Re: [Qemu-devel] Guest freezes "Refined TSC clocksource calibration ..."

[Mulyadi Santosa]

Hi. :)

On Sat, Oct 1, 2011 at 19:16, Onkar N Mahajan  wrote:
>
> Compiled 3.1.0-rc3+ from source (see attached config file) and updated the
> host(fc14) kernel ;
> So host is now running 3.1.0-rc3+
>
> Now I also want to try to boot FC14 guest with this updated kernel , like
> this -
>
> ./qemu-kvm-virtfs -drive file=/home/onkar/bin/v9fs-guest.img,if=virtio -m
> 1024 -smp 4 -net nic,macaddr=54:52:00:46:26:84,model=virtio -net
> tap,script=./qemu-ifup,ifname=vnet1 --enable-kvm -vnc :10 -kernel
> /boot/vmlinuz-3.1.0-rc3p -initrd /boot/initrd-3.1.0-rc3p.img -append
> 'root=UUID=97e4bdfa-c88b-4e1f-8609-10f76d6a35fa' -monitor stdio

Quite simple things you can try first:
- what if you use device name like /dev/sda1 instead? does that work?

- are you sure you have included the suitable filesystem module for
the root partition in the initrd or the main kernel image?

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Re: [Qemu-devel] Qemu - compiling error in tcg.c - flush_icache_range

[Mulyadi Santosa]

Hi... :)

On Sun, Oct 2, 2011 at 05:44, Maurizio Caloro  wrote:
>
> i was trying with this code that i found with googling but without any success
>
>>tcg.c
>>    /* return tcg_gen_code_common(s, gen_code_buf, offset); */
>>    int ret;
>>    ret = tcg_gen_code_common(s, gen_code_buf, offset);
>>    /* flush instruction cache */
>>    flush_icache_range((unsigned long)gen_code_buf,
>>                      ((unsigned long)s->code_ptr);
>>    return ret;
>>    }

IIRC, that's the part of patch seriesor maybe just a single patch
 against latest Qemu gitso, are you sure you are applying that
patch correctly? or pull straight from qemu git repository?

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

[Qemu-devel] [Bug 864490] [NEW] Windows 2008 x64 (SBS Server) freezes randomly when using more than 1 CPU core

[Attila Megyeri]

Public bug reported:

This issue has been giving headache to us since a long time.
Difficult to reproduce as it happens randomly.
We had this issue when we ran Windows 2008 x64 or Windows SBS Server guests in 
either XEN 3.3 or Proxmox environments.
When only one CPU core is assigned to the guest, everything is fine. If 2 or 
more cores are assigned, the guest stops responding after several hours - and 
in the host machine one of the cores is using 100%. The only thing that helps 
is resetting the guest.

I am ready to provide logs/crashdumps if needed, because we want to help
resolve this issue. I saw some posts on the web of people having the
same problems - for some of the workaround was to fix some BIOS
settings, but we did not have success with those (e.g. disabling C1E
Support and Intel C-State )

Server is running on Intel® Core™ i7-920 Quad-Core, 24 Gig RAM.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/864490

Title:
  Windows 2008 x64 (SBS Server) freezes randomly when using more than 1
  CPU core

Status in QEMU:
  New

Bug description:
  This issue has been giving headache to us since a long time.
  Difficult to reproduce as it happens randomly.
  We had this issue when we ran Windows 2008 x64 or Windows SBS Server guests 
in either XEN 3.3 or Proxmox environments.
  When only one CPU core is assigned to the guest, everything is fine. If 2 or 
more cores are assigned, the guest stops responding after several hours - and 
in the host machine one of the cores is using 100%. The only thing that helps 
is resetting the guest.

  I am ready to provide logs/crashdumps if needed, because we want to
  help resolve this issue. I saw some posts on the web of people having
  the same problems - for some of the workaround was to fix some BIOS
  settings, but we did not have success with those (e.g. disabling C1E
  Support and Intel C-State )

  Server is running on Intel® Core™ i7-920 Quad-Core, 24 Gig RAM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/864490/+subscriptions

Re: [Qemu-devel] Guest freezes "Refined TSC clocksource calibration ..."

[Dor Laor]

On 10/02/2011 09:24 AM, Mulyadi Santosa wrote:

Hi. :)

On Sat, Oct 1, 2011 at 19:16, Onkar N Mahajan  wrote:


Compiled 3.1.0-rc3+ from source (see attached config file) and updated the
host(fc14) kernel ;
So host is now running 3.1.0-rc3+

Now I also want to try to boot FC14 guest with this updated kernel , like
this -

./qemu-kvm-virtfs -drive file=/home/onkar/bin/v9fs-guest.img,if=virtio -m
1024 -smp 4 -net nic,macaddr=54:52:00:46:26:84,model=virtio -net
tap,script=./qemu-ifup,ifname=vnet1 --enable-kvm -vnc :10 -kernel
/boot/vmlinuz-3.1.0-rc3p -initrd /boot/initrd-3.1.0-rc3p.img -append
'root=UUID=97e4bdfa-c88b-4e1f-8609-10f76d6a35fa' -monitor stdio


Quite simple things you can try first:
- what if you use device name like /dev/sda1 instead? does that work?

- are you sure you have included the suitable filesystem module for
the root partition in the initrd or the main kernel image?



It indeed looks that this is the problem because your log shows that no 
root device was found after the successful tsc calibration stage.

Re: [Qemu-devel] blobstore disk format (was Re: Design of the blobstore)

[Michael S. Tsirkin]

On Wed, Sep 28, 2011 at 11:48:19AM -0400, Stefan Berger wrote:
> On 09/22/2011 02:37 AM, Michael S. Tsirkin wrote:
> >On Wed, Sep 21, 2011 at 09:44:37PM -0400, Stefan Berger wrote:
> >>On 09/19/2011 03:04 PM, Michael S. Tsirkin wrote:
> >>>On Mon, Sep 19, 2011 at 12:22:02PM -0400, Stefan Berger wrote:
> On 09/17/2011 03:28 PM, Michael S. Tsirkin wrote:
> >On Fri, Sep 16, 2011 at 12:46:40PM -0400, Stefan Berger wrote:
> The checksuming I think makes sense if encryption is being added so
> decryption and testing for proper key material remains an NVRAM
> operation rather than a device operation.
> >>>Not sure how this addresses the question of what to do
> >>>on checksum failure.
> >>>
> >>Checksum failure on an unencrypted blob would mean that the blob is
> >>corrupted. In case of encryption 'corrupted' would overlap with a
> >>'badly decrypted' blob. In either way the startup of the device
> >>cannot happen.
> >With corruption - why not? A specific block being corrupted does not mean all
> >data is lost.
> >
> Presumably if you feed bad data into a device it either has its own
> way of integrity checking the blob (we actually do this for the TPM)
> or it will blow up/show wrong behavior at some point - hopefully
> sooner rather than later. Though the detection of bad data *can* be
> an NVRAM operation rather than the operation of a device using the
> data stored in the NVRAM.
> >>We could refuse the NVRAM key suggesting that likely
> >>this is the wrong key for decryption but corruption is also
> >>possible.
> >I'm guessing that if we find a correct ber structure in the file, this
> >most likely means the key is correct.
> [I still would add at least a CRC32 (or maybe even a SHA1) for
> detection of corruption of the ASN.1 encoded blob without having to
> hunt the data through a ASN.1 decoder.]
> 
> If we now say that data should be encryptable even if QCoW2 wasn't
> used, then is a command line option
> 
> -nvram id=,key=,...
> 
> something we should support to make the key applicable to the whole NVRAM?
> 
>  Stefan
> 

Why? Is there a reason not to use qcow2 if one wants encryption?

One thing I don't understand is why crc is mixed with
encryption in this discussion. If what we want is integrity checks on the
data, it's an interesting feature that seems somewhat
unrelated to TPM.

If we want to use a hash for cryptography, such as verifying the key,
crc is probably not a good match, and one can imagine that it might in fact
weaken the security of the system.

-- 
MST

Re: [Qemu-devel] [PATCH 1/2] virtio: Use global memory barrier macros

[Michael S. Tsirkin]

On Tue, Sep 20, 2011 at 12:05:20PM +1000, David Gibson wrote:
> The virtio code uses wmb() macros in several places, as required by the
> SMP-aware virtio protocol.  However the wmb() macro is locally defined
> to be a compiler barrier only.  This is probably sufficient on x86
> due to its strong storage ordering model, but it certainly isn't on other
> platforms, such as ppc.
> 
> In any case, qemu already has some globally defined memory barrier macros
> in qemu-barrier.h.  This patch, therefore converts virtio.c to use those
> barrier macros.  The macros in qemu-barrier.h are also wrong (or at least,
> safe for x86 only) but this way at least there's only one place to fix
> them.
> 
> Signed-off-by: Alexey Kardashevskiy 
> Signed-off-by: David Gibson 

Acked-by: Michael S. Tsirkin 

> ---
>  hw/virtio.c |   14 +++---
>  1 files changed, 3 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/virtio.c b/hw/virtio.c
> index 946d911..9663294 100644
> --- a/hw/virtio.c
> +++ b/hw/virtio.c
> @@ -16,20 +16,12 @@
>  #include "trace.h"
>  #include "qemu-error.h"
>  #include "virtio.h"
> +#include "qemu-barrier.h"
>  
>  /* The alignment to use between consumer and producer parts of vring.
>   * x86 pagesize again. */
>  #define VIRTIO_PCI_VRING_ALIGN 4096
>  
> -/* QEMU doesn't strictly need write barriers since everything runs in
> - * lock-step.  We'll leave the calls to wmb() in though to make it obvious 
> for
> - * KVM or if kqemu gets SMP support.
> - * In any case, we must prevent the compiler from reordering the code.
> - * TODO: we likely need some rmb()/mb() as well.
> - */
> -
> -#define wmb() __asm__ __volatile__("": : :"memory")
> -
>  typedef struct VRingDesc
>  {
>  uint64_t addr;
> @@ -264,7 +256,7 @@ void virtqueue_flush(VirtQueue *vq, unsigned int count)
>  {
>  uint16_t old, new;
>  /* Make sure buffer is written before we update index. */
> -wmb();
> +smp_wmb();
>  trace_virtqueue_flush(vq, count);
>  old = vring_used_idx(vq);
>  new = old + count;
> @@ -324,7 +316,7 @@ static unsigned virtqueue_next_desc(target_phys_addr_t 
> desc_pa,
>  /* Check they're not leading us off end of descriptors. */
>  next = vring_desc_next(desc_pa, i);
>  /* Make sure compiler knows to grab that: we don't want it changing! */
> -wmb();
> +smp_wmb();
>  
>  if (next >= max) {
>  error_report("Desc next is %u", next);
> -- 
> 1.7.5.4

Re: [Qemu-devel] [PATCH 2/2] Barriers in qemu-barrier.h should not be x86 specific

[Michael S. Tsirkin]

On Tue, Sep 20, 2011 at 12:05:21PM +1000, David Gibson wrote:
> qemu-barrier.h contains a few macros implementing memory barrier
> primitives used in several places throughout qemu.  However, apart
> from the compiler-only barrier, the defined wmb() is correct only for
> x86, or platforms which are similarly strongly ordered.
> 
> This patch addresses the FIXME about this by making the wmb() macro
> arch dependent.  On x86, it remains a compiler barrier only, but with
> a comment explaining in more detail the conditions under which this is
> correct.  On weakly-ordered powerpc, an "eieio" instruction is used,
> again with explanation of the conditions under which it is sufficient.
> 
> On other platforms, we use the __sync_synchronize() primitive,
> available in sufficiently recent gcc (4.2 and after?).  This should
> implement a full barrier which will be sufficient on all platforms,
> although it may be overkill in some cases.  Other platforms can add
> optimized versions in future if it's worth it for them.
> 
> Without proper memory barriers, it is easy to reproduce ordering
> problems with virtio on powerpc; specifically, the QEMU puts new
> element into the "used" ring and then updates the ring free-running
> counter.  Without a barrier between these under the right
> circumstances, the guest linux driver can receive an interrupt, read
> the counter change but find the ring element to be handled still has
> an old value, leading to an "id %u is not a head!\n" error message.
> Similar problems are likely to be possible with kvm on other weakly
> ordered platforms.
> 
> Signed-off-by: Alexey Kardashevskiy 
> Signed-off-by: David Gibson 


Acked-by: Michael S. Tsirkin 

> ---
>  qemu-barrier.h |   34 +++---
>  1 files changed, 31 insertions(+), 3 deletions(-)
> 
> diff --git a/qemu-barrier.h b/qemu-barrier.h
> index b77fce2..735eea6 100644
> --- a/qemu-barrier.h
> +++ b/qemu-barrier.h
> @@ -1,10 +1,38 @@
>  #ifndef __QEMU_BARRIER_H
>  #define __QEMU_BARRIER_H 1
>  
> -/* FIXME: arch dependant, x86 version */
> -#define smp_wmb()   asm volatile("" ::: "memory")
> -
>  /* Compiler barrier */
>  #define barrier()   asm volatile("" ::: "memory")
>  
> +#if defined(__i386__) || defined(__x86_64__)
> +
> +/*
> + * Because of the strongly ordered x86 storage model, wmb() is a nop
> + * on x86(well, a compiler barrier only).  Well, at least as long as
> + * qemu doesn't do accesses to write-combining memory or non-temporal
> + * load/stores from C code.
> + */
> +#define smp_wmb()   barrier()
> +
> +#elif defined(__powerpc__)
> +
> +/*
> + * We use an eieio() for a wmb() on powerpc.  This assumes we don't
> + * need to order cacheable and non-cacheable stores with respect to
> + * each other
> + */
> +#define smp_wmb()   asm volatile("eieio" ::: "memory")
> +
> +#else
> +
> +/*
> + * For (host) platforms we don't have explicit barrier definitions
> + * for, we use the gcc __sync_synchronize() primitive to generate a
> + * full barrier.  This should be safe on all platforms, though it may
> + * be overkill.
> + */
> +#define smp_wmb()   __sync_synchronize()
> +
> +#endif
> +
>  #endif
> -- 
> 1.7.5.4

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Michael S. Tsirkin]

On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
> This patch adds functions to pci.[ch] to perform PCI DMA operations.  At
> present, these are just stubs which perform directly cpu physical memory
> accesses.
> 
> Using these stubs, however, distinguishes PCI device DMA transactions from
> other accesses to physical memory, which will allow PCI IOMMU support to
> be added in one place, rather than updating every PCI driver at that time.
> 
> That is, it allows us to update individual PCI drivers to support an IOMMU
> without having yet determined the details of how the IOMMU emulation will
> operate.  This will let us remove the most bitrot-sensitive part of an
> IOMMU patch in advance.
> 
> Signed-off-by: David Gibson 

So something I just thought about:

all wrappers now go through cpu_physical_memory_rw.
This is a problem as e.g. virtio assumes that
accesses such as stw are atomic. cpu_physical_memory_rw
is a memcpy which makes no such guarantees.

> ---
>  dma.h|2 ++
>  hw/pci.c |   31 +++
>  hw/pci.h |   33 +
>  3 files changed, 66 insertions(+), 0 deletions(-)
> 
> diff --git a/dma.h b/dma.h
> index a6db5ba..06e91cb 100644
> --- a/dma.h
> +++ b/dma.h
> @@ -15,6 +15,8 @@
>  #include "hw/hw.h"
>  #include "block.h"
>  
> +typedef target_phys_addr_t dma_addr_t;
> +
>  typedef struct {
>  target_phys_addr_t base;
>  target_phys_addr_t len;
> diff --git a/hw/pci.c b/hw/pci.c
> index 1cdcbb7..0be7611 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -2211,3 +2211,34 @@ MemoryRegion *pci_address_space(PCIDevice *dev)
>  {
>  return dev->bus->address_space_mem;
>  }
> +
> +#define PCI_DMA_DEFINE_LDST(_lname, _sname, _bits) \
> +uint##_bits##_t ld##_lname##_pci_dma(PCIDevice *dev, dma_addr_t addr) \
> +{ \
> +uint##_bits##_t val; \
> +pci_dma_read(dev, addr, &val, sizeof(val)); \
> +return le##_bits##_to_cpu(val); \
> +} \
> +void st##_sname##_pci_dma(PCIDevice *dev, \
> +  dma_addr_t addr, uint##_bits##_t val) \
> +{ \
> +val = cpu_to_le##_bits(val); \
> +pci_dma_write(dev, addr, &val, sizeof(val)); \
> +}
> +

I am still not 100% positive why do we do the LE conversions here.
st4_phys and friends don't seem to do it ...
Has something to do with the fact we pass a value as an array?
Probably worth a comment.

> +uint8_t ldub_pci_dma(PCIDevice *dev, dma_addr_t addr)
> +{
> +uint8_t val;
> +
> +pci_dma_read(dev, addr, &val, sizeof(val));
> +return val;
> +}
> +
> +void stb_pci_dma(PCIDevice *dev, dma_addr_t addr, uint8_t val)
> +{
> +pci_dma_write(dev, addr, &val, sizeof(val));
> +}
> +

pci_ XXX would be better names?

> +PCI_DMA_DEFINE_LDST(uw, w, 16);
> +PCI_DMA_DEFINE_LDST(l, l, 32);
> +PCI_DMA_DEFINE_LDST(q, q, 64);
> diff --git a/hw/pci.h b/hw/pci.h
> index 391217e..4426e9d 100644
> --- a/hw/pci.h
> +++ b/hw/pci.h
> @@ -6,6 +6,7 @@
>  
>  #include "qdev.h"
>  #include "memory.h"
> +#include "dma.h"
>  
>  /* PCI includes legacy ISA access.  */
>  #include "isa.h"
> @@ -492,4 +493,36 @@ static inline uint32_t pci_config_size(const PCIDevice 
> *d)
>  return pci_is_express(d) ? PCIE_CONFIG_SPACE_SIZE : 
> PCI_CONFIG_SPACE_SIZE;
>  }
>  
> +/* DMA access functions */
> +static inline int pci_dma_rw(PCIDevice *dev, dma_addr_t addr,
> + void *buf, dma_addr_t len, int is_write)
> +{
> +cpu_physical_memory_rw(addr, buf, len, is_write);
> +return 0;
> +}
> +
> +static inline int pci_dma_read(PCIDevice *dev, dma_addr_t addr,
> +   void *buf, dma_addr_t len)
> +{
> +return pci_dma_rw(dev, addr, buf, len, 0);
> +}
> +
> +static inline int pci_dma_write(PCIDevice *dev, dma_addr_t addr,
> +const void *buf, dma_addr_t len)
> +{
> +return pci_dma_rw(dev, addr, (void *) buf, len, 1);
> +}
> +
> +#define PCI_DMA_DECLARE_LDST(_lname, _sname, _bits) \
> +uint##_bits##_t ld##_lname##_pci_dma(PCIDevice *dev, dma_addr_t addr); \
> +void st##_sname##_pci_dma(PCIDevice *dev, dma_addr_t addr, \
> +  uint##_bits##_t val);\
> +
> +PCI_DMA_DECLARE_LDST(ub, b, 8);
> +PCI_DMA_DECLARE_LDST(uw, w, 16);
> +PCI_DMA_DECLARE_LDST(l, l, 32);
> +PCI_DMA_DECLARE_LDST(q, q, 64);
> +
> +#undef DECLARE_LDST_DMA
> +

I think macros should just create stX_phys/ldX_phys calls
directly, in the .h file. This will also make it clearer what is going on,
with less levels of indirection.



>  #endif
> -- 
> 1.7.5.4

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Avi Kivity]

On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:

On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
>  This patch adds functions to pci.[ch] to perform PCI DMA operations.  At
>  present, these are just stubs which perform directly cpu physical memory
>  accesses.
>
>  Using these stubs, however, distinguishes PCI device DMA transactions from
>  other accesses to physical memory, which will allow PCI IOMMU support to
>  be added in one place, rather than updating every PCI driver at that time.
>
>  That is, it allows us to update individual PCI drivers to support an IOMMU
>  without having yet determined the details of how the IOMMU emulation will
>  operate.  This will let us remove the most bitrot-sensitive part of an
>  IOMMU patch in advance.
>
>  Signed-off-by: David Gibson

So something I just thought about:

all wrappers now go through cpu_physical_memory_rw.
This is a problem as e.g. virtio assumes that
accesses such as stw are atomic. cpu_physical_memory_rw
is a memcpy which makes no such guarantees.



Let's change cpu_physical_memory_rw() to provide that guarantee for 
aligned two and four byte accesses.  Having separate paths just for that 
is not maintainable.


--
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH] Correctly assign PCI domain numbers

[Michael S. Tsirkin]

On Thu, Aug 11, 2011 at 04:38:34PM +1000, David Gibson wrote:
> On Wed, Aug 10, 2011 at 11:34:23AM +0300, Michael S. Tsirkin wrote:
> > On Thu, Aug 04, 2011 at 07:00:38PM +1000, David Gibson wrote:
> > > On Wed, Aug 03, 2011 at 04:28:33PM +0300, Michael S. Tsirkin wrote:
> > > > On Tue, Aug 02, 2011 at 12:15:22AM +1000, David Gibson wrote:
> > > > > On Mon, Aug 01, 2011 at 05:03:18PM +0300, Michael S. Tsirkin wrote:
> > > > > > On Mon, Aug 01, 2011 at 11:33:37PM +1000, David Gibson wrote:
> > > > > > > On Mon, Aug 01, 2011 at 01:10:38PM +0300, Michael S. Tsirkin 
> > > > > > > wrote:
> > > > > > > > On Mon, Aug 01, 2011 at 04:51:02PM +1000, David Gibson wrote:
> > > > > > > > > qemu already almost supports PCI domains; that is, several 
> > > > > > > > > entirely
> > > > > > > > > independent PCI host bridges on the same machine.  However, a 
> > > > > > > > > bug in
> > > > > > > > > pci_bus_new_inplace() means that every host bridge gets 
> > > > > > > > > assigned domain
> > > > > > > > > number zero and so can't be properly distinguished.  This 
> > > > > > > > > patch fixes the
> > > > > > > > > bug, giving each new host bridge a new domain number.
> > > > > > > > > 
> > > > > > > > > Signed-off-by: David Gibson 
> > > > > > > > 
> > > > > > > > OK, but I'd like to see the whole picture.
> > > > > > > > How does the guest detect multiple domains,
> > > > > > > > and how does it access them?
> > > > > > > 
> > > > > > > For the pseries machine, which is what I'm concerned with, each 
> > > > > > > host
> > > > > > > bridge is advertised through the device tree passed to the guest.
> > > > > > 
> > > > > > Could you explain please?
> > > > > > What generates the device tree and passes it to the guest?
> > > > > 
> > > > > In the case of the pseries machine, it is generated from hw/spapr.c
> > > > > and loaded into memory for use by the firmware and/or the kernel.
> > > > > 
> > > > > > > That gives the necessary handles and addresses for accesing config
> > > > > > > space and memory and IO windows for each host bridge.
> > > > > > 
> > > > > > I see. I think maybe a global counter in the common code
> > > > > > is not exactly the best solution in the general case.
> > > > > 
> > > > > Well, which general case do you have in mind. Since by definition,
> > > > > PCI domains are entirely independent from each other, domain numbers
> > > > > are essentially arbitrary as long as they're unique - simply a
> > > > > convention which makes it easier to describe which host bridge devices
> > > > > belong on.  I don't see an obvious approach which is better than a
> > > > > global counter, or least not one that doesn't involve a significant
> > > > > rewrite of the PCI subsystem.
> > > > 
> > > > OK, let's make sure I understand. On your system 'domain numbers'
> > > > are completely invisible to the guest, right? You only need them to
> > > > address devices on qemu monitor ...
> > > 
> > > Well.. the qemu domain number is not officially visible to the guest.
> > > However the handles that are visible to the guest will need to be
> > > derived from some sort of unique domain number.
> > > 
> > > > For that, I'm trying to move away from using a domain number.  Would
> > > > it be possible to simply give bus an id, and use bus= instead?
> > > 
> > > It might be.  In this case we should remove the domain numbers (as
> > > used by pci_find_domain()) from qemu entirely, since they are broken
> > > as they stand without this patch.
> > > 
> > > > BTW, how does a linux guest number domains?
> > > > Would it make sense to match that?
> > > 
> > > I'll look into it.  It would be nice to have them match, obviously but
> > > I'm not sure if there will be a way to do this that's both reasonable
> > > and robust.  I suspect they will match already though not in a
> > > terribly robust way, at least for the pseries machine, becuase qemu
> > > will create the host bridge nodes in the same order as domain number,
> > > and I suspect Linux will just allocate domain numbers sequentially in
> > > that same order.
> > 
> > OK, so what's the plan at the moment?
> 
> Well, you tell me...

You wanted to look at how does linux enumerates domains, no?
Any success?

> > How about we pass domain number from callers,
> 
> >From callers of what exactly?

pci_bus_new_inplace I guess.

> > and make sure buses are enumerated in this order?
> > This will make sure linux enumerates them in
> > the same order.
> 
> I don't think we can do that in general.  After all enumeration order
> of domains is essentially a guest internal matter, which we can only
> guess at.

It seems clear that using a domain number in qemu was a mistake.
We can already pass bus= argument to hotplug to specify the bus,
so only bus address (slot# / function #) is needed.

Luckily, ATM the only supported domain # is 0, so we can just
ignore it.

My concern is if we try to expose domain number > 0 to monitor,
users will come to depend on this number, which it is
an implemen

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Michael S. Tsirkin]

On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
> On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
> >On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
> >>  This patch adds functions to pci.[ch] to perform PCI DMA operations.  At
> >>  present, these are just stubs which perform directly cpu physical memory
> >>  accesses.
> >>
> >>  Using these stubs, however, distinguishes PCI device DMA transactions from
> >>  other accesses to physical memory, which will allow PCI IOMMU support to
> >>  be added in one place, rather than updating every PCI driver at that time.
> >>
> >>  That is, it allows us to update individual PCI drivers to support an IOMMU
> >>  without having yet determined the details of how the IOMMU emulation will
> >>  operate.  This will let us remove the most bitrot-sensitive part of an
> >>  IOMMU patch in advance.
> >>
> >>  Signed-off-by: David Gibson
> >
> >So something I just thought about:
> >
> >all wrappers now go through cpu_physical_memory_rw.
> >This is a problem as e.g. virtio assumes that
> >accesses such as stw are atomic. cpu_physical_memory_rw
> >is a memcpy which makes no such guarantees.
> >
> 
> Let's change cpu_physical_memory_rw() to provide that guarantee for
> aligned two and four byte accesses.  Having separate paths just for
> that is not maintainable.

Well, we also have stX_phys convert to target native endian-ness
(nop for KVM but not necessarily for qemu).

So if we do what you suggest, this patch will become more correct, but
it would still need to duplicate the endian-ness work.

For that reason, I think calling stX_phys and friends from pci
makes more sense - we get more simple inline wrappers
but that code duplication worries me much less than tricky
endian-ness hidden within a macro.

> -- 
> error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Avi Kivity]

On 10/02/2011 12:52 PM, Michael S. Tsirkin wrote:

On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
>  On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
>  >On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
>  >>   This patch adds functions to pci.[ch] to perform PCI DMA operations.  At
>  >>   present, these are just stubs which perform directly cpu physical memory
>  >>   accesses.
>  >>
>  >>   Using these stubs, however, distinguishes PCI device DMA transactions 
from
>  >>   other accesses to physical memory, which will allow PCI IOMMU support to
>  >>   be added in one place, rather than updating every PCI driver at that 
time.
>  >>
>  >>   That is, it allows us to update individual PCI drivers to support an 
IOMMU
>  >>   without having yet determined the details of how the IOMMU emulation 
will
>  >>   operate.  This will let us remove the most bitrot-sensitive part of an
>  >>   IOMMU patch in advance.
>  >>
>  >>   Signed-off-by: David Gibson
>  >
>  >So something I just thought about:
>  >
>  >all wrappers now go through cpu_physical_memory_rw.
>  >This is a problem as e.g. virtio assumes that
>  >accesses such as stw are atomic. cpu_physical_memory_rw
>  >is a memcpy which makes no such guarantees.
>  >
>
>  Let's change cpu_physical_memory_rw() to provide that guarantee for
>  aligned two and four byte accesses.  Having separate paths just for
>  that is not maintainable.

Well, we also have stX_phys convert to target native endian-ness
(nop for KVM but not necessarily for qemu).

So if we do what you suggest, this patch will become more correct, but
it would still need to duplicate the endian-ness work.

For that reason, I think calling stX_phys and friends from pci
makes more sense - we get more simple inline wrappers
but that code duplication worries me much less than tricky
endian-ness hidden within a macro.



Good point.  Though this is really a virtio specific issue since other 
devices have explicit endianness (not guest dependent).


I think endian conversion is best made explicit in virtio (like e1000 
does explicit conversions to little endian).


--
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Michael S. Tsirkin]

On Sun, Oct 02, 2011 at 12:58:35PM +0200, Avi Kivity wrote:
> On 10/02/2011 12:52 PM, Michael S. Tsirkin wrote:
> >On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
> >>  On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
> >>  >On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
> >>  >>   This patch adds functions to pci.[ch] to perform PCI DMA operations. 
> >>  At
> >>  >>   present, these are just stubs which perform directly cpu physical 
> >> memory
> >>  >>   accesses.
> >>  >>
> >>  >>   Using these stubs, however, distinguishes PCI device DMA 
> >> transactions from
> >>  >>   other accesses to physical memory, which will allow PCI IOMMU 
> >> support to
> >>  >>   be added in one place, rather than updating every PCI driver at that 
> >> time.
> >>  >>
> >>  >>   That is, it allows us to update individual PCI drivers to support an 
> >> IOMMU
> >>  >>   without having yet determined the details of how the IOMMU emulation 
> >> will
> >>  >>   operate.  This will let us remove the most bitrot-sensitive part of 
> >> an
> >>  >>   IOMMU patch in advance.
> >>  >>
> >>  >>   Signed-off-by: David Gibson
> >>  >
> >>  >So something I just thought about:
> >>  >
> >>  >all wrappers now go through cpu_physical_memory_rw.
> >>  >This is a problem as e.g. virtio assumes that
> >>  >accesses such as stw are atomic. cpu_physical_memory_rw
> >>  >is a memcpy which makes no such guarantees.
> >>  >
> >>
> >>  Let's change cpu_physical_memory_rw() to provide that guarantee for
> >>  aligned two and four byte accesses.  Having separate paths just for
> >>  that is not maintainable.
> >
> >Well, we also have stX_phys convert to target native endian-ness
> >(nop for KVM but not necessarily for qemu).
> >
> >So if we do what you suggest, this patch will become more correct, but
> >it would still need to duplicate the endian-ness work.
> >
> >For that reason, I think calling stX_phys and friends from pci
> >makes more sense - we get more simple inline wrappers
> >but that code duplication worries me much less than tricky
> >endian-ness hidden within a macro.
> >
> 
> Good point.  Though this is really a virtio specific issue since
> other devices have explicit endianness (not guest dependent).

Hmm, not entirely virtio specific, some devices use stX macros to do the
conversion.  E.g. stw_be_phys and stl_le_phys are used in several
places.

> I think endian conversion is best made explicit in virtio (like
> e1000 does explicit conversions to little endian).

That's certainly possible. Though it's hard to see why duplicating e.g.

static void e100_stw_le_phys(target_phys_addr_t addr, uint16_t val)
{
val = cpu_to_le16(val);
cpu_physical_memory_write(addr, &val, sizeof(val));
}

is a better idea than a central utility that does this.
Maybe the address is not guaranteed to be aligned in the e100
case.


> -- 
> error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Alexander Graf]

On 02.10.2011, at 13:17, Michael S. Tsirkin wrote:

> On Sun, Oct 02, 2011 at 12:58:35PM +0200, Avi Kivity wrote:
>> On 10/02/2011 12:52 PM, Michael S. Tsirkin wrote:
>>> On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
 On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
> On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
>>  This patch adds functions to pci.[ch] to perform PCI DMA operations.  At
>>  present, these are just stubs which perform directly cpu physical memory
>>  accesses.
>> 
>>  Using these stubs, however, distinguishes PCI device DMA transactions 
>> from
>>  other accesses to physical memory, which will allow PCI IOMMU support to
>>  be added in one place, rather than updating every PCI driver at that 
>> time.
>> 
>>  That is, it allows us to update individual PCI drivers to support an 
>> IOMMU
>>  without having yet determined the details of how the IOMMU emulation 
>> will
>>  operate.  This will let us remove the most bitrot-sensitive part of an
>>  IOMMU patch in advance.
>> 
>>  Signed-off-by: David Gibson
> 
> So something I just thought about:
> 
> all wrappers now go through cpu_physical_memory_rw.
> This is a problem as e.g. virtio assumes that
> accesses such as stw are atomic. cpu_physical_memory_rw
> is a memcpy which makes no such guarantees.
> 
 
 Let's change cpu_physical_memory_rw() to provide that guarantee for
 aligned two and four byte accesses.  Having separate paths just for
 that is not maintainable.
>>> 
>>> Well, we also have stX_phys convert to target native endian-ness
>>> (nop for KVM but not necessarily for qemu).
>>> 
>>> So if we do what you suggest, this patch will become more correct, but
>>> it would still need to duplicate the endian-ness work.
>>> 
>>> For that reason, I think calling stX_phys and friends from pci
>>> makes more sense - we get more simple inline wrappers
>>> but that code duplication worries me much less than tricky
>>> endian-ness hidden within a macro.
>>> 
>> 
>> Good point.  Though this is really a virtio specific issue since
>> other devices have explicit endianness (not guest dependent).
> 
> Hmm, not entirely virtio specific, some devices use stX macros to do the
> conversion.  E.g. stw_be_phys and stl_le_phys are used in several
> places.

