Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Blue Swirl]

On Sun, Mar 3, 2013 at 6:13 AM, Peter Crosthwaite
 wrote:
> This struct and functions provide some encapsulation of the uint32_t type to
> make it more friendly for use as guest accessible device state. Bits of device
> state (usually MMIO registers), often have all sorts of access restrictions
> and semantics associated with them. This struct allow you to define what whose
> restrictions are on a bit-by-bit basis.

I like the approach, it could simplify devices and make them more self
documenting. Maybe devices could be also generated directly from HW
synthesis tool outputs.

How to couple this with Pins, memory API, VMState and reset handling
needs some thought.

There's some overlap also with PCI subsystem, it already implements
readonly bits.

>
> Helper functions are then used to access the uint32_t which observe the
> semantics defined by the UInt32StateInfo struct.

We also need uint8_t, uint16_t and uint64_t versions for some devices.
Perhaps it would be better to implement a uint64_t device which can be
used with shorter widths or even stronger connection with memory API.

>
> Some features:
> Bits can be marked as read_only (ro field)
> Bits can be marked as write-1-clear (w1c field)
> Bits can be marked as sticky (nw0 and nw1)
> Reset values can be defined (reset)
> Bits can be marked to throw guest errors when written certain values (ge0, 
> ge1)

Other bits could be marked as unimplemented (LOG_UNIMP).

> Bits can be marked clear on read (cor)
> Regsiters can be truncated in width (width)

s/Regsiters/Registers/

>
> Useful for defining device register spaces in a data driven way. Cuts down on 
> a
> lot of the verbosity and repetition in the switch-case blocks in the standard
> foo_mmio_read/write functions.

For maximum flexibility, a callback could be specified but then we
overlap memory API.

Once we have Pin available, it could be useful to couple a register
bit directly with a Pin. Currently we could use qemu_irq. This would
mean that the dynamic state would need to be more complex than just
uint32_t. Also Pin could implement some of this functionality.

>
> Signed-off-by: Peter Crosthwaite 
> ---
>
>  include/qemu/bitops.h |   59 
>  util/bitops.c |   71 
> +
>  2 files changed, 130 insertions(+), 0 deletions(-)
>
> diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
> index affcc96..8ad0290 100644
> --- a/include/qemu/bitops.h
> +++ b/include/qemu/bitops.h

I think this is not the right place since this is very much HW
specific, please introduce a new file.

> @@ -273,4 +273,63 @@ static inline uint64_t deposit64(uint64_t value, int 
> start, int length,
>  return (value & ~mask) | ((fieldval << start) & mask);
>  }
>
> +/**
> + * A descriptor for a Uint32 that is part of guest accessible device state
> + * @ro: whether or not the bit is read-only state comming out of reset

s/comming/coming/

> + * @w1c: bits with the common write 1 to clear semantic.
> + * @nw0: bits that cant be written with a 0 by the guest (sticky 1)

s/cant/can't/, also below

> + * @nw1: bits that cant be written with a 1 by the guest (sticky 0)
> + * @reset: reset value.
> + * @ge1: Bits that when written 1 indicate a guest error
> + * @ge0: Bits that when written 0 indicate a guest error
> + * @cor: Bits that are clear on read
> + * @width: width of the uint32t. Only the @width least significant bits are
> + * valid. All others are silent Read-as-reset/WI.
> + */
> +
> +typedef struct UInt32StateInfo {
> +const char *name;
> +uint32_t ro;
> +uint32_t w1c;
> +uint32_t nw0;
> +uint32_t nw1;
> +uint32_t reset;
> +uint32_t ge1;
> +uint32_t ge0;
> +uint32_t cor;
> +int width;
> +} UInt32StateInfo;
> +
> +/**
> + * reset an array of u32s
> + * @array: array of u32s to reset
> + * @info: corresponding array of UInt32StateInfos to get reset values from
> + * @num: number of values to reset
> + */
> +
> +void uint32_array_reset(uint32_t *array, const UInt32StateInfo *info, int 
> num);
> +
> +/**
> + * write a value to a uint32_t subject to its restrictions
> + * @state: Pointer to location to be written
> + * @info: Definition of variable
> + * @val: value to write
> + * @prefix: Debug and error message prefix
> + * @debug: Turn on noisy debug printfery
> + */
> +
> +void uint32_write(uint32_t *state, const UInt32StateInfo *info, uint32_t val,
> +  const char *prefix, bool debug);

Prefix could be part of the structure. I'd also combine state and
info, and avoid passing debug flag directly (it could be in the
dynamic structure or a pointer). Then it should be easy to be
compatible with memory API.

> +
> +/**
> + * write a value from a uint32_t subject to its restrictions

read

> + * @state: Pointer to location to be read
> + * @info: Definition of variable
> + * @prefix: Debug and error message prefix
> + * @debug: Turn on noisy debug printfery
> + */
> +

Re: [Qemu-devel] [PATCH v13 0/8] pv event interface between host and guest

[Gleb Natapov]

On Thu, Feb 28, 2013 at 08:13:10PM +0800, Hu Tao wrote:
> This series implements a new interface, kvm pv event, to notify host when
> some events happen in guest. Right now there is one supported event: guest
> panic.
> 
What other event do you have in mind? Is interface generic enough to
accommodate future, yet unknown, events. It allows to pass only one
integer specifying even type, what if additional info is needed? My be
stop pretending that device is generic and make it do once thing but do
it well? For generic even passing interface (whatever it may be needed
for) much more powerful virtio should be used.

On implementation itself I do not understand why is this kvm specific.
The only thing that makes it so is that you hook device initialization
into guest kvm initialization code, but this is obviously incorrect.
What stops QEMU tcg or Xen from reusing the same device for the same
purpose except the artificial limitation in a guest.

Reading data from a random ioports is not how you discover platform
devices in 21 century (and the data you read from unassigned port is not
guarantied to be zero, it may depend on QEMU version), you use ACPI for
that and Marcelo already pointed that to you. Having little knowledge of
ACPI (we all do) is not a good reason to not doing it. We probably need
to reserve QEMU specific ACPI Plug and Play hardware ID to define our own
devices. After that you will be able to create device with _HID(QEMU0001)
in DSDT that supplies address information (ioport to use) and capability
supported. Guest uses acpi_get_devices() to discover a platform device by
its name (QEMU0001).  Then you put the driver for the platform device
into drivers/platform/x86/ and QEMU/kvm/Xen all will be able to use it.

On QEMU side of things I cannot comment much on how QOMified the device
is (it should be), I hope other reviews will verify it, but I noticed
that device is only initialized for PIIX, what about Q35?

--
Gleb.

Re: [Qemu-devel] Block I/O optimizations

[Abel Gordon]

Stefan Hajnoczi   wrote on 01/03/2013 12:54:54 PM:

> On Thu, Feb 28, 2013 at 08:20:08PM +0200, Abel Gordon wrote:
> > Stefan Hajnoczi  wrote on 28/02/2013 04:43:04 PM:
> > > I think extending and tuning the existing mechanisms is the way to
go.
> > > I don't see obvious advantages other than reducing context switches.
> >
> > Maybe it is worth checking...
> > We did experiments using vhost-net and vhost-blk. We measured and
compared
> > the traditional model (kernel thread per VM/virtual device) to the
> > shared-thread model with fine-grained I/O scheduling (single kernel
thread
> > used to serve multiple VMs). We noticed improvements up-to 2.5x
> > in throughput and almost half the latency when running up-to 14 VMs.
>
> Can you post patches?

We will publish the code soon but note the patches are for vhost
kernel back-end and not for the qemu user-space back-end.

> Also, I wonder if you have time to do a presentation/discussion session
> so we can get the ball rolling and more people exposed to your approach.
> There is a weekly QEMU Community Call which we can use as the forum.

Sure. I'll send you a separate email to schedule the
presentation/discussion.

[Qemu-devel] [PATCH] build: compile gtk.c with special CFLAGS

[Blue Swirl]

Compile gtk.c with special CFLAGS instead of disabling -Werror globally.

Signed-off-by: Blue Swirl 
---
 configure|   12 +++-
 ui/Makefile.objs |2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 19738ac..2a043d6 100755
--- a/configure
+++ b/configure
@@ -3139,6 +3139,7 @@ fi
 # the build doesn't fail anyway.
 
 pragma_disable_unused_but_set=no
+gtk_special_cflags=no
 cat > $TMPC << EOF
 #pragma GCC diagnostic ignored "-Wunused-but-set-variable"
 #pragma GCC diagnostic ignored "-Wstrict-prototypes"
@@ -3150,7 +3151,7 @@ EOF
 if compile_prog "-Werror" "" ; then
 pragma_diagnostic_available=yes
 else
-werror=no
+gtk_special_cflags=yes
 fi
 
 
@@ -3845,6 +3846,15 @@ echo "WINDRES=$windres" >> $config_host_mak
 echo "LIBTOOL=$libtool" >> $config_host_mak
 echo "CFLAGS=$CFLAGS" >> $config_host_mak
 echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
+if test "$gtk_special_cflags" = "yes"; then
+  # Our compiler doesn't support #pragmas to suppress warnings and GTK
+  # can't be fixed, so compile GTK files with special CFLAGS
+  echo "GTK_SPECIAL_CFLAGS=$QEMU_CFLAGS" | \
+sed -e 's/-Wstrict-prototypes//g' \
+-e 's/-Wunused-but-set-variable//g' >> $config_host_mak
+else
+  echo "GTK_SPECIAL_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
+fi
 echo "QEMU_INCLUDES=$QEMU_INCLUDES" >> $config_host_mak
 if test "$sparse" = "yes" ; then
   echo "CC   := REAL_CC=\"\$(CC)\" cgcc"   >> $config_host_mak
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 6ddc0de..c9aa1e6 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -19,4 +19,4 @@ $(obj)/sdl.o $(obj)/sdl_zoom.o: QEMU_CFLAGS += $(SDL_CFLAGS)
 
 $(obj)/cocoa.o: $(SRC_PATH)/$(obj)/cocoa.m
 
-$(obj)/gtk.o: QEMU_CFLAGS += $(GTK_CFLAGS) $(VTE_CFLAGS)
+$(obj)/gtk.o: QEMU_CFLAGS = $(GTK_SPECIAL_CFLAGS) $(GTK_CFLAGS) $(VTE_CFLAGS)
-- 
1.7.2.5

[Qemu-devel] [PULL] virtio,vhost,pci,e1000

[Michael S. Tsirkin]

The following changes since commit 864a556e9a800116a305f10fbb714268ca7e9bc3:

  Merge remote-tracking branch 'kwolf/for-anthony' into staging (2013-02-26 
07:44:39 -0600)

are available in the git repository at:


  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_anthony

for you to fetch changes up to 554f1997f0328bc259454239db64b20b3376d9a6:

  Set virtio-serial device to have a default of 2 MSI vectors. (2013-02-27 
17:24:40 +0200)


virtio,vhost,pci,e1000

Mostly bugfixes, but also some ICH work by Laszlo.

Signed-off-by: Michael S. Tsirkin 


Alexey Korolev (1):
  Fix guest OS hang when 64bit PCI bar present

Gal Hammer (1):
  Set virtio-serial device to have a default of 2 MSI vectors.

Laszlo Ersek (1):
  ICH9 LPC: Reset Control Register, basic implementation

Michael S. Tsirkin (2):
  vhost: memory sync fixes
  e1000: unbreak the guest network migration to 1.3

 hw/e1000.c| 25 
 hw/ich9.h | 11 +++
 hw/lpc_ich9.c | 57 +++
 hw/pc.h   |  5 +
 hw/pc_piix.c  |  4 
 hw/sysbus.c   | 27 ++
 hw/sysbus.h   |  2 ++
 hw/vhost.c| 49 ++-
 hw/virtio-pci.c   |  5 -
 target-i386/cpu.c |  3 ++-
 10 files changed, 165 insertions(+), 23 deletions(-)

Re: [Qemu-devel] Advice on some configuration parameters

[Alon Levy]

> Il 01/03/2013 13:45, Paolo Bonzini ha scritto:
> > Il 12/02/2013 14:05, Fabio Fantoni ha scritto:
> >> I'm making patches to enable some qemu upstream features in xen
> >> that are
> >> missing in libxl.
> >> I'm trying to do it just by giving arguments to qemu, and I want
> >> them to
> >> be dynamic (e.g. without physical addresses if possible) and
> >> concise.
> > They should use physical addresses, otherwise changing the VM
> > hardware
> > in trivial ways may cause a waterfall effect and cause Windows to
> > reactivate.
> >
> >> If I try to set up virt-manager so that it doesn't point to a
> >> file, it
> >> uses this configuration:
> >>
> >> -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7
> >> -device
> >> ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5
> >>
> >> -device
> >> ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1
> >> -device
> >> ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2
> >>
> >> This seems to differ from the configuration file, e.g. you have
> >> multifunzion=on only on the first uhci
> > That doesn't matter.
> >
> >> , besides I can't understand how many physical ports are defined.
> > There are 6 ports, controlled by either the EHCI for USB 2.0
> > devices
> > (the EHCI controls 6 ports) or by one of the three UHCI for USB 1.1
> > ports (one UHCI has 2 ports).
> >
> >> I tried setting 9 usbredirection
> >> channels in virt-manager but that configuration doesn't change and
> >> no
> >> errors are reported, but I doubt that physical ports are being
> >> define
> >> dynamically.
> > QEMU creates hubs automatically I think in that case.
> >
> >> About spice vdagent at the moment I'm using this configuration
> >> that
> >> seems to work:
> >> -device virtio-serial -chardev spicevmc,id=vdagent,name=vdagent
> >> -device
> >> virtserialport,chardev=vdagent,name=com.redhat.spice.0
> >>
> >> But I noticed that virt-manager use this slightly different one:
> >> -chardev pty,id=charserial0 -device
> >> isa-serial,chardev=charserial0,id=serial0 -chardev
> >> spicevmc,id=charchannel0,name=vdagent -device
> >> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
> >>
> >> Are there any problem with the more concise one I'm using?
> > It is the same.
> >
> > Paolo
> >
> >
> >
> Thanks for reply.
> I have another questions:
> What exactly does the -usb parameter that seems to be necessary for
> usb
> passthrough?

It is shorthand for the appropriate "-device" to create the usb host (i.e. uhci 
etc.)

> I mean usb devices passed through host (with -usbdevice).
> Is the number of such passthrough usb devices limiting the number of
> available channel for usb redirection devices?

AFAIR yes.

> 
> 
> 

Re: [Qemu-devel] [RFC PATCH v1 1/4] qemu-log: Allow checking of the current mask

[Peter Maydell]

On 3 March 2013 06:13, Peter Crosthwaite  wrote:
> Useful for heavy users of qemu_log_mask that want to avoid executing expensive
> logic that sets up a qemu_log_mask when that mask is disabled. E.G.
>
> if (qemu_log_get_mask() && LOG_GUEST_ERROR) {
> /* do my expensive logging data query */
> }
> qemu_log_mask(LOG_GUEST_ERROR, ...)

Why can't you use the existing
  if (qemu_loglevel_mask(LOG_GUEST_ERROR) {
  /* expensive thing */
  }
?

-- PMM

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[John Rigby]

I see the same thing javac hanging.  This is with a raring chroot on
raring host with qemu compiled from upstream 1.4.0 plus Peter's patches
and my linux-user patches

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

[Qemu-devel] [PATCH v7 0/4] Moxie CPU port

[Anthony Green]

This version consolidates the helper file (helper.c & op_helper.c) and
addresses the signed division of INT_MIN by -1 issue (which is now ==
0x800).

Hopefully this is looking much better to everybody now.

Thanks!

AG


Anthony Green (4):
  Add moxie target code
  Add moxie disassembler
  Add sample moxie system
  Add top level changes for moxie

 MAINTAINERS   |5 +
 arch_init.c   |2 +
 configure |9 +-
 cpu-exec.c|2 +
 default-configs/moxie-softmmu.mak |2 +
 disas.c   |6 +
 disas/Makefile.objs   |1 +
 disas/moxie.c |  360 +
 hw/moxie/Makefile.objs|6 +
 hw/moxie/moxiesim.c   |  174 +++
 include/disas/bfd.h   |   66 +--
 include/sysemu/arch_init.h|1 +
 qapi-schema.json  |6 +-
 target-moxie/Makefile.objs|2 +
 target-moxie/cpu.c|  172 +++
 target-moxie/cpu.h|  170 +++
 target-moxie/helper.c |  170 +++
 target-moxie/helper.h |9 +
 target-moxie/machine.c|   27 +
 target-moxie/machine.h|2 +
 target-moxie/mmu.c|   36 ++
 target-moxie/mmu.h|   19 +
 target-moxie/translate.c  | 1003 +
 23 files changed, 2214 insertions(+), 36 deletions(-)
 create mode 100644 default-configs/moxie-softmmu.mak
 create mode 100644 disas/moxie.c
 create mode 100644 hw/moxie/Makefile.objs
 create mode 100644 hw/moxie/moxiesim.c
 create mode 100644 target-moxie/Makefile.objs
 create mode 100644 target-moxie/cpu.c
 create mode 100644 target-moxie/cpu.h
 create mode 100644 target-moxie/helper.c
 create mode 100644 target-moxie/helper.h
 create mode 100644 target-moxie/machine.c
 create mode 100644 target-moxie/machine.h
 create mode 100644 target-moxie/mmu.c
 create mode 100644 target-moxie/mmu.h
 create mode 100644 target-moxie/translate.c

-- 
1.8.1.4

[Qemu-devel] [PATCH v7 3/4] Add sample moxie system

[Anthony Green]

Signed-off-by: Anthony Green 
---
 hw/moxie/Makefile.objs |   6 ++
 hw/moxie/moxiesim.c| 174 +
 include/sysemu/arch_init.h |   1 +
 3 files changed, 181 insertions(+)
 create mode 100644 hw/moxie/Makefile.objs
 create mode 100644 hw/moxie/moxiesim.c

diff --git a/hw/moxie/Makefile.objs b/hw/moxie/Makefile.objs
new file mode 100644
index 000..d0772d1
--- /dev/null
+++ b/hw/moxie/Makefile.objs
@@ -0,0 +1,6 @@
+# moxie boards
+obj-y = serial.o mc146818rtc.o vga.o
+obj-$(CONFIG_FDT) += device_tree.o
+
+obj-y := $(addprefix ../,$(obj-y))
+obj-y += moxiesim.o
diff --git a/hw/moxie/moxiesim.c b/hw/moxie/moxiesim.c
new file mode 100644
index 000..e1e88a9
--- /dev/null
+++ b/hw/moxie/moxiesim.c
@@ -0,0 +1,174 @@
+/*
+ * QEMU/moxiesim emulation
+ *
+ * Emulates a very simple machine model similiar to the one use by the
+ * GDB moxie simulator.
+ *
+ * Copyright (c) 2008, 2009, 2010, 2013 Anthony Green
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/pc.h"
+#include "hw/isa.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "hw/serial.h"
+#include "exec/address-spaces.h"
+
+#define PHYS_MEM_BASE 0x8000
+
+typedef struct {
+uint64_t ram_size;
+const char *kernel_filename;
+const char *kernel_cmdline;
+const char *initrd_filename;
+} LoaderParams;
+
+static void load_kernel(MoxieCPU *cpu, LoaderParams *loader_params)
+{
+uint64_t entry, kernel_low, kernel_high;
+long kernel_size;
+long initrd_size;
+ram_addr_t initrd_offset;
+
+kernel_size = load_elf(loader_params->kernel_filename,  NULL, NULL,
+   &entry, &kernel_low, &kernel_high, 1,
+   ELF_MACHINE, 0);
+
+if (!kernel_size) {
+fprintf(stderr, "qemu: could not load kernel '%s'\n",
+loader_params->kernel_filename);
+exit(1);
+}
+
+/* load initrd */
+initrd_size = 0;
+initrd_offset = 0;
+if (loader_params->initrd_filename) {
+initrd_size = get_image_size(loader_params->initrd_filename);
+if (initrd_size > 0) {
+initrd_offset = (kernel_high + ~TARGET_PAGE_MASK)
+  & TARGET_PAGE_MASK;
+if (initrd_offset + initrd_size > loader_params->ram_size) {
+fprintf(stderr,
+"qemu: memory too small for initial ram disk '%s'\n",
+loader_params->initrd_filename);
+exit(1);
+}
+initrd_size = load_image_targphys(loader_params->initrd_filename,
+  initrd_offset,
+  ram_size);
+}
+if (initrd_size == (target_ulong)-1) {
+fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
+loader_params->initrd_filename);
+exit(1);
+}
+}
+}
+
+static void main_cpu_reset(void *opaque)
+{
+MoxieCPU *cpu = opaque;
+
+cpu_reset(CPU(cpu));
+}
+
+static inline DeviceState *
+moxie_intc_create(hwaddr base, qemu_irq irq, int kind_of_intr)
+{
+DeviceState *dev;
+
+dev = qdev_create(NULL, "moxie,intc");
+qdev_prop_set_uint32(dev, "kind-of-intr", kind_of_intr);
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
+return dev;
+}
+
+static void moxiesim_init(QEMUMachineInitArgs *args)
+{
+MoxieCPU *cpu = NULL;
+ram_addr_t ram_size = args->ram_size;
+const char *cpu_model = args->cpu_model;
+const char *kernel_filename = args->kernel_filename;
+const char *kernel_cmdline = args->kernel_cmdline;
+const char *initrd_filename = args->initrd_filename;
+CPUMoxieState *env;
+MemoryRegion *address_space_mem = get_syste

[Qemu-devel] [PATCH v7 2/4] Add moxie disassembler

[Anthony Green]

Signed-off-by: Anthony Green 
---
 disas.c |   6 +
 disas/Makefile.objs |   1 +
 disas/moxie.c   | 360 
 include/disas/bfd.h |  66 +-
 4 files changed, 401 insertions(+), 32 deletions(-)
 create mode 100644 disas/moxie.c

diff --git a/disas.c b/disas.c
index a46faee..74d3ba0 100644
--- a/disas.c
+++ b/disas.c
@@ -256,6 +256,9 @@ void target_disas(FILE *out, CPUArchState *env, 
target_ulong code,
 #elif defined(TARGET_MICROBLAZE)
 s.info.mach = bfd_arch_microblaze;
 print_insn = print_insn_microblaze;
+#elif defined(TARGET_MOXIE)
+s.info.mach = bfd_arch_moxie;
+print_insn = print_insn_moxie;
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
 print_insn = print_insn_lm32;
@@ -462,6 +465,9 @@ void monitor_disas(Monitor *mon, CPUArchState *env,
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
 print_insn = print_insn_s390;
+#elif defined(TARGET_MOXIE)
+s.info.mach = bfd_arch_moxie;
+print_insn = print_insn_moxie;
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
 print_insn = print_insn_lm32;
diff --git a/disas/Makefile.objs b/disas/Makefile.objs
index ed75f9a..3b1e77a 100644
--- a/disas/Makefile.objs
+++ b/disas/Makefile.objs
@@ -7,6 +7,7 @@ common-obj-$(CONFIG_IA64_DIS) += ia64.o
 common-obj-$(CONFIG_M68K_DIS) += m68k.o
 common-obj-$(CONFIG_MICROBLAZE_DIS) += microblaze.o
 common-obj-$(CONFIG_MIPS_DIS) += mips.o
+common-obj-$(CONFIG_MOXIE_DIS) += moxie.o
 common-obj-$(CONFIG_PPC_DIS) += ppc.o
 common-obj-$(CONFIG_S390_DIS) += s390.o
 common-obj-$(CONFIG_SH4_DIS) += sh4.o
diff --git a/disas/moxie.c b/disas/moxie.c
new file mode 100644
index 000..4c5f180
--- /dev/null
+++ b/disas/moxie.c
@@ -0,0 +1,360 @@
+/* Disassemble moxie instructions.
+   Copyright (c) 2009  Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, see . */
+
+#include 
+#define STATIC_TABLE
+#define DEFINE_TABLE
+
+#include "disas/bfd.h"
+
+static void *stream;
+
+/* Form 1 instructions come in different flavors:
+
+   Some have no arguments  (MOXIE_F1_NARG)
+   Some only use the A operand (MOXIE_F1_A)
+   Some use A and B registers  (MOXIE_F1_AB)
+   Some use A and consume a 4 byte immediate value (MOXIE_F1_A4)
+   Some use just a 4 byte immediate value  (MOXIE_F1_4)
+   Some use just a 4 byte memory address   (MOXIE_F1_M)
+   Some use B and an indirect A(MOXIE_F1_AiB)
+   Some use A and an indirect B(MOXIE_F1_ABi)
+   Some consume a 4 byte immediate value and use X (MOXIE_F1_4A)
+   Some use B and an indirect A plus 4 bytes   (MOXIE_F1_AiB4)
+   Some use A and an indirect B plus 4 bytes   (MOXIE_F1_ABi4)
+
+   Form 2 instructions also come in different flavors:
+
+   Some have no arguments  (MOXIE_F2_NARG)
+   Some use the A register and an 8-bit value  (MOXIE_F2_A8V)
+
+   Form 3 instructions also come in different flavors:
+
+   Some have no arguments  (MOXIE_F3_NARG)
+   Some have a 10-bit PC relative operand  (MOXIE_F3_PCREL).  */
+
+#define MOXIE_F1_NARG 0x100
+#define MOXIE_F1_A0x101
+#define MOXIE_F1_AB   0x102
+/* #define MOXIE_F1_ABC  0x103 */
+#define MOXIE_F1_A4   0x104
+#define MOXIE_F1_40x105
+#define MOXIE_F1_AiB  0x106
+#define MOXIE_F1_ABi  0x107
+#define MOXIE_F1_4A   0x108
+#define MOXIE_F1_AiB4 0x109
+#define MOXIE_F1_ABi4 0x10a
+#define MOXIE_F1_M0x10b
+
+#define MOXIE_F2_NARG 0x200
+#define MOXIE_F2_A8V  0x201
+
+#define MOXIE_F3_NARG  0x300
+#define MOXIE_F3_PCREL 0x301
+
+typedef struct moxie_opc_info_t {
+short opcode;
+unsigned  itype;
+const char *  name;
+} moxie_opc_info_t;
+
+extern const moxie_opc_info_t moxie_form1_opc_info[64];
+extern const moxie_opc_info_t moxie_form2_opc_info[4];
+extern const moxie_opc_info_t moxie_form3_opc_info[16];
+
+/* The moxie processor's 16-bit instructions come in two forms:
+
+   FORM 1 instructions start with a 0 bit...
+
+   0ooo
+   0  F
+
+   ooo - form 1 opcode number
+   - operand A
+   - operand B
+
+   FORM 2 instructions start with bits "10"...
+
+   10oo
+   0  F
+
+   oo   - form 2 opcode number
+      

[Qemu-devel] [PATCH v7 1/4] Add moxie target code

[Anthony Green]

