Re: [Qemu-devel] [Qemu-riscv] [RFC v1 5/5] hw/riscv: Load OpenSBI as the default firmware

[Anup Patel]

On Wed, Jun 19, 2019 at 6:21 AM Alistair Francis
 wrote:
>
> If the user hasn't specified a firmware to load (with -bios) or
> specified no bios (with -bios none) then load OpenSBI by default. This
> allows users to boot a RISC-V kernel with just -kernel.
>
> Signed-off-by: Alistair Francis 
> ---
>  hw/riscv/boot.c | 28 
>  hw/riscv/sifive_u.c |  4 +---
>  hw/riscv/virt.c |  4 +---
>  include/hw/riscv/boot.h |  1 +
>  4 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
> index 7f68035a3f..5f021591ed 100644
> --- a/hw/riscv/boot.c
> +++ b/hw/riscv/boot.c
> @@ -18,6 +18,7 @@
>   */
>
>  #include "qemu/osdep.h"
> +#include "qemu-common.h"
>  #include "qemu/units.h"
>  #include "qemu/error-report.h"
>  #include "exec/cpu-defs.h"
> @@ -32,6 +33,12 @@
>  # define KERNEL_BOOT_ADDRESS 0x8020
>  #endif
>
> +#if defined(TARGET_RISCV32)
> +# define BIOS_FILENAME "opensbi-riscv32-fw_jump.elf"
> +#else
> +# define BIOS_FILENAME "opensbi-riscv64-fw_jump.elf"
> +#endif

Based on my comment on PATCH4, BIOS_FILENAME should
be derived from QEMU machine name and TARGET_RISCVx

Agree ??

Regards,
Anup

> +
>  static uint64_t kernel_translate(void *opaque, uint64_t addr)
>  {
>  MachineState *machine = opaque;
> @@ -47,6 +54,27 @@ static uint64_t kernel_translate(void *opaque, uint64_t 
> addr)
>  }
>  }
>
> +void riscv_find_and_load_firmware(MachineState *machine)
> +{
> +char *firmware_filename;
> +
> +if (!machine->firmware) {
> +/* The user didn't specify a firmware, default to OpenSBI */
> +firmware_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, 
> BIOS_FILENAME);
> +} else {
> +firmware_filename = machine->firmware;
> +}
> +
> +if (strcmp(firmware_filename, "none")) {
> +/* If not "none" load the firmware */
> +riscv_load_firmware(firmware_filename);
> +}
> +
> +if (!machine->firmware) {
> +g_free(firmware_filename);
> +}
> +}
> +
>  target_ulong riscv_load_firmware(const char *firmware_filename)
>  {
>  uint64_t firmware_entry, firmware_start, firmware_end;
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 03a6c64d04..77666d0f4d 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -266,9 +266,7 @@ static void riscv_sifive_u_init(MachineState *machine)
>  /* create device tree */
>  create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
>
> -if (machine->firmware) {
> -riscv_load_firmware(machine->firmware);
> -}
> +riscv_find_and_load_firmware(machine);
>
>  if (machine->kernel_filename) {
>  riscv_load_kernel(machine, machine->kernel_filename);
> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> index d3670b5a7c..2a7e850666 100644
> --- a/hw/riscv/virt.c
> +++ b/hw/riscv/virt.c
> @@ -380,9 +380,7 @@ static void riscv_virt_board_init(MachineState *machine)
>  memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
>  mask_rom);
>
> -if (machine->firmware) {
> -riscv_load_firmware(machine->firmware);
> -}
> +riscv_find_and_load_firmware(machine);
>
>  if (machine->kernel_filename) {
>  uint64_t kernel_entry = riscv_load_kernel(machine,
> diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
> index 6f586939c7..df2e2480e6 100644
> --- a/include/hw/riscv/boot.h
> +++ b/include/hw/riscv/boot.h
> @@ -20,6 +20,7 @@
>  #ifndef RISCV_BOOT_H
>  #define RISCV_BOOT_H
>
> +void riscv_find_and_load_firmware(MachineState *machine);
>  target_ulong riscv_load_firmware(const char *firmware_filename);
>  target_ulong riscv_load_kernel(MachineState *machine,
> const char *kernel_filename);
> --
> 2.22.0
>
>

Re: [Qemu-devel] [Qemu-riscv] [RFC v1 4/5] roms: Add OpenSBI version 0.3

[Anup Patel]

On Wed, Jun 19, 2019 at 6:24 AM Alistair Francis
 wrote:
>
> Add OpenSBI version 0.3 as a git submodule and as a prebult binary.
>
> Signed-off-by: Alistair Francis 
> ---
>  .gitmodules |   3 +++
>  Makefile|   3 ++-
>  configure   |   1 +
>  pc-bios/opensbi-riscv32-fw_jump.elf | Bin 0 -> 197988 bytes
>  pc-bios/opensbi-riscv64-fw_jump.elf | Bin 0 -> 200192 bytes
>  roms/Makefile   |  17 +
>  roms/opensbi|   1 +
>  7 files changed, 24 insertions(+), 1 deletion(-)
>  create mode 100644 pc-bios/opensbi-riscv32-fw_jump.elf
>  create mode 100644 pc-bios/opensbi-riscv64-fw_jump.elf
>  create mode 16 roms/opensbi
>

The OpenSBI firmwares are platform specific so we should have
machine directory under pc-bios/ directory

So for virt machine we will have:
pc-bios/riscv32/virt/fw_jump.elf
pc-bios/riscv64/virt/fw_jump.elf

Regards,
Anup

Re: [Qemu-devel] [PATCH v4 0/7] tcg/ppc: Add vector opcodes

[Mark Cave-Ayland]

On 18/06/2019 06:00, Richard Henderson wrote:

> Ping.  Otherwise I'll include it in my next tcg pull.
> 
> r~

I can give this another spin on my test images on a G4 over the next few days. 
I've
also added Howard on CC as he reported some issues with the previous iteration 
at
https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg06561.html.

> On 5/18/19 9:15 PM, Richard Henderson wrote:
>> Based-on: <20190518190157.21255-1-richard.hender...@linaro.org>
>> Aka "tcg: misc gvec improvements".
>>
>> Version 3 was last posted in March,
>> https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg05859.html
>>
>> Changes since v3:
>>   * Add support for bitsel, with the vsx xxsel insn.
>>   * Rely on the new relocation overflow handling, so
>> we don't require 3 insns for a vector load.
>>
>> Changes since v2:
>>   * Several generic tcg patches to improve dup vs dupi vs dupm.
>> In particular, if a global temp (like guest r10) is not in
>> a host register, we should duplicate from memory instead of
>> loading to an integer register, spilling to stack, loading
>> to a vector register, and then duplicating.
>>   * I have more confidence that 32-bit ppc host should work
>> this time around.  No testing on that front yet, but I've
>> unified some code sequences with 64-bit ppc host.
>>   * Base altivec now supports V128 only.  Moved V64 support to
>> Power7 (v2.06), which has 64-bit load/store.
>>   * Dropped support for 64-bit vector multiply using Power8.
>> The expansion was too large compared to using integer regs.
>>
>>
>> r~
>>
>>
>> Richard Henderson (7):
>>   tcg/ppc: Initial backend support for Altivec
>>   tcg/ppc: Support vector shift by immediate
>>   tcg/ppc: Support vector multiply
>>   tcg/ppc: Support vector dup2
>>   tcg/ppc: Update vector support to v2.06
>>   tcg/ppc: Update vector support to v2.07
>>   tcg/ppc: Update vector support to v3.00
>>
>>  tcg/ppc/tcg-target.h |   39 +-
>>  tcg/ppc/tcg-target.opc.h |   11 +
>>  tcg/ppc/tcg-target.inc.c | 1077 +++---
>>  3 files changed, 1063 insertions(+), 64 deletions(-)
>>  create mode 100644 tcg/ppc/tcg-target.opc.h


ATB,

Mark.

[Qemu-devel] [RISU RFC PATCH v1 7/7] x86.risu: add SSE2 instructions

[Jan Bobek]

Add all SSE2 instructions to the x86 configuration file.

Signed-off-by: Jan Bobek 
---
 x86.risu | 160 ---
 1 file changed, 153 insertions(+), 7 deletions(-)

diff --git a/x86.risu b/x86.risu
index cc40bbc..b3e4c88 100644
--- a/x86.risu
+++ b/x86.risu
@@ -12,63 +12,137 @@
 # Input file for risugen defining x86 instructions
 .mode x86
 
-# SSE Data Transfer Instructions
+# SSE/SSE2 Data Transfer Instructions
 MOVUPS  SSE  0001000 d !emit { modrm(); mem(size => 16); }
+MOVUPD  SSE2 0001000 d !emit { data16(); modrm(); mem(size 
=> 16); }
 MOVSS   SSE  0001000 d !emit { rep(); modrm(); mem(size => 
4); }
+MOVSD   SSE2 0001000 d !emit { repne(); modrm(); mem(size 
=> 8); }
+
 MOVHLPS SSE  00010010  !emit { modrm(mod => MOD_DIRECT); }
 MOVLPS  SSE  0001001 d !emit { modrm(mod => ~MOD_DIRECT); 
mem(size => 8); }
+MOVLPD  SSE2 0001001 d !emit { data16(); modrm(mod => 
~MOD_DIRECT); mem(size => 8); }
+
 MOVLHPS SSE  00010110  !emit { modrm(mod => MOD_DIRECT); }
 MOVHPS  SSE  0001011 d !emit { modrm(mod => ~MOD_DIRECT); 
mem(size => 8); }
+MOVHPD  SSE2 0001011 d !emit { data16(); modrm(mod => 
~MOD_DIRECT); mem(size => 8); }
+
 MOVAPS  SSE  0010100 d !emit { modrm(); mem(size => 16, 
align => 16); }
+MOVAPD  SSE2 0010100 d !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
+
 MOVMSKPSSSE  0101  !emit { modrm(mod => MOD_DIRECT, 
reg => ~REG_ESP); }
+MOVMKSPDSSE2 0101  !emit { data16(); modrm(mod => 
MOD_DIRECT, reg => ~REG_ESP); }
 
-# SSE Packed Arithmetic Instructions
+# SSE/SSE2 Packed Arithmetic Instructions
 ADDPS   SSE  01011000 !emit { modrm(); mem(size => 16, 
align => 16); }
+ADDPD   SSE2 01011000 !emit { data16(); modrm(); mem(size 
=> 16, align => 16) }
 ADDSS   SSE  01011000 !emit { rep(); modrm(); mem(size => 
4); }
+ADDSD   SSE2 01011000 !emit { repne(); modrm(); mem(size 
=> 4); }
+
 SUBPS   SSE  01011100 !emit { modrm(); mem(size => 16, 
align => 16); }
+SUBPD   SSE2 01011100 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 SUBSS   SSE  01011100 !emit { rep(); modrm(); mem(size => 
4); }
+SUBSD   SSE2 01011100 !emit { repne(); modrm(); mem(size 
=> 4); }
+
 MULPS   SSE  01011001 !emit { modrm(); mem(size => 16, 
align => 16); }
+MULPD   SSE2 01011001 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 MULSS   SSE  01011001 !emit { rep(); modrm(); mem(size => 
4); }
-DIVPS   SSE  0100 !emit { modrm(); mem(size => 16, 
align => 16); }
+MULSD   SSE2 01011001 !emit { repne(); modrm(); mem(size 
=> 4); }
+
+DIVPS   SSE  0100 !emit { modrm(); modrm(); mem(size 
=> 16, align => 16); }
+DIVPD   SSE2 0100 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 DIVSS   SSE  0100 !emit { rep(); modrm(); mem(size => 
4); }
+DIVSD   SSE2 0100 !emit { repne(); modrm(); mem(size 
=> 4); }
+
 RCPPS   SSE  01010011 !emit { modrm(); mem(size => 16, 
align => 16); }
 RCPSS   SSE  01010011 !emit { rep(); modrm(); mem(size => 
4); }
+
 SQRTPS  SSE  01010001 !emit { modrm(); mem(size => 16, 
align => 16); }
+SQRTPD  SSE2 01010001 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 SQRTSS  SSE  01010001 !emit { rep(); modrm(); mem(size => 
4); }
+SQRTSD  SSE2 01010001 !emit { repne(); modrm(); mem(size 
=> 4); }
+
 RSQRTPS SSE  01010010 !emit { modrm(); mem(size => 16, 
align => 16); }
 RSQRTSS SSE  01010010 !emit { rep(); modrm(); mem(size => 
4); }
+
 MINPS   SSE  01011101 !emit { modrm(); mem(size => 16, 
align => 16); }
+MINPD   SSE2 01011101 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 MINSS   SSE  01011101 !emit { rep(); modrm(); mem(size => 
4); }
+MINSD   SSE2 01011101 !emit { repne(); modrm(); mem(size 
=> 4); }
+
 MAXPS   SSE  0101 !emit { modrm(); mem(size => 16, 
align => 16); }
+MAXPD   SSE2 0101 !emit { data16(); modrm(); mem(size 
=> 16, align => 16); }
 MAXSS   SSE  0101 !emit { rep(); modrm(); mem(size => 
4); }
+MAXSD   SSE2 0101 !emit { repne(); modrm(); mem(size 
=> 4); }
 
-# SSE Comparison Instructions
+# SSE/SSE2 Comparison 

[Qemu-devel] [RISU RFC PATCH v1 4/7] risugen_x86: add module

[Jan Bobek]

The risugen_x86.pm module contains most of the code specific to Intel
i386 and x86_64 architectures. This commit also adds --x86_64 option,
which enables emission of 64-bit (rather than 32-bit) assembly.

Signed-off-by: Jan Bobek 
---
 risugen|   6 +-
 risugen_x86.pm | 455 +
 2 files changed, 460 insertions(+), 1 deletion(-)
 create mode 100644 risugen_x86.pm

diff --git a/risugen b/risugen
index fe3d00e..09a702a 100755
--- a/risugen
+++ b/risugen
@@ -310,6 +310,7 @@ Valid options:
Useful to test before support for FP is available.
 --sve: enable sve floating point
 --be : generate instructions in Big-Endian byte order (ppc64 only).
+--x86_64 : generate 64-bit (rather than 32-bit) x86 code.
 --help   : print this message
 EOT
 }
@@ -322,6 +323,7 @@ sub main()
 my $fp_enabled = 1;
 my $sve_enabled = 0;
 my $big_endian = 0;
+my $is_x86_64 = 0;
 my ($infile, $outfile);
 
 GetOptions( "help" => sub { usage(); exit(0); },
@@ -338,6 +340,7 @@ sub main()
 },
 "be" => sub { $big_endian = 1; },
 "no-fp" => sub { $fp_enabled = 0; },
+"x86_64" => sub { $is_x86_64 = 1; },
 "sve" => sub { $sve_enabled = 1; },
 ) or return 1;
 # allow "--pattern re,re" and "--pattern re --pattern re"
@@ -372,7 +375,8 @@ sub main()
 'keys' => \@insn_keys,
 'arch' => $full_arch[0],
 'subarch' => $full_arch[1] || '',
-'bigendian' => $big_endian
+'bigendian' => $big_endian,
+'x86_64' => $is_x86_64
 );
 
 write_test_code(\%params);
diff --git a/risugen_x86.pm b/risugen_x86.pm
new file mode 100644
index 000..879d6e1
--- /dev/null
+++ b/risugen_x86.pm
@@ -0,0 +1,455 @@
+#!/usr/bin/perl -w
+###
+# Copyright (c) 2019 Linaro Limited
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+# Jan Bobek - initial implementation
+###
+
+# risugen_x86 -- risugen module for Intel i386/x86_64 architectures
+package risugen_x86;
+
+use strict;
+use warnings;
+
+use risugen_common;
+use risugen_x86_asm;
+use risugen_x86_emit;
+
+require Exporter;
+
+our @ISA= qw(Exporter);
+our @EXPORT = qw(write_test_code);
+
+use constant {
+RISUOP_COMPARE => 0,# compare registers
+RISUOP_TESTEND => 1,# end of test, stop
+RISUOP_SETMEMBLOCK => 2,# eax is address of memory block (8192 
bytes)
+RISUOP_GETMEMBLOCK => 3,# add the address of memory block to eax
+RISUOP_COMPAREMEM  => 4,# compare memory block
+
+# Maximum alignment restriction permitted for a memory op.
+MAXALIGN => 64,
+MEMBLOCK_LEN => 8192,
+};
+
+my $periodic_reg_random = 1;
+my $is_x86_64 = 0;
+
+sub write_risuop($)
+{
+my ($op) = @_;
+
+write_insn(opcode => X86OP_UD1,
+   modrm => {mod => MOD_DIRECT,
+ reg => REG_EAX,
+ rm => $op});
+}
+
+sub write_mov_rr($$)
+{
+my ($r1, $r2) = @_;
+
+my %insn = (opcode => X86OP_MOV,
+modrm => {mod => MOD_DIRECT,
+  reg => ($r1 & 0x7),
+  rm => ($r2 & 0x7)});
+
+$insn{rex}{w} = 1 if $is_x86_64;
+$insn{rex}{r} = 1 if $r1 >= 8;
+$insn{rex}{b} = 1 if $r2 >= 8;
+
+write_insn(%insn);
+}
+
+sub write_mov_reg_imm($$)
+{
+my ($reg, $imm) = @_;
+
+my %insn = (opcode => {value => 0xB8 | ($reg & 0x7), len => 1},
+imm => {value => $imm, len => $is_x86_64 ? 8 : 4});
+
+$insn{rex}{w} = 1 if $is_x86_64;
+$insn{rex}{b} = 1 if $reg >= 8;
+
+write_insn(%insn);
+}
+
+sub write_random_regdata()
+{
+my $reg_cnt = $is_x86_64 ? 16 : 8;
+my $bitlen = $is_x86_64 ? 64 : 32;
+
+# initialize flags register
+write_insn(opcode => X86OP_XOR,
+   modrm => {mod => MOD_DIRECT,
+ reg => REG_EAX,
+ rm => REG_EAX});
+write_insn(opcode => X86OP_SAHF);
+
+# general purpose registers
+for (my $reg = 0; $reg < $reg_cnt; $reg++) {
+if ($reg != REG_ESP) {
+my $imm = randint_constr(bitlen => $bitlen, signed => 1);
+write_mov_reg_imm($reg, $imm);
+}
+}
+}
+
+sub write_random_datablock($)
+{
+my ($datalen) = @_;
+
+# Write a block of random data, $datalen bytes long, aligned
+# according to MAXALIGN, and load its address into EAX/RAX.
+
+$datalen += MAXALIGN - 1;
+
+# First, load current EIP/RIP into EAX/RAX. Easy to do on x86_64
+# thanks to 

[Qemu-devel] [RISU RFC PATCH v1 0/7] Support for generating x86 SSE/SSE2 test images

[Jan Bobek]

Hi all,

this is v1 of my changes to risugen in order to support generating x86
test images. It's still work-in-progress (thus marked RFC; notably,
there is no support for AVX yet), but I would like to get this out
there to get some early feedback on my approach.

Initially, I thought adding support for arbitrarily-long instructions
would be more or less enough for x86, but unfortunately this turned
out not to be the case; the length variation introduced by ModR/M, SIB
and displacement fields would force us to have to have at least 6
config file entries per almost every instruction, which is pretty much
unmaintainable. Instead, I drew inspiration from the "memory" blocks
in arm.risu for specifying memory constraints, and introduced "emit"
blocks for x86. Example x86 config file with SSE and SSE2 instructions
can be found in the last two commits, let me know what you think.

There are still some limitations -- besides missing (E)VEX support,
some forms of ModR/M are also not supported (mostly because it's hard
or impossible to figure out and use the correct memory address), and
the LDMXCSR instruction is currently commented out because there's no
way to specify constraints on memory contents. However, this patch
series should have enough code to demonstrate my intended general
approach, and that's what I am looking for feedback for.

Best,
 -Jan

Jan Bobek (7):
  risugen_common: add insnv, randint_constr, rand_fill
  risugen_x86_asm: add module
  risugen_x86_emit: add module
  risugen_x86: add module
  risugen: allow all byte-aligned instructions
  x86.risu: add SSE instructions
  x86.risu: add SSE2 instructions

 risugen |  15 +-
 risugen_common.pm   | 101 +-
 risugen_x86.pm  | 455 
 risugen_x86_asm.pm  | 186 ++
 risugen_x86_emit.pm |  85 +
 x86.risu| 245 
 6 files changed, 1075 insertions(+), 12 deletions(-)
 create mode 100644 risugen_x86.pm
 create mode 100644 risugen_x86_asm.pm
 create mode 100644 risugen_x86_emit.pm
 create mode 100644 x86.risu

-- 
2.20.1

[Qemu-devel] [RISU RFC PATCH v1 5/7] risugen: allow all byte-aligned instructions

[Jan Bobek]

Accept all instructions whose bit length is divisible by 8. Note that
the maximum instruction length (as specified in the config file) is 32
bits, hence this change permits instructions which are 8 bits or 24
bits long (16-bit instructions have already been considered valid).

Note that while valid x86 instructions may be up to 15 bytes long, the
length constraint described above only applies to the main opcode
field, which is usually only 1 or 2 bytes long. Therefore, the primary
purpose of this change is to allow 1-byte x86 opcodes.

Signed-off-by: Jan Bobek 
---
 risugen | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/risugen b/risugen
index 09a702a..17bf98f 100755
--- a/risugen
+++ b/risugen
@@ -229,12 +229,11 @@ sub parse_config_file($)
 push @fields, [ $var, $bitpos, $bitmask ];
 }
 }
-if ($bitpos == 16) {
-# assume this is a half-width thumb instruction
+if ($bitpos % 8 == 0) {
 # Note that we don't fiddle with the bitmasks or positions,
 # which means the generated insn will be in the high halfword!
-$insnwidth = 16;
-} elsif ($bitpos != 0) {
+$insnwidth -= $bitpos;
+} else {
 print STDERR "$file:$.: ($insn $enc) not enough bits specified\n";
 exit(1);
 }
-- 
2.20.1

[Qemu-devel] [RISU RFC PATCH v1 1/7] risugen_common: add insnv, randint_constr, rand_fill

[Jan Bobek]

Add three common utility functions:

- insnv allows emitting variable-length instructions in little-endian
  or big-endian byte order; it subsumes functionality of former
  insn16() and insn32() functions.

- randint_constr allows generating random integers according to
  several constraints passed as arguments.

- rand_fill uses randint_constr to fill a given hash with
  (optionally constrained) random values.

Signed-off-by: Jan Bobek 
---
 risugen_common.pm | 101 +++---
 1 file changed, 95 insertions(+), 6 deletions(-)

diff --git a/risugen_common.pm b/risugen_common.pm
index 71ee996..98b9170 100644
--- a/risugen_common.pm
+++ b/risugen_common.pm
@@ -23,7 +23,8 @@ BEGIN {
 require Exporter;
 
 our @ISA = qw(Exporter);
-our @EXPORT = qw(open_bin close_bin set_endian insn32 insn16 $bytecount
+our @EXPORT = qw(open_bin close_bin set_endian insn32 insn16
+   $bytecount insnv randint_constr rand_fill
progress_start progress_update progress_end
eval_with_fields is_pow_of_2 sextract ctz
dump_insn_details);
@@ -37,7 +38,7 @@ my $bigendian = 0;
 # (default is little endian, 0).
 sub set_endian
 {
-$bigendian = @_;
+($bigendian) = @_;
 }
 
 sub open_bin
@@ -52,18 +53,106 @@ sub close_bin
 close(BIN) or die "can't close output file: $!";
 }
 
+sub insnv(%)
+{
+my (%args) = @_;
+
+# Default to big-endian order, so that the instruction bytes are
+# emitted in the same order as they are written in the
+# configuration file.
+$args{bigendian} = 1 unless defined $args{bigendian};
+
+while (0 < $args{len}) {
+my $format;
+my $len;
+
+if ($args{len} >= 8) {
+$format = "Q";
+$len = 8;
+} elsif ($args{len} >= 4) {
+$format = "L";
+$len = 4;
+} elsif ($args{len} >= 2) {
+$format = "S";
+$len = 2;
+} else {
+$format = "C";
+$len = 1;
+}
+
+$format .= ($args{bigendian} ? ">" : "<") if $len > 1;
+
+my $bitlen = 8 * $len;
+my $bitmask = (1 << $bitlen) - 1;
+my $value = ($args{bigendian}
+ ? ($args{value} >> (8 * $args{len} - $bitlen))
+ : $args{value});
+
+print BIN pack($format, $value & $bitmask);
+$bytecount += $len;
+
+$args{len} -= $len;
+$args{value} >>= $bitlen unless $args{bigendian};
+}
+}
+
 sub insn32($)
 {
 my ($insn) = @_;
-print BIN pack($bigendian ? "N" : "V", $insn);
-$bytecount += 4;
+insnv(value => $insn, len => 4, bigendian => $bigendian);
 }
 
 sub insn16($)
 {
 my ($insn) = @_;
-print BIN pack($bigendian ? "n" : "v", $insn);
-$bytecount += 2;
+insnv(value => $insn, len => 2, bigendian => $bigendian);
+}
+
+sub randint_constr(%)
+{
+my (%args) = @_;
+my $bitlen = $args{bitlen};
+my $halfrange = 1 << ($bitlen - 1);
+
+while (1) {
+my $value = int(rand(2 * $halfrange));
+$value -= $halfrange if defined $args{signed} && $args{signed};
+$value &= ~$args{fixedbitmask} if defined $args{fixedbitmask};
+$value |= $args{fixedbits} if defined $args{fixedbits};
+
+if (defined $args{constraint}) {
+if (!($args{constraint} >> 63)) {
+$value = $args{constraint};
+} elsif ($value == ~$args{constraint}) {
+next;
+}
+}
+
+return $value;
+}
+}
+
+sub rand_fill($$)
+{
+my ($target, $constraints) = @_;
+
+for (keys %{$target}) {
+my %args = (bitlen => $target->{$_}{bitlen});
+
+$args{fixedbits} = $target->{$_}{fixedbits}
+if defined $target->{$_}{fixedbits};
+$args{fixedbitmask} = $target->{$_}{fixedbitmask}
+if defined $target->{$_}{fixedbitmask};
+$args{signed} = $target->{$_}{signed}
+if defined $target->{$_}{signed};
+
+$args{constraint} = $constraints->{$_}
+if defined $constraints->{$_};
+
+$target->{$_} = randint_constr(%args);
+}
+
+return $target;
 }
 
 # Progress bar implementation
-- 
2.20.1

[Qemu-devel] [RISU RFC PATCH v1 2/7] risugen_x86_asm: add module

[Jan Bobek]

The module risugen_x86_asm.pm exports several constants and the
function write_insn, which work in tandem to allow emission of x86
instructions in more clear and structured manner.

Signed-off-by: Jan Bobek 
---
 risugen_x86_asm.pm | 186 +
 1 file changed, 186 insertions(+)
 create mode 100644 risugen_x86_asm.pm

diff --git a/risugen_x86_asm.pm b/risugen_x86_asm.pm
new file mode 100644
index 000..b10d3e7
--- /dev/null
+++ b/risugen_x86_asm.pm
@@ -0,0 +1,186 @@
+#!/usr/bin/perl -w
+###
+# Copyright (c) 2019 Linaro Limited
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+# Jan Bobek - initial implementation
+###
+
+# risugen_x86_asm -- risugen_x86's helper module for x86 assembly
+package risugen_x86_asm;
+
+use strict;
+use warnings;
+
+use risugen_common;
+
+our @ISA= qw(Exporter);
+our @EXPORT = qw(
+write_insn
+REG_EAX REG_ECX REG_EDX REG_EBX REG_ESP REG_EBP REG_ESI REG_EDI
+MOD_INDIRECT MOD_INDIRECT_DISP8 MOD_INDIRECT_DISP32 MOD_DIRECT
+X86PFX_DATA16 X86PFX_REPNE X86PFX_REP
+X86OP_LEA X86OP_XOR X86OP_ALU_imm8 X86OP_MOV X86OP_SAHF X86OP_CALL
+X86OP_JMP X86OP_UD1 X86OP_MOVAPS
+);
+
+use constant {
+REG_EAX => 0,
+REG_ECX => 1,
+REG_EDX => 2,
+REG_EBX => 3,
+REG_ESP => 4,
+REG_EBP => 5,
+REG_ESI => 6,
+REG_EDI => 7,
+
+MOD_INDIRECT=> 0b00,
+MOD_INDIRECT_DISP8  => 0b01,
+MOD_INDIRECT_DISP32 => 0b10,
+MOD_DIRECT  => 0b11,
+
+X86PFX_DATA16 => {value => 0x66, len => 1},
+X86PFX_REPNE  => {value => 0xF2, len => 1},
+X86PFX_REP=> {value => 0xF3, len => 1},
+
+X86OP_LEA  => {value => 0x8D, len => 1},
+X86OP_XOR  => {value => 0x33, len => 1},
+X86OP_ALU_imm8 => {value => 0x83, len => 1},
+X86OP_MOV  => {value => 0x8B, len => 1},
+X86OP_SAHF => {value => 0x9E, len => 1},
+X86OP_CALL => {value => 0xE8, len => 1},
+X86OP_JMP  => {value => 0xE9, len => 1},
+
+X86OP_UD1  => {value => 0x0FB9, len => 2},
+X86OP_MOVAPS   => {value => 0x0F28, len => 2},
+};
+
+sub rex_encode(%)
+{
+my (%args) = @_;
+
+$args{w} = 0 unless defined $args{w};
+$args{r} = 0 unless defined $args{w};
+$args{x} = 0 unless defined $args{w};
+$args{b} = 0 unless defined $args{w};
+
+return (value => 0x40
+| (($args{w} ? 1 : 0) << 3)
+| (($args{r} ? 1 : 0) << 2)
+| (($args{x} ? 1 : 0) << 1)
+| ($args{b} ? 1 : 0),
+len => 1);
+}
+
+sub modrm_encode(%)
+{
+my (%args) = @_;
+
+die "MOD field out-of-range: $args{mod}"
+unless 0 <= $args{mod} && $args{mod} <= 3;
+die "REG field out-of-range: $args{reg}"
+unless 0 <= $args{reg} && $args{reg} <= 7;
+die "RM field out-of-range: $args{rm}"
+unless 0 <= $args{rm} && $args{rm} <= 7;
+
+return (value =>
+($args{mod} << 6)
+| ($args{reg} << 3)
+| $args{rm},
+len => 1);
+}
+
+sub sib_encode(%)
+{
+my (%args) = @_;
+
+die "SS field out-of-range: $args{ss}"
+unless 0 <= $args{ss} && $args{ss} <= 3;
+die "INDEX field out-of-range: $args{index}"
+unless 0 <= $args{index} && $args{index} <= 7;
+die "BASE field out-of-range: $args{base}"
+unless 0 <= $args{base} && $args{base} <= 7;
+
+return (value =>
+($args{ss} << 6)
+| ($args{index} << 3)
+| $args{base},
+len => 1);
+}
+
+sub write_insn(%)
+{
+my (%insn) = @_;
+
+my @tokens;
+push @tokens, "EVEX"   if defined $insn{evex};
+push @tokens, "VEX"if defined $insn{vex};
+push @tokens, "REP"if defined $insn{rep};
+push @tokens, "REPNE"  if defined $insn{repne};
+push @tokens, "DATA16" if defined $insn{data16};
+push @tokens, "REX"if defined $insn{rex};
+push @tokens, "OP" if defined $insn{opcode};
+push @tokens, "MODRM"  if defined $insn{modrm};
+push @tokens, "SIB"if defined $insn{sib};
+push @tokens, "DISP"   if defined $insn{disp};
+push @tokens, "IMM"if defined $insn{imm};
+push @tokens, "END";
+
+# (EVEX | VEX | ((REP | REPNE)? DATA16? REX?)) OP (MODRM SIB? DISP?)? IMM? 
END
+
+my $token = shift @tokens;
+if ($token eq "EVEX") {
+insnv(evex_encode(%{$insn{evex}}));
+$token = shift @tokens;
+} elsif ($token eq "VEX") {
+insnv(vex_encode(%{$insn{vex}}));
+$token = shift @tokens;
+} else {
+if ($token eq "REP") {
+insnv(%{_REP});
+$token = shift @tokens;
+ 

[Qemu-devel] [RISU RFC PATCH v1 6/7] x86.risu: add SSE instructions

[Jan Bobek]

Add an x86 configuration file with all SSE instructions.

Signed-off-by: Jan Bobek 
---
 x86.risu | 99 
 1 file changed, 99 insertions(+)
 create mode 100644 x86.risu

diff --git a/x86.risu b/x86.risu
new file mode 100644
index 000..cc40bbc
--- /dev/null
+++ b/x86.risu
@@ -0,0 +1,99 @@
+###
+# Copyright (c) 2019 Linaro Limited
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+# Jan Bobek - initial implementation
+###
+
+# Input file for risugen defining x86 instructions
+.mode x86
+
+# SSE Data Transfer Instructions
+MOVUPS  SSE  0001000 d !emit { modrm(); mem(size => 16); }
+MOVSS   SSE  0001000 d !emit { rep(); modrm(); mem(size => 
4); }
+MOVHLPS SSE  00010010  !emit { modrm(mod => MOD_DIRECT); }
+MOVLPS  SSE  0001001 d !emit { modrm(mod => ~MOD_DIRECT); 
mem(size => 8); }
+MOVLHPS SSE  00010110  !emit { modrm(mod => MOD_DIRECT); }
+MOVHPS  SSE  0001011 d !emit { modrm(mod => ~MOD_DIRECT); 
mem(size => 8); }
+MOVAPS  SSE  0010100 d !emit { modrm(); mem(size => 16, 
align => 16); }
+MOVMSKPSSSE  0101  !emit { modrm(mod => MOD_DIRECT, 
reg => ~REG_ESP); }
+
+# SSE Packed Arithmetic Instructions
+ADDPS   SSE  01011000 !emit { modrm(); mem(size => 16, 
align => 16); }
+ADDSS   SSE  01011000 !emit { rep(); modrm(); mem(size => 
4); }
+SUBPS   SSE  01011100 !emit { modrm(); mem(size => 16, 
align => 16); }
+SUBSS   SSE  01011100 !emit { rep(); modrm(); mem(size => 
4); }
+MULPS   SSE  01011001 !emit { modrm(); mem(size => 16, 
align => 16); }
+MULSS   SSE  01011001 !emit { rep(); modrm(); mem(size => 
4); }
+DIVPS   SSE  0100 !emit { modrm(); mem(size => 16, 
align => 16); }
+DIVSS   SSE  0100 !emit { rep(); modrm(); mem(size => 
4); }
+RCPPS   SSE  01010011 !emit { modrm(); mem(size => 16, 
align => 16); }
+RCPSS   SSE  01010011 !emit { rep(); modrm(); mem(size => 
4); }
+SQRTPS  SSE  01010001 !emit { modrm(); mem(size => 16, 
align => 16); }
+SQRTSS  SSE  01010001 !emit { rep(); modrm(); mem(size => 
4); }
+RSQRTPS SSE  01010010 !emit { modrm(); mem(size => 16, 
align => 16); }
+RSQRTSS SSE  01010010 !emit { rep(); modrm(); mem(size => 
4); }
+MINPS   SSE  01011101 !emit { modrm(); mem(size => 16, 
align => 16); }
+MINSS   SSE  01011101 !emit { rep(); modrm(); mem(size => 
4); }
+MAXPS   SSE  0101 !emit { modrm(); mem(size => 16, 
align => 16); }
+MAXSS   SSE  0101 !emit { rep(); modrm(); mem(size => 
4); }
+
+# SSE Comparison Instructions
+CMPPS   SSE  1110 !emit { modrm(); mem(size => 16, 
align => 16); imm(size => 1); }
+CMPSS   SSE  1110 !emit { rep(); modrm(); mem(size => 
4); imm(size => 1); }
+UCOMISS SSE  00101110 !emit { modrm(); mem(size => 4); }
+COMISS  SSE  0010 !emit { modrm(); mem(size => 4); }
+
+# SSE Logical Instructions
+ANDPS   SSE  01010100 !emit { modrm(); mem(size => 16, 
align => 16); }
+ANDNPS  SSE  01010101 !emit { modrm(); mem(size => 16, 
align => 16); }
+ORPSSSE  01010110 !emit { modrm(); mem(size => 16, 
align => 16); }
+XORPS   SSE  01010111 !emit { modrm(); mem(size => 16, 
align => 16); }
+
+# SSE Shuffle and Unpack Instructions
+SHUFPS  SSE  11000110 !emit { modrm(); mem(size => 16, 
align => 16); imm(size => 1); }
+UNPCKLPSSSE  00010100 !emit { modrm(); mem(size => 16, 
align => 16); }
+UNPCKHPSSSE  00010101 !emit { modrm(); mem(size => 16, 
align => 16); }
+
+# SSE Conversion Instructions
+CVTPI2PSSSE  00101010 !emit { modrm(); mem(size => 8); }
+CVTSI2SSSSE  00101010 !emit { rep(); modrm(); mem(size => 
4); }
+CVTSI2SS_64 SSE  00101010 !emit { rep(); rex(w => 1); modrm(); 
mem(size => 8); }
+CVTPS2PISSE  00101101 !emit { modrm(); mem(size => 8); }
+CVTSS2SISSE  00101101 !emit { rep(); modrm(reg => 
~REG_ESP); mem(size => 4); }
+CVTSS2SI_64 SSE  00101101 !emit { rep(); rex(w 

[Qemu-devel] [RISU RFC PATCH v1 3/7] risugen_x86_emit: add module

[Jan Bobek]

The helper module risugen_x86_emit.pm exports a single function
"parse_emitblock", which serves to capture and return instruction
constraints described by "emit" blocks in an x86 configuration file.