Yes, explicit endianness. Virtio is the only device type we support in QEMU 
that changes its endianness depending on the guest CPU. All other devices are 
independent of the guest CPU we're targeting.


Alex

Re: [Qemu-devel] [PATCH V11 5/5] Add a TPM Passthrough backend driver implementation

[Michael S. Tsirkin]

On Wed, Sep 28, 2011 at 09:23:00AM -0400, Stefan Berger wrote:

...

> Some notes about the host TPM:
> The TPM needs to be enabled and activated. If that's not the case one
> has to go through the BIOS/UEFI and enable and activate that TPM for TPM
> commands to work as expected.
> It may be necessary to boot the kernel using tpm_tis.force=1 in the boot
> command line or 'modprobe tpm_tis force=1' in case of using it as a module.

...

> Index: qemu-git.pt/configure
> ===
> --- qemu-git.pt.orig/configure
> +++ qemu-git.pt/configure
> @@ -3565,6 +3565,9 @@ fi
>  
>  if test "$tpm" = "yes"; then
>if test "$target_softmmu" = "yes" ; then
> +if test "$linux" = "yes" ; then
> +  echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_target_mak
> +fi

I think we might want to make this a configure option
separate from tpm. The number of ways this can fail
might make some vendors want to disable this mode.

>  echo "CONFIG_TPM=y" >> $config_host_mak
>fi
>  fi

Re: [Qemu-devel] [PATCH V11 0/5] Qemu Trusted Platform Module (TPM) integration

[Michael S. Tsirkin]

On Wed, Sep 28, 2011 at 09:22:55AM -0400, Stefan Berger wrote:
> The following series of patches adds TPM (Trusted Platform Module) support
> to Qemu. An emulator for the TIS (TPM Interface Spec) interface is
> added that provides the basis for accessing a 'backend' implementing the 
> actual
> TPM functionality. The TIS emulator serves as a 'frontend' enabling for
> example Linux's TPM TIS (tpm_tis) driver.
> 
> In this series I am posting a backend implementation that makes use of the
> host's TPM through a passthrough driver, which on Linux is accessed
> using /dev/tpm0.

Looks pretty clean, ACK to patches 1-4.

The passthrough mode is quite easy to misuse, though most
of the problem is in the hardware, not on our side.

I'm still trying to think of a good way to warn users
about the pitfalls with that. Disabling by default in configure, unless
explictly required, is certainly one way.
And/or, let's rename it 'assigned' mode to resemble the name of
another fragile qemu feature :) Only half joking ...

> 
> v11:
>  - applies to checkout of 46f3069 (Sep 28)
>  - some filing on the documentation
>  - small nits fixed
> 
> v10:
>  - applies to checkout of 1ce9ce6 (Sep 27)
>  - addressed Michael Tsirkin's comments on v9
> 
> v9:
>  - addressed Michael Tsirkin's and other reviewers' comments
>  - only posting Andreas Niederl's passthrough driver as the backend driver
> 
> v8:
>  - applies to checkout of f0fb8b7 (Aug 30)
>  - fixing compilation error pointed out by Andreas Niederl
>  - adding patch that allows to feed an initial state into the libtpms TPM
>  - following memory API changes (glib) where necessary
> 
> v7:
>  - applies to checkout of b9c6cbf (Aug 9)
>  - measuring the modules if multiboot is used
>  - coding style fixes
> 
> v6:
>  - applies to checkout of 75ef849 (July 2nd)
>  - some fixes and improvements to existing patches; see individual patches
>  - added a patch with a null driver responding to all TPM requests with
>a response indicating failure; this backend has no dependencies and
>can alwayy be built;
>  - added a patch to support the hashing of kernel, ramfs and command line
>if those were passed to Qemu using -kernel, -initrd and -append
>respectively. Measurements are taken, logged, and passed to SeaBIOS using
>the firmware interface.
>  - libtpms revision 7 now requires 83kb of block storage due to having more
>NVRAM space
> 
> v5:
>  - applies to checkout of 1fddfba1
>  - adding support for split command line using the -tpmdev ... -device ...
>options while keeping the -tpm option
>  - support for querying the device models using -tpm model=?
>  - support for monitor 'info tpm'
>  - adding documentation of command line options for man page and web page
>  - increasing room for ACPI tables that qemu reserves to 128kb (from 64kb)
>  - adding (experimental) support for block migration
>  - adding (experimental) support for taking measurements when kernel,
>initrd and kernel command line are directly passed to Qemu
> 
> v4:
>  - applies to checkout of d2d979c6
>  - more coding style fixes
>  - adding patch for supporting blob encryption (in addition to the existing
>QCoW2-level encryption)
>- this allows for graceful termination of a migration if the target
>  is detected to have a wrong key
>- tested with big and little endian hosts
>  - main thread releases mutex while checking for work to do on behalf of
>backend
>  - introducing file locking (fcntl) on the block layer for serializing access
>to shared (QCoW2) files (used during migration)
> 
> v3:
>  - Building a null driver at patch 5/8 that responds to all requests
>with an error response; subsequently this driver is transformed to the
>libtpms-based driver for real TPM functionality
>  - Reworked the threading; dropped the patch for qemu_thread_join; the
>main thread synchronizing with the TPM thread termination may need
>to write data to the block storage while waiting for the thread to 
>terminate; did not previously show a problem but is safer
>  - A lot of testing based on recent git checkout 4b4a72e5 (4/10):
>- migration of i686 VM from x86_64 host to i686 host to ppc64 host while
>  running tests inside the VM
>- tests with S3 suspend/resume
>- tests with snapshots
>- multiple-hour tests with VM suspend/resume (using virsh save/restore)
>  while running a TPM test suite inside the VM
>All tests passed; [not all of them were done on the ppc64 host]
> 
> v2:
>  - splitting some of the patches into smaller ones for easier review
>  - fixes in individual patches
> 
> Regards,
> Stefan
> 

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Michael S. Tsirkin]

On Sun, Oct 02, 2011 at 01:28:37PM +0200, Alexander Graf wrote:
> >> Good point.  Though this is really a virtio specific issue since
> >> other devices have explicit endianness (not guest dependent).
> > 
> > Hmm, not entirely virtio specific, some devices use stX macros to do the
> > conversion.  E.g. stw_be_phys and stl_le_phys are used in several
> > places.
> 
> Yes, explicit endianness. Virtio is the only device type we support in QEMU 
> that changes its endianness depending on the guest CPU. All other devices are 
> independent of the guest CPU we're targeting.
> 
> 
> Alex

True I think, for pci devices. And virtio bypasses the iommu
anyway, so we don't need to worry about it. But the point is that it
makes sense to support endian-ness handling in the core.

-- 
MST

Re: [Qemu-devel] [PATCH 3/9] eepro100: Use PCI DMA stub functions

[Michael S. Tsirkin]

On Mon, Sep 05, 2011 at 02:34:58PM +1000, David Gibson wrote:
> From: Eduard - Gabriel Munteanu 
> 
> This updates the eepro100 device emulation to use the explicit PCI DMA
> functions, instead of directly calling physical memory access functions.
> 
> Signed-off-by: Eduard - Gabriel Munteanu 
> Signed-off-by: David Gibson 
> ---
>  hw/eepro100.c |  113 
> +
>  1 files changed, 41 insertions(+), 72 deletions(-)
> 
> diff --git a/hw/eepro100.c b/hw/eepro100.c
> index 4e3c52f..9f57371 100644
> --- a/hw/eepro100.c
> +++ b/hw/eepro100.c
> @@ -46,6 +46,7 @@
>  #include "net.h"
>  #include "eeprom93xx.h"
>  #include "sysemu.h"
> +#include "dma.h"
>  
>  /* QEMU sends frames smaller than 60 bytes to ethernet nics.
>   * Such frames are rejected by real nics and their emulations.
> @@ -315,38 +316,6 @@ static const uint16_t eepro100_mdi_mask[] = {
>  0x, 0x, 0x, 0x, 0x, 0x, 0x, 0x,
>  };
>  
> -/* Read a 16 bit little endian value from physical memory. */
> -static uint16_t e100_ldw_le_phys(target_phys_addr_t addr)
> -{
> -/* Load 16 bit (little endian) word from emulated hardware. */
> -uint16_t val;
> -cpu_physical_memory_read(addr, &val, sizeof(val));
> -return le16_to_cpu(val);
> -}
> -
> -/* Read a 32 bit little endian value from physical memory. */
> -static uint32_t e100_ldl_le_phys(target_phys_addr_t addr)
> -{
> -/* Load 32 bit (little endian) word from emulated hardware. */
> -uint32_t val;
> -cpu_physical_memory_read(addr, &val, sizeof(val));
> -return le32_to_cpu(val);
> -}
> -
> -/* Write a 16 bit little endian value to physical memory. */
> -static void e100_stw_le_phys(target_phys_addr_t addr, uint16_t val)
> -{
> -val = cpu_to_le16(val);
> -cpu_physical_memory_write(addr, &val, sizeof(val));
> -}
> -
> -/* Write a 32 bit little endian value to physical memory. */
> -static void e100_stl_le_phys(target_phys_addr_t addr, uint32_t val)
> -{
> -val = cpu_to_le32(val);
> -cpu_physical_memory_write(addr, &val, sizeof(val));
> -}
> -
>  #define POLYNOMIAL 0x04c11db6
>  
>  /* From FreeBSD */
> @@ -744,21 +713,22 @@ static void dump_statistics(EEPRO100State * s)
>   * values which really matter.
>   * Number of data should check configuration!!!
>   */
> -cpu_physical_memory_write(s->statsaddr, &s->statistics, s->stats_size);
> -e100_stl_le_phys(s->statsaddr + 0, s->statistics.tx_good_frames);
> -e100_stl_le_phys(s->statsaddr + 36, s->statistics.rx_good_frames);
> -e100_stl_le_phys(s->statsaddr + 48, s->statistics.rx_resource_errors);
> -e100_stl_le_phys(s->statsaddr + 60, s->statistics.rx_short_frame_errors);
> +pci_dma_write(&s->dev, s->statsaddr,
> +  (uint8_t *) & s->statistics, s->stats_size);
> +stl_pci_dma(&s->dev, s->statsaddr + 0, s->statistics.tx_good_frames);
> +stl_pci_dma(&s->dev, s->statsaddr + 36, s->statistics.rx_good_frames);
> +stl_pci_dma(&s->dev, s->statsaddr + 48, 
> s->statistics.rx_resource_errors);
> +stl_pci_dma(&s->dev, s->statsaddr + 60, 
> s->statistics.rx_short_frame_errors);

At least old stl macros assumed an aligned address.
Not sure it's still the case but for e100 address might
not be aligned I think.

>  #if 0
> -e100_stw_le_phys(s->statsaddr + 76, s->statistics.xmt_tco_frames);
> -e100_stw_le_phys(s->statsaddr + 78, s->statistics.rcv_tco_frames);
> +stw_pci_dma(&s->dev, s->statsaddr + 76, s->statistics.xmt_tco_frames);
> +stw_pci_dma(&s->dev, s->statsaddr + 78, s->statistics.rcv_tco_frames);
>  missing("CU dump statistical counters");
>  #endif
>  }
>  
>  static void read_cb(EEPRO100State *s)
>  {
> -cpu_physical_memory_read(s->cb_address, &s->tx, sizeof(s->tx));
> +pci_dma_read(&s->dev, s->cb_address, (uint8_t *) &s->tx, sizeof(s->tx));
>  s->tx.status = le16_to_cpu(s->tx.status);
>  s->tx.command = le16_to_cpu(s->tx.command);
>  s->tx.link = le32_to_cpu(s->tx.link);
> @@ -788,18 +758,17 @@ static void tx_command(EEPRO100State *s)
>  }
>  assert(tcb_bytes <= sizeof(buf));
>  while (size < tcb_bytes) {
> -uint32_t tx_buffer_address = e100_ldl_le_phys(tbd_address);
> -uint16_t tx_buffer_size = e100_ldw_le_phys(tbd_address + 4);
> +uint32_t tx_buffer_address = ldl_pci_dma(&s->dev, tbd_address);
> +uint16_t tx_buffer_size = lduw_pci_dma(&s->dev, tbd_address + 4);
>  #if 0
> -uint16_t tx_buffer_el = e100_ldw_le_phys(tbd_address + 6);
> +uint16_t tx_buffer_el = lduw_pci_dma(&s->dev, tbd_address + 6);
>  #endif
>  tbd_address += 8;
>  TRACE(RXTX, logout
>  ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
>   tx_buffer_address, tx_buffer_size));
>  tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
> -cpu_physical_memory_read(tx_buffer_address, &buf[size],
> - tx_buf

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Avi Kivity]

On 10/02/2011 01:17 PM, Michael S. Tsirkin wrote:

On Sun, Oct 02, 2011 at 12:58:35PM +0200, Avi Kivity wrote:
>  On 10/02/2011 12:52 PM, Michael S. Tsirkin wrote:
>  >On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
>  >>   On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
>  >>   >On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
>  >>   >>This patch adds functions to pci.[ch] to perform PCI DMA 
operations.  At
>  >>   >>present, these are just stubs which perform directly cpu physical 
memory
>  >>   >>accesses.
>  >>   >>
>  >>   >>Using these stubs, however, distinguishes PCI device DMA 
transactions from
>  >>   >>other accesses to physical memory, which will allow PCI IOMMU 
support to
>  >>   >>be added in one place, rather than updating every PCI driver at 
that time.
>  >>   >>
>  >>   >>That is, it allows us to update individual PCI drivers to support 
an IOMMU
>  >>   >>without having yet determined the details of how the IOMMU 
emulation will
>  >>   >>operate.  This will let us remove the most bitrot-sensitive part 
of an
>  >>   >>IOMMU patch in advance.
>  >>   >>
>  >>   >>Signed-off-by: David Gibson
>  >>   >
>  >>   >So something I just thought about:
>  >>   >
>  >>   >all wrappers now go through cpu_physical_memory_rw.
>  >>   >This is a problem as e.g. virtio assumes that
>  >>   >accesses such as stw are atomic. cpu_physical_memory_rw
>  >>   >is a memcpy which makes no such guarantees.
>  >>   >
>  >>
>  >>   Let's change cpu_physical_memory_rw() to provide that guarantee for
>  >>   aligned two and four byte accesses.  Having separate paths just for
>  >>   that is not maintainable.
>  >
>  >Well, we also have stX_phys convert to target native endian-ness
>  >(nop for KVM but not necessarily for qemu).
>  >
>  >So if we do what you suggest, this patch will become more correct, but
>  >it would still need to duplicate the endian-ness work.
>  >
>  >For that reason, I think calling stX_phys and friends from pci
>  >makes more sense - we get more simple inline wrappers
>  >but that code duplication worries me much less than tricky
>  >endian-ness hidden within a macro.
>  >
>
>  Good point.  Though this is really a virtio specific issue since
>  other devices have explicit endianness (not guest dependent).

Hmm, not entirely virtio specific, some devices use stX macros to do the
conversion.  E.g. stw_be_phys and stl_le_phys are used in several
places.


These are fine - explicit endianness.


>  I think endian conversion is best made explicit in virtio (like
>  e1000 does explicit conversions to little endian).

That's certainly possible. Though it's hard to see why duplicating e.g.

static void e100_stw_le_phys(target_phys_addr_t addr, uint16_t val)
{
 val = cpu_to_le16(val);
 cpu_physical_memory_write(addr,&val, sizeof(val));
}

is a better idea than a central utility that does this.
Maybe the address is not guaranteed to be aligned in the e100
case.


The general case is dma'ing a structure, not a single field.  That 
doesn't mean we shouldn't have a helper.


--
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Michael S. Tsirkin]

On Sun, Oct 02, 2011 at 02:01:10PM +0200, Avi Kivity wrote:
> On 10/02/2011 01:17 PM, Michael S. Tsirkin wrote:
> >On Sun, Oct 02, 2011 at 12:58:35PM +0200, Avi Kivity wrote:
> >>  On 10/02/2011 12:52 PM, Michael S. Tsirkin wrote:
> >>  >On Sun, Oct 02, 2011 at 12:29:08PM +0200, Avi Kivity wrote:
> >>  >>   On 10/02/2011 12:25 PM, Michael S. Tsirkin wrote:
> >>  >>   >On Mon, Sep 05, 2011 at 02:34:56PM +1000, David Gibson wrote:
> >>  >>   >>This patch adds functions to pci.[ch] to perform PCI DMA 
> >> operations.  At
> >>  >>   >>present, these are just stubs which perform directly cpu 
> >> physical memory
> >>  >>   >>accesses.
> >>  >>   >>
> >>  >>   >>Using these stubs, however, distinguishes PCI device DMA 
> >> transactions from
> >>  >>   >>other accesses to physical memory, which will allow PCI IOMMU 
> >> support to
> >>  >>   >>be added in one place, rather than updating every PCI driver 
> >> at that time.
> >>  >>   >>
> >>  >>   >>That is, it allows us to update individual PCI drivers to 
> >> support an IOMMU
> >>  >>   >>without having yet determined the details of how the IOMMU 
> >> emulation will
> >>  >>   >>operate.  This will let us remove the most bitrot-sensitive 
> >> part of an
> >>  >>   >>IOMMU patch in advance.
> >>  >>   >>
> >>  >>   >>Signed-off-by: David Gibson
> >>  >>   >
> >>  >>   >So something I just thought about:
> >>  >>   >
> >>  >>   >all wrappers now go through cpu_physical_memory_rw.
> >>  >>   >This is a problem as e.g. virtio assumes that
> >>  >>   >accesses such as stw are atomic. cpu_physical_memory_rw
> >>  >>   >is a memcpy which makes no such guarantees.
> >>  >>   >
> >>  >>
> >>  >>   Let's change cpu_physical_memory_rw() to provide that guarantee for
> >>  >>   aligned two and four byte accesses.  Having separate paths just for
> >>  >>   that is not maintainable.
> >>  >
> >>  >Well, we also have stX_phys convert to target native endian-ness
> >>  >(nop for KVM but not necessarily for qemu).
> >>  >
> >>  >So if we do what you suggest, this patch will become more correct, but
> >>  >it would still need to duplicate the endian-ness work.
> >>  >
> >>  >For that reason, I think calling stX_phys and friends from pci
> >>  >makes more sense - we get more simple inline wrappers
> >>  >but that code duplication worries me much less than tricky
> >>  >endian-ness hidden within a macro.
> >>  >
> >>
> >>  Good point.  Though this is really a virtio specific issue since
> >>  other devices have explicit endianness (not guest dependent).
> >
> >Hmm, not entirely virtio specific, some devices use stX macros to do the
> >conversion.  E.g. stw_be_phys and stl_le_phys are used in several
> >places.
> 
> These are fine - explicit endianness.

Right. So changing these to e.g. stl_dma and assuming
LE is default seems like a step backwards.

> >>  I think endian conversion is best made explicit in virtio (like
> >>  e1000 does explicit conversions to little endian).
> >
> >That's certainly possible. Though it's hard to see why duplicating e.g.
> >
> >static void e100_stw_le_phys(target_phys_addr_t addr, uint16_t val)
> >{
> > val = cpu_to_le16(val);
> > cpu_physical_memory_write(addr,&val, sizeof(val));
> >}
> >
> >is a better idea than a central utility that does this.
> >Maybe the address is not guaranteed to be aligned in the e100
> >case.
> 
> The general case is dma'ing a structure, not a single field.  That
> doesn't mean we shouldn't have a helper.
> 
> -- 
> error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/9] Add stub functions for PCI device models to do PCI DMA

[Avi Kivity]

On 10/02/2011 02:14 PM, Michael S. Tsirkin wrote:

>
>  These are fine - explicit endianness.

Right. So changing these to e.g. stl_dma and assuming
LE is default seems like a step backwards.


Agree.  "l" implies a word with some endianness, not "4 unstructured bytes".


--
error compiling committee.c: too many arguments to function

[Qemu-devel] viewing continuous guest virtual memory as continuous in qemu

[Alon Levy]

Hi,

 I'm trying to acheive the $subject. Some background: currently spice relies on 
a preallocated pci bar for both surfaces and for VGA framebuffer + commands. I 
have been trying to get rid of the surfaces bar. To do that I allocate memory 
in the guest and then translate it for spice-server consumption using 
cpu_physical_memory_map.

 AFAIU this works only when the guest allocates a continuous range of physical 
pages. This is a large requirement from the guest, which I'd like to drop. So I 
would like to have the guest use a regular allocator, generating for instance 
two sequential pages in virtual memory that are scattered in physical memory. 
Those two physical guest page addresses (gp1 and gp2) correspond to two host 
virtual memory addresses (hv1, hv2). I would now like to provide to 
spice-server a single virtual address p that maps to those two pages in 
sequence. I don't want to handle my own scatter-gather list, I would like to 
have this mapping done once so I can use an existing library that requires a 
single pointer (for instance pixman or libGL) to do the rendering.

 Is there any way to acheive that without host kernel support, in user space, 
i.e. in qemu? or with an existing host kernel device?

 I'd appreciate any help,

Alon

[Qemu-devel] [PATCH] hmp: re-enable trace-file command

[Michael Roth]

Commit 31965ae27bc11e90674be12584bb201b83df5aef reverted a previous
renaming of CONFIG_SIMPLE_TRACE->CONFIG_TRACE_SIMPLE in a couple spots,
leading to trace-file currently being unavailable.

Signed-off-by: Michael Roth 
---
 hmp-commands.hx |2 +-
 monitor.c   |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 9e1cca8..844e6c9 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -194,7 +194,7 @@ STEXI
 changes status of a trace event
 ETEXI
 
-#if defined(CONFIG_SIMPLE_TRACE)
+#if defined(CONFIG_TRACE_SIMPLE)
 {
 .name   = "trace-file",
 .args_type  = "op:s?,arg:F?",
diff --git a/monitor.c b/monitor.c
index 8ec2c5e..4f5335e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -605,7 +605,7 @@ static void do_trace_event_set_state(Monitor *mon, const 
QDict *qdict)
 }
 }
 
-#ifdef CONFIG_SIMPLE_TRACE
+#ifdef CONFIG_TRACE_SIMPLE
 static void do_trace_file(Monitor *mon, const QDict *qdict)
 {
 const char *op = qdict_get_try_str(qdict, "op");
-- 
1.7.4.1

Re: [Qemu-devel] [PATCH 3/3] memory: Print regions in ascending order

[Avi Kivity]

On 09/27/2011 04:00 PM, Jan Kiszka wrote:

Makes reading the output more user friendly.


Thanks, applied all three.


@@ -1339,12 +1339,13 @@ typedef QTAILQ_HEAD(queue, MemoryRegionList) 
MemoryRegionListHead;
  static void mtree_print_mr(fprintf_function mon_printf, void *f,
 const MemoryRegion *mr, unsigned int level,
 target_phys_addr_t base,
-   MemoryRegionListHead *print_queue)
+   MemoryRegionListHead *alias_print_queue)
  {
+MemoryRegionList *new_ml, *ml, *next_ml;
+MemoryRegionListHead submr_print_queue;
  const MemoryRegion *submr;
  unsigned int i;

-
  if (!mr) {
  return;
  }
@@ -1358,7 +1359,7 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
  bool found = false;

  /* check if the alias is already in the queue */
-QTAILQ_FOREACH(ml, print_queue, queue) {
+QTAILQ_FOREACH(ml, alias_print_queue, queue) {
  if (ml->mr == mr->alias&&  !ml->printed) {
  found = true;
  }
@@ -1368,7 +1369,7 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
  ml = g_new(MemoryRegionList, 1);
  ml->mr = mr->alias;
  ml->printed = false;
-QTAILQ_INSERT_TAIL(print_queue, ml, queue);
+QTAILQ_INSERT_TAIL(alias_print_queue, ml, queue);
  }
  mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d): alias %s @%s 
"
 TARGET_FMT_plx "-" TARGET_FMT_plx "\n",
@@ -1386,9 +1387,33 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
 mr->priority,
 mr->name);
  }
+
+QTAILQ_INIT(&submr_print_queue);
+
  QTAILQ_FOREACH(submr,&mr->subregions, subregions_link) {
-mtree_print_mr(mon_printf, f, submr, level + 1, base + mr->addr,
-   print_queue);
+new_ml = g_new(MemoryRegionList, 1);
+new_ml->mr = submr;
+QTAILQ_FOREACH(ml,&submr_print_queue, queue) {
+if (new_ml->mr->addr<  ml->mr->addr ||
+(new_ml->mr->addr == ml->mr->addr&&
+ new_ml->mr->priority>  ml->mr->priority)) {
+QTAILQ_INSERT_BEFORE(ml, new_ml, queue);
+new_ml = NULL;
+break;
+}
+}
+if (new_ml) {
+QTAILQ_INSERT_TAIL(&submr_print_queue, new_ml, queue);
+}
+}
+
+QTAILQ_FOREACH(ml,&submr_print_queue, queue) {
+mtree_print_mr(mon_printf, f, ml->mr, level + 1, base + mr->addr,
+   alias_print_queue);
+}
+
+QTAILQ_FOREACH_SAFE(next_ml,&submr_print_queue, queue, ml) {
+g_free(ml);
  }
  }



Yuck, the whole thing would be a one-liner with a capable library 
(std::map<> or std::sort())


--
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 1/3] memory: Print region priority

[Avi Kivity]

On 09/27/2011 04:00 PM, Jan Kiszka wrote:

Useful to discover eclipses.

Signed-off-by: Jan Kiszka
---

PS: Current memory/master requires an obvious build fix (central
definition of some types), but I assume you already have a patch in
your tree.



No, doesn't happen here.

--
error compiling committee.c: too many arguments to function

[Qemu-devel] segfault on current HEAD, qemu-system-arm

[Avi Kivity]

3917149 gives me this:

[root@westmere-ep arm-test]# gdb --args qemu-system-arm -kernel 
zImage.integrator -initrd arm_root.img

GNU gdb (GDB) Fedora (7.3-41.fc15)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 


This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/local/bin/qemu-system-arm...done.
(gdb) r
Starting program: /usr/local/bin/qemu-system-arm -kernel 
zImage.integrator -initrd arm_root.img

[Thread debugging using libthread_db enabled]
[New Thread 0x74a5d700 (LWP 12467)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x74a5d700 (LWP 12467)]
0x005bcee6 in get_phys_addr (env=0x0, address=0, access_type=2, 
is_user=0, phys_ptr=0x74a5c994, prot=0x74a5c99c, page_size=

0x74a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
1275address += env->cp15.c13_fcse;
Missing separate debuginfos, use: debuginfo-install 
SDL-1.2.14-11.fc15.x86_64 bzip2-libs-1.0.6-3.fc15.x86_64 
celt051-0.5.1.3-3.fc15.x86_64 cyrus-sasl-lib-2.1.23-18.fc15.x86_64 
glib2-2.28.8-1.fc15.x86_64 glibc-2.14-5.x86_64 
keyutils-libs-1.2-7.fc15.x86_64 krb5-libs-1.9.1-5.fc15.x86_64 
libX11-1.4.3-1.fc15.x86_64 libXau-1.0.6-2.fc15.x86_64 
libXcursor-1.1.11-3.fc15.x86_64 libXext-1.2.0-2.fc15.x86_64 
libXfixes-5.0-1.fc15.x86_64 libXrandr-1.3.1-2.fc15.x86_64 
libXrender-0.9.6-2.fc15.x86_64 libcom_err-1.41.14-2.fc15.x86_64 
libcurl-7.21.3-9.fc15.x86_64 libgcc-4.6.0-10.fc15.x86_64 
libidn-1.19-2.fc15.x86_64 libjpeg-turbo-1.1.1-1.fc15.x86_64 
libpng-1.2.46-1.fc15.x86_64 libselinux-2.0.99-4.fc15.x86_64 
libssh2-1.2.7-1.fc15.x86_64 libxcb-1.7-2.fc15.x86_64 
ncurses-libs-5.8-2.20110319.fc15.x86_64 nspr-4.8.8-1.fc15.x86_64 
nss-3.12.10-5.fc15.x86_64 nss-softokn-freebl-3.12.10-2.fc15.x86_64 
nss-util-3.12.10-1.fc15.x86_64 openldap-2.4.24-3.fc15.x86_64 
openssl-1.0.0d-1.fc15.x86_64 pixman-0.20.2-2.fc15.x86_64 
spice-server-0.8.1-1.fc15.x86_64 xen-libs-4.1.1-3.fc15.x86_64 
xz-libs-5.0.3-1.fc15.x86_64 zlib-1.2.5-3.fc15.x86_64

(gdb) bt
#0  0x005bcee6 in get_phys_addr (env=0x0, address=0, 
access_type=2, is_user=0, phys_ptr=0x74a5c994, prot=0x74a5c99c, 
page_size=

0x74a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
#1  0x005bd036 in cpu_arm_handle_mmu_fault (env=0x0, address=0, 
access_type=2, mmu_idx=0)

at /home/tlv/akivity/qemu/target-arm/helper.c:1305
#2  0x0061ceba in tlb_fill (env1=0x1293c40, addr=0, is_write=2, 
mmu_idx=0, retaddr=0x0)

at /home/tlv/akivity/qemu/target-arm/op_helper.c:87
#3  0x005a0a99 in __ldb_cmmu (addr=0, mmu_idx=0) at 
/home/tlv/akivity/qemu/softmmu_template.h:139
#4  0x005934c9 in ldub_code (ptr=0) at 
/home/tlv/akivity/qemu/softmmu_header.h:96
#5  0x005935ad in get_page_addr_code (env1=0x1293c40, addr=0) at 
/home/tlv/akivity/qemu/exec-all.h:333
#6  0x00593889 in tb_find_slow (env=0x1293c40, pc=0, cs_base=0, 
flags=64) at /home/tlv/akivity/qemu/cpu-exec.c:95
#7  0x00593ae4 in tb_find_fast (env=0x1293c40) at 
/home/tlv/akivity/qemu/cpu-exec.c:151
#8  0x00593f0a in cpu_arm_exec (env=0x1293c40) at 
/home/tlv/akivity/qemu/cpu-exec.c:533
#9  0x00596007 in tcg_cpu_exec (env=0x1293c40) at 
/home/tlv/akivity/qemu/cpus.c:913
#10 0x00596113 in cpu_exec_all () at 
/home/tlv/akivity/qemu/cpus.c:949
#11 0x005957ec in qemu_tcg_cpu_thread_fn (arg=0x1293c40) at 
/home/tlv/akivity/qemu/cpus.c:688

#12 0x00341d407b31 in start_thread () from /lib64/libpthread.so.0
#13 0x00341d0dfd2d in clone () from /lib64/libc.so.6

--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH 01/25] etrax-pic: Convert to MemoryRegion

[Avi Kivity]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Signed-off-by: Avi Kivity 
---
 hw/etraxfs_pic.c |   30 +++---
 1 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/hw/etraxfs_pic.c b/hw/etraxfs_pic.c
index 4feffda..47a56d7 100644
--- a/hw/etraxfs_pic.c
+++ b/hw/etraxfs_pic.c
@@ -39,6 +39,7 @@
 struct etrax_pic
 {
 SysBusDevice busdev;
+MemoryRegion mmio;
 void *interrupt_vector;
 qemu_irq parent_irq;
 qemu_irq parent_nmi;
@@ -77,7 +78,8 @@ static void pic_update(struct etrax_pic *fs)
 qemu_set_irq(fs->parent_irq, !!vector);
 }
 
-static uint32_t pic_readl (void *opaque, target_phys_addr_t addr)
+static uint64_t
+pic_read(void *opaque, target_phys_addr_t addr, unsigned int size)
 {
 struct etrax_pic *fs = opaque;
 uint32_t rval;
@@ -87,8 +89,8 @@ static uint32_t pic_readl (void *opaque, target_phys_addr_t 
addr)
 return rval;
 }
 
-static void
-pic_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
+static void pic_write(void *opaque, target_phys_addr_t addr,
+  uint64_t value, unsigned int size)
 {
 struct etrax_pic *fs = opaque;
 D(printf("%s addr=%x val=%x\n", __func__, addr, value));
@@ -99,14 +101,14 @@ static uint32_t pic_readl (void *opaque, 
target_phys_addr_t addr)
 }
 }
 
-static CPUReadMemoryFunc * const pic_read[] = {
-NULL, NULL,
-&pic_readl,
-};
-
-static CPUWriteMemoryFunc * const pic_write[] = {
-NULL, NULL,
-&pic_writel,
+static const MemoryRegionOps pic_ops = {
+.read = pic_read,
+.write = pic_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4
+}
 };
 
 static void nmi_handler(void *opaque, int irq, int level)
@@ -139,15 +141,13 @@ static void irq_handler(void *opaque, int irq, int level)
 static int etraxfs_pic_init(SysBusDevice *dev)
 {
 struct etrax_pic *s = FROM_SYSBUS(typeof (*s), dev);
-int intr_vect_regs;
 
 qdev_init_gpio_in(&dev->qdev, irq_handler, 32);
 sysbus_init_irq(dev, &s->parent_irq);
 sysbus_init_irq(dev, &s->parent_nmi);
 
-intr_vect_regs = cpu_register_io_memory(pic_read, pic_write, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, intr_vect_regs);
+memory_region_init_io(&s->mmio, &pic_ops, s, "etraxfs-pic", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->mmio);
 return 0;
 }
 
-- 
1.7.6.3

[Qemu-devel] [PULL 00/25] Memory API conversion, batch 10

[Avi Kivity]

Please pull from:

  git://github.com/avikivity/qemu.git memory/batch

etrax, milkymist, serial conversions.  All have already been posted on the
list.

