Re: [Qemu-devel] [RFC PATCH 1/4] mem: make nvdimm_device_list global

[Igor Mammedov]

On Tue, 05 Feb 2019 23:25:54 -0600
Shivaprasad G Bhat  wrote:

> nvdimm_device_list is required for parsing the list for devices
> in subsequent patches. Move it to common area.
> 
> Signed-off-by: Shivaprasad G Bhat 

Reviewed-by: Igor Mammedov 

> ---
>  hw/acpi/nvdimm.c|   27 ---
>  hw/mem/nvdimm.c |   27 +++
>  include/hw/mem/nvdimm.h |2 ++
>  3 files changed, 29 insertions(+), 27 deletions(-)
> 
> diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
> index e53b2cb681..34322298c2 100644
> --- a/hw/acpi/nvdimm.c
> +++ b/hw/acpi/nvdimm.c
> @@ -33,33 +33,6 @@
>  #include "hw/nvram/fw_cfg.h"
>  #include "hw/mem/nvdimm.h"
>  
> -static int nvdimm_device_list(Object *obj, void *opaque)
> -{
> -GSList **list = opaque;
> -
> -if (object_dynamic_cast(obj, TYPE_NVDIMM)) {
> -*list = g_slist_append(*list, DEVICE(obj));
> -}
> -
> -object_child_foreach(obj, nvdimm_device_list, opaque);
> -return 0;
> -}
> -
> -/*
> - * inquire NVDIMM devices and link them into the list which is
> - * returned to the caller.
> - *
> - * Note: it is the caller's responsibility to free the list to avoid
> - * memory leak.
> - */
> -static GSList *nvdimm_get_device_list(void)
> -{
> -GSList *list = NULL;
> -
> -object_child_foreach(qdev_get_machine(), nvdimm_device_list, );
> -return list;
> -}
> -
>  #define NVDIMM_UUID_LE(a, b, c, d0, d1, d2, d3, d4, d5, d6, d7) \
> { (a) & 0xff, ((a) >> 8) & 0xff, ((a) >> 16) & 0xff, ((a) >> 24) & 0xff, \
>   (b) & 0xff, ((b) >> 8) & 0xff, (c) & 0xff, ((c) >> 8) & 0xff,  \
> diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c
> index bf2adf5e16..f221ec7a9a 100644
> --- a/hw/mem/nvdimm.c
> +++ b/hw/mem/nvdimm.c
> @@ -29,6 +29,33 @@
>  #include "hw/mem/nvdimm.h"
>  #include "hw/mem/memory-device.h"
>  
> +static int nvdimm_device_list(Object *obj, void *opaque)
> +{
> +GSList **list = opaque;
> +
> +if (object_dynamic_cast(obj, TYPE_NVDIMM)) {
> +*list = g_slist_append(*list, DEVICE(obj));
> +}
> +
> +object_child_foreach(obj, nvdimm_device_list, opaque);
> +return 0;
> +}
> +
> +/*
> + * inquire NVDIMM devices and link them into the list which is
> + * returned to the caller.
> + *
> + * Note: it is the caller's responsibility to free the list to avoid
> + * memory leak.
> + */
> +GSList *nvdimm_get_device_list(void)
> +{
> +GSList *list = NULL;
> +
> +object_child_foreach(qdev_get_machine(), nvdimm_device_list, );
> +return list;
> +}
> +
>  static void nvdimm_get_label_size(Object *obj, Visitor *v, const char *name,
>void *opaque, Error **errp)
>  {
> diff --git a/include/hw/mem/nvdimm.h b/include/hw/mem/nvdimm.h
> index c5c9b3c7f8..e8b086f2df 100644
> --- a/include/hw/mem/nvdimm.h
> +++ b/include/hw/mem/nvdimm.h
> @@ -150,4 +150,6 @@ void nvdimm_build_acpi(GArray *table_offsets, GArray 
> *table_data,
> uint32_t ram_slots);
>  void nvdimm_plug(AcpiNVDIMMState *state);
>  void nvdimm_acpi_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev);
> +GSList *nvdimm_get_device_list(void);
> +
>  #endif
> 
> 

Re: [Qemu-devel] [Qemu-block] [PATCH v2] Add a gitlab-ci file for Continuous Integration testing on Gitlab

[Kevin Wolf]

Am 19.02.2019 um 07:44 hat Thomas Huth geschrieben:
> On 18/02/2019 19.22, Cleber Rosa wrote:
> > 
> > 
> > On 2/13/19 6:54 AM, Thomas Huth wrote:
> >> This is very convenient for people like me who store their QEMU git trees
> >> on gitlab.com: Automatic CI pipelines are now run for each branch that is
> >> pushed to the server - useful for some extra-testing before sending PULL-
> >> requests for example. Since the runtime of the jobs is limited to 1h, the
> >> jobs are distributed into multiple pipelines - this way everything finishs
> >> fine within time (ca. 30 minutes currently).
> >>
> >> Signed-off-by: Thomas Huth 
> >> ---
> >>  An example can be seen here: https://gitlab.com/huth/qemu/pipelines/
> >>
> >>  I'd really like to get this into the main QEMU repository, so that I don't
> >>  have to cherry-pick this patch onto my testing branches anymore each time
> >>  I want to test before sending a PULL request...
> >>
> >>  .gitlab-ci.yml | 73 
> >> ++
> >>  MAINTAINERS|  5 
> >>  2 files changed, 78 insertions(+)
> >>  create mode 100644 .gitlab-ci.yml
> >>
> >> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> >> new file mode 100644
> >> index 000..79d02cf
> >> --- /dev/null
> >> +++ b/.gitlab-ci.yml
> >> @@ -0,0 +1,73 @@
> >> +before_script:
> >> + - apt-get update -qq
> >> + - apt-get install -y -qq flex bison libglib2.0-dev libpixman-1-dev 
> >> genisoimage
> >> +
> >> +build-system1:
> >> + script:
> >> + - apt-get install -y -qq libgtk-3-dev libvte-dev nettle-dev libcacard-dev
> >> +  libusb-dev libvde-dev libspice-protocol-dev libgl1-mesa-dev
> >> + - ./configure --enable-werror --target-list="aarch64-softmmu 
> >> alpha-softmmu
> >> +  cris-softmmu hppa-softmmu lm32-softmmu moxie-softmmu 
> >> microblazeel-softmmu
> >> +  mips64el-softmmu m68k-softmmu ppc-softmmu riscv64-softmmu 
> >> sparc-softmmu"
> >> + - make -j2
> >> + - make -j2 check
> >> +
> >> +build-system2:
> >> + script:
> >> + - apt-get install -y -qq libsdl2-dev libgcrypt-dev libbrlapi-dev 
> >> libaio-dev
> >> +  libfdt-dev liblzo2-dev librdmacm-dev libibverbs-dev libibumad-dev
> >> + - ./configure --enable-werror --target-list="tricore-softmmu 
> >> unicore32-softmmu
> >> +  microblaze-softmmu mips-softmmu riscv32-softmmu s390x-softmmu 
> >> sh4-softmmu
> >> +  sparc64-softmmu x86_64-softmmu xtensa-softmmu nios2-softmmu 
> >> or1k-softmmu"
> >> + - make -j2
> >> + - make -j2 check
> >> +
> >> +build-disabled:
> >> + script:
> >> + - ./configure --enable-werror --disable-rdma --disable-slirp 
> >> --disable-curl
> >> +  --disable-capstone --disable-live-block-migration 
> >> --disable-glusterfs
> >> +  --disable-replication --disable-coroutine-pool --disable-smartcard
> >> +  --disable-guest-agent --disable-curses --disable-libxml2 
> >> --disable-tpm
> >> +  --disable-qom-cast-debug --disable-spice --disable-vhost-vsock
> >> +  --disable-vhost-net --disable-vhost-crypto --disable-vhost-user
> >> +  --target-list="i386-softmmu ppc64-softmmu mips64-softmmu 
> >> i386-linux-user"
> >> + - make -j2
> >> + - make -j2 check-qtest SPEED=slow
> >> +
> >> +build-tcg-disabled:
> >> + script:
> >> + - apt-get install -y -qq clang libgtk-3-dev libbluetooth-dev libusb-dev
> >> + - ./configure --cc=clang --enable-werror --disable-tcg 
> >> --audio-drv-list=""
> >> + - make -j2
> >> + - make check-unit
> >> + - make check-qapi-schema
> >> + - cd tests/qemu-iotests/
> >> + - ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 
> >> 048
> >> +052 063 077 086 101 104 106 113 147 148 150 151 152 157 159 
> >> 160
> >> +163 170 171 183 184 192 194 197 205 208 215 221 222 226 227 
> >> 236
> >> + - ./check -qcow2 001 002 003 004 005 007 008 009 010 011 012 013 017 018 
> >> 019
> >> +020 021 022 024 025 027 028 029 031 032 033 034 035 036 037 
> >> 038
> >> +039 040 042 043 046 047 048 049 050 051 052 053 054 056 057 
> >> 058
> >> +060 061 062 063 065 066 067 068 069 071 072 073 074 079 080 
> >> 082
> >> +085 086 089 090 091 095 096 097 098 099 102 103 104 105 107 
> >> 108
> >> +110 111 114 117 120 122 124 126 127 129 130 132 133 134 137 
> >> 138
> >> +139 140 141 142 143 144 145 147 150 151 152 154 155 156 157 
> >> 158
> >> +161 165 170 172 174 176 177 179 184 186 187 190 192 194 195 
> >> 196
> >> +197 200 202 203 205 208 209 214 215 216 217 218 222 226 227 
> >> 229 234
> >> +
> > 
> > On the matter of "make check-block" or "./check xxx", I've seen
> > arguments for both sides.  I've sent a similar (but using make
> > check-block) patch for Travis:
> > 
> > https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg02334.html
> > 
> > I'd be nice to hear from the qemu-iotest's maintainers which approach
> > is preferable for upstream + shared computing resources kind of environment.
> 
> I 

Re: [Qemu-devel] [PATCH v6 09/18] hw/arm/virt: Implement kvm_type function for 4.0 machine

[Igor Mammedov]

On Mon, 18 Feb 2019 22:29:40 +0100
Auger Eric  wrote:

> Hi Peter,
> 
> On 2/14/19 6:29 PM, Peter Maydell wrote:
> > On Tue, 5 Feb 2019 at 17:33, Eric Auger  wrote:  
> >>
> >> This patch implements the machine class kvm_type() callback.
> >> It returns the max IPA shift needed to implement the whole GPA
> >> range including the RAM and IO regions located beyond.
> >> The returned value in passed though the KVM_CREATE_VM ioctl and
> >> this allows KVM to set the stage2 tables dynamically.
> >>
> >> At this stage the RAM limit still is limited to 255GB.
> >>
> >> Setting all the existing highmem IO regions beyond the RAM
> >> allows to have a single contiguous RAM region (initial RAM and
> >> possible hotpluggable device memory). That way we do not need
> >> to do invasive changes in the EDK2 FW to support a dynamic
> >> RAM base.
> >>
> >> Signed-off-by: Eric Auger 
> >>
> >> ---
> >>
> >> v5 -> v6:
> >> - add some comments
> >> - high IO region cannot start before 256GiB
> >> ---
> >>  hw/arm/virt.c | 52 +--
> >>  include/hw/arm/virt.h |  2 ++
> >>  2 files changed, 52 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> >> index 2b15839d0b..b90ffc2e5d 100644
> >> --- a/hw/arm/virt.c
> >> +++ b/hw/arm/virt.c
> >> @@ -1366,6 +1366,7 @@ static uint64_t 
> >> virt_cpu_mp_affinity(VirtMachineState *vms, int idx)
> >>
> >>  static void virt_set_memmap(VirtMachineState *vms)
> >>  {
> >> +MachineState *ms = MACHINE(vms);
> >>  hwaddr base;
> >>  int i;
> >>
> >> @@ -1375,7 +1376,17 @@ static void virt_set_memmap(VirtMachineState *vms)
> >>  vms->memmap[i] = a15memmap[i];
> >>  }
> >>
> >> -vms->high_io_base = 256 * GiB; /* Top of the legacy initial RAM 
> >> region */
> >> +/*
> >> + * We now compute the base of the high IO region depending on the
> >> + * amount of initial and device memory. The device memory start/size
> >> + * is aligned on 1GiB. We never put the high IO region below 256GiB
> >> + * so that if maxram_size is < 255GiB we keep the legacy memory map
> >> + */
> >> +vms->high_io_base = ROUND_UP(GiB + ms->ram_size, GiB) +
> >> +ROUND_UP(ms->maxram_size - ms->ram_size, GiB);  
> > 
> > I don't understand this expression...  
> My intent was to align the start of the device memory on a GiB boundary,
> just after the initial RAM (ram_size). And then align the floating IO
> region on a GiB boundary after the device memory (of size
> ms->maxram_size - ms->ram_size). What do I miss?

It's not obvious what "GiB +  ms->ram_size" means and where it comes from,
maybe substitute GiB with properly named constant/macro that's also re-used in
memmap definition so it would be obvious that's it's where initial RAM
is mapped. Also I'd move both ROUND_UPs into separate expressions using
reasonable named local vars and possible overflow checks on top of that,
so one won't have to guess that it's initial RAM end + device RAM end.

> >   
> >> +if (vms->high_io_base < 256 * GiB) {
> >> +vms->high_io_base = 256 * GiB;
> >> +}
> >>  base = vms->high_io_base;
> >>
> >>  for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) {
> >> @@ -1386,6 +1397,7 @@ static void virt_set_memmap(VirtMachineState *vms)
> >>  vms->memmap[i].size = size;
> >>  base += size;
> >>  }
> >> +vms->highest_gpa = base - 1;
> >>  }
> >>
> >>  static void machvirt_init(MachineState *machine)
> >> @@ -1402,7 +1414,9 @@ static void machvirt_init(MachineState *machine)
> >>  bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
> >>  bool aarch64 = true;
> >>
> >> -virt_set_memmap(vms);
> >> +if (!vms->extended_memmap) {
> >> +virt_set_memmap(vms);
> >> +}
> >>
> >>  /* We can probe only here because during property set
> >>   * KVM is not available yet
> >> @@ -1784,6 +1798,36 @@ static HotplugHandler 
> >> *virt_machine_get_hotplug_handler(MachineState *machine,
> >>  return NULL;
> >>  }
> >>
> >> +/*
> >> + * for arm64 kvm_type [7-0] encodes the IPA size shift
> >> + */
> >> +static int virt_kvm_type(MachineState *ms, const char *type_str)
> >> +{
> >> +VirtMachineState *vms = VIRT_MACHINE(ms);
> >> +int max_vm_phys_shift = kvm_arm_get_max_vm_phys_shift(ms);
> >> +int max_pa_shift;
> >> +
> >> +vms->extended_memmap = true;
> >> +
> >> +virt_set_memmap(vms);
> >> +
> >> +max_pa_shift = 64 - clz64(vms->highest_gpa);
> >> +
> >> +if (max_pa_shift > max_vm_phys_shift) {
> >> +error_report("-m and ,maxmem option values "
> >> + "require an IPA range (%d bits) larger than "
> >> + "the one supported by the host (%d bits)",
> >> + max_pa_shift, max_vm_phys_shift);
> >> +   exit(1);
> >> +}  
> > 
> > Presumably we should have some equivalent check for TCG, so
> > that we don't let the 

Re: [Qemu-devel] [PATCH v3 0/6] tests: Add device unplug tests

[David Hildenbrand]

On 19.02.19 03:58, David Gibson wrote:
> On Mon, Feb 18, 2019 at 10:21:56AM +0100, David Hildenbrand wrote:
>> This is a set of tests to test basic device unplugging functionality for
>> - some PCI implementations
>> - CCW devices on s390x
>> - spapr memory and cpu core devices
>>
>> I plaed with ACPI CPU unplug but getting that to run with qtest is more
>> involved. (remove devices on reset, trick cpu-hotplug-legacy property,
>> somehow create cpu hotplug state objects ...). Well we no have at least
>> one unplug test for DIMMs and one for CPUs.
> 
> I believe we were talking about merging this via the ppc tree, so I've
> merged it into ppc-for-4.0 (with Connie's acks).
> 
> If I was mistaken about that, let me know and I'll pull them out
> before I send my next pull request.

That's also how I understood it :)

Thanks David!

-- 

Thanks,

David / dhildenb

Re: [Qemu-devel] [PATCH 2/2] lsi: use ldn_le_p()/stn_le_p()

[Sven Schnelle]

Hi Philippe,

On Mon, Feb 18, 2019 at 10:39:54PM +0100, Philippe Mathieu-Daudé wrote:

> > -newval = s->script_ram[addr >> 2];
> > -shift = (addr & 3) * 8;
> > -mask = ((uint64_t)1 << (size * 8)) - 1;
> > -newval &= ~(mask << shift);
> > -newval |= val << shift;
> > -s->script_ram[addr >> 2] = newval;
> > +stn_le_p(((void*)s->script_ram) + addr, size, val);
> 
> If you want to do pointer arithmetic, it is safer to cast to a uintptr_t.
> But since you update all the places that use script_ram[], it seems
> pointless to keep it as an array of uint32_t. We can simply convert it
> to an array of char.

You're right, i was assuming that the array is used somewhere else in the code,
but all the accesses are routed through these two functions, so it makes sense
to convert the type. However, i'm not sure whether i have to increase the 
version
number in the VMSTATE_BUFFER_UNSAFE() macro in that case? Are there possible
endianess issues with that change?

My current version looks like this:


commit 286d45946e235d5fdf2f95bf349b3048e3180392
Author: Sven Schnelle 
Date:   Tue Feb 19 06:59:23 2019 +0100

lsi: use ldn_le_p()/stn_le_p()

Signed-off-by: Sven Schnelle 

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index c493e3c4c7..0f9591016a 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -290,7 +290,7 @@ typedef struct {
 uint32_t adder;
 
 /* Script ram is stored as 32-bit words in host byteorder.  */
-uint32_t script_ram[2048];
+uint8_t script_ram[8192];
 } LSIState;
 
 #define TYPE_LSI53C810  "lsi53c810"
@@ -2078,29 +2078,14 @@ static void lsi_ram_write(void *opaque, hwaddr addr,
   uint64_t val, unsigned size)
 {
 LSIState *s = opaque;
-uint32_t newval;
-uint32_t mask;
-int shift;
-
-newval = s->script_ram[addr >> 2];
-shift = (addr & 3) * 8;
-mask = ((uint64_t)1 << (size * 8)) - 1;
-newval &= ~(mask << shift);
-newval |= val << shift;
-s->script_ram[addr >> 2] = newval;
+stn_le_p(s->script_ram + addr, size, val);
 }
 
 static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
  unsigned size)
 {
 LSIState *s = opaque;
-uint32_t val;
-uint32_t mask;
-
-val = s->script_ram[addr >> 2];
-mask = ((uint64_t)1 << (size * 8)) - 1;
-val >>= (addr & 3) * 8;
-return val & mask;
+return ldn_le_p(s->script_ram + addr, size);
 }
 
 static const MemoryRegionOps lsi_ram_ops = {
@@ -2243,7 +2228,7 @@ static const VMStateDescription vmstate_lsi_scsi = {
 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
 VMSTATE_UINT8(sbr, LSIState),
 
-VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * 
sizeof(uint32_t)),
+VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192),
 VMSTATE_END_OF_LIST()
 }
 };

Re: [Qemu-devel] [PATCH v4 00/11] packed ring virtio-net backends support

[Jason Wang]

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

https://github.com/Whishay/qemu.git

Userspace and vhost-net backend test has been done with upstream kernel
in guest.

v3->v4:
 - add version number to the subject of each patch.(mst)

v2->v3:
 v2/01 - drop it since the header has been synchronized from kernel.(mst & 
jason)
 v3/01 - rename 'avail_wrap_counter' to 'last_avail_wrap_counter',
 'event_wrap_counter' to 'avail_wrap_counter' to make it easier
 to understand.(Jason)
   - revise commit message.(Jason)
 v3/02 - split packed ring areas size calculation to next patch.(Jason)
 to not break bisect(Jason).
 v3/03 - initialize packed ring region with correct size and attribute.
   - remove unnecessary 'else' checks. (Jason)
 v3/06 - add commit log.
   - replace 'event_wrap-counter' with 'avail_wrap_counter'.
   - merge common memory cache size check to 
virtqueue_get_avail_bytes().(Jason)
   - revise memory barrier comment.(Jason)
   - check indirect descriptors by desc.len/sizeof(desc).(Jason)
   - flip wrap counter with '^=1'.(Jason)
 v3/07 - move desc.id/len initialization to the declaration.(Jason)
   - flip wrap counter '!' with '^=1'.(Jason)
   - add memory barrier comments in commit message.
 v3/08 - use offsetof() when writing cache.(Jason)
   - avoid duplicated memory region write when turning off event_idx
 supported notification.(Jason)
   - add commit log.(Jason)
   - add avail & last_avail wrap counter difference description in 
commit log.
 v3/09 - remove unnecessary used/avail idx/wrap-counter from subsection.
   - put new subsection to the end of vmstate_virtio.(Jason)
   - squash the two userspace and vhost-net migration patches in 
v2.(Jason)
 v3/10 - reword commit message.
   - this is a help not a bug fix so I would like to keep it as a
 separate patch still.(Proposed a merge it by Jason)
   - the virtqueue_fill() is also not like an API so I would prefer not
 to touch it, please correct me if I did not get it in the right
 way.(Proposed a squash by Jason)
 v3/11 - squash feature bits for user space and vhost kernel/user backends.
   - enable packed ring feature bit provision on host by default.(Jason)

Wei Xu (11):
   virtio: rename structure for packed ring
   virtio: device/driver area size calculation helper for split ring
   virtio: initialize packed ring region
   virtio: initialize wrap counter for packed ring
   virtio: queue/descriptor check helpers for packed ring
   virtio: get avail bytes check for packed ring
   virtio: fill/flush/pop for packed ring
   virtio: event suppression support for packed ring
   virtio-net: update the head descriptor in a chain lastly
   virtio: migration support for packed ring
   virtio: CLI and provide packed ring feature bit by default

  hw/net/vhost_net.c |   2 +
  hw/net/virtio-net.c|  11 +-
  hw/virtio/virtio.c | 798 +
  include/hw/virtio/virtio.h |   4 +-
  4 files changed, 757 insertions(+), 58 deletions(-)



Looks like there's something missed in the series. e.g the support of:

virtqueue_unpop()

virtqueue_rewind()

Thanks

Re: [Qemu-devel] [PATCH v4 11/11] virtio: CLI and provide packed ring feature bit by default

[Jason Wang]

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

Add userspace and vhost kernel/user support.

Add CLI "ring_packed=true/false" to enable/disable packed ring provision.
Usage:
 -device virtio-net-pci,netdev=xx,mac=xx:xx:xx:xx:xx:xx,ring_packed=false

By default it is provided.



Please compat this for old machine types.

Thanks




Signed-off-by: Wei Xu 
---
  hw/net/vhost_net.c | 2 ++
  include/hw/virtio/virtio.h | 4 +++-
  2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index e037db6..f593086 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -53,6 +53,7 @@ static const int kernel_feature_bits[] = {
  VIRTIO_F_VERSION_1,
  VIRTIO_NET_F_MTU,
  VIRTIO_F_IOMMU_PLATFORM,
+VIRTIO_F_RING_PACKED,
  VHOST_INVALID_FEATURE_BIT
  };
  
@@ -78,6 +79,7 @@ static const int user_feature_bits[] = {

  VIRTIO_NET_F_MRG_RXBUF,
  VIRTIO_NET_F_MTU,
  VIRTIO_F_IOMMU_PLATFORM,
+VIRTIO_F_RING_PACKED,
  
  /* This bit implies RARP isn't sent by QEMU out of band */

  VIRTIO_NET_F_GUEST_ANNOUNCE,
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 9c1fa07..2eb27d2 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -264,7 +264,9 @@ typedef struct VirtIORNGConf VirtIORNGConf;
  DEFINE_PROP_BIT64("any_layout", _state, _field, \
VIRTIO_F_ANY_LAYOUT, true), \
  DEFINE_PROP_BIT64("iommu_platform", _state, _field, \
-  VIRTIO_F_IOMMU_PLATFORM, false)
+  VIRTIO_F_IOMMU_PLATFORM, false), \
+DEFINE_PROP_BIT64("ring_packed", _state, _field, \
+  VIRTIO_F_RING_PACKED, true)
  
  hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n);

  hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n);

Re: [Qemu-devel] [PATCH 05/19] ppc/pnv: add XIVE support

[Cédric Le Goater]

On 2/12/19 6:40 AM, David Gibson wrote:
> On Mon, Jan 28, 2019 at 10:46:11AM +0100, Cédric Le Goater wrote:
>> This is simple model of the POWER9 XIVE interrupt controller for the
>> PowerNV machine. XIVE for baremetal is a complex controller and the
>> model only addresses the needs of the skiboot firmware.
>>
>> The PowerNV model reuses the common XIVE framework developed for sPAPR
>> and the fundamentals aspects are quite the same. The difference are
>> outlined below.
>>
>> The controller initial BAR configuration is performed using the XSCOM
>> bus from there, MMIO are used for further configuration.
>>
>> The MMIO regions exposed are :
>>
>>  - Interrupt controller registers
>>  - ESB pages for IPIs and ENDs
>>  - Presenter MMIO (Not used)
>>  - Thread Interrupt Management Area MMIO, direct and indirect
>>
>> The virtualization controller MMIO region containing the IPI ESB pages
>> and END ESB pages is sub-divided into "sets" which map portions of the
>> VC region to the different ESB pages. These are modeled with custom
>> address spaces and the XiveSource and XiveENDSource objects are sized
>> to the maximum allowed by HW. The memory regions are resized at
>> run-time using the configuration of EDT set translation table provided
>> by the firmware.
>>
>> The XIVE virtualization structure tables (EAT, ENDT, NVTT) are now in
>> the machine RAM and not in the hypervisor anymore. The firmware
>> (skiboot) configures these tables using Virtual Structure Descriptor
>> defining the characteristics of each table : SBE, EAS, END and
>> NVT. These are later used to access the virtual interrupt entries. The
>> internal cache of these tables in the interrupt controller is updated
>> and invalidated using a set of registers.
>>
>> Still to address to complete the model but not fully required is the
>> support for block grouping. Escalation support will be necessary for
>> KVM guests.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  hw/intc/pnv_xive_regs.h|  315 +++
>>  include/hw/ppc/pnv.h   |   21 +
>>  include/hw/ppc/pnv_core.h  |1 +
>>  include/hw/ppc/pnv_xive.h  |   95 ++
>>  include/hw/ppc/pnv_xscom.h |3 +
>>  include/hw/ppc/xive.h  |1 +
>>  hw/intc/pnv_xive.c | 1698 
>>  hw/intc/xive.c |   59 +-
>>  hw/ppc/pnv.c   |   68 +-
>>  hw/intc/Makefile.objs  |2 +-
>>  10 files changed, 2253 insertions(+), 10 deletions(-)
>>  create mode 100644 hw/intc/pnv_xive_regs.h
>>  create mode 100644 include/hw/ppc/pnv_xive.h
>>  create mode 100644 hw/intc/pnv_xive.c
>>
>> diff --git a/hw/intc/pnv_xive_regs.h b/hw/intc/pnv_xive_regs.h
>> new file mode 100644
>> index ..96ac27701cee
>> --- /dev/null
>> +++ b/hw/intc/pnv_xive_regs.h
>> @@ -0,0 +1,315 @@
>> +/*
>> + * QEMU PowerPC XIVE interrupt controller model
>> + *
>> + * Copyright (c) 2017-2018, IBM Corporation.
>> + *
>> + * This code is licensed under the GPL version 2 or later. See the
>> + * COPYING file in the top-level directory.
>> + */
>> +
>> +#ifndef PPC_PNV_XIVE_REGS_H
>> +#define PPC_PNV_XIVE_REGS_H
>> +
>> +/* IC register offsets 0x0 - 0x400 */
>> +#define CQ_SWI_CMD_HIST 0x020
>> +#define CQ_SWI_CMD_POLL 0x028
>> +#define CQ_SWI_CMD_BCAST0x030
>> +#define CQ_SWI_CMD_ASSIGN   0x038
>> +#define CQ_SWI_CMD_BLK_UPD  0x040
>> +#define CQ_SWI_RSP  0x048
>> +#define X_CQ_CFG_PB_GEN 0x0a
>> +#define CQ_CFG_PB_GEN   0x050
>> +#define   CQ_INT_ADDR_OPT   PPC_BITMASK(14, 15)
>> +#define X_CQ_IC_BAR 0x10
>> +#define X_CQ_MSGSND 0x0b
>> +#define CQ_MSGSND   0x058
>> +#define CQ_CNPM_SEL 0x078
>> +#define CQ_IC_BAR   0x080
>> +#define   CQ_IC_BAR_VALID   PPC_BIT(0)
>> +#define   CQ_IC_BAR_64K PPC_BIT(1)
>> +#define X_CQ_TM1_BAR0x12
>> +#define CQ_TM1_BAR  0x90
>> +#define X_CQ_TM2_BAR0x014
>> +#define CQ_TM2_BAR  0x0a0
>> +#define   CQ_TM_BAR_VALID   PPC_BIT(0)
>> +#define   CQ_TM_BAR_64K PPC_BIT(1)
>> +#define X_CQ_PC_BAR 0x16
>> +#define CQ_PC_BAR   0x0b0
>> +#define  CQ_PC_BAR_VALIDPPC_BIT(0)
>> +#define X_CQ_PC_BARM0x17
>> +#define CQ_PC_BARM  0x0b8
>> +#define  CQ_PC_BARM_MASKPPC_BITMASK(26, 38)
>> +#define X_CQ_VC_BAR 0x18
>> +#define CQ_VC_BAR   0x0c0
>> +#define  CQ_VC_BAR_VALIDPPC_BIT(0)
>> +#define X_CQ_VC_BARM0x19
>> +#define CQ_VC_BARM  0x0c8
>> +#define  CQ_VC_BARM_MASKPPC_BITMASK(21, 37)
>> +#define X_CQ_TAR0x1e
>> +#define CQ_TAR  0x0f0
>> +#define  CQ_TAR_TBL_AUTOINC PPC_BIT(0)
>> +#define  CQ_TAR_TSELPPC_BITMASK(12, 15)
>> +#define  CQ_TAR_TSEL_BLKPPC_BIT(12)
>> +#define  CQ_TAR_TSEL_MIGPPC_BIT(13)
>> +#define  CQ_TAR_TSEL_VDTPPC_BIT(14)
>> 

Re: [Qemu-devel] [PATCH v4 10/11] virtio: migration support for packed ring

[Jason Wang]

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

Both userspace and vhost-net/user are supported with this patch.

A new subsection is introduced for packed ring, only 'last_avail_idx'
and 'last_avail_wrap_counter' are saved/loaded presumably based on
all the others relevant data(inuse, used/avail index and wrap count
should be the same.



This is probably only true for net device, see comment in virtio_load():

    /*
 * Some devices migrate VirtQueueElements that have been popped
 * from the avail ring but not yet returned to the used ring.
 * Since max ring size < UINT16_MAX it's safe to use modulo
 * UINT16_MAX + 1 subtraction.
 */
    vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx -
    vdev->vq[i].used_idx);


So you need to migrate used_idx and used_wrap_counter since we don't 
have used idx.





Signed-off-by: Wei Xu 
---
  hw/virtio/virtio.c | 69 +++---
  1 file changed, 66 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 8cfc7b6..7c5de07 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2349,6 +2349,13 @@ static bool virtio_virtqueue_needed(void *opaque)
  return virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1);
  }
  
+static bool virtio_packed_virtqueue_needed(void *opaque)

+{
+VirtIODevice *vdev = opaque;
+
+return virtio_host_has_feature(vdev, VIRTIO_F_RING_PACKED);
+}
+
  static bool virtio_ringsize_needed(void *opaque)
  {
  VirtIODevice *vdev = opaque;
@@ -2390,6 +2397,17 @@ static const VMStateDescription vmstate_virtqueue = {
  }
  };
  
+static const VMStateDescription vmstate_packed_virtqueue = {

+.name = "packed_virtqueue_state",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT16(last_avail_idx, struct VirtQueue),
+VMSTATE_BOOL(last_avail_wrap_counter, struct VirtQueue),
+VMSTATE_END_OF_LIST()
+}
+};
+
  static const VMStateDescription vmstate_virtio_virtqueues = {
  .name = "virtio/virtqueues",
  .version_id = 1,
@@ -2402,6 +2420,18 @@ static const VMStateDescription 
vmstate_virtio_virtqueues = {
  }
  };
  
+static const VMStateDescription vmstate_virtio_packed_virtqueues = {

+.name = "virtio/packed_virtqueues",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = _packed_virtqueue_needed,
+.fields = (VMStateField[]) {
+VMSTATE_STRUCT_VARRAY_POINTER_KNOWN(vq, struct VirtIODevice,
+  VIRTIO_QUEUE_MAX, 0, vmstate_packed_virtqueue, 
VirtQueue),
+VMSTATE_END_OF_LIST()
+}
+};
+
  static const VMStateDescription vmstate_ringsize = {
  .name = "ringsize_state",
  .version_id = 1,
@@ -2522,6 +2552,7 @@ static const VMStateDescription vmstate_virtio = {
  _virtio_ringsize,
  _virtio_broken,
  _virtio_extra_state,
+_virtio_packed_virtqueues,
  NULL
  }
  };
@@ -2794,6 +2825,17 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int 
version_id)
  virtio_queue_update_rings(vdev, i);
  }
  
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_RING_PACKED)) {

+vdev->vq[i].shadow_avail_idx = vdev->vq[i].last_avail_idx;
+vdev->vq[i].avail_wrap_counter =
+vdev->vq[i].last_avail_wrap_counter;
+
+vdev->vq[i].used_idx = vdev->vq[i].last_avail_idx;
+vdev->vq[i].used_wrap_counter =
+vdev->vq[i].last_avail_wrap_counter;
+continue;
+}
+
  nheads = vring_avail_idx(>vq[i]) - 
vdev->vq[i].last_avail_idx;
  /* Check it isn't doing strange things with descriptor numbers. */
  if (nheads > vdev->vq[i].vring.num) {
@@ -2955,17 +2997,34 @@ hwaddr virtio_queue_get_used_size(VirtIODevice *vdev, 
int n)
  
  uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n)

  {
-return vdev->vq[n].last_avail_idx;
+uint16_t idx;
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_RING_PACKED)) {
+idx = vdev->vq[n].last_avail_idx;
+idx |= ((int)vdev->vq[n].avail_wrap_counter) << 15;
+} else {
+idx = (int)vdev->vq[n].last_avail_idx;
+}
+return idx;
  }
  
  void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx)

  {
-vdev->vq[n].last_avail_idx = idx;
-vdev->vq[n].shadow_avail_idx = idx;
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_RING_PACKED)) {
+vdev->vq[n].last_avail_idx = idx & 0x7fff;
+vdev->vq[n].avail_wrap_counter = !!(idx & 0x8000);



Let's define some macros for those magic number.



+} else {
+vdev->vq[n].last_avail_idx = idx;
+vdev->vq[n].shadow_avail_idx = idx;
+}
  }
  
  void 

Re: [Qemu-devel] [PATCH] mips: implement qmp query-cpu-definitions command

[Markus Armbruster]

Philippe Mathieu-Daudé  writes:

> Hi Pavel,
>
> On 2/11/19 6:34 AM, Pavel Dovgalyuk wrote:
>> Ping.
>
> You forgot to Cc Aleksandar, to get his MIPS maintainer Ack-by:
>
> ./scripts/get_maintainer.pl -f target/mips/helper.c
> Aleksandar Markovic  (maintainer:MIPS)
>
>> 
>> Pavel Dovgalyuk
>> 
>>> -Original Message-
>>> From: Pavel Dovgalyuk [mailto:pavel.dovga...@ispras.ru]
>>> Sent: Tuesday, February 05, 2019 4:08 PM
>>> To: qemu-devel@nongnu.org
>>> Cc: pavel.dovga...@ispras.ru; arik...@wavecomp.com; 
>>> mdr...@linux.vnet.ibm.com;
>>> arm...@redhat.com; dovga...@ispras.ru; natalia.furs...@ispras.ru; 
>>> ebl...@redhat.com;
>>> aurel...@aurel32.net
>>> Subject: [PATCH] mips: implement qmp query-cpu-definitions command
>>>
>>> This patch enables QMP-based querying of the available CPU types for MIPS
>>> and MIPS64 platforms.
>
> Your patch is a simple copy of the ARM code, so:
>
> Reviewed-by: Philippe Mathieu-Daudé 
>
> Also:
>
> Tested-by: Philippe Mathieu-Daudé 
>
> However this clashes with Marc-André's "qapi: make query-cpu-definitions
> depend on specific targets" posted here by Markus:
> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg03831.html

This is now in master, merge commit a0430dd8abb.

> I believe your patch will go thru the QMP tree, so you might want to
> rebase on top of the series Markus sent; or see if Markus is OK to do
> the manual cleanup when applying.

Please rebase.  Let me know if you need help.

Re: [Qemu-devel] [Qemu-block] Guest unresponsive after Virtqueue size exceeded error

[Fernando Casas Schössow]

Problem reproduced with virtio-scsi as well on the same guest, this time it 
took less than a day.
Information from the log file:

vdev 0x55823f119f90 ("virtio-scsi")
vq 0x55823f122e80 (idx 2)
inuse 128 vring.num 128
old_shadow_avail_idx 58367 last_avail_idx 58113 avail_idx 58367
avail 0x3de8a800 avail_idx (cache bypassed) 58113
used_idx 57985
2019-02-19 04:20:43.291+: shutting down, reason=crashed

Got the dump file as well, including guest memory. Size is around 486MB after 
compression.
Is there any other information I should collect to progress the investigation?

Thanks.

On lun, feb 18, 2019 at 8:21 AM, Fernando Casas Schössow 
 wrote:
It took a few days but last night the problem was reproduced.
This is the information from the log:

vdev 0x55f261d940f0 ("virtio-blk")
vq 0x55f261d9ee40 (idx 0)
inuse 128 vring.num 128
old_shadow_avail_idx 58874 last_avail_idx 58625 avail_idx 58874
avail 0x3d87a800 avail_idx (cache bypassed) 58625
used_idx 58497
2019-02-18 03:20:08.605+: shutting down, reason=crashed

The dump file, including guest memory, was generated successfully (after gzip 
the file is around 492MB).
I switched the guest now to virtio-scsi to get the information and dump with 
this setup as well.

How should we proceed?

Thanks.

