Re: [Qemu-devel] [PATCH 2/6] memory: change dirty setting APIs to take a size

2011-12-11 Thread Avi Kivity 
On 12/10/2011 06:44 PM, Blue Swirl wrote:
> Instead of each target knowing or guessing the guest page size,
> just pass the desired size of dirtied memory area. This should also
> improve performance due to memset() optimizations.
>
>
> -static inline void cpu_physical_memory_set_dirty(ram_addr_t addr)
> +static inline void cpu_physical_memory_range_set_dirty(ram_addr_t start,
> +   ram_addr_t size)
>  {

Since you're changing all callers in one patch, might as well keep the
shorter name.

> -ram_list.phys_dirty[addr >> TARGET_PAGE_BITS] = 0xff;
> +start >>= TARGET_PAGE_BITS;
> +size += TARGET_PAGE_SIZE - 1;
> +size >>= TARGET_PAGE_BITS;
> +

This is wrong, consider start == 0xfff && size == 2; you only dirty one
page.

> +memset(&ram_list.phys_dirty[start], 0xff, size);
>  }
>
>  static inline int cpu_physical_memory_set_dirty_flags(ram_addr_t addr,
> diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
> @@ -1918,8 +1915,8 @@ static void
> cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
>   val <<= 1;
>   dst++;
>  }
> -memory_region_set_dirty(&s->vga.vram, offset);
> -memory_region_set_dirty(&s->vga.vram, offset + 7);
> +memory_region_set_dirty(&s->vga.vram, offset, 1);
> +memory_region_set_dirty(&s->vga.vram, offset + 7, 1);
>  }


memory_region_set_dirty(..., offset, 8) matches the preceding code better

> -void memory_region_set_dirty(MemoryRegion *mr, target_phys_addr_t addr)
> +void memory_region_set_dirty(MemoryRegion *mr, target_phys_addr_t addr,
> + target_phys_addr_t size)
>  {
>  assert(mr->terminates);
> -return cpu_physical_memory_set_dirty(mr->ram_addr + addr);
> +return cpu_physical_memory_range_set_dirty(mr->ram_addr + addr, size);
>  }
>
>  void memory_region_sync_dirty_bitmap(MemoryRegion *mr)
> diff --git a/memory.h b/memory.h
> index 53bf261..1f8b5a5 100644
> --- a/memory.h
> +++ b/memory.h
> @@ -318,10 +318,12 @@ bool memory_region_get_dirty(MemoryRegion *mr,
> target_phys_addr_t addr,
>   *
>   * Marks a page as dirty, after it has been dirtied outside guest code.

a range of bytes

>   *
> - * @mr: the memory region being queried.
> + * @mr: the memory region being dirtied.
>   * @addr: the address (relative to the start of the region) being dirtied.
> + * @size: size of the range being dirtied.
>   */
> -void memory_region_set_dirty(MemoryRegion *mr, target_phys_addr_t addr);
> +void memory_region_set_dirty(MemoryRegion *mr, target_phys_addr_t addr,
> + target_phys_addr_t size);
>
>

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 4/6] memory: find dirty range

2011-12-11 Thread Avi Kivity 
On 12/10/2011 06:45 PM, Blue Swirl wrote:
> Instead of each target knowing or guessing the guest page size,
> iterate through the dirty ranges.
>
> Signed-off-by: Blue Swirl 
> ---
>  cpu-all.h |   30 ++
>  hw/tcx.c  |   54 ++
>  hw/vga.c  |   16 +++-
>  memory.c  |   16 
>  memory.h  |   24 
>  5 files changed, 99 insertions(+), 41 deletions(-)
>
> diff --git a/cpu-all.h b/cpu-all.h
> index 0cb62ca..a5c6670 100644
> --- a/cpu-all.h
> +++ b/cpu-all.h
> @@ -574,6 +574,36 @@ int cpu_physical_memory_set_dirty_tracking(int enable);
>
>  int cpu_physical_memory_get_dirty_tracking(void);
>
> +static inline void cpu_physical_memory_range_find_dirty(ram_addr_t start,
> +ram_addr_t end,
> +ram_addr_t *pstart,
> +ram_addr_t *pend,
> +int flags)
> +{
> +ram_addr_t idx;
> +
> +start >>= TARGET_PAGE_BITS;
> +end += TARGET_PAGE_SIZE - 1;
> +end >>= TARGET_PAGE_BITS;
> +
> +for (idx = start; idx < end; idx++) {
> +if (ram_list.phys_dirty[idx] & flags) {
> +*pstart = idx << TARGET_PAGE_BITS;
> +for (; idx < end; idx++) {
> +if (!(ram_list.phys_dirty[idx] & flags)) {
> +*pend = (idx << TARGET_PAGE_BITS) - 1;
> +return;
> +}
> +}
> +*pend = (end << TARGET_PAGE_BITS) - 1;

This uses a convention of fully inclusive ranges, not semi inclusive
which is what we usually use.

> +return;
> +}
> +}
> +/* everything pristine */
> +*pstart = (end << TARGET_PAGE_BITS) - 1;
> +*pend = (end << TARGET_PAGE_BITS) - 1;
> +}
> +

I prefer this to be implemented using memory_region primitives, less
work for me to covert afterwards.

Also, no need to inline this.

>  int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
> target_phys_addr_t end_addr);
>
> diff --git a/hw/tcx.c b/hw/tcx.c
> index fd45ce8..d031cbd 100644
> --- a/hw/tcx.c
> +++ b/hw/tcx.c
> @@ -212,7 +212,7 @@ static inline void reset_dirty(TCXState *ts,
> ram_addr_t page_min,
>  static void tcx_update_display(void *opaque)
>  {
>  TCXState *ts = opaque;
> -ram_addr_t page, page_min, page_max;
> +ram_addr_t page, page_min, page_max, p;
>  int y, y_start, dd, ds;
>  uint8_t *d, *s;
>  void (*f)(TCXState *s1, uint8_t *dst, const uint8_t *src, int width);
> @@ -244,37 +244,28 @@ static void tcx_update_display(void *opaque)
>  return;
>  }
>
> -for(y = 0; y < ts->height; y += 4, page += TARGET_PAGE_SIZE) {
> -if (memory_region_get_dirty(&ts->vram_mem, page, DIRTY_MEMORY_VGA)) {
> -if (y_start < 0)
> -y_start = y;
> -if (page < page_min)
> -page_min = page;
> -if (page > page_max)
> -page_max = page;
> -f(ts, d, s, ts->width);
> -d += dd;
> -s += ds;
> -f(ts, d, s, ts->width);
> -d += dd;
> -s += ds;
> -f(ts, d, s, ts->width);
> -d += dd;
> -s += ds;
> -f(ts, d, s, ts->width);
> -d += dd;
> -s += ds;
> -} else {
> -if (y_start >= 0) {
> -/* flush to display */
> -dpy_update(ts->ds, 0, y_start,
> -   ts->width, y - y_start);
> -y_start = -1;
> -}
> -d += dd * 4;
> -s += ds * 4;
> +assert(MAXX == 1024);
> +y = 0;
> +for (p = 0; p < MAXX * MAXY;)  {
> +target_phys_addr_t dirty_start, dirty_end;
> +
> +memory_region_find_dirty(&ts->vram_mem, p, MAXX * MAXY, &dirty_start,
> + &dirty_end, DIRTY_MEMORY_VGA);
> +if (dirty_start == MAXX * MAXY - 1) {
> +break;
> +}

Gives no way to indicate that just that one byte is dirty (possible if
MAXX * MAXY == 1 (mod TARGET_PAGE_SIZE))

> +page = dirty_start;
> +f(ts, d + (page >> 10) * dd, s + page, dirty_end - dirty_start);
> +if (y_start < 0) {
> +page_min = dirty_start;
> +/* divide by MAXX */
> +y_start = page_min >> 10;

page_min / MAXX?

>  }
> +page_max = dirty_end;
> +y = page_max >> 10;
> +p = dirty_end + 1;
>  }
> +
>  if (y_start >= 0) {
>  /* flush to display */
>  dpy_update(ts->ds, 0, y_start,
> @@ -282,8 +273,7 @@ static void tcx_update_display(void *opaque)
>  }
>  /* reset modified pages */
>  if (page_max >= page_min) {
> -memory_region_rese

Re: [Qemu-devel] [PATCH v2] exec.c: Fix subpage memory access to RAM MemoryRegion

2011-12-11 Thread Avi Kivity 
On 11/30/2011 05:26 PM, Andreas Färber wrote:
> Commit 95c318f5e1f88d7e5bcc6deac17330fd4806a2d3 (Fix segfault in mmio
> subpage handling code.) prevented a segfault by making all subpage
> registrations over an existing memory page perform an unassigned access.
> Symptoms were writes not taking effect and reads returning zero.
>
> Very small page sizes are not currently supported either,
> so subpage memory areas cannot fully be avoided.
>
> Therefore change the previous fix to use a new IO_MEM_SUBPAGE_RAM
> instead of IO_MEM_UNASSIGNED. Suggested by Avi.
>

Reviewed-by: Avi Kivity 

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [RFC] Device sandboxing

2011-12-11 Thread Avi Kivity 
On 12/09/2011 06:17 PM, Paul Brook wrote:
> > A group of us are starting to work on sandboxing QEMU device emulation
> > code.  We're just getting started investigating various approaches, and
> > want to engage the community to gather input.
> > 
> > Following are the design points that we are currently considering:
> > 
> > * Decompose QEMU into multiple processes:
> > 
> >  * This could be done such that QEMU devices execute in separate
> >processes based on device type, e.g. all block devices in one
> >process and all network devices in a second process.  Another
> >alternative is executing a separate process per device.
>
> I can't help wondering if nested virtualization would be a better solution.  
> i.e. have an outer VM that only implements a trusted subset of devices. 
> Inside 
> that run a VM that provides the flakey legacy device emulation you expect to 
> be compromised.

Nested virtualization is going to be painfully slow.  We did consider
side-by-side virtualization: both the guest and the device model run in
separate VM containers (this is what Xen does, except it uses
paravirtualization for the device model).  It's going to be more
expensive that the other forms of sandboxing, though, due to the heavier
context switch penalty.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [RFC] qemu-ga: Introduce guest-hibernate command

2011-12-11 Thread Dor Laor 

On 12/08/2011 08:52 PM, Luiz Capitulino wrote:

This is basically suspend to disk on a Linux guest.

Signed-off-by: Luiz Capitulino
---

This is an RFC because I did it as simple as possible and I'm open to
suggestions...

Now, while testing this or even "echo disk>  /sys/power/state" I get several


Beyond the previous comments about virtio s4 that Amit solved and 
pm-hibernate I think it will be nice to add suspend to ram (s3) option 
too. Currently qemu wakes up immediately after s3 but it can be fixed 
and it can pause the guest and wait to a keyboard event or monitor command.



funny results. Some times qemu just dies after printing that message:

  "Guest moved used index from 20151 to 1"

Some times it doesn't die, but I'm unable to log into the guest: I type
username&  password but the terminal kind of locks (the shell doesn't run).

