
+The DH certificate and session blob can be provided via 'dh-cert-file' and
+'session-file' property (see below
+
+# ${QEMU} \
+ sev-guest,id=sev0,dh-cert-file=,session-file=
+
 LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context
 created via LAUNCH_START command. If required, this command can be called
 multiple times to encrypt different memory regions. The command also calculates
@@ -59,6 +70,12 @@ context.
 See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the
 complete flow chart.
 
+To launch a SEV guest
+
+# ${QEMU} \
+-machine ...,memory-encryption=sev0 \
+-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5
+
 Debugging
 ---
 Since memory contents of SEV guest is encrypted hence hypervisor access to the
diff --git a/qemu-options.hx b/qemu-options.hx
index a6648ca073f2..f961b62bcbb2 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4313,6 +4313,50 @@ contents of @code{iv.b64} to the second secret
  data=$SECRET,iv=$(

[Qemu-devel] [PATCH v10 13/28] kvm: introduce memory encryption APIs

2018-02-28 Thread Brijesh Singh 
Inorder to integerate the Secure Encryption Virtualization (SEV) support
add few high-level memory encryption APIs which can be used for encrypting
the guest memory region.

Cc: Paolo Bonzini 
Cc: k...@vger.kernel.org
Signed-off-by: Brijesh Singh 
---
 accel/kvm/kvm-all.c| 30 ++
 accel/stubs/kvm-stub.c | 14 ++
 include/sysemu/kvm.h   | 25 +
 3 files changed, 69 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 300fc3cd44ce..4468c8fe002c 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -107,6 +107,8 @@ struct KVMState
 
 /* memory encryption */
 void *memcrypt_handle;
+int (*memcrypt_encrypt_data)(void *handle, uint8_t *ptr, uint64_t len);
+void (*memcrypt_debug_ops)(void *handle, MemoryRegion *mr);
 };
 
 KVMState *kvm_state;
@@ -142,6 +144,34 @@ int kvm_get_max_memslots(void)
 return s->nr_slots;
 }
 
+bool kvm_memcrypt_enabled(void)
+{
+if (kvm_state && kvm_state->memcrypt_handle) {
+return true;
+}
+
+return false;
+}
+
+int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)
+{
+if (kvm_state->memcrypt_handle &&
+kvm_state->memcrypt_encrypt_data) {
+return kvm_state->memcrypt_encrypt_data(kvm_state->memcrypt_handle,
+  ptr, len);
+}
+
+return 1;
+}
+
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
+{
+if (kvm_state->memcrypt_handle &&
+kvm_state->memcrypt_debug_ops) {
+kvm_state->memcrypt_debug_ops(kvm_state->memcrypt_handle, mr);
+}
+}
+
 static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml)
 {
 KVMState *s = kvm_state;
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index c964af3e1c97..5739712a67e3 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -105,6 +105,20 @@ int kvm_on_sigbus(int code, void *addr)
 return 1;
 }
 
+bool kvm_memcrypt_enabled(void)
+{
+return false;
+}
+
+int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len)
+{
+  return 1;
+}
+
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr)
+{
+}
+
 #ifndef CONFIG_USER_ONLY
 int kvm_irqchip_add_msi_route(KVMState *s, int vector, PCIDevice *dev)
 {
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 85002ac49a54..d69bd1ff2b07 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -231,6 +231,31 @@ int kvm_destroy_vcpu(CPUState *cpu);
  */
 bool kvm_arm_supports_user_irq(void);
 
+/**
+ * kvm_memcrypt_enabled - return boolean indicating whether memory encryption
+ *is enabled
+ * Returns: 1 memory encryption is enabled
+ *  0 memory encryption is disabled
+ */
+bool kvm_memcrypt_enabled(void);
+
+/**
+ * kvm_memcrypt_encrypt_data: encrypt the memory range
+ *
+ * Return: 1 failed to encrypt the range
+ * 0 succesfully encrypted memory region
+ */
+int kvm_memcrypt_encrypt_data(uint8_t *ptr, uint64_t len);
+
+/**
+ * kvm_memcrypt_set_debug_ram_ops: set debug_ram_ops callback
+ *
+ * When debug_ram_ops is set, debug access to this memory region will use
+ * memory encryption APIs.
+ */
+void kvm_memcrypt_set_debug_ops(MemoryRegion *mr);
+
+
 #ifdef NEED_CPU_H
 #include "cpu.h"
 
-- 
2.14.3

[Qemu-devel] [PATCH v10 22/28] target/i386: clear C-bit when walking SEV guest page table

2018-02-28 Thread Brijesh Singh 
In SEV-enabled guest the pte entry will have C-bit set, we need to
clear the C-bit when walking the page table.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/helper.c  | 31 +--
 target/i386/monitor.c | 68 +--
 2 files changed, 62 insertions(+), 37 deletions(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index 58fb6eec562a..dc5c7005cf13 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -21,6 +21,7 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "sysemu/kvm.h"
+#include "sev_i386.h"
 #include "kvm_i386.h"
 #ifndef CONFIG_USER_ONLY
 #include "sysemu/sysemu.h"
@@ -732,6 +733,9 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 int32_t a20_mask;
 uint32_t page_offset;
 int page_size;
+uint64_t me_mask;
+
+me_mask = sev_get_me_mask();
 
 a20_mask = x86_get_a20_mask(env);
 if (!(env->cr[0] & CR0_PG_MASK)) {
@@ -755,25 +759,25 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 }
 
 if (la57) {
-pml5e_addr = ((env->cr[3] & ~0xfff) +
+pml5e_addr = ((env->cr[3] & ~0xfff & me_mask) +
 (((addr >> 48) & 0x1ff) << 3)) & a20_mask;
-pml5e = ldq_phys_debug(cs, pml5e_addr);
+pml5e = ldq_phys_debug(cs, pml5e_addr) & me_mask;
 if (!(pml5e & PG_PRESENT_MASK)) {
 return -1;
 }
 } else {
-pml5e = env->cr[3];
+pml5e = env->cr[3] & me_mask;
 }
 
 pml4e_addr = ((pml5e & PG_ADDRESS_MASK) +
 (((addr >> 39) & 0x1ff) << 3)) & a20_mask;
-pml4e = ldq_phys_debug(cs, pml4e_addr);
+pml4e = ldq_phys_debug(cs, pml4e_addr) & me_mask;
 if (!(pml4e & PG_PRESENT_MASK)) {
 return -1;
 }
 pdpe_addr = ((pml4e & PG_ADDRESS_MASK) +
  (((addr >> 30) & 0x1ff) << 3)) & a20_mask;
-pdpe = x86_ldq_phys(cs, pdpe_addr);
+pdpe = ldq_phys_debug(cs, pdpe_addr) & me_mask;
 if (!(pdpe & PG_PRESENT_MASK)) {
 return -1;
 }
@@ -786,16 +790,16 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 } else
 #endif
 {
-pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
-a20_mask;
-pdpe = ldq_phys_debug(cs, pdpe_addr);
+pdpe_addr = ((env->cr[3] & ~0x1f & me_mask) + ((addr >> 27) & 
0x18))
+  & a20_mask;
+pdpe = ldq_phys_debug(cs, pdpe_addr) & me_mask;
 if (!(pdpe & PG_PRESENT_MASK))
 return -1;
 }
 
 pde_addr = ((pdpe & PG_ADDRESS_MASK) +
 (((addr >> 21) & 0x1ff) << 3)) & a20_mask;
-pde = ldq_phys_debug(cs, pde_addr);
+pde = ldq_phys_debug(cs, pde_addr) & me_mask;
 if (!(pde & PG_PRESENT_MASK)) {
 return -1;
 }
@@ -808,7 +812,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 pte_addr = ((pde & PG_ADDRESS_MASK) +
 (((addr >> 12) & 0x1ff) << 3)) & a20_mask;
 page_size = 4096;
-pte = ldq_phys_debug(cs, pte_addr);
+pte = ldq_phys_debug(cs, pte_addr) & me_mask;
 }
 if (!(pte & PG_PRESENT_MASK)) {
 return -1;
@@ -817,8 +821,9 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 uint32_t pde;
 
 /* page directory entry */
-pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask;
-pde = ldl_phys_debug(cs, pde_addr);
+pde_addr = ((env->cr[3] & ~0xfff & me_mask) + ((addr >> 20) & 0xffc))
+ & a20_mask;
+pde = ldl_phys_debug(cs, pde_addr) & me_mask;
 if (!(pde & PG_PRESENT_MASK))
 return -1;
 if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
@@ -827,7 +832,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 } else {
 /* page directory entry */
 pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & a20_mask;
-pte = ldl_phys_debug(cs, pte_addr);
+pte = ldl_phys_debug(cs, pte_addr) & me_mask;
 if (!(pte & PG_PRESENT_MASK)) {
 return -1;
 }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index e664030dbd72..64d459f80f0c 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -98,16 +98,20 @@ static void tlb_info_pae32(Monitor *mon, CPUArchState *env)
 unsigned int l1, l2, l3;
 uint64_t pdpe, pde, pte;
 uint64_t pdp_addr, pd_addr, pt_addr;
+uint64_t

[Qemu-devel] [PATCH v10 07/28] docs: add AMD Secure Encrypted Virtualization (SEV)

2018-02-28 Thread Brijesh Singh 
Create a documentation entry to describe the AMD Secure Encrypted
Virtualization (SEV) feature.

Cc: Paolo Bonzini 
Signed-off-by: Brijesh Singh 
---
 docs/amd-memory-encryption.txt | 92 ++
 1 file changed, 92 insertions(+)
 create mode 100644 docs/amd-memory-encryption.txt

diff --git a/docs/amd-memory-encryption.txt b/docs/amd-memory-encryption.txt
new file mode 100644
index ..72a92b6c6353
--- /dev/null
+++ b/docs/amd-memory-encryption.txt
@@ -0,0 +1,92 @@
+Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
+
+SEV is an extension to the AMD-V architecture which supports running encrypted
+virtual machine (VMs) under the control of KVM. Encrypted VMs have their pages
+(code and data) secured such that only the guest itself has access to the
+unencrypted version. Each encrypted VM is associated with a unique encryption
+key; if its data is accessed to a different entity using a different key the
+encrypted guests data will be incorrectly decrypted, leading to unintelligible
+data.
+
+The key management of this feature is handled by separate processor known as
+AMD secure processor (AMD-SP) which is present in AMD SOCs. Firmware running
+inside the AMD-SP provide commands to support common VM lifecycle. This
+includes commands for launching, snapshotting, migrating and debugging the
+encrypted guest. Those SEV command can be issued via KVM_MEMORY_ENCRYPT_OP
+ioctls.
+
+Launching
+-
+Boot images (such as bios) must be encrypted before guest can be booted.
+MEMORY_ENCRYPT_OP ioctl provides commands to encrypt the images :LAUNCH_START,
+LAUNCH_UPDATE_DATA, LAUNCH_MEASURE and LAUNCH_FINISH. These four commands
+together generate a fresh memory encryption key for the VM, encrypt the boot
+images and provide a measurement than can be used as an attestation of the
+successful launch.
+
+LAUNCH_START is called first to create a cryptographic launch context within
+the firmware. To create this context, guest owner must provides guest policy,
+its public Diffie-Hellman key (PDH) and session parameters. These inputs
+should be treated as binary blob and must be passed as-is to the SEV firmware.
+
+The guest policy is passed as plaintext and hypervisor may able to read it
+but should not modify it (any modification of the policy bits will result
+in bad measurement). The guest policy is a 4-byte data structure containing
+several flags that restricts what can be done on running SEV guest.
+See KM Spec section 3 and 6.2 for more details.
+
+Guest owners provided DH certificate and session parameters will be used to
+establish a cryptographic session with the guest owner to negotiate keys used
+for the attestation.
+
+LAUNCH_UPDATE_DATA encrypts the memory region using the cryptographic context
+created via LAUNCH_START command. If required, this command can be called
+multiple times to encrypt different memory regions. The command also calculates
+the measurement of the memory contents as it encrypts.
+
+LAUNCH_MEASURE command can be used to retrieve the measurement of encrypted
+memory. This measurement is a signature of the memory contents that can be
+sent to the guest owner as an attestation that the memory was encrypted
+correctly by the firmware. The guest owner may wait to provide the guest
+confidential information until it can verify the attestation measurement.
+Since the guest owner knows the initial contents of the guest at boot, the
+attestation measurement can be verified by comparing it to what the guest owner
+expects.
+
+LAUNCH_FINISH command finalizes the guest launch and destroy's the 
cryptographic
+context.
+
+See SEV KM API Spec [1] 'Launching a guest' usage flow (Appendix A) for the
+complete flow chart.
+
+Debugging
+---
+Since memory contents of SEV guest is encrypted hence hypervisor access to the
+guest memory will get a cipher text. If guest policy allows debugging, then
+hypervisor can use DEBUG_DECRYPT and DEBUG_ENCRYPT commands access the guest
+memory region for debug purposes.
+
+Snapshot/Restore
+-
+TODO
+
+Live Migration
+
+TODO
+
+References
+-
+
+AMD Memory Encryption whitepaper:
+http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
+
+Secure Encrypted Virutualization Key Management:
+[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+
+KVM Forum slides:
+http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf
+
+AMD64 Architecture Programmer's Manual:
+   http://support.amd.com/TechDocs/24593.pdf
+   SME is section 7.10
+   SEV is section 15.34
-- 
2.14.3

