Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support

[Amit Shah]

On (Fri) 26 Oct 2012 [09:43:34], Anthony Liguori wrote:
> Hi,
> 
> This series implements the backend and frontend infrastructure for virtio-rng.
> This is similar to previous series sent out by both Amit and myself although 
> it
> has been trimmed down considerably.
> 
> In terms of backends, a file and EGD backend are supported.  The file defaults
> to /dev/random based on the feedback from Peter.  It's still possible to 
> support
> /dev/urandom though as an entropy source by overriding the file name.
> 
> I think this series is ready to merge.

I have a small diff to this series that I had merged in mine.  Please
apply to your tree as well.

(Gets rid of savevm/loadvm complexities by using the new
virtqueue_get_avail_bytes(), fixes typos/whitespace in rng.h)

diff --git b/hw/virtio-rng.c a/hw/virtio-rng.c
index b7fb5e9..290b2b6 100644
--- b/hw/virtio-rng.c
+++ a/hw/virtio-rng.c
@@ -22,14 +22,9 @@ typedef struct VirtIORNG {
 
 /* Only one vq - guest puts buffer(s) on it when it needs entropy */
 VirtQueue *vq;
-VirtQueueElement elem;
 
-/* Config data for the device -- currently only chardev */
 VirtIORNGConf *conf;
 
-/* Whether we've popped a vq element into 'elem' above */
-bool popped;
-
 RngBackend *rng;
 } VirtIORNG;
 
@@ -42,23 +37,19 @@ static bool is_guest_ready(VirtIORNG *vrng)
 return false;
 }
 
-static size_t pop_an_elem(VirtIORNG *vrng)
+static size_t get_request_size(VirtQueue *vq)
 {
-size_t size;
+unsigned int in, out;
 
-if (!vrng->popped && !virtqueue_pop(vrng->vq, &vrng->elem)) {
-return 0;
-}
-vrng->popped = true;
-
-size = iov_size(vrng->elem.in_sg, vrng->elem.in_num);
-return size;
+virtqueue_get_avail_bytes(vq, &in, &out);
+return in;
 }
 
 /* Send data from a char device over to the guest */
 static void chr_read(void *opaque, const void *buf, size_t size)
 {
 VirtIORNG *vrng = opaque;
+VirtQueueElement elem;
 size_t len;
 int offset;
 
@@ -68,27 +59,16 @@ static void chr_read(void *opaque, const void *buf, size_t 
size)
 
 offset = 0;
 while (offset < size) {
-if (!pop_an_elem(vrng)) {
+if (!virtqueue_pop(vrng->vq, &elem)) {
 break;
 }
-len = iov_from_buf(vrng->elem.in_sg, vrng->elem.in_num,
+len = iov_from_buf(elem.in_sg, elem.in_num,
0, buf + offset, size - offset);
 offset += len;
 
-virtqueue_push(vrng->vq, &vrng->elem, len);
-vrng->popped = false;
+virtqueue_push(vrng->vq, &elem, len);
 }
 virtio_notify(&vrng->vdev, vrng->vq);
-
-/*
- * Lastly, if we had multiple elems queued by the guest, and we
- * didn't have enough data to fill them all, indicate we want more
- * data.
- */
-len = pop_an_elem(vrng);
-if (len) {
-rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
-}
 }
 
 static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
@@ -96,7 +76,7 @@ static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
 VirtIORNG *vrng = DO_UPCAST(VirtIORNG, vdev, vdev);
 size_t size;
 
-size = pop_an_elem(vrng);
+size = get_request_size(vq);
 if (size) {
 rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
 }
@@ -112,23 +92,6 @@ static void virtio_rng_save(QEMUFile *f, void *opaque)
 VirtIORNG *vrng = opaque;
 
 virtio_save(&vrng->vdev, f);
-
-qemu_put_byte(f, vrng->popped);
-if (vrng->popped) {
-int i;
-
-qemu_put_be32(f, vrng->elem.index);
-
-qemu_put_be32(f, vrng->elem.in_num);
-for (i = 0; i < vrng->elem.in_num; i++) {
-qemu_put_be64(f, vrng->elem.in_addr[i]);
-}
-
-qemu_put_be32(f, vrng->elem.out_num);
-for (i = 0; i < vrng->elem.out_num; i++) {
-qemu_put_be64(f, vrng->elem.out_addr[i]);
-}
-}
 }
 
 static int virtio_rng_load(QEMUFile *f, void *opaque, int version_id)
@@ -139,30 +102,6 @@ static int virtio_rng_load(QEMUFile *f, void *opaque, int 
version_id)
 return -EINVAL;
 }
 virtio_load(&vrng->vdev, f);
-
-vrng->popped = qemu_get_byte(f);
-if (vrng->popped) {
-int i;
-
-vrng->elem.index = qemu_get_be32(f);
-
-vrng->elem.in_num = qemu_get_be32(f);
-g_assert(vrng->elem.in_num < VIRTQUEUE_MAX_SIZE);
-for (i = 0; i < vrng->elem.in_num; i++) {
-vrng->elem.in_addr[i] = qemu_get_be64(f);
-}
-
-vrng->elem.out_num = qemu_get_be32(f);
-g_assert(vrng->elem.out_num < VIRTQUEUE_MAX_SIZE);
-for (i = 0; i < vrng->elem.out_num; i++) {
-vrng->elem.out_addr[i] = qemu_get_be64(f);
-}
-
-virtqueue_map_sg(vrng->elem.in_sg, vrng->elem.in_addr,
- vrng->elem.in_num, 1);
-virtqueue_map_sg(vrng->elem.out_sg, vrng->elem.out_addr,
- vrng->elem.out_num, 0);
-}
 return 0;
 }
 
@@ -195,7 

[Qemu-devel] [PATCH] tests/tcg: fix unused result warnings

[Catalin Patulea]

With i386-linux-user target on x86_64 host, this does not introduce any new test
failures.

Signed-off-by: Catalin Patulea 
---
 tests/tcg/test-mmap.c  |   15 +++
 tests/tcg/testthread.c |   11 +--
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/tests/tcg/test-mmap.c b/tests/tcg/test-mmap.c
index c418b67..d6d8288 100644
--- a/tests/tcg/test-mmap.c
+++ b/tests/tcg/test-mmap.c
@@ -22,6 +22,7 @@
  * along with this program; if not, see .
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -429,6 +430,12 @@ void check_file_fixed_mmaps(void)
fprintf (stderr, " passed\n");
 }
 
+void checked_write(int fd, const void *buf, size_t count)
+{
+   ssize_t rc = write (fd, buf, count);
+   fail_unless(rc == count);
+}
+
 int main(int argc, char **argv)
 {
char tempname[] = "/tmp/.cmmapXX";
@@ -451,12 +458,12 @@ int main(int argc, char **argv)
 
/* Fill the file with int's counting from zero and up.  */
for (i = 0; i < (pagesize * 4) / sizeof i; i++)
-   write (test_fd, &i, sizeof i);
+   checked_write (test_fd, &i, sizeof i);
/* Append a few extra writes to make the file end at non 
   page boundary.  */
-   write (test_fd, &i, sizeof i); i++;
-   write (test_fd, &i, sizeof i); i++;
-   write (test_fd, &i, sizeof i); i++;
+   checked_write (test_fd, &i, sizeof i); i++;
+   checked_write (test_fd, &i, sizeof i); i++;
+   checked_write (test_fd, &i, sizeof i); i++;
 
test_fsize = lseek(test_fd, 0, SEEK_CUR);
 
diff --git a/tests/tcg/testthread.c b/tests/tcg/testthread.c
index 27e4825..2679af1 100644
--- a/tests/tcg/testthread.c
+++ b/tests/tcg/testthread.c
@@ -1,3 +1,4 @@
+#include 
 #include 
 #include 
 #include 
@@ -8,6 +9,12 @@
 #include 
 #include 
 
+void checked_write(int fd, const void *buf, size_t count)
+{
+ssize_t rc = write(fd, buf, count);
+assert(rc == count);
+}
+
 void *thread1_func(void *arg)
 {
 int i;
@@ -15,7 +22,7 @@ void *thread1_func(void *arg)
 
 for(i=0;i<10;i++) {
 snprintf(buf, sizeof(buf), "thread1: %d %s\n", i, (char *)arg);
-write(1, buf, strlen(buf));
+checked_write(1, buf, strlen(buf));
 usleep(100 * 1000);
 }
 return NULL;
@@ -27,7 +34,7 @@ void *thread2_func(void *arg)
 char buf[512];
 for(i=0;i<20;i++) {
 snprintf(buf, sizeof(buf), "thread2: %d %s\n", i, (char *)arg);
-write(1, buf, strlen(buf));
+checked_write(1, buf, strlen(buf));
 usleep(150 * 1000);
 }
 return NULL;
-- 
1.7.7.3

Re: [Qemu-devel] [PATCH v2 3/5] Qemu: do not mark bios readonly

[Xiao Guangrong]

Jan,

On 10/26/2012 06:35 PM, Jan Kiszka wrote:

> This has two problems: We know it breaks at least Win 95 that overwrites
> its F-segment during boot. And it applies changes to the shadowed area
> (below 1 MB) also to the ROM area - I don't think that is the original
> behaviour on real hardware.

So what is the problem? It can break Win95's running?

I tried to install win95 guest but it failed to boot regardless my patchset
was applied or not. I found the information that win 95 is not supported at
http://www.linux-kvm.org/page/Guest_Support_Status

Note: before my patchset, Win 95 still can happily something into ROM area
because readonly memory is actually writable on KVM. And win95 can not run
on isapc with --no-kvm since it is no way to enable shadow ROM.

> 
> What we need is paravirtual shadow write control for the ISA PC. It's on
> my todo list, maybe I will be able to look into this during the next week.
> 

You idea is that modify the code of seabios and use a special way (PV) to
notify Qemu to make the bios writable?

Actually, I am confused why the guest (including bios) persistently uses
shadow ROM even if it is not supported (on ISA PC), i think the right way
is move itself to RAM under this case, no?

> BTW, your patch series should allow to drop the KVM special case from
> pc_system_firmware_init. That version, btw, treats high and low BIOS
> areas separately - but only reloads the upper area. Hmm...
> 

You mean that also allow Qemu to use pflash to load bios if kvm is enabled?
We can not do that for pflash is a RD device which can not be directly written,
kvm can not emulate the instruction which implicitly write the memory. (e.g:
using this area as stack).

Thanks!

Re: [Qemu-devel] q35: usb keyboard trouble

[Gerd Hoffmann]

  Hi,

> +for (i = 0; i < 3; i++) {
> +usb = pci_create_multifunction(
> +host_bus, PCI_DEVFN(ICH9_USB_DEV, ICH9_USB_UHCI1_FUNC + i),
> +true, "ich9-usb-uhci1");

ich9-usb-uhci1,ich9-usb-uhci2,ich9-usb-uhci3

cheers,
  Gerd

Re: [Qemu-devel] [patch v5 5/8] memory: introduce local lock for address space

[Peter Maydell]

On 28 October 2012 23:48, Liu Ping Fan  wrote:
> For those address spaces which want to be able out of big lock, they
> will be protected by their own local.

Are you sure this patch compiles? It seems to only be changing
the prototype and implementation of address_space_init() to take
an extra parameter, but not any of the callers...

-- PMM

Re: [Qemu-devel] [PATCH v2 05/11] usb/ehci: seperate out PCIisms

[Gerd Hoffmann]

  Hi,

> There still has to be a way to share the Property[] array (currently
> contains maxframes). Duplicating the properties array to all
> definitions is verbose and fragile. If I want to add a new properties
> to EHCI i need to put it in the props array of every subclass. serial
> has this problem, with the "chardev" prop appearing in both isa and
> pci variants (and the device variant out of tree that Anthony has). If
> we decide to add a new prop to serial we have to DEFINE_PROP_FOO it 3
> times.

> Whats the real answer here? Can we get the shared init function to add
> to properties explicify? Blow away the dc->properties = foo and
> replace with code that parses to prop array?

Existing practice is to use a #define for that, see
DEFINE_NIC_PROPERTIES in net.h for example.

Maybe QOM allows us to do something more elegant here.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v2 11/11] usb/ehci: Put RAM in undefined MMIO regions

[Gerd Hoffmann]

On 10/27/12 02:42, Peter Crosthwaite wrote:

>> Any chance the access you are seeing is at offset 0x68?
> 
> 0x1a8. which for the opregbase + 0x068 for zynq so probably what you
> are thinking about.

Does the attached patch help?

cheers,
  Gerd

>From 6a131b1476640c07317a6f44b5bb54ec53974414 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann 
Date: Mon, 29 Oct 2012 08:32:47 +0100
Subject: [PATCH] ehci: set extended capability pointer on pci only

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index a07beff..a35cbf2 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -2792,7 +2792,6 @@ static void usb_ehci_initfn(EHCIState *s, DeviceState 
*dev, EHCIInfo *ei)
 s->caps[0x06] = 0x00;
 s->caps[0x07] = 0x00;
 s->caps[0x08] = 0x80;/* We can cache whole frame, no 64-bit */
-s->caps[0x09] = 0x68;/* EECP */
 s->caps[0x0a] = 0x00;
 s->caps[0x0b] = 0x00;
 
@@ -2880,6 +2879,8 @@ static int usb_ehci_pci_initfn(PCIDevice *dev)
 s->irq = dev->irq[3];
 s->dma = pci_dma_context(dev);
 
+s->caps[0x09] = 0x68;/* EECP */
+
 usb_ehci_initfn(s, DEVICE(dev), &c->ehci);
 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mem);
 
-- 
1.7.1

Re: [Qemu-devel] [PATCH v2 3/5] Qemu: do not mark bios readonly

[Jan Kiszka]

On 2012-10-29 08:09, Xiao Guangrong wrote:
> Jan,
> 
> On 10/26/2012 06:35 PM, Jan Kiszka wrote:
> 
>> This has two problems: We know it breaks at least Win 95 that overwrites
>> its F-segment during boot. And it applies changes to the shadowed area
>> (below 1 MB) also to the ROM area - I don't think that is the original
>> behaviour on real hardware.
> 
> So what is the problem? It can break Win95's running?
> 
> I tried to install win95 guest but it failed to boot regardless my patchset
> was applied or not. I found the information that win 95 is not supported at
> http://www.linux-kvm.org/page/Guest_Support_Status
> 
> Note: before my patchset, Win 95 still can happily something into ROM area
> because readonly memory is actually writable on KVM. And win95 can not run
> on isapc with --no-kvm since it is no way to enable shadow ROM.

Your patches causes regressions on TCG mode as that is perfectly fine
with booting Win95 so far.

> 
>>
>> What we need is paravirtual shadow write control for the ISA PC. It's on
>> my todo list, maybe I will be able to look into this during the next week.
>>
> 
> You idea is that modify the code of seabios and use a special way (PV) to
> notify Qemu to make the bios writable?

Yes.

> 
> Actually, I am confused why the guest (including bios) persistently uses
> shadow ROM even if it is not supported (on ISA PC), i think the right way
> is move itself to RAM under this case, no?

I've been told that Seabios has been built around that assumption and
the PV shadow control would be simpler to realize.

> 
>> BTW, your patch series should allow to drop the KVM special case from
>> pc_system_firmware_init. That version, btw, treats high and low BIOS
>> areas separately - but only reloads the upper area. Hmm...
>>
> 
> You mean that also allow Qemu to use pflash to load bios if kvm is enabled?

Yes.

> We can not do that for pflash is a RD device which can not be directly 
> written,
> kvm can not emulate the instruction which implicitly write the memory. (e.g:
> using this area as stack).

Isn't enabling ROMD support for KVM that whole point of your patches? I
do not see yet what prevents this still, but it should be fixed first.

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] tests/tcg: new test for i386 FPREM and FPREM1

[Catalin Patulea]

This is setting the stage for a cleanup of FPREM and FPREM1 helpers while being
sure that they behave same as bare metal.

The test constructs operands using combinations of corner cases for the
floating-point bitfields and prints operands, result and FPU status word for
FPREM and FPREM1. The outputs can then be compared between bare metal and QEMU.
The 'run-test-i386-fprem' make target does just that.

Signed-off-by: Catalin Patulea 
---
Here is a refresh of the patch originally sent in back in July:
https://lists.gnu.org/archive/html/qemu-devel/2012-07/msg02054.html

At the time, there was some concern about use of bitfields. QEMU_PACKED
counteracts any -mms-bitfields passed to gcc. Are there still any concerns over
this?

Patch should apply on git master.

 tests/tcg/Makefile  |9 +
 tests/tcg/test-i386-fprem.c |  353 +++
 2 files changed, 362 insertions(+), 0 deletions(-)
 create mode 100644 tests/tcg/test-i386-fprem.c

diff --git a/tests/tcg/Makefile b/tests/tcg/Makefile
index 80b1a4b..24e3154 100644
--- a/tests/tcg/Makefile
+++ b/tests/tcg/Makefile
@@ -22,6 +22,7 @@ I386_TESTS=hello-i386 \
   testthread \
   sha1-i386 \
   test-i386 \
+  test-i386-fprem \
   test-mmap \
   # runcom
 
@@ -55,6 +56,11 @@ run-test-i386: test-i386
-$(QEMU) test-i386 > test-i386.out
@if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK"; fi
 
+run-test-i386-fprem: test-i386-fprem
+   ./test-i386-fprem > test-i386-fprem.ref
+   -$(QEMU) test-i386-fprem > test-i386-fprem.out
+   @if diff -u test-i386-fprem.ref test-i386-fprem.out ; then echo "Auto 
Test OK"; fi
+
 run-test-x86_64: test-x86_64
./test-x86_64 > test-x86_64.ref
-$(QEMU_X86_64) test-x86_64 > test-x86_64.out
@@ -93,6 +99,9 @@ test-i386: test-i386.c test-i386-code16.S test-i386-vm86.S \
$(CC_I386) $(QEMU_INCLUDES) $(CFLAGS) $(LDFLAGS) -o $@ \
   $(http://www.gnu.org/licenses/>.
+ */
+#include "compiler.h"
+#include "osdep.h"
+#include 
+#include 
+
+/*
+ * Inspired by 's union ieee854_long_double, but with single
+ * long long mantissa fields and assuming little-endianness for simplicity.
+ */
+union float80u {
+long double d;
+
+/* This is the IEEE 854 double-extended-precision format.  */
+struct {
+unsigned long long mantissa:63;
+unsigned int one:1;
+unsigned int exponent:15;
+unsigned int negative:1;
+unsigned int empty:16;
+} QEMU_PACKED ieee;
+
+/* This is for NaNs in the IEEE 854 double-extended-precision format.  */
+struct {
+unsigned long long mantissa:62;
+unsigned int quiet_nan:1;
+unsigned int one:1;
+unsigned int exponent:15;
+unsigned int negative:1;
+unsigned int empty:16;
+} QEMU_PACKED ieee_nan;
+};
+
+#define IEEE854_LONG_DOUBLE_BIAS 0x3fff
+
+static const union float80u q_nan = {
+.ieee_nan.negative = 0,  /* X */
+.ieee_nan.exponent = 0x7fff,
+.ieee_nan.one = 1,
+.ieee_nan.quiet_nan = 1,
+.ieee_nan.mantissa = 0,
+};
+
+static const union float80u s_nan = {
+.ieee_nan.negative = 0,  /* X */
+.ieee_nan.exponent = 0x7fff,
+.ieee_nan.one = 1,
+.ieee_nan.quiet_nan = 0,
+.ieee_nan.mantissa = 1,  /* nonzero */
+};
+
+static const union float80u pos_inf = {
+.ieee.negative = 0,
+.ieee.exponent = 0x7fff,
+.ieee.one = 1,
+.ieee.mantissa = 0,
+};
+
+static const union float80u pseudo_pos_inf = {  /* "unsupported" */
+.ieee.negative = 0,
+.ieee.exponent = 0x7fff,
+.ieee.one = 0,
+.ieee.mantissa = 0,
+};
+
+static const union float80u pos_denorm = {
+.ieee.negative = 0,
+.ieee.exponent = 0,
+.ieee.one = 0,
+.ieee.mantissa = 1,
+};
+
+static const union float80u smallest_positive_norm = {
+.ieee.negative = 0,
+.ieee.exponent = 1,
+.ieee.one = 1,
+.ieee.mantissa = 0,
+};
+
+static void fninit()
+{
+asm volatile ("fninit\n");
+}
+
+static long double fprem(long double a, long double b, uint16_t *sw)
+{
+long double result;
+asm volatile ("fprem\n"
+  "fnstsw %1\n"
+  : "=t" (result), "=m" (*sw)
+  : "0" (a), "u" (b)
+  : "st(1)");
+return result;
+}
+
+static long double fprem1(long double a, long double b, uint16_t *sw)
+{
+long double result;
+asm volatile ("fprem1\n"
+  "fnstsw %1\n"
+  : "=t" (result), "=m" (*sw)
+  : "0" (a), "u" (b)
+  : "st(1)");
+return result;
+}
+
+#define FPUS_IE (1 << 0)
+#define FPUS_DE (1 << 1)
+#define FPUS_ZE (1 << 2)
+#define FPUS_OE (1 << 3)
+#define FPUS_UE (1 << 4)
+#define FPUS_PE (1 << 5)
+#define FPUS_SF (1 << 6)
+#define FPUS_SE (1 << 7)
+#define FPUS_C0 (1 << 8)
+#define FPUS_C1 (1 << 9)
+#define FPUS_C2 (1 << 10)
+#define FPUS_TOP 0x3800
+#define FPUS_C3 (1 << 14)
+#define FPU

Re: [Qemu-devel] [PATCH v3 0/8] Sysbus EHCI + Zynq USB.

[Gerd Hoffmann]

On 10/29/12 02:34, Peter Crosthwaite wrote:
> Added Sysbus variant of EHCI and attached it to Xilinx Zynq. The EHCI stuff 
> is going to useful for Tegra too.

Patch series added to usb patch queue.

thanks,
  Gerd

Re: [Qemu-devel] [patch v4 13/16] e1000: add busy flag to anti broken device state

[Peter Maydell]

On 29 October 2012 05:24, liu ping fan  wrote:
> Oh, ABBA problem can not be solved, I think we need clever deadlock detector.

If you cannot solve the problem then you must remain single threaded.

-- PMM

Re: [Qemu-devel] [memory] abort with head a8170e5

[Aurelien Jarno]

On Thu, Oct 25, 2012 at 06:12:06PM +0200, Avi Kivity wrote:
> On 10/25/2012 04:39 PM, Aurelien Jarno wrote:
> > On Thu, Oct 25, 2012 at 03:47:34PM +0200, Avi Kivity wrote:
> >> On 10/24/2012 04:00 PM, Aurelien Jarno wrote:
> >> > 
> >> > mips is also broken but by commit 
> >> > 1c380f9460522f32c8dd2577b2a53d518ec91c6d:
> >> > 
> >> > | [0.436000] PCI: Enabling device :00:0a.1 ( -> 0001)
> >> > | Segmentation fault (core dumped)
> >> > 
> >> 
> >> How do you reproduce it?
> > 
> > You can use the mips kernel version 2.6.32 from:
> >   http://people.debian.org/~aurel32/qemu/mips/
> > 
> > Then just run it with the following command:
> >   qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -append 
> > "console=tty0"
> > 
> > (You can also get the README command line if you don't care about
> > downloading the disk image).
> 
> Doesn't reproduce here with this command line (upstream + the bridge patch).
> 
> [0.568000] PCI: Enabling device :00:12.0 ( -> 0002)
> [0.572000] cirrusfb :00:12.0: Cirrus Logic chipset on PCI bus,
> RAM (4096 kB) at 0x1000
> 
> ...
> 
> [1.172000] PCI: Enabling device :00:0a.1 ( -> 0001)
> [1.188000] scsi0 : ata_piix
> 
> (with console=ttyS0)

Ok, looks like I didn't provide the right command line. I am only able
to reproduce it when using -nographic, and only with -vga cirrus (yes it
starts to be quite strange). In that case it's better to pass 
console=ttyS0, even if you can reproduce it with console=tty0.

In short it seems heavily related to the cirrus VGA card.

> What's lp - p when the segfault occurs?  What's *index?

lp - p = 0xa0
*index = 0x100a0

> | #3  0x7f4e10f3477f in phys_page_set (leaf=, nb=16,
> index=65696, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:458
> 
> We're setting 16 pages around address 269090816.  Should be totally
> straightforward.
> 
> If you make memory_region_transaction_begin()/_commit() no-ops, we can
> get a clearer stack trace.

I'll try to get that.

Thanks,
Aurelien

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH V4 06/10] create new function: qemu_opt_set_number

[Dong Xu Wang]

On Fri, Oct 26, 2012 at 5:02 PM, Stefan Hajnoczi  wrote:
> On Thu, Oct 25, 2012 at 08:57:24PM +0800, Dong Xu Wang wrote:
>> diff --git a/qemu-option.c b/qemu-option.c
>> index d7d5ea9..eeb2c9c 100644
>> --- a/qemu-option.c
>> +++ b/qemu-option.c
>> @@ -695,6 +695,30 @@ int qemu_opt_set_bool(QemuOpts *opts, const char *name, 
>> bool val)
>>  return 0;
>>  }
>>
>> +int qemu_opt_set_number(QemuOpts *opts, const char *name, int64_t val)
>> +{
>> +char buffer[1024];
>> +QemuOpt *opt;
>> +const QemuOptDesc *desc = opts->list->desc;
>> +
>> +snprintf(buffer, sizeof(buffer), "%" PRId64, val);
>
> g_strdup_printf() is a nice replacement for fixed-size buffer +
> snprintf() + g_strdup():
>
> http://developer.gnome.org/glib/2.28/glib-String-Utility-Functions.html#g-strdup-printf
>
Okay.

> Stefan
>

Re: [Qemu-devel] [PATCH] tests/tcg: new test for i386 FPREM and FPREM1

[Peter Maydell]

On 29 October 2012 07:45, Catalin Patulea  wrote:
> This is setting the stage for a cleanup of FPREM and FPREM1 helpers while 
> being
> sure that they behave same as bare metal.
>
> The test constructs operands using combinations of corner cases for the
> floating-point bitfields and prints operands, result and FPU status word for
> FPREM and FPREM1. The outputs can then be compared between bare metal and 
> QEMU.
> The 'run-test-i386-fprem' make target does just that.
>
> Signed-off-by: Catalin Patulea 
> ---
> Here is a refresh of the patch originally sent in back in July:
> https://lists.gnu.org/archive/html/qemu-devel/2012-07/msg02054.html
>
> At the time, there was some concern about use of bitfields. QEMU_PACKED
> counteracts any -mms-bitfields passed to gcc. Are there still any concerns 
> over
> this?

I'm not fantastically enthused about bitfields, but since this is a test
program and not part of QEMU proper I don't think rewriting to avoid
them is justified.

-- PMM

Re: [Qemu-devel] [Qemu-ppc] private handlers to reload images when virtual machine reset.

[Alexander Graf]

On 29.10.2012, at 06:21, Olivia Yin wrote:

> This is the first part of the patches which remove rom related functions in 
> loader.c The second part will optimize memory regions which use rom_ptr.
> 
> These patches are against the master branch of git://git.qemu.org/qemu.git.
> 
> The v2 patches had been updated to replace tar_target_phys_addr_t with hwaddr.

This mail is basically what should be mentioned in your cover letter (patch 
0/5). There's no need to send 2 mails for that :). Just fold them into a single 
email and call it 0/5 so everyone knows what the mail belongs to.


Alex

Re: [Qemu-devel] [PATCH] tests/tcg: new test for i386 FPREM and FPREM1

[Catalin Patulea]

On Mon, Oct 29, 2012 at 4:04 AM, Peter Maydell  wrote:
> I'm not fantastically enthused about bitfields, but since this is a test
> program and not part of QEMU proper I don't think rewriting to avoid
> them is justified.
I could maybe check some conditions (perhaps sizeof(union float80u) ==
sizeof(long double)?) to at least warn if the test turns out to be
inconclusive?

Maybe even construct some values from fields and check for equality
against a long double literal?

Re: [Qemu-devel] [PATCH v2 3/5] Qemu: do not mark bios readonly

[Xiao Guangrong]

On 10/29/2012 03:44 PM, Jan Kiszka wrote:
> On 2012-10-29 08:09, Xiao Guangrong wrote:
>> Jan,
>>
>> On 10/26/2012 06:35 PM, Jan Kiszka wrote:
>>
>>> This has two problems: We know it breaks at least Win 95 that overwrites
>>> its F-segment during boot. And it applies changes to the shadowed area
>>> (below 1 MB) also to the ROM area - I don't think that is the original
>>> behaviour on real hardware.
>>
>> So what is the problem? It can break Win95's running?
>>
>> I tried to install win95 guest but it failed to boot regardless my patchset
>> was applied or not. I found the information that win 95 is not supported at
>> http://www.linux-kvm.org/page/Guest_Support_Status
>>
>> Note: before my patchset, Win 95 still can happily something into ROM area
>> because readonly memory is actually writable on KVM. And win95 can not run
>> on isapc with --no-kvm since it is no way to enable shadow ROM.
> 
> Your patches causes regressions on TCG mode as that is perfectly fine
> with booting Win95 so far.

Aha, i tried accel=tcg, before my patchset, it works for -machine pc but
failed for -machine isapc (known issue for seabios). After my patchset,
it works fine for both -machine pc and isapc. :)

> 
>>
>>>
>>> What we need is paravirtual shadow write control for the ISA PC. It's on
>>> my todo list, maybe I will be able to look into this during the next week.
>>>
>>
>> You idea is that modify the code of seabios and use a special way (PV) to
>> notify Qemu to make the bios writable?
> 
> Yes.
> 
>>
>> Actually, I am confused why the guest (including bios) persistently uses
>> shadow ROM even if it is not supported (on ISA PC), i think the right way
>> is move itself to RAM under this case, no?
> 
> I've been told that Seabios has been built around that assumption and
> the PV shadow control would be simpler to realize.

Sounds the PV is complexer that directly making the bios area writable
(if it works).

> 
>>
>>> BTW, your patch series should allow to drop the KVM special case from
>>> pc_system_firmware_init. That version, btw, treats high and low BIOS
>>> areas separately - but only reloads the upper area. Hmm...
>>>
>>
>> You mean that also allow Qemu to use pflash to load bios if kvm is enabled?
> 
> Yes.
> 
>> We can not do that for pflash is a RD device which can not be directly 
>> written,
>> kvm can not emulate the instruction which implicitly write the memory. (e.g:
>> using this area as stack).
> 
> Isn't enabling ROMD support for KVM that whole point of your patches? I

It can generate MMIO exit if ROMD be written, that means the instruction
needs kvm's help to be finished if it explicitly/implicitly write the memory.

