Re: [Qemu-devel] [PATCH v2] cpu: implementing victim TLB for QEMUsystem emulated TLBB

[Paolo Bonzini]

Il 24/01/2014 23:32, BALATON Zoltan ha scritto:

On Fri, 24 Jan 2014, Alex Bennée wrote:

trent.t...@gmail.com writes:

Attaching data in excel which could not be sent with the patch at the
same time.




If you can attach the summary of the data as plain text that would be
useful. Not all of us have access to a Windows box with Excell!


Opens on LibreOffice as well but plain text is easier to read.

I wonder how much of the measured performance increase is due to the
increased effective cache size and how much is the reduction in number
of instructions by the victim TLB mechanism. Wouldn't it be a more fair
measurement to use a bigger TLB size for the TLB only case that matches
the effective size of the TLB+victim case instead of using the same TLB
size for both?


That's quite unlikely, the TLB size is 256 while TLB+victim is 264.

Paolo

Re: [Qemu-devel] [PATCH] ACPI: Add IRQ resource to HPET._CRS on Mac OS X

[Alexander Graf]

> Am 25.01.2014 um 01:09 schrieb "Gabriel L. Somlo" :
> 
> On Fri, Jan 24, 2014 at 10:18:04PM +0100, Alexander Graf wrote:
>>> In the mean time I updated the bootloader I was using (chameleon) to
>>> the latest svn (2345), and was able to bring up Lion in addition to
>>> SnowLeopard.
>> 
>> Did Chameleon patch this up itself in the dsdt maybe?
> 
> From a cursory pass through the Chameleon source, I don't think so.

Ok :). I only barely remember what Chameleon did on top of the normal Apple 
BIOS bootloader.

> 
> They do allow one to specify an alternate DSDT to load, but I'm not
> using that feature currently.
> 
> Once I finish trying all versions of OSX against all combinations
> of piix vs. q35 and up vs. smp, I'll give the Chameleon source a
> closer look: ultimately, it would be nice if we had something
> Chameleon-like that could be built on Linux (get OSX+Xcode out of
> the equation). Maybe getting the interesting bits submitted as patches
> against SeaBIOS and QEMU, wherever appropriate.

I disagree. Eventually we want to run TianoCore and just use Apple's EFI 
bootloader. With that we should be a lot more future proof.

> 
> Currently, I have SnowLeopard, Lion, and MountainLion working fine.
> MountainLion needs the 10.8.5 installer (10.8.0 installer hangs at
> boot).
> 
> Mavericks 10.9.0 installer boots and works fine, but the resulting hdd
> image, while bootable, hangs during boot. I want to try the latest
> Mavericks installer before moving on to isolate the bits of Chameleon
> magic that are relevant to us (QEMU+KVM).
> 
> That's about where things are right now :)

Nice progress :). Thanks a lot for taking care of all this!


Alex

> 
> Thanks,
> --Gabriel

Re: [Qemu-devel] QEMU ARM946 emulation, DIGIC, and MPU fault handling

[Georg Hofstetter]

Am 24.01.2014 09:31, schrieb Antony Pavlov:
> On Thu, 23 Jan 2014 22:25:36 +
> Peter Maydell  wrote:
> 
>> Since the 946 doesn't provide any way to find out what the fault
>> address actually was (it has no DFAR or IFAR) I presume that all
>> guest software treats a data abort or prefetch abort as a fatal error,
>> which is probably part of why nobody's ever noticed this.

Hi,

speaking for EOS models: indeed the original manufacturer's OS does not
handle these cases very different. They pick up the context (including
LR, the failing instruction), print an error message and kill the
failing task.

So at least the original OS does not use MPU systematically, like it
would be necessary for some kind of swapping etc.

BR,
Georg

Re: [Qemu-devel] [Qemu-trivial] [PULL 00/11] Trivial patches for 2014-01-16

[Michael Tokarev]

Ping?

We've a few more patches in the queue, should I drop the ones from previous
week?

Thanks,

/mjt

16.01.2014 21:35, Michael Tokarev wrote:
> There's nothing exciting in there, but we have some small bugfixes here and
> there, and a few cosmetic changes too.
> 
> This is my first signed pull request too, based on my regular GnuPG key which
> I use to sign Debian packages.
> 
> Please pull.
> 
> Thanks,
> 
> /mjt
> 
> The following changes since commit 1cf892ca2689c84960b4ce4d2723b6bee453711c:
> 
>   SPARC: Fix LEON3 power down instruction (2014-01-15 15:37:33 +1000)
> 
> are available in the git repository at:
> 
>   git://git.corpit.ru/qemu.git tags/trivial-patches-2014-01-16
> 
> for you to fetch changes up to 2c02d1ad48ad44cf00522df7d8de9138689fac85:
> 
>   vl: Add a blank space between the variable and '=' (2014-01-16 15:23:41 
> +0400)
> 
> 
> trivial-patches for 2014-01-16
> 
> 
> David du Colombier (1):
>   ide: cmd_exec_dev_diagnostic() always set error register to 0x01
> 
> Eduardo Habkost (1):
>   Add bios-256k.bin to BLOBS on Makefile
> 
> Kewei Yu (1):
>   vl: Add a blank space between the variable and '='
> 
> Luiz Capitulino (1):
>   virtio-balloon: don't hardcode config size value
> 
> Namhyung Kim (2):
>   docs: Fix typo in QMP WAKEUP example
>   Fix typo of tiemr in timer.h
> 
> Pavel Zbitskiy (3):
>   linux-user: fixed s390x clone() argument order
>   linux-user: fixed getsockopt() optlen
>   linux-user: fixed recvfrom() addrlen
> 
> Stefan Weil (2):
>   exec: Exclude non portable function for MinGW
>   pc-bios: Remove execute flag from BIOS files
> 
>  Makefile   |2 +-
>  docs/qmp/qmp-events.txt|2 +-
>  hw/ide/core.c  |1 +
>  hw/virtio/virtio-balloon.c |7 ---
>  include/exec/ram_addr.h|2 ++
>  include/qemu/timer.h   |6 +++---
>  linux-user/s390x/syscall.h |2 +-
>  linux-user/syscall.c   |4 ++--
>  pc-bios/kvmvapic.bin   |  Bin 9216 -> 9216 bytes
>  pc-bios/multiboot.bin  |  Bin 1024 -> 1024 bytes
>  pc-bios/sgabios.bin|  Bin 4096 -> 4096 bytes
>  vl.c   |2 +-
>  12 files changed, 16 insertions(+), 12 deletions(-)
>  mode change 100755 => 100644 pc-bios/kvmvapic.bin
>  mode change 100755 => 100644 pc-bios/multiboot.bin
>  mode change 100755 => 100644 pc-bios/sgabios.bin
> 

Re: [Qemu-devel] [PATCH v3 1/2] hw/net: add support for Allwinner EMAC Fast Ethernet controller

[Beniamino Galvani]

On Thu, Jan 23, 2014 at 11:04:32PM +1000, Peter Crosthwaite wrote:
> On Mon, Jan 20, 2014 at 9:25 AM, Beniamino Galvani  
> wrote:
> > This patch adds support for the Fast Ethernet MAC found on Allwinner
> > SoCs, together with a basic emulation of Realtek RTL8201CP PHY.
> >
> > Since there is no public documentation of the Allwinner controller, the
> > implementation is based on Linux kernel driver.
> >
> > Signed-off-by: Beniamino Galvani 
> > ---
> >  default-configs/arm-softmmu.mak |1 +
> >  hw/net/Makefile.objs|1 +
> >  hw/net/allwinner_emac.c |  589 
> > +++
> >  include/hw/net/allwinner_emac.h |  222 +++
> >  4 files changed, 813 insertions(+)
> >  create mode 100644 hw/net/allwinner_emac.c
> >  create mode 100644 include/hw/net/allwinner_emac.h
> >
> > diff --git a/default-configs/arm-softmmu.mak 
> > b/default-configs/arm-softmmu.mak
> > index ce1d620..f3513fa 100644
> > --- a/default-configs/arm-softmmu.mak
> > +++ b/default-configs/arm-softmmu.mak
> > @@ -27,6 +27,7 @@ CONFIG_SSI_SD=y
> >  CONFIG_SSI_M25P80=y
> >  CONFIG_LAN9118=y
> >  CONFIG_SMC91C111=y
> > +CONFIG_ALLWINNER_EMAC=y
> >  CONFIG_DS1338=y
> >  CONFIG_PFLASH_CFI01=y
> >  CONFIG_PFLASH_CFI02=y
> > diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
> > index 951cca3..75e80c2 100644
> > --- a/hw/net/Makefile.objs
> > +++ b/hw/net/Makefile.objs
> > @@ -18,6 +18,7 @@ common-obj-$(CONFIG_OPENCORES_ETH) += opencores_eth.o
> >  common-obj-$(CONFIG_XGMAC) += xgmac.o
> >  common-obj-$(CONFIG_MIPSNET) += mipsnet.o
> >  common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
> > +common-obj-$(CONFIG_ALLWINNER_EMAC) += allwinner_emac.o
> >
> >  common-obj-$(CONFIG_CADENCE) += cadence_gem.o
> >  common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
> > diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
> > new file mode 100644
> > index 000..4cad7e0
> > --- /dev/null
> > +++ b/hw/net/allwinner_emac.c
> > @@ -0,0 +1,589 @@
> > +/*
> > + * Emulation of Allwinner EMAC Fast Ethernet controller and
> > + * Realtek RTL8201CP PHY
> > + *
> > + * Copyright (C) 2014 Beniamino Galvani 
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation; either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU General Public License for more details.
> > + *
> > + */
> > +#include "hw/sysbus.h"
> > +#include "net/net.h"
> > +#include "hw/net/allwinner_emac.h"
> > +#include 
> > +
> > +static uint8_t padding[60];
> > +
> > +static void mii_set_link(RTL8201CPState *mii, bool link_ok)
> > +{
> > +if (link_ok) {
> > +mii->bmsr |= MII_BMSR_LINK_ST;
> > +mii->anlpar |= MII_ANAR_TXFD | MII_ANAR_10FD | MII_ANAR_10 |
> > +   MII_ANAR_CSMACD;
> > +} else {
> > +mii->bmsr &= ~MII_BMSR_LINK_ST;
> > +mii->anlpar = MII_ANAR_TX;
> > +}
> > +}
> > +
> > +static void mii_reset(RTL8201CPState *mii, bool link_ok)
> > +{
> > +mii->bmcr = MII_BMCR_FD | MII_BMCR_AUTOEN | MII_BMCR_SPEED;
> > +mii->bmsr = MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
> > +MII_BMSR_10T_HD | MII_BMSR_MFPS | MII_BMSR_AUTONEG;
> > +mii->anar = MII_ANAR_TXFD | MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
> > +MII_ANAR_CSMACD;
> > +mii->anlpar = MII_ANAR_TX;
> > +
> > +mii_set_link(mii, link_ok);
> > +}
> > +
> > +static uint16_t aw_emac_mdio_read(AwEmacState *s, uint8_t addr, uint8_t 
> > reg)
> 
> Drop the AW reference here (replace with "RTL8201").
> 
> > +{
> > +RTL8201CPState *mii = &s->mii;
> > +uint16_t ret = 0x;
> > +
> > +if (addr == s->phy_addr) {
> > +switch (reg) {
> > +case MII_BMCR:
> > +return mii->bmcr;
> > +case MII_BMSR:
> > +return mii->bmsr;
> > +case MII_PHYID1:
> > +return RTL8201CP_PHYID1;
> > +case MII_PHYID2:
> > +return RTL8201CP_PHYID2;
> > +case MII_ANAR:
> > +return mii->anar;
> > +case MII_ANLPAR:
> > +return mii->anlpar;
> > +case MII_ANER:
> > +case MII_NSR:
> > +case MII_LBREMR:
> > +case MII_REC:
> > +case MII_SNRDR:
> > +case MII_TEST:
> > +qemu_log_mask(LOG_UNIMP,
> > +  "allwinner_emac: read from unimpl. mii reg 
> > 0x%x\n",
> > +  reg);
> > +return 0;
> > +default:
> > +qemu_log_mask(LOG_GUEST_ERROR,
> > +  "allwinner_emac: read from invalid mii reg 
> > 0x%x\n",
>

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[rajan pathak]

OK,Peter Thanks.

