[Qemu-devel] [Bug 1458239] Re: Use qed instead of qcow2 for "-snapshot" functionality

[Michael Tokarev]

I'm not sure I follow, why qed is better?  qed was an example/testing
format in an attempt to make qcow2 faster.  It succeeded in its task,
and qcow2 has been improved a lot after playing with qed. What's wrong
with qcow2 and why it is faster? How about providing some benchmarks?

** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1458239

Title:
  Use qed instead of qcow2 for "-snapshot" functionality

Status in QEMU:
  Invalid

Bug description:
  AFAIK, qed is better in performance  than qcow2, so why we still use
  qcow2 for internal snapshots ? patch is trivial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1458239/+subscriptions

[Qemu-devel] [Bug 1458239] Re: Use qed instead of qcow2 for "-snapshot" functionality

[Коренберг Марк]

Sorry, I did not know tha qed is just experimental format. I thought
that qed is successor of qcow2. Can you add some links that qcow is not
worse than qed ? I did not make any benchmark, just read some articles

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1458239

Title:
  Use qed instead of qcow2 for "-snapshot" functionality

Status in QEMU:
  Invalid

Bug description:
  AFAIK, qed is better in performance  than qcow2, so why we still use
  qcow2 for internal snapshots ? patch is trivial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1458239/+subscriptions

Re: [Qemu-devel] [PATCH qemu] pseries: Update SLOF firmware image to qemu-slof-20150429

[Alexey Kardashevskiy]

On 12.05.2015 19:58, Alexey Kardashevskiy wrote:

On 05/07/2015 05:10 PM, Alexey Kardashevskiy wrote:

The changelog is:
   > version: update to 20150429
   > pci: Use QEMU created PCI device nodes
   > usb: support 64-bit pci bars
   > pci: Support 64-bit address translation
   > pci: program correct bridge limit registers during probe
   > scsi: handle report-luns failure
   > Fix "key?" Forth word when using USB keyboards
   > Remove bulk.fs package
   > Include make.rules in the library Makefiles


Ping? It is mirrored to qemu.org...



Is everyone on vacation/conference? :)



--
With best regards

Alexey Kardashevskiy -- icq: 52150396

Re: [Qemu-devel] [PATCH v2 0/3] Add support for for GICv2m and MSIs to arm-virt

[Christoffer Dall]

On Wed, May 06, 2015 at 05:39:28PM +0100, Peter Maydell wrote:
> On 6 May 2015 at 17:33, Peter Maydell  wrote:
> > On 27 April 2015 at 18:31, Christoffer Dall  
> > wrote:
> >> Now when we have a host generic PCIe controller in the virt board, it
> >> would be nice to be able to use MSIs so that we can eventually enable
> >> VHOST with KVM.
> >>
> >> With these patches you can use MSIs with TCG and with KVM, but you still
> >> need some fixes for the mapping of the IRQ index to the GSI number for
> >> IRQFD to work.  A separate series that enables IRQFD and vhost
> >> is available: "ARM adaptations for vhost irqfd setup"
> >> https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg01054.html)
> >>
> >> Tested with KVM on XGene and with TCG by configuring a virtio-pci
> >> network adapter for the guest and verifying MSIs going through as
> >> expected.
> >
> > You forgot to change the QOM device name to 'arm-gicv2m', but
> > I'll fix that up as I apply this to target-arm.next.
> 
> ...except this series breaks booting of a linux guest using PCI
> on the virt board with aarch32:
> 
> PCI host bridge /pcie@1000 ranges:
>IO 0x3eff..0x3eff -> 0x
>   MEM 0x1000..0x3efe -> 0x1000
> pci-host-generic 3f00.pcie: PCI host bridge to bus :00
> pci_bus :00: root bus resource [bus 00-0f]
> pci_bus :00: root bus resource [io  0x-0x]
> pci_bus :00: root bus resource [mem 0x1000-0x3efe]
> PCI: bus0: Fast back to back transfers disabled
> pci :00:01.0: of_irq_parse_pci() failed with rc=-22
> pci :00:02.0: of_irq_parse_pci() failed with rc=-22
> pci :00:02.0: BAR 6: assigned [mem 0x1000-0x1003 pref]
> pci :00:01.0: BAR 1: assigned [mem 0x1004-0x10040fff]
> pci :00:02.0: BAR 1: assigned [mem 0x10041000-0x10041fff]
> pci :00:01.0: BAR 0: assigned [io  0x1000-0x103f]
> pci :00:02.0: BAR 0: assigned [io  0x1040-0x105f]
> virtio-pci :00:01.0: enabling device (0100 -> 0103)
> virtio-pci :00:02.0: enabling device (0100 -> 0103)
> virtio_blk: probe of virtio32 failed with error -22
> virtio_net: probe of virtio33 failed with error -22
> 
> (and without virtio-blk we don't mount our rootfs).
> 
Shanker figured out that this was due to me changing address-cells and
size-cells in the gic node and breaking the irq-map in the DT and
provided a fix.