Signed-off-by: Anthony Green 
---
 target-moxie/Makefile.objs |2 +
 target-moxie/cpu.c |  172 
 target-moxie/cpu.h |  170 
 target-moxie/helper.c  |  170 
 target-moxie/helper.h  |9 +
 target-moxie/machine.c |   27 ++
 target-moxie/machine.h |2 +
 target-moxie/mmu.c |   36 ++
 target-moxie/mmu.h |   19 +
 target-moxie/translate.c   | 1003 
 10 files changed, 1610 insertions(+)
 create mode 100644 target-moxie/Makefile.objs
 create mode 100644 target-moxie/cpu.c
 create mode 100644 target-moxie/cpu.h
 create mode 100644 target-moxie/helper.c
 create mode 100644 target-moxie/helper.h
 create mode 100644 target-moxie/machine.c
 create mode 100644 target-moxie/machine.h
 create mode 100644 target-moxie/mmu.c
 create mode 100644 target-moxie/mmu.h
 create mode 100644 target-moxie/translate.c

diff --git a/target-moxie/Makefile.objs b/target-moxie/Makefile.objs
new file mode 100644
index 000..6381d4d
--- /dev/null
+++ b/target-moxie/Makefile.objs
@@ -0,0 +1,2 @@
+obj-y += translate.o helper.o machine.o cpu.o machine.o
+obj-$(CONFIG_SOFTMMU) += mmu.o
diff --git a/target-moxie/cpu.c b/target-moxie/cpu.c
new file mode 100644
index 000..c17d3f0
--- /dev/null
+++ b/target-moxie/cpu.c
@@ -0,0 +1,172 @@
+/*
+ * QEMU Moxie CPU
+ *
+ * Copyright (c) 2013 Anthony Green
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "migration/vmstate.h"
+#include "machine.h"
+
+static void moxie_cpu_reset(CPUState *s)
+{
+MoxieCPU *cpu = MOXIE_CPU(s);
+MoxieCPUClass *mcc = MOXIE_CPU_GET_CLASS(cpu);
+CPUMoxieState *env = &cpu->env;
+
+if (qemu_loglevel_mask(CPU_LOG_RESET)) {
+qemu_log("CPU Reset (CPU %d)\n", s->cpu_index);
+log_cpu_state(env, 0);
+}
+
+mcc->parent_reset(s);
+
+memset(env, 0, offsetof(CPUMoxieState, breakpoints));
+env->pc = 0x1000;
+
+tlb_flush(env, 1);
+}
+
+static void moxie_cpu_realizefn(DeviceState *dev, Error **errp)
+{
+MoxieCPU *cpu = MOXIE_CPU(dev);
+MoxieCPUClass *occ = MOXIE_CPU_GET_CLASS(dev);
+
+qemu_init_vcpu(&cpu->env);
+cpu_reset(CPU(cpu));
+
+occ->parent_realize(dev, errp);
+}
+
+static void moxie_cpu_initfn(Object *obj)
+{
+CPUState *cs = CPU(obj);
+MoxieCPU *cpu = MOXIE_CPU(obj);
+static int inited;
+
+cs->env_ptr = &cpu->env;
+cpu_exec_init(&cpu->env);
+
+if (tcg_enabled() && !inited) {
+inited = 1;
+moxie_translate_init();
+}
+}
+
+static ObjectClass *moxie_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+
+if (cpu_model == NULL) {
+return NULL;
+}
+
+oc = object_class_by_name(cpu_model);
+if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_MOXIE_CPU) ||
+   object_class_is_abstract(oc))) {
+return NULL;
+}
+return oc;
+}
+
+static void moxie_cpu_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+CPUClass *cc = CPU_CLASS(oc);
+MoxieCPUClass *mcc = MOXIE_CPU_CLASS(oc);
+
+mcc->parent_realize = dc->realize;
+dc->realize = moxie_cpu_realizefn;
+
+mcc->parent_reset = cc->reset;
+cc->reset = moxie_cpu_reset;
+
+cc->class_by_name = moxie_cpu_class_by_name;
+
+dc->vmsd = &vmstate_moxie_cpu;
+}
+
+static void moxielite_initfn(Object *obj)
+{
+/* Set cpu feature flags */
+}
+
+static void moxie_any_initfn(Object *obj)
+{
+/* Set cpu feature flags */
+}
+
+typedef struct MoxieCPUInfo {
+const char *name;
+void (*initfn)(Object *obj);
+} MoxieCPUInfo;
+
+static const MoxieCPUInfo moxie_cpus[] = {
+{ .name = "MoxieLite",  .initfn = moxielite_initfn },
+{ .name = "any",.initfn = moxie_any_initfn },
+};
+
+MoxieCPU *cpu_moxie_init(const char *cpu_model)
+{
+MoxieCPU *cpu;
+ObjectClass *oc;
+
+oc = moxie_cpu_class_by_name(cpu_model);
+if (oc == NULL) {
+return NULL;
+}
+cpu = MOXIE_CPU(object_new(object_class_get_name(oc)));
+cpu->env.cpu_model_str = cpu_model;
+
+object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
+
+return cpu;
+}
+
+static void cpu_register(const MoxieCPUInfo *info)
+{
+TypeInfo type_info = {
+.parent = TYPE_MOXIE_CPU,
+  

[Qemu-devel] [PATCH v7 4/4] Add top level changes for moxie

[Anthony Green]

Signed-off-by: Anthony Green 
---
 MAINTAINERS   | 5 +
 arch_init.c   | 2 ++
 configure | 9 -
 cpu-exec.c| 2 ++
 default-configs/moxie-softmmu.mak | 2 ++
 qapi-schema.json  | 6 +++---
 6 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 default-configs/moxie-softmmu.mak

diff --git a/MAINTAINERS b/MAINTAINERS
index 21043e4..b970159 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -91,6 +91,11 @@ M: Aurelien Jarno 
 S: Odd Fixes
 F: target-mips/
 
+Moxie
+M: Anthony Green 
+S: Maintained
+F: target-moxie/
+
 PowerPC
 M: Alexander Graf 
 L: qemu-...@nongnu.org
diff --git a/arch_init.c b/arch_init.c
index 8daeafa..ddae1b7 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -85,6 +85,8 @@ int graphic_depth = 15;
 #define QEMU_ARCH QEMU_ARCH_MICROBLAZE
 #elif defined(TARGET_MIPS)
 #define QEMU_ARCH QEMU_ARCH_MIPS
+#elif defined(TARGET_MOXIE)
+#define QEMU_ARCH QEMU_ARCH_MOXIE
 #elif defined(TARGET_OPENRISC)
 #define QEMU_ARCH QEMU_ARCH_OPENRISC
 #elif defined(TARGET_PPC)
diff --git a/configure b/configure
index 19738ac..ae5b3bc 100755
--- a/configure
+++ b/configure
@@ -958,6 +958,7 @@ mips-softmmu \
 mipsel-softmmu \
 mips64-softmmu \
 mips64el-softmmu \
+moxie-softmmu \
 or32-softmmu \
 ppc-softmmu \
 ppcemb-softmmu \
@@ -3913,7 +3914,7 @@ target_arch2=`echo $target | cut -d '-' -f 1`
 target_bigendian="no"
 
 case "$target_arch2" in
-  
armeb|lm32|m68k|microblaze|mips|mipsn32|mips64|or32|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)
+  
armeb|lm32|m68k|microblaze|mips|mipsn32|mips64|moxie|or32|ppc|ppcemb|ppc64|ppc64abi32|s390x|sh4eb|sparc|sparc64|sparc32plus|xtensaeb)
   target_bigendian=yes
   ;;
 esac
@@ -4018,6 +4019,8 @@ case "$target_arch2" in
 echo "TARGET_ABI_MIPSN64=y" >> $config_target_mak
 target_long_alignment=8
   ;;
+  moxie)
+  ;;
   or32)
 TARGET_ARCH=openrisc
 TARGET_BASE_ARCH=openrisc
@@ -4262,6 +4265,10 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
 echo "CONFIG_MIPS_DIS=y"  >> $config_target_mak
 echo "CONFIG_MIPS_DIS=y"  >> config-all-disas.mak
   ;;
+  moxie*)
+echo "CONFIG_MOXIE_DIS=y"  >> $config_target_mak
+echo "CONFIG_MOXIE_DIS=y"  >> config-all-disas.mak
+  ;;
   or32)
 echo "CONFIG_OPENRISC_DIS=y"  >> $config_target_mak
 echo "CONFIG_OPENRISC_DIS=y"  >> config-all-disas.mak
diff --git a/cpu-exec.c b/cpu-exec.c
index afbe497..ba7ea41 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -221,6 +221,7 @@ int cpu_exec(CPUArchState *env)
 #elif defined(TARGET_LM32)
 #elif defined(TARGET_MICROBLAZE)
 #elif defined(TARGET_MIPS)
+#elif defined(TARGET_MOXIE)
 #elif defined(TARGET_OPENRISC)
 #elif defined(TARGET_SH4)
 #elif defined(TARGET_CRIS)
@@ -655,6 +656,7 @@ int cpu_exec(CPUArchState *env)
   | env->cc_dest | (env->cc_x << 4);
 #elif defined(TARGET_MICROBLAZE)
 #elif defined(TARGET_MIPS)
+#elif defined(TARGET_MOXIE)
 #elif defined(TARGET_OPENRISC)
 #elif defined(TARGET_SH4)
 #elif defined(TARGET_ALPHA)
diff --git a/default-configs/moxie-softmmu.mak 
b/default-configs/moxie-softmmu.mak
new file mode 100644
index 000..d378363
--- /dev/null
+++ b/default-configs/moxie-softmmu.mak
@@ -0,0 +1,2 @@
+# Default configuration for moxie-softmmu
+
diff --git a/qapi-schema.json b/qapi-schema.json
index 28b070f..233ea1b 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2994,9 +2994,9 @@
 ##
 { 'enum': 'TargetType',
   'data': [ 'alpha', 'arm', 'cris', 'i386', 'lm32', 'm68k', 'microblazeel',
-'microblaze', 'mips64el', 'mips64', 'mipsel', 'mips', 'or32',
-'ppc64', 'ppcemb', 'ppc', 's390x', 'sh4eb', 'sh4', 'sparc64',
-'sparc', 'unicore32', 'x86_64', 'xtensaeb', 'xtensa' ] }
+'microblaze', 'mips64el', 'mips64', 'mipsel', 'mips', 'moxie',
+'or32', 'ppc64', 'ppcemb', 'ppc', 's390x', 'sh4eb', 'sh4',
+'sparc64', 'sparc', 'unicore32', 'x86_64', 'xtensaeb', 'xtensa' ] }
 
 ##
 # @TargetInfo:
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH v12 rebased] kvm: notify host when the guest is panicked

[Gleb Natapov]

On Fri, Mar 01, 2013 at 09:03:12PM -0300, Marcelo Tosatti wrote:
> On Thu, Feb 28, 2013 at 04:54:25PM +0800, Hu Tao wrote:
> > > > diff --git a/arch/x86/include/uapi/asm/kvm_para.h 
> > > > b/arch/x86/include/uapi/asm/kvm_para.h
> > > > index 06fdbd9..c15ef33 100644
> > > > --- a/arch/x86/include/uapi/asm/kvm_para.h
> > > > +++ b/arch/x86/include/uapi/asm/kvm_para.h
> > > > @@ -96,5 +96,7 @@ struct kvm_vcpu_pv_apf_data {
> > > >  #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
> > > >  #define KVM_PV_EOI_DISABLED 0x0
> > > >  
> > > > +#define KVM_PV_EVENT_PORT  (0x505UL)
> > > > +
> > > 
> > > No need for the ioport to be hard coded. What are the options to
> > > communicate an address to the guest? An MSR, via ACPI?
> > 
> > I'm not quite understanding here. By 'address', you mean an ioport?
> > how to communicate an address? (I have little knowledge about ACPI)
> 
> Yes, the ioport. The address of the ioport should not be fixed (for
> example future emulated board could use that fixed ioport address,
> 0x505UL).
> 
> One option is to pass the address via an MSR. Yes, that is probably the
> best option because there is no dependency on ACPI.
> 
Why dependency on ACPI is problematic? ACPI is the standard way on x86
to enumerate platform devices. Passing it through MSR makes this panic
device CPU interface which it is not. And since relying on #GP to detect
valid MSRs is not good interface we will have to guard it by cpuid bit.

--
Gleb.

Re: [Qemu-devel] [PATCH] sysbus: Guard against NULL SysBusDevice::init fn

[Andreas Färber]

Am 03.03.2013 06:30, schrieb Peter Crosthwaite:
> In certain cases a device model can init with neither a Device::realize or
> SysBusDevice::init (i.e. when its possible to do everything in Object::init).
> In this case, the device model should be able to leave both SysBusDevice::init
> and Device::realize as NULL. However what happens in this case in SysBus's
> default Device::realize function will try and call SysBusDevice::init without
> checking if it actually exists. A segfault ensues.
> 
> Fix by guarding the call to SysBusDevice::init against a NULL pointer. If no
> pointer is defined return 0 without action.
> 
> Signed-off-by: Peter Crosthwaite 

While the patch is correct, I believe PMM already posted one using an
extra if two weeks ago as part of some series...

Andreas

> ---
>  hw/sysbus.c |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/hw/sysbus.c b/hw/sysbus.c
> index 6d9d1df..72b309a 100644
> --- a/hw/sysbus.c
> +++ b/hw/sysbus.c
> @@ -118,7 +118,7 @@ static int sysbus_device_init(DeviceState *dev)
>  SysBusDevice *sd = SYS_BUS_DEVICE(dev);
>  SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
>  
> -return sbc->init(sd);
> +return sbc->init ? sbc->init(sd) : 0;
>  }
>  
>  DeviceState *sysbus_create_varargs(const char *name,
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH 0/3] *** make netlayer re-entrant ***

[Liu Ping Fan]

From: Liu Ping Fan 

This series aim to make netlayer re-entrant, so netlayer can
run out of biglock safely.

Liu Ping Fan (3):
  net: spread hub on AioContexts
  net: introduce lock to protect NetClientState's send_queue
  net: make netclient re-entrant with refcnt

 hw/qdev-properties-system.c |   15 ++
 include/block/aio.h |1 +
 include/net/net.h   |   12 +
 include/net/queue.h |   15 ++
 main-loop.c |5 ++
 net/hub.c   |   81 ++--
 net/net.c   |  109 ++
 net/queue.c |   19 ++--
 net/slirp.c |3 +-
 9 files changed, 239 insertions(+), 21 deletions(-)

-- 
1.7.4.4

[Qemu-devel] [PATCH 1/3] net: spread hub on AioContexts

[Liu Ping Fan]

From: Liu Ping Fan 

Forward packet to other hub ports by their AioContext.

Signed-off-by: Liu Ping Fan 
---
 hw/qdev-properties-system.c |1 +
 include/block/aio.h |1 +
 include/net/net.h   |5 +
 include/net/queue.h |   14 ++
 main-loop.c |5 +
 net/hub.c   |   33 ++---
 net/net.c   |1 +
 net/queue.c |4 ++--
 8 files changed, 59 insertions(+), 5 deletions(-)

diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c
index ce3af22..88f0acf 100644
--- a/hw/qdev-properties-system.c
+++ b/hw/qdev-properties-system.c
@@ -307,6 +307,7 @@ static void set_vlan(Object *obj, Visitor *v, void *opaque,
   name, prop->info->name);
 return;
 }
+hubport->info->reside(hubport, qemu_get_aio_context());
 *ptr = hubport;
 }
 
diff --git a/include/block/aio.h b/include/block/aio.h
index 5b54d38..bcb5126 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -229,6 +229,7 @@ bool qemu_aio_wait(void);
 void qemu_aio_set_event_notifier(EventNotifier *notifier,
  EventNotifierHandler *io_read,
  AioFlushEventNotifierHandler *io_flush);
+AioContext *qemu_get_aio_context(void);
 
 #ifdef CONFIG_POSIX
 void qemu_aio_set_fd_handler(int fd,
diff --git a/include/net/net.h b/include/net/net.h
index 43a045e..24563ef 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -8,6 +8,9 @@
 #include "net/queue.h"
 #include "migration/vmstate.h"
 #include "qapi-types.h"
+#include "qemu/thread.h"
+#include "block/aio.h"
+
 
 #define MAX_QUEUE_NUM 1024
 
@@ -44,6 +47,7 @@ typedef ssize_t (NetReceiveIOV)(NetClientState *, const 
struct iovec *, int);
 typedef void (NetCleanup) (NetClientState *);
 typedef void (LinkStatusChanged)(NetClientState *);
 typedef void (NetClientDestructor)(NetClientState *);
+typedef void (NetClientReside)(NetClientState *, AioContext *);
 
 typedef struct NetClientInfo {
 NetClientOptionsKind type;
@@ -55,6 +59,7 @@ typedef struct NetClientInfo {
 NetCleanup *cleanup;
 LinkStatusChanged *link_status_changed;
 NetPoll *poll;
+NetClientReside *reside;
 } NetClientInfo;
 
 struct NetClientState {
diff --git a/include/net/queue.h b/include/net/queue.h
index fc02b33..f60e57f 100644
--- a/include/net/queue.h
+++ b/include/net/queue.h
@@ -38,6 +38,20 @@ NetQueue *qemu_new_net_queue(void *opaque);
 
 void qemu_del_net_queue(NetQueue *queue);
 
+void qemu_net_queue_append(NetQueue *queue,
+  NetClientState *sender,
+  unsigned flags,
+  const uint8_t *buf,
+  size_t size,
+  NetPacketSent *sent_cb);
+
+void qemu_net_queue_append_iov(NetQueue *queue,
+  NetClientState *sender,
+  unsigned flags,
+  const struct iovec *iov,
+  int iovcnt,
+  NetPacketSent *sent_cb);
+
 ssize_t qemu_net_queue_send(NetQueue *queue,
 NetClientState *sender,
 unsigned flags,
diff --git a/main-loop.c b/main-loop.c
index 8c9b58c..eb80ff3 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -109,6 +109,11 @@ static int qemu_signal_init(void)
 
 static AioContext *qemu_aio_context;
 
+AioContext *qemu_get_aio_context(void)
+{
+return qemu_aio_context;
+}
+
 void qemu_notify_event(void)
 {
 if (!qemu_aio_context) {
diff --git a/net/hub.c b/net/hub.c
index a24c9d1..81d2a04 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -31,6 +31,8 @@ typedef struct NetHubPort {
 QLIST_ENTRY(NetHubPort) next;
 NetHub *hub;
 int id;
+EventNotifier e;
+AioContext *ctx;
 } NetHubPort;
 
 struct NetHub {
@@ -52,11 +54,20 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 continue;
 }
 
-qemu_send_packet(&port->nc, buf, len);
+qemu_net_queue_append(port->nc.peer->send_queue, &port->nc,
+QEMU_NET_PACKET_FLAG_NONE, buf, len, NULL);
+event_notifier_set(&port->e);
 }
 return len;
 }
 
+static void hub_port_deliver_packet(void *opaque)
+{
+NetHubPort *port = (NetHubPort *)opaque;
+
+qemu_net_queue_flush(port->nc.peer->send_queue);
+}
+
 static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort *source_port,
const struct iovec *iov, int iovcnt)
 {
@@ -68,7 +79,9 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 continue;
 }
 
-qemu_sendv_packet(&port->nc, iov, iovcnt);
+qemu_net_queue_append_iov(port->nc.peer->send_queue, &port->nc,
+QEMU_NET_PACKET

[Qemu-devel] [PATCH 2/3] net: introduce lock to protect NetClientState's send_queue

[Liu Ping Fan]

From: Liu Ping Fan 

Use nc->transfer_lock to protect the nc->peer->send_queue. All of the
deleter and senders will sync on this lock, so we can also survive across
unplug.

Signed-off-by: Liu Ping Fan 
---
 include/net/net.h   |4 +++
 include/net/queue.h |1 +
 net/hub.c   |   21 +-
 net/net.c   |   72 ---
 net/queue.c |   15 +-
 5 files changed, 105 insertions(+), 8 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h
index 24563ef..3e4b9df 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -63,6 +63,8 @@ typedef struct NetClientInfo {
 } NetClientInfo;
 
 struct NetClientState {
+/* protect peer's send_queue */
+QemuMutex transfer_lock;
 NetClientInfo *info;
 int link_down;
 QTAILQ_ENTRY(NetClientState) next;
@@ -78,6 +80,7 @@ struct NetClientState {
 
 typedef struct NICState {
 NetClientState ncs[MAX_QUEUE_NUM];
+NetClientState *pending_peer[MAX_QUEUE_NUM];
 NICConf *conf;
 void *opaque;
 bool peer_deleted;
@@ -105,6 +108,7 @@ NetClientState *qemu_find_vlan_client_by_name(Monitor *mon, 
int vlan_id,
   const char *client_str);
 typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque);
 void qemu_foreach_nic(qemu_nic_foreach func, void *opaque);
+int qemu_can_send_packet_nolock(NetClientState *sender);
 int qemu_can_send_packet(NetClientState *nc);
 ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov,
   int iovcnt);
diff --git a/include/net/queue.h b/include/net/queue.h
index f60e57f..0ecd23b 100644
--- a/include/net/queue.h
+++ b/include/net/queue.h
@@ -67,6 +67,7 @@ ssize_t qemu_net_queue_send_iov(NetQueue *queue,
 NetPacketSent *sent_cb);
 
 void qemu_net_queue_purge(NetQueue *queue, NetClientState *from);
+void qemu_net_queue_purge_all(NetQueue *queue);
 bool qemu_net_queue_flush(NetQueue *queue);
 
 #endif /* QEMU_NET_QUEUE_H */
diff --git a/net/hub.c b/net/hub.c
index 81d2a04..97c3ac3 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -53,9 +53,14 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 if (port == source_port) {
 continue;
 }
-
+qemu_mutex_lock(&port->nc.transfer_lock);
+if (!port->nc.peer) {
+qemu_mutex_unlock(&port->nc.transfer_lock);
+continue;
+}
 qemu_net_queue_append(port->nc.peer->send_queue, &port->nc,
 QEMU_NET_PACKET_FLAG_NONE, buf, len, NULL);
+qemu_mutex_unlock(&port->nc.transfer_lock);
 event_notifier_set(&port->e);
 }
 return len;
@@ -65,7 +70,13 @@ static void hub_port_deliver_packet(void *opaque)
 {
 NetHubPort *port = (NetHubPort *)opaque;
 
+qemu_mutex_lock(&port->nc.transfer_lock);
+if (!port->nc.peer) {
+qemu_mutex_unlock(&port->nc.transfer_lock);
+return;
+}
 qemu_net_queue_flush(port->nc.peer->send_queue);
+qemu_mutex_unlock(&port->nc.transfer_lock);
 }
 
 static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort *source_port,
@@ -78,10 +89,16 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 if (port == source_port) {
 continue;
 }
-
+qemu_mutex_lock(&port->nc.transfer_lock);
+if (!port->nc.peer) {
+qemu_mutex_unlock(&port->nc.transfer_lock);
+continue;
+}
 qemu_net_queue_append_iov(port->nc.peer->send_queue, &port->nc,
 QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt, NULL);
+qemu_mutex_unlock(&port->nc.transfer_lock);
 event_notifier_set(&port->e);
+
 }
 return len;
 }
diff --git a/net/net.c b/net/net.c
index 544542b..0acb933 100644
--- a/net/net.c
+++ b/net/net.c
@@ -207,6 +207,7 @@ static void qemu_net_client_setup(NetClientState *nc,
 nc->peer = peer;
 peer->peer = nc;
 }
+qemu_mutex_init(&nc->transfer_lock);
 QTAILQ_INSERT_TAIL(&net_clients, nc, next);
 
 nc->send_queue = qemu_new_net_queue(nc);
@@ -285,6 +286,7 @@ void *qemu_get_nic_opaque(NetClientState *nc)
 
 static void qemu_cleanup_net_client(NetClientState *nc)
 {
+/* This is the place where may be out of big lock, when dev finalized */
 QTAILQ_REMOVE(&net_clients, nc, next);
 
 if (nc->info->cleanup) {
@@ -307,6 +309,28 @@ static void qemu_free_net_client(NetClientState *nc)
 }
 }
 
+/* exclude race with rx/tx path, flush out peer's queue */
+static void qemu_flushout_net_client(NetClientState *nc)
+{
+NetClientState *peer;
+
+/* sync on receive path */
+peer = nc->peer;
+if (peer) {
+qemu_mutex_lock(&peer->transfer_lock);
+peer->peer = NULL;
+qemu_mutex_unlock(&peer->transfer_lock);
+}
+
+/* sync on send from this nc */
+qemu_mutex_lock(&nc->transfer_lock);
+nc->peer = NULL;
+   

[Qemu-devel] [PATCH 3/3] net: make netclient re-entrant with refcnt

[Liu Ping Fan]

From: Liu Ping Fan 

With refcnt, NetClientState's caller can run agaist reclaimer.

Signed-off-by: Liu Ping Fan 
---
 hw/qdev-properties-system.c |   14 ++
 include/net/net.h   |3 +++
 net/hub.c   |   29 -
 net/net.c   |   40 +++-
 net/slirp.c |3 ++-
 5 files changed, 78 insertions(+), 11 deletions(-)

diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c
index 88f0acf..b27cc16 100644
--- a/hw/qdev-properties-system.c
+++ b/hw/qdev-properties-system.c
@@ -301,6 +301,7 @@ static void set_vlan(Object *obj, Visitor *v, void *opaque,
 return;
 }
 
+/* inc ref, released when unset property */
 hubport = net_hub_port_find(id);
 if (!hubport) {
 error_set(errp, QERR_INVALID_PARAMETER_VALUE,
@@ -311,11 +312,24 @@ static void set_vlan(Object *obj, Visitor *v, void 
*opaque,
 *ptr = hubport;
 }
 
+static void release_vlan(Object *obj, const char *name, void *opaque)
+{
+DeviceState *dev = DEVICE(obj);
+Property *prop = opaque;
+NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop);
+NetClientState **ptr = &peers_ptr->ncs[0];
+
+if (*ptr) {
+netclient_unref(*ptr);
+}
+}
+
 PropertyInfo qdev_prop_vlan = {
 .name  = "vlan",
 .print = print_vlan,
 .get   = get_vlan,
 .set   = set_vlan,
+.release = release_vlan,
 };
 
 int qdev_prop_set_drive(DeviceState *dev, const char *name,
diff --git a/include/net/net.h b/include/net/net.h
index 3e4b9df..fd1eda6 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -63,6 +63,7 @@ typedef struct NetClientInfo {
 } NetClientInfo;
 
 struct NetClientState {
+int ref;
 /* protect peer's send_queue */
 QemuMutex transfer_lock;
 NetClientInfo *info;
@@ -89,6 +90,8 @@ typedef struct NICState {
 NetClientState *qemu_find_netdev(const char *id);
 int qemu_find_net_clients_except(const char *id, NetClientState **ncs,
  NetClientOptionsKind type, int max);
+void netclient_ref(NetClientState *nc);
+void netclient_unref(NetClientState *nc);
 NetClientState *qemu_new_net_client(NetClientInfo *info,
 NetClientState *peer,
 const char *model,
diff --git a/net/hub.c b/net/hub.c
index 97c3ac3..ab4448e 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -36,6 +36,7 @@ typedef struct NetHubPort {
 } NetHubPort;
 
 struct NetHub {
+QemuMutex lock;
 int id;
 QLIST_ENTRY(NetHub) next;
 int num_ports;
@@ -49,6 +50,7 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 {
 NetHubPort *port;
 
+qemu_mutex_lock(&hub->lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == source_port) {
 continue;
@@ -63,6 +65,7 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 qemu_mutex_unlock(&port->nc.transfer_lock);
 event_notifier_set(&port->e);
 }
+qemu_mutex_unlock(&hub->lock);
 return len;
 }
 
@@ -85,6 +88,7 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 NetHubPort *port;
 ssize_t len = iov_size(iov, iovcnt);
 
+qemu_mutex_lock(&hub->lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == source_port) {
 continue;
@@ -100,6 +104,8 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 event_notifier_set(&port->e);
 
 }
+qemu_mutex_unlock(&hub->lock);
+
 return len;
 }
 
@@ -111,7 +117,7 @@ static NetHub *net_hub_new(int id)
 hub->id = id;
 hub->num_ports = 0;
 QLIST_INIT(&hub->ports);
-
+qemu_mutex_init(&hub->lock);
 QLIST_INSERT_HEAD(&hubs, hub, next);
 
 return hub;
@@ -123,15 +129,18 @@ static int net_hub_port_can_receive(NetClientState *nc)
 NetHubPort *src_port = DO_UPCAST(NetHubPort, nc, nc);
 NetHub *hub = src_port->hub;
 
+qemu_mutex_lock(&hub->lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == src_port) {
 continue;
 }
 
 if (qemu_can_send_packet(&port->nc)) {
+qemu_mutex_unlock(&hub->lock);
 return 1;
 }
 }
+qemu_mutex_unlock(&hub->lock);
 
 return 0;
 }
@@ -160,7 +169,9 @@ static void net_hub_port_cleanup(NetClientState *nc)
 aio_set_fd_handler(port->ctx, event_notifier_get_fd(&port->e),
 NULL, NULL, NULL, NULL);
 }
+qemu_mutex_lock(&port->hub->lock);
 QLIST_REMOVE(port, next);
+qemu_mutex_unlock(&port->hub->lock);
 }
 
 static void net_hub_port_reside(NetClientState *nc, AioContext *ctx)
@@ -200,7 +211,9 @@ static NetHubPort *net_hub_port_new(NetHub *hub, const char 
*name)
 port->id = id;
 port->hub = hub;
 event_notifier_init(&port->e, 0);
+qemu_mutex_lock(&hub->lock);
 QLIST_INSERT_HEAD(&hub->ports, port, next);
+q

Re: [Qemu-devel] [PATCH 0/6] Drop the irredeemably racy cpu_unlink_tb()

[Peter Maydell]

Ping!

thanks
-- PMM

On 23 February 2013 02:09, Peter Maydell  wrote:
> This patch series gets rid of cpu_unlink_tb(), which is irredeemably
> racy, since it modifies the TB graph with no locking from other
> threads, signal handlers, etc etc. (The signal handler case is
> why you can't just fix this with more locks.) Instead we take the
> much simpler approach of setting a flag for the CPU when we want
> it to stop executing TBs, and generate code to check the flag at
> the start of every TB. The raciness is easiest to provoke with
> multithreaded linux-user guests but it is I think also a risk
> in system emulation mode.
>
> This fixes the crashes seen in LP:668799; however there are another
> class of crashes described in LP:1098729 which stem from the fact
> that in linux-user with a multithreaded guest all threads will
> use and modify the same global TCG date structures (including the
> generated code buffer) without any kind of locking. This means that
> multithreaded guest binaries are still in the "unsupported" category.
>
> Patch 1 has been on the list before, but I improved the comment
> a bit [no code changes from the previously posted version] which
> is why I haven't given it rth's reviewed-by tag.
>
> The ENV_OFFSET macros patch is one from an old patch series
> of Andreas'; we need some way in generic code to find the offset
> of a CPUState field from the CPUArchState pointer. (The commit
> message is mine, though.)
>
> I've tested this in various ways, and also ran a popular embedded
> benchmark. This is the worst case for this change, since it is
> compute intensive code in a situation that shouldn't have too
> many interrupts; the slowdown varied from benchmark to benchmark
> but was generally something like 3-5%. I think that's an acceptably
> small hit to gain actual correctness and non-crashiness :-)
>
>
> Andreas Färber (1):
>   cpu: Introduce ENV_OFFSET macros
>
> Peter Maydell (5):
>   tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
>   cpu-exec: wrap tcg_qemu_tb_exec() in a fn to restore the PC
>   Handle CPU interrupts by inline checking of a flag
>   translate-all.c: Remove cpu_unlink_tb()
>   gen-icount.h: Rename gen_icount_start/end to gen_tb_start/end
>
>  cpu-exec.c|   59 +
>  exec.c|2 +-
>  include/exec/gen-icount.h |   18 --
>  include/qom/cpu.h |3 ++
>  target-alpha/cpu-qom.h|1 +
>  target-alpha/translate.c  |4 +--
>  target-arm/cpu-qom.h  |2 ++
>  target-arm/translate.c|4 +--
>  target-cris/cpu-qom.h |1 +
>  target-cris/translate.c   |4 +--
>  target-i386/cpu-qom.h |1 +
>  target-i386/translate.c   |4 +--
>  target-lm32/cpu-qom.h |1 +
>  target-lm32/translate.c   |4 +--
>  target-m68k/cpu-qom.h |1 +
>  target-m68k/translate.c   |4 +--
>  target-microblaze/cpu-qom.h   |1 +
>  target-microblaze/translate.c |4 +--
>  target-mips/cpu-qom.h |1 +
>  target-mips/translate.c   |4 +--
>  target-openrisc/cpu.h |2 ++
>  target-openrisc/translate.c   |4 +--
>  target-ppc/cpu-qom.h  |3 +-
>  target-ppc/translate.c|4 +--
>  target-s390x/cpu-qom.h|1 +
>  target-s390x/translate.c  |4 +--
>  target-sh4/cpu-qom.h  |1 +
>  target-sh4/translate.c|4 +--
>  target-sparc/cpu-qom.h|1 +
>  target-sparc/translate.c  |4 +--
>  target-unicore32/cpu-qom.h|1 +
>  target-unicore32/translate.c  |4 +--
>  target-xtensa/cpu-qom.h   |1 +
>  target-xtensa/translate.c |4 +--
>  tcg/tcg.h |   49 ++-
>  translate-all.c   |   73 
> ++---
>  36 files changed, 162 insertions(+), 121 deletions(-)
>
> --
> 1.7.9.5
>
>

Re: [Qemu-devel] [PATCH] sysbus: Guard against NULL SysBusDevice::init fn

[Peter Maydell]

On 3 March 2013 21:19, Andreas Färber  wrote:
> Am 03.03.2013 06:30, schrieb Peter Crosthwaite:
>> Fix by guarding the call to SysBusDevice::init against a NULL pointer. If no
>> pointer is defined return 0 without action.
>>
>> Signed-off-by: Peter Crosthwaite 
>
> While the patch is correct, I believe PMM already posted one using an
> extra if two weeks ago as part of some series...