I got your point,In my case SoC is from TI which uses cortexa-15 as CPU
core and example(Borad) would be keystone 2 EVM .


I guess I need to divide my emulation in three steps

1)Emulation of SoC
2)Emulation of board.
3)Emulation of Devices(Ethernet controller).

Please correct me if I am wrong .

Thanks
Rajan


On Fri, Jan 24, 2014 at 11:45 PM, Peter Crosthwaite <
peter.crosthwa...@xilinx.com> wrote:

> On Sat, Jan 25, 2014 at 5:18 PM, rajan pathak 
> wrote:
> > Thanks Andreas and Peter Crosthwate for your response .Your comments are
> > really helpful.
> >
> > What I understood of your answers that firstly, I need to have keystone
> > soc's initialized/emulated inside hw/arm,
>
> Yes.
>
> right(it would be equivalent of
> > adding machine model) ?
> >
>
> And no - SoC are not machine models. There are several violators of
> this rule in-tree including Zynq and Highbank off the top of my head.
> Our suggestion to look at Allwinner is because it is the most recently
> reviewed and accepted so it is stylistically up to date.
>
> Boards are machine models (more about that below) - you will need that too.
>
> > To what extent ,we should emulate the SoC ,is it only the CPU we need to
> > emulate?
> >
> > As Peter pointed out kernel in my case is Device tree driven rather board
> > files approach.
> >
> > Kernel compiled for Allwinner SoC uses Board files approach,So how
> different
> > it would to write machine model
> > in my case?
> >
>
> Not at all. That's a Kernel problem. We do have device tree support in
> QEMU from a bootloader point-of-view, but such kernel design
> descisions do not (or rather should not) flow-on to QEMU hardware
> emulation in any way. Just think about the hardware and the kernel is
> merely one of many possible softwares that could run on your model.
>
> > Can I reuse Allwinner SoC code to emulate Ketsone SoC?
> >
> > +static void aw_a10_init(Object *obj)
> > +{
> > +AwA10State *s = AW_A10(obj);
> > +DeviceState *dev;
> > +
> > +object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a8-"
> TYPE_ARM_CPU);
> > +object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
> > +
> > +object_initialize(&s->intc, sizeof(s->timer), TYPE_AW_A10_PIC);
> > +dev = DEVICE(&s->intc);
> > +qdev_set_parent_bus(dev, sysbus_get_default());
> > +
> > +object_initialize(&s->timer, sizeof(s->timer), TYPE_AW_A10_PIT);
> > +dev = DEVICE(&s->timer);
> > +qdev_set_parent_bus(dev, sysbus_get_default());
> > +}
> > +
> >
>
> Yes that looks like a good place to be reading - that is SoC level code.
>
> > Also,I didn't understand below lines from Andreas answer.
> >
> >
> >  >to use it you need a standard machine definition,
> >
> >> such as the EVMK2Hx in your case (some evaluation/reference board rather
> >
> >> than custom industry boards). Then test that code using a Linux (or
> >
> >> firmware or other OS) that runs on the real board
> >
>
> Do you have an easily-obtainable eval board that you are using or
> would ideally use for your work should you be doing this in real
> hardware? If so - that's what you should model. In Allwinners case,
> the one picked was the "cubieboard".
>
> Check the later versions of the allwinner series to see the clear
> separation of the three levels - Board, SoC and Devices.
> hw/arm/cubieboard.c is good reading WRT to this.
>
> Regards,
> Peter
>
> >
> > Thanks
> > Rajan
> >
> >
> >
> > .
> >
> >
> > On Fri, Jan 24, 2014 at 4:06 PM, Peter Crosthwaite
> >  wrote:
> >>
> >> On Fri, Jan 24, 2014 at 7:52 AM, Andreas Färber 
> wrote:
> >> > Am 23.01.2014 21:02, schrieb rajan pathak:
> >> >>> I'm not clear what you're trying to do here; could
> >> >>> you try rephrasing your question? Are you just trying
> >> >>> to use the existing working QEMU emulation of a
> >> >>> Cortex-A15 board and ethernet controller, or to do
> >> >>> something else?
> >> >>
> >> >> To be very specific I am trying to emulate Ethernet controller of
> >> >> KeyStone 2 device from TI
> >> >>
> >>
> >> Device tree driven Linux should minimise the pain of swapping ethernet
> >> drivers out to give you a guest that tests such a strange (and
> >> non-existant board). TBH, its not a bad starting point to:
> >>
> >> 1: Write your device model in hw/net
> >> 2: Take an ARM Linux port you know works on QEMU
> >> 3: Switch on your enet driver in Kconfig
> >> 4: Hack device tree to have your ethernet rather than the actual one
> >> 5: Hack qemu to have your ethernet instead of real one
> >> 6: Boot.
> >>
> >> But Andreas is right. To do it properly you really need to get the
> >> machine model for your actual system going.
> >>
> >> >>
> >> >>
> http://processors.wiki.ti.com/index.php/MCSDK_User_Guide_for_KeyStone_II
> >> >>
> >> >> It is based on CortexA-15 Processor series. So I thought I can use
> >> >> vexpress_defconfig and can call
> >> >> my Emulated Ethernet controller instead of LAN9118 from vexpress.c.
> >> >>
> >>
> >> Why is the ARM variant really re

[Qemu-devel] Fwd: Why does this work on kvm but not soft emulation?

[Aryeh Friedman]

-- Forwarded message --
From: Aryeh Friedman 
Date: Fri, Jan 24, 2014 at 12:19 PM
Subject: Why does this work on kvm but not soft emulation?
To: qemu-disc...@nongnu.org


First 3 steps are on Intel running Ubunutu 12.04.3 LTS the rest are on AMD
running FreeBSD 10-RELEASE

1. I create 10G drive (raw file format)
2. I install ubuntu onto it with:

#!/bin/bash
#
# Handwritten script

# Net set up
bridge=br0
tap=$(sudo tunctl -u $(whoami) -b)
ip link set $tap up
sleep 1s
brctl addif $bridge $tap

# call hyper v
kvm -drive format=raw,if=virtio,file=ubu -net nic,vlan=0,model=virtio -net
tap,vlan=0,ifname=$tap,script=no -m 4096 -smb 3 -vnc :0 -disp
lay none -cdrom ubu.iso

# net break down
brctl delif $bridge $tap
ip link set $tap down
tunctl -d $tap

3. Shut down the VM from within the guest OS and kill the process

4. Copy the disk image over to the FreeBSD machine and start it with:


#!/bin/sh
#
# Generated by PetiteCloud

ifconfig tap37 destroy
ifconfig tap37 create
ifconfig tap37 up
sleep 5
ifconfig bridge0 addm tap37 up

qemu-system-x86_64 -drive format=raw,if=virtio,file=ubu -net
nic,model=virtio -net tap,ifname=tap37 -smb 1 -m 2048 -vnc :0 -display none
echo $!>/var/run/petitecloud/rc5adn3358

5. The guest OS gets as far as disk checks and then dies (this does not
happen under kvm)

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org



-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org

[Qemu-devel] Why does this work on kvm but not soft emulation?

[Aryeh Friedman]

First 3 steps are on Intel running Ubunutu 12.04.3 LTS the rest are on AMD
running FreeBSD 10-RELEASE

1. I create 10G drive (raw file format)
2. I install ubuntu onto it with:

#!/bin/bash
#
# Handwritten script

# Net set up
bridge=br0
tap=$(sudo tunctl -u $(whoami) -b)
ip link set $tap up
sleep 1s
brctl addif $bridge $tap

# call hyper v
kvm -drive format=raw,if=virtio,file=ubu -net nic,vlan=0,model=virtio -net
tap,vlan=0,ifname=$tap,script=no -m 4096 -smb 3 -vnc :0 -disp
lay none -cdrom ubu.iso

# net break down
brctl delif $bridge $tap
ip link set $tap down
tunctl -d $tap

3. Shut down the VM from within the guest OS and kill the process

4. Copy the disk image over to the FreeBSD machine and start it with:


#!/bin/sh
#
# Generated by PetiteCloud

ifconfig tap37 destroy
ifconfig tap37 create
ifconfig tap37 up
sleep 5
ifconfig bridge0 addm tap37 up

qemu-system-x86_64 -drive format=raw,if=virtio,file=ubu -net
nic,model=virtio -net tap,ifname=tap37 -smb 1 -m 2048 -vnc :0 -display none
echo $!>/var/run/petitecloud/rc5adn3358

5. The guest OS gets as far as disk checks and then dies (this does not
happen under kvm)

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org

[Qemu-devel] [PATCH] readline: Add missing GCC_FMT_ATTR

[Stefan Weil]

This fixes a compiler warning with -Werror=missing-format-attribute
and allows improved compiler checks for variable argument lists.

Signed-off-by: Stefan Weil 
---
 include/qemu/readline.h |3 ++-
 monitor.c   |3 ++-
 qemu-io.c   |3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/include/qemu/readline.h b/include/qemu/readline.h
index a89fe4a..49efe4e 100644
--- a/include/qemu/readline.h
+++ b/include/qemu/readline.h
@@ -5,7 +5,8 @@
 #define READLINE_MAX_CMDS 64
 #define READLINE_MAX_COMPLETIONS 256
 
-typedef void ReadLinePrintfFunc(void *opaque, const char *fmt, ...);
+typedef void GCC_FMT_ATTR(2, 3) ReadLinePrintfFunc(void *opaque,
+   const char *fmt, ...);
 typedef void ReadLineFlushFunc(void *opaque);
 typedef void ReadLineFunc(void *opaque, const char *str,
   void *readline_opaque);
diff --git a/monitor.c b/monitor.c
index 80456fb..5ba541d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4888,7 +4888,8 @@ static void sortcmdlist(void)
 /* These functions just adapt the readline interface in a typesafe way.  We
  * could cast function pointers but that discards compiler checks.
  */
-static void monitor_readline_printf(void *opaque, const char *fmt, ...)
+static void GCC_FMT_ATTR(2, 3) monitor_readline_printf(void *opaque,
+   const char *fmt, ...)
 {
 va_list ap;
 va_start(ap, fmt);
diff --git a/qemu-io.c b/qemu-io.c
index d669028..7f459d8 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -219,7 +219,8 @@ static char *get_prompt(void)
 return prompt;
 }
 
-static void readline_printf_func(void *opaque, const char *fmt, ...)
+static void GCC_FMT_ATTR(2, 3) readline_printf_func(void *opaque,
+const char *fmt, ...)
 {
 va_list ap;
 va_start(ap, fmt);
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH v2 6/8] target-arm: A64: Add integer ops from SIMD 3-same group

[Peter Maydell]

On 23 January 2014 15:28, Peter Maydell  wrote:
> Add some of the integer operations in the SIMD 3-same group:
> specifically, the comparisons, addition and subtraction.
>

> @@ -6040,7 +6062,141 @@ static void disas_simd_3same_float(DisasContext *s, 
> uint32_t insn)
>  /* Integer op subgroup of C3.6.16. */
>  static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
>  {
> -unsupported_encoding(s, insn);
> +int is_q = extract32(insn, 30, 1);
> +int u = extract32(insn, 29, 1);
> +int size = extract32(insn, 22, 2);
> +int opcode = extract32(insn, 11, 5);
> +int rm = extract32(insn, 16, 5);
> +int rn = extract32(insn, 5, 5);
> +int rd = extract32(insn, 0, 5);
> +int pass;
> +
> +switch (opcode) {
> +case 0x13: /* MUL, PMUL */
> +if (u && size != 0) {
> +unallocated_encoding(s);
> +return;
> +}
> +/* fall through */
> +case 0x0: /* SHADD, UHADD */
> +case 0x2: /* SRHADD, URHADD */
> +case 0x4: /* SHSUB, UHSUB */
> +case 0xc: /* SMAX, UMAX */
> +case 0xd: /* SMIN, UMIN */
> +case 0xe: /* SABD, UABD */
> +case 0xf: /* SABA, UABA */
> +case 0x12: /* MLA, MLS */
> +if (size == 3) {
> +unallocated_encoding(s);
> +return;
> +}
> +unsupported_encoding(s, insn);
> +return;
> +case 0x1: /* SQADD */
> +case 0x5: /* SQSUB */
> +case 0x8: /* SSHL, USHL */
> +case 0x9: /* SQSHL, UQSHL */
> +case 0xa: /* SRSHL, URSHL */
> +case 0xb: /* SQRSHL, UQRSHL */
> +if (size == 3 && !is_q) {
> +unallocated_encoding(s);
> +return;
> +}
> +unsupported_encoding(s, insn);
> +return;
> +default:
> +if (size == 3 && !is_q) {
> +unallocated_encoding(s);
> +return;
> +}
> +break;
> +}

Just noticed this switch is missing a case:
case 0x16: /* SQDMULH, SQRDMULH */
if (size == 0 || size == 3) {
unallocated_encoding(s);
return;
}
break;

thanks
-- PMM

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[rajan pathak]

Also, I am just wondering why anyone hasn't suggested me to look into TI
OMAP emulation code present in QEMU.