[Qemu-devel] [PATCH v10 24/28] sev/i386: add migration blocker

2018-02-28 Thread Brijesh Singh 
SEV guest migration is not implemented yet.

Signed-off-by: Brijesh Singh 
Reviewed-by: Dr. David Alan Gilbert 
---
 target/i386/sev.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 23c2b6183f33..ad94eeace1b0 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -19,12 +19,14 @@
 #include "sev_i386.h"
 #include "sysemu/sysemu.h"
 #include "trace.h"
+#include "migration/blocker.h"
 
 #define DEFAULT_GUEST_POLICY0x1 /* disable debug */
 #define DEFAULT_SEV_DEVICE  "/dev/sev"
 
 static SEVState *sev_state;
 static MemoryRegionRAMReadWriteOps  sev_ops;
+static Error *sev_mig_blocker;
 
 static const char *const sev_fw_errlist[] = {
 "",
@@ -577,6 +579,7 @@ static void
 sev_launch_finish(SEVState *s)
 {
 int ret, error;
+Error *local_err = NULL;
 
 trace_kvm_sev_launch_finish();
 ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, );
@@ -587,6 +590,16 @@ sev_launch_finish(SEVState *s)
 }
 
 sev_set_guest_state(SEV_STATE_RUNNING);
+
+/* add migration blocker */
+error_setg(_mig_blocker,
+   "SEV: Migration is not implemented");
+ret = migrate_add_blocker(sev_mig_blocker, _err);
+if (local_err) {
+error_report_err(local_err);
+error_free(sev_mig_blocker);
+exit(1);
+}
 }
 
 static void
-- 
2.14.3

[Qemu-devel] [PATCH 09/11] target/xtensa: add linux-user support

2018-02-28 Thread Max Filippov 
Import list of syscalls from the kernel source. Conditionalize code/data
that is only used with softmmu. Implement exception handlers. Implement
signal hander (only the core registers for now, no coprocessors or TIE).

Signed-off-by: Max Filippov 
---
 default-configs/xtensa-linux-user.mak   |   1 +
 default-configs/xtensaeb-linux-user.mak |   1 +
 linux-user/elfload.c|  58 +
 linux-user/main.c   | 245 ++
 linux-user/signal.c | 257 ++-
 linux-user/syscall.c|   2 +
 linux-user/syscall_defs.h   |  65 -
 linux-user/xtensa/syscall.h |   0
 linux-user/xtensa/syscall_nr.h  | 437 
 linux-user/xtensa/target_cpu.h  |  22 ++
 linux-user/xtensa/target_elf.h  |  16 ++
 linux-user/xtensa/target_signal.h   |  28 ++
 linux-user/xtensa/target_structs.h  |  28 ++
 linux-user/xtensa/target_syscall.h  |  49 
 linux-user/xtensa/termbits.h| 327 
 target/xtensa/Makefile.objs |   3 +-
 target/xtensa/cpu.c |  26 +-
 target/xtensa/cpu.h |  56 ++--
 target/xtensa/helper.c  |  30 +++
 target/xtensa/helper.h  |   4 +
 target/xtensa/op_helper.c   |  50 +++-
 target/xtensa/translate.c   |  43 +++-
 22 files changed, 1704 insertions(+), 44 deletions(-)
 create mode 100644 default-configs/xtensa-linux-user.mak
 create mode 100644 default-configs/xtensaeb-linux-user.mak
 create mode 100644 linux-user/xtensa/syscall.h
 create mode 100644 linux-user/xtensa/syscall_nr.h
 create mode 100644 linux-user/xtensa/target_cpu.h
 create mode 100644 linux-user/xtensa/target_elf.h
 create mode 100644 linux-user/xtensa/target_signal.h
 create mode 100644 linux-user/xtensa/target_structs.h
 create mode 100644 linux-user/xtensa/target_syscall.h
 create mode 100644 linux-user/xtensa/termbits.h

diff --git a/default-configs/xtensa-linux-user.mak 
b/default-configs/xtensa-linux-user.mak
new file mode 100644
index ..fd1d350ee944
--- /dev/null
+++ b/default-configs/xtensa-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for xtensa-linux-user
diff --git a/default-configs/xtensaeb-linux-user.mak 
b/default-configs/xtensaeb-linux-user.mak
new file mode 100644
index ..fd1d350ee944
--- /dev/null
+++ b/default-configs/xtensaeb-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for xtensa-linux-user
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 0208022445f0..7815311aaadc 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1315,6 +1315,64 @@ static inline void init_thread(struct target_pt_regs 
*regs,
 
 #endif /* TARGET_HPPA */
 
+#ifdef TARGET_XTENSA
+
+#define ELF_START_MMAP 0x2000
+
+#define ELF_CLASS   ELFCLASS32
+#define ELF_ARCHEM_XTENSA
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->windowbase = 0;
+regs->windowstart = 1;
+regs->areg[1] = infop->start_stack;
+regs->pc = infop->entry;
+}
+
+/* See linux kernel: arch/xtensa/include/asm/elf.h.  */
+#define ELF_NREG 128
+typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
+
+enum {
+TARGET_REG_PC,
+TARGET_REG_PS,
+TARGET_REG_LBEG,
+TARGET_REG_LEND,
+TARGET_REG_LCOUNT,
+TARGET_REG_SAR,
+TARGET_REG_WINDOWSTART,
+TARGET_REG_WINDOWBASE,
+TARGET_REG_THREADPTR,
+TARGET_REG_AR0 = 64,
+};
+
+static void elf_core_copy_regs(target_elf_gregset_t *regs,
+   const CPUXtensaState *env)
+{
+unsigned i;
+
+(*regs)[TARGET_REG_PC] = tswapreg(env->pc);
+(*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM);
+(*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]);
+(*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]);
+(*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]);
+(*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]);
+(*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]);
+(*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]);
+(*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]);
+xtensa_sync_phys_from_window((CPUXtensaState *)env);
+for (i = 0; i < env->config->nareg; ++i) {
+(*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]);
+}
+}
+
+#define USE_ELF_CORE_DUMP
+#define ELF_EXEC_PAGESIZE   4096
+
+#endif /* TARGET_XTENSA */
+
 #ifndef ELF_PLATFORM
 #define ELF_PLATFORM (NULL)
 #endif
diff --git a/linux-user/main.c b/linux-user/main.c
index bbeb78fb892b..1e7c6c02a80a 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3836,6 +3836,242 @@ void cpu_loop(CPUHPPAState *env)
 
 #endif /* TARGET_HPPA */
 
+#ifdef TARGET_XTENSA
+
+static void xtensa_rfw(CPUXtensaState *env)
+{
+

[Qemu-devel] [PATCH v10 04/28] monitor/i386: use debug APIs when accessing guest memory

2018-02-28 Thread Brijesh Singh 
Updates HMP commands to use the debug version of APIs when accessing the
guest memory.

Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Cc: Eduardo Habkost 
Reviewed-by: "Dr. David Alan Gilbert" 
Signed-off-by: Brijesh Singh 
---
 cpus.c|  2 +-
 disas.c   |  2 +-
 monitor.c |  6 +++---
 target/i386/helper.c  | 14 ++--
 target/i386/monitor.c | 60 +++
 5 files changed, 44 insertions(+), 40 deletions(-)

diff --git a/cpus.c b/cpus.c
index f298b659f467..fdd40d9e8ead 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2214,7 +2214,7 @@ void qmp_pmemsave(int64_t addr, int64_t size, const char 
*filename,
 l = sizeof(buf);
 if (l > size)
 l = size;
-cpu_physical_memory_read(addr, buf, l);
+cpu_physical_memory_read_debug(addr, buf, l);
 if (fwrite(buf, 1, l, f) != l) {
 error_setg(errp, QERR_IO_ERROR);
 goto exit;
diff --git a/disas.c b/disas.c
index d4ad1089efb3..fcedbf263302 100644
--- a/disas.c
+++ b/disas.c
@@ -586,7 +586,7 @@ static int
 physical_read_memory(bfd_vma memaddr, bfd_byte *myaddr, int length,
  struct disassemble_info *info)
 {
-cpu_physical_memory_read(memaddr, myaddr, length);
+cpu_physical_memory_read_debug(memaddr, myaddr, length);
 return 0;
 }
 
diff --git a/monitor.c b/monitor.c
index 373bb8d1c371..d77edc4bb692 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1361,7 +1361,7 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 if (l > line_size)
 l = line_size;
 if (is_physical) {
-cpu_physical_memory_read(addr, buf, l);
+cpu_physical_memory_read_debug(addr, buf, l);
 } else {
 if (cpu_memory_rw_debug(cs, addr, buf, l, 0) < 0) {
 monitor_printf(mon, " Cannot access memory\n");
@@ -1567,8 +1567,8 @@ static void hmp_sum(Monitor *mon, const QDict *qdict)
 
 sum = 0;
 for(addr = start; addr < (start + size); addr++) {
-uint8_t val = address_space_ldub(_space_memory, addr,
- MEMTXATTRS_UNSPECIFIED, NULL);
+uint8_t val;
+cpu_physical_memory_read_debug(addr, , 1);
 /* BSD sum algorithm ('sum' Unix command) */
 sum = (sum >> 1) | (sum << 15);
 sum += val;
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 9fba146b7fb0..58fb6eec562a 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -757,7 +757,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 if (la57) {
 pml5e_addr = ((env->cr[3] & ~0xfff) +
 (((addr >> 48) & 0x1ff) << 3)) & a20_mask;
-pml5e = x86_ldq_phys(cs, pml5e_addr);
+pml5e = ldq_phys_debug(cs, pml5e_addr);
 if (!(pml5e & PG_PRESENT_MASK)) {
 return -1;
 }
@@ -767,7 +767,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 
 pml4e_addr = ((pml5e & PG_ADDRESS_MASK) +
 (((addr >> 39) & 0x1ff) << 3)) & a20_mask;
-pml4e = x86_ldq_phys(cs, pml4e_addr);
+pml4e = ldq_phys_debug(cs, pml4e_addr);
 if (!(pml4e & PG_PRESENT_MASK)) {
 return -1;
 }
@@ -788,14 +788,14 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 {
 pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
 a20_mask;
-pdpe = x86_ldq_phys(cs, pdpe_addr);
+pdpe = ldq_phys_debug(cs, pdpe_addr);
 if (!(pdpe & PG_PRESENT_MASK))
 return -1;
 }
 
