[Qemu-devel] [Bug 1434779] [NEW] qemu hangs on live-migration with storage(virtual machine: windows Server 2008 with only one disk )

[youyunyehe]

Public bug reported:

Hi,
We are using “Windows Server 2008” with qemu-kvm-2.0.1 (linux kernel:3.10.0) as 
a host of  a VM.
Using drive_mirror to do  live-migration on the same host for different disks
Local disk: /sf/data/local/
Shared disk(iscsi): /sf/other/local/---  the disk is busy, the IO rate is  
about  30MB/s
qemu-system-x86_64 -k en-us -m 2048 -smp 2 -vnc :3100 -usbdevice tablet -boot c 
-enable-kvm -drive 
file=/sf/data/local/vm-disk-1.qcow2,if=none,id=drive-ide0,cache=none,aio=native 
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100 

Step 1:
Start migration: Drive_mirror -f drive-ide0  /sf/other/local/test.qcow2

Step 2:
When detect the migration has completed, then send cmd: block_job_complete -f 
drive-ide0

Step 3:
send cmd: info status 
What surprised me is that the qemu monitor reports can’t be connected.

Then find bellows:
The  qemu process hangs on the 
mirror_run->bdrv_drain_all->aio_poll->qemu_poll_ns->ppoll (),
None events were received and poll forever. I don’t know why the aio can’t be 
responsed. This case is hardly to
be generated but it really happens sometimes . I’m looking forward to getting 
help from you .
The stack capture snapshot:


Thanks 
MyAngle

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: drive migration mirror

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1434779

Title:
  qemu hangs on live-migration with storage(virtual machine: windows
  Server 2008 with only one disk )

Status in QEMU:
  New

Bug description:
  Hi,
  We are using “Windows Server 2008” with qemu-kvm-2.0.1 (linux kernel:3.10.0) 
as a host of  a VM.
  Using drive_mirror to do  live-migration on the same host for different disks
  Local disk: /sf/data/local/
  Shared disk(iscsi): /sf/other/local/---  the disk is busy, the IO rate is 
 about  30MB/s
  qemu-system-x86_64 -k en-us -m 2048 -smp 2 -vnc :3100 -usbdevice tablet -boot 
c -enable-kvm -drive 
file=/sf/data/local/vm-disk-1.qcow2,if=none,id=drive-ide0,cache=none,aio=native 
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100 

  Step 1:
  Start migration: Drive_mirror -f drive-ide0  /sf/other/local/test.qcow2

  Step 2:
  When detect the migration has completed, then send cmd: block_job_complete -f 
drive-ide0

  Step 3:
  send cmd: info status 
  What surprised me is that the qemu monitor reports can’t be connected.

  Then find bellows:
  The  qemu process hangs on the 
mirror_run->bdrv_drain_all->aio_poll->qemu_poll_ns->ppoll (),
  None events were received and poll forever. I don’t know why the aio can’t be 
responsed. This case is hardly to
  be generated but it really happens sometimes . I’m looking forward to getting 
help from you .
  The stack capture snapshot:

  
  Thanks 
  MyAngle

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1434779/+subscriptions

[Qemu-devel] [Bug 1434779] Re: qemu hangs on live-migration with storage(virtual machine: windows Server 2008 with only one disk )

[youyunyehe]

** Attachment added: "livemig.png"
   
https://bugs.launchpad.net/qemu/+bug/1434779/+attachment/4351204/+files/livemig.png

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1434779

Title:
  qemu hangs on live-migration with storage(virtual machine: windows
  Server 2008 with only one disk )

Status in QEMU:
  New

Bug description:
  Hi,
  We are using “Windows Server 2008” with qemu-kvm-2.0.1 (linux kernel:3.10.0) 
as a host of  a VM.
  Using drive_mirror to do  live-migration on the same host for different disks
  Local disk: /sf/data/local/
  Shared disk(iscsi): /sf/other/local/---  the disk is busy, the IO rate is 
 about  30MB/s
  qemu-system-x86_64 -k en-us -m 2048 -smp 2 -vnc :3100 -usbdevice tablet -boot 
c -enable-kvm -drive 
file=/sf/data/local/vm-disk-1.qcow2,if=none,id=drive-ide0,cache=none,aio=native 
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100 

  Step 1:
  Start migration: Drive_mirror -f drive-ide0  /sf/other/local/test.qcow2

  Step 2:
  When detect the migration has completed, then send cmd: block_job_complete -f 
drive-ide0

  Step 3:
  send cmd: info status 
  What surprised me is that the qemu monitor reports can’t be connected.

  Then find bellows:
  The  qemu process hangs on the 
mirror_run->bdrv_drain_all->aio_poll->qemu_poll_ns->ppoll (),
  None events were received and poll forever. I don’t know why the aio can’t be 
responsed. This case is hardly to
  be generated but it really happens sometimes . I’m looking forward to getting 
help from you .
  The stack capture snapshot:

  
  Thanks 
  MyAngle

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1434779/+subscriptions

[Qemu-devel] [PATCH 00/12 v8] tilegx: Firstly add tilegx feature for linux-user

[Chen Gang]

After load elf64 binary, qemu tilegx can finish executing the first
system call (uname) successfully in  _dl_discover_osversion(), and
return to __libc_start_main().

Chen Gang (12):
  linux-user: tilegx: Firstly add architecture related features
  linux-user: tilegx: Add target features support within qemu
  linux-user: Support tilegx architecture in syscall
  linux-user: Support tilegx architecture in linux-user
  linux-user/syscall.c: conditionalize syscalls which are not defined in
tilegx
  target-tilegx: Add TILE-Gx building files
  target-tilegx: Add cpu basic features for linux-user
  target-tilegx: Add helper features for linux-user
  target-tilegx: Add opcode basic implementation for tilegx
  target-tilegx: Finish processing bundle and preparing decoding pipes
  target-tilegx: Decoding pipes to support finish running 1st system
call
  target-tilegx: Generate tcg instructions to execute to 1st system call

 configure |3 +
 default-configs/tilegx-linux-user.mak |1 +
 include/elf.h |2 +
 linux-user/elfload.c  |   23 +
 linux-user/main.c |   86 ++
 linux-user/syscall.c  |   50 +-
 linux-user/syscall_defs.h |   38 +-
 linux-user/tilegx/syscall.h   |   80 ++
 linux-user/tilegx/syscall_nr.h|  278 ++
 linux-user/tilegx/target_cpu.h|   35 +
 linux-user/tilegx/target_signal.h |   28 +
 linux-user/tilegx/target_structs.h|   48 +
 linux-user/tilegx/termbits.h  |  285 ++
 target-tilegx/Makefile.objs   |1 +
 target-tilegx/cpu-qom.h   |   73 ++
 target-tilegx/cpu.c   |  149 +++
 target-tilegx/cpu.h   |   94 ++
 target-tilegx/helper.c|   31 +
 target-tilegx/helper.h|1 +
 target-tilegx/opcode_tilegx.h | 1406 ++
 target-tilegx/translate.c | 1762 +
 21 files changed, 4469 insertions(+), 5 deletions(-)
 create mode 100644 default-configs/tilegx-linux-user.mak
 create mode 100644 linux-user/tilegx/syscall.h
 create mode 100644 linux-user/tilegx/syscall_nr.h
 create mode 100644 linux-user/tilegx/target_cpu.h
 create mode 100644 linux-user/tilegx/target_signal.h
 create mode 100644 linux-user/tilegx/target_structs.h
 create mode 100644 linux-user/tilegx/termbits.h
 create mode 100644 target-tilegx/Makefile.objs
 create mode 100644 target-tilegx/cpu-qom.h
 create mode 100644 target-tilegx/cpu.c
 create mode 100644 target-tilegx/cpu.h
 create mode 100644 target-tilegx/helper.c
 create mode 100644 target-tilegx/helper.h
 create mode 100644 target-tilegx/opcode_tilegx.h
 create mode 100644 target-tilegx/translate.c

-- 
1.9.3

[Qemu-devel] [PATCH 01/12 v8] linux-user: tilegx: Firstly add architecture related features

[Chen Gang]

They are based on Linux kernel tilegx architecture for 64 bit binary,
also based on tilegx ABI reference document.

Signed-off-by: Chen Gang 
---
 linux-user/tilegx/syscall.h|  80 
 linux-user/tilegx/syscall_nr.h | 278 
 linux-user/tilegx/termbits.h   | 285 +
 3 files changed, 643 insertions(+)
 create mode 100644 linux-user/tilegx/syscall.h
 create mode 100644 linux-user/tilegx/syscall_nr.h
 create mode 100644 linux-user/tilegx/termbits.h

diff --git a/linux-user/tilegx/syscall.h b/linux-user/tilegx/syscall.h
new file mode 100644
index 000..561e158
--- /dev/null
+++ b/linux-user/tilegx/syscall.h
@@ -0,0 +1,80 @@
+#ifndef TILEGX_SYSCALLS_H
+#define TILEGX_SYSCALLS_H
+
+#define UNAME_MACHINE "tilegx"
+#define UNAME_MINIMUM_RELEASE "3.19"
+
+/* We use tilegx to keep things similar to the kernel sources.  */
+typedef uint64_t tilegx_reg_t;
+
+struct target_pt_regs {
+
+/* Can be as parameters */
+tilegx_reg_t r0;  /* Also for return value, both function and system call 
*/
+tilegx_reg_t r1;
+tilegx_reg_t r2;
+tilegx_reg_t r3;
+tilegx_reg_t r4;
+tilegx_reg_t r5;
+tilegx_reg_t r6;
+tilegx_reg_t r7;
+tilegx_reg_t r8;
+tilegx_reg_t r9;
+
+/* Normal using, caller saved */
+tilegx_reg_t r10;  /* Also for system call */
+tilegx_reg_t r11;
+tilegx_reg_t r12;
+tilegx_reg_t r13;
+tilegx_reg_t r14;
+tilegx_reg_t r15;
+tilegx_reg_t r16;
+tilegx_reg_t r17;
+tilegx_reg_t r18;
+tilegx_reg_t r19;
+tilegx_reg_t r20;
+tilegx_reg_t r21;
+tilegx_reg_t r22;
+tilegx_reg_t r23;
+tilegx_reg_t r24;
+tilegx_reg_t r25;
+tilegx_reg_t r26;
+tilegx_reg_t r27;
+tilegx_reg_t r28;
+tilegx_reg_t r29;
+
+/* Normal using, callee saved */
+tilegx_reg_t r30;
+tilegx_reg_t r31;
+tilegx_reg_t r32;
+tilegx_reg_t r33;
+tilegx_reg_t r34;
+tilegx_reg_t r35;
+tilegx_reg_t r36;
+tilegx_reg_t r37;
+tilegx_reg_t r38;
+tilegx_reg_t r39;
+tilegx_reg_t r40;
+tilegx_reg_t r41;
+tilegx_reg_t r42;
+tilegx_reg_t r43;
+tilegx_reg_t r44;
+tilegx_reg_t r45;
+tilegx_reg_t r46;
+tilegx_reg_t r47;
+tilegx_reg_t r48;
+tilegx_reg_t r49;
+tilegx_reg_t r50;
+tilegx_reg_t r51;
+
+/* Control using */
+tilegx_reg_t r52;/* optional frame pointer */
+tilegx_reg_t tp; /* thread-local data */
+tilegx_reg_t sp; /* stack pointer */
+tilegx_reg_t lr; /* lr pointer */
+};
+
+#define TARGET_MLOCKALL_MCL_CURRENT 1
+#define TARGET_MLOCKALL_MCL_FUTURE  2
+
+#endif
diff --git a/linux-user/tilegx/syscall_nr.h b/linux-user/tilegx/syscall_nr.h
new file mode 100644
index 000..8121154
--- /dev/null
+++ b/linux-user/tilegx/syscall_nr.h
@@ -0,0 +1,278 @@
+#ifndef TILEGX_SYSCALL_NR
+#define TILEGX_SYSCALL_NR
+
+/*
+ * Copy from linux kernel asm-generic/unistd.h, which tilegx uses.
+ */
+#define TARGET_NR_io_setup  0
+#define TARGET_NR_io_destroy1
+#define TARGET_NR_io_submit 2
+#define TARGET_NR_io_cancel 3
+#define TARGET_NR_io_getevents  4
+#define TARGET_NR_setxattr  5
+#define TARGET_NR_lsetxattr 6
+#define TARGET_NR_fsetxattr 7
+#define TARGET_NR_getxattr  8
+#define TARGET_NR_lgetxattr 9
+#define TARGET_NR_fgetxattr 10
+#define TARGET_NR_listxattr 11
+#define TARGET_NR_llistxattr12
+#define TARGET_NR_flistxattr13
+#define TARGET_NR_removexattr   14
+#define TARGET_NR_lremovexattr  15
+#define TARGET_NR_fremovexattr  16
+#define TARGET_NR_getcwd17
+#define TARGET_NR_lookup_dcookie18
+#define TARGET_NR_eventfd2  19
+#define TARGET_NR_epoll_create1 20
+#define TARGET_NR_epoll_ctl 21
+#define TARGET_NR_epoll_pwait   22
+#define TARGET_NR_dup   23
+#define TARGET_NR_dup3  24
+#define TARGET_NR_fcntl 25
+#define TARGET_NR_inotify_init1 26
+#define TARGET_NR_inotify_add_watch 27
+#define TARGET_NR_inotify_rm_watch  28
+#define TARGET_NR_ioctl 29
+#define TARGET_NR_ioprio_set30
+#define TARGET_NR_ioprio_get31
+#define TARGET_NR_flock 32
+#define TARGET_NR_mknodat   33
+#define TARGET_NR_mkdirat   34
+#define TARGET_NR_unlinkat  35
+#define TARGET_NR_symlinkat 36
+#define TARGET_NR_linkat37
+#define TARGET_NR_renameat   

[Qemu-devel] [PATCH 02/12 v8] linux-user: tilegx: Add target features support within qemu

[Chen Gang]

They are for target features within qemu which independent from outside.

