[Qemu-devel] [PATCH for 2.10 v2 02/20] loader: check get_image_size() return value

[Philippe Mathieu-Daudé]

since a negative value means it errored.

hw/core/loader.c:149:9: warning: Loss of sign in implicit conversion
if (size > max_sz) {
^~~~
hw/core/loader.c:171:9: warning: Loss of sign in implicit conversion
if (size > memory_region_size(mr)) {
^~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Eric Blake <ebl...@redhat.com>
Reviewed-by: Alistair Francis <alistair.fran...@xilinx.com>
---
 hw/core/loader.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index c17ace0a2e..4bb176f284 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -146,7 +146,7 @@ int load_image_targphys_as(const char *filename,
 int size;
 
 size = get_image_size(filename);
-if (size > max_sz) {
+if (size < 0 || size > max_sz) {
 return -1;
 }
 if (size > 0) {
@@ -168,7 +168,7 @@ int load_image_mr(const char *filename, MemoryRegion *mr)
 
 size = get_image_size(filename);
 
-if (size > memory_region_size(mr)) {
+if (size < 0 || size > memory_region_size(mr)) {
 return -1;
 }
 if (size > 0) {
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 01/20] tests: add missing dependency to build QTEST_QEMU_BINARY

[Philippe Mathieu-Daudé]

This allow a one liner from fresh repository clone, i.e.:

  ./configure && make -j check-qtest-aarch64

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
Reviewed-by: John Snow <js...@redhat.com>
---
 tests/Makefile.include | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 7af278db55..b55fe39d94 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -830,7 +830,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,)
 # gtester tests, possibly with verbose output
 
 .PHONY: $(patsubst %, check-qtest-%, $(QTEST_TARGETS))
-$(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y)
+$(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: 
subdir-%-softmmu $(check-qtest-y)
$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
$(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
QTEST_QEMU_IMG=qemu-img$(EXESUF) \
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 11/20] linux-user/sh4: fix incorrect memory write

[Philippe Mathieu-Daudé]

not hit since 2009! :)

linux-user/elfload.c:1102:20: warning: Out of bound memory access (access 
exceeds upper limit of memory block)
(*regs[i]) = tswap32(env->gregs[i]);
~~~^~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Laurent Vivier <laur...@vivier.eu>
---
 linux-user/elfload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 2a902f7806..79062882ba 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1099,7 +1099,7 @@ static inline void 
elf_core_copy_regs(target_elf_gregset_t *regs,
 int i;
 
 for (i = 0; i < 16; i++) {
-(*regs[i]) = tswapreg(env->gregs[i]);
+(*regs)[i] = tswapreg(env->gregs[i]);
 }
 
 (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 06/20] ui/vnc: fix leak of SocketAddress **

[Philippe Mathieu-Daudé]

Extract the (correct) cleaning code as a new function vnc_free_addresses() then
use it to remove the memory leaks.

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Daniel P. Berrange <berra...@redhat.com>
---
 ui/vnc.c | 36 ++--
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index eb91559b6b..651cbb8606 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3521,6 +3521,20 @@ static int vnc_display_get_address(const char *addrstr,
 return ret;
 }
 
+static void vnc_free_addresses(SocketAddress ***retsaddr,
+   size_t *retnsaddr)
+{
+size_t i;
+
+for (i = 0; i < *retnsaddr; i++) {
+qapi_free_SocketAddress((*retsaddr)[i]);
+}
+g_free(*retsaddr);
+
+*retsaddr = NULL;
+*retnsaddr = 0;
+}
+
 static int vnc_display_get_addresses(QemuOpts *opts,
  bool reverse,
  SocketAddress ***retsaddr,
@@ -3538,7 +3552,6 @@ static int vnc_display_get_addresses(QemuOpts *opts,
 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
-size_t i;
 int displaynum = -1;
 int ret = -1;
 
@@ -3614,16 +3627,8 @@ static int vnc_display_get_addresses(QemuOpts *opts,
 ret = 0;
  cleanup:
 if (ret < 0) {
-for (i = 0; i < *retnsaddr; i++) {
-qapi_free_SocketAddress((*retsaddr)[i]);
-}
-g_free(*retsaddr);
-for (i = 0; i < *retnwsaddr; i++) {
-qapi_free_SocketAddress((*retwsaddr)[i]);
-}
-g_free(*retwsaddr);
-*retsaddr = *retwsaddr = NULL;
-*retnsaddr = *retnwsaddr = 0;
+vnc_free_addresses(retsaddr, retnsaddr);
+vnc_free_addresses(retwsaddr, retnwsaddr);
 }
 return ret;
 }
@@ -3772,7 +3777,6 @@ void vnc_display_open(const char *id, Error **errp)
 int acl = 0;
 int lock_key_sync = 1;
 int key_delay_ms;
-size_t i;
 
 if (!vd) {
 error_setg(errp, "VNC display not active");
@@ -3993,12 +3997,8 @@ void vnc_display_open(const char *id, Error **errp)
 }
 
  cleanup:
-for (i = 0; i < nsaddr; i++) {
-qapi_free_SocketAddress(saddr[i]);
-}
-for (i = 0; i < nwsaddr; i++) {
-qapi_free_SocketAddress(wsaddr[i]);
-}
+vnc_free_addresses(, );
+vnc_free_addresses(, );
 return;
 
 fail:
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 09/20] vfio/pci: fix use of freed memory

[Philippe Mathieu-Daudé]

hw/vfio/pci.c:308:29: warning: Use of memory after it is freed
qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
^~~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>
---
 hw/vfio/pci.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index d4051cb951..31e1edf447 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -257,7 +257,7 @@ static void vfio_intx_update(PCIDevice *pdev)
 static int vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
 {
 uint8_t pin = vfio_pci_read_config(>pdev, PCI_INTERRUPT_PIN, 1);
-int ret, argsz;
+int ret, argsz, retval = 0;
 struct vfio_irq_set *irq_set;
 int32_t *pfd;
 Error *err = NULL;
@@ -302,12 +302,12 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error 
**errp)
 qemu_set_fd_handler(*pfd, vfio_intx_interrupt, NULL, vdev);
 
 ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_SET_IRQS, irq_set);
-g_free(irq_set);
 if (ret) {
 error_setg_errno(errp, -ret, "failed to setup INTx fd");
 qemu_set_fd_handler(*pfd, NULL, NULL, vdev);
 event_notifier_cleanup(>intx.interrupt);
-return -errno;
+retval = -errno;
+goto cleanup;
 }
 
 vfio_intx_enable_kvm(vdev, );
@@ -319,7 +319,10 @@ static int vfio_intx_enable(VFIOPCIDevice *vdev, Error 
**errp)
 
 trace_vfio_intx_enable(vdev->vbasedev.name);
 
-return 0;
+cleanup:
+g_free(irq_set);
+
+return retval;
 }
 
 static void vfio_intx_disable(VFIOPCIDevice *vdev)
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 05/20] qcow2: fix null pointer dereference

[Philippe Mathieu-Daudé]

It seems this assert() was somehow misplaced.

block/qcow2-refcount.c:2193:42: warning: Array access (from variable 
'on_disk_reftable') results in a null pointer dereference
on_disk_reftable[refblock_index] = refblock_offset;
 ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Eric Blake <ebl...@redhat.com>
---
 block/qcow2-refcount.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index c9b0dcb4f3..168fc32e7b 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -2189,6 +2189,8 @@ write_refblocks:
  * this will leak that range, but we can easily fix that by running
  * a leak-fixing check after this rebuild operation */
 reftable_offset = -1;
+} else {
+assert(on_disk_reftable);
 }
 on_disk_reftable[refblock_index] = refblock_offset;
 
@@ -2258,8 +2260,6 @@ write_refblocks:
 goto write_refblocks;
 }
 
-assert(on_disk_reftable);
-
 for (refblock_index = 0; refblock_index < reftable_size; refblock_index++) 
{
 cpu_to_be64s(_disk_reftable[refblock_index]);
 }
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 12/20] syscall: fix dereference of undefined pointer

[Philippe Mathieu-Daudé]

linux-user/syscall.c:5581:9: warning: Dereference of undefined pointer value
if (*host_rt_dev_ptr != 0) {
^~~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lviv...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 linux-user/syscall.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 003943b736..71d45a9963 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5573,6 +5573,7 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t 
*buf_temp,
 field_types, THUNK_HOST);
 }
 unlock_user(argptr, arg, 0);
+assert(host_rt_dev_ptr);
 
 ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
 if (*host_rt_dev_ptr != 0) {
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 13/20] syscall: fix use of uninitialized values

[Philippe Mathieu-Daudé]

linux-user/syscall.c:1627:35: warning: 1st function call argument is an 
uninitialized value
target_saddr->sa_family = tswap16(addr->sa_family);
  ^~~~
linux-user/syscall.c:1629:25: warning: The left operand of '==' is a garbage 
value
if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
~~~ ^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Laurent Vivier <laur...@vivier.eu>
---
 linux-user/syscall.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 71d45a9963..81f52f7483 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1622,6 +1622,7 @@ static inline abi_long host_to_target_sockaddr(abi_ulong 
target_addr,
 if (len == 0) {
 return 0;
 }
+assert(addr);
 
 target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
 if (!target_saddr)
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 14/20] syscall: check inotify() and eventfd() return value

[Philippe Mathieu-Daudé]

linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed 
memory precedes memory block)
target_fd_trans[fd] = trans;
^~~

Reported-by: Clang Static Analyzer
Suggested-by: Laurent Vivier <lviv...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 linux-user/syscall.c | 16 
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 81f52f7483..dfc1301e63 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11742,7 +11742,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
 case TARGET_NR_inotify_init:
 ret = get_errno(sys_inotify_init());
-fd_trans_register(ret, _inotify_trans);
+if (ret >= 0) {
+fd_trans_register(ret, _inotify_trans);
+}
 break;
 #endif
 #ifdef CONFIG_INOTIFY1
@@ -11750,7 +11752,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_inotify_init1:
 ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1,
   fcntl_flags_tbl)));
-fd_trans_register(ret, _inotify_trans);
+if (ret >= 0) {
+fd_trans_register(ret, _inotify_trans);
+}
 break;
 #endif
 #endif
@@ -11916,7 +11920,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #if defined(TARGET_NR_eventfd)
 case TARGET_NR_eventfd:
 ret = get_errno(eventfd(arg1, 0));
-fd_trans_register(ret, _eventfd_trans);
+if (ret >= 0) {
+fd_trans_register(ret, _eventfd_trans);
+}
 break;
 #endif
 #if defined(TARGET_NR_eventfd2)
@@ -11930,7 +11936,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 host_flags |= O_CLOEXEC;
 }
 ret = get_errno(eventfd(arg1, host_flags));
-fd_trans_register(ret, _eventfd_trans);
+if (ret >= 0) {
+fd_trans_register(ret, _eventfd_trans);
+}
 break;
 }
 #endif
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 17/20] bt-sdp: fix memory leak in sdp_service_record_build()

[Philippe Mathieu-Daudé]

hw/bt/sdp.c:753:5: warning: Potential leak of memory pointed to by 'data'
qsort(record->attribute_list, record->attributes,
^

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
hw/bt/*:
get_maintainer.pl: No maintainers found

 hw/bt/sdp.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
index f67b3b89c0..7b2186e1f4 100644
--- a/hw/bt/sdp.c
+++ b/hw/bt/sdp.c
@@ -711,7 +711,7 @@ static void sdp_service_record_build(struct 
sdp_service_record_s *record,
 struct sdp_def_service_s *def, int handle)
 {
 int len = 0;
-uint8_t *data;
+uint8_t *buf, *data;
 int *uuid;
 
 record->uuids = 0;
@@ -725,7 +725,8 @@ static void sdp_service_record_build(struct 
sdp_service_record_s *record,
 g_malloc0(record->attributes * sizeof(*record->attribute_list));
 record->uuid =
 g_malloc0(record->uuids * sizeof(*record->uuid));
-data = g_malloc(len);
+buf = g_malloc(len);
+data = buf;
 
 record->attributes = 0;
 uuid = record->uuid;
@@ -748,6 +749,7 @@ static void sdp_service_record_build(struct 
sdp_service_record_s *record,
 record->attribute_list[record->attributes ++].len = len;
 data += len;
 }
+g_free(buf);
 
 /* Sort the attribute list by the AttributeID */
 qsort(record->attribute_list, record->attributes,
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 19/20] spapr_vio: fix overflow of qdevs in spapr_dt_vdevice()

[Philippe Mathieu-Daudé]

sizeof(ptr) was used instead of sizeof(struct)...

also use g_malloc_n() which take care of possible type overflow.

hw/ppc/spapr_vio.c:641:22: warning: The code calls sizeof() on a pointer type. 
This can produce an unexpected result
qdevs = g_malloc(sizeof(qdev) * num);
 ^ ~~
hw/ppc/spapr_vio.c:648:23: warning: The code calls sizeof() on a pointer type. 
This can produce an unexpected result
qsort(qdevs, num, sizeof(qdev), compare_reg);
  ^ ~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 hw/ppc/spapr_vio.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
index ea3bc8bd9e..9991b44c9f 100644
--- a/hw/ppc/spapr_vio.c
+++ b/hw/ppc/spapr_vio.c
@@ -638,14 +638,14 @@ void spapr_dt_vdevice(VIOsPAPRBus *bus, void *fdt)
 }
 
 /* Copy out into an array of pointers */
-qdevs = g_malloc(sizeof(qdev) * num);
+qdevs = g_malloc_n(num, sizeof(*qdev));
 num = 0;
 QTAILQ_FOREACH(kid, >bus.children, sibling) {
 qdevs[num++] = kid->child;
 }
 
 /* Sort the array */
-qsort(qdevs, num, sizeof(qdev), compare_reg);
+qsort(qdevs, num, sizeof(*qdev), compare_reg);
 
 /* Hack alert. Give the devices to libfdt in reverse order, we happen
  * to know that will mean they are in forward order in the tree. */
-- 
2.13.3

[Qemu-devel] [PATCH for 2.10 v2 18/20] 9pfs: avoid sign conversion error simplifying the code

[Philippe Mathieu-Daudé]

(note this is how other functions also handle the errors).

hw/9pfs/9p.c:948:18: warning: Loss of sign in implicit conversion
offset = err;
 ^~~

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 hw/9pfs/9p.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 333dbb6f8e..0a37c8bd13 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -945,7 +945,6 @@ static void coroutine_fn v9fs_version(void *opaque)
 v9fs_string_init();
 err = pdu_unmarshal(pdu, offset, "ds", >msize, );
 if (err < 0) {
-offset = err;
 goto out;
 }
 trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data);
@@ -962,13 +961,12 @@ static void coroutine_fn v9fs_version(void *opaque)
 
 err = pdu_marshal(pdu, offset, "ds", s->msize, );
 if (err < 0) {
-offset = err;
 goto out;
 }
-offset += err;
+err += offset;
 trace_v9fs_version_return(pdu->tag, pdu->id, s->msize, version.data);
 out:
-pdu_complete(pdu, offset);
+pdu_complete(pdu, err);
 v9fs_string_free();
 }
 
-- 
2.13.3

Re: [Qemu-devel] [PATCH 06/11] qmp.py: Couple of pylint/style fixes

[Philippe Mathieu-Daudé]

Hi Lukáš,

On 07/24/2017 09:36 AM, Lukáš Doktor wrote:

Dne 22.7.2017 v 03:30 Philippe Mathieu-Daudé napsal(a):

Hi Lukáš,

Since comment/indent fixes and code changes are not related I'd rather see this 
split in at least 2 patches.


Hello Philippe, thank you for the review, I'm wondering what code changes you 
have in mind? This is commit should not bring any code changes, just code 
reorganization (like including the self.* attributes on top of the file)


On 07/20/2017 01:28 PM, Lukáš Doktor wrote:

No actual code changes, just a few pylint/style fixes and docstring
clarifications.

Signed-off-by: Lukáš Doktor <ldok...@redhat.com>
---
   scripts/qmp/qmp.py | 37 -
   1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/scripts/qmp/qmp.py b/scripts/qmp/qmp.py

[...]

   def __init__(self, address, server=False, debug=False):
   """
   Create a QEMUMonitorProtocol class.
@@ -42,6 +53,7 @@ class QEMUMonitorProtocol:
   self.__address = address
   self._debug = debug
   self.__sock = self.__get_sock()
+self.__sockfile = None


I was thinking about this line which is new. Now the declaration and 
initialization are done in __init__() while before it was only 
declared/initialized in connect() or accept().


I'm not expert of python interpreter/jit internals but expect the 
generated code to be slightly different, even if achieving the same.


not a bit deal, just about wording ;)


   if server:
   self.__sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
   self.__sock.bind(self.__address)

[Qemu-devel] [PATCH] Makefile: add all-user/all-linux-user/all-softmmu meta-targets

[Philippe Mathieu-Daudé]

Useful to build a whole set at once.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 Makefile | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 5f18243d05..da899522e4 100644
--- a/Makefile
+++ b/Makefile
@@ -814,6 +814,11 @@ endif
 # Dependencies in Makefile.objs files come from our recursive subdir rules
 -include $(wildcard *.d tests/*.d)
 
+.PHONY: subdir-all-user subdir-all-linux-user subdir-all-softmmu
+subdir-all-user: $(patsubst %,subdir-%,$(filter %-user,$(TARGET_DIRS)))
+subdir-all-linux-user: $(patsubst %,subdir-%,$(filter 
%-linux-user,$(TARGET_DIRS)))
+subdir-all-softmmu: $(patsubst %,subdir-%,$(filter %-softmmu,$(TARGET_DIRS)))
+
 include $(SRC_PATH)/tests/docker/Makefile.include
 
 .PHONY: help
@@ -827,7 +832,7 @@ help:
@echo  ''
@$(if $(TARGET_DIRS), \
echo 'Architecture specific targets:'; \
-   $(foreach t, $(TARGET_DIRS), \
+   $(foreach t, $(TARGET_DIRS) all-user all-linux-user 
all-softmmu, \
printf "  %-30s - Build for %s\\n" $(patsubst %,subdir-%,$(t)) 
$(t);) \
echo '')
@echo  'Cleaning targets:'
-- 
2.13.3

Re: [Qemu-devel] [PATCH 06/11] qmp.py: Couple of pylint/style fixes

[Philippe Mathieu-Daudé]

On Tue, Jul 25, 2017 at 3:13 AM, Lukáš Doktor <ldok...@redhat.com> wrote:
> Dne 25.7.2017 v 08:04 Philippe Mathieu-Daudé napsal(a):
>> Hi Lukáš,
>>
>> On 07/24/2017 09:36 AM, Lukáš Doktor wrote:
>>> Dne 22.7.2017 v 03:30 Philippe Mathieu-Daudé napsal(a):
>>>> Hi Lukáš,
>>>>
>>>> Since comment/indent fixes and code changes are not related I'd rather see 
>>>> this split in at least 2 patches.
>>>>
>>> Hello Philippe, thank you for the review, I'm wondering what code changes 
>>> you have in mind? This is commit should not bring any code changes, just 
>>> code reorganization (like including the self.* attributes on top of the 
>>> file)
>>>
>>>> On 07/20/2017 01:28 PM, Lukáš Doktor wrote:
>>>>> No actual code changes, just a few pylint/style fixes and docstring
>>>>> clarifications.
>>>>>
>>>>> Signed-off-by: Lukáš Doktor <ldok...@redhat.com>
>>>>> ---
>>>>>scripts/qmp/qmp.py | 37 -
>>>>>1 file changed, 24 insertions(+), 13 deletions(-)
>>>>>
>>>>> diff --git a/scripts/qmp/qmp.py b/scripts/qmp/qmp.py
>> [...]
>>>>>def __init__(self, address, server=False, debug=False):
>>>>>"""
>>>>>Create a QEMUMonitorProtocol class.
>>>>> @@ -42,6 +53,7 @@ class QEMUMonitorProtocol:
>>>>>self.__address = address
>>>>>self._debug = debug
>>>>>self.__sock = self.__get_sock()
>>>>> +self.__sockfile = None
>>
>> I was thinking about this line which is new. Now the declaration and 
>> initialization are done in __init__() while before it was only 
>> declared/initialized in connect() or accept().
>>
>> I'm not expert of python interpreter/jit internals but expect the generated 
>> code to be slightly different, even if achieving the same.
>>
>> not a bit deal, just about wording ;)
>>
> Well the difference is that before `connect` you get `AttributeError` when 
> looking for `self.__sockfile` while with this patch you'll get `None`. In 
> this code nobody queries for `self.__sockfile` before the `connect` so it 
> should not change the behavior of this code so I consider that as a `style` 
> fix as it's ugly to extend attributes later in code (with some exceptions 
> like Namespace-objects..). Anyway if you insist I can split those patches.

I'm not insisting ;) Just add something like "also initialize
__sockfile to avoid AttributeError while introspecting object before
any call to connect/accept" in the commit message and that's fine to
me.

Re: [Qemu-devel] [PULL 00/14] tcg-next patch queue

[Philippe Mathieu-Daudé]

On 07/19/2017 04:45 PM, Peter Maydell wrote:

The sparc-linux-user test fails:

/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc
-L ./gnemul/qemu-sparc sparc/ls -l dummyfile
Inconsistency detected by ld.so: rtld.c: 858: dl_main: Assertion
`_dl_rtld_map.l_prev->l_next == _dl_rtld_map.l_next' failed!
Makefile:6: recipe for target 'test' failed

A valgrind run produces a lot of noise, but
this bit looks suspicious:

==14436==
==14436== Conditional jump or move depends on uninitialised value(s)
==14436==at 0x60003F7C: tcg_out_qemu_st_direct (tcg-target.inc.c:1733)
==14436==by 0x60004295: tcg_out_qemu_st (tcg-target.inc.c:1856)
==14436==by 0x60004F0C: tcg_out_op (tcg-target.inc.c:2140)
==14436==by 0x6000B0FF: tcg_reg_alloc_op (tcg.c:2360)
==14436==by 0x6000BCED: tcg_gen_code (tcg.c:2679)
==14436==by 0x600387B7: tb_gen_code (translate-all.c:1311)
==14436==by 0x6003637B: tb_find (cpu-exec.c:367)
==14436==by 0x60036A7C: cpu_exec (cpu-exec.c:675)
==14436==by 0x60039DA1: cpu_loop (main.c:1088)
==14436==by 0x6003B7AF: main (main.c:4860)
==14436==
==14436== Invalid write of size 4
==14436==at 0x605114FA: ???
==14436==by 0x6011ADDF: ??? (in
/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc)
==14436==by 0x6253464F: ???
==14436==by 0x6022852F: ??? (in
/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc)
==14436==by 0x6022818C: ??? (in
/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc)
==14436==by 0x6022852F: ??? (in
/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc)
==14436==by 0x416: ???
==14436==by 0x60227F1F: ??? (in
/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sparc-linux-user/qemu-sparc)
==14436==  Address 0x59d1c7d0 is not stack'd, malloc'd or (recently) free'd
==14436==

Reverting "target/sparc: optimize gen_op_mulscc() using deposit op"
fixed this, so I think that's probably the culprit.


Thank you for taking time with valgrind, I'll verify sparc/tcg opcode used.

Phil.

Re: [Qemu-devel] [PATCH v5 0/3] Add litmus tests for MTTCG consistency tests

[Philippe Mathieu-Daudé]

Hi Pranith,

On 12/01/2016 02:28 AM, Pranith Kumar wrote:

Hello,

The following patch series adds litmus tests to test consistency for
MTTCG enabled qemu. These patches apply on top of the clean up
tests/tcg folder made by my previous patch series.

The tests were generated using the litmus tool. The sources and
instructions on how to generate these sources can be found in this
repository: https://github.com/pranith/qemu-litmus

I tested these on both an x86 and an Aarch64 machine. These tests are
currently enabled for the trusty configuration on travis.