I will send a new series.

Thanks,
-Christoffer

[Qemu-devel] [PATCH v3 1/4] target-arm: Add GIC phandle to VirtBoardInfo

[Christoffer Dall]

Instead of passing the GIC phandle around between functions, add it to
the VirtBoardInfo just like we do for the clock_phandle.  We are about
to add the v2m phandle as well, and it's easier not having to pass
around a bunch of phandles, return multiple values from functions, etc.

Reviewed-by: Peter Maydell 
Signed-off-by: Christoffer Dall 
---
Changes since v2:
 - None
Changes since v1:
 - Added reviewed-by tag

 hw/arm/virt.c | 26 +++---
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a7f9a10..f9f7482 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -87,6 +87,7 @@ typedef struct VirtBoardInfo {
 void *fdt;
 int fdt_size;
 uint32_t clock_phandle;
+uint32_t gic_phandle;
 } VirtBoardInfo;
 
 typedef struct {
@@ -322,12 +323,11 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
 }
 }
 
-static uint32_t fdt_add_gic_node(const VirtBoardInfo *vbi)
+static void fdt_add_gic_node(VirtBoardInfo *vbi)
 {
-uint32_t gic_phandle;
 
-gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
-qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", gic_phandle);
+vbi->gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
+qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", vbi->gic_phandle);
 
 qemu_fdt_add_subnode(vbi->fdt, "/intc");
 /* 'cortex-a15-gic' means 'GIC v2' */
@@ -340,12 +340,10 @@ static uint32_t fdt_add_gic_node(const VirtBoardInfo *vbi)
  2, vbi->memmap[VIRT_GIC_DIST].size,
  2, vbi->memmap[VIRT_GIC_CPU].base,
  2, vbi->memmap[VIRT_GIC_CPU].size);
-qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", gic_phandle);
-
-return gic_phandle;
+qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", vbi->gic_phandle);
 }
 
-static uint32_t create_gic(const VirtBoardInfo *vbi, qemu_irq *pic)
+static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
 {
 /* We create a standalone GIC v2 */
 DeviceState *gicdev;
@@ -394,7 +392,7 @@ static uint32_t create_gic(const VirtBoardInfo *vbi, 
qemu_irq *pic)
 pic[i] = qdev_get_gpio_in(gicdev, i);
 }
 
-return fdt_add_gic_node(vbi);
+fdt_add_gic_node(vbi);
 }
 
 static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
@@ -641,8 +639,7 @@ static void create_pcie_irq_map(const VirtBoardInfo *vbi, 
uint32_t gic_phandle,
0x7   /* PCI irq */);
 }
 
-static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
-uint32_t gic_phandle)
+static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic)
 {
 hwaddr base = vbi->memmap[VIRT_PCIE].base;
 hwaddr size = vbi->memmap[VIRT_PCIE].size;
@@ -714,7 +711,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
  2, base_mmio, 2, size_mmio);
 
 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#interrupt-cells", 1);
-create_pcie_irq_map(vbi, gic_phandle, irq, nodename);
+create_pcie_irq_map(vbi, vbi->gic_phandle, irq, nodename);
 
 g_free(nodename);
 }
@@ -736,7 +733,6 @@ static void machvirt_init(MachineState *machine)
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 const char *cpu_model = machine->cpu_model;
 VirtBoardInfo *vbi;
-uint32_t gic_phandle;
 char **cpustr;
 
 if (!cpu_model) {
@@ -813,13 +809,13 @@ static void machvirt_init(MachineState *machine)
 
 create_flash(vbi);
 
-gic_phandle = create_gic(vbi, pic);
+create_gic(vbi, pic);
 
 create_uart(vbi, pic);
 
 create_rtc(vbi, pic);
 
-create_pcie(vbi, pic, gic_phandle);
+create_pcie(vbi, pic);
 
 /* Create mmio transports, so the user can create virtio backends
  * (which will be automatically plugged in to the transports). If
-- 
2.1.2.330.g565301e.dirty

[Qemu-devel] [PATCH v3 0/4] Add support for for GICv2m and MSIs to arm-virt

[Christoffer Dall]

Now when we have a host generic PCIe controller in the virt board, it
would be nice to be able to use MSIs so that we can eventually enable
VHOST with KVM.