Signed-off-by: Chen Gang 
---
 linux-user/tilegx/target_cpu.h | 35 +++
 linux-user/tilegx/target_signal.h  | 28 ++
 linux-user/tilegx/target_structs.h | 48 ++
 3 files changed, 111 insertions(+)
 create mode 100644 linux-user/tilegx/target_cpu.h
 create mode 100644 linux-user/tilegx/target_signal.h
 create mode 100644 linux-user/tilegx/target_structs.h

diff --git a/linux-user/tilegx/target_cpu.h b/linux-user/tilegx/target_cpu.h
new file mode 100644
index 000..c96e81d
--- /dev/null
+++ b/linux-user/tilegx/target_cpu.h
@@ -0,0 +1,35 @@
+/*
+ * TILE-Gx specific CPU ABI and functions for linux-user
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#ifndef TARGET_CPU_H
+#define TARGET_CPU_H
+
+static inline void cpu_clone_regs(CPUTLGState *env, target_ulong newsp)
+{
+if (newsp) {
+env->regs[TILEGX_R_SP] = newsp;
+}
+env->regs[TILEGX_R_RE] = 0;
+}
+
+static inline void cpu_set_tls(CPUTLGState *env, target_ulong newtls)
+{
+env->regs[TILEGX_R_TP] = newtls;
+}
+
+#endif
diff --git a/linux-user/tilegx/target_signal.h 
b/linux-user/tilegx/target_signal.h
new file mode 100644
index 000..fbab216
--- /dev/null
+++ b/linux-user/tilegx/target_signal.h
@@ -0,0 +1,28 @@
+#ifndef TARGET_SIGNAL_H
+#define TARGET_SIGNAL_H
+
+#include "cpu.h"
+
+/* this struct defines a stack used during syscall handling */
+
+typedef struct target_sigaltstack {
+abi_ulong ss_sp;
+abi_ulong ss_size;
+abi_long ss_flags;
+} target_stack_t;
+
+/*
+ * sigaltstack controls
+ */
+#define TARGET_SS_ONSTACK 1
+#define TARGET_SS_DISABLE 2
+
+#define TARGET_MINSIGSTKSZ2048
+#define TARGET_SIGSTKSZ   8192
+
+static inline abi_ulong get_sp_from_cpustate(CPUTLGState *state)
+{
+return state->regs[TILEGX_R_SP];
+}
+
+#endif /* TARGET_SIGNAL_H */
diff --git a/linux-user/tilegx/target_structs.h 
b/linux-user/tilegx/target_structs.h
new file mode 100644
index 000..13a1505
--- /dev/null
+++ b/linux-user/tilegx/target_structs.h
@@ -0,0 +1,48 @@
+/*
+ * TILE-Gx specific structures for linux-user
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#ifndef TARGET_STRUCTS_H
+#define TARGET_STRUCTS_H
+
+struct target_ipc_perm {
+abi_int __key;  /* Key.  */
+abi_uint uid;   /* Owner's user ID.  */
+abi_uint gid;   /* Owner's group ID.  */
+abi_uint cuid;  /* Creator's user ID.  */
+abi_uint cgid;  /* Creator's group ID.  */
+abi_uint mode;/* Read/write permission.  */
+abi_ushort __seq;   /* Sequence number.  */
+abi_ushort __pad2;
+abi_ulong __unused1;
+abi_ulong __unused2;
+};
+
+struct target_shmid_ds {
+struct target_ipc_perm shm_perm;/* operation permission struct */
+abi_long shm_segsz; /* size of segment in bytes */
+abi_ulong shm_atime;/* time of last shmat() */
+abi_ulong shm_dtime;/* time of last shmdt() */
+abi_ulong shm_ctime;/* time of last change by shmctl() */
+abi_int shm_cpid;   /* pid of creator */
+abi_int shm_lpid;   /* pid of last shmop */
+abi_ulong shm_nattch;   /* number of current attaches */
+abi_ulong __unused4;
+abi_ulong __unused5;
+};
+
+#endif
-- 
1.9.3

[Qemu-devel] [PATCH 03/12 v8] linux-user: Support tilegx architecture in syscall

[Chen Gang]

Add tilegx architecture in "syscall_defs.h", all related features (ioctrl,
and stat) are based on Linux kernel tilegx 64-bit implementation.

Signed-off-by: Chen Gang 
---
 linux-user/syscall_defs.h | 38 ++
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index edd5f3c..023f4b5 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -64,8 +64,9 @@
 #endif
 
 #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SH4) \
-|| defined(TARGET_M68K) || defined(TARGET_CRIS) || 
defined(TARGET_UNICORE32) \
-|| defined(TARGET_S390X) || defined(TARGET_OPENRISC)
+|| defined(TARGET_M68K) || defined(TARGET_CRIS) \
+|| defined(TARGET_UNICORE32) || defined(TARGET_S390X) \
+|| defined(TARGET_OPENRISC) || defined(TARGET_TILEGX)
 
 #define TARGET_IOC_SIZEBITS14
 #define TARGET_IOC_DIRBITS 2
@@ -365,7 +366,8 @@ int do_sigaction(int sig, const struct target_sigaction 
*act,
 || defined(TARGET_PPC) || defined(TARGET_MIPS) || defined(TARGET_SH4) \
 || defined(TARGET_M68K) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) \
 || defined(TARGET_MICROBLAZE) || defined(TARGET_UNICORE32) \
-|| defined(TARGET_S390X) || defined(TARGET_OPENRISC)
+|| defined(TARGET_S390X) || defined(TARGET_OPENRISC) \
+|| defined(TARGET_TILEGX)
 
 #if defined(TARGET_SPARC)
 #define TARGET_SA_NOCLDSTOP8u
@@ -1922,6 +1924,32 @@ struct target_stat64 {
 unsigned int __unused5;
 };
 
+#elif defined(TARGET_TILEGX)
+
+/* Copy from Linux kernel "uapi/asm-generic/stat.h" */
+struct target_stat {
+abi_ulong st_dev;   /* Device.  */
+abi_ulong st_ino;   /* File serial number.  */
+unsigned int st_mode;   /* File mode.  */
+unsigned int st_nlink;  /* Link count.  */
+unsigned int st_uid;/* User ID of the file's owner.  */
+unsigned int st_gid;/* Group ID of the file's group. */
+abi_ulong st_rdev;  /* Device number, if device.  */
+abi_ulong __pad1;
+abi_long  st_size;  /* Size of file, in bytes.  */
+int st_blksize; /* Optimal block size for I/O.  */
+int __pad2;
+abi_long st_blocks; /* Number 512-byte blocks allocated. */
+abi_long target_st_atime;   /* Time of last access.  */
+abi_ulong target_st_atime_nsec;
+abi_long target_st_mtime;   /* Time of last modification.  */
+abi_ulong target_st_mtime_nsec;
+abi_long target_st_ctime;   /* Time of last status change.  */
+abi_ulong target_st_ctime_nsec;
+unsigned int __unused4;
+unsigned int __unused5;
+};
+
 #else
 #error unsupported CPU
 #endif
@@ -2264,7 +2292,9 @@ struct target_flock {
 struct target_flock64 {
short  l_type;
short  l_whence;
-#if defined(TARGET_PPC) || defined(TARGET_X86_64) || defined(TARGET_MIPS) || 
defined(TARGET_SPARC) || defined(TARGET_HPPA) || defined (TARGET_MICROBLAZE)
+#if defined(TARGET_PPC) || defined(TARGET_X86_64) || defined(TARGET_MIPS) \
+|| defined(TARGET_SPARC) || defined(TARGET_HPPA) \
+|| defined(TARGET_MICROBLAZE) || defined(TARGET_TILEGX)
 int __pad;
 #endif
unsigned long long l_start;
-- 
1.9.3

[Qemu-devel] [PATCH 04/12 v8] linux-user: Support tilegx architecture in linux-user

[Chen Gang]

Add main working flow feature, system call processing feature, and elf64
tilegx binary loading feature, based on Linux kernel tilegx 64-bit
implementation.

Signed-off-by: Chen Gang 
---
 include/elf.h|  2 ++
 linux-user/elfload.c | 23 ++
 linux-user/main.c| 86 
 3 files changed, 111 insertions(+)

diff --git a/include/elf.h b/include/elf.h
index 3e75f05..154144e 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -133,6 +133,8 @@ typedef int64_t  Elf64_Sxword;
 
 #define EM_AARCH64  183
 
+#define EM_TILEGX   191 /* TILE-Gx */
+
 /* This is the info that is needed to parse the dynamic section of the file */
 #define DT_NULL0
 #define DT_NEEDED  1
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 399c021..2571cb8 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1189,6 +1189,29 @@ static inline void init_thread(struct target_pt_regs 
*regs, struct image_info *i
 
 #endif /* TARGET_S390X */
 
+#ifdef TARGET_TILEGX
+
+/* 42 bits real used address, a half for user mode */
+#define ELF_START_MMAP (0x00200ULL)
+
+#define elf_check_arch(x) ((x) == EM_TILEGX)
+
+#define ELF_CLASS   ELFCLASS64
+#define ELF_DATAELFDATA2LSB
+#define ELF_ARCHEM_TILEGX
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->lr = infop->entry;
+regs->sp = infop->start_stack;
+
+}
+
+#define ELF_EXEC_PAGESIZE65536 /* TILE-Gx page size is 64KB */
+
+#endif /* TARGET_TILEGX */
+
 #ifndef ELF_PLATFORM
 #define ELF_PLATFORM (NULL)
 #endif
diff --git a/linux-user/main.c b/linux-user/main.c
index 6e446de..ecfc80b 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3418,6 +3418,32 @@ void cpu_loop(CPUS390XState *env)
 
 #endif /* TARGET_S390X */
 
+#ifdef TARGET_TILEGX
+void cpu_loop(CPUTLGState *env)
+{
+CPUState *cs = CPU(tilegx_env_get_cpu(env));
+int trapnr;
+
+while (1) {
+cpu_exec_start(cs);
+trapnr = cpu_tilegx_exec(env);
+cpu_exec_end(cs);
+switch (trapnr) {
+case TILEGX_EXCP_SYSCALL:
+env->regs[TILEGX_R_RE] = do_syscall(env, env->regs[TILEGX_R_NR],
+env->regs[0], env->regs[1],
+env->regs[2], env->regs[3],
+env->regs[4], env->regs[5],
+env->regs[6], env->regs[7]);
+break;
+default:
+exit(-1);
+}
+process_pending_signals(env);
+}
+}
+#endif
+
 THREAD CPUState *thread_cpu;
 
 void task_settid(TaskState *ts)
@@ -4392,6 +4418,66 @@ int main(int argc, char **argv, char **envp)
 env->psw.mask = regs->psw.mask;
 env->psw.addr = regs->psw.addr;
 }
+#elif defined(TARGET_TILEGX)
+{
+env->regs[0] = regs->r0;
+env->regs[1] = regs->r1;
+env->regs[2] = regs->r2;
+env->regs[3] = regs->r3;
+env->regs[4] = regs->r4;
+env->regs[5] = regs->r5;
+env->regs[6] = regs->r6;
+env->regs[7] = regs->r7;
+env->regs[8] = regs->r8;
+env->regs[9] = regs->r9;
+env->regs[10] = regs->r10;
+env->regs[11] = regs->r11;
+env->regs[12] = regs->r12;
+env->regs[13] = regs->r13;
+env->regs[14] = regs->r14;
+env->regs[15] = regs->r15;
+env->regs[16] = regs->r16;
+env->regs[17] = regs->r17;
+env->regs[18] = regs->r18;
+env->regs[19] = regs->r19;
+env->regs[20] = regs->r20;
+env->regs[21] = regs->r21;
+env->regs[22] = regs->r22;
+env->regs[23] = regs->r23;
+env->regs[24] = regs->r24;
+env->regs[25] = regs->r25;
+env->regs[26] = regs->r26;
+env->regs[27] = regs->r27;
+env->regs[28] = regs->r28;
+env->regs[29] = regs->r29;
+env->regs[30] = regs->r30;
+env->regs[31] = regs->r31;
+env->regs[32] = regs->r32;
+env->regs[33] = regs->r33;
+env->regs[34] = regs->r34;
+env->regs[35] = regs->r35;
+env->regs[36] = regs->r36;
+env->regs[37] = regs->r37;
+env->regs[38] = regs->r38;
+env->regs[39] = regs->r39;
+env->regs[40] = regs->r40;
+env->regs[41] = regs->r41;
+env->regs[42] = regs->r42;
+env->regs[43] = regs->r43;
+env->regs[44] = regs->r44;
+env->regs[45] = regs->r45;
+env->regs[46] = regs->r46;
+env->regs[47] = regs->r47;
+env->regs[48] = regs->r48;
+env->regs[49] = regs->r49;
+env->regs[50] = regs->r50;
+env->regs[51] = regs->r51;
+env->regs[52] = regs->r52; /* TILEGX_R_BP */
+env->regs[53] = regs->tp;  /* TILEGX_R_TP */
+env->regs[54] = regs->sp;  /* TILEGX_R_SP */
+env->regs[5

[Qemu-devel] [PATCH 05/12 v8] linux-user/syscall.c: conditionalize syscalls which are not defined in tilegx

[Chen Gang]

For tilegx, several syscall macros are not supported, so switch them to
avoid building break.