Thanks
Rajan


On Sat, Jan 25, 2014 at 5:52 AM, rajan pathak wrote:

> OK,Peter Thanks.
>
> I got your point,In my case SoC is from TI which uses cortexa-15 as CPU
> core and example(Borad) would be keystone 2 EVM .
>
>
> I guess I need to divide my emulation in three steps
>
> 1)Emulation of SoC
> 2)Emulation of board.
> 3)Emulation of Devices(Ethernet controller).
>
> Please correct me if I am wrong .
>
> Thanks
> Rajan
>
>
> On Fri, Jan 24, 2014 at 11:45 PM, Peter Crosthwaite <
> peter.crosthwa...@xilinx.com> wrote:
>
>> On Sat, Jan 25, 2014 at 5:18 PM, rajan pathak 
>> wrote:
>> > Thanks Andreas and Peter Crosthwate for your response .Your comments are
>> > really helpful.
>> >
>> > What I understood of your answers that firstly, I need to have keystone
>> > soc's initialized/emulated inside hw/arm,
>>
>> Yes.
>>
>> right(it would be equivalent of
>> > adding machine model) ?
>> >
>>
>> And no - SoC are not machine models. There are several violators of
>> this rule in-tree including Zynq and Highbank off the top of my head.
>> Our suggestion to look at Allwinner is because it is the most recently
>> reviewed and accepted so it is stylistically up to date.
>>
>> Boards are machine models (more about that below) - you will need that
>> too.
>>
>> > To what extent ,we should emulate the SoC ,is it only the CPU we need to
>> > emulate?
>> >
>> > As Peter pointed out kernel in my case is Device tree driven rather
>> board
>> > files approach.
>> >
>> > Kernel compiled for Allwinner SoC uses Board files approach,So how
>> different
>> > it would to write machine model
>> > in my case?
>> >
>>
>> Not at all. That's a Kernel problem. We do have device tree support in
>> QEMU from a bootloader point-of-view, but such kernel design
>> descisions do not (or rather should not) flow-on to QEMU hardware
>> emulation in any way. Just think about the hardware and the kernel is
>> merely one of many possible softwares that could run on your model.
>>
>> > Can I reuse Allwinner SoC code to emulate Ketsone SoC?
>> >
>> > +static void aw_a10_init(Object *obj)
>> > +{
>> > +AwA10State *s = AW_A10(obj);
>> > +DeviceState *dev;
>> > +
>> > +object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a8-"
>> TYPE_ARM_CPU);
>> > +object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
>> > +
>> > +object_initialize(&s->intc, sizeof(s->timer), TYPE_AW_A10_PIC);
>> > +dev = DEVICE(&s->intc);
>> > +qdev_set_parent_bus(dev, sysbus_get_default());
>> > +
>> > +object_initialize(&s->timer, sizeof(s->timer), TYPE_AW_A10_PIT);
>> > +dev = DEVICE(&s->timer);
>> > +qdev_set_parent_bus(dev, sysbus_get_default());
>> > +}
>> > +
>> >
>>
>> Yes that looks like a good place to be reading - that is SoC level code.
>>
>> > Also,I didn't understand below lines from Andreas answer.
>> >
>> >
>> >  >to use it you need a standard machine definition,
>> >
>> >> such as the EVMK2Hx in your case (some evaluation/reference board
>> rather
>> >
>> >> than custom industry boards). Then test that code using a Linux (or
>> >
>> >> firmware or other OS) that runs on the real board
>> >
>>
>> Do you have an easily-obtainable eval board that you are using or
>> would ideally use for your work should you be doing this in real
>> hardware? If so - that's what you should model. In Allwinners case,
>> the one picked was the "cubieboard".
>>
>> Check the later versions of the allwinner series to see the clear
>> separation of the three levels - Board, SoC and Devices.
>> hw/arm/cubieboard.c is good reading WRT to this.
>>
>> Regards,
>> Peter
>>
>> >
>> > Thanks
>> > Rajan
>> >
>> >
>> >
>> > .
>> >
>> >
>> > On Fri, Jan 24, 2014 at 4:06 PM, Peter Crosthwaite
>> >  wrote:
>> >>
>> >> On Fri, Jan 24, 2014 at 7:52 AM, Andreas Färber 
>> wrote:
>> >> > Am 23.01.2014 21:02, schrieb rajan pathak:
>> >> >>> I'm not clear what you're trying to do here; could
>> >> >>> you try rephrasing your question? Are you just trying
>> >> >>> to use the existing working QEMU emulation of a
>> >> >>> Cortex-A15 board and ethernet controller, or to do
>> >> >>> something else?
>> >> >>
>> >> >> To be very specific I am trying to emulate Ethernet controller of
>> >> >> KeyStone 2 device from TI
>> >> >>
>> >>
>> >> Device tree driven Linux should minimise the pain of swapping ethernet
>> >> drivers out to give you a guest that tests such a strange (and
>> >> non-existant board). TBH, its not a bad starting point to:
>> >>
>> >> 1: Write your device model in hw/net
>> >> 2: Take an ARM Linux port you know works on QEMU
>> >> 3: Switch on your enet driver in Kconfig
>> >> 4: Hack device tree to have your ethernet rather than the actual one
>> >> 5: Hack qemu to have your ethernet instead of real one
>> >> 6: Boot.
>> >>
>> >> But Andreas is right. To do it properly you really need to get the
>> >> machine model for your actual system goi

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[Peter Maydell]

On 25 January 2014 19:17, rajan pathak  wrote:
> Also, I am just wondering why anyone hasn't suggested me to look into TI
> OMAP emulation code present in QEMU.

Because it's pretty elderly and only supports up to OMAP2 (there's
some OMAP3 support out of tree).

Why do you need a model of this specific ethernet controller,
by the way?

thanks
-- PMM

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[rajan pathak]

Thanks Peter for addressing this query.

There is no specific reason going for this particular model of Ethernet
controller.

Its just that I wanted to learn it and off late I worked with Key Stone SoC
.

Also,can I use reuse some code from TI OMAP2 emulation to emulate basic
part of KeyStone SoC.

What are minimum components/Device emulation required to emulate Ethernet
Controller in my case?

Thanks
Rajan.





On Sat, Jan 25, 2014 at 11:25 AM, Peter Maydell wrote:

> On 25 January 2014 19:17, rajan pathak  wrote:
> > Also, I am just wondering why anyone hasn't suggested me to look into TI
> > OMAP emulation code present in QEMU.
>
> Because it's pretty elderly and only supports up to OMAP2 (there's
> some OMAP3 support out of tree).
>
> Why do you need a model of this specific ethernet controller,
> by the way?
>
> thanks
> -- PMM
>

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[Andreas Färber]

Rajan,

You'll need to follow a few basic rules here working with our busy
community: Please don't send HTML-formatted replies and please don't
top-post, to make it easier for other people to understand the context.

Am 25.01.2014 20:47, schrieb rajan pathak:
> There is no specific reason going for this particular model of Ethernet
> controller.
> 
> Its just that I wanted to learn it and off late I worked with Key Stone
> SoC .
> 
> Also,can I use reuse some code from TI OMAP2 emulation to emulate basic
> part of KeyStone SoC.
> 
> What are minimum components/Device emulation required to emulate
> Ethernet Controller in my case?

Look, if we had all the time to analyze and implement all SoCs that are
out there, then KeyStone II would already be implemented and we wouldn't
be having this conversation in the first place. Reading the reference
manual and/or Linux driver code is part of the implementation job - you
can't expect us to know. We've been pointing you to how to implement a
SoC in general so that it not only works on your local machine but will
also be maintainable for us and thereby acceptable to include in the
main project. You've been therefore pointed to modern examples rather
than ancient, known-buggy, overly complicated code. Since the Allwinner
A10 is a Cortex-A8 and the DIGIC is ARM9, you'll need to look at some
other examples closer to Cortex-A15, too, possibly Versatile Express and
Midway. And this being an Open Source project, no one is stopping you
from reading OMAP2 code. You just can't copy 1:1 from there for good
results. Another example you can peek at for modern Cortex-A* MPCore
usage is my Cortex-A9 based Tegra2 emulation [1] (but beware, if it were
complete and 100% cleaned up, it would be in mainline already ;)).

Let me explain more verbosely why I pointed you to a proper SoC
implementation, hopefully that answers part of your question. In a PC
world you can just mix and match PCI ethernet cards with CPUs of
different vendors, using -device command line. For SoCs that doesn't
work, someone - the SoC device in modern code or formerly functions -
needs to wire the components together. And even if -device worked, MMIO
addresses or IRQ configuration might collide when mixing components of
different SoCs. Therefore it's cleaner, safer and more generally useful
to build from the bottom up. That is, CPU core, MPCore (which will
include GIC) - so far you can reuse existing code in a "Lego" manner -,
UART for testing output, your actual ethernet controller and possibly
anything its implementation or a stripped-down Linux guest turns out
depending on. If you're lucky then you can reuse an existing UART if TI
reused IP or a standardized register interface someone already
implemented, same for ethernet but less likely.

By contrast, implementing the C66x DSP engines is going to be virtually
impossible today (unless you model them as a blackbox for a fixed
firmware, which would be use case specific).

To avoid complications later, [2] may be a good read in advance, in
particular the sections on splitting up patches for review and not
including unrelated bits. Feel free to send early RFC patches, people
are usually happier to discuss patches than theory. :) [3] may serve as
intro to model writing and [4] summarizes some more recent guidelines.

Hope that helps get you started,

Andreas

[1] http://repo.or.cz/w/qemu/afaerber.git/shortlog/refs/heads/tegra
[2] http://wiki.qemu.org/Contribute/SubmitAPatch
[3] http://www.linux-kvm.org/wiki/images/f/f6/2012-forum-QOM_CPU.pdf
[4] http://wiki.qemu.org/QOMConventions

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] Emulating Ethernet controller based on Cortex-A15 platforms

[Peter Maydell]

On 25 January 2014 19:47, rajan pathak  wrote:
> There is no specific reason going for this particular model of Ethernet
> controller.
>
> Its just that I wanted to learn it and off late I worked with Key Stone SoC

If this is a learning exercise in how to write QEMU device models
rather than a specific requirement for this exact ethernet controller,
you may find it better to look at adding some missing device to
one of our existing board models. This will:
 (a) be a much simpler and smaller piece of work, because you only
 need to implement a single device, not an entire large and
 complex SoC
 (b) be useful to other people who are already using
 that QEMU board model

Or you could model a PCI ethernet card, which will then be
usable with any QEMU board which has a PCI controller
(this is less generally useful to the community though since
we already have several good PCI ethernet card models).

thanks
-- PMM

[Qemu-devel] [PULL 1/5] disas/i386.c: disassemble movbe instruction

[Richard Henderson]

From: Aurelien Jarno 

Signed-off-by: Aurelien Jarno 
Signed-off-by: Richard Henderson 
---
 disas/i386.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/disas/i386.c b/disas/i386.c
index 47f1f2e..044e02c 100644
--- a/disas/i386.c
+++ b/disas/i386.c
@@ -2632,17 +2632,17 @@ static const struct dis386 prefix_user_table[][4] = {
 
   /* PREGRP87 */
   {
+{ "movbe", { Gv, Ev } },
 { "(bad)", { XX } },
-{ "(bad)", { XX } },
-{ "(bad)", { XX } },
+{ "movbe", { Gv, Ev } },
 { "crc32", { Gdq, { CRC32_Fixup, b_mode } } },
   },
 
   /* PREGRP88 */
   {
+{ "movbe", { Ev, Gv } },
 { "(bad)", { XX } },
-{ "(bad)", { XX } },
-{ "(bad)", { XX } },
+{ "movbe", { Ev, Gv } },
 { "crc32", { Gdq, { CRC32_Fixup, v_mode } } },
   },
 
-- 
1.8.5.3

[Qemu-devel] [PULL 0/5] tcg/i386 movbe support

[Richard Henderson]

This is mostly Aurelien's patch series, with a few tweaks:

In patch 3, rename P_EXT2 to P_EXT38, as I thing that's less
arbitrary for the 0x0f 0x38 prefix.