Some times it works...

  qapi-schema-guest.json |   11 +++
  qga/guest-agent-commands.c |   19 +++
  2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/qapi-schema-guest.json b/qapi-schema-guest.json
index fde5971..2c5bbcf 100644
--- a/qapi-schema-guest.json
+++ b/qapi-schema-guest.json
@@ -215,3 +215,14 @@
  ##
  { 'command': 'guest-fsfreeze-thaw',
'returns': 'int' }
+
+##
+# @guest-hibernate
+#
+# Save RAM contents to disk and powerdown the guest.
+#
+# Notes: This command doesn't return on success.
+#
+# Since: 1.1
+##
+{ 'command': 'guest-hibernate' }
diff --git a/qga/guest-agent-commands.c b/qga/guest-agent-commands.c
index 6da9904..9dd4060 100644
--- a/qga/guest-agent-commands.c
+++ b/qga/guest-agent-commands.c
@@ -550,6 +550,25 @@ int64_t qmp_guest_fsfreeze_thaw(Error **err)
  }
  #endif

+#define LINUX_SYS_STATE_FILE "/sys/power/state"
+
+void qmp_guest_hibernate(Error **err)
+{
+int fd;
+
+fd = open(LINUX_SYS_STATE_FILE, O_WRONLY);
+if (fd<  0) {
+error_set(err, QERR_OPEN_FILE_FAILED, LINUX_SYS_STATE_FILE);
+return;
+}
+
+if (write(fd, "disk", 4)<  0) {
+error_set(err, QERR_UNDEFINED_ERROR);
+}
+
+close(fd);
+}
+
  /* register init/cleanup routines for stateful command groups */
  void ga_command_state_init(GAState *s, GACommandState *cs)
  {

Re: [Qemu-devel] Dropping the MONITOR_CMD_ASYNC

2011-12-11 Thread Alon Levy 
On Thu, Dec 08, 2011 at 05:45:44PM -0200, Luiz Capitulino wrote:
> Hi there,
> 
> I'm about to completely drop the MONITOR_CMD_ASYNC API, but it turns out that
> the command client_migrate_info uses it. That's a legacy interface and has to
> be dropped, no command should be using it...
> 
> Something tells me that if I just drop it (and change the command to use the
> regular interface), bad things will happen. Am I right? :)
> 

The monitor command client_migrate_info needs to complete after getting
an ACK message from the currently connected spice client (this is the
only case where this is required - if there is no client then the
MONITOR_CMD_ASYNC API won't be used). This in turn requires the main
thread to perform select and call the callback that will process this
ACK. That's why the MONITOR_CMD_ASYNC API was used.

I'm not aware of any other way to do this, I'll be glad for any help
here. Also, I understand this is not what is not true async, since one
would expect a true async interface to support multiple in flight
monitor commands. If there is any ETA or existing way to do this we
could change the implementation of client_migrate_info.

Alon

Re: [Qemu-devel] [PATCH 6/6] vga: compile cirrus_vga in hwlib

2011-12-11 Thread Jan Kiszka 
On 2011-12-10 17:45, Blue Swirl wrote:
> Remove target dependencies and compile Cirrus VGA in hwlib.
> 
> Signed-off-by: Blue Swirl 
> ---
>  Makefile.objs   |1 +
>  Makefile.target |1 -
>  hw/cirrus_vga.c |3 ---
>  3 files changed, 1 insertions(+), 4 deletions(-)
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 3a699ee..932c68a 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -287,6 +287,7 @@ hw-obj-$(CONFIG_VGA_ISA) += vga-isa.o
>  hw-obj-$(CONFIG_VGA_ISA_MM) += vga-isa-mm.o
>  hw-obj-$(CONFIG_VMWARE_VGA) += vmware_vga.o
>  hw-obj-$(CONFIG_VMMOUSE) += vmmouse.o
> +hw-obj-$(CONFIG_VGA_CIRRUS) += cirrus_vga.o
> 
>  hw-obj-$(CONFIG_RC4030) += rc4030.o
>  hw-obj-$(CONFIG_DP8393X) += dp8393x.o
> diff --git a/Makefile.target b/Makefile.target
> index 33df81f..00094b1 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -206,7 +206,6 @@ obj-$(CONFIG_KVM) += kvm.o kvm-all.o
>  obj-$(CONFIG_NO_KVM) += kvm-stub.o
>  obj-y += memory.o
>  obj-$(CONFIG_VGA) += vga.o
> -obj-$(CONFIG_VGA_CIRRUS) += cirrus_vga.o
>  LIBS+=-lz
> 
>  QEMU_CFLAGS += $(VNC_TLS_CFLAGS)
> diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
> index 846c8f5..0c86794 100644
> --- a/hw/cirrus_vga.c
> +++ b/hw/cirrus_vga.c
> @@ -618,7 +618,6 @@ static void
> cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
>  for (y = 0; y < lines; y++) {
>   off_cur = off_begin;
>   off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
> - off_cur &= TARGET_PAGE_MASK;

Why is this redundant? Would be good to have the reasoning documented in
the commit message.

>  memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - 
> off_cur);
>   off_begin += off_pitch;
>  }
> @@ -1897,8 +1896,6 @@ static void cirrus_mmio_blt_write(CirrusVGAState
> * s, unsigned address,
>   *
>   *  write mode 4/5
>   *
> - * assume TARGET_PAGE_SIZE >= 16
> - *
>   ***/
> 
>  static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,

Looking forward to seeing the second longest compilation step (after
translate.o) pushed out of the hot path.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] RFC: raw device support for block device targets

2011-12-11 Thread Alex Bligh 



--On 8 December 2011 13:40:57 +0100 Kevin Wolf  wrote:


qemu-img convert appears to support block devices as input, but not
as output. That is irritating, as when using qemu-img convert to
convert qcow to raw on a block partition, an intermediate file has
to be used, which slows things down and pointlessly uses disk space.

The problem is that ftruncate() is being called on the output file
in order ensure it is sufficiently large, and this fails on
block devices.

...


Creating an image on a block device shouldn't even call raw_create(),
but only hdev_create(), which doesn't try to truncate the device, but
just uses lseek to make sure that it's large enough.

Which qemu version are you using and what's your command line?


I was testing on:

amb@alex-test:~$ qemu-img --version
qemu-img version 0.12.3, Copyright (c) 2004-2008 Fabrice Bellard

though the patch was against current trunk.

Command line simply:

qemu-img convert -O raw test.qcow /dev/xyz

Fails on ftruncate() as verified with strace.

I must admit I only 'tested' on trunk by reading the source.

--
Alex Bligh

Re: [Qemu-devel] [RFC] Device sandboxing

2011-12-11 Thread Dor Laor 

On 12/08/2011 11:40 AM, Stefan Hajnoczi wrote:

On Wed, Dec 7, 2011 at 8:54 PM, Eric Paris  wrote:

On Wed, 2011-12-07 at 13:43 -0600, Anthony Liguori wrote:

On 12/07/2011 01:32 PM, Corey Bryant wrote:



That would seem like the logical approach. I think there may be new mode 2
patches coming soon so we can see how they go over.


I'd like to see what the whitelist would need to be for something like QEMU in
mode 2.  My biggest concern is that the whitelist would need to be so large that
the practical security what's all that much improved.


When I prototyped my version of seccomp v2 for qemu a while back I did
it by only looking at syscalls after inital setup was completed (aka the
very last thing before main_loop() was to lock it down).  My list was
much sorter than even these:

+__NR_brk,
+__NR_close,
+__NR_exit_group,
+__NR_futex,
+__NR_ioctl,
+__NR_madvise,
+__NR_mmap,
+__NR_munmap,
+__NR_read,
+__NR_recvfrom,
+__NR_recvmsg,
+__NR_rt_sigaction,
+__NR_select,
+__NR_sendto,
+__NR_tgkill,
+__NR_timer_delete,
+__NR_timer_gettime,
+__NR_timer_settime,
+__NR_write,
+__NR_writev,

There is simple obvious negligible overhead value here, but every
proposal I know of, including mine, has been shot down by Ingo.  Ingo's
proposal is much more work, more overhead, but clearly more flexible.
His suggestions (and code based on those suggestions from others) has
been shot down by PeterZ.

So I feel like seccomp v2 is between a rock and a hard place.  We have
something that works really well, and could be a huge win for all sorts
of programs, but we don't seem to be able to get anything past the
damned if you do, damned if you don't nak's.

(There's also a cgroup version of seccomp proposed, but I'm guessing it
will go just about as far as all the other versions)


Still, these sorts of situations are overcome all the time.  Sometimes
it takes a while and several LWN.net articles about the drama but at
the end things can be worked out.

If we want to discuss the specifics of mode 2 and especially what Ingo
or Peter think then I think we should do it in a forum where they
participate.  Maybe their positions have changed.


Will, little bird whispered that you'll going to send another iteration 
w/ higher acceptance chances. Where do we stand w/ it? Can you please 
elaborate on it chance to get merged?




Stefan

Re: [Qemu-devel] [Bug 902720] [NEW] TIME_MAX not set correctly for OpenBSD in qemu-common.h

2011-12-11 Thread Stefan Weil 

Am 11.12.2011 07:47, schrieb Brad Smith:

Public bug reported:

Looking at the OpenBSD buildbot logs I noticed a warning that appears 
to be a bug in the code.
OpenBSD has a 32-bit time_t on all archs at the moment (32-bit and 
64-bit).


CC i386-softmmu/monitor.o
/buildbot-qemu/default_openbsd_current/build/monitor.c: In function 
'expire_password':
/buildbot-qemu/default_openbsd_current/build/monitor.c:944: warning: 
overflow in implicit constant conversion


qemu-common.h has...

#ifndef TIME_MAX
#define TIME_MAX LONG_MAX
#endif

for OpenBSD this should be INT_MAX.

** Affects: qemu
Importance: Undecided
Status: New


This needs special handling for w32 / w64, too.
Looking at the code where TIME_MAX is used, I assume that
more fixes are needed. The following code for example
won't work:

  if (lifetime > INT_MAX) {

What about using

  #define TIME_FOREVER -1

instead of TIME_MAX? Of course this would need additional
code changes.

Regards,
Stefan Weil

[Qemu-devel] Report: qemu.git error during Windows 7 install - found during 12/11/2011 sanity job

2011-12-11 Thread Lucas Meneghel Rodrigues 
Hi folks, here I am reporting an error found during today's qemu.git 
autotest sanity job:


 Original Message 
Subject: Autotest | Job ID: 2333 "Upstream qemu.git sanity 12-11-2011 
00:05:02" | Status: 1 Completed | Success Rate: 69.23 %

Date: Sun, 11 Dec 2011 06:44:37 -0500

Job ID: 2333
Job name: Upstream qemu.git sanity 12-11-2011 00:05:02
Status: 1 Completed
User tests executed: 26
User tests passed: 18
User tests failed: 8
User tests success rate: 69.23 %
Failures:
Test Name 
 Status  Reason 



kvm.qemu-git.virtio_blk.smp2.virtio_net.Win7.64.sp1.unattended_install.cdrom 
FAILTimeout elapsed while waiting for install to finish[context: 
waiting for installation to finish]


The Windows 7 SP1 install completes the 1st stage OK, then it reboots 
and hangs during boot, indefinitely, until the 4 hours of timeout 
complete. Autotest did record a failure that qemu spit to stdout, when 
the hang happened:


12/11 02:37:31 INFO |unattended:0795| Waiting for installation to 
finish. Timeout set to 14400 s (240 min)
12/11 03:17:34 WARNI|virt_env_p:0491| VM 'vm1' failed to produce a 
screendump
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] KVM internal error. 
Suberror: 1

12/11 03:18:47 INFO |   aexpect:0783| [qemu output] emulation failure
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] RAX=0001 
RBX= RCX=fa80018d1680 RDX=f8800364
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] RSI=fa8002765050 
RDI=fa8002a33010 RBP=0001 RSP=f880037fa0a0
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] R8 =4740 
R9 =0040 R10=f8000264c000 R11=01c8
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] R12= 
R13= R14=007a R15=fa8002a92610
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] RIP=f800029b597b 
RFL=0293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] ES =002b 
  00c0f300 DPL=3 DS   [-WA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] CS =0010 
  00209b00 DPL=0 CS64 [-RA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] SS =0018 
  00c09300 DPL=0 DS   [-WA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] DS =002b 
  00c0f300 DPL=3 DS   [-WA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] FS =0053 
 7c00 0040f300 DPL=3 DS   [-WA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] GS =002b 
f880009e6000  00c0f300 DPL=3 DS   [-WA]
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] LDT= 
  
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] TR =0040 
f880009eaec0 0067 8b00 DPL=0 TSS64-busy
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] GDT= 
f880009f14c0 007f
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] IDT= 
f880009f1540 0fff
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] CR0=80050031 
CR2=f980018d6000 CR3=00187000 CR4=06f8
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] DR0= 
DR1= DR2= DR3=
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] DR6=0ff0 
DR7=0400

12/11 03:18:47 INFO |   aexpect:0783| [qemu output] EFER=0d01
12/11 03:18:47 INFO |   aexpect:0783| [qemu output] Code=?? ?? ?? ?? ?? 
?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ?? ?? ?? ?? ?? ?? ?? 
?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??


