Re: [Qemu-devel] [PATCH v3 21/29] vhost+postcopy: Add vhost waker

2018-03-01 Thread Peter Xu 
On Fri, Feb 16, 2018 at 01:16:17PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Register a waker function in vhost-user code to be notified when
> pages arrive or requests to previously mapped pages get requested.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  hw/virtio/trace-events |  3 +++
>  hw/virtio/vhost-user.c | 30 ++
>  2 files changed, 33 insertions(+)
> 
> diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
> index 3afd12cfea..fe5e0ff856 100644
> --- a/hw/virtio/trace-events
> +++ b/hw/virtio/trace-events
> @@ -13,6 +13,9 @@ vhost_user_postcopy_fault_handler_found(int i, uint64_t 
> region_offset, uint64_t
>  vhost_user_postcopy_listen(void) ""
>  vhost_user_set_mem_table_postcopy(uint64_t client_addr, uint64_t qhva, int 
> reply_i, int region_i) "client:0x%"PRIx64" for hva: 0x%"PRIx64" reply %d 
> region %d"
>  vhost_user_set_mem_table_withfd(int index, const char *name, uint64_t 
> memory_size, uint64_t guest_phys_addr, uint64_t userspace_addr, uint64_t 
> offset) "%d:%s: size:0x%"PRIx64" GPA:0x%"PRIx64" QVA/userspace:0x%"PRIx64" RB 
> offset:0x%"PRIx64
> +vhost_user_postcopy_waker(const char *rb, uint64_t rb_offset) "%s + 
> 0x%"PRIx64
> +vhost_user_postcopy_waker_found(uint64_t client_addr) "0x%"PRIx64
> +vhost_user_postcopy_waker_nomatch(const char *rb, uint64_t rb_offset) "%s + 
> 0x%"PRIx64
>  
>  # hw/virtio/virtio.c
>  virtqueue_alloc_element(void *elem, size_t sz, unsigned in_num, unsigned 
> out_num) "elem %p size %zd in_num %u out_num %u"
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 4589bfd92e..74807091a0 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -990,6 +990,35 @@ static int vhost_user_postcopy_fault_handler(struct 
> PostCopyFD *pcfd,
>  return -1;
>  }
>  
> +static int vhost_user_postcopy_waker(struct PostCopyFD *pcfd, RAMBlock *rb,
> + uint64_t offset)
> +{
> +struct vhost_dev *dev = pcfd->data;
> +struct vhost_user *u = dev->opaque;
> +int i;
> +
> +trace_vhost_user_postcopy_waker(qemu_ram_get_idstr(rb), offset);
> +
> +if (!u) {
> +return 0;
> +}
> +/* Translate the offset into an address in the clients address space */
> +for (i = 0; i < MIN(dev->mem->nregions, u->region_rb_len); i++) {
> +if (u->region_rb[i] == rb &&
> +offset >= u->region_rb_offset[i] &&
> +offset < (u->region_rb_offset[i] +
> +  dev->mem->regions[i].memory_size)) {
> +uint64_t client_addr = (offset - u->region_rb_offset[i]) +
> +   u->postcopy_client_bases[i];
> +trace_vhost_user_postcopy_waker_found(client_addr);
> +return postcopy_wake_shared(pcfd, client_addr, rb);
> +}
> +}
> +
> +trace_vhost_user_postcopy_waker_nomatch(qemu_ram_get_idstr(rb), offset);
> +return 0;

Can we really reach here?

> +}
> +
>  /*
>   * Called at the start of an inbound postcopy on reception of the
>   * 'advise' command.
> @@ -1035,6 +1064,7 @@ static int vhost_user_postcopy_advise(struct vhost_dev 
> *dev, Error **errp)
>  u->postcopy_fd.fd = ufd;
>  u->postcopy_fd.data = dev;
>  u->postcopy_fd.handler = vhost_user_postcopy_fault_handler;
> +u->postcopy_fd.waker = vhost_user_postcopy_waker;
>  u->postcopy_fd.idstr = "vhost-user"; /* Need to find unique name */
>  postcopy_register_shared_ufd(>postcopy_fd);
>  return 0;
> -- 
> 2.14.3
> 

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v3 20/29] postcopy: postcopy_notify_shared_wake

2018-03-01 Thread Peter Xu 
On Fri, Feb 16, 2018 at 01:16:16PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Add a hook to allow a client userfaultfd to be 'woken'
> when a page arrives, and a walker that calls that
> hook for relevant clients given a RAMBlock and offset.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/postcopy-ram.c | 16 
>  migration/postcopy-ram.h | 10 ++
>  2 files changed, 26 insertions(+)
> 
> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> index 67deae7e1c..879711968c 100644
> --- a/migration/postcopy-ram.c
> +++ b/migration/postcopy-ram.c
> @@ -824,6 +824,22 @@ static int qemu_ufd_copy_ioctl(int userfault_fd, void 
> *host_addr,
>  return ret;
>  }
>  
> +int postcopy_notify_shared_wake(RAMBlock *rb, uint64_t offset)
> +{
> +int i;
> +MigrationIncomingState *mis = migration_incoming_get_current();
> +GArray *pcrfds = mis->postcopy_remote_fds;
> +
> +for (i = 0; i < pcrfds->len; i++) {
> +struct PostCopyFD *cur = _array_index(pcrfds, struct PostCopyFD, 
> i);
> +int ret = cur->waker(cur, rb, offset);
> +if (ret) {
> +return ret;
> +}
> +}
> +return 0;
> +}
> +

We should know that which FD needs what pages, right?  If with that
information, we can only notify the ones who have page faulted on
exactly the same page?  Otherwise we do UFFDIO_WAKE once for each
client when a page is ready, even if the clients have not page faulted
at all?

But for the first version, I think it's fine.  And I believe if we
maintain the faulted addresses we need some way to sync between the
wake thread and fault thread too.  And I totally have no idea on how
this difference will be any kind of bottle neck at all, since I guess
the network link should still be the postcopy bottleneck considering
that 10g is mostly what we have now (or even, 1g).

Reviewed-by: Peter Xu 

>  /*
>   * Place a host page (from) at (host) atomically
>   * returns 0 on success
> diff --git a/migration/postcopy-ram.h b/migration/postcopy-ram.h
> index 2e3dd844d5..2b71cf958e 100644
> --- a/migration/postcopy-ram.h
> +++ b/migration/postcopy-ram.h
> @@ -146,6 +146,10 @@ struct PostCopyFD;
>  
>  /* ufd is a pointer to the struct uffd_msg *TODO: more Portable! */
>  typedef int (*pcfdhandler)(struct PostCopyFD *pcfd, void *ufd);
> +/* Notification to wake, either on place or on reception of
> + * a fault on something that's already arrived (race)
> + */
> +typedef int (*pcfdwake)(struct PostCopyFD *pcfd, RAMBlock *rb, uint64_t 
> offset);
>  
>  struct PostCopyFD {
>  int fd;
> @@ -153,6 +157,8 @@ struct PostCopyFD {
>  void *data;
>  /* Handler to be called whenever we get a poll event */
>  pcfdhandler handler;
> +/* Notification to wake shared client */
> +pcfdwake waker;
>  /* A string to use in error messages */
>  const char *idstr;
>  };
> @@ -162,6 +168,10 @@ struct PostCopyFD {
>   */
>  void postcopy_register_shared_ufd(struct PostCopyFD *pcfd);
>  void postcopy_unregister_shared_ufd(struct PostCopyFD *pcfd);
> +/* Call each of the shared 'waker's registerd telling them of
> + * availability of a block.
> + */
> +int postcopy_notify_shared_wake(RAMBlock *rb, uint64_t offset);
>  /* Notify a client ufd that a page is available
>   * Note: The 'client_address' is in the address space of the client
>   * program not QEMU
> -- 
> 2.14.3
> 

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v3 19/29] postcopy: wake shared

2018-03-01 Thread Peter Xu 
On Fri, Feb 16, 2018 at 01:16:15PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Send a 'wake' request on a userfaultfd for a shared process.
> The address in the clients address space is specified together
> with the RAMBlock it was resolved to.

I think it's "providing a helper to send WAKE to uffd" rather than
really sending it.

Otherwise it looks good to me.  Thanks,

> 
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  migration/postcopy-ram.c | 26 ++
>  migration/postcopy-ram.h |  6 ++
>  migration/trace-events   |  1 +
>  3 files changed, 33 insertions(+)
> 
> diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> index 277ff749a0..67deae7e1c 100644
> --- a/migration/postcopy-ram.c
> +++ b/migration/postcopy-ram.c
> @@ -534,6 +534,25 @@ static int ram_block_enable_notify(const char 
> *block_name, void *host_addr,
>  return 0;
>  }
>  
> +int postcopy_wake_shared(struct PostCopyFD *pcfd,
> + uint64_t client_addr,
> + RAMBlock *rb)
> +{
> +size_t pagesize = qemu_ram_pagesize(rb);
> +struct uffdio_range range;
> +int ret;
> +trace_postcopy_wake_shared(client_addr, qemu_ram_get_idstr(rb));
> +range.start = client_addr & ~(pagesize - 1);
> +range.len = pagesize;
> +ret = ioctl(pcfd->fd, UFFDIO_WAKE, );
> +if (ret) {
> +error_report("%s: Failed to wake: %zx in %s (%s)",
> + __func__, (size_t)client_addr, qemu_ram_get_idstr(rb),
> + strerror(errno));
> +}
> +return ret;
> +}
> +
>  /*
>   * Callback from shared fault handlers to ask for a page,
>   * the page must be specified by a RAMBlock and an offset in that rb
> @@ -951,6 +970,13 @@ void *postcopy_get_tmp_page(MigrationIncomingState *mis)
>  return NULL;
>  }
>  
> +int postcopy_wake_shared(struct PostCopyFD *pcfd,
> + uint64_t client_addr,
> + RAMBlock *rb)
> +{
> +assert(0);
> +return -1;
> +}
>  #endif
>  
>  /* - 
> */
> diff --git a/migration/postcopy-ram.h b/migration/postcopy-ram.h
> index 4c63f20df4..2e3dd844d5 100644
> --- a/migration/postcopy-ram.h
> +++ b/migration/postcopy-ram.h
> @@ -162,6 +162,12 @@ struct PostCopyFD {
>   */
>  void postcopy_register_shared_ufd(struct PostCopyFD *pcfd);
>  void postcopy_unregister_shared_ufd(struct PostCopyFD *pcfd);
> +/* Notify a client ufd that a page is available
> + * Note: The 'client_address' is in the address space of the client
> + * program not QEMU
> + */
> +int postcopy_wake_shared(struct PostCopyFD *pcfd, uint64_t client_addr,
> + RAMBlock *rb);
>  /* Callback from shared fault handlers to ask for a page */
>  int postcopy_request_shared_page(struct PostCopyFD *pcfd, RAMBlock *rb,
>   uint64_t client_addr, uint64_t offset);
> diff --git a/migration/trace-events b/migration/trace-events
> index 7c910b5479..b0acaaa8a0 100644
> --- a/migration/trace-events
> +++ b/migration/trace-events
> @@ -199,6 +199,7 @@ postcopy_ram_incoming_cleanup_entry(void) ""
>  postcopy_ram_incoming_cleanup_exit(void) ""
>  postcopy_ram_incoming_cleanup_join(void) ""
>  postcopy_request_shared_page(const char *sharer, const char *rb, uint64_t 
> rb_offset) "for %s in %s offset 0x%"PRIx64
> +postcopy_wake_shared(uint64_t client_addr, const char *rb) "at 0x%"PRIx64" 
> in %s"
>  
>  save_xbzrle_page_skipping(void) ""
>  save_xbzrle_page_overflow(void) ""
> -- 
> 2.14.3
> 

-- 
Peter Xu

Re: [Qemu-devel] [Bug 1751422] Re: some instructions translate error in x86

2018-03-01 Thread yabi 
The patch is In this mail attachments, which is patch for version 2.11.1   
target/i386/translate.c.
The patch is created by diff.
my English is so poor to explain how the error come, but you can see the patch 
result to get  it.





At 2018-02-25 17:41:15, "Thomas Huth" <1751...@bugs.launchpad.net> wrote:
>Could you please provide some more information about the problem? What's
>exactly the error? If you've already got a patch, please have a look at
>https://wiki.qemu.org/Contribute/SubmitAPatch to get some information
>how to submit it.
>
>** Changed in: qemu
>   Status: New => Incomplete
>
>-- 
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/1751422
>
>Title:
>  some instructions translate error in x86
>
>Status in QEMU:
>  Incomplete
>
>Bug description:
>  There is some instructions translation error on target i386 in many 
> versions, such as 2.11.1, 2.10.2, 2.7.1 and so on.
>  The error translation instructions include les, lds. I has got a patch, but 
> I have no idea how to apply it.
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/qemu/+bug/1751422/+subscriptions


** Attachment added: "translate.patch"
   
https://bugs.launchpad.net/bugs/1751422/+attachment/5066685/+files/translate.patch

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1751422

Title:
  some instructions translate error in x86

Status in QEMU:
  Incomplete

Bug description:
  There is some instructions translation error on target i386 in many versions, 
such as 2.11.1, 2.10.2, 2.7.1 and so on.
  The error translation instructions include les, lds. I has got a patch, but I 
have no idea how to apply it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1751422/+subscriptions

Re: [Qemu-devel] [PATCH v3 18/29] vhost+postcopy: Resolve client address

2018-03-01 Thread Peter Xu 
On Fri, Feb 16, 2018 at 01:16:14PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Resolve fault addresses read off the clients UFD into RAMBlock
> and offset, and call back to the postcopy code to ask for the page.
> 
> Signed-off-by: Dr. David Alan Gilbert 

Reviewed-by: Peter Xu 

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 4/4] virtio-net: add linkspeed and duplex settings to virtio-net

2018-03-01 Thread Jason Wang 



On 2018年03月02日 11:46, Jason Baron wrote:

Although linkspeed and duplex can be set in a linux guest via 'ethtool -s',
this requires custom ethtool commands for virtio-net by default.

Introduce a new feature flag, VIRTIO_NET_F_SPEED_DUPLEX, which allows
the hypervisor to export a linkspeed and duplex setting. The user can
subsequently overwrite it later if desired via: 'ethtool -s'.

Linkspeed and duplex settings can be set as:
'-device virtio-net,speed=1,duplex=full'


I was thinking whether or not it's better to decide the duplex by the 
type of backends.


E.g userspace and vhost-kernel implement a in fact half duplex. But dpdk 
implement a full duplex.


Thanks



where speed is [0...INT_MAX], and duplex is ["half"|"full"].

Signed-off-by: Jason Baron
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
Cc:virtio-...@lists.oasis-open.org
---

Re: [Qemu-devel] [PATCH 0/3] vfio/pci: ioeventfd support

2018-03-01 Thread Tian, Kevin 
> From: Alex Williamson
> Sent: Thursday, March 1, 2018 4:15 AM
> 
> A vfio ioeventfd will perform the pre-specified device write on
> triggering of an eventfd.  When coupled with KVM ioeventfds, this
> feature allows a VM to trap a device page for virtualization, while
> also registering targeted ioeventfds to maintain performance of high
> frequency register writes within the trapped range.  Much like the
> existing interrupt eventfd/irqfd coupling, such writes can be handled
> entirely in the host kernel.
> 
> The new VFIO device ioctl may be supported by any vfio bus driver,
> including mdev drivers, but the implementation here only enables
> vfio-pci.  This is intended as an acceleration path, bus drivers
> may choose which regions to support and userspace should always
> intend to fall back to non-accelerated handling when unavailable.
> 

it's a nice feature! A curious question. Is it possible for mdev driver
to directly create ioeventfd on specified offset? Currently ioeventfd
requires quirks in Qemu, which must know the device detail to
create ioeventfd and then connect vfio and kvm together. However
mdev instance is more software defined thus I'm not sure whether 
asking Qemu to catch up quirk with underlying software logic could
be overwhelmed. Also in case of vendor driver emulating mdev
with same DID/VID as a real device, it might be difficult for Qemu
to figure out whether a vfio device is a real one or mdev one to
apply a mdev specific quirk. On the other hand, since vendor
driver knows all the logic constructing mdev, it would be more
convenient allowing vendor driver to directly create/destroy
ioeventfd on its demand?

Thanks
Kevin

Re: [Qemu-devel] [PATCH] hw/net: Remove unnecessary header includes

2018-03-01 Thread Jason Wang 



On 2018年02月22日 17:58, Thomas Huth wrote:

Headers like "hw/loader.h" and "qemu/sockets.h" are not needed in
the hw/net/*.c files. And Some other headers are included via other
headers already, so we can drop them, too.

Signed-off-by: Thomas Huth 
---
  hw/net/e1000.c | 1 -
  hw/net/lance.c | 3 ---
  hw/net/ne2000.c| 2 --
  hw/net/pcnet-pci.c | 1 -
  hw/net/pcnet.c | 1 -
  hw/net/rtl8139.c   | 2 --
  hw/net/xgmac.c | 1 -
  7 files changed, 11 deletions(-)

diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 804ec08..c7f1695 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -30,7 +30,6 @@
  #include "hw/pci/pci.h"
  #include "net/net.h"
  #include "net/checksum.h"
-#include "hw/loader.h"
  #include "sysemu/sysemu.h"
  #include "sysemu/dma.h"
  #include "qemu/iov.h"
diff --git a/hw/net/lance.c b/hw/net/lance.c
index 0028bc5..a08d5ac 100644
--- a/hw/net/lance.c
+++ b/hw/net/lance.c
@@ -36,10 +36,7 @@
   */
  
  #include "qemu/osdep.h"

-#include "hw/sysbus.h"
-#include "net/net.h"
  #include "qemu/timer.h"
-#include "qemu/sockets.h"
  #include "hw/sparc/sparc32_dma.h"
  #include "hw/net/lance.h"
  #include "trace.h"
diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
index 687ef84..3a9fc89 100644
--- a/hw/net/ne2000.c
+++ b/hw/net/ne2000.c
@@ -23,10 +23,8 @@
   */
  #include "qemu/osdep.h"
  #include "hw/pci/pci.h"
-#include "net/net.h"
  #include "net/eth.h"
  #include "ne2000.h"
-#include "hw/loader.h"
  #include "sysemu/sysemu.h"
  
  /* debug NE2000 card */

diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
index 0ae5ca4..70dc8b3 100644
--- a/hw/net/pcnet-pci.c
+++ b/hw/net/pcnet-pci.c
@@ -30,7 +30,6 @@
  #include "qemu/osdep.h"
  #include "hw/pci/pci.h"
  #include "net/net.h"
-#include "hw/loader.h"
  #include "qemu/timer.h"
  #include "sysemu/dma.h"
  #include "sysemu/sysemu.h"
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 606b05c..0c44554 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -40,7 +40,6 @@
  #include "net/net.h"
  #include "net/eth.h"
  #include "qemu/timer.h"
-#include "qemu/sockets.h"
  #include "sysemu/sysemu.h"
  #include "trace.h"
  
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c

index 1cc95b8..46daa16 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -58,9 +58,7 @@
  #include "qemu/timer.h"
  #include "net/net.h"
  #include "net/eth.h"
-#include "hw/loader.h"
  #include "sysemu/sysemu.h"
-#include "qemu/iov.h"
  
  /* debug RTL8139 card */

  //#define DEBUG_RTL8139 1
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
index 0843bf1..fa00156 100644
--- a/hw/net/xgmac.c
+++ b/hw/net/xgmac.c
@@ -28,7 +28,6 @@
  #include "hw/sysbus.h"
  #include "qemu/log.h"
  #include "net/net.h"
-#include "net/checksum.h"
  
  #ifdef DEBUG_XGMAC

  #define DEBUGF_BRK(message, args...) do { \


Applied.

Thanks

Re: [Qemu-devel] [PATCH v2 00/15] qio: general non-default GMainContext support

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 04:07:06PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:23PM +0800, Peter Xu wrote:
> > This is another preparation work for monitor OOB seires.
> > 
> > V1: http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg06972.html
> > 
> > V2 rewrote the bottom half of the code.  The first 8 patches are
> > mostly the same, but I rewrote the last patches to solve both TLS and
> > reconnect use cases by introducing a machine_done hook for chardevs in
> > general.  So if I copy the problems:
> > 
> > - migration
> >   - incoming side: still always running on main context, while we need
> > to be able to run some command in OOB thread [1]
> > - tcp chardev (non-tcp chardevs should all support non-NULL context now)
> >   - server listening mode: QIO net listener used [2]
> >   - TELNET session: an isolated GSource used (tcp_chr_telnet_init) [3]
> >   - when "reconnect=N" is used, QIO threaded task is used [4]
> >   - TLS session: QIO tls handshake is used (tcp_chr_tls_init) [5]
> > 
> > Problem [1-3] are still fixed in the old way, but [4-5] now are fixed
> > by using the new machine_done notifier.
> 
> The QIO code changes all look good to me know, aside from minor
> comments. I really dislike all of the chardev stuff though. I
> think it makes the chardev code even harder to follow & rationalize
> behaviour of.
> 
> If you post a v3 series contaning just the qio/ directory changes,
> I'd queue those patches, while we discuss chardev stuff more.
> 
> I struggle to suggest better approach, because its any missing
> context of how the changes are going to be used, presumably by
> patch series yet to be posted. 

Yeah I think I'll split the series into two.

Thank you and Paolo for the quick review comments!

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 15/15] chardev: tcp: postpone TLS work until machine done

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:37:47PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > +static bool tcp_chr_machine_done;
> > +
> >  static void tcp_chr_reconn_timer_cancel(SocketChardev *s)
> >  {
> >  if (s->reconnect_timer) {
> > @@ -719,6 +721,11 @@ static void tcp_chr_tls_init(Chardev *chr)
> >  Error *err = NULL;
> >  gchar *name;
> >  
> > +if (!tcp_chr_machine_done) {
> > +/* This will be postponed to machine_done notifier */
> > +return;
> > +}
> > +
> 
> Can you instead add a global machine_init_done bool to vl.c and
> include/sysemu/sysemu.h (and make it always true in
> stubs/machine-init-done.c)?
> 
> Then muxes_realized can go away too.

Sure!  I'll add a new patch for it.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PULL 00/24] ppc-for-2.12 queue 20180302

2018-03-01 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180302060350.24330-1-da...@gibson.dropbear.id.au
Subject: [Qemu-devel] [PULL 00/24] ppc-for-2.12 queue 20180302

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20180302060350.24330-1-da...@gibson.dropbear.id.au -> 
patchew/20180302060350.24330-1-da...@gibson.dropbear.id.au
Switched to a new branch 'test'
095d21f5da hw/ppc/spapr, e500: Use new property "stdout-path" for boot console
7d6a1dd15c ppc/spapr-caps: Define the pseries-2.12-sxxm machine type
999bec564d ppc/spapr-caps: Convert cap-ibs to custom spapr-cap
1d33cf761b ppc/spapr-caps: Convert cap-sbbc to custom spapr-cap
01713a39fa ppc/spapr-caps: Convert cap-cfpc to custom spapr-cap
72f591c292 ppc/spapr-caps: Add support for custom spapr_capabilities
049adc46e2 target/ppc: Check mask when setting cap_ppc_safe_indirect_branch
090171d0bf macio: remove macio_init() function
289bcaf956 macio: move setting of CUDA timebase frequency to 
macio_common_realize()
e64f8792ca mac_newworld: use object link to pass OpenPIC object to macio
e5cb278a20 openpic: move OpenPIC state and related definitions to openpic.h
900bb47ec1 openpic: move KVM-specific declarations into separate openpic_kvm.h 
file
ff67f82901 mac_oldworld: use object link to pass heathrow PIC object to macio
d7aafa6fbd macio: move macio related structures and defines into separate 
macio.h file
3385201518 heathrow: change heathrow_pic_init() to return the heathrow device
22792de824 heathrow: convert to trace-events
09a5429e27 heathrow: QOMify heathrow PIC
b98172e42c macio: move ESCC device within the macio device
6ed5797e86 macio: embed DBDMA device directly within macio
60140b2909 spapr: harden code that depends on VSMT
a39d4a9d54 spapr: register dummy ICPs later
a11e85de36 ppc: Add aCube Sam460ex board
474e1f78a0 ppc440: Add emulation of plb-pcix controller found in some 440 SoCs
a8181ab61c spapr: fix missing CPU core nodes in DT when running with TCG

=== OUTPUT BEGIN ===
Checking PATCH 1/24: spapr: fix missing CPU core nodes in DT when running with 
TCG...
Checking PATCH 2/24: ppc440: Add emulation of plb-pcix controller found in some 
440 SoCs...
Checking PATCH 3/24: ppc: Add aCube Sam460ex board...
Checking PATCH 4/24: spapr: register dummy ICPs later...
Checking PATCH 5/24: spapr: harden code that depends on VSMT...
Checking PATCH 6/24: macio: embed DBDMA device directly within macio...
Checking PATCH 7/24: macio: move ESCC device within the macio device...
Checking PATCH 8/24: heathrow: QOMify heathrow PIC...
Checking PATCH 9/24: heathrow: convert to trace-events...
Checking PATCH 10/24: heathrow: change heathrow_pic_init() to return the 
heathrow device...
Checking PATCH 11/24: macio: move macio related structures and defines into 
separate macio.h file...
Checking PATCH 12/24: mac_oldworld: use object link to pass heathrow PIC object 
to macio...
Checking PATCH 13/24: openpic: move KVM-specific declarations into separate 
openpic_kvm.h file...
Checking PATCH 14/24: openpic: move OpenPIC state and related definitions to 
openpic.h...
ERROR: "foo * bar" should be "foo *bar"
#250: FILE: include/hw/ppc/openpic.h:57:
+#define RAVEN_DBL_IRQ(RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))

total: 1 errors, 0 warnings, 353 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 15/24: mac_newworld: use object link to pass OpenPIC object to 
macio...
Checking PATCH 16/24: macio: move setting of CUDA timebase frequency to 
macio_common_realize()...
Checking PATCH 17/24: macio: remove macio_init() function...
Checking PATCH 18/24: target/ppc: Check mask when setting 
cap_ppc_safe_indirect_branch...
Checking PATCH 19/24: ppc/spapr-caps: Add support for custom 
spapr_capabilities...
Checking PATCH 20/24: ppc/spapr-caps: Convert cap-cfpc to custom spapr-cap...
ERROR: line over 90 characters
#50: FILE: hw/ppc/spapr_caps.c:254:
+.help = "broken - no protection, workaround - workaround available, fixed 
- fixed in hardware",

ERROR: line over 90 characters
#64: FILE: hw/ppc/spapr_caps.c:266:
+error_setg(errp, "Requested safe cache capability level not supported 
by kvm, try cap-cfpc=%s", cap_cfpc_possible.vals[kvm_val]);

Re: [Qemu-devel] [PATCH v2 15/15] chardev: tcp: postpone TLS work until machine done

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 04:03:04PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:38PM +0800, Peter Xu wrote:
> > TLS handshake may create background GSource tasks, while we won't know
> > the correct GMainContext until the whole chardev (including frontend)
> > inited.  Let's postpone the initial TLS handshake until machine done.
> > 
> > If we dynamically add tcp chardev, it won't be affected since we have a
> > new tcp_chr_machine_done flag to know whether we should postpone it or
> > not.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c | 14 ++
> >  1 file changed, 14 insertions(+)
> 
> I don't like this patch either for the same reasons as previous
> patch - its creating different behaviour depending on whether
> the 'wait' flag happens to have been set in -chardev.

IMHO it's because the socket chardev is indeed complicated... If you
see qmp_chardev_open_socket(), that's where most of the complexity
lies in.  And as I explained, each of the patch, or group of patches,
were only trying to solve a single problem.

Though I admit this patch has brought a little bit more complexity,
though in the short term I don't see a better solution. And, if you
consider the existing MUX machine done hook, then it's merely using
the same way to do it but even cleaned it up a bit...

Please let me know if you have any suggestion that I can do it in a
better way.  Thanks!

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v4] tap: setting error appropriately when calling net_init_tap_one()

2018-03-01 Thread Jason Wang 



On 2018年02月06日 20:53, Jay Zhou wrote:

If netdev_add tap,id=net0,...,vhost=on failed in net_init_tap_one(),
the followed up device_add virtio-net-pci,netdev=net0 will fail
too, prints:

TUNSETOFFLOAD ioctl() failed: Bad file descriptor TUNSETOFFLOAD
ioctl() failed: Bad file descriptor

The reason is that the fd of tap is closed when error occured after
calling net_init_tap_one().

The fd should be closed when calling net_init_tap_one failed:
- if tap_set_sndbuf() failed
- if tap_set_sndbuf() succeeded but vhost failed to open or
  initialize with vhostforce flag on
The fd should not be closed just because vhost failed to open or
initialize but without vhostforce flag. So the followed up
device_add can fall back to userspace virtio successfully.

Suggested-by: Michael S. Tsirkin 
Suggested-by: Igor Mammedov 
Suggested-by: Jason Wang 
Signed-off-by: Jay Zhou 
---
v4: - reduce duplication
 - close the fd by caller
 - tweak the title

v3: - set errp appropriately
---
  include/net/vhost_net.h |  3 +++
  net/tap.c   | 24 ++--
  2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index afc1499..77e4739 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -4,6 +4,9 @@
  #include "net/net.h"
  #include "hw/virtio/vhost-backend.h"
  
+#define VHOST_NET_INIT_FAILED \

+"vhost-net requested but could not be initialized"
+
  struct vhost_net;
  typedef struct vhost_net VHostNetState;
  
diff --git a/net/tap.c b/net/tap.c

index 979e622..14d230f 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -686,14 +686,23 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
  if (vhostfdname) {
  vhostfd = monitor_fd_param(cur_mon, vhostfdname, );
  if (vhostfd == -1) {
-error_propagate(errp, err);
+if (tap->has_vhostforce && tap->vhostforce) {
+error_propagate(errp, err);
+} else {
+warn_report_err(err);
+}
  return;
  }
  } else {
  vhostfd = open("/dev/vhost-net", O_RDWR);
  if (vhostfd < 0) {
-error_setg_errno(errp, errno,
- "tap: open vhost char device failed");
+if (tap->has_vhostforce && tap->vhostforce) {
+error_setg_errno(errp, errno,
+ "tap: open vhost char device failed");
+} else {
+warn_report("tap: open vhost char device failed: %s",
+strerror(errno));
+}
  return;
  }
  fcntl(vhostfd, F_SETFL, O_NONBLOCK);
@@ -702,12 +711,15 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
  
  s->vhost_net = vhost_net_init();

  if (!s->vhost_net) {
-error_setg(errp,
-   "vhost-net requested but could not be initialized");
+if (tap->has_vhostforce && tap->vhostforce) {
+error_setg(errp, VHOST_NET_INIT_FAILED);
+} else {
+warn_report(VHOST_NET_INIT_FAILED);
+}
  return;
  }
  } else if (vhostfdname) {
-error_setg(errp, "vhostfd(s)= is not valid without vhost");
+warn_report("vhostfd(s)= is not valid without vhost");


Do we need to keep the error here consider it was a wrong command line 
parameter?


Thanks


  }
  }

Re: [Qemu-devel] [BUG] I/O thread segfault for QEMU on s390x

2018-03-01 Thread Fam Zheng 
On Thu, Mar 1, 2018 at 10:33 PM, Farhan Ali  wrote:
> Hi,
>
> I have been noticing some segfaults for QEMU on s390x, and I have been
> hitting this issue quite reliably (at least once in 10 runs of a test case).
> The qemu version is 2.11.50, and I have systemd created coredumps
> when this happens.

Can you describe the test case or suggest how to reproduce it for us?

Fam

Re: [Qemu-devel] [PATCH v2 14/15] chardev: tcp: postpone async connection setup

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 04:01:38PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:37PM +0800, Peter Xu wrote:
> > This patch allows the socket chardev async connection be setup with
> > non-default gcontext.  We do it by postponing the setup to machine done,
> > since until then we can know which context we should run the async
> > operation on.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c | 17 ++---
> >  1 file changed, 14 insertions(+), 3 deletions(-)
> 
> I don't like this as it is special casing behaviour wrt GMainContext
> only the the case where the chardev is configured as a client with
> non-blocking connect. So any code that uses chardevs and wants to
> set a different GMainContext may or may not work, depending on
> whether the user gave the ',wait' option to the chardev. I'm struggling
> to see why this is really needed at all.

Not sure whether I fully got your point, but IMHO when "wait" is there
we should be perfectly fine too if with all the TLS/TELNET patches in
the this series.  And for sure this patch only solves the problem when
"wait" is specified.

Or say, with this series, all configuration of chardev _should_ work
with non-default context now.  If not, then I must have missed
something else (which may be possible), then I would be very glad that
anyone can give me a hint on where.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 11/15] qio: non-default context for TLS handshake

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:22:40PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > +/**
> > + * qio_channel_tls_handshake_full:
> > + * @ioc: the TLS channel object
> > + * @func: the callback to invoke when completed
> > + * @opaque: opaque data to pass to @func
> > + * @destroy: optional callback to free @opaque
> > + * @context: the context that TLS handshake will run with
> > + *
> > + * Similar to qio_channel_tls_handshake(), but allows the task to be
> > + * run on a specific context.
> > + */
> > +void qio_channel_tls_handshake_full(QIOChannelTLS *ioc,
> > +QIOTaskFunc func,
> > +gpointer opaque,
> > +GDestroyNotify destroy,
> > +GMainContext *context);
> > +
> 
> You're not consistent in introducing "_full" functions.  I would
> add the argument directly to the qio_channel_tls_handshake() function.

Will take your advise.  Thanks,

-- 
Peter Xu

[Qemu-devel] [PULL 23/24] ppc/spapr-caps: Define the pseries-2.12-sxxm machine type

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

The sxxm (speculative execution exploit mitigation) machine type is a
variant of the 2.12 machine type with workarounds for speculative
execution vulnerabilities enabled by default.

Signed-off-by: Suraj Jitindar Singh 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c  | 17 +
 hw/ppc/spapr_caps.c | 11 +++
 2 files changed, 28 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 1c2703cb6b..1b6ddd827e 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -3983,6 +3983,23 @@ static void 
spapr_machine_2_12_class_options(MachineClass *mc)
 
 DEFINE_SPAPR_MACHINE(2_12, "2.12", true);
 
+static void spapr_machine_2_12_sxxm_instance_options(MachineState *machine)
+{
+spapr_machine_2_12_instance_options(machine);
+}
+
+static void spapr_machine_2_12_sxxm_class_options(MachineClass *mc)
+{
+sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
+spapr_machine_2_12_class_options(mc);
+smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
+smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
+smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD;
+}
+
+DEFINE_SPAPR_MACHINE(2_12_sxxm, "2.12-sxxm", false);
+
 /*
  * pseries-2.11
  */
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index c09febcf12..9e729251df 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -320,15 +320,26 @@ static sPAPRCapabilities 
default_caps_with_cpu(sPAPRMachineState *spapr,
 
 caps = smc->default_caps;
 
+if (!ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_3_00,
+  0, spapr->max_compat_pvr)) {
+caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
+}
+
 if (!ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_2_07,
   0, spapr->max_compat_pvr)) {
 caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
 }
 
+if (!ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_2_06_PLUS,
+  0, spapr->max_compat_pvr)) {
+caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
+}
+
 if (!ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_2_06,
   0, spapr->max_compat_pvr)) {
 caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_OFF;
 caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_OFF;
+caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
 }
 
 return caps;
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 11/15] qio: non-default context for TLS handshake

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 03:50:01PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:34PM +0800, Peter Xu wrote:
> > qio_channel_tls_handshake_full() is introduced to allow the TLS to be
> > run on a non-default context.  Still, no functional change.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  include/io/channel-tls.h | 17 
> >  io/channel-tls.c | 51 
> > +++-
> >  2 files changed, 54 insertions(+), 14 deletions(-)
> > 
> 
> >  static void qio_channel_tls_handshake_task(QIOChannelTLS *ioc,
> > -   QIOTask *task)
> > +   QIOTask *task,
> > +   GMainContext *context)
> >  {
> >  Error *err = NULL;
> >  QCryptoTLSSessionHandshakeStatus status;
> > @@ -171,6 +177,11 @@ static void 
> > qio_channel_tls_handshake_task(QIOChannelTLS *ioc,
> >  qio_task_complete(task);
> >  } else {
> >  GIOCondition condition;
> > +QIOChannelTLSData *data = g_new0(typeof(*data), 1);
> > +
> > +data->task = task;
> > +data->context = context;
> 
> The 'context' reference is only valid for as long as the caller
> exists. So you need to acquire a reference on 'context' here
> 
> 
> > @@ -191,20 +203,23 @@ static gboolean 
> > qio_channel_tls_handshake_io(QIOChannel *ioc,
> >   GIOCondition condition,
> >   gpointer user_data)
> >  {
> > -QIOTask *task = user_data;
> > +QIOChannelTLSData *data = user_data;
> > +QIOTask *task = data->task;
> > +GMainContext *context = data->context;
> >  QIOChannelTLS *tioc = QIO_CHANNEL_TLS(
> >  qio_task_get_source(task));
> >  
> > -qio_channel_tls_handshake_task(
> > -   tioc, task);
> 
> > +g_free(data);
> > +qio_channel_tls_handshake_task(tioc, task, context);
> 
> And release the reference on context here.

Yeah, fixed both.  Thanks,

-- 
Peter Xu

[Qemu-devel] [PULL 19/24] ppc/spapr-caps: Add support for custom spapr_capabilities

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

There are currently 2 implemented types of spapr-caps, boolean and
tristate. However there may be a need for caps which don't fit either of
these options. Add a custom capability type for which a list of custom
valid strings can be specified and implement the get/set functions for
these. Also add a field for help text to describe the available options.