Yep, http://patchwork.ozlabs.org/patch/222985/

-- PMM

Re: [Qemu-devel] [PATCH 0/6] Drop the irredeemably racy cpu_unlink_tb()

[Blue Swirl]

Thanks, applied all.

On Fri, Feb 22, 2013 at 6:09 PM, Peter Maydell  wrote:
> This patch series gets rid of cpu_unlink_tb(), which is irredeemably
> racy, since it modifies the TB graph with no locking from other
> threads, signal handlers, etc etc. (The signal handler case is
> why you can't just fix this with more locks.) Instead we take the
> much simpler approach of setting a flag for the CPU when we want
> it to stop executing TBs, and generate code to check the flag at
> the start of every TB. The raciness is easiest to provoke with
> multithreaded linux-user guests but it is I think also a risk
> in system emulation mode.
>
> This fixes the crashes seen in LP:668799; however there are another
> class of crashes described in LP:1098729 which stem from the fact
> that in linux-user with a multithreaded guest all threads will
> use and modify the same global TCG date structures (including the
> generated code buffer) without any kind of locking. This means that
> multithreaded guest binaries are still in the "unsupported" category.
>
> Patch 1 has been on the list before, but I improved the comment
> a bit [no code changes from the previously posted version] which
> is why I haven't given it rth's reviewed-by tag.
>
> The ENV_OFFSET macros patch is one from an old patch series
> of Andreas'; we need some way in generic code to find the offset
> of a CPUState field from the CPUArchState pointer. (The commit
> message is mine, though.)
>
> I've tested this in various ways, and also ran a popular embedded
> benchmark. This is the worst case for this change, since it is
> compute intensive code in a situation that shouldn't have too
> many interrupts; the slowdown varied from benchmark to benchmark
> but was generally something like 3-5%. I think that's an acceptably
> small hit to gain actual correctness and non-crashiness :-)
>
>
> Andreas Färber (1):
>   cpu: Introduce ENV_OFFSET macros
>
> Peter Maydell (5):
>   tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
>   cpu-exec: wrap tcg_qemu_tb_exec() in a fn to restore the PC
>   Handle CPU interrupts by inline checking of a flag
>   translate-all.c: Remove cpu_unlink_tb()
>   gen-icount.h: Rename gen_icount_start/end to gen_tb_start/end
>
>  cpu-exec.c|   59 +
>  exec.c|2 +-
>  include/exec/gen-icount.h |   18 --
>  include/qom/cpu.h |3 ++
>  target-alpha/cpu-qom.h|1 +
>  target-alpha/translate.c  |4 +--
>  target-arm/cpu-qom.h  |2 ++
>  target-arm/translate.c|4 +--
>  target-cris/cpu-qom.h |1 +
>  target-cris/translate.c   |4 +--
>  target-i386/cpu-qom.h |1 +
>  target-i386/translate.c   |4 +--
>  target-lm32/cpu-qom.h |1 +
>  target-lm32/translate.c   |4 +--
>  target-m68k/cpu-qom.h |1 +
>  target-m68k/translate.c   |4 +--
>  target-microblaze/cpu-qom.h   |1 +
>  target-microblaze/translate.c |4 +--
>  target-mips/cpu-qom.h |1 +
>  target-mips/translate.c   |4 +--
>  target-openrisc/cpu.h |2 ++
>  target-openrisc/translate.c   |4 +--
>  target-ppc/cpu-qom.h  |3 +-
>  target-ppc/translate.c|4 +--
>  target-s390x/cpu-qom.h|1 +
>  target-s390x/translate.c  |4 +--
>  target-sh4/cpu-qom.h  |1 +
>  target-sh4/translate.c|4 +--
>  target-sparc/cpu-qom.h|1 +
>  target-sparc/translate.c  |4 +--
>  target-unicore32/cpu-qom.h|1 +
>  target-unicore32/translate.c  |4 +--
>  target-xtensa/cpu-qom.h   |1 +
>  target-xtensa/translate.c |4 +--
>  tcg/tcg.h |   49 ++-
>  translate-all.c   |   73 
> ++---
>  36 files changed, 162 insertions(+), 121 deletions(-)
>
> --
> 1.7.9.5
>

Re: [Qemu-devel] [PATCH v7 2/4] Add moxie disassembler

[Blue Swirl]

On Sun, Mar 3, 2013 at 1:07 PM, Anthony Green  wrote:
>
> Signed-off-by: Anthony Green 
> ---
>  disas.c |   6 +
>  disas/Makefile.objs |   1 +
>  disas/moxie.c   | 360 
> 
>  include/disas/bfd.h |  66 +-
>  4 files changed, 401 insertions(+), 32 deletions(-)
>  create mode 100644 disas/moxie.c
>
> diff --git a/disas.c b/disas.c
> index a46faee..74d3ba0 100644
> --- a/disas.c
> +++ b/disas.c
> @@ -256,6 +256,9 @@ void target_disas(FILE *out, CPUArchState *env, 
> target_ulong code,
>  #elif defined(TARGET_MICROBLAZE)
>  s.info.mach = bfd_arch_microblaze;
>  print_insn = print_insn_microblaze;
> +#elif defined(TARGET_MOXIE)
> +s.info.mach = bfd_arch_moxie;
> +print_insn = print_insn_moxie;
>  #elif defined(TARGET_LM32)
>  s.info.mach = bfd_mach_lm32;
>  print_insn = print_insn_lm32;
> @@ -462,6 +465,9 @@ void monitor_disas(Monitor *mon, CPUArchState *env,
>  #elif defined(TARGET_S390X)
>  s.info.mach = bfd_mach_s390_64;
>  print_insn = print_insn_s390;
> +#elif defined(TARGET_MOXIE)
> +s.info.mach = bfd_arch_moxie;
> +print_insn = print_insn_moxie;
>  #elif defined(TARGET_LM32)
>  s.info.mach = bfd_mach_lm32;
>  print_insn = print_insn_lm32;
> diff --git a/disas/Makefile.objs b/disas/Makefile.objs
> index ed75f9a..3b1e77a 100644
> --- a/disas/Makefile.objs
> +++ b/disas/Makefile.objs
> @@ -7,6 +7,7 @@ common-obj-$(CONFIG_IA64_DIS) += ia64.o
>  common-obj-$(CONFIG_M68K_DIS) += m68k.o
>  common-obj-$(CONFIG_MICROBLAZE_DIS) += microblaze.o
>  common-obj-$(CONFIG_MIPS_DIS) += mips.o
> +common-obj-$(CONFIG_MOXIE_DIS) += moxie.o
>  common-obj-$(CONFIG_PPC_DIS) += ppc.o
>  common-obj-$(CONFIG_S390_DIS) += s390.o
>  common-obj-$(CONFIG_SH4_DIS) += sh4.o
> diff --git a/disas/moxie.c b/disas/moxie.c
> new file mode 100644
> index 000..4c5f180
> --- /dev/null
> +++ b/disas/moxie.c
> @@ -0,0 +1,360 @@
> +/* Disassemble moxie instructions.
> +   Copyright (c) 2009  Free Software Foundation, Inc.
> +
> +   This program is free software; you can redistribute it and/or modify
> +   it under the terms of the GNU General Public License as published by
> +   the Free Software Foundation; either version 2 of the License, or
> +   (at your option) any later version.
> +
> +   This program is distributed in the hope that it will be useful,
> +   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +   GNU General Public License for more details.
> +
> +   You should have received a copy of the GNU General Public License
> +   along with this program; if not, see . */
> +
> +#include 
> +#define STATIC_TABLE
> +#define DEFINE_TABLE
> +
> +#include "disas/bfd.h"
> +
> +static void *stream;
> +
> +/* Form 1 instructions come in different flavors:
> +
> +   Some have no arguments  (MOXIE_F1_NARG)
> +   Some only use the A operand (MOXIE_F1_A)
> +   Some use A and B registers  (MOXIE_F1_AB)
> +   Some use A and consume a 4 byte immediate value (MOXIE_F1_A4)
> +   Some use just a 4 byte immediate value  (MOXIE_F1_4)
> +   Some use just a 4 byte memory address   (MOXIE_F1_M)
> +   Some use B and an indirect A(MOXIE_F1_AiB)
> +   Some use A and an indirect B(MOXIE_F1_ABi)
> +   Some consume a 4 byte immediate value and use X (MOXIE_F1_4A)
> +   Some use B and an indirect A plus 4 bytes   (MOXIE_F1_AiB4)
> +   Some use A and an indirect B plus 4 bytes   (MOXIE_F1_ABi4)
> +
> +   Form 2 instructions also come in different flavors:
> +
> +   Some have no arguments  (MOXIE_F2_NARG)
> +   Some use the A register and an 8-bit value  (MOXIE_F2_A8V)
> +
> +   Form 3 instructions also come in different flavors:
> +
> +   Some have no arguments  (MOXIE_F3_NARG)
> +   Some have a 10-bit PC relative operand  (MOXIE_F3_PCREL).  */
> +
> +#define MOXIE_F1_NARG 0x100
> +#define MOXIE_F1_A0x101
> +#define MOXIE_F1_AB   0x102
> +/* #define MOXIE_F1_ABC  0x103 */
> +#define MOXIE_F1_A4   0x104
> +#define MOXIE_F1_40x105
> +#define MOXIE_F1_AiB  0x106
> +#define MOXIE_F1_ABi  0x107
> +#define MOXIE_F1_4A   0x108
> +#define MOXIE_F1_AiB4 0x109
> +#define MOXIE_F1_ABi4 0x10a
> +#define MOXIE_F1_M0x10b
> +
> +#define MOXIE_F2_NARG 0x200
> +#define MOXIE_F2_A8V  0x201
> +
> +#define MOXIE_F3_NARG  0x300
> +#define MOXIE_F3_PCREL 0x301
> +
> +typedef struct moxie_opc_info_t {
> +short opcode;
> +unsigned  itype;
> +const char *  name;
> +} moxie_opc_info_t;
> +
> +extern const moxie_opc_info_t moxie_form1_opc_info[64];
> +extern const moxie_opc_info_t moxie_form2_opc_info[4];
> +extern const moxie_opc_info_t moxie_form3_opc_info[16];
> +
> +/* The moxie processor's 16-bit instructions come in two forms:
> +

Re: [Qemu-devel] [PATCH v7 1/4] Add moxie target code

[Blue Swirl]

On Sun, Mar 3, 2013 at 1:07 PM, Anthony Green  wrote:
>
> Signed-off-by: Anthony Green 
> ---
>  target-moxie/Makefile.objs |2 +
>  target-moxie/cpu.c |  172 
>  target-moxie/cpu.h |  170 
>  target-moxie/helper.c  |  170 
>  target-moxie/helper.h  |9 +
>  target-moxie/machine.c |   27 ++
>  target-moxie/machine.h |2 +
>  target-moxie/mmu.c |   36 ++
>  target-moxie/mmu.h |   19 +
>  target-moxie/translate.c   | 1003 
> 
>  10 files changed, 1610 insertions(+)
>  create mode 100644 target-moxie/Makefile.objs
>  create mode 100644 target-moxie/cpu.c
>  create mode 100644 target-moxie/cpu.h
>  create mode 100644 target-moxie/helper.c
>  create mode 100644 target-moxie/helper.h
>  create mode 100644 target-moxie/machine.c
>  create mode 100644 target-moxie/machine.h
>  create mode 100644 target-moxie/mmu.c
>  create mode 100644 target-moxie/mmu.h
>  create mode 100644 target-moxie/translate.c
>
> diff --git a/target-moxie/Makefile.objs b/target-moxie/Makefile.objs
> new file mode 100644
> index 000..6381d4d
> --- /dev/null
> +++ b/target-moxie/Makefile.objs
> @@ -0,0 +1,2 @@
> +obj-y += translate.o helper.o machine.o cpu.o machine.o
> +obj-$(CONFIG_SOFTMMU) += mmu.o
> diff --git a/target-moxie/cpu.c b/target-moxie/cpu.c
> new file mode 100644
> index 000..c17d3f0
> --- /dev/null
> +++ b/target-moxie/cpu.c
> @@ -0,0 +1,172 @@
> +/*
> + * QEMU Moxie CPU
> + *
> + * Copyright (c) 2013 Anthony Green
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program.  If not, see .
> + */
> +
> +#include "cpu.h"
> +#include "qemu-common.h"
> +#include "migration/vmstate.h"
> +#include "machine.h"
> +
> +static void moxie_cpu_reset(CPUState *s)
> +{
> +MoxieCPU *cpu = MOXIE_CPU(s);
> +MoxieCPUClass *mcc = MOXIE_CPU_GET_CLASS(cpu);
> +CPUMoxieState *env = &cpu->env;
> +
> +if (qemu_loglevel_mask(CPU_LOG_RESET)) {
> +qemu_log("CPU Reset (CPU %d)\n", s->cpu_index);
> +log_cpu_state(env, 0);
> +}
> +
> +mcc->parent_reset(s);
> +
> +memset(env, 0, offsetof(CPUMoxieState, breakpoints));
> +env->pc = 0x1000;
> +
> +tlb_flush(env, 1);
> +}
> +
> +static void moxie_cpu_realizefn(DeviceState *dev, Error **errp)
> +{
> +MoxieCPU *cpu = MOXIE_CPU(dev);
> +MoxieCPUClass *occ = MOXIE_CPU_GET_CLASS(dev);
> +
> +qemu_init_vcpu(&cpu->env);
> +cpu_reset(CPU(cpu));
> +
> +occ->parent_realize(dev, errp);
> +}
> +
> +static void moxie_cpu_initfn(Object *obj)
> +{
> +CPUState *cs = CPU(obj);
> +MoxieCPU *cpu = MOXIE_CPU(obj);
> +static int inited;
> +
> +cs->env_ptr = &cpu->env;
> +cpu_exec_init(&cpu->env);
> +
> +if (tcg_enabled() && !inited) {
> +inited = 1;
> +moxie_translate_init();
> +}
> +}
> +
> +static ObjectClass *moxie_cpu_class_by_name(const char *cpu_model)
> +{
> +ObjectClass *oc;
> +
> +if (cpu_model == NULL) {
> +return NULL;
> +}
> +
> +oc = object_class_by_name(cpu_model);
> +if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_MOXIE_CPU) ||
> +   object_class_is_abstract(oc))) {
> +return NULL;
> +}
> +return oc;
> +}
> +
> +static void moxie_cpu_class_init(ObjectClass *oc, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(oc);
> +CPUClass *cc = CPU_CLASS(oc);
> +MoxieCPUClass *mcc = MOXIE_CPU_CLASS(oc);
> +
> +mcc->parent_realize = dc->realize;
> +dc->realize = moxie_cpu_realizefn;
> +
> +mcc->parent_reset = cc->reset;
> +cc->reset = moxie_cpu_reset;
> +
> +cc->class_by_name = moxie_cpu_class_by_name;
> +
> +dc->vmsd = &vmstate_moxie_cpu;
> +}
> +
> +static void moxielite_initfn(Object *obj)
> +{
> +/* Set cpu feature flags */
> +}
> +
> +static void moxie_any_initfn(Object *obj)
> +{
> +/* Set cpu feature flags */
> +}
> +
> +typedef struct MoxieCPUInfo {
> +const char *name;
> +void (*initfn)(Object *obj);
> +} MoxieCPUInfo;
> +
> +static const MoxieCPUInfo moxie_cpus[] = {
> +{ .name = "MoxieLite",  .initfn = moxielite_initfn },
> +{ .name = "any",.initfn = moxie_any_initfn },
> +};
> +
> +MoxieCPU *cpu_moxie_init(const char *cpu_model)
> +{
> +MoxieCPU *cpu;
> +ObjectClass *oc;
> +
> +oc = moxie_cpu_class_

[Qemu-devel] [PATCH v4 0/2] PCI learns about VGA

[Alex Williamson]

Bridges aren't the only thing that needs to know about VGA, any class
VGA device can register for VGA.  This adds infrastructure to PCI to
allow devices to register VGA regions and incorporates the previous
PCI bridge only patch to also make use of this.  vfio-pci will also
use the pci_register_vga() interface when attaching VGA devices.

v4: Add common pci_vga_[un]register helpers and convert pci_bridge
v3: pci_bridge only: add comments and enable bits for snooping & alias
v2: pci_bridge only: BRIDGE_CONTROL is 2 bytes

---

Alex Williamson (2):
  pci: Add PCI VGA helpers
  pci: Teach PCI Bridges about VGA routing


 hw/pci/pci.c|   65 +++
 hw/pci/pci.h|   21 
 hw/pci/pci_bridge.c |   45 ++-
 hw/pci/pci_bus.h|7 +
 hw/pci/pcie_port.c  |2 ++
 5 files changed, 138 insertions(+), 2 deletions(-)

[Qemu-devel] [PATCH v4 1/2] pci: Add PCI VGA helpers

[Alex Williamson]

Allow devices to register VGA memory regions for handling PCI spec
defined VGA I/O port and MMIO areas.  PCI will attach these to the
bus address spaces and enable them according to the device command
register value.

Signed-off-by: Alex Williamson 
---
 hw/pci/pci.c |   61 ++
 hw/pci/pci.h |   21 
 2 files changed, 82 insertions(+)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 2f45c8f..ed43111 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -875,6 +875,8 @@ static void pci_unregister_io_regions(PCIDevice *pci_dev)
 continue;
 memory_region_del_subregion(r->address_space, r->memory);
 }
+
+pci_unregister_vga(pci_dev);
 }
 
 static int pci_unregister_device(DeviceState *dev)
@@ -937,6 +939,63 @@ void pci_register_bar(PCIDevice *pci_dev, int region_num,
 : pci_dev->bus->address_space_mem;
 }
 
+static void pci_update_vga(PCIDevice *pci_dev)
+{
+uint16_t cmd;
+
+if (!pci_dev->has_vga) {
+return;
+}
+
+cmd = pci_get_word(pci_dev->config + PCI_COMMAND);
+
+memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_MEM],
+  cmd & PCI_COMMAND_MEMORY);
+memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO],
+  cmd & PCI_COMMAND_IO);
+memory_region_set_enabled(pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI],
+  cmd & PCI_COMMAND_IO);
+}
+
+void pci_register_vga(PCIDevice *pci_dev, MemoryRegion *mem,
+  MemoryRegion *io_lo, MemoryRegion *io_hi)
+{
+assert(!pci_dev->has_vga);
+
+assert(memory_region_size(mem) == QEMU_PCI_VGA_MEM_SIZE);
+pci_dev->vga_regions[QEMU_PCI_VGA_MEM] = mem;
+memory_region_add_subregion_overlap(pci_dev->bus->address_space_mem,
+QEMU_PCI_VGA_MEM_BASE, mem, 1);
+
+assert(memory_region_size(io_lo) == QEMU_PCI_VGA_IO_LO_SIZE);
+pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO] = io_lo;
+memory_region_add_subregion_overlap(pci_dev->bus->address_space_io,
+QEMU_PCI_VGA_IO_LO_BASE, io_lo, 1);
+
+assert(memory_region_size(io_hi) == QEMU_PCI_VGA_IO_HI_SIZE);
+pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI] = io_hi;
+memory_region_add_subregion_overlap(pci_dev->bus->address_space_io,
+QEMU_PCI_VGA_IO_HI_BASE, io_hi, 1);
+pci_dev->has_vga = true;
+
+pci_update_vga(pci_dev);
+}
+
+void pci_unregister_vga(PCIDevice *pci_dev)
+{
+if (!pci_dev->has_vga) {
+return;
+}
+
+memory_region_del_subregion(pci_dev->bus->address_space_mem,
+pci_dev->vga_regions[QEMU_PCI_VGA_MEM]);
+memory_region_del_subregion(pci_dev->bus->address_space_io,
+pci_dev->vga_regions[QEMU_PCI_VGA_IO_LO]);
+memory_region_del_subregion(pci_dev->bus->address_space_io,
+pci_dev->vga_regions[QEMU_PCI_VGA_IO_HI]);
+pci_dev->has_vga = false;
+}
+
 pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num)
 {
 return pci_dev->io_regions[region_num].addr;
@@ -1036,6 +1095,8 @@ static void pci_update_mappings(PCIDevice *d)
 r->addr, r->memory, 1);
 }
 }
+
+pci_update_vga(d);
 }
 
 static inline int pci_irq_disabled(PCIDevice *d)
diff --git a/hw/pci/pci.h b/hw/pci/pci.h
index f340fe5..d837a65 100644
--- a/hw/pci/pci.h
+++ b/hw/pci/pci.h
@@ -108,6 +108,20 @@ typedef struct PCIIORegion {
 #define PCI_ROM_SLOT 6
 #define PCI_NUM_REGIONS 7
 
+enum {
+QEMU_PCI_VGA_MEM,
+QEMU_PCI_VGA_IO_LO,
+QEMU_PCI_VGA_IO_HI,
+QEMU_PCI_VGA_NUM_REGIONS,
+};
+
+#define QEMU_PCI_VGA_MEM_BASE 0xa
+#define QEMU_PCI_VGA_MEM_SIZE 0x2
+#define QEMU_PCI_VGA_IO_LO_BASE 0x3b0
+#define QEMU_PCI_VGA_IO_LO_SIZE 0xc
+#define QEMU_PCI_VGA_IO_HI_BASE 0x3c0
+#define QEMU_PCI_VGA_IO_HI_SIZE 0x20
+
 #include "hw/pci/pci_regs.h"
 
 /* PCI HEADER_TYPE */
@@ -234,6 +248,10 @@ struct PCIDevice {
 /* IRQ objects for the INTA-INTD pins.  */
 qemu_irq *irq;
 
+/* Legacy PCI VGA regions */
+MemoryRegion *vga_regions[QEMU_PCI_VGA_NUM_REGIONS];
+bool has_vga;
+
 /* Current IRQ levels.  Used internally by the generic PCI code.  */
 uint8_t irq_state;
 
@@ -287,6 +305,9 @@ struct PCIDevice {
 
 void pci_register_bar(PCIDevice *pci_dev, int region_num,
   uint8_t attr, MemoryRegion *memory);
+void pci_register_vga(PCIDevice *pci_dev, MemoryRegion *mem,
+  MemoryRegion *io_lo, MemoryRegion *io_hi);
+void pci_unregister_vga(PCIDevice *pci_dev);
 pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num);
 
 int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,

[Qemu-devel] [PATCH v4 2/2] pci: Teach PCI Bridges about VGA routing

[Alex Williamson]

Each PCI Bridge has a set of implied VGA regions that are enabled when
the VGA bit is set in the bridge control register.  This allows VGA
devices behind bridges.  Unfortunately with VGA Enable, which we
formerly allowed but didn't back, comes along some required VGA
baggage.  VGA Palette Snooping is required, along with VGA 16-bit
decoding.  We don't yet have support for palette snooping, but we do
make the bit writable on bridges.  We also don't have support for
10-bit VGA aliases, the default mode, but we enable the register, even
on root ports, to avoid confusing guests.  Fortunately there's likely
nothing from this century that requires these features, so the missing
bits are noted with TODOs.