 pde_addr = ((pdpe & PG_ADDRESS_MASK) +
 (((addr >> 21) & 0x1ff) << 3)) & a20_mask;
-pde = x86_ldq_phys(cs, pde_addr);
+pde = ldq_phys_debug(cs, pde_addr);
 if (!(pde & PG_PRESENT_MASK)) {
 return -1;
 }
@@ -808,7 +808,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 pte_addr = ((pde & PG_ADDRESS_MASK) +
 (((addr >> 12) & 0x1ff) << 3)) & a20_mask;
 page_size = 4096;
-pte = x86_ldq_phys(cs, pte_addr);
+pte = ldq_phys_debug(cs, pte_addr);
 }
 if (!(pte & PG_PRESENT_MASK)) {
 return -1;
@@ -818,7 +818,7 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 
 /* page directory entry */
 pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask;
-pde = x86_ldl_phys(cs, pde_addr);
+pde = ldl_phys_debug(cs, pde_addr);
 if (!(pde &

[Qemu-devel] [PATCH v10 20/28] hw/i386: set ram_debug_ops when memory encryption is enabled

2018-02-28 Thread Brijesh Singh 
When memory encryption is enabled, the guest RAM and boot flash ROM will
contain the encrypted data. By setting the debug ops allow us to invoke
encryption APIs when accessing the memory for the debug purposes.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: "Michael S. Tsirkin" 
Signed-off-by: Brijesh Singh 
---
 hw/i386/pc.c   | 9 +
 hw/i386/pc_sysfw.c | 6 ++
 2 files changed, 15 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 55e69d66fe6f..53ddecef369c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1360,6 +1360,15 @@ void pc_memory_init(PCMachineState *pcms,
 e820_add_entry(0x1ULL, pcms->above_4g_mem_size, E820_RAM);
 }
 
+/*
+ * When memory encryption is enabled, the guest RAM will be encrypted with
+ * a guest unique key. Set the debug ops so that any debug access to the
+ * guest RAM will go through the memory encryption APIs.
+ */
+if (kvm_memcrypt_enabled()) {
+kvm_memcrypt_set_debug_ops(ram);
+}
+
 if (!pcmc->has_reserved_memory &&
 (machine->ram_slots ||
  (machine->maxram_size > machine->ram_size))) {
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 73ac783f2055..845240f97293 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -181,6 +181,12 @@ static void pc_system_flash_init(MemoryRegion *rom_memory)
 error_report("failed to encrypt pflash rom");
 exit(1);
 }
+
+/*
+ * The pflash ROM is encrypted, set the debug ops so that any
+ * debug accesses will use memory encryption APIs.
+ */
+kvm_memcrypt_set_debug_ops(flash_mem);
 }
 }
 }
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 1/5] target/i386: Fix a minor typo found while reviwing

2018-02-28 Thread Moger, Babu 

> -Original Message-
> From: Eric Blake [mailto:ebl...@redhat.com]
> Sent: Wednesday, February 28, 2018 12:49 PM
> To: Radim Krčmář ; Moger, Babu
> 
> Cc: ehabk...@redhat.com; k...@vger.kernel.org; mtosa...@redhat.com;
> Hook, Gary ; qemu-devel@nongnu.org;
> pbonz...@redhat.com; p...@polepetko.eu; r...@twiddle.net
> Subject: Re: [Qemu-devel] [PATCH v2 1/5] target/i386: Fix a minor typo
> found while reviwing
> 
> On 02/28/2018 11:38 AM, Radim Krčmář wrote:
> > 2018-02-23 21:30-0500, Babu Moger:
> 
> In the subject line: s/reviwing/reviewing/  [It's never a good sign when
> a fix claiming to fix a typo introduces a typo ;) ]

Good catch Eric. Sorry about that.  We don’t need this patch anymore. Thanks.

> 
> Or go for a shorter subject:
>   target/i386: Fix a minor typo
> 
> >> Changed KVM_CPUID_FLAG_SIGNIFCANT_INDEX to
> KVM_CPUID_FLAG_SIGNIFICANT_INDEX
> >>
> >> Signed-off-by: Babu Moger 
> >> ---
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH 11/11] MAINTAINERS: fix W: address for xtensa

2018-02-28 Thread Max Filippov 
Signed-off-by: Max Filippov 
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index a334a25e5df0..33c4ef0935dc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -279,7 +279,7 @@ T: git git://github.com/ehabkost/qemu.git x86-next
 
 Xtensa
 M: Max Filippov 
-W: http://wiki.osll.spb.ru/doku.php?id=etc:users:jcmvbkbc:qemu-target-xtensa
+W: http://wiki.osll.ru/doku.php?id=etc:users:jcmvbkbc:qemu-target-xtensa
 S: Maintained
 F: target/xtensa/
 F: hw/xtensa/
-- 
2.11.0

[Qemu-devel] [PATCH v10 05/28] machine: add -memory-encryption property

2018-02-28 Thread Brijesh Singh 
When CPU supports memory encryption feature, the property can be used to
specify the encryption object to use when launching an encrypted guest.

Cc: Paolo Bonzini 
Cc: Eduardo Habkost 
Cc: Marcel Apfelbaum 
Cc: Stefan Hajnoczi 
Signed-off-by: Brijesh Singh 
---
 hw/core/machine.c   | 22 ++
 include/hw/boards.h |  1 +
 qemu-options.hx |  5 -
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 5d445839e89e..414e6e71092d 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -334,6 +334,22 @@ static bool machine_get_enforce_config_section(Object 
*obj, Error **errp)
 return ms->enforce_config_section;
 }
 
+static char *machine_get_memory_encryption(Object *obj, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+return g_strdup(ms->memory_encryption);
+}
+
+static void machine_set_memory_encryption(Object *obj, const char *value,
+Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+g_free(ms->memory_encryption);
+ms->memory_encryption = g_strdup(value);
+}
+
 void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *type)
 {
 strList *item = g_new0(strList, 1);
@@ -612,6 +628,12 @@ static void machine_class_init(ObjectClass *oc, void *data)
 _abort);
 object_class_property_set_description(oc, "enforce-config-section",
 "Set on to enforce configuration section migration", _abort);
+
+object_class_property_add_str(oc, "memory-encryption",
+machine_get_memory_encryption, machine_set_memory_encryption,
+_abort);
+object_class_property_set_description(oc, "memory-encryption",
+"Set memory encyption object to use", _abort);
 }
 
 static void machine_class_base_init(ObjectClass *oc, void *data)
diff --git a/include/hw/boards.h b/include/hw/boards.h
index efb0a9edfdf1..8ce9a7a21d3d 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -243,6 +243,7 @@ struct MachineState {
 bool suppress_vmdesc;
 bool enforce_config_section;
 bool enable_graphics;
+char *memory_encryption;
 
 ram_addr_t ram_size;
 ram_addr_t maxram_size;
diff --git a/qemu-options.hx b/qemu-options.hx
index 8ccd5dcaa61d..a6648ca073f2 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "suppress-vmdesc=on|off disables self-describing migration 
(default=off)\n"
 "nvdimm=on|off controls NVDIMM support (default=off)\n"
 "enforce-config-section=on|off enforce configuration 
section migration (default=off)\n"
-"s390-squash-mcss=on|off (deprecated) controls support for 
squashing into default css (default=off)\n",
+"s390-squash-mcss=on|off (deprecated) controls support for 
squashing into default css (default=off)\n"
+"memory-encryption=@var{} memory encryption object to use 
(default=none)\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -machine [type=]@var{name}[,prop=@var{value}[,...]]
@@ -110,6 +111,8 @@ code to send configuration section even if the machine-type 
sets the
 @option{migration.send-configuration} property to @var{off}.
 NOTE: this parameter is deprecated. Please use @option{-global}
 @option{migration.send-configuration}=@var{on|off} instead.
+@item memory-encryption=@var{}
+Memory encryption object to use. The default is none.
 @end table
 ETEXI
 
-- 
2.14.3

[Qemu-devel] [PATCH v10 12/28] sev/i386: register the guest memory range which may contain encrypted data

2018-02-28 Thread Brijesh Singh 
When SEV is enabled, the hardware encryption engine uses a tweak such
that the two identical plaintext at different location will have a
different ciphertexts. So swapping or moving a ciphertexts of two guest
pages will not result in plaintexts being swapped. Hence relocating
a physical backing pages of the SEV guest will require some additional
steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be
used to register/unregister the guest memory region which may contain the
encrypted data. KVM driver will internally handle the relocating physical
backing pages of registered memory regions.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/sev.c| 41 +
 target/i386/trace-events |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 80569f4bcf49..8ee6159b2bfc 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -100,6 +100,45 @@ fw_error_to_str(int code)
 return sev_fw_errlist[code];
 }
 
+static void
+sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
+{
+int r;
+struct kvm_enc_region range;
+
+range.addr = (__u64)host;
+range.size = size;
+
+trace_kvm_memcrypt_register_region(host, size);
+r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_REG_REGION, );
+if (r) {
+error_report("%s: failed to register region (%p+%#lx)",
+ __func__, host, size);
+}
+}
+
+static void
+sev_ram_block_removed(RAMBlockNotifier *n, void *host, size_t size)
+{
+int r;
+struct kvm_enc_region range;
+
+range.addr = (__u64)host;
+range.size = size;
+
+trace_kvm_memcrypt_unregister_region(host, size);
+r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_UNREG_REGION, );
+if (r) {
+error_report("%s: failed to unregister region (%p+%#lx)",
+ __func__, host, size);
+}
+}
+
+static struct RAMBlockNotifier sev_ram_notifier = {
+.ram_block_added = sev_ram_block_added,
+.ram_block_removed = sev_ram_block_removed,
+};
+
 static void
 qsev_guest_finalize(Object *obj)
 {
@@ -434,6 +473,8 @@ sev_guest_init(const char *id)
 goto err;
 }
 
+ram_block_notifier_add(_ram_notifier);
+
 return s;
 err:
 g_free(sev_state);
diff --git a/target/i386/trace-events b/target/i386/trace-events
index 797b716751b7..ffa3d2250425 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -8,3 +8,5 @@ kvm_x86_update_msi_routes(int num) "Updated %d MSI routes"
 
 # target/i386/sev.c
 kvm_sev_init(void) ""
+kvm_memcrypt_register_region(void *addr, size_t len) "addr %p len 0x%lu"
+kvm_memcrypt_unregister_region(void *addr, size_t len) "addr %p len 0x%lu"
-- 
2.14.3

[Qemu-devel] [PATCH v10 26/28] qmp: add query-sev-capabilities command

2018-02-28 Thread Brijesh Singh 
The command can be used by libvirt to query the SEV capabilities.