With these patches you can use MSIs with TCG and with KVM, but you still
need some fixes for the mapping of the IRQ index to the GSI number for
IRQFD to work.  A separate series that enables IRQFD and vhost
is available: "ARM adaptations for vhost irqfd setup"
https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg01054.html)

Tested with KVM on XGene and with TCG by configuring a virtio-pci
network adapter for the guest and verifying MSIs going through as
expected.

See the individual patches for changelogs.

Christoffer Dall (3):
  target-arm: Add GIC phandle to VirtBoardInfo
  arm_gicv2m: Add GICv2m widget to support MSIs
  target-arm: Add the GICv2m to the virt board

Shanker Donthineni (1):
  target-arm: Extend the gic node properties

 hw/arm/virt.c |  81 +++--
 hw/intc/Makefile.objs |   1 +
 hw/intc/arm_gicv2m.c  | 190 ++
 3 files changed, 252 insertions(+), 20 deletions(-)
 create mode 100644 hw/intc/arm_gicv2m.c

-- 
2.1.2.330.g565301e.dirty

[Qemu-devel] [PATCH v3 4/4] target-arm: Add the GICv2m to the virt board

[Christoffer Dall]

Add a GICv2m device to the virt board to enable MSIs on the generic PCI
host controller.  We allocate 64 SPIs in the IRQ space for now (this can
be increased/decreased later) and map the GICv2m right after the GIC in
the memory map.

Signed-off-by: Christoffer Dall 
---
Changes since v2:
 - Factored out changes to GIC DT node to previous patch.
 - Renamed QOM type name to "arm-gicv2m"
Changes since v1:
 - Remove stray merge conflict line
 - Reworded commmit message.

 hw/arm/virt.c | 42 +-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 6797c6f..2972bb3 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -45,6 +45,7 @@
 #include "hw/pci-host/gpex.h"
 
 #define NUM_VIRTIO_TRANSPORTS 32
+#define NUM_GICV2M_SPIS 64
 
 /* Number of external interrupt lines to configure the GIC with */
 #define NUM_IRQS 128
@@ -71,6 +72,7 @@ enum {
 VIRT_RTC,
 VIRT_FW_CFG,
 VIRT_PCIE,
+VIRT_GIC_V2M,
 };
 
 typedef struct MemMapEntry {
@@ -88,6 +90,7 @@ typedef struct VirtBoardInfo {
 int fdt_size;
 uint32_t clock_phandle;
 uint32_t gic_phandle;
+uint32_t v2m_phandle;
 } VirtBoardInfo;
 
 typedef struct {
@@ -127,6 +130,7 @@ static const MemMapEntry a15memmap[] = {
 /* GIC distributor and CPU interfaces sit inside the CPU peripheral space 
*/
 [VIRT_GIC_DIST] =   { 0x0800, 0x0001 },
 [VIRT_GIC_CPU] ={ 0x0801, 0x0001 },
+[VIRT_GIC_V2M] ={ 0x0802, 0x1000 },
 [VIRT_UART] =   { 0x0900, 0x1000 },
 [VIRT_RTC] ={ 0x0901, 0x1000 },
 [VIRT_FW_CFG] = { 0x0902, 0x000a },
@@ -148,6 +152,7 @@ static const int a15irqmap[] = {
 [VIRT_RTC] = 2,
 [VIRT_PCIE] = 3, /* ... to 6 */
 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
+[VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
 };
 
 static VirtBoardInfo machines[] = {
@@ -323,9 +328,21 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
 }
 }
 
-static void fdt_add_gic_node(VirtBoardInfo *vbi)
+static void fdt_add_v2m_gic_node(VirtBoardInfo *vbi)
 {
+vbi->v2m_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
+qemu_fdt_add_subnode(vbi->fdt, "/intc/v2m");
+qemu_fdt_setprop_string(vbi->fdt, "/intc/v2m", "compatible",
+"arm,gic-v2m-frame");
+qemu_fdt_setprop(vbi->fdt, "/intc/v2m", "msi-controller", NULL, 0);
+qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc/v2m", "reg",
+ 2, vbi->memmap[VIRT_GIC_V2M].base,
+ 2, vbi->memmap[VIRT_GIC_V2M].size);
+qemu_fdt_setprop_cell(vbi->fdt, "/intc/v2m", "phandle", vbi->v2m_phandle);
+}
 