Signed-off-by: Suraj Jitindar Singh 
[dwg: Change "help" option to "?" matching qemu conventions]
[dwg: Add ATTRIBUTE_UNUSED to avoid breaking bisect]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_caps.c | 70 +
 1 file changed, 70 insertions(+)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 99a4b71d19..3d8b796df9 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -32,6 +32,20 @@
 
 #include "hw/ppc/spapr.h"
 
+typedef struct sPAPRCapPossible {
+int num;/* size of vals array below */
+const char *help;   /* help text for vals */
+/*
+ * Note:
+ * - because of the way compatibility is determined vals MUST be ordered
+ *   such that later options are a superset of all preceding options.
+ * - the order of vals must be preserved, that is their index is important,
+ *   however vals may be added to the end of the list so long as the above
+ *   point is observed
+ */
+const char *vals[];
+} sPAPRCapPossible;
+
 typedef struct sPAPRCapabilityInfo {
 const char *name;
 const char *description;
@@ -41,6 +55,8 @@ typedef struct sPAPRCapabilityInfo {
 ObjectPropertyAccessor *get;
 ObjectPropertyAccessor *set;
 const char *type;
+/* Possible values if this is a custom string type */
+sPAPRCapPossible *possible;
 /* Make sure the virtual hardware can support this capability */
 void (*apply)(sPAPRMachineState *spapr, uint8_t val, Error **errp);
 } sPAPRCapabilityInfo;
@@ -133,6 +149,60 @@ out:
 g_free(val);
 }
 
+static void ATTRIBUTE_UNUSED spapr_cap_get_string(Object *obj, Visitor *v,
+  const char *name,
+  void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+char *val = NULL;
+uint8_t value = spapr_get_cap(spapr, cap->index);
+
+if (value >= cap->possible->num) {
+error_setg(errp, "Invalid value (%d) for cap-%s", value, cap->name);
+return;
+}
+
+val = g_strdup(cap->possible->vals[value]);
+
+visit_type_str(v, name, , errp);
+g_free(val);
+}
+
+static void ATTRIBUTE_UNUSED spapr_cap_set_string(Object *obj, Visitor *v,
+  const char *name,
+  void *opaque, Error **errp)
+{
+sPAPRCapabilityInfo *cap = opaque;
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+Error *local_err = NULL;
+uint8_t i;
+char *val;
+
+visit_type_str(v, name, , _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+if (!strcmp(val, "?")) {
+error_setg(errp, "%s", cap->possible->help);
+goto out;
+}
+for (i = 0; i < cap->possible->num; i++) {
+if (!strcasecmp(val, cap->possible->vals[i])) {
+spapr->cmd_line_caps[cap->index] = true;
+spapr->eff.caps[cap->index] = i;
+goto out;
+}
+}
+
+error_setg(errp, "Invalid capability mode \"%s\" for cap-%s", val,
+   cap->name);
+out:
+g_free(val);
+}
+
 static void cap_htm_apply(sPAPRMachineState *spapr, uint8_t val, Error **errp)
 {
 if (!val) {
-- 
2.14.3

[Qemu-devel] [PULL 15/24] mac_newworld: use object link to pass OpenPIC object to macio

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Also switch macio_newworld_realize() over to use it rather than using the 
pic_mem
memory region directly.

Now that both Old World and New World macio devices no longer make use of the
pic_mem memory region directly, we can remove it.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 14 +-
 hw/ppc/mac_newworld.c | 20 +++-
 include/hw/misc/macio/macio.h |  4 +++-
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index d4c1d190c4..e5288f1084 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -279,10 +279,10 @@ static void macio_newworld_realize(PCIDevice *d, Error 
**errp)
 sysbus_connect_irq(sysbus_dev, 0, ns->irqs[cur_irq++]);
 sysbus_connect_irq(sysbus_dev, 1, ns->irqs[cur_irq++]);
 
-if (s->pic_mem) {
-/* OpenPIC */
-memory_region_add_subregion(>bar, 0x4, s->pic_mem);
-}
+/* OpenPIC */
+sysbus_dev = SYS_BUS_DEVICE(ns->pic);
+memory_region_add_subregion(>bar, 0x4,
+sysbus_mmio_get_region(sysbus_dev, 0));
 
 /* IDE buses */
 for (i = 0; i < ARRAY_SIZE(ns->ide); i++) {
@@ -311,6 +311,11 @@ static void macio_newworld_init(Object *obj)
 
 qdev_init_gpio_out(DEVICE(obj), ns->irqs, ARRAY_SIZE(ns->irqs));
 
+object_property_add_link(obj, "pic", TYPE_OPENPIC,
+ (Object **) >pic,
+ qdev_prop_allow_set_link_before_realize,
+ 0, NULL);
+
 for (i = 0; i < 2; i++) {
 macio_init_ide(s, >ide[i], sizeof(ns->ide[i]), i);
 }
@@ -441,7 +446,6 @@ void macio_init(PCIDevice *d,
 {
 MacIOState *macio_state = MACIO(d);
 
-macio_state->pic_mem = pic_mem;
 /* Note: this code is strongly inspirated from the corresponding code
in PearPC */
 qdev_prop_set_uint64(DEVICE(_state->cuda), "timebase-frequency",
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 396216954e..c7960ab67a 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -154,7 +154,7 @@ static void ppc_core99_init(MachineState *machine)
 hwaddr kernel_base, initrd_base, cmdline_base = 0;
 long kernel_size, initrd_size;
 PCIBus *pci_bus;
-PCIDevice *macio;
+NewWorldMacIOState *macio;
 MACIOIDEState *macio_ide;
 BusState *adb_bus;
 MacIONVRAMState *nvr;
@@ -166,7 +166,7 @@ static void ppc_core99_init(MachineState *machine)
 void *fw_cfg;
 int machine_arch;
 SysBusDevice *s;
-DeviceState *dev;
+DeviceState *dev, *pic_dev;
 int *token = g_new(int, 1);
 hwaddr nvram_addr = 0xFFF04000;
 uint64_t tbfreq;
@@ -333,10 +333,10 @@ static void ppc_core99_init(MachineState *machine)
 
 pic = g_new0(qemu_irq, 64);
 
-dev = qdev_create(NULL, TYPE_OPENPIC);
-qdev_prop_set_uint32(dev, "model", OPENPIC_MODEL_KEYLARGO);
-qdev_init_nofail(dev);
-s = SYS_BUS_DEVICE(dev);
+pic_dev = qdev_create(NULL, TYPE_OPENPIC);
+qdev_prop_set_uint32(pic_dev, "model", OPENPIC_MODEL_KEYLARGO);
+qdev_init_nofail(pic_dev);
+s = SYS_BUS_DEVICE(pic_dev);
 pic_mem = s->mmio[0].memory;
 k = 0;
 for (i = 0; i < smp_cpus; i++) {
@@ -346,7 +346,7 @@ static void ppc_core99_init(MachineState *machine)
 }
 
 for (i = 0; i < 64; i++) {
-pic[i] = qdev_get_gpio_in(dev, i);
+pic[i] = qdev_get_gpio_in(pic_dev, i);
 }
 
 if (PPC_INPUT(env) == PPC_FLAGS_INPUT_970) {
@@ -369,7 +369,7 @@ static void ppc_core99_init(MachineState *machine)
 }
 
 /* MacIO */
-macio = pci_create(pci_bus, -1, TYPE_NEWWORLD_MACIO);
+macio = NEWWORLD_MACIO(pci_create(pci_bus, -1, TYPE_NEWWORLD_MACIO));
 dev = DEVICE(macio);
 qdev_connect_gpio_out(dev, 0, pic[0x19]); /* CUDA */
 qdev_connect_gpio_out(dev, 1, pic[0x24]); /* ESCC-B */
@@ -379,7 +379,9 @@ static void ppc_core99_init(MachineState *machine)
 qdev_connect_gpio_out(dev, 5, pic[0x0e]); /* IDE */
 qdev_connect_gpio_out(dev, 6, pic[0x03]); /* IDE DMA */
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
-macio_init(macio, pic_mem);
+object_property_set_link(OBJECT(macio), OBJECT(pic_dev), "pic",
+ _abort);
+macio_init(PCI_DEVICE(macio), pic_mem);
 
 /* We only emulate 2 out of 3 IDE controllers for now */
 ide_drive_get(hd, ARRAY_SIZE(hd));
diff --git a/include/hw/misc/macio/macio.h b/include/hw/misc/macio/macio.h
index 843c114c07..4528282b36 100644
--- a/include/hw/misc/macio/macio.h
+++ b/include/hw/misc/macio/macio.h
@@ -29,6 +29,7 @@
 #include "hw/intc/heathrow_pic.h"
 #include "hw/misc/macio/cuda.h"
 #include "hw/ppc/mac_dbdma.h"
+#include "hw/ppc/openpic.h"
 
 #define TYPE_MACIO "macio"

[Qemu-devel] [PULL 21/24] ppc/spapr-caps: Convert cap-sbbc to custom spapr-cap

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

Convert cap-sbbc (speculation barrier bounds checking) to a custom
spapr-cap type.

Signed-off-by: Suraj Jitindar Singh 
[dwg: Removed trailing whitespace]
[dwg: Don't explicitly list "?"/help option, trust convention]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_caps.c | 17 +
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 4a93a3b4de..f75d6ff211 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -267,14 +267,22 @@ static void cap_safe_cache_apply(sPAPRMachineState 
*spapr, uint8_t val,
 }
 }
 
+sPAPRCapPossible cap_sbbc_possible = {
+.num = 3,
+.vals = {"broken", "workaround", "fixed"},
+.help = "broken - no protection, workaround - workaround available, fixed 
- fixed in hardware",
+};
+
 static void cap_safe_bounds_check_apply(sPAPRMachineState *spapr, uint8_t val,
 Error **errp)
 {
+uint8_t kvm_val =  kvmppc_get_cap_safe_bounds_check();
+
 if (tcg_enabled() && val) {
 /* TODO - for now only allow broken for TCG */
 error_setg(errp, "Requested safe bounds check capability level not 
supported by tcg, try a different value for cap-sbbc");
-} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_bounds_check())) {
-error_setg(errp, "Requested safe bounds check capability level not 
supported by kvm, try a different value for cap-sbbc");
+} else if (kvm_enabled() && (val > kvm_val)) {
+error_setg(errp, "Requested safe bounds check capability level not 
supported by kvm, try cap-sbbc=%s", cap_sbbc_possible.vals[kvm_val]);
 }
 }
 
@@ -335,9 +343,10 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .name = "sbbc",
 .description = "Speculation Barrier Bounds Checking" 
VALUE_DESC_TRISTATE,
 .index = SPAPR_CAP_SBBC,
-.get = spapr_cap_get_tristate,
-.set = spapr_cap_set_tristate,
+.get = spapr_cap_get_string,
+.set = spapr_cap_set_string,
 .type = "string",
+.possible = _sbbc_possible,
 .apply = cap_safe_bounds_check_apply,
 },
 [SPAPR_CAP_IBS] = {
-- 
2.14.3

[Qemu-devel] [PULL 22/24] ppc/spapr-caps: Convert cap-ibs to custom spapr-cap

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

Convert cap-ibs (indirect branch speculation) to a custom spapr-cap
type.

All tristate caps have now been converted to custom spapr-caps, so
remove the remaining support for them.

Signed-off-by: Suraj Jitindar Singh 
[dwg: Don't explicitly list "?"/help option, trust convention]
[dwg: Fold tristate removal into here, to not break bisect]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_caps.c| 81 ++
 hw/ppc/spapr_hcall.c   |  5 +++-
 include/hw/ppc/spapr.h |  5 +++-
 target/ppc/kvm.c   |  6 ++--
 4 files changed, 28 insertions(+), 69 deletions(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index f75d6ff211..c09febcf12 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -89,65 +89,6 @@ static void spapr_cap_set_bool(Object *obj, Visitor *v, 
const char *name,
 spapr->eff.caps[cap->index] = value ? SPAPR_CAP_ON : SPAPR_CAP_OFF;
 }
 
-static void spapr_cap_get_tristate(Object *obj, Visitor *v, const char *name,
-   void *opaque, Error **errp)
-{
-sPAPRCapabilityInfo *cap = opaque;
-sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-char *val = NULL;
-uint8_t value = spapr_get_cap(spapr, cap->index);
-
-switch (value) {
-case SPAPR_CAP_BROKEN:
-val = g_strdup("broken");
-break;
-case SPAPR_CAP_WORKAROUND:
-val = g_strdup("workaround");
-break;
-case SPAPR_CAP_FIXED:
-val = g_strdup("fixed");
-break;
-default:
-error_setg(errp, "Invalid value (%d) for cap-%s", value, cap->name);
-return;
-}
-
-visit_type_str(v, name, , errp);
-g_free(val);
-}
-
-static void spapr_cap_set_tristate(Object *obj, Visitor *v, const char *name,
-   void *opaque, Error **errp)
-{
-sPAPRCapabilityInfo *cap = opaque;
-sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
-char *val;
-Error *local_err = NULL;
-uint8_t value;
-
-visit_type_str(v, name, , _err);
-if (local_err) {
-error_propagate(errp, local_err);
-return;
-}
-
-if (!strcasecmp(val, "broken")) {
-value = SPAPR_CAP_BROKEN;
-} else if (!strcasecmp(val, "workaround")) {
-value = SPAPR_CAP_WORKAROUND;
-} else if (!strcasecmp(val, "fixed")) {
-value = SPAPR_CAP_FIXED;
-} else {
-error_setg(errp, "Invalid capability mode \"%s\" for cap-%s", val,
-   cap->name);
-goto out;
-}
-
-spapr->cmd_line_caps[cap->index] = true;
-spapr->eff.caps[cap->index] = value;
-out:
-g_free(val);
-}
 
 static void  spapr_cap_get_string(Object *obj, Visitor *v, const char *name,
   void *opaque, Error **errp)
@@ -286,16 +227,25 @@ static void cap_safe_bounds_check_apply(sPAPRMachineState 
*spapr, uint8_t val,
 }
 }
 
+sPAPRCapPossible cap_ibs_possible = {
+.num = 4,
+/* Note workaround only maintained for compatibility */
+.vals = {"broken", "workaround", "fixed-ibs", "fixed-ccd"},
+.help = "broken - no protection, fixed-ibs - indirect branch 
serialisation, fixed-ccd - cache count disabled",
+};
+
 static void cap_safe_indirect_branch_apply(sPAPRMachineState *spapr,
uint8_t val, Error **errp)
 {
+uint8_t kvm_val = kvmppc_get_cap_safe_indirect_branch();
+
 if (val == SPAPR_CAP_WORKAROUND) { /* Can only be Broken or Fixed */
-error_setg(errp, "Requested safe indirect branch capability level 
\"workaround\" not valid, try cap-ibs=fixed");
+error_setg(errp, "Requested safe indirect branch capability level 
\"workaround\" not valid, try cap-ibs=%s", cap_ibs_possible.vals[kvm_val]);
 } else if (tcg_enabled() && val) {
 /* TODO - for now only allow broken for TCG */
 error_setg(errp, "Requested safe indirect branch capability level not 
supported by tcg, try a different value for cap-ibs");
-} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_indirect_branch())) 
{
-error_setg(errp, "Requested safe indirect branch capability level not 
supported by kvm, try a different value for cap-ibs");
+} else if (kvm_enabled() && val && (val != kvm_val)) {
+error_setg(errp, "Requested safe indirect branch capability level not 
supported by kvm, try cap-ibs=%s", cap_ibs_possible.vals[kvm_val]);
 }
 }
 
@@ -351,11 +301,12 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 },
 [SPAPR_CAP_IBS] = {
 .name = "ibs",
-.description = "Indirect Branch Serialisation (broken, fixed)",
+.description = "Indirect Branch Speculation (broken, fixed-ibs, 
fixed-ccd)",
 .index = SPAPR_CAP_IBS,
-.get = spapr_cap_get_tristate,
-.set = spapr_cap_set_tristate,
+.get = spapr_cap_get_string,
+.set =

[Qemu-devel] [PULL 03/24] ppc: Add aCube Sam460ex board

2018-03-01 Thread David Gibson 
From: BALATON Zoltan 

Add emulation of aCube Sam460ex board based on AMCC 460EX embedded SoC.
This is not a complete implementation yet with a lot of components
still missing but enough for the U-Boot firmware to start and to boot
a Linux kernel or AROS.

Signed-off-by: François Revol 
Signed-off-by: BALATON Zoltan 
[dwg: Added some test blacklists, since the new board can't be run
 without extracting a firmware image]
Signed-off-by: David Gibson 
---
 Makefile   |   2 +-
 default-configs/ppc-softmmu.mak|   2 +
 default-configs/ppcemb-softmmu.mak |   1 +
 hw/ppc/Makefile.objs   |   3 +-
 hw/ppc/sam460ex.c  | 603 +
 pc-bios/canyonlands.dtb| Bin 0 -> 9779 bytes
 pc-bios/canyonlands.dts| 566 ++
 tests/qom-test.c   |   7 +
 tests/test-hmp.c   |   3 +-
 9 files changed, 1184 insertions(+), 3 deletions(-)
 create mode 100644 hw/ppc/sam460ex.c
 create mode 100644 pc-bios/canyonlands.dtb
 create mode 100644 pc-bios/canyonlands.dts

diff --git a/Makefile b/Makefile
index 90e05ac409..6434d6cc5e 100644
--- a/Makefile
+++ b/Makefile
@@ -656,7 +656,7 @@ efi-e1000.rom efi-eepro100.rom efi-ne2k_pci.rom \
 efi-pcnet.rom efi-rtl8139.rom efi-virtio.rom \
 efi-e1000e.rom efi-vmxnet3.rom \
 qemu-icon.bmp qemu_logo_no_text.svg \
-bamboo.dtb petalogix-s3adsp1800.dtb petalogix-ml605.dtb \
+bamboo.dtb canyonlands.dtb petalogix-s3adsp1800.dtb petalogix-ml605.dtb \
 multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin \
 s390-ccw.img s390-netboot.img \
 spapr-rtas.bin slof.bin skiboot.lid \
diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
index 76e29cfa14..4d7be45ac5 100644
--- a/default-configs/ppc-softmmu.mak
+++ b/default-configs/ppc-softmmu.mak
@@ -21,6 +21,8 @@ CONFIG_E500=y
 CONFIG_OPENPIC_KVM=$(call land,$(CONFIG_E500),$(CONFIG_KVM))
 CONFIG_PLATFORM_BUS=y
 CONFIG_ETSEC=y
+# For Sam460ex
+CONFIG_USB_EHCI_SYSBUS=y
 CONFIG_SM501=y
 CONFIG_IDE_SII3112=y
 CONFIG_I2C=y
diff --git a/default-configs/ppcemb-softmmu.mak 
b/default-configs/ppcemb-softmmu.mak
index bc5e1b3ffe..67d18b2e0e 100644
--- a/default-configs/ppcemb-softmmu.mak
+++ b/default-configs/ppcemb-softmmu.mak
@@ -15,6 +15,7 @@ CONFIG_PTIMER=y
 CONFIG_I8259=y
 CONFIG_XILINX=y
 CONFIG_XILINX_ETHLITE=y
+CONFIG_USB_EHCI_SYSBUS=y
 CONFIG_SM501=y
 CONFIG_IDE_SII3112=y
 CONFIG_I2C=y
diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index bddc742bfb..86d82a6ec3 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -13,7 +13,8 @@ endif
 obj-$(CONFIG_PSERIES) += spapr_rtas_ddw.o
 # PowerPC 4xx boards
 obj-y += ppc4xx_devs.o ppc405_uc.o
-obj-$(CONFIG_PPC4XX) += ppc4xx_pci.o ppc405_boards.o ppc440_bamboo.o 
ppc440_pcix.o
+obj-$(CONFIG_PPC4XX) += ppc4xx_pci.o ppc405_boards.o
+obj-$(CONFIG_PPC4XX) += ppc440_bamboo.o ppc440_pcix.o ppc440_uc.o sam460ex.o
 # PReP
 obj-$(CONFIG_PREP) += prep.o
 obj-$(CONFIG_PREP) += prep_systemio.o
diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
new file mode 100644
index 00..70b8e76d9c
--- /dev/null
+++ b/hw/ppc/sam460ex.c
@@ -0,0 +1,603 @@
+/*
+ * QEMU aCube Sam460ex board emulation
+ *
+ * Copyright (c) 2012 François Revol
+ * Copyright (c) 2016-2018 BALATON Zoltan
+ *
+ * This file is derived from hw/ppc440_bamboo.c,
+ * the copyright for that material belongs to the original owners.
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/cutils.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
+#include "hw/hw.h"
+#include "sysemu/blockdev.h"
+#include "hw/boards.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "sysemu/device_tree.h"
+#include "sysemu/block-backend.h"
+#include "hw/loader.h"
+#include "elf.h"
+#include "exec/address-spaces.h"
+#include "exec/memory.h"
+#include "hw/ppc/ppc440.h"
+#include "hw/ppc/ppc405.h"
+#include "hw/block/flash.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "hw/sysbus.h"
+#include "hw/char/serial.h"
+#include "hw/i2c/ppc4xx_i2c.h"
+#include "hw/i2c/smbus.h"
+#include "hw/usb/hcd-ehci.h"
+
+#define BINARY_DEVICE_TREE_FILE "canyonlands.dtb"
+#define UBOOT_FILENAME "u-boot-sam460-20100605.bin"
+/* to extract the official U-Boot bin from the updater: */
+/* dd bs=1 skip=$(($(stat -c '%s' updater/updater-460) - 0x8)) \
+ if=updater/updater-460 of=u-boot-sam460-20100605.bin */
+
+/* from Sam460 U-Boot include/configs/Sam460ex.h */
+#define FLASH_BASE 0xfff0
+#define FLASH_BASE_H   0x4
+#define FLASH_SIZE (1 << 20)
+#define UBOOT_LOAD_BASE0xfff8
+#define UBOOT_SIZE 0x0008
+#define UBOOT_ENTRY0xfffc
+
+/* from U-Boot */
+#define EPAPR_MAGIC   (0x45504150)
+#define

[Qemu-devel] [PULL 17/24] macio: remove macio_init() function

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Move the remaining comment into macio.c for reference, then remove the
macio_init() function and instantiate the macio devices for both Old World
and New World machines via qdev_init_nofail() directly.

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 11 +++
 hw/ppc/mac_newworld.c |  4 +---
 hw/ppc/mac_oldworld.c |  4 +---
 3 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index f71ed61819..af1bd46b4b 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -33,6 +33,9 @@
 #include "hw/misc/macio/macio.h"
 #include "hw/intc/heathrow_pic.h"
 
+/* Note: this code is strongly inspirated from the corresponding code
+ * in PearPC */
+
 /*
  * The mac-io has two interfaces to the ESCC. One is called "escc-legacy",
  * while the other one is the normal, current ESCC interface.
@@ -442,11 +445,3 @@ static void macio_register_types(void)
 }
 
 type_init(macio_register_types)
-
-void macio_init(PCIDevice *d,
-MemoryRegion *pic_mem)
-{
-/* Note: this code is strongly inspirated from the corresponding code
-   in PearPC */
-qdev_init_nofail(DEVICE(d));
-}
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index c7960ab67a..a749e2565d 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -160,7 +160,6 @@ static void ppc_core99_init(MachineState *machine)
 MacIONVRAMState *nvr;
 int bios_size, ndrv_size;
 uint8_t *ndrv_file;
-MemoryRegion *pic_mem;
 int ppc_boot_device;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 void *fw_cfg;
@@ -337,7 +336,6 @@ static void ppc_core99_init(MachineState *machine)
 qdev_prop_set_uint32(pic_dev, "model", OPENPIC_MODEL_KEYLARGO);
 qdev_init_nofail(pic_dev);
 s = SYS_BUS_DEVICE(pic_dev);
-pic_mem = s->mmio[0].memory;
 k = 0;
 for (i = 0; i < smp_cpus; i++) {
 for (j = 0; j < OPENPIC_OUTPUT_NB; j++) {
@@ -381,7 +379,7 @@ static void ppc_core99_init(MachineState *machine)
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
 object_property_set_link(OBJECT(macio), OBJECT(pic_dev), "pic",
  _abort);
-macio_init(PCI_DEVICE(macio), pic_mem);
+qdev_init_nofail(dev);
 
 /* We only emulate 2 out of 3 IDE controllers for now */
 ide_drive_get(hd, ARRAY_SIZE(hd));
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 3ac5b19073..935493c966 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -96,7 +96,6 @@ static void ppc_heathrow_init(MachineState *machine)
 OldWorldMacIOState *macio;
 MACIOIDEState *macio_ide;
 DeviceState *dev, *pic_dev;
-SysBusDevice *sbd;
 BusState *adb_bus;
 int bios_size, ndrv_size;
 uint8_t *ndrv_file;
@@ -283,8 +282,7 @@ static void ppc_heathrow_init(MachineState *machine)
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
 object_property_set_link(OBJECT(macio), OBJECT(pic_dev), "pic",
  _abort);
-sbd = SYS_BUS_DEVICE(pic_dev);
-macio_init(PCI_DEVICE(macio), sysbus_mmio_get_region(sbd, 0));
+qdev_init_nofail(dev);
 
 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
 "ide[0]"));
-- 
2.14.3

[Qemu-devel] [PULL 24/24] hw/ppc/spapr, e500: Use new property "stdout-path" for boot console

2018-03-01 Thread David Gibson 
From: Nikunj A Dadhania 

Linux kernel commit 2a9d832cc9aae21ea827520fef635b6c49a06c6d
(of: Add bindings for chosen node, stdout-path) deprecated chosen property
"linux,stdout-path" and "stdout".

Introduce the new property "stdout-path" and continue supporting the older
property to remain compatible with existing/older firmware. This older property
can be deprecated after 5 years.

Signed-off-by: Nikunj A Dadhania 
Signed-off-by: David Gibson 
---
 hw/ppc/e500.c  | 7 +++
 hw/ppc/spapr.c | 7 +++
 2 files changed, 14 insertions(+)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 13a34f50b7..ef541a00be 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -120,7 +120,14 @@ static void dt_serial_create(void *fdt, unsigned long long 
offset,
 qemu_fdt_setprop_string(fdt, "/aliases", alias, ser);
 
 if (defcon) {
+/*
+ * "linux,stdout-path" and "stdout" properties are deprecated by linux
+ * kernel. New platforms should only use the "stdout-path" property. 
Set
+ * the new property and continue using older property to remain
+ * compatible with the existing firmware.
+ */
 qemu_fdt_setprop_string(fdt, "/chosen", "linux,stdout-path", ser);
+qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", ser);
 }
 }
 
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 1b6ddd827e..7e1c858566 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1053,7 +1053,14 @@ static void spapr_dt_chosen(sPAPRMachineState *spapr, 
void *fdt)
 }
 
 if (!spapr->has_graphics && stdout_path) {
+/*
+ * "linux,stdout-path" and "stdout" properties are deprecated by linux
+ * kernel. New platforms should only use the "stdout-path" property. 
Set
+ * the new property and continue using older property to remain
+ * compatible with the existing firmware.
+ */
 _FDT(fdt_setprop_string(fdt, chosen, "linux,stdout-path", 
stdout_path));
+_FDT(fdt_setprop_string(fdt, chosen, "stdout-path", stdout_path));
 }
 
 spapr_dt_ov5_platform_support(fdt, chosen);
-- 
2.14.3

[Qemu-devel] [PULL 14/24] openpic: move OpenPIC state and related definitions to openpic.h

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

This is to faciliate access to OpenPICState when wiring up the PIC to the macio
controller.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 hw/intc/openpic.c| 157 --
 include/hw/ppc/openpic.h | 159 ++-
 2 files changed, 158 insertions(+), 158 deletions(-)

diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c
index 9159a06f07..811cee9b26 100644
--- a/hw/intc/openpic.c
+++ b/hw/intc/openpic.c
@@ -63,10 +63,6 @@ static int get_current_cpu(void);
 } \
 } while (0)
 
-#define MAX_CPU 32
-#define MAX_MSI 8
-#define VID 0x03 /* MPIC version ID */
-
 /* OpenPIC capability flags */
 #define OPENPIC_FLAG_IDR_CRIT (1 << 0)
 #define OPENPIC_FLAG_ILR  (2 << 0)
@@ -85,35 +81,6 @@ static int get_current_cpu(void);
 #define OPENPIC_CPU_REG_START0x2
 #define OPENPIC_CPU_REG_SIZE 0x100 + ((MAX_CPU - 1) * 0x1000)
 
-/* Raven */
-#define RAVEN_MAX_CPU  2
-#define RAVEN_MAX_EXT 48
-#define RAVEN_MAX_IRQ 64
-#define RAVEN_MAX_TMR  OPENPIC_MAX_TMR
-#define RAVEN_MAX_IPI  OPENPIC_MAX_IPI
-
-/* KeyLargo */
-#define KEYLARGO_MAX_CPU  4
-#define KEYLARGO_MAX_EXT  64
-#define KEYLARGO_MAX_IPI  4
-#define KEYLARGO_MAX_IRQ  (64 + KEYLARGO_MAX_IPI)
-#define KEYLARGO_MAX_TMR  0
-#define KEYLARGO_IPI_IRQ  (KEYLARGO_MAX_EXT) /* First IPI IRQ */
-/* Timers don't exist but this makes the code happy... */
-#define KEYLARGO_TMR_IRQ  (KEYLARGO_IPI_IRQ + KEYLARGO_MAX_IPI)
-
-/* Interrupt definitions */
-#define RAVEN_FE_IRQ (RAVEN_MAX_EXT) /* Internal functional IRQ */
-#define RAVEN_ERR_IRQ(RAVEN_MAX_EXT + 1) /* Error IRQ */
-#define RAVEN_TMR_IRQ(RAVEN_MAX_EXT + 2) /* First timer IRQ */
-#define RAVEN_IPI_IRQ(RAVEN_TMR_IRQ + RAVEN_MAX_TMR) /* First IPI IRQ */
-/* First doorbell IRQ */
-#define RAVEN_DBL_IRQ(RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))
-
-typedef struct FslMpicInfo {
-int max_ext;
-} FslMpicInfo;
-
 static FslMpicInfo fsl_mpic_20 = {
 .max_ext = 12,
 };
@@ -211,55 +178,6 @@ static void openpic_cpu_write_internal(void *opaque, 
hwaddr addr,
uint32_t val, int idx);
 static void openpic_reset(DeviceState *d);
 
-typedef enum IRQType {
-IRQ_TYPE_NORMAL = 0,
-IRQ_TYPE_FSLINT,/* FSL internal interrupt -- level only */
-IRQ_TYPE_FSLSPECIAL,/* FSL timer/IPI interrupt, edge, no polarity */
-} IRQType;
-
-/* Round up to the nearest 64 IRQs so that the queue length
- * won't change when moving between 32 and 64 bit hosts.
- */
-#define IRQQUEUE_SIZE_BITS ((OPENPIC_MAX_IRQ + 63) & ~63)
-
-typedef struct IRQQueue {
-unsigned long *queue;
-int32_t queue_size; /* Only used for VMSTATE_BITMAP */
-int next;
-int priority;
-} IRQQueue;
-
-typedef struct IRQSource {
-uint32_t ivpr;  /* IRQ vector/priority register */
-uint32_t idr;   /* IRQ destination register */
-uint32_t destmask; /* bitmap of CPU destinations */
-int last_cpu;
-int output; /* IRQ level, e.g. OPENPIC_OUTPUT_INT */
-int pending;/* TRUE if IRQ is pending */
-IRQType type;
-bool level:1;   /* level-triggered */
-bool nomask:1;  /* critical interrupts ignore mask on some FSL MPICs */
-} IRQSource;
-
-#define IVPR_MASK_SHIFT   31
-#define IVPR_MASK_MASK(1U << IVPR_MASK_SHIFT)
-#define IVPR_ACTIVITY_SHIFT   30
-#define IVPR_ACTIVITY_MASK(1U << IVPR_ACTIVITY_SHIFT)
-#define IVPR_MODE_SHIFT   29
-#define IVPR_MODE_MASK(1U << IVPR_MODE_SHIFT)
-#define IVPR_POLARITY_SHIFT   23
-#define IVPR_POLARITY_MASK(1U << IVPR_POLARITY_SHIFT)
-#define IVPR_SENSE_SHIFT  22
-#define IVPR_SENSE_MASK   (1U << IVPR_SENSE_SHIFT)
-
-#define IVPR_PRIORITY_MASK (0xFU << 16)
-#define IVPR_PRIORITY(_ivprr_) ((int)(((_ivprr_) & IVPR_PRIORITY_MASK) >> 16))
-#define IVPR_VECTOR(opp, _ivprr_) ((_ivprr_) & (opp)->vector_mask)
-
-/* IDR[EP/CI] are only for FSL MPIC prior to v4.0 */
-#define IDR_EP  0x8000  /* external pin */
-#define IDR_CI  0x4000  /* critical interrupt */
-
 /* Convert between openpic clock ticks and nanosecs.  In the hardware the clock
frequency is driven by board inputs to the PIC which the PIC would then
divide by 4 or 8.  For now hard code to 25MZ.
@@ -275,81 +193,6 @@ static inline uint64_t ticks_to_ns(uint64_t ticks)
 return ticks * OPENPIC_TIMER_NS_PER_TICK;
 }
 
-typedef struct OpenPICTimer {
-uint32_t tccr;  /* Global timer current count register */
-uint32_t tbcr;  /* Global timer base count register */
-int   n_IRQ;
-bool  qemu_timer_active; /* Is the qemu_timer is running? 
*/
-struct QEMUTimer *qemu_timer;
-struct OpenPICState  *opp;

[Qemu-devel] [PULL 02/24] ppc440: Add emulation of plb-pcix controller found in some 440 SoCs

2018-03-01 Thread David Gibson 
From: BALATON Zoltan 

This is the PCIX controller found in newer 440 core SoCs e.g. the
AMMC 460EX. The device tree refers to this as plb-pcix compared to
the plb-pci controller in older 440 SoCs.

Signed-off-by: BALATON Zoltan 
[dwg: Remove hwaddr from trace-events, that doesn't work with some
 trace backends]
Signed-off-by: David Gibson 
---
 hw/ppc/Makefile.objs |   2 +-
 hw/ppc/ppc440_pcix.c | 528 +++
 hw/ppc/trace-events  |   8 +
 3 files changed, 537 insertions(+), 1 deletion(-)
 create mode 100644 hw/ppc/ppc440_pcix.c

diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index ad1928c5d8..bddc742bfb 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -13,7 +13,7 @@ endif
 obj-$(CONFIG_PSERIES) += spapr_rtas_ddw.o
 # PowerPC 4xx boards
 obj-y += ppc4xx_devs.o ppc405_uc.o
-obj-$(CONFIG_PPC4XX) += ppc4xx_pci.o ppc405_boards.o ppc440_bamboo.o
+obj-$(CONFIG_PPC4XX) += ppc4xx_pci.o ppc405_boards.o ppc440_bamboo.o 
ppc440_pcix.o
 # PReP
 obj-$(CONFIG_PREP) += prep.o
 obj-$(CONFIG_PREP) += prep_systemio.o
diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
new file mode 100644
index 00..ab2626a9de
--- /dev/null
+++ b/hw/ppc/ppc440_pcix.c
@@ -0,0 +1,528 @@
+/*
+ * Emulation of the ibm,plb-pcix PCI controller
+ * This is found in some 440 SoCs e.g. the 460EX.
+ *
+ * Copyright (c) 2016-2018 BALATON Zoltan
+ *
+ * Derived from ppc4xx_pci.c and pci-host/ppce500.c
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License, version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/ppc4xx.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "exec/address-spaces.h"
+#include "trace.h"
+
+struct PLBOutMap {
+uint64_t la;
+uint64_t pcia;
+uint32_t sa;
+MemoryRegion mr;
+};
+
+struct PLBInMap {
+uint64_t sa;
+uint64_t la;
+MemoryRegion mr;
+};
+
+#define TYPE_PPC440_PCIX_HOST_BRIDGE "ppc440-pcix-host"
+#define PPC440_PCIX_HOST_BRIDGE(obj) \
+OBJECT_CHECK(PPC440PCIXState, (obj), TYPE_PPC440_PCIX_HOST_BRIDGE)
+
+#define PPC440_PCIX_NR_POMS 3
+#define PPC440_PCIX_NR_PIMS 3
+
+typedef struct PPC440PCIXState {
+PCIHostState parent_obj;
+
+PCIDevice *dev;
+struct PLBOutMap pom[PPC440_PCIX_NR_POMS];
+struct PLBInMap pim[PPC440_PCIX_NR_PIMS];
+uint32_t sts;
+qemu_irq irq[PCI_NUM_PINS];
+AddressSpace bm_as;
+MemoryRegion bm;
+
+MemoryRegion container;
+MemoryRegion iomem;
+MemoryRegion busmem;
+} PPC440PCIXState;
+
+#define PPC440_REG_BASE 0x8
+#define PPC440_REG_SIZE 0xff
+
+#define PCIC0_CFGADDR   0x0
+#define PCIC0_CFGDATA   0x4
+
+#define PCIX0_POM0LAL   0x68
+#define PCIX0_POM0LAH   0x6c
+#define PCIX0_POM0SA0x70
+#define PCIX0_POM0PCIAL 0x74
+#define PCIX0_POM0PCIAH 0x78
+#define PCIX0_POM1LAL   0x7c
+#define PCIX0_POM1LAH   0x80
+#define PCIX0_POM1SA0x84
+#define PCIX0_POM1PCIAL 0x88
+#define PCIX0_POM1PCIAH 0x8c
+#define PCIX0_POM2SA0x90
+
+#define PCIX0_PIM0SAL   0x98
+#define PCIX0_PIM0LAL   0x9c
+#define PCIX0_PIM0LAH   0xa0
+#define PCIX0_PIM1SA0xa4
+#define PCIX0_PIM1LAL   0xa8
+#define PCIX0_PIM1LAH   0xac
+#define PCIX0_PIM2SAL   0xb0
+#define PCIX0_PIM2LAL   0xb4
+#define PCIX0_PIM2LAH   0xb8
+#define PCIX0_PIM0SAH   0xf8
+#define PCIX0_PIM2SAH   0xfc
+
+#define PCIX0_STS   0xe0
+
+#define PCI_ALL_SIZE(PPC440_REG_BASE + PPC440_REG_SIZE)
+
+static void ppc440_pcix_clear_region(MemoryRegion *parent,
+ MemoryRegion *mem)
+{
+if (memory_region_is_mapped(mem)) {
+memory_region_del_subregion(parent, mem);
+object_unparent(OBJECT(mem));
+}
+}
+
+/* DMA mapping */
+static void ppc440_pcix_update_pim(PPC440PCIXState *s, int idx)
+{
+MemoryRegion *mem = >pim[idx].mr;
+char *name;
+uint64_t size;
+
+/* Before we modify anything, unmap and destroy the region */
+ppc440_pcix_clear_region(>bm, mem);
+
+if (!(s->pim[idx].sa & 1)) {
+/* Not enabled, nothing to do */
+return;
+}
+
+name = g_strdup_printf("PCI Inbound Window %d", idx);
+size = ~(s->pim[idx].sa & ~7ULL) + 1;
+memory_region_init_alias(mem, OBJECT(s), name, get_system_memory(),
+

[Qemu-devel] [PULL 07/24] macio: move ESCC device within the macio device

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Now that the ESCC device is instantiated directly via qdev, move it to within
the macio device and wire up the IRQs and memory regions using the sysbus API.