On lun, feb 11, 2019 at 4:17 AM, Stefan Hajnoczi  wrote:
Thanks for collecting the data! The fact that both virtio-blk and virtio-scsi 
failed suggests it's not a virtqueue element leak in the virtio-blk or 
virtio-scsi device emulation code. The hung task error messages from inside the 
guest are a consequence of QEMU hitting the "Virtqueue size exceeded" error. 
QEMU refuses to process further requests after the error, causing tasks inside 
the guest to get stuck on I/O. I don't have a good theory regarding the root 
cause. Two ideas: 1. The guest is corrupting the vring or submitting more 
requests than will fit into the ring. Somewhat unlikely because it happens with 
both Windows and Linux guests. 2. QEMU's virtqueue code is buggy, maybe the 
memory region cache which is used for fast guest RAM accesses. Here is an 
expanded version of the debug patch which might help identify which of these 
scenarios is likely. Sorry, it requires running the guest again! This time 
let's make QEMU dump core so both QEMU state and guest RAM are captured for 
further debugging. That way it will be possible to extract more information 
using gdb without rerunning. Stefan --- diff --git a/hw/virtio/virtio.c 
b/hw/virtio/virtio.c index a1ff647a66..28d89fcbcb 100644 --- 
a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -866,6 +866,7 @@ void 
*virtqueue_pop(VirtQueue *vq, size_t sz) return NULL; } rcu_read_lock(); + 
uint16_t old_shadow_avail_idx = vq->shadow_avail_idx; if 
(virtio_queue_empty_rcu(vq)) { goto done; } @@ -879,6 +880,12 @@ void 
*virtqueue_pop(VirtQueue *vq, size_t sz) max = vq->vring.num; if (vq->inuse >= 
vq->vring.num) { + fprintf(stderr, "vdev %p (\"%s\")\n", vdev, vdev->name); + 
fprintf(stderr, "vq %p (idx %u)\n", vq, (unsigned int)(vq - vdev->vq)); + 
fprintf(stderr, "inuse %u vring.num %u\n", vq->inuse, vq->vring.num); + 
fprintf(stderr, "old_shadow_avail_idx %u last_avail_idx %u avail_idx %u\n", 
old_shadow_avail_idx, vq->last_avail_idx, vq->shadow_avail_idx); + 
fprintf(stderr, "avail %#" HWADDR_PRIx " avail_idx (cache bypassed) %u\n", 
vq->vring.avail, virtio_lduw_phys(vdev, vq->vring.avail + offsetof(VRingAvail, 
idx))); + fprintf(stderr, "used_idx %u\n", vq->used_idx); + abort(); /* <--- 
core dump! */ virtio_error(vdev, "Virtqueue size exceeded"); goto done; }

Re: [Qemu-devel] [PATCH v4 09/11] virtio-net: update the head descriptor in a chain lastly

[Jason Wang]

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

This is a helper for packed ring.

To support packed ring, the head descriptor in a chain should be updated
lastly since no 'avail_idx' like in packed ring to explicitly tell the
driver side that all payload is ready after having done the chain, so
the head is always visible immediately.

This patch fills the header after done all the other ones.

Signed-off-by: Wei Xu 



It's really odd to workaround API issue in the implementation of device. 
Please introduce batched used updating helpers instead.


Thanks



---
  hw/net/virtio-net.c | 11 ++-
  1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 3f319ef..330abea 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1251,6 +1251,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, 
const uint8_t *buf,
  struct virtio_net_hdr_mrg_rxbuf mhdr;
  unsigned mhdr_cnt = 0;
  size_t offset, i, guest_offset;
+VirtQueueElement head;
+int head_len = 0;
  
  if (!virtio_net_can_receive(nc)) {

  return -1;
@@ -1328,7 +1330,13 @@ static ssize_t virtio_net_receive_rcu(NetClientState 
*nc, const uint8_t *buf,
  }
  
  /* signal other side */

-virtqueue_fill(q->rx_vq, elem, total, i++);
+if (i == 0) {
+head_len = total;
+head = *elem;
+} else {
+virtqueue_fill(q->rx_vq, elem, len, i);
+}
+i++;
  g_free(elem);
  }
  
@@ -1339,6 +1347,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,

   _buffers, sizeof mhdr.num_buffers);
  }
  
+virtqueue_fill(q->rx_vq, , head_len, 0);

  virtqueue_flush(q->rx_vq, i);
  virtio_notify(vdev, q->rx_vq);
  

Re: [Qemu-devel] [PATCH v4 08/11] virtio: event suppression support for packed ring

[Jason Wang]

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

Difference between 'avail_wrap_counter' and 'last_avail_wrap_counter':
For Tx(guest transmitting), they are the same after each pop of a desc.

For Rx(guest receiving), they are also the same when there are enough
descriptors to carry the payload for a packet(e.g. usually 16 descs are
needed for a 64k packet in typical iperf tcp connection with tso enabled),
however, when the ring is running out of descriptors while there are
still a few free ones, e.g. 6 descriptors are available which is not
enough to carry an entire packet which needs 16 descriptors, in this
case the 'avail_wrap_counter' should be set as the first one pending
being handled by guest driver in order to get a notification, and the
'last_avail_wrap_counter' should stay unchanged to the head of available
descriptors, like below:

Mark meaning:
 | | -- available
 |*| -- used

A Snapshot of the queue:
   last_avail_idx = 253
   last_avail_wrap_counter = 1
  |
 +-+
  0  | | | |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*| | | | 255
 +-+
|
   shadow_avail_idx = 3
   avail_wrap_counter = 0



Well this might not be the good place to describe the difference between 
shadow_avail_idx and last_avail_idx. And the comments above their 
definition looks good enough?


    /* Next head to pop */
    uint16_t last_avail_idx;

    /* Last avail_idx read from VQ. */
    uint16_t shadow_avail_idx;

Instead, how or why need event suppress is not mentioned ...





Signed-off-by: Wei Xu 
---
  hw/virtio/virtio.c | 137 +
  1 file changed, 128 insertions(+), 9 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 7e276b4..8cfc7b6 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -234,6 +234,34 @@ static void vring_desc_read(VirtIODevice *vdev, VRingDesc 
*desc,
  virtio_tswap16s(vdev, >next);
  }
  
+static void vring_packed_event_read(VirtIODevice *vdev,

+MemoryRegionCache *cache, VRingPackedDescEvent *e)
+{
+address_space_read_cached(cache, 0, e, sizeof(*e));
+virtio_tswap16s(vdev, >off_wrap);
+virtio_tswap16s(vdev, >flags);
+}
+
+static void vring_packed_off_wrap_write(VirtIODevice *vdev,
+MemoryRegionCache *cache, uint16_t off_wrap)
+{
+virtio_tswap16s(vdev, _wrap);
+address_space_write_cached(cache, offsetof(VRingPackedDescEvent, off_wrap),
+_wrap, sizeof(off_wrap));
+address_space_cache_invalidate(cache,
+offsetof(VRingPackedDescEvent, off_wrap), sizeof(off_wrap));
+}
+
+static void vring_packed_flags_write(VirtIODevice *vdev,
+MemoryRegionCache *cache, uint16_t flags)
+{
+virtio_tswap16s(vdev, );
+address_space_write_cached(cache, offsetof(VRingPackedDescEvent, flags),
+, sizeof(flags));
+address_space_cache_invalidate(cache,
+offsetof(VRingPackedDescEvent, flags), sizeof(flags));
+}
+
  static VRingMemoryRegionCaches *vring_get_region_caches(struct VirtQueue *vq)
  {
  VRingMemoryRegionCaches *caches = atomic_rcu_read(>vring.caches);
@@ -340,14 +368,8 @@ static inline void vring_set_avail_event(VirtQueue *vq, 
uint16_t val)
  address_space_cache_invalidate(>used, pa, sizeof(val));
  }
  
-void virtio_queue_set_notification(VirtQueue *vq, int enable)

+static void virtio_queue_set_notification_split(VirtQueue *vq, int enable)
  {
-vq->notification = enable;
-
-if (!vq->vring.desc) {
-return;
-}
-
  rcu_read_lock();
  if (virtio_vdev_has_feature(vq->vdev, VIRTIO_RING_F_EVENT_IDX)) {
  vring_set_avail_event(vq, vring_avail_idx(vq));
@@ -363,6 +385,57 @@ void virtio_queue_set_notification(VirtQueue *vq, int 
enable)
  rcu_read_unlock();
  }
  
+static void virtio_queue_set_notification_packed(VirtQueue *vq, int enable)

+{
+VRingPackedDescEvent e;
+VRingMemoryRegionCaches *caches;
+
+rcu_read_lock();
+caches  = vring_get_region_caches(vq);
+vring_packed_event_read(vq->vdev, >used, );
+
+if (!enable) {
+if (virtio_vdev_has_feature(vq->vdev, VIRTIO_RING_F_EVENT_IDX)) {
+/* no need to write device area since this is outdated. */



We should advertise off and wrap in this case as well, otherwise we may 
get notifications earlier than expected.




+goto out;
+}
+
+e.flags = VRING_PACKED_EVENT_FLAG_DISABLE;
+goto update;
+}
+
+e.flags = VRING_PACKED_EVENT_FLAG_ENABLE;



Here and the above goto could be eliminated by:

if (even idx) {

...

} else if (enable) {

...

} else {

...

}


Thanks



+if (virtio_vdev_has_feature(vq->vdev, 

Re: [Qemu-devel] Configuring pflash devices for OVMF firmware

[Markus Armbruster]

Paolo Bonzini  writes:

> On 30/01/19 15:13, Markus Armbruster wrote:
>> -global driver=cfi.pflash01,property=secure,value=on
>> 
>> Affects *all* such devices, but fortunately we have at most two, and the
>> one we don't want to affect happens to ignore the property value.
>
> Is this true?  I think both need secure=on, at least on x86.
>
>> For libvirt, plumbing the base address from the firmware's descriptor to
>> QEMU would be the lesser mess (for the firmware, providing the base
>> address there would be no mess at all).
>> 
>> For human users, it's perhaps the greater mess.  They can continue to
>> use -drive if=pflash.
>> 
>> Perhaps we *should* redo board configuration from the ground up.
>> Perhaps a board should be a composite object that exposes properties of
>> its own and its part, just like other composite devices, and so that
>> "create, set properties, realize" works.  That would extend our common
>> device configuration mechanism naturally to onboard devices.
>> 
>> Of course, "we should" doesn't imply "I could".
>
> Maybe we should just add pflash block properties to the machine?  And
> then it can create the devices if the properties are set to a non-empty
> value.
>
> This doesn't remove the need to use -global to configure the "secure"
> property, but it's not particularly an issue.

I played with this idea.  Here's how it went so far.

The new machine properties name block backends, so they should be just
like any other such property.  That means DEFINE_PROP_DRIVE().

Oh, that's a *qdev* property, but a TYPE_MACHINE is not a TYPE_DEVICE.

Duplicating the machinery behind DEFINE_PROP_DRIVE() for a non-qdev
property would be wrong.

But they're not properties of the machine anyway, they're properties of
onboard pflash devices.  So let's create (but not realize) these pflash
devices, and forward the property with something like

object_property_add_alias(machine, "pflash0",
  pcms->flash0, "pflash0", _abort);

If the property gets set, we realize, else we destroy.

As we just discussed in another thread[*], the place to create child
objects is .instance_init().  Okay, let's add the qdev_create() to
pc_machine_initfn() and see what happens.

Oh, crash happens.

Turns out I can create child objects just fine there, but not
TYPE_DEVICE objects.  These have

.instance_post_init = device_post_init,

and device_post_init() calls object_apply_compat_props(), which calls
qdev_get_machine(), which calls container_get(object_get_root(),
"/machine").  Since the machine is still being constructed, it hasn't
been made a child of the root object, yet --- main() will do that right
after we return there --- so container_get() "helpfully" creates such a
child for us:

if (!child) {
child = object_new("container");
object_property_add_child(obj, parts[i], child, NULL);
object_unref(child);
}

When main() adds the real thing, it fails with

attempt to add duplicate property 'machine' to object (type 'container')

There are just two users of .instance_post_init, TYPE_DEVICE and
TYPE_MEMORY_BACKEND.  Both use it to call object_apply_compat_props().
I guess that means I can't create TYPE_MEMORY_BACKEND from a
TYPE_MACHINE's .instance_init() either.

Here's object_apply_compat_props():

void object_apply_compat_props(Object *obj)
{
if (object_dynamic_cast(qdev_get_machine(), TYPE_MACHINE)) {
MachineState *m = MACHINE(qdev_get_machine());
MachineClass *mc = MACHINE_GET_CLASS(m);

if (m->accelerator) {
AccelClass *ac = ACCEL_GET_CLASS(m->accelerator);

if (ac->compat_props) {
object_apply_global_props(obj, ac->compat_props, 
_abort);
}
}
object_apply_global_props(obj, mc->compat_props, _abort);
}
}

What it really wants is not the MachineState, but its AccelClass and
MachineClass.  Which already exist, they're just not available via
qdev_get_machine().

Opinions?  Advice?



[*] Subject: Object instantiation vs. device realization: what to do
when?

Re: [Qemu-devel] [PATCH v4 07/11] virtio: fill/flush/pop for packed ring

[Jason Wang]

On 2019/2/18 下午10:46, Wei Xu wrote:

Do we allow chain more descriptors than vq size in the case of indirect?
According to the spec:

"

The device limits the number of descriptors in a list through a
transport-specific and/or device-specific value. If not limited,
the maximum number of descriptors in a list is the virt queue
size.
"

This looks possible, so the above is probably wrong if the max number of
chained descriptors is negotiated through a device specific way.


OK, I will remove this check, while it is necessary to have a limitation
for indirect descriptor anyway, otherwise it is possible to hit an overflow
since presumably u16 is used for most number/size in the spec.



Please try to test block and scsi device for you changes as well.

Thanks

Re: [Qemu-devel] [PATCH v1 0/1] Allow TAP to unnegotiate virtio-net header

[Jason Wang]

On 2019/2/18 下午7:53, Vincenzo Maffione wrote:

Hi Jason,
   Thanks for the quick reply.

My PV device (to be open sourced soon) uses the QEMU net backend interface,
in a way similar to virtio-net.
For example it uses qemu_set_offload(), qemu_has_vnet_hdr_len(),
qemu_using_vnet_hdr(), qemu_send_packet(), etc.
This means that the device itself does not know which net backend is using,
of course.
In addition to TAP, also the netmap backend supports the virtio-net header,
and so the PV device will work with both.
Regarding the virtio-net header, the netmap backend is more flexible
because you can change the virtio-net header length as you wish (choosing
between 0, 10 and 12 bytes).



Interesting, actually, there's case that vnet header is not used even 
for virtio-net, e.g for the case of XDP withouth csum support. If we 
don't pass vnet header in this case, we may get even higher PPS.





My problem cannot be solved by making sure that TAPs are opened without
IFF_VNET_HDR. What I want instead
is to dynamically change the length of the virtio-net header that the
backend accepts, switching between 12 bytes (virtio 1.0 header) and 0 (no
header). By "dynamically" I mean while the guest (and the device) is
running. This is possible and safe if we get rid of that assert().
The virtio-net device does not need that flexibility (once you enable the
vtnet header, you never disable that again), so I guess that's why you have
that assert().
My PV device can be reconfigured on the fly in such a way it may or not may
be aware of the virtio-net header, and as a consequence it may need to call
qemu_using_vnet_hdr() with true or false (multiple times).

Does it make sense?



Yes, it is. But I think maybe it's better to send this patch with your 
new PV device implementation.


Thanks




Cheers,
   Vincenzo


Il giorno lun 18 feb 2019 alle ore 05:19 Jason Wang 
ha scritto:


On 2019/2/16 上午1:46, Vincenzo Maffione wrote:

Hi,
I was doing experiments with a custom paravirtualized net device,
and I ran into a limitation of the TAP backend. I see from the kernel
code that it is not possible to set the TAP virtio-net header
length to something different from 10 or 12, which means that it
is not possible to set it to 0. That's fine.
The QEMU implementation of the TAP backend already supports
the case where virtio-net header is set to 10 or 12 in kernel,
but the emulated/paravirtualized net device is not using that:
the TAP backend will just strip/prepend a zeroed header in this case
(e.g., see the if statement in tap_receive_iov()).
However, the tap_using_vnet_hdr() has an assert() that prevents
this situation to happen, and I don't understand why. Maybe it
is a leftover? I tried to remove the assert and by doing that
my paravirtualized device was able to stop using the virtio-net
header.


Hi:

If  I understand this correctly, your PV device is API compatible with
TAP? Then you may just adding code to call TUNSETIFF without IFF_VNET_HDR?

Thanks



Vincenzo Maffione (1):
net: tap: allow net frontends to un-negotiate virtio-net header

   net/tap.c | 1 -
   1 file changed, 1 deletion(-)

Re: [Qemu-devel] [PATCH v2] Add a gitlab-ci file for Continuous Integration testing on Gitlab

[Thomas Huth]

On 18/02/2019 19.22, Cleber Rosa wrote:
> 
> 
> On 2/13/19 6:54 AM, Thomas Huth wrote:
>> This is very convenient for people like me who store their QEMU git trees
>> on gitlab.com: Automatic CI pipelines are now run for each branch that is
>> pushed to the server - useful for some extra-testing before sending PULL-
>> requests for example. Since the runtime of the jobs is limited to 1h, the
>> jobs are distributed into multiple pipelines - this way everything finishs
>> fine within time (ca. 30 minutes currently).
>>
>> Signed-off-by: Thomas Huth 
>> ---
>>  An example can be seen here: https://gitlab.com/huth/qemu/pipelines/
>>
>>  I'd really like to get this into the main QEMU repository, so that I don't
>>  have to cherry-pick this patch onto my testing branches anymore each time
>>  I want to test before sending a PULL request...
>>
>>  .gitlab-ci.yml | 73 
>> ++
>>  MAINTAINERS|  5 
>>  2 files changed, 78 insertions(+)
>>  create mode 100644 .gitlab-ci.yml
>>
>> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
>> new file mode 100644
>> index 000..79d02cf
>> --- /dev/null
>> +++ b/.gitlab-ci.yml
>> @@ -0,0 +1,73 @@
>> +before_script:
>> + - apt-get update -qq
>> + - apt-get install -y -qq flex bison libglib2.0-dev libpixman-1-dev 
>> genisoimage
>> +
>> +build-system1:
>> + script:
>> + - apt-get install -y -qq libgtk-3-dev libvte-dev nettle-dev libcacard-dev
>> +  libusb-dev libvde-dev libspice-protocol-dev libgl1-mesa-dev
>> + - ./configure --enable-werror --target-list="aarch64-softmmu alpha-softmmu
>> +  cris-softmmu hppa-softmmu lm32-softmmu moxie-softmmu 
>> microblazeel-softmmu
>> +  mips64el-softmmu m68k-softmmu ppc-softmmu riscv64-softmmu 
>> sparc-softmmu"
>> + - make -j2
>> + - make -j2 check
>> +
>> +build-system2:
>> + script:
>> + - apt-get install -y -qq libsdl2-dev libgcrypt-dev libbrlapi-dev libaio-dev
>> +  libfdt-dev liblzo2-dev librdmacm-dev libibverbs-dev libibumad-dev
>> + - ./configure --enable-werror --target-list="tricore-softmmu 
>> unicore32-softmmu
>> +  microblaze-softmmu mips-softmmu riscv32-softmmu s390x-softmmu 
>> sh4-softmmu
>> +  sparc64-softmmu x86_64-softmmu xtensa-softmmu nios2-softmmu 
>> or1k-softmmu"
>> + - make -j2
>> + - make -j2 check
>> +
>> +build-disabled:
>> + script:
>> + - ./configure --enable-werror --disable-rdma --disable-slirp --disable-curl
>> +  --disable-capstone --disable-live-block-migration --disable-glusterfs
>> +  --disable-replication --disable-coroutine-pool --disable-smartcard
>> +  --disable-guest-agent --disable-curses --disable-libxml2 --disable-tpm
>> +  --disable-qom-cast-debug --disable-spice --disable-vhost-vsock
>> +  --disable-vhost-net --disable-vhost-crypto --disable-vhost-user
>> +  --target-list="i386-softmmu ppc64-softmmu mips64-softmmu 
>> i386-linux-user"
>> + - make -j2
>> + - make -j2 check-qtest SPEED=slow
>> +
>> +build-tcg-disabled:
>> + script:
>> + - apt-get install -y -qq clang libgtk-3-dev libbluetooth-dev libusb-dev
>> + - ./configure --cc=clang --enable-werror --disable-tcg --audio-drv-list=""
>> + - make -j2
>> + - make check-unit
>> + - make check-qapi-schema
>> + - cd tests/qemu-iotests/
>> + - ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 048
>> +052 063 077 086 101 104 106 113 147 148 150 151 152 157 159 160
>> +163 170 171 183 184 192 194 197 205 208 215 221 222 226 227 236
>> + - ./check -qcow2 001 002 003 004 005 007 008 009 010 011 012 013 017 018 
>> 019
>> +020 021 022 024 025 027 028 029 031 032 033 034 035 036 037 038
>> +039 040 042 043 046 047 048 049 050 051 052 053 054 056 057 058
>> +060 061 062 063 065 066 067 068 069 071 072 073 074 079 080 082
>> +085 086 089 090 091 095 096 097 098 099 102 103 104 105 107 108
>> +110 111 114 117 120 122 124 126 127 129 130 132 133 134 137 138
>> +139 140 141 142 143 144 145 147 150 151 152 154 155 156 157 158
>> +161 165 170 172 174 176 177 179 184 186 187 190 192 194 195 196
>> +197 200 202 203 205 208 209 214 215 216 217 218 222 226 227 229 
>> 234
>> +
> 
> On the matter of "make check-block" or "./check xxx", I've seen
> arguments for both sides.  I've sent a similar (but using make
> check-block) patch for Travis:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg02334.html
> 
> I'd be nice to hear from the qemu-iotest's maintainers which approach
> is preferable for upstream + shared computing resources kind of environment.

I think "make check-block" should likely be the preferred way to run the
tests for normal builds (and by the way, why don't we always run this
during "make check" yet?).

But in this CI file here, I'm running the tests for the "--disable-tcg"
build - simply because this test finishes way earlier than the other
tests otherwise. Unfortunately --disable-tcg causes 

Re: [Qemu-devel] [PATCH] virtio-net: do not start queues that are not enabled by the guest

[Jason Wang]

On 2019/2/19 上午7:34, Michael S. Tsirkin wrote:

On Mon, Feb 18, 2019 at 10:49:08PM +0200, Yuri Benditovich wrote:

On Mon, Feb 18, 2019 at 6:39 PM Michael S. Tsirkin  wrote:

On Mon, Feb 18, 2019 at 11:58:51AM +0200, Yuri Benditovich wrote:

On Mon, Feb 18, 2019 at 5:49 AM Jason Wang  wrote:


On 2019/2/13 下午10:51, Yuri Benditovich wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=1608226
On startup/link-up in multiqueue configuration the virtio-net
tries to starts all the queues, including those that the guest
will not enable by VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET.
If the guest driver does not allocate queues that it will not
use (for example, Windows driver does not) and number of actually
used queues is less that maximal number supported by the device,


Is this a requirement of e.g NDIS? If not, could we simply allocate all
queues in this case. This is usually what normal Linux driver did.



this causes vhost_net_start to fail and actually disables vhost
for all the queues, reducing the performance.
Current commit fixes this: initially only first queue is started,
upon VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET started all the queues
requested by the guest.

Signed-off-by: Yuri Benditovich 
---
   hw/net/virtio-net.c | 7 +--
   1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 3f319ef723..d3b1ac6d3a 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -174,7 +174,7 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t 
status)
   {
   VirtIODevice *vdev = VIRTIO_DEVICE(n);
   NetClientState *nc = qemu_get_queue(n->nic);
-int queues = n->multiqueue ? n->max_queues : 1;
+int queues = n->multiqueue ? n->curr_queues : 1;

   if (!get_vhost_net(nc->peer)) {
   return;
@@ -1016,9 +1016,12 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t 
cmd,
   return VIRTIO_NET_ERR;
   }

-n->curr_queues = queues;
   /* stop the backend before changing the number of queues to avoid 
handling a
* disabled queue */
+virtio_net_set_status(vdev, 0);


Any reason for doing this?

I think there are 2 reasons:
1. The spec does not require guest SW to allocate unused queues.
2. We spend guest's physical memory to just make vhost happy when it
touches queues that it should not use.

Thanks,
Yuri Benditovich

The spec also says:
 queue_enable The driver uses this to selectively prevent the device 
from executing requests from this
 virtqueue. 1 - enabled; 0 - disabled.

While this is not a conformance clause this strongly implies that
queues which are not enabled are never accessed by device.

Yuri I am guessing you are not enabling these unused queues right?

Of course, we (Windows driver) do not.
The code of virtio-net passes max_queues to vhost and this causes
vhost to try accessing all the queues, fail on unused ones and finally
leave vhost disabled at all.


Jason, at least for 1.0 accessing disabled queues looks like a spec
violation. What do you think?



Yes, but there's some issues:

- How to detect a disabled queue for 0.9x device? Looks like there's no 
way according to the spec, so device must assume all queues was enabled.


- For 1.0, if we depends on queue_enable, we should implement the 
callback for vhost I think. Otherwise it's still buggy.


So it looks tricky to enable and disable queues through set status

Thanks








Thanks



+
+n->curr_queues = queues;
+
   virtio_net_set_status(vdev, vdev->status);
   virtio_net_set_queues(n);

[Qemu-devel] Failing qemu-iotest 233

[Thomas Huth]

 Hi Eric, hi Daniel,

QEMU iotest 233 is failing for me on RHEL7:

233[07:29:30] [07:29:30] [failed, exit status 1] - output 
mismatch (see 233.out.bad)
--- /home/thuth/devel/qemu/tests/qemu-iotests/233.out   2019-02-19 
07:14:45.0 +0100
+++ /home/thuth/tmp/qemu-build/tests/qemu-iotests/233.out.bad   2019-02-19 
07:29:30.0 +0100
@@ -13,45 +13,7 @@
 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 
 == check TLS client to plain server fails ==
-qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
Denied by server for option 5 (starttls)
-server reported: TLS not configured
-qemu-nbd: Denied by server for option 5 (starttls)
-server reported: TLS not configured
+qemu-nbd: Unable to import client certificate 
/tmp/qemu-iotests-quick-28354/tls/client1/client-cert.pem: Base64 unexpected 
header error.
 
 == check plain client to TLS server fails ==
-qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required 
before option 8 (structured reply)
-server reported: Option 0x8 not permitted before TLS
-qemu-nbd: TLS negotiation required before option 8 (structured reply)
-server reported: Option 0x8 not permitted before TLS
-
-== check TLS works ==
-image: nbd://127.0.0.1:PORT
-file format: nbd
-virtual size: 64M (67108864 bytes)
-disk size: unavailable
-exports available: 1
- export: ''
-  size:  67108864
-  flags: 0x4ed ( flush fua trim zeroes df cache )
-  min block: 512
-  opt block: 4096
-  max block: 33554432
-  available meta contexts: 1
-   base:allocation
-
-== check TLS with different CA fails ==
-qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': 
The certificate hasn't got a known issuer
-qemu-nbd: The certificate hasn't got a known issuer
-
-== perform I/O over TLS ==
-read 1048576/1048576 bytes at offset 1048576
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-wrote 1048576/1048576 bytes at offset 1048576
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-read 1048576/1048576 bytes at offset 1048576
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-
-== final server log ==
-qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
-qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
-*** done
+qemu-nbd unexpectedly quit


Any ideas how to fix this?

 Thomas

Re: [Qemu-devel] [PATCH v4 06/11] virtio: get avail bytes check for packed ring

[Jason Wang]

On 2019/2/19 上午1:07, Wei Xu wrote:

On Mon, Feb 18, 2019 at 03:27:21PM +0800, Jason Wang wrote:

On 2019/2/14 下午12:26, w...@redhat.com wrote:

From: Wei Xu 

Add packed ring headcount check.

Common part of split/packed ring are kept.

Signed-off-by: Wei Xu 
---
  hw/virtio/virtio.c | 197 -
  1 file changed, 179 insertions(+), 18 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index f2ff980..832287b 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -368,6 +368,17 @@ int virtio_queue_ready(VirtQueue *vq)
  return vq->vring.avail != 0;
  }
+static void vring_packed_desc_read(VirtIODevice *vdev, VRingPackedDesc *desc,
+MemoryRegionCache *cache, int i)
+{
+address_space_read_cached(cache, i * sizeof(VRingPackedDesc),
+  desc, sizeof(VRingPackedDesc));
+virtio_tswap16s(vdev, >flags);
+virtio_tswap64s(vdev, >addr);
+virtio_tswap32s(vdev, >len);
+virtio_tswap16s(vdev, >id);
+}
+
  static void vring_packed_desc_read_flags(VirtIODevice *vdev,
  VRingPackedDesc *desc, MemoryRegionCache *cache, int i)
  {
@@ -667,9 +678,9 @@ static int virtqueue_read_next_desc(VirtIODevice *vdev, 
VRingDesc *desc,
  return VIRTQUEUE_READ_DESC_MORE;
  }
-void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-   unsigned int *out_bytes,
-   unsigned max_in_bytes, unsigned max_out_bytes)
+static void virtqueue_split_get_avail_bytes(VirtQueue *vq,
+unsigned int *in_bytes, unsigned int *out_bytes,
+unsigned max_in_bytes, unsigned max_out_bytes)
  {
  VirtIODevice *vdev = vq->vdev;
  unsigned int max, idx;
@@ -679,27 +690,12 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned 
int *in_bytes,
  int64_t len = 0;
  int rc;
-if (unlikely(!vq->vring.desc)) {
-if (in_bytes) {
-*in_bytes = 0;
-}
-if (out_bytes) {
-*out_bytes = 0;
-}
-return;
-}
-
  rcu_read_lock();
  idx = vq->last_avail_idx;
  total_bufs = in_total = out_total = 0;
  max = vq->vring.num;
  caches = vring_get_region_caches(vq);
-if (caches->desc.len < max * sizeof(VRingDesc)) {
-virtio_error(vdev, "Cannot map descriptor ring");
-goto err;
-}
-
  while ((rc = virtqueue_num_heads(vq, idx)) > 0) {
  MemoryRegionCache *desc_cache = >desc;
  unsigned int num_bufs;
@@ -792,6 +788,171 @@ err:
  goto done;
  }
+static void virtqueue_packed_get_avail_bytes(VirtQueue *vq,
+unsigned int *in_bytes, unsigned int *out_bytes,
+unsigned max_in_bytes, unsigned max_out_bytes)
+{
+VirtIODevice *vdev = vq->vdev;
+unsigned int max, idx;
+unsigned int total_bufs, in_total, out_total;
+MemoryRegionCache *desc_cache;
+VRingMemoryRegionCaches *caches;
+MemoryRegionCache indirect_desc_cache = MEMORY_REGION_CACHE_INVALID;
+int64_t len = 0;
+VRingPackedDesc desc;
+bool wrap_counter;
+
+rcu_read_lock();
+idx = vq->last_avail_idx;
+wrap_counter = vq->last_avail_wrap_counter;
+total_bufs = in_total = out_total = 0;
+
+max = vq->vring.num;
+caches = vring_get_region_caches(vq);
+desc_cache = >desc;
+vring_packed_desc_read_flags(vdev, , desc_cache, idx);
+while (is_desc_avail(, wrap_counter)) {
+unsigned int num_bufs;
+unsigned int i = 0;
+
+num_bufs = total_bufs;
+
+/* Make sure flags has been read before all the fields. */
+smp_rmb();
+vring_packed_desc_read(vdev, , desc_cache, idx);


It's better to have single function to deal with reading flags and
descriptors and check its availability like packed ring.

There is something different between split and packed ring here.
For split ring, 'avail_idx' and descriptor are separately used so the
interfaces of them are straightforward, while the flag and data fields
of the descriptors for packed ring are mixed and independent accesses to
them have been brought in, it is good to use them as what they are supposed
to work. :)

Another neat way is to pack the two operations to a new one, but it would
introduce memory cache parameter passing.

So personally I prefer to keep it unchanged, still want to sort it out?



It's as simple as another helper that call read_flags() and desc_read()?

Btw, it's better to have a consistent naming for the function like 
vring_packed_flags_read().


Thanks







+
+if (desc.flags & VRING_DESC_F_INDIRECT) {
+if (desc.len % sizeof(VRingPackedDesc)) {
+virtio_error(vdev, "Invalid size for indirect buffer table");
+goto err;
+}
+
+/* If we've got too many, that implies a descriptor loop. */
+if (num_bufs >= 

[Qemu-devel] [PATCH 17/23] tests/tcg/xtensa: conditionalize MMU-related tests

[Max Filippov]

Make MMU-related tests conditional on the presence of MMUv2 option.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_mmu.S  | 4 
 tests/tcg/xtensa/test_phys_mem.S | 4 
 2 files changed, 8 insertions(+)

diff --git a/tests/tcg/xtensa/test_mmu.S b/tests/tcg/xtensa/test_mmu.S
index a15316ffb317..4cbd6ef4f9d8 100644
--- a/tests/tcg/xtensa/test_mmu.S
+++ b/tests/tcg/xtensa/test_mmu.S
@@ -2,6 +2,8 @@
 
 test_suite mmu
 
+#if XCHAL_HAVE_PTP_MMU && !XCHAL_HAVE_SPANNING_WAY
+
 .purgem test_init
 
 .macro clean_tlb_way way, page_size, n_entries
@@ -740,4 +742,6 @@ test cross_page_tb
 assert  eq, a2, a3
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_phys_mem.S b/tests/tcg/xtensa/test_phys_mem.S
index aae0a793a718..9bb3ee3866ed 100644
--- a/tests/tcg/xtensa/test_phys_mem.S
+++ b/tests/tcg/xtensa/test_phys_mem.S
@@ -2,6 +2,8 @@
 
 test_suite phys_mem
 
+#if XCHAL_HAVE_PTP_MMU && !XCHAL_HAVE_SPANNING_WAY
+
 .purgem test_init
 
 .macro test_init
@@ -67,6 +69,8 @@ test write_get_pte_no_phys
 assert  eq, a2, a3
 test_end
 
+#endif
+
 test inst_fetch_no_phys
 set_vector kernel, 2f
 
-- 
2.11.0

[Qemu-devel] [PATCH 20/23] tests/tcg/xtensa: add FP0 group arithmetic tests

[Max Filippov]

Test arithmetic operations for normal, NaN and Inf arguments.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile |   1 +
 tests/tcg/xtensa/macros.inc   |  17 
 tests/tcg/xtensa/test_fp0_arith.S | 173 ++
 3 files changed, 191 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_fp0_arith.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index c2bc278be5e7..eea269a36e7a 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -39,6 +39,7 @@ TESTCASES += test_clamps.tst
 TESTCASES += test_extui.tst
 TESTCASES += test_fail.tst
 TESTCASES += test_flix.tst
+TESTCASES += test_fp0_arith.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
 TESTCASES += test_lsc.tst
diff --git a/tests/tcg/xtensa/macros.inc b/tests/tcg/xtensa/macros.inc
index 36536ed8a4bc..aa8f95bce879 100644
--- a/tests/tcg/xtensa/macros.inc
+++ b/tests/tcg/xtensa/macros.inc
@@ -98,6 +98,23 @@ test_\name:
 s32ia3, a2, 0
 .endm
 
+.macro dump r
+#ifdef DEBUG
+.data
+.align 4
+1: .word 0
+.text
+movia4, 1b
+s32ia2, a4, 0
+movia2, 4
+movia3, 1
+movia5, 4
+simcall
+movia4, 1b
+l32ia2, a4, 0
+#endif
+.endm
+
 #define glue(a, b) _glue(a, b)
 #define _glue(a, b) a ## b
 
diff --git a/tests/tcg/xtensa/test_fp0_arith.S 
b/tests/tcg/xtensa/test_fp0_arith.S
new file mode 100644
index ..253d033a3398
--- /dev/null
+++ b/tests/tcg/xtensa/test_fp0_arith.S
@@ -0,0 +1,173 @@
+#include "macros.inc"
+
+test_suite fp0_arith
+
+#if XCHAL_HAVE_FP
+
+.macro movfp fr, v
+movia2, \v
+wfr \fr, a2
+.endm
+
+.macro check_res fr, r
+rfr a2, \fr
+dumpa2
+movia3, \r
+assert  eq, a2, a3
+rur a2, fsr
+assert  eqi, a2, 0
+.endm
+
+.macro test_op2_rm op, fr0, fr1, fr2, v0, v1, r
+movia2, 0
+wur a2, fsr
+movfp   \fr0, \v0
+movfp   \fr1, \v1
+\op \fr2, \fr0, \fr1
+check_res \fr2, \r
+.endm
+
+.macro test_op3_rm op, fr0, fr1, fr2, fr3, v0, v1, v2, r
+movia2, 0
+wur a2, fsr
+movfp   \fr0, \v0
+movfp   \fr1, \v1
+movfp   \fr2, \v2
+\op \fr0, \fr1, \fr2
+check_res \fr3, \r
+.endm
+
+.macro test_op2_ex op, fr0, fr1, fr2, v0, v1, rm, r
+movia2, \rm
+wur a2, fcr
+test_op2_rm \op, \fr0, \fr1, \fr2, \v0, \v1, \r
+movia2, (\rm) | 0x7c
+wur a2, fcr
+test_op2_rm \op, \fr0, \fr1, \fr2, \v0, \v1, \r
+.endm
+
+.macro test_op3_ex op, fr0, fr1, fr2, fr3, v0, v1, v2, rm, r
+movia2, \rm
+wur a2, fcr
+test_op3_rm \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, \r
+movia2, (\rm) | 0x7c
+wur a2, fcr
+test_op3_rm \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, \r
+.endm
+
+.macro test_op2 op, fr0, fr1, fr2, v0, v1, r0, r1, r2, r3
+test_op2_ex \op, \fr0, \fr1, \fr2, \v0, \v1, 0, \r0
+test_op2_ex \op, \fr0, \fr1, \fr2, \v0, \v1, 1, \r1
+test_op2_ex \op, \fr0, \fr1, \fr2, \v0, \v1, 2, \r2
+test_op2_ex \op, \fr0, \fr1, \fr2, \v0, \v1, 3, \r3
+.endm
+
+.macro test_op3 op, fr0, fr1, fr2, fr3, v0, v1, v2, r0, r1, r2, r3
+test_op3_ex \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, 0, \r0
+test_op3_ex \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, 1, \r1
+test_op3_ex \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, 2, \r2
+test_op3_ex \op, \fr0, \fr1, \fr2, \fr3, \v0, \v1, \v2, 3, \r3
+.endm
+
+.macro test_op2_cpe op
+set_vector  kernel, 2f
+movia2, 0
+wsr a2, cpenable
+1:
+\op f2, f0, f1
+test_fail
+2:
+rsr a2, excvaddr
+movia3, 1b
+assert  eq, a2, a3
+rsr a2, exccause
+movia3, 32
+assert  eq, a2, a3
+
+set_vector  kernel, 0
+movia2, 1
+wsr a2, cpenable
+.endm
+
+test add_s
+movia2, 1
+wsr a2, cpenable
+
+test_op2 add.s, f0, f1, f2, 0x3fc0, 0x3440, \
+0x3fc2, 0x3fc1, 0x3fc2, 0x3fc1
+test_op2 add.s, f3, f4, f5, 0x3fc0, 0x34a0, \
+0x3fc2, 0x3fc2, 0x3fc3, 0x3fc2
+
+/* MAX_FLOAT + MAX_FLOAT = +inf/MAX_FLOAT  */
+test_op2 add.s, f6, f7, f8, 0x7f7f, 0x7f7f, \
+0x7f80, 0x7f7f, 0x7f80, 0x7f7f
+test_end
+
+test add_s_inf
+/* 1 + +inf = +inf  */
+test_op2 add.s, f6, f7, f8, 0x3fc0, 0x7f80, \
+0x7f80, 0x7f80, 0x7f80, 0x7f80
+
+/* +inf + -inf = default NaN */
+test_op2 add.s, f0, f1, f2, 0x7f80, 0xff80, \
+0x7fc0, 0x7fc0, 0x7fc0, 0x7fc0
+test_end
+
+test add_s_nan
+/* 1 + NaN = NaN  */
+test_op2 add.s, f9, f10, f11, 0x3fc0, 0x7fc1, \
+0x7fc1, 0x7fc1, 0x7fc1, 0x7fc1
+test_op2 add.s, f12, f13, f14, 0x3fc0, 0x7f81, \
+0x7f81, 0x7f81, 0x7f81, 0x7f81
+
+/* NaN1 + NaN2 = NaN1 */
+test_op2 add.s, f15, f0, f1, 0x7f81, 0x7fbf, \
+

[Qemu-devel] [PATCH 23/23] tests/tcg/xtensa: add FPU2000 coprocessor tests

[Max Filippov]