+static void fdt_add_gic_node(VirtBoardInfo *vbi)
+{
 vbi->gic_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
 qemu_fdt_setprop_cell(vbi->fdt, "/", "interrupt-parent", vbi->gic_phandle);
 
@@ -347,6 +364,25 @@ static void fdt_add_gic_node(VirtBoardInfo *vbi)
 
 }
 
+static void create_v2m(VirtBoardInfo *vbi, qemu_irq *pic)
+{
+int i;
+int irq = vbi->irqmap[VIRT_GIC_V2M];
+DeviceState *dev;
+
+dev = qdev_create(NULL, "arm-gicv2m");
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vbi->memmap[VIRT_GIC_V2M].base);
+qdev_prop_set_uint32(dev, "base-spi", irq);
+qdev_prop_set_uint32(dev, "num-spi", NUM_GICV2M_SPIS);
+qdev_init_nofail(dev);
+
+for (i = 0; i < NUM_GICV2M_SPIS; i++) {
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
+}
+
+fdt_add_v2m_gic_node(vbi);
+}
+
 static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
 {
 /* We create a standalone GIC v2 */
@@ -397,6 +433,8 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
 }
 
 fdt_add_gic_node(vbi);
+
+create_v2m(vbi, pic);
 }
 
 static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
@@ -707,6 +745,8 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic)
 qemu_fdt_setprop_cells(vbi->fdt, nodename, "bus-range", 0,
nr_pcie_buses - 1);
 
+qemu_fdt_setprop_cells(vbi->fdt, nodename, "msi-parent", vbi->v2m_phandle);
+
 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
  2, base_ecam, 2, size_ecam);
 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "ranges",
-- 
2.1.2.330.g565301e.dirty

[Qemu-devel] [PATCH v3 3/4] target-arm: Extend the gic node properties

[Christoffer Dall]

From: Shanker Donthineni 

In preparation for adding the GICv2m which requires address specifiers
and is a subnode of the gic, we extend the gic DT definition to specify
the #address-cells and #size-cells properties and add an empty ranges
property properties of the DT node, since this is required to add the
v2m node as a child of the gic node.

Note that we must also expand the irq-map to reference the gic with the
right address-cells as a consequnce of this change.

Signed-off-by: Shanker Donthineni 
Signed-off-by: Christoffer Dall 
---
Changes since v2:
 - New separate patch factoring out changes to existing code for eased
   bisectability in case we broke something
 - The above fixes the issue with non-MSI compatible guests.

 hw/arm/virt.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index f9f7482..6797c6f 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -340,7 +340,11 @@ static void fdt_add_gic_node(VirtBoardInfo *vbi)
  2, vbi->memmap[VIRT_GIC_DIST].size,
  2, vbi->memmap[VIRT_GIC_CPU].base,
  2, vbi->memmap[VIRT_GIC_CPU].size);
+qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#address-cells", 0x2);
+qemu_fdt_setprop_cell(vbi->fdt, "/intc", "#size-cells", 0x2);
+qemu_fdt_setprop(vbi->fdt, "/intc", "ranges", NULL, 0);
 qemu_fdt_setprop_cell(vbi->fdt, "/intc", "phandle", vbi->gic_phandle);
+
 }
 
 static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic)
@@ -604,11 +608,12 @@ static void create_fw_cfg(const VirtBoardInfo *vbi)
 g_free(nodename);
 }
 
+#define PCIE_IRQMAP_LEN 10
 static void create_pcie_irq_map(const VirtBoardInfo *vbi, uint32_t gic_phandle,
 int first_irq, const char *nodename)
 {
 int devfn, pin;
-uint32_t full_irq_map[4 * 4 * 8] = { 0 };
+uint32_t full_irq_map[4 * 4 * PCIE_IRQMAP_LEN] = { 0 };
 uint32_t *irq_map = full_irq_map;
 
 for (devfn = 0; devfn <= 0x18; devfn += 0x8) {
@@ -619,15 +624,15 @@ static void create_pcie_irq_map(const VirtBoardInfo *vbi, 
uint32_t gic_phandle,
 int i;
 
 uint32_t map[] = {
-devfn << 8, 0, 0,   /* devfn */
-pin + 1,/* PCI pin */
-gic_phandle, irq_type, irq_nr, irq_level }; /* GIC irq */
+devfn << 8, 0, 0, /* devfn */
+pin + 1,  /* PCI pin */
+gic_phandle, 0, 0, irq_type, irq_nr, irq_level }; /* GIC irq */
 
 /* Convert map to big endian */
-for (i = 0; i < 8; i++) {
+for (i = 0; i < PCIE_IRQMAP_LEN; i++) {
 irq_map[i] = cpu_to_be32(map[i]);
 }
-irq_map += 8;
+irq_map += PCIE_IRQMAP_LEN;
 }
 }
 
-- 
2.1.2.330.g565301e.dirty

[Qemu-devel] [PATCH v3 2/4] arm_gicv2m: Add GICv2m widget to support MSIs

[Christoffer Dall]

The ARM GICv2m widget is a little device that handles MSI interrupt
writes to a trigger register and ties them to a range of interrupt lines
wires to the GIC.  It has a few status/id registers and the interrupt wires,
and that's about it.