Edgar E. Iglesias (5):
  etrax-pic: Convert to MemoryRegion
  etrax-ser: Convert to MemoryRegion
  etrax-timer: Convert to MemoryRegion
  etrax-dma: Convert to MemoryRegion
  etrax-eth: Convert to MemoryRegion

Fabien Chouteau (1):
  openpic: Memory API conversion for mpic

Michael Walle (9):
  milkymist-ac97: convert to memory API
  milkymist-hpdmc: convert to memory API
  milkymist-memcard: convert to memory API
  milkymist-pfpu: convert to memory API
  milkymist-sysctl: convert to memory API
  milkymist-tmu2: convert to memory API
  milkymist-uart: convert to memory API
  milkymist-vgafb: convert to memory API
  milkymist-{minimac2,softusb}: rename memory names

Peter Maydell (1):
  hw/smc91c111: Convert to MemoryRegion

Richard Henderson (9):
  serial: Convert serial_mm_init to MemoryRegion
  serial: Use enum device_endian in serial_mm_init parameter
  serial: Remove ioregister parameter from serial_mm_init
  serial: Add MemoryRegion parameter to serial_mm_init
  ppc405: Pass in address_space_mem to ppc405{cr, ep}_init
  ppc440: Pass in address_space_mem to ppc440ep_init
  pxa: Pass in address_space to pxa{255, 270}_init
  sm501: Pass address_space_mem to sm501_init
  sun4u: Pass address_space_mem to sun4uv_init

 hw/devices.h |6 +-
 hw/etraxfs_dma.c |   43 ++
 hw/etraxfs_eth.c |   30 ---
 hw/etraxfs_pic.c |   30 
 hw/etraxfs_ser.c |   33 
 hw/etraxfs_timer.c   |   31 
 hw/gumstix.c |7 +-
 hw/mainstone.c   |2 +-
 hw/milkymist-ac97.c  |   32 
 hw/milkymist-hpdmc.c |   32 
 hw/milkymist-memcard.c   |   32 
 hw/milkymist-minimac2.c  |4 +-
 hw/milkymist-pfpu.c  |   33 
 hw/milkymist-softusb.c   |4 +-
 hw/milkymist-sysctl.c|   32 
 hw/milkymist-tmu2.c  |   32 
 hw/milkymist-uart.c  |   33 
 hw/milkymist-vgafb.c |   33 
 hw/mips_jazz.c   |   14 +--
 hw/mips_malta.c  |7 +-
 hw/musicpal.c|   18 +---
 hw/omap_uart.c   |   27 ++
 hw/openpic.c |  207 +-
 hw/openpic.h |4 +-
 hw/pc.h  |8 +-
 hw/petalogix_ml605_mmu.c |6 +-
 hw/ppc405.h  |   22 +++--
 hw/ppc405_boards.c   |8 +-
 hw/ppc405_uc.c   |   42 ++
 hw/ppc440.c  |   16 ++--
 hw/ppc440.h  |6 +-
 hw/ppc440_bamboo.c   |5 +-
 hw/ppce500_mpc8544ds.c   |   12 ++-
 hw/pxa.h |7 +-
 hw/pxa2xx.c  |   42 --
 hw/r2d.c |5 +-
 hw/serial.c  |  153 +++--
 hw/sm501.c   |   15 +--
 hw/smc91c111.c   |   29 +++
 hw/spitz.c   |4 +-
 hw/sun4u.c   |   14 ++--
 hw/tosa.c|4 +-
 hw/virtex_ml507.c|5 +-
 hw/z2.c  |4 +-
 44 files changed, 537 insertions(+), 596 deletions(-)

-- 
1.7.6.3

[Qemu-devel] [PATCH 09/25] serial: Add MemoryRegion parameter to serial_mm_init

[Avi Kivity]

From: Richard Henderson 

Remove the get_system_memory() call from serial_mm_init, pushing
it back into the callers.  In many cases we already have the
system memory region available.

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/mips_jazz.c   |8 
 hw/mips_malta.c  |4 ++--
 hw/musicpal.c|8 
 hw/omap_uart.c   |6 --
 hw/pc.h  |7 ---
 hw/petalogix_ml605_mmu.c |6 --
 hw/ppc405_uc.c   |   20 
 hw/ppc440.c  |   11 +++
 hw/ppce500_mpc8544ds.c   |6 --
 hw/pxa2xx.c  |5 +++--
 hw/serial.c  |   10 +-
 hw/sm501.c   |4 +++-
 hw/sun4u.c   |5 +++--
 hw/virtex_ml507.c|6 --
 14 files changed, 63 insertions(+), 43 deletions(-)

diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index 1f3998f..14beea2 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -264,12 +264,12 @@ static void mips_jazz_init(MemoryRegion *address_space,
 
 /* Serial ports */
 if (serial_hds[0]) {
-serial_mm_init(0x80006000, 0, rc4030[8], 800/16, serial_hds[0],
-   DEVICE_NATIVE_ENDIAN);
+serial_mm_init(address_space, 0x80006000, 0, rc4030[8], 800/16,
+   serial_hds[0], DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
-serial_mm_init(0x80007000, 0, rc4030[9], 800/16, serial_hds[1],
-   DEVICE_NATIVE_ENDIAN);
+serial_mm_init(address_space, 0x80007000, 0, rc4030[9], 800/16,
+   serial_hds[1], DEVICE_NATIVE_ENDIAN);
 }
 
 /* Parallel port */
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index 84d1e47..bb49749 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -446,8 +446,8 @@ static void malta_fpga_led_init(CharDriverState *chr)
 
 s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
 
-s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr,
- DEVICE_NATIVE_ENDIAN);
+s->uart = serial_mm_init(address_space, base + 0x900, 3, uart_irq,
+ 230400, uart_chr, DEVICE_NATIVE_ENDIAN);
 
 malta_fpga_reset(s);
 qemu_register_reset(malta_fpga_reset, s);
diff --git a/hw/musicpal.c b/hw/musicpal.c
index 2131db1..20553b5 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -1486,12 +1486,12 @@ static void musicpal_init(ram_addr_t ram_size,
   pic[MP_TIMER4_IRQ], NULL);
 
 if (serial_hds[0]) {
-serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
-   serial_hds[0], DEVICE_NATIVE_ENDIAN);
+serial_mm_init(address_space_mem, MP_UART1_BASE, 2, pic[MP_UART1_IRQ],
+   1825000, serial_hds[0], DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
-serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
-   serial_hds[1], DEVICE_NATIVE_ENDIAN);
+serial_mm_init(address_space_mem, MP_UART2_BASE, 2, pic[MP_UART2_IRQ],
+   1825000, serial_hds[1], DEVICE_NATIVE_ENDIAN);
 }
 
 /* Register flash */
diff --git a/hw/omap_uart.c b/hw/omap_uart.c
index b43f04c..19f8e6e 100644
--- a/hw/omap_uart.c
+++ b/hw/omap_uart.c
@@ -22,6 +22,7 @@
 #include "omap.h"
 /* We use pc-style serial ports.  */
 #include "pc.h"
+#include "exec-memory.h"
 
 /* UARTs */
 struct omap_uart_s {
@@ -60,7 +61,8 @@ struct omap_uart_s *omap_uart_init(target_phys_addr_t base,
 s->base = base;
 s->fclk = fclk;
 s->irq = irq;
-s->serial = serial_mm_init(base, 2, irq, omap_clk_getrate(fclk)/16,
+s->serial = serial_mm_init(get_system_memory(), base, 2, irq,
+   omap_clk_getrate(fclk)/16,
chr ?: qemu_chr_new(label, "null", NULL),
DEVICE_NATIVE_ENDIAN);
 return s;
@@ -176,7 +178,7 @@ struct omap_uart_s *omap2_uart_init(struct 
omap_target_agent_s *ta,
 void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr)
 {
 /* TODO: Should reuse or destroy current s->serial */
-s->serial = serial_mm_init(s->base, 2, s->irq,
+s->serial = serial_mm_init(get_system_memory(), s->base, 2, s->irq,
omap_clk_getrate(s->fclk) / 16,
chr ?: qemu_chr_new("null", "null", NULL),
DEVICE_NATIVE_ENDIAN);
diff --git a/hw/pc.h b/hw/pc.h
index a0d7265..f3e21b6 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -15,9 +15,10 @@
 
 SerialState *serial_init(int base, qemu_irq irq, int baudbase,
  CharDriverState *chr);
-SerialState *serial_mm_init (target_phys_addr_t base, int it_shift,
- qemu_irq irq, int baudbase,
- CharDriverState *chr, enum device_endian);
+SerialState *serial_mm_init(MemoryReg

[Qemu-devel] [PATCH 22/25] milkymist-tmu2: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-tmu2.c |   32 
 1 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-tmu2.c b/hw/milkymist-tmu2.c
index 953d42f..aad0ed0 100644
--- a/hw/milkymist-tmu2.c
+++ b/hw/milkymist-tmu2.c
@@ -77,6 +77,7 @@ struct vertex {
 
 struct MilkymistTMU2State {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 CharDriverState *chr;
 qemu_irq irq;
 
@@ -309,7 +310,8 @@ static void tmu2_start(MilkymistTMU2State *s)
 qemu_irq_pulse(s->irq);
 }
 
-static uint32_t tmu2_read(void *opaque, target_phys_addr_t addr)
+static uint64_t tmu2_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 MilkymistTMU2State *s = opaque;
 uint32_t r = 0;
@@ -370,7 +372,8 @@ static void tmu2_check_registers(MilkymistTMU2State *s)
 }
 }
 
-static void tmu2_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void tmu2_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+   unsigned size)
 {
 MilkymistTMU2State *s = opaque;
 
@@ -414,16 +417,14 @@ static void tmu2_write(void *opaque, target_phys_addr_t 
addr, uint32_t value)
 tmu2_check_registers(s);
 }
 
-static CPUReadMemoryFunc * const tmu2_read_fn[] = {
-NULL,
-NULL,
-&tmu2_read,
-};
-
-static CPUWriteMemoryFunc * const tmu2_write_fn[] = {
-NULL,
-NULL,
-&tmu2_write,
+static const MemoryRegionOps tmu2_mmio_ops = {
+.read = tmu2_read,
+.write = tmu2_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void milkymist_tmu2_reset(DeviceState *d)
@@ -439,7 +440,6 @@ static void milkymist_tmu2_reset(DeviceState *d)
 static int milkymist_tmu2_init(SysBusDevice *dev)
 {
 MilkymistTMU2State *s = FROM_SYSBUS(typeof(*s), dev);
-int tmu2_regs;
 
 if (tmu2_glx_init(s)) {
 return 1;
@@ -447,9 +447,9 @@ static int milkymist_tmu2_init(SysBusDevice *dev)
 
 sysbus_init_irq(dev, &s->irq);
 
-tmu2_regs = cpu_register_io_memory(tmu2_read_fn, tmu2_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, tmu2_regs);
+memory_region_init_io(&s->regs_region, &tmu2_mmio_ops, s,
+"milkymist-tmu2", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 14/25] sun4u: Pass address_space_mem to sun4uv_init

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/sun4u.c |   11 ++-
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/sun4u.c b/hw/sun4u.c
index 28a5374..88c633d 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -736,7 +736,8 @@ static void ram_register_devices(void)
 return env;
 }
 
-static void sun4uv_init(ram_addr_t RAM_size,
+static void sun4uv_init(MemoryRegion *address_space_mem,
+ram_addr_t RAM_size,
 const char *boot_devices,
 const char *kernel_filename, const char 
*kernel_cmdline,
 const char *initrd_filename, const char *cpu_model,
@@ -771,7 +772,7 @@ static void sun4uv_init(ram_addr_t RAM_size,
 
 i = 0;
 if (hwdef->console_serial_base) {
-serial_mm_init(get_system_memory(), hwdef->console_serial_base, 0,
+serial_mm_init(address_space_mem, hwdef->console_serial_base, 0,
NULL, 115200, serial_hds[i], DEVICE_BIG_ENDIAN);
 i++;
 }
@@ -876,7 +877,7 @@ static void sun4u_init(ram_addr_t RAM_size,
const char *kernel_filename, const char *kernel_cmdline,
const char *initrd_filename, const char *cpu_model)
 {
-sun4uv_init(RAM_size, boot_devices, kernel_filename,
+sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
 kernel_cmdline, initrd_filename, cpu_model, &hwdefs[0]);
 }
 
@@ -886,7 +887,7 @@ static void sun4v_init(ram_addr_t RAM_size,
const char *kernel_filename, const char *kernel_cmdline,
const char *initrd_filename, const char *cpu_model)
 {
-sun4uv_init(RAM_size, boot_devices, kernel_filename,
+sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
 kernel_cmdline, initrd_filename, cpu_model, &hwdefs[1]);
 }
 
@@ -896,7 +897,7 @@ static void niagara_init(ram_addr_t RAM_size,
  const char *kernel_filename, const char 
*kernel_cmdline,
  const char *initrd_filename, const char *cpu_model)
 {
-sun4uv_init(RAM_size, boot_devices, kernel_filename,
+sun4uv_init(get_system_memory(), RAM_size, boot_devices, kernel_filename,
 kernel_cmdline, initrd_filename, cpu_model, &hwdefs[2]);
 }
 
-- 
1.7.6.3

[Qemu-devel] [PATCH 17/25] milkymist-ac97: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-ac97.c |   32 
 1 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-ac97.c b/hw/milkymist-ac97.c
index 6104732..5c5ed27 100644
--- a/hw/milkymist-ac97.c
+++ b/hw/milkymist-ac97.c
@@ -53,6 +53,7 @@ enum {
 
 struct MilkymistAC97State {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 
 QEMUSoundCard card;
 SWVoiceIn *voice_in;
@@ -82,7 +83,8 @@ static void update_voices(MilkymistAC97State *s)
 }
 }
 
-static uint32_t ac97_read(void *opaque, target_phys_addr_t addr)
+static uint64_t ac97_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 MilkymistAC97State *s = opaque;
 uint32_t r = 0;
@@ -113,7 +115,8 @@ static uint32_t ac97_read(void *opaque, target_phys_addr_t 
addr)
 return r;
 }
 
-static void ac97_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void ac97_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+   unsigned size)
 {
 MilkymistAC97State *s = opaque;
 
@@ -159,16 +162,14 @@ static void ac97_write(void *opaque, target_phys_addr_t 
addr, uint32_t value)
 
 }
 
-static CPUReadMemoryFunc * const ac97_read_fn[] = {
-NULL,
-NULL,
-&ac97_read,
-};
-
-static CPUWriteMemoryFunc * const ac97_write_fn[] = {
-NULL,
-NULL,
-&ac97_write,
+static const MemoryRegionOps ac97_mmio_ops = {
+.read = ac97_read,
+.write = ac97_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void ac97_in_cb(void *opaque, int avail_b)
@@ -280,7 +281,6 @@ static int ac97_post_load(void *opaque, int version_id)
 static int milkymist_ac97_init(SysBusDevice *dev)
 {
 MilkymistAC97State *s = FROM_SYSBUS(typeof(*s), dev);
-int ac97_regs;
 
 struct audsettings as;
 sysbus_init_irq(dev, &s->crrequest_irq);
@@ -300,9 +300,9 @@ static int milkymist_ac97_init(SysBusDevice *dev)
 s->voice_out = AUD_open_out(&s->card, s->voice_out,
 "mm_ac97.out", s, ac97_out_cb, &as);
 
-ac97_regs = cpu_register_io_memory(ac97_read_fn, ac97_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, ac97_regs);
+memory_region_init_io(&s->regs_region, &ac97_mmio_ops, s,
+"milkymist-ac97", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 13/25] sm501: Pass address_space_mem to sm501_init

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/devices.h |6 +-
 hw/r2d.c |5 -
 hw/sm501.c   |7 +++
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/hw/devices.h b/hw/devices.h
index 07fda83..8ac384f 100644
--- a/hw/devices.h
+++ b/hw/devices.h
@@ -1,6 +1,9 @@
 #ifndef QEMU_DEVICES_H
 #define QEMU_DEVICES_H
 
+/* ??? Not all users of this file can include cpu-common.h.  */
+struct MemoryRegion;
+
 /* Devices that have nowhere better to go.  */
 
 /* smc91c111.c */
@@ -57,7 +60,8 @@ qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s);
 qemu_irq tc6393xb_l3v_get(TC6393xbState *s);
 
 /* sm501.c */
-void sm501_init(uint32_t base, uint32_t local_mem_bytes, qemu_irq irq,
+void sm501_init(struct MemoryRegion *address_space_mem, uint32_t base,
+uint32_t local_mem_bytes, qemu_irq irq,
 CharDriverState *chr);
 
 #endif
diff --git a/hw/r2d.c b/hw/r2d.c
index b8b0df3..82377a0 100644
--- a/hw/r2d.c
+++ b/hw/r2d.c
@@ -37,6 +37,7 @@
 #include "usb.h"
 #include "flash.h"
 #include "blockdev.h"
+#include "exec-memory.h"
 
 #define FLASH_BASE 0x
 #define FLASH_SIZE 0x0200
@@ -235,6 +236,7 @@ static void r2d_init(ram_addr_t ram_size,
 qemu_irq *irq;
 DriveInfo *dinfo;
 int i;
+MemoryRegion *address_space_mem = get_system_memory();
 
 if (!cpu_model)
 cpu_model = "SH7751R";
@@ -258,7 +260,8 @@ static void r2d_init(ram_addr_t ram_size,
 sysbus_create_varargs("sh_pci", 0x1e20, irq[PCI_INTA], irq[PCI_INTB],
   irq[PCI_INTC], irq[PCI_INTD], NULL);
 
-sm501_init(0x1000, SM501_VRAM_SIZE, irq[SM501], serial_hds[2]);
+sm501_init(address_space_mem, 0x1000, SM501_VRAM_SIZE,
+   irq[SM501], serial_hds[2]);
 
 /* onboard CF (True IDE mode, Master only). */
 dinfo = drive_get(IF_IDE, 0, 0);
diff --git a/hw/sm501.c b/hw/sm501.c
index 6b54717..a7ed6fa 100644
--- a/hw/sm501.c
+++ b/hw/sm501.c
@@ -30,7 +30,6 @@
 #include "sysbus.h"
 #include "qdev-addr.h"
 #include "range.h"
-#include "exec-memory.h"
 
 /*
  * Status: 2010/05/07
@@ -1386,8 +1385,8 @@ static void sm501_update_display(void *opaque)
sm501_draw_crt(s);
 }
 
-void sm501_init(uint32_t base, uint32_t local_mem_bytes, qemu_irq irq,
-CharDriverState *chr)
+void sm501_init(MemoryRegion *address_space_mem, uint32_t base,
+uint32_t local_mem_bytes, qemu_irq irq, CharDriverState *chr)
 {
 SM501State * s;
 DeviceState *dev;
@@ -1441,7 +1440,7 @@ void sm501_init(uint32_t base, uint32_t local_mem_bytes, 
qemu_irq irq,
 
 /* bridge to serial emulation module */
 if (chr) {
-serial_mm_init(get_system_memory(),
+serial_mm_init(address_space_mem,
base + MMIO_BASE_OFFSET + SM501_UART0, 2,
NULL, /* TODO : chain irq to IRL */
115200, chr, DEVICE_NATIVE_ENDIAN);
-- 
1.7.6.3

[Qemu-devel] [PULL 0/4] Memory tree printer

[Avi Kivity]

Please pull from

  git://github.com/avikivity/qemu memory/core

to get the new 'info mtree' command, which is a great debugging aid.

Blue Swirl (1):
  memory: simple memory tree printer

Jan Kiszka (3):
  memory: Print region priority
  memory: Do not print empty PIO root
  memory: Print regions in ascending order

 memory.c  |  121 +
 memory.h  |2 +
 monitor.c |   13 +++
 3 files changed, 136 insertions(+), 0 deletions(-)

-- 
1.7.6.3

[Qemu-devel] [PATCH 4/4] memory: Print regions in ascending order

[Avi Kivity]

From: Jan Kiszka 

Makes reading the output more user friendly.

Signed-off-by: Jan Kiszka 
Signed-off-by: Avi Kivity 
---
 memory.c |   37 +++--
 1 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/memory.c b/memory.c
index 19f1d36..f46e626 100644
--- a/memory.c
+++ b/memory.c
@@ -1285,12 +1285,13 @@ struct MemoryRegionList {
 static void mtree_print_mr(fprintf_function mon_printf, void *f,
const MemoryRegion *mr, unsigned int level,
target_phys_addr_t base,
-   MemoryRegionListHead *print_queue)
+   MemoryRegionListHead *alias_print_queue)
 {
+MemoryRegionList *new_ml, *ml, *next_ml;
+MemoryRegionListHead submr_print_queue;
 const MemoryRegion *submr;
 unsigned int i;
 
-
 if (!mr) {
 return;
 }
@@ -1304,7 +1305,7 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
 bool found = false;
 
 /* check if the alias is already in the queue */
-QTAILQ_FOREACH(ml, print_queue, queue) {
+QTAILQ_FOREACH(ml, alias_print_queue, queue) {
 if (ml->mr == mr->alias && !ml->printed) {
 found = true;
 }
@@ -1314,7 +1315,7 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
 ml = g_new(MemoryRegionList, 1);
 ml->mr = mr->alias;
 ml->printed = false;
-QTAILQ_INSERT_TAIL(print_queue, ml, queue);
+QTAILQ_INSERT_TAIL(alias_print_queue, ml, queue);
 }
 mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d): alias %s 
@%s "
TARGET_FMT_plx "-" TARGET_FMT_plx "\n",
@@ -1332,9 +1333,33 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
mr->priority,
mr->name);
 }
+
+QTAILQ_INIT(&submr_print_queue);
+
 QTAILQ_FOREACH(submr, &mr->subregions, subregions_link) {
-mtree_print_mr(mon_printf, f, submr, level + 1, base + mr->addr,
-   print_queue);
+new_ml = g_new(MemoryRegionList, 1);
+new_ml->mr = submr;
+QTAILQ_FOREACH(ml, &submr_print_queue, queue) {
+if (new_ml->mr->addr < ml->mr->addr ||
+(new_ml->mr->addr == ml->mr->addr &&
+ new_ml->mr->priority > ml->mr->priority)) {
+QTAILQ_INSERT_BEFORE(ml, new_ml, queue);
+new_ml = NULL;
+break;
+}
+}
+if (new_ml) {
+QTAILQ_INSERT_TAIL(&submr_print_queue, new_ml, queue);
+}
+}
+
+QTAILQ_FOREACH(ml, &submr_print_queue, queue) {
+mtree_print_mr(mon_printf, f, ml->mr, level + 1, base + mr->addr,
+   alias_print_queue);
+}
+
+QTAILQ_FOREACH_SAFE(next_ml, &submr_print_queue, queue, ml) {
+g_free(ml);
 }
 }
 
-- 
1.7.6.3

[Qemu-devel] [PATCH 1/4] memory: simple memory tree printer

[Avi Kivity]

From: Blue Swirl 

Add a monitor command 'info mtree' to show the memory hierarchy
much like /proc/iomem in Linux.

Signed-off-by: Blue Swirl 
Signed-off-by: Avi Kivity 
---
 memory.c  |   91 +
 memory.h  |2 +
 monitor.c |   13 +
 3 files changed, 106 insertions(+), 0 deletions(-)

diff --git a/memory.c b/memory.c
index 71e769e..a85d118 100644
--- a/memory.c
+++ b/memory.c
@@ -1271,3 +1271,94 @@ void set_system_io_map(MemoryRegion *mr)
 address_space_io.root = mr;
 memory_region_update_topology();
 }
+
+typedef struct MemoryRegionList MemoryRegionList;
+
+struct MemoryRegionList {
+const MemoryRegion *mr;
+bool printed;
+QTAILQ_ENTRY(MemoryRegionList) queue;
+};
+
+typedef QTAILQ_HEAD(queue, MemoryRegionList) MemoryRegionListHead;
+
+static void mtree_print_mr(fprintf_function mon_printf, void *f,
+   const MemoryRegion *mr, unsigned int level,
+   target_phys_addr_t base,
+   MemoryRegionListHead *print_queue)
+{
+const MemoryRegion *submr;
+unsigned int i;
+
+
+if (!mr) {
+return;
+}
+
+for (i = 0; i < level; i++) {
+mon_printf(f, "  ");
+}
+
+if (mr->alias) {
+MemoryRegionList *ml;
+bool found = false;
+
+/* check if the alias is already in the queue */
+QTAILQ_FOREACH(ml, print_queue, queue) {
+if (ml->mr == mr->alias && !ml->printed) {
+found = true;
+}
+}
+
+if (!found) {
+ml = g_new(MemoryRegionList, 1);
+ml->mr = mr->alias;
+ml->printed = false;
+QTAILQ_INSERT_TAIL(print_queue, ml, queue);
+}
+mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " : alias %s @%s "
+   TARGET_FMT_plx "-" TARGET_FMT_plx "\n",
+   base + mr->addr,
+   base + mr->addr + (target_phys_addr_t)mr->size - 1,
+   mr->name,
+   mr->alias->name,
+   mr->alias_offset,
+   mr->alias_offset + (target_phys_addr_t)mr->size - 1);
+} else {
+mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " : %s\n",
+   base + mr->addr,
+   base + mr->addr + (target_phys_addr_t)mr->size - 1,
+   mr->name);
+}
+QTAILQ_FOREACH(submr, &mr->subregions, subregions_link) {
+mtree_print_mr(mon_printf, f, submr, level + 1, base + mr->addr,
+   print_queue);
+}
+}
+
+void mtree_info(fprintf_function mon_printf, void *f)
+{
+MemoryRegionListHead ml_head;
+MemoryRegionList *ml, *ml2;
+
+QTAILQ_INIT(&ml_head);
+
+mon_printf(f, "memory\n");
+mtree_print_mr(mon_printf, f, address_space_memory.root, 0, 0, &ml_head);
+
+/* print aliased regions */
+QTAILQ_FOREACH(ml, &ml_head, queue) {
+if (!ml->printed) {
+mon_printf(f, "%s\n", ml->mr->name);
+mtree_print_mr(mon_printf, f, ml->mr, 0, 0, &ml_head);
+}
+}
+
+QTAILQ_FOREACH_SAFE(ml, &ml_head, queue, ml2) {
+g_free(ml2);
+}
+
+QTAILQ_INIT(&ml_head);
+mon_printf(f, "I/O\n");
+mtree_print_mr(mon_printf, f, address_space_io.root, 0, 0, &ml_head);
+}
diff --git a/memory.h b/memory.h
index e93e65a..d5b47da 100644
--- a/memory.h
+++ b/memory.h
@@ -501,6 +501,8 @@ void memory_region_transaction_begin(void);
  */
 void memory_region_transaction_commit(void);
 
+void mtree_info(fprintf_function mon_printf, void *f);
+
 #endif
 
 #endif
diff --git a/monitor.c b/monitor.c
index 8ec2c5e..d323ea5 100644
--- a/monitor.c
+++ b/monitor.c
@@ -63,6 +63,7 @@
 #endif
 #include "trace/control.h"
 #include "ui/qemu-spice.h"
+#include "memory.h"
 
 //#define DEBUG
 //#define DEBUG_COMPLETION
@@ -2470,6 +2471,11 @@ static void tlb_info(Monitor *mon)
 }
 #endif
 
+static void do_info_mtree(Monitor *mon)
+{
+mtree_info((fprintf_function)monitor_printf, mon);
+}
+
 static void do_info_kvm_print(Monitor *mon, const QObject *data)
 {
 QDict *qdict;
@@ -2978,6 +2984,13 @@ int monitor_get_fd(Monitor *mon, const char *fdname)
 },
 #endif
 {
+.name   = "mtree",
+.args_type  = "",
+.params = "",
+.help   = "show memory tree",
+.mhandler.info = do_info_mtree,
+},
+{
 .name   = "jit",
 .args_type  = "",
 .params = "",
-- 
1.7.6.3

[Qemu-devel] [PATCH 3/4] memory: Do not print empty PIO root

[Avi Kivity]

From: Jan Kiszka 

Signed-off-by: Jan Kiszka 
Signed-off-by: Avi Kivity 
---
 memory.c |9 ++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/memory.c b/memory.c
index eae67be..19f1d36 100644
--- a/memory.c
+++ b/memory.c
@@ -1360,7 +1360,10 @@ void mtree_info(fprintf_function mon_printf, void *f)
 g_free(ml2);
 }
 
-QTAILQ_INIT(&ml_head);
-mon_printf(f, "I/O\n");
-mtree_print_mr(mon_printf, f, address_space_io.root, 0, 0, &ml_head);
+if (address_space_io.root &&
+!QTAILQ_EMPTY(&address_space_io.root->subregions)) {
+QTAILQ_INIT(&ml_head);
+mon_printf(f, "I/O\n");
+mtree_print_mr(mon_printf, f, address_space_io.root, 0, 0, &ml_head);
+}
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 2/4] memory: Print region priority

[Avi Kivity]

From: Jan Kiszka 

Useful to discover eclipses.

Signed-off-by: Jan Kiszka 
Signed-off-by: Avi Kivity 
---
 memory.c |6 --
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/memory.c b/memory.c
index a85d118..eae67be 100644
--- a/memory.c
+++ b/memory.c
@@ -1316,18 +1316,20 @@ static void mtree_print_mr(fprintf_function mon_printf, 
void *f,
 ml->printed = false;
 QTAILQ_INSERT_TAIL(print_queue, ml, queue);
 }
-mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " : alias %s @%s "
+mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d): alias %s 
@%s "
TARGET_FMT_plx "-" TARGET_FMT_plx "\n",
base + mr->addr,
base + mr->addr + (target_phys_addr_t)mr->size - 1,
+   mr->priority,
mr->name,
mr->alias->name,
mr->alias_offset,
mr->alias_offset + (target_phys_addr_t)mr->size - 1);
 } else {
-mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " : %s\n",
+mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d): %s\n",
base + mr->addr,
base + mr->addr + (target_phys_addr_t)mr->size - 1,
+   mr->priority,
mr->name);
 }
 QTAILQ_FOREACH(submr, &mr->subregions, subregions_link) {
-- 
1.7.6.3

Re: [Qemu-devel] [Spice-devel] viewing continuous guest virtual memory as continuous in qemu

[Alon Levy]

On Sun, Oct 02, 2011 at 03:24:36PM +0200, Alon Levy wrote:
> Hi,
> 

Converting qemu's ram allocation to a mmap and using remap_file_pages seems
like it could work. Any ideas why it wouldn't?