In patch 4, use a "movop" local variable to reduce code duplication.

Tested with ppc64 and sparc images on a Haswell host.


r~


The following changes since commit 0169c511554cb0014a00290b0d3d26c31a49818f:

  Merge remote-tracking branch 'qemu-kvm/uq/master' into staging (2014-01-24 
15:52:44 -0800)

are available in the git repository at:


  git://github.com/rth7680/qemu.git tcg-movbe

for you to fetch changes up to 2d23d5edb5b23849c668dd729e4da7b2c63b163b:

  tcg/i386: cleanup useless #ifdef (2014-01-25 15:21:33 -0800)


Aurelien Jarno (5):
  disas/i386.c: disassemble movbe instruction
  tcg/i386: remove hardcoded P_REXW value
  tcg/i386: add support for three-byte opcodes
  tcg/i386: use movbe instruction in qemu_ldst routines
  tcg/i386: cleanup useless #ifdef

 disas/i386.c  |   8 +--
 tcg/i386/tcg-target.c | 145 +-
 2 files changed, 101 insertions(+), 52 deletions(-)

[Qemu-devel] [PULL 3/5] tcg/i386: add support for three-byte opcodes

[Richard Henderson]

From: Aurelien Jarno 

Add support for three-byte opcodes, starting with the 0x0f 0x38 prefix.
Use P_EXT38 as the new constant, and shift all other constants so that
P_EXT and P_EXT38 have neighbouring values.

Signed-off-by: Aurelien Jarno 
[RTH: Changed the name from P_EXT2 to P_EXT38.]
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 24 
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 753b3a1..7161fe0 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -240,13 +240,14 @@ static inline int tcg_target_const_match(tcg_target_long 
val,
 #endif
 
 #define P_EXT  0x100   /* 0x0f opcode prefix */
-#define P_DATA16   0x200   /* 0x66 opcode prefix */
+#define P_EXT38 0x200   /* 0x0f 0x38 opcode prefix */
+#define P_DATA160x400   /* 0x66 opcode prefix */
 #if TCG_TARGET_REG_BITS == 64
-# define P_ADDR32  0x400   /* 0x67 opcode prefix */
-# define P_REXW0x800   /* Set REX.W = 1 */
-# define P_REXB_R  0x1000  /* REG field as byte register */
-# define P_REXB_RM 0x2000  /* R/M field as byte register */
-# define P_GS   0x4000  /* gs segment override */
+# define P_ADDR32   0x800   /* 0x67 opcode prefix */
+# define P_REXW 0x1000  /* Set REX.W = 1 */
+# define P_REXB_R   0x2000  /* REG field as byte register */
+# define P_REXB_RM  0x4000  /* R/M field as byte register */
+# define P_GS   0x8000  /* gs segment override */
 #else
 # define P_ADDR32  0
 # define P_REXW0
@@ -398,9 +399,13 @@ static void tcg_out_opc(TCGContext *s, int opc, int r, int 
rm, int x)
 tcg_out8(s, (uint8_t)(rex | 0x40));
 }
 
-if (opc & P_EXT) {
+if (opc & (P_EXT | P_EXT38)) {
 tcg_out8(s, 0x0f);
+if (opc & P_EXT38) {
+tcg_out8(s, 0x38);
+}
 }
+
 tcg_out8(s, opc);
 }
 #else
@@ -409,8 +414,11 @@ static void tcg_out_opc(TCGContext *s, int opc)
 if (opc & P_DATA16) {
 tcg_out8(s, 0x66);
 }
-if (opc & P_EXT) {
+if (opc & (P_EXT | P_EXT38)) {
 tcg_out8(s, 0x0f);
+if (opc & P_EXT38) {
+tcg_out8(s, 0x38);
+}
 }
 tcg_out8(s, opc);
 }
-- 
1.8.5.3

[Qemu-devel] [PULL 4/5] tcg/i386: use movbe instruction in qemu_ldst routines

[Richard Henderson]

From: Aurelien Jarno 

The movbe instruction has been added on some Intel Atom CPUs and on
recent Intel Haswell CPUs. It allows to load/store a value and at the
same time bswap it.

This patch detects the avaibility of this instruction and when available
use it in the qemu load/store routines in replacement of load/store +
bswap. Note that for 16-bit unsigned loads, movbe + movzw is basically the
same as movzw + bswap, so the patch doesn't touch this case.

Signed-off-by: Aurelien Jarno 
[RTH: Reduced the number of conditionals using "movop".]
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 117 ++
 1 file changed, 80 insertions(+), 37 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 7161fe0..db0039a 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -99,18 +99,31 @@ static const int tcg_target_call_oarg_regs[] = {
 # define TCG_REG_L1 TCG_REG_EDX
 #endif
 
+/* The host compiler should supply  to enable runtime features
+   detection, as we're not going to go so far as our own inline assembly.
+   If not available, default values will be assumed.  */
+#if defined(CONFIG_CPUID_H)
+#include 
+#endif
+
 /* For 32-bit, we are going to attempt to determine at runtime whether cmov
-   is available.  However, the host compiler must supply , as we're
-   not going to go so far as our own inline assembly.  */
+   is available.  */
 #if TCG_TARGET_REG_BITS == 64
 # define have_cmov 1
 #elif defined(CONFIG_CPUID_H)
-#include 
 static bool have_cmov;
 #else
 # define have_cmov 0
 #endif
 
+/* If bit_MOVBE is defined in cpuid.h (added in GCC version 4.6), we are
+   going to attempt to determine at runtime whether movbe is available.  */
+#if defined(CONFIG_CPUID_H) && defined(bit_MOVBE)
+static bool have_movbe;
+#else
+# define have_movbe 0
+#endif
+
 static uint8_t *tb_ret_addr;
 
 static void patch_reloc(uint8_t *code_ptr, int type,
@@ -280,6 +293,8 @@ static inline int tcg_target_const_match(tcg_target_long 
val,
 #define OPC_MOVB_EvIz   (0xc6)
 #define OPC_MOVL_EvIz  (0xc7)
 #define OPC_MOVL_Iv (0xb8)
+#define OPC_MOVBE_GyMy  (0xf0 | P_EXT38)
+#define OPC_MOVBE_MyGy  (0xf1 | P_EXT38)
 #define OPC_MOVSBL (0xbe | P_EXT)
 #define OPC_MOVSWL (0xbf | P_EXT)
 #define OPC_MOVSLQ (0x63 | P_REXW)
@@ -1344,7 +1359,14 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg 
datalo, TCGReg datahi,
TCGReg base, intptr_t ofs, int seg,
TCGMemOp memop)
 {
-const TCGMemOp bswap = memop & MO_BSWAP;
+const TCGMemOp real_bswap = memop & MO_BSWAP;
+TCGMemOp bswap = real_bswap;
+int movop = OPC_MOVL_GvEv;
+
+if (have_movbe && real_bswap) {
+bswap = 0;
+movop = OPC_MOVBE_GyMy;
+}
 
 switch (memop & MO_SSIZE) {
 case MO_UB:
@@ -1355,14 +1377,19 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 break;
 case MO_UW:
 tcg_out_modrm_offset(s, OPC_MOVZWL + seg, datalo, base, ofs);
-if (bswap) {
+if (real_bswap) {
 tcg_out_rolw_8(s, datalo);
 }
 break;
 case MO_SW:
-if (bswap) {
-tcg_out_modrm_offset(s, OPC_MOVZWL + seg, datalo, base, ofs);
-tcg_out_rolw_8(s, datalo);
+if (real_bswap) {
+if (have_movbe) {
+tcg_out_modrm_offset(s, OPC_MOVBE_GyMy + P_DATA16 + seg,
+ datalo, base, ofs);
+} else {
+tcg_out_modrm_offset(s, OPC_MOVZWL + seg, datalo, base, ofs);
+tcg_out_rolw_8(s, datalo);
+}
 tcg_out_modrm(s, OPC_MOVSWL + P_REXW, datalo, datalo);
 } else {
 tcg_out_modrm_offset(s, OPC_MOVSWL + P_REXW + seg,
@@ -1370,16 +1397,18 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 }
 break;
 case MO_UL:
-tcg_out_modrm_offset(s, OPC_MOVL_GvEv + seg, datalo, base, ofs);
+tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
 if (bswap) {
 tcg_out_bswap32(s, datalo);
 }
 break;
 #if TCG_TARGET_REG_BITS == 64
 case MO_SL:
-if (bswap) {
-tcg_out_modrm_offset(s, OPC_MOVL_GvEv + seg, datalo, base, ofs);
-tcg_out_bswap32(s, datalo);
+if (real_bswap) {
+tcg_out_modrm_offset(s, movop + seg, datalo, base, ofs);
+if (bswap) {
+tcg_out_bswap32(s, datalo);
+}
 tcg_out_ext32s(s, datalo, datalo);
 } else {
 tcg_out_modrm_offset(s, OPC_MOVSLQ + seg, datalo, base, ofs);
@@ -1388,27 +1417,22 @@ static void tcg_out_qemu_ld_direct(TCGContext *s, 
TCGReg datalo, TCGReg datahi,
 #endif
 case MO_Q:
 if (TCG_TARGET_REG_BITS == 64) {
-tcg_out_modrm_offset(s, OPC_MOVL_GvEv + P_REXW + seg,
-  

[Qemu-devel] [PULL 2/5] tcg/i386: remove hardcoded P_REXW value

[Richard Henderson]

From: Aurelien Jarno 

P_REXW is defined has a constant at the beginning of i386/tcg-target.c,
but the corresponding bit is later used in a harcoded way, which defeat
the purpose of a constant.

Fix that by using a conditional expression operator instead of a shift.
On x86 this actually makes the code slightly smaller as GCC does in
practice (opc >> 8) & 8 instead of (opc & 0x800) >> 8 so the constants
are smaller to load.

Signed-off-by: Aurelien Jarno 
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 495b901..753b3a1 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -381,7 +381,7 @@ static void tcg_out_opc(TCGContext *s, int opc, int r, int 
rm, int x)
 }
 
 rex = 0;
-rex |= (opc & P_REXW) >> 8;/* REX.W */
+rex |= (opc & P_REXW) ? 0x8 : 0x0;  /* REX.W */
 rex |= (r & 8) >> 1;   /* REX.R */
 rex |= (x & 8) >> 2;   /* REX.X */
 rex |= (rm & 8) >> 3;  /* REX.B */
-- 
1.8.5.3

[Qemu-devel] [PULL 5/5] tcg/i386: cleanup useless #ifdef

[Richard Henderson]

From: Aurelien Jarno 

TCG_TARGET_HAS_movcond_i32 is always defined to 1 in tcg-target.h, so
remove the corresponding #ifdef #endif sequence, left from a previous
refactoring.