Signed-off-by: Jan Bobek 
---
 risugen |  2 +-
 risugen_x86_emit.pm | 85 +
 2 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 risugen_x86_emit.pm

diff --git a/risugen b/risugen
index e690b18..fe3d00e 100755
--- a/risugen
+++ b/risugen
@@ -43,7 +43,7 @@ my @pattern_re = ();# include pattern
 my @not_pattern_re = ();# exclude pattern
 
 # Valid block names (keys in blocks hash)
-my %valid_blockname = ( constraints => 1, memory => 1 );
+my %valid_blockname = ( constraints => 1, memory => 1, emit => 1 );
 
 sub parse_risu_directive($$@)
 {
diff --git a/risugen_x86_emit.pm b/risugen_x86_emit.pm
new file mode 100644
index 000..0e3cc1c
--- /dev/null
+++ b/risugen_x86_emit.pm
@@ -0,0 +1,85 @@
+#!/usr/bin/perl -w
+###
+# Copyright (c) 2019 Linaro Limited
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# Contributors:
+# Jan Bobek - initial implementation
+###
+
+# risugen_x86_emit -- risugen_x86's helper module for emit blocks
+package risugen_x86_emit;
+
+use strict;
+use warnings;
+
+use risugen_common;
+use risugen_x86_asm;
+
+our @ISA= qw(Exporter);
+our @EXPORT = qw(parse_emitblock);
+
+my $emit_opts;
+
+sub rep(%)
+{
+my (%opts) = @_;
+$emit_opts->{rep} = \%opts;
+}
+
+sub repne(%)
+{
+my (%opts) = @_;
+$emit_opts->{repne} = \%opts;
+}
+
+sub data16(%)
+{
+my (%opts) = @_;
+$emit_opts->{data16} = \%opts;
+}
+
+sub rex(%)
+{
+my (%opts) = @_;
+$emit_opts->{rex} = \%opts;
+}
+
+sub modrm(%)
+{
+my (%opts) = @_;
+$emit_opts->{modrm} = \%opts;
+}
+
+sub mem(%)
+{
+my (%opts) = @_;
+$emit_opts->{mem} = \%opts;
+}
+
+sub imm(%)
+{
+my (%opts) = @_;
+$emit_opts->{imm} = \%opts;
+}
+
+sub parse_emitblock($$)
+{
+my ($rec, $insn) = @_;
+my $insnname = $rec->{name};
+my $opcode = $insn->{opcode}{value};
+
+$emit_opts = {};
+
+my $emitblock = $rec->{blocks}{"emit"};
+if (defined $emitblock) {
+eval_with_fields($insnname, $opcode, $rec, "emit", $emitblock);
+}
+
+return $emit_opts;
+}
+
+1;
-- 
2.20.1

[Qemu-devel] [PATCH v3 6/6] hw/arm: Add the Netduino Plus 2

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
 MAINTAINERS|  6 ++
 hw/arm/Kconfig |  3 +++
 hw/arm/Makefile.objs   |  1 +
 hw/arm/netduinoplus2.c | 58 ++
 4 files changed, 68 insertions(+)
 create mode 100644 hw/arm/netduinoplus2.c

diff --git a/MAINTAINERS b/MAINTAINERS
index f917f3e693..243b6b1460 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -820,6 +820,12 @@ M: Peter Maydell 
 S: Maintained
 F: hw/arm/netduino2.c
 
+Netduino Plus 2
+M: Alistair Francis 
+M: Peter Maydell 
+S: Maintained
+F: hw/arm/netduinoplus2.c
+
 SmartFusion2
 M: Subbaraya Sundeep 
 M: Peter Maydell 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 65a0923afe..43e6e0c587 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -99,6 +99,9 @@ config NETDUINOPLUS2
 bool
 select STM32F405_SOC
 
+config NETDUINOPLUS2
+bool
+
 config NSERIES
 bool
 select OMAP
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 4436c2e93e..75726540bc 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -11,6 +11,7 @@ obj-$(CONFIG_MAINSTONE) += mainstone.o
 obj-$(CONFIG_MICROBIT) += microbit.o
 obj-$(CONFIG_MUSICPAL) += musicpal.o
 obj-$(CONFIG_NETDUINO2) += netduino2.o
+obj-$(CONFIG_NETDUINOPLUS2) += netduinoplus2.o
 obj-$(CONFIG_NSERIES) += nseries.o
 obj-$(CONFIG_SX1) += omap_sx1.o
 obj-$(CONFIG_CHEETAH) += palm.o
diff --git a/hw/arm/netduinoplus2.c b/hw/arm/netduinoplus2.c
new file mode 100644
index 00..4a75da8543
--- /dev/null
+++ b/hw/arm/netduinoplus2.c
@@ -0,0 +1,58 @@
+/*
+ * Netduino Plus 2 Machine Model
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/boards.h"
+#include "qemu/error-report.h"
+#include "hw/arm/stm32f405_soc.h"
+#include "hw/arm/boot.h"
+
+static void netduinoplus2_init(MachineState *machine)
+{
+DeviceState *dev;
+uint32_t kernel_entry;
+
+dev = qdev_create(NULL, TYPE_STM32F405_SOC);
+qdev_prop_set_string(dev, "cpu-type", ARM_CPU_TYPE_NAME("cortex-m4"));
+object_property_set_bool(OBJECT(dev), true, "realized", _fatal);
+
+kernel_entry = armv7m_load_kernel(ARM_CPU(first_cpu),
+  machine->kernel_filename,
+  FLASH_SIZE);
+
+object_property_set_int(OBJECT(first_cpu), kernel_entry,
+"init-entry", _fatal);
+object_property_set_int(OBJECT(first_cpu),
+SRAM_BASE_ADDRESS + (SRAM_SIZE * 2) / 3,
+"init-sp", _fatal);
+}
+
+static void netduinoplus2_machine_init(MachineClass *mc)
+{
+mc->desc = "Netduino Plus 2 Machine";
+mc->init = netduinoplus2_init;
+}
+
+DEFINE_MACHINE("netduinoplus2", netduinoplus2_machine_init)
-- 
2.11.0

[Qemu-devel] [PATCH v3 5/6] hw/arm: Add the STM32F4xx SoC

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 MAINTAINERS|   8 ++
 hw/arm/Kconfig |   3 +
 hw/arm/Makefile.objs   |   1 +
 hw/arm/stm32f405_soc.c | 301 +
 include/hw/arm/stm32f405_soc.h |  73 ++
 5 files changed, 386 insertions(+)
 create mode 100644 hw/arm/stm32f405_soc.c
 create mode 100644 include/hw/arm/stm32f405_soc.h

diff --git a/MAINTAINERS b/MAINTAINERS
index d32c5c2313..f917f3e693 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -806,6 +806,14 @@ F: hw/adc/*
 F: hw/ssi/stm32f2xx_spi.c
 F: include/hw/*/stm32*.h
 
+STM32F405
+M: Alistair Francis 
+M: Peter Maydell 
+S: Maintained
+F: hw/arm/stm32f405_soc.c
+F: hw/misc/stm32f4xx_syscfg.c
+F: hw/misc/stm32f4xx_exti.c
+
 Netduino 2
 M: Alistair Francis 
 M: Peter Maydell 
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 25a98bf3de..65a0923afe 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -294,6 +294,9 @@ config STM32F405_SOC
 select STM32F4XX_SYSCFG
 select STM32F4XX_EXTI
 
+config STM32F405_SOC
+bool
+
 config XLNX_ZYNQMP_ARM
 bool
 select AHCI
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 994e67dd0d..4436c2e93e 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -35,6 +35,7 @@ obj-$(CONFIG_STRONGARM) += strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
+obj-$(CONFIG_STM32F405_SOC) += stm32f405_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o
 obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c
new file mode 100644
index 00..498bc1192c
--- /dev/null
+++ b/hw/arm/stm32f405_soc.c
@@ -0,0 +1,301 @@
+/*
+ * STM32F405 SoC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/stm32f405_soc.h"
+#include "hw/misc/unimp.h"
+
+#define SYSCFG_ADD 0x40013800
+static const uint32_t usart_addr[] = { 0x40011000, 0x40004400, 0x40004800,
+   0x40004C00, 0x40005000, 0x40011400,
+   0x40007800, 0x40007C00 };
+/* At the moment only Timer 2 to 5 are modelled */
+static const uint32_t timer_addr[] = { 0x4000, 0x4400,
+   0x4800, 0x4C00 };
+#define ADC_ADDR   0x40012000
+static const uint32_t spi_addr[] =   { 0x40013000, 0x40003800, 0x40003C00,
+   0x40013400, 0x40015000, 0x40015400 };
+#define EXTI_ADDR  0x40013C00
+
+#define SYSCFG_IRQ   71
+static const int usart_irq[] = { 37, 38, 39, 52, 53, 71, 82, 83 };
+static const int timer_irq[] = { 28, 29, 30, 50 };
+#define ADC_IRQ 18
+static const int spi_irq[] =   { 35, 36, 51, 0, 0, 0 };
+static const int exti_irq[] =  { 6, 7, 8, 9, 10, 23, 23, 23, 23, 23, 40,
+ 40, 40, 40, 40, 40} ;
+
+
+static void stm32f405_soc_initfn(Object *obj)
+{
+STM32F405State *s = STM32F405_SOC(obj);
+int i;
+
+sysbus_init_child_obj(obj, "armv7m", >armv7m, sizeof(s->armv7m),
+  TYPE_ARMV7M);
+
+sysbus_init_child_obj(obj, "syscfg", >syscfg, sizeof(s->syscfg),
+  TYPE_STM32F4XX_SYSCFG);
+
+for (i = 0; i < STM_NUM_USARTS; i++) {
+sysbus_init_child_obj(obj, "usart[*]", >usart[i],
+  sizeof(s->usart[i]), TYPE_STM32F2XX_USART);
+}
+
+for (i = 0; i < STM_NUM_TIMERS; i++) {
+sysbus_init_child_obj(obj, "timer[*]", >timer[i],
+   

[Qemu-devel] [PATCH v3 3/6] hw/misc: Add the STM32F4xx Sysconfig device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak|   1 +
 hw/arm/Kconfig |   9 ++
 hw/misc/Kconfig|   3 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f4xx_syscfg.c | 168 +
 hw/misc/trace-events   |   6 ++
 include/hw/misc/stm32f4xx_syscfg.h |  61 ++
 7 files changed, 249 insertions(+)
 create mode 100644 hw/misc/stm32f4xx_syscfg.c
 create mode 100644 include/hw/misc/stm32f4xx_syscfg.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 1f2e0e7fde..645e6201bb 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -30,6 +30,7 @@ CONFIG_Z2=y
 CONFIG_COLLIE=y
 CONFIG_ASPEED_SOC=y
 CONFIG_NETDUINO2=y
+CONFIG_NETDUINOPLUS2=y
 CONFIG_MPS2=y
 CONFIG_RASPI=y
 CONFIG_DIGIC=y
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 9aced9d54d..c8d0ec997d 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -95,6 +95,10 @@ config NETDUINO2
 bool
 select STM32F205_SOC
 
+config NETDUINOPLUS2
+bool
+select STM32F405_SOC
+
 config NSERIES
 bool
 select OMAP
@@ -284,6 +288,11 @@ config STM32F205_SOC
 select STM32F2XX_ADC
 select STM32F2XX_SPI
 
+config STM32F405_SOC
+bool
+select ARM_V7M
+select STM32F4XX_SYSCFG
+
 config XLNX_ZYNQMP_ARM
 bool
 select AHCI
diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index 385e1b0cec..14fb04558a 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -82,6 +82,9 @@ config IMX
 config STM32F2XX_SYSCFG
 bool
 
+config STM32F4XX_SYSCFG
+bool
+
 config MIPS_ITU
 bool
 
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 77b9df9796..d74c576072 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -57,6 +57,7 @@ obj-$(CONFIG_SLAVIO) += slavio_misc.o
 obj-$(CONFIG_ZYNQ) += zynq_slcr.o
 obj-$(CONFIG_ZYNQ) += zynq-xadc.o
 obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
+obj-$(CONFIG_STM32F4XX_SYSCFG) += stm32f4xx_syscfg.o
 obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o
 obj-$(CONFIG_MIPS_CPS) += mips_cpc.o
 obj-$(CONFIG_MIPS_ITU) += mips_itu.o
diff --git a/hw/misc/stm32f4xx_syscfg.c b/hw/misc/stm32f4xx_syscfg.c
new file mode 100644
index 00..b34fb34885
--- /dev/null
+++ b/hw/misc/stm32f4xx_syscfg.c
@@ -0,0 +1,168 @@
+/*
+ * STM32F4xx SYSCFG
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "trace.h"
+#include "hw/misc/stm32f4xx_syscfg.h"
+
+static void stm32f4xx_syscfg_reset(DeviceState *dev)
+{
+STM32F4xxSyscfgState *s = STM32F4XX_SYSCFG(dev);
+
+s->syscfg_memrmp = 0x;
+s->syscfg_pmc = 0x;
+s->syscfg_exticr[0] = 0x;
+s->syscfg_exticr[1] = 0x;
+s->syscfg_exticr[2] = 0x;
+s->syscfg_exticr[3] = 0x;
+s->syscfg_cmpcr = 0x;
+}
+
+static void stm32f4xx_syscfg_set_irq(void *opaque, int irq, int level)
+{
+STM32F4xxSyscfgState *s = opaque;
+int icrreg = irq / 4;
+int startbit = (irq & 3) * 4;
+uint8_t config = config = irq / 16;
+
+trace_stm32f4xx_syscfg_set_irq(irq / 16, irq % 16, level);
+
+g_assert(icrreg < SYSCFG_NUM_EXTICR);
+
+if (extract32(s->syscfg_exticr[icrreg], startbit, 4) == config) {
+   qemu_set_irq(s->gpio_out[irq], level);
+   trace_stm32f4xx_pulse_exti(irq);
+   }
+}
+
+static uint64_t stm32f4xx_syscfg_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F4xxSyscfgState *s = opaque;
+
+trace_stm32f4xx_syscfg_read(addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+return s->syscfg_memrmp;
+case SYSCFG_PMC:
+return s->syscfg_pmc;
+case SYSCFG_EXTICR1...SYSCFG_EXTICR4:
+return s->syscfg_exticr[addr / 4 - SYSCFG_EXTICR1 / 4];
+  

[Qemu-devel] [PATCH v3 4/6] hw/misc: Add the STM32F4xx EXTI device

[Alistair Francis]

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
 hw/arm/Kconfig   |   1 +
 hw/misc/Kconfig  |   3 +
 hw/misc/Makefile.objs|   1 +
 hw/misc/stm32f4xx_exti.c | 187 +++
 hw/misc/trace-events |   5 ++
 include/hw/misc/stm32f4xx_exti.h |  60 +
 6 files changed, 257 insertions(+)
 create mode 100644 hw/misc/stm32f4xx_exti.c
 create mode 100644 include/hw/misc/stm32f4xx_exti.h

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index c8d0ec997d..25a98bf3de 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -292,6 +292,7 @@ config STM32F405_SOC
 bool
 select ARM_V7M
 select STM32F4XX_SYSCFG
+select STM32F4XX_EXTI
 
 config XLNX_ZYNQMP_ARM
 bool
diff --git a/hw/misc/Kconfig b/hw/misc/Kconfig
index 14fb04558a..1ece536f79 100644
--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@@ -85,6 +85,9 @@ config STM32F2XX_SYSCFG
 config STM32F4XX_SYSCFG
 bool
 
+config STM32F4XX_EXTI
+bool
+
 config MIPS_ITU
 bool
 
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index d74c576072..af7a47e914 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -58,6 +58,7 @@ obj-$(CONFIG_ZYNQ) += zynq_slcr.o
 obj-$(CONFIG_ZYNQ) += zynq-xadc.o
 obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
 obj-$(CONFIG_STM32F4XX_SYSCFG) += stm32f4xx_syscfg.o
+obj-$(CONFIG_STM32F4XX_EXTI) += stm32f4xx_exti.o
 obj-$(CONFIG_MIPS_CPS) += mips_cmgcr.o
 obj-$(CONFIG_MIPS_CPS) += mips_cpc.o
 obj-$(CONFIG_MIPS_ITU) += mips_itu.o
diff --git a/hw/misc/stm32f4xx_exti.c b/hw/misc/stm32f4xx_exti.c
new file mode 100644
index 00..04ac82ae26
--- /dev/null
+++ b/hw/misc/stm32f4xx_exti.c
@@ -0,0 +1,187 @@
+/*
+ * STM32F4XX EXTI
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "trace.h"
+#include "hw/misc/stm32f4xx_exti.h"
+
+static void stm32f4xx_exti_reset(DeviceState *dev)
+{
+STM32F4xxExtiState *s = STM32F4XX_EXTI(dev);
+
+s->exti_imr = 0x;
+s->exti_emr = 0x;
+s->exti_rtsr = 0x;
+s->exti_ftsr = 0x;
+s->exti_swier = 0x;
+s->exti_pr = 0x;
+}
+
+static void stm32f4xx_exti_set_irq(void *opaque, int irq, int level)
+{
+STM32F4xxExtiState *s = opaque;
+
+if (!((1 << irq) & s->exti_imr)) {
+/* Interrupt is masked */
+return;
+}
+
+trace_stm32f4xx_exti_set_irq(irq, level);
+
+if (((1 << irq) & s->exti_rtsr) && level) {
+/* Rising Edge */
+qemu_irq_pulse(s->irq[irq]);
+s->exti_pr |= 1 << irq;
+}
+
+if (((1 << irq) & s->exti_ftsr) && !level) {
+/* Falling Edge */
+qemu_irq_pulse(s->irq[irq]);
+s->exti_pr |= 1 << irq;
+}
+}
+
+static uint64_t stm32f4xx_exti_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F4xxExtiState *s = opaque;
+
+trace_stm32f4xx_exti_read(addr);
+
+switch (addr) {
+case EXTI_IMR:
+return s->exti_imr;
+case EXTI_EMR:
+return s->exti_emr;
+case EXTI_RTSR:
+return s->exti_rtsr;
+case EXTI_FTSR:
+return s->exti_ftsr;
+case EXTI_SWIER:
+return s->exti_swier;
+case EXTI_PR:
+return s->exti_pr;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "STM32F4XX_exti_read: Bad offset %x\n", (int)addr);
+return 0;
+}
+return 0;
+}
+
+static void stm32f4xx_exti_write(void *opaque, hwaddr addr,
+   uint64_t val64, unsigned int size)
+{
+STM32F4xxExtiState *s = opaque;
+uint32_t value = (uint32_t) val64;
+
+trace_stm32f4xx_exti_write(addr, value);
+
+switch (addr) {
+case EXTI_IMR:
+s->exti_imr = value;
+return;
+case EXTI_EMR:
+s->exti_emr = value;
+ 

[Qemu-devel] [PATCH v3 1/6] armv7m: Allow entry information to be returned

[Alistair Francis]

Allow the kernel's entry point information to be returned when loading a
kernel.

Signed-off-by: Alistair Francis 
---
 hw/arm/armv7m.c   | 4 +++-
 include/hw/arm/boot.h | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index b9efad6bac..8ee6291a47 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -304,7 +304,7 @@ static void armv7m_reset(void *opaque)
 cpu_reset(CPU(cpu));
 }
 
-void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int mem_size)
+uint64_t armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int 
mem_size)
 {
 int image_size;
 uint64_t entry;
@@ -351,6 +351,8 @@ void armv7m_load_kernel(ARMCPU *cpu, const char 
*kernel_filename, int mem_size)
  * board must call this function!
  */
 qemu_register_reset(armv7m_reset, cpu);
+
+return entry;
 }
 
 static Property bitband_properties[] = {
diff --git a/include/hw/arm/boot.h b/include/hw/arm/boot.h
index c48cc4c2bc..4e4db0416c 100644
--- a/include/hw/arm/boot.h
+++ b/include/hw/arm/boot.h
@@ -29,11 +29,13 @@ typedef enum {
  * @kernel_filename: file to load
  * @mem_size: mem_size: maximum image size to load
  *
+ * returns: location of the kernel's entry point
+ *
  * Load the guest image for an ARMv7M system. This must be called by
  * any ARMv7M board. (This is necessary to ensure that the CPU resets
  * correctly on system reset, as well as for kernel loading.)
  */
-void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int 
mem_size);
+uint64_t armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int 
mem_size);
 
 /* arm_boot.c */
 struct arm_boot_info {
-- 
2.11.0

[Qemu-devel] [PATCH v3 0/6] Add the STM32F405 and Netduino Plus 2 machine

[Alistair Francis]

Now that the Arm-M4 CPU has been added to QEMU we can add the Netduino
Plus 2 machine. This is very similar to the STM32F205 and Netduino 2 SoC
and machine.

v3:
 - Remove custom reset handler
 - Add init-entry and init-sp properties
 - Rebase on master (including Kconfig changes)
v2:
 - Reorder patchset
 - Return the kernel entry point instead of using a pointer
 - Address Peter's comments


Alistair Francis (6):
  armv7m: Allow entry information to be returned
  target/arm: Allow setting M mode entry and sp
  hw/misc: Add the STM32F4xx Sysconfig device
  hw/misc: Add the STM32F4xx EXTI device
  hw/arm: Add the STM32F4xx SoC
  hw/arm: Add the Netduino Plus 2

 MAINTAINERS|  14 ++
 default-configs/arm-softmmu.mak|   1 +
 hw/arm/Kconfig |  16 ++
 hw/arm/Makefile.objs   |   2 +
 hw/arm/armv7m.c|   4 +-
 hw/arm/netduinoplus2.c |  58 +++
 hw/arm/stm32f405_soc.c | 301 +
 hw/misc/Kconfig|   6 +
 hw/misc/Makefile.objs  |   2 +
 hw/misc/stm32f4xx_exti.c   | 187 +++
 hw/misc/stm32f4xx_syscfg.c | 168 +
 hw/misc/trace-events   |  11 ++
 include/hw/arm/boot.h  |   4 +-
 include/hw/arm/stm32f405_soc.h |  73 +
 include/hw/misc/stm32f4xx_exti.h   |  60 
 include/hw/misc/stm32f4xx_syscfg.h |  61 
 target/arm/cpu.c   |  47 ++
 target/arm/cpu.h   |   3 +
 18 files changed, 1016 insertions(+), 2 deletions(-)
 create mode 100644 hw/arm/netduinoplus2.c
 create mode 100644 hw/arm/stm32f405_soc.c
 create mode 100644 hw/misc/stm32f4xx_exti.c
 create mode 100644 hw/misc/stm32f4xx_syscfg.c
 create mode 100644 include/hw/arm/stm32f405_soc.h
 create mode 100644 include/hw/misc/stm32f4xx_exti.h
 create mode 100644 include/hw/misc/stm32f4xx_syscfg.h

-- 
2.11.0

[Qemu-devel] [PATCH v3 2/6] target/arm: Allow setting M mode entry and sp

[Alistair Francis]

Add M mode initial entry PC and SP properties.

Signed-off-by: Alistair Francis 
---
 target/arm/cpu.c | 47 +++
 target/arm/cpu.h |  3 +++
 2 files changed, 50 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 376db154f0..1d83972ab1 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -301,6 +301,9 @@ static void arm_cpu_reset(CPUState *s)
  */
 initial_msp = ldl_p(rom);
 initial_pc = ldl_p(rom + 4);
+} else if (cpu->init_sp || cpu->init_entry) {
+initial_msp = cpu->init_sp;
+initial_pc = cpu->init_entry;
 } else {
 /* Address zero not covered by a ROM blob, or the ROM blob
  * is in non-modifiable memory and this is a second reset after
@@ -801,6 +804,38 @@ static void arm_set_init_svtor(Object *obj, Visitor *v, 
const char *name,
 visit_type_uint32(v, name, >init_svtor, errp);
 }
 
+static void arm_get_init_sp(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+visit_type_uint32(v, name, >init_sp, errp);
+}
+
+static void arm_set_init_sp(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+visit_type_uint32(v, name, >init_sp, errp);
+}
+
+static void arm_get_init_entry(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+visit_type_uint32(v, name, >init_entry, errp);
+}
+
+static void arm_set_init_entry(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+visit_type_uint32(v, name, >init_entry, errp);
+}
+
 void arm_cpu_post_init(Object *obj)
 {
 ARMCPU *cpu = ARM_CPU(obj);
@@ -913,6 +948,18 @@ void arm_cpu_post_init(Object *obj)
 object_property_add(obj, "init-svtor", "uint32",
 arm_get_init_svtor, arm_set_init_svtor,
 NULL, NULL, _abort);
+} else {
+/*
+ * M profile: initial value of the SP and entry. We can't just use
+ * a simple DEFINE_PROP_UINT32 for this because we want to permit
+ * the property to be set after realize.
+ */
+object_property_add(obj, "init-sp", "uint32",
+arm_get_init_sp, arm_set_init_sp,
+NULL, NULL, _abort);
+object_property_add(obj, "init-entry", "uint32",
+arm_get_init_entry, arm_set_init_entry,
+NULL, NULL, _abort);
 }
 
 qdev_property_add_static(DEVICE(obj), _cpu_cfgend_property,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index f9da672be5..290fac19d3 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -805,6 +805,9 @@ struct ARMCPU {
  */
 uint32_t psci_conduit;
 
+/* For M, initial value of the entry and SP */
+uint32_t init_sp, init_entry;
+
 /* For v8M, initial value of the Secure VTOR */
 uint32_t init_svtor;
 
-- 
2.11.0

Re: [Qemu-devel] Recent python-sphinx errors out building doc

[Bruce Rogers]

>>> On 6/18/2019 at 6:11 PM, John Snow  wrote:

> 
> On 6/18/19 7:37 PM, Bruce Rogers wrote:
>> Hi,
>> 
>> (Resent with correct address for John)
>> I build recent upstream qemu in the openSUSE Build Service, and for
>> the Factory repository there, python-sphinx was recently updated to
>> version 2.1.1. This caused the build to fail as follows:
>> /home/abuild/rpmbuild/BUILD/qemu-4.0.50/docs/interop/bitmaps.rst:202:Could
>> not lex literal_block as "json". Highlighting skipped.
>> 
>> The python-sphinx tools is called with warnings are treated as errors
>> it looks like. I don't know much at all about this tool, and hopefully
>> someone knows what to fix here. If you want to give me a pointer
>> on what needs to change, I could give a go at doing a fix however.
>> 
>> Thanks,
>> 
>> Bruce
> 
> Hi, there's a series designed to fix this:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg00348.html 
> 
> I think it's up to Peter to merge it as the maintainer of the Sphinx
> machinery.

Yup, this series fixes it for me. Thanks!

Bruce

Re: [Qemu-devel] [PATCH v3 07/50] plugin: add user-facing API

[Pranith Kumar]

On Fri, Jun 14, 2019 at 10:24 AM Alex Bennée  wrote:
>
> From: "Emilio G. Cota" 
>
> Add the API first to ease review.
>
> Signed-off-by: Emilio G. Cota 
> Signed-off-by: Alex Bennée 
>
> ---
> v3
>   - merge in changes to plugin install/reset/uninstall
>   - split api file
> ---
>  include/qemu/qemu-plugin.h | 339 +
>  1 file changed, 339 insertions(+)
>  create mode 100644 include/qemu/qemu-plugin.h
>
> diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
> new file mode 100644
> index 00..0db1ef9714
> --- /dev/null
> +++ b/include/qemu/qemu-plugin.h
> @@ -0,0 +1,339 @@
> +/*
> + * Copyright (C) 2017, Emilio G. Cota 
> + * Copyright (C) 2019, Linaro
> + *
> + * License: GNU GPL, version 2 or later.
> + *   See the COPYING file in the top-level directory.
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +#ifndef QEMU_PLUGIN_API_H
> +#define QEMU_PLUGIN_API_H
> +
> +#include 
> +#include 
> +
> +/*
> + * For best performance, build the plugin with -fvisibility=hidden so that
> + * QEMU_PLUGIN_LOCAL is implicit. Then, just mark qemu_plugin_install with
> + * QEMU_PLUGIN_EXPORT. For more info, see
> + *   https://gcc.gnu.org/wiki/Visibility
> + */
> +#if defined _WIN32 || defined __CYGWIN__
> +  #ifdef BUILDING_DLL
> +#define QEMU_PLUGIN_EXPORT __declspec(dllexport)
> +  #else
> +#define QEMU_PLUGIN_EXPORT __declspec(dllimport)
> +  #endif
> +  #define QEMU_PLUGIN_LOCAL
> +#else
> +  #if __GNUC__ >= 4
> +#define QEMU_PLUGIN_EXPORT __attribute__((visibility("default")))
> +#define QEMU_PLUGIN_LOCAL  __attribute__((visibility("hidden")))
> +  #else
> +#define QEMU_PLUGIN_EXPORT
> +#define QEMU_PLUGIN_LOCAL
> +  #endif
> +#endif
> +
> +typedef uint64_t qemu_plugin_id_t;
> +
> +/**
> + * qemu_plugin_install() - Install a plugin
> + * @id: this plugin's opaque ID
> + * @argc: number of arguments
> + * @argv: array of arguments (@argc elements)
> + *
> + * All plugins must export this symbol.
> + *
> + * Note: Calling qemu_plugin_uninstall() from this function is a bug. To 
> raise
> + * an error during install, return !0.
> + *
> + * Note: @argv remains valid throughout the lifetime of the loaded plugin.
> + */
> +QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, int argc,
> +   char **argv);
> +
> +/*
> + * Prototypes for the various callback styles we will be registering
> + * in the following functions.
> + */
> +typedef void (*qemu_plugin_simple_cb_t)(qemu_plugin_id_t id);
> +
> +typedef void (*qemu_plugin_udata_cb_t)(qemu_plugin_id_t id, void *userdata);
> +
> +typedef void (*qemu_plugin_vcpu_simple_cb_t)(qemu_plugin_id_t id,
> + unsigned int vcpu_index);
> +
> +typedef void (*qemu_plugin_vcpu_udata_cb_t)(unsigned int vcpu_index,
> +void *userdata);
> +
> +/**
> + * qemu_plugin_uninstall() - Uninstall a plugin
> + * @id: this plugin's opaque ID
> + * @cb: callback to be called once the plugin has been removed
> + *
> + * Do NOT assume that the plugin has been uninstalled once this function
> + * returns. Plugins are uninstalled asynchronously, and therefore the given
> + * plugin receives callbacks until @cb is called.
> + *
> + * Note: Calling this function from qemu_plugin_install() is a bug.
> + */
> +void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb);
> +
> +/**
> + * qemu_plugin_reset() - Reset a plugin
> + * @id: this plugin's opaque ID
> + * @cb: callback to be called once the plugin has been reset
> + *
> + * Unregisters all callbacks for the plugin given by @id.
> + *
> + * Do NOT assume that the plugin has been reset once this function returns.
> + * Plugins are reset asynchronously, and therefore the given plugin receives
> + * callbacks until @cb is called.
> + */
> +void qemu_plugin_reset(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb);
> +
> +/**
> + * qemu_plugin_register_vcpu_init_cb() - register a vCPU initialization 
> callback
> + * @id: plugin ID
> + * @cb: callback function
> + *
> + * The @cb function is called every time a vCPU is initialized.
> + *
> + * See also: qemu_plugin_register_vcpu_exit_cb()
> + */
> +void qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id,
> +   qemu_plugin_vcpu_simple_cb_t cb);
> +
> +/**
> + * qemu_plugin_register_vcpu_exit_cb() - register a vCPU exit callback
> + * @id: plugin ID
> + * @cb: callback function
> + *
> + * The @cb function is called every time a vCPU exits.
> + *
> + * See also: qemu_plugin_register_vcpu_init_cb()
> + */
> +void qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id,
> +   qemu_plugin_vcpu_simple_cb_t cb);
> +
> +/**
> + * qemu_plugin_register_vcpu_idle_cb() - register a vCPU idle callback
> + * @id: plugin ID
> + * @cb: callback function
> + *
> + * The @cb function is called every time a 

Re: [Qemu-devel] [PATCH v3 22/50] *-user: plugin syscalls

[Pranith Kumar]

Minor nits.

On Fri, Jun 14, 2019 at 11:41 AM Alex Bennée  wrote:
>
> From: "Emilio G. Cota" 
>
> Signed-off-by: Emilio G. Cota 
> ---
>  bsd-user/syscall.c   | 9 +
>  linux-user/syscall.c | 3 +++
>  2 files changed, 12 insertions(+)
>
> diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
> index 84a983a9a1..50e47d217c 100644
> --- a/bsd-user/syscall.c
> +++ b/bsd-user/syscall.c
> @@ -323,6 +323,8 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  gemu_log("freebsd syscall %d\n", num);
>  #endif
>  trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
> arg7, arg8);
> +qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
> arg7,
> + arg8);

Looking at the previous line, seems like you can avoid splitting this
line into 2. Keeps it more consistent that way.