This enables to remove the now-obsolete escc_mem parameter to the macio_init()
function.

(Note this patch also contains small touch-ups to the formatting in
macio_escc_legacy_setup() and ppc_heathrow_init() in order to keep checkpatch
happy)

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 60 ---
 hw/ppc/mac.h  |  3 +--
 hw/ppc/mac_newworld.c | 37 ---
 hw/ppc/mac_oldworld.c | 38 +---
 4 files changed, 63 insertions(+), 75 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 7174135c8b..1c10d8a1d7 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -43,8 +43,8 @@ typedef struct MacIOState
 MemoryRegion bar;
 CUDAState cuda;
 DBDMAState dbdma;
+ESCCState escc;
 MemoryRegion *pic_mem;
-MemoryRegion *escc_mem;
 uint64_t frequency;
 } MacIOState;
 
@@ -56,7 +56,7 @@ typedef struct OldWorldMacIOState {
 MacIOState parent_obj;
 /*< public >*/
 
-qemu_irq irqs[5];
+qemu_irq irqs[7];
 
 MacIONVRAMState nvram;
 MACIOIDEState ide[2];
@@ -69,7 +69,7 @@ typedef struct NewWorldMacIOState {
 /*< private >*/
 MacIOState parent_obj;
 /*< public >*/
-qemu_irq irqs[5];
+qemu_irq irqs[7];
 MACIOIDEState ide[2];
 } NewWorldMacIOState;
 
@@ -84,10 +84,12 @@ typedef struct NewWorldMacIOState {
  *
  * Reference: 
ftp://ftp.software.ibm.com/rs6000/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
  */
-static void macio_escc_legacy_setup(MacIOState *macio_state)
+static void macio_escc_legacy_setup(MacIOState *s)
 {
+ESCCState *escc = ESCC(>escc);
+SysBusDevice *sbd = SYS_BUS_DEVICE(escc);
 MemoryRegion *escc_legacy = g_new(MemoryRegion, 1);
-MemoryRegion *bar = _state->bar;
+MemoryRegion *bar = >bar;
 int i;
 static const int maps[] = {
 0x00, 0x00, /* Command B */
@@ -102,25 +104,26 @@ static void macio_escc_legacy_setup(MacIOState 
*macio_state)
 0xb0, 0xb0, /* Detect AB */
 };
 
-memory_region_init(escc_legacy, OBJECT(macio_state), "escc-legacy", 256);
+memory_region_init(escc_legacy, OBJECT(s), "escc-legacy", 256);
 for (i = 0; i < ARRAY_SIZE(maps); i += 2) {
 MemoryRegion *port = g_new(MemoryRegion, 1);
-memory_region_init_alias(port, OBJECT(macio_state), "escc-legacy-port",
- macio_state->escc_mem, maps[i+1], 0x2);
+memory_region_init_alias(port, OBJECT(s), "escc-legacy-port",
+ sysbus_mmio_get_region(sbd, 0),
+ maps[i + 1], 0x2);
 memory_region_add_subregion(escc_legacy, maps[i], port);
 }
 
 memory_region_add_subregion(bar, 0x12000, escc_legacy);
 }
 
-static void macio_bar_setup(MacIOState *macio_state)
+static void macio_bar_setup(MacIOState *s)
 {
-MemoryRegion *bar = _state->bar;
+ESCCState *escc = ESCC(>escc);
+SysBusDevice *sbd = SYS_BUS_DEVICE(escc);
+MemoryRegion *bar = >bar;
 
-if (macio_state->escc_mem) {
-memory_region_add_subregion(bar, 0x13000, macio_state->escc_mem);
-macio_escc_legacy_setup(macio_state);
-}
+memory_region_add_subregion(bar, 0x13000, sysbus_mmio_get_region(sbd, 0));
+macio_escc_legacy_setup(s);
 }
 
 static void macio_common_realize(PCIDevice *d, Error **errp)
@@ -147,6 +150,12 @@ static void macio_common_realize(PCIDevice *d, Error 
**errp)
 memory_region_add_subregion(>bar, 0x16000,
 sysbus_mmio_get_region(sysbus_dev, 0));
 
+object_property_set_bool(OBJECT(>escc), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
 macio_bar_setup(s);
 pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, >bar);
 }
@@ -185,6 +194,10 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 sysbus_dev = SYS_BUS_DEVICE(>cuda);
 sysbus_connect_irq(sysbus_dev, 0, os->irqs[cur_irq++]);
 
+sysbus_dev = SYS_BUS_DEVICE(>escc);
+sysbus_connect_irq(sysbus_dev, 0, os->irqs[cur_irq++]);
+sysbus_connect_irq(sysbus_dev, 1, os->irqs[cur_irq++]);
+
 object_property_set_bool(OBJECT(>nvram), true, "realized", );
 if (err) {
 error_propagate(errp, err);
@@ -297,6 +310,10 @@ static void macio_newworld_realize(PCIDevice *d, Error 
**errp)
 sysbus_dev = SYS_BUS_DEVICE(>cuda);
 sysbus_connect_irq(sysbus_dev, 0, ns->irqs[cur_irq++]);
 
+sysbus_dev = SYS_BUS_DEVICE(>escc);
+sysbus_connect_irq(sysbus_dev, 0, ns->irqs[cur_irq++]);
+

[Qemu-devel] [PULL 11/24] macio: move macio related structures and defines into separate macio.h file

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 43 +
 hw/ppc/mac.h  |  3 --
 hw/ppc/mac_newworld.c |  1 +
 hw/ppc/mac_oldworld.c |  1 +
 include/hw/misc/macio/macio.h | 75 +++
 5 files changed, 78 insertions(+), 45 deletions(-)
 create mode 100644 include/hw/misc/macio/macio.h

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 1c10d8a1d7..4e502ede2e 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -30,48 +30,7 @@
 #include "hw/pci/pci.h"
 #include "hw/ppc/mac_dbdma.h"
 #include "hw/char/escc.h"
-
-#define TYPE_MACIO "macio"
-#define MACIO(obj) OBJECT_CHECK(MacIOState, (obj), TYPE_MACIO)
-
-typedef struct MacIOState
-{
-/*< private >*/
-PCIDevice parent;
-/*< public >*/
-
-MemoryRegion bar;
-CUDAState cuda;
-DBDMAState dbdma;
-ESCCState escc;
-MemoryRegion *pic_mem;
-uint64_t frequency;
-} MacIOState;
-
-#define OLDWORLD_MACIO(obj) \
-OBJECT_CHECK(OldWorldMacIOState, (obj), TYPE_OLDWORLD_MACIO)
-
-typedef struct OldWorldMacIOState {
-/*< private >*/
-MacIOState parent_obj;
-/*< public >*/
-
-qemu_irq irqs[7];
-
-MacIONVRAMState nvram;
-MACIOIDEState ide[2];
-} OldWorldMacIOState;
-
-#define NEWWORLD_MACIO(obj) \
-OBJECT_CHECK(NewWorldMacIOState, (obj), TYPE_NEWWORLD_MACIO)
-
-typedef struct NewWorldMacIOState {
-/*< private >*/
-MacIOState parent_obj;
-/*< public >*/
-qemu_irq irqs[7];
-MACIOIDEState ide[2];
-} NewWorldMacIOState;
+#include "hw/misc/macio/macio.h"
 
 /*
  * The mac-io has two interfaces to the ESCC. One is called "escc-legacy",
diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 5b5fffdff3..a02f797598 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -47,9 +47,6 @@
 
 
 /* MacIO */
-#define TYPE_OLDWORLD_MACIO "macio-oldworld"
-#define TYPE_NEWWORLD_MACIO "macio-newworld"
-
 #define TYPE_MACIO_IDE "macio-ide"
 #define MACIO_IDE(obj) OBJECT_CHECK(MACIOIDEState, (obj), TYPE_MACIO_IDE)
 
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 5e82158759..396216954e 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -60,6 +60,7 @@
 #include "hw/boards.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/char/escc.h"
+#include "hw/misc/macio/macio.h"
 #include "hw/ppc/openpic.h"
 #include "hw/ide.h"
 #include "hw/loader.h"
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 06a61220cb..5903ff47d3 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -37,6 +37,7 @@
 #include "hw/boards.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/char/escc.h"
+#include "hw/misc/macio/macio.h"
 #include "hw/ide.h"
 #include "hw/loader.h"
 #include "elf.h"
diff --git a/include/hw/misc/macio/macio.h b/include/hw/misc/macio/macio.h
new file mode 100644
index 00..e1e249f898
--- /dev/null
+++ b/include/hw/misc/macio/macio.h
@@ -0,0 +1,75 @@
+/*
+ * PowerMac MacIO device emulation
+ *
+ * Copyright (c) 2005-2007 Fabrice Bellard
+ * Copyright (c) 2007 Jocelyn Mayer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef MACIO_H
+#define MACIO_H
+
+#include "hw/misc/macio/cuda.h"
+#include "hw/ppc/mac_dbdma.h"
+
+#define TYPE_MACIO "macio"
+#define MACIO(obj) OBJECT_CHECK(MacIOState, (obj), TYPE_MACIO)
+
+typedef struct MacIOState {
+/*< private >*/
+PCIDevice parent;
+/*< public >*/
+
+MemoryRegion bar;
+CUDAState cuda;
+DBDMAState dbdma;
+ESCCState escc;
+MemoryRegion *pic_mem;
+uint64_t frequency;
+} MacIOState;
+
+#define TYPE_OLDWORLD_MACIO "macio-oldworld"
+#define OLDWORLD_MACIO(obj) \
+

[Qemu-devel] [PULL 08/24] heathrow: QOMify heathrow PIC

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 hw/intc/heathrow_pic.c | 126 +++--
 include/hw/intc/heathrow_pic.h |  49 
 2 files changed, 119 insertions(+), 56 deletions(-)
 create mode 100644 include/hw/intc/heathrow_pic.h

diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
index 171f5ed814..7bf44e0d86 100644
--- a/hw/intc/heathrow_pic.c
+++ b/hw/intc/heathrow_pic.c
@@ -25,6 +25,7 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/ppc/mac.h"
+#include "hw/intc/heathrow_pic.h"
 
 /* debug PIC */
 //#define DEBUG_PIC
@@ -36,39 +37,27 @@
 #define PIC_DPRINTF(fmt, ...)
 #endif
 
-typedef struct HeathrowPIC {
-uint32_t events;
-uint32_t mask;
-uint32_t levels;
-uint32_t level_triggered;
-} HeathrowPIC;
-
-typedef struct HeathrowPICS {
-MemoryRegion mem;
-HeathrowPIC pics[2];
-qemu_irq *irqs;
-} HeathrowPICS;
-
-static inline int check_irq(HeathrowPIC *pic)
+static inline int heathrow_check_irq(HeathrowPICState *pic)
 {
 return (pic->events | (pic->levels & pic->level_triggered)) & pic->mask;
 }
 
 /* update the CPU irq state */
-static void heathrow_pic_update(HeathrowPICS *s)
+static void heathrow_update_irq(HeathrowState *s)
 {
-if (check_irq(>pics[0]) || check_irq(>pics[1])) {
+if (heathrow_check_irq(>pics[0]) ||
+heathrow_check_irq(>pics[1])) {
 qemu_irq_raise(s->irqs[0]);
 } else {
 qemu_irq_lower(s->irqs[0]);
 }
 }
 
-static void pic_write(void *opaque, hwaddr addr,
-  uint64_t value, unsigned size)
+static void heathrow_write(void *opaque, hwaddr addr,
+   uint64_t value, unsigned size)
 {
-HeathrowPICS *s = opaque;
-HeathrowPIC *pic;
+HeathrowState *s = opaque;
+HeathrowPICState *pic;
 unsigned int n;
 
 n = ((addr & 0xfff) - 0x10) >> 4;
@@ -79,24 +68,24 @@ static void pic_write(void *opaque, hwaddr addr,
 switch(addr & 0xf) {
 case 0x04:
 pic->mask = value;
-heathrow_pic_update(s);
+heathrow_update_irq(s);
 break;
 case 0x08:
 /* do not reset level triggered IRQs */
 value &= ~pic->level_triggered;
 pic->events &= ~value;
-heathrow_pic_update(s);
+heathrow_update_irq(s);
 break;
 default:
 break;
 }
 }
 
-static uint64_t pic_read(void *opaque, hwaddr addr,
- unsigned size)
+static uint64_t heathrow_read(void *opaque, hwaddr addr,
+  unsigned size)
 {
-HeathrowPICS *s = opaque;
-HeathrowPIC *pic;
+HeathrowState *s = opaque;
+HeathrowPICState *pic;
 unsigned int n;
 uint32_t value;
 
@@ -124,16 +113,16 @@ static uint64_t pic_read(void *opaque, hwaddr addr,
 return value;
 }
 
-static const MemoryRegionOps heathrow_pic_ops = {
-.read = pic_read,
-.write = pic_write,
+static const MemoryRegionOps heathrow_ops = {
+.read = heathrow_read,
+.write = heathrow_write,
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static void heathrow_pic_set_irq(void *opaque, int num, int level)
+static void heathrow_set_irq(void *opaque, int num, int level)
 {
-HeathrowPICS *s = opaque;
-HeathrowPIC *pic;
+HeathrowState *s = opaque;
+HeathrowPICState *pic;
 unsigned int irq_bit;
 
 #if defined(DEBUG)
@@ -153,7 +142,7 @@ static void heathrow_pic_set_irq(void *opaque, int num, int 
level)
 } else {
 pic->levels &= ~irq_bit;
 }
-heathrow_pic_update(s);
+heathrow_update_irq(s);
 }
 
 static const VMStateDescription vmstate_heathrow_pic_one = {
@@ -161,54 +150,79 @@ static const VMStateDescription vmstate_heathrow_pic_one 
= {
 .version_id = 0,
 .minimum_version_id = 0,
 .fields = (VMStateField[]) {
-VMSTATE_UINT32(events, HeathrowPIC),
-VMSTATE_UINT32(mask, HeathrowPIC),
-VMSTATE_UINT32(levels, HeathrowPIC),
-VMSTATE_UINT32(level_triggered, HeathrowPIC),
+VMSTATE_UINT32(events, HeathrowPICState),
+VMSTATE_UINT32(mask, HeathrowPICState),
+VMSTATE_UINT32(levels, HeathrowPICState),
+VMSTATE_UINT32(level_triggered, HeathrowPICState),
 VMSTATE_END_OF_LIST()
 }
 };
 
-static const VMStateDescription vmstate_heathrow_pic = {
+static const VMStateDescription vmstate_heathrow = {
 .name = "heathrow_pic",
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_STRUCT_ARRAY(pics, HeathrowPICS, 2, 1,
- vmstate_heathrow_pic_one, HeathrowPIC),
+VMSTATE_STRUCT_ARRAY(pics, HeathrowState, 2, 1,
+ vmstate_heathrow_pic_one, HeathrowPICState),
 VMSTATE_END_OF_LIST()
 }
 };
 
-static void heathrow_pic_reset_one(HeathrowPIC *s)
+static void

[Qemu-devel] [PULL 18/24] target/ppc: Check mask when setting cap_ppc_safe_indirect_branch

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

Check the character and character_mask field when setting
cap_ppc_safe_indirect_branch based on the hypervisor response
to KVM_PPC_GET_CPU_CHAR. Previously the mask field wasn't checked
which was incorrect.

Fixes: 8acc2ae5 (target/ppc/kvm: Add 
cap_ppc_safe_[cache/bounds_check/indirect_branch])

Signed-off-by: Suraj Jitindar Singh 
Signed-off-by: David Gibson 
---
 target/ppc/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 9842b3bb12..2c183f61e2 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2494,7 +2494,7 @@ static void kvmppc_get_cpu_characteristics(KVMState *s)
 cap_ppc_safe_bounds_check = 1;
 }
 /* Parse and set cap_ppc_safe_indirect_branch */
-if (c.character & H_CPU_CHAR_BCCTRL_SERIALISED) {
+if (c.character & c.character_mask & H_CPU_CHAR_BCCTRL_SERIALISED) {
 cap_ppc_safe_indirect_branch = 2;
 }
 }
-- 
2.14.3

[Qemu-devel] [PULL 05/24] spapr: harden code that depends on VSMT

2018-03-01 Thread David Gibson 
From: Greg Kurz 

VSMT must be set in order to compute VCPU ids. This means that the
following functions must not be called before spapr_set_vsmt_mode()
was called:
- spapr_vcpu_id()
- spapr_is_thread0_in_vcore()
- xics_max_server_number()

We had a recent regression where the latter would be called before VSMT
was set, and broke migration of some old machine types. This patch
adds assert() in the above functions to avoid problems in the future.

Also, since VSMT is really a CPU related thing, spapr_set_vsmt_mode() is
now called from spapr_init_cpus(), just before the first VSMT user.

Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 144 ++---
 1 file changed, 75 insertions(+), 69 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3f1c5c5133..1c2703cb6b 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -105,12 +105,14 @@
  */
 static int spapr_vcpu_id(sPAPRMachineState *spapr, int cpu_index)
 {
+assert(spapr->vsmt);
 return
 (cpu_index / smp_threads) * spapr->vsmt + cpu_index % smp_threads;
 }
 static bool spapr_is_thread0_in_vcore(sPAPRMachineState *spapr,
   PowerPCCPU *cpu)
 {
+assert(spapr->vsmt);
 return spapr_get_vcpu_id(cpu) % spapr->vsmt == 0;
 }
 
@@ -177,6 +179,7 @@ static void pre_2_10_vmstate_unregister_dummy_icp(int i)
 
 static int xics_max_server_number(sPAPRMachineState *spapr)
 {
+assert(spapr->vsmt);
 return DIV_ROUND_UP(max_cpus * spapr->vsmt, smp_threads);
 }
 
@@ -2220,73 +2223,6 @@ static CPUArchId *spapr_find_cpu_slot(MachineState *ms, 
uint32_t id, int *idx)
 return >possible_cpus->cpus[index];
 }
 
-static void spapr_init_cpus(sPAPRMachineState *spapr)
-{
-MachineState *machine = MACHINE(spapr);
-MachineClass *mc = MACHINE_GET_CLASS(machine);
-sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
-const char *type = spapr_get_cpu_core_type(machine->cpu_type);
-const CPUArchIdList *possible_cpus;
-int boot_cores_nr = smp_cpus / smp_threads;
-int i;
-
-possible_cpus = mc->possible_cpu_arch_ids(machine);
-if (mc->has_hotpluggable_cpus) {
-if (smp_cpus % smp_threads) {
-error_report("smp_cpus (%u) must be multiple of threads (%u)",
- smp_cpus, smp_threads);
-exit(1);
-}
-if (max_cpus % smp_threads) {
-error_report("max_cpus (%u) must be multiple of threads (%u)",
- max_cpus, smp_threads);
-exit(1);
-}
-} else {
-if (max_cpus != smp_cpus) {
-error_report("This machine version does not support CPU hotplug");
-exit(1);
-}
-boot_cores_nr = possible_cpus->len;
-}
-
-if (smc->pre_2_10_has_unused_icps) {
-int i;
-
-for (i = 0; i < xics_max_server_number(spapr); i++) {
-/* Dummy entries get deregistered when real ICPState objects
- * are registered during CPU core hotplug.
- */
-pre_2_10_vmstate_register_dummy_icp(i);
-}
-}
-
-for (i = 0; i < possible_cpus->len; i++) {
-int core_id = i * smp_threads;
-
-if (mc->has_hotpluggable_cpus) {
-spapr_dr_connector_new(OBJECT(spapr), TYPE_SPAPR_DRC_CPU,
-   spapr_vcpu_id(spapr, core_id));
-}
-
-if (i < boot_cores_nr) {
-Object *core  = object_new(type);
-int nr_threads = smp_threads;
-
-/* Handle the partially filled core for older machine types */
-if ((i + 1) * smp_threads >= smp_cpus) {
-nr_threads = smp_cpus - i * smp_threads;
-}
-
-object_property_set_int(core, nr_threads, "nr-threads",
-_fatal);
-object_property_set_int(core, core_id, CPU_CORE_PROP_CORE_ID,
-_fatal);
-object_property_set_bool(core, true, "realized", _fatal);
-}
-}
-}
-
 static void spapr_set_vsmt_mode(sPAPRMachineState *spapr, Error **errp)
 {
 Error *local_err = NULL;
@@ -2359,6 +2295,78 @@ out:
 error_propagate(errp, local_err);
 }
 
+static void spapr_init_cpus(sPAPRMachineState *spapr)
+{
+MachineState *machine = MACHINE(spapr);
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
+const char *type = spapr_get_cpu_core_type(machine->cpu_type);
+const CPUArchIdList *possible_cpus;
+int boot_cores_nr = smp_cpus / smp_threads;
+int i;
+
+possible_cpus = mc->possible_cpu_arch_ids(machine);
+if (mc->has_hotpluggable_cpus) {
+if (smp_cpus % smp_threads) {
+error_report("smp_cpus (%u) must be multiple of threads (%u)",
+ smp_cpus, smp_threads);
+

[Qemu-devel] [PULL 12/24] mac_oldworld: use object link to pass heathrow PIC object to macio

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Also switch macio_oldworld_realize() over to use it rather than using the 
pic_mem
memory region directly.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 14 ++
 hw/ppc/mac_oldworld.c |  8 +---
 include/hw/misc/macio/macio.h |  2 ++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 4e502ede2e..d4c1d190c4 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -31,6 +31,7 @@
 #include "hw/ppc/mac_dbdma.h"
 #include "hw/char/escc.h"
 #include "hw/misc/macio/macio.h"
+#include "hw/intc/heathrow_pic.h"
 
 /*
  * The mac-io has two interfaces to the ESCC. One is called "escc-legacy",
@@ -167,10 +168,10 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 sysbus_mmio_get_region(sysbus_dev, 0));
 pmac_format_nvram_partition(>nvram, os->nvram.size);
 
-if (s->pic_mem) {
-/* Heathrow PIC */
-memory_region_add_subregion(>bar, 0x0, s->pic_mem);
-}
+/* Heathrow PIC */
+sysbus_dev = SYS_BUS_DEVICE(os->pic);
+memory_region_add_subregion(>bar, 0x0,
+sysbus_mmio_get_region(sysbus_dev, 0));
 
 /* IDE buses */
 for (i = 0; i < ARRAY_SIZE(os->ide); i++) {
@@ -208,6 +209,11 @@ static void macio_oldworld_init(Object *obj)
 
 qdev_init_gpio_out(DEVICE(obj), os->irqs, ARRAY_SIZE(os->irqs));
 
+object_property_add_link(obj, "pic", TYPE_HEATHROW,
+ (Object **) >pic,
+ qdev_prop_allow_set_link_before_realize,
+ 0, NULL);
+
 object_initialize(>nvram, sizeof(os->nvram), TYPE_MACIO_NVRAM);
 dev = DEVICE(>nvram);
 qdev_prop_set_uint32(dev, "size", 0x2000);
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 5903ff47d3..3ac5b19073 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -93,7 +93,7 @@ static void ppc_heathrow_init(MachineState *machine)
 uint32_t kernel_base, initrd_base, cmdline_base = 0;
 int32_t kernel_size, initrd_size;
 PCIBus *pci_bus;
-PCIDevice *macio;
+OldWorldMacIOState *macio;
 MACIOIDEState *macio_ide;
 DeviceState *dev, *pic_dev;
 SysBusDevice *sbd;
@@ -271,7 +271,7 @@ static void ppc_heathrow_init(MachineState *machine)
 ide_drive_get(hd, ARRAY_SIZE(hd));
 
 /* MacIO */
-macio = pci_create(pci_bus, -1, TYPE_OLDWORLD_MACIO);
+macio = OLDWORLD_MACIO(pci_create(pci_bus, -1, TYPE_OLDWORLD_MACIO));
 dev = DEVICE(macio);
 qdev_connect_gpio_out(dev, 0, pic[0x12]); /* CUDA */
 qdev_connect_gpio_out(dev, 1, pic[0x10]); /* ESCC-B */
@@ -281,8 +281,10 @@ static void ppc_heathrow_init(MachineState *machine)
 qdev_connect_gpio_out(dev, 5, pic[0x0E]); /* IDE-1 */
 qdev_connect_gpio_out(dev, 6, pic[0x03]); /* IDE-1 DMA */
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
+object_property_set_link(OBJECT(macio), OBJECT(pic_dev), "pic",
+ _abort);
 sbd = SYS_BUS_DEVICE(pic_dev);
-macio_init(macio, sysbus_mmio_get_region(sbd, 0));
+macio_init(PCI_DEVICE(macio), sysbus_mmio_get_region(sbd, 0));
 
 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
 "ide[0]"));
diff --git a/include/hw/misc/macio/macio.h b/include/hw/misc/macio/macio.h
index e1e249f898..843c114c07 100644
--- a/include/hw/misc/macio/macio.h
+++ b/include/hw/misc/macio/macio.h
@@ -26,6 +26,7 @@
 #ifndef MACIO_H
 #define MACIO_H
 
+#include "hw/intc/heathrow_pic.h"
 #include "hw/misc/macio/cuda.h"
 #include "hw/ppc/mac_dbdma.h"
 
@@ -54,6 +55,7 @@ typedef struct OldWorldMacIOState {
 MacIOState parent_obj;
 /*< public >*/
 
+HeathrowState *pic;
 qemu_irq irqs[7];
 
 MacIONVRAMState nvram;
-- 
2.14.3

[Qemu-devel] [PULL 20/24] ppc/spapr-caps: Convert cap-cfpc to custom spapr-cap

2018-03-01 Thread David Gibson 
From: Suraj Jitindar Singh 

Convert cap-cfpc (cache flush on privilege change) to a custom spapr-cap
type.

Signed-off-by: Suraj Jitindar Singh 
[dwg: Don't explicitly list "?"/help option, trusting convention]
[dwg: Strip no-longer-necessary ATTRIBUTE_UNUSED back off]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_caps.c | 27 +--
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 3d8b796df9..4a93a3b4de 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -149,9 +149,8 @@ out:
 g_free(val);
 }
 
-static void ATTRIBUTE_UNUSED spapr_cap_get_string(Object *obj, Visitor *v,
-  const char *name,
-  void *opaque, Error **errp)
+static void  spapr_cap_get_string(Object *obj, Visitor *v, const char *name,
+  void *opaque, Error **errp)
 {
 sPAPRCapabilityInfo *cap = opaque;
 sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
@@ -169,9 +168,8 @@ static void ATTRIBUTE_UNUSED spapr_cap_get_string(Object 
*obj, Visitor *v,
 g_free(val);
 }
 
-static void ATTRIBUTE_UNUSED spapr_cap_set_string(Object *obj, Visitor *v,
-  const char *name,
-  void *opaque, Error **errp)
+static void spapr_cap_set_string(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
 {
 sPAPRCapabilityInfo *cap = opaque;
 sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
@@ -250,14 +248,22 @@ static void cap_dfp_apply(sPAPRMachineState *spapr, 
uint8_t val, Error **errp)
 }
 }
 
+sPAPRCapPossible cap_cfpc_possible = {
+.num = 3,
+.vals = {"broken", "workaround", "fixed"},
+.help = "broken - no protection, workaround - workaround available, fixed 
- fixed in hardware",
+};
+
 static void cap_safe_cache_apply(sPAPRMachineState *spapr, uint8_t val,
  Error **errp)
 {
+uint8_t kvm_val =  kvmppc_get_cap_safe_cache();
+
 if (tcg_enabled() && val) {
 /* TODO - for now only allow broken for TCG */
 error_setg(errp, "Requested safe cache capability level not supported 
by tcg, try a different value for cap-cfpc");
-} else if (kvm_enabled() && (val > kvmppc_get_cap_safe_cache())) {
-error_setg(errp, "Requested safe cache capability level not supported 
by kvm, try a different value for cap-cfpc");
+} else if (kvm_enabled() && (val > kvm_val)) {
+error_setg(errp, "Requested safe cache capability level not supported 
by kvm, try cap-cfpc=%s", cap_cfpc_possible.vals[kvm_val]);
 }
 }
 
@@ -319,9 +325,10 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {
 .name = "cfpc",
 .description = "Cache Flush on Privilege Change" VALUE_DESC_TRISTATE,
 .index = SPAPR_CAP_CFPC,
-.get = spapr_cap_get_tristate,
-.set = spapr_cap_set_tristate,
+.get = spapr_cap_get_string,
+.set = spapr_cap_set_string,
 .type = "string",
+.possible = _cfpc_possible,
 .apply = cap_safe_cache_apply,
 },
 [SPAPR_CAP_SBBC] = {
-- 
2.14.3

[Qemu-devel] [PULL 16/24] macio: move setting of CUDA timebase frequency to macio_common_realize()

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

This removes the last of the functionality from macio_init() in preparation
for its subsequent removal.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index e5288f1084..f71ed61819 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -101,6 +101,8 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
 memory_region_add_subregion(>bar, 0x08000,
 sysbus_mmio_get_region(sysbus_dev, 0));
 
+qdev_prop_set_uint64(DEVICE(>cuda), "timebase-frequency",
+ s->frequency);
 object_property_set_bool(OBJECT(>cuda), true, "realized", );
 if (err) {
 error_propagate(errp, err);
@@ -444,12 +446,7 @@ type_init(macio_register_types)
 void macio_init(PCIDevice *d,
 MemoryRegion *pic_mem)
 {
-MacIOState *macio_state = MACIO(d);
-
 /* Note: this code is strongly inspirated from the corresponding code
in PearPC */
-qdev_prop_set_uint64(DEVICE(_state->cuda), "timebase-frequency",
- macio_state->frequency);
-
 qdev_init_nofail(DEVICE(d));
 }
-- 
2.14.3

[Qemu-devel] [PULL 09/24] heathrow: convert to trace-events

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 hw/intc/heathrow_pic.c | 32 +++-
 hw/intc/trace-events   |  5 +
 2 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
index 7bf44e0d86..5fd2b33a12 100644
--- a/hw/intc/heathrow_pic.c
+++ b/hw/intc/heathrow_pic.c
@@ -26,16 +26,7 @@
 #include "hw/hw.h"
 #include "hw/ppc/mac.h"
 #include "hw/intc/heathrow_pic.h"
-
-/* debug PIC */
-//#define DEBUG_PIC
-
-#ifdef DEBUG_PIC
-#define PIC_DPRINTF(fmt, ...)   \
-do { printf("PIC: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define PIC_DPRINTF(fmt, ...)
-#endif
+#include "trace.h"
 
 static inline int heathrow_check_irq(HeathrowPICState *pic)
 {
@@ -61,7 +52,7 @@ static void heathrow_write(void *opaque, hwaddr addr,
 unsigned int n;
 
 n = ((addr & 0xfff) - 0x10) >> 4;
-PIC_DPRINTF("writel: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
+trace_heathrow_write(addr, n, value);
 if (n >= 2)
 return;
 pic = >pics[n];
@@ -109,7 +100,7 @@ static uint64_t heathrow_read(void *opaque, hwaddr addr,
 break;
 }
 }
-PIC_DPRINTF("readl: " TARGET_FMT_plx " %u: %08x\n", addr, n, value);
+trace_heathrow_read(addr, n, value);
 return value;
 }
 
@@ -124,24 +115,23 @@ static void heathrow_set_irq(void *opaque, int num, int 
level)
 HeathrowState *s = opaque;
 HeathrowPICState *pic;
 unsigned int irq_bit;
+int last_level;
 
-#if defined(DEBUG)
-{
-static int last_level[64];
-if (last_level[num] != level) {
-PIC_DPRINTF("set_irq: num=0x%02x level=%d\n", num, level);
-last_level[num] = level;
-}
-}
-#endif
 pic = >pics[1 - (num >> 5)];
 irq_bit = 1 << (num & 0x1f);
+last_level = (pic->levels & irq_bit) ? 1 : 0;
+
 if (level) {
 pic->events |= irq_bit & ~pic->level_triggered;
 pic->levels |= irq_bit;
 } else {
 pic->levels &= ~irq_bit;
 }
+
+if (last_level != level) {
+trace_heathrow_set_irq(num, level);
+}
+
 heathrow_update_irq(s);
 }
 
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
index 4092d2825e..55e8c2570c 100644
--- a/hw/intc/trace-events
+++ b/hw/intc/trace-events
@@ -186,3 +186,8 @@ nvic_complete_irq(int irq, bool secure) "NVIC complete IRQ 
%d (secure %d)"
 nvic_set_irq_level(int irq, int level) "NVIC external irq %d level set to %d"
 nvic_sysreg_read(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg 
read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
 nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg 
write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
+
+# hw/intc/heathrow_pic.c
+heathrow_write(uint64_t addr, unsigned int n, uint64_t value) "0x%"PRIx64" %u: 
0x%"PRIx64
+heathrow_read(uint64_t addr, unsigned int n, uint64_t value) "0x%"PRIx64" %u: 
0x%"PRIx64
+heathrow_set_irq(int num, int level) "set_irq: num=0x%02x level=%d"
-- 
2.14.3

[Qemu-devel] [PULL 10/24] heathrow: change heathrow_pic_init() to return the heathrow device

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

This enables the device to be made available during the setup of the Old World
machine. In order to pass back the previous set of IRQs we temporarily introduce
a new pic_irqs parameter until it can be removed.

An additional benefit of this change is that it is also possible to remove the
pic_mem pointer used for macio by accessing the memory region via sysbus.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 hw/intc/heathrow_pic.c | 10 ++
 hw/ppc/mac.h   |  4 ++--
 hw/ppc/mac_oldworld.c  |  9 +
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
index 5fd2b33a12..393fdd7326 100644
--- a/hw/intc/heathrow_pic.c
+++ b/hw/intc/heathrow_pic.c
@@ -170,13 +170,15 @@ static void heathrow_reset(DeviceState *d)
 static void heathrow_init(Object *obj)
 {
 HeathrowState *s = HEATHROW(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 
 memory_region_init_io(>mem, OBJECT(s), _ops, s,
   "heathrow-pic", 0x1000);
+sysbus_init_mmio(sbd, >mem);
 }
 
-qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
-int nb_cpus, qemu_irq **irqs)
+DeviceState *heathrow_pic_init(int nb_cpus, qemu_irq **irqs,
+   qemu_irq **pic_irqs)
 {
 DeviceState *d;
 HeathrowState *s;
@@ -188,9 +190,9 @@ qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
 /* only 1 CPU */
 s->irqs = irqs[0];
 
-*pmem = >mem;
+*pic_irqs = qemu_allocate_irqs(heathrow_set_irq, s, HEATHROW_NUM_IRQS);
 
-return qemu_allocate_irqs(heathrow_set_irq, s, HEATHROW_NUM_IRQS);
+return d;
 }
 
 static void heathrow_class_init(ObjectClass *oc, void *data)
diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 261b519aa5..5b5fffdff3 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -79,8 +79,8 @@ void macio_init(PCIDevice *dev,
 MemoryRegion *pic_mem);
 
 /* Heathrow PIC */
-qemu_irq *heathrow_pic_init(MemoryRegion **pmem,
-int nb_cpus, qemu_irq **irqs);
+DeviceState *heathrow_pic_init(int nb_cpus, qemu_irq **irqs,
+   qemu_irq **pic_irqs);
 
 /* Grackle PCI */
 #define TYPE_GRACKLE_PCI_HOST_BRIDGE "grackle-pcihost"
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 4401ce5af2..06a61220cb 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -94,11 +94,11 @@ static void ppc_heathrow_init(MachineState *machine)
 PCIBus *pci_bus;
 PCIDevice *macio;
 MACIOIDEState *macio_ide;
-DeviceState *dev;
+DeviceState *dev, *pic_dev;
+SysBusDevice *sbd;
 BusState *adb_bus;
 int bios_size, ndrv_size;
 uint8_t *ndrv_file;
-MemoryRegion *pic_mem;
 uint16_t ppc_boot_device;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 void *fw_cfg;
@@ -257,7 +257,7 @@ static void ppc_heathrow_init(MachineState *machine)
 error_report("Only 6xx bus is supported on heathrow machine");
 exit(1);
 }
-pic = heathrow_pic_init(_mem, 1, heathrow_irqs);
+pic_dev = heathrow_pic_init(1, heathrow_irqs, );
 pci_bus = pci_grackle_init(0xfec0, pic,
get_system_memory(),
get_system_io());
@@ -280,7 +280,8 @@ static void ppc_heathrow_init(MachineState *machine)
 qdev_connect_gpio_out(dev, 5, pic[0x0E]); /* IDE-1 */
 qdev_connect_gpio_out(dev, 6, pic[0x03]); /* IDE-1 DMA */
 qdev_prop_set_uint64(dev, "frequency", tbfreq);
-macio_init(macio, pic_mem);
+sbd = SYS_BUS_DEVICE(pic_dev);
+macio_init(macio, sysbus_mmio_get_region(sbd, 0));
 
 macio_ide = MACIO_IDE(object_resolve_path_component(OBJECT(macio),
 "ide[0]"));
-- 
2.14.3

[Qemu-devel] [PULL 13/24] openpic: move KVM-specific declarations into separate openpic_kvm.h file

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

This is needed before the next patch because the target-dependent kvm stub
uses the existing kvm_openpic_connect_vcpu() declaration, making it impossible
to move the device-specific declarations into the same file without breaking
ppc-linux-user compilation.