Alon

>  I'm trying to acheive the $subject. Some background: currently spice relies 
> on a preallocated pci bar for both surfaces and for VGA framebuffer + 
> commands. I have been trying to get rid of the surfaces bar. To do that I 
> allocate memory in the guest and then translate it for spice-server 
> consumption using cpu_physical_memory_map.
> 
>  AFAIU this works only when the guest allocates a continuous range of 
> physical pages. This is a large requirement from the guest, which I'd like to 
> drop. So I would like to have the guest use a regular allocator, generating 
> for instance two sequential pages in virtual memory that are scattered in 
> physical memory. Those two physical guest page addresses (gp1 and gp2) 
> correspond to two host virtual memory addresses (hv1, hv2). I would now like 
> to provide to spice-server a single virtual address p that maps to those two 
> pages in sequence. I don't want to handle my own scatter-gather list, I would 
> like to have this mapping done once so I can use an existing library that 
> requires a single pointer (for instance pixman or libGL) to do the rendering.
> 
>  Is there any way to acheive that without host kernel support, in user space, 
> i.e. in qemu? or with an existing host kernel device?
> 
>  I'd appreciate any help,
> 
> Alon
> ___
> Spice-devel mailing list
> spice-de...@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

[Qemu-devel] [PATCH 12/25] pxa: Pass in address_space to pxa{255, 270}_init

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/gumstix.c   |7 +--
 hw/mainstone.c |2 +-
 hw/pxa.h   |7 +--
 hw/pxa2xx.c|   10 +-
 hw/spitz.c |4 +++-
 hw/tosa.c  |4 +++-
 hw/z2.c|4 +++-
 7 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/hw/gumstix.c b/hw/gumstix.c
index b8b76f4..686a5ed 100644
--- a/hw/gumstix.c
+++ b/hw/gumstix.c
@@ -38,6 +38,7 @@
 #include "devices.h"
 #include "boards.h"
 #include "blockdev.h"
+#include "exec-memory.h"
 
 static const int sector_len = 128 * 1024;
 
@@ -49,11 +50,12 @@ static void connex_init(ram_addr_t ram_size,
 PXA2xxState *cpu;
 DriveInfo *dinfo;
 int be;
+MemoryRegion *address_space_mem = get_system_memory();
 
 uint32_t connex_rom = 0x0100;
 uint32_t connex_ram = 0x0400;
 
-cpu = pxa255_init(connex_ram);
+cpu = pxa255_init(address_space_mem, connex_ram);
 
 dinfo = drive_get(IF_PFLASH, 0, 0);
 if (!dinfo) {
@@ -87,11 +89,12 @@ static void verdex_init(ram_addr_t ram_size,
 PXA2xxState *cpu;
 DriveInfo *dinfo;
 int be;
+MemoryRegion *address_space_mem = get_system_memory();
 
 uint32_t verdex_rom = 0x0200;
 uint32_t verdex_ram = 0x1000;
 
-cpu = pxa270_init(verdex_ram, cpu_model ?: "pxa270-c0");
+cpu = pxa270_init(address_space_mem, verdex_ram, cpu_model ?: "pxa270-c0");
 
 dinfo = drive_get(IF_PFLASH, 0, 0);
 if (!dinfo) {
diff --git a/hw/mainstone.c b/hw/mainstone.c
index 336f31e..3ed6649 100644
--- a/hw/mainstone.c
+++ b/hw/mainstone.c
@@ -110,7 +110,7 @@ static void mainstone_common_init(MemoryRegion 
*address_space_mem,
 cpu_model = "pxa270-c5";
 
 /* Setup CPU & memory */
-cpu = pxa270_init(mainstone_binfo.ram_size, cpu_model);
+cpu = pxa270_init(address_space_mem, mainstone_binfo.ram_size, cpu_model);
 memory_region_init_ram(rom, NULL, "mainstone.rom", MAINSTONE_ROM);
 memory_region_set_readonly(rom, true);
 memory_region_add_subregion(address_space_mem, 0, rom);
diff --git a/hw/pxa.h b/hw/pxa.h
index 859fc67..1204165 100644
--- a/hw/pxa.h
+++ b/hw/pxa.h
@@ -9,6 +9,8 @@
 #ifndef PXA_H
 # define PXA_H "pxa.h"
 
+#include "memory.h"
+
 /* Interrupt numbers */
 # define PXA2XX_PIC_SSP3   0
 # define PXA2XX_PIC_USBH2  2
@@ -173,7 +175,8 @@ struct PXA2xxI2SState {
 # define PA_FMT"0x%08lx"
 # define REG_FMT   "0x" TARGET_FMT_plx
 
-PXA2xxState *pxa270_init(unsigned int sdram_size, const char *revision);
-PXA2xxState *pxa255_init(unsigned int sdram_size);
+PXA2xxState *pxa270_init(MemoryRegion *address_space, unsigned int sdram_size,
+ const char *revision);
+PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size);
 
 #endif /* PXA_H */
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
index c47e698..70d7c8a 100644
--- a/hw/pxa2xx.c
+++ b/hw/pxa2xx.c
@@ -15,7 +15,6 @@
 #include "ssi.h"
 #include "qemu-char.h"
 #include "blockdev.h"
-#include "exec-memory.h"
 
 static struct {
 target_phys_addr_t io_base;
@@ -2060,7 +2059,8 @@ static void pxa2xx_reset(void *opaque, int line, int 
level)
 }
 
 /* Initialise a PXA270 integrated chip (ARM based core).  */
-PXA2xxState *pxa270_init(unsigned int sdram_size, const char *revision)
+PXA2xxState *pxa270_init(MemoryRegion *address_space,
+ unsigned int sdram_size, const char *revision)
 {
 PXA2xxState *s;
 int iomemtype, i;
@@ -2116,7 +2116,7 @@ static void pxa2xx_reset(void *opaque, int line, int 
level)
 
 for (i = 0; pxa270_serial[i].io_base; i++) {
 if (serial_hds[i]) {
-serial_mm_init(get_system_memory(), pxa270_serial[i].io_base, 2,
+serial_mm_init(address_space, pxa270_serial[i].io_base, 2,
qdev_get_gpio_in(s->pic, pxa270_serial[i].irqn),
14857000 / 16, serial_hds[i],
DEVICE_NATIVE_ENDIAN);
@@ -2199,7 +2199,7 @@ static void pxa2xx_reset(void *opaque, int line, int 
level)
 }
 
 /* Initialise a PXA255 integrated chip (ARM based core).  */
-PXA2xxState *pxa255_init(unsigned int sdram_size)
+PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size)
 {
 PXA2xxState *s;
 int iomemtype, i;
@@ -2248,7 +2248,7 @@ static void pxa2xx_reset(void *opaque, int line, int 
level)
 
 for (i = 0; pxa255_serial[i].io_base; i++) {
 if (serial_hds[i]) {
-serial_mm_init(get_system_memory(), pxa255_serial[i].io_base, 2,
+serial_mm_init(address_space, pxa255_serial[i].io_base, 2,
qdev_get_gpio_in(s->pic, pxa255_serial[i].irqn),
14745600 / 16, serial_hds[i],
DEVICE_NATIVE_ENDIAN);
diff --git a/hw/spitz.c b/hw/spitz.c
index 0adae59..6f8a94c 100644
--- a/hw/spitz.c
+++ b/hw/spitz.c
@@ -24,6 +24,7 @@
 #i

[Qemu-devel] [PATCH 25/25] milkymist-{minimac2, softusb}: rename memory names

[Avi Kivity]

From: Michael Walle 

Be consistent with other milkymist models.

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-minimac2.c |4 ++--
 hw/milkymist-softusb.c  |4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/milkymist-minimac2.c b/hw/milkymist-minimac2.c
index fb48e37..85d9400 100644
--- a/hw/milkymist-minimac2.c
+++ b/hw/milkymist-minimac2.c
@@ -464,11 +464,11 @@ static int milkymist_minimac2_init(SysBusDevice *dev)
 sysbus_init_irq(dev, &s->tx_irq);
 
 memory_region_init_io(&s->regs_region, &minimac2_ops, s,
-  "minimac2-mmio", R_MAX * 4);
+  "milkymist-minimac2", R_MAX * 4);
 sysbus_init_mmio_region(dev, &s->regs_region);
 
 /* register buffers memory */
-memory_region_init_ram(&s->buffers, NULL, "milkymist_minimac2.buffers",
+memory_region_init_ram(&s->buffers, NULL, "milkymist-minimac2.buffers",
buffers_size);
 s->rx0_buf = memory_region_get_ram_ptr(&s->buffers);
 s->rx1_buf = s->rx0_buf + MINIMAC2_BUFFER_SIZE;
diff --git a/hw/milkymist-softusb.c b/hw/milkymist-softusb.c
index ef4d9ee..ec5f334 100644
--- a/hw/milkymist-softusb.c
+++ b/hw/milkymist-softusb.c
@@ -267,10 +267,10 @@ static int milkymist_softusb_init(SysBusDevice *dev)
 sysbus_init_mmio_region(dev, &s->regs_region);
 
 /* register pmem and dmem */
-memory_region_init_ram(&s->pmem, NULL, "milkymist_softusb.pmem",
+memory_region_init_ram(&s->pmem, NULL, "milkymist-softusb.pmem",
s->pmem_size);
 sysbus_add_memory(dev, s->pmem_base, &s->pmem);
-memory_region_init_ram(&s->dmem, NULL, "milkymist_softusb.dmem",
+memory_region_init_ram(&s->dmem, NULL, "milkymist-softusb.dmem",
s->dmem_size);
 sysbus_add_memory(dev, s->dmem_base, &s->dmem);
 
-- 
1.7.6.3

[Qemu-devel] [PATCH 08/25] serial: Remove ioregister parameter from serial_mm_init

[Avi Kivity]

From: Richard Henderson 

All callers passed 1.

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/mips_jazz.c   |4 ++--
 hw/mips_malta.c  |2 +-
 hw/musicpal.c|4 ++--
 hw/omap_uart.c   |4 ++--
 hw/pc.h  |3 +--
 hw/petalogix_ml605_mmu.c |2 +-
 hw/ppc405_uc.c   |8 
 hw/ppc440.c  |4 ++--
 hw/ppce500_mpc8544ds.c   |4 ++--
 hw/pxa2xx.c  |4 ++--
 hw/serial.c  |8 +++-
 hw/sm501.c   |2 +-
 hw/sun4u.c   |2 +-
 hw/virtex_ml507.c|2 +-
 14 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index 9a87a8e..1f3998f 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -265,11 +265,11 @@ static void mips_jazz_init(MemoryRegion *address_space,
 /* Serial ports */
 if (serial_hds[0]) {
 serial_mm_init(0x80006000, 0, rc4030[8], 800/16, serial_hds[0],
-   1, DEVICE_NATIVE_ENDIAN);
+   DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
 serial_mm_init(0x80007000, 0, rc4030[9], 800/16, serial_hds[1],
-   1, DEVICE_NATIVE_ENDIAN);
+   DEVICE_NATIVE_ENDIAN);
 }
 
 /* Parallel port */
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index 0b16914..84d1e47 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -447,7 +447,7 @@ static void malta_fpga_led_init(CharDriverState *chr)
 s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
 
 s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr,
- 1, DEVICE_NATIVE_ENDIAN);
+ DEVICE_NATIVE_ENDIAN);
 
 malta_fpga_reset(s);
 qemu_register_reset(malta_fpga_reset, s);
diff --git a/hw/musicpal.c b/hw/musicpal.c
index e79b07e..2131db1 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -1487,11 +1487,11 @@ static void musicpal_init(ram_addr_t ram_size,
 
 if (serial_hds[0]) {
 serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
-   serial_hds[0], 1, DEVICE_NATIVE_ENDIAN);
+   serial_hds[0], DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
 serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
-   serial_hds[1], 1, DEVICE_NATIVE_ENDIAN);
+   serial_hds[1], DEVICE_NATIVE_ENDIAN);
 }
 
 /* Register flash */
diff --git a/hw/omap_uart.c b/hw/omap_uart.c
index 66696ab..b43f04c 100644
--- a/hw/omap_uart.c
+++ b/hw/omap_uart.c
@@ -61,7 +61,7 @@ struct omap_uart_s *omap_uart_init(target_phys_addr_t base,
 s->fclk = fclk;
 s->irq = irq;
 s->serial = serial_mm_init(base, 2, irq, omap_clk_getrate(fclk)/16,
-   chr ?: qemu_chr_new(label, "null", NULL), 1,
+   chr ?: qemu_chr_new(label, "null", NULL),
DEVICE_NATIVE_ENDIAN);
 return s;
 }
@@ -178,6 +178,6 @@ void omap_uart_attach(struct omap_uart_s *s, 
CharDriverState *chr)
 /* TODO: Should reuse or destroy current s->serial */
 s->serial = serial_mm_init(s->base, 2, s->irq,
omap_clk_getrate(s->fclk) / 16,
-   chr ?: qemu_chr_new("null", "null", NULL), 1,
+   chr ?: qemu_chr_new("null", "null", NULL),
DEVICE_NATIVE_ENDIAN);
 }
diff --git a/hw/pc.h b/hw/pc.h
index d70b81a..a0d7265 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -17,8 +17,7 @@ SerialState *serial_init(int base, qemu_irq irq, int baudbase,
  CharDriverState *chr);
 SerialState *serial_mm_init (target_phys_addr_t base, int it_shift,
  qemu_irq irq, int baudbase,
- CharDriverState *chr, int ioregister,
- enum device_endian);
+ CharDriverState *chr, enum device_endian);
 static inline bool serial_isa_init(int index, CharDriverState *chr)
 {
 ISADevice *dev;
diff --git a/hw/petalogix_ml605_mmu.c b/hw/petalogix_ml605_mmu.c
index 97ff33d..ab89341 100644
--- a/hw/petalogix_ml605_mmu.c
+++ b/hw/petalogix_ml605_mmu.c
@@ -185,7 +185,7 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 }
 
 serial_mm_init(UART16550_BASEADDR + 0x1000, 2, irq[5], 115200,
-   serial_hds[0], 1, DEVICE_LITTLE_ENDIAN);
+   serial_hds[0], DEVICE_LITTLE_ENDIAN);
 
 /* 2 timers at irq 2 @ 100 Mhz.  */
 xilinx_timer_create(TIMER_BASEADDR, irq[2], 2, 100 * 100);
diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 35584df..924aada 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -2150,11 +2150,11 @@ static void ppc405cr_cpc_init (CPUState *env, 
clk_setup_t clk_setup[7],
 /* Serial ports */
 if

[Qemu-devel] [PATCH 07/25] serial: Use enum device_endian in serial_mm_init parameter

[Avi Kivity]

From: Richard Henderson 

The use of DEVICE_NATIVE_ENDIAN cleans up lots of ifdefs in
many of the callers.

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/mips_jazz.c   |   14 --
 hw/mips_malta.c  |7 ++-
 hw/musicpal.c|   14 ++
 hw/omap_uart.c   |   17 ++---
 hw/pc.h  |2 +-
 hw/petalogix_ml605_mmu.c |2 +-
 hw/ppc405_uc.c   |8 
 hw/ppc440.c  |4 ++--
 hw/ppce500_mpc8544ds.c   |4 ++--
 hw/pxa2xx.c  |   33 +
 hw/serial.c  |4 +---
 hw/sm501.c   |8 +---
 hw/sun4u.c   |2 +-
 hw/virtex_ml507.c|3 ++-
 14 files changed, 38 insertions(+), 84 deletions(-)

diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index ea07d32..9a87a8e 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -264,18 +264,12 @@ static void mips_jazz_init(MemoryRegion *address_space,
 
 /* Serial ports */
 if (serial_hds[0]) {
-#ifdef TARGET_WORDS_BIGENDIAN
-serial_mm_init(0x80006000, 0, rc4030[8], 800/16, serial_hds[0], 1, 
1);
-#else
-serial_mm_init(0x80006000, 0, rc4030[8], 800/16, serial_hds[0], 1, 
0);
-#endif
+serial_mm_init(0x80006000, 0, rc4030[8], 800/16, serial_hds[0],
+   1, DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
-#ifdef TARGET_WORDS_BIGENDIAN
-serial_mm_init(0x80007000, 0, rc4030[9], 800/16, serial_hds[1], 1, 
1);
-#else
-serial_mm_init(0x80007000, 0, rc4030[9], 800/16, serial_hds[1], 1, 
0);
-#endif
+serial_mm_init(0x80007000, 0, rc4030[9], 800/16, serial_hds[1],
+   1, DEVICE_NATIVE_ENDIAN);
 }
 
 /* Parallel port */
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index 1ec1228..0b16914 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -446,11 +446,8 @@ static void malta_fpga_led_init(CharDriverState *chr)
 
 s->display = qemu_chr_new("fpga", "vc:320x200", malta_fpga_led_init);
 
-#ifdef TARGET_WORDS_BIGENDIAN
-s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr, 1, 
1);
-#else
-s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr, 1, 
0);
-#endif
+s->uart = serial_mm_init(base + 0x900, 3, uart_irq, 230400, uart_chr,
+ 1, DEVICE_NATIVE_ENDIAN);
 
 malta_fpga_reset(s);
 qemu_register_reset(malta_fpga_reset, s);
diff --git a/hw/musicpal.c b/hw/musicpal.c
index 9b1f380..e79b07e 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -1486,22 +1486,12 @@ static void musicpal_init(ram_addr_t ram_size,
   pic[MP_TIMER4_IRQ], NULL);
 
 if (serial_hds[0]) {
-#ifdef TARGET_WORDS_BIGENDIAN
-serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
-   serial_hds[0], 1, 1);
-#else
 serial_mm_init(MP_UART1_BASE, 2, pic[MP_UART1_IRQ], 1825000,
-   serial_hds[0], 1, 0);
-#endif
+   serial_hds[0], 1, DEVICE_NATIVE_ENDIAN);
 }
 if (serial_hds[1]) {
-#ifdef TARGET_WORDS_BIGENDIAN
-serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
-   serial_hds[1], 1, 1);
-#else
 serial_mm_init(MP_UART2_BASE, 2, pic[MP_UART2_IRQ], 1825000,
-   serial_hds[1], 1, 0);
-#endif
+   serial_hds[1], 1, DEVICE_NATIVE_ENDIAN);
 }
 
 /* Register flash */
diff --git a/hw/omap_uart.c b/hw/omap_uart.c
index 191a0c2..66696ab 100644
--- a/hw/omap_uart.c
+++ b/hw/omap_uart.c
@@ -60,15 +60,9 @@ struct omap_uart_s *omap_uart_init(target_phys_addr_t base,
 s->base = base;
 s->fclk = fclk;
 s->irq = irq;
-#ifdef TARGET_WORDS_BIGENDIAN
 s->serial = serial_mm_init(base, 2, irq, omap_clk_getrate(fclk)/16,
chr ?: qemu_chr_new(label, "null", NULL), 1,
-   1);
-#else
-s->serial = serial_mm_init(base, 2, irq, omap_clk_getrate(fclk)/16,
-   chr ?: qemu_chr_new(label, "null", NULL), 1,
-   0);
-#endif
+   DEVICE_NATIVE_ENDIAN);
 return s;
 }
 
@@ -182,15 +176,8 @@ struct omap_uart_s *omap2_uart_init(struct 
omap_target_agent_s *ta,
 void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr)
 {
 /* TODO: Should reuse or destroy current s->serial */
-#ifdef TARGET_WORDS_BIGENDIAN
-s->serial = serial_mm_init(s->base, 2, s->irq,
-   omap_clk_getrate(s->fclk) / 16,
-   chr ?: qemu_chr_new("null", "null", NULL), 1,
-   1);
-#else
 s->serial = serial_mm_init(s->base, 2, s->irq,
omap_clk_getrate(s->fclk) / 16,
chr ?: qemu_chr_new("null", "null", NULL), 1,
-

[Qemu-devel] [PATCH 21/25] milkymist-sysctl: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-sysctl.c |   32 
 1 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-sysctl.c b/hw/milkymist-sysctl.c
index 7b2d544..5783f08 100644
--- a/hw/milkymist-sysctl.c
+++ b/hw/milkymist-sysctl.c
@@ -59,6 +59,7 @@ enum {
 
 struct MilkymistSysctlState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 
 QEMUBH *bh0;
 QEMUBH *bh1;
@@ -88,7 +89,8 @@ static void sysctl_icap_write(MilkymistSysctlState *s, 
uint32_t value)
 }
 }
 
-static uint32_t sysctl_read(void *opaque, target_phys_addr_t addr)
+static uint64_t sysctl_read(void *opaque, target_phys_addr_t addr,
+unsigned size)
 {
 MilkymistSysctlState *s = opaque;
 uint32_t r = 0;
@@ -129,7 +131,8 @@ static uint32_t sysctl_read(void *opaque, 
target_phys_addr_t addr)
 return r;
 }
 
-static void sysctl_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void sysctl_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+ unsigned size)
 {
 MilkymistSysctlState *s = opaque;
 
@@ -195,16 +198,14 @@ static void sysctl_write(void *opaque, target_phys_addr_t 
addr, uint32_t value)
 }
 }
 
-static CPUReadMemoryFunc * const sysctl_read_fn[] = {
-NULL,
-NULL,
-&sysctl_read,
-};
-
-static CPUWriteMemoryFunc * const sysctl_write_fn[] = {
-NULL,
-NULL,
-&sysctl_write,
+static const MemoryRegionOps sysctl_mmio_ops = {
+.read = sysctl_read,
+.write = sysctl_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void timer0_hit(void *opaque)
@@ -258,7 +259,6 @@ static void milkymist_sysctl_reset(DeviceState *d)
 static int milkymist_sysctl_init(SysBusDevice *dev)
 {
 MilkymistSysctlState *s = FROM_SYSBUS(typeof(*s), dev);
-int sysctl_regs;
 
 sysbus_init_irq(dev, &s->gpio_irq);
 sysbus_init_irq(dev, &s->timer0_irq);
@@ -271,9 +271,9 @@ static int milkymist_sysctl_init(SysBusDevice *dev)
 ptimer_set_freq(s->ptimer0, s->freq_hz);
 ptimer_set_freq(s->ptimer1, s->freq_hz);
 
-sysctl_regs = cpu_register_io_memory(sysctl_read_fn, sysctl_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, sysctl_regs);
+memory_region_init_io(&s->regs_region, &sysctl_mmio_ops, s,
+"milkymist-sysctl", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 05/25] etrax-eth: Convert to MemoryRegion

[Avi Kivity]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Signed-off-by: Avi Kivity 
---
 hw/etraxfs_eth.c |   30 --
 1 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/hw/etraxfs_eth.c b/hw/etraxfs_eth.c
index 48de6dc..246a279 100644
--- a/hw/etraxfs_eth.c
+++ b/hw/etraxfs_eth.c
@@ -320,6 +320,7 @@ static void mdio_cycle(struct qemu_mdio *bus)
 struct fs_eth
 {
SysBusDevice busdev;
+   MemoryRegion mmio;
NICState *nic;
NICConf conf;
int ethregs;
@@ -373,7 +374,8 @@ static void eth_validate_duplex(struct fs_eth *eth)
}
 }
 
-static uint32_t eth_readl (void *opaque, target_phys_addr_t addr)
+static uint64_t
+eth_read(void *opaque, target_phys_addr_t addr, unsigned int size)
 {
struct fs_eth *eth = opaque;
uint32_t r = 0;
@@ -417,9 +419,11 @@ static void eth_update_ma(struct fs_eth *eth, int ma)
 }
 
 static void
-eth_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
+eth_write(void *opaque, target_phys_addr_t addr,
+  uint64_t val64, unsigned int size)
 {
struct fs_eth *eth = opaque;
+   uint32_t value = val64;
 
addr >>= 2;
switch (addr)
@@ -553,14 +557,14 @@ static void eth_set_link(VLANClientState *nc)
eth->phy.link = !nc->link_down;
 }
 
-static CPUReadMemoryFunc * const eth_read[] = {
-   NULL, NULL,
-   ð_readl,
-};
-
-static CPUWriteMemoryFunc * const eth_write[] = {
-   NULL, NULL,
-   ð_writel,
+static const MemoryRegionOps eth_ops = {
+   .read = eth_read,
+   .write = eth_write,
+   .endianness = DEVICE_LITTLE_ENDIAN,
+   .valid = {
+   .min_access_size = 4,
+   .max_access_size = 4
+   }
 };
 
 static void eth_cleanup(VLANClientState *nc)
@@ -589,7 +593,6 @@ static void eth_cleanup(VLANClientState *nc)
 static int fs_eth_init(SysBusDevice *dev)
 {
struct fs_eth *s = FROM_SYSBUS(typeof(*s), dev);
-   int eth_regs;
 
if (!s->dma_out || !s->dma_in) {
hw_error("Unconnected ETRAX-FS Ethernet MAC.\n");
@@ -600,9 +603,8 @@ static int fs_eth_init(SysBusDevice *dev)
s->dma_in->client.opaque = s;
s->dma_in->client.pull = NULL;
 
-   eth_regs = cpu_register_io_memory(eth_read, eth_write, s,
- DEVICE_LITTLE_ENDIAN);
-   sysbus_init_mmio(dev, 0x5c, eth_regs);
+   memory_region_init_io(&s->mmio, ð_ops, s, "etraxfs-eth", 0x5c);
+   sysbus_init_mmio_region(dev, &s->mmio);
 
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
-- 
1.7.6.3

[Qemu-devel] [PATCH 20/25] milkymist-pfpu: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-pfpu.c |   33 -
 1 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/hw/milkymist-pfpu.c b/hw/milkymist-pfpu.c
index 306d1ce..672f6e4 100644
--- a/hw/milkymist-pfpu.c
+++ b/hw/milkymist-pfpu.c
@@ -118,6 +118,7 @@ enum {
 
 struct MilkymistPFPUState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 CharDriverState *chr;
 qemu_irq irq;
 
@@ -379,7 +380,8 @@ static inline int get_microcode_address(MilkymistPFPUState 
*s, uint32_t addr)
 return (512 * s->regs[R_CODEPAGE]) + addr - MICROCODE_BEGIN;
 }
 
-static uint32_t pfpu_read(void *opaque, target_phys_addr_t addr)
+static uint64_t pfpu_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 MilkymistPFPUState *s = opaque;
 uint32_t r = 0;
@@ -418,8 +420,8 @@ static uint32_t pfpu_read(void *opaque, target_phys_addr_t 
addr)
 return r;
 }
 
-static void
-pfpu_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void pfpu_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+   unsigned size)
 {
 MilkymistPFPUState *s = opaque;
 
@@ -459,16 +461,14 @@ static uint32_t pfpu_read(void *opaque, 
target_phys_addr_t addr)
 }
 }
 
-static CPUReadMemoryFunc * const pfpu_read_fn[] = {
-NULL,
-NULL,
-&pfpu_read,
-};
-
-static CPUWriteMemoryFunc * const pfpu_write_fn[] = {
-NULL,
-NULL,
-&pfpu_write,
+static const MemoryRegionOps pfpu_mmio_ops = {
+.read = pfpu_read,
+.write = pfpu_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void milkymist_pfpu_reset(DeviceState *d)
@@ -494,13 +494,12 @@ static void milkymist_pfpu_reset(DeviceState *d)
 static int milkymist_pfpu_init(SysBusDevice *dev)
 {
 MilkymistPFPUState *s = FROM_SYSBUS(typeof(*s), dev);
-int pfpu_regs;
 
 sysbus_init_irq(dev, &s->irq);
 
-pfpu_regs = cpu_register_io_memory(pfpu_read_fn, pfpu_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, MICROCODE_END * 4, pfpu_regs);
+memory_region_init_io(&s->regs_region, &pfpu_mmio_ops, s,
+"milkymist-pfpu", MICROCODE_END * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 18/25] milkymist-hpdmc: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-hpdmc.c |   32 
 1 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-hpdmc.c b/hw/milkymist-hpdmc.c
index c0962fb..17c840f 100644
--- a/hw/milkymist-hpdmc.c
+++ b/hw/milkymist-hpdmc.c
@@ -42,12 +42,14 @@ enum {
 
 struct MilkymistHpdmcState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 
 uint32_t regs[R_MAX];
 };
 typedef struct MilkymistHpdmcState MilkymistHpdmcState;
 
-static uint32_t hpdmc_read(void *opaque, target_phys_addr_t addr)
+static uint64_t hpdmc_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 MilkymistHpdmcState *s = opaque;
 uint32_t r = 0;
@@ -72,7 +74,8 @@ static uint32_t hpdmc_read(void *opaque, target_phys_addr_t 
addr)
 return r;
 }
 
-static void hpdmc_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void hpdmc_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+unsigned size)
 {
 MilkymistHpdmcState *s = opaque;
 
@@ -96,16 +99,14 @@ static void hpdmc_write(void *opaque, target_phys_addr_t 
addr, uint32_t value)
 }
 }
 
-static CPUReadMemoryFunc * const hpdmc_read_fn[] = {
-NULL,
-NULL,
-&hpdmc_read,
-};
-
-static CPUWriteMemoryFunc * const hpdmc_write_fn[] = {
-NULL,
-NULL,
-&hpdmc_write,
+static const MemoryRegionOps hpdmc_mmio_ops = {
+.read = hpdmc_read,
+.write = hpdmc_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void milkymist_hpdmc_reset(DeviceState *d)
@@ -125,11 +126,10 @@ static void milkymist_hpdmc_reset(DeviceState *d)
 static int milkymist_hpdmc_init(SysBusDevice *dev)
 {
 MilkymistHpdmcState *s = FROM_SYSBUS(typeof(*s), dev);
-int hpdmc_regs;
 
-hpdmc_regs = cpu_register_io_memory(hpdmc_read_fn, hpdmc_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, hpdmc_regs);
+memory_region_init_io(&s->regs_region, &hpdmc_mmio_ops, s,
+"milkymist-hpdmc", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 19/25] milkymist-memcard: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-memcard.c |   32 
 1 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-memcard.c b/hw/milkymist-memcard.c
index 22dc377..fb6e558 100644
--- a/hw/milkymist-memcard.c
+++ b/hw/milkymist-memcard.c
@@ -60,6 +60,7 @@ enum {
 
 struct MilkymistMemcardState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 SDState *card;
 
 int command_write_ptr;
@@ -116,7 +117,8 @@ static void memcard_sd_command(MilkymistMemcardState *s)
 }
 }
 
-static uint32_t memcard_read(void *opaque, target_phys_addr_t addr)
+static uint64_t memcard_read(void *opaque, target_phys_addr_t addr,
+ unsigned size)
 {
 MilkymistMemcardState *s = opaque;
 uint32_t r = 0;
@@ -164,7 +166,8 @@ static uint32_t memcard_read(void *opaque, 
target_phys_addr_t addr)
 return r;
 }
 
-static void memcard_write(void *opaque, target_phys_addr_t addr, uint32_t 
value)
+static void memcard_write(void *opaque, target_phys_addr_t addr, uint64_t 
value,
+  unsigned size)
 {
 MilkymistMemcardState *s = opaque;
 
@@ -216,16 +219,14 @@ static void memcard_write(void *opaque, 
target_phys_addr_t addr, uint32_t value)
 }
 }
 
-static CPUReadMemoryFunc * const memcard_read_fn[] = {
-NULL,
-NULL,
-&memcard_read,
-};
-
-static CPUWriteMemoryFunc * const memcard_write_fn[] = {
-NULL,
-NULL,
-&memcard_write,
+static const MemoryRegionOps memcard_mmio_ops = {
+.read = memcard_read,
+.write = memcard_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void milkymist_memcard_reset(DeviceState *d)
@@ -247,15 +248,14 @@ static int milkymist_memcard_init(SysBusDevice *dev)
 {
 MilkymistMemcardState *s = FROM_SYSBUS(typeof(*s), dev);
 DriveInfo *dinfo;
-int memcard_regs;
 
 dinfo = drive_get_next(IF_SD);
 s->card = sd_init(dinfo ? dinfo->bdrv : NULL, 0);
 s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
 
-memcard_regs = cpu_register_io_memory(memcard_read_fn, memcard_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, memcard_regs);
+memory_region_init_io(&s->regs_region, &memcard_mmio_ops, s,
+"milkymist-memcard", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 16/25] openpic: Memory API conversion for mpic

[Avi Kivity]

From: Fabien Chouteau 

This patch converts mpic to the new memory API (through old mmio).