>  if(do_strace)
>  print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
>
> @@ -404,6 +406,7 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  if (do_strace)
>  print_freebsd_syscall_ret(num, ret);
>  trace_guest_user_syscall_ret(cpu, num, ret);
> +qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
>  return ret;
>   efault:
>  ret = -TARGET_EFAULT;
> @@ -422,6 +425,8 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  gemu_log("netbsd syscall %d\n", num);
>  #endif
>  trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
> 0, 0);
> +qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0,
> + 0);

ditto.

>  if(do_strace)
>  print_netbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
>
> @@ -480,6 +485,7 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  if (do_strace)
>  print_netbsd_syscall_ret(num, ret);
>  trace_guest_user_syscall_ret(cpu, num, ret);
> +qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
>  return ret;
>   efault:
>  ret = -TARGET_EFAULT;
> @@ -498,6 +504,8 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  gemu_log("openbsd syscall %d\n", num);
>  #endif
>  trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
> 0, 0);
> +qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0,
> + 0);

ditto.

>  if(do_strace)
>  print_openbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
>
> @@ -556,6 +564,7 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
> abi_long arg1,
>  if (do_strace)
>  print_openbsd_syscall_ret(num, ret);
>  trace_guest_user_syscall_ret(cpu, num, ret);
> +qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
>  return ret;
>   efault:
>  ret = -TARGET_EFAULT;
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index b187c1281d..7f3cfdee84 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -11724,6 +11724,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>
>  trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4,
>   arg5, arg6, arg7, arg8);
> +qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
> arg7,
> + arg8);

This I am not sure.


>
>  if (unlikely(do_strace)) {
>  print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
> @@ -11736,5 +11738,6 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  }
>
>  trace_guest_user_syscall_ret(cpu, num, ret);
> +qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
>  return ret;
>  }
> --
> 2.20.1
>
>

Re: [Qemu-devel] [PATCH v3 05/50] docs/devel: add plugins.rst design document

[Pranith Kumar]

Hi,

On Fri, Jun 14, 2019 at 10:21 AM Alex Bennée  wrote:
>
> This is mostly extracted from Emilio's more verbose commit comments
> with some additional verbiage from me.
>
> Signed-off-by: Alex Bennée 
> ---
>  docs/devel/index.rst   |  1 +
>  docs/devel/plugins.rst | 99 ++
>  2 files changed, 100 insertions(+)
>  create mode 100644 docs/devel/plugins.rst
>
> diff --git a/docs/devel/index.rst b/docs/devel/index.rst
> index 2a4ddf40ad..7e6d20c970 100644
> --- a/docs/devel/index.rst
> +++ b/docs/devel/index.rst
> @@ -21,3 +21,4 @@ Contents:
> testing
> decodetree
> secure-coding-practices
> +   plugins
> diff --git a/docs/devel/plugins.rst b/docs/devel/plugins.rst
> new file mode 100644
> index 00..b0c30375ef
> --- /dev/null
> +++ b/docs/devel/plugins.rst
> @@ -0,0 +1,99 @@
> +..
> +   Copyright (C) 2017, Emilio G. Cota 
> +   Copyright (c) 2019, Linaro Limited
> +   Written by Emilio Cota and Alex Bennée
> +
> +
> +QEMU TCG Plugins
> +
> +
> +QEMU TCG plugins provide a way for users to run experiments taking
> +advantage of the total system control emulation can have over a guest.
> +It provides a mechanism for plugins to subscribe to events during
> +translation and execution and optionally callback into the plugin
> +during these events.
> +
> +API Stability
> +=
> +
> +This is a new feature for QEMU and it does allow people to develop
> +out-of-tree plugins than can be dynamically linked into a running QEMU

s/than/that/

> +process. However the project reserves the right to change or break the
> +API should it need to do so.
> +
> +Exposure of QEMU internals
> +--
> +
> +The plugin architecture actively avoids leaking implementation details
> +about how QEMU's translation works to the plugins. While there are
> +conceptions such as translation time and translation blocks the
> +details are opaque to plugins. The plugin is able to query select
> +details of instructions and system configuration only through the
> +exported *qemu_plugin* functions. The types used to describe
> +instructions and events are opaque to the plugins themselves.
> +
> +Usage
> +=
> +
> +The QEMU binary needs to be compiled for plugin support:
> +
> +::
> +configure --enable-plugins
> +
> +Once built a program can be run with multiple plugins loaded each with
> +their own arguments:
> +
> +::
> +$QEMU $OTHER_QEMU_ARGS \
> +  -plugin tests/plugin/libhowvec.so,arg=inline,arg=hint \
> +  -plugin tests/plugin/libhotblocks.so

I think this might be a good place to describe what these arguments are.

> +
> +Plugin Life cycle
> +=
> +
> +First the plugin is loaded and the public qemu_plugin_install function
> +is called. The plugin with then register callbacks for various plugin

s/with/will/

> +events. Generally at least the atexit_cb is registered so the plugin
> +can dump its information at the end of a run.

Is that a hard requirement?

> +
> +When a registered event occurs the plugin callback is called. The

I would prefer 'callback is invoked'.

> +callbacks may provide additional information. In the case of a
> +translation event the plugin has an option to enumerate the
> +instructions in a block of instructions and optionally register
> +callbacks to some or all instructions when they are executed.
> +
> +There is also a facility to add an inline event where code to
> +increment a counter can be directly inlined with the translation.
> +Currently only a simple increment is supported. This is not atomic so
> +the plugin must either keep it's counters separated and indexed by CPU
> +or use a callback which can ensure atomicity.
> +
> +Finally when QEMU exits all the registered atexit callbacks are called

Add period at end of sentence and preferably "s/called/invoked/"

> +
> +Internals
> +=
> +
> +Locking
> +---
> +
> +We have to ensure we cannot deadlock, particularly under MTTCG. For
> +this we acquire a lock when called from plugin code. We also keep the
> +list of callbacks under RCU so that we do not have to hold the lock
> +when calling the callbacks. This is also for performance, since some
> +callbacks (e.g. memory access callbacks) might be called very
> +frequently.
> +
> +  * A consequence of this is that we keep our own list of CPUs, so that
> +we do not have to worry about locking order wrt cpu_list_lock.
> +  * Use a recursive lock, since we can get registration calls from
> +callbacks.
> +
> +As a result registering/unregistering callbacks is "slow", since it
> +takes a lock. But this is very infrequent; we want performance when
> +calling (or not calling) callbacks, not when registering them. Using
> +RCU is great for this.
> +
> +We support the uninstallation of a plugin at any time (e.g. from plugin
> +callbacks). This means some callbacks might still be called after the 
> uninstall
> +function returns. The plugin isn't 

Re: [Qemu-devel] [PATCH v3 0/9] Introduce cpu die topology and enable CPUID.1F for i386

[Like Xu]

Ping for timely review.

On 2019/6/12 16:40, Like Xu wrote:

Multi-chip packaging technology allows integration of multi-cores in one die
and multi-dies in one single package, for example Intel CLX-AP or AMD EPYC.

This patch series extend the CPU topology to the socket/dies/core/thread model,
allowing the setting of dies number per one socket on -smp qemu command. For
i386, it upgrades APIC_IDs generation and reversion functions with a new exposed
leaf called CPUID.1F, which is a preferred superset to leaf 0BH. The CPUID.1F
spec is on https://software.intel.com/en-us/articles/intel-sdm, 3-190 Vol 2A.

E.g. we use -smp 4,dies=2,cores=2,threads=1 to run a multi-dies guest and
check raw cpuid data and the expected output from guest is following:
0x001f 0x00: eax=0x ebx=0x0001 ecx=0x0100 edx=0x0002
0x001f 0x01: eax=0x0001 ebx=0x0002 ecx=0x0201 edx=0x0001
0x001f 0x02: eax=0x0002 ebx=0x0004 ecx=0x0502 edx=0x0003
0x001f 0x03: eax=0x ebx=0x ecx=0x0003 edx=0x0001

Guest system could discover multi-die/package topology through CPUID.1F.
and its benefit is primarily for _reporting_ of the (virtual) CPU topology.
The guest kernel with multi-die/package support have no impact on its
cache topology, NUMA topology, Linux scheduler, or system performance.

==changelog==

v3:

- add a MachineClass::smp_parse function pointer
- place the PC-specific function inside hw/i386/pc.c
- introduce die_id in a separate patch with default value 0
- set env->nr_dies in pc_new_cpu() and pc_cpu_pre_plug()
- fix a circular dependency between target/i386/cpu.c and hw/i386/pc.c
- fix cpu->die_id check in pc_cpu_pre_plug()
- Based on "[PATCH v3 00/10] Refactor cpu topo into machine properties"
- Rebase to commit 219dca61ebf41625831d4f96a720852baf44b762

v2: https://patchwork.kernel.org/cover/10953191/

- Enable cpu die-level topolgy only for PCMachine and X86CPU
- Minimize cpuid.0.eax to the setting value actually used by guest
- Update cmd line -smps docs for die-level configurations
- Refactoring topo-bit tests for x86_apicid_from_cpu_idx() with nr_dies
- Based on "[PATCH v3 00/10] Refactor cpu topo into machine properties"
- Rebase to commit 2259637b95bef3116cc262459271de08e038cc66

v1: https://patchwork.kernel.org/cover/10876667/

Like Xu (9):
   i386: Add die-level cpu topology to x86CPU on PCMachine
   hw/i386: Adjust nr_dies with configured smp_dies for PCMachine
   i386/cpu: Consolidate die-id validity in smp context
   i386: Update new x86_apicid parsing rules with die_offset support
   tests/x86-cpuid: Update testcases in test_topo_bits() with multiple dies
   i386/cpu: Add CPUID.1F generation support for multi-dies PCMachine
   target/i386: Support multi-dies when host doesn't support CPUID.1F
   machine: Refactor smp_parse() in vl.c as MachineClass::smp_parse()
   vl.c: Add -smp, dies=* command line support and update doc

  hmp.c  |   3 +
  hw/core/machine.c  |  89 ++
  hw/i386/pc.c   | 148 -
  include/hw/boards.h|   5 ++
  include/hw/i386/pc.h   |   3 +
  include/hw/i386/topology.h |  76 +--
  qapi/misc.json |   6 +-
  qemu-options.hx|  17 +++--
  target/i386/cpu.c  |  53 +++--
  target/i386/cpu.h  |   7 ++
  target/i386/kvm.c  |  36 -
  tests/test-x86-cpuid.c |  84 +++--
  vl.c   |  78 ++-
  13 files changed, 438 insertions(+), 167 deletions(-)

Re: [Qemu-devel] [PATCH] xics/spapr: Only emulated XICS should use RTAS/hypercalls emulation

[David Gibson]

On Mon, Jun 17, 2019 at 01:55:36PM +0200, Greg Kurz wrote:
> Checking that we're not using the in-kernel XICS is ok with the "xics"
> interrupt controller mode, but it is definitely not enough with the
> other modes since the guest could be using XIVE.
> 
> Ensure XIVE is not in use when emulated XICS RTAS/hypercalls are
> called.
> 
> Signed-off-by: Greg Kurz 

Applied, thanks.

> ---
>  hw/intc/xics_spapr.c |   53 
> +-
>  1 file changed, 27 insertions(+), 26 deletions(-)
> 
> diff --git a/hw/intc/xics_spapr.c b/hw/intc/xics_spapr.c
> index 8d605b68a7a0..7cd3c93d719f 100644
> --- a/hw/intc/xics_spapr.c
> +++ b/hw/intc/xics_spapr.c
> @@ -41,22 +41,23 @@
>   * Guest interfaces
>   */
>  
> -static bool check_in_kernel_xics(const char *func)
> +static bool check_emulated_xics(SpaprMachineState *spapr, const char *func)
>  {
> -if (kvm_irqchip_in_kernel()) {
> -error_report("pseries: %s must never be called for in-kernel XICS",
> +if (spapr_ovec_test(spapr->ov5_cas, OV5_XIVE_EXPLOIT) ||
> +kvm_irqchip_in_kernel()) {
> +error_report("pseries: %s must only be called for emulated XICS",
>   func);
> -return true;
> +return false;
>  }
>  
> -return false;
> +return true;
>  }
>  
> -#define CHECK_IN_KERNEL_XICS_HCALL  \
> -do {\
> -if (check_in_kernel_xics(__func__)) {   \
> -return H_HARDWARE;  \
> -}   \
> +#define CHECK_EMULATED_XICS_HCALL(spapr)   \
> +do {   \
> +if (!check_emulated_xics((spapr), __func__)) { \
> +return H_HARDWARE; \
> +}  \
>  } while (0)
>  
>  static target_ulong h_cppr(PowerPCCPU *cpu, SpaprMachineState *spapr,
> @@ -64,7 +65,7 @@ static target_ulong h_cppr(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  {
>  target_ulong cppr = args[0];
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  icp_set_cppr(spapr_cpu_state(cpu)->icp, cppr);
>  return H_SUCCESS;
> @@ -76,7 +77,7 @@ static target_ulong h_ipi(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  target_ulong mfrr = args[1];
>  ICPState *icp = xics_icp_get(XICS_FABRIC(spapr), args[0]);
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  if (!icp) {
>  return H_PARAMETER;
> @@ -91,7 +92,7 @@ static target_ulong h_xirr(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  {
>  uint32_t xirr = icp_accept(spapr_cpu_state(cpu)->icp);
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  args[0] = xirr;
>  return H_SUCCESS;
> @@ -102,7 +103,7 @@ static target_ulong h_xirr_x(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  {
>  uint32_t xirr = icp_accept(spapr_cpu_state(cpu)->icp);
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  args[0] = xirr;
>  args[1] = cpu_get_host_ticks();
> @@ -114,7 +115,7 @@ static target_ulong h_eoi(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  {
>  target_ulong xirr = args[0];
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  icp_eoi(spapr_cpu_state(cpu)->icp, xirr);
>  return H_SUCCESS;
> @@ -127,7 +128,7 @@ static target_ulong h_ipoll(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  uint32_t mfrr;
>  uint32_t xirr;
>  
> -CHECK_IN_KERNEL_XICS_HCALL;
> +CHECK_EMULATED_XICS_HCALL(spapr);
>  
>  if (!icp) {
>  return H_PARAMETER;
> @@ -141,12 +142,12 @@ static target_ulong h_ipoll(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  return H_SUCCESS;
>  }
>  
> -#define CHECK_IN_KERNEL_XICS_RTAS(rets) \
> -do {\
> -if (check_in_kernel_xics(__func__)) {   \
> -rtas_st((rets), 0, RTAS_OUT_HW_ERROR);  \
> -return; \
> -}   \
> +#define CHECK_EMULATED_XICS_RTAS(spapr, rets)  \
> +do {   \
> +if (!check_emulated_xics((spapr), __func__)) { \
> +rtas_st((rets), 0, RTAS_OUT_HW_ERROR); \
> +return;\
> +}  \
>  } while (0)
>  
>  static void rtas_set_xive(PowerPCCPU *cpu, SpaprMachineState *spapr,
> @@ -157,7 +158,7 @@ static void rtas_set_xive(PowerPCCPU *cpu, 
> SpaprMachineState *spapr,
>  ICSState *ics = spapr->ics;
>  uint32_t nr, srcno, server, priority;
>  
> -CHECK_IN_KERNEL_XICS_RTAS(rets);
> +CHECK_EMULATED_XICS_RTAS(spapr, rets);
>  

Re: [Qemu-devel] [PATCH v2 19/21] aspeed: Add support for the swift-bmc board

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:55, Cédric Le Goater  wrote:
>
> From: Adriana Kobylak 
>
> The Swift board is an OpenPOWER system hosting POWER processors.
> Add support for their BMC including the I2C devices as found on HW.
>
> Signed-off-by: Adriana Kobylak 
> Reviewed-by: Cédric Le Goater 

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH v2 11/21] aspeed/timer: Ensure positive muldiv delta

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:54, Cédric Le Goater  wrote:
>
> From: Christian Svensson 
>
> If the host decrements the counter register that results in a negative
> delta. This is then passed to muldiv64 which only handles unsigned
> numbers resulting in bogus results.
>
> This fix ensures the delta being operated on is positive.
>
> Test case: kexec a kernel using aspeed_timer and it will freeze on the
> second bootup when the kernel initializes the timer. With this patch
> that no longer happens and the timer appears to run OK.
>
> Signed-off-by: Christian Svensson 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH v2 08/21] aspeed/timer: Status register contains reload for stopped timer

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:54, Cédric Le Goater  wrote:
>
> From: Andrew Jeffery 
>
> From the datasheet:
>
>   This register stores the current status of counter #N. When timer
>   enable bit TMC30[N * b] is disabled, the reload register will be
>   loaded into this counter. When timer bit TMC30[N * b] is set, the
>   counter will start to decrement. CPU can update this register value
>   when enable bit is set.
>
> Signed-off-by: Andrew Jeffery 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH v2 06/21] aspeed: add support for multiple NICs

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:54, Cédric Le Goater  wrote:
>
> The Aspeed SoCs have two MACs. Extend the Aspeed model to support a
> second NIC.
>
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/arm/aspeed_soc.h |  3 ++-
>  hw/arm/aspeed_soc.c | 33 +++--
>  2 files changed, 21 insertions(+), 15 deletions(-)
>
> diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
> index b613b00600fc..75b557060b9b 100644
> --- a/include/hw/arm/aspeed_soc.h
> +++ b/include/hw/arm/aspeed_soc.h
> @@ -25,6 +25,7 @@
>  #define ASPEED_SPIS_NUM  2
>  #define ASPEED_WDTS_NUM  3
>  #define ASPEED_CPUS_NUM  2
> +#define ASPEED_MACS_NUM  2

This will be 4 in the future. No need to change it now though.

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH v2 05/21] aspeed: introduce a configurable number of CPU per machine

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:54, Cédric Le Goater  wrote:
>
> The current models of the Aspeed SoCs only have one CPU but future
> ones will support SMP. Introduce a new num_cpus field at the SoC class
> level to define the number of available CPUs per SoC and also
> introduce a 'num-cpus' property to activate the CPUs configured for
> the machine.
>
> The max_cpus limit of the machine should depend on the SoC definition
> but, unfortunately, these values are not available when the machine
> class is initialized. This is the reason why we add a check on
> num_cpus in the AspeedSoC realize handler.
>
> SMP support will be activated when models for such SoCs are implemented.
>
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH v2 21/21] aspeed: vic: Add support for legacy register interface

[Joel Stanley]

On Tue, 18 Jun 2019 at 16:55, Cédric Le Goater  wrote:
>
> From: Andrew Jeffery 
>
> The legacy interface only supported up to 32 IRQs, which became
> restrictive around the AST2400 generation. QEMU support for the SoCs
> started with the AST2400 along with an effort to reimplement and
> upstream drivers for Linux, so up until this point the consumers of the
> QEMU ASPEED support only required the 64 IRQ register interface.
>
> In an effort to support older BMC firmware, add support for the 32 IRQ
> interface.
>
> Signed-off-by: Andrew Jeffery 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Joel Stanley 

Re: [Qemu-devel] [PATCH] migration: Improve accuracy of vCPU throttling with per-vCPU timers

[Peter Xu]

On Tue, Jun 18, 2019 at 04:52:09PM +, Cosmin Marin wrote:
> 
> 
> On 18/06/2019, 15:51, "Peter Xu"  wrote:
> 
> On Tue, Jun 18, 2019 at 12:25:43PM +, Cosmin Marin wrote:
> > Hi Peter,
> > 
> > thanks for reviewing the patch. Indeed, I agree that it's 
> almost impossible to determine which solution it's better from the 
> scalability perspective. However, I feel that using per-vCPU timers is the 
> only way for ensuring correctness of the throttling ratio.
> 
> The thing is that your patch actually contains two changes:
> 
> 1. use N timers instead of one.
> 
> 2. remove throttle_thread_scheduled check, so we do the throttle
>always
> 
> Here what I'm worried is that _maybe_ the 2nd item is the one that
> really helped.
> 
>   C: The removal of *throttle_thread_scheduled* is a consequence of the 
> per-vCPU model only. In this model, each of the vCPUs schedules work just for 
> itself (as part of the timer's firing callback) - there's no global point of 
> control - therefore, the variable isn't helpful for scheduling anymore.
> 
> Note that there is a side effect that we might queue more than one
> work on one specific cpu if we queue it too fast, but it does not
> block us from trying it out to identify which item (1 or 2 or both)
> really helped here.  Then if we think that (queuing too much) is an
> issue then we can discuss on how to fix it since current patch will
> have this problem as well.
> 
>   C: I believe that in the per-vCPU timer implementation we cannot queue 
> more than one piece of work because, here, the vCPU queues work for itself 
> and that happens only when the timer fires - so, the two "states" - 
> scheduling and sleeping - are mutually exclusive running from the same thread 
> context. 

I think this is the place where I'm in question with - I don't think
they are using the same context.  IMO the timer will always be run in
the main thread no matter you use per-cpu timer or not, however the
sleeping part should be run on per-cpu.

A simple way to verify it would be: break at cpu_throttle_timer_tick()
to see which thread it is running in.

> > 
> > It's a bit unclear to me how the throttling ratio inconsistency 
> can be fixed by using a single timer even avoiding the conditional timer 
> re-arming.  Could you provide more details about the use of a single timer ?
> 
>   C: I feel like in this case it will sleep too much running into a 
> problem similar to the one solved by 90bb0c0; under heavy throttling more 
> than one work item may be scheduled.

Right.  So I feel like we need a solution that will avoid this problem
but at the same time keep the proper accuracy of the throttling.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v3 2/2] target/i386: Add support for save/load IA32_UMWAIT_CONTROL MSR

[Tao Xu]

On 6/17/2019 11:39 AM, Xiaoyao Li wrote:



On 6/16/2019 11:35 PM, Tao Xu wrote:

UMWAIT and TPAUSE instructions use IA32_UMWAIT_CONTROL at MSR index
E1H to determines the maximum time in TSC-quanta that the processor
can reside in either C0.1 or C0.2.

This patch is to Add support for save/load IA32_UMWAIT_CONTROL MSR in
guest.

Co-developed-by: Jingqi Liu 
Signed-off-by: Jingqi Liu 
Signed-off-by: Tao Xu 
---

no changes in v3:
---
  target/i386/cpu.h |  2 ++
  target/i386/kvm.c | 13 +
  target/i386/machine.c | 20 
  3 files changed, 35 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2f7c57a3c2..eb98b2e54a 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -450,6 +450,7 @@ typedef enum X86Seg {
  #define MSR_IA32_BNDCFGS    0x0d90
  #define MSR_IA32_XSS    0x0da0
+#define MSR_IA32_UMWAIT_CONTROL 0xe1
  #define XSTATE_FP_BIT   0
  #define XSTATE_SSE_BIT  1
@@ -1348,6 +1349,7 @@ typedef struct CPUX86State {
  uint16_t fpregs_format_vmstate;
  uint64_t xss;
+    uint64_t umwait;
  TPRAccess tpr_access_type;
  } CPUX86State;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3efdb90f11..506c7cd038 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -91,6 +91,7 @@ static bool has_msr_hv_stimer;
  static bool has_msr_hv_frequencies;
  static bool has_msr_hv_reenlightenment;
  static bool has_msr_xss;
+static bool has_msr_umwait;
  static bool has_msr_spec_ctrl;
  static bool has_msr_virt_ssbd;
  static bool has_msr_smi_count;
@@ -1486,6 +1487,9 @@ static int kvm_get_supported_msrs(KVMState *s)
  case MSR_IA32_XSS:
  has_msr_xss = true;
  break;
+    case MSR_IA32_UMWAIT_CONTROL:
+    has_msr_umwait = true;
+    break;


Need to add MSR_IA32_UMWAIT_CONTROL into msrs_to_save[] in your kvm 
patches, otherwise qemu never goes into this case.



OK, thank you for your suggestion. I will add it in the next version.

Re: [Qemu-devel] [PATCH v1 5/5] hw/arm: Add the Netduino Plus 2

[Alistair Francis]

On Sun, May 5, 2019 at 8:34 AM Peter Maydell  wrote:
>
> On Sat, 4 May 2019 at 06:26, Alistair Francis  wrote:
> > Ah, it seems like -device loader doesn't work, it looks like not
> > setting the thumb register causes this core dump:
> >
> > qemu: fatal: Lockup: can't escalate 3 to HardFault (current priority -1)
> >
> > R00=2000 R01=0574 R02=200015d0 R03=200015d0
> > R04= R05= R06= R07=
> > R08= R09= R10= R11=
> > R12= R13=ffe0 R14=fff9 R15=0800cba4
>
> Is the ELF file incorrectly setting the entry point address to not
> be a Thumb one (ie low bit set), or is the loader device not honouring
> that? (I thought that we'd fixed the latter of those recently...)

It looks like all the reset logic is correct in terms of these lines
in arm_cpu_reset():
env->regs[13] = initial_msp & 0xFFFC;
env->regs[15] = initial_pc & ~1;
env->thumb = initial_pc & 1;

The problem is that vecbase is 0, as cpu->init_svtor is 0.

cpu->init_svtor is set via QOM properties in armv7m_realize() based on
the armv7m property "init-svtor".

So hopefully I should be able to just set the property "init-svtor"
for the armv7m object. I'll test that out and see how it goes.

Alistair

>
> thanks
> -- PMM

[Qemu-devel] [Bug 1832535] Re: [riscv/regression] Missing tlb flush introduced in refactoring

[Alistair Francis]

Hello,

Thanks for reporting a bug.

Can you please include details to reproduce the problems that you are
seeing? This includes images and command line arguments.

Do you also mind including the diff of what fixes the problem for you?

Alistair

** Changed in: qemu
   Status: New => Incomplete

** Changed in: qemu
 Assignee: (unassigned) => Alistair Francis (alistair2323)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832535

Title:
  [riscv/regression] Missing tlb flush introduced in refactoring

Status in QEMU:
  Incomplete

Bug description:
  Hello,

  In qemu-system-riscv64, following a QEMU update, I get all sort of
  weird and not easily reproducible crashes in my risc-v guest.

  I have bissected this issue to commit 
c7b951718815694284501ed01fec7acb8654db7b.
  Some TLB flushes were removed in the following places:
  target/riscv/cpu_helper.c: `csr_write_helper(env, s, CSR_MSTATUS);` -> 
`env->mstatus = s;` (twice)
  target/riscv/op_helper.c: `csr_write_helper(env, s, CSR_MSTATUS);` -> 
`env->mstatus = s;` (twice)

  Adding TLB flushes in all 4 places fixes the issues for me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832535/+subscriptions

[Qemu-devel] [RFC v1 0/5] RISC-V: Add firmware loading support and default

[Alistair Francis]

This is an RFC as it will break ALL current users! See below for details.

This series consolidates the current RISC-V kernel loading
impelementation while also adding support for the -bios option and more
advanced kernel image types.

After consolidating the kernel loading we can extend the boot loader to
support a -bios option. We can also extend the kernel loading options to
support not just ELF files but other standard formats.

Finally we can include the OpenSBI firmware by default for QEMU users.

At the end of this series we are in the good place of no longer
requiring users to build firmware to boot a kernel. Instead users can
just run QEMu with the -kernel option and everything will work. They can
also override the firmware with their own using the -bios option. Using
"-bios none" will result in no firmware being loaded (as it is today).

!

Unfortunately this series (patch 5 specifically) results in all current
Linux boots being broken as users are already loading in their own
firmware, which overlaps with the now included default. They will
see this error:

  rom: requested regions overlap (rom phdr #0: 
./images/qemuriscv64/fw_jump.elf. free=0x80008090, 
addr=0x8000)
  qemu-system-riscv64: rom check and register reset failed

If a current user specieifies "-bios none" their flow will continue
working. A user can instead no longer load their firmware and
use the default or they can load their firmware with the -bios option.

At the moment the best idea I have to not break all users is to only
include the default firmware if the user specifies "-bios opensbi".
That is change the default to not loading the firmware. Then we can work
on updating documentation and maybe in future change the default to
include a firmware and anyone who doesn't want a default firmware can
specify "-bios none".

Any other ideas on how to not break everything?



Alistair Francis (5):
  hw/riscv: Split out the boot functions
  hw/riscv: Add support for loading a firmware
  hw/riscv: Extend the kernel loading support
  roms: Add OpenSBI version 0.3
  hw/riscv: Load OpenSBI as the default firmware

 .gitmodules |   3 +
 Makefile|   3 +-
 configure   |   1 +
 hw/riscv/Makefile.objs  |   1 +
 hw/riscv/boot.c | 143 
 hw/riscv/sifive_e.c |  17 +---
 hw/riscv/sifive_u.c |  19 +---
 hw/riscv/spike.c|  21 +---
 hw/riscv/virt.c |  54 ++-
 include/hw/riscv/boot.h |  30 ++
 pc-bios/opensbi-riscv32-fw_jump.elf | Bin 0 -> 197988 bytes
 pc-bios/opensbi-riscv64-fw_jump.elf | Bin 0 -> 200192 bytes
 roms/Makefile   |  17 
 roms/opensbi|   1 +
 14 files changed, 216 insertions(+), 94 deletions(-)
 create mode 100644 hw/riscv/boot.c
 create mode 100644 include/hw/riscv/boot.h
 create mode 100644 pc-bios/opensbi-riscv32-fw_jump.elf
 create mode 100644 pc-bios/opensbi-riscv64-fw_jump.elf
 create mode 16 roms/opensbi

-- 
2.22.0

[Qemu-devel] [RFC v1 3/5] hw/riscv: Extend the kernel loading support

[Alistair Francis]

Extend the RISC-V kernel loader to support uImage and Image files.
A Linux kernel can now be booted with:

qemu-system-riscv64 -machine virt -bios fw_jump.elf -kernel Image

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 392ca0cb2e..7f68035a3f 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -67,13 +67,22 @@ target_ulong riscv_load_kernel(MachineState *machine,
 uint64_t kernel_entry, kernel_high;
 
 if (load_elf(kernel_filename, NULL, kernel_translate, machine,
- _entry, NULL, _high,
- 0, EM_RISCV, 1, 0) < 0) {
-error_report("could not load kernel '%s'", kernel_filename);
-exit(1);
+ _entry, NULL, _high, 0, EM_RISCV, 1, 0) > 0) {
+return kernel_entry;
+}
+
+if (load_uimage_as(kernel_filename, _entry, NULL, NULL,
+   kernel_translate, machine, NULL) > 0) {
+return kernel_entry;
+}
+
+if (load_image_targphys_as(kernel_filename, KERNEL_BOOT_ADDRESS,
+   ram_size, NULL) > 0) {
+return kernel_entry;
 }
 
-return kernel_entry;
+error_report("could not load kernel '%s'", kernel_filename);
+exit(1);
 }
 
 hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
-- 
2.22.0

[Qemu-devel] [RFC v1 5/5] hw/riscv: Load OpenSBI as the default firmware

[Alistair Francis]

If the user hasn't specified a firmware to load (with -bios) or
specified no bios (with -bios none) then load OpenSBI by default. This
allows users to boot a RISC-V kernel with just -kernel.

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 28 
 hw/riscv/sifive_u.c |  4 +---
 hw/riscv/virt.c |  4 +---
 include/hw/riscv/boot.h |  1 +
 4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 7f68035a3f..5f021591ed 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -18,6 +18,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu-common.h"
 #include "qemu/units.h"
 #include "qemu/error-report.h"
 #include "exec/cpu-defs.h"
@@ -32,6 +33,12 @@
 # define KERNEL_BOOT_ADDRESS 0x8020
 #endif
 
+#if defined(TARGET_RISCV32)
+# define BIOS_FILENAME "opensbi-riscv32-fw_jump.elf"
+#else
+# define BIOS_FILENAME "opensbi-riscv64-fw_jump.elf"
+#endif
+
 static uint64_t kernel_translate(void *opaque, uint64_t addr)
 {
 MachineState *machine = opaque;
@@ -47,6 +54,27 @@ static uint64_t kernel_translate(void *opaque, uint64_t addr)
 }
 }
 
+void riscv_find_and_load_firmware(MachineState *machine)
+{
+char *firmware_filename;
+
+if (!machine->firmware) {
+/* The user didn't specify a firmware, default to OpenSBI */
+firmware_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BIOS_FILENAME);
+} else {
+firmware_filename = machine->firmware;
+}
+
+if (strcmp(firmware_filename, "none")) {
+/* If not "none" load the firmware */
+riscv_load_firmware(firmware_filename);
+}
+
+if (!machine->firmware) {
+g_free(firmware_filename);
+}
+}
+
 target_ulong riscv_load_firmware(const char *firmware_filename)
 {
 uint64_t firmware_entry, firmware_start, firmware_end;
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 03a6c64d04..77666d0f4d 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -266,9 +266,7 @@ static void riscv_sifive_u_init(MachineState *machine)
 /* create device tree */
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
-if (machine->firmware) {
-riscv_load_firmware(machine->firmware);
-}
+riscv_find_and_load_firmware(machine);
 
 if (machine->kernel_filename) {
 riscv_load_kernel(machine, machine->kernel_filename);
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index d3670b5a7c..2a7e850666 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -380,9 +380,7 @@ static void riscv_virt_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
 mask_rom);
 
-if (machine->firmware) {
-riscv_load_firmware(machine->firmware);
-}
+riscv_find_and_load_firmware(machine);
 
 if (machine->kernel_filename) {
 uint64_t kernel_entry = riscv_load_kernel(machine,
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index 6f586939c7..df2e2480e6 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -20,6 +20,7 @@
 #ifndef RISCV_BOOT_H
 #define RISCV_BOOT_H
 
+void riscv_find_and_load_firmware(MachineState *machine);
 target_ulong riscv_load_firmware(const char *firmware_filename);
 target_ulong riscv_load_kernel(MachineState *machine,
const char *kernel_filename);
-- 
2.22.0

[Qemu-devel] [RFC v1 2/5] hw/riscv: Add support for loading a firmware

[Alistair Francis]

Add support for loading a firmware file for the virt machine and the
SiFive U. This can be run with the following command:

qemu-system-riscv64 -machine virt -bios fw_jump.elf -kernel vmlinux

Signed-off-by: Alistair Francis 
---
 hw/riscv/boot.c | 41 +++--
 hw/riscv/sifive_e.c |  2 +-
 hw/riscv/sifive_u.c |  6 +-
 hw/riscv/spike.c|  6 +++---
 hw/riscv/virt.c |  7 ++-
 include/hw/riscv/boot.h |  4 +++-
 6 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index 62f94aaf8a..392ca0cb2e 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -23,13 +23,50 @@
 #include "exec/cpu-defs.h"
 #include "hw/loader.h"
 #include "hw/riscv/boot.h"
+#include "hw/boards.h"
 #include "elf.h"
 
-target_ulong riscv_load_kernel(const char *kernel_filename)
+#if defined(TARGET_RISCV32)
+# define KERNEL_BOOT_ADDRESS 0x8040
+#else
+# define KERNEL_BOOT_ADDRESS 0x8020
+#endif
+
+static uint64_t kernel_translate(void *opaque, uint64_t addr)
+{
+MachineState *machine = opaque;
+
+/*
+ * If the user specified a firmware move the kernel to the offset
+ * start address.
+ */
+if (machine->firmware) {
+return (addr & 0x7fff) + KERNEL_BOOT_ADDRESS;
+} else {
+return addr;
+}
+}
+
+target_ulong riscv_load_firmware(const char *firmware_filename)
+{
+uint64_t firmware_entry, firmware_start, firmware_end;
+
+if (load_elf(firmware_filename, NULL, NULL, NULL,
+ _entry, _start, _end,
+ 0, EM_RISCV, 1, 0) < 0) {
+error_report("could not load firmware '%s'", firmware_filename);
+exit(1);
+}
+
+return firmware_entry;
+}
+
+target_ulong riscv_load_kernel(MachineState *machine,
+   const char *kernel_filename)
 {
 uint64_t kernel_entry, kernel_high;
 
-if (load_elf(kernel_filename, NULL, NULL, NULL,
+if (load_elf(kernel_filename, NULL, kernel_translate, machine,
  _entry, NULL, _high,
  0, EM_RISCV, 1, 0) < 0) {
 error_report("could not load kernel '%s'", kernel_filename);
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 9d58ae362b..3695c686be 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -118,7 +118,7 @@ static void riscv_sifive_e_init(MachineState *machine)
   memmap[SIFIVE_E_MROM].base, _space_memory);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine, machine->kernel_filename);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 1b9281bd4a..03a6c64d04 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -266,8 +266,12 @@ static void riscv_sifive_u_init(MachineState *machine)
 /* create device tree */
 create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline);
 
+if (machine->firmware) {
+riscv_load_firmware(machine->firmware);
+}
+
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine, machine->kernel_filename);
 }
 
 /* reset vector */
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index e68be00a5f..81cef0dcea 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -186,7 +186,7 @@ static void spike_board_init(MachineState *machine)
 mask_rom);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine, machine->kernel_filename);
 }
 
 /* reset vector */
@@ -274,7 +274,7 @@ static void spike_v1_10_0_board_init(MachineState *machine)
 mask_rom);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine, machine->kernel_filename);
 }
 
 /* reset vector */
@@ -359,7 +359,7 @@ static void spike_v1_09_1_board_init(MachineState *machine)
 mask_rom);
 
 if (machine->kernel_filename) {
-riscv_load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine, machine->kernel_filename);
 }
 
 /* reset vector */
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 5f8c11471b..d3670b5a7c 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -380,8 +380,13 @@ static void riscv_virt_board_init(MachineState *machine)
 memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base,
 mask_rom);
 
+if (machine->firmware) {
+riscv_load_firmware(machine->firmware);
+}
+
 if (machine->kernel_filename) {
-uint64_t kernel_entry = riscv_load_kernel(machine->kernel_filename);
+uint64_t kernel_entry = riscv_load_kernel(machine,
+  machine->kernel_filename);
 
 if 

[Qemu-devel] [RFC v1 1/5] hw/riscv: Split out the boot functions

[Alistair Francis]

Split the common RISC-V boot functions into a seperate file. This allows
us to share the common code.