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 hw/intc/openpic_kvm.c| 1 +
 hw/ppc/e500.c| 1 +
 include/hw/ppc/openpic.h | 3 ---
 include/hw/ppc/openpic_kvm.h | 7 +++
 target/ppc/kvm-stub.c| 2 +-
 5 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 include/hw/ppc/openpic_kvm.h

diff --git a/hw/intc/openpic_kvm.c b/hw/intc/openpic_kvm.c
index fa83420254..f1a59e5a85 100644
--- a/hw/intc/openpic_kvm.c
+++ b/hw/intc/openpic_kvm.c
@@ -30,6 +30,7 @@
 #include "exec/address-spaces.h"
 #include "hw/hw.h"
 #include "hw/ppc/openpic.h"
+#include "hw/ppc/openpic_kvm.h"
 #include "hw/pci/msi.h"
 #include "hw/sysbus.h"
 #include "sysemu/kvm.h"
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index a40d3ec3e3..13a34f50b7 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -29,6 +29,7 @@
 #include "kvm_ppc.h"
 #include "sysemu/device_tree.h"
 #include "hw/ppc/openpic.h"
+#include "hw/ppc/openpic_kvm.h"
 #include "hw/ppc/ppc.h"
 #include "hw/loader.h"
 #include "elf.h"
diff --git a/include/hw/ppc/openpic.h b/include/hw/ppc/openpic.h
index e55ce546aa..693e981965 100644
--- a/include/hw/ppc/openpic.h
+++ b/include/hw/ppc/openpic.h
@@ -28,7 +28,4 @@ enum {
 #define OPENPIC_MAX_IRQ (OPENPIC_MAX_SRC + OPENPIC_MAX_IPI + \
  OPENPIC_MAX_TMR)
 
-#define TYPE_KVM_OPENPIC "kvm-openpic"
-int kvm_openpic_connect_vcpu(DeviceState *d, CPUState *cs);
-
 #endif /* OPENPIC_H */
diff --git a/include/hw/ppc/openpic_kvm.h b/include/hw/ppc/openpic_kvm.h
new file mode 100644
index 00..9ef4215257
--- /dev/null
+++ b/include/hw/ppc/openpic_kvm.h
@@ -0,0 +1,7 @@
+#ifndef OPENPIC_KVM_H
+#define OPENPIC_KVM_H
+
+#define TYPE_KVM_OPENPIC "kvm-openpic"
+int kvm_openpic_connect_vcpu(DeviceState *d, CPUState *cs);
+
+#endif /* OPENPIC_KVM_H */
diff --git a/target/ppc/kvm-stub.c b/target/ppc/kvm-stub.c
index efeafca1df..b8aa97f2d4 100644
--- a/target/ppc/kvm-stub.c
+++ b/target/ppc/kvm-stub.c
@@ -12,7 +12,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "cpu.h"
-#include "hw/ppc/openpic.h"
+#include "hw/ppc/openpic_kvm.h"
 
 int kvm_openpic_connect_vcpu(DeviceState *d, CPUState *cs)
 {
-- 
2.14.3

[Qemu-devel] [PULL 06/24] macio: embed DBDMA device directly within macio

2018-03-01 Thread David Gibson 
From: Mark Cave-Ayland 

The current recommendation is to embed subdevices directly within their 
container
device, so do this for the DBDMA device.

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: David Gibson 
---
 hw/misc/macio/macio.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 024f8557ab..7174135c8b 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -42,7 +42,7 @@ typedef struct MacIOState
 
 MemoryRegion bar;
 CUDAState cuda;
-DBDMAState *dbdma;
+DBDMAState dbdma;
 MemoryRegion *pic_mem;
 MemoryRegion *escc_mem;
 uint64_t frequency;
@@ -129,12 +129,12 @@ static void macio_common_realize(PCIDevice *d, Error 
**errp)
 SysBusDevice *sysbus_dev;
 Error *err = NULL;
 
-object_property_set_bool(OBJECT(s->dbdma), true, "realized", );
+object_property_set_bool(OBJECT(>dbdma), true, "realized", );
 if (err) {
 error_propagate(errp, err);
 return;
 }
-sysbus_dev = SYS_BUS_DEVICE(s->dbdma);
+sysbus_dev = SYS_BUS_DEVICE(>dbdma);
 memory_region_add_subregion(>bar, 0x08000,
 sysbus_mmio_get_region(sysbus_dev, 0));
 
@@ -161,7 +161,7 @@ static void macio_realize_ide(MacIOState *s, MACIOIDEState 
*ide,
 sysbus_connect_irq(sysbus_dev, 0, irq0);
 sysbus_connect_irq(sysbus_dev, 1, irq1);
 qdev_prop_set_uint32(DEVICE(ide), "channel", dmaid);
-object_property_set_link(OBJECT(ide), OBJECT(s->dbdma), "dbdma", errp);
+object_property_set_link(OBJECT(ide), OBJECT(>dbdma), "dbdma", errp);
 macio_ide_register_dma(ide);
 
 object_property_set_bool(OBJECT(ide), true, "realized", errp);
@@ -344,8 +344,9 @@ static void macio_instance_init(Object *obj)
 qdev_set_parent_bus(DEVICE(>cuda), sysbus_get_default());
 object_property_add_child(obj, "cuda", OBJECT(>cuda), NULL);
 
-s->dbdma = MAC_DBDMA(object_new(TYPE_MAC_DBDMA));
-object_property_add_child(obj, "dbdma", OBJECT(s->dbdma), NULL);
+object_initialize(>dbdma, sizeof(s->dbdma), TYPE_MAC_DBDMA);
+qdev_set_parent_bus(DEVICE(>dbdma), sysbus_get_default());
+object_property_add_child(obj, "dbdma", OBJECT(>dbdma), NULL);
 }
 
 static const VMStateDescription vmstate_macio_oldworld = {
-- 
2.14.3

[Qemu-devel] [PULL 04/24] spapr: register dummy ICPs later

2018-03-01 Thread David Gibson 
From: Greg Kurz 

Some older machine types create more ICPs than needed. We hence
need to register up to xics_max_server_number() dummy ICPs to
accomodate the migration of these machine types.

Recent VSMT rework changed xics_max_server_number() to return

DIV_ROUND_UP(max_cpus * spapr->vsmt, smp_threads)

instead of

DIV_ROUND_UP(max_cpus * kvmppc_smt_threads(), smp_threads);

The change is okay but it requires spapr->vsmt to be set, which
isn't the case with the current code. This causes the formula to
return zero and we don't create dummy ICPs. This breaks migration
of older guests as reported here:

https://bugzilla.redhat.com/show_bug.cgi?id=1549087

The dummy ICP workaround doesn't really have a dependency on XICS
itself. But it does depend on proper VCPU id numbering and it must
be applied before creating vCPUs (ie, creating real ICPs). So this
patch moves the workaround to spapr_init_cpus(), which already
assumes VSMT to be set.

Fixes: 72194664c8a1 ("spapr: use spapr->vsmt to compute VCPU ids")
Reported-by: Lukas Doktor 
Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index d6fd0e666e..3f1c5c5133 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -183,7 +183,6 @@ static int xics_max_server_number(sPAPRMachineState *spapr)
 static void xics_system_init(MachineState *machine, int nr_irqs, Error **errp)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
-sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
 
 if (kvm_enabled()) {
 if (machine_kernel_irqchip_allowed(machine) &&
@@ -205,17 +204,6 @@ static void xics_system_init(MachineState *machine, int 
nr_irqs, Error **errp)
 return;
 }
 }
-
-if (smc->pre_2_10_has_unused_icps) {
-int i;
-
-for (i = 0; i < xics_max_server_number(spapr); i++) {
-/* Dummy entries get deregistered when real ICPState objects
- * are registered during CPU core hotplug.
- */
-pre_2_10_vmstate_register_dummy_icp(i);
-}
-}
 }
 
 static int spapr_fixup_cpu_smt_dt(void *fdt, int offset, PowerPCCPU *cpu,
@@ -2236,6 +2224,7 @@ static void spapr_init_cpus(sPAPRMachineState *spapr)
 {
 MachineState *machine = MACHINE(spapr);
 MachineClass *mc = MACHINE_GET_CLASS(machine);
+sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
 const char *type = spapr_get_cpu_core_type(machine->cpu_type);
 const CPUArchIdList *possible_cpus;
 int boot_cores_nr = smp_cpus / smp_threads;
@@ -2261,6 +2250,17 @@ static void spapr_init_cpus(sPAPRMachineState *spapr)
 boot_cores_nr = possible_cpus->len;
 }
 
+if (smc->pre_2_10_has_unused_icps) {
+int i;
+
+for (i = 0; i < xics_max_server_number(spapr); i++) {
+/* Dummy entries get deregistered when real ICPState objects
+ * are registered during CPU core hotplug.
+ */
+pre_2_10_vmstate_register_dummy_icp(i);
+}
+}
+
 for (i = 0; i < possible_cpus->len; i++) {
 int core_id = i * smp_threads;
 
-- 
2.14.3

[Qemu-devel] [PULL 00/24] ppc-for-2.12 queue 20180302

2018-03-01 Thread David Gibson 
The following changes since commit 0dc8ae5e8e693737dfe65ba02d0c6eccb58a9c67:

  Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180301-v2' into 
staging (2018-03-01 17:08:16 +)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.12-20180302

for you to fetch changes up to 57ae75b2e401f1d04f37a8cd26212eb3134c51a6:

  hw/ppc/spapr,e500: Use new property "stdout-path" for boot console 
(2018-03-02 12:24:44 +1100)


ppc patch queue 2018-03-02

Here's the next batch of accumulated spapr and ppc patches.
Highlights are:
* New Sam460ex machine type
* Yet more fixes related to vcpu id allocation for spapr
* Numerous macio cleanupsr
* Some enhancements to the Spectre/Meltdown fixes for pseries,
  allowing use of a better mitigation for indirect branch based
  exploits
* New pseries machine types with Spectre/Meltdown mitigations
  enabled (stop gap until libvirt and management understands the
  machine options)
* A handful of other fixes


BALATON Zoltan (2):
  ppc440: Add emulation of plb-pcix controller found in some 440 SoCs
  ppc: Add aCube Sam460ex board

Greg Kurz (3):
  spapr: fix missing CPU core nodes in DT when running with TCG
  spapr: register dummy ICPs later
  spapr: harden code that depends on VSMT

Mark Cave-Ayland (12):
  macio: embed DBDMA device directly within macio
  macio: move ESCC device within the macio device
  heathrow: QOMify heathrow PIC
  heathrow: convert to trace-events
  heathrow: change heathrow_pic_init() to return the heathrow device
  macio: move macio related structures and defines into separate macio.h 
file
  mac_oldworld: use object link to pass heathrow PIC object to macio
  openpic: move KVM-specific declarations into separate openpic_kvm.h file
  openpic: move OpenPIC state and related definitions to openpic.h
  mac_newworld: use object link to pass OpenPIC object to macio
  macio: move setting of CUDA timebase frequency to macio_common_realize()
  macio: remove macio_init() function

Nikunj A Dadhania (1):
  hw/ppc/spapr,e500: Use new property "stdout-path" for boot console

Suraj Jitindar Singh (6):
  target/ppc: Check mask when setting cap_ppc_safe_indirect_branch
  ppc/spapr-caps: Add support for custom spapr_capabilities
  ppc/spapr-caps: Convert cap-cfpc to custom spapr-cap
  ppc/spapr-caps: Convert cap-sbbc to custom spapr-cap
  ppc/spapr-caps: Convert cap-ibs to custom spapr-cap
  ppc/spapr-caps: Define the pseries-2.12-sxxm machine type

 Makefile   |   2 +-
 default-configs/ppc-softmmu.mak|   2 +
 default-configs/ppcemb-softmmu.mak |   1 +
 hw/intc/heathrow_pic.c | 166 +-
 hw/intc/openpic.c  | 157 --
 hw/intc/openpic_kvm.c  |   1 +
 hw/intc/trace-events   |   5 +
 hw/misc/macio/macio.c  | 150 +
 hw/ppc/Makefile.objs   |   3 +-
 hw/ppc/e500.c  |   8 +
 hw/ppc/mac.h   |  10 +-
 hw/ppc/mac_newworld.c  |  56 ++--
 hw/ppc/mac_oldworld.c  |  50 ++-
 hw/ppc/ppc440_pcix.c   | 528 
 hw/ppc/sam460ex.c  | 603 +
 hw/ppc/spapr.c | 176 ++-
 hw/ppc/spapr_caps.c| 132 +---
 hw/ppc/spapr_hcall.c   |   5 +-
 hw/ppc/trace-events|   8 +
 include/hw/intc/heathrow_pic.h |  49 +++
 include/hw/misc/macio/macio.h  |  79 +
 include/hw/ppc/openpic.h   | 160 +-
 include/hw/ppc/openpic_kvm.h   |   7 +
 include/hw/ppc/spapr.h |   5 +-
 pc-bios/canyonlands.dtb| Bin 0 -> 9779 bytes
 pc-bios/canyonlands.dts| 566 ++
 target/ppc/kvm-stub.c  |   2 +-
 target/ppc/kvm.c   |   6 +-
 tests/qom-test.c   |   7 +
 tests/test-hmp.c   |   3 +-
 30 files changed, 2423 insertions(+), 524 deletions(-)
 create mode 100644 hw/ppc/ppc440_pcix.c
 create mode 100644 hw/ppc/sam460ex.c
 create mode 100644 include/hw/intc/heathrow_pic.h
 create mode 100644 include/hw/misc/macio/macio.h
 create mode 100644 include/hw/ppc/openpic_kvm.h
 create mode 100644 pc-bios/canyonlands.dtb
 create mode 100644 pc-bios/canyonlands.dts

[Qemu-devel] [PULL 01/24] spapr: fix missing CPU core nodes in DT when running with TCG

2018-03-01 Thread David Gibson 
From: Greg Kurz 

Commit 5d0fb1508e2d "spapr: consolidate the VCPU id numbering logic
in a single place" introduced a helper to detect thread0 of a virtual
core based on its VCPU id. This is used to create CPU core nodes in
the DT, but it is broken in TCG.

$ qemu-system-ppc64 -nographic -accel tcg -machine dumpdtb=dtb.bin \
-smp cores=16,maxcpus=16,threads=1
$ dtc -f -O dts dtb.bin | grep POWER8
PowerPC,POWER8@0 {
PowerPC,POWER8@8 {

instead of the expected 16 cores that we get with KVM:

$ dtc -f -O dts dtb.bin | grep POWER8
PowerPC,POWER8@0 {
PowerPC,POWER8@8 {
PowerPC,POWER8@10 {
PowerPC,POWER8@18 {
PowerPC,POWER8@20 {
PowerPC,POWER8@28 {
PowerPC,POWER8@30 {
PowerPC,POWER8@38 {
PowerPC,POWER8@40 {
PowerPC,POWER8@48 {
PowerPC,POWER8@50 {
PowerPC,POWER8@58 {
PowerPC,POWER8@60 {
PowerPC,POWER8@68 {
PowerPC,POWER8@70 {
PowerPC,POWER8@78 {

This happens because spapr_get_vcpu_id() maps VCPU ids to
cs->cpu_index in TCG mode. This confuses the code in
spapr_is_thread0_in_vcore(), since it assumes thread0 VCPU
ids to have a spapr->vsmt spacing.

spapr_get_vcpu_id(cpu) % spapr->vsmt == 0

Actually, there's no real reason to expose cs->cpu_index instead
of the VCPU id, since we also generate it with TCG. Also we already
set it explicitly in spapr_set_vcpu_id(), so there's no real reason
either to call kvm_arch_vcpu_id() with KVM.

This patch unifies spapr_get_vcpu_id() to always return the computed
VCPU id both in TCG and KVM. This is one step forward towards KVM<->TCG
migration.

Fixes: 5d0fb1508e2d
Reported-by: Cédric Le Goater 
Signed-off-by: Greg Kurz 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 83c9d66dd5..d6fd0e666e 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -3810,13 +3810,7 @@ static void spapr_pic_print_info(InterruptStatsProvider 
*obj,
 
 int spapr_get_vcpu_id(PowerPCCPU *cpu)
 {
-CPUState *cs = CPU(cpu);
-
-if (kvm_enabled()) {
-return kvm_arch_vcpu_id(cs);
-} else {
-return cs->cpu_index;
-}
+return cpu->vcpu_id;
 }
 
 void spapr_set_vcpu_id(PowerPCCPU *cpu, int cpu_index, Error **errp)
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 10/15] qio: non-default context for async conn

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 03:48:44PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:33PM +0800, Peter Xu wrote:
> > We have worked on qio_task_run_in_thread() already.  Further, let
> > qio_channel_socket_connect_async() pass that context to it.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c  | 4 ++--
> >  include/io/channel-socket.h| 4 +++-
> >  io/channel-socket.c| 5 +++--
> >  migration/socket.c | 3 ++-
> >  tests/test-io-channel-socket.c | 2 +-
> >  5 files changed, 11 insertions(+), 7 deletions(-)
> 
> > diff --git a/include/io/channel-socket.h b/include/io/channel-socket.h
> > index 53801f6042..90f7227397 100644
> > --- a/include/io/channel-socket.h
> > +++ b/include/io/channel-socket.h
> > @@ -101,6 +101,7 @@ int qio_channel_socket_connect_sync(QIOChannelSocket 
> > *ioc,
> >   * @callback: the function to invoke on completion
> >   * @opaque: user data to pass to @callback
> >   * @destroy: the function to free @opaque
> > + * @context: the context to run the async task
> >   *
> >   * Attempt to connect to the address @addr. This method
> >   * will run in the background so the caller will regain
> > @@ -113,7 +114,8 @@ void qio_channel_socket_connect_async(QIOChannelSocket 
> > *ioc,
> >SocketAddress *addr,
> >QIOTaskFunc callback,
> >gpointer opaque,
> > -  GDestroyNotify destroy);
> > +  GDestroyNotify destroy,
> > +  GMainContext *context);
> 
> If you're going to add a GMainContext() to connect_async, then please
> also do it for listen_async and dgram_async at the same time, so we
> remain consistent in API design.

Sure.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 06/15] qio: store gsources for net listeners

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:12:57PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > Originally we were storing the GSources tag IDs.  That'll be not enough
> > if we are going to support non-default gcontext for QIO code.  Switch to
> > GSources without changing anything real.  Now we still always pass in
> > NULL, which means the default gcontext.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  include/io/net-listener.h | 21 ++--
> >  io/net-listener.c | 62 
> > +--
> >  2 files changed, 58 insertions(+), 25 deletions(-)
> > 
> > diff --git a/include/io/net-listener.h b/include/io/net-listener.h
> > index 56d6da7a76..566be283b3 100644
> > --- a/include/io/net-listener.h
> > +++ b/include/io/net-listener.h
> > @@ -53,7 +53,7 @@ struct QIONetListener {
> >  
> >  char *name;
> >  QIOChannelSocket **sioc;
> > -gulong *io_tag;
> > +GSource **io_source;
> >  size_t nsioc;
> >  
> >  bool connected;
> > @@ -120,17 +120,34 @@ void qio_net_listener_add(QIONetListener *listener,
> >QIOChannelSocket *sioc);
> >  
> >  /**
> > - * qio_net_listener_set_client_func:
> > + * qio_net_listener_set_client_func_full:
> >   * @listener: the network listener object
> >   * @func: the callback function
> >   * @data: opaque data to pass to @func
> >   * @notify: callback to free @data
> > + * @context: the context that the sources will be bound to
> 
> Please add a note like "if %NULL, the default context will be used".

Fixed this one too (and for both patches, I kept Dan's r-b).  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 08/15] chardev: allow telnet gsource to switch gcontext

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:16:53PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 16:46, Daniel P. Berrangé wrote:
> > On Thu, Mar 01, 2018 at 04:44:31PM +0800, Peter Xu wrote:
> >> It was originally created by qio_channel_add_watch() so it's always
> >> assigning the task to main context.  Now we use the new API called
> >> qio_channel_add_watch_source() so that we get the GSource handle rather
> >> than the tag ID.
> >>
> >> Meanwhile, caching the gsource in SocketChardev.telnet_source so that we
> >> can also do dynamic context switch when update read handlers.
> > I don't see why we would ever want to dynamically switch the
> > GMainContext in use while in middle of reading the telnet greeting.
> 
> Maybe because the remote client hangs in the middle of the telnet
> greeting?  The user of the Chardev can't know that the initial handshake
> hasn't been done yet.

Ah, this reminded me that I should better cache the
TCPChardevTelnetInit struct, otherwise when context changes we'll
possibly restart a telnet handshake.

Actually if only considering the monitor-OOB series (which is the only
one now who may change the context) it's not really necessary, since
the context will only be changed once when init monitors. But it's
easy to even achieve a higher goal to support real dynamic switch for
telnet connections.  So I think I'll try that in my next post.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v1 1/1] target/arm: Fix the A53 L2CTLR typo

2018-03-01 Thread Alistair Francis 
On Thu, Mar 1, 2018 at 4:20 PM, Alistair Francis
 wrote:
> The cortex A53 TRM specifices that bits 24 and 25 of the L2CTLR register
> specify the number of cores present and not the number of processors. We
> have correctly been reporting the number of cores, so just fix the
> comment to match the TRM.
>
> Signed-off-by: Alistair Francis 

Ah! This isn't actually what I want, I want something more like this (untested):

commit ce9d9795ebff42e1f742e7dc3786e52524807c65
Author: Alistair Francis 
Date:   Thu Mar 1 20:19:23 2018 -0800

target/arm: Report the number of cores in the cluster

Previously we assumed that we only has a single cluster, which meant we
could get away with reporting smp_cpus to the guest. There are cases
where we have two clusters (Xilinx's ZynqMP is a good example) so
reporting the number of smp_cpus is incorrect. Instead count the cores
in the cluster.

Signed-off-by: Alistair Francis 

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 9743bdc..e7b1f3c 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -42,8 +42,24 @@ static inline void unset_feature(CPUARMState *env,
int feature)
 #ifndef CONFIG_USER_ONLY
 static uint64_t a57_a53_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
 {
-/* Number of processors is in [25:24]; otherwise we RAZ */
-return (smp_cpus - 1) << 24;
+CPUState *cpu;
+CPUState *cpu_prev = NULL;
+int num_cores = 0;
+
+/* Figure out the number of cores in the cluster */
+for (cpu = first_cpu; cpu; cpu = CPU_NEXT(cpu)) {
+/* Only increase the core count if the CPU we are on is the same
+ * class as the caller and the previous cpu.
+ */
+if ((CPU_GET_CLASS(cpu) == CPU_GET_CLASS(cpu_prev)) &&
+(CPU_GET_CLASS(cpu) == CPU_GET_CLASS(CPU(env {
+num_cores++;
+}
+cpu_prev = cpu;
+}
+
+/* Number of cores is in [25:24]; otherwise we RAZ */
+return num_cores << 24;
 }
 #endif

I'll send a patch tomorrow after testing.

Alistair

> ---
>
>  target/arm/cpu64.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
> index 9743bdc8c3..aac1746efe 100644
> --- a/target/arm/cpu64.c
> +++ b/target/arm/cpu64.c
> @@ -42,7 +42,7 @@ static inline void unset_feature(CPUARMState *env, int 
> feature)
>  #ifndef CONFIG_USER_ONLY
>  static uint64_t a57_a53_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
>  {
> -/* Number of processors is in [25:24]; otherwise we RAZ */
> +/* Number of cores is in [25:24]; otherwise we RAZ */
>  return (smp_cpus - 1) << 24;
>  }
>  #endif
> --
> 2.14.1
>

Re: [Qemu-devel] [PATCH v2 07/15] qio/chardev: update net listener gcontext

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 03:43:31PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:30PM +0800, Peter Xu wrote:
> > TCP chardevs can be using QIO network listeners working in the
> > background when in listening mode.  However the network listeners are
> > always running in main context.  This can race with chardevs that are
> > running in non-main contexts.
> > 
> > To solve this, we need to re-setup the net listeners in
> > tcp_chr_update_read_handler() with the newly cached gcontext.
> > 
> > Since at it, generalize a tcp_chr_net_listener_setup() helper function
> > and clean up the old code a bit.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c | 32 ++--
> >  1 file changed, 26 insertions(+), 6 deletions(-)
> > 
> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > index 43a2cc2c1c..5cd20cc932 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > @@ -410,6 +410,19 @@ static void update_disconnected_filename(SocketChardev 
> > *s)
> >   s->is_listen, s->is_telnet);
> >  }
> >  
> > +/* Set enable=true to start net listeners, false to stop them. */
> > +static void tcp_chr_net_listener_setup(SocketChardev *s, bool enable)
> > +{
> > +Chardev *chr = CHARDEV(s);
> > +
> > +/* Net listeners' context will follow the Chardev's. */
> > +qio_net_listener_set_client_func_full(s->listener,
> > +  enable ? tcp_chr_accept : NULL,
> > +  enable ? chr : NULL,
> > +  NULL,
> > +  chr->gcontext);
> 
> I don't think this helper method is really a benefit. In fact I think
> it makes understanding the code harder, because when you see
> tcp_chr_net_listener_setup(s, true), you've no idea what 'true' means
> without going to finding the impl of tcp_chr_net_listener_setup().
> 
> Just leave the direct calls to qio_net_listener_set_client_func_full
> as they are IMHO.

Frankly speaking I was a bit confused when I started to read
chardev/qio codes with so many hooks, e.g., when I saw:

 qio_net_listener_set_client_func(s->listener, tcp_chr_accept,
  chr, NULL);

I totally have no idea on what happened.  I need to go deeper into the
net listener code to know that, hmm, it's setting up something to
accept connections!

If I can have something like:

tcp_chr_net_listener_setup(s, true);

It may be easier for me to understand that there's something either
registered for the listening ports, and I don't need to care about
which function will be called when accept happened.  Basically it
"hides" some logic inside, that's IMHO where functions/macros help.

(Here the naming of function is discussible for sure, along with how
 to define the parameters)

I think it may be a flavor issue.  In that case, I'm always fine with
either way. I assume the previous cleanup patch 5 is similarly a
flavor issue too, so I'll follow your final judgement on what you
would prefer.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 06/15] qio: store gsources for net listeners

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:12:57PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > Originally we were storing the GSources tag IDs.  That'll be not enough
> > if we are going to support non-default gcontext for QIO code.  Switch to
> > GSources without changing anything real.  Now we still always pass in
> > NULL, which means the default gcontext.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  include/io/net-listener.h | 21 ++--
> >  io/net-listener.c | 62 
> > +--
> >  2 files changed, 58 insertions(+), 25 deletions(-)
> > 
> > diff --git a/include/io/net-listener.h b/include/io/net-listener.h
> > index 56d6da7a76..566be283b3 100644
> > --- a/include/io/net-listener.h
> > +++ b/include/io/net-listener.h
> > @@ -53,7 +53,7 @@ struct QIONetListener {
> >  
> >  char *name;
> >  QIOChannelSocket **sioc;
> > -gulong *io_tag;
> > +GSource **io_source;
> >  size_t nsioc;
> >  
> >  bool connected;
> > @@ -120,17 +120,34 @@ void qio_net_listener_add(QIONetListener *listener,
> >QIOChannelSocket *sioc);
> >  
> >  /**
> > - * qio_net_listener_set_client_func:
> > + * qio_net_listener_set_client_func_full:
> >   * @listener: the network listener object
> >   * @func: the callback function
> >   * @data: opaque data to pass to @func
> >   * @notify: callback to free @data
> > + * @context: the context that the sources will be bound to
> 
> Please add a note like "if %NULL, the default context will be used".

Will do. Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH qemu v3 2/2] qmp: Add qom-list-properties to list QOM object properties

2018-03-01 Thread David Gibson 
On Fri, Mar 02, 2018 at 12:09:39AM +1100, Alexey Kardashevskiy wrote:
> There is already 'device-list-properties' which does most of the job,
> however it does not handle everything returned by qom-list-types such
> as machines as they inherit directly from TYPE_OBJECT and not TYPE_DEVICE.
> It does not handle abstract classes either.
> 
> This adds a new qom-list-properties command which prints properties
> of a specific class and its instance. It is pretty much a simplified copy
> of the device-list-properties handler.
> 
> Since it creates an object instance, device properties should appear
> in the output as they are copied to QOM properties at the instance_init
> hook.
> 
> This adds a object_class_property_iter_init() helper to allow class
> properties enumeration uses it in the new QMP command to allow properties
> listing for abstract classes.
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
> Changes:
> v3:
> * Used ObjectPropertyInfo instead of QOMPropertyInfo
> 
> v2:
> * added abstract classes support, now things like "pci-device" or
> "spapr-machine" show properties, previously these would produce
> an "abstract class" error
> 
> # Conflicts:
> # qapi-schema.json
> ---
>  qapi-schema.json | 15 +++
>  include/qom/object.h | 16 
>  qmp.c| 49 +
>  qom/object.c |  7 +++
>  4 files changed, 87 insertions(+)
> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 87327e5..32e836f 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -1442,6 +1442,21 @@
>'returns': [ 'ObjectPropertyInfo' ] }
>  
>  ##
> +# @qom-list-properties:
> +#
> +# List properties associated with a QOM object.
> +#
> +# @typename: the type name of an object
> +#
> +# Returns: a list of ObjectPropertyInfo describing object properties
> +#
> +# Since: 2.12
> +##
> +{ 'command': 'qom-list-properties',
> +  'data': { 'typename': 'str'},
> +  'returns': [ 'ObjectPropertyInfo' ] }
> +
> +##
>  # @xen-set-global-dirty-log:
>  #
>  # Enable or disable the global dirty log mode.
> diff --git a/include/qom/object.h b/include/qom/object.h
> index dc73d59..ef07d78 100644
> --- a/include/qom/object.h
> +++ b/include/qom/object.h
> @@ -1017,6 +1017,22 @@ void object_property_iter_init(ObjectPropertyIterator 
> *iter,
> Object *obj);
>  
>  /**
> + * object_class_property_iter_init:
> + * @klass: the class
> + *
> + * Initializes an iterator for traversing all properties
> + * registered against an object class and all parent classes.
> + *
> + * It is forbidden to modify the property list while iterating,
> + * whether removing or adding properties.
> + *
> + * This can be used on abstract classes as it does not create a temporary
> + * instance.
> + */
> +void object_class_property_iter_init(ObjectPropertyIterator *iter,
> + ObjectClass *klass);
> +
> +/**
>   * object_property_iter_next:
>   * @iter: the iterator instance
>   *
> diff --git a/qmp.c b/qmp.c
> index 8a74038..1f15f68 100644
> --- a/qmp.c
> +++ b/qmp.c
> @@ -576,6 +576,55 @@ ObjectPropertyInfoList *qmp_device_list_properties(const 
> char *typename,
>  return prop_list;
>  }
>  
> +ObjectPropertyInfoList *qmp_qom_list_properties(const char *typename,
> + Error **errp)
> +{
> +ObjectClass *klass;
> +Object *obj = NULL;
> +ObjectProperty *prop;
> +ObjectPropertyIterator iter;
> +ObjectPropertyInfoList *prop_list = NULL;
> +
> +klass = object_class_by_name(typename);
> +if (klass == NULL) {
> +error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> +  "Class '%s' not found", typename);
> +return NULL;
> +}
> +
> +klass = object_class_dynamic_cast(klass, TYPE_OBJECT);
> +if (klass == NULL) {
> +error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "typename", 
> TYPE_OBJECT);
> +return NULL;
> +}
> +
> +if (object_class_is_abstract(klass)) {
> +object_class_property_iter_init(, klass);

I remain a bit concerned about the subtle difference in behaviour
between abstract and non-abstract classes.

> +} else {
> +obj = object_new(typename);
> +object_property_iter_init(, obj);
> +}
> +while ((prop = object_property_iter_next())) {
> +ObjectPropertyInfo *info;
> +ObjectPropertyInfoList *entry;
> +
> +info = g_malloc0(sizeof(*info));
> +info->name = g_strdup(prop->name);
> +info->type = g_strdup(prop->type);
> +info->has_description = !!prop->description;
> +info->description = g_strdup(prop->description);
> +
> +entry = g_malloc0(sizeof(*entry));
> +entry->value = info;
> +entry->next = prop_list;
> +prop_list = entry;
> +}
> +
> +object_unref(obj);
> +
> +return prop_list;
> +}
> +
>  CpuDefinitionInfoList

Re: [Qemu-devel] [PATCH v2 05/15] qio: refactor net listener source operations

2018-03-01 Thread Peter Xu 
On Fri, Mar 02, 2018 at 11:58:52AM +0800, Peter Xu wrote:
> On Thu, Mar 01, 2018 at 10:47:17AM +, Daniel P. Berrangé wrote:
> > On Thu, Mar 01, 2018 at 04:44:28PM +0800, Peter Xu wrote:
> > > Three functions are abstracted from the old code:
> > > 
> > > - qio_net_listener_source_add(): create one source for listener
> > > - qio_net_listener_sources_clear(): unset existing net lister sources
> > > - qio_net_listener_sources_update(): setup all sources for listener
> > > 
> > > Use them where possible.
> > > 
> > > Signed-off-by: Peter Xu 
> > > ---
> > >  io/net-listener.c | 82 
> > > +++
> > >  1 file changed, 41 insertions(+), 41 deletions(-)
> > 
> > This patch can be dropped since nothing else in the series now
> > depends on it.
> 
> Do you think it's still acceptable even as a cleanup?  Thanks,

Ah, and patch 6 actually depends on it (currently).  For sure I can do
some rebase work to drop current one, but IMHO I would prefer to keep
both there.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 05/15] qio: refactor net listener source operations

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 10:47:17AM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:28PM +0800, Peter Xu wrote:
> > Three functions are abstracted from the old code:
> > 
> > - qio_net_listener_source_add(): create one source for listener
> > - qio_net_listener_sources_clear(): unset existing net lister sources
> > - qio_net_listener_sources_update(): setup all sources for listener
> > 
> > Use them where possible.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  io/net-listener.c | 82 
> > +++
> >  1 file changed, 41 insertions(+), 41 deletions(-)
> 
> This patch can be dropped since nothing else in the series now
> depends on it.