Signed-off-by: Fabien Chouteau 
Signed-off-by: Avi Kivity 
---
 hw/openpic.c   |  207 ++--
 hw/openpic.h   |4 +-
 hw/ppce500_mpc8544ds.c |2 +-
 3 files changed, 114 insertions(+), 99 deletions(-)

diff --git a/hw/openpic.c b/hw/openpic.c
index 26c96e2..88e997e 100644
--- a/hw/openpic.c
+++ b/hw/openpic.c
@@ -206,6 +206,10 @@ enum IPVP_bits {
 typedef struct openpic_t {
 PCIDevice pci_dev;
 MemoryRegion mem;
+
+/* Sub-regions */
+MemoryRegion sub_io_mem[7];
+
 /* Global registers */
 uint32_t frep; /* Feature reporting register */
 uint32_t glbc; /* Global configuration register  */
@@ -1537,107 +1541,122 @@ static uint32_t mpic_src_msi_read (void *opaque, 
target_phys_addr_t addr)
 return retval;
 }
 
-static CPUWriteMemoryFunc * const mpic_glb_write[] = {
-&openpic_buggy_write,
-&openpic_buggy_write,
-&openpic_gbl_write,
-};
-
-static CPUReadMemoryFunc * const mpic_glb_read[] = {
-&openpic_buggy_read,
-&openpic_buggy_read,
-&openpic_gbl_read,
-};
-
-static CPUWriteMemoryFunc * const mpic_tmr_write[] = {
-&openpic_buggy_write,
-&openpic_buggy_write,
-&mpic_timer_write,
+static const MemoryRegionOps mpic_glb_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   openpic_gbl_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   openpic_gbl_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUReadMemoryFunc * const mpic_tmr_read[] = {
-&openpic_buggy_read,
-&openpic_buggy_read,
-&mpic_timer_read,
+static const MemoryRegionOps mpic_tmr_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   mpic_timer_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   mpic_timer_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const mpic_cpu_write[] = {
-&openpic_buggy_write,
-&openpic_buggy_write,
-&openpic_cpu_write,
+static const MemoryRegionOps mpic_cpu_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   openpic_cpu_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   openpic_cpu_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUReadMemoryFunc * const mpic_cpu_read[] = {
-&openpic_buggy_read,
-&openpic_buggy_read,
-&openpic_cpu_read,
+static const MemoryRegionOps mpic_ext_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   mpic_src_ext_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   mpic_src_ext_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const mpic_ext_write[] = {
-&openpic_buggy_write,
-&openpic_buggy_write,
-&mpic_src_ext_write,
+static const MemoryRegionOps mpic_int_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   mpic_src_int_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   mpic_src_int_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUReadMemoryFunc * const mpic_ext_read[] = {
-&openpic_buggy_read,
-&openpic_buggy_read,
-&mpic_src_ext_read,
+static const MemoryRegionOps mpic_msg_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   mpic_src_msg_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   mpic_src_msg_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const mpic_int_write[] = {
-&openpic_buggy_write,
-&openpic_buggy_write,
-&mpic_src_int_write,
+static const MemoryRegionOps mpic_msi_ops = {
+.old_mmio = {
+.write = { openpic_buggy_write,
+   openpic_buggy_write,
+   mpic_src_msi_write,
+},
+.read  = { openpic_buggy_read,
+   openpic_buggy_read,
+   mpic_src_msi_read,
+},
+},
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
-static CPUReadMemoryFunc * const mpic_int_read[] = {
-&openpic_buggy_read,
-&openpic_buggy_read,
-&mpic_src_int_read,
-};
-
-static CPUWriteMemoryFunc * const mpic_msg_write[] = {
-&openpic_buggy_wr

[Qemu-devel] [PATCH 24/25] milkymist-vgafb: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-vgafb.c |   33 -
 1 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/hw/milkymist-vgafb.c b/hw/milkymist-vgafb.c
index 2e55e42..be81abd 100644
--- a/hw/milkymist-vgafb.c
+++ b/hw/milkymist-vgafb.c
@@ -64,6 +64,7 @@ enum {
 
 struct MilkymistVgafbState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 DisplayState *ds;
 
 int invalidate;
@@ -153,7 +154,8 @@ static void vgafb_resize(MilkymistVgafbState *s)
 s->invalidate = 1;
 }
 
-static uint32_t vgafb_read(void *opaque, target_phys_addr_t addr)
+static uint64_t vgafb_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 MilkymistVgafbState *s = opaque;
 uint32_t r = 0;
@@ -189,8 +191,8 @@ static uint32_t vgafb_read(void *opaque, target_phys_addr_t 
addr)
 return r;
 }
 
-static void
-vgafb_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void vgafb_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+unsigned size)
 {
 MilkymistVgafbState *s = opaque;
 
@@ -238,16 +240,14 @@ static uint32_t vgafb_read(void *opaque, 
target_phys_addr_t addr)
 }
 }
 
-static CPUReadMemoryFunc * const vgafb_read_fn[] = {
-   NULL,
-   NULL,
-   &vgafb_read
-};
-
-static CPUWriteMemoryFunc * const vgafb_write_fn[] = {
-   NULL,
-   NULL,
-   &vgafb_write
+static const MemoryRegionOps vgafb_mmio_ops = {
+.read = vgafb_read,
+.write = vgafb_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void milkymist_vgafb_reset(DeviceState *d)
@@ -269,11 +269,10 @@ static void milkymist_vgafb_reset(DeviceState *d)
 static int milkymist_vgafb_init(SysBusDevice *dev)
 {
 MilkymistVgafbState *s = FROM_SYSBUS(typeof(*s), dev);
-int vgafb_regs;
 
-vgafb_regs = cpu_register_io_memory(vgafb_read_fn, vgafb_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, vgafb_regs);
+memory_region_init_io(&s->regs_region, &vgafb_mmio_ops, s,
+"milkymist-vgafb", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 s->ds = graphic_console_init(vgafb_update_display,
  vgafb_invalidate_display,
-- 
1.7.6.3

[Qemu-devel] [PATCH 04/25] etrax-dma: Convert to MemoryRegion

[Avi Kivity]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Signed-off-by: Avi Kivity 
---
 hw/etraxfs_dma.c |   43 +++
 1 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/hw/etraxfs_dma.c b/hw/etraxfs_dma.c
index d3082ac..94bfb70 100644
--- a/hw/etraxfs_dma.c
+++ b/hw/etraxfs_dma.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include "hw.h"
+#include "exec-memory.h"
 #include "qemu-common.h"
 #include "sysemu.h"
 
@@ -185,7 +186,7 @@ struct fs_dma_channel
 
 struct fs_dma_ctrl
 {
-   int map;
+   MemoryRegion mmio;
int nr_channels;
struct fs_dma_channel *channels;
 
@@ -562,13 +563,17 @@ static uint32_t dma_rinvalid (void *opaque, 
target_phys_addr_t addr)
 return 0;
 }
 
-static uint32_t
-dma_readl (void *opaque, target_phys_addr_t addr)
+static uint64_t
+dma_read(void *opaque, target_phys_addr_t addr, unsigned int size)
 {
 struct fs_dma_ctrl *ctrl = opaque;
int c;
uint32_t r = 0;
 
+   if (size != 4) {
+   dma_rinvalid(opaque, addr);
+   }
+
/* Make addr relative to this channel and bounded to nr regs.  */
c = fs_channel(addr);
addr &= 0xff;
@@ -608,11 +613,17 @@ static uint32_t dma_rinvalid (void *opaque, 
target_phys_addr_t addr)
 }
 
 static void
-dma_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
+dma_write(void *opaque, target_phys_addr_t addr,
+ uint64_t val64, unsigned int size)
 {
 struct fs_dma_ctrl *ctrl = opaque;
+   uint32_t value = val64;
int c;
 
+   if (size != 4) {
+   dma_winvalid(opaque, addr, value);
+   }
+
 /* Make addr relative to this channel and bounded to nr regs.  */
c = fs_channel(addr);
 addr &= 0xff;
@@ -668,16 +679,14 @@ static uint32_t dma_rinvalid (void *opaque, 
target_phys_addr_t addr)
 }
 }
 
-static CPUReadMemoryFunc * const dma_read[] = {
-   &dma_rinvalid,
-   &dma_rinvalid,
-   &dma_readl,
-};
-
-static CPUWriteMemoryFunc * const dma_write[] = {
-   &dma_winvalid,
-   &dma_winvalid,
-   &dma_writel,
+static const MemoryRegionOps dma_ops = {
+   .read = dma_read,
+   .write = dma_write,
+   .endianness = DEVICE_NATIVE_ENDIAN,
+   .valid = {
+   .min_access_size = 1,
+   .max_access_size = 4
+   }
 };
 
 static int etraxfs_dmac_run(void *opaque)
@@ -750,7 +759,9 @@ static void DMA_run(void *opaque)
ctrl->nr_channels = nr_channels;
ctrl->channels = g_malloc0(sizeof ctrl->channels[0] * nr_channels);
 
-   ctrl->map = cpu_register_io_memory(dma_read, dma_write, ctrl, 
DEVICE_NATIVE_ENDIAN);
-   cpu_register_physical_memory(base, nr_channels * 0x2000, ctrl->map);
+   memory_region_init_io(&ctrl->mmio, &dma_ops, ctrl, "etraxfs-dma",
+ nr_channels * 0x2000);
+   memory_region_add_subregion(get_system_memory(), base, &ctrl->mmio);
+
return ctrl;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 11/25] ppc440: Pass in address_space_mem to ppc440ep_init

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/ppc440.c|   11 +--
 hw/ppc440.h|6 +++---
 hw/ppc440_bamboo.c |5 -
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/hw/ppc440.c b/hw/ppc440.c
index 1d1376e..cd8a95d 100644
--- a/hw/ppc440.c
+++ b/hw/ppc440.c
@@ -20,7 +20,6 @@
 #include "ppc405.h"
 #include "sysemu.h"
 #include "kvm.h"
-#include "exec-memory.h"
 
 #define PPC440EP_PCI_CONFIG 0xeec0
 #define PPC440EP_PCI_INTACK 0xeed0
@@ -35,9 +34,9 @@
 256<<20, 128<<20, 64<<20, 32<<20, 16<<20, 8<<20, 0
 };
 
-CPUState *ppc440ep_init(ram_addr_t *ram_size, PCIBus **pcip,
-const unsigned int pci_irq_nrs[4], int do_init,
-const char *cpu_model)
+CPUState *ppc440ep_init(MemoryRegion *address_space_mem, ram_addr_t *ram_size,
+PCIBus **pcip, const unsigned int pci_irq_nrs[4],
+int do_init, const char *cpu_model)
 {
 MemoryRegion *ram_memories
 = g_malloc(PPC440EP_SDRAM_NR_BANKS * sizeof(*ram_memories));
@@ -93,12 +92,12 @@
 isa_mmio_init(PPC440EP_PCI_IO, PPC440EP_PCI_IOLEN);
 
 if (serial_hds[0] != NULL) {
-serial_mm_init(get_system_memory(), 0xef600300, 0, pic[0],
+serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
DEVICE_BIG_ENDIAN);
 }
 if (serial_hds[1] != NULL) {
-serial_mm_init(get_system_memory(), 0xef600400, 0, pic[1],
+serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
DEVICE_BIG_ENDIAN);
 }
diff --git a/hw/ppc440.h b/hw/ppc440.h
index a40f917..9c27c36 100644
--- a/hw/ppc440.h
+++ b/hw/ppc440.h
@@ -14,8 +14,8 @@
 
 #include "hw.h"
 
-CPUState *ppc440ep_init(ram_addr_t *ram_size, PCIBus **pcip,
-const unsigned int pci_irq_nrs[4], int do_init,
-const char *cpu_model);
+CPUState *ppc440ep_init(MemoryRegion *address_space, ram_addr_t *ram_size,
+PCIBus **pcip, const unsigned int pci_irq_nrs[4],
+int do_init, const char *cpu_model);
 
 #endif
diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index 1addb68..9228939 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -23,6 +23,7 @@
 #include "device_tree.h"
 #include "loader.h"
 #include "elf.h"
+#include "exec-memory.h"
 
 #define BINARY_DEVICE_TREE_FILE "bamboo.dtb"
 
@@ -96,6 +97,7 @@ static void bamboo_init(ram_addr_t ram_size,
 const char *cpu_model)
 {
 unsigned int pci_irq_nrs[4] = { 28, 27, 26, 25 };
+MemoryRegion *address_space_mem = get_system_memory();
 PCIBus *pcibus;
 CPUState *env;
 uint64_t elf_entry;
@@ -107,7 +109,8 @@ static void bamboo_init(ram_addr_t ram_size,
 int i;
 
 /* Setup CPU. */
-env = ppc440ep_init(&ram_size, &pcibus, pci_irq_nrs, 1, cpu_model);
+env = ppc440ep_init(address_space_mem, &ram_size, &pcibus,
+pci_irq_nrs, 1, cpu_model);
 
 if (pcibus) {
 /* Register network interfaces. */
-- 
1.7.6.3

[Qemu-devel] [PATCH 23/25] milkymist-uart: convert to memory API

[Avi Kivity]

From: Michael Walle 

Signed-off-by: Michael Walle 
Signed-off-by: Avi Kivity 
---
 hw/milkymist-uart.c |   33 +
 1 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/hw/milkymist-uart.c b/hw/milkymist-uart.c
index e8e309d..128cd8c 100644
--- a/hw/milkymist-uart.c
+++ b/hw/milkymist-uart.c
@@ -35,7 +35,9 @@ enum {
 
 struct MilkymistUartState {
 SysBusDevice busdev;
+MemoryRegion regs_region;
 CharDriverState *chr;
+
 qemu_irq rx_irq;
 qemu_irq tx_irq;
 
@@ -43,7 +45,8 @@ struct MilkymistUartState {
 };
 typedef struct MilkymistUartState MilkymistUartState;
 
-static uint32_t uart_read(void *opaque, target_phys_addr_t addr)
+static uint64_t uart_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 MilkymistUartState *s = opaque;
 uint32_t r = 0;
@@ -66,7 +69,8 @@ static uint32_t uart_read(void *opaque, target_phys_addr_t 
addr)
 return r;
 }
 
-static void uart_write(void *opaque, target_phys_addr_t addr, uint32_t value)
+static void uart_write(void *opaque, target_phys_addr_t addr, uint64_t value,
+   unsigned size)
 {
 MilkymistUartState *s = opaque;
 unsigned char ch = value;
@@ -93,16 +97,14 @@ static void uart_write(void *opaque, target_phys_addr_t 
addr, uint32_t value)
 }
 }
 
-static CPUReadMemoryFunc * const uart_read_fn[] = {
-NULL,
-NULL,
-&uart_read,
-};
-
-static CPUWriteMemoryFunc * const uart_write_fn[] = {
-NULL,
-NULL,
-&uart_write,
+static const MemoryRegionOps uart_mmio_ops = {
+.read = uart_read,
+.write = uart_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void uart_rx(void *opaque, const uint8_t *buf, int size)
@@ -136,14 +138,13 @@ static void milkymist_uart_reset(DeviceState *d)
 static int milkymist_uart_init(SysBusDevice *dev)
 {
 MilkymistUartState *s = FROM_SYSBUS(typeof(*s), dev);
-int uart_regs;
 
 sysbus_init_irq(dev, &s->rx_irq);
 sysbus_init_irq(dev, &s->tx_irq);
 
-uart_regs = cpu_register_io_memory(uart_read_fn, uart_write_fn, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, uart_regs);
+memory_region_init_io(&s->regs_region, &uart_mmio_ops, s,
+"milkymist-uart", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->regs_region);
 
 s->chr = qdev_init_chardev(&dev->qdev);
 if (s->chr) {
-- 
1.7.6.3

[Qemu-devel] [PATCH 15/25] hw/smc91c111: Convert to MemoryRegion

[Avi Kivity]

From: Peter Maydell 

Signed-off-by: Peter Maydell 
Signed-off-by: Avi Kivity 
---
 hw/smc91c111.c |   29 +
 1 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/hw/smc91c111.c b/hw/smc91c111.c
index 3a8a85c..fc8c498 100644
--- a/hw/smc91c111.c
+++ b/hw/smc91c111.c
@@ -43,7 +43,7 @@
 uint8_t data[NUM_PACKETS][2048];
 uint8_t int_level;
 uint8_t int_mask;
-int mmio_index;
+MemoryRegion mmio;
 } smc91c111_state;
 
 static const VMStateDescription vmstate_smc91c111 = {
@@ -717,16 +717,15 @@ static ssize_t smc91c111_receive(VLANClientState *nc, 
const uint8_t *buf, size_t
 return size;
 }
 
-static CPUReadMemoryFunc * const smc91c111_readfn[] = {
-smc91c111_readb,
-smc91c111_readw,
-smc91c111_readl
-};
-
-static CPUWriteMemoryFunc * const smc91c111_writefn[] = {
-smc91c111_writeb,
-smc91c111_writew,
-smc91c111_writel
+static const MemoryRegionOps smc91c111_mem_ops = {
+/* The special case for 32 bit writes to 0xc means we can't just
+ * set .impl.min/max_access_size to 1, unfortunately
+ */
+.old_mmio = {
+.read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
+.write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void smc91c111_cleanup(VLANClientState *nc)
@@ -747,11 +746,9 @@ static void smc91c111_cleanup(VLANClientState *nc)
 static int smc91c111_init1(SysBusDevice *dev)
 {
 smc91c111_state *s = FROM_SYSBUS(smc91c111_state, dev);
-
-s->mmio_index = cpu_register_io_memory(smc91c111_readfn,
-   smc91c111_writefn, s,
-   DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 16, s->mmio_index);
+memory_region_init_io(&s->mmio, &smc91c111_mem_ops, s,
+  "smc91c111-mmio", 16);
+sysbus_init_mmio_region(dev, &s->mmio);
 sysbus_init_irq(dev, &s->irq);
 qemu_macaddr_default_if_unset(&s->conf.macaddr);
 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
-- 
1.7.6.3

[Qemu-devel] [PATCH 02/25] etrax-ser: Convert to MemoryRegion

[Avi Kivity]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Signed-off-by: Avi Kivity 
---
 hw/etraxfs_ser.c |   33 ++---
 1 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/hw/etraxfs_ser.c b/hw/etraxfs_ser.c
index 0036037..298b985 100644
--- a/hw/etraxfs_ser.c
+++ b/hw/etraxfs_ser.c
@@ -47,6 +47,7 @@
 struct etrax_serial
 {
 SysBusDevice busdev;
+MemoryRegion mmio;
 CharDriverState *chr;
 qemu_irq irq;
 
@@ -73,7 +74,8 @@ static void ser_update_irq(struct etrax_serial *s)
 qemu_set_irq(s->irq, !!s->regs[R_MASKED_INTR]);
 }
 
-static uint32_t ser_readl (void *opaque, target_phys_addr_t addr)
+static uint64_t
+ser_read(void *opaque, target_phys_addr_t addr, unsigned int size)
 {
 struct etrax_serial *s = opaque;
 D(CPUState *env = s->env);
@@ -108,10 +110,12 @@ static uint32_t ser_readl (void *opaque, 
target_phys_addr_t addr)
 }
 
 static void
-ser_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
+ser_write(void *opaque, target_phys_addr_t addr,
+  uint64_t val64, unsigned int size)
 {
 struct etrax_serial *s = opaque;
-unsigned char ch = value;
+uint32_t value = val64;
+unsigned char ch = val64;
 D(CPUState *env = s->env);
 
 D(qemu_log("%s " TARGET_FMT_plx "=%x\n",  __func__, addr, value));
@@ -142,14 +146,14 @@ static uint32_t ser_readl (void *opaque, 
target_phys_addr_t addr)
 ser_update_irq(s);
 }
 
-static CPUReadMemoryFunc * const ser_read[] = {
-NULL, NULL,
-&ser_readl,
-};
-
-static CPUWriteMemoryFunc * const ser_write[] = {
-NULL, NULL,
-&ser_writel,
+static const MemoryRegionOps ser_ops = {
+.read = ser_read,
+.write = ser_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4
+}
 };
 
 static void serial_receive(void *opaque, const uint8_t *buf, int size)
@@ -207,12 +211,11 @@ static void etraxfs_ser_reset(DeviceState *d)
 static int etraxfs_ser_init(SysBusDevice *dev)
 {
 struct etrax_serial *s = FROM_SYSBUS(typeof (*s), dev);
-int ser_regs;
 
 sysbus_init_irq(dev, &s->irq);
-ser_regs = cpu_register_io_memory(ser_read, ser_write, s,
-  DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, R_MAX * 4, ser_regs);
+memory_region_init_io(&s->mmio, &ser_ops, s, "etraxfs-serial", R_MAX * 4);
+sysbus_init_mmio_region(dev, &s->mmio);
+
 s->chr = qdev_init_chardev(&dev->qdev);
 if (s->chr)
 qemu_chr_add_handlers(s->chr,
-- 
1.7.6.3

[Qemu-devel] [PATCH 03/25] etrax-timer: Convert to MemoryRegion

[Avi Kivity]

From: "Edgar E. Iglesias" 

Signed-off-by: Edgar E. Iglesias 
Signed-off-by: Avi Kivity 
---
 hw/etraxfs_timer.c |   31 ---
 1 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/hw/etraxfs_timer.c b/hw/etraxfs_timer.c
index b08e574..57dc739 100644
--- a/hw/etraxfs_timer.c
+++ b/hw/etraxfs_timer.c
@@ -43,6 +43,7 @@
 
 struct etrax_timer {
 SysBusDevice busdev;
+MemoryRegion mmio;
 qemu_irq irq;
 qemu_irq nmi;
 
@@ -72,7 +73,8 @@ struct etrax_timer {
 uint32_t r_masked_intr;
 };
 
-static uint32_t timer_readl (void *opaque, target_phys_addr_t addr)
+static uint64_t
+timer_read(void *opaque, target_phys_addr_t addr, unsigned int size)
 {
 struct etrax_timer *t = opaque;
 uint32_t r = 0;
@@ -239,9 +241,11 @@ static inline void timer_watchdog_update(struct 
etrax_timer *t, uint32_t value)
 }
 
 static void
-timer_writel (void *opaque, target_phys_addr_t addr, uint32_t value)
+timer_write(void *opaque, target_phys_addr_t addr,
+uint64_t val64, unsigned int size)
 {
 struct etrax_timer *t = opaque;
+uint32_t value = val64;
 
 switch (addr)
 {
@@ -281,14 +285,14 @@ static inline void timer_watchdog_update(struct 
etrax_timer *t, uint32_t value)
 }
 }
 
-static CPUReadMemoryFunc * const timer_read[] = {
-NULL, NULL,
-&timer_readl,
-};
-
-static CPUWriteMemoryFunc * const timer_write[] = {
-NULL, NULL,
-&timer_writel,
+static const MemoryRegionOps timer_ops = {
+.read = timer_read,
+.write = timer_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4
+}
 };
 
 static void etraxfs_timer_reset(void *opaque)
@@ -307,7 +311,6 @@ static void etraxfs_timer_reset(void *opaque)
 static int etraxfs_timer_init(SysBusDevice *dev)
 {
 struct etrax_timer *t = FROM_SYSBUS(typeof (*t), dev);
-int timer_regs;
 
 t->bh_t0 = qemu_bh_new(timer0_hit, t);
 t->bh_t1 = qemu_bh_new(timer1_hit, t);
@@ -319,10 +322,8 @@ static int etraxfs_timer_init(SysBusDevice *dev)
 sysbus_init_irq(dev, &t->irq);
 sysbus_init_irq(dev, &t->nmi);
 
-timer_regs = cpu_register_io_memory(timer_read, timer_write, t,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x5c, timer_regs);
-
+memory_region_init_io(&t->mmio, &timer_ops, t, "etraxfs-timer", 0x5c);
+sysbus_init_mmio_region(dev, &t->mmio);
 qemu_register_reset(etraxfs_timer_reset, t);
 return 0;
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH 10/25] ppc405: Pass in address_space_mem to ppc405{cr, ep}_init

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/ppc405.h|   22 --
 hw/ppc405_boards.c |8 
 hw/ppc405_uc.c |   30 --
 3 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/hw/ppc405.h b/hw/ppc405.h
index f0e81a6..d8fdf09 100644
--- a/hw/ppc405.h
+++ b/hw/ppc405.h
@@ -59,16 +59,18 @@ struct ppc4xx_bd_info_t {
 ram_addr_t ppc405_set_bootinfo (CPUState *env, ppc4xx_bd_info_t *bd,
 uint32_t flags);
 
-CPUState *ppc405cr_init (MemoryRegion ram_memories[4],
- target_phys_addr_t ram_bases[4],
- target_phys_addr_t ram_sizes[4],
- uint32_t sysclk, qemu_irq **picp,
- int do_init);
-CPUState *ppc405ep_init (MemoryRegion ram_memories[2],
- target_phys_addr_t ram_bases[2],
- target_phys_addr_t ram_sizes[2],
- uint32_t sysclk, qemu_irq **picp,
- int do_init);
+CPUState *ppc405cr_init(MemoryRegion *address_space_mem,
+MemoryRegion ram_memories[4],
+target_phys_addr_t ram_bases[4],
+target_phys_addr_t ram_sizes[4],
+uint32_t sysclk, qemu_irq **picp,
+int do_init);
+CPUState *ppc405ep_init(MemoryRegion *address_space_mem,
+MemoryRegion ram_memories[2],
+target_phys_addr_t ram_bases[2],
+target_phys_addr_t ram_sizes[2],
+uint32_t sysclk, qemu_irq **picp,
+int do_init);
 /* IBM STBxxx microcontrollers */
 CPUState *ppc_stb025_init (MemoryRegion ram_memories[2],
target_phys_addr_t ram_bases[2],
diff --git a/hw/ppc405_boards.c b/hw/ppc405_boards.c
index e6c8ac6..ca65ac3 100644
--- a/hw/ppc405_boards.c
+++ b/hw/ppc405_boards.c
@@ -207,8 +207,8 @@ static void ref405ep_init (ram_addr_t ram_size,
 #ifdef DEBUG_BOARD_INIT
 printf("%s: register cpu\n", __func__);
 #endif
-env = ppc405ep_init(ram_memories, ram_bases, ram_sizes, , &pic,
-kernel_filename == NULL ? 0 : 1);
+env = ppc405ep_init(get_system_memory(), ram_memories, ram_bases, 
ram_sizes,
+, &pic, kernel_filename == NULL ? 0 : 1);
 /* allocate SRAM */
 sram_size = 512 * 1024;
 sram_offset = qemu_ram_alloc(NULL, "ef405ep.sram", sram_size);
@@ -534,8 +534,8 @@ static void taihu_405ep_init(ram_addr_t ram_size,
 #ifdef DEBUG_BOARD_INIT
 printf("%s: register cpu\n", __func__);
 #endif
-ppc405ep_init(ram_memories, ram_bases, ram_sizes, , &pic,
-  kernel_filename == NULL ? 0 : 1);
+ppc405ep_init(get_system_memory(), ram_memories, ram_bases, ram_sizes,
+  , &pic, kernel_filename == NULL ? 0 : 1);
 /* allocate and load BIOS */
 #ifdef DEBUG_BOARD_INIT
 printf("%s: register BIOS\n", __func__);
diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 86cf768..a6e7431 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -2107,11 +2107,12 @@ static void ppc405cr_cpc_init (CPUState *env, 
clk_setup_t clk_setup[7],
 qemu_register_reset(ppc405cr_cpc_reset, cpc);
 }
 
-CPUState *ppc405cr_init (MemoryRegion ram_memories[4],
- target_phys_addr_t ram_bases[4],
- target_phys_addr_t ram_sizes[4],
- uint32_t sysclk, qemu_irq **picp,
- int do_init)
+CPUState *ppc405cr_init(MemoryRegion *address_space_mem,
+MemoryRegion ram_memories[4],
+target_phys_addr_t ram_bases[4],
+target_phys_addr_t ram_sizes[4],
+uint32_t sysclk, qemu_irq **picp,
+int do_init)
 {
 clk_setup_t clk_setup[PPC405CR_CLK_NB];
 qemu_irq dma_irqs[4];
@@ -2149,12 +2150,12 @@ static void ppc405cr_cpc_init (CPUState *env, 
clk_setup_t clk_setup[7],
 ppc405_dma_init(env, dma_irqs);
 /* Serial ports */
 if (serial_hds[0] != NULL) {
-serial_mm_init(get_system_memory(), 0xef600300, 0, pic[0],
+serial_mm_init(address_space_mem, 0xef600300, 0, pic[0],
PPC_SERIAL_MM_BAUDBASE, serial_hds[0],
DEVICE_BIG_ENDIAN);
 }
 if (serial_hds[1] != NULL) {
-serial_mm_init(get_system_memory(), 0xef600400, 0, pic[1],
+serial_mm_init(address_space_mem, 0xef600400, 0, pic[1],
PPC_SERIAL_MM_BAUDBASE, serial_hds[1],
DEVICE_BIG_ENDIAN);
 }
@@ -2455,11 +2456,12 @@ static void ppc405ep_cpc_init (CPUState *env, 
clk_setup_t clk_setup[8],
 #endif
 }
 
-CPUState *ppc405ep_init (MemoryRegion ram_memories[2],
- target_

[Qemu-devel] [PATCH 06/25] serial: Convert serial_mm_init to MemoryRegion

[Avi Kivity]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Avi Kivity 
---
 hw/serial.c |  145 +--
 1 files changed, 31 insertions(+), 114 deletions(-)

diff --git a/hw/serial.c b/hw/serial.c
index 2e6d212..310bfde 100644
--- a/hw/serial.c
+++ b/hw/serial.c
@@ -28,6 +28,7 @@
 #include "pc.h"
 #include "qemu-timer.h"
 #include "sysemu.h"
+#include "exec-memory.h"
 
 //#define DEBUG_SERIAL
 
@@ -153,11 +154,11 @@ struct SerialState {
 int poll_msl;
 
 struct QEMUTimer *modem_status_poll;
+MemoryRegion io;
 };
 
 typedef struct ISASerialState {
 ISADevice dev;
-MemoryRegion io;
 uint32_t index;
 uint32_t iobase;
 uint32_t isairq;
@@ -786,8 +787,8 @@ static int serial_isa_initfn(ISADevice *dev)
 serial_init_core(s);
 qdev_set_legacy_instance_id(&dev->qdev, isa->iobase, 3);
 
-memory_region_init_io(&isa->io, &serial_io_ops, s, "serial", 8);
-isa_register_ioport(dev, &isa->io, isa->iobase);
+memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
+isa_register_ioport(dev, &s->io, isa->iobase);
 return 0;
 }
 
@@ -821,115 +822,37 @@ static int serial_isa_initfn(ISADevice *dev)
 }
 
 /* Memory mapped interface */
-static uint32_t serial_mm_readb(void *opaque, target_phys_addr_t addr)
-{
-SerialState *s = opaque;
-
-return serial_ioport_read(s, addr >> s->it_shift) & 0xFF;
-}
-
-static void serial_mm_writeb(void *opaque, target_phys_addr_t addr,
- uint32_t value)
-{
-SerialState *s = opaque;
-
-serial_ioport_write(s, addr >> s->it_shift, value & 0xFF);
-}
-
-static uint32_t serial_mm_readw_be(void *opaque, target_phys_addr_t addr)
-{
-SerialState *s = opaque;
-uint32_t val;
-
-val = serial_ioport_read(s, addr >> s->it_shift) & 0x;
-val = bswap16(val);
-return val;
-}
-
-static uint32_t serial_mm_readw_le(void *opaque, target_phys_addr_t addr)
-{
-SerialState *s = opaque;
-uint32_t val;
-
-val = serial_ioport_read(s, addr >> s->it_shift) & 0x;
-return val;
-}
-
-static void serial_mm_writew_be(void *opaque, target_phys_addr_t addr,
-uint32_t value)
-{
-SerialState *s = opaque;
-
-value = bswap16(value);
-serial_ioport_write(s, addr >> s->it_shift, value & 0x);
-}
-
-static void serial_mm_writew_le(void *opaque, target_phys_addr_t addr,
-uint32_t value)
-{
-SerialState *s = opaque;
-
-serial_ioport_write(s, addr >> s->it_shift, value & 0x);
-}
-
-static uint32_t serial_mm_readl_be(void *opaque, target_phys_addr_t addr)
-{
-SerialState *s = opaque;
-uint32_t val;
-
-val = serial_ioport_read(s, addr >> s->it_shift);
-val = bswap32(val);
-return val;
-}
-
-static uint32_t serial_mm_readl_le(void *opaque, target_phys_addr_t addr)
-{
-SerialState *s = opaque;
-uint32_t val;
-
-val = serial_ioport_read(s, addr >> s->it_shift);
-return val;
-}
-
-static void serial_mm_writel_be(void *opaque, target_phys_addr_t addr,
-uint32_t value)
+static uint64_t serial_mm_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 SerialState *s = opaque;
-
-value = bswap32(value);
-serial_ioport_write(s, addr >> s->it_shift, value);
+return serial_ioport_read(s, addr >> s->it_shift);
 }
 
-static void serial_mm_writel_le(void *opaque, target_phys_addr_t addr,
-uint32_t value)
+static void serial_mm_write(void *opaque, target_phys_addr_t addr,
+uint64_t value, unsigned size)
 {
 SerialState *s = opaque;
-
+value &= ~0u >> (32 - (size * 8));
 serial_ioport_write(s, addr >> s->it_shift, value);
 }
 
-static CPUReadMemoryFunc * const serial_mm_read_be[] = {
-&serial_mm_readb,
-&serial_mm_readw_be,
-&serial_mm_readl_be,
-};
-
-static CPUWriteMemoryFunc * const serial_mm_write_be[] = {
-&serial_mm_writeb,
-&serial_mm_writew_be,
-&serial_mm_writel_be,
-};
-
-static CPUReadMemoryFunc * const serial_mm_read_le[] = {
-&serial_mm_readb,
-&serial_mm_readw_le,
-&serial_mm_readl_le,
-};
-
-static CPUWriteMemoryFunc * const serial_mm_write_le[] = {
-&serial_mm_writeb,
-&serial_mm_writew_le,
-&serial_mm_writel_le,
+static const MemoryRegionOps serial_mm_ops[3] = {
+[DEVICE_NATIVE_ENDIAN] = {
+.read = serial_mm_read,
+.write = serial_mm_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+},
+[DEVICE_LITTLE_ENDIAN] = {
+.read = serial_mm_read,
+.write = serial_mm_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+},
+[DEVICE_BIG_ENDIAN] = {
+.read = serial_mm_read,
+.write = serial_mm_write,
+.endianness = DEVICE_BIG_ENDIAN,
+},
 };
 
 SerialState *serial_mm_init (target_phys_addr_t base, int it_shift,
@@ -938,7 +861,7 @@ st

[Qemu-devel] [PATCH v3 01/16] isa: rename isa_bus_new to isa_bus_bridge_init

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c   |2 +-
 hw/isa.h   |2 +-
 hw/mips_jazz.c |2 +-
 hw/mips_r4k.c  |2 +-
 hw/pc_piix.c   |2 +-
 hw/piix4.c |2 +-
 hw/piix_pci.c  |2 +-
 hw/ppc_prep.c  |2 +-
 hw/sun4u.c |2 +-
 hw/vt82c686.c  |2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index 6c15a31..ad225c6 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -40,7 +40,7 @@ static struct BusInfo isa_bus_info = {
 .get_fw_dev_path = isabus_get_fw_dev_path,
 };
 
-ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io)
+ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io)
 {
 if (isabus) {
 fprintf(stderr, "Can't create a second ISA bus\n");
diff --git a/hw/isa.h b/hw/isa.h
index 432d17a..d2b3cba 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -27,7 +27,7 @@ struct ISADeviceInfo {
 isa_qdev_initfn init;
 };
 
-ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io);
+ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io);
 void isa_bus_irqs(qemu_irq *irqs);
 qemu_irq isa_get_irq(int isairq);
 void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index ea07d32..d6444c6 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -182,7 +182,7 @@ static void mips_jazz_init(MemoryRegion *address_space,
 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
 
 /* ISA devices */
-isa_bus_new(NULL, address_space_io);
+isa_bus_bridge_init(NULL, address_space_io);
 i8259 = i8259_init(env->irq[4]);
 isa_bus_irqs(i8259);
 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
diff --git a/hw/mips_r4k.c b/hw/mips_r4k.c
index d0564d4..6562fb3 100644
--- a/hw/mips_r4k.c
+++ b/hw/mips_r4k.c
@@ -256,7 +256,7 @@ void mips_r4k_init (ram_addr_t ram_size,
 cpu_mips_clock_init(env);
 
 /* The PIC is attached to the MIPS CPU INT0 pin */
-isa_bus_new(NULL, get_system_io());
+isa_bus_bridge_init(NULL, get_system_io());
 i8259 = i8259_init(env->irq[2]);
 isa_bus_irqs(i8259);
 
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index ce1c87f..8209346 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -146,7 +146,7 @@ static void pc_init1(MemoryRegion *system_memory,
 } else {
 pci_bus = NULL;
 i440fx_state = NULL;
-isa_bus_new(NULL, system_io);
+isa_bus_bridge_init(NULL, system_io);
 no_hpet = 1;
 }
 isa_bus_irqs(isa_irq);
diff --git a/hw/piix4.c b/hw/piix4.c
index 2fd1171..9addaae 100644
--- a/hw/piix4.c
+++ b/hw/piix4.c
@@ -87,7 +87,7 @@ static int piix4_initfn(PCIDevice *dev)
 {
 PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
 
-isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
+isa_bus_bridge_init(&d->dev.qdev, pci_address_space_io(dev));
 piix4_dev = &d->dev;
 qemu_register_reset(piix4_reset, d);
 return 0;
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index d183443..287bd19 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c
@@ -504,7 +504,7 @@ static int piix3_initfn(PCIDevice *dev)
 {
 PIIX3State *d = DO_UPCAST(PIIX3State, dev, dev);
 
-isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
+isa_bus_bridge_init(&d->dev.qdev, pci_address_space_io(dev));
 qemu_register_reset(piix3_reset, d);
 return 0;
 }
diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c
index d26049b..808c83e 100644
--- a/hw/ppc_prep.c
+++ b/hw/ppc_prep.c
@@ -649,7 +649,7 @@ static void ppc_prep_init (ram_addr_t ram_size,
 hw_error("Only 6xx bus is supported on PREP machine\n");
 }
 /* Hmm, prep has no pci-isa bridge ??? */
-isa_bus_new(NULL, get_system_io());
+isa_bus_bridge_init(NULL, get_system_io());
 i8259 = i8259_init(first_cpu->irq_inputs[PPC6xx_INPUT_INT]);
 pci_bus = pci_prep_init(i8259, get_system_memory(), get_system_io());
 isa_bus_irqs(i8259);
diff --git a/hw/sun4u.c b/hw/sun4u.c
index fbef350..cdf15ff 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -548,7 +548,7 @@ pci_ebus_init1(PCIDevice *pci_dev)
 {
 EbusState *s = DO_UPCAST(EbusState, pci_dev, pci_dev);
 
-isa_bus_new(&pci_dev->qdev, pci_address_space_io(pci_dev));
+isa_bus_bridge_init(&pci_dev->qdev, pci_address_space_io(pci_dev));
 
 pci_dev->config[0x04] = 0x06; // command = bus master, pci mem
 pci_dev->config[0x05] = 0x00;
diff --git a/hw/vt82c686.c b/hw/vt82c686.c
index 2845959..46e85dd 100644
--- a/hw/vt82c686.c
+++ b/hw/vt82c686.c
@@ -490,7 +490,7 @@ static int vt82c686b_initfn(PCIDevice *d)
 uint8_t *wmask;
 int i;
 
-isa_bus_new(&d->qdev, pci_address_space_io(d));
+isa_bus_bridge_init(&d->qdev, pci_address_space_io(d));
 
 pci_conf = d->config;
 pci_config_set_prog_interface(pci_conf, 0x0);
-- 
1.7.6.3

[Qemu-devel] [PATCH v3 00/16] ISA bus improvements

[Hervé Poussineau]

Following patches aim to change ISA bus to a first-citizen class in Qemu.