Signed-off-by: Aurelien Jarno 
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index db0039a..5d4cf93 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -2026,9 +2026,7 @@ static const TCGTargetOpDef x86_op_defs[] = {
 { INDEX_op_setcond_i32, { "q", "r", "ri" } },
 
 { INDEX_op_deposit_i32, { "Q", "0", "Q" } },
-#if TCG_TARGET_HAS_movcond_i32
 { INDEX_op_movcond_i32, { "r", "r", "ri", "r", "0" } },
-#endif
 
 { INDEX_op_mulu2_i32, { "a", "d", "a", "r" } },
 { INDEX_op_muls2_i32, { "a", "d", "a", "r" } },
-- 
1.8.5.3

Re: [Qemu-devel] [PATCH v3 2/2] hw/arm/allwinner-a10: initialize EMAC

[Andreas Färber]

Am 20.01.2014 00:25, schrieb Beniamino Galvani:
> Signed-off-by: Beniamino Galvani 
> ---
>  hw/arm/allwinner-a10.c |   16 
>  hw/arm/cubieboard.c|7 +++
>  include/hw/arm/allwinner-a10.h |3 +++
>  3 files changed, 26 insertions(+)
> 
> diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
> index 4658e19..416cd49 100644
> --- a/hw/arm/allwinner-a10.c
> +++ b/hw/arm/allwinner-a10.c
> @@ -31,6 +31,13 @@ static void aw_a10_init(Object *obj)
>  
>  object_initialize(&s->timer, sizeof(s->timer), TYPE_AW_A10_PIT);
>  qdev_set_parent_bus(DEVICE(&s->timer), sysbus_get_default());
> +
> +object_initialize(&s->emac, sizeof(s->emac), TYPE_AW_EMAC);
> +qdev_set_parent_bus(DEVICE(&s->emac), sysbus_get_default());
> +if (nd_table[0].used) {
> +qemu_check_nic_model(&nd_table[0], "allwinner_emac");

Please adopt new-style names with dashes, i.e. "allwinner-emac". Peter
C.'s comment wrt TYPE_* still applies though.

> +qdev_set_nic_properties(DEVICE(&s->emac), &nd_table[0]);

Since you're using DEVICE() twice, you should consider using a local
variable like you did for sysbusdev below. It's a one-time
initialization though, so not mandatory.

> +}
>  }
>  
>  static void aw_a10_realize(DeviceState *dev, Error **errp)
> @@ -76,6 +83,15 @@ static void aw_a10_realize(DeviceState *dev, Error **errp)
>  sysbus_connect_irq(sysbusdev, 4, s->irq[67]);
>  sysbus_connect_irq(sysbusdev, 5, s->irq[68]);
>  
> +object_property_set_bool(OBJECT(&s->emac), true, "realized", &err);
> +if (err != NULL) {
> +error_propagate(errp, err);
> +return;
> +}
> +sysbusdev = SYS_BUS_DEVICE(&s->emac);
> +sysbus_mmio_map(sysbusdev, 0, AW_A10_EMAC_BASE);
> +sysbus_connect_irq(sysbusdev, 0, s->irq[55]);
> +
>  serial_mm_init(get_system_memory(), AW_A10_UART0_REG_BASE, 2, s->irq[1],
> 115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
>  }
> diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
> index 3fcb6d2..b3f8f51 100644
> --- a/hw/arm/cubieboard.c
> +++ b/hw/arm/cubieboard.c
> @@ -36,6 +36,13 @@ static void cubieboard_init(QEMUMachineInitArgs *args)
>  Error *err = NULL;
>  
>  s->a10 = AW_A10(object_new(TYPE_AW_A10));
> +
> +object_property_set_int(OBJECT(&s->a10->emac), 1, "phyaddr", &err);

"phy-addr"?

> +if (err != NULL) {
> +error_report("Couldn't set phy address: %s\n", 
> error_get_pretty(err));

error_report() always without trailing \n.

> +exit(1);
> +}
> +
>  object_property_set_bool(OBJECT(s->a10), true, "realized", &err);
>  if (err != NULL) {
>  error_report("Couldn't realize Allwinner A10: %s\n",

Bad example. ;) Fixes welcome.

Cheers,
Andreas

> diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
> index da36647..01a189b 100644
> --- a/include/hw/arm/allwinner-a10.h
> +++ b/include/hw/arm/allwinner-a10.h
> @@ -6,6 +6,7 @@
>  #include "hw/arm/arm.h"
>  #include "hw/timer/allwinner-a10-pit.h"
>  #include "hw/intc/allwinner-a10-pic.h"
> +#include "hw/net/allwinner_emac.h"
>  
>  #include "sysemu/sysemu.h"
>  #include "exec/address-spaces.h"
> @@ -14,6 +15,7 @@
>  #define AW_A10_PIC_REG_BASE 0x01c20400
>  #define AW_A10_PIT_REG_BASE 0x01c20c00
>  #define AW_A10_UART0_REG_BASE   0x01c28000
> +#define AW_A10_EMAC_BASE0x01c0b000
>  
>  #define AW_A10_SDRAM_BASE   0x4000
>  
> @@ -29,6 +31,7 @@ typedef struct AwA10State {
>  qemu_irq irq[AW_A10_PIC_INT_NR];
>  AwA10PITState timer;
>  AwA10PICState intc;
> +AwEmacState emac;
>  } AwA10State;
>  
>  #define ALLWINNER_H_
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v3 1/2] hw/net: add support for Allwinner EMAC Fast Ethernet controller

[Peter Crosthwaite]

On Sat, Jan 25, 2014 at 11:37 PM, Beniamino Galvani  wrote:
> On Thu, Jan 23, 2014 at 11:04:32PM +1000, Peter Crosthwaite wrote:
>> On Mon, Jan 20, 2014 at 9:25 AM, Beniamino Galvani  
>> wrote:
>> > This patch adds support for the Fast Ethernet MAC found on Allwinner
>> > SoCs, together with a basic emulation of Realtek RTL8201CP PHY.
>> >
>> > Since there is no public documentation of the Allwinner controller, the
>> > implementation is based on Linux kernel driver.
>> >
>> > Signed-off-by: Beniamino Galvani 
>> > ---
>> >  default-configs/arm-softmmu.mak |1 +
>> >  hw/net/Makefile.objs|1 +
>> >  hw/net/allwinner_emac.c |  589 
>> > +++
>> >  include/hw/net/allwinner_emac.h |  222 +++
>> >  4 files changed, 813 insertions(+)
>> >  create mode 100644 hw/net/allwinner_emac.c
>> >  create mode 100644 include/hw/net/allwinner_emac.h
>> >
>> > diff --git a/default-configs/arm-softmmu.mak 
>> > b/default-configs/arm-softmmu.mak
>> > index ce1d620..f3513fa 100644
>> > --- a/default-configs/arm-softmmu.mak
>> > +++ b/default-configs/arm-softmmu.mak
>> > @@ -27,6 +27,7 @@ CONFIG_SSI_SD=y
>> >  CONFIG_SSI_M25P80=y
>> >  CONFIG_LAN9118=y
>> >  CONFIG_SMC91C111=y
>> > +CONFIG_ALLWINNER_EMAC=y
>> >  CONFIG_DS1338=y
>> >  CONFIG_PFLASH_CFI01=y
>> >  CONFIG_PFLASH_CFI02=y
>> > diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
>> > index 951cca3..75e80c2 100644
>> > --- a/hw/net/Makefile.objs
>> > +++ b/hw/net/Makefile.objs
>> > @@ -18,6 +18,7 @@ common-obj-$(CONFIG_OPENCORES_ETH) += opencores_eth.o
>> >  common-obj-$(CONFIG_XGMAC) += xgmac.o
>> >  common-obj-$(CONFIG_MIPSNET) += mipsnet.o
>> >  common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
>> > +common-obj-$(CONFIG_ALLWINNER_EMAC) += allwinner_emac.o
>> >
>> >  common-obj-$(CONFIG_CADENCE) += cadence_gem.o
>> >  common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
>> > diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
>> > new file mode 100644
>> > index 000..4cad7e0
>> > --- /dev/null
>> > +++ b/hw/net/allwinner_emac.c
>> > @@ -0,0 +1,589 @@
>> > +/*
>> > + * Emulation of Allwinner EMAC Fast Ethernet controller and
>> > + * Realtek RTL8201CP PHY
>> > + *
>> > + * Copyright (C) 2014 Beniamino Galvani 
>> > + *
>> > + * This program is free software; you can redistribute it and/or modify
>> > + * it under the terms of the GNU General Public License as published by
>> > + * the Free Software Foundation; either version 2 of the License, or
>> > + * (at your option) any later version.
>> > + *
>> > + * This program is distributed in the hope that it will be useful,
>> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> > + * GNU General Public License for more details.
>> > + *
>> > + */
>> > +#include "hw/sysbus.h"
>> > +#include "net/net.h"
>> > +#include "hw/net/allwinner_emac.h"
>> > +#include 
>> > +
>> > +static uint8_t padding[60];
>> > +
>> > +static void mii_set_link(RTL8201CPState *mii, bool link_ok)
>> > +{
>> > +if (link_ok) {
>> > +mii->bmsr |= MII_BMSR_LINK_ST;
>> > +mii->anlpar |= MII_ANAR_TXFD | MII_ANAR_10FD | MII_ANAR_10 |
>> > +   MII_ANAR_CSMACD;
>> > +} else {
>> > +mii->bmsr &= ~MII_BMSR_LINK_ST;
>> > +mii->anlpar = MII_ANAR_TX;
>> > +}
>> > +}
>> > +
>> > +static void mii_reset(RTL8201CPState *mii, bool link_ok)
>> > +{
>> > +mii->bmcr = MII_BMCR_FD | MII_BMCR_AUTOEN | MII_BMCR_SPEED;
>> > +mii->bmsr = MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
>> > +MII_BMSR_10T_HD | MII_BMSR_MFPS | MII_BMSR_AUTONEG;
>> > +mii->anar = MII_ANAR_TXFD | MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 
>> > |
>> > +MII_ANAR_CSMACD;
>> > +mii->anlpar = MII_ANAR_TX;
>> > +
>> > +mii_set_link(mii, link_ok);
>> > +}
>> > +
>> > +static uint16_t aw_emac_mdio_read(AwEmacState *s, uint8_t addr, uint8_t 
>> > reg)
>>
>> Drop the AW reference here (replace with "RTL8201").
>>
>> > +{
>> > +RTL8201CPState *mii = &s->mii;
>> > +uint16_t ret = 0x;
>> > +
>> > +if (addr == s->phy_addr) {
>> > +switch (reg) {
>> > +case MII_BMCR:
>> > +return mii->bmcr;
>> > +case MII_BMSR:
>> > +return mii->bmsr;
>> > +case MII_PHYID1:
>> > +return RTL8201CP_PHYID1;
>> > +case MII_PHYID2:
>> > +return RTL8201CP_PHYID2;
>> > +case MII_ANAR:
>> > +return mii->anar;
>> > +case MII_ANLPAR:
>> > +return mii->anlpar;
>> > +case MII_ANER:
>> > +case MII_NSR:
>> > +case MII_LBREMR:
>> > +case MII_REC:
>> > +case MII_SNRDR:
>> > +case MII_TEST:
>> > +qemu_log_mask(LOG_UNIMP,
>> > +  "allwinner_emac: read from unimpl. mii reg 
>> > 0x%x\n",
>> > + 

Re: [Qemu-devel] [PULL 10/42] qtest: Fix the bug about disable vnc causes "make check" fail

[Andreas Färber]

Am 18.01.2014 12:54, schrieb Kewei Yu:
> 
> 2014/1/17 Andreas Färber mailto:afaer...@suse.de>>
> 
> Am 15.01.2014 11:22, schrieb Kevin Wolf:
> > From: Kewei Yu mailto:kewe...@gmail.com>>
> >
> > When we disable vnc from "./configure", QEMU can't use the vnc option.
> > So qtest can't use the "vnc -none ", otherwise "make check" fails.
> > If QEMU uses "-display none", "-vnc none" is excrescent, So we
> just need to drop it.
> >
> > Signed-off-by: Kewei Yu mailto:kewe...@gmail.com>>
> > Reviewed-by: Paolo Bonzini  >
> > Signed-off-by: Kevin Wolf mailto:kw...@redhat.com>>
> 
> If the pull does get respun, 'Fix "make check" failing for
> --disable-vnc' would be better English. ;)
> 
>  Yes, It is more accurate. So I should re-submit it?

Sorry for the late answer. Since it was already in the maintainer's
queue and just about the commit message, it's not necessary for you to
resubmit, my comment was addressed to Kevin. When a "PULL" has been
sent, only major reasons (like build breakages, missing/wrong Sob, etc.)
lead to a resubmission by the maintainer.

Apart from the grammar issues ("causes ... to fail" or "... failure",
"disabling ... causes"), please keep in mind that many commits fix bugs,
so it will be more useful to the reader of patch/commit to read
prominently what is changing (and why) to determine whether he/she is
affected. Hope that explains.