A board instantiates the device by setting the base SPI number and
number SPIs for the frame.  The base-spi parameter is indexed in the SPI
number space only, so base-spi == 0, means IRQ number 32.  When a device
(the PCI host controller) writes to the trigger register, the payload is
the GIC IRQ number, so we have to subtract 32 from that and then index
into our frame of SPIs.

When instantiating a GICv2m device, tell PCI that we have instantiated
something that can deal with MSIs.  We rely on the board actually wiring
up the GICv2m to the PCI host controller.

Signed-off-by: Christoffer Dall 
---
Changes since v2:
 - Renamed QOM type to "arm-gicv2m"
Changes since v1:
 - Check that writes to MSI_SETSPI are within the lower boundary as well
 - Move gicv2m to common-obj in Makefile
 - Separate switch case and comment for impdef regs
 - Clearly document what is emulated
 - Allow 16 bit lower accesses to MSI_SETSPI regs
 - Fix commit grammar error
 - Remove stray pixman commit

 hw/intc/Makefile.objs |   1 +
 hw/intc/arm_gicv2m.c  | 190 ++
 2 files changed, 191 insertions(+)
 create mode 100644 hw/intc/arm_gicv2m.c

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 843864a..092d8a8 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -11,6 +11,7 @@ common-obj-$(CONFIG_SLAVIO) += slavio_intctl.o
 common-obj-$(CONFIG_IOAPIC) += ioapic_common.o
 common-obj-$(CONFIG_ARM_GIC) += arm_gic_common.o
 common-obj-$(CONFIG_ARM_GIC) += arm_gic.o
+common-obj-$(CONFIG_ARM_GIC) += arm_gicv2m.o
 common-obj-$(CONFIG_OPENPIC) += openpic.o
 
 obj-$(CONFIG_APIC) += apic.o apic_common.o
diff --git a/hw/intc/arm_gicv2m.c b/hw/intc/arm_gicv2m.c
new file mode 100644
index 000..9f84f72
--- /dev/null
+++ b/hw/intc/arm_gicv2m.c
@@ -0,0 +1,190 @@
+/*
+ *  GICv2m extension for MSI/MSI-x support with a GICv2-based system
+ *
+ * Copyright (C) 2015 Linaro, All rights reserved.
+ *
+ * Author: Christoffer Dall 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/* This file implements an emulated GICv2m widget as described in the ARM
+ * Server Base System Architecture (SBSA) specification Version 2.2
+ * (ARM-DEN-0029 v2.2) pages 35-39 without any optional implementation defined
+ * identification registers and with a single non-secure MSI register frame.
+ */
+
+#include "hw/sysbus.h"
+#include "hw/pci/msi.h"
+
+#define TYPE_ARM_GICV2M "arm-gicv2m"
+#define ARM_GICV2M(obj) OBJECT_CHECK(ARMGICv2mState, (obj), TYPE_ARM_GICV2M)
+
+#define GICV2M_NUM_SPI_MAX 128
+
+#define V2M_MSI_TYPER   0x008
+#define V2M_MSI_SETSPI_NS   0x040
+#define V2M_MSI_IIDR0xFCC
+#define V2M_IIDR0   0xFD0
+#define V2M_IIDR11  0xFFC
+
+#define PRODUCT_ID_QEMU 0x51 /* ASCII code Q */
+
+typedef struct ARMGICv2mState {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+qemu_irq spi[GICV2M_NUM_SPI_MAX];
+
+uint32_t base_spi;
+uint32_t num_spi;
+} ARMGICv2mState;
+
+static void gicv2m_set_irq(void *opaque, int irq)
+{
+ARMGICv2mState *s = (ARMGICv2mState *)opaque;
+
+qemu_irq_pulse(s->spi[irq]);
+}
+
+static uint64_t gicv2m_read(void *opaque, hwaddr offset,
+unsigned size)
+{
+ARMGICv2mState *s = (ARMGICv2mState *)opaque;
+uint32_t val;
+
+if (size != 4) {
+qemu_log_mask(LOG_GUEST_ERROR, "gicv2m_read: bad size %u\n", size);
+return 0;
+}
+
+switch (offset) {
+case V2M_MSI_TYPER:
+val = (s->base_spi + 32) << 16;
+val |= s->num_spi;
+return val;
+case V2M_MSI_IIDR:
+/* We don't have any valid implementor so we leave that field as zero
+ * and we return 0 in the arch revision as per the spec.
+ */
+return (PRODUCT_ID_QEMU << 20);
+case V2M_IIDR0 ... V2M_IIDR11:
+/* We do not implement any optional identification registers and the
+ * mandatory MSI_PIDR2 register reads as 0x0, so we capture all
+ * implementation defined registers here.
+ */
+return 0;
+default:
+qemu_log_m