> do not see yet what prevents this still, but it should be fixed first.

For the explicitly write memory access, it is easy to be fixed - we just need
to fetch the instruction from EIP and emulate it. But for the implicitly memory
access, fixing its emulation is really hard work. Really worth doing it?

Re: [Qemu-devel] [PATCH v5 1/2] pl330: Initial version

[Peter Maydell]

On 29 October 2012 06:35, Peter Crosthwaite
 wrote:
> Device model for Primecell PL330 dma controller.

A general question -- this is a DMA controller so should it be using
the DMAContext APIs now? Avi?

> +static void pl330_queue_init(PL330Queue *s, int size, int channum)
> +{
> +s->queue = (PL330QueueEntry *)g_new0(PL330QueueEntry, size);
> +s->chan_num = channum;
> +s->lo_seqn = (uint8_t *)g_malloc0(channum);
> +s->hi_seqn = (uint8_t *)g_malloc0(channum);

You don't need to cast the return value from g_new0 or g_malloc0.

> +
> +default:
> +hw_error("pl330: bad read offset " TARGET_FMT_plx "\n", offset);

This hw_error() (and probably most of the others in this file)
should be replaced by qemu_log_mask() with either LOG_GUEST_ERROR
or LOG_UNIMP as appropriate.

> +s->manager.parent = s;
> +s->manager.tag = s->num_chnls;
> +s->manager.is_manager = 1;

This is a bool, so 'true'.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] tests/tcg: fix unused result warnings

[Peter Maydell]

On 29 October 2012 07:06, Catalin Patulea  wrote:
> With i386-linux-user target on x86_64 host, this does not introduce any new 
> test
> failures.
>
> Signed-off-by: Catalin Patulea 

Looks good, but checkpatch.pl complains about a bunch of style
issues -- can you fix them, please?

thanks
-- PMM

Re: [Qemu-devel] [patch v5 5/8] memory: introduce local lock for address space

[liu ping fan]

On Mon, Oct 29, 2012 at 3:42 PM, Peter Maydell  wrote:
> On 28 October 2012 23:48, Liu Ping Fan  wrote:
>> For those address spaces which want to be able out of big lock, they
>> will be protected by their own local.
>
> Are you sure this patch compiles? It seems to only be changing
> the prototype and implementation of address_space_init() to take
> an extra parameter, but not any of the callers...
>
The caller is in the next patch. Need to rearrange.

Thanks,
pingfan

> -- PMM
>

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH v2 1/5] define image_file_reset and image_blob_reset

[Alexander Graf]

Missing patch description

On 29.10.2012, at 06:21, Olivia Yin wrote:

> Signed-off-by: Olivia Yin 
> ---
> hw/loader.c |   39 +++
> hw/loader.h |   18 ++
> 2 files changed, 57 insertions(+), 0 deletions(-)
> 
> diff --git a/hw/loader.c b/hw/loader.c
> index ba01ca6..cadf58f 100644
> --- a/hw/loader.c
> +++ b/hw/loader.c
> @@ -86,6 +86,45 @@ int load_image(const char *filename, uint8_t *addr)
> return size;
> }
> 

A comment describing the purpose of this function would be useful here.

> +void image_file_reset(void *opaque)
> +{
> +ImageFile *image = opaque;
> +GError *err = NULL;
> +gboolean res;
> +gchar *content;
> +gsize size;
> +
> +if(image->dir) {
> +const char *basename;
> +char fw_file_name[56];
> +
> +basename = strrchr(image->name, '/');
> +if (basename) {
> +basename++;
> +} else {
> +basename = image->name;
> +}

Do we have a helper for this that works on win32? Or do we always assume unix 
path names?

> +snprintf(fw_file_name, sizeof(fw_file_name), "%s/%s", image->dir,
> + basename);
> +image->name = g_strdup(fw_file_name);

Would asprintf(&image->name, ...) simplify this code? Same question about win32 
compatibility again.

> +}
> +
> +res = g_file_get_contents(image->name, &content, &size, &err);
> +if (res == FALSE) {
> +   error_report("failed to read image file: %s\n", image->name);
> +   g_error_free(err);
> +} else {
> +   cpu_physical_memory_rw(image->addr, (uint8_t *)content, size, 1);
> +   g_free(content);
> +}
> +}
> +
> +void image_blob_reset(void *opaque)
> +{
> +ImageBlob *blob = opaque;
> +cpu_physical_memory_rw(blob->addr, blob->data, blob->size, 1);
> +}
> +
> /* read()-like version */
> ssize_t read_targphys(const char *name,
>   int fd, hwaddr dst_addr, size_t nbytes)
> diff --git a/hw/loader.h b/hw/loader.h
> index 26480ad..e8030e7 100644
> --- a/hw/loader.h
> +++ b/hw/loader.h
> @@ -46,4 +46,22 @@ void do_info_roms(Monitor *mon);
> int rom_add_vga(const char *file);
> int rom_add_option(const char *file, int32_t bootindex);
> 
> +typedef struct ImageFile ImageFile;
> +struct ImageFile {
> +char *name;
> +char *dir;

In fact, can't this whole dir thing be handled on struct create time? What we 
basically need are 2 steps:

  1) Create struct with reset info. At this time we also want to sanity check 
all input and bail out on error.
  2) Load the image on reset. Here the error case is _very_ unlikely, unless 
someone just removed the file while we executed.


Alex

> +hwaddr addr;
> +};
> +
> +typedef struct ImageBlob ImageBlob;
> +struct ImageBlob {
> +char *name;
> +hwaddr addr;
> +ssize_t size;
> +uint8_t *data;
> +};
> +
> +void image_blob_reset(void *opaque);
> +void image_file_reset(void *opaque);
> +
> #endif
> -- 
> 1.7.1
> 
> 
> 

Re: [Qemu-devel] [PATCH] uhci: stick irq routing info into UHCIInfo too.

[Stefan Hajnoczi]

On Fri, Oct 26, 2012 at 03:01:33PM +0200, Gerd Hoffmann wrote:
> Kills the ugly "switch (device_id) { ... }" struct and makes it easier
> to figure what the differences between the uhci variants are.
> 
> Need our own DeviceClass struct for that so we can allocate some space
> to store UHCIInfo.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/usb/hcd-uhci.c |   32 ++--
>  1 files changed, 18 insertions(+), 14 deletions(-)

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support

[Paolo Bonzini]

Il 26/10/2012 22:29, H. Peter Anvin ha scritto:
>>> This is surreal.  Output from /dev/hwrng turns into output for 
>>> /dev/random... it us guaranteed worse; period, end of story.
>> > 
>> > Isn't that exactly what happens in bare-metal?  hwrng -> rngd -> random.  
>> > Instead here
>> > we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd -> 
>> > guest random.
>> > 
>> > The only difference is that you paravirtualize access to the host hwrng to 
>> > a) distribute
>> > entropy to multiple guests; b) support migration across hosts with 
>> > different CPUs and
>> > hardware.
> First, hwrng is only one of the sources used by rngd.  It can also
> (currently) use RDRAND or TPM; additional sources are likely to be added
> in the future.
> 
> Second, the harvesting of environmental noise -- timings -- is not as
> good in a VM as on plain hardware, so for the no-hwrng case it is better
> for this to be done in the host than in the VM.

Neither of these make /dev/random with virtio-rng-pci worse than without
(as would be the case if you fed /dev/urandom).  And migration works.
This, and avoiding denial of service for the host's /dev/random, is all
I care about at this time.

There is always time to change defaults to something better.

Paolo

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH v2 2/5] use reset handlers to reload kernel and initrd

[Alexander Graf]

On 29.10.2012, at 06:21, Olivia Yin wrote:

> Signed-off-by: Olivia Yin 
> ---
> hw/loader.c |   64 ++
> 1 files changed, 42 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/loader.c b/hw/loader.c
> index cadf58f..9e2c3c8 100644
> --- a/hw/loader.c
> +++ b/hw/loader.c
> @@ -151,7 +151,12 @@ int load_image_targphys(const char *filename,
> return -1;
> }
> if (size > 0) {
> -rom_add_file_fixed(filename, addr, -1);
> +ImageFile *image;
> +image = g_malloc0(sizeof(*image));
> +image->name = g_strdup(filename);
> +image->addr = addr;
> + 
> +qemu_register_reset(image_file_reset, image);
> }
> return size;
> }
> @@ -472,15 +477,14 @@ static ssize_t gunzip(void *dst, size_t dstlen, uint8_t 
> *src,
> return dstbytes;
> }
> 
> -/* Load a U-Boot image.  */
> -int load_uimage(const char *filename, hwaddr *ep,
> -hwaddr *loadaddr, int *is_linux)
> +/* write uimage into memory */
> +static int uimage_physical_loader(const char *filename, uint8_t **data,
> +  hwaddr *loadaddr)
> {
> int fd;
> int size;
> uboot_image_header_t h;
> uboot_image_header_t *hdr = &h;
> -uint8_t *data = NULL;
> int ret = -1;
> 
> fd = open(filename, O_RDONLY | O_BINARY);
> @@ -513,18 +517,9 @@ int load_uimage(const char *filename, hwaddr *ep,
> goto out;
> }
> 
> -/* TODO: Check CPU type.  */
> -if (is_linux) {
> -if (hdr->ih_os == IH_OS_LINUX)
> -*is_linux = 1;
> -else
> -*is_linux = 0;
> -}
> -
> -*ep = hdr->ih_ep;
> -data = g_malloc(hdr->ih_size);
> +*data = g_malloc(hdr->ih_size);
> 
> -if (read(fd, data, hdr->ih_size) != hdr->ih_size) {
> +if (read(fd, *data, hdr->ih_size) != hdr->ih_size) {
> fprintf(stderr, "Error reading file\n");
> goto out;
> }
> @@ -534,11 +529,11 @@ int load_uimage(const char *filename, hwaddr *ep,
> size_t max_bytes;
> ssize_t bytes;
> 
> -compressed_data = data;
> +compressed_data = *data;
> max_bytes = UBOOT_MAX_GUNZIP_BYTES;
> -data = g_malloc(max_bytes);
> +*data = g_malloc(max_bytes);
> 
> -bytes = gunzip(data, max_bytes, compressed_data, hdr->ih_size);
> +bytes = gunzip(*data, max_bytes, compressed_data, hdr->ih_size);
> g_free(compressed_data);
> if (bytes < 0) {
> fprintf(stderr, "Unable to decompress gzipped image!\n");
> @@ -547,7 +542,6 @@ int load_uimage(const char *filename, hwaddr *ep,
> hdr->ih_size = bytes;
> }
> 
> -rom_add_blob_fixed(filename, data, hdr->ih_size, hdr->ih_load);
> 
> if (loadaddr)
> *loadaddr = hdr->ih_load;
> @@ -555,12 +549,38 @@ int load_uimage(const char *filename, hwaddr *ep,
> ret = hdr->ih_size;
> 
> out:
> -if (data)
> -g_free(data);
> close(fd);
> return ret;
> }
> 
> +static void uimage_reset(void *opaque)
> +{
> +ImageFile *image = opaque;
> +uint8_t *data = NULL;
> +int size;
> +
> +size = uimage_physical_loader(image->name, &data, &image->addr);
> +cpu_physical_memory_rw(image->addr, data, size, 1);
> +g_free(data);
> +}
> +
> +/* Load a U-Boot image.  */
> +int load_uimage(const char *filename, hwaddr *ep,
> +hwaddr *loadaddr, int *is_linux)

is_linux is never set.


Alex

> +{
> +int size;
> +ImageFile *image;
> +uint8_t *data = NULL;
> +
> +size= uimage_physical_loader(filename, &data, loadaddr);
> +g_free(data);
> +image = g_malloc0(sizeof(*image));
> +image->name = g_strdup(filename);
> +image->addr = *loadaddr;
> +qemu_register_reset(uimage_reset, image);
> +return size;
> +}
> +
> /*
>  * Functions for reboot-persistent memory regions.
>  *  - used for vga bios and option roms.
> -- 
> 1.7.1
> 
> 
> 

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH v2 3/5] replace rom_add_file* with image_file_reset

[Alexander Graf]

On 29.10.2012, at 06:21, Olivia Yin wrote:

> Signed-off-by: Olivia Yin 
> ---
> hw/cirrus_vga.c |6 +-
> hw/pc.c |6 +-
> hw/pc_sysfw.c   |   14 +++---
> hw/pci.c|   10 --
> hw/sga.c|6 +-
> hw/vga-isa.c|6 +-
> 6 files changed, 35 insertions(+), 13 deletions(-)
> 
> diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
> index e4af2e9..8b2c974 100644
> --- a/hw/cirrus_vga.c
> +++ b/hw/cirrus_vga.c
> @@ -2906,7 +2906,11 @@ static int vga_initfn(ISADevice *dev)
> s->ds = graphic_console_init(s->update, s->invalidate,
>  s->screen_dump, s->text_update,
>  s);
> -rom_add_vga(VGABIOS_CIRRUS_FILENAME);
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(VGABIOS_CIRRUS_FILENAME);
> +image->addr = 0;
> +qemu_register_reset(image_file_reset, image);

This looks like a perfect candidate for a helper function, no? ;)

In fact, maybe you should just leave the old rom_ function names and simply 
replace them by the snippet above.


Alex

> /* XXX ISA-LFB support */
> /* FIXME not qdev yet */
> return 0;
> diff --git a/hw/pc.c b/hw/pc.c
> index 16de04c..aa4ccba 100644
> --- a/hw/pc.c
> +++ b/hw/pc.c
> @@ -977,7 +977,11 @@ void *pc_memory_init(MemoryRegion *system_memory,
> }
> 
> for (i = 0; i < nb_option_roms; i++) {
> -rom_add_option(option_rom[i].name, option_rom[i].bootindex);
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(option_rom[i].name);
> +image->addr = 0;
> +qemu_register_reset(image_file_reset, image);
> }
> return fw_cfg;
> }
> diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
> index 9d7c5f4..06e606b 100644
> --- a/hw/pc_sysfw.c
> +++ b/hw/pc_sysfw.c
> @@ -151,18 +151,18 @@ static void old_pc_system_rom_init(MemoryRegion 
> *rom_memory)
> }
> if (bios_size <= 0 ||
> (bios_size % 65536) != 0) {
> -goto bios_error;
> +fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name);
> +exit(1);
> }
> bios = g_malloc(sizeof(*bios));
> memory_region_init_ram(bios, "pc.bios", bios_size);
> vmstate_register_ram_global(bios);
> memory_region_set_readonly(bios, true);
> -ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1);
> -if (ret != 0) {
> -bios_error:
> -fprintf(stderr, "qemu: could not load PC BIOS '%s'\n", bios_name);
> -exit(1);
> -}
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(filename);
> +image->addr = (uint32_t)(-bios_size);
> +qemu_register_reset(image_file_reset, image);
> if (filename) {
> g_free(filename);
> }
> diff --git a/hw/pci.c b/hw/pci.c
> index d44fd0e..7efc41a 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -34,6 +34,7 @@
> #include "msi.h"
> #include "msix.h"
> #include "exec-memory.h"
> +#include "loader.h"
> 
> //#define DEBUG_PCI
> #ifdef DEBUG_PCI
> @@ -1792,12 +1793,17 @@ static int pci_add_option_rom(PCIDevice *pdev, bool 
> is_default_rom)
>  * Load rom via fw_cfg instead of creating a rom bar,
>  * for 0.11 compatibility.
>  */
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(pdev->romfile);
> +image->addr = 0;
> int class = pci_get_word(pdev->config + PCI_CLASS_DEVICE);
> if (class == 0x0300) {
> -rom_add_vga(pdev->romfile);
> +image->dir = g_strdup("vgaroms");
> } else {
> -rom_add_option(pdev->romfile, -1);
> +image->dir = g_strdup("genroms");
> }
> +qemu_register_reset(image_file_reset, image);
> return 0;
> }
> 
> diff --git a/hw/sga.c b/hw/sga.c
> index a666349..25c002a 100644
> --- a/hw/sga.c
> +++ b/hw/sga.c
> @@ -37,7 +37,11 @@ typedef struct ISAGAState {
> 
> static int sga_initfn(ISADevice *dev)
> {
> -rom_add_vga(SGABIOS_FILENAME);
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(SGABIOS_FILENAME);
> +image->addr = 0;
> +qemu_register_reset(image_file_reset, image);
> return 0;
> }
> static void sga_class_initfn(ObjectClass *klass, void *data)
> diff --git a/hw/vga-isa.c b/hw/vga-isa.c
> index 046602b..e9c90e8 100644
> --- a/hw/vga-isa.c
> +++ b/hw/vga-isa.c
> @@ -67,7 +67,11 @@ static int vga_initfn(ISADevice *dev)
> 
> vga_init_vbe(s, isa_address_space(dev));
> /* ROM BIOS */
> -rom_add_vga(VGABIOS_FILENAME);
> +ImageFile *image;
> +image = g_malloc(sizeof(*image));
> +image->name = g_strdup(VGABIOS_FILENAME);
> +image->addr = 0;
> +qemu_register_reset(image_file_reset, image);
> return 0;
> }
> 
> -- 
> 1.7.1
> 
> 
> 

Re: [Qemu-devel] [patch v5 7/8] memory: introduce tls context to record nested dma

[Paolo Bonzini]

Il 29/10/2012 00:48, Liu Ping Fan ha scritto:
> Signed-off-by: Liu Ping Fan 
> ---
>  cpus.c|3 ++
>  exec.c|   58 
> +
>  qemu-thread.h |8 +++
>  vl.c  |1 +
>  4 files changed, 70 insertions(+), 0 deletions(-)
> 
> diff --git a/cpus.c b/cpus.c
> index 191cbf5..e67d80f 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -733,6 +733,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
>  
>  qemu_mutex_lock(&qemu_global_mutex);
>  qemu_thread_get_self(cpu->thread);
> +qemu_thread_init_context();
>  env->thread_id = qemu_get_thread_id();
>  cpu_single_env = env;
>  
> @@ -774,6 +775,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
>  
>  qemu_mutex_lock_iothread();
>  qemu_thread_get_self(cpu->thread);
> +qemu_thread_init_context();
>  env->thread_id = qemu_get_thread_id();
>  
>  sigemptyset(&waitset);
> @@ -813,6 +815,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
>  
>  qemu_tcg_init_cpu_signals();
>  qemu_thread_get_self(cpu->thread);
> +qemu_thread_init_context();
>  
>  /* signal CPU creation */
>  qemu_mutex_lock(&qemu_global_mutex);
> diff --git a/exec.c b/exec.c
> index 46da08c..ea672c6 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -3449,6 +3449,49 @@ static bool 
> address_space_section_lookup_ref(AddressSpace *as,
>  return safe_ref;
>  }
>  
> +typedef struct ThreadContext {
> +  DispatchType dispatch_type;
> +  unsigned int mmio_req_pending;
> +} ThreadContext;
> +
> +static __thread ThreadContext *thread_context;
> +
> +void qemu_thread_init_context(void)
> +{
> +thread_context = g_new(ThreadContext, 1);
> +thread_context->dispatch_type = DISPATCH_INIT;
> +thread_context->mmio_req_pending = 0;
> +}

No need for this:

static __thread ThreadContext thread_context = {
.dispatch_type = DISPATCH_INIT,
.mmio_req_pending = 0
};

Paolo

Re: [Qemu-devel] [PATCH v3 0/8] Sysbus EHCI + Zynq USB.

[Andreas Färber]

Am 29.10.2012 08:48, schrieb Gerd Hoffmann:
> On 10/29/12 02:34, Peter Crosthwaite wrote:
>> Added Sysbus variant of EHCI and attached it to Xilinx Zynq. The EHCI stuff 
>> is going to useful for Tegra too.
> 
> Patch series added to usb patch queue.

Wasn't there resistance against dma_context_memory in the other thread,
which this series is based on?

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] acpi_piix4 migration issue

[Paolo Bonzini]

Il 28/10/2012 20:40, Marcelo Tosatti ha scritto:
> 
> qemu-kvm 1.2 -> qemu-1.3 migration fails with
> 
> Unknown savevm section type 48
> load of migration failed
> 
> Due to a fix in acpi_piix4 in qemu-kvm (attached at the end of the
> message). 
> 
> The problem is that qemu-kvm correctly uses 2 bytes for sts and 
> 2 bytes for en fields (which is their allocated size), while qemu 
> uses 4*2 bytes for each.
> 
> The fix present in qemu-kvm is correct, but, having it in qemu 1.3 would break
> qemu 1.2 -> qemu 1.3 migration (while allowing qemu-kvm 1.2 -> qemu 1.3
> migration).
> 
> Any opinions on what to do?

Bump the .version_id and .minimum_version_id to 2 and load the QEMU 1.2
state via .load_state_old.

qemu-kvm 1.2 -> qemu 1.3 migration would be broken.  qemu-kvm
downstreams that care can leave .minimum_version_id to 1.

Paolo

> >>
> >> +#define VMSTATE_GPE_ARRAY(_field, _state)\
> >> + {   \
> >> + .name   = (stringify(_field)),  \
> >> + .version_id = 0,\
> >> + .num= GPE_LEN,  \
> >> + .info   =&vmstate_info_uint16, \
> >> + .size   = sizeof(uint16_t), \
> >> + .flags  = VMS_ARRAY | VMS_POINTER,  \
> >> + .offset = vmstate_offset_pointer(_state, _field, uint8_t),  \
> >> + }
> >> +
> >>   static const VMStateDescription vmstate_gpe = {
> >>   .name = "gpe",
> >>   .version_id = 1,
> >>   .minimum_version_id = 1,
> >>   .minimum_version_id_old = 1,
> >>   .fields  = (VMStateField []) {
> >> -VMSTATE_UINT16(sts, struct gpe_regs),
> >> -VMSTATE_UINT16(en, struct gpe_regs),
> >> +VMSTATE_GPE_ARRAY(sts, ACPIGPE),
> >> +VMSTATE_GPE_ARRAY(en, ACPIGPE),
> >>   VMSTATE_END_OF_LIST()
> >>   }
> >>   };
> >
> > I'm no vmstate expert, but this does look odd.  Why both VMS_ARRAY and
> > VMS_POINTER? aren't we trying to save/restore a simple 16-bit value?  Or
> > at least we did before this patch.
> 
> That's right. the difference is, the new member type became uint8_t*.
> Does the following help?
> 
> Signed-off-by: Avi Kivity 
> 
> diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
> index d65a7e9..9dc6f43 100644
> --- a/hw/acpi_piix4.c
> +++ b/hw/acpi_piix4.c
> @@ -221,10 +221,9 @@ static int vmstate_acpi_post_load(void *opaque, int 
> version_id)
>   {   \
>   .name   = (stringify(_field)),  \
>   .version_id = 0,\
> - .num= GPE_LEN,  \
>   .info   = &vmstate_info_uint16, \
>   .size   = sizeof(uint16_t), \
> - .flags  = VMS_ARRAY | VMS_POINTER,  \
> + .flags  = VMS_SINGLE | VMS_POINTER, \
>   .offset = vmstate_offset_pointer(_state, _field, uint8_t),  \
>   }
>  
> 
> 
> 
> 

Re: [Qemu-devel] [PATCH 1/5] disas: avoid using cpu_single_env

[Andreas Färber]

Am 28.10.2012 16:03, schrieb Blue Swirl:
> Pass around CPUState instead of using global cpu_single_env.
> 
> Signed-off-by: Blue Swirl 

CPUState would be really nice, you seem to mean CPUArchState though as
intermediate step. Please adjust the commit message, looks fine as far
as reviewed otherwise.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] disallow -daemonize usage of stdio (curses display, -nographic, -serial stdio etc)

[Stefan Hajnoczi]

On Sat, Oct 27, 2012 at 05:15:15PM +0400, Michael Tokarev wrote:
> diff --git a/vl.c b/vl.c
> index 9f99ef4..db48d62 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3413,6 +3413,26 @@ int main(int argc, char **argv, char **envp)
>  default_sdcard = 0;
>  }
>  
> +if (is_daemonized()) {
> +/* According to documentation and historically, -nographic redirects
> + * serial port, parallel port and monitor to stdio, which does not 
> work
> + * with -daemonize.  We can redirect these to null instead, but since
> + * -nographic is legacy, let's just error out.
> + */
> +if (display_type == DT_NOGRAPHIC
> +/* && (default_parallel || default_serial
> +|| default_monitor || default_virtcon) */) {

Uncomment these?

Stefan

[Qemu-devel] [PATCH v3 3/6] TCG: Use gen_opparam_ptr from context instead of global variable.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
---
 gen-icount.h |2 +-
 tcg/tcg-op.h |  254 +-
 tcg/tcg.c|   36 -
 3 files changed, 146 insertions(+), 146 deletions(-)

diff --git a/gen-icount.h b/gen-icount.h
index 430cb44..248cf5b 100644
--- a/gen-icount.h
+++ b/gen-icount.h
@@ -16,7 +16,7 @@ static inline void gen_icount_start(void)
 count = tcg_temp_local_new_i32();
 tcg_gen_ld_i32(count, cpu_env, offsetof(CPUArchState, icount_decr.u32));
 /* This is a horrid hack to allow fixing up the value later.  */
-icount_arg = gen_opparam_ptr + 1;
+icount_arg = tcg_ctx.gen_opparam_ptr + 1;
 tcg_gen_subi_i32(count, count, 0xdeadbeef);
 
 tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, icount_label);
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 50b1c62..d6daea4 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -33,230 +33,230 @@ static inline void tcg_gen_op0(TCGOpcode opc)
 static inline void tcg_gen_op1_i32(TCGOpcode opc, TCGv_i32 arg1)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I32(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg1);
 }
 
 static inline void tcg_gen_op1_i64(TCGOpcode opc, TCGv_i64 arg1)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I64(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg1);
 }
 
 static inline void tcg_gen_op1i(TCGOpcode opc, TCGArg arg1)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = arg1;
+*tcg_ctx.gen_opparam_ptr++ = arg1;
 }
 
 static inline void tcg_gen_op2_i32(TCGOpcode opc, TCGv_i32 arg1, TCGv_i32 arg2)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I32(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I32(arg2);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg2);
 }
 
 static inline void tcg_gen_op2_i64(TCGOpcode opc, TCGv_i64 arg1, TCGv_i64 arg2)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I64(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I64(arg2);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg2);
 }
 
 static inline void tcg_gen_op2i_i32(TCGOpcode opc, TCGv_i32 arg1, TCGArg arg2)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I32(arg1);
-*gen_opparam_ptr++ = arg2;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg1);
+*tcg_ctx.gen_opparam_ptr++ = arg2;
 }
 
 static inline void tcg_gen_op2i_i64(TCGOpcode opc, TCGv_i64 arg1, TCGArg arg2)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I64(arg1);
-*gen_opparam_ptr++ = arg2;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg1);
+*tcg_ctx.gen_opparam_ptr++ = arg2;
 }
 
 static inline void tcg_gen_op2ii(TCGOpcode opc, TCGArg arg1, TCGArg arg2)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = arg1;
-*gen_opparam_ptr++ = arg2;
+*tcg_ctx.gen_opparam_ptr++ = arg1;
+*tcg_ctx.gen_opparam_ptr++ = arg2;
 }
 
 static inline void tcg_gen_op3_i32(TCGOpcode opc, TCGv_i32 arg1, TCGv_i32 arg2,
TCGv_i32 arg3)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I32(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I32(arg2);
-*gen_opparam_ptr++ = GET_TCGV_I32(arg3);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg2);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg3);
 }
 
 static inline void tcg_gen_op3_i64(TCGOpcode opc, TCGv_i64 arg1, TCGv_i64 arg2,
TCGv_i64 arg3)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I64(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I64(arg2);
-*gen_opparam_ptr++ = GET_TCGV_I64(arg3);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg2);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg3);
 }
 
 static inline void tcg_gen_op3i_i32(TCGOpcode opc, TCGv_i32 arg1,
 TCGv_i32 arg2, TCGArg arg3)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I32(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I32(arg2);
-*gen_opparam_ptr++ = arg3;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(arg2);
+*tcg_ctx.gen_opparam_ptr++ = arg3;
 }
 
 static inline void tcg_gen_op3i_i64(TCGOpcode opc, TCGv_i64 arg1,
 TCGv_i64 arg2, TCGArg arg3)
 {
 *tcg_ctx.gen_opc_ptr++ = opc;
-*gen_opparam_ptr++ = GET_TCGV_I64(arg1);
-*gen_opparam_ptr++ = GET_TCGV_I64(arg2);
-*gen_opparam_ptr++ = arg3;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I64(arg2);
+*tcg_ctx.gen_opparam_ptr++ = arg3;
 }
 
 static inline void tcg_gen_ldst_op_i32(TCGOpcode opc, TCGv_i32 val,
 

[Qemu-devel] [PATCH v3 5/6] TCG: Use gen_opparam_buf from context instead of global variable.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
---
 tcg/tcg.c |   11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index c4e663b..f332463 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -298,7 +298,7 @@ void tcg_func_start(TCGContext *s)
 #endif
 
 s->gen_opc_ptr = s->gen_opc_buf;
-s->gen_opparam_ptr = gen_opparam_buf;
+s->gen_opparam_ptr = s->gen_opparam_buf;
 }
 
 static inline void tcg_temp_alloc(TCGContext *s, int n)
@@ -885,7 +885,7 @@ void tcg_dump_ops(TCGContext *s)
 
 first_insn = 1;
 opc_ptr = s->gen_opc_buf;
-args = gen_opparam_buf;
+args = s->gen_opparam_buf;
 while (opc_ptr < s->gen_opc_ptr) {
 c = *opc_ptr++;
 def = &tcg_op_defs[c];
@@ -1409,8 +1409,9 @@ static void tcg_liveness_analysis(TCGContext *s)
 op_index--;
 }
 
-if (args != gen_opparam_buf)
+if (args != s->gen_opparam_buf) {
 tcg_abort();
+}
 }
 #else
 /* dummy liveness analysis */
@@ -2104,7 +2105,7 @@ static inline int tcg_gen_code_common(TCGContext *s, 
uint8_t *gen_code_buf,
 
 #ifdef USE_TCG_OPTIMIZATIONS
 s->gen_opparam_ptr =
-tcg_optimize(s, s->gen_opc_ptr, gen_opparam_buf, tcg_op_defs);
+tcg_optimize(s, s->gen_opc_ptr, s->gen_opparam_buf, tcg_op_defs);
 #endif
 
 #ifdef CONFIG_PROFILER
@@ -2131,7 +2132,7 @@ static inline int tcg_gen_code_common(TCGContext *s, 
uint8_t *gen_code_buf,
 s->code_buf = gen_code_buf;
 s->code_ptr = gen_code_buf;
 
-args = gen_opparam_buf;
+args = s->gen_opparam_buf;
 op_index = 0;
 
 for(;;) {
-- 
1.7.9.5

[Qemu-devel] [PATCH v3 0/6] TCG global variables clean-up

[Evgeny Voevodin]

This set of patches moves global variables to tcg_ctx:
gen_opc_ptr
gen_opparam_ptr
gen_opc_buf
gen_opparam_buf

Build tested for all targets.
Execution tested on Exynos4210 target.