They add ISA bus ops, like for scsi and usb buses.

Current ISA bridges (PIIX3, PIIX4, EBUS and VT82C686) are converted
to this new API, and a simple 'isabus-bridge' device is added.

isa_address_space() operation can probably be used to remove the
infamous isa_mem_base variable. However, some work is already done
in this direction on the ML, so I didn't change anything.

Finally, add bus argument to all ISA functions, so architectures
with multiple ISA buses (like some Alpha systems) can be emulated.

Patch 14 is a temporary patch, which should be reverted once i8259 is
qdevifed. Patches have already been sent to ML for this [1]. It can
also be dropped if Jan's series is merged.
However, patches 1 to 13 can be applied immediately.

I also was unable to reproduce the problem Anthony mentioned on [2],
using TCG on a 32-bit host.

Changes since v2:
- rebased
- add back spaces between function name and parenthesis on malc' request
- split some patches in two for easier bisecting
- add temporary workaround for non-qdevified i8259

Changes since v1:
- add ISA bus argument to all ISA functions
- remove default ISA bus concept as per Jan request

[1] http://lists.gnu.org/archive/html/qemu-devel/2011-09/msg03504.html
[2] http://lists.gnu.org/archive/html/qemu-devel/2011-09/msg03053.html

Hervé Poussineau (16):
  isa: rename isa_bus_new to isa_bus_bridge_init
  isa: rework ISA bus internals, and add ISA bus ops structure
  isa: correctly implement isa_address_space(), by calling a
bus-specific function
  audio: give ISA bus to sound cards, instead of PIC
  pc: improve bus implementation of PIIX3 bridge
  fulong2e: improve bus implementation of vt82c bridge
  sun4u: improve bus implementation of EBus bridge
  malta: improve bus implementation of PIIX4 bridge
  isa: remove unused parameter to isa_bus_bridge_init()
  isa: give bus to isa_create() and isa_try_create() methods
  isa: use bus given in parameter to create device on specified ISA bus
  isa: give bus to isa_get_irq() and isa_bus_irqs()
  isa: use bus given in parameter to get/set irqs on specified ISA bus
  i8259: add ad-hock variables to please future changes in
isa_register_ioport()
  isa: remove useless test in isa_register_ioport()
  isa: remove limitation of only one ISA bus

 Makefile.objs  |2 +-
 arch_init.c|   10 ++--
 arch_init.h|2 +-
 hw/adlib.c |2 +-
 hw/audiodev.h  |8 ++--
 hw/cs4231a.c   |4 +-
 hw/fdc.h   |4 +-
 hw/gus.c   |4 +-
 hw/i8254.c |2 +-
 hw/i8259.c |   29 +-
 hw/ide.h   |   14 --
 hw/ide/isa.c   |4 +-
 hw/ide/piix.c  |   30 +++
 hw/ide/via.c   |   18 +++--
 hw/isa-bridge.c|   92 
 hw/isa-bus.c   |  108 +++
 hw/isa.h   |   36 ++---
 hw/m48t59.c|5 +-
 hw/mc146818rtc.c   |4 +-
 hw/mc146818rtc.h   |2 +-
 hw/mips_fulong2e.c |   25 +---
 hw/mips_jazz.c |   11 +++--
 hw/mips_malta.c|   27 ++---
 hw/mips_r4k.c  |   19 +
 hw/nvram.h |3 +-
 hw/pc.c|   34 
 hw/pc.h|   38 ++-
 hw/pc_piix.c   |   27 +++--
 hw/pcspk.c |2 +-
 hw/piix4.c |   41 ++-
 hw/piix_pci.c  |   45 +++--
 hw/ppc_prep.c  |   18 +
 hw/sb16.c  |4 +-
 hw/sun4u.c |   54 --
 hw/vt82c686.c  |   33 ++-
 hw/vt82c686.h  |2 +-
 qemu-common.h  |1 +
 37 files changed, 526 insertions(+), 238 deletions(-)
 create mode 100644 hw/isa-bridge.c

-- 
1.7.6.3

[Qemu-devel] [PATCH v3 05/16] pc: improve bus implementation of PIIX3 bridge

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/pc.h   |2 +-
 hw/pc_piix.c  |3 ++-
 hw/piix_pci.c |   45 -
 3 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/hw/pc.h b/hw/pc.h
index c546037..746973f 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -181,7 +181,7 @@ struct PCII440FXState;
 typedef struct PCII440FXState PCII440FXState;
 
 PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn,
-qemu_irq *pic,
+ISABus **isa_bus,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index f971d52..7ccbfca 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -84,6 +84,7 @@ static void pc_init1(MemoryRegion *system_memory,
 int i;
 ram_addr_t below_4g_mem_size, above_4g_mem_size;
 PCIBus *pci_bus;
+ISABus *isa_bus;
 PCII440FXState *i440fx_state;
 int piix3_devfn = -1;
 qemu_irq *cpu_irq;
@@ -134,7 +135,7 @@ static void pc_init1(MemoryRegion *system_memory,
 isa_irq = qemu_allocate_irqs(isa_irq_handler, isa_irq_state, 24);
 
 if (pci_enabled) {
-pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, isa_irq,
+pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus,
   system_memory, system_io, ram_size,
   below_4g_mem_size,
   0x1ULL - below_4g_mem_size,
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index 287bd19..76464f6 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c
@@ -30,6 +30,7 @@
 #include "sysbus.h"
 #include "range.h"
 #include "xen.h"
+#include "exec-memory.h"
 
 /*
  * I440FX chipset data sheet.
@@ -45,6 +46,7 @@ typedef PCIHostState I440FXState;
 
 typedef struct PIIX3State {
 PCIDevice dev;
+ISABus bus;
 
 /*
  * bitmap to track pic levels.
@@ -263,7 +265,7 @@ static int i440fx_initfn(PCIDevice *dev)
 static PCIBus *i440fx_common_init(const char *device_name,
   PCII440FXState **pi440fx_state,
   int *piix3_devfn,
-  qemu_irq *pic,
+  ISABus **isa_bus,
   MemoryRegion *address_space_mem,
   MemoryRegion *address_space_io,
   ram_addr_t ram_size,
@@ -324,7 +326,7 @@ static PCIBus *i440fx_common_init(const char *device_name,
 pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3,
 PIIX_NUM_PIRQS);
 }
-piix3->pic = pic;
+*isa_bus = &piix3->bus;
 
 (*pi440fx_state)->piix3 = piix3;
 
@@ -341,7 +343,7 @@ static PCIBus *i440fx_common_init(const char *device_name,
 }
 
 PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn,
-qemu_irq *pic,
+ISABus **isa_bus,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
@@ -354,7 +356,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int 
*piix3_devfn,
 {
 PCIBus *b;
 
-b = i440fx_common_init("i440FX", pi440fx_state, piix3_devfn, pic,
+b = i440fx_common_init("i440FX", pi440fx_state, piix3_devfn, isa_bus,
address_space_mem, address_space_io, ram_size,
pci_hole_start, pci_hole_size,
pci_hole64_size, pci_hole64_size,
@@ -500,11 +502,44 @@ static const VMStateDescription vmstate_piix3 = {
 }
 };
 
+static void piix3_bus_set_irqs(ISABus *bus, qemu_irq *irqs)
+{
+PIIX3State *d = container_of(bus, PIIX3State, bus);
+d->pic = irqs;
+}
+
+static qemu_irq piix3_bus_get_irq(ISABus *bus, int isairq)
+{
+PIIX3State *d = container_of(bus, PIIX3State, bus);
+if (isairq < 0 || isairq >= PIIX_NUM_PIC_IRQS) {
+hw_error("isa irq %d invalid", isairq);
+}
+return d->pic[isairq];
+}
+
+static MemoryRegion *piix3_bus_get_io_space(ISABus *bus)
+{
+PIIX3State *d = container_of(bus, PIIX3State, bus);
+return pci_address_space_io(&d->dev);
+}
+
+static MemoryRegion *piix3_bus_get_memory_space(ISABus *bus)
+{
+return get_system_memory();
+}
+
+static ISABusOps piix3_bus_ops = {
+.set_irqs = piix3_bus_set_irqs,
+.get_irq = piix3_bus_get_irq,
+.get_io_space = piix3_bus_get_io_space,
+.get_memory_space = piix3_bus_get_memory_space,
+};
+
 static int piix3_initfn(PCIDevice *dev)
 {
 PIIX3State *d = DO_UPCAST(PIIX3State, dev, dev);
 
-isa_bus_bridge_init(&d->dev.qdev, pci_address_space_io(dev));
+isa_bus_new(&d->bus, &piix3_bus_ops, &dev->qdev);
 qemu_register_reset(piix3_reset, d);
 return 0;
 }
-- 
1.7.6.3

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Jan Kiszka]

On 2011-10-01 09:31, Blue Swirl wrote:
> On Sat, Oct 1, 2011 at 6:47 AM, Jan Kiszka  wrote:
>> On 2011-09-30 22:47, Blue Swirl wrote:
>>> That part of the discussion is obsolete (or at least uninteresting
>>> here). For example this message has a relevant example:
>>> http://lists.nongnu.org/archive/html/qemu-devel/2009-06/msg01081.html
>>>
>>> It's about VM restore, but the situation is similar during reset.
>>
>> Actually, that is not comparable as we are entering the device's
>> quiescent state.
> 
> It is. Here's an example for the reset case based on the Paul's original one.
> 
> Because devices are reset in unpredictable order that they should not
> be communicating with other devices (e.g. by modifying IRQ lines).
> 
> Consider a system with a device (DEV) and a level triggered interrupt
> controller (PIC1) with the ability to toggle the level where
> triggering happens, chained to a rising edge triggered interrupt
> controller (PIC2).
> 
> (DEV) ->  (PIC1) -> (PIC2)
> 
> Before reset, DEV output is high, PIC1 has the interrupt unmasked (but
> high) and the trigger level is configured as active low, PIC2 has no
> pending interrupts.
> 
> We now reset, so the state should be that DEV output is low, PIC1 has
> masked all interrupts and its input set to active high, and PIC2 has
> no pending interrupts. Devices are reset in the order PIC2, DEV, PIC1.
> 
> If devices toggle their interrupts on reset then we get incorrect
> state after the reset:
> 
> PIC2 is reset to the desired no-interrupts-pending state.
> 
> DEV is reset. This lowers the IRQ, which is passed to PIC1. PIC1 still
> has the old interrupt mask and level set to active low, so it passes
> the IRQ through to PIC2, which detects the edge event and marks the
> interrupt as pending.
> 
> PIC1 is reset, updates the new mask, sets the input level to active
> high and lowers its output. However this event does not clear the
> internal PIC2 pending interrupt flag, so machine state will be wrong
> after reset.
> 
> Therefore it is incorrect to perform any qemu_irq activities during
> reset (also VM restore like the original example), don't you agree?

A rather odd but valid counterexample. Have you seen such a setup already?

But I'll provide a real example where the model "no IRQ change
propagated on reset, devices handle this internally" fails as well:

PIC -> CPU

We have a level-triggered active-high line in this case. When the CPU is
reset, it "somehow" knows that it is attached to the PIC and assumes
that this device is reset as well. Therefore, the CPU clears its cached
input state on reset. That works if both devices are actually reset. But
it fails if only the CPU is reset while the PIC output is active.

That's likely the reason why MIPS and PPC/PREP do no touch the cached
interrupt line state on reset but expect that the source will inform
them whenever the line goes down - e.g. due to reset.

The conflict we are in with the current reset model is hard-coding the
board wiring and source knowledge into sink device models vs.
propagating reset states. I agree that both have their corner cases.

But in order to continue with properly disentangling board knowledge
from generic device models, we should head for the latter variant where
already possible (like in the i8259 case). On the long term, this should
be resolved using a two-stage model where every root of an interrupt
line signals its state down the chain at the end of a reset phase.

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v3 02/16] isa: rework ISA bus internals, and add ISA bus ops structure

[Hervé Poussineau]

This allows future implementations of real pci-isa bridges

Signed-off-by: Hervé Poussineau 
---
 Makefile.objs   |2 +-
 hw/isa-bridge.c |   85 ++
 hw/isa-bus.c|   93 ---
 hw/isa.h|   18 ++-
 qemu-common.h   |1 +
 5 files changed, 165 insertions(+), 34 deletions(-)
 create mode 100644 hw/isa-bridge.c

diff --git a/Makefile.objs b/Makefile.objs
index 8d23fbb..bab4b3f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -276,7 +276,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
 hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
 hw-obj-$(CONFIG_ESP) += esp.o
 
-hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
+hw-obj-y += dma-helpers.o sysbus.o isa-bus.o isa-bridge.o
 hw-obj-y += qdev-addr.o
 
 # VGA
diff --git a/hw/isa-bridge.c b/hw/isa-bridge.c
new file mode 100644
index 000..6f51701
--- /dev/null
+++ b/hw/isa-bridge.c
@@ -0,0 +1,85 @@
+/*
+ * Simple ISA bus bridge
+ *
+ * Copyright (c) 2011 Herve Poussineau
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "isa.h"
+#include "sysbus.h"
+
+typedef struct {
+SysBusDevice busdev;
+ISABus bus;
+qemu_irq *irqs;
+MemoryRegion *io_space;
+} ISABridgeSysBusState;
+
+static void isabus_bridge_set_irqs(ISABus *bus, qemu_irq *irqs)
+{
+ISABridgeSysBusState *s = container_of(bus, ISABridgeSysBusState, bus);
+s->irqs = irqs;
+}
+
+static qemu_irq isabus_bridge_get_irq(ISABus *bus, int isairq)
+{
+ISABridgeSysBusState *s = container_of(bus, ISABridgeSysBusState, bus);
+if (!s->irqs || isairq < 0 || isairq > 15) {
+hw_error("isa irq %d invalid", isairq);
+}
+return s->irqs[isairq];
+}
+
+static void isa_bridge_set_io_space(ISABus *bus, MemoryRegion* io_space)
+{
+ISABridgeSysBusState *s = container_of(bus, ISABridgeSysBusState, bus);
+s->io_space = io_space;
+}
+
+static MemoryRegion *isa_bridge_get_io_space(ISABus *bus)
+{
+ISABridgeSysBusState *s = container_of(bus, ISABridgeSysBusState, bus);
+return s->io_space;
+}
+
+static ISABusOps isabus_bridge_ops = {
+.set_irqs = isabus_bridge_set_irqs,
+.get_irq = isabus_bridge_get_irq,
+.set_io_space = isa_bridge_set_io_space,
+.get_io_space = isa_bridge_get_io_space,
+};
+
+static int isabus_bridge_init(SysBusDevice *dev)
+{
+ISABridgeSysBusState *isa = FROM_SYSBUS(ISABridgeSysBusState, dev);
+isa_bus_new(&isa->bus, &isabus_bridge_ops, &dev->qdev);
+return 0;
+}
+
+static SysBusDeviceInfo isabus_bridge_info = {
+.init = isabus_bridge_init,
+.qdev.name  = "isabus-bridge",
+.qdev.fw_name  = "isa",
+.qdev.size  = sizeof(ISABridgeSysBusState),
+.qdev.no_user = 1,
+};
+
+static void isabus_bridge_register_devices(void)
+{
+sysbus_register_withprop(&isabus_bridge_info);
+}
+
+device_init(isabus_bridge_register_devices)
+
diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index ad225c6..f8b5dcb 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -22,13 +22,10 @@
 #include "isa.h"
 #include "exec-memory.h"
 
-struct ISABus {
-BusState qbus;
-MemoryRegion *address_space_io;
-qemu_irq *irqs;
-};
 static ISABus *isabus;
 target_phys_addr_t isa_mem_base = 0;
+static qemu_irq *isa_bus_default_irqs;
+static MemoryRegion *isa_bus_io_space;
 
 static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *isabus_get_fw_dev_path(DeviceState *dev);
@@ -40,6 +37,36 @@ static struct BusInfo isa_bus_info = {
 .get_fw_dev_path = isabus_get_fw_dev_path,
 };
 
+static void isa_bus_default_set_irqs(ISABus *bus, qemu_irq *irqs)
+{
+isa_bus_default_irqs = irqs;
+}
+
+static qemu_irq isa_bus_default_get_irq(ISABus *bus, int isairq)
+{
+if (isairq < 0 || isairq > 15) {
+hw_error("isa irq %d invalid", isairq);
+}
+return isa_bus_default_irqs[isairq];
+}
+
+static void isa_bus_default_set_io_space(ISABus *bus, MemoryRegion *io_space)
+{
+isa_bus_io_space = io_space;
+}
+
+static MemoryRegion *isa_bus_default_get_io_space(ISABus *bus)
+{
+return isa_bus_io_space;
+}
+
+static ISABusOps isa_bus_default_ops = {
+.set_irqs = isa_bus_default_set_irqs,
+.get_irq = isa_bus_default_get_irq,
+.set_io_space = isa_bus_default_set_io_space,
+.get_io_space = isa_bus_default_get_io_space,
+};
+
 ISABus *isa_bus_bridge_init(DeviceStat

[Qemu-devel] [PATCH v3 04/16] audio: give ISA bus to sound cards, instead of PIC

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 arch_init.c|   10 +-
 arch_init.h|2 +-
 hw/adlib.c |2 +-
 hw/audiodev.h  |8 
 hw/cs4231a.c   |2 +-
 hw/gus.c   |2 +-
 hw/mips_jazz.c |5 +++--
 hw/pc.h|2 +-
 hw/pc_piix.c   |4 ++--
 hw/pcspk.c |2 +-
 hw/sb16.c  |2 +-
 11 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index a6c69c7..dd76493 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -466,7 +466,7 @@ struct soundhw {
 int enabled;
 int isa;
 union {
-int (*init_isa) (qemu_irq *pic);
+int (*init_isa) (ISABus *bus);
 int (*init_pci) (PCIBus *bus);
 } init;
 };
@@ -621,15 +621,15 @@ void select_soundhw(const char *optarg)
 }
 }
 
-void audio_init(qemu_irq *isa_pic, PCIBus *pci_bus)
+void audio_init(ISABus *isa_bus, PCIBus *pci_bus)
 {
 struct soundhw *c;
 
 for (c = soundhw; c->name; ++c) {
 if (c->enabled) {
 if (c->isa) {
-if (isa_pic) {
-c->init.init_isa(isa_pic);
+if (isa_bus) {
+c->init.init_isa(isa_bus);
 }
 } else {
 if (pci_bus) {
@@ -643,7 +643,7 @@ void audio_init(qemu_irq *isa_pic, PCIBus *pci_bus)
 void select_soundhw(const char *optarg)
 {
 }
-void audio_init(qemu_irq *isa_pic, PCIBus *pci_bus)
+void audio_init(ISABus *isa_bus, PCIBus *pci_bus)
 {
 }
 #endif
diff --git a/arch_init.h b/arch_init.h
index a74187a..828256c 100644
--- a/arch_init.h
+++ b/arch_init.h
@@ -27,7 +27,7 @@ void do_acpitable_option(const char *optarg);
 void do_smbios_option(const char *optarg);
 void cpudef_init(void);
 int audio_available(void);
-void audio_init(qemu_irq *isa_pic, PCIBus *pci_bus);
+void audio_init(ISABus *isa_bus, PCIBus *pci_bus);
 int tcg_available(void);
 int kvm_available(void);
 int xen_available(void);
diff --git a/hw/adlib.c b/hw/adlib.c
index e4bfcc6..dd8b188 100644
--- a/hw/adlib.c
+++ b/hw/adlib.c
@@ -275,7 +275,7 @@ static void Adlib_fini (AdlibState *s)
 AUD_remove_card (&s->card);
 }
 
-int Adlib_init (qemu_irq *pic)
+int Adlib_init (ISABus *bus)
 {
 AdlibState *s = &glob_adlib;
 struct audsettings as;
diff --git a/hw/audiodev.h b/hw/audiodev.h
index 8e930b2..1d34a4b 100644
--- a/hw/audiodev.h
+++ b/hw/audiodev.h
@@ -2,19 +2,19 @@
 int es1370_init(PCIBus *bus);
 
 /* sb16.c */
-int SB16_init(qemu_irq *pic);
+int SB16_init(ISABus *bus);
 
 /* adlib.c */
-int Adlib_init(qemu_irq *pic);
+int Adlib_init(ISABus *bus);
 
 /* gus.c */
-int GUS_init(qemu_irq *pic);
+int GUS_init(ISABus *bus);
 
 /* ac97.c */
 int ac97_init(PCIBus *buf);
 
 /* cs4231a.c */
-int cs4231a_init(qemu_irq *pic);
+int cs4231a_init(ISABus *bus);
 
 /* intel-hda.c + hda-audio.c */
 int intel_hda_and_codec_init(PCIBus *bus);
diff --git a/hw/cs4231a.c b/hw/cs4231a.c
index e16665e..e697634 100644
--- a/hw/cs4231a.c
+++ b/hw/cs4231a.c
@@ -659,7 +659,7 @@ static int cs4231a_initfn (ISADevice *dev)
 return 0;
 }
 
-int cs4231a_init (qemu_irq *pic)
+int cs4231a_init (ISABus *bus)
 {
 isa_create_simple ("cs4231a");
 return 0;
diff --git a/hw/gus.c b/hw/gus.c
index 37e543a..2f40fcd 100644
--- a/hw/gus.c
+++ b/hw/gus.c
@@ -294,7 +294,7 @@ static int gus_initfn (ISADevice *dev)
 return 0;
 }
 
-int GUS_init (qemu_irq *pic)
+int GUS_init (ISABus *bus)
 {
 isa_create_simple ("gus");
 return 0;
diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index d6444c6..d06eacd 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -112,6 +112,7 @@ static void mips_jazz_init(MemoryRegion *address_space,
 int bios_size, n;
 CPUState *env;
 qemu_irq *rc4030, *i8259;
+ISABus *isa_bus;
 rc4030_dma *dmas;
 void* rc4030_opaque;
 MemoryRegion *rtc = g_new(MemoryRegion, 1);
@@ -182,7 +183,7 @@ static void mips_jazz_init(MemoryRegion *address_space,
 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
 
 /* ISA devices */
-isa_bus_bridge_init(NULL, address_space_io);
+isa_bus = isa_bus_bridge_init(NULL, address_space_io);
 i8259 = i8259_init(env->irq[4]);
 isa_bus_irqs(i8259);
 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
@@ -284,7 +285,7 @@ static void mips_jazz_init(MemoryRegion *address_space,
 
 /* Sound card */
 /* FIXME: missing Jazz sound at 0x8000c000, rc4030[2] */
-audio_init(i8259, NULL);
+audio_init(isa_bus, NULL);
 
 /* NVRAM */
 dev = qdev_create(NULL, "ds1225y");
diff --git a/hw/pc.h b/hw/pc.h
index 7e6ddba..c546037 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -174,7 +174,7 @@ extern int no_hpet;
 
 /* pcspk.c */
 void pcspk_init(ISADevice *pit);
-int pcspk_audio_init(qemu_irq *pic);
+int pcspk_audio_init(ISABus *bus);
 
 /* piix_pci.c */
 struct PCII440FXState;
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 8209346..f971d52 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -146,7 +146,7 @@ static void pc_init1(MemoryR

[Qemu-devel] [PATCH v3 06/16] fulong2e: improve bus implementation of vt82c bridge

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/mips_fulong2e.c |9 ++---
 hw/vt82c686.c  |   31 +--
 hw/vt82c686.h  |2 +-
 3 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/hw/mips_fulong2e.c b/hw/mips_fulong2e.c
index 04921c1..3034a9c 100644
--- a/hw/mips_fulong2e.c
+++ b/hw/mips_fulong2e.c
@@ -262,7 +262,6 @@ static void mips_fulong2e_init(ram_addr_t ram_size, const 
char *boot_device,
 MemoryRegion *bios = g_new(MemoryRegion, 1);
 long bios_size;
 int64_t kernel_entry;
-qemu_irq *i8259;
 qemu_irq *cpu_exit_irq;
 int via_devfn;
 PCIBus *pci_bus;
@@ -337,17 +336,13 @@ static void mips_fulong2e_init(ram_addr_t ram_size, const 
char *boot_device,
 /* South bridge */
 ide_drive_get(hd, MAX_IDE_BUS);
 
-via_devfn = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
+via_devfn = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0),
+   env->irq[5]);
 if (via_devfn < 0) {
 fprintf(stderr, "vt82c686b_init error\n");
 exit(1);
 }
 
-/* Interrupt controller */
-/* The 8259 -> IP5  */
-i8259 = i8259_init(env->irq[5]);
-isa_bus_irqs(i8259);
-
 vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(FULONG2E_VIA_SLOT, 1));
 usb_uhci_vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 2));
 usb_uhci_vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 3));
diff --git a/hw/vt82c686.c b/hw/vt82c686.c
index 46e85dd..05a70da 100644
--- a/hw/vt82c686.c
+++ b/hw/vt82c686.c
@@ -41,6 +41,8 @@ typedef struct SuperIOConfig
 
 typedef struct VT82C686BState {
 PCIDevice dev;
+ISABus bus;
+qemu_irq *pic;
 SuperIOConfig superio_conf;
 } VT82C686BState;
 
@@ -483,14 +485,35 @@ static const VMStateDescription vmstate_via = {
 }
 };
 
+static qemu_irq vt82c_bus_get_irq(ISABus *bus, int isairq)
+{
+VT82C686BState *vt82c = container_of(bus, VT82C686BState, bus);
+if (isairq < 0 || isairq >= 16) {
+hw_error("isa irq %d invalid", isairq);
+}
+return vt82c->pic[isairq];
+}
+
+static MemoryRegion *vt82c_bus_get_io_space(ISABus *bus)
+{
+VT82C686BState *vt82c = container_of(bus, VT82C686BState, bus);
+return pci_address_space_io(&vt82c->dev);
+}
+
+static ISABusOps vt82c_bus_ops = {
+.get_irq = vt82c_bus_get_irq,
+.get_io_space = vt82c_bus_get_io_space,
+};
+
 /* init the PCI-to-ISA bridge */
 static int vt82c686b_initfn(PCIDevice *d)
 {
+VT82C686BState *vt82c = DO_UPCAST(VT82C686BState, dev, d);
 uint8_t *pci_conf;
 uint8_t *wmask;
 int i;
 
-isa_bus_bridge_init(&d->qdev, pci_address_space_io(d));
+isa_bus_new(&vt82c->bus, &vt82c_bus_ops, &d->qdev);
 
 pci_conf = d->config;
 pci_config_set_prog_interface(pci_conf, 0x0);
@@ -507,12 +530,16 @@ static int vt82c686b_initfn(PCIDevice *d)
 return 0;
 }
 
-int vt82c686b_init(PCIBus *bus, int devfn)
+int vt82c686b_init(PCIBus *bus, int devfn, qemu_irq parent_irq)
 {
 PCIDevice *d;
+VT82C686BState *vt82c;
 
 d = pci_create_simple_multifunction(bus, devfn, true, "VT82C686B");
 
+vt82c = DO_UPCAST(VT82C686BState, dev, d);
+vt82c->pic = i8259_init(parent_irq);
+
 return d->devfn;
 }
 
diff --git a/hw/vt82c686.h b/hw/vt82c686.h
index e3270ca..1a026c2 100644
--- a/hw/vt82c686.h
+++ b/hw/vt82c686.h
@@ -2,7 +2,7 @@
 #define HW_VT82C686_H
 
 /* vt82c686.c */
-int vt82c686b_init(PCIBus * bus, int devfn);
+int vt82c686b_init(PCIBus *bus, int devfn, qemu_irq parent_irq);
 void vt82c686b_ac97_init(PCIBus *bus, int devfn);
 void vt82c686b_mc97_init(PCIBus *bus, int devfn);
 i2c_bus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
-- 
1.7.6.3

[Qemu-devel] [PATCH] target-arm: Fix typo

[Andreas Färber]

The command line option is called -kernel, not -kenrel.

Cc: Paul Brook 
Signed-off-by: Andreas Färber 
---
 target-arm/helper.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index cc1a3d2..2273492 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -345,7 +345,7 @@ void cpu_reset(CPUARMState *env)
 if (rom) {
 /* We should really use ldl_phys here, in case the guest
modified flash and reset itself.  However images
-   loaded via -kenrel have not been copied yet, so load the
+   loaded via -kernel have not been copied yet, so load the
values directly from there.  */
 env->regs[13] = ldl_p(rom);
 pc = ldl_p(rom + 4);
-- 
1.7.3.4

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

On 09/28/2011 09:01 PM, Blue Swirl wrote:

On Wed, Sep 28, 2011 at 11:00 AM, Jan Kiszka  wrote:
>  As we clearly modify the PIC state on pic_reset, we also have to update
>  the IRQ output. This only happened on init so far. Apply this
>  consistently.

Nack, IRQ lines shouldn't be touched on reset. The other side may not
be ready for receiving the interrupt change and qemu_irqs are
stateless anyway.