Cc: "Daniel P. Berrangé" 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Signed-off-by: Brijesh Singh 
---
 monitor.c |  7 +++
 qapi-schema.json  | 42 ++
 target/i386/monitor.c |  5 +
 3 files changed, 54 insertions(+)

diff --git a/monitor.c b/monitor.c
index d0ebd5906d9d..26d86685a9f9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -985,6 +985,7 @@ static void qmp_unregister_commands_hack(void)
 qmp_unregister_command(_commands, "rtc-reset-reinjection");
 qmp_unregister_command(_commands, "query-sev");
 qmp_unregister_command(_commands, "query-sev-launch-measure");
+qmp_unregister_command(_commands, "query-sev-capabilities");
 #endif
 #ifndef TARGET_S390X
 qmp_unregister_command(_commands, "dump-skeys");
@@ -4171,6 +4172,12 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error 
**errp)
 error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-launch-measure");
 return NULL;
 }
+
+SevCapability *qmp_query_sev_capabilities(Error **errp)
+{
+error_setg(errp, QERR_FEATURE_DISABLED, "query-sev-capabilities");
+return NULL;
+}
 #endif
 
 #ifndef TARGET_S390X
diff --git a/qapi-schema.json b/qapi-schema.json
index facf2138df6b..9a50d9b8017e 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3279,3 +3279,45 @@
 #
 ##
 { 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' }
+
+##
+# @SevCapability:
+#
+# The struct describes capability for a Secure Encrypted Virtualization
+# feature.
+#
+# @pdh:  Platform Diffie-Hellman key
+#
+# @cert-chain:  PDH certificate chain
+#
+# @cbitpos: C-bit location in page table entry
+#
+# @reduced-phys-bits: Number of physical Address bit reduction when SEV is
+# enabled
+#
+# Since: 2.12
+##
+{ 'struct': 'SevCapability',
+  'data': { 'pdh': 'str',
+'cert-chain': 'str',
+'cbitpos': 'int',
+'reduced-phys-bits': 'int'} }
+
+##
+# @query-sev-capabilities:
+#
+# This command is used to get the SEV capabilities and supported on AMD
+# X86 platform only.
+#
+# Returns: a list of SevCapability objects.
+#
+# Since: 2.12
+#
+# Example:
+#
+# -> { "execute": "query-sev-capabilities" }
+# <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
+#  "cbitpos": 47, "reduced-phys-bits": 5}}
+#
+##
+{ 'command': 'query-sev-capabilities', 'returns': 'SevCapability' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 577d50eebaaa..1b55dd0fff88 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -737,3 +737,8 @@ SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error 
**errp)
 
 return info;
 }
+
+SevCapability *qmp_query_sev_capabilities(Error **errp)
+{
+return NULL;
+}
-- 
2.14.3

[Qemu-devel] [PATCH 10/11] qemu-binfmt-conf.sh: add qemu-xtensa

2018-02-28 Thread Max Filippov 
Register qemu-xtensa and qemu-xtensaeb for transparent linux userspace
emulation.

Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 scripts/qemu-binfmt-conf.sh | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index ea5a7487457c..4efc5812aaa9 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -1,10 +1,10 @@
 #!/bin/sh
-# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390/HPPA
+# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390/HPPA/Xtensa
 # program execution by the kernel
 
 qemu_target_list="i386 i486 alpha arm armeb sparc32plus ppc ppc64 ppc64le m68k 
\
 mips mipsel mipsn32 mipsn32el mips64 mips64el \
-sh4 sh4eb s390x aarch64 aarch64_be hppa"
+sh4 sh4eb s390x aarch64 aarch64_be hppa xtensa xtensaeb"
 
 
i386_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'
 
i386_mask='\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
@@ -100,6 +100,14 @@ 
hppa_magic='\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
 
hppa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
 hppa_family=hppa
 
+xtensa_magic='\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x5e\x00'
+xtensa_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+xtensa_family=xtensa
+
+xtensaeb_magic='\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x5e'
+xtensaeb_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
+xtensaeb_family=xtensaeb
+
 qemu_get_family() {
 cpu=${HOST_ARCH:-$(uname -m)}
 case "$cpu" in
-- 
2.11.0

[Qemu-devel] [PATCH v10 02/28] exec: add ram_debug_ops support

2018-02-28 Thread Brijesh Singh 
Currently, the guest memory access for the debug purpose is performed
using the memcpy(). Lets extend the 'struct MemoryRegion' to include
ram_debug_ops callbacks. The ram_debug_ops can be used to override
memcpy() with something else.

The feature can be used by encrypted guest -- which can register
callbacks to override memcpy() with memory encryption/decryption APIs.

a typical usage:

mem_read(uint8_t *dst, uint8_t *src, uint32_t len, MemTxAttrs *attrs);
mem_write(uint8_t *dst, uint8_t *src, uint32_t len, MemTxAttrs *attrs);

MemoryRegionRAMReadWriteOps ops;
ops.read = mem_read;
ops.write = mem_write;

memory_region_init_ram(mem, NULL, "memory", size, NULL);
memory_region_set_ram_debug_ops(mem, ops);

Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Signed-off-by: Brijesh Singh 
---
 exec.c| 43 ---
 include/exec/memory.h | 30 +-
 2 files changed, 61 insertions(+), 12 deletions(-)

diff --git a/exec.c b/exec.c
index 4d8addb263a0..4408cd26c989 100644
--- a/exec.c
+++ b/exec.c
@@ -3054,7 +3054,11 @@ static MemTxResult flatview_write_continue(FlatView *fv, 
hwaddr addr,
 } else {
 /* RAM case */
 ptr = qemu_ram_ptr_length(mr->ram_block, addr1, , false);
-memcpy(ptr, buf, l);
+if (attrs.debug && mr->ram_debug_ops) {
+mr->ram_debug_ops->write(ptr, buf, l, attrs);
+} else {
+memcpy(ptr, buf, l);
+}
 invalidate_and_set_dirty(mr, addr1, l);
 }
 
@@ -3152,7 +3156,11 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr 
addr,
 } else {
 /* RAM case */
 ptr = qemu_ram_ptr_length(mr->ram_block, addr1, , false);
-memcpy(buf, ptr, l);
+if (attrs.debug && mr->ram_debug_ops) {
+mr->ram_debug_ops->read(buf, ptr, l, attrs);
+} else {
+memcpy(buf, ptr, l);
+}
 }
 
 if (release_lock) {
@@ -3226,7 +3234,8 @@ enum write_rom_type {
 };
 
 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
-hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
+hwaddr addr, const uint8_t *buf, int len, MemTxAttrs attrs,
+enum write_rom_type type)
 {
 hwaddr l;
 uint8_t *ptr;
@@ -3246,7 +3255,11 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (type) {
 case WRITE_DATA:
-memcpy(ptr, buf, l);
+if (mr->ram_debug_ops) {
+mr->ram_debug_ops->write(ptr, buf, l, attrs);
+} else {
+memcpy(ptr, buf, l);
+}
 invalidate_and_set_dirty(mr, addr1, l);
 break;
 case FLUSH_CACHE:
@@ -3265,7 +3278,9 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
const uint8_t *buf, int len)
 {
-cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
+cpu_physical_memory_write_rom_internal(as, addr, buf, len,
+   MEMTXATTRS_UNSPECIFIED,
+   WRITE_DATA);
 }
 
 void cpu_flush_icache_range(hwaddr start, int len)
@@ -3280,8 +3295,9 @@ void cpu_flush_icache_range(hwaddr start, int len)
 return;
 }
 
-cpu_physical_memory_write_rom_internal(_space_memory,
-   start, NULL, len, FLUSH_CACHE);
+cpu_physical_memory_write_rom_internal(_space_memory, start, NULL,
+   len, MEMTXATTRS_UNSPECIFIED,
+   FLUSH_CACHE);
 }
 
 typedef struct {
@@ -3596,6 +3612,10 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 page = addr & TARGET_PAGE_MASK;
 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, );
 asidx = cpu_asidx_from_attrs(cpu, attrs);
+
+/* set debug attrs to indicate memory access is from the debugger */
+attrs.debug = 1;
+
 /* if no physical page mapped, return an error */
 if (phys_addr == -1)
 return -1;
@@ -3604,13 +3624,14 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong 
addr,
 l = len;
 phys_addr += (addr & ~TARGET_PAGE_MASK);
 if (is_write) {
-cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
-  phys_addr, buf, l);
+cpu_physical_memory_write_rom_internal(cpu->cpu_ases[asidx].as,
+   phys_addr, buf, l, attrs,
+

[Qemu-devel] [PATCH v10 10/28] include: add psp-sev.h header file

2018-02-28 Thread Brijesh Singh 
The header file provide the ioctl command and structure to communicate
with /dev/sev device.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 linux-headers/linux/psp-sev.h | 142 ++
 1 file changed, 142 insertions(+)
 create mode 100644 linux-headers/linux/psp-sev.h

diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h
new file mode 100644
index ..33e247471ae0
--- /dev/null
+++ b/linux-headers/linux/psp-sev.h
@@ -0,0 +1,142 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh 
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include 
+
+/**
+ * SEV platform commands
+ */
+enum {
+   SEV_FACTORY_RESET = 0,
+   SEV_PLATFORM_STATUS,
+   SEV_PEK_GEN,
+   SEV_PEK_CSR,
+   SEV_PDH_GEN,
+   SEV_PDH_CERT_EXPORT,
+   SEV_PEK_CERT_IMPORT,
+
+   SEV_MAX,
+};
+
+/**
+ * SEV Firmware status code
+ */
+typedef enum {
+   SEV_RET_SUCCESS = 0,
+   SEV_RET_INVALID_PLATFORM_STATE,
+   SEV_RET_INVALID_GUEST_STATE,
+   SEV_RET_INAVLID_CONFIG,
+   SEV_RET_INVALID_LEN,
+   SEV_RET_ALREADY_OWNED,
+   SEV_RET_INVALID_CERTIFICATE,
+   SEV_RET_POLICY_FAILURE,
+   SEV_RET_INACTIVE,
+   SEV_RET_INVALID_ADDRESS,
+   SEV_RET_BAD_SIGNATURE,
+   SEV_RET_BAD_MEASUREMENT,
+   SEV_RET_ASID_OWNED,
+   SEV_RET_INVALID_ASID,
+   SEV_RET_WBINVD_REQUIRED,
+   SEV_RET_DFFLUSH_REQUIRED,
+   SEV_RET_INVALID_GUEST,
+   SEV_RET_INVALID_COMMAND,
+   SEV_RET_ACTIVE,
+   SEV_RET_HWSEV_RET_PLATFORM,
+   SEV_RET_HWSEV_RET_UNSAFE,
+   SEV_RET_UNSUPPORTED,
+   SEV_RET_MAX,
+} sev_ret_code;
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+   __u8 api_major; /* Out */
+   __u8 api_minor; /* Out */
+   __u8 state; /* Out */
+   __u32 flags;/* Out */
+   __u8 build; /* Out */
+   __u32 guest_count;  /* Out */
+} __attribute__((packed));
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+   __u64 address;  /* In */
+   __u32 length;   /* In/Out */
+} __attribute__((packed));
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+   __u64 pek_cert_address; /* In */
+   __u32 pek_cert_len; /* In */
+   __u64 oca_cert_address; /* In */
+   __u32 oca_cert_len; /* In */
+} __attribute__((packed));
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+   __u64 pdh_cert_address; /* In */
+   __u32 pdh_cert_len; /* In/Out */
+   __u64 cert_chain_address;   /* In */
+   __u32 cert_chain_len;   /* In/Out */
+} __attribute__((packed));
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error: SEV FW return code on failure
+ */
+struct sev_issue_cmd {
+   __u32 cmd;  /* In */
+   __u64 data; /* In */
+   __u32 error;/* Out */
+} __attribute__((packed));
+
+#define SEV_IOC_TYPE   'S'
+#define SEV_ISSUE_CMD  _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
+
+#endif /* __PSP_USER_SEV_H */
--