Signed-off-by: Alex Williamson 
---
 hw/pci/pci.c|4 
 hw/pci/pci_bridge.c |   45 +++--
 hw/pci/pci_bus.h|7 +++
 hw/pci/pcie_port.c  |2 ++
 4 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index ed43111..a881602 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -674,6 +674,10 @@ static void pci_init_mask_bridge(PCIDevice *d)
 #define  PCI_BRIDGE_CTL_SEC_DISCARD0x200   /* Secondary discard timer */
 #define  PCI_BRIDGE_CTL_DISCARD_STATUS 0x400   /* Discard timer status */
 #define  PCI_BRIDGE_CTL_DISCARD_SERR   0x800   /* Discard timer SERR# enable */
+/*
+ * TODO: Bridges default to 10-bit VGA decoding but we currently only
+ * implement 16-bit decoding (no alias support).
+ */
 pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
  PCI_BRIDGE_CTL_PARITY |
  PCI_BRIDGE_CTL_SERR |
diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index 995842a..84e7c19 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -151,6 +151,28 @@ static void pci_bridge_init_alias(PCIBridge *bridge, 
MemoryRegion *alias,
 memory_region_add_subregion_overlap(parent_space, base, alias, 1);
 }
 
+static void pci_bridge_init_vga_aliases(PCIBridge *br, PCIBus *parent,
+MemoryRegion *alias_vga)
+{
+uint16_t brctl = pci_get_word(br->dev.config + PCI_BRIDGE_CONTROL);
+
+memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_IO_LO],
+ "pci_bridge_vga_io_lo", &br->address_space_io,
+ QEMU_PCI_VGA_IO_LO_BASE, QEMU_PCI_VGA_IO_LO_SIZE);
+memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_IO_HI],
+ "pci_bridge_vga_io_hi", &br->address_space_io,
+ QEMU_PCI_VGA_IO_HI_BASE, QEMU_PCI_VGA_IO_HI_SIZE);
+memory_region_init_alias(&alias_vga[QEMU_PCI_VGA_MEM],
+ "pci_bridge_vga_mem", &br->address_space_mem,
+ QEMU_PCI_VGA_MEM_BASE, QEMU_PCI_VGA_MEM_SIZE);
+
+if (brctl & PCI_BRIDGE_CTL_VGA) {
+pci_register_vga(&br->dev, &alias_vga[QEMU_PCI_VGA_MEM],
+ &alias_vga[QEMU_PCI_VGA_IO_LO],
+ &alias_vga[QEMU_PCI_VGA_IO_HI]);
+}
+}
+
 static PCIBridgeWindows *pci_bridge_region_init(PCIBridge *br)
 {
 PCIBus *parent = br->dev.bus;
@@ -175,7 +197,8 @@ static PCIBridgeWindows *pci_bridge_region_init(PCIBridge 
*br)
   &br->address_space_io,
   parent->address_space_io,
   cmd & PCI_COMMAND_IO);
-   /* TODO: optinal VGA and VGA palette snooping support. */
+
+pci_bridge_init_vga_aliases(br, parent, w->alias_vga);
 
 return w;
 }
@@ -187,6 +210,7 @@ static void pci_bridge_region_del(PCIBridge *br, 
PCIBridgeWindows *w)
 memory_region_del_subregion(parent->address_space_io, &w->alias_io);
 memory_region_del_subregion(parent->address_space_mem, &w->alias_mem);
 memory_region_del_subregion(parent->address_space_mem, &w->alias_pref_mem);
+pci_unregister_vga(&br->dev);
 }
 
 static void pci_bridge_region_cleanup(PCIBridge *br, PCIBridgeWindows *w)
@@ -194,6 +218,9 @@ static void pci_bridge_region_cleanup(PCIBridge *br, 
PCIBridgeWindows *w)
 memory_region_destroy(&w->alias_io);
 memory_region_destroy(&w->alias_mem);
 memory_region_destroy(&w->alias_pref_mem);
+memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_IO_LO]);
+memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_IO_HI]);
+memory_region_destroy(&w->alias_vga[QEMU_PCI_VGA_MEM]);
 g_free(w);
 }
 
@@ -227,7 +254,10 @@ void pci_bridge_write_config(PCIDevice *d,
 
 /* memory base/limit, prefetchable base/limit and
io base/limit upper 16 */
-ranges_overlap(address, len, PCI_MEMORY_BASE, 20)) {
+ranges_overlap(address, len, PCI_MEMORY_BASE, 20) ||
+
+/* vga enable */
+ranges_overlap(address, len, PCI_BRIDGE_CONTROL, 2)) {
 pci_bridge_update_mappings(s);
 }
 
@@ -306,6 +336,17 @@ int pci_bridge_initfn(PCIDevice *dev)
 
 pci_word_test_and_set_mask(dev->config + PCI_STATUS,
PCI_ST

[Qemu-devel] [PATCH] configure: require spice-protocol >= 0.12.3

[Alon Levy]

Required since v1.4.0-rc0

For SPICE_PORT_EVENT_BREAK used by spice-qemu-char.c since:

commit 5a49d3e9a799b7e1bf87da7ae7f2a719e01da319
Author: Marc-André Lureau 
Date:   Wed Dec 5 16:15:34 2012 +0100

spice-qemu-char: add spiceport chardev

Signed-off-by: Alon Levy 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 19738ac..82b7b54 100755
--- a/configure
+++ b/configure
@@ -2867,7 +2867,7 @@ EOF
   spice_cflags=$($pkg_config --cflags spice-protocol spice-server 2>/dev/null)
   spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null)
   if $pkg_config --atleast-version=0.12.0 spice-server >/dev/null 2>&1 && \
- $pkg_config --atleast-version=0.12.2 spice-protocol > /dev/null 2>&1 && \
+ $pkg_config --atleast-version=0.12.3 spice-protocol > /dev/null 2>&1 && \
  compile_prog "$spice_cflags" "$spice_libs" ; then
 spice="yes"
 libs_softmmu="$libs_softmmu $spice_libs"
-- 
1.8.1.2

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[Colin Watson]

** Tags added: qemu-user-ubuntu

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

Re: [Qemu-devel] [PATCH] configure: require spice-protocol >= 0.12.3

[Doug Goldstein]

On Sun, Mar 3, 2013 at 4:04 AM, Alon Levy  wrote:
> Required since v1.4.0-rc0
>
> For SPICE_PORT_EVENT_BREAK used by spice-qemu-char.c since:
>
> commit 5a49d3e9a799b7e1bf87da7ae7f2a719e01da319
> Author: Marc-André Lureau 
> Date:   Wed Dec 5 16:15:34 2012 +0100
>
> spice-qemu-char: add spiceport chardev
>
> Signed-off-by: Alon Levy 
> ---
>  configure | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/configure b/configure
> index 19738ac..82b7b54 100755
> --- a/configure
> +++ b/configure
> @@ -2867,7 +2867,7 @@ EOF
>spice_cflags=$($pkg_config --cflags spice-protocol spice-server 
> 2>/dev/null)
>spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null)
>if $pkg_config --atleast-version=0.12.0 spice-server >/dev/null 2>&1 && \
> - $pkg_config --atleast-version=0.12.2 spice-protocol > /dev/null 2>&1 && 
> \
> + $pkg_config --atleast-version=0.12.3 spice-protocol > /dev/null 2>&1 && 
> \
>   compile_prog "$spice_cflags" "$spice_libs" ; then
>  spice="yes"
>  libs_softmmu="$libs_softmmu $spice_libs"
> --
> 1.8.1.2
>
>

I can confirm this issue and that this is the fix. This change is
queued in my 1.4 stable series as well.

Reviewed-by: Doug Goldstein 

-- 
Doug Goldstein

Re: [Qemu-devel] [PATCH] build: compile gtk.c with special CFLAGS

[Anthony Liguori]

Blue Swirl  writes:

> Compile gtk.c with special CFLAGS instead of disabling -Werror globally.
>
> Signed-off-by: Blue Swirl 

I thought Kevin's pragma trick solved this problem?

Are you attempting to avoid disabling Werror when prgram isn't
available?  That seems to defeat the purpose of doing the pragma thing
to begin with.

Regards,

Anthony Liguori

> ---
>  configure|   12 +++-
>  ui/Makefile.objs |2 +-
>  2 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/configure b/configure
> index 19738ac..2a043d6 100755
> --- a/configure
> +++ b/configure
> @@ -3139,6 +3139,7 @@ fi
>  # the build doesn't fail anyway.
>  
>  pragma_disable_unused_but_set=no
> +gtk_special_cflags=no
>  cat > $TMPC << EOF
>  #pragma GCC diagnostic ignored "-Wunused-but-set-variable"
>  #pragma GCC diagnostic ignored "-Wstrict-prototypes"
> @@ -3150,7 +3151,7 @@ EOF
>  if compile_prog "-Werror" "" ; then
>  pragma_diagnostic_available=yes
>  else
> -werror=no
> +gtk_special_cflags=yes
>  fi
>  
>  
> @@ -3845,6 +3846,15 @@ echo "WINDRES=$windres" >> $config_host_mak
>  echo "LIBTOOL=$libtool" >> $config_host_mak
>  echo "CFLAGS=$CFLAGS" >> $config_host_mak
>  echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
> +if test "$gtk_special_cflags" = "yes"; then
> +  # Our compiler doesn't support #pragmas to suppress warnings and GTK
> +  # can't be fixed, so compile GTK files with special CFLAGS
> +  echo "GTK_SPECIAL_CFLAGS=$QEMU_CFLAGS" | \
> +sed -e 's/-Wstrict-prototypes//g' \
> +-e 's/-Wunused-but-set-variable//g' >> $config_host_mak
> +else
> +  echo "GTK_SPECIAL_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
> +fi
>  echo "QEMU_INCLUDES=$QEMU_INCLUDES" >> $config_host_mak
>  if test "$sparse" = "yes" ; then
>echo "CC   := REAL_CC=\"\$(CC)\" cgcc"   >> $config_host_mak
> diff --git a/ui/Makefile.objs b/ui/Makefile.objs
> index 6ddc0de..c9aa1e6 100644
> --- a/ui/Makefile.objs
> +++ b/ui/Makefile.objs
> @@ -19,4 +19,4 @@ $(obj)/sdl.o $(obj)/sdl_zoom.o: QEMU_CFLAGS += $(SDL_CFLAGS)
>  
>  $(obj)/cocoa.o: $(SRC_PATH)/$(obj)/cocoa.m
>  
> -$(obj)/gtk.o: QEMU_CFLAGS += $(GTK_CFLAGS) $(VTE_CFLAGS)
> +$(obj)/gtk.o: QEMU_CFLAGS = $(GTK_SPECIAL_CFLAGS) $(GTK_CFLAGS) $(VTE_CFLAGS)
> -- 
> 1.7.2.5

Re: [Qemu-devel] virtio-rng and fd passing

[Anthony Liguori]

Paolo Bonzini  writes:

> Il 02/03/2013 04:13, Anthony Liguori ha scritto:
>> There is no valid use-case of rng-random other than using /dev/random.
>> In fact, it was probably a mistake to even allow a filename to be
>> specified because it lets people do silly things (like /dev/urandom).
>> 
>> If you want anything other than /dev/random, you should use rng-egd.
>
> /dev/hwrng makes sense too.

Good point.  Perhaps we should issue a warning when anything is used
other than /dev/random or /dev/hwrng to discourage people from doing the
wrong thing.  I completely understand the confusion and I think we
should try a bit harder to prevent people from getting it wrong.

Regards,

Anthony Liguori

>
> Paolo

Re: [Qemu-devel] virtio-rng and fd passing

[Anthony Liguori]

Stefan Berger  writes:

> It depends on what one defends against. If a jail-break succeeds and 
> open() is disabled, then that attack surfaces was effectively reduced. 
> It's hard to say whether opening files within libvirt could then allow 
> new exploits.

Well, in the very least, libvirt is doing the open() as root whereas
QEMU does it as an unprivileged user.

Regards,

Anthony Liguori

>
>  Stefan

Re: [Qemu-devel] [PATCH v7 1/4] Add moxie target code

[Peter Maydell]

On 3 March 2013 21:07, Anthony Green  wrote:
> +/* generate intermediate code for basic block 'tb'.  */
> +static void
> +gen_intermediate_code_internal(MoxieCPU *cpu, TranslationBlock *tb,
> +   bool search_pc)
> +{
> +DisasContext ctx;
> +target_ulong pc_start;
> +uint16_t *gen_opc_end;
> +CPUBreakpoint *bp;
> +int j, lj = -1;
> +CPUMoxieState *env = &cpu->env;
> +
> +pc_start = tb->pc;
> +gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
> +ctx.pc = pc_start;
> +ctx.saved_pc = -1;
> +ctx.tb = tb;
> +ctx.memidx = 0;
> +ctx.singlestep_enabled = 0;
> +ctx.bstate = BS_NONE;
> +
> +do {
> +if (unlikely(!QTAILQ_EMPTY(&env->breakpoints))) {
> +QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
> +if (ctx.pc == bp->pc) {
> +tcg_gen_movi_i32(cpu_pc, ctx.pc);
> +gen_helper_debug(cpu_env);
> +ctx.bstate = BS_EXCP;
> +goto done_generating;
> +}
> +}
> +}
> +
> +if (search_pc) {
> +j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
> +if (lj < j) {
> +lj++;
> +while (lj < j) {
> +tcg_ctx.gen_opc_instr_start[lj++] = 0;
> +}
> +}
> +tcg_ctx.gen_opc_pc[lj] = ctx.pc;
> +tcg_ctx.gen_opc_instr_start[lj] = 1;
> +}
> +ctx.opcode = cpu_lduw_code(env, ctx.pc);
> +ctx.pc += decode_opc(cpu, &ctx);
> +
> +if (env->singlestep_enabled) {
> +break;
> +}
> +
> +if ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0) {
> +break;
> +}
> +} while (ctx.bstate == BS_NONE && tcg_ctx.gen_opc_ptr < gen_opc_end);
> +
> +if (env->singlestep_enabled) {
> +tcg_gen_movi_tl(cpu_pc, ctx.pc);
> +gen_helper_debug(cpu_env);
> +} else {
> +switch (ctx.bstate) {
> +case BS_STOP:
> +case BS_NONE:
> +gen_goto_tb(env, &ctx, 0, ctx.pc);
> +break;
> +case BS_EXCP:
> +tcg_gen_exit_tb(0);
> +break;
> +case BS_BRANCH:
> +default:
> +break;
> +}
> +}
> + done_generating:
> +*tcg_ctx.gen_opc_ptr = INDEX_op_end;
> +if (search_pc) {
> +j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
> +lj++;
> +while (lj <= j) {
> +tcg_ctx.gen_opc_instr_start[lj++] = 0;
> +}
> +} else {
> +tb->size = ctx.pc - pc_start;
> +}
> +}

Now that my 'get rid of cpu_tb_unlink()' patch series has been
applied, you must call 'gen_tb_start()' and 'gen_tb_end()' in
the right places in this function, or interrupts will not be
able to stop QEMU executing translated code.

thanks
-- PMM

[Qemu-devel] [Bug 668799] Re: qemu-arm segfaults executing msgmerge (gettext)

[Peter Maydell]

Patches have now been committed to QEMU which fix the subset of
"multithreaded guests crash" which this bug covers [ie ones where there
was a race between tb_unlink_cpu() and the cpu thread using or modifying
the TB graph], so I'm closing this bug.

Note that there are still other classes of QEMU bug which also manifest
as "my multithreaded guest crashes" -- those are covered by LP:1098729.


** Changed in: qemu
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/668799

Title:
  qemu-arm segfaults executing msgmerge (gettext)

Status in QEMU:
  Fix Committed
Status in Linaro QEMU:
  New

Bug description:
  upstream qemu.git revision b45e9c05dbacba8e992f0bffeca04c6379c3ad45

  Starting program: /usr/bin/qemu-arm msgmerge-static ar.po anjuta.pot

  [Thread debugging using libthread_db enabled]
  [New Thread 0x74bc3ff0 (LWP 26108)]
  [New Thread 0x74b8aff0 (LWP 26109)]
  [New Thread 0x74b51ff0 (LWP 26110)]
  [New Thread 0x74b18ff0 (LWP 26111)]
  [New Thread 0x74adfff0 (LWP 26112)]
  [New Thread 0x74aa6ff0 (LWP 26113)]
  [New Thread 0x74a6dff0 (LWP 26114)]
  [New Thread 0x74a34ff0 (LWP 26115)]
  [New Thread 0x749fbff0 (LWP 26116)]
  [New Thread 0x749c2ff0 (LWP 26117)]
  [New Thread 0x74989ff0 (LWP 26118)]
  [New Thread 0x74950ff0 (LWP 26119)]
  [New Thread 0x74917ff0 (LWP 26120)]
  [New Thread 0x748deff0 (LWP 26121)]
  [New Thread 0x748a5ff0 (LWP 26122)]
  [New Thread 0x7486cff0 (LWP 26123)]
  [New Thread 0x74833ff0 (LWP 26124)]
  [New Thread 0x747faff0 (LWP 26125)]
  [New Thread 0x747c1ff0 (LWP 26126)]
  [New Thread 0x74788ff0 (LWP 26127)]
  [New Thread 0x7474fff0 (LWP 26128)]
  [New Thread 0x74716ff0 (LWP 26129)]
  [New Thread 0x746ddff0 (LWP 26130)]
  .
  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x74aa6ff0 (LWP 26113)]
  0x600480d4 in tb_reset_jump_recursive2 (tb=0x74c63540, n=0)
  at /home/user/git/qemu/exec.c:1333
  1333tb1 = tb1->jmp_next[n1];

  (gdb) bt
  #0  0x600480d4 in tb_reset_jump_recursive2 (tb=0x74c63540, n=0)
  at /home/user/git/qemu/exec.c:1333
  #1  0x600481c0 in tb_reset_jump_recursive (tb=0x74c63540)
  at /home/user/git/qemu/exec.c:1361
  #2  0x60048160 in tb_reset_jump_recursive2 (tb=0x74c634d8, n=0)
  at /home/user/git/qemu/exec.c:1355
  #3  0x600481c0 in tb_reset_jump_recursive (tb=0x74c634d8)
  at /home/user/git/qemu/exec.c:1361
  #4  0x60048160 in tb_reset_jump_recursive2 (tb=0x74c63470, n=0)
  at /home/user/git/qemu/exec.c:1355
  #5  0x600481c0 in tb_reset_jump_recursive (tb=0x74c63470)
  at /home/user/git/qemu/exec.c:1361
  #6  0x60048160 in tb_reset_jump_recursive2 (tb=0x74c63408, n=1)
  at /home/user/git/qemu/exec.c:1355
  #7  0x600481d1 in tb_reset_jump_recursive (tb=0x74c63408)
  at /home/user/git/qemu/exec.c:1362
  #8  0x60048160 in tb_reset_jump_recursive2 (tb=0x74c633a0, n=0)
  at /home/user/git/qemu/exec.c:1355
  #9  0x600481c0 in tb_reset_jump_recursive (tb=0x74c633a0)
  at /home/user/git/qemu/exec.c:1361
  #10 0x60048160 in tb_reset_jump_recursive2 (tb=0x74c63338, n=0)
  at /home/user/git/qemu/exec.c:1355
  #11 0x600481c0 in tb_reset_jump_recursive (tb=0x74c63338)
  at /home/user/git/qemu/exec.c:1361
  #12 0x60048160 in tb_reset_jump_recursive2 (tb=0x74c632d0, n=0)
  at /home/user/git/qemu/exec.c:1355
  ---Type  to continue, or q  to quit---
  #13 0x600481c0 in tb_reset_jump_recursive (tb=0x74c632d0)
  at /home/user/git/qemu/exec.c:1361
  #14 0x60048160 in tb_reset_jump_recursive2 (tb=0x74c63268, n=1)
  at /home/user/git/qemu/exec.c:1355
  #15 0x600481d1 in tb_reset_jump_recursive (tb=0x74c63268)
  at /home/user/git/qemu/exec.c:1362
  #16 0x60048160 in tb_reset_jump_recursive2 (tb=0x74c63200, n=0)
  at /home/user/git/qemu/exec.c:1355
  #17 0x600481c0 in tb_reset_jump_recursive (tb=0x74c63200)
  at /home/user/git/qemu/exec.c:1361
  #18 0x600487c5 in cpu_unlink_tb (env=0x62385400) at 
/home/user/git/qemu/exec.c:1617
  #19 0x600488e8 in cpu_exit (env=0x62385400) at 
/home/user/git/qemu/exec.c:1662
  #20 0x6798 in start_exclusive () at 
/home/user/git/qemu/linux-user/main.c:152
  #21 0x6a4b in do_kernel_trap (env=0x62359940)
  at /home/user/git/qemu/linux-user/main.c:493
  #22 0x600023f3 in cpu_loop (env=0x62359940) at 
/home/user/git/qemu/linux-user/main.c:797
  #23 0x600123df in clone_func (arg=0x7ffd76e0)
  at /home/user/git/qemu/linux-user/syscall.c:3561
  #24 0x600b382d in start_thread (arg=) at 
pthread

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[John Rigby]

I noticed for the case where javac --version hangs the process has
several threads all waiting on futexes.  Details attached.

** Attachment added: "dump.out"
   
https://bugs.launchpad.net/qemu/+bug/1129571/+attachment/3555716/+files/dump.out

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

[Qemu-devel] [Bug 1098729] Re: qemu-user-static for armhf: segfault in threaded code

[Peter Maydell]

The class of bugs exemplified by the symptoms described here are those
where the multithreaded guest program causes QEMU to misbehave because
we are sharing the code-translation globals (eg the generated code
buffer) between multiple threads and they trod on each others' toes.

(The race described in the comment in cpu_unlink_tb() has been fixed
under LP:668799.)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1098729

Title:
  qemu-user-static for armhf: segfault in threaded code

Status in QEMU:
  New

Bug description:
  
  Currently running QEMU from git (fedf2de31023) and running the armhf version 
of qemu-user-static which I have renamed qemu-armhf-static to follow the naming 
convention used in Debian.

  The host systems is a Debian testing x86_64-linux and I have an Debian
  testing armhf chroot which I invoke using schroot.

  Majority of program in the armhf chroot run fine, but I'm getting qemu
  segfaults in multi-threaded programs.

  As an example, I've grabbed the threads demo program here:

  https://computing.llnl.gov/tutorials/pthreads/samples/dotprod_mutex.c

  and changed NUMTHRDS from 4 to 10. I compile it as (same compile
  command on both x86_64 host and armhf guest):

  gcc -Wall -lpthread dotprod_mutex.c -o dotprod_mutex

  When compiled for x86_64 host it runs perfectly and even under
  Valgrind displays no errors whatsoever.

  However, when I compile the program in my armhs chroot and run it it
  usually (but not always) segaults or hangs or crashes. Example output:

  
  (armhf) $ ./dotprod_mutex
  Thread 1 did 10 to 20:  mysum=10.00 global 
sum=10.00
  Thread 0 did 0 to 10:  mysum=10.00 global sum=20.00
  TCG temporary leak before f6731ca0
  qemu-arm-static: 
/home/erikd/Git/qemu-posix-timer-hacking/Upstream/tcg/tcg-op.h:2371:
  tcg_gen_goto_tb: Assertion `(tcg_ctx.goto_tb_issue_mask & (1 << idx)) == 
0' failed.

  
  (armhf) $ ./dotprod_mutex
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

  (armhf) $ ./dotprod_mutex
  qemu-arm-static: 
/home/erikd/Git/qemu-posix-timer-hacking/Upstream/tcg/tcg.c:519:
  tcg_temp_free_internal: Assertion `idx >= s->nb_globals && idx < 
s->nb_temps' failed.

  
  (armhf) $ ./dotprod_mutex
  Thread 1 did 10 to 20:  mysum=10.00 global 
sum=10.00
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1098729/+subscriptions

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[Peter Maydell]

John: it would be interesting to try to determine whether that hang has
the same root cause as the cmake and boehm-gc hangs, ie the thing that
is supposed to post the futex is a signal handler whose signal comes in
either just before or during the syscall [either way, the emulated code
for the handler won't be able to run until the syscall returns, which it
never does].

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

[Qemu-devel] DEFINE_NIC_PROPERTIES in net.h

[Phani Vadrevu]

Hi list,
I am trying to write a device emulator for a Broadcom card. As
reference, I am looking at e1000.c code of 1.2.2 version. In that
code, there is this line: DEFINE_NIC_PROPERTIES( E1000State, conf);

Is there a definite structure for the state object that is passed to
DEFINE_NIC_PROPERTIES? What does this function do? All I need is some
basic functioning code, so if this is not essential, I can ignore it.

Thanks,
Phani

[Qemu-devel] [Bug 1129571] Re: libreoffice armhf FTBFS

[Peter Maydell]

cmake bug: LP:955379.
sketch of how to fix signal races: 
http://lists.gnu.org/archive/html/qemu-devel/2011-12/msg00384.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1129571

Title:
  libreoffice armhf FTBFS

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in
  the launchpad buildds. We believe this is likely due to an error in
  qemu.

  While we do not have a small test case yet, we do have a build log
  (attaching here).

  The relevant snippet from the build log is:

  
3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar"
 com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir 
../../unxlngr.pro/misc/ziptmpswriter_cs -o 
../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro
  dmake:  Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip'

  We believe this is from bash error code 128 + 4, where 4 is illegal
  instruction, thus leading us to suspect qemu.

  Any help in tracking this down would be appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1129571/+subscriptions

Re: [Qemu-devel] [PATCH 00/12] KVM Support for MIPS32 Processors

[Zhang, Yang Z]

Sanjay Lal wrote on 2013-03-02:
> The following patchset implements KVM support for MIPS32 processors,
> using Trap & Emulate, with basic runtime binary translation to improve
> performance.
> 
> In KVM mode, CPU virtualization is handled via the kvm kernel module,
> while system and I/O virtualization leverage the Malta model already present
> in QEMU.
One question(maybe stupid):
I don't see any changes to mips32 kernel. But you said cpu virtualization is 
handled via kvm kernel module. How it handle it?

> Both Guest kernel and Guest Userspace execute in UM. The Guest address
> space is
> as folows:
> Guest User address space:   0x -> 0x4000
> Guest Kernel Unmapped:  0x4000 -> 0x6000
> Guest Kernel Mapped:0x6000 -> 0x8000
> 
> As a result, Guest Usermode virtual memory is limited to 1GB.
> 
> The Malta model has been enhanced to support SMP guest kernels via support
> for the CPS bootcode from MIPS  which supports bootstrapping multiple cpus.
> A model for the MIPS GIC has also been added to support IPIs.
> This allows booting Linux in full SMP mode with a cluster of MIPS32R2 cpus.
> 
> There is a companion kernel patchset for KVM that has been posted on
> the KVM/MIPS mailing lists.
> 
> --
> Sanjay Lal (12):
>   KVM/MIPS: Bootcode for MIPS SMP configurations with a GCMP
>   KVM/MIPS: GIC emulation for SMP guests.
>   KVM/MIPS: Add save/restore state APIs for saving/restoring KVM
> guests. KVM/MIPS: Do not start the periodic timer in KVM mode.
> Compare/Count timer interrupts are handled in-kernel. KVM/MIPS: In
> KVM mode, inject IRQ2 (I/O) interupts  via ioctls(). COP0 emulation
> is in-kernel KVM/MIPS: Define APIs to convert Guest KSEG0 <-> Guest
> Physical addresses.
>   KVM/MIPS: QEMU <-> Kernel interface for KVM/MIPS
>   KVM/MIPS: Enable KVM/MIPS for MIPS targets.  Add MIPS GIC code to the
> build.
>   KVM/MIPS: set sigmask length to 16 for MIPS targets.
>   KVM/MIPS: Set page size to 16K in KVM mode.
>   KVM/MIPS: MIPS specfic APIs for KVM.
>   KVM/MIPS: General KVM support and support for SMP Guests
>  configure |  17 +- hw/gt64xxx.c
>   | 317 + hw/mips/Makefile.objs 
> |   2 +- hw/mips_addr.c|  14 ++
>  hw/mips_cps_bootcode.h| 310 
>  hw/mips_cpudevs.h |   4 + hw/mips_gcmpregs.h   
>  | 122 +++ hw/mips_gic.c | 418
>  ++ hw/mips_gic.h   
>   | 378 ++ hw/mips_int.c
>  |  15 ++ hw/mips_malta.c   | 192 +++--
>  hw/mips_timer.c   |  13 +- kvm-all.c   
>   |   5 + linux-headers/asm-mips/kvm.h  |  94 +
>  linux-headers/asm-mips/kvm_para.h |  10 + target-mips/Makefile.objs
>  |   1 + target-mips/kvm.c | 292
>  ++ target-mips/kvm_mips.h|  21 ++
>  target-mips/mips-defs.h   |   5 + 19 files changed, 2157
>  insertions(+), 73 deletions(-) create mode 100644
>  hw/mips_cps_bootcode.h create mode 100644 hw/mips_gcmpregs.h create
>  mode 100644 hw/mips_gic.c create mode 100644 hw/mips_gic.h create mode
>  100644 linux-headers/asm-mips/kvm.h create mode 100644
>  linux-headers/asm-mips/kvm_para.h create mode 100644 target-mips/kvm.c
>  create mode 100644 target-mips/kvm_mips.h
> --
> 1.7.11.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Best regards,
Yang

Re: [Qemu-devel] DEFINE_NIC_PROPERTIES in net.h

[Peter Maydell]

On 4 March 2013 08:53, Phani Vadrevu  wrote:
> Hi list,
> I am trying to write a device emulator for a Broadcom card. As
> reference, I am looking at e1000.c code of 1.2.2 version.

Just a recommendation -- don't write new devices against old versions
of QEMU. There's been a lot of evolution in the best ways of writing
device models recently and you really need to be developing against
upstream git master.

thanks
-- PMM

Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Peter Crosthwaite]

Hi Blue,

Thanks for the review. Comments in-line below. Are you on the IRC much
and what timezone? I'd like to ask a few questions about how you see
this fitting with the memory API, that would probably go much faster
in live discussion. I've commented on the issue below with my current
thoughts.