Thanks,
--
Pranith

*** BLURB HERE ***

Pranith Kumar (3):
   tests/tcg: Add i386 litmus test
   tests/tcg: Add aarch64 litmus tests
   travis: Enable litmus tests

  .travis.yml   |8 +
  tests/tcg/aarch64/litmus/ARMARM00.c   |  501 +
  tests/tcg/aarch64/litmus/ARMARM01.c   |  504 +
  tests/tcg/aarch64/litmus/ARMARM02.c   |  571 ++
  tests/tcg/aarch64/litmus/ARMARM03.c   |  498 +
  tests/tcg/aarch64/litmus/ARMARM04+BIS.c   |  556 ++
  tests/tcg/aarch64/litmus/ARMARM04+TER.c   |  538 ++
  tests/tcg/aarch64/litmus/ARMARM04.c   |  556 ++
  tests/tcg/aarch64/litmus/ARMARM05.c   |  553 ++
  tests/tcg/aarch64/litmus/ARMARM06+AP+AA.c |  581 +++
  tests/tcg/aarch64/litmus/ARMARM06+AP+AP.c |  581 +++
  tests/tcg/aarch64/litmus/ARMARM06.c   |  581 +++
  tests/tcg/aarch64/litmus/ARMARM07+SAL.c   |  497 +
  tests/tcg/aarch64/litmus/Makefile |   53 ++
  tests/tcg/aarch64/litmus/README.txt   |   22 +
  tests/tcg/aarch64/litmus/affinity.c   |  159 
  tests/tcg/aarch64/litmus/affinity.h   |   34 +
  tests/tcg/aarch64/litmus/comp.sh  |   30 +
  tests/tcg/aarch64/litmus/litmus_rand.c|   64 ++
  tests/tcg/aarch64/litmus/litmus_rand.h|   29 +
  tests/tcg/aarch64/litmus/outs.c   |  148 
  tests/tcg/aarch64/litmus/outs.h   |   49 ++
  tests/tcg/aarch64/litmus/run.sh   |  378 ++
  tests/tcg/aarch64/litmus/show.awk |2 +
  tests/tcg/aarch64/litmus/utils.c  | 1148 +
  tests/tcg/aarch64/litmus/utils.h  |  275 +++
  tests/tcg/i386/litmus/Makefile|   42 ++


can you add an entry for both folders into MAINTAINERS please?


  tests/tcg/i386/litmus/README.txt  |   22 +
  tests/tcg/i386/litmus/SAL.c   |  491 
  tests/tcg/i386/litmus/affinity.c  |  159 
  tests/tcg/i386/litmus/affinity.h  |   34 +
  tests/tcg/i386/litmus/comp.sh |   10 +
  tests/tcg/i386/litmus/litmus_rand.c   |   64 ++
  tests/tcg/i386/litmus/litmus_rand.h   |   29 +
  tests/tcg/i386/litmus/outs.c  |  148 
  tests/tcg/i386/litmus/outs.h  |   49 ++
  tests/tcg/i386/litmus/run.sh  |   55 ++
  tests/tcg/i386/litmus/show.awk|2 +
  tests/tcg/i386/litmus/utils.c | 1148 +
  tests/tcg/i386/litmus/utils.h |  275 +++
  40 files changed, 11444 insertions(+)
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM00.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM01.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM02.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM03.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM04+BIS.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM04+TER.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM04.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM05.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM06+AP+AA.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM06+AP+AP.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM06.c
  create mode 100644 tests/tcg/aarch64/litmus/ARMARM07+SAL.c
  create mode 100644 tests/tcg/aarch64/litmus/Makefile
  create mode 100644 tests/tcg/aarch64/litmus/README.txt
  create mode 100644 tests/tcg/aarch64/litmus/affinity.c
  create mode 100644 tests/tcg/aarch64/litmus/affinity.h
  create mode 100644 tests/tcg/aarch64/litmus/comp.sh
  create mode 100644 tests/tcg/aarch64/litmus/litmus_rand.c
  create mode 100644 tests/tcg/aarch64/litmus/litmus_rand.h
  create mode 100644 tests/tcg/aarch64/litmus/outs.c
  create mode 100644 tests/tcg/aarch64/litmus/outs.h
  create mode 100755 tests/tcg/aarch64/litmus/run.sh
  create mode 100644 tests/tcg/aarch64/litmus/show.awk
  create mode 100644 tests/tcg/aarch64/litmus/utils.c
  create mode 100644 tests/tcg/aarch64/litmus/utils.h
  create mode 100644 tests/tcg/i386/litmus/Makefile
  create mode 100644 tests/tcg/i386/litmus/README.txt
  create mode 100644 tests/tcg/i386/litmus/SAL.c
  create mode 100644 tests/tcg/i386/litmus/affinity.c
  create mode 100644 tests/tcg/i386/litmus/affinity.h
  create mode 100644 tests/tcg/i386/litmus/comp.sh
  create mode 100644 

Re: [Qemu-devel] [PATCH] Don't enable networking as a side-effect of DEBUG=1

[Philippe Mathieu-Daudé]

Hi Daniel,

On 07/12/2017 01:25 PM, Daniel P. Berrange wrote:

When trying to debug problems with tests it is natural to set
DEBUG=1 when starting the docker environment. Unfortunately
this has a side-effect of enabling an eth0 network interface
in the container, which changes the operating environment of
the test suite. IOW tests with fail may suddenly start
working again if DEBUG=1 is set, due to changed network setup.

Add a separate NETWORK=1 option to allow enablement of
networking separately from DEBUG=1, since common debugging
tasks probably don't require networking anyway.

Signed-off-by: Daniel P. Berrange 
---
  tests/docker/Makefile.include | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 037cb9e..a8c4b82 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -106,6 +106,7 @@ docker:
@echo ' (default is 1)'
@echo 'DEBUG=1  Stop and drop to shell in the created 
container'
@echo ' before running the command.'
+   @echo 'NETWORK=1Enable eth0 virtual network interface.'


"eth0" is not always true...

This patch could be more generic, maybe documented as:

  NETWORK=host Use full host network stack (default no network).'


@echo 'NOUSER   Define to disable adding current user 
to containers passwd.'
@echo 'NOCACHE=1Ignore cache when build images.'
@echo 'EXECUTABLE=Include executable in image.'
@@ -132,7 +133,8 @@ docker-run: docker-qemu-src
$(SRC_PATH)/tests/docker/docker.py run  \
$(if $(NOUSER),,-u $(shell id -u)) -t   \
$(if $V,,--rm)  \
-   $(if $(DEBUG),-i,--net=none)\
+   $(if $(DEBUG),-i,)  \
+   $(if $(NETWORK),,--net=none)\


and here use directly:  --net=${NETWORK:-none}

so an experimented docker user could even run tests as:

  make docker-test-quick@centos6 NETWORK=container:qemu

(or NETWORK=bridge)


-e TARGET_LIST=$(TARGET_LIST)   \
-e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
-e V=$V -e J=$J -e DEBUG=$(DEBUG)   \



Regards,

Phil.

Re: [Qemu-devel] [PATCH] Don't enable networking as a side-effect of DEBUG=1

[Philippe Mathieu-Daudé]

On 07/12/2017 06:46 PM, Philippe Mathieu-Daudé wrote:

now trying old debian release:

$ docker run --rm -it debian:wheezy sh -c "cat /etc/debian_version"; 
echo $?

7.11
0

$ docker run --rm -it debian:wheezy bash -c "cat /etc/debian_version"; 
echo $?

139


Indeed using debian:wheezy based dockerfile:

$ make docker-test-quick@debian7
[...]
Step 4/14 : RUN apt-get update
 ---> Running in 305758a09ca4
E: Method http has died unexpectedly!
E: Sub-process http received a segmentation fault.
The command '/bin/sh -c apt-get update' returned a non-zero code: 100

$ dmesg
sh[25336] vsyscall attempted with vsyscall=none ip:ff600400 
cs:33 sp:7fffa210e208 ax:ff600400 si:7fffa210ef60 di:0
sh[25336]: segfault at ff600400 ip ff600400 sp 
7fffa210e208 error 15


note, this does test Fam's "docker.py: Improve subprocess exit code 
handling" :P

Re: [Qemu-devel] [PULL v2 0/5] Merge sockets 2017/07/11

[Philippe Mathieu-Daudé]

Hi Daniel,

On 07/12/2017 01:18 PM, Daniel P. Berrange wrote:

The following changes since commit 3d0bf8dfdfebd7f2ae41b6f220444b8047d6b1ee:

   Merge remote-tracking branch 
'remotes/dgilbert/tags/pull-migration-20170710a' into staging (2017-07-10 
18:13:03 +0100)

are available in the git repository at:

   git://github.com/berrange/qemu tags/pull-sockets-2017-07-11-2

for you to fetch changes up to 4b1ac1b3abf0d07cd4d9f9011f12d62bff27154c:

   tests: add functional test validating ipv4/ipv6 address flag handling 
(2017-07-12 16:49:00 +0100)


Merge sockets 2017/07/11 v2


$ git diff pull-sockets-2017-07-11-1..pull-sockets-2017-07-11-2

As I understand, diff since v1 is:

- restricted sockets-proto tests to x86_64
- run tests using INADDR_LOOPBACK instead of INADDR_ANY

signed PR, else:
Tested-by: Philippe Mathieu-Daudé <f4...@amsat.org>




Daniel P. Berrange (5):
   sockets: ensure we can bind to both ipv4 & ipv6 separately
   sockets: don't block IPv4 clients when listening on "::"
   sockets: ensure we don't accept IPv4 clients when IPv4 is disabled
   io: preserve ipv4/ipv6 flags when resolving InetSocketAddress
   tests: add functional test validating ipv4/ipv6 address flag handling

  io/dns-resolver.c  |   6 +-
  tests/.gitignore   |   1 +
  tests/Makefile.include |   3 +
  tests/test-sockets-proto.c | 924 +
  util/qemu-sockets.c|  71 +++-
  5 files changed, 984 insertions(+), 21 deletions(-)
  create mode 100644 tests/test-sockets-proto.c

Re: [Qemu-devel] [PATCH] Don't enable networking as a side-effect of DEBUG=1

[Philippe Mathieu-Daudé]

Hi Alex, Fam,

I wanted to try this patch but got:

$ make docker-test-quick@centos6 NETWORK=1
  BUILD   centos6
The command '/bin/sh -c yum install -y epel-release' returned a non-zero 
code: 139

Traceback (most recent call last):
  File "./tests/docker/docker.py", line 382, in 
sys.exit(main())
  File "./tests/docker/docker.py", line 379, in main
return args.cmdobj.run(args, argv)
  File "./tests/docker/docker.py", line 301, in run
extra_files_cksum=cksum)
  File "./tests/docker/docker.py", line 185, in build_image
quiet=quiet)
  File "./tests/docker/docker.py", line 123, in _do_check
return subprocess.check_call(self._command + cmd, **kwargs)
  File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['docker', 'build', '-t', 
'qemu:centos6', '-f', '/tmp/docker_buildIrIR2w/tmpxMPjZu.docker', 
'--build-arg=http_proxy=http://172.17.0.1:3142/', 
'/tmp/docker_buildIrIR2w']' returned non-zero exit status 139
tests/docker/Makefile.include:47: recipe for target 
'docker-image-centos6' failed

make: *** [docker-image-centos6] Error 1

looking further:

$ docker run --rm centos:6 cat /etc/redhat-release; echo $?
CentOS release 6.9 (Final)
0

$ docker run --rm centos:6 sh -c "cat /etc/redhat-release"; echo $?
139

uh?

$ docker run --rm centos:7 sh -c "cat /etc/redhat-release"; echo $?
CentOS Linux release 7.3.1611 (Core)
0

now trying old debian release:

$ docker run --rm -it debian:wheezy sh -c "cat /etc/debian_version"; echo $?
7.11
0

$ docker run --rm -it debian:wheezy bash -c "cat /etc/debian_version"; 
echo $?

139

hmmm

$ docker run --rm -it debian:jessie bash -c "cat /etc/debian_version"; 
echo $?

8.7
0

$ docker info
Server Version: 17.05.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
Cgroup Driver: cgroupfs
Default Runtime: runc
Init Binary: docker-init
containerd version: 9048e5e50717ea4497b757314bad98ea3763c145
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Kernel Version: 4.11.0-1-amd64
Operating System: Debian GNU/Linux buster/sid
Architecture: x86_64

$ sudo journalctl -kb -l -o json-pretty
{
"PRIORITY" : "6",
"_TRANSPORT" : "kernel",
"SYSLOG_FACILITY" : "0",
"SYSLOG_IDENTIFIER" : "kernel",
"MESSAGE" : "sh[23389] vsyscall attempted with vsyscall=none 
ip:ff600400 cs:33 sp:7ffcfd21a6c8 ax:ff600400 
si:7ffcfd21af6f di:0"

}
{
"_TRANSPORT" : "kernel",
"SYSLOG_FACILITY" : "0",
"SYSLOG_IDENTIFIER" : "kernel",
"MESSAGE" : "sh[23389]: segfault at ff600400 ip 
ff600400 sp 7ffcfd21a6c8 error 15"

}

is it time to upgrade the docker image to centos:7 ?

Re: [Qemu-devel] [PATCH 1/1] tcg/tci: Remove unnecessary TODO() for INDEX_op_bswap16_i64

[Philippe Mathieu-Daudé]

Hi Jaroslaw,

Thank for reporting this, however this fix has been reviewed:
http://patchwork.ozlabs.org/patch/781982/

On 07/12/2017 10:52 AM, Jaroslaw Pelczar wrote:

Running Ubuntu with systemd on AArch64 Cortex-A53 and qemu is compiled
with

./configure --target-list=aarch64-softmmu --enable-tcg-interpreter

System gives the following log:

Welcome to Ubuntu 16.04.1 LTS!

systemd[1]: Set hostname to .
TODO (...)/qemu/tcg/tci.c:1049: tcg_qemu_tb_exec()
(...)/qemu/tcg/tci.c:1049: tcg fatal error
Aborted (core dumped)

After investigation it turns out that TCG generates bswap16_i64
opcode, which looks fine in the implementation.


Indeed while correctly implemented, "that code part was simply never 
executed, and [Stefan] only removed the TODO() statements from tested 
code." as explained Stefan.



Signed-off-by: Jaroslaw Pelczar 


I can add your Signed-off-by there if you mind


---
  tcg/tci.c | 1 -
  1 file changed, 1 deletion(-)

diff --git a/tcg/tci.c b/tcg/tci.c
index 4bdc645..f39bfb9 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -1046,7 +1046,6 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t
*tb_ptr)
  break;
  #if TCG_TARGET_HAS_bswap16_i64
  case INDEX_op_bswap16_i64:
-TODO();
  t0 = *tb_ptr++;
  t1 = tci_read_r16(_ptr);
  tci_write_reg64(t0, bswap16(t1));



Regards,

Phil.

Re: [Qemu-devel] [PATCH 10/29] net/rocker: use QEMU_IS_ALIGNED macro

[Philippe Mathieu-Daudé]

On 07/18/2017 02:51 PM, Eric Blake wrote:

On 07/18/2017 01:09 AM, Philippe Mathieu-Daudé wrote:

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
  hw/net/rocker/rocker.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
index 4f0f6d71e5..55228f2f52 100644
--- a/hw/net/rocker/rocker.c
+++ b/hw/net/rocker/rocker.c
@@ -1419,7 +1419,7 @@ static int pci_rocker_init(PCIDevice *dev)
  desc_ring_set_consume(ring, cmd_consume, ROCKER_MSIX_VEC_CMD);
  } else if (i == ROCKER_RING_EVENT) {
  desc_ring_set_consume(ring, NULL, ROCKER_MSIX_VEC_EVENT);
-} else if (i % 2 == 0) {
+} else if (QEMU_IS_ALIGNED(i, 2)) {
  desc_ring_set_consume(ring, tx_consume,
ROCKER_MSIX_VEC_TX((i - 2) / 2));
  } else if (i % 2 == 1) {



Given the if chain, I think you don't want this one.


Indeed, dropped. Thanks for your review!

Re: [Qemu-devel] [PATCH 16/29] lm32: use QEMU_IS_ALIGNED macro

[Philippe Mathieu-Daudé]

On 07/18/2017 11:37 AM, Thomas Huth wrote:

On 18.07.2017 13:42, Michael Walle wrote:

Am 2017-07-18 08:09, schrieb Philippe Mathieu-Daudé:

Applied using the Coccinelle semantic patch
scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>


QEMU_IS_ALIGNED() sounds like it is used to check if a memory access is
aligned. Although it does the same, the line in question is used for
formatted output. I'm not sure if this macro should be used here.


+1

I think we should not replace every usage of % blindly. It does really
look wrong in this case here.


Dropped, will wear my glasses next time ;)

[Qemu-devel] [RFC PATCH 0/8] removal of tci (tcg interpreter)

[Philippe Mathieu-Daudé]

execute code outside RAM or ROM at 0xe59f5014
This usually means one of the following happened:

(1) You told QEMU to execute a kernel for the wrong machine type, and it 
crashed on startup (eg trying to run a raspberry pi kernel on a versatilepb 
QEMU machine)
(2) You didn't give QEMU a kernel or BIOS filename at all, and QEMU executed a 
ROM full of no-op instructions until it fell off the end
(3) Your guest kernel has a bug and crashed by jumping off into nowhere

This is almost always one of the first two, so check your command line and that 
you are using the right type of kernel for this machine.
If you think option (3) is likely then you can try debugging your guest with 
the -d debug options; in particular -d guest_errors will cause the log to 
include a dump of the guest register state at this point.

Execution cannot continue; stopping here.

qemu: fatal: Trying to execute code outside RAM or ROM at 0xe59f5014
R00=0031 R01=0308 R02= R03=e59f5014
R04= R05= R06= R07=
R08= R09= R10= R11=
R12= R13= R14=0308 R15=e59f5014
PSR=a1d3 N-C- A NS svc32
s00= s01= d00=
s02= s03= d01=
s04= s05= d02=
s06= s07= d03=
s08= s09= d04=
s10= s11= d05=
s12= s13= d06=
s14= s15= d07=
s16= s17= d08=
s18= s19= d09=
s20= s21= d10=
s22= s23= d11=
s24= s25= d12=
s26= s27= d13=
s28= s29= d14=
s30= s31= d15=
s32= s33= d16=
s34= s35= d17=
s36= s37= d18=
s38= s39= d19=
s40= s41= d20=
s42= s43= d21=
s44= s45= d22=
s46= s47= d23=
s48= s49= d24=
s50= s51= d25=
s52= s53= d26=
s54= s55= d27=
s56= s57= d28=
s58= s59= d29=
s60= s61= d30=
s62= s63= d31=
FPSCR: 

-

$ arm-softmmu/qemu-system-arm -machine raspi2 -cpu cortex-a7 -smp 4 -accel 
tcg,thread=multi -kernel kernel7.img
qemu-system-arm: Guest expects a stronger memory ordering than the host provides
This may cause strange/hard to debug errors
read access to unsupported AArch32 64 bit system register cp:13 opc1: 13 crm:0 
(non-secure)
qemu: fatal: Unhandled exception 0x0

R00=0002 R01=0308 R02= R03=0800
R04= R05= R06= R07=
R08= R09= R10= R11=
R12= R13= R14=0308 R15=0800
PSR=21d3 --C- A NS svc32
s00= s01= d00=
s02= s03= d01=
s04= s05= d02=
s06= s07= d03=
s08= s09= d04=
s10= s11= d05=
s12= s13= d06=
s14= s15= d07=
s16= s17= d08=
s18= s19= d09=
s20= s21= d10=
s22= s23= d11=
s24= s25= d12=
s26= s27= d13=
s28= s29= d14=
s30= s31= d15=
s32= s33= d16=
s34= s35= d17=
s36= s37= d18=
s38= s39= d19=
s40= s41= d20=
s42= s43= d21=
s44= s45= d22=
s46= s47= d23=
s48= s49= d24=
s50= s51= d25=
s52= s53= d26=
s54= s55= d27=
s56= s57= d28=
s58= s59= d29=
s60= s61= d30=
s62= s63= d31=0000
FPSCR: 0000

:)

Philippe Mathieu-Daudé (8):
  MAINTAINERS: update tcg entries
  MAINTAINERS: update kvm entries
  MAINTAINERS: update xen entries
  MAINTAINERS: update tci entry
  tcg/tc

[Qemu-devel] [PATCH 1/8] MAINTAINERS: update TCG entries

[Philippe Mathieu-Daudé]

moved in a9ded601..244f1441 to accel/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 839f7ca063..06006fc7df 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -84,14 +84,10 @@ M: Paolo Bonzini <pbonz...@redhat.com>
 M: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
 M: Richard Henderson <r...@twiddle.net>
 S: Maintained
-F: cpu-exec.c
-F: cpu-exec-common.c
 F: cpus.c
-F: cputlb.c
 F: exec.c
 F: softmmu_template.h
-F: translate-all.*
-F: translate-common.c
+F: accel/tcg/
 F: include/exec/cpu*.h
 F: include/exec/exec-all.h
 F: include/exec/helper*.h
-- 
2.13.1

[Qemu-devel] [PATCH 2/8] MAINTAINERS: update KVM entries

[Philippe Mathieu-Daudé]

moved in 92229a57 to accel/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 06006fc7df..86a08c5aac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -273,8 +273,8 @@ Overall
 M: Paolo Bonzini <pbonz...@redhat.com>
 L: k...@vger.kernel.org
 S: Supported
-F: kvm-*
 F: */kvm.*
+F: accel/kvm/
 F: include/sysemu/kvm*.h
 
 ARM
-- 
2.13.1

[Qemu-devel] [PATCH 6/8] tcg/tci: disable MTTCG if TCI is enabled

[Philippe Mathieu-Daudé]

TCI + MTTCG cause strange errors...

  $ arm-softmmu/qemu-system-arm -machine raspi2 -cpu cortex-a7 -smp 4 -accel 
tcg,thread=multi -kernel kernel7.img
  qemu-system-arm: Guest expects a stronger memory ordering than the host 
provides
  This may cause strange/hard to debug errors
  Segmentation fault (core dumped)

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 configure | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index c571ad14e5..510f443e06 100755
--- a/configure
+++ b/configure
@@ -6225,7 +6225,11 @@ fi
 if test "$target_softmmu" = "yes" ; then
   echo "CONFIG_SOFTMMU=y" >> $config_target_mak
   if test "$mttcg" = "yes" ; then
-echo "TARGET_SUPPORTS_MTTCG=y" >> $config_target_mak
+if test "$tcg_interpreter" = "yes" ; then
+echo "TCI enabled, disabling MTTCG"
+else
+echo "TARGET_SUPPORTS_MTTCG=y" >> $config_target_mak
+fi
   fi
 fi
 if test "$target_user_only" = "yes" ; then
-- 
2.13.1

[Qemu-devel] [RFC PATCH 7/8] tcg/tci: time to remove it :(

[Philippe Mathieu-Daudé]

"./configure --disable-tcg-interpreter" generates a warning:
  ./configure: --disable-tcg-interpreter is obsolete, Experimental TCG 
interpreter has been removed"

"./configure --enable-tcg-interpreter" generates an error:

  Experimental TCG interpreter has been removed


Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS  |7 -
 Makefile.target  |2 -
 configure|   32 +-
 disas.c  |5 +-
 disas/Makefile.objs  |4 -
 disas/tci.c  |   61 ---
 include/disas/bfd.h  |1 -
 include/exec/exec-all.h  |   16 +-
 tcg/tcg-common.c |4 -
 tcg/tcg.c|6 +-
 tcg/tci.c| 1250 --
 tcg/tci/README   |  130 -
 tcg/tci/tcg-target.h |  195 
 tcg/tci/tcg-target.inc.c |  897 -
 14 files changed, 14 insertions(+), 2596 deletions(-)
 delete mode 100644 disas/tci.c
 delete mode 100644 tcg/tci.c
 delete mode 100644 tcg/tci/README
 delete mode 100644 tcg/tci/tcg-target.h
 delete mode 100644 tcg/tci/tcg-target.inc.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 9bad523060..a6b94244c9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1650,13 +1650,6 @@ S: Odd Fixes
 F: tcg/sparc/
 F: disas/sparc.c
 
-TCI target
-M: Stefan Weil <s...@weilnetz.de>
-S: Maintained
-F: tcg/tci/
-F: tcg/tci.c
-F: disas/tci.c
-
 Block drivers
 -
 VMDK
diff --git a/Makefile.target b/Makefile.target
index 0066579090..63b6f98cc5 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -92,8 +92,6 @@ obj-y += exec.o
 obj-y += accel/
 obj-y += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
 obj-y += tcg/tcg-common.o tcg/tcg-runtime.o
-obj-$(CONFIG_TCG_INTERPRETER) += tcg/tci.o
-obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
 obj-y += fpu/softfloat.o
 obj-y += target/$(TARGET_BASE_ARCH)/
 obj-y += disas.o
diff --git a/configure b/configure
index 510f443e06..ed7e6a965c 100755
--- a/configure
+++ b/configure
@@ -236,7 +236,6 @@ debug_tcg="no"
 debug="no"
 fortify_source=""
 strip_opt="yes"
-tcg_interpreter="no"
 bigendian="no"
 mingw32="no"
 gcov="no"
@@ -560,7 +559,7 @@ case "$cpu" in
 supported_cpu="yes"
   ;;
   *)
-# This will result in either an error or falling back to TCI later
+# This will result in an error later
 ARCH=unknown
   ;;
 esac
@@ -953,9 +952,10 @@ for opt do
   ;;
   --enable-hax) hax="yes"
   ;;
-  --disable-tcg-interpreter) tcg_interpreter="no"
+  --disable-tcg-interpreter)
+  echo "$0: $opt is obsolete, Experimental TCG interpreter has been 
removed" >&2
   ;;
-  --enable-tcg-interpreter) tcg_interpreter="yes"
+  --enable-tcg-interpreter) error_exit "Experimental TCG interpreter has been 
removed"
   ;;
   --disable-cap-ng)  cap_ng="no"
   ;;
@@ -1258,8 +1258,7 @@ esac
 QEMU_CFLAGS="$CPU_CFLAGS $QEMU_CFLAGS"
 EXTRA_CFLAGS="$CPU_CFLAGS $EXTRA_CFLAGS"
 
-# For user-mode emulation the host arch has to be one we explicitly
-# support, even if we're using TCI.
+# For user-mode emulation the host arch has to be one we explicitly support
 if [ "$ARCH" = "unknown" ]; then
   bsd_user="no"
   linux_user="no"
@@ -1344,7 +1343,6 @@ Advanced options (experts only):
   --with-trace-file=NAME   Full PATH,NAME of file to store traces
Default:trace-
   --disable-slirp  disable SLIRP userspace network connectivity
-  --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI)
   --oss-libpath to OSS library
   --cpu=CPUBuild for host CPU [$cpu]
   --with-coroutine=BACKEND coroutine backend. Supported options:
@@ -1457,14 +1455,9 @@ fi
 # Suppress writing compiled files
 python="$python -B"
 
-# Now we have handled --enable-tcg-interpreter and know we're not just
-# printing the help message, bail out if the host CPU isn't supported.
+# Bail out if the host CPU isn't supported.
 if test "$ARCH" = "unknown"; then
-if test "$tcg_interpreter" = "yes" ; then
-echo "Unsupported CPU = $cpu, will use TCG with TCI (experimental)"
-else
-error_exit "Unsupported CPU = $cpu, try --enable-tcg-interpreter"
-fi
+error_exit "Unsupported CPU = $cpu"
 fi
 
 # Consult white-list to determine whether to enable werror
@@ -5175,7 +5168,6 @@ echo "Install blobs $blobs"
 echo "KVM support   $kvm"
 echo "HAX support   $hax"
 echo "RDMA support  $rdma"
-echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
 echo "preadv support$preadv"
 echo "fdatasync $

[Qemu-devel] [PATCH 3/8] MAINTAINERS: update Xen entry

[Philippe Mathieu-Daudé]

moved in 56e2cd24..28b99f47 to accel/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 86a08c5aac..530293044b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -323,7 +323,6 @@ M: Stefano Stabellini <sstabell...@kernel.org>
 M: Anthony Perard <anthony.per...@citrix.com>
 L: xen-de...@lists.xenproject.org
 S: Supported
-F: xen-*
 F: */xen*
 F: hw/9pfs/xen-9p-backend.c
 F: hw/char/xen_console.c
-- 
2.13.1