Relevant kvm.git and qemu.git commits:

12/11 01:52:49 DEBUG|   git:0076| Initializing new git repo at 
/tmp/kernel_src for receiving git repo 
git://git.kernel.org/pub/scm/virt/kvm/kvm.git
12/11 01:56:26 DEBUG|base_utils:0074| Running '/usr/bin/git fetch -q -f 
-u -t git://git.kernel.org/pub/scm/virt/kvm/kvm.git master:master'
12/11 01:56:46 INFO |   git:0153| git commit ID is 
"a41d08d13f903da5c633fc58ee074156f05ab3ce" (tag v3.1-15684-ga41d08d)


12/11 02:14:38 DEBUG|   git:0076| Initializing new git repo at 
/usr/local/autotest/tests/kvm/src/qemu for receiving git repo 
git://git.qemu.org/qemu.git
12/11 02:14:55 DEBUG|base_utils:0074| Running '/usr/bin/git fetch -q -f 
-u -t git://git.qemu.org/qemu.git master:master'
12/11 02:14:57 INFO |   git:0153| git commit ID is 
"217bfb445b54db618a30f3a39170bebd9fd9dbf2" (tag v1.0-198-g217bfb4)


Any help is appreciated.

Lucas

Re: [Qemu-devel] [PATCH v2] bsd_user: Fix potential null pointer dereference

2011-12-11 Thread Blue Swirl 
Thanks, applied.

On Mon, Nov 21, 2011 at 20:06, Stefan Weil  wrote:
> This bug was spotted by cppcheck.
>
> Using g_try_malloc0 (as does the linux-user code) fixes this.
>
> v2:
> Use g_free in bsdload.c, too. Thanks to Peter Maydell for this hint.
>
> Signed-off-by: Stefan Weil 
> ---
>  bsd-user/bsdload.c |    2 +-
>  bsd-user/elfload.c |    5 ++---
>  2 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/bsd-user/bsdload.c b/bsd-user/bsdload.c
> index 6d9bb6f..2abc713 100644
> --- a/bsd-user/bsdload.c
> +++ b/bsd-user/bsdload.c
> @@ -196,7 +196,7 @@ int loader_exec(const char * filename, char ** argv, char 
> ** envp,
>
>     /* Something went wrong, return the inode and free the argument pages*/
>     for (i=0 ; i -        free(bprm.page[i]);
> +        g_free(bprm.page[i]);
>     }
>     return(retval);
>  }
> diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
> index 1ef1f97..124 100644
> --- a/bsd-user/elfload.c
> +++ b/bsd-user/elfload.c
> @@ -641,8 +641,7 @@ static abi_ulong copy_elf_strings(int argc,char ** argv, 
> void **page,
>                 offset = p % TARGET_PAGE_SIZE;
>                 pag = (char *)page[p/TARGET_PAGE_SIZE];
>                 if (!pag) {
> -                    pag = (char *)malloc(TARGET_PAGE_SIZE);
> -                    memset(pag, 0, TARGET_PAGE_SIZE);
> +                    pag = g_try_malloc0(TARGET_PAGE_SIZE);
>                     page[p/TARGET_PAGE_SIZE] = pag;
>                     if (!pag)
>                         return 0;
> @@ -696,7 +695,7 @@ static abi_ulong setup_arg_pages(abi_ulong p, struct 
> linux_binprm *bprm,
>             info->rss++;
>             /* FIXME - check return value of memcpy_to_target() for failure */
>             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
> -            free(bprm->page[i]);
> +            g_free(bprm->page[i]);
>         }
>         stack_base += TARGET_PAGE_SIZE;
>     }
> --
> 1.7.2.5
>
>

Re: [Qemu-devel] [PATCH] configure: Enable build by default PIE / read-only relocation sections on OpenBSD amd64/i386.

2011-12-11 Thread Blue Swirl 
Thanks, applied.

On Tue, Nov 29, 2011 at 00:53, Brad  wrote:
> Enable build by default PIE / read-only relocation sections for the QEMU
> binaries on OpenBSD amd64/i386.
>
> Signed-off-by: Brad Smith 
>
> ---
>  configure |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/configure b/configure
> index ac4840d..b113f60 100755
> --- a/configure
> +++ b/configure
> @@ -1116,7 +1116,7 @@ fi
>
>  if test "$pie" = ""; then
>   case "$cpu-$targetos" in
> -    i386-Linux|x86_64-Linux)
> +    i386-Linux|x86_64-Linux|i386-OpenBSD|x86_64-OpenBSD)
>       ;;
>     *)
>       pie="no"
> --
> 1.7.6
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

Re: [Qemu-devel] [PATCH] w32: QEMU applications with SDL are always GUI applications

2011-12-11 Thread Blue Swirl 
Thanks, applied.

On Sat, Dec 3, 2011 at 21:32, Stefan Weil  wrote:
> Since commit 1d14ffa97eacd3cb722271eaf6f093038396eac4 (in 2005),
> QEMU applications on W32 don't use the default SDL compiler flags:
>
> Instead of a GUI application, a console application is created.
>
> This has disadvantages (there is always an empty console window) and
> no obvious reason, so this patch removes the strange flag modification.
>
> The SDL GUI applications still can be run from a console window
> and even send stdout and stderr to that console by setting environment
> variable SDL_STDIO_REDIRECT=no.
>
> Signed-off-by: Stefan Weil 
> ---
>  configure |    3 ---
>  1 files changed, 0 insertions(+), 3 deletions(-)
>
> diff --git a/configure b/configure
> index ac4840d..f2fdb1d 100755
> --- a/configure
> +++ b/configure
> @@ -1522,9 +1522,6 @@ EOF
>   if compile_prog "$sdl_cflags" "$sdl_libs" ; then
>     sdl_libs="$sdl_libs -lX11"
>   fi
> -  if test "$mingw32" = "yes" ; then
> -    sdl_libs="`echo $sdl_libs | sed s/-mwindows//g` -mconsole"
> -  fi
>   libs_softmmu="$sdl_libs $libs_softmmu"
>  fi
>
> --
> 1.7.2.5
>
>

Re: [Qemu-devel] [PATCH] w32: Disable buffering for log file

2011-12-11 Thread Blue Swirl 
Thanks, applied.

On Sat, Dec 3, 2011 at 21:32, Stefan Weil  wrote:
> W32 does not support line buffering, but it supports unbuffered output.
>
> Unbuffered output is better for writing to qemu.log than fully buffered
> output because it also shows the latest log messages when an application
> crash occurs.
>
> Signed-off-by: Stefan Weil 
> ---
>  exec.c |    6 --
>  1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index 6b92198..d8b2180 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1603,8 +1603,10 @@ void cpu_set_log(int log_flags)
>             static char logfile_buf[4096];
>             setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
>         }
> -#elif !defined(_WIN32)
> -        /* Win32 doesn't support line-buffering and requires size >= 2 */
> +#elif defined(_WIN32)
> +        /* Win32 doesn't support line-buffering, so use unbuffered output. */
> +        setvbuf(logfile, NULL, _IONBF, 0);
> +#else
>         setvbuf(logfile, NULL, _IOLBF, 0);
>  #endif
>         log_append = 1;
> --
> 1.7.2.5
>
>

[Qemu-devel] [Bug 696094] Re: TI Stellaris lm3s811evb (ARM Cortex-M3) : Systick interrupt not working

2011-12-11 Thread Petteri Aimonen 
I think the problem is line 53 in qemu-linaro/hw/armv7m_nvic.c:
int system_clock_scale;

This variable is initialized under some conditions from the Stellaris
peripheral emulation code, but apparently your code does not trigger
this initialization. It then uses the default value of 0, and gets into
an infinite loop.

I suggest that the line be changed to:
int system_clock_scale = 1;

This not only prevents the crash, but has a side benefit of being able to use 
the SysTick timer even without other peripherals, like this:
qemu-system-arm -cpu cortex-m3 -nographic -monitor null -serial null 
-semihosting -kernel test.elf
-device armv7m_nvic -icount 1

I still get hangs by messing around with the -icount parameter, but it
is a different bug - ctrl-C gets you out of those hangs.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/696094

Title:
  TI Stellaris lm3s811evb (ARM Cortex-M3) : Systick interrupt not
  working

Status in QEMU:
  New

Bug description:
  I've tried to create a small project that uses the CMSIS as base library.
  The problem is that the SysTick_interrupt_handler() doesn't get executed when 
the systick event is detected in QEMU. Furthermore, it seems asif QEMU gets 
stuck in an endless loop. QEMU doesn't respond to Ctrl-C on the command line 
and the GDB session also stalls. 'kill -9' is the only way to stop QEMU.

  It seems asif the initialisation of the NVIC works fine. I've traced the 
function calls in QEMU as follows:
  stellaris.c: stellaris_init() - Perform generic armv7 init: armv7m_init()
 armv7m.c: armv7m_init() - Create and init the nvic:
 nvic = qdev_create(NULL, "armv7m_nvic");
 env->nvic = nvic;
 qdev_init_nofail(nvic);
 - Configure the programmable interrupt controller:
 Call: arm_pic_init_cpu() 
  
qemu_allocate_irqs(arm_pic_cpu_handler)
 - Initialise 64 interrupt structures.

  The following call sequence is observed when the systick event occur:
  armv7m_nvic.c: systick_timer_tick(): set pending interrupt
  armv7m_nvic.c: armv7m_nvic_set_pending() for irq:15
arm_gic.c: gic_set_pending_private(): GIC_SET_PENDING(15,)
  arm_gic.c: gic_update() - Raise IRQ with qemu_set_irq()
 irq.c: eqmu_set_irq() - Call the irq->handler 
 -- I assume the irq handler is 
'arm_pic_cpu_handler()',
since that was passed as the parameter when
qemu_allocate_irqs() was called in ...
arm_pic.c: arm_pic_cpu_handler() - After evaluation, call 
cpu_interrupt()
   exec.c: cpu_interrupt() is called. 

  The tools that were used during the testing of this project:
GCC: Codesourcery ARM eabi 2010q3
QEMU: Checked out on 31/12/2010 - Last commit: 
0fcec41eec0432c77645b4a407d3a3e030c4abc4
  The project files are attached, for reproducing of the errors.
 Note: The CMSIS wants to perform byte accesses to the NVIC. For the 
Cortex-M3, unaligned 8 bit and 16 bit accesses are allowed. The current QEMU 
implementation doesn't yet cater for it. As a work around, updated versions of
  arm_gic.c armv7m_nvic.h armv7m_nvic.c is also included.

  Launch project with: go_gdb.sh
  Attach debugger with: arm-none-eabi-gdbtui --command=gdbCommands_tui
  (s = step, n = next, c = continue, Ctrl-C = stop, print  to look at 
variable contents)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/696094/+subscriptions

[Qemu-devel] Unsubscription Confirmation

2011-12-11 Thread RealEstateMalaysian.com 
Thank you for subscribing. You have now unsubscribed and no more messages will 
be sent.

[Qemu-devel] [Bug 696094] Re: TI Stellaris lm3s811evb (ARM Cortex-M3) : Systick interrupt not working

2011-12-11 Thread Peter Maydell 
ssys_reset() should be calling  ssys_calculate_system_clock(). (We
should probably use a saner default value, though. Or treat
system_clock_scale == 0 as "this board doesn't provide an external clock
reference". And do we really have the sense right on the
SYSTICKX_CLKSOURCE flag?)

> qemu-system-arm -cpu cortex-m3 -nographic -monitor null -serial null
-semihosting -kernel test.elf -device armv7m_nvic -icount 1

This is a nonsensical command line since it will try to instantiate an
Integrator board model with a Cortex-M3 CPU.  It's not possible to
correctly wire up the armv7m_nvic device from the command line, in fact,
so any qemu command line that tries to do so is inherently broken; to
the extent that it works this will be purely by fluke.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/696094

Title:
  TI Stellaris lm3s811evb (ARM Cortex-M3) : Systick interrupt not
  working

Status in QEMU:
  New

Bug description:
  I've tried to create a small project that uses the CMSIS as base library.
  The problem is that the SysTick_interrupt_handler() doesn't get executed when 
the systick event is detected in QEMU. Furthermore, it seems asif QEMU gets 
stuck in an endless loop. QEMU doesn't respond to Ctrl-C on the command line 
and the GDB session also stalls. 'kill -9' is the only way to stop QEMU.