Do you think it's still acceptable even as a cleanup?  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

2018-03-01 Thread no-reply 
Hi,

This series failed docker-build@min-glib build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: cover.1519961667.git.jba...@akamai.com
Subject: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3217379edb virtio-net: add linkspeed and duplex settings to virtio-net
0ea4d1ef67 virtio-net: use 64-bit values for feature flags
c26ce713b3 rocker: drop local duplex definitions
53f813bd0d eth: add speed and duplex definitions

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-uny8rx9i/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   min-glib
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-uny8rx9i/src'
  GEN 
/var/tmp/patchew-tester-tmp-uny8rx9i/src/docker-src.2018-03-01-22.58.24.8310/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-uny8rx9i/src/docker-src.2018-03-01-22.58.24.8310/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-uny8rx9i/src/docker-src.2018-03-01-22.58.24.8310/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-uny8rx9i/src/docker-src.2018-03-01-22.58.24.8310/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-build in qemu:min-glib 
Environment variables:
HOSTNAME=d272bfb0fa1e
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1   -I$(SRC_PATH)/dtc/libfdt -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -fstack-protector-all -Wno-missing-braces
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
Multipath support no
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi support

Re: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

2018-03-01 Thread no-reply 
Hi,

This series failed docker-quick@centos6 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: cover.1519961667.git.jba...@akamai.com
Subject: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3217379edb virtio-net: add linkspeed and duplex settings to virtio-net
0ea4d1ef67 virtio-net: use 64-bit values for feature flags
c26ce713b3 rocker: drop local duplex definitions
53f813bd0d eth: add speed and duplex definitions

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-20w986r9/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-20w986r9/src'
  GEN 
/var/tmp/patchew-tester-tmp-20w986r9/src/docker-src.2018-03-01-22.56.39.1642/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-20w986r9/src/docker-src.2018-03-01-22.56.39.1642/qemu.tar.vroot'...
done.
Checking out files:  49% (2938/5904)   
Checking out files:  50% (2952/5904)   
Checking out files:  51% (3012/5904)   
Checking out files:  52% (3071/5904)   
Checking out files:  53% (3130/5904)   
Checking out files:  54% (3189/5904)   
Checking out files:  55% (3248/5904)   
Checking out files:  56% (3307/5904)   
Checking out files:  57% (3366/5904)   
Checking out files:  58% (3425/5904)   
Checking out files:  59% (3484/5904)   
Checking out files:  60% (3543/5904)   
Checking out files:  61% (3602/5904)   
Checking out files:  62% (3661/5904)   
Checking out files:  63% (3720/5904)   
Checking out files:  64% (3779/5904)   
Checking out files:  65% (3838/5904)   
Checking out files:  66% (3897/5904)   
Checking out files:  67% (3956/5904)   
Checking out files:  68% (4015/5904)   
Checking out files:  69% (4074/5904)   
Checking out files:  70% (4133/5904)   
Checking out files:  71% (4192/5904)   
Checking out files:  72% (4251/5904)   
Checking out files:  73% (4310/5904)   
Checking out files:  74% (4369/5904)   
Checking out files:  75% (4428/5904)   
Checking out files:  76% (4488/5904)   
Checking out files:  77% (4547/5904)   
Checking out files:  78% (4606/5904)   
Checking out files:  79% (4665/5904)   
Checking out files:  80% (4724/5904)   
Checking out files:  81% (4783/5904)   
Checking out files:  82% (4842/5904)   
Checking out files:  83% (4901/5904)   
Checking out files:  84% (4960/5904)   
Checking out files:  85% (5019/5904)   
Checking out files:  86% (5078/5904)   
Checking out files:  87% (5137/5904)   
Checking out files:  88% (5196/5904)   
Checking out files:  89% (5255/5904)   
Checking out files:  90% (5314/5904)   
Checking out files:  91% (5373/5904)   
Checking out files:  92% (5432/5904)   
Checking out files:  93% (5491/5904)   
Checking out files:  94% (5550/5904)   
Checking out files:  95% (5609/5904)   
Checking out files:  96% (5668/5904)   
Checking out files:  97% (5727/5904)   
Checking out files:  98% (5786/5904)   
Checking out files:  99% (5845/5904)   
Checking out files: 100% (5904/5904)   
Checking out files: 100% (5904/5904), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-20w986r9/src/docker-src.2018-03-01-22.56.39.1642/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-20w986r9/src/docker-src.2018-03-01-22.56.39.1642/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
gettext-0.17-18.el6.x86_64
git-1.7.1-9.el6_9.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.6-2.el6.x86_64

Re: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

2018-03-01 Thread no-reply 
Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: cover.1519961667.git.jba...@akamai.com
Subject: [Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3217379edb virtio-net: add linkspeed and duplex settings to virtio-net
0ea4d1ef67 virtio-net: use 64-bit values for feature flags
c26ce713b3 rocker: drop local duplex definitions
53f813bd0d eth: add speed and duplex definitions

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-n1qa1cy9/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-n1qa1cy9/src'
  GEN 
/var/tmp/patchew-tester-tmp-n1qa1cy9/src/docker-src.2018-03-01-22.54.29.28927/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-n1qa1cy9/src/docker-src.2018-03-01-22.54.29.28927/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-n1qa1cy9/src/docker-src.2018-03-01-22.54.29.28927/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-n1qa1cy9/src/docker-src.2018-03-01-22.54.29.28927/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
PyYAML-3.12-5.fc27.x86_64
SDL-devel-1.2.15-29.fc27.x86_64
bc-1.07.1-3.fc27.x86_64
bison-3.0.4-8.fc27.x86_64
bzip2-1.0.6-24.fc27.x86_64
ccache-3.3.5-1.fc27.x86_64
clang-5.0.1-1.fc27.x86_64
findutils-4.6.0-14.fc27.x86_64
flex-2.6.1-5.fc27.x86_64
gcc-7.3.1-2.fc27.x86_64
gcc-c++-7.3.1-2.fc27.x86_64
gettext-0.19.8.1-12.fc27.x86_64
git-2.14.3-2.fc27.x86_64
glib2-devel-2.54.3-2.fc27.x86_64
hostname-3.18-4.fc27.x86_64
libaio-devel-0.3.110-9.fc27.x86_64
libasan-7.3.1-2.fc27.x86_64
libfdt-devel-1.4.6-1.fc27.x86_64
libubsan-7.3.1-2.fc27.x86_64
make-4.2.1-4.fc27.x86_64
mingw32-SDL-1.2.15-9.fc27.noarch
mingw32-bzip2-1.0.6-9.fc27.noarch
mingw32-curl-7.54.1-2.fc27.noarch
mingw32-glib2-2.54.1-1.fc27.noarch
mingw32-gmp-6.1.2-2.fc27.noarch
mingw32-gnutls-3.5.13-2.fc27.noarch
mingw32-gtk2-2.24.31-4.fc27.noarch
mingw32-gtk3-3.22.16-1.fc27.noarch
mingw32-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw32-libpng-1.6.29-2.fc27.noarch
mingw32-libssh2-1.8.0-3.fc27.noarch
mingw32-libtasn1-4.13-1.fc27.noarch
mingw32-nettle-3.3-3.fc27.noarch
mingw32-pixman-0.34.0-3.fc27.noarch
mingw32-pkg-config-0.28-9.fc27.x86_64
mingw64-SDL-1.2.15-9.fc27.noarch
mingw64-bzip2-1.0.6-9.fc27.noarch
mingw64-curl-7.54.1-2.fc27.noarch
mingw64-glib2-2.54.1-1.fc27.noarch
mingw64-gmp-6.1.2-2.fc27.noarch
mingw64-gnutls-3.5.13-2.fc27.noarch
mingw64-gtk2-2.24.31-4.fc27.noarch
mingw64-gtk3-3.22.16-1.fc27.noarch
mingw64-libjpeg-turbo-1.5.1-3.fc27.noarch
mingw64-libpng-1.6.29-2.fc27.noarch
mingw64-libssh2-1.8.0-3.fc27.noarch
mingw64-libtasn1-4.13-1.fc27.noarch
mingw64-nettle-3.3-3.fc27.noarch
mingw64-pixman-0.34.0-3.fc27.noarch
mingw64-pkg-config-0.28-9.fc27.x86_64
nettle-devel-3.4-1.fc27.x86_64
perl-5.26.1-402.fc27.x86_64
pixman-devel-0.34.0-4.fc27.x86_64
python3-3.6.2-13.fc27.x86_64
sparse-0.5.1-2.fc27.x86_64
tar-1.29-7.fc27.x86_64
which-2.21-4.fc27.x86_64
zlib-devel-1.2.11-4.fc27.x86_64

Environment variables:
TARGET_LIST=
PACKAGES=ccache gettext git tar PyYAML sparse flex bison python3 bzip2 hostname 
glib2-devel pixman-devel zlib-devel SDL-devel libfdt-devel gcc gcc-c++ 
clang make perl which bc findutils libaio-devel nettle-devel libasan 
libubsan mingw32-pixman mingw32-glib2 mingw32-gmp mingw32-SDL 
mingw32-pkg-config mingw32-gtk2 mingw32-gtk3 mingw32-gnutls mingw32-nettle 
mingw32-libtasn1 mingw32-libjpeg-turbo mingw32-libpng mingw32-curl 
mingw32-libssh2 mingw32-bzip2 mingw64-pixman mingw64-glib2 mingw64-gmp 
mingw64-SDL mingw64-pkg-config mingw64-gtk2 mingw64-gtk3 mingw64-gnutls 
mingw64-nettle mingw64-libtasn1 mingw64-libjpeg-turbo mingw64-libpng 
mingw64-curl mingw64-libssh2 mingw64-bzip2
J=8
V=
HOSTNAME=dba2a8aad5b3
DEBUG=
SHOW_ENV=1
PWD=/
HOME=/root
CCACHE_DIR=/var/tmp/ccache
DISTTAG=f27container
QEMU_CONFIGURE_OPTS=--python=/usr/bin/python3
FGC=f27
TEST_DIR=/tmp/qemu-test
SHLVL=1
FEATURES=mingw clang pyyaml asan dtc

Re: [Qemu-devel] [PATCH v2 04/15] migration: let incoming side use thread context

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 04:03:44PM +, Daniel P. Berrangé wrote:
> On Thu, Mar 01, 2018 at 04:44:27PM +0800, Peter Xu wrote:
> > The old incoming migration is running in main thread and default
> > gcontext.  With the new qio_channel_add_watch_full() we can now let it
> > run in the thread's own gcontext (if there is one).
> > 
> > Currently this patch does nothing alone.  But when any of the incoming
> > migration is run in another iothread (e.g., the upcoming migrate-recover
> > command), this patch will bind the incoming logic to the iothread
> > instead of the main thread (which may already get page faulted and
> > hanged).
> > 
> > RDMA is not considered for now since it's not even using the QIO watch
> > framework at all.
> > 
> > CC: Juan Quintela 
> > CC: Dr. David Alan Gilbert 
> > CC: Laurent Vivier 
> > Signed-off-by: Peter Xu 
> > ---
> >  migration/exec.c   |  9 -
> >  migration/fd.c |  9 -
> >  migration/socket.c | 10 +-
> >  3 files changed, 13 insertions(+), 15 deletions(-)
> 
> This should probably just be in a separate series, since it does nothing
> on its own, and nothing following in this series touches migration at all.

It was trying to solve all problems related to QIO+context, and
migration is just one user of it.  But sure I can postpone this patch
to the postcopy recovery series.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 03/15] qio: introduce qio_channel_add_watch_{full|source}

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:13:06PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > + * qio_channel_add_watch_source:
> > + * @ioc: the channel object
> > + * @condition: the I/O condition to monitor
> > + * @func: callback to invoke when the source becomes ready
> > + * @user_data: opaque data to pass to @func
> > + * @notify: callback to free @user_data
> > + * @context: gcontext to bind the source to
> > + *
> > + * Similar as qio_channel_add_watch(), but allows to specify context
> > + * to run the watch source, meanwhile return the GSource object
> > + * instead of tag ID, with the GSource referenced already.
> > + *
> > + * Note: callers is responsible to unref the source when not needed.
> > + *
> > + * Returns: the source pointer
> > + */
> > +GSource *qio_channel_add_watch_source(QIOChannel *ioc,
> > +  GIOCondition condition,
> > +  QIOChannelFunc func,
> > +  gpointer user_data,
> > +  GDestroyNotify notify,
> > +  GMainContext *context);
> >  
> 
> Just a small thing, this is a bit inconsistent with the rest of the
> GSource API, where the g_source_attach is usually left to the caller
> when a function returns GSource *.
> 
> You might therefore name it instead qio_channel_create_watch, for
> consistency with g_io_{add,create}_watch, and remove the "context" argument.

Looks like there is already a qio_channel_create_watch() (io/channel.c).

How about qio_channel_create_watch_attached()?  Or... anything better?

Thanks,

-- 
Peter Xu

[Qemu-devel] [PATCH 3/4] virtio-net: use 64-bit values for feature flags

2018-03-01 Thread Jason Baron via Qemu-devel 
In prepartion for using some of the high order feature bits, make sure that
virtio-net uses 64-bit values everywhere.

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 hw/net/virtio-net.c| 55 +-
 include/hw/virtio/virtio-net.h |  2 +-
 2 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 369d40b..4feaa49 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -48,18 +48,18 @@
 (offsetof(container, field) + sizeof(((container *)0)->field))
 
 typedef struct VirtIOFeature {
-uint32_t flags;
+uint64_t flags;
 size_t end;
 } VirtIOFeature;
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 1 << VIRTIO_NET_F_MAC,
+{.flags = 1ULL << VIRTIO_NET_F_MAC,
  .end = endof(struct virtio_net_config, mac)},
-{.flags = 1 << VIRTIO_NET_F_STATUS,
+{.flags = 1ULL << VIRTIO_NET_F_STATUS,
  .end = endof(struct virtio_net_config, status)},
-{.flags = 1 << VIRTIO_NET_F_MQ,
+{.flags = 1ULL << VIRTIO_NET_F_MQ,
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
-{.flags = 1 << VIRTIO_NET_F_MTU,
+{.flags = 1ULL << VIRTIO_NET_F_MTU,
  .end = endof(struct virtio_net_config, mtu)},
 {}
 };
@@ -1938,7 +1938,7 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 int i;
 
 if (n->net_conf.mtu) {
-n->host_features |= (0x1 << VIRTIO_NET_F_MTU);
+n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
 }
 
 virtio_net_set_config_size(n, n->host_features);
@@ -2109,45 +2109,46 @@ static const VMStateDescription vmstate_virtio_net = {
 };
 
 static Property virtio_net_properties[] = {
-DEFINE_PROP_BIT("csum", VirtIONet, host_features, VIRTIO_NET_F_CSUM, true),
-DEFINE_PROP_BIT("guest_csum", VirtIONet, host_features,
+DEFINE_PROP_BIT64("csum", VirtIONet, host_features,
+VIRTIO_NET_F_CSUM, true),
+DEFINE_PROP_BIT64("guest_csum", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_CSUM, true),
-DEFINE_PROP_BIT("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
-DEFINE_PROP_BIT("guest_tso4", VirtIONet, host_features,
+DEFINE_PROP_BIT64("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
+DEFINE_PROP_BIT64("guest_tso4", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_TSO4, true),
-DEFINE_PROP_BIT("guest_tso6", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_tso6", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_TSO6, true),
-DEFINE_PROP_BIT("guest_ecn", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_ecn", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_ECN, true),
-DEFINE_PROP_BIT("guest_ufo", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_ufo", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_UFO, true),
-DEFINE_PROP_BIT("guest_announce", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_announce", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_ANNOUNCE, true),
-DEFINE_PROP_BIT("host_tso4", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_tso4", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_TSO4, true),
-DEFINE_PROP_BIT("host_tso6", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_tso6", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_TSO6, true),
-DEFINE_PROP_BIT("host_ecn", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_ecn", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_ECN, true),
-DEFINE_PROP_BIT("host_ufo", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_ufo", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_UFO, true),
-DEFINE_PROP_BIT("mrg_rxbuf", VirtIONet, host_features,
+DEFINE_PROP_BIT64("mrg_rxbuf", VirtIONet, host_features,
 VIRTIO_NET_F_MRG_RXBUF, true),
-DEFINE_PROP_BIT("status", VirtIONet, host_features,
+DEFINE_PROP_BIT64("status", VirtIONet, host_features,
 VIRTIO_NET_F_STATUS, true),
-DEFINE_PROP_BIT("ctrl_vq", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_vq", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_VQ, true),
-DEFINE_PROP_BIT("ctrl_rx", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_rx", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_RX, true),
-DEFINE_PROP_BIT("ctrl_vlan", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_vlan", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_VLAN, true),
-DEFINE_PROP_BIT("ctrl_rx_extra", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_rx_extra", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_RX_EXTRA, true),
-

[Qemu-devel] [PATCH 4/4] virtio-net: add linkspeed and duplex settings to virtio-net

2018-03-01 Thread Jason Baron via Qemu-devel 
Although linkspeed and duplex can be set in a linux guest via 'ethtool -s',
this requires custom ethtool commands for virtio-net by default.

Introduce a new feature flag, VIRTIO_NET_F_SPEED_DUPLEX, which allows
the hypervisor to export a linkspeed and duplex setting. The user can
subsequently overwrite it later if desired via: 'ethtool -s'.

Linkspeed and duplex settings can be set as:
'-device virtio-net,speed=1,duplex=full'

where speed is [0...INT_MAX], and duplex is ["half"|"full"].

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 hw/net/virtio-net.c| 26 ++
 include/hw/virtio/virtio-net.h |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 4feaa49..5df90ea 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -26,6 +26,7 @@
 #include "qapi-event.h"
 #include "hw/virtio/virtio-access.h"
 #include "migration/misc.h"
+#include "net/eth.h"
 
 #define VIRTIO_NET_VM_VERSION11
 
@@ -61,6 +62,8 @@ static VirtIOFeature feature_sizes[] = {
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
 {.flags = 1ULL << VIRTIO_NET_F_MTU,
  .end = endof(struct virtio_net_config, mtu)},
+{.flags = 1ULL << VIRTIO_NET_F_SPEED_DUPLEX,
+ .end = endof(struct virtio_net_config, duplex)},
 {}
 };
 
@@ -89,6 +92,8 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t 
*config)
 virtio_stw_p(vdev, _virtqueue_pairs, n->max_queues);
 virtio_stw_p(vdev, , n->net_conf.mtu);
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
+virtio_stl_p(vdev, , n->net_conf.speed);
+netcfg.duplex = n->net_conf.duplex;
 memcpy(config, , n->config_size);
 }
 
@@ -1941,6 +1946,25 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
 }
 
+if (n->net_conf.duplex_str) {
+if (strncmp(n->net_conf.duplex_str, "half", 5) == 0) {
+n->net_conf.duplex = DUPLEX_HALF;
+} else if (strncmp(n->net_conf.duplex_str, "full", 5) == 0) {
+n->net_conf.duplex = DUPLEX_FULL;
+} else {
+error_setg(errp, "'duplex' must be 'half' or 'full'");
+}
+n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
+} else {
+n->net_conf.duplex = DUPLEX_UNKNOWN;
+}
+
+if (n->net_conf.speed < SPEED_UNKNOWN) {
+error_setg(errp, "'speed' must be between 0 and INT_MAX");
+} else if (n->net_conf.speed >= 0) {
+n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
+}
+
 virtio_net_set_config_size(n, n->host_features);
 virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
 
@@ -2161,6 +2185,8 @@ static Property virtio_net_properties[] = {
 DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
 DEFINE_PROP_BOOL("x-mtu-bypass-backend", VirtIONet, mtu_bypass_backend,
  true),
+DEFINE_PROP_INT32("speed", VirtIONet, net_conf.speed, SPEED_UNKNOWN),
+DEFINE_PROP_STRING("duplex", VirtIONet, net_conf.duplex_str),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
index e7634c9..02484dc 100644
--- a/include/hw/virtio/virtio-net.h
+++ b/include/hw/virtio/virtio-net.h
@@ -38,6 +38,9 @@ typedef struct virtio_net_conf
 uint16_t rx_queue_size;
 uint16_t tx_queue_size;
 uint16_t mtu;
+int32_t speed;
+char *duplex_str;
+uint8_t duplex;
 } virtio_net_conf;
 
 /* Maximum packet size we can receive from tap device: header + 64k */
-- 
2.7.4

[Qemu-devel] [PATCH 2/4] rocker: drop local duplex definitions

2018-03-01 Thread Jason Baron via Qemu-devel 
Make use of duplex definitions from net/eth.h.

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: Jiri Pirko 
Cc: virtio-...@lists.oasis-open.org
---
 hw/net/rocker/rocker_fp.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c
index 4b3c984..13a14a0 100644
--- a/hw/net/rocker/rocker_fp.c
+++ b/hw/net/rocker/rocker_fp.c
@@ -16,17 +16,13 @@
 
 #include "qemu/osdep.h"
 #include "net/clients.h"
+#include "net/eth.h"
 
 #include "rocker.h"
 #include "rocker_hw.h"
 #include "rocker_fp.h"
 #include "rocker_world.h"
 
-enum duplex {
-DUPLEX_HALF = 0,
-DUPLEX_FULL
-};
-
 struct fp_port {
 Rocker *r;
 World *world;
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 01/15] chardev: fix leak in tcp_chr_telnet_init_io()

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 06:39:34PM +0100, Paolo Bonzini wrote:
> On 01/03/2018 09:44, Peter Xu wrote:
> > Need to free TCPChardevTelnetInit when session established.
> > 
> > Since at it, switch to use G_SOURCE_* macros.
> > 
> > Reviewed-by: Daniel P. Berrange 
> > Signed-off-by: Peter Xu 
> > ---
> >  chardev/char-socket.c | 10 +++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> > 
> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > index bdd6cff5f6..43a2cc2c1c 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > @@ -591,19 +591,23 @@ static gboolean tcp_chr_telnet_init_io(QIOChannel 
> > *ioc,
> >  ret = 0;
> >  } else {
> >  tcp_chr_disconnect(init->chr);
> > -return FALSE;
> > +goto end;
> >  }
> >  }
> >  init->buflen -= ret;
> >  
> >  if (init->buflen == 0) {
> >  tcp_chr_connect(init->chr);
> > -return FALSE;
> > +goto end;
> >  }
> >  
> >  memmove(init->buf, init->buf + ret, init->buflen);
> >  
> > -return TRUE;
> > +return G_SOURCE_CONTINUE;
> > +
> > +end:
> > +g_free(init);
> > +return G_SOURCE_REMOVE;
> >  }
> >  
> >  static void tcp_chr_telnet_init(Chardev *chr)
> > 
> 
> Queued, thanks (but it's okay if you post it again in v3, because I'm
> not sure I'll be able to send a pull request tomorrow).

Sure, thanks.

I believe this is an equivalent "r-b" if I repost. :)

-- 
Peter Xu

[Qemu-devel] [PATCH 1/4] eth: add speed and duplex definitions

2018-03-01 Thread Jason Baron via Qemu-devel 
Pull in definitions for SPEED_UNKNOWN, DUPLEX_UNKNOWN, DUPLEX_HALF,
and DUPLEX_FULL.

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 include/net/eth.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/include/net/eth.h b/include/net/eth.h
index 09054a5..9843678 100644
--- a/include/net/eth.h
+++ b/include/net/eth.h
@@ -417,4 +417,11 @@ bool
 eth_parse_ipv6_hdr(const struct iovec *pkt, int pkt_frags,
size_t ip6hdr_off, eth_ip6_hdr_info *info);
 
+/* ethtool defines - from linux/ethtool.h */
+#define SPEED_UNKNOWN   -1
+
+#define DUPLEX_HALF 0x00
+#define DUPLEX_FULL 0x01
+#define DUPLEX_UNKNOWN  0xff
+
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH 0/4] virtio-net: allow linkspeed and duplex setting

2018-03-01 Thread Jason Baron via Qemu-devel 
Hi,

Linux can now read linkspeed and duplex settings as set by the
hypervisor:

faa9b39 virtio_net: propagate linkspeed/duplex settings from the hypervisor

This series thus adds qemu support. Michael Tsirkin requested that we pull
in the linkspeed/duplex defines from include/linux/ethtool.h. I started to
do that and it seems to require a number of addtional headers. It seemed
like a lot of extra headers for only a few defines so I've added them all
to include/net/eth.h.

Also, this patchset depends on this header sync:

https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg07072.html

Thanks,

-Jason

Jason Baron (4):
  eth: add speed and duplex definitions
  rocker: drop local duplex definitions
  virtio-net: use 64-bit values for feature flags
  virtio-net: add linkspeed and duplex settings to virtio-net

 hw/net/rocker/rocker_fp.c  |  6 +---
 hw/net/virtio-net.c| 81 --
 include/hw/virtio/virtio-net.h |  5 ++-
 include/net/eth.h  |  7 
 4 files changed, 66 insertions(+), 33 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] [PATCH] migration: Fix block failure cases

2018-03-01 Thread Peter Xu 
On Thu, Mar 01, 2018 at 03:32:19PM +, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Wed, Feb 28, 2018 at 04:49:37PM +, Dr. David Alan Gilbert (git) 
> > wrote:
> > > From: "Dr. David Alan Gilbert" 
> > > 
> > > This fixes a couple of cases where the block migration capability
> > > doesn't get cleared when a migration failed.
> > > 
> > > 1) When block migration is compiled out:
> > >   (qemu) migrate -d -b  "exec:cat > /dev/null"
> > >   QEMU compiled without old-style (blk/-b, inc/-i) block migration
> > >   Use drive_mirror+NBD instead.
> > >   (qemu) migrate_set_capability xbzrle off
> > >   QEMU compiled without old-style (blk/-b, inc/-i) block migration
> > >   Use drive_mirror+NBD instead.
> > > 
> > >   This corresponds to https://bugzilla.redhat.com/show_bug.cgi?id=1550022
> > > 
> > > 2) When a migration with a bad protocol is tried:
> > >   (qemu) migrate -d -b "foo:bah"
> > >   Parameter 'uri' expects a valid migration protocol
> > >   (qemu) info migrate_capabilities
> > >   xbzrle: off
> > >   rdma-pin-all: off
> > >   auto-converge: off
> > >   zero-blocks: off
> > >   compress: off
> > >   events: off
> > >   postcopy-ram: off
> > >   x-colo: off
> > >   release-ram: off
> > >   block: on   <<-
> > >   return-path: off
> > >   pause-before-switchover: off
> > >   x-multifd: off
> > > 
> > > Fixes: 2833c59b947
> > > Signed-off-by: Dr. David Alan Gilbert 
> > > ---
> > >  migration/migration.c | 6 +++---
> > >  1 file changed, 3 insertions(+), 3 deletions(-)
> > > 
> > > diff --git a/migration/migration.c b/migration/migration.c
> > > index b913b98803..da0e4a1f56 100644
> > > --- a/migration/migration.c
> > > +++ b/migration/migration.c
> > > @@ -1391,11 +1391,12 @@ void qmp_migrate(const char *uri, bool has_blk, 
> > > bool blk,
> > >  return;
> > >  }
> > >  migrate_set_block_enabled(true, _err);
> > > +s->must_remove_block_options = true;
> > >  if (local_err) {
> > >  error_propagate(errp, local_err);
> > > +block_cleanup_parameters(s);
> > >  return;
> > >  }
> > > -s->must_remove_block_options = true;
> > >  }
> > >  
> > >  if (has_inc && inc) {
> > > @@ -1417,11 +1418,10 @@ void qmp_migrate(const char *uri, bool has_blk, 
> > > bool blk,
> > >  } else if (strstart(uri, "fd:", )) {
> > >  fd_start_outgoing_migration(s, p, _err);
> > >  } else {
> > > -error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "uri",
> > > +error_setg(_err, QERR_INVALID_PARAMETER_VALUE, "uri",
> > > "a valid migration protocol");
> > >  migrate_set_state(>state, MIGRATION_STATUS_SETUP,
> > >MIGRATION_STATUS_FAILED);
> > > -return;
> > >  }
> > >  
> > >  if (local_err) {
> > > -- 
> > > 2.14.3
> > > 
> > 
> > Ouch...
> > 
> > Instead it seems to be my fault in 4a84214ebe ("migration: provide
> > migrate_caps_check()", 2017-07-18).  For now I cannot understand why I
> > did that before since it's obviously strange if without this
> > squashed...
> > 
> > diff --git a/migration/migration.c b/migration/migration.c
> > index 0aa596f867..88ed9375aa 100644
> > --- a/migration/migration.c
> > +++ b/migration/migration.c
> > @@ -747,13 +747,15 @@ void 
> > qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
> >  {
> >  MigrationState *s = migrate_get_current();
> >  MigrationCapabilityStatusList *cap;
> > +bool cap_list[MIGRATION_CAPABILITY__MAX];
> >  
> >  if (migration_is_setup_or_active(s->state)) {
> >  error_setg(errp, QERR_MIGRATION_ACTIVE);
> >  return;
> >  }
> >  
> > -if (!migrate_caps_check(s->enabled_capabilities, params, errp)) {
> > +memcpy(cap_list, s->enabled_capabilities, sizeof(cap_list));
> > +if (!migrate_caps_check(cap_list, params, errp)) {
> >  return;
> >  }
> 
> > 
> > Otherwise I'll get:
> > 
> > (qemu) migrate_set_capability postcopy-ram on   
> >
> > (qemu) migrate_set_capability compress on   
> >
> > Postcopy is not currently compatible with compression   
> >
> > (qemu) info migrate_capabilities   
> > xbzrle: off
> > rdma-pin-all: off  
> > auto-converge: off 
> > zero-blocks: off   
> > compress: on <- :(
> > events: off
> > postcopy-ram: on   
> > x-colo: off
> > release-ram: off   
> > block: off 
> > return-path: off   
> > pause-before-switchover: off   
> > x-multifd: off
> >  
> > And it looks very likely that this should solve the block bug too.
> 
> Yes,

Re: [Qemu-devel] [PATCH v8 2/2] vhost: used_memslots refactoring

2018-03-01 Thread Zhoujian (jay) 


> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Friday, March 02, 2018 12:17 AM
> To: Zhoujian (jay) 
> Cc: qemu-devel@nongnu.org; imamm...@redhat.com; Huangweidong (C)
> ; wangxin (U) ; Gonglei
> (Arei) ; Liuzhe (Ahriy, Euler) 
> Subject: Re: [PATCH v8 2/2] vhost: used_memslots refactoring
> 
> On Tue, Feb 27, 2018 at 03:10:05PM +0800, Jay Zhou wrote:
> > Used_memslots is shared by vhost kernel and user, it is equal to
> > dev->mem->nregions, which is correct for vhost kernel, but not for
> > vhost user, the latter one uses memory regions that have file
> > descriptor. E.g. a VM has a vhost-user NIC and 8(vhost user memslot
> > upper limit) memory slots, it will be failed to hotplug a new DIMM
> > device since vhost_has_free_slot() finds no free slot left. It should
> > be successful if only part of memory slots have file descriptor, so
> > setting used memslots for vhost-user and vhost-kernel respectively.
> >
> > Signed-off-by: Igor Mammedov 
> > Signed-off-by: Jay Zhou 
> > Signed-off-by: Liuzhe 
> 
> make check fails with this patch, I dropped it for now.

Maybe something updated on the master tree affects this patch, will
look into and resolve.

Regards,
Jay

> 
> > ---
> >  hw/virtio/vhost-backend.c | 15 +++-
> >  hw/virtio/vhost-user.c| 77 ++-
> 
> >  hw/virtio/vhost.c | 13 +++
> >  include/hw/virtio/vhost-backend.h |  6 ++-
> >  4 files changed, 75 insertions(+), 36 deletions(-)
> >
> > diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
> > index 7f09efa..59def69 100644
> > --- a/hw/virtio/vhost-backend.c
> > +++ b/hw/virtio/vhost-backend.c
> > @@ -15,6 +15,8 @@
> >  #include "hw/virtio/vhost-backend.h"
> >  #include "qemu/error-report.h"
> >
> > +static unsigned int vhost_kernel_used_memslots;
> > +
> >  static int vhost_kernel_call(struct vhost_dev *dev, unsigned long int
> request,
> >   void *arg)  { @@ -62,6 +64,11 @@ static
> > int vhost_kernel_memslots_limit(struct vhost_dev *dev)
> >  return limit;
> >  }
> >
> > +static bool vhost_kernel_has_free_memslots(struct vhost_dev *dev) {
> > +return vhost_kernel_used_memslots <
> > +vhost_kernel_memslots_limit(dev); }
> > +
> >  static int vhost_kernel_net_set_backend(struct vhost_dev *dev,
> >  struct vhost_vring_file
> > *file)  { @@ -233,11 +240,16 @@ static void
> > vhost_kernel_set_iotlb_callback(struct vhost_dev *dev,
> >  qemu_set_fd_handler((uintptr_t)dev->opaque, NULL, NULL,
> > NULL);  }
> >
> > +static void vhost_kernel_set_used_memslots(struct vhost_dev *dev) {
> > +vhost_kernel_used_memslots = dev->mem->nregions; }
> > +
> >  static const VhostOps kernel_ops = {
> >  .backend_type = VHOST_BACKEND_TYPE_KERNEL,
> >  .vhost_backend_init = vhost_kernel_init,
> >  .vhost_backend_cleanup = vhost_kernel_cleanup,
> > -.vhost_backend_memslots_limit = vhost_kernel_memslots_limit,
> > +.vhost_backend_has_free_memslots =
> > + vhost_kernel_has_free_memslots,
> >  .vhost_net_set_backend = vhost_kernel_net_set_backend,
> >  .vhost_scsi_set_endpoint = vhost_kernel_scsi_set_endpoint,
> >  .vhost_scsi_clear_endpoint =
> > vhost_kernel_scsi_clear_endpoint, @@ -264,6 +276,7 @@ static const
> > VhostOps kernel_ops = {  #endif /* CONFIG_VHOST_VSOCK */
> >  .vhost_set_iotlb_callback = vhost_kernel_set_iotlb_callback,
> >  .vhost_send_device_iotlb_msg =
> > vhost_kernel_send_device_iotlb_msg,
> > +.vhost_set_used_memslots = vhost_kernel_set_used_memslots,
> >  };
> >
> >  int vhost_set_backend_type(struct vhost_dev *dev, VhostBackendType
> > backend_type) diff --git a/hw/virtio/vhost-user.c
> > b/hw/virtio/vhost-user.c index 6eb9798..f732c80 100644
> > --- a/hw/virtio/vhost-user.c
> > +++ b/hw/virtio/vhost-user.c
> > @@ -147,6 +147,8 @@ static VhostUserMsg m __attribute__ ((unused));
> >  /* The version of the protocol we support */
> >  #define VHOST_USER_VERSION(0x1)
> >
> > +static bool vhost_user_free_memslots = true;
> > +
> >  struct vhost_user {
> >  CharBackend *chr;
> >  int slave_fd;
> > @@ -314,12 +316,43 @@ static int vhost_user_set_log_base(struct vhost_dev
> *dev, uint64_t base,
> >  return 0;
> >  }
> >
> > +static int vhost_user_prepare_msg(struct vhost_dev *dev, VhostUserMemory
> *mem,
> > +  int *fds) {
> > +int i, fd;
> > +
> > +vhost_user_free_memslots = true;
> > +for (i = 0, mem->nregions = 0; i < dev->mem->nregions; ++i) {
> > +struct vhost_memory_region *reg = dev->mem->regions + i;
> > +ram_addr_t offset;
> > +MemoryRegion *mr;
> > +
> > +

Re: [Qemu-devel] [PATCH v3] PPC: e500: Fix duplicate kernel load and device tree overlap

2018-03-01 Thread David Gibson 
On Thu, Feb 15, 2018 at 10:36:00AM +0100, David Engraf wrote:
> This patch fixes an incorrect behavior when the -kernel argument has been
> specified without -bios. In this case the kernel was loaded twice. At address
> 32M as a raw image and afterwards by load_elf/load_uimage at the
> corresponding load address. In this case the region for the device tree and
> the raw kernel image may overlap.
> 
> The patch fixes the behavior by loading the kernel image once with
> load_elf/load_uimage and skips loading the raw image.
> 
> When here do not use bios_name/size for the kernel and use a more generic
> name called payload_name/size.
> 
> New in v3: dtb must be stored between kernel and initrd because Linux can
>handle the dtb only within the first 64MB. Add a comment to
>clarify the behavior.
> 
> Signed-off-by: David Engraf 

Sorry I've taken so long to reply to this.  It looks fine to me,
however, other changes mean it longer quite applies to the
ppc-for-2.12 tree.  Can you fix that up and repost please.

Reviewed-by: David Gibson 

> ---
>  hw/ppc/e500.c | 116 
> +++---
>  1 file changed, 70 insertions(+), 46 deletions(-)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index c4fe06ea2a..414c4beaab 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -784,8 +784,10 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  int initrd_size = 0;
>  hwaddr cur_base = 0;
>  char *filename;
> +const char *payload_name;
> +bool kernel_as_payload;
>  hwaddr bios_entry = 0;
> -target_long bios_size;
> +target_long payload_size;
>  struct boot_info *boot_info;
>  int dt_size;
>  int i;
> @@ -913,11 +915,6 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  /* Register spinning region */
>  sysbus_create_simple("e500-spin", params->spin_base, NULL);
>  
> -if (cur_base < (32 * 1024 * 1024)) {
> -/* u-boot occupies memory up to 32MB, so load blobs above */
> -cur_base = (32 * 1024 * 1024);
> -}
> -
>  if (params->has_mpc8xxx_gpio) {
>  qemu_irq poweroff_irq;
>  
> @@ -952,8 +949,61 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  sysbus_mmio_get_region(s, 0));
>  }
>  
> -/* Load kernel. */
> -if (machine->kernel_filename) {
> +/*
> + * Smart firmware defaults ahead!
> + *
> + * We follow the following table to select which payload we execute.
> + *
> + *  -kernel | -bios | payload
> + * -+---+-
> + * N|   Y   | u-boot
> + * N|   N   | u-boot
> + * Y|   Y   | u-boot
> + * Y|   N   | kernel
> + *
> + * This ensures backwards compatibility with how we used to expose
> + * -kernel to users but allows them to run through u-boot as well.
> + */
> +kernel_as_payload = false;
> +if (bios_name == NULL) {
> +if (machine->kernel_filename) {
> +payload_name = machine->kernel_filename;
> +kernel_as_payload = true;
> +} else {
> +payload_name = "u-boot.e500";
> +}
> +} else {
> +payload_name = bios_name;
> +}
> +
> +filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, payload_name);
> +
> +payload_size = load_elf(filename, NULL, NULL, _entry, , 
> NULL,
> +1, PPC_ELF_MACHINE, 0, 0);
> +if (payload_size < 0) {
> +/*
> + * Hrm. No ELF image? Try a uImage, maybe someone is giving us an
> + * ePAPR compliant kernel
> + */
> +payload_size = load_uimage(filename, _entry, , NULL,
> +   NULL, NULL);
> +if (payload_size < 0) {
> +fprintf(stderr, "qemu: could not load firmware '%s'\n", 
> filename);
> +exit(1);
> +}
> +}
> +
> +g_free(filename);
> +
> +if (kernel_as_payload) {
> +kernel_base = loadaddr;
> +kernel_size = payload_size;
> +}
> +
> +cur_base = loadaddr + payload_size;
> +
> +/* Load bare kernel only if no bios/u-boot has been provided */
> +if (machine->kernel_filename && !kernel_as_payload) {
>  kernel_base = cur_base;
>  kernel_size = load_image_targphys(machine->kernel_filename,
>cur_base,
> @@ -967,6 +1017,11 @@ void ppce500_init(MachineState *machine, PPCE500Params 
> *params)
>  cur_base += kernel_size;
>  }
>  
> +if (cur_base < (32 * 1024 * 1024)) {
> +/* u-boot occupies memory up to 32MB, so load blobs above */
> +cur_base = (32 * 1024 * 1024);
> +}
> +
>  /* Load initrd. */
>  if (machine->initrd_filename) {
>  initrd_base = (cur_base + INITRD_LOAD_PAD) & ~INITRD_PAD_MASK;
> @@ -983,47 +1038,16 @@ void

Re: [Qemu-devel] [PATCH 7/7] qcow2: Make qemu-img check detect corrupted L1 tables in snapshots

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

'qemu-img check' cannot detect if a snapshot's L1 table is corrupted.
This patch checks the table's offset and size and reports corruption
if the values are not valid.

This patch doesn't add code to fix that corruption yet, only to detect
and report it.