Signed-off-by: Alistair Francis 
---
 hw/riscv/Makefile.objs  |  1 +
 hw/riscv/boot.c | 69 +
 hw/riscv/sifive_e.c | 17 ++
 hw/riscv/sifive_u.c | 17 ++
 hw/riscv/spike.c| 21 +++--
 hw/riscv/virt.c | 51 +++---
 include/hw/riscv/boot.h | 27 
 7 files changed, 110 insertions(+), 93 deletions(-)
 create mode 100644 hw/riscv/boot.c
 create mode 100644 include/hw/riscv/boot.h

diff --git a/hw/riscv/Makefile.objs b/hw/riscv/Makefile.objs
index a65027304a..eb9d4f9ffc 100644
--- a/hw/riscv/Makefile.objs
+++ b/hw/riscv/Makefile.objs
@@ -1,3 +1,4 @@
+obj-y += boot.o
 obj-$(CONFIG_SPIKE) += riscv_htif.o
 obj-$(CONFIG_HART) += riscv_hart.o
 obj-$(CONFIG_SIFIVE_E) += sifive_e.o
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
new file mode 100644
index 00..62f94aaf8a
--- /dev/null
+++ b/hw/riscv/boot.c
@@ -0,0 +1,69 @@
+/*
+ * QEMU RISC-V Boot Helper
+ *
+ * Copyright (c) 2017 SiFive, Inc.
+ * Copyright (c) 2019 Alistair Francis 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/units.h"
+#include "qemu/error-report.h"
+#include "exec/cpu-defs.h"
+#include "hw/loader.h"
+#include "hw/riscv/boot.h"
+#include "elf.h"
+
+target_ulong riscv_load_kernel(const char *kernel_filename)
+{
+uint64_t kernel_entry, kernel_high;
+
+if (load_elf(kernel_filename, NULL, NULL, NULL,
+ _entry, NULL, _high,
+ 0, EM_RISCV, 1, 0) < 0) {
+error_report("could not load kernel '%s'", kernel_filename);
+exit(1);
+}
+
+return kernel_entry;
+}
+
+hwaddr riscv_load_initrd(const char *filename, uint64_t mem_size,
+ uint64_t kernel_entry, hwaddr *start)
+{
+int size;
+
+/* We want to put the initrd far enough into RAM that when the
+ * kernel is uncompressed it will not clobber the initrd. However
+ * on boards without much RAM we must ensure that we still leave
+ * enough room for a decent sized initrd, and on boards with large
+ * amounts of RAM we must avoid the initrd being so far up in RAM
+ * that it is outside lowmem and inaccessible to the kernel.
+ * So for boards with less  than 256MB of RAM we put the initrd
+ * halfway into RAM, and for boards with 256MB of RAM or more we put
+ * the initrd at 128MB.
+ */
+*start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
+
+size = load_ramdisk(filename, *start, mem_size - *start);
+if (size == -1) {
+size = load_image_targphys(filename, *start, mem_size - *start);
+if (size == -1) {
+error_report("could not load ramdisk '%s'", filename);
+exit(1);
+}
+}
+
+return *start + size;
+}
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 80ac56fa7d..9d58ae362b 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -44,10 +44,10 @@
 #include "hw/riscv/sifive_prci.h"
 #include "hw/riscv/sifive_uart.h"
 #include "hw/riscv/sifive_e.h"
+#include "hw/riscv/boot.h"
 #include "chardev/char.h"
 #include "sysemu/arch_init.h"
 #include "exec/address-spaces.h"
-#include "elf.h"
 
 static const struct MemmapEntry {
 hwaddr base;
@@ -74,19 +74,6 @@ static const struct MemmapEntry {
 [SIFIVE_E_DTIM] = { 0x8000, 0x4000 }
 };
 
-static target_ulong load_kernel(const char *kernel_filename)
-{
-uint64_t kernel_entry, kernel_high;
-
-if (load_elf(kernel_filename, NULL, NULL, NULL,
- _entry, NULL, _high,
- 0, EM_RISCV, 1, 0) < 0) {
-error_report("could not load kernel '%s'", kernel_filename);
-exit(1);
-}
-return kernel_entry;
-}
-
 static void sifive_mmio_emulate(MemoryRegion *parent, const char *name,
  uintptr_t offset, uintptr_t length)
 {
@@ -131,7 +118,7 @@ static void riscv_sifive_e_init(MachineState *machine)
   memmap[SIFIVE_E_MROM].base, _space_memory);
 
 if (machine->kernel_filename) {
-load_kernel(machine->kernel_filename);
+riscv_load_kernel(machine->kernel_filename);
 }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 5ecc47cea3..1b9281bd4a 100644
--- a/hw/riscv/sifive_u.c
+++ 

Re: [Qemu-devel] [PATCH v10 3/3] linux-user: Add support for statx() syscall

[Jim Wilson]

On Tue, Jun 18, 2019 at 4:13 PM Aleksandar Markovic
 wrote:
> I am waiting on him to send a new version of the series. Meanwhile you can 
> send strace patch to the list, and I can even incude it in my series after 
> and together with Aleksandar's patch, if you don't object.

I submitted it the usual way, so it is on the mailing list now.  If
you want to include it with your patch series that is fine.
https://lists.nongnu.org/archive/html/qemu-devel/2019-06/msg04087.html

Jim

Re: [Qemu-devel] [PATCH] linux-user: Add strace support for statx.

[Jim Wilson]

On Tue, Jun 18, 2019 at 5:09 PM  wrote:
> === OUTPUT BEGIN ===
> ERROR: storage class should be at the beginning of the declaration
> #25: FILE: linux-user/strace.c:979:
> +UNUSED static struct flags statx_flags[] = {

It is complaining about UNUSED, which is a macro that expands to
attribute unused, but this is the exact same C syntax used in the rest
of the file.  I think this is a bug in the checkpatch script as this
looks like it should be allowed.  Or maybe there is an exception for
this one file?

Jim

Re: [Qemu-devel] [PATCH 2/2] aspeed: add a GPIO controller to the SoC

[Rashmica Gupta]

On Tue, 2019-06-18 at 11:21 +0200, Cédric Le Goater wrote:
> On 18/06/2019 10:51, Rashmica Gupta wrote:
> > Signed-off-by: Rashmica Gupta 
> > ---
> >  hw/arm/aspeed_soc.c | 17 +
> >  include/hw/arm/aspeed_soc.h |  3 +++
> >  2 files changed, 20 insertions(+)
> > 
> > diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> > index 1cc98b9f40..8583869acf 100644
> > --- a/hw/arm/aspeed_soc.c
> > +++ b/hw/arm/aspeed_soc.c
> > @@ -23,6 +23,7 @@
> >  #include "net/net.h"
> >  
> >  #define ASPEED_SOC_IOMEM_SIZE   0x0020
> > +#define ASPEED_SOC_GPIO_BASE0x1E78
> > 
> 
> You should put this value in the memmap array.
>

Oops, good spot!

> C. 
> 
> 
> >  static const hwaddr aspeed_soc_ast2400_memmap[] = {
> >  [ASPEED_IOMEM]  = 0x1E60,
> > @@ -120,6 +121,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
> >  .spis_num = 1,
> >  .fmc_typename = "aspeed.smc.fmc",
> >  .spi_typename = aspeed_soc_ast2400_typenames,
> > +.gpio_typename = "aspeed.gpio-ast2400",
> >  .wdts_num = 2,
> >  .irqmap   = aspeed_soc_ast2400_irqmap,
> >  .memmap   = aspeed_soc_ast2400_memmap,
> > @@ -131,6 +133,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
> >  .spis_num = 1,
> >  .fmc_typename = "aspeed.smc.fmc",
> >  .spi_typename = aspeed_soc_ast2400_typenames,
> > +.gpio_typename = "aspeed.gpio-ast2400",
> >  .wdts_num = 2,
> >  .irqmap   = aspeed_soc_ast2400_irqmap,
> >  .memmap   = aspeed_soc_ast2400_memmap,
> > @@ -142,6 +145,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
> >  .spis_num = 1,
> >  .fmc_typename = "aspeed.smc.fmc",
> >  .spi_typename = aspeed_soc_ast2400_typenames,
> > +.gpio_typename = "aspeed.gpio-ast2400",
> >  .wdts_num = 2,
> >  .irqmap   = aspeed_soc_ast2400_irqmap,
> >  .memmap   = aspeed_soc_ast2400_memmap,
> > @@ -153,6 +157,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
> >  .spis_num = 2,
> >  .fmc_typename = "aspeed.smc.ast2500-fmc",
> >  .spi_typename = aspeed_soc_ast2500_typenames,
> > +.gpio_typename = "aspeed.gpio-ast2500",
> >  .wdts_num = 3,
> >  .irqmap   = aspeed_soc_ast2500_irqmap,
> >  .memmap   = aspeed_soc_ast2500_memmap,
> > @@ -225,6 +230,8 @@ static void aspeed_soc_init(Object *obj)
> >  
> >  sysbus_init_child_obj(obj, "ftgmac100", OBJECT(>ftgmac100),
> >sizeof(s->ftgmac100), TYPE_FTGMAC100);
> > +sysbus_init_child_obj(obj, "gpio", OBJECT(>gpio), sizeof(s-
> > >gpio),
> > +  sc->info->gpio_typename);
> >  }
> >  
> >  static void aspeed_soc_realize(DeviceState *dev, Error **errp)
> > @@ -366,6 +373,16 @@ static void aspeed_soc_realize(DeviceState
> > *dev, Error **errp)
> >  sc->info->memmap[ASPEED_ETH1]);
> >  sysbus_connect_irq(SYS_BUS_DEVICE(>ftgmac100), 0,
> > aspeed_soc_get_irq(s, ASPEED_ETH1));
> > +
> > +/* GPIO */
> > +object_property_set_bool(OBJECT(>gpio), true, "realized",
> > );
> > +if (err) {
> > +error_propagate(errp, err);
> > +return;
> > +}
> > +sysbus_mmio_map(SYS_BUS_DEVICE(>gpio), 0,
> > ASPEED_SOC_GPIO_BASE);
> > +sysbus_connect_irq(SYS_BUS_DEVICE(>gpio), 0,
> > +qdev_get_gpio_in(DEVICE(>vic), 20));
> >  }
> >  
> >  static void aspeed_soc_class_init(ObjectClass *oc, void *data)
> > diff --git a/include/hw/arm/aspeed_soc.h
> > b/include/hw/arm/aspeed_soc.h
> > index 88b901d5df..28ff2bedb4 100644
> > --- a/include/hw/arm/aspeed_soc.h
> > +++ b/include/hw/arm/aspeed_soc.h
> > @@ -20,6 +20,7 @@
> >  #include "hw/ssi/aspeed_smc.h"
> >  #include "hw/watchdog/wdt_aspeed.h"
> >  #include "hw/net/ftgmac100.h"
> > +#include "hw/gpio/aspeed_gpio.h"
> >  
> >  #define ASPEED_SPIS_NUM  2
> >  #define ASPEED_WDTS_NUM  3
> > @@ -40,6 +41,7 @@ typedef struct AspeedSoCState {
> >  AspeedSDMCState sdmc;
> >  AspeedWDTState wdt[ASPEED_WDTS_NUM];
> >  FTGMAC100State ftgmac100;
> > +AspeedGPIOState gpio;
> >  } AspeedSoCState;
> >  
> >  #define TYPE_ASPEED_SOC "aspeed-soc"
> > @@ -53,6 +55,7 @@ typedef struct AspeedSoCInfo {
> >  int spis_num;
> >  const char *fmc_typename;
> >  const char **spi_typename;
> > +const char *gpio_typename;
> >  int wdts_num;
> >  const int *irqmap;
> >  const hwaddr *memmap;
> > 
> 
> 

Re: [Qemu-devel] Recent python-sphinx errors out building doc

[John Snow]

On 6/18/19 7:37 PM, Bruce Rogers wrote:
> Hi,
> 
> (Resent with correct address for John)
> I build recent upstream qemu in the openSUSE Build Service, and for
> the Factory repository there, python-sphinx was recently updated to
> version 2.1.1. This caused the build to fail as follows:
> /home/abuild/rpmbuild/BUILD/qemu-4.0.50/docs/interop/bitmaps.rst:202:Could
> not lex literal_block as "json". Highlighting skipped.
> 
> The python-sphinx tools is called with warnings are treated as errors
> it looks like. I don't know much at all about this tool, and hopefully
> someone knows what to fix here. If you want to give me a pointer
> on what needs to change, I could give a go at doing a fix however.
> 
> Thanks,
> 
> Bruce

Hi, there's a series designed to fix this:

https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg00348.html

I think it's up to Peter to merge it as the maintainer of the Sphinx
machinery.

--js

Re: [Qemu-devel] [PATCH] linux-user: Add strace support for statx.

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190618235313.13223-1-j...@sifive.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH] linux-user: Add strace support for statx.
Type: series
Message-id: 20190618235313.13223-1-j...@sifive.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20190618235313.13223-1-j...@sifive.com -> 
patchew/20190618235313.13223-1-j...@sifive.com
Switched to a new branch 'test'
dde446f95f linux-user: Add strace support for statx.

=== OUTPUT BEGIN ===
ERROR: storage class should be at the beginning of the declaration
#25: FILE: linux-user/strace.c:979:
+UNUSED static struct flags statx_flags[] = {

ERROR: storage class should be at the beginning of the declaration
#47: FILE: linux-user/strace.c:1001:
+UNUSED static struct flags statx_mask[] = {

total: 2 errors, 0 warnings, 104 lines checked

Commit dde446f95fb2 (linux-user: Add strace support for statx.) has style 
problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190618235313.13223-1-j...@sifive.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [PATCH] linux-user: Add strace support for statx.

[Jim Wilson]

All of the flags need to be conditional as old systems don't have statx
support.  Otherwise it works the same as other stat family syscalls.
This requires the pending patch to add statx support.

Tested on Ubuntu 16.04 (no host statx) and Ubuntu 19.04 (with host statx)
using a riscv32-linux toolchain.

Signed-off-by: Jim Wilson 
---
 linux-user/strace.c| 86 ++
 linux-user/strace.list |  3 ++
 2 files changed, 89 insertions(+)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 6f72a74..c80e93b 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -976,6 +976,76 @@ UNUSED static struct flags msg_flags[] = {
 FLAG_END,
 };
 
+UNUSED static struct flags statx_flags[] = {
+#ifdef AT_EMPTY_PATH
+FLAG_GENERIC(AT_EMPTY_PATH),
+#endif
+#ifdef AT_NO_AUTOMOUNT
+FLAG_GENERIC(AT_NO_AUTOMOUNT),
+#endif
+#ifdef AT_SYMLINK_NOFOLLOW
+FLAG_GENERIC(AT_SYMLINK_NOFOLLOW),
+#endif
+#ifdef AT_STATX_SYNC_AS_STAT
+FLAG_GENERIC(AT_STATX_SYNC_AS_STAT),
+#endif
+#ifdef AT_STATX_FORCE_SYNC
+FLAG_GENERIC(AT_STATX_FORCE_SYNC),
+#endif
+#ifdef AT_STATX_DONT_SYNC
+FLAG_GENERIC(AT_STATX_DONT_SYNC),
+#endif
+FLAG_END,
+};
+
+UNUSED static struct flags statx_mask[] = {
+/* This must come first, because it includes everything.  */
+#ifdef STATX_ALL
+FLAG_GENERIC(STATX_ALL),
+#endif
+/* This must come second; it includes everything except STATX_BTIME.  */
+#ifdef STATX_BASIC_STATS
+FLAG_GENERIC(STATX_BASIC_STATS),
+#endif
+#ifdef STATX_TYPE
+FLAG_GENERIC(STATX_TYPE),
+#endif
+#ifdef STATX_MODE
+FLAG_GENERIC(STATX_MODE),
+#endif
+#ifdef STATX_NLINK
+FLAG_GENERIC(STATX_NLINK),
+#endif
+#ifdef STATX_UID
+FLAG_GENERIC(STATX_UID),
+#endif
+#ifdef STATX_GID
+FLAG_GENERIC(STATX_GID),
+#endif
+#ifdef STATX_ATIME
+FLAG_GENERIC(STATX_ATIME),
+#endif
+#ifdef STATX_MTIME
+FLAG_GENERIC(STATX_MTIME),
+#endif
+#ifdef STATX_CTIME
+FLAG_GENERIC(STATX_CTIME),
+#endif
+#ifdef STATX_INO
+FLAG_GENERIC(STATX_INO),
+#endif
+#ifdef STATX_SIZE
+FLAG_GENERIC(STATX_SIZE),
+#endif
+#ifdef STATX_BLOCKS
+FLAG_GENERIC(STATX_BLOCKS),
+#endif
+#ifdef STATX_BTIME
+FLAG_GENERIC(STATX_BTIME),
+#endif
+FLAG_END,
+};
+
 /*
  * print_xxx utility functions.  These are used to print syscall
  * parameters in certain format.  All of these have parameter
@@ -2611,6 +2681,22 @@ print_tgkill(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_statx
+static void
+print_statx(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_at_dirfd(arg0, 0);
+print_string(arg1, 0);
+print_flags(statx_flags, arg2, 0);
+print_flags(statx_mask, arg3, 0);
+print_pointer(arg4, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 /*
  * An array of all of the syscalls we know about
  */
diff --git a/linux-user/strace.list b/linux-user/strace.list
index db21ce4..63a9466 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1650,3 +1650,6 @@
 #ifdef TARGET_NR_atomic_barrier
 { TARGET_NR_atomic_barrier, "atomic_barrier", NULL, NULL, NULL },
 #endif
+#ifdef TARGET_NR_statx
+{ TARGET_NR_statx, "statx", NULL, print_statx, NULL },
+#endif
-- 
2.7.4

[Qemu-devel] Recent python-sphinx errors out building doc

[Bruce Rogers]

Hi,

(Resent with correct address for John)

I build recent upstream qemu in the openSUSE Build Service, and for
the Factory repository there, python-sphinx was recently updated to
version 2.1.1. This caused the build to fail as follows:
/home/abuild/rpmbuild/BUILD/qemu-4.0.50/docs/interop/bitmaps.rst:202:Could not 
lex literal_block as "json". Highlighting skipped.

The python-sphinx tools is called with warnings are treated as errors
it looks like. I don't know much at all about this tool, and hopefully
 someone knows what to fix here. If you want to give me a pointer
on what needs to change, I could give a go at doing a fix however.

Thanks,

Bruce

Re: [Qemu-devel] [PATCH v10 3/3] linux-user: Add support for statx() syscall

[Aleksandar Markovic]

On Wednesday, June 19, 2019, Jim Wilson  wrote:

> On 6/7/19 3:35 AM, Aleksandar Markovic wrote:
>
>> Implement support for translation of system call statx().
>>
>
> I also need these patches for 32-bit RISC-V linux user mode support.
>
> glibc ld.so calls statx if fstatat is not supported.  Apparently new linux
> architecture ports aren't allowed to define __ARCH_WANT_NEW_STAT which
> enables fstatat because this is already obsolete.  64-bit RISC-V linux does
> have fstatat, but apparently this was a mistake which we can't fix now
> because the ABI is already frozen.  The 32-bit RISC-V ABI is not frozen
> yet, so it won't have fstatat.  Anyways, without statx, ld.so doesn't work,
> which makes user mode qemu pretty useless, so we do need this emulated in
> qemu to make the 32-bit RISC-V linux user mode support work properly.
>
>
Jim, Aleksandar Rikalo, the author of the patch was about to send Laurent
explanation why this aproach is needed in its current organization, on a
very similar line of reasoning as yours.

I am waiting on him to send a new version of the series. Meanwhile you can
send strace patch to the list, and I can even incude it in my series after
and together with Aleksandar's patch, if you don't object.

Yours,

Aleksandar M.

I started with the August 2018 version of the patch a few weeks ago, and
> just noticed that it has been resubmitted.  I had to modify the patch
> slightly to apply to current sources, and had to fix one bug to make it
> work.  The line
> +if (ret != TARGET_ENOSYS) {
> needs to instead be
> +if (ret != -TARGET_ENOSYS) {
> I see that Laurent has already pointed that out.
>
> Incidentally, I also have strace patches for statx that work on top of
> this patch, since I didn't see that in the nanomips patch set I started
> with.  That helped me debug the 32-bit RISC-V user mode support.
>
> I've tested this on Ubuntu 16.04 (no host statx) and Ubuntu 19.10 (with
> host statx) and it worked well for me running the gcc testsuite for a
> riscv32-linux target.  I haven't tried testing the latest version of the
> patch yet.  I can do that if this is helpful.
>
> Jim
>
>

Re: [Qemu-devel] [PATCH] i386: Fix signedness of hyperv_spinlock_attempts

[Eduardo Habkost]

On Sat, Jun 15, 2019 at 05:05:05PM -0300, Eduardo Habkost wrote:
> The current default value for hv-spinlocks is 0x (meaning
> "never retry").  However, the value is stored as a signed
> integer, making the getter of the hv-spinlocks QOM property
> return -1 instead of 0x.
> 
> Fix this by changing the type of X86CPU::hyperv_spinlock_attempts
> to uint32_t.  This has no visible effect to guest operating
> systems, affecting just the behavior of the QOM getter.
> 
> Signed-off-by: Eduardo Habkost 

Queued on x86-next.

-- 
Eduardo

Re: [Qemu-devel] [PATCH] i386: make 'hv-spinlocks' a regular uint32 property

[Eduardo Habkost]

On Tue, Jun 18, 2019 at 11:07:06AM +, Roman Kagan wrote:
> X86CPU.hv-spinlocks is a uint32 property that has a special setter
> validating the value to be no less than 0xFFF and no bigger than
> UINT_MAX.  The latter check is redundant; as for the former, there
> appears to be no reason to prohibit the user from setting it to a lower
> value.
> 
> So nuke the dedicated getter/setter pair and convert 'hv-spinlocks' to a
> regular uint32 property.
> 
> Signed-off-by: Roman Kagan 

Reviewed-by: Eduardo Habkost 

Queued on x86-next.  Thanks!

-- 
Eduardo

[Qemu-devel] Recent python-sphinx errors out building doc

[Bruce Rogers]

Hi,

I build recent upstream qemu in the openSUSE Build Service, and for
the Factory repository there, python-sphinx was recently updated to
version 2.1.1. This caused the build to fail as follows:
/home/abuild/rpmbuild/BUILD/qemu-4.0.50/docs/interop/bitmaps.rst:202:Could not 
lex literal_block as "json". Highlighting skipped.

The python-sphinx tools is called with warnings are treated as errors
it looks like. I don't know much at all about this tool, and hopefully
 someone knows what to fix here. If you want to give me a pointer
on what needs to change, I could give a go at doing a fix however.

Thanks,

Bruce

Re: [Qemu-devel] [PATCH 3/7] KVM: i386: Add support for KVM_CAP_EXCEPTION_PAYLOAD

[Maran Wilson]

On 6/17/2019 10:27 AM, Paolo Bonzini wrote:

On 17/06/19 13:34, Liran Alon wrote:

Putting this all together, in case kernel doesn’t support extracting
nested-state, there is no decent way to know if guest is running
nested-virtualization. Which means that in theory we always need to
fail migration in case kernel doesn’t support KVM_CAP_NESTED_STATE or
KVM_CAP_EXCEPTION_PAYLOAD and vCPU is exposed with VMX/SVM
capability.

For VMX this would be okay because we had a blocker before this series,
and this wouldn't be any worse.


I agree it shouldn't be a gating issue for this patch series, but I'd 
hate to see this discussion thread die off.


I'm still pretty interested in hearing whether anyone has any good ideas 
for how to conclusively determine whether a given L1 VM has created a 
nested L2 or not when the host is running an older Kernel that doesn't 
support KVM_CAP_NESTED_STATE. That would be a very useful capability, 
especially for CSP use cases. If anyone has any suggestions about where 
to look, I don't mind spending some time digging into it and possibly 
testing out a few ideas. Again, separate from this particular patch 
series. So far I've been drawing a blank after Liran pointed out that 
corner case problems associated with env->cr[4] & CR4_VMXE_MASK.


Thanks,
-Maran


For SVM we can ignore the case and fix it when we have
KVM_CAP_NESTED_STATE, as again that wouldn't be any worse.

Paolo


I can condition this behaviour with a flag that can be manipulated
using QMP to allow user to indicate it wishes to migrate guest anyway
in this case. This however bring me back to the entire discussion I
had with Dr. David Alan Gilbert on migration backwards compatibility
in general and the fact that I believe we should have a generic QMP
command which allows to provide list of VMState subsections that can
be ignored in migration… See:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg622274.html

Paolo, What are your thoughts on how I would proceed with this?

[Qemu-devel] [PATCH] RISC-V: Update syscall list for 32-bit support.

[Jim Wilson]

32-bit RISC-V uses _llseek instead of lseek as syscall number 62.
Update syscall list from open-embedded build, primarily because
32-bit RISC-V requires statx support.

Tested with cross gcc testsuite runs for rv32 and rv64, with the
pending statx patch also applied.

Signed-off-by: Jim Wilson 
---
 linux-user/riscv/syscall_nr.h | 15 ++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/linux-user/riscv/syscall_nr.h b/linux-user/riscv/syscall_nr.h
index dab6509..5c87282 100644
--- a/linux-user/riscv/syscall_nr.h
+++ b/linux-user/riscv/syscall_nr.h
@@ -72,7 +72,11 @@
 #define TARGET_NR_pipe2 59
 #define TARGET_NR_quotactl 60
 #define TARGET_NR_getdents64 61
+#ifdef TARGET_RISCV32
+#define TARGET_NR__llseek 62
+#else
 #define TARGET_NR_lseek 62
+#endif
 #define TARGET_NR_read 63
 #define TARGET_NR_write 64
 #define TARGET_NR_readv 65
@@ -286,7 +290,16 @@
 #define TARGET_NR_membarrier 283
 #define TARGET_NR_mlock2 284
 #define TARGET_NR_copy_file_range 285
+#define TARGET_NR_preadv2 286
+#define TARGET_NR_pwritev2 287
+#define TARGET_NR_pkey_mprotect 288
+#define TARGET_NR_pkey_alloc 289
+#define TARGET_NR_pkey_free 290
+#define TARGET_NR_statx 291
+#define TARGET_NR_io_pgetevents 292
+#define TARGET_NR_rseq 293
+#define TARGET_NR_kexec_file_load 294
 
-#define TARGET_NR_syscalls (TARGET_NR_copy_file_range + 1)
+#define TARGET_NR_syscalls (TARGET_NR_kexec_file_load + 1)
 
 #endif
-- 
2.7.4

Re: [Qemu-devel] RISC-V: Include ROM in QEMU

[Alistair Francis]

On Mon, Jun 10, 2019 at 11:30 PM Gerd Hoffmann  wrote:
>
> On Fri, Jun 07, 2019 at 05:03:42PM -0700, Palmer Dabbelt wrote:
> > On Thu, 06 Jun 2019 16:22:47 PDT (-0700), alistai...@gmail.com wrote:
> > > Hello,
> > >
> > > As a test of the waters, how would the QEMU community feel about
> > > including the RISC-V OpenSBI project as a ROM submodule?
> > >
> > > The idea would be to have OpenSBI (similar to ATF for ARM and a BIOS
> > > for x86) included by default to simplify the QEMU RISC-V boot process
> > > for users. This would remove the requirement for users/developers to
> > > build a RISC-V firmware. The goal here is to allow people to just
> > > download and run their kernel as easily as they currently do for x86.
> > >
> > > We would make sure that it can be disabled! That is users/developers
> > > can use their own (or none) if they want to. The idea here is just to
> > > simplify the boot process, not lock anyone out.
> >
> > I like it.  My only question is about the mechanics of doing so: are we just
> > going to assume there's a cross compiler in PATH?  I guess that's less of a
> > usability headache than needing a complier and a firmware.
>
> Usual way to add firmware:
>
>   (1) Add a submodule below roms/
>   (2) Add rules to build the firmware to roms/Makefile.  Firmware
>   maintainers can use them, and they also document the build process.
>   A normal qemu build will not automatically build the firmware
>   though.
>   (3) Place a pre-built binary in pc-bios/
>
> There is some cross compiler detection logic in roms/Makefile which you
> can use.

Thanks for the info. I have it all working now, just running a few
more tests. I will send my patches out today or tomorrow.

Alistair

>
> cheers,
>   Gerd
>

Re: [Qemu-devel] [QEMU PATCH v3 7/9] KVM: i386: Add support for save and restore nested state

[Maran Wilson]

On 6/17/2019 10:56 AM, Liran Alon wrote:

Kernel commit 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
introduced new IOCTLs to extract and restore vCPU state related to
Intel VMX & AMD SVM.

Utilize these IOCTLs to add support for migration of VMs which are
running nested hypervisors.

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
---
  accel/kvm/kvm-all.c   |   8 ++
  include/sysemu/kvm.h  |   1 +
  target/i386/cpu.h |   3 +
  target/i386/kvm.c |  80 +
  target/i386/machine.c | 196 ++
  5 files changed, 288 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 59a3aa3a40da..4fdf5b04b131 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -88,6 +88,7 @@ struct KVMState
  #ifdef KVM_CAP_SET_GUEST_DEBUG
  QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints;
  #endif
+int max_nested_state_len;
  int many_ioeventfds;
  int intx_set_mask;
  bool sync_mmu;
@@ -1678,6 +1679,8 @@ static int kvm_init(MachineState *ms)
  s->debugregs = kvm_check_extension(s, KVM_CAP_DEBUGREGS);
  #endif
  
+s->max_nested_state_len = kvm_check_extension(s, KVM_CAP_NESTED_STATE);

+
  #ifdef KVM_CAP_IRQ_ROUTING
  kvm_direct_msi_allowed = (kvm_check_extension(s, KVM_CAP_SIGNAL_MSI) > 0);
  #endif
@@ -2245,6 +2248,11 @@ int kvm_has_debugregs(void)
  return kvm_state->debugregs;
  }
  
+int kvm_max_nested_state_length(void)

+{
+return kvm_state->max_nested_state_len;
+}
+
  int kvm_has_many_ioeventfds(void)
  {
  if (!kvm_enabled()) {
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 64f55e519df7..acd90aebb6c4 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -210,6 +210,7 @@ bool kvm_has_sync_mmu(void);
  int kvm_has_vcpu_events(void);
  int kvm_has_robust_singlestep(void);
  int kvm_has_debugregs(void);
+int kvm_max_nested_state_length(void);
  int kvm_has_pit_state2(void);
  int kvm_has_many_ioeventfds(void);
  int kvm_has_gsi_routing(void);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 79d9495ceb0c..a6bb71849869 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1350,6 +1350,9 @@ typedef struct CPUX86State {
  #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
  void *xsave_buf;
  #endif
+#if defined(CONFIG_KVM)
+struct kvm_nested_state *nested_state;
+#endif
  #if defined(CONFIG_HVF)
  HVFX86EmulatorState *hvf_emul;
  #endif
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index f43e2d69859e..5950c3ed0d1c 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -931,6 +931,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
  struct kvm_cpuid_entry2 *c;
  uint32_t signature[3];
  int kvm_base = KVM_CPUID_SIGNATURE;
+int max_nested_state_len;
  int r;
  Error *local_err = NULL;
  
@@ -1331,6 +1332,24 @@ int kvm_arch_init_vcpu(CPUState *cs)

  if (has_xsave) {
  env->xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
  }
+
+max_nested_state_len = kvm_max_nested_state_length();
+if (max_nested_state_len > 0) {
+assert(max_nested_state_len >= offsetof(struct kvm_nested_state, 
data));
+env->nested_state = g_malloc0(max_nested_state_len);
+
+env->nested_state->size = max_nested_state_len;
+
+if (IS_INTEL_CPU(env)) {
+struct kvm_vmx_nested_state_hdr *vmx_hdr =
+>nested_state->hdr.vmx;
+
+vmx_hdr->vmxon_pa = -1ull;
+vmx_hdr->vmcs12_pa = -1ull;
+}
+
+}
+
  cpu->kvm_msr_buf = g_malloc0(MSR_BUF_SIZE);
  
  if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_RDTSCP)) {

@@ -1352,12 +1371,18 @@ int kvm_arch_init_vcpu(CPUState *cs)
  int kvm_arch_destroy_vcpu(CPUState *cs)
  {
  X86CPU *cpu = X86_CPU(cs);
+CPUX86State *env = >env;
  
  if (cpu->kvm_msr_buf) {

  g_free(cpu->kvm_msr_buf);
  cpu->kvm_msr_buf = NULL;
  }
  
+if (env->nested_state) {

+g_free(env->nested_state);
+env->nested_state = NULL;
+}
+
  return 0;
  }
  
@@ -3072,6 +3097,52 @@ static int kvm_get_debugregs(X86CPU *cpu)

  return 0;
  }
  
+static int kvm_put_nested_state(X86CPU *cpu)

+{
+CPUX86State *env = >env;
+int max_nested_state_len = kvm_max_nested_state_length();
+
+if (max_nested_state_len <= 0) {
+return 0;
+}
+
+assert(env->nested_state->size <= max_nested_state_len);
+return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_NESTED_STATE, env->nested_state);
+}
+
+static int kvm_get_nested_state(X86CPU *cpu)
+{
+CPUX86State *env = >env;
+int max_nested_state_len = kvm_max_nested_state_length();
+int ret;
+
+if (max_nested_state_len <= 0) {
+return 0;
+}
+
+/*
+ * It is possible that migration restored a smaller size into
+ * nested_state->hdr.size than what our kernel support.
+ * We preserve migration origin nested_state->hdr.size for
+ * call to KVM_SET_NESTED_STATE but 

Re: [Qemu-devel] RISC-V: Include ROM in QEMU

[Alistair Francis]

On Fri, Jun 7, 2019 at 5:03 PM Palmer Dabbelt  wrote:
>
> On Thu, 06 Jun 2019 16:22:47 PDT (-0700), alistai...@gmail.com wrote:
> > Hello,
> >
> > As a test of the waters, how would the QEMU community feel about
> > including the RISC-V OpenSBI project as a ROM submodule?
> >
> > The idea would be to have OpenSBI (similar to ATF for ARM and a BIOS
> > for x86) included by default to simplify the QEMU RISC-V boot process
> > for users. This would remove the requirement for users/developers to
> > build a RISC-V firmware. The goal here is to allow people to just
> > download and run their kernel as easily as they currently do for x86.
> >
> > We would make sure that it can be disabled! That is users/developers
> > can use their own (or none) if they want to. The idea here is just to
> > simplify the boot process, not lock anyone out.
>
> I like it.  My only question is about the mechanics of doing so: are we just
> going to assume there's a cross compiler in PATH?  I guess that's less of a
> usability headache than needing a complier and a firmware.