Signed-off-by: Chen Gang 
---
 linux-user/syscall.c | 50 +-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 5720195..d1a00ad 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -213,7 +213,7 @@ static int gettid(void) {
 return -ENOSYS;
 }
 #endif
-#ifdef __NR_getdents
+#if defined(TARGET_NR_getdents) && defined(__NR_getdents)
 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, 
count);
 #endif
 #if !defined(__NR_getdents) || \
@@ -5580,6 +5580,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 ret = get_errno(write(arg1, p, arg3));
 unlock_user(p, arg2, 0);
 break;
+#ifdef TARGET_NR_open
 case TARGET_NR_open:
 if (!(p = lock_user_string(arg1)))
 goto efault;
@@ -5588,6 +5589,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
   arg3));
 unlock_user(p, arg1, 0);
 break;
+#endif
 case TARGET_NR_openat:
 if (!(p = lock_user_string(arg2)))
 goto efault;
@@ -5602,9 +5604,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_brk:
 ret = do_brk(arg1);
 break;
+#ifdef TARGET_NR_fork
 case TARGET_NR_fork:
 ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, 0, 0, 0));
 break;
+#endif
 #ifdef TARGET_NR_waitpid
 case TARGET_NR_waitpid:
 {
@@ -5639,6 +5643,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 unlock_user(p, arg1, 0);
 break;
 #endif
+#ifdef TARGET_NR_link
 case TARGET_NR_link:
 {
 void * p2;
@@ -5652,6 +5657,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 unlock_user(p, arg1, 0);
 }
 break;
+#endif
 #if defined(TARGET_NR_linkat)
 case TARGET_NR_linkat:
 {
@@ -5669,12 +5675,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 #endif
+#ifdef TARGET_NR_unlink
 case TARGET_NR_unlink:
 if (!(p = lock_user_string(arg1)))
 goto efault;
 ret = get_errno(unlink(p));
 unlock_user(p, arg1, 0);
 break;
+#endif
 #if defined(TARGET_NR_unlinkat)
 case TARGET_NR_unlinkat:
 if (!(p = lock_user_string(arg2)))
@@ -5791,12 +5799,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 #endif
+#ifdef TARGET_NR_mknod
 case TARGET_NR_mknod:
 if (!(p = lock_user_string(arg1)))
 goto efault;
 ret = get_errno(mknod(p, arg2, arg3));
 unlock_user(p, arg1, 0);
 break;
+#endif
 #if defined(TARGET_NR_mknodat)
 case TARGET_NR_mknodat:
 if (!(p = lock_user_string(arg2)))
@@ -5805,12 +5815,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 unlock_user(p, arg2, 0);
 break;
 #endif
+#ifdef TARGET_NR_chmod
 case TARGET_NR_chmod:
 if (!(p = lock_user_string(arg1)))
 goto efault;
 ret = get_errno(chmod(p, arg2));
 unlock_user(p, arg1, 0);
 break;
+#endif
 #ifdef TARGET_NR_break
 case TARGET_NR_break:
 goto unimplemented;
@@ -5945,6 +5957,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 }
 break;
 #endif
+#ifdef TARGET_NR_utimes
 case TARGET_NR_utimes:
 {
 struct timeval *tvp, tv[2];
@@ -5963,6 +5976,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 unlock_user(p, arg1, 0);
 }
 break;
+#endif
 #if defined(TARGET_NR_futimesat)
 case TARGET_NR_futimesat:
 {
@@ -5991,12 +6005,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_gtty:
 goto unimplemented;
 #endif
+#ifdef TARGET_NR_access
 case TARGET_NR_access:
 if (!(p = lock_user_string(arg1)))
 goto efault;
 ret = get_errno(access(path(p), arg2));
 unlock_user(p, arg1, 0);
 break;
+#endif
 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
 case TARGET_NR_faccessat:
 if (!(p = lock_user_string(arg2)))
@@ -6021,6 +6037,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 case TARGET_NR_kill:
 ret = get_errno(kill(arg1, target_to_host_signal(arg2)));
 break;
+#ifdef TARGET_NR_rename
 case TARGET_NR_rename:
 {
 void *p2;
@@ -6034,6 +6051,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 unlock_user(p, arg1, 0);
 }
 break;
+#endif
 #if defined(TARGET_NR_renameat)
 case TARGET_NR_renameat:
 {
@@ -6049,12 +6067,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 #endif
+#ifdef TARG

[Qemu-devel] [PATCH 06/12 v8] target-tilegx: Add TILE-Gx building files

[Chen Gang]

Add related configuration, make files for tilegx.

Signed-off-by: Chen Gang 
---
 configure | 3 +++
 default-configs/tilegx-linux-user.mak | 1 +
 target-tilegx/Makefile.objs   | 1 +
 3 files changed, 5 insertions(+)
 create mode 100644 default-configs/tilegx-linux-user.mak
 create mode 100644 target-tilegx/Makefile.objs

diff --git a/configure b/configure
index 589798e..a8704ec 100755
--- a/configure
+++ b/configure
@@ -5215,6 +5215,9 @@ case "$target_name" in
   s390x)
 gdb_xml_files="s390x-core64.xml s390-acr.xml s390-fpr.xml"
   ;;
+  tilegx)
+TARGET_ARCH=tilegx
+  ;;
   unicore32)
   ;;
   xtensa|xtensaeb)
diff --git a/default-configs/tilegx-linux-user.mak 
b/default-configs/tilegx-linux-user.mak
new file mode 100644
index 000..3e47493
--- /dev/null
+++ b/default-configs/tilegx-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for tilegx-linux-user
diff --git a/target-tilegx/Makefile.objs b/target-tilegx/Makefile.objs
new file mode 100644
index 000..8b3dc76
--- /dev/null
+++ b/target-tilegx/Makefile.objs
@@ -0,0 +1 @@
+obj-y += cpu.o translate.o helper.o
-- 
1.9.3

[Qemu-devel] [PATCH 07/12 v8] target-tilegx: Add cpu basic features for linux-user

[Chen Gang]

It implements minimized cpu features for linux-user.

Signed-off-by: Chen Gang 
---
 target-tilegx/cpu-qom.h |  73 
 target-tilegx/cpu.c | 149 
 target-tilegx/cpu.h |  94 ++
 3 files changed, 316 insertions(+)
 create mode 100644 target-tilegx/cpu-qom.h
 create mode 100644 target-tilegx/cpu.c
 create mode 100644 target-tilegx/cpu.h

diff --git a/target-tilegx/cpu-qom.h b/target-tilegx/cpu-qom.h
new file mode 100644
index 000..5615c3b
--- /dev/null
+++ b/target-tilegx/cpu-qom.h
@@ -0,0 +1,73 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+#ifndef QEMU_TILEGX_CPU_QOM_H
+#define QEMU_TILEGX_CPU_QOM_H
+
+#include "qom/cpu.h"
+
+#define TYPE_TILEGX_CPU "tilegx-cpu"
+
+#define TILEGX_CPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(TileGXCPUClass, (klass), TYPE_TILEGX_CPU)
+#define TILEGX_CPU(obj) \
+OBJECT_CHECK(TileGXCPU, (obj), TYPE_TILEGX_CPU)
+#define TILEGX_CPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(TileGXCPUClass, (obj), TYPE_TILEGX_CPU)
+
+/**
+ * TileGXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A Tile-Gx CPU model.
+ */
+typedef struct TileGXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+} TileGXCPUClass;
+
+/**
+ * TileGXCPU:
+ * @env: #CPUTLGState
+ *
+ * A Tile-GX CPU.
+ */
+typedef struct TileGXCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUTLGState env;
+} TileGXCPU;
+
+static inline TileGXCPU *tilegx_env_get_cpu(CPUTLGState *env)
+{
+return container_of(env, TileGXCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(tilegx_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(TileGXCPU, env)
+
+#endif
diff --git a/target-tilegx/cpu.c b/target-tilegx/cpu.c
new file mode 100644
index 000..8255fdc
--- /dev/null
+++ b/target-tilegx/cpu.c
@@ -0,0 +1,149 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+
+TileGXCPU *cpu_tilegx_init(const char *cpu_model)
+{
+TileGXCPU *cpu;
+
+cpu = TILEGX_CPU(object_new(TYPE_TILEGX_CPU));
+
+object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
+
+return cpu;
+}
+
+static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
+{
+TileGXCPU *cpu = TILEGX_CPU(cs);
+
+cpu->env.pc = value;
+}
+
+static bool tilegx_cpu_has_work(CPUState *cs)
+{
+return true;
+}
+
+static void tilegx_cpu_reset(CPUState *s)
+{
+TileGXCPU *cpu = TILEGX_CPU(s);
+TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(cpu);
+CPUTLGState *env = &cpu->env;
+
+tcc->parent_reset(s);
+
+memset(env, 0, sizeof(CPUTLGState));
+tlb_flush(s, 1);
+}
+
+static void tilegx_cpu_realizefn(DeviceState *dev, Error **errp)
+{
+CPUState *cs = CPU(dev);
+TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(dev);
+
+cpu_reset(cs);
+qemu_init_vcpu(cs);
+
+tcc->parent_realize(dev, errp);
+}
+
+static void tilegx_cpu_initfn(Object *obj)
+{
+CPUState *cs = CPU(obj);
+TileGXCPU *cpu = TILEGX_CPU(obj);
+CPUTLGState *env = &cpu->env;
+static bool tcg_initialized;
+
+cs->env_ptr = env;
+cpu_exec_init(env);
+
+if (tcg_enabled() && !tcg_initialized) {
+tcg_initialized = true;
+tilegx_tcg_init();
+}
+}
+
+static const VMStateDescription vmstate_tilegx_cpu = {
+.name = "c

[Qemu-devel] [PATCH 08/12 v8] target-tilegx: Add helper features for linux-user

[Chen Gang]

For supporting linux-user system call, tilegx need support exception
helper features for it.

Signed-off-by: Chen Gang 
---
 target-tilegx/helper.c | 31 +++
 target-tilegx/helper.h |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 target-tilegx/helper.c
 create mode 100644 target-tilegx/helper.h

diff --git a/target-tilegx/helper.c b/target-tilegx/helper.c
new file mode 100644
index 000..ffac2b9
--- /dev/null
+++ b/target-tilegx/helper.c
@@ -0,0 +1,31 @@
+/*
+ * QEMU TILE-Gx helpers
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "exec/helper-proto.h"
+
+void helper_exception(CPUTLGState *env, uint32_t excp)
+{
+CPUState *cs = CPU(tilegx_env_get_cpu(env));
+
+cs->exception_index = excp;
+cpu_loop_exit(cs);
+}
diff --git a/target-tilegx/helper.h b/target-tilegx/helper.h
new file mode 100644
index 000..36d1cd9
--- /dev/null
+++ b/target-tilegx/helper.h
@@ -0,0 +1 @@
+DEF_HELPER_2(exception, noreturn, env, i32)
-- 
1.9.3

[Qemu-devel] [Bug 1392504] Re: USB Passthrough is not working anymore

[Kelvin Middleton]

I don't run apparmor.

Ubuntu 14.10 host

Have this same issue with USB Host Attachment on Windows and Linux guests.
USB Redirection using SPICE is unaffected and works as expected.

Libvirt logs show...
libusbx: error [_get_usbfs_fd] libusbx couldn't open USB device 
/dev/bus/usb/003/006: Permission denied
libusbx: error [_get_usbfs_fd] libusbx requires write access to USB device 
nodes.

'chown libvirt-qemu:kvm /dev/bus/usb/003/006' solves the problem and USB
Host Attachment now works again.

Host dmesg shows...
usb 3-13: reset high-speed USB device number 9 using xhci_hcd
[ 3346.483029] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called with 
disabled ep 8807ba9beb40
...USB device needs to be physically detached and re-attached for host to see 
again.

Tested this with a Sandisk Cruzer Blade 16GB and a Logitech HD C525.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1392504

Title:
  USB Passthrough is not working anymore

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Triaged

Bug description:
  After upgrading from Ubuntu 14.04 to Ubuntu 14.10 USB passthrough in
  QEMU (version is now 2.1.0 - Debian2.1+dfsg-4ubuntu6.1) is not working
  any more. Already tried to remove and attach the USB devices. I use 1
  USB2 HDD  +  1 USB3 HDD to a virtual linux machine; 1 USB2 HDD to a
  virual FNAS machine and a USB 2camera to virtual Win7 machine. All
  these devices are not working any more.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1392504/+subscriptions

[Qemu-devel] [PATCH 09/12 v8] target-tilegx: Add opcode basic implementation for tilegx

[Chen Gang]

It is from Tilera Corporation, and copied from Linux kernel "arch/tile/
include/uapi/arch/opcode_tilegx.h".

Signed-off-by: Chen Gang 
---
 target-tilegx/opcode_tilegx.h | 1406 +
 1 file changed, 1406 insertions(+)
 create mode 100644 target-tilegx/opcode_tilegx.h

diff --git a/target-tilegx/opcode_tilegx.h b/target-tilegx/opcode_tilegx.h
new file mode 100644
index 000..d76ff2d
--- /dev/null
+++ b/target-tilegx/opcode_tilegx.h
@@ -0,0 +1,1406 @@
+/* TILE-Gx opcode information.
+ *
+ * Copyright 2011 Tilera Corporation. All Rights Reserved.
+ *
+ *   This program is free software; you can redistribute it and/or
+ *   modify it under the terms of the GNU General Public License
+ *   as published by the Free Software Foundation, version 2.
+ *
+ *   This program is distributed in the hope that it will be useful, but
+ *   WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ *   NON INFRINGEMENT.  See the GNU General Public License for
+ *   more details.
+ *
+ *
+ *
+ *
+ *
+ */
+
+#ifndef __ARCH_OPCODE_H__
+#define __ARCH_OPCODE_H__
+
+#ifndef __ASSEMBLER__
+
+typedef unsigned long long tilegx_bundle_bits;
+
+/* These are the bits that determine if a bundle is in the X encoding. */
+#define TILEGX_BUNDLE_MODE_MASK ((tilegx_bundle_bits)3 << 62)
+
+enum
+{
+  /* Maximum number of instructions in a bundle (2 for X, 3 for Y). */
+  TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE = 3,
+
+  /* How many different pipeline encodings are there? X0, X1, Y0, Y1, Y2. */
+  TILEGX_NUM_PIPELINE_ENCODINGS = 5,
+
+  /* Log base 2 of TILEGX_BUNDLE_SIZE_IN_BYTES. */
+  TILEGX_LOG2_BUNDLE_SIZE_IN_BYTES = 3,
+
+  /* Instructions take this many bytes. */
+  TILEGX_BUNDLE_SIZE_IN_BYTES = 1 << TILEGX_LOG2_BUNDLE_SIZE_IN_BYTES,
+
+  /* Log base 2 of TILEGX_BUNDLE_ALIGNMENT_IN_BYTES. */
+  TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES = 3,
+
+  /* Bundles should be aligned modulo this number of bytes. */
+  TILEGX_BUNDLE_ALIGNMENT_IN_BYTES =
+(1 << TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES),
+
+  /* Number of registers (some are magic, such as network I/O). */
+  TILEGX_NUM_REGISTERS = 64,
+};
+
+/* Make a few "tile_" variables to simplify common code between
+   architectures.  */
+
+typedef tilegx_bundle_bits tile_bundle_bits;
+#define TILE_BUNDLE_SIZE_IN_BYTES TILEGX_BUNDLE_SIZE_IN_BYTES
+#define TILE_BUNDLE_ALIGNMENT_IN_BYTES TILEGX_BUNDLE_ALIGNMENT_IN_BYTES
+#define TILE_LOG2_BUNDLE_ALIGNMENT_IN_BYTES \
+  TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES
+#define TILE_BPT_BUNDLE TILEGX_BPT_BUNDLE
+
+/* 64-bit pattern for a { bpt ; nop } bundle. */
+#define TILEGX_BPT_BUNDLE 0x286a44ae51485000ULL
+
+static __inline unsigned int
+get_BFEnd_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0x3f);
+}
+
+static __inline unsigned int
+get_BFOpcodeExtension_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 24)) & 0xf);
+}
+
+static __inline unsigned int
+get_BFStart_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 18)) & 0x3f);
+}
+
+static __inline unsigned int
+get_BrOff_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x003f) |
+ (((unsigned int)(n >> 37)) & 0x0001ffc0);
+}
+
+static __inline unsigned int
+get_BrType_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 54)) & 0x1f);
+}
+
+static __inline unsigned int
+get_Dest_Imm8_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x003f) |
+ (((unsigned int)(n >> 43)) & 0x00c0);
+}
+
+static __inline unsigned int
+get_Dest_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 0)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_Y0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 0)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_Y1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Imm16_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0x);
+}
+
+static __inline unsigned int
+get_Imm16_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 43)) & 0x);
+}
+
+static __inline unsigned int
+get_Imm8OpcodeExtension_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 20)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8OpcodeExtension_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 51)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8_X1(tilegx_bundle_b

[Qemu-devel] [PATCH 10/12 v8] target-tilegx: Finish processing bundle and preparing decoding pipes

[Chen Gang]

Finish processing tilegx bundle, and reach to related pipes. At present,
the qemu tilegx can pass building.