  It seems asif the initialisation of the NVIC works fine. I've traced the 
function calls in QEMU as follows:
  stellaris.c: stellaris_init() - Perform generic armv7 init: armv7m_init()
 armv7m.c: armv7m_init() - Create and init the nvic:
 nvic = qdev_create(NULL, "armv7m_nvic");
 env->nvic = nvic;
 qdev_init_nofail(nvic);
 - Configure the programmable interrupt controller:
 Call: arm_pic_init_cpu() 
  
qemu_allocate_irqs(arm_pic_cpu_handler)
 - Initialise 64 interrupt structures.

  The following call sequence is observed when the systick event occur:
  armv7m_nvic.c: systick_timer_tick(): set pending interrupt
  armv7m_nvic.c: armv7m_nvic_set_pending() for irq:15
arm_gic.c: gic_set_pending_private(): GIC_SET_PENDING(15,)
  arm_gic.c: gic_update() - Raise IRQ with qemu_set_irq()
 irq.c: eqmu_set_irq() - Call the irq->handler 
 -- I assume the irq handler is 
'arm_pic_cpu_handler()',
since that was passed as the parameter when
qemu_allocate_irqs() was called in ...
arm_pic.c: arm_pic_cpu_handler() - After evaluation, call 
cpu_interrupt()
   exec.c: cpu_interrupt() is called. 

  The tools that were used during the testing of this project:
GCC: Codesourcery ARM eabi 2010q3
QEMU: Checked out on 31/12/2010 - Last commit: 
0fcec41eec0432c77645b4a407d3a3e030c4abc4
  The project files are attached, for reproducing of the errors.
 Note: The CMSIS wants to perform byte accesses to the NVIC. For the 
Cortex-M3, unaligned 8 bit and 16 bit accesses are allowed. The current QEMU 
implementation doesn't yet cater for it. As a work around, updated versions of
  arm_gic.c armv7m_nvic.h armv7m_nvic.c is also included.

  Launch project with: go_gdb.sh
  Attach debugger with: arm-none-eabi-gdbtui --command=gdbCommands_tui
  (s = step, n = next, c = continue, Ctrl-C = stop, print  to look at 
variable contents)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/696094/+subscriptions

Re: [Qemu-devel] [PATCH 0/4] tcg: Add debug facilities for TCGv

2011-12-11 Thread Paul Brook 
> > What mismatches does this catch that the existing debug code doesn't?
> 
> Cf. patch 4/4:
> 
> TCGv tmp = tcg_temp_new_i32();
> tcg_temp_free_i32(tmp);
> 
> TCGv_i32 tmp2 = tcg_temp_new();
> tcg_temp_free(tmp2);

Why is this a problem?  If TARGET_LONG_BITS==32 then tcg_temp_free and 
tcg_temp_free_i32 are synonyms, and everything is happy.

If TARGET_LONG_BITS==64 then we already flag this as an error.

> Try compiling --target-list=arm-softmmu --enable-debug-tcg with my
> series and DEBUG_TCGV_TL uncommented, and you'll see for yourself.
> There's too many to mention and for me to actually fix. You'll have to
> deal with it for ARMv8 at some point and this series hopefully helps.

That's exactly why I think this patch is a bad idea.

If a target always has TARGET_LONG_BITS==32 then it doesn't matter if we mix 
TCGv and TCGv_i32.

If a target has both 32-bit and 64-bit variants then at least one of these 
will already fail to build.  I don't see how making both fail provides any 
benefit.  As you say, whoever implements ARMv8 gets to fix all the mismatches 
when thay actually add the aarch64 support.

Trying to make a 32-bit target "64-bit safe" without actually implementing the 
64-bit target is a complete waste of time.  You've almost no chance of getting 
it right.  In some cases the correct answer will be to use 32-bit arithmetic, 
then sign/zero extend the result. In other cases the correct answer will be to 
perform word size arithmetic.  Blindly picking one just makes the bugs harder 
to find later.

If you're trying to add support for targets where the primary word size is 
neither 32 nor 64 then that's a completely different problem, and probably not 
one that's worth solving.  In practice your port is going to end up using 64-
bit arithmetic and explicitly compensating for the excess precision where 
necessary.

Paul

Re: [Qemu-devel] [RFC 0/6] target-i386: TCGv cleanups

2011-12-11 Thread Paul Brook 
> This series makes target-i386 compile with DEBUG_TCGV_TL.

What benefit does this provide?

I effectively already asked this in reply to your patch adding 
DEBUG_TCGV_TL[1].  One answer is sufficient, this mail is really just to link 
the two threads together :-)

Paul

[1] http://lists.nongnu.org/archive/html/qemu-devel/2011-12/msg01261.html

Re: [Qemu-devel] [RFC 0/4] virtio-mmio transport

2011-12-11 Thread Paul Brook 
> >> I'm not sure what guest software uses the syborg virtio transport.
> > 
> > It is/was a virtual reference platform for SymbianOS.  However since then
> > the Symbian Foundation got shot in the back of the head and the rest of
> > Nokia jumped ship to Windows, so I'd be surprised if anyone really cares
> > about it.
> 
> Can we remove syborg virtio then?

If we do, then I recommend removing the whole of the rest of the syborg 
machine at the same time.

AFAIK the only use of this machine was the Symbian Virtual Platform reference 
environment provided by the Symbian Foundation.  This organisation no longer 
exists, and the code (both qemu and guest OS) they hosted is no longer 
publicly available.  The qemu.org code is also a stripped-down version of the 
full SVP.

In short I do not have any good reasons to keep this code.


I've taken a look at the virtion-mmio spec, and it looks fairly reasonable.

The only thing I'd change is the GuestPageSize/QueuePFN mess.  Seems like just 
using straight 64-bit addresses would be a better solution.  Maybe split into 
a high/low pair to keep all registers as 32-bit registers.

Assuming a 4k page size, the pfn approach makes it painful to exceed a 44-bit 
physical address space.  Modern x86 cores have already supprt larger physical 
address spaces, and architectural limits are even higher.  Remember that 
physical address space need not be densely populated.

Paul

[Qemu-devel] [PATCH v3] block : return real error code in cow.c

2011-12-11 Thread Li Zhi Hui 
v3: modify some errors

Signed-off-by: Li Zhi Hui 
---
 block/cow.c |   44 +---
 1 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/block/cow.c b/block/cow.c
index 3c52735..bb5927c 100644
--- a/block/cow.c
+++ b/block/cow.c
@@ -64,15 +64,26 @@ static int cow_open(BlockDriverState *bs, int flags)
 struct cow_header_v2 cow_header;
 int bitmap_size;
 int64_t size;
+int ret;
 
 /* see if it is a cow image */
-if (bdrv_pread(bs->file, 0, &cow_header, sizeof(cow_header)) !=
-sizeof(cow_header)) {
+ret = bdrv_pread(bs->file, 0, &cow_header, sizeof(cow_header));
+if (ret < 0) {
+goto fail;
+}
+
+if (be32_to_cpu(cow_header.magic) != COW_MAGIC) {
+ret = -EINVAL;
 goto fail;
 }
 
-if (be32_to_cpu(cow_header.magic) != COW_MAGIC ||
-be32_to_cpu(cow_header.version) != COW_VERSION) {
+if (be32_to_cpu(cow_header.version) != COW_VERSION) {
+char version[64];
+snprintf(version, sizeof(version),
+   "COW version %d", cow_header.version);
+qerror_report(QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
+bs->device_name, "cow", version);
+ret = -ENOTSUP;
 goto fail;
 }
 
@@ -88,7 +99,7 @@ static int cow_open(BlockDriverState *bs, int flags)
 qemu_co_mutex_init(&s->lock);
 return 0;
  fail:
-return -1;
+return ret;
 }
 
 /*
@@ -182,17 +193,19 @@ static int coroutine_fn cow_read(BlockDriverState *bs, 
int64_t sector_num,
 ret = bdrv_pread(bs->file,
 s->cow_sectors_offset + sector_num * 512,
 buf, n * 512);
-if (ret != n * 512)
-return -1;
+if (ret < 0) {
+return ret;
+}
 } else {
 if (bs->backing_hd) {
 /* read from the base image */
 ret = bdrv_read(bs->backing_hd, sector_num, buf, n);
-if (ret < 0)
-return -1;
+if (ret < 0) {
+return ret;
+}
 } else {
-memset(buf, 0, n * 512);
-}
+memset(buf, 0, n * 512);
+}
 }
 nb_sectors -= n;
 sector_num += n;
@@ -220,8 +233,9 @@ static int cow_write(BlockDriverState *bs, int64_t 
sector_num,
 
 ret = bdrv_pwrite(bs->file, s->cow_sectors_offset + sector_num * 512,
   buf, nb_sectors * 512);
-if (ret != nb_sectors * 512)
-return -1;
+if (ret < 0) {
+return ret;
+}
 
 return cow_update_bitmap(bs, sector_num, nb_sectors);
 }
@@ -288,14 +302,14 @@ static int cow_create(const char *filename, 
QEMUOptionParameter *options)
 cow_header.sectorsize = cpu_to_be32(512);
 cow_header.size = cpu_to_be64(image_sectors * 512);
 ret = bdrv_pwrite(cow_bs, 0, &cow_header, sizeof(cow_header));
-if (ret != sizeof(cow_header)) {
+if (ret < 0) {
 goto exit;
 }
 
 /* resize to include at least all the bitmap */
 ret = bdrv_truncate(cow_bs,
 sizeof(cow_header) + ((image_sectors + 7) >> 3));
-if (ret) {
+if (ret < 0) {
 goto exit;
 }
 
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 00/14] ARM: Samsung Exynos4210-based boards support.

2011-12-11 Thread Evgeny Voevodin 
This set of patches adds support for Samsung S5PC210-based boards NURI and 
SMDKC210.
Tested on Linux kernel v3.x series. Usage of "-smp 2" option is reuired for now.

Third version: Reverted hw/arm_gic.c modification. Added IRQ Gate to Exynos4210
board.

Evgeny Voevodin (8):
  hw/sysbus.h: Increase maximum number of device IRQs.
  ARM: exynos4210: IRQ subsystem support.
  ARM: exynos4210: PWM support.
  hw/arm_boot.c: Add new secondary CPU bootloader.
  ARM: exynos4210: MCT support.
  hw/exynos4210.c: Boot secondary CPU.
  hw/lan9118: Add basic 16-bit mode support.
  hw/exynos4210.c: Add LAN support for SMDKC210.

Maksim Kozlov (3):
  ARM: Samsung exynos4210-based boards emulation
  ARM: exynos4210: CMU support
  ARM: exynos4210: UART support

Mitsyanko Igor (3):
  hw/sd.c, hw/sd.h: add receive ready query routine to SD/MMC API
  ARM: exynos4210: added SD/MMC host controller
  ARM: exynos4210: added display controller implementation

 Makefile.target  |3 +
 hw/arm-misc.h|1 +
 hw/arm_boot.c|   22 +-
 hw/devices.h |2 +-
 hw/exynos4210.c  |  561 +++
 hw/exynos4210.h  |  107 +++
 hw/exynos4210_cmu.c  | 1146 ++
 hw/exynos4210_combiner.c |  385 ++
 hw/exynos4210_fimd.c | 1737 ++
 hw/exynos4210_gic.c  |  510 ++
 hw/exynos4210_mct.c  | 1486 +++
 hw/exynos4210_pwm.c  |  433 
 hw/exynos4210_sdhc.c | 1666 
 hw/exynos4210_uart.c |  674 ++
 hw/lan9118.c |  115 +++-
 hw/sd.c  |5 +
 hw/sd.h  |1 +
 hw/sysbus.h  |2 +-
 18 files changed, 8840 insertions(+), 16 deletions(-)
 create mode 100644 hw/exynos4210.c
 create mode 100644 hw/exynos4210.h
 create mode 100644 hw/exynos4210_cmu.c
 create mode 100644 hw/exynos4210_combiner.c
 create mode 100644 hw/exynos4210_fimd.c
 create mode 100644 hw/exynos4210_gic.c
 create mode 100644 hw/exynos4210_mct.c
 create mode 100644 hw/exynos4210_pwm.c
 create mode 100644 hw/exynos4210_sdhc.c
 create mode 100644 hw/exynos4210_uart.c

-- 
1.7.4.1

[Qemu-devel] [PATCH v3 09/14] hw/exynos4210.c: Boot secondary CPU.