It looks like we will include a binary in the QEMU source and also
provide the option for users to compile it themselves.

Alistair

Re: [Qemu-devel] [QEMU PATCH v3 9/9] KVM: i386: Remove VMX migration blocker

[Maran Wilson]

On 6/17/2019 10:56 AM, Liran Alon wrote:

This effectively reverts d98f26073beb ("target/i386: kvm: add VMX migration 
blocker").
This can now be done because previous commits added support for Intel VMX 
migration.

AMD SVM migration is still blocked. This is because kernel
KVM_CAP_{GET,SET}_NESTED_STATE in case of AMD SVM is not
implemented yet. Therefore, required vCPU nested state is still
missing in order to perform valid migration for vCPU exposed with SVM.

Signed-off-by: Liran Alon 
---
  target/i386/kvm.c | 12 ++--
  1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 797f8ac46435..772c8619efc4 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -948,7 +948,7 @@ static int hyperv_init_vcpu(X86CPU *cpu)
  }
  
  static Error *invtsc_mig_blocker;

-static Error *nested_virt_mig_blocker;
+static Error *svm_mig_blocker;
  
  #define KVM_MAX_CPUID_ENTRIES  100
  
@@ -1313,13 +1313,13 @@ int kvm_arch_init_vcpu(CPUState *cs)

!!(c->ecx & CPUID_EXT_SMX);
  }
  
-if (cpu_has_nested_virt(env) && !nested_virt_mig_blocker) {

-error_setg(_virt_mig_blocker,
-   "Nested virtualization does not support live migration 
yet");
-r = migrate_add_blocker(nested_virt_mig_blocker, _err);
+if (cpu_has_svm(env) && !svm_mig_blocker) {
+error_setg(_mig_blocker,
+   "AMD SVM does not support live migration yet");
+r = migrate_add_blocker(svm_mig_blocker, _err);
  if (local_err) {
  error_report_err(local_err);
-error_free(nested_virt_mig_blocker);
+error_free(svm_mig_blocker);
  return r;
  }
  }


Reviewed-by: Maran Wilson 

Thanks,
-Maran

Re: [Qemu-devel] [QEMU PATCH v3 1/9] KVM: Introduce kvm_arch_destroy_vcpu()

[Maran Wilson]

On 6/17/2019 10:56 AM, Liran Alon wrote:

Simiar to how kvm_init_vcpu() calls kvm_arch_init_vcpu() to perform
arch-dependent initialisation, introduce kvm_arch_destroy_vcpu()
to be called from kvm_destroy_vcpu() to perform arch-dependent
destruction.

This was added because some architectures (Such as i386)
currently do not free memory that it have allocated in
kvm_arch_init_vcpu().

Suggested-by: Maran Wilson 
Signed-off-by: Liran Alon 
---
  accel/kvm/kvm-all.c  |  5 +
  include/sysemu/kvm.h |  1 +
  target/arm/kvm32.c   |  5 +
  target/arm/kvm64.c   |  5 +
  target/i386/kvm.c| 12 
  target/mips/kvm.c|  5 +
  target/ppc/kvm.c |  5 +
  target/s390x/kvm.c   | 10 ++
  8 files changed, 48 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 524c4ddfbd0f..59a3aa3a40da 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -292,6 +292,11 @@ int kvm_destroy_vcpu(CPUState *cpu)
  
  DPRINTF("kvm_destroy_vcpu\n");
  
+ret = kvm_arch_destroy_vcpu(cpu);

+if (ret < 0) {
+goto err;
+}
+
  mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
  if (mmap_size < 0) {
  ret = mmap_size;
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index a6d1cd190fed..64f55e519df7 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -371,6 +371,7 @@ int kvm_arch_put_registers(CPUState *cpu, int level);
  int kvm_arch_init(MachineState *ms, KVMState *s);
  
  int kvm_arch_init_vcpu(CPUState *cpu);

+int kvm_arch_destroy_vcpu(CPUState *cpu);
  
  bool kvm_vcpu_id_is_valid(int vcpu_id);
  
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c

index 4e54e372a668..51f78f722b18 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -240,6 +240,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return kvm_arm_init_cpreg_list(cpu);
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+   return 0;
+}
+
  typedef struct Reg {
  uint64_t id;
  int offset;
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 998d21f399f4..22d19c9aec6f 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -654,6 +654,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return kvm_arm_init_cpreg_list(cpu);
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+return 0;
+}
+
  bool kvm_arm_reg_syncs_via_cpreg_list(uint64_t regidx)
  {
  /* Return true if the regidx is a register we should synchronize
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3b29ce5c0d08..29889aa6b001 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1349,6 +1349,18 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return r;
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+X86CPU *cpu = X86_CPU(cs);
+
+if (cpu->kvm_msr_buf) {
+g_free(cpu->kvm_msr_buf);
+cpu->kvm_msr_buf = NULL;
+}
+
+return 0;
+}
+
  void kvm_arch_reset_vcpu(X86CPU *cpu)
  {
  CPUX86State *env = >env;
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index 8e72850962e1..938f8f144b74 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -91,6 +91,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return ret;
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+return 0;
+}
+
  void kvm_mips_reset_vcpu(MIPSCPU *cpu)
  {
  CPUMIPSState *env = >env;
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 3bf0a46c3352..1967ccc51791 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -521,6 +521,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return ret;
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+return 0;
+}
+
  static void kvm_sw_tlb_put(PowerPCCPU *cpu)
  {
  CPUPPCState *env = >env;
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index e5e2b691f253..c2747c31649b 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -368,6 +368,16 @@ int kvm_arch_init_vcpu(CPUState *cs)
  return 0;
  }
  
+int kvm_arch_destroy_vcpu(CPUState *cs)

+{
+S390CPU *cpu = S390_CPU(cs);
+
+g_free(cpu->irqstate);
+cpu->irqstate = NULL;
+
+return 0;
+}
+
  void kvm_s390_reset_vcpu(S390CPU *cpu)
  {
  CPUState *cs = CPU(cpu);


Reviewed-by: Maran Wilson 

Thanks,
-Maran

Re: [Qemu-devel] [QEMU PATCH v3 5/9] linux-headers: i386: Modify struct kvm_nested_state to have explicit fields for data

[Maran Wilson]

On 6/17/2019 10:56 AM, Liran Alon wrote:

Improve the KVM_{GET,SET}_NESTED_STATE structs by detailing the format
of VMX nested state data in a struct.

In order to avoid changing the ioctl values of
KVM_{GET,SET}_NESTED_STATE, there is a need to preserve
sizeof(struct kvm_nested_state). This is done by defining the data
struct as "data.vmx[0]". It was the most elegant way I found to
preserve struct size while still keeping struct readable and easy to
maintain. It does have a misfortunate side-effect that now it has to be
accessed as "data.vmx[0]" rather than just "data.vmx".

Because we are already modifying these structs, I also modified the
following:
* Define the "format" field values as macros.
* Rename vmcs_pa to vmcs12_pa for better readability.
* Add stub structs for AMD SVM.

Signed-off-by: Liran Alon 
---
  linux-headers/asm-x86/kvm.h | 41 +++--
  1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index 7a0e64ccd6ff..e655d108af19 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -383,6 +383,9 @@ struct kvm_sync_regs {
  #define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
  #define KVM_X86_QUIRK_OUT_7E_INC_RIP  (1 << 3)
  
+#define KVM_STATE_NESTED_FORMAT_VMX	0

+#define KVM_STATE_NESTED_FORMAT_SVM1
+
  #define KVM_STATE_NESTED_GUEST_MODE   0x0001
  #define KVM_STATE_NESTED_RUN_PENDING  0x0002
  #define KVM_STATE_NESTED_EVMCS0x0004
@@ -390,35 +393,51 @@ struct kvm_sync_regs {
  #define KVM_STATE_NESTED_SMM_GUEST_MODE   0x0001
  #define KVM_STATE_NESTED_SMM_VMXON0x0002
  
-struct kvm_vmx_nested_state {

+struct kvm_vmx_nested_state_data {
+   __u8 vmcs12[0x1000];
+   __u8 shadow_vmcs12[0x1000];


I assume you will replace this magic 0x1000 value too, as discussed with 
respect to patch 7?


Thanks,
-Maran


+};
+
+struct kvm_vmx_nested_state_hdr {
__u64 vmxon_pa;
-   __u64 vmcs_pa;
+   __u64 vmcs12_pa;
  
  	struct {

__u16 flags;
} smm;
  };
  
+struct kvm_svm_nested_state_data {

+   /* TODO: Implement */
+};
+
+struct kvm_svm_nested_state_hdr {
+   /* TODO: Implement */
+};
+
  /* for KVM_CAP_NESTED_STATE */
  struct kvm_nested_state {
-   /* KVM_STATE_* flags */
__u16 flags;
-
-   /* 0 for VMX, 1 for SVM.  */
__u16 format;
-
-   /* 128 for SVM, 128 + VMCS size for VMX.  */
__u32 size;
  
  	union {

-   /* VMXON, VMCS */
-   struct kvm_vmx_nested_state vmx;
+   struct kvm_vmx_nested_state_hdr vmx;
+   struct kvm_svm_nested_state_hdr svm;
  
  		/* Pad the header to 128 bytes.  */

__u8 pad[120];
-   };
+   } hdr;
  
-	__u8 data[0];

+   /*
+* Define data region as 0 bytes to preserve backwards-compatability
+* to old definition of kvm_nested_state in order to avoid changing
+* KVM_{GET,PUT}_NESTED_STATE ioctl values.
+*/
+   union {
+   struct kvm_vmx_nested_state_data vmx[0];
+   struct kvm_svm_nested_state_data svm[0];
+   } data;
  };
  
  #endif /* _ASM_X86_KVM_H */

Re: [Qemu-devel] [QEMU PATCH v3 4/9] KVM: i386: Block migration for vCPUs exposed with nested virtualization

[Maran Wilson]

On 6/17/2019 10:56 AM, Liran Alon wrote:

Commit d98f26073beb ("target/i386: kvm: add VMX migration blocker")
added a migration blocker for vCPU exposed with Intel VMX.
However, migration should also be blocked for vCPU exposed with
AMD SVM.

Both cases should be blocked because QEMU should extract additional
vCPU state from KVM that should be migrated as part of vCPU VMState.
E.g. Whether vCPU is running in guest-mode or host-mode.

Fixes: d98f26073beb ("target/i386: kvm: add VMX migration blocker")
Signed-off-by: Liran Alon 
---
  target/i386/cpu.c |  6 --
  target/i386/cpu.h | 24 
  target/i386/kvm.c | 12 ++--
  3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 536d7d152044..197201087e65 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5170,12 +5170,6 @@ static int x86_cpu_filter_features(X86CPU *cpu)
  return rv;
  }
  
-#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \

-   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
-   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
-#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
- (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
- (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
  static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
  {
  CPUState *cs = CPU(dev);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index fce6660bac00..79d9495ceb0c 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -728,6 +728,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
  
  #define CPUID_VENDOR_HYGON"HygonGenuine"
  
+#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \

+   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
+   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
+#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
+ (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
+ (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
+
  #define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */
  #define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */
  
@@ -1866,6 +1873,23 @@ static inline int32_t x86_get_a20_mask(CPUX86State *env)

  }
  }
  
+static inline bool cpu_has_vmx(CPUX86State *env)

+{
+return (IS_INTEL_CPU(env) &&
+(env->features[FEAT_1_ECX] & CPUID_EXT_VMX));
+}
+
+static inline bool cpu_has_svm(CPUX86State *env)
+{
+return (IS_AMD_CPU(env) &&
+(env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM));
+}
+
+static inline bool cpu_has_nested_virt(CPUX86State *env)
+{
+return (cpu_has_vmx(env) || cpu_has_svm(env));
+}
+
  /* fpu_helper.c */
  void update_fp_status(CPUX86State *env);
  void update_mxcsr_status(CPUX86State *env);
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index c8fd53055d37..f43e2d69859e 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -906,7 +906,7 @@ static int hyperv_init_vcpu(X86CPU *cpu)
  }
  
  static Error *invtsc_mig_blocker;

-static Error *vmx_mig_blocker;
+static Error *nested_virt_mig_blocker;
  
  #define KVM_MAX_CPUID_ENTRIES  100
  
@@ -1270,13 +1270,13 @@ int kvm_arch_init_vcpu(CPUState *cs)

!!(c->ecx & CPUID_EXT_SMX);
  }
  
-if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {

-error_setg(_mig_blocker,
-   "Nested VMX virtualization does not support live migration 
yet");
-r = migrate_add_blocker(vmx_mig_blocker, _err);
+if (cpu_has_nested_virt(env) && !nested_virt_mig_blocker) {
+error_setg(_virt_mig_blocker,
+   "Nested virtualization does not support live migration 
yet");
+r = migrate_add_blocker(nested_virt_mig_blocker, _err);
  if (local_err) {
  error_report_err(local_err);
-error_free(vmx_mig_blocker);
+error_free(nested_virt_mig_blocker);
  return r;
  }
  }


Reviewed-by: Maran Wilson 

Thanks,
-Maran

Re: [Qemu-devel] [PATCH v10 3/3] linux-user: Add support for statx() syscall

[Jim Wilson]

On 6/7/19 3:35 AM, Aleksandar Markovic wrote:

Implement support for translation of system call statx().


I also need these patches for 32-bit RISC-V linux user mode support.

glibc ld.so calls statx if fstatat is not supported.  Apparently new 
linux architecture ports aren't allowed to define __ARCH_WANT_NEW_STAT 
which enables fstatat because this is already obsolete.  64-bit RISC-V 
linux does have fstatat, but apparently this was a mistake which we 
can't fix now because the ABI is already frozen.  The 32-bit RISC-V ABI 
is not frozen yet, so it won't have fstatat.  Anyways, without statx, 
ld.so doesn't work, which makes user mode qemu pretty useless, so we do 
need this emulated in qemu to make the 32-bit RISC-V linux user mode 
support work properly.


I started with the August 2018 version of the patch a few weeks ago, and 
just noticed that it has been resubmitted.  I had to modify the patch 
slightly to apply to current sources, and had to fix one bug to make it 
work.  The line

+if (ret != TARGET_ENOSYS) {
needs to instead be
+if (ret != -TARGET_ENOSYS) {
I see that Laurent has already pointed that out.

Incidentally, I also have strace patches for statx that work on top of 
this patch, since I didn't see that in the nanomips patch set I started 
with.  That helped me debug the 32-bit RISC-V user mode support.


I've tested this on Ubuntu 16.04 (no host statx) and Ubuntu 19.10 (with 
host statx) and it worked well for me running the gcc testsuite for a 
riscv32-linux target.  I haven't tried testing the latest version of the 
patch yet.  I can do that if this is helpful.


Jim

Re: [Qemu-devel] [PATCH] iotests: Fix 205 for concurrent runs

[Eric Blake]

On 6/18/19 4:02 PM, Max Reitz wrote:
> Tests should place their files into the test directory.  This includes
> Unix sockets.  205 currently fails to do so, which prevents it from
> being run concurrently.
> 
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/205 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Eric Blake 

Feel free to take this through your iotests tree, but I can also stage
it through my NBD tree if I haven't seen it go in by the time of my next
pull request.

> 
> diff --git a/tests/qemu-iotests/205 b/tests/qemu-iotests/205
> index 69f2c1d392..b8a86c446e 100755
> --- a/tests/qemu-iotests/205
> +++ b/tests/qemu-iotests/205
> @@ -24,7 +24,7 @@ import iotests
>  import time
>  from iotests import qemu_img_create, qemu_io, filter_qemu_io, 
> QemuIoInteractive
>  
> -nbd_sock = 'nbd_sock'
> +nbd_sock = os.path.join(iotests.test_dir, 'nbd_sock')
>  nbd_uri = 'nbd+unix:///exp?socket=' + nbd_sock
>  disk = os.path.join(iotests.test_dir, 'disk')
>  
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] iotests: Fix 205 for concurrent runs

[Max Reitz]

Tests should place their files into the test directory.  This includes
Unix sockets.  205 currently fails to do so, which prevents it from
being run concurrently.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/205 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/205 b/tests/qemu-iotests/205
index 69f2c1d392..b8a86c446e 100755
--- a/tests/qemu-iotests/205
+++ b/tests/qemu-iotests/205
@@ -24,7 +24,7 @@ import iotests
 import time
 from iotests import qemu_img_create, qemu_io, filter_qemu_io, QemuIoInteractive
 
-nbd_sock = 'nbd_sock'
+nbd_sock = os.path.join(iotests.test_dir, 'nbd_sock')
 nbd_uri = 'nbd+unix:///exp?socket=' + nbd_sock
 disk = os.path.join(iotests.test_dir, 'disk')
 
-- 
2.21.0

Re: [Qemu-devel] [PATCH] Regression for m68k causing Single-Step via GDB/RSP to not single step

[Laurent Vivier]

Le 18/06/2019 à 21:39, Richard Henderson a écrit :
> On 6/18/19 11:44 AM, Laurent Vivier wrote:
>> Le 26/05/2019 à 09:50, Lucien Murray-Pitts a écrit :
>>> A regression that was introduced, with the refactor to TranslatorOps,
>>> drops two lines that update the PC when single-stepping is being performed.
>>> ( short commit 11ab74b )
>>>
>>> This patch resolves that issue.
>>
>> Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps")
>>
>>> Signed-off-by: Lucien Murray-Pitts 
>>> ---
>>>  target/m68k/translate.c | 2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
>>> index f0534a4ba0..2922ea79c3 100644
>>> --- a/target/m68k/translate.c
>>> +++ b/target/m68k/translate.c
>>> @@ -6130,6 +6130,8 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
>>> CPUState *cpu)
>>>  return;
>>>  }
>>>  if (dc->base.singlestep_enabled) {
>>> +update_cc_op(dc);
>>> +tcg_gen_movi_i32(QREG_PC, dc->pc);
>>>  gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
>>>  return;
>>>  }
>>>
>>
>> I've tested this fix single-stepping on a kernel, these two lines are 
>> not enough to fix the problem. In fact four lines have been dropped and 
>> we must re-add them all:
>>
>> iff --git a/target/m68k/translate.c b/target/m68k/translate.c
>> index d0f6d1f5cc..6c78001501 100644
>> --- a/target/m68k/translate.c
>> +++ b/target/m68k/translate.c
>> @@ -6200,6 +6200,10 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
>> CPUState *cpu)
>>  return;
>>  }
>>  if (dc->base.singlestep_enabled) {
>> +if (dc->base.is_jmp != DISAS_JUMP) {
>> +update_cc_op(dc);
>> +tcg_gen_movi_i32(QREG_PC, dc->pc);
>> +}
>>  gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
>>  return;
>>  }
> 
> Even this isn't quite right, according to the comments in the switch that
> follows.  I think it'd be best written like so.
> 
> 
> r~
> 
> 
> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index 2ae537461f..b61c7ea0f1 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -6124,27 +6124,34 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase,
> CPUState *cpu)
>  {
>  DisasContext *dc = container_of(dcbase, DisasContext, base);
> 
> -if (dc->base.is_jmp == DISAS_NORETURN) {
> -return;
> -}
> -if (dc->base.singlestep_enabled) {
> -gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
> -return;
> -}
> -
>  switch (dc->base.is_jmp) {
> +case DISAS_NORETURN:
> +break;
>  case DISAS_TOO_MANY:
>  update_cc_op(dc);
> -gen_jmp_tb(dc, 0, dc->pc);
> +if (dc->base.singlestep_enabled) {
> +tcg_gen_movi_i32(QREG_PC, dc->pc);
> +gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
> +} else {
> +gen_jmp_tb(dc, 0, dc->pc);
> +}
>  break;
>  case DISAS_JUMP:
>  /* We updated CC_OP and PC in gen_jmp/gen_jmp_im.  */
> -tcg_gen_lookup_and_goto_ptr();
> +if (dc->base.singlestep_enabled) {
> +gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
> +} else {
> +tcg_gen_lookup_and_goto_ptr();
> +}
>  break;
>  case DISAS_EXIT:
>  /* We updated CC_OP and PC in gen_exit_tb, but also modified
> other state that may require returning to the main loop.  */
> -tcg_gen_exit_tb(NULL, 0);
> +if (dc->base.singlestep_enabled) {
> +gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
> +} else {
> +tcg_gen_exit_tb(NULL, 0);
> +}
>  break;
>  default:
>  g_assert_not_reached();
> 

Yes, it works too.

Could you formally send a patch?

Thanks,
Laurent

Re: [Qemu-devel] [PATCH] Regression for m68k causing Single-Step via GDB/RSP to not single step

[Richard Henderson]

On 6/18/19 11:44 AM, Laurent Vivier wrote:
> Le 26/05/2019 à 09:50, Lucien Murray-Pitts a écrit :
>> A regression that was introduced, with the refactor to TranslatorOps,
>> drops two lines that update the PC when single-stepping is being performed.
>> ( short commit 11ab74b )
>>
>> This patch resolves that issue.
> 
> Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps")
> 
>> Signed-off-by: Lucien Murray-Pitts 
>> ---
>>  target/m68k/translate.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
>> index f0534a4ba0..2922ea79c3 100644
>> --- a/target/m68k/translate.c
>> +++ b/target/m68k/translate.c
>> @@ -6130,6 +6130,8 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
>> CPUState *cpu)
>>  return;
>>  }
>>  if (dc->base.singlestep_enabled) {
>> +update_cc_op(dc);
>> +tcg_gen_movi_i32(QREG_PC, dc->pc);
>>  gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
>>  return;
>>  }
>>
> 
> I've tested this fix single-stepping on a kernel, these two lines are 
> not enough to fix the problem. In fact four lines have been dropped and 
> we must re-add them all:
> 
> iff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index d0f6d1f5cc..6c78001501 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -6200,6 +6200,10 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
> CPUState *cpu)
>  return;
>  }
>  if (dc->base.singlestep_enabled) {
> +if (dc->base.is_jmp != DISAS_JUMP) {
> +update_cc_op(dc);
> +tcg_gen_movi_i32(QREG_PC, dc->pc);
> +}
>  gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
>  return;
>  }

Even this isn't quite right, according to the comments in the switch that
follows.  I think it'd be best written like so.


r~


diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 2ae537461f..b61c7ea0f1 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -6124,27 +6124,34 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase,
CPUState *cpu)
 {
 DisasContext *dc = container_of(dcbase, DisasContext, base);

-if (dc->base.is_jmp == DISAS_NORETURN) {
-return;
-}
-if (dc->base.singlestep_enabled) {
-gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
-return;
-}
-
 switch (dc->base.is_jmp) {
+case DISAS_NORETURN:
+break;
 case DISAS_TOO_MANY:
 update_cc_op(dc);
-gen_jmp_tb(dc, 0, dc->pc);
+if (dc->base.singlestep_enabled) {
+tcg_gen_movi_i32(QREG_PC, dc->pc);
+gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
+} else {
+gen_jmp_tb(dc, 0, dc->pc);
+}
 break;
 case DISAS_JUMP:
 /* We updated CC_OP and PC in gen_jmp/gen_jmp_im.  */
-tcg_gen_lookup_and_goto_ptr();
+if (dc->base.singlestep_enabled) {
+gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
+} else {
+tcg_gen_lookup_and_goto_ptr();
+}
 break;
 case DISAS_EXIT:
 /* We updated CC_OP and PC in gen_exit_tb, but also modified
other state that may require returning to the main loop.  */
-tcg_gen_exit_tb(NULL, 0);
+if (dc->base.singlestep_enabled) {
+gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
+} else {
+tcg_gen_exit_tb(NULL, 0);
+}
 break;
 default:
 g_assert_not_reached();

Re: [Qemu-devel] KVM call minutes for 2019-06-18

[Kevin Wolf]

Am 18.06.2019 um 16:49 hat Juan Quintela geschrieben:
> * Kevin is experimenthing with an external qemu-storage daemon
> * qemu-storage daemon vs process for each image
>   * compromise: less isolation but easier to do
> * i.e. just doing the full subsystem instead of each device

This is something that users can do then, but it's not a must.

The storage daemon is just a building block, and it's completely up to
the user whether they start a single daemon with many --blockdev options
and exports, or whether they start many daemons that serve only a single
image each.

Kevin

Re: [Qemu-devel] [PATCH] Regression for m68k causing Single-Step via GDB/RSP to not single step

[Laurent Vivier]

Le 26/05/2019 à 09:50, Lucien Murray-Pitts a écrit :
> A regression that was introduced, with the refactor to TranslatorOps,
> drops two lines that update the PC when single-stepping is being performed.
> ( short commit 11ab74b )
> 
> This patch resolves that issue.

Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps")

> Signed-off-by: Lucien Murray-Pitts 
> ---
>  target/m68k/translate.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index f0534a4ba0..2922ea79c3 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -6130,6 +6130,8 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
> CPUState *cpu)
>  return;
>  }
>  if (dc->base.singlestep_enabled) {
> +update_cc_op(dc);
> +tcg_gen_movi_i32(QREG_PC, dc->pc);
>  gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
>  return;
>  }
> 

I've tested this fix single-stepping on a kernel, these two lines are 
not enough to fix the problem. In fact four lines have been dropped and 
we must re-add them all:

iff --git a/target/m68k/translate.c b/target/m68k/translate.c
index d0f6d1f5cc..6c78001501 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -6200,6 +6200,10 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, 
CPUState *cpu)
 return;
 }
 if (dc->base.singlestep_enabled) {
+if (dc->base.is_jmp != DISAS_JUMP) {
+update_cc_op(dc);
+tcg_gen_movi_i32(QREG_PC, dc->pc);
+}
 gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
 return;
 }

The problem happens when we single-step over an "rts" instruction, 
instead of returning to the caller the PC points to the following 
instruction (PC + 2):

0x2e26 in arch_cpu_idle ()
1: x/i $pc  0x2e26 :   rts
(gdb) si
0x2e28 in machine_restart ()
1: x/i $pc  0x2e28 :   moveal 0x438ae4 ,%a0

The good instruction stream is:

0x2e26 in arch_cpu_idle ()
1: x/i $pc  0x2e26 :   rts
(gdb) si
0x0002be6a in do_idle ()
1: x/i $pc  0x2be6a :  movew %sr,%d0

Thanks,
Laurent

[Qemu-devel] [PATCH] Acceptance tests: workaround for serial devices / console socket issue

[Cleber Rosa]

We're seeing constant failures on aarch64 and arm targets on CI
on tests that have a kernel writing to a serial device used as console,
and a socket file connected to it.

After investigation, it was noticed that when interacting with some
devices, by means of the sockets around serial devices used as
console, QEMU may block an entire thread (see 6ab3fc32e).

This attempts to work around the behavior of those devices, by
closing the socket file connected to the chardev given to the
serial device.

Related to bug: https://bugs.launchpad.net/qemu/+bug/1829779

Signed-off-by: Cleber Rosa 
---
 tests/acceptance/boot_linux_console.py | 23 ---
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 32159503e9..ae31d914a8 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -30,12 +30,15 @@ class BootLinuxConsole(Test):
 KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 '
 
 def wait_for_console_pattern(self, success_message,
- failure_message='Kernel panic - not syncing'):
+ failure_message='Kernel panic - not syncing',
+ close=True):
 """
 Waits for messages to appear on the console, while logging the content
 
 :param success_message: if this message appears, test succeeds
 :param failure_message: if this message appears, test fails
+:param close: close the socket file once the a final (success or
+  failure) message is found
 """
 console = self.vm.console_socket.makefile()
 console_logger = logging.getLogger('console')
@@ -45,15 +48,20 @@ class BootLinuxConsole(Test):
 continue
 console_logger.debug(msg)
 if success_message in msg:
+if close:
+self.vm.console_socket.close()
 break
 if failure_message in msg:
+if close:
+self.vm.console_socket.close()
 fail = 'Failure message found in console: %s' % failure_message
 self.fail(fail)
 
-def exec_command_and_wait_for_pattern(self, command, success_message):
+def exec_command_and_wait_for_pattern(self, command, success_message,
+  close):
 command += '\n'
 self.vm.console_socket.sendall(command.encode())
-self.wait_for_console_pattern(success_message)
+self.wait_for_console_pattern(success_message, close=close)
 
 def extract_from_deb(self, deb, path):
 """
@@ -180,14 +188,15 @@ class BootLinuxConsole(Test):
  '-append', kernel_command_line,
  '-no-reboot')
 self.vm.launch()
-self.wait_for_console_pattern('Boot successful.')
+self.wait_for_console_pattern('Boot successful.', close=False)
 
 self.exec_command_and_wait_for_pattern('cat /proc/cpuinfo',
-   'BogoMIPS')
+   'BogoMIPS', close=False)
 self.exec_command_and_wait_for_pattern('uname -a',
-   'Debian')
+   'Debian', close=False)
 self.exec_command_and_wait_for_pattern('reboot',
-   'reboot: Restarting system')
+   'reboot: Restarting system',
+   close=True)
 
 def do_test_mips_malta32el_nanomips(self, kernel_url, kernel_hash):
 kernel_path_xz = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
-- 
2.21.0

Re: [Qemu-devel] [PATCH RESEND v21 00/21] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190618143923.53838-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH RESEND v21 00/21]  Add RX archtecture support
Type: series
Message-id: 20190618143923.53838-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 t [tag update]
patchew/20190618143923.53838-1-ys...@users.sourceforge.jp -> 
patchew/20190618143923.53838-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
1b70a2c5e3 BootLinuxConsoleTest: Test the RX-Virt machine
b1b44ed680 Add rx-softmmu
f313ac351c hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
57763b04f4 hw/rx: Honor -accel qtest
bf58fbd6c2 hw/rx: RX Target hardware definition
ece27860fa hw/char: RX62N serial communication interface (SCI)
ed845484f2 hw/timer: RX62N internal timer modules
e70e0f1b45 hw/intc: RX62N interrupt controller (ICUa)
31a1706ee1 target/rx: Dump bytes for each insn during disassembly
f8f829a583 target/rx: Collect all bytes during disassembly
007f80fb96 target/rx: Emit all disassembly in one prt()
49aa581505 target/rx: Use prt_ldmi for XCHG_mr disassembly
32047e7e71 target/rx: Replace operand with prt_ldmi in disassembler
21717d9d51 target/rx: Disassemble rx_index_addr into a string
d8ae8a9439 target/rx: RX disassembler
b0c9d476a0 target/rx: CPU definition
3b5f51618c target/rx: TCG helper
0672f653d3 target/rx: TCG translation
98019e980a hw/registerfields.h: Add 8bit and 16bit register macros
79c6710c70 qemu/bitops.h: Add extract8 and extract16
e6d4fac88d MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/21 Checking commit e6d4fac88d91 (MAINTAINERS: Add RX)
2/21 Checking commit 79c6710c70ee (qemu/bitops.h: Add extract8 and extract16)
3/21 Checking commit 98019e980a8f (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value within @rawlines in concatenation (.) or string at 
./scripts/checkpatch.pl line 2467.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/21 Checking commit 0672f653d3a0 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/21 Checking commit 3b5f51618ca8 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#25: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 5/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/21 Checking commit b0c9d476a072 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#29: 
new file mode 100644

total: 0 errors, 1 warnings, 622 lines checked

Patch 6/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/21 Checking commit d8ae8a94394b (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/21 Checking commit 21717d9d5167 (target/rx: Disassemble rx_index_addr into a 
string)
9/21 Checking commit 32047e7e716d (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/21 Checking commit 49aa581505c6 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/21 Checking commit 007f80fb96a8 (target/rx: Emit all disassembly in one 
prt())
12/21 Checking commit f8f829a58306 (target/rx: Collect all bytes during 
disassembly)
13/21 

Re: [Qemu-devel] question：about pr-helper unlink sock file fail

[Paolo Bonzini]

On 17/06/19 06:10, wangjie (P) wrote:
> Hi, I found there is a bug in pr-helper:
> 
>     We run pr-helper process in root, and drop all capabilities  expect
> CAP_SYS_RAWIO.
> 
>     But the sock file which connect from qemu is owned by qemu group,
> when pr-helper exit, 
> 
>     it will call  “close_server_socket ->
> object_unref(OBJECT(server_ioc)) -> qio_channel_socket_finalize ->
> socket_listen_cleanup” ,
> 
>     unlink sock file  will fail and output “Failed to unlink socket xxx,
> Permission denied”.
> 
>       I tried to add capability CAP_DAC_OVERRIDE in pr-helper, it will
> unlink sock success, but I think capability CAP_DAC_OVERRIDE is too
> dangerous.

Interesting... yeah, CAP_DAC_OVERRIDE is a big big hammer.  I think this
would be fixed by also changing owner and group of the pr-helper to
qemu; it should work because it uses CAP_SYS_RAWIO.

Paolo

[Qemu-devel] [PATCH v2 21/21] aspeed: vic: Add support for legacy register interface

[Cédric Le Goater]

From: Andrew Jeffery 

The legacy interface only supported up to 32 IRQs, which became
restrictive around the AST2400 generation. QEMU support for the SoCs
started with the AST2400 along with an effort to reimplement and
upstream drivers for Linux, so up until this point the consumers of the
QEMU ASPEED support only required the 64 IRQ register interface.

In an effort to support older BMC firmware, add support for the 32 IRQ
interface.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
---
 hw/intc/aspeed_vic.c | 105 ++-
 1 file changed, 63 insertions(+), 42 deletions(-)

diff --git a/hw/intc/aspeed_vic.c b/hw/intc/aspeed_vic.c
index 927638d5322a..266a309f3b47 100644
--- a/hw/intc/aspeed_vic.c
+++ b/hw/intc/aspeed_vic.c
@@ -104,54 +104,63 @@ static void aspeed_vic_set_irq(void *opaque, int irq, int 
level)
 
 static uint64_t aspeed_vic_read(void *opaque, hwaddr offset, unsigned size)
 {
-uint64_t val;
-const bool high = !!(offset & 0x4);
-hwaddr n_offset = (offset & ~0x4);
 AspeedVICState *s = (AspeedVICState *)opaque;
+hwaddr n_offset;
+uint64_t val;
+bool high;
 
 if (offset < AVIC_NEW_BASE_OFFSET) {
-qemu_log_mask(LOG_UNIMP, "%s: Ignoring read from legacy registers "
-  "at 0x%" HWADDR_PRIx "[%u]\n", __func__, offset, size);
-return 0;
+high = false;
+n_offset = offset;
+} else {
+high = !!(offset & 0x4);
+n_offset = (offset & ~0x4);
 }
 
-n_offset -= AVIC_NEW_BASE_OFFSET;
-
 switch (n_offset) {
-case 0x0: /* IRQ Status */
+case 0x80: /* IRQ Status */
+case 0x00:
 val = s->raw & ~s->select & s->enable;
 break;
-case 0x08: /* FIQ Status */
+case 0x88: /* FIQ Status */
+case 0x04:
 val = s->raw & s->select & s->enable;
 break;
-case 0x10: /* Raw Interrupt Status */
+case 0x90: /* Raw Interrupt Status */
+case 0x08:
 val = s->raw;
 break;
-case 0x18: /* Interrupt Selection */
+case 0x98: /* Interrupt Selection */
+case 0x0c:
 val = s->select;
 break;
-case 0x20: /* Interrupt Enable */
+case 0xa0: /* Interrupt Enable */
+case 0x10:
 val = s->enable;
 break;
-case 0x30: /* Software Interrupt */
+case 0xb0: /* Software Interrupt */
+case 0x18:
 val = s->trigger;
 break;
-case 0x40: /* Interrupt Sensitivity */
+case 0xc0: /* Interrupt Sensitivity */
+case 0x24:
 val = s->sense;
 break;
-case 0x48: /* Interrupt Both Edge Trigger Control */
+case 0xc8: /* Interrupt Both Edge Trigger Control */
+case 0x28:
 val = s->dual_edge;
 break;
-case 0x50: /* Interrupt Event */
+case 0xd0: /* Interrupt Event */
+case 0x2c:
 val = s->event;
 break;
-case 0x60: /* Edge Triggered Interrupt Status */
+case 0xe0: /* Edge Triggered Interrupt Status */
 val = s->raw & ~s->sense;
 break;
 /* Illegal */
-case 0x28: /* Interrupt Enable Clear */
-case 0x38: /* Software Interrupt Clear */
-case 0x58: /* Edge Triggered Interrupt Clear */
+case 0xa8: /* Interrupt Enable Clear */
+case 0xb8: /* Software Interrupt Clear */
+case 0xd8: /* Edge Triggered Interrupt Clear */
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: Read of write-only register with offset 0x%"
   HWADDR_PRIx "\n", __func__, offset);
@@ -166,6 +175,8 @@ static uint64_t aspeed_vic_read(void *opaque, hwaddr 
offset, unsigned size)
 }
 if (high) {
 val = extract64(val, 32, 19);
+} else {
+val = extract64(val, 0, 32);
 }
 trace_aspeed_vic_read(offset, size, val);
 return val;
@@ -174,19 +185,18 @@ static uint64_t aspeed_vic_read(void *opaque, hwaddr 
offset, unsigned size)
 static void aspeed_vic_write(void *opaque, hwaddr offset, uint64_t data,
  unsigned size)
 {
-const bool high = !!(offset & 0x4);
-hwaddr n_offset = (offset & ~0x4);
 AspeedVICState *s = (AspeedVICState *)opaque;
+hwaddr n_offset;
+bool high;
 
 if (offset < AVIC_NEW_BASE_OFFSET) {
-qemu_log_mask(LOG_UNIMP,
-  "%s: Ignoring write to legacy registers at 0x%"
-  HWADDR_PRIx "[%u] <- 0x%" PRIx64 "\n", __func__, offset,
-  size, data);
-return;
+high = false;
+n_offset = offset;
+} else {
+high = !!(offset & 0x4);
+n_offset = (offset & ~0x4);
 }
 
-n_offset -= AVIC_NEW_BASE_OFFSET;
 trace_aspeed_vic_write(offset, size, data);
 
 /* Given we have members using separate enable/clear registers, deposit64()
@@ -201,7 +211,8 @@ static void aspeed_vic_write(void *opaque, hwaddr offset, 
uint64_t data,
 }
 
 switch (n_offset) {
-case 0x18: /* Interrupt Selection */
+case 

[Qemu-devel] [PATCH v2 20/21] hw/misc/aspeed_xdma: New device

[Cédric Le Goater]

From: Eddie James 

The XDMA engine embedded in the Aspeed SOCs performs PCI DMA operations
between the SOC (acting as a BMC) and a host processor in a server.

The XDMA engine exists on the AST2400, AST2500, and AST2600 SOCs, so
enable it for all of those. Add trace events on the important register
writes in the XDMA engine.

Signed-off-by: Eddie James 
Reviewed-by: Philippe Mathieu-Daudé 
[clg: - changed title ]
Signed-off-by: Cédric Le Goater 
---
 include/hw/arm/aspeed_soc.h   |   3 +
 include/hw/misc/aspeed_xdma.h |  30 +++
 hw/arm/aspeed_soc.c   |  17 
 hw/misc/aspeed_xdma.c | 165 ++
 hw/misc/Makefile.objs |   1 +
 hw/misc/trace-events  |   3 +
 6 files changed, 219 insertions(+)
 create mode 100644 include/hw/misc/aspeed_xdma.h
 create mode 100644 hw/misc/aspeed_xdma.c

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 75b557060b9b..cef605ad6bde 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -15,6 +15,7 @@
 #include "hw/intc/aspeed_vic.h"
 #include "hw/misc/aspeed_scu.h"
 #include "hw/misc/aspeed_sdmc.h"
+#include "hw/misc/aspeed_xdma.h"
 #include "hw/timer/aspeed_timer.h"
 #include "hw/timer/aspeed_rtc.h"
 #include "hw/i2c/aspeed_i2c.h"
@@ -40,6 +41,7 @@ typedef struct AspeedSoCState {
 AspeedTimerCtrlState timerctrl;
 AspeedI2CState i2c;
 AspeedSCUState scu;
+AspeedXDMAState xdma;
 AspeedSMCState fmc;
 AspeedSMCState spi[ASPEED_SPIS_NUM];
 AspeedSDMCState sdmc;
@@ -108,6 +110,7 @@ enum {
 ASPEED_ETH1,
 ASPEED_ETH2,
 ASPEED_SDRAM,
+ASPEED_XDMA,
 };
 
 #endif /* ASPEED_SOC_H */
diff --git a/include/hw/misc/aspeed_xdma.h b/include/hw/misc/aspeed_xdma.h
new file mode 100644
index ..00b45d931f87
--- /dev/null
+++ b/include/hw/misc/aspeed_xdma.h
@@ -0,0 +1,30 @@
+/*
+ * ASPEED XDMA Controller
+ * Eddie James 
+ *
+ * Copyright (C) 2019 IBM Corp.
+ * SPDX-License-Identifer: GPL-2.0-or-later
+ */
+
+#ifndef ASPEED_XDMA_H
+#define ASPEED_XDMA_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_ASPEED_XDMA "aspeed.xdma"
+#define ASPEED_XDMA(obj) OBJECT_CHECK(AspeedXDMAState, (obj), TYPE_ASPEED_XDMA)
+
+#define ASPEED_XDMA_NUM_REGS (ASPEED_XDMA_REG_SIZE / sizeof(uint32_t))
+#define ASPEED_XDMA_REG_SIZE 0x7C
+
+typedef struct AspeedXDMAState {
+SysBusDevice parent;
+
+MemoryRegion iomem;
+qemu_irq irq;
+
+char bmc_cmdq_readp_set;
+uint32_t regs[ASPEED_XDMA_NUM_REGS];
+} AspeedXDMAState;
+
+#endif /* ASPEED_XDMA_H */
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 8a1545545faf..1468d320 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -32,6 +32,7 @@ static const hwaddr aspeed_soc_ast2400_memmap[] = {
 [ASPEED_VIC]= 0x1E6C,
 [ASPEED_SDMC]   = 0x1E6E,
 [ASPEED_SCU]= 0x1E6E2000,
+[ASPEED_XDMA]   = 0x1E6E7000,
 [ASPEED_ADC]= 0x1E6E9000,
 [ASPEED_SRAM]   = 0x1E72,
 [ASPEED_GPIO]   = 0x1E78,
@@ -58,6 +59,7 @@ static const hwaddr aspeed_soc_ast2500_memmap[] = {
 [ASPEED_VIC]= 0x1E6C,
 [ASPEED_SDMC]   = 0x1E6E,
 [ASPEED_SCU]= 0x1E6E2000,
+[ASPEED_XDMA]   = 0x1E6E7000,
 [ASPEED_ADC]= 0x1E6E9000,
 [ASPEED_SRAM]   = 0x1E72,
 [ASPEED_GPIO]   = 0x1E78,
@@ -104,6 +106,7 @@ static const int aspeed_soc_ast2400_irqmap[] = {
 [ASPEED_I2C]= 12,
 [ASPEED_ETH1]   = 2,
 [ASPEED_ETH2]   = 3,
+[ASPEED_XDMA]   = 6,
 };
 
 #define aspeed_soc_ast2500_irqmap aspeed_soc_ast2400_irqmap
@@ -240,6 +243,9 @@ static void aspeed_soc_init(Object *obj)
 sysbus_init_child_obj(obj, "ftgmac100[*]", OBJECT(>ftgmac100[i]),
   sizeof(s->ftgmac100[i]), TYPE_FTGMAC100);
 }
+
+sysbus_init_child_obj(obj, "xdma", OBJECT(>xdma), sizeof(s->xdma),
+  TYPE_ASPEED_XDMA);
 }
 
 static void aspeed_soc_realize(DeviceState *dev, Error **errp)
@@ -408,6 +414,17 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(>ftgmac100[i]), 0,
aspeed_soc_get_irq(s, ASPEED_ETH1 + i));
 }
+
+/* XDMA */
+object_property_set_bool(OBJECT(>xdma), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>xdma), 0,
+sc->info->memmap[ASPEED_XDMA]);
+sysbus_connect_irq(SYS_BUS_DEVICE(>xdma), 0,
+   aspeed_soc_get_irq(s, ASPEED_XDMA));
 }
 static Property aspeed_soc_properties[] = {
 DEFINE_PROP_UINT32("num-cpus", AspeedSoCState, num_cpus, 0),
diff --git a/hw/misc/aspeed_xdma.c b/hw/misc/aspeed_xdma.c
new file mode 100644
index ..eebd4ad540aa
--- /dev/null
+++ b/hw/misc/aspeed_xdma.c
@@ -0,0 +1,165 @@
+/*
+ * ASPEED XDMA Controller
+ * Eddie James 
+ *
+ * Copyright (C) 2019 IBM Corp
+ * SPDX-License-Identifer: GPL-2.0-or-later
+ */
+

[Qemu-devel] [PATCH v2 19/21] aspeed: Add support for the swift-bmc board

[Cédric Le Goater]

From: Adriana Kobylak 

The Swift board is an OpenPOWER system hosting POWER processors.
Add support for their BMC including the I2C devices as found on HW.

Signed-off-by: Adriana Kobylak 
Reviewed-by: Cédric Le Goater 
---
 hw/arm/aspeed.c | 50 +
 1 file changed, 50 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index e404f8b244a9..51d6b5dd9627 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -73,6 +73,17 @@ struct AspeedBoardState {
 SCU_AST2500_HW_STRAP_ACPI_ENABLE |  \
 SCU_HW_STRAP_SPI_MODE(SCU_HW_STRAP_SPI_MASTER))
 
+/* Swift hardware value: 0xF11AD206 */
+#define SWIFT_BMC_HW_STRAP1 (   \
+AST2500_HW_STRAP1_DEFAULTS |\
+SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE | \
+SCU_AST2500_HW_STRAP_GPIO_STRAP_ENABLE |\
+SCU_AST2500_HW_STRAP_UART_DEBUG |   \
+SCU_AST2500_HW_STRAP_DDR4_ENABLE |  \
+SCU_H_PLL_BYPASS_EN |   \
+SCU_AST2500_HW_STRAP_ACPI_ENABLE |  \
+SCU_HW_STRAP_SPI_MODE(SCU_HW_STRAP_SPI_MASTER))
+
 /* Witherspoon hardware value: 0xF10AD216 (but use romulus definition) */
 #define WITHERSPOON_BMC_HW_STRAP1 ROMULUS_BMC_HW_STRAP1
 
@@ -294,6 +305,35 @@ static void romulus_bmc_i2c_init(AspeedBoardState *bmc)
 i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 11), "ds1338", 
0x32);
 }
 
+static void swift_bmc_i2c_init(AspeedBoardState *bmc)
+{
+AspeedSoCState *soc = >soc;
+
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 3), "pca9552", 
0x60);
+
+/* The swift board expects a TMP275 but a TMP105 is compatible */
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 7), "tmp105", 0x48);
+/* The swift board expects a pca9551 but a pca9552 is compatible */
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 7), "pca9552", 
0x60);
+
+/* The swift board expects an Epson RX8900 RTC but a ds1338 is compatible 
*/
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 8), "ds1338", 0x32);
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 8), "pca9552", 
0x60);
+
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 9), "tmp423", 0x4c);
+/* The swift board expects a pca9539 but a pca9552 is compatible */
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 9), "pca9552", 
0x74);
+
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 10), "tmp423", 
0x4c);
+/* The swift board expects a pca9539 but a pca9552 is compatible */
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 10), "pca9552",
+ 0x74);
+
+/* The swift board expects a TMP275 but a TMP105 is compatible */
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 12), "tmp105", 
0x48);
+i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 12), "tmp105", 
0x4a);
+}
+
 static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc)
 {
 AspeedSoCState *soc = >soc;
@@ -384,6 +424,16 @@ static const AspeedBoardConfig aspeed_boards[] = {
 .num_cs= 2,
 .i2c_init  = romulus_bmc_i2c_init,
 .ram   = 512 * MiB,
+}, {
+.name  = MACHINE_TYPE_NAME("swift-bmc"),
+.desc  = "OpenPOWER Swift BMC (ARM1176)",
+.soc_name  = "ast2500-a1",
+.hw_strap1 = SWIFT_BMC_HW_STRAP1,
+.fmc_model = "mx66l1g45g",
+.spi_model = "mx66l1g45g",
+.num_cs= 2,
+.i2c_init  = swift_bmc_i2c_init,
+.ram   = 512 * MiB,
 }, {
 .name  = MACHINE_TYPE_NAME("witherspoon-bmc"),
 .desc  = "OpenPOWER Witherspoon BMC (ARM1176)",
-- 
2.21.0

[Qemu-devel] [PATCH v2 18/21] aspeed/smc: Calculate checksum on normal DMA

[Cédric Le Goater]

From: Christian Svensson 

This patch adds the missing checksum calculation on normal DMA transfer.
According to the datasheet this is how the SMC should behave.

Verified on AST1250 that the hardware matches the behaviour.

Signed-off-by: Christian Svensson 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
---
 hw/ssi/aspeed_smc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 5c017f631ffd..9d0f17ce84ae 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -993,6 +993,7 @@ static void aspeed_smc_dma_rw(AspeedSMCState *s)
 s->regs[R_DMA_FLASH_ADDR] += 4;
 s->regs[R_DMA_DRAM_ADDR] += 4;
 s->regs[R_DMA_LEN] -= 4;
+s->regs[R_DMA_CHECKSUM] += data;
 }
 }
 
-- 
2.21.0

[Qemu-devel] [PATCH v2 07/21] aspeed/timer: Fix behaviour running Linux

[Cédric Le Goater]

From: Joel Stanley 

The Linux kernel driver was updated in commit 4451d3f59f2a
("clocksource/drivers/fttmr010: Fix set_next_event handler) to fix an
issue observed on hardware:

 > RELOAD register is loaded into COUNT register when the aspeed timer
 > is enabled, which means the next event may be delayed because timer
 > interrupt won't be generated until <0x - current_count +
 > cycles>.

When running under Qemu, the system appeared "laggy". The guest is now
scheduling timer events too regularly, starving the host of CPU time.

This patch modifies the timer model to attempt to schedule the timer
expiry as the guest requests, but if we have missed the deadline we
re interrupt and try again, which allows the guest to catch up.

Provides expected behaviour with old and new guest code.

Fixes: c04bd47db6b9 ("hw/timer: Add ASPEED timer device model")
Signed-off-by: Joel Stanley 
[clg: - merged a fix from Andrew Jeffery 
"Fire interrupt on failure to meet deadline"
https://lists.ozlabs.org/pipermail/openbmc/2019-January/014641.html
  - adapted commit log
  - checkpatch fixes ]
Signed-off-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 59 ++---
 1 file changed, 31 insertions(+), 28 deletions(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 2c3a4d0fe770..537f072cf87f 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -109,37 +109,40 @@ static inline uint64_t calculate_time(struct AspeedTimer 
*t, uint32_t ticks)
 
 static uint64_t calculate_next(struct AspeedTimer *t)
 {
-uint64_t next = 0;
-uint32_t rate = calculate_rate(t);
+uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+uint64_t next;
 
-while (!next) {
-/* We don't know the relationship between the values in the match
- * registers, so sort using MAX/MIN/zero. We sort in that order as the
- * timer counts down to zero. */
-uint64_t seq[] = {
-calculate_time(t, MAX(t->match[0], t->match[1])),
-calculate_time(t, MIN(t->match[0], t->match[1])),
-calculate_time(t, 0),
-};
-uint64_t reload_ns;
-uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
-
-if (now < seq[0]) {
-next = seq[0];
-} else if (now < seq[1]) {
-next = seq[1];
-} else if (now < seq[2]) {
-next = seq[2];
-} else if (t->reload) {
-reload_ns = muldiv64(t->reload, NANOSECONDS_PER_SECOND, rate);
-t->start = now - ((now - t->start) % reload_ns);
-} else {
-/* no reload value, return 0 */
-break;
-}
+/*
+ * We don't know the relationship between the values in the match
+ * registers, so sort using MAX/MIN/zero. We sort in that order as
+ * the timer counts down to zero.
+ */
+
+next = calculate_time(t, MAX(t->match[0], t->match[1]));
+if (now < next) {
+return next;
+}
+
+next = calculate_time(t, MIN(t->match[0], t->match[1]));
+if (now < next) {
+return next;
+}
+
+next = calculate_time(t, 0);
+if (now < next) {
+return next;
+}
+
+/* We've missed all deadlines, fire interrupt and try again */
+timer_del(>timer);
+
+if (timer_overflow_interrupt(t)) {
+t->level = !t->level;
+qemu_set_irq(t->irq, t->level);
 }
 
-return next;
+t->start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+return calculate_time(t, MAX(MAX(t->match[0], t->match[1]), 0));
 }
 
 static void aspeed_timer_mod(AspeedTimer *t)
-- 
2.21.0

[Qemu-devel] [PATCH v2 16/21] aspeed/smc: add DMA calibration settings

[Cédric Le Goater]

When doing calibration, the SPI clock rate in the CE0 Control Register
and the read delay cycles in the Read Timing Compensation Register are
set using bit[11:4] of the DMA Control Register.

Signed-off-by: Cédric Le Goater 
Acked-by: Joel Stanley 
---
 hw/ssi/aspeed_smc.c | 64 -
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index e00cdebae232..4a2e3a9135b6 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -75,6 +75,10 @@
 #define   CTRL_CMD_MASK0xff
 #define   CTRL_DUMMY_HIGH_SHIFT14
 #define   CTRL_AST2400_SPI_4BYTE   (1 << 13)
+#define CE_CTRL_CLOCK_FREQ_SHIFT   8
+#define CE_CTRL_CLOCK_FREQ_MASK0xf
+#define CE_CTRL_CLOCK_FREQ(div) \
+(((div) & CE_CTRL_CLOCK_FREQ_MASK) << CE_CTRL_CLOCK_FREQ_SHIFT)
 #define   CTRL_DUMMY_LOW_SHIFT 6 /* 2 bits [7:6] */
 #define   CTRL_CE_STOP_ACTIVE  (1 << 2)
 #define   CTRL_CMD_MODE_MASK   0x3
@@ -110,7 +114,7 @@
 #define   DMA_CTRL_DELAY_SHIFT  8
 #define   DMA_CTRL_FREQ_MASK0xf
 #define   DMA_CTRL_FREQ_SHIFT   4
-#define   DMA_CTRL_MODE (1 << 3)
+#define   DMA_CTRL_CALIB(1 << 3)
 #define   DMA_CTRL_CKSUM(1 << 2)
 #define   DMA_CTRL_WRITE(1 << 1)
 #define   DMA_CTRL_ENABLE   (1 << 0)
@@ -809,6 +813,60 @@ static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, 
unsigned int size)
 }
 }
 
+static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)
+{
+/* HCLK/1 .. HCLK/16 */
+const uint8_t hclk_divisors[] = {
+15, 7, 14, 6, 13, 5, 12, 4, 11, 3, 10, 2, 9, 1, 8, 0
+};
+int i;
+
+for (i = 0; i < ARRAY_SIZE(hclk_divisors); i++) {
+if (hclk_mask == hclk_divisors[i]) {
+return i + 1;
+}
+}
+
+qemu_log_mask(LOG_GUEST_ERROR, "invalid HCLK mask %x", hclk_mask);
+return 0;
+}
+
+/*
+ * When doing calibration, the SPI clock rate in the CE0 Control
+ * Register and the read delay cycles in the Read Timing Compensation
+ * Register are set using bit[11:4] of the DMA Control Register.
+ */
+static void aspeed_smc_dma_calibration(AspeedSMCState *s)
+{
+uint8_t delay =
+(s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK;
+uint8_t hclk_mask =
+(s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK;
+uint8_t hclk_div = aspeed_smc_hclk_divisor(hclk_mask);
+uint32_t hclk_shift = (hclk_div - 1) << 2;
+uint8_t cs;
+
+/*
+ * The Read Timing Compensation Register values apply to all CS on
+ * the SPI bus and only HCLK/1 - HCLK/5 can have tunable delays
+ */
+if (hclk_div && hclk_div < 6) {
+s->regs[s->r_timings] &= ~(0xf << hclk_shift);
+s->regs[s->r_timings] |= delay << hclk_shift;
+}
+
+/*
+ * TODO: compute the CS from the DMA address and the segment
+ * registers. This is not really a problem for now because the
+ * Timing Register values apply to all CS and software uses CS0 to
+ * do calibration.
+ */
+cs = 0;
+s->regs[s->r_ctrl0 + cs] &=
+~(CE_CTRL_CLOCK_FREQ_MASK << CE_CTRL_CLOCK_FREQ_SHIFT);
+s->regs[s->r_ctrl0 + cs] |= CE_CTRL_CLOCK_FREQ(hclk_div);
+}
+
 /*
  * Accumulate the result of the reads to provide a checksum that will
  * be used to validate the read timing settings.
@@ -824,6 +882,10 @@ static void aspeed_smc_dma_checksum(AspeedSMCState *s)
 return;
 }
 
+if (s->regs[R_DMA_CTRL] & DMA_CTRL_CALIB) {
+aspeed_smc_dma_calibration(s);
+}
+
 while (s->regs[R_DMA_LEN]) {
 result = address_space_read(>flash_as, s->regs[R_DMA_FLASH_ADDR],
 MEMTXATTRS_UNSPECIFIED,
-- 
2.21.0

[Qemu-devel] [PATCH v2 06/21] aspeed: add support for multiple NICs

[Cédric Le Goater]

The Aspeed SoCs have two MACs. Extend the Aspeed model to support a
second NIC.

Signed-off-by: Cédric Le Goater 
---
 include/hw/arm/aspeed_soc.h |  3 ++-
 hw/arm/aspeed_soc.c | 33 +++--
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index b613b00600fc..75b557060b9b 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -25,6 +25,7 @@
 #define ASPEED_SPIS_NUM  2
 #define ASPEED_WDTS_NUM  3
 #define ASPEED_CPUS_NUM  2
+#define ASPEED_MACS_NUM  2
 
 typedef struct AspeedSoCState {
 /*< private >*/
@@ -43,7 +44,7 @@ typedef struct AspeedSoCState {
 AspeedSMCState spi[ASPEED_SPIS_NUM];
 AspeedSDMCState sdmc;
 AspeedWDTState wdt[ASPEED_WDTS_NUM];
-FTGMAC100State ftgmac100;
+FTGMAC100State ftgmac100[ASPEED_MACS_NUM];
 } AspeedSoCState;
 
 #define TYPE_ASPEED_SOC "aspeed-soc"
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index d38fb0aaa0f5..736e52366a66 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -234,8 +234,10 @@ static void aspeed_soc_init(Object *obj)
 sc->info->silicon_rev);
 }
 
-sysbus_init_child_obj(obj, "ftgmac100", OBJECT(>ftgmac100),
-  sizeof(s->ftgmac100), TYPE_FTGMAC100);
+for (i = 0; i < ASPEED_MACS_NUM; i++) {
+sysbus_init_child_obj(obj, "ftgmac100[*]", OBJECT(>ftgmac100[i]),
+  sizeof(s->ftgmac100[i]), TYPE_FTGMAC100);
+}
 }
 
 static void aspeed_soc_realize(DeviceState *dev, Error **errp)
@@ -382,19 +384,22 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 }
 
 /* Net */
-qdev_set_nic_properties(DEVICE(>ftgmac100), _table[0]);
-object_property_set_bool(OBJECT(>ftgmac100), true, "aspeed", );
-object_property_set_bool(OBJECT(>ftgmac100), true, "realized",
- _err);
-error_propagate(, local_err);
-if (err) {
-error_propagate(errp, err);
-return;
+for (i = 0; i < nb_nics; i++) {
+qdev_set_nic_properties(DEVICE(>ftgmac100[i]), _table[i]);
+object_property_set_bool(OBJECT(>ftgmac100[i]), true, "aspeed",
+ );
+object_property_set_bool(OBJECT(>ftgmac100[i]), true, "realized",
+ _err);
+error_propagate(, local_err);
+if (err) {
+error_propagate(errp, err);
+   return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>ftgmac100[i]), 0,
+sc->info->memmap[ASPEED_ETH1 + i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(>ftgmac100[i]), 0,
+   aspeed_soc_get_irq(s, ASPEED_ETH1 + i));
 }
-sysbus_mmio_map(SYS_BUS_DEVICE(>ftgmac100), 0,
-sc->info->memmap[ASPEED_ETH1]);
-sysbus_connect_irq(SYS_BUS_DEVICE(>ftgmac100), 0,
-   aspeed_soc_get_irq(s, ASPEED_ETH1));
 }
 static Property aspeed_soc_properties[] = {
 DEFINE_PROP_UINT32("num-cpus", AspeedSoCState, num_cpus, 0),
-- 
2.21.0

[Qemu-devel] [PATCH v2 14/21] aspeed/smc: add a 'sdram_base' property

[Cédric Le Goater]

The DRAM address of a DMA transaction depends on the DRAM base address
of the SoC. Inform the SMC controller model with this value.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/ssi/aspeed_smc.h | 3 +++
 hw/arm/aspeed_soc.c | 6 ++
 hw/ssi/aspeed_smc.c | 1 +
 3 files changed, 10 insertions(+)

diff --git a/include/hw/ssi/aspeed_smc.h b/include/hw/ssi/aspeed_smc.h
index 3b1e7fce6c86..591279ba1f43 100644
--- a/include/hw/ssi/aspeed_smc.h
+++ b/include/hw/ssi/aspeed_smc.h
@@ -97,6 +97,9 @@ typedef struct AspeedSMCState {
 uint8_t r_timings;
 uint8_t conf_enable_w0;
 
+/* for DMA support */
+uint64_t sdram_base;
+
 AspeedSMCFlash *flashes;
 
 uint8_t snoop_index;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 736e52366a66..02feb4361ba4 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -337,6 +337,12 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
aspeed_soc_get_irq(s, ASPEED_I2C));
 
 /* FMC, The number of CS is set at the board level */
+object_property_set_int(OBJECT(>fmc), sc->info->memmap[ASPEED_SDRAM],
+"sdram-base", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
 object_property_set_bool(OBJECT(>fmc), true, "realized", );
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 9eda0d720be6..81f2fb7f707a 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -913,6 +913,7 @@ static const VMStateDescription vmstate_aspeed_smc = {
 
 static Property aspeed_smc_properties[] = {
 DEFINE_PROP_UINT32("num-cs", AspeedSMCState, num_cs, 1),
+DEFINE_PROP_UINT64("sdram-base", AspeedSMCState, sdram_base, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.21.0

[Qemu-devel] [PATCH v2 13/21] aspeed: add a RAM memory region container

[Cédric Le Goater]

The RAM memory region is defined after the SoC is realized when the
SDMC controller has checked that the defined RAM size for the machine
is correct. This is problematic for controller models requiring a link
on the RAM region, for DMA support in the SMC controller for instance.

Introduce a container memory region for the RAM that we can link into
the controllers early, before the SoC is realized. It will be
populated with the RAM region after the checks have be done.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
---
 hw/arm/aspeed.c | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 5d73267da16f..7f01df1b61d8 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -33,6 +33,7 @@ static struct arm_boot_info aspeed_board_binfo = {
 
 struct AspeedBoardState {
 AspeedSoCState soc;
+MemoryRegion ram_container;
 MemoryRegion ram;
 MemoryRegion max_ram;
 };
@@ -159,6 +160,10 @@ static void aspeed_board_init(MachineState *machine,
 ram_addr_t max_ram_size;
 
 bmc = g_new0(AspeedBoardState, 1);
+
+memory_region_init(>ram_container, NULL, "aspeed-ram-container",
+   UINT32_MAX);
+
 object_initialize_child(OBJECT(machine), "soc", >soc,
 (sizeof(bmc->soc)), cfg->soc_name, _abort,
 NULL);
@@ -193,16 +198,16 @@ static void aspeed_board_init(MachineState *machine,
 _abort);
 
 memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
+memory_region_add_subregion(>ram_container, 0, >ram);
 memory_region_add_subregion(get_system_memory(),
-sc->info->memmap[ASPEED_SDRAM], >ram);
+sc->info->memmap[ASPEED_SDRAM],
+>ram_container);
 
 max_ram_size = object_property_get_uint(OBJECT(>soc), "max-ram-size",
 _abort);
 memory_region_init_io(>max_ram, NULL, _ram_ops, NULL,
   "max_ram", max_ram_size  - ram_size);
-memory_region_add_subregion(get_system_memory(),
-sc->info->memmap[ASPEED_SDRAM] + ram_size,
->max_ram);
+memory_region_add_subregion(>ram_container, ram_size, >max_ram);
 
 aspeed_board_init_flashes(>soc.fmc, cfg->fmc_model, _abort);
 aspeed_board_init_flashes(>soc.spi[0], cfg->spi_model, _abort);
-- 
2.21.0

[Qemu-devel] [PATCH v2 02/21] aspeed: add a per SoC mapping for the memory space

[Cédric Le Goater]

This will simplify the definition of new SoCs, like the AST2600 which
should use a slightly different address space and have a different set
of controllers.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Joel Stanley 
---
 include/hw/arm/aspeed_soc.h |   4 +-
 hw/arm/aspeed.c |   8 +--
 hw/arm/aspeed_soc.c | 117 ++--
 3 files changed, 78 insertions(+), 51 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 963abecb7244..88b901d5dfa9 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -49,14 +49,13 @@ typedef struct AspeedSoCInfo {
 const char *name;
 const char *cpu_type;
 uint32_t silicon_rev;
-hwaddr sdram_base;
 uint64_t sram_size;
 int spis_num;
-const hwaddr *spi_bases;
 const char *fmc_typename;
 const char **spi_typename;
 int wdts_num;
 const int *irqmap;
+const hwaddr *memmap;
 } AspeedSoCInfo;
 
 typedef struct AspeedSoCClass {
@@ -102,6 +101,7 @@ enum {
 ASPEED_I2C,
 ASPEED_ETH1,
 ASPEED_ETH2,
+ASPEED_SDRAM,
 };
 
 #endif /* ASPEED_SOC_H */
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index d2ad2da24b50..c692ca1dba90 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -191,8 +191,8 @@ static void aspeed_board_init(MachineState *machine,
 _abort);
 
 memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
-memory_region_add_subregion(get_system_memory(), sc->info->sdram_base,
->ram);
+memory_region_add_subregion(get_system_memory(),
+sc->info->memmap[ASPEED_SDRAM], >ram);
 object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
_abort);
 
@@ -201,7 +201,7 @@ static void aspeed_board_init(MachineState *machine,
 memory_region_init_io(>max_ram, NULL, _ram_ops, NULL,
   "max_ram", max_ram_size  - ram_size);
 memory_region_add_subregion(get_system_memory(),
-sc->info->sdram_base + ram_size,
+sc->info->memmap[ASPEED_SDRAM] + ram_size,
 >max_ram);
 
 aspeed_board_init_flashes(>soc.fmc, cfg->fmc_model, _abort);
@@ -229,7 +229,7 @@ static void aspeed_board_init(MachineState *machine,
 aspeed_board_binfo.initrd_filename = machine->initrd_filename;
 aspeed_board_binfo.kernel_cmdline = machine->kernel_cmdline;
 aspeed_board_binfo.ram_size = ram_size;
-aspeed_board_binfo.loader_start = sc->info->sdram_base;
+aspeed_board_binfo.loader_start = sc->info->memmap[ASPEED_SDRAM];
 
 if (cfg->i2c_init) {
 cfg->i2c_init(bmc);
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index de75bf04027d..1cc98b9f4045 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -22,21 +22,58 @@
 #include "hw/i2c/aspeed_i2c.h"
 #include "net/net.h"
 
-#define ASPEED_SOC_UART_5_BASE  0x00184000
 #define ASPEED_SOC_IOMEM_SIZE   0x0020
-#define ASPEED_SOC_IOMEM_BASE   0x1E60
-#define ASPEED_SOC_FMC_BASE 0x1E62
-#define ASPEED_SOC_SPI_BASE 0x1E63
-#define ASPEED_SOC_SPI2_BASE0x1E631000
-#define ASPEED_SOC_VIC_BASE 0x1E6C
-#define ASPEED_SOC_SDMC_BASE0x1E6E
-#define ASPEED_SOC_SCU_BASE 0x1E6E2000
-#define ASPEED_SOC_SRAM_BASE0x1E72
-#define ASPEED_SOC_TIMER_BASE   0x1E782000
-#define ASPEED_SOC_WDT_BASE 0x1E785000
-#define ASPEED_SOC_I2C_BASE 0x1E78A000
-#define ASPEED_SOC_ETH1_BASE0x1E66
-#define ASPEED_SOC_ETH2_BASE0x1E68
+
+static const hwaddr aspeed_soc_ast2400_memmap[] = {
+[ASPEED_IOMEM]  = 0x1E60,
+[ASPEED_FMC]= 0x1E62,
+[ASPEED_SPI1]   = 0x1E63,
+[ASPEED_VIC]= 0x1E6C,
+[ASPEED_SDMC]   = 0x1E6E,
+[ASPEED_SCU]= 0x1E6E2000,
+[ASPEED_ADC]= 0x1E6E9000,
+[ASPEED_SRAM]   = 0x1E72,
+[ASPEED_GPIO]   = 0x1E78,
+[ASPEED_RTC]= 0x1E781000,
+[ASPEED_TIMER1] = 0x1E782000,
+[ASPEED_WDT]= 0x1E785000,
+[ASPEED_PWM]= 0x1E786000,
+[ASPEED_LPC]= 0x1E789000,
+[ASPEED_IBT]= 0x1E789140,
+[ASPEED_I2C]= 0x1E78A000,
+[ASPEED_ETH1]   = 0x1E66,
+[ASPEED_ETH2]   = 0x1E68,
+[ASPEED_UART1]  = 0x1E783000,
+[ASPEED_UART5]  = 0x1E784000,
+[ASPEED_VUART]  = 0x1E787000,
+[ASPEED_SDRAM]  = 0x4000,
+};
+
+static const hwaddr aspeed_soc_ast2500_memmap[] = {
+[ASPEED_IOMEM]  = 0x1E60,
+[ASPEED_FMC]= 0x1E62,
+[ASPEED_SPI1]   = 0x1E63,
+[ASPEED_SPI2]   = 0x1E631000,
+[ASPEED_VIC]= 0x1E6C,
+[ASPEED_SDMC]   = 0x1E6E,
+[ASPEED_SCU]= 0x1E6E2000,
+[ASPEED_ADC]= 0x1E6E9000,
+[ASPEED_SRAM]   = 0x1E72,
+[ASPEED_GPIO]   = 0x1E78,
+   

[Qemu-devel] [PATCH v2 17/21] aspeed/smc: inject errors in DMA checksum

[Cédric Le Goater]

Emulate read errors in the DMA Checksum Register for high frequencies
and optimistic settings of the Read Timing Compensation Register. This
will help in tuning the SPI timing calibration algorithm.