Re: [Qemu-devel] [PATCH v5 3/4] spapr_pci: enumerate and add PCI device tree

[Alexey Kardashevskiy]

On 05/19/2015 06:26 PM, Nikunj A Dadhania wrote:

All the PCI enumeration and device node creation was off-loaded to
SLOF. With PCI hotplug support, code needed to be added to add device
node. This creates multiple copy of the code one in SLOF and other in
hotplug code. To unify this, the patch adds the pci device node
creation in Qemu. For backward compatibility, a flag
"qemu,phb-enumerated" is added to the phb, suggesting to SLOF to not
do device node creation.

Signed-off-by: Nikunj A Dadhania 
[ Squashed Michael's drc_index changes ]
Signed-off-by: Michael Roth 
Signed-off-by: Nikunj A Dadhania 
---
  hw/ppc/spapr_pci.c | 188 ++---
  1 file changed, 150 insertions(+), 38 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 8b02a3e..12f1b9c 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -23,6 +23,7 @@
   * THE SOFTWARE.
   */
  #include "hw/hw.h"
+#include "hw/sysbus.h"
  #include "hw/pci/pci.h"
  #include "hw/pci/msi.h"
  #include "hw/pci/msix.h"
@@ -35,6 +36,7 @@
  #include "qemu/error-report.h"
  #include "qapi/qmp/qerror.h"

+#include "hw/pci/pci_bridge.h"
  #include "hw/pci/pci_bus.h"
  #include "hw/ppc/spapr_drc.h"
  #include "sysemu/device_tree.h"
@@ -742,6 +744,31 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void 
*opaque, int devfn)
  return &phb->iommu_as;
  }

+
+static sPAPRDRConnector *spapr_phb_get_pci_drc(sPAPRPHBState *phb,
+   PCIDevice *pdev)
+{
+uint32_t busnr = pci_bus_num(PCI_BUS(qdev_get_parent_bus(DEVICE(pdev;
+return spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_PCI,
+(phb->index << 16) |
+(busnr << 8) |
+pdev->devfn);
+}
+
+static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState *phb,
+PCIDevice *pdev)
+{
+sPAPRDRConnector *drc = spapr_phb_get_pci_drc(phb, pdev);
+sPAPRDRConnectorClass *drck;
+
+if (!drc) {
+return 0;
+}
+
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+return drck->get_index(drc);
+}
+
  /* Macros to operate with address in OF binding to PCI */
  #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
  #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
@@ -879,12 +906,13 @@ static void populate_resource_props(PCIDevice *d, 
ResourceProps *rp)
  }

  static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
-   int phb_index, int drc_index,
+   sPAPRPHBState *sphb,
 const char *drc_name)
  {
  ResourceProps rp;
  bool is_bridge = false;
  int pci_status;
+uint32_t drc_index = spapr_phb_get_pci_drc_index(sphb, dev);


Is this drc_index any different from the one which used to be passed to 
this function? If no, then I do not see the point in changing the prototype 
(or make another "this just makes code easier/nicer" patch). If yes, then 
it would be nice to see what the patch changed in this regard in the commit 
log.





  if (pci_default_read_config(dev, PCI_HEADER_TYPE, 1) ==
  PCI_HEADER_TYPE_BRIDGE) {
@@ -945,8 +973,13 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
   * processed by OF beforehand
   */
  _FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name, strlen(drc_name)));
-_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+if (drc_name) {
+_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
+ strlen(drc_name)));
+}
+if (drc_index) {
+_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+}

  _FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
RESOURCE_CELLS_ADDRESS));
@@ -963,30 +996,34 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
  return 0;
  }

+typedef struct sPAPRFDT {
+void *fdt;
+int node_off;
+sPAPRPHBState *sphb;
+} sPAPRFDT;
+
  /* create OF node for pci device and required OF DT properties */
-static void *spapr_create_pci_child_dt(sPAPRPHBState *phb, PCIDevice *dev,
-   int drc_index, const char *drc_name,
-   int *dt_offset)
+static int spapr_create_pci_child_dt(PCIDevice *pdev, sPAPRFDT *p,
+ const char *drc_name)


Why s/dev/pdev/?