[Qemu-devel] [PATCH v10 19/28] sev/i386: finalize the SEV guest launch flow

2018-02-28 Thread Brijesh Singh 
SEV launch flow requires us to issue LAUNCH_FINISH command before guest
is ready to run.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Signed-off-by: Brijesh Singh 
---
 target/i386/sev.c| 29 +
 target/i386/trace-events |  1 +
 2 files changed, 30 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index a61c100ef47b..c341257fcc14 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -572,6 +572,34 @@ static Notifier sev_machine_done_notify = {
 .notify = sev_launch_get_measure,
 };
 
+static void
+sev_launch_finish(SEVState *s)
+{
+int ret, error;
+
+trace_kvm_sev_launch_finish();
+ret = sev_ioctl(sev_state->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, );
+if (ret) {
+error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'",
+ __func__, ret, error, fw_error_to_str(error));
+exit(1);
+}
+
+sev_set_guest_state(SEV_STATE_RUNNING);
+}
+
+static void
+sev_vm_state_change(void *opaque, int running, RunState state)
+{
+SEVState *s = opaque;
+
+if (running) {
+if (!sev_check_state(SEV_STATE_RUNNING)) {
+sev_launch_finish(s);
+}
+}
+}
+
 void *
 sev_guest_init(const char *id)
 {
@@ -653,6 +681,7 @@ sev_guest_init(const char *id)
 
 ram_block_notifier_add(_ram_notifier);
 qemu_add_machine_init_done_notifier(_machine_done_notify);
+qemu_add_vm_change_state_handler(sev_vm_state_change, s);
 
 return s;
 err:
diff --git a/target/i386/trace-events b/target/i386/trace-events
index f7a1a1e6b85c..b1fbde6e40fe 100644
--- a/target/i386/trace-events
+++ b/target/i386/trace-events
@@ -14,3 +14,4 @@ kvm_sev_change_state(const char *old, const char *new) "%s -> 
%s"
 kvm_sev_launch_start(int policy, void *session, void *pdh) "policy 0x%x 
session %p pdh %p"
 kvm_sev_launch_update_data(void *addr, uint64_t len) "addr %p len 0x%" PRIu64
 kvm_sev_launch_measurement(const char *value) "data %s"
+kvm_sev_launch_finish(void) ""
-- 
2.14.3

[Qemu-devel] [PATCH 08/11] linux-user: drop unused target_msync function

2018-02-28 Thread Max Filippov 
target_msync is not used, remove its declaration and implementation.

Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/mmap.c | 17 -
 linux-user/qemu.h |  1 -
 2 files changed, 18 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 84b15c9a1699..9168a2051c34 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -754,20 +754,3 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 mmap_unlock();
 return new_addr;
 }
-
-int target_msync(abi_ulong start, abi_ulong len, int flags)
-{
-abi_ulong end;
-
-if (start & ~TARGET_PAGE_MASK)
-return -EINVAL;
-len = TARGET_PAGE_ALIGN(len);
-end = start + len;
-if (end < start)
-return -EINVAL;
-if (end == start)
-return 0;
-
-start &= qemu_host_page_mask;
-return msync(g2h(start), end - start, flags);
-}
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index f4b4ca72adb0..23712bbca860 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -428,7 +428,6 @@ int target_munmap(abi_ulong start, abi_ulong len);
 abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
abi_ulong new_size, unsigned long flags,
abi_ulong new_addr);
-int target_msync(abi_ulong start, abi_ulong len, int flags);
 extern unsigned long last_brk;
 extern abi_ulong mmap_next_start;
 abi_ulong mmap_find_vma(abi_ulong, abi_ulong);
-- 
2.11.0

[Qemu-devel] [PATCH v10 03/28] exec: add debug version of physical memory read and write API

2018-02-28 Thread Brijesh Singh 
Adds the following new APIs
- cpu_physical_memory_read_debug
- cpu_physical_memory_write_debug
- cpu_physical_memory_rw_debug
- ldl_phys_debug
- ldq_phys_debug

Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Signed-off-by: Brijesh Singh 
Reviewed-by: Paolo Bonzini 
---
 exec.c| 40 
 include/exec/cpu-common.h | 15 +++
 2 files changed, 55 insertions(+)

diff --git a/exec.c b/exec.c
index 4408cd26c989..633be92d2b3a 100644
--- a/exec.c
+++ b/exec.c
@@ -3596,6 +3596,46 @@ void address_space_cache_destroy(MemoryRegionCache 
*cache)
 #define RCU_READ_UNLOCK()rcu_read_unlock()
 #include "memory_ldst.inc.c"
 
+uint32_t ldl_phys_debug(CPUState *cpu, hwaddr addr)
+{
+MemTxAttrs attrs;
+int asidx = cpu_asidx_from_attrs(cpu, attrs);
+uint32_t val;
+
+/* set debug attrs to indicate memory access is from the debugger */
+attrs.debug = 1;
+
+address_space_rw(cpu->cpu_ases[asidx].as, addr, attrs,
+ (void *) , 4, 0);
+
+return tswap32(val);
+}
+
+uint64_t ldq_phys_debug(CPUState *cpu, hwaddr addr)
+{
+MemTxAttrs attrs;
+int asidx = cpu_asidx_from_attrs(cpu, attrs);
+uint64_t val;
+
+/* set debug attrs to indicate memory access is from the debugger */
+attrs.debug = 1;
+
+address_space_rw(cpu->cpu_ases[asidx].as, addr, attrs,
+ (void *) , 8, 0);
+return val;
+}
+
+void cpu_physical_memory_rw_debug(hwaddr addr, uint8_t *buf,
+  int len, int is_write)
+{
+MemTxAttrs attrs;
+
+/* set debug attrs to indicate memory access is from the debugger */
+attrs.debug = 1;
+
+address_space_rw(_space_memory, addr, attrs, buf, len, is_write);
+}
+
 /* virtual memory access for debug (includes writing to ROM) */
 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 uint8_t *buf, int len, int is_write)
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 74341b19d26a..fa01385d4f1b 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -77,11 +77,26 @@ size_t qemu_ram_pagesize_largest(void);
 
 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
 int len, int is_write);
+void cpu_physical_memory_rw_debug(hwaddr addr, uint8_t *buf,
+  int len, int is_write);
 static inline void cpu_physical_memory_read(hwaddr addr,
 void *buf, int len)
 {
 cpu_physical_memory_rw(addr, buf, len, 0);
 }
+static inline void cpu_physical_memory_read_debug(hwaddr addr,
+  void *buf, int len)
+{
+cpu_physical_memory_rw_debug(addr, buf, len, 0);
+}
+static inline void cpu_physical_memory_write_debug(hwaddr addr,
+   const void *buf, int len)
+{
+cpu_physical_memory_rw_debug(addr, (void *)buf, len, 1);
+}
+uint32_t ldl_phys_debug(CPUState *cpu, hwaddr addr);
+uint64_t ldq_phys_debug(CPUState *cpu, hwaddr addr);
+
 static inline void cpu_physical_memory_write(hwaddr addr,
  const void *buf, int len)
 {
-- 
2.14.3

[Qemu-devel] [PATCH v10 06/28] kvm: update kvm.h to include memory encryption ioctls

2018-02-28 Thread Brijesh Singh 
Updates kmv.h to include memory encryption ioctls and SEV commands.

Cc: Christian Borntraeger 
Cc: Cornelia Huck 
Cc: Paolo Bonzini 
Signed-off-by: Brijesh Singh 
---
 linux-headers/linux/kvm.h | 90 +++
 1 file changed, 90 insertions(+)

diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index d92c9b2f0ed2..aed22309950d 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1362,6 +1362,96 @@ struct kvm_s390_ucas_mapping {
 /* Available with KVM_CAP_S390_CMMA_MIGRATION */
 #define KVM_S390_GET_CMMA_BITS  _IOWR(KVMIO, 0xb8, struct 
kvm_s390_cmma_log)
 #define KVM_S390_SET_CMMA_BITS  _IOW(KVMIO, 0xb9, struct kvm_s390_cmma_log)
+/* Memory Encryption Commands */
+#define KVM_MEMORY_ENCRYPT_OP  _IOWR(KVMIO, 0xba, unsigned long)
+
+struct kvm_enc_region {
+   __u64 addr;
+   __u64 size;
+};
+
+#define KVM_MEMORY_ENCRYPT_REG_REGION_IOR(KVMIO, 0xbb, struct 
kvm_enc_region)
+#define KVM_MEMORY_ENCRYPT_UNREG_REGION  _IOR(KVMIO, 0xbc, struct 
kvm_enc_region)
+
+/* Secure Encrypted Virtualization command */
+enum sev_cmd_id {
+   /* Guest initialization commands */
+   KVM_SEV_INIT = 0,
+   KVM_SEV_ES_INIT,
+   /* Guest launch commands */
+   KVM_SEV_LAUNCH_START,
+   KVM_SEV_LAUNCH_UPDATE_DATA,
+   KVM_SEV_LAUNCH_UPDATE_VMSA,
+   KVM_SEV_LAUNCH_SECRET,
+   KVM_SEV_LAUNCH_MEASURE,
+   KVM_SEV_LAUNCH_FINISH,
+   /* Guest migration commands (outgoing) */
+   KVM_SEV_SEND_START,
+   KVM_SEV_SEND_UPDATE_DATA,
+   KVM_SEV_SEND_UPDATE_VMSA,
+   KVM_SEV_SEND_FINISH,
+   /* Guest migration commands (incoming) */
+   KVM_SEV_RECEIVE_START,
+   KVM_SEV_RECEIVE_UPDATE_DATA,
+   KVM_SEV_RECEIVE_UPDATE_VMSA,
+   KVM_SEV_RECEIVE_FINISH,
+   /* Guest status and debug commands */
+   KVM_SEV_GUEST_STATUS,
+   KVM_SEV_DBG_DECRYPT,
+   KVM_SEV_DBG_ENCRYPT,
+   /* Guest certificates commands */
+   KVM_SEV_CERT_EXPORT,
+
+   KVM_SEV_NR_MAX,
+};
+
+struct kvm_sev_cmd {
+   __u32 id;
+   __u64 data;
+   __u32 error;
+   __u32 sev_fd;
+};
+
+struct kvm_sev_launch_start {
+   __u32 handle;
+   __u32 policy;
+   __u64 dh_uaddr;
+   __u32 dh_len;
+   __u64 session_uaddr;
+   __u32 session_len;
+};
+
+struct kvm_sev_launch_update_data {
+   __u64 uaddr;
+   __u32 len;
+};
+
+
+struct kvm_sev_launch_secret {
+   __u64 hdr_uaddr;
+   __u32 hdr_len;
+   __u64 guest_uaddr;
+   __u32 guest_len;
+   __u64 trans_uaddr;
+   __u32 trans_len;
+};
+
+struct kvm_sev_launch_measure {
+   __u64 uaddr;
+   __u32 len;
+};
+
+struct kvm_sev_guest_status {
+   __u32 handle;
+   __u32 policy;
+   __u32 state;
+};
+
+struct kvm_sev_dbg {
+   __u64 src_uaddr;
+   __u64 dst_uaddr;
+   __u32 len;
+};
 
 #define KVM_DEV_ASSIGN_ENABLE_IOMMU(1 << 0)
 #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
-- 
2.14.3

[Qemu-devel] [PATCH v10 09/28] qmp: add query-sev command

2018-02-28 Thread Brijesh Singh 
The QMP query command can used to retrieve the SEV information when
memory encryption is enabled on AMD platform.