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile   |  1 +
 tests/tcg/xtensa/test_fp_cpenable.S | 27 +++
 2 files changed, 28 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_fp_cpenable.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index 2b323adb8d46..2bd4491769d1 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -42,6 +42,7 @@ TESTCASES += test_flix.tst
 TESTCASES += test_fp0_arith.tst
 TESTCASES += test_fp0_conv.tst
 TESTCASES += test_fp1.tst
+TESTCASES += test_fp_cpenable.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
 TESTCASES += test_lsc.tst
diff --git a/tests/tcg/xtensa/test_fp_cpenable.S 
b/tests/tcg/xtensa/test_fp_cpenable.S
new file mode 100644
index ..882bb2f3ceb1
--- /dev/null
+++ b/tests/tcg/xtensa/test_fp_cpenable.S
@@ -0,0 +1,27 @@
+#include "macros.inc"
+
+test_suite fp_cpenable
+
+#if XCHAL_HAVE_FP
+
+test rur
+set_vector kernel, 2f
+movia2, 0
+wsr a2, cpenable
+isync
+1:
+rur a2, fsr
+//wfr f0, a2
+test_fail
+2:
+movia2, 1b
+rsr a3, epc1
+assert  eq, a2, a3
+movia2, 32
+rsr a3, exccause
+assert  eq, a2, a3
+test_end
+
+#endif
+
+test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 13/23] tests/tcg/xtensa: conditionalize and expand SR tests

[Max Filippov]

Make tests for specific special registers conditional on the presence of
the options that add these registers and test that the registers are not
accessible otherwise.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_sr.S | 133 +
 1 file changed, 133 insertions(+)

diff --git a/tests/tcg/xtensa/test_sr.S b/tests/tcg/xtensa/test_sr.S
index 052f1e04a72c..e64653b8771e 100644
--- a/tests/tcg/xtensa/test_sr.S
+++ b/tests/tcg/xtensa/test_sr.S
@@ -42,50 +42,183 @@ test_end
 test_sr_mask\sr, \conf, 7
 .endm
 
+#if XCHAL_HAVE_MAC16
 test_sr acchi, 1
 test_sr acclo, 1
+#else
+test_sr_mask /*acchi*/17, 0, 0
+test_sr_mask /*acclo*/16, 0, 0
+#endif
+
+#if XCHAL_HAVE_S32C1I && XCHAL_HW_VERSION >= 23
+test_sr atomctl, 1
+#else
 test_sr_mask /*atomctl*/99, 0, 0
+#endif
+
+#if XCHAL_HAVE_BOOLEANS
+test_sr br, 1
+#else
 test_sr_mask /*br*/4, 0, 0
+#endif
+
 test_sr_mask /*cacheattr*/98, 0, 0
+
+#if XCHAL_HAVE_CCOUNT
 test_sr ccompare0, 1
 test_sr ccount, 1
+#else
+test_sr_mask /*ccompare0*/240, 0, 0
+test_sr_mask /*ccount*/234, 0, 0
+#endif
+
+#if XCHAL_HAVE_CP
 test_sr cpenable, 1
+#else
+test_sr_mask /*cpenable*/224, 0, 0
+#endif
+
+#if XCHAL_HAVE_DEBUG
+#if XCHAL_NUM_DBREAK
 test_sr dbreaka0, 1
 test_sr dbreakc0, 1
+#endif
 test_sr_mask debugcause, 1, 1
+#else
+test_sr_mask /*dbreaka0*/144, 0, 0
+test_sr_mask /*dbreakc0*/160, 0, 0
+test_sr_mask /*debugcause*/233, 0, 0
+#endif
+
 test_sr depc, 1
+
+#if XCHAL_HAVE_PTP_MMU
 test_sr dtlbcfg, 1
+#else
+test_sr_mask /*dtlbcfg*/92, 0, 0
+#endif
+
 test_sr epc1, 1
+
+#if XCHAL_NUM_INTLEVELS > 1
 test_sr epc2, 1
 test_sr eps2, 1
+#else
+test_sr_mask /*epc2*/178, 0, 0
+test_sr_mask /*eps2*/194, 0, 0
+#endif
+
 test_sr exccause, 1
 test_sr excsave1, 1
+
+#if XCHAL_NUM_INTLEVELS > 1
 test_sr excsave2, 1
+#else
+test_sr_mask /*excsave2*/210, 0, 0
+#endif
+
 test_sr excvaddr, 1
+
+#if XCHAL_HAVE_DEBUG
+#if XCHAL_NUM_IBREAK
 test_sr ibreaka0, 1
 test_sr ibreakenable, 1
+#endif
 test_sr icount, 1
 test_sr icountlevel, 1
+#else
+test_sr_mask /*ibreaka0*/128, 0, 0
+test_sr_mask /*ibreakenable*/96, 0, 0
+test_sr_mask /*icount*/236, 0, 0
+test_sr_mask /*icountlevel*/237, 0, 0
+#endif
+
 test_sr_mask /*intclear*/227, 0, 2
 test_sr_mask /*interrupt*/226, 0, 3
 test_sr intenable, 1
+
+#if XCHAL_HAVE_PTP_MMU
 test_sr itlbcfg, 1
+#else
+test_sr_mask /*itlbcfg*/91, 0, 0
+#endif
+
+#if XCHAL_HAVE_LOOPS
 test_sr lbeg, 1
 test_sr lcount, 1
 test_sr lend, 1
+#else
+test_sr_mask /*lbeg*/0, 0, 0
+test_sr_mask /*lcount*/2, 0, 0
+test_sr_mask /*lend*/1, 0, 0
+#endif
+
+#if XCHAL_HAVE_ABSOLUTE_LITERALS
 test_sr litbase, 1
+#else
+test_sr_mask /*litbase*/5, 0, 0
+#endif
+
+#if XCHAL_HAVE_MAC16
 test_sr m0, 1
+#else
+test_sr_mask /*m0*/32, 0, 0
+#endif
+
+#if XCHAL_HW_VERSION >= 25
+test_sr_mask /*memctl*/97, 0, 7
+#else
 test_sr_mask /*memctl*/97, 0, 0
+#endif
+
+#if XCHAL_NUM_MISC_REGS
 test_sr misc0, 1
+#else
+test_sr_mask /*misc0*/244, 0, 0
+#endif
+
+#if XCHAL_HAVE_PREFETCH
+test_sr prefctl, 1
+#else
 test_sr_mask /*prefctl*/40, 0, 0
+#endif
+
+#if XCHAL_HAVE_PRID
 test_sr_mask /*prid*/235, 0, 1
+#else
+test_sr_mask /*prid*/235, 0, 0
+#endif
+
 test_sr ps, 1
+
+#if XCHAL_HAVE_PTP_MMU
 test_sr ptevaddr, 1
 test_sr rasid, 1
+#else
+test_sr_mask /*ptevaddr*/83, 0, 0
+test_sr_mask /*rasid*/90, 0, 0
+#endif
+
 test_sr sar, 1
+
+#if XCHAL_HAVE_S32C1I
 test_sr scompare1, 1
+#else
+test_sr_mask /*scompare1*/12, 0, 0
+#endif
+
+#if XCHAL_HAVE_VECBASE
 test_sr vecbase, 1
+#else
+test_sr_mask /*vecbase*/231, 0, 0
+#endif
+
+#if XCHAL_HAVE_WINDOWED
 test_sr windowbase, 1
 test_sr windowstart, 1
+#else
+test_sr_mask /*windowbase*/72, 0, 0
+test_sr_mask /*windowstart*/73, 0, 0
+#endif
 
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 22/23] tests/tcg/xtensa: add FP1 group tests

[Max Filippov]

Test comparisons and conditional move operations.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile   |   1 +
 tests/tcg/xtensa/test_fp1.S | 141 
 2 files changed, 142 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_fp1.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index b1d9953f6704..2b323adb8d46 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -41,6 +41,7 @@ TESTCASES += test_fail.tst
 TESTCASES += test_flix.tst
 TESTCASES += test_fp0_arith.tst
 TESTCASES += test_fp0_conv.tst
+TESTCASES += test_fp1.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
 TESTCASES += test_lsc.tst
diff --git a/tests/tcg/xtensa/test_fp1.S b/tests/tcg/xtensa/test_fp1.S
new file mode 100644
index ..6e182e5964bd
--- /dev/null
+++ b/tests/tcg/xtensa/test_fp1.S
@@ -0,0 +1,141 @@
+#include "macros.inc"
+
+test_suite fp1
+
+#if XCHAL_HAVE_FP
+
+.macro movfp fr, v
+movia2, \v
+wfr \fr, a2
+.endm
+
+.macro test_ord_ex op, br, fr0, fr1, v0, v1, r
+movia2, 0
+wur a2, fsr
+movfp   \fr0, \v0
+movfp   \fr1, \v1
+\op \br, \fr0, \fr1
+movia2, 0
+movia3, 1
+movta2, a3, \br
+assert  eqi, a2, \r
+rur a2, fsr
+assert  eqi, a2, 0
+.endm
+
+.macro test_ord op, br, fr0, fr1, v0, v1, r
+movia2, 0
+wur a2, fcr
+test_ord_ex \op, \br, \fr0, \fr1, \v0, \v1, \r
+movia2, 0x7c
+wur a2, fcr
+test_ord_ex \op, \br, \fr0, \fr1, \v0, \v1, \r
+.endm
+
+.macro test_ord_all op, aa, ab, ba, aPI, PIa, aN, Na, II, IN, NI
+test_ord \op  b0,  f0,  f1, 0x3f80, 0x3f80, \aa
+test_ord \op  b1,  f2,  f3, 0x3f80, 0x3fc0, \ab
+test_ord \op  b2,  f4,  f5, 0x3fc0, 0x3f80, \ba
+test_ord \op  b3,  f6,  f7, 0x3f80, 0x7f80, \aPI
+test_ord \op  b4,  f8,  f9, 0x7f80, 0x3f80, \PIa
+test_ord \op  b5, f10, f11, 0x3f80, 0xffc1, \aN
+test_ord \op  b6, f12, f13, 0x3f80, 0xff81, \aN
+test_ord \op  b7, f14, f15, 0x3f80, 0x7f81, \aN
+test_ord \op  b8,  f0,  f1, 0x3f80, 0x7fc0, \aN
+test_ord \op  b9,  f2,  f3, 0xffc1, 0x3f80, \Na
+test_ord \op b10,  f4,  f5, 0xff81, 0x3f80, \Na
+test_ord \op b11,  f6,  f7, 0x7f81, 0x3f80, \Na
+test_ord \op b12,  f8,  f9, 0x7fc0, 0x3f80, \Na
+test_ord \op b13, f10, f11, 0x7f80, 0x7f80, \II
+test_ord \op b14, f12, f13, 0x7f80, 0x7fc0, \IN
+test_ord \op b15, f14, f15, 0x7fc0, 0x7f80, \NI
+.endm
+
+test un_s
+movia2, 1
+wsr a2, cpenable
+test_ord_all un.s, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1
+test_end
+
+test oeq_s
+test_ord_all oeq.s, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0
+test_end
+
+test ueq_s
+test_ord_all ueq.s, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1
+test_end
+
+test olt_s
+test_ord_all olt.s, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0
+test_end
+
+test ult_s
+test_ord_all ult.s, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1
+test_end
+
+test ole_s
+test_ord_all ole.s, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0
+test_end
+
+test ule_s
+test_ord_all ule.s, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1
+test_end
+
+.macro test_cond op, fr0, fr1, cr, v0, v1, r
+movfp   \fr0, \v0
+movfp   \fr1, \v1
+\op \fr0, \fr1, \cr
+rfr a2, \fr0
+movia3, \r
+assert  eq, a2, a3
+.endm
+
+test moveqz_s
+movia3, 0
+test_cond moveqz.s, f0, f1, a3, 0, 0x3f80, 0x3f80
+movia3, 1
+test_cond moveqz.s, f0, f1, a3, 0, 0x3f80, 0
+test_end
+
+test movnez_s
+movia3, 0
+test_cond movnez.s, f0, f1, a3, 0, 0x3f80, 0
+movia3, 1
+test_cond movnez.s, f0, f1, a3, 0, 0x3f80, 0x3f80
+test_end
+
+test movltz_s
+movia3, -1
+test_cond movltz.s, f0, f1, a3, 0, 0x3f80, 0x3f80
+movia3, 0
+test_cond movltz.s, f0, f1, a3, 0, 0x3f80, 0
+movia3, 1
+test_cond movltz.s, f0, f1, a3, 0, 0x3f80, 0
+test_end
+
+test movgez_s
+movia3, -1
+test_cond movgez.s, f0, f1, a3, 0, 0x3f80, 0
+movia3, 0
+test_cond movgez.s, f0, f1, a3, 0, 0x3f80, 0x3f80
+movia3, 1
+test_cond movgez.s, f0, f1, a3, 0, 0x3f80, 0x3f80
+test_end
+
+test movf_s
+olt.s   b0, f0, f0
+test_cond movf.s, f0, f1, b0, 0, 0x3f80, 0x3f80
+ueq.s   b0, f0, f0
+test_cond movf.s, f0, f1, b0, 0, 0x3f80, 0
+test_end
+
+test movt_s
+ueq.s   b0, f0, f0
+test_cond movt.s, f0, f1, b0, 0, 0x3f80, 0x3f80
+olt.s   b0, f0, f0
+test_cond movt.s, f0, f1, b0, 0, 0x3f80, 0
+test_end
+
+#endif
+
+test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 15/23] tests/tcg/xtensa: conditionalize and fix s32c1i tests

[Max Filippov]

Make s32c1i tests conditional on the presence of this option. Initialize
ATOMCTL SR when it's present to allow RCW transactions on uncached
memory.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_s32c1i.S | 12 
 1 file changed, 12 insertions(+)

diff --git a/tests/tcg/xtensa/test_s32c1i.S b/tests/tcg/xtensa/test_s32c1i.S
index 93b575db95ba..2885d9d003c0 100644
--- a/tests/tcg/xtensa/test_s32c1i.S
+++ b/tests/tcg/xtensa/test_s32c1i.S
@@ -2,7 +2,13 @@
 
 test_suite s32c1i
 
+#if XCHAL_HAVE_S32C1I
+
 test s32c1i_nowrite
+#if XCHAL_HW_VERSION >= 23
+movia2, 0x29
+wsr a2, atomctl
+#endif
 movia2, 1f
 movia3, 1
 wsr a3, scompare1
@@ -20,6 +26,10 @@ test s32c1i_nowrite
 test_end
 
 test s32c1i_write
+#if XCHAL_HW_VERSION >= 23
+movia2, 0x29
+wsr a2, atomctl
+#endif
 movia2, 1f
 movia3, 3
 wsr a3, scompare1
@@ -36,4 +46,6 @@ test s32c1i_write
 .text
 test_end
 
+#endif
+
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 09/23] tests/tcg/xtensa: conditionalize cache option tests

[Max Filippov]

Make data/instruction tests conditional on the presence of
data/instruction cache, whether they're lockable and whether data cache
is writeback.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_cache.S | 62 ++-
 1 file changed, 50 insertions(+), 12 deletions(-)

diff --git a/tests/tcg/xtensa/test_cache.S b/tests/tcg/xtensa/test_cache.S
index 6b2df9734b2e..7e6ba4c18a2b 100644
--- a/tests/tcg/xtensa/test_cache.S
+++ b/tests/tcg/xtensa/test_cache.S
@@ -7,6 +7,8 @@
 
 test_suite cache
 
+#if XCHAL_HAVE_PTP_MMU
+
 .macro  pf_op op
 \op a2, 0
 \op a3, 0
@@ -18,14 +20,23 @@ test prefetch
 movia3, 0xd800 /* non-cacheable */
 movia4, 0x1235 /* unmapped */
 
+#if XCHAL_DCACHE_SIZE
 pf_op   dpfr
 pf_op   dpfro
 pf_op   dpfw
 pf_op   dpfwo
+#endif
+#ifdef XCHAL_ICACHE_SIZE
 pf_op   ipf
-
+#endif
+#if XCHAL_HAVE_PTP_MMU && !XCHAL_HAVE_SPANNING_WAY
+#if XCHAL_DCACHE_LINE_LOCKABLE
 dpfla2, 0
+#endif
+#if XCHAL_ICACHE_LINE_LOCKABLE
 ipfla2, 0
+#endif
+#endif
 test_end
 
 .macro cache_fault op, addr, exc_code
@@ -46,10 +57,16 @@ test_end
 assert  eq, a2, a3
 .endm
 
+#if XCHAL_HAVE_PTP_MMU && !XCHAL_HAVE_SPANNING_WAY
+
+#if XCHAL_DCACHE_LINE_LOCKABLE
 test dpfl_tlb_miss
 cache_fault dpfl, 0x2345, 24
 test_end
+#endif
 
+#if XCHAL_DCACHE_SIZE
+#if XCHAL_DCACHE_IS_WRITEBACK
 test dhwb_tlb_miss
 cache_fault dhwb, 0x2345, 24
 test_end
@@ -57,16 +74,21 @@ test_end
 test dhwbi_tlb_miss
 cache_fault dhwbi, 0x2345, 24
 test_end
+#endif
 
 test dhi_tlb_miss
 cache_fault dhi, 0x2345, 24
 test_end
 
+#if XCHAL_DCACHE_LINE_LOCKABLE
 test dhu_tlb_miss
 cache_fault dhu, 0x2345, 24
 test_end
+#endif
+#endif
 
-
+#if XCHAL_ICACHE_SIZE
+#if XCHAL_ICACHE_LINE_LOCKABLE
 test ipfl_tlb_miss
 cache_fault ipfl, 0x2345, 16
 test_end
@@ -74,24 +96,40 @@ test_end
 test ihu_tlb_miss
 cache_fault ihu, 0x2345, 16
 test_end
+#endif
 
 test ihi_tlb_miss
 cache_fault ihi, 0x2345, 16
 test_end
+#endif
+
+#endif
+
+#endif
 
 test_suite_end
 
-.macro cache_all op1, op2, size, linesize
+cache_unlock_invalidate:
+#if XCHAL_DCACHE_SIZE
 movia2, 0
-movia3, \size
+movia3, XCHAL_DCACHE_SIZE
 1:
-\op1a2, 0
-\op2a2, 0
-addia2, a2, \linesize
+#if XCHAL_DCACHE_LINE_LOCKABLE
+diu a2, 0
+#endif
+dii a2, 0
+addia2, a2, XCHAL_DCACHE_LINESIZE
 bltua2, a3, 1b
-.endm
-
-cache_unlock_invalidate:
-cache_all diu, dii, XCHAL_DCACHE_SIZE, XCHAL_DCACHE_LINESIZE
-cache_all iiu, iii, XCHAL_ICACHE_SIZE, XCHAL_ICACHE_LINESIZE
+#endif
+#if XCHAL_ICACHE_SIZE
+movia2, 0
+movia3, XCHAL_ICACHE_SIZE
+1:
+#if XCHAL_ICACHE_LINE_LOCKABLE
+iiu a2, 0
+#endif
+iii a2, 0
+addia2, a2, XCHAL_ICACHE_LINESIZE
+bltua2, a3, 1b
+#endif
 ret
-- 
2.11.0

[Qemu-devel] [PATCH 11/23] tests/tcg/xtensa: conditionalize interrupt tests

[Max Filippov]

Make interrupt tests conditional on the presence of interrupt option and
on the presence of level-1 and high level software interrupts. Don't use
hard-coded interrupt level for the high level interrupt tests, choose
high level software IRQ and use its configured level.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/macros.inc   |  3 ++
 tests/tcg/xtensa/test_interrupt.S | 88 +++
 2 files changed, 73 insertions(+), 18 deletions(-)

diff --git a/tests/tcg/xtensa/macros.inc b/tests/tcg/xtensa/macros.inc
index 5265c8606bff..36536ed8a4bc 100644
--- a/tests/tcg/xtensa/macros.inc
+++ b/tests/tcg/xtensa/macros.inc
@@ -100,3 +100,6 @@ test_\name:
 
 #define glue(a, b) _glue(a, b)
 #define _glue(a, b) a ## b
+
+#define glue3(a, b, c) _glue3(a, b, c)
+#define _glue3(a, b, c) a ## b ## c
diff --git a/tests/tcg/xtensa/test_interrupt.S 
b/tests/tcg/xtensa/test_interrupt.S
index 876683518ee5..efedc43f6062 100644
--- a/tests/tcg/xtensa/test_interrupt.S
+++ b/tests/tcg/xtensa/test_interrupt.S
@@ -1,15 +1,59 @@
 #include "macros.inc"
 
-#define LSBIT(v) ((v) ^ ((v) & ((v) - 1)))
+#define LSBIT(v) ((v) & -(v))
+
+#define LEVEL_MASK(x) glue3(XCHAL_INTLEVEL, x, _MASK)
+#define LEVEL_SOFT_MASK(x) (LEVEL_MASK(x) & XCHAL_INTTYPE_MASK_SOFTWARE)
+
+#define L1_SOFT_MASK LEVEL_SOFT_MASK(1)
+#define L1_SOFT LSBIT(L1_SOFT_MASK)
+
+#if LEVEL_SOFT_MASK(2)
+#define HIGH_LEVEL_SOFT_MASK LEVEL_SOFT_MASK(2)
+#elif LEVEL_SOFT_MASK(3)
+#define HIGH_LEVEL_SOFT_MASK LEVEL_SOFT_MASK(3)
+#elif LEVEL_SOFT_MASK(4)
+#define HIGH_LEVEL_SOFT_MASK LEVEL_SOFT_MASK(4)
+#elif LEVEL_SOFT_MASK(5)
+#define HIGH_LEVEL_SOFT_MASK LEVEL_SOFT_MASK(5)
+#elif LEVEL_SOFT_MASK(6)
+#define HIGH_LEVEL_SOFT_MASK LEVEL_SOFT_MASK(6)
+#else
+#define HIGH_LEVEL_SOFT_MASK 0
+#endif
+
+#define HIGH_LEVEL_SOFT LSBIT(HIGH_LEVEL_SOFT_MASK)
+
+#if LEVEL_SOFT_MASK(2)
+#define HIGH_LEVEL_SOFT_LEVEL 2
+#elif LEVEL_SOFT_MASK(3)
+#define HIGH_LEVEL_SOFT_LEVEL 3
+#elif LEVEL_SOFT_MASK(4)
+#define HIGH_LEVEL_SOFT_LEVEL 4
+#elif LEVEL_SOFT_MASK(5)
+#define HIGH_LEVEL_SOFT_LEVEL 5
+#elif LEVEL_SOFT_MASK(6)
+#define HIGH_LEVEL_SOFT_LEVEL 6
+#else
+#define HIGH_LEVEL_SOFT_LEVEL 0
+#endif
 
 test_suite interrupt
 
+#if XCHAL_HAVE_INTERRUPTS
+
 .macro clear_interrupts
 movia2, 0
 wsr a2, intenable
+#if XCHAL_NUM_TIMERS
 wsr a2, ccompare0
+#endif
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 esync
 rsr a2, interrupt
 wsr a2, intclear
@@ -44,11 +88,12 @@ test rsil
 assert  eqi, a2, 0
 test_end
 
+#if L1_SOFT
 test soft_disabled
 set_vector kernel, 1f
 clear_interrupts
 
-movia2, LSBIT(XCHAL_INTTYPE_MASK_SOFTWARE)
+movia2, L1_SOFT
 wsr a2, intset
 esync
 rsr a3, interrupt
@@ -70,7 +115,7 @@ test soft_intenable
 set_vector kernel, 1f
 clear_interrupts
 
-movia2, LSBIT(XCHAL_INTTYPE_MASK_SOFTWARE)
+movia2, L1_SOFT
 wsr a2, intset
 esync
 rsr a3, interrupt
@@ -89,7 +134,7 @@ test soft_rsil
 set_vector kernel, 1f
 clear_interrupts
 
-movia2, LSBIT(XCHAL_INTTYPE_MASK_SOFTWARE)
+movia2, L1_SOFT
 wsr a2, intset
 esync
 rsr a3, interrupt
@@ -108,7 +153,7 @@ test soft_waiti
 set_vector kernel, 1f
 clear_interrupts
 
-movia2, LSBIT(XCHAL_INTTYPE_MASK_SOFTWARE)
+movia2, L1_SOFT
 wsr a2, intset
 esync
 rsr a3, interrupt
@@ -127,7 +172,7 @@ test soft_user
 set_vector user, 2f
 clear_interrupts
 
-movia2, LSBIT(XCHAL_INTTYPE_MASK_SOFTWARE)
+movia2, L1_SOFT
 wsr a2, intset
 esync
 rsr a3, interrupt
@@ -147,12 +192,13 @@ test soft_user
 check_l1
 test_end
 
+#if HIGH_LEVEL_SOFT
 test soft_priority
 set_vector kernel, 1f
-set_vector level3, 2f
+set_vector glue(level, HIGH_LEVEL_SOFT_LEVEL), 2f
 clear_interrupts
 
-movia2, XCHAL_INTTYPE_MASK_SOFTWARE
+movia2, L1_SOFT | HIGH_LEVEL_SOFT
 wsr a2, intenable
 rsila3, 0
 esync
@@ -164,17 +210,20 @@ test soft_priority
 rsr a2, ps
 movia3, 0x1f/* EXCM | INTMASK */
 and a2, a2, a3
-movia3, 0x13
+movia3, 0x10 | HIGH_LEVEL_SOFT_LEVEL
 assert  eq, a2, a3  /* EXCM and INTMASK are set
for high-priority interrupt */
 test_end
+#endif
+#endif
 
+#if HIGH_LEVEL_SOFT
 test eps_epc_rfi
-set_vector level3, 3f
+set_vector glue(level, HIGH_LEVEL_SOFT_LEVEL), 3f
 clear_interrupts
 reset_ps
 
-movia2, XCHAL_INTTYPE_MASK_SOFTWARE
+movia2, L1_SOFT_MASK | HIGH_LEVEL_SOFT_MASK
 wsr a2, intenable
 rsila3, 0
 rsr a3, ps
@@ -185,23 +234,26 @@ test eps_epc_rfi
 2:
 test_fail
 3:
-rsr a2, eps3
+rsr a2, glue(eps, HIGH_LEVEL_SOFT_LEVEL)
 assert  eq, a2, a3
-rsr a2, epc3
+rsr a2, 

[Qemu-devel] [PATCH 05/23] tests/tcg/xtensa: don't use optional opcodes in generic code

[Max Filippov]

Don't use 'loop' opcode in generic testsuite completion code, only use
core opcodes to make it work with any configuration.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/macros.inc | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tests/tcg/xtensa/macros.inc b/tests/tcg/xtensa/macros.inc
index 25c7ee479e6c..93825dc7b513 100644
--- a/tests/tcg/xtensa/macros.inc
+++ b/tests/tcg/xtensa/macros.inc
@@ -23,11 +23,14 @@ main:
 movia0, result
 sub a2, a2, a0
 movia3, 0
-loopnez a2, 1f
-l8uia2, a0, 0
-or  a3, a3, a2
-addia0, a0, 1
+beqza2, 2f
 1:
+l8uia1, a0, 0
+or  a3, a3, a1
+addia0, a0, 1
+addia2, a2, -1
+bneza2, 1b
+2:
 exit
 .endm
 
-- 
2.11.0

[Qemu-devel] [PATCH 12/23] tests/tcg/xtensa: conditionalize timer/CCOUNT tests

[Max Filippov]

Make timer/CCOUNT tests conditional on the presence of timer option and
number of configured timers. Don't use hard coded interrupt levels for
timers, use configured values.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_timer.S | 48 +++
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/tests/tcg/xtensa/test_timer.S b/tests/tcg/xtensa/test_timer.S
index 6cda71adbb06..1ec8e20883ff 100644
--- a/tests/tcg/xtensa/test_timer.S
+++ b/tests/tcg/xtensa/test_timer.S
@@ -2,6 +2,8 @@
 
 #define CCOUNT_SHIFT 4
 #define WAIT_LOOPS 20
+#define level1 kernel
+#define INTERRUPT_LEVEL(n) glue3(XCHAL_INT, n, _LEVEL)
 
 .macro  make_ccount_delta target, delta
 rsr \delta, ccount
@@ -13,6 +15,8 @@
 
 test_suite timer
 
+#if XCHAL_HAVE_CCOUNT
+
 test ccount
 rsr a3, ccount
 rsr a4, ccount
@@ -32,14 +36,20 @@ test ccount_write
 assert  ltu, a3, a4
 test_end
 
+#if XCHAL_NUM_TIMERS
+
 test ccount_update_deadline
 movia2, 0
 wsr a2, intenable
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 movia2, 0x12345678
 wsr a2, ccompare0
 rsr a3, interrupt
@@ -59,8 +69,12 @@ test ccompare
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 
 make_ccount_delta a2, a15
 wsr a2, ccompare0
@@ -76,6 +90,7 @@ test ccompare
 assert  nei, a5, 0
 test_end
 
+#if INTERRUPT_LEVEL(XCHAL_TIMER0_INTERRUPT) == 1
 test ccompare0_interrupt
 set_vector kernel, 2f
 movia2, 0
@@ -83,8 +98,12 @@ test ccompare0_interrupt
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 
 movia3, WAIT_LOOPS
 make_ccount_delta a2, a15
@@ -104,16 +123,21 @@ test ccompare0_interrupt
 rsr a2, exccause
 assert  eqi, a2, 4 /* LEVEL1_INTERRUPT_CAUSE */
 test_end
+#endif
+
+#if XCHAL_NUM_TIMERS > 1
 
 test ccompare1_interrupt
-set_vector level3, 2f
+set_vector glue(level, INTERRUPT_LEVEL(XCHAL_TIMER1_INTERRUPT)), 2f
 movia2, 0
 wsr a2, intenable
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
 wsr a2, ccompare0
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 
 movia3, WAIT_LOOPS
 make_ccount_delta a2, a15
@@ -123,7 +147,7 @@ test ccompare1_interrupt
 assert  eqi, a2, 0
 movia2, 1 << XCHAL_TIMER1_INTERRUPT
 wsr a2, intenable
-rsila2, 2
+rsila2, INTERRUPT_LEVEL(XCHAL_TIMER1_INTERRUPT) - 1
 loopa3, 1f
 nop
 1:
@@ -131,8 +155,11 @@ test ccompare1_interrupt
 2:
 test_end
 
+#endif
+#if XCHAL_NUM_TIMERS > 2
+
 test ccompare2_interrupt
-set_vector level5, 2f
+set_vector glue(level, INTERRUPT_LEVEL(XCHAL_TIMER2_INTERRUPT)), 2f
 movia2, 0
 wsr a2, intenable
 rsr a2, interrupt
@@ -149,7 +176,7 @@ test ccompare2_interrupt
 assert  eqi, a2, 0
 movia2, 1 << XCHAL_TIMER2_INTERRUPT
 wsr a2, intenable
-rsila2, 4
+rsila2, INTERRUPT_LEVEL(XCHAL_TIMER2_INTERRUPT) - 1
 loopa3, 1f
 nop
 1:
@@ -157,6 +184,8 @@ test ccompare2_interrupt
 2:
 test_end
 
+#endif
+
 test ccompare_interrupt_masked
 set_vector kernel, 2f
 movia2, 0
@@ -164,11 +193,15 @@ test ccompare_interrupt_masked
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 
 movia3, 2 * WAIT_LOOPS
 make_ccount_delta a2, a15
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
 add a2, a2, a15
 wsr a2, ccompare0
 rsync
@@ -194,11 +227,15 @@ test ccompare_interrupt_masked_waiti
 rsr a2, interrupt
 wsr a2, intclear
 movia2, 0
+#if XCHAL_NUM_TIMERS > 2
 wsr a2, ccompare2
+#endif
 
 movia3, 2 * WAIT_LOOPS
 make_ccount_delta a2, a15
+#if XCHAL_NUM_TIMERS > 1
 wsr a2, ccompare1
+#endif
 add a2, a2, a15
 wsr a2, ccompare0
 rsync
@@ -214,4 +251,7 @@ test ccompare_interrupt_masked_waiti
 assert  eqi, a2, 4 /* LEVEL1_INTERRUPT_CAUSE */
 test_end
 
+#endif
+#endif
+
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 14/23] tests/tcg/xtensa: fix SR tests for big endian configs

[Max Filippov]

SR tests generate instructions that the assembler does not recognize and
thus must take care about configuration endianness.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_sr.S | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/tests/tcg/xtensa/test_sr.S b/tests/tcg/xtensa/test_sr.S
index e64653b8771e..b1a91a0637ee 100644
--- a/tests/tcg/xtensa/test_sr.S
+++ b/tests/tcg/xtensa/test_sr.S
@@ -2,11 +2,23 @@
 
 test_suite sr
 
+#if XCHAL_HAVE_BE
+#define LOW__SR 0x04
+#define HI_RSR 0x30
+#define HI_WSR 0x31
+#define HI_XSR 0x16
+#else
+#define LOW__SR 0x40
+#define HI_RSR 0x03
+#define HI_WSR 0x13
+#define HI_XSR 0x61
+#endif
+
 .macro  sr_op sym, op_sym, op_byte, sr
 .if \sym
 \op_sym a4, \sr
 .else
-.byte 0x40, \sr, \op_byte
+.byte LOW__SR, \sr, \op_byte
 .endif
 .endm
 
@@ -32,9 +44,9 @@ test_suite sr
 
 .macro  test_sr_mask sr, sym, mask
 test \sr
-test_sr_op \sym, \mask & 1, rsr, 0x03, \sr
-test_sr_op \sym, \mask & 2, wsr, 0x13, \sr
-test_sr_op \sym, \mask & 4, xsr, 0x61, \sr
+test_sr_op \sym, \mask & 1, rsr, HI_RSR, \sr
+test_sr_op \sym, \mask & 2, wsr, HI_WSR, \sr
+test_sr_op \sym, \mask & 4, xsr, HI_XSR, \sr
 test_end
 .endm
 
-- 
2.11.0

[Qemu-devel] [PATCH 10/23] tests/tcg/xtensa: add straightforward conditionals

[Max Filippov]

Make tests for optional instruction groups conditional on the presence
of corresponding options in the config.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_clamps.S | 4 
 tests/tcg/xtensa/test_loop.S   | 4 
 tests/tcg/xtensa/test_mac16.S  | 4 
 tests/tcg/xtensa/test_max.S| 4 
 tests/tcg/xtensa/test_min.S| 4 
 tests/tcg/xtensa/test_mul16.S  | 4 
 tests/tcg/xtensa/test_mul32.S  | 4 
 tests/tcg/xtensa/test_nsa.S| 4 
 tests/tcg/xtensa/test_quo.S| 4 
 tests/tcg/xtensa/test_rem.S| 4 
 tests/tcg/xtensa/test_rst0.S   | 8 
 tests/tcg/xtensa/test_sext.S   | 4 
 12 files changed, 52 insertions(+)

diff --git a/tests/tcg/xtensa/test_clamps.S b/tests/tcg/xtensa/test_clamps.S
index 3efabfd9d3d9..d9b2c38ac1d6 100644
--- a/tests/tcg/xtensa/test_clamps.S
+++ b/tests/tcg/xtensa/test_clamps.S
@@ -2,6 +2,8 @@
 
 test_suite clamps
 
+#if XCHAL_HAVE_CLAMPS
+
 test clamps
 movia2, 0
 movia3, 0
@@ -39,4 +41,6 @@ test clamps
 assert  eq, a3, a2
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_loop.S b/tests/tcg/xtensa/test_loop.S
index 5755578d0191..0cfd8661ea0e 100644
--- a/tests/tcg/xtensa/test_loop.S
+++ b/tests/tcg/xtensa/test_loop.S
@@ -2,6 +2,8 @@
 
 test_suite loop
 
+#if XCHAL_HAVE_LOOPS
+
 test loop
 movia2, 0
 movia3, 5
@@ -160,4 +162,6 @@ test loopgtz
 1:
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_mac16.S b/tests/tcg/xtensa/test_mac16.S
index 512025d84291..ee0cedd2ae5d 100644
--- a/tests/tcg/xtensa/test_mac16.S
+++ b/tests/tcg/xtensa/test_mac16.S
@@ -2,6 +2,8 @@
 
 test_suite mac16
 
+#if XCHAL_HAVE_MAC16
+
 #define ext16(v) (((v) & 0x) | (((v) & 0x8000) * 0x1ffe))
 #define mul16(a, b) ((ext16(a) * ext16(b)))
 
@@ -240,4 +242,6 @@ test mula_dd_lddec
 .text
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_max.S b/tests/tcg/xtensa/test_max.S
index 3caa207ea5ec..f349d578e3bb 100644
--- a/tests/tcg/xtensa/test_max.S
+++ b/tests/tcg/xtensa/test_max.S
@@ -2,6 +2,8 @@
 
 test_suite max
 
+#if XCHAL_HAVE_MINMAX
+
 test max
 movia2, 0x
 movia3, 1
@@ -78,4 +80,6 @@ test maxu
 assert  eq, a3, a4
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_min.S b/tests/tcg/xtensa/test_min.S
index 551cf591e54e..89ee10334f62 100644
--- a/tests/tcg/xtensa/test_min.S
+++ b/tests/tcg/xtensa/test_min.S
@@ -2,6 +2,8 @@
 
 test_suite min
 
+#if XCHAL_HAVE_MINMAX
+
 test min
 movia2, 0x
 movia3, 1
@@ -78,4 +80,6 @@ test minu
 assert  eq, a3, a4
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_mul16.S b/tests/tcg/xtensa/test_mul16.S
index 98fa7042b504..32507f7f1ef1 100644
--- a/tests/tcg/xtensa/test_mul16.S
+++ b/tests/tcg/xtensa/test_mul16.S
@@ -2,6 +2,8 @@
 
 test_suite mul16
 
+#if XCHAL_HAVE_MUL16
+
 test mul16u_pp
 movia2, 0x137f5a5a
 mov a3, a2
@@ -80,4 +82,6 @@ test mul16s_nn
 assert  eq, a3, a6
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_mul32.S b/tests/tcg/xtensa/test_mul32.S
index b288ead9f6cb..862d45abcec0 100644
--- a/tests/tcg/xtensa/test_mul32.S
+++ b/tests/tcg/xtensa/test_mul32.S
@@ -2,6 +2,8 @@
 
 test_suite mul32
 
+#if XCHAL_HAVE_MUL32
+
 test mull
 movia2, 0x137f5a5a
 mov a3, a2
@@ -15,6 +17,8 @@ test mull
 assert  eq, a3, a6
 test_end
 
+#endif
+
 /* unfortunately dc232b doesn't have muluh/mulsh*/
 
 test_suite_end
diff --git a/tests/tcg/xtensa/test_nsa.S b/tests/tcg/xtensa/test_nsa.S
index 479b2e2429f5..0af7d1f50d56 100644
--- a/tests/tcg/xtensa/test_nsa.S
+++ b/tests/tcg/xtensa/test_nsa.S
@@ -2,6 +2,8 @@
 
 test_suite nsa
 
+#if XCHAL_HAVE_NSA
+
 test nsa
 movia2, 0
 movia3, 31
@@ -56,4 +58,6 @@ test nsau
 assert  eq, a3, a2
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_quo.S b/tests/tcg/xtensa/test_quo.S
index 5b3ae383d0cd..32886b913be6 100644
--- a/tests/tcg/xtensa/test_quo.S
+++ b/tests/tcg/xtensa/test_quo.S
@@ -2,6 +2,8 @@
 
 test_suite quo
 
+#if XCHAL_HAVE_DIV32
+
 test quou_pp
 movia2, 0x5a5a137f
 mov a3, a2
@@ -144,4 +146,6 @@ test quos_exc
 assert  eq, a2, a3
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_rem.S b/tests/tcg/xtensa/test_rem.S
index 6357e520d979..0b96bb3390ab 100644
--- a/tests/tcg/xtensa/test_rem.S
+++ b/tests/tcg/xtensa/test_rem.S
@@ -2,6 +2,8 @@
 
 test_suite rem
 
+#if XCHAL_HAVE_DIV32
+
 test remu_pp
 movia2, 0x5a5a137f
 mov a3, a2
@@ -144,4 +146,6 @@ test rems_exc
 assert  eq, a2, a3
 test_end
 