Regards,
Andreas

> 
> 
> Andreas
> 
> --
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
> 
> Kewei

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [Bug 1272796] [NEW] Windows 98 First Edition emulation problems

[Riccardo Bassani]

Public bug reported:

System: Debian SID x86 with latest updates

1) QEMU compiled from latest main GIT branch(at the time of writing, 1.7.50) 
(and 1.7 stable version)
./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
--cpu=i686 --audio-drv-list=alsa

When you try to boot Windows 98 First Edition (Italian), it does not simply 
boot. It stays on booting screen.
If you try to install, the installation goes flawless, but when it boots it 
freeze.

I am launching VM with this: qemu-system-i386 -hda main.img -cpu pentium
-m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus

I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
with the booting of Win98, but nothing. No fix found.

2) QEMU 1.6.2 (same compile and launching options)
gus soundboard seems not recognized even with real dos drivers (tried to 
install theme into real dos mode).
with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 1000 
iterations, making the emulation impossible (too slow, and sound is stuttering) 
. Tried to compile with oss and sdl option on audio-drv-list but no fix found.

Any ideas? thank you

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1272796

Title:
  Windows 98 First Edition emulation problems

Status in QEMU:
  New

Bug description:
  System: Debian SID x86 with latest updates

  1) QEMU compiled from latest main GIT branch(at the time of writing, 1.7.50) 
(and 1.7 stable version)
  ./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
--cpu=i686 --audio-drv-list=alsa

  When you try to boot Windows 98 First Edition (Italian), it does not simply 
boot. It stays on booting screen.
  If you try to install, the installation goes flawless, but when it boots it 
freeze.

  I am launching VM with this: qemu-system-i386 -hda main.img -cpu
  pentium -m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus

  I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
  with the booting of Win98, but nothing. No fix found.

  2) QEMU 1.6.2 (same compile and launching options)
  gus soundboard seems not recognized even with real dos drivers (tried to 
install theme into real dos mode).
  with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 
1000 iterations, making the emulation impossible (too slow, and sound is 
stuttering) . Tried to compile with oss and sdl option on audio-drv-list but no 
fix found.

  Any ideas? thank you

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1272796/+subscriptions

[Qemu-devel] [Bug 1272796] Re: Windows 98 First Edition emulation problems

[Riccardo Bassani]

** Description changed:

  System: Debian SID x86 with latest updates
  
- 1) QEMU compiled from latest main GIT branch (and 1.7 stable version)
+ 1) QEMU compiled from latest main GIT branch(at the time of writing, 1.7.50) 
(and 1.7 stable version)
  ./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
--cpu=i686 --audio-drv-list=alsa
  
- When you try to boot Windows 98 First Edition (Italian), it does not simply 
boot. It stays on booting screen. 
+ When you try to boot Windows 98 First Edition (Italian), it does not simply 
boot. It stays on booting screen.
  If you try to install, the installation goes flawless, but when it boots it 
freeze.
  
  I am launching VM with this: qemu-system-i386 -hda main.img -cpu pentium
  -m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus
  
  I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
  with the booting of Win98, but nothing. No fix found.
  
  2) QEMU 1.6.2 (same compile and launching options)
  gus soundboard seems not recognized even with real dos drivers (tried to 
install theme into real dos mode).
  with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 
1000 iterations, making the emulation impossible (too slow, and sound is 
stuttering) . Tried to compile with oss and sdl option on audio-drv-list but no 
fix found.
  
  Any ideas? thank you

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1272796

Title:
  Windows 98 First Edition emulation problems

Status in QEMU:
  New

Bug description:
  System: Debian SID x86 with latest updates

  1) QEMU compiled from latest main GIT branch(at the time of writing, 1.7.50) 
(and 1.7 stable version)
  ./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
--cpu=i686 --audio-drv-list=alsa

  When you try to boot Windows 98 First Edition (Italian), it does not simply 
boot. It stays on booting screen.
  If you try to install, the installation goes flawless, but when it boots it 
freeze.

  I am launching VM with this: qemu-system-i386 -hda main.img -cpu
  pentium -m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus

  I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
  with the booting of Win98, but nothing. No fix found.

  2) QEMU 1.6.2 (same compile and launching options)
  gus soundboard seems not recognized even with real dos drivers (tried to 
install theme into real dos mode).
  with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 
1000 iterations, making the emulation impossible (too slow, and sound is 
stuttering) . Tried to compile with oss and sdl option on audio-drv-list but no 
fix found.

  Any ideas? thank you

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1272796/+subscriptions

Re: [Qemu-devel] [PATCH v3] Fix QEMU build on OpenBSD on x86 archs

[Brad Smith]

On 02/01/14 2:55 AM, Stefan Hajnoczi wrote:

On Tue, Dec 10, 2013 at 07:49:08PM -0500, Brad Smith wrote:

This resolves the build issue with building the ROMs on OpenBSD on x86 archs.
As of OpenBSD 5.3 the compiler builds PIE binaries by default and thus the
whole OS/packages and so forth. The ROMs need to have PIE disabled. This
is my initial attempt at trying to get somehting upstream so that QEMU
both builds out of the box and to resolve the build issue with the
buildbots that has been around for awhile. We have a patch in our ports
tree but it is just the flags hardcoded into the Makefile which obviously
is not appropriate for upstream.

 From the OpenBSD buildbots..
   Building optionrom/multiboot.img
ld: multiboot.o: relocation R_X86_64_16 can not be used when making a shared 
object; recompile with -fPIC

Signed-off by: Brad Smith 
---

Change in v2:
 * Fix '==' is not portable syntax.

Change in v3:
 * Rename variables and use compile_prog to detect the presence of the 
compiler/linker
   flags, as suggested by Stefan Weil.


Reviewed-by: Stefan Hajnoczi 


Is there some sort of process I am missing to have build fixes
commited so that QEMU actually builds?

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [Qemu-devel] [Bug 1272796] [NEW] Windows 98 First Edition emulation problems

[Peter Crosthwaite]

On Sun, Jan 26, 2014 at 10:26 AM, Riccardo Bassani
<1272...@bugs.launchpad.net> wrote:
> Public bug reported:
>
> System: Debian SID x86 with latest updates
>
> 1) QEMU compiled from latest main GIT branch(at the time of writing, 1.7.50) 
> (and 1.7 stable version)
> ./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
> --cpu=i686 --audio-drv-list=alsa
>
> When you try to boot Windows 98 First Edition (Italian), it does not simply 
> boot. It stays on booting screen.
> If you try to install, the installation goes flawless, but when it boots it 
> freeze.
>
> I am launching VM with this: qemu-system-i386 -hda main.img -cpu pentium
> -m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus
>
> I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
> with the booting of Win98, but nothing. No fix found.
>
> 2) QEMU 1.6.2 (same compile and launching options)
> gus soundboard seems not recognized even with real dos drivers (tried to 
> install theme into real dos mode).
> with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 
> 1000 iterations, making the emulation impossible (too slow, and sound is 
> stuttering) . Tried to compile with oss and sdl option on audio-drv-list but 
> no fix found.
>

Are you reporting a regression here? Are you saying that this 1.6.2
boot is more successful than 1.7.50? If so, you should then be able to
use the git bisect tool to identify where in the development history
(between 1.6 and 1.7.50) your bug was introduced.

Regards,
Peter

> Any ideas? thank you
>
> ** Affects: qemu
>  Importance: Undecided
>  Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1272796
>
> Title:
>   Windows 98 First Edition emulation problems
>
> Status in QEMU:
>   New
>
> Bug description:
>   System: Debian SID x86 with latest updates
>
>   1) QEMU compiled from latest main GIT branch(at the time of writing, 
> 1.7.50) (and 1.7 stable version)
>   ./configure options: ./configure --enable-sdl --target-list=i386-softmmu 
> --cpu=i686 --audio-drv-list=alsa
>
>   When you try to boot Windows 98 First Edition (Italian), it does not simply 
> boot. It stays on booting screen.
>   If you try to install, the installation goes flawless, but when it boots it 
> freeze.
>
>   I am launching VM with this: qemu-system-i386 -hda main.img -cpu
>   pentium -m 256 -fda floppy1.img -boot c -soundhw gus -vga cirrus
>
>   I have tried with -M option "pc-i440fx-1.6" since 1.6 have no problems
>   with the booting of Win98, but nothing. No fix found.
>
>   2) QEMU 1.6.2 (same compile and launching options)
>   gus soundboard seems not recognized even with real dos drivers (tried to 
> install theme into real dos mode).
>   with SoundBlaster 16 i have following error: WARNING: I/O thread spun for 
> 1000 iterations, making the emulation impossible (too slow, and sound is 
> stuttering) . Tried to compile with oss and sdl option on audio-drv-list but 
> no fix found.
>
>   Any ideas? thank you
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1272796/+subscriptions
>

[Qemu-devel] [PATCH v5 1/4] qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset()

[Hu Tao]

n_start can be actually calculated from offset. The number of
sectors to be allocated(n_end - n_start) can be passed in in
num. By removing n_start and n_end, we can save two parameters.

The side effect is there is a bug in qcow2.c:preallocate() that
passes incorrect n_start to qcow2_alloc_cluster_offset() is
fixed. The bug can be triggerred by a larger cluster size than
the default value(65536), for example:

./qemu-img create -f qcow2 \
  -o 'cluster_size=131072,preallocation=metadata' file.img 4G

Reviewed-by: Max Reitz 
Signed-off-by: Hu Tao 
---
 block/qcow2-cluster.c | 14 ++
 block/qcow2.c | 13 +++--
 block/qcow2.h |  2 +-
 trace-events  |  2 +-
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 8534084..c57f39d 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1182,7 +1182,7 @@ fail:
  * Return 0 on success and -errno in error cases
  */
 int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
-int n_start, int n_end, int *num, uint64_t *host_offset, QCowL2Meta **m)
+int *num, uint64_t *host_offset, QCowL2Meta **m)
 {
 BDRVQcowState *s = bs->opaque;
 uint64_t start, remaining;
@@ -1190,15 +1190,13 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, 
uint64_t offset,
 uint64_t cur_bytes;
 int ret;
 
-trace_qcow2_alloc_clusters_offset(qemu_coroutine_self(), offset,
-  n_start, n_end);
+trace_qcow2_alloc_clusters_offset(qemu_coroutine_self(), offset, *num);
 
-assert(n_start * BDRV_SECTOR_SIZE == offset_into_cluster(s, offset));
-offset = start_of_cluster(s, offset);
+assert((offset & ~BDRV_SECTOR_MASK) == 0);
 
 again:
-start = offset + (n_start << BDRV_SECTOR_BITS);
-remaining = (n_end - n_start) << BDRV_SECTOR_BITS;
+start = offset;
+remaining = *num << BDRV_SECTOR_BITS;
 cluster_offset = 0;
 *host_offset = 0;
 cur_bytes = 0;
@@ -1284,7 +1282,7 @@ again:
 }
 }
 