On Sun, Mar 3, 2013 at 7:01 PM, Blue Swirl  wrote:
> On Sun, Mar 3, 2013 at 6:13 AM, Peter Crosthwaite
>  wrote:
>> This struct and functions provide some encapsulation of the uint32_t type to
>> make it more friendly for use as guest accessible device state. Bits of 
>> device
>> state (usually MMIO registers), often have all sorts of access restrictions
>> and semantics associated with them. This struct allow you to define what 
>> whose
>> restrictions are on a bit-by-bit basis.
>
> I like the approach, it could simplify devices and make them more self
> documenting. Maybe devices could be also generated directly from HW
> synthesis tool outputs.
>

Nice idea. Or at least a template device that reduces the coding to a
few /* YOUR CODE HERE */ is another possibility.

> How to couple this with Pins, memory API,

I was actually quite deliberate in making this de-coupled from the
memory API, The idea is any device that has guest accessible state can
use this, not just SysBus/PCI/MMIO. Even though the 90% use case is
making arrays of these definitions for memory mapped register files,
its usable for any software accessible device state. The ARM
co-processor interface is a good example of this. A random SPI or I2C
device may also have some registers that are accessed indirectly over
their respective transport layers. It'd be nice to be able to use this
API independent of the memory API in those cases. That said if you can
see any way to modify the API to make it play nicer with the Memory
API I'd definitely take it onboard.

> VMState and reset handling
> needs some thought.
>

If we add VMState and reset then we are only one step away from these
registers being a QOM object (TYPE_DEVICE) in their own right. Might
not be a bad thing but does strike me as heavy-weight. It is a good
question where do we draw the line between the responsibilities of the
device and the API. Here im am shooting for the grey area between full
QOM device for every register and the status quo (no API at all).
Regarding VMState, the current implementation the devices dynamic
state is still limited to a uint32_t array so a single
VMSTATE_UINT32_ARRAY will do the job.

> There's some overlap also with PCI subsystem, it already implements
> readonly bits.
>
>>
>> Helper functions are then used to access the uint32_t which observe the
>> semantics defined by the UInt32StateInfo struct.
>
> We also need uint8_t, uint16_t and uint64_t versions for some devices.
> Perhaps it would be better to implement a uint64_t device which can be
> used with shorter widths or even stronger connection with memory API.
>

Yes. Going lowest common denominator with uint64_t does however cost
more memory and VMS storage which could impact devices with large
register spaces. This wouldn't impact any of my devices in any way
though. The performance hit is probably worth it for the simplicity.
V2 will be 64 bit. I will drop the "64" from the function name to keep
it generic and we can assert that no one tries to create a register
with .width > 64.

>>
>> Some features:
>> Bits can be marked as read_only (ro field)
>> Bits can be marked as write-1-clear (w1c field)
>> Bits can be marked as sticky (nw0 and nw1)
>> Reset values can be defined (reset)
>> Bits can be marked to throw guest errors when written certain values (ge0, 
>> ge1)
>
> Other bits could be marked as unimplemented (LOG_UNIMP).
>

Agreed. Will add to V2. Another Idea id like to play with is adding
per-bit explanations for the LOG_UNIMP and LOG_GUEST_ERROR. Just
arrays of const char * in the definitions that cat onto the qemu_log
msgs telling you why that was a guest error or exactly what feature is
unimplemented.

>> Bits can be marked clear on read (cor)
>> Regsiters can be truncated in width (width)
>
> s/Regsiters/Registers/
>

Will fix.

>>
>> Useful for defining device register spaces in a data driven way. Cuts down 
>> on a
>> lot of the verbosity and repetition in the switch-case blocks in the standard
>> foo_mmio_read/write functions.
>
> For maximum flexibility, a callback could be specified but then we
> overlap memory API.
>

I think this is a good idea, but continuing on the theme of what this
API is trying to achieve I think there should be capability for
per-bit function definitions. On the topic I think Gerd has played
with the idea of per-register callbacks for some device models in the
past.

> Once we have Pin available, it could be useful to couple a register
> bit directly with a Pin. Currently we could use qemu_irq.

Ill wait on Pin to land and stabilise for this one and continue to use
code driven GPIO setters.

> This would
> mean that the dynamic state would need to be more comp

Re: [Qemu-devel] [PATCH v4 2/2] pci: Teach PCI Bridges about VGA routing

[Peter Maydell]

On 4 March 2013 01:21, Alex Williamson  wrote:
> --- a/hw/pci/pcie_port.c
> +++ b/hw/pci/pcie_port.c
> @@ -28,10 +28,12 @@ void pcie_port_init_reg(PCIDevice *d)
>  pci_set_word(d->config + PCI_SEC_STATUS, 0);
>
>  /* Unlike conventional pci bridge, some bits are hardwired to 0. */
> +#define  PCI_BRIDGE_CTL_VGA_16BIT   0x10/* VGA 16-bit decode */

Shouldn't this #define be in pci_regs.h with the other PCI_BRIDGE_CTL_*
constants?

>  pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
>   PCI_BRIDGE_CTL_PARITY |
>   PCI_BRIDGE_CTL_ISA |
>   PCI_BRIDGE_CTL_VGA |
> + PCI_BRIDGE_CTL_VGA_16BIT | /* Req, but no alias support yet 
> */
>   PCI_BRIDGE_CTL_SERR |
>   PCI_BRIDGE_CTL_BUS_RESET);
>  }

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 2/2] pci: Teach PCI Bridges about VGA routing

[Alex Williamson]

On Mon, 2013-03-04 at 09:39 +0800, Peter Maydell wrote:
> On 4 March 2013 01:21, Alex Williamson  wrote:
> > --- a/hw/pci/pcie_port.c
> > +++ b/hw/pci/pcie_port.c
> > @@ -28,10 +28,12 @@ void pcie_port_init_reg(PCIDevice *d)
> >  pci_set_word(d->config + PCI_SEC_STATUS, 0);
> >
> >  /* Unlike conventional pci bridge, some bits are hardwired to 0. */
> > +#define  PCI_BRIDGE_CTL_VGA_16BIT   0x10/* VGA 16-bit decode */
> 
> Shouldn't this #define be in pci_regs.h with the other PCI_BRIDGE_CTL_*
> constants?

See the existing define in pci.c.  pci_regs.h is derived from the Linux
kernel header, which is not 100% complete.  Ideally it would contain
this, but it doesn't currently so I'm following the existing example.
Thanks,

Alex

> >  pci_set_word(d->wmask + PCI_BRIDGE_CONTROL,
> >   PCI_BRIDGE_CTL_PARITY |
> >   PCI_BRIDGE_CTL_ISA |
> >   PCI_BRIDGE_CTL_VGA |
> > + PCI_BRIDGE_CTL_VGA_16BIT | /* Req, but no alias support 
> > yet */
> >   PCI_BRIDGE_CTL_SERR |
> >   PCI_BRIDGE_CTL_BUS_RESET);
> >  }
> 
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH v2 1/5] sysbus: make SysBusDeviceClass::init optional

[Peter Crosthwaite]

On Tue, Feb 26, 2013 at 3:08 AM, Peter Maydell  wrote:
> Make the SysBusDeviceClass::init optional, for devices which
> genuinely don't need to do anything here. In particular, simple
> devices which can do all their initialization in their
> instance_init method don't need either a DeviceClass::realize
> or SysBusDeviceClass::init method.
>
> Signed-off-by: Peter Maydell 
> Acked-by: Andreas Färber 

Reviewed-by: Peter Crosthwaite 

> ---
>  hw/sysbus.c |3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/hw/sysbus.c b/hw/sysbus.c
> index 6d9d1df..e9a16ac 100644
> --- a/hw/sysbus.c
> +++ b/hw/sysbus.c
> @@ -118,6 +118,9 @@ static int sysbus_device_init(DeviceState *dev)
>  SysBusDevice *sd = SYS_BUS_DEVICE(dev);
>  SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd);
>
> +if (!sbc->init) {
> +return 0;
> +}
>  return sbc->init(sd);
>  }
>
> --
> 1.7.9.5
>
>

Re: [Qemu-devel] [PATCH V7 08/14] qmp: add interface query-images.

[Wenchao Xia]

>>>
>>>##
>>> +# @query-images:
>>> +#
>>> +# Get a list of DeviceImageInfo for all virtual block devices.
>>
>> # Get block device image information
>>
>OK.
> 
>>> +#
>>> +# @device: #optional the name of the device to get image info from. If not
>>> +#  specified, all block devices will be queried
>>> +# @backing: #optional true to show information on backing images, false or
>>> +#  omitted to show just the top image of a block device
>>
>> I'm not sure these flags are necessary.
>>
>These flag seems more flex to me. Always querying all info require
> caller do a filter operation on what he got, but in many times caller
> may be interested on only one device.
>
  Coding for next version, I still feel flag may bring flexbility.
Markus, are u OK with this?


>>> +#
>>> +# Returns: a list of @DeviceImageInfo describing each virtual block device
>>> +#
>>> +# Since: 1.5
>>> +##
>>> +{ 'command': 'query-images',
>>> +  'data': { '*device': 'str', '*backing': 'bool' },
>>> +  'returns': ['DeviceImageInfo'] }
>>> +



-- 
Best Regards

Wenchao Xia

Re: [Qemu-devel] [PATCH v2 2/5] musicpal: qdevify musicpal-misc

[Peter Crosthwaite]

On Tue, Feb 26, 2013 at 3:08 AM, Peter Maydell  wrote:
> Make musicpal-misc into its own (trivial) qdev device, so we
> can get rid of the abuse of sysbus_add_memory().
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Peter Crosthwaite 

> ---
>  hw/musicpal.c |   28 +++-
>  1 file changed, 23 insertions(+), 5 deletions(-)
>
> diff --git a/hw/musicpal.c b/hw/musicpal.c
> index 272cb80..042b7f1 100644
> --- a/hw/musicpal.c
> +++ b/hw/musicpal.c
> @@ -1031,6 +1031,15 @@ static const TypeInfo mv88w8618_flashcfg_info = {
>
>  #define MP_BOARD_REVISION   0x31
>
> +typedef struct {
> +SysBusDevice busdev;
> +MemoryRegion iomem;
> +} MusicPalMiscState;
> +
> +#define TYPE_MUSICPAL_MISC "musicpal-misc"
> +#define MUSICPAL_MISC(obj) \
> + OBJECT_CHECK(MusicPalMiscState, (obj), TYPE_MUSICPAL_MISC)
> +
>  static uint64_t musicpal_misc_read(void *opaque, hwaddr offset,
> unsigned size)
>  {
> @@ -1054,15 +1063,23 @@ static const MemoryRegionOps musicpal_misc_ops = {
>  .endianness = DEVICE_NATIVE_ENDIAN,
>  };
>
> -static void musicpal_misc_init(SysBusDevice *dev)
> +static void musicpal_misc_init(Object *obj)
>  {
> -MemoryRegion *iomem = g_new(MemoryRegion, 1);
> +SysBusDevice *sd = SYS_BUS_DEVICE(obj);
> +MusicPalMiscState *s = MUSICPAL_MISC(obj);
>
> -memory_region_init_io(iomem, &musicpal_misc_ops, NULL,
> +memory_region_init_io(&s->iomem, &musicpal_misc_ops, NULL,
>"musicpal-misc", MP_MISC_SIZE);
> -sysbus_add_memory(dev, MP_MISC_BASE, iomem);
> +sysbus_init_mmio(sd, &s->iomem);
>  }
>
> +static const TypeInfo musicpal_misc_info = {
> +.name = TYPE_MUSICPAL_MISC,
> +.parent = TYPE_SYS_BUS_DEVICE,
> +.instance_init = musicpal_misc_init,
> +.instance_size = sizeof(MusicPalMiscState),
> +};
> +
>  /* WLAN register offsets */
>  #define MP_WLAN_MAGIC1  0x11c
>  #define MP_WLAN_MAGIC2  0x124
> @@ -1612,7 +1629,7 @@ static void musicpal_init(QEMUMachineInitArgs *args)
>
>  sysbus_create_simple("mv88w8618_wlan", MP_WLAN_BASE, NULL);
>
> -musicpal_misc_init(SYS_BUS_DEVICE(dev));
> +sysbus_create_simple(TYPE_MUSICPAL_MISC, MP_MISC_BASE, NULL);
>
>  dev = sysbus_create_simple("musicpal_gpio", MP_GPIO_BASE, 
> pic[MP_GPIO_IRQ]);
>  i2c_dev = sysbus_create_simple("gpio_i2c", -1, NULL);
> @@ -1692,6 +1709,7 @@ static void musicpal_register_types(void)
>  type_register_static(&musicpal_lcd_info);
>  type_register_static(&musicpal_gpio_info);
>  type_register_static(&musicpal_key_info);
> +type_register_static(&musicpal_misc_info);
>  }
>
>  type_init(musicpal_register_types)
> --
> 1.7.9.5
>
>

Re: [Qemu-devel] [PATCH V7 09/14] block: move bdrv_snapshot_find() to block.c

[Wenchao Xia]

于 2013-3-1 9:51, Wenchao Xia 写道:

于 2013-2-28 0:22, Kevin Wolf 写道:

Am 27.02.2013 um 17:04 hat Markus Armbruster geschrieben:

Wenchao Xia  writes:


Signed-off-by: Wenchao Xia 
Reviewed-by: Eric Blake 
---
  block.c   |   24 
  include/block/block.h |2 ++
  savevm.c  |   22 --
  3 files changed, 26 insertions(+), 22 deletions(-)


Perhaps savevm.c isn't the best home for snapshot stuff, but I don't
like it in block.c any better.  block.c is already unwieldy, and I'd
like us to try limiting it to core block stuff.

Kevin, Stefan, any ideas?


Take some more snapshot related functions from block.c and move them to
block/snapshot.c?

Kevin


Hi, Stefan
   Do you also agree about adding new file block/snapshot.c?



Hi,
  I am going to add include/block/snapshot.h and block/snapshot.c,
all internal snapshot function in block.c will be moved there.
external backing file related function will not be touched and
remain in block.c. This consume many effort and once done it will
be hard to revert back to form an incremental commit in this
serials, so before coding, please give your opinion if u don't agree
about it.

--
Best Regards

Wenchao Xia

Re: [Qemu-devel] [PATCH v5 04/24] hw/arm: add Faraday FTAHBC020 support

[Peter Crosthwaite]

Hi Kuo-Jung,

On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
> From: Kuo-Jung Su 
>
> It's used to perform AHB remap and if the SDRAM is initialized
> before AHB remap process activated, then it would also perform
> the QEMU RAM initialization.
>
> Signed-off-by: Kuo-Jung Su 
> ---
>  hw/arm/Makefile.objs  |1 +
>  hw/arm/faraday_a369_soc.c |3 +
>  hw/arm/ftahbc020.c|  189 
> +
>  3 files changed, 193 insertions(+)
>  create mode 100644 hw/arm/ftahbc020.c
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 6771072..33c9482 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -38,3 +38,4 @@ obj-y += faraday_a369.o \
>  faraday_a369_scu.o \
>  faraday_a369_kpd.o
>  obj-y += ftintc020.o
> +obj-y += ftahbc020.o
> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
> index 3d861d2..e7343d9 100644
> --- a/hw/arm/faraday_a369_soc.c
> +++ b/hw/arm/faraday_a369_soc.c
> @@ -145,6 +145,9 @@ a369soc_device_init(FaradaySoCState *s)
>
>  /* ftkbc010 */
>  sysbus_create_simple("a369.keypad", 0x92f0, pic[21]);
> +
> +/* ftahbc020 */
> +s->ahbc = sysbus_create_simple("ftahbc020", 0x9400, NULL);
>  }
>
>  static int a369soc_init(SysBusDevice *busdev)
> diff --git a/hw/arm/ftahbc020.c b/hw/arm/ftahbc020.c
> new file mode 100644
> index 000..b558e90
> --- /dev/null
> +++ b/hw/arm/ftahbc020.c
> @@ -0,0 +1,189 @@
> +/*
> + * Faraday AHB controller
> + *
> + * Copyright (c) 2012 Faraday Technology
> + * Written by Dante Su 
> + *
> + * This code is licensed under GNU GPL v2+
> + */
> +
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/devices.h"
> +#include "sysemu/sysemu.h"
> +
> +#include "faraday.h"
> +
> +#define REG_SLAVE(n)((n) * 4) /* Slave config (base & size) */
> +#define REG_PRIR0x80/* Priority register */
> +#define REG_IDLECR  0x84/* IDLE count register */
> +#define REG_CR  0x88/* Control register */
> +#define REG_REVR0x8c/* Revision register */
> +
> +#define CR_REMAP0x01/* Enable AHB remap for slave 4 & 6 */
> +
> +#define TYPE_FTAHBC020  "ftahbc020"
> +
> +typedef struct Ftahbc020State {
> +SysBusDevice busdev;
> +MemoryRegion iomem;
> +
> +/* HW register cache */
> +uint32_t cr;
> +} Ftahbc020State;
> +
> +#define FTAHBC020(obj) \
> +OBJECT_CHECK(Ftahbc020State, obj, TYPE_FTAHBC020)
> +
> +static uint64_t
> +ftahbc020_mem_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +Ftahbc020State *s = FTAHBC020(opaque);
> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();



> +uint64_t ret = 0;
> +
> +switch (addr) {
> +/* slave address & window configuration */
> +case REG_SLAVE(0) ... REG_SLAVE(3):
> +case REG_SLAVE(5):

I think its required to have a comment of fall through case statements.

/* fall-through - because of foo */

Regards,
Peter

> +case REG_SLAVE(7) ... REG_SLAVE(31):
> +ret = soc->ahb_slave[addr / 4];
> +break;
> +case REG_SLAVE(4):
> +ret = soc->rom_base | (soc->ahb_slave[4] & 0x000f);
> +break;
> +case REG_SLAVE(6):
> +ret = soc->ram_base | (soc->ahb_slave[6] & 0x000f);
> +break;
> +/* control register */
> +case REG_CR:
> +if (soc->ahb_remapped) {
> +s->cr |= CR_REMAP;
> +}
> +ret = s->cr;
> +break;
> +case REG_REVR:
> +ret = 0x00010301;   /* rev. 1.3.1 */
> +break;
> +default:
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "ftahbc020: undefined memory access@0x%llx\n", addr);
> +break;
> +}
> +
> +return ret;
> +}
> +
> +static void
> +ftahbc020_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> +{
> +Ftahbc020State *s = FTAHBC020(opaque);
> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
> +
> +switch (addr) {
> +case REG_CR:/* control register */
> +s->cr = (uint32_t)val;
> +if (soc->ahb_remapped && !(s->cr & CR_REMAP)) {
> +hw_error("ftahbc020: Once AHB remap is enabled, "
> + "it could not be disabled!\n");
> +exit(1);
> +}
> +if (!soc->ahb_remapped && (s->cr & CR_REMAP)) {
> +/* Remap AHB slave 4 (ROM) & slave 6 (RAM) */
> +/* 1. Remap RAM to base of ROM */
> +soc->ram_base = soc->ahb_slave[4] & 0xfff0;
> +/* 2. Remap ROM to base of ROM + size of RAM */
> +soc->rom_base = soc->ram_base
> +  + ((1 << extract32(soc->ahb_slave[6], 16, 4)) << 
> 20);
> +/* 3. Update ROM memory map */
> +sysbus_mmio_map(SYS_BUS_DEVICE(soc->rom), 0, soc->rom_base);
> +/* 4. Update RAM memory map if it has been initialized. */
> +if (soc->ddr_inited) {
> +memory_region_del_subregion(soc->as,

Re: [Qemu-devel] [PATCH v5 05/24] hw/arm: add Faraday FTDDRII030 support

[Peter Crosthwaite]

Hi Kuo-Jung,

On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
> From: Kuo-Jung Su 
>
> The FTDDRII030 is a DDRII SDRAM controller which is responsible for
> SDRAM initialization.
> In QEMU we emualte only the SDRAM enable function.
>

"emulate"

> Signed-off-by: Kuo-Jung Su 
> ---
>  hw/arm/Makefile.objs  |1 +
>  hw/arm/faraday_a369_soc.c |3 +
>  hw/arm/ftddrii030.c   |  171 
> +
>  3 files changed, 175 insertions(+)
>  create mode 100644 hw/arm/ftddrii030.c
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 33c9482..2a4c7d6 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -39,3 +39,4 @@ obj-y += faraday_a369.o \
>  faraday_a369_kpd.o
>  obj-y += ftintc020.o
>  obj-y += ftahbc020.o
> +obj-y += ftddrii030.o
> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
> index e7343d9..fdf13f8 100644
> --- a/hw/arm/faraday_a369_soc.c
> +++ b/hw/arm/faraday_a369_soc.c
> @@ -148,6 +148,9 @@ a369soc_device_init(FaradaySoCState *s)
>
>  /* ftahbc020 */
>  s->ahbc = sysbus_create_simple("ftahbc020", 0x9400, NULL);
> +
> +/* ftddrii030 */
> +s->ddrc = sysbus_create_simple("ftddrii030", 0x9310, NULL);
>  }
>
>  static int a369soc_init(SysBusDevice *busdev)
> diff --git a/hw/arm/ftddrii030.c b/hw/arm/ftddrii030.c
> new file mode 100644
> index 000..1679bef
> --- /dev/null
> +++ b/hw/arm/ftddrii030.c
> @@ -0,0 +1,171 @@
> +/*
> + * Faraday DDRII controller
> + *
> + * Copyright (c) 2012 Faraday Technology
> + * Written by Dante Su 
> + *
> + * This code is licensed under GNU GPL v2+
> + */
> +
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/devices.h"
> +#include "sysemu/sysemu.h"
> +
> +#include "faraday.h"
> +
> +#define REG_MCR 0x00/* memory configuration register */
> +#define REG_MSR 0x04/* memory status register */
> +#define REG_REVR0x50/* revision register */
> +
> +#define MSR_INIT_OK BIT(8)  /* DDR2 initial is completed */
> +#define MSR_CMD_MRS BIT(0)  /* start MRS command */
> +
> +#define CFG_REGSIZE (0x50 / 4)
> +
> +#define TYPE_FTDDRII030 "ftddrii030"
> +
> +typedef struct Ftddrii030State {
> +SysBusDevice busdev;
> +MemoryRegion iomem;
> +
> +/* HW register cache */
> +uint32_t regs[CFG_REGSIZE];
> +} Ftddrii030State;
> +
> +#define FTDDRII030(obj) \
> +OBJECT_CHECK(Ftddrii030State, obj, TYPE_FTDDRII030)
> +
> +#define DDR_REG32(s, off) \
> +*(uint32_t *)((uint8_t *)(s)->regs + (off))

Strange. You are forcing alignment in your memory region ops so Im not
sure I see the need for this. Cant you just index directly ...

> +
> +static uint64_t
> +ftddrii030_mem_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +Ftddrii030State *s = FTDDRII030(opaque);
> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
> +uint64_t ret = 0;
> +
> +if (soc->ddr_inited) {
> +DDR_REG32(s, REG_MSR) |= MSR_INIT_OK;

... like this?

s->regs[REG_MSR/4] |= MSR_INIT_OK

> +}
> +
> +switch (addr) {
> +case REG_MCR ... 0x4c:

s/0x4c/CFG_REGSIZE or something like it. I think you can define you
macros to get rid of this magic number that is really just the end of
your CFG_REGSIZE definition.

> +ret = s->regs[addr / 4];
> +break;
> +case REG_REVR:
> +ret = 0x100;/* rev. = 0.1.0 */
> +break;
> +default:
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "ftddrii030: undefined memory access@0x%llx\n", addr);
> +break;
> +}
> +
> +return ret;
> +}
> +
> +static void
> +ftddrii030_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> +{
> +Ftddrii030State *s = FTDDRII030(opaque);
> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
> +
> +switch (addr) {
> +case REG_MCR:
> +DDR_REG32(s, REG_MCR) = (uint32_t)val & 0x;
> +break;
> +case REG_MSR:
> +val = (val & 0x3f) | (DDR_REG32(s, REG_MSR) & MSR_INIT_OK);
> +if (!soc->ddr_inited && (val & MSR_CMD_MRS)) {
> +val &= ~MSR_CMD_MRS;
> +val |= MSR_INIT_OK;
> +memory_region_add_subregion(soc->as, soc->ram_base, soc->ram);
> +soc->ddr_inited = true;
> +}
> +DDR_REG32(s, REG_MSR) = (uint32_t)val;
> +break;
> +case 0x08 ... 0x4c: /* DDRII Timing, ECC ...etc. */
> +s->regs[addr / 4] = (uint32_t)val;
> +break;
> +default:
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "ftddrii030: undefined memory access@0x%llx\n", addr);
> +break;
> +}
> +}
> +
> +static const MemoryRegionOps mmio_ops = {
> +.read  = ftddrii030_mem_read,
> +.write = ftddrii030_mem_write,
> +.endianness = DEVICE_LITTLE_ENDIAN,
> +.valid = {
> +.min_access_size = 4,
> +.max_access_size = 4,
> +}
> +};
> +
> +static void ftddrii030_re

Re: [Qemu-devel] virtio-rng and fd passing

[Amit Shah]

On (Fri) 01 Mar 2013 [10:51:33], Paolo Bonzini wrote:
> Il 01/03/2013 01:36, Eric Blake ha scritto:
> > For fd passing to work, we have to use qemu_open() instead of raw
> > open().  Is there any way to enforce that all files being opened by qemu
> > go through the appropriate qemu_open() wrapper?
> > 
> > Meanwhile, we have a quandary on the libvirt side of things: qemu 1.4
> > supports fd passing in general, but does not support it for rng.  I
> > guess the same is true for -blockdev - we don't (yet) have a way to do
> > fd passing for backing files.  Do we need some sort of QMP command that
> > will let libvirt query for a particular device whether that device is
> > known to support fd passing, so that libvirt can use fd passing for all
> > supported devices, while falling back to older direct open()s, and to
> > know which instance of qemu can safely have open() blocked at the
> > SELinux or syscall blacklist level?
> 
> Let's change open to qemu_open for 1.4.1, and declare rng only supported
> in 1.4.1...

In addition, we can tweak checkpatch.pl to flag such usage as a warning.

Amit

Re: [Qemu-devel] [PATCH v2 3/3] configure/Make: Build libfdt from submodule DTC

[Peter Crosthwaite]

On Fri, Mar 1, 2013 at 1:30 AM, Peter Maydell  wrote:
> On 19 February 2013 04:19, Peter Crosthwaite
>  wrote:
>> Configure to use the DTC submodule to build libfdt when no system libfdt
>> is found. Prompt to install the DTC submodule if --enable-fdt is set but
>> no DTC can be found.
>>
>> DTC has no out-of-tree build capability, so the configure will symlink
>> the Makefile and scripts directory in the out of tree build directory
>> and pass in all the needed DTC arguments to make out of tree build happen.
>> Ideally we fix the DTC make to support out of tree, but did it this way to
>> avoid commits to DTC.
>>
>> Signed-off-by: David Holsgrove 
>> Signed-off-by: Peter Crosthwaite 
>> ---
>>
>>  Makefile  |   10 ++
>>  configure |   29 +
>>  2 files changed, 35 insertions(+), 4 deletions(-)
>>
>> diff --git a/Makefile b/Makefile
>> index 0d9099a..a8956d2 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -136,6 +136,15 @@ pixman/Makefile: $(SRC_PATH)/pixman/configure
>>  $(SRC_PATH)/pixman/configure:
>> (cd $(SRC_PATH)/pixman; autoreconf -v --install)
>>
>> +DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
>> LIBFDT_srcdir=$(SRC_PATH)/dtc/libfdt
>> +DTC_CFLAGS="$(CFLAGS) $(extra_cflags) -I$(BUILD_DIR)/dtc -I$(SRC_PATH)/dtc 
>> -I$(SRC_PATH)/dtc/libfdt"
>> +
>> +subdir-dtc:dtc/libfdt dtc/tests
>> +   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) CPPFLAGS=$(DTC_CFLAGS) 
>> LDFLAGS="$(LDFLAGS)" ARFLAGS="$(ARFLAGS)" CC=$(CC) AR=$(AR) LD=$(LD) 
>> $(SUBDIR_MAKEFLAGS) libfdt,)
>
> This doesn't work if you configured with --cc='ccache gcc'.
> I think you have insufficient quoting here.
>

Yes, CC AR and LD need quotes. Fixed in v3.