The way to fix it is two-phase reset:

phase 1: reset internal state (-> move all outputs to reset values), 
don't sample inputs yet

phase 2: allow sampling inputs



--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH v3 16/16] isa: remove limitation of only one ISA bus

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c |   10 --
 1 files changed, 0 insertions(+), 10 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index ab8dbe9..f01dfb2 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -22,7 +22,6 @@
 #include "isa.h"
 #include "exec-memory.h"
 
-static ISABus *isabus;
 target_phys_addr_t isa_mem_base = 0;
 
 static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
@@ -50,12 +49,8 @@ ISABus *isa_bus_bridge_init(MemoryRegion *address_space_io)
 
 void isa_bus_new(ISABus *bus, ISABusOps *ops, DeviceState *host)
 {
-if (isabus) {
-hw_error("Can't create a second ISA bus");
-}
 qbus_create_inplace(&bus->qbus, &isa_bus_info, host, NULL);
 bus->ops = ops;
-isabus = bus;
 }
 
 void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
@@ -63,7 +58,6 @@ void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
 if (!bus || !bus->ops->set_irqs) {
 hw_error("Tried to set isa irqs with no isa bus present.");
 }
-assert(bus == isabus);
 bus->ops->set_irqs(bus, irqs);
 }
 
@@ -78,7 +72,6 @@ qemu_irq isa_get_irq(ISABus *bus, int isairq)
 if (!bus || !bus->ops->get_irq) {
 hw_error("ISA bus invalid");
 }
-assert(bus == isabus);
 return bus->ops->get_irq(bus, isairq);
 }
 
@@ -119,7 +112,6 @@ void isa_register_ioport(ISADevice *dev, MemoryRegion *io, 
uint16_t start)
 {
 ISABus *bus = isa_bus_from_device(dev);
 
-assert(bus == isabus);
 if (!bus || !bus->ops->get_io_space) {
 hw_error("Tried to register I/O port with no isa bus present.");
 }
@@ -157,7 +149,6 @@ ISADevice *isa_create(ISABus *bus, const char *name)
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-assert(bus == isabus);
 dev = qdev_create(&bus->qbus, name);
 return DO_UPCAST(ISADevice, qdev, dev);
 }
@@ -170,7 +161,6 @@ ISADevice *isa_try_create(ISABus *bus, const char *name)
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-assert(bus == isabus);
 dev = qdev_try_create(&bus->qbus, name);
 return DO_UPCAST(ISADevice, qdev, dev);
 }
-- 
1.7.6.3

[Qemu-devel] [PATCH v3 07/16] sun4u: improve bus implementation of EBus bridge

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/sun4u.c |   37 +++--
 1 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/hw/sun4u.c b/hw/sun4u.c
index cdf15ff..d8b8054 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -38,6 +38,7 @@
 #include "loader.h"
 #include "elf.h"
 #include "blockdev.h"
+#include "exec-memory.h"
 
 //#define DEBUG_IRQ
 //#define DEBUG_EBUS
@@ -93,6 +94,8 @@ struct hwdef {
 
 typedef struct EbusState {
 PCIDevice pci_dev;
+ISABus bus;
+qemu_irq *isa_irq;
 MemoryRegion bar0;
 MemoryRegion bar1;
 } EbusState;
@@ -536,20 +539,42 @@ static void dummy_isa_irq_handler(void *opaque, int n, 
int level)
 static void
 pci_ebus_init(PCIBus *bus, int devfn)
 {
-qemu_irq *isa_irq;
-
 pci_create_simple(bus, devfn, "ebus");
-isa_irq = qemu_allocate_irqs(dummy_isa_irq_handler, NULL, 16);
-isa_bus_irqs(isa_irq);
 }
 
+static qemu_irq pci_ebus_get_irq(ISABus *bus, int isairq)
+{
+EbusState *s = container_of(bus, EbusState, bus);
+if (isairq < 0 || isairq >= 16) {
+hw_error("isa irq %d invalid", isairq);
+}
+return s->isa_irq[isairq];
+}
+
+static MemoryRegion *pci_ebus_get_io_space(ISABus *bus)
+{
+EbusState *s = container_of(bus, EbusState, bus);
+return pci_address_space_io(&s->pci_dev);
+}
+
+static MemoryRegion *pci_ebus_get_memory_space(ISABus *bus)
+{
+return get_system_memory();
+}
+
+static ISABusOps pci_ebus_ops = {
+.get_irq = pci_ebus_get_irq,
+.get_io_space = pci_ebus_get_io_space,
+.get_memory_space = pci_ebus_get_memory_space,
+};
+
 static int
 pci_ebus_init1(PCIDevice *pci_dev)
 {
 EbusState *s = DO_UPCAST(EbusState, pci_dev, pci_dev);
 
-isa_bus_bridge_init(&pci_dev->qdev, pci_address_space_io(pci_dev));
-
+isa_bus_new(&s->bus, &pci_ebus_ops, &pci_dev->qdev);
+s->isa_irq = qemu_allocate_irqs(dummy_isa_irq_handler, NULL, 16);
 pci_dev->config[0x04] = 0x06; // command = bus master, pci mem
 pci_dev->config[0x05] = 0x00;
 pci_dev->config[0x06] = 0xa0; // status = fast back-to-back, 66MHz, no 
error
-- 
1.7.6.3

[Qemu-devel] [PATCH v3 08/16] malta: improve bus implementation of PIIX4 bridge

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/mips_malta.c |4 +---
 hw/pc.h |2 +-
 hw/piix4.c  |   37 +++--
 3 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index 1ec1228..67e666d 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -943,13 +943,11 @@ void mips_malta_init (ram_addr_t ram_size,
 /* Southbridge */
 ide_drive_get(hd, MAX_IDE_BUS);
 
-piix4_devfn = piix4_init(pci_bus, 80);
-
 /* Interrupt controller */
 /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
 i8259 = i8259_init(env->irq[2]);
+piix4_devfn = piix4_init(pci_bus, 80, i8259);
 
-isa_bus_irqs(i8259);
 pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
 usb_uhci_piix4_init(pci_bus, piix4_devfn + 2);
 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100, isa_get_irq(9),
diff --git a/hw/pc.h b/hw/pc.h
index 746973f..df7d86a 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -194,7 +194,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int 
*piix_devfn,
 
 /* piix4.c */
 extern PCIDevice *piix4_dev;
-int piix4_init(PCIBus *bus, int devfn);
+int piix4_init(PCIBus *bus, int devfn, qemu_irq *isa_irqs);
 
 /* vga.c */
 enum vga_retrace_method {
diff --git a/hw/piix4.c b/hw/piix4.c
index 9addaae..ce11ef4 100644
--- a/hw/piix4.c
+++ b/hw/piix4.c
@@ -27,11 +27,14 @@
 #include "pci.h"
 #include "isa.h"
 #include "sysbus.h"
+#include "exec-memory.h"
 
 PCIDevice *piix4_dev;
 
 typedef struct PIIX4State {
 PCIDevice dev;
+ISABus bus;
+qemu_irq *isa_irq;
 } PIIX4State;
 
 static void piix4_reset(void *opaque)
@@ -83,21 +86,51 @@ static const VMStateDescription vmstate_piix4 = {
 }
 };
 
+static qemu_irq pci_piix4_get_irq(ISABus *bus, int isairq)
+{
+PIIX4State *s = container_of(bus, PIIX4State, bus);
+if (isairq < 0 || isairq >= 16) {
+hw_error("isa irq %d invalid", isairq);
+}
+return s->isa_irq[isairq];
+}
+
+static MemoryRegion *pci_piix4_get_io_space(ISABus *bus)
+{
+PIIX4State *s = container_of(bus, PIIX4State, bus);
+return pci_address_space_io(&s->dev);
+}
+
+static MemoryRegion *pci_piix4_get_memory_space(ISABus *bus)
+{
+return get_system_memory();
+}
+
+static ISABusOps pci_piix4_ops = {
+.get_irq = pci_piix4_get_irq,
+.get_io_space = pci_piix4_get_io_space,
+.get_memory_space = pci_piix4_get_memory_space,
+};
+
 static int piix4_initfn(PCIDevice *dev)
 {
 PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
 
-isa_bus_bridge_init(&d->dev.qdev, pci_address_space_io(dev));
+isa_bus_new(&d->bus, &pci_piix4_ops, &d->dev.qdev);
 piix4_dev = &d->dev;
 qemu_register_reset(piix4_reset, d);
 return 0;
 }
 
-int piix4_init(PCIBus *bus, int devfn)
+int piix4_init(PCIBus *bus, int devfn, qemu_irq *isa_irqs)
 {
 PCIDevice *d;
+PIIX4State *s;
 
 d = pci_create_simple_multifunction(bus, devfn, true, "PIIX4");
+s = DO_UPCAST(PIIX4State, dev, d);
+s->isa_irq = isa_irqs;
+
 return d->devfn;
 }
 
-- 
1.7.6.3

[Qemu-devel] [PATCH v3 14/16] i8259: add ad-hock variables to please future changes in isa_register_ioport()

[Hervé Poussineau]

This patch should be reverted once i8259 is qdevified

Signed-off-by: Hervé Poussineau 
---
 hw/i8259.c |   29 +++--
 1 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/hw/i8259.c b/hw/i8259.c
index e5323ff..9af2bbb 100644
--- a/hw/i8259.c
+++ b/hw/i8259.c
@@ -499,15 +499,40 @@ static const MemoryRegionOps pic_elcr_ioport_ops = {
 },
 };
 
+static BusState *qbus_find_recursive(BusState *bus, const char *name)
+{
+DeviceState *dev;
+BusState *child, *ret;
+
+if (strcmp(bus->name, name) == 0) {
+return bus;
+}
+
+QLIST_FOREACH(dev, &bus->children, sibling) {
+QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ret = qbus_find_recursive(child, name);
+if (ret) {
+return ret;
+}
+}
+}
+return NULL;
+}
+
 /* XXX: add generic master/slave system */
 static void pic_init1(int io_addr, int elcr_addr, PicState *s)
 {
+ISADevice dev;
+
+memset(&dev, 0, sizeof(dev));
+dev.qdev.parent_bus = qbus_find_recursive(sysbus_get_default(), "isa.0");
+
 memory_region_init_io(&s->base_io, &pic_base_ioport_ops, s, "pic", 2);
 memory_region_init_io(&s->elcr_io, &pic_elcr_ioport_ops, s, "elcr", 1);
 
-isa_register_ioport(NULL, &s->base_io, io_addr);
+isa_register_ioport(&dev, &s->base_io, io_addr);
 if (elcr_addr >= 0) {
-isa_register_ioport(NULL, &s->elcr_io, elcr_addr);
+isa_register_ioport(&dev, &s->elcr_io, elcr_addr);
 }
 
 vmstate_register(NULL, io_addr, &vmstate_pic, s);
-- 
1.7.6.3

[Qemu-devel] [PATCH] memory: Push typedefs into qemu-common

[Jan Kiszka]

From: Jan Kiszka 

There is a circular dependency between memory.h and ioport.h /wrt type
definitions now. Resolve it by pushing MemoryRegion and
MemoryRegionPortio typedefs into qemu-common.h.

Signed-off-by: Jan Kiszka 
---
 ioport.h  |3 ---
 memory.h  |2 --
 qemu-common.h |2 ++
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/ioport.h b/ioport.h
index 968cc23..f1bd663 100644
--- a/ioport.h
+++ b/ioport.h
@@ -52,9 +52,6 @@ uint8_t cpu_inb(pio_addr_t addr);
 uint16_t cpu_inw(pio_addr_t addr);
 uint32_t cpu_inl(pio_addr_t addr);
 
-typedef struct MemoryRegion MemoryRegion;
-typedef struct MemoryRegionPortio MemoryRegionPortio;
-
 typedef struct PortioList {
 const MemoryRegionPortio *ports;
 MemoryRegion *address_space;
diff --git a/memory.h b/memory.h
index d77c1f1..275404a 100644
--- a/memory.h
+++ b/memory.h
@@ -26,8 +26,6 @@
 #include "ioport.h"
 
 typedef struct MemoryRegionOps MemoryRegionOps;
-typedef struct MemoryRegion MemoryRegion;
-typedef struct MemoryRegionPortio MemoryRegionPortio;
 typedef struct MemoryRegionMmio MemoryRegionMmio;
 
 /* Must match *_DIRTY_FLAGS in cpu-all.h.  To be replaced with dynamic
diff --git a/qemu-common.h b/qemu-common.h
index 5e87bdf..8cb26f6 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -264,6 +264,8 @@ typedef struct SSIBus SSIBus;
 typedef struct EventNotifier EventNotifier;
 typedef struct VirtIODevice VirtIODevice;
 typedef struct QEMUSGList QEMUSGList;
+typedef struct MemoryRegion MemoryRegion;
+typedef struct MemoryRegionPortio MemoryRegionPortio;
 
 typedef uint64_t pcibus_t;
 

[Qemu-devel] [PATCH v3 12/16] isa: give bus to isa_get_irq() and isa_bus_irqs()

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/i8254.c |2 +-
 hw/ide.h   |   12 
 hw/ide/piix.c  |   30 ++
 hw/ide/via.c   |   18 ++
 hw/isa-bus.c   |6 +++---
 hw/isa.h   |4 ++--
 hw/mips_fulong2e.c |2 +-
 hw/mips_jazz.c |2 +-
 hw/mips_malta.c|6 +++---
 hw/mips_r4k.c  |2 +-
 hw/pc_piix.c   |   11 ++-
 hw/ppc_prep.c  |2 +-
 12 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/hw/i8254.c b/hw/i8254.c
index 12571ef..cb391de 100644
--- a/hw/i8254.c
+++ b/hw/i8254.c
@@ -525,7 +525,7 @@ static int pit_initfn(ISADevice *dev)
 s = &pit->channels[0];
 /* the timer 0 is connected to an IRQ */
 s->irq_timer = qemu_new_timer_ns(vm_clock, pit_irq_timer, s);
-s->irq = isa_get_irq(pit->irq);
+s->irq = isa_get_irq(isa_bus_from_device(dev), pit->irq);
 
 memory_region_init_io(&pit->ioports, &pit_ioport_ops, pit, "pit", 4);
 isa_register_ioport(dev, &pit->ioports, pit->iobase);
diff --git a/hw/ide.h b/hw/ide.h
index 7075170..f1cfeb1 100644
--- a/hw/ide.h
+++ b/hw/ide.h
@@ -13,10 +13,14 @@ ISADevice *isa_ide_init(ISABus *bus, int iobase, int 
iobase2, int isairq,
 /* ide-pci.c */
 void pci_cmd646_ide_init(PCIBus *bus, DriveInfo **hd_table,
  int secondary_ide_enabled);
-PCIDevice *pci_piix3_xen_ide_init(PCIBus *bus, DriveInfo **hd_table, int 
devfn);
-PCIDevice *pci_piix3_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-PCIDevice *pci_piix4_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
-void vt82c686b_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn);
+PCIDevice *pci_piix3_xen_ide_init(PCIBus *pci_bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn);
+PCIDevice *pci_piix3_ide_init(PCIBus *bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn);
+PCIDevice *pci_piix4_ide_init(PCIBus *bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn);
+void vt82c686b_ide_init(PCIBus *pci_bus, ISABus *isa_bus, DriveInfo **hd_table,
+int devfn);
 
 /* ide-macio.c */
 MemoryRegion *pmac_ide_init (DriveInfo **hd_table, qemu_irq irq,
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 88d3181..70b7835 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -121,7 +121,8 @@ static void piix3_reset(void *opaque)
 pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
 }
 
-static void pci_piix_init_ports(PCIIDEState *d) {
+static void pci_piix_init_legacy_ports(ISABus *isa_bus, PCIIDEState *d)
+{
 int i;
 struct {
 int iobase;
@@ -135,8 +136,15 @@ static void pci_piix_init_ports(PCIIDEState *d) {
 for (i = 0; i < 2; i++) {
 ide_bus_new(&d->bus[i], &d->dev.qdev, i);
 ide_init_ioport(&d->bus[i], port_info[i].iobase, port_info[i].iobase2);
-ide_init2(&d->bus[i], isa_get_irq(port_info[i].isairq));
+ide_init2(&d->bus[i], isa_get_irq(isa_bus, port_info[i].isairq));
+}
+}
 
+static void pci_piix_init_ports(PCIIDEState *d)
+{
+int i;
+
+for (i = 0; i < 2; i++) {
 bmdma_init(&d->bus[i], &d->bmdma[i], d);
 d->bmdma[i].bus = &d->bus[i];
 qemu_add_vm_change_state_handler(d->bus[i].dma->ops->restart_cb,
@@ -189,11 +197,13 @@ static int pci_piix3_xen_ide_unplug(DeviceState *dev)
 return 0;
 }
 
-PCIDevice *pci_piix3_xen_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn)
+PCIDevice *pci_piix3_xen_ide_init(PCIBus *pci_bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn)
 {
 PCIDevice *dev;
 
-dev = pci_create_simple(bus, devfn, "piix3-ide-xen");
+dev = pci_create_simple(pci_bus, devfn, "piix3-ide-xen");
+pci_piix_init_legacy_ports(isa_bus, DO_UPCAST(PCIIDEState, dev, dev));
 dev->qdev.info->unplug = pci_piix3_xen_ide_unplug;
 pci_ide_create_devs(dev, hd_table);
 return dev;
@@ -217,22 +227,26 @@ static int pci_piix_ide_exitfn(PCIDevice *dev)
 
 /* hd_table must contain 4 block drivers */
 /* NOTE: for the PIIX3, the IRQs and IOports are hardcoded */
-PCIDevice *pci_piix3_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn)
+PCIDevice *pci_piix3_ide_init(PCIBus *pci_bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn)
 {
 PCIDevice *dev;
 
-dev = pci_create_simple(bus, devfn, "piix3-ide");
+dev = pci_create_simple(pci_bus, devfn, "piix3-ide");
+pci_piix_init_legacy_ports(isa_bus, DO_UPCAST(PCIIDEState, dev, dev));
 pci_ide_create_devs(dev, hd_table);
 return dev;
 }
 
 /* hd_table must contain 4 block drivers */
 /* NOTE: for the PIIX4, the IRQs and IOports are hardcoded */
-PCIDevice *pci_piix4_ide_init(PCIBus *bus, DriveInfo **hd_table, int devfn)
+PCIDevice *pci_piix4_ide_init(PCIBus *pci_bus, ISABus *isa_bus,
+  DriveInfo **hd_table, int devfn)
 {
 PCIDevice *dev;
 
-dev = 

[Qemu-devel] [PATCH v3 09/16] isa: remove unused parameter to isa_bus_bridge_init()

[Hervé Poussineau]

Remove code which is now dead

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c   |   60 +++
 hw/isa.h   |2 +-
 hw/mips_jazz.c |2 +-
 hw/mips_r4k.c  |2 +-
 hw/pc_piix.c   |2 +-
 hw/ppc_prep.c  |2 +-
 6 files changed, 13 insertions(+), 57 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index dd539e5..e783a7f 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -24,8 +24,6 @@
 
 static ISABus *isabus;
 target_phys_addr_t isa_mem_base = 0;
-static qemu_irq *isa_bus_default_irqs;
-static MemoryRegion *isa_bus_io_space;
 
 static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *isabus_get_fw_dev_path(DeviceState *dev);
@@ -37,59 +35,17 @@ static struct BusInfo isa_bus_info = {
 .get_fw_dev_path = isabus_get_fw_dev_path,
 };
 
-static void isa_bus_default_set_irqs(ISABus *bus, qemu_irq *irqs)
+ISABus *isa_bus_bridge_init(MemoryRegion *address_space_io)
 {
-isa_bus_default_irqs = irqs;
-}
-
-static qemu_irq isa_bus_default_get_irq(ISABus *bus, int isairq)
-{
-if (isairq < 0 || isairq > 15) {
-hw_error("isa irq %d invalid", isairq);
-}
-return isa_bus_default_irqs[isairq];
-}
-
-static void isa_bus_default_set_io_space(ISABus *bus, MemoryRegion *io_space)
-{
-isa_bus_io_space = io_space;
-}
-
-static MemoryRegion *isa_bus_default_get_io_space(ISABus *bus)
-{
-return isa_bus_io_space;
-}
-
-static MemoryRegion *isa_bus_default_get_memory_space(ISABus *bus)
-{
-return get_system_memory();
-}
-
-static ISABusOps isa_bus_default_ops = {
-.set_irqs = isa_bus_default_set_irqs,
-.get_irq = isa_bus_default_get_irq,
-.set_io_space = isa_bus_default_set_io_space,
-.get_io_space = isa_bus_default_get_io_space,
-.get_memory_space = isa_bus_default_get_memory_space,
-};
-
-ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io)
-{
-if (isabus) {
-fprintf(stderr, "Can't create a second ISA bus\n");
-return NULL;
-}
-if (NULL == dev) {
-dev = qdev_create(NULL, "isabus-bridge");
-qdev_init_nofail(dev);
-} else {
-isabus = FROM_QBUS(ISABus, qbus_create(&isa_bus_info, dev, NULL));
-isabus->ops = &isa_bus_default_ops;
-}
+DeviceState *dev;
+ISABus *bus;
 
-isabus->ops->set_io_space(isabus, address_space_io);
+dev = qdev_create(NULL, "isabus-bridge");
+qdev_init_nofail(dev);
+bus = FROM_QBUS(ISABus, QLIST_FIRST(&dev->child_bus));
+bus->ops->set_io_space(bus, address_space_io);
 
-return isabus;
+return bus;
 }
 
 void isa_bus_new(ISABus *bus, ISABusOps *ops, DeviceState *host)
diff --git a/hw/isa.h b/hw/isa.h
index 8d439b5..551f3c4 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -42,7 +42,7 @@ struct ISABusOps {
 MemoryRegion *(*get_memory_space)(ISABus *bus);
 };
 
-ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io);
+ISABus *isa_bus_bridge_init(MemoryRegion *address_space_io);
 
 void isa_bus_new(ISABus *bus, ISABusOps *ops, DeviceState *host);
 void isa_bus_irqs(qemu_irq *irqs);
diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index d06eacd..3be9136 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -183,7 +183,7 @@ static void mips_jazz_init(MemoryRegion *address_space,
 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
 
 /* ISA devices */
-isa_bus = isa_bus_bridge_init(NULL, address_space_io);
+isa_bus = isa_bus_bridge_init(address_space_io);
 i8259 = i8259_init(env->irq[4]);
 isa_bus_irqs(i8259);
 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
diff --git a/hw/mips_r4k.c b/hw/mips_r4k.c
index 6562fb3..3fdde27 100644
--- a/hw/mips_r4k.c
+++ b/hw/mips_r4k.c
@@ -256,7 +256,7 @@ void mips_r4k_init (ram_addr_t ram_size,
 cpu_mips_clock_init(env);
 
 /* The PIC is attached to the MIPS CPU INT0 pin */
-isa_bus_bridge_init(NULL, get_system_io());
+isa_bus_bridge_init(get_system_io());
 i8259 = i8259_init(env->irq[2]);
 isa_bus_irqs(i8259);
 
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 7ccbfca..85b4d34 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -147,7 +147,7 @@ static void pc_init1(MemoryRegion *system_memory,
 } else {
 pci_bus = NULL;
 i440fx_state = NULL;
-isa_bus = isa_bus_bridge_init(NULL, system_io);
+isa_bus = isa_bus_bridge_init(system_io);
 no_hpet = 1;
 }
 isa_bus_irqs(isa_irq);
diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c
index 808c83e..d1e73d1 100644
--- a/hw/ppc_prep.c
+++ b/hw/ppc_prep.c
@@ -649,7 +649,7 @@ static void ppc_prep_init (ram_addr_t ram_size,
 hw_error("Only 6xx bus is supported on PREP machine\n");
 }
 /* Hmm, prep has no pci-isa bridge ??? */
-isa_bus_bridge_init(NULL, get_system_io());
+isa_bus_bridge_init(get_system_io());
 i8259 = i8259_init(first_cpu->irq_inputs[PPC6xx_INPUT_INT]);
 pci_bus = pci_prep_init(i8259, get_syste

[Qemu-devel] [PATCH] Fix mismatching allocation and deallocation

[Stefan Weil]

This error was reported by cppcheck.

Signed-off-by: Stefan Weil 
---
 console.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/console.c b/console.c
index 6dfcc47..e43de92 100644
--- a/console.c
+++ b/console.c
@@ -1538,7 +1538,7 @@ int text_console_init(QemuOpts *opts, CharDriverState 
**_chr)
 }
 
 if (!s) {
-free(chr);
+g_free(chr);
 return -EBUSY;
 }
 
-- 
1.7.2.5

[Qemu-devel] [PATCH v3 03/16] isa: correctly implement isa_address_space(), by calling a bus-specific function

[Hervé Poussineau]

This method can be used later to remove the isa_mem_base variable.

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bridge.c |7 +++
 hw/isa-bus.c|   13 -
 hw/isa.h|6 ++
 3 files changed, 25 insertions(+), 1 deletions(-)

diff --git a/hw/isa-bridge.c b/hw/isa-bridge.c
index 6f51701..de7c46b 100644
--- a/hw/isa-bridge.c
+++ b/hw/isa-bridge.c
@@ -19,6 +19,7 @@
 
 #include "isa.h"
 #include "sysbus.h"
+#include "exec-memory.h"
 
 typedef struct {
 SysBusDevice busdev;
@@ -54,11 +55,17 @@ static MemoryRegion *isa_bridge_get_io_space(ISABus *bus)
 return s->io_space;
 }
 
+static MemoryRegion *isa_bridge_get_memory_space(ISABus *bus)
+{
+return get_system_memory();
+}
+
 static ISABusOps isabus_bridge_ops = {
 .set_irqs = isabus_bridge_set_irqs,
 .get_irq = isabus_bridge_get_irq,
 .set_io_space = isa_bridge_set_io_space,
 .get_io_space = isa_bridge_get_io_space,
+.get_memory_space = isa_bridge_get_memory_space,
 };
 
 static int isabus_bridge_init(SysBusDevice *dev)
diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index f8b5dcb..dd539e5 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -60,11 +60,17 @@ static MemoryRegion *isa_bus_default_get_io_space(ISABus 
*bus)
 return isa_bus_io_space;
 }
 
+static MemoryRegion *isa_bus_default_get_memory_space(ISABus *bus)
+{
+return get_system_memory();
+}
+
 static ISABusOps isa_bus_default_ops = {
 .set_irqs = isa_bus_default_set_irqs,
 .get_irq = isa_bus_default_get_irq,
 .set_io_space = isa_bus_default_set_io_space,
 .get_io_space = isa_bus_default_get_io_space,
+.get_memory_space = isa_bus_default_get_memory_space,
 };
 
 ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io)
@@ -247,6 +253,11 @@ static char *isabus_get_fw_dev_path(DeviceState *dev)
 
 MemoryRegion *isa_address_space(ISADevice *dev)
 {
-return get_system_memory();
+ISABus *bus = isa_bus_from_device(dev);
+
+if (!bus->ops->get_memory_space) {
+hw_error("Tried to get isa address space on invalid isa bus.");
+}
+return bus->ops->get_memory_space(bus);
 }
 
diff --git a/hw/isa.h b/hw/isa.h
index 3437199..8d439b5 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -39,6 +39,7 @@ struct ISABusOps {
 qemu_irq (*get_irq)(ISABus *bus, int isairq);
 void (*set_io_space)(ISABus *bus, MemoryRegion *address_space);
 MemoryRegion *(*get_io_space)(ISABus *bus);
+MemoryRegion *(*get_memory_space)(ISABus *bus);
 };
 
 ISABus *isa_bus_bridge_init(DeviceState *dev, MemoryRegion *address_space_io);
@@ -56,6 +57,11 @@ ISADevice *isa_create(const char *name);
 ISADevice *isa_try_create(const char *name);
 ISADevice *isa_create_simple(const char *name);
 
+static inline ISABus *isa_bus_from_device(ISADevice *d)
+{
+return FROM_QBUS(ISABus, qdev_get_parent_bus(&d->qdev));
+}
+
 extern target_phys_addr_t isa_mem_base;
 
 void isa_mmio_setup(MemoryRegion *mr, target_phys_addr_t size);
-- 
1.7.6.3

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

On 10/01/2011 10:31 AM, Blue Swirl wrote:

Therefore it is incorrect to perform any qemu_irq activities during
reset (also VM restore like the original example), don't you agree?


It is not incorrect.  Real hardware updates outputs on RESET assertion, 
and real hardware deals with devices entering reset at different times 
(due to signal propagation delay or slow devices).



If we continued to reset all the devices (call the reset handlers
multiple times), eventually machine state should stabilize (equivalent
of real HW with nice long reset pulses), but on QEMU the reset event
is infinitely short so we have to be more careful.


calling qemu_irq_pulse(reset) simulates a reset signal of any length 
(since nothing happens between the two edges).



Actually I don't think that even a two-phase reset with qemu_irq or
Pin activity on the second phase would produce correct results in
every obscure case. Though this may be detectable since the start
state would be known.


The output signals have to stabilize before the second edge of the reset 
signal.


--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH v3 15/16] isa: remove useless test in isa_register_ioport()

[Hervé Poussineau]

Use ISA bus from given device instead of global ISA bus

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c |   12 ++--
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index 2f9ad24..ab8dbe9 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -117,18 +117,18 @@ void isa_init_ioport(ISADevice *dev, uint16_t ioport)
 
 void isa_register_ioport(ISADevice *dev, MemoryRegion *io, uint16_t start)
 {
-ISABus *bus = isabus;
+ISABus *bus = isa_bus_from_device(dev);
 
+assert(bus == isabus);
 if (!bus || !bus->ops->get_io_space) {
 hw_error("Tried to register I/O port with no isa bus present.");
 }
 
 memory_region_add_subregion(bus->ops->get_io_space(bus), start, io);
-if (dev != NULL) {
-assert(dev->nio < ARRAY_SIZE(dev->io));
-dev->io[dev->nio++] = io;
-isa_init_ioport_range(dev, start, memory_region_size(io));
-}
+
+assert(dev->nio < ARRAY_SIZE(dev->io));
+dev->io[dev->nio++] = io;
+isa_init_ioport_range(dev, start, memory_region_size(io));
 }
 
 static int isa_qdev_init(DeviceState *qdev, DeviceInfo *base)
-- 
1.7.6.3

Re: [Qemu-devel] [PATCH] memory: Push typedefs into qemu-common

[Avi Kivity]

On 10/02/2011 06:42 PM, Jan Kiszka wrote:

From: Jan Kiszka

There is a circular dependency between memory.h and ioport.h /wrt type
definitions now. Resolve it by pushing MemoryRegion and
MemoryRegionPortio typedefs into qemu-common.h.




Yuck.  I'll just change PortioList to say 'struct MemoryRegion'.

I'm still surprised I don't see it.