The values below are those to expect from the first flash device of
the FMC controller of a palmetto-bmc machine.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
---

 Changes since v1:

 - introduced a "inject-failure" property as suggested by Philippe

 include/hw/ssi/aspeed_smc.h |  1 +
 hw/ssi/aspeed_smc.c | 36 
 2 files changed, 37 insertions(+)

diff --git a/include/hw/ssi/aspeed_smc.h b/include/hw/ssi/aspeed_smc.h
index 453357cc09bf..ba496956cd5e 100644
--- a/include/hw/ssi/aspeed_smc.h
+++ b/include/hw/ssi/aspeed_smc.h
@@ -87,6 +87,7 @@ typedef struct AspeedSMCState {
 
 uint32_t num_cs;
 qemu_irq *cs_lines;
+bool inject_failure;
 
 SSIBus *spi;
 
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 4a2e3a9135b6..5c017f631ffd 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -867,6 +867,36 @@ static void aspeed_smc_dma_calibration(AspeedSMCState *s)
 s->regs[s->r_ctrl0 + cs] |= CE_CTRL_CLOCK_FREQ(hclk_div);
 }
 
+/*
+ * Emulate read errors in the DMA Checksum Register for high
+ * frequencies and optimistic settings of the Read Timing Compensation
+ * Register. This will help in tuning the SPI timing calibration
+ * algorithm.
+ */
+static bool aspeed_smc_inject_read_failure(AspeedSMCState *s)
+{
+uint8_t delay =
+(s->regs[R_DMA_CTRL] >> DMA_CTRL_DELAY_SHIFT) & DMA_CTRL_DELAY_MASK;
+uint8_t hclk_mask =
+(s->regs[R_DMA_CTRL] >> DMA_CTRL_FREQ_SHIFT) & DMA_CTRL_FREQ_MASK;
+
+/*
+ * Typical values of a palmetto-bmc machine.
+ */
+switch (aspeed_smc_hclk_divisor(hclk_mask)) {
+case 4 ... 16:
+return false;
+case 3: /* at least one HCLK cycle delay */
+return (delay & 0x7) < 1;
+case 2: /* at least two HCLK cycle delay */
+return (delay & 0x7) < 2;
+case 1: /* (> 100MHz) is above the max freq of the controller */
+return true;
+default:
+g_assert_not_reached();
+}
+}
+
 /*
  * Accumulate the result of the reads to provide a checksum that will
  * be used to validate the read timing settings.
@@ -904,6 +934,11 @@ static void aspeed_smc_dma_checksum(AspeedSMCState *s)
 s->regs[R_DMA_FLASH_ADDR] += 4;
 s->regs[R_DMA_LEN] -= 4;
 }
+
+if (s->inject_failure && aspeed_smc_inject_read_failure(s)) {
+s->regs[R_DMA_CHECKSUM] = 0xbadc0de;
+}
+
 }
 
 static void aspeed_smc_dma_rw(AspeedSMCState *s)
@@ -1189,6 +1224,7 @@ static const VMStateDescription vmstate_aspeed_smc = {
 
 static Property aspeed_smc_properties[] = {
 DEFINE_PROP_UINT32("num-cs", AspeedSMCState, num_cs, 1),
+DEFINE_PROP_BOOL("inject-failure", AspeedSMCState, inject_failure, false),
 DEFINE_PROP_UINT64("sdram-base", AspeedSMCState, sdram_base, 0),
 DEFINE_PROP_LINK("dram", AspeedSMCState, dram_mr,
  TYPE_MEMORY_REGION, MemoryRegion *),
-- 
2.21.0

[Qemu-devel] [PATCH v2 09/21] aspeed/timer: Fix match calculations

[Cédric Le Goater]

From: Andrew Jeffery 

If the match value exceeds reload then we don't want to include it in
calculations for the next event.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 8d6266b0fd81..745eb8608b56 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -107,6 +107,11 @@ static inline uint64_t calculate_time(struct AspeedTimer 
*t, uint32_t ticks)
 return t->start + delta_ns;
 }
 
+static inline uint32_t calculate_match(struct AspeedTimer *t, int i)
+{
+return t->match[i] < t->reload ? t->match[i] : 0;
+}
+
 static uint64_t calculate_next(struct AspeedTimer *t)
 {
 uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
@@ -118,12 +123,12 @@ static uint64_t calculate_next(struct AspeedTimer *t)
  * the timer counts down to zero.
  */
 
-next = calculate_time(t, MAX(t->match[0], t->match[1]));
+next = calculate_time(t, MAX(calculate_match(t, 0), calculate_match(t, 
1)));
 if (now < next) {
 return next;
 }
 
-next = calculate_time(t, MIN(t->match[0], t->match[1]));
+next = calculate_time(t, MIN(calculate_match(t, 0), calculate_match(t, 
1)));
 if (now < next) {
 return next;
 }
@@ -141,8 +146,10 @@ static uint64_t calculate_next(struct AspeedTimer *t)
 qemu_set_irq(t->irq, t->level);
 }
 
+next = MAX(MAX(calculate_match(t, 0), calculate_match(t, 1)), 0);
 t->start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
-return calculate_time(t, MAX(MAX(t->match[0], t->match[1]), 0));
+
+return calculate_time(t, next);
 }
 
 static void aspeed_timer_mod(AspeedTimer *t)
-- 
2.21.0

[Qemu-devel] [PATCH v2 12/21] aspeed: remove the "ram" link

[Cédric Le Goater]

It has never been used as far as I can tell from the git history.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
---
 hw/arm/aspeed.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 96de4f5c2a87..5d73267da16f 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -195,8 +195,6 @@ static void aspeed_board_init(MachineState *machine,
 memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
 memory_region_add_subregion(get_system_memory(),
 sc->info->memmap[ASPEED_SDRAM], >ram);
-object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
-   _abort);
 
 max_ram_size = object_property_get_uint(OBJECT(>soc), "max-ram-size",
 _abort);
-- 
2.21.0

[Qemu-devel] [PATCH v2 04/21] hw/arm/aspeed: Add RTC to SoC

[Cédric Le Goater]

From: Joel Stanley 

All systems have an RTC.

The IRQ is hooked up but the model does not use it at this stage. There
is no guest code that uses it, so this limitation is acceptable.

Signed-off-by: Joel Stanley 
Reviewed-by: Peter Maydell 
---
 include/hw/arm/aspeed_soc.h |  2 ++
 hw/arm/aspeed_soc.c | 13 +
 2 files changed, 15 insertions(+)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 88b901d5dfa9..fa0ba957a611 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -16,6 +16,7 @@
 #include "hw/misc/aspeed_scu.h"
 #include "hw/misc/aspeed_sdmc.h"
 #include "hw/timer/aspeed_timer.h"
+#include "hw/timer/aspeed_rtc.h"
 #include "hw/i2c/aspeed_i2c.h"
 #include "hw/ssi/aspeed_smc.h"
 #include "hw/watchdog/wdt_aspeed.h"
@@ -32,6 +33,7 @@ typedef struct AspeedSoCState {
 ARMCPU cpu;
 MemoryRegion sram;
 AspeedVICState vic;
+AspeedRtcState rtc;
 AspeedTimerCtrlState timerctrl;
 AspeedI2CState i2c;
 AspeedSCUState scu;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 1cc98b9f4045..5faa78d81fd6 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -189,6 +189,9 @@ static void aspeed_soc_init(Object *obj)
 sysbus_init_child_obj(obj, "vic", OBJECT(>vic), sizeof(s->vic),
   TYPE_ASPEED_VIC);
 
+sysbus_init_child_obj(obj, "rtc", OBJECT(>rtc), sizeof(s->rtc),
+  TYPE_ASPEED_RTC);
+
 sysbus_init_child_obj(obj, "timerctrl", OBJECT(>timerctrl),
   sizeof(s->timerctrl), TYPE_ASPEED_TIMER);
 object_property_add_const_link(OBJECT(>timerctrl), "scu",
@@ -275,6 +278,16 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 1,
qdev_get_gpio_in(DEVICE(>cpu), ARM_CPU_FIQ));
 
+/* RTC */
+object_property_set_bool(OBJECT(>rtc), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>rtc), 0, sc->info->memmap[ASPEED_RTC]);
+sysbus_connect_irq(SYS_BUS_DEVICE(>rtc), 0,
+   aspeed_soc_get_irq(s, ASPEED_RTC));
+
 /* Timer */
 object_property_set_bool(OBJECT(>timerctrl), true, "realized", );
 if (err) {
-- 
2.21.0

[Qemu-devel] [PATCH v2 08/21] aspeed/timer: Status register contains reload for stopped timer

[Cédric Le Goater]

From: Andrew Jeffery 

>From the datasheet:

  This register stores the current status of counter #N. When timer
  enable bit TMC30[N * b] is disabled, the reload register will be
  loaded into this counter. When timer bit TMC30[N * b] is set, the
  counter will start to decrement. CPU can update this register value
  when enable bit is set.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 537f072cf87f..8d6266b0fd81 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -187,7 +187,11 @@ static uint64_t aspeed_timer_get_value(AspeedTimer *t, int 
reg)
 
 switch (reg) {
 case TIMER_REG_STATUS:
-value = calculate_ticks(t, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
+if (timer_enabled(t)) {
+value = calculate_ticks(t, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
+} else {
+value = t->reload;
+}
 break;
 case TIMER_REG_RELOAD:
 value = t->reload;
-- 
2.21.0

[Qemu-devel] [PATCH v2 11/21] aspeed/timer: Ensure positive muldiv delta

[Cédric Le Goater]

From: Christian Svensson 

If the host decrements the counter register that results in a negative
delta. This is then passed to muldiv64 which only handles unsigned
numbers resulting in bogus results.

This fix ensures the delta being operated on is positive.

Test case: kexec a kernel using aspeed_timer and it will freeze on the
second bootup when the kernel initializes the timer. With this patch
that no longer happens and the timer appears to run OK.

Signed-off-by: Christian Svensson 
Signed-off-by: Cédric Le Goater 
---
 hw/timer/aspeed_timer.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 6501fa0768e7..1f0f1886fb2a 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -275,7 +275,11 @@ static void aspeed_timer_set_value(AspeedTimerCtrlState 
*s, int timer, int reg,
 int64_t delta = (int64_t) value - (int64_t) calculate_ticks(t, 
now);
 uint32_t rate = calculate_rate(t);
 
-t->start += muldiv64(delta, NANOSECONDS_PER_SECOND, rate);
+if (delta >= 0) {
+t->start += muldiv64(delta, NANOSECONDS_PER_SECOND, rate);
+} else {
+t->start -= muldiv64(-delta, NANOSECONDS_PER_SECOND, rate);
+}
 aspeed_timer_mod(t);
 }
 break;
-- 
2.21.0

[Qemu-devel] [PATCH v2 00/21] aspeed: machine extensions and fixes

[Cédric Le Goater]

Hello,

This series improves the current models of the Aspeed machines in QEMU
and adds new ones. It also prepares ground for the future Aspeed SoC.
You will find patches for :

 - per SoC mappings of the memory space and the interrupt number space
 - support for multiple CPUs (improved)
 - support for multiple NICs
 - a RTC model from Joel
 - a basic XDMA model from Eddie
 - support for multiple CPUs and NICs
 - fixes for the irq and timer models from Joel, Andrew and Christian
 - DMA support for the SMC controller, which was reworked to use a RAM
   container region as suggested by Peter in September 2018
 - new swift-bmc machine from Adriana (P9' processor)


Thanks,

C.

Changes since v1:

 - reworked the CPU logic to put the number of CPUs under the SoC
 - introduced a "inject-failure" property as suggested by Philippe


Adriana Kobylak (1):
  aspeed: Add support for the swift-bmc board

Andrew Jeffery (4):
  aspeed/timer: Status register contains reload for stopped timer
  aspeed/timer: Fix match calculations
  aspeed/timer: Provide back-pressure information for short periods
  aspeed: vic: Add support for legacy register interface

Christian Svensson (2):
  aspeed/timer: Ensure positive muldiv delta
  aspeed/smc: Calculate checksum on normal DMA

Cédric Le Goater (10):
  aspeed: add a per SoC mapping for the interrupt space
  aspeed: add a per SoC mapping for the memory space
  aspeed: introduce a configurable number of CPU per machine
  aspeed: add support for multiple NICs
  aspeed: remove the "ram" link
  aspeed: add a RAM memory region container
  aspeed/smc: add a 'sdram_base' property
  aspeed/smc: add support for DMAs
  aspeed/smc: add DMA calibration settings
  aspeed/smc: inject errors in DMA checksum

Eddie James (1):
  hw/misc/aspeed_xdma: New device

Joel Stanley (3):
  hw: timer: Add ASPEED RTC device
  hw/arm/aspeed: Add RTC to SoC
  aspeed/timer: Fix behaviour running Linux

 include/hw/arm/aspeed_soc.h |  53 -
 include/hw/misc/aspeed_xdma.h   |  30 +++
 include/hw/ssi/aspeed_smc.h |  10 +
 include/hw/timer/aspeed_rtc.h   |  31 +++
 include/hw/timer/aspeed_timer.h |   1 +
 hw/arm/aspeed.c |  78 +++-
 hw/arm/aspeed_soc.c | 268 +++---
 hw/intc/aspeed_vic.c| 105 ++
 hw/misc/aspeed_scu.c|   6 +
 hw/misc/aspeed_xdma.c   | 165 
 hw/ssi/aspeed_smc.c | 330 +++-
 hw/timer/aspeed_rtc.c   | 180 +
 hw/timer/aspeed_timer.c |  84 +---
 hw/misc/Makefile.objs   |   1 +
 hw/misc/trace-events|   3 +
 hw/timer/Makefile.objs  |   2 +-
 hw/timer/trace-events   |   4 +
 17 files changed, 1188 insertions(+), 163 deletions(-)
 create mode 100644 include/hw/misc/aspeed_xdma.h
 create mode 100644 include/hw/timer/aspeed_rtc.h
 create mode 100644 hw/misc/aspeed_xdma.c
 create mode 100644 hw/timer/aspeed_rtc.c

-- 
2.21.0

[Qemu-devel] [PATCH v2 10/21] aspeed/timer: Provide back-pressure information for short periods

[Cédric Le Goater]

From: Andrew Jeffery 

First up: This is not the way the hardware behaves.

However, it helps resolve real-world problems with short periods being
used under Linux. Commit 4451d3f59f2a ("clocksource/drivers/fttmr010:
Fix set_next_event handler") in Linux fixed the timer driver to
correctly schedule the next event for the Aspeed controller, and in
combination with 5daa8212c08e ("ARM: dts: aspeed: Describe random number
device") Linux will now set a timer with a period as low as 1us.

Configuring a qemu timer with such a short period results in spending
time handling the interrupt in the model rather than executing guest
code, leading to noticeable "sticky" behaviour in the guest.

The behaviour of Linux is correct with respect to the hardware, so we
need to improve our handling under emulation. The approach chosen is to
provide back-pressure information by calculating an acceptable minimum
number of ticks to be set on the model. Under Linux an additional read
is added in the timer configuration path to detect back-pressure, which
will never occur on hardware. However if back-pressure is observed, the
driver alerts the clock event subsystem, which then performs its own
next event dilation via a config option - d1748302f70b ("clockevents:
Make minimum delay adjustments configurable")

A minimum period of 5us was experimentally determined on a Lenovo
T480s, which I've increased to 20us for "safety".

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
---
 include/hw/timer/aspeed_timer.h | 1 +
 hw/misc/aspeed_scu.c| 6 ++
 hw/timer/aspeed_timer.c | 6 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/include/hw/timer/aspeed_timer.h b/include/hw/timer/aspeed_timer.h
index 1fb949e16710..10c851ebb6d7 100644
--- a/include/hw/timer/aspeed_timer.h
+++ b/include/hw/timer/aspeed_timer.h
@@ -41,6 +41,7 @@ typedef struct AspeedTimer {
  * interrupts, signalling with both the rising and falling edge.
  */
 int32_t level;
+uint32_t min_ticks;
 uint32_t reload;
 uint32_t match[2];
 uint64_t start;
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 71a0d4b7be7a..32e58da90657 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -423,6 +423,12 @@ static void aspeed_scu_realize(DeviceState *dev, Error 
**errp)
   TYPE_ASPEED_SCU, SCU_IO_REGION_SIZE);
 
 sysbus_init_mmio(sbd, >iomem);
+
+/*
+ * Reset on realize to ensure the APB clock value is calculated in time for
+ * use by the timer model, which is reset before the SCU.
+ */
+aspeed_scu_reset(dev);
 }
 
 static const VMStateDescription vmstate_aspeed_scu = {
diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index 745eb8608b56..6501fa0768e7 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -259,7 +259,7 @@ static void aspeed_timer_set_value(AspeedTimerCtrlState *s, 
int timer, int reg,
 switch (reg) {
 case TIMER_REG_RELOAD:
 old_reload = t->reload;
-t->reload = value;
+t->reload = value < t->min_ticks ? t->min_ticks : value;
 
 /* If the reload value was not previously set, or zero, and
  * the current value is valid, try to start the timer if it is
@@ -311,7 +311,11 @@ static void aspeed_timer_ctrl_enable(AspeedTimer *t, bool 
enable)
 
 static void aspeed_timer_ctrl_external_clock(AspeedTimer *t, bool enable)
 {
+AspeedTimerCtrlState *s = timer_to_ctrl(t);
+uint32_t rate = enable ? TIMER_CLOCK_EXT_HZ : s->scu->apb_freq;
+
 trace_aspeed_timer_ctrl_external_clock(t->id, enable);
+t->min_ticks = muldiv64(20 * SCALE_US, rate, NANOSECONDS_PER_SECOND);
 }
 
 static void aspeed_timer_ctrl_overflow_interrupt(AspeedTimer *t, bool enable)
-- 
2.21.0

Re: [Qemu-devel] [PULL 00/14] Block layer patches

[Peter Maydell]

On Tue, 18 Jun 2019 at 16:59, Kevin Wolf  wrote:
>
> The following changes since commit cdfaa2720f4a09e5254868bd1f6e33f3e9eae76f:
>
>   Merge remote-tracking branch 
> 'remotes/armbru/tags/pull-monitor-2019-06-17-v2' into staging (2019-06-18 
> 10:47:00 +0100)
>
> are available in the Git repository at:
>
>   git://repo.or.cz/qemu/kevin.git tags/for-upstream
>
> for you to fetch changes up to 128b05f7e00765d883164631b974a27af5b4b613:
>
>   block/null: Expose read-zeroes option in QAPI schema (2019-06-18 16:41:10 
> +0200)
>
> 
> Block layer patches:
>
> - block: Remove bs->job
> - block: Ignore loosening perm restrictions failures
> - block/null: Expose read-zeroes option in QAPI schema
> - iotests: Hide timestamps for skipped tests
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

[Qemu-devel] [PATCH v2 03/21] hw: timer: Add ASPEED RTC device

[Cédric Le Goater]

From: Joel Stanley 

The RTC is modeled to provide time and date functionality. It is
initialised at zero to match the hardware.

There is no modelling of the alarm functionality, which includes the IRQ
line. As there is no guest code to exercise this function that is
acceptable for now.

Signed-off-by: Joel Stanley 
Reviewed-by: Peter Maydell 
---
 include/hw/timer/aspeed_rtc.h |  31 ++
 hw/timer/aspeed_rtc.c | 180 ++
 hw/timer/Makefile.objs|   2 +-
 hw/timer/trace-events |   4 +
 4 files changed, 216 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/timer/aspeed_rtc.h
 create mode 100644 hw/timer/aspeed_rtc.c

diff --git a/include/hw/timer/aspeed_rtc.h b/include/hw/timer/aspeed_rtc.h
new file mode 100644
index ..1f1155a676c1
--- /dev/null
+++ b/include/hw/timer/aspeed_rtc.h
@@ -0,0 +1,31 @@
+/*
+ * ASPEED Real Time Clock
+ * Joel Stanley 
+ *
+ * Copyright 2019 IBM Corp
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef ASPEED_RTC_H
+#define ASPEED_RTC_H
+
+#include 
+
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+
+typedef struct AspeedRtcState {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+qemu_irq irq;
+
+uint32_t reg[0x18];
+int offset;
+
+} AspeedRtcState;
+
+#define TYPE_ASPEED_RTC "aspeed.rtc"
+#define ASPEED_RTC(obj) OBJECT_CHECK(AspeedRtcState, (obj), TYPE_ASPEED_RTC)
+
+#endif /* ASPEED_RTC_H */
diff --git a/hw/timer/aspeed_rtc.c b/hw/timer/aspeed_rtc.c
new file mode 100644
index ..19f061c846e8
--- /dev/null
+++ b/hw/timer/aspeed_rtc.c
@@ -0,0 +1,180 @@
+/*
+ * ASPEED Real Time Clock
+ * Joel Stanley 
+ *
+ * Copyright 2019 IBM Corp
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "hw/timer/aspeed_rtc.h"
+#include "qemu/log.h"
+#include "qemu/timer.h"
+
+#include "trace.h"
+
+#define COUNTER1(0x00 / 4)
+#define COUNTER2(0x04 / 4)
+#define ALARM   (0x08 / 4)
+#define CONTROL (0x10 / 4)
+#define ALARM_STATUS(0x14 / 4)
+
+#define RTC_UNLOCKEDBIT(1)
+#define RTC_ENABLED BIT(0)
+
+static void aspeed_rtc_calc_offset(AspeedRtcState *rtc)
+{
+struct tm tm;
+uint32_t year, cent;
+uint32_t reg1 = rtc->reg[COUNTER1];
+uint32_t reg2 = rtc->reg[COUNTER2];
+
+tm.tm_mday = (reg1 >> 24) & 0x1f;
+tm.tm_hour = (reg1 >> 16) & 0x1f;
+tm.tm_min = (reg1 >> 8) & 0x3f;
+tm.tm_sec = (reg1 >> 0) & 0x3f;
+
+cent = (reg2 >> 16) & 0x1f;
+year = (reg2 >> 8) & 0x7f;
+tm.tm_mon = ((reg2 >>  0) & 0x0f) - 1;
+tm.tm_year = year + (cent * 100) - 1900;
+
+rtc->offset = qemu_timedate_diff();
+}
+
+static uint32_t aspeed_rtc_get_counter(AspeedRtcState *rtc, int r)
+{
+uint32_t year, cent;
+struct tm now;
+
+qemu_get_timedate(, rtc->offset);
+
+switch (r) {
+case COUNTER1:
+return (now.tm_mday << 24) | (now.tm_hour << 16) |
+(now.tm_min << 8) | now.tm_sec;
+case COUNTER2:
+cent = (now.tm_year + 1900) / 100;
+year = now.tm_year % 100;
+return ((cent & 0x1f) << 16) | ((year & 0x7f) << 8) |
+((now.tm_mon + 1) & 0xf);
+default:
+g_assert_not_reached();
+}
+}
+
+static uint64_t aspeed_rtc_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+AspeedRtcState *rtc = opaque;
+uint64_t val;
+uint32_t r = addr >> 2;
+
+switch (r) {
+case COUNTER1:
+case COUNTER2:
+if (rtc->reg[CONTROL] & RTC_ENABLED) {
+rtc->reg[r] = aspeed_rtc_get_counter(rtc, r);
+}
+/* fall through */
+case CONTROL:
+val = rtc->reg[r];
+break;
+case ALARM:
+case ALARM_STATUS:
+default:
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx "\n", __func__, addr);
+return 0;
+}
+
+trace_aspeed_rtc_read(addr, val);
+
+return val;
+}
+
+static void aspeed_rtc_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+AspeedRtcState *rtc = opaque;
+uint32_t r = addr >> 2;
+
+switch (r) {
+case COUNTER1:
+case COUNTER2:
+if (!(rtc->reg[CONTROL] & RTC_UNLOCKED)) {
+break;
+}
+/* fall through */
+case CONTROL:
+rtc->reg[r] = val;
+aspeed_rtc_calc_offset(rtc);
+break;
+case ALARM:
+case ALARM_STATUS:
+default:
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx "\n", __func__, addr);
+break;
+}
+trace_aspeed_rtc_write(addr, val);
+}
+
+static void aspeed_rtc_reset(DeviceState *d)
+{
+AspeedRtcState *rtc = ASPEED_RTC(d);
+
+rtc->offset = 0;
+memset(rtc->reg, 0, sizeof(rtc->reg));
+}
+
+static const MemoryRegionOps aspeed_rtc_ops = {
+.read = aspeed_rtc_read,
+.write = aspeed_rtc_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static const VMStateDescription 

[Qemu-devel] [PATCH v2 05/21] aspeed: introduce a configurable number of CPU per machine

[Cédric Le Goater]

The current models of the Aspeed SoCs only have one CPU but future
ones will support SMP. Introduce a new num_cpus field at the SoC class
level to define the number of available CPUs per SoC and also
introduce a 'num-cpus' property to activate the CPUs configured for
the machine.

The max_cpus limit of the machine should depend on the SoC definition
but, unfortunately, these values are not available when the machine
class is initialized. This is the reason why we add a check on
num_cpus in the AspeedSoC realize handler.

SMP support will be activated when models for such SoCs are implemented.

Signed-off-by: Cédric Le Goater 
---

 Changes sinve v1:

  - reworked the logic to put the number of CPUs under the SoC

 include/hw/arm/aspeed_soc.h |  5 -
 hw/arm/aspeed.c |  7 +--
 hw/arm/aspeed_soc.c | 33 +++--
 3 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index fa0ba957a611..b613b00600fc 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -24,13 +24,15 @@
 
 #define ASPEED_SPIS_NUM  2
 #define ASPEED_WDTS_NUM  3
+#define ASPEED_CPUS_NUM  2
 
 typedef struct AspeedSoCState {
 /*< private >*/
 DeviceState parent;
 
 /*< public >*/
-ARMCPU cpu;
+ARMCPU cpu[ASPEED_CPUS_NUM];
+uint32_t num_cpus;
 MemoryRegion sram;
 AspeedVICState vic;
 AspeedRtcState rtc;
@@ -58,6 +60,7 @@ typedef struct AspeedSoCInfo {
 int wdts_num;
 const int *irqmap;
 const hwaddr *memmap;
+uint32_t num_cpus;
 } AspeedSoCInfo;
 
 typedef struct AspeedSoCClass {
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index c692ca1dba90..96de4f5c2a87 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -22,13 +22,13 @@
 #include "hw/misc/tmp105.h"
 #include "qemu/log.h"
 #include "sysemu/block-backend.h"
+#include "sysemu/sysemu.h"
 #include "hw/loader.h"
 #include "qemu/error-report.h"
 #include "qemu/units.h"
 
 static struct arm_boot_info aspeed_board_binfo = {
 .board_id = -1, /* device-tree-only board */
-.nb_cpus = 1,
 };
 
 struct AspeedBoardState {
@@ -171,6 +171,8 @@ static void aspeed_board_init(MachineState *machine,
 _abort);
 object_property_set_int(OBJECT(>soc), cfg->num_cs, "num-cs",
 _abort);
+object_property_set_int(OBJECT(>soc), smp_cpus, "num-cpus",
+_abort);
 if (machine->kernel_filename) {
 /*
  * When booting with a -kernel command line there is no u-boot
@@ -230,6 +232,7 @@ static void aspeed_board_init(MachineState *machine,
 aspeed_board_binfo.kernel_cmdline = machine->kernel_cmdline;
 aspeed_board_binfo.ram_size = ram_size;
 aspeed_board_binfo.loader_start = sc->info->memmap[ASPEED_SDRAM];
+aspeed_board_binfo.nb_cpus = bmc->soc.num_cpus;
 
 if (cfg->i2c_init) {
 cfg->i2c_init(bmc);
@@ -326,7 +329,7 @@ static void aspeed_machine_class_init(ObjectClass *oc, void 
*data)
 
 mc->desc = board->desc;
 mc->init = aspeed_machine_init;
-mc->max_cpus = 1;
+mc->max_cpus = ASPEED_CPUS_NUM;
 mc->no_sdcard = 1;
 mc->no_floppy = 1;
 mc->no_cdrom = 1;
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 5faa78d81fd6..d38fb0aaa0f5 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -19,6 +19,7 @@
 #include "hw/char/serial.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
+#include "qemu/error-report.h"
 #include "hw/i2c/aspeed_i2c.h"
 #include "net/net.h"
 
@@ -123,6 +124,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .wdts_num = 2,
 .irqmap   = aspeed_soc_ast2400_irqmap,
 .memmap   = aspeed_soc_ast2400_memmap,
+.num_cpus = 1,
 }, {
 .name = "ast2400-a1",
 .cpu_type = ARM_CPU_TYPE_NAME("arm926"),
@@ -134,6 +136,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .wdts_num = 2,
 .irqmap   = aspeed_soc_ast2400_irqmap,
 .memmap   = aspeed_soc_ast2400_memmap,
+.num_cpus = 1,
 }, {
 .name = "ast2400",
 .cpu_type = ARM_CPU_TYPE_NAME("arm926"),
@@ -145,6 +148,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .wdts_num = 2,
 .irqmap   = aspeed_soc_ast2400_irqmap,
 .memmap   = aspeed_soc_ast2400_memmap,
+.num_cpus = 1,
 }, {
 .name = "ast2500-a1",
 .cpu_type = ARM_CPU_TYPE_NAME("arm1176"),
@@ -156,6 +160,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .wdts_num = 3,
 .irqmap   = aspeed_soc_ast2500_irqmap,
 .memmap   = aspeed_soc_ast2500_memmap,
+.num_cpus = 1,
 },
 };
 
@@ -172,8 +177,11 @@ static void aspeed_soc_init(Object *obj)
 AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
 int i;
 
-object_initialize_child(obj, "cpu", OBJECT(>cpu), 

Re: [Qemu-devel] [PATCH] migration: Improve accuracy of vCPU throttling with per-vCPU timers

[Cosmin Marin]

On 18/06/2019, 15:51, "Peter Xu"  wrote:

On Tue, Jun 18, 2019 at 12:25:43PM +, Cosmin Marin wrote:
>   Hi Peter,
> 
>   thanks for reviewing the patch. Indeed, I agree that it's almost 
impossible to determine which solution it's better from the scalability 
perspective. However, I feel that using per-vCPU timers is the only way for 
ensuring correctness of the throttling ratio.

The thing is that your patch actually contains two changes:

1. use N timers instead of one.

2. remove throttle_thread_scheduled check, so we do the throttle
   always

Here what I'm worried is that _maybe_ the 2nd item is the one that
really helped.

C: The removal of *throttle_thread_scheduled* is a consequence of the 
per-vCPU model only. In this model, each of the vCPUs schedules work just for 
itself (as part of the timer's firing callback) - there's no global point of 
control - therefore, the variable isn't helpful for scheduling anymore.

Note that there is a side effect that we might queue more than one
work on one specific cpu if we queue it too fast, but it does not
block us from trying it out to identify which item (1 or 2 or both)
really helped here.  Then if we think that (queuing too much) is an
issue then we can discuss on how to fix it since current patch will
have this problem as well.

C: I believe that in the per-vCPU timer implementation we cannot queue 
more than one piece of work because, here, the vCPU queues work for itself and 
that happens only when the timer fires - so, the two "states" - scheduling and 
sleeping - are mutually exclusive running from the same thread context. 
> 
>   It's a bit unclear to me how the throttling ratio inconsistency can be 
fixed by using a single timer even avoiding the conditional timer re-arming.  
Could you provide more details about the use of a single timer ?

C: I feel like in this case it will sleep too much running into a 
problem similar to the one solved by 90bb0c0; under heavy throttling more than 
one work item may be scheduled.
  