Thanks,
Peter

>> +
>> +dtc/%:
>> +   mkdir -p $@
>> +
>>  $(SUBDIR_RULES): libqemuutil.a libqemustub.a $(common-obj-y)
>>
>>  ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
>> @@ -253,6 +262,7 @@ distclean: clean
>> rm -rf $$d || exit 1 ; \
>>  done
>> if test -f pixman/config.log; then make -C pixman distclean; fi
>> +   if test -f dtc/version_gen.h; then make $(DTC_MAKE_ARGS) clean; fi
>>
>>  KEYMAPS=da en-gb  et  fr fr-ch  is  lt  modifiers  no  pt-br  sv \
>>  ar  de en-us  fi  fr-be  hr it  lv  nl pl  ru th \
>> diff --git a/configure b/configure
>> index 088909b..6e40624 100755
>> --- a/configure
>> +++ b/configure
>> @@ -2376,11 +2376,28 @@ if test "$fdt" != "no" ; then
>>  int main(void) { return 0; }
>>  EOF
>>if compile_prog "" "$fdt_libs" ; then
>> +#system DTC is good - use it
>
> Spaces between the comment char and the comment would be nice.
>
>>  fdt=yes
>> -  else
>> -if test "$fdt" = "yes" ; then
>> -  feature_not_found "fdt"
>> +  elif test -d ${source_path}/dtc/libfdt ; then
>> +#have submodule DTC - use it
>> +fdt=yes
>> +dtc_internal="yes"
>> +mkdir -p dtc
>> +if [ "$source_path" != `pwd` ]; then
>> +   symlink "$source_path/dtc/Makefile" "dtc/Makefile"
>> +   symlink "$source_path/dtc/scripts" "dtc/scripts"
>>  fi
>> +fdt_cflags="-I\$(SRC_PATH)/dtc/libfdt"
>> +fdt_libs="-L\$(BUILD_DIR)/dtc/libfdt $fdt_libs"
>> +  elif test "$fdt" = "yes" ; then
>> +#have neither and want - prompt for system/submodule install
>> +echo "ERROR: DTC not present. Your options:"
>> +echo "  (1) Preferred: Install the DTC devel package"
>> +echo "  (2) Fetch the DTC submodule, using:"
>> +echo "  git submodule update --init dtc"
>> +exit 1
>> +  else
>> +#dont have and dont want
>
> Missing apostrophes.
>
>>  fdt_libs=
>>  fdt=no
>>fi
>> @@ -3259,7 +3276,7 @@ if test "$cpu" = "ppc64" -a "$targetos" != "Darwin" ; 
>> then
>>  fi
>>
>>  # add pixman flags after all config tests are done
>> -QEMU_CFLAGS="$QEMU_CFLAGS $pixman_cflags"
>> +QEMU_CFLAGS="$QEMU_CFLAGS $pixman_cflags $fdt_cflags"
>>  libs_softmmu="$libs_softmmu $pixman_libs"
>>
>>  echo "Install prefix$prefix"
>> @@ -4299,6 +4316,10 @@ if [ "$pixman" = "internal" ]; then
>>echo "config-host.h: subdir-pixman" >> $config_host_mak
>>  fi
>>
>> +if [ "$dtc_internal" = "yes" ]; then
>> +  echo "config-host.h: subdir-dtc" >> $config_host_mak
>> +fi
>> +
>>  # build tree in object directory in case the source is not in the current 
>> directory
>>  DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32"
>>  DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas"
>> --
>> 1.7.0.4
>>
>
> -- PMM
>

Re: [Qemu-devel] [PATCH v2 1/3] configure: Put cross compile flags in EXTRA_CFLAGS

[Peter Crosthwaite]

On Fri, Mar 1, 2013 at 12:52 AM, Peter Maydell  wrote:
> On 19 February 2013 04:16, Peter Crosthwaite
>  wrote:
>> The cross compile CFLAGS are needed to properly build pixman (and any other
>> submodules). Only the EXTRA_CFLAGS set is passed to submodules not 
>> QEMU_CFLAGS,
>> so put the cross compile flags in EXTRA_CFLAGS instead.
>>
>> Signed-off-by: Peter Crosthwaite peter.crosthwa...@xilinx.com>
>> ---
>>
>>  configure |   17 +
>>  1 files changed, 9 insertions(+), 8 deletions(-)
>>
>> diff --git a/configure b/configure
>> index bf5970f..088909b 100755
>> --- a/configure
>> +++ b/configure
>> @@ -239,8 +239,7 @@ for opt do
>>;;
>>--cpu=*) cpu="$optarg"
>>;;
>> -  --extra-cflags=*) QEMU_CFLAGS="$optarg $QEMU_CFLAGS"
>> -EXTRA_CFLAGS="$optarg"
>> +  --extra-cflags=*) EXTRA_CFLAGS="$optarg"
>>;;
>>--extra-ldflags=*) LDFLAGS="$optarg $LDFLAGS"
>>   EXTRA_LDFLAGS="$optarg"
>
>
>>
>> +QEMU_CFLAGS="$EXTRA_CFLAGS $QEMU_CFLAGS"
>> +
>>  default_target_list=""
>
> This change means that flags supplied by the user in --extra-cflags
> are not used in compile_prog/compile_object/check_define tests
> that happen before this point where we add the EXTRA_CFLAGS
> to QEMU_CFLAGS, but then they are used after that. This doesn't
> seem like a good thing (it would be reverting a fix inserted
> by commit e2a2ed0).
>

Ok. Reverted the first hunk of the patch and changed implementation accordingly.

Regards,
Peter

> -- PMM
>

[Qemu-devel] [PATCH v2 0/5] Xilinx SPIPS updates

[Peter Crosthwaite]

Few updates to the Zynq SPI controller. Couple of bug-fixes/completions followed
by some QOMifying cleanup.

Changed from v1:
Fixed p5 compile bug.


Nathan Rossi (2):
  xilinx_spips: Fix bus setup conditional check
  xilinx_spips: Add missing dual-bus snoop commands

Peter Crosthwaite (3):
  xilinx_spips: Set unused IRQs to NULL
  xilinx_spips: QOM styling fixes
  xilinx_spips: seperate SPI and QSPI as two classes

 hw/xilinx_spips.c |  124 +++--
 hw/xilinx_zynq.c  |2 +-
 2 files changed, 93 insertions(+), 33 deletions(-)

[Qemu-devel] [PATCH v2 1/5] xilinx_spips: Set unused IRQs to NULL

[Peter Crosthwaite]

Unused CS lines should init to 0 to avoid segfaulting when accessing an
unattached QSPI controller.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 42e019d..3eee828 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -497,7 +497,7 @@ static int xilinx_spips_init(SysBusDevice *dev)
 s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
 }
 
-s->cs_lines = g_new(qemu_irq, s->num_cs * s->num_busses);
+s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
 sysbus_init_irq(dev, &s->irq);
-- 
1.7.0.4

[Qemu-devel] [PATCH v2 2/5] xilinx_spips: Fix bus setup conditional check

[Peter Crosthwaite]

From: Nathan Rossi 

The R_LQPSI_CFG register has the LQSPI_CFG_SEP_BUS and LQSPI_CFG_TWO_MEM bits.

Signed-off-by: Nathan Rossi 
Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 3eee828..03797c3 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -143,8 +143,8 @@ typedef struct {
 
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
-return (s->regs[R_LQSPI_STS] & LQSPI_CFG_SEP_BUS &&
-s->regs[R_LQSPI_STS] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
+return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
+s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
 }
 
 static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
-- 
1.7.0.4

[Qemu-devel] [PATCH v2 3/5] xilinx_spips: Add missing dual-bus snoop commands

[Peter Crosthwaite]

From: Nathan Rossi 

Added additional commands to the switch to check for when snooping commands in
dual bus mode setups. Cleaned up code to use an enum.

Signed-off-by: Nathan Rossi 
Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |   29 +++--
 1 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 03797c3..45a1c51 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -115,6 +115,19 @@
 #define SNOOP_NONE 0xFE
 #define SNOOP_STRIPING 0
 
+typedef enum {
+READ = 0x3,
+FAST_READ = 0xb,
+DOR = 0x3b,
+QOR = 0x6b,
+DIOR = 0xbb,
+QIOR = 0xeb,
+
+PP = 0x2,
+DPP = 0xa2,
+QPP = 0x32,
+} FlashCMD;
+
 typedef struct {
 SysBusDevice busdev;
 MemoryRegion iomem;
@@ -251,15 +264,19 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
 switch (s->snoop_state) {
 case (SNOOP_CHECKING):
 switch (tx) { /* new instruction code */
-case 0x0b: /* dual/quad output read DOR/QOR */
-case 0x6b:
-s->snoop_state = 4;
+case READ: /* 3 address bytes, no dummy bytes/cycles */
+case PP:
+case DPP:
+case QPP:
+s->snoop_state = 3;
 break;
-/* FIXME: these vary between vendor - set to spansion */
-case 0xbb: /* high performance dual read DIOR */
+case FAST_READ: /* 3 address bytes, 1 dummy byte */
+case DOR:
+case QOR:
+case DIOR: /* FIXME: these vary between vendor - set to spansion */
 s->snoop_state = 4;
 break;
-case 0xeb: /* high performance quad read QIOR */
+case QIOR: /* 3 address bytes, 2 dummy bytes */
 s->snoop_state = 6;
 break;
 default:
-- 
1.7.0.4

[Qemu-devel] [PATCH v2 4/5] xilinx_spips: QOM styling fixes

[Peter Crosthwaite]

Few fixes for the latest QOM styling guides.

Signed-off-by: Peter Crosthwaite 
---

 hw/xilinx_spips.c |   29 -
 1 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 45a1c51..530ef47 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -154,6 +154,11 @@ typedef struct {
 hwaddr lqspi_cached_addr;
 } XilinxSPIPS;
 
+#define TYPE_XILINX_SPIPS "xilinx,spips"
+
+#define XILINX_SPIPS(obj) \
+ OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
 return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
@@ -210,7 +215,7 @@ static void xilinx_spips_update_ixr(XilinxSPIPS *s)
 
 static void xilinx_spips_reset(DeviceState *d)
 {
-XilinxSPIPS *s = DO_UPCAST(XilinxSPIPS, busdev.qdev, d);
+XilinxSPIPS *s = XILINX_SPIPS(d);
 
 int i;
 for (i = 0; i < R_MAX; i++) {
@@ -500,9 +505,10 @@ static const MemoryRegionOps lqspi_ops = {
 }
 };
 
-static int xilinx_spips_init(SysBusDevice *dev)
+static void xilinx_spips_realize(DeviceState *dev, Error **errp)
 {
-XilinxSPIPS *s = FROM_SYSBUS(typeof(*s), dev);
+XilinxSPIPS *s = XILINX_SPIPS(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
 DB_PRINT("inited device model\n");
@@ -511,31 +517,29 @@ static int xilinx_spips_init(SysBusDevice *dev)
 for (i = 0; i < s->num_busses; ++i) {
 char bus_name[16];
 snprintf(bus_name, 16, "spi%d", i);
-s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
+s->spi[i] = ssi_create_bus(dev, bus_name);
 }
 
 s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
-sysbus_init_irq(dev, &s->irq);
+sysbus_init_irq(sbd, &s->irq);
 for (i = 0; i < s->num_cs * s->num_busses; ++i) {
-sysbus_init_irq(dev, &s->cs_lines[i]);
+sysbus_init_irq(sbd, &s->cs_lines[i]);
 }
 
 memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
-sysbus_init_mmio(dev, &s->iomem);
+sysbus_init_mmio(sbd, &s->iomem);
 
 memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
   (1 << LQSPI_ADDRESS_BITS) * 2);
-sysbus_init_mmio(dev, &s->mmlqspi);
+sysbus_init_mmio(sbd, &s->mmlqspi);
 
 s->irqline = -1;
 s->lqspi_cached_addr = ~0ULL;
 
 fifo8_create(&s->rx_fifo, RXFF_A);
 fifo8_create(&s->tx_fifo, TXFF_A);
-
-return 0;
 }
 
 static int xilinx_spips_post_load(void *opaque, int version_id)
@@ -569,16 +573,15 @@ static Property xilinx_spips_properties[] = {
 static void xilinx_spips_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
 
-sdc->init = xilinx_spips_init;
+dc->realize = xilinx_spips_realize;
 dc->reset = xilinx_spips_reset;
 dc->props = xilinx_spips_properties;
 dc->vmsd = &vmstate_xilinx_spips;
 }
 
 static const TypeInfo xilinx_spips_info = {
-.name  = "xilinx,spips",
+.name  = TYPE_XILINX_SPIPS,
 .parent = TYPE_SYS_BUS_DEVICE,
 .instance_size  = sizeof(XilinxSPIPS),
 .class_init = xilinx_spips_class_init,
-- 
1.7.0.4

[Qemu-devel] [PATCH v2 5/5] xilinx_spips: seperate SPI and QSPI as two classes

[Peter Crosthwaite]

Make SPI and QSPI different classes. QSPIPS is setup as a child of SPIPS.
Only QSPI has the LQSPI functionality, so move all that to the child class.

Signed-off-by: Peter Crosthwaite 
---
Changed from v1:
Fixed compile bug (s/XILINX_SPIPS/XILINX_QSPIPS on QOM cast)

 hw/xilinx_spips.c |   66 ++--
 hw/xilinx_zynq.c  |2 +-
 2 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 530ef47..e5c3e28 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -149,15 +149,23 @@ typedef struct {
 uint8_t num_txrx_bytes;
 
 uint32_t regs[R_MAX];
+} XilinxSPIPS;
+
+typedef struct {
+XilinxSPIPS parent;
 
 uint32_t lqspi_buf[LQSPI_CACHE_SIZE];
 hwaddr lqspi_cached_addr;
-} XilinxSPIPS;
+} XilinxQSPIPS;
 
-#define TYPE_XILINX_SPIPS "xilinx,spips"
+
+#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
+#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
 
 #define XILINX_SPIPS(obj) \
  OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+#define XILINX_QSPIPS(obj) \
+ OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS)
 
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
@@ -436,11 +444,12 @@ static uint64_t
 lqspi_read(void *opaque, hwaddr addr, unsigned int size)
 {
 int i;
+XilinxQSPIPS *q = opaque;
 XilinxSPIPS *s = opaque;
 
-if (addr >= s->lqspi_cached_addr &&
-addr <= s->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
-return s->lqspi_buf[(addr - s->lqspi_cached_addr) >> 2];
+if (addr >= q->lqspi_cached_addr &&
+addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
+return q->lqspi_buf[(addr - q->lqspi_cached_addr) >> 2];
 } else {
 int flash_addr = (addr / num_effective_busses(s));
 int slave = flash_addr >> LQSPI_ADDRESS_BITS;
@@ -484,14 +493,14 @@ lqspi_read(void *opaque, hwaddr addr, unsigned int size)
 for (i = 0; i < LQSPI_CACHE_SIZE / 4; ++i) {
 tx_data_bytes(s, 0, 4);
 xilinx_spips_flush_txfifo(s);
-rx_data_bytes(s, &s->lqspi_buf[cache_entry], 4);
+rx_data_bytes(s, &q->lqspi_buf[cache_entry], 4);
 cache_entry++;
 }
 
 s->regs[R_CONFIG] |= CS;
 xilinx_spips_update_cs_lines(s);
 
-s->lqspi_cached_addr = addr;
+q->lqspi_cached_addr = addr;
 return lqspi_read(opaque, addr, size);
 }
 }
@@ -511,7 +520,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error 
**errp)
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
-DB_PRINT("inited device model\n");
+DB_PRINT("realized spips\n");
 
 s->spi = g_new(SSIBus *, s->num_busses);
 for (i = 0; i < s->num_busses; ++i) {
@@ -531,17 +540,32 @@ static void xilinx_spips_realize(DeviceState *dev, Error 
**errp)
 memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
 sysbus_init_mmio(sbd, &s->iomem);
 
-memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
-  (1 << LQSPI_ADDRESS_BITS) * 2);
-sysbus_init_mmio(sbd, &s->mmlqspi);
-
 s->irqline = -1;
-s->lqspi_cached_addr = ~0ULL;
 
 fifo8_create(&s->rx_fifo, RXFF_A);
 fifo8_create(&s->tx_fifo, TXFF_A);
 }
 
+static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
+{
+XilinxSPIPS *s = XILINX_SPIPS(dev);
+XilinxQSPIPS *q = XILINX_QSPIPS(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+
+DB_PRINT("realized qspips\n");
+
+s->num_busses = 2;
+s->num_cs = 2;
+s->num_txrx_bytes = 4;
+
+xilinx_spips_realize(dev, errp);
+memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
+  (1 << LQSPI_ADDRESS_BITS) * 2);
+sysbus_init_mmio(sbd, &s->mmlqspi);
+
+q->lqspi_cached_addr = ~0ULL;
+}
+
 static int xilinx_spips_post_load(void *opaque, int version_id)
 {
 xilinx_spips_update_ixr((XilinxSPIPS *)opaque);
@@ -570,6 +594,14 @@ static Property xilinx_spips_properties[] = {
 DEFINE_PROP_UINT8("num-txrx-bytes", XilinxSPIPS, num_txrx_bytes, 1),
 DEFINE_PROP_END_OF_LIST(),
 };
+
+static void xilinx_qspips_class_init(ObjectClass *klass, void * data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = xilinx_qspips_realize;
+}
+
 static void xilinx_spips_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -587,9 +619,17 @@ static const TypeInfo xilinx_spips_info = {
 .class_init = xilinx_spips_class_init,
 };
 
+static const TypeInfo xilinx_qspips_info = {
+.name  = TYPE_XILINX_QSPIPS,
+.parent = TYPE_XILINX_SPIPS,
+.instance_size  = sizeof(XilinxQSPIPS),
+.class_init = xilinx_qspips_class_init,
+};
+
 static void xilinx_spips_register_types(void)
 {
 type_register_static(&xilinx_spips_info);
+type_register_static(&xilinx_qspips_info);
 }
 
 type_init(xilinx_spips_register_types)
diff --git a/hw/xilinx_zynq.c b/hw/xilinx_zynq.c
index 2f67d90..9733459 100644
---

Re: [Qemu-devel] [PATCH v5 02/24] hw/arm: add Faraday a369 SoC platform support

[Kuo-Jung Su]

2013/3/2 Igor Mitsyanko :
> Hi, Kuo-Jung
>
> On 02/27/2013 11:15 AM, Kuo-Jung Su wrote:
>> From: Kuo-Jung Su 
>>
>> The Faraday A369 EVB is a Faraday SoC platform evalution board used for
>> Faraday IP functional verification based on the well-known ARM AMBA 2.0
>> architecture.
>>
>> Signed-off-by: Kuo-Jung Su 
>> ---
>>   hw/arm/Makefile.objs  |4 +
>>   hw/arm/faraday.h  |   65 +
>>   hw/arm/faraday_a369.c |   94 ++
>>   hw/arm/faraday_a369_kpd.c |  237 
>> +
>>   hw/arm/faraday_a369_scu.c |  187 +++
>>   hw/arm/faraday_a369_soc.c |  197 +
>>   hw/arm/ftkbc010.h |   42 
>>   7 files changed, 826 insertions(+)
>>   create mode 100644 hw/arm/faraday.h
>>   create mode 100644 hw/arm/faraday_a369.c
>>   create mode 100644 hw/arm/faraday_a369_kpd.c
>>   create mode 100644 hw/arm/faraday_a369_scu.c
>>   create mode 100644 hw/arm/faraday_a369_soc.c
>>   create mode 100644 hw/arm/ftkbc010.h
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index 6d049e7..f6fd60d 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -33,3 +33,7 @@ obj-y += kzm.o
>>   obj-$(CONFIG_FDT) += ../device_tree.o
>>
>>   obj-y := $(addprefix ../,$(obj-y))
>> +obj-y += faraday_a369.o \
>> +faraday_a369_soc.o \
>> +faraday_a369_scu.o \
>> +faraday_a369_kpd.o
>
> Seems that convention for this file is to shift to the next line only
> after current line length is > 80 characters.
>

Got it, thanks

>> diff --git a/hw/arm/faraday.h b/hw/arm/faraday.h
>> new file mode 100644
>> index 000..d6ed860
>> --- /dev/null
>> +++ b/hw/arm/faraday.h
>> @@ -0,0 +1,65 @@
>> +/*
>> + * Faraday SoC platform support.
>> + *
>> + * Copyright (c) 2013 Faraday Technology
>> + * Written by Kuo-Jung Su 
>> + *
>> + * This code is licensed under the GNU GPL v2.
>> + */
>> +#ifndef HW_ARM_FARADAY_H
>> +#define HW_ARM_FARADAY_H
>> +
>> +#include "hw/flash.h"
>> +#include "qemu/bitops.h"
>> +
>> +#ifdef DEBUG_FARADAY
>> +#define DPRINTF(fmt, ...) \
>> +do { printf("faraday: " fmt , ## __VA_ARGS__); } while (0)
>> +#else
>> +#define DPRINTF(fmt, ...) \
>> +do { } while (0)
>> +#endif
>
> Recently there was a discussions over what kind of debug format to use,
> you can see an outcome here
> http://thread.gmane.org/gmane.comp.emulators.qemu/195996/focus=196975
>

Got it, thanks

>> +
>> +typedef struct FaradaySoCState {
>> +SysBusDevice busdev;
>> +hwaddr   rom_base;
>> +uint64_t rom_size;
>> +hwaddr   ram_base;
>> +uint64_t ram_size;
>> +char *cpu_model;
>> +ARMCPU   *cpu;
>> +DeviceState  *scu;  /* System Control Unit */
>> +DeviceState  *ahbc; /* AHB controller */
>> +DeviceState  *ddrc; /* DDR controller */
>> +DeviceState  *hdma[2];  /* AHB DMA */
>> +DeviceState  *pdma[1];  /* APB DMA */
>> +DeviceState  *spi[2];
>> +DeviceState  *i2c[2];
>> +DeviceState  *i2s[2];
>> +DeviceState  *codec;/* Audio codec */
>> +void (*codec_out)(void *, uint32_t);
>> +uint32_t (*codec_in)(void *);
>> +
>> +MemoryRegion *as;
>> +MemoryRegion *ram;
>> +pflash_t *rom;
>> +MemoryRegion *sram;
>> +
>> +void *priv;
>> +
>> +uint32_t ahb_slave[32];
>> +uint32_t apb_slave[32];
>> +bool ahb_remapped;
>> +bool ddr_inited;
>> +struct arm_boot_info *bi;
>> +} FaradaySoCState;
>> +
>> +/* SoC common APIs */
>> +#define TYPE_FARADAY_SOC"faraday/soc"
>
> Using "/" here will break qom-list command because "/" symbol is a
> delimiter in a QOM canonical path.
>

Got it, thanks

>> +#define FARADAY_SOC(obj) \
>> +OBJECT_CHECK(FaradaySoCState, obj, TYPE_FARADAY_SOC)
>> +#define FARADAY_SOC_GET_CORE() \
>> +FARADAY_SOC(object_resolve_path_component(qdev_get_machine(), \
>> +  TYPE_FARADAY_SOC))
>> +
>> +#endif
>> diff --git a/hw/arm/faraday_a369.c b/hw/arm/faraday_a369.c
>> new file mode 100644
>> index 000..0b6201a
>> --- /dev/null
>> +++ b/hw/arm/faraday_a369.c
>> @@ -0,0 +1,94 @@
>> +/*
>> + * Faraday A369 Evalution Board
>> + *
>> + * Copyright (c) 2012 Faraday Technology
>> + * Written by Dante Su 
>> + *
>> + * This code is licensed under GNU GPL v2+.
>> + */
>> +
>> +#include "hw/sysbus.h"
>> +#include "hw/arm-misc.h"
>> +#include "hw/devices.h"
>> +#include "hw/i2c.h"
>> +#include "hw/boards.h"
>> +#include "hw/ssi.h"
>> +#include "sysemu/sysemu.h"
>> +
>> +#include "faraday.h"
>> +
>> +/* Board init.  */
>> +
>> +static void
>> +a369_board_init(QEMUMachineInitArgs *args)
>> +{
>> +DeviceState *ds;
>> +FaradaySoCState *s;
>> +
>> +if (!args->cpu_model) {
>> +args->cpu_model = "fa626te";
>> +}
>> +if (!args->ram_size) {
>> +args->ram_size = 512 << 20;
>> +}
>> +
>> +ds 

Re: [Qemu-devel] [PATCH v5 02/24] hw/arm: add Faraday a369 SoC platform support

[Kuo-Jung Su]

2013/3/2 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
>> From: Kuo-Jung Su 
>>
>> The Faraday A369 EVB is a Faraday SoC platform evalution board used for
>> Faraday IP functional verification based on the well-known ARM AMBA 2.0
>> architecture.
>>
>> Signed-off-by: Kuo-Jung Su 
>> ---
>>  hw/arm/Makefile.objs  |4 +
>>  hw/arm/faraday.h  |   65 +
>>  hw/arm/faraday_a369.c |   94 ++
>>  hw/arm/faraday_a369_kpd.c |  237 
>> +
>>  hw/arm/faraday_a369_scu.c |  187 +++
>>  hw/arm/faraday_a369_soc.c |  197 +
>>  hw/arm/ftkbc010.h |   42 
>>  7 files changed, 826 insertions(+)
>>  create mode 100644 hw/arm/faraday.h
>>  create mode 100644 hw/arm/faraday_a369.c
>>  create mode 100644 hw/arm/faraday_a369_kpd.c
>>  create mode 100644 hw/arm/faraday_a369_scu.c
>>  create mode 100644 hw/arm/faraday_a369_soc.c
>>  create mode 100644 hw/arm/ftkbc010.h
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index 6d049e7..f6fd60d 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -33,3 +33,7 @@ obj-y += kzm.o
>>  obj-$(CONFIG_FDT) += ../device_tree.o
>>
>>  obj-y := $(addprefix ../,$(obj-y))
>> +obj-y += faraday_a369.o \
>> +faraday_a369_soc.o \
>> +faraday_a369_scu.o \
>> +faraday_a369_kpd.o
>> diff --git a/hw/arm/faraday.h b/hw/arm/faraday.h
>> new file mode 100644
>> index 000..d6ed860
>> --- /dev/null
>> +++ b/hw/arm/faraday.h
>> @@ -0,0 +1,65 @@
>> +/*
>> + * Faraday SoC platform support.
>> + *
>> + * Copyright (c) 2013 Faraday Technology
>> + * Written by Kuo-Jung Su 
>> + *
>> + * This code is licensed under the GNU GPL v2.
>> + */
>> +#ifndef HW_ARM_FARADAY_H
>> +#define HW_ARM_FARADAY_H
>> +
>> +#include "hw/flash.h"
>> +#include "qemu/bitops.h"
>> +
>> +#ifdef DEBUG_FARADAY
>> +#define DPRINTF(fmt, ...) \
>> +do { printf("faraday: " fmt , ## __VA_ARGS__); } while (0)
>> +#else
>> +#define DPRINTF(fmt, ...) \
>> +do { } while (0)
>> +#endif
>> +
>> +typedef struct FaradaySoCState {
>> +SysBusDevice busdev;
>> +hwaddr   rom_base;
>> +uint64_t rom_size;
>> +hwaddr   ram_base;
>> +uint64_t ram_size;
>> +char *cpu_model;
>> +ARMCPU   *cpu;
>> +DeviceState  *scu;  /* System Control Unit */
>> +DeviceState  *ahbc; /* AHB controller */
>> +DeviceState  *ddrc; /* DDR controller */
>> +DeviceState  *hdma[2];  /* AHB DMA */
>> +DeviceState  *pdma[1];  /* APB DMA */
>> +DeviceState  *spi[2];
>
> Your two spi controllers are completely unrelated to each other. They
> are different devices so I don't see a win in lumping them together in
> a single array - there's no scope for iterating over this array. I
> think it would be cleaner if they were separate variables as you would
> then be able to provide more descriptive names "DeviceState
> *spi_flash", or even better, the actual name of the device
> "DeviceState *ftspi020". The same may be true for I2C, ill get around
> to that shortly!
>

Got it, thanks.
I'll add a new field 'DeviceState *spi_fl[2]' to the FaradaySoCState() for
the dedicated spi flash controllers.