-*num = (n_end - n_start) - (remaining >> BDRV_SECTOR_BITS);
+*num -= remaining >> BDRV_SECTOR_BITS;
 assert(*num > 0);
 assert(*host_offset != 0);
 
diff --git a/block/qcow2.c b/block/qcow2.c
index 8ec9db1..effdd56 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -992,7 +992,6 @@ static coroutine_fn int qcow2_co_writev(BlockDriverState 
*bs,
 {
 BDRVQcowState *s = bs->opaque;
 int index_in_cluster;
-int n_end;
 int ret;
 int cur_nr_sectors; /* number of sectors in current iteration */
 uint64_t cluster_offset;
@@ -1016,14 +1015,16 @@ static coroutine_fn int 
qcow2_co_writev(BlockDriverState *bs,
 
 trace_qcow2_writev_start_part(qemu_coroutine_self());
 index_in_cluster = sector_num & (s->cluster_sectors - 1);
-n_end = index_in_cluster + remaining_sectors;
+cur_nr_sectors = remaining_sectors;
 if (s->crypt_method &&
-n_end > QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors) {
-n_end = QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors;
+cur_nr_sectors >
+QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors - index_in_cluster) {
+cur_nr_sectors =
+QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors - 
index_in_cluster;
 }
 
 ret = qcow2_alloc_cluster_offset(bs, sector_num << 9,
-index_in_cluster, n_end, &cur_nr_sectors, &cluster_offset, 
&l2meta);
+&cur_nr_sectors, &cluster_offset, &l2meta);
 if (ret < 0) {
 goto fail;
 }
@@ -1400,7 +1401,7 @@ static int preallocate(BlockDriverState *bs)
 
 while (nb_sectors) {
 num = MIN(nb_sectors, INT_MAX >> 9);
-ret = qcow2_alloc_cluster_offset(bs, offset, 0, num, &num,
+ret = qcow2_alloc_cluster_offset(bs, offset, &num,
  &host_offset, &meta);
 if (ret < 0) {
 return ret;
diff --git a/block/qcow2.h b/block/qcow2.h
index 303eb26..84e1344 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -468,7 +468,7 @@ void qcow2_encrypt_sectors(BDRVQcowState *s, int64_t 
sector_num,
 int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset,
 int *num, uint64_t *cluster_offset);
 int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
-int n_start, int n_end, int *num, uint64_t *host_offset, QCowL2Meta **m);
+int *num, uint64_t *host_offset, QCowL2Meta **m);
 uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
  uint64_t offset,
  int compressed_size);
diff --git a/trace-events b/trace-events
index 9f4456a..9b4e586 100644
--- a/trace-events
+++ b/trace-events
@@ -494,7 +494,7 @@ qcow2_writev_done_part(void *co, int cur_nr_sectors) "co %p 
cur_nr_sectors %d"
 qcow2_writev_data(void *co, uint64_t offset) "co %p offset %" PRIx64
 
 # block/qcow2-clu

[Qemu-devel] [PATCH v5 3/4] qcow2: check for NULL l2meta

[Hu Tao]

In the case of a metadata preallocation with a large cluster size,
qcow2_alloc_cluster_offset() can allocate nothing and returns a
NULL l2meta. This patch checks for it and link2 l2 with only valid
l2meta.

Replace 9 and 512 with BDRV_SECTOR_BITS, BDRV_SECTOR_SIZE
respectively while at the function.

Reviewed-by: Max Reitz 
Signed-off-by: Hu Tao 
---
 block/qcow2.c | 31 ---
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index effdd56..bfdbfa1 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1396,34 +1396,34 @@ static int preallocate(BlockDriverState *bs)
 int ret;
 QCowL2Meta *meta;
 
-nb_sectors = bdrv_getlength(bs) >> 9;
+nb_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
 offset = 0;
 
 while (nb_sectors) {
-num = MIN(nb_sectors, INT_MAX >> 9);
+num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
 ret = qcow2_alloc_cluster_offset(bs, offset, &num,
  &host_offset, &meta);
 if (ret < 0) {
 return ret;
 }
 
-ret = qcow2_alloc_cluster_link_l2(bs, meta);
-if (ret < 0) {
-qcow2_free_any_clusters(bs, meta->alloc_offset, meta->nb_clusters,
-QCOW2_DISCARD_NEVER);
-return ret;
-}
-
-/* There are no dependent requests, but we need to remove our request
- * from the list of in-flight requests */
 if (meta != NULL) {
+ret = qcow2_alloc_cluster_link_l2(bs, meta);
+if (ret < 0) {
+qcow2_free_any_clusters(bs, meta->alloc_offset,
+meta->nb_clusters, 
QCOW2_DISCARD_NEVER);
+return ret;
+}
+
+/* There are no dependent requests, but we need to remove our
+ * request from the list of in-flight requests */
 QLIST_REMOVE(meta, next_in_flight);
 }
 
 /* TODO Preallocate data if requested */
 
 nb_sectors -= num;
-offset += num << 9;
+offset += num << BDRV_SECTOR_BITS;
 }
 
 /*
@@ -1432,9 +1432,10 @@ static int preallocate(BlockDriverState *bs)
  * EOF). Extend the image to the last allocated sector.
  */
 if (host_offset != 0) {
-uint8_t buf[512];
-memset(buf, 0, 512);
-ret = bdrv_write(bs->file, (host_offset >> 9) + num - 1, buf, 1);
+uint8_t buf[BDRV_SECTOR_SIZE];
+memset(buf, 0, BDRV_SECTOR_SIZE);
+ret = bdrv_write(bs->file, (host_offset >> BDRV_SECTOR_BITS) + num - 1,
+ buf, 1);
 if (ret < 0) {
 return ret;
 }
-- 
1.8.5.2.229.g4448466

[Qemu-devel] [PATCH v5 0/4] qemu-img: fix bugs when cluster size is larger than the default value

[Hu Tao]

This series fixes several bugs of qcow2 when doing preallocation with a
cluster_size larger than the default value.

v5:
  - limit cur_nr_sectors for the encrypted case (patch 1)
  - fix some grammar problems in commit messages and make commit messages
more understandable

Hu Tao (4):
  qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset()
  qcow2: fix offset overflow in qcow2_alloc_clusters_at()
  qcow2: check for NULL l2meta
  qemu-iotests: add test for qcow2 preallocation with different cluster
sizes

 block/qcow2-cluster.c  | 14 +--
 block/qcow2-refcount.c |  8 +-
 block/qcow2.c  | 44 
 block/qcow2.h  |  2 +-
 tests/qemu-iotests/079 | 63 ++
 tests/qemu-iotests/079.out | 32 +++
 tests/qemu-iotests/group   |  1 +
 trace-events   |  2 +-
 8 files changed, 134 insertions(+), 32 deletions(-)
 create mode 100755 tests/qemu-iotests/079
 create mode 100644 tests/qemu-iotests/079.out

-- 
1.8.5.2.229.g4448466

[Qemu-devel] [PATCH v5 2/4] qcow2: fix offset overflow in qcow2_alloc_clusters_at()

[Hu Tao]

When cluster size is big enough it can lead to an offset overflow
in qcow2_alloc_clusters_at(). This patch fixes it.

The allocation is stopped each time at L2 table boundary
(see handle_alloc()), so the possible maximum bytes could be

  2^(cluster_bits - 3 + cluster_bits)

cluster_bits - 3 is used to compute the number of entry by L2
and the additional cluster_bits is to take into account each
clusters referenced by the L2 entries.

so int is safe for cluster_bits<=17, unsafe otherwise.

Reviewed-by: Max Reitz 
Signed-off-by: Hu Tao 
---
 block/qcow2-refcount.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index c974abe..8712d8b 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -676,7 +676,13 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t 
offset,
 BDRVQcowState *s = bs->opaque;
 uint64_t cluster_index;
 uint64_t old_free_cluster_index;
-int i, refcount, ret;
+uint64_t i;
+int refcount, ret;
+
+assert(nb_clusters >= 0);
+if (nb_clusters == 0) {
+return 0;
+}
 
 /* Check how many clusters there are free */
 cluster_index = offset >> s->cluster_bits;
-- 
1.8.5.2.229.g4448466

[Qemu-devel] [PATCH v5 4/4] qemu-iotests: add test for qcow2 preallocation with different cluster sizes

[Hu Tao]

Reviewed-by: Max Reitz 
Signed-off-by: Hu Tao 
---
 tests/qemu-iotests/079 | 63 ++
 tests/qemu-iotests/079.out | 32 +++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 96 insertions(+)
 create mode 100755 tests/qemu-iotests/079
 create mode 100644 tests/qemu-iotests/079.out

diff --git a/tests/qemu-iotests/079 b/tests/qemu-iotests/079
new file mode 100755
index 000..2142bbb
--- /dev/null
+++ b/tests/qemu-iotests/079
@@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# Test qcow2 preallocation with different cluster_sizes
+#
+# Copyright (C) 2014 Fujitsu.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=hu...@cn.fujitsu.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+function test_qemu_img()
+{
+echo qemu-img "$@" | _filter_testdir
+$QEMU_IMG "$@" 2>&1 | _filter_testdir
+echo
+}
+
+echo "=== Check option preallocation and cluster_size ==="
+echo
+cluster_sizes="16384 32768 65536 131072 262144 524288 1048576 2097152 4194304"
+
+for s in $cluster_sizes; do
+test_qemu_img create -f $IMGFMT -o preallocation=metadata,cluster_size=$s 
"$TEST_IMG" 4G
+done
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/079.out b/tests/qemu-iotests/079.out
new file mode 100644
index 000..ef4b8c9
--- /dev/null
+++ b/tests/qemu-iotests/079.out
@@ -0,0 +1,32 @@
+QA output created by 079
+=== Check option preallocation and cluster_size ===
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=16384 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=16384 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=32768 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=32768 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=65536 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=65536 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=131072 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=131072 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=262144 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=262144 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=524288 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=524288 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=1048576 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=1048576 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=2097152 
TEST_DIR/t.qcow2 4G
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=2097152 preallocation='metadata' lazy_refcounts=off
+
+qemu-img create -f qcow2 -o preallocation=metadata,cluster_size=4194304 
TEST_DIR/t.qcow2 4G
+qemu-img: TEST_DIR/t.qcow2: Cluster size must be a power of two between 512 
and 2048k
+Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=4294967296 encryption=off 
cluster_size=4194304 preallocation='metadata' lazy_refcounts=off
+
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index cc750c9..3bb22c2 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -79,3 +79,4 @@
 070 rw auto
 073 rw auto
 074 rw auto
+079 rw auto
-- 
1.8.5.2.229.g4448466

Re: [Qemu-devel] [PATCH v5 1/4] qcow2: remove n_start and n_end of qcow2_alloc_cluster_offset()

[Benoît Canet]

Le Sunday 26 Jan 2014 à 11:12:37 (+0800), Hu Tao a écrit :
> n_start can be actually calculated from offset. The number of
> sectors to be allocated(n_end - n_start) can be passed in in
> num. By removing n_start and n_end, we can save two parameters.
> 
> The side effect is there is a bug in qcow2.c:preallocate() that
> passes incorrect n_start to qcow2_alloc_cluster_offset() is
> fixed. The bug can be triggerred by a larger cluster size than
> the default value(65536), for example:
> 
> ./qemu-img create -f qcow2 \
>   -o 'cluster_size=131072,preallocation=metadata' file.img 4G
> 
> Reviewed-by: Max Reitz 
> Signed-off-by: Hu Tao 
> ---
>  block/qcow2-cluster.c | 14 ++
>  block/qcow2.c | 13 +++--
>  block/qcow2.h |  2 +-
>  trace-events  |  2 +-
>  4 files changed, 15 insertions(+), 16 deletions(-)
> 
> diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
> index 8534084..c57f39d 100644
> --- a/block/qcow2-cluster.c
> +++ b/block/qcow2-cluster.c
> @@ -1182,7 +1182,7 @@ fail:
>   * Return 0 on success and -errno in error cases
>   */
>  int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
> -int n_start, int n_end, int *num, uint64_t *host_offset, QCowL2Meta **m)
> +int *num, uint64_t *host_offset, QCowL2Meta **m)
>  {
>  BDRVQcowState *s = bs->opaque;
>  uint64_t start, remaining;
> @@ -1190,15 +1190,13 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, 
> uint64_t offset,
>  uint64_t cur_bytes;
>  int ret;
>  
> -trace_qcow2_alloc_clusters_offset(qemu_coroutine_self(), offset,
> -  n_start, n_end);
> +trace_qcow2_alloc_clusters_offset(qemu_coroutine_self(), offset, *num);
>  
> -assert(n_start * BDRV_SECTOR_SIZE == offset_into_cluster(s, offset));
> -offset = start_of_cluster(s, offset);
> +assert((offset & ~BDRV_SECTOR_MASK) == 0);
>  
>  again:
> -start = offset + (n_start << BDRV_SECTOR_BITS);
> -remaining = (n_end - n_start) << BDRV_SECTOR_BITS;
> +start = offset;
> +remaining = *num << BDRV_SECTOR_BITS;
>  cluster_offset = 0;
>  *host_offset = 0;
>  cur_bytes = 0;
> @@ -1284,7 +1282,7 @@ again:
>  }
>  }
>  
> -*num = (n_end - n_start) - (remaining >> BDRV_SECTOR_BITS);
> +*num -= remaining >> BDRV_SECTOR_BITS;
>  assert(*num > 0);
>  assert(*host_offset != 0);
>  
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 8ec9db1..effdd56 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -992,7 +992,6 @@ static coroutine_fn int qcow2_co_writev(BlockDriverState 
> *bs,
>  {
>  BDRVQcowState *s = bs->opaque;
>  int index_in_cluster;
> -int n_end;
>  int ret;
>  int cur_nr_sectors; /* number of sectors in current iteration */
>  uint64_t cluster_offset;
> @@ -1016,14 +1015,16 @@ static coroutine_fn int 
> qcow2_co_writev(BlockDriverState *bs,
>  
>  trace_qcow2_writev_start_part(qemu_coroutine_self());
>  index_in_cluster = sector_num & (s->cluster_sectors - 1);
> -n_end = index_in_cluster + remaining_sectors;
> +cur_nr_sectors = remaining_sectors;
>  if (s->crypt_method &&
> -n_end > QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors) {
> -n_end = QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors;
> +cur_nr_sectors >
> +QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors - index_in_cluster) 
> {
> +cur_nr_sectors =
> +QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors - 
> index_in_cluster;
>  }
>  
>  ret = qcow2_alloc_cluster_offset(bs, sector_num << 9,
> -index_in_cluster, n_end, &cur_nr_sectors, &cluster_offset, 
> &l2meta);
> +&cur_nr_sectors, &cluster_offset, &l2meta);
>  if (ret < 0) {
>  goto fail;
>  }
> @@ -1400,7 +1401,7 @@ static int preallocate(BlockDriverState *bs)
>  
>  while (nb_sectors) {
>  num = MIN(nb_sectors, INT_MAX >> 9);
> -ret = qcow2_alloc_cluster_offset(bs, offset, 0, num, &num,
> +ret = qcow2_alloc_cluster_offset(bs, offset, &num,
>   &host_offset, &meta);
>  if (ret < 0) {
>  return ret;
> diff --git a/block/qcow2.h b/block/qcow2.h
> index 303eb26..84e1344 100644
> --- a/block/qcow2.h
> +++ b/block/qcow2.h
> @@ -468,7 +468,7 @@ void qcow2_encrypt_sectors(BDRVQcowState *s, int64_t 
> sector_num,
>  int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset,
>  int *num, uint64_t *cluster_offset);
>  int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset,
> -int n_start, int n_end, int *num, uint64_t *host_offset, QCowL2Meta **m);
> +int *num, uint64_t *host_offset, QCowL2Meta **m);
>  uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
>   uint64_t offset,
>   int compres