Signed-off-by: Chen Gang 
---
 target-tilegx/translate.c | 515 ++
 1 file changed, 515 insertions(+)
 create mode 100644 target-tilegx/translate.c

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
new file mode 100644
index 000..0ac7e11
--- /dev/null
+++ b/target-tilegx/translate.c
@@ -0,0 +1,515 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu/log.h"
+#include "disas/disas.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "opcode_tilegx.h"
+
+#define FMT64X  "%016" PRIx64
+
+#define TILEGX_OPCODE_MAX_X0164  /* include 164 */
+#define TILEGX_OPCODE_MAX_X1107  /* include 107 */
+#define TILEGX_OPCODE_MAX_Y0 15  /* include 15 */
+#define TILEGX_OPCODE_MAX_Y1 15  /* include 15 */
+#define TILEGX_OPCODE_MAX_Y2  3  /* include 3 */
+
+static TCGv_ptr cpu_env;
+static TCGv cpu_pc;
+static TCGv cpu_regs[TILEGX_R_COUNT];
+
+static const char * const reg_names[] = {
+ "r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
+ "r8",  "r9", "r10", "r11", "r12", "r13", "r14", "r15",
+"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+"r32", "r33", "r34", "r35", "r36", "r37", "r38", "r39",
+"r40", "r41", "r42", "r43", "r44", "r45", "r46", "r47",
+"r48", "r49", "r50", "r51",  "bp",  "tp",  "sp",  "lr"
+};
+
+/* It is for temporary registers */
+typedef struct DisasContextTemp {
+uint8_t idx;   /* index */
+TCGv val;  /* value */
+} DisasContextTemp;
+
+/* This is the state at translation time.  */
+typedef struct DisasContext {
+uint64_t pc;   /* Current pc */
+uint64_t exception;/* Current exception */
+
+TCGv zero; /* For zero register */
+
+DisasContextTemp *tmp_regcur;  /* Current temporary registers */
+DisasContextTemp tmp_regs[TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE];
+   /* All temporary registers */
+struct {
+TCGCond cond;  /* Branch condition */
+TCGv dest; /* pc jump destination, if will jump */
+TCGv val1; /* Firt value for condition comparing */
+TCGv val2; /* Second value for condition comparing */
+} jmp; /* Jump object, only once in each TB block 
*/
+} DisasContext;
+
+#include "exec/gen-icount.h"
+
+static void gen_exception(DisasContext *dc, int num)
+{
+TCGv_i32 tmp = tcg_const_i32(num);
+
+gen_helper_exception(cpu_env, tmp);
+tcg_temp_free_i32(tmp);
+}
+
+static void decode_addi_opcode_y0(struct DisasContext *dc,
+  tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_rrr_1_opcode_y0(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_rrr_5_opcode_y0(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_addi_opcode_y1(struct DisasContext *dc,
+  tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_rrr_1_opcode_y1(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_rrr_5_opcode_y1(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_ldst0_opcode_y2(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_ldst1_opcode_y2(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_ldst2_opcode_y2(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_ldst3_opcode_y2(struct DisasContext *dc,
+   tilegx_bundle_bits bundle)
+{
+}
+
+static void decode_addli_opcode_x0(struct DisasContext *dc,
+

[Qemu-devel] [PATCH 11/12 v8] target-tilegx: Decoding pipes to support finish running 1st system call

[Chen Gang]

For the instructions which need tcg generation, the decoding functions
return directly, or they will direct to the exception.

Signed-off-by: Chen Gang 
---
 target-tilegx/translate.c | 704 ++
 1 file changed, 704 insertions(+)

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 0ac7e11..dada275 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -89,11 +89,56 @@ static void decode_addi_opcode_y0(struct DisasContext *dc,
 static void decode_rrr_1_opcode_y0(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_RRROpcodeExtension_Y0(bundle)) {
+case UNARY_RRR_1_OPCODE_Y0:
+switch (get_UnaryOpcodeExtension_Y0(bundle)) {
+case NOP_UNARY_OPCODE_Y0:
+case  FNOP_UNARY_OPCODE_Y0:
+if (!get_SrcA_Y0(bundle) && !get_Dest_Y0(bundle)) {
+return;
+}
+break;
+case CNTLZ_UNARY_OPCODE_Y0:
+case CNTTZ_UNARY_OPCODE_Y0:
+case FSINGLE_PACK1_UNARY_OPCODE_Y0:
+case PCNT_UNARY_OPCODE_Y0:
+case REVBITS_UNARY_OPCODE_Y0:
+case REVBYTES_UNARY_OPCODE_Y0:
+case TBLIDXB0_UNARY_OPCODE_Y0:
+case TBLIDXB1_UNARY_OPCODE_Y0:
+case TBLIDXB2_UNARY_OPCODE_Y0:
+case TBLIDXB3_UNARY_OPCODE_Y0:
+default:
+break;
+}
+break;
+case SHL1ADD_RRR_1_OPCODE_Y0:
+case SHL2ADD_RRR_1_OPCODE_Y0:
+case SHL3ADD_RRR_1_OPCODE_Y0:
+default:
+break;
+}
+
+qemu_log_mask(LOG_UNIMP, "UNIMP rrr_1_opcode_y0, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_rrr_5_opcode_y0(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_RRROpcodeExtension_Y0(bundle)) {
+case OR_RRR_5_OPCODE_Y0:
+return;
+case AND_RRR_5_OPCODE_Y0:
+case NOR_RRR_5_OPCODE_Y0:
+case XOR_RRR_5_OPCODE_Y0:
+default:
+break;
+}
+qemu_log_mask(LOG_UNIMP, "UNIMP rrr_5_opcode_y0, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_addi_opcode_y1(struct DisasContext *dc,
@@ -104,31 +149,116 @@ static void decode_addi_opcode_y1(struct DisasContext 
*dc,
 static void decode_rrr_1_opcode_y1(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_RRROpcodeExtension_Y1(bundle)) {
+case UNARY_RRR_1_OPCODE_Y1:
+switch (get_UnaryOpcodeExtension_Y1(bundle)) {
+case NOP_UNARY_OPCODE_Y1:
+case FNOP_UNARY_OPCODE_Y1:
+if (!get_SrcA_Y1(bundle) && !get_Dest_Y1(bundle)) {
+return;
+}
+break;
+case ILL_UNARY_OPCODE_Y1:
+case JALRP_UNARY_OPCODE_Y1:
+case JALR_UNARY_OPCODE_Y1:
+case JRP_UNARY_OPCODE_Y1:
+case JR_UNARY_OPCODE_Y1:
+case LNK_UNARY_OPCODE_Y1:
+default:
+break;
+}
+break;
+case SHL1ADD_RRR_1_OPCODE_Y1:
+case SHL2ADD_RRR_1_OPCODE_Y1:
+case SHL3ADD_RRR_1_OPCODE_Y1:
+default:
+break;
+}
+qemu_log_mask(LOG_UNIMP, "UNIMP rrr_1_opcode_y1, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_rrr_5_opcode_y1(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_RRROpcodeExtension_Y1(bundle)) {
+case OR_RRR_5_OPCODE_Y1:
+return;
+case AND_RRR_5_OPCODE_Y1:
+case NOR_RRR_5_OPCODE_Y1:
+case XOR_RRR_5_OPCODE_Y1:
+default:
+break;
+}
+qemu_log_mask(LOG_UNIMP, "UNIMP rrr_5_opcode_y1, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_ldst0_opcode_y2(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_Mode(bundle)) {
+case MODE_OPCODE_YA2:
+return;
+case MODE_OPCODE_YB2:
+case MODE_OPCODE_YC2:
+default:
+break;
+}
+qemu_log_mask(LOG_UNIMP, "UNIMP ldst0_opcode_y2, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_ldst1_opcode_y2(struct DisasContext *dc,
tilegx_bundle_bits bundle)
 {
+switch (get_Mode(bundle)) {
+case MODE_OPCODE_YB2:
+return;
+case MODE_OPCODE_YA2:
+case MODE_OPCODE_YC2:
+default:
+break;
+}
+qemu_log_mask(LOG_UNIMP, "UNIMP ldst1_opcode_y2, [" FMT64X "]\n",
+  (uint64_t)bundle);
+dc->exception = TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 }
 
 static void decode_ldst2_opcode_y2(struct DisasContext *dc,
   

[Qemu-devel] [PATCH 12/12 v8] target-tilegx: Generate tcg instructions to execute to 1st system call

[Chen Gang]

Generate related tcg instructions, and qemu tilegx can run to 1st system
call (uname) successfully in  _dl_discover_osversion(), and return to
__libc_start_main().

Signed-off-by: Chen Gang 
---
 target-tilegx/translate.c | 543 ++
 1 file changed, 543 insertions(+)

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index dada275..8274d8b 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -73,6 +73,32 @@ typedef struct DisasContext {
 
 #include "exec/gen-icount.h"
 
+static TCGv load_zero(DisasContext *dc)
+{
+if (TCGV_IS_UNUSED_I64(dc->zero)) {
+dc->zero = tcg_const_i64(0);
+}
+return dc->zero;
+}
+
+static TCGv load_gr(DisasContext *dc, uint8_t reg)
+{
+if (likely(reg < TILEGX_R_COUNT)) {
+return cpu_regs[reg];
+} else if (reg != TILEGX_R_ZERO) {
+dc->exception = TILEGX_EXCP_REG_UNSUPPORTED;
+}
+return load_zero(dc);
+}
+
+static TCGv dest_gr(DisasContext *dc, uint8_t rdst)
+{
+DisasContextTemp *tmp = dc->tmp_regcur;
+tmp->idx = rdst;
+tmp->val = tcg_temp_new_i64();
+return tmp->val;
+}
+
 static void gen_exception(DisasContext *dc, int num)
 {
 TCGv_i32 tmp = tcg_const_i32(num);
@@ -81,9 +107,402 @@ static void gen_exception(DisasContext *dc, int num)
 tcg_temp_free_i32(tmp);
 }
 
+static void gen_fnop(void)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "(f)nop\n");
+}
+
+static void gen_cmpltui(struct DisasContext *dc,
+uint8_t rdst, uint8_t rsrc, int8_t imm8)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "cmpltui r%d, r%d, %d\n",
+  rdst, rsrc, imm8);
+tcg_gen_setcondi_i64(TCG_COND_LTU, dest_gr(dc, rdst), load_gr(dc, rsrc),
+(uint64_t)imm8);
+}
+
+static void gen_cmpeqi(struct DisasContext *dc,
+   uint8_t rdst, uint8_t rsrc, int8_t imm8)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "cmpeqi r%d, r%d, %d\n", rdst, rsrc, 
imm8);
+tcg_gen_setcondi_i64(TCG_COND_EQ, dest_gr(dc, rdst), load_gr(dc, rsrc),
+(uint64_t)imm8);
+}
+
+static void gen_cmpne(struct DisasContext *dc,
+  uint8_t rdst, uint8_t rsrc, uint8_t rsrcb)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "cmpne r%d, r%d, r%d\n",
+  rdst, rsrc, rsrcb);
+tcg_gen_setcond_i64(TCG_COND_NE, dest_gr(dc, rdst), load_gr(dc, rsrc),
+load_gr(dc, rsrcb));
+}
+
+static void gen_cmoveqz(struct DisasContext *dc,
+uint8_t rdst, uint8_t rsrc, uint8_t rsrcb)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "cmoveqz r%d, r%d, r%d\n",
+  rdst, rsrc, rsrcb);
+tcg_gen_movcond_i64(TCG_COND_EQ, dest_gr(dc, rdst), load_gr(dc, rsrc),
+load_zero(dc), load_gr(dc, rsrcb), load_gr(dc, rdst));
+}
+
+static void gen_cmovnez(struct DisasContext *dc,
+uint8_t rdst, uint8_t rsrc, uint8_t rsrcb)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "cmovnez r%d, r%d, r%d\n",
+  rdst, rsrc, rsrcb);
+tcg_gen_movcond_i64(TCG_COND_NE, dest_gr(dc, rdst), load_gr(dc, rsrc),
+load_zero(dc), load_gr(dc, rsrcb), load_gr(dc, rdst));
+}
+
+static void gen_add(struct DisasContext *dc,
+uint8_t rdst, uint8_t rsrc, uint8_t rsrcb)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "add r%d, r%d, r%d\n",
+  rdst, rsrc, rsrcb);
+tcg_gen_add_i64(dest_gr(dc, rdst), load_gr(dc, rsrc), load_gr(dc, rsrcb));
+}
+
+static void gen_addimm(struct DisasContext *dc,
+   uint8_t rdst, uint8_t rsrc, int64_t imm)
+{
+tcg_gen_addi_i64(dest_gr(dc, rdst), load_gr(dc, rsrc), imm);
+}
+
+static void gen_addi(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, int8_t imm8)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "addi r%d, r%d, %d\n", rdst, rsrc, imm8);
+gen_addimm(dc, rdst, rsrc, (int64_t)imm8);
+}
+
+static void gen_addli(struct DisasContext *dc,
+  uint8_t rdst, uint8_t rsrc, int16_t im16)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "addli r%d, r%d, %d\n", rdst, rsrc, im16);
+gen_addimm(dc, rdst, rsrc, (int64_t)im16);
+}
+
+static void gen_addx(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, uint8_t rsrcb)
+{
+TCGv vdst = dest_gr(dc, rdst);
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "addx r%d, r%d, r%d\n", rdst, rsrc, 
rsrcb);
+tcg_gen_add_i64(vdst, load_gr(dc, rsrc), load_gr(dc, rsrcb));
+tcg_gen_ext32s_i64(vdst, vdst);
+}
+
+static void gen_addximm(struct DisasContext *dc,
+uint8_t rdst, uint8_t rsrc, int32_t imm)
+{
+TCGv vdst = dest_gr(dc, rdst);
+
+tcg_gen_addi_i64(vdst, load_gr(dc, rsrc), imm);
+tcg_gen_ext32s_i64(vdst, vdst);
+}
+
+static void gen_addxi(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, int8_t imm8)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "addxi r%d, r%d, %d\n", rdst, 

Re: [Qemu-devel] Mac OS X no longer boots from cd

[Programmingkid]

On Mar 20, 2015, at 6:31 PM, John Snow wrote:

> 
> 
> On 03/20/2015 06:25 PM, Programmingkid wrote:
>> 
>> On Mar 20, 2015, at 4:35 PM, John Snow wrote:
>>> 
>>> If you feel like the CD rom boot failure is "new", I'd be very interested 
>>> to know how recent that failure is.
>>> 
>>> The macio RFC might help, but if you have the cycles to do a bisect 
>>> upstream, I would appreciate that.
>>> 
>>> (And I will get to reviewing that RFC next week.)
>>> 
>>> Thanks,
>>> --js
>> 
>> I'm not sure how recent the failure is. I do know this issue is present in 
>> QEMU 2.2.0. Just to note, I am using Mac OS 10.2 boot cd for my tests.
>> 
> 
> What was the last known good version?