Cc: Eric Blake 
Cc: "Daniel P. Berrangé" 
Cc: "Dr. David Alan Gilbert" 
Cc: Markus Armbruster 
Signed-off-by: Brijesh Singh 
---
 monitor.c |  7 ++
 qapi-schema.json  | 61 +++
 target/i386/monitor.c |  8 +++
 3 files changed, 76 insertions(+)

diff --git a/monitor.c b/monitor.c
index d77edc4bb692..356d550aaf2d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -983,6 +983,7 @@ static void qmp_unregister_commands_hack(void)
 #endif
 #ifndef TARGET_I386
 qmp_unregister_command(_commands, "rtc-reset-reinjection");
+qmp_unregister_command(_commands, "query-sev");
 #endif
 #ifndef TARGET_S390X
 qmp_unregister_command(_commands, "dump-skeys");
@@ -4157,6 +4158,12 @@ void qmp_rtc_reset_reinjection(Error **errp)
 {
 error_setg(errp, QERR_FEATURE_DISABLED, "rtc-reset-reinjection");
 }
+
+SevInfo *qmp_query_sev(Error **errp)
+{
+error_setg(errp, QERR_FEATURE_DISABLED, "query-sev");
+return NULL;
+}
 #endif
 
 #ifndef TARGET_S390X
diff --git a/qapi-schema.json b/qapi-schema.json
index 0262b9f20bc6..467a06460ead 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3189,3 +3189,64 @@
 # Since: 2.11
 ##
 { 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} }
+
+##
+# @SevState:
+#
+# An enumeration of SEV state information used during @query-sev.
+#
+# Since: 2.12
+##
+{ 'enum': 'SevState',
+  'data': ['uninit', 'lupdate', 'lsecret', 'running', 'supdate', 'rupdate' ] }
+
+##
+# @SevInfo:
+#
+# Information about Secure Encrypted Virtualization (SEV) support
+#
+# @enabled: true if SEV is active
+#
+# @api-major: SEV API major version
+#
+# @api-minor: SEV API minor version
+#
+# @build-id: SEV FW build id
+#
+# @policy: SEV policy value
+#
+# @state: SEV guest state
+#
+# @handle: SEV firmware handle
+#
+# Since: 2.12
+##
+{ 'struct': 'SevInfo',
+'data': { 'enabled': 'bool',
+  'api-major': 'uint8',
+  'api-minor' : 'uint8',
+  'build-id' : 'uint8',
+  'policy' : 'uint32',
+  'state' : 'SevState',
+  'handle' : 'uint32'
+}
+}
+
+##
+# @query-sev:
+#
+# Returns information about SEV
+#
+# Returns: @SevInfo
+#
+# Since: 2.12
+#
+# Example:
+#
+# -> { "execute": "query-sev" }
+# <- { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
+#  "build-id" : 0, "policy" : 0, "state" : "running",
+#  "handle" : 1 } }
+#
+##
+{ 'command': 'query-sev', 'returns': 'SevInfo' }
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 55ea10deb8ef..f429b1fc5383 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -30,6 +30,8 @@
 #include "hw/i386/pc.h"
 #include "sysemu/kvm.h"
 #include "hmp.h"
+#include "sev_i386.h"
+#include "qmp-commands.h"
 
 
 static void print_pte(Monitor *mon, CPUArchState *env, hwaddr addr,
@@ -665,3 +667,9 @@ void hmp_info_io_apic(Monitor *mon, const QDict *qdict)
 ioapic_dump_state(mon, qdict);
 }
 }
+
+SevInfo *qmp_query_sev(Error **errp)
+{
+error_setg(errp, "SEV feature is not available");
+return NULL;
+}
-- 
2.14.3

[Qemu-devel] [PATCH 06/11] linux-user: fix assertion in shmdt

2018-02-28 Thread Max Filippov 
shmdt fails to call mmap_lock/mmap_unlock around page_set_flags,
resulting in the following assertion:
  page_set_flags: Assertion `have_mmap_lock()' failed.

Wrap shmdt internals into mmap_lock/mmap_unlock.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/syscall.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 79245e73784f..595b26fdd8f3 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4947,6 +4947,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
 static inline abi_long do_shmdt(abi_ulong shmaddr)
 {
 int i;
+abi_long rv;
+
+mmap_lock();
 
 for (i = 0; i < N_SHM_REGIONS; ++i) {
 if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
@@ -4955,8 +4958,11 @@ static inline abi_long do_shmdt(abi_ulong shmaddr)
 break;
 }
 }
+rv = get_errno(shmdt(g2h(shmaddr)));
+
+mmap_unlock();
 
-return get_errno(shmdt(g2h(shmaddr)));
+return rv;
 }
 
 #ifdef TARGET_NR_ipc
-- 
2.11.0

[Qemu-devel] [PATCH v10 01/28] memattrs: add debug attribute

2018-02-28 Thread Brijesh Singh 
Extend the MemTxAttrs to include 'debug' flag. The flag can be used as
general indicator that operation was triggered by the debugger.

Later in the patch series we set the debug=1 when issuing a memory access
from the gdbstub or HMP commands. This patch is prerequisite to support
debugging the encrypted guest. If we see request with debug=1 then we
will need to use encryption APIs to access the guest memory.

Cc: Alistair Francis 
Cc: Peter Maydell 
Cc: "Edgar E. Iglesias" 
Cc: Richard Henderson 
Cc: Paolo Bonzini 
Reviewed-by: "Edgar E. Iglesias" 
Signed-off-by: Brijesh Singh 
---
 include/exec/memattrs.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index d4a16420984b..08099e4f7e72 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -37,6 +37,8 @@ typedef struct MemTxAttrs {
 unsigned int user:1;
 /* Requester ID (for MSI for example) */
 unsigned int requester_id:16;
+/* Memory access request from the debugger */
+unsigned int debug:1;
 } MemTxAttrs;
 
 /* Bus masters which don't specify any attributes will get this,
-- 
2.14.3

[Qemu-devel] [PATCH v10 00/29] x86: Secure Encrypted Virtualization (AMD)

2018-02-28 Thread Brijesh Singh 
This patch series provides support for AMD's new Secure Encrypted 
Virtualization (SEV) feature.

SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. The SEV feature allows
the memory contents of a virtual machine (VM) to be transparently encrypted
with a key unique to the guest VM. The memory controller contains a
high performance encryption engine which can be programmed with multiple
keys for use by a different VMs in the system. The programming and
management of these keys is handled by the AMD Secure Processor firmware
which exposes a commands for these tasks.

The KVM SEV patch series introduced a new ioctl (KVM_MEMORY_ENCRYPTION_OP)
which is used by qemu to issue the SEV commands to assist performing
common hypervisor activities such as a launching, running, snapshooting,
migration and debugging guests.

The following links provide additional details:

AMD Memory Encryption whitepaper:
 
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
http://support.amd.com/TechDocs/24593.pdf
SME is section 7.10
SEV is section 15.34

Secure Encrypted Virutualization Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf

KVM Forum slides:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

Video of the KVM Forum Talk:
https://www.youtube.com/watch?v=RcvQ1xN55Ew

---

The complete patch series is available :
https://github.com/codomania/qemu/tree/v10

Using these patches we have succesfully booted and tested a guest both with and
without SEV enabled.

TODO:

* Add SEV guest migration support
* Add SEV guest snapshot and restore support

Changes since v9:
- move sev specific header definition in target/i386/sev_i386.h
- add new QMP query-sev-capabilities - the command will be used by libvirt
  to query the SEV capabilities information.
- move sev specific QMP command implementation in target/i386/monitor.c. The
  sev commands are disabled for non x86 architecture
- update 'info sev' command to display human readiable format for policy
- use g_new0 to allocate to structure memory
- update qemu-options.hx to include cbitspos and reduced-phys-bit field

Changes since v8:
- update 'query-sev' command to use enum type for SEV state.
- populate memory encryption cpuid when only SEV is enabled.


Changes since v7:
- move sev.c from accel/kvm to target/i386
- update query-sev-launch-measure to return error when measurement is not 
available
- update flatview_read to use slow path when attrs.debug=1 is set
- fix the buffer overflow
- use '-' when adding new member in SevInfo QMP structure

Changes since v6:
- add support to specify cbitpos in sev-guest object
- add 'info sev' HMP command
- add 'query-sev' and 'query-launch-measure' QMP commands
- rework the logic to query the memory encryption mask when walking
  guest pagetable for debug

Changes since v5:
- drop MEMTXTATTRS_DEBUG macro, caller now specify attrs.debug=1 when needed.
- drop DPRINTF and use trace points to output the debug messages

Changes since v4:
- extend sev-guest object to add new properties 'dh-cert-file', 'session-file' 
etc.
- emit SEV_MEASUREMENT event when measurement is available
- add migration blocker
- add memory encryption cpuid support
- rebase the series with recent qemu tree

Changes since v3:
- update to newer SEV spec (0.12 -> 0.14)
- update to newer KVM RFC and use KVM_MEMORY_ENCRYPTION_OP ioctl instead
of KVM_ISSUE_SEV.
- add support to encrypt plfash

Changes since v2:
- rename ram_ops to ram_debug_ops
- use '-' rather than '_' when adding new member in KvmInfo struct
- update sev object to use link properties when referencing other objects
- use ldq_phys_debug in tlb_info_64 and mem_info_64.
- remove sev-guest-policy object, we will revisit it after basic SEV
guest support is merged.
- remove kernel API from doc and add SEV guest LAUNCH model. The doc will
be updated as we integerate the remaining SEV APIs.

Changes since v1:
- Added Documentation
- Added security-policy object.
- Drop sev config parsing support and create new objects to get/set SEV
specific parameters
- Added sev-guest-info object.
- Added sev-launch-info object.
- Added kvm_memory_encrytion_* APIs. The idea behind this was to allow adding
a non SEV memory encrytion object without modifying interfaces.
- Drop patch to load OS image at fixed location.
- updated LAUNCH_FINISH command structure. Now the structure contains
just 'measurement' field. Other fields are not used and will also be removed
from newer SEV firmware API spec.

Brijesh Singh (28):
  memattrs: add debug attribute
  exec: add ram_debug_ops support
  exec: add debug version of physical memory read and write API
  monitor/i386: use debug APIs when accessing guest memory
  machine: add -memory-encryption property
  kvm: update kvm.h to include memory

[Qemu-devel] [PATCH 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat

2018-02-28 Thread Max Filippov 
In linux-user QEMU that runs for a target with TARGET_ABI_BITS bigger
than L1_MAP_ADDR_SPACE_BITS an assertion in page_set_flags fires when
mmap, munmap, mprotect, mremap or shmat is called for an address outside
the guest address space. mmap and mprotect should return ENOMEM in such
case.

Introduce macro guest_range_valid that verifies if address range is
within guest address space and does not wrap around. Use that macro in
mmap/munmap/mprotect/mremap/shmat for error checking.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 include/exec/cpu-all.h  |  2 +-
 include/exec/cpu_ldst.h | 12 +++-
 linux-user/mmap.c   | 20 +++-
 linux-user/syscall.c|  3 +++
 4 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 0b141683f095..12bd049997ac 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -160,7 +160,7 @@ extern int have_guest_base;
 extern unsigned long reserved_va;
 
 #define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
-(1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+(2ul << (TARGET_VIRT_ADDR_SPACE_BITS - 1)) - 1)
 #else
 
 #include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 191f2e962a3c..bbf6988bc725 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -53,14 +53,16 @@
 
 #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
 #define h2g_valid(x) 1
+#define guest_valid(x) 1
 #else
-#define h2g_valid(x) ({ \
-unsigned long __guest = (unsigned long)(x) - guest_base; \
-(__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
-(!reserved_va || (__guest < reserved_va)); \
-})
+#define h2g_valid(x) guest_valid((unsigned long)(x) - guest_base)
+#define guest_valid(x) ((x) <= GUEST_ADDR_MAX)
 #endif
 
+#define guest_range_valid(start, len) \
+({unsigned long l = (len); \
+ guest_valid(l) && (start) <= GUEST_ADDR_MAX - l; })
+
 #define h2g_nocheck(x) ({ \
 unsigned long __ret = (unsigned long)(x) - guest_base; \
 (abi_ulong)__ret; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 0fbfd6dff20d..df81f9b803b6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -80,8 +80,9 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 end = start + len;
-if (end < start)
-return -EINVAL;
+if (!guest_range_valid(start, len)) {
+return -ENOMEM;
+}
 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
 if (len == 0)
 return 0;
@@ -481,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
 * It can fail only on 64-bit host with 32-bit target.
 * On any other target/host host mmap() handles this error correctly.
 */
-if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
-errno = EINVAL;
+if (!guest_range_valid(start, len)) {
+errno = ENOMEM;
 goto fail;
 }
 
@@ -622,8 +623,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
 if (start & ~TARGET_PAGE_MASK)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
-if (len == 0)
+if (len == 0 || !guest_range_valid(start, len)) {
 return -EINVAL;
+}
+
 mmap_lock();
 end = start + len;
 real_start = start & qemu_host_page_mask;
@@ -678,6 +681,13 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 int prot;
 void *host_addr;
 
+if (!guest_range_valid(old_addr, old_size) ||
+((flags & MREMAP_FIXED) &&
+ !guest_range_valid(new_addr, new_size))) {
+errno = ENOMEM;
+return -1;
+}
+
 mmap_lock();
 
 if (flags & MREMAP_FIXED) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e24f43c4a259..79245e73784f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4900,6 +4900,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
 return -TARGET_EINVAL;
 }
 }
+if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) {
+return -TARGET_EINVAL;
+}
 
 mmap_lock();
 
-- 
2.11.0

[Qemu-devel] [PATCH 04/11] target/xtensa: support MTTCG

2018-02-28 Thread Max Filippov 
- emit TCG barriers for MEMW, EXTW, S32RI and L32AI;
- do atomic_cmpxchg_i32 for S32C1I.

Cc: Emilio G. Cota 
Signed-off-by: Max Filippov 
---
 configure |  1 +
 target/xtensa/cpu.h   |  3 +++
 target/xtensa/translate.c | 46 +++---
 3 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/configure b/configure
index 39f3a4300163..f83bdeb2a550 100755
--- a/configure
+++ b/configure
@@ -6813,6 +6813,7 @@ case "$target_name" in
   ;;
   xtensa|xtensaeb)
 TARGET_ARCH=xtensa
+mttcg="yes"
   ;;
   *)
 error_exit "Unsupported target CPU"
diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 255cc9e08ed9..d9d3b33a7052 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -31,6 +31,9 @@
 #define ALIGNED_ONLY
 #define TARGET_LONG_BITS 32
 
+/* Xtensa processors have a weak memory model */
+#define TCG_GUEST_DEFAULT_MO  (0)
+
 #define CPUArchState struct CPUXtensaState
 
 #include "qemu-common.h"
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 5969d7c3cd96..c06d30d17960 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1664,9 +1664,15 @@ static void translate_ldst(DisasContext *dc, const 
uint32_t arg[],
 gen_load_store_alignment(dc, par[0] & MO_SIZE, addr, par[1]);
 }
 if (par[2]) {
+if (par[1]) {
+tcg_gen_mb(TCG_BAR_STRL | TCG_MO_ALL);
+}
 tcg_gen_qemu_st_tl(cpu_R[arg[0]], addr, dc->cring, par[0]);
 } else {
 tcg_gen_qemu_ld_tl(cpu_R[arg[0]], addr, dc->cring, par[0]);
+if (par[1]) {
+tcg_gen_mb(TCG_BAR_LDAQ | TCG_MO_ALL);
+}
 }
 tcg_temp_free(addr);
 }
@@ -1823,6 +1829,12 @@ static void translate_mac16(DisasContext *dc, const 
uint32_t arg[],
 }
 }
 
+static void translate_memw(DisasContext *dc, const uint32_t arg[],
+   const uint32_t par[])
+{
+tcg_gen_mb(TCG_BAR_SC | TCG_MO_ALL);
+}
+
 static void translate_minmax(DisasContext *dc, const uint32_t arg[],
  const uint32_t par[])
 {
@@ -2193,29 +2205,33 @@ static void translate_setb_expstate(DisasContext *dc, 
const uint32_t arg[],
 tcg_gen_ori_i32(cpu_UR[EXPSTATE], cpu_UR[EXPSTATE], 1u << arg[0]);
 }
 
+#ifdef CONFIG_USER_ONLY
+static void gen_check_atomctl(DisasContext *dc, TCGv_i32 addr)
+{
+}
+#else
+static void gen_check_atomctl(DisasContext *dc, TCGv_i32 addr)
+{
+TCGv_i32 tpc = tcg_const_i32(dc->pc);
+
+gen_helper_check_atomctl(cpu_env, tpc, addr);
+tcg_temp_free(tpc);
+}
+#endif
+
 static void translate_s32c1i(DisasContext *dc, const uint32_t arg[],
  const uint32_t par[])
 {
 if (gen_window_check2(dc, arg[0], arg[1])) {
-TCGLabel *label = gen_new_label();
 TCGv_i32 tmp = tcg_temp_local_new_i32();
 TCGv_i32 addr = tcg_temp_local_new_i32();
-TCGv_i32 tpc;
 
 tcg_gen_mov_i32(tmp, cpu_R[arg[0]]);
 tcg_gen_addi_i32(addr, cpu_R[arg[1]], arg[2]);
 gen_load_store_alignment(dc, 2, addr, true);
-
-tpc = tcg_const_i32(dc->pc);
-gen_helper_check_atomctl(cpu_env, tpc, addr);
-tcg_gen_qemu_ld32u(cpu_R[arg[0]], addr, dc->cring);
-tcg_gen_brcond_i32(TCG_COND_NE, cpu_R[arg[0]],
-   cpu_SR[SCOMPARE1], label);
-
-tcg_gen_qemu_st32(tmp, addr, dc->cring);
-
-gen_set_label(label);
-tcg_temp_free(tpc);
+gen_check_atomctl(dc, addr);
+tcg_gen_atomic_cmpxchg_i32(cpu_R[arg[0]], addr, cpu_SR[SCOMPARE1],
+   tmp, dc->cring, MO_32);
 tcg_temp_free(addr);
 tcg_temp_free(tmp);
 }
@@ -2828,7 +2844,7 @@ static const XtensaOpcodeOps core_ops[] = {
 .translate = translate_extui,
 }, {
 .name = "extw",
-.translate = translate_nop,
+.translate = translate_memw,
 }, {
 .name = "hwwdtlba",
 .translate = translate_ill,
@@ -2945,7 +2961,7 @@ static const XtensaOpcodeOps core_ops[] = {
 .par = (const uint32_t[]){TCG_COND_GEU},
 }, {
 .name = "memw",
-.translate = translate_nop,
+.translate = translate_memw,
 }, {
 .name = "min",
 .translate = translate_minmax,
-- 
2.11.0

[Qemu-devel] [PATCH 02/11] target/xtensa: mark register windows in the dump

2018-02-28 Thread Max Filippov 
Add arrows that mark beginning of register windows and position of the
current window in the windowed register file.

Signed-off-by: Max Filippov 
---
 target/xtensa/translate.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 3ad86d4508e4..5969d7c3cd96 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1219,8 +1219,13 @@ void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
 cpu_fprintf(f, "\n");
 
 for (i = 0; i < env->config->nareg; ++i) {
-cpu_fprintf(f, "AR%02d=%08x%c", i, env->phys_regs[i],
-(i % 4) == 3 ? '\n' : ' ');
+cpu_fprintf(f, "AR%02d=%08x ", i, env->phys_regs[i]);
+if (i % 4 == 3) {
+bool ws = (env->sregs[WINDOW_START] & (1 << (i / 4))) != 0;
+bool cw = env->sregs[WINDOW_BASE] == i / 4;
+
+cpu_fprintf(f, "%c%c\n", ws ? '<' : ' ', cw ? '=' : ' ');
+}
 }
 
 if (xtensa_option_enabled(env->config, XTENSA_OPTION_FP_COPROCESSOR)) {
-- 
2.11.0

[Qemu-devel] [PATCH 07/11] linux-user: fix target_mprotect/target_munmap error return values

2018-02-28 Thread Max Filippov 
target_mprotect/target_munmap return value goes through get_errno at the
call site, thus the functions must either set errno to host error code
and return -1 or return negative guest error code. Do the latter.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
 linux-user/mmap.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index df81f9b803b6..84b15c9a1699 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -77,11 +77,11 @@ int target_mprotect(abi_ulong start, abi_ulong len, int 
prot)
 #endif
 
 if ((start & ~TARGET_PAGE_MASK) != 0)
-return -EINVAL;
+return -TARGET_EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 end = start + len;
 if (!guest_range_valid(start, len)) {
-return -ENOMEM;
+return -TARGET_ENOMEM;
 }
 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
 if (len == 0)
@@ -621,10 +621,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
start, len);
 #endif
 if (start & ~TARGET_PAGE_MASK)
-return -EINVAL;
+return -TARGET_EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 if (len == 0 || !guest_range_valid(start, len)) {
-return -EINVAL;
+return -TARGET_EINVAL;
 }
 
 mmap_lock();
-- 
2.11.0

[Qemu-devel] [PATCH 00/11] linux-user support for target/xtensa

2018-02-28 Thread Max Filippov 
Hello,

this series adds linux-user support for target/xtensa.
It starts with a small cleanup for xtensa registers dumping.
It adds support for debugging linux-user process with xtensa-linux-gdb
(as opposed to xtensa-elf-gdb), which can only access unprivileged
registers.
It then enables MTTCG for xtensa.
It continues with a cleanup in linux-user/mmap area making sure that it
works correctly with limited 30-bit-wide user address space.
It then imports xtensa-specific definitions from the linux kernel,
conditionalizes user-only/softmmu-only code and adds handlers for signals
exceptions, process/thread creation and core registers dumping.