Signed-off-by: Alberto Garcia 
---
  block/qcow2-refcount.c | 14 ++
  tests/qemu-iotests/080 |  2 ++
  tests/qemu-iotests/080.out | 20 
  3 files changed, 36 insertions(+)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH qemu v3 1/2] qmp: Merge ObjectPropertyInfo and DevicePropertyInfo

2018-03-01 Thread David Gibson 
On Fri, Mar 02, 2018 at 12:09:38AM +1100, Alexey Kardashevskiy wrote:
> ObjectPropertyInfo is more generic and only missing @description.
> This adds a description to ObjectPropertyInfo and removes
> DevicePropertyInfo so the resulting ObjectPropertyInfo can be used
> elsewhere.
> 
> Signed-off-by: Alexey Kardashevskiy 

Reviewed-by: David Gibson 

> ---
>  qapi-schema.json | 23 +--
>  qdev-monitor.c   |  6 +++---
>  qmp.c| 20 ++--
>  3 files changed, 18 insertions(+), 31 deletions(-)
> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 0262b9f..87327e5 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -1266,10 +1266,12 @@
>  #3) A link type in the form 'link' where subtype is a qdev
>  #   device type name.  Link properties form the device model graph.
>  #
> +# @description: if specified, the description of the property.
> +#
>  # Since: 1.2
>  ##
>  { 'struct': 'ObjectPropertyInfo',
> -  'data': { 'name': 'str', 'type': 'str' } }
> +  'data': { 'name': 'str', 'type': 'str', '*description': 'str' } }
>  
>  ##
>  # @qom-list:
> @@ -1425,34 +1427,19 @@
>'returns': [ 'ObjectTypeInfo' ] }
>  
>  ##
> -# @DevicePropertyInfo:
> -#
> -# Information about device properties.
> -#
> -# @name: the name of the property
> -# @type: the typename of the property
> -# @description: if specified, the description of the property.
> -#   (since 2.2)
> -#
> -# Since: 1.2
> -##
> -{ 'struct': 'DevicePropertyInfo',
> -  'data': { 'name': 'str', 'type': 'str', '*description': 'str' } }
> -
> -##
>  # @device-list-properties:
>  #
>  # List properties associated with a device.
>  #
>  # @typename: the type name of a device
>  #
> -# Returns: a list of DevicePropertyInfo describing a devices properties
> +# Returns: a list of ObjectPropertyInfo describing a devices properties
>  #
>  # Since: 1.2
>  ##
>  { 'command': 'device-list-properties',
>'data': { 'typename': 'str'},
> -  'returns': [ 'DevicePropertyInfo' ] }
> +  'returns': [ 'ObjectPropertyInfo' ] }
>  
>  ##
>  # @xen-set-global-dirty-log:
> diff --git a/qdev-monitor.c b/qdev-monitor.c
> index 8462381..ab9c46c 100644
> --- a/qdev-monitor.c
> +++ b/qdev-monitor.c
> @@ -258,8 +258,8 @@ int qdev_device_help(QemuOpts *opts)
>  {
>  Error *local_err = NULL;
>  const char *driver;
> -DevicePropertyInfoList *prop_list;
> -DevicePropertyInfoList *prop;
> +ObjectPropertyInfoList *prop_list;
> +ObjectPropertyInfoList *prop;
>  
>  driver = qemu_opt_get(opts, "driver");
>  if (driver && is_help_option(driver)) {
> @@ -295,7 +295,7 @@ int qdev_device_help(QemuOpts *opts)
>  }
>  }
>  
> -qapi_free_DevicePropertyInfoList(prop_list);
> +qapi_free_ObjectPropertyInfoList(prop_list);
>  return 1;
>  
>  error:
> diff --git a/qmp.c b/qmp.c
> index 793f6f3..8a74038 100644
> --- a/qmp.c
> +++ b/qmp.c
> @@ -463,12 +463,12 @@ ObjectTypeInfoList *qmp_qom_list_types(bool 
> has_implements,
>   *
>   * The caller must free the return value.
>   */
> -static DevicePropertyInfo *make_device_property_info(ObjectClass *klass,
> - const char *name,
> - const char 
> *default_type,
> - const char *description)
> +static ObjectPropertyInfo *make_device_property_info(ObjectClass *klass,
> +  const char *name,
> +  const char *default_type,
> +  const char *description)
>  {
> -DevicePropertyInfo *info;
> +ObjectPropertyInfo *info;
>  Property *prop;
>  
>  do {
> @@ -508,14 +508,14 @@ static DevicePropertyInfo 
> *make_device_property_info(ObjectClass *klass,
>  return info;
>  }
>  
> -DevicePropertyInfoList *qmp_device_list_properties(const char *typename,
> -   Error **errp)
> +ObjectPropertyInfoList *qmp_device_list_properties(const char *typename,
> +Error **errp)
>  {
>  ObjectClass *klass;
>  Object *obj;
>  ObjectProperty *prop;
>  ObjectPropertyIterator iter;
> -DevicePropertyInfoList *prop_list = NULL;
> +ObjectPropertyInfoList *prop_list = NULL;
>  
>  klass = object_class_by_name(typename);
>  if (klass == NULL) {
> @@ -540,8 +540,8 @@ DevicePropertyInfoList *qmp_device_list_properties(const 
> char *typename,
>  
>  object_property_iter_init(, obj);
>  while ((prop = object_property_iter_next())) {
> -DevicePropertyInfo *info;
> -DevicePropertyInfoList *entry;
> +ObjectPropertyInfo *info;
> +ObjectPropertyInfoList *entry;
>  
>  /* Skip Object and DeviceState properties */
>  if

Re: [Qemu-devel] [PATCH 5/7] qcow2: Check snapshot L1 table in qcow2_snapshot_goto()

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

This function copies a snapshot's L1 table into the active one without
validating it first.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia 
---
  block/qcow2-snapshot.c | 6 ++
  tests/qemu-iotests/080 | 2 ++
  tests/qemu-iotests/080.out | 2 ++
  3 files changed, 10 insertions(+)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 6/7] qcow2: Check snapshot L1 table in qcow2_snapshot_delete()

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

This function deletes a snapshot from disk, removing its entry from
the snapshot table, freeing its L1 table and decreasing the refcounts
of all clusters.

The L1 table offset and size are however not validated. If we use
invalid values in this function we'll probably corrupt the image even
more, so we should return an error instead.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia 
---
  block/qcow2-snapshot.c | 7 +++
  tests/qemu-iotests/080 | 2 ++
  tests/qemu-iotests/080.out | 2 ++
  3 files changed, 11 insertions(+)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH] hw/ppc/spapr, e500: Use new property "stdout-path" for boot console

2018-03-01 Thread David Gibson 
On Thu, Mar 01, 2018 at 11:35:50AM +0530, Nikunj A Dadhania wrote:
> Linux kernel commit 2a9d832cc9aae21ea827520fef635b6c49a06c6d
> (of: Add bindings for chosen node, stdout-path) deprecated chosen property
> "linux,stdout-path" and "stdout".
> 
> Introduce the new property "stdout-path" and continue supporting the older
> property to remain compatible with existing/older firmware. This older 
> property
> can be deprecated after 5 years.
> 
> Signed-off-by: Nikunj A Dadhania 

Applied to ppc-for-2.12, thanks.

> ---
>  hw/ppc/e500.c  | 7 +++
>  hw/ppc/spapr.c | 7 +++
>  2 files changed, 14 insertions(+)
> 
> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
> index a40d3ec3e3..a325a95015 100644
> --- a/hw/ppc/e500.c
> +++ b/hw/ppc/e500.c
> @@ -119,7 +119,14 @@ static void dt_serial_create(void *fdt, unsigned long 
> long offset,
>  qemu_fdt_setprop_string(fdt, "/aliases", alias, ser);
>  
>  if (defcon) {
> +/*
> + * "linux,stdout-path" and "stdout" properties are deprecated by 
> linux
> + * kernel. New platforms should only use the "stdout-path" property. 
> Set
> + * the new property and continue using older property to remain
> + * compatible with the existing firmware.
> + */
>  qemu_fdt_setprop_string(fdt, "/chosen", "linux,stdout-path", ser);
> +qemu_fdt_setprop_string(fdt, "/chosen", "stdout-path", ser);
>  }
>  }
>  
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 83c9d66dd5..58a44edc4a 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1062,7 +1062,14 @@ static void spapr_dt_chosen(sPAPRMachineState *spapr, 
> void *fdt)
>  }
>  
>  if (!spapr->has_graphics && stdout_path) {
> +/*
> + * "linux,stdout-path" and "stdout" properties are deprecated by 
> linux
> + * kernel. New platforms should only use the "stdout-path" property. 
> Set
> + * the new property and continue using older property to remain
> + * compatible with the existing firmware.
> + */
>  _FDT(fdt_setprop_string(fdt, chosen, "linux,stdout-path", 
> stdout_path));
> +_FDT(fdt_setprop_string(fdt, chosen, "stdout-path", stdout_path));
>  }
>  
>  spapr_dt_ov5_platform_support(fdt, chosen);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 3/8] qcow2: introduce qcow2_write_caches and qcow2_flush_caches

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:36 AM, Paolo Bonzini wrote:

They will be used to avoid recursively taking s->lock during
bdrv_open or bdrv_check.

Signed-off-by: Paolo Bonzini 
Message-Id: <1516279431-30424-7-git-send-email-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
  block/qcow2-refcount.c | 28 
  block/qcow2.c  | 20 
  block/qcow2.h  |  2 ++
  3 files changed, 34 insertions(+), 16 deletions(-)


Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PULL v2 23/30] qapi: Generate separate .h, .c for each module

2018-03-01 Thread Eric Blake 
From: Markus Armbruster 

Our qapi-schema.json is composed of modules connected by include
directives, but the generated code is monolithic all the same: one
qapi-types.h with all the types, one qapi-visit.h with all the
visitors, and so forth.  These monolithic headers get included all
over the place.  In my "build everything" tree, adding a QAPI type
recompiles about 4800 out of 5100 objects.

We wouldn't write such monolithic headers by hand.  It stands to
reason that we shouldn't generate them, either.

Split up generated qapi-types.h to mirror the schema's modular
structure: one header per module.  Name the main module's header
qapi-types.h, and sub-module D/B.json's header D/qapi-types-B.h.

Mirror the schema's includes in the headers, so that qapi-types.h gets
you everything exactly as before.  If you need less, you can include
one or more of the sub-module headers.  To be exploited shortly.

Split up qapi-types.c, qapi-visit.h, qapi-visit.c, qmp-commands.h,
qmp-commands.c, qapi-event.h, qapi-event.c the same way.
qmp-introspect.h, qmp-introspect.c and qapi.texi remain monolithic.

The split of qmp-commands.c duplicates static helper function
qmp_marshal_output_str() in qapi-commands-char.c and
qapi-commands-misc.c.  This happens when commands returning the same
type occur in multiple modules.  Not worth avoiding.

Since I'm going to rename qapi-event.[ch] to qapi-events.[ch], and
qmp-commands.[ch] to qapi-commands.[ch], name the shards that way
already, to reduce churn.  This requires temporary hacks in
commands.py and events.py.  They'll go away with the rename.

Signed-off-by: Markus Armbruster 
Message-Id: <20180211093607.27351-23-arm...@redhat.com>
Reviewed-by: Eric Blake 
Signed-off-by: Eric Blake 
---
 Makefile | 120 +++
 Makefile.objs|  65 -
 scripts/qapi/commands.py |  35 +-
 scripts/qapi/common.py   |  21 +++--
 scripts/qapi/events.py   |  19 ++--
 .gitignore   |  60 
 6 files changed, 300 insertions(+), 20 deletions(-)

diff --git a/Makefile b/Makefile
index 494ae382794..b12fcd5d8ff 100644
--- a/Makefile
+++ b/Makefile
@@ -92,10 +92,70 @@ include $(SRC_PATH)/rules.mak
 GENERATED_FILES = qemu-version.h config-host.h qemu-options.def
 GENERATED_FILES += qapi-builtin-types.h qapi-builtin-types.c
 GENERATED_FILES += qapi-types.h qapi-types.c
+GENERATED_FILES += qapi/qapi-types-block-core.h qapi/qapi-types-block-core.c
+GENERATED_FILES += qapi/qapi-types-block.h qapi/qapi-types-block.c
+GENERATED_FILES += qapi/qapi-types-char.h qapi/qapi-types-char.c
+GENERATED_FILES += qapi/qapi-types-common.h qapi/qapi-types-common.c
+GENERATED_FILES += qapi/qapi-types-crypto.h qapi/qapi-types-crypto.c
+GENERATED_FILES += qapi/qapi-types-introspect.h qapi/qapi-types-introspect.c
+GENERATED_FILES += qapi/qapi-types-migration.h qapi/qapi-types-migration.c
+GENERATED_FILES += qapi/qapi-types-net.h qapi/qapi-types-net.c
+GENERATED_FILES += qapi/qapi-types-rocker.h qapi/qapi-types-rocker.c
+GENERATED_FILES += qapi/qapi-types-run-state.h qapi/qapi-types-run-state.c
+GENERATED_FILES += qapi/qapi-types-sockets.h qapi/qapi-types-sockets.c
+GENERATED_FILES += qapi/qapi-types-tpm.h qapi/qapi-types-tpm.c
+GENERATED_FILES += qapi/qapi-types-trace.h qapi/qapi-types-trace.c
+GENERATED_FILES += qapi/qapi-types-transaction.h qapi/qapi-types-transaction.c
+GENERATED_FILES += qapi/qapi-types-ui.h qapi/qapi-types-ui.c
 GENERATED_FILES += qapi-builtin-visit.h qapi-builtin-visit.c
 GENERATED_FILES += qapi-visit.h qapi-visit.c
+GENERATED_FILES += qapi/qapi-visit-block-core.h qapi/qapi-visit-block-core.c
+GENERATED_FILES += qapi/qapi-visit-block.h qapi/qapi-visit-block.c
+GENERATED_FILES += qapi/qapi-visit-char.h qapi/qapi-visit-char.c
+GENERATED_FILES += qapi/qapi-visit-common.h qapi/qapi-visit-common.c
+GENERATED_FILES += qapi/qapi-visit-crypto.h qapi/qapi-visit-crypto.c
+GENERATED_FILES += qapi/qapi-visit-introspect.h qapi/qapi-visit-introspect.c
+GENERATED_FILES += qapi/qapi-visit-migration.h qapi/qapi-visit-migration.c
+GENERATED_FILES += qapi/qapi-visit-net.h qapi/qapi-visit-net.c
+GENERATED_FILES += qapi/qapi-visit-rocker.h qapi/qapi-visit-rocker.c
+GENERATED_FILES += qapi/qapi-visit-run-state.h qapi/qapi-visit-run-state.c
+GENERATED_FILES += qapi/qapi-visit-sockets.h qapi/qapi-visit-sockets.c
+GENERATED_FILES += qapi/qapi-visit-tpm.h qapi/qapi-visit-tpm.c
+GENERATED_FILES += qapi/qapi-visit-trace.h qapi/qapi-visit-trace.c
+GENERATED_FILES += qapi/qapi-visit-transaction.h qapi/qapi-visit-transaction.c
+GENERATED_FILES += qapi/qapi-visit-ui.h qapi/qapi-visit-ui.c
 GENERATED_FILES += qmp-commands.h qmp-commands.c
+GENERATED_FILES += qapi/qapi-commands-block-core.h 
qapi/qapi-commands-block-core.c
+GENERATED_FILES += qapi/qapi-commands-block.h qapi/qapi-commands-block.c
+GENERATED_FILES +=

[Qemu-devel] [PULL v2 24/30] Include less of the generated modular QAPI headers

2018-03-01 Thread Eric Blake 
From: Markus Armbruster 

In my "build everything" tree, a change to the types in
qapi-schema.json triggers a recompile of about 4800 out of 5100
objects.

The previous commit split up qmp-commands.h, qmp-event.h, qmp-visit.h,
qapi-types.h.  Each of these headers still includes all its shards.
Reduce compile time by including just the shards we actually need.

To illustrate the benefits: adding a type to qapi/migration.json now
recompiles some 2300 instead of 4800 objects.  The next commit will
improve it further.

Signed-off-by: Markus Armbruster 
Message-Id: <20180211093607.27351-24-arm...@redhat.com>
Reviewed-by: Eric Blake 
Reviewed-by: Marc-André Lureau 
[eblake: rebase to master]
Signed-off-by: Eric Blake 
---
 include/qapi/visitor.h   |  2 +-
 scripts/qapi/commands.py | 14 --
 scripts/qapi/events.py   | 10 ++
 scripts/qapi/types.py|  8 +---
 scripts/qapi/visit.py| 10 ++
 crypto/cipherpriv.h  |  2 +-
 include/block/block.h|  2 +-
 include/block/dirty-bitmap.h |  2 +-
 include/block/nbd.h  |  2 +-
 include/chardev/char.h   |  1 +
 include/crypto/cipher.h  |  2 +-
 include/crypto/hash.h|  2 +-
 include/crypto/hmac.h|  2 +-
 include/crypto/secret.h  |  1 +
 include/crypto/tlscreds.h|  1 +
 include/hw/block/block.h |  2 +-
 include/hw/block/fdc.h   |  2 +-
 include/hw/ppc/spapr_drc.h   |  1 +
 include/hw/qdev-properties.h |  1 +
 include/io/dns-resolver.h|  1 +
 include/migration/colo.h |  2 +-
 include/migration/failover.h |  2 +-
 include/migration/global_state.h |  1 +
 include/monitor/monitor.h|  1 +
 include/net/filter.h |  1 +
 include/net/net.h|  2 +-
 include/qapi/clone-visitor.h |  1 -
 include/qapi/error.h |  2 +-
 include/qapi/qmp/qobject.h   |  2 +-
 include/qemu/sockets.h   |  2 +-
 include/qemu/throttle.h  |  2 +-
 include/qom/cpu.h|  1 +
 include/qom/object.h |  2 +-
 include/sysemu/dump.h|  2 ++
 include/sysemu/hostmem.h |  1 +
 include/sysemu/replay.h  |  1 +
 include/sysemu/sysemu.h  |  1 +
 include/sysemu/tpm.h |  1 +
 include/sysemu/watchdog.h|  2 +-
 include/ui/console.h |  1 +
 include/ui/input.h   |  2 +-
 migration/migration.h|  1 +
 migration/ram.h  |  2 +-
 net/tap_int.h|  2 +-
 replication.h|  1 +
 ui/vnc.h |  1 +
 vl.c |  4 ++--
 backends/cryptodev.c |  1 -
 backends/hostmem.c   |  3 ++-
 block.c  |  1 -
 block/block-backend.c|  2 +-
 block/crypto.c   |  2 +-
 block/nbd.c  |  2 +-
 block/nfs.c  |  2 +-
 block/qapi.c |  4 ++--
 block/qcow2.c|  3 +--
 block/quorum.c   |  2 +-
 block/sheepdog.c |  2 +-
 block/ssh.c  |  2 +-
 block/throttle-groups.c  |  2 +-
 block/write-threshold.c  |  4 ++--
 blockdev-nbd.c   |  2 +-
 blockdev.c   |  5 +++--
 blockjob.c   |  2 +-
 chardev/char-fe.c|  1 -
 chardev/char-ringbuf.c   |  2 +-
 chardev/char-socket.c|  1 +
 chardev/char.c   |  3 +--
 cpus.c   |  2 +-
 hmp.c|  2 +-
 hw/acpi/core.c   |  2 +-
 hw/block/block.c |  1 +
 hw/block/hd-geometry.c   |  1 +
 hw/char/virtio-console.c |  2 +-
 hw/core/machine.c|  2 +-
 hw/i386/pc.c |  2 +-
 hw/mem/nvdimm.c  |  1 -
 hw/net/rocker/qmp-norocker.c |  2 +-
 hw/net/rocker/rocker.c   |  2 +-
 hw/net/rocker/rocker_fp.c|  2 +-
 hw/net/rocker/rocker_of_dpa.c|  2 +-
 hw/net/virtio-net.c  |  2 +-
 hw/ppc/spapr_rtas.c  |  1 -
 hw/tpm/tpm_emulator.c|  1 +
 hw/tpm/tpm_passthrough.c |  1 +
 hw/watchdog/watchdog.c   |  2 +-
 io/channel-socket.c  |  1 +
 io/dns-resolver.c|  1 +
 migration/colo-failover.c|  2 +-
 migration/colo.c |  2 +-
 migration/migration.c|  4 ++--
 migration/ram.c  |  2 +-
 net/colo-compare.c   |  1 -
 net/filter-buffer.c  |  2 +-
 net/filter-mirror.c  |  1 -
 net/filter-rewriter.c|  1 -
 net/net.c|  4 ++--
 net/vhost-user.c |  2 +-
 qemu-img.c   |

[Qemu-devel] [PULL v2 22/30] watchdog: Consolidate QAPI into single file

2018-03-01 Thread Eric Blake 
Commit f0df84c6 added watchdog-set-action in the main qapi-schema.json,
but it belongs better in qapi/run-state.json alongside the definition
of WatchdogAction.  The command was written prior to commit 0e201d34
creating the latter file, even though it was merged after.

Signed-off-by: Eric Blake 
Message-Id: <20180226225744.26356-1-ebl...@redhat.com>
---
 qapi-schema.json| 9 -
 qapi/run-state.json | 9 +
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index d214529547d..3c1abf27005 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3291,12 +3291,3 @@
 # Since: 2.9
 ##
 { 'command': 'query-vm-generation-id', 'returns': 'GuidInfo' }
-
-##
-# @watchdog-set-action:
-#
-# Set watchdog action
-#
-# Since: 2.11
-##
-{ 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} }
diff --git a/qapi/run-state.json b/qapi/run-state.json
index 92d29fd5710..1c9fff3aefe 100644
--- a/qapi/run-state.json
+++ b/qapi/run-state.json
@@ -283,6 +283,15 @@
   'data': [ 'reset', 'shutdown', 'poweroff', 'pause', 'debug', 'none',
 'inject-nmi' ] }

+##
+# @watchdog-set-action:
+#
+# Set watchdog action
+#
+# Since: 2.11
+##
+{ 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} }
+
 ##
 # @GUEST_PANICKED:
 #
-- 
2.14.3

[Qemu-devel] [PULL v2 00/30] QAPI patches for 2018-03-01

2018-03-01 Thread Eric Blake 
The following changes since commit 0dc8ae5e8e693737dfe65ba02d0c6eccb58a9c67:

  Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180301-v2' into 
staging (2018-03-01 17:08:16 +)

are available in the Git repository at:

  git://repo.or.cz/qemu/ericb.git tags/pull-qapi-2018-03-01-v2

for you to fetch changes up to 76b2baeed38089c19f69c7117b8eaa64b0e7d227:

  qapi: Don't create useless directory qapi-generated (2018-03-01 19:16:40 
-0600)

v2: fix rebase on top of s390x work so that build is successful
(if I do it right, I'm sending just the changed patches)

Again, this series will be a conflict magnet due to content motion
from qapi-schema.json to qapi/misc.json; hopefully, the level of
rebasing required is not too painful


qapi patches for 2018-03-01

- Markus Armbruster: Modularize generated QAPI code


Eric Blake (1):
  watchdog: Consolidate QAPI into single file

Markus Armbruster (29):
  Include qapi/qmp/qerror.h exactly where needed
  qapi: Streamline boilerplate comment generation
  qapi: Generate up-to-date copyright notice
  qapi: Rename variable holding the QAPISchemaGenFOOVisitor
  qapi: New classes QAPIGenC, QAPIGenH, QAPIGenDoc
  qapi: Reduce use of global variables in generators some
  qapi: Turn generators into modules
  qapi-gen: New common driver for code and doc generators
  qapi-gen: Convert from getopt to argparse
  qapi: Touch generated files only when they change
  qapi: Improve include file name reporting in error messages
  qapi/common: Eliminate QAPISchema.exprs
  qapi: Lift error reporting from QAPISchema.__init__() to callers
  qapi: Concentrate QAPISchemaParser.exprs updates in .__init__()
  qapi: Record 'include' directives in parse tree
  qapi: Generate in source order
  qapi: Record 'include' directives in intermediate representation
  qapi: Rename generated qmp-marshal.c to qmp-commands.c
  qapi: Make code-generating visitors use QAPIGen more
  qapi/types qapi/visit: Generate built-in stuff into separate files
  qapi/common: Fix guardname() for funny filenames
  qapi: Generate separate .h, .c for each module
  Include less of the generated modular QAPI headers
  qapi: Empty out qapi-schema.json
  docs/devel/writing-qmp-commands: Update for modular QAPI
  docs: Correct outdated information on QAPI
  qapi: Move qapi-schema.json to qapi/, rename generated files
  Fix up dangling references to qmp-commands.* in comment and doc
  qapi: Don't create useless directory qapi-generated

 docs/devel/qapi-code-gen.txt   | 124 ---
 docs/devel/writing-qmp-commands.txt|  39 +--
 docs/interop/qmp-intro.txt |   3 +-
 docs/xen-save-devices-state.txt|   3 +-
 tests/qapi-schema/doc-good.texi|   3 +-
 configure  |   1 -
 Makefile   | 233 ++
 Makefile.objs  |  80 -
 qapi-schema.json => qapi/misc.json | 105 +-
 qapi/qapi-schema.json  |  95 ++
 qapi/run-state.json|   9 +
 include/qapi/visitor.h |   2 +-
 scripts/qapi-gen.py|  57 
 scripts/qapi/__init__.py   |   0
 scripts/{qapi-commands.py => qapi/commands.py} | 155 -
 scripts/{qapi.py => qapi/common.py}| 355 +
 scripts/{qapi2texi.py => qapi/doc.py}  |  92 +++---
 scripts/{qapi-event.py => qapi/events.py}  | 128 +++-
 scripts/{qapi-introspect.py => qapi/introspect.py} | 123 +++
 scripts/{qapi-types.py => qapi/types.py}   | 185 ---
 scripts/{qapi-visit.py => qapi/visit.py}   | 189 ---
 crypto/cipherpriv.h|   2 +-
 include/block/block.h  |   2 +-
 include/block/dirty-bitmap.h   |   2 +-
 include/block/nbd.h|   2 +-
 include/chardev/char.h |   1 +
 include/crypto/cipher.h|   2 +-
 include/crypto/hash.h  |   2 +-
 include/crypto/hmac.h  |   2 +-
 include/crypto/secret.h|   1 +
 include/crypto/tlscreds.h  |   1 +
 include/hw/block/block.h   |   2 +-
 include/hw/block/fdc.h |   2 +-
 include/hw/ppc/spapr_drc.h |   1 +
 include/hw/qdev-properties.h   |   2 +
 include/io/dns-resolver.h

Re: [Qemu-devel] [PATCH 4/7] qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap()

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

The inactive-l2 overlap check iterates uses the L1 tables from all
snapshots, but it does not validate them first.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia 
---
  block/qcow2-refcount.c | 10 +-
  tests/qemu-iotests/080 |  4 
  tests/qemu-iotests/080.out |  4 
  3 files changed, 17 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PULL 00/13] virtio, vhost, pci, pc: features, fixes and cleanups

2018-03-01 Thread no-reply 
Hi,

This series failed docker-quick@centos6 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1519922735-29054-1-git-send-email-...@redhat.com
Subject: [Qemu-devel] [PULL 00/13] virtio, vhost, pci, pc: features, fixes and 
cleanups

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
fatal: unable to access 'https://github.com/patchew-project/qemu/': transfer 
closed with outstanding read data remaining
error: Could not fetch 3c8cf5a9c21ff8782164d1def7f44bd888713384
Traceback (most recent call last):
  File "/usr/bin/patchew", line 442, in test_one
git_clone_repo(clone, r["repo"], r["head"], logf)
  File "/usr/bin/patchew", line 48, in git_clone_repo
stdout=logf, stderr=logf)
  File "/usr/lib64/python3.6/subprocess.py", line 291, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['git', 'remote', 'add', '-f', 
'--mirror=fetch', '3c8cf5a9c21ff8782164d1def7f44bd888713384', 
'https://github.com/patchew-project/qemu']' returned non-zero exit status 1.



---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v2 0/4] vl: introduce vm_shutdown()

2018-03-01 Thread Fam Zheng 
On Thu, 03/01 14:54, Stefan Hajnoczi wrote:
> On Thu, Mar 01, 2018 at 09:15:17AM +0800, Fam Zheng wrote:
> > On Wed, 02/28 18:19, Stefan Hajnoczi wrote:
> > > v2:
> > >  * Tackle the .ioeventfd_stop() vs vq handler race by removing the 
> > > ioeventfd
> > >from a BH in the IOThread [Fam]
> > > 
> > > There are several race conditions in virtio-blk/virtio-scsi dataplane 
> > > code.
> > > This patch series addresses them, see the commit description for details 
> > > on the
> > > individual cases.
> > 
> > This doesn't apply to master. Which branch is it based off?
> 
> Sorry, I was going to look up the Based-on: syntax and then forgot.  I'm
> not sure where it's documented, here is a guess at how it works:
> 
> Based-on: "[PATCH v3 0/5] block: fix blk_aio_*() segfault when blk->root == 
> NULL" <20180216165015.30715-1-stefa...@redhat.com>

Sorry for the poor documentation of Patchew, we should improve the situation
soon:

Based-on: <20180216165015.30715-1-stefa...@redhat.com>
([PATCH v3 0/5] block: fix blk_aio_*() segfault when blk->root == NULL)

(Only the "Based-on:" line matters)

Fam

Re: [Qemu-devel] [PULL 00/42] target-arm queue

2018-03-01 Thread Fam Zheng 
On Thu, Mar 1, 2018 at 10:45 PM, Peter Maydell  wrote:
> On 1 March 2018 at 13:00,   wrote:
>> Hi,
>>
>> This series seems to have some coding style problems. See output below for
>> more information:
>>
>> Type: series
>> Message-id: 20180301112403.12487-1-peter.mayd...@linaro.org
>> Subject: [Qemu-devel] [PULL 00/42] target-arm queue
>
> Fam -- any idea why patchew sent two checkpatch-issues emails for
> this patchset ? The Message-IDs are:
> <151990924540.1290.18181910407458585370@bdbb90650ae5>
> <151990926291.1290.9842237231347453757@bdbb90650ae5>

A bug in patchew. The server dispatched the checkpatch task to two testers
when they asked for more work to do. One of them shouldn't happen.
I've worked around this in the config
(filtering the task into only one tester) now.

I created an issue.

https://github.com/patchew-project/patchew/issues/63

Fam

Re: [Qemu-devel] [PATCHv3 00/12] macio: remove legacy macio_init() function

2018-03-01 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk
Subject: [Qemu-devel] [PATCHv3 00/12] macio: remove legacy macio_init() function

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1519709965-29833-1-git-send-email-c...@braap.org -> 
patchew/1519709965-29833-1-git-send-email-c...@braap.org
 * [new tag]   
patchew/20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk -> 
patchew/20180228203243.1413-1-mark.cave-ayl...@ilande.co.uk
Switched to a new branch 'test'
172de12fd3 macio: remove macio_init() function
0e9b5f92bd macio: move setting of CUDA timebase frequency to 
macio_common_realize()
cb79b98479 mac_newworld: use object link to pass OpenPIC object to macio
9042b9cdfd openpic: move OpenPIC state and related definitions to openpic.h
dbb8ecee13 openpic: move KVM-specific declarations into separate openpic_kvm.h 
file
62cc211353 mac_oldworld: use object link to pass heathrow PIC object to macio
1fe36332f8 macio: move macio related structures and defines into separate 
macio.h file
2e9a6f0518 heathrow: change heathrow_pic_init() to return the heathrow device
6dbf45d8e3 heathrow: convert to trace-events
b109c28719 heathrow: QOMify heathrow PIC
5ee002a59c macio: move ESCC device within the macio device
4d426b15fd macio: embed DBDMA device directly within macio

=== OUTPUT BEGIN ===
Checking PATCH 1/12: macio: embed DBDMA device directly within macio...
Checking PATCH 2/12: macio: move ESCC device within the macio device...
Checking PATCH 3/12: heathrow: QOMify heathrow PIC...
Checking PATCH 4/12: heathrow: convert to trace-events...
Checking PATCH 5/12: heathrow: change heathrow_pic_init() to return the 
heathrow device...
Checking PATCH 6/12: macio: move macio related structures and defines into 
separate macio.h file...
Checking PATCH 7/12: mac_oldworld: use object link to pass heathrow PIC object 
to macio...
Checking PATCH 8/12: openpic: move KVM-specific declarations into separate 
openpic_kvm.h file...
Checking PATCH 9/12: openpic: move OpenPIC state and related definitions to 
openpic.h...
ERROR: "foo * bar" should be "foo *bar"
#249: FILE: include/hw/ppc/openpic.h:57:
+#define RAVEN_DBL_IRQ(RAVEN_IPI_IRQ + (RAVEN_MAX_CPU * RAVEN_MAX_IPI))

total: 1 errors, 0 warnings, 353 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 10/12: mac_newworld: use object link to pass OpenPIC object to 
macio...
Checking PATCH 11/12: macio: move setting of CUDA timebase frequency to 
macio_common_realize()...
Checking PATCH 12/12: macio: remove macio_init() function...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v1 1/1] target/arm: Fix the A53 L2CTLR typo

2018-03-01 Thread Alistair Francis 
The cortex A53 TRM specifices that bits 24 and 25 of the L2CTLR register
specify the number of cores present and not the number of processors. We
have correctly been reporting the number of cores, so just fix the
comment to match the TRM.

Signed-off-by: Alistair Francis 
---

 target/arm/cpu64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 9743bdc8c3..aac1746efe 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -42,7 +42,7 @@ static inline void unset_feature(CPUARMState *env, int 
feature)
 #ifndef CONFIG_USER_ONLY
 static uint64_t a57_a53_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri)
 {
-/* Number of processors is in [25:24]; otherwise we RAZ */
+/* Number of cores is in [25:24]; otherwise we RAZ */
 return (smp_cpus - 1) << 24;
 }
 #endif
-- 
2.14.1

Re: [Qemu-devel] [PATCH 3/7] qcow2: Check L1 table parameters in qcow2_expand_zero_clusters()

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

This function iterates over all snapshots of a qcow2 file in order to
expand all zero clusters, but it does not validate the snapshots' L1
tables first.

We now have a function to take care of this, so let's use it.

We can also take the opportunity to replace the sector-based
bdrv_read() with bdrv_pread().


Doesn't my pending patch do that as well?
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06799.html

I guess it remains to be seen in what order these patches are merged.



Signed-off-by: Alberto Garcia 
---
  block/qcow2-cluster.c  | 20 +---
  tests/qemu-iotests/080 |  2 ++
  tests/qemu-iotests/080.out |  2 ++
  3 files changed, 17 insertions(+), 7 deletions(-)


Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 2/7] qcow2: Check L1 table offset in qcow2_snapshot_load_tmp()

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:27 AM, Alberto Garcia wrote:

This function checks that the size of a snapshot's L1 table is not too
large, but it doesn't validate the offset.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia 
---
  block/qcow2-snapshot.c |  8 +---
  tests/qemu-iotests/080 | 10 +-
  tests/qemu-iotests/080.out |  8 +++-
  3 files changed, 21 insertions(+), 5 deletions(-)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 2/8] qcow2: make qcow2_co_create2() a coroutine_fn

2018-03-01 Thread Eric Blake 

On 03/01/2018 10:36 AM, Paolo Bonzini wrote:

From: Stefan Hajnoczi 

qcow2_create2() calls qemu_co_mutex_lock().  Only a coroutine_fn may
call another coroutine_fn.  In fact, qcow2_create2 is always called from
coroutine context.

Rename the function to add the "co" moniker and add coroutine_fn.

Reported-by: Marc-André Lureau 
Signed-off-by: Stefan Hajnoczi 
Message-Id: <20170705102231.20711-3-stefa...@redhat.com>
Signed-off-by: Paolo Bonzini 
Message-Id: <1516279431-30424-3-git-send-email-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini 


More of the funny double-Message-Id/S-o-b.

Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCHv1 10/14] target/s390x: convert to DisasJumpType

2018-03-01 Thread Emilio G. Cota 
The only non-trivial modification is the use of DISAS_TOO_MANY
in the same way is used by the generic translation loop.

Reviewed-by: David Hildenbrand 
Reviewed-by: Richard Henderson 
Cc: David Hildenbrand 
Cc: Cornelia Huck 
Cc: Alexander Graf 
Cc: qemu-s3...@nongnu.org
Signed-off-by: Emilio G. Cota 
---
 target/s390x/translate.c | 1267 +++---
 1 file changed, 632 insertions(+), 635 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index b470d69..5346791 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -42,6 +42,7 @@
 #include "exec/helper-gen.h"
 
 #include "trace-tcg.h"
+#include "exec/translator.h"
 #include "exec/log.h"
 
 
@@ -73,9 +74,6 @@ typedef struct {
 } u;
 } DisasCompare;
 
-/* is_jmp field values */
-#define DISAS_EXCP DISAS_TARGET_0
-
 #ifdef DEBUG_INLINE_BRANCHES
 static uint64_t inline_branch_hit[CC_OP_MAX];
 static uint64_t inline_branch_miss[CC_OP_MAX];
@@ -1087,26 +1085,24 @@ typedef struct {
 #define SPEC_r2_f12816
 
 /* Return values from translate_one, indicating the state of the TB.  */
-typedef enum {
-/* Continue the TB.  */
-NO_EXIT,
-/* We have emitted one or more goto_tb.  No fixup required.  */
-EXIT_GOTO_TB,
-/* We are not using a goto_tb (for whatever reason), but have updated
-   the PC (for whatever reason), so there's no need to do it again on
-   exiting the TB.  */
-EXIT_PC_UPDATED,
-/* We have updated the PC and CC values.  */
-EXIT_PC_CC_UPDATED,
-/* We are exiting the TB, but have neither emitted a goto_tb, nor
-   updated the PC for the next instruction to be executed.  */
-EXIT_PC_STALE,
-/* We are exiting the TB to the main loop.  */
-EXIT_PC_STALE_NOCHAIN,
-/* We are ending the TB with a noreturn function call, e.g. longjmp.
-   No following code will be executed.  */
-EXIT_NORETURN,
-} ExitStatus;
+
+/* We are not using a goto_tb (for whatever reason), but have updated
+   the PC (for whatever reason), so there's no need to do it again on
+   exiting the TB.  */
+#define DISAS_PC_UPDATEDDISAS_TARGET_0
+
+/* We have emitted one or more goto_tb.  No fixup required.  */
+#define DISAS_GOTO_TB   DISAS_TARGET_1
+
+/* We have updated the PC and CC values.  */
+#define DISAS_PC_CC_UPDATED DISAS_TARGET_2
+
+/* We are exiting the TB, but have neither emitted a goto_tb, nor
+   updated the PC for the next instruction to be executed.  */
+#define DISAS_PC_STALE  DISAS_TARGET_3
+
+/* We are exiting the TB to the main loop.  */
+#define DISAS_PC_STALE_NOCHAIN  DISAS_TARGET_4
 
 struct DisasInsn {
 unsigned opc:16;
@@ -1121,7 +1117,7 @@ struct DisasInsn {
 void (*help_prep)(DisasContext *, DisasFields *, DisasOps *);
 void (*help_wout)(DisasContext *, DisasFields *, DisasOps *);
 void (*help_cout)(DisasContext *, DisasOps *);
-ExitStatus (*help_op)(DisasContext *, DisasOps *);
+DisasJumpType (*help_op)(DisasContext *, DisasOps *);
 
 uint64_t data;
 };
@@ -1143,11 +1139,11 @@ static void help_l2_shift(DisasContext *s, DisasFields 
*f,
 }
 }
 
-static ExitStatus help_goto_direct(DisasContext *s, uint64_t dest)
+static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest)
 {
 if (dest == s->next_pc) {
 per_branch(s, true);
-return NO_EXIT;
+return DISAS_NEXT;
 }
 if (use_goto_tb(s, dest)) {
 update_cc_op(s);
@@ -1155,31 +1151,31 @@ static ExitStatus help_goto_direct(DisasContext *s, 
uint64_t dest)
 tcg_gen_goto_tb(0);
 tcg_gen_movi_i64(psw_addr, dest);
 tcg_gen_exit_tb((uintptr_t)s->tb);
-return EXIT_GOTO_TB;
+return DISAS_GOTO_TB;
 } else {
 tcg_gen_movi_i64(psw_addr, dest);
 per_branch(s, false);
-return EXIT_PC_UPDATED;
+return DISAS_PC_UPDATED;
 }
 }
 
-static ExitStatus help_branch(DisasContext *s, DisasCompare *c,
-  bool is_imm, int imm, TCGv_i64 cdest)
+static DisasJumpType help_branch(DisasContext *s, DisasCompare *c,
+ bool is_imm, int imm, TCGv_i64 cdest)
 {
-ExitStatus ret;
+DisasJumpType ret;
 uint64_t dest = s->pc + 2 * imm;
 TCGLabel *lab;
 
 /* Take care of the special cases first.  */
 if (c->cond == TCG_COND_NEVER) {
-ret = NO_EXIT;
+ret = DISAS_NEXT;
 goto egress;
 }
 if (is_imm) {
 if (dest == s->next_pc) {
 /* Branch to next.  */
 per_branch(s, true);
-ret = NO_EXIT;
+ret = DISAS_NEXT;
 goto egress;
 }
 if (c->cond == TCG_COND_ALWAYS) {
@@ -1189,13 +1185,13 @@ static ExitStatus help_branch(DisasContext *s, 
DisasCompare *c,
 } else {
 if (!cdest) {
 /* E.g. bcr

[Qemu-devel] [PATCHv1 11/14] target/s390x: convert to DisasContextBase

2018-03-01 Thread Emilio G. Cota 
Notes:

- Did not convert {num,max}_insns and is_jmp, since the corresponding
  code will go away in the next patch.