QEMU version 1.5.5.

[Qemu-devel] [PATCH] target-tricore: Fix check which was always false

[Stefan Weil]

With a mask value of 0x0040, the result will never be 1.
This fixes a Coverity warning.

Signed-off-by: Stefan Weil 
---
 target-tricore/op_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index 0e7b4e8..b7d18b2 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -2593,7 +2593,7 @@ void helper_rslcx(CPUTriCoreState *env)
 /* CSU trap */
 }
 /* if (PCXI.UL == 1) then trap(CTYP); */
-if ((env->PCXI & MASK_PCXI_UL) == 1) {
+if ((env->PCXI & MASK_PCXI_UL) != 0) {
 /* CTYP trap */
 }
 /* EA = {PCXI.PCXS, 6'b0, PCXI.PCXO, 6'b0}; */
-- 
2.1.4

Re: [Qemu-devel] [PATCH] translate-all: remove superfluous #ifdef FOO || 1

[Paolo Bonzini]

On 21/03/2015 07:25, Emilio G. Cota wrote:
> It always evaluates to true.
> 
> Signed-off-by: Emilio G. Cota 
> ---
>  translate-all.c | 4 
>  1 file changed, 4 deletions(-)
> 
> diff --git a/translate-all.c b/translate-all.c
> index 9f47ce7..11763c6 100644
> --- a/translate-all.c
> +++ b/translate-all.c
> @@ -1334,8 +1334,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
>  p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
>  invalidate_page_bitmap(p);
>  
> -#if defined(TARGET_HAS_SMC) || 1
> -
>  #if defined(CONFIG_USER_ONLY)
>  if (p->flags & PAGE_WRITE) {
>  target_ulong addr;
> @@ -1371,8 +1369,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
>  tlb_protect_code(page_addr);
>  }
>  #endif
> -
> -#endif /* TARGET_HAS_SMC */
>  }
>  
>  /* add a new TB and link it to the physical page tables. phys_page2 is
> 

You are removing the last use of TARGET_HAS_SMC, please remove the
definition as well.

Paolo

[Qemu-devel] [PATCH] rcutorture: fix compilation on 32-bit ppc

[Paolo Bonzini]

32-bit PPC cannot do atomic operations on long long.  Inside the loops,
we are already using local counters that are summed at the end of
the run---with one exception in rcu_read_stress_test: fix it to use
the same technique.  Then, use a mutex to protect the global counts.
Performance does not matter there because every thread will only enter
the critical section once.

Remaining uses of atomic instructions are for ints or pointers.

Reported-by: Andreas Faerber 
Signed-off-by: Paolo Bonzini 
---
 tests/rcutorture.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/tests/rcutorture.c b/tests/rcutorture.c
index 60a2ccf..d6b304d 100644
--- a/tests/rcutorture.c
+++ b/tests/rcutorture.c
@@ -82,6 +82,7 @@ static volatile int goflag = GOFLAG_INIT;
 #define RCU_READ_RUN 1000
 
 #define NR_THREADS 100
+static QemuMutex counts_mutex;
 static QemuThread threads[NR_THREADS];
 static struct rcu_reader_data *data[NR_THREADS];
 static int n_threads;
@@ -130,7 +131,9 @@ static void *rcu_read_perf_test(void *arg)
 }
 n_reads_local += RCU_READ_RUN;
 }
-atomic_add(&n_reads, n_reads_local);
+qemu_mutex_lock(&counts_mutex);
+n_reads += n_reads_local;
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -151,7 +154,9 @@ static void *rcu_update_perf_test(void *arg)
 synchronize_rcu();
 n_updates_local++;
 }
-atomic_add(&n_updates, n_updates_local);
+qemu_mutex_lock(&counts_mutex);
+n_updates += n_updates_local;
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -241,6 +246,7 @@ static void *rcu_read_stress_test(void *arg)
 struct rcu_stress *p;
 int pc;
 long long n_reads_local = 0;
+long long rcu_stress_local[RCU_STRESS_PIPE_LEN + 1] = { 0 };
 volatile int garbage = 0;
 
 rcu_register_thread();
@@ -265,13 +271,18 @@ static void *rcu_read_stress_test(void *arg)
 if ((pc > RCU_STRESS_PIPE_LEN) || (pc < 0)) {
 pc = RCU_STRESS_PIPE_LEN;
 }
-atomic_inc(&rcu_stress_count[pc]);
+rcu_stress_local[pc]++;
 n_reads_local++;
 if ((++itercnt % 0x1000) == 0) {
 synchronize_rcu();
 }
 }
-atomic_add(&n_reads, n_reads_local);
+qemu_mutex_lock(&counts_mutex);
+n_reads += n_reads_local;
+for (i = 0; i <= RCU_STRESS_PIPE_LEN; i++) {
+rcu_stress_count[i] += rcu_stress_local[i];
+}
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -419,6 +430,7 @@ int main(int argc, char *argv[])
 int nreaders = 1;
 int duration = 1;
 
+qemu_mutex_init(&counts_mutex);
 if (argc >= 2 && argv[1][0] == '-') {
 g_test_init(&argc, &argv, NULL);
 if (g_test_quick()) {
-- 
2.3.0

Re: [Qemu-devel] [PATCH for-2.3] fw_cfg-test: Fix test path to include architecture

[Paolo Bonzini]

On 19/03/2015 18:47, Andreas Färber wrote:
> Use qtest_add_func() instead of g_test_add_func() to reflect
> the architecture tested, changing GTester paths as follows:
> 
>   /fw_cfg/foo -> /x86_64/fw_cfg/foo etc.
> 
> Signed-off-by: Andreas Färber 
> ---
>  tests/fw_cfg-test.c | 26 +-
>  1 file changed, 13 insertions(+), 13 deletions(-)
> 
> diff --git a/tests/fw_cfg-test.c b/tests/fw_cfg-test.c
> index 5c8f8d6..9be78e9 100644
> --- a/tests/fw_cfg-test.c
> +++ b/tests/fw_cfg-test.c
> @@ -109,21 +109,21 @@ int main(int argc, char **argv)
>  
>  fw_cfg = pc_fw_cfg_init();
>  
> -g_test_add_func("/fw_cfg/signature", test_fw_cfg_signature);
> -g_test_add_func("/fw_cfg/id", test_fw_cfg_id);
> -g_test_add_func("/fw_cfg/uuid", test_fw_cfg_uuid);
> -g_test_add_func("/fw_cfg/ram_size", test_fw_cfg_ram_size);
> -g_test_add_func("/fw_cfg/nographic", test_fw_cfg_nographic);
> -g_test_add_func("/fw_cfg/nb_cpus", test_fw_cfg_nb_cpus);
> +qtest_add_func("fw_cfg/signature", test_fw_cfg_signature);
> +qtest_add_func("fw_cfg/id", test_fw_cfg_id);
> +qtest_add_func("fw_cfg/uuid", test_fw_cfg_uuid);
> +qtest_add_func("fw_cfg/ram_size", test_fw_cfg_ram_size);
> +qtest_add_func("fw_cfg/nographic", test_fw_cfg_nographic);
> +qtest_add_func("fw_cfg/nb_cpus", test_fw_cfg_nb_cpus);
>  #if 0
> -g_test_add_func("/fw_cfg/machine_id", test_fw_cfg_machine_id);
> -g_test_add_func("/fw_cfg/kernel", test_fw_cfg_kernel);
> -g_test_add_func("/fw_cfg/initrd", test_fw_cfg_initrd);
> -g_test_add_func("/fw_cfg/boot_device", test_fw_cfg_boot_device);
> +qtest_add_func("fw_cfg/machine_id", test_fw_cfg_machine_id);
> +qtest_add_func("fw_cfg/kernel", test_fw_cfg_kernel);
> +qtest_add_func("fw_cfg/initrd", test_fw_cfg_initrd);
> +qtest_add_func("fw_cfg/boot_device", test_fw_cfg_boot_device);
>  #endif
> -g_test_add_func("/fw_cfg/max_cpus", test_fw_cfg_max_cpus);
> -g_test_add_func("/fw_cfg/numa", test_fw_cfg_numa);
> -g_test_add_func("/fw_cfg/boot_menu", test_fw_cfg_boot_menu);
> +qtest_add_func("fw_cfg/max_cpus", test_fw_cfg_max_cpus);
> +qtest_add_func("fw_cfg/numa", test_fw_cfg_numa);
> +qtest_add_func("fw_cfg/boot_menu", test_fw_cfg_boot_menu);
>  
>  cmdline = g_strdup_printf("-uuid 4600cb32-38ec-4b2f-8acb-81c6ea54f2d8 ");
>  s = qtest_start(cmdline);
> 

Reviewed-by: Paolo Bonzini 

Re: [Qemu-devel] [PATCH v2] fw_cfg: factor out initialization of FW_CFG_ID (rev. number)

[Paolo Bonzini]

On 19/03/2015 19:20, Gabriel L. Somlo wrote:
> Signed-off-by: Gabriel Somlo 
> ---
> 
> And, once again, this time after testing and making sure semicolons
> were't inadvertently left out :)
> 
> Sorry for all the noise,
>   Gabriel

Queued for 2.3.0-rc.

Paolo

>> On Thu, Mar 19, 2015 at 06:25:15PM +0100, Paolo Bonzini wrote:
>>> On 19/03/2015 18:14, Gabriel L. Somlo wrote:
 I'd be happy to add a patch factoring out the call to

  fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);

 into fw_cfg_init1(), which would then make it consistent across all
 architectures, including arm/virt.
>>>
>>> Yes, please---this should be a 2.3 blocker.
>>
>> OK, here it is. I have no idea how urgent this is, but since the rest
>> of my fw_cfg series is still being worked on (I don't want to rush
>> figuring out the part where I deal with -readconfig on the command line :)
>> I thought maybe it would make sense to submit this as a standalone
>> patch.
>>
>> I can always just re-submit it as part of my series' v3 later, if that's
>> more convenient. Let me know either way.
> 
>  hw/i386/pc.c  | 1 -
>  hw/nvram/fw_cfg.c | 1 +
>  hw/ppc/mac_newworld.c | 1 -
>  hw/ppc/mac_oldworld.c | 1 -
>  hw/sparc/sun4m.c  | 1 -
>  hw/sparc64/sun4u.c| 1 -
>  6 files changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 4b46c29..cf5274d 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -702,7 +702,6 @@ static FWCfgState *bochs_bios_init(void)
>   * the APIC ID, not the "CPU index"
>   */
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)apic_id_limit);
> -fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
>  fw_cfg_add_bytes(fw_cfg, FW_CFG_ACPI_TABLES,
>   acpi_tables, acpi_tables_len);
> diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
> index 4caf536..68eff77 100644
> --- a/hw/nvram/fw_cfg.c
> +++ b/hw/nvram/fw_cfg.c
> @@ -614,6 +614,7 @@ static void fw_cfg_init1(DeviceState *dev)
>  qdev_init_nofail(dev);
>  
>  fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
> +fw_cfg_add_i32(s, FW_CFG_ID, 1);
>  fw_cfg_add_bytes(s, FW_CFG_UUID, qemu_uuid, 16);
>  fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)(display_type == 
> DT_NOGRAPHIC));
>  fw_cfg_add_i16(s, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 624b4ab..e0397bc 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -460,7 +460,6 @@ static void ppc_core99_init(MachineState *machine)
>  
>  fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
> -fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, machine_arch);
>  fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
> diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
> index 3079510..f26133d 100644
> --- a/hw/ppc/mac_oldworld.c
> +++ b/hw/ppc/mac_oldworld.c
> @@ -315,7 +315,6 @@ static void ppc_heathrow_init(MachineState *machine)
>  
>  fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
> -fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, ARCH_HEATHROW);
>  fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_base);
> diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
> index b879aa9..255ba1f 100644
> --- a/hw/sparc/sun4m.c
> +++ b/hw/sparc/sun4m.c
> @@ -1088,7 +1088,6 @@ static void sun4m_hw_init(const struct sun4m_hwdef 
> *hwdef,
>  
>  fw_cfg = fw_cfg_init_mem(CFG_ADDR, CFG_ADDR + 2);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
> -fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
> diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
> index f027caf..6f34e87 100644
> --- a/hw/sparc64/sun4u.c
> +++ b/hw/sparc64/sun4u.c
> @@ -895,7 +895,6 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
>  
>  fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
> -fw_cfg_add_i32(fw_cfg, FW_CFG_ID, 1);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
>  fw_cfg_add_i16(fw_cfg, FW_CFG_MACHINE_ID, hwdef->machine_id);
>  fw_cfg_add_i64(fw_cfg, FW_CFG_KERNEL_ADDR, kernel_entry);
> 

Re: [Qemu-devel] [PATCH] rcutorture: fix compilation on 32-bit ppc

[Peter Maydell]

On 21 March 2015 at 15:34, Paolo Bonzini  wrote:
> 32-bit PPC cannot do atomic operations on long long.  Inside the loops,
> we are already using local counters that are summed at the end of
> the run---with one exception in rcu_read_stress_test: fix it to use
> the same technique.  Then, use a mutex to protect the global counts.
> Performance does not matter there because every thread will only enter
> the critical section once.
>
> Remaining uses of atomic instructions are for ints or pointers.