>> +DeviceState  *i2c[2];
>> +DeviceState  *i2s[2];
>> +DeviceState  *codec;/* Audio codec */
>> +void (*codec_out)(void *, uint32_t);
>> +uint32_t (*codec_in)(void *);
>> +
>> +MemoryRegion *as;
>> +MemoryRegion *ram;
>> +pflash_t *rom;
>> +MemoryRegion *sram;
>> +
>> +void *priv;
>> +
>> +uint32_t ahb_slave[32];
>> +uint32_t apb_slave[32];
>> +bool ahb_remapped;
>> +bool ddr_inited;
>> +struct arm_boot_info *bi;
>> +} FaradaySoCState;
>> +
>> +/* SoC common APIs */
>> +#define TYPE_FARADAY_SOC"faraday/soc"
>> +#define FARADAY_SOC(obj) \
>> +OBJECT_CHECK(FaradaySoCState, obj, TYPE_FARADAY_SOC)
>> +#define FARADAY_SOC_GET_CORE() \
>> +FARADAY_SOC(object_resolve_path_component(qdev_get_machine(), \
>> +  TYPE_FARADAY_SOC))
>> +
>> +#endif
>> diff --git a/hw/arm/faraday_a369.c b/hw/arm/faraday_a369.c
>> new file mode 100644
>> index 000..0b6201a
>> --- /dev/null
>> +++ b/hw/arm/faraday_a369.c
>> @@ -0,0 +1,94 @@
>> +/*
>> + * Faraday A369 Evalution Board
>> + *
>> + * Copyright (c) 2012 Faraday Technology
>> + * Written by Dante Su 
>> + *
>> + * This code is licensed under GNU GPL v2+.
>> + */
>> +
>> +#include "hw/sysbus.h"
>> +#include "hw/arm-misc.h"
>> +#include "hw/devices.h"
>> +#include "hw/i2c.h"
>> +#include "hw/boards.h"
>> +#include "hw/ssi.h"
>> +#include "sysemu/sysemu.h"
>> +
>> +#include "faraday.h"
>> +
>> +/* Board init.  */
>> +
>> +static void
>> +a369_board_init(QEMUMachineInitArgs *args)
>> +{
>> +DeviceState *ds;
>> +FaradaySoCState *s;
>> +
>> +if (!

Re: [Qemu-devel] [PATCH v5 03/24] hw/arm: add Faraday FTINTC020 interrupt controller support

[Kuo-Jung Su]

2013/3/2 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
>> From: Kuo-Jung Su 
>>
>> The FTINTC020 interrupt controller supports both FIQ and IRQ signals
>> to the microprocessor.
>> It can handle up to 64 configurable IRQ sources and 64 FIQ sources.
>> The output signals to the microprocessor can be configured as
>> level-high/low active or edge-rising/falling triggered.
>>
>> Signed-off-by: Kuo-Jung Su 
>> ---
>>  hw/arm/Makefile.objs  |1 +
>>  hw/arm/faraday.h  |3 +
>>  hw/arm/faraday_a369_soc.c |   10 +-
>>  hw/arm/ftintc020.c|  366 
>> +
>>  hw/arm/ftintc020.h|   48 ++
>>  5 files changed, 425 insertions(+), 3 deletions(-)
>>  create mode 100644 hw/arm/ftintc020.c
>>  create mode 100644 hw/arm/ftintc020.h
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index f6fd60d..6771072 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -37,3 +37,4 @@ obj-y += faraday_a369.o \
>>  faraday_a369_soc.o \
>>  faraday_a369_scu.o \
>>  faraday_a369_kpd.o
>> +obj-y += ftintc020.o
>> diff --git a/hw/arm/faraday.h b/hw/arm/faraday.h
>> index d6ed860..e5f611d 100644
>> --- a/hw/arm/faraday.h
>> +++ b/hw/arm/faraday.h
>> @@ -62,4 +62,7 @@ typedef struct FaradaySoCState {
>>  FARADAY_SOC(object_resolve_path_component(qdev_get_machine(), \
>>TYPE_FARADAY_SOC))
>>
>> +/* ftintc020.c */
>> +qemu_irq *ftintc020_init(hwaddr base, ARMCPU *cpu);
>> +
>>  #endif
>> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
>> index 0372868..3d861d2 100644
>> --- a/hw/arm/faraday_a369_soc.c
>> +++ b/hw/arm/faraday_a369_soc.c
>> @@ -73,6 +73,7 @@ a369soc_device_init(FaradaySoCState *s)
>>  {
>>  DriveInfo *dinfo;
>>  DeviceState *ds;
>> +qemu_irq *pic;
>>
>>  s->as = get_system_memory();
>>  s->ram = g_new(MemoryRegion, 1);
>> @@ -115,12 +116,15 @@ a369soc_device_init(FaradaySoCState *s)
>>  exit(1);
>>  }
>>
>> +/* Interrupt Controller */
>> +pic = ftintc020_init(0x9010, s->cpu);
>> +
>>  /* Serial (FTUART010 which is 16550A compatible) */
>>  if (serial_hds[0]) {
>>  serial_mm_init(s->as,
>> 0x92b0,
>> 2,
>> -   NULL,
>> +   pic[53],
>> 18432000,
>> serial_hds[0],
>> DEVICE_LITTLE_ENDIAN);
>> @@ -129,7 +133,7 @@ a369soc_device_init(FaradaySoCState *s)
>>  serial_mm_init(s->as,
>> 0x92c0,
>> 2,
>> -   NULL,
>> +   pic[54],
>> 18432000,
>> serial_hds[1],
>> DEVICE_LITTLE_ENDIAN);
>> @@ -140,7 +144,7 @@ a369soc_device_init(FaradaySoCState *s)
>>  s->scu = ds;
>>
>>  /* ftkbc010 */
>> -sysbus_create_simple("a369.keypad", 0x92f0, NULL);
>> +sysbus_create_simple("a369.keypad", 0x92f0, pic[21]);
>>  }
>>
>>  static int a369soc_init(SysBusDevice *busdev)
>> diff --git a/hw/arm/ftintc020.c b/hw/arm/ftintc020.c
>> new file mode 100644
>> index 000..a7f6454
>> --- /dev/null
>> +++ b/hw/arm/ftintc020.c
>> @@ -0,0 +1,366 @@
>> +/*
>> + * Faraday FTINTC020 Programmable Interrupt Controller.
>> + *
>> + * Copyright (c) 2012 Faraday Technology
>> + * Written by Dante Su 
>> + *
>> + * This code is licensed under GNU GPL v2+.
>> + */
>> +
>> +#include "hw/hw.h"
>> +#include "hw/sysbus.h"
>> +
>> +#include "faraday.h"
>> +#include "ftintc020.h"
>> +
>> +#define TYPE_FTINTC020  "ftintc020"
>> +
>> +typedef struct Ftintc020State {
>> +SysBusDevice busdev;
>> +MemoryRegion iomem;
>> +ARMCPU *cpu;
>> +qemu_irq irqs[64];
>> +
>> +uint32_t irq_pin[2];/* IRQ pin state */
>> +uint32_t fiq_pin[2];/* IRQ pin state */
>> +
>> +/* HW register caches */
>> +uint32_t irq_src[2];/* IRQ source register */
>> +uint32_t irq_ena[2];/* IRQ enable register */
>> +uint32_t irq_mod[2];/* IRQ mode register */
>> +uint32_t irq_lvl[2];/* IRQ level register */
>> +uint32_t fiq_src[2];/* FIQ source register */
>> +uint32_t fiq_ena[2];/* FIQ enable register */
>> +uint32_t fiq_mod[2];/* FIQ mode register */
>> +uint32_t fiq_lvl[2];/* FIQ level register */
>> +} Ftintc020State;
>> +
>> +#define FTINTC020(obj) \
>> +OBJECT_CHECK(Ftintc020State, obj, TYPE_FTINTC020)
>> +
>> +static void
>> +ftintc020_update(Ftintc020State *s)
>> +{
>> +uint32_t mask[2];
>> +
>> +/* FIQ */
>> +mask[0] = s->fiq_src[0] & s->fiq_ena[0];
>> +mask[1] = s->fiq_src[1] & s->fiq_ena[1];
>> +
>> +if (mask[0] || mask[1]) {
>> +cpu_interrupt(&s->cpu->env, CPU_INTERRUPT_FIQ);
>> +} else {
>> +cpu

Re: [Qemu-devel] [PATCH v5 03/24] hw/arm: add Faraday FTINTC020 interrupt controller support

[Kuo-Jung Su]

2013/3/3 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Sat, Mar 2, 2013 at 2:13 PM, Peter Crosthwaite
>  wrote:
>> Hi Kuo-Jung,
>>
>> On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
>>> From: Kuo-Jung Su 
>>>
>>> The FTINTC020 interrupt controller supports both FIQ and IRQ signals
>>> to the microprocessor.
>>> It can handle up to 64 configurable IRQ sources and 64 FIQ sources.
>>> The output signals to the microprocessor can be configured as
>>> level-high/low active or edge-rising/falling triggered.
>>>
>>> Signed-off-by: Kuo-Jung Su 
>>> ---
>>>  hw/arm/Makefile.objs  |1 +
>>>  hw/arm/faraday.h  |3 +
>>>  hw/arm/faraday_a369_soc.c |   10 +-
>>>  hw/arm/ftintc020.c|  366 
>>> +
>>>  hw/arm/ftintc020.h|   48 ++
>>>  5 files changed, 425 insertions(+), 3 deletions(-)
>>>  create mode 100644 hw/arm/ftintc020.c
>>>  create mode 100644 hw/arm/ftintc020.h
>>>
>>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>>> index f6fd60d..6771072 100644
>>> --- a/hw/arm/Makefile.objs
>>> +++ b/hw/arm/Makefile.objs
>>> @@ -37,3 +37,4 @@ obj-y += faraday_a369.o \
>>>  faraday_a369_soc.o \
>>>  faraday_a369_scu.o \
>>>  faraday_a369_kpd.o
>>> +obj-y += ftintc020.o
>>> diff --git a/hw/arm/faraday.h b/hw/arm/faraday.h
>>> index d6ed860..e5f611d 100644
>>> --- a/hw/arm/faraday.h
>>> +++ b/hw/arm/faraday.h
>>> @@ -62,4 +62,7 @@ typedef struct FaradaySoCState {
>>>  FARADAY_SOC(object_resolve_path_component(qdev_get_machine(), \
>>>TYPE_FARADAY_SOC))
>>>
>>> +/* ftintc020.c */
>>> +qemu_irq *ftintc020_init(hwaddr base, ARMCPU *cpu);
>>> +
>>>  #endif
>>> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
>>> index 0372868..3d861d2 100644
>>> --- a/hw/arm/faraday_a369_soc.c
>>> +++ b/hw/arm/faraday_a369_soc.c
>>> @@ -73,6 +73,7 @@ a369soc_device_init(FaradaySoCState *s)
>>>  {
>>>  DriveInfo *dinfo;
>>>  DeviceState *ds;
>>> +qemu_irq *pic;
>>>
>>>  s->as = get_system_memory();
>>>  s->ram = g_new(MemoryRegion, 1);
>>> @@ -115,12 +116,15 @@ a369soc_device_init(FaradaySoCState *s)
>>>  exit(1);
>>>  }
>>>
>>> +/* Interrupt Controller */
>>> +pic = ftintc020_init(0x9010, s->cpu);
>>> +
>>>  /* Serial (FTUART010 which is 16550A compatible) */
>>>  if (serial_hds[0]) {
>>>  serial_mm_init(s->as,
>>> 0x92b0,
>>> 2,
>>> -   NULL,
>>> +   pic[53],
>>> 18432000,
>>> serial_hds[0],
>>> DEVICE_LITTLE_ENDIAN);
>>> @@ -129,7 +133,7 @@ a369soc_device_init(FaradaySoCState *s)
>>>  serial_mm_init(s->as,
>>> 0x92c0,
>>> 2,
>>> -   NULL,
>>> +   pic[54],
>>> 18432000,
>>> serial_hds[1],
>>> DEVICE_LITTLE_ENDIAN);
>>> @@ -140,7 +144,7 @@ a369soc_device_init(FaradaySoCState *s)
>>>  s->scu = ds;
>>>
>>>  /* ftkbc010 */
>>> -sysbus_create_simple("a369.keypad", 0x92f0, NULL);
>>> +sysbus_create_simple("a369.keypad", 0x92f0, pic[21]);
>>>  }
>>>
>>>  static int a369soc_init(SysBusDevice *busdev)
>>> diff --git a/hw/arm/ftintc020.c b/hw/arm/ftintc020.c
>>> new file mode 100644
>>> index 000..a7f6454
>>> --- /dev/null
>>> +++ b/hw/arm/ftintc020.c
>>> @@ -0,0 +1,366 @@
>>> +/*
>>> + * Faraday FTINTC020 Programmable Interrupt Controller.
>>> + *
>>> + * Copyright (c) 2012 Faraday Technology
>>> + * Written by Dante Su 
>>> + *
>>> + * This code is licensed under GNU GPL v2+.
>>> + */
>>> +
>>> +#include "hw/hw.h"
>>> +#include "hw/sysbus.h"
>>> +
>>> +#include "faraday.h"
>>> +#include "ftintc020.h"
>>> +
>>> +#define TYPE_FTINTC020  "ftintc020"
>>> +
>>> +typedef struct Ftintc020State {
>>> +SysBusDevice busdev;
>>> +MemoryRegion iomem;
>>> +ARMCPU *cpu;
>
> So Ive looked into your init routine problem a little more and
> checkout out how its handled by other ARM interrupt controllers. I
> think its gone wrong here, in that an interrupt controller should not
> have a handle to a CPU at all. It should just have GPIO outputs for
> the interrupt wires. Replace this with GPIO outputs for your intcs IRQ
> and FIQ output. This removes the need for your machine model to pass
> in an ARMCPU to the device (whether that be via your Ad-Hoc creation
> helper or via a QOM link).
>

At the time I was writing the model for FTINTC020, I found that
hw/pxa2xx_pic.c is more straightforward to me.
However it turns out that I've made a bad decision.

>>> +qemu_irq irqs[64];
>>> +
>>> +uint32_t irq_pin[2];/* IRQ pin state */
>>> +uint32_t fiq_pin[2];/* IRQ pin state */
>>> +
>>> +/* HW register caches */
>>> +uint32_t irq_src

Re: [Qemu-devel] [PATCH v5 04/24] hw/arm: add Faraday FTAHBC020 support

[Kuo-Jung Su]

2013/3/4 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
>> From: Kuo-Jung Su 
>>
>> It's used to perform AHB remap and if the SDRAM is initialized
>> before AHB remap process activated, then it would also perform
>> the QEMU RAM initialization.
>>
>> Signed-off-by: Kuo-Jung Su 
>> ---
>>  hw/arm/Makefile.objs  |1 +
>>  hw/arm/faraday_a369_soc.c |3 +
>>  hw/arm/ftahbc020.c|  189 
>> +
>>  3 files changed, 193 insertions(+)
>>  create mode 100644 hw/arm/ftahbc020.c
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index 6771072..33c9482 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -38,3 +38,4 @@ obj-y += faraday_a369.o \
>>  faraday_a369_scu.o \
>>  faraday_a369_kpd.o
>>  obj-y += ftintc020.o
>> +obj-y += ftahbc020.o
>> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
>> index 3d861d2..e7343d9 100644
>> --- a/hw/arm/faraday_a369_soc.c
>> +++ b/hw/arm/faraday_a369_soc.c
>> @@ -145,6 +145,9 @@ a369soc_device_init(FaradaySoCState *s)
>>
>>  /* ftkbc010 */
>>  sysbus_create_simple("a369.keypad", 0x92f0, pic[21]);
>> +
>> +/* ftahbc020 */
>> +s->ahbc = sysbus_create_simple("ftahbc020", 0x9400, NULL);
>>  }
>>
>>  static int a369soc_init(SysBusDevice *busdev)
>> diff --git a/hw/arm/ftahbc020.c b/hw/arm/ftahbc020.c
>> new file mode 100644
>> index 000..b558e90
>> --- /dev/null
>> +++ b/hw/arm/ftahbc020.c
>> @@ -0,0 +1,189 @@
>> +/*
>> + * Faraday AHB controller
>> + *
>> + * Copyright (c) 2012 Faraday Technology
>> + * Written by Dante Su 
>> + *
>> + * This code is licensed under GNU GPL v2+
>> + */
>> +
>> +#include "hw/hw.h"
>> +#include "hw/sysbus.h"
>> +#include "hw/devices.h"
>> +#include "sysemu/sysemu.h"
>> +
>> +#include "faraday.h"
>> +
>> +#define REG_SLAVE(n)((n) * 4) /* Slave config (base & size) */
>> +#define REG_PRIR0x80/* Priority register */
>> +#define REG_IDLECR  0x84/* IDLE count register */
>> +#define REG_CR  0x88/* Control register */
>> +#define REG_REVR0x8c/* Revision register */
>> +
>> +#define CR_REMAP0x01/* Enable AHB remap for slave 4 & 6 */
>> +
>> +#define TYPE_FTAHBC020  "ftahbc020"
>> +
>> +typedef struct Ftahbc020State {
>> +SysBusDevice busdev;
>> +MemoryRegion iomem;
>> +
>> +/* HW register cache */
>> +uint32_t cr;
>> +} Ftahbc020State;
>> +
>> +#define FTAHBC020(obj) \
>> +OBJECT_CHECK(Ftahbc020State, obj, TYPE_FTAHBC020)
>> +
>> +static uint64_t
>> +ftahbc020_mem_read(void *opaque, hwaddr addr, unsigned size)
>> +{
>> +Ftahbc020State *s = FTAHBC020(opaque);
>> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
>
>
>
>> +uint64_t ret = 0;
>> +
>> +switch (addr) {
>> +/* slave address & window configuration */
>> +case REG_SLAVE(0) ... REG_SLAVE(3):
>> +case REG_SLAVE(5):
>
> I think its required to have a comment of fall through case statements.
>
> /* fall-through - because of foo */
>

Got it, thanks

> Regards,
> Peter
>
>> +case REG_SLAVE(7) ... REG_SLAVE(31):
>> +ret = soc->ahb_slave[addr / 4];
>> +break;
>> +case REG_SLAVE(4):
>> +ret = soc->rom_base | (soc->ahb_slave[4] & 0x000f);
>> +break;
>> +case REG_SLAVE(6):
>> +ret = soc->ram_base | (soc->ahb_slave[6] & 0x000f);
>> +break;
>> +/* control register */
>> +case REG_CR:
>> +if (soc->ahb_remapped) {
>> +s->cr |= CR_REMAP;
>> +}
>> +ret = s->cr;
>> +break;
>> +case REG_REVR:
>> +ret = 0x00010301;   /* rev. 1.3.1 */
>> +break;
>> +default:
>> +qemu_log_mask(LOG_GUEST_ERROR,
>> +  "ftahbc020: undefined memory access@0x%llx\n", addr);
>> +break;
>> +}
>> +
>> +return ret;
>> +}
>> +
>> +static void
>> +ftahbc020_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
>> +{
>> +Ftahbc020State *s = FTAHBC020(opaque);
>> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
>> +
>> +switch (addr) {
>> +case REG_CR:/* control register */
>> +s->cr = (uint32_t)val;
>> +if (soc->ahb_remapped && !(s->cr & CR_REMAP)) {
>> +hw_error("ftahbc020: Once AHB remap is enabled, "
>> + "it could not be disabled!\n");
>> +exit(1);
>> +}
>> +if (!soc->ahb_remapped && (s->cr & CR_REMAP)) {
>> +/* Remap AHB slave 4 (ROM) & slave 6 (RAM) */
>> +/* 1. Remap RAM to base of ROM */
>> +soc->ram_base = soc->ahb_slave[4] & 0xfff0;
>> +/* 2. Remap ROM to base of ROM + size of RAM */
>> +soc->rom_base = soc->ram_base
>> +  + ((1 << extract32(soc->ahb_slave[6], 16, 4)) << 
>> 20);
>> +/* 3. Update ROM memory map */
>> +sysbus_mmio_map(SY

[Qemu-devel] [PATCH v3 0/3] DTC as submodule

[Peter Crosthwaite]

These two patches add and use dtc as a submodule as per the RFC:

http://lists.gnu.org/archive/html/qemu-devel/2013-01/msg05000.html

There is a remaining action item to mandate libfdt for arm/microblaze and PPC
which is left as follow up work for after review of this series.

Also fixed the configure to properly build pixman when cross compiling.

changed since v2:
Fixed P1 implementation (PMM review)
Fixed CC/AR/LD quoting issue P3 (PMM review)
Addressed PMM review
changed since v1:
Fixed cross compilation of submodules (new P1)
Fixed passing of ARFLAGS to dtc submake


Peter Crosthwaite (3):
  configure: Put cross compile flags in EXTRA_CFLAGS
  dtc: add submodule
  configure/Make: Build libfdt from submodule DTC

 .gitmodules |3 +++
 Makefile|   10 ++
 configure   |   44 ++--
 dtc |1 +
 4 files changed, 48 insertions(+), 10 deletions(-)
 create mode 16 dtc

[Qemu-devel] [PATCH v3 1/3] configure: Put cross compile flags in EXTRA_CFLAGS

[Peter Crosthwaite]

The cross compile CFLAGS are needed to properly build pixman (and any other
submodules). Only the EXTRA_CFLAGS set is passed to submodules not QEMU_CFLAGS,
so put the cross compile flags in EXTRA_CFLAGS instead.

Signed-off-by: Peter Crosthwaite peter.crosthwa...@xilinx.com>
---
Changed from v2:
Reverted first hunk to keep early CFLAGS settings (PMM review)
Pretty much a completely different implementation now.

 configure |   15 +--
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/configure b/configure
index 19738ac..a1efa21 100755
--- a/configure
+++ b/configure
@@ -913,33 +913,36 @@ done
 case "$cpu" in
 sparc)
LDFLAGS="-m32 $LDFLAGS"
-   QEMU_CFLAGS="-m32 -mcpu=ultrasparc $QEMU_CFLAGS"
+   CPU_CFLAGS="-m32 -mcpu=ultrasparc"
;;
 sparc64)
LDFLAGS="-m64 $LDFLAGS"
-   QEMU_CFLAGS="-m64 -mcpu=ultrasparc $QEMU_CFLAGS"
+   CPU_CFLAGS="-m64 -mcpu=ultrasparc"
;;
 s390)
-   QEMU_CFLAGS="-m31 -march=z990 $QEMU_CFLAGS"
+   CPU_CFLAGS="-m31 -march=z990"
LDFLAGS="-m31 $LDFLAGS"
;;
 s390x)
-   QEMU_CFLAGS="-m64 -march=z990 $QEMU_CFLAGS"
+   CPU_CFLAGS="-m64 -march=z990"
LDFLAGS="-m64 $LDFLAGS"
;;
 i386)
-   QEMU_CFLAGS="-m32 $QEMU_CFLAGS"
+   CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
cc_i386='$(CC) -m32'
;;
 x86_64)
-   QEMU_CFLAGS="-m64 $QEMU_CFLAGS"
+   CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
cc_i386='$(CC) -m32'
;;
 # No special flags required for other host CPUs
 esac
 
+QEMU_CFLAGS="$CPU_CFLAGS $QEMU_CFLAGS"
+EXTRA_CFLAGS="$CPU_CFLAGS $EXTRA_CFLAGS"
+
 default_target_list=""
 
 # these targets are portable
-- 
1.7.0.4

Re: [Qemu-devel] [PATCH v5 05/24] hw/arm: add Faraday FTDDRII030 support

[Kuo-Jung Su]

2013/3/4 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Wed, Feb 27, 2013 at 5:15 PM, Kuo-Jung Su  wrote:
>> From: Kuo-Jung Su 
>>
>> The FTDDRII030 is a DDRII SDRAM controller which is responsible for
>> SDRAM initialization.
>> In QEMU we emualte only the SDRAM enable function.
>>
>
> "emulate"
>

Got it, thanks

>> Signed-off-by: Kuo-Jung Su 
>> ---
>>  hw/arm/Makefile.objs  |1 +
>>  hw/arm/faraday_a369_soc.c |3 +
>>  hw/arm/ftddrii030.c   |  171 
>> +
>>  3 files changed, 175 insertions(+)
>>  create mode 100644 hw/arm/ftddrii030.c
>>
>> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
>> index 33c9482..2a4c7d6 100644
>> --- a/hw/arm/Makefile.objs
>> +++ b/hw/arm/Makefile.objs
>> @@ -39,3 +39,4 @@ obj-y += faraday_a369.o \
>>  faraday_a369_kpd.o
>>  obj-y += ftintc020.o
>>  obj-y += ftahbc020.o
>> +obj-y += ftddrii030.o
>> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
>> index e7343d9..fdf13f8 100644
>> --- a/hw/arm/faraday_a369_soc.c
>> +++ b/hw/arm/faraday_a369_soc.c
>> @@ -148,6 +148,9 @@ a369soc_device_init(FaradaySoCState *s)
>>
>>  /* ftahbc020 */
>>  s->ahbc = sysbus_create_simple("ftahbc020", 0x9400, NULL);
>> +
>> +/* ftddrii030 */
>> +s->ddrc = sysbus_create_simple("ftddrii030", 0x9310, NULL);
>>  }
>>
>>  static int a369soc_init(SysBusDevice *busdev)
>> diff --git a/hw/arm/ftddrii030.c b/hw/arm/ftddrii030.c
>> new file mode 100644
>> index 000..1679bef
>> --- /dev/null
>> +++ b/hw/arm/ftddrii030.c
>> @@ -0,0 +1,171 @@
>> +/*
>> + * Faraday DDRII controller
>> + *
>> + * Copyright (c) 2012 Faraday Technology
>> + * Written by Dante Su 
>> + *
>> + * This code is licensed under GNU GPL v2+
>> + */
>> +
>> +#include "hw/hw.h"
>> +#include "hw/sysbus.h"
>> +#include "hw/devices.h"
>> +#include "sysemu/sysemu.h"
>> +
>> +#include "faraday.h"
>> +
>> +#define REG_MCR 0x00/* memory configuration register */
>> +#define REG_MSR 0x04/* memory status register */
>> +#define REG_REVR0x50/* revision register */
>> +
>> +#define MSR_INIT_OK BIT(8)  /* DDR2 initial is completed */
>> +#define MSR_CMD_MRS BIT(0)  /* start MRS command */
>> +
>> +#define CFG_REGSIZE (0x50 / 4)
>> +
>> +#define TYPE_FTDDRII030 "ftddrii030"
>> +
>> +typedef struct Ftddrii030State {
>> +SysBusDevice busdev;
>> +MemoryRegion iomem;
>> +
>> +/* HW register cache */
>> +uint32_t regs[CFG_REGSIZE];
>> +} Ftddrii030State;
>> +
>> +#define FTDDRII030(obj) \
>> +OBJECT_CHECK(Ftddrii030State, obj, TYPE_FTDDRII030)
>> +
>> +#define DDR_REG32(s, off) \
>> +*(uint32_t *)((uint8_t *)(s)->regs + (off))
>
> Strange. You are forcing alignment in your memory region ops so Im not
> sure I see the need for this. Cant you just index directly ...
>

Sure, it's just a coding style which I used to write hardware access
macros for chip drivers.

>> +
>> +static uint64_t
>> +ftddrii030_mem_read(void *opaque, hwaddr addr, unsigned size)
>> +{
>> +Ftddrii030State *s = FTDDRII030(opaque);
>> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
>> +uint64_t ret = 0;
>> +
>> +if (soc->ddr_inited) {
>> +DDR_REG32(s, REG_MSR) |= MSR_INIT_OK;
>
> ... like this?
>
> s->regs[REG_MSR/4] |= MSR_INIT_OK
>
>> +}
>> +
>> +switch (addr) {
>> +case REG_MCR ... 0x4c:
>
> s/0x4c/CFG_REGSIZE or something like it. I think you can define you
> macros to get rid of this magic number that is really just the end of
> your CFG_REGSIZE definition.
>

Got it, thanks

>> +ret = s->regs[addr / 4];
>> +break;
>> +case REG_REVR:
>> +ret = 0x100;/* rev. = 0.1.0 */
>> +break;
>> +default:
>> +qemu_log_mask(LOG_GUEST_ERROR,
>> +  "ftddrii030: undefined memory access@0x%llx\n", addr);
>> +break;
>> +}
>> +
>> +return ret;
>> +}
>> +
>> +static void
>> +ftddrii030_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
>> +{
>> +Ftddrii030State *s = FTDDRII030(opaque);
>> +FaradaySoCState *soc = FARADAY_SOC_GET_CORE();
>> +
>> +switch (addr) {
>> +case REG_MCR:
>> +DDR_REG32(s, REG_MCR) = (uint32_t)val & 0x;
>> +break;
>> +case REG_MSR:
>> +val = (val & 0x3f) | (DDR_REG32(s, REG_MSR) & MSR_INIT_OK);
>> +if (!soc->ddr_inited && (val & MSR_CMD_MRS)) {
>> +val &= ~MSR_CMD_MRS;
>> +val |= MSR_INIT_OK;
>> +memory_region_add_subregion(soc->as, soc->ram_base, soc->ram);
>> +soc->ddr_inited = true;
>> +}
>> +DDR_REG32(s, REG_MSR) = (uint32_t)val;
>> +break;
>> +case 0x08 ... 0x4c: /* DDRII Timing, ECC ...etc. */
>> +s->regs[addr / 4] = (uint32_t)val;
>> +break;
>> +default:
>> +qemu_log_mask(LOG_GUEST_ERROR,
>> +  "ftddrii030: undefined memory access@0x%llx\n", addr);
>> 

[Qemu-devel] [PATCH v3 2/3] dtc: add submodule

[Peter Crosthwaite]

Add dtc submodule as a fallback for old distros.
Picking version 1.3.0. as this is the most recently tagged stable version.