2011-12-11 Thread Evgeny Voevodin 

Signed-off-by: Evgeny Voevodin 
---
 hw/exynos4210.c |   26 ++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index e2c4bf5..055205d 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -93,8 +93,15 @@
 #define EXYNOS4210_EXT_COMBINER_BASE_ADDR   0x1044
 #define EXYNOS4210_INT_COMBINER_BASE_ADDR   0x10448000
 
+/* Secondary CPU polling address to get loader start from */
+#define EXYNOS4210_SECOND_CPU_BOOTREG   0x10020814
+
+/* Secondary CPU startup code is in IROM memory */
+#define EXYNOS4210_SMP_BOOT_ADDREXYNOS4210_IROM_BASE_ADDR
+
 static struct arm_boot_info exynos4210_binfo = {
 .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
+.smp_loader_start = EXYNOS4210_SMP_BOOT_ADDR,
 };
 
 static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
@@ -208,6 +215,8 @@ static void exynos4210_init(ram_addr_t ram_size,
 MemoryRegion *irom_alias_mem = g_new(MemoryRegion, 1);
 MemoryRegion *dram0_mem = g_new(MemoryRegion, 1);
 MemoryRegion *dram1_mem = NULL;
+MemoryRegion *hack_mem = g_new(MemoryRegion, 1);
+MemoryRegion *bootreg_mem = g_new(MemoryRegion, 1);
 Exynos4210Irq *irqs;
 qemu_irq *irq_table;
 qemu_irq *irqp;
@@ -221,9 +230,11 @@ static void exynos4210_init(ram_addr_t ram_size,
 switch (board_type) {
 case BOARD_EXYNOS4210_NURI:
 exynos4210_binfo.board_id  = MACH_NURI_ID;
+exynos4210_binfo.smp_bootreg_addr = EXYNOS4210_SECOND_CPU_BOOTREG;
 break;
 case BOARD_EXYNOS4210_SMDKC210:
 exynos4210_binfo.board_id = MACH_SMDKC210_ID;
+exynos4210_binfo.smp_bootreg_addr = EXYNOS4210_SECOND_CPU_BOOTREG;
 break;
 default:
 break;
@@ -367,6 +378,20 @@ static void exynos4210_init(ram_addr_t ram_size,
 memory_region_add_subregion(system_mem, EXYNOS4210_DRAM0_BASE_ADDR,
 dram0_mem);
 
+/*
+ * Secondary CPU startup code will be placed here.
+ */
+memory_region_init_ram(hack_mem, NULL, "exynos4210.hack", 0x1000);
+memory_region_add_subregion(system_mem, EXYNOS4210_SMP_BOOT_ADDR,
+hack_mem);
+
+/*
+ * Hack: Map SECOND_CPU_BOOTREG, because it is in PMU USER5 register.
+ */
+memory_region_init_ram(bootreg_mem, NULL, "exynos4210.bootreg", 0x4);
+memory_region_add_subregion(system_mem, EXYNOS4210_SECOND_CPU_BOOTREG,
+bootreg_mem);
+
 /* CMU */
 sysbus_create_simple("exynos4210.cmu", EXYNOS4210_CMU_BASE_ADDR, NULL);
 
@@ -441,6 +466,7 @@ static void exynos4210_init(ram_addr_t ram_size,
 exynos4210_binfo.kernel_filename = kernel_filename;
 exynos4210_binfo.initrd_filename = initrd_filename;
 exynos4210_binfo.kernel_cmdline = kernel_cmdline;
+exynos4210_binfo.smp_priv_base = EXYNOS4210_SMP_PRIVATE_BASE_ADDR;
 
 arm_load_kernel(first_cpu, &exynos4210_binfo);
 }
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 08/14] ARM: exynos4210: MCT support.

2011-12-11 Thread Evgeny Voevodin 

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target |2 +-
 hw/exynos4210.c |   19 +
 hw/exynos4210_mct.c | 1486 +++
 3 files changed, 1506 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210_mct.c

diff --git a/Makefile.target b/Makefile.target
index 709e9e2..691582b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -345,7 +345,7 @@ obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o 
pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
 obj-arm-y += exynos4210.o exynos4210_cmu.o exynos4210_uart.o exynos4210_gic.o \
- exynos4210_combiner.o exynos4210_pwm.o
+ exynos4210_combiner.o exynos4210_pwm.o exynos4210_mct.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 7a7760d..e2c4bf5 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -68,6 +68,9 @@
 /* PWM */
 #define EXYNOS4210_PWM_BASE_ADDR0x139D
 
+/* MCT */
+#define EXYNOS4210_MCT_BASE_ADDR0x1005
+
 /* UART's definitions */
 #define EXYNOS4210_UART_BASE_ADDR   0x1380
 #define EXYNOS4210_UART_SHIFT   0x0001
@@ -376,6 +379,22 @@ static void exynos4210_init(ram_addr_t ram_size,
 irq_table[exynos4210_get_irq(22, 4)],
 NULL);
 
+/* Multi Core Timer */
+dev = qdev_create(NULL, "exynos4210.mct");
+qdev_init_nofail(dev);
+busdev = sysbus_from_qdev(dev);
+for (n = 0; n < 4; n++) {
+/* Connect global timer interrupts to Combiner gpio_in */
+sysbus_connect_irq(busdev, n,
+irq_table[exynos4210_get_irq(1, 4 + n)]);
+}
+/* Connect local timer interrupts to Combiner gpio_in */
+sysbus_connect_irq(busdev, 4,
+irq_table[exynos4210_get_irq(51, 0)]);
+sysbus_connect_irq(busdev, 5,
+irq_table[exynos4210_get_irq(35, 3)]);
+sysbus_mmio_map(busdev, 0, EXYNOS4210_MCT_BASE_ADDR);
+
 /*** UARTs ***/
 for (n = 0; n < EXYNOS4210_UARTS_NUMBER; n++) {
 
diff --git a/hw/exynos4210_mct.c b/hw/exynos4210_mct.c
new file mode 100644
index 000..d754a94
--- /dev/null
+++ b/hw/exynos4210_mct.c
@@ -0,0 +1,1486 @@
+/*
+ * Samsung exynos4210 Multi Core timer
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * Global Timer:
+ *
+ * Consists of two timers. First represents Free Running Counter and second
+ * is used to measure interval from FRC to nearest comparator.
+ *
+ *0
0x...
+ *|  timer0 |
+ *| <-- |
+ *| frc---> |
+ *|__|__|
+ *CMP0  CMP1 CMP2|   CMP3
+ * __||_
+ * | timer1 |
+ * | -> |
+ *frc  CMPx
+ *
+ * Problem: when implementing global timer as is, overflow arises.
+ * next_time = cur_time + period*count;
+ * period and count are 64 bits width and count == 0xFF..FF 64its.
+ * Lets arm timer for 0x count and update internal G_CNT register
+ * during each event.
+ *
+ * Problem: both timers need to be implemented using MCT_XT_COUNTER_STEP 
because
+ * local timer contains two counters: TCNT and ICNT. TCNT == 0 -> ICNT--.
+ * IRQ is generated when ICNT riches zero. If make timer for every TCNT == 0
+ * possible too frequently events (yes, if ICNT == 0 both, we got no luck).
+ * So, better to have one uint64_t counter equal to TCNT*ICNT and arm ptimer.c
+ * for a minimum(TCNT*ICNT, MCT_GT_COUNTER_STEP);
+ */
+
+#include "sysbus.h"
+#include "qemu-timer.h"
+#include "qemu-

[Qemu-devel] [PATCH v3 01/14] ARM: Samsung exynos4210-based boards emulation

2011-12-11 Thread Evgeny Voevodin 
From: Maksim Kozlov 

Add initial code for support of NURI and SMDKC210 boards

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target |1 +
 hw/exynos4210.c |  224 +++
 hw/exynos4210.h |   34 
 3 files changed, 259 insertions(+), 0 deletions(-)
 create mode 100644 hw/exynos4210.c
 create mode 100644 hw/exynos4210.h

diff --git a/Makefile.target b/Makefile.target
index a111521..624a142 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -344,6 +344,7 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
+obj-arm-y += exynos4210.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
new file mode 100644
index 000..1550016
--- /dev/null
+++ b/hw/exynos4210.c
@@ -0,0 +1,224 @@
+/*
+ *  Samsung exynos4210-based boards emulation
+ *
+ *  Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *Maksim Kozlov 
+ *Evgeny Voevodin 
+ *Igor Mitsyanko  
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc., 51
+ *  Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include "boards.h"
+#include "sysemu.h"
+#include "sysbus.h"
+#include "arm-misc.h"
+#include "exec-memory.h"
+#include "exynos4210.h"
+
+#undef DEBUG
+
+//#define DEBUG
+
+#ifdef DEBUG
+#undef PRINT_DEBUG
+#define  PRINT_DEBUG(fmt, args...) \
+do { \
+fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
+} while (0)
+#else
+#define  PRINT_DEBUG(fmt, args...) \
+do {} while (0)
+#endif
+
+#define EXYNOS4210_DRAM0_BASE_ADDR  0x4000
+#define EXYNOS4210_DRAM1_BASE_ADDR  0xa000
+#define EXYNOS4210_DRAM_MAX_SIZE0x6000  /* 1.5 GB */
+
+#define EXYNOS4210_IROM_BASE_ADDR   0x
+#define EXYNOS4210_IROM_SIZE0x0001  /* 64 KB */
+#define EXYNOS4210_IROM_MIRROR_BASE_ADDR0x0200
+#define EXYNOS4210_IROM_MIRROR_SIZE 0x0001  /* 64 KB */
+
+#define EXYNOS4210_IRAM_BASE_ADDR   0x0202
+#define EXYNOS4210_IRAM_SIZE0x0002  /* 128 KB */
+
+#define EXYNOS4210_SFR_BASE_ADDR0x1000
+
+#define EXYNOS4210_BASE_BOOT_ADDR   EXYNOS4210_DRAM0_BASE_ADDR
+
+static struct arm_boot_info exynos4210_binfo = {
+.loader_start = EXYNOS4210_BASE_BOOT_ADDR,
+};
+
+static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
+0x09, 0x00, 0x00, 0x00 };
+
+enum exynos4210_board_type {
+BOARD_EXYNOS4210_NURI,
+BOARD_EXYNOS4210_SMDKC210,
+};
+
+enum exynos4210_mach_id {
+MACH_NURI_ID = 0xD33,
+MACH_SMDKC210_ID = 0xB16,
+};
+
+
+static void exynos4210_init(ram_addr_t ram_size,
+const char *boot_device,
+const char *kernel_filename,
+const char *kernel_cmdline,
+const char *initrd_filename,
+const char *cpu_model,
+enum exynos4210_board_type board_type)
+{
+CPUState *env;
+MemoryRegion *system_mem = get_system_memory();
+MemoryRegion *chipid_mem = g_new(MemoryRegion, 1);
+MemoryRegion *iram_mem = g_new(MemoryRegion, 1);
+MemoryRegion *irom_mem = g_new(MemoryRegion, 1);
+MemoryRegion *irom_alias_mem = g_new(MemoryRegion, 1);
+MemoryRegion *dram0_mem = g_new(MemoryRegion, 1);
+MemoryRegion *dram1_mem = NULL;
+qemu_irq *irqp;
+qemu_irq cpu_irq[4];
+ram_addr_t mem_size;
+int n;
+
+switch (board_type) {
+case BOARD_EXYNOS4210_NURI:
+exynos4210_binfo.board_id  = MACH_NURI_ID;
+break;
+case BOARD_EXYNOS4210_SMDKC210:
+exynos4210_binfo.board_id = MACH_SMDKC210_ID;
+break;
+default:
+break;
+}
+if (!cpu_model) {
+cpu_model = "cortex-a9";
+}
+
+for (n = 0; n < smp_cpus; n++) {
+env = cpu_init(cpu_model);
+if (!env) {
+fprintf(stderr, "Unable to find CPU %d definition\n", n);
+exit(1);
+}
+/* Create PIC controller for each processor instance */
+irqp = arm_pic_init_cpu(env);
+
+