After this patchset was aplied, I noticed 0.7% speed-up of code generation.
Probably, this is due to better data caching.

Here is the test procedure:
1. Boot Linux Kernel 5 times.
2. For each iteration wait while "JIT cycles" is stable for ~10 seconds
3. Write down the "cycles/op"

Here are the results (tested on gcc-4.6):

Before clean-up:
min: 731.5
max: 734.8
avg: 733.0
standard deviation: ~2 ~= 0.2%

Average cycles/op = 733 +- 2



After clean-up:
min: 725.0
max: 730.5
avg: 727.8
standard deviation: ~3 ~= 0.4%

Average cycles/op = 728 +- 3
Speed-up of TCG code generation = 0.7%

Changelog:
v2->v3:
Removed tcg_cur_ctx since it gives slow-down on gcc-4.5.
Rebased.
v1->v2:
Introduced TCGContext *tcg_cur_ctx global to use in those places where we don't
have an interface to pass pointer to tcg_ctx.
Code style clean-up

Evgeny (2):
  tcg/tcg.h: Duplicate global TCG variables in TCGContext
  TCG: Remove unused global variables

Evgeny Voevodin (4):
  TCG: Use gen_opc_ptr from context instead of global variable.
  TCG: Use gen_opparam_ptr from context instead of global variable.
  TCG: Use gen_opc_buf from context instead of global variable.
  TCG: Use gen_opparam_buf from context instead of global variable.

 gen-icount.h  |2 +-
 target-alpha/translate.c  |   10 +-
 target-arm/translate.c|   10 +-
 target-cris/translate.c   |   13 +-
 target-i386/translate.c   |   10 +-
 target-lm32/translate.c   |   13 +-
 target-m68k/translate.c   |   10 +-
 target-microblaze/translate.c |   13 +-
 target-mips/translate.c   |   11 +-
 target-openrisc/translate.c   |   13 +-
 target-ppc/translate.c|   11 +-
 target-s390x/translate.c  |   11 +-
 target-sh4/translate.c|   10 +-
 target-sparc/translate.c  |   10 +-
 target-unicore32/translate.c  |   10 +-
 target-xtensa/translate.c |8 +-
 tcg/optimize.c|   62 
 tcg/tcg-op.h  |  324 -
 tcg/tcg.c |   85 ++-
 tcg/tcg.h |   10 +-
 translate-all.c   |3 -
 21 files changed, 326 insertions(+), 323 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCH v3 6/6] TCG: Remove unused global variables

[Evgeny Voevodin]

From: Evgeny 

Signed-off-by: Evgeny Voevodin 
---
 tcg/tcg.c   |4 
 tcg/tcg.h   |4 
 translate-all.c |3 ---
 3 files changed, 11 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index f332463..53bf109 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -96,10 +96,6 @@ const size_t tcg_op_defs_max = ARRAY_SIZE(tcg_op_defs);
 static TCGRegSet tcg_target_available_regs[2];
 static TCGRegSet tcg_target_call_clobber_regs;
 
-/* XXX: move that inside the context */
-uint16_t *gen_opc_ptr;
-TCGArg *gen_opparam_ptr;
-
 static inline void tcg_out8(TCGContext *s, uint8_t v)
 {
 *s->code_ptr++ = v;
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 43b4317..b1f4e49 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -431,10 +431,6 @@ struct TCGContext {
 };
 
 extern TCGContext tcg_ctx;
-extern uint16_t *gen_opc_ptr;
-extern TCGArg *gen_opparam_ptr;
-extern uint16_t gen_opc_buf[];
-extern TCGArg gen_opparam_buf[];
 
 /* pool based memory allocation */
 
diff --git a/translate-all.c b/translate-all.c
index 5bd2d37..d9c2e57 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -33,9 +33,6 @@
 /* code generation context */
 TCGContext tcg_ctx;
 
-uint16_t gen_opc_buf[OPC_BUF_SIZE];
-TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE];
-
 target_ulong gen_opc_pc[OPC_BUF_SIZE];
 uint16_t gen_opc_icount[OPC_BUF_SIZE];
 uint8_t gen_opc_instr_start[OPC_BUF_SIZE];
-- 
1.7.9.5

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH v2 3/5] replace rom_add_file* with image_file_reset

[Alexander Graf]

On 29.10.2012, at 09:48, Alexander Graf wrote:

> 
> On 29.10.2012, at 06:21, Olivia Yin wrote:
> 
>> Signed-off-by: Olivia Yin 
>> ---
>> hw/cirrus_vga.c |6 +-
>> hw/pc.c |6 +-
>> hw/pc_sysfw.c   |   14 +++---
>> hw/pci.c|   10 --
>> hw/sga.c|6 +-
>> hw/vga-isa.c|6 +-
>> 6 files changed, 35 insertions(+), 13 deletions(-)
>> 
>> diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
>> index e4af2e9..8b2c974 100644
>> --- a/hw/cirrus_vga.c
>> +++ b/hw/cirrus_vga.c
>> @@ -2906,7 +2906,11 @@ static int vga_initfn(ISADevice *dev)
>>s->ds = graphic_console_init(s->update, s->invalidate,
>> s->screen_dump, s->text_update,
>> s);
>> -rom_add_vga(VGABIOS_CIRRUS_FILENAME);
>> +ImageFile *image;
>> +image = g_malloc(sizeof(*image));
>> +image->name = g_strdup(VGABIOS_CIRRUS_FILENAME);
>> +image->addr = 0;
>> +qemu_register_reset(image_file_reset, image);
> 
> This looks like a perfect candidate for a helper function, no? ;)
> 
> In fact, maybe you should just leave the old rom_ function names and simply 
> replace them by the snippet above.

And make sure to reuse the rom structs too, so things like rom_copy() remain 
functional. Of course you'll have to add a check for the new rom type so that 
you don't access the "data" field in there. But if you reuse that 
infrastructure, everything will just happily plug in.


Alex

[Qemu-devel] [PATCH v3 4/6] TCG: Use gen_opc_buf from context instead of global variable.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
---
 target-alpha/translate.c  |6 ++--
 target-arm/translate.c|6 ++--
 target-cris/translate.c   |9 +++---
 target-i386/translate.c   |6 ++--
 target-lm32/translate.c   |9 +++---
 target-m68k/translate.c   |6 ++--
 target-microblaze/translate.c |9 +++---
 target-mips/translate.c   |6 ++--
 target-openrisc/translate.c   |9 +++---
 target-ppc/translate.c|6 ++--
 target-s390x/translate.c  |6 ++--
 target-sh4/translate.c|6 ++--
 target-sparc/translate.c  |6 ++--
 target-unicore32/translate.c  |6 ++--
 target-xtensa/translate.c |4 +--
 tcg/optimize.c|   62 -
 tcg/tcg.c |   30 ++--
 17 files changed, 98 insertions(+), 94 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 6676cbf..91c761a 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -3373,7 +3373,7 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
 int max_insns;
 
 pc_start = tb->pc;
-gen_opc_end = gen_opc_buf + OPC_MAX_SIZE;
+gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
 
 ctx.tb = tb;
 ctx.env = env;
@@ -3406,7 +3406,7 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
 }
 }
 if (search_pc) {
-j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
 if (lj < j) {
 lj++;
 while (lj < j)
@@ -3465,7 +3465,7 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
 gen_icount_end(tb, num_insns);
 *tcg_ctx.gen_opc_ptr = INDEX_op_end;
 if (search_pc) {
-j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
 lj++;
 while (lj <= j)
 gen_opc_instr_start[lj++] = 0;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index ff5d294..0602b31 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -9727,7 +9727,7 @@ static inline void 
gen_intermediate_code_internal(CPUARMState *env,
 
 dc->tb = tb;
 
-gen_opc_end = gen_opc_buf + OPC_MAX_SIZE;
+gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
 
 dc->is_jmp = DISAS_NEXT;
 dc->pc = pc_start;
@@ -9834,7 +9834,7 @@ static inline void 
gen_intermediate_code_internal(CPUARMState *env,
 }
 }
 if (search_pc) {
-j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
 if (lj < j) {
 lj++;
 while (lj < j)
@@ -9974,7 +9974,7 @@ done_generating:
 }
 #endif
 if (search_pc) {
-j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
 lj++;
 while (lj <= j)
 gen_opc_instr_start[lj++] = 0;
diff --git a/target-cris/translate.c b/target-cris/translate.c
index 903907b..c54e3df 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -3202,7 +3202,7 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
dc->env = env;
dc->tb = tb;
 
-   gen_opc_end = gen_opc_buf + OPC_MAX_SIZE;
+   gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
 
dc->is_jmp = DISAS_NEXT;
dc->ppc = pc_start;
@@ -3266,7 +3266,7 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
check_breakpoint(env, dc);
 
if (search_pc) {
-   j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+   j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
if (lj < j) {
lj++;
while (lj < j)
@@ -3401,7 +3401,7 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
 gen_icount_end(tb, num_insns);
*tcg_ctx.gen_opc_ptr = INDEX_op_end;
if (search_pc) {
-   j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
+   j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
lj++;
while (lj <= j)
gen_opc_instr_start[lj++] = 0;
@@ -3416,7 +3416,8 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
log_target_disas(pc_start, dc->pc - pc_start,
  dc->env->pregs[PR_VR]);
qemu_log("\nisize=%d osize=%td\n",
-   dc->pc - pc_start, tcg_ctx.gen_opc_ptr - gen_opc_buf);
+   dc->pc - pc_start, tcg_ctx.gen_opc_ptr -
+   tcg_ctx.gen_opc_buf);
}
 #endif
 #endif
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 5f977d9..1563677 100644
--- a/target-i386/translate.c
+++ b/t

[Qemu-devel] [PATCH v3 1/6] tcg/tcg.h: Duplicate global TCG variables in TCGContext

[Evgeny Voevodin]

From: Evgeny 

Signed-off-by: Evgeny 
Signed-off-by: Evgeny Voevodin 
---
 tcg/tcg.h |6 ++
 1 file changed, 6 insertions(+)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 45e94f5..43b4317 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -422,6 +422,12 @@ struct TCGContext {
 int temps_in_use;
 int goto_tb_issue_mask;
 #endif
+
+uint16_t gen_opc_buf[OPC_BUF_SIZE];
+TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE];
+
+uint16_t *gen_opc_ptr;
+TCGArg *gen_opparam_ptr;
 };
 
 extern TCGContext tcg_ctx;
-- 
1.7.9.5

[Qemu-devel] [PATCH v3 2/6] TCG: Use gen_opc_ptr from context instead of global variable.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
---
 target-alpha/translate.c  |8 ++---
 target-arm/translate.c|8 ++---
 target-cris/translate.c   |   10 +++---
 target-i386/translate.c   |8 ++---
 target-lm32/translate.c   |   10 +++---
 target-m68k/translate.c   |8 ++---
 target-microblaze/translate.c |   10 +++---
 target-mips/translate.c   |9 +++---
 target-openrisc/translate.c   |   10 +++---
 target-ppc/translate.c|9 +++---
 target-s390x/translate.c  |9 +++---
 target-sh4/translate.c|8 ++---
 target-sparc/translate.c  |8 ++---
 target-unicore32/translate.c  |8 ++---
 target-xtensa/translate.c |6 ++--
 tcg/tcg-op.h  |   70 -
 tcg/tcg.c |   16 +-
 17 files changed, 109 insertions(+), 106 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index f707d8d..6676cbf 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -3406,7 +3406,7 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
 }
 }
 if (search_pc) {
-j = gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
 if (lj < j) {
 lj++;
 while (lj < j)
@@ -3432,7 +3432,7 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
or exhaust instruction count, stop generation.  */
 if (ret == NO_EXIT
 && ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0
-|| gen_opc_ptr >= gen_opc_end
+|| tcg_ctx.gen_opc_ptr >= gen_opc_end
 || num_insns >= max_insns
 || singlestep
 || env->singlestep_enabled)) {
@@ -3463,9 +3463,9 @@ static inline void 
gen_intermediate_code_internal(CPUAlphaState *env,
 }
 
 gen_icount_end(tb, num_insns);
-*gen_opc_ptr = INDEX_op_end;
+*tcg_ctx.gen_opc_ptr = INDEX_op_end;
 if (search_pc) {
-j = gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
 lj++;
 while (lj <= j)
 gen_opc_instr_start[lj++] = 0;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 25433da..ff5d294 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -9834,7 +9834,7 @@ static inline void 
gen_intermediate_code_internal(CPUARMState *env,
 }
 }
 if (search_pc) {
-j = gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
 if (lj < j) {
 lj++;
 while (lj < j)
@@ -9881,7 +9881,7 @@ static inline void 
gen_intermediate_code_internal(CPUARMState *env,
  * Also stop translation when a page boundary is reached.  This
  * ensures prefetch aborts occur at the right place.  */
 num_insns ++;
-} while (!dc->is_jmp && gen_opc_ptr < gen_opc_end &&
+} while (!dc->is_jmp && tcg_ctx.gen_opc_ptr < gen_opc_end &&
  !env->singlestep_enabled &&
  !singlestep &&
  dc->pc < next_page_start &&
@@ -9962,7 +9962,7 @@ static inline void 
gen_intermediate_code_internal(CPUARMState *env,
 
 done_generating:
 gen_icount_end(tb, num_insns);
-*gen_opc_ptr = INDEX_op_end;
+*tcg_ctx.gen_opc_ptr = INDEX_op_end;
 
 #ifdef DEBUG_DISAS
 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
@@ -9974,7 +9974,7 @@ done_generating:
 }
 #endif
 if (search_pc) {
-j = gen_opc_ptr - gen_opc_buf;
+j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
 lj++;
 while (lj <= j)
 gen_opc_instr_start[lj++] = 0;
diff --git a/target-cris/translate.c b/target-cris/translate.c
index 755de65..903907b 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -3266,7 +3266,7 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
check_breakpoint(env, dc);
 
if (search_pc) {
-   j = gen_opc_ptr - gen_opc_buf;
+   j = tcg_ctx.gen_opc_ptr - gen_opc_buf;
if (lj < j) {
lj++;
while (lj < j)
@@ -3348,7 +3348,7 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
if (!(tb->pc & 1) && env->singlestep_enabled)
break;
} while (!dc->is_jmp && !dc->cpustate_changed
-&& gen_opc_ptr < gen_opc_end
+&& tcg_ctx.gen_opc_ptr < gen_opc_end
  && !singlestep
 && (dc->pc < next_page_start)
  && num_insns < max_insns);
@@ -3399,9 +3399,9 @@ gen_intermediate_code_internal(CPUCRISState *env, 
TranslationBlock *tb,
}
}
 gen_icount_end(tb, num_insns);
-   *gen_opc_ptr = INDEX_op_end;
+   *tcg_ctx.gen_op

Re: [Qemu-devel] [patch v5 5/8] memory: introduce local lock for address space

[Avi Kivity]

On 10/29/2012 01:48 AM, Liu Ping Fan wrote:
> For those address spaces which want to be able out of big lock, they
> will be protected by their own local.
> 
> Signed-off-by: Liu Ping Fan 
> ---
>  memory.c |   11 ++-
>  memory.h |5 -
>  2 files changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/memory.c b/memory.c
> index 2f68d67..ff34aed 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -1532,9 +1532,15 @@ void memory_listener_unregister(MemoryListener 
> *listener)
>  QTAILQ_REMOVE(&memory_listeners, listener, link);
>  }
>  
> -void address_space_init(AddressSpace *as, MemoryRegion *root)
> +void address_space_init(AddressSpace *as, MemoryRegion *root, bool lock)


Why not always use the lock?  Even if the big lock is taken, it doesn't
hurt.  And eventually all address spaces will be fine-grained.

>  {
>  memory_region_transaction_begin();
> +if (lock) {
> +as->lock = g_new(QemuMutex, 1);
> +qemu_mutex_init(as->lock);
> +} else {
> +as->lock = NULL;
> +}
>  as->root = root;
>  as->current_map = g_new(FlatView, 1);
>  flatview_init(as->current_map);
> @@ -1553,6 +1559,9 @@ void address_space_destroy(AddressSpace *as)
>  QTAILQ_REMOVE(&address_spaces, as, address_spaces_link);
>  address_space_destroy_dispatch(as);
>  flatview_destroy(as->current_map);
> +if (as->lock) {
> +g_free(as->lock);
> +}
>  g_free(as->current_map);
>  }
>  
> diff --git a/memory.h b/memory.h
> index 79393f1..12d1c56 100644
> --- a/memory.h
> +++ b/memory.h
> @@ -22,6 +22,7 @@
>  #include "cpu-common.h"
>  #include "targphys.h"
>  #include "qemu-queue.h"
> +#include "qemu-thread.h"
>  #include "iorange.h"
>  #include "ioport.h"
>  #include "int128.h"
> @@ -164,6 +165,7 @@ typedef struct AddressSpace AddressSpace;
>   */
>  struct AddressSpace {
>  /* All fields are private. */
> +QemuMutex *lock;
>  const char *name;
>  MemoryRegion *root;
>  struct FlatView *current_map;
> @@ -801,8 +803,9 @@ void mtree_info(fprintf_function mon_printf, void *f);
>   *
>   * @as: an uninitialized #AddressSpace
>   * @root: a #MemoryRegion that routes addesses for the address space
> + * @lock: if true, the physmap protected by local lock, otherwise big lock
>   */
> -void address_space_init(AddressSpace *as, MemoryRegion *root);
> +void address_space_init(AddressSpace *as, MemoryRegion *root, bool lock);
>  
>  
>  /**
> 


-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH v3 2/8] usb/ehci: Use class_data to init PCI variations

[Andreas Färber]

Am 29.10.2012 02:34, schrieb Peter Crosthwaite:
> Got rid of the duplication of the class init functions for the two PCI EHCI
> variants. The PCI specifics are passed in as as class_data and set by a common
> class_init function.
> 
> Premeptively defined a new Class "EHCICLass" for the upcomming addition of new

"Preemptively", "upcoming"

> fields. The class_data is an instance of EHCICLass that forms a template for 
> the
> class to generate.

Using "EHCI[PCI]Class" to template itself seems a bit awkward, Anthony
do you have any thoughts on this? The usual way would be to have a
dedicated EHCIInfo struct or so.

> 
> Signed-off-by: Peter Crosthwaite 
> ---
> Got rid of union for sharing EHCIClassDefinition - made PCI specific
> Simplified literal class_data arrays in ehci_info accordingly
> removed null sentinel from ehci_info and used ARRAY_SIZE for type_regsiter 
> loop
>   bound instead
> 
>  hw/usb/hcd-ehci.c |   76 
>  1 files changed, 41 insertions(+), 35 deletions(-)
> 
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index 6c65a73..274225b 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -2641,46 +2641,49 @@ static Property ehci_properties[] = {
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> -static void ehci_class_init(ObjectClass *klass, void *data)
> -{
> -DeviceClass *dc = DEVICE_CLASS(klass);
> -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
> -
> -k->init = usb_ehci_initfn;
> -k->vendor_id = PCI_VENDOR_ID_INTEL;
> -k->device_id = PCI_DEVICE_ID_INTEL_82801D; /* ich4 */
> -k->revision = 0x10;
> -k->class_id = PCI_CLASS_SERIAL_USB;
> -dc->vmsd = &vmstate_ehci;
> -dc->props = ehci_properties;
> -}
> +typedef struct EHCIPCIClass {
> +PCIDeviceClass pci;
> +} EHCIPCIClass;
>  
> -static TypeInfo ehci_info = {
> -.name  = "usb-ehci",
> -.parent= TYPE_PCI_DEVICE,
> -.instance_size = sizeof(EHCIState),
> -.class_init= ehci_class_init,
> -};
> -
> -static void ich9_ehci_class_init(ObjectClass *klass, void *data)
> +static void ehci_class_init(ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(klass);
> -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
> -
> -k->init = usb_ehci_initfn;
> -k->vendor_id = PCI_VENDOR_ID_INTEL;
> -k->device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1;
> -k->revision = 0x03;
> -k->class_id = PCI_CLASS_SERIAL_USB;
> +EHCIPCIClass *k = (EHCIPCIClass *)klass;

Please use a proper QOM cast macro: EHCI_PCI_CLASS(klass)

In this case however, please keep using PCIDeviceClass rather than
trying to access it through a named member. If we need to access any
dedicated EHCIPCIClass fields later in the series we can add additional
variables the QOM way.

> +EHCIPCIClass *template = data;
> +
> +k->pci.init = usb_ehci_initfn;
> +k->pci.vendor_id = template->pci.vendor_id;
> +k->pci.device_id = template->pci.device_id; /* ich4 */
> +k->pci.revision = template->pci.revision;
> +k->pci.class_id = PCI_CLASS_SERIAL_USB;
>  dc->vmsd = &vmstate_ehci;
>  dc->props = ehci_properties;
>  }
>  
> -static TypeInfo ich9_ehci_info = {
> -.name  = "ich9-usb-ehci1",
> -.parent= TYPE_PCI_DEVICE,
> -.instance_size = sizeof(EHCIState),
> -.class_init= ich9_ehci_class_init,
> +static TypeInfo ehci_info[] = {

Can this still be made const despite the embedded class_data?

> +{
> +.name  = "usb-ehci",
> +.parent= TYPE_PCI_DEVICE,
> +.instance_size = sizeof(EHCIState),
> +.class_init= ehci_class_init,
> +.class_size= sizeof(EHCIPCIClass),
> +.class_data= (EHCIPCIClass[]) {{
> +.pci.vendor_id = PCI_VENDOR_ID_INTEL,
> +.pci.device_id = PCI_DEVICE_ID_INTEL_82801D,
> +.pci.revision  = 0x10,
> +} }
> +}, {
> +.name  = "ich9-usb-ehci1",

Do we have a suitable header to introduce TYPE_* constants for these
while at it? That would benefit q35.

Andreas

> +.parent= TYPE_PCI_DEVICE,
> +.instance_size = sizeof(EHCIState),
> +.class_init= ehci_class_init,
> +.class_size= sizeof(EHCIPCIClass),
> +.class_data= (EHCIPCIClass[]) {{
> +.pci.vendor_id = PCI_VENDOR_ID_INTEL,
> +.pci.device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1,
> +.pci.revision  = 0x03,
> +} }
> +},
>  };
>  
>  static int usb_ehci_initfn(PCIDevice *dev)
> @@ -2769,8 +2772,11 @@ static int usb_ehci_initfn(PCIDevice *dev)
>  
>  static void ehci_register_types(void)
>  {
> -type_register_static(&ehci_info);
> -type_register_static(&ich9_ehci_info);
> +int i;
> +
> +for (i = 0; i < ARRAY_SIZE(ehci_info); i++) {
> +type_register_static(&ehci_info[i]);
> +}
>  }
>  
>  type_init(ehci_register_types)
> 


-- 
SUSE LINUX Products GmbH

Re: [Qemu-devel] [PATCH v5 1/2] pl330: Initial version

[Igor Mitsyanko]

Good day, Peter)

On 10/29/2012 10:35 AM, Peter Crosthwaite wrote:

Device model for Primecell PL330 dma controller.

+
+static Property pl330_properties[] = {
+/* CR0 */
+DEFINE_PROP_UINT8("num_chnls", PL330, num_chnls, 8),
+DEFINE_PROP_UINT8("num_periph_req", PL330, num_periph_req, 8),
+DEFINE_PROP_UINT8("num_events", PL330, num_events, 8),
+DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330, mgr_ns_at_rst, 0),
+/* CR1 */
+DEFINE_PROP_UINT8("i-cache_len", PL330, i_cache_len, 4),
+DEFINE_PROP_UINT8("num_i-cache_lines", PL330, num_i_cache_lines, 8),
+
+DEFINE_PROP_UINT8("mgr_ns_at_rst", PL330, mgr_ns_at_rst, 0),


That's a duplicate, you had the same property three rows before.


+
+/* CR2-4 */
+DEFINE_PROP_UINT32("boot_addr", PL330, cfg[CFG_BOOT_ADDR], 0),
+DEFINE_PROP_UINT32("INS", PL330, cfg[CFG_INS], 0),
+DEFINE_PROP_UINT32("PNS", PL330, cfg[CFG_PNS], 0),
+/* CRD */
+DEFINE_PROP_UINT8("data_width", PL330, data_width, 0),


You do not decode this value in pl330_init() like you do for, for 
example, i_cache_len property. I think default value
here should be 32, which corresponds to 0b010 in LSB of CRD register. 
And you should also check for reserved

values of this property and, perhaps, hw_error() on them.


+DEFINE_PROP_UINT8("wr_cap", PL330, wr_cap, 0),
+DEFINE_PROP_UINT8("wr_q_dep", PL330, wr_q_dep, 0),
+DEFINE_PROP_UINT8("rd_cap", PL330, rd_cap, 0),
+DEFINE_PROP_UINT8("rd_q_dep", PL330, rd_q_dep, 0),
+DEFINE_PROP_UINT16("data_buffer_dep", PL330, data_buffer_dep, 0),
+
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pl330_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+k->init = pl330_init;
+dc->reset = pl330_reset;
+dc->props = pl330_properties;
+dc->vmsd = &vmstate_pl330;
+}
+
+static const TypeInfo pl330_type_info = {
+.name   = "pl330",
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size  = sizeof(PL330),
+.class_init  = pl330_class_init,
+};
+
+static void pl330_register_types(void)
+{
+type_register_static(&pl330_type_info);
+}
+
+type_init(pl330_register_types)


--
Mitsyanko Igor
ASWG, Moscow R&D center, Samsung Electronics
email: i.mitsya...@samsung.com

Re: [Qemu-devel] [patch v5 6/8] memory: make mmio dispatch able to be out of biglock

[Avi Kivity]

On 10/29/2012 01:48 AM, Liu Ping Fan wrote:
> Without biglock, we try to protect the mr by increase refcnt.
> If we can inc refcnt, go backward and resort to biglock.
> 
> Another point is memory radix-tree can be flushed by another
> thread, so we should get the copy of terminal mr to survive
> from such issue.
> 

> +static bool memory_region_section_ref(MemoryRegionSection *mrs)
> +{
> +MemoryRegion *mr;
> +bool ret = false;
> +
> +mr = mrs->mr;
> +if (mr->ops && mr->ops->ref) {
> +ret = mr->ops->ref(mr);

I still don't see why ->ref() needs to return something.

> +}
> +return ret;
> +}
> +
>  
>  while (len > 0) {
>  page = addr & TARGET_PAGE_MASK;
>  l = (page + TARGET_PAGE_SIZE) - addr;
>  if (l > len)
>  l = len;
> -section = phys_page_find(d, page >> TARGET_PAGE_BITS);
> +
> +if (as->lock) {
> +qemu_mutex_lock(as->lock);
> +safe_ref = memory_region_section_lookup_ref(d, page, &obj_mrs);
> +qemu_mutex_unlock(as->lock);
> +if (!safe_ref) {
> +qemu_mutex_lock_iothread();
> +qemu_mutex_lock(as->lock);
> +/* when 2nd try, mem map can change, need to judge it again 
> */
> +safe_ref = memory_region_section_lookup_ref(d, page, 
> &obj_mrs);
> +qemu_mutex_unlock(as->lock);
> +if (safe_ref) {
> +qemu_mutex_unlock_iothread();
> +}
> +}
> +} else {
> +/* Caller hold the big lock */
> +memory_region_section_lookup_ref(d, page, &obj_mrs);

It's not a property of the address space, it's a property of the caller.

> +}
> +section = &obj_mrs;
>  
>  if (is_write) {
>  if (!memory_region_is_ram(section->mr)) {


-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH v3 0/8] Sysbus EHCI + Zynq USB.

[Gerd Hoffmann]

On 10/29/12 09:53, Andreas Färber wrote:
> Am 29.10.2012 08:48, schrieb Gerd Hoffmann:
>> On 10/29/12 02:34, Peter Crosthwaite wrote:
>>> Added Sysbus variant of EHCI and attached it to Xilinx Zynq. The EHCI stuff 
>>> is going to useful for Tegra too.
>>
>> Patch series added to usb patch queue.
> 
> Wasn't there resistance against dma_context_memory in the other thread,
> which this series is based on?

Avi acked it, resistance was more on the matter-of-taste level, and it
is a bug which needs fixing.  So I think it is ok to include.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v1 1/1] m68k: Return semihosting errno values correctly

[Peter Maydell]

I just noticed this patch never got applied by anybody
(and alas it now needs a refresh because the file was renamed
in the interim.)

-- PMM

On 27 March 2012 16:43, Peter Maydell  wrote:
> This patch is simple enough (and m68k unmaintained enough)
> that it could reasonably go through qemu-trivial I think.
>
> -- PMM
>
> On 27 March 2012 16:07, Meador Inge  wrote:
>> Ping.
>>
>> On 02/24/2012 04:53 PM, Andreas Färber wrote:
>>> Am 24.02.2012 23:18, schrieb Meador Inge:
 Fixing a simple typo, s/errno/err/, that caused
 the error status from GDB semihosted system calls
 to be returned incorrectly.