[Qemu-devel] [RFC PATCH 8/8] travis: remove tcg/tci job

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 .travis.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 27a2d9cfb3..d10ee5ed79 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -74,9 +74,6 @@ matrix:
 - env: CONFIG="--enable-gprof --enable-gcov --disable-pie"
   compiler: gcc
 # We manually include builds which we disable "make check" for
-- env: CONFIG="--enable-debug --enable-tcg-interpreter"
-   TEST_CMD=""
-  compiler: gcc
 - env: CONFIG="--enable-trace-backends=simple"
TEST_CMD=""
   compiler: gcc
-- 
2.13.1

[Qemu-devel] [PATCH 4/8] MAINTAINERS: update TCI entry

[Philippe Mathieu-Daudé]

moved in 244f1441 to tcg/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 530293044b..9bad523060 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1654,7 +1654,7 @@ TCI target
 M: Stefan Weil <s...@weilnetz.de>
 S: Maintained
 F: tcg/tci/
-F: tci.c
+F: tcg/tci.c
 F: disas/tci.c
 
 Block drivers
-- 
2.13.1

[Qemu-devel] [PATCH RESEND 5/8] tcg/tci: enable bswap16_i64

[Philippe Mathieu-Daudé]

remove some copy/paste leftover, code seems sane.

while running Alex Bennée's image aarch64-linux-3.15rc2-buildroot.img:

Trace 0x7fa1904b0890 [0: ffc00036cd04]

IN:
0xffc00036cd24:  5ac00694  rev16 w20, w20

OP:
  ffc00036cd24  
 ext32u_i64 tmp3,x20
 ext16u_i64 tmp2,tmp3
 bswap16_i64 x20,tmp2
 movi_i64 tmp4,$0x10
 shr_i64 tmp2,tmp3,tmp4
 ext16u_i64 tmp2,tmp2
 bswap16_i64 tmp2,tmp2
 deposit_i64 x20,x20,tmp2,$0x10,$0x10

Linking TBs 0x7fa1904b0890 [ffc00036cd04] index 0 -> 0x7fa1904b0aa0 
[ffc00036cd24]
Trace 0x7fa1904b0aa0 [0: ffc00036cd24]
TODO qemu/tci.c:1049: tcg_qemu_tb_exec()
qemu/tci.c:1049: tcg fatal error
Aborted

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 tcg/tci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tcg/tci.c b/tcg/tci.c
index 4bdc645f2a..f39bfb95c0 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -1046,7 +1046,6 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t 
*tb_ptr)
 break;
 #if TCG_TARGET_HAS_bswap16_i64
 case INDEX_op_bswap16_i64:
-TODO();
 t0 = *tb_ptr++;
 t1 = tci_read_r16(_ptr);
 tci_write_reg64(t0, bswap16(t1));
-- 
2.13.1

Re: [Qemu-devel] [PATCH] softfloat: define floatx80_default_inf

[Philippe Mathieu-Daudé]

On Thu, Jun 29, 2017 at 4:04 PM, Laurent Vivier <laur...@vivier.eu> wrote:
> Signed-off-by: Laurent Vivier <laur...@vivier.eu>

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>

> ---
>  fpu/softfloat-specialize.h | 10 ++
>  fpu/softfloat.c| 38 ++
>  include/fpu/softfloat.h|  8 +++-
>  3 files changed, 43 insertions(+), 13 deletions(-)
>
> diff --git a/fpu/softfloat-specialize.h b/fpu/softfloat-specialize.h
> index de2c5d5..139b197 100644
> --- a/fpu/softfloat-specialize.h
> +++ b/fpu/softfloat-specialize.h
> @@ -178,6 +178,16 @@ floatx80 floatx80_default_nan(float_status *status)
>  }
>
>  
> /*
> +| The pattern for a default generated extended double-precision inf.
> +**/
> +
> +#define floatx80_default_inf_high 0x7FFF
> +#define floatx80_default_inf_low  LIT64(0x8000)
> +
> +const floatx80 floatx80_default_inf
> += make_floatx80_init(floatx80_default_inf_high, 
> floatx80_default_inf_low);
> +
> +/*
>  | The pattern for a default generated quadruple-precision NaN.
>  
> **/
>  float128 float128_default_nan(float_status *status)
> diff --git a/fpu/softfloat.c b/fpu/softfloat.c
> index 7af14e2..67f1dd9 100644
> --- a/fpu/softfloat.c
> +++ b/fpu/softfloat.c
> @@ -913,7 +913,9 @@ static floatx80 roundAndPackFloatx80(int8_t 
> roundingPrecision, flag zSign,
> ) {
>  return packFloatx80( zSign, 0x7FFE, ~ roundMask );
>  }
> -return packFloatx80( zSign, 0x7FFF, LIT64( 0x8000 ) 
> );
> +return packFloatx80(zSign,
> +floatx80_default_inf_high,
> +floatx80_default_inf_low);
>  }
>  if ( zExp <= 0 ) {
>  isTiny =
> @@ -1885,7 +1887,9 @@ floatx80 float32_to_floatx80(float32 a, float_status 
> *status)
>  if (aSig) {
>  return commonNaNToFloatx80(float32ToCommonNaN(a, status), 
> status);
>  }
> -return packFloatx80( aSign, 0x7FFF, LIT64( 0x8000 ) );
> +return packFloatx80(aSign,
> +floatx80_default_inf_high,
> +floatx80_default_inf_low);
>  }
>  if ( aExp == 0 ) {
>  if ( aSig == 0 ) return packFloatx80( aSign, 0, 0 );
> @@ -3666,7 +3670,9 @@ floatx80 float64_to_floatx80(float64 a, float_status 
> *status)
>  if (aSig) {
>  return commonNaNToFloatx80(float64ToCommonNaN(a, status), 
> status);
>  }
> -return packFloatx80( aSign, 0x7FFF, LIT64( 0x8000 ) );
> +return packFloatx80(aSign,
> +floatx80_default_inf_high,
> +floatx80_default_inf_low);
>  }
>  if ( aExp == 0 ) {
>  if ( aSig == 0 ) return packFloatx80( aSign, 0, 0 );
> @@ -4927,8 +4933,8 @@ int64_t floatx80_to_int64(floatx80 a, float_status 
> *status)
>  if ( shiftCount ) {
>  float_raise(float_flag_invalid, status);
>  if (! aSign
> - || (( aExp == 0x7FFF )
> -  && ( aSig != LIT64( 0x8000 ) ) )
> + || ((aExp == floatx80_default_inf_high)
> + && (aSig != floatx80_default_inf_low))
> ) {
>  return LIT64( 0x7FFF );
>  }
> @@ -5219,7 +5225,9 @@ static floatx80 addFloatx80Sigs(floatx80 a, floatx80 b, 
> flag zSign,
>  if ((uint64_t)(bSig << 1)) {
>  return propagateFloatx80NaN(a, b, status);
>  }
> -return packFloatx80( zSign, 0x7FFF, LIT64( 0x8000 ) 
> );
> +return packFloatx80(zSign,
> +floatx80_default_inf_high,
> +floatx80_default_inf_low);
>  }
>  if ( aExp == 0 ) ++expDiff;
>  shift64ExtraRightJamming( aSig, 0, - expDiff, ,  );
> @@ -5294,7 +5302,8 @@ static floatx80 subFloatx80Sigs(floatx80 a, floatx80 b, 
> flag zSign,
>  if ((uint64_t)(bSig << 1)) {
>  return propagateFloatx80NaN(a, b, status);
>  }
> -return packFloatx80( zSign ^ 1, 0x7FFF, LIT64( 0x8000 ) 
> );
> +   

Re: [Qemu-devel] [PATCH v1 1/3] util/aio-win32: Only select on what we are actually waiting for

[Philippe Mathieu-Daudé]

On 06/29/2017 02:16 PM, Alistair Francis wrote:

Signed-off-by: Alistair Francis <alistair.fran...@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.igles...@xilinx.com>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
Changes since RFC:
  - Include more bitmasks for the select call

  util/aio-win32.c | 13 ++---
  1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/util/aio-win32.c b/util/aio-win32.c
index bca496a47a..d6d5e02f00 100644
--- a/util/aio-win32.c
+++ b/util/aio-win32.c
@@ -71,6 +71,7 @@ void aio_set_fd_handler(AioContext *ctx,
  }
  } else {
  HANDLE event;
+long bitmask = 0;
  
  if (node == NULL) {

  /* Alloc and insert if it's not already there */
@@ -95,10 +96,16 @@ void aio_set_fd_handler(AioContext *ctx,
  node->io_write = io_write;
  node->is_external = is_external;
  
+if (io_read) {

+bitmask |= FD_READ | FD_ACCEPT | FD_CLOSE;
+}
+
+if (io_write) {
+bitmask |= FD_WRITE | FD_CONNECT;
+}
+
  event = event_notifier_get_handle(>notifier);
-WSAEventSelect(node->pfd.fd, event,
-   FD_READ | FD_ACCEPT | FD_CLOSE |
-   FD_CONNECT | FD_WRITE | FD_OOB);
+WSAEventSelect(node->pfd.fd, event, bitmask);
  }
  
  qemu_lockcnt_unlock(>list_lock);

[Qemu-devel] disas: Disassembler disagrees with translator over instruction decoding

[Philippe Mathieu-Daudé]

I got this "Disassembler disagrees with translator over instruction 
decoding" message asking to get reported here.


What happens here is coreboot incorrectly emits a Pentium2 instruction 
while I'm running qemu with a Pentium cpu. I didn't know what to expect 
but got this error message, then qemu keep looping using 100% cpu.


--

Use coreboot commit 08bb837268fb6d5ce84d07c8d9fe0ef4d56ac479, build 
default config which is QEMU:


coreboot$ make
...
CBFS   coreboot.rom
Built emulation/qemu-i440fx (QEMU x86 i440fx/piix4)

Run this BIOS with a Pentium cpu, enabling in_asm debugging:

coreboot$ qemu-system-i386 -nographic \
-cpu pentium -d in_asm,cpu_reset \
-bios build/coreboot.rom
[...]

IN:
0xfffc1728:  push   %ebx
0xfffc1729:  sub$0x8,%esp
0xfffc172c:  cmpl   $0x0,0xd0d00
0xfffc1733:  mov0x10(%esp),%ebx
0xfffc1737:  je 0xfffc1785


IN:
0xfffc1785:  add$0x8,%esp
0xfffc1788:  mov%ebx,%eax
0xfffc178a:  pop%ebx
0xfffc178b:  ret


IN:
0xfffc1c08:  mov%ebx,(%eax)
0xfffc1c0a:  add$0x10,%esp
0xfffc1c0d:  add$0x8,%esp
0xfffc1c10:  pop%ebx
0xfffc1c11:  ret


IN:
0xfffc0e88:  call   0xfffc17dc


IN:
0xfffc17dc:  sub$0x28,%esp
0xfffc17df:  mov$0x402,%edx
0xfffc17e4:  in (%dx),%al
0xfffc17e5:  mov%al,0x1b(%esp)
0xfffc17e9:  push   $0xd0d04
0xfffc17ee:  call   0xfffc1728


IN:
0xfffc17f3:  add$0x10,%esp
0xfffc17f6:  xor%edx,%edx
0xfffc17f8:  cmpb   $0xe9,0xf(%esp)
0xfffc17fd:  sete   %dl
0xfffc1800:  mov%edx,(%eax)
0xfffc1802:  mov$0xfffc365f,%edx
0xfffc1807:  mov$0xfffc3656,%eax
0xfffc180c:  push   $0x402
0xfffc1811:  cmovne %edx,%eax
Disassembler disagrees with translator over instruction decoding
Please report this to qemu-devel@nongnu.org

Triple fault
CPU Reset (CPU 0)
EAX=fffc3656 EBX= ECX= EDX=fffc365f
ESI=fe52 EDI=fffc01e4 EBP=000a ESP=0009ff98
EIP=fffc1811 EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010   00cf9300 DPL=0 DS   [-WA]
CS =0008   00cf9b00 DPL=0 CS32 [-RA]
SS =0010   00cf9300 DPL=0 DS   [-WA]
DS =0010   00cf9300 DPL=0 DS   [-WA]
FS =0010   00cf9300 DPL=0 DS   [-WA]
GS =0010   00cf9300 DPL=0 DS   [-WA]
LDT=   8200 DPL=0 LDT
TR =   8b00 DPL=0 TSS32-busy
GDT= fffc0200 001f
IDT=  
CR0=6011 CR2= CR3= CR4=
DR0= DR1= DR2= 
DR3=

DR6=0ff0 DR7=0400
CCS=00e9 CCD=0016 CCO=SUBB
EFER=
FCW=037f FSW= [ST=0] FTW=00 MXCSR=1f80
FPR0=  FPR1= 
FPR2=  FPR3= 
FPR4=  FPR5= 
FPR6=  FPR7= 
XMM00= 
XMM01=
XMM02= 
XMM03=
XMM04= 
XMM05=
XMM06= 
XMM07=


IN:
0xfffc1bf0:  cmp$0x1000,%eax
0xfffc1bf5:  ja 0xfffc1c12


IN:
0xfffc1bf7:  cmp%edx,%eax
0xfffc1bf9:  jne0xfffc1c12

QEMU 2.8.1 monitor - type 'help' for more information
(qemu) q

also same with today's master 454d7dc9bc13e46084e0612076e6952c40f4afeb:

QEMU 2.9.50 monitor - type 'help' for more information
(qemu) q

in disas.c:

254 if (count < 0)
255 break;
256 if (size < count) {
257 fprintf(out,
258 "Disassembler disagrees with translator over 
instruction "

259 "decoding\n"
260 "Please report this to qemu-devel@nongnu.org\n");
261 break;
262 }
263 }

This was added in commit 754d00ae3a1bfabb6069b59f72cdec1dee99ea0b from 
2009 with svn message:


"Safety net for the cases where disassembler/translator disagree over 
instruction decoding"


Regards,

Phil.

[Qemu-devel] [PATCH v2 2/5] MAINTAINERS: update KVM entries

[Philippe Mathieu-Daudé]

moved in 92229a57 to accel/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 06006fc7df..86a08c5aac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -273,8 +273,8 @@ Overall
 M: Paolo Bonzini <pbonz...@redhat.com>
 L: k...@vger.kernel.org
 S: Supported
-F: kvm-*
 F: */kvm.*
+F: accel/kvm/
 F: include/sysemu/kvm*.h
 
 ARM
-- 
2.13.1

[Qemu-devel] [PATCH v2 3/5] MAINTAINERS: update Xen entries

[Philippe Mathieu-Daudé]

moved in 56e2cd24..28b99f47 to hw/xen/ and hw/i386/xen/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Acked-by: Anthony PERARD <anthony.per...@citrix.com>
---
 MAINTAINERS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 86a08c5aac..530293044b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -323,7 +323,6 @@ M: Stefano Stabellini <sstabell...@kernel.org>
 M: Anthony Perard <anthony.per...@citrix.com>
 L: xen-de...@lists.xenproject.org
 S: Supported
-F: xen-*
 F: */xen*
 F: hw/9pfs/xen-9p-backend.c
 F: hw/char/xen_console.c
-- 
2.13.1

[Qemu-devel] [PATCH v2 1/5] MAINTAINERS: update TCG entries

[Philippe Mathieu-Daudé]

moved in a9ded601..244f1441 to accel/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 839f7ca063..06006fc7df 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -84,14 +84,10 @@ M: Paolo Bonzini <pbonz...@redhat.com>
 M: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
 M: Richard Henderson <r...@twiddle.net>
 S: Maintained
-F: cpu-exec.c
-F: cpu-exec-common.c
 F: cpus.c
-F: cputlb.c
 F: exec.c
 F: softmmu_template.h
-F: translate-all.*
-F: translate-common.c
+F: accel/tcg/
 F: include/exec/cpu*.h
 F: include/exec/exec-all.h
 F: include/exec/helper*.h
-- 
2.13.1

[Qemu-devel] [PATCH v2 0/5] MAINTAINERS: update TCG/KVM/Xen/TCI/Unimplemented device

[Philippe Mathieu-Daudé]

As requested by Thomas Huth, I separated these patches from my previous series
"removal of tci (tcg interpreter)".

TCG/KVM/Xen/TCI related files were moved in commits a9ded601..244f1441, update
MAINTAINERS to match the new paths.

Also add an entry for the "Unimplemented" device and voluntary myself as
reviewer.

Regards,

Phil.

v2:
- fix inaccurate Xen commit message (review feedback from Anthony PERARD)
- add "Unimplemented" device

v1:
- update TCG/KVM/Xen/TCI entries

Philippe Mathieu-Daudé (5):
  MAINTAINERS: update TCG entries
  MAINTAINERS: update KVM entries
  MAINTAINERS: update Xen entries
  MAINTAINERS: update TCI entry
  MAINTAINERS: add entry for "Unimplemented" device

 MAINTAINERS | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

-- 
2.13.1

Re: [Qemu-devel] [Qemu-trivial] [PATCH] backends: remove empty trace-events file

[Philippe Mathieu-Daudé]

On 06/29/2017 01:20 PM, Daniel P. Berrange wrote:

The content of the backends/trace-events file was entirely
removed in

   commit 6b10e573d15ef82dbc5c5b3726028e6642e134f6
   Author: Marc-André Lureau <marcandre.lur...@redhat.com>
   Date:   Mon May 29 12:39:42 2017 +0400

 char: move char devices to chardev/

Leaving the empty file around, causes tracetool to generate
an empty .dtrace file which makes the dtrace compiler throw
a syntax error.

Signed-off-by: Daniel P. Berrange <berra...@redhat.com>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
  Makefile.objs | 1 -
  backends/trace-events | 0
  2 files changed, 1 deletion(-)
  delete mode 100644 backends/trace-events

diff --git a/Makefile.objs b/Makefile.objs
index b2e6322..8004d6d 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -122,7 +122,6 @@ trace-events-subdirs += crypto
  trace-events-subdirs += io
  trace-events-subdirs += migration
  trace-events-subdirs += block
-trace-events-subdirs += backends
  trace-events-subdirs += chardev
  trace-events-subdirs += hw/block
  trace-events-subdirs += hw/block/dataplane
diff --git a/backends/trace-events b/backends/trace-events
deleted file mode 100644
index e69de29..000

[Qemu-devel] [PATCH v3] hw/unimp: add missing include

[Philippe Mathieu-Daudé]

inlined create_unimplemented_device() calls sysbus_mmio_map_overlap().

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Eric Blake <ebl...@redhat.com>
---

This is a patch from my previous series "various easy cleanups".

v3:
- Add Eric Blake R-b

v2:
- Address review feedback from Eric Blake

v1:
- Add missing include.

 include/hw/misc/unimp.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/hw/misc/unimp.h b/include/hw/misc/unimp.h
index 3462d85836..52e068ec3e 100644
--- a/include/hw/misc/unimp.h
+++ b/include/hw/misc/unimp.h
@@ -8,6 +8,8 @@
 #ifndef HW_MISC_UNIMP_H
 #define HW_MISC_UNIMP_H
 
+#include "hw/sysbus.h"
+
 #define TYPE_UNIMPLEMENTED_DEVICE "unimplemented-device"
 
 /**
-- 
2.13.1

Re: [Qemu-devel] [RFC PATCH 0/8] removal of tci (tcg interpreter)

[Philippe Mathieu-Daudé]

On 06/29/2017 05:46 AM, Thomas Huth wrote:>> I figured out MAINTAINERS 
was unsync, so added patches 1-4, they are not really

tci-related.


Since they are not related to TCI at all, please submit these as
separate series.


Ok.


Patches 5,6 are trivial fixes to let the codebase quite sane if there is future
need to revert/reimport tci.


I think this should go into 2.10...


Ok I will resend separately.


Patches 7,8 are the removal, marked RFC... let's debate!


... but NACK for a direct removal. Common sense is to make obsolete
features as deprecated first and then wait for 2 public releases before
the final removal, so that users still have a chance to speak up in case
they still need the feature and are willing to maintain it.

Please see the following URL for details (and please also add an entry
for TCI in the Miscellaneous section there):

   http://wiki.qemu.org/Features/LegacyRemoval


Ok I'll follow the procedure and see how to modify the ./configure (with 
Daniel comment), also update the wiki accordingly.


Regards,

Phil.

[Qemu-devel] [PATCH v2 4/5] MAINTAINERS: update TCI entry

[Philippe Mathieu-Daudé]

moved in 244f1441 to tcg/

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 530293044b..9bad523060 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1654,7 +1654,7 @@ TCI target
 M: Stefan Weil <s...@weilnetz.de>
 S: Maintained
 F: tcg/tci/
-F: tci.c
+F: tcg/tci.c
 F: disas/tci.c
 
 Block drivers
-- 
2.13.1

[Qemu-devel] [PATCH v2 5/5] MAINTAINERS: add entry for "Unimplemented" device

[Philippe Mathieu-Daudé]

Also voluntary myself as reviewer

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 MAINTAINERS | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 9bad523060..890c25f0a1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1155,6 +1155,13 @@ F: docs/specs/vmgenid.txt
 F: tests/vmgenid-test.c
 F: stubs/vmgenid.c
 
+Unimplemented device
+M: Peter Maydell <peter.mayd...@linaro.org>
+R: Philippe Mathieu-Daudé <f4...@amsat.org>
+S: Maintained
+F: include/hw/misc/unimp.h
+F: hw/misc/unimp.c
+
 Subsystems
 --
 Audio
-- 
2.13.1

Re: [Qemu-devel] [RFC PATCH 0/8] removal of tci (tcg interpreter)

[Philippe Mathieu-Daudé]

On 06/29/2017 12:47 PM, Paolo Bonzini wrote:

On 29/06/2017 17:46, Thomas Huth wrote:

TCI is enabled only with a specific configure argument if your machine
is not supported by TCG.  This would break _build_ configurations, not
user configurations.  It's a remote possibility that users are building
their own QEMU, with TCI enabled, to work around a TCG bug.  So we can
be more speedy in removing the code.

You never know ... it's unlikely, but there might be people around who
run configure with "--enable-tcg-interpreter" on purpose.


And they have never reported a bug? :)  But I agree it's not a big deal.
  Richard should decide.

Paolo


And why the
hurry for removing this? It's been around in the current shape since
years, so waiting for two more releases does not hurt, does it?


It is unlikely someone is using it for ARM aarch64 (see patch 5).

MTTCG was not in 2.9 but is now enabled by default on alpha/arm* since 
February 2017 and on ppc64 since April 2017. Looking at the 6 different 
bugs I show in the cover, I'm pretty sure no active developer but me 
keep trying to use tci :p


Phil.

Re: [Qemu-devel] [PATCH RESEND 5/8] tcg/tci: enable bswap16_i64

[Philippe Mathieu-Daudé]

On 06/29/2017 01:29 PM, Eric Blake wrote:

On 06/28/2017 08:02 PM, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>


Double-sob seems odd.



eh you never know... I need to improve my mailing skills :|


---
  tcg/tci.c | 1 -
  1 file changed, 1 deletion(-)



Otherwise,
Reviewed-by: Eric Blake <ebl...@redhat.com>


Thanks.

Re: [Qemu-devel] [PATCH RESEND 5/8] tcg/tci: enable bswap16_i64

[Philippe Mathieu-Daudé]

On 06/29/2017 01:52 PM, Stefan Weil wrote:

Am 29.06.2017 um 18:29 schrieb Eric Blake:

On 06/28/2017 08:02 PM, Philippe Mathieu-Daudé wrote:

remove some copy/paste leftover, code seems sane.





Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>


Double-sob seems odd.


Maybe that double SOB can be cleaned by qemu-trivial (cc'ed).




---
  tcg/tci.c | 1 -
  1 file changed, 1 deletion(-)



Otherwise,
Reviewed-by: Eric Blake <ebl...@redhat.com>



Note from the author: it's not a copy/paste leftover, but was
there on purpose: that code part was simply never executed
before, and I only removed the TODO() statements from tested
code.


I'll reword the commit message in my tci-fixes-for-2.10-v2 series.


So you are the first one who found a test case. Congratulations.


Oh nice :)


Reviewed-by: Stefan Weil <s...@weilnetz.de>


Thank.

Re: [Qemu-devel] [PULL 04/14] migration: let MigrationState be a qdev

[Philippe Mathieu-Daudé]

Hi Peter, Juan,

On 06/28/2017 08:30 AM, Juan Quintela wrote:

From: Peter Xu 

Let the old man "MigrationState" join the object family. Direct benefit
is that we can start to use all the property features derived from
current QDev, like: HW_COMPAT_* bits, command line setup for migration
parameters (so will never need to set them up each time using HMP/QMP,
this is really, really attractive for test writters), etc.

I see no reason to disallow this happen yet. So let's start from this
one, to see whether it would be anything good.

Now we init the MigrationState struct statically in main() to make sure
it's initialized after global properties are applied, since we'll use
them during creation of the object.

No functional change at all.

Reviewed-by: Juan Quintela 
Signed-off-by: Peter Xu 
Message-Id: <1498536619-14548-5-git-send-email-pet...@redhat.com>
Reviewed-by: Eduardo Habkost 
Signed-off-by: Juan Quintela 
---
  include/migration/misc.h |  1 +
  migration/migration.c| 78 ++--
  migration/migration.h| 19 
  vl.c |  6 
  4 files changed, 81 insertions(+), 23 deletions(-)

diff --git a/include/migration/misc.h b/include/migration/misc.h
index 65c7070..2d36cf5 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
@@ -45,6 +45,7 @@ void savevm_skip_section_footers(void);
  void savevm_skip_configuration(void);
  
  /* migration/migration.c */

+void migration_object_init(void);
  void qemu_start_incoming_migration(const char *uri, Error **errp);
  bool migration_is_idle(void);
  void add_migration_state_change_notifier(Notifier *notify);
diff --git a/migration/migration.c b/migration/migration.c
index f588329..2c25927 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -98,32 +98,21 @@ enum mig_rp_message_type {
 migrations at once.  For now we don't need to add
 dynamic creation of migration */
  
+static MigrationState *current_migration;

+
+void migration_object_init(void)
+{
+/* This can only be called once. */
+assert(!current_migration);
+current_migration = MIGRATION_OBJ(object_new(TYPE_MIGRATION));
+}
+
  /* For outgoing */
  MigrationState *migrate_get_current(void)
  {
-static bool once;
-static MigrationState current_migration = {
-.state = MIGRATION_STATUS_NONE,
-.xbzrle_cache_size = DEFAULT_MIGRATE_CACHE_SIZE,
-.mbps = -1,
-.parameters = {
-.compress_level = DEFAULT_MIGRATE_COMPRESS_LEVEL,
-.compress_threads = DEFAULT_MIGRATE_COMPRESS_THREAD_COUNT,
-.decompress_threads = DEFAULT_MIGRATE_DECOMPRESS_THREAD_COUNT,
-.cpu_throttle_initial = DEFAULT_MIGRATE_CPU_THROTTLE_INITIAL,
-.cpu_throttle_increment = DEFAULT_MIGRATE_CPU_THROTTLE_INCREMENT,
-.max_bandwidth = MAX_THROTTLE,
-.downtime_limit = DEFAULT_MIGRATE_SET_DOWNTIME,
-.x_checkpoint_delay = DEFAULT_MIGRATE_X_CHECKPOINT_DELAY,
-},
-};
-
-if (!once) {
-current_migration.parameters.tls_creds = g_strdup("");
-current_migration.parameters.tls_hostname = g_strdup("");
-once = true;
-}
-return _migration;
+/* This can only be called after the object created. */
+assert(current_migration);


This this pull I'v been unable to run qemu:

qemu-system-arm: migration/migration.c:127: migrate_get_current: 
Assertion `current_migration' failed.


I'v bisected to this commit using the following script:

#! /usr/bin/env bash
test -f test.qcow2 || qemu-img create -f qcow test.qcow2 1G
make -C build/system-arm subdir-arm-softmmu -j4 || exit 125
echo q | build/system-arm/arm-softmmu/qemu-system-arm -M virt \
  -drive if=none,file=test.qcow2,format=qcow,id=hd \
  -device virtio-blk-device,drive=hd \
  -nographic -serial null -monitor stdio
test $? -eq 0 || exit 1

Regards,

Phil.


+return current_migration;
  }
  
  MigrationIncomingState *migration_incoming_get_current(void)

@@ -1987,3 +1976,46 @@ void migrate_fd_connect(MigrationState *s)
  s->migration_thread_running = true;
  }
  
+static void migration_class_init(ObjectClass *klass, void *data)

+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->user_creatable = false;
+}
+
+static void migration_instance_init(Object *obj)
+{
+MigrationState *ms = MIGRATION_OBJ(obj);
+
+ms->state = MIGRATION_STATUS_NONE;
+ms->xbzrle_cache_size = DEFAULT_MIGRATE_CACHE_SIZE;
+ms->mbps = -1;
+ms->parameters = (MigrationParameters) {
+.compress_level = DEFAULT_MIGRATE_COMPRESS_LEVEL,
+.compress_threads = DEFAULT_MIGRATE_COMPRESS_THREAD_COUNT,
+.decompress_threads = DEFAULT_MIGRATE_DECOMPRESS_THREAD_COUNT,
+.cpu_throttle_initial = DEFAULT_MIGRATE_CPU_THROTTLE_INITIAL,
+.cpu_throttle_increment = 

Re: [Qemu-devel] [PATCH] include/hw/ptimer.h: Add documentation comments

[Philippe Mathieu-Daudé]

On Mon, Jul 3, 2017 at 12:13 PM, Peter Maydell <peter.mayd...@linaro.org> wrote:
> Add documentation comments describing the public API of the
> ptimer countdown timer.
>
> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>

> ---
> I was trying to write a timer device and discovered that the ptimer
> API wasn't actually documented, so I wrote some basic notes for it...

I used to believe this file had no comments on purpose, feeling hazed
after reading "only the source code tells the full story" from the
GettingStartedDevelopers wiki entry.

/me gives Peter a big hug!

>
>  include/hw/ptimer.h | 120 
> 
>  1 file changed, 120 insertions(+)
>
> diff --git a/include/hw/ptimer.h b/include/hw/ptimer.h
> index eafc3f0..fc4ef5c 100644
> --- a/include/hw/ptimer.h
> +++ b/include/hw/ptimer.h
> @@ -12,6 +12,20 @@
>  #include "qemu/timer.h"
>  #include "migration/vmstate.h"
>
> +/* The ptimer API implements a simple periodic countdown timer.
> + * The countdown timer has a value (which can be read and written via
> + * ptimer_get_count() and ptimer_set_count()). When it is enabled
> + * using ptimer_run(), the value will count downwards at the frequency
> + * which has been configured using ptimer_set_period() or ptimer_set_freq().
> + * When it reaches zero it will trigger a QEMU bottom half handler, and
> + * can be set to either reload itself from a specified limit value
> + * and keep counting down, or to stop (as a one-shot timer).
> + *
> + * Forgetting to set the period/frequency (or setting it to zero) is a
> + * bug in the QEMU device and will cause warning messages to be printed
> + * to stderr when the guest attempts to enable the timer.
> + */
> +
>  /* The default ptimer policy retains backward compatibility with the legacy
>   * timers. Custom policies are adjusting the default one. Consider providing
>   * a correct policy for your timer.
> @@ -59,15 +73,121 @@
>  typedef struct ptimer_state ptimer_state;
>  typedef void (*ptimer_cb)(void *opaque);
>
> +/**
> + * ptimer_init - Allocate and return a new ptimer
> + * @bh: QEMU bottom half which is run on timer expiry
> + * @policy: PTIMER_POLICY_* bits specifying behaviour
> + *
> + * The ptimer returned must be freed using ptimer_free().
> + * The ptimer takes ownership of @bh and will delete it
> + * when the ptimer is eventually freed.
> + */
>  ptimer_state *ptimer_init(QEMUBH *bh, uint8_t policy_mask);
> +
> +/**
> + * ptimer_free - Free a ptimer
> + * @s: timer to free
> + *
> + * Free a ptimer created using ptimer_init() (including
> + * deleting the bottom half which it is using).
> + */
>  void ptimer_free(ptimer_state *s);
> +
> +/**
> + * ptimer_set_period - Set counter increment interval in nanoseconds
> + * @s: ptimer to configure
> + * @period: period of the counter in nanoseconds
> + *
> + * Note that if your counter behaviour is specified as having a
> + * particular frequency rather than a period then ptimer_set_freq()
> + * may be more appropriate.
> + */
>  void ptimer_set_period(ptimer_state *s, int64_t period);

I like to use explicit unit in variable name, i.e. period_ns.

> +
> +/**
> + * ptimer_set_freq - Set counter frequency in Hz
> + * @s: ptimer to configure
> + * @freq: counter frequency in Hz
> + *
> + * This does the same thing as ptimer_set_period(), so you only
> + * need to call one of them. If the counter behaviour is specified
> + * as setting the frequency then this function is more appropriate,
> + * because it allows specifying an effective period which is
> + * precise to fractions of a nanosecond, avoiding rounding errors.
> + */
>  void ptimer_set_freq(ptimer_state *s, uint32_t freq);
> +
> +/**
> + * ptimer_get_limit - Get the configured limit of the ptimer
> + * @s: ptimer to query
> + *
> + * This function returns the current limit (reload) value
> + * of the down-counter; that is, the value which it will be
> + * reset to when it hits zero.
> + *
> + * Generally timer devices using ptimers should be able to keep
> + * their reload register state inside the ptimer using the get
> + * and set limit functions rather than needing to also track it
> + * in their own state structure.
> + */
>  uint64_t ptimer_get_limit(ptimer_state *s);
> +
> +/**
> + * ptimer_set_limit - Set the limit of the ptimer
> + * @s: ptimer
> + * @limit: initial countdown value
> + * @reload: if nonzero, then reset the counter to the new limit
> + *
> + * Set the limit value of the down-counter. The @reload flag can
> + * be used to emulate the behavi

Re: [Qemu-devel] [PATCH] qemu-thread: Assert locks are initialized before using

[Philippe Mathieu-Daudé]

On Tue, Jul 4, 2017 at 9:23 AM, Fam Zheng <f...@redhat.com> wrote:
> Not all platforms check whether a lock is initialized before used.  In
> particular Linux seems to be more permissive than OSX.
>
> Check initialization state explicitly in our code to catch such bugs
> earlier.
>
> Signed-off-by: Fam Zheng <f...@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>

> ---
>  include/qemu/thread-posix.h |  4 
>  include/qemu/thread-win32.h |  5 +
>  util/qemu-thread-posix.c| 27 +++
>  util/qemu-thread-win32.c| 34 +-
>  4 files changed, 69 insertions(+), 1 deletion(-)
>
> diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
> index 09d1e15..e5e3a0f 100644
> --- a/include/qemu/thread-posix.h
> +++ b/include/qemu/thread-posix.h
> @@ -12,10 +12,12 @@ typedef QemuMutex QemuRecMutex;
>
>  struct QemuMutex {
>  pthread_mutex_t lock;
> +bool initialized;
>  };
>
>  struct QemuCond {
>  pthread_cond_t cond;
> +bool initialized;
>  };
>
>  struct QemuSemaphore {
> @@ -26,6 +28,7 @@ struct QemuSemaphore {
>  #else
>  sem_t sem;
>  #endif
> +bool initialized;
>  };
>
>  struct QemuEvent {
> @@ -34,6 +37,7 @@ struct QemuEvent {
>  pthread_cond_t cond;
>  #endif
>  unsigned value;
> +bool initialized;
>  };
>
>  struct QemuThread {
> diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
> index 4c4a261..3a05e3b 100644
> --- a/include/qemu/thread-win32.h
> +++ b/include/qemu/thread-win32.h
> @@ -5,11 +5,13 @@
>
>  struct QemuMutex {
>  SRWLOCK lock;
> +bool initialized;
>  };
>
>  typedef struct QemuRecMutex QemuRecMutex;
>  struct QemuRecMutex {
>  CRITICAL_SECTION lock;
> +bool initialized;
>  };
>
>  void qemu_rec_mutex_destroy(QemuRecMutex *mutex);
> @@ -19,15 +21,18 @@ void qemu_rec_mutex_unlock(QemuRecMutex *mutex);
>
>  struct QemuCond {
>  CONDITION_VARIABLE var;
> +bool initialized;
>  };
>
>  struct QemuSemaphore {
>  HANDLE sema;
> +bool initialized;
>  };
>
>  struct QemuEvent {
>  int value;
>  HANDLE event;
> +bool initialized;
>  };
>
>  typedef struct QemuThreadData QemuThreadData;
> diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
> index eacd99e..4e95d27 100644
> --- a/util/qemu-thread-posix.c
> +++ b/util/qemu-thread-posix.c
> @@ -43,12 +43,15 @@ void qemu_mutex_init(QemuMutex *mutex)
>  err = pthread_mutex_init(>lock, NULL);
>  if (err)
>  error_exit(err, __func__);
> +mutex->initialized = true;
>  }
>
>  void qemu_mutex_destroy(QemuMutex *mutex)
>  {
>  int err;
>
> +assert(mutex->initialized);
> +mutex->initialized = false;
>  err = pthread_mutex_destroy(>lock);
>  if (err)
>  error_exit(err, __func__);
> @@ -58,6 +61,7 @@ void qemu_mutex_lock(QemuMutex *mutex)
>  {
>  int err;
>
> +assert(mutex->initialized);
>  err = pthread_mutex_lock(>lock);
>  if (err)
>  error_exit(err, __func__);
> @@ -69,6 +73,7 @@ int qemu_mutex_trylock(QemuMutex *mutex)
>  {
>  int err;
>
> +assert(mutex->initialized);
>  err = pthread_mutex_trylock(>lock);
>  if (err == 0) {
>  trace_qemu_mutex_locked(mutex);
> @@ -84,6 +89,7 @@ void qemu_mutex_unlock(QemuMutex *mutex)
>  {
>  int err;
>
> +assert(mutex->initialized);
>  trace_qemu_mutex_unlocked(mutex);
>  err = pthread_mutex_unlock(>lock);
>  if (err)
> @@ -102,6 +108,7 @@ void qemu_rec_mutex_init(QemuRecMutex *mutex)
>  if (err) {
>  error_exit(err, __func__);
>  }
> +mutex->initialized = true;
>  }
>
>  void qemu_cond_init(QemuCond *cond)
> @@ -111,12 +118,15 @@ void qemu_cond_init(QemuCond *cond)
>  err = pthread_cond_init(>cond, NULL);
>  if (err)
>  error_exit(err, __func__);
> +cond->initialized = true;
>  }
>
>  void qemu_cond_destroy(QemuCond *cond)
>  {
>  int err;
>
> +assert(cond->initialized);
> +cond->initialized = false;
>  err = pthread_cond_destroy(>cond);
>  if (err)
>  error_exit(err, __func__);
> @@ -126,6 +136,7 @@ void qemu_cond_signal(QemuCond *cond)
>  {
>  int err;
>
> +assert(cond->initialized);
>  err = pthread_cond_signal(>cond);
>  if (err)
>  error_exit(err, __func__);
> @@ -135,6 +146,7 @@ void qemu_cond_broadcast(QemuCond *cond)
>  {
>  int err;
>
&g

Re: [Qemu-devel] [PATCH 3/8] MAINTAINERS: update Xen entry

[Philippe Mathieu-Daudé]

On Thu, Jun 29, 2017 at 7:39 AM, Anthony PERARD
<anthony.per...@citrix.com> wrote:
> On Wed, Jun 28, 2017 at 10:02:55PM -0300, Philippe Mathieu-Daudé wrote:
>> moved in 56e2cd24..28b99f47 to accel/
>
> That is not accurate, files have been moved to hw/i386/xen/ as written
> in both commits messages.

Oops hopefully you noticed! I copied the commits ranges from patch 1
and forgot to update the paths which are actually hw/xen and
hw/i386/xen.

> Beside that:
> Acked-by: Anthony PERARD <anthony.per...@citrix.com>

Thank you.

Re: [Qemu-devel] [RISU PATCH v6 02/10] build-all-archs: support cross building via docker

[Philippe Mathieu-Daudé]

On Thu, Jun 29, 2017 at 10:27 AM, Alex Bennée <alex.ben...@linaro.org> wrote:
> Philippe Mathieu-Daudé <f4...@amsat.org> writes:
>> On 06/21/2017 12:42 PM, Alex Bennée wrote:> By default we use the QEMU
>> projects qemu:debian-FOO-cross images as
>>> RISU hackers are likely to be QEMU developers too. However any docker
>>> tag can be passed on the command line.
>>
>> Any thought about starting to push images?
>
> I think it comes down to how much we trust Docker Hub and how much we
> trust whoever does the pushing. Would it be an automatic thing? From
> shippable?

Surely automatic.

Docker Hub offer free builds but you have to provide a full Dockerfile
(which is generated in QEMU).
We might keep those files in the repo... I'll give this a try.
The other possibilities are Travis and Shippable with a bit more
complicated setup.

Re: [Qemu-devel] [PATCH v1 3/3] armv7m_systick: abort instead of locking on a bad rate

[Philippe Mathieu-Daudé]

Hi Frederic,

On 06/29/2017 06:28 AM, KONRAD Frederic wrote:

This helps the board developer by asserting that system_clock_rate is not
null. Using systick with a zero rate will lead to a deadlock so better showing
the error.

Signed-off-by: KONRAD Frederic 
---
  hw/timer/armv7m_systick.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/hw/timer/armv7m_systick.c b/hw/timer/armv7m_systick.c
index df8d280..745efb7 100644
--- a/hw/timer/armv7m_systick.c
+++ b/hw/timer/armv7m_systick.c
@@ -54,6 +54,9 @@ static void systick_reload(SysTickState *s, int reset)
  s->tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
  }
  s->tick += (s->reload + 1) * systick_scale(s);
+
+/* system_clock_scale = 0 leads to a nasty deadlock, better aborting */
+assert(systick_scale(s));
  timer_mod(s->timer, s->tick);
  }


This is true it is better to abort here than risking a deadlock.

However it seems to me they are 3 issues here:
- the deadlock pattern is caused by using a global variable,
- stellaris:ssys_calculate_system_clock() no checking RCC.SYSDIV and 
RCC2.SYSDIV2 values <= 2 are reserved (GUEST_ERROR)

- stellaris:ssys_write(RCC2) not overrides correctly RCC

I'd rather take this opportunity to fix the deadlock pattern using a 
getter/setter on system_clock_scale, doing the zero check in the setter 
and eventually aborting in the getter, what do you think?


Regards,

Phil.

Re: [Qemu-devel] [PATCH v1 3/3] armv7m_systick: abort instead of locking on a bad rate

[Philippe Mathieu-Daudé]

On 06/29/2017 09:43 AM, Peter Maydell wrote:

On 29 June 2017 at 13:35, Philippe Mathieu-Daudé <f4...@amsat.org> wrote:

This is true it is better to abort here than risking a deadlock.

However it seems to me they are 3 issues here:
- the deadlock pattern is caused by using a global variable,
- stellaris:ssys_calculate_system_clock() no checking RCC.SYSDIV and
RCC2.SYSDIV2 values <= 2 are reserved (GUEST_ERROR)
- stellaris:ssys_write(RCC2) not overrides correctly RCC


Stellaris works fine. It's other ARMv7M boards (which might forget
to set system_clock_scale) which don't work.


Oh I misread ssys_calculate_system_clock(), indeed system_clock_scale 
can not get below 5 so no deadlock on Stellaris.



I'd rather take this opportunity to fix the deadlock pattern using a
getter/setter on system_clock_scale, doing the zero check in the setter and
eventually aborting in the getter, what do you think?


We should be using a clock property on the CPU instead of system_clock_scale.
Unfortunately Konrad's series attempting to add that infrastructure
is still in the "trying to sort out the right API in code review"
stage. I don't think it's worth trying to fiddle with the API
for it before we have the right eventual infrastructure in place.


I see. I'd rather move the comment and assert() in systick_scale().


(What system_clock_scale is actually doing is setting the
emulated frequency of the CPU, since that affects the
frequency of the timer.)

Re: [Qemu-devel] [RISU PATCH v6 02/10] build-all-archs: support cross building via docker

[Philippe Mathieu-Daudé]

Hi Alex,

On 06/21/2017 12:42 PM, Alex Bennée wrote:> By default we use the QEMU 
projects qemu:debian-FOO-cross images as

RISU hackers are likely to be QEMU developers too. However any docker
tag can be passed on the command line.


Any thought about starting to push images?

Re: [Qemu-devel] [PATCH 1/3] include/hw/boards.h: Document memory_region_allocate_system_memory()

[Philippe Mathieu-Daudé]

Hi Peter, Paolo,

On 07/04/2017 02:02 PM, Peter Maydell wrote:

Add a documentation comment for memory_region_allocate_system_memory().

In particular, the reason for this function's existence and the
requirement on board code to call it exactly once are non-obvious.

Signed-off-by: Peter Maydell 
---
  include/hw/boards.h | 28 
  1 file changed, 28 insertions(+)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 76ce021..1bc5389 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -9,6 +9,34 @@
  #include "qom/object.h"
  #include "qom/cpu.h"
  
+/**

+ * memory_region_allocate_system_memory - Allocate a board's main memory
+ * @mr: the #MemoryRegion to be initialized
+ * @owner: the object that tracks the region's reference count
+ * @name: name of the memory region
+ * @ram_size: size of the region in bytes
+ *
+ * This function allocates the main memory for a board model, and
+ * initializes @mr appropriately. It also arranges for the memory
+ * to be migrated (by calling vmstate_register_ram_global()).
+ *
+ * Memory allocated via this function will be backed with the memory
+ * backend the user provided using -mem-path if appropriate; this
+ * is typically used to cause host huge pages to be used.
+ * This function should therefore be called by a board exactly once,


Using memory-backend-file objects one can use different mem-path.

Maybe removing the global mem_path used by vl.c for "main memory" (which 
is a memory-backend-file without naming it) this "exactly once" case can 
be avoided.



+ * for the primary or largest RAM area it implements.
+ *
+ * For boards where the major RAM is split into two parts in the memory
+ * map, you can deal with this by calling 
memory_region_allocate_system_memory()
+ * once to get a MemoryRegion with enough RAM for both parts, and then
+ * creating alias MemoryRegions via memory_region_init_alias() which
+ * alias into different parts of the RAM MemoryRegion and can be mapped
+ * into the memory map in the appropriate places.
+ *
+ * Smaller pieces of memory (display RAM, static RAMs, etc) don't need
+ * to be backed via the -mem-path memory backend and can simply
+ * be created via memory_region_init_ram().
+ */
  void memory_region_allocate_system_memory(MemoryRegion *mr, Object *owner,
const char *name,
uint64_t ram_size);

Re: [Qemu-devel] [Qemu-arm] [PATCH] target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode

[Philippe Mathieu-Daudé]

Hi Peter,

On 06/30/2017 08:06 AM, Peter Maydell wrote:

For v7M, writes to the CONTROL register are only permitted for
privileged code. However even if the code is privileged, the
write must not affect the SPSEL bit in the CONTROL register
if the CPU is in Thread mode (as documented in the pseudocode
for the MSR instruction). Implement this, instead of permitting
SPSEL to be written in all cases.

This was causing mbed applications not to run, because the
RTX RTOS they use relies on this behaviour.

Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > ---
  target/arm/helper.c | 13 ++---
  1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2594faa..4ed32c5 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8768,9 +8768,16 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, 
uint32_t val)
  }
  break;
  case 20: /* CONTROL */
-switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
-env->v7m.control = val & (R_V7M_CONTROL_SPSEL_MASK |
-  R_V7M_CONTROL_NPRIV_MASK);
+/* Writing to the SPSEL bit only has an effect if we are in
+ * thread mode; other bits can be updated by any privileged code.
+ * switch_v7m_sp() deals with updating the SPSEL bit in
+ * env->v7m.control, so we only need update the others.
+ */


I'v been thinking about adding some function like v7m_is_privileged() 
v7m_is_thread_mode() !v7m_exception_pending() to ease code readability, 
like armv7m_nvic_can_take_pending_exception() or is_singlestepping().

Not much inspired yet :(


+if (env->v7m.exception == 0) {
+switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
+}
+env->v7m.control &= ~R_V7M_CONTROL_NPRIV_MASK;
+env->v7m.control |= val & R_V7M_CONTROL_NPRIV_MASK;
  break;
  default:
  qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"



Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>

Regards,

Phil.

Re: [Qemu-devel] [PATCH 07/11] target/sh4: Unify cpu_fregs into FREG

[Philippe Mathieu-Daudé]

On 07/05/2017 09:23 PM, Richard Henderson wrote:

We were treating FREG as an index and REG as a TCGv.
Making FREG return a TCGv is both less confusing and
a step toward cleaner banking of cpu_fregs.

Signed-off-by: Richard Henderson <r...@twiddle.net>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
  target/sh4/translate.c | 123 +
  1 file changed, 52 insertions(+), 71 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 20e24d5..e4fd6f2 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -382,10 +382,11 @@ static inline void gen_store_fpr64 (TCGv_i64 t, int reg)
  #define REG(x) ctx->gregs[x]
  #define ALTREG(x)  ctx->altregs[x]
  
-#define FREG(x) (ctx->tbflags & FPSCR_FR ? (x) ^ 0x10 : (x))

+#define FREG(x) cpu_fregs[ctx->tbflags & FPSCR_FR ? (x) ^ 0x10 : (x)]
  #define XHACK(x) x) & 1 ) << 4) | ((x) & 0xe))
-#define XREG(x) (ctx->tbflags & FPSCR_FR ? XHACK(x) ^ 0x10 : XHACK(x))
-#define DREG(x) FREG(x) /* Assumes lsb of (x) is always 0 */
+#define XREG(x) FREG(XHACK(x))
+/* Assumes lsb of (x) is always 0 */
+#define DREG(x) (ctx->tbflags & FPSCR_FR ? (x) ^ 0x10 : (x))
  
  #define CHECK_NOT_DELAY_SLOT \

  if (ctx->envflags & DELAY_SLOT_MASK) {   \
@@ -1005,56 +1006,51 @@ static void _decode_opc(DisasContext * ctx)
CHECK_FPU_ENABLED
  if (ctx->tbflags & FPSCR_SZ) {
TCGv_i64 fp = tcg_temp_new_i64();
-   gen_load_fpr64(fp, XREG(B7_4));
-   gen_store_fpr64(fp, XREG(B11_8));
+   gen_load_fpr64(fp, XHACK(B7_4));
+   gen_store_fpr64(fp, XHACK(B11_8));
tcg_temp_free_i64(fp);
} else {
-   tcg_gen_mov_i32(cpu_fregs[FREG(B11_8)], cpu_fregs[FREG(B7_4)]);
+   tcg_gen_mov_i32(FREG(B11_8), FREG(B7_4));
}
return;
  case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
CHECK_FPU_ENABLED
  if (ctx->tbflags & FPSCR_SZ) {
TCGv addr_hi = tcg_temp_new();
-   int fr = XREG(B7_4);
+   int fr = XHACK(B7_4);
tcg_gen_addi_i32(addr_hi, REG(B11_8), 4);
-tcg_gen_qemu_st_i32(cpu_fregs[fr], REG(B11_8),
-ctx->memidx, MO_TEUL);
-tcg_gen_qemu_st_i32(cpu_fregs[fr+1], addr_hi,
-ctx->memidx, MO_TEUL);
+tcg_gen_qemu_st_i32(FREG(fr), REG(B11_8), ctx->memidx, MO_TEUL);
+tcg_gen_qemu_st_i32(FREG(fr + 1), addr_hi, ctx->memidx, MO_TEUL);
tcg_temp_free(addr_hi);
} else {
-tcg_gen_qemu_st_i32(cpu_fregs[FREG(B7_4)], REG(B11_8),
-ctx->memidx, MO_TEUL);
+tcg_gen_qemu_st_i32(FREG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
}
return;
  case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
CHECK_FPU_ENABLED
  if (ctx->tbflags & FPSCR_SZ) {
TCGv addr_hi = tcg_temp_new();
-   int fr = XREG(B11_8);
+   int fr = XHACK(B11_8);
tcg_gen_addi_i32(addr_hi, REG(B7_4), 4);
-tcg_gen_qemu_ld_i32(cpu_fregs[fr], REG(B7_4), ctx->memidx, 
MO_TEUL);
-tcg_gen_qemu_ld_i32(cpu_fregs[fr+1], addr_hi, ctx->memidx, 
MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(fr), REG(B7_4), ctx->memidx, MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(fr + 1), addr_hi, ctx->memidx, MO_TEUL);
tcg_temp_free(addr_hi);
} else {
-tcg_gen_qemu_ld_i32(cpu_fregs[FREG(B11_8)], REG(B7_4),
-ctx->memidx, MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
}
return;
  case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
CHECK_FPU_ENABLED
  if (ctx->tbflags & FPSCR_SZ) {
TCGv addr_hi = tcg_temp_new();
-   int fr = XREG(B11_8);
+   int fr = XHACK(B11_8);
tcg_gen_addi_i32(addr_hi, REG(B7_4), 4);
-tcg_gen_qemu_ld_i32(cpu_fregs[fr], REG(B7_4), ctx->memidx, 
MO_TEUL);
-tcg_gen_qemu_ld_i32(cpu_fregs[fr+1], addr_hi, ctx->memidx, 
MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(fr), REG(B7_4), ctx->memidx, MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(fr + 1), addr_hi, ctx->memidx, MO_TEUL);
tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 8);
tcg_temp_free(addr_hi);
} else {
-tcg_gen_qemu_ld_i32(cpu_fregs[FREG(B11_8)], REG(B7_4),
-ctx->memidx, MO_TEUL);
+tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
}
return;
@@ -1063,13 +1059,12 @@ static void _decode_opc(DisasContext * ctx)
  TCG

Re: [Qemu-devel] [RFC v1 2/4] util/oslib-win32: Remove invalid check

[Philippe Mathieu-Daudé]

On Tue, Jun 27, 2017 at 8:57 PM, Alistair Francis
<alistair.fran...@xilinx.com> wrote:
> There is no way nhandles can be zero in this section so that part of the
> if statement will always be false. Let's just remove it to make the code
> easier to read.
>
> Signed-off-by: Alistair Francis <alistair.fran...@xilinx.com>
> Acked-by: Edgar E. Iglesias <edgar.igles...@xilinx.com>

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>

> ---
>
>  util/oslib-win32.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/util/oslib-win32.c b/util/oslib-win32.c
> index 80e4668935..7ec0f8e083 100644
> --- a/util/oslib-win32.c
> +++ b/util/oslib-win32.c
> @@ -414,7 +414,7 @@ static int poll_rest(gboolean poll_msgs, HANDLE *handles, 
> gint nhandles,
>  /* If we have a timeout, or no handles to poll, be satisfied
>   * with just noticing we have messages waiting.
>   */
> -if (timeout != 0 || nhandles == 0) {
> +if (timeout != 0) {
>  return 1;
>  }
>
> --
> 2.11.0
>
>

Re: [Qemu-devel] [PATCH v3 2/7] target/m68k: add fmovecr

[Philippe Mathieu-Daudé]

On 06/27/2017 04:12 PM, Laurent Vivier wrote:

fmovecr moves a floating point constant from the
FPU ROM to a floating point register.