Max Filippov (11):
  target/xtensa: dump correct physical registers
  target/xtensa: mark register windows in the dump
  target/xtensa: use correct number of registers in gdbstub
  target/xtensa: support MTTCG
  linux-user: fix mmap/munmap/mprotect/mremap/shmat
  linux-user: fix assertion in shmdt
  linux-user: fix target_mprotect/target_munmap error return values
  linux-user: drop unused target_msync function
  target/xtensa: add linux-user support
  qemu-binfmt-conf.sh: add qemu-xtensa
  MAINTAINERS: fix W: address for xtensa

 MAINTAINERS |   2 +-
 configure   |   1 +
 default-configs/xtensa-linux-user.mak   |   1 +
 default-configs/xtensaeb-linux-user.mak |   1 +
 include/exec/cpu-all.h  |   2 +-
 include/exec/cpu_ldst.h |  12 +-
 linux-user/elfload.c|  58 +
 linux-user/main.c   | 245 ++
 linux-user/mmap.c   |  43 ++--
 linux-user/qemu.h   |   1 -
 linux-user/signal.c | 257 ++-
 linux-user/syscall.c|  13 +-
 linux-user/syscall_defs.h   |  65 -
 linux-user/xtensa/syscall.h |   0
 linux-user/xtensa/syscall_nr.h  | 437 
 linux-user/xtensa/target_cpu.h  |  22 ++
 linux-user/xtensa/target_elf.h  |  16 ++
 linux-user/xtensa/target_signal.h   |  28 ++
 linux-user/xtensa/target_structs.h  |  28 ++
 linux-user/xtensa/target_syscall.h  |  49 
 linux-user/xtensa/termbits.h| 327 
 scripts/qemu-binfmt-conf.sh |  12 +-
 target/xtensa/Makefile.objs |   3 +-
 target/xtensa/cpu.c |  26 +-
 target/xtensa/cpu.h |  60 +++--
 target/xtensa/gdbstub.c |  14 +-
 target/xtensa/helper.c  |  58 -
 target/xtensa/helper.h  |   4 +
 target/xtensa/op_helper.c   |  50 +++-
 target/xtensa/overlay_tool.h|  11 +-
 target/xtensa/translate.c   |  99 ++--
 31 files changed, 1835 insertions(+), 110 deletions(-)
 create mode 100644 default-configs/xtensa-linux-user.mak
 create mode 100644 default-configs/xtensaeb-linux-user.mak
 create mode 100644 linux-user/xtensa/syscall.h
 create mode 100644 linux-user/xtensa/syscall_nr.h
 create mode 100644 linux-user/xtensa/target_cpu.h
 create mode 100644 linux-user/xtensa/target_elf.h
 create mode 100644 linux-user/xtensa/target_signal.h
 create mode 100644 linux-user/xtensa/target_structs.h
 create mode 100644 linux-user/xtensa/target_syscall.h
 create mode 100644 linux-user/xtensa/termbits.h

-- 
2.11.0

[Qemu-devel] [PATCH 03/11] target/xtensa: use correct number of registers in gdbstub

2018-02-28 Thread Max Filippov 
System emulation should provide access to all registers, userspace
emulation should only provide access to unprivileged registers.
Record register flags from GDB register map definition, calculate both
num_regs and num_core_regs if either is zero. Use num_regs in system
emulation, num_core_regs in userspace emulation gdbstub.

Signed-off-by: Max Filippov 
---
 target/xtensa/cpu.h  |  1 +
 target/xtensa/gdbstub.c  | 14 --
 target/xtensa/helper.c   | 28 
 target/xtensa/overlay_tool.h | 11 ---
 4 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 49c2e3cf9a1b..255cc9e08ed9 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -310,6 +310,7 @@ typedef struct xtensa_tlb {
 
 typedef struct XtensaGdbReg {
 int targno;
+unsigned flags;
 int type;
 int group;
 unsigned size;
diff --git a/target/xtensa/gdbstub.c b/target/xtensa/gdbstub.c
index d78a1b437dbf..a8ea98d03fb8 100644
--- a/target/xtensa/gdbstub.c
+++ b/target/xtensa/gdbstub.c
@@ -28,9 +28,14 @@ int xtensa_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 XtensaCPU *cpu = XTENSA_CPU(cs);
 CPUXtensaState *env = >env;
 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
+#ifdef CONFIG_USER_ONLY
+int num_regs = env->config->gdb_regmap.num_core_regs;
+#else
+int num_regs = env->config->gdb_regmap.num_regs;
+#endif
 unsigned i;
 
-if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
+if (n < 0 || n >= num_regs) {
 return 0;
 }
 
@@ -81,8 +86,13 @@ int xtensa_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 CPUXtensaState *env = >env;
 uint32_t tmp;
 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
+#ifdef CONFIG_USER_ONLY
+int num_regs = env->config->gdb_regmap.num_core_regs;
+#else
+int num_regs = env->config->gdb_regmap.num_regs;
+#endif
 
-if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
+if (n < 0 || n >= num_regs) {
 return 0;
 }
 
diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index 5009fecedcb0..34885038d554 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -88,19 +88,31 @@ static void init_libisa(XtensaConfig *config)
 
 void xtensa_finalize_config(XtensaConfig *config)
 {
-unsigned i, n = 0;
-
 if (config->isa_internal) {
 init_libisa(config);
 }
-if (config->gdb_regmap.num_regs) {
-return;
-}
 
-for (i = 0; config->gdb_regmap.reg[i].targno >= 0; ++i) {
-n += (config->gdb_regmap.reg[i].type != 6);
+if (config->gdb_regmap.num_regs == 0 ||
+config->gdb_regmap.num_core_regs == 0) {
+unsigned i;
+unsigned n_regs = 0;
+unsigned n_core_regs = 0;
+
+for (i = 0; config->gdb_regmap.reg[i].targno >= 0; ++i) {
+if (config->gdb_regmap.reg[i].type != 6) {
+++n_regs;
+if ((config->gdb_regmap.reg[i].flags & 0x1) == 0) {
+++n_core_regs;
+}
+}
+}
+if (config->gdb_regmap.num_regs == 0) {
+config->gdb_regmap.num_regs = n_regs;
+}
+if (config->gdb_regmap.num_core_regs == 0) {
+config->gdb_regmap.num_core_regs = n_core_regs;
+}
 }
-config->gdb_regmap.num_regs = n;
 }
 
 void xtensa_register_core(XtensaConfigList *node)
diff --git a/target/xtensa/overlay_tool.h b/target/xtensa/overlay_tool.h
index 589dd6285089..b24ad11fec1c 100644
--- a/target/xtensa/overlay_tool.h
+++ b/target/xtensa/overlay_tool.h
@@ -25,9 +25,14 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#define XTREG(idx, ofs, bi, sz, al, no, flags, cp, typ, grp, name, \
-a1, a2, a3, a4, a5, a6) \
-{ .targno = (no), .type = (typ), .group = (grp), .size = (sz) },
+#define XTREG(idx, ofs, bi, sz, al, no, fl, cp, typ, grp, name, \
+  a1, a2, a3, a4, a5, a6) { \
+.targno = (no), \
+.flags = (fl), \
+.type = (typ), \
+.group = (grp), \
+.size = (sz), \
+},
 #define XTREG_END { .targno = -1 },
 
 #ifndef XCHAL_HAVE_DEPBITS
-- 
2.11.0

[Qemu-devel] [PATCH 01/11] target/xtensa: dump correct physical registers

2018-02-28 Thread Max Filippov 
xtensa_cpu_dump_state outputs CPU physical registers as is, without
synchronization from current window. That may result in different values
printed for the current window and corresponding physical registers.
Synchronize physical registers from window before dumping.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Filippov 
---
 target/xtensa/translate.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 671d934ff424..3ad86d4508e4 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -1215,6 +1215,7 @@ void xtensa_cpu_dump_state(CPUState *cs, FILE *f,
 (i % 4) == 3 ? '\n' : ' ');
 }
 
+xtensa_sync_phys_from_window(env);
 cpu_fprintf(f, "\n");
 
 for (i = 0; i < env->config->nareg; ++i) {
-- 
2.11.0

Re: [Qemu-devel] [PATCHv3 00/12] macio: remove legacy macio_init() function

2018-02-28 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk
Subject: [Qemu-devel] [PATCHv3 00/12] macio: remove legacy macio_init() function

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1519709965-29833-1-git-send-email-c...@braap.org -> 
patchew/1519709965-29833-1-git-send-email-c...@braap.org
 * [new tag]   
patchew/20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk -> 
patchew/20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk
Switched to a new branch 'test'
172de12fd3 macio: remove macio_init() function
0e9b5f92bd macio: move setting of CUDA timebase frequency to 
macio_common_realize()
cb79b98479 mac_newworld: use object link to pass OpenPIC object to macio
9042b9cdfd openpic: move OpenPIC state and related definitions to openpic.h
dbb8ecee13 openpic: move KVM-specific declarations into separate openpic_kvm.h 
file
62cc211353 mac_oldworld: use object link to pass heathrow PIC object to macio
1fe36332f8 macio: move macio related structures and defines into separate 
macio.h file
2e9a6f0518 heathrow: change heathrow_pic_init() to return the heathrow device
6dbf45d8e3 heathrow: convert to trace-events
b109c28719 heathrow: QOMify heathrow PIC
5ee002a59c macio: move ESCC device within the macio device
4d426b15fd macio: embed DBDMA device directly within macio

=== OUTPUT BEGIN ===
Checking PATCH 1/12: macio: embed DBDMA device directly within macio...
Checking PATCH 2/12: macio: move ESCC device within the macio device...
Checking PATCH 3/12: heathrow: QOMify heathrow PIC...
Checking PATCH 4/12: heathrow: convert to trace-events...
Checking PATCH 5/12: heathrow: change heathrow_pic_init() to return the 
heathrow device...
Checking PATCH 6/12: macio: move macio related structures and defines into 
separate macio.h file...
Checking PATCH 7/12: mac_oldworld: use object link to pass heathrow PIC object 
to macio...
Checking PATCH 8/12: openpic: move KVM-specific declarations into separate 
openpic_kvm.h file...
Checking PATCH 9/12: openpic: move OpenPIC state and related definitions to 
openpic.h...
ERROR: "foo * bar" should be "foo *bar"
#249: FILE: include/hw/ppc/openpic.h:57:
+#define RAVEN_DBL_IRQ(RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))

total: 1 errors, 0 warnings, 353 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 10/12: mac_newworld: use object link to pass OpenPIC object to 
macio...
Checking PATCH 11/12: macio: move setting of CUDA timebase frequency to 
macio_common_realize()...
Checking PATCH 12/12: macio: remove macio_init() function...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [Bug 1738283] Re: 'Less than' (<), 'more than' (>), and 'pipe' (|) can't be typed via VNC

2018-02-28 Thread Cole Robinson 
FYI this seems to be fixed with qemu.git master, I didn't track down the
specific commit but there were several keymap related changes. so qemu
2.12 will be fixed

** Changed in: qemu
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1738283

Title:
  'Less than' (<), 'more than' (>), and 'pipe' (|) can't be typed via
  VNC

Status in QEMU:
  Fix Committed

Bug description:
  If I start QEMU 2.11 (from
  https://build.opensuse.org/package/show/Virtualization/qemu) VM with
  VNC, I am unable to type following three characters: 'less than' (<),
  'more than' (>), and 'pipe' (|) on en_US QWERTY keyboard. Other
  characters work fine. QEMu version 2.10.1 worked fine.

  /usr/bin/qemu-kvm -m 2048 -cpu kvm64 -drive
  media=cdrom,if=none,id=cd0,format=raw,file=OI-hipster-
  minimal-20171031.iso -device ide-cd,drive=cd0 -boot once=d,menu=on
  ,splash-time=5000 -device usb-ehci -device usb-tablet -smp 1 -enable-
  kvm -vnc :91,share=force-shared

  The ISO can be downloaded here: https://www.openindiana.org/download/

  Also tried Fedora-Server-dvd-x86_64-25-1.3.iso and it's the same
  situation.

  If I run the same command without '-vnc :91,share=force-shared',
  everything works just fine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1738283/+subscriptions

  1   2   3   4   >