 Signed-off-by: Meador Inge 
>>>
>>> Nice catch!
>>>
>>> Reviewed-by: Andreas Färber 
>>>
>>> Andreas
>>>
 ---
  m68k-semi.c |2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

 diff --git a/m68k-semi.c b/m68k-semi.c
 index bab01ee..6d60ced 100644
 --- a/m68k-semi.c
 +++ b/m68k-semi.c
 @@ -150,7 +150,7 @@ static void m68k_semi_cb(CPUState *env, target_ulong 
 ret, target_ulong err)
  }
  /* FIXME - handle put_user() failure */
  put_user_u32(ret, args);
 -put_user_u32(errno, args + 4);
 +put_user_u32(err, args + 4);
  }

  #define ARG(n)  \
>>>
>>
>>
>> --
>> Meador Inge
>> CodeSourcery / Mentor Embedded
>> http://www.mentor.com/embedded-software
>>

Re: [Qemu-devel] [patch v5 5/8] memory: introduce local lock for address space

[liu ping fan]

On Mon, Oct 29, 2012 at 5:32 PM, Avi Kivity  wrote:
> On 10/29/2012 01:48 AM, Liu Ping Fan wrote:
>> For those address spaces which want to be able out of big lock, they
>> will be protected by their own local.
>>
>> Signed-off-by: Liu Ping Fan 
>> ---
>>  memory.c |   11 ++-
>>  memory.h |5 -
>>  2 files changed, 14 insertions(+), 2 deletions(-)
>>
>> diff --git a/memory.c b/memory.c
>> index 2f68d67..ff34aed 100644
>> --- a/memory.c
>> +++ b/memory.c
>> @@ -1532,9 +1532,15 @@ void memory_listener_unregister(MemoryListener 
>> *listener)
>>  QTAILQ_REMOVE(&memory_listeners, listener, link);
>>  }
>>
>> -void address_space_init(AddressSpace *as, MemoryRegion *root)
>> +void address_space_init(AddressSpace *as, MemoryRegion *root, bool lock)
>
>
> Why not always use the lock?  Even if the big lock is taken, it doesn't
> hurt.  And eventually all address spaces will be fine-grained.
>
I had thought only mmio is out of big lock's protection. While others
address space will take extra expense. So leave them until they are
ready to be out of big lock.

>>  {
>>  memory_region_transaction_begin();
>> +if (lock) {
>> +as->lock = g_new(QemuMutex, 1);
>> +qemu_mutex_init(as->lock);
>> +} else {
>> +as->lock = NULL;
>> +}
>>  as->root = root;
>>  as->current_map = g_new(FlatView, 1);
>>  flatview_init(as->current_map);
>> @@ -1553,6 +1559,9 @@ void address_space_destroy(AddressSpace *as)
>>  QTAILQ_REMOVE(&address_spaces, as, address_spaces_link);
>>  address_space_destroy_dispatch(as);
>>  flatview_destroy(as->current_map);
>> +if (as->lock) {
>> +g_free(as->lock);
>> +}
>>  g_free(as->current_map);
>>  }
>>
>> diff --git a/memory.h b/memory.h
>> index 79393f1..12d1c56 100644
>> --- a/memory.h
>> +++ b/memory.h
>> @@ -22,6 +22,7 @@
>>  #include "cpu-common.h"
>>  #include "targphys.h"
>>  #include "qemu-queue.h"
>> +#include "qemu-thread.h"
>>  #include "iorange.h"
>>  #include "ioport.h"
>>  #include "int128.h"
>> @@ -164,6 +165,7 @@ typedef struct AddressSpace AddressSpace;
>>   */
>>  struct AddressSpace {
>>  /* All fields are private. */
>> +QemuMutex *lock;
>>  const char *name;
>>  MemoryRegion *root;
>>  struct FlatView *current_map;
>> @@ -801,8 +803,9 @@ void mtree_info(fprintf_function mon_printf, void *f);
>>   *
>>   * @as: an uninitialized #AddressSpace
>>   * @root: a #MemoryRegion that routes addesses for the address space
>> + * @lock: if true, the physmap protected by local lock, otherwise big lock
>>   */
>> -void address_space_init(AddressSpace *as, MemoryRegion *root);
>> +void address_space_init(AddressSpace *as, MemoryRegion *root, bool lock);
>>
>>
>>  /**
>>
>
>
> --
> error compiling committee.c: too many arguments to function
>

Re: [Qemu-devel] [Qemu-trivial] [PATCH] cadence_uart: More debug information

[Stefan Hajnoczi]

On Fri, Oct 19, 2012 at 07:08:04PM +1000, Peter Crosthwaite wrote:
> Add more helpful debug information to the cadence UART.
> 
> Signed-off-by: Peter Crosthwaite 
> ---
>  hw/cadence_uart.c |   11 +++
>  1 files changed, 7 insertions(+), 4 deletions(-)

Thanks, applied to the trivial patches tree:
https://github.com/stefanha/qemu/commits/trivial-patches

Stefan

Re: [Qemu-devel] [Qemu-trivial] [PATCH] configure: Remove stray debug output

[Stefan Hajnoczi]

On Sat, Oct 20, 2012 at 08:37:04PM +0100, Peter Maydell wrote:
> Rather than printing a message saying we're silently falling
> back to gthread coroutines when running on MacOS, actually
> do it silently.
> 
> Signed-off-by: Peter Maydell 
> ---
> I guess this is a self-falsifying echo :-)
> 
>  configure | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/configure b/configure
> index 9f33c7d..e07baf3 100755
> --- a/configure
> +++ b/configure
> @@ -2900,8 +2900,6 @@ EOF
>  else
>   coroutine_backend=gthread
>  fi
> -  else
> -echo "Silently falling back into gthread backend under darwin"
>fi

Is there a reason to remove the echo?

Stefan

Re: [Qemu-devel] [PATCH v2 0/6] static patches

[Stefan Hajnoczi]

On Sun, Oct 28, 2012 at 11:04:45AM +, Blue Swirl wrote:
> v2: extract function removal patches, skip ARM
> 
> Blue Swirl (6):
>   target-sparc: make do_unaligned_access static
>   vl.c: add missing static
>   vnc: add missing static
>   ppc: add missing static
>   target-ppc: make some functions static
>   exec: make some functions static
> 
>  console.h  |2 --
>  cpu-common.h   |5 -
>  exec-all.h |2 --
>  exec.c |   15 +--
>  hw/adb.c   |8 
>  hw/adb.h   |4 
>  hw/nvram.h |   10 +-
>  hw/ppc.c   |   16 
>  memory-internal.h  |2 --
>  sysemu.h   |5 -
>  target-ppc/cpu.h   |7 ---
>  target-ppc/mmu_helper.c|   11 ++-
>  target-sparc/cpu.h |3 ---
>  target-sparc/ldst_helper.c |8 ++--
>  ui/vnc-jobs.c  |   10 +-
>  ui/vnc-jobs.h  |1 -
>  ui/vnc.c   |   14 +++---
>  ui/vnc.h   |5 -
>  vl.c   |   21 -
>  19 files changed, 58 insertions(+), 91 deletions(-)
> 
> -- 
> 1.7.2.5
> 
> 

Waiting a bit before merging so experts in the various areas touched can
take a look.

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [Qemu-trivial] [PATCH] configure: Remove stray debug output

[Peter Maydell]

On 29 October 2012 09:54, Stefan Hajnoczi  wrote:
> On Sat, Oct 20, 2012 at 08:37:04PM +0100, Peter Maydell wrote:
>> Rather than printing a message saying we're silently falling
>> back to gthread coroutines when running on MacOS, actually
>> do it silently.
>>
>> Signed-off-by: Peter Maydell 
>> ---
>> I guess this is a self-falsifying echo :-)
>>
>>  configure | 2 --
>>  1 file changed, 2 deletions(-)
>>
>> diff --git a/configure b/configure
>> index 9f33c7d..e07baf3 100755
>> --- a/configure
>> +++ b/configure
>> @@ -2900,8 +2900,6 @@ EOF
>>  else
>>   coroutine_backend=gthread
>>  fi
>> -  else
>> -echo "Silently falling back into gthread backend under darwin"
>>fi
>
> Is there a reason to remove the echo?

1. Nothing else in configure prints progress messages during the
   testing phase
2. The echo is by definition printing something that's false
3. We print the chosen coroutine backend at the end as part of
   the standard "what did configure do?" output block, so removing
   this echo loses no information

-- PMM

Re: [Qemu-devel] [Qemu-trivial] [PATCH v1 1/1] m68k: Return semihosting errno values correctly

[Stefan Hajnoczi]

On Mon, Oct 29, 2012 at 10:42 AM, Peter Maydell
 wrote:
> I just noticed this patch never got applied by anybody
> (and alas it now needs a refresh because the file was renamed
> in the interim.)

Merged, thanks!

https://github.com/stefanha/qemu/commits/trivial-patches

Please CC qemu-trivial when suggesting a patch goes through the trivial queue.

Stefan

[Qemu-devel] [PATCH 01/22] Remove TARGET_PHYS_ADDR_BITS define completely

[Alexander Graf]

From: Peter Maydell 

Following commit 4be403c81 TARGET_PHYS_ADDR_BITS is always 64,
and it's only used in one place (that commit removed all the
other uses). Remove it completely, to avoid confusion with
the genuinely useful TARGET_PHYS_ADDR_SPACE_BITS.

Signed-off-by: Peter Maydell 
Signed-off-by: Alexander Graf 
---
 target-ppc/mmu_helper.c |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index 4a9bb5b..811f47f 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -1509,10 +1509,8 @@ static void mmubooke_dump_mmu(FILE *f, fprintf_function 
cpu_fprintf,
 mask = ~(entry->size - 1);
 ea = entry->EPN & mask;
 pa = entry->RPN & mask;
-#if (TARGET_PHYS_ADDR_SPACE_BITS >= 36)
 /* Extend the physical address to 36 bits */
 pa |= (hwaddr)(entry->RPN & 0xF) << 32;
-#endif
 size /= 1024;
 if (size >= 1024) {
 snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "M", size / 1024);
-- 
1.6.0.2

[Qemu-devel] [PULL 00/22] ppc patch queue 2012-10-29

[Alexander Graf]

Hi Blue / Aurelien,

This is my current patch queue for ppc.  Please pull.

Alex


The following changes since commit 50cd72148211c5e5f22ea2519d19ce024226e61f:
  Max Filippov (1):
hw/xtensa_sim: get rid of intermediate xtensa_sim_init

are available in the git repository at:

  git://repo.or.cz/qemu/agraf.git ppc-for-upstream

Alexander Graf (16):
  PPC: Bamboo: Fix memory size DT property
  PPC: 440: Emulate DCBR0
  ac97: convert PIO to new memory api read/write
  virtio-pci: convert PIO to new memory api read/write
  es1370: convert PIO to new memory api read/write
  i8254: convert PIO to new memory api read/write
  m48t59: convert PIO to new memory api read/write
  mc146818rtc: convert PIO to new memory api read/write
  pc port92: convert PIO to new memory api read/write
  pckbd: convert PIO to new memory api read/write
  rtl8139: convert PIO to new memory api read/write
  serial: convert PIO to new memory api read/write
  vmport: convert PIO to new memory api read/write
  xen_platform: convert PIO to new memory api read/write
  PPC: e500: Map PIO space into core memory region
  PPC: pseries: Remove hack for PIO window

Bharat Bhushan (1):
  e500: Fix serial initialization

David Gibson (3):
  pseries: Don't allow duplicate registration of hcalls or RTAS calls
  target-ppc: Rework storage of VPA registration state
  pseries: Implement qemu initiated shutdowns using EPOW events

Peter Maydell (1):
  Remove TARGET_PHYS_ADDR_BITS define completely

zhlci...@gmail.com (1):
  Add USB option in machine options

 hw/ac97.c   |  109 ---
 hw/es1370.c |   46 +--
 hw/i8254.c  |   20 ++--
 hw/m48t59.c |   24 ++--
 hw/mc146818rtc.c|   19 ++-
 hw/nseries.c|3 +-
 hw/pc.c |   19 ++-
 hw/pc_piix.c|2 +-
 hw/pckbd.c  |   48 ---
 hw/ppc/Makefile.objs|1 +
 hw/ppc/e500.c   |5 +-
 hw/ppc440_bamboo.c  |2 +-
 hw/ppc_newworld.c   |   19 +--
 hw/ppc_oldworld.c   |2 +-
 hw/ppc_prep.c   |2 +-
 hw/ppce500_pci.c|9 +-
 hw/pxa2xx.c |4 +-
 hw/realview.c   |2 +-
 hw/rtl8139.c|   78 +--
 hw/serial.c |   30 +++--
 hw/spapr.c  |   16 ++-
 hw/spapr.h  |8 +
 hw/spapr_events.c   |  321 +++
 hw/spapr_hcall.c|   29 ++--
 hw/spapr_pci.c  |   44 +--
 hw/spapr_pci.h  |2 +-
 hw/spapr_rtas.c |9 ++
 hw/versatilepb.c|2 +-
 hw/virtio-pci.c |  126 +++--
 hw/vmport.c |   21 ++--
 hw/xen_platform.c   |   48 +--
 qemu-config.c   |4 +
 sysemu.h|4 +-
 target-ppc/cpu.h|7 +-
 target-ppc/mmu_helper.c |2 -
 target-ppc/translate_init.c |9 +-
 vl.c|   30 -
 37 files changed, 785 insertions(+), 341 deletions(-)
 create mode 100644 hw/spapr_events.c

[Qemu-devel] [PATCH 10/22] virtio-pci: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/virtio-pci.c |  126 +-
 1 files changed, 49 insertions(+), 77 deletions(-)

diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index c7f20c3..9603150 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -374,79 +374,39 @@ static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, 
uint32_t addr)
 return ret;
 }
 
-static uint32_t virtio_pci_config_readb(void *opaque, uint32_t addr)
-{
-VirtIOPCIProxy *proxy = opaque;
-uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-if (addr < config)
-return virtio_ioport_read(proxy, addr);
-addr -= config;
-return virtio_config_readb(proxy->vdev, addr);
-}
-
-static uint32_t virtio_pci_config_readw(void *opaque, uint32_t addr)
-{
-VirtIOPCIProxy *proxy = opaque;
-uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-uint16_t val;
-if (addr < config)
-return virtio_ioport_read(proxy, addr);
-addr -= config;
-val = virtio_config_readw(proxy->vdev, addr);
-if (virtio_is_big_endian()) {
-/*
- * virtio is odd, ioports are LE but config space is target native
- * endian. However, in qemu, all PIO is LE, so we need to re-swap
- * on BE targets
- */
-val = bswap16(val);
-}
-return val;
-}
-
-static uint32_t virtio_pci_config_readl(void *opaque, uint32_t addr)
-{
-VirtIOPCIProxy *proxy = opaque;
-uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-uint32_t val;
-if (addr < config)
-return virtio_ioport_read(proxy, addr);
-addr -= config;
-val = virtio_config_readl(proxy->vdev, addr);
-if (virtio_is_big_endian()) {
-val = bswap32(val);
-}
-return val;
-}
-
-static void virtio_pci_config_writeb(void *opaque, uint32_t addr, uint32_t val)
+static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
+   unsigned size)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
+uint64_t val = 0;
 if (addr < config) {
-virtio_ioport_write(proxy, addr, val);
-return;
+return virtio_ioport_read(proxy, addr);
 }
 addr -= config;
-virtio_config_writeb(proxy->vdev, addr, val);
-}
 
-static void virtio_pci_config_writew(void *opaque, uint32_t addr, uint32_t val)
-{
-VirtIOPCIProxy *proxy = opaque;
-uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-if (addr < config) {
-virtio_ioport_write(proxy, addr, val);
-return;
-}
-addr -= config;
-if (virtio_is_big_endian()) {
-val = bswap16(val);
+switch (size) {
+case 1:
+val = virtio_config_readb(proxy->vdev, addr);
+break;
+case 2:
+val = virtio_config_readw(proxy->vdev, addr);
+if (virtio_is_big_endian()) {
+val = bswap16(val);
+}
+break;
+case 4:
+val = virtio_config_readl(proxy->vdev, addr);
+if (virtio_is_big_endian()) {
+val = bswap32(val);
+}
+break;
 }
-virtio_config_writew(proxy->vdev, addr, val);
+return val;
 }
 
-static void virtio_pci_config_writel(void *opaque, uint32_t addr, uint32_t val)
+static void virtio_pci_config_write(void *opaque, hwaddr addr,
+uint64_t val, unsigned size)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
@@ -455,24 +415,36 @@ static void virtio_pci_config_writel(void *opaque, 
uint32_t addr, uint32_t val)
 return;
 }
 addr -= config;
-if (virtio_is_big_endian()) {
-val = bswap32(val);
+/*
+ * Virtio-PCI is odd. Ioports are LE but config space is target native
+ * endian.
+ */
+switch (size) {
+case 1:
+virtio_config_writeb(proxy->vdev, addr, val);
+break;
+case 2:
+if (virtio_is_big_endian()) {
+val = bswap16(val);
+}
+virtio_config_writew(proxy->vdev, addr, val);
+break;
+case 4:
+if (virtio_is_big_endian()) {
+val = bswap32(val);
+}
+virtio_config_writel(proxy->vdev, addr, val);
+break;
 }
-virtio_config_writel(proxy->vdev, addr, val);
 }
 
-static const MemoryRegionPortio virtio_portio[] = {
-{ 0, 0x1, 1, .write = virtio_pci_config_writeb, },
-{ 0, 0x1, 2, .write = virtio_pci_config_writew, },
-{ 0, 0x1, 4, .write = virtio_pci_config_writel, },
-{ 0, 0x1, 1, .read = virtio_pci_config_readb, },
-{ 0, 0x1, 2, .read = virtio_pci_config_readw, },
-{ 0, 0x1, 4, .read = virtio_pci_config_readl, },
-PORTIO_END_OF_LIST()
-};
-
 static const MemoryRegionOps virtio_pci_config_ops = {
-.old_portio = virtio_portio,
+.read = virtio_pci_config_read,
+.write = virtio_pci_config_write,
+.impl = {
+.min_access_size = 1,
+   

[Qemu-devel] [PATCH 17/22] rtl8139: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/rtl8139.c |   78 ++---
 1 files changed, 36 insertions(+), 42 deletions(-)

diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 10ced8b..e3aa8bf 100644
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -3187,38 +3187,6 @@ static uint32_t rtl8139_io_readl(void *opaque, uint8_t 
addr)
 
 /* */
 
-static void rtl8139_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
-{
-rtl8139_io_writeb(opaque, addr & 0xFF, val);
-}
-
-static void rtl8139_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
-{
-rtl8139_io_writew(opaque, addr & 0xFF, val);
-}
-
-static void rtl8139_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
-{
-rtl8139_io_writel(opaque, addr & 0xFF, val);
-}
-
-static uint32_t rtl8139_ioport_readb(void *opaque, uint32_t addr)
-{
-return rtl8139_io_readb(opaque, addr & 0xFF);
-}
-
-static uint32_t rtl8139_ioport_readw(void *opaque, uint32_t addr)
-{
-return rtl8139_io_readw(opaque, addr & 0xFF);
-}
-
-static uint32_t rtl8139_ioport_readl(void *opaque, uint32_t addr)
-{
-return rtl8139_io_readl(opaque, addr & 0xFF);
-}
-
-/* */
-
 static void rtl8139_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
 {
 rtl8139_io_writeb(opaque, addr & 0xFF, val);
@@ -3386,18 +3354,44 @@ static const VMStateDescription vmstate_rtl8139 = {
 /***/
 /* PCI RTL8139 definitions */
 
-static const MemoryRegionPortio rtl8139_portio[] = {
-{ 0, 0x100, 1, .read = rtl8139_ioport_readb, },
-{ 0, 0x100, 1, .write = rtl8139_ioport_writeb, },
-{ 0, 0x100, 2, .read = rtl8139_ioport_readw, },
-{ 0, 0x100, 2, .write = rtl8139_ioport_writew, },
-{ 0, 0x100, 4, .read = rtl8139_ioport_readl, },
-{ 0, 0x100, 4, .write = rtl8139_ioport_writel, },
-PORTIO_END_OF_LIST()
-};
+static void rtl8139_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+switch (size) {
+case 1:
+rtl8139_io_writeb(opaque, addr, val);
+break;
+case 2:
+rtl8139_io_writew(opaque, addr, val);
+break;
+case 4:
+rtl8139_io_writel(opaque, addr, val);
+break;
+}
+}
+
+static uint64_t rtl8139_ioport_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+switch (size) {
+case 1:
+return rtl8139_io_readb(opaque, addr);
+case 2:
+return rtl8139_io_readw(opaque, addr);
+case 4:
+return rtl8139_io_readl(opaque, addr);
+}
+
+return -1;
+}
 
 static const MemoryRegionOps rtl8139_io_ops = {
-.old_portio = rtl8139_portio,
+.read = rtl8139_ioport_read,
+.write = rtl8139_ioport_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 06/22] pseries: Don't allow duplicate registration of hcalls or RTAS calls

[Alexander Graf]

From: David Gibson 

Currently the pseries machine code allows a callback to be registered
for a hypercall number twice, as long as it's the same callback the second
time.  We don't test for duplicate registrations of RTAS callbacks at all
so it will effectively be last registratiojn wins.

This was originally done because it was awkward to ensure that the
registration happened exactly once, but the code has since been
restructured so that's no longer the case.

Duplicate registration of a hypercall or RTAS call could well suggest
a duplicate initialization which could cause other problems, so this patch
makes duplicate registrations a bug, to prevent the old behaviour from
hiding other bugs.

Signed-off-by: David Gibson 
Signed-off-by: Alexander Graf 
---
 hw/spapr_hcall.c |3 +--
 hw/spapr_rtas.c  |9 +
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/spapr_hcall.c b/hw/spapr_hcall.c
index 194d9c2..762493a 100644
--- a/hw/spapr_hcall.c
+++ b/hw/spapr_hcall.c
@@ -670,11 +670,10 @@ void spapr_register_hypercall(target_ulong opcode, 
spapr_hcall_fn fn)
 } else {
 assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX));
 
-
 slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE];
 }
 
-assert(!(*slot) || (fn == *slot));
+assert(!(*slot));
 *slot = fn;
 }
 
diff --git a/hw/spapr_rtas.c b/hw/spapr_rtas.c
index 67da27b..ce76c58 100644
--- a/hw/spapr_rtas.c
+++ b/hw/spapr_rtas.c
@@ -241,6 +241,15 @@ target_ulong spapr_rtas_call(sPAPREnvironment *spapr,
 
 void spapr_rtas_register(const char *name, spapr_rtas_fn fn)
 {
+int i;
+
+for (i = 0; i < (rtas_next - rtas_table); i++) {
+if (strcmp(name, rtas_table[i].name) == 0) {
+fprintf(stderr, "RTAS call \"%s\" registered twice\n", name);
+exit(1);
+}
+}
+
 assert(rtas_next < (rtas_table + TOKEN_MAX));
 
 rtas_next->name = name;
-- 
1.6.0.2

[Qemu-devel] [PATCH 05/22] Add USB option in machine options

[Alexander Graf]

From: zhlci...@gmail.com 

When -usb option is used, global varible usb_enabled is set.
And all the plaform will create one USB controller according
to this variable. In fact, global varibles make code hard
to read.

So this patch is to remove global variable usb_enabled and
add USB option in machine options. All the plaforms will get
USB option value from machine options.

USB option of machine options will be set either by:
  * -usb
  * -machine type=pseries,usb=on

Both these ways can work now. They both set USB option in
machine options. In the future, the first way will be removed.

Signed-off-by: Li Zhang 
Acked-by: Alexander Graf 
Signed-off-by: Alexander Graf 
---
 hw/nseries.c  |3 ++-
 hw/pc_piix.c  |2 +-
 hw/ppc_newworld.c |   19 +++
 hw/ppc_oldworld.c |2 +-
 hw/ppc_prep.c |2 +-
 hw/pxa2xx.c   |4 ++--
 hw/realview.c |2 +-
 hw/spapr.c|2 +-
 hw/versatilepb.c  |2 +-
 qemu-config.c |4 
 sysemu.h  |4 +++-
 vl.c  |   30 --
 12 files changed, 48 insertions(+), 28 deletions(-)

diff --git a/hw/nseries.c b/hw/nseries.c
index 7ada90d..9306aa1 100644
--- a/hw/nseries.c
+++ b/hw/nseries.c
@@ -1334,8 +1334,9 @@ static void n8x0_init(ram_addr_t ram_size, const char 
*boot_device,
 n8x0_dss_setup(s);
 n8x0_cbus_setup(s);
 n8x0_uart_setup(s);
-if (usb_enabled)
+if (usb_enabled(false)) {
 n8x0_usb_setup(s);
+}
 
 if (kernel_filename) {
 /* Or at the linux loader.  */
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 47ebc1a..c7dd75b 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -267,7 +267,7 @@ static void pc_init1(MemoryRegion *system_memory,
 pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,
  floppy, idebus[0], idebus[1], rtc_state);
 
-if (pci_enabled && usb_enabled) {
+if (pci_enabled && usb_enabled(false)) {
 pci_create_simple(pci_bus, piix3_devfn + 2, "piix3-usb-uhci");
 }
 
diff --git a/hw/ppc_newworld.c b/hw/ppc_newworld.c
index 15f74f9..664747e 100644
--- a/hw/ppc_newworld.c
+++ b/hw/ppc_newworld.c
@@ -348,10 +348,6 @@ static void ppc_core99_init(QEMUMachineInitArgs *args)
 ide_mem[1] = pmac_ide_init(hd, pic[0x0d], dbdma, 0x16, pic[0x02]);
 ide_mem[2] = pmac_ide_init(&hd[MAX_IDE_DEVS], pic[0x0e], dbdma, 0x1a, 
pic[0x02]);
 
-/* cuda also initialize ADB */
-if (machine_arch == ARCH_MAC99_U3) {
-usb_enabled = 1;
-}
 cuda_init(&cuda_mem, pic[0x19]);
 
 adb_kbd_init(&adb_bus);
@@ -360,15 +356,14 @@ static void ppc_core99_init(QEMUMachineInitArgs *args)
 macio_init(pci_bus, PCI_DEVICE_ID_APPLE_UNI_N_KEYL, 0, pic_mem,
dbdma_mem, cuda_mem, NULL, 3, ide_mem, escc_bar);
 
-if (usb_enabled) {
+if (usb_enabled(machine_arch == ARCH_MAC99_U3)) {
 pci_create_simple(pci_bus, -1, "pci-ohci");
-}
-
-/* U3 needs to use USB for input because Linux doesn't support via-cuda
-   on PPC64 */
-if (machine_arch == ARCH_MAC99_U3) {
-usbdevice_create("keyboard");
-usbdevice_create("mouse");
+/* U3 needs to use USB for input because Linux doesn't support via-cuda
+on PPC64 */
+if (machine_arch == ARCH_MAC99_U3) {
+usbdevice_create("keyboard");
+usbdevice_create("mouse");
+}
 }
 
 if (graphic_depth != 15 && graphic_depth != 32 && graphic_depth != 8)
diff --git a/hw/ppc_oldworld.c b/hw/ppc_oldworld.c
index a4f899d..e8138c0 100644
--- a/hw/ppc_oldworld.c
+++ b/hw/ppc_oldworld.c
@@ -286,7 +286,7 @@ static void ppc_heathrow_init(QEMUMachineInitArgs *args)
 macio_init(pci_bus, PCI_DEVICE_ID_APPLE_343S1201, 1, pic_mem,
dbdma_mem, cuda_mem, nvr, 2, ide_mem, escc_bar);
 
-if (usb_enabled) {
+if (usb_enabled(false)) {
 pci_create_simple(pci_bus, -1, "pci-ohci");
 }
 
diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c
index 085851a..bf15730 100644
--- a/hw/ppc_prep.c
+++ b/hw/ppc_prep.c
@@ -661,7 +661,7 @@ static void ppc_prep_init(QEMUMachineInitArgs *args)
 memory_region_add_subregion(sysmem, 0xFEFF, xcsr);
 #endif
 
-if (usb_enabled) {
+if (usb_enabled(false)) {
 pci_create_simple(pci_bus, -1, "pci-ohci");
 }
 
diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c
index 0fb2179..e616979 100644
--- a/hw/pxa2xx.c
+++ b/hw/pxa2xx.c
@@ -2108,7 +2108,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
 s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
 }
 
-if (usb_enabled) {
+if (usb_enabled(false)) {
 sysbus_create_simple("sysbus-ohci", 0x4c00,
 qdev_get_gpio_in(s->pic, PXA2XX_PIC_USBH1));
 }
@@ -2239,7 +2239,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space, 
unsigned int sdram_size)
 s->ssp[i] = (SSIBus *)qdev_get_child_bus(dev, "ssi");
 }
 
-if (usb_enabled) {
+if (usb_enabled(false)) {
 sysb

[Qemu-devel] [PATCH 14/22] mc146818rtc: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/mc146818rtc.c |   19 +++
 1 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/hw/mc146818rtc.c b/hw/mc146818rtc.c
index 332a77d..98839f2 100644
--- a/hw/mc146818rtc.c
+++ b/hw/mc146818rtc.c
@@ -383,7 +383,8 @@ static void rtc_update_timer(void *opaque)
 check_update_timer(s);
 }
 
-static void cmos_ioport_write(void *opaque, uint32_t addr, uint32_t data)
+static void cmos_ioport_write(void *opaque, hwaddr addr,
+  uint64_t data, unsigned size)
 {
 RTCState *s = opaque;
 
@@ -595,7 +596,8 @@ static int update_in_progress(RTCState *s)
 return 0;
 }
 
-static uint32_t cmos_ioport_read(void *opaque, uint32_t addr)
+static uint64_t cmos_ioport_read(void *opaque, hwaddr addr,
+ unsigned size)
 {
 RTCState *s = opaque;
 int ret;
@@ -769,13 +771,14 @@ static void rtc_reset(void *opaque)
 #endif
 }
 
-static const MemoryRegionPortio cmos_portio[] = {
-{0, 2, 1, .read = cmos_ioport_read, .write = cmos_ioport_write },
-PORTIO_END_OF_LIST(),
-};
-
 static const MemoryRegionOps cmos_ops = {
-.old_portio = cmos_portio
+.read = cmos_ioport_read,
+.write = cmos_ioport_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void rtc_get_date(Object *obj, Visitor *v, void *opaque,
-- 
1.6.0.2

[Qemu-devel] [PATCH 12/22] i8254: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/i8254.c |   20 +++-
 1 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/hw/i8254.c b/hw/i8254.c
index 77bd5e8..bea5f92 100644
--- a/hw/i8254.c
+++ b/hw/i8254.c
@@ -111,7 +111,8 @@ static void pit_latch_count(PITChannelState *s)
 }
 }
 