Signed-off-by: Laurent Vivier <laur...@vivier.eu>
Reviewed-by: Richard Henderson <r...@twiddle.net>
---
  target/m68k/fpu_helper.c | 30 ++
  target/m68k/helper.h |  1 +
  target/m68k/translate.c  | 13 -
  3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/target/m68k/fpu_helper.c b/target/m68k/fpu_helper.c
index a9e17f5..912c0b7 100644
--- a/target/m68k/fpu_helper.c
+++ b/target/m68k/fpu_helper.c
@@ -23,6 +23,31 @@
  #include "exec/helper-proto.h"
  #include "exec/exec-all.h"
  
+static const floatx80 fpu_rom[128] = {


"The values contained at offsets other than those defined above are
reserved for the use of Motorola and may be different on various mask
sets of the floating-point coprocessor. These undefined values yield the
value 0.0 [ floatx80_zero ] in the M68040FPSP."

^ with a such comment around:

Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


+[0x00] = floatx80_pi,   /* Pi */
+[0x0b] = make_floatx80(0x3ffd, 0x9a209a84fbcff798ULL),  /* Log10(2) */
+[0x0c] = make_floatx80(0x4000, 0xadf85458a2bb4a9aULL),  /* e*/
+[0x0d] = make_floatx80(0x3fff, 0xb8aa3b295c17f0bcULL),  /* Log2(e)  */
+[0x0e] = make_floatx80(0x3ffd, 0xde5bd8a937287195ULL),  /* Log10(e) */
+[0x0f] = floatx80_zero, /* Zero */
+[0x30] = floatx80_ln2,  /* ln(2)*/
+[0x31] = make_floatx80(0x4000, 0x935d8dddaaa8ac17ULL),  /* ln(10)   */
+[0x32] = floatx80_one,  /* 10^0 */
+[0x33] = make_floatx80(0x4002, 0xa000ULL),  /* 10^1 */
+[0x34] = make_floatx80(0x4005, 0xc800ULL),  /* 10^2 */
+[0x35] = make_floatx80(0x400c, 0x9c40ULL),  /* 10^4 */
+[0x36] = make_floatx80(0x4019, 0xbebc2000ULL),  /* 10^8 */
+[0x37] = make_floatx80(0x4034, 0x8e1bc9bf0400ULL),  /* 10^16*/
+[0x38] = make_floatx80(0x4069, 0x9dc5ada82b70b59eULL),  /* 10^32*/
+[0x39] = make_floatx80(0x40d3, 0xc2781f49ffcfa6d5ULL),  /* 10^64*/
+[0x3a] = make_floatx80(0x41a8, 0x93ba47c980e98ce0ULL),  /* 10^128   */
+[0x3b] = make_floatx80(0x4351, 0xaa7eebfb9df9de8eULL),  /* 10^256   */
+[0x3c] = make_floatx80(0x46a3, 0xe319a0aea60e91c7ULL),  /* 10^512   */
+[0x3d] = make_floatx80(0x4d48, 0xc976758681750c17ULL),  /* 10^1024  */
+[0x3e] = make_floatx80(0x5a92, 0x9e8b3b5dc53d5de5ULL),  /* 10^2048  */
+[0x3f] = make_floatx80(0x7525, 0xc46052028a20979bULL),  /* 10^4096  */
+};
+
  int32_t HELPER(reds32)(CPUM68KState *env, FPReg *val)
  {
  return floatx80_to_int32(val->d, >fp_status);
@@ -204,3 +229,8 @@ void HELPER(ftst)(CPUM68KState *env, FPReg *val)
  }
  env->fpsr = (env->fpsr & ~FPSR_CC_MASK) | cc;
  }
+
+void HELPER(fconst)(CPUM68KState *env, FPReg *val, uint32_t offset)
+{
+val->d = fpu_rom[offset];
+}
diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index 98cbf18..d6e80e4 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -35,6 +35,7 @@ DEF_HELPER_4(fdiv, void, env, fp, fp, fp)
  DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_RWG, void, env, fp, fp)
  DEF_HELPER_FLAGS_2(set_fpcr, TCG_CALL_NO_RWG, void, env, i32)
  DEF_HELPER_FLAGS_2(ftst, TCG_CALL_NO_RWG, void, env, fp)
+DEF_HELPER_3(fconst, void, env, fp, i32)
  
  DEF_HELPER_3(mac_move, void, env, i32, i32)

  DEF_HELPER_3(macmulf, i64, env, i32, i32)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index dff604c..0bb3300 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4518,10 +4518,21 @@ DISAS_INSN(fpu)
  ext = read_im16(env, s);
  opmode = ext & 0x7f;
  switch ((ext >> 13) & 7) {
-case 0: case 2:
+case 0:
  break;
  case 1:
  goto undef;
+case 2:
+if (insn == 0xf200 && (ext & 0xfc00) == 0x5c00) {
+/* fmovecr */
+TCGv rom_offset = tcg_const_i32(opmode);


you could reuse tmp32:

tmp32 = tcg_const_i32(opmode); /* rom offset */

but it's good like that ;)


+cpu_dest = gen_fp_ptr(REG(ext, 7));
+gen_helper_fconst(cpu_env, cpu_dest, rom_offset);
+tcg_temp_free_ptr(cpu_dest);
+tcg_temp_free(rom_offset);


Oh this was a leak in v2? I didn't notice.


+return;
+}
+break;
  case 3: /* fmove out */
  cpu_src = gen_fp_ptr(REG(ext, 7));
  opsize = ext_opsize(ext, 10);

Re: [Qemu-devel] [PATCH v2 2/7] target/m68k: add fmovecr

[Philippe Mathieu-Daudé]

On 06/27/2017 02:58 PM, Laurent Vivier wrote:

Le 27/06/2017 à 17:45, Philippe Mathieu-Daudé a écrit :

+static const floatx80 fpu_rom[128] = {
+[0x00] = floatx80_pi,   /* Pi */
+[0x0b] = make_floatx80(0x3ffd, 0x9a209a84fbcff798ULL),  /*
Log10(2) */
+[0x0c] = make_floatx80(0x4000, 0xadf85458a2bb4a9aULL),  /*
e*/
+[0x0d] = make_floatx80(0x3fff, 0xb8aa3b295c17f0bcULL),  /*
Log2(e)  */
+[0x0e] = make_floatx80(0x3ffd, 0xde5bd8a937287195ULL),  /*
Log10(e) */
+[0x0f] = floatx80_zero, /*
Zero */
+[0x30] = floatx80_ln2,  /*
ln(2)*/
+[0x31] = make_floatx80(0x4000, 0x935d8dddaaa8ac17ULL),  /*
ln(10)   */
+[0x32] = floatx80_one,  /*
10^0 */
+[0x33] = make_floatx80(0x4002, 0xa000ULL),  /*
10^1 */
+[0x34] = make_floatx80(0x4005, 0xc800ULL),  /*
10^2 */
+[0x35] = make_floatx80(0x400c, 0x9c40ULL),  /*
10^4 */
+[0x36] = make_floatx80(0x4019, 0xbebc2000ULL),  /*
10^8 */
+[0x37] = make_floatx80(0x4034, 0x8e1bc9bf0400ULL),  /*
10^16*/
+[0x38] = make_floatx80(0x4069, 0x9dc5ada82b70b59eULL),  /*
10^32*/
+[0x39] = make_floatx80(0x40d3, 0xc2781f49ffcfa6d5ULL),  /*
10^64*/
+[0x3a] = make_floatx80(0x41a8, 0x93ba47c980e98ce0ULL),  /*
10^128   */
+[0x3b] = make_floatx80(0x4351, 0xaa7eebfb9df9de8eULL),  /*
10^256   */
+[0x3c] = make_floatx80(0x46a3, 0xe319a0aea60e91c7ULL),  /*
10^512   */
+[0x3d] = make_floatx80(0x4d48, 0xc976758681750c17ULL),  /*
10^1024  */
+[0x3e] = make_floatx80(0x5a92, 0x9e8b3b5dc53d5de5ULL),  /*
10^2048  */
+[0x3f] = make_floatx80(0x7525, 0xc46052028a20979bULL),  /*
10^4096  */ +};
+
  int32_t HELPER(reds32)(CPUM68KState *env, FPReg *val)
  {
  return floatx80_to_int32(val->d, >fp_status);
@@ -204,3 +229,8 @@ void HELPER(ftst)(CPUM68KState *env, FPReg *val)
  }
  env->fpsr = (env->fpsr & ~FPSR_CC_MASK) | cc;
  }
+
+void HELPER(fconst)(CPUM68KState *env, FPReg *val, uint32_t offset)
+{
+val->d = fpu_rom[offset];


For offset not declared in fpu_rom (0x1..0xa, 0x10..0x2f, 0x40..0x7f),
this will return floatx80_zero, is this correct?


yes, according to the doc:

The values contained at offsets other than those defined above are
reserved for the use of Motorola and may be different on various mask
sets of the floating-point coprocessor. These undefined values yield the
value 0.0 in the M68040FPSP


can you add this comment before/in the fpu_rom array please?

Re: [Qemu-devel] [PATCH v2 2/7] target/m68k: add fmovecr

[Philippe Mathieu-Daudé]

I find this patch aesthetically very nice :)

On Tue, 27 Jun 2017 00:03:25 +0200
Laurent Vivier  wrote:
> fmovecr moves a floating point constant from the
> FPU ROM to a floating point register.
> 
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Richard Henderson 
> ---
>  target/m68k/fpu_helper.c | 30 ++
>  target/m68k/helper.h |  1 +
>  target/m68k/translate.c  | 13 -
>  3 files changed, 43 insertions(+), 1 deletion(-)
> 
> diff --git a/target/m68k/fpu_helper.c b/target/m68k/fpu_helper.c
> index a9e17f5..912c0b7 100644
> --- a/target/m68k/fpu_helper.c
> +++ b/target/m68k/fpu_helper.c
> @@ -23,6 +23,31 @@
>  #include "exec/helper-proto.h"
>  #include "exec/exec-all.h"
>  
> +static const floatx80 fpu_rom[128] = {
> +[0x00] = floatx80_pi,   /* Pi */
> +[0x0b] = make_floatx80(0x3ffd, 0x9a209a84fbcff798ULL),  /*
> Log10(2) */
> +[0x0c] = make_floatx80(0x4000, 0xadf85458a2bb4a9aULL),  /*
> e*/
> +[0x0d] = make_floatx80(0x3fff, 0xb8aa3b295c17f0bcULL),  /*
> Log2(e)  */
> +[0x0e] = make_floatx80(0x3ffd, 0xde5bd8a937287195ULL),  /*
> Log10(e) */
> +[0x0f] = floatx80_zero, /*
> Zero */
> +[0x30] = floatx80_ln2,  /*
> ln(2)*/
> +[0x31] = make_floatx80(0x4000, 0x935d8dddaaa8ac17ULL),  /*
> ln(10)   */
> +[0x32] = floatx80_one,  /*
> 10^0 */
> +[0x33] = make_floatx80(0x4002, 0xa000ULL),  /*
> 10^1 */
> +[0x34] = make_floatx80(0x4005, 0xc800ULL),  /*
> 10^2 */
> +[0x35] = make_floatx80(0x400c, 0x9c40ULL),  /*
> 10^4 */
> +[0x36] = make_floatx80(0x4019, 0xbebc2000ULL),  /*
> 10^8 */
> +[0x37] = make_floatx80(0x4034, 0x8e1bc9bf0400ULL),  /*
> 10^16*/
> +[0x38] = make_floatx80(0x4069, 0x9dc5ada82b70b59eULL),  /*
> 10^32*/
> +[0x39] = make_floatx80(0x40d3, 0xc2781f49ffcfa6d5ULL),  /*
> 10^64*/
> +[0x3a] = make_floatx80(0x41a8, 0x93ba47c980e98ce0ULL),  /*
> 10^128   */
> +[0x3b] = make_floatx80(0x4351, 0xaa7eebfb9df9de8eULL),  /*
> 10^256   */
> +[0x3c] = make_floatx80(0x46a3, 0xe319a0aea60e91c7ULL),  /*
> 10^512   */
> +[0x3d] = make_floatx80(0x4d48, 0xc976758681750c17ULL),  /*
> 10^1024  */
> +[0x3e] = make_floatx80(0x5a92, 0x9e8b3b5dc53d5de5ULL),  /*
> 10^2048  */
> +[0x3f] = make_floatx80(0x7525, 0xc46052028a20979bULL),  /*
> 10^4096  */ +};
> +
>  int32_t HELPER(reds32)(CPUM68KState *env, FPReg *val)
>  {
>  return floatx80_to_int32(val->d, >fp_status);
> @@ -204,3 +229,8 @@ void HELPER(ftst)(CPUM68KState *env, FPReg *val)
>  }
>  env->fpsr = (env->fpsr & ~FPSR_CC_MASK) | cc;
>  }
> +
> +void HELPER(fconst)(CPUM68KState *env, FPReg *val, uint32_t offset)
> +{
> +val->d = fpu_rom[offset];

For offset not declared in fpu_rom (0x1..0xa, 0x10..0x2f, 0x40..0x7f),
this will return floatx80_zero, is this correct?

> +}
> diff --git a/target/m68k/helper.h b/target/m68k/helper.h
> index 98cbf18..d6e80e4 100644
> --- a/target/m68k/helper.h
> +++ b/target/m68k/helper.h
> @@ -35,6 +35,7 @@ DEF_HELPER_4(fdiv, void, env, fp, fp, fp)
>  DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_RWG, void, env, fp, fp)
>  DEF_HELPER_FLAGS_2(set_fpcr, TCG_CALL_NO_RWG, void, env, i32)
>  DEF_HELPER_FLAGS_2(ftst, TCG_CALL_NO_RWG, void, env, fp)
> +DEF_HELPER_3(fconst, void, env, fp, i32)
>  
>  DEF_HELPER_3(mac_move, void, env, i32, i32)
>  DEF_HELPER_3(macmulf, i64, env, i32, i32)
> diff --git a/target/m68k/translate.c b/target/m68k/translate.c
> index 8824f81..ab2fe50 100644
> --- a/target/m68k/translate.c
> +++ b/target/m68k/translate.c
> @@ -4510,6 +4510,7 @@ static void gen_op_fmove_fcr(CPUM68KState *env,
> DisasContext *s, DISAS_INSN(fpu)
>  {
>  uint16_t ext;
> +uint8_t rom_offset;
>  int opmode;
>  TCGv tmp32;
>  int opsize;
> @@ -4518,10 +4519,20 @@ DISAS_INSN(fpu)
>  ext = read_im16(env, s);
>  opmode = ext & 0x7f;
>  switch ((ext >> 13) & 7) {
> -case 0: case 2:
> +case 0:
>  break;
>  case 1:
>  goto undef;
> +case 2:
> +if (insn == 0xf200 && (ext & 0xfc00) == 0x5c00) {
> +/* fmovecr */
> +rom_offset = ext & 0x7f;

you can use opmode directly.

> +cpu_dest = gen_fp_ptr(REG(ext, 7));
> +gen_helper_fconst(cpu_env, cpu_dest,
> tcg_const_i32(rom_offset));
> +tcg_temp_free_ptr(cpu_dest);
> +return;
> +}
> +break;
>  case 3: /* fmove out */
>  cpu_src = gen_fp_ptr(REG(ext, 7));
>  opsize = ext_opsize(ext, 10);

Re: [Qemu-devel] [PATCH 05/26] audio: Remove UINT8

[Philippe Mathieu-Daudé]

Hi Juan,

On 04/25/2017 07:37 PM, Juan Quintela wrote:

uint8_t has existed since . all this century?

Signed-off-by: Juan Quintela 
---
 hw/audio/fmopl.c |  8 
 hw/audio/fmopl.h | 39 ---
 2 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c
index 282662a..3d14b45 100644
--- a/hw/audio/fmopl.c
+++ b/hw/audio/fmopl.c
@@ -789,8 +789,8 @@ static void OPLWriteReg(FM_OPL *OPL, int r, int v)
}
else
{   /* set IRQ mask ,timer enable*/
-   UINT8 st1 = v&1;
-   UINT8 st2 = (v>>1)&1;
+   uint8_t st1 = v&1;
+   uint8_t st2 = (v>>1)&1;


Welcome to stdint! but since you're changing this code please make it 
more readable (at least spaces) so checkpatch don't reject your serie:


ERROR: spaces required around that '&'


/* IRQRST,T1MSK,t2MSK,EOSMSK,BRMSK,x,ST2,ST1 */
OPL_STATUS_RESET(OPL,v&0x78);
OPL_STATUSMASK_SET(OPL,((~v)&0x78)|0x01);
@@ -838,7 +838,7 @@ static void OPLWriteReg(FM_OPL *OPL, int r, int v)
case 0xbd:
/* amsep,vibdep,r,bd,sd,tom,tc,hh */
{
-   UINT8 rkey = OPL->rhythm^v;
+   uint8_t rkey = OPL->rhythm^v;
OPL->ams_table = _TABLE[v&0x80 ? AMS_ENT : 0];
OPL->vib_table = _TABLE[v&0x40 ? VIB_ENT : 0];
OPL->rhythm  = v&0x3f;
@@ -991,7 +991,7 @@ void YM3812UpdateOne(FM_OPL *OPL, INT16 *buffer, int length)
OPLSAMPLE *buf = buffer;
UINT32 amsCnt  = OPL->amsCnt;
UINT32 vibCnt  = OPL->vibCnt;
-   UINT8 rhythm = OPL->rhythm&0x20;
+   uint8_t rhythm = OPL->rhythm&0x20;
OPL_CH *CH,*R_CH;

if( (void *)OPL != cur_chip ){
diff --git a/hw/audio/fmopl.h b/hw/audio/fmopl.h
index e476497..3df8942 100644
--- a/hw/audio/fmopl.h
+++ b/hw/audio/fmopl.h
@@ -1,6 +1,8 @@
 #ifndef FMOPL_H
 #define FMOPL_H

+#include 
+
 /* --- system optimize --- */
 /* select bit size of output : 8 or 16 */
 #define OPL_OUTPUT_BIT 16
@@ -8,7 +10,6 @@
 /* compiler dependence */
 #ifndef OSD_CPU_H
 #define OSD_CPU_H
-typedef unsigned char  UINT8;   /* unsigned  8bit */
 typedef unsigned short UINT16;  /* unsigned 16bit */
 typedef unsigned int   UINT32;  /* unsigned 32bit */
 typedef signed charINT8;/* signed  8bit   */
@@ -41,19 +42,19 @@ typedef unsigned char (*OPL_PORTHANDLER_R)(int param);
 typedef struct fm_opl_slot {
INT32 TL;   /* total level :TL << 8*/
INT32 TLL;  /* adjusted now TL */
-   UINT8  KSR; /* key scale rate  :(shift down bit)   */
+   uint8_t  KSR;   /* key scale rate  :(shift down bit)   */
INT32 *AR;  /* attack rate :_TABLE[AR<<2]   */
INT32 *DR;  /* decay rate  :_TALBE[DR<<2]   */
INT32 SL;   /* sustin level:SL_TALBE[SL]   */
INT32 *RR;  /* release rate:_TABLE[RR<<2]   */
-   UINT8 ksl;  /* keyscale level  :(shift down bits)  */
-   UINT8 ksr;  /* key scale rate  :kcode>>KSR */
+   uint8_t ksl;/* keyscale level  :(shift down bits)  */
+   uint8_t ksr;/* key scale rate  :kcode>>KSR */
UINT32 mul; /* multiple:ML_TABLE[ML]   */
UINT32 Cnt; /* frequency count :   */
UINT32 Incr;/* frequency step  :   */
/* envelope generator state */
-   UINT8 eg_typ;   /* envelope type flag  */
-   UINT8 evm;  /* envelope phase  */
+   uint8_t eg_typ; /* envelope type flag  */
+   uint8_t evm;/* envelope phase  */
INT32 evc;  /* envelope counter*/
INT32 eve;  /* envelope counter end point  */
INT32 evs;  /* envelope counter step   */
@@ -61,8 +62,8 @@ typedef struct fm_opl_slot {
INT32 evsd; /* envelope step for DR :DR[ksr]   */
INT32 evsr; /* envelope step for RR :RR[ksr]   */
/* LFO */
-   UINT8 ams;  /* ams flag*/
-   UINT8 vib;  /* vibrate flag*/
+   uint8_t ams;/* ams flag*/
+   uint8_t vib;/* vibrate flag*/
/* wave selector */
INT32 **wavetable;
 }OPL_SLOT;
@@ -70,38 +71,38 @@ typedef struct 

Re: [Qemu-devel] [PATCH 10/26] audio: Remove INT32

[Philippe Mathieu-Daudé]

Hi Juan, is there a benefit in not squashing the previous stdint commits?

On 04/25/2017 07:37 PM, Juan Quintela wrote:

Signed-off-by: Juan Quintela 
---
 hw/audio/fmopl.c | 42 +-
 hw/audio/fmopl.h | 54 --
 2 files changed, 45 insertions(+), 51 deletions(-)

diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c
index ebd3dbb..8f935f6 100644
--- a/hw/audio/fmopl.c
+++ b/hw/audio/fmopl.c
@@ -170,7 +170,7 @@ static const uint32_t KSL_TABLE[8*16]=
 /* sustain lebel table (3db per step) */
 /* 0 - 15: 0, 3, 6, 9,12,15,18,21,24,27,30,33,36,39,42,93 (dB)*/
 #define SC(db) (db*((3/EG_STEP)*(1<connect1 = CH->CON ? carrier : 
CH->connect2 = carrier;
 }
@@ -498,7 +498,7 @@ static inline void OPL_CALC_RH( OPL_CH *CH )
 {
uint32_t env_tam,env_sd,env_top,env_hh;
int whitenoise = (rand()&1)*(WHITE_NOISE_db/EG_STEP);
-   INT32 tone8;
+   int32_t tone8;

OPL_SLOT *SLOT;
int env_out;
@@ -616,20 +616,20 @@ static int OPLOpenTable( void )
double pom;

/* allocate dynamic tables */
-   if( (TL_TABLE = malloc(TL_MAX*2*sizeof(INT32))) == NULL)
+   if( (TL_TABLE = malloc(TL_MAX*2*sizeof(int32_t))) == NULL)
return 0;
-   if( (SIN_TABLE = malloc(SIN_ENT*4 *sizeof(INT32 *))) == NULL)
+   if( (SIN_TABLE = malloc(SIN_ENT*4 *sizeof(int32_t *))) == NULL)
{
free(TL_TABLE);
return 0;
}
-   if( (AMS_TABLE = malloc(AMS_ENT*2 *sizeof(INT32))) == NULL)
+   if( (AMS_TABLE = malloc(AMS_ENT*2 *sizeof(int32_t))) == NULL)
{
free(TL_TABLE);
free(SIN_TABLE);
return 0;
}
-   if( (VIB_TABLE = malloc(VIB_ENT*2 *sizeof(INT32))) == NULL)
+   if( (VIB_TABLE = malloc(VIB_ENT*2 *sizeof(int32_t))) == NULL)
{
free(TL_TABLE);
free(SIN_TABLE);
diff --git a/hw/audio/fmopl.h b/hw/audio/fmopl.h
index 0bc3415..1e74019 100644
--- a/hw/audio/fmopl.h
+++ b/hw/audio/fmopl.h
@@ -7,12 +7,6 @@
 /* select bit size of output : 8 or 16 */
 #define OPL_OUTPUT_BIT 16

-/* compiler dependence */
-#ifndef OSD_CPU_H
-#define OSD_CPU_H
-typedef signed int INT32;   /* signed 32bit   */
-#endif
-
 #if (OPL_OUTPUT_BIT==16)
 typedef int16_t OPLSAMPLE;
 #endif
@@ -36,13 +30,13 @@ typedef unsigned char (*OPL_PORTHANDLER_R)(int param);
 /* Saving is necessary for member of the 'R' mark for suspend/resume */
 /* -- OPL one of slot  -- */
 typedef struct fm_opl_slot {
-   INT32 TL;   /* total level :TL << 8*/
-   INT32 TLL;  /* adjusted now TL */
+   int32_t TL; /* total level :TL << 8*/
+   int32_t TLL;/* adjusted now TL */
uint8_t 

Re: [Qemu-devel] [PATCH 10/21] xen: import ring.h from xen

[Philippe Mathieu-Daudé]

On 04/25/2017 03:35 PM, Stefano Stabellini wrote:

Do not use the ring.h header installed on the system. Instead, import
the header into the QEMU codebase. This avoids problems when QEMU is
built against a Xen version too old to provide all the ring macros.