  {
-void *fdt;
-int offset, ret, fdt_size;
-int slot = PCI_SLOT(dev->devfn);
-int func = PCI_FUNC(dev->devfn);
-char nodename[512];
+int offset, ret;
+char nodename[64];


Why s/512/64/?

This change and the one above hide what the patch really does to 
spapr_create_pci_child_dt.




+ 

Re: [Qemu-devel] [PATCH v5 4/4] spapr_pci: populate ibm,loc-code

[Alexey Kardashevskiy]

On 05/19/2015 06:26 PM, Nikunj A Dadhania wrote:

Each hardware instance has a platform unique location code.  The OF
device tree that describes a part of a hardware entity must include
the “ibm,loc-code” property with a value that represents the location
code for that hardware entity.

Populate ibm,loc-code.

1) PCI passthru devices need to identify with its own ibm,loc-code
available on the host. In failure cases use:
vfio_::.

2) Emulated devices encode as following:
qemu_::.

Signed-off-by: Nikunj A Dadhania 
---
  hw/ppc/spapr_pci.c | 81 ++
  1 file changed, 69 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 12f1b9c..dd77119 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -769,6 +769,61 @@ static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState 
*phb,
  return drck->get_index(drc);
  }

+static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb,  PCIDevice *pdev)
+{
+char *path = NULL, *buf = NULL;
+char *host = NULL;


Why not put them all in one line (or split into 3 lines :) )?



+
+/* Get the PCI VFIO host id */
+host = object_property_get_str(OBJECT(pdev), "host", NULL);
+if (!host) {
+goto err_out;
+}
+
+/* Construct the path of the file that will give us the DT location */
+path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
+g_free(host);
+if (path && !g_file_get_contents(path, &buf, NULL, NULL)) {
+goto err_out;
+}
+g_free(path);
+
+/* Construct and read from host device tree the loc-code */
+path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
+g_free(buf);
+if (path && !g_file_get_contents(path, &buf, NULL, NULL)) {


If path==NULL, you'll return bad buf.



+goto err_out;
+}
+return buf;
+
+err_out:
+g_free(path);
+return NULL;
+}
+
+static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char *buf;
+char devtype[16] = "qemu";


I still like "const char *s = "qemu";" better.



+
+if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
+buf = spapr_phb_vfio_get_loc_code(sphb, pdev);
+if (buf) {
+return buf;
+}
+snprintf(devtype, 4, "vfio");


With "const", you could just do devtype = "vfio".

Also,
=
char devtype[16] = { 0xaa,  0xaa, 0xaa, 0xaa, 0xaa };
snprintf(devtype, 4, "vfio");
printf("%x %x %x\n", devtype[2], devtype[3], devtype[4]);


produces on my laptop (gcc 4.9.2) this:

[aik@aik ~]$ ./a.out
69 0 ffaa


Is it different where you tested this?



+}
+/*
+ * For emulated devices and VFIO-failure case, make up
+ * the loc-code.
+ */
+buf = g_strdup_printf("%s_%s:%02d:%02d.%1d",


How is "1d" different here from just "d"? If @devfn>10, all digits will be 
printed.




+  devtype, pdev->name,
+  sphb->index, PCI_SLOT(pdev->devfn),
+  PCI_FUNC(pdev->devfn));
+return buf;
+}
+
  /* Macros to operate with address in OF binding to PCI */
  #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
  #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
@@ -906,12 +961,12 @@ static void populate_resource_props(PCIDevice *d, 
ResourceProps *rp)
  }

  static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
-   sPAPRPHBState *sphb,
-   const char *drc_name)
+   sPAPRPHBState *sphb)
  {
  ResourceProps rp;
  bool is_bridge = false;
  int pci_status;
+char *buf = NULL;
  uint32_t drc_index = spapr_phb_get_pci_drc_index(sphb, dev);

  if (pci_default_read_config(dev, PCI_HEADER_TYPE, 1) ==
@@ -973,9 +1028,13 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, 
void *fdt, int offset,
   * processed by OF beforehand
   */
  _FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-if (drc_name) {
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
- strlen(drc_name)));
+buf = spapr_phb_get_loc_code(sphb, dev);
+if (!buf) {
+error_report("Failed setting the ibm,loc-code");
+return -1;
+} else {


No need in "else".