It'll be simply a patch only contains the changes for item (2) above.
To be explicit, it is:

---
diff --git a/cpus.c b/cpus.c
index dde3b7b981..bb59675b98 100644
--- a/cpus.c
+++ b/cpus.c
@@ -792,7 +792,6 @@ static void cpu_throttle_thread(CPUState *cpu, 
run_on_cpu_data opaque)
 qemu_mutex_unlock_iothread();
 g_usleep(sleeptime_ns / 1000); /* Convert ns to us for usleep call */
 qemu_mutex_lock_iothread();
-atomic_set(>throttle_thread_scheduled, 0);
 }

 static void cpu_throttle_timer_tick(void *opaque)
@@ -805,10 +804,7 @@ static void cpu_throttle_timer_tick(void *opaque)
 return;
 }
 CPU_FOREACH(cpu) {
-if (!atomic_xchg(>throttle_thread_scheduled, 1)) {
-async_run_on_cpu(cpu, cpu_throttle_thread,
- RUN_ON_CPU_NULL);
-}
+async_run_on_cpu(cpu, cpu_throttle_thread, RUN_ON_CPU_NULL);
 }

 pct = (double)cpu_throttle_get_percentage()/100;
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 5ee0046b62..0bd34fbb70 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -439,11 +439,6 @@ struct CPUState {
 /* shared by kvm, hax and hvf */
 bool vcpu_dirty;

-/* Used to keep track of an outstanding cpu throttle thread for 
migration
- * autoconverge
- */
-bool throttle_thread_scheduled;
-
 bool ignore_memory_transaction_failures;

 struct hax_vcpu_state *hax_vcpu;
---

Regards,

-- 
Peter Xu

[Qemu-devel] [PATCH v2 01/21] aspeed: add a per SoC mapping for the interrupt space

[Cédric Le Goater]

This will simplify the definition of new SoCs, like the AST2600 which
should use a different CPU and a different IRQ number layout.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Joel Stanley 
---
 include/hw/arm/aspeed_soc.h | 36 +++
 hw/arm/aspeed_soc.c | 57 +++--
 2 files changed, 85 insertions(+), 8 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 836b2ba8bf15..963abecb7244 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -56,6 +56,7 @@ typedef struct AspeedSoCInfo {
 const char *fmc_typename;
 const char **spi_typename;
 int wdts_num;
+const int *irqmap;
 } AspeedSoCInfo;
 
 typedef struct AspeedSoCClass {
@@ -68,4 +69,39 @@ typedef struct AspeedSoCClass {
 #define ASPEED_SOC_GET_CLASS(obj)   \
 OBJECT_GET_CLASS(AspeedSoCClass, (obj), TYPE_ASPEED_SOC)
 
+enum {
+ASPEED_IOMEM,
+ASPEED_UART1,
+ASPEED_UART2,
+ASPEED_UART3,
+ASPEED_UART4,
+ASPEED_UART5,
+ASPEED_VUART,
+ASPEED_FMC,
+ASPEED_SPI1,
+ASPEED_SPI2,
+ASPEED_VIC,
+ASPEED_SDMC,
+ASPEED_SCU,
+ASPEED_ADC,
+ASPEED_SRAM,
+ASPEED_GPIO,
+ASPEED_RTC,
+ASPEED_TIMER1,
+ASPEED_TIMER2,
+ASPEED_TIMER3,
+ASPEED_TIMER4,
+ASPEED_TIMER5,
+ASPEED_TIMER6,
+ASPEED_TIMER7,
+ASPEED_TIMER8,
+ASPEED_WDT,
+ASPEED_PWM,
+ASPEED_LPC,
+ASPEED_IBT,
+ASPEED_I2C,
+ASPEED_ETH1,
+ASPEED_ETH2,
+};
+
 #endif /* ASPEED_SOC_H */
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index a2ea8c748449..de75bf04027d 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -38,12 +38,42 @@
 #define ASPEED_SOC_ETH1_BASE0x1E66
 #define ASPEED_SOC_ETH2_BASE0x1E68
 
-static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
-static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
+static const int aspeed_soc_ast2400_irqmap[] = {
+[ASPEED_UART1]  = 9,
+[ASPEED_UART2]  = 32,
+[ASPEED_UART3]  = 33,
+[ASPEED_UART4]  = 34,
+[ASPEED_UART5]  = 10,
+[ASPEED_VUART]  = 8,
+[ASPEED_FMC]= 19,
+[ASPEED_SDMC]   = 0,
+[ASPEED_SCU]= 21,
+[ASPEED_ADC]= 31,
+[ASPEED_GPIO]   = 20,
+[ASPEED_RTC]= 22,
+[ASPEED_TIMER1] = 16,
+[ASPEED_TIMER2] = 17,
+[ASPEED_TIMER3] = 18,
+[ASPEED_TIMER4] = 35,
+[ASPEED_TIMER5] = 36,
+[ASPEED_TIMER6] = 37,
+[ASPEED_TIMER7] = 38,
+[ASPEED_TIMER8] = 39,
+[ASPEED_WDT]= 27,
+[ASPEED_PWM]= 28,
+[ASPEED_LPC]= 8,
+[ASPEED_IBT]= 8, /* LPC */
+[ASPEED_I2C]= 12,
+[ASPEED_ETH1]   = 2,
+[ASPEED_ETH2]   = 3,
+};
 
 #define AST2400_SDRAM_BASE   0x4000
 #define AST2500_SDRAM_BASE   0x8000
 
+/* AST2500 uses the same IRQs as the AST2400 */
+#define aspeed_soc_ast2500_irqmap aspeed_soc_ast2400_irqmap
+
 static const hwaddr aspeed_soc_ast2400_spi_bases[] = { ASPEED_SOC_SPI_BASE };
 static const char *aspeed_soc_ast2400_typenames[] = { "aspeed.smc.spi" };
 
@@ -64,6 +94,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .fmc_typename = "aspeed.smc.fmc",
 .spi_typename = aspeed_soc_ast2400_typenames,
 .wdts_num = 2,
+.irqmap   = aspeed_soc_ast2400_irqmap,
 }, {
 .name = "ast2400-a1",
 .cpu_type = ARM_CPU_TYPE_NAME("arm926"),
@@ -75,6 +106,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .fmc_typename = "aspeed.smc.fmc",
 .spi_typename = aspeed_soc_ast2400_typenames,
 .wdts_num = 2,
+.irqmap   = aspeed_soc_ast2400_irqmap,
 }, {
 .name = "ast2400",
 .cpu_type = ARM_CPU_TYPE_NAME("arm926"),
@@ -86,6 +118,7 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .fmc_typename = "aspeed.smc.fmc",
 .spi_typename = aspeed_soc_ast2400_typenames,
 .wdts_num = 2,
+.irqmap   = aspeed_soc_ast2400_irqmap,
 }, {
 .name = "ast2500-a1",
 .cpu_type = ARM_CPU_TYPE_NAME("arm1176"),
@@ -97,9 +130,17 @@ static const AspeedSoCInfo aspeed_socs[] = {
 .fmc_typename = "aspeed.smc.ast2500-fmc",
 .spi_typename = aspeed_soc_ast2500_typenames,
 .wdts_num = 3,
+.irqmap   = aspeed_soc_ast2500_irqmap,
 },
 };
 
+static qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int ctrl)
+{
+AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
+
+return qdev_get_gpio_in(DEVICE(>vic), sc->info->irqmap[ctrl]);
+}
+
 static void aspeed_soc_init(Object *obj)
 {
 AspeedSoCState *s = ASPEED_SOC(obj);
@@ -216,14 +257,14 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 sysbus_mmio_map(SYS_BUS_DEVICE(>timerctrl), 0, ASPEED_SOC_TIMER_BASE);
-for (i = 0; i < ARRAY_SIZE(timer_irqs); i++) {
-qemu_irq irq = 

Re: [Qemu-devel] [PATCH RESEND v21 06/21] target/rx: CPU definition

[Igor Mammedov]

On Tue, 18 Jun 2019 23:39:08 +0900
Yoshinori Sato  wrote:

> v21 changes
> Add cpu-param.h
> Remove CPU_COMMON
> rx_load_image move to rx-virt.
> 
> Signed-off-by: Yoshinori Sato 
> 
> Message-Id: <20190616142836.10614-4-ys...@users.sourceforge.jp>
> Reviewed-by: Richard Henderson 
> Message-Id: <20190607091116.49044-4-ys...@users.sourceforge.jp>
> Signed-off-by: Richard Henderson 
> [PMD: Use newer QOM style, split cpu-qom.h, restrict access to
>  extable array, use rx_cpu_tlb_fill() extracted from patch of
>  Yoshinori Sato 'Convert to CPUClass::tlb_fill']
> Signed-off-by: Philippe Mathieu-Daudé 
> 
> cpu.c: remove rx_load_image
> 
> Signed-off-by: Yoshinori Sato 

Looks good to me

Acked-by: Igor Mammedov 
> ---
>  target/rx/cpu-param.h |  31 
>  target/rx/cpu-qom.h   |  42 ++
>  target/rx/cpu.h   | 182 ++
>  target/rx/cpu.c   | 217 
> ++
>  target/rx/gdbstub.c   | 112 ++
>  target/rx/monitor.c   |  38 +
>  6 files changed, 622 insertions(+)
>  create mode 100644 target/rx/cpu-param.h
>  create mode 100644 target/rx/cpu-qom.h
>  create mode 100644 target/rx/cpu.h
>  create mode 100644 target/rx/cpu.c
>  create mode 100644 target/rx/gdbstub.c
>  create mode 100644 target/rx/monitor.c
> 
> diff --git a/target/rx/cpu-param.h b/target/rx/cpu-param.h
> new file mode 100644
> index 00..5da87fbebe
> --- /dev/null
> +++ b/target/rx/cpu-param.h
> @@ -0,0 +1,31 @@
> +/*
> + *  RX cpu parameters
> + *
> + *  Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#ifndef RX_CPU_PARAM_H
> +#define RX_CPU_PARAM_H
> +
> +#define TARGET_LONG_BITS 32
> +#define TARGET_PAGE_BITS 12
> +
> +#define TARGET_PHYS_ADDR_SPACE_BITS 32
> +#define TARGET_VIRT_ADDR_SPACE_BITS 32
> +
> +#define NB_MMU_MODES 1
> +#define MMU_MODE0_SUFFIX _all
> +
> +#endif
> diff --git a/target/rx/cpu-qom.h b/target/rx/cpu-qom.h
> new file mode 100644
> index 00..4ae3b38b3e
> --- /dev/null
> +++ b/target/rx/cpu-qom.h
> @@ -0,0 +1,42 @@
> +#ifndef QEMU_SUPERH_CPU_QOM_H
> +#define QEMU_SUPERH_CPU_QOM_H
> +
> +#include "qom/cpu.h"
> +/*
> + * RX CPU
> + *
> + * Copyright (c) 2019 Yoshinori Sato
> + * SPDX-License-Identifier: LGPL-2.0+
> + */
> +
> +#define TYPE_RX_CPU "rx-cpu"
> +
> +#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME("rx62n")
> +
> +#define RXCPU_CLASS(klass) \
> +OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RX_CPU)
> +#define RXCPU(obj) \
> +OBJECT_CHECK(RXCPU, (obj), TYPE_RX_CPU)
> +#define RXCPU_GET_CLASS(obj) \
> +OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RX_CPU)
> +
> +/*
> + * RXCPUClass:
> + * @parent_realize: The parent class' realize handler.
> + * @parent_reset: The parent class' reset handler.
> + *
> + * A RX CPU model.
> + */
> +typedef struct RXCPUClass {
> +/*< private >*/
> +CPUClass parent_class;
> +/*< public >*/
> +
> +DeviceRealize parent_realize;
> +void (*parent_reset)(CPUState *cpu);
> +
> +} RXCPUClass;
> +
> +#define CPUArchState struct CPURXState
> +
> +#endif
> diff --git a/target/rx/cpu.h b/target/rx/cpu.h
> new file mode 100644
> index 00..3f9c4fdd25
> --- /dev/null
> +++ b/target/rx/cpu.h
> @@ -0,0 +1,182 @@
> +/*
> + *  RX emulation definition
> + *
> + *  Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#ifndef RX_CPU_H
> +#define RX_CPU_H
> +
> +#include "qemu/bitops.h"
> +#include "qemu-common.h"
> +#include "hw/registerfields.h"
> +#include "cpu-qom.h"
> +#include "qom/cpu.h"
> +
> +#include "exec/cpu-defs.h"
> +
> +/* PSW define */
> +REG32(PSW, 0)
> +FIELD(PSW, C, 0, 1)
> +FIELD(PSW, Z, 1, 1)
> +FIELD(PSW, S, 2, 1)
> +FIELD(PSW, O, 3, 1)
> +FIELD(PSW, I, 16, 

[Qemu-devel] [PATCH v2 15/21] aspeed/smc: add support for DMAs

[Cédric Le Goater]

The FMC controller on the Aspeed SoCs support DMA to access the flash
modules. It can operate in a normal mode, to copy to or from the flash
module mapping window, or in a checksum calculation mode, to evaluate
the best clock settings for reads.

The model introduces two custom address spaces for DMAs: one for the
AHB window of the FMC flash devices and one for the DRAM. The latter
is populated using a "dram" link set from the machine with the RAM
container region.

Signed-off-by: Cédric Le Goater 
Acked-by: Joel Stanley 
---
 include/hw/ssi/aspeed_smc.h |   6 +
 hw/arm/aspeed.c |   2 +
 hw/arm/aspeed_soc.c |   2 +
 hw/ssi/aspeed_smc.c | 228 +++-
 4 files changed, 232 insertions(+), 6 deletions(-)

diff --git a/include/hw/ssi/aspeed_smc.h b/include/hw/ssi/aspeed_smc.h
index 591279ba1f43..453357cc09bf 100644
--- a/include/hw/ssi/aspeed_smc.h
+++ b/include/hw/ssi/aspeed_smc.h
@@ -45,6 +45,8 @@ typedef struct AspeedSMCController {
 hwaddr flash_window_base;
 uint32_t flash_window_size;
 bool has_dma;
+hwaddr dma_flash_mask;
+hwaddr dma_dram_mask;
 uint32_t nregs;
 } AspeedSMCController;
 
@@ -100,6 +102,10 @@ typedef struct AspeedSMCState {
 /* for DMA support */
 uint64_t sdram_base;
 
+AddressSpace flash_as;
+MemoryRegion *dram_mr;
+AddressSpace dram_as;
+
 AspeedSMCFlash *flashes;
 
 uint8_t snoop_index;
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 7f01df1b61d8..e404f8b244a9 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -178,6 +178,8 @@ static void aspeed_board_init(MachineState *machine,
 _abort);
 object_property_set_int(OBJECT(>soc), smp_cpus, "num-cpus",
 _abort);
+object_property_set_link(OBJECT(>soc), OBJECT(>ram_container),
+ "dram", _abort);
 if (machine->kernel_filename) {
 /*
  * When booting with a -kernel command line there is no u-boot
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index 02feb4361ba4..8a1545545faf 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -212,6 +212,8 @@ static void aspeed_soc_init(Object *obj)
   sc->info->fmc_typename);
 object_property_add_alias(obj, "num-cs", OBJECT(>fmc), "num-cs",
   _abort);
+object_property_add_alias(obj, "dram", OBJECT(>fmc), "dram",
+  _abort);
 
 for (i = 0; i < sc->info->spis_num; i++) {
 sysbus_init_child_obj(obj, "spi[*]", OBJECT(>spi[i]),
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 81f2fb7f707a..e00cdebae232 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -23,11 +23,13 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
 #include "qemu/error-report.h"
+#include "exec/address-spaces.h"
 
 #include "hw/ssi/aspeed_smc.h"
 
@@ -110,8 +112,8 @@
 #define   DMA_CTRL_FREQ_SHIFT   4
 #define   DMA_CTRL_MODE (1 << 3)
 #define   DMA_CTRL_CKSUM(1 << 2)
-#define   DMA_CTRL_DIR  (1 << 1)
-#define   DMA_CTRL_EN   (1 << 0)
+#define   DMA_CTRL_WRITE(1 << 1)
+#define   DMA_CTRL_ENABLE   (1 << 0)
 
 /* DMA Flash Side Address */
 #define R_DMA_FLASH_ADDR  (0x84 / 4)
@@ -143,6 +145,24 @@
 #define ASPEED_SOC_SPI_FLASH_BASE   0x3000
 #define ASPEED_SOC_SPI2_FLASH_BASE  0x3800
 
+/*
+ * DMA DRAM addresses should be 4 bytes aligned and the valid address
+ * range is 0x4000 - 0x5FFF (AST2400)
+ *  0x8000 - 0xBFFF (AST2500)
+ *
+ * DMA flash addresses should be 4 bytes aligned and the valid address
+ * range is 0x2000 - 0x2FFF.
+ *
+ * DMA length is from 4 bytes to 32MB
+ *   0: 4 bytes
+ *   0x7F: 32M bytes
+ */
+#define DMA_DRAM_ADDR(s, val)   ((s)->sdram_base | \
+ ((val) & (s)->ctrl->dma_dram_mask))
+#define DMA_FLASH_ADDR(s, val)  ((s)->ctrl->flash_window_base | \
+((val) & (s)->ctrl->dma_flash_mask))
+#define DMA_LENGTH(val) ((val) & 0x01FC)
+
 /* Flash opcodes. */
 #define SPI_OP_READ   0x03/* Read data bytes (low frequency) */
 
@@ -212,6 +232,8 @@ static const AspeedSMCController controllers[] = {
 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE,
 .flash_window_size = 0x1000,
 .has_dma   = true,
+.dma_flash_mask= 0x0FFC,
+.dma_dram_mask = 0x1FFC,
 .nregs = ASPEED_SMC_R_MAX,
 }, {
 .name  = "aspeed.smc.spi",
@@ -238,6 +260,8 @@ static const AspeedSMCController controllers[] = {
 .flash_window_base = ASPEED_SOC_FMC_FLASH_BASE,
 .flash_window_size = 0x1000,
 .has_dma   = true,
+.dma_flash_mask= 0x0FFC,
+.dma_dram_mask = 

Re: [Qemu-devel] [PATCH RESEND v21 00/21] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190618143923.53838-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH RESEND v21 00/21]  Add RX archtecture support
Type: series
Message-id: 20190618143923.53838-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
   34bea4edb9..33d6099906  master -> master
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20190618143923.53838-1-ys...@users.sourceforge.jp -> 
patchew/20190618143923.53838-1-ys...@users.sourceforge.jp
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
5d62ef962a BootLinuxConsoleTest: Test the RX-Virt machine
9d17094d81 Add rx-softmmu
a14412155d hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
09e5efee5b hw/rx: Honor -accel qtest
bf9fa4e3ab hw/rx: RX Target hardware definition
f695d86e47 hw/char: RX62N serial communication interface (SCI)
6cd2f26fa4 hw/timer: RX62N internal timer modules
7b152289f3 hw/intc: RX62N interrupt controller (ICUa)
de21df2c62 target/rx: Dump bytes for each insn during disassembly
49914423c8 target/rx: Collect all bytes during disassembly
519b2aaf90 target/rx: Emit all disassembly in one prt()
e17524e8d0 target/rx: Use prt_ldmi for XCHG_mr disassembly
850bff8b4a target/rx: Replace operand with prt_ldmi in disassembler
b5b096b382 target/rx: Disassemble rx_index_addr into a string
2389c3160d target/rx: RX disassembler
7c7864379e target/rx: CPU definition
81f1c7ceb0 target/rx: TCG helper
96065ad5fe target/rx: TCG translation
11cc429e75 hw/registerfields.h: Add 8bit and 16bit register macros
4225a75d72 qemu/bitops.h: Add extract8 and extract16
87f394a3f2 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/21 Checking commit 87f394a3f2c5 (MAINTAINERS: Add RX)
2/21 Checking commit 4225a75d721a (qemu/bitops.h: Add extract8 and extract16)
3/21 Checking commit 11cc429e7582 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value within @rawlines in concatenation (.) or string at 
./scripts/checkpatch.pl line 2467.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/21 Checking commit 96065ad5fee9 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/21 Checking commit 81f1c7ceb0e8 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#25: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 5/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/21 Checking commit 7c7864379e0f (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#29: 
new file mode 100644

total: 0 errors, 1 warnings, 622 lines checked

Patch 6/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/21 Checking commit 2389c3160d56 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/21 Checking commit b5b096b38224 (target/rx: Disassemble rx_index_addr into a 
string)
9/21 Checking commit 850bff8b4a0c (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/21 Checking commit e17524e8d01d (target/rx: Use 

Re: [Qemu-devel] qemu processes

[Ryan Boyce]

Alex,

I have another KVM/qemu related CPU question. I am hoping you will be so
kind as to answer again. I have a Dell Poweredge T430 server running a
single Intel Xeon E5-2603 v3 CPU with 6 cores. I have 6 VMs running CentOS
7 via KVM. I am noticing some terrible host CPU performance when a VM runs
a simple process such as a recursive search on its file system. I see VM
CPU acting normally but the host CPU skyrockets to well over 100%. I have a
few ideas as to why this is but am hoping you might be able to point me in
the right direction. Thank you so much for your help!

Ryan

On Wed, Jun 12, 2019 at 12:50 PM Ryan Boyce  wrote:

> Thank you my friend!
>
> On Wed, Jun 12, 2019 at 12:48 PM Alex Bennée 
> wrote:
>
>> You've actually contacted the development list but I can answer the
>> question.
>>
>> QEMU is multi-threaded so there will be a thread per KVM based vCPU
>> (and also for TCG based vCPUs where MTTCG is enabled). There will also
>> be a number of additional threads created including at least one for
>> the main monitor thread and potentially additional threads for
>> servicing IO requests. So expect to see $SMP + 1 + n threads for each
>> QEMU instance.
>>
>> On Wed, 12 Jun 2019 at 16:32, Ryan Boyce  wrote:
>> >
>> > Hi Stefan,
>> >
>> > I am a big fan of your blog! In relation to your blog post,
>> >
>> http://blog.vmsplice.net/2011/03/qemu-internals-big-picture-overview.html
>> ,
>> > I have a question I am really hoping you can answer:
>> >
>> > When I start a VM, I see that the qemu-kvm processes start and run as
>> > "qemu-kvm. -name "something1""
>> > My issue, though, is I see multiple processes running as "qemu-kvm.
>> > -name "something1"" and each of these processes has memory/cpu/disk
>> > mapped to it.
>> > Does qemu-kvm run VMs on a one-to-one VM-to-host process basis? Or does
>> > each virtual cpu on the guest get its own process on the host?
>> > For example, If I have a VM that has 4 virtual cpus, will I see 4
>> processes
>> > (PIDs) on the host or should I see just see one for the VM itself.
>> >
>> > Any help you can give would be GREATLY appreciated. Thank you!
>> >
>> > Ryan
>>
>>
>>
>> --
>> Alex Bennée
>> KVM/QEMU Hacker for Linaro
>>
>

Re: [Qemu-devel] [PATCH v2] target/i386: define a new MSR based feature word - FEAT_CORE_CAPABILITY

[Paolo Bonzini]

On 17/06/19 17:36, Xiaoyao Li wrote:
> MSR IA32_CORE_CAPABILITY is a feature-enumerating MSR, which only
> enumerates the feature split lock detection (via bit 5) by now.
> 
> The existence of MSR IA32_CORE_CAPABILITY is enumerated by CPUID.7_0:EDX[30].
> 
> The latest kernel patches about them can be found here:
> https://lkml.org/lkml/2019/4/24/1909
> 
> Signed-off-by: Xiaoyao Li 
> ---
> Changelog:
> v2
> Add definition of MSR_CORE_CAP_SPLIT_LOCK_DETECT for SNR cpu model
> ---
>  target/i386/cpu.c | 22 +-
>  target/i386/cpu.h |  5 +
>  target/i386/kvm.c |  9 +
>  3 files changed, 35 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index fbed2eb804..fc47c650b8 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1085,7 +1085,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] 
> = {
>  NULL, NULL, NULL, NULL,
>  NULL, NULL, NULL, NULL,
>  NULL, NULL, "spec-ctrl", "stibp",
> -NULL, "arch-capabilities", NULL, "ssbd",
> +NULL, "arch-capabilities", "core-capability", "ssbd",
>  },
>  .cpuid = {
>  .eax = 7,
> @@ -1203,6 +1203,26 @@ static FeatureWordInfo 
> feature_word_info[FEATURE_WORDS] = {
>  }
>  },
>  },
> +[FEAT_CORE_CAPABILITY] = {
> +.type = MSR_FEATURE_WORD,
> +.feat_names = {
> +NULL, NULL, NULL, NULL,
> +NULL, "split-lock-detect", NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +NULL, NULL, NULL, NULL,
> +},
> +.msr = {
> +.index = MSR_IA32_CORE_CAPABILITY,
> +.cpuid_dep = {
> +FEAT_7_0_EDX,
> +CPUID_7_0_EDX_CORE_CAPABILITY,
> +},
> +},
> +},
>  };
>  
>  typedef struct X86RegisterInfo32 {
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index 0732e059ec..192b0db076 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -345,6 +345,7 @@ typedef enum X86Seg {
>  #define MSR_IA32_SPEC_CTRL  0x48
>  #define MSR_VIRT_SSBD   0xc001011f
>  #define MSR_IA32_PRED_CMD   0x49
> +#define MSR_IA32_CORE_CAPABILITY0xcf
>  #define MSR_IA32_ARCH_CAPABILITIES  0x10a
>  #define MSR_IA32_TSCDEADLINE0x6e0
>  
> @@ -496,6 +497,7 @@ typedef enum FeatureWord {
>  FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
>  FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
>  FEAT_ARCH_CAPABILITIES,
> +FEAT_CORE_CAPABILITY,
>  FEATURE_WORDS,
>  } FeatureWord;
>  
> @@ -687,6 +689,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>  #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply 
> Accumulation Single Precision */
>  #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
>  #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
> +#define CPUID_7_0_EDX_CORE_CAPABILITY   (1U << 30)  /*Core Capability*/
>  #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass 
> Disable */
>  
>  #define CPUID_8000_0008_EBX_WBNOINVD  (1U << 9)  /* Write back and
> @@ -734,6 +737,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>  #define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3)
>  #define MSR_ARCH_CAP_SSB_NO (1U << 4)
>  
> +#define MSR_CORE_CAP_SPLIT_LOCK_DETECT  (1U << 5)
> +
>  #ifndef HYPERV_SPINLOCK_NEVER_RETRY
>  #define HYPERV_SPINLOCK_NEVER_RETRY 0x
>  #endif
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index 6899061b4e..da99e91ea9 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -95,6 +95,7 @@ static bool has_msr_spec_ctrl;
>  static bool has_msr_virt_ssbd;
>  static bool has_msr_smi_count;
>  static bool has_msr_arch_capabs;
> +static bool has_msr_core_capabs;
>  
>  static uint32_t has_architectural_pmu_version;
>  static uint32_t num_architectural_pmu_gp_counters;
> @@ -1515,6 +1516,9 @@ static int kvm_get_supported_msrs(KVMState *s)
>  case MSR_IA32_ARCH_CAPABILITIES:
>  has_msr_arch_capabs = true;
>  break;
> +case MSR_IA32_CORE_CAPABILITY:
> +has_msr_core_capabs = true;
> +break;
>  }
>  }
>  }
> @@ -2041,6 +2045,11 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
>env->features[FEAT_ARCH_CAPABILITIES]);
>  }
>  
> +if (has_msr_core_capabs) {
> +kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
> +  env->features[FEAT_CORE_CAPABILITY]);
> +}
> +
>  /*
>   * The following MSRs have side effects on the guest or are too heavy
>   * for normal writeback. Limit 

Re: [Qemu-devel] [QEMU PATCH v3 6/9] vmstate: Add support for kernel integer types

[Paolo Bonzini]

On 18/06/19 17:42, Dr. David Alan Gilbert wrote:
>>> Have you checked that builds OK on a non-Linux system?
>> Hmm that’s a good point. No. :P
> Worth a check if you can find one lying around :-)

It does not, but it's a macro so it's enough to enclose the uses in
#ifdef CONFIG_LINUX or CONFIG_KVM.

Paolo

Re: [Qemu-devel] [RFC PATCH 0/9] hw/acpi: make build_madt arch agnostic

[Igor Mammedov]

On Mon, 13 May 2019 14:19:04 +0800
Wei Yang  wrote:

> Now MADT is highly depend in architecture and machine type and leaves
> duplicated code in different architecture. The series here tries to generalize
> it.
> 
> MADT contains one main table and several sub tables. These sub tables are
> highly related to architecture. Here we introduce one method to make it
> architecture agnostic.
> 
>   * each architecture define its sub-table implementation function in madt_sub
>   * introduces struct madt_input to collect sub table information and pass to
> build_madt
> 
> By doing so, each architecture could prepare its own sub-table implementation
> and madt_input. And keep build_madt architecture agnostic.

I've skimmed over patches, and to me it looks mostly as code movement
without apparent benefits and probably a bit more complex than what we have now
(it might be ok cost if it simplifies MADT support for other boards).

Before I do line by line review could you demonstrate what effect new way
to build MADT would have on arm/virt and i386/virt (from NEMU). So it would be
possible to estimate net benefits from new approach?
(PS: it doesn't have to be patches ready for merging, just a dirty hack
that would demonstrate adding MADT for new board using mad_sub[])

> 
> Wei Yang (9):
>   hw/acpi: expand pc_madt_cpu_entry in place
>   hw/acpi: implement madt_sub[ACPI_APIC_PROCESSOR]
>   hw/acpi: implement madt_sub[ACPI_APIC_LOCAL_X2APIC]
>   hw/acpi: implement madt_sub[ACPI_APIC_IO]
>   hw/acpi: implement madt_sub[ACPI_APIC_XRUPT_OVERRIDE]
>   hw/acpi: implement madt_sub[ACPI_APIC_LOCAL_X2APIC_NMI]
>   hw/acpi: implement madt_sub[ACPI_APIC_LOCAL_NMI]
>   hw/acpi: factor build_madt with madt_input
>   hw/acpi: implement madt_main to manipulate main madt table
> 
>  hw/acpi/cpu.c|  14 +-
>  hw/acpi/piix4.c  |   3 +-
>  hw/i386/acpi-build.c | 265 +--
>  hw/isa/lpc_ich9.c|   3 +-
>  include/hw/acpi/acpi_dev_interface.h |  12 +-
>  include/hw/i386/pc.h |   2 +
>  6 files changed, 194 insertions(+), 105 deletions(-)
> 

Re: [Qemu-devel] [PATCH v1 1/9] target/riscv: Restructure deprecatd CPUs

[Alistair Francis]

On Mon, Jun 17, 2019 at 10:23 PM Philippe Mathieu-Daudé
 wrote:
>
> On 6/18/19 3:31 AM, Alistair Francis wrote:
> > Restructure the deprecated CPUs to make it clear in the code that these
> > are depreated. They are already marked as deprecated in
> > qemu-deprecated.texi. There are no functional changes.
> >
> > Signed-off-by: Alistair Francis 
> > ---
> >  target/riscv/cpu.c | 18 ++
> >  target/riscv/cpu.h | 13 +++--
> >  2 files changed, 17 insertions(+), 14 deletions(-)
> >
> > diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> > index 0632ac08cf..a4dd7ae6fc 100644
> > --- a/target/riscv/cpu.c
> > +++ b/target/riscv/cpu.c
> > @@ -558,18 +558,20 @@ static const TypeInfo riscv_cpu_type_infos[] = {
> >  DEFINE_CPU(TYPE_RISCV_CPU_ANY,  riscv_any_cpu_init),
> >  #if defined(TARGET_RISCV32)
> >  DEFINE_CPU(TYPE_RISCV_CPU_BASE32,   riscv_base32_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_09_1, 
> > rv32gcsu_priv1_09_1_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_10_0, 
> > rv32gcsu_priv1_10_0_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV32IMACU_NOMMU,  rv32imacu_nommu_cpu_init),
> >  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E31,   rv32imacu_nommu_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> > rv32gcsu_priv1_10_0_cpu_init)
> > +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U34,   
> > rv32gcsu_priv1_10_0_cpu_init),
> > +/* Depreacted */
>
> "Deprecated" in patch subject and here ;)

Thanks, fixed!

Alistair

>
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV32IMACU_NOMMU,  rv32imacu_nommu_cpu_init),
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_09_1, 
> > rv32gcsu_priv1_09_1_cpu_init),
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV32GCSU_V1_10_0, 
> > rv32gcsu_priv1_10_0_cpu_init)
> >  #elif defined(TARGET_RISCV64)
> >  DEFINE_CPU(TYPE_RISCV_CPU_BASE64,   riscv_base64_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_09_1, 
> > rv64gcsu_priv1_09_1_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_10_0, 
> > rv64gcsu_priv1_10_0_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_RV64IMACU_NOMMU,  rv64imacu_nommu_cpu_init),
> >  DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_E51,   rv64imacu_nommu_cpu_init),
> > -DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> > rv64gcsu_priv1_10_0_cpu_init)
> > +DEFINE_CPU(TYPE_RISCV_CPU_SIFIVE_U54,   
> > rv64gcsu_priv1_10_0_cpu_init),
> > +/* Deprecated */
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV64IMACU_NOMMU,  rv64imacu_nommu_cpu_init),
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_09_1, 
> > rv64gcsu_priv1_09_1_cpu_init),
> > +DEFINE_CPU(TYPE_RISCV_CPU_RV64GCSU_V1_10_0, 
> > rv64gcsu_priv1_10_0_cpu_init)
> >  #endif
> >  };
> >
> > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> > index b47cde5017..1668d12018 100644
> > --- a/target/riscv/cpu.h
> > +++ b/target/riscv/cpu.h
> > @@ -35,16 +35,17 @@
> >  #define TYPE_RISCV_CPU_ANY  RISCV_CPU_TYPE_NAME("any")
> >  #define TYPE_RISCV_CPU_BASE32   RISCV_CPU_TYPE_NAME("rv32")
> >  #define TYPE_RISCV_CPU_BASE64   RISCV_CPU_TYPE_NAME("rv64")
> > -#define TYPE_RISCV_CPU_RV32GCSU_V1_09_1 
> > RISCV_CPU_TYPE_NAME("rv32gcsu-v1.9.1")
> > -#define TYPE_RISCV_CPU_RV32GCSU_V1_10_0 
> > RISCV_CPU_TYPE_NAME("rv32gcsu-v1.10.0")
> > -#define TYPE_RISCV_CPU_RV32IMACU_NOMMU  
> > RISCV_CPU_TYPE_NAME("rv32imacu-nommu")
> > -#define TYPE_RISCV_CPU_RV64GCSU_V1_09_1 
> > RISCV_CPU_TYPE_NAME("rv64gcsu-v1.9.1")
> > -#define TYPE_RISCV_CPU_RV64GCSU_V1_10_0 
> > RISCV_CPU_TYPE_NAME("rv64gcsu-v1.10.0")
> > -#define TYPE_RISCV_CPU_RV64IMACU_NOMMU  
> > RISCV_CPU_TYPE_NAME("rv64imacu-nommu")
> >  #define TYPE_RISCV_CPU_SIFIVE_E31   RISCV_CPU_TYPE_NAME("sifive-e31")
> >  #define TYPE_RISCV_CPU_SIFIVE_E51   RISCV_CPU_TYPE_NAME("sifive-e51")
> >  #define TYPE_RISCV_CPU_SIFIVE_U34   RISCV_CPU_TYPE_NAME("sifive-u34")
> >  #define TYPE_RISCV_CPU_SIFIVE_U54   RISCV_CPU_TYPE_NAME("sifive-u54")
> > +/* Deprecated */
> > +#define TYPE_RISCV_CPU_RV32IMACU_NOMMU  
> > RISCV_CPU_TYPE_NAME("rv32imacu-nommu")
> > +#define TYPE_RISCV_CPU_RV32GCSU_V1_09_1 
> > RISCV_CPU_TYPE_NAME("rv32gcsu-v1.9.1")
> > +#define TYPE_RISCV_CPU_RV32GCSU_V1_10_0 
> > RISCV_CPU_TYPE_NAME("rv32gcsu-v1.10.0")
> > +#define TYPE_RISCV_CPU_RV64IMACU_NOMMU  
> > RISCV_CPU_TYPE_NAME("rv64imacu-nommu")
> > +#define TYPE_RISCV_CPU_RV64GCSU_V1_09_1 
> > RISCV_CPU_TYPE_NAME("rv64gcsu-v1.9.1")
> > +#define TYPE_RISCV_CPU_RV64GCSU_V1_10_0 
> > RISCV_CPU_TYPE_NAME("rv64gcsu-v1.10.0")
> >
> >  #define RV32 ((target_ulong)1 << (TARGET_LONG_BITS - 2))
> >  #define RV64 ((target_ulong)2 << (TARGET_LONG_BITS - 2))
> >