+#endif
+
 test_suite_end
diff --git a/tests/tcg/xtensa/test_rst0.S b/tests/tcg/xtensa/test_rst0.S
index a73366b1203a..143e90b401ec 100644
--- a/tests/tcg/xtensa/test_rst0.S
+++ b/tests/tcg/xtensa/test_rst0.S
@@ -54,6 +54,8 @@ test add
 assert  eq, a4, a6
 test_end
 
+#if XCHAL_HAVE_ADDX
+
 test addx2
 movia2, 

[Qemu-devel] [PATCH 06/23] tests/tcg/xtensa: fix endianness issues in test_b

[Max Filippov]

Use bbci.l/bbsi.l instead of bbci/bbsi, as they are assembly macros that
accept little-endian bit number and produce correct immediate for both
little and big endian configurations. Choose value loaded into register
for bbc/bbs opcodes based on configuration endianness.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_b.S | 40 
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/tests/tcg/xtensa/test_b.S b/tests/tcg/xtensa/test_b.S
index 8e81f956df84..713a454c535b 100644
--- a/tests/tcg/xtensa/test_b.S
+++ b/tests/tcg/xtensa/test_b.S
@@ -84,12 +84,24 @@ test_end
 
 test bbc
 movia2, 0xfffd
-movia3, 0xff01
+#undef BIT
+#if XCHAL_HAVE_BE
+#define BIT 0xfffe
+#else
+#define BIT 0xff01
+#endif
+movia3, BIT
 bbc a2, a3, 1f
 test_fail
 1:
 movia2, 8
-movia3, 0xff03
+#undef BIT
+#if XCHAL_HAVE_BE
+#define BIT 0xfffc
+#else
+#define BIT 0xff03
+#endif
+movia3, BIT
 bbc a2, a3, 1f
 j   2f
 1:
@@ -99,11 +111,11 @@ test_end
 
 test bbci
 movia2, 0xfffd
-bbcia2, 17, 1f
+bbci.l  a2, 17, 1f
 test_fail
 1:
 movia2, 0x0002
-bbcia2, 17, 1f
+bbci.l  a2, 17, 1f
 j   2f
 1:
 test_fail
@@ -192,12 +204,24 @@ test_end
 
 test bbs
 movia2, 8
-movia3, 0xff03
+#undef BIT
+#if XCHAL_HAVE_BE
+#define BIT 0xfffc
+#else
+#define BIT 0xff03
+#endif
+movia3, BIT
 bbs a2, a3, 1f
 test_fail
 1:
 movia2, 0xfffd
-movia3, 0xff01
+#undef BIT
+#if XCHAL_HAVE_BE
+#define BIT 0xfffe
+#else
+#define BIT 0xff01
+#endif
+movia3, BIT
 bbs a2, a3, 1f
 j   2f
 1:
@@ -207,11 +231,11 @@ test_end
 
 test bbsi
 movia2, 0x0002
-bbsia2, 17, 1f
+bbsi.l  a2, 17, 1f
 test_fail
 1:
 movia2, 0xfffd
-bbsia2, 17, 1f
+bbsi.l  a2, 17, 1f
 j   2f
 1:
 test_fail
-- 
2.11.0

[Qemu-devel] [PATCH 18/23] tests/tcg/xtensa: add test for FLIX

[Max Filippov]

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile|  1 +
 tests/tcg/xtensa/test_flix.S | 60 
 2 files changed, 61 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_flix.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index aee0134ef5b9..bd94ba6fe549 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -38,6 +38,7 @@ TESTCASES += test_cache.tst
 TESTCASES += test_clamps.tst
 TESTCASES += test_extui.tst
 TESTCASES += test_fail.tst
+TESTCASES += test_flix.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
 TESTCASES += test_mac16.tst
diff --git a/tests/tcg/xtensa/test_flix.S b/tests/tcg/xtensa/test_flix.S
new file mode 100644
index ..7c259e701897
--- /dev/null
+++ b/tests/tcg/xtensa/test_flix.S
@@ -0,0 +1,60 @@
+#include "macros.inc"
+
+test_suite flix
+
+#if XCHAL_HAVE_FLIX3
+
+test misc
+{
+mov a3, a4
+mov a2, a3
+nop
+}
+{
+nop
+bne.w18 a2, a3, 1f
+}
+movia2, 1f
+{
+mov a2, a3
+mov a3, a2
+nop
+}
+{
+l32ia2, a3, 0
+add a4, a4, a2
+nop
+}
+{
+mov a3, a4
+jx  a3
+nop
+}
+1:
+test_end
+
+test sum
+
+movia2, 0
+movia3, 2f
+movia4, 0
+movia5, 4
+
+loopa5, 1f
+{
+l32ia2, a3, 0
+addia3, a3, 4
+add a4, a4, a2
+}
+1:
+add a4, a4, a2
+assert  eqi, a4, 10
+.data
+2:
+.word   1, 2, 3, 4
+.previous
+test_end
+
+#endif
+
+test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 07/23] tests/tcg/xtensa: enable boolean tests

[Max Filippov]

Uncomment test_boolean in the test makefile. Make actual tests code
conditional on the presence of boolean option in the config.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile   | 2 +-
 tests/tcg/xtensa/test_boolean.S | 4 
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index b3693809372b..aee0134ef5b9 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -31,7 +31,7 @@ CRT= crt.o vectors.o
 
 TESTCASES += test_b.tst
 TESTCASES += test_bi.tst
-#TESTCASES += test_boolean.tst
+TESTCASES += test_boolean.tst
 TESTCASES += test_break.tst
 TESTCASES += test_bz.tst
 TESTCASES += test_cache.tst
diff --git a/tests/tcg/xtensa/test_boolean.S b/tests/tcg/xtensa/test_boolean.S
index eac40e0973a3..5a850bfe7eac 100644
--- a/tests/tcg/xtensa/test_boolean.S
+++ b/tests/tcg/xtensa/test_boolean.S
@@ -2,6 +2,8 @@
 
 test_suite boolean
 
+#if XCHAL_HAVE_BOOLEANS
+
 test all4
 movia2, 0xfec0
 wsr a2, br
@@ -20,4 +22,6 @@ test all4
 assert  eq, a2, a3
 test_end
 
+#endif
+
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 02/23] tests/tcg/xtensa: indicate failed tests

[Max Filippov]

When test suite with multiple tests fails it's not obvious which test
failed. Pring "failed" in every invocation of test_fail. Do printing
when DEBUG preprocessor macro is defined.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/macros.inc | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/tcg/xtensa/macros.inc b/tests/tcg/xtensa/macros.inc
index 4ebd30ab86ab..25c7ee479e6c 100644
--- a/tests/tcg/xtensa/macros.inc
+++ b/tests/tcg/xtensa/macros.inc
@@ -49,7 +49,9 @@ main:
 .endm
 
 .macro test name
-//print test_\name
+#ifdef DEBUG
+print test_\name
+#endif
 test_init
 test_\name:
 .global test_\name
@@ -74,6 +76,9 @@ test_\name:
 l32ia2, a2, 0
 movia3, 1
 s8i a3, a2, 0
+#ifdef DEBUG
+print   failed
+#endif
 j   99f
 .endm
 
-- 
2.11.0

[Qemu-devel] [PATCH 21/23] tests/tcg/xtensa: add FP0 group conversion tests

[Max Filippov]

Test conversions for normal, NaN and Inf arguments.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile|   1 +
 tests/tcg/xtensa/test_fp0_conv.S | 304 +++
 2 files changed, 305 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_fp0_conv.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index eea269a36e7a..b1d9953f6704 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -40,6 +40,7 @@ TESTCASES += test_extui.tst
 TESTCASES += test_fail.tst
 TESTCASES += test_flix.tst
 TESTCASES += test_fp0_arith.tst
+TESTCASES += test_fp0_conv.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
 TESTCASES += test_lsc.tst
diff --git a/tests/tcg/xtensa/test_fp0_conv.S b/tests/tcg/xtensa/test_fp0_conv.S
new file mode 100644
index ..147e3d5062df
--- /dev/null
+++ b/tests/tcg/xtensa/test_fp0_conv.S
@@ -0,0 +1,304 @@
+#include "macros.inc"
+
+test_suite fp0_conv
+
+#if XCHAL_HAVE_FP
+
+.macro movfp fr, v
+movia2, \v
+wfr \fr, a2
+.endm
+
+.macro test_ftoi_ex op, r0, fr0, v, c, r
+movia2, 0
+wur a2, fsr
+movfp   \fr0, \v
+\op \r0, \fr0, \c
+dump\r0
+movia3, \r
+assert  eq, \r0, a3
+rur a2, fsr
+assert  eqi, a2, 0
+.endm
+
+.macro test_ftoi op, r0, fr0, v, c, r
+movia2, 0
+wur a2, fcr
+test_ftoi_ex \op, \r0, \fr0, \v, \c, \r
+movia2, 0x7c
+wur a2, fcr
+test_ftoi_ex \op, \r0, \fr0, \v, \c, \r
+.endm
+
+
+.macro test_itof_ex op, fr0, ar0, v, c, r
+movia2, 0
+wur a2, fsr
+movi\ar0, \v
+\op \fr0, \ar0, \c
+
+rfr a2, \fr0
+dumpa2
+movia3, \r
+assert  eq, a2, a3
+rur a2, fsr
+assert  eqi, a2, 0
+.endm
+
+.macro test_itof_rm op, fr0, ar0, v, c, rm, r
+movia2, \rm
+wur a2, fcr
+test_itof_ex \op, \fr0, \ar0, \v, \c, \r
+movia2, (\rm) | 0x7c
+wur a2, fcr
+test_itof_ex \op, \fr0, \ar0, \v, \c, \r
+.endm
+
+.macro test_itof op, fr0, ar0, v, c, r0, r1, r2, r3
+test_itof_rm \op, \fr0, \ar0, \v, \c, 0, \r0
+test_itof_rm \op, \fr0, \ar0, \v, \c, 1, \r1
+test_itof_rm \op, \fr0, \ar0, \v, \c, 2, \r2
+test_itof_rm \op, \fr0, \ar0, \v, \c, 3, \r3
+.endm
+
+test round_s
+movia2, 1
+wsr a2, cpenable
+
+/* NaN */
+test_ftoi round.s, a2, f0, 0xffc1, 0, 0x7fff
+test_ftoi round.s, a2, f0, 0xff81, 0, 0x7fff
+
+/* -inf */
+test_ftoi round.s, a2, f0, 0xff80, 0, 0x8000
+
+/* negative overflow */
+test_ftoi round.s, a2, f0, 0xceff, 1, 0x8000
+test_ftoi round.s, a2, f0, 0xcf00, 0, 0x8000
+test_ftoi round.s, a2, f0, 0xceff, 0, 0x8080
+
+/* negative */
+test_ftoi round.s, a2, f0, 0xbfa0, 1, -2 /* -1.25 * 2 */
+test_ftoi round.s, a2, f0, 0xbfc0, 0, -2 /* -1.5 */
+test_ftoi round.s, a2, f0, 0xbf80, 1, -2 /* -1 * 2 */
+test_ftoi round.s, a2, f0, 0xbf80, 0, -1 /* -1 */
+test_ftoi round.s, a2, f0, 0xbf40, 0, -1 /* -0.75 */
+test_ftoi round.s, a2, f0, 0xbf00, 0, 0  /* -0.5 */
+
+/* positive */
+test_ftoi round.s, a2, f0, 0x3f00, 0, 0 /* 0.5 */
+test_ftoi round.s, a2, f0, 0x3f40, 0, 1 /* 0.75 */
+test_ftoi round.s, a2, f0, 0x3f80, 0, 1 /* 1 */
+test_ftoi round.s, a2, f0, 0x3f80, 1, 2 /* 1 * 2 */
+test_ftoi round.s, a2, f0, 0x3fc0, 0, 2 /* 1.5 */
+test_ftoi round.s, a2, f0, 0x3fa0, 1, 2 /* 1.25 * 2 */
+
+/* positive overflow */
+test_ftoi round.s, a2, f0, 0x4eff, 0, 0x7f80
+test_ftoi round.s, a2, f0, 0x4f00, 0, 0x7fff
+test_ftoi round.s, a2, f0, 0x4eff, 1, 0x7fff
+
+/* +inf */
+test_ftoi round.s, a2, f0, 0x7f80, 0, 0x7fff
+
+/* NaN */
+test_ftoi round.s, a2, f0, 0x7f81, 0, 0x7fff
+test_ftoi round.s, a2, f0, 0x7fc0, 0, 0x7fff
+test_end
+
+test trunc_s
+/* NaN */
+test_ftoi trunc.s, a2, f0, 0xffc1, 0, 0x7fff
+test_ftoi trunc.s, a2, f0, 0xff81, 0, 0x7fff
+
+/* -inf */
+test_ftoi trunc.s, a2, f0, 0xff80, 0, 0x8000
+
+/* negative overflow */
+test_ftoi trunc.s, a2, f0, 0xceff, 1, 0x8000
+test_ftoi trunc.s, a2, f0, 0xcf00, 0, 0x8000
+test_ftoi trunc.s, a2, f0, 0xceff, 0, 0x8080
+
+/* negative */
+test_ftoi trunc.s, a2, f0, 0xbfa0, 1, -2 /* -1.25 * 2 */
+test_ftoi trunc.s, a2, f0, 0xbfc0, 0, -1 /* -1.5 */
+test_ftoi trunc.s, a2, f0, 0xbf80, 1, -2 /* -1 * 2 */
+test_ftoi trunc.s, a2, f0, 0xbf80, 0, -1 /* -1 */
+test_ftoi trunc.s, a2, f0, 0xbf40, 0, 0  /* -0.75 */
+test_ftoi trunc.s, a2, f0, 0xbf00, 0, 0  /* -0.5 */
+
+/* positive */
+test_ftoi trunc.s, a2, f0, 0x3f00, 0, 0 /* 0.5 */
+test_ftoi trunc.s, a2, f0, 0x3f40, 0, 0 /* 0.75 */
+test_ftoi trunc.s, a2, f0, 0x3f80, 0, 1 

[Qemu-devel] [PATCH 04/23] tests/tcg/xtensa: support configs with LITBASE

[Max Filippov]

Configurations with LITBASE register may use absolute literals by
default. Pass --no-absolute-literals option to assembler to use
PC-relative literals instead.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index cd21c202876a..b3693809372b 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -18,6 +18,7 @@ CC  = $(CROSS)gcc
 AS  = $(CROSS)gcc -x assembler-with-cpp
 LD  = $(CROSS)ld
 
+ASFLAGS = -Wa,--no-absolute-literals
 vectors_ASFLAGS = -mtext-section-literals
 
 XTENSA_SRC_PATH = $(SRC_PATH)/tests/tcg/xtensa
-- 
2.11.0

[Qemu-devel] [PATCH 03/23] tests/tcg/xtensa: support configurations w/o vecbase

[Max Filippov]

Configurations w/o vecbase may have vectors not grouped together and not
in fixed order. They may not always be grouped into single output
sections by assigning next offset to dot, as it may sometimes move dot
backwards and sometimes they may even belong to different memory region.
Don't group vectors into single output section. Instead put each vector
into its own section ant put it at its default virtual address.
Reserve 4KBytes from the default vectors base and put rest of the code
and data starting from there. Mark vectors sections as executable,
otherwise their contents is discarded. There may be as little as 16
bytes reserved for some vectors, load handler address into a0 and use
ret.n to jump there to make vector code fit into this 16 byte space.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile|  4 ++-
 tests/tcg/xtensa/linker.ld.S | 67 +++-
 tests/tcg/xtensa/vectors.S   | 14 +++--
 3 files changed, 63 insertions(+), 22 deletions(-)

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index 2f5691f75b09..cd21c202876a 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -18,6 +18,8 @@ CC  = $(CROSS)gcc
 AS  = $(CROSS)gcc -x assembler-with-cpp
 LD  = $(CROSS)ld
 
+vectors_ASFLAGS = -mtext-section-literals
+
 XTENSA_SRC_PATH = $(SRC_PATH)/tests/tcg/xtensa
 INCLUDE_DIRS = $(XTENSA_SRC_PATH) $(SRC_PATH)/target/xtensa/core-$(CORE)
 XTENSA_INC = $(addprefix -I,$(INCLUDE_DIRS))
@@ -68,7 +70,7 @@ linker.ld: $(XTENSA_SRC_PATH)/linker.ld.S
$(CC) $(XTENSA_INC) $(CFLAGS) -c $< -o $@
 
 %.o: $(XTENSA_SRC_PATH)/%.S
-   $(CC) $(XTENSA_INC) $(ASFLAGS) -c $< -o $@
+   $(CC) $(XTENSA_INC) $($*_ASFLAGS) $(ASFLAGS) -c $< -o $@
 
 %.tst: %.o linker.ld $(XTENSA_SRC_PATH)/macros.inc $(CRT) Makefile
$(LD) $(LDFLAGS) $(NOSTDFLAGS) $(CRT) $< -o $@
diff --git a/tests/tcg/xtensa/linker.ld.S b/tests/tcg/xtensa/linker.ld.S
index d0f33157ca9e..ac89b0054ee4 100644
--- a/tests/tcg/xtensa/linker.ld.S
+++ b/tests/tcg/xtensa/linker.ld.S
@@ -1,17 +1,29 @@
 #include "core-isa.h"
 
-#if XTENSA_HAVE_BE
+#ifndef XCHAL_VECBASE_RESET_VADDR
+#define XCHAL_VECBASE_RESET_VADDR XCHAL_WINDOW_VECTORS_VADDR
+#define XCHAL_WINDOW_OF4_VECOFS   0x
+#define XCHAL_WINDOW_UF4_VECOFS   0x0040
+#define XCHAL_WINDOW_OF8_VECOFS   0x0080
+#define XCHAL_WINDOW_UF8_VECOFS   0x00C0
+#define XCHAL_WINDOW_OF12_VECOFS  0x0100
+#define XCHAL_WINDOW_UF12_VECOFS  0x0140
+#endif
+
+#define RAM_SIZE 0x0800  /* 128M */
+#define ROM_SIZE 0x1000  /* 4k */
+#define VECTORS_RESERVED_SIZE 0x1000
+
+#if XCHAL_HAVE_BE
 OUTPUT_FORMAT("elf32-xtensa-be")
 #else
 OUTPUT_FORMAT("elf32-xtensa-le")
 #endif
 ENTRY(_start)
 
-__DYNAMIC = 0;
-
 MEMORY {
-ram : ORIGIN = XCHAL_VECBASE_RESET_VADDR, LENGTH = 0x0800  /* 128M */
-rom : ORIGIN = XCHAL_RESET_VECTOR_VADDR, LENGTH = 0x1000  /* 4k */
+ram : ORIGIN = XCHAL_VECBASE_RESET_VADDR, LENGTH = RAM_SIZE
+rom : ORIGIN = XCHAL_RESET_VECTOR_VADDR, LENGTH = ROM_SIZE
 }
 
 SECTIONS
@@ -22,9 +34,9 @@ SECTIONS
 *(.init.*)
 } > rom
 
-.vector :
-{
 #if XCHAL_HAVE_WINDOWED
+.vector.window XCHAL_WINDOW_VECTORS_VADDR :
+{
 . = XCHAL_WINDOW_OF4_VECOFS;
 *(.vector.window_overflow_4)
 . = XCHAL_WINDOW_UF4_VECOFS;
@@ -37,41 +49,58 @@ SECTIONS
 *(.vector.window_overflow_12)
 . = XCHAL_WINDOW_UF12_VECOFS;
 *(.vector.window_underflow_12)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 2
-. = XCHAL_INTLEVEL2_VECOFS;
+.vector.level2 XCHAL_INTLEVEL2_VECTOR_VADDR :
+{
 *(.vector.level2)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 3
-. = XCHAL_INTLEVEL3_VECOFS;
+.vector.level3 XCHAL_INTLEVEL3_VECTOR_VADDR :
+{
 *(.vector.level3)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 4
-. = XCHAL_INTLEVEL4_VECOFS;
+.vector.level4 XCHAL_INTLEVEL4_VECTOR_VADDR :
+{
 *(.vector.level4)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 5
-. = XCHAL_INTLEVEL5_VECOFS;
+.vector.level5 XCHAL_INTLEVEL5_VECTOR_VADDR :
+{
 *(.vector.level5)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 6
-. = XCHAL_INTLEVEL6_VECOFS;
+.vector.level6 XCHAL_INTLEVEL6_VECTOR_VADDR :
+{
 *(.vector.level6)
+}
 #endif
 #if XCHAL_NUM_INTLEVELS + XCHAL_HAVE_NMI >= 7
-. = XCHAL_INTLEVEL7_VECOFS;
+.vector.level7 XCHAL_INTLEVEL7_VECTOR_VADDR :
+{
 *(.vector.level7)
+}
 #endif
-
-. = XCHAL_KERNEL_VECOFS;
+.vector.kernel XCHAL_KERNEL_VECTOR_VADDR :
+{
 *(.vector.kernel)
-. = XCHAL_USER_VECOFS;
+}
+.vector.user XCHAL_USER_VECTOR_VADDR :
+{
 *(.vector.user)
-. = XCHAL_DOUBLEEXC_VECOFS;
+}
+.vector.double XCHAL_DOUBLEEXC_VECTOR_VADDR :
+{
 *(.vector.double)
-} > ram
+}
 
-.vector.text :
+

[Qemu-devel] [PATCH 16/23] tests/tcg/xtensa: conditionalize windowed register tests

[Max Filippov]

Make windowed register tests conditional on the presence of this option.
Fix tests to work correctly for both 32 and 64 physical registers.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/test_windowed.S | 32 +++-
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/tests/tcg/xtensa/test_windowed.S b/tests/tcg/xtensa/test_windowed.S
index d851e8f43c5c..5ead90a790ed 100644
--- a/tests/tcg/xtensa/test_windowed.S
+++ b/tests/tcg/xtensa/test_windowed.S
@@ -2,10 +2,12 @@
 
 test_suite windowed
 
+#if XCHAL_HAVE_WINDOWED
+
 .altmacro
 
 .macro reset_window start
-movia2, 0xff
+movia2, 0x
 wsr a2, windowstart
 rsync
 movia2, 0
@@ -105,7 +107,8 @@ test_end
 movia3, 0x4001f
 assert  eq, a2, a3
 rsr a2, windowbase
-assert  eqi, a2, 8 - ((\window) / 4)
+movia3, (XCHAL_NUM_AREGS - (\window)) / 4
+assert  eq, a2, a3
 rsr a2, windowstart
 assert  eqi, a2, 1
 rfwu
@@ -116,8 +119,8 @@ test_end
 rsr a2, windowbase
 assert  eqi, a2, 0
 rsr a2, windowstart
-assert  bsi, a2, 0
-assert  bsi, a2, 8 - ((\window) / 4)
+assert  bsi.l, a2, 0
+assert  bsi.l, a2, (XCHAL_NUM_AREGS - (\window)) / 4
 .endm
 
 test underflow
@@ -132,7 +135,7 @@ test_end
 
 
 .macro retw_test window
-reset_window %(1 | (1 << (8 - (\window) / 4)))
+reset_window %(1 | (1 << ((XCHAL_NUM_AREGS - \window) / 4)))
 reset_ps
 
 ssai2
@@ -147,10 +150,11 @@ test_end
 movia3, 0x4000f
 assert  eq, a2, a3
 rsr a2, windowbase
-assert  eqi, a2, 8 - ((\window) / 4)
+movia3, (XCHAL_NUM_AREGS - (\window)) / 4
+assert  eq, a2, a3
 rsr a2, windowstart
-assert  bci, a2, 0
-assert  bsi, a2, 8 - ((\window) / 4)
+assert  bci.l, a2, 0
+assert  bsi.l, a2, (XCHAL_NUM_AREGS - (\window)) / 4
 .endm
 
 test retw
@@ -180,7 +184,7 @@ test movsp
 
 set_vector kernel, 0
 
-reset_window 0x81
+reset_window %(0x1 | (1 << ((XCHAL_NUM_AREGS / 4) - 1)))
 reset_ps
 
 movsp   a2, a3
@@ -211,8 +215,16 @@ test rotw
 movia3, 0x16
 movia7, 0x17
 
+#if XCHAL_NUM_AREGS == 32
 movia2, 0x44
 wsr a2, windowstart
+#elif XCHAL_NUM_AREGS == 64
+movia2, 0x4004
+wsr a2, windowstart
+rotw-8
+#else
+#error XCHAL_NUM_AREGS unsupported
+#endif
 rsync
 
 movia2, 0x10
@@ -350,4 +362,6 @@ test entry_overflow
 all_entry_overflow_tests
 test_end
 
+#endif
+
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 19/23] tests/tcg/xtensa: add LSCI/LSCX group tests

[Max Filippov]

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/Makefile   |   1 +
 tests/tcg/xtensa/test_lsc.S | 122 
 2 files changed, 123 insertions(+)
 create mode 100644 tests/tcg/xtensa/test_lsc.S

diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
index bd94ba6fe549..c2bc278be5e7 100644
--- a/tests/tcg/xtensa/Makefile
+++ b/tests/tcg/xtensa/Makefile
@@ -41,6 +41,7 @@ TESTCASES += test_fail.tst
 TESTCASES += test_flix.tst
 TESTCASES += test_interrupt.tst
 TESTCASES += test_loop.tst
+TESTCASES += test_lsc.tst
 TESTCASES += test_mac16.tst
 TESTCASES += test_max.tst
 TESTCASES += test_min.tst
diff --git a/tests/tcg/xtensa/test_lsc.S b/tests/tcg/xtensa/test_lsc.S
new file mode 100644
index ..0578bf19e72e
--- /dev/null
+++ b/tests/tcg/xtensa/test_lsc.S
@@ -0,0 +1,122 @@
+#include "macros.inc"
+
+test_suite lsc
+
+#if XCHAL_HAVE_FP
+
+test lsi
+movia2, 1
+wsr a2, cpenable
+
+movia2, 1f
+lsi f0, a2, 0
+lsi f1, a2, 4
+lsiuf2, a2, 8
+movia3, 1f + 8
+assert  eq, a2, a3
+rfr a2, f0
+movia3, 0x3f80
+assert  eq, a2, a3
+rfr a2, f1
+movia3, 0x4000
+assert  eq, a2, a3
+rfr a2, f2
+movia3, 0x4040
+assert  eq, a2, a3
+.data
+.align  4
+1:
+.float 1, 2, 3
+.text
+test_end
+
+test ssi
+movia2, 1f
+movia3, 0x4080
+wfr f3, a3
+ssi f3, a2, 0
+movia3, 0x40a0
+wfr f4, a3
+ssi f4, a2, 4
+movia3, 0x40c0
+wfr f5, a3
+ssiuf5, a2, 8
+movia3, 1f + 8
+assert  eq, a2, a3
+l32ia4, a2, -8
+movia3, 0x4080
+assert  eq, a4, a3
+l32ia4, a2, -4
+movia3, 0x40a0
+assert  eq, a4, a3
+l32ia4, a2, 0
+movia3, 0x40c0
+assert  eq, a4, a3
+.data
+.align  4
+1:
+.float 0, 0, 0
+.text
+test_end
+
+test lsx
+movia2, 1f
+movia3, 0
+lsx f6, a2, a3
+movia3, 4
+lsx f7, a2, a3
+movia3, 8
+lsxuf8, a2, a3
+movia3, 1f + 8
+assert  eq, a2, a3
+rfr a2, f6
+movia3, 0x40e0
+assert  eq, a2, a3
+rfr a2, f7
+movia3, 0x4100
+assert  eq, a2, a3
+rfr a2, f8
+movia3, 0x4110
+assert  eq, a2, a3
+.data
+.align  4
+1:
+.float 7, 8, 9
+.text
+test_end
+
+test ssx
+movia2, 1f
+movia3, 0
+movia4, 0x4120
+wfr f9, a4
+ssx f9, a2, a3
+movia3, 4
+movia4, 0x4130
+wfr f10, a4
+ssx f10, a2, a3
+movia3, 8
+movia4, 0x4140
+wfr f11, a4
+ssxuf11, a2, a3
+movia3, 1f + 8
+assert  eq, a2, a3
+l32ia4, a2, -8
+movia3, 0x4120
+assert  eq, a4, a3
+l32ia4, a2, -4
+movia3, 0x4130
+assert  eq, a4, a3
+l32ia4, a2, 0
+movia3, 0x4140
+assert  eq, a4, a3
+.data
+.align  4
+1:
+.float 0, 0, 0
+.text
+test_end
+
+#endif
+
+test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 01/23] target/xtensa: implement PREFCTL SR

[Max Filippov]

Cache prefetch option adds an unprivileged SR PREFCTL. Add trivial
implementation for this SR.

Signed-off-by: Max Filippov 
---
 target/xtensa/cpu.h   |  1 +
 target/xtensa/translate.c | 16 
 2 files changed, 17 insertions(+)

diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index a01a94e2a683..4d8152682fe1 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -131,6 +131,7 @@ enum {
 ACCLO = 16,
 ACCHI = 17,
 MR = 32,
+PREFCTL = 40,
 WINDOW_BASE = 72,
 WINDOW_START = 73,
 PTEVADDR = 83,
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 2fd64f8d995d..cbc52ecd8fa4 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -134,6 +134,7 @@ static const XtensaReg sregnames[256] = {
 [MR + 1] = XTENSA_REG("MR1", XTENSA_OPTION_MAC16),
 [MR + 2] = XTENSA_REG("MR2", XTENSA_OPTION_MAC16),
 [MR + 3] = XTENSA_REG("MR3", XTENSA_OPTION_MAC16),
+[PREFCTL] = XTENSA_REG_BITS("PREFCTL", XTENSA_OPTION_ALL),
 [WINDOW_BASE] = XTENSA_REG("WINDOW_BASE", XTENSA_OPTION_WINDOWED_REGISTER),
 [WINDOW_START] = XTENSA_REG("WINDOW_START",
 XTENSA_OPTION_WINDOWED_REGISTER),
@@ -4152,6 +4153,11 @@ static const XtensaOpcodeOps core_ops[] = {
 .par = (const uint32_t[]){MISC + 3},
 .op_flags = XTENSA_OP_PRIVILEGED,
 }, {
+.name = "rsr.prefctl",
+.translate = translate_rsr,
+.test_ill = test_ill_rsr,
+.par = (const uint32_t[]){PREFCTL},
+}, {
 .name = "rsr.prid",
 .translate = translate_rsr,
 .test_ill = test_ill_rsr,
@@ -4777,6 +4783,11 @@ static const XtensaOpcodeOps core_ops[] = {
 .par = (const uint32_t[]){MMID},
 .op_flags = XTENSA_OP_PRIVILEGED,
 }, {
+.name = "wsr.prefctl",
+.translate = translate_wsr,
+.test_ill = test_ill_wsr,
+.par = (const uint32_t[]){PREFCTL},
+}, {
 .name = "wsr.prid",
 .translate = translate_wsr,
 .test_ill = test_ill_wsr,
@@ -5265,6 +5276,11 @@ static const XtensaOpcodeOps core_ops[] = {
 .par = (const uint32_t[]){MISC + 3},
 .op_flags = XTENSA_OP_PRIVILEGED,
 }, {
+.name = "xsr.prefctl",
+.translate = translate_xsr,
+.test_ill = test_ill_xsr,
+.par = (const uint32_t[]){PREFCTL},
+}, {
 .name = "xsr.prid",
 .translate = translate_xsr,
 .test_ill = test_ill_xsr,
-- 
2.11.0

[Qemu-devel] [PATCH 08/23] tests/tcg/xtensa: conditionalize debug option tests

[Max Filippov]

Make debug tests conditional on the presence of the debug option in the
config and tests that depend on the presence/number of instruction or
data breakpoint registers on the corresponding definitions. Use
configured debug interrupt level instead of the hardcoded value to set
up IRQ handler and access debug EPC register.

Signed-off-by: Max Filippov 
---
 tests/tcg/xtensa/macros.inc   |  3 +++
 tests/tcg/xtensa/test_break.S | 27 ++-
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/tests/tcg/xtensa/macros.inc b/tests/tcg/xtensa/macros.inc
index 93825dc7b513..5265c8606bff 100644
--- a/tests/tcg/xtensa/macros.inc
+++ b/tests/tcg/xtensa/macros.inc
@@ -97,3 +97,6 @@ test_\name:
 movia3, \addr
 s32ia3, a2, 0
 .endm
+
+#define glue(a, b) _glue(a, b)
+#define _glue(a, b) a ## b
diff --git a/tests/tcg/xtensa/test_break.S b/tests/tcg/xtensa/test_break.S
index 775cd7c26063..3379a3f9f06e 100644
--- a/tests/tcg/xtensa/test_break.S
+++ b/tests/tcg/xtensa/test_break.S
@@ -1,10 +1,13 @@
 #include "macros.inc"
 
-#define debug_level 6
-#define debug_vector level6
-
 test_suite break
 
+#if XCHAL_HAVE_DEBUG
+
+#define debug_level XCHAL_DEBUGLEVEL
+#define debug_vector glue(level, XCHAL_DEBUGLEVEL)
+#define EPC_DEBUG glue(epc, XCHAL_DEBUGLEVEL)
+
 test break
 set_vector debug_vector, 0
 rsila2, debug_level
@@ -21,7 +24,7 @@ test break
 and a2, a2, a3
 movia3, 0x10 | debug_level
 assert  eq, a2, a3
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 1b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -45,7 +48,7 @@ test breakn
 and a2, a2, a3
 movia3, 0x10 | debug_level
 assert  eq, a2, a3
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 1b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -53,6 +56,7 @@ test breakn
 assert  eq, a2, a3
 test_end
 
+#if XCHAL_NUM_IBREAK
 test ibreak
 set_vector debug_vector, 0
 rsila2, debug_level
@@ -83,7 +87,7 @@ test ibreak
 and a2, a2, a3
 movia3, 0x10 | debug_level
 assert  eq, a2, a3
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 1b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -110,7 +114,7 @@ test ibreak_remove
 and a2, a2, a3
 movia3, 0x10 | debug_level
 assert  eq, a2, a3
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 2b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -141,6 +145,7 @@ test ibreak_priority
 movia3, 0x2
 assert  eq, a2, a3
 test_end
+#endif
 
 test icount
 set_vector debug_vector, 2f
@@ -158,7 +163,7 @@ test icount
 2:
 movia2, 0
 wsr a2, icountlevel
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 1b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -167,7 +172,7 @@ test icount
 test_end
 
 .macro check_dbreak dr
-rsr a2, epc6
+rsr a2, EPC_DEBUG
 movia3, 1b
 assert  eq, a2, a3
 rsr a2, debugcause
@@ -194,6 +199,7 @@ test_end
 reset_ps
 .endm
 
+#if XCHAL_NUM_DBREAK
 test dbreak_exact
 dbreak_test 0, 0x403f, 0xd07f, 0xd07f, l8ui
 dbreak_test 1, 0x403e, 0xd07e, 0xd07e, l16ui
@@ -253,5 +259,8 @@ test dbreak_invalid
 dbreak_test 0, 0x4030, 0xd071, 0xd070, l16ui
 dbreak_test 1, 0x4035, 0xd072, 0xd070, l32i
 test_end
+#endif
+
+#endif
 
 test_suite_end
-- 
2.11.0

[Qemu-devel] [PATCH 00/23] tests/tcg/xtensa: conditionalize xtensa tests

[Max Filippov]

Hello,

this series reorganizes xtensa tests so that they can be run on various
xtensa core configurations. It adds new tests for FPU2000 opcodes and
for FLIX. It also adds support for printing test execution trace when
preprocessor macro DEBUG is defined.

Max Filippov (23):
  target/xtensa: implement PREFCTL SR
  tests/tcg/xtensa: indicate failed tests
  tests/tcg/xtensa: support configurations w/o vecbase
  tests/tcg/xtensa: support configs with LITBASE
  tests/tcg/xtensa: don't use optional opcodes in generic code
  tests/tcg/xtensa: fix endianness issues in test_b
  tests/tcg/xtensa: enable boolean tests
  tests/tcg/xtensa: conditionalize debug option tests
  tests/tcg/xtensa: conditionalize cache option tests
  tests/tcg/xtensa: add straightforward conditionals
  tests/tcg/xtensa: conditionalize interrupt tests
  tests/tcg/xtensa: conditionalize timer/CCOUNT tests
  tests/tcg/xtensa: conditionalize and expand SR tests
  tests/tcg/xtensa: fix SR tests for big endian configs
  tests/tcg/xtensa: conditionalize and fix s32c1i tests
  tests/tcg/xtensa: conditionalize windowed register tests
  tests/tcg/xtensa: conditionalize MMU-related tests
  tests/tcg/xtensa: add test for FLIX
  tests/tcg/xtensa: add LSCI/LSCX group tests
  tests/tcg/xtensa: add FP0 group arithmetic tests
  tests/tcg/xtensa: add FP0 group conversion tests
  tests/tcg/xtensa: add FP1 group tests
  tests/tcg/xtensa: add FPU2000 coprocessor tests

 target/xtensa/cpu.h |   1 +
 target/xtensa/translate.c   |  16 ++
 tests/tcg/xtensa/Makefile   |  13 +-
 tests/tcg/xtensa/linker.ld.S|  67 +---
 tests/tcg/xtensa/macros.inc |  41 -
 tests/tcg/xtensa/test_b.S   |  40 -
 tests/tcg/xtensa/test_boolean.S |   4 +
 tests/tcg/xtensa/test_break.S   |  27 ++--
 tests/tcg/xtensa/test_cache.S   |  62 ++--
 tests/tcg/xtensa/test_clamps.S  |   4 +
 tests/tcg/xtensa/test_flix.S|  60 +++
 tests/tcg/xtensa/test_fp0_arith.S   | 173 
 tests/tcg/xtensa/test_fp0_conv.S| 304 
 tests/tcg/xtensa/test_fp1.S | 141 +
 tests/tcg/xtensa/test_fp_cpenable.S |  27 
 tests/tcg/xtensa/test_interrupt.S   |  88 ---
 tests/tcg/xtensa/test_loop.S|   4 +
 tests/tcg/xtensa/test_lsc.S | 122 +++
 tests/tcg/xtensa/test_mac16.S   |   4 +
 tests/tcg/xtensa/test_max.S |   4 +
 tests/tcg/xtensa/test_min.S |   4 +
 tests/tcg/xtensa/test_mmu.S |   4 +
 tests/tcg/xtensa/test_mul16.S   |   4 +
 tests/tcg/xtensa/test_mul32.S   |   4 +
 tests/tcg/xtensa/test_nsa.S |   4 +
 tests/tcg/xtensa/test_phys_mem.S|   4 +
 tests/tcg/xtensa/test_quo.S |   4 +
 tests/tcg/xtensa/test_rem.S |   4 +
 tests/tcg/xtensa/test_rst0.S|   8 +
 tests/tcg/xtensa/test_s32c1i.S  |  12 ++
 tests/tcg/xtensa/test_sext.S|   4 +
 tests/tcg/xtensa/test_sr.S  | 153 +-
 tests/tcg/xtensa/test_timer.S   |  48 +-
 tests/tcg/xtensa/test_windowed.S|  32 ++--
 tests/tcg/xtensa/vectors.S  |  14 +-
 35 files changed, 1413 insertions(+), 92 deletions(-)
 create mode 100644 tests/tcg/xtensa/test_flix.S
 create mode 100644 tests/tcg/xtensa/test_fp0_arith.S
 create mode 100644 tests/tcg/xtensa/test_fp0_conv.S
 create mode 100644 tests/tcg/xtensa/test_fp1.S
 create mode 100644 tests/tcg/xtensa/test_fp_cpenable.S
 create mode 100644 tests/tcg/xtensa/test_lsc.S

-- 
2.11.0

Re: [Qemu-devel] Testing sysbus devices

[Markus Armbruster]

Stephen Checkoway  writes:

> On Feb 18, 2019, at 13:08, Markus Armbruster  wrote:
>
>> Stephen Checkoway  writes:
>> 
>>> On Feb 18, 2019, at 08:43, Thomas Huth  wrote:
>>> 
 On 18/02/2019 07.07, Stephen Checkoway wrote:
> Hi all,
> 
> I've been working on some improvements to the pflash_cfi02 block device 
> (interleaved flash devices similar to pflash_cfi01, multi-sector erase, 
> nonuniform sector sizes, and some bug fixes and I'm planning on 
> implementing sector erase suspend/resume commands in the near future).
>> 
>> Any chance you could do multiple region support, too?
>
> Can you point me at the data sheet for a flash chip with multiple region 
> support? For my purposes, I only need the features I mentioned, but if it's a 
> simple change, I'll consider it.