-static void pit_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+static void pit_ioport_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
 {
 PITCommonState *pit = opaque;
 int channel, access;
@@ -178,7 +179,8 @@ static void pit_ioport_write(void *opaque, uint32_t addr, 
uint32_t val)
 }
 }
 
-static uint32_t pit_ioport_read(void *opaque, uint32_t addr)
+static uint64_t pit_ioport_read(void *opaque, hwaddr addr,
+unsigned size)
 {
 PITCommonState *pit = opaque;
 int ret, count;
@@ -290,14 +292,14 @@ static void pit_irq_control(void *opaque, int n, int 
enable)
 }
 }
 
-static const MemoryRegionPortio pit_portio[] = {
-{ 0, 4, 1, .write = pit_ioport_write },
-{ 0, 3, 1, .read = pit_ioport_read },
-PORTIO_END_OF_LIST()
-};
-
 static const MemoryRegionOps pit_ioport_ops = {
-.old_portio = pit_portio
+.read = pit_ioport_read,
+.write = pit_ioport_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void pit_post_load(PITCommonState *s)
-- 
1.6.0.2

[Qemu-devel] [PATCH 15/22] pc port92: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/pc.c |   19 +++
 1 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/hw/pc.c b/hw/pc.c
index 16de04c..a02b397 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -421,7 +421,8 @@ typedef struct Port92State {
 qemu_irq *a20_out;
 } Port92State;
 
-static void port92_write(void *opaque, uint32_t addr, uint32_t val)
+static void port92_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
 {
 Port92State *s = opaque;
 
@@ -433,7 +434,8 @@ static void port92_write(void *opaque, uint32_t addr, 
uint32_t val)
 }
 }
 
-static uint32_t port92_read(void *opaque, uint32_t addr)
+static uint64_t port92_read(void *opaque, hwaddr addr,
+unsigned size)
 {
 Port92State *s = opaque;
 uint32_t ret;
@@ -468,13 +470,14 @@ static void port92_reset(DeviceState *d)
 s->outport &= ~1;
 }
 
-static const MemoryRegionPortio port92_portio[] = {
-{ 0, 1, 1, .read = port92_read, .write = port92_write },
-PORTIO_END_OF_LIST(),
-};
-
 static const MemoryRegionOps port92_ops = {
-.old_portio = port92_portio
+.read = port92_read,
+.write = port92_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static int port92_initfn(ISADevice *dev)
-- 
1.6.0.2

[Qemu-devel] [PATCH 16/22] pckbd: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/pckbd.c |   48 +++-
 1 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/hw/pckbd.c b/hw/pckbd.c
index 000c7f0..5bb3e0a 100644
--- a/hw/pckbd.c
+++ b/hw/pckbd.c
@@ -194,7 +194,8 @@ static void kbd_update_aux_irq(void *opaque, int level)
 kbd_update_irq(s);
 }
 
-static uint32_t kbd_read_status(void *opaque, uint32_t addr)
+static uint64_t kbd_read_status(void *opaque, hwaddr addr,
+unsigned size)
 {
 KBDState *s = opaque;
 int val;
@@ -223,7 +224,8 @@ static void outport_write(KBDState *s, uint32_t val)
 }
 }
 
-static void kbd_write_command(void *opaque, uint32_t addr, uint32_t val)
+static void kbd_write_command(void *opaque, hwaddr addr,
+  uint64_t val, unsigned size)
 {
 KBDState *s = opaque;
 
@@ -303,12 +305,13 @@ static void kbd_write_command(void *opaque, uint32_t 
addr, uint32_t val)
 /* ignore that */
 break;
 default:
-fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", val);
+fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", (int)val);
 break;
 }
 }
 
-static uint32_t kbd_read_data(void *opaque, uint32_t addr)
+static uint64_t kbd_read_data(void *opaque, hwaddr addr,
+  unsigned size)
 {
 KBDState *s = opaque;
 uint32_t val;
@@ -322,7 +325,8 @@ static uint32_t kbd_read_data(void *opaque, uint32_t addr)
 return val;
 }
 
-static void kbd_write_data(void *opaque, uint32_t addr, uint32_t val)
+static void kbd_write_data(void *opaque, hwaddr addr,
+   uint64_t val, unsigned size)
 {
 KBDState *s = opaque;
 
@@ -385,9 +389,9 @@ static uint32_t kbd_mm_readb (void *opaque, hwaddr addr)
 KBDState *s = opaque;
 
 if (addr & s->mask)
-return kbd_read_status(s, 0) & 0xff;
+return kbd_read_status(s, 0, 1) & 0xff;
 else
-return kbd_read_data(s, 0) & 0xff;
+return kbd_read_data(s, 0, 1) & 0xff;
 }
 
 static void kbd_mm_writeb (void *opaque, hwaddr addr, uint32_t value)
@@ -395,9 +399,9 @@ static void kbd_mm_writeb (void *opaque, hwaddr addr, 
uint32_t value)
 KBDState *s = opaque;
 
 if (addr & s->mask)
-kbd_write_command(s, 0, value & 0xff);
+kbd_write_command(s, 0, value & 0xff, 1);
 else
-kbd_write_data(s, 0, value & 0xff);
+kbd_write_data(s, 0, value & 0xff, 1);
 }
 
 static const MemoryRegionOps i8042_mmio_ops = {
@@ -459,22 +463,24 @@ static const VMStateDescription vmstate_kbd_isa = {
 }
 };
 
-static const MemoryRegionPortio i8042_data_portio[] = {
-{ 0, 1, 1, .read = kbd_read_data, .write = kbd_write_data },
-PORTIO_END_OF_LIST()
-};
-
-static const MemoryRegionPortio i8042_cmd_portio[] = {
-{ 0, 1, 1, .read = kbd_read_status, .write = kbd_write_command },
-PORTIO_END_OF_LIST()
-};
-
 static const MemoryRegionOps i8042_data_ops = {
-.old_portio = i8042_data_portio
+.read = kbd_read_data,
+.write = kbd_write_data,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static const MemoryRegionOps i8042_cmd_ops = {
-.old_portio = i8042_cmd_portio
+.read = kbd_read_status,
+.write = kbd_write_command,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static int i8042_initfn(ISADevice *dev)
-- 
1.6.0.2

[Qemu-devel] [PATCH 07/22] target-ppc: Rework storage of VPA registration state

[Alexander Graf]

From: David Gibson 

With PAPR guests, hypercalls allow registration of the Virtual Processor
Area (VPA), SLB shadow and dispatch trace log (DTL), each of which allow
for certain communication between the guest and hypervisor.  Currently, we
store the addresses of the three areas and the size of the dtl in
CPUPPCState.

The SLB shadow and DTL are variable sized, with the size being retrieved
from within the registered memory area at the hypercall time.  This size
can later be overwritten with other information, however, so we need to
save the size as of registration time.  We already do this for the DTL,
but not for the SLB shadow, so this patch fixes that.

In addition, we change the storage of the VPA information to use fixed
size integer types which will make life easier for syncing this data with
KVM, which we will need in future.

Signed-off-by: David Gibson 
Signed-off-by: Alexander Graf 
---
 hw/spapr_hcall.c|   26 ++
 target-ppc/cpu.h|7 +++
 target-ppc/translate_init.c |7 ---
 3 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/hw/spapr_hcall.c b/hw/spapr_hcall.c
index 762493a..621dabd 100644
--- a/hw/spapr_hcall.c
+++ b/hw/spapr_hcall.c
@@ -366,26 +366,26 @@ static target_ulong register_vpa(CPUPPCState *env, 
target_ulong vpa)
 return H_PARAMETER;
 }
 
-env->vpa = vpa;
+env->vpa_addr = vpa;
 
-tmp = ldub_phys(env->vpa + VPA_SHARED_PROC_OFFSET);
+tmp = ldub_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET);
 tmp |= VPA_SHARED_PROC_VAL;
-stb_phys(env->vpa + VPA_SHARED_PROC_OFFSET, tmp);
+stb_phys(env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp);
 
 return H_SUCCESS;
 }
 
 static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa)
 {
-if (env->slb_shadow) {
+if (env->slb_shadow_addr) {
 return H_RESOURCE;
 }
 
-if (env->dispatch_trace_log) {
+if (env->dtl_addr) {
 return H_RESOURCE;
 }
 
-env->vpa = 0;
+env->vpa_addr = 0;
 return H_SUCCESS;
 }
 
@@ -407,18 +407,20 @@ static target_ulong register_slb_shadow(CPUPPCState *env, 
target_ulong addr)
 return H_PARAMETER;
 }
 
-if (!env->vpa) {
+if (!env->vpa_addr) {
 return H_RESOURCE;
 }
 
-env->slb_shadow = addr;
+env->slb_shadow_addr = addr;
+env->slb_shadow_size = size;
 
 return H_SUCCESS;
 }
 
 static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr)
 {
-env->slb_shadow = 0;
+env->slb_shadow_addr = 0;
+env->slb_shadow_size = 0;
 return H_SUCCESS;
 }
 
@@ -437,11 +439,11 @@ static target_ulong register_dtl(CPUPPCState *env, 
target_ulong addr)
 return H_PARAMETER;
 }
 
-if (!env->vpa) {
+if (!env->vpa_addr) {
 return H_RESOURCE;
 }
 
-env->dispatch_trace_log = addr;
+env->dtl_addr = addr;
 env->dtl_size = size;
 
 return H_SUCCESS;
@@ -449,7 +451,7 @@ static target_ulong register_dtl(CPUPPCState *env, 
target_ulong addr)
 
 static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr)
 {
-env->dispatch_trace_log = 0;
+env->dtl_addr = 0;
 env->dtl_size = 0;
 
 return H_SUCCESS;
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 3f114c9..286f42a 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1045,10 +1045,9 @@ struct CPUPPCState {
 #endif
 
 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
-hwaddr vpa;
-hwaddr slb_shadow;
-hwaddr dispatch_trace_log;
-uint32_t dtl_size;
+hwaddr vpa_addr;
+hwaddr slb_shadow_addr, slb_shadow_size;
+hwaddr dtl_addr, dtl_size;
 #endif /* TARGET_PPC64 */
 
 int error_code;
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index ad54985..e63627c 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -10425,9 +10425,10 @@ static void ppc_cpu_reset(CPUState *s)
 env->error_code = 0;
 
 #if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
-env->vpa = 0;
-env->slb_shadow = 0;
-env->dispatch_trace_log = 0;
+env->vpa_addr = 0;
+env->slb_shadow_addr = 0;
+env->slb_shadow_size = 0;
+env->dtl_addr = 0;
 env->dtl_size = 0;
 #endif /* TARGET_PPC64 */
 
-- 
1.6.0.2

Re: [Qemu-devel] [PATCH 01/22] Remove TARGET_PHYS_ADDR_BITS define completely

[Peter Maydell]

On 29 October 2012 10:25, Alexander Graf  wrote:
> From: Peter Maydell 
>
> Following commit 4be403c81 TARGET_PHYS_ADDR_BITS is always 64,
> and it's only used in one place (that commit removed all the
> other uses). Remove it completely, to avoid confusion with
> the genuinely useful TARGET_PHYS_ADDR_SPACE_BITS.
>
> Signed-off-by: Peter Maydell 
> Signed-off-by: Alexander Graf 
> ---
>  target-ppc/mmu_helper.c |2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
>
> diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
> index 4a9bb5b..811f47f 100644
> --- a/target-ppc/mmu_helper.c
> +++ b/target-ppc/mmu_helper.c
> @@ -1509,10 +1509,8 @@ static void mmubooke_dump_mmu(FILE *f, 
> fprintf_function cpu_fprintf,
>  mask = ~(entry->size - 1);
>  ea = entry->EPN & mask;
>  pa = entry->RPN & mask;
> -#if (TARGET_PHYS_ADDR_SPACE_BITS >= 36)
>  /* Extend the physical address to 36 bits */
>  pa |= (hwaddr)(entry->RPN & 0xF) << 32;
> -#endif
>  size /= 1024;
>  if (size >= 1024) {
>  snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "M", size / 
> 1024);

The contents and the commit message on this don't match any more,
because when Avi did the target_phys_addr_t to hwaddr patch he
changed this #if (in a different way to how he resolved all the
other #ifs for the force-phys-addrs-to-64-bits patch).

I think the final resulting source tree is the right thing,
so the commit message needs changing. Try:

===begin===
Drop unnecessary check of TARGET_PHYS_ADDR_SPACE_BITS

For all our PPC targets the physical address space is at least
36 bits, so drop an unnecessary preprocessor conditional check
on TARGET_PHYS_ADDR_SPACE_BITS (erroneously introduced as part
of the change from target_phys_addr_t to hwaddr). This brings
this bit of code into line with the way we handle the other
cases which were originally checking TARGET_PHYS_ADDR_BITS in
order to avoid compiler complaints about overflowing a 32 bit type.
===endit===

-- PMM

[Qemu-devel] slow migration speed / strange memory usage

[Stefan Priebe - Profihost AG]

Hello list,

i'm running kvm 1.2 on vanilla 3.6.3 kernel.

I'm trying to understand the memory usage and the migration speed.

I've a VM which does nothing else than running OpenSSH and a cron job 
every minute to write a small json file.


When the VM is freshly started Host shows 300MB memory usage and 
migration speed is around 400MB/s.


After time the memory usage increases in up to 3.7GB but in VM it stays 
incl. cache and buffers around 350MB.


The migration speed is then around 25MB/s.

How can this be? Is this expected? Disk cache is set to default (no cache).

Greets,
Stefan

Re: [Qemu-devel] [PATCH 1/4 v3] vmware_vga: Coding style cleanup

[BALATON Zoltan]

On Thu, 18 Oct 2012, BALATON Zoltan wrote:

Ping?

http://patchwork.ozlabs.org/patch/189750/
http://patchwork.ozlabs.org/patch/189751/
http://patchwork.ozlabs.org/patch/189752/
http://patchwork.ozlabs.org/patch/189754/


Is there anything else that needs to be done with these or it's ignored 
only because nobody is interested? Could someone please tell what to do to 
get these merged?


Thanks,
BALATON Zoltan

Re: [Qemu-devel] [PATCH 01/22] Remove TARGET_PHYS_ADDR_BITS define completely

[Alexander Graf]

On 29.10.2012, at 11:38, Peter Maydell wrote:

> On 29 October 2012 10:25, Alexander Graf  wrote:
>> From: Peter Maydell 
>> 
>> Following commit 4be403c81 TARGET_PHYS_ADDR_BITS is always 64,
>> and it's only used in one place (that commit removed all the
>> other uses). Remove it completely, to avoid confusion with
>> the genuinely useful TARGET_PHYS_ADDR_SPACE_BITS.
>> 
>> Signed-off-by: Peter Maydell 
>> Signed-off-by: Alexander Graf 
>> ---
>> target-ppc/mmu_helper.c |2 --
>> 1 files changed, 0 insertions(+), 2 deletions(-)
>> 
>> diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
>> index 4a9bb5b..811f47f 100644
>> --- a/target-ppc/mmu_helper.c
>> +++ b/target-ppc/mmu_helper.c
>> @@ -1509,10 +1509,8 @@ static void mmubooke_dump_mmu(FILE *f, 
>> fprintf_function cpu_fprintf,
>> mask = ~(entry->size - 1);
>> ea = entry->EPN & mask;
>> pa = entry->RPN & mask;
>> -#if (TARGET_PHYS_ADDR_SPACE_BITS >= 36)
>> /* Extend the physical address to 36 bits */
>> pa |= (hwaddr)(entry->RPN & 0xF) << 32;
>> -#endif
>> size /= 1024;
>> if (size >= 1024) {
>> snprintf(size_buf, sizeof(size_buf), "%3" PRId64 "M", size / 
>> 1024);
> 
> The contents and the commit message on this don't match any more,
> because when Avi did the target_phys_addr_t to hwaddr patch he
> changed this #if (in a different way to how he resolved all the
> other #ifs for the force-phys-addrs-to-64-bits patch).
> 
> I think the final resulting source tree is the right thing,
> so the commit message needs changing. Try:
> 
> ===begin===
> Drop unnecessary check of TARGET_PHYS_ADDR_SPACE_BITS
> 
> For all our PPC targets the physical address space is at least
> 36 bits, so drop an unnecessary preprocessor conditional check
> on TARGET_PHYS_ADDR_SPACE_BITS (erroneously introduced as part
> of the change from target_phys_addr_t to hwaddr). This brings
> this bit of code into line with the way we handle the other
> cases which were originally checking TARGET_PHYS_ADDR_BITS in
> order to avoid compiler complaints about overflowing a 32 bit type.
> ===endit===

Alrighty, updated the commit message in all queues :).


Alex

[Qemu-devel] [PATCH 13/22] m48t59: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/m48t59.c |   24 ++--
 1 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/hw/m48t59.c b/hw/m48t59.c
index 9eb1a09..9e8e692 100644
--- a/hw/m48t59.c
+++ b/hw/m48t59.c
@@ -27,6 +27,7 @@
 #include "sysemu.h"
 #include "sysbus.h"
 #include "isa.h"
+#include "exec-memory.h"
 
 //#define DEBUG_NVRAM
 
@@ -80,6 +81,7 @@ typedef struct M48t59ISAState {
 typedef struct M48t59SysBusState {
 SysBusDevice busdev;
 M48t59State state;
+MemoryRegion io;
 } M48t59SysBusState;
 
 /* Fake timer functions */
@@ -481,7 +483,8 @@ void m48t59_toggle_lock (void *opaque, int lock)
 }
 
 /* IO access to NVRAM */
-static void NVRAM_writeb (void *opaque, uint32_t addr, uint32_t val)
+static void NVRAM_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
 {
 M48t59State *NVRAM = opaque;
 
@@ -504,7 +507,7 @@ static void NVRAM_writeb (void *opaque, uint32_t addr, 
uint32_t val)
 }
 }
 
-static uint32_t NVRAM_readb (void *opaque, uint32_t addr)
+static uint64_t NVRAM_readb(void *opaque, hwaddr addr, unsigned size)
 {
 M48t59State *NVRAM = opaque;
 uint32_t retval;
@@ -626,13 +629,14 @@ static void m48t59_reset_sysbus(DeviceState *d)
 m48t59_reset_common(NVRAM);
 }
 
-static const MemoryRegionPortio m48t59_portio[] = {
-{0, 4, 1, .read = NVRAM_readb, .write = NVRAM_writeb },
-PORTIO_END_OF_LIST(),
-};
-
 static const MemoryRegionOps m48t59_io_ops = {
-.old_portio = m48t59_portio,
+.read = NVRAM_readb,
+.write = NVRAM_writeb,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 /* Initialisation routine */
@@ -653,9 +657,9 @@ M48t59State *m48t59_init(qemu_irq IRQ, hwaddr mem_base,
 d = FROM_SYSBUS(M48t59SysBusState, s);
 state = &d->state;
 sysbus_connect_irq(s, 0, IRQ);
+memory_region_init_io(&d->io, &m48t59_io_ops, state, "m48t59", 4);
 if (io_base != 0) {
-register_ioport_read(io_base, 0x04, 1, NVRAM_readb, state);
-register_ioport_write(io_base, 0x04, 1, NVRAM_writeb, state);
+memory_region_add_subregion(get_system_io(), io_base, &d->io);
 }
 if (mem_base != 0) {
 sysbus_mmio_map(s, 0, mem_base);
-- 
1.6.0.2

[Qemu-devel] [PATCH 03/22] PPC: 440: Emulate DCBR0

[Alexander Graf]

The DCBR0 register on 440 is used to implement system reset. The same
register is used on 405 as well, so just reuse the code.

Signed-off-by: Alexander Graf 
---
 target-ppc/translate_init.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index a972287..ad54985 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -1498,7 +1498,7 @@ static void gen_spr_BookE (CPUPPCState *env, uint64_t 
ivor_mask)
 /* XXX : not implemented */
 spr_register(env, SPR_BOOKE_DBCR0, "DBCR0",
  SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_write_40x_dbcr0,
  0x);
 /* XXX : not implemented */
 spr_register(env, SPR_BOOKE_DBCR1, "DBCR1",
-- 
1.6.0.2

[Qemu-devel] [PATCH 11/22] es1370: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/es1370.c |   46 --
 1 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/hw/es1370.c b/hw/es1370.c
index e34234c..e0c9729 100644
--- a/hw/es1370.c
+++ b/hw/es1370.c
@@ -908,18 +908,44 @@ static void es1370_adc_callback (void *opaque, int avail)
 es1370_run_channel (s, ADC_CHANNEL, avail);
 }
 
-static const MemoryRegionPortio es1370_portio[] = {
-{ 0, 0x40 * 4, 1, .write = es1370_writeb, },
-{ 0, 0x40 * 2, 2, .write = es1370_writew, },
-{ 0, 0x40, 4, .write = es1370_writel, },
-{ 0, 0x40 * 4, 1, .read = es1370_readb, },
-{ 0, 0x40 * 2, 2, .read = es1370_readw, },
-{ 0, 0x40, 4, .read = es1370_readl, },
-PORTIO_END_OF_LIST ()
-};
+static uint64_t es1370_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+switch (size) {
+case 1:
+return es1370_readb(opaque, addr);
+case 2:
+return es1370_readw(opaque, addr);
+case 4:
+return es1370_readl(opaque, addr);
+default:
+return -1;
+}
+}
+
+static void es1370_write(void *opaque, hwaddr addr, uint64_t val,
+  unsigned size)
+{
+switch (size) {
+case 1:
+es1370_writeb(opaque, addr, val);
+break;
+case 2:
+es1370_writew(opaque, addr, val);
+break;
+case 4:
+es1370_writel(opaque, addr, val);
+break;
+}
+}
 
 static const MemoryRegionOps es1370_io_ops = {
-.old_portio = es1370_portio,
+.read = es1370_read,
+.write = es1370_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 19/22] vmport: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/vmport.c |   21 -
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/hw/vmport.c b/hw/vmport.c
index a4f52ee..3ab3a14 100644
--- a/hw/vmport.c
+++ b/hw/vmport.c
@@ -54,7 +54,8 @@ void vmport_register(unsigned char command, IOPortReadFunc 
*func, void *opaque)
 port_state->opaque[command] = opaque;
 }
 
-static uint32_t vmport_ioport_read(void *opaque, uint32_t addr)
+static uint64_t vmport_ioport_read(void *opaque, hwaddr addr,
+   unsigned size)
 {
 VMPortState *s = opaque;
 CPUX86State *env = cpu_single_env;
@@ -81,11 +82,12 @@ static uint32_t vmport_ioport_read(void *opaque, uint32_t 
addr)
 return s->func[command](s->opaque[command], addr);
 }
 
-static void vmport_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+static void vmport_ioport_write(void *opaque, hwaddr addr,
+uint64_t val, unsigned size)
 {
 CPUX86State *env = cpu_single_env;
 
-env->regs[R_EAX] = vmport_ioport_read(opaque, addr);
+env->regs[R_EAX] = vmport_ioport_read(opaque, addr, 4);
 }
 
 static uint32_t vmport_cmd_get_version(void *opaque, uint32_t addr)
@@ -121,13 +123,14 @@ void vmmouse_set_data(const uint32_t *data)
 env->regs[R_ESI] = data[4]; env->regs[R_EDI] = data[5];
 }
 
-static const MemoryRegionPortio vmport_portio[] = {
-{0, 1, 4, .read = vmport_ioport_read, .write = vmport_ioport_write },
-PORTIO_END_OF_LIST(),
-};
-
 static const MemoryRegionOps vmport_ops = {
-.old_portio = vmport_portio
+.read = vmport_ioport_read,
+.write = vmport_ioport_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static int vmport_initfn(ISADevice *dev)
-- 
1.6.0.2

[Qemu-devel] [PATCH 20/22] xen_platform: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/xen_platform.c |   48 ++--
 1 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/hw/xen_platform.c b/hw/xen_platform.c
index 890eb72..a54e7a2 100644
--- a/hw/xen_platform.c
+++ b/hw/xen_platform.c
@@ -228,18 +228,46 @@ static void platform_fixed_ioport_reset(void *opaque)
 platform_fixed_ioport_writeb(s, 0, 0);
 }
 
-const MemoryRegionPortio xen_platform_ioport[] = {
-{ 0, 16, 4, .write = platform_fixed_ioport_writel, },
-{ 0, 16, 2, .write = platform_fixed_ioport_writew, },
-{ 0, 16, 1, .write = platform_fixed_ioport_writeb, },
-{ 0, 16, 2, .read = platform_fixed_ioport_readw, },
-{ 0, 16, 1, .read = platform_fixed_ioport_readb, },
-PORTIO_END_OF_LIST()
-};
+static uint64_t platform_fixed_ioport_read(void *opaque,
+   hwaddr addr,
+   unsigned size)
+{
+switch (size) {
+case 1:
+return platform_fixed_ioport_readb(opaque, addr);
+case 2:
+return platform_fixed_ioport_readw(opaque, addr);
+default:
+return -1;
+}
+}
+
+static void platform_fixed_ioport_write(void *opaque, hwaddr addr,
+
+uint64_t val, unsigned size)
+{
+switch (size) {
+case 1:
+platform_fixed_ioport_writeb(opaque, addr, val);
+break;
+case 2:
+platform_fixed_ioport_writew(opaque, addr, val);
+break;
+case 4:
+platform_fixed_ioport_writel(opaque, addr, val);
+break;
+}
+}
+
 
 static const MemoryRegionOps platform_fixed_io_ops = {
-.old_portio = xen_platform_ioport,
-.endianness = DEVICE_NATIVE_ENDIAN,
+.read = platform_fixed_ioport_read,
+.write = platform_fixed_ioport_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void platform_fixed_ioport_init(PCIXenPlatformState* s)
-- 
1.6.0.2

Re: [Qemu-devel] [PULL 00/22] ppc patch queue 2012-10-29

[Andreas Färber]

Am 29.10.2012 11:25, schrieb Alexander Graf:
> Hi Blue / Aurelien,
> 
> This is my current patch queue for ppc.  Please pull.

Alex, this does not include my refactoring patches. Do you want them to
go through my qom-cpu queue, or are there conflicts/objections?

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH 04/22] e500: Fix serial initialization

[Alexander Graf]

From: Bharat Bhushan 

it was wrongly using serial_hds[0] instead of serial_hds[1]

Signed-off-by: Bharat Bhushan 
Reviewed-by: Andreas Färber 
Signed-off-by: Alexander Graf 
---
 hw/ppc/e500.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index d655e3f..90d88eb 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -496,7 +496,7 @@ void ppce500_init(PPCE500Params *params)
 if (serial_hds[1]) {
 serial_mm_init(address_space_mem, MPC8544_SERIAL1_REGS_BASE,
0, mpic[12+26], 399193,
-   serial_hds[0], DEVICE_BIG_ENDIAN);
+   serial_hds[1], DEVICE_BIG_ENDIAN);
 }
 
 /* General Utility device */
-- 
1.6.0.2

Re: [Qemu-devel] [PULL 00/22] ppc patch queue 2012-10-29

[Alexander Graf]

On 29.10.2012, at 12:01, Andreas Färber wrote:

> Am 29.10.2012 11:25, schrieb Alexander Graf:
>> Hi Blue / Aurelien,
>> 
>> This is my current patch queue for ppc.  Please pull.
> 
> Alex, this does not include my refactoring patches. Do you want them to
> go through my qom-cpu queue, or are there conflicts/objections?

Sure, just post them through your queue. I merely wanted to flush out what I 
had before Nov 1st comes.


Alex

[Qemu-devel] [PATCH 21/22] PPC: e500: Map PIO space into core memory region

[Alexander Graf]

On PPC, we don't have PIO. So usually PIO space behind a PCI bridge is
accessible via MMIO. Do this mapping explicitly by mapping the PIO space
of our PCI bus into a memory region that lives in memory space.

Signed-off-by: Alexander Graf 
---
 hw/ppc/e500.c|3 +--
 hw/ppce500_pci.c |9 +++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 90d88eb..6749fff 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -52,7 +52,6 @@
 #define MPC8544_PCI_REGS_BASE  (MPC8544_CCSRBAR_BASE + 0x8000ULL)
 #define MPC8544_PCI_REGS_SIZE  0x1000ULL
 #define MPC8544_PCI_IO 0xE100ULL
-#define MPC8544_PCI_IOLEN  0x1ULL
 #define MPC8544_UTIL_BASE  (MPC8544_CCSRBAR_BASE + 0xeULL)
 #define MPC8544_SPIN_BASE  0xEF00ULL
 
@@ -511,7 +510,7 @@ void ppce500_init(PPCE500Params *params)
 if (!pci_bus)
 printf("couldn't create PCI controller!\n");
 
-isa_mmio_init(MPC8544_PCI_IO, MPC8544_PCI_IOLEN);
+sysbus_mmio_map(sysbus_from_qdev(dev), 1, MPC8544_PCI_IO);
 
 if (pci_bus) {
 /* Register network interfaces. */
diff --git a/hw/ppce500_pci.c b/hw/ppce500_pci.c
index 332748a..2ff7438 100644
--- a/hw/ppce500_pci.c
+++ b/hw/ppce500_pci.c
@@ -31,6 +31,8 @@
 #define PCIE500_ALL_SIZE  0x1000
 #define PCIE500_REG_SIZE  (PCIE500_ALL_SIZE - PCIE500_REG_BASE)
 
+#define PCIE500_PCI_IOLEN 0x1ULL
+
 #define PPCE500_PCI_CONFIG_ADDR 0x0
 #define PPCE500_PCI_CONFIG_DATA 0x4
 #define PPCE500_PCI_INTACK  0x8
@@ -87,6 +89,7 @@ struct PPCE500PCIState {
 /* mmio maps */
 MemoryRegion container;
 MemoryRegion iomem;
+MemoryRegion pio;
 };
 
 typedef struct PPCE500PCIState PPCE500PCIState;
@@ -314,7 +317,6 @@ static int e500_pcihost_initfn(SysBusDevice *dev)
 PCIBus *b;
 int i;
 MemoryRegion *address_space_mem = get_system_memory();
-MemoryRegion *address_space_io = get_system_io();
 
 h = PCI_HOST_BRIDGE(dev);
 s = PPC_E500_PCI_HOST_BRIDGE(dev);
@@ -323,9 +325,11 @@ static int e500_pcihost_initfn(SysBusDevice *dev)
 sysbus_init_irq(dev, &s->irq[i]);
 }
 
+memory_region_init(&s->pio, "pci-pio", PCIE500_PCI_IOLEN);
+
 b = pci_register_bus(DEVICE(dev), NULL, mpc85xx_pci_set_irq,
  mpc85xx_pci_map_irq, s->irq, address_space_mem,
- address_space_io, PCI_DEVFN(0x11, 0), 4);
+ &s->pio, PCI_DEVFN(0x11, 0), 4);
 h->bus = b;
 
 pci_create_simple(b, 0, "e500-host-bridge");
@@ -341,6 +345,7 @@ static int e500_pcihost_initfn(SysBusDevice *dev)
 memory_region_add_subregion(&s->container, PCIE500_CFGDATA, &h->data_mem);
 memory_region_add_subregion(&s->container, PCIE500_REG_BASE, &s->iomem);
 sysbus_init_mmio(dev, &s->container);
+sysbus_init_mmio(dev, &s->pio);
 
 return 0;
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 02/22] PPC: Bamboo: Fix memory size DT property

[Alexander Graf]

Device tree properties need to be specified in big endian. Fix the
bamboo memory size property accordingly.