Re: [Qemu-devel] [PATCH v5 2/4] qcow2: fix offset overflow in qcow2_alloc_clusters_at()

[Benoît Canet]

Le Sunday 26 Jan 2014 à 11:12:38 (+0800), Hu Tao a écrit :
> When cluster size is big enough it can lead to an offset overflow
> in qcow2_alloc_clusters_at(). This patch fixes it.
> 
> The allocation is stopped each time at L2 table boundary
> (see handle_alloc()), so the possible maximum bytes could be
> 
>   2^(cluster_bits - 3 + cluster_bits)
> 
> cluster_bits - 3 is used to compute the number of entry by L2
> and the additional cluster_bits is to take into account each
> clusters referenced by the L2 entries.
> 
> so int is safe for cluster_bits<=17, unsafe otherwise.
> 
> Reviewed-by: Max Reitz 
> Signed-off-by: Hu Tao 
> ---
>  block/qcow2-refcount.c | 8 +++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index c974abe..8712d8b 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -676,7 +676,13 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs, 
> uint64_t offset,
>  BDRVQcowState *s = bs->opaque;
>  uint64_t cluster_index;
>  uint64_t old_free_cluster_index;
> -int i, refcount, ret;
> +uint64_t i;
> +int refcount, ret;
> +
> +assert(nb_clusters >= 0);
> +if (nb_clusters == 0) {
> +return 0;
> +}
>  
>  /* Check how many clusters there are free */
>  cluster_index = offset >> s->cluster_bits;
> -- 
> 1.8.5.2.229.g4448466
> 
Reviewed-by: Benoit Canet 

Re: [Qemu-devel] [PATCH v5 3/4] qcow2: check for NULL l2meta

[Benoît Canet]

Le Sunday 26 Jan 2014 à 11:12:39 (+0800), Hu Tao a écrit :
> In the case of a metadata preallocation with a large cluster size,
> qcow2_alloc_cluster_offset() can allocate nothing and returns a
> NULL l2meta. This patch checks for it and link2 l2 with only valid
> l2meta.
> 
> Replace 9 and 512 with BDRV_SECTOR_BITS, BDRV_SECTOR_SIZE
> respectively while at the function.
> 
> Reviewed-by: Max Reitz 
> Signed-off-by: Hu Tao 
> ---
>  block/qcow2.c | 31 ---
>  1 file changed, 16 insertions(+), 15 deletions(-)
> 
> diff --git a/block/qcow2.c b/block/qcow2.c
> index effdd56..bfdbfa1 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -1396,34 +1396,34 @@ static int preallocate(BlockDriverState *bs)
>  int ret;
>  QCowL2Meta *meta;
>  
> -nb_sectors = bdrv_getlength(bs) >> 9;
> +nb_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
>  offset = 0;
>  
>  while (nb_sectors) {
> -num = MIN(nb_sectors, INT_MAX >> 9);
> +num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
>  ret = qcow2_alloc_cluster_offset(bs, offset, &num,
>   &host_offset, &meta);
>  if (ret < 0) {
>  return ret;
>  }
>  
> -ret = qcow2_alloc_cluster_link_l2(bs, meta);
> -if (ret < 0) {
> -qcow2_free_any_clusters(bs, meta->alloc_offset, 
> meta->nb_clusters,
> -QCOW2_DISCARD_NEVER);
> -return ret;
> -}
> -
> -/* There are no dependent requests, but we need to remove our request
> - * from the list of in-flight requests */
>  if (meta != NULL) {
> +ret = qcow2_alloc_cluster_link_l2(bs, meta);
> +if (ret < 0) {
> +qcow2_free_any_clusters(bs, meta->alloc_offset,
> +meta->nb_clusters, 
> QCOW2_DISCARD_NEVER);
> +return ret;
> +}
> +
> +/* There are no dependent requests, but we need to remove our
> + * request from the list of in-flight requests */
>  QLIST_REMOVE(meta, next_in_flight);
>  }
>  
>  /* TODO Preallocate data if requested */
>  
>  nb_sectors -= num;
> -offset += num << 9;
> +offset += num << BDRV_SECTOR_BITS;
>  }
>  
>  /*
> @@ -1432,9 +1432,10 @@ static int preallocate(BlockDriverState *bs)
>   * EOF). Extend the image to the last allocated sector.
>   */
>  if (host_offset != 0) {
> -uint8_t buf[512];
> -memset(buf, 0, 512);
> -ret = bdrv_write(bs->file, (host_offset >> 9) + num - 1, buf, 1);
> +uint8_t buf[BDRV_SECTOR_SIZE];
> +memset(buf, 0, BDRV_SECTOR_SIZE);
> +ret = bdrv_write(bs->file, (host_offset >> BDRV_SECTOR_BITS) + num - 
> 1,
> + buf, 1);
>  if (ret < 0) {
>  return ret;
>  }
> -- 
> 1.8.5.2.229.g4448466
> 
> 
Reviewed-by: Benoit Canet 

Re: [Qemu-devel] [PATCH v4 2/5] qapi: add qapi-introspect.py code generator

[Amos Kong]

On Fri, Jan 24, 2014 at 05:34:35PM +0800, Amos Kong wrote:
> On Fri, Jan 24, 2014 at 05:12:12PM +0800, Fam Zheng wrote:
> > On Thu, 01/23 22:46, Amos Kong wrote:

> > > index 000..03179fa
> > > --- /dev/null
> > > +++ b/scripts/qapi-introspect.py
> > > @@ -0,0 +1,172 @@
> > > +#
> > > +# QAPI introspection info generator
> > > +#
> > > +# Copyright (C) 2014 Red Hat, Inc.
> > > +#
> > > +# Authors:
> > > +#  Amos Kong 
> > > +#
> > > +# This work is licensed under the terms of the GNU GPLv2.
> > > +# See the COPYING.LIB file in the top-level directory.
> > > +
> > > +from ordereddict import OrderedDict
> > > +from qapi import *
> > > +import sys
> > > +import os
> > > +import getopt
> > > +import errno
> > > +
> > > +
> > > +try:
> > > +opts, args = getopt.gnu_getopt(sys.argv[1:], "hp:o:",
> > > +   ["header", "prefix=", "output-dir="])
> > > +except getopt.GetoptError, err:
> > > +print str(err)
> > > +sys.exit(1)
> > > +
> > > +output_dir = ""
> > > +prefix = ""
> > > +h_file = 'qapi-introspect.h'
> > > +
> > > +do_h = False
> > > +
> > > +for o, a in opts:
> > > +if o in ("-p", "--prefix"):
> > > +prefix = a
> > 
> > Is this option used in your series?
> 
> Not, I will remove it.

It's not used currently, but it will be used when we add schema query
command for qemu-guest-agent in next step, I will add the -p option
at that time.

-- 
Amos.

Re: [Qemu-devel] [PATCH] scsi: Change scsi sense buf size to 252

[Benoît Canet]

Le Friday 24 Jan 2014 à 15:02:24 (+0800), Fam Zheng a écrit :
> Current buffer size fails the assersion check in like
> 
> hw/scsi/scsi-bus.c:1655:assert(req->sense_len <= sizeof(req->sense));
> 
> when backend (block/iscsi.c) returns more data then 96.
> 
> Exercise the core dump path by booting an Gentoo ISO with scsi-generic
> device backed with iscsi (built with libiscsi 1.7.0):
> 
> x86_64-softmmu/qemu-system-x86_64 \
> -drive file=iscsi://localhost:3260/iqn.foobar/0,if=none,id=drive-disk \
> -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 \
> -device scsi-generic,drive=drive-disk,bus=scsi1.0,id=iscsi-disk \
> -boot d \
> -cdrom gentoo.iso
> 
> qemu-system-x86_64: hw/scsi/scsi-bus.c:1655: scsi_req_complete:
> Assertion `req->sense_len <= sizeof(req->sense)' failed.
> 
> According to SPC-4, section 4.5.2.1, 252 is the limit of sense data. So
> increase the value to fix it.
> 
> Also remove duplicated define for the macro.
> 
> Signed-off-by: Fam Zheng 
> ---
>  hw/scsi/scsi-generic.c | 2 --
>  hw/scsi/spapr_vscsi.c  | 1 -
>  include/hw/scsi/scsi.h | 2 +-
>  3 files changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
> index 8f195be..4967e47 100644
> --- a/hw/scsi/scsi-generic.c
> +++ b/hw/scsi/scsi-generic.c
> @@ -37,8 +37,6 @@ do { fprintf(stderr, "scsi-generic: " fmt , ## 
> __VA_ARGS__); } while (0)
>  #include 
>  #include "block/scsi.h"
>  
> -#define SCSI_SENSE_BUF_SIZE 96
> -
>  #define SG_ERR_DRIVER_TIMEOUT  0x06
>  #define SG_ERR_DRIVER_SENSE0x08
>  
> diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
> index c0c46d7..e8bca39 100644
> --- a/hw/scsi/spapr_vscsi.c
> +++ b/hw/scsi/spapr_vscsi.c
> @@ -60,7 +60,6 @@
>  #define VSCSI_MAX_SECTORS   4096
>  #define VSCSI_REQ_LIMIT 24
>  
> -#define SCSI_SENSE_BUF_SIZE 96
>  #define SRP_RSP_SENSE_DATA_LEN  18
>  
>  typedef union vscsi_crq {
> diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
> index bf6da3d..ca66454 100644
> --- a/include/hw/scsi/scsi.h
> +++ b/include/hw/scsi/scsi.h
> @@ -31,7 +31,7 @@ typedef struct SCSISense {
>  uint8_t ascq;
>  } SCSISense;
>  
> -#define SCSI_SENSE_BUF_SIZE 96
> +#define SCSI_SENSE_BUF_SIZE 252
>  
>  struct SCSICommand {
>  uint8_t buf[SCSI_CMD_BUF_SIZE];
> -- 
> 1.8.5.3
> 
> 
Reviewed-by: Benoit Canet