- Avoided a checkpatch error in use_exit_tb.

- As suggested by David, (1) Drop ctx.pc and use
  ctx.base.pc_next instead, and (2) Rename ctx.next_pc to
  ctx.pc_tmp and add a comment about it.

Suggested-by: David Hildenbrand 
Cc: David Hildenbrand 
Cc: Cornelia Huck 
Cc: Alexander Graf 
Cc: qemu-s3...@nongnu.org
Signed-off-by: Emilio G. Cota 
---
 target/s390x/translate.c | 146 ---
 1 file changed, 75 insertions(+), 71 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 5346791..c83a57f 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -52,14 +52,18 @@ typedef struct DisasInsn DisasInsn;
 typedef struct DisasFields DisasFields;
 
 struct DisasContext {
-struct TranslationBlock *tb;
+DisasContextBase base;
 const DisasInsn *insn;
 DisasFields *fields;
 uint64_t ex_value;
-uint64_t pc, next_pc;
+/*
+ * During translate_one(), pc_tmp is used to determine the instruction
+ * to be executed after base.pc_next - e.g. next sequential instruction
+ * or a branch target.
+ */
+uint64_t pc_tmp;
 uint32_t ilen;
 enum cc_op cc_op;
-bool singlestep_enabled;
 };
 
 /* Information carried about a condition to be evaluated.  */
@@ -81,8 +85,8 @@ static uint64_t inline_branch_miss[CC_OP_MAX];
 
 static uint64_t pc_to_link_info(DisasContext *s, uint64_t pc)
 {
-if (!(s->tb->flags & FLAG_MASK_64)) {
-if (s->tb->flags & FLAG_MASK_32) {
+if (!(s->base.tb->flags & FLAG_MASK_64)) {
+if (s->base.tb->flags & FLAG_MASK_32) {
 return pc | 0x8000;
 }
 }
@@ -188,16 +192,16 @@ static void return_low128(TCGv_i64 dest)
 static void update_psw_addr(DisasContext *s)
 {
 /* psw.addr */
-tcg_gen_movi_i64(psw_addr, s->pc);
+tcg_gen_movi_i64(psw_addr, s->base.pc_next);
 }
 
 static void per_branch(DisasContext *s, bool to_next)
 {
 #ifndef CONFIG_USER_ONLY
-tcg_gen_movi_i64(gbea, s->pc);
+tcg_gen_movi_i64(gbea, s->base.pc_next);
 
-if (s->tb->flags & FLAG_MASK_PER) {
-TCGv_i64 next_pc = to_next ? tcg_const_i64(s->next_pc) : psw_addr;
+if (s->base.tb->flags & FLAG_MASK_PER) {
+TCGv_i64 next_pc = to_next ? tcg_const_i64(s->pc_tmp) : psw_addr;
 gen_helper_per_branch(cpu_env, gbea, next_pc);
 if (to_next) {
 tcg_temp_free_i64(next_pc);
@@ -210,16 +214,16 @@ static void per_branch_cond(DisasContext *s, TCGCond cond,
 TCGv_i64 arg1, TCGv_i64 arg2)
 {
 #ifndef CONFIG_USER_ONLY
-if (s->tb->flags & FLAG_MASK_PER) {
+if (s->base.tb->flags & FLAG_MASK_PER) {
 TCGLabel *lab = gen_new_label();
 tcg_gen_brcond_i64(tcg_invert_cond(cond), arg1, arg2, lab);
 
-tcg_gen_movi_i64(gbea, s->pc);
+tcg_gen_movi_i64(gbea, s->base.pc_next);
 gen_helper_per_branch(cpu_env, gbea, psw_addr);
 
 gen_set_label(lab);
 } else {
-TCGv_i64 pc = tcg_const_i64(s->pc);
+TCGv_i64 pc = tcg_const_i64(s->base.pc_next);
 tcg_gen_movcond_i64(cond, gbea, arg1, arg2, gbea, pc);
 tcg_temp_free_i64(pc);
 }
@@ -228,7 +232,7 @@ static void per_branch_cond(DisasContext *s, TCGCond cond,
 
 static void per_breaking_event(DisasContext *s)
 {
-tcg_gen_movi_i64(gbea, s->pc);
+tcg_gen_movi_i64(gbea, s->base.pc_next);
 }
 
 static void update_cc_op(DisasContext *s)
@@ -250,7 +254,7 @@ static inline uint64_t ld_code4(CPUS390XState *env, 
uint64_t pc)
 
 static int get_mem_index(DisasContext *s)
 {
-switch (s->tb->flags & FLAG_MASK_ASC) {
+switch (s->base.tb->flags & FLAG_MASK_ASC) {
 case PSW_ASC_PRIMARY >> FLAG_MASK_PSW_SHIFT:
 return 0;
 case PSW_ASC_SECONDARY >> FLAG_MASK_PSW_SHIFT:
@@ -315,7 +319,7 @@ static inline void gen_trap(DisasContext *s)
 #ifndef CONFIG_USER_ONLY
 static void check_privileged(DisasContext *s)
 {
-if (s->tb->flags & FLAG_MASK_PSTATE) {
+if (s->base.tb->flags & FLAG_MASK_PSTATE) {
 gen_program_exception(s, PGM_PRIVILEGED);
 }
 }
@@ -324,7 +328,7 @@ static void check_privileged(DisasContext *s)
 static TCGv_i64 get_address(DisasContext *s, int x2, int b2, int d2)
 {
 TCGv_i64 tmp = tcg_temp_new_i64();
-bool need_31 = !(s->tb->flags & FLAG_MASK_64);
+bool need_31 = !(s->base.tb->flags & FLAG_MASK_64);
 
 /* Note that d2 is limited to 20 bits, signed.  If we crop negative
displacements early we create larger immedate addends.  */
@@ -537,9 +541,9 @@ static void gen_op_calc_cc(DisasContext *s)
 
 static bool use_exit_tb(DisasContext *s)
 {
-return (s->singlestep_enabled ||
-(tb_cflags(s->tb) & CF_LAST_IO) ||
-(s->tb->flags & FLAG_MASK_PER));
+return

[Qemu-devel] [PATCHv1 12/14] target/s390x: convert to TranslatorOps

2018-03-01 Thread Emilio G. Cota 
Note: I looked into dropping dc->do_debug. However, I don't see
an easy way to do it given that TOO_MANY is also valid
when we just translate more than max_insns. Thus, the check
for do_debug in "case DISAS_PC_CC_UPDATED" would still need
additional state to know whether or not we came from
breakpoint_check.

Cc: David Hildenbrand 
Cc: Cornelia Huck 
Cc: Alexander Graf 
Cc: qemu-s3...@nongnu.org
Signed-off-by: Emilio G. Cota 
---
 target/s390x/translate.c | 162 +++
 1 file changed, 80 insertions(+), 82 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index c83a57f..097009e 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -64,6 +64,7 @@ struct DisasContext {
 uint64_t pc_tmp;
 uint32_t ilen;
 enum cc_op cc_op;
+bool do_debug;
 };
 
 /* Information carried about a condition to be evaluated.  */
@@ -6113,98 +6114,87 @@ static DisasJumpType translate_one(CPUS390XState *env, 
DisasContext *s)
 return ret;
 }
 
-void gen_intermediate_code(CPUState *cs, struct TranslationBlock *tb)
+static void s390x_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
 {
-CPUS390XState *env = cs->env_ptr;
-DisasContext dc;
-uint64_t next_page_start;
-int num_insns, max_insns;
-DisasJumpType status;
-bool do_debug;
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-dc.base.pc_first = tb->pc;
 /* 31-bit mode */
-if (!(tb->flags & FLAG_MASK_64)) {
-dc.base.pc_first &= 0x7fff;
+if (!(dc->base.tb->flags & FLAG_MASK_64)) {
+dc->base.pc_first &= 0x7fff;
+dc->base.pc_next = dc->base.pc_first;
 }
-dc.base.pc_next = dc.base.pc_first;
-dc.base.tb = tb;
-dc.base.singlestep_enabled = cs->singlestep_enabled;
 
-dc.cc_op = CC_OP_DYNAMIC;
-dc.ex_value = dc.base.tb->cs_base;
-do_debug = cs->singlestep_enabled;
+dc->cc_op = CC_OP_DYNAMIC;
+dc->ex_value = dc->base.tb->cs_base;
+dc->do_debug = dc->base.singlestep_enabled;
+}
 
-next_page_start = (dc.base.pc_first & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
+static void s390x_tr_tb_start(DisasContextBase *db, CPUState *cs)
+{
+}
 
-num_insns = 0;
-max_insns = tb_cflags(tb) & CF_COUNT_MASK;
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
-}
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
-}
+static void s390x_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-gen_tb_start(tb);
+tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
+}
 
-do {
-tcg_gen_insn_start(dc.base.pc_next, dc.cc_op);
-num_insns++;
+static bool s390x_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
+  const CPUBreakpoint *bp)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-if (unlikely(cpu_breakpoint_test(cs, dc.base.pc_next, BP_ANY))) {
-status = DISAS_PC_STALE;
-do_debug = true;
-/* The address covered by the breakpoint must be included in
-   [tb->pc, tb->pc + tb->size) in order to for it to be
-   properly cleared -- thus we increment the PC here so that
-   the logic setting tb->size below does the right thing.  */
-dc.base.pc_next += 2;
-break;
-}
+dc->base.is_jmp = DISAS_PC_STALE;
+dc->do_debug = true;
+/* The address covered by the breakpoint must be included in
+   [tb->pc, tb->pc + tb->size) in order to for it to be
+   properly cleared -- thus we increment the PC here so that
+   the logic setting tb->size below does the right thing.  */
+dc->base.pc_next += 2;
+return true;
+}
 
-if (num_insns == max_insns && (tb_cflags(tb) & CF_LAST_IO)) {
-gen_io_start();
-}
+static void s390x_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
+{
+CPUS390XState *env = cs->env_ptr;
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-status = translate_one(env, );
-
-/* If we reach a page boundary, are single stepping,
-   or exhaust instruction count, stop generation.  */
-if (status == DISAS_NEXT
-&& (dc.base.pc_next >= next_page_start
-|| tcg_op_buf_full()
-|| num_insns >= max_insns
-|| singlestep
-|| dc.base.singlestep_enabled
-|| dc.ex_value)) {
-status = DISAS_TOO_MANY;
-}
-} while (status == DISAS_NEXT);
+dc->base.is_jmp = translate_one(env, dc);
+if (dc->base.is_jmp == DISAS_NEXT) {
+uint64_t next_page;
 
-if (tb_cflags(tb) & CF_LAST_IO) {
-gen_io_end();
+next_page = (dc->base.pc_first & TARGET_PAGE_MASK) +

[Qemu-devel] [PATCHv1 14/14] target/openrisc: convert to TranslatorOps

2018-03-01 Thread Emilio G. Cota 
Notes:

- Changed the num_insns test in insn_start to check for
  dc->base.num_insns > 1, since when tb_start is first
  called in a TB, base.num_insns is already set to 1.

- Removed DISAS_NEXT from the switch in tb_stop; use
  DISAS_TOO_MANY instead.

- Added an assert_not_reached on tb_stop for DISAS_NEXT
  and the default case.

- Merged the two separate log_target_disas calls into the
  disas_log op.

Cc: Stafford Horne 
Signed-off-by: Emilio G. Cota 
---
 target/openrisc/translate.c | 163 +---
 1 file changed, 79 insertions(+), 84 deletions(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index b37414f..7cf29cd 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -1520,46 +1520,22 @@ static void disas_openrisc_insn(DisasContext *dc, 
OpenRISCCPU *cpu)
 }
 }
 
-void gen_intermediate_code(CPUState *cs, struct TranslationBlock *tb)
+static void openrisc_tr_init_disas_context(DisasContextBase *dcb, CPUState *cs)
 {
+DisasContext *dc = container_of(dcb, DisasContext, base);
 CPUOpenRISCState *env = cs->env_ptr;
-OpenRISCCPU *cpu = openrisc_env_get_cpu(env);
-struct DisasContext ctx, *dc = 
-uint32_t pc_start;
-uint32_t next_page_start;
-int num_insns;
-int max_insns;
-
-pc_start = tb->pc;
-
-dc->base.tb = tb;
-dc->base.singlestep_enabled = cs->singlestep_enabled;
-dc->base.pc_next = pc_start;
-dc->base.is_jmp = DISAS_NEXT;
+int bound;
 
-dc->mem_idx = cpu_mmu_index(>env, false);
+dc->mem_idx = cpu_mmu_index(env, false);
 dc->tb_flags = dc->base.tb->flags;
 dc->delayed_branch = (dc->tb_flags & TB_FLAGS_DFLAG) != 0;
+bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
+dc->base.max_insns = MIN(dc->base.max_insns, bound);
+}
 
-next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
-num_insns = 0;
-max_insns = tb_cflags(tb) & CF_COUNT_MASK;
-
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
-}
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
-}
-
-if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
-&& qemu_log_in_addr_range(pc_start)) {
-qemu_log_lock();
-qemu_log("\n");
-qemu_log("IN: %s\n", lookup_symbol(pc_start));
-}
-
-gen_tb_start(tb);
+static void openrisc_tr_tb_start(DisasContextBase *db, CPUState *cs)
+{
+DisasContext *dc = container_of(db, DisasContext, base);
 
 /* Allow the TCG optimizer to see that R0 == 0,
when it's true, which is the common case.  */
@@ -1568,50 +1544,55 @@ void gen_intermediate_code(CPUState *cs, struct 
TranslationBlock *tb)
 } else {
 cpu_R[0] = cpu_R0;
 }
+}
 
-do {
-tcg_gen_insn_start(dc->base.pc_next, (dc->delayed_branch ? 1 : 0)
-  | (num_insns ? 2 : 0));
-num_insns++;
+static void openrisc_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-if (unlikely(cpu_breakpoint_test(cs, dc->base.pc_next, BP_ANY))) {
-tcg_gen_movi_tl(cpu_pc, dc->base.pc_next);
-gen_exception(dc, EXCP_DEBUG);
-dc->base.is_jmp = DISAS_NORETURN;
-/* The address covered by the breakpoint must be included in
-   [tb->pc, tb->pc + tb->size) in order to for it to be
-   properly cleared -- thus we increment the PC here so that
-   the logic setting tb->size below does the right thing.  */
-dc->base.pc_next += 4;
-break;
-}
+tcg_gen_insn_start(dc->base.pc_next, (dc->delayed_branch ? 1 : 0)
+   | (dc->base.num_insns > 1 ? 2 : 0));
+}
 
-if (num_insns == max_insns && (tb_cflags(tb) & CF_LAST_IO)) {
-gen_io_start();
-}
-disas_openrisc_insn(dc, cpu);
-dc->base.pc_next += 4;
-
-/* delay slot */
-if (dc->delayed_branch) {
-dc->delayed_branch--;
-if (!dc->delayed_branch) {
-tcg_gen_mov_tl(cpu_pc, jmp_pc);
-tcg_gen_discard_tl(jmp_pc);
-dc->base.is_jmp = DISAS_UPDATE;
-break;
-}
+static bool openrisc_tr_breakpoint_check(DisasContextBase *dcbase, CPUState 
*cs,
+ const CPUBreakpoint *bp)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
+
+tcg_gen_movi_tl(cpu_pc, dc->base.pc_next);
+gen_exception(dc, EXCP_DEBUG);
+dc->base.is_jmp = DISAS_NORETURN;
+/* The address covered by the breakpoint must be included in
+   [tb->pc, tb->pc + tb->size) in order to for it to be
+   properly cleared -- thus we increment the PC here so that
+   the logic setting tb->size below does the right thing.  */
+dc->base.pc_next += 4;
+return true;
+}
+
+static void

[Qemu-devel] [PATCHv1 09/14] target/mips: convert to TranslatorOps

2018-03-01 Thread Emilio G. Cota 
Notes:

- DISAS_TOO_MANY replaces the former "break" in the translation loop.
  However, care must be taken not to overwrite a previous condition
  in is_jmp; that's why in translate_insn we first check is_jmp and
  return if it's != DISAS_NEXT.

- Added an assert in translate_insn, before exiting due to an exception,
  to make sure that is_jmp is set to DISAS_EXCP (the exception generation
  function always sets it.)

- Added an assert for the default case in is_jmp's switch.

Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Emilio G. Cota 
---
 target/mips/translate.c | 227 
 1 file changed, 113 insertions(+), 114 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index 08bd140..f01139c 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -1432,6 +1432,7 @@ static TCGv_i64 msa_wr_d[64];
 typedef struct DisasContext {
 DisasContextBase base;
 target_ulong saved_pc;
+target_ulong next_page_start;
 uint32_t opcode;
 int insn_flags;
 int32_t CP0_Config1;
@@ -20194,24 +20195,12 @@ static void decode_opc(CPUMIPSState *env, 
DisasContext *ctx)
 }
 }
 
-void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)
+static void mips_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
 {
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
 CPUMIPSState *env = cs->env_ptr;
-DisasContext ctx1;
-DisasContext *ctx = 
-target_ulong next_page_start;
-int max_insns;
-int insn_bytes;
-int is_slot;
-
-ctx->base.tb = tb;
-ctx->base.pc_first = tb->pc;
-ctx->base.pc_next = tb->pc;
-ctx->base.is_jmp = DISAS_NEXT;
-ctx->base.singlestep_enabled = cs->singlestep_enabled;
-ctx->base.num_insns = 0;
 
-next_page_start = (ctx->base.pc_first & TARGET_PAGE_MASK) +
+ctx->next_page_start = (ctx->base.pc_first & TARGET_PAGE_MASK) +
 TARGET_PAGE_SIZE;
 ctx->saved_pc = -1;
 ctx->insn_flags = env->insn_flags;
@@ -20245,99 +20234,102 @@ void gen_intermediate_code(CPUState *cs, 
TranslationBlock *tb)
 #endif
 ctx->default_tcg_memop_mask = (ctx->insn_flags & ISA_MIPS32R6) ?
   MO_UNALN : MO_ALIGN;
-max_insns = tb_cflags(tb) & CF_COUNT_MASK;
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
-}
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
-}
 
-LOG_DISAS("\ntb %p idx %d hflags %04x\n", tb, ctx->mem_idx, ctx->hflags);
-gen_tb_start(tb);
-while (ctx->base.is_jmp == DISAS_NEXT) {
-tcg_gen_insn_start(ctx->base.pc_next, ctx->hflags & MIPS_HFLAG_BMASK,
-   ctx->btarget);
-ctx->base.num_insns++;
+LOG_DISAS("\ntb %p idx %d hflags %04x\n", ctx->base.tb, ctx->mem_idx,
+  ctx->hflags);
+}
 
-if (unlikely(cpu_breakpoint_test(cs, ctx->base.pc_next, BP_ANY))) {
-save_cpu_state(ctx, 1);
-ctx->base.is_jmp = DISAS_NORETURN;
-gen_helper_raise_exception_debug(cpu_env);
-/* The address covered by the breakpoint must be included in
-   [tb->pc, tb->pc + tb->size) in order to for it to be
-   properly cleared -- thus we increment the PC here so that
-   the logic setting tb->size below does the right thing.  */
-ctx->base.pc_next += 4;
-goto done_generating;
-}
+static void mips_tr_tb_start(DisasContextBase *dcbase, CPUState *cs)
+{
+}
 
-if (ctx->base.num_insns == max_insns && (tb_cflags(tb) & CF_LAST_IO)) {
-gen_io_start();
-}
+static void mips_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
-is_slot = ctx->hflags & MIPS_HFLAG_BMASK;
-if (!(ctx->hflags & MIPS_HFLAG_M16)) {
-ctx->opcode = cpu_ldl_code(env, ctx->base.pc_next);
-insn_bytes = 4;
-decode_opc(env, ctx);
-} else if (ctx->insn_flags & ASE_MICROMIPS) {
-ctx->opcode = cpu_lduw_code(env, ctx->base.pc_next);
-insn_bytes = decode_micromips_opc(env, ctx);
-} else if (ctx->insn_flags & ASE_MIPS16) {
-ctx->opcode = cpu_lduw_code(env, ctx->base.pc_next);
-insn_bytes = decode_mips16_opc(env, ctx);
-} else {
-generate_exception_end(ctx, EXCP_RI);
-break;
-}
+tcg_gen_insn_start(ctx->base.pc_next, ctx->hflags & MIPS_HFLAG_BMASK,
+   ctx->btarget);
+}
 
-if (ctx->hflags & MIPS_HFLAG_BMASK) {
-if (!(ctx->hflags & (MIPS_HFLAG_BDS16 | MIPS_HFLAG_BDS32 |
-MIPS_HFLAG_FBNSLOT))) {
-/* force to generate branch as there is neither delay nor
-   forbidden slot */
-is_slot = 1;
-}
-

[Qemu-devel] [PATCHv1 01/14] translator: merge max_insns into DisasContextBase

2018-03-01 Thread Emilio G. Cota 
While at it, use int for both num_insns and max_insns to make
sure we have same-type comparisons.

Reviewed-by: Richard Henderson 
Signed-off-by: Emilio G. Cota 
---
 include/exec/translator.h  |  8 
 accel/tcg/translator.c | 21 ++---
 target/alpha/translate.c   |  6 ++
 target/arm/translate-a64.c |  8 +++-
 target/arm/translate.c |  9 +++--
 target/hppa/translate.c|  7 ++-
 target/i386/translate.c|  5 +
 target/ppc/translate.c |  5 ++---
 8 files changed, 27 insertions(+), 42 deletions(-)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index e2dc2a0..71e7b2c 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -58,6 +58,7 @@ typedef enum DisasJumpType {
  *   disassembly).
  * @is_jmp: What instruction to disassemble next.
  * @num_insns: Number of translated instructions (including current).
+ * @max_insns: Maximum number of instructions to be translated in this TB.
  * @singlestep_enabled: "Hardware" single stepping enabled.
  *
  * Architecture-agnostic disassembly context.
@@ -67,7 +68,8 @@ typedef struct DisasContextBase {
 target_ulong pc_first;
 target_ulong pc_next;
 DisasJumpType is_jmp;
-unsigned int num_insns;
+int num_insns;
+int max_insns;
 bool singlestep_enabled;
 } DisasContextBase;
 
@@ -76,7 +78,6 @@ typedef struct DisasContextBase {
  * @init_disas_context:
  *  Initialize the target-specific portions of DisasContext struct.
  *  The generic DisasContextBase has already been initialized.
- *  Return max_insns, modified as necessary by db->tb->flags.
  *
  * @tb_start:
  *  Emit any code required before the start of the main loop,
@@ -106,8 +107,7 @@ typedef struct DisasContextBase {
  *  Print instruction disassembly to log.
  */
 typedef struct TranslatorOps {
-int (*init_disas_context)(DisasContextBase *db, CPUState *cpu,
-  int max_insns);
+void (*init_disas_context)(DisasContextBase *db, CPUState *cpu);
 void (*tb_start)(DisasContextBase *db, CPUState *cpu);
 void (*insn_start)(DisasContextBase *db, CPUState *cpu);
 bool (*breakpoint_check)(DisasContextBase *db, CPUState *cpu,
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 23c6602..0f9dca9 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -34,8 +34,6 @@ void translator_loop_temp_check(DisasContextBase *db)
 void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
  CPUState *cpu, TranslationBlock *tb)
 {
-int max_insns;
-
 /* Initialize DisasContext */
 db->tb = tb;
 db->pc_first = tb->pc;
@@ -45,18 +43,18 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 db->singlestep_enabled = cpu->singlestep_enabled;
 
 /* Instruction counting */
-max_insns = tb_cflags(db->tb) & CF_COUNT_MASK;
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
+db->max_insns = tb_cflags(db->tb) & CF_COUNT_MASK;
+if (db->max_insns == 0) {
+db->max_insns = CF_COUNT_MASK;
 }
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
+if (db->max_insns > TCG_MAX_INSNS) {
+db->max_insns = TCG_MAX_INSNS;
 }
 if (db->singlestep_enabled || singlestep) {
-max_insns = 1;
+db->max_insns = 1;
 }
 
-max_insns = ops->init_disas_context(db, cpu, max_insns);
+ops->init_disas_context(db, cpu);
 tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
 /* Reset the temp count so that we can identify leaks */
@@ -95,7 +93,8 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
update db->pc_next and db->is_jmp to indicate what should be
done next -- either exiting this loop or locate the start of
the next instruction.  */
-if (db->num_insns == max_insns && (tb_cflags(db->tb) & CF_LAST_IO)) {
+if (db->num_insns == db->max_insns
+&& (tb_cflags(db->tb) & CF_LAST_IO)) {
 /* Accept I/O on the last instruction.  */
 gen_io_start();
 ops->translate_insn(db, cpu);
@@ -111,7 +110,7 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 
 /* Stop translation if the output buffer is full,
or we have executed all of the allowed instructions.  */
-if (tcg_op_buf_full() || db->num_insns >= max_insns) {
+if (tcg_op_buf_full() || db->num_insns >= db->max_insns) {
 db->is_jmp = DISAS_TOO_MANY;
 break;
 }
diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index 73a1b5e..15eca71 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -2919,8 +2919,7 @@ static DisasJumpType translate_one(DisasContext *ctx, 
uint32_t insn)
 return ret;
 }
 
-static int

[Qemu-devel] [PATCHv1 04/14] target/sparc: convert to DisasContextBase

2018-03-01 Thread Emilio G. Cota 
Notes:

- pc and npc are left unmodified, since they can point to out-of-TB
  jump targets.

- Got rid of last_pc in gen_intermediate_code(), using base.pc_next
  instead. Only update pc_next (1) on a breakpoint (so that tb->size
  includes the insn), and (2) after reading the current instruction
  from memory. This allows us to use base.pc_next in the BP check,
  which is what the translator loop does.

Cc: Mark Cave-Ayland 
Cc: Artyom Tarasenko 
Signed-off-by: Emilio G. Cota 
---
 target/sparc/translate.c | 92 +++-
 1 file changed, 45 insertions(+), 47 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 730e25d..374f98d 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -67,14 +67,13 @@ static TCGv_i64 cpu_fpr[TARGET_DPREGS];
 #include "exec/gen-icount.h"
 
 typedef struct DisasContext {
+DisasContextBase base;
 target_ulong pc;/* current Program Counter: integer or DYNAMIC_PC */
 target_ulong npc;   /* next PC: integer or DYNAMIC_PC or JUMP_PC */
 target_ulong jump_pc[2]; /* used when JUMP_PC pc value is used */
-DisasJumpType is_jmp;
 int mem_idx;
 bool fpu_enabled;
 bool address_mask_32bit;
-bool singlestep;
 #ifndef CONFIG_USER_ONLY
 bool supervisor;
 #ifdef TARGET_SPARC64
@@ -83,7 +82,6 @@ typedef struct DisasContext {
 #endif
 
 uint32_t cc_op;  /* current CC operation */
-struct TranslationBlock *tb;
 sparc_def_t *def;
 TCGv_i32 t32[3];
 TCGv ttl[5];
@@ -342,13 +340,13 @@ static inline TCGv gen_dest_gpr(DisasContext *dc, int reg)
 static inline bool use_goto_tb(DisasContext *s, target_ulong pc,
target_ulong npc)
 {
-if (unlikely(s->singlestep)) {
+if (unlikely(s->base.singlestep_enabled || singlestep)) {
 return false;
 }
 
 #ifndef CONFIG_USER_ONLY
-return (pc & TARGET_PAGE_MASK) == (s->tb->pc & TARGET_PAGE_MASK) &&
-   (npc & TARGET_PAGE_MASK) == (s->tb->pc & TARGET_PAGE_MASK);
+return (pc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK) &&
+   (npc & TARGET_PAGE_MASK) == (s->base.tb->pc & TARGET_PAGE_MASK);
 #else
 return true;
 #endif
@@ -362,7 +360,7 @@ static inline void gen_goto_tb(DisasContext *s, int tb_num,
 tcg_gen_goto_tb(tb_num);
 tcg_gen_movi_tl(cpu_pc, pc);
 tcg_gen_movi_tl(cpu_npc, npc);
-tcg_gen_exit_tb((uintptr_t)s->tb + tb_num);
+tcg_gen_exit_tb((uintptr_t)s->base.tb + tb_num);
 } else {
 /* jump to another page: currently not optimized */
 tcg_gen_movi_tl(cpu_pc, pc);
@@ -996,7 +994,7 @@ static void gen_branch_a(DisasContext *dc, target_ulong pc1)
 gen_set_label(l1);
 gen_goto_tb(dc, 1, npc + 4, npc + 8);
 
-dc->is_jmp = DISAS_NORETURN;
+dc->base.is_jmp = DISAS_NORETURN;
 }
 
 static void gen_branch_n(DisasContext *dc, target_ulong pc1)
@@ -1079,7 +1077,7 @@ static void gen_exception(DisasContext *dc, int which)
 t = tcg_const_i32(which);
 gen_helper_raise_exception(cpu_env, t);
 tcg_temp_free_i32(t);
-dc->is_jmp = DISAS_NORETURN;
+dc->base.is_jmp = DISAS_NORETURN;
 }
 
 static void gen_check_align(TCGv addr, int mask)
@@ -2437,7 +2435,7 @@ static void gen_ldstub_asi(DisasContext *dc, TCGv dst, 
TCGv addr, int insn)
 default:
 /* ??? In theory, this should be raise DAE_invalid_asi.
But the SS-20 roms do ldstuba [%l0] #ASI_M_CTL, %o1.  */
-if (tb_cflags(dc->tb) & CF_PARALLEL) {
+if (tb_cflags(dc->base.tb) & CF_PARALLEL) {
 gen_helper_exit_atomic(cpu_env);
 } else {
 TCGv_i32 r_asi = tcg_const_i32(da.asi);
@@ -3347,7 +3345,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 
 if (cond == 8) {
 /* An unconditional trap ends the TB.  */
-dc->is_jmp = DISAS_NORETURN;
+dc->base.is_jmp = DISAS_NORETURN;
 goto jmp_insn;
 } else {
 /* A conditional trap falls through to the next insn.  */
@@ -4327,7 +4325,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-dc->is_jmp = DISAS_NORETURN;
+dc->base.is_jmp = DISAS_NORETURN;
 break;
 case 0x6: /* V9 wrfprs */
 tcg_gen_xor_tl(cpu_tmp0, cpu_src1, cpu_src2);
@@ -4336,7 +4334,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();

[Qemu-devel] [PATCHv1 07/14] target/mips: convert to DisasContextBase

2018-03-01 Thread Emilio G. Cota 
Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Emilio G. Cota 
---
 target/mips/translate.c | 346 
 1 file changed, 175 insertions(+), 171 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index a133205..aefd729 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -1430,17 +1430,15 @@ static TCGv_i64 msa_wr_d[64];
 } while(0)
 
 typedef struct DisasContext {
-struct TranslationBlock *tb;
-target_ulong pc, saved_pc;
+DisasContextBase base;
+target_ulong saved_pc;
 uint32_t opcode;
-int singlestep_enabled;
 int insn_flags;
 int32_t CP0_Config1;
 /* Routine used to access memory */
 int mem_idx;
 TCGMemOp default_tcg_memop_mask;
 uint32_t hflags, saved_hflags;
-DisasJumpType is_jmp;
 target_ulong btarget;
 bool ulri;
 int kscrexist;
@@ -1517,8 +1515,9 @@ static const char * const msaregnames[] = {
 if (MIPS_DEBUG_DISAS) {   \
 qemu_log_mask(CPU_LOG_TB_IN_ASM,  \
   TARGET_FMT_lx ": %08x Invalid %s %03x %03x %03x\n", \
-  ctx->pc, ctx->opcode, op, ctx->opcode >> 26,\
-  ctx->opcode & 0x3F, ((ctx->opcode >> 16) & 0x1F));  \
+  ctx->base.pc_next, ctx->opcode, op, \
+  ctx->opcode >> 26, ctx->opcode & 0x3F,  \
+  ((ctx->opcode >> 16) & 0x1F));  \
 } \
 } while (0)
 
@@ -1594,9 +1593,9 @@ static inline void gen_save_pc(target_ulong pc)
 static inline void save_cpu_state(DisasContext *ctx, int do_save_pc)
 {
 LOG_DISAS("hflags %08x saved %08x\n", ctx->hflags, ctx->saved_hflags);
-if (do_save_pc && ctx->pc != ctx->saved_pc) {
-gen_save_pc(ctx->pc);
-ctx->saved_pc = ctx->pc;
+if (do_save_pc && ctx->base.pc_next != ctx->saved_pc) {
+gen_save_pc(ctx->base.pc_next);
+ctx->saved_pc = ctx->base.pc_next;
 }
 if (ctx->hflags != ctx->saved_hflags) {
 tcg_gen_movi_i32(hflags, ctx->hflags);
@@ -1635,7 +1634,7 @@ static inline void generate_exception_err(DisasContext 
*ctx, int excp, int err)
 gen_helper_raise_exception_err(cpu_env, texcp, terr);
 tcg_temp_free_i32(terr);
 tcg_temp_free_i32(texcp);
-ctx->is_jmp = DISAS_EXCP;
+ctx->base.is_jmp = DISAS_EXCP;
 }
 
 static inline void generate_exception(DisasContext *ctx, int excp)
@@ -2126,7 +2125,7 @@ static void gen_base_offset_addr (DisasContext *ctx, TCGv 
addr,
 
 static target_ulong pc_relative_pc (DisasContext *ctx)
 {
-target_ulong pc = ctx->pc;
+target_ulong pc = ctx->base.pc_next;
 
 if (ctx->hflags & MIPS_HFLAG_BMASK) {
 int branch_bytes = ctx->hflags & MIPS_HFLAG_BDS16 ? 2 : 4;
@@ -4275,12 +4274,12 @@ static void gen_trap (DisasContext *ctx, uint32_t opc,
 
 static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
 {
-if (unlikely(ctx->singlestep_enabled)) {
+if (unlikely(ctx->base.singlestep_enabled)) {
 return false;
 }
 
 #ifndef CONFIG_USER_ONLY
-return (ctx->tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
+return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
 #else
 return true;
 #endif
@@ -4291,10 +4290,10 @@ static inline void gen_goto_tb(DisasContext *ctx, int 
n, target_ulong dest)
 if (use_goto_tb(ctx, dest)) {
 tcg_gen_goto_tb(n);
 gen_save_pc(dest);
-tcg_gen_exit_tb((uintptr_t)ctx->tb + n);
+tcg_gen_exit_tb((uintptr_t)ctx->base.tb + n);
 } else {
 gen_save_pc(dest);
-if (ctx->singlestep_enabled) {
+if (ctx->base.singlestep_enabled) {
 save_cpu_state(ctx, 0);
 gen_helper_raise_exception_debug(cpu_env);
 }
@@ -4317,7 +4316,7 @@ static void gen_compute_branch (DisasContext *ctx, 
uint32_t opc,
 if (ctx->hflags & MIPS_HFLAG_BMASK) {
 #ifdef MIPS_DEBUG_DISAS
 LOG_DISAS("Branch in delay / forbidden slot at PC 0x"
-  TARGET_FMT_lx "\n", ctx->pc);
+  TARGET_FMT_lx "\n", ctx->base.pc_next);
 #endif
 generate_exception_end(ctx, EXCP_RI);
 goto out;
@@ -4335,7 +4334,7 @@ static void gen_compute_branch (DisasContext *ctx, 
uint32_t opc,
 gen_load_gpr(t1, rt);
 bcond_compute = 1;
 }
-btgt = ctx->pc + insn_bytes + offset;
+btgt = ctx->base.pc_next + insn_bytes + offset;
 break;
 case OPC_BGEZ:
 case OPC_BGEZAL:
@@ -4354,7 +4353,7 @@ static void gen_compute_branch (DisasContext *ctx, 
uint32_t opc,
 gen_load_gpr(t0, rs);
 bcond_compute = 1;
 }
-btgt =

[Qemu-devel] [PATCHv1 02/14] target/sh4: convert to TranslatorOps

2018-03-01 Thread Emilio G. Cota 
This was fairly straightforward since it had already been converted
to DisasContextBase; just had to add TARGET_TOO_MANY to the switch
in tb_stop.