[Qemu-devel] [PATCH v3 03/14] ARM: exynos4210: UART support

2011-12-11 Thread Evgeny Voevodin 
From: Maksim Kozlov 

Add basic support of exynos4210 UART

Conflicts:

Makefile.target

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target  |2 +-
 hw/exynos4210.c  |   51 
 hw/exynos4210.h  |9 +
 hw/exynos4210_uart.c |  674 ++
 4 files changed, 735 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210_uart.c

diff --git a/Makefile.target b/Makefile.target
index ce4f1f8..4c706b1 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -344,7 +344,7 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
-obj-arm-y += exynos4210.o exynos4210_cmu.o
+obj-arm-y += exynos4210.o exynos4210_cmu.o exynos4210_uart.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 1a6e353..d5a1fe0 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -63,6 +63,18 @@
 /* SFR Base Address for CMUs */
 #define EXYNOS4210_CMU_BASE_ADDR0x1003
 
+/* UART's definitions */
+#define EXYNOS4210_UART_BASE_ADDR   0x1380
+#define EXYNOS4210_UART_SHIFT   0x0001
+
+#define EXYNOS4210_UARTS_NUMBER 4
+
+#define EXYNOS4210_UART_CHANNEL(addr)   ((addr >> 16) & 0x7)
+#define EXYNOS4210_UART0_FIFO_SIZE  256
+#define EXYNOS4210_UART1_FIFO_SIZE  64
+#define EXYNOS4210_UART2_FIFO_SIZE  16
+#define EXYNOS4210_UART3_FIFO_SIZE  16
+
 
 static struct arm_boot_info exynos4210_binfo = {
 .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
@@ -179,6 +191,45 @@ static void exynos4210_init(ram_addr_t ram_size,
 /* CMU */
 sysbus_create_simple("exynos4210.cmu", EXYNOS4210_CMU_BASE_ADDR, NULL);
 
+/*** UARTs ***/
+for (n = 0; n < EXYNOS4210_UARTS_NUMBER; n++) {
+
+uint32_t addr = EXYNOS4210_UART_BASE_ADDR + EXYNOS4210_UART_SHIFT * n;
+int channel = EXYNOS4210_UART_CHANNEL(addr);
+qemu_irq uart_irq;
+int fifo_size = 0;
+
+switch (channel) {
+case 0:
+fifo_size = EXYNOS4210_UART0_FIFO_SIZE;
+break;
+case 1:
+fifo_size = EXYNOS4210_UART1_FIFO_SIZE;
+break;
+case 2:
+fifo_size = EXYNOS4210_UART2_FIFO_SIZE;
+break;
+case 3:
+fifo_size = EXYNOS4210_UART3_FIFO_SIZE;
+break;
+default:
+fifo_size = 0;
+PRINT_DEBUG("Wrong channel number: %d\n", channel);
+break;
+}
+
+if (fifo_size == 0) {
+PRINT_DEBUG("Can't create UART%d with fifo size %d\n",
+channel, fifo_size);
+continue;
+}
+
+uart_irq = NULL;
+
+exynos4210_uart_create(addr, fifo_size, channel, NULL, uart_irq);
+}
+
+
 /*** Load kernel ***/
 
 exynos4210_binfo.ram_size = ram_size;
diff --git a/hw/exynos4210.h b/hw/exynos4210.h
index 683a4a6..3df7322 100644
--- a/hw/exynos4210.h
+++ b/hw/exynos4210.h
@@ -53,4 +53,13 @@ typedef enum {
 
 uint64_t exynos4210_cmu_get_rate(Exynos4210CmuClock clock);
 
+/*
+ * exynos4210 UART
+ */
+DeviceState *exynos4210_uart_create(target_phys_addr_t addr,
+int fifo_size,
+int channel,
+CharDriverState *chr,
+qemu_irq irq);
+
 #endif /* EXYNOS4210_H_ */
diff --git a/hw/exynos4210_uart.c b/hw/exynos4210_uart.c
new file mode 100644
index 000..22c24b7
--- /dev/null
+++ b/hw/exynos4210_uart.c
@@ -0,0 +1,674 @@
+/*
+ *  exynos4210 UART Emulation
+ *
+ *  Copyright (C) 2011 Samsung Electronics Co Ltd.
+ *Maksim Kozlov, 
+ *
+ *  Created on: 07.2011
+ *
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc., 51
+ *  Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include "sysbus.h"
+#include "sysemu.h"
+#include "qemu-char.h"
+
+#include "exynos4210.h"
+
+#undef DEBUG_UART
+#undef DEBUG_UART_EXTEND
+#undef DEBUG_IRQ
+#undef DEBUG_Rx_DATA
+#undef DEBUG_Tx_DATA
+
+
+//#define DEBUG_UART
+//#define

[Qemu-devel] [PATCH v3 11/14] hw/exynos4210.c: Add LAN support for SMDKC210.

2011-12-11 Thread Evgeny Voevodin 
SMDKC210 uses lan9215 chip, but lan9118 in 16-bit mode seems to
be enough.

Signed-off-by: Evgeny Voevodin 
---
 hw/exynos4210.c |   18 ++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 055205d..0a93866 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -26,6 +26,8 @@
 #include "sysemu.h"
 #include "sysbus.h"
 #include "arm-misc.h"
+#include "net.h"
+#include "devices.h"
 #include "exec-memory.h"
 #include "exynos4210.h"
 
@@ -226,6 +228,8 @@ static void exynos4210_init(ram_addr_t ram_size,
 SysBusDevice *busdev;
 ram_addr_t mem_size;
 int n;
+NICInfo *nd;
+int done_nic = 0;
 
 switch (board_type) {
 case BOARD_EXYNOS4210_NURI:
@@ -458,6 +462,20 @@ static void exynos4210_init(ram_addr_t ram_size,
 exynos4210_uart_create(addr, fifo_size, channel, NULL, uart_irq);
 }
 
+/*** LAN adapter: this should be a 9215 but the 9118 is close enough ***/
+if (board_type == BOARD_EXYNOS4210_SMDKC210) {
+for (n = 0; n < nb_nics; n++) {
+nd = &nd_table[n];
+
+if (!done_nic && (!nd->model ||
+strcmp(nd->model, "lan9118") == 0)) {
+dev = lan9118_init(nd, 0x0500,
+qemu_irq_invert(irq_table[exynos4210_get_irq(37, 1)]));
+qdev_prop_set_uint32(dev, "mode_16bit", 1);
+done_nic = 1;
+}
+}
+}
 
 /*** Load kernel ***/
 
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 05/14] ARM: exynos4210: IRQ subsystem support.

2011-12-11 Thread Evgeny Voevodin 

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target  |3 +-
 hw/exynos4210.c  |  175 -
 hw/exynos4210.h  |   42 
 hw/exynos4210_combiner.c |  385 ++
 hw/exynos4210_gic.c  |  510 ++
 5 files changed, 1113 insertions(+), 2 deletions(-)
 create mode 100644 hw/exynos4210_combiner.c
 create mode 100644 hw/exynos4210_gic.c

diff --git a/Makefile.target b/Makefile.target
index 4c706b1..779c9d4 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -344,7 +344,8 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
-obj-arm-y += exynos4210.o exynos4210_cmu.o exynos4210_uart.o
+obj-arm-y += exynos4210.o exynos4210_cmu.o exynos4210_uart.o exynos4210_gic.o \
+ exynos4210_combiner.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index d5a1fe0..45d427e 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -58,6 +58,8 @@
 
 #define EXYNOS4210_SFR_BASE_ADDR0x1000
 
+#define EXYNOS4210_SMP_PRIVATE_BASE_ADDR0x1050
+
 #define EXYNOS4210_BASE_BOOT_ADDR   EXYNOS4210_DRAM0_BASE_ADDR
 
 /* SFR Base Address for CMUs */
@@ -74,7 +76,16 @@
 #define EXYNOS4210_UART1_FIFO_SIZE  64
 #define EXYNOS4210_UART2_FIFO_SIZE  16
 #define EXYNOS4210_UART3_FIFO_SIZE  16
+/* Interrupt Group of External Interrupt Combiner for UART */
+#define EXYNOS4210_UART_INTG   26
+
+/* External GIC */
+#define EXYNOS4210_EXT_GIC_CPU_BASE_ADDR0x1048
+#define EXYNOS4210_EXT_GIC_DIST_BASE_ADDR   0x1049
 
+/* Combiner */
+#define EXYNOS4210_EXT_COMBINER_BASE_ADDR   0x1044
+#define EXYNOS4210_INT_COMBINER_BASE_ADDR   0x10448000
 
 static struct arm_boot_info exynos4210_binfo = {
 .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
@@ -93,6 +104,87 @@ enum exynos4210_mach_id {
 MACH_SMDKC210_ID = 0xB16,
 };
 
+static void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs,
+DeviceState *dev,
+int ext)
+{
+int n;
+int bit;
+int max;
+qemu_irq *irq;
+
+max = ext ? EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ :
+EXYNOS4210_MAX_INT_COMBINER_IN_IRQ;
+irq = ext ? irqs->ext_combiner_irq : irqs->int_combiner_irq;
+
+/*
+ * Some IRQs of Int/External Combiner are going to two Combiners groups,
+ * so let split them.
+ */
+for (n = 0; n < max; n++) {
+
+bit = EXYNOS4210_COMBINER_GET_BIT_NUM(n);
+
+switch (n) {
+/* MDNIE_LCD1 INTG1*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 0) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(1, 3):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(0, bit + 4)]);
+continue;
+break;
+
+/* TMU INTG3*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(3, 4):
+irq[n] =
+qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(2, bit)]);
+continue;
+break;
+
+/* LCD1 INTG12*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 0) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 3):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+ irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(11, bit + 
4)]);
+continue;
+
+/* Multi-Core Timer INTG12*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(12, 8):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+continue;
+break;
+
+/* Multi-Core Timer INTG35*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(35, 8):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+continue;
+break;
+
+/* Multi-Core Timer INTG51*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(51, 8):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+continue;
+break;
+
+/* Multi-Core Timer INTG53*/
+case EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 4) ...
+ EXYNOS4210_COMBINER_GET_IRQ_NUM(53, 8):
+irq[n] = qemu_irq_split(qdev_get_gpio_in(dev, n),
+irq[EXYNOS4210_COMBINER_GET_IRQ_NUM(1, bit + 4)]);
+

Re: [Qemu-devel] [PATCH v3 00/14] ARM: Samsung Exynos4210-based boards support.

2011-12-11 Thread Stefan Weil 

Am 12.12.2011 07:43, schrieb Evgeny Voevodin:
This set of patches adds support for Samsung S5PC210-based boards NURI 
and SMDKC210.
Tested on Linux kernel v3.x series. Usage of "-smp 2" option is 
reuired for now.


Third version: Reverted hw/arm_gic.c modification. Added IRQ Gate to 
Exynos4210

board.

Evgeny Voevodin (8):
hw/sysbus.h: Increase maximum number of device IRQs.
ARM: exynos4210: IRQ subsystem support.
ARM: exynos4210: PWM support.
hw/arm_boot.c: Add new secondary CPU bootloader.
ARM: exynos4210: MCT support.
hw/exynos4210.c: Boot secondary CPU.
hw/lan9118: Add basic 16-bit mode support.
hw/exynos4210.c: Add LAN support for SMDKC210.