Signed-off-by: Alexander Graf 
CC: qemu-sta...@nongnu.org
---
 hw/ppc440_bamboo.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
index a6b1d51..cc85607 100644
--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -59,7 +59,7 @@ static int bamboo_load_device_tree(hwaddr addr,
 {
 int ret = -1;
 #ifdef CONFIG_FDT
-uint32_t mem_reg_property[] = { 0, 0, ramsize };
+uint32_t mem_reg_property[] = { 0, 0, cpu_to_be32(ramsize) };
 char *filename;
 int fdt_size;
 void *fdt;
-- 
1.6.0.2

Re: [Qemu-devel] [PATCH v3 2/8] usb/ehci: Use class_data to init PCI variations

[Peter Crosthwaite]

On Oct 29, 2012 7:35 PM, "Andreas Färber"  wrote:
>
> Am 29.10.2012 02:34, schrieb Peter Crosthwaite:
> > Got rid of the duplication of the class init functions for the two PCI
EHCI
> > variants. The PCI specifics are passed in as as class_data and set by a
common
> > class_init function.
> >
> > Premeptively defined a new Class "EHCICLass" for the upcomming addition
of new
>
> "Preemptively", "upcoming"
>
> > fields. The class_data is an instance of EHCICLass that forms a
template for the
> > class to generate.
>
> Using "EHCI[PCI]Class" to template itself seems a bit awkward, Anthony
> do you have any thoughts on this? The usual way would be to have a
> dedicated EHCIInfo struct or so.

Why? The class struct defines the exactly all information needed. Seems
redundant and error prone to have to maintain two structs with the same
fields?

> >
> > Signed-off-by: Peter Crosthwaite 
> > ---
> > Got rid of union for sharing EHCIClassDefinition - made PCI specific
> > Simplified literal class_data arrays in ehci_info accordingly
> > removed null sentinel from ehci_info and used ARRAY_SIZE for
type_regsiter loop
> >   bound instead
> >
> >  hw/usb/hcd-ehci.c |   76

> >  1 files changed, 41 insertions(+), 35 deletions(-)
> >
> > diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> > index 6c65a73..274225b 100644
> > --- a/hw/usb/hcd-ehci.c
> > +++ b/hw/usb/hcd-ehci.c
> > @@ -2641,46 +2641,49 @@ static Property ehci_properties[] = {
> >  DEFINE_PROP_END_OF_LIST(),
> >  };
> >
> > -static void ehci_class_init(ObjectClass *klass, void *data)
> > -{
> > -DeviceClass *dc = DEVICE_CLASS(klass);
> > -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
> > -
> > -k->init = usb_ehci_initfn;
> > -k->vendor_id = PCI_VENDOR_ID_INTEL;
> > -k->device_id = PCI_DEVICE_ID_INTEL_82801D; /* ich4 */
> > -k->revision = 0x10;
> > -k->class_id = PCI_CLASS_SERIAL_USB;
> > -dc->vmsd = &vmstate_ehci;
> > -dc->props = ehci_properties;
> > -}
> > +typedef struct EHCIPCIClass {
> > +PCIDeviceClass pci;
> > +} EHCIPCIClass;
> >
> > -static TypeInfo ehci_info = {
> > -.name  = "usb-ehci",
> > -.parent= TYPE_PCI_DEVICE,
> > -.instance_size = sizeof(EHCIState),
> > -.class_init= ehci_class_init,
> > -};
> > -
> > -static void ich9_ehci_class_init(ObjectClass *klass, void *data)
> > +static void ehci_class_init(ObjectClass *klass, void *data)
> >  {
> >  DeviceClass *dc = DEVICE_CLASS(klass);
> > -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
> > -
> > -k->init = usb_ehci_initfn;
> > -k->vendor_id = PCI_VENDOR_ID_INTEL;
> > -k->device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1;
> > -k->revision = 0x03;
> > -k->class_id = PCI_CLASS_SERIAL_USB;
> > +EHCIPCIClass *k = (EHCIPCIClass *)klass;
>
> Please use a proper QOM cast macro: EHCI_PCI_CLASS(klass)
>

How is this possible whe TYPE_EHCI_PCI doesn't exist ? The FOO_CLASS macros
require the name of the class but that does not exist as its a dynamic
class.

> In this case however, please keep using PCIDeviceClass rather than
> trying to access it through a named member. If we need to access any
> dedicated EHCIPCIClass fields later in the series we can add additional
> variables the QOM way.

What do you mean the Qom way? Don't we just add fields to the class and
class_info and class_init copies them across ?

> > +EHCIPCIClass *template = data;
> > +
> > +k->pci.init = usb_ehci_initfn;
> > +k->pci.vendor_id = template->pci.vendor_id;
> > +k->pci.device_id = template->pci.device_id; /* ich4 */
> > +k->pci.revision = template->pci.revision;
> > +k->pci.class_id = PCI_CLASS_SERIAL_USB;
> >  dc->vmsd = &vmstate_ehci;
> >  dc->props = ehci_properties;
> >  }
> >
> > -static TypeInfo ich9_ehci_info = {
> > -.name  = "ich9-usb-ehci1",
> > -.parent= TYPE_PCI_DEVICE,
> > -.instance_size = sizeof(EHCIState),
> > -.class_init= ich9_ehci_class_init,
> > +static TypeInfo ehci_info[] = {
>
> Can this still be made const despite the embedded class_data?
>
> > +{
> > +.name  = "usb-ehci",
> > +.parent= TYPE_PCI_DEVICE,
> > +.instance_size = sizeof(EHCIState),
> > +.class_init= ehci_class_init,
> > +.class_size= sizeof(EHCIPCIClass),
> > +.class_data= (EHCIPCIClass[]) {{
> > +.pci.vendor_id = PCI_VENDOR_ID_INTEL,
> > +.pci.device_id = PCI_DEVICE_ID_INTEL_82801D,
> > +.pci.revision  = 0x10,
> > +} }
> > +}, {
> > +.name  = "ich9-usb-ehci1",
>
> Do we have a suitable header to introduce TYPE_* constants for these
> while at it? That would benefit q35.
>

No because there are no TYPE_ constants. The classes are private to
hcd-ehci.c.

Regards
Peter

> Andreas
>
> > +.parent= TYPE_PCI_DEVICE,
> > +.instance_size = sizeof(EHCIState),
> 

[Qemu-devel] [PATCH 22/22] PPC: pseries: Remove hack for PIO window

[Alexander Graf]

Now that all users of old_portio are gone, we can remove the hack
that enabled us to support them.

Signed-off-by: Alexander Graf 
---
 hw/spapr_pci.c |   44 +---
 hw/spapr_pci.h |2 +-
 2 files changed, 2 insertions(+), 44 deletions(-)

diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index a08ed11..c2c3079 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -439,43 +439,6 @@ static void pci_spapr_set_irq(void *opaque, int irq_num, 
int level)
 qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
 }
 
-static uint64_t spapr_io_read(void *opaque, hwaddr addr,
-  unsigned size)
-{
-switch (size) {
-case 1:
-return cpu_inb(addr);
-case 2:
-return cpu_inw(addr);
-case 4:
-return cpu_inl(addr);
-}
-assert(0);
-}
-
-static void spapr_io_write(void *opaque, hwaddr addr,
-   uint64_t data, unsigned size)
-{
-switch (size) {
-case 1:
-cpu_outb(addr, data);
-return;
-case 2:
-cpu_outw(addr, data);
-return;
-case 4:
-cpu_outl(addr, data);
-return;
-}
-assert(0);
-}
-
-static const MemoryRegionOps spapr_io_ops = {
-.endianness = DEVICE_LITTLE_ENDIAN,
-.read = spapr_io_read,
-.write = spapr_io_write
-};
-
 /*
  * MSI/MSIX memory region implementation.
  * The handler handles both MSI and MSIX.
@@ -545,14 +508,9 @@ static int spapr_phb_init(SysBusDevice *s)
  * old_portion are updated */
 sprintf(namebuf, "%s.io", sphb->dtbusname);
 memory_region_init(&sphb->iospace, namebuf, SPAPR_PCI_IO_WIN_SIZE);
-/* FIXME: fix to support multiple PHBs */
-memory_region_add_subregion(get_system_io(), 0, &sphb->iospace);
 
-sprintf(namebuf, "%s.io-alias", sphb->dtbusname);
-memory_region_init_io(&sphb->iowindow, &spapr_io_ops, sphb,
-  namebuf, SPAPR_PCI_IO_WIN_SIZE);
 memory_region_add_subregion(get_system_memory(), sphb->io_win_addr,
-&sphb->iowindow);
+&sphb->iospace);
 
 /* As MSI/MSIX interrupts trigger by writing at MSI/MSIX vectors,
  * we need to allocate some memory to catch those writes coming
diff --git a/hw/spapr_pci.h b/hw/spapr_pci.h
index e307ac8..a77d7d5 100644
--- a/hw/spapr_pci.h
+++ b/hw/spapr_pci.h
@@ -44,7 +44,7 @@ typedef struct sPAPRPHBState {
 MemoryRegion memspace, iospace;
 hwaddr mem_win_addr, mem_win_size, io_win_addr, io_win_size;
 hwaddr msi_win_addr;
-MemoryRegion memwindow, iowindow, msiwindow;
+MemoryRegion memwindow, msiwindow;
 
 uint32_t dma_liobn;
 uint64_t dma_window_start;
-- 
1.6.0.2

[Qemu-devel] [PATCH 09/22] ac97: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/ac97.c |  109 +---
 1 files changed, 89 insertions(+), 20 deletions(-)

diff --git a/hw/ac97.c b/hw/ac97.c
index 0f561fa..ce6a1dc 100644
--- a/hw/ac97.c
+++ b/hw/ac97.c
@@ -1226,32 +1226,101 @@ static const VMStateDescription vmstate_ac97 = {
 }
 };
 
-static const MemoryRegionPortio nam_portio[] = {
-{ 0, 256 * 1, 1, .read = nam_readb, },
-{ 0, 256 * 2, 2, .read = nam_readw, },
-{ 0, 256 * 4, 4, .read = nam_readl, },
-{ 0, 256 * 1, 1, .write = nam_writeb, },
-{ 0, 256 * 2, 2, .write = nam_writew, },
-{ 0, 256 * 4, 4, .write = nam_writel, },
-PORTIO_END_OF_LIST (),
-};
+static uint64_t nam_read(void *opaque, hwaddr addr, unsigned size)
+{
+if ((addr / size) > 256) {
+return -1;
+}
+
+switch (size) {
+case 1:
+return nam_readb(opaque, addr);
+case 2:
+return nam_readw(opaque, addr);
+case 4:
+return nam_readl(opaque, addr);
+default:
+return -1;
+}
+}
+
+static void nam_write(void *opaque, hwaddr addr, uint64_t val,
+  unsigned size)
+{
+if ((addr / size) > 256) {
+return;
+}
+
+switch (size) {
+case 1:
+nam_writeb(opaque, addr, val);
+break;
+case 2:
+nam_writew(opaque, addr, val);
+break;
+case 4:
+nam_writel(opaque, addr, val);
+break;
+}
+}
 
 static const MemoryRegionOps ac97_io_nam_ops = {
-.old_portio = nam_portio,
+.read = nam_read,
+.write = nam_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static const MemoryRegionPortio nabm_portio[] = {
-{ 0, 64 * 1, 1, .read = nabm_readb, },
-{ 0, 64 * 2, 2, .read = nabm_readw, },
-{ 0, 64 * 4, 4, .read = nabm_readl, },
-{ 0, 64 * 1, 1, .write = nabm_writeb, },
-{ 0, 64 * 2, 2, .write = nabm_writew, },
-{ 0, 64 * 4, 4, .write = nabm_writel, },
-PORTIO_END_OF_LIST ()
-};
+static uint64_t nabm_read(void *opaque, hwaddr addr, unsigned size)
+{
+if ((addr / size) > 64) {
+return -1;
+}
+
+switch (size) {
+case 1:
+return nabm_readb(opaque, addr);
+case 2:
+return nabm_readw(opaque, addr);
+case 4:
+return nabm_readl(opaque, addr);
+default:
+return -1;
+}
+}
+
+static void nabm_write(void *opaque, hwaddr addr, uint64_t val,
+  unsigned size)
+{
+if ((addr / size) > 64) {
+return;
+}
+
+switch (size) {
+case 1:
+nabm_writeb(opaque, addr, val);
+break;
+case 2:
+nabm_writew(opaque, addr, val);
+break;
+case 4:
+nabm_writel(opaque, addr, val);
+break;
+}
+}
+
 
 static const MemoryRegionOps ac97_io_nabm_ops = {
-.old_portio = nabm_portio,
+.read = nabm_read,
+.write = nabm_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void ac97_on_reset (void *opaque)
-- 
1.6.0.2

[Qemu-devel] [PATCH 08/22] pseries: Implement qemu initiated shutdowns using EPOW events

[Alexander Graf]

From: David Gibson 

At present, using 'system_powerdown' from the monitor or otherwise
instructing qemu to (cleanly) shut down a pseries guest will not work,
because we did not have a method of signalling the shutdown request to the
guest.

PAPR does include a usable mechanism for this, though it is rather more
involved than the equivalent on x86.  This involves sending an EPOW
(Environmental and POwer Warning) event through the PAPR event and error
logging mechanism, which also has a number of other functions.

This patch implements just enough of the event/error logging functionality
to be able to send a shutdown event to the guest.  At least with modern
guest kernels and a userspace that is up and running, this means that
system_powerdown from the qemu monitor should now work correctly on pseries
guests.

Signed-off-by: David Gibson 
Signed-off-by: Alexander Graf 
---
 hw/ppc/Makefile.objs |1 +
 hw/spapr.c   |   14 ++-
 hw/spapr.h   |8 ++
 hw/spapr_events.c|  321 ++
 4 files changed, 342 insertions(+), 2 deletions(-)
 create mode 100644 hw/spapr_events.c

diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index 951e407..8fe2123 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -11,6 +11,7 @@ obj-y += ppc_newworld.o
 obj-$(CONFIG_PSERIES) += spapr.o spapr_hcall.o spapr_rtas.o spapr_vio.o
 obj-$(CONFIG_PSERIES) += xics.o spapr_vty.o spapr_llan.o spapr_vscsi.o
 obj-$(CONFIG_PSERIES) += spapr_pci.o pci-hotplug.o spapr_iommu.o
+obj-$(CONFIG_PSERIES) += spapr_events.o
 # PowerPC 4xx boards
 obj-y += ppc4xx_devs.o ppc4xx_pci.o ppc405_uc.o ppc405_boards.o
 obj-y += ppc440_bamboo.o
diff --git a/hw/spapr.c b/hw/spapr.c
index 1587bc3..8d0ad3c 100644
--- a/hw/spapr.c
+++ b/hw/spapr.c
@@ -232,7 +232,8 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
hwaddr initrd_size,
hwaddr kernel_size,
const char *boot_device,
-   const char *kernel_cmdline)
+   const char *kernel_cmdline,
+   uint32_t epow_irq)
 {
 void *fdt;
 CPUPPCState *env;
@@ -403,6 +404,8 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
 _FDT((fdt_property(fdt, "ibm,associativity-reference-points",
 refpoints, sizeof(refpoints;
 
+_FDT((fdt_property_cell(fdt, "rtas-error-log-max", RTAS_ERROR_LOG_MAX)));
+
 _FDT((fdt_end_node(fdt)));
 
 /* interrupt controller */
@@ -433,6 +436,9 @@ static void *spapr_create_fdt_skel(const char *cpu_model,
 
 _FDT((fdt_end_node(fdt)));
 
+/* event-sources */
+spapr_events_fdt_skel(fdt, epow_irq);
+
 _FDT((fdt_end_node(fdt))); /* close root node */
 _FDT((fdt_finish(fdt)));
 
@@ -795,6 +801,9 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
 spapr->icp = xics_system_init(XICS_IRQS);
 spapr->next_irq = 16;
 
+/* Set up EPOW events infrastructure */
+spapr_events_init(spapr);
+
 /* Set up IOMMU */
 spapr_iommu_init();
 
@@ -903,7 +912,8 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
 spapr->fdt_skel = spapr_create_fdt_skel(cpu_model,
 initrd_base, initrd_size,
 kernel_size,
-boot_device, kernel_cmdline);
+boot_device, kernel_cmdline,
+spapr->epow_irq);
 assert(spapr->fdt_skel != NULL);
 }
 
diff --git a/hw/spapr.h b/hw/spapr.h
index 8ee69bd..51c709e 100644
--- a/hw/spapr.h
+++ b/hw/spapr.h
@@ -26,6 +26,9 @@ typedef struct sPAPREnvironment {
 int rtc_offset;
 char *cpu_model;
 bool has_graphics;
+
+uint32_t epow_irq;
+Notifier epow_notifier;
 } sPAPREnvironment;
 
 #define H_SUCCESS 0
@@ -335,7 +338,12 @@ typedef struct sPAPRTCE {
 #define SPAPR_VIO_BASE_LIOBN0x
 #define SPAPR_PCI_BASE_LIOBN0x8000
 
+#define RTAS_ERROR_LOG_MAX  2048
+
+
 void spapr_iommu_init(void);
+void spapr_events_init(sPAPREnvironment *spapr);
+void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq);
 DMAContext *spapr_tce_new_dma_context(uint32_t liobn, size_t window_size);
 void spapr_tce_free(DMAContext *dma);
 void spapr_tce_reset(DMAContext *dma);
diff --git a/hw/spapr_events.c b/hw/spapr_events.c
new file mode 100644
index 000..18ccd4a
--- /dev/null
+++ b/hw/spapr_events.c
@@ -0,0 +1,321 @@
+/*
+ * QEMU PowerPC pSeries Logical Partition (aka sPAPR) hardware System Emulator
+ *
+ * RTAS events handling
+ *
+ * Copyright (c) 2012 David Gibson, IBM Corporation.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restr

[Qemu-devel] [PATCH 18/22] serial: convert PIO to new memory api read/write

[Alexander Graf]

Signed-off-by: Alexander Graf 
---
 hw/serial.c |   30 +-
 1 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/hw/serial.c b/hw/serial.c
index ae84b22..60283ea 100644
--- a/hw/serial.c
+++ b/hw/serial.c
@@ -26,6 +26,7 @@
 #include "serial.h"
 #include "qemu-char.h"
 #include "qemu-timer.h"
+#include "exec-memory.h"
 
 //#define DEBUG_SERIAL
 
@@ -305,7 +306,8 @@ static void serial_xmit(void *opaque)
 }
 
 
-static void serial_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+unsigned size)
 {
 SerialState *s = opaque;
 
@@ -451,7 +453,7 @@ static void serial_ioport_write(void *opaque, uint32_t 
addr, uint32_t val)
 }
 }
 
-static uint32_t serial_ioport_read(void *opaque, uint32_t addr)
+static uint64_t serial_ioport_read(void *opaque, hwaddr addr, unsigned size)
 {
 SerialState *s = opaque;
 uint32_t ret;
@@ -620,7 +622,7 @@ static int serial_post_load(void *opaque, int version_id)
 s->fcr_vmstate = 0;
 }
 /* Initialize fcr via setter to perform essential side-effects */
-serial_ioport_write(s, 0x02, s->fcr_vmstate);
+serial_ioport_write(s, 0x02, s->fcr_vmstate, 1);
 serial_update_parameters(s);
 return 0;
 }
@@ -705,13 +707,14 @@ void serial_set_frequency(SerialState *s, uint32_t 
frequency)
 serial_update_parameters(s);
 }
 
-static const MemoryRegionPortio serial_portio[] = {
-{ 0, 8, 1, .read = serial_ioport_read, .write = serial_ioport_write },
-PORTIO_END_OF_LIST()
-};
-
 const MemoryRegionOps serial_io_ops = {
-.old_portio = serial_portio
+.read = serial_ioport_read,
+.write = serial_ioport_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 SerialState *serial_init(int base, qemu_irq irq, int baudbase,
@@ -728,8 +731,9 @@ SerialState *serial_init(int base, qemu_irq irq, int 
baudbase,
 
 vmstate_register(NULL, base, &vmstate_serial, s);
 
-register_ioport_write(base, 8, 1, serial_ioport_write, s);
-register_ioport_read(base, 8, 1, serial_ioport_read, s);
+memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
+memory_region_add_subregion(get_system_io(), base, &s->io);
+
 return s;
 }
 
@@ -738,7 +742,7 @@ static uint64_t serial_mm_read(void *opaque, hwaddr addr,
unsigned size)
 {
 SerialState *s = opaque;
-return serial_ioport_read(s, addr >> s->it_shift);
+return serial_ioport_read(s, addr >> s->it_shift, 1);
 }
 
 static void serial_mm_write(void *opaque, hwaddr addr,
@@ -746,7 +750,7 @@ static void serial_mm_write(void *opaque, hwaddr addr,
 {
 SerialState *s = opaque;
 value &= ~0u >> (32 - (size * 8));
-serial_ioport_write(s, addr >> s->it_shift, value);
+serial_ioport_write(s, addr >> s->it_shift, value, 1);
 }
 
 static const MemoryRegionOps serial_mm_ops[3] = {
-- 
1.6.0.2

[Qemu-devel] [PATCH 1/3] m68k: Return semihosting errno values correctly

[Peter Maydell]

From: Meador Inge 

Fixing a simple typo, s/errno/err/, that caused
the error status from GDB semihosted system calls
to be returned incorrectly.

Signed-off-by: Meador Inge 
Reviewed-by: Andreas Färber 
Signed-off-by: Peter Maydell 
---
 target-m68k/m68k-semi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-m68k/m68k-semi.c b/target-m68k/m68k-semi.c
index 3bb30cd..fed44ea 100644
--- a/target-m68k/m68k-semi.c
+++ b/target-m68k/m68k-semi.c
@@ -150,7 +150,7 @@ static void m68k_semi_cb(CPUM68KState *env, target_ulong 
ret, target_ulong err)
 }
 /* FIXME - handle put_user() failure */
 put_user_u32(ret, args);
-put_user_u32(errno, args + 4);
+put_user_u32(err, args + 4);
 }
 
 #define ARG(n) \
-- 
1.7.11.4

[Qemu-devel] [PATCH 0/3] target-m68k/m68k-semi: don't ignore get/put_user failure

[Peter Maydell]

This patch series cleans up the m68k semihosting support to not
ignore failure of get_user and put_user when reading semihosting
arguments and writing return values (compare f296c0d1 which did
something similar for ARM semihosting). The main motivation for
this patch is to shut up clang's complaints about 'expression
result unused'. Tested with a simple m68k hello world semihosting
binary created with the CodeSourcery coldfire toolchain:
  ~/freescale-coldfire-2011.09/bin/m68k-elf-gcc -T m5206ec3-ram-hosted.ld -o 
/tmp/hello /tmp/hello.c -lc -lcs3hosted
  ./m68k-softmmu/qemu-system-m68k -semihosting -M dummy -display none -kernel 
/tmp/hello

Meador's patch is already in qemu-trivial but I include it
here as it is a dependency.


Meador Inge (1):
  m68k: Return semihosting errno values correctly

Peter Maydell (2):
  target-m68k/m68k-semi: Handle get_user failure
  target-m68k/m68k-semi.c: Log when put_user for returning values fails

 target-m68k/m68k-semi.c | 191 +++-
 1 file changed, 124 insertions(+), 67 deletions(-)

-- 
1.7.11.4

[Qemu-devel] [PATCH 3/3] target-m68k/m68k-semi.c: Log when put_user for returning values fails

[Peter Maydell]

Abstract out the use of put_user for returning semihosting call results,
so that we can log when a guest erroneously attempts a semihosting call
with an unwritable argument block.

Signed-off-by: Peter Maydell 
---
 target-m68k/m68k-semi.c | 47 +++
 1 file changed, 31 insertions(+), 16 deletions(-)

diff --git a/target-m68k/m68k-semi.c b/target-m68k/m68k-semi.c
index d569bf1..9f7a24c 100644
--- a/target-m68k/m68k-semi.c
+++ b/target-m68k/m68k-semi.c
@@ -133,24 +133,44 @@ static void translate_stat(CPUM68KState *env, 
target_ulong addr, struct stat *s)
 unlock_user(p, addr, sizeof(struct m68k_gdb_stat));
 }
 
+static void m68k_semi_return_u32(CPUM68KState *env, uint32_t ret, uint32_t err)
+{
+target_ulong args = env->dregs[1];
+if (put_user_u32(ret, args) ||
+put_user_u32(err, args + 4)) {
+/* The m68k semihosting ABI does not provide any way to report this
+ * error to the guest, so the best we can do is log it in qemu.
+ * It is always a guest error not to pass us a valid argument block.
+ */
+qemu_log_mask(LOG_GUEST_ERROR, "m68k-semihosting: return value "
+  "discarded because argument block not writable\n");
+}
+}
+
+static void m68k_semi_return_u64(CPUM68KState *env, uint64_t ret, uint32_t err)
+{
+target_ulong args = env->dregs[1];
+if (put_user_u32(ret >> 32, args) ||
+put_user_u32(ret, args + 4) ||
+put_user_u32(err, args + 8)) {
+/* No way to report this via m68k semihosting ABI; just log it */
+qemu_log_mask(LOG_GUEST_ERROR, "m68k-semihosting: return value "
+  "discarded because argument block not writable\n");
+}
+}
+
 static int m68k_semi_is_fseek;
 
 static void m68k_semi_cb(CPUM68KState *env, target_ulong ret, target_ulong err)
 {
-target_ulong args;
-
-args = env->dregs[1];
 if (m68k_semi_is_fseek) {
 /* FIXME: We've already lost the high bits of the fseek
return value.  */
-/* FIXME - handle put_user() failure */
-put_user_u32(0, args);
-args += 4;
+m68k_semi_return_u64(env, ret, err);
 m68k_semi_is_fseek = 0;
+} else {
+m68k_semi_return_u32(env, ret, err);
 }
-/* FIXME - handle put_user() failure */
-put_user_u32(ret, args);
-put_user_u32(err, args + 4);
 }
 
 /* Read the input value from the argument block; fail the semihosting
@@ -269,10 +289,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
arg0, off, arg3);
 } else {
 off = lseek(arg0, off, arg3);
-/* FIXME - handle put_user() failure */
-put_user_u32(off >> 32, args);
-put_user_u32(off, args + 4);
-put_user_u32(errno, args + 8);
+m68k_semi_return_u64(env, off, errno);
 }
 return;
 }
@@ -444,7 +461,5 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
 result = 0;
 }
 failed:
-/* FIXME - handle put_user() failure */
-put_user_u32(result, args);
-put_user_u32(errno, args + 4);
+m68k_semi_return_u32(env, result, errno);
 }
-- 
1.7.11.4

[Qemu-devel] [PATCH 2/3] target-m68k/m68k-semi: Handle get_user failure

[Peter Maydell]

Handle failure of get_user accessing the semihosting
argument block, rather than simply ignoring the failures.

Signed-off-by: Peter Maydell 
---
 target-m68k/m68k-semi.c | 144 +++-
 1 file changed, 93 insertions(+), 51 deletions(-)

diff --git a/target-m68k/m68k-semi.c b/target-m68k/m68k-semi.c
index fed44ea..d569bf1 100644
--- a/target-m68k/m68k-semi.c
+++ b/target-m68k/m68k-semi.c
@@ -153,17 +153,21 @@ static void m68k_semi_cb(CPUM68KState *env, target_ulong 
ret, target_ulong err)
 put_user_u32(err, args + 4);
 }
 
-#define ARG(n) \
-({ \
-target_ulong __arg;\
-/* FIXME - handle get_user() failure */\
-get_user_ual(__arg, args + (n) * 4);   \
-__arg; \
-})
-#define PARG(x) ((unsigned long)ARG(x))
+/* Read the input value from the argument block; fail the semihosting
+ * call if the memory read fails.
+ */
+#define GET_ARG(n) do { \
+if (get_user_ual(arg ## n, args + (n) * 4)) {   \
+result = -1;\
+errno = EFAULT; \
+goto failed;\
+}   \
+} while (0)
+
 void do_m68k_semihosting(CPUM68KState *env, int nr)
 {
 uint32_t args;
+target_ulong arg0, arg1, arg2, arg3;
 void *p;
 void *q;
 uint32_t len;
@@ -175,27 +179,33 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
 gdb_exit(env, env->dregs[0]);
 exit(env->dregs[0]);
 case HOSTED_OPEN:
+GET_ARG(0);
+GET_ARG(1);
+GET_ARG(2);
+GET_ARG(3);
 if (use_gdb_syscalls()) {
-gdb_do_syscall(m68k_semi_cb, "open,%s,%x,%x", ARG(0), (int)ARG(1),
-   ARG(2), ARG(3));
+gdb_do_syscall(m68k_semi_cb, "open,%s,%x,%x", arg0, (int)arg1,
+   arg2, arg3);
 return;
 } else {
-if (!(p = lock_user_string(ARG(0 {
+p = lock_user_string(arg0);
+if (!p) {
 /* FIXME - check error code? */
 result = -1;
 } else {
-result = open(p, translate_openflags(ARG(2)), ARG(3));
-unlock_user(p, ARG(0), 0);
+result = open(p, translate_openflags(arg2), arg3);
+unlock_user(p, arg0, 0);
 }
 }
 break;
 case HOSTED_CLOSE:
 {
 /* Ignore attempts to close stdin/out/err.  */
-int fd = ARG(0);
+GET_ARG(0);
+int fd = arg0;
 if (fd > 2) {
 if (use_gdb_syscalls()) {
-gdb_do_syscall(m68k_semi_cb, "close,%x", ARG(0));
+gdb_do_syscall(m68k_semi_cb, "close,%x", arg0);
 return;
 } else {
 result = close(fd);
@@ -206,47 +216,59 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
 break;
 }
 case HOSTED_READ:
-len = ARG(2);
+GET_ARG(0);
+GET_ARG(1);
+GET_ARG(2);
+len = arg2;
 if (use_gdb_syscalls()) {
 gdb_do_syscall(m68k_semi_cb, "read,%x,%x,%x",
-   ARG(0), ARG(1), len);
+   arg0, arg1, len);
 return;
 } else {
-if (!(p = lock_user(VERIFY_WRITE, ARG(1), len, 0))) {
+p = lock_user(VERIFY_WRITE, arg1, len, 0);
+if (!p) {
 /* FIXME - check error code? */
 result = -1;
 } else {
-result = read(ARG(0), p, len);
-unlock_user(p, ARG(1), len);
+result = read(arg0, p, len);
+unlock_user(p, arg1, len);
 }
 }
 break;
 case HOSTED_WRITE:
-len = ARG(2);
+GET_ARG(0);
+GET_ARG(1);
+GET_ARG(2);
+len = arg2;
 if (use_gdb_syscalls()) {
 gdb_do_syscall(m68k_semi_cb, "write,%x,%x,%x",
-   ARG(0), ARG(1), len);
+   arg0, arg1, len);
 return;
 } else {
-if (!(p = lock_user(VERIFY_READ, ARG(1), len, 1))) {
+p = lock_user(VERIFY_READ, arg1, len, 1);
+if (!p) {
 /* FIXME - check error code? */
 result = -1;
 } else {
-result = write(ARG(0), p, len);
-unlock_user(p, ARG(0), 0);
+result = write(arg0, p, len);
+unlock_user(p, arg0, 0);
 }
 }
 break;
 case HOSTED_LSEEK:
 {
 uint64_t off;
-off = (uint32_t)ARG(2) | ((uint64_t)ARG(1) << 32);

[Qemu-devel] [PATCH 6/6] s390: sclp ascii console support

[Jens Freimann]

From: Heinz Graalfs 

This code adds console support  by implementing SCLP's ASCII Console
Data event. This is the same console as LPARs ASCII console or z/VMs
sysascii.