Signed-off-by: Peter Crosthwaite 
---

 .gitmodules |3 +++
 dtc |1 +
 2 files changed, 4 insertions(+), 0 deletions(-)
 create mode 16 dtc

diff --git a/.gitmodules b/.gitmodules
index cfa2af9..b426ea6 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -22,3 +22,6 @@
 [submodule "pixman"]
path = pixman
url = git://anongit.freedesktop.org/pixman
+[submodule "dtc"]
+   path = dtc
+   url = git://git.qemu.org/dtc.git
diff --git a/dtc b/dtc
new file mode 16
index 000..bc895d6
--- /dev/null
+++ b/dtc
@@ -0,0 +1 @@
+Subproject commit bc895d6d09695d05ceb8b52486ffe861d6cfbdde
-- 
1.7.0.4

Re: [Qemu-devel] [PATCH v5 03/24] hw/arm: add Faraday FTINTC020 interrupt controller support

[Peter Crosthwaite]

Hi Kuo-Jung,

On Mon, Mar 4, 2013 at 4:20 PM, Kuo-Jung Su  wrote:
> 2013/3/2 Peter Crosthwaite :
>> Hi Kuo-Jung,
[Snip]
>>> +return s->irq_lvl[1];
>>> +case REG_EIRQSR:
>>> +return s->irq_src[1] & s->irq_ena[1];
>>> +
>>
>> AFAICT, index 0 of there arrays in for IRQ and index 1 is for EIRQ.
>> Can you #define some symbols accrordingly and remove all the magic
>> numberage with the [0]'s and [1]'s?
>>
>
> Sure, the ftintc020 is going to be redesigned with the 'hw/pl190.c' as 
> template.
> And all the coding style issues would be updated.
>
>>> +/*
>>> + * FIQ
>>> + */
>>> +case REG_FIQSRC:
>>> +return s->fiq_src[0];
>>> +case REG_FIQENA:
>>> +return s->fiq_ena[0];
>>> +case REG_FIQMDR:
>>> +return s->fiq_mod[0];
>>> +case REG_FIQLVR:
>>> +return s->fiq_lvl[0];
>>> +case REG_FIQSR:
>>> +return s->fiq_src[0] & s->fiq_ena[0];
>>> +case REG_EFIQSRC:
>>> +return s->fiq_src[1];
>>> +case REG_EFIQENA:
>>> +return s->fiq_ena[1];
>>> +case REG_EFIQMDR:
>>> +return s->fiq_mod[1];
>>> +case REG_EFIQLVR:
>>> +return s->fiq_lvl[1];
>>> +case REG_EFIQSR:
>>> +return s->fiq_src[1] & s->fiq_ena[1];
>>> +default:
>>> +qemu_log_mask(LOG_GUEST_ERROR,
>>> +  "ftintc020: undefined memory access@0x%llx\n", addr);
>>> +return 0;
>>> +}
>>> +}
>>> +
>>> +static void
>>> +ftintc020_mem_write(void *opaque, hwaddr addr, uint64_t value, unsigned 
>>> size)
>>> +{
>>> +Ftintc020State *s = FTINTC020(opaque);
>>> +
>>> +switch (addr) {
>>> +/*
>>> + * IRQ
>>> + */
>>
>> Ok to use one line comment. And elsewhere
>>
>>> +case REG_IRQENA:
>>> +s->irq_ena[0] = (uint32_t)value;
>>> +break;
>>> +case REG_IRQSCR:
>>> +value = ~(value & s->irq_mod[0]);
>>> +s->irq_src[0] &= (uint32_t)value;
>>> +break;
>>> +case REG_IRQMDR:
>>> +s->irq_mod[0] = (uint32_t)value;
>>> +break;
>>> +case REG_IRQLVR:
>>> +s->irq_lvl[0] = (uint32_t)value;
>>> +break;
>>> +case REG_EIRQENA:
>>> +s->irq_ena[1] = (uint32_t)value;
>>> +break;
>>> +case REG_EIRQSCR:
>>> +value = ~(value & s->irq_mod[1]);
>>> +s->irq_src[1] &= (uint32_t)value;
>>> +break;
>>> +case REG_EIRQMDR:
>>> +s->irq_mod[1] = (uint32_t)value;
>>> +break;
>>> +case REG_EIRQLVR:
>>> +s->irq_lvl[1] = (uint32_t)value;
>>> +break;
>>> +
>>> +/*
>>> + * FIQ
>>> + */
>>> +case REG_FIQENA:
>>> +s->fiq_ena[0] = (uint32_t)value;
>>> +break;
>>> +case REG_FIQSCR:
>>> +value = ~(value & s->fiq_mod[0]);
>>> +s->fiq_src[0] &= (uint32_t)value;
>>> +break;
>>> +case REG_FIQMDR:
>>> +s->fiq_mod[0] = (uint32_t)value;
>>> +break;
>>> +case REG_FIQLVR:
>>> +s->fiq_lvl[0] = (uint32_t)value;
>>> +break;
>>> +case REG_EFIQENA:
>>> +s->fiq_ena[1] = (uint32_t)value;
>>> +break;
>>> +case REG_EFIQSCR:
>>> +value = ~(value & s->fiq_mod[1]);
>>> +s->fiq_src[1] &= (uint32_t)value;
>>> +break;
>>> +case REG_EFIQMDR:
>>> +s->fiq_mod[1] = (uint32_t)value;
>>> +break;
>>> +case REG_EFIQLVR:
>>> +s->fiq_lvl[1] = (uint32_t)value;
>>> +break;
>>> +
>>> +/* don't care */
>>> +default:
>>> +qemu_log_mask(LOG_GUEST_ERROR,
>>> +  "ftintc020: undefined memory access@0x%llx\n", addr);
>>> +return;
>>> +}
>>> +
>>> +ftintc020_update(s);
>>> +}
>>> +
>>> +static const MemoryRegionOps mmio_ops = {
>>> +.read  = ftintc020_mem_read,
>>> +.write = ftintc020_mem_write,
>>> +.endianness = DEVICE_LITTLE_ENDIAN,
>>> +.valid = {
>>> +.min_access_size = 4,
>>> +.max_access_size = 4,
>>> +}
>>> +};
>>> +
>>> +static void ftintc020_reset(DeviceState *ds)
>>> +{
>>> +SysBusDevice *busdev = SYS_BUS_DEVICE(ds);
>>> +Ftintc020State *s = FTINTC020(FROM_SYSBUS(Ftintc020State, busdev));
>>> +
>>> +s->irq_pin[0] = 0;
>>> +s->irq_pin[1] = 0;
>>> +s->fiq_pin[0] = 0;
>>> +s->fiq_pin[1] = 0;
>>> +
>>> +s->irq_src[0] = 0;
>>> +s->irq_src[1] = 0;
>>> +s->irq_ena[0] = 0;
>>> +s->irq_ena[1] = 0;
>>> +s->fiq_src[0] = 0;
>>> +s->fiq_src[1] = 0;
>>> +s->fiq_ena[0] = 0;
>>> +s->fiq_ena[1] = 0;
>>> +
>>> +ftintc020_update(s);
>>> +}
>>> +
>>> +qemu_irq *ftintc020_init(hwaddr base, ARMCPU *cpu)
>>
>> I'm not sure this is the right place for this, I think device creation
>> helpers belong on the machine / SoC level. Keep the device model self
>> contained and clients call qdev_init themselves. Andreas have the
>> rules change on this recently?
>>
>>> +{
>>> +int i;
>>> +DeviceState *ds = qdev_create(NULL, TYPE_FTINTC020);
>>
>> As the device is intended for

[Qemu-devel] [PATCH v3 3/3] configure/Make: Build libfdt from submodule DTC

[Peter Crosthwaite]

Configure to use the DTC submodule to build libfdt when no system libfdt
is found. Prompt to install the DTC submodule if --enable-fdt is set but
no DTC can be found.

DTC has no out-of-tree build capability, so the configure will symlink
the Makefile and scripts directory in the out of tree build directory
and pass in all the needed DTC arguments to make out of tree build happen.
Ideally we fix the DTC make to support out of tree, but did it this way to
avoid commits to DTC.

Signed-off-by: David Holsgrove 
Signed-off-by: Peter Crosthwaite 
---
changed from v2:
Fixed quoting of Make arguments (PMM review)
Fixed comment styling and typos (PMM review)

 Makefile  |   10 ++
 configure |   29 +
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 2262410..b126b31 100644
--- a/Makefile
+++ b/Makefile
@@ -136,6 +136,15 @@ pixman/Makefile: $(SRC_PATH)/pixman/configure
 $(SRC_PATH)/pixman/configure:
(cd $(SRC_PATH)/pixman; autoreconf -v --install)
 
+DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_srcdir=$(SRC_PATH)/dtc/libfdt
+DTC_CFLAGS=$(CFLAGS) $(extra_cflags) -I$(BUILD_DIR)/dtc -I$(SRC_PATH)/dtc 
-I$(SRC_PATH)/dtc/libfdt
+
+subdir-dtc:dtc/libfdt dtc/tests
+   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) CPPFLAGS="$(DTC_CFLAGS)" 
LDFLAGS="$(LDFLAGS)" ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" 
$(SUBDIR_MAKEFLAGS) libfdt,)
+
+dtc/%:
+   mkdir -p $@
+
 $(SUBDIR_RULES): libqemuutil.a libqemustub.a $(common-obj-y)
 
 ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
@@ -253,6 +262,7 @@ distclean: clean
rm -rf $$d || exit 1 ; \
 done
if test -f pixman/config.log; then make -C pixman distclean; fi
+   if test -f dtc/version_gen.h; then make $(DTC_MAKE_ARGS) clean; fi
 
 KEYMAPS=da en-gb  et  fr fr-ch  is  lt  modifiers  no  pt-br  sv \
 ar  de en-us  fi  fr-be  hr it  lv  nl pl  ru th \
diff --git a/configure b/configure
index a1efa21..c589368 100755
--- a/configure
+++ b/configure
@@ -2418,11 +2418,28 @@ if test "$fdt" != "no" ; then
 int main(void) { return 0; }
 EOF
   if compile_prog "" "$fdt_libs" ; then
+# system DTC is good - use it
 fdt=yes
-  else
-if test "$fdt" = "yes" ; then
-  feature_not_found "fdt"
+  elif test -d ${source_path}/dtc/libfdt ; then
+# have submodule DTC - use it
+fdt=yes
+dtc_internal="yes"
+mkdir -p dtc
+if [ "$source_path" != `pwd` ]; then
+   symlink "$source_path/dtc/Makefile" "dtc/Makefile"
+   symlink "$source_path/dtc/scripts" "dtc/scripts"
 fi
+fdt_cflags="-I\$(SRC_PATH)/dtc/libfdt"
+fdt_libs="-L\$(BUILD_DIR)/dtc/libfdt $fdt_libs"
+  elif test "$fdt" = "yes" ; then
+# have neither and want - prompt for system/submodule install
+echo "ERROR: DTC not present. Your options:"
+echo "  (1) Preferred: Install the DTC devel package"
+echo "  (2) Fetch the DTC submodule, using:"
+echo "  git submodule update --init dtc"
+exit 1
+  else
+# don't have and dont wan't
 fdt_libs=
 fdt=no
   fi
@@ -3309,7 +3326,7 @@ if test "$cpu" = "ppc64" -a "$targetos" != "Darwin" ; then
 fi
 
 # add pixman flags after all config tests are done
-QEMU_CFLAGS="$QEMU_CFLAGS $pixman_cflags"
+QEMU_CFLAGS="$QEMU_CFLAGS $pixman_cflags $fdt_cflags"
 libs_softmmu="$libs_softmmu $pixman_libs"
 
 echo "Install prefix$prefix"
@@ -4356,6 +4373,10 @@ if [ "$pixman" = "internal" ]; then
   echo "config-host.h: subdir-pixman" >> $config_host_mak
 fi
 
+if [ "$dtc_internal" = "yes" ]; then
+  echo "config-host.h: subdir-dtc" >> $config_host_mak
+fi
+
 # build tree in object directory in case the source is not in the current 
directory
 DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32"
 DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas"
-- 
1.7.0.4

Re: [Qemu-devel] [PATCH V20 00/10] libqblock qemu block layer library

[Wenchao Xia]

Hi,
  any comments for this version?

>These patches introduce libqblock API, make subdir-libqblock and make
> check-libqblock could build this library.
> Functionalities:
>   1 create a new image.
>   2 sync access of an image.
>   3 basic image information retrieving such as backing file.
>   4 detect if a sector is allocated in an image.
> Supported Formats:
>   ALL using file protocols.
> 
> v2:
>Insert reserved bytes into union.
>Use uint64_t instead of size_t, offset.
>Use const char * in filename pointer.
>Initialization function removed and it was automatically executed when
> library is loaded.
>Added compile flag visibility=hidden, to avoid name space pollution.
>Structure naming style changed.
>Using byte unit instead of sector for every API.
>Added a member in image static information structure, to report logical
> sector size, which is always 512 now.
>Read and write API can take request not aligned to 512 now. It returns the
> byte number that have succeed in operation, but now either negative value
> or the number requested would be returned, because qemu block sync I/O API
> would not return such number.
>Typo fix due to comments and improved documents.
> 
> v3:
>Removed the code about OOM error, introduced GError.
>Used a table to map from string to enum types about format.
>Use typedef for every structure.
>Improved the gcc compiler macro to warn if gcc was not used.
>Global variable name changed with prefix libqb_.
>The struct QBlockStaticInfo was changed to folder full format related
> information inside, and a new member with pointers pointing to the mostly used
> members, such as backing file, virt size, was added. This would allow the user
> to get full information about how it is created in the future.
>Each patch in the serial can work with qemu now.
>Typo fixes.
> 
> v4:
>Renamed QBroker to QBlockContext.
>Removed tool objs out of libqblock.
>Added a check in initialization about structure size for ABI.
>Added a new helper API to duplicate protocol information, helps to open 
> files
> in a backing file chain.
>Check-libqblock will not rebuild libqblock every time now.
>Test case file renamed to "libqblock-[FMT].c".
>Test use gtest framework now.
>Test do random creation of test file now, added check for information API 
> in
> it.
>Test do random sync io instead of fixed offset io now.
>Test accept one parameter about where to place the test image, now it is
> ./tests/libqblock/test_images.
> 
> v5:
>Makefile of libqblock was adjusted to be similar as libcacard, added spec
> file and install section.
>Removed warning when GCC was not found.
>Structure names were changed to better ones.
>Removed the union typedef that contain reserved bytes to reduce the folder
> depth.
>Some format related enum options was changed to better name.
>Added accessors about image static information, hide indirect accessing
> member detail in the structure.
>Test Makefile do not create diretory now, test case create it themself.
>Test build system do not use libtool now, and removed qtest-obj-y in its
> dependency, make check will automatically execute test anyway now.
>Removed "ifeq ($(LIBTOOL),)" in Makefile.
> 
> v6:
>Remove address pointer member in image static info structure.
> 
> v7:
>Support out of tree building.
> 
> v8:
>Fix a bug in out of tree building.
> 
> v9:
>Rebase and splitted out small fix patch for qemu.
> 
> v10:
>Rebased to upstream, adjusted libqblock build system according to Paolo's
> comments.
> 
> v11:
>Adjusting code in patch 4 to 7, details are in the child patch's commit
> message.
> 
> v12:
>Split a patch to add a function in stubs, other change are in patch 4 to 7
> commit messages.
> 
> v13:
>Moved another function into stubs, added xml rule in tests/makefile, little
> changes in patch 4, 6, 7.
> 
> v14:
>all: Rebased.
>1/10, 2/10: automatically call subdir's clean command if subdir's Makefile
> added $SUBDIR_CLEAN_RULES, so tests/Makefile do not need to be always 
> included,
> libqblock's rule can also use it.
>3/10: seperated patch for configure support, modified as libcacard's style.
>4/10: modifed as libcacard's rule.
>5/10: seperated patch, also changed a bit to be a mirror as libcacard's 
> rule.
>8/10: use bdrv_pread/bdrv_pwrite, instead of handling the buf allignment by
> libqblock itself. Removed libqblock-aio.c because most function are in
> block-obj-y now.
>9/10: seperated patch, use LINK instead of custom LT_LINK rule, and now
> libqblock.la is a dependence in the link rule of test program, to make
> LINK invoke libtool.
> 
> v15:
>1/9: merged from 1/10, 2/10 of previous version, and use dependce of 
> "clean"
> in sub Makefile instead of a intermedia variable.
>2/9: drop $TOOLS adding in libqblock's Makefile, the rule is added in 
> "all".

Re: [Qemu-devel] [PATCH v5 03/24] hw/arm: add Faraday FTINTC020 interrupt controller support

[Kuo-Jung Su]

2013/3/4 Peter Crosthwaite :
> Hi Kuo-Jung,
>
> On Mon, Mar 4, 2013 at 4:20 PM, Kuo-Jung Su  wrote:
>> 2013/3/2 Peter Crosthwaite :
>>> Hi Kuo-Jung,
> [Snip]
 +return s->irq_lvl[1];
 +case REG_EIRQSR:
 +return s->irq_src[1] & s->irq_ena[1];
 +
>>>
>>> AFAICT, index 0 of there arrays in for IRQ and index 1 is for EIRQ.
>>> Can you #define some symbols accrordingly and remove all the magic
>>> numberage with the [0]'s and [1]'s?
>>>
>>
>> Sure, the ftintc020 is going to be redesigned with the 'hw/pl190.c' as 
>> template.
>> And all the coding style issues would be updated.
>>
 +/*
 + * FIQ
 + */
 +case REG_FIQSRC:
 +return s->fiq_src[0];
 +case REG_FIQENA:
 +return s->fiq_ena[0];
 +case REG_FIQMDR:
 +return s->fiq_mod[0];
 +case REG_FIQLVR:
 +return s->fiq_lvl[0];
 +case REG_FIQSR:
 +return s->fiq_src[0] & s->fiq_ena[0];
 +case REG_EFIQSRC:
 +return s->fiq_src[1];
 +case REG_EFIQENA:
 +return s->fiq_ena[1];
 +case REG_EFIQMDR:
 +return s->fiq_mod[1];
 +case REG_EFIQLVR:
 +return s->fiq_lvl[1];
 +case REG_EFIQSR:
 +return s->fiq_src[1] & s->fiq_ena[1];
 +default:
 +qemu_log_mask(LOG_GUEST_ERROR,
 +  "ftintc020: undefined memory access@0x%llx\n", 
 addr);
 +return 0;
 +}
 +}
 +
 +static void
 +ftintc020_mem_write(void *opaque, hwaddr addr, uint64_t value, unsigned 
 size)
 +{
 +Ftintc020State *s = FTINTC020(opaque);
 +
 +switch (addr) {
 +/*
 + * IRQ
 + */
>>>
>>> Ok to use one line comment. And elsewhere
>>>
 +case REG_IRQENA:
 +s->irq_ena[0] = (uint32_t)value;
 +break;
 +case REG_IRQSCR:
 +value = ~(value & s->irq_mod[0]);
 +s->irq_src[0] &= (uint32_t)value;
 +break;
 +case REG_IRQMDR:
 +s->irq_mod[0] = (uint32_t)value;
 +break;
 +case REG_IRQLVR:
 +s->irq_lvl[0] = (uint32_t)value;
 +break;
 +case REG_EIRQENA:
 +s->irq_ena[1] = (uint32_t)value;
 +break;
 +case REG_EIRQSCR:
 +value = ~(value & s->irq_mod[1]);
 +s->irq_src[1] &= (uint32_t)value;
 +break;
 +case REG_EIRQMDR:
 +s->irq_mod[1] = (uint32_t)value;
 +break;
 +case REG_EIRQLVR:
 +s->irq_lvl[1] = (uint32_t)value;
 +break;
 +
 +/*
 + * FIQ
 + */
 +case REG_FIQENA:
 +s->fiq_ena[0] = (uint32_t)value;
 +break;
 +case REG_FIQSCR:
 +value = ~(value & s->fiq_mod[0]);
 +s->fiq_src[0] &= (uint32_t)value;
 +break;
 +case REG_FIQMDR:
 +s->fiq_mod[0] = (uint32_t)value;
 +break;
 +case REG_FIQLVR:
 +s->fiq_lvl[0] = (uint32_t)value;
 +break;
 +case REG_EFIQENA:
 +s->fiq_ena[1] = (uint32_t)value;
 +break;
 +case REG_EFIQSCR:
 +value = ~(value & s->fiq_mod[1]);
 +s->fiq_src[1] &= (uint32_t)value;
 +break;
 +case REG_EFIQMDR:
 +s->fiq_mod[1] = (uint32_t)value;
 +break;
 +case REG_EFIQLVR:
 +s->fiq_lvl[1] = (uint32_t)value;
 +break;
 +
 +/* don't care */
 +default:
 +qemu_log_mask(LOG_GUEST_ERROR,
 +  "ftintc020: undefined memory access@0x%llx\n", 
 addr);
 +return;
 +}
 +
 +ftintc020_update(s);
 +}
 +
 +static const MemoryRegionOps mmio_ops = {
 +.read  = ftintc020_mem_read,
 +.write = ftintc020_mem_write,
 +.endianness = DEVICE_LITTLE_ENDIAN,
 +.valid = {
 +.min_access_size = 4,
 +.max_access_size = 4,
 +}
 +};
 +
 +static void ftintc020_reset(DeviceState *ds)
 +{
 +SysBusDevice *busdev = SYS_BUS_DEVICE(ds);
 +Ftintc020State *s = FTINTC020(FROM_SYSBUS(Ftintc020State, busdev));
 +
 +s->irq_pin[0] = 0;
 +s->irq_pin[1] = 0;
 +s->fiq_pin[0] = 0;
 +s->fiq_pin[1] = 0;
 +
 +s->irq_src[0] = 0;
 +s->irq_src[1] = 0;
 +s->irq_ena[0] = 0;
 +s->irq_ena[1] = 0;
 +s->fiq_src[0] = 0;
 +s->fiq_src[1] = 0;
 +s->fiq_ena[0] = 0;
 +s->fiq_ena[1] = 0;
 +
 +ftintc020_update(s);
 +}
 +
 +qemu_irq *ftintc020_init(hwaddr base, ARMCPU *cpu)
>>>
>>> I'm not sure this is the right place for this, I think device creation
>>> helpers belong on the machine / SoC level. Keep the device model self
>>> contained an

Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Gerd Hoffmann]

> +/**
> + * A descriptor for a Uint32 that is part of guest accessible device state
> + * @ro: whether or not the bit is read-only state comming out of reset
> + * @w1c: bits with the common write 1 to clear semantic.

> + * @nw0: bits that cant be written with a 0 by the guest (sticky 1)
> + * @nw1: bits that cant be written with a 1 by the guest (sticky 0)

Why these?

reset=0 + ro=1 equals nw1=1
reset=1 + ro=1 equals nw0=1

> + * @width: width of the uint32t. Only the @width least significant bits are
> + * valid. All others are silent Read-as-reset/WI.

That's kida redundant with "ro" too.  I'd do it the other way around
btw:  Specify the writable bits instead of the read-only ones.  width=8
easily be written as wmask=0xff then.

cheers,
  Gerd

Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Peter Crosthwaite]

Hi Gerd,

On Mon, Mar 4, 2013 at 4:55 PM, Gerd Hoffmann  wrote:
>> +/**
>> + * A descriptor for a Uint32 that is part of guest accessible device state
>> + * @ro: whether or not the bit is read-only state comming out of reset
>> + * @w1c: bits with the common write 1 to clear semantic.
>
>> + * @nw0: bits that cant be written with a 0 by the guest (sticky 1)
>> + * @nw1: bits that cant be written with a 1 by the guest (sticky 0)
>
> Why these?
>
> reset=0 + ro=1 equals nw1=1
> reset=1 + ro=1 equals nw0=1
>

Some bits in my devices can only be written one-way they are either
"stuck on" once they are written, or only the hardware is allowed to
write the other way. Setting both nw0 and nw1 is equivalent to ro. In
the devcfg example, bits in the LOCK bits are sticky (the idea is once
the firmware locks them the booted system cant unlock them for
security and we want to test the firmware as a guest).

>> + * @width: width of the uint32t. Only the @width least significant bits are
>> + * valid. All others are silent Read-as-reset/WI.
>
> That's kida redundant with "ro" too.  I'd do it the other way around
> btw:  Specify the writable bits instead of the read-only ones.  width=8
> easily be written as wmask=0xff then.

In V2 ill be doing some work to make this more flexible regarding
widths to address Blues comments. Ill incorporate this as well, and I
think I can make it work getting rid of the width altogether.

Regards,
Peter

>
> cheers,
>   Gerd
>
>

Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Gerd Hoffmann]

  Hi,

>> For maximum flexibility, a callback could be specified but then we
>> overlap memory API.
> 
> I think this is a good idea, but continuing on the theme of what this
> API is trying to achieve I think there should be capability for
> per-bit function definitions. On the topic I think Gerd has played
> with the idea of per-register callbacks for some device models in the
> past.

hw/intel-hda.c is it.

Predates memory api though and thus doesn't integrated with it, although
it makes sense of course.  Could be as simple as a generic MemoryRegionOps.

I'm not sure it is that useful to have per-bit callbacks.  For "normal"
devices you rarely need that, and for gpio arrays probably want more
than just callbacks per bit (qemu_irqs for example).

cheers,
  Gerd

Re: [Qemu-devel] [RFC PATCH v1 2/4] bitops: Add UInt32StateInfo and helper functions

[Gerd Hoffmann]

  Hi,

>>> + * @nw0: bits that cant be written with a 0 by the guest (sticky 1)
>>> + * @nw1: bits that cant be written with a 1 by the guest (sticky 0)
>>
>> Why these?
>>
>> reset=0 + ro=1 equals nw1=1
>> reset=1 + ro=1 equals nw0=1
>>
> 
> Some bits in my devices can only be written one-way they are either
> "stuck on" once they are written, or only the hardware is allowed to
> write the other way.

Ah, ok.  Makes sense.  Can you make the description a bit more verbose
to clarify this?

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 1/2] qga: add guest-get-time command

[Lei Li]

On 03/02/2013 01:02 AM, Eric Blake wrote:

On 03/01/2013 02:32 AM, Lei Li wrote:

Signed-off-by: Lei Li 
---
  qga/commands-posix.c | 16 
  qga/qapi-schema.json | 16 
  2 files changed, 32 insertions(+)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 0ad73f3..f159e25 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -119,6 +119,22 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, 
Error **err)
  /* succeded */
  }
  
+int64_t qmp_guest_get_time(Error **errp)

+{
+   int ret;
+   qemu_timeval tq;
+   int64_t time_ns;
+
+   ret = qemu_gettimeofday(&tq);
+   if (ret < 0) {
+   error_setg_errno(errp, errno, "Failed to get time");
+   return -1;
+   }
+
+   time_ns = tq.tv_sec * 10LL + tq.tv_usec * 1000;

Is it worth a sanity check that the tv_sec scaling doesn't overflow?  Of
course, that won't happen until far into the future (well beyond the
2038 overflow of 32-bit seconds since Epoch), so it won't hit in OUR
lifetime, so I can look the other way.
  
  ##

+# @guest-get-time:
+#
+# Get the information about guest time relative to the Epoch
+# of 1970-01-01 in UTC/GMT.

UTC and GMT are not the same thing.  I'd drop the '/GMT'.
http://www.diffen.com/difference/GMT_vs_UTC


Oh, good to know! :)
Thanks.


+#
+# This command try to get the guest's notion of the current
+# time.

This sentence is redundant with the first one, and has grammar issues.
Drop it.


Sure.




+#
+# Returns: Time in nanoseconds on success.
+#
+# Since 1.5
+##
+{ 'command': 'guest-get-time',
+  'returns': 'int' }
+
+##
  # @GuestAgentCommandInfo:
  #
  # Information about guest agent commands.




--
Lei