I'm not familiar with CFI pflash, but I can operate a search engine.
Have a look at page 27 and 56 of

https://media.digikey.com/pdf/Data%20Sheets/Intel%20PDFs/28F160C3,320C3,640C3,800C3%20(x16).pdf

and tell us whether it's helpful.

 QTestState *qts;
 qts = qtest_initf(" qemu-system-arm -M musicpal,accel=qtest "
   "-drive if=pflash,file=%s,format=raw", filename);
>>> 
>>> If I do that, will it be possible for the test to override the properties 
>>> set by pflash_cfi02_register? It looks like I should be able to use -global 
>>> to set properties that aren't set explicitly.
>> 
>> Yes.
>> 
>> Won't work for properties set by pflash_cfi02_register(), though.  To
>> test the full range of values there, you'd have to make them
>> configurable somehow.  We currently don't have a good way to do that.
>> Please see
>> 
>>Subject: Re: Configuring pflash devices for OVMF firmware
>>Message-ID: <87mun8gd2x@dusky.pond.sub.org>
>>https://lists.nongnu.org/archive/html/qemu-devel/2019-02/msg01734.html
>
> I see. That's too bad.

I think a test would be quite welcome even if it only tests what's
testable now with reasonable effort.

[Qemu-devel] [PATCH 1/2] pc-dimm: remove check on pc-dimm hotpluggable

[Wei Yang]

Function acpi_memory_plug_cb() is only invoked when dev is a PCDIMM,
which is hotpluggable. This means it is not necessary to check this
property again.

This patch removes this check.

Signed-off-by: Wei Yang 
---
 hw/acpi/memory_hotplug.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 8c7c1013f3..b19673d337 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -266,10 +266,6 @@ void acpi_memory_plug_cb(HotplugHandler *hotplug_dev, 
MemHotplugState *mem_st,
 MemStatus *mdev;
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
 
-if (!dc->hotpluggable) {
-return;
-}
-
 mdev = acpi_memory_slot_status(mem_st, dev, errp);
 if (!mdev) {
 return;
-- 
2.19.1

[Qemu-devel] [PATCH 2/2] pc-dimm: remove realize callback

[Wei Yang]

PCDIMM's realize callback is introduced to do proper setup for NVDIMM.

Currently the NVDIMM setup task is nvdimm_prepare_memory_region(), which
is done in pre_plug stage. This means related task has already been done
at realize point.

This patch remove PCDIMM realize callback.

Signed-off-by: Wei Yang 
---
 hw/acpi/memory_hotplug.c |  1 -
 hw/mem/nvdimm.c  | 11 ---
 hw/mem/pc-dimm.c |  5 -
 include/hw/mem/pc-dimm.h |  3 ---
 4 files changed, 20 deletions(-)

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index b19673d337..cb5284d36f 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -264,7 +264,6 @@ void acpi_memory_plug_cb(HotplugHandler *hotplug_dev, 
MemHotplugState *mem_st,
  DeviceState *dev, Error **errp)
 {
 MemStatus *mdev;
-DeviceClass *dc = DEVICE_GET_CLASS(dev);
 
 mdev = acpi_memory_slot_status(mem_st, dev, errp);
 if (!mdev) {
diff --git a/hw/mem/nvdimm.c b/hw/mem/nvdimm.c
index bf2adf5e16..8f69576926 100644
--- a/hw/mem/nvdimm.c
+++ b/hw/mem/nvdimm.c
@@ -136,15 +136,6 @@ static MemoryRegion 
*nvdimm_md_get_memory_region(MemoryDeviceState *md,
 return nvdimm->nvdimm_mr;
 }
 
-static void nvdimm_realize(PCDIMMDevice *dimm, Error **errp)
-{
-NVDIMMDevice *nvdimm = NVDIMM(dimm);
-
-if (!nvdimm->nvdimm_mr) {
-nvdimm_prepare_memory_region(nvdimm, errp);
-}
-}
-
 /*
  * the caller should check the input parameters before calling
  * label read/write functions.
@@ -192,12 +183,10 @@ static Property nvdimm_properties[] = {
 
 static void nvdimm_class_init(ObjectClass *oc, void *data)
 {
-PCDIMMDeviceClass *ddc = PC_DIMM_CLASS(oc);
 MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(oc);
 NVDIMMClass *nvc = NVDIMM_CLASS(oc);
 DeviceClass *dc = DEVICE_CLASS(oc);
 
-ddc->realize = nvdimm_realize;
 mdc->get_memory_region = nvdimm_md_get_memory_region;
 dc->props = nvdimm_properties;
 
diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 152400b1fc..5832c0ba92 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -159,7 +159,6 @@ static void pc_dimm_init(Object *obj)
 static void pc_dimm_realize(DeviceState *dev, Error **errp)
 {
 PCDIMMDevice *dimm = PC_DIMM(dev);
-PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
 
 if (!dimm->hostmem) {
 error_setg(errp, "'" PC_DIMM_MEMDEV_PROP "' property is not set");
@@ -178,10 +177,6 @@ static void pc_dimm_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-if (ddc->realize) {
-ddc->realize(dimm, errp);
-}
-
 host_memory_backend_set_mapped(dimm->hostmem, true);
 }
 
diff --git a/include/hw/mem/pc-dimm.h b/include/hw/mem/pc-dimm.h
index 01436b9f50..d18f8246b7 100644
--- a/include/hw/mem/pc-dimm.h
+++ b/include/hw/mem/pc-dimm.h
@@ -59,8 +59,6 @@ typedef struct PCDIMMDevice {
 
 /**
  * PCDIMMDeviceClass:
- * @realize: called after common dimm is realized so that the dimm based
- * devices get the chance to do specified operations.
  * @get_vmstate_memory_region: returns #MemoryRegion which indicates the
  * memory of @dimm should be kept during live migration. Will not fail
  * after the device was realized.
@@ -70,7 +68,6 @@ typedef struct PCDIMMDeviceClass {
 DeviceClass parent_class;
 
 /* public */
-void (*realize)(PCDIMMDevice *dimm, Error **errp);
 MemoryRegion *(*get_vmstate_memory_region)(PCDIMMDevice *dimm,
Error **errp);
 } PCDIMMDeviceClass;
-- 
2.19.1

[Qemu-devel] [PATCH 0/2] PCDIMM cleanup

[Wei Yang]

Two trivial cleanup for pc-dimm.

Patch [1] remove the check on class->hotpluggable since pc-dimm is always
hotpluggable.
Patch [2] remove realized callback since the task is done in pre_plug stage.

Wei Yang (2):
  pc-dimm: remove check on pc-dimm hotpluggable
  pc-dimm: remove realize callback

 hw/acpi/memory_hotplug.c |  5 -
 hw/mem/nvdimm.c  | 11 ---
 hw/mem/pc-dimm.c |  5 -
 include/hw/mem/pc-dimm.h |  3 ---
 4 files changed, 24 deletions(-)

-- 
2.19.1

[Qemu-devel] [Bug 1816052] Re: qemu system emulator fails to start if no sound card is present on host

[Kris M]

I agree. Thanks. :)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1816052

Title:
  qemu system emulator fails to start if no sound card is present on
  host

Status in QEMU:
  New

Bug description:
  A plain build from git master at
  81dbcfa9e1d8bab3f7c4cc923c0b40cd666f374f on Fedora 29 x86_64 host,
  with no options passed to configure.

  Trying to launch QEMU on a  host with no audio card present:

  # ls /dev/snd/
  seq  timer

  It will fail to initialize alsa and abort startup:

  # qemu-system-x86_64 -cdrom Fedora-Workstation-Live-x86_64-29-1.2.iso  -m 
4000 -vnc 0.0.0.0:1 
  ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_card_driver 
returned error: No such file or directory
  ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_concat returned 
error: No such file or directory
  ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_refer returned 
error: No such file or directory
  ALSA lib conf.c:5034:(snd_config_expand) Evaluate error: No such file or 
directory
  ALSA lib pcm.c:2565:(snd_pcm_open_noupdate) Unknown PCM default
  alsa: Could not initialize DAC
  alsa: Failed to open `default':
  alsa: Reason: No such file or directory
  ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_card_driver 
returned error: No such file or directory
  ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_concat returned 
error: No such file or directory
  ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
  ALSA lib conf.c:4555:(_snd_config_evaluate) function snd_func_refer returned 
error: No such file or directory
  ALSA lib conf.c:5034:(snd_config_expand) Evaluate error: No such file or 
directory
  ALSA lib pcm.c:2565:(snd_pcm_open_noupdate) Unknown PCM default
  alsa: Could not initialize DAC
  alsa: Failed to open `default':
  alsa: Reason: No such file or directory
  init fail
  audio: Failed to create voice `pcspk'
  qemu-system-x86_64: Initialization of device isa-pcspk failed: Initializing 
audio voice failed

  
  git bisect blames this change:

  
commit 6a48541873f14b597630283f8f5397674ad82ea9 (HEAD, refs/bisect/bad)
Author: Gerd Hoffmann 
Date:   Thu Jan 24 12:20:55 2019 +0100

  audio: probe audio drivers by default
  
  Add the drivers listed in audio_possible_drivers to audio_drv_list,
  using the try-* variants.  That way the probable drivers are compiled by
  default if possible.
  
  Additioal tweaks:
linux: reorder to: pa alsa sdl oss.
*bsd: drop pa.
  
  Signed-off-by: Gerd Hoffmann 
  Message-id: 20190124112055.547-7-kra...@redhat.com

  
  This changed our probe order:

 Linux)
-  audio_drv_list="oss"
+  audio_drv_list="try-pa try-alsa try-sdl oss"

  After some debugging I can see that 'audio_init' successfully
  initializes the alsa driver.

  When the pcspk devices goes to AUD_open_out though, the alsa driver
  fails spewing the above text to stderr and thus causes QEMU to fail.

  This looks very much like the ALSA driver in QEMU is broken -
  audio_init() should not have succeeded unless the ALSA driver knew it
  could later succesfully honour AUD_open_out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1816052/+subscriptions

Re: [Qemu-devel] [PATCH 09/10] pflash: Clean up after commit 368a354f02b part 2

[Markus Armbruster]

Laszlo Ersek  writes:

> On 02/18/19 18:01, Laszlo Ersek wrote:
>> On 02/18/19 13:56, Markus Armbruster wrote:
>>> QOMification left parameter @size unused in pflash_cfi01_register()
>>> and pflash_cfi02_register().  register().  Obviously, @size should
>
> I meant to point out the typo above, but I got distracted mid-review. Sorry!

Will fix, thanks!

Re: [Qemu-devel] [Qemu-ppc] [PATCH 04/10] sam460ex: Don't size flash memory to match backing image

[Markus Armbruster]

BALATON Zoltan  writes:

> On Mon, 18 Feb 2019, Markus Armbruster wrote:
>> BALATON Zoltan  writes:
>>> On Mon, 18 Feb 2019, Markus Armbruster wrote:
 Machine "sam460ex" maps its flash memory at address 0xFFF0.  When
 no image is supplied, its size is 1MiB (0x10).  Else, it's the
 size of the image rounded up to the next multiple of 64KiB.

 The rounding is actually useless: pflash_cfi01_realize() fails with
 "failed to read the initial flash content" unless it's a no-op.

 I have no idea what happens when the pflash's size exceeds 1MiB.
 Useful outcomes seem unlikely.

 I guess memory at the end of the address space remains unmapped when
 it's smaller than 1MiB.  Again, useful outcomes seem unlikely.
>>>
>>> I'm not sure where this was coming from but it predates my changes so
>>> no idea either.
>>>
 Set the flash memory size to 1MiB regardless of image size, to match
 the physical hardware.
>>>
>>> Actually the real hardware seems to have a 512 kB flash chip:
>>> https://eu.mouser.com/datasheet/2/268/atmel_AT49BV040B-1180330.pdf
>>
>> Fascinating.
>>
>>  confirms.
>>
>>> so while you're at it you could change FLASH_SIZE to match that.
>>
>> Leads to more questions, below.
[...]
>> Let's have a look at the resulting function:
>>
>>static int sam460ex_load_uboot(void)
>>{
>>DriveInfo *dinfo;
>>
>>dinfo = drive_get(IF_PFLASH, 0, 0);
>>if (!pflash_cfi01_register(FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32),
>>   "sam460ex.flash", FLASH_SIZE,
>>   dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
[...]
>>   65536,
>>   1, 0x89, 0x18, 0x, 0x0, 1)) {
>>error_report("Error registering flash memory");
>>/* XXX: return an error instead? */
>>exit(1);
>>}
>>
>>if (!dinfo) {
>>/*error_report("No flash image given with the 'pflash' parameter,"
>>" using default u-boot image");*/
>>rom_add_file_fixed(UBOOT_FILENAME,
>>   UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32),
>>   -1);
>>}
>>
>>return 0;
>>}
>>
>> This first creates 1MiB of flash memory mapped at the end of the 32-bit
>> address space (0xFFF0..0x).
>>
>> If_PFLASH unit 0 is defined, the flash memory is initialized from that
>> block backend.
>>
>> Else, it's initialized to zero.  And then 512KiB of ROM gets mapped on
>> top of its second half (0xFFF8..0x), initialized from
>> u-boot-sam460-20100605.bin (which we build).
>>
>> This doesn't smell right.
>
> Unfortunately I don't know much about how this should work. Maybe
> François can remember where this comes from, this was already there
> when I started working on it, but I suspect maybe he's copied it from
> some other board in QEMU as well. The sam460ex was based on
> ppc440_bamboo but that does not seem to have flash ROM. Memory SPD
> EEPROM came from mips_malta (cleaned up since but it shows that that
> was also used as inspiration) but that's also not the same so maybe it
> was adapted for sam460ex or came from some other example in QEMU. This
> was already there in François's initial commit:
>
> https://github.com/mmuman/qemu/commit/d10cc631645f3893d53e60cc00c618470b4de52c#diff-73d06ebbc1301aab78105d853097fa2fR42
>
> and later was slightly modified (maybe to rebase for changes in QEMU):
>
> https://github.com/mmuman/qemu/commit/768136b08a6b9b69e707af2c478b68a5935bb8f0#diff-73d06ebbc1301aab78105d853097fa2fL1267
>
> The comment says these values come from U-Boot:
>
> https://git.qemu.org/?p=u-boot-sam460ex.git;a=blob;f=include/configs/Sam460ex.h;h=71064a9601c89dd3ce381d07e0def6c9d5294d44;hb=HEAD#l123
>
> and that indeed has flash size of 1 MB but then builds an image that's
> exactly 512 kB which should be mapped at end of 4GB because the
> initial program counter of the CPU is 0xfffc and board has a 512kB
> flash chip as well.
>
>> I propose to do the following: if IF_PFLASH unit 0 is defined, create
>> 512KiB of flash memory mapped at the end of the 32-bit address space,
>> else, create 512KiB of ROM there.
>>
>> Okay?
>
> AFAIU the above U-Boot could handle up to 1MB of ROM but board has a
> 512kB chip so probably it makes sense to use 512k here. However since
> this is not well understood (at least by me) I'm not asking you to do
> that and maybe just leave it as it is now. This can be revisited when
> NVRAM is implemented later as this may be related to that (or not)
> this would need understanding of some details I don't have yet. But if
> you feel confident enough to clean this up feel free to go ahead.

Then let's use my patch as is, plus a FIXME comment explaining the
situation.  Okay?

[Qemu-devel] [PATCH] target/xtensa: fixup test_mmuhifi_c3 overlay

[Max Filippov]

xtensa-modules part of the test_mmuhifi_c3 core is missing fixes that
returns XTENSA_UNDEFINED for undefined opcodes and marks all data
structures static. Run sed script from target/xtensa/import_core.sh on
it. This fixes test_sr tests for missing special registers.

Signed-off-by: Max Filippov 
---
 .../core-test_mmuhifi_c3/xtensa-modules.inc.c  | 1322 ++--
 1 file changed, 661 insertions(+), 661 deletions(-)

diff --git a/target/xtensa/core-test_mmuhifi_c3/xtensa-modules.inc.c 
b/target/xtensa/core-test_mmuhifi_c3/xtensa-modules.inc.c
index ef70f80f1d69..687631b8fb2f 100644
--- a/target/xtensa/core-test_mmuhifi_c3/xtensa-modules.inc.c
+++ b/target/xtensa/core-test_mmuhifi_c3/xtensa-modules.inc.c
@@ -24159,2627 +24159,2627 @@ Opcode_ae_sbf_Slot_inst_encode (xtensa_insnbuf 
slotbuf)
   slotbuf[0] = 0xe7d014;
 }
 
-xtensa_opcode_encode_fn Opcode_excw_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_excw_encode_fns[] = {
   Opcode_excw_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rfe_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rfe_encode_fns[] = {
   Opcode_rfe_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rfde_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rfde_encode_fns[] = {
   Opcode_rfde_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_syscall_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_syscall_encode_fns[] = {
   Opcode_syscall_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_simcall_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_simcall_encode_fns[] = {
   Opcode_simcall_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_call12_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_call12_encode_fns[] = {
   Opcode_call12_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_call8_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_call8_encode_fns[] = {
   Opcode_call8_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_call4_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_call4_encode_fns[] = {
   Opcode_call4_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_callx12_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_callx12_encode_fns[] = {
   Opcode_callx12_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_callx8_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_callx8_encode_fns[] = {
   Opcode_callx8_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_callx4_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_callx4_encode_fns[] = {
   Opcode_callx4_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_entry_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_entry_encode_fns[] = {
   Opcode_entry_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_movsp_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_movsp_encode_fns[] = {
   Opcode_movsp_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rotw_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rotw_encode_fns[] = {
   Opcode_rotw_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_retw_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_retw_encode_fns[] = {
   Opcode_retw_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_retw_n_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_retw_n_encode_fns[] = {
   0, 0, Opcode_retw_n_Slot_inst16b_encode, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rfwo_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rfwo_encode_fns[] = {
   Opcode_rfwo_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rfwu_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rfwu_encode_fns[] = {
   Opcode_rfwu_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_l32e_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_l32e_encode_fns[] = {
   Opcode_l32e_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_s32e_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_s32e_encode_fns[] = {
   Opcode_s32e_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rsr_windowbase_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rsr_windowbase_encode_fns[] = {
   Opcode_rsr_windowbase_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_wsr_windowbase_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_wsr_windowbase_encode_fns[] = {
   Opcode_wsr_windowbase_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_xsr_windowbase_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_xsr_windowbase_encode_fns[] = {
   Opcode_xsr_windowbase_Slot_inst_encode, 0, 0, 0, 0
 };
 
-xtensa_opcode_encode_fn Opcode_rsr_windowstart_encode_fns[] = {
+static xtensa_opcode_encode_fn Opcode_rsr_windowstart_encode_fns[] = {
   Opcode_rsr_windowstart_Slot_inst_encode, 0, 0, 0, 0
 };
 

Re: [Qemu-devel] [PATCH 07/12] target/ppc: Add basic support for "new format" HPTE as found on POWER9

[David Gibson]

On Fri, Feb 15, 2019 at 06:00:24PM +0100, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> POWER9 (arch v3) slightly changes the HPTE format. The B bits move
> from the first to the second half of the HPTE, and the AVPN/ARPN
> are slightly shorter.
> 
> However, under SPAPR, the hypercalls still take the old format
> (and probably will for the foreseable future).
> 
> The simplest way to support this is thus to convert the HPTEs from
> new to old format when reading them if the MMU model is v3 and there
> is no virtual hypervisor, leaving the rest of the code unchanged.
> 
> Signed-off-by: Benjamin Herrenschmidt 
> Signed-off-by: Cédric Le Goater 

Kinda hacky, but definitely the easiest way in the short to medium term.

> ---
>  target/ppc/mmu-book3s-v3.h | 12 
>  target/ppc/mmu-hash64.h|  5 +
>  target/ppc/mmu-hash64.c|  5 +
>  3 files changed, 22 insertions(+)
> 
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index 4e59742d7eac..216ff296c088 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -56,6 +56,18 @@ static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
>  return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
>  }
>  
> +static inline void ppc64_v3_new_to_old_hpte(target_ulong *pte0,
> +target_ulong *pte1)
> +{
> +/* Insert B into pte0 */
> +*pte0 = (*pte0 & HPTE64_V_COMMON_BITS) |
> +((*pte1 & HPTE64_R_3_0_SSIZE_MASK) <<
> + (HPTE64_V_SSIZE_SHIFT - HPTE64_R_3_0_SSIZE_SHIFT));
> +
> +/* Remove B from pte1 */
> +*pte1 = *pte1 & ~HPTE64_R_3_0_SSIZE_MASK;
> +}
> +
>  hwaddr ppc64_v3_get_phys_page_debug(PowerPCCPU *cpu, vaddr eaddr);
>  
>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
> index f11efc9cbc1f..016d6b44ee75 100644
> --- a/target/ppc/mmu-hash64.h
> +++ b/target/ppc/mmu-hash64.h
> @@ -102,6 +102,11 @@ void ppc_hash64_filter_pagesizes(PowerPCCPU *cpu,
>  #define HPTE64_V_1TB_SEG0x4000ULL
>  #define HPTE64_V_VRMA_MASK  0x4001ff00ULL
>  
> +/* Format changes for ARCH v3 */
> +#define HPTE64_V_COMMON_BITS0x000fULL
> +#define HPTE64_R_3_0_SSIZE_SHIFT 58
> +#define HPTE64_R_3_0_SSIZE_MASK (3ULL << HPTE64_R_3_0_SSIZE_SHIFT)
> +
>  static inline hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
>  {
>  if (cpu->vhyp) {
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index b3c4d33faa55..9afaab8a177c 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -514,6 +514,11 @@ static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, 
> hwaddr hash,
>  smp_rmb();
>  pte1 = ppc_hash64_hpte1(cpu, pteg, i);
>  
> +/* Convert format if necessary */
> +if (cpu->env.mmu_model == POWERPC_MMU_3_00 && !cpu->vhyp) {
> +ppc64_v3_new_to_old_hpte(, );
> +}
> +
>  /* This compares V, B, H (secondary) and the AVPN */
>  if (HPTE64_V_COMPARE(pte0, ptem)) {
>  *pshift = hpte_page_shift(sps, pte0, pte1);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 07/12] target/ppc: Add basic support for "new format" HPTE as found on POWER9

[David Gibson]

On Tue, Feb 19, 2019 at 03:05:29PM +1100, David Gibson wrote:
> On Fri, Feb 15, 2019 at 06:00:24PM +0100, Cédric Le Goater wrote:
> > From: Benjamin Herrenschmidt 
> > 
> > POWER9 (arch v3) slightly changes the HPTE format. The B bits move
> > from the first to the second half of the HPTE, and the AVPN/ARPN
> > are slightly shorter.
> > 
> > However, under SPAPR, the hypercalls still take the old format
> > (and probably will for the foreseable future).
> > 
> > The simplest way to support this is thus to convert the HPTEs from
> > new to old format when reading them if the MMU model is v3 and there
> > is no virtual hypervisor, leaving the rest of the code unchanged.
> > 
> > Signed-off-by: Benjamin Herrenschmidt 
> > Signed-off-by: Cédric Le Goater 
> 
> Kinda hacky, but definitely the easiest way in the short to medium
> term.

So, this doesn't compile as-is without the include rearrangement I
objected to earlier in the series.

But.. I'm not actually seeing any reason (here or later in the series)
that ppc64_v3_new_to_old_hpte() really needs to be in the header.  So
I'm applying this with it moved into mmu-hash64.c.

> 
> > ---
> >  target/ppc/mmu-book3s-v3.h | 12 
> >  target/ppc/mmu-hash64.h|  5 +
> >  target/ppc/mmu-hash64.c|  5 +
> >  3 files changed, 22 insertions(+)
> > 
> > diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> > index 4e59742d7eac..216ff296c088 100644
> > --- a/target/ppc/mmu-book3s-v3.h
> > +++ b/target/ppc/mmu-book3s-v3.h
> > @@ -56,6 +56,18 @@ static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
> >  return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
> >  }
> >  
> > +static inline void ppc64_v3_new_to_old_hpte(target_ulong *pte0,
> > +target_ulong *pte1)
> > +{
> > +/* Insert B into pte0 */
> > +*pte0 = (*pte0 & HPTE64_V_COMMON_BITS) |
> > +((*pte1 & HPTE64_R_3_0_SSIZE_MASK) <<
> > + (HPTE64_V_SSIZE_SHIFT - HPTE64_R_3_0_SSIZE_SHIFT));
> > +
> > +/* Remove B from pte1 */
> > +*pte1 = *pte1 & ~HPTE64_R_3_0_SSIZE_MASK;
> > +}
> > +
> >  hwaddr ppc64_v3_get_phys_page_debug(PowerPCCPU *cpu, vaddr eaddr);
> >  
> >  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> > diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
> > index f11efc9cbc1f..016d6b44ee75 100644
> > --- a/target/ppc/mmu-hash64.h
> > +++ b/target/ppc/mmu-hash64.h
> > @@ -102,6 +102,11 @@ void ppc_hash64_filter_pagesizes(PowerPCCPU *cpu,
> >  #define HPTE64_V_1TB_SEG0x4000ULL
> >  #define HPTE64_V_VRMA_MASK  0x4001ff00ULL
> >  
> > +/* Format changes for ARCH v3 */
> > +#define HPTE64_V_COMMON_BITS0x000fULL
> > +#define HPTE64_R_3_0_SSIZE_SHIFT 58
> > +#define HPTE64_R_3_0_SSIZE_MASK (3ULL << HPTE64_R_3_0_SSIZE_SHIFT)
> > +
> >  static inline hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
> >  {
> >  if (cpu->vhyp) {
> > diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> > index b3c4d33faa55..9afaab8a177c 100644
> > --- a/target/ppc/mmu-hash64.c
> > +++ b/target/ppc/mmu-hash64.c
> > @@ -514,6 +514,11 @@ static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, 
> > hwaddr hash,
> >  smp_rmb();
> >  pte1 = ppc_hash64_hpte1(cpu, pteg, i);
> >  
> > +/* Convert format if necessary */
> > +if (cpu->env.mmu_model == POWERPC_MMU_3_00 && !cpu->vhyp) {
> > +ppc64_v3_new_to_old_hpte(, );
> > +}
> > +
> >  /* This compares V, B, H (secondary) and the AVPN */
> >  if (HPTE64_V_COMPARE(pte0, ptem)) {
> >  *pshift = hpte_page_shift(sps, pte0, pte1);
> 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 00/10] pflash: Fixes and cleanups

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190218125615.18970-1-arm...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190218125615.18970-1-arm...@redhat.com
Subject: [Qemu-devel] [PATCH 00/10] pflash: Fixes and cleanups
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20190218125615.18970-1-arm...@redhat.com -> 
patchew/20190218125615.18970-1-arm...@redhat.com
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for 
path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for 
path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://github.com/hdeller/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for 
path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for 
path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'tests/fp/berkeley-softfloat-3' 
(https://github.com/cota/berkeley-softfloat-3) registered for path 
'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' 
(https://github.com/cota/berkeley-testfloat-3) registered for path 
'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) 
registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'a5b428e1c1eae703bdd62a3f527223c291ee3fdc'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 
'de4565cbe76ea9f7913a01f331be3ee901bb6e17'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 
'3464681b2b5983df80086a40179d324102347da3'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 
'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 
'51c237d7e20d05100eacadee2f61abc17e6bc097'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 
'a698c8995ffb2838296ec284fe3c4ad33dfca307'
Cloning into 'roms/seabios-hppa'...
Submodule path 'roms/seabios-hppa': checked out 
'1ef99a01572c2581c30e16e6fe69e9ea2ef92ce0'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 
'cbaee52287e5f32373181cff50a00b6c4ac9015a'
Cloning into 'roms/skiboot'...
Submodule path 'roms/skiboot': checked out 
'e0ee24c27a172bcf482f6f2bc905e6211c134bcc'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 
'd85ca029f257b53a96da6c2fb421e78a003a9943'
Cloning into 'roms/u-boot-sam460ex'...
Submodule path 'roms/u-boot-sam460ex': checked out 
'60b3916f33e617a815973c5a6df77055b2e3a588'
Cloning into 'tests/fp/berkeley-softfloat-3'...
Submodule path 'tests/fp/berkeley-softfloat-3': checked out 
'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'tests/fp/berkeley-testfloat-3'...
Submodule path 'tests/fp/berkeley-testfloat-3': checked out 
'5a59dcec19327396a011a17fd924aed4fec416b3'
Cloning into 'ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
Switched to a new branch 'test'
7003d72 hw/arm hw/xtensa: De-duplicate pflash creation code some
0f5bb14 pflash: Clean up after commit 368a354f02b part 2
0ddfc52 pflash: Clean up after commit 368a354f02b part 1
a88cfc5 mips_malta: Clean up definition of flash memory size somewhat
06b58eb r2d: Flash 

Re: [Qemu-devel] [PATCH 00/10] pflash: Fixes and cleanups

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190218125615.18970-1-arm...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190218125615.18970-1-arm...@redhat.com
Subject: [Qemu-devel] [PATCH 00/10] pflash: Fixes and cleanups
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]patchew/20190218125615.18970-1-arm...@redhat.com -> 
patchew/20190218125615.18970-1-arm...@redhat.com
Switched to a new branch 'test'
7003d72a5f hw/arm hw/xtensa: De-duplicate pflash creation code some
0f5bb14893 pflash: Clean up after commit 368a354f02b part 2
0ddfc52fb8 pflash: Clean up after commit 368a354f02b part 1
a88cfc5bbf mips_malta: Clean up definition of flash memory size somewhat
06b58eb0a8 r2d: Flash memory creation is confused about size, mark FIXME
fd280c6abc ppc405_boards: Don't size flash memory to match backing image
85a5bb56ec sam460ex: Don't size flash memory to match backing image
4f66728f2f hw: Use CFI_PFLASH0{1, 2} and TYPE_CFI_PFLASH0{1, 2}
368c51060a pflash: Macro PFLASH_BUG() is used just once, expand
209d90e8f1 pflash: Rename pflash_t to PFlashCFI01, PFlashCFI02

=== OUTPUT BEGIN ===
1/10 Checking commit 209d90e8f163 (pflash: Rename pflash_t to PFlashCFI01, 
PFlashCFI02)
ERROR: space prohibited between function name and open parenthesis '('
#128: FILE: hw/block/pflash_cfi01.c:288:
+static uint32_t pflash_read (PFlashCFI01 *pfl, hwaddr offset,

ERROR: space prohibited between function name and open parenthesis '('
#340: FILE: hw/block/pflash_cfi02.c:141:
+static uint32_t pflash_read (PFlashCFI02 *pfl, hwaddr offset,

ERROR: space prohibited between function name and open parenthesis '('
#358: FILE: hw/block/pflash_cfi02.c:264:
+static void pflash_write (PFlashCFI02 *pfl, hwaddr offset,

total: 3 errors, 0 warnings, 483 lines checked

Patch 1/10 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/10 Checking commit 368c51060aff (pflash: Macro PFLASH_BUG() is used just 
once, expand)
3/10 Checking commit 4f66728f2f5a (hw: Use CFI_PFLASH0{1, 2} and 
TYPE_CFI_PFLASH0{1, 2})
4/10 Checking commit 85a5bb56ec18 (sam460ex: Don't size flash memory to match 
backing image)
5/10 Checking commit fd280c6abca7 (ppc405_boards: Don't size flash memory to 
match backing image)
6/10 Checking commit 06b58eb0a8e9 (r2d: Flash memory creation is confused about 
size, mark FIXME)
7/10 Checking commit a88cfc5bbf98 (mips_malta: Clean up definition of flash 
memory size somewhat)
8/10 Checking commit 0ddfc52fb852 (pflash: Clean up after commit 368a354f02b 
part 1)
ERROR: spaces required around that '-' (ctx:VxV)
#90: FILE: hw/arm/musicpal.c:1639:
+pflash_cfi02_register(0x1ULL-MP_FLASH_SIZE_MAX,
 ^

ERROR: spaces required around that '-' (ctx:VxV)
#98: FILE: hw/arm/musicpal.c:1646:
+pflash_cfi02_register(0x1ULL-MP_FLASH_SIZE_MAX,
 ^

total: 2 errors, 0 warnings, 248 lines checked

Patch 8/10 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

9/10 Checking commit 0f5bb148930a (pflash: Clean up after commit 368a354f02b 
part 2)
10/10 Checking commit 7003d72a5f0f (hw/arm hw/xtensa: De-duplicate pflash 
creation code some)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190218125615.18970-1-arm...@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [Bug 1737883] Re: Cannot boot FreeBSD on versatilepb machine

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1737883

Title:
  Cannot boot FreeBSD on versatilepb machine

Status in QEMU:
  Expired

Bug description:
  I know some years ago it was possible to boot FreeBSD in QEMU versatilepb 
machine
  https://kernelnomicon.org/?p=229 (you can download image and kernel using 
web.archive.org)
  Now when I try to do that I get only black screen with no output even in QEMU 
console.
  I also added -global versatile_pci.broken-irq-mapping=1, but this seem to 
have no effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1737883/+subscriptions

Re: [Qemu-devel] Please help corrupt filesystem image

[Alexander Marx]

Thank you for replying.
Well i am using latest PROXMOX in a cluster of 4 physical servers.
during the weekend i had to stop all hosts because electricians had to
work on the fuse box.

i shutted down all vm's then powered off all physical hosts. One of them
took very long.
this host had a raid5 of 27 TB on it (XFS) where some vm images were saved.

i waited long time but i knew that at weekends the raid does a patrol
read. So i switched that host hard off.

After rebooting, all hosts and nearly all vms came back online without
problems. only these two images could not be started.
As i told before, they were not critical as they were part of a new
domain which was not used in productuction.

Then i found out that the XFS Filesystem has problems. i stopped all
vm's again and did a xfs_check on that storage.
Some Errors were correted which causes 2 other vm's to die.

These vm's i could restore from backup, so no problem. The other 2
Win216 servers i had to delete and install new.
Thank you very much for your interest on my problem.
It is solved.

Have a nice week and please go on developing that great piece of software!


Am 18.02.19 um 21:54 schrieb John Snow:
>
> On 2/16/19 10:54 PM, Alexander Marx wrote:
>> Dear List!
>>
>> I have a big problem and hope you can help me.
>> I built a new windows 2016 domain with virtual servers. 2 dc and 9 rds
>> hosts.
>> I was nearly finished with the setup and ready to migrate the users from
>> old to new domain.
>>
>> Then i had to restart the physical servers. Unfortunately 1 dc and 2 rds
>> hosts could not be startet anymore.
>> Error says:
>>
>> qemu-img: Could not open 'vm-150-disk-0.qcow2': Could not read qcow2
>> header: Input/output error
>>
>> Even worst, a qemu-img check  also gave that error. and i was not able
>> to do anything i found in the internet to fix it.
>> always that error or the qemu-img could not determine the format.
>>
>> Is there a chance to fix these images? What can i do?
>>
>> I have no backup because the domain was not fully configured. But if i
>> have to rebuild the whole domain, i will need several weeks for it.
>> Any help is appreciated.
>>
>> Thank you
>>
>> Alex
>>
> What versions of QEMU were you running?
> What filesystem were these images stored on?
> What happened at the time of the corruption, is there some detail that
> might help explain the nature of the corruption? Did you shut down the
> physical host while the VMs were still running?
>
> There may not be a way to recover these images, but we should probably
> make sure that your configuration isn't unsafe to prevent this kind of
> problem in the future.

Re: [Qemu-devel] [PATCH 06/12] target/ppc: Fix ordering of hash MMU accesses

[David Gibson]

On Fri, Feb 15, 2019 at 06:00:23PM +0100, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> With mttcg, we can have MMU lookups happening at the same time
> as the guest modifying the page tables.
> 
> Since the HPTEs of the hash table MMU contains two words (or
> double worlds on 64-bit), we need to make sure we read them
> in the right order, with the correct memory barrier.
> 
> Additionally, when using emulated SPAPR mode, the hypercalls
> writing to the hash table must also perform the udpates in
> the right order.
> 
> Note: This part is still not entirely correct
> 
> Signed-off-by: Benjamin Herrenschmidt 
> Signed-off-by: Cédric Le Goater 

Yeah, this stuff was written under the assumption it was protected by
the BQL, which is getting less true all the time.

Applied.

> ---
>  hw/ppc/spapr.c  | 21 +++--
>  target/ppc/mmu-hash32.c |  6 ++
>  target/ppc/mmu-hash64.c |  6 ++
>  3 files changed, 31 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 60572eb59275..1afe31ee6163 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1507,8 +1507,25 @@ static void spapr_store_hpte(PPCVirtualHypervisor 
> *vhyp, hwaddr ptex,
>  if (!spapr->htab) {
>  kvmppc_write_hpte(ptex, pte0, pte1);
>  } else {
> -stq_p(spapr->htab + offset, pte0);
> -stq_p(spapr->htab + offset + HASH_PTE_SIZE_64 / 2, pte1);
> +if (pte0 & HPTE64_V_VALID) {
> +stq_p(spapr->htab + offset + HASH_PTE_SIZE_64 / 2, pte1);
> +/*
> + * When setting valid, we write PTE1 first. This ensures
> + * proper synchronization with the reading code in
> + * ppc_hash64_pteg_search()
> + */
> +smp_wmb();
> +stq_p(spapr->htab + offset, pte0);
> +} else {
> +stq_p(spapr->htab + offset, pte0);
> +/*
> + * When clearing it we set PTE0 first. This ensures proper
> + * synchronization with the reading code in
> + * ppc_hash64_pteg_search()
> + */
> +smp_wmb();
> +stq_p(spapr->htab + offset + HASH_PTE_SIZE_64 / 2, pte1);
> +}
>  }
>  }
>  
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 03ae3c127985..e8562a7c8780 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -319,6 +319,12 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, 
> hwaddr pteg_off,
>  
>  for (i = 0; i < HPTES_PER_GROUP; i++) {
>  pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
> +/*
> + * pte0 contains the valid bit and must be read before pte1,
> + * otherwise we might see an old pte1 with a new valid bit and
> + * thus an inconsistent hpte value
> + */
> +smp_rmb();
>  pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
>  
>  if ((pte0 & HPTE32_V_VALID)
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index f6c822ef917b..b3c4d33faa55 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -506,6 +506,12 @@ static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, 
> hwaddr hash,
>  }
>  for (i = 0; i < HPTES_PER_GROUP; i++) {
>  pte0 = ppc_hash64_hpte0(cpu, pteg, i);
> +/*
> + * pte0 contains the valid bit and must be read before pte1,
> + * otherwise we might see an old pte1 with a new valid bit and
> + * thus an inconsistent hpte value
> + */
> +smp_rmb();
>  pte1 = ppc_hash64_hpte1(cpu, pteg, i);
>  
>  /* This compares V, B, H (secondary) and the AVPN */

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 02/12] target/ppci/mmu: Use LPCR:HR to chose radix vs. hash translation

[David Gibson]

On Mon, Feb 18, 2019 at 10:20:43PM +0100, Philippe Mathieu-Daudé wrote:
> On 2/18/19 7:47 AM, David Gibson wrote:
> > On Fri, Feb 15, 2019 at 06:00:19PM +0100, Cédric Le Goater wrote:
> >> From: Benjamin Herrenschmidt 
> >>
> >> Now that LPCR:HR is set properly for SPAPR, use it for deciding
> >> the translation type, which also works for bare metal
> 
> "ppci" -> "ppc" in patch title.

Fixed up inline.

> 
> >>
> >> Signed-off-by: Benjamin Herrenschmidt 
> >> Signed-off-by: Cédric Le Goater 
> > 
> > Reviewed-by: David Gibson 
> > 
> >> ---
> >>  target/ppc/mmu-book3s-v3.h | 14 +-
> >>  target/ppc/mmu-book3s-v3.c | 11 ++-
> >>  target/ppc/mmu_helper.c|  9 ++---
> >>  3 files changed, 21 insertions(+), 13 deletions(-)
> >>
> >> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> >> index fdf80987d7b2..41b77158622a 100644
> >> --- a/target/ppc/mmu-book3s-v3.h
> >> +++ b/target/ppc/mmu-book3s-v3.h
> >> @@ -43,14 +43,18 @@ static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
> >>  return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
> >>  }
> >>  
> >> -static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
> >> +/*
> >> + * The LPCR:HR bit is a shortcut that avoids having to
> >> + * dig out the partition table in the fast path. This is
> >> + * also how the HW uses it.
> >> + */
> >> +static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
> >>  {
> >> -PPCVirtualHypervisorClass *vhc =
> >> -PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> >> -
> >> -return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> >> +return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
> >>  }
> >>  
> >> +hwaddr ppc64_v3_get_phys_page_debug(PowerPCCPU *cpu, vaddr eaddr);
> >> +
> >>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> >>int mmu_idx);
> >>  
> >> diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
> >> index b60df4408f3b..a174e7efc57c 100644
> >> --- a/target/ppc/mmu-book3s-v3.c
> >> +++ b/target/ppc/mmu-book3s-v3.c
> >> @@ -26,9 +26,18 @@
> >>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> >>int mmu_idx)
> >>  {
> >> -if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
> >> +if (ppc64_v3_radix(cpu)) { /* Guest uses radix */
> >>  return ppc_radix64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> >>  } else { /* Guest uses hash */
> >>  return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> >>  }
> >>  }
> >> +
> >> +hwaddr ppc64_v3_get_phys_page_debug(PowerPCCPU *cpu, vaddr eaddr)
> >> +{
> >> +if (ppc64_v3_radix(cpu)) {
> >> +return ppc_radix64_get_phys_page_debug(cpu, eaddr);
> >> +} else {
> >> +return ppc_hash64_get_phys_page_debug(cpu, eaddr);
> >> +}
> >> +}
> >> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> >> index cefed34da4f2..ae81ee18ae95 100644
> >> --- a/target/ppc/mmu_helper.c
> >> +++ b/target/ppc/mmu_helper.c
> >> @@ -1342,7 +1342,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
> >> CPUPPCState *env)
> >>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> >>  break;
> >>  case POWERPC_MMU_3_00:
> >> -if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> >> +if (ppc64_v3_radix(ppc_env_get_cpu(env))) {
> >>  /* TODO - Unsupported */
> >>  } else {
> >>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> >> @@ -1497,12 +1497,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, 
> >> vaddr addr)
> >>  case POWERPC_MMU_2_07:
> >>  return ppc_hash64_get_phys_page_debug(cpu, addr);
> >>  case POWERPC_MMU_3_00:
> >> -if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> >> -return ppc_radix64_get_phys_page_debug(cpu, addr);
> >> -} else {
> >> -return ppc_hash64_get_phys_page_debug(cpu, addr);
> >> -}
> >> -break;
> >> +return ppc64_v3_get_phys_page_debug(cpu, addr);
> >>  #endif
> >>  
> >>  case POWERPC_MMU_32B:
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 05/12] target/ppc: Cleanup 64-bit MMU includes

[David Gibson]

On Fri, Feb 15, 2019 at 06:00:22PM +0100, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> To enable inlining more things, move #include of mmu-hash64.h and
> mmu-radix64.h to mmu-book3s-v3.h
> 
> Signed-off-by: Benjamin Herrenschmidt 
> Signed-off-by: Cédric Le Goater 

I don't really get what this is in aid of, and it doesn't seem quite
right.

It's fair enough in mmu-book3s-v3.c.   But mmu-hash64.c handles 64-bit
hash MMUs earlier than V3 as well, so it doesn't really make sense for
it to get to mmu-hash64.c via an indirect include.

> ---
>  target/ppc/mmu-book3s-v3.h | 3 +++
>  hw/ppc/spapr_hcall.c   | 1 -
>  target/ppc/mmu-book3s-v3.c | 2 --
>  target/ppc/mmu-hash64.c| 1 -
>  target/ppc/mmu-radix64.c   | 1 -
>  5 files changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index 12ec0054c207..4e59742d7eac 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -22,6 +22,9 @@
>  
>  #ifndef CONFIG_USER_ONLY
>  
> +#include "mmu-hash64.h"
> +#include "mmu-radix64.h"
> +
>  /*
>   * Partition table definitions
>   */
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index b47241ace62a..2f64c69a6abf 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -9,7 +9,6 @@
>  #include "helper_regs.h"
>  #include "hw/ppc/spapr.h"
>  #include "hw/ppc/spapr_cpu_core.h"
> -#include "mmu-hash64.h"
>  #include "cpu-models.h"
>  #include "trace.h"
>  #include "kvm_ppc.h"
> diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
> index a174e7efc57c..ccbae3213cc1 100644
> --- a/target/ppc/mmu-book3s-v3.c
> +++ b/target/ppc/mmu-book3s-v3.c
> @@ -19,9 +19,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "cpu.h"
> -#include "mmu-hash64.h"
>  #include "mmu-book3s-v3.h"
> -#include "mmu-radix64.h"
>  
>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
>int mmu_idx)
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index 1175b991d994..f6c822ef917b 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -24,7 +24,6 @@
>  #include "qemu/error-report.h"
>  #include "sysemu/hw_accel.h"
>  #include "kvm_ppc.h"
> -#include "mmu-hash64.h"
>  #include "exec/log.h"
>  #include "hw/hw.h"
>  #include "mmu-book3s-v3.h"
> diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
> index ab76cbc83530..5881efeb8598 100644
> --- a/target/ppc/mmu-radix64.c
> +++ b/target/ppc/mmu-radix64.c
> @@ -25,7 +25,6 @@
>  #include "sysemu/kvm.h"
>  #include "kvm_ppc.h"
>  #include "exec/log.h"
> -#include "mmu-radix64.h"
>  #include "mmu-book3s-v3.h"
>  
>  static bool ppc_radix64_get_fully_qualified_addr(CPUPPCState *env, vaddr 
> eaddr,

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 04/12] target/ppc: Fix #include guard in mmu-book3s-v3.h

[David Gibson]

On Fri, Feb 15, 2019 at 06:00:21PM +0100, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> Signed-off-by: Benjamin Herrenschmidt 
> Signed-off-by: Cédric Le Goater 

Applied, thanks.

> ---
>  target/ppc/mmu-book3s-v3.h | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index 41b77158622a..12ec0054c207 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -17,8 +17,8 @@
>   * License along with this library; if not, see 
> .
>   */
>  
> -#ifndef MMU_H
> -#define MMU_H
> +#ifndef MMU_BOOOK3S_V3_H
> +#define MMU_BOOOK3S_V3_H
>  
>  #ifndef CONFIG_USER_ONLY
>  
> @@ -62,4 +62,4 @@ int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, 
> int rwx,
>  
>  #endif /* CONFIG_USER_ONLY */
>  
> -#endif /* MMU_H */
> +#endif /* MMU_BOOOK3S_V3_H */

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 03/12] target/ppc: Re-enable RMLS on POWER9 for virtual hypervisors

[David Gibson]

On Fri, Feb 15, 2019 at 06:00:20PM +0100, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> Historically the 64-bit server MMU supports two way of configuring the
> guest "real mode" mapping:
> 
>  - The "RMA" with is a single chunk of physically contiguous
> memory remapped as guest real, and controlled by the RMLS
> field in the LPCR register and the RMOR register.
> 
>  - The "VRMA" which uses special PTEs inserted in the partition
> hash table by the hypervisor.
> 
> POWER9 deprecates the former, which is reflected by the filtering
> done in ppc_store_lpcr() which effectively prevents setting of
> the RMLS field.
> 
> However, when using fully emulated SPAPR machines, our qemu code
> currently only knows how to define the guest real mode memory using
> RMLS.
> 
> Thus you cannot run a SPAPR machine anymore with a POWER9 CPU
> model today.
> 
> This works around it with a quirk in ppc_store_lpcr() to continue
> allowing the RMLS field to be set when using a virtual hypervisor.
> 
> Ultimately we will want to implement configuring a VRMA instead
> which will also be necessary if we want to migrate a SPAPR guest
> between TCG and KVM but this is a lot more work.

Urgh.  I'm applying this because it fixes a real bug, but it's not
really the right solution.

We will want to support VRMAs at some point in order to let emulated
powernv machines run guests, but implementing VRMA doesn't really make
sense in the context of a PAPR machine.

The real problem here is that we're using the LPCR - which notionally
doesn't even exist in a PAPR machine - to trick the softmmu code,
which is written from the point of view of bare metal - into doing
more or less the right thing for a PAPR machine.

The correct solution, I think, is to put a test on cpu->vhyp into the
guts of the softmmu code so that in non-HV real mode it doesn't even
consult the LPCR and just goes directly to GPAs (which is the only
think that the pseries machine knows about).

Although then I guess we'd need some way in the vhyp of representing
the permissible max address of real mode accesses.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 05/10] ppc405_boards: Don't size flash memory to match backing image

[David Gibson]

On Mon, Feb 18, 2019 at 01:56:10PM +0100, Markus Armbruster wrote:
> Machine "ref405ep" maps its flash memory at address 2^32 - image size.
> Image size is rounded up to the next multiple of 64KiB.  Useless,
> because pflash_cfi02_realize() fails with "failed to read the initial
> flash content" unless the rounding is a no-op.
> 
> If the image size exceeds 0x8 Bytes, we overlap first SRAM, then
> other stuff.  No idea how that would play out, but a useful outcomes
> seem unlikely.
> 
> Map the flash memory at fixed address 0xFFF8 with size 512KiB,
> regardless of image size, to match the physical hardware.
> 
> Machine "taihu" maps its boot flash memory similarly.  The code even
> has a comment /* XXX: should check that size is 2MB */, followed by
> disabled code to adjust the size to 2MiB regardless of image size.
> 
> Its code to map its application flash memory looks the same, except
> there the XXX comment asks for 32MiB, and the code to adjust the size
> isn't disabled.  Note that pflash_cfi02_realize() fails with "failed
> to read the initial flash content" for images smaller than 32MiB.
> 
> Map the boot flash memory at fixed address 0xFFE0 with size 2MiB,
> to match the physical hardware.  Delete dead code from application
> flash mapping, and simplify some.
> 
> Cc: David Gibson 
> Signed-off-by: Markus Armbruster 

Acked-by: David Gibson 

> ---
>  hw/ppc/ppc405_boards.c | 53 +-
>  1 file changed, 16 insertions(+), 37 deletions(-)
> 
> diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
> index f47b15f10e..728154aebb 100644
> --- a/hw/ppc/ppc405_boards.c
> +++ b/hw/ppc/ppc405_boards.c
> @@ -158,7 +158,7 @@ static void ref405ep_init(MachineState *machine)
>  target_ulong kernel_base, initrd_base;
>  long kernel_size, initrd_size;
>  int linux_boot;
> -int fl_idx, fl_sectors, len;
> +int len;
>  DriveInfo *dinfo;
>  MemoryRegion *sysmem = get_system_memory();
>  
> @@ -185,26 +185,19 @@ static void ref405ep_init(MachineState *machine)
>  #ifdef DEBUG_BOARD_INIT
>  printf("%s: register BIOS\n", __func__);
>  #endif
> -fl_idx = 0;
>  #ifdef USE_FLASH_BIOS
> -dinfo = drive_get(IF_PFLASH, 0, fl_idx);
> +dinfo = drive_get(IF_PFLASH, 0, 0);
>  if (dinfo) {
> -BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
> -
> -bios_size = blk_getlength(blk);
> -fl_sectors = (bios_size + 65535) >> 16;
>  #ifdef DEBUG_BOARD_INIT
> -printf("Register parallel flash %d size %lx"
> -   " at addr %lx '%s' %d\n",
> -   fl_idx, bios_size, -bios_size,
> -   blk_name(blk), fl_sectors);
> +printf("Register parallel flash\n");
>  #endif
> -pflash_cfi02_register((uint32_t)(-bios_size),
> +bios_size = 0x8;
> +pflash_cfi02_register(0xFFF8,
>NULL, "ef405ep.bios", bios_size,
> -  blk, 65536, fl_sectors, 1,
> +  dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
> +  65536, bios_size / 65536, 1,
>2, 0x0001, 0x22DA, 0x, 0x, 0x555, 
> 0x2AA,
>1);
> -fl_idx++;
>  } else
>  #endif
>  {
> @@ -455,7 +448,7 @@ static void taihu_405ep_init(MachineState *machine)
>  target_ulong kernel_base, initrd_base;
>  long kernel_size, initrd_size;
>  int linux_boot;
> -int fl_idx, fl_sectors;
> +int fl_idx;
>  DriveInfo *dinfo;
>  
>  /* RAM is soldered to the board so the size cannot be changed */
> @@ -486,21 +479,14 @@ static void taihu_405ep_init(MachineState *machine)
>  #if defined(USE_FLASH_BIOS)
>  dinfo = drive_get(IF_PFLASH, 0, fl_idx);
>  if (dinfo) {
> -BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
> -
> -bios_size = blk_getlength(blk);
> -/* XXX: should check that size is 2MB */
> -//bios_size = 2 * 1024 * 1024;
> -fl_sectors = (bios_size + 65535) >> 16;
>  #ifdef DEBUG_BOARD_INIT
> -printf("Register parallel flash %d size %lx"
> -   " at addr %lx '%s' %d\n",
> -   fl_idx, bios_size, -bios_size,
> -   blk_name(blk), fl_sectors);
> +printf("Register boot flash\n");
>  #endif
> -pflash_cfi02_register((uint32_t)(-bios_size),
> +bios_size = 2 * MiB;
> +pflash_cfi02_register(0xFFE0,
>NULL, "taihu_405ep.bios", bios_size,
> -  blk, 65536, fl_sectors, 1,
> +  dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
> +  65536, bios_size / 65536, 1,
>4, 0x0001, 0x22DA, 0x, 0x, 0x555, 
> 0x2AA,
>1);
>  fl_idx++;
> @@ -536,20 +522,13 @@ static void taihu_405ep_init(MachineState *machine)
>  /* 

Re: [Qemu-devel] [PATCH v4] ppc: add host-serial and host-model machine attributes

[David Gibson]

On Mon, Feb 18, 2019 at 11:43:49PM +0530, P J P wrote:
> From: Prasad J Pandit 
> 
> On ppc hosts, hypervisor shares following system attributes
> 
>   - /proc/device-tree/system-id
>   - /proc/device-tree/model
> 
> with a guest. This could lead to information leakage and misuse.[*]
> Add machine attributes to control such system information exposure
> to a guest.
> 
> [*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
> 
> Reported-by: Daniel P. Berrangé 
> Fix-suggested-by: Daniel P. Berrangé 
> Signed-off-by: Prasad J Pandit 

Applied to ppc-for-4.0, thanks.

> ---
>  hw/ppc/spapr.c | 76 ++
>  include/hw/ppc/spapr.h |  2 ++
>  2 files changed, 72 insertions(+), 6 deletions(-)
> 
> Update v4: remove NULL initializations in spapr_instance_init()
>   -> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04554.html
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0942f35bf8..8786c4c4ca 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1249,13 +1249,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
>   * Add info to guest to indentify which host is it being run on
>   * and what is the uuid of the guest
>   */
> -if (kvmppc_get_host_model()) {
> -_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
> -g_free(buf);
> +if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
> +if (g_str_equal(spapr->host_model, "passthrough")) {
> +/* -M host-model=passthrough */
> +if (kvmppc_get_host_model()) {
> +_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
> +g_free(buf);
> +}
> +} else {
> +/* -M host-model= */
> +_FDT(fdt_setprop_string(fdt, 0, "host-model", 
> spapr->host_model));
> +}
>  }
> -if (kvmppc_get_host_serial()) {
> -_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
> -g_free(buf);
> +
> +if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
> +if (g_str_equal(spapr->host_serial, "passthrough")) {
> +/* -M host-serial=passthrough */
> +if (kvmppc_get_host_serial()) {
> +_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
> +g_free(buf);
> +}
> +} else {
> +/* -M host-serial= */
> +_FDT(fdt_setprop_string(fdt, 0, "host-serial", 
> spapr->host_serial));
> +}
>  }
>  
>  buf = qemu_uuid_unparse_strdup(_uuid);
> @@ -3138,6 +3155,36 @@ static void spapr_set_ic_mode(Object *obj, const char 
> *value, Error **errp)
>  }
>  }
>  
> +static char *spapr_get_host_model(Object *obj, Error **errp)
> +{
> +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> +
> +return g_strdup(spapr->host_model);
> +}
> +
> +static void spapr_set_host_model(Object *obj, const char *value, Error 
> **errp)
> +{
> +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> +
> +g_free(spapr->host_model);
> +spapr->host_model = g_strdup(value);
> +}
> +
> +static char *spapr_get_host_serial(Object *obj, Error **errp)
> +{
> +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> +
> +return g_strdup(spapr->host_serial);
> +}
> +
> +static void spapr_set_host_serial(Object *obj, const char *value, Error 
> **errp)
> +{
> +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> +
> +g_free(spapr->host_serial);
> +spapr->host_serial = g_strdup(value);
> +}
> +
>  static void spapr_instance_init(Object *obj)
>  {
>  sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> @@ -3183,6 +3230,17 @@ static void spapr_instance_init(Object *obj)
>  object_property_set_description(obj, "ic-mode",
>   "Specifies the interrupt controller mode (xics, xive, 
> dual)",
>   NULL);
> +
> +object_property_add_str(obj, "host-model",
> +spapr_get_host_model, spapr_set_host_model,
> +_abort);
> +object_property_set_description(obj, "host-model",
> +"Set host's model-id to use - none|passthrough|string", 
> _abort);
> +object_property_add_str(obj, "host-serial",
> +spapr_get_host_serial, spapr_set_host_serial,
> +_abort);
> +object_property_set_description(obj, "host-serial",
> +"Set host's system-id to use - none|passthrough|string", 
> _abort);
>  }
>  
>  static void spapr_machine_finalizefn(Object *obj)
> @@ -4080,9 +4138,15 @@ DEFINE_SPAPR_MACHINE(4_0, "4.0", true);
>  static void spapr_machine_3_1_class_options(MachineClass *mc)
>  {
>  sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
> +static GlobalProperty compat[] = {
> +{ TYPE_SPAPR_MACHINE, "host-model", "passthrough" },
> +{ TYPE_SPAPR_MACHINE, "host-serial", "passthrough" },
> +};
>  
>  spapr_machine_4_0_class_options(mc);
>  compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len);
> +

Re: [Qemu-devel] [PATCH v3 0/6] tests: Add device unplug tests

[David Gibson]

On Mon, Feb 18, 2019 at 10:21:56AM +0100, David Hildenbrand wrote:
> This is a set of tests to test basic device unplugging functionality for
> - some PCI implementations
> - CCW devices on s390x
> - spapr memory and cpu core devices
> 
> I plaed with ACPI CPU unplug but getting that to run with qtest is more
> involved. (remove devices on reset, trick cpu-hotplug-legacy property,
> somehow create cpu hotplug state objects ...). Well we no have at least
> one unplug test for DIMMs and one for CPUs.

I believe we were talking about merging this via the ppc tree, so I've
merged it into ppc-for-4.0 (with Connie's acks).

If I was mistaken about that, let me know and I'll pull them out
before I send my next pull request.

> 
> v2 -> v3:
> - Use a smaller DIMM for spapr memory unplug request test
> - Combine both spapr test registrations in a single if statement
> - Use "-" instead of "_" in test names
> - Add a huge load of r-b/a-b :) hpe I didn't forget some.
> 
> v1 -> v2:
> - Tests for CCW, spapr memory and spapr cpu core unplug added
> - Fix a deadlock when unplugging dummy CPUs
> - Style fixes / simplifications (Thomas)
> - Don't use the global_qtest variable (Thomas)
> - Fix double-free (Greg)
> 
> David Hildenbrand (6):
>   cpus: Properly release the iothread lock when killing a dummy VCPU
>   spapr: support memory unplug for qtest
>   tests/device-plug: Add a simple PCI unplug request test
>   tests/device-plug: Add CCW unplug test for s390x
>   tests/device-plug: Add CPU core unplug request test for spapr
>   tests/device-plug: Add memory unplug request test for spapr
> 
>  cpus.c   |   1 +
>  hw/ppc/spapr_ovec.c  |   6 ++
>  tests/Makefile.include   |   4 +
>  tests/device-plug-test.c | 162 +++
>  4 files changed, 173 insertions(+)
>  create mode 100644 tests/device-plug-test.c
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3] ppc: add host-serial and host-model machine attributes

[David Gibson]

On Mon, Feb 18, 2019 at 11:52:18AM +, Daniel P. Berrangé wrote:
> On Mon, Feb 18, 2019 at 12:38:11PM +0100, Greg Kurz wrote:
> > On Mon, 18 Feb 2019 15:42:18 +0530
> > P J P  wrote:
> > 
> > > From: Prasad J Pandit 
> > > 
> > > On ppc hosts, hypervisor shares following system attributes
> > > 
> > >   - /proc/device-tree/system-id
> > >   - /proc/device-tree/model
> > > 
> > > with a guest. This could lead to information leakage and misuse.[*]
> > > Add machine attributes to control such system information exposure
> > > to a guest.
> > > 
> > > [*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
> > > 
> > > Reported-by: Daniel P. Berrangé 
> > > Fix-suggested-by: Daniel P. Berrangé 
> > > Signed-off-by: Prasad J Pandit 
> > > ---
> > >  hw/ppc/spapr.c | 79 ++
> > >  include/hw/ppc/spapr.h |  2 ++
> > >  2 files changed, 75 insertions(+), 6 deletions(-)
> > > 
> > > Update v3: move host-serial,host-model options to ppc sPAPR machine
> > >   -> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg03182.html  
> > > 
> > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > > index 0942f35bf8..666e500376 100644
> > > --- a/hw/ppc/spapr.c
> > > +++ b/hw/ppc/spapr.c
> > > @@ -1249,13 +1249,30 @@ static void *spapr_build_fdt(sPAPRMachineState 
> > > *spapr,
> > >   * Add info to guest to indentify which host is it being run on
> > >   * and what is the uuid of the guest
> > >   */
> > > -if (kvmppc_get_host_model()) {
> > > -_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
> > > -g_free(buf);
> > > +if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
> > > +if (g_str_equal(spapr->host_model, "passthrough")) {
> > > +/* -M host-model=passthrough */
> > > +if (kvmppc_get_host_model()) {
> > > +_FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
> > > +g_free(buf);
> > > +}
> > > +} else {
> > > +/* -M host-model= */
> > > +_FDT(fdt_setprop_string(fdt, 0, "host-model", 
> > > spapr->host_model));
> > > +}
> > >  }
> > > -if (kvmppc_get_host_serial()) {
> > > -_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
> > > -g_free(buf);
> > > +
> > > +if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
> > > +if (g_str_equal(spapr->host_serial, "passthrough")) {
> > > +/* -M host-serial=passthrough */
> > > +if (kvmppc_get_host_serial()) {
> > > +_FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
> > > +g_free(buf);
> > > +}
> > > +} else {
> > > +/* -M host-serial= */
> > > +_FDT(fdt_setprop_string(fdt, 0, "host-serial", 
> > > spapr->host_serial));
> > > +}
> > >  }
> > >  
> > >  buf = qemu_uuid_unparse_strdup(_uuid);
> > > @@ -3138,6 +3155,36 @@ static void spapr_set_ic_mode(Object *obj, const 
> > > char *value, Error **errp)
> > >  }
> > >  }
> > >  
> > > +static char *spapr_get_host_model(Object *obj, Error **errp)
> > > +{
> > > +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> > > +
> > > +return g_strdup(spapr->host_model);
> > > +}
> > > +
> > > +static void spapr_set_host_model(Object *obj, const char *value, Error 
> > > **errp)
> > > +{
> > > +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> > > +
> > > +g_free(spapr->host_model);
> > > +spapr->host_model = g_strdup(value);
> > > +}
> > > +
> > > +static char *spapr_get_host_serial(Object *obj, Error **errp)
> > > +{
> > > +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> > > +
> > > +return g_strdup(spapr->host_serial);
> > > +}
> > > +
> > > +static void spapr_set_host_serial(Object *obj, const char *value, Error 
> > > **errp)
> > > +{
> > > +sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> > > +
> > > +g_free(spapr->host_serial);
> > > +spapr->host_serial = g_strdup(value);
> > > +}
> > > +
> > >  static void spapr_instance_init(Object *obj)
> > >  {
> > >  sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
> > > @@ -3183,6 +3230,20 @@ static void spapr_instance_init(Object *obj)
> > >  object_property_set_description(obj, "ic-mode",
> > >   "Specifies the interrupt controller mode (xics, xive, 
> > > dual)",
> > >   NULL);
> > > +
> > > +spapr->host_model = NULL;
> > 
> > This isn't needed since object_initialize_with_type() already takes care
> > of zeroing the instance for us.
> > 
> > > +object_property_add_str(obj, "host-model",
> > > +spapr_get_host_model, spapr_set_host_model,
> > > +_abort);
> > > +object_property_set_description(obj, "host-model",
> > > +"Set host's model-id to use - none|passthrough|string", 
> > > _abort);
> > > +
> > > +spapr->host_serial = NULL;
> > 
> > Same here.
> > 
> > > +object_property_add_str(obj, 

[Qemu-devel] [PATCH 2/2] CODING_STYLE: indent example code as all others

[Wei Yang]

All the example code are indented with four spaces except this one.

Fix this by adding four spaces here.

Signed-off-by: Wei Yang 
---
 CODING_STYLE | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CODING_STYLE b/CODING_STYLE
index 73f66ca185..27581d80c1 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -134,10 +134,10 @@ block to a separate function altogether.
 When comparing a variable for (in)equality with a constant, list the
 constant on the right, as in:
 
-if (a == 1) {
-/* Reads like: "If a equals 1" */
-do_something();
-}
+if (a == 1) {
+/* Reads like: "If a equals 1" */
+do_something();
+}
 
 Rationale: Yoda conditions (as in 'if (1 == a)') are awkward to read.
 Besides, good compilers already warn users when '==' is mis-typed as '=',
-- 
2.19.1

[Qemu-devel] [PATCH 0/2] CODING_STYLE: trivial update

[Wei Yang]

The first one is suggested by Igor Mammedov to provide rule for multiline
code.

The second is a trivial fix to make example code all indented with 4 spaces.

Wei Yang (2):
  CODING_STYLE: specify the indent rule for multiline code
  CODING_STYLE: indent example code as all others

 CODING_STYLE | 34 ++
 1 file changed, 30 insertions(+), 4 deletions(-)

-- 
2.19.1

[Qemu-devel] [PATCH 1/2] CODING_STYLE: specify the indent rule for multiline code

[Wei Yang]

We didn't specify the indent rule for multiline code here, which may
misleading users. And in current code, the code use different rules.

Add this rule in CODING_STYLE to make sure this is clear to every one.

Signed-off-by: Wei Yang 
Suggested-by: Igor Mammedov 
---
 CODING_STYLE | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/CODING_STYLE b/CODING_STYLE
index ec075dedc4..73f66ca185 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -29,6 +29,32 @@ Spaces of course are superior to tabs because:
 
 Do not leave whitespace dangling off the ends of lines.
 
+1.1 Multiline Indent
+
+There are several places where indent is necessary:
+
+ - struct definition
+ - if/else
+ - while/for
+ - function definition & call
+
+All the above cases apply the same rule: indent with four spaces.
+
+While the last three case may face another situation: code should spread into
+several lines. In this case the rule is align the new line with first
+parentheses.
+
+For example:
+
+if (a == 1 &&
+b == 2)
+
+while (a == 1 &&
+   b == 2)
+
+do_something(arg1, arg2
+ arg3)
+
 2. Line width
 
 Lines should be 80 characters; try not to make them longer.
-- 
2.19.1

Re: [Qemu-devel] [Qemu-ppc] [PATCH 04/10] sam460ex: Don't size flash memory to match backing image

[BALATON Zoltan]

On Mon, 18 Feb 2019, Markus Armbruster wrote:

BALATON Zoltan  writes:

On Mon, 18 Feb 2019, Markus Armbruster wrote:

Machine "sam460ex" maps its flash memory at address 0xFFF0.  When
no image is supplied, its size is 1MiB (0x10).  Else, it's the
size of the image rounded up to the next multiple of 64KiB.

The rounding is actually useless: pflash_cfi01_realize() fails with
"failed to read the initial flash content" unless it's a no-op.

I have no idea what happens when the pflash's size exceeds 1MiB.
Useful outcomes seem unlikely.

I guess memory at the end of the address space remains unmapped when
it's smaller than 1MiB.  Again, useful outcomes seem unlikely.


I'm not sure where this was coming from but it predates my changes so
no idea either.


Set the flash memory size to 1MiB regardless of image size, to match
the physical hardware.


Actually the real hardware seems to have a 512 kB flash chip:
https://eu.mouser.com/datasheet/2/268/atmel_AT49BV040B-1180330.pdf


Fascinating.

 confirms.


so while you're at it you could change FLASH_SIZE to match that.


Leads to more questions, below.


Cc: BALATON Zoltan 
Signed-off-by: Markus Armbruster 
---
hw/ppc/sam460ex.c | 23 ---
1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index 75250d49e4..ca8d7ab9c6 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -92,31 +92,24 @@ struct boot_info {
static int sam460ex_load_uboot(void)
{
DriveInfo *dinfo;
-BlockBackend *blk = NULL;
-hwaddr base = FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32);
-long bios_size = FLASH_SIZE;
-int fl_sectors;

dinfo = drive_get(IF_PFLASH, 0, 0);
-if (dinfo) {
-blk = blk_by_legacy_dinfo(dinfo);
-bios_size = blk_getlength(blk);


After this maybe the
#include "sysemu/block-backend.h"
can also be dropped from the includes?


I'll try.


-}
-fl_sectors = (bios_size + 65535) >> 16;
-
-if (!pflash_cfi01_register(base, NULL, "sam460ex.flash", bios_size,
-   blk, 64 * KiB, fl_sectors,
+if (!pflash_cfi01_register(FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32),
+   NULL, "sam460ex.flash", FLASH_SIZE,
+   dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
+   65536, FLASH_SIZE / 65536,


Could you keep 64 * KiB instead of 65536 here to match other places?


Sure (editing accident).


Regards,
BALATON Zoltan


   1, 0x89, 0x18, 0x, 0x0, 1)) {
error_report("Error registering flash memory");
/* XXX: return an error instead? */
exit(1);
}

-if (!blk) {
+if (!dinfo) {
/*error_report("No flash image given with the 'pflash' parameter,"
" using default u-boot image");*/
-base = UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32);
-rom_add_file_fixed(UBOOT_FILENAME, base, -1);
+rom_add_file_fixed(UBOOT_FILENAME,
+   UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32),
+   -1);
}

return 0;


Let's have a look at the resulting function:

   static int sam460ex_load_uboot(void)
   {
   DriveInfo *dinfo;

   dinfo = drive_get(IF_PFLASH, 0, 0);
   if (!pflash_cfi01_register(FLASH_BASE | ((hwaddr)FLASH_BASE_H << 32),
  "sam460ex.flash", FLASH_SIZE,
  dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,


There's still a blk_* function here which I did not notice so the 
"sysemu/block-backend.h" is probably still needed.



  65536,
  1, 0x89, 0x18, 0x, 0x0, 1)) {
   error_report("Error registering flash memory");
   /* XXX: return an error instead? */
   exit(1);
   }

   if (!dinfo) {
   /*error_report("No flash image given with the 'pflash' parameter,"
   " using default u-boot image");*/
   rom_add_file_fixed(UBOOT_FILENAME,
  UBOOT_LOAD_BASE | ((hwaddr)FLASH_BASE_H << 32),
  -1);
   }

   return 0;
   }

This first creates 1MiB of flash memory mapped at the end of the 32-bit
address space (0xFFF0..0x).

If_PFLASH unit 0 is defined, the flash memory is initialized from that
block backend.

Else, it's initialized to zero.  And then 512KiB of ROM gets mapped on
top of its second half (0xFFF8..0x), initialized from
u-boot-sam460-20100605.bin (which we build).

This doesn't smell right.


Unfortunately I don't know much about how this should work. Maybe François 
can remember where this comes from, this was already there when I started 
working on it, but I suspect maybe he's copied it from some other board in 
QEMU as well. The sam460ex was based on ppc440_bamboo but that does not 
seem to have 

Re: [Qemu-devel] [PATCH 00/10] ppc: Add Hypervisor Virtualization Interrupt on POWER9

[David Gibson]

On Fri, Feb 15, 2019 at 05:16:38PM +0100, Cédric Le Goater wrote:
> Hello,
> 
> Here is a series of fixes and extensions provided by Ben which modify
> the POWER9 interrupt model to prepare ground for the support of the
> XIVE interrupt controller as found on POWER9 PowerNV machines.

Applied to ppc-for-4.0 (but after yesterday's pull request).

> 
> Thanks
> 
> C.
> 
> Changes since initial patchset :
> 
>  - modified the commit log to comment the use of EXCP_HLT instead
>of POWERPC_EXCP_STOP
>  - modified the icp_realize() and xive_tctx_realize() to take
>into account explicitely the POWER9 interrupt model
>  - introduced a specific power9_set_irq for POWER9
> 
> 
> Benjamin Herrenschmidt (10):
>   target/ppc: Fix nip on power management instructions
>   target/ppc: Don't clobber MSR:EE on PM instructions
>   target/ppc: Fix support for "STOP light" states on POWER9
>   target/ppc: Move "wakeup reset" code to a separate function
>   target/ppc: Rename "in_pm_state" to "resume_as_sreset"
>   target/ppc: Add POWER9 exception model
>   target/ppc: Detect erroneous condition in interrupt delivery
>   target/ppc: Add Hypervisor Virtualization Interrupt on POWER9
>   target/ppc: Add POWER9 external interrupt model
>   target/ppc: Add support for LPCR:HEIC on POWER9
> 
>  include/hw/ppc/ppc.h|   2 +
>  target/ppc/cpu-qom.h|   5 +
>  target/ppc/cpu.h|  26 -
>  hw/intc/xics.c  |   3 +
>  hw/intc/xive.c  |   3 +
>  hw/ppc/ppc.c|  44 -
>  target/ppc/excp_helper.c| 164 +---
>  target/ppc/translate.c  |  28 --
>  target/ppc/translate_init.inc.c |  34 ++-
>  9 files changed, 238 insertions(+), 71 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v3] i386, acpi: check acpi_memory_hotplug capacity in pre_plug

[Wei Yang]

Currently we do device realization like below:

   hotplug_handler_pre_plug()
   dc->realize()
   hotplug_handler_plug()

Before we do device realization and plug, we should allocate necessary
resources and check if memory-hotplug-support property is enabled.

At the piix4 and ich9, the memory-hotplug-support property is checked at
plug stage. This means that device has been realized and mapped into guest
address space 'pc_dimm_plug()' by the time acpi plug handler is called,
where it might fail and crash QEMU due to reaching g_assert_not_reached()
(piix4) or error_abort (ich9).

Fix it by checking if memory hotplug is enabled at pre_plug stage
where we can gracefully abort hotplug request.

Signed-off-by: Wei Yang 
CC: Igor Mammedov 
CC: Eric Blake 

---
v3:
   * replace acpi_memory_hotplug with memory-hotplug-support in changelog
   * fix code alignment of ich9_pm_device_pre_plug_cb
   * print which device type memory-hotplug-support is disabled in
 ich9_pm_device_pre_plug_cb and piix4_device_pre_plug_cb
v2:
   * (imamm...@redhat.com)
 - Almost the whole third paragraph
   * apply this change to ich9
   * use hotplug_handler_pre_plug() instead of open-coding check
---
 hw/acpi/ich9.c | 15 +--
 hw/acpi/piix4.c| 15 +--
 hw/i386/pc.c   |  5 +
 hw/isa/lpc_ich9.c  |  1 +
 include/hw/acpi/ich9.h |  2 ++
 5 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index c5d8646abc..e53dfe1ee3 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -483,13 +483,24 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs 
*pm, Error **errp)
  NULL);
 }
 
+void ich9_pm_device_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
+Error **errp)
+{
+ICH9LPCState *lpc = ICH9_LPC_DEVICE(hotplug_dev);
+
+if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM) &&
+!lpc->pm.acpi_memory_hotplug.is_enabled)
+error_setg(errp,
+   "memory hotplug is not enabled: %s.memory-hotplug-support "
+   "is not set", object_get_typename(OBJECT(lpc)));
+}
+
 void ich9_pm_device_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
 Error **errp)
 {
 ICH9LPCState *lpc = ICH9_LPC_DEVICE(hotplug_dev);
 
-if (lpc->pm.acpi_memory_hotplug.is_enabled &&
-object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
 if (object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM)) {
 nvdimm_acpi_plug_cb(hotplug_dev, dev);
 } else {
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index e330f24c71..f7e3c2018d 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -370,13 +370,23 @@ static void piix4_pm_powerdown_req(Notifier *n, void 
*opaque)
 acpi_pm1_evt_power_down(>ar);
 }
 
+static void piix4_device_pre_plug_cb(HotplugHandler *hotplug_dev,
+ DeviceState *dev, Error **errp)
+{
+PIIX4PMState *s = PIIX4_PM(hotplug_dev);
+
+if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM) &&
+!s->acpi_memory_hotplug.is_enabled)
+error_setg(errp,
+   "memory hotplug is not enabled: %s.memory-hotplug-support "
+   "is not set", object_get_typename(OBJECT(s)));
+}
 static void piix4_device_plug_cb(HotplugHandler *hotplug_dev,
  DeviceState *dev, Error **errp)
 {
 PIIX4PMState *s = PIIX4_PM(hotplug_dev);
 
-if (s->acpi_memory_hotplug.is_enabled &&
-object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
 if (object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM)) {
 nvdimm_acpi_plug_cb(hotplug_dev, dev);
 } else {
@@ -702,6 +712,7 @@ static void piix4_pm_class_init(ObjectClass *klass, void 
*data)
  */
 dc->user_creatable = false;
 dc->hotpluggable = false;
+hc->pre_plug = piix4_device_pre_plug_cb;
 hc->plug = piix4_device_plug_cb;
 hc->unplug_request = piix4_device_unplug_request_cb;
 hc->unplug = piix4_device_unplug_cb;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 0f61314b79..0b11ebe2c9 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1674,6 +1674,11 @@ static void pc_memory_pre_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 return;
 }
 
+/*
+ * Check acpi_dev memory-hotplug-support property
+ */
+hotplug_handler_pre_plug(pcms->acpi_dev, dev, errp);
+
 if (is_nvdimm && !pcms->acpi_nvdimm_state.is_enabled) {
 error_setg(errp, "nvdimm is not enabled: missing 'nvdimm' in '-M'");
 return;
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index e692b9fdc1..ac44aa53be 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -805,6 +805,7 @@ static void ich9_lpc_class_init(ObjectClass *klass, void 
*data)
  * pc_q35_init()
  */
 dc->user_creatable = 

Re: [Qemu-devel] [PATCH qemu v2 4/4] spapr: Support NVIDIA V100 GPU with NVLink2

[Alexey Kardashevskiy]

On 15/02/2019 16:30, David Gibson wrote:
> On Fri, Feb 15, 2019 at 03:42:56PM +1100, Alexey Kardashevskiy wrote:
>>
>>
>> On 15/02/2019 14:22, David Gibson wrote:
>>> On Thu, Feb 14, 2019 at 04:21:44PM +1100, Alexey Kardashevskiy wrote:
 NVIDIA V100 GPUs have on-board RAM which is mapped into the host memory
 space and accessible as normal RAM via an NVLink bus. The VFIO-PCI driver
 implements special regions for such GPUs and emulates an NVLink bridge.
 NVLink2-enabled POWER9 CPUs also provide address translation services
 which includes an ATS shootdown (ATSD) register exported via the NVLink
 bridge device.

 This adds a quirk to VFIO to map the GPU memory and create an MR;
 the new MR is stored in a PCI device as a QOM link. The sPAPR PCI uses
 this to get the MR and map it to the system address space.
 Another quirk does the same for ATSD.

 This adds 4 additional steps to the FDT builder in spapr-pci:

 1. Search for specific GPUs and NPUs and collect findings in
 sPAPRPHBState::nvgpus;

 2. Add properties in the device tree such as "ibm,npu", "ibm,gpu",
 "memory-block" and others to advertise the NVLink2 function to the guest;

 3. Add new memory blocks with an extra "linux,memory-usable" to prevent
 the guest OS from accessing the new memory until it is online by the GPU
 driver in the guest;

 4. Add a npuphb# node representing an NPU unit for every vPHB as
 the GPU driver uses it to detect NPU2 hardware and discover links; this
 is not backed by any QEMU device as it does need to.

 This allocates space for GPU RAM and ATSD like we do for MMIOs by
 adding 2 new parameters to the phb_placement() hook. Older machine types
 set these to zero.

 This puts new memory nodes in a separate NUMA node to replicate the host
 system setup as the GPU driver relies on this.

 This adds requirement similar to EEH - one IOMMU group per vPHB.
 The reason for this is that ATSD registers belong to a physical NPU
 so they cannot invalidate translations on GPUs attached to another NPU.
 It is guaranteed by the host platform as it does not mix NVLink bridges
 or GPUs from different NPU in the same IOMMU group. If more than one
 IOMMU group is detected on a vPHB, this disables ATSD support for that
 vPHB and prints a warning.

 Signed-off-by: Alexey Kardashevskiy 
 ---

 The example command line for redbud system:

 pbuild/qemu-aiku1804le-ppc64/ppc64-softmmu/qemu-system-ppc64 \
 -nodefaults \
 -chardev stdio,id=STDIO0,signal=off,mux=on \
 -device spapr-vty,id=svty0,reg=0x71000110,chardev=STDIO0 \
 -mon id=MON0,chardev=STDIO0,mode=readline -nographic -vga none \
 -enable-kvm -m 384G \
 -chardev socket,id=SOCKET0,server,nowait,host=localhost,port=4 \
 -mon chardev=SOCKET0,mode=control \
 -smp 80,sockets=1,threads=4 \
 -netdev "tap,id=TAP0,helper=/home/aik/qemu-bridge-helper --br=br0" \
 -device "virtio-net-pci,id=vnet0,mac=52:54:00:12:34:56,netdev=TAP0" \
 img/vdisk0.img \
 -device "vfio-pci,id=vfio0004_04_00_0,host=0004:04:00.0" \
 -device "vfio-pci,id=vfio0006_00_00_0,host=0006:00:00.0" \
 -device "vfio-pci,id=vfio0006_00_00_1,host=0006:00:00.1" \
 -device "vfio-pci,id=vfio0006_00_00_2,host=0006:00:00.2" \
 -device "vfio-pci,id=vfio0004_05_00_0,host=0004:05:00.0" \
 -device "vfio-pci,id=vfio0006_00_01_0,host=0006:00:01.0" \
 -device "vfio-pci,id=vfio0006_00_01_1,host=0006:00:01.1" \
 -device "vfio-pci,id=vfio0006_00_01_2,host=0006:00:01.2" \
 -device spapr-pci-host-bridge,id=phb1,index=1 \
 -device "vfio-pci,id=vfio0035_03_00_0,host=0035:03:00.0" \
 -device "vfio-pci,id=vfio0007_00_00_0,host=0007:00:00.0" \
 -device "vfio-pci,id=vfio0007_00_00_1,host=0007:00:00.1" \
 -device "vfio-pci,id=vfio0007_00_00_2,host=0007:00:00.2" \
 -device "vfio-pci,id=vfio0035_04_00_0,host=0035:04:00.0" \
 -device "vfio-pci,id=vfio0007_00_01_0,host=0007:00:01.0" \
 -device "vfio-pci,id=vfio0007_00_01_1,host=0007:00:01.1" \
 -device "vfio-pci,id=vfio0007_00_01_2,host=0007:00:01.2" -snapshot \
 -machine pseries \
 -L /home/aik/t/qemu-ppc64-bios/ -d guest_errors

 Note that QEMU attaches PCI devices to the last added vPHB so first
 8 devices - 4:04:00.0 till 6:00:01.2 - go to the default vPHB, and
 35:03:00.0..7:00:01.2 to the vPHB with id=phb1.
 ---
  hw/vfio/pci.h   |   2 +
  include/hw/pci-host/spapr.h |   9 +
  include/hw/ppc/spapr.h  |   3 +-
  hw/ppc/spapr.c  |  25 ++-
  hw/ppc/spapr_pci.c  | 333 +++-
  hw/vfio/pci-quirks.c| 120 +
  hw/vfio/pci.c   |  14 ++
  hw/vfio/trace-events|   4 +
  8 files changed, 506 insertions(+), 4 deletions(-)

 diff --git 

Re: [Qemu-devel] [RFC PATCH 1/2] block/dirty-bitmaps: add inconsistent bit

[John Snow]

On 2/18/19 12:46 PM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:36, John Snow wrote:
>> Add an inconsistent bit to dirty-bitmaps that allows us to report a bitmap as
>> persistent but potentially inconsistent, i.e. if we find bitmaps on a qcow2
>> that have been marked as "in use".
>>
>> Signed-off-by: John Snow 
>> ---
>>   block/dirty-bitmap.c | 19 +++
>>   include/block/dirty-bitmap.h |  2 ++
>>   qapi/block-core.json |  9 +++--
>>   3 files changed, 28 insertions(+), 2 deletions(-)
>>
>> diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
>> index fc390cae94..b1879d7fbd 100644
>> --- a/block/dirty-bitmap.c
>> +++ b/block/dirty-bitmap.c
>> @@ -47,6 +47,9 @@ struct BdrvDirtyBitmap {
>>  and this bitmap must remain unchanged 
>> while
>>  this flag is set. */
>>   bool persistent;/* bitmap must be saved to owner disk 
>> image */
>> +bool inconsistent;  /* bitmap is persistent, but not owned by 
>> QEMU.
>> + * It cannot be used at all in any way, 
>> except
>> + * a QMP user can remove or clear it. */
>>   bool migration; /* Bitmap is selected for migration, it 
>> should
>>  not be stored on the next inactivation
>>  (persistent flag doesn't matter until 
>> next
>> @@ -461,6 +464,8 @@ BlockDirtyInfoList 
>> *bdrv_query_dirty_bitmaps(BlockDriverState *bs)
>>   info->recording = bdrv_dirty_bitmap_recording(bm);
>>   info->busy = bdrv_dirty_bitmap_busy(bm);
>>   info->persistent = bm->persistent;
>> +info->has_inconsistent = bm->inconsistent;
>> +info->inconsistent = bm->inconsistent;
>>   entry->value = info;
>>   *plist = entry;
>>   plist = >next;
>> @@ -708,6 +713,15 @@ void bdrv_dirty_bitmap_set_persistance(BdrvDirtyBitmap 
>> *bitmap, bool persistent)
>>   qemu_mutex_unlock(bitmap->mutex);
>>   }
>>   
>> +/* Called with BQL taken. */
> 
> Do we need BQL if we use mutex explicitly?
> 
>> +void bdrv_dirty_bitmap_set_inconsistent(BdrvDirtyBitmap *bitmap, bool value)
>> +{
>> +qemu_mutex_lock(bitmap->mutex);
>> +bitmap->inconsistent = value;
>> +bitmap->disabled = value;
> 
> So, set inconsistent to false will enable the bitmap? Seems tricky.
> 

It was really meant to be inconsistent = disabled = true. It falls apart
in the reverse. However, if we don't allow clear, this can just be a
constant.

>> +qemu_mutex_unlock(bitmap->mutex);
>> +}
>> +
>>   /* Called with BQL taken. */
>>   void bdrv_dirty_bitmap_set_migration(BdrvDirtyBitmap *bitmap, bool 
>> migration)
>>   {
>> @@ -721,6 +735,11 @@ bool bdrv_dirty_bitmap_get_persistance(BdrvDirtyBitmap 
>> *bitmap)
>>   return bitmap->persistent && !bitmap->migration;
>>   }
>>   
>> +bool bdrv_dirty_bitmap_inconsistent(BdrvDirtyBitmap *bitmap)
>> +{
>> +return bitmap->inconsistent;
>> +}
>> +
>>   bool bdrv_has_changed_persistent_bitmaps(BlockDriverState *bs)
>>   {
>>   BdrvDirtyBitmap *bm;
>> diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
>> index ba8477b73f..c0d37702fd 100644
>> --- a/include/block/dirty-bitmap.h
>> +++ b/include/block/dirty-bitmap.h
>> @@ -68,6 +68,7 @@ void bdrv_dirty_bitmap_deserialize_finish(BdrvDirtyBitmap 
>> *bitmap);
>>   void bdrv_dirty_bitmap_set_readonly(BdrvDirtyBitmap *bitmap, bool value);
>>   void bdrv_dirty_bitmap_set_persistance(BdrvDirtyBitmap *bitmap,
>>  bool persistent);
>> +void bdrv_dirty_bitmap_set_inconsistent(BdrvDirtyBitmap *bitmap, bool 
>> value);
>>   void bdrv_dirty_bitmap_set_busy(BdrvDirtyBitmap *bitmap, bool busy);
>>   void bdrv_merge_dirty_bitmap(BdrvDirtyBitmap *dest, const BdrvDirtyBitmap 
>> *src,
>>HBitmap **backup, Error **errp);
>> @@ -91,6 +92,7 @@ bool bdrv_dirty_bitmap_readonly(const BdrvDirtyBitmap 
>> *bitmap);
>>   bool bdrv_has_readonly_bitmaps(BlockDriverState *bs);
>>   bool bdrv_dirty_bitmap_get_autoload(const BdrvDirtyBitmap *bitmap);
>>   bool bdrv_dirty_bitmap_get_persistance(BdrvDirtyBitmap *bitmap);
>> +bool bdrv_dirty_bitmap_inconsistent(BdrvDirtyBitmap *bitmap);
>>   bool bdrv_dirty_bitmap_busy(BdrvDirtyBitmap *bitmap);
>>   bool bdrv_has_changed_persistent_bitmaps(BlockDriverState *bs);
>>   BdrvDirtyBitmap *bdrv_dirty_bitmap_next(BlockDriverState *bs,
>> diff --git a/qapi/block-core.json b/qapi/block-core.json
>> index 5d1d182447..f6b6dc2aff 100644
>> --- a/qapi/block-core.json
>> +++ b/qapi/block-core.json
>> @@ -470,12 +470,17 @@
>>   # @persistent: true if the bitmap will eventually be flushed to persistent
>>   #  storage (since 4.0)
>>   #
>> +# @inconsistent: true if this is a persistent bitmap that QEMU does not own.
>> +#Implies @recording to be false 

Re: [Qemu-devel] [PATCH v2] i386, acpi: check acpi_memory_hotplug capacity in pre_plug

[Wei Yang]

On Mon, Feb 18, 2019 at 02:53:36PM +0100, Igor Mammedov wrote:
>On Mon, 18 Feb 2019 13:21:29 +
>Wei Yang  wrote:
>
>> On Mon, Feb 18, 2019 at 01:56:02PM +0100, Igor Mammedov wrote:
>> >On Mon, 18 Feb 2019 12:13:24 +
>> >Wei Yang  wrote:
>> >
>> >> On Mon, Feb 18, 2019 at 10:50:34AM +0100, Igor Mammedov wrote:
>> >> >On Mon, 18 Feb 2019 09:13:33 +0800
>> >> >Wei Yang  wrote:
>> >> >
>> >> >> Currently we do device realization like below:
>> >> >> 
>> >> >>hotplug_handler_pre_plug()
>> >> >>dc->realize()
>> >> >>hotplug_handler_plug()
>> >> >> 
>> >> >> Before we do device realization and plug, we should allocate necessary
>> >> >> resources and check if memory-hotplug-support property is enabled.
>> >> >> 
>> >> >> At the piix4 and ich9, the acpi_memory_hotplug property is checked in
>> >> > ^^^ is field name and not a property so
>> >> >s/acpi_memory_hotplug/memory-hotplug-support/
>> >> >s/in/at/
>> >> >
>> >> >> plug stage. This means that device has been realized and mapped into
>> >> >> guest address space 'pc_dimm_plug()' by the time acpi plug handler is
>> >> >> called, where it might fail and crash QEMU due to reaching
>> >> >> g_assert_not_reached() (piix4) or error_abort (ich9).
>> >> >
>> >> >
>> >> >> This patch abstract the check on acpi_memory_hotplug capacity in
>> >> >> pre_plug stage.
>> >> >maybe better would be:
>> >> >"Fix it by checking if memory hotplug is enabled at pre_plug stage
>> >> >where we can gracefully abort hotplug request."
>> >> >
>> >> >> [changelog rephrase from imamm...@redhat.com]
>> >> >this provides zero information for a commit reader,
>> >> >it should go under --- to chagelog
>> >> > 
>> >> 
>> >> Ok, maybe different community has different convention.
>> >> 
>> >> Linux kernel mm subsystem maintainer suggest me to add above line.
>> >> 
>> >> >> Signed-off-by: Wei Yang 
>> >> >> CC: Igor Mammedov 
>> >> >> CC: Eric Blake 
>> >> >> 
>> >> >> ---
>> >> >> v2:
>> >> >>* rephrase change log
>> >> >one usually adds commenter's name here
>> >> >   * like this (some...@foo.bar)
>> >> >or
>> >> >   * (some...@foo.bar)
>> >> > - entry 1
>> >> > - entry 2
>> >> >   * (someone-e...@foo.bar)
>> >> > - ...
>> >> >
>> >> 
>> >> Well, I would change to this style.
>> >> 
>> >> >>* apply this change to ich9
>> >> >>* use hotplug_handler_pre_plug() instead of open-coding check
>> >> >> ---
>> >> >>  hw/acpi/ich9.c | 14 --
>> >> >>  hw/acpi/piix4.c| 14 --
>> >> >>  hw/i386/pc.c   |  5 +
>> >> >>  hw/isa/lpc_ich9.c  |  1 +
>> >> >>  include/hw/acpi/ich9.h |  2 ++
>> >> >>  5 files changed, 32 insertions(+), 4 deletions(-)
>> >> >> 
>> >> >> diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
>> >> >> index c5d8646abc..906a10f09a 100644
>> >> >> --- a/hw/acpi/ich9.c
>> >> >> +++ b/hw/acpi/ich9.c
>> >> >> @@ -483,13 +483,23 @@ void ich9_pm_add_properties(Object *obj, 
>> >> >> ICH9LPCPMRegs *pm, Error **errp)
>> >> >>   NULL);
>> >> >>  }
>> >> >>  
>> >> >> +void ich9_pm_device_pre_plug_cb(HotplugHandler *hotplug_dev, 
>> >> >> DeviceState *dev,
>> >> >> +Error **errp)
>> >> >broken alignment?
>> >> >
>> >> >run /scripts/checkpatch.pl on patches before submitting them
>> >> 
>> >> I copied this from ich9_pm_device_plug_cb(), so thought this is the
>> >> correct style.
>> >> 
>> >> Will adjust this according to checkpatch.pl.
>> >
>> >see CODING_STYLE
>> >
>> 
>> Went throught this file, but not find the description of function
>> definition's second line.
>A patch fixing CODING_STYLE that is welcome
>

Hmm... writing document seems more difficult than writing code to me :-)

Let me have a try to see if my English is not that bad.

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [RFC PATCH 00/11] qcow2: External data files

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> There are use cases where raw images are given (e.g. existing physical
> disks), but advanced features like dirty bitmaps or backing files are
> wanted that require use of a proper image format like qcow2.
> 
> This series adds an incompatible feature bit to qcow2 which allows to
> use an external data file: Metadata is kept in the qcow2 file like
> usual, but guest data is written to an external file. Clusters in the
> data file are not reference counted, instead we use a flat layout where
> host cluster offset == guest cluster offset. The external data file is
> therefore readable as a raw image (though writing to it invalidates the
> associated qcow2 metadata). Features that require refcounting such as
> internal snapshots or compression are not supposed in such setups.

Overall the design to me looks as simple as it could be, which means
there is equally little I could object to.  I raised some technical
things, but this is an RFC anyway, so, yeah.

Looks good!

About testing...  I really don't know either.  I'll think about it,
maybe I come up with something.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 11/11] qcow2: Add data file to ImageInfoSpecificQCow2

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> Signed-off-by: Kevin Wolf 
> ---
>  qapi/block-core.json | 1 +
>  block/qcow2.c| 6 +-
>  2 files changed, 6 insertions(+), 1 deletion(-)

[...]

> diff --git a/block/qcow2.c b/block/qcow2.c
> index 4959bf16a4..e3427f9fcd 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -1459,7 +1459,9 @@ static int coroutine_fn qcow2_do_open(BlockDriverState 
> *bs, QDict *options,
>  if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
>  s->data_file = bdrv_open_child(NULL, options, "data-file", bs,
> _file, false, _err);
> -if (!s->data_file) {
> +if (s->data_file) {
> +s->image_data_file = g_strdup(s->data_file->bs->filename);
> +} else {
>  if (s->image_data_file) {
>  error_free(local_err);
>  local_err = NULL;

Ah, this is what I looked for in the last patch. :-)

(i.e. it should be in the last patch, not here)

I think as it is it is just wrong, though.  If I pass enough options at
runtime, this will overwrite the image header:

$ ./qemu-img create -f qcow2 -o data_file=foo.raw foo.qcow2 64M
$ ./qemu-img create -f raw bar.raw 64M
$ ./qemu-img info foo.qcow2
[...]
data file: foo.raw
[...]
$ ./qemu-io --image-opts \
file.filename=foo.qcow2,data-file.driver=file,\
data-file.filename=bar.raw,lazy-refcounts=on \
-c 'write 0 64k'
# (The lazy-refcounts is so the image header is updated)
$ ./qemu-img info foo.qcow2
[...]
data file: bar.raw
[...]

The right thing would probably to check whether the header extension
exists (i.e. if s->image_data_file is non-NULL) and if it does not (it
is NULL), s->image_data_file gets set; because there are no valid images
with the external data file flag set where there is no such header
extension.  So we must be in the process of creating the image right now.

But even then, I don't quite like setting it here and not creating the
header extension as part of qcow2_co_create().  I can see why you've
done it this way, but creating a "bad" image on purpose (one with the
external data file bit set, but no such header extension present yet) in
order to detect and rectify this case when it is first opened (and the
opening code assuming that any such broken image must be one that is
opened the first time) is a bit weird.

I suppose doing it right (if you agree with the paragraph before the
last one) and adding a comment would make it less weird
("s->image_data_file must be non-NULL for any valid image, so this image
must be one we are creating right now" or something like that).

But still, the issue you point out in your cover letter remains; which
is that the node's filename and the filename given by the user may be
two different things.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 10/11] qcow2: Store data file name in the image

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> Rather than requiring that the external data file node is passed
> explicitly when creating the qcow2 node, store the filename in the
> designated header extension during .bdrv_create and read it from there
> as a default during .bdrv_open.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/qcow2.h  |  1 +
>  block/qcow2.c  | 69 +-
>  tests/qemu-iotests/082.out | 27 +++
>  3 files changed, 96 insertions(+), 1 deletion(-)

[...]

> diff --git a/block/qcow2.c b/block/qcow2.c
> index 6cf862e8b9..4959bf16a4 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -398,6 +398,20 @@ static int qcow2_read_extensions(BlockDriverState *bs, 
> uint64_t start_offset,
>  #endif
>  break;
>  
> +case QCOW2_EXT_MAGIC_DATA_FILE:
> +{
> +s->image_data_file = g_malloc0(ext.len + 1);
> +ret = bdrv_pread(bs->file, offset, s->image_data_file, ext.len);
> +if (ret < 0) {
> +error_setg_errno(errp, -ret, "ERROR: Could not data file 
> name");

I think you accidentally a word.

> +return ret;
> +}
> +#ifdef DEBUG_EXT
> +printf("Qcow2: Got external data file %s\n", s->image_data_file);
> +#endif
> +break;
> +}
> +
>  default:
>  /* unknown magic - save it in case we need to rewrite the header 
> */
>  /* If you add a new feature, make sure to also update the fast
> @@ -1444,7 +1458,18 @@ static int coroutine_fn qcow2_do_open(BlockDriverState 
> *bs, QDict *options,
>  /* Open external data file */
>  if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
>  s->data_file = bdrv_open_child(NULL, options, "data-file", bs,
> -   _file, false, errp);
> +   _file, false, _err);
> +if (!s->data_file) {
> +if (s->image_data_file) {
> +error_free(local_err);
> +local_err = NULL;

This looked a bit weird to me at first because I was wondering why you
wouldn't just pass allow_none=true and then handle errors (by passing
them on).  But right, we want to retry with a filename set, maybe that
makes more sense of the options.

Hm.  But then again, do we really?  It matches what we do with backing
files, but that does give at least me headaches from time to time.  How
bad would it be to allow either passing all valid options through
@options (which would make qcow2 ignore the string in the header), or
use the filename given in the header alone?

> +s->data_file = bdrv_open_child(s->image_data_file, options,
> +   "data-file", bs, _file,
> +   false, errp);
> +} else {
> +error_propagate(errp, local_err);
> +}
> +}
>  if (!s->data_file) {
>  ret = -EINVAL;
>  goto fail;

[...]

> @@ -3229,6 +3270,26 @@ static int coroutine_fn qcow2_co_create_opts(const 
> char *filename, QemuOpts *opt
>  goto finish;
>  }
>  
> +/* Create and open an external data file (protocol layer) */
> +val = qdict_get_try_str(qdict, BLOCK_OPT_DATA_FILE);
> +if (val) {
> +ret = bdrv_create_file(val, opts, errp);

I suppose taking an existing file is saved for later?

Max

> +if (ret < 0) {
> +goto finish;
> +}
> +
> +data_bs = bdrv_open(val, NULL, NULL,
> +BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
> +errp);
> +if (data_bs == NULL) {
> +ret = -EIO;
> +goto finish;
> +}
> +
> +qdict_del(qdict, BLOCK_OPT_DATA_FILE);
> +qdict_put_str(qdict, "data-file", data_bs->node_name);
> +}
> +
>  /* Set 'driver' and 'node' options */
>  qdict_put_str(qdict, "driver", "qcow2");
>  qdict_put_str(qdict, "file", bs->node_name);



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 08/11] qcow2: Add basic data-file infrastructure

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> This adds a .bdrv_open option to specify the external data file node.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  qapi/block-core.json |  3 ++-
>  block/qcow2.h|  4 +++-
>  block/qcow2.c| 25 +++--
>  3 files changed, 28 insertions(+), 4 deletions(-)

[...]

> diff --git a/block/qcow2.h b/block/qcow2.h
> index c161970882..e2114900b4 100644
> --- a/block/qcow2.h
> +++ b/block/qcow2.h

[...]

> @@ -205,7 +206,8 @@ enum {
>  QCOW2_INCOMPAT_DATA_FILE= 1 << QCOW2_INCOMPAT_DATA_FILE_BITNR,
>  
>  QCOW2_INCOMPAT_MASK  = QCOW2_INCOMPAT_DIRTY
> - | QCOW2_INCOMPAT_CORRUPT,
> + | QCOW2_INCOMPAT_CORRUPT
> + | QCOW2_INCOMPAT_DATA_FILE,

This hunk seems to belong somewhere else.

>  };
>  
>  /* Compatible feature bits */
> diff --git a/block/qcow2.c b/block/qcow2.c
> index ac9934b3ed..376232d3f0 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -1441,8 +1441,22 @@ static int coroutine_fn qcow2_do_open(BlockDriverState 
> *bs, QDict *options,
>  goto fail;
>  }
>  
> -/* TODO Open external data file */
> -s->data_file = bs->file;
> +/* Open external data file */
> +if (s->incompatible_features & QCOW2_INCOMPAT_DATA_FILE) {
> +s->data_file = bdrv_open_child(NULL, options, "data-file", bs,
> +   _file, false, errp);
> +if (!s->data_file) {
> +ret = -EINVAL;
> +goto fail;
> +}
> +} else if (qdict_get(options, QCOW2_OPT_DATA_FILE)) {

I get the idea, but this isn't crumpled so this key may not exist (but
data-file.driver and data-file.filename may).  Of course the fact that
these options remain unused will be caught by the block layer, but that
makes the error message below a bit less useful.

Max

> +error_setg(errp, "'data-file' can only be set for images with an "
> + "external data file");
> +ret = -EINVAL;
> +goto fail;
> +} else {
> +s->data_file = bs->file;
> +}
>  
>  /* qcow2_read_extension may have set up the crypto context
>   * if the crypt method needs a header region, some methods



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 2/2] block/dirty-bitmap: implement inconsistent bit

[John Snow]

On 2/18/19 3:37 PM, Eric Blake wrote:
> On 2/18/19 12:13 PM, Vladimir Sementsov-Ogievskiy wrote:
>> 14.02.2019 2:36, John Snow wrote:
>>> Signed-off-by: John Snow 
>>> ---
>>>   block/dirty-bitmap.c | 15 +
>>>   block/qcow2-bitmap.c | 42 ++-
>>>   blockdev.c   | 43 
>>>   include/block/dirty-bitmap.h |  1 +
>>>   4 files changed, 81 insertions(+), 20 deletions(-)
> 
>>> +void bdrv_dirty_bitmap_add_inconsistent_hint(Error **errp)
>>> +{
>>> +error_append_hint(errp, "Try block-dirty-bitmap-clear to mark this "
>>> +  "bitmap consistent again, or 
>>> block-dirty-bitmap-remove "
>>> +  "to delete it.");
>>
>> bitmaps created by libvirt (or somebody) are related to some checkpoint. And 
>> their name is
>> probably (Eric?) related to this checkpoint too. So, clear will never make 
>> them consistent..
>> Only clear :)
>>
>> So, I don't like idea of clearing in-use bitmaps.
> 
> It's always possible to delete a bitmap and then create a new one by the
> same name, to get the same effect of clearing an in-use bitmap. So let's
> start simple and declare that the only valid operation on an
> inconsistent bitmap is deletion.
> 

OK, from the viewpoint of checkpoints specifically, that's a convincing
argument against it for now.

I'll tighten this.

Re: [Qemu-devel] [RFC PATCH 07/11] qcow2: External file I/O

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> This changes the qcow2 implementation to direct all guest data I/O to
> s->data_file rather than bs->file, while metadata I/O still uses
> bs->file. At the moment, this is still always the same, but soon we'll
> add options to set s->data_file to an external data file.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/qcow2.h  |  2 +-
>  block/qcow2-bitmap.c   |  7 ---
>  block/qcow2-cache.c|  6 +++---
>  block/qcow2-cluster.c  | 46 +++---
>  block/qcow2-refcount.c | 30 +++
>  block/qcow2-snapshot.c |  7 ---
>  block/qcow2.c  | 39 +--
>  7 files changed, 101 insertions(+), 36 deletions(-)

[...]

> diff --git a/block/qcow2.c b/block/qcow2.c
> index 2b81cf839d..ac9934b3ed 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c

[...]

> @@ -3598,6 +3598,16 @@ static int coroutine_fn 
> qcow2_co_truncate(BlockDriverState *bs, int64_t offset,
>  int64_t old_file_size, new_file_size;
>  uint64_t nb_new_data_clusters, nb_new_l2_tables;
>  
> +/* With a data file, preallocation means just allocating the metadata
> + * and forwarding the truncate request to the data file */

That's true, but...

> +if (has_data_file(bs)) {
> +ret = preallocate_co(bs, old_length, offset);
> +if (ret < 0) {
> +error_setg_errno(errp, -ret, "Preallocation failed");
> +goto fail;
> +}

...without a break here we're still going to preallocate bs->file as before.

Max

> +}
> +
>  old_file_size = bdrv_getlength(bs->file->bs);
>  if (old_file_size < 0) {
>  error_setg_errno(errp, -old_file_size,



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] virtio-net: do not start queues that are not enabled by the guest

[Michael S. Tsirkin]

On Mon, Feb 18, 2019 at 10:49:08PM +0200, Yuri Benditovich wrote:
> On Mon, Feb 18, 2019 at 6:39 PM Michael S. Tsirkin  wrote:
> >
> > On Mon, Feb 18, 2019 at 11:58:51AM +0200, Yuri Benditovich wrote:
> > > On Mon, Feb 18, 2019 at 5:49 AM Jason Wang  wrote:
> > > >
> > > >
> > > > On 2019/2/13 下午10:51, Yuri Benditovich wrote:
> > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1608226
> > > > > On startup/link-up in multiqueue configuration the virtio-net
> > > > > tries to starts all the queues, including those that the guest
> > > > > will not enable by VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET.
> > > > > If the guest driver does not allocate queues that it will not
> > > > > use (for example, Windows driver does not) and number of actually
> > > > > used queues is less that maximal number supported by the device,
> > > >
> > > >
> > > > Is this a requirement of e.g NDIS? If not, could we simply allocate all
> > > > queues in this case. This is usually what normal Linux driver did.
> > > >
> > > >
> > > > > this causes vhost_net_start to fail and actually disables vhost
> > > > > for all the queues, reducing the performance.
> > > > > Current commit fixes this: initially only first queue is started,
> > > > > upon VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET started all the queues
> > > > > requested by the guest.
> > > > >
> > > > > Signed-off-by: Yuri Benditovich 
> > > > > ---
> > > > >   hw/net/virtio-net.c | 7 +--
> > > > >   1 file changed, 5 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> > > > > index 3f319ef723..d3b1ac6d3a 100644
> > > > > --- a/hw/net/virtio-net.c
> > > > > +++ b/hw/net/virtio-net.c
> > > > > @@ -174,7 +174,7 @@ static void virtio_net_vhost_status(VirtIONet *n, 
> > > > > uint8_t status)
> > > > >   {
> > > > >   VirtIODevice *vdev = VIRTIO_DEVICE(n);
> > > > >   NetClientState *nc = qemu_get_queue(n->nic);
> > > > > -int queues = n->multiqueue ? n->max_queues : 1;
> > > > > +int queues = n->multiqueue ? n->curr_queues : 1;
> > > > >
> > > > >   if (!get_vhost_net(nc->peer)) {
> > > > >   return;
> > > > > @@ -1016,9 +1016,12 @@ static int virtio_net_handle_mq(VirtIONet *n, 
> > > > > uint8_t cmd,
> > > > >   return VIRTIO_NET_ERR;
> > > > >   }
> > > > >
> > > > > -n->curr_queues = queues;
> > > > >   /* stop the backend before changing the number of queues to 
> > > > > avoid handling a
> > > > >* disabled queue */
> > > > > +virtio_net_set_status(vdev, 0);
> > > >
> > > >
> > > > Any reason for doing this?
> > >
> > > I think there are 2 reasons:
> > > 1. The spec does not require guest SW to allocate unused queues.
> > > 2. We spend guest's physical memory to just make vhost happy when it
> > > touches queues that it should not use.
> > >
> > > Thanks,
> > > Yuri Benditovich
> >
> > The spec also says:
> > queue_enable The driver uses this to selectively prevent the device 
> > from executing requests from this
> > virtqueue. 1 - enabled; 0 - disabled.
> >
> > While this is not a conformance clause this strongly implies that
> > queues which are not enabled are never accessed by device.
> >
> > Yuri I am guessing you are not enabling these unused queues right?
> 
> Of course, we (Windows driver) do not.
> The code of virtio-net passes max_queues to vhost and this causes
> vhost to try accessing all the queues, fail on unused ones and finally
> leave vhost disabled at all.


Jason, at least for 1.0 accessing disabled queues looks like a spec
violation. What do you think?

> >
> >
> >
> > > >
> > > > Thanks
> > > >
> > > >
> > > > > +
> > > > > +n->curr_queues = queues;
> > > > > +
> > > > >   virtio_net_set_status(vdev, vdev->status);
> > > > >   virtio_net_set_queues(n);
> > > > >

[Qemu-devel] [PATCH v5] blockdev: acquire aio_context for bitmap add/remove

[John Snow]

When bitmaps are persistent, they may incur a disk read or write when bitmaps
are added or removed. For configurations like virtio-dataplane, failing to
acquire this lock will abort QEMU when disk IO occurs.

We used to acquire aio_context as part of the bitmap lookup, so re-introduce
the lock for just the cases that have an IO penalty. Commit 2119882c removed
these locks, and I failed to notice this when we committed fd5ae4cc, so this
has been broken since persistent bitmaps were introduced.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1672010
Reported-By: Aihua Liang 
Signed-off-by: John Snow 
---
v5: I'm having a really bad day. This version actually has the semicolon.
---
 blockdev.c | 26 --
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index fb18e9c975..8714ad2702 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2820,6 +2820,7 @@ void qmp_block_dirty_bitmap_add(const char *node, const 
char *name,
 {
 BlockDriverState *bs;
 BdrvDirtyBitmap *bitmap;
+AioContext *aio_context = NULL;
 
 if (!name || name[0] == '\0') {
 error_setg(errp, "Bitmap name cannot be empty");
@@ -2854,15 +2855,17 @@ void qmp_block_dirty_bitmap_add(const char *node, const 
char *name,
 disabled = false;
 }
 
-if (persistent &&
-!bdrv_can_store_new_dirty_bitmap(bs, name, granularity, errp))
-{
-return;
+if (persistent) {
+aio_context = bdrv_get_aio_context(bs);
+aio_context_acquire(aio_context);
+if (!bdrv_can_store_new_dirty_bitmap(bs, name, granularity, errp)) {
+goto out;
+}
 }
 
 bitmap = bdrv_create_dirty_bitmap(bs, granularity, name, errp);
 if (bitmap == NULL) {
-return;
+goto out;
 }
 
 if (disabled) {
@@ -2870,6 +2873,10 @@ void qmp_block_dirty_bitmap_add(const char *node, const 
char *name,
 }
 
 bdrv_dirty_bitmap_set_persistance(bitmap, persistent);
+ out:
+if (aio_context) {
+aio_context_release(aio_context);
+}
 }
 
 void qmp_block_dirty_bitmap_remove(const char *node, const char *name,
@@ -2878,6 +2885,7 @@ void qmp_block_dirty_bitmap_remove(const char *node, 
const char *name,
 BlockDriverState *bs;
 BdrvDirtyBitmap *bitmap;
 Error *local_err = NULL;
+AioContext *aio_context = NULL;
 
 bitmap = block_dirty_bitmap_lookup(node, name, , errp);
 if (!bitmap || !bs) {
@@ -2892,14 +2900,20 @@ void qmp_block_dirty_bitmap_remove(const char *node, 
const char *name,
 }
 
 if (bdrv_dirty_bitmap_get_persistance(bitmap)) {
+aio_context = bdrv_get_aio_context(bs);
+aio_context_acquire(aio_context);
 bdrv_remove_persistent_dirty_bitmap(bs, name, _err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
-return;
+goto out;
 }
 }
 
 bdrv_release_dirty_bitmap(bs, bitmap);
+ out:
+if (aio_context) {
+aio_context_release(aio_context);
+}
 }
 
 /**
-- 
2.17.2

Re: [Qemu-devel] [RFC PATCH 06/11] qcow2: Don't assume 0 is an invalid cluster offset

[Max Reitz]

On 31.01.19 18:55, Kevin Wolf wrote:
> The cluster allocation code uses 0 as an invalid offset that is used in
> case of errors or as "offset not yet determined". With external data
> files, a host cluster offset of 0 becomes valid, though.
> 
> Define a constant INV_OFFSET (which is not cluster aligned and will
> therefore never be a valid offset) that can be used for such purposes.
> 
> This removes the additional host_offset == 0 check that commit
> ff52aab2df5 introduced; the confusion between an invalid offset and
> (erroneous) allocation at offset 0 is removed with this change.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/qcow2.h |  2 ++
>  block/qcow2-cluster.c | 59 ---
>  2 files changed, 29 insertions(+), 32 deletions(-)

qcow2_get_cluster_offset() still returns 0 for unallocated clusters.
(And qcow2_co_block_status() tests for that, so it would never report a
valid offset for the first cluster in an externally allocated qcow2 file.)

qcow2_alloc_compressed_cluster_offset() should return INV_OFFSET on
error (yeah, there are no compressed clusters in external files, but
this seems like the right thing to do still).

(And there are cases like qcow2_co_preadv(), where cluster_offset is
initialized to 0 -- it doesn't make a difference what it's initialized
to (it's just to silence the compiler, I suppose), but it should still
use this new constant now.  I think.)

Now bikeshedding begins: Also, s->free_byte_offset is initialized to 0
and that is the expected value for "nothing allocated yet".  I think I'd
prefer all of the qocw2 code to use a common invalidity constant, even
thought it would make things like that more complicated.  But then we
might get into the metadata territory (how bad is it that
s->bitmap_directory_offset too is 0 when there is no directory?),
because compressed clusters are not allowed in external files, just like
metadata is not...
So my bikeshedding result is "I think it would be nice if all of the
qcow2 code made use of this constant, but it may also be pretty stupid
to enforce that now."

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 3/6] block/dirty-bitmap: change semantics of enabled predicate

[John Snow]

On 2/18/19 11:39 AM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:23, John Snow wrote:
>> Currently, enabled means something like "the status of the bitmap
>> is ACTIVE." After this patch, it should mean exclusively: "This
>> bitmap is recording guest writes, and is allowed to do so."
>>
>> In many places, this is how this predicate was already used.
>> We'll allow users to call user_locked if they're really curious about
>> finding out if the bitmap is in use by an operation.
>>
>> To accommodate this, modify the create_successor routine to now
>> explicitly disable the parent bitmap at creation time.
>>
>>
>> Justifications:
>>
>> 1. bdrv_dirty_bitmap_status suffers no change from the lack of
>> 1:1 parity with the new predicates because of the order in which
>> the predicates are checked. This is now only for compatibility.
>>
>> 2. bdrv_set_dirty_bitmap is only used by mirror, which does not use
>> disabled bitmaps -- all of these writes are internal usages.
>> Therefore, we should allow writes even in the disabled state.
>> The condition is removed.
>>
>> 3. bdrv_reset_dirty_bitmap Similarly, this is only used internally by
>> mirror and migration. In these contexts it is always enabled anyway,
>> but our API does not need to enforce this.
>>
>> 4. bdrv_set_dirty() is unchanged: pre-patch, it was skipping bitmaps that 
>> were
>> disabled or had a successor, while post-patch it is only skipping bitmaps
>> that are disabled. To accommodate this, create_successor now ensures that
>> any bitmap with a successor is explicitly disabled.
>>
> 
> 5-8 are examples of "this is how this predicate was already used"
> 
>> 5. qcow2_store_persistent_dirty_bitmaps: This only ever wanted to check if 
>> the
>> bitmap was enabled or not. Theoretically if we save during an operation,
>> this now gets set as enabled instead of disabled,
> 
> No, as you explicitly disable bitmap in create_successor, so bitmaps with 
> successor
> will be disabled anyway.
> 

Well, yeah. There's no way it happens in practice currently. It's just
"theoretically" from the viewpoint of the API call itself. There's
nothing stopping a developer from making that call, and this is a
potential change in behavior that we don't expect to observe. Just
noting it down.

> Hmm, and this shows, that actually, you don't need this big description for 
> all calls,
> as actually nothing changed and all calls may be described like (4.). Except 
> (2. and 3.),
> as these calls are removed (so, is it worth to split them into separate 
> previous patch?)
> 

I could, to at least have its own justification in a commit message
apart from these -- but at this point it's primarily a benefit for Eric,
You, and myself.

>   but this cannot happen
>> in practice because jobs must be finished before we close the disk.
>>
>> 6. block_dirty_bitmap_enable_prepare only ever cared about the
>> literal bit, and already checked for user_locked beforehand.
>>
>> 7. block_dirty_bitmap_disable_prepare ditto as above.
>>
>> 8. init_dirty_bitmap_migration also already checks user_locked,
>> so this call can be a simple enabled/disabled check.
> 
> 
> hmmm
> 9. nbd_export_new, which too checks bdrv_dirty_bitmap_user_locked but _after_
> call to bdrv_dirty_bitmap_enabled. Anyway it's not changed as described 
> in (4.),
> I think it is better to check _user_locked first.
> 

You're right, and Eric left a similar feedback elsewhere. user_locked is
the more obvious disqualifier. I think this ought to be its own small
patch because it has nothing much to do with this one.

> 
>>
>> Signed-off-by: John Snow 
>> Reviewed-by: Eric Blake 
>> ---
>>   block/dirty-bitmap.c | 7 ---
>>   1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
>> index 639ebc0645..bb2e19e0d8 100644
>> --- a/block/dirty-bitmap.c
>> +++ b/block/dirty-bitmap.c
>> @@ -209,7 +209,7 @@ bool bdrv_dirty_bitmap_qmp_locked(BdrvDirtyBitmap 
>> *bitmap)
>>   /* Called with BQL taken.  */
>>   bool bdrv_dirty_bitmap_enabled(BdrvDirtyBitmap *bitmap)
>>   {
>> -return !(bitmap->disabled || bitmap->successor);
>> +return !bitmap->disabled;
>>   }
>>   
>>   /* Called with BQL taken.  */
>> @@ -264,6 +264,7 @@ int bdrv_dirty_bitmap_create_successor(BlockDriverState 
>> *bs,
>>   
>>   /* Successor will be on or off based on our current state. */
>>   child->disabled = bitmap->disabled;
>> +bitmap->disabled = true;
>>   
>>   /* Install the successor and freeze the parent */
>>   bitmap->successor = child;
>> @@ -346,6 +347,8 @@ BdrvDirtyBitmap 
>> *bdrv_reclaim_dirty_bitmap_locked(BlockDriverState *bs,
>>   error_setg(errp, "Merging of parent and successor bitmap failed");
>>   return NULL;
>>   }
>> +
>> +parent->disabled = successor->disabled;
> 
> at this point comment to the function
> "The merged parent will not be user_locked, nor 

Re: [Qemu-devel] [PATCH v2 5/6] block/dirty-bitmaps: unify qmp_locked and user_locked calls

[John Snow]

On 2/18/19 12:27 PM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:23, John Snow wrote:
>> These mean the same thing now. Unify them and rename the merged call
>> bdrv_dirty_bitmap_busy to indicate semantically what we are describing,
>> as well as help disambiguate from the various _locked and _unlocked
>> versions of bitmap helpers that refer to mutex locks.
>>
>> Signed-off-by: John Snow 
>> Reviewed-by: Eric Blake 
>> ---
>>   block/dirty-bitmap.c   | 41 +++---
>>   blockdev.c | 18 +++
>>   include/block/dirty-bitmap.h   |  5 ++---
>>   migration/block-dirty-bitmap.c |  6 ++---
>>   nbd/server.c   |  6 ++---
>>   5 files changed, 35 insertions(+), 41 deletions(-)
>>
>> diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
>> index 2042c62602..8ab048385a 100644
>> --- a/block/dirty-bitmap.c
>> +++ b/block/dirty-bitmap.c
>> @@ -48,9 +48,9 @@ struct BdrvDirtyBitmap {
>>   QemuMutex *mutex;
>>   HBitmap *bitmap;/* Dirty bitmap implementation */
>>   HBitmap *meta;  /* Meta dirty bitmap */
>> -bool qmp_locked;/* Bitmap is locked, it can't be modified
>> -   through QMP */
>> -BdrvDirtyBitmap *successor; /* Anonymous child; implies user_locked 
>> state */
>> +bool busy;  /* Bitmap is busy, it can't be modified 
>> through
>> +   QMP */
> 
> better not "modified" but "used".. for example, export through NBD is not a 
> modification.
> 

True.

>> +BdrvDirtyBitmap *successor; /* Anonymous child, if any. */
> 
> hm this comment change about successor relates more to previous patch, but I 
> don't really care.
> 

Oh, true.

>>   char *name; /* Optional non-empty unique ID */
>>   int64_t size;   /* Size of the bitmap, in bytes */
>>   bool disabled;  /* Bitmap is disabled. It ignores all 
>> writes to
>> @@ -188,22 +188,17 @@ bool bdrv_dirty_bitmap_has_successor(BdrvDirtyBitmap 
>> *bitmap)
>>   return bitmap->successor;
>>   }
>>   
> 
> 
> In comment for bdrv_dirty_bitmap_create_successor, there is "locked" word, 
> which you forget to fix to "busy"
> with at least this fixed:

Good spot. Too many occurrences of the word "lock" to have looked for
them all.

> Reviewed-by: Vladimir Sementsov-Ogievskiy 
> 
> 

[Qemu-devel] [Bug 1685242] Re: ovmf hangs at efi with virtio-net memory hotplug

[Laszlo Ersek (Red Hat)]

OVMF places the 64-bit PCI MMIO aperture after the memory hotplug area.
If you specify `-m maxmem=1024G`, then accessing 64-bit MMIO BARs of
PCI(e) devices, allocated from the aperture, will require at least 41
address bits. If you use KVM, and nested paging (EPT on Intel, NPT on
AMD) is enabled, and your /proc/cpuinfo on the host reports a smaller
phys address width than 41, then 64-bit PCI MMIO accesses in the guest
will silently fail. You can read more details in
.

SeaBIOS uses an independent algorithm for aperture placement and BAR
allocation.

If you remove virtio-net-pci, then your command line ends up without any
PCI(e) device that has a 64-bit MMIO BAR. So the issue is not triggered.

If you use a maxmem of 512G, then 40 bits might suffice. It's possible
that your physical CPU has precisely that many address bits, and so the
behavior could change.

If you attach the OVMF debug log (capture `-debugcon file:debug.log
-global isa-debugcon.iobase=0x402`), I could say more.

Thus far this ticket looks like "NOTABUG" -- use a smaller memory
hotplug area, or disable nested paging (which will come with a
performance penalty).

** Bug watch added: Red Hat Bugzilla #1353591
   https://bugzilla.redhat.com/show_bug.cgi?id=1353591

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1685242

Title:
  ovmf hangs at efi with virtio-net memory hotplug

Status in QEMU:
  New

Bug description:
  with qemu 2.9 it hangs at the efi stage when memory-hotplug is enabled
  and it has a virtio-net devices

  the ovmf images where compiled from https://github.com/tianocore/edk2
  (current master)

  reproducer:

  qemu-system-x86_64 -drive
  'if=pflash,unit=0,format=raw,readonly,file=./OVMF_CODE.fd' -drive
  'if=pflash,unit=1,format=raw,file=./my_OVMF_VARS.fd' -smp 1 -vga std
  -netdev 'type=tap,id=mynet' -device 'virtio-net-pci,netdev=mynet'
  -display sdl -nodefaults -m 'size=1G,slots=256,maxmem=1024G'

  interestingly, it works when you do the following:

  - omit the virtio-net-pci device
  - use seabios
  - use less maxmem, e.g. 512G

  qemu was compiled from source (v2.9.0) with following options:

  ./configure --target-list=x86_64-softmmu --disable-xen --enable-gnutls 
--enable-sdl --enable-linux-aio --enable-rbd --enable-libiscsi 
--disable-smartcard --audio-drv-list="alsa" --enable
  -spice --enable-usb-redir --enable-glusterfs --enable-libusb --disable-gtk 
--enable-xfsctl --enable-numa --disable-strip --enable-jemalloc --enable-virtfs 
--disable-libnfs --disable-fdt --disable-guest-agent --disable-guest-agent-msi

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1685242/+subscriptions

Re: [Qemu-devel] [PATCH v2 2/6] block/dirty-bitmaps: rename frozen predicate helper

[John Snow]

On 2/18/19 8:57 AM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:23, John Snow wrote:
>> "Frozen" was a good description a long time ago, but it isn't adequate now.
>> Rename the frozen predicate to has_successor to make the semantics of the
>> predicate more clear to outside callers.
>>
>> In the process, remove some calls to frozen() that no longer semantically
>> make sense. For enabled and disabled in particular, it's actually okay for
>> the internals to do this but only forbidden for users to invoke them, and
> 
> I'm a bit lost in this paragraph.. to this - what?, to invoke them - whom?
> I think, it would be simpler for me to read patch itself :)
> 

Touched this up. I meant enable and disable, not enabled and disabled.

>> all of the QMP entry uses already check against qmp_locked.
>>
>> Several other assertions really want to check that the bitmap isn't in-use
>> by another operation -- use the qmp_locked function for this instead, which
>> presently also checks for has_successor.
> 
> hm, you mean user_locked, not qmp_locked.
> 

Yes.

[...]

>>   /**
>>* Create a successor bitmap destined to replace this bitmap after an 
>> operation.
>> - * Requires that the bitmap is not frozen and has no successor.
>> + * Requires that the bitmap is not locked and has no successor.
> 
> I think, user_locked, to not interfere with bitmaps mutex. And you use 
> user_locked in
> other comments in this patch.
> 

You're right. It gets changed again later, but I didn't make this easy
to read.

>>* Called with BQL taken.
>>*/
>>   int bdrv_dirty_bitmap_create_successor(BlockDriverState *bs,
>> @@ -244,12 +244,16 @@ int 
>> bdrv_dirty_bitmap_create_successor(BlockDriverState *bs,
>>   uint64_t granularity;
>>   BdrvDirtyBitmap *child;
>>   
>> -if (bdrv_dirty_bitmap_frozen(bitmap)) {
>> -error_setg(errp, "Cannot create a successor for a bitmap that is "
>> -   "currently frozen");
>> +if (bdrv_dirty_bitmap_user_locked(bitmap)) {
>> +error_setg(errp, "Cannot create a successor for a bitmap that is 
>> in-use "
>> +   "by an operation");
>> +return -1;
>> +}
>> +if (bdrv_dirty_bitmap_has_successor(bitmap)) {
>> +error_setg(errp, "Cannot create a successor for a bitmap that 
>> already "
>> +   "has one");
> 
> 
> Amm, dead code? _user_locked() implies no successor, so we instead can keep 
> an assertion..
> 

It gets changed later in the series, but I didn't do a great job of
explaining that in advance. I'll amend the commit message to explain
what I'm trying to do.

I tried to hint at this with: "which presently also checks for
has_successor" as an admission that it was redundant, but I need to call
it out in stronger language.

Re: [Qemu-devel] [PATCH v2 4/6] block/dirty-bitmap: explicitly lock bitmaps with successors

[John Snow]

On 2/18/19 11:52 AM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:23, John Snow wrote:
>> Instead of implying a locked status, make it explicit.
> 
> locked interferes with bitmap mutex, so may be better "qmp_locked state", but 
> not sure.
> 

I agree that "locked" has too many meanings, so in patch 5 I start using
the term "busy" instead.

>> Now, bitmaps in use by migration, NBD or backup operations
>> are all treated the same way with the same code paths.
>>
>> Signed-off-by: John Snow 
>> Reviewed-by: Eric Blake 
> 
> Reviewed-by: Vladimir Sementsov-Ogievskiy 
> 
> Hmm. Isn't it better to make successor-related staff unrelated to locking at 
> all?

Maybe -- but it doesn't make sense to allow users to modify bitmaps that
have a successor because we know it's definitely busy. I'll take a
further cleanup patch if you think it's better -- just be careful to
make sure that any interface calls will work gracefully with a bitmap
with a successor.

> So, backup will call set_qmp_locked like others? And then do create_successor,
> abdicate, reclaim, whatever it wants, and finally set_qmp_locked(false) ?
> To make it work even more in the same path. But it may be done separately, if 
> we
> want.
> 

Re: [Qemu-devel] [PATCH 04/14] hw/timer/pl031: Convert to using trace events

[Philippe Mathieu-Daudé]

On 2/14/19 1:50 PM, Peter Maydell wrote:
> Convert the debug printing in the PL031 device to use trace events,
> and augment it to cover the interesting parts of device operation.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/timer/pl031.c  | 55 +++
>  hw/timer/trace-events |  6 +
>  2 files changed, 36 insertions(+), 25 deletions(-)
> 
> diff --git a/hw/timer/pl031.c b/hw/timer/pl031.c
> index f774dcd5223..274ad47a33a 100644
> --- a/hw/timer/pl031.c
> +++ b/hw/timer/pl031.c
> @@ -18,15 +18,7 @@
>  #include "sysemu/sysemu.h"
>  #include "qemu/cutils.h"
>  #include "qemu/log.h"
> -
> -//#define DEBUG_PL031
> -
> -#ifdef DEBUG_PL031
> -#define DPRINTF(fmt, ...) \
> -do { printf("pl031: " fmt , ## __VA_ARGS__); } while (0)
> -#else
> -#define DPRINTF(fmt, ...) do {} while(0)
> -#endif
> +#include "trace.h"
>  
>  #define RTC_DR  0x00/* Data read register */
>  #define RTC_MR  0x04/* Match register */
> @@ -44,7 +36,10 @@ static const unsigned char pl031_id[] = {
>  
>  static void pl031_update(PL031State *s)
>  {
> -qemu_set_irq(s->irq, s->is & s->im);
> +uint32_t flags = s->is & s->im;
> +
> +trace_pl031_irq_state(flags);
> +qemu_set_irq(s->irq, flags);
>  }
>  
>  static void pl031_interrupt(void * opaque)
> @@ -52,7 +47,7 @@ static void pl031_interrupt(void * opaque)
>  PL031State *s = (PL031State *)opaque;
>  
>  s->is = 1;
> -DPRINTF("Alarm raised\n");
> +trace_pl031_alarm_raised();
>  pl031_update(s);
>  }
>  
> @@ -69,7 +64,7 @@ static void pl031_set_alarm(PL031State *s)
>  /* The timer wraps around.  This subtraction also wraps in the same way,
> and gives correct results when alarm < now_ticks.  */
>  ticks = s->mr - pl031_get_count(s);
> -DPRINTF("Alarm set in %ud ticks\n", ticks);
> +trace_pl031_set_alarm(ticks);
>  if (ticks == 0) {
>  timer_del(s->timer);
>  pl031_interrupt(s);
> @@ -83,38 +78,49 @@ static uint64_t pl031_read(void *opaque, hwaddr offset,
> unsigned size)
>  {
>  PL031State *s = (PL031State *)opaque;
> -
> -if (offset >= 0xfe0  &&  offset < 0x1000)
> -return pl031_id[(offset - 0xfe0) >> 2];
> +uint64_t r;
>  
>  switch (offset) {
>  case RTC_DR:
> -return pl031_get_count(s);
> +r = pl031_get_count(s);
> +break;
>  case RTC_MR:
> -return s->mr;
> +r = s->mr;
> +break;
>  case RTC_IMSC:
> -return s->im;
> +r = s->im;
> +break;
>  case RTC_RIS:
> -return s->is;
> +r = s->is;
> +break;
>  case RTC_LR:
> -return s->lr;
> +r = s->lr;
> +break;
>  case RTC_CR:
>  /* RTC is permanently enabled.  */
> -return 1;
> +r = 1;
> +break;
>  case RTC_MIS:
> -return s->is & s->im;
> +r = s->is & s->im;
> +break;
> +case 0xfe0 ... 0xfff:
> +r = pl031_id[(offset - 0xfe0) >> 2];

Reviewed-by: Philippe Mathieu-Daudé 

> +break;
>  case RTC_ICR:
>  qemu_log_mask(LOG_GUEST_ERROR,
>"pl031: read of write-only register at offset 0x%x\n",
>(int)offset);
> +r = 0;
>  break;
>  default:
>  qemu_log_mask(LOG_GUEST_ERROR,
>"pl031_read: Bad offset 0x%x\n", (int)offset);
> +r = 0;
>  break;
>  }
>  
> -return 0;
> +trace_pl031_read(offset, r);
> +return r;
>  }
>  
>  static void pl031_write(void * opaque, hwaddr offset,
> @@ -122,6 +128,7 @@ static void pl031_write(void * opaque, hwaddr offset,
>  {
>  PL031State *s = (PL031State *)opaque;
>  
> +trace_pl031_write(offset, value);
>  
>  switch (offset) {
>  case RTC_LR:
> @@ -134,7 +141,6 @@ static void pl031_write(void * opaque, hwaddr offset,
>  break;
>  case RTC_IMSC:
>  s->im = value & 1;
> -DPRINTF("Interrupt mask %d\n", s->im);
>  pl031_update(s);
>  break;
>  case RTC_ICR:
> @@ -142,7 +148,6 @@ static void pl031_write(void * opaque, hwaddr offset,
> cleared when bit 0 of the written value is set.  However the
> arm926e documentation (DDI0287B) states that the interrupt is
> cleared when any value is written.  */
> -DPRINTF("Interrupt cleared");
>  s->is = 0;
>  pl031_update(s);
>  break;
> diff --git a/hw/timer/trace-events b/hw/timer/trace-events
> index 0144a68951c..12eb505fee7 100644
> --- a/hw/timer/trace-events
> +++ b/hw/timer/trace-events
> @@ -77,3 +77,9 @@ xlnx_zynqmp_rtc_gettime(int year, int month, int day, int 
> hour, int min, int sec
>  nrf51_timer_read(uint64_t addr, uint32_t value, unsigned size) "read addr 
> 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
>  nrf51_timer_write(uint64_t addr, uint32_t value, unsigned size) "write addr 
> 0x%" PRIx64 " data 

Re: [Qemu-devel] [PATCH v4 1/1] blockdev: acquire aio_context for bitmap add/remove

[John Snow]

On 2/18/19 4:55 PM, Eric Blake wrote:
> On 2/18/19 3:42 PM, John Snow wrote:
>> When bitmaps are persistent, they may incur a disk read or write when bitmaps
>> are added or removed. For configurations like virtio-dataplane, failing to
>> acquire this lock will abort QEMU when disk IO occurs.
>>
>> We used to acquire aio_context as part of the bitmap lookup, so re-introduce
>> the lock for just the cases that have an IO penalty. Commit 2119882c removed
>> these locks, and I failed to notice this when we committed fd5ae4cc, so this
>> has been broken since persistent bitmaps were introduced.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1672010
>> Reported-By: Aihua Liang 
>> Signed-off-by: John Snow 
>> Reviewed-by: Eric Blake 
>> ---
>>  blockdev.c | 26 --
>>  1 file changed, 20 insertions(+), 6 deletions(-)
>>
> 
>>  bitmap = bdrv_create_dirty_bitmap(bs, granularity, name, errp);
>>  if (bitmap == NULL) {
>> -return;
>> +goto out
>>  }
>>  
> 
> Your scripts are still going haywire. :(
> 

Sigh. I ran the full suite of build tests but that doesn't do one bit of
good if I don't run `stg refresh` before sending it out.

I'm really not having a good run of it it here.

NACK,

--js

Re: [Qemu-devel] [PATCH 07/14] hw/char/pl011: Use '0x' prefix when logging hex numbers

[Philippe Mathieu-Daudé]

On 2/14/19 1:51 PM, Peter Maydell wrote:
> The pl011 logs when the guest makes a bad access. It prints
> the address offset in hex but confusingly omits the '0x'
> prefix; add it.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/char/pl011.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/char/pl011.c b/hw/char/pl011.c
> index 29f4e5eb224..e5dd448f854 100644
> --- a/hw/char/pl011.c
> +++ b/hw/char/pl011.c
> @@ -143,7 +143,7 @@ static uint64_t pl011_read(void *opaque, hwaddr offset,
>  break;
>  default:
>  qemu_log_mask(LOG_GUEST_ERROR,
> -  "pl011_read: Bad offset %x\n", (int)offset);
> +  "pl011_read: Bad offset 0x%x\n", (int)offset);
>  r = 0;
>  break;
>  }
> @@ -232,7 +232,7 @@ static void pl011_write(void *opaque, hwaddr offset,
>  break;
>  default:
>  qemu_log_mask(LOG_GUEST_ERROR,
> -  "pl011_write: Bad offset %x\n", (int)offset);
> +  "pl011_write: Bad offset 0x%x\n", (int)offset);
>  }
>  }
>  
> 

Re: [Qemu-devel] [PATCH 05/14] hw/char/pl011: Allow use as an embedded-struct device

[Philippe Mathieu-Daudé]

On 2/14/19 1:50 PM, Peter Maydell wrote:
> Create a new include file for the pl011's device struct,
> type macros, etc, so that it can be instantiated using
> the "embedded struct" coding style.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  include/hw/char/pl011.h | 34 ++
>  hw/char/pl011.c | 31 ++-
>  2 files changed, 36 insertions(+), 29 deletions(-)
> 
> diff --git a/include/hw/char/pl011.h b/include/hw/char/pl011.h
> index 83649324b6a..1b52bfd5c90 100644
> --- a/include/hw/char/pl011.h
> +++ b/include/hw/char/pl011.h
> @@ -15,6 +15,40 @@
>  #ifndef HW_PL011_H
>  #define HW_PL011_H
>  
> +#include "hw/sysbus.h"
> +#include "chardev/char-fe.h"
> +
> +#define TYPE_PL011 "pl011"
> +#define PL011(obj) OBJECT_CHECK(PL011State, (obj), TYPE_PL011)
> +
> +/* This shares the same struct (and cast macro) as the base pl011 device */
> +#define TYPE_PL011_LUMINARY "pl011_luminary"
> +
> +typedef struct PL011State {
> +SysBusDevice parent_obj;
> +
> +MemoryRegion iomem;
> +uint32_t readbuff;
> +uint32_t flags;
> +uint32_t lcr;
> +uint32_t rsr;
> +uint32_t cr;
> +uint32_t dmacr;
> +uint32_t int_enabled;
> +uint32_t int_level;
> +uint32_t read_fifo[16];
> +uint32_t ilpr;
> +uint32_t ibrd;
> +uint32_t fbrd;
> +uint32_t ifl;
> +int read_pos;
> +int read_count;
> +int read_trigger;
> +CharBackend chr;
> +qemu_irq irq;
> +const unsigned char *id;
> +} PL011State;
> +
>  static inline DeviceState *pl011_create(hwaddr addr,
>  qemu_irq irq,
>  Chardev *chr)
> diff --git a/hw/char/pl011.c b/hw/char/pl011.c
> index 2aa277fc4f2..0c4711e4027 100644
> --- a/hw/char/pl011.c
> +++ b/hw/char/pl011.c
> @@ -8,39 +8,12 @@
>   */
>  
>  #include "qemu/osdep.h"
> +#include "hw/char/pl011.h"
>  #include "hw/sysbus.h"
>  #include "chardev/char-fe.h"
>  #include "qemu/log.h"
>  #include "trace.h"
>  
> -#define TYPE_PL011 "pl011"
> -#define PL011(obj) OBJECT_CHECK(PL011State, (obj), TYPE_PL011)
> -
> -typedef struct PL011State {
> -SysBusDevice parent_obj;
> -
> -MemoryRegion iomem;
> -uint32_t readbuff;
> -uint32_t flags;
> -uint32_t lcr;
> -uint32_t rsr;
> -uint32_t cr;
> -uint32_t dmacr;
> -uint32_t int_enabled;
> -uint32_t int_level;
> -uint32_t read_fifo[16];
> -uint32_t ilpr;
> -uint32_t ibrd;
> -uint32_t fbrd;
> -uint32_t ifl;
> -int read_pos;
> -int read_count;
> -int read_trigger;
> -CharBackend chr;
> -qemu_irq irq;
> -const unsigned char *id;
> -} PL011State;
> -
>  #define PL011_INT_TX 0x20
>  #define PL011_INT_RX 0x10
>  
> @@ -357,7 +330,7 @@ static void pl011_luminary_init(Object *obj)
>  }
>  
>  static const TypeInfo pl011_luminary_info = {
> -.name  = "pl011_luminary",
> +.name  = TYPE_PL011_LUMINARY,
>  .parent= TYPE_PL011,
>  .instance_init = pl011_luminary_init,
>  };
> 

Re: [Qemu-devel] [PATCH v2 6/6] block/dirty-bitmaps: move comment block

[John Snow]

On 2/18/19 12:39 PM, Vladimir Sementsov-Ogievskiy wrote:
> 14.02.2019 2:23, John Snow wrote:
>> Simply move the big status enum comment block to above the status
>> function, and document it as being deprecated. The whole confusing
>> block can get deleted in three releases time.
>>
>> Signed-off-by: John Snow 
> 
> 
> Reviewed-by: Vladimir Sementsov-Ogievskiy 
> 
> But I think, it's OK to remove it now. It mostly unrelated to code now, so,
> is it needed? And it is unrelated to deprecation. As I understand, user-seen
> information is DirtyBitmapStatus declaration in qapi, and it is deprecated
> and to be removed in three releases.
> 

I decided to keep it because I wanted to document the particulars of
what the fields meant internally before we finally remove it some future
release, in case we need to change this function around to maintain
backwards compatibility.

It'll get removed at that point in time.

--js

Re: [Qemu-devel] [PATCH 09/14] hw/arm/armsse: Allow boards to specify init-svtor

[Philippe Mathieu-Daudé]

On 2/14/19 1:51 PM, Peter Maydell wrote:
> The Musca boards have DAPLink firmware that sets the initial
> secure VTOR value (the location of the vector table) differently
> depending on the boot mode (from flash, from RAM, etc). Export
> the init-svtor as a QOM property of the ARMSSE object so that
> the board can change it.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  include/hw/arm/armsse.h | 3 +++
>  hw/arm/armsse.c | 8 
>  2 files changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h
> index 444605b44dc..84879f40dd8 100644
> --- a/include/hw/arm/armsse.h
> +++ b/include/hw/arm/armsse.h
> @@ -48,6 +48,8 @@
>   *if necessary.)
>   *  + QOM property "SRAM_ADDR_WIDTH" sets the number of bits used for the
>   *address of each SRAM bank (and thus the total amount of internal SRAM)
> + *  + QOM property "init-svtor" sets the initial value of the CPU SVTOR 
> register
> + *(where it expects to load the PC and SP from the vector table on reset)
>   *  + Named GPIO inputs "EXP_IRQ" 0..n are the expansion interrupts for CPU 
> 0,
>   *which are wired to its NVIC lines 32 .. n+32
>   *  + Named GPIO inputs "EXP_CPU1_IRQ" 0..n are the expansion interrupts for
> @@ -204,6 +206,7 @@ typedef struct ARMSSE {
>  uint32_t exp_numirq;
>  uint32_t mainclk_frq;
>  uint32_t sram_addr_width;
> +uint32_t init_svtor;
>  } ARMSSE;
>  
>  typedef struct ARMSSEInfo ARMSSEInfo;
> diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
> index 9a8c49547db..3040ea9324e 100644
> --- a/hw/arm/armsse.c
> +++ b/hw/arm/armsse.c
> @@ -505,11 +505,10 @@ static void armsse_realize(DeviceState *dev, Error 
> **errp)
>   * the INITSVTOR* registers before powering up the CPUs in any case,
>   * so the hardware's default value doesn't matter. QEMU doesn't 
> emulate
>   * the control processor, so instead we behave in the way that the
> - * firmware does. All boards currently known about have firmware that
> - * sets the INITSVTOR0 and INITSVTOR1 registers to 0x1000, like 
> the
> - * IoTKit default. We can make this more configurable if necessary.
> + * firmware does. The initial value is configurable by the board code
> + * to match whatever its firmware does.
>   */
> -qdev_prop_set_uint32(cpudev, "init-svtor", 0x1000);
> +qdev_prop_set_uint32(cpudev, "init-svtor", s->init_svtor);
>  /*
>   * Start all CPUs except CPU0 powered down. In real hardware it is
>   * a configurable property of the SSE-200 which CPUs start powered up
> @@ -1185,6 +1184,7 @@ static Property armsse_properties[] = {
>  DEFINE_PROP_UINT32("EXP_NUMIRQ", ARMSSE, exp_numirq, 64),
>  DEFINE_PROP_UINT32("MAINCLK", ARMSSE, mainclk_frq, 0),
>  DEFINE_PROP_UINT32("SRAM_ADDR_WIDTH", ARMSSE, sram_addr_width, 15),
> +DEFINE_PROP_UINT32("init-svtor", ARMSSE, init_svtor, 0x1000),
>  DEFINE_PROP_END_OF_LIST()
>  };
>  
> 

Re: [Qemu-devel] [PATCH] hw/rdma: another clang compilation fix

[Philippe Mathieu-Daudé]

On 2/17/19 8:51 AM, Marcel Apfelbaum wrote:
> 
> Cc:qemu-sta...@nongnu.org

I doubt this is a security issue worth Cc'ing qemu-stable :)

> Thanks,
> Marcel
> 
> On 2/14/19 5:40 PM, Marcel Apfelbaum wrote:
>> Configuring QEMU with:
>>     configure --target-list="x86_64-softmmu" --cc=clang --enable-pvrdma
>> Results in:
>>     qemu/hw/rdma/rdma_rm_defs.h:108:3: error: redefinition of typedef
>> 'RdmaDeviceResources' is a C11 feature [-Werror,-Wtypedef-redefinition]
>>     } RdmaDeviceResources;
>>   ^
>>     qemu/hw/rdma/rdma_backend_defs.h:24:36: note: previous definition
>> is here
>>     typedef struct RdmaDeviceResources RdmaDeviceResources;
>>
>> Fix by removing one of the 'typedef' definitions.
>>
>> Signed-off-by: Marcel Apfelbaum 

Reviewed-by: Philippe Mathieu-Daudé 

>> ---
>>   hw/rdma/rdma_rm_defs.h | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/rdma/rdma_rm_defs.h b/hw/rdma/rdma_rm_defs.h
>> index 0ba61d1838..5e877c1fd9 100644
>> --- a/hw/rdma/rdma_rm_defs.h
>> +++ b/hw/rdma/rdma_rm_defs.h
>> @@ -96,7 +96,7 @@ typedef struct RdmaRmPort {
>>   enum ibv_port_state state;
>>   } RdmaRmPort;
>>   -typedef struct RdmaDeviceResources {
>> +struct RdmaDeviceResources {
>>   RdmaRmPort port;
>>   RdmaRmResTbl pd_tbl;
>>   RdmaRmResTbl mr_tbl;
>> @@ -105,6 +105,6 @@ typedef struct RdmaDeviceResources {
>>   RdmaRmResTbl cq_tbl;
>>   RdmaRmResTbl cqe_ctx_tbl;
>>   GHashTable *qp_hash; /* Keeps mapping between real and emulated */
>> -} RdmaDeviceResources;
>> +};
>>     #endif
> 
> 

Re: [Qemu-devel] [PATCH v2 2/9] ccid-card-passthru: Replace never trigger if statement by an assertion

[Philippe Mathieu-Daudé]

On 2/15/19 11:59 AM, Marc-André Lureau wrote:
> Hi
> 
> On Thu, Feb 14, 2019 at 9:20 PM Philippe Mathieu-Daudé
>  wrote:
>>
>> The right side of the comparison is the return value of can_read():
>> VSCARD_IN_SIZE - card->vscard_in_pos.
>> Since the 'size' argument of chardev::read() is bound to
>> what chardev::can_read() returns, this condition can never happen.
> 
> I think so too, because vscard_in_pos is unchanged between the 2
> callbacks (or set to 0 in break event).
> 
>>
>> Add an assertion, which will always fail if card->vscard_in_pos >=
>> VSCARD_IN_SIZE), since size > 0.
> 
> If "size > VSCARD_IN_SIZE - card->vscard_in_pos" this is a chardev
> bug. But which backend does that?
> 
> Iow, did we ever reach the "no room for data" error?
> 
>>
>> This is a quick fix for CVE-2018-18438 "Integer overflow in
>> ccid_card_vscard_read() allows memory corruption".
> 
> I have a hard time to find how that memory corruption can happen. It
> would be a broken chardev (one calling qemu_chr_be_write() with a size
> bigger than qemu_chr_be_can_write()). It would need to be fixed. But

It will :)

> which one does that?

Arash or Prasad can you help us here? Do you have a reproducer?

>>
>> Fixes: CVE-2018-18438
>> Reported-by: Arash Tohidi Chafi 
>> Suggested-by: Paolo Bonzini 
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/usb/ccid-card-passthru.c | 14 +-
>>  1 file changed, 1 insertion(+), 13 deletions(-)
>>
>> diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
>> index 8bb1314f49..1676b5fc05 100644
>> --- a/hw/usb/ccid-card-passthru.c
>> +++ b/hw/usb/ccid-card-passthru.c
>> @@ -264,24 +264,12 @@ static void 
>> ccid_card_vscard_handle_message(PassthruState *card,
>>  }
>>  }
>>
>> -static void ccid_card_vscard_drop_connection(PassthruState *card)
>> -{
>> -qemu_chr_fe_deinit(>cs, true);
>> -card->vscard_in_pos = card->vscard_in_hdr = 0;
>> -}
>> -
>>  static void ccid_card_vscard_read(void *opaque, const uint8_t *buf, int 
>> size)
>>  {
>>  PassthruState *card = opaque;
>>  VSCMsgHeader *hdr;
>>
>> -if (card->vscard_in_pos + size > VSCARD_IN_SIZE) {
>> -error_report("no room for data: pos %u +  size %d > %" PRId64 "."
>> - " dropping connection.",
>> - card->vscard_in_pos, size, VSCARD_IN_SIZE);
>> -ccid_card_vscard_drop_connection(card);
>> -return;
>> -}
>> +assert(size <= VSCARD_IN_SIZE - card->vscard_in_pos);
>>  assert(card->vscard_in_hdr < VSCARD_IN_SIZE);
>>  memcpy(card->vscard_in_data + card->vscard_in_pos, buf, size);
>>  card->vscard_in_pos += size;
>> --
>> 2.20.1
>>

Re: [Qemu-devel] [PATCH v4 1/1] blockdev: acquire aio_context for bitmap add/remove

[Eric Blake]

On 2/18/19 3:42 PM, John Snow wrote:
> When bitmaps are persistent, they may incur a disk read or write when bitmaps
> are added or removed. For configurations like virtio-dataplane, failing to
> acquire this lock will abort QEMU when disk IO occurs.
> 
> We used to acquire aio_context as part of the bitmap lookup, so re-introduce
> the lock for just the cases that have an IO penalty. Commit 2119882c removed
> these locks, and I failed to notice this when we committed fd5ae4cc, so this
> has been broken since persistent bitmaps were introduced.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1672010
> Reported-By: Aihua Liang 
> Signed-off-by: John Snow 
> Reviewed-by: Eric Blake 
> ---
>  blockdev.c | 26 --
>  1 file changed, 20 insertions(+), 6 deletions(-)
> 

>  bitmap = bdrv_create_dirty_bitmap(bs, granularity, name, errp);
>  if (bitmap == NULL) {
> -return;
> +goto out
>  }
>  

Your scripts are still going haywire. :(

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH 03/14] hw/timer/pl031: Allow use as an embedded-struct device

[Philippe Mathieu-Daudé]

On 2/14/19 1:50 PM, Peter Maydell wrote:
> Create a new include file for the pl031's device struct,
> type macros, etc, so that it can be instantiated using
> the "embedded struct" coding style.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  include/hw/timer/pl031.h | 44 
>  hw/timer/pl031.c | 25 +--
>  MAINTAINERS  |  1 +
>  3 files changed, 46 insertions(+), 24 deletions(-)
>  create mode 100644 include/hw/timer/pl031.h
> 
> diff --git a/include/hw/timer/pl031.h b/include/hw/timer/pl031.h
> new file mode 100644
> index 000..99416d8ba52
> --- /dev/null
> +++ b/include/hw/timer/pl031.h
> @@ -0,0 +1,44 @@
> +/*
> + * ARM AMBA PrimeCell PL031 RTC
> + *
> + * Copyright (c) 2007 CodeSourcery
> + *
> + * This file is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + *
> + * Contributions after 2012-01-13 are licensed under the terms of the
> + * GNU GPL, version 2 or (at your option) any later version.
> + */
> +
> +#ifndef HW_TIMER_PL031
> +#define HW_TIMER_PL031
> +
> +#include "hw/sysbus.h"
> +
> +#define TYPE_PL031 "pl031"
> +#define PL031(obj) OBJECT_CHECK(PL031State, (obj), TYPE_PL031)
> +
> +typedef struct PL031State {
> +SysBusDevice parent_obj;
> +
> +MemoryRegion iomem;
> +QEMUTimer *timer;
> +qemu_irq irq;
> +
> +/*
> + * Needed to preserve the tick_count across migration, even if the
> + * absolute value of the rtc_clock is different on the source and
> + * destination.
> + */
> +uint32_t tick_offset_vmstate;
> +uint32_t tick_offset;
> +
> +uint32_t mr;
> +uint32_t lr;
> +uint32_t cr;
> +uint32_t im;
> +uint32_t is;
> +} PL031State;
> +
> +#endif
> diff --git a/hw/timer/pl031.c b/hw/timer/pl031.c
> index d3aacce80da..f774dcd5223 100644
> --- a/hw/timer/pl031.c
> +++ b/hw/timer/pl031.c
> @@ -12,6 +12,7 @@
>   */
>  
>  #include "qemu/osdep.h"
> +#include "hw/timer/pl031.h"
>  #include "hw/sysbus.h"
>  #include "qemu/timer.h"
>  #include "sysemu/sysemu.h"
> @@ -36,30 +37,6 @@ do { printf("pl031: " fmt , ## __VA_ARGS__); } while (0)
>  #define RTC_MIS 0x18/* Masked interrupt status register */
>  #define RTC_ICR 0x1c/* Interrupt clear register */
>  
> -#define TYPE_PL031 "pl031"
> -#define PL031(obj) OBJECT_CHECK(PL031State, (obj), TYPE_PL031)
> -
> -typedef struct PL031State {
> -SysBusDevice parent_obj;
> -
> -MemoryRegion iomem;
> -QEMUTimer *timer;
> -qemu_irq irq;
> -
> -/* Needed to preserve the tick_count across migration, even if the
> - * absolute value of the rtc_clock is different on the source and
> - * destination.
> - */
> -uint32_t tick_offset_vmstate;
> -uint32_t tick_offset;
> -
> -uint32_t mr;
> -uint32_t lr;
> -uint32_t cr;
> -uint32_t im;
> -uint32_t is;
> -} PL031State;
> -
>  static const unsigned char pl031_id[] = {
>  0x31, 0x10, 0x14, 0x00, /* Device ID*/
>  0x0d, 0xf0, 0x05, 0xb1  /* Cell ID  */
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 9a76845581b..85d4b4c9f7c 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -493,6 +493,7 @@ F: hw/sd/pl181.c
>  F: hw/ssi/pl022.c
>  F: include/hw/ssi/pl022.h
>  F: hw/timer/pl031.c
> +F: include/hw/timer/pl031.h
>  F: include/hw/arm/primecell.h
>  F: hw/timer/cmsdk-apb-timer.c
>  F: include/hw/timer/cmsdk-apb-timer.h
>