Signed-off-by: Stefano Stabellini <stef...@aporeto.com>
Reviewed-by: Greg Kurz <gr...@kaod.org>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


CC: anthony.per...@citrix.com
CC: jgr...@suse.com
---
 hw/block/xen_blkif.h |   2 +-
 hw/usb/xen-usb.c |   2 +-
 include/hw/xen/io/ring.h | 482 +++
 3 files changed, 484 insertions(+), 2 deletions(-)
 create mode 100644 include/hw/xen/io/ring.h

diff --git a/hw/block/xen_blkif.h b/hw/block/xen_blkif.h
index 3300b6f..3e6e1ea 100644
--- a/hw/block/xen_blkif.h
+++ b/hw/block/xen_blkif.h
@@ -1,7 +1,7 @@
 #ifndef XEN_BLKIF_H
 #define XEN_BLKIF_H

-#include 
+#include "hw/xen/io/ring.h"
 #include 
 #include 

diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c
index 8e676e6..370b3d9 100644
--- a/hw/usb/xen-usb.c
+++ b/hw/usb/xen-usb.c
@@ -33,7 +33,7 @@
 #include "qapi/qmp/qint.h"
 #include "qapi/qmp/qstring.h"

-#include 
+#include "hw/xen/io/ring.h"
 #include 

 /*
diff --git a/include/hw/xen/io/ring.h b/include/hw/xen/io/ring.h
new file mode 100644
index 000..abbca47
--- /dev/null
+++ b/include/hw/xen/io/ring.h
@@ -0,0 +1,482 @@
+/**
+ * ring.h
+ *
+ * Shared producer-consumer ring macros.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ * Tim Deegan and Andrew Warfield November 2004.
+ */
+
+#ifndef __XEN_PUBLIC_IO_RING_H__
+#define __XEN_PUBLIC_IO_RING_H__
+
+/*
+ * When #include'ing this header, you need to provide the following
+ * declaration upfront:
+ * - standard integers types (uint8_t, uint16_t, etc)
+ * They are provided by stdint.h of the standard headers.
+ *
+ * In addition, if you intend to use the FLEX macros, you also need to
+ * provide the following, before invoking the FLEX macros:
+ * - size_t
+ * - memcpy
+ * - grant_ref_t
+ * These declarations are provided by string.h of the standard headers,
+ * and grant_table.h from the Xen public headers.
+ */
+
+#if __XEN_INTERFACE_VERSION__ < 0x00030208
+#define xen_mb()  mb()
+#define xen_rmb() rmb()
+#define xen_wmb() wmb()
+#endif
+
+typedef unsigned int RING_IDX;
+
+/* Round a 32-bit unsigned constant down to the nearest power of two. */
+#define __RD2(_x)  (((_x) & 0x0002) ? 0x2  : ((_x) & 0x1))
+#define __RD4(_x)  (((_x) & 0x000c) ? __RD2((_x)>>2)<<2: __RD2(_x))
+#define __RD8(_x)  (((_x) & 0x00f0) ? __RD4((_x)>>4)<<4: __RD4(_x))
+#define __RD16(_x) (((_x) & 0xff00) ? __RD8((_x)>>8)<<8: __RD8(_x))
+#define __RD32(_x) (((_x) & 0x) ? __RD16((_x)>>16)<<16 : __RD16(_x))
+
+/*
+ * Calculate size of a shared ring, given the total available space for the
+ * ring and indexes (_sz), and the name tag of the request/response structure.
+ * A ring contains as many entries as will fit, rounded down to the nearest
+ * power of two (so we can mask with (size-1) to loop around).
+ */
+#define __CONST_RING_SIZE(_s, _sz) \
+(__RD32(((_sz) - offsetof(struct _s##_sring, ring)) / \
+   sizeof(((struct _s##_sring *)0)->ring[0])))
+/*
+ * The same for passing in an actual pointer instead of a name tag.
+ */
+#define __RING_SIZE(_s, _sz) \
+(__RD32(((_sz) - (long)(_s)->ring + (long)(_s)) / sizeof((_s)->ring[0])))
+
+/*
+ * Macros to make the correct C datatypes for a new kind of ring.
+ *
+ * To make a new ring datatype, you need to have two message structures,
+ * let's say request_t, and response_t already defined.
+ *
+ * In a header where you want the ring data

Re: [Qemu-devel] [PATCH 19/26] audio: GUSsample is int16_t

[Philippe Mathieu-Daudé]

Hi Juan,

Same here, why not squashing as "Use stdint instead of dead GUSEMU32"?

On 04/25/2017 07:37 PM, Juan Quintela wrote:

Signed-off-by: Juan Quintela 
---
 hw/audio/gus.c  |  2 +-
 hw/audio/gusemu.h   | 12 +---
 hw/audio/gusemu_hal.c   |  2 +-
 hw/audio/gusemu_mixer.c |  8 
 4 files changed, 7 insertions(+), 17 deletions(-)

diff --git a/hw/audio/gus.c b/hw/audio/gus.c
index 3d08a65..ec103a4 100644
--- a/hw/audio/gus.c
+++ b/hw/audio/gus.c
@@ -53,7 +53,7 @@ typedef struct GUSState {
 uint32_t freq;
 uint32_t port;
 int pos, left, shift, irqs;
-GUSsample *mixbuf;
+int16_t *mixbuf;
 uint8_t himem[1024 * 1024 + 32 + 4096];
 int samples;
 SWVoiceOut *voice;
diff --git a/hw/audio/gusemu.h b/hw/audio/gusemu.h
index 69dadef..ab591ee 100644
--- a/hw/audio/gusemu.h
+++ b/hw/audio/gusemu.h
@@ -25,16 +25,6 @@
 #ifndef GUSEMU_H
 #define GUSEMU_H

-/* data types (need to be adjusted if neither a VC6 nor a C99 compatible 
compiler is used) */
-
-#if defined _WIN32 && defined _MSC_VER /* doesn't support other win32 
compilers yet, do it yourself... */
- typedef unsigned int GUSdword;
- typedef signed short GUSsample;
-#else
- typedef uint32_t GUSdword;
- typedef int16_t GUSsample;
-#endif
-
 typedef struct _GUSEmuState
 {
  uint8_t *himemaddr; /* 1024*1024 bytes used for storing uploaded samples (+32 
additional bytes for read padding) */
@@ -86,7 +76,7 @@ void gus_dma_transferdata(GUSEmuState *state, char *dma_addr, 
unsigned int count
 /* If the interrupts are asynchronous, it may be needed to use a separate 
thread mixing into a temporary */
 /* audio buffer in order to avoid quality loss caused by large numsamples and 
elapsed_time values. */

-void gus_mixvoices(GUSEmuState *state, unsigned int playback_freq, unsigned 
int numsamples, GUSsample *bufferpos);
+void gus_mixvoices(GUSEmuState *state, unsigned int playback_freq, unsigned 
int numsamples, int16_t *bufferpos);
 /* recommended range: 10 < numsamples < 100 */
 /* lower values may result in increased rounding error, higher values often 
cause audible timing delays */

diff --git a/hw/audio/gusemu_hal.c b/hw/audio/gusemu_hal.c
index 3dd7239..1150fc4 100644
--- a/hw/audio/gusemu_hal.c
+++ b/hw/audio/gusemu_hal.c
@@ -32,7 +32,7 @@

 #define GUSregb(position) (*(gusptr+(position)))
 #define GUSregw(position) (*(uint16_t *) (gusptr+(position)))
-#define GUSregd(position) (*(GUSdword *)(gusptr+(position)))
+#define GUSregd(position) (*(uint16_t *)(gusptr+(position)))

 /* size given in bytes */
 unsigned int gus_read(GUSEmuState * state, int port, int size)
diff --git a/hw/audio/gusemu_mixer.c b/hw/audio/gusemu_mixer.c
index 981a9ae..00b9861 100644
--- a/hw/audio/gusemu_mixer.c
+++ b/hw/audio/gusemu_mixer.c
@@ -28,13 +28,13 @@

 #define GUSregb(position)  (*(gusptr+(position)))
 #define GUSregw(position)  (*(uint16_t *) (gusptr+(position)))
-#define GUSregd(position)  (*(GUSdword *)(gusptr+(position)))
+#define GUSregd(position)  (*(uint16_t *)(gusptr+(position)))

 #define GUSvoice(position) (*(uint16_t *)(voiceptr+(position)))

 /* samples are always 16bit stereo (4 bytes each, first right then left 
interleaved) */
 void gus_mixvoices(GUSEmuState * state, unsigned int playback_freq, unsigned 
int numsamples,
-   GUSsample *bufferpos)
+   int16_t *bufferpos)
 {
 /* note that byte registers are stored in the upper half of each voice 
register! */
 uint8_t*gusptr;
@@ -171,8 +171,8 @@ void gus_mixvoices(GUSEmuState * state, unsigned int 
playback_freq, unsigned int
 }

 /* mix samples into buffer */
-*(bufferpos + 2 * sample) += (GUSsample) ((sample1 * PanningPos) 
>> 4);/* right */
-*(bufferpos + 2 * sample + 1) += (GUSsample) ((sample1 * (15 - 
PanningPos)) >> 4); /* left */
+*(bufferpos + 2 * sample) += (int16_t) ((sample1 * PanningPos) 
>> 4);/* right */
+*(bufferpos + 2 * sample + 1) += (int16_t) ((sample1 * (15 - 
PanningPos)) >> 4); /* left */
 }
 /* write back voice and volume */
 GUSvoice(wVSRCurrVol)   = Volume32 / 32;

Re: [Qemu-devel] [PATCH 25/26] audio: un-export OPLResetChip

[Philippe Mathieu-Daudé]

On 04/25/2017 07:37 PM, Juan Quintela wrote:

Signed-off-by: Juan Quintela <quint...@redhat.com>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
 hw/audio/fmopl.c | 2 +-
 hw/audio/fmopl.h | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c
index 99d09c5..dc9043c 100644
--- a/hw/audio/fmopl.c
+++ b/hw/audio/fmopl.c
@@ -1036,7 +1036,7 @@ void YM3812UpdateOne(FM_OPL *OPL, int16_t *buffer, int 
length)
 }

 /* -- reset one of chip -- */
-void OPLResetChip(FM_OPL *OPL)
+static void OPLResetChip(FM_OPL *OPL)
 {
int c,s;
int i;
diff --git a/hw/audio/fmopl.h b/hw/audio/fmopl.h
index f89af08..fc9f16b 100644
--- a/hw/audio/fmopl.h
+++ b/hw/audio/fmopl.h
@@ -95,7 +95,6 @@ FM_OPL *OPLCreate(int clock, int rate);
 void OPLDestroy(FM_OPL *OPL);
 void OPLSetTimerHandler(FM_OPL *OPL,OPL_TIMERHANDLER TimerHandler,int 
channelOffset);

-void OPLResetChip(FM_OPL *OPL);
 int OPLWrite(FM_OPL *OPL,int a,int v);
 unsigned char OPLRead(FM_OPL *OPL,int a);
 int OPLTimerOver(FM_OPL *OPL,int c);

Re: [Qemu-devel] [PATCH 26/26] audio: Use ARRAY_SIZE from qemu/osdep.h

[Philippe Mathieu-Daudé]

On 04/25/2017 07:37 PM, Juan Quintela wrote:

Signed-off-by: Juan Quintela <quint...@redhat.com>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
 hw/audio/fmopl.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/audio/fmopl.c b/hw/audio/fmopl.c
index dc9043c..202f752 100644
--- a/hw/audio/fmopl.c
+++ b/hw/audio/fmopl.c
@@ -34,15 +34,11 @@
 #include 
 //#include "driver.h"/* use M.A.M.E. */
 #include "fmopl.h"
-
+#include "qemu/osdep.h"
 #ifndef PI
 #define PI 3.14159265358979323846
 #endif

-#ifndef ARRAY_SIZE
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#endif
-
 /*  for debug - */
 /* #define OPL_OUTPUT_LOG */
 #ifdef OPL_OUTPUT_LOG

Re: [Qemu-devel] [PATCH v2] scripts: Switch to more portable Perl shebang

[Philippe Mathieu-Daudé]

On 04/26/2017 10:16 AM, Kamil Rytarowski wrote:

The default NetBSD package manager is pkgsrc and it installs Perl
along other third party programs under custom and configurable prefix.
The default prefix for binary prebuilt packages is /usr/pkg, and the
Perl executable lands in /usr/pkg/bin/perl.

This change switches "/usr/bin/perl" to "/usr/bin/env perl" as it's
the most portable solution that should work for almost everybody.
Perl's executable is detected automatically.

This change switches -w option passed to the executable with more
modern "use warnings;" approach. There is no functional change to the
default behavior.

Signed-off-by: Kamil Rytarowski <n...@gmx.com>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
 scripts/checkpatch.pl   | 3 ++-
 scripts/clean-header-guards.pl  | 3 ++-
 scripts/cleanup-trace-events.pl | 2 +-
 scripts/disas-objdump.pl| 4 +++-
 scripts/get_maintainer.pl   | 3 ++-
 scripts/shaderinclude.pl| 2 +-
 scripts/switch-timer-api| 2 +-
 scripts/texi2pod.pl | 4 +++-
 8 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index f084542934..3bb6fc95bd 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env perl
 # (c) 2001, Dave Jones. (the file handling bit)
 # (c) 2005, Joel Schopp <jsch...@austin.ibm.com> (the ugly bit)
 # (c) 2007,2008, Andy Whitcroft <a...@uk.ibm.com> (new conditions, test suite)
@@ -6,6 +6,7 @@
 # Licensed under the terms of the GNU GPL License version 2

 use strict;
+use warnings;

 my $P = $0;
 $P =~ s@.*/@@g;
diff --git a/scripts/clean-header-guards.pl b/scripts/clean-header-guards.pl
index 54ab99ae29..5e67f1998c 100755
--- a/scripts/clean-header-guards.pl
+++ b/scripts/clean-header-guards.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env perl
 #
 # Clean up include guards in headers
 #
@@ -28,6 +28,7 @@
 #   "cc -E -DGUARD_H -c -P -", and fed the test program on stdin.

 use strict;
+use warnings;
 use Getopt::Std;

 # Stuff we don't want to clean because we import it into our tree:
diff --git a/scripts/cleanup-trace-events.pl b/scripts/cleanup-trace-events.pl
index 7e808efb6a..e93abc00da 100755
--- a/scripts/cleanup-trace-events.pl
+++ b/scripts/cleanup-trace-events.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 # Copyright (C) 2013 Red Hat, Inc.
 #
 # Authors:
diff --git a/scripts/disas-objdump.pl b/scripts/disas-objdump.pl
index 8f7e8182a1..bec905f04b 100755
--- a/scripts/disas-objdump.pl
+++ b/scripts/disas-objdump.pl
@@ -1,4 +1,6 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env perl
+
+use warnings;

 use File::Temp qw/ tempfile /;
 use Getopt::Long;
diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
index 8261bcb1ad..d7c2311123 100755
--- a/scripts/get_maintainer.pl
+++ b/scripts/get_maintainer.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/env perl
 # (c) 2007, Joe Perches <j...@perches.com>
 #   created from checkpatch.pl
 #
@@ -11,6 +11,7 @@
 # Licensed under the terms of the GNU GPL License version 2

 use strict;
+use warnings;

 my $P = $0;
 my $V = '0.26';
diff --git a/scripts/shaderinclude.pl b/scripts/shaderinclude.pl
index 81b5146332..cd3bb40b12 100644
--- a/scripts/shaderinclude.pl
+++ b/scripts/shaderinclude.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 use strict;
 use warnings;

diff --git a/scripts/switch-timer-api b/scripts/switch-timer-api
index b0e230b9f1..41736d11dd 100755
--- a/scripts/switch-timer-api
+++ b/scripts/switch-timer-api
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl

 use strict;
 use warnings;
diff --git a/scripts/texi2pod.pl b/scripts/texi2pod.pl
index 6e8fec41a1..39ce584a32 100755
--- a/scripts/texi2pod.pl
+++ b/scripts/texi2pod.pl
@@ -1,4 +1,4 @@
-#! /usr/bin/perl -w
+#! /usr/bin/env perl

 #   Copyright (C) 1999, 2000, 2001, 2003 Free Software Foundation, Inc.

@@ -22,6 +22,8 @@
 # markup to Perl POD format.  It's intended to be used to extract
 # something suitable for a manpage from a Texinfo document.

+use warnings;
+
 $output = 0;
 $skipping = 0;
 %sects = ();

Re: [Qemu-devel] [PATCH v11 1/9] qemu-io: Improve alignment checks

[Philippe Mathieu-Daudé]

On 04/29/2017 04:14 PM, Eric Blake wrote:

Several copy-and-pasted alignment checks exist in qemu-io, which
could use some minor improvements:

- Manual comparison against 0x1ff is not as clean as using our
alignment macros (QEMU_IS_ALIGNED) from osdep.h.

- The error messages aren't quite grammatically correct.

Suggested-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Suggested-by: Max Reitz <mre...@redhat.com>
Signed-off-by: Eric Blake <ebl...@redhat.com>



Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
v11: retitle [was "qemu-io: Don't open-code QEMU_IS_ALIGNED"], improve
error messages
v10: new patch
---
 qemu-io-cmds.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 21af9e6..6a0024b 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -740,13 +740,13 @@ static int read_f(BlockBackend *blk, int argc, char 
**argv)
 }

 if (bflag) {
-if (offset & 0x1ff) {
-printf("offset %" PRId64 " is not sector aligned\n",
+if (!QEMU_IS_ALIGNED(offset, BDRV_SECTOR_SIZE)) {
+printf("%" PRId64 " is not a sector-aligned value for 'offset'\n",
offset);
 return 0;
 }
-if (count & 0x1ff) {
-printf("count %"PRId64" is not sector aligned\n",
+if (!QEMU_IS_ALIGNED(count, BDRV_SECTOR_SIZE)) {
+printf("%"PRId64" is not a sector-aligned value for 'count'\n",
count);
 return 0;
 }
@@ -1050,14 +1050,14 @@ static int write_f(BlockBackend *blk, int argc, char 
**argv)
 }

 if (bflag || cflag) {
-if (offset & 0x1ff) {
-printf("offset %" PRId64 " is not sector aligned\n",
+if (!QEMU_IS_ALIGNED(offset, BDRV_SECTOR_SIZE)) {
+printf("%" PRId64 " is not a sector-aligned value for 'offset'\n",
offset);
 return 0;
 }

-if (count & 0x1ff) {
-printf("count %"PRId64" is not sector aligned\n",
+if (!QEMU_IS_ALIGNED(count, BDRV_SECTOR_SIZE)) {
+printf("%"PRId64" is not a sector-aligned value for 'count'\n",
count);
 return 0;
 }
@@ -1769,8 +1769,8 @@ static int alloc_f(BlockBackend *blk, int argc, char 
**argv)
 if (offset < 0) {
 print_cvtnum_err(offset, argv[1]);
 return 0;
-} else if (offset & 0x1ff) {
-printf("offset %" PRId64 " is not sector aligned\n",
+} else if (!QEMU_IS_ALIGNED(offset, BDRV_SECTOR_SIZE)) {
+printf("%" PRId64 " is not a sector-aligned value for 'offset'\n",
offset);
 return 0;
 }

Re: [Qemu-devel] [Qemu-arm] [PATCH 4/8] boards.h: Define new flag ignore_memory_transaction_failures

[Philippe Mathieu-Daudé]

On 08/04/2017 02:20 PM, Peter Maydell wrote:

Define a new MachineClass field ignore_memory_transaction_failures.
If this is flag is true then the CPU will ignore memory transaction
failures which should cause the CPU to take an exception due to an
access to an unassigned physical address; the transaction will
instead return zero (for a read) or be ignored (for a write).  This
should be set only by legacy board models which rely on the old
RAZ/WI behaviour for handling devices that QEMU does not yet model.
New board models should instead use "unimplemented-device" for all
memory ranges where the guest will attempt to probe for a device that
QEMU doesn't implement and a stub device is required.


This is a very good idea. At least it will help understanding why not 
all firmwares compiled for the same board can boot.


Since create_unimplemented_device() register overlapped with low 
priority, why not register it as default device directly, over the whole 
address space?




We need this for ARM boards, where we're about to implement support for
generating external aborts on memory transaction failures. Too many
of our legacy board models rely on the RAZ/WI behaviour and we
would break currently working guests when their "probe for device"
code provoked an external abort rather than a RAZ.


I think some firmware will give some surprises, those probing device is 
not here and expect RAZ/WI. I remember some fw probing PCI space, or 
enumerating CS this way for ex.


RAZ/WI is a bus-feature, this is also bus-dependent to reply with abort 
or behave RAZ/WI. Maybe the effort should be done on how model/use buses 
in QEMU? Bus device would be an alias of unimplemented_device, which 
current purpose is more debugging than avoiding unassigned physical 
access aborts.


I'm pretty sure this library setup probes for unassigned access 
installing an handler and checking it got hit, in this case (ab)using 
unimplemented_device would prevent this firmware to boot:

http://www.ti.com/ww/en/functional_safety/safeti/index.html
(I might have self-answered my first question)



Signed-off-by: Peter Maydell 
---
  include/hw/boards.h | 11 +++
  include/qom/cpu.h   |  7 ++-
  qom/cpu.c   |  7 +++
  3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 3363dd1..7f044d1 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -131,6 +131,16 @@ typedef struct {
   *size than the target architecture's minimum. (Attempting to create
   *such a CPU will fail.) Note that changing this is a migration
   *compatibility break for the machine.
+ * @ignore_memory_transaction_failures:
+ *If this is flag is true then the CPU will ignore memory transaction
+ *failures which should cause the CPU to take an exception due to an
+ *access to an unassigned physical address; the transaction will instead
+ *return zero (for a read) or be ignored (for a write). This should be
+ *set only by legacy board models which rely on the old RAZ/WI behaviour
+ *for handling devices that QEMU does not yet model. New board models
+ *should instead use "unimplemented-device" for all memory ranges where
+ *the guest will attempt to probe for a device that QEMU doesn't
+ *implement and a stub device is required.
   */
  struct MachineClass {
  /*< private >*/
@@ -171,6 +181,7 @@ struct MachineClass {
  bool rom_file_has_mr;
  int minimum_page_bits;
  bool has_hotpluggable_cpus;
+bool ignore_memory_transaction_failures;
  int numa_mem_align_shift;
  void (*numa_auto_assign_ram)(MachineClass *mc, NodeInfo *nodes,
   int nb_nodes, ram_addr_t size);
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index fc54d55..8cff86f 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -311,6 +311,9 @@ struct qemu_work_item;
   * @trace_dstate_delayed: Delayed changes to trace_dstate (includes all 
changes
   *to @trace_dstate).
   * @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask).
+ * @ignore_memory_transaction_failures: Cached copy of the MachineState
+ *flag of the same name: allows the board to suppress calling of the
+ *CPU do_transaction_failed hook function.
   *
   * State of one CPU core or thread.
   */
@@ -397,6 +400,8 @@ struct CPUState {
   */
  bool throttle_thread_scheduled;
  
+bool ignore_memory_transaction_failures;

+
  /* Note that this is accessed at the start of every TB via a negative
 offset from AREG0.  Leave this field at the end so as to make the
 (absolute value) offset as small as possible.  This reduces code
@@ -853,7 +858,7 @@ static inline void cpu_transaction_failed(CPUState *cpu, 
hwaddr physaddr,
  {
  CPUClass *cc = CPU_GET_CLASS(cpu);
  
-if (cc->do_transaction_failed) {

+if (!cpu->ignore_memory_transaction_failures && 

Re: [Qemu-devel] [PATCH v2] xen-disk: use g_new0 to fix build

[Philippe Mathieu-Daudé]

Hi Olaf,

On 07/28/2017 10:11 AM, Olaf Hering wrote:

g_malloc0_n is available since glib-2.24. To allow build with older glib
versions use the generic g_new0, which is already used in many other
places in the code.


Can you provide information about which 
distrib/release/version/[packages?] you used? So we might add the same 
setup in QEMU continuous integration system.


Thank,

Phil.



Fixes commit 3284fad728 ("xen-disk: add support for multi-page shared rings")

Signed-off-by: Olaf Hering 
---
  hw/block/xen_disk.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index d42ed7070d..536e2ee735 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -1232,7 +1232,7 @@ static int blk_connect(struct XenDevice *xendev)
  return -1;
  }
  
-domids = g_malloc0_n(blkdev->nr_ring_ref, sizeof(uint32_t));

+domids = g_new0(uint32_t, blkdev->nr_ring_ref);
  for (i = 0; i < blkdev->nr_ring_ref; i++) {
  domids[i] = blkdev->xendev.dom;
  }

Re: [Qemu-devel] [PATCH for-2.10 2/2] target/s390x: Fix CSST for 16-byte store

[Philippe Mathieu-Daudé]

On 07/28/2017 03:50 PM, Richard Henderson wrote:

Found by Coverity.