--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH v3 13/16] isa: use bus given in parameter to get/set irqs on specified ISA bus

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c |   10 ++
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index 4a95834..2f9ad24 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -60,10 +60,11 @@ void isa_bus_new(ISABus *bus, ISABusOps *ops, DeviceState 
*host)
 
 void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
 {
-if (!isabus || !isabus->ops->set_irqs) {
+if (!bus || !bus->ops->set_irqs) {
 hw_error("Tried to set isa irqs with no isa bus present.");
 }
-isabus->ops->set_irqs(isabus, irqs);
+assert(bus == isabus);
+bus->ops->set_irqs(bus, irqs);
 }
 
 /*
@@ -74,10 +75,11 @@ void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
  */
 qemu_irq isa_get_irq(ISABus *bus, int isairq)
 {
-if (!isabus || !isabus->ops->get_irq) {
+if (!bus || !bus->ops->get_irq) {
 hw_error("ISA bus invalid");
 }
-return isabus->ops->get_irq(isabus, isairq);
+assert(bus == isabus);
+return bus->ops->get_irq(bus, isairq);
 }
 
 void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
-- 
1.7.6.3

[Qemu-devel] [PATCH v3 10/16] isa: give bus to isa_create() and isa_try_create() methods

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/cs4231a.c   |2 +-
 hw/fdc.h   |4 ++--
 hw/gus.c   |2 +-
 hw/ide.h   |2 +-
 hw/ide/isa.c   |4 ++--
 hw/isa-bus.c   |8 
 hw/isa.h   |6 +++---
 hw/m48t59.c|5 +++--
 hw/mc146818rtc.c   |4 ++--
 hw/mc146818rtc.h   |2 +-
 hw/mips_fulong2e.c |   18 +-
 hw/mips_jazz.c |4 ++--
 hw/mips_malta.c|   19 ++-
 hw/mips_r4k.c  |   17 +
 hw/nvram.h |3 ++-
 hw/pc.c|   34 +-
 hw/pc.h|   34 ++
 hw/pc_piix.c   |9 +
 hw/piix4.c |6 --
 hw/ppc_prep.c  |   16 +---
 hw/sb16.c  |2 +-
 hw/sun4u.c |   19 +++
 hw/vt82c686.c  |4 ++--
 hw/vt82c686.h  |2 +-
 24 files changed, 120 insertions(+), 106 deletions(-)

diff --git a/hw/cs4231a.c b/hw/cs4231a.c
index e697634..4f5e21c 100644
--- a/hw/cs4231a.c
+++ b/hw/cs4231a.c
@@ -661,7 +661,7 @@ static int cs4231a_initfn (ISADevice *dev)
 
 int cs4231a_init (ISABus *bus)
 {
-isa_create_simple ("cs4231a");
+isa_create_simple (bus, "cs4231a");
 return 0;
 }
 
diff --git a/hw/fdc.h b/hw/fdc.h
index 09f73c6..30bd56e 100644
--- a/hw/fdc.h
+++ b/hw/fdc.h
@@ -7,11 +7,11 @@
 /* fdc.c */
 #define MAX_FD 2
 
-static inline void fdctrl_init_isa(DriveInfo **fds)
+static inline void fdctrl_init_isa(ISABus *bus, DriveInfo **fds)
 {
 ISADevice *dev;
 
-dev = isa_try_create("isa-fdc");
+dev = isa_try_create(bus, "isa-fdc");
 if (!dev) {
 return;
 }
diff --git a/hw/gus.c b/hw/gus.c
index 2f40fcd..dc8a757 100644
--- a/hw/gus.c
+++ b/hw/gus.c
@@ -296,7 +296,7 @@ static int gus_initfn (ISADevice *dev)
 
 int GUS_init (ISABus *bus)
 {
-isa_create_simple ("gus");
+isa_create_simple (bus, "gus");
 return 0;
 }
 
diff --git a/hw/ide.h b/hw/ide.h
index 9059aae..7075170 100644
--- a/hw/ide.h
+++ b/hw/ide.h
@@ -7,7 +7,7 @@
 #define MAX_IDE_DEVS   2
 
 /* ide-isa.c */
-ISADevice *isa_ide_init(int iobase, int iobase2, int isairq,
+ISADevice *isa_ide_init(ISABus *bus, int iobase, int iobase2, int isairq,
 DriveInfo *hd0, DriveInfo *hd1);
 
 /* ide-pci.c */
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 28b69d2..fb51b84 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -75,13 +75,13 @@ static int isa_ide_initfn(ISADevice *dev)
 return 0;
 };
 
-ISADevice *isa_ide_init(int iobase, int iobase2, int isairq,
+ISADevice *isa_ide_init(ISABus *bus, int iobase, int iobase2, int isairq,
 DriveInfo *hd0, DriveInfo *hd1)
 {
 ISADevice *dev;
 ISAIDEState *s;
 
-dev = isa_create("isa-ide");
+dev = isa_create(bus, "isa-ide");
 qdev_prop_set_uint32(&dev->qdev, "iobase",  iobase);
 qdev_prop_set_uint32(&dev->qdev, "iobase2", iobase2);
 qdev_prop_set_uint32(&dev->qdev, "irq", isairq);
diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index e783a7f..ecc5375 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -147,7 +147,7 @@ void isa_qdev_register(ISADeviceInfo *info)
 qdev_register(&info->qdev);
 }
 
-ISADevice *isa_create(const char *name)
+ISADevice *isa_create(ISABus *bus, const char *name)
 {
 DeviceState *dev;
 
@@ -159,7 +159,7 @@ ISADevice *isa_create(const char *name)
 return DO_UPCAST(ISADevice, qdev, dev);
 }
 
-ISADevice *isa_try_create(const char *name)
+ISADevice *isa_try_create(ISABus *bus, const char *name)
 {
 DeviceState *dev;
 
@@ -171,11 +171,11 @@ ISADevice *isa_try_create(const char *name)
 return DO_UPCAST(ISADevice, qdev, dev);
 }
 
-ISADevice *isa_create_simple(const char *name)
+ISADevice *isa_create_simple(ISABus *bus, const char *name)
 {
 ISADevice *dev;
 
-dev = isa_create(name);
+dev = isa_create(bus, name);
 qdev_init_nofail(&dev->qdev);
 return dev;
 }
diff --git a/hw/isa.h b/hw/isa.h
index 551f3c4..484180c 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -53,9 +53,9 @@ void isa_init_ioport(ISADevice *dev, uint16_t ioport);
 void isa_init_ioport_range(ISADevice *dev, uint16_t start, uint16_t length);
 void isa_qdev_register(ISADeviceInfo *info);
 MemoryRegion *isa_address_space(ISADevice *dev);
-ISADevice *isa_create(const char *name);
-ISADevice *isa_try_create(const char *name);
-ISADevice *isa_create_simple(const char *name);
+ISADevice *isa_create(ISABus *bus, const char *name);
+ISADevice *isa_try_create(ISABus *bus, const char *name);
+ISADevice *isa_create_simple(ISABus *bus, const char *name);
 
 static inline ISABus *isa_bus_from_device(ISADevice *d)
 {
diff --git a/hw/m48t59.c b/hw/m48t59.c
index 0cc361e..582b0d7 100644
--- a/hw/m48t59.c
+++ b/hw/m48t59.c
@@ -655,13 +655,14 @@ M48t59State *m48t59_init(qemu_irq IRQ, target_phys_addr_t 
mem_base,
 return state;
 }
 
-M48t59State *m48t59_init_isa(uint32_t io_base, uint16_t size, int type)
+M48t59State *m

Re: [Qemu-devel] [Spice-devel] viewing continuous guest virtual memory as continuous in qemu

[Avi Kivity]

On 10/02/2011 04:31 PM, Alon Levy wrote:

On Sun, Oct 02, 2011 at 03:24:36PM +0200, Alon Levy wrote:
>  Hi,
>

Converting qemu's ram allocation to a mmap and using remap_file_pages seems
like it could work. Any ideas why it wouldn't?



It's linux-specific.  Also, does it work on anonymous memory?

I suggest using scatter-gather, though it's annoying.

--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH v3 11/16] isa: use bus given in parameter to create device on specified ISA bus

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/isa-bus.c |   10 ++
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index ecc5375..cdfed29 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -151,11 +151,12 @@ ISADevice *isa_create(ISABus *bus, const char *name)
 {
 DeviceState *dev;
 
-if (!isabus) {
+if (!bus) {
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-dev = qdev_create(&isabus->qbus, name);
+assert(bus == isabus);
+dev = qdev_create(&bus->qbus, name);
 return DO_UPCAST(ISADevice, qdev, dev);
 }
 
@@ -163,11 +164,12 @@ ISADevice *isa_try_create(ISABus *bus, const char *name)
 {
 DeviceState *dev;
 
-if (!isabus) {
+if (!bus) {
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-dev = qdev_try_create(&isabus->qbus, name);
+assert(bus == isabus);
+dev = qdev_try_create(&bus->qbus, name);
 return DO_UPCAST(ISADevice, qdev, dev);
 }
 
-- 
1.7.6.3

Re: [Qemu-devel] Qemu - compiling error in tcg.c - flush_icache_range

[Mulyadi Santosa]

Hi :)

Don't forget to cc qemu-devel too next time :)

On Sun, Oct 2, 2011 at 21:43, Maurizio Caloro  wrote:
> After "git" the new source i don't realy found any solution, but changing the 
> lines now Qmue0.15.0 running also in me Netbsd G4 Mac. Proparly this change 
> are only "*BSD" conform and not any coding mistake. Sorry for confusing but 
> and thanks very mutch for your Help and Input!

Great, glad you fixed it :)

So, looks like you're quite read to submit a patch to fix this thing
in upstream git repository :)

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Jan Kiszka]

On 2011-10-02 18:39, Avi Kivity wrote:
> On 09/28/2011 09:01 PM, Blue Swirl wrote:
>> On Wed, Sep 28, 2011 at 11:00 AM, Jan Kiszka 
>> wrote:
>> >  As we clearly modify the PIC state on pic_reset, we also have to
>> update
>> >  the IRQ output. This only happened on init so far. Apply this
>> >  consistently.
>>
>> Nack, IRQ lines shouldn't be touched on reset. The other side may not
>> be ready for receiving the interrupt change and qemu_irqs are
>> stateless anyway.
>>
> 
> The way to fix it is two-phase reset:
> 
> phase 1: reset internal state (-> move all outputs to reset values),
> don't sample inputs yet
> phase 2: allow sampling inputs

As far as I understood Anthony's QOM plans, phase 1 will correspond to
"unrealize", phase 2 to "realize".

However, we do not depend on two phases in this particular case (i8259)
and can live with a coalescing both for now.

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] QEMU + ARM11MPCore

[TusharK]

Hello,

I tried executing QEMU (realview-smp ARM11MPCore) with Linux kernel 2.6.39.3, 
but it failed. Kernel itself is not getting decompressed. I compiled the kernel 
with realview-smp_config and build was successful. Can you please let me know 
how can test QEMU + ARM11MPcore combination.





Thanks & Regards,

TK

Re: [Qemu-devel] segfault on current HEAD, qemu-system-arm

[Blue Swirl]

On Sun, Oct 2, 2011 at 2:20 PM, Avi Kivity  wrote:
> 3917149 gives me this:
>
> [root@westmere-ep arm-test]# gdb --args qemu-system-arm -kernel
> zImage.integrator -initrd arm_root.img
> GNU gdb (GDB) Fedora (7.3-41.fc15)
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> ...
> Reading symbols from /usr/local/bin/qemu-system-arm...done.
> (gdb) r
> Starting program: /usr/local/bin/qemu-system-arm -kernel zImage.integrator
> -initrd arm_root.img
> [Thread debugging using libthread_db enabled]
> [New Thread 0x74a5d700 (LWP 12467)]
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x74a5d700 (LWP 12467)]
> 0x005bcee6 in get_phys_addr (env=0x0, address=0, access_type=2,
> is_user=0, phys_ptr=0x74a5c994, prot=0x74a5c99c, page_size=
>    0x74a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
> 1275            address += env->cp15.c13_fcse;
> Missing separate debuginfos, use: debuginfo-install
> SDL-1.2.14-11.fc15.x86_64 bzip2-libs-1.0.6-3.fc15.x86_64
> celt051-0.5.1.3-3.fc15.x86_64 cyrus-sasl-lib-2.1.23-18.fc15.x86_64
> glib2-2.28.8-1.fc15.x86_64 glibc-2.14-5.x86_64
> keyutils-libs-1.2-7.fc15.x86_64 krb5-libs-1.9.1-5.fc15.x86_64
> libX11-1.4.3-1.fc15.x86_64 libXau-1.0.6-2.fc15.x86_64
> libXcursor-1.1.11-3.fc15.x86_64 libXext-1.2.0-2.fc15.x86_64
> libXfixes-5.0-1.fc15.x86_64 libXrandr-1.3.1-2.fc15.x86_64
> libXrender-0.9.6-2.fc15.x86_64 libcom_err-1.41.14-2.fc15.x86_64
> libcurl-7.21.3-9.fc15.x86_64 libgcc-4.6.0-10.fc15.x86_64
> libidn-1.19-2.fc15.x86_64 libjpeg-turbo-1.1.1-1.fc15.x86_64
> libpng-1.2.46-1.fc15.x86_64 libselinux-2.0.99-4.fc15.x86_64
> libssh2-1.2.7-1.fc15.x86_64 libxcb-1.7-2.fc15.x86_64
> ncurses-libs-5.8-2.20110319.fc15.x86_64 nspr-4.8.8-1.fc15.x86_64
> nss-3.12.10-5.fc15.x86_64 nss-softokn-freebl-3.12.10-2.fc15.x86_64
> nss-util-3.12.10-1.fc15.x86_64 openldap-2.4.24-3.fc15.x86_64
> openssl-1.0.0d-1.fc15.x86_64 pixman-0.20.2-2.fc15.x86_64
> spice-server-0.8.1-1.fc15.x86_64 xen-libs-4.1.1-3.fc15.x86_64
> xz-libs-5.0.3-1.fc15.x86_64 zlib-1.2.5-3.fc15.x86_64
> (gdb) bt
> #0  0x005bcee6 in get_phys_addr (env=0x0, address=0, access_type=2,
> is_user=0, phys_ptr=0x74a5c994, prot=0x74a5c99c, page_size=
>    0x74a5c998) at /home/tlv/akivity/qemu/target-arm/helper.c:1275
> #1  0x005bd036 in cpu_arm_handle_mmu_fault (env=0x0, address=0,
> access_type=2, mmu_idx=0)
>    at /home/tlv/akivity/qemu/target-arm/helper.c:1305

Bah, bug in bccd9ec5f098668576342c83d90d6d6833d61d33,
target-arm/op_helper.c missed this change unlike all other targets:
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index ab9c923..1892b35 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -84,6 +84,7 @@ void tlb_fill(CPUState *env1, target_ulong addr, int
is_write, int mmu_idx,
 int ret;

 saved_env = env;
+env = env1;
 ret = cpu_arm_handle_mmu_fault(env, addr, is_write, mmu_idx);
 if (unlikely(ret)) {
 if (retaddr) {

> #2  0x0061ceba in tlb_fill (env1=0x1293c40, addr=0, is_write=2,
> mmu_idx=0, retaddr=0x0)
>    at /home/tlv/akivity/qemu/target-arm/op_helper.c:87
> #3  0x005a0a99 in __ldb_cmmu (addr=0, mmu_idx=0) at
> /home/tlv/akivity/qemu/softmmu_template.h:139
> #4  0x005934c9 in ldub_code (ptr=0) at
> /home/tlv/akivity/qemu/softmmu_header.h:96
> #5  0x005935ad in get_page_addr_code (env1=0x1293c40, addr=0) at
> /home/tlv/akivity/qemu/exec-all.h:333
> #6  0x00593889 in tb_find_slow (env=0x1293c40, pc=0, cs_base=0,
> flags=64) at /home/tlv/akivity/qemu/cpu-exec.c:95
> #7  0x00593ae4 in tb_find_fast (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpu-exec.c:151
> #8  0x00593f0a in cpu_arm_exec (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpu-exec.c:533
> #9  0x00596007 in tcg_cpu_exec (env=0x1293c40) at
> /home/tlv/akivity/qemu/cpus.c:913
> #10 0x00596113 in cpu_exec_all () at
> /home/tlv/akivity/qemu/cpus.c:949
> #11 0x005957ec in qemu_tcg_cpu_thread_fn (arg=0x1293c40) at
> /home/tlv/akivity/qemu/cpus.c:688
> #12 0x00341d407b31 in start_thread () from /lib64/libpthread.so.0
> #13 0x00341d0dfd2d in clone () from /lib64/libc.so.6
>
> --
> error compiling committee.c: too many arguments to function
>
>
>

Re: [Qemu-devel] QEMU + ARM11MPCore

[Andreas Färber]

Am 02.10.2011 20:06, schrieb TusharK:
> I tried executing QEMU (realview-smp ARM11MPCore) with Linux kernel
> 2.6.39.3, but it failed. Kernel itself is not getting decompressed.

Which command line? Any output?

Andreas

[Qemu-devel] [RFC 2/2] target-arm: Add support for Cortex-R4F

[Andreas Färber]

All CPU-dependent initializations are currently done based on MIDR.
Cortex-R4F shares the MIDR with Cortex-R4 though. Therefore consider the
CPU model string, too (which is not cleared on reset).

Cc: Peter Maydell 
Signed-off-by: Andreas Färber 
---
 target-arm/helper.c |   35 +++
 1 files changed, 35 insertions(+), 0 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 21be805..2273492 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -196,6 +196,40 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t 
id)
 /* TODO other features */
 set_feature(env, ARM_FEATURE_THUMB2);
 set_feature(env, ARM_FEATURE_V7);
+if (strcmp(env->cpu_model_str, "cortex-r4f") == 0) {
+uint8_t r = (id >> 20) & 0xf;
+uint8_t p = id & 0xf;
+uint8_t rev = 0;
+set_feature(env, ARM_FEATURE_VFP);
+set_feature(env, ARM_FEATURE_VFP3);
+/* TODO VFPv3-D16 */
+/* Calculate FPSID value matching to MIDR */
+if (r == 1) {
+switch (p) {
+case 0:
+rev = 0x3;
+break;
+case 1:
+rev = 0x4;
+break;
+case 2:
+rev = 0x6;
+break;
+case 3:
+rev = 0x7;
+break;
+case 4:
+rev = 0x8;
+break;
+}
+}
+if (rev == 0) {
+cpu_abort(env,
+  "Cortex-R4F r%" PRIu8 "p%" PRIu8 " unsupported",
+  r, p);
+}
+env->vfp.xregs[ARM_VFP_FPSID] = 0x41023140 | (rev & 0xf);
+}
 memcpy(env->cp15.c0_c1, cortexr4_cp15_c0_c1, 8 * sizeof(uint32_t));
 memcpy(env->cp15.c0_c2, cortexr4_cp15_c0_c2, 8 * sizeof(uint32_t));
 break;
@@ -438,6 +472,7 @@ static const struct arm_cpu_t arm_cpu_names[] = {
 { ARM_CPUID_CORTEXA8, "cortex-a8"},
 { ARM_CPUID_CORTEXA9, "cortex-a9"},
 { ARM_CPUID_CORTEXR4_R1P4, "cortex-r4"},
+{ ARM_CPUID_CORTEXR4_R1P4, "cortex-r4f"},
 { ARM_CPUID_TI925T, "ti925t" },
 { ARM_CPUID_PXA250, "pxa250" },
 { ARM_CPUID_SA1100,"sa1100" },
-- 
1.7.3.4

[Qemu-devel] [RFC 0/2] target-arm: Adding Cortex-R4F support

[Andreas Färber]

Hello Peter,

I've been looking into adding support for Cortex-R4F.

1) Currently, -cpu is used to look up a Main ID Register value and to base
feature decisions on that. This doesn't work for Cortex-R4 and Cortex-R4F,
which have an identical MIDR but only -R4F has the FPU.
Re-checking the model string, while ugly, does the trick. Comments?

2) The R4/R4F TRM says "It implements the ARMv7R architecture, and includes
Thumb-2 technology" - how to incur the pre-v7 feature bits in addition to
the easy _V7 and _THUMB2? I.e. where is it documented (in ARMv7-A/R TRM?)
whether or not this should include _V4T, _V6K, etc.?
If V7 were to always imply the same set of features, I would expect it
alongside VAPA. (Could use some comments either way.)

3) How to handle processor revisions? The only two available TRMs for R4F
seem to be r1p3 and r1p4. ARM_CPUID_CORTEXA9 seems to use r0p0, with r2p0
being the oldest available TRM atm.
Apart from the actual MIDR define and its binding to -cpu name, this also
affects the FPSID register and gets a little ugly with non-linear mappings.
The ARM1136 seems a particularly bad example, will try to post a cleanup.

Regards,
Andreas

Andreas Färber (2):
  target-arm: Prepare support for Cortex-R4
  target-arm: Add support for Cortex-R4F

 target-arm/cpu.h|1 +
 target-arm/helper.c |   49 +
 2 files changed, 50 insertions(+), 0 deletions(-)

-- 
1.7.3.4

[Qemu-devel] [RFC 1/2] target-arm: Prepare support for Cortex-R4

[Andreas Färber]

Glue "cortex-r4" to r1p4, the latest available TRM.

Cc: Peter Maydell 
Signed-off-by: Andreas Färber 
---
 target-arm/cpu.h|1 +
 target-arm/helper.c |   14 ++
 2 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6ab780d..f0a40b0 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -425,6 +425,7 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
 #define ARM_CPUID_ARM11MPCORE 0x410fb022
 #define ARM_CPUID_CORTEXA80x410fc080
 #define ARM_CPUID_CORTEXA90x410fc090
+#define ARM_CPUID_CORTEXR4_R1P4 0x411FC144
 #define ARM_CPUID_CORTEXM30x410fc231
 #define ARM_CPUID_ANY 0x
 
diff --git a/target-arm/helper.c b/target-arm/helper.c
index e2428eb..21be805 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -41,6 +41,12 @@ static uint32_t arm1176_cp15_c0_c1[8] =
 static uint32_t arm1176_cp15_c0_c2[8] =
 { 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
 
+static uint32_t cortexr4_cp15_c0_c1[8] =
+{ 0x0131, 0x001, 0x010400, 0x0, 0x0210030, 0x, 0x0120, 0x0211 };
+
+static uint32_t cortexr4_cp15_c0_c2[8] =
+{ 0x110, 0x13112111, 0x21232131, 0x01112131, 0x0010142, 0x0, 0, 0 };
+
 static uint32_t cpu_arm_find_by_name(const char *name);
 
 static inline void set_feature(CPUARMState *env, int feature)
@@ -186,6 +192,13 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t 
id)
 env->cp15.c0_ccsid[1] = 0x200fe015; /* 16k L1 icache. */
 env->cp15.c1_sys = 0x00c50078;
 break;
+case ARM_CPUID_CORTEXR4_R1P4:
+/* TODO other features */
+set_feature(env, ARM_FEATURE_THUMB2);
+set_feature(env, ARM_FEATURE_V7);
+memcpy(env->cp15.c0_c1, cortexr4_cp15_c0_c1, 8 * sizeof(uint32_t));
+memcpy(env->cp15.c0_c2, cortexr4_cp15_c0_c2, 8 * sizeof(uint32_t));
+break;
 case ARM_CPUID_CORTEXM3:
 set_feature(env, ARM_FEATURE_V4T);
 set_feature(env, ARM_FEATURE_V5);
@@ -424,6 +437,7 @@ static const struct arm_cpu_t arm_cpu_names[] = {
 { ARM_CPUID_CORTEXM3, "cortex-m3"},
 { ARM_CPUID_CORTEXA8, "cortex-a8"},
 { ARM_CPUID_CORTEXA9, "cortex-a9"},
+{ ARM_CPUID_CORTEXR4_R1P4, "cortex-r4"},
 { ARM_CPUID_TI925T, "ti925t" },
 { ARM_CPUID_PXA250, "pxa250" },
 { ARM_CPUID_SA1100,"sa1100" },
-- 
1.7.3.4

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Blue Swirl]

On Sun, Oct 2, 2011 at 4:27 PM, Jan Kiszka  wrote:
> On 2011-10-01 09:31, Blue Swirl wrote:
>> On Sat, Oct 1, 2011 at 6:47 AM, Jan Kiszka  wrote:
>>> On 2011-09-30 22:47, Blue Swirl wrote:
 That part of the discussion is obsolete (or at least uninteresting
 here). For example this message has a relevant example:
 http://lists.nongnu.org/archive/html/qemu-devel/2009-06/msg01081.html

 It's about VM restore, but the situation is similar during reset.
>>>
>>> Actually, that is not comparable as we are entering the device's
>>> quiescent state.
>>
>> It is. Here's an example for the reset case based on the Paul's original one.
>>
>> Because devices are reset in unpredictable order that they should not
>> be communicating with other devices (e.g. by modifying IRQ lines).
>>
>> Consider a system with a device (DEV) and a level triggered interrupt
>> controller (PIC1) with the ability to toggle the level where
>> triggering happens, chained to a rising edge triggered interrupt
>> controller (PIC2).
>>
>> (DEV) ->  (PIC1) -> (PIC2)
>>
>> Before reset, DEV output is high, PIC1 has the interrupt unmasked (but
>> high) and the trigger level is configured as active low, PIC2 has no
>> pending interrupts.
>>
>> We now reset, so the state should be that DEV output is low, PIC1 has
>> masked all interrupts and its input set to active high, and PIC2 has
>> no pending interrupts. Devices are reset in the order PIC2, DEV, PIC1.
>>
>> If devices toggle their interrupts on reset then we get incorrect
>> state after the reset:
>>
>> PIC2 is reset to the desired no-interrupts-pending state.
>>
>> DEV is reset. This lowers the IRQ, which is passed to PIC1. PIC1 still
>> has the old interrupt mask and level set to active low, so it passes
>> the IRQ through to PIC2, which detects the edge event and marks the
>> interrupt as pending.
>>
>> PIC1 is reset, updates the new mask, sets the input level to active
>> high and lowers its output. However this event does not clear the
>> internal PIC2 pending interrupt flag, so machine state will be wrong
>> after reset.
>>
>> Therefore it is incorrect to perform any qemu_irq activities during
>> reset (also VM restore like the original example), don't you agree?
>
> A rather odd but valid counterexample. Have you seen such a setup already?
>
> But I'll provide a real example where the model "no IRQ change
> propagated on reset, devices handle this internally" fails as well:
>
> PIC -> CPU
>
> We have a level-triggered active-high line in this case. When the CPU is
> reset, it "somehow" knows that it is attached to the PIC and assumes
> that this device is reset as well. Therefore, the CPU clears its cached
> input state on reset. That works if both devices are actually reset. But
> it fails if only the CPU is reset while the PIC output is active.

OK, we have a positive incorrect case and negative one. This means
that the current model is broken.

> That's likely the reason why MIPS and PPC/PREP do no touch the cached
> interrupt line state on reset but expect that the source will inform
> them whenever the line goes down - e.g. due to reset.
>
> The conflict we are in with the current reset model is hard-coding the
> board wiring and source knowledge into sink device models vs.
> propagating reset states. I agree that both have their corner cases.
>
> But in order to continue with properly disentangling board knowledge
> from generic device models, we should head for the latter variant where
> already possible (like in the i8259 case). On the long term, this should
> be resolved using a two-stage model where every root of an interrupt
> line signals its state down the chain at the end of a reset phase.

I don't think that even a two phase reset can solve the instability in
all possible cases. If the qemu_irq lines form a complex network,
several cycles could be needed until the effects have propagated and
the network has stabilized. In a defective network (loop with NOT in
the middle), the network could oscillate forever and never stabilize
(or until qemu_irq callbacks fill the stack and QEMU crashes), just
like real HW.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Blue Swirl]

On Sun, Oct 2, 2011 at 4:39 PM, Avi Kivity  wrote:
> On 09/28/2011 09:01 PM, Blue Swirl wrote:
>>
>> On Wed, Sep 28, 2011 at 11:00 AM, Jan Kiszka
>>  wrote:
>> >  As we clearly modify the PIC state on pic_reset, we also have to update
>> >  the IRQ output. This only happened on init so far. Apply this
>> >  consistently.
>>
>> Nack, IRQ lines shouldn't be touched on reset. The other side may not
>> be ready for receiving the interrupt change and qemu_irqs are
>> stateless anyway.
>>
>
> The way to fix it is two-phase reset:
>
> phase 1: reset internal state (-> move all outputs to reset values), don't
> sample inputs yet

This solves the problem of old state accidentally interfering with reset state.

> phase 2: allow sampling inputs

This could lead to incorrect state for complex networks. It would
still be better than what we have now.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

> > 
> > The way to fix it is two-phase reset:
> > 
> > phase 1: reset internal state (-> move all outputs to reset
> > values),
> > don't sample inputs yet
> > phase 2: allow sampling inputs
> 
> As far as I understood Anthony's QOM plans, phase 1 will correspond
> to
> "unrealize", phase 2 to "realize".

That smells of abusing mechanism used for construction for reset purposes.

Why not use an ordinary qemu_irq?  It reresents a pin; 0->1 edge (assert) 
enters phase 1, 1->0 edge (deassert) enters phase 2.  Exactly like real 
hardware.

> 
> However, we do not depend on two phases in this particular case
> (i8259)
> and can live with a coalescing both for now.
> 

Agree.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

> > phase 1: reset internal state (-> move all outputs to reset
> > values), don't
> > sample inputs yet
> 
> This solves the problem of old state accidentally interfering with
> reset state.
> 
> > phase 2: allow sampling inputs
> 
> This could lead to incorrect state for complex networks. It would
> still be better than what we have now.
> 

Can you give an example?  Can be theoretical, doesn't have to refer to real 
hardware.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Blue Swirl]

On Sun, Oct 2, 2011 at 4:56 PM, Avi Kivity  wrote:
> On 10/01/2011 10:31 AM, Blue Swirl wrote:
>>
>> Therefore it is incorrect to perform any qemu_irq activities during
>> reset (also VM restore like the original example), don't you agree?
>
> It is not incorrect.  Real hardware updates outputs on RESET assertion, and
> real hardware deals with devices entering reset at different times (due to
> signal propagation delay or slow devices).

Yes, but on real hardware, during the propagation of any effects, the
reset line is held asserted for millions of clock cycles in order to
stabilize the machine.

>> If we continued to reset all the devices (call the reset handlers
>> multiple times), eventually machine state should stabilize (equivalent
>> of real HW with nice long reset pulses), but on QEMU the reset event
>> is infinitely short so we have to be more careful.
>
> calling qemu_irq_pulse(reset) simulates a reset signal of any length (since
> nothing happens between the two edges).

Not really. The first edge could trigger the reset (but don't sample
inputs) phase, this would be equal to forcefully stabilizing any
device internal state. The second would release the device inputs, but
that's also a source of problems.

>> Actually I don't think that even a two-phase reset with qemu_irq or
>> Pin activity on the second phase would produce correct results in
>> every obscure case. Though this may be detectable since the start
>> state would be known.
>
> The output signals have to stabilize before the second edge of the reset
> signal.

They can't since the devices' inputs are ignored at that phase.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Blue Swirl]

On Sun, Oct 2, 2011 at 7:07 PM, Avi Kivity  wrote:
>> >
>> > The way to fix it is two-phase reset:
>> >
>> > phase 1: reset internal state (-> move all outputs to reset
>> > values),
>> > don't sample inputs yet
>> > phase 2: allow sampling inputs
>>
>> As far as I understood Anthony's QOM plans, phase 1 will correspond
>> to
>> "unrealize", phase 2 to "realize".
>
> That smells of abusing mechanism used for construction for reset purposes.
>
> Why not use an ordinary qemu_irq?  It reresents a pin; 0->1 edge (assert) 
> enters phase 1, 1->0 edge (deassert) enters phase 2.  Exactly like real 
> hardware.

Fully agree. I also proposed using qemu_irq for reset (but without
phases) a long time ago.

>>
>> However, we do not depend on two phases in this particular case
>> (i8259)
>> and can live with a coalescing both for now.
>>
>
> Agree.
>

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

- Original Message -
> On Sun, Oct 2, 2011 at 4:56 PM, Avi Kivity  wrote:
> > On 10/01/2011 10:31 AM, Blue Swirl wrote:
> >>
> >> Therefore it is incorrect to perform any qemu_irq activities
> >> during
> >> reset (also VM restore like the original example), don't you
> >> agree?
> >
> > It is not incorrect.  Real hardware updates outputs on RESET
> > assertion, and
> > real hardware deals with devices entering reset at different times
> > (due to
> > signal propagation delay or slow devices).
>
> Yes, but on real hardware, during the propagation of any effects, the
> reset line is held asserted for millions of clock cycles in order to
> stabilize the machine.

But nothing can happen in these cycles, since qemu emulates everything that 
happens in the on the edge, and any timers will be cancelled.


>
> >> If we continued to reset all the devices (call the reset handlers
> >> multiple times), eventually machine state should stabilize
> >> (equivalent
> >> of real HW with nice long reset pulses), but on QEMU the reset
> >> event
> >> is infinitely short so we have to be more careful.
> >
> > calling qemu_irq_pulse(reset) simulates a reset signal of any
> > length (since
> > nothing happens between the two edges).
>
> Not really. The first edge could trigger the reset (but don't sample
> inputs) phase, this would be equal to forcefully stabilizing any
> device internal state. The second would release the device inputs,
> but
> that's also a source of problems.


Can you elaborate on the problems?

>
> >> Actually I don't think that even a two-phase reset with qemu_irq
> >> or
> >> Pin activity on the second phase would produce correct results in
> >> every obscure case. Though this may be detectable since the start
> >> state would be known.
> >
> > The output signals have to stabilize before the second edge of the
> > reset
> > signal.
>
> They can't since the devices' inputs are ignored at that phase.
>

A real device also ignores inputs during reset (or if it doesn't, we can just 
emulate that).


I would really like to see a concrete example we can discuss.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Blue Swirl]

On Sun, Oct 2, 2011 at 7:08 PM, Avi Kivity  wrote:
>> > phase 1: reset internal state (-> move all outputs to reset
>> > values), don't
>> > sample inputs yet
>>
>> This solves the problem of old state accidentally interfering with
>> reset state.
>>
>> > phase 2: allow sampling inputs
>>
>> This could lead to incorrect state for complex networks. It would
>> still be better than what we have now.
>>
>
> Can you give an example?  Can be theoretical, doesn't have to refer to real 
> hardware.

For example, outputs A and B should both be driven high by reset. They
are connected to a XNOR gate, whose output is fed to edge triggered
device. The device should not see any edges outside of the reset
cycle, during reset cycle they are ignored.

Re: [Qemu-devel] [PATCH 11/22] i8259: Update IRQ state after reset

[Avi Kivity]

> >
> > Can you give an example?  Can be theoretical, doesn't have to refer
> > to real hardware.
>
> For example, outputs A and B should both be driven high by reset.
> They
> are connected to a XNOR gate, whose output is fed to edge triggered
> device. The device should not see any edges outside of the reset
> cycle, during reset cycle they are ignored.
>

I don't see the issue?  After phase 1 the two outputs will be high, after phase 
two they will be whatever the device logic computes.

During phase 1 you may see an edge, but that also happens with real hardware.  
The target device my see A and B driven high before it sees the reset pulse, 
and A and B (and the inputs of the XNOR gate) may have different timings.

The device may see an edge immediately before reset, but then it will be reset 
itself.