The console can be specified manually with something like
-chardev stdio,id=charconsole0 -device 
sclpconsole,chardev=charconsole0,id=console0

Newer kernels will autodetect that console and prefer that over virtio
console.

When data is received from the character layer it creates a service
interrupt to trigger a Read Event Data command from the guest that will
pick up the received character byte-stream.
When characters are echo'ed by the linux guest a Write Event Data occurs
which is forwarded by the Event Facility to the console that supports
a corresponding mask value.
Console resizing is not supported.
The character layer byte-stream is buffered using a fixed size iov
buffer.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
Signed-off-by: Jens Freimann 
---
 hw/s390x/Makefile.objs |   2 +-
 hw/s390x/sclpconsole.c | 306 +
 2 files changed, 307 insertions(+), 1 deletion(-)
 create mode 100644 hw/s390x/sclpconsole.c

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index ed4e61a..096dfcd 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -3,4 +3,4 @@ obj-y = s390-virtio-bus.o s390-virtio.o
 obj-y := $(addprefix ../,$(obj-y))
 obj-y += sclp.o
 obj-y += event-facility.o
-obj-y += sclpquiesce.o
+obj-y += sclpquiesce.o sclpconsole.o
diff --git a/hw/s390x/sclpconsole.c b/hw/s390x/sclpconsole.c
new file mode 100644
index 000..0ec5623
--- /dev/null
+++ b/hw/s390x/sclpconsole.c
@@ -0,0 +1,306 @@
+/*
+ * SCLP event type
+ *Ascii Console Data (VT220 Console)
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#include 
+#include "qemu-thread.h"
+
+#include "sclp.h"
+#include "event-facility.h"
+
+typedef struct ASCIIConsoleData {
+EventBufferHeader ebh;
+char data[0];
+} QEMU_PACKED ASCIIConsoleData;
+
+/* max size for ASCII data in 4K SCCB page */
+#define SIZE_BUFFER_VT220 4080
+
+typedef struct SCLPConsole {
+SCLPEvent event;
+CharDriverState *chr;
+/* io vector   */
+uint8_t *iov;   /* iov buffer pointer  */
+uint8_t *iov_sclp;  /* pointer to SCLP read offset */
+uint8_t *iov_bs;/* pointer byte stream read offset */
+uint32_t iov_data_len;  /* length of byte stream in buffer */
+uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
+qemu_irq irq_read_vt220;
+} SCLPConsole;
+
+/* character layer call-back functions */
+
+/* Return number of bytes that fit into iov buffer */
+static int chr_can_read(void *opaque)
+{
+int can_read;
+SCLPConsole *scon = opaque;
+
+can_read = SIZE_BUFFER_VT220 - scon->iov_data_len;
+
+return can_read;
+}
+
+/* Receive n bytes from character layer, save in iov buffer,
+ * and set event pending */
+static void receive_from_chr_layer(SCLPConsole *scon, const uint8_t *buf,
+   int size)
+{
+assert(scon->iov);
+
+/* read data must fit into current buffer */
+assert(size <= SIZE_BUFFER_VT220 - scon->iov_data_len);
+
+/* put byte-stream from character layer into buffer */
+memcpy(scon->iov_bs, buf, size);
+scon->iov_data_len += size;
+scon->iov_sclp_rest += size;
+scon->iov_bs += size;
+scon->event.event_pending = true;
+}
+
+/* Send data from a char device over to the guest */
+static void chr_read(void *opaque, const uint8_t *buf, int size)
+{
+SCLPConsole *scon = opaque;
+
+assert(scon);
+
+receive_from_chr_layer(scon, buf, size);
+/* trigger SCLP read operation */
+qemu_irq_raise(scon->irq_read_vt220);
+}
+
+static void chr_event(void *opaque, int event)
+{
+SCLPConsole *scon = opaque;
+
+switch (event) {
+case CHR_EVENT_OPENED:
+if (!scon->iov) {
+scon->iov = g_malloc0(SIZE_BUFFER_VT220);
+scon->iov_sclp = scon->iov;
+scon->iov_bs = scon->iov;
+scon->iov_data_len = 0;
+scon->iov_sclp_rest = 0;
+}
+break;
+case CHR_EVENT_CLOSED:
+if (scon->iov) {
+g_free(scon->iov);
+scon->iov = NULL;
+}
+break;
+}
+}
+
+/* functions to be called by event facility */
+
+static int event_type(void)
+{
+return SCLP_EVENT_ASCII_CONSOLE_DATA;
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+static unsigned int receive_mask(void)
+{
+return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+/* triggered by SCLP's read_event_data -
+ * copy console data byte-stream into provided (SCLP) 

[Qemu-devel] [PATCH 5/6] s390: sclp signal quiesce support

[Jens Freimann]

From: Heinz Graalfs 

This implements the sclp signal quiesce event via the SCLP Event
Facility.
This allows to gracefully shutdown a guest by using system_powerdown
notifiers. It creates a service interrupt that will trigger a
Read Event Data command from the guest. This code will then add an
event that is interpreted by linux guests as ctrl-alt-del.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
Signed-off-by: Jens Freimann 
---
 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c |   7 +++
 hw/s390x/sclpquiesce.c| 123 ++
 3 files changed, 131 insertions(+)
 create mode 100644 hw/s390x/sclpquiesce.c

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index b32fc52..ed4e61a 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -3,3 +3,4 @@ obj-y = s390-virtio-bus.o s390-virtio.o
 obj-y := $(addprefix ../,$(obj-y))
 obj-y += sclp.o
 obj-y += event-facility.o
+obj-y += sclpquiesce.o
diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 1108e2d..9367660 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -315,6 +315,7 @@ static void command_handler(SCLPEventFacility *ef, SCCB 
*sccb, uint64_t code)
 static int init_event_facility(S390SCLPDevice *sdev)
 {
 SCLPEventFacility *event_facility;
+DeviceState *quiesce;
 
 event_facility = g_malloc0(sizeof(SCLPEventFacility));
 sdev->ef = event_facility;
@@ -327,6 +328,12 @@ static int init_event_facility(S390SCLPDevice *sdev)
 event_facility->sbus.qbus.allow_hotplug = 0;
 event_facility->qdev = (DeviceState *) sdev;
 
+quiesce = qdev_create(&event_facility->sbus.qbus, "sclpquiesce");
+if (!quiesce) {
+return -1;
+}
+qdev_init_nofail(quiesce);
+
 return 0;
 }
 
diff --git a/hw/s390x/sclpquiesce.c b/hw/s390x/sclpquiesce.c
new file mode 100644
index 000..9a773b8
--- /dev/null
+++ b/hw/s390x/sclpquiesce.c
@@ -0,0 +1,123 @@
+/*
+ * SCLP event type
+ *Signal Quiesce - trigger system powerdown request
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+#include 
+#include "sysemu.h"
+#include "sclp.h"
+#include "event-facility.h"
+
+typedef struct SignalQuiesce {
+EventBufferHeader ebh;
+uint16_t timeout;
+uint8_t unit;
+} QEMU_PACKED SignalQuiesce;
+
+static int event_type(void)
+{
+return SCLP_EVENT_SIGNAL_QUIESCE;
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_SIGNAL_QUIESCE;
+}
+
+static unsigned int receive_mask(void)
+{
+return 0;
+}
+
+static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
+   int *slen)
+{
+SignalQuiesce *sq = (SignalQuiesce *) evt_buf_hdr;
+
+if (*slen < sizeof(SignalQuiesce)) {
+return 0;
+}
+
+if (!event->event_pending) {
+return 0;
+}
+event->event_pending = false;
+
+sq->ebh.length = cpu_to_be16(sizeof(SignalQuiesce));
+sq->ebh.type = SCLP_EVENT_SIGNAL_QUIESCE;
+sq->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+/*
+ * system_powerdown does not have a timeout. Fortunately the
+ * timeout value is currently ignored by Linux, anyway
+ */
+sq->timeout = cpu_to_be16(0);
+sq->unit = cpu_to_be16(0);
+*slen -= sizeof(SignalQuiesce);
+
+return 1;
+}
+
+typedef struct QuiesceNotifier QuiesceNotifier;
+
+static struct QuiesceNotifier {
+Notifier notifier;
+SCLPEvent *event;
+} qn;
+
+static void quiesce_powerdown_req(Notifier *n, void *opaque)
+{
+QuiesceNotifier *qn = container_of(n, QuiesceNotifier, notifier);
+SCLPEvent *event = qn->event;
+
+event->event_pending = true;
+/* trigger SCLP read operation */
+sclp_service_interrupt(0);
+}
+
+static int quiesce_init(SCLPEvent *event)
+{
+event->event_type = SCLP_EVENT_SIGNAL_QUIESCE;
+
+qn.notifier.notify = quiesce_powerdown_req;
+qn.event = event;
+
+qemu_register_powerdown_notifier(&qn.notifier);
+
+return 0;
+}
+
+static void quiesce_class_init(ObjectClass *klass, void *data)
+{
+SCLPEventClass *k = SCLP_EVENT_CLASS(klass);
+
+k->init = quiesce_init;
+
+k->get_send_mask = send_mask;
+k->get_receive_mask = receive_mask;
+k->event_type = event_type;
+k->read_event_data = read_event_data;
+k->write_event_data = NULL;
+}
+
+static TypeInfo sclp_quiesce_info = {
+.name  = "sclpquiesce",
+.parent= TYPE_SCLP_EVENT,
+.instance_size = sizeof(SCLPEvent),
+.class_init= quiesce_class_init,
+.class_size= sizeof(SCLPEventClass),
+};
+
+static void register_types(void)
+{
+type_register_static(&sclp_quiesce_info);
+}
+
+type_init(register_types)
-- 
1.7.12.4

[Qemu-devel] [PATCH 1/6] s390/kvm_stat: correct sys_perf_event_open syscall number

[Jens Freimann]

From: Heinz Graalfs 

Correct sys_perf_event_open syscall number for s390 architecture
   - the hardcoded syscall number 298 is for x86 but should
 be different for other architectures.
 In case we figure out via /proc/cpuinfo that we are running
 on s390 the appropriate syscall number is used from map
 syscall_numbers; other architectures can extend this.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Jens Freimann 
---
 scripts/kvm/kvm_stat | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/scripts/kvm/kvm_stat b/scripts/kvm/kvm_stat
index e8d68f0..762544b 100755
--- a/scripts/kvm/kvm_stat
+++ b/scripts/kvm/kvm_stat
@@ -170,6 +170,12 @@ vendor_exit_reasons = {
 'IBM/S390': s390_exit_reasons,
 }
 
+syscall_numbers = {
+'IBM/S390': 331,
+}
+
+sc_perf_evt_open = 298
+
 exit_reasons = None
 
 for line in file('/proc/cpuinfo').readlines():
@@ -177,7 +183,8 @@ for line in file('/proc/cpuinfo').readlines():
 for flag in line.split():
 if flag in vendor_exit_reasons:
 exit_reasons = vendor_exit_reasons[flag]
-
+if flag in syscall_numbers:
+sc_perf_evt_open = syscall_numbers[flag]
 filters = {
 'kvm_exit': ('exit_reason', exit_reasons)
 }
@@ -206,7 +213,7 @@ class perf_event_attr(ctypes.Structure):
 ('bp_len', ctypes.c_uint64),
 ]
 def _perf_event_open(attr, pid, cpu, group_fd, flags):
-return syscall(298, ctypes.pointer(attr), ctypes.c_int(pid),
+return syscall(sc_perf_evt_open, ctypes.pointer(attr), ctypes.c_int(pid),
ctypes.c_int(cpu), ctypes.c_int(group_fd),
ctypes.c_long(flags))
 
-- 
1.7.12.4

[Qemu-devel] [PATCH 4/6] s390: sclp event support

[Jens Freimann]

From: Heinz Graalfs 

Several SCLP features are considered to be events. Those events don't
provide SCLP commands on their own, instead they are all based on
Read Event Data, Write Event Data, Write Event Mask and the service
interrupt. Follow-on patches will provide SCLP's Signal Quiesce (via
system_powerdown) and the ASCII console.
Further down the road the sclp line mode console and configuration
change events (e.g. cpu hotplug) can be implemented.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
Signed-off-by: Jens Freimann 
---
 hw/s390-virtio.c  |   2 +
 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c | 391 ++
 hw/s390x/event-facility.h |  96 
 hw/s390x/sclp.c   |  49 +-
 hw/s390x/sclp.h   |  42 +
 6 files changed, 579 insertions(+), 2 deletions(-)
 create mode 100644 hw/s390x/event-facility.c
 create mode 100644 hw/s390x/event-facility.h

diff --git a/hw/s390-virtio.c b/hw/s390-virtio.c
index 85bd13e..52a4536 100644
--- a/hw/s390-virtio.c
+++ b/hw/s390-virtio.c
@@ -32,6 +32,7 @@
 #include "exec-memory.h"
 
 #include "hw/s390-virtio-bus.h"
+#include "hw/s390x/sclp.h"
 
 //#define DEBUG_S390
 
@@ -184,6 +185,7 @@ static void s390_init(QEMUMachineInitArgs *args)
 
 /* get a BUS */
 s390_bus = s390_virtio_bus_init(&my_ram_size);
+s390_sclp_init();
 
 /* allocate RAM */
 memory_region_init_ram(ram, "s390.ram", my_ram_size);
diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 1c14b96..b32fc52 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -2,3 +2,4 @@ obj-y = s390-virtio-bus.o s390-virtio.o
 
 obj-y := $(addprefix ../,$(obj-y))
 obj-y += sclp.o
+obj-y += event-facility.o
diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
new file mode 100644
index 000..1108e2d
--- /dev/null
+++ b/hw/s390x/event-facility.c
@@ -0,0 +1,391 @@
+/*
+ * SCLP
+ *Event Facility
+ *   handles SCLP event types
+ *  - Signal Quiesce - system power down
+ *  - ASCII Console Data - VT220 read and write
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "monitor.h"
+#include "sysemu.h"
+
+#include "sclp.h"
+#include "event-facility.h"
+
+typedef struct EventTypesBus {
+BusState qbus;
+} EventTypesBus;
+
+struct SCLPEventFacility {
+EventTypesBus sbus;
+DeviceState *qdev;
+/* guest' receive mask */
+unsigned int receive_mask;
+};
+
+/* return true if any child has event pending set */
+static bool event_pending(SCLPEventFacility *ef)
+{
+BusChild *kid;
+SCLPEvent *event;
+SCLPEventClass *event_class;
+
+QTAILQ_FOREACH(kid, &ef->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+event = DO_UPCAST(SCLPEvent, qdev, qdev);
+event_class = SCLP_EVENT_GET_CLASS(event);
+if (event->event_pending &&
+event_class->get_send_mask() & ef->receive_mask) {
+return true;
+}
+}
+return false;
+}
+
+static unsigned int get_host_send_mask(SCLPEventFacility *ef)
+{
+unsigned int mask;
+BusChild *kid;
+SCLPEventClass *child;
+
+mask = 0;
+
+QTAILQ_FOREACH(kid, &ef->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
+mask |= child->get_send_mask();
+}
+return mask;
+}
+
+static unsigned int get_host_receive_mask(SCLPEventFacility *ef)
+{
+unsigned int mask;
+BusChild *kid;
+SCLPEventClass *child;
+
+mask = 0;
+
+QTAILQ_FOREACH(kid, &ef->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
+mask |= child->get_receive_mask();
+}
+return mask;
+}
+
+static uint16_t write_event_length_check(SCCB *sccb)
+{
+int slen;
+unsigned elen = 0;
+EventBufferHeader *event;
+WriteEventData *wed = (WriteEventData *) sccb;
+
+event = (EventBufferHeader *) &wed->ebh;
+for (slen = sccb_data_len(sccb); slen > 0; slen -= elen) {
+elen = be16_to_cpu(event->length);
+if (elen < sizeof(*event) || elen > slen) {
+return SCLP_RC_EVENT_BUFFER_SYNTAX_ERROR;
+}
+event = (void *) event + elen;
+}
+if (slen) {
+return SCLP_RC_INCONSISTENT_LENGTHS;
+}
+return SCLP_RC_NORMAL_COMPLETION;
+}
+
+static uint16_t handle_write_event_buf(SCLPEventFacility *ef,
+   EventBufferHeader *event_buf, SCCB 
*sccb)
+{
+uint16_t rc;
+BusChild *kid;
+SCLPEvent *event;
+SCLPEventClass *ec;
+
+QTAILQ_FOREACH(kid, &ef->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+even

[Qemu-devel] [PATCH 2/6] s390: use sync regs for register transfer

[Jens Freimann]

From: Christian Borntraeger 

Newer kernels provide the guest registers in kvm_run. Lets use
those if available (i.e. the capability is set). This avoids
ioctls on cpu_synchronize_state making intercepts faster.

In addition, we have now the prefix register, the access registers
the control registers up to date. This helps in certain cases,
e.g. for resolving kernel module addresses with gdb on a guest.

On return, we update the registers according to the level statement,
i.e. we put all registers for KVM_PUT_FULL_STATE and _RESET_STATE.

Signed-off-by: Christian Borntraeger 
Signed-off-by: Jens Freimann 
---
 target-s390x/kvm.c | 112 +++--
 1 file changed, 92 insertions(+), 20 deletions(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 07edf93..e19a44d 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -67,8 +67,11 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
 
+static int cap_sync_regs;
+
 int kvm_arch_init(KVMState *s)
 {
+cap_sync_regs = kvm_check_extension(s, KVM_CAP_SYNC_REGS);
 return 0;
 }
 
@@ -90,47 +93,116 @@ void kvm_arch_reset_vcpu(CPUS390XState *env)
 
 int kvm_arch_put_registers(CPUS390XState *env, int level)
 {
+struct kvm_sregs sregs;
 struct kvm_regs regs;
 int ret;
 int i;
 
-ret = kvm_vcpu_ioctl(env, KVM_GET_REGS, ®s);
-if (ret < 0) {
-return ret;
-}
+/* always save the PSW  and the GPRS*/
+env->kvm_run->psw_addr = env->psw.addr;
+env->kvm_run->psw_mask = env->psw.mask;
 
-for (i = 0; i < 16; i++) {
-regs.gprs[i] = env->regs[i];
+if (cap_sync_regs && env->kvm_run->kvm_valid_regs & KVM_SYNC_GPRS) {
+for (i = 0; i < 16; i++) {
+env->kvm_run->s.regs.gprs[i] = env->regs[i];
+env->kvm_run->kvm_dirty_regs |= KVM_SYNC_GPRS;
+}
+} else {
+for (i = 0; i < 16; i++) {
+regs.gprs[i] = env->regs[i];
+}
+ret = kvm_vcpu_ioctl(env, KVM_SET_REGS, ®s);
+if (ret < 0) {
+return ret;
+}
 }
 
-ret = kvm_vcpu_ioctl(env, KVM_SET_REGS, ®s);
-if (ret < 0) {
-return ret;
+/* Do we need to save more than that? */
+if (level == KVM_PUT_RUNTIME_STATE) {
+return 0;
 }
 
-env->kvm_run->psw_addr = env->psw.addr;
-env->kvm_run->psw_mask = env->psw.mask;
+if (cap_sync_regs &&
+env->kvm_run->kvm_valid_regs & KVM_SYNC_ACRS &&
+env->kvm_run->kvm_valid_regs & KVM_SYNC_CRS) {
+for (i = 0; i < 16; i++) {
+env->kvm_run->s.regs.acrs[i] = env->aregs[i];
+env->kvm_run->s.regs.crs[i] = env->cregs[i];
+}
+env->kvm_run->kvm_dirty_regs |= KVM_SYNC_ACRS;
+env->kvm_run->kvm_dirty_regs |= KVM_SYNC_CRS;
+} else {
+for (i = 0; i < 16; i++) {
+sregs.acrs[i] = env->aregs[i];
+sregs.crs[i] = env->cregs[i];
+}
+ret = kvm_vcpu_ioctl(env, KVM_SET_SREGS, &sregs);
+if (ret < 0) {
+return ret;
+}
+}
 
-return ret;
+/* Finally the prefix */
+if (cap_sync_regs && env->kvm_run->kvm_valid_regs & KVM_SYNC_PREFIX) {
+env->kvm_run->s.regs.prefix = env->psa;
+env->kvm_run->kvm_dirty_regs |= KVM_SYNC_PREFIX;
+} else {
+/* prefix is only supported via sync regs */
+}
+return 0;
 }
 
 int kvm_arch_get_registers(CPUS390XState *env)
 {
-int ret;
+struct kvm_sregs sregs;
 struct kvm_regs regs;
+int ret;
 int i;
 
-ret = kvm_vcpu_ioctl(env, KVM_GET_REGS, ®s);
-if (ret < 0) {
-return ret;
+/* get the PSW */
+env->psw.addr = env->kvm_run->psw_addr;
+env->psw.mask = env->kvm_run->psw_mask;
+
+/* the GPRS */
+if (cap_sync_regs && env->kvm_run->kvm_valid_regs & KVM_SYNC_GPRS) {
+for (i = 0; i < 16; i++) {
+env->regs[i] = env->kvm_run->s.regs.gprs[i];
+}
+} else {
+ret = kvm_vcpu_ioctl(env, KVM_GET_REGS, ®s);
+if (ret < 0) {
+return ret;
+}
+ for (i = 0; i < 16; i++) {
+env->regs[i] = regs.gprs[i];
+}
 }
 
-for (i = 0; i < 16; i++) {
-env->regs[i] = regs.gprs[i];
+/* The ACRS and CRS */
+if (cap_sync_regs &&
+env->kvm_run->kvm_valid_regs & KVM_SYNC_ACRS &&
+env->kvm_run->kvm_valid_regs & KVM_SYNC_CRS) {
+for (i = 0; i < 16; i++) {
+env->aregs[i] = env->kvm_run->s.regs.acrs[i];
+env->cregs[i] = env->kvm_run->s.regs.crs[i];
+}
+} else {
+ret = kvm_vcpu_ioctl(env, KVM_GET_SREGS, &sregs);
+if (ret < 0) {
+return ret;
+}
+ for (i = 0; i < 16; i++) {
+env->aregs[i] = sregs.acrs[i];
+env->cregs[i] = sregs.crs[i];
+}
 }
 
-env->psw.addr = env->kvm_run->psw_addr;
-env->psw.mask = env->kvm_run->psw_mask;
+/* Finally

[Qemu-devel] [PATCH 0/6] s390 patches

[Jens Freimann]

Hi Alex,

this is our current s390 patch queue. The SCLP patches only received minor 
review comments
last time they were posted and have been tested internally for a while now. The 
same applies
to Christian's sync regs patch. 

Christian Borntraeger (1):
  s390: use sync regs for register transfer

Heinz Graalfs (5):
  s390/kvm_stat: correct sys_perf_event_open syscall number
  s390: sclp base support
  s390: sclp event support
  s390: sclp signal quiesce support
  s390: sclp ascii console support

 hw/s390-virtio.c   |   2 +
 hw/s390x/Makefile.objs |   3 +
 hw/s390x/event-facility.c  | 398 +
 hw/s390x/event-facility.h  |  96 +++
 hw/s390x/sclp.c| 163 +++
 hw/s390x/sclp.h| 118 ++
 hw/s390x/sclpconsole.c | 306 ++
 hw/s390x/sclpquiesce.c | 123 ++
 scripts/kvm/kvm_stat   |  11 +-
 target-s390x/cpu.h |  13 +-
 target-s390x/kvm.c | 117 ++---
 target-s390x/misc_helper.c |  45 +
 12 files changed, 1313 insertions(+), 82 deletions(-)
 create mode 100644 hw/s390x/event-facility.c
 create mode 100644 hw/s390x/event-facility.h
 create mode 100644 hw/s390x/sclp.c
 create mode 100644 hw/s390x/sclp.h
 create mode 100644 hw/s390x/sclpconsole.c
 create mode 100644 hw/s390x/sclpquiesce.c

-- 
1.7.12.4

[Qemu-devel] [PATCH 3/6] s390: sclp base support

[Jens Freimann]

From: Heinz Graalfs 

This adds a more generic infrastructure for handling Service-Call
requests on s390. Currently we only support a small subset of Read
SCP Info directly in target-s390x. This patch provides the base
infrastructure for supporting more commands and moves Read SCP
Info.
In the future we could add additional commands for hotplug, call
home and event handling.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
Signed-off-by: Jens Freimann 
---
 hw/s390x/Makefile.objs |   1 +
 hw/s390x/sclp.c| 118 +
 hw/s390x/sclp.h|  76 +
 target-s390x/cpu.h |  13 +
 target-s390x/kvm.c |   5 +-
 target-s390x/misc_helper.c |  45 +
 6 files changed, 198 insertions(+), 60 deletions(-)
 create mode 100644 hw/s390x/sclp.c
 create mode 100644 hw/s390x/sclp.h

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index dcdcac8..1c14b96 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -1,3 +1,4 @@
 obj-y = s390-virtio-bus.o s390-virtio.o
 
 obj-y := $(addprefix ../,$(obj-y))
+obj-y += sclp.o
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
new file mode 100644
index 000..d902a66
--- /dev/null
+++ b/hw/s390x/sclp.c
@@ -0,0 +1,118 @@
+/*
+ * SCLP Support
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Christian Borntraeger 
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "cpu.h"
+#include "kvm.h"
+#include "memory.h"
+
+#include "sclp.h"
+
+/* Provide information about the configuration, CPUs and storage */
+static void read_SCP_info(SCCB *sccb)
+{
+ReadInfo *read_info = (ReadInfo *) sccb;
+int shift = 0;
+
+while ((ram_size >> (20 + shift)) > 65535) {
+shift++;
+}
+read_info->rnmax = cpu_to_be16(ram_size >> (20 + shift));
+read_info->rnsize = 1 << shift;
+sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
+}
+
+static void sclp_execute(SCCB *sccb, uint64_t code)
+{
+switch (code) {
+case SCLP_CMDW_READ_SCP_INFO:
+case SCLP_CMDW_READ_SCP_INFO_FORCED:
+read_SCP_info(sccb);
+break;
+default:
+sccb->h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND);
+break;
+}
+}
+
+int sclp_service_call(uint32_t sccb, uint64_t code)
+{
+int r = 0;
+SCCB work_sccb;
+
+hwaddr sccb_len = sizeof(SCCB);
+
+/* first some basic checks on program checks */
+if (cpu_physical_memory_is_io(sccb)) {
+r = -PGM_ADDRESSING;
+goto out;
+}
+if (sccb & ~0x7ff8ul) {
+r = -PGM_SPECIFICATION;
+goto out;
+}
+
+/*
+ * we want to work on a private copy of the sccb, to prevent guests
+ * from playing dirty tricks by modifying the memory content after
+ * the host has checked the values
+ */
+cpu_physical_memory_read(sccb, &work_sccb, sccb_len);
+
+/* Valid sccb sizes */
+if (be16_to_cpu(work_sccb.h.length) < sizeof(SCCBHeader) ||
+be16_to_cpu(work_sccb.h.length) > SCCB_SIZE) {
+r = -PGM_SPECIFICATION;
+goto out;
+}
+
+sclp_execute((SCCB *)&work_sccb, code);
+
+cpu_physical_memory_write(sccb, &work_sccb,
+  be16_to_cpu(work_sccb.h.length));
+
+sclp_service_interrupt(sccb);
+
+out:
+return r;
+}
+
+void sclp_service_interrupt(uint32_t sccb)
+{
+s390_sclp_extint(sccb & ~3);
+}
+
+/* qemu object creation and initialization functions */
+
+static void s390_sclp_device_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *dc = SYS_BUS_DEVICE_CLASS(klass);
+
+dc->init = s390_sclp_dev_init;
+}
+
+static TypeInfo s390_sclp_device_info = {
+.name = TYPE_DEVICE_S390_SCLP,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(S390SCLPDevice),
+.class_init = s390_sclp_device_class_init,
+.class_size = sizeof(S390SCLPDeviceClass),
+.abstract = true,
+};
+
+static void s390_sclp_register_types(void)
+{
+type_register_static(&s390_sclp_device_info);
+}
+
+type_init(s390_sclp_register_types)
diff --git a/hw/s390x/sclp.h b/hw/s390x/sclp.h
new file mode 100644
index 000..e9ad42b
--- /dev/null
+++ b/hw/s390x/sclp.h
@@ -0,0 +1,76 @@
+/*
+ * SCLP Support
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Christian Borntraeger 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef HW_S390_SCLP_H
+#define HW_S390_SCLP_H
+
+#include 
+#include 
+
+/* SCLP command codes */
+#define SCLP_CMDW_READ_SCP_INFO 0x00020001
+#define SCLP_CMDW_READ_SCP_INFO_FORCED  0x00120001
+
+/* SCLP response codes */
+#define SCLP_RC_NORMAL_READ_COMPLETION  0x00

Re: [Qemu-devel] [PATCH] disallow -daemonize usage of stdio (curses display, -nographic, -serial stdio etc)

[Michael Tokarev]

29.10.2012 13:18, Stefan Hajnoczi wrote:
> On Sat, Oct 27, 2012 at 05:15:15PM +0400, Michael Tokarev wrote:
>> diff --git a/vl.c b/vl.c
>> index 9f99ef4..db48d62 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -3413,6 +3413,26 @@ int main(int argc, char **argv, char **envp)
>>  default_sdcard = 0;
>>  }
>>  
>> +if (is_daemonized()) {
>> +/* According to documentation and historically, -nographic redirects
>> + * serial port, parallel port and monitor to stdio, which does not 
>> work
>> + * with -daemonize.  We can redirect these to null instead, but 
>> since
>> + * -nographic is legacy, let's just error out.
>> + */
>> +if (display_type == DT_NOGRAPHIC
>> +/* && (default_parallel || default_serial
>> +|| default_monitor || default_virtcon) */) {
> 
> Uncomment these?