"Found by Coverity (CID 1378273)."


Reported-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Richard Henderson <r...@twiddle.net>


Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>


---
  target/s390x/mem_helper.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index cdc78aa3d4..c71dce4b1e 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1580,6 +1580,7 @@ uint32_t HELPER(csst)(CPUS390XState *env, uint32_t r3, 
uint64_t a1, uint64_t a2)
  cpu_stq_data_ra(env, a2 + 0, svh, ra);
  cpu_stq_data_ra(env, a2 + 8, svl, ra);
  }
+break;
  default:
  g_assert_not_reached();
  }

Re: [Qemu-devel] [Qemu-arm] [PATCH for-2.10 2/5] target/arm: Don't allow guest to make System space executable for M profile

[Philippe Mathieu-Daudé]

On 07/28/2017 05:51 AM, Peter Maydell wrote:

On 28 July 2017 at 00:59, Philippe Mathieu-Daudé <f4...@amsat.org> wrote:

Hi Peter,

On 07/27/2017 07:59 AM, Peter Maydell wrote:


For an M profile v7PMSA, the system space (0xe000 - 0x) can
never be executable, even if the guest tries to set the MPU registers
up that way. Enforce this restriction.

Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
   target/arm/helper.c | 16 +++-
   1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ceef225..169c361 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8251,6 +8251,14 @@ static inline bool is_ppb_region(CPUARMState *env,
uint32_t address)
   extract32(address, 20, 12) == 0xe00;
   }




I wonder if these should renamed pmsav7_is_ppb_region() and
pmsav7_is_system_region().


Yeah, perhaps better; I'm never quite sure how much disambiguation
to put in to file-local function names. Maybe m_is_ppb_region()?
PPB and system region are M profile concepts, not PMSAv7 ones.
That doesn't seem any clearer than where we started though :-(


m_is_ppb_region() isn't bad.




+static inline bool is_system_region(CPUARMState *env, uint32_t address)
+{
+/* True if address is in the M profile system region
+ * 0xe000 - 0x
+ */
+return arm_feature(env, ARM_FEATURE_M) && extract32(address, 29, 3)
== 0x7;
+}
+
   static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
int access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, int *prot, uint32_t
*fsr)
@@ -8354,6 +8362,12 @@ static bool get_phys_addr_pmsav7(CPUARMState *env,
uint32_t address,
   get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
   } else { /* a MPU hit! */
   uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);



Maybe names access_perms/execute_never are easier to read..


Following existing practice in the LPAE code, we use the
field names that the architecture spec uses.


I see, but below xn has an helpful comment /* execute never */ that 
eases code review, maybe add both comment on declaration.





+uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
+



clear MemManage exceptions:

*fsr &= ~0xff;



+if (is_system_region(env, address)) {
+/* System space is always execute never */
+xn = 1;



} else {
xn = extract32(env->pmsav7.dracr[n], 12, 1);


+}
 if (is_user) { /* User mode AP bit decoding */
   switch (ap) {
@@ -8394,7 +8408,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env,
uint32_t address,
   }
 /* execute never */
-if (env->pmsav7.dracr[n] & (1 << 12)) {
+if (xn) {
   *prot &= ~PAGE_EXEC;



and here we now can set eXecuteNever violation:

 *fsr |= R_V7M_CFSR_IACCVIOL_MASK;


No, *fsr is not an M profile CFSR, it's an A/R profile short
descriptor format fault status value (because on R profile
that's what it will be used as, and M profile is using the
same MPU handling code here). We do the conversion in
arm_v7m_cpu_do_interrupt(), where we look at the exception_index
and the exception.fsr to identify what CFSR bits to set.



Ok I missed that, thank for correcting me.


   }
   }


 }
 *fsr = 0x00d; /* Permission fault */

I don't understand this mask, I don't have bit [2] defined in my datashit,
maybe it was expected to turn on exception Entry/Return which I have defined
as bits 4 and 3 respectively, so I'd rather see here:

 *fsr |= R_V7M_CFSR_MUNSTKERR_MASK | R_V7M_CFSR_MSTKERR_MASK;


See above, *fsr isn't a v7m CFSR.


Yes, 0x00d is Permission fault using short-descriptor translation.

So:
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>



thanks
-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH for-2.10 3/5] target/arm: Rename cp15.c6_rgnr to pmsav7.rnr

[Philippe Mathieu-Daudé]

On 07/28/2017 05:42 AM, Peter Maydell wrote:

On 27 July 2017 at 23:58, Philippe Mathieu-Daudé <f4...@amsat.org> wrote:

On 07/27/2017 07:43 PM, Philippe Mathieu-Daudé wrote:


On 07/27/2017 07:59 AM, Peter Maydell wrote:


[...]


-u32p += env->cp15.c6_rgnr;
+u32p += env->pmsav7.rnr;
   tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
   *u32p = value;
   }
@@ -2447,7 +2447,7 @@ static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
 .readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn =
pmsav7_reset },
   { .name = "RGNR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 2, .opc2 =
0,



"RGNR" -> "RNR"



Ah "RGNR" for -R and "RNR" for -M hmmm... still better keep the name
matching the field, "rnr".


It's a bit awkward, yes -- we're going to get a mismatch one way
or the other.

In this patch I wanted only to change the field name, not
anything else (it's already a bit borderline for 2.10).


Fine by me for what's worth. So either ways:
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>



thanks
-- PMM

Re: [Qemu-devel] [PATCH] 9pfs: include for XATTR_SIZE_MAX

[Philippe Mathieu-Daudé]

On Mon, Jun 26, 2017 at 12:20 PM, Patrick Steinhardt  wrote:

The function `v9fs_xattrcreate` makes use of the define `XATTR_SIZE_MAX`
to reject attempts of creating xattrs with an invalid size, which is
defined in . On glibc-based systems, this header is
indirectly included via , ,
, but on other platforms this is not guaranteed due
to not being part of the POSIX standard. One examples are systems based
on musl libc, which do not include the  indirectly,
which leads to `XATTR_SIZE_MAX` being undefined.

Fix this error by directly include . As the 9P fs code
is being Linux-based either way, we can simply do so without breaking
other platforms. This enables building 9pfs on musl-based systems.

Signed-off-by: Patrick Steinhardt 

Reviewed-by: Alistair Francis 

---
  hw/9pfs/9p.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 96d2683348..48cd558e96 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -13,6 +13,7 @@

  #include "qemu/osdep.h"
  #include 


This is likely to break on BSD, but now than patchew has a NetBSD job 
you can trigger a build RESENDing this patch.


This should probably work:

#ifdef __linux__


+#include 


#endif


  #include "hw/virtio/virtio.h"
  #include "qapi/error.h"
  #include "qemu/error-report.h"
--
2.13.2


Regards,

Phil.

[Qemu-devel] [PATCH for 2.10] hw/mps2_scc: fix incorrect properties

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
sorry, I missed them in my review :(

 hw/misc/mps2-scc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
index cc58d26f29..32be2a9df1 100644
--- a/hw/misc/mps2-scc.c
+++ b/hw/misc/mps2-scc.c
@@ -270,9 +270,9 @@ static Property mps2_scc_properties[] = {
 /* Values for various read-only ID registers (which are specific
  * to the board model or FPGA image)
  */
-DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, aid, 0),
+DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, cfg4, 0),
 DEFINE_PROP_UINT32("scc-aid", MPS2SCC, aid, 0),
-DEFINE_PROP_UINT32("scc-id", MPS2SCC, aid, 0),
+DEFINE_PROP_UINT32("scc-id", MPS2SCC, id, 0),
 /* These are the initial settings for the source clocks on the board.
  * In hardware they can be configured via a config file read by the
  * motherboard configuration controller to suit the FPGA image.
-- 
2.13.3

[Qemu-devel] [PATCH 3/4] docker: install more packages on CentOS to extend code coverage

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 tests/docker/dockerfiles/centos6.docker | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/tests/docker/dockerfiles/centos6.docker 
b/tests/docker/dockerfiles/centos6.docker
index 8588a12eab..f6aae13f29 100644
--- a/tests/docker/dockerfiles/centos6.docker
+++ b/tests/docker/dockerfiles/centos6.docker
@@ -2,17 +2,27 @@ FROM centos:6
 RUN yum install -y epel-release centos-release-xen
 ENV PACKAGES \
 bison \
+bzip2-devel \
 ccache \
+csnappy-devel \
 flex \
 g++ \
 gcc \
 git \
 glib2-devel \
+libepoxy-devel \
 libfdt-devel \
+librdmacm-devel \
+lzo-devel \
 make \
+mesa-libEGL-devel \
+mesa-libgbm-devel \
 pixman-devel \
 SDL-devel \
+spice-glib-devel \
+spice-server-devel \
 tar \
+vte-devel \
 xen-devel \
 zlib-devel
 RUN yum install -y $PACKAGES
-- 
2.13.3

[Qemu-devel] [PATCH 0/4] docker: improve code coverage on CentOS images

[Philippe Mathieu-Daudé]

This series installs more packages to docker images to extend CI code
coverage.

Debian already have those but these images are only used on Shippable.
Extending CentOS images could improve patchew, and local user not custom to
Debian.

The first idea was to add Suse images but only OpenSUSE 13.2 is available on
DockerHub and the problem reported on [1] is using SUSE SLE11.

Regards,

Phil.

[1] http://lists.nongnu.org/archive/html/qemu-devel/2017-07/msg08993.html

Philippe Mathieu-Daudé (4):
  docker: use one package per line in CentOS config
  docker: add Xen libs to centos6 image
  docker: install more packages on CentOS to extend code coverage
  docker: add centos7 image

 tests/docker/dockerfiles/centos6.docker | 31 ++-
 tests/docker/dockerfiles/centos7.docker | 31 +++
 2 files changed, 57 insertions(+), 5 deletions(-)
 create mode 100644 tests/docker/dockerfiles/centos7.docker

-- 
2.13.3

[Qemu-devel] [PATCH 4/4] docker: add centos7 image

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 tests/docker/dockerfiles/centos7.docker | 31 +++
 1 file changed, 31 insertions(+)
 create mode 100644 tests/docker/dockerfiles/centos7.docker

diff --git a/tests/docker/dockerfiles/centos7.docker 
b/tests/docker/dockerfiles/centos7.docker
new file mode 100644
index 00..0b59aa2f26
--- /dev/null
+++ b/tests/docker/dockerfiles/centos7.docker
@@ -0,0 +1,31 @@
+FROM centos:7
+RUN yum install -y epel-release centos-release-xen
+RUN yum -y update
+ENV PACKAGES \
+bison \
+bzip2-devel \
+ccache \
+csnappy-devel \
+flex \
+g++ \
+gcc \
+git \
+glib2-devel \
+libepoxy-devel \
+libfdt-devel \
+librdmacm-devel \
+lzo-devel \
+make \
+mesa-libEGL-devel \
+mesa-libgbm-devel \
+pixman-devel \
+SDL-devel \
+spice-glib-devel \
+spice-server-devel \
+tar \
+vte-devel \
+xen-devel \
+zlib-devel
+RUN yum install -y $PACKAGES
+RUN rpm -q $PACKAGES | sort > /packages.txt
+
-- 
2.13.3

Re: [Qemu-devel] [PATCH v2 5/5] Convert single line fprintf() to warn_report()

[Philippe Mathieu-Daudé]

Hi Alistair,

On 07/28/2017 07:16 PM, Alistair Francis wrote:

Convert any remaining uses of fprintf(stderr, "warning:"...
to use warn_report() instead. This helps standardise on a single
method of printing warnings to the user.

All of the warnings were changed using this command:
   find ./* -type f -exec sed -i 's|fprintf(.*".*warning[,:] |warn_report("|Ig' 
{} +

The #include lines and chagnes to the test Makefile were manually
updated to allow the code to compile.

Signed-off-by: Alistair Francis 
---

  tests/Makefile.include | 4 ++--
  util/cutils.c  | 3 ++-
  2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 7af278db55..4886caf565 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -560,8 +560,8 @@ tests/test-thread-pool$(EXESUF): tests/test-thread-pool.o 
$(test-block-obj-y)
  tests/test-iov$(EXESUF): tests/test-iov.o $(test-util-obj-y)
  tests/test-hbitmap$(EXESUF): tests/test-hbitmap.o $(test-util-obj-y) 
$(test-crypto-obj-y)
  tests/test-x86-cpuid$(EXESUF): tests/test-x86-cpuid.o
-tests/test-xbzrle$(EXESUF): tests/test-xbzrle.o migration/xbzrle.o 
migration/page_cache.o $(test-util-obj-y)
+tests/test-xbzrle$(EXESUF): tests/test-xbzrle.o migration/xbzrle.o 
migration/page_cache.o $(test-qom-obj-y)


I don't understand what was not working in the previous line.


-tests/test-cutils$(EXESUF): tests/test-cutils.o util/cutils.o
+tests/test-cutils$(EXESUF): tests/test-cutils.o util/cutils.o $(test-qom-obj-y)


Here adding $(util-obj-y) should be enough.

But I did not test it :P

Regards,

Phil.


  tests/test-int128$(EXESUF): tests/test-int128.o
  tests/rcutorture$(EXESUF): tests/rcutorture.o $(test-util-obj-y)
  tests/test-rcu-list$(EXESUF): tests/test-rcu-list.o $(test-util-obj-y)
diff --git a/util/cutils.c b/util/cutils.c
index 1534682083..b33ede83d1 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -30,6 +30,7 @@
  #include "qemu/iov.h"
  #include "net/net.h"
  #include "qemu/cutils.h"
+#include "qemu/error-report.h"
  
  void strpadcpy(char *buf, int buf_size, const char *str, char pad)

  {
@@ -601,7 +602,7 @@ int parse_debug_env(const char *name, int max, int initial)
  return initial;
  }
  if (debug < 0 || debug > max || errno != 0) {
-fprintf(stderr, "warning: %s not in [0, %d]", name, max);
+warn_report("%s not in [0, %d]", name, max);
  return initial;
  }
  return debug;

[Qemu-devel] [PATCH 2/4] docker: add Xen libs to centos6 image

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 tests/docker/dockerfiles/centos6.docker | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/centos6.docker 
b/tests/docker/dockerfiles/centos6.docker
index 9b91e832c2..8588a12eab 100644
--- a/tests/docker/dockerfiles/centos6.docker
+++ b/tests/docker/dockerfiles/centos6.docker
@@ -1,5 +1,5 @@
 FROM centos:6
-RUN yum install -y epel-release
+RUN yum install -y epel-release centos-release-xen
 ENV PACKAGES \
 bison \
 ccache \
@@ -13,6 +13,7 @@ ENV PACKAGES \
 pixman-devel \
 SDL-devel \
 tar \
+xen-devel \
 zlib-devel
 RUN yum install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.13.3

[Qemu-devel] make check-help not working

[Philippe Mathieu-Daudé]

I'm a bit lost with this error:

(master)$ make check-help V=1
cc -nostdlib  -o check-help.mo
cc: fatal error: no input files
compilation terminated.
rules.mak:115: recipe for target 'check-help.mo' failed
make: *** [check-help.mo] Error 1

Phil.

Re: [Qemu-devel] [RFC PATCH 46/47] MAINTAINERS: add missing entries for Coccinelle scripts

[Philippe Mathieu-Daudé]

On 07/28/2017 08:50 AM, Paolo Bonzini wrote:

On 28/07/2017 08:24, Fam Zheng wrote:

On Fri, 07/28 02:36, Philippe Mathieu-Daudé wrote:

diff --git a/MAINTAINERS b/MAINTAINERS
index 224890643d..7854792765 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1537,6 +1537,12 @@ Checkpatch
  S: Odd Fixes
  F: scripts/checkpatch.pl
  
+Coccinelle scripts

+R: Philippe Mathieu-Daudé <f4...@amsat.org>
+S: Orphan


"Orphan" sounds like we don't care much anymore but I suppose this is not the
case. But I don't have any better idea either.


M: Mail patches to: FullName <address@domain>
R: Designated reviewer: FullName <address@domain>

M: is mail of maintainer
R: is mail of reviewer

S: Status, one of the following:

   Maintained:  Someone actually looks after it.
   Odd Fixes:   It has a maintainer but they don't have time
to do much other than throw the odd patch in.
-> Orphan:  No current maintainer

"Orphan" sounds the best fit... Do you want to raise it to "Odd Fixes"? 
This implies having a maintainer... I don't feel confident enough to Ack 
cocci scripts but an incorrect cocci script will not break QEMU so maybe 
I cat take M: for Odd Fixes, and lowering it back to Orphan without 
maintainer is 1 commit easy :)




Just don't add it to the file.  It doesn't have a specific owner.


Paolo you mean don't add the "S: Status" to the MAINTAINERS file, or the 
"F: *cocci*" entries?


Regards,

Phil.



Paolo



Fam


+F: scripts/cocci-macro-file.h
+F: scripts/coccinelle/
+
  Migration
  M: Juan Quintela <quint...@redhat.com>
  M: Dr. David Alan Gilbert <dgilb...@redhat.com>
@@ -1970,4 +1976,3 @@ Build system architecture
  M: Daniel P. Berrange <berra...@redhat.com>
  S: Odd Fixes
  F: docs/devel/build-system.txt

[Qemu-devel] [PATCH v2 for 2.10 3/8] docs: fix broken paths to docs/devel/qapi-code-gen.txt

[Philippe Mathieu-Daudé]

With the move of some docs to docs/interop on ac06724a71, a couple of references
were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 docs/devel/writing-qmp-commands.txt | 2 +-
 include/qapi/visitor.h  | 2 +-
 qapi/introspect.json| 2 +-
 qapi/qapi-util.c| 2 +-
 scripts/qapi2texi.py| 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/devel/writing-qmp-commands.txt 
b/docs/devel/writing-qmp-commands.txt
index 69793e320e..4f5b24c0c4 100644
--- a/docs/devel/writing-qmp-commands.txt
+++ b/docs/devel/writing-qmp-commands.txt
@@ -7,7 +7,7 @@ This document doesn't discuss QMP protocol level details, nor 
does it dive
 into the QAPI framework implementation.
 
 For an in-depth introduction to the QAPI framework, please refer to
-docs/qapi-code-gen.txt. For documentation about the QMP protocol,
+docs/devel/qapi-code-gen.txt. For documentation about the QMP protocol,
 start with docs/interop/qmp-intro.txt.
 
 == Overview ==
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index fe9faf469f..0f3b8cb459 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -36,7 +36,7 @@
  * QemuOpts, and clone visitors have some implementation limitations;
  * see the documentation for each visitor for more details on what it
  * supports.  Also, see visitor-impl.h for the callback contracts
- * implemented by each visitor, and docs/qapi-code-gen.txt for more
+ * implemented by each visitor, and docs/devel/qapi-code-gen.txt for more
  * about the QAPI code generator.
  *
  * All of the visitors are created via:
diff --git a/qapi/introspect.json b/qapi/introspect.json
index 1dbaef56eb..cf77ff0669 100644
--- a/qapi/introspect.json
+++ b/qapi/introspect.json
@@ -226,7 +226,7 @@
 #
 # @members: the alternate type's members, in no particular order.
 #   The members' wire encoding is distinct, see
-#   docs/qapi-code-gen.txt section Alternate types.
+#   docs/devel/qapi-code-gen.txt section Alternate types.
 #
 # On the wire, this can be any of the members.
 #
diff --git a/qapi/qapi-util.c b/qapi/qapi-util.c
index e28dbd0ac3..46eda7d196 100644
--- a/qapi/qapi-util.c
+++ b/qapi/qapi-util.c
@@ -40,7 +40,7 @@ int qapi_enum_parse(const char * const lookup[], const char 
*buf,
  * It may be prefixed by __RFQDN_ (downstream extension), where RFQDN
  * may contain only letters, digits, hyphen and period.
  * The special exception for enumeration names is not implemented.
- * See docs/qapi-code-gen.txt for more on QAPI naming rules.
+ * See docs/devel/qapi-code-gen.txt for more on QAPI naming rules.
  * Keep this consistent with scripts/qapi.py!
  * If @complete, the parse fails unless it consumes @str completely.
  * Return its length on success, -1 on failure.
diff --git a/scripts/qapi2texi.py b/scripts/qapi2texi.py
index 9e015002ef..a317526e51 100755
--- a/scripts/qapi2texi.py
+++ b/scripts/qapi2texi.py
@@ -91,7 +91,7 @@ def texi_format(doc):
 # doesn't.
 #
 # Make sure to update section "Documentation markup" in
-# docs/qapi-code-gen.txt when fixing this.
+# docs/devel/qapi-code-gen.txt when fixing this.
 if line.startswith('| '):
 line = EXAMPLE_FMT(code=line[2:])
 elif line.startswith('= '):
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 5/8] docs: fix broken paths to docs/devel/tracing.txt

[Philippe Mathieu-Daudé]

With the move of some docs/ to docs/devel/ on ac06724a71, no references were
updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
---
 audio/trace-events  | 2 +-
 block/trace-events  | 2 +-
 chardev/trace-events| 2 +-
 crypto/trace-events | 2 +-
 hw/9pfs/trace-events| 2 +-
 hw/acpi/trace-events| 2 +-
 hw/alpha/trace-events   | 2 +-
 hw/arm/trace-events | 2 +-
 hw/audio/trace-events   | 2 +-
 hw/block/dataplane/trace-events | 2 +-
 hw/block/trace-events   | 2 +-
 hw/char/trace-events| 2 +-
 hw/display/trace-events | 2 +-
 hw/dma/trace-events | 2 +-
 hw/i386/trace-events| 2 +-
 hw/input/trace-events   | 2 +-
 hw/intc/trace-events| 2 +-
 hw/isa/trace-events | 2 +-
 hw/mem/trace-events | 2 +-
 hw/misc/trace-events| 2 +-
 hw/net/trace-events | 2 +-
 hw/nvram/trace-events   | 2 +-
 hw/pci/trace-events | 2 +-
 hw/ppc/trace-events | 2 +-
 hw/s390x/trace-events   | 2 +-
 hw/scsi/trace-events| 2 +-
 hw/sd/trace-events  | 2 +-
 hw/sparc/trace-events   | 2 +-
 hw/timer/trace-events   | 2 +-
 hw/usb/trace-events | 2 +-
 hw/vfio/trace-events| 2 +-
 hw/virtio/trace-events  | 2 +-
 hw/xen/trace-events | 2 +-
 io/trace-events | 2 +-
 linux-user/trace-events | 2 +-
 migration/trace-events  | 2 +-
 net/trace-events| 2 +-
 qom/trace-events| 2 +-
 scripts/simpletrace.py  | 2 +-
 target/arm/trace-events | 2 +-
 target/i386/trace-events| 2 +-
 target/mips/trace-events| 2 +-
 target/ppc/trace-events | 2 +-
 target/s390x/trace-events   | 2 +-
 target/sparc/trace-events   | 2 +-
 ui/trace-events | 2 +-
 util/trace-events   | 2 +-
 47 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/audio/trace-events b/audio/trace-events
index 517359039e..122604287f 100644
--- a/audio/trace-events
+++ b/audio/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # audio/alsaaudio.c
 alsa_revents(int revents) "revents = %d"
diff --git a/block/trace-events b/block/trace-events
index 4a4df25323..8d10a82941 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # block.c
 bdrv_open_common(void *bs, const char *filename, int flags, const char 
*format_name) "bs %p filename \"%s\" flags %#x format_name \"%s\""
diff --git a/chardev/trace-events b/chardev/trace-events
index 822dde668b..d0e5f3bbc1 100644
--- a/chardev/trace-events
+++ b/chardev/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # chardev/wctablet.c
 wct_init(void) ""
diff --git a/crypto/trace-events b/crypto/trace-events
index dc6ddd30d6..e589990359 100644
--- a/crypto/trace-events
+++ b/crypto/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # crypto/tlscreds.c
 qcrypto_tls_creds_load_dh(void *creds, const char *filename) "TLS creds load 
DH creds=%p filename=%s"
diff --git a/hw/9pfs/trace-events b/hw/9pfs/trace-events
index fb4de3d465..08a4abf22e 100644
--- a/hw/9pfs/trace-events
+++ b/hw/9pfs/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # hw/9pfs/virtio-9p.c
 v9fs_rerror(uint16_t tag, uint8_t id, int err) "tag %d id %d err %d"
diff --git a/hw/acpi/trace-events b/hw/acpi/trace-events
index c379607a3e..e3b41e9df4 100644
--- a/hw/acpi/trace-events
+++ b/hw/acpi/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # hw/acpi/memory_hotplug.c
 mhp_acpi_invalid_slot_selected(uint32_t slot) "0x%"PRIx32
diff --git a/hw/alpha/trace-events b/hw/alpha/trace-events
index e44ff01a09..46024cca0b 100644
--- a/hw/alpha/trace-events
+++ b/hw/alpha/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # hw/alpha/pci.c
 alpha_pci_iack_write(void) ""
diff --git a/hw/arm/trace-events b/hw/arm/trace-events
index d5f33a2a03..193063ed99 100644
--- a/hw/arm/trace-events
+++ b/hw/arm/trace-events
@@ -1,4 +1,4 @@
-# See docs/tracing.txt for syntax documentation.
+# See docs/devel/tracing.txt for syntax documentation.
 
 # hw/a

[Qemu-devel] [PATCH v2 for 2.10 7/8] docs: fix broken paths to docs/specs/ivshmem-spec.txt

[Philippe Mathieu-Daudé]

When this file was rewritten/renamed in fdee2025dd, a reference path was not
updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 docs/specs/pci-ids.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/specs/pci-ids.txt b/docs/specs/pci-ids.txt
index 95adee07d6..bb99a0257e 100644
--- a/docs/specs/pci-ids.txt
+++ b/docs/specs/pci-ids.txt
@@ -40,7 +40,7 @@ maintained as part of the virtio specification.
 1af4:1100  Used as PCI Subsystem ID for existing hardware devices emulated
by qemu.
 
-1af4:1110  ivshmem device (shared memory, docs/specs/ivshmem_device_spec.txt)
+1af4:1110  ivshmem device (shared memory, docs/specs/ivshmem-spec.txt)
 
 All other device IDs are reserved.
 
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 0/8] docs: fix broken paths

[Philippe Mathieu-Daudé]

Hi Michael, you already applied this series to -trivial, however I updated the
commits message, not requested but not a heavy task to do neither. Since you
didn't not sent PR yet, if you mind can you take those instead? Else it's not
a big deal. Thanks!

v2:
- fixed what I misunderstood Eric said,
- fixed shell command using Eric feedback,
- added commit id of the change that introduce the invalid reference in the
  commit message.

following Cleber Rosa example I cleaned more invalid references.

Eric said "this doesn't change code and doc updates are find during freeze,
so this is a GOOD candidate for 2.10; but if it misses 2.10, slipping to 2.11
doesn't hurt." and I agree :)

I used the following command (improved by Eric) which I consider to include
in some CI test job:

$ git grep docs/ \
| sed -ne "s/.* \(docs[^ :)}\"\']*\).*/\1/p" \
| sed -e 's/\(.*\)\.$/\1/p' \
| sort -u \
| xargs ls -d >/dev/null

Regards,

Phil.

Cleber Rosa (1):
  docs: fix broken paths to docs/interop dir

Philippe Mathieu-Daudé (7):
  docs: fix broken paths to docs/interop/qcow2.txt
  docs: fix broken paths to docs/devel/qapi-code-gen.txt
  docs: fix broken paths to docs/devel/atomics.txt
  docs: fix broken paths to docs/devel/tracing.txt
  docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg
  docs: fix broken paths to docs/specs/ivshmem-spec.txt
  docs: fix broken paths to docs/spin/

 audio/trace-events  | 2 +-
 block/trace-events  | 2 +-
 chardev/trace-events| 2 +-
 crypto/trace-events | 2 +-
 docs/devel/lockcnt.txt  | 2 +-
 docs/devel/writing-qmp-commands.txt | 4 ++--
 docs/qcow2-cache.txt| 2 +-
 docs/specs/pci-ids.txt  | 2 +-
 docs/spin/aio_notify.promela| 6 +++---
 docs/spin/aio_notify_accept.promela | 4 ++--
 docs/spin/aio_notify_bug.promela| 4 ++--
 docs/spin/tcg-exclusive.promela | 2 +-
 docs/usb2.txt   | 2 +-
 hw/9pfs/trace-events| 2 +-
 hw/acpi/trace-events| 2 +-
 hw/alpha/trace-events   | 2 +-
 hw/arm/trace-events | 2 +-
 hw/audio/trace-events   | 2 +-
 hw/block/dataplane/trace-events | 2 +-
 hw/block/trace-events   | 2 +-
 hw/char/trace-events| 2 +-
 hw/display/trace-events | 2 +-
 hw/dma/trace-events | 2 +-
 hw/i386/trace-events| 2 +-
 hw/input/trace-events   | 2 +-
 hw/intc/trace-events| 2 +-
 hw/isa/trace-events | 2 +-
 hw/mem/trace-events | 2 +-
 hw/misc/trace-events| 2 +-
 hw/net/trace-events | 2 +-
 hw/nvram/trace-events   | 2 +-
 hw/pci/trace-events | 2 +-
 hw/ppc/trace-events | 2 +-
 hw/s390x/trace-events   | 2 +-
 hw/scsi/trace-events| 2 +-
 hw/sd/trace-events  | 2 +-
 hw/sparc/trace-events   | 2 +-
 hw/timer/trace-events   | 2 +-
 hw/usb/trace-events | 2 +-
 hw/vfio/trace-events| 2 +-
 hw/virtio/trace-events  | 2 +-
 hw/xen/trace-events | 2 +-
 include/block/aio.h | 2 +-
 include/qapi/visitor.h  | 2 +-
 include/qemu/atomic.h   | 4 ++--
 io/trace-events | 2 +-
 linux-user/trace-events | 2 +-
 migration/trace-events  | 2 +-
 net/trace-events| 2 +-
 qapi-schema.json| 4 ++--
 qapi/introspect.json| 2 +-
 qapi/qapi-util.c| 2 +-
 qom/trace-events| 2 +-
 scripts/qapi2texi.py| 2 +-
 scripts/simpletrace.py  | 2 +-
 target/arm/trace-events | 2 +-
 target/i386/trace-events| 2 +-
 target/mips/trace-events| 2 +-
 target/ppc/trace-events | 2 +-
 target/s390x/trace-events   | 2 +-
 target/sparc/trace-events   | 2 +-
 tcg/README  | 2 +-
 ui/trace-events | 2 +-
 util/trace-events   | 2 +-
 64 files changed, 71 insertions(+), 71 deletions(-)

-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 4/8] docs: fix broken paths to docs/devel/atomics.txt

[Philippe Mathieu-Daudé]

With the move of some docs/ to docs/devel/ on ac06724a71, a couple of
references were not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 docs/devel/lockcnt.txt | 2 +-
 include/qemu/atomic.h  | 4 ++--
 tcg/README | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/devel/lockcnt.txt b/docs/devel/lockcnt.txt
index 2a79b3205b..7c099bc6c8 100644
--- a/docs/devel/lockcnt.txt
+++ b/docs/devel/lockcnt.txt
@@ -145,7 +145,7 @@ can also be more efficient in two ways:
 - on some platforms, one can implement QemuLockCnt to hold the lock
   and the mutex in a single word, making the fast path no more expensive
   than simply managing a counter using atomic operations (see
-  docs/atomics.txt).  This can be very helpful if concurrent access to
+  docs/devel/atomics.txt).  This can be very helpful if concurrent access to
   the data structure is expected to be rare.
 
 
diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h
index e07c7972ab..b6b62fb771 100644
--- a/include/qemu/atomic.h
+++ b/include/qemu/atomic.h
@@ -8,7 +8,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  *
- * See docs/atomics.txt for discussion about the guarantees each
+ * See docs/devel/atomics.txt for discussion about the guarantees each
  * atomic primitive is meant to provide.
  */
 
@@ -427,7 +427,7 @@
  * sequentially consistent operations.
  *
  * As long as they are used as paired operations they are safe to
- * use. See docs/atomic.txt for more discussion.
+ * use. See docs/devel/atomics.txt for more discussion.
  */
 
 #ifndef atomic_mb_read
diff --git a/tcg/README b/tcg/README
index bf49e8242b..03bfb6acd4 100644
--- a/tcg/README
+++ b/tcg/README
@@ -446,7 +446,7 @@ when MTTCG is enabled.
 The guest translators should generate this opcode for all guest instructions
 which have ordering side effects.
 
-Please see docs/atomics.txt for more information on memory barriers.
+Please see docs/devel/atomics.txt for more information on memory barriers.
 
 * 64-bit guest on 32-bit host support
 
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 6/8] docs: fix broken paths to docs/config/ich9-ehci-uhci.cfg

[Philippe Mathieu-Daudé]

With the move of some docs/ to docs/devel/ on ac06724a71, a reference path was
not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 docs/usb2.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/usb2.txt b/docs/usb2.txt
index b9e7548073..09df45b5b1 100644
--- a/docs/usb2.txt
+++ b/docs/usb2.txt
@@ -50,7 +50,7 @@ companion controllers with two ports each.
 There is a config file in docs which will do all this for you, just
 try ...
 
-qemu -readconfig docs/ich9-ehci-uhci.cfg
+qemu -readconfig docs/config/ich9-ehci-uhci.cfg
 
 ... then use "bus=ehci.0" to assign your usb devices to that bus.
 
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 2/8] docs: fix broken paths to docs/interop/qcow2.txt

[Philippe Mathieu-Daudé]

With the move of some docs to docs/interop on d59157ea05, a reference path
was not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Kevin Wolf <kw...@redhat.com>
---
 docs/qcow2-cache.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/qcow2-cache.txt b/docs/qcow2-cache.txt
index 1fdd6f9ce7..b0571de4b8 100644
--- a/docs/qcow2-cache.txt
+++ b/docs/qcow2-cache.txt
@@ -15,7 +15,7 @@ not a straightforward operation.
 This document attempts to give an overview of the L2 and refcount
 caches, and how to configure them.
 
-Please refer to the docs/specs/qcow2.txt file for an in-depth
+Please refer to the docs/interop/qcow2.txt file for an in-depth
 technical description of the qcow2 file format.
 
 
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 8/8] docs: fix broken paths to docs/spin/

[Philippe Mathieu-Daudé]

With the move of some docs/ to docs/devel/ on ac06724a71, some references were
not updated.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 docs/spin/aio_notify.promela| 6 +++---
 docs/spin/aio_notify_accept.promela | 4 ++--
 docs/spin/aio_notify_bug.promela| 4 ++--
 docs/spin/tcg-exclusive.promela | 2 +-
 include/block/aio.h | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/spin/aio_notify.promela b/docs/spin/aio_notify.promela
index fccc7ee1c3..a8f032560d 100644
--- a/docs/spin/aio_notify.promela
+++ b/docs/spin/aio_notify.promela
@@ -8,15 +8,15 @@
  * the WTFPL will do.
  *
  * To simulate it:
- * spin -p docs/aio_notify.promela
+ * spin -p docs/spin/aio_notify.promela
  *
  * To verify it:
- * spin -a docs/aio_notify.promela
+ * spin -a docs/spin/aio_notify.promela
  * gcc -O2 pan.c
  * ./a.out -a
  *
  * To verify it (with a bug planted in the model):
- * spin -a -DBUG docs/aio_notify.promela
+ * spin -a -DBUG docs/spin/aio_notify.promela
  * gcc -O2 pan.c
  * ./a.out -a
  */
diff --git a/docs/spin/aio_notify_accept.promela 
b/docs/spin/aio_notify_accept.promela
index 9cef2c955d..491f36a59c 100644
--- a/docs/spin/aio_notify_accept.promela
+++ b/docs/spin/aio_notify_accept.promela
@@ -8,13 +8,13 @@
  * the WTFPL will do.
  *
  * To verify the buggy version:
- * spin -a -DBUG1 docs/aio_notify_bug.promela
+ * spin -a -DBUG1 docs/spin/aio_notify_bug.promela
  * gcc -O2 pan.c
  * ./a.out -a -f
  * (or -DBUG2)
  *
  * To verify the fixed version:
- * spin -a docs/aio_notify_bug.promela
+ * spin -a docs/spin/aio_notify_bug.promela
  * gcc -O2 pan.c
  * ./a.out -a -f
  *
diff --git a/docs/spin/aio_notify_bug.promela b/docs/spin/aio_notify_bug.promela
index b3bfca1ca4..49c69cee3d 100644
--- a/docs/spin/aio_notify_bug.promela
+++ b/docs/spin/aio_notify_bug.promela
@@ -8,12 +8,12 @@
  * the WTFPL will do.
  *
  * To verify the buggy version:
- * spin -a -DBUG docs/aio_notify_bug.promela
+ * spin -a -DBUG docs/spin/aio_notify_bug.promela
  * gcc -O2 pan.c
  * ./a.out -a -f
  *
  * To verify the fixed version:
- * spin -a docs/aio_notify_bug.promela
+ * spin -a docs/spin/aio_notify_bug.promela
  * gcc -O2 pan.c
  * ./a.out -a -f
  *
diff --git a/docs/spin/tcg-exclusive.promela b/docs/spin/tcg-exclusive.promela
index c91cfca9f7..50a084c5c4 100644
--- a/docs/spin/tcg-exclusive.promela
+++ b/docs/spin/tcg-exclusive.promela
@@ -9,7 +9,7 @@
  * the WTFPL will do.
  *
  * To verify it:
- * spin -a docs/tcg-exclusive.promela
+ * spin -a docs/spin/tcg-exclusive.promela
  * gcc pan.c -O2
  * ./a.out -a
  *
diff --git a/include/block/aio.h b/include/block/aio.h
index e9aeeaec94..386d7f24dc 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -104,7 +104,7 @@ struct AioContext {
  *
  * Note that event_notifier_set *cannot* be optimized the same way.  For
  * more information on the problem that would result, see "#ifdef BUG2"
- * in the docs/aio_notify_accept.promela formal model.
+ * in the docs/spin/aio_notify_accept.promela formal model.
  */
 bool notified;
 EventNotifier notifier;
-- 
2.13.3

[Qemu-devel] [PATCH v2 for 2.10 1/8] docs: fix broken paths to docs/interop dir

[Philippe Mathieu-Daudé]

From: Cleber Rosa <cr...@redhat.com>

With the move of some docs to docs/interop on d59157e, a couple of
references were not updated.

Signed-off-by: Cleber Rosa <cr...@redhat.com>
[PMD: fixed a typo and another reference of docs/interop/qmp-spec.txt]
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Eric Blake <ebl...@redhat.com>
---
 docs/devel/writing-qmp-commands.txt | 2 +-
 qapi-schema.json| 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/devel/writing-qmp-commands.txt 
b/docs/devel/writing-qmp-commands.txt
index 1e6375495b..69793e320e 100644
--- a/docs/devel/writing-qmp-commands.txt
+++ b/docs/devel/writing-qmp-commands.txt
@@ -8,7 +8,7 @@ into the QAPI framework implementation.
 
 For an in-depth introduction to the QAPI framework, please refer to
 docs/qapi-code-gen.txt. For documentation about the QMP protocol,
-start with docs/qmp-intro.txt.
+start with docs/interop/qmp-intro.txt.
 
 == Overview ==
 
diff --git a/qapi-schema.json b/qapi-schema.json
index c96f0a26f6..802ea53d00 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -23,7 +23,7 @@
 # | -> data issued by the Client
 # | <- Server data response
 #
-# Please, refer to the QMP specification (docs/qmp-spec.txt) for
+# Please, refer to the QMP specification (docs/interop/qmp-spec.txt) for
 # detailed information on the Server command and response formats.
 #
 # = Stability Considerations
@@ -108,7 +108,7 @@
 #
 # Notes: This command is valid exactly when first connecting: it must be
 # issued before any other command will be accepted, and will fail once the
-# monitor is accepting other commands. (see qemu docs/qmp-spec.txt)
+# monitor is accepting other commands. (see qemu docs/interop/qmp-spec.txt)
 #
 # Since: 0.13
 #
-- 
2.13.3

[Qemu-devel] [PATCH 1/4] docker: use one package per line in CentOS config

[Philippe Mathieu-Daudé]

This ease rebase/cherry-pick, also it is faster to visually find if a package
is here.

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
 tests/docker/dockerfiles/centos6.docker | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/tests/docker/dockerfiles/centos6.docker 
b/tests/docker/dockerfiles/centos6.docker
index 17a4d24d54..9b91e832c2 100644
--- a/tests/docker/dockerfiles/centos6.docker
+++ b/tests/docker/dockerfiles/centos6.docker
@@ -1,8 +1,18 @@
 FROM centos:6
 RUN yum install -y epel-release
-ENV PACKAGES libfdt-devel ccache \
-tar git make gcc g++ flex bison \
-zlib-devel glib2-devel SDL-devel pixman-devel \
-epel-release
+ENV PACKAGES \
+bison \
+ccache \
+flex \
+g++ \
+gcc \
+git \
+glib2-devel \
+libfdt-devel \
+make \
+pixman-devel \
+SDL-devel \
+tar \
+zlib-devel
 RUN yum install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.13.3

Re: [Qemu-devel] [PATCH 39/47] MAINTAINERS: add missing SSI entries

[Philippe Mathieu-Daudé]

On 07/28/2017 08:56 PM, Alistair Francis wrote:

On Thu, Jul 27, 2017 at 10:36 PM, Philippe Mathieu-Daudé
<f4...@amsat.org> wrote:

Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
---
RFC because I'm not sure m25p80 fits.

  MAINTAINERS | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 54e35fdab9..83597fca4e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1010,7 +1010,9 @@ M: Peter Crosthwaite <crosthwaite.pe...@gmail.com>
  S: Maintained
  F: hw/ssi/*
  F: hw/block/m25p80.c
+F: include/hw/ssi/ssi.h
  X: hw/ssi/xilinx_*
+F: tests/m25p80-test.c


I'm not sure if Peter is still maintaining this. Maybe it's worth
adding another Xilinx email in here as well.


you mean yours? M: Alistair Francis <alistair.fran...@xilinx.com> below 
Peter's?




Thanks,
Alistair



  Xilinx SPI
  M: Alistair Francis <alistair.fran...@xilinx.com>
--
2.13.3

Re: [Qemu-devel] [PATCH 1/9] IDE: replace DEBUG_IDE with tracing system

[Philippe Mathieu-Daudé]

On 08/08/2017 05:00 PM, Eric Blake wrote:

On 08/08/2017 01:32 PM, John Snow wrote:

Out with the old, in with the new.

Signed-off-by: John Snow 
---



  hw/ide/piix.c | 11 
  hw/ide/trace-events   | 33 
  hw/ide/via.c  | 10 +++-


Hmm - should we tweak scripts/git.orderfile to prioritize trace-events
over .c files? Then again, right now it prioritizes all .c files before
anything that didn't match, so that things like trace-events will at
least avoid falling in the middle of a patch if you use the project's
orderfile.


It sounds like a good idea, although I'd rather prioritize .c, having 
trace-events at bottom. At least we can agree about top-to-bottom 
scripting here :)

Re: [Qemu-devel] Making QEMU build with Python 3

[Philippe Mathieu-Daudé]

Hi Stefan,

On 08/09/2017 07:16 AM, Stefan Hajnoczi wrote:
[...]> Python scripts needed to build QEMU are the highest priority.  They

are invoked by ./configure or make.  I've identified the following:

scripts/signrom.py
scripts/qapi*.py
scripts/modules/module_block.py
scripts/tracetool*


[...]

The fundamentals of adding Python 3 support are:

1. The script must work correctly under both Python 2.6+ and Python 3.

[...]

3. Avoid third-party package dependencies - QEMU currently has none!


This seems true for the "invoked by ./configure or make" set. However:

scripts/qemu-gdb.py:20:import gdb
scripts/qemugdb/aio.py:13:import gdb
scripts/qemugdb/coroutine.py:16:import gdb
scripts/qemugdb/mtree.py:18:import gdb

I just checked gdb8 and can't confirm python3 build works.

Also another 3rd party (python3 compliant):

scripts/analyze-migration.py:20:import numpy as np

Off-topic but we might document how to install dependencies for those 
scripts?



That means do not use 'six' or 'python-future'.  Our use of Python
isn't that fancy, but if you feel a third party package is essential
the please justify it.

[...]

Regards,

Phil.

Re: [Qemu-devel] [Qemu-arm] [PATCH] watchdog: wdt_aspeed: Add support for the reset width register

[Philippe Mathieu-Daudé]

Hi Andrew,

On 07/31/2017 10:04 PM, Andrew Jeffery wrote:

The reset width register controls how the pulse on the SoC's WDTRST{1,2}
pins behaves. A pulse is emitted if the external reset bit is set in
WDT_CTRL. WDT_RESET_WIDTH requires magic bit patterns to configure both
push-pull/open-drain and active-high/active-low behaviours and thus
needs some special handling in the write path.


I wanted to verify the datashit but it seems to unavailable, looking there:
https://www.verical.com/datasheet/aspeed-technology-inc-interface-misc-ast2050a3-gp-4078885.pdf

Can you point out which cpu model you are modeling and where to get this 
watchdog datashit please? You might also add this to the header, for the 
next one looking at this file :)




Signed-off-by: Andrew Jeffery 
---
I understand that we're in stabilisation mode, but I thought I'd send this out
to provoke any feedback. Happy to resend after the 2.10 release if required.


you can subject it "PATCH for 2.11" so ppl testing/closing 2.10 can keep 
focused but still queue your mail for when 2.10 release is out.




  hw/watchdog/wdt_aspeed.c | 47 +--
  1 file changed, 37 insertions(+), 10 deletions(-)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 8bbe579b6b66..4ef1412e99fc 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -14,10 +14,10 @@
  #include "qemu/timer.h"
  #include "hw/watchdog/wdt_aspeed.h"
  
-#define WDT_STATUS  (0x00 / 4)

-#define WDT_RELOAD_VALUE(0x04 / 4)
-#define WDT_RESTART (0x08 / 4)
-#define WDT_CTRL(0x0C / 4)
+#define WDT_STATUS  (0x00 / 4)
+#define WDT_RELOAD_VALUE(0x04 / 4)
+#define WDT_RESTART (0x08 / 4)
+#define WDT_CTRL(0x0C / 4)
  #define   WDT_CTRL_RESET_MODE_SOC   (0x00 << 5)
  #define   WDT_CTRL_RESET_MODE_FULL_CHIP (0x01 << 5)
  #define   WDT_CTRL_1MHZ_CLK BIT(4)
@@ -25,12 +25,21 @@
  #define   WDT_CTRL_WDT_INTR BIT(2)
  #define   WDT_CTRL_RESET_SYSTEM BIT(1)
  #define   WDT_CTRL_ENABLE   BIT(0)
+#define WDT_RESET_WIDTH (0x18 / 4)
+#define   WDT_RESET_WIDTH_ACTIVE_HIGH   BIT(31)
+#define WDT_POLARITY_MASK   (0xFF << 24)
+#define WDT_ACTIVE_HIGH_MAGIC   (0xA5 << 24)
+#define WDT_ACTIVE_LOW_MAGIC(0x5A << 24)
+#define   WDT_RESET_WIDTH_PUSH_PULL BIT(30)
+#define WDT_DRIVE_TYPE_MASK (0xFF << 24)
+#define WDT_PUSH_PULL_MAGIC (0xA8 << 24)
+#define WDT_OPEN_DRAIN_MAGIC(0x8A << 24)
+#define   WDT_RESET_WIDTH_DURATION  0xFFF;


Which model? the AST2050 seems to be 0xff.

  
-#define WDT_TIMEOUT_STATUS  (0x10 / 4)

-#define WDT_TIMEOUT_CLEAR   (0x14 / 4)
-#define WDT_RESET_WDITH (0x18 / 4)
+#define WDT_TIMEOUT_STATUS  (0x10 / 4)
+#define WDT_TIMEOUT_CLEAR   (0x14 / 4)
  
-#define WDT_RESTART_MAGIC   0x4755

+#define WDT_RESTART_MAGIC   0x4755
  
  static bool aspeed_wdt_is_enabled(const AspeedWDTState *s)

  {
@@ -55,9 +64,10 @@ static uint64_t aspeed_wdt_read(void *opaque, hwaddr offset, 
unsigned size)
  return 0;
  case WDT_CTRL:
  return s->regs[WDT_CTRL];
+case WDT_RESET_WIDTH:
+return s->regs[WDT_RESET_WIDTH];
  case WDT_TIMEOUT_STATUS:
  case WDT_TIMEOUT_CLEAR:
-case WDT_RESET_WDITH:
  qemu_log_mask(LOG_UNIMP,
"%s: uninmplemented read at offset 0x%" HWADDR_PRIx 
"\n",
__func__, offset);
@@ -119,9 +129,25 @@ static void aspeed_wdt_write(void *opaque, hwaddr offset, 
uint64_t data,
  timer_del(s->timer);
  }
  break;
+case WDT_RESET_WIDTH:
+{
+uint32_t property = data & WDT_POLARITY_MASK;
+
+if (property == WDT_ACTIVE_HIGH_MAGIC) {
+s->regs[WDT_RESET_WIDTH] |= WDT_RESET_WIDTH_ACTIVE_HIGH;
+} else if (property == WDT_ACTIVE_LOW_MAGIC) {
+s->regs[WDT_RESET_WIDTH] &= ~WDT_RESET_WIDTH_ACTIVE_HIGH;
+} else if (property == WDT_PUSH_PULL_MAGIC) {
+s->regs[WDT_RESET_WIDTH] |= WDT_RESET_WIDTH_PUSH_PULL;
+} else if (property == WDT_OPEN_DRAIN_MAGIC) {
+s->regs[WDT_RESET_WIDTH] &= ~WDT_RESET_WIDTH_PUSH_PULL;


} else {
qemu_log_mask(LOG_GUEST_ERROR, ...


+}


Anyway I'm not sure about this if().
Usually watchdogs have a state machine, if you don't do all unlock steps 
ordered, the SM get reset. This is why magic is involved, else you could 
use it as a regular register.
I'd expect a guest writing ACTIVE_HIGH_MAGIC then PUSH_PULL_MAGIC to not 
modify the RESET_WIDTH register, since the correct behavior would be to 
write ordered RESTART_MAGIC, then HIGH_MAGIC, then LOW_MAGIC and finally 
the PULL/DRAIN change, but I'm just trying to model this wdg in my head 
without having study 

Re: [Qemu-devel] [PATCH] cpu: don't allow negative core id

[Philippe Mathieu-Daudé]

Hi Laurent,

On Wed, Aug 2, 2017 at 7:32 AM, Laurent Vivier  wrote:
> With pseries machine type a negative core-id is not managed properly:
> -1 gives an inaccurate error message ("core -1 already populated"),
> -2 crashes QEMU (core dump)
>
> As it seems a negative value is invalid for any architecture,
> instead of checking this in spapr_core_pre_plug() I think it's better
> to check this in the generic part, core_prop_set_core_id()

Why is this property signed? If there is not reason to use it negative,
is it possible to use object_property_add(.."uint"..)?

Also what about core_prop_set_nr_threads()? It might coredump the
same way.

Regards,

Phil.

>
> Signed-off-by: Laurent Vivier 
> ---
>  hw/cpu/core.c | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/hw/cpu/core.c b/hw/cpu/core.c
> index 2bf960d..bd578ab 100644
> --- a/hw/cpu/core.c
> +++ b/hw/cpu/core.c
> @@ -33,6 +33,11 @@ static void core_prop_set_core_id(Object *obj, Visitor *v, 
> const char *name,
>  return;
>  }
>
> +if (value < 0) {
> +error_setg(errp, "Invalid core id %"PRId64, value);
> +return;
> +}
> +
>  core->core_id = value;
>  }
>
> --
> 2.9.4
>
>