I don't suppose there's a way to make the atomic functions
enforce that 'not for anything that larger than pointer type',
is there? It would be nice if this kind of bug caused compile
failures on all 32-bit systems rather than only ppc-32...

-- PMM

[Qemu-devel] [PATCH for-2.3] sdhci: add "drive" property

[Paolo Bonzini]

Add a drive property that can be used with sdhci-pci (instead of the odd
"-drive if=sd,... -device sdhci-pci" that has no equivalent in the rest
of QEMU).  Then adjust the zynq platform to set it based on the DriveInfo
that it gets.

Note that in this case the BlockBackend is attached to the SDHCI controller.
This is not a problem; the ->dev field is really unused and the dev_opaque
still points to the SDState struct.

Required for 2.3, as it changes how users access the sdhci-pci device.

Signed-off-by: Paolo Bonzini 
---
 hw/arm/xilinx_zynq.c | 9 +
 hw/sd/sd.c   | 4 +++-
 hw/sd/sdhci.c| 6 ++
 hw/sd/sdhci.h| 1 +
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 5c37521..5d2b262 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -114,6 +114,7 @@ static void zynq_init(MachineState *machine)
 MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
 MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
 DeviceState *dev;
+DriveInfo *dinfo;
 SysBusDevice *busdev;
 qemu_irq pic[64];
 Error *err = NULL;
@@ -217,11 +218,19 @@ static void zynq_init(MachineState *machine)
 gem_init(&nd_table[1], 0xE000C000, pic[77-IRQ_OFFSET]);
 
 dev = qdev_create(NULL, "generic-sdhci");
+dinfo = drive_get_next(IF_SD);
+if (dinfo) {
+qdev_prop_set_drive_nofail(dev, "drive", blk_by_legacy_dinfo(dinfo));
+}
 qdev_init_nofail(dev);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE010);
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[56-IRQ_OFFSET]);
 
 dev = qdev_create(NULL, "generic-sdhci");
+dinfo = drive_get_next(IF_SD);
+if (dinfo) {
+qdev_prop_set_drive_nofail(dev, "drive", blk_by_legacy_dinfo(dinfo));
+}
 qdev_init_nofail(dev);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE0101000);
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[79-IRQ_OFFSET]);
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index f955265..ff6bc6d 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -494,7 +494,9 @@ SDState *sd_init(BlockBackend *blk, bool is_spi)
 sd->enable = true;
 sd_reset(sd, blk);
 if (sd->blk) {
-blk_attach_dev_nofail(sd->blk, sd);
+if (!blk_get_attached_dev(sd->blk)) {
+blk_attach_dev_nofail(sd->blk, sd);
+}
 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
 }
 vmstate_register(NULL, -1, &sd_vmstate, sd);
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 27b914a..078b0bd 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1144,10 +1144,7 @@ static inline unsigned int sdhci_get_fifolen(SDHCIState 
*s)
 
 static void sdhci_initfn(SDHCIState *s)
 {
-DriveInfo *di;
-
-di = drive_get_next(IF_SD);
-s->card = sd_init(di ? blk_by_legacy_dinfo(di) : NULL, false);
+s->card = sd_init(s->blk, false);
 if (s->card == NULL) {
 exit(1);
 }
@@ -1217,6 +1214,7 @@ static Property sdhci_properties[] = {
 DEFINE_PROP_UINT32("capareg", SDHCIState, capareg,
 SDHC_CAPAB_REG_DEFAULT),
 DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0),
+DEFINE_PROP_DRIVE("drive", SDHCIState, blk),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/sd/sdhci.h b/hw/sd/sdhci.h
index 3352d23..69ccf58 100644
--- a/hw/sd/sdhci.h
+++ b/hw/sd/sdhci.h
@@ -237,6 +237,7 @@ typedef struct SDHCIState {
 PCIDevice pcidev;
 SysBusDevice busdev;
 };
+BlockBackend *blk;
 SDState *card;
 MemoryRegion iomem;
 
-- 
2.3.0

Re: [Qemu-devel] [PATCH] rcutorture: fix compilation on 32-bit ppc

[Andreas Färber]

Am 21.03.2015 um 16:34 schrieb Paolo Bonzini:
> 32-bit PPC cannot do atomic operations on long long.  Inside the loops,
> we are already using local counters that are summed at the end of
> the run---with one exception in rcu_read_stress_test: fix it to use
> the same technique.  Then, use a mutex to protect the global counts.
> Performance does not matter there because every thread will only enter
> the critical section once.
> 
> Remaining uses of atomic instructions are for ints or pointers.
> 
> Reported-by: Andreas Faerber 
> Signed-off-by: Paolo Bonzini 
> ---
>  tests/rcutorture.c | 20 
>  1 file changed, 16 insertions(+), 4 deletions(-)

Tested-by: Andreas Färber 

This lets rcutorture pass, but the same error occurs in test-rcu-list...

Btw any reason rcutorture does not fit one of the three naming schemes?

Regards,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu,
Graham Norton; HRB 21284 (AG Nürnberg)

[Qemu-devel] [PATCH] target-i386: remove superfluous TARGET_HAS_SMC macro

[Emilio G. Cota]

Suggested-by: Paolo Bonzini 
Signed-off-by: Emilio G. Cota 
---
 target-i386/cpu.h | 2 --
 translate-all.c   | 4 
 2 files changed, 6 deletions(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 15db6d7..4ee12ca 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -31,8 +31,6 @@
 /* Maximum instruction code size */
 #define TARGET_MAX_INSN_SIZE 16
 
-/* target supports implicit self modifying code */
-#define TARGET_HAS_SMC
 /* support for self modifying code even if the modified instruction is
close to the modifying instruction */
 #define TARGET_HAS_PRECISE_SMC
diff --git a/translate-all.c b/translate-all.c
index 9f47ce7..11763c6 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1334,8 +1334,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
 invalidate_page_bitmap(p);
 
-#if defined(TARGET_HAS_SMC) || 1
-
 #if defined(CONFIG_USER_ONLY)
 if (p->flags & PAGE_WRITE) {
 target_ulong addr;
@@ -1371,8 +1369,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
 tlb_protect_code(page_addr);
 }
 #endif
-
-#endif /* TARGET_HAS_SMC */
 }
 
 /* add a new TB and link it to the physical page tables. phys_page2 is
-- 
1.9.1

Re: [Qemu-devel] [PATCH 1/6 v7] target-tilegx: Firstly add TILE-Gx with minimized features

[Peter Maydell]

On 20 March 2015 at 23:57, Chen Gang  wrote:
> For 'opcode_tilegx.h', it comes from Linux kernel which is already more
> than 1000 lines. For me, I still suggest to let it within one patch.

Right, for that sort of special case you should put it in
a single patch which is just "Import copy of whatever.h from Linux
kernel", and which has nothing else in it except for the imported
file or files, and which makes no QEMU specific changes to those
files. Then people can skim through that patch quickly knowing
they don't have to look for any changes or extras that do need
review. (If there is some tweak that needs to be made for QEMU's
purposes that can go in a subsequent patch.)

> For 'translate.c', I try to split it into 3 patches:
>
>  - parsing bundle and decode to the first level of pipe,
>
>  - parsing 2nd level of pipe.
>
>  - generate tcg code.
>
> For the left files:
>
>  - 'configure', 'Makefile.obj', 'tilegx-linux-user.mak' are in a patch.
>
>  - 'cpu*' are in a patch
>
>  - 'help.*' are in a patch.

I would suggest that rather than having "cpu* in one patch
and help* in another" (ie a split by file), you split things
functionally, so you might have a patch adding "support for
instruction group foo" which includes everything needed
for those instructions including the translate.c changes
and the helper functions that get called by the generated
code.

Remember to make sure that everything still compiles at every
step in the patch series.

-- PMM

[Qemu-devel] [PATCH v2] rcu tests: fix compilation on 32-bit ppc

[Paolo Bonzini]

32-bit PPC cannot do atomic operations on long long.  Inside the loops,
we are already using local counters that are summed at the end of
the run---with some exceptions (rcu_stress_count for rcutorture,
n_nodes for test-rcu-list): fix them to use the same technique.
For test-rcu-list, remove the mostly unused member "val" from the
list.  Then, use a mutex to protect the global counts.

Performance does not matter there because every thread will only enter
the critical section once.

Remaining uses of atomic instructions are for ints or pointers.

Reported-by: Andreas Faerber 
Signed-off-by: Paolo Bonzini 
---
 tests/rcutorture.c| 20 
 tests/test-rcu-list.c | 42 ++
 2 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/tests/rcutorture.c b/tests/rcutorture.c
index 60a2ccf..d6b304d 100644
--- a/tests/rcutorture.c
+++ b/tests/rcutorture.c
@@ -82,6 +82,7 @@ static volatile int goflag = GOFLAG_INIT;
 #define RCU_READ_RUN 1000
 
 #define NR_THREADS 100
+static QemuMutex counts_mutex;
 static QemuThread threads[NR_THREADS];
 static struct rcu_reader_data *data[NR_THREADS];
 static int n_threads;
@@ -130,7 +131,9 @@ static void *rcu_read_perf_test(void *arg)
 }
 n_reads_local += RCU_READ_RUN;
 }
-atomic_add(&n_reads, n_reads_local);
+qemu_mutex_lock(&counts_mutex);
+n_reads += n_reads_local;
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -151,7 +154,9 @@ static void *rcu_update_perf_test(void *arg)
 synchronize_rcu();
 n_updates_local++;
 }
-atomic_add(&n_updates, n_updates_local);
+qemu_mutex_lock(&counts_mutex);
+n_updates += n_updates_local;
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -241,6 +246,7 @@ static void *rcu_read_stress_test(void *arg)
 struct rcu_stress *p;
 int pc;
 long long n_reads_local = 0;
+long long rcu_stress_local[RCU_STRESS_PIPE_LEN + 1] = { 0 };
 volatile int garbage = 0;
 
 rcu_register_thread();
@@ -265,13 +271,18 @@ static void *rcu_read_stress_test(void *arg)
 if ((pc > RCU_STRESS_PIPE_LEN) || (pc < 0)) {
 pc = RCU_STRESS_PIPE_LEN;
 }
-atomic_inc(&rcu_stress_count[pc]);
+rcu_stress_local[pc]++;
 n_reads_local++;
 if ((++itercnt % 0x1000) == 0) {
 synchronize_rcu();
 }
 }
-atomic_add(&n_reads, n_reads_local);
+qemu_mutex_lock(&counts_mutex);
+n_reads += n_reads_local;
+for (i = 0; i <= RCU_STRESS_PIPE_LEN; i++) {
+rcu_stress_count[i] += rcu_stress_local[i];
+}
+qemu_mutex_unlock(&counts_mutex);
 
 rcu_unregister_thread();
 return NULL;
@@ -419,6 +430,7 @@ int main(int argc, char *argv[])
 int nreaders = 1;
 int duration = 1;
 
+qemu_mutex_init(&counts_mutex);
 if (argc >= 2 && argv[1][0] == '-') {
 g_test_init(&argc, &argv, NULL);
 if (g_test_quick()) {
diff --git a/tests/test-rcu-list.c b/tests/test-rcu-list.c
index 46b5e26..4430984 100644
--- a/tests/test-rcu-list.c
+++ b/tests/test-rcu-list.c
@@ -35,16 +35,15 @@
  * Test variables.
  */
 
-long long n_reads = 0LL;
-long long n_updates = 0LL;
-long long n_reclaims = 0LL;
-long long n_nodes_removed = 0LL;
-long long n_nodes = 0LL;
-int g_test_in_charge = 0;
+static QemuMutex counts_mutex;
+static long long n_reads = 0LL;
+static long long n_updates = 0LL;
+static long long n_reclaims = 0LL;
+static long long n_nodes_removed = 0LL;
+static long long n_nodes = 0LL;
+static int g_test_in_charge = 0;
 
-int nthreadsrunning;
-
-char argsbuf[64];
+static int nthreadsrunning;
 
 #define GOFLAG_INIT 0
 #define GOFLAG_RUN  1
@@ -92,21 +91,21 @@ static void wait_all_threads(void)
 struct list_element {
 QLIST_ENTRY(list_element) entry;
 struct rcu_head rcu;
-long long val;
 };
 
 static void reclaim_list_el(struct rcu_head *prcu)
 {
 struct list_element *el = container_of(prcu, struct list_element, rcu);
 g_free(el);
-atomic_add(&n_reclaims, 1);
+/* Accessed only from call_rcu thread.  */
+n_reclaims++;
 }
 
 static QLIST_HEAD(q_list_head, list_element) Q_list_head;
 
 static void *rcu_q_reader(void *arg)
 {
-long long j, n_reads_local = 0;
+long long n_reads_local = 0;
 struct list_element *el;
 
 *(struct rcu_reader_data **)arg = &rcu_reader;
@@ -118,8 +117,6 @@ static void *rcu_q_reader(void *arg)
 while (goflag == GOFLAG_RUN) {
 rcu_read_lock();
 QLIST_FOREACH_RCU(el, &Q_list_head, entry) {
-j = atomic_read(&el->val);
-(void)j;
 n_reads_local++;
 if (goflag == GOFLAG_STOP) {
 break;
@@ -129,7 +126,9 @@ static void *rcu_q_reader(void *arg)
 
 g_usleep(100);
 }
-atomic_add(&n_reads, n_reads_local);
+qemu_mutex_lock(&counts_mutex);
+n_reads += n_reads_local;
+qemu_mutex_unlock(&count

Re: [Qemu-devel] [PATCH V4 06/19] virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue

[Michael S. Tsirkin]