+_FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf));
+g_free(buf);
  }
  if (drc_index) {
  _FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
@@ -1003,8 +1062,7 @@ typedef struct sPAPRFDT {
  } sPAPRFDT;

  /* create OF node for pci device and required OF DT properties */
-static int spapr_create_pci_child_dt(PCIDevice *pdev, sPAPRFDT *p,
- const char *drc_name)
+static int spapr_create_pci_child_dt(PCIDevice *pdev, sPAPRFDT *p)
  {
  int offset, ret;
  char nodename[64];
@@ -1017,8 +1075,8 @@ static int spap

Re: [Qemu-devel] [PING-2 PATCH v3 0/3] virtio-mmio: introduce eventfd support

[Pavel Fedin]

 Hello everybody! This is my second PING on this. I have seen no response to 
v3. Changes
since to v2 are:
1. Properly formatted (i really hope so...)
2. Added reset handling.
 I decided to leave this as three patches because host and guest notifiers 
should be both
implemented in order to make use of them. So, enabling host notifiers does not 
make sense
without guest ones.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia


> -Original Message-
> From: qemu-devel-bounces+p.fedin=samsung@nongnu.org [mailto:qemu-devel-
> bounces+p.fedin=samsung@nongnu.org] On Behalf Of Pavel Fedin
> Sent: Tuesday, May 12, 2015 11:11 AM
> To: qemu-devel@nongnu.org
> Cc: Pavel Fedin; Ying-Shiuan Pan
> Subject: [Qemu-devel] [PATCH v3 0/3] virtio-mmio: introduce eventfd support
> 
>  This patch set introduces eventfd support for virio-mmio. It was originally
> published by Ying-Shiuan Pan but never got it to upstream:
> https://lists.gnu.org/archive/html/qemu-devel/2014-02/msg00715.html
>  I have updated and successfully tested it with vhost-net. I confirm that this
> solution significantly improves the network performance even without irqfd.
>  I would like to upstream it, since virtio-mmio is still there. I know that
> some of you consider it deprecated, however i believe this is not entirely
> true. Because you can add it to machine models which are not supposed to
> have PCI (like vexpress).
>  An old patch set relied on additional "eventfd" option in order to disable
> the support if not implemented in kernel. My version simply checks
> kvm_eventfds_enabled() for this purpose, so backwards compatibility is much
> better.
>  I decided to leave this set in three parts because ioeventfd support should
> be enabled only when both host and guest notifiers are in place. I believe
> it will not work with partial implementation, at least because vhost-net
> requires both sets of eventfds. In this version i added correct reset 
> handling.
> 
> 
> 
> Ying-Shiuan Pan (3):
>   virtio-mmio: introduce set_host_notifier()
>   virtio-mmio: introduce set_guest_notifiers
>   virtio-mmio: start ioeventfd when status gets DRIVER_OK
> 
>  hw/virtio/virtio-mmio.c | 181 
> 
>  1 file changed, 181 insertions(+)
> 
> --
> 1.9.5.msysgit.0

Re: [Qemu-devel] [PATCH] i386: fix breakpoints handling in icount mode

[Jan Kiszka]

On 2015-01-12 09:55, Paolo Bonzini wrote:
> On 12/01/2015 09:30, Jan Kiszka wrote:
>> I think this would only cure a symptom, but it doesn't explain why we
>> now hit cpu_handle_guest_debug which we do not before the patch:
> 
> That means we now exit with EXCP_DEBUG and we didn't before?
> 
> Something like this would be a more complete fix (it works if you have
> both gdb and CPU breakpoints), but I'm not sure if it's also a band-aid
> for the symptoms.
> 
> diff --git a/cpu-exec.c b/cpu-exec.c
> index a4f0eff..56139ac 100644
> --- a/cpu-exec.c
> +++ b/cpu-exec.c
> @@ -302,7 +302,7 @@ static inline TranslationBlock *tb_find_fast(CPUArchState 
> *env)
>  return tb;
>  }
>  
> -static void cpu_handle_debug_exception(CPUArchState *env)
> +static int cpu_handle_debug_exception(CPUArchState *env)
>  {
>  CPUState *cpu = ENV_GET_CPU(env);
>  CPUClass *cc = CPU_GET_CLASS(cpu);
> @@ -314,7 +314,7 @@ static void cpu_handle_debug_exception(CPUArchState *env)
>  }
>  