Reviewed-by: Richard Henderson 
Cc: Aurelien Jarno 
Signed-off-by: Emilio G. Cota 
---
 target/sh4/translate.c | 171 +
 1 file changed, 86 insertions(+), 85 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 012156b..58bdfeb 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -2258,126 +2258,127 @@ static int decode_gusa(DisasContext *ctx, CPUSH4State 
*env, int *pmax_insns)
 }
 #endif
 
-void gen_intermediate_code(CPUState *cs, struct TranslationBlock *tb)
+static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
 {
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
 CPUSH4State *env = cs->env_ptr;
-DisasContext ctx;
-target_ulong pc_start;
-int num_insns;
-int max_insns;
-
-pc_start = tb->pc;
-ctx.base.pc_next = pc_start;
-ctx.tbflags = (uint32_t)tb->flags;
-ctx.envflags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
-ctx.base.is_jmp = DISAS_NEXT;
-ctx.memidx = (ctx.tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
+int bound;
+
+ctx->tbflags = (uint32_t)ctx->base.tb->flags;
+ctx->envflags = ctx->base.tb->flags & TB_FLAG_ENVFLAGS_MASK;
+ctx->memidx = (ctx->tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
 /* We don't know if the delayed pc came from a dynamic or static branch,
so assume it is a dynamic branch.  */
-ctx.delayed_pc = -1; /* use delayed pc from env pointer */
-ctx.base.tb = tb;
-ctx.base.singlestep_enabled = cs->singlestep_enabled;
-ctx.features = env->features;
-ctx.has_movcal = (ctx.tbflags & TB_FLAG_PENDING_MOVCA);
-ctx.gbank = ((ctx.tbflags & (1 << SR_MD)) &&
- (ctx.tbflags & (1 << SR_RB))) * 0x10;
-ctx.fbank = ctx.tbflags & FPSCR_FR ? 0x10 : 0;
-
-max_insns = tb_cflags(tb) & CF_COUNT_MASK;
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
-}
-max_insns = MIN(max_insns, TCG_MAX_INSNS);
+ctx->delayed_pc = -1; /* use delayed pc from env pointer */
+ctx->features = env->features;
+ctx->has_movcal = (ctx->tbflags & TB_FLAG_PENDING_MOVCA);
+ctx->gbank = ((ctx->tbflags & (1 << SR_MD)) &&
+  (ctx->tbflags & (1 << SR_RB))) * 0x10;
+ctx->fbank = ctx->tbflags & FPSCR_FR ? 0x10 : 0;
 
 /* Since the ISA is fixed-width, we can bound by the number
of instructions remaining on the page.  */
-num_insns = -(ctx.base.pc_next | TARGET_PAGE_MASK) / 2;
-max_insns = MIN(max_insns, num_insns);
-
-/* Single stepping means just that.  */
-if (ctx.base.singlestep_enabled || singlestep) {
-max_insns = 1;
-}
-
-gen_tb_start(tb);
-num_insns = 0;
+bound = -(ctx->base.pc_next | TARGET_PAGE_MASK) / 2;
+ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
+}
 
+static void sh4_tr_tb_start(DisasContextBase *dcbase, CPUState *cs)
+{
 #ifdef CONFIG_USER_ONLY
-if (ctx.tbflags & GUSA_MASK) {
-num_insns = decode_gusa(, env, _insns);
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
+CPUSH4State *env = cs->env_ptr;
+
+if (ctx->tbflags & GUSA_MASK) {
+ctx->base.num_insns = decode_gusa(ctx, env, >base.max_insns);
 }
 #endif
+}
 
-while (ctx.base.is_jmp == DISAS_NEXT
-   && num_insns < max_insns
-   && !tcg_op_buf_full()) {
-tcg_gen_insn_start(ctx.base.pc_next, ctx.envflags);
-num_insns++;
+static void sh4_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
-if (unlikely(cpu_breakpoint_test(cs, ctx.base.pc_next, BP_ANY))) {
-/* We have hit a breakpoint - make sure PC is up-to-date */
-gen_save_cpu_state(, true);
-gen_helper_debug(cpu_env);
-ctx.base.is_jmp = DISAS_NORETURN;
-/* The address covered by the breakpoint must be included in
-   [tb->pc, tb->pc + tb->size) in order to for it to be
-   properly cleared -- thus we increment the PC here so that
-   the logic setting tb->size below does the right thing.  */
-ctx.base.pc_next += 2;
-break;
-}
+tcg_gen_insn_start(ctx->base.pc_next, ctx->envflags);
+}
 
-if (num_insns == max_insns && (tb_cflags(tb) & CF_LAST_IO)) {
-gen_io_start();
-}
+static bool sh4_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
+const CPUBreakpoint *bp)
+{
+DisasContext *ctx = container_of(dcbase, DisasContext, base);
 
-ctx.opcode = cpu_lduw_code(env, ctx.base.pc_next);
-   decode_opc();
-ctx.base.pc_next += 2;
-}
-if (tb_cflags(tb) & CF_LAST_IO) {
-

[Qemu-devel] [PATCHv1 06/14] target/mips: convert to DisasJumpType

2018-03-01 Thread Emilio G. Cota 
Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Emilio G. Cota 
---
 target/mips/translate.c | 186 +++-
 1 file changed, 91 insertions(+), 95 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index d05ee67..a133205 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -36,6 +36,7 @@
 
 #include "target/mips/trace.h"
 #include "trace-tcg.h"
+#include "exec/translator.h"
 #include "exec/log.h"
 
 #define MIPS_DEBUG_DISAS 0
@@ -1439,7 +1440,7 @@ typedef struct DisasContext {
 int mem_idx;
 TCGMemOp default_tcg_memop_mask;
 uint32_t hflags, saved_hflags;
-int bstate;
+DisasJumpType is_jmp;
 target_ulong btarget;
 bool ulri;
 int kscrexist;
@@ -1460,13 +1461,8 @@ typedef struct DisasContext {
 bool abs2008;
 } DisasContext;
 
-enum {
-BS_NONE = 0, /* We go out of the TB without reaching a branch or an
-  * exception condition */
-BS_STOP = 1, /* We want to stop translation for any reason */
-BS_BRANCH   = 2, /* We reached a branch condition */
-BS_EXCP = 3, /* We reached an exception condition */
-};
+#define DISAS_STOP   DISAS_TARGET_0
+#define DISAS_EXCP   DISAS_TARGET_1
 
 static const char * const regnames[] = {
 "r0", "at", "v0", "v1", "a0", "a1", "a2", "a3",
@@ -1639,7 +1635,7 @@ static inline void generate_exception_err(DisasContext 
*ctx, int excp, int err)
 gen_helper_raise_exception_err(cpu_env, texcp, terr);
 tcg_temp_free_i32(terr);
 tcg_temp_free_i32(texcp);
-ctx->bstate = BS_EXCP;
+ctx->is_jmp = DISAS_EXCP;
 }
 
 static inline void generate_exception(DisasContext *ctx, int excp)
@@ -5334,10 +5330,10 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 gen_io_end();
 }
 /* Break the TB to be able to take timer interrupts immediately
-   after reading count. BS_STOP isn't sufficient, we need to ensure
-   we break completely out of translated code.  */
+   after reading count. DISAS_STOP isn't sufficient, we need to
+   ensure we break completely out of translated code.  */
 gen_save_pc(ctx->pc + 4);
-ctx->bstate = BS_EXCP;
+ctx->is_jmp = DISAS_EXCP;
 rn = "Count";
 break;
 /* 6,7 are implementation dependent */
@@ -5905,7 +5901,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 check_insn(ctx, ISA_MIPS32R2);
 gen_helper_mtc0_pagegrain(cpu_env, arg);
 rn = "PageGrain";
-ctx->bstate = BS_STOP;
+ctx->is_jmp = DISAS_STOP;
 break;
 case 2:
 CP0_CHECK(ctx->sc);
@@ -5966,7 +5962,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 0:
 check_insn(ctx, ISA_MIPS32R2);
 gen_helper_mtc0_hwrena(cpu_env, arg);
-ctx->bstate = BS_STOP;
+ctx->is_jmp = DISAS_STOP;
 rn = "HWREna";
 break;
 default:
@@ -6028,30 +6024,30 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 0:
 save_cpu_state(ctx, 1);
 gen_helper_mtc0_status(cpu_env, arg);
-/* BS_STOP isn't good enough here, hflags may have changed. */
+/* DISAS_STOP isn't good enough here, hflags may have changed. */
 gen_save_pc(ctx->pc + 4);
-ctx->bstate = BS_EXCP;
+ctx->is_jmp = DISAS_EXCP;
 rn = "Status";
 break;
 case 1:
 check_insn(ctx, ISA_MIPS32R2);
 gen_helper_mtc0_intctl(cpu_env, arg);
 /* Stop translation as we may have switched the execution mode */
-ctx->bstate = BS_STOP;
+ctx->is_jmp = DISAS_STOP;
 rn = "IntCtl";
 break;
 case 2:
 check_insn(ctx, ISA_MIPS32R2);
 gen_helper_mtc0_srsctl(cpu_env, arg);
 /* Stop translation as we may have switched the execution mode */
-ctx->bstate = BS_STOP;
+ctx->is_jmp = DISAS_STOP;
 rn = "SRSCtl";
 break;
 case 3:
 check_insn(ctx, ISA_MIPS32R2);
 gen_mtc0_store32(arg, offsetof(CPUMIPSState, CP0_SRSMap));
 /* Stop translation as we may have switched the execution mode */
-ctx->bstate = BS_STOP;
+ctx->is_jmp = DISAS_STOP;
 rn = "SRSMap";
 break;
 default:
@@ -6063,11 +6059,11 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 case 0:
 save_cpu_state(ctx, 1);
 gen_helper_mtc0_cause(cpu_env, arg);
-/* Stop translation as we may have triggered an interrupt. BS_STOP
-

[Qemu-devel] [PATCHv1 05/14] target/sparc: convert to TranslatorOps

2018-03-01 Thread Emilio G. Cota 
Notes:

- Moved the cross-page check from the end of translate_insn to
  init_disas_context.

Cc: Mark Cave-Ayland 
Cc: Artyom Tarasenko 
Signed-off-by: Emilio G. Cota 
---
 target/sparc/translate.c | 174 +++
 1 file changed, 86 insertions(+), 88 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 374f98d..1f8f96e 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -5732,99 +5732,91 @@ static void disas_sparc_insn(DisasContext * dc, 
unsigned int insn)
 }
 }
 
-void gen_intermediate_code(CPUState *cs, TranslationBlock * tb)
+static void sparc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
 {
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 CPUSPARCState *env = cs->env_ptr;
-DisasContext dc1, *dc = 
-int max_insns;
-unsigned int insn;
-
-memset(dc, 0, sizeof(DisasContext));
-dc->base.tb = tb;
-dc->base.pc_first = tb->pc;
-dc->base.pc_next = tb->pc;
-dc->base.is_jmp = DISAS_NEXT;
-dc->base.num_insns = 0;
-dc->base.singlestep_enabled = cs->singlestep_enabled;
+int bound;
 
 dc->pc = dc->base.pc_first;
-dc->npc = (target_ulong) tb->cs_base;
+dc->npc = (target_ulong)dc->base.tb->cs_base;
 dc->cc_op = CC_OP_DYNAMIC;
-dc->mem_idx = tb->flags & TB_FLAG_MMU_MASK;
+dc->mem_idx = dc->base.tb->flags & TB_FLAG_MMU_MASK;
 dc->def = >def;
-dc->fpu_enabled = tb_fpu_enabled(tb->flags);
-dc->address_mask_32bit = tb_am_enabled(tb->flags);
+dc->fpu_enabled = tb_fpu_enabled(dc->base.tb->flags);
+dc->address_mask_32bit = tb_am_enabled(dc->base.tb->flags);
 #ifndef CONFIG_USER_ONLY
-dc->supervisor = (tb->flags & TB_FLAG_SUPER) != 0;
+dc->supervisor = (dc->base.tb->flags & TB_FLAG_SUPER) != 0;
 #endif
 #ifdef TARGET_SPARC64
 dc->fprs_dirty = 0;
-dc->asi = (tb->flags >> TB_FLAG_ASI_SHIFT) & 0xff;
+dc->asi = (dc->base.tb->flags >> TB_FLAG_ASI_SHIFT) & 0xff;
 #ifndef CONFIG_USER_ONLY
-dc->hypervisor = (tb->flags & TB_FLAG_HYPER) != 0;
+dc->hypervisor = (dc->base.tb->flags & TB_FLAG_HYPER) != 0;
 #endif
 #endif
+/*
+ * if we reach a page boundary, we stop generation so that the
+ * PC of a TT_TFAULT exception is always in the right page
+ */
+bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
+dc->base.max_insns = MIN(dc->base.max_insns, bound);
+}
 
-max_insns = tb_cflags(tb) & CF_COUNT_MASK;
-if (max_insns == 0) {
-max_insns = CF_COUNT_MASK;
-}
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
-}
-if (dc->base.singlestep_enabled || singlestep) {
-max_insns = 1;
-}
+static void sparc_tr_tb_start(DisasContextBase *db, CPUState *cs)
+{
+}
 
-gen_tb_start(tb);
-do {
-if (dc->npc & JUMP_PC) {
-assert(dc->jump_pc[1] == dc->pc + 4);
-tcg_gen_insn_start(dc->pc, dc->jump_pc[0] | JUMP_PC);
-} else {
-tcg_gen_insn_start(dc->pc, dc->npc);
-}
-dc->base.num_insns++;
+static void sparc_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-if (unlikely(cpu_breakpoint_test(cs, dc->base.pc_next, BP_ANY))) {
-if (dc->pc != dc->base.pc_first) {
-save_state(dc);
-}
-gen_helper_debug(cpu_env);
-tcg_gen_exit_tb(0);
-dc->base.is_jmp = DISAS_NORETURN;
-dc->base.pc_next += 4;
-goto exit_gen_loop;
-}
+if (dc->npc & JUMP_PC) {
+assert(dc->jump_pc[1] == dc->pc + 4);
+tcg_gen_insn_start(dc->pc, dc->jump_pc[0] | JUMP_PC);
+} else {
+tcg_gen_insn_start(dc->pc, dc->npc);
+}
+}
 
-if (dc->base.num_insns == max_insns && (tb_cflags(tb) & CF_LAST_IO)) {
-gen_io_start();
-}
+static bool sparc_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
+  const CPUBreakpoint *bp)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-insn = cpu_ldl_code(env, dc->pc);
-dc->base.pc_next += 4;
+if (dc->pc != dc->base.pc_first) {
+save_state(dc);
+}
+gen_helper_debug(cpu_env);
+tcg_gen_exit_tb(0);
+dc->base.is_jmp = DISAS_NORETURN;
+/* update pc_next so that the current instruction is included in tb->size 
*/
+dc->base.pc_next += 4;
+return true;
+}
 
-disas_sparc_insn(dc, insn);
+static void sparc_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
+{
+DisasContext *dc = container_of(dcbase, DisasContext, base);
+CPUSPARCState *env = cs->env_ptr;
+unsigned int insn;
 
-if (dc->base.is_jmp == DISAS_NORETURN) {
-break;
-}
-/* if the next PC is different, we abort now */
-

[Qemu-devel] [PATCHv1 13/14] target/openrisc: convert to DisasContextBase

2018-03-01 Thread Emilio G. Cota 
While at it, set is_jmp to DISAS_NORETURN when generating
an exception.

Cc: Stafford Horne 
Signed-off-by: Emilio G. Cota 
---
 target/openrisc/translate.c | 93 ++---
 1 file changed, 46 insertions(+), 47 deletions(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index 2747b24..b37414f 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -36,7 +36,8 @@
 #include "exec/log.h"
 
 #define LOG_DIS(str, ...) \
-qemu_log_mask(CPU_LOG_TB_IN_ASM, "%08x: " str, dc->pc, ## __VA_ARGS__)
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "%08x: " str, dc->base.pc_next,\
+  ## __VA_ARGS__)
 
 /* is_jmp field values */
 #define DISAS_JUMPDISAS_TARGET_0 /* only pc was modified dynamically */
@@ -44,13 +45,10 @@
 #define DISAS_TB_JUMP DISAS_TARGET_2 /* only pc was modified statically */
 
 typedef struct DisasContext {
-TranslationBlock *tb;
-target_ulong pc;
-uint32_t is_jmp;
+DisasContextBase base;
 uint32_t mem_idx;
 uint32_t tb_flags;
 uint32_t delayed_branch;
-bool singlestep_enabled;
 } DisasContext;
 
 static TCGv cpu_sr;
@@ -126,9 +124,9 @@ static void gen_exception(DisasContext *dc, unsigned int 
excp)
 
 static void gen_illegal_exception(DisasContext *dc)
 {
-tcg_gen_movi_tl(cpu_pc, dc->pc);
+tcg_gen_movi_tl(cpu_pc, dc->base.pc_next);
 gen_exception(dc, EXCP_ILLEGAL);
-dc->is_jmp = DISAS_UPDATE;
+dc->base.is_jmp = DISAS_NORETURN;
 }
 
 /* not used yet, open it when we need or64.  */
@@ -166,12 +164,12 @@ static void check_ov64s(DisasContext *dc)
 
 static inline bool use_goto_tb(DisasContext *dc, target_ulong dest)
 {
-if (unlikely(dc->singlestep_enabled)) {
+if (unlikely(dc->base.singlestep_enabled)) {
 return false;
 }
 
 #ifndef CONFIG_USER_ONLY
-return (dc->tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
+return (dc->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
 #else
 return true;
 #endif
@@ -182,10 +180,10 @@ static void gen_goto_tb(DisasContext *dc, int n, 
target_ulong dest)
 if (use_goto_tb(dc, dest)) {
 tcg_gen_movi_tl(cpu_pc, dest);
 tcg_gen_goto_tb(n);
-tcg_gen_exit_tb((uintptr_t)dc->tb + n);
+tcg_gen_exit_tb((uintptr_t)dc->base.tb + n);
 } else {
 tcg_gen_movi_tl(cpu_pc, dest);
-if (dc->singlestep_enabled) {
+if (dc->base.singlestep_enabled) {
 gen_exception(dc, EXCP_DEBUG);
 }
 tcg_gen_exit_tb(0);
@@ -194,16 +192,16 @@ static void gen_goto_tb(DisasContext *dc, int n, 
target_ulong dest)
 
 static void gen_jump(DisasContext *dc, int32_t n26, uint32_t reg, uint32_t op0)
 {
-target_ulong tmp_pc = dc->pc + n26 * 4;
+target_ulong tmp_pc = dc->base.pc_next + n26 * 4;
 
 switch (op0) {
 case 0x00: /* l.j */
 tcg_gen_movi_tl(jmp_pc, tmp_pc);
 break;
 case 0x01: /* l.jal */
-tcg_gen_movi_tl(cpu_R[9], dc->pc + 8);
+tcg_gen_movi_tl(cpu_R[9], dc->base.pc_next + 8);
 /* Optimize jal being used to load the PC for PIC.  */
-if (tmp_pc == dc->pc + 8) {
+if (tmp_pc == dc->base.pc_next + 8) {
 return;
 }
 tcg_gen_movi_tl(jmp_pc, tmp_pc);
@@ -211,7 +209,7 @@ static void gen_jump(DisasContext *dc, int32_t n26, 
uint32_t reg, uint32_t op0)
 case 0x03: /* l.bnf */
 case 0x04: /* l.bf  */
 {
-TCGv t_next = tcg_const_tl(dc->pc + 8);
+TCGv t_next = tcg_const_tl(dc->base.pc_next + 8);
 TCGv t_true = tcg_const_tl(tmp_pc);
 TCGv t_zero = tcg_const_tl(0);
 
@@ -227,7 +225,7 @@ static void gen_jump(DisasContext *dc, int32_t n26, 
uint32_t reg, uint32_t op0)
 tcg_gen_mov_tl(jmp_pc, cpu_R[reg]);
 break;
 case 0x12: /* l.jalr */
-tcg_gen_movi_tl(cpu_R[9], (dc->pc + 8));
+tcg_gen_movi_tl(cpu_R[9], (dc->base.pc_next + 8));
 tcg_gen_mov_tl(jmp_pc, cpu_R[reg]);
 break;
 default:
@@ -795,7 +793,7 @@ static void dec_misc(DisasContext *dc, uint32_t insn)
 return;
 }
 gen_helper_rfe(cpu_env);
-dc->is_jmp = DISAS_UPDATE;
+dc->base.is_jmp = DISAS_UPDATE;
 #endif
 }
 break;
@@ -1254,15 +1252,16 @@ static void dec_sys(DisasContext *dc, uint32_t insn)
 switch (op0) {
 case 0x000:/* l.sys */
 LOG_DIS("l.sys %d\n", K16);
-tcg_gen_movi_tl(cpu_pc, dc->pc);
+tcg_gen_movi_tl(cpu_pc, dc->base.pc_next);
 gen_exception(dc, EXCP_SYSCALL);
-dc->is_jmp = DISAS_UPDATE;
+dc->base.is_jmp = DISAS_NORETURN;
 break;
 
 case 0x100:/* l.trap */
 LOG_DIS("l.trap %d\n", K16);
-tcg_gen_movi_tl(cpu_pc, dc->pc);
+tcg_gen_movi_tl(cpu_pc, dc->base.pc_next);
 gen_exception(dc, EXCP_TRAP);
+

[Qemu-devel] [PATCHv1 08/14] target/mips: use *ctx for DisasContext

2018-03-01 Thread Emilio G. Cota 
No changes to the logic here; this is just to make the diff
that follows easier to read.

While at it, remove the unnecessary 'struct' in
'struct TranslationBlock'.

Note that checkpatch complains with a false positive:
  ERROR: space prohibited after that '&' (ctx:WxW)
  #75: FILE: target/mips/translate.c:20220:
  +ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
  ^
Cc: Aurelien Jarno 
Cc: Yongbok Kim 
Signed-off-by: Emilio G. Cota 
---
 target/mips/translate.c | 166 
 1 file changed, 84 insertions(+), 82 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index aefd729..08bd140 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20194,55 +20194,57 @@ static void decode_opc(CPUMIPSState *env, 
DisasContext *ctx)
 }
 }
 
-void gen_intermediate_code(CPUState *cs, struct TranslationBlock *tb)
+void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)
 {
 CPUMIPSState *env = cs->env_ptr;
-DisasContext ctx;
+DisasContext ctx1;
+DisasContext *ctx = 
 target_ulong next_page_start;
 int max_insns;
 int insn_bytes;
 int is_slot;
 
-ctx.base.tb = tb;
-ctx.base.pc_first = tb->pc;
-ctx.base.pc_next = tb->pc;
-ctx.base.is_jmp = DISAS_NEXT;
-ctx.base.singlestep_enabled = cs->singlestep_enabled;
-ctx.base.num_insns = 0;
-
-next_page_start = (ctx.base.pc_first & TARGET_PAGE_MASK) + 
TARGET_PAGE_SIZE;
-ctx.saved_pc = -1;
-ctx.insn_flags = env->insn_flags;
-ctx.CP0_Config1 = env->CP0_Config1;
-ctx.btarget = 0;
-ctx.kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
-ctx.rxi = (env->CP0_Config3 >> CP0C3_RXI) & 1;
-ctx.ie = (env->CP0_Config4 >> CP0C4_IE) & 3;
-ctx.bi = (env->CP0_Config3 >> CP0C3_BI) & 1;
-ctx.bp = (env->CP0_Config3 >> CP0C3_BP) & 1;
-ctx.PAMask = env->PAMask;
-ctx.mvh = (env->CP0_Config5 >> CP0C5_MVH) & 1;
-ctx.eva = (env->CP0_Config5 >> CP0C5_EVA) & 1;
-ctx.sc = (env->CP0_Config3 >> CP0C3_SC) & 1;
-ctx.CP0_LLAddr_shift = env->CP0_LLAddr_shift;
-ctx.cmgcr = (env->CP0_Config3 >> CP0C3_CMGCR) & 1;
+ctx->base.tb = tb;
+ctx->base.pc_first = tb->pc;
+ctx->base.pc_next = tb->pc;
+ctx->base.is_jmp = DISAS_NEXT;
+ctx->base.singlestep_enabled = cs->singlestep_enabled;
+ctx->base.num_insns = 0;
+
+next_page_start = (ctx->base.pc_first & TARGET_PAGE_MASK) +
+TARGET_PAGE_SIZE;
+ctx->saved_pc = -1;
+ctx->insn_flags = env->insn_flags;
+ctx->CP0_Config1 = env->CP0_Config1;
+ctx->btarget = 0;
+ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
+ctx->rxi = (env->CP0_Config3 >> CP0C3_RXI) & 1;
+ctx->ie = (env->CP0_Config4 >> CP0C4_IE) & 3;
+ctx->bi = (env->CP0_Config3 >> CP0C3_BI) & 1;
+ctx->bp = (env->CP0_Config3 >> CP0C3_BP) & 1;
+ctx->PAMask = env->PAMask;
+ctx->mvh = (env->CP0_Config5 >> CP0C5_MVH) & 1;
+ctx->eva = (env->CP0_Config5 >> CP0C5_EVA) & 1;
+ctx->sc = (env->CP0_Config3 >> CP0C3_SC) & 1;
+ctx->CP0_LLAddr_shift = env->CP0_LLAddr_shift;
+ctx->cmgcr = (env->CP0_Config3 >> CP0C3_CMGCR) & 1;
 /* Restore delay slot state from the tb context.  */
-ctx.hflags = (uint32_t)ctx.base.tb->flags; /* FIXME: maybe use 64 bits? */
-ctx.ulri = (env->CP0_Config3 >> CP0C3_ULRI) & 1;
-ctx.ps = ((env->active_fpu.fcr0 >> FCR0_PS) & 1) ||
+ctx->hflags = (uint32_t)ctx->base.tb->flags; /* FIXME: maybe use 64 bits? 
*/
+ctx->ulri = (env->CP0_Config3 >> CP0C3_ULRI) & 1;
+ctx->ps = ((env->active_fpu.fcr0 >> FCR0_PS) & 1) ||
  (env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F));
-ctx.vp = (env->CP0_Config5 >> CP0C5_VP) & 1;
-ctx.mrp = (env->CP0_Config5 >> CP0C5_MRP) & 1;
-ctx.nan2008 = (env->active_fpu.fcr31 >> FCR31_NAN2008) & 1;
-ctx.abs2008 = (env->active_fpu.fcr31 >> FCR31_ABS2008) & 1;
-restore_cpu_state(env, );
+ctx->vp = (env->CP0_Config5 >> CP0C5_VP) & 1;
+ctx->mrp = (env->CP0_Config5 >> CP0C5_MRP) & 1;
+ctx->nan2008 = (env->active_fpu.fcr31 >> FCR31_NAN2008) & 1;
+ctx->abs2008 = (env->active_fpu.fcr31 >> FCR31_ABS2008) & 1;
+restore_cpu_state(env, ctx);
 #ifdef CONFIG_USER_ONLY
-ctx.mem_idx = MIPS_HFLAG_UM;
+ctx->mem_idx = MIPS_HFLAG_UM;
 #else
-ctx.mem_idx = hflags_mmu_index(ctx.hflags);
+ctx->mem_idx = hflags_mmu_index(ctx->hflags);
 #endif
-ctx.default_tcg_memop_mask = (ctx.insn_flags & ISA_MIPS32R6) ?
- MO_UNALN : MO_ALIGN;
+ctx->default_tcg_memop_mask = (ctx->insn_flags & ISA_MIPS32R6) ?
+  MO_UNALN : MO_ALIGN;
 max_insns = tb_cflags(tb) & CF_COUNT_MASK;
 if (max_insns == 0) {
 max_insns = CF_COUNT_MASK;
@@ -20251,74 +20253,74 @@ void

[Qemu-devel] [PATCHv1 00/14] Translation loop conversion for sh4/sparc/mips/s390x/openrisc targets

2018-03-01 Thread Emilio G. Cota 
[ What is this all about? See this message:
  http://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04785.html ]

Merged the separate patchsets I sent in the last couple of weeks into
one set. This will be easier to merge since it will avoid potential
merge conflicts due to adding max_insns to dc->base.

Changes since sending the separate series for sh4/sparc/mips/s390x/openrisc:
- Rebased on top of master (669743979)
- Added R-b's
- sh4: no changes since v3
- mips: no changes (no reviews yet!)
- sparc:
  + Use base.singlestep_enabled and singlestep like in other targets,
e.g. Alpha.
  + Remove the unnecessary
 (dc.pc - pc_start) < (TARGET_PAGE_SIZE - 32))
check.
- s390x:
  + Remove dc->pc, use pc_next instead as David suggested.
  + Use dc for DisasContext instead of s.
  + Compute next_page in translate_insn instead of keeping it in dc.
  + Looked into dropping dc->do_debug, but don't see an easy way to do so.
- openrisc:
  + Consistently use DISAS_NORETURN after generating an
exception; fixed the two call sites that Richard pointed out,
plus a couple of others that weren't visible in the previous patch.
  + Remove the dc->next_page_start field; instead, set the max_insn
bound in translate_insn.

You can fetch this series from:
  https://github.com/cota/qemu/tree/trloop-conv-v1

Diffstat below.

Thanks,

Emilio

 accel/tcg/translator.c  |   21 +-
 include/exec/translator.h   |8 +-
 target/alpha/translate.c|6 +-
 target/arm/translate-a64.c  |8 +-
 target/arm/translate.c  |9 +-
 target/hppa/translate.c |7 +-
 target/i386/translate.c |5 +-
 target/mips/translate.c |  623 +--
 target/openrisc/translate.c |  226 ++--
 target/ppc/translate.c  |5 +-
 target/s390x/translate.c| 1527 +--
 target/sh4/translate.c  |  171 +--
 target/sparc/translate.c|  207 ++--
 13 files changed, 1401 insertions(+), 1422 deletions(-)

[Qemu-devel] [PATCHv1 03/14] target/sparc: convert to DisasJumpType

2018-03-01 Thread Emilio G. Cota 
Reviewed-by: Richard Henderson 
Cc: Mark Cave-Ayland 
Cc: Artyom Tarasenko 
Signed-off-by: Emilio G. Cota 
---
 target/sparc/translate.c | 27 +++
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 71e0853..730e25d 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -30,6 +30,7 @@
 #include "exec/helper-gen.h"
 
 #include "trace-tcg.h"
+#include "exec/translator.h"
 #include "exec/log.h"
 #include "asi.h"
 
@@ -69,7 +70,7 @@ typedef struct DisasContext {
 target_ulong pc;/* current Program Counter: integer or DYNAMIC_PC */
 target_ulong npc;   /* next PC: integer or DYNAMIC_PC or JUMP_PC */
 target_ulong jump_pc[2]; /* used when JUMP_PC pc value is used */
-int is_br;
+DisasJumpType is_jmp;
 int mem_idx;
 bool fpu_enabled;
 bool address_mask_32bit;
@@ -995,7 +996,7 @@ static void gen_branch_a(DisasContext *dc, target_ulong pc1)
 gen_set_label(l1);
 gen_goto_tb(dc, 1, npc + 4, npc + 8);
 
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 }
 
 static void gen_branch_n(DisasContext *dc, target_ulong pc1)
@@ -1078,7 +1079,7 @@ static void gen_exception(DisasContext *dc, int which)
 t = tcg_const_i32(which);
 gen_helper_raise_exception(cpu_env, t);
 tcg_temp_free_i32(t);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 }
 
 static void gen_check_align(TCGv addr, int mask)
@@ -3346,7 +3347,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 
 if (cond == 8) {
 /* An unconditional trap ends the TB.  */
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 goto jmp_insn;
 } else {
 /* A conditional trap falls through to the next insn.  */
@@ -4326,7 +4327,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 break;
 case 0x6: /* V9 wrfprs */
 tcg_gen_xor_tl(cpu_tmp0, cpu_src1, cpu_src2);
@@ -4335,7 +4336,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 break;
 case 0xf: /* V9 sir, nop if user */
 #if !defined(CONFIG_USER_ONLY)
@@ -4463,7 +4464,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 #endif
 }
 break;
@@ -4619,7 +4620,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 save_state(dc);
 gen_op_next_insn();
 tcg_gen_exit_tb(0);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 break;
 case 1: // htstate
 // XXX gen_op_wrhtstate();
@@ -5685,7 +5686,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned 
int insn)
 } else if (dc->npc == JUMP_PC) {
 /* we can do a static jump */
 gen_branch2(dc, dc->jump_pc[0], dc->jump_pc[1], cpu_cond);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 } else {
 dc->pc = dc->npc;
 dc->npc = dc->npc + 4;
@@ -5747,6 +5748,7 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock 
* tb)
 pc_start = tb->pc;
 dc->pc = pc_start;
 last_pc = dc->pc;
+dc->is_jmp = DISAS_NEXT;
 dc->npc = (target_ulong) tb->cs_base;
 dc->cc_op = CC_OP_DYNAMIC;
 dc->mem_idx = tb->flags & TB_FLAG_MMU_MASK;
@@ -5791,7 +5793,7 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock 
* tb)
 }
 gen_helper_debug(cpu_env);
 tcg_gen_exit_tb(0);
-dc->is_br = 1;
+dc->is_jmp = DISAS_NORETURN;
 goto exit_gen_loop;
 }
 
@@ -5803,8 +5805,9 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock 
* tb)

[Qemu-devel] [PULL 4/4] nbd/client: fix error messages in nbd_handle_reply_err

2018-03-01 Thread Eric Blake 
From: Vladimir Sementsov-Ogievskiy 

1. NBD_REP_ERR_INVALID is not only about length, so, make message more
   general

2. hex format is not very good: it's hard to read something like
   "option a (set meta context)", so switch to dec.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Message-Id: <1518702707-7077-6-git-send-email-vsement...@virtuozzo.com>
[eblake: expand scope of patch: ALL uses of nbd_opt_lookup and
nbd_rep_lookup are now decimal]
Signed-off-by: Eric Blake 
---
 nbd/client.c | 24 
 nbd/server.c |  4 ++--
 nbd/trace-events |  8 
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index 89f80f95905..9c3fe4aaa67 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -158,14 +158,14 @@ static int nbd_handle_reply_err(QIOChannel *ioc, 
NBDOptionReply *reply,

 if (reply->length) {
 if (reply->length > NBD_MAX_BUFFER_SIZE) {
-error_setg(errp, "server error 0x%" PRIx32
+error_setg(errp, "server error %" PRIu32
" (%s) message is too long",
reply->type, nbd_rep_lookup(reply->type));
 goto cleanup;
 }
 msg = g_malloc(reply->length + 1);
 if (nbd_read(ioc, msg, reply->length, errp) < 0) {
-error_prepend(errp, "failed to read option error 0x%" PRIx32
+error_prepend(errp, "failed to read option error %" PRIu32
   " (%s) message: ",
   reply->type, nbd_rep_lookup(reply->type));
 goto cleanup;
@@ -180,22 +180,22 @@ static int nbd_handle_reply_err(QIOChannel *ioc, 
NBDOptionReply *reply,
 goto cleanup;

 case NBD_REP_ERR_POLICY:
-error_setg(errp, "Denied by server for option %" PRIx32 " (%s)",
+error_setg(errp, "Denied by server for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;

 case NBD_REP_ERR_INVALID:
-error_setg(errp, "Invalid data length for option %" PRIx32 " (%s)",
+error_setg(errp, "Invalid parameters for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;

 case NBD_REP_ERR_PLATFORM:
-error_setg(errp, "Server lacks support for option %" PRIx32 " (%s)",
+error_setg(errp, "Server lacks support for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;

 case NBD_REP_ERR_TLS_REQD:
-error_setg(errp, "TLS negotiation required before option %" PRIx32
+error_setg(errp, "TLS negotiation required before option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;

@@ -204,17 +204,17 @@ static int nbd_handle_reply_err(QIOChannel *ioc, 
NBDOptionReply *reply,
 break;

 case NBD_REP_ERR_SHUTDOWN:
-error_setg(errp, "Server shutting down before option %" PRIx32 " (%s)",
+error_setg(errp, "Server shutting down before option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;

 case NBD_REP_ERR_BLOCK_SIZE_REQD:
-error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIx32
+error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;

 default:
-error_setg(errp, "Unknown error code when asking for option %" PRIx32
+error_setg(errp, "Unknown error code when asking for option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;
 }
@@ -378,8 +378,8 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
 return 1;
 }
 if (reply.type != NBD_REP_INFO) {
-error_setg(errp, "unexpected reply type %" PRIx32
-   " (%s), expected %x",
+error_setg(errp, "unexpected reply type %" PRIu32
+   " (%s), expected %u",
reply.type, nbd_rep_lookup(reply.type), NBD_REP_INFO);
 nbd_send_opt_abort(ioc);
 return -1;
@@ -534,7 +534,7 @@ static int nbd_request_simple_option(QIOChannel *ioc, int 
opt, Error **errp)

 if (reply.type != NBD_REP_ACK) {
 error_setg(errp, "Server answered option %d (%s) with unexpected "
-   "reply %" PRIx32 " (%s)", opt, nbd_opt_lookup(opt),
+   "reply %" PRIu32 " (%s)", opt, nbd_opt_lookup(opt),
reply.type, nbd_rep_lookup(reply.type));
 nbd_send_opt_abort(ioc);
 return -1;
diff --git a/nbd/server.c b/nbd/server.c
index 112e3f69dff..4990a5826e6 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -806,7 +806,7 @@ static int nbd_negotiate_options(NBDClient *client,

  1   2   3   4   5   6   >