On Fri, Mar 20, 2015 at 08:39:24AM +0100, Cornelia Huck wrote:
> On Wed, 18 Mar 2015 14:08:56 +0100
> "Michael S. Tsirkin"  wrote:
> 
> > On Wed, Mar 18, 2015 at 05:34:56PM +0800, Jason Wang wrote:
> > > There's no need to use vector 0 for invalid virtqueue. So this patch
> > > changes to use VIRTIO_NO_VECTOR instead.
> > > 
> > > Cc: Michael S. Tsirkin 
> > > Cc: Cornelia Huck 
> > > CC: Christian Borntraeger 
> > > Cc: Richard Henderson 
> > > Cc: Alexander Graf 
> > > Signed-off-by: Jason Wang 
> > 
> > I don't know what does this actually do.
> > Cornelia?
> 
> I actually have the same patch somewhere in my queue. The point here is
> that 0 is plain wrong (it's a valid queue), while VIRTIO_NO_VECTOR is
> most certainly no valid queue.
> 
> > 
> > > ---
> > >  hw/s390x/virtio-ccw.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
> > > index 130535c..c8b87aa 100644
> > > --- a/hw/s390x/virtio-ccw.c
> > > +++ b/hw/s390x/virtio-ccw.c
> > > @@ -281,7 +281,7 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t 
> > > addr, uint32_t align,
> > >  
> > >  virtio_queue_set_addr(vdev, index, addr);
> > >  if (!addr) {
> > > -virtio_queue_set_vector(vdev, index, 0);
> > > +virtio_queue_set_vector(vdev, index, VIRTIO_NO_VECTOR);
> > >  } else {
> > >  /* Fail if we don't have a big enough queue. */
> > >  /* TODO: Add interface to handle vring.num changing */
> > 
> > Right below this, we have
> > /* tell notify handler in case of config change */
> > vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
> > 
> > which also does not seem to make sense.
> 
> Basically we have:
> 
> - at most 64 virtqueues with their own indicators (always 64 indicator
> bits when using classic I/O interrupts, up to 64 indicator bits when
> using adapter interrupts)
> - another indicator bit for configuration changes (bit 0 of the
> secondary indicator bits)
> 
> That way, the configuration change indicator is always one bit behind
> the last possible queue indicator.

But VIRTIO_PCI_QUEUE_MAX only makes sense as a VQ number.
Why does it make sense as a vector number?
Jason's patches actually change VIRTIO_PCI_QUEUE_MAX
so we need to figure our what to do for this code.


> > 
> > These changes need some testing though.
> 
> My identical patch seemed to work for me.

Re: [Qemu-devel] [PATCH] target-i386: remove superfluous TARGET_HAS_SMC macro

[Paolo Bonzini]

On 21/03/2015 18:29, Emilio G. Cota wrote:
> Suggested-by: Paolo Bonzini 
> Signed-off-by: Emilio G. Cota 
> ---
>  target-i386/cpu.h | 2 --
>  translate-all.c   | 4 
>  2 files changed, 6 deletions(-)
> 
> diff --git a/target-i386/cpu.h b/target-i386/cpu.h
> index 15db6d7..4ee12ca 100644
> --- a/target-i386/cpu.h
> +++ b/target-i386/cpu.h
> @@ -31,8 +31,6 @@
>  /* Maximum instruction code size */
>  #define TARGET_MAX_INSN_SIZE 16
>  
> -/* target supports implicit self modifying code */
> -#define TARGET_HAS_SMC
>  /* support for self modifying code even if the modified instruction is
> close to the modifying instruction */
>  #define TARGET_HAS_PRECISE_SMC
> diff --git a/translate-all.c b/translate-all.c
> index 9f47ce7..11763c6 100644
> --- a/translate-all.c
> +++ b/translate-all.c
> @@ -1334,8 +1334,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
>  p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
>  invalidate_page_bitmap(p);
>  
> -#if defined(TARGET_HAS_SMC) || 1
> -
>  #if defined(CONFIG_USER_ONLY)
>  if (p->flags & PAGE_WRITE) {
>  target_ulong addr;
> @@ -1371,8 +1369,6 @@ static inline void tb_alloc_page(TranslationBlock *tb,
>  tlb_protect_code(page_addr);
>  }
>  #endif
> -
> -#endif /* TARGET_HAS_SMC */
>  }
>  
>  /* add a new TB and link it to the physical page tables. phys_page2 is
> 

Reviewed-by: Paolo Bonzini 

Re: [Qemu-devel] [PATCH V6 for-2.3 00/26] hw/pc: implement multiple primary busses for pc machines

[Michael S. Tsirkin]

On Thu, Mar 19, 2015 at 08:52:35PM +0200, Marcel Apfelbaum wrote:
> Notes:
>  - I realize that this qualifies as a late submission, but the code was 
> arround
>a lot of time and got lots of reviews and it also tested (by Gerd), so 
> should be mature enough.
>  - This series is not that big, patches 1-8 are really small and can be 
> submitted
>separately, however I preferred to keep them here to get the whole picture.

Sorry, I have agree with other maintainers here: this doesn't look
like 2.3 material to me, we are in a fixes only period now.

This doesn't mean I won't merge it though: this time around
I opened pci-next and will queue patches there, so no
extra effort on your side should be required.

> 
> The series is fully functional.
>  - Limitations:
>- Pxb's bus does not support hotplug. It will be addressed on top of this 
> series
>  because is already getting to big.

Absolutely, and it's a reasonable thing to do normally, but not
when we are trying to finalize a release.
Looks like another reason to defer this to 2.4.

>  - You are more than welcome to try using:
>-device pxb-device,id=pxb,bus_nr=4,numa_node=1 -device 
> e1000,bus=pxb,addr=0x1 -bios 

-- 
MST

Re: [Qemu-devel] [PATCH v2] rcu tests: fix compilation on 32-bit ppc

[Andreas Färber]

Am 21.03.2015 um 19:13 schrieb Paolo Bonzini:
> 32-bit PPC cannot do atomic operations on long long.  Inside the loops,
> we are already using local counters that are summed at the end of
> the run---with some exceptions (rcu_stress_count for rcutorture,
> n_nodes for test-rcu-list): fix them to use the same technique.
> For test-rcu-list, remove the mostly unused member "val" from the
> list.  Then, use a mutex to protect the global counts.
> 
> Performance does not matter there because every thread will only enter
> the critical section once.
> 
> Remaining uses of atomic instructions are for ints or pointers.
> 
> Reported-by: Andreas Faerber 
> Signed-off-by: Paolo Bonzini 
> ---
>  tests/rcutorture.c| 20 
>  tests/test-rcu-list.c | 42 ++
>  2 files changed, 38 insertions(+), 24 deletions(-)

Still two errors in test-rcu-list:

[ 1365s] tests/test-rcu-list.o: In function `rcu_qtest_init':
[ 1365s]
/home/abuild/rpmbuild/BUILD/qemu-2.3.0-rc0/tests/test-rcu-list.c:201:
undefined reference to `__sync_fetch_and_add_8'
[ 1365s] tests/test-rcu-list.o: In function `rcu_qtest':
[ 1365s]
/home/abuild/rpmbuild/BUILD/qemu-2.3.0-rc0/tests/test-rcu-list.c:237:
undefined reference to `__sync_fetch_and_add_8'
[ 1365s] collect2: error: ld returned 1 exit status
[ 1365s] make: *** [tests/test-rcu-list] Error 1

https://build.opensuse.org/package/live_build_log/home:a_faerber:branches:Virtualization/qemu/openSUSE_13.1/ppc

Regards,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu,
Graham Norton; HRB 21284 (AG Nürnberg)

[Qemu-devel] [PATCH v3 1/5] fw_cfg: add documentation file (docs/specs/fw_cfg.txt)

[Gabriel L. Somlo]

This document covers the guest-side hardware interface, as
well as the host-side programming API of QEMU's firmware
configuration (fw_cfg) device.

Signed-off-by: Jordan Justen 
Signed-off-by: Gabriel Somlo 
---
 docs/specs/fw_cfg.txt | 205 ++
 1 file changed, 205 insertions(+)
 create mode 100644 docs/specs/fw_cfg.txt

diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt
new file mode 100644
index 000..6accd92
--- /dev/null
+++ b/docs/specs/fw_cfg.txt
@@ -0,0 +1,205 @@
+QEMU Firmware Configuration (fw_cfg) Device
+===
+
+= Guest-side Hardware Interface =
+
+This hardware interface allows the guest to retrieve various data items
+(blobs) that can influence how the firmware configures itself, or may
+contain tables to be installed for the guest OS. Examples include device
+boot order, ACPI and SMBIOS tables, virtual machine UUID, SMP and NUMA
+information, kernel/initrd images for direct (Linux) kernel booting, etc.
+
+== Selector (Control) Register ==
+
+* Write only
+* Location: platform dependent (IOport or MMIO)
+* Width: 16-bit
+* Endianness: little-endian (if IOport), or big-endian (if MMIO)
+
+A write to this register sets the index of a firmware configuration
+item which can subsequently be accessed via the data register.
+
+Setting the selector register will cause the data offset to be set
+to zero. The data offset impacts which data is accessed via the data
+register, and is explained below.
+
+Bit14 of the selector register indicates whether the configuration
+setting is being written. A value of 0 means the item is only being
+read, and all write access to the data port will be ignored. A value
+of 1 means the item's data can be overwritten by writes to the data
+register. In other words, configuration write mode is enabled when
+the selector value is between 0x4000-0x7fff or 0xc000-0x.
+
+NOTE: As of QEMU v2.4, writes to the fw_cfg data register are no
+  longer supported, and will be ignored (treated as no-ops)!
+
+Bit15 of the selector register indicates whether the configuration
+setting is architecture specific. A value of 0 means the item is a
+generic configuration item. A value of 1 means the item is specific
+to a particular architecture. In other words, generic configuration
+items are accessed with a selector value between 0x-0x7fff, and
+architecture specific configuration items are accessed with a selector
+value between 0x8000-0x.
+
+== Data Register ==
+
+* Read/Write (writes ignored as of QEMU v2.4)
+* Location: platform dependent (IOport [*] or MMIO)
+* Width: 8-bit (if IOport), 8/16/32/64-bit (if MMIO)
+* Endianness: string-preserving
+
+[*] On platforms where the data register is exposed as an IOport, its
+port number will always be one greater than the port number of the
+selector register. In other words, the two ports overlap, and can not
+be mapped separately.
+
+The data register allows access to an array of bytes for each firmware
+configuration data item. The specific item is selected by writing to
+the selector register, as described above.
+
+Initially following a write to the selector register, the data offset
+will be set to zero. Each successful access to the data register will
+increment the data offset by the appropriate access width.
+
+Each firmware configuration item has a maximum length of data
+associated with the item. After the data offset has passed the
+end of this maximum data length, then any reads will return a data
+value of 0x00, and all writes will be ignored.
+
+An N-byte wide read of the data register will return the next available
+N bytes of the selected firmware configuration item, as a substring, in
+increasing address order, similar to memcpy().
+
+== Register Locations ==
+
+=== x86, x86_64 Register Locations ===
+
+Selector Register IOport: 0x510
+Data Register IOport: 0x511
+
+== Firmware Configuration Items ==
+
+=== Signature (Key 0x, FW_CFG_SIGNATURE) ===
+
+The presence of the fw_cfg selector and data registers can be verified
+by selecting the "signature" item using key 0x (FW_CFG_SIGNATURE),
+and reading four bytes from the data register. If the fw_cfg device is
+present, the four bytes read will contain the characters "QEMU".
+
+=== Revision (Key 0x0001, FW_CFG_ID) ===
+
+A 32-bit little-endian unsigned int, this item is used as an interface
+revision number, and is currently set to 1 by QEMU when fw_cfg is
+initialized.
+
+=== File Directory (Key 0x0019, FW_CFG_FILE_DIR) ===
+
+Firmware configuration items stored at selector keys 0x0020 or higher
+(FW_CFG_FILE_FIRST or higher) have an associated entry in a directory
+structure, which makes it easier for guest-side firmware to identify
+and retrieve them. The format of this file directory (from fw_cfg.h in
+the QEMU source tree) is shown here, slightly annotated for clarity:
+
+struct FWCfgFiles {/* the entire file directory fw_cfg item */
+u

[Qemu-devel] [PATCH v3 4/5] fw_cfg: prohibit insertion of duplicate fw_cfg file names

[Gabriel L. Somlo]

Exit with an error (instead of simply logging a trace event)
whenever the same fw_cfg file name is added multiple times via
one of the fw_cfg_add_file[_callback]() host-side API calls.

Signed-off-by: Gabriel Somlo 
Reviewed-by: Laszlo Ersek 
---
 hw/nvram/fw_cfg.c | 11 ++-
 trace-events  |  1 -
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 227beaf..8d4ea25 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -505,18 +505,19 @@ void fw_cfg_add_file_callback(FWCfgState *s,  const char 
*filename,
 index = be32_to_cpu(s->files->count);
 assert(index < FW_CFG_FILE_SLOTS);
 
-fw_cfg_add_bytes_read_callback(s, FW_CFG_FILE_FIRST + index,
-   callback, callback_opaque, data, len);
-
 pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name),
 filename);
 for (i = 0; i < index; i++) {
 if (strcmp(s->files->f[index].name, s->files->f[i].name) == 0) {
-trace_fw_cfg_add_file_dupe(s, s->files->f[index].name);
-return;
+error_report("duplicate fw_cfg file name: %s",
+ s->files->f[index].name);
+exit(1);
 }
 }
 
+fw_cfg_add_bytes_read_callback(s, FW_CFG_FILE_FIRST + index,
+   callback, callback_opaque, data, len);
+
 s->files->f[index].size   = cpu_to_be32(len);
 s->files->f[index].select = cpu_to_be16(FW_CFG_FILE_FIRST + index);
 trace_fw_cfg_add_file(s, index, s->files->f[index].name, len);
diff --git a/trace-events b/trace-events
index 1275b70..a340c5a 100644
--- a/trace-events
+++ b/trace-events
@@ -195,7 +195,6 @@ ecc_diag_mem_readb(uint64_t addr, uint32_t ret) "Read 
diagnostic %"PRId64"= %02x
 # hw/nvram/fw_cfg.c
 fw_cfg_select(void *s, uint16_t key, int ret) "%p key %d = %d"
 fw_cfg_read(void *s, uint8_t ret) "%p = %d"
-fw_cfg_add_file_dupe(void *s, char *name) "%p %s"
 fw_cfg_add_file(void *s, int index, char *name, size_t len) "%p #%d: %s (%zd 
bytes)"
 
 # hw/block/hd-geometry.c
-- 
2.1.0

[Qemu-devel] [PATCH v3 3/5] fw_cfg: prevent selector key conflict

[Gabriel L. Somlo]

Enforce a single assignment of data for each distinct selector key.