I'd say treat it as a documentation comment, sort of.
If all 4 other options are specified, -nographics has
no effect, so this very case is not very interesting --
once you specify all 4, you don't need -nographic.
But keeping this special case around makes behavour
less consistent: -nographic starts sometimes working
and sometimes not.

Now when it isn't possible to use stdio chr backend
with -daemonize, it isn't really necessary to test
even for DT_NOGRAPHIC: if we wont, next we'll try
to create stdio backend which will fail.  The only
purpose for this test is to give more understandable
error message.

(Checking for DT_CURSES is still necessary).

Thanks,

/mjt

Re: [Qemu-devel] [PATCH v12 09/14] target-mips: Add ASE DSP bit/manipulation instructions

[Jia Liu]

Hi Petar,

On Sun, Oct 28, 2012 at 6:58 AM, Jovanovic, Petar  wrote:
> +case OPC_REPL_PH:
> +check_dsp(ctx);
> +{
> +imm = (ctx->opcode >> 16) & 0x03FF;
> +tcg_gen_movi_tl(cpu_gpr[ret], \
> +(target_long)((int32_t)imm << 16 | \
> +(uint32_t)(uint16_t)imm));
> +}
>
> 10-bit integer in REPL.PH is signed, so this code will not work for negative
> values.
> You need to sign-extend it, e.g. something like this:
>
> +imm = (ctx->opcode >> 16) & 0x03FF;
> +if (imm & (1 << 9)) {
> +  /* imm is negative, sign-extend it to 16 bits. */
> +  imm |= 0xFC00;
> +}
> +tcg_gen_movi_tl(cpu_gpr[ret], \
> +(target_long)((int32_t)imm << 16 | \
> +(uint32_t)(uint16_t)imm));
>
> As far as I can see, the test cases for REPL.PH in
> tests/tcg/mips/mips32-dsp/repl_ph.c cover only positive values.
> Make sure you include test cases for negative values as well.
>
> Petar

New code:
case OPC_REPL_PH:
check_dsp(ctx);
{
imm = (ctx->opcode >> 16) & 0x03FF;
imm = (int16_t)(imm << 6) >> 6;
tcg_gen_movi_tl(cpu_gpr[ret], \
(target_long)(int32_t)((int32_t)imm << 16 | \
(uint32_t)(uint16_t)imm));
}
break;

And the new test:
#include
#include

int main()
{
int rd, result;

result = 0x01BF01BF;
__asm
("repl.ph %0, 0x1BF\n\t"
 : "=r"(rd)
);
assert(rd == result);

result = 0x;
__asm
("repl.ph %0, -1\n\t"
 : "=r"(rd)
);
assert(rd == result);

return 0;
}

is it OK?
And the other tests have be fixed.

Regards,
Jia.

Re: [Qemu-devel] [Patch]KVM: enabling per domain PLE

[Hu, Xuekun]

Hi, Avi

> 
> Yes, some cloud vendors already knew that different PLE values has big
> performance impact on their applications. They want one interface for them to
> set. And I think the big cloud vendors should have administrators that have
> experience on PLE tuning. :-)
> 

For current stage, do you think still need to approach dynamic adaptive ple 
solution? 


> 
> > --
> > error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 3/4] QAPI: Introduce memchar-read QMP command

[Luiz Capitulino]

On Mon, 29 Oct 2012 12:09:38 +0800
Lei Li  wrote:

> On 10/27/2012 01:39 AM, Luiz Capitulino wrote:
> > On Fri, 26 Oct 2012 19:21:51 +0800
> > Lei Li  wrote:
> >
> >> Signed-off-by: Lei Li 
> >> ---
> >>   hmp-commands.hx  |   19 ++
> >>   hmp.c|   19 ++
> >>   hmp.h|1 +
> >>   qapi-schema.json |   27 ++
> >>   qemu-char.c  |   55 
> >> ++
> >>   qmp-commands.hx  |   40 +++
> >>   6 files changed, 161 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/hmp-commands.hx b/hmp-commands.hx
> >> index a37b8e9..df294eb 100644
> >> --- a/hmp-commands.hx
> >> +++ b/hmp-commands.hx
> >> @@ -842,6 +842,25 @@ is full/empty, for now just assume a drop behaver in 
> >> these two commands.
> >>   ETEXI
> >>   
> >>   {
> >> +.name   = "memchar_read",
> >> +.args_type  = "chardev:s,size:i",
> >> +.params = "chardev size",
> >> +.mhandler.cmd = hmp_memchar_read,
> >> +},
> >> +
> >> +STEXI
> >> +@item memchar_read @var{chardev}
> >> +@findex memchar_read
> >> +Provide read interface for CirMemCharDriver. Read from cirmemchr
> >> +char device and return @var{size} of the data.
> >> +
> >> +@var{size} is the size of data want to read from. Refer to unencoded
> >> +size of the raw data, would adjust to the init size of the memchar
> >> +if the requested size is larger than it.
> >> +
> >> +ETEXI
> >> +
> >> +{
> >>   .name   = "migrate",
> >>   .args_type  = "detach:-d,blk:-b,inc:-i,uri:s",
> >>   .params = "[-d] [-b] [-i] uri",
> >> diff --git a/hmp.c b/hmp.c
> >> index 082985b..ef85736 100644
> >> --- a/hmp.c
> >> +++ b/hmp.c
> >> @@ -698,6 +698,25 @@ void hmp_memchar_write(Monitor *mon, const QDict 
> >> *qdict)
> >>   hmp_handle_error(mon, &errp);
> >>   }
> >>   
> >> +void hmp_memchar_read(Monitor *mon, const QDict *qdict)
> >> +{
> >> +uint32_t size = qdict_get_int(qdict, "size");
> >> +const char *chardev = qdict_get_str(qdict, "chardev");
> >> +char *data;
> >> +enum DataFormat format;
> > You don't need this variable.
> 
> ok.
> 
> >
> >> +Error *errp = NULL;
> >> +
> >> +format = DATA_FORMAT_UTF8;
> >> +data = qmp_memchar_read(chardev, size, true, format, &errp);
> >> +if (errp) {
> >> +monitor_printf(mon, "%s\n", error_get_pretty(errp));
> >> +error_free(errp);
> >> +return;
> >> +}
> >> +
> >> +monitor_printf(mon, "%s\n", data);
> >> +}
> >> +
> >>   static void hmp_cont_cb(void *opaque, int err)
> >>   {
> >>   if (!err) {
> >> diff --git a/hmp.h b/hmp.h
> >> index 406ebb1..a5a0cfe 100644
> >> --- a/hmp.h
> >> +++ b/hmp.h
> >> @@ -44,6 +44,7 @@ void hmp_cpu(Monitor *mon, const QDict *qdict);
> >>   void hmp_memsave(Monitor *mon, const QDict *qdict);
> >>   void hmp_pmemsave(Monitor *mon, const QDict *qdict);
> >>   void hmp_memchar_write(Monitor *mon, const QDict *qdict);
> >> +void hmp_memchar_read(Monitor *mon, const QDict *qdict);
> >>   void hmp_cont(Monitor *mon, const QDict *qdict);
> >>   void hmp_system_wakeup(Monitor *mon, const QDict *qdict);
> >>   void hmp_inject_nmi(Monitor *mon, const QDict *qdict);
> >> diff --git a/qapi-schema.json b/qapi-schema.json
> >> index 43ef6bc..a8c9430 100644
> >> --- a/qapi-schema.json
> >> +++ b/qapi-schema.json
> >> @@ -372,6 +372,33 @@
> >>  '*format': 'DataFormat'} }
> >>   
> >>   ##
> >> +# @memchar-read:
> >> +#
> >> +# Provide read interface for memchardev. Read from memchar
> >> +# char device and return the data.
> >> +#
> >> +# @chardev: the name of the memchar char device.
> >> +#
> >> +# @size: the size to read in bytes.
> >> +#
> >> +# @format: #optional the format of the data want to read from
> >> +#  memchardev, by default is 'utf8'.
> >> +#
> >> +# Returns: The data read from memchar as string
> >> +#  If @chardev is not a valid memchr device, DeviceNotFound
> >> +#
> >> +# Notes: The option 'block' is not supported now due to the miss
> >> +#feature in qmp. Will add it later when we gain the necessary
> >> +#infrastructure enhancement. For now just assume 'drop' behaver
> >> +#for this command.
> > Please, replace this note with an explanation of the current behavior. No
> > need to talk about the future.
> 
> ok.
> 
> >
> >> +#
> >> +# Since: 1.3
> >> +##
> >> +{ 'command': 'memchar-read',
> >> +  'data': {'chardev': 'str', 'size': 'int', '*format': 'DataFormat'},
> >> +  'returns': 'str' }
> >> +
> >> +##
> >>   # @CommandInfo:
> >>   #
> >>   # Information about a QMP command
> >> diff --git a/qemu-char.c b/qemu-char.c
> >> index 6114e29..cf88f71 100644
> >> --- a/qemu-char.c
> >> +++ b/qemu-char.c
> >> @@ -2761,6 +2761,61 @@ void qmp_memchar_write(const char *chardev, int64_t 
> >> size,
> >>   }
> >>   }
> >>   
> >> +char *qmp_memchar_read(const char *chardev, in

Re: [Qemu-devel] [PATCH v3 2/8] usb/ehci: Use class_data to init PCI variations

[Andreas Färber]

Am 29.10.2012 12:43, schrieb Peter Crosthwaite:
> 
> On Oct 29, 2012 7:35 PM, "Andreas Färber"  > wrote:
>>
>> Am 29.10.2012 02:34, schrieb Peter Crosthwaite:
>> > Got rid of the duplication of the class init functions for the two
> PCI EHCI
>> > variants. The PCI specifics are passed in as as class_data and set
> by a common
>> > class_init function.
>> >
>> > Premeptively defined a new Class "EHCICLass" for the upcomming
> addition of new
>>
>> "Preemptively", "upcoming"
>>
>> > fields. The class_data is an instance of EHCICLass that forms a
> template for the
>> > class to generate.
>>
>> Using "EHCI[PCI]Class" to template itself seems a bit awkward, Anthony
>> do you have any thoughts on this? The usual way would be to have a
>> dedicated EHCIInfo struct or so.
> 
> Why? The class struct defines the exactly all information needed. Seems
> redundant and error prone to have to maintain two structs with the same
> fields?

This was a general discussion, involving Anthony and others. One reason
I can think of is that PCIDeviceClass is much larger than the actual
values you are interested in. I once did such a hack involving
XtensaCPUClass and worked around it for applying I believe.

>> >
>> > Signed-off-by: Peter Crosthwaite  >
>> > ---
>> > Got rid of union for sharing EHCIClassDefinition - made PCI specific
>> > Simplified literal class_data arrays in ehci_info accordingly
>> > removed null sentinel from ehci_info and used ARRAY_SIZE for
> type_regsiter loop
>> >   bound instead
>> >
>> >  hw/usb/hcd-ehci.c |   76
> 
>> >  1 files changed, 41 insertions(+), 35 deletions(-)
>> >
>> > diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
>> > index 6c65a73..274225b 100644
>> > --- a/hw/usb/hcd-ehci.c
>> > +++ b/hw/usb/hcd-ehci.c
>> > @@ -2641,46 +2641,49 @@ static Property ehci_properties[] = {
>> >  DEFINE_PROP_END_OF_LIST(),
>> >  };
>> >
>> > -static void ehci_class_init(ObjectClass *klass, void *data)
>> > -{
>> > -DeviceClass *dc = DEVICE_CLASS(klass);
>> > -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
>> > -
>> > -k->init = usb_ehci_initfn;
>> > -k->vendor_id = PCI_VENDOR_ID_INTEL;
>> > -k->device_id = PCI_DEVICE_ID_INTEL_82801D; /* ich4 */
>> > -k->revision = 0x10;
>> > -k->class_id = PCI_CLASS_SERIAL_USB;
>> > -dc->vmsd = &vmstate_ehci;
>> > -dc->props = ehci_properties;
>> > -}
>> > +typedef struct EHCIPCIClass {
>> > +PCIDeviceClass pci;
>> > +} EHCIPCIClass;
>> >
>> > -static TypeInfo ehci_info = {
>> > -.name  = "usb-ehci",
>> > -.parent= TYPE_PCI_DEVICE,
>> > -.instance_size = sizeof(EHCIState),
>> > -.class_init= ehci_class_init,
>> > -};
>> > -
>> > -static void ich9_ehci_class_init(ObjectClass *klass, void *data)
>> > +static void ehci_class_init(ObjectClass *klass, void *data)
>> >  {
>> >  DeviceClass *dc = DEVICE_CLASS(klass);
>> > -PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
>> > -
>> > -k->init = usb_ehci_initfn;
>> > -k->vendor_id = PCI_VENDOR_ID_INTEL;
>> > -k->device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1;
>> > -k->revision = 0x03;
>> > -k->class_id = PCI_CLASS_SERIAL_USB;
>> > +EHCIPCIClass *k = (EHCIPCIClass *)klass;
>>
>> Please use a proper QOM cast macro: EHCI_PCI_CLASS(klass)
>>
> 
> How is this possible whe TYPE_EHCI_PCI doesn't exist ? The FOO_CLASS
> macros require the name of the class but that does not exist as its a
> dynamic class.

Well, why doesn't it exist? Surely a type exists that uses your
EHCIPCIClass struct and if we don't have an abstract base type for
individual models then adding a TypeInfo alongside the struct surely is
clean and trivial.

>> In this case however, please keep using PCIDeviceClass rather than
>> trying to access it through a named member. If we need to access any
>> dedicated EHCIPCIClass fields later in the series we can add additional
>> variables the QOM way.
> 
> What do you mean the Qom way? Don't we just add fields to the class and
> class_info and class_init copies them across ?

The QOM way refers to accessing fields directly: k->foo, not x->bar.foo.
Your patch adds unnecessary indirection here when all you're actually
changing is the assignment of three values. This was discussed between
Anthony, mst and others in lengths.

>> > +EHCIPCIClass *template = data;
>> > +
>> > +k->pci.init = usb_ehci_initfn;
>> > +k->pci.vendor_id = template->pci.vendor_id;
>> > +k->pci.device_id = template->pci.device_id; /* ich4 */
>> > +k->pci.revision = template->pci.revision;
>> > +k->pci.class_id = PCI_CLASS_SERIAL_USB;
>> >  dc->vmsd = &vmstate_ehci;
>> >  dc->props = ehci_properties;
>> >  }
>> >
>> > -static TypeInfo ich9_ehci_info = {
>> > -.name  = "ich9-usb-ehci1",
>> > -.parent= TYPE_PCI_DEVICE,
>> > -.instance_size = sizeof(EHCIState),
>> > -.class_init  

Re: [Qemu-devel] [PATCH 2/4] QAPI: Introduce memchar-write QMP command

[Luiz Capitulino]

On Mon, 29 Oct 2012 12:10:24 +0800
Lei Li  wrote:

> On 10/27/2012 01:17 AM, Luiz Capitulino wrote:
> > On Fri, 26 Oct 2012 19:21:50 +0800
> > Lei Li  wrote:
> >
> >> Signed-off-by: Lei Li 
> >> ---
> >>   hmp-commands.hx  |   17 +
> >>   hmp.c|   15 +++
> >>   hmp.h|1 +
> >>   qapi-schema.json |   47 +++
> >>   qemu-char.c  |   44 
> >>   qmp-commands.hx  |   34 ++
> >>   6 files changed, 158 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/hmp-commands.hx b/hmp-commands.hx
> >> index e0b537d..a37b8e9 100644
> >> --- a/hmp-commands.hx
> >> +++ b/hmp-commands.hx
> >> @@ -825,6 +825,23 @@ Inject an NMI on the given CPU (x86 only).
> >>   ETEXI
> >>   
> >>   {
> >> +.name   = "memchar_write",
> >> +.args_type  = "chardev:s,data:s",
> >> +.params = "chardev data",
> >> +.mhandler.cmd = hmp_memchar_write,
> >> +},
> >> +
> >> +STEXI
> >> +@item memchar_write @var{chardev} @var{data}
> >> +@findex memchar_write
> >> +Provide writing interface for CirMemCharDriver. Write @var{data}
> >> +to cirmemchr char device. Note that we  will add 'control' options
> >> +for read and write command that specifies behavior when the queue
> >> +is full/empty, for now just assume a drop behaver in these two commands.
> > You can drop everything after "Note".
> >
> ok
> 
> >> +
> >> +ETEXI
> >> +
> >> +{
> >>   .name   = "migrate",
> >>   .args_type  = "detach:-d,blk:-b,inc:-i,uri:s",
> >>   .params = "[-d] [-b] [-i] uri",
> >> diff --git a/hmp.c b/hmp.c
> >> index 2b97982..082985b 100644
> >> --- a/hmp.c
> >> +++ b/hmp.c
> >> @@ -683,6 +683,21 @@ void hmp_pmemsave(Monitor *mon, const QDict *qdict)
> >>   hmp_handle_error(mon, &errp);
> >>   }
> >>   
> >> +void hmp_memchar_write(Monitor *mon, const QDict *qdict)
> >> +{
> >> +uint32_t size;
> >> +const char *chardev = qdict_get_str(qdict, "chardev");
> >> +const char *data = qdict_get_str(qdict, "data");
> >> +enum DataFormat format;
> > Why do you need this variable?
> 
> Sure, I will drop this.
> 
> >> +Error *errp = NULL;
> >> +
> >> +size = strlen(data);
> >> +format = DATA_FORMAT_UTF8;
> >> +qmp_memchar_write(chardev, size, data, true, format, &errp);
> >> +
> >> +hmp_handle_error(mon, &errp);
> >> +}
> >> +
> >>   static void hmp_cont_cb(void *opaque, int err)
> >>   {
> >>   if (!err) {
> >> diff --git a/hmp.h b/hmp.h
> >> index 71ea384..406ebb1 100644
> >> --- a/hmp.h
> >> +++ b/hmp.h
> >> @@ -43,6 +43,7 @@ void hmp_system_powerdown(Monitor *mon, const QDict 
> >> *qdict);
> >>   void hmp_cpu(Monitor *mon, const QDict *qdict);
> >>   void hmp_memsave(Monitor *mon, const QDict *qdict);
> >>   void hmp_pmemsave(Monitor *mon, const QDict *qdict);
> >> +void hmp_memchar_write(Monitor *mon, const QDict *qdict);
> >>   void hmp_cont(Monitor *mon, const QDict *qdict);
> >>   void hmp_system_wakeup(Monitor *mon, const QDict *qdict);
> >>   void hmp_inject_nmi(Monitor *mon, const QDict *qdict);
> >> diff --git a/qapi-schema.json b/qapi-schema.json
> >> index c615ee2..43ef6bc 100644
> >> --- a/qapi-schema.json
> >> +++ b/qapi-schema.json
> >> @@ -325,6 +325,53 @@
> >>   { 'command': 'query-chardev', 'returns': ['ChardevInfo'] }
> >>   
> >>   ##
> >> +# @DataFormat:
> >> +#
> >> +# An enumeration of data format. The default value would
> >> +# be utf8.
> > Please, remove the "default value" part. This is decided by the command
> > using this type.
> 
> Now the option format is optional, if it's not set then default by 'utf8'.
> I think it's a reasonable behaver. :)

What I meant is that the right place to say what the value is is in
the command documentation, not in @DataFormat doc. Here, only having
"An enumeration of data encodings" is fine.

> >> +#
> >> +# @utf8: The data format is 'utf8'.
> >> +#
> >> +# @base64: The data format is 'base64'.
> >> +#
> >> +# Note: The data format start with 'utf8' and 'base64',
> >> +#   will support other data format as well.
> > Please, drop this note. It's not needed.
> >
> ok
> 
> >> +#
> >> +# Since: 1.3
> >> +##
> >> +{ 'enum': 'DataFormat'
> >> +  'data': [ 'utf8', 'base64' ] }
> >> +
> >> +##
> >> +# @memchar-write:
> >> +#
> >> +# Provide writing interface for memchardev. Write data to memchar
> >> +# char device.
> >> +#
> >> +# @chardev: the name of the memchar char device.
> >> +#
> >> +# @size: the size to write in bytes. Should be power of 2.
> >> +#
> >> +# @data: the source data write to memchar.
> >> +#
> >> +# @format: #optional the format of the data write to memchardev, by
> >> +#  default is 'utf8'.
> >> +#
> >> +# Returns: Nothing on success
> >> +#  If @chardev is not a valid memchr device, DeviceNotFound
> >> +#
> >> +# Notes: The option 'block' is not supported now due to the miss
> >> +#   

Re: [Qemu-devel] [PATCH 4/4] HMP: Introduce console command

[Luiz Capitulino]

On Mon, 29 Oct 2012 12:18:03 +0800
Lei Li  wrote:

> On 10/27/2012 01:43 AM, Luiz Capitulino wrote:
> > On Fri, 26 Oct 2012 19:21:52 +0800
> > Lei Li  wrote:
> >
> >> Signed-off-by: Lei Li 
> > I still don't understand how this command, in its current form, is
> > different from memchar-write.
> >
> > One more comment below.
> 
> Hi Luiz,
> 
> Yes, I have replied to it in patch series v4. You can look at it
> as link below:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2012-10/msg04568.html

Unfortunately your answer doesn't answer my (honest) question. Can you actually
show me how the console command is better than the memchar-write one? Maybe
I'm missing something obvious...

> 
> >
> >> ---
> >>   hmp-commands.hx |   25 +
> >>   hmp.c   |   52 
> >> 
> >>   hmp.h   |1 +
> >>   monitor.c   |   15 +++
> >>   monitor.h   |3 +++
> >>   5 files changed, 96 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/hmp-commands.hx b/hmp-commands.hx
> >> index df294eb..7cba42c 100644
> >> --- a/hmp-commands.hx
> >> +++ b/hmp-commands.hx
> >> @@ -861,6 +861,31 @@ if the requested size is larger than it.
> >>   ETEXI
> >>   
> >>   {
> >> +.name   = "console",
> >> +.args_type  = "chardev:s",
> >> +.params = "chardev",
> >> +.help   = "Connect to the serial console from within the"
> >> +  "monitor, allow to write data to memchardev"
> >> +  "'chardev'. Exit from the console and return back"
> >> +  "to monitor by typing 'ctrl-]'",
> >> +.mhandler.cmd = hmp_console,
> >> +},
> >> +
> >> +STEXI
> >> +@item console @var{device}
> >> +@findex console
> >> +
> >> +Connect to the serial console from within the monitor, allow to write data
> >> +to memchardev @var{chardev}. Exit from the console and return back to
> >> +monitor by typing 'ctrl-]'.
> >> +@example
> >> +(qemu) console foo
> >> +foo: data string...
> >> +@end example
> >> +
> >> +ETEXI
> >> +
> >> +{
> >>   .name   = "migrate",
> >>   .args_type  = "detach:-d,blk:-b,inc:-i,uri:s",
> >>   .params = "[-d] [-b] [-i] uri",
> >> diff --git a/hmp.c b/hmp.c
> >> index ef85736..d716410 100644
> >> --- a/hmp.c
> >> +++ b/hmp.c
> >> @@ -1255,3 +1255,55 @@ void hmp_screen_dump(Monitor *mon, const QDict 
> >> *qdict)
> >>   qmp_screendump(filename, &err);
> >>   hmp_handle_error(mon, &err);
> >>   }
> >> +
> >> +enum escape_char
> >> +{
> >> +ESCAPE_CHAR_CTRL_GS = 0x1d  /* ctrl-] used for escape */
> >> +};
> >> +
> >> +static void hmp_read_console(Monitor *mon, const char *data,
> >> + void *opaque)
> >> +{
> >> +CharDriverState *chr = opaque;
> >> +uint32_t size = strlen(data);
> >> +enum DataFormat format = DATA_FORMAT_UTF8;
> >> +enum escape_char console_escape = ESCAPE_CHAR_CTRL_GS;
> >> +
> >> +Error *err = NULL;
> >> +
> >> +if (*data == console_escape) {
> >> +monitor_resume(mon);
> >> +return;
> >> +}
> >> +
> >> +qmp_memchar_write(chr->label, size, data, 0, format, &err);
> >> +
> >> +if (err) {
> >> +monitor_printf(mon, "%s\n", error_get_pretty(err));
> >> +error_free(err);
> >> +return;
> >> +}
> >> +
> >> +monitor_read_command(mon, 1);
> >> +}
> >> +
> >> +void hmp_console(Monitor *mon, const QDict *qdict)
> >> +{
> >> +const char *device = qdict_get_str(qdict, "chardev");
> >> +CharDriverState *chr;
> >> +Error *err = NULL;
> >> +
> >> +chr = qemu_chr_find(device);
> >> +
> >> +if (!chr) {
> >> +error_set(&err, QERR_DEVICE_NOT_FOUND, device);
> >> +goto out;
> >> +}
> > As I said before, I don't why chr is needed. It seems to me that passing
> > 'device' down is enough.
> >
> >> +
> >> +if (monitor_read_console(mon, device, hmp_read_console, chr) < 0) {
> >> +monitor_printf(mon, "Connect to console %s failed\n", device);
> >> +}
> >> +
> >> +out:
> >> +hmp_handle_error(mon, &err);
> >> +}
> >> diff --git a/hmp.h b/hmp.h
> >> index a5a0cfe..5b54a79 100644
> >> --- a/hmp.h
> >> +++ b/hmp.h
> >> @@ -77,5 +77,6 @@ void hmp_getfd(Monitor *mon, const QDict *qdict);
> >>   void hmp_closefd(Monitor *mon, const QDict *qdict);
> >>   void hmp_send_key(Monitor *mon, const QDict *qdict);
> >>   void hmp_screen_dump(Monitor *mon, const QDict *qdict);
> >> +void hmp_console(Monitor *mon, const QDict *qdict);
> >>   
> >>   #endif
> >> diff --git a/monitor.c b/monitor.c
> >> index d17ae2d..7e90115 100644
> >> --- a/monitor.c
> >> +++ b/monitor.c
> >> @@ -256,6 +256,21 @@ int monitor_read_password(Monitor *mon, ReadLineFunc 
> >> *readline_func,
> >>   }
> >>   }
> >>   
> >> +int monitor_read_console(Monitor *mon, const char *device,
> >> + ReadLineFunc *readline_func, void *opaque)
> >> +

[Qemu-devel] KVM call agenda for 2012-10-30

[Juan Quintela]

Hi

Please send in any agenda topics you are interested in.

Later, Juan.

Re: [Qemu-devel] [PATCH v12 09/14] target-mips: Add ASE DSP bit/manipulation instructions

[Jovanovic, Petar]

Hi Jia,

> imm = (int16_t)(imm << 6) >> 6;

result of a bitwise shift of a signed type and a negative vlaue is
implementation-defined, so you can not rely on that.

Regards,
Petar

From: Jia Liu [pro...@gmail.com]
Sent: Monday, October 29, 2012 1:36 PM
To: Jovanovic, Petar
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v12 09/14] target-mips: Add ASE DSP 
bit/manipulation instructions

Hi Petar,

On Sun, Oct 28, 2012 at 6:58 AM, Jovanovic, Petar  wrote:
> +case OPC_REPL_PH:
> +check_dsp(ctx);
> +{
> +imm = (ctx->opcode >> 16) & 0x03FF;
> +tcg_gen_movi_tl(cpu_gpr[ret], \
> +(target_long)((int32_t)imm << 16 | \
> +(uint32_t)(uint16_t)imm));
> +}
>
> 10-bit integer in REPL.PH is signed, so this code will not work for negative
> values.
> You need to sign-extend it, e.g. something like this:
>
> +imm = (ctx->opcode >> 16) & 0x03FF;
> +if (imm & (1 << 9)) {
> +  /* imm is negative, sign-extend it to 16 bits. */
> +  imm |= 0xFC00;
> +}
> +tcg_gen_movi_tl(cpu_gpr[ret], \
> +(target_long)((int32_t)imm << 16 | \
> +(uint32_t)(uint16_t)imm));
>
> As far as I can see, the test cases for REPL.PH in
> tests/tcg/mips/mips32-dsp/repl_ph.c cover only positive values.
> Make sure you include test cases for negative values as well.
>
> Petar

New code:
case OPC_REPL_PH:
check_dsp(ctx);
{
imm = (ctx->opcode >> 16) & 0x03FF;
imm = (int16_t)(imm << 6) >> 6;
tcg_gen_movi_tl(cpu_gpr[ret], \
(target_long)(int32_t)((int32_t)imm << 16 | \
(uint32_t)(uint16_t)imm));
}
break;

And the new test:
#include
#include

int main()
{
int rd, result;

result = 0x01BF01BF;
__asm
("repl.ph %0, 0x1BF\n\t"
 : "=r"(rd)
);
assert(rd == result);

result = 0x;
__asm
("repl.ph %0, -1\n\t"
 : "=r"(rd)
);
assert(rd == result);

return 0;
}

is it OK?
And the other tests have be fixed.

Regards,
Jia.