Maksim Kozlov (3):
ARM: Samsung exynos4210-based boards emulation
ARM: exynos4210: CMU support
ARM: exynos4210: UART support

Mitsyanko Igor (3):
hw/sd.c, hw/sd.h: add receive ready query routine to SD/MMC API
ARM: exynos4210: added SD/MMC host controller
ARM: exynos4210: added display controller implementation

Makefile.target | 3 +
hw/arm-misc.h | 1 +
hw/arm_boot.c | 22 +-
hw/devices.h | 2 +-
hw/exynos4210.c | 561 +++
hw/exynos4210.h | 107 +++
hw/exynos4210_cmu.c | 1146 ++
hw/exynos4210_combiner.c | 385 ++
hw/exynos4210_fimd.c | 1737 ++
hw/exynos4210_gic.c | 510 ++
hw/exynos4210_mct.c | 1486 +++
hw/exynos4210_pwm.c | 433 
hw/exynos4210_sdhc.c | 1666 
hw/exynos4210_uart.c | 674 ++
hw/lan9118.c | 115 +++-
hw/sd.c | 5 +
hw/sd.h | 1 +
hw/sysbus.h | 2 +-
18 files changed, 8840 insertions(+), 16 deletions(-)
create mode 100644 hw/exynos4210.c
create mode 100644 hw/exynos4210.h
create mode 100644 hw/exynos4210_cmu.c
create mode 100644 hw/exynos4210_combiner.c
create mode 100644 hw/exynos4210_fimd.c
create mode 100644 hw/exynos4210_gic.c
create mode 100644 hw/exynos4210_mct.c
create mode 100644 hw/exynos4210_pwm.c
create mode 100644 hw/exynos4210_sdhc.c
create mode 100644 hw/exynos4210_uart.c


I did not review you patches, but noticed that they still include
the FSF address (which changed several times in the past):

   You should have received a copy of the GNU General Public License along
   with this program; if not, write to the Free Software Foundation, 
Inc., 51

   Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

To avoid future address change modifications, most QEMU
code uses this statement in the license comments:

   You should have received a copy of the GNU General Public License
   along with this program; if not, see .

If a new version of your patches is needed, you might change that
as well.

Regards,
Stefan Weil

[Qemu-devel] [PATCH v3 04/14] hw/sysbus.h: Increase maximum number of device IRQs.

2011-12-11 Thread Evgeny Voevodin 
Samsung exynos4210 Interrupt Combiner needs 512 IRQ sources.

Signed-off-by: Evgeny Voevodin 
---
 hw/sysbus.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/sysbus.h b/hw/sysbus.h
index 9bac582..4ef0c3c 100644
--- a/hw/sysbus.h
+++ b/hw/sysbus.h
@@ -8,7 +8,7 @@
 
 #define QDEV_MAX_MMIO 32
 #define QDEV_MAX_PIO 32
-#define QDEV_MAX_IRQ 256
+#define QDEV_MAX_IRQ 512
 
 typedef struct SysBusDevice SysBusDevice;
 typedef void (*mmio_mapfunc)(SysBusDevice *dev, target_phys_addr_t addr);
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 07/14] hw/arm_boot.c: Add new secondary CPU bootloader.

2011-12-11 Thread Evgeny Voevodin 
Secondary CPU bootloader enables interrupt and issues wfi until start address
is written to system controller. The position where to find this start
address is hardcoded to 0x1030. This commit adds new bootloader for
secondary CPU which allows a target board to cpecify a position where
to find start address. If target board doesn't specify start address then
default 0x1030 is used

Signed-off-by: Evgeny Voevodin 
---
 hw/arm-misc.h |1 +
 hw/arm_boot.c |   22 +++---
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/hw/arm-misc.h b/hw/arm-misc.h
index af403a1..6e8ae6b 100644
--- a/hw/arm-misc.h
+++ b/hw/arm-misc.h
@@ -31,6 +31,7 @@ struct arm_boot_info {
 const char *initrd_filename;
 target_phys_addr_t loader_start;
 target_phys_addr_t smp_loader_start;
+target_phys_addr_t smp_bootreg_addr;
 target_phys_addr_t smp_priv_base;
 int nb_cpus;
 int board_id;
diff --git a/hw/arm_boot.c b/hw/arm_boot.c
index 215d5de..ecaac22 100644
--- a/hw/arm_boot.c
+++ b/hw/arm_boot.c
@@ -31,17 +31,17 @@ static uint32_t bootloader[] = {
 /* Entry point for secondary CPUs.  Enable interrupt controller and
Issue WFI until start address is written to system controller.  */
 static uint32_t smpboot[] = {
-  0xe59f0020, /* ldr r0, privbase */
-  0xe3a01001, /* mov r1, #1 */
-  0xe5801100, /* str r1, [r0, #0x100] */
-  0xe3a00201, /* mov r0, #0x1000 */
-  0xe3800030, /* orr r0, #0x30 */
+  0xe59f201c, /* ldr r2, privbase */
+  0xe59f001c, /* ldr r0, startaddr */
+  0xe3a01001, /* mov r1, #1 */
+  0xe5821100, /* str r1, [r2, #256] */
   0xe320f003, /* wfi */
   0xe5901000, /* ldr r1, [r0] */
   0xe1110001, /* tst r1, r1 */
   0x0afb, /* beq  */
   0xe12fff11, /* bx  r1 */
-  0 /* privbase: Private memory region base address.  */
+  0,  /* privbase: Private memory region base address.  */
+  0   /* bootreg: Boot register address is hold here */
 };
 
 #define WRITE_WORD(p, value) do { \
@@ -179,6 +179,7 @@ static void do_cpu_reset(void *opaque)
 {
 CPUState *env = opaque;
 const struct arm_boot_info *info = env->boot_info;
+uint8_t smp_bootreg_addr[4] = {0};
 
 cpu_reset(env);
 if (info) {
@@ -197,6 +198,8 @@ static void do_cpu_reset(void *opaque)
 info->loader_start);
 }
 } else {
+cpu_physical_memory_rw(info->smp_bootreg_addr, 
smp_bootreg_addr,
+sizeof(smp_bootreg_addr), 1);
 env->regs[15] = info->smp_loader_start;
 }
 }
@@ -262,6 +265,7 @@ void arm_load_kernel(CPUState *env, struct arm_boot_info 
*info)
 } else {
 initrd_size = 0;
 }
+
 bootloader[1] |= info->board_id & 0xff;
 bootloader[2] |= (info->board_id >> 8) & 0xff;
 bootloader[5] = info->loader_start + KERNEL_ARGS_ADDR;
@@ -272,7 +276,11 @@ void arm_load_kernel(CPUState *env, struct arm_boot_info 
*info)
 rom_add_blob_fixed("bootloader", bootloader, sizeof(bootloader),
info->loader_start);
 if (info->nb_cpus > 1) {
-smpboot[10] = info->smp_priv_base;
+if (!info->smp_bootreg_addr) {
+info->smp_bootreg_addr = 0x1030;
+}
+smpboot[(sizeof(smpboot) - 8)/4] = info->smp_priv_base;
+smpboot[(sizeof(smpboot) - 4)/4] = info->smp_bootreg_addr;
 for (n = 0; n < sizeof(smpboot) / 4; n++) {
 smpboot[n] = tswap32(smpboot[n]);
 }
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 02/14] ARM: exynos4210: CMU support

2011-12-11 Thread Evgeny Voevodin 
From: Maksim Kozlov 

Add exynos4210 Clock Management Units emulation

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target |2 +-
 hw/exynos4210.c |7 +
 hw/exynos4210.h |   22 +
 hw/exynos4210_cmu.c | 1146 +++
 4 files changed, 1176 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210_cmu.c

diff --git a/Makefile.target b/Makefile.target
index 624a142..ce4f1f8 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -344,7 +344,7 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
-obj-arm-y += exynos4210.o
+obj-arm-y += exynos4210.o exynos4210_cmu.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 1550016..1a6e353 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -60,6 +60,10 @@
 
 #define EXYNOS4210_BASE_BOOT_ADDR   EXYNOS4210_DRAM0_BASE_ADDR
 
+/* SFR Base Address for CMUs */
+#define EXYNOS4210_CMU_BASE_ADDR0x1003
+
+
 static struct arm_boot_info exynos4210_binfo = {
 .loader_start = EXYNOS4210_BASE_BOOT_ADDR,
 };
@@ -172,6 +176,9 @@ static void exynos4210_init(ram_addr_t ram_size,
 memory_region_add_subregion(system_mem, EXYNOS4210_DRAM0_BASE_ADDR,
 dram0_mem);
 
+/* CMU */
+sysbus_create_simple("exynos4210.cmu", EXYNOS4210_CMU_BASE_ADDR, NULL);
+
 /*** Load kernel ***/
 
 exynos4210_binfo.ram_size = ram_size;
diff --git a/hw/exynos4210.h b/hw/exynos4210.h
index 7137630..683a4a6 100644
--- a/hw/exynos4210.h
+++ b/hw/exynos4210.h
@@ -31,4 +31,26 @@
 
 #define EXYNOS4210_MAX_CPUS2
 
+/*
+ * Interface for exynos4210 Clock Management Units (CMUs)
+ */
+
+typedef enum {
+XXTI,
+XUSBXTI,
+APLL,
+MPLL,
+SCLK_APLL,
+SCLK_MPLL,
+ACLK_100,
+SCLK_UART0,
+SCLK_UART1,
+SCLK_UART2,
+SCLK_UART3,
+SCLK_UART4,
+CLOCKS_NUMBER
+} Exynos4210CmuClock;
+
+uint64_t exynos4210_cmu_get_rate(Exynos4210CmuClock clock);
+
 #endif /* EXYNOS4210_H_ */
diff --git a/hw/exynos4210_cmu.c b/hw/exynos4210_cmu.c
new file mode 100644
index 000..fe4100c
--- /dev/null
+++ b/hw/exynos4210_cmu.c
@@ -0,0 +1,1146 @@
+/*
+ *  exynos4210 Clock Management Units (CMUs) Emulation
+ *
+ *  Copyright (C) 2011 Samsung Electronics Co Ltd.
+ *Maksim Kozlov, 
+ *
+ *  Created on: 07.2011
+ *
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc., 51
+ *  Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include "sysbus.h"
+
+#include "exynos4210.h"
+
+
+
+#undef DEBUG_CMU
+
+//#define DEBUG_CMU
+//#define DEBUG_CMU_EXTEND
+
+
+#define  PRINT_DEBUG(fmt, args...)  \
+do {} while (0)
+#define  PRINT_DEBUG_SIMPLE(fmt, args...)  \
+do {} while (0)
+#define  PRINT_DEBUG_EXTEND(fmt, args...) \
+do {} while (0)
+#define  PRINT_ERROR(fmt, args...) \
+do { \
+fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
+} while (0)
+
+
+#ifdef DEBUG_CMU
+
+#undef PRINT_DEBUG
+#define  PRINT_DEBUG(fmt, args...)  \
+do { \
+fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
+} while (0)
+
+#undef PRINT_DEBUG_SIMPLE
+#define  PRINT_DEBUG_SIMPLE(fmt, args...)  \
+do { \
+fprintf(stderr, fmt, ## args); \
+} while (0)
+
+#ifdef DEBUG_CMU_EXTEND
+
+#undef PRINT_DEBUG_EXTEND
+#define  PRINT_DEBUG_EXTEND(fmt, args...) \
+do { \
+fprintf(stderr, "  [%s:%d]   "fmt, __func__, __LINE__, ##args); \
+} while (0)
+
+#endif /* EXTEND */
+#endif
+
+
+/*
+ *  Offsets for CMUs registers
+ */
+
+/* CMU_LEFTBUS registers */
+#define CLK_SRC_LEFTBUS  0x04200
+#define CLK_MUX_STAT_LEFTBUS 0x04400
+#define CLK_DIV_LEFTBUS  0x04500
+#define CLK_DIV_STAT_LEFTBUS 0x04600
+#define CLK_GATE_IP_LEFTBUS  0x04800
+#define CLKOUT_CMU_LEFTBUS   0x04A00
+#define CLKOUT_CMU_LEFTBUS_DIV_STAT  0x04A04
+/* CMU_RIGHTBUS registers */
+#define CLK_SRC_RIGHTBUS

[Qemu-devel] [PATCH v3 10/14] hw/lan9118: Add basic 16-bit mode support.

2011-12-11 Thread Evgeny Voevodin 

Signed-off-by: Evgeny Voevodin 
---
 hw/devices.h |2 +-
 hw/lan9118.c |  115 ++
 2 files changed, 109 insertions(+), 8 deletions(-)

diff --git a/hw/devices.h b/hw/devices.h
index 1a55c1e..24cae4c 100644
--- a/hw/devices.h
+++ b/hw/devices.h
@@ -10,7 +10,7 @@ struct MemoryRegion;
 void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
 
 /* lan9118.c */
-void lan9118_init(NICInfo *, uint32_t, qemu_irq);
+DeviceState *lan9118_init(NICInfo *, uint32_t, qemu_irq);
 
 /* tsc210x.c */
 uWireSlave *tsc2102_init(qemu_irq pint);
diff --git a/hw/lan9118.c b/hw/lan9118.c
index ee8b2ea..e44e5f8 100644
--- a/hw/lan9118.c
+++ b/hw/lan9118.c
@@ -212,6 +212,17 @@ typedef struct {
 int rxp_offset;
 int rxp_size;
 int rxp_pad;
+
+uint32_t write_word_prev_offset;
+uint32_t write_word_n;
+uint16_t write_word_l;
+uint16_t write_word_h;
+uint32_t read_word_prev_offset;
+uint32_t read_word_n;
+uint32_t read_long;
+
+uint32_t mode_16bit;
+
 } lan9118_state;
 
 static void lan9118_update(lan9118_state *s)
@@ -345,6 +356,9 @@ static void lan9118_reset(DeviceState *d)
 s->mac_mii_data = 0;
 s->mac_flow = 0;
 
+s->read_word_n = 0;
+s->write_word_n = 0;
+
 phy_reset(s);
 
 s->eeprom_writable = 0;
@@ -896,11 +910,11 @@ static void lan9118_tick(void *opaque)
 }
 
 static void lan9118_writel(void *opaque, target_phys_addr_t offset,
-   uint64_t val, unsigned size)
+   uint32_t val)
 {
 lan9118_state *s = (lan9118_state *)opaque;
 offset &= 0xff;
-
+
 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
 if (offset >= 0x20 && offset < 0x40) {
 /* TX FIFO */
@@ -1029,8 +1043,47 @@ static void lan9118_writel(void *opaque, 
target_phys_addr_t offset,
 lan9118_update(s);
 }
 
-static uint64_t lan9118_readl(void *opaque, target_phys_addr_t offset,
-  unsigned size)
+static void lan9118_writew(void *opaque, target_phys_addr_t offset,
+   uint32_t val)
+{
+lan9118_state *s = (lan9118_state *)opaque;
+offset &= 0xff;
+
+if (s->write_word_prev_offset != (offset & ~0x3)) {
+/* New offset, reset word counter */
+s->write_word_n = 0;
+s->write_word_prev_offset = offset & ~0x3;
+}
+
+if (offset & 0x2) {
+s->write_word_h = val;
+} else {
+s->write_word_l = val;
+}
+
+//DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
+s->write_word_n++;
+if (s->write_word_n == 2) {
+s->write_word_n = 0;
+lan9118_writel(s, offset & ~3, s->write_word_l +
+(s->write_word_h << 16));
+}
+}
+
+static void lan9118_write(void *opaque, target_phys_addr_t offset,
+  uint64_t val, unsigned size)
+{
+switch (size) {
+case 2:
+return lan9118_writew(opaque, offset, (uint32_t)val);
+case 4:
+return lan9118_writel(opaque, offset, (uint32_t)val);
+}
+
+hw_error("lan9118_write: Bad size 0x%x\n", size);
+}
+
+static uint32_t lan9118_readl(void *opaque, target_phys_addr_t offset)
 {
 lan9118_state *s = (lan9118_state *)opaque;
 
@@ -1065,6 +1118,9 @@ static uint64_t lan9118_readl(void *opaque, 
target_phys_addr_t offset,
 case CSR_TX_CFG:
 return s->tx_cfg;
 case CSR_HW_CFG:
+if (s->mode_16bit) {
+return s->hw_cfg & ~0x4;
+}
 return s->hw_cfg | 0x4;
 case CSR_RX_DP_CTRL:
 return 0;
@@ -1103,9 +1159,51 @@ static uint64_t lan9118_readl(void *opaque, 
target_phys_addr_t offset,
 return 0;
 }
 
+static uint32_t lan9118_readw(void *opaque, target_phys_addr_t offset)
+{
+lan9118_state *s = (lan9118_state *)opaque;
+uint32_t val;
+
+if (s->read_word_prev_offset != (offset & ~0x3)) {
+/* New offset, reset word counter */
+s->read_word_n = 0;
+s->read_word_prev_offset = offset & ~0x3;
+}
+
+s->read_word_n++;
+if (s->read_word_n == 1) {
+s->read_long = lan9118_readl(s, offset & ~3);
+} else {
+s->read_word_n = 0;
+}
+
+if (offset & 2) {
+val = s->read_long >> 16;
+} else {
+val = s->read_long & 0x;
+}
+
+//DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
+return val;
+}
+
+static uint64_t lan9118_read(void *opaque, target_phys_addr_t offset,
+ unsigned size)
+{
+switch (size) {
+case 2:
+return lan9118_readw(opaque, offset);
+case 4:
+return lan9118_readl(opaque, offset);
+}
+
+hw_error("lan9118_read: Bad size 0x%x\n", size);
+return 0;
+}
+
 static const MemoryRegionOps lan9118_mem_ops = {
-.read = lan9118_readl,
-.write = lan9118_writel,
+.read = lan9118_read,
+.write = lan9118_write,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
@@ -1162,6 +1260,7 @@ static SysBusDeviceInfo lan9

[Qemu-devel] [PATCH v3 12/14] hw/sd.c, hw/sd.h: add receive ready query routine to SD/MMC API

2011-12-11 Thread Evgeny Voevodin 
From: Mitsyanko Igor 

Data transfer direction between host controller and SD/MMC card is selected by
host controller configuration registers, but whether we actually need or need
not perform data transfer depends on type of last issued command. To avoid
memorization of which type of command host controller issued the last time, we
can use simple query procedures, to make sure that SD/MMC card is in the
right state. The only query routine currently presented in SD/MMC card
emulation is sd_data_ready(), this patch adds sd_receive_ready() routine.

Signed-off-by: Evgeny Voevodin 
---
 hw/sd.c |5 +
 hw/sd.h |1 +
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/hw/sd.c b/hw/sd.c
index 10e26ad..b0a8557 100644
--- a/hw/sd.c
+++ b/hw/sd.c
@@ -1670,3 +1670,8 @@ void sd_enable(SDState *sd, int enable)
 {
 sd->enable = enable;
 }
+
+int sd_receive_ready(SDState *sd)
+{
+return sd->state == sd_receivingdata_state;
+}
diff --git a/hw/sd.h b/hw/sd.h
index ac4b7c4..71ab781 100644
--- a/hw/sd.h
+++ b/hw/sd.h
@@ -75,5 +75,6 @@ uint8_t sd_read_data(SDState *sd);
 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert);
 int sd_data_ready(SDState *sd);
 void sd_enable(SDState *sd, int enable);
+int sd_receive_ready(SDState *sd);
 
 #endif /* __hw_sd_h */
-- 
1.7.4.1

[Qemu-devel] [PATCH v3 06/14] ARM: exynos4210: PWM support.

2011-12-11 Thread Evgeny Voevodin 

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target |2 +-
 hw/exynos4210.c |   12 ++
 hw/exynos4210_pwm.c |  433 +++
 3 files changed, 446 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210_pwm.c

diff --git a/Makefile.target b/Makefile.target
index 779c9d4..709e9e2 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -345,7 +345,7 @@ obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o 
pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
 obj-arm-y += exynos4210.o exynos4210_cmu.o exynos4210_uart.o exynos4210_gic.o \
- exynos4210_combiner.o
+ exynos4210_combiner.o exynos4210_pwm.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
 obj-arm-y += arm-semi.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 45d427e..7a7760d 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -65,6 +65,9 @@
 /* SFR Base Address for CMUs */
 #define EXYNOS4210_CMU_BASE_ADDR0x1003
 
+/* PWM */
+#define EXYNOS4210_PWM_BASE_ADDR0x139D
+
 /* UART's definitions */
 #define EXYNOS4210_UART_BASE_ADDR   0x1380
 #define EXYNOS4210_UART_SHIFT   0x0001
@@ -364,6 +367,15 @@ static void exynos4210_init(ram_addr_t ram_size,
 /* CMU */
 sysbus_create_simple("exynos4210.cmu", EXYNOS4210_CMU_BASE_ADDR, NULL);
 
+/* PWM */
+sysbus_create_varargs("exynos4210.pwm", EXYNOS4210_PWM_BASE_ADDR,
+irq_table[exynos4210_get_irq(22, 0)],
+irq_table[exynos4210_get_irq(22, 1)],
+irq_table[exynos4210_get_irq(22, 2)],
+irq_table[exynos4210_get_irq(22, 3)],
+irq_table[exynos4210_get_irq(22, 4)],
+NULL);
+
 /*** UARTs ***/
 for (n = 0; n < EXYNOS4210_UARTS_NUMBER; n++) {
 
diff --git a/hw/exynos4210_pwm.c b/hw/exynos4210_pwm.c
new file mode 100644
index 000..1e80f10
--- /dev/null
+++ b/hw/exynos4210_pwm.c
@@ -0,0 +1,433 @@
+/*
+ * Samsung exynos4210 Pulse Width Modulation Timer
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "sysbus.h"
+#include "qemu-timer.h"
+#include "qemu-common.h"
+#include "hw.h"
+
+#include "exynos4210.h"
+
+//#define DEBUG_PWM
+
+#ifdef DEBUG_PWM
+#define DPRINTF(fmt, ...) \
+do { fprintf(stdout, "PWM: [%24s:%5d] " fmt, __func__, __LINE__, \
+## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define EXYNOS4210_PWM_TIMERS_NUM  5
+#define EXYNOS4210_PWM_REG_MEM_SIZE0x50
+
+#define TCFG00x
+#define TCFG10x0004
+#define TCON 0x0008
+#define TCNTB0   0x000C
+#define TCMPB0   0x0010
+#define TCNTO0   0x0014
+#define TCNTB1   0x0018
+#define TCMPB1   0x001C
+#define TCNTO1   0x0020
+#define TCNTB2   0x0024
+#define TCMPB2   0x0028
+#define TCNTO2   0x002C
+#define TCNTB3   0x0030
+#define TCMPB3   0x0034
+#define TCNTO3   0x0038
+#define TCNTB4   0x003C
+#define TCNTO4   0x0040
+#define TINT_CSTAT   0x0044
+
+#define TCNTB(x)(0xC*x)
+#define TCMPB(x)(0xC*x+1)
+#define TCNTO(x)(0xC*x+2)
+
+#define GET_PRESCALER(reg, x)  ((reg&(0xFF<<(8*x)))>>8*x)
+#define GET_DIVIDER(reg, x)(1<<((0xF<<(4*x))>>(4*x)))
+
+/*
+ * Attention! Timer4 doesn't have OUTPUT_INVERTER,
+ * so Auto Reload bit is not accessible by macros!
+ */
+#define TCON_TIMER_BASE(x)  ((x ? 1 : 0)*4 + 4*x)
+#define TCON_TIMER_START(x) (1<<(TCON_TIMER_BASE(x) + 0))
+#define TCON_TIMER_MANUAL_UPD(x)(1<<(TCON_TIMER_BASE(x) + 1))
+#define TCON_TIMER_OUTPUT_INV(x)(1<<(TCON_TIMER_BASE(x) + 2))
+#define TCON_TIMER_AUTO_RELOAD(x)   (1<<(TCON_TIMER_BASE(x) + 3))
+#define TCON_TIMER4_AUTO_RELOAD (1<<22)
+
+#define TINT_CSTAT_STATUS(x)(1<<(5+x))
+#define TINT_CSTAT_ENABLE(x)(1 1) {
+s->timer[id].freq = exynos4210_cmu_get_rate(s->clk) /