Signed-off-by: Gabriel Somlo 
Reviewed-by: Laszlo Ersek 
---
 hw/nvram/fw_cfg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index ed70798..227beaf 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -423,6 +423,7 @@ static void fw_cfg_add_bytes_read_callback(FWCfgState *s, 
uint16_t key,
 key &= FW_CFG_ENTRY_MASK;
 
 assert(key < FW_CFG_MAX_ENTRY && len < UINT32_MAX);
+assert(s->entries[arch][key].data == NULL); /* avoid key conflict */
 
 s->entries[arch][key].data = data;
 s->entries[arch][key].len = (uint32_t)len;
-- 
2.1.0

[Qemu-devel] [PATCH v3 0/5] fw-cfg: docs, cleanup, and user-provided cmdline blobs

[Gabriel L. Somlo]

Document and clean up fw_cfg; additionally, allow user-provided blobs to
be inserted into fw_cfg via the qemu command line.

Changes since v2:

- entire series depends on (applies on top of) another fw_cfg patch:
  (http://lists.nongnu.org/archive/html/qemu-devel/2015-03/msg04278.html)
  which is currently queued for 2.3.0-rc.

- documentation (1/5) is now correct about all architectures using
  fw_cfg revision 0x1 :)

- patches 2/5, 3/5, and 4/5 are unchanged

- patch 5/5 (command-line insertion of fw_cfg blob) is now using
  qemu_opts_foreach() after machine_init, and is therefore
  compliant with -writeconfig and -readconfig (thanks again Laszlo,
  Gerd, and Markus for the quick tutorial!).
  Also, ee additional comments below the commit log in the actual
  patch message.

Thanks,
  Gabriel

Gabriel L. Somlo (5):
  fw_cfg: add documentation file (docs/specs/fw_cfg.txt)
  fw_cfg: remove support for guest-side data writes
  fw_cfg: prevent selector key conflict
  fw_cfg: prohibit insertion of duplicate fw_cfg file names
  fw_cfg: insert fw_cfg file blobs via qemu cmdline

 docs/specs/fw_cfg.txt | 226 ++
 hw/nvram/fw_cfg.c |  45 ++---
 include/hw/nvram/fw_cfg.h |   2 -
 qemu-options.hx   |  11 +++
 trace-events  |   2 -
 vl.c  |  63 +
 6 files changed, 308 insertions(+), 41 deletions(-)
 create mode 100644 docs/specs/fw_cfg.txt

-- 
2.1.0

[Qemu-devel] [PATCH v3 2/5] fw_cfg: remove support for guest-side data writes

[Gabriel L. Somlo]

>From this point forward, any guest-side writes to the fw_cfg
data register will be treated as no-ops. This patch also removes
the unused host-side API function fw_cfg_add_callback(), which
allowed the registration of a callback to be executed each time
the guest completed a full overwrite of a given fw_cfg data item.

Signed-off-by: Gabriel Somlo 
Reviewed-by: Laszlo Ersek 
---
 hw/nvram/fw_cfg.c | 33 +
 include/hw/nvram/fw_cfg.h |  2 --
 trace-events  |  1 -
 3 files changed, 1 insertion(+), 35 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 68eff77..ed70798 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -46,7 +46,6 @@ typedef struct FWCfgEntry {
 uint32_t len;
 uint8_t *data;
 void *callback_opaque;
-FWCfgCallback callback;
 FWCfgReadCallback read_callback;
 } FWCfgEntry;
 
@@ -232,19 +231,7 @@ static void fw_cfg_reboot(FWCfgState *s)
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)
 {
-int arch = !!(s->cur_entry & FW_CFG_ARCH_LOCAL);
-FWCfgEntry *e = &s->entries[arch][s->cur_entry & FW_CFG_ENTRY_MASK];
-
-trace_fw_cfg_write(s, value);
-
-if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
-s->cur_offset < e->len) {
-e->data[s->cur_offset++] = value;
-if (s->cur_offset == e->len) {
-e->callback(e->callback_opaque, e->data);
-s->cur_offset = 0;
-}
-}
+/* nothing, write support removed in QEMU v2.4+ */
 }
 
 static int fw_cfg_select(FWCfgState *s, uint16_t key)
@@ -458,7 +445,6 @@ static void *fw_cfg_modify_bytes_read(FWCfgState *s, 
uint16_t key,
 s->entries[arch][key].data = data;
 s->entries[arch][key].len = len;
 s->entries[arch][key].callback_opaque = NULL;
-s->entries[arch][key].callback = NULL;
 
 return ptr;
 }
@@ -502,23 +488,6 @@ void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t 
value)
 fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }
 
-void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
- void *callback_opaque, void *data, size_t len)
-{
-int arch = !!(key & FW_CFG_ARCH_LOCAL);
-
-assert(key & FW_CFG_WRITE_CHANNEL);
-
-key &= FW_CFG_ENTRY_MASK;
-
-assert(key < FW_CFG_MAX_ENTRY && len <= UINT32_MAX);
-
-s->entries[arch][key].data = data;
-s->entries[arch][key].len = (uint32_t)len;
-s->entries[arch][key].callback_opaque = callback_opaque;
-s->entries[arch][key].callback = callback;
-}
-
 void fw_cfg_add_file_callback(FWCfgState *s,  const char *filename,
   FWCfgReadCallback callback, void 
*callback_opaque,
   void *data, size_t len)
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 6d8a8ac..b2e10c2 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -69,8 +69,6 @@ void fw_cfg_add_string(FWCfgState *s, uint16_t key, const 
char *value);
 void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value);
 void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value);
 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value);
-void fw_cfg_add_callback(FWCfgState *s, uint16_t key, FWCfgCallback callback,
- void *callback_opaque, void *data, size_t len);
 void fw_cfg_add_file(FWCfgState *s, const char *filename, void *data,
  size_t len);
 void fw_cfg_add_file_callback(FWCfgState *s, const char *filename,
diff --git a/trace-events b/trace-events
index 30eba92..1275b70 100644
--- a/trace-events
+++ b/trace-events
@@ -193,7 +193,6 @@ ecc_diag_mem_writeb(uint64_t addr, uint32_t val) "Write 
diagnostic %"PRId64" = %
 ecc_diag_mem_readb(uint64_t addr, uint32_t ret) "Read diagnostic %"PRId64"= 
%02x"
 
 # hw/nvram/fw_cfg.c
-fw_cfg_write(void *s, uint8_t value) "%p %d"
 fw_cfg_select(void *s, uint16_t key, int ret) "%p key %d = %d"
 fw_cfg_read(void *s, uint8_t ret) "%p = %d"
 fw_cfg_add_file_dupe(void *s, char *name) "%p %s"
-- 
2.1.0

[Qemu-devel] [PATCH v3 5/5] fw_cfg: insert fw_cfg file blobs via qemu cmdline

[Gabriel L. Somlo]

Allow user supplied files to be inserted into the fw_cfg
device before starting the guest. Since fw_cfg_add_file()
already disallows duplicate fw_cfg file names, qemu will
exit with an error message if the user supplies multiple
blobs with the same fw_cfg file name, or if a blob name
collides with a fw_cfg name programmatically added from
within the QEMU source code. A warning message will be
printed if the fw_cfg item name does not begin with the
prefix "opt/", which is recommended for external, user
provided blobs.

Signed-off-by: Gabriel Somlo 
---

I tested that object_resolve_path() always returns NULL when it can't find
a match for the given argument (i.e., rather than triggering an assert);
this means on architectures which do not create/initialize a fw_cfg object,
the call to fw_cfg_find() returns NULL.

I spent a while trying to decide whether to wrap the vl.c bits
in #ifdef CONFIG_SOFTMMU or not. Making fw_cfg_find() an always-available
static inline doesn't actually help, since I'm also calling fw_cfg_add_file()
from parse_fw_cfg(), so it's either #ifdef or no #ifdef, no point in turning
fw_cfg_find() into "static inline".

This version of the patch (without #ifdef CONFIG_SOFTMMU) actually builds
correctly, without linking errors due to missing fw_cfg symbols, on ALL
current qemu architectures (there's only *-softmmu and *-linux-user, BTW,
and the latter group doesn't actually appear to be using vl.c).

The "common-obj-y += vl.o" line in the toplevel Makefile.objs is wrapped
inside an "ifeq ($(CONFIG_SOFTMMU),y) ... endif", which would make checking
for CONFIG_SOFTMMU inside vl.c redundant anyway, so we should be good on
that front as well.

If I'm still missing anything, or something pops up that we didn't talk
about, I'd be happy to throw out a v4, just let me know.

Thanks,
   Gabriel

 docs/specs/fw_cfg.txt | 21 +
 qemu-options.hx   | 11 +
 vl.c  | 63 +++
 3 files changed, 95 insertions(+)

diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt
index 6accd92..74351dd 100644
--- a/docs/specs/fw_cfg.txt
+++ b/docs/specs/fw_cfg.txt
@@ -203,3 +203,24 @@ completes fully overwriting the item's data.
 
 NOTE: This function is deprecated, and will be completely removed
 starting with QEMU v2.4.
+
+== Externally Provided Items ==
+
+As of v2.4, "file" fw_cfg items (i.e., items with selector keys above
+FW_CFG_FILE_FIRST, and with a corresponding entry in the fw_cfg file
+directory structure) may be inserted via the QEMU command line, using
+the following syntax:
+
+-fw_cfg [name=],file=
+
+where  is the fw_cfg item name, and  is the location
+on the host file system of a file containing the data to be inserted.
+
+NOTE: Users *SHOULD* choose item names beginning with the prefix "opt/"
+when using the "-fw_cfg" command line option, to avoid conflicting with
+item names used internally by QEMU. For instance:
+
+-fw_cfg name=opt/my_item_name,file=./my_blob.bin
+
+Similarly, QEMU developers *SHOULD NOT* use item names prefixed with
+"opt/" when inserting items programmatically, e.g. via fw_cfg_add_file().
diff --git a/qemu-options.hx b/qemu-options.hx
index 319d971..138b9cd 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2668,6 +2668,17 @@ STEXI
 @table @option
 ETEXI
 
+DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg,
+"-fw_cfg name=,file=\n"
+"add named fw_cfg entry from file\n",
+QEMU_ARCH_ALL)
+STEXI
+@item -fw_cfg name=@var{name},file=@var{file}
+@findex -fw_cfg
+Add named fw_cfg entry from file. @var{name} determines the name of
+the entry in the fw_cfg file directory exposed to the guest.
+ETEXI
+
 DEF("serial", HAS_ARG, QEMU_OPTION_serial, \
 "-serial dev redirect the serial port to char device 'dev'\n",
 QEMU_ARCH_ALL)
diff --git a/vl.c b/vl.c
index 75ec292..1fc047d 100644
--- a/vl.c
+++ b/vl.c
@@ -490,6 +490,25 @@ static QemuOptsList qemu_semihosting_config_opts = {
 },
 };
 
+static QemuOptsList qemu_fw_cfg_opts = {
+.name = "fw_cfg",
+.implied_opt_name = "name",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_fw_cfg_opts.head),
+.desc = {
+{
+.name = "name",
+.type = QEMU_OPT_STRING,
+.help = "Sets the fw_cfg name of the blob to be inserted",
+}, {
+.name = "file",
+.type = QEMU_OPT_STRING,
+.help = "Sets the name of the file from which\n"
+"the fw_cfg blob will be loaded",
+},
+{ /* end of list */ }
+},
+};
+
 /**
  * Get machine options
  *
@@ -2118,6 +2137,38 @@ char *qemu_find_file(int type, const char *name)
 return NULL;
 }
 
+static int parse_fw_cfg(QemuOpts *opts, void *opaque)
+{
+gchar *buf;
+size_t size;
+const char *name, *file;
+
+if (opaque == NULL) {
+error_report("fw_cfg device not available");
+return -1;
+}
+name = qemu_opt_get(opts, "name");
+file = 

Re: [Qemu-devel] [PATCH 1/6 v7] target-tilegx: Firstly add TILE-Gx with minimized features

[Chen Gang]

On 3/22/15 01:33, Peter Maydell wrote:
> On 20 March 2015 at 23:57, Chen Gang  wrote:
>> For 'opcode_tilegx.h', it comes from Linux kernel which is already more
>> than 1000 lines. For me, I still suggest to let it within one patch.
> 
> Right, for that sort of special case you should put it in
> a single patch which is just "Import copy of whatever.h from Linux
> kernel", and which has nothing else in it except for the imported
> file or files, and which makes no QEMU specific changes to those
> files. Then people can skim through that patch quickly knowing
> they don't have to look for any changes or extras that do need
> review. (If there is some tweak that needs to be made for QEMU's
> purposes that can go in a subsequent patch.)
> 

OK, thanks (at present, opcode_tilegx.h has no any changes, it is only a
copy from Linux kernel).

>> For 'translate.c', I try to split it into 3 patches:
>>
>>  - parsing bundle and decode to the first level of pipe,
>>
>>  - parsing 2nd level of pipe.
>>
>>  - generate tcg code.
>>
>> For the left files:
>>
>>  - 'configure', 'Makefile.obj', 'tilegx-linux-user.mak' are in a patch.
>>
>>  - 'cpu*' are in a patch
>>
>>  - 'help.*' are in a patch.
> 
> I would suggest that rather than having "cpu* in one patch
> and help* in another" (ie a split by file), you split things
> functionally, so you might have a patch adding "support for
> instruction group foo" which includes everything needed
> for those instructions including the translate.c changes
> and the helper functions that get called by the generated
> code.
> 

OK, thanks. But I have sent patches v8, please help check them, if they
are really not suitable (about splitting patch), please let me know.


> Remember to make sure that everything still compiles at every
> step in the patch series.
> 

For translate.c, it has three patches, each patch can pass compiling
(but the other patches in patch v8 can not). Please help check patches
v8 for more details, if they are really not suitable, please let me know.


Thanks.
-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed