Re: [Qemu-devel] [PATCH] build: introduce target CONFIG_ variables and use them for kvm

2012-06-23 Thread Paolo Bonzini 
> What is exactly the problem?
>
> Peter's got an ARM specific KVM device he wants to stick in hw/kvm.

Can't it go in hw/arm/kvm (mimicking the final desired place, which
will be target-arm/hw/kvm)? And hw/kvm can be moved to hw/i386/kvm, or
we can leave it there for now until we're ready to move it to
target-i386/hw/kvm.

Anyway, not a big deal since you pointed out another (much better :))
reason to have CONFIG_$ARCH/CONFIG_$BASE_ARCH.

> The way you did it made it possible for hw/arm/Makefile.obj to have a
> different set of objects but also didn't use sub directory makefiles.

Usage of subdirectory makefiles should be treated like a convenience, it isn't
mandatory.  You added hw/kvm/Makefile.objs in the patch that fixed
dependency inclusion, hence my confusion.  Please try to keep patches
separate for ease of review (especially because you then have separate
commit messages and separate justification for the various bits).

> But in the very short term, CONFIG_I386 makes a good stepping stone to 
> CONFIG_PC > and let's use refactor the Makefiles such that we can introduce 
> more granular CONFIG_* > down the road without changing object locations.

Indeed, that's a good idea.  However, your patch still won't add the
architecture
configuration variables to config-all-devices.mak (or it could be a new file
config-all-archs.mak).  This is necessary to move files into hw/Makefile.objs
that were in Makefile.target.

Paolo

Re: [Qemu-devel] [RFC] use little granularity lock to substitue qemu_mutex_lock_iothread

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 00:56, Anthony Liguori wrote:
> On 06/22/2012 05:27 PM, Jan Kiszka wrote:
>> On 2012-06-22 23:44, Anthony Liguori wrote:
>>> 1) unlock iothread before entering the do {} look in kvm_cpu_exec()
>>> a) reacquire the lock after the loop
>>> b) reacquire the lock in kvm_handle_io()
>>> c) introduce an unlocked memory accessor that for now, just requires
>>> the iothread lock() and calls cpu_physical_memory_rw()
>>
>> Right, that's what we have here as well. The latter is modeled as a so
>> called "I/O pathway", a thread-based execution context for
>> frontend/backend pairs with some logic to transfer certain I/O requests
>> asynchronously to the pathway thread.
> 
> Interesting, so the VCPU threads always hold the iothread mutex but some
> requests are routed to other threads?

The VCPUs only acquire the iothread locks _unless_ the request can be
handled directly or forwarded to a pathway thread. In the latter case,
pathway-specific locks will be taken. One big advantage of this model is
that you do not need to worry about locks in the device models
themselves. That helps migrating existing models but should also be
sufficient for quite a few use cases.

> 
> I hadn't considered a design like that.  I've been thinking about a long
> term architecture that's a bit more invasive.
> 
> What we think of the I/O thread today wouldn't be special.  It would be
> one of N I/O threads all running separate copies of the main loop.  All
> of the functions that defer dispatch to a main loop would take a context
> as an argument and devices would essentially have a "vector" array of
> main loops as input.
> 
> So virtio-net probably would have two main loop "vectors" since it would
> like to schedule tx and rx independently.  There's nothing that says
> that you can't pass the same main loop context for each vector but
> that's a configuration choice.
> 
> Dispatch from VCPU context would behave the same it does today but
> obviously per-device locking is needed.

And every backend would run over its own thread - I guess this is
conceptually close to what we have. However, the devil is in the detail.
E.g., we will also need per-iothread timer services (we skipped this so
far). And the device-to-device request problem needs to be solved (see
below).

> 
>> The tricky part was to get nested requests right, i.e. when a requests
>> triggers another one from within the device model. This is where things
>> get ugly. In theory, you can end up with a vm deadlock if you just apply
>> per-device locking. I'm currently trying to rebase our patches, review
>> and document the logic behind it.
> 
> I really think the only way to solve this is to separate map()'d DMA
> access (where the device really wants to deal with RAM only) and
> copy-based access (where devices map DMA to other devices).
> 
> For copy-based access, we really ought to move to a callback based API. 
> It adds quite a bit of complexity but it's really the only way to solve
> the problem robustly.

Maybe we are talking about the same thing: What we need is a mechanism
to queue MMIO requests for execution over some iothread / pathway
context in case we are about to get trapped by lock recursion. Then we
also have to make sure that queued requests are not overtaken by
requests issued afterward. This is an important part of our approach.

> 
>>> 2) focus initially on killing the lock in kvm_handle_io()
>>> a) the ioport table is pretty simplistic so adding fine grain
>>> locking
>>> won't be hard.
>>> b) reacquire lock right before ioport dispatch
>>>
>>> 3) allow for register ioport handlers w/o the dispatch function carrying
>>> a iothread
>>> a) this is mostly memory API plumbing
>>
>> We skipped this as our NICs didn't do PIO, but you clearly need it for
>> virtio.
> 
> Right.
> 
>>> 4) focus on going back and adding fine grain locking to the
>>> cpu_physical_memory_rw() accessor
>>
>> In the end, PIO and MMIO should use the same patterns - and will face
>> the same challenges. Ideally, we model things very similar right from
>> the start.
> 
> Yes.
> 
>> And then there is also
>>
>> 5) provide direct IRQ delivery from the device model to the IRQ chip.
>> That's much like what we need for VFIO and KVM device assignment. But
>> here we won't be able to cheat and ignore correct generation of vmstates
>> of the bypassed PCI host bridges etc... Which leads me to that other
>> thread about how to handle this for PCI device pass-through.
>> Contributions to that discussion are welcome as well.
> 
> I think you mean to the in-kernel IRQ chip.  I'm thinking about this
> still so I don't have a plan yet that I'm ready to share.  I have some
> ideas though.
> 
>>
>>>
>>> Note that whenever possible, we should be using rwlocks instead of a
>>> normal mutex.  In particular, for the ioport data structures, a rwlock
>>> seems pretty obvious.
>>
>> I think we should mostly be fine with a "big hammer" rwlock: unlocked
>> read access from VCPUs

Re: [Qemu-devel] [PATCH] kvm: First step to push iothread lock out of inner run loop

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 00:59, Anthony Liguori wrote:
> On 06/22/2012 05:45 PM, Jan Kiszka wrote:
>> This sketches a possible path to get rid of the iothread lock on vmexits
>> in KVM mode. On x86, the the in-kernel irqchips has to be used because
>> we otherwise need to synchronize APIC and other per-cpu state accesses
>> that could be changed concurrently. Not yet fully analyzed is the NMI
>> injection path in the absence of an APIC.
>>
>> s390x should be fine without specific locking as their pre/post-run
>> callbacks are empty. Power requires locking for the pre-run callback.
>>
>> This patch is untested, but a similar version was successfully used in
>> a x86 setup with a network I/O path that needed no central iothread
>> locking anymore (required special MMIO exit handling).
>> ---
>>   kvm-all.c |   18 --
>>   target-i386/kvm.c |7 +++
>>   target-ppc/kvm.c  |4 
>>   3 files changed, 27 insertions(+), 2 deletions(-)
>>
>> diff --git a/kvm-all.c b/kvm-all.c
>> index f8e4328..9c3e26f 100644
>> --- a/kvm-all.c
>> +++ b/kvm-all.c
>> @@ -1460,6 +1460,8 @@ int kvm_cpu_exec(CPUArchState *env)
>>   return EXCP_HLT;
>>   }
>>
>> +qemu_mutex_unlock_iothread();
>> +
>>   do {
>>   if (env->kvm_vcpu_dirty) {
>>   kvm_arch_put_registers(env, KVM_PUT_RUNTIME_STATE);
>> @@ -1476,14 +1478,16 @@ int kvm_cpu_exec(CPUArchState *env)
>>*/
>>   qemu_cpu_kick_self();
>>   }
>> -qemu_mutex_unlock_iothread();
>>
>>   run_ret = kvm_vcpu_ioctl(env, KVM_RUN, 0);
>>
>> -qemu_mutex_lock_iothread();
>>   kvm_arch_post_run(env, run);
>>
>> +/* TODO: push coalesced mmio flushing to the point where we
>> access
>> + * devices that are using it (currently VGA and E1000). */
>> +qemu_mutex_lock_iothread();
>>   kvm_flush_coalesced_mmio_buffer();
>> +qemu_mutex_unlock_iothread();
>>
>>   if (run_ret<  0) {
>>   if (run_ret == -EINTR || run_ret == -EAGAIN) {
>> @@ -1499,19 +1503,23 @@ int kvm_cpu_exec(CPUArchState *env)
>>   switch (run->exit_reason) {
>>   case KVM_EXIT_IO:
>>   DPRINTF("handle_io\n");
>> +qemu_mutex_lock_iothread();
>>   kvm_handle_io(run->io.port,
>> (uint8_t *)run + run->io.data_offset,
>> run->io.direction,
>> run->io.size,
>> run->io.count);
>> +qemu_mutex_unlock_iothread();
>>   ret = 0;
>>   break;
>>   case KVM_EXIT_MMIO:
>>   DPRINTF("handle_mmio\n");
>> +qemu_mutex_lock_iothread();
>>   cpu_physical_memory_rw(run->mmio.phys_addr,
>>  run->mmio.data,
>>  run->mmio.len,
>>  run->mmio.is_write);
>> +qemu_mutex_unlock_iothread();
>>   ret = 0;
>>   break;
>>   case KVM_EXIT_IRQ_WINDOW_OPEN:
>> @@ -1520,7 +1528,9 @@ int kvm_cpu_exec(CPUArchState *env)
>>   break;
>>   case KVM_EXIT_SHUTDOWN:
>>   DPRINTF("shutdown\n");
>> +qemu_mutex_lock_iothread();
>>   qemu_system_reset_request();
>> +qemu_mutex_unlock_iothread();
>>   ret = EXCP_INTERRUPT;
>>   break;
>>   case KVM_EXIT_UNKNOWN:
>> @@ -1533,11 +1543,15 @@ int kvm_cpu_exec(CPUArchState *env)
>>   break;
>>   default:
>>   DPRINTF("kvm_arch_handle_exit\n");
>> +qemu_mutex_lock_iothread();
>>   ret = kvm_arch_handle_exit(env, run);
>> +qemu_mutex_unlock_iothread();
>>   break;
>>   }
>>   } while (ret == 0);
>>
>> +qemu_mutex_lock_iothread();
>> +
>>   if (ret<  0) {
>>   cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);
>>   vm_stop(RUN_STATE_INTERNAL_ERROR);
>> diff --git a/target-i386/kvm.c b/target-i386/kvm.c
>> index 0d0d8f6..0ad64d1 100644
>> --- a/target-i386/kvm.c
>> +++ b/target-i386/kvm.c
>> @@ -1631,7 +1631,10 @@ void kvm_arch_pre_run(CPUX86State *env, struct
>> kvm_run *run)
>>
>>   /* Inject NMI */
>>   if (env->interrupt_request&  CPU_INTERRUPT_NMI) {
> 
> Strictly speaking, wouldn't we need to use testbit() and setbit()?  I
> would expect in the very least a barrier would be needed.

I need to think about this as well. We ignored it so far, just saw it
when hacking up this patch.

> 
> Looks pretty nice overall.  I'll need to apply and spend some time
> carefully walking through the code.

Without getting the coalesced mmio flushing out of the way, it does not
buy us that much yet. But I have some idea...

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] kvm: First step to push iothread lock out of inner run loop

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 02:22, Marcelo Tosatti wrote:
> On Sat, Jun 23, 2012 at 12:55:49AM +0200, Jan Kiszka wrote:
>> Should have declared this [RFC] in the subject and CC'ed kvm...
>>
>> On 2012-06-23 00:45, Jan Kiszka wrote:
>>> This sketches a possible path to get rid of the iothread lock on vmexits
>>> in KVM mode. On x86, the the in-kernel irqchips has to be used because
>>> we otherwise need to synchronize APIC and other per-cpu state accesses
>>> that could be changed concurrently. Not yet fully analyzed is the NMI
>>> injection path in the absence of an APIC.
>>>
>>> s390x should be fine without specific locking as their pre/post-run
>>> callbacks are empty. Power requires locking for the pre-run callback.
>>>
>>> This patch is untested, but a similar version was successfully used in
>>> a x86 setup with a network I/O path that needed no central iothread
>>> locking anymore (required special MMIO exit handling).
>>> ---
>>>  kvm-all.c |   18 --
>>>  target-i386/kvm.c |7 +++
>>>  target-ppc/kvm.c  |4 
>>>  3 files changed, 27 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/kvm-all.c b/kvm-all.c
>>> index f8e4328..9c3e26f 100644
>>> --- a/kvm-all.c
>>> +++ b/kvm-all.c
>>> @@ -1460,6 +1460,8 @@ int kvm_cpu_exec(CPUArchState *env)
>>>  return EXCP_HLT;
>>>  }
>>>  
>>> +qemu_mutex_unlock_iothread();
>>> +
>>>  do {
>>>  if (env->kvm_vcpu_dirty) {
>>>  kvm_arch_put_registers(env, KVM_PUT_RUNTIME_STATE);
>>> @@ -1476,14 +1478,16 @@ int kvm_cpu_exec(CPUArchState *env)
>>>   */
>>>  qemu_cpu_kick_self();
>>>  }
>>> -qemu_mutex_unlock_iothread();
>>>  
>>>  run_ret = kvm_vcpu_ioctl(env, KVM_RUN, 0);
>>>  
>>> -qemu_mutex_lock_iothread();
>>>  kvm_arch_post_run(env, run);
> 
> target-i386/kvm.c
> 
> void kvm_arch_post_run(CPUX86State *env, struct kvm_run *run)
> {   
> if (run->if_flag) {
> env->eflags |= IF_MASK;
> } else {
> env->eflags &= ~IF_MASK;
> }
> cpu_set_apic_tpr(env->apic_state, run->cr8);
> cpu_set_apic_base(env->apic_state, run->apic_base);
> }
> 
> Clearly there is no structure to any of the writes around the writes
> in x86's kvm_arch_post_run, so it is unsafe.

Can't parse this yet.

None of the fields touched above should be modified outside of the vcpu
thread context (as long as that thread is inside the inner loop).
Therefore, it should be safe to run that functions without any lock. Am
I missing something?

> 
> In kvm_flush_coalesced_mmio_buffer, however, the first and last pointers 
> can be read safely without the global lock (so you could move the lock
> after reading run->exit_reason, in that case).
> 
>>> +/* TODO: push coalesced mmio flushing to the point where we access
>>> + * devices that are using it (currently VGA and E1000). */
>>> +qemu_mutex_lock_iothread();
>>>  kvm_flush_coalesced_mmio_buffer();
>>> +qemu_mutex_unlock_iothread();
> 
> But you have to flush first to then figure out which device the
> coalesced mmio belongs to (don't get that comment).

kvm_flush must not be called unconditionally on vmexit, that is my
point. I'm playing with the idea to tag memory regions that require
flushing (as they are coalescing themselves or logically depend on
coalesced regions). Then we would flush in the memory layer once a read
or write is about to be performed on such a region.

BTW, two more users arrived in the meantime: the G364 framebuffer and
the i82378 PCI-ISA bridge (not sure yet what requests that bridge
coalesces, if it's only VGA, but it looks a bit fishy).

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] MMIO coalescing of the i82378 bridge

2012-06-23 Thread Jan Kiszka 
Hi all,

just stumbled over the memory_region_set_coalescing in pci_i82378_init:
What ISA devices are affected by this? It looks a bit strange to me as
the MMIO requests are apparently mapped on PIO requests, and we don't
have PIO coalescing on x86. Depending on the target device on PREP, this
may have some unexpected side effects. Or is only framebuffer memory
addressed this way?

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] usb_packet_complete: Assertion ... failed

2012-06-23 Thread Erik Rull 

Jan Kiszka wrote:

Hi Gerd,

I'm getting

qemu/hw/usb/core.c:410: usb_packet_complete: Assertion 
`((&ep->queue)->tqh_first) == p' failed.

with a passed-through USB headset (UHCI controller). This was with
current QEMU git head. Known issues? Anything I can do to debug it?

Jan



Hi all,

I get this with another USB 1.1 hardware (running via UHCI) as well. Some 
weeks ago it was fine.
@Jan: If you go back some weeks, this should work (begin of April was 
definitvely ok). How long does it take to get the headset fully detected in 
your guest so that you can use the hardware? My USB 1.1 HW takes ~ 60 
seconds to work, after that everything is fine - during that I see several 
USB resets on the host (dmesg).


Best regards,

Erik

Re: [Qemu-devel] [PATCH 2/2] kvm: use per-cpu lock to free vcpu thread out of the big lock

2012-06-23 Thread liu ping fan 
On Sat, Jun 23, 2012 at 4:06 AM, Anthony Liguori  wrote:
> On 06/21/2012 09:49 AM, Liu Ping Fan wrote:
>>
>> In order to break the big lock, using per-cpu_lock in kvm_cpu_exec()
>> to protect the race from other cpu's access to env->apic_state&  related
>>
>> field in env.
>> Also, we need to protect agaist run_on_cpu().
>>
>> Race condition can be like this:
>> 1.  vcpu-1 IPI vcpu-2
>>     vcpu-3 IPI vcpu-2
>>     Open window exists for accessing to vcpu-2's apic_state&  env
>>
>>
>> 2. run_on_cpu() write env->queued_work_last, while flush_queued_work()
>>    read
>>
>> Signed-off-by: Liu Ping Fan
>> ---
>>  cpus.c    |    6 --
>>  hw/apic.c |   58
>> ++
>>  hw/pc.c   |    8 +++-
>>  kvm-all.c |   13 +++--
>>  4 files changed, 76 insertions(+), 9 deletions(-)
>>
>> diff --git a/cpus.c b/cpus.c
>> index 554f7bc..ac99afe 100644
>> --- a/cpus.c
>> +++ b/cpus.c
>> @@ -649,6 +649,7 @@ void run_on_cpu(CPUArchState *env, void (*func)(void
>> *data), void *data)
>>
>>      wi.func = func;
>>      wi.data = data;
>> +    qemu_mutex_lock(env->cpu_lock);
>>      if (!env->queued_work_first) {
>>          env->queued_work_first =&wi;
>>      } else {
>> @@ -657,6 +658,7 @@ void run_on_cpu(CPUArchState *env, void (*func)(void
>> *data), void *data)
>>      env->queued_work_last =&wi;
>>      wi.next = NULL;
>>      wi.done = false;
>> +    qemu_mutex_unlock(env->cpu_lock);
>>
>>      qemu_cpu_kick(env);
>>      while (!wi.done) {
>> @@ -718,7 +720,7 @@ static void qemu_tcg_wait_io_event(void)
>>  static void qemu_kvm_wait_io_event(CPUArchState *env)
>>  {
>>      while (cpu_thread_is_idle(env)) {
>> -        qemu_cond_wait(env->halt_cond,&qemu_global_mutex);
>> +        qemu_cond_wait(env->halt_cond, env->cpu_lock);
>>      }
>>
>>      qemu_kvm_eat_signals(env);
>> @@ -729,8 +731,8 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
>>  {
>>      CPUArchState *env = arg;
>>      int r;
>> +    qemu_mutex_lock_cpu(env);
>>
>> -    qemu_mutex_lock(&qemu_global_mutex);
>>      qemu_thread_get_self(env->thread);
>>      env->thread_id = qemu_get_thread_id();
>>      cpu_single_env = env;
>> diff --git a/hw/apic.c b/hw/apic.c
>> index 4eeaf88..b999a40 100644
>> --- a/hw/apic.c
>> +++ b/hw/apic.c
>> @@ -22,6 +22,7 @@
>>  #include "host-utils.h"
>>  #include "trace.h"
>>  #include "pc.h"
>> +#include "qemu-thread.h"
>>
>>  #define MAX_APIC_WORDS 8
>>
>> @@ -94,6 +95,7 @@ static int get_highest_priority_int(uint32_t *tab)
>>      return -1;
>>  }
>>
>> +/* Caller must hold the lock */
>>  static void apic_sync_vapic(APICCommonState *s, int sync_type)
>>  {
>>      VAPICState vapic_state;
>> @@ -141,11 +143,13 @@ static void apic_sync_vapic(APICCommonState *s, int
>> sync_type)
>>      }
>>  }
>>
>> +/* Caller must hold lock */
>>  static void apic_vapic_base_update(APICCommonState *s)
>>  {
>>      apic_sync_vapic(s, SYNC_TO_VAPIC);
>>  }
>>
>> +/* Caller must hold the lock */
>>  static void apic_local_deliver(APICCommonState *s, int vector)
>>  {
>>      uint32_t lvt = s->lvt[vector];
>> @@ -175,9 +179,11 @@ static void apic_local_deliver(APICCommonState *s,
>> int vector)
>>              (lvt&  APIC_LVT_LEVEL_TRIGGER))
>>              trigger_mode = APIC_TRIGGER_LEVEL;
>>          apic_set_irq(s, lvt&  0xff, trigger_mode);
>>
>> +        break;
>>      }
>>  }
>>
>> +/* Caller must hold the lock */
>>  void apic_deliver_pic_intr(DeviceState *d, int level)
>>  {
>>      APICCommonState *s = DO_UPCAST(APICCommonState, busdev.qdev, d);
>> @@ -200,9 +206,12 @@ void apic_deliver_pic_intr(DeviceState *d, int level)
>>      }
>>  }
>>
>> +/* Must hold lock */
>>  static void apic_external_nmi(APICCommonState *s)
>>  {
>> +    qemu_mutex_lock_cpu(s->cpu_env);
>>      apic_local_deliver(s, APIC_LVT_LINT1);
>> +    qemu_mutex_unlock_cpu(s->cpu_env);
>>  }
>>
>>  #define foreach_apic(apic, deliver_bitmask, code) \
>> @@ -215,7 +224,9 @@ static void apic_external_nmi(APICCommonState *s)
>>                  if (__mask&  (1<<  __j)) {\
>>
>>                      apic = local_apics[__i * 32 + __j];\
>>                      if (apic) {\
>> +                        qemu_mutex_lock_cpu(apic->cpu_env);\
>>                          code;\
>> +                        qemu_mutex_unlock_cpu(apic->cpu_env);\
>>                      }\
>>                  }\
>>              }\
>> @@ -244,7 +255,9 @@ static void apic_bus_deliver(const uint32_t
>> *deliver_bitmask,
>>                  if (d>= 0) {
>>                      apic_iter = local_apics[d];
>>                      if (apic_iter) {
>> +                        qemu_mutex_lock_cpu(apic_iter->cpu_env);
>>                          apic_set_irq(apic_iter, vector_num,
>> trigger_mode);
>> +                        qemu_mutex_unlock_cpu(apic_iter->cpu_env);
>>                      }
>>                  }
>>              }
>> @@ -293,6 +306,7 @@ void apic_deliver_irq(uint8_t dest, uint8_t dest_mode,
>> uint8_t delivery_mode,
>>    

Re: [Qemu-devel] usb_packet_complete: Assertion ... failed

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 11:29, Erik Rull wrote:
> Jan Kiszka wrote:
>> Hi Gerd,
>>
>> I'm getting
>>
>> qemu/hw/usb/core.c:410: usb_packet_complete: Assertion
>> `((&ep->queue)->tqh_first) == p' failed.
>>
>> with a passed-through USB headset (UHCI controller). This was with
>> current QEMU git head. Known issues? Anything I can do to debug it?
>>
>> Jan
>>
> 
> Hi all,
> 
> I get this with another USB 1.1 hardware (running via UHCI) as well.
> Some weeks ago it was fine.
> @Jan: If you go back some weeks, this should work (begin of April was
> definitvely ok).

Interesting, will try to bisect if it's a regression. Don't have the
hardware here, will try next week.

> How long does it take to get the headset fully detected
> in your guest so that you can use the hardware? My USB 1.1 HW takes ~ 60
> seconds to work, after that everything is fine - during that I see
> several USB resets on the host (dmesg).

I don't see other problems so far. The device is quickly recognized and
appears to work fine otherwise. But as the assert hit frequently, I was
not able to test in details.

Thanks,
Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v1] device_tree: load_device_tree(): Allow NULL sizep

2012-06-23 Thread Alexander Graf 

On 23.06.2012, at 02:45, Peter Crosthwaite wrote:

> On Sat, Jun 23, 2012 at 7:14 AM, Alexander Graf  wrote:
>> 
>> On 22.06.2012, at 15:17, Peter Crosthwaite wrote:
>> 
>>> CC device-tree.c original contributors. (Jerome Young and Hollis Blanchard).
>>> 
>>> I cant find a maintainer for device-tree, and Stefan wants a review.
>>> This patch seem ok?
>> 
>> Hrm, guess I should file a patch to declare myself maintainer for the time 
>> being, unless someone else wants to stand up and take on it.
> 
> I'm happy to do it as well.

Works fine for me :). Just send a patch to MAINTAINERS. If you like, add me to 
it as well as your backup, though you probably know more about dt than me ;).


Alex

Re: [Qemu-devel] [PATCH] build: introduce target CONFIG_ variables and use them for kvm

2012-06-23 Thread Peter Maydell 
On 23 June 2012 08:53, Paolo Bonzini  wrote:
>> Peter's got an ARM specific KVM device he wants to stick in hw/kvm.
>
> Can't it go in hw/arm/kvm (mimicking the final desired place, which
> will be target-arm/hw/kvm)? And hw/kvm can be moved to hw/i386/kvm, or
> we can leave it there for now until we're ready to move it to
> target-i386/hw/kvm.

Why's the final desired place target-arm/hw/kvm ? That doesn't
make much sense to me...

-- PMM

Re: [Qemu-devel] [PATCH] kvm: First step to push iothread lock out of inner run loop

2012-06-23 Thread Marcelo Tosatti 
On Fri, Jun 22, 2012 at 09:22:59PM -0300, Marcelo Tosatti wrote:
> On Sat, Jun 23, 2012 at 12:55:49AM +0200, Jan Kiszka wrote:
> > Should have declared this [RFC] in the subject and CC'ed kvm...
> > 
> > On 2012-06-23 00:45, Jan Kiszka wrote:
> > > This sketches a possible path to get rid of the iothread lock on vmexits
> > > in KVM mode. On x86, the the in-kernel irqchips has to be used because
> > > we otherwise need to synchronize APIC and other per-cpu state accesses
> > > that could be changed concurrently. Not yet fully analyzed is the NMI
> > > injection path in the absence of an APIC.
> > > 
> > > s390x should be fine without specific locking as their pre/post-run
> > > callbacks are empty. Power requires locking for the pre-run callback.
> > > 
> > > This patch is untested, but a similar version was successfully used in
> > > a x86 setup with a network I/O path that needed no central iothread
> > > locking anymore (required special MMIO exit handling).
> > > ---
> > >  kvm-all.c |   18 --
> > >  target-i386/kvm.c |7 +++
> > >  target-ppc/kvm.c  |4 
> > >  3 files changed, 27 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/kvm-all.c b/kvm-all.c
> > > index f8e4328..9c3e26f 100644
> > > --- a/kvm-all.c
> > > +++ b/kvm-all.c
> > > @@ -1460,6 +1460,8 @@ int kvm_cpu_exec(CPUArchState *env)
> > >  return EXCP_HLT;
> > >  }
> > >  
> > > +qemu_mutex_unlock_iothread();
> > > +
> > >  do {
> > >  if (env->kvm_vcpu_dirty) {
> > >  kvm_arch_put_registers(env, KVM_PUT_RUNTIME_STATE);
> > > @@ -1476,14 +1478,16 @@ int kvm_cpu_exec(CPUArchState *env)
> > >   */
> > >  qemu_cpu_kick_self();
> > >  }
> > > -qemu_mutex_unlock_iothread();
> > >  
> > >  run_ret = kvm_vcpu_ioctl(env, KVM_RUN, 0);
> > >  
> > > -qemu_mutex_lock_iothread();
> > >  kvm_arch_post_run(env, run);
> 
> target-i386/kvm.c
> 
> void kvm_arch_post_run(CPUX86State *env, struct kvm_run *run)
> {   
> if (run->if_flag) {
> env->eflags |= IF_MASK;
> } else {
> env->eflags &= ~IF_MASK;
> }
> cpu_set_apic_tpr(env->apic_state, run->cr8);
> cpu_set_apic_base(env->apic_state, run->apic_base);
> }
> 
> Clearly there is no structure to any of the writes around the writes
> in x86's kvm_arch_post_run, so it is unsafe.

No access protocol to the CPUState and apic devices (who can write when,
who can read when).

Re: [Qemu-devel] [PATCH] kvm: First step to push iothread lock out of inner run loop

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 11:06, Marcelo Tosatti wrote:
> On Fri, Jun 22, 2012 at 09:22:59PM -0300, Marcelo Tosatti wrote:
>> On Sat, Jun 23, 2012 at 12:55:49AM +0200, Jan Kiszka wrote:
>>> Should have declared this [RFC] in the subject and CC'ed kvm...
>>>
>>> On 2012-06-23 00:45, Jan Kiszka wrote:
 This sketches a possible path to get rid of the iothread lock on vmexits
 in KVM mode. On x86, the the in-kernel irqchips has to be used because
 we otherwise need to synchronize APIC and other per-cpu state accesses
 that could be changed concurrently. Not yet fully analyzed is the NMI
 injection path in the absence of an APIC.

 s390x should be fine without specific locking as their pre/post-run
 callbacks are empty. Power requires locking for the pre-run callback.

 This patch is untested, but a similar version was successfully used in
 a x86 setup with a network I/O path that needed no central iothread
 locking anymore (required special MMIO exit handling).
 ---
  kvm-all.c |   18 --
  target-i386/kvm.c |7 +++
  target-ppc/kvm.c  |4 
  3 files changed, 27 insertions(+), 2 deletions(-)

 diff --git a/kvm-all.c b/kvm-all.c
 index f8e4328..9c3e26f 100644
 --- a/kvm-all.c
 +++ b/kvm-all.c
 @@ -1460,6 +1460,8 @@ int kvm_cpu_exec(CPUArchState *env)
  return EXCP_HLT;
  }
  
 +qemu_mutex_unlock_iothread();
 +
  do {
  if (env->kvm_vcpu_dirty) {
  kvm_arch_put_registers(env, KVM_PUT_RUNTIME_STATE);
 @@ -1476,14 +1478,16 @@ int kvm_cpu_exec(CPUArchState *env)
   */
  qemu_cpu_kick_self();
  }
 -qemu_mutex_unlock_iothread();
  
  run_ret = kvm_vcpu_ioctl(env, KVM_RUN, 0);
  
 -qemu_mutex_lock_iothread();
  kvm_arch_post_run(env, run);
>>
>> target-i386/kvm.c
>>
>> void kvm_arch_post_run(CPUX86State *env, struct kvm_run *run)
>> {   
>> if (run->if_flag) {
>> env->eflags |= IF_MASK;
>> } else {
>> env->eflags &= ~IF_MASK;
>> }
>> cpu_set_apic_tpr(env->apic_state, run->cr8);
>> cpu_set_apic_base(env->apic_state, run->apic_base);
>> }
>>
>> Clearly there is no structure to any of the writes around the writes
>> in x86's kvm_arch_post_run, so it is unsafe.
> 
> No access protocol to the CPUState and apic devices (who can write when,
> who can read when).
> 

Hmm, we may need the iothread lock around cpu_set_apic_tpr for
!kvm_irqchip_in_kernel(). And as we are at it, apic_base manipulation
can be but there as well.

With in-kernel irqchip, there is no such need. Also, no one accesses
eflags outside of the vcpu thread, independent of the irqchip mode.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] MMIO coalescing of the i82378 bridge

2012-06-23 Thread Andreas Färber 
Hi Jan,

Am 23.06.2012 11:28, schrieb Jan Kiszka:
> just stumbled over the memory_region_set_coalescing in pci_i82378_init:
> What ISA devices are affected by this? It looks a bit strange to me as
> the MMIO requests are apparently mapped on PIO requests, and we don't
> have PIO coalescing on x86. Depending on the target device on PREP, this
> may have some unexpected side effects. Or is only framebuffer memory
> addressed this way?

I only remember touching that line to rebase it onto either Memory API
or QOM. The i82378 is the sole PCI-ISA bridge so all ISA devices will be
affected by it, which is pretty much everything except VGA iirc.
The upcoming pc87312(?) Super I/O also would be attached to it,
replacing some of the bogus I/O in the current "prep" machine.

I'm not familiar with what this option affects. What unexpected side
effects would you expect? :)

Regards,
Andreas

Re: [Qemu-devel] MMIO coalescing of the i82378 bridge

2012-06-23 Thread Jan Kiszka 
On 2012-06-23 14:46, Andreas Färber wrote:
> Hi Jan,
> 
> Am 23.06.2012 11:28, schrieb Jan Kiszka:
>> just stumbled over the memory_region_set_coalescing in pci_i82378_init:
>> What ISA devices are affected by this? It looks a bit strange to me as
>> the MMIO requests are apparently mapped on PIO requests, and we don't
>> have PIO coalescing on x86. Depending on the target device on PREP, this
>> may have some unexpected side effects. Or is only framebuffer memory
>> addressed this way?
> 
> I only remember touching that line to rebase it onto either Memory API
> or QOM. The i82378 is the sole PCI-ISA bridge so all ISA devices will be
> affected by it, which is pretty much everything except VGA iirc.
> The upcoming pc87312(?) Super I/O also would be attached to it,
> replacing some of the bogus I/O in the current "prep" machine.
> 
> I'm not familiar with what this option affects. What unexpected side
> effects would you expect? :)

Simple example: You write to the PIT to start/stop a timer, but this
transaction is now delayed until the next coalesced buffer flush.

IOW, there surely exit write operations that must not be reordered /wrt
to the VCPU execution flow. I would recommend to drop coalescing, even
more if its benefit is not clear.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/2] cpu: for cpu-user and cpu-softmmu and make cpu-softmmu a child of DeviceState

2012-06-23 Thread Andreas Färber 
Am 22.06.2012 21:36, schrieb Anthony Liguori:
> The line between linux-user and softmmu is not very well defined right now.
> linux-user really don't want to include devices and making CpuState a child of
> DeviceState would require pulling lots of stuff into linux-user.
> 
> To solve this, we simply fork cpu-user and cpu-softmmu letting them evolve
> independently.
[snip]

I still don't understand why.

>From your announcement on IRC I thought that you would leave TYPE_CPU as
is and introdruce TYPE_SOFTMMU_CPU / TYPE_USER_CPU as derived
intermediate types. But here you are just replacing my suggested #ifdefs
with code duplication...

The QOM CPUState part 4 series on the list I reminded you of starts
moving more stuff into struct CPUState, which is supposed to be used by
common code, i.e., both softmmu and *-user.

With this patch of yours I'd need to move the fields from central
CPU_COMMON into *two* structs kept in sync, which doesn't feel like an
advantage to me. Apart from fields for include/qemu/cpu.h I was also
planning on placing helper functions into qom/cpu.c, which now would
need to be duplicated, like cpu_common_reset() for the fields added. So
if there's some error it is likely to get fixed in one version but
forgotten in the other one. That would be really bad. If functions do
mostly the same thing they should be compiled from the same source -
basics of Product Line Engineering. If there's functions that only apply
to one of them then I'm fine placing them in a cpu-softmmu or cpu-user
file respectively. But this patch 2/2 just seems to make more work
without real gains to avoid #ifdefs - we'll get some anyway due to w32
and unrolling those into even more file copies sounds even worse.

Apart from tcg/, which you keep iterating, linux-user also reuses most
of target-*/ (except for supervisor- and hypervisor-level instructions)
as well as core CPU execution infrastructure, which I'm trying to
streamline through CPUState compiled only twice rather than per each
*-softmmu and *-*-user.

So IMO the key point is that we don't want them to evolve independently.
We want to code efficiently and to build QEMU efficiently.

Regards,
Andreas

For reference my previous suggestion for CPUState-as-a-DeviceState was:

diff --git a/include/qemu/cpu.h b/include/qemu/cpu.h
index 78b65b3..a4d84a5 100644
--- a/include/qemu/cpu.h
+++ b/include/qemu/cpu.h
@@ -21,6 +21,9 @@
 #define QEMU_CPU_H

 #include "qemu/object.h"
+#ifndef CONFIG_USER_ONLY
+#include "hw/qdev.h"
+#endif

 /**
  * SECTION:cpu
@@ -45,7 +48,11 @@ typedef struct CPUState CPUState;
  */
 typedef struct CPUClass {
 /*< private >*/
+#ifdef CONFIG_USER_ONLY
 ObjectClass parent_class;
+#else
+DeviceClass parent_class;
+#endif
 /*< public >*/

 void (*reset)(CPUState *cpu);
diff --git a/qom/cpu.c b/qom/cpu.c
index 5b36046..17b796f 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -36,14 +36,26 @@ static void cpu_common_reset(CPUState *cpu)

 static void cpu_class_init(ObjectClass *klass, void *data)
 {
+#ifndef CONFIG_USER_ONLY
+DeviceClass *dc = DEVICE_CLASS(klass);
+#endif
 CPUClass *k = CPU_CLASS(klass);

+#ifndef CONFIG_USER_ONLY
+/* Overwrite this in subclasses for which hotplug is supported. */
+dc->no_user = 1;
+#endif
+
 k->reset = cpu_common_reset;
 }

 static TypeInfo cpu_type_info = {
 .name = TYPE_CPU,
+#ifdef CONFIG_USER_ONLY
 .parent = TYPE_OBJECT,
+#else
+.parent = TYPE_DEVICE,
+#endif
 .instance_size = sizeof(CPUState),
 .abstract = true,
 .class_size = sizeof(CPUClass),

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [Bug 806656] Re: Tight PNG VNC encoding is sent even when --disable-vnc-png is set

2012-06-23 Thread Joel Martin 
I sent the patch on May 16 (http://lists.nongnu.org/archive/html/qemu-
devel/2012-05/msg02373.html). I haven't seen any response.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/806656

Title:
  Tight PNG VNC encoding is sent even when --disable-vnc-png is set

Status in QEMU:
  New

Bug description:
  This bug exists in 0.14.1 and also in 9312805d33e8b (Jun 17, 2011) in
  the master git repo.

  The "Tight PNG" encoding is a derivative of the "Tight" encoding that
  replaces zlib encoded rects with PNG encoded data instead. However,
  when the "Tight PNG" encoding is disabled (--disable-vnc-png), the
  server will send frame buffer updates that are marked as "Tight PNG"
  but in fact contain zlib encoded regions (i.e. it's really "tight"
  protocol).

  The "Tight PNG" encoding should only be used when --enable-vnc-png is
  set.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/806656/+subscriptions

[Qemu-devel] [PATCH] qemu-log: Add GCC format attribute

2012-06-23 Thread Stefan Weil 
The new inline function qemu_log_vprintf should use this attribute.

Signed-off-by: Stefan Weil 
---
 qemu-log.h |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-log.h b/qemu-log.h
index 40f8b7b..db0f23d 100644
--- a/qemu-log.h
+++ b/qemu-log.h
@@ -51,7 +51,8 @@ void GCC_FMT_ATTR(1, 2) qemu_log(const char *fmt, ...);
 
 /* vfprintf-like logging function
  */
-static inline void qemu_log_vprintf(const char *fmt, va_list va)
+static inline void GCC_FMT_ATTR(1, 0)
+qemu_log_vprintf(const char *fmt, va_list va)
 {
 if (qemu_logfile) {
 vfprintf(qemu_logfile, fmt, va);
-- 
1.7.10

Re: [Qemu-devel] [PATCH 2/2] qemu-ga: add guest-fstrim command

2012-06-23 Thread Michael Roth 
On Fri, Jun 22, 2012 at 08:38:51PM -0700, Chris Wedgwood wrote:
> > I'm not sure I understand, wouldn't the filesystem need to be involved
> > at some level? How can the block layer differentiate lazilly discarded data
> > blocks from ones that are still in use without the aid of the
> > filesystem?
> 
> It might be me that doesn't understand.
> 
> Yes, the filesystem is involved.  Current linux filesystems can trim
> on demand or using fstrim.  That mechanism seems to be like it should
> suffice if exposed in the most common cases.
> 

You mean the "discard" mount option? I don't think that's generally enabled by
default due to the performance impact on bare metal. A periodic,
filesystem-wide call (like the FITRIM ioctl) is probably the better approach in
those cases as well.

I'm not sure what the penalty of auto-discard would be in the case of VMs, but
there would be at least some additional overhead there due the hole punching
operations run by the host, and the only use case I can think of where it's
useful in that context is for reducing the size of the images before we do some
work with them on the host, in which case an explicit FITRIM ioctl beforehand
makes the most sense IMO.

[Qemu-devel] [PATCH] TCG: Fix compile breakage in tcg_dump_ops

2012-06-23 Thread Alexander Graf 
Commit eeacee4d865 changed the syntax of tcg_dump_ops, but didn't convert
all users (notably missing the ppc ones) to it. Fix them to the new syntax.

Signed-off-by: Alexander Graf 
---
 tcg/ppc/tcg-target.c   |2 +-
 tcg/ppc64/tcg-target.c |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tcg/ppc/tcg-target.c b/tcg/ppc/tcg-target.c
index d265697..0cff181 100644
--- a/tcg/ppc/tcg-target.c
+++ b/tcg/ppc/tcg-target.c
@@ -1865,7 +1865,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, 
const TCGArg *args,
 break;
 
 default:
-tcg_dump_ops (s, stderr);
+tcg_dump_ops (s);
 tcg_abort ();
 }
 }
diff --git a/tcg/ppc64/tcg-target.c b/tcg/ppc64/tcg-target.c
index c800574..27a0ae8 100644
--- a/tcg/ppc64/tcg-target.c
+++ b/tcg/ppc64/tcg-target.c
@@ -1613,7 +1613,7 @@ static void tcg_out_op (TCGContext *s, TCGOpcode opc, 
const TCGArg *args,
 break;
 
 default:
-tcg_dump_ops (s, stderr);
+tcg_dump_ops (s);
 tcg_abort ();
 }
 }
-- 
1.6.0.2

Re: [Qemu-devel] [PATCH] TCG: Fix compile breakage in tcg_dump_ops

2012-06-23 Thread malc 
On Sun, 24 Jun 2012, Alexander Graf wrote:

> Commit eeacee4d865 changed the syntax of tcg_dump_ops, but didn't convert
> all users (notably missing the ppc ones) to it. Fix them to the new syntax.

Applied.

[..snip..]

-- 
mailto:av1...@comtv.ru

[Qemu-devel] [PULL 00/72] ppc patch queue 2012-06-24

2012-06-23 Thread Alexander Graf 
Hi Blue / Aurelien,

This is my current patch queue for ppc. Please pull.

Alex


The following changes since commit affe5189907f397514cdd4ee7446595c1246a0e9:
  Alexander Graf (1):
TCG: Fix compile breakage in tcg_dump_ops

are available in the git repository at:

  git://repo.or.cz/qemu/agraf.git ppc-for-upstream

Alexander Graf (43):
  PPC: mpc8544ds: Span initial TLB entry over as much RAM as we need
  dt: allow add_subnode to create root subnodes
  dt: add helpers for multi-cell adds
  dt: add helper for phandle references
  dt: temporarily disable subtree creation failure check
  dt: add helper for phandle enumeration
  dt: add helper for empty dt creation
  dt: add helper for phandle allocation
  dt: add helper for 64bit cell adds
  PPC: e500: require libfdt
  PPC: e500: dt: create memory node dynamically
  PPC: e500: dt: create /cpus node dynamically
  PPC: e500: dt: create /hypervisor node dynamically
  PPC: e500: dt: create / node dynamically
  PPC: e500: dt: create /chosen node dynamically
  PPC: e500: dt: create /soc8544 node dynamically
  PPC: e500: dt: create serial nodes dynamically
  PPC: e500: dt: create mpic node dynamically
  PPC: e500: dt: create global-utils node dynamically
  PPC: e500: dt: create pci node dynamically
  PPC: e500: dt: start with empty device tree
  dt: Add -machine dumpdtb option to dump the current dtb
  PPC: e500: dt: use 64bit cell helper
  PPC: e500: dt: use target_phys_addr_t for ramsize
  PPC: e500: enable manual loading of dtb blob
  Revert "dt: temporarily disable subtree creation failure check"
  PPC: e500: Use new MPIC dt format
  PPC: e500: Use new SOC dt format
  PPC: e500: Define addresses as always 64bit
  PPC: e500: Extend address/size of / to 64bit
  dt: Add global option to set phandle start offset
  PPC: e500: Refactor serial dt generation
  dt: make setprop argument static
  PPC: e500: allow users to set the /compatible property via -machine
  uImage: increase the gzip load size
  PPC: Add some booke SPR defines
  PPC: Add support for MSR_CM
  PPC: BookE: Implement EPR SPR
  PPC: BookE: Make ivpr selectable by CPU type
  PPC: Add e5500 CPU target
  PPC: Extract SPR dump generation into its own function
  PPC: BookE: Support 32 and 64 bit wide MAS2
  PPC: BookE206: Bump MAS2 to 64bit

Benjamin Herrenschmidt (4):
  ppc64: Rudimentary Support for extra page sizes on server CPUs
  pseries: Correctly create ibm,segment-page-sizes property
  spapr_vscsi: Error handling fixes
  spapr: Add "memop" hypercall

Blue Swirl (22):
  ppc: Fix coding style in op_helper.c
  ppc: Split exception helpers
  ppc: Avoid AREG0 for exception helpers
  ppc: Fix coding style in helper.c
  ppc: Move exception helpers from helper.c to excp_helper.c
  ppc: Split FPU and SPE ops
  ppc: Avoid AREG0 for FPU and SPE helpers
  ppc: Split integer and vector ops
  ppc: Avoid AREG0 for integer and vector helpers
  ppc: Split MMU etc. helpers from op_helper.c
  ppc: Avoid AREG0 for MMU etc. helpers
  ppc: Avoid a warning with the next patch
  ppc: Move MMU helpers from helper.c to mmu_helper.c
  ppc: Cleanup MMU merge
  ppc: Split off timebase helpers
  ppc: Avoid AREG0 for timebase helpers
  ppc: Split off misc helpers
  ppc: Avoid AREG0 for misc helpers
  ppc: Move misc helpers from helper.c to misc_helper.c
  ppc: Move load and store helpers, switch to AREG0 free mode
  ppc: Add missing break
  ppc: Make hbrev table const

Fabien Chouteau (2):
  Avoid segfault in cpu_dump_state
  booke_206_tlbwe: Discard invalid bits in MAS2

Kevin Wolf (1):
  raw-posix: Fix build without is_allocated support

 Makefile|1 -
 block/raw-posix.c   |9 +-
 configure   |2 +-
 cpu-all.h   |9 +
 device_tree.c   |  108 +-
 device_tree.h   |   22 +-
 docs/specs/ppc-spapr-hcalls.txt |   78 +
 hw/loader.c |4 +-
 hw/ppc/Makefile.objs|2 +-
 hw/ppce500_mpc8544ds.c  |  283 ++-
 hw/spapr.c  |   46 +
 hw/spapr.h  |3 +-
 hw/spapr_hcall.c|   68 +
 hw/spapr_vscsi.c|4 +-
 pc-bios/mpc8544ds.dtb   |  Bin 2028 -> 0 bytes
 pc-bios/mpc8544ds.dts   |  119 -
 qemu-config.c   |   12 +
 qemu-log.h  |4 +-
 target-ppc/Makefile.objs|   14 +-
 target-ppc/cpu.h|   88 +-
 target-ppc/excp_helper.c|  969 +
 target-ppc/fpu_helper.c | 1740 +++
 target-ppc/helper.c | 3168 +---
 target-ppc/helper.h |  573 +++---
 target-ppc/int_helper.c

[Qemu-devel] [PATCH 12/72] ppc: Avoid a warning with the next patch

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

When the code is moved together by the next patch, compiler
detects a possible uninitialized variable use. Avoid the warning
by initializing the variables.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/mmu_helper.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index 7bd6230..e79b8f2 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -89,7 +89,7 @@ void helper_store_slb(CPUPPCState *env, target_ulong rb, 
target_ulong rs)
 
 target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb)
 {
-target_ulong rt;
+target_ulong rt = 0;
 
 if (ppc_load_slb_esid(env, rb, &rt) < 0) {
 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
@@ -100,7 +100,7 @@ target_ulong helper_load_slb_esid(CPUPPCState *env, 
target_ulong rb)
 
 target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
 {
-target_ulong rt;
+target_ulong rt = 0;
 
 if (ppc_load_slb_vsid(env, rb, &rt) < 0) {
 helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
-- 
1.6.0.2

[Qemu-devel] [PATCH 45/72] PPC: e500: dt: create /soc8544 node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   17 +
 pc-bios/mpc8544ds.dts  |9 -
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index a078e24..c7c16c1 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -43,6 +43,8 @@
 #define RAM_SIZES_ALIGN(64UL << 20)
 
 #define MPC8544_CCSRBAR_BASE   0xE000
+#define MPC8544_CCSRBAR_REGSIZE0x1000
+#define MPC8544_CCSRBAR_SIZE   0x0010
 #define MPC8544_MPIC_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4)
 #define MPC8544_SERIAL0_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4500)
 #define MPC8544_SERIAL1_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4600)
@@ -78,6 +80,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 int i;
 char compatible[] = "MPC8544DS\0MPC85xxDS";
 char model[] = "MPC8544DS";
+char soc[128];
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -179,6 +182,20 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 }
 }
 
+/* XXX These should go into their respective devices' code */
+snprintf(soc, sizeof(soc), "/soc8544@%x", MPC8544_CCSRBAR_BASE);
+qemu_devtree_add_subnode(fdt, soc);
+qemu_devtree_setprop_string(fdt, soc, "device_type", "soc");
+qemu_devtree_setprop_string(fdt, soc, "compatible", "simple-bus");
+qemu_devtree_setprop_cell(fdt, soc, "#address-cells", 1);
+qemu_devtree_setprop_cell(fdt, soc, "#size-cells", 1);
+qemu_devtree_setprop_cells(fdt, soc, "ranges", 0x0, MPC8544_CCSRBAR_BASE,
+   MPC8544_CCSRBAR_SIZE);
+qemu_devtree_setprop_cells(fdt, soc, "reg", MPC8544_CCSRBAR_BASE,
+   MPC8544_CCSRBAR_REGSIZE);
+/* XXX should contain a reasonable value */
+qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 if (ret < 0) {
 goto out;
diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index 1eac8ef..01b53ba 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -18,15 +18,6 @@
};
 
soc8544@e000 {
-   #address-cells = <1>;
-   #size-cells = <1>;
-   device_type = "soc";
-   compatible = "simple-bus";
-
-   ranges = <0x0 0xe000 0x10>;
-   reg = <0xe000 0x1000>;  // CCSRBAR 1M
-   bus-frequency = <0>;// Filled out by uboot.
-
serial0: serial@4500 {
cell-index = <0>;
device_type = "serial";
-- 
1.6.0.2

[Qemu-devel] [PATCH 44/72] PPC: e500: dt: create /chosen node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 28c7c8c..a078e24 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -101,6 +101,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
  sizeof(mem_reg_property));
 
+qemu_devtree_add_subnode(fdt, "/chosen");
 if (initrd_size) {
 ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
 initrd_base);
-- 
1.6.0.2

[Qemu-devel] [PATCH 36/72] dt: add helper for empty dt creation

2012-06-23 Thread Alexander Graf 
We want to get rid of the concept of loading an external device tree and instead
generate our own. However, to do this we need to also create a device tree
template programatically.

This patch adds a helper to create an empty device tree in memory.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |   37 +
 device_tree.h |1 +
 2 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 2f127b7..d037896 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -25,6 +25,43 @@
 
 #include 
 
+#define FDT_MAX_SIZE  0x1
+
+void *create_device_tree(int *sizep)
+{
+void *fdt;
+int ret;
+
+*sizep = FDT_MAX_SIZE;
+fdt = g_malloc0(FDT_MAX_SIZE);
+ret = fdt_create(fdt, FDT_MAX_SIZE);
+if (ret < 0) {
+goto fail;
+}
+ret = fdt_begin_node(fdt, "");
+if (ret < 0) {
+goto fail;
+}
+ret = fdt_end_node(fdt);
+if (ret < 0) {
+goto fail;
+}
+ret = fdt_finish(fdt);
+if (ret < 0) {
+goto fail;
+}
+ret = fdt_open_into(fdt, fdt, *sizep);
+if (ret) {
+fprintf(stderr, "Unable to copy device tree in memory\n");
+exit(1);
+}
+
+return fdt;
+fail:
+fprintf(stderr, "%s Couldn't create dt: %s\n", __func__, 
fdt_strerror(ret));
+exit(1);
+}
+
 void *load_device_tree(const char *filename_path, int *sizep)
 {
 int dt_size;
diff --git a/device_tree.h b/device_tree.h
index 36fc9db..5f76f40 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -14,6 +14,7 @@
 #ifndef __DEVICE_TREE_H__
 #define __DEVICE_TREE_H__
 
+void *create_device_tree(int *sizep);
 void *load_device_tree(const char *filename_path, int *sizep);
 
 int qemu_devtree_setprop(void *fdt, const char *node_path,
-- 
1.6.0.2

[Qemu-devel] [PATCH 43/72] PPC: e500: dt: create / node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |8 
 pc-bios/mpc8544ds.dtb  |  Bin 1904 -> 1810 bytes
 pc-bios/mpc8544ds.dts  |5 -
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 54e7ec7..28c7c8c 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -76,6 +76,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 uint32_t clock_freq = 4;
 uint32_t tb_freq = 4;
 int i;
+char compatible[] = "MPC8544DS\0MPC85xxDS";
+char model[] = "MPC8544DS";
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -88,6 +90,12 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 }
 
 /* Manipulate device tree in memory. */
+qemu_devtree_setprop_string(fdt, "/", "model", model);
+qemu_devtree_setprop(fdt, "/", "compatible", compatible,
+ sizeof(compatible));
+qemu_devtree_setprop_cell(fdt, "/", "#address-cells", 1);
+qemu_devtree_setprop_cell(fdt, "/", "#size-cells", 1);
+
 qemu_devtree_add_subnode(fdt, "/memory");
 qemu_devtree_setprop_string(fdt, "/memory", "device_type", "memory");
 qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
index 
8194aa2e6f292fb34023feb596aa19448b8af0d0..25d92f681dec184530af63e2d2cea61cb4cccd04
 100644
GIT binary patch
literal 1810
zcmb7EyKdA#6rCkONyI||2}FgEk^-Svaira7i!HW+bSd}&;&>;!qn)*l$3_V>REUy}
ze?a^K5)yPYv~)`kJs<>}GvjgWMJaNn>$&fHJacD0U-|Q0h?VO?h`taPe`CE1z6M?g
zgE}{1|LEk_w^M1INUO+5Lv;y!o5Hq9<9@H(9m>$rwvoAt^sw6tLk672uAUvc+l;-6
zob~N2R<>pzWo;R80ZV7GopV_{%aCs{226a^Hy88}`7l}kC9DIZW|@}3VQGKM+AqVt
z$DlbsZg*I36}&&kr!x8;53PyV+JEl-2bG`t3OICe*6QmH60@`0>)Ai`wtXS)Bgk&Q
zuQjz<4nOfc1K$I4Z+y%P$V_tkRbi@j*vA}HG1SkA=|PoR_d7SHOvS@4rv;Tj#6Wrt
z_V{>?B(J}P?Elf8gFRiIu#4f$4B|S?%jf%5F)iOhzj_b-U0^QHgZJeYm^HlZ7i7|3Fl`}tj{&6j
z6;r+gCU{R@z2J<@C64LR&*2-aUgzvG!t0xmeSgMt*6AbLnVE~{5ZA$OM&e0oWJ1-(
z;N9&kpZ%8B?=E|g*W7y(3b*bE%t|OWqR}Xq#ssm{+K3IKp2|ud$tNn7kBXB_ia4ER
zQK1gC6nT`4@%ra-Ebv?gN4b1l$|OD!tPrSVB#%X`(|Fo&sics3US_x$wHRbkE|a2R
zh|{FVQ>|q#HcrDFFs+jEcq^Mk$p{#D-6oL~syZIi`mVGCEr6r;2(
I0HBzNe~HoS>i_@%

literal 1904
zcmb7FyKWOf6de=fknm8DC@2t$lm;QM;z)Lsg2EP$E)o(c=+I_&Vy`mZ-R!K9Lq$3Y
z3VwhepyUgXsOaDeFdsle1r2b{JT|+IQshdwkX=v78Gbc7$l}VZ8_3
z1l9mh>kjn58EQGr64q7nyH6kP^n1NW&#Zy^TR{6%Z@AgadeD9uU@hkI^172-p-Mt6
zHAG{(i?y?3QngJKuM^?t23<4>t2CF*$dT)}#@au(TG-
zSyR>PdA<9+3=z)|%2$E5PA0jM!T!{2%jmB`zYB;tf9$E#{|c}-$B$F`oX?Gly)}34
z?FY_Ic^Md5Kcn?|+o|5#?)S}3y$*N(7*6I|eXb)DW&3A8C%}DxXXAa|f@hFDFV~Yh
zVeiA9{2gDgrzbA7s(0a@@+2DcI4#HoVo#*^fbWm@Nb>SW@P3cx9?Yb2TCERfrX7uo
zyp!cJ4N$?DO#BMiVN+e@{S2Ew2WI=?WOH^SmF=1D;q;CN8n;K`wyy~q!H=M#+t!{ugs4CxKO{VX6A%4^DiFeHU
zbKsW{Z?IIv{a5p{U^6|!&RF;~;+)Rh#G;L7>GNWJ2eBfrckvCIujk?$Heb*AG;9m?
zs&nz*0%Lg}C%|ohIh>B|82X1_>bk%#9Y~)X$gcyHH~1fbA**C8`#4(qGx&hj%bZ<$
zczGSXuTOu@5p9H-nYnlkb`7vI5{)x0Q;Nn1?`~`L{I|4vcUgm2nPjn4BFZLtSSI^Q
zij6Ri3#oMwNu{*d(8(+5c>6YWg2lC+dXG0pLLRBVukg-pwuBFfUT$dr;
-   #size-cells = <1>;
-
aliases {
serial0 = &serial0;
serial1 = &serial1;
-- 
1.6.0.2

[Qemu-devel] [PATCH 47/72] PPC: e500: dt: create mpic node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   16 
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index c68e994..5c2b6ab 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -83,6 +83,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char soc[128];
 char ser0[128];
 char ser1[128];
+char mpic[128];
+uint32_t mpic_ph;
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -199,6 +201,20 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 /* XXX should contain a reasonable value */
 qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
 
+snprintf(mpic, sizeof(mpic), "%s/pic@%x", soc,
+ MPC8544_MPIC_REGS_BASE - MPC8544_CCSRBAR_BASE);
+qemu_devtree_add_subnode(fdt, mpic);
+qemu_devtree_setprop_string(fdt, mpic, "device_type", "open-pic");
+qemu_devtree_setprop_string(fdt, mpic, "compatible", "chrp,open-pic");
+qemu_devtree_setprop_cells(fdt, mpic, "reg", MPC8544_MPIC_REGS_BASE -
+   MPC8544_CCSRBAR_BASE, 0x4);
+qemu_devtree_setprop_cell(fdt, mpic, "#address-cells", 0);
+qemu_devtree_setprop_cell(fdt, mpic, "#interrupt-cells", 2);
+mpic_ph = qemu_devtree_alloc_phandle(fdt);
+qemu_devtree_setprop_cell(fdt, mpic, "phandle", mpic_ph);
+qemu_devtree_setprop_cell(fdt, mpic, "linux,phandle", mpic_ph);
+qemu_devtree_setprop(fdt, mpic, "interrupt-controller", NULL, 0);
+
 /*
  * We have to generate ser1 first, because Linux takes the first
  * device it finds in the dt as serial output device. And we generate
-- 
1.6.0.2

[Qemu-devel] [PATCH 29/72] spapr: Add "memop" hypercall

2012-06-23 Thread Alexander Graf 
From: Benjamin Herrenschmidt 

This adds a qemu-specific hypervisor call to the pseries machine
which allows to do what amounts to memmove, memcpy and xor over
regions of physical memory such as the framebuffer.

This is the simplest way to get usable framebuffer speed from
SLOF since the framebuffer isn't mapped in the VRMA and so would
otherwise require an hcall per 8 bytes access.

The performance is still not great but usable, and can be improved
with a more complex implementation of the hcall itself if needed.

This also adds some documentation for the qemu-specific hypercalls
that we add to PAPR along with a new qemu,hypertas-functions property
that mirrors ibm,hypertas-functions and provides some discoverability
for the new calls.

Note: I chose note to advertise H_RTAS to the guest via that mechanism.
This is done on purpose, the guest uses the normal RTAS interfaces
provided by qemu (including SLOF) which internally calls H_RTAS.

We might in the future implement part (or even all) of RTAS inside the
guest like IBM's firmware does and replace H_RTAS with some finer grained
set of private hypercalls.

Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Alexander Graf 
---
 docs/specs/ppc-spapr-hcalls.txt |   78 +++
 hw/spapr.c  |3 +
 hw/spapr.h  |3 +-
 hw/spapr_hcall.c|   68 ++
 4 files changed, 151 insertions(+), 1 deletions(-)
 create mode 100644 docs/specs/ppc-spapr-hcalls.txt

diff --git a/docs/specs/ppc-spapr-hcalls.txt b/docs/specs/ppc-spapr-hcalls.txt
new file mode 100644
index 000..52ba8d4
--- /dev/null
+++ b/docs/specs/ppc-spapr-hcalls.txt
@@ -0,0 +1,78 @@
+When used with the "pseries" machine type, QEMU-system-ppc64 implements
+a set of hypervisor calls using a subset of the server "PAPR" specification
+(IBM internal at this point), which is also what IBM's proprietary hypervisor
+adheres too.
+
+The subset is selected based on the requirements of Linux as a guest.
+
+In addition to those calls, we have added our own private hypervisor
+calls which are mostly used as a private interface between the firmware
+running in the guest and QEMU.
+
+All those hypercalls start at hcall number 0xf000 which correspond
+to a implementation specific range in PAPR.
+
+- H_RTAS (0xf000)
+
+RTAS is a set of runtime services generally provided by the firmware
+inside the guest to the operating system. It predates the existence
+of hypervisors (it was originally an extension to Open Firmware) and
+is still used by PAPR to provide various services that aren't performance
+sensitive.
+
+We currently implement the RTAS services in QEMU itself. The actual RTAS
+"firmware" blob in the guest is a small stub of a few instructions which
+calls our private H_RTAS hypervisor call to pass the RTAS calls to QEMU.
+
+Arguments:
+
+  r3 : H_RTAS (0xf000)
+  r4 : Guest physical address of RTAS parameter block
+
+Returns:
+
+  H_SUCCESS   : Successully called the RTAS function (RTAS result
+will have been stored in the parameter block)
+  H_PARAMETER : Unknown token
+
+- H_LOGICAL_MEMOP (0xf001)
+
+When the guest runs in "real mode" (in powerpc lingua this means
+with MMU disabled, ie guest effective == guest physical), it only
+has access to a subset of memory and no IOs.
+
+PAPR provides a set of hypervisor calls to perform cachable or
+non-cachable accesses to any guest physical addresses that the
+guest can use in order to access IO devices while in real mode.
+
+This is typically used by the firmware running in the guest.
+
+However, doing a hypercall for each access is extremely inefficient
+(even more so when running KVM) when accessing the frame buffer. In
+that case, things like scrolling become unusably slow.
+
+This hypercall allows the guest to request a "memory op" to be applied
+to memory. The supported memory ops at this point are to copy a range
+of memory (supports overlap of source and destination) and XOR which
+is used by our SLOF firmware to invert the screen.
+
+Arguments:
+
+  r3: H_LOGICAL_MEMOP (0xf001)
+  r4: Guest physical address of destination
+  r5: Guest physical address of source
+  r6: Individual element size
+0 = 1 byte
+1 = 2 bytes
+2 = 4 bytes
+3 = 8 bytes
+  r7: Number of elements
+  r8: Operation
+0 = copy
+1 = xor
+
+Returns:
+
+  H_SUCCESS   : Success
+  H_PARAMETER : Invalid argument
+
diff --git a/hw/spapr.c b/hw/spapr.c
index 1b01d64..09a23ff 100644
--- a/hw/spapr.c
+++ b/hw/spapr.c
@@ -197,6 +197,7 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
 uint32_t pft_size_prop[] = {0, cpu_to_be32(hash_shift)};
 char hypertas_prop[] = "hcall-pft\0hcall-term\0hcall-dabr\0hcall-interrupt"
 "\0hcall-tce\0hcall-vio\0hcall-splpar\0hcall-bulk";
+char qemu_hypertas_prop[] = "hcall-memop1";
 uint32_t interrupt_server_ranges_prop[] = {0, cpu_to_be32(smp_cpus)};

[Qemu-devel] [PATCH 38/72] dt: add helper for 64bit cell adds

2012-06-23 Thread Alexander Graf 
Some times in the device tree, we find an array of 2 u32 cells that
really are a single u64 value. This patch adds a helper to make the
creation of these easy.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |7 +++
 device_tree.h |2 ++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 7541274..c8d68c2 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -154,6 +154,13 @@ int qemu_devtree_setprop_cell(void *fdt, const char 
*node_path,
 return r;
 }
 
+int qemu_devtree_setprop_u64(void *fdt, const char *node_path,
+ const char *property, uint64_t val)
+{
+val = cpu_to_be64(val);
+return qemu_devtree_setprop(fdt, node_path, property, &val, sizeof(val));
+}
+
 int qemu_devtree_setprop_string(void *fdt, const char *node_path,
 const char *property, const char *string)
 {
diff --git a/device_tree.h b/device_tree.h
index 97af345..4898d95 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -21,6 +21,8 @@ int qemu_devtree_setprop(void *fdt, const char *node_path,
  const char *property, void *val_array, int size);
 int qemu_devtree_setprop_cell(void *fdt, const char *node_path,
   const char *property, uint32_t val);
+int qemu_devtree_setprop_u64(void *fdt, const char *node_path,
+ const char *property, uint64_t val);
 int qemu_devtree_setprop_string(void *fdt, const char *node_path,
 const char *property, const char *string);
 int qemu_devtree_setprop_phandle(void *fdt, const char *node_path,
-- 
1.6.0.2

[Qemu-devel] [PATCH 11/72] ppc: Avoid AREG0 for MMU etc. helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs|1 -
 target-ppc/helper.h |   74 +-
 target-ppc/mmu_helper.c |   91 ++-
 target-ppc/translate.c  |   85 ++--
 target-ppc/translate_init.c |   24 ++--
 5 files changed, 142 insertions(+), 133 deletions(-)

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 0f89c2c..71e25b1 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -7,5 +7,4 @@ obj-y += fpu_helper.o
 obj-y += int_helper.o
 obj-y += mmu_helper.o
 
-$(obj)/mmu_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 7074bad..b1f7ba5 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -324,38 +324,38 @@ DEF_HELPER_3(efdcmpgt, i32, env, i64, i64)
 DEF_HELPER_3(efdcmpeq, i32, env, i64, i64)
 
 #if !defined(CONFIG_USER_ONLY)
-DEF_HELPER_1(4xx_tlbre_hi, tl, tl)
-DEF_HELPER_1(4xx_tlbre_lo, tl, tl)
-DEF_HELPER_2(4xx_tlbwe_hi, void, tl, tl)
-DEF_HELPER_2(4xx_tlbwe_lo, void, tl, tl)
-DEF_HELPER_1(4xx_tlbsx, tl, tl)
-DEF_HELPER_2(440_tlbre, tl, i32, tl)
-DEF_HELPER_3(440_tlbwe, void, i32, tl, tl)
-DEF_HELPER_1(440_tlbsx, tl, tl)
-DEF_HELPER_0(booke206_tlbre, void)
-DEF_HELPER_0(booke206_tlbwe, void)
-DEF_HELPER_1(booke206_tlbsx, void, tl)
-DEF_HELPER_1(booke206_tlbivax, void, tl)
-DEF_HELPER_1(booke206_tlbilx0, void, tl)
-DEF_HELPER_1(booke206_tlbilx1, void, tl)
-DEF_HELPER_1(booke206_tlbilx3, void, tl)
-DEF_HELPER_1(booke206_tlbflush, void, i32)
-DEF_HELPER_2(booke_setpid, void, i32, tl)
-DEF_HELPER_1(6xx_tlbd, void, tl)
-DEF_HELPER_1(6xx_tlbi, void, tl)
-DEF_HELPER_1(74xx_tlbd, void, tl)
-DEF_HELPER_1(74xx_tlbi, void, tl)
-DEF_HELPER_FLAGS_0(tlbia, TCG_CALL_CONST, void)
-DEF_HELPER_FLAGS_1(tlbie, TCG_CALL_CONST, void, tl)
+DEF_HELPER_2(4xx_tlbre_hi, tl, env, tl)
+DEF_HELPER_2(4xx_tlbre_lo, tl, env, tl)
+DEF_HELPER_3(4xx_tlbwe_hi, void, env, tl, tl)
+DEF_HELPER_3(4xx_tlbwe_lo, void, env, tl, tl)
+DEF_HELPER_2(4xx_tlbsx, tl, env, tl)
+DEF_HELPER_3(440_tlbre, tl, env, i32, tl)
+DEF_HELPER_4(440_tlbwe, void, env, i32, tl, tl)
+DEF_HELPER_2(440_tlbsx, tl, env, tl)
+DEF_HELPER_1(booke206_tlbre, void, env)
+DEF_HELPER_1(booke206_tlbwe, void, env)
+DEF_HELPER_2(booke206_tlbsx, void, env, tl)
+DEF_HELPER_2(booke206_tlbivax, void, env, tl)
+DEF_HELPER_2(booke206_tlbilx0, void, env, tl)
+DEF_HELPER_2(booke206_tlbilx1, void, env, tl)
+DEF_HELPER_2(booke206_tlbilx3, void, env, tl)
+DEF_HELPER_2(booke206_tlbflush, void, env, i32)
+DEF_HELPER_3(booke_setpid, void, env, i32, tl)
+DEF_HELPER_2(6xx_tlbd, void, env, tl)
+DEF_HELPER_2(6xx_tlbi, void, env, tl)
+DEF_HELPER_2(74xx_tlbd, void, env, tl)
+DEF_HELPER_2(74xx_tlbi, void, env, tl)
+DEF_HELPER_FLAGS_1(tlbia, TCG_CALL_CONST, void, env)
+DEF_HELPER_FLAGS_2(tlbie, TCG_CALL_CONST, void, env, tl)
 #if defined(TARGET_PPC64)
-DEF_HELPER_FLAGS_2(store_slb, TCG_CALL_CONST, void, tl, tl)
-DEF_HELPER_1(load_slb_esid, tl, tl)
-DEF_HELPER_1(load_slb_vsid, tl, tl)
-DEF_HELPER_FLAGS_0(slbia, TCG_CALL_CONST, void)
-DEF_HELPER_FLAGS_1(slbie, TCG_CALL_CONST, void, tl)
+DEF_HELPER_FLAGS_3(store_slb, TCG_CALL_CONST, void, env, tl, tl)
+DEF_HELPER_2(load_slb_esid, tl, env, tl)
+DEF_HELPER_2(load_slb_vsid, tl, env, tl)
+DEF_HELPER_FLAGS_1(slbia, TCG_CALL_CONST, void, env)
+DEF_HELPER_FLAGS_2(slbie, TCG_CALL_CONST, void, env, tl)
 #endif
-DEF_HELPER_FLAGS_1(load_sr, TCG_CALL_CONST, tl, tl);
-DEF_HELPER_FLAGS_2(store_sr, TCG_CALL_CONST, void, tl, tl)
+DEF_HELPER_FLAGS_2(load_sr, TCG_CALL_CONST, tl, env, tl);
+DEF_HELPER_FLAGS_3(store_sr, TCG_CALL_CONST, void, env, tl, tl)
 
 DEF_HELPER_FLAGS_1(602_mfrom, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
 DEF_HELPER_1(msgsnd, void, tl)
@@ -365,7 +365,7 @@ DEF_HELPER_2(msgclr, void, env, tl)
 DEF_HELPER_4(dlmzb, tl, env, tl, tl, i32)
 DEF_HELPER_FLAGS_1(clcs, TCG_CALL_CONST | TCG_CALL_PURE, tl, i32)
 #if !defined(CONFIG_USER_ONLY)
-DEF_HELPER_1(rac, tl, tl)
+DEF_HELPER_2(rac, tl, env, tl)
 #endif
 DEF_HELPER_3(div, tl, env, tl, tl)
 DEF_HELPER_3(divo, tl, env, tl, tl)
@@ -405,12 +405,12 @@ DEF_HELPER_1(store_40x_dbcr0, void, tl)
 DEF_HELPER_1(store_40x_sler, void, tl)
 DEF_HELPER_1(store_booke_tcr, void, tl)
 DEF_HELPER_1(store_booke_tsr, void, tl)
-DEF_HELPER_2(store_ibatl, void, i32, tl)
-DEF_HELPER_2(store_ibatu, void, i32, tl)
-DEF_HELPER_2(store_dbatl, void, i32, tl)
-DEF_HELPER_2(store_dbatu, void, i32, tl)
-DEF_HELPER_2(store_601_batl, void, i32, tl)
-DEF_HELPER_2(store_601_batu, void, i32, tl)
+DEF_HELPER_3(store_ibatl, void, env, i32, tl)
+DEF_HELPER_3(store_ibatu, void, env, i32, tl)
+DEF_HELPER_3(store_dbatl, void, env, i32, tl)
+DEF_HELPER_3(store_dbatu, void, env, i32, tl)
+DEF_H

[Qemu-devel] [PATCH 15/72] ppc: Split off timebase helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Move decrementer and timebase helpers to a dedicated file.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |2 +
 target-ppc/op_helper.c   |  135 ---
 target-ppc/timebase_helper.c |  160 ++
 3 files changed, 162 insertions(+), 135 deletions(-)
 create mode 100644 target-ppc/timebase_helper.c

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 71e25b1..19dc744 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -6,5 +6,7 @@ obj-y += excp_helper.o
 obj-y += fpu_helper.o
 obj-y += int_helper.o
 obj-y += mmu_helper.o
+obj-y += timebase_helper.o
 
+$(obj)/timebase_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/op_helper.c b/target-ppc/op_helper.c
index c854c71..0929906 100644
--- a/target-ppc/op_helper.c
+++ b/target-ppc/op_helper.c
@@ -43,44 +43,6 @@ void helper_store_dump_spr(uint32_t sprn)
 qemu_log("Write SPR %d %03x <= " TARGET_FMT_lx "\n", sprn, sprn,
  env->spr[sprn]);
 }
-
-target_ulong helper_load_tbl(void)
-{
-return (target_ulong)cpu_ppc_load_tbl(env);
-}
-
-target_ulong helper_load_tbu(void)
-{
-return cpu_ppc_load_tbu(env);
-}
-
-target_ulong helper_load_atbl(void)
-{
-return (target_ulong)cpu_ppc_load_atbl(env);
-}
-
-target_ulong helper_load_atbu(void)
-{
-return cpu_ppc_load_atbu(env);
-}
-
-#if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
-target_ulong helper_load_purr(void)
-{
-return (target_ulong)cpu_ppc_load_purr(env);
-}
-#endif
-
-target_ulong helper_load_601_rtcl(void)
-{
-return cpu_ppc601_load_rtcl(env);
-}
-
-target_ulong helper_load_601_rtcu(void)
-{
-return cpu_ppc601_load_rtcu(env);
-}
-
 #if !defined(CONFIG_USER_ONLY)
 #if defined(TARGET_PPC64)
 void helper_store_asr(target_ulong val)
@@ -94,46 +56,6 @@ void helper_store_sdr1(target_ulong val)
 ppc_store_sdr1(env, val);
 }
 
-void helper_store_tbl(target_ulong val)
-{
-cpu_ppc_store_tbl(env, val);
-}
-
-void helper_store_tbu(target_ulong val)
-{
-cpu_ppc_store_tbu(env, val);
-}
-
-void helper_store_atbl(target_ulong val)
-{
-cpu_ppc_store_atbl(env, val);
-}
-
-void helper_store_atbu(target_ulong val)
-{
-cpu_ppc_store_atbu(env, val);
-}
-
-void helper_store_601_rtcl(target_ulong val)
-{
-cpu_ppc601_store_rtcl(env, val);
-}
-
-void helper_store_601_rtcu(target_ulong val)
-{
-cpu_ppc601_store_rtcu(env, val);
-}
-
-target_ulong helper_load_decr(void)
-{
-return cpu_ppc_load_decr(env);
-}
-
-void helper_store_decr(target_ulong val)
-{
-cpu_ppc_store_decr(env, val);
-}
-
 void helper_store_hid0_601(target_ulong val)
 {
 target_ulong hid0;
@@ -160,16 +82,6 @@ void helper_store_403_pbr(uint32_t num, target_ulong value)
 }
 }
 
-target_ulong helper_load_40x_pit(void)
-{
-return load_40x_pit(env);
-}
-
-void helper_store_40x_pit(target_ulong val)
-{
-store_40x_pit(env, val);
-}
-
 void helper_store_40x_dbcr0(target_ulong val)
 {
 store_40x_dbcr0(env, val);
@@ -179,16 +91,6 @@ void helper_store_40x_sler(target_ulong val)
 {
 store_40x_sler(env, val);
 }
-
-void helper_store_booke_tcr(target_ulong val)
-{
-store_booke_tcr(env, val);
-}
-
-void helper_store_booke_tsr(target_ulong val)
-{
-store_booke_tsr(env, val);
-}
 #endif
 
 /*/
@@ -381,43 +283,6 @@ target_ulong helper_clcs(uint32_t arg)
 }
 
 /*/
-/* Embedded PowerPC specific helpers */
-
-/* XXX: to be improved to check access rights when in user-mode */
-target_ulong helper_load_dcr(target_ulong dcrn)
-{
-uint32_t val = 0;
-
-if (unlikely(env->dcr_env == NULL)) {
-qemu_log("No DCR environment\n");
-helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
-   POWERPC_EXCP_INVAL |
-   POWERPC_EXCP_INVAL_INVAL);
-} else if (unlikely(ppc_dcr_read(env->dcr_env,
- (uint32_t)dcrn, &val) != 0)) {
-qemu_log("DCR read error %d %03x\n", (uint32_t)dcrn, (uint32_t)dcrn);
-helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
-   POWERPC_EXCP_INVAL | POWERPC_EXCP_PRIV_REG);
-}
-return val;
-}
-
-void helper_store_dcr(target_ulong dcrn, target_ulong val)
-{
-if (unlikely(env->dcr_env == NULL)) {
-qemu_log("No DCR environment\n");
-helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
-   POWERPC_EXCP_INVAL |
-   POWERPC_EXCP_INVAL_INVAL);
-} else if (unlikely(ppc_dcr_write(env->dcr_env, (uint32_t)dcrn,
-  (uint32_t)val) != 0

[Qemu-devel] [PATCH 20/72] ppc: Move load and store helpers, switch to AREG0 free mode

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0
and rename op_helper.c (which only contains load and store helpers)
to mem_helper.c. Remove AREG0 swapping in
tlb_fill().

Switch to AREG0 free mode. Use cpu_ld{l,uw}_code in translation
and interrupt handling, cpu_{ld,st}{l,uw}_data in loads and stores.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 configure|2 +-
 cpu-all.h|9 +++
 target-ppc/Makefile.objs |7 +-
 target-ppc/excp_helper.c |3 +-
 target-ppc/helper.h  |   30 
 target-ppc/{op_helper.c => mem_helper.c} |  109 +++---
 target-ppc/translate.c   |   30 
 7 files changed, 100 insertions(+), 90 deletions(-)
 rename target-ppc/{op_helper.c => mem_helper.c} (68%)

diff --git a/configure b/configure
index b68c0ca..6128ba7 100755
--- a/configure
+++ b/configure
@@ -3679,7 +3679,7 @@ symlink "$source_path/Makefile.target" 
"$target_dir/Makefile"
 
 
 case "$target_arch2" in
-  alpha | sparc* | xtensa*)
+  alpha | sparc* | xtensa* | ppc*)
 echo "CONFIG_TCG_PASS_AREG0=y" >> $config_target_mak
   ;;
 esac
diff --git a/cpu-all.h b/cpu-all.h
index 50c8b62..9dc249a 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -291,6 +291,15 @@ extern unsigned long reserved_va;
 #define stfl_kernel(p, v) stfl_raw(p, v)
 #define stfq_kernel(p, vt) stfq_raw(p, v)
 
+#ifdef CONFIG_TCG_PASS_AREG0
+#define cpu_ldub_data(env, addr) ldub_raw(addr)
+#define cpu_lduw_data(env, addr) lduw_raw(addr)
+#define cpu_ldl_data(env, addr) ldl_raw(addr)
+
+#define cpu_stb_data(env, addr, data) stb_raw(addr, data)
+#define cpu_stw_data(env, addr, data) stw_raw(addr, data)
+#define cpu_stl_data(env, addr, data) stl_raw(addr, data)
+#endif
 #endif /* defined(CONFIG_USER_ONLY) */
 
 /* page related stuff */
diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 8d4d16b..6c11ef8 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -1,12 +1,11 @@
-obj-y += translate.o op_helper.o helper.o
+obj-y += translate.o helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o
 obj-$(CONFIG_KVM) += kvm.o kvm_ppc.o
-obj-y += op_helper.o helper.o
+obj-y += helper.o
 obj-y += excp_helper.o
 obj-y += fpu_helper.o
 obj-y += int_helper.o
 obj-y += mmu_helper.o
 obj-y += timebase_helper.o
 obj-y += misc_helper.o
-
-$(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
+obj-y += mem_helper.o
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index 7fa7a59..c7762b9 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -179,7 +179,8 @@ static inline void powerpc_excp(CPUPPCState *env, int 
excp_model, int excp)
 }
 /* XXX: this is false */
 /* Get rS/rD and rA from faulting opcode */
-env->spr[SPR_DSISR] |= (ldl_code((env->nip - 4)) & 0x03FF) >> 16;
+env->spr[SPR_DSISR] |= (cpu_ldl_code(env, (env->nip - 4))
+& 0x03FF) >> 16;
 goto store_current;
 case POWERPC_EXCP_PROGRAM:   /* Program exception*/
 switch (env->error_code & ~0xF) {
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index b7a157e..ddab97b 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -20,15 +20,15 @@ DEF_HELPER_1(hrfid, void, env)
 #endif
 #endif
 
-DEF_HELPER_2(lmw, void, tl, i32)
-DEF_HELPER_2(stmw, void, tl, i32)
-DEF_HELPER_3(lsw, void, tl, i32, i32)
-DEF_HELPER_4(lswx, void, tl, i32, i32, i32)
-DEF_HELPER_3(stsw, void, tl, i32, i32)
-DEF_HELPER_1(dcbz, void, tl)
-DEF_HELPER_1(dcbz_970, void, tl)
-DEF_HELPER_1(icbi, void, tl)
-DEF_HELPER_4(lscbx, tl, tl, i32, i32, i32)
+DEF_HELPER_3(lmw, void, env, tl, i32)
+DEF_HELPER_3(stmw, void, env, tl, i32)
+DEF_HELPER_4(lsw, void, env, tl, i32, i32)
+DEF_HELPER_5(lswx, void, env, tl, i32, i32, i32)
+DEF_HELPER_4(stsw, void, env, tl, i32, i32)
+DEF_HELPER_2(dcbz, void, env, tl)
+DEF_HELPER_2(dcbz_970, void, env, tl)
+DEF_HELPER_2(icbi, void, env, tl)
+DEF_HELPER_5(lscbx, tl, env, tl, i32, i32, i32)
 
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_2(mulhd, TCG_CALL_CONST | TCG_CALL_PURE, i64, i64, i64)
@@ -226,12 +226,12 @@ DEF_HELPER_5(vmsumshm, void, env, avr, avr, avr, avr)
 DEF_HELPER_5(vmsumshs, void, env, avr, avr, avr, avr)
 DEF_HELPER_4(vmladduhm, void, avr, avr, avr, avr)
 DEF_HELPER_2(mtvscr, void, env, avr);
-DEF_HELPER_2(lvebx, void, avr, tl)
-DEF_HELPER_2(lvehx, void, avr, tl)
-DEF_HELPER_2(lvewx, void, avr, tl)
-DEF_HELPER_2(stvebx, void, avr, tl)
-DEF_HELPER_2(stvehx, void, avr, tl)
-DEF_HELPER_2(stvewx, void, avr, tl)
+DEF_HELPER_3(lvebx, void, env, avr, tl)
+DEF_HELPER_3(lvehx, void, env, avr, tl)
+DEF_HELPER_3(lvewx, void, env, avr, tl)
+DEF_HELPER_3(stvebx, void, env, avr, tl)
+DEF_HELPER_3(stvehx, void, env, avr, tl)
+DEF_HELPER_3(stvewx, void, env, avr, tl)

[Qemu-devel] [PATCH 72/72] PPC: BookE206: Bump MAS2 to 64bit

2012-06-23 Thread Alexander Graf 
On 64bit capable systems, MAS2 can actually hold a 64bit virtual page
address. So increase the mask for its EPN.

Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 652a35a..ca2fc21 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -693,7 +693,7 @@ enum {
 #define MAS1_VALID 0x8000
 
 #define MAS2_EPN_SHIFT 12
-#define MAS2_EPN_MASK  (0xf << MAS2_EPN_SHIFT)
+#define MAS2_EPN_MASK  (~0ULL << MAS2_EPN_SHIFT)
 
 #define MAS2_ACM_SHIFT 6
 #define MAS2_ACM   (1 << MAS2_ACM_SHIFT)
-- 
1.6.0.2

[Qemu-devel] [PATCH 61/72] PPC: e500: Refactor serial dt generation

2012-06-23 Thread Alexander Graf 
When generating serial port device tree nodes, we duplicate quite a bit
of code, because there are 2 of them in the mpc8544ds board we emulate.

Shove the generating code into a function, so we duplicate less code.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   54 +++
 1 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index bf48bc7..f6da25b 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -82,6 +82,28 @@ static void pci_map_create(void *fdt, uint32_t *pci_map, 
uint32_t mpic)
 }
 }
 
+static void dt_serial_create(void *fdt, unsigned long long offset,
+ const char *soc, const char *mpic,
+ const char *alias, int idx, bool defcon)
+{
+char ser[128];
+
+snprintf(ser, sizeof(ser), "%s/serial@%llx", soc, offset);
+qemu_devtree_add_subnode(fdt, ser);
+qemu_devtree_setprop_string(fdt, ser, "device_type", "serial");
+qemu_devtree_setprop_string(fdt, ser, "compatible", "ns16550");
+qemu_devtree_setprop_cells(fdt, ser, "reg", offset, 0x100);
+qemu_devtree_setprop_cell(fdt, ser, "cell-index", idx);
+qemu_devtree_setprop_cell(fdt, ser, "clock-frequency", 0);
+qemu_devtree_setprop_cells(fdt, ser, "interrupts", 42, 2, 0, 0);
+qemu_devtree_setprop_phandle(fdt, ser, "interrupt-parent", mpic);
+qemu_devtree_setprop_string(fdt, "/aliases", alias, ser);
+
+if (defcon) {
+qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser);
+}
+}
+
 static int mpc8544_load_device_tree(CPUPPCState *env,
 target_phys_addr_t addr,
 target_phys_addr_t ramsize,
@@ -101,8 +123,6 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char compatible_sb[] = "fsl,mpc8544-immr\0simple-bus";
 char model[] = "MPC8544DS";
 char soc[128];
-char ser0[128];
-char ser1[128];
 char mpic[128];
 uint32_t mpic_ph;
 char gutil[128];
@@ -274,32 +294,10 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
  * device it finds in the dt as serial output device. And we generate
  * devices in reverse order to the dt.
  */
-snprintf(ser1, sizeof(ser1), "%s/serial@%llx", soc,
- MPC8544_SERIAL1_REGS_BASE - MPC8544_CCSRBAR_BASE);
-qemu_devtree_add_subnode(fdt, ser1);
-qemu_devtree_setprop_string(fdt, ser1, "device_type", "serial");
-qemu_devtree_setprop_string(fdt, ser1, "compatible", "ns16550");
-qemu_devtree_setprop_cells(fdt, ser1, "reg", MPC8544_SERIAL1_REGS_BASE -
-   MPC8544_CCSRBAR_BASE, 0x100);
-qemu_devtree_setprop_cell(fdt, ser1, "cell-index", 1);
-qemu_devtree_setprop_cell(fdt, ser1, "clock-frequency", 0);
-qemu_devtree_setprop_cells(fdt, ser1, "interrupts", 42, 2, 0, 0);
-qemu_devtree_setprop_phandle(fdt, ser1, "interrupt-parent", mpic);
-qemu_devtree_setprop_string(fdt, "/aliases", "serial1", ser1);
-
-snprintf(ser0, sizeof(ser0), "%s/serial@%llx", soc,
- MPC8544_SERIAL0_REGS_BASE - MPC8544_CCSRBAR_BASE);
-qemu_devtree_add_subnode(fdt, ser0);
-qemu_devtree_setprop_string(fdt, ser0, "device_type", "serial");
-qemu_devtree_setprop_string(fdt, ser0, "compatible", "ns16550");
-qemu_devtree_setprop_cells(fdt, ser0, "reg", MPC8544_SERIAL0_REGS_BASE -
-   MPC8544_CCSRBAR_BASE, 0x100);
-qemu_devtree_setprop_cell(fdt, ser0, "cell-index", 0);
-qemu_devtree_setprop_cell(fdt, ser0, "clock-frequency", 0);
-qemu_devtree_setprop_cells(fdt, ser0, "interrupts", 42, 2, 0, 0);
-qemu_devtree_setprop_phandle(fdt, ser0, "interrupt-parent", mpic);
-qemu_devtree_setprop_string(fdt, "/aliases", "serial0", ser0);
-qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser0);
+dt_serial_create(fdt, MPC8544_SERIAL1_REGS_BASE - MPC8544_CCSRBAR_BASE,
+ soc, mpic, "serial1", 1, false);
+dt_serial_create(fdt, MPC8544_SERIAL0_REGS_BASE - MPC8544_CCSRBAR_BASE,
+ soc, mpic, "serial0", 0, true);
 
 snprintf(gutil, sizeof(gutil), "%s/global-utilities@%llx", soc,
  MPC8544_UTIL_BASE - MPC8544_CCSRBAR_BASE);
-- 
1.6.0.2

[Qemu-devel] [PATCH 60/72] dt: Add global option to set phandle start offset

2012-06-23 Thread Alexander Graf 
If anyone outside of QEMU wants to mess with a QEMU generated device tree,
he needs to know which range phandles are valid in. So let's expose a
machine option that an external program can use to set the start allocate
id for phandles in QEMU.

Signed-off-by: Alexander Graf 
---
 device_tree.c |   28 +++-
 qemu-config.c |4 
 2 files changed, 31 insertions(+), 1 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index cc83f0f..acae53e 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -22,6 +22,8 @@
 #include "qemu-common.h"
 #include "device_tree.h"
 #include "hw/loader.h"
+#include "qemu-option.h"
+#include "qemu-config.h"
 
 #include 
 
@@ -200,7 +202,31 @@ int qemu_devtree_setprop_phandle(void *fdt, const char 
*node_path,
 
 uint32_t qemu_devtree_alloc_phandle(void *fdt)
 {
-static int phandle = 0x8000;
+static int phandle = 0x0;
+
+/*
+ * We need to find out if the user gave us special instruction at
+ * which phandle id to start allocting phandles.
+ */
+if (!phandle) {
+QemuOpts *machine_opts;
+machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
+if (machine_opts) {
+const char *phandle_start;
+phandle_start = qemu_opt_get(machine_opts, "phandle_start");
+if (phandle_start) {
+phandle = strtoul(phandle_start, NULL, 0);
+}
+}
+}
+
+if (!phandle) {
+/*
+ * None or invalid phandle given on the command line, so fall back to
+ * default starting point.
+ */
+phandle = 0x8000;
+}
 
 return phandle++;
 }
diff --git a/qemu-config.c b/qemu-config.c
index 5bbebaf..2cd2726 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -587,6 +587,10 @@ static QemuOptsList qemu_machine_opts = {
 .name = "dumpdtb",
 .type = QEMU_OPT_STRING,
 .help = "Dump current dtb to a file and quit",
+}, {
+.name = "phandle_start",
+.type = QEMU_OPT_STRING,
+.help = "The first phandle ID we may generate dynamically",
 },
 { /* End of list */ }
 },
-- 
1.6.0.2

[Qemu-devel] [PATCH 10/72] ppc: Split MMU etc. helpers from op_helper.c

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Move MMU, TLB, SLB and BAT ops to mmu_helper.c.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |2 +
 target-ppc/mmu_helper.c  |  882 ++
 target-ppc/op_helper.c   |  854 
 3 files changed, 884 insertions(+), 854 deletions(-)
 create mode 100644 target-ppc/mmu_helper.c

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 5d63400..0f89c2c 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -5,5 +5,7 @@ obj-y += op_helper.o helper.o
 obj-y += excp_helper.o
 obj-y += fpu_helper.o
 obj-y += int_helper.o
+obj-y += mmu_helper.o
 
+$(obj)/mmu_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
new file mode 100644
index 000..81800b6
--- /dev/null
+++ b/target-ppc/mmu_helper.c
@@ -0,0 +1,882 @@
+/*
+ *  PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU.
+ *
+ *  Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#include "cpu.h"
+#include "dyngen-exec.h"
+#include "helper.h"
+
+//#define DEBUG_SOFTWARE_TLB
+
+#ifdef DEBUG_SOFTWARE_TLB
+#  define LOG_SWTLB(...) qemu_log(__VA_ARGS__)
+#else
+#  define LOG_SWTLB(...) do { } while (0)
+#endif
+
+/*/
+/* SPR accesses */
+
+#if !defined(CONFIG_USER_ONLY)
+void helper_store_ibatu(uint32_t nr, target_ulong val)
+{
+ppc_store_ibatu(env, nr, val);
+}
+
+void helper_store_ibatl(uint32_t nr, target_ulong val)
+{
+ppc_store_ibatl(env, nr, val);
+}
+
+void helper_store_dbatu(uint32_t nr, target_ulong val)
+{
+ppc_store_dbatu(env, nr, val);
+}
+
+void helper_store_dbatl(uint32_t nr, target_ulong val)
+{
+ppc_store_dbatl(env, nr, val);
+}
+
+void helper_store_601_batl(uint32_t nr, target_ulong val)
+{
+ppc_store_ibatl_601(env, nr, val);
+}
+
+void helper_store_601_batu(uint32_t nr, target_ulong val)
+{
+ppc_store_ibatu_601(env, nr, val);
+}
+
+/* Segment registers load and store */
+target_ulong helper_load_sr(target_ulong sr_num)
+{
+#if defined(TARGET_PPC64)
+if (env->mmu_model & POWERPC_MMU_64) {
+return ppc_load_sr(env, sr_num);
+}
+#endif
+return env->sr[sr_num];
+}
+
+void helper_store_sr(target_ulong sr_num, target_ulong val)
+{
+ppc_store_sr(env, sr_num, val);
+}
+
+/* SLB management */
+#if defined(TARGET_PPC64)
+void helper_store_slb(target_ulong rb, target_ulong rs)
+{
+if (ppc_store_slb(env, rb, rs) < 0) {
+helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+   POWERPC_EXCP_INVAL);
+}
+}
+
+target_ulong helper_load_slb_esid(target_ulong rb)
+{
+target_ulong rt;
+
+if (ppc_load_slb_esid(env, rb, &rt) < 0) {
+helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+   POWERPC_EXCP_INVAL);
+}
+return rt;
+}
+
+target_ulong helper_load_slb_vsid(target_ulong rb)
+{
+target_ulong rt;
+
+if (ppc_load_slb_vsid(env, rb, &rt) < 0) {
+helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM,
+   POWERPC_EXCP_INVAL);
+}
+return rt;
+}
+
+void helper_slbia(void)
+{
+ppc_slb_invalidate_all(env);
+}
+
+void helper_slbie(target_ulong addr)
+{
+ppc_slb_invalidate_one(env, addr);
+}
+
+#endif /* defined(TARGET_PPC64) */
+
+/* TLB management */
+void helper_tlbia(void)
+{
+ppc_tlb_invalidate_all(env);
+}
+
+void helper_tlbie(target_ulong addr)
+{
+ppc_tlb_invalidate_one(env, addr);
+}
+
+/* Software driven TLBs management */
+/* PowerPC 602/603 software TLB load instructions helpers */
+static void do_6xx_tlb(target_ulong new_EPN, int is_code)
+{
+target_ulong RPN, CMP, EPN;
+int way;
+
+RPN = env->spr[SPR_RPA];
+if (is_code) {
+CMP = env->spr[SPR_ICMP];
+EPN = env->spr[SPR_IMISS];
+} else {
+CMP = env->spr[SPR_DCMP];
+EPN = env->spr[SPR_DMISS];
+}
+way = (env->spr[SPR_SRR1] >> 17) & 1;
+(void)EPN; /* avoid a compiler warning */
+LOG_SWTLB("%s: EPN " TARGET_FMT_lx " " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx

[Qemu-devel] [PATCH 17/72] ppc: Split off misc helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Move misc helpers from op_helper.c to misc_helpers.c.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |2 +
 target-ppc/misc_helper.c |  116 ++
 target-ppc/op_helper.c   |   94 -
 3 files changed, 118 insertions(+), 94 deletions(-)
 create mode 100644 target-ppc/misc_helper.c

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 4a88641..3a444eb 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -7,5 +7,7 @@ obj-y += fpu_helper.o
 obj-y += int_helper.o
 obj-y += mmu_helper.o
 obj-y += timebase_helper.o
+obj-y += misc_helper.o
 
+$(obj)/misc_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/misc_helper.c b/target-ppc/misc_helper.c
new file mode 100644
index 000..67eab08
--- /dev/null
+++ b/target-ppc/misc_helper.c
@@ -0,0 +1,116 @@
+/*
+ * Miscellaneous PowerPC emulation helpers for QEMU.
+ *
+ *  Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#include "cpu.h"
+#include "dyngen-exec.h"
+#include "helper.h"
+
+#include "helper_regs.h"
+
+/*/
+/* SPR accesses */
+void helper_load_dump_spr(uint32_t sprn)
+{
+qemu_log("Read SPR %d %03x => " TARGET_FMT_lx "\n", sprn, sprn,
+ env->spr[sprn]);
+}
+
+void helper_store_dump_spr(uint32_t sprn)
+{
+qemu_log("Write SPR %d %03x <= " TARGET_FMT_lx "\n", sprn, sprn,
+ env->spr[sprn]);
+}
+#if !defined(CONFIG_USER_ONLY)
+#if defined(TARGET_PPC64)
+void helper_store_asr(target_ulong val)
+{
+ppc_store_asr(env, val);
+}
+#endif
+
+void helper_store_sdr1(target_ulong val)
+{
+ppc_store_sdr1(env, val);
+}
+
+void helper_store_hid0_601(target_ulong val)
+{
+target_ulong hid0;
+
+hid0 = env->spr[SPR_HID0];
+if ((val ^ hid0) & 0x0008) {
+/* Change current endianness */
+env->hflags &= ~(1 << MSR_LE);
+env->hflags_nmsr &= ~(1 << MSR_LE);
+env->hflags_nmsr |= (1 << MSR_LE) & (((val >> 3) & 1) << MSR_LE);
+env->hflags |= env->hflags_nmsr;
+qemu_log("%s: set endianness to %c => " TARGET_FMT_lx "\n", __func__,
+ val & 0x8 ? 'l' : 'b', env->hflags);
+}
+env->spr[SPR_HID0] = (uint32_t)val;
+}
+
+void helper_store_403_pbr(uint32_t num, target_ulong value)
+{
+if (likely(env->pb[num] != value)) {
+env->pb[num] = value;
+/* Should be optimized */
+tlb_flush(env, 1);
+}
+}
+
+void helper_store_40x_dbcr0(target_ulong val)
+{
+store_40x_dbcr0(env, val);
+}
+
+void helper_store_40x_sler(target_ulong val)
+{
+store_40x_sler(env, val);
+}
+#endif
+/*/
+/* PowerPC 601 specific instructions (POWER bridge) */
+
+target_ulong helper_clcs(uint32_t arg)
+{
+switch (arg) {
+case 0x0CUL:
+/* Instruction cache line size */
+return env->icache_line_size;
+break;
+case 0x0DUL:
+/* Data cache line size */
+return env->dcache_line_size;
+break;
+case 0x0EUL:
+/* Minimum cache line size */
+return (env->icache_line_size < env->dcache_line_size) ?
+env->icache_line_size : env->dcache_line_size;
+break;
+case 0x0FUL:
+/* Maximum cache line size */
+return (env->icache_line_size > env->dcache_line_size) ?
+env->icache_line_size : env->dcache_line_size;
+break;
+default:
+/* Undefined */
+return 0;
+break;
+}
+}
diff --git a/target-ppc/op_helper.c b/target-ppc/op_helper.c
index 0929906..cd1a533 100644
--- a/target-ppc/op_helper.c
+++ b/target-ppc/op_helper.c
@@ -31,69 +31,6 @@
 //#define DEBUG_OP
 
 /*/
-/* SPR accesses */
-void helper_load_dump_spr(uint32_t sprn)
-{
-qemu_log("Read SPR %d %03x => " TARGET_FMT_lx "\n", sprn, sprn,
- env->spr[sprn]);
-}
-
-void helper_store_dump_spr(uint32_t sprn)
-{
-qemu_log("Write SPR %d %03x <= " TARGET_FMT_lx "\n", sprn, s

[Qemu-devel] [PATCH 69/72] PPC: Add e5500 CPU target

2012-06-23 Thread Alexander Graf 
This patch adds e5500's CPU initialization to the TCG CPU initialization
code.

Signed-off-by: Alexander Graf 
---
 target-ppc/translate_init.c |   96 +-
 1 files changed, 93 insertions(+), 3 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 98695ab..d185aaa 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -4424,16 +4424,69 @@ static void init_proc_e300 (CPUPPCState *env)
 #define check_pow_e500mc   check_pow_none
 #define init_proc_e500mc   init_proc_e500mc
 
+/* e5500 core 
*/
+#define POWERPC_INSNS_e5500(PPC_INSNS_BASE | PPC_ISEL |
\
+PPC_WRTEE | PPC_RFDI | PPC_RFMCI | 
\
+PPC_CACHE | PPC_CACHE_LOCK | PPC_CACHE_ICBI |  
\
+PPC_CACHE_DCBZ | PPC_CACHE_DCBA |  
\
+PPC_FLOAT | PPC_FLOAT_FRES |   
\
+PPC_FLOAT_FRSQRTE | PPC_FLOAT_FSEL |   
\
+PPC_FLOAT_STFIWX | PPC_WAIT |  
\
+PPC_MEM_TLBSYNC | PPC_TLBIVAX | PPC_MEM_SYNC | 
\
+PPC_64B | PPC_POPCNTB | PPC_POPCNTWD)
+#define POWERPC_INSNS2_e5500   (PPC2_BOOKE206 | PPC2_PRCNTL)
+#define POWERPC_MSRM_e5500 (0x9402FB36ULL)
+#define POWERPC_MMU_e5500  (POWERPC_MMU_BOOKE206)
+#define POWERPC_EXCP_e5500 (POWERPC_EXCP_BOOKE)
+#define POWERPC_INPUT_e5500(PPC_FLAGS_INPUT_BookE)
+/* Fixme: figure out the correct flag for e5500 */
+#define POWERPC_BFDM_e5500 (bfd_mach_ppc_e500)
+#define POWERPC_FLAG_e5500 (POWERPC_FLAG_CE | POWERPC_FLAG_DE | \
+POWERPC_FLAG_PMM | POWERPC_FLAG_BUS_CLK)
+#define check_pow_e5500check_pow_none
+#define init_proc_e5500init_proc_e5500
+
+#if !defined(CONFIG_USER_ONLY)
+static void spr_write_mas73(void *opaque, int sprn, int gprn)
+{
+TCGv val = tcg_temp_new();
+tcg_gen_ext32u_tl(val, cpu_gpr[gprn]);
+gen_store_spr(SPR_BOOKE_MAS3, val);
+tcg_gen_shri_tl(val, gprn, 32);
+gen_store_spr(SPR_BOOKE_MAS7, val);
+tcg_temp_free(val);
+}
+
+static void spr_read_mas73(void *opaque, int gprn, int sprn)
+{
+TCGv mas7 = tcg_temp_new();
+TCGv mas3 = tcg_temp_new();
+gen_load_spr(mas7, SPR_BOOKE_MAS7);
+tcg_gen_shli_tl(mas7, mas7, 32);
+gen_load_spr(mas3, SPR_BOOKE_MAS3);
+tcg_gen_or_tl(cpu_gpr[gprn], mas3, mas7);
+tcg_temp_free(mas3);
+tcg_temp_free(mas7);
+}
+
+static void spr_load_epr(void *opaque, int gprn, int sprn)
+{
+gen_helper_load_epr(cpu_gpr[gprn], cpu_env);
+}
+
+#endif
+
 enum fsl_e500_version {
 fsl_e500v1,
 fsl_e500v2,
 fsl_e500mc,
+fsl_e5500,
 };
 
 static void init_proc_e500 (CPUPPCState *env, int version)
 {
 uint32_t tlbncfg[2];
-uint64_t ivor_mask = 0x000FULL;
+uint64_t ivor_mask;
 uint64_t ivpr_mask = 0xULL;
 uint32_t l1cfg0 = 0x3800  /* 8 ways */
 | 0x0020; /* 32 kb */
@@ -4448,8 +4501,16 @@ static void init_proc_e500 (CPUPPCState *env, int 
version)
  * complain when accessing them.
  * gen_spr_BookE(env, 0x000FFD7FULL);
  */
-if (version == fsl_e500mc) {
-ivor_mask = 0x03FEULL;
+switch (version) {
+case fsl_e500v1:
+case fsl_e500v2:
+default:
+ivor_mask = 0x000FULL;
+break;
+case fsl_e500mc:
+case fsl_e5500:
+ivor_mask = 0x03FEULL;
+break;
 }
 gen_spr_BookE(env, ivor_mask);
 /* Processor identification */
@@ -4477,6 +4538,7 @@ static void init_proc_e500 (CPUPPCState *env, int version)
 tlbncfg[1] = gen_tlbncfg(16, 1, 12, TLBnCFG_AVAIL | TLBnCFG_IPROT, 16);
 break;
 case fsl_e500mc:
+case fsl_e5500:
 tlbncfg[0] = gen_tlbncfg(4, 1, 1, 0, 512);
 tlbncfg[1] = gen_tlbncfg(64, 1, 12, TLBnCFG_AVAIL | TLBnCFG_IPROT, 64);
 break;
@@ -4492,6 +4554,7 @@ static void init_proc_e500 (CPUPPCState *env, int version)
 env->icache_line_size = 32;
 break;
 case fsl_e500mc:
+case fsl_e5500:
 env->dcache_line_size = 64;
 env->icache_line_size = 64;
 l1cfg0 |= 0x100; /* 64 byte cache block size */
@@ -4567,6 +4630,22 @@ static void init_proc_e500 (CPUPPCState *env, int 
version)
  SPR_NOACCESS, SPR_NOACCESS,
  &spr_read_generic, &spr_write_booke206_mmucsr0,
  0x);
+spr_register(env, SPR_BOOKE_EPR, "EPR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ &spr_load_epr, SPR_NOACCESS,
+ 0x);
+/* XXX better abstract into Emb.xxx features */
+if (version == fs

[Qemu-devel] [PATCH 28/72] spapr_vscsi: Error handling fixes

2012-06-23 Thread Alexander Graf 
From: Benjamin Herrenschmidt 

We were incorrectly g_free'ing an object that isn't allocated
in one error path and failed to release it completely in another

This fixes qemu crashes with some cases of IO errors.

Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Alexander Graf 
---
 hw/spapr_vscsi.c |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/hw/spapr_vscsi.c b/hw/spapr_vscsi.c
index 037867a..2f09616 100644
--- a/hw/spapr_vscsi.c
+++ b/hw/spapr_vscsi.c
@@ -800,6 +800,7 @@ static void vscsi_got_payload(VSCSIState *s, vscsi_crq *crq)
 if (crq->s.IU_length > sizeof(union viosrp_iu)) {
 fprintf(stderr, "VSCSI: SRP IU too long (%d bytes) !\n",
 crq->s.IU_length);
+vscsi_put_req(req);
 return;
 }
 
@@ -807,7 +808,8 @@ static void vscsi_got_payload(VSCSIState *s, vscsi_crq *crq)
 if (spapr_tce_dma_read(&s->vdev, crq->s.IU_data_ptr, &req->iu,
crq->s.IU_length)) {
 fprintf(stderr, "vscsi_got_payload: DMA read failure !\n");
-g_free(req);
+vscsi_put_req(req);
+return;
 }
 memcpy(&req->crq, crq, sizeof(vscsi_crq));
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 67/72] PPC: BookE: Implement EPR SPR

2012-06-23 Thread Alexander Graf 
On the e500 series, accessing SPR_EPR magically turns into an access at
that CPU's IACK register on the MPIC. Implement that logic to get kernels
that make use of that feature work.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c   |1 +
 target-ppc/Makefile.objs |1 +
 target-ppc/cpu.h |1 +
 target-ppc/helper.h  |1 +
 target-ppc/mpic_helper.c |   35 +++
 5 files changed, 39 insertions(+), 0 deletions(-)
 create mode 100644 target-ppc/mpic_helper.c

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index d38ad99..8b9fd83 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -469,6 +469,7 @@ static void mpc8544ds_init(ram_addr_t ram_size,
 irqs[i][OPENPIC_OUTPUT_INT] = input[PPCE500_INPUT_INT];
 irqs[i][OPENPIC_OUTPUT_CINT] = input[PPCE500_INPUT_CINT];
 env->spr[SPR_BOOKE_PIR] = env->cpu_index = i;
+env->mpic_cpu_base = MPC8544_MPIC_REGS_BASE + 0x2;
 
 ppc_booke_timers_init(env, 4, PPC_TIMER_E500);
 
diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 6c11ef8..237a0ed 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -9,3 +9,4 @@ obj-y += mmu_helper.o
 obj-y += timebase_helper.o
 obj-y += misc_helper.o
 obj-y += mem_helper.o
+obj-y += mpic_helper.o
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 7a77fff..652a35a 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1066,6 +1066,7 @@ struct CPUPPCState {
 target_ulong ivor_mask;
 target_ulong ivpr_mask;
 target_ulong hreset_vector;
+target_phys_addr_t mpic_cpu_base;
 #endif
 
 /* Those resources are used only during code translation */
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index ddab97b..fd04c06 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -405,6 +405,7 @@ DEF_HELPER_2(store_40x_dbcr0, void, env, tl)
 DEF_HELPER_2(store_40x_sler, void, env, tl)
 DEF_HELPER_2(store_booke_tcr, void, env, tl)
 DEF_HELPER_2(store_booke_tsr, void, env, tl)
+DEF_HELPER_1(load_epr, tl, env)
 DEF_HELPER_3(store_ibatl, void, env, i32, tl)
 DEF_HELPER_3(store_ibatu, void, env, i32, tl)
 DEF_HELPER_3(store_dbatl, void, env, i32, tl)
diff --git a/target-ppc/mpic_helper.c b/target-ppc/mpic_helper.c
new file mode 100644
index 000..2c6a4d3
--- /dev/null
+++ b/target-ppc/mpic_helper.c
@@ -0,0 +1,35 @@
+/*
+ *  PowerPC emulation helpers for QEMU.
+ *
+ *  Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#include "cpu.h"
+#include "helper.h"
+
+/*/
+/* SPR accesses */
+
+#if !defined(CONFIG_USER_ONLY)
+/*
+ * This is an ugly helper for EPR, which is basically the same as accessing
+ * the IACK (PIAC) register on the MPIC. Because we model the MPIC as a device
+ * that can only talk to the CPU through MMIO, let's access it that way!
+ */
+target_ulong helper_load_epr(CPUPPCState *env)
+{
+return ldl_phys(env->mpic_cpu_base + 0xA0);
+}
+#endif
-- 
1.6.0.2

[Qemu-devel] [PATCH 27/72] pseries: Correctly create ibm, segment-page-sizes property

2012-06-23 Thread Alexander Graf 
From: Benjamin Herrenschmidt 

The core tcg/kvm code for ppc64 now has at least the outline
capability to support pagesizes beyond the standard 4k and 16MB.  The
CPUState is initialized with information advertising the available
pagesizes and their correct encodings, and under the right KVM setup
this will be populated with page sizes beyond the standard.

Obviously guests can't use the extra page sizes unless they know
they're present.  For the pseries machine, at least, there is a
defined method for conveying exactly this information, the
"ibm-segment-page-sizes" property in the guest device tree.

This patch generates this property using the supported page size
information that's already in the CPUState.

Signed-off-by: Nishanth Aravamudan 
Signed-off-by: David Gibson 
Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Alexander Graf 
---
 hw/spapr.c |   43 +++
 1 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/hw/spapr.c b/hw/spapr.c
index d0bddbc..1b01d64 100644
--- a/hw/spapr.c
+++ b/hw/spapr.c
@@ -146,6 +146,40 @@ static int spapr_set_associativity(void *fdt, 
sPAPREnvironment *spapr)
 return ret;
 }
 
+
+static size_t create_page_sizes_prop(CPUPPCState *env, uint32_t *prop,
+ size_t maxsize)
+{
+size_t maxcells = maxsize / sizeof(uint32_t);
+int i, j, count;
+uint32_t *p = prop;
+
+for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) {
+struct ppc_one_seg_page_size *sps = &env->sps.sps[i];
+
+if (!sps->page_shift) {
+break;
+}
+for (count = 0; count < PPC_PAGE_SIZES_MAX_SZ; count++) {
+if (sps->enc[count].page_shift == 0) {
+break;
+}
+}
+if ((p - prop) >= (maxcells - 3 - count * 2)) {
+break;
+}
+*(p++) = cpu_to_be32(sps->page_shift);
+*(p++) = cpu_to_be32(sps->slb_enc);
+*(p++) = cpu_to_be32(count);
+for (j = 0; j < count; j++) {
+*(p++) = cpu_to_be32(sps->enc[j].page_shift);
+*(p++) = cpu_to_be32(sps->enc[j].pte_enc);
+}
+}
+
+return (p - prop) * sizeof(uint32_t);
+}
+
 static void *spapr_create_fdt_skel(const char *cpu_model,
target_phys_addr_t rma_size,
target_phys_addr_t initrd_base,
@@ -298,6 +332,8 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
0x, 0x};
 uint32_t tbfreq = kvm_enabled() ? kvmppc_get_tbfreq() : TIMEBASE_FREQ;
 uint32_t cpufreq = kvm_enabled() ? kvmppc_get_clockfreq() : 10;
+uint32_t page_sizes_prop[64];
+size_t page_sizes_prop_size;
 
 if ((index % smt) != 0) {
 continue;
@@ -362,6 +398,13 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
 _FDT((fdt_property_cell(fdt, "ibm,dfp", 1)));
 }
 
+page_sizes_prop_size = create_page_sizes_prop(env, page_sizes_prop,
+  sizeof(page_sizes_prop));
+if (page_sizes_prop_size) {
+_FDT((fdt_property(fdt, "ibm,segment-page-sizes",
+   page_sizes_prop, page_sizes_prop_size)));
+}
+
 _FDT((fdt_end_node(fdt)));
 }
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 48/72] PPC: e500: dt: create global-utils node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |9 +
 pc-bios/mpc8544ds.dts  |6 --
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 5c2b6ab..03938b2 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -85,6 +85,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char ser1[128];
 char mpic[128];
 uint32_t mpic_ph;
+char gutil[128];
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -247,6 +248,14 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_string(fdt, "/aliases", "serial0", ser0);
 qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser0);
 
+snprintf(gutil, sizeof(gutil), "%s/global-utilities@%x", soc,
+ MPC8544_UTIL_BASE - MPC8544_CCSRBAR_BASE);
+qemu_devtree_add_subnode(fdt, gutil);
+qemu_devtree_setprop_string(fdt, gutil, "compatible", "fsl,mpc8544-guts");
+qemu_devtree_setprop_cells(fdt, gutil, "reg", MPC8544_UTIL_BASE -
+   MPC8544_CCSRBAR_BASE, 0x1000);
+qemu_devtree_setprop(fdt, gutil, "fsl,has-rstcr", NULL, 0);
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 if (ret < 0) {
 goto out;
diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index e536ab1..4c7bd75 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -24,12 +24,6 @@
compatible = "chrp,open-pic";
device_type = "open-pic";
};
-
-global-utilities@e {//global utilities block
-compatible = "fsl,mpc8544-guts";
-reg = <0xe 0x1000>;
-fsl,has-rstcr;
-};
};
 
pci0: pci@e0008000 {
-- 
1.6.0.2

[Qemu-devel] [PATCH 71/72] PPC: BookE: Support 32 and 64 bit wide MAS2

2012-06-23 Thread Alexander Graf 
The MAS registers on BookE are all 32 bit wide, except for MAS2, which
can hold up to 64 bit on 64 bit capable CPUs. Reflect this in the SPR
setting code, so that the guest can never write invalid values in them.

Signed-off-by: Alexander Graf 
---
 target-ppc/translate_init.c |   19 ++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 8ff47ae..e6580ff 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -86,6 +86,19 @@ static void spr_write_generic (void *opaque, int sprn, int 
gprn)
 }
 
 #if !defined(CONFIG_USER_ONLY)
+static void spr_write_generic32(void *opaque, int sprn, int gprn)
+{
+#ifdef TARGET_PPC64
+TCGv t0 = tcg_temp_new();
+tcg_gen_ext32u_tl(t0, cpu_gpr[gprn]);
+gen_store_spr(sprn, t0);
+tcg_temp_free(t0);
+spr_store_dump_spr(sprn);
+#else
+spr_write_generic(opaque, sprn, gprn);
+#endif
+}
+
 static void spr_write_clear (void *opaque, int sprn, int gprn)
 {
 TCGv t0 = tcg_temp_new();
@@ -1597,10 +1610,14 @@ static void gen_spr_BookE206(CPUPPCState *env, uint32_t 
mas_mask,
 /* TLB assist registers */
 /* XXX : not implemented */
 for (i = 0; i < 8; i++) {
+void (*uea_write)(void *o, int sprn, int gprn) = &spr_write_generic32;
+if (i == 2 && (mas_mask & (1 << i)) && (env->insns_flags & PPC_64B)) {
+uea_write = &spr_write_generic;
+}
 if (mas_mask & (1 << i)) {
 spr_register(env, mas_sprn[i], mas_names[i],
  SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, uea_write,
  0x);
 }
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 18/72] ppc: Avoid AREG0 for misc helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs|1 -
 target-ppc/helper.h |   18 +-
 target-ppc/misc_helper.c|   19 +--
 target-ppc/translate.c  |2 +-
 target-ppc/translate_init.c |   12 ++--
 5 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 3a444eb..8d4d16b 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -9,5 +9,4 @@ obj-y += mmu_helper.o
 obj-y += timebase_helper.o
 obj-y += misc_helper.o
 
-$(obj)/misc_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 81fc40e..b7a157e 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -363,7 +363,7 @@ DEF_HELPER_2(msgclr, void, env, tl)
 #endif
 
 DEF_HELPER_4(dlmzb, tl, env, tl, tl, i32)
-DEF_HELPER_FLAGS_1(clcs, TCG_CALL_CONST | TCG_CALL_PURE, tl, i32)
+DEF_HELPER_FLAGS_2(clcs, TCG_CALL_CONST | TCG_CALL_PURE, tl, env, i32)
 #if !defined(CONFIG_USER_ONLY)
 DEF_HELPER_2(rac, tl, env, tl)
 #endif
@@ -375,8 +375,8 @@ DEF_HELPER_3(divso, tl, env, tl, tl)
 DEF_HELPER_2(load_dcr, tl, env, tl);
 DEF_HELPER_3(store_dcr, void, env, tl, tl)
 
-DEF_HELPER_1(load_dump_spr, void, i32)
-DEF_HELPER_1(store_dump_spr, void, i32)
+DEF_HELPER_2(load_dump_spr, void, env, i32)
+DEF_HELPER_2(store_dump_spr, void, env, i32)
 DEF_HELPER_1(load_tbl, tl, env)
 DEF_HELPER_1(load_tbu, tl, env)
 DEF_HELPER_1(load_atbl, tl, env)
@@ -385,10 +385,10 @@ DEF_HELPER_1(load_601_rtcl, tl, env)
 DEF_HELPER_1(load_601_rtcu, tl, env)
 #if !defined(CONFIG_USER_ONLY)
 #if defined(TARGET_PPC64)
-DEF_HELPER_1(store_asr, void, tl)
+DEF_HELPER_2(store_asr, void, env, tl)
 DEF_HELPER_1(load_purr, tl, env)
 #endif
-DEF_HELPER_1(store_sdr1, void, tl)
+DEF_HELPER_2(store_sdr1, void, env, tl)
 DEF_HELPER_2(store_tbl, void, env, tl)
 DEF_HELPER_2(store_tbu, void, env, tl)
 DEF_HELPER_2(store_atbl, void, env, tl)
@@ -397,12 +397,12 @@ DEF_HELPER_2(store_601_rtcl, void, env, tl)
 DEF_HELPER_2(store_601_rtcu, void, env, tl)
 DEF_HELPER_1(load_decr, tl, env)
 DEF_HELPER_2(store_decr, void, env, tl)
-DEF_HELPER_1(store_hid0_601, void, tl)
-DEF_HELPER_2(store_403_pbr, void, i32, tl)
+DEF_HELPER_2(store_hid0_601, void, env, tl)
+DEF_HELPER_3(store_403_pbr, void, env, i32, tl)
 DEF_HELPER_1(load_40x_pit, tl, env)
 DEF_HELPER_2(store_40x_pit, void, env, tl)
-DEF_HELPER_1(store_40x_dbcr0, void, tl)
-DEF_HELPER_1(store_40x_sler, void, tl)
+DEF_HELPER_2(store_40x_dbcr0, void, env, tl)
+DEF_HELPER_2(store_40x_sler, void, env, tl)
 DEF_HELPER_2(store_booke_tcr, void, env, tl)
 DEF_HELPER_2(store_booke_tsr, void, env, tl)
 DEF_HELPER_3(store_ibatl, void, env, i32, tl)
diff --git a/target-ppc/misc_helper.c b/target-ppc/misc_helper.c
index 67eab08..b194d19 100644
--- a/target-ppc/misc_helper.c
+++ b/target-ppc/misc_helper.c
@@ -17,38 +17,37 @@
  * License along with this library; if not, see .
  */
 #include "cpu.h"
-#include "dyngen-exec.h"
 #include "helper.h"
 
 #include "helper_regs.h"
 
 /*/
 /* SPR accesses */
-void helper_load_dump_spr(uint32_t sprn)
+void helper_load_dump_spr(CPUPPCState *env, uint32_t sprn)
 {
 qemu_log("Read SPR %d %03x => " TARGET_FMT_lx "\n", sprn, sprn,
  env->spr[sprn]);
 }
 
-void helper_store_dump_spr(uint32_t sprn)
+void helper_store_dump_spr(CPUPPCState *env, uint32_t sprn)
 {
 qemu_log("Write SPR %d %03x <= " TARGET_FMT_lx "\n", sprn, sprn,
  env->spr[sprn]);
 }
 #if !defined(CONFIG_USER_ONLY)
 #if defined(TARGET_PPC64)
-void helper_store_asr(target_ulong val)
+void helper_store_asr(CPUPPCState *env, target_ulong val)
 {
 ppc_store_asr(env, val);
 }
 #endif
 
-void helper_store_sdr1(target_ulong val)
+void helper_store_sdr1(CPUPPCState *env, target_ulong val)
 {
 ppc_store_sdr1(env, val);
 }
 
-void helper_store_hid0_601(target_ulong val)
+void helper_store_hid0_601(CPUPPCState *env, target_ulong val)
 {
 target_ulong hid0;
 
@@ -65,7 +64,7 @@ void helper_store_hid0_601(target_ulong val)
 env->spr[SPR_HID0] = (uint32_t)val;
 }
 
-void helper_store_403_pbr(uint32_t num, target_ulong value)
+void helper_store_403_pbr(CPUPPCState *env, uint32_t num, target_ulong value)
 {
 if (likely(env->pb[num] != value)) {
 env->pb[num] = value;
@@ -74,12 +73,12 @@ void helper_store_403_pbr(uint32_t num, target_ulong value)
 }
 }
 
-void helper_store_40x_dbcr0(target_ulong val)
+void helper_store_40x_dbcr0(CPUPPCState *env, target_ulong val)
 {
 store_40x_dbcr0(env, val);
 }
 
-void helper_store_40x_sler(target_ulong val)
+void helper_store_40x_sler(CPUPPCState *env, target_ulong val)

[Qemu-devel] [PATCH 58/72] PPC: e500: Define addresses as always 64bit

2012-06-23 Thread Alexander Graf 
Every time we use an address constant, it needs to potentially fit into
a 64bit physical address space. So let's define things accordingly.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   34 +-
 1 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 7dc3a07..c6a09bb 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -42,17 +42,17 @@
 
 #define RAM_SIZES_ALIGN(64UL << 20)
 
-#define MPC8544_CCSRBAR_BASE   0xE000
-#define MPC8544_CCSRBAR_SIZE   0x0010
-#define MPC8544_MPIC_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4)
-#define MPC8544_SERIAL0_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4500)
-#define MPC8544_SERIAL1_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4600)
-#define MPC8544_PCI_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x8000)
-#define MPC8544_PCI_REGS_SIZE  0x1000
-#define MPC8544_PCI_IO 0xE100
-#define MPC8544_PCI_IOLEN  0x1
-#define MPC8544_UTIL_BASE  (MPC8544_CCSRBAR_BASE + 0xe)
-#define MPC8544_SPIN_BASE  0xEF00
+#define MPC8544_CCSRBAR_BASE   0xE000ULL
+#define MPC8544_CCSRBAR_SIZE   0x0010ULL
+#define MPC8544_MPIC_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4ULL)
+#define MPC8544_SERIAL0_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4500ULL)
+#define MPC8544_SERIAL1_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4600ULL)
+#define MPC8544_PCI_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x8000ULL)
+#define MPC8544_PCI_REGS_SIZE  0x1000ULL
+#define MPC8544_PCI_IO 0xE100ULL
+#define MPC8544_PCI_IOLEN  0x1ULL
+#define MPC8544_UTIL_BASE  (MPC8544_CCSRBAR_BASE + 0xeULL)
+#define MPC8544_SPIN_BASE  0xEF00ULL
 
 struct boot_info
 {
@@ -232,7 +232,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 
 qemu_devtree_add_subnode(fdt, "/aliases");
 /* XXX These should go into their respective devices' code */
-snprintf(soc, sizeof(soc), "/soc@%x", MPC8544_CCSRBAR_BASE);
+snprintf(soc, sizeof(soc), "/soc@%llx", MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, soc);
 qemu_devtree_setprop_string(fdt, soc, "device_type", "soc");
 qemu_devtree_setprop(fdt, soc, "compatible", compatible_sb,
@@ -244,7 +244,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 /* XXX should contain a reasonable value */
 qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
 
-snprintf(mpic, sizeof(mpic), "%s/pic@%x", soc,
+snprintf(mpic, sizeof(mpic), "%s/pic@%llx", soc,
  MPC8544_MPIC_REGS_BASE - MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, mpic);
 qemu_devtree_setprop_string(fdt, mpic, "device_type", "open-pic");
@@ -266,7 +266,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
  * device it finds in the dt as serial output device. And we generate
  * devices in reverse order to the dt.
  */
-snprintf(ser1, sizeof(ser1), "%s/serial@%x", soc,
+snprintf(ser1, sizeof(ser1), "%s/serial@%llx", soc,
  MPC8544_SERIAL1_REGS_BASE - MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, ser1);
 qemu_devtree_setprop_string(fdt, ser1, "device_type", "serial");
@@ -279,7 +279,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_phandle(fdt, ser1, "interrupt-parent", mpic);
 qemu_devtree_setprop_string(fdt, "/aliases", "serial1", ser1);
 
-snprintf(ser0, sizeof(ser0), "%s/serial@%x", soc,
+snprintf(ser0, sizeof(ser0), "%s/serial@%llx", soc,
  MPC8544_SERIAL0_REGS_BASE - MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, ser0);
 qemu_devtree_setprop_string(fdt, ser0, "device_type", "serial");
@@ -293,7 +293,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_string(fdt, "/aliases", "serial0", ser0);
 qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser0);
 
-snprintf(gutil, sizeof(gutil), "%s/global-utilities@%x", soc,
+snprintf(gutil, sizeof(gutil), "%s/global-utilities@%llx", soc,
  MPC8544_UTIL_BASE - MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, gutil);
 qemu_devtree_setprop_string(fdt, gutil, "compatible", "fsl,mpc8544-guts");
@@ -301,7 +301,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
MPC8544_CCSRBAR_BASE, 0x1000);
 qemu_devtree_setprop(fdt, gutil, "fsl,has-rstcr", NULL, 0);
 
-snprintf(pci, sizeof(pci), "/pci@%x", MPC8544_PCI_REGS_BASE);
+snprintf(pci, sizeof(pci), "/pci@%llx", MPC8544_PCI_REGS_BASE);
 qemu_devtree_add_subnode(fdt, pci);
 qemu_devtree_setprop_cell(fdt, pci, "cell-index", 0);
 qemu_devtree_setprop_string(fdt, pci, "compatible", "fsl,mpc8540-pci");
-- 
1.6.0.2

[Qemu-devel] [PATCH 41/72] PPC: e500: dt: create /cpus node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |5 +
 pc-bios/mpc8544ds.dtb  |  Bin 1972 -> 1924 bytes
 pc-bios/mpc8544ds.dts  |5 -
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 3ec9013..c046206 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -125,6 +125,11 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
  hypercall, sizeof(hypercall));
 }
 
+/* Create CPU nodes */
+qemu_devtree_add_subnode(fdt, "/cpus");
+qemu_devtree_setprop_cell(fdt, "/cpus", "#address-cells", 1);
+qemu_devtree_setprop_cell(fdt, "/cpus", "#size-cells", 0);
+
 /* We need to generate the cpu nodes in reverse order, so Linux can pick
the first node as boot node and be happy */
 for (i = smp_cpus - 1; i >= 0; i--) {
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
index 
db9fb701f246e058bca4c2fe9546c9f2493a57b1..a85b93c1e6e66c318c3f0c1910abae78f4b78f5e
 100644
GIT binary patch
delta 34
qcmdnO-@-3&f%o5A1_t&P1_lNT1_ri_i2~w`1`{=YYz|;dVFLiG$q8rx

delta 43
zcmZqS-@-3&f%o5A1_t&m3=9kw3=C{DCJKl%CQQ`$!IE51T0Gf+QF*gCV=fy28+Z(E

diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index f46e9ed..1fcb865 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -22,11 +22,6 @@
pci0 = &pci0;
};
 
-   cpus {
-   #address-cells = <1>;
-   #size-cells = <0>;
-   };
-
soc8544@e000 {
#address-cells = <1>;
#size-cells = <1>;
-- 
1.6.0.2

[Qemu-devel] [PATCH 59/72] PPC: e500: Extend address/size of / to 64bit

2012-06-23 Thread Alexander Graf 
We want to be able to support >= 4GB of RAM. To do so, we need to be able
to tell the guest OS how much RAM it has.

However, that information today is capped to 32bit. So let's extend the
offset and size fields to 64bit, so we can fit in big addresses and even
one day - if we wish to do so - map devices above 32bit.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   28 ++--
 1 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index c6a09bb..bf48bc7 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -90,7 +90,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 const char *kernel_cmdline)
 {
 int ret = -1;
-uint32_t mem_reg_property[] = {0, cpu_to_be32(ramsize)};
+uint64_t mem_reg_property[] = { 0, cpu_to_be64(ramsize) };
 int fdt_size;
 void *fdt;
 uint8_t hypercall[16];
@@ -108,9 +108,16 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char gutil[128];
 char pci[128];
 uint32_t pci_map[9 * 8];
-uint32_t pci_ranges[12] = { 0x200, 0x0, 0xc000, 0xc000, 0x0,
-0x2000, 0x100, 0x0, 0x0, 0xe100,
-0x0, 0x1 };
+uint32_t pci_ranges[14] =
+{
+0x200, 0x0, 0xc000,
+0x0, 0xc000,
+0x0, 0x2000,
+
+0x100, 0x0, 0x0,
+0x0, 0xe100,
+0x0, 0x1,
+};
 QemuOpts *machine_opts;
 const char *dumpdtb = NULL;
 const char *dtb_file = NULL;
@@ -144,8 +151,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_string(fdt, "/", "model", model);
 qemu_devtree_setprop(fdt, "/", "compatible", compatible,
  sizeof(compatible));
-qemu_devtree_setprop_cell(fdt, "/", "#address-cells", 1);
-qemu_devtree_setprop_cell(fdt, "/", "#size-cells", 1);
+qemu_devtree_setprop_cell(fdt, "/", "#address-cells", 2);
+qemu_devtree_setprop_cell(fdt, "/", "#size-cells", 2);
 
 qemu_devtree_add_subnode(fdt, "/memory");
 qemu_devtree_setprop_string(fdt, "/memory", "device_type", "memory");
@@ -239,7 +246,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
  sizeof(compatible_sb));
 qemu_devtree_setprop_cell(fdt, soc, "#address-cells", 1);
 qemu_devtree_setprop_cell(fdt, soc, "#size-cells", 1);
-qemu_devtree_setprop_cells(fdt, soc, "ranges", 0x0, MPC8544_CCSRBAR_BASE,
+qemu_devtree_setprop_cells(fdt, soc, "ranges", 0x0,
+   MPC8544_CCSRBAR_BASE >> 32, 
MPC8544_CCSRBAR_BASE,
MPC8544_CCSRBAR_SIZE);
 /* XXX should contain a reasonable value */
 qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
@@ -313,12 +321,12 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_phandle(fdt, pci, "interrupt-parent", mpic);
 qemu_devtree_setprop_cells(fdt, pci, "interrupts", 24, 2, 0, 0);
 qemu_devtree_setprop_cells(fdt, pci, "bus-range", 0, 255);
-for (i = 0; i < 12; i++) {
+for (i = 0; i < 14; i++) {
 pci_ranges[i] = cpu_to_be32(pci_ranges[i]);
 }
 qemu_devtree_setprop(fdt, pci, "ranges", pci_ranges, sizeof(pci_ranges));
-qemu_devtree_setprop_cells(fdt, pci, "reg", MPC8544_PCI_REGS_BASE,
-   0x1000);
+qemu_devtree_setprop_cells(fdt, pci, "reg", MPC8544_PCI_REGS_BASE >> 32,
+   MPC8544_PCI_REGS_BASE, 0, 0x1000);
 qemu_devtree_setprop_cell(fdt, pci, "clock-frequency", );
 qemu_devtree_setprop_cell(fdt, pci, "#interrupt-cells", 1);
 qemu_devtree_setprop_cell(fdt, pci, "#size-cells", 2);
-- 
1.6.0.2

[Qemu-devel] [PATCH 09/72] ppc: Avoid AREG0 for integer and vector helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
[fix unwanted whitespace line in Makefile.target]
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |1 -
 target-ppc/helper.h  |  176 +++---
 target-ppc/int_helper.c  |  120 +++
 target-ppc/translate.c   |  174 +++--
 4 files changed, 280 insertions(+), 191 deletions(-)

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 97e440b..5d63400 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -6,5 +6,4 @@ obj-y += excp_helper.o
 obj-y += fpu_helper.o
 obj-y += int_helper.o
 
-$(obj)/int_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 0aba7f8..7074bad 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -33,17 +33,17 @@ DEF_HELPER_4(lscbx, tl, tl, i32, i32, i32)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_2(mulhd, TCG_CALL_CONST | TCG_CALL_PURE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(mulhdu, TCG_CALL_CONST | TCG_CALL_PURE, i64, i64, i64)
-DEF_HELPER_2(mulldo, i64, i64, i64)
+DEF_HELPER_3(mulldo, i64, env, i64, i64)
 #endif
 
 DEF_HELPER_FLAGS_1(cntlzw, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntb, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntw, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
-DEF_HELPER_2(sraw, tl, tl, tl)
+DEF_HELPER_3(sraw, tl, env, tl, tl)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_1(cntlzd, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntd, TCG_CALL_CONST | TCG_CALL_PURE, tl, tl)
-DEF_HELPER_2(srad, tl, tl, tl)
+DEF_HELPER_3(srad, tl, env, tl, tl)
 #endif
 
 DEF_HELPER_FLAGS_1(cntlsw32, TCG_CALL_CONST | TCG_CALL_PURE, i32, i32)
@@ -120,32 +120,32 @@ DEF_HELPER_3(vminuw, void, avr, avr, avr)
 DEF_HELPER_3(vmaxub, void, avr, avr, avr)
 DEF_HELPER_3(vmaxuh, void, avr, avr, avr)
 DEF_HELPER_3(vmaxuw, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequb, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequh, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequw, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtub, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtuh, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtuw, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsb, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsh, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsw, void, avr, avr, avr)
-DEF_HELPER_3(vcmpeqfp, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgefp, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtfp, void, avr, avr, avr)
-DEF_HELPER_3(vcmpbfp, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequb_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequh_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpequw_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtub_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtuh_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtuw_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsb_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsh_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtsw_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpeqfp_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgefp_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpgtfp_dot, void, avr, avr, avr)
-DEF_HELPER_3(vcmpbfp_dot, void, avr, avr, avr)
+DEF_HELPER_4(vcmpequb, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpequh, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpequw, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtub, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtuh, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtuw, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsb, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsh, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsw, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpeqfp, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgefp, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtfp, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpbfp, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpequb_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpequh_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpequw_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtub_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtuh_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtuw_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsb_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsh_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtsw_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpeqfp_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgefp_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpgtfp_dot, void, env, avr, avr, avr)
+DEF_HELPER_4(vcmpbfp_dot, void, env, avr, avr, avr)
 DEF_HELPER_3(vmrglb, void, avr, avr, avr)
 DEF_HELPER_3(vmrglh, void, avr, avr, avr)
 DEF_HELPER_3(vmrglw, void, avr, avr, avr)
@@ -175,18 +175,18 @@ DEF_HELPER_3(vaddcuw, void, avr, avr, avr)
 DEF_HELPER_3(vsubcuw, void, avr, avr, avr)
 DEF_HELPER_2(lvs

[Qemu-devel] [PATCH 56/72] PPC: e500: Use new MPIC dt format

2012-06-23 Thread Alexander Graf 
Due to popular demand, we're updating the way we generate the MPIC
node and interrupt lines based on what the current state of art is.

Requested-by: Scott Wood 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   33 ++---
 1 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index fa10df2..e3e0659 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -67,18 +67,18 @@ static void pci_map_create(void *fdt, uint32_t *pci_map, 
uint32_t mpic)
 int i;
 const uint32_t tmp[] = {
  /* IDSEL 0x11 J17 Slot 1 */
- 0x8800, 0x0, 0x0, 0x1, mpic, 0x2, 0x1,
- 0x8800, 0x0, 0x0, 0x2, mpic, 0x3, 0x1,
- 0x8800, 0x0, 0x0, 0x3, mpic, 0x4, 0x1,
- 0x8800, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
+ 0x8800, 0x0, 0x0, 0x1, mpic, 0x2, 0x1, 0x0, 0x0,
+ 0x8800, 0x0, 0x0, 0x2, mpic, 0x3, 0x1, 0x0, 0x0,
+ 0x8800, 0x0, 0x0, 0x3, mpic, 0x4, 0x1, 0x0, 0x0,
+ 0x8800, 0x0, 0x0, 0x4, mpic, 0x1, 0x1, 0x0, 0x0,
 
  /* IDSEL 0x12 J16 Slot 2 */
- 0x9000, 0x0, 0x0, 0x1, mpic, 0x3, 0x1,
- 0x9000, 0x0, 0x0, 0x2, mpic, 0x4, 0x1,
- 0x9000, 0x0, 0x0, 0x3, mpic, 0x2, 0x1,
- 0x9000, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
+ 0x9000, 0x0, 0x0, 0x1, mpic, 0x3, 0x1, 0x0, 0x0,
+ 0x9000, 0x0, 0x0, 0x2, mpic, 0x4, 0x1, 0x0, 0x0,
+ 0x9000, 0x0, 0x0, 0x3, mpic, 0x2, 0x1, 0x0, 0x0,
+ 0x9000, 0x0, 0x0, 0x4, mpic, 0x1, 0x1, 0x0, 0x0,
};
-for (i = 0; i < (7 * 8); i++) {
+for (i = 0; i < ARRAY_SIZE(tmp); i++) {
 pci_map[i] = cpu_to_be32(tmp[i]);
 }
 }
@@ -107,7 +107,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 uint32_t mpic_ph;
 char gutil[128];
 char pci[128];
-uint32_t pci_map[7 * 8];
+uint32_t pci_map[9 * 8];
 uint32_t pci_ranges[12] = { 0x200, 0x0, 0xc000, 0xc000, 0x0,
 0x2000, 0x100, 0x0, 0x0, 0xe100,
 0x0, 0x1 };
@@ -249,15 +249,18 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
  MPC8544_MPIC_REGS_BASE - MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, mpic);
 qemu_devtree_setprop_string(fdt, mpic, "device_type", "open-pic");
-qemu_devtree_setprop_string(fdt, mpic, "compatible", "chrp,open-pic");
+qemu_devtree_setprop_string(fdt, mpic, "compatible", "fsl,mpic");
 qemu_devtree_setprop_cells(fdt, mpic, "reg", MPC8544_MPIC_REGS_BASE -
MPC8544_CCSRBAR_BASE, 0x4);
 qemu_devtree_setprop_cell(fdt, mpic, "#address-cells", 0);
-qemu_devtree_setprop_cell(fdt, mpic, "#interrupt-cells", 2);
+qemu_devtree_setprop_cell(fdt, mpic, "#interrupt-cells", 4);
 mpic_ph = qemu_devtree_alloc_phandle(fdt);
 qemu_devtree_setprop_cell(fdt, mpic, "phandle", mpic_ph);
 qemu_devtree_setprop_cell(fdt, mpic, "linux,phandle", mpic_ph);
 qemu_devtree_setprop(fdt, mpic, "interrupt-controller", NULL, 0);
+qemu_devtree_setprop(fdt, mpic, "big-endian", NULL, 0);
+qemu_devtree_setprop(fdt, mpic, "single-cpu-affinity", NULL, 0);
+qemu_devtree_setprop_cell(fdt, mpic, "last-interrupt-source", 255);
 
 /*
  * We have to generate ser1 first, because Linux takes the first
@@ -273,7 +276,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
MPC8544_CCSRBAR_BASE, 0x100);
 qemu_devtree_setprop_cell(fdt, ser1, "cell-index", 1);
 qemu_devtree_setprop_cell(fdt, ser1, "clock-frequency", 0);
-qemu_devtree_setprop_cells(fdt, ser1, "interrupts", 42, 2);
+qemu_devtree_setprop_cells(fdt, ser1, "interrupts", 42, 2, 0, 0);
 qemu_devtree_setprop_phandle(fdt, ser1, "interrupt-parent", mpic);
 qemu_devtree_setprop_string(fdt, "/aliases", "serial1", ser1);
 
@@ -286,7 +289,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
MPC8544_CCSRBAR_BASE, 0x100);
 qemu_devtree_setprop_cell(fdt, ser0, "cell-index", 0);
 qemu_devtree_setprop_cell(fdt, ser0, "clock-frequency", 0);
-qemu_devtree_setprop_cells(fdt, ser0, "interrupts", 42, 2);
+qemu_devtree_setprop_cells(fdt, ser0, "interrupts", 42, 2, 0, 0);
 qemu_devtree_setprop_phandle(fdt, ser0, "interrupt-parent", mpic);
 qemu_devtree_setprop_string(fdt, "/aliases", "serial0", ser0);
 qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser0);
@@ -309,7 +312,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 pci_map_create(fdt, pci_map

[Qemu-devel] [PATCH 24/72] Avoid segfault in cpu_dump_state

2012-06-23 Thread Alexander Graf 
From: Fabien Chouteau 

Do not call cpu_dump_state if logfile is NULL.

Signed-off-by: Fabien Chouteau 
[agraf: adjust to inline functions]
Signed-off-by: Alexander Graf 
---
 qemu-log.h |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/qemu-log.h b/qemu-log.h
index 40f8b7b..2ed19d1 100644
--- a/qemu-log.h
+++ b/qemu-log.h
@@ -69,7 +69,9 @@ void GCC_FMT_ATTR(2, 3) qemu_log_mask(int mask, const char 
*fmt, ...);
 /* cpu_dump_state() logging functions: */
 static inline void log_cpu_state(CPUArchState *env1, int flags)
 {
-cpu_dump_state(env1, qemu_logfile, fprintf, flags);
+if (qemu_log_enabled()) {
+cpu_dump_state(env1, qemu_logfile, fprintf, flags);
+}
 }
 
 static inline void log_cpu_state_mask(int mask, CPUArchState *env1, int flags)
-- 
1.6.0.2

[Qemu-devel] [PATCH 32/72] dt: add helpers for multi-cell adds

2012-06-23 Thread Alexander Graf 
We have device tree helpers that allow us to create single cell (u32)
wide properties. However, when creating properties that contain an array of
cells, we need to jump through hoops, manually passing in an array with
converted endianness.

To ease the pain of this, create a generic macro helper that allows us
to pass the cells as arguments.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.h |   12 
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/device_tree.h b/device_tree.h
index 4378685..1e671e2 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -25,4 +25,16 @@ int qemu_devtree_setprop_string(void *fdt, const char 
*node_path,
 int qemu_devtree_nop_node(void *fdt, const char *node_path);
 int qemu_devtree_add_subnode(void *fdt, const char *name);
 
+#define qemu_devtree_setprop_cells(fdt, node_path, property, ...) \
+do {  \
+uint32_t qdt_tmp[] = { __VA_ARGS__ }; \
+int i;\
+  \
+for (i = 0; i < ARRAY_SIZE(qdt_tmp); i++) {   \
+qdt_tmp[i] = cpu_to_be32(qdt_tmp[i]); \
+} \
+qemu_devtree_setprop(fdt, node_path, property, qdt_tmp,   \
+ sizeof(qdt_tmp));\
+} while (0)
+
 #endif /* __DEVICE_TREE_H__ */
-- 
1.6.0.2

[Qemu-devel] [PATCH 53/72] PPC: e500: dt: use target_phys_addr_t for ramsize

2012-06-23 Thread Alexander Graf 
We're passing the ram size as uint32_t, capping it to 32 bits atm.
Change to target_phys_addr_t (uint64_t) to make sure we have all
the bits.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 5fa2089..f8a3d9a 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -85,7 +85,7 @@ static void pci_map_create(void *fdt, uint32_t *pci_map, 
uint32_t mpic)
 
 static int mpc8544_load_device_tree(CPUPPCState *env,
 target_phys_addr_t addr,
-uint32_t ramsize,
+target_phys_addr_t ramsize,
 target_phys_addr_t initrd_base,
 target_phys_addr_t initrd_size,
 const char *kernel_cmdline)
-- 
1.6.0.2

[Qemu-devel] [PATCH 33/72] dt: add helper for phandle references

2012-06-23 Thread Alexander Graf 
Phandles are the fancy device tree name for "pointer to another node".
To create a phandle property, we most likely want to reference to the
node we're pointing to by its path. So create a helper that allows
us to do so.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |8 
 device_tree.h |3 +++
 2 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 94a239e..2905f9a 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -132,6 +132,14 @@ int qemu_devtree_setprop_string(void *fdt, const char 
*node_path,
 return r;
 }
 
+int qemu_devtree_setprop_phandle(void *fdt, const char *node_path,
+ const char *property,
+ const char *target_node_path)
+{
+uint32_t phandle = fdt_get_phandle(fdt, findnode_nofail(fdt, 
target_node_path));
+return qemu_devtree_setprop_cell(fdt, node_path, property, phandle);
+}
+
 int qemu_devtree_nop_node(void *fdt, const char *node_path)
 {
 int r;
diff --git a/device_tree.h b/device_tree.h
index 1e671e2..754bd2b 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -22,6 +22,9 @@ int qemu_devtree_setprop_cell(void *fdt, const char 
*node_path,
   const char *property, uint32_t val);
 int qemu_devtree_setprop_string(void *fdt, const char *node_path,
 const char *property, const char *string);
+int qemu_devtree_setprop_phandle(void *fdt, const char *node_path,
+ const char *property,
+ const char *target_node_path);
 int qemu_devtree_nop_node(void *fdt, const char *node_path);
 int qemu_devtree_add_subnode(void *fdt, const char *name);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 19/72] ppc: Move misc helpers from helper.c to misc_helper.c

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Move more misc helpers from helper.c to misc_helper.c.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/helper.c  |9 -
 target-ppc/misc_helper.c |9 +
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index 24d109d..48b19a7 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -23,15 +23,6 @@
 #include "kvm_ppc.h"
 #include "cpus.h"
 
-/*/
-/* Special registers manipulation */
-
-/* GDBstub can read and write MSR... */
-void ppc_store_msr(CPUPPCState *env, target_ulong value)
-{
-hreg_store_msr(env, value, 0);
-}
-
 PowerPCCPU *cpu_ppc_init(const char *cpu_model)
 {
 PowerPCCPU *cpu;
diff --git a/target-ppc/misc_helper.c b/target-ppc/misc_helper.c
index b194d19..26edcca 100644
--- a/target-ppc/misc_helper.c
+++ b/target-ppc/misc_helper.c
@@ -113,3 +113,12 @@ target_ulong helper_clcs(CPUPPCState *env, uint32_t arg)
 break;
 }
 }
+
+/*/
+/* Special registers manipulation */
+
+/* GDBstub can read and write MSR... */
+void ppc_store_msr(CPUPPCState *env, target_ulong value)
+{
+hreg_store_msr(env, value, 0);
+}
-- 
1.6.0.2

[Qemu-devel] [PATCH 64/72] uImage: increase the gzip load size

2012-06-23 Thread Alexander Graf 
Recent u-boot has different defines for its gzip extract buffer, but the
common ground seems to be 64MB. So let's bump it up to that, enabling me
to load my test image again ;).

Signed-off-by: Alexander Graf 
---
 hw/loader.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index 7d64113..33acc2f 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -377,9 +377,9 @@ static void zfree(void *x, void *addr)
 
 #define DEFLATED   8
 
-/* This is the maximum in uboot, so if a uImage overflows this, it would
+/* This is the usual maximum in uboot, so if a uImage overflows this, it would
  * overflow on real hardware too. */
-#define UBOOT_MAX_GUNZIP_BYTES 0x80
+#define UBOOT_MAX_GUNZIP_BYTES (64 << 20)
 
 static ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src,
   size_t srclen)
-- 
1.6.0.2

[Qemu-devel] [PATCH 54/72] PPC: e500: enable manual loading of dtb blob

2012-06-23 Thread Alexander Graf 
We want to be able to override the automatically created device tree
by using the -dtb option. Implement this for the mpc8544ds machine.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   26 ++
 1 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index f8a3d9a..fa10df2 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -113,6 +113,27 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 0x0, 0x1 };
 QemuOpts *machine_opts;
 const char *dumpdtb = NULL;
+const char *dtb_file = NULL;
+
+machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
+if (machine_opts) {
+dumpdtb = qemu_opt_get(machine_opts, "dumpdtb");
+dtb_file = qemu_opt_get(machine_opts, "dtb");
+}
+
+if (dtb_file) {
+char *filename;
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, dtb_file);
+if (!filename) {
+goto out;
+}
+
+fdt = load_device_tree(filename, &fdt_size);
+if (!fdt) {
+goto out;
+}
+goto done;
+}
 
 fdt = create_device_tree(&fdt_size);
 if (fdt == NULL) {
@@ -302,10 +323,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_cell(fdt, pci, "#address-cells", 3);
 qemu_devtree_setprop_string(fdt, "/aliases", "pci0", pci);
 
-machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
-if (machine_opts) {
-dumpdtb = qemu_opt_get(machine_opts, "dumpdtb");
-}
+done:
 if (dumpdtb) {
 /* Dump the dtb to a file and quit */
 FILE *f = fopen(dumpdtb, "wb");
-- 
1.6.0.2

[Qemu-devel] [PATCH 31/72] dt: allow add_subnode to create root subnodes

2012-06-23 Thread Alexander Graf 
Our subnode creation helper can't handle creation of root subnodes,
like "/memory". Fix this by allowing the parent node to be an empty
string, indicating the root node.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |7 ++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 86a694c..94a239e 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -151,6 +151,7 @@ int qemu_devtree_add_subnode(void *fdt, const char *name)
 char *dupname = g_strdup(name);
 char *basename = strrchr(dupname, '/');
 int retval;
+int parent = 0;
 
 if (!basename) {
 g_free(dupname);
@@ -160,7 +161,11 @@ int qemu_devtree_add_subnode(void *fdt, const char *name)
 basename[0] = '\0';
 basename++;
 
-retval = fdt_add_subnode(fdt, findnode_nofail(fdt, dupname), basename);
+if (dupname[0]) {
+parent = findnode_nofail(fdt, dupname);
+}
+
+retval = fdt_add_subnode(fdt, parent, basename);
 if (retval < 0) {
 fprintf(stderr, "FDT: Failed to create subnode %s: %s\n", name,
 fdt_strerror(retval));
-- 
1.6.0.2

[Qemu-devel] [PATCH 25/72] booke_206_tlbwe: Discard invalid bits in MAS2

2012-06-23 Thread Alexander Graf 
From: Fabien Chouteau 

The size of EPN field in MAS2 depends on page size. This patch adds a
mask to discard invalid bits in EPN field.

Definition of EPN field from e500v2 RM:
EPN Effective page number: Depending on page size, only the bits
associated with a page boundary are valid. Bits that represent offsets
within a page are ignored and should be cleared.

There is a similar (but more complicated) definition in PowerISA V2.06.

Signed-off-by: Fabien Chouteau 
Signed-off-by: Alexander Graf 
---
 target-ppc/mmu_helper.c |   17 +++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index d65d290..c4e79d9 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -3019,6 +3019,8 @@ void helper_booke206_tlbwe(CPUPPCState *env)
 uint32_t tlbncfg, tlbn;
 ppcmas_tlb_t *tlb;
 uint32_t size_tlb, size_ps;
+target_ulong mask;
+
 
 switch (env->spr[SPR_BOOKE_MAS0] & MAS0_WQ_MASK) {
 case MAS0_WQ_ALWAYS:
@@ -3081,8 +3083,19 @@ void helper_booke206_tlbwe(CPUPPCState *env)
 tlb->mas1 |= (tlbncfg & TLBnCFG_MINSIZE) >> 12;
 }
 
-/* XXX needs to change when supporting 64-bit e500 */
-tlb->mas2 = env->spr[SPR_BOOKE_MAS2] & 0x;
+/* Make a mask from TLB size to discard invalid bits in EPN field */
+mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
+/* Add a mask for page attributes */
+mask |= MAS2_ACM | MAS2_VLE | MAS2_W | MAS2_I | MAS2_M | MAS2_G | MAS2_E;
+
+if (!msr_cm) {
+/* Executing a tlbwe instruction in 32-bit mode will set
+ * bits 0:31 of the TLB EPN field to zero.
+ */
+mask &= 0x;
+}
+
+tlb->mas2 = env->spr[SPR_BOOKE_MAS2] & mask;
 
 if (!(tlbncfg & TLBnCFG_IPROT)) {
 /* no IPROT supported by TLB */
-- 
1.6.0.2

[Qemu-devel] [PATCH 49/72] PPC: e500: dt: create pci node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   50 
 pc-bios/mpc8544ds.dtb  |  Bin 1810 -> 72 bytes
 pc-bios/mpc8544ds.dts  |   46 
 3 files changed, 50 insertions(+), 46 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 03938b2..15df515 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -62,6 +62,27 @@ struct boot_info
 uint32_t entry;
 };
 
+static void pci_map_create(void *fdt, uint32_t *pci_map, uint32_t mpic)
+{
+int i;
+const uint32_t tmp[] = {
+ /* IDSEL 0x11 J17 Slot 1 */
+ 0x8800, 0x0, 0x0, 0x1, mpic, 0x2, 0x1,
+ 0x8800, 0x0, 0x0, 0x2, mpic, 0x3, 0x1,
+ 0x8800, 0x0, 0x0, 0x3, mpic, 0x4, 0x1,
+ 0x8800, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
+
+ /* IDSEL 0x12 J16 Slot 2 */
+ 0x9000, 0x0, 0x0, 0x1, mpic, 0x3, 0x1,
+ 0x9000, 0x0, 0x0, 0x2, mpic, 0x4, 0x1,
+ 0x9000, 0x0, 0x0, 0x3, mpic, 0x2, 0x1,
+ 0x9000, 0x0, 0x0, 0x4, mpic, 0x1, 0x1,
+   };
+for (i = 0; i < (7 * 8); i++) {
+pci_map[i] = cpu_to_be32(tmp[i]);
+}
+}
+
 static int mpc8544_load_device_tree(CPUPPCState *env,
 target_phys_addr_t addr,
 uint32_t ramsize,
@@ -86,6 +107,11 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char mpic[128];
 uint32_t mpic_ph;
 char gutil[128];
+char pci[128];
+uint32_t pci_map[7 * 8];
+uint32_t pci_ranges[12] = { 0x200, 0x0, 0xc000, 0xc000, 0x0,
+0x2000, 0x100, 0x0, 0x0, 0xe100,
+0x0, 0x1 };
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -256,6 +282,30 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
MPC8544_CCSRBAR_BASE, 0x1000);
 qemu_devtree_setprop(fdt, gutil, "fsl,has-rstcr", NULL, 0);
 
+snprintf(pci, sizeof(pci), "/pci@%x", MPC8544_PCI_REGS_BASE);
+qemu_devtree_add_subnode(fdt, pci);
+qemu_devtree_setprop_cell(fdt, pci, "cell-index", 0);
+qemu_devtree_setprop_string(fdt, pci, "compatible", "fsl,mpc8540-pci");
+qemu_devtree_setprop_string(fdt, pci, "device_type", "pci");
+qemu_devtree_setprop_cells(fdt, pci, "interrupt-map-mask", 0xf800, 0x0,
+   0x0, 0x7);
+pci_map_create(fdt, pci_map, qemu_devtree_get_phandle(fdt, mpic));
+qemu_devtree_setprop(fdt, pci, "interrupt-map", pci_map, sizeof(pci_map));
+qemu_devtree_setprop_phandle(fdt, pci, "interrupt-parent", mpic);
+qemu_devtree_setprop_cells(fdt, pci, "interrupts", 24, 2);
+qemu_devtree_setprop_cells(fdt, pci, "bus-range", 0, 255);
+for (i = 0; i < 12; i++) {
+pci_ranges[i] = cpu_to_be32(pci_ranges[i]);
+}
+qemu_devtree_setprop(fdt, pci, "ranges", pci_ranges, sizeof(pci_ranges));
+qemu_devtree_setprop_cells(fdt, pci, "reg", MPC8544_PCI_REGS_BASE,
+   0x1000);
+qemu_devtree_setprop_cell(fdt, pci, "clock-frequency", );
+qemu_devtree_setprop_cell(fdt, pci, "#interrupt-cells", 1);
+qemu_devtree_setprop_cell(fdt, pci, "#size-cells", 2);
+qemu_devtree_setprop_cell(fdt, pci, "#address-cells", 3);
+qemu_devtree_setprop_string(fdt, "/aliases", "pci0", pci);
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 if (ret < 0) {
 goto out;
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
index 
25d92f681dec184530af63e2d2cea61cb4cccd04..90ef5c00243b04f4aa3f812b89d5b37c63be09f2
 100644
GIT binary patch
literal 72
mcmcb>`|m9S1A_+;TR>?IAT0>Q0zeD{$ZVJxBb31eq&Wct_yhI;

literal 1810
zcmb7EyKdA#6rCkONyI||2}FgEk^-Svaira7i!HW+bSd}&;&>;!qn)*l$3_V>REUy}
ze?a^K5)yPYv~)`kJs<>}GvjgWMJaNn>$&fHJacD0U-|Q0h?VO?h`taPe`CE1z6M?g
zgE}{1|LEk_w^M1INUO+5Lv;y!o5Hq9<9@H(9m>$rwvoAt^sw6tLk672uAUvc+l;-6
zob~N2R<>pzWo;R80ZV7GopV_{%aCs{226a^Hy88}`7l}kC9DIZW|@}3VQGKM+AqVt
z$DlbsZg*I36}&&kr!x8;53PyV+JEl-2bG`t3OICe*6QmH60@`0>)Ai`wtXS)Bgk&Q
zuQjz<4nOfc1K$I4Z+y%P$V_tkRbi@j*vA}HG1SkA=|PoR_d7SHOvS@4rv;Tj#6Wrt
z_V{>?B(J}P?Elf8gFRiIu#4f$4B|S?%jf%5F)iOhzj_b-U0^QHgZJeYm^HlZ7i7|3Fl`}tj{&6j
z6;r+gCU{R@z2J<@C64LR&*2-aUgzvG!t0xmeSgMt*6AbLnVE~{5ZA$OM&e0oWJ1-(
z;N9&kpZ%8B?=E|g*W7y(3b*bE%t|OWqR}Xq#ssm{+K3IKp2|ud$tNn7kBXB_ia4ER
zQK1gC6nT`4@%ra-Ebv?gN4b1l$|OD!tPrSVB#%X`(|Fo&sics3US_x$wHRbkE|a2R
zh|{FVQ>|q#HcrDFFs+jEcq^Mk$p{#D-6oL~syZIi`mVGCEr6r;2(
I0HBzNe~HoS>i_@%

diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index 4c7bd75..16aba2b 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -11,50 +11,4 @@
 
 /dts-v1/;
 / {
-   aliases {
-

[Qemu-devel] [PATCH 22/72] ppc: Make hbrev table const

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Lookup table 'hbrev' is never written to, so add a 'const' qualifier.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/int_helper.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 3173f11..f638b2a 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -1484,7 +1484,7 @@ VUPK(lsh, s32, s16, UPKLO)
 /*/
 /* SPE extension helpers */
 /* Use a table to make this quicker */
-static uint8_t hbrev[16] = {
+static const uint8_t hbrev[16] = {
 0x0, 0x8, 0x4, 0xC, 0x2, 0xA, 0x6, 0xE,
 0x1, 0x9, 0x5, 0xD, 0x3, 0xB, 0x7, 0xF,
 };
-- 
1.6.0.2

[Qemu-devel] [PATCH 66/72] PPC: Add support for MSR_CM

2012-06-23 Thread Alexander Graf 
The BookE variant of MSR_SF is MSR_CM. Implement everything it takes in TCG to
support running 64bit code with MSR_CM set.

Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h |9 +
 target-ppc/excp_helper.c |9 +
 target-ppc/mem_helper.c  |2 +-
 target-ppc/translate.c   |2 +-
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 12200ab..7a77fff 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -2212,6 +2212,15 @@ static inline uint32_t booke206_tlbnps(CPUPPCState *env, 
const int tlbn)
 
 #endif
 
+static inline bool msr_is_64bit(CPUPPCState *env, target_ulong msr)
+{
+if (env->mmu_model == POWERPC_MMU_BOOKE206) {
+return msr & (1ULL << MSR_CM);
+}
+
+return msr & (1ULL << MSR_SF);
+}
+
 extern void (*cpu_ppc_hypercall)(CPUPPCState *);
 
 static inline bool cpu_has_work(CPUPPCState *env)
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index c7762b9..1a593f6 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -608,10 +608,11 @@ static inline void powerpc_excp(CPUPPCState *env, int 
excp_model, int excp)
 vector |= env->excp_prefix;
 #if defined(TARGET_PPC64)
 if (excp_model == POWERPC_EXCP_BOOKE) {
-if (!msr_icm) {
-vector = (uint32_t)vector;
-} else {
+if (env->spr[SPR_BOOKE_EPCR] & EPCR_ICM) {
+/* Cat.64-bit: EPCR.ICM is copied to MSR.CM */
 new_msr |= (target_ulong)1 << MSR_CM;
+} else {
+vector = (uint32_t)vector;
 }
 } else {
 if (!msr_isf && !(env->mmu_model & POWERPC_MMU_64)) {
@@ -803,7 +804,7 @@ static inline void do_rfi(CPUPPCState *env, target_ulong 
nip, target_ulong msr,
   target_ulong msrm, int keep_msrh)
 {
 #if defined(TARGET_PPC64)
-if (msr & (1ULL << MSR_SF)) {
+if (msr_is_64bit(env, msr)) {
 nip = (uint64_t)nip;
 msr &= (uint64_t)msrm;
 } else {
diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
index ebcd7b2..5b5f1bd 100644
--- a/target-ppc/mem_helper.c
+++ b/target-ppc/mem_helper.c
@@ -35,7 +35,7 @@ static inline target_ulong addr_add(CPUPPCState *env, 
target_ulong addr,
 target_long arg)
 {
 #if defined(TARGET_PPC64)
-if (!msr_sf) {
+if (!msr_is_64bit(env, env->msr)) {
 return (uint32_t)(addr + arg);
 } else
 #endif
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 9103fd5..73ee74b 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -9626,7 +9626,7 @@ static inline void 
gen_intermediate_code_internal(CPUPPCState *env,
 ctx.access_type = -1;
 ctx.le_mode = env->hflags & (1 << MSR_LE) ? 1 : 0;
 #if defined(TARGET_PPC64)
-ctx.sf_mode = msr_sf;
+ctx.sf_mode = msr_is_64bit(env, env->msr);
 ctx.has_cfar = !!(env->flags & POWERPC_FLAG_CFAR);
 #endif
 ctx.fpu_enabled = msr_fp;
-- 
1.6.0.2

[Qemu-devel] [PATCH 46/72] PPC: e500: dt: create serial nodes dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   35 +++
 pc-bios/mpc8544ds.dts  |   26 --
 2 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index c7c16c1..c68e994 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -81,6 +81,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 char compatible[] = "MPC8544DS\0MPC85xxDS";
 char model[] = "MPC8544DS";
 char soc[128];
+char ser0[128];
+char ser1[128];
 
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
 if (!filename) {
@@ -182,6 +184,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 }
 }
 
+qemu_devtree_add_subnode(fdt, "/aliases");
 /* XXX These should go into their respective devices' code */
 snprintf(soc, sizeof(soc), "/soc8544@%x", MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, soc);
@@ -196,6 +199,38 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 /* XXX should contain a reasonable value */
 qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
 
+/*
+ * We have to generate ser1 first, because Linux takes the first
+ * device it finds in the dt as serial output device. And we generate
+ * devices in reverse order to the dt.
+ */
+snprintf(ser1, sizeof(ser1), "%s/serial@%x", soc,
+ MPC8544_SERIAL1_REGS_BASE - MPC8544_CCSRBAR_BASE);
+qemu_devtree_add_subnode(fdt, ser1);
+qemu_devtree_setprop_string(fdt, ser1, "device_type", "serial");
+qemu_devtree_setprop_string(fdt, ser1, "compatible", "ns16550");
+qemu_devtree_setprop_cells(fdt, ser1, "reg", MPC8544_SERIAL1_REGS_BASE -
+   MPC8544_CCSRBAR_BASE, 0x100);
+qemu_devtree_setprop_cell(fdt, ser1, "cell-index", 1);
+qemu_devtree_setprop_cell(fdt, ser1, "clock-frequency", 0);
+qemu_devtree_setprop_cells(fdt, ser1, "interrupts", 42, 2);
+qemu_devtree_setprop_phandle(fdt, ser1, "interrupt-parent", mpic);
+qemu_devtree_setprop_string(fdt, "/aliases", "serial1", ser1);
+
+snprintf(ser0, sizeof(ser0), "%s/serial@%x", soc,
+ MPC8544_SERIAL0_REGS_BASE - MPC8544_CCSRBAR_BASE);
+qemu_devtree_add_subnode(fdt, ser0);
+qemu_devtree_setprop_string(fdt, ser0, "device_type", "serial");
+qemu_devtree_setprop_string(fdt, ser0, "compatible", "ns16550");
+qemu_devtree_setprop_cells(fdt, ser0, "reg", MPC8544_SERIAL0_REGS_BASE -
+   MPC8544_CCSRBAR_BASE, 0x100);
+qemu_devtree_setprop_cell(fdt, ser0, "cell-index", 0);
+qemu_devtree_setprop_cell(fdt, ser0, "clock-frequency", 0);
+qemu_devtree_setprop_cells(fdt, ser0, "interrupts", 42, 2);
+qemu_devtree_setprop_phandle(fdt, ser0, "interrupt-parent", mpic);
+qemu_devtree_setprop_string(fdt, "/aliases", "serial0", ser0);
+qemu_devtree_setprop_string(fdt, "/chosen", "linux,stdout-path", ser0);
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 if (ret < 0) {
 goto out;
diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index 01b53ba..e536ab1 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -12,32 +12,10 @@
 /dts-v1/;
 / {
aliases {
-   serial0 = &serial0;
-   serial1 = &serial1;
pci0 = &pci0;
};
 
soc8544@e000 {
-   serial0: serial@4500 {
-   cell-index = <0>;
-   device_type = "serial";
-   compatible = "ns16550";
-   reg = <0x4500 0x100>;
-   clock-frequency = <0>;
-   interrupts = <42 2>;
-   interrupt-parent = <&mpic>;
-   };
-
-   serial1: serial@4600 {
-   cell-index = <1>;
-   device_type = "serial";
-   compatible = "ns16550";
-   reg = <0x4600 0x100>;
-   clock-frequency = <0>;
-   interrupts = <42 2>;
-   interrupt-parent = <&mpic>;
-   };
-
mpic: pic@4 {
interrupt-controller;
#address-cells = <0>;
@@ -85,8 +63,4 @@
#address-cells = <3>;
reg = <0xe0008000 0x1000>;
};
-
-   chosen {
-   linux,stdout-path = "/soc8544@e000/serial@4500";
-   };
 };
-- 
1.6.0.2

[Qemu-devel] [PATCH 51/72] dt: Add -machine dumpdtb option to dump the current dtb

2012-06-23 Thread Alexander Graf 
Now that we are dynamically creating the dtb, it's really useful to
be able to dump the created blob for debugging.

This patch implements a -machine dumpdtb= option for e500 that
dumps the dtb exactly in the form the guest would get it to disk. It
can then be analyzed by dtc to get information about the guest
configuration.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   18 ++
 qemu-config.c  |4 
 2 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 880ed55..7c6edc2 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -111,6 +111,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 uint32_t pci_ranges[12] = { 0x200, 0x0, 0xc000, 0xc000, 0x0,
 0x2000, 0x100, 0x0, 0x0, 0xe100,
 0x0, 0x1 };
+QemuOpts *machine_opts;
+const char *dumpdtb = NULL;
 
 fdt = create_device_tree(&fdt_size);
 if (fdt == NULL) {
@@ -300,6 +302,22 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 qemu_devtree_setprop_cell(fdt, pci, "#address-cells", 3);
 qemu_devtree_setprop_string(fdt, "/aliases", "pci0", pci);
 
+machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
+if (machine_opts) {
+dumpdtb = qemu_opt_get(machine_opts, "dumpdtb");
+}
+if (dumpdtb) {
+/* Dump the dtb to a file and quit */
+FILE *f = fopen(dumpdtb, "wb");
+size_t len;
+len = fwrite(fdt, fdt_size, 1, f);
+fclose(f);
+if (len != fdt_size) {
+exit(1);
+}
+exit(0);
+}
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 if (ret < 0) {
 goto out;
diff --git a/qemu-config.c b/qemu-config.c
index bb3bff4..5bbebaf 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -583,6 +583,10 @@ static QemuOptsList qemu_machine_opts = {
 .name = "dtb",
 .type = QEMU_OPT_STRING,
 .help = "Linux kernel device tree file",
+}, {
+.name = "dumpdtb",
+.type = QEMU_OPT_STRING,
+.help = "Dump current dtb to a file and quit",
 },
 { /* End of list */ }
 },
-- 
1.6.0.2

[Qemu-devel] [PATCH 35/72] dt: add helper for phandle enumeration

2012-06-23 Thread Alexander Graf 
This patch adds a helper to search for a node's phandle by its path. This
is especially useful when the phandle is part of an array, not just a single
cell in which case qemu_devtree_setprop_phandle would be the easy choice.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |   16 +++-
 device_tree.h |1 +
 2 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 967c97a..2f127b7 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -132,11 +132,25 @@ int qemu_devtree_setprop_string(void *fdt, const char 
*node_path,
 return r;
 }
 
+uint32_t qemu_devtree_get_phandle(void *fdt, const char *path)
+{
+uint32_t r;
+
+r = fdt_get_phandle(fdt, findnode_nofail(fdt, path));
+if (r <= 0) {
+fprintf(stderr, "%s: Couldn't get phandle for %s: %s\n", __func__,
+path, fdt_strerror(r));
+exit(1);
+}
+
+return r;
+}
+
 int qemu_devtree_setprop_phandle(void *fdt, const char *node_path,
  const char *property,
  const char *target_node_path)
 {
-uint32_t phandle = fdt_get_phandle(fdt, findnode_nofail(fdt, 
target_node_path));
+uint32_t phandle = qemu_devtree_get_phandle(fdt, target_node_path);
 return qemu_devtree_setprop_cell(fdt, node_path, property, phandle);
 }
 
diff --git a/device_tree.h b/device_tree.h
index 754bd2b..36fc9db 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -25,6 +25,7 @@ int qemu_devtree_setprop_string(void *fdt, const char 
*node_path,
 int qemu_devtree_setprop_phandle(void *fdt, const char *node_path,
  const char *property,
  const char *target_node_path);
+uint32_t qemu_devtree_get_phandle(void *fdt, const char *path);
 int qemu_devtree_nop_node(void *fdt, const char *node_path);
 int qemu_devtree_add_subnode(void *fdt, const char *name);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 62/72] dt: make setprop argument static

2012-06-23 Thread Alexander Graf 
Whatever we pass in to qemu_devtree_setprop to put into the device tree
will not get modified by that function, so it can easily be declared const.

Signed-off-by: Alexander Graf 
Reviewed-by: Peter Crosthwaite 
---
 device_tree.c |2 +-
 device_tree.h |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index acae53e..b366fdd 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -127,7 +127,7 @@ static int findnode_nofail(void *fdt, const char *node_path)
 }
 
 int qemu_devtree_setprop(void *fdt, const char *node_path,
- const char *property, void *val_array, int size)
+ const char *property, const void *val_array, int size)
 {
 int r;
 
diff --git a/device_tree.h b/device_tree.h
index 4898d95..2244270 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -18,7 +18,7 @@ void *create_device_tree(int *sizep);
 void *load_device_tree(const char *filename_path, int *sizep);
 
 int qemu_devtree_setprop(void *fdt, const char *node_path,
- const char *property, void *val_array, int size);
+ const char *property, const void *val_array, int 
size);
 int qemu_devtree_setprop_cell(void *fdt, const char *node_path,
   const char *property, uint32_t val);
 int qemu_devtree_setprop_u64(void *fdt, const char *node_path,
-- 
1.6.0.2

[Qemu-devel] [PATCH 37/72] dt: add helper for phandle allocation

2012-06-23 Thread Alexander Graf 
Phandle references work by having 2 pieces:

  - a "phandle" 1-cell property in the device tree node
  - a reference to the same value in a property we want to point
to the other node

To generate the 1-cell property, we need an allocation mechanism that
gives us a unique number space. This patch adds an allocator for these
properties.

Signed-off-by: Alexander Graf 
---
 device_tree.c |7 +++
 device_tree.h |1 +
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index d037896..7541274 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -191,6 +191,13 @@ int qemu_devtree_setprop_phandle(void *fdt, const char 
*node_path,
 return qemu_devtree_setprop_cell(fdt, node_path, property, phandle);
 }
 
+uint32_t qemu_devtree_alloc_phandle(void *fdt)
+{
+static int phandle = 0x8000;
+
+return phandle++;
+}
+
 int qemu_devtree_nop_node(void *fdt, const char *node_path)
 {
 int r;
diff --git a/device_tree.h b/device_tree.h
index 5f76f40..97af345 100644
--- a/device_tree.h
+++ b/device_tree.h
@@ -27,6 +27,7 @@ int qemu_devtree_setprop_phandle(void *fdt, const char 
*node_path,
  const char *property,
  const char *target_node_path);
 uint32_t qemu_devtree_get_phandle(void *fdt, const char *path);
+uint32_t qemu_devtree_alloc_phandle(void *fdt);
 int qemu_devtree_nop_node(void *fdt, const char *node_path);
 int qemu_devtree_add_subnode(void *fdt, const char *name);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 16/72] ppc: Avoid AREG0 for timebase helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |1 -
 target-ppc/helper.h  |   42 
 target-ppc/timebase_helper.c |   43 -
 target-ppc/translate.c   |   16 +-
 target-ppc/translate_init.c  |   38 ++--
 5 files changed, 71 insertions(+), 69 deletions(-)

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index 19dc744..4a88641 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -8,5 +8,4 @@ obj-y += int_helper.o
 obj-y += mmu_helper.o
 obj-y += timebase_helper.o
 
-$(obj)/timebase_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index b1f7ba5..81fc40e 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -372,39 +372,39 @@ DEF_HELPER_3(divo, tl, env, tl, tl)
 DEF_HELPER_3(divs, tl, env, tl, tl)
 DEF_HELPER_3(divso, tl, env, tl, tl)
 
-DEF_HELPER_1(load_dcr, tl, tl);
-DEF_HELPER_2(store_dcr, void, tl, tl)
+DEF_HELPER_2(load_dcr, tl, env, tl);
+DEF_HELPER_3(store_dcr, void, env, tl, tl)
 
 DEF_HELPER_1(load_dump_spr, void, i32)
 DEF_HELPER_1(store_dump_spr, void, i32)
-DEF_HELPER_0(load_tbl, tl)
-DEF_HELPER_0(load_tbu, tl)
-DEF_HELPER_0(load_atbl, tl)
-DEF_HELPER_0(load_atbu, tl)
-DEF_HELPER_0(load_601_rtcl, tl)
-DEF_HELPER_0(load_601_rtcu, tl)
+DEF_HELPER_1(load_tbl, tl, env)
+DEF_HELPER_1(load_tbu, tl, env)
+DEF_HELPER_1(load_atbl, tl, env)
+DEF_HELPER_1(load_atbu, tl, env)
+DEF_HELPER_1(load_601_rtcl, tl, env)
+DEF_HELPER_1(load_601_rtcu, tl, env)
 #if !defined(CONFIG_USER_ONLY)
 #if defined(TARGET_PPC64)
 DEF_HELPER_1(store_asr, void, tl)
-DEF_HELPER_0(load_purr, tl)
+DEF_HELPER_1(load_purr, tl, env)
 #endif
 DEF_HELPER_1(store_sdr1, void, tl)
-DEF_HELPER_1(store_tbl, void, tl)
-DEF_HELPER_1(store_tbu, void, tl)
-DEF_HELPER_1(store_atbl, void, tl)
-DEF_HELPER_1(store_atbu, void, tl)
-DEF_HELPER_1(store_601_rtcl, void, tl)
-DEF_HELPER_1(store_601_rtcu, void, tl)
-DEF_HELPER_0(load_decr, tl)
-DEF_HELPER_1(store_decr, void, tl)
+DEF_HELPER_2(store_tbl, void, env, tl)
+DEF_HELPER_2(store_tbu, void, env, tl)
+DEF_HELPER_2(store_atbl, void, env, tl)
+DEF_HELPER_2(store_atbu, void, env, tl)
+DEF_HELPER_2(store_601_rtcl, void, env, tl)
+DEF_HELPER_2(store_601_rtcu, void, env, tl)
+DEF_HELPER_1(load_decr, tl, env)
+DEF_HELPER_2(store_decr, void, env, tl)
 DEF_HELPER_1(store_hid0_601, void, tl)
 DEF_HELPER_2(store_403_pbr, void, i32, tl)
-DEF_HELPER_0(load_40x_pit, tl)
-DEF_HELPER_1(store_40x_pit, void, tl)
+DEF_HELPER_1(load_40x_pit, tl, env)
+DEF_HELPER_2(store_40x_pit, void, env, tl)
 DEF_HELPER_1(store_40x_dbcr0, void, tl)
 DEF_HELPER_1(store_40x_sler, void, tl)
-DEF_HELPER_1(store_booke_tcr, void, tl)
-DEF_HELPER_1(store_booke_tsr, void, tl)
+DEF_HELPER_2(store_booke_tcr, void, env, tl)
+DEF_HELPER_2(store_booke_tsr, void, env, tl)
 DEF_HELPER_3(store_ibatl, void, env, i32, tl)
 DEF_HELPER_3(store_ibatu, void, env, i32, tl)
 DEF_HELPER_3(store_dbatl, void, env, i32, tl)
diff --git a/target-ppc/timebase_helper.c b/target-ppc/timebase_helper.c
index 23f5cfa..fad738a 100644
--- a/target-ppc/timebase_helper.c
+++ b/target-ppc/timebase_helper.c
@@ -17,106 +17,105 @@
  * License along with this library; if not, see .
  */
 #include "cpu.h"
-#include "dyngen-exec.h"
 #include "helper.h"
 
 /*/
 /* SPR accesses */
 
-target_ulong helper_load_tbl(void)
+target_ulong helper_load_tbl(CPUPPCState *env)
 {
 return (target_ulong)cpu_ppc_load_tbl(env);
 }
 
-target_ulong helper_load_tbu(void)
+target_ulong helper_load_tbu(CPUPPCState *env)
 {
 return cpu_ppc_load_tbu(env);
 }
 
-target_ulong helper_load_atbl(void)
+target_ulong helper_load_atbl(CPUPPCState *env)
 {
 return (target_ulong)cpu_ppc_load_atbl(env);
 }
 
-target_ulong helper_load_atbu(void)
+target_ulong helper_load_atbu(CPUPPCState *env)
 {
 return cpu_ppc_load_atbu(env);
 }
 
 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
-target_ulong helper_load_purr(void)
+target_ulong helper_load_purr(CPUPPCState *env)
 {
 return (target_ulong)cpu_ppc_load_purr(env);
 }
 #endif
 
-target_ulong helper_load_601_rtcl(void)
+target_ulong helper_load_601_rtcl(CPUPPCState *env)
 {
 return cpu_ppc601_load_rtcl(env);
 }
 
-target_ulong helper_load_601_rtcu(void)
+target_ulong helper_load_601_rtcu(CPUPPCState *env)
 {
 return cpu_ppc601_load_rtcu(env);
 }
 
 #if !defined(CONFIG_USER_ONLY)
-void helper_store_tbl(target_ulong val)
+void helper_store_tbl(CPUPPCState *env, target_ulong val)
 {
 cpu_ppc_store_tbl(env, val);
 }
 
-void helper_store_tbu(target_ulong val)
+void he

[Qemu-devel] [PATCH 65/72] PPC: Add some booke SPR defines

2012-06-23 Thread Alexander Graf 
The number of SPRs avaiable in different PowerPC chip is still increasing. Add
definitions for the MAS7_MAS3 SPR and all currently known bits in EPCR.

Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h |   22 ++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 67e699c..12200ab 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1395,6 +1395,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, 
target_ulong newsp)
 #define SPR_BOOKE_TLB1PS  (0x159)
 #define SPR_BOOKE_TLB2PS  (0x15A)
 #define SPR_BOOKE_TLB3PS  (0x15B)
+#define SPR_BOOKE_MAS7_MAS3   (0x174)
 #define SPR_BOOKE_IVOR0   (0x190)
 #define SPR_BOOKE_IVOR1   (0x191)
 #define SPR_BOOKE_IVOR2   (0x192)
@@ -1762,6 +1763,27 @@ static inline void cpu_clone_regs(CPUPPCState *env, 
target_ulong newsp)
 #define SPR_604_HID15 (0x3FF)
 #define SPR_E500_SVR  (0x3FF)
 
+/* Disable MAS Interrupt Updates for Hypervisor */
+#define EPCR_DMIUH(1 << 22)
+/* Disable Guest TLB Management Instructions */
+#define EPCR_DGTMI(1 << 23)
+/* Guest Interrupt Computation Mode */
+#define EPCR_GICM (1 << 24)
+/* Interrupt Computation Mode */
+#define EPCR_ICM  (1 << 25)
+/* Disable Embedded Hypervisor Debug */
+#define EPCR_DUVD (1 << 26)
+/* Instruction Storage Interrupt Directed to Guest State */
+#define EPCR_ISIGS(1 << 27)
+/* Data Storage Interrupt Directed to Guest State */
+#define EPCR_DSIGS(1 << 28)
+/* Instruction TLB Error Interrupt Directed to Guest State */
+#define EPCR_ITLBGS   (1 << 29)
+/* Data TLB Error Interrupt Directed to Guest State */
+#define EPCR_DTLBGS   (1 << 30)
+/* External Input Interrupt Directed to Guest State */
+#define EPCR_EXTGS(1 << 31)
+
 /*/
 /* PowerPC Instructions types definitions*/
 enum {
-- 
1.6.0.2

[Qemu-devel] [PATCH 63/72] PPC: e500: allow users to set the /compatible property via -machine

2012-06-23 Thread Alexander Graf 
Device trees usually have a node /compatible, which indicate which machine
type we're looking at. For quick prototyping, it can be very useful to change
the contents of that node via the command line.

Thus, introduce a new option to -machine called dt_compatible, which when
set changes the /compatible contents to its value.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   12 +---
 qemu-config.c  |4 
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index f6da25b..d38ad99 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -119,7 +119,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 uint32_t clock_freq = 4;
 uint32_t tb_freq = 4;
 int i;
-char compatible[] = "MPC8544DS\0MPC85xxDS";
+const char *compatible = "MPC8544DS\0MPC85xxDS";
+int compatible_len = sizeof("MPC8544DS\0MPC85xxDS");
 char compatible_sb[] = "fsl,mpc8544-immr\0simple-bus";
 char model[] = "MPC8544DS";
 char soc[128];
@@ -144,8 +145,14 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 
 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
 if (machine_opts) {
+const char *tmp;
 dumpdtb = qemu_opt_get(machine_opts, "dumpdtb");
 dtb_file = qemu_opt_get(machine_opts, "dtb");
+tmp = qemu_opt_get(machine_opts, "dt_compatible");
+if (tmp) {
+compatible = tmp;
+compatible_len = strlen(compatible) + 1;
+}
 }
 
 if (dtb_file) {
@@ -169,8 +176,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 
 /* Manipulate device tree in memory. */
 qemu_devtree_setprop_string(fdt, "/", "model", model);
-qemu_devtree_setprop(fdt, "/", "compatible", compatible,
- sizeof(compatible));
+qemu_devtree_setprop(fdt, "/", "compatible", compatible, compatible_len);
 qemu_devtree_setprop_cell(fdt, "/", "#address-cells", 2);
 qemu_devtree_setprop_cell(fdt, "/", "#size-cells", 2);
 
diff --git a/qemu-config.c b/qemu-config.c
index 2cd2726..5c3296b 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -591,6 +591,10 @@ static QemuOptsList qemu_machine_opts = {
 .name = "phandle_start",
 .type = QEMU_OPT_STRING,
 .help = "The first phandle ID we may generate dynamically",
+}, {
+.name = "dt_compatible",
+.type = QEMU_OPT_STRING,
+.help = "Overrides the \"compatible\" property of the dt root 
node",
 },
 { /* End of list */ }
 },
-- 
1.6.0.2

[Qemu-devel] [PATCH 26/72] ppc64: Rudimentary Support for extra page sizes on server CPUs

2012-06-23 Thread Alexander Graf 
From: Benjamin Herrenschmidt 

More recent Power server chips (i.e. based on the 64 bit hash MMU)
support more than just the traditional 4k and 16M page sizes.  This
can get quite complicated, because which page sizes are supported,
which combinations are supported within an MMU segment and how these
page sizes are encoded both in the SLB entry and the hash PTE can vary
depending on the CPU model (they are not specified by the
architecture).  In addition the firmware or hypervisor may not permit
use of certain page sizes, for various reasons.  Whether various page
sizes are supported on KVM, for example, depends on whether the PR or
HV variant of KVM is in use, and on the page size of the memory
backing the guest's RAM.

This patch adds information to the CPUState and cpu defs to describe
the supported page sizes and encodings.  Since TCG does not yet
support any extended page sizes, we just set this to NULL in the
static CPU definitions, expanding this to the default 4k and 16M page
sizes when we initialize the cpu state.  When using KVM, however, we
instead determine available page sizes using the new
KVM_PPC_GET_SMMU_INFO call.  For old kernels without that call, we use
some defaults, with some guesswork which should do the right thing for
existing HV and PR implementations.  The fallback might not be correct
for future versions, but that's ok, because they'll have
KVM_PPC_GET_SMMU_INFO.

Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: David Gibson 
Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h|   31 +++
 target-ppc/kvm.c|  208 +++
 target-ppc/kvm_ppc.h|5 +
 target-ppc/mmu_helper.c |7 ++
 target-ppc/translate_init.c |   21 +
 5 files changed, 272 insertions(+), 0 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 9b157f0..67e699c 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -119,6 +119,8 @@ enum powerpc_mmu_t {
 POWERPC_MMU_620= POWERPC_MMU_64 | 0x0002,
 /* Architecture 2.06 variant   */
 POWERPC_MMU_2_06   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG | 0x0003,
+/* Architecture 2.06 "degraded" (no 1T segments)   */
+POWERPC_MMU_2_06d  = POWERPC_MMU_64 | 0x0003,
 #endif /* defined(TARGET_PPC64) */
 };
 
@@ -874,6 +876,29 @@ enum {
 #define DBELL_PIRTAG_MASK  0x3fff
 
 /*/
+/* Segment page size information, used by recent hash MMUs
+ * The format of this structure mirrors kvm_ppc_smmu_info
+ */
+
+#define PPC_PAGE_SIZES_MAX_SZ   8
+
+struct ppc_one_page_size {
+uint32_t page_shift;  /* Page shift (or 0) */
+uint32_t pte_enc; /* Encoding in the HPTE (>>12) */
+};
+
+struct ppc_one_seg_page_size {
+uint32_t page_shift;  /* Base page shift of segment (or 0) */
+uint32_t slb_enc; /* SLB encoding for BookS */
+struct ppc_one_page_size enc[PPC_PAGE_SIZES_MAX_SZ];
+};
+
+struct ppc_segment_page_sizes {
+struct ppc_one_seg_page_size sps[PPC_PAGE_SIZES_MAX_SZ];
+};
+
+
+/*/
 /* The whole PowerPC CPU context */
 #define NB_MMU_MODES 3
 
@@ -889,6 +914,9 @@ struct ppc_def_t {
 powerpc_input_t bus_model;
 uint32_t flags;
 int bfd_mach;
+#if defined(TARGET_PPC64)
+const struct ppc_segment_page_sizes *sps;
+#endif
 void (*init_proc)(CPUPPCState *env);
 int  (*check_pow)(CPUPPCState *env);
 };
@@ -1012,6 +1040,9 @@ struct CPUPPCState {
 uint32_t flags;
 uint64_t insns_flags;
 uint64_t insns_flags2;
+#if defined(TARGET_PPC64)
+struct ppc_segment_page_sizes sps;
+#endif
 
 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
 target_phys_addr_t vpa;
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index c09cc39..b6ef72d 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -18,6 +18,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -167,10 +168,217 @@ static int kvm_booke206_tlb_init(CPUPPCState *env)
 return 0;
 }
 
+
+#if defined(TARGET_PPC64)
+static void kvm_get_fallback_smmu_info(CPUPPCState *env,
+   struct kvm_ppc_smmu_info *info)
+{
+memset(info, 0, sizeof(*info));
+
+/* We don't have the new KVM_PPC_GET_SMMU_INFO ioctl, so
+ * need to "guess" what the supported page sizes are.
+ *
+ * For that to work we make a few assumptions:
+ *
+ * - If KVM_CAP_PPC_GET_PVINFO is supported we are running "PR"
+ *   KVM which only supports 4K and 16M pages, but supports them
+ *   regardless of the backing store characteritics. We also don't
+ *   support 1T segments.
+ *
+ *   This is safe as if HV KVM ever supports that capability or PR
+ *   KVM grows supports for more page/segment sizes, those versions
+ *   will have implemented KVM_CAP_PPC_GET_SMMU_INFO and thus we

[Qemu-devel] [PATCH 39/72] PPC: e500: require libfdt

2012-06-23 Thread Alexander Graf 
Now that we're moving all of the device tree generation from an external
pre-execution generated blob to runtime generation using libfdt, we absolutely
must have libfdt around.

This requirement was there before already, as the only way to not require libfdt
with e500 was to not use -kernel, which was the only way to boot the mpc8544ds
machine. This patch only manifests said requirement in the build system.

Signed-off-by: Alexander Graf 
---
 hw/ppc/Makefile.objs   |2 +-
 hw/ppce500_mpc8544ds.c |5 -
 2 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index 44a1e8c..d18dbaf 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -15,7 +15,7 @@ obj-$(CONFIG_PSERIES) += spapr_pci.o pci-hotplug.o
 obj-y += ppc4xx_devs.o ppc4xx_pci.o ppc405_uc.o ppc405_boards.o
 obj-y += ppc440_bamboo.o
 # PowerPC E500 boards
-obj-y += ppce500_mpc8544ds.o mpc8544_guts.o ppce500_spin.o
+obj-$(CONFIG_FDT) += ppce500_mpc8544ds.o mpc8544_guts.o ppce500_spin.o
 # PowerPC 440 Xilinx ML507 reference board.
 obj-y += virtex_ml507.o
 # PowerPC OpenPIC
diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index b1a0b8c..506ddf3 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -68,7 +68,6 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 const char *kernel_cmdline)
 {
 int ret = -1;
-#ifdef CONFIG_FDT
 uint32_t mem_reg_property[] = {0, cpu_to_be32(ramsize)};
 char *filename;
 int fdt_size;
@@ -173,7 +172,6 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 ret = fdt_size;
 
 out:
-#endif
 
 return ret;
 }
@@ -391,9 +389,6 @@ static void mpc8544ds_init(ram_addr_t ram_size,
 struct boot_info *boot_info;
 int dt_size;
 
-#ifndef CONFIG_FDT
-cpu_abort(env, "Compiled without FDT support - can't load kernel\n");
-#endif
 dt_base = (loadaddr + kernel_size + DTC_LOAD_PAD) & ~DTC_PAD_MASK;
 dt_size = mpc8544_load_device_tree(env, dt_base, ram_size, initrd_base,
initrd_size, kernel_cmdline);
-- 
1.6.0.2

[Qemu-devel] [PATCH 52/72] PPC: e500: dt: use 64bit cell helper

2012-06-23 Thread Alexander Graf 
We have a nice 64bit helper to ease the device tree generation and
make the code more readable when creating 64bit 2-cell parameters.
Use it when generating the device tree.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 7c6edc2..5fa2089 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -174,7 +174,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
the first node as boot node and be happy */
 for (i = smp_cpus - 1; i >= 0; i--) {
 char cpu_name[128];
-uint64_t cpu_release_addr = cpu_to_be64(MPC8544_SPIN_BASE + (i * 
0x20));
+uint64_t cpu_release_addr = MPC8544_SPIN_BASE + (i * 0x20);
 
 for (env = first_cpu; env != NULL; env = env->next_cpu) {
 if (env->cpu_index == i) {
@@ -202,8 +202,8 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 if (env->cpu_index) {
 qemu_devtree_setprop_string(fdt, cpu_name, "status", "disabled");
 qemu_devtree_setprop_string(fdt, cpu_name, "enable-method", 
"spin-table");
-qemu_devtree_setprop(fdt, cpu_name, "cpu-release-addr",
- &cpu_release_addr, sizeof(cpu_release_addr));
+qemu_devtree_setprop_u64(fdt, cpu_name, "cpu-release-addr",
+ cpu_release_addr);
 } else {
 qemu_devtree_setprop_string(fdt, cpu_name, "status", "okay");
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 23/72] PPC: mpc8544ds: Span initial TLB entry over as much RAM as we need

2012-06-23 Thread Alexander Graf 
The initial TLB entry is supposed to help us run the guest -kernel payload.
This means the guest needs to be able to access its own memory, the initrd
memory and the device tree.

So far we only statically reserved a TLB entry from [0;256M[. This patch
fixes it to span from [0;dt_end[, allowing the guest payload to access
everything initially.

Reported-by: Stuart Yoder 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |   41 +++--
 1 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 3eb8a23..b1a0b8c 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -31,6 +31,7 @@
 #include "elf.h"
 #include "sysbus.h"
 #include "exec-memory.h"
+#include "host-utils.h"
 
 #define BINARY_DEVICE_TREE_FILE"mpc8544ds.dtb"
 #define UIMAGE_LOAD_BASE   0
@@ -55,6 +56,7 @@
 struct boot_info
 {
 uint32_t dt_base;
+uint32_t dt_size;
 uint32_t entry;
 };
 
@@ -164,7 +166,11 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 }
 
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
+if (ret < 0) {
+goto out;
+}
 g_free(fdt);
+ret = fdt_size;
 
 out:
 #endif
@@ -172,23 +178,27 @@ out:
 return ret;
 }
 
-/* Create -kernel TLB entries for BookE, linearly spanning 256MB.  */
+/* Create -kernel TLB entries for BookE.  */
 static inline target_phys_addr_t booke206_page_size_to_tlb(uint64_t size)
 {
-return ffs(size >> 10) - 1;
+return 63 - clz64(size >> 10);
 }
 
-static void mmubooke_create_initial_mapping(CPUPPCState *env,
- target_ulong va,
- target_phys_addr_t pa)
+static void mmubooke_create_initial_mapping(CPUPPCState *env)
 {
+struct boot_info *bi = env->load_info;
 ppcmas_tlb_t *tlb = booke206_get_tlbm(env, 1, 0, 0);
-target_phys_addr_t size;
-
-size = (booke206_page_size_to_tlb(256 * 1024 * 1024) << MAS1_TSIZE_SHIFT);
+target_phys_addr_t size, dt_end;
+int ps;
+
+/* Our initial TLB entry needs to cover everything from 0 to
+   the device tree top */
+dt_end = bi->dt_base + bi->dt_size;
+ps = booke206_page_size_to_tlb(dt_end) + 1;
+size = (ps << MAS1_TSIZE_SHIFT);
 tlb->mas1 = MAS1_VALID | size;
-tlb->mas2 = va & TARGET_PAGE_MASK;
-tlb->mas7_3 = pa & TARGET_PAGE_MASK;
+tlb->mas2 = 0;
+tlb->mas7_3 = 0;
 tlb->mas7_3 |= MAS3_UR | MAS3_UW | MAS3_UX | MAS3_SR | MAS3_SW | MAS3_SX;
 
 env->tlb_dirty = true;
@@ -220,7 +230,7 @@ static void mpc8544ds_cpu_reset(void *opaque)
 env->gpr[1] = (16<<20) - 8;
 env->gpr[3] = bi->dt_base;
 env->nip = bi->entry;
-mmubooke_create_initial_mapping(env, 0, 0);
+mmubooke_create_initial_mapping(env);
 }
 
 static void mpc8544ds_init(ram_addr_t ram_size,
@@ -379,13 +389,15 @@ static void mpc8544ds_init(ram_addr_t ram_size,
 /* If we're loading a kernel directly, we must load the device tree too. */
 if (kernel_filename) {
 struct boot_info *boot_info;
+int dt_size;
 
 #ifndef CONFIG_FDT
 cpu_abort(env, "Compiled without FDT support - can't load kernel\n");
 #endif
-dt_base = (kernel_size + DTC_LOAD_PAD) & ~DTC_PAD_MASK;
-if (mpc8544_load_device_tree(env, dt_base, ram_size,
-initrd_base, initrd_size, kernel_cmdline) < 0) {
+dt_base = (loadaddr + kernel_size + DTC_LOAD_PAD) & ~DTC_PAD_MASK;
+dt_size = mpc8544_load_device_tree(env, dt_base, ram_size, initrd_base,
+   initrd_size, kernel_cmdline);
+if (dt_size < 0) {
 fprintf(stderr, "couldn't load device tree\n");
 exit(1);
 }
@@ -393,6 +405,7 @@ static void mpc8544ds_init(ram_addr_t ram_size,
 boot_info = env->load_info;
 boot_info->entry = entry;
 boot_info->dt_base = dt_base;
+boot_info->dt_size = dt_size;
 }
 
 if (kvm_enabled()) {
-- 
1.6.0.2

[Qemu-devel] [PATCH 04/72] ppc: Fix coding style in helper.c

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

helper.c will be spilt by the next patches, fix
style issues before that.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/helper.c |  394 ++-
 1 files changed, 230 insertions(+), 164 deletions(-)

diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index 3f7d8a4..44f1cdd 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -1,5 +1,5 @@
 /*
- *  PowerPC emulation helpers for qemu.
+ *  PowerPC emulation helpers for QEMU.
  *
  *  Copyright (c) 2003-2007 Jocelyn Mayer
  *
@@ -73,8 +73,8 @@ void (*cpu_ppc_hypercall)(CPUPPCState *);
 /* PowerPC MMU emulation */
 
 #if defined(CONFIG_USER_ONLY)
-int cpu_ppc_handle_mmu_fault (CPUPPCState *env, target_ulong address, int rw,
-  int mmu_idx)
+int cpu_ppc_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw,
+ int mmu_idx)
 {
 int exception, error_code;
 
@@ -84,8 +84,9 @@ int cpu_ppc_handle_mmu_fault (CPUPPCState *env, target_ulong 
address, int rw,
 } else {
 exception = POWERPC_EXCP_DSI;
 error_code = 0x4000;
-if (rw)
+if (rw) {
 error_code |= 0x0200;
+}
 env->spr[SPR_DAR] = address;
 env->spr[SPR_DSISR] = error_code;
 }
@@ -160,8 +161,9 @@ static inline int pp_check(int key, int pp, int nx)
 break;
 }
 }
-if (nx == 0)
+if (nx == 0) {
 access |= PAGE_EXEC;
+}
 
 return access;
 }
@@ -171,27 +173,30 @@ static inline int check_prot(int prot, int rw, int 
access_type)
 int ret;
 
 if (access_type == ACCESS_CODE) {
-if (prot & PAGE_EXEC)
+if (prot & PAGE_EXEC) {
 ret = 0;
-else
+} else {
 ret = -2;
+}
 } else if (rw) {
-if (prot & PAGE_WRITE)
+if (prot & PAGE_WRITE) {
 ret = 0;
-else
+} else {
 ret = -2;
+}
 } else {
-if (prot & PAGE_READ)
+if (prot & PAGE_READ) {
 ret = 0;
-else
+} else {
 ret = -2;
+}
 }
 
 return ret;
 }
 
-static inline int _pte_check(mmu_ctx_t *ctx, int is_64b, target_ulong pte0,
- target_ulong pte1, int h, int rw, int type)
+static inline int pte_check(mmu_ctx_t *ctx, int is_64b, target_ulong pte0,
+target_ulong pte1, int h, int rw, int type)
 {
 target_ulong ptem, mmask;
 int access, ret, pteh, ptev, pp;
@@ -254,14 +259,14 @@ static inline int _pte_check(mmu_ctx_t *ctx, int is_64b, 
target_ulong pte0,
 static inline int pte32_check(mmu_ctx_t *ctx, target_ulong pte0,
   target_ulong pte1, int h, int rw, int type)
 {
-return _pte_check(ctx, 0, pte0, pte1, h, rw, type);
+return pte_check(ctx, 0, pte0, pte1, h, rw, type);
 }
 
 #if defined(TARGET_PPC64)
 static inline int pte64_check(mmu_ctx_t *ctx, target_ulong pte0,
   target_ulong pte1, int h, int rw, int type)
 {
-return _pte_check(ctx, 1, pte0, pte1, h, rw, type);
+return pte_check(ctx, 1, pte0, pte1, h, rw, type);
 }
 #endif
 
@@ -291,8 +296,8 @@ static inline int pte_update_flags(mmu_ctx_t *ctx, 
target_ulong *pte1p,
 }
 
 /* Software driven TLB helpers */
-static inline int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr, int 
way,
-int is_code)
+static inline int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
+int way, int is_code)
 {
 int nr;
 
@@ -301,8 +306,9 @@ static inline int ppc6xx_tlb_getnum(CPUPPCState *env, 
target_ulong eaddr, int wa
 /* Select TLB way */
 nr += env->tlb_per_way * way;
 /* 6xx have separate TLBs for instructions and data */
-if (is_code && env->id_tlbs == 1)
+if (is_code && env->id_tlbs == 1) {
 nr += env->nb_tlb;
+}
 
 return nr;
 }
@@ -312,11 +318,12 @@ static inline void ppc6xx_tlb_invalidate_all(CPUPPCState 
*env)
 ppc6xx_tlb_t *tlb;
 int nr, max;
 
-//LOG_SWTLB("Invalidate all TLBs\n");
+/* LOG_SWTLB("Invalidate all TLBs\n"); */
 /* Invalidate all defined software TLB */
 max = env->nb_tlb;
-if (env->id_tlbs == 1)
+if (env->id_tlbs == 1) {
 max *= 2;
+}
 for (nr = 0; nr < max; nr++) {
 tlb = &env->tlb.tlb6[nr];
 pte_invalidate(&tlb->pte0);
@@ -324,9 +331,9 @@ static inline void ppc6xx_tlb_invalidate_all(CPUPPCState 
*env)
 tlb_flush(env, 1);
 }
 
-static inline void __ppc6xx_tlb_invalidate_virt(CPUPPCState *env,
-target_ulong eaddr,
-int is_code, int match_epn)
+static inline void ppc6xx_tlb_invalidate_virt2(CPUPPCState *env,
+

[Qemu-devel] [PATCH 30/72] raw-posix: Fix build without is_allocated support

2012-06-23 Thread Alexander Graf 
From: Kevin Wolf 

Move the declaration of s into the #ifdef sections that actually make
use of it.

Signed-off-by: Kevin Wolf 
Signed-off-by: Alexander Graf 
---
 block/raw-posix.c |9 -
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index bf7700a..0dce089 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -606,7 +606,6 @@ static int coroutine_fn 
raw_co_is_allocated(BlockDriverState *bs,
 int64_t sector_num,
 int nb_sectors, int *pnum)
 {
-BDRVRawState *s = bs->opaque;
 off_t start, data, hole;
 int ret;
 
@@ -616,11 +615,15 @@ static int coroutine_fn 
raw_co_is_allocated(BlockDriverState *bs,
 }
 
 start = sector_num * BDRV_SECTOR_SIZE;
+
 #ifdef CONFIG_FIEMAP
+
+BDRVRawState *s = bs->opaque;
 struct {
 struct fiemap fm;
 struct fiemap_extent fe;
 } f;
+
 f.fm.fm_start = start;
 f.fm.fm_length = (int64_t)nb_sectors * BDRV_SECTOR_SIZE;
 f.fm.fm_flags = 0;
@@ -643,7 +646,11 @@ static int coroutine_fn 
raw_co_is_allocated(BlockDriverState *bs,
 data = f.fe.fe_logical;
 hole = f.fe.fe_logical + f.fe.fe_length;
 }
+
 #elif defined SEEK_HOLE && defined SEEK_DATA
+
+BDRVRawState *s = bs->opaque;
+
 hole = lseek(s->fd, start, SEEK_HOLE);
 if (hole == -1) {
 /* -ENXIO indicates that sector_num was past the end of the file.
-- 
1.6.0.2

[Qemu-devel] [PATCH 55/72] Revert "dt: temporarily disable subtree creation failure check"

2012-06-23 Thread Alexander Graf 
This reverts commit "dt: temporarily disable subtree creation
failure check" which was meant as a temporary solution to keep
external and dynamic device tree construction intact.

Now that we switched to fully dynamic dt construction, it's no
longer necessary.

Signed-off-by: Alexander Graf 
---
 device_tree.c |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index c8d68c2..cc83f0f 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -239,13 +239,11 @@ int qemu_devtree_add_subnode(void *fdt, const char *name)
 }
 
 retval = fdt_add_subnode(fdt, parent, basename);
-#if 0
 if (retval < 0) {
 fprintf(stderr, "FDT: Failed to create subnode %s: %s\n", name,
 fdt_strerror(retval));
 exit(1);
 }
-#endif
 
 g_free(dupname);
 return retval;
-- 
1.6.0.2

[Qemu-devel] [PATCH 40/72] PPC: e500: dt: create memory node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |8 
 pc-bios/mpc8544ds.dtb  |  Bin 2028 -> 1972 bytes
 pc-bios/mpc8544ds.dts  |5 -
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 506ddf3..3ec9013 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -88,10 +88,10 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 }
 
 /* Manipulate device tree in memory. */
-ret = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
-   sizeof(mem_reg_property));
-if (ret < 0)
-fprintf(stderr, "couldn't set /memory/reg\n");
+qemu_devtree_add_subnode(fdt, "/memory");
+qemu_devtree_setprop_string(fdt, "/memory", "device_type", "memory");
+qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
+ sizeof(mem_reg_property));
 
 if (initrd_size) {
 ret = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
index 
c6d302153c7407d5d0127be29b0c35f80e47f8fb..db9fb701f246e058bca4c2fe9546c9f2493a57b1
 100644
GIT binary patch
delta 104
zcmaFEzlC4m0`I@K3=HgB7#J8V7#P@QOcW4jOxUQQ!8o~tF`dzO@&`t7#*oPzOxY|U
z3=FQ5xtSd&?_lx=2{E?=$qCHM8ACQ(uxw`psb#GO3gxhE;!Mm-Pc3FBN==`v&VCdC
D8)_c+

delta 159
zcmdnO|At@S0`I@K3=HgV7#J8V7#P?tOcW4joUu_ugHb0pH8;Pg5-85VzzoFfK;
};
 
-   memory {
-   device_type = "memory";
-   reg = <0x0 0x0>;// Filled by U-Boot
-   };
-
soc8544@e000 {
#address-cells = <1>;
#size-cells = <1>;
-- 
1.6.0.2

[Qemu-devel] [PATCH 70/72] PPC: Extract SPR dump generation into its own function

2012-06-23 Thread Alexander Graf 
This patch moves the debug #ifdef'ed SPR trace generation into its
own function, so we can call it from multiple places.

Signed-off-by: Alexander Graf 
---
 target-ppc/translate_init.c |   30 ++
 1 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index d185aaa..8ff47ae 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -55,28 +55,34 @@ PPC_IRQ_INIT_FN(e500);
 /* Generic callbacks:
  * do nothing but store/retrieve spr value
  */
+static void spr_load_dump_spr(int sprn)
+{
+#ifdef PPC_DUMP_SPR_ACCESSES
+TCGv_i32 t0 = tcg_const_i32(sprn);
+gen_helper_load_dump_spr(t0);
+tcg_temp_free_i32(t0);
+#endif
+}
+
 static void spr_read_generic (void *opaque, int gprn, int sprn)
 {
 gen_load_spr(cpu_gpr[gprn], sprn);
+spr_load_dump_spr(sprn);
+}
+
+static void spr_store_dump_spr(int sprn)
+{
 #ifdef PPC_DUMP_SPR_ACCESSES
-{
-TCGv_i32 t0 = tcg_const_i32(sprn);
-gen_helper_load_dump_spr(t0);
-tcg_temp_free_i32(t0);
-}
+TCGv_i32 t0 = tcg_const_i32(sprn);
+gen_helper_store_dump_spr(t0);
+tcg_temp_free_i32(t0);
 #endif
 }
 
 static void spr_write_generic (void *opaque, int sprn, int gprn)
 {
 gen_store_spr(sprn, cpu_gpr[gprn]);
-#ifdef PPC_DUMP_SPR_ACCESSES
-{
-TCGv_i32 t0 = tcg_const_i32(sprn);
-gen_helper_store_dump_spr(t0);
-tcg_temp_free_i32(t0);
-}
-#endif
+spr_store_dump_spr(sprn);
 }
 
 #if !defined(CONFIG_USER_ONLY)
-- 
1.6.0.2

[Qemu-devel] [PATCH 50/72] PPC: e500: dt: start with empty device tree

2012-06-23 Thread Alexander Graf 
Now that all of the device tree bits are generated during runtime, we
can get rid of the device tree blob and instead start from scratch with
an empty device tree.

Signed-off-by: Alexander Graf 
---
 Makefile   |1 -
 hw/ppce500_mpc8544ds.c |8 +---
 pc-bios/mpc8544ds.dtb  |  Bin 72 -> 0 bytes
 pc-bios/mpc8544ds.dts  |   14 --
 4 files changed, 1 insertions(+), 22 deletions(-)
 delete mode 100644 pc-bios/mpc8544ds.dtb
 delete mode 100644 pc-bios/mpc8544ds.dts

diff --git a/Makefile b/Makefile
index a7281b0..827e1ad 100644
--- a/Makefile
+++ b/Makefile
@@ -260,7 +260,6 @@ pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom \
 pxe-pcnet.rom pxe-rtl8139.rom pxe-virtio.rom \
 qemu-icon.bmp \
 bamboo.dtb petalogix-s3adsp1800.dtb petalogix-ml605.dtb \
-mpc8544ds.dtb \
 multiboot.bin linuxboot.bin kvmvapic.bin \
 s390-zipl.rom \
 spapr-rtas.bin slof.bin \
diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 15df515..880ed55 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -92,7 +92,6 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 {
 int ret = -1;
 uint32_t mem_reg_property[] = {0, cpu_to_be32(ramsize)};
-char *filename;
 int fdt_size;
 void *fdt;
 uint8_t hypercall[16];
@@ -113,12 +112,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 0x2000, 0x100, 0x0, 0x0, 0xe100,
 0x0, 0x1 };
 
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
-if (!filename) {
-goto out;
-}
-fdt = load_device_tree(filename, &fdt_size);
-g_free(filename);
+fdt = create_device_tree(&fdt_size);
 if (fdt == NULL) {
 goto out;
 }
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
deleted file mode 100644
index 
90ef5c00243b04f4aa3f812b89d5b37c63be09f2..
GIT binary patch
literal 0
HcmV?d1

literal 72
mcmcb>`|m9S1A_+;TR>?IAT0>Q0zeD{$ZVJxBb31eq&Wct_yhI;

diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
deleted file mode 100644
index 16aba2b..000
--- a/pc-bios/mpc8544ds.dts
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * MPC8544 DS Device Tree Source
- *
- * Copyright 2007, 2008 Freescale Semiconductor Inc.
- *
- * This program is free software; you can redistribute  it and/or modify it
- * under  the terms of  the GNU General  Public License as published by the
- * Free Software Foundation;  either version 2 of the  License, or (at your
- * option) any later version.
- */
-
-/dts-v1/;
-/ {
-};
-- 
1.6.0.2

[Qemu-devel] [PATCH 14/72] ppc: Cleanup MMU merge

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Remove useless wrappers. In some cases 'int' parameters are
changed to uint32_t.

Make internal functions static.

Signed-off-by: Blue Swirl 
[agraf: fix kvm compilation]
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h|   21 
 target-ppc/mmu_helper.c |  120 ++-
 2 files changed, 35 insertions(+), 106 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 32cfcef..9b157f0 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1118,24 +1118,11 @@ void do_interrupt (CPUPPCState *env);
 void ppc_hw_interrupt (CPUPPCState *env);
 
 #if !defined(CONFIG_USER_ONLY)
-void ppc6xx_tlb_store (CPUPPCState *env, target_ulong EPN, int way, int 
is_code,
-   target_ulong pte0, target_ulong pte1);
-void ppc_store_ibatu (CPUPPCState *env, int nr, target_ulong value);
-void ppc_store_ibatl (CPUPPCState *env, int nr, target_ulong value);
-void ppc_store_dbatu (CPUPPCState *env, int nr, target_ulong value);
-void ppc_store_dbatl (CPUPPCState *env, int nr, target_ulong value);
-void ppc_store_ibatu_601 (CPUPPCState *env, int nr, target_ulong value);
-void ppc_store_ibatl_601 (CPUPPCState *env, int nr, target_ulong value);
 void ppc_store_sdr1 (CPUPPCState *env, target_ulong value);
 #if defined(TARGET_PPC64)
 void ppc_store_asr (CPUPPCState *env, target_ulong value);
-target_ulong ppc_load_slb (CPUPPCState *env, int slb_nr);
-target_ulong ppc_load_sr (CPUPPCState *env, int sr_nr);
 int ppc_store_slb (CPUPPCState *env, target_ulong rb, target_ulong rs);
-int ppc_load_slb_esid (CPUPPCState *env, target_ulong rb, target_ulong *rt);
-int ppc_load_slb_vsid (CPUPPCState *env, target_ulong rb, target_ulong *rt);
 #endif /* defined(TARGET_PPC64) */
-void ppc_store_sr (CPUPPCState *env, int srnum, target_ulong value);
 #endif /* !defined(CONFIG_USER_ONLY) */
 void ppc_store_msr (CPUPPCState *env, target_ulong value);
 
@@ -1174,19 +1161,11 @@ void store_booke_tcr (CPUPPCState *env, target_ulong 
val);
 void store_booke_tsr (CPUPPCState *env, target_ulong val);
 void booke206_flush_tlb(CPUPPCState *env, int flags, const int check_iprot);
 target_phys_addr_t booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t 
*tlb);
-int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
- target_phys_addr_t *raddrp, target_ulong address,
- uint32_t pid, int ext, int i);
 int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
  target_phys_addr_t *raddrp, target_ulong address,
  uint32_t pid);
 void ppc_tlb_invalidate_all (CPUPPCState *env);
 void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr);
-#if defined(TARGET_PPC64)
-void ppc_slb_invalidate_all (CPUPPCState *env);
-void ppc_slb_invalidate_one (CPUPPCState *env, uint64_t T0);
-#endif
-int ppcemb_tlb_search (CPUPPCState *env, target_ulong address, uint32_t pid);
 #endif
 #endif
 
diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index 1f67451..d65d290 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -347,8 +347,8 @@ static inline void ppc6xx_tlb_invalidate_virt(CPUPPCState 
*env,
 ppc6xx_tlb_invalidate_virt2(env, eaddr, is_code, 0);
 }
 
-void ppc6xx_tlb_store(CPUPPCState *env, target_ulong EPN, int way, int is_code,
-  target_ulong pte0, target_ulong pte1)
+static void ppc6xx_tlb_store(CPUPPCState *env, target_ulong EPN, int way,
+ int is_code, target_ulong pte0, target_ulong pte1)
 {
 ppc6xx_tlb_t *tlb;
 int nr;
@@ -712,7 +712,10 @@ static inline ppc_slb_t *slb_lookup(CPUPPCState *env, 
target_ulong eaddr)
 return NULL;
 }
 
-void ppc_slb_invalidate_all(CPUPPCState *env)
+/*/
+/* SPR accesses */
+
+void helper_slbia(CPUPPCState *env)
 {
 int n, do_invalidate;
 
@@ -735,11 +738,11 @@ void ppc_slb_invalidate_all(CPUPPCState *env)
 }
 }
 
-void ppc_slb_invalidate_one(CPUPPCState *env, uint64_t T0)
+void helper_slbie(CPUPPCState *env, target_ulong addr)
 {
 ppc_slb_t *slb;
 
-slb = slb_lookup(env, T0);
+slb = slb_lookup(env, addr);
 if (!slb) {
 return;
 }
@@ -781,7 +784,8 @@ int ppc_store_slb(CPUPPCState *env, target_ulong rb, 
target_ulong rs)
 return 0;
 }
 
-int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb, target_ulong *rt)
+static int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb,
+ target_ulong *rt)
 {
 int slot = rb & 0xfff;
 ppc_slb_t *slb = &env->slb[slot];
@@ -794,7 +798,8 @@ int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb, 
target_ulong *rt)
 return 0;
 }
 
-int ppc_load_slb_vsid(CPUPPCState *env, target_ulong rb, target_ulong *rt)
+static int ppc_load_slb_vsid(CPUPPCState *env, target_ulong rb,
+ target_ulong *r

[Qemu-devel] [PATCH 68/72] PPC: BookE: Make ivpr selectable by CPU type

2012-06-23 Thread Alexander Graf 
IVPR can either hold 32 or 64 bit addresses, depending on the CPU type. Let
the CPU initialization function pass in its mask itself, so we can easily
extend it.

Signed-off-by: Alexander Graf 
---
 target-ppc/translate_init.c |9 +
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 57027a2..98695ab 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -2804,7 +2804,7 @@ static void init_excp_G2 (CPUPPCState *env)
 #endif
 }
 
-static void init_excp_e200 (CPUPPCState *env)
+static void init_excp_e200(CPUPPCState *env, target_ulong ivpr_mask)
 {
 #if !defined(CONFIG_USER_ONLY)
 env->excp_vectors[POWERPC_EXCP_RESET]= 0x0FFC;
@@ -2829,7 +2829,7 @@ static void init_excp_e200 (CPUPPCState *env)
 env->excp_vectors[POWERPC_EXCP_EFPRI]= 0x;
 env->hreset_excp_prefix = 0xUL;
 env->ivor_mask = 0xFFF7UL;
-env->ivpr_mask = 0xUL;
+env->ivpr_mask = ivpr_mask;
 /* Hardware reset vector */
 env->hreset_vector = 0xFFFCUL;
 #endif
@@ -4307,7 +4307,7 @@ static void init_proc_e200 (CPUPPCState *env)
 env->id_tlbs = 0;
 env->tlb_type = TLB_EMB;
 #endif
-init_excp_e200(env);
+init_excp_e200(env, 0xUL);
 env->dcache_line_size = 32;
 env->icache_line_size = 32;
 /* XXX: TODO: allocate internal IRQ controller */
@@ -4434,6 +4434,7 @@ static void init_proc_e500 (CPUPPCState *env, int version)
 {
 uint32_t tlbncfg[2];
 uint64_t ivor_mask = 0x000FULL;
+uint64_t ivpr_mask = 0xULL;
 uint32_t l1cfg0 = 0x3800  /* 8 ways */
 | 0x0020; /* 32 kb */
 #if !defined(CONFIG_USER_ONLY)
@@ -4575,7 +4576,7 @@ static void init_proc_e500 (CPUPPCState *env, int version)
 }
 #endif
 
-init_excp_e200(env);
+init_excp_e200(env, ivpr_mask);
 /* Allocate hardware IRQ controller */
 ppce500_irq_init(env);
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 57/72] PPC: e500: Use new SOC dt format

2012-06-23 Thread Alexander Graf 
Due to popular demand, let's clean up the soc node a bit and use
more recent dt notions.

Requested-by: Scott Wood 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |9 -
 1 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index e3e0659..7dc3a07 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -43,7 +43,6 @@
 #define RAM_SIZES_ALIGN(64UL << 20)
 
 #define MPC8544_CCSRBAR_BASE   0xE000
-#define MPC8544_CCSRBAR_REGSIZE0x1000
 #define MPC8544_CCSRBAR_SIZE   0x0010
 #define MPC8544_MPIC_REGS_BASE (MPC8544_CCSRBAR_BASE + 0x4)
 #define MPC8544_SERIAL0_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x4500)
@@ -99,6 +98,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 uint32_t tb_freq = 4;
 int i;
 char compatible[] = "MPC8544DS\0MPC85xxDS";
+char compatible_sb[] = "fsl,mpc8544-immr\0simple-bus";
 char model[] = "MPC8544DS";
 char soc[128];
 char ser0[128];
@@ -232,16 +232,15 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 
 qemu_devtree_add_subnode(fdt, "/aliases");
 /* XXX These should go into their respective devices' code */
-snprintf(soc, sizeof(soc), "/soc8544@%x", MPC8544_CCSRBAR_BASE);
+snprintf(soc, sizeof(soc), "/soc@%x", MPC8544_CCSRBAR_BASE);
 qemu_devtree_add_subnode(fdt, soc);
 qemu_devtree_setprop_string(fdt, soc, "device_type", "soc");
-qemu_devtree_setprop_string(fdt, soc, "compatible", "simple-bus");
+qemu_devtree_setprop(fdt, soc, "compatible", compatible_sb,
+ sizeof(compatible_sb));
 qemu_devtree_setprop_cell(fdt, soc, "#address-cells", 1);
 qemu_devtree_setprop_cell(fdt, soc, "#size-cells", 1);
 qemu_devtree_setprop_cells(fdt, soc, "ranges", 0x0, MPC8544_CCSRBAR_BASE,
MPC8544_CCSRBAR_SIZE);
-qemu_devtree_setprop_cells(fdt, soc, "reg", MPC8544_CCSRBAR_BASE,
-   MPC8544_CCSRBAR_REGSIZE);
 /* XXX should contain a reasonable value */
 qemu_devtree_setprop_cell(fdt, soc, "bus-frequency", 0);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 21/72] ppc: Add missing break

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add obviously missing 'break' statement.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/fpu_helper.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/target-ppc/fpu_helper.c b/target-ppc/fpu_helper.c
index d90636f..9d67926 100644
--- a/target-ppc/fpu_helper.c
+++ b/target-ppc/fpu_helper.c
@@ -310,6 +310,7 @@ void helper_fpscr_setbit(CPUPPCState *env, uint32_t bit)
 if (fpscr_ve) {
 goto raise_ve;
 }
+break;
 case FPSCR_OX:
 env->fpscr |= 1 << FPSCR_FX;
 if (fpscr_oe) {
-- 
1.6.0.2

[Qemu-devel] [PATCH 42/72] PPC: e500: dt: create /hypervisor node dynamically

2012-06-23 Thread Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |1 +
 pc-bios/mpc8544ds.dtb  |  Bin 1924 -> 1904 bytes
 pc-bios/mpc8544ds.dts  |3 ---
 3 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index c046206..54e7ec7 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -118,6 +118,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 tb_freq = kvmppc_get_tbfreq();
 
 /* indicate KVM hypercall interface */
+qemu_devtree_add_subnode(fdt, "/hypervisor");
 qemu_devtree_setprop_string(fdt, "/hypervisor", "compatible",
 "linux,kvm");
 kvmppc_get_hypercall(env, hypercall, sizeof(hypercall));
diff --git a/pc-bios/mpc8544ds.dtb b/pc-bios/mpc8544ds.dtb
index 
a85b93c1e6e66c318c3f0c1910abae78f4b78f5e..8194aa2e6f292fb34023feb596aa19448b8af0d0
 100644
GIT binary patch
delta 35
rcmZqS|G+13f%o5A1_t&51_lNT1_ri}i2~w`G8;A2*)}J$DKY{8vYZHv

delta 47
zcmeys*TOGwf%o5A1_t&P1_lNT1_ri_i2~w`1{*ch*|-@qDhpDJ$})@di#EHlX)yu-
DKg10i

diff --git a/pc-bios/mpc8544ds.dts b/pc-bios/mpc8544ds.dts
index 1fcb865..2ca7c54 100644
--- a/pc-bios/mpc8544ds.dts
+++ b/pc-bios/mpc8544ds.dts
@@ -103,7 +103,4 @@
chosen {
linux,stdout-path = "/soc8544@e000/serial@4500";
};
-
-   hypervisor {
-   };
 };
-- 
1.6.0.2

[Qemu-devel] [PATCH 34/72] dt: temporarily disable subtree creation failure check

2012-06-23 Thread Alexander Graf 
Usually we want to know when creating a subtree fails. However, while
introducing this patch set we have to modify the device tree and some
times have the code to create a subtree in both the binary tree and
the dynamically created tree.

So ignore failures about this for now and enable them once we got rid
of the binary device tree.

Signed-off-by: Alexander Graf 
---
 device_tree.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 2905f9a..967c97a 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -174,11 +174,13 @@ int qemu_devtree_add_subnode(void *fdt, const char *name)
 }
 
 retval = fdt_add_subnode(fdt, parent, basename);
+#if 0
 if (retval < 0) {
 fprintf(stderr, "FDT: Failed to create subnode %s: %s\n", name,
 fdt_strerror(retval));
 exit(1);
 }
+#endif
 
 g_free(dupname);
 return retval;
-- 
1.6.0.2

[Qemu-devel] [PATCH 02/72] ppc: Split exception helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Move exception helpers from op_helper.c to excp_helper.c.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |2 +
 target-ppc/excp_helper.c |  218 ++
 target-ppc/op_helper.c   |  190 
 3 files changed, 220 insertions(+), 190 deletions(-)
 create mode 100644 target-ppc/excp_helper.c

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index f781610..c0f7e76 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -2,5 +2,7 @@ obj-y += translate.o op_helper.o helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o
 obj-$(CONFIG_KVM) += kvm.o kvm_ppc.o
 obj-y += op_helper.o helper.o
+obj-y += excp_helper.o
 
+$(obj)/excp_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
new file mode 100644
index 000..f03f738
--- /dev/null
+++ b/target-ppc/excp_helper.c
@@ -0,0 +1,218 @@
+/*
+ *  PowerPC exception emulation helpers for QEMU.
+ *
+ *  Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#include "cpu.h"
+#include "dyngen-exec.h"
+#include "helper.h"
+
+#include "helper_regs.h"
+
+//#define DEBUG_OP
+//#define DEBUG_EXCEPTIONS
+
+/*/
+/* Exceptions processing helpers */
+
+void helper_raise_exception_err(uint32_t exception, uint32_t error_code)
+{
+#if 0
+printf("Raise exception %3x code : %d\n", exception, error_code);
+#endif
+env->exception_index = exception;
+env->error_code = error_code;
+cpu_loop_exit(env);
+}
+
+void helper_raise_exception(uint32_t exception)
+{
+helper_raise_exception_err(exception, 0);
+}
+
+#if !defined(CONFIG_USER_ONLY)
+void helper_store_msr(target_ulong val)
+{
+val = hreg_store_msr(env, val, 0);
+if (val != 0) {
+env->interrupt_request |= CPU_INTERRUPT_EXITTB;
+helper_raise_exception(val);
+}
+}
+
+static inline void do_rfi(target_ulong nip, target_ulong msr,
+  target_ulong msrm, int keep_msrh)
+{
+#if defined(TARGET_PPC64)
+if (msr & (1ULL << MSR_SF)) {
+nip = (uint64_t)nip;
+msr &= (uint64_t)msrm;
+} else {
+nip = (uint32_t)nip;
+msr = (uint32_t)(msr & msrm);
+if (keep_msrh) {
+msr |= env->msr & ~((uint64_t)0x);
+}
+}
+#else
+nip = (uint32_t)nip;
+msr &= (uint32_t)msrm;
+#endif
+/* XXX: beware: this is false if VLE is supported */
+env->nip = nip & ~((target_ulong)0x0003);
+hreg_store_msr(env, msr, 1);
+#if defined(DEBUG_OP)
+cpu_dump_rfi(env->nip, env->msr);
+#endif
+/* No need to raise an exception here,
+ * as rfi is always the last insn of a TB
+ */
+env->interrupt_request |= CPU_INTERRUPT_EXITTB;
+}
+
+void helper_rfi(void)
+{
+do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
+   ~((target_ulong)0x783F), 1);
+}
+
+#if defined(TARGET_PPC64)
+void helper_rfid(void)
+{
+do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
+   ~((target_ulong)0x783F), 0);
+}
+
+void helper_hrfid(void)
+{
+do_rfi(env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
+   ~((target_ulong)0x783F), 0);
+}
+#endif
+
+/*/
+/* Embedded PowerPC specific helpers */
+void helper_40x_rfci(void)
+{
+do_rfi(env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3],
+   ~((target_ulong)0x), 0);
+}
+
+void helper_rfci(void)
+{
+do_rfi(env->spr[SPR_BOOKE_CSRR0], SPR_BOOKE_CSRR1,
+   ~((target_ulong)0x3FFF), 0);
+}
+
+void helper_rfdi(void)
+{
+do_rfi(env->spr[SPR_BOOKE_DSRR0], SPR_BOOKE_DSRR1,
+   ~((target_ulong)0x3FFF), 0);
+}
+
+void helper_rfmci(void)
+{
+do_rfi(env->spr[SPR_BOOKE_MCSRR0], SPR_BOOKE_MCSRR1,
+   ~((target_ulong)0x3FFF), 0);
+}
+#endif
+
+void helper_tw(target_ulong arg1, target_ulong arg2, uint32_t flags)
+{
+if (!likely(!(((int32_t)arg1 < (int32_t)arg2 && (flags & 0x10)) ||
+  ((int32_t)arg1 > (int32_t)arg2 && (flags & 0x08)) ||
+  ((int3

[Qemu-devel] [PATCH 03/72] ppc: Avoid AREG0 for exception helpers

2012-06-23 Thread Alexander Graf 
From: Blue Swirl 

Add an explicit CPUPPCState parameter instead of relying on AREG0.

Signed-off-by: Blue Swirl 
Signed-off-by: Alexander Graf 
Signed-off-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 target-ppc/Makefile.objs |1 -
 target-ppc/excp_helper.c |   60 -
 target-ppc/helper.h  |   28 ++--
 target-ppc/op_helper.c   |   32 +--
 target-ppc/translate.c   |   40 --
 5 files changed, 85 insertions(+), 76 deletions(-)

diff --git a/target-ppc/Makefile.objs b/target-ppc/Makefile.objs
index c0f7e76..a02b7bc 100644
--- a/target-ppc/Makefile.objs
+++ b/target-ppc/Makefile.objs
@@ -4,5 +4,4 @@ obj-$(CONFIG_KVM) += kvm.o kvm_ppc.o
 obj-y += op_helper.o helper.o
 obj-y += excp_helper.o
 
-$(obj)/excp_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index f03f738..c153f4a 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -17,7 +17,6 @@
  * License along with this library; if not, see .
  */
 #include "cpu.h"
-#include "dyngen-exec.h"
 #include "helper.h"
 
 #include "helper_regs.h"
@@ -28,7 +27,8 @@
 /*/
 /* Exceptions processing helpers */
 
-void helper_raise_exception_err(uint32_t exception, uint32_t error_code)
+void helper_raise_exception_err(CPUPPCState *env, uint32_t exception,
+uint32_t error_code)
 {
 #if 0
 printf("Raise exception %3x code : %d\n", exception, error_code);
@@ -38,22 +38,22 @@ void helper_raise_exception_err(uint32_t exception, 
uint32_t error_code)
 cpu_loop_exit(env);
 }
 
-void helper_raise_exception(uint32_t exception)
+void helper_raise_exception(CPUPPCState *env, uint32_t exception)
 {
-helper_raise_exception_err(exception, 0);
+helper_raise_exception_err(env, exception, 0);
 }
 
 #if !defined(CONFIG_USER_ONLY)
-void helper_store_msr(target_ulong val)
+void helper_store_msr(CPUPPCState *env, target_ulong val)
 {
 val = hreg_store_msr(env, val, 0);
 if (val != 0) {
 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
-helper_raise_exception(val);
+helper_raise_exception(env, val);
 }
 }
 
-static inline void do_rfi(target_ulong nip, target_ulong msr,
+static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr,
   target_ulong msrm, int keep_msrh)
 {
 #if defined(TARGET_PPC64)
@@ -83,73 +83,77 @@ static inline void do_rfi(target_ulong nip, target_ulong 
msr,
 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
 }
 
-void helper_rfi(void)
+void helper_rfi(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
+do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
~((target_ulong)0x783F), 1);
 }
 
 #if defined(TARGET_PPC64)
-void helper_rfid(void)
+void helper_rfid(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
+do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
~((target_ulong)0x783F), 0);
 }
 
-void helper_hrfid(void)
+void helper_hrfid(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
+do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
~((target_ulong)0x783F), 0);
 }
 #endif
 
 /*/
 /* Embedded PowerPC specific helpers */
-void helper_40x_rfci(void)
+void helper_40x_rfci(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3],
+do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3],
~((target_ulong)0x), 0);
 }
 
-void helper_rfci(void)
+void helper_rfci(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_BOOKE_CSRR0], SPR_BOOKE_CSRR1,
+do_rfi(env, env->spr[SPR_BOOKE_CSRR0], SPR_BOOKE_CSRR1,
~((target_ulong)0x3FFF), 0);
 }
 
-void helper_rfdi(void)
+void helper_rfdi(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_BOOKE_DSRR0], SPR_BOOKE_DSRR1,
+do_rfi(env, env->spr[SPR_BOOKE_DSRR0], SPR_BOOKE_DSRR1,
~((target_ulong)0x3FFF), 0);
 }
 
-void helper_rfmci(void)
+void helper_rfmci(CPUPPCState *env)
 {
-do_rfi(env->spr[SPR_BOOKE_MCSRR0], SPR_BOOKE_MCSRR1,
+do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], SPR_BOOKE_MCSRR1,
~((target_ulong)0x3FFF), 0);
 }
 #endif
 
-void helper_tw(target_ulong arg1, target_ulong arg2, uint32_t flags)
+void helper_tw(CPUPPCState *env, target_ulong arg1, target_ulong arg2,
+   uint32_t flags)
 {
 if (!likely(!(((int32_t)arg1 < (int32_t)arg2 && (flags & 0x10)) ||
   ((int32_t)arg1 > (int32_t)arg2 && (flags & 0x08)) ||
   ((int32_t)arg1 == (int32_t)arg2 && (flags & 0x04)) ||
   ((uint32_t)arg1 < (uint32_t)arg2 && (fla

Re: [Qemu-devel] [PATCH 11/11] Add a memory barrier to DMA functions

2012-06-23 Thread Blue Swirl 
On Fri, Jun 22, 2012 at 3:29 AM, Benjamin Herrenschmidt
 wrote:
> The emulated devices can run simultaneously with the guest, so
> we need to be careful with ordering of load and stores done by
> them to the guest system memory, which need to be observed in
> the right order by the guest operating system.
>
> This adds a barrier call to the basic DMA read/write ops which
> is currently implemented as a smp_mb(), but could be later
> improved for more fine grained control of barriers.
>
> Additionally, a _relaxed() variant of the accessors is provided
> to easily convert devices who would be performance sensitive
> and negatively impacted by the change.
>
> Signed-off-by: Benjamin Herrenschmidt 
> ---
>  dma-helpers.c |    2 ++
>  dma.h         |   52 ++--
>  2 files changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/dma-helpers.c b/dma-helpers.c
> index 2e09ceb..35cb500 100644
> --- a/dma-helpers.c
> +++ b/dma-helpers.c
> @@ -31,6 +31,8 @@ static void do_dma_memory_set(dma_addr_t addr, uint8_t c, 
> dma_addr_t len)
>
>  int dma_memory_set(DMAContext *dma, dma_addr_t addr, uint8_t c, dma_addr_t 
> len)
>  {
> +    dma_barrier(dma, DMA_DIRECTION_FROM_DEVICE);
> +
>     if (dma_has_iommu(dma)) {
>         return iommu_dma_memory_set(dma, addr, c, len);
>     }
> diff --git a/dma.h b/dma.h
> index f52a656..54cdd24 100644
> --- a/dma.h
> +++ b/dma.h
> @@ -13,6 +13,7 @@
>  #include 
>  #include "hw/hw.h"
>  #include "block.h"
> +#include "kvm.h"
>
>  typedef struct DMAContext DMAContext;
>  typedef struct ScatterGatherEntry ScatterGatherEntry;
> @@ -65,6 +66,30 @@ struct DMAContext {
>     DMAUnmapFunc *unmap;
>  };
>
> +static inline void dma_barrier(DMAContext *dma, DMADirection dir)
> +{
> +    /*
> +     * This is called before DMA read and write operations
> +     * unless the _relaxed form is used and is responsible
> +     * for providing some sane ordering of accesses vs
> +     * concurrently running VCPUs.
> +     *
> +     * Users of map(), unmap() or lower level st/ld_*
> +     * operations are responsible for providing their own
> +     * ordering via barriers.
> +     *
> +     * This primitive implementation does a simple smp_mb()
> +     * before each operation which provides pretty much full
> +     * ordering.
> +     *
> +     * A smarter implementation can be devised if needed to
> +     * use lighter barriers based on the direction of the
> +     * transfer, the DMA context, etc...
> +     */
> +    if (kvm_enabled())
> +        smp_mb();

Missing braces. Please use checkpatch.pl to avoid issues like this.

> +}
> +
>  static inline bool dma_has_iommu(DMAContext *dma)
>  {
>     return !!dma;
> @@ -88,8 +113,9 @@ static inline bool dma_memory_valid(DMAContext *dma,
>
>  int iommu_dma_memory_rw(DMAContext *dma, dma_addr_t addr,
>                         void *buf, dma_addr_t len, DMADirection dir);
> -static inline int dma_memory_rw(DMAContext *dma, dma_addr_t addr,
> -                                void *buf, dma_addr_t len, DMADirection dir)
> +static inline int dma_memory_rw_relaxed(DMAContext *dma, dma_addr_t addr,
> +                                        void *buf, dma_addr_t len,
> +                                        DMADirection dir)
>  {
>     if (!dma_has_iommu(dma)) {
>         /* Fast-path for no IOMMU */
> @@ -101,6 +127,28 @@ static inline int dma_memory_rw(DMAContext *dma, 
> dma_addr_t addr,
>     }
>  }
>
> +static inline int dma_memory_read_relaxed(DMAContext *dma, dma_addr_t addr,
> +                                          void *buf, dma_addr_t len)
> +{
> +    return dma_memory_rw_relaxed(dma, addr, buf, len, 
> DMA_DIRECTION_TO_DEVICE);
> +}
> +
> +static inline int dma_memory_write_relaxed(DMAContext *dma, dma_addr_t addr,
> +                                           const void *buf, dma_addr_t len)
> +{
> +    return dma_memory_rw_relaxed(dma, addr, (void *)buf, len,
> +                                 DMA_DIRECTION_FROM_DEVICE);
> +}
> +
> +static inline int dma_memory_rw(DMAContext *dma, dma_addr_t addr,
> +                                void *buf, dma_addr_t len,
> +                                DMADirection dir)
> +{
> +    dma_barrier(dma, dir);
> +
> +    return dma_memory_rw_relaxed(dma, addr, buf, len, dir);
> +}
> +
>  static inline int dma_memory_read(DMAContext *dma, dma_addr_t addr,
>                                   void *buf, dma_addr_t len)
>  {
> --
> 1.7.9.5
>
>

Re: [Qemu-devel] [PATCH 2/2] Creating qemu-seccomp.[ch] and adding call to vl.c

2012-06-23 Thread Blue Swirl 
On Thu, Jun 21, 2012 at 10:10 PM, Eduardo Otubo
 wrote:
> I added a syscall struct using priority levels as described in the
> libseccomp man page. The priority numbers are based to the frequency
> they appear in a sample strace from a regular qemu guest run under
> libvirt.
>
> Libseccomp generates linear BPF code to filter system calls, those rules
> are read one after another. The priority system places the most common
> rules first in order to reduce the overhead when processing them.
>
> v2:
>  * Fixed some style issues
>  * Removed code from vl.c and created qemu-seccomp.[ch]
>  * Now using ARRAY_SIZE macro
>  * Added more syscalls without priority/frequency set yet
>
> v3:
>  * Adding copyright and license information
>  * Replacing seccomp_whitelist_count just by ARRAY_SIZE
>  * Adding header protection to qemu-seccomp.h
>  * Moving QemuSeccompSyscall definition to qemu-seccomp.c
>  * Negative return from seccomp_start is fatal now.
>  * Adding open() and execve() to the whitelis
>
> The whitelist is getting bigger and complete, maybe it's time to drop
> the RFC tag.
>
> Signed-off-by: Eduardo Otubo 
> ---
>  qemu-seccomp.c |   88 
> 
>  qemu-seccomp.h |   23 +++
>  vl.c           |   11 +++
>  3 files changed, 122 insertions(+)
>  create mode 100644 qemu-seccomp.c
>  create mode 100644 qemu-seccomp.h
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> new file mode 100644
> index 000..0442348
> --- /dev/null
> +++ b/qemu-seccomp.c
> @@ -0,0 +1,88 @@
> +/*
> + * QEMU seccomp mode 2 support with libseccomp
> + *
> + * Copyright IBM, Corp. 2012
> + *
> + * Authors:
> + *  Eduardo Otubo    
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the COPYING file in the top-level directory.
> + *
> + * Contributions after 2012-01-13 are licensed under the terms of the
> + * GNU GPL, version 2 or (at your option) any later version.

Can't you just license the files under GPLv2+ directly?

> + */
> +#include 
> +#include 
> +#include "qemu-seccomp.h"
> +
> +struct QemuSeccompSyscall {
> +    int32_t num;
> +    uint8_t priority;
> +};
> +
> +const static struct QemuSeccompSyscall seccomp_whitelist[] = {

Usually the order is 'static const'.

> +    { SCMP_SYS(timer_settime), 255 },
> +    { SCMP_SYS(timer_gettime), 254 },
> +    { SCMP_SYS(futex), 253 },
> +    { SCMP_SYS(select), 252 },
> +    { SCMP_SYS(recvfrom), 251 },
> +    { SCMP_SYS(sendto), 250 },
> +    { SCMP_SYS(read), 249 },
> +    { SCMP_SYS(brk), 248 },
> +    { SCMP_SYS(clone), 247 },
> +    { SCMP_SYS(mmap), 247 },
> +    { SCMP_SYS(mprotect), 246 },
> +    { SCMP_SYS(execve), 245 },
> +    { SCMP_SYS(open), 245 },
> +    { SCMP_SYS(ioctl), 245 },
> +    { SCMP_SYS(recvmsg), 245 },
> +    { SCMP_SYS(sendmsg), 245 },
> +    { SCMP_SYS(accept), 245 },
> +    { SCMP_SYS(connect), 245 },
> +    { SCMP_SYS(bind), 245 },
> +    { SCMP_SYS(listen), 245 },
> +    { SCMP_SYS(ioctl), 245 },
> +    { SCMP_SYS(eventfd), 245 },
> +    { SCMP_SYS(rt_sigprocmask), 245 },
> +    { SCMP_SYS(write), 244 },
> +    { SCMP_SYS(fcntl), 243 },
> +    { SCMP_SYS(tgkill), 242 },
> +    { SCMP_SYS(rt_sigaction), 242 },
> +    { SCMP_SYS(pipe2), 242 },
> +    { SCMP_SYS(munmap), 242 },
> +    { SCMP_SYS(mremap), 242 },
> +    { SCMP_SYS(getsockname), 242 },
> +    { SCMP_SYS(getpeername), 242 },
> +    { SCMP_SYS(fdatasync), 242 },
> +    { SCMP_SYS(close), 242 }
> +};
> +
> +int seccomp_start(void)
> +{
> +    int rc = 0;
> +    unsigned int i = 0;
> +
> +    rc = seccomp_init(SCMP_ACT_KILL);
> +    if (rc < 0) {
> +        goto seccomp_return;
> +    }
> +
> +    for (i = 0; i < ARRAY_SIZE(seccomp_whitelist); i++) {
> +        rc = seccomp_rule_add(SCMP_ACT_ALLOW, seccomp_whitelist[i].num, 0);
> +        if (rc < 0) {
> +            goto seccomp_return;
> +        }
> +        rc = seccomp_syscall_priority(seccomp_whitelist[i].num,
> +                                      seccomp_whitelist[i].priority);
> +        if (rc < 0) {
> +            goto seccomp_return;
> +        }
> +    }
> +
> +    rc = seccomp_load();
> +
> +  seccomp_return:
> +    seccomp_release();
> +    return rc;
> +}
> diff --git a/qemu-seccomp.h b/qemu-seccomp.h
> new file mode 100644
> index 000..3253786
> --- /dev/null
> +++ b/qemu-seccomp.h
> @@ -0,0 +1,23 @@
> +/*
> + * QEMU seccomp mode 2 support with libseccomp
> + *
> + * Copyright IBM, Corp. 2012
> + *
> + * Authors:
> + *  Eduardo Otubo    
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the COPYING file in the top-level directory.
> + *
> + * Contributions after 2012-01-13 are licensed under the terms of the
> + * GNU GPL, version 2 or (at your option) any later version.
> + */
> +#ifndef CONFIG_LIBSECCOMP
> +#define CONFIG_LIBSECCOMP
> +
> +#include 
> +#include "osdep.h"
> +
> +int seccomp_start(void);
> +
> +#endif
> diff --git a/vl.c b/vl.c
> index 1329c30..83526f1 100644
> ---

Re: [Qemu-devel] How to measure guest memory access (qemu_ld/qemu_st) time?

2012-06-23 Thread Blue Swirl 
On Fri, Jun 22, 2012 at 9:58 AM, Xin Tong  wrote:
> It is a pity that QEMU does not outline the TLB lookup code. I do not
> know how much impact the inlined TLB code has due to icache misses...

With a test case the impact could be measured. Maybe it could be just
a program performing loads in a loop, executing under a user emulator.

> Another benefit one gets from outlined TLB code is that it is much
> easier to gather the amount of time spent in the TLB. one can just
> profile QEMU and count up how many ticks happened in the outlined TLB
> translation code.

There's also a possible benefit that the code generation buffer does
not fill as fast.

> In fact, i do not think outlining QEMU inlined TLB lookup is too hard
> to implement. one can still keep most of the original inlined TLB code
> and use call/ret to get a TLB translation. of course, one needs to
> come up with a new linkage.

If it can be shown with a test case and statistics that outlining does
not make things worse, we can switch.

>
> Xin
>
>
> On Wed, Jun 20, 2012 at 3:57 AM, 陳韋任 (Wei-Ren Chen)
>  wrote:
>>  CC'ed to the mailing list.
>>
>> --
>> Wei-Ren Chen (陳韋任)
>> Computer Systems Lab, Institute of Information Science,
>> Academia Sinica, Taiwan (R.O.C.)
>> Tel:886-2-2788-3799 #1667
>> Homepage: http://people.cs.nctu.edu.tw/~chenwj
>>
>>
>> -- Forwarded message --
>> From: Orit Wasserman 
>> To: "\"陳韋任 (Wei-Ren Chen)\"" 
>> Cc:
>> Date: Tue, 19 Jun 2012 12:01:08 +0300
>> Subject: Re: [Qemu-devel] How to measure guest memory access 
>> (qemu_ld/qemu_st) time?
>> On 06/19/2012 11:49 AM, 陳韋任 (Wei-Ren Chen) wrote:
>>>   Mind me CC this to ML? :)
>> sure I will read the threads to understand more.
>>
>> Orit
>>>
 Well it was a while back (2008-9) ,the company was acquired by IBM a year 
 later :
 http://www.linux-kvm.org/wiki/images/9/98/KvmForum2008%24kdf2008_2.pdf
 I think stefan Hanjoczi worked there ...
 The company used the technology for cross platform guest support but claim 
 to get speedup too
 (for ppc) don't think the speedup was related to mmu but more to the 
 instruction stream.
 I hope this is helpful.
>>>
>>>   Thanks.
>>>
 Do you have performance result for the cost of the address translation ?
 If I understand you are concentrating on ARM ?
>>>
>>>   The whole discussion thread is on [1], and you can get some feel about
>>> the cost of address translation here [2]. Yes, ARM is our target right now,
>>> but I think we are not limit to it.
>>>
>>> Regards,
>>> chenwj
>>>
>>> [1] http://www.mail-archive.com/qemu-devel@nongnu.org/msg116159.html
>>> [2] http://www.mail-archive.com/qemu-devel@nongnu.org/msg116404.html
>>>
>>
>

Re: [Qemu-devel] [PATCH v6 5/6] fdc_test: update media_change test

2012-06-23 Thread Blue Swirl 
On Fri, Jun 22, 2012 at 10:33 AM, Pavel Hrdina  wrote:
> After rewrite DSKCHG bit handling the test has to be updated. Now
> is needed to seek to different track to clear DSKCHG bit.
>
> Signed-off-by: Pavel Hrdina 
> ---
>  tests/fdc-test.c |   29 +
>  1 files changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/tests/fdc-test.c b/tests/fdc-test.c
> index 610e2f1..5280eff 100644
> --- a/tests/fdc-test.c
> +++ b/tests/fdc-test.c
> @@ -156,19 +156,20 @@ static uint8_t send_read_command(void)
>     return ret;
>  }
>
> -static void send_step_pulse(void)
> +static void send_step_pulse(bool chg_cyl)
>  {
>     int drive = 0;
>     int head = 0;
> -    static int cyl = 0;
> +    int cyl = 0;
> +
> +    if (chg_cyl)
> +        cyl = (cyl + 1) % 4;

Missing braces, please use checkpatch.pl to avoid these issues.

% 4 could be turned into & 3, maybe with a separate patch.

>
>     floppy_send(CMD_SEEK);
>     floppy_send(head << 2 | drive);
>     g_assert(!get_irq(FLOPPY_IRQ));
>     floppy_send(cyl);
>     ack_irq();
> -
> -    cyl = (cyl + 1) % 4;
>  }
>
>  static uint8_t cmos_read(uint8_t reg)
> @@ -195,8 +196,7 @@ static void test_no_media_on_start(void)
>     assert_bit_set(dir, DSKCHG);
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_set(dir, DSKCHG);
> -    send_step_pulse();
> -    send_step_pulse();
> +    send_step_pulse(1);
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_set(dir, DSKCHG);
>     dir = inb(FLOPPY_BASE + reg_dir);
> @@ -227,7 +227,14 @@ static void test_media_change(void)
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_set(dir, DSKCHG);
>
> -    send_step_pulse();
> +    send_step_pulse(0);
> +    dir = inb(FLOPPY_BASE + reg_dir);
> +    assert_bit_set(dir, DSKCHG);
> +    dir = inb(FLOPPY_BASE + reg_dir);
> +    assert_bit_set(dir, DSKCHG);
> +
> +    /* Step to next track should clear DSKCHG bit. */
> +    send_step_pulse(1);
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_clear(dir, DSKCHG);
>     dir = inb(FLOPPY_BASE + reg_dir);
> @@ -243,7 +250,13 @@ static void test_media_change(void)
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_set(dir, DSKCHG);
>
> -    send_step_pulse();
> +    send_step_pulse(0);
> +    dir = inb(FLOPPY_BASE + reg_dir);
> +    assert_bit_set(dir, DSKCHG);
> +    dir = inb(FLOPPY_BASE + reg_dir);
> +    assert_bit_set(dir, DSKCHG);
> +
> +    send_step_pulse(1);
>     dir = inb(FLOPPY_BASE + reg_dir);
>     assert_bit_set(dir, DSKCHG);
>     dir = inb(FLOPPY_BASE + reg_dir);
> --
> 1.7.7.6
>
>

Re: [Qemu-devel] [RFC] migration next tree

2012-06-23 Thread Orit Wasserman 
On 06/22/2012 11:43 PM, Vinod Chegu wrote:
> 
> 
> On Fri, Jun 22, 2012 at 6:59 AM, Juan Quintela  > wrote:
> 
> 
> Hi
> 
> As discussed on this week kvm call, here are the migration tree with
> XBRLE + huge memory fixes integrated.  There were a bug on huge memory
> (corrected on the v3 version just sent) and another on XZBRLE patches.
> Orit is going to resend patches addressing comments, but here the fix is
> integrated already.
> 
> How to test?
> 
> Compile qemu with trace support:
> 
> ./configure --enable-trace-backend=simple
> 
> Create an event file:
> 
> $ cat /tmp/events
> savevm_section_start
> savevm_section_end
> $
> 
> Now launch qemu with normal command line:
> 
> qemu . --trace events=/tmp/events
> 
> And when execution finish, you can use a script like the following to
> see the stalls that happen:
> 
> $ cat ~/counter_simpletrace
> $1 ~ /savevm_section_end/ {
>/* Print savevm_section_stop line when >100 ms duration */
>if ($2 > 5) {
>printf("%s times_missing=%u\n", $0, times_missing++);
>}
> }
> $
> 
> And now you can analize:
> 
> ./scripts/simpletrace.py ./trace-events trace-32554 | awk -f 
> ~/counter_simpletrace
> 
> (adjust paths as required)
> 
> Notice that this are stalls on the iothread.  vcpus stalls can still be
> bigger.  The number that is tested here is 50ms, so I get cases that are
> a bit bigger (between 60-100ms with one 8GB guest that is dirtying 512MB
> in a loop.
> 
> If you get stalls, or drop connections, please let me know the load.
> 
> Thanks, Juan.
> 
> 
> The following changes since commit 
> 47ecbdf07ed2c37bdfd2d77137d01bb319ce13da:
> 
>  libcacard: build fixes (2012-06-21 20:04:24 +)
> 
> are available in the git repository at:
> 
>  http://repo.or.cz/r/qemu/quintela.git migration-next
> 
> for you to fetch changes up to 0844b46b5d7d8d6fa01134d170b3c48b7f32eab7:
> 
>  Add XBZRLE statistics (2012-06-22 15:24:15 +0200)
> 
> 
> Currently this XBZRLE related stats are only available during the active 
> migration but not
> after the completion. Can we get this information even after the completion 
> of the XBZRLE migration (via info migrate) ? It would help to keep track of 
> the final list of cache misses/hits etc.
> 
Sure , I will add it in the next patch set.

> To the generic migration statistics that gets displayed via "info migrate" 
> can you pl. consider adding the duration of Stage3 (i.e. "Downtime") as 
> measured on the source host (yes there is probably some time spent in the 
> resuming of the guest on the destination host...).  
> 
> Ideally this "Downtime" should be the pretty close to the pre-defined 
> downtime (i.e. default value(30ms?) or whatever the user set it to via 
> migrate_set_downtime command). But it looks like on larger guests that is not 
> the case...
> 
> Still reviewing the code and testing it out...
> 
> Thanks
> Vinod
> 
>  
> 
> 
> 
> Isaku Yamahata (1):
>  Add MigrationParams structure
> 
> Juan Quintela (8):
>  Add spent time for migration
>  Add tracepoints for savevm section start/end
>  No need to iterate if we already are over the limit
>  Only TCG needs TLB handling
>  Only calculate expected_time for stage 2
>  Exit loop if we have been there too long
>  dirty bitmap: abstract its use
>  Maintain the number of dirty pages
> 
> Orit Wasserman (13):
>  Add missing check for host_from_stream_offset return value for 
> RAM_SAVE_FLAG_PAGE
>  Add migration capabilites
>  Add XBZRLE documentation
>  Add cache handling functions
>  Add uleb encoding/decoding functions
>  Add save_block_hdr function
>  Add debugging infrastructure
>  Change ram_save_block to return -1 if there are no more changes
>  Add migration_end function
>  Add xbzrle_encode_buffer and xbzrle_decode_buffer functions
>  Add XBZRLE to ram_save_block and ram_save_live
>  Add set_cachesize command
>  Add XBZRLE statistics
> 
>  Makefile.objs|1 +
>  arch_init.c  |  378 
> --
>  block-migration.c|8 +-
>  cache.c  |  219 +
>  cpu-all.h|1 +
>  cutils.c |   29 
>  docs/xbzrle.txt  |  115 +++
>  exec-obsolete.h  |   50 ---
>  exec.c   |   34 +++--
>  hmp-commands.hx  |   34 +
>  hmp.c|   90 
>  hmp.h|3 +
>  include/qemu/cache.h |   81 +++
>  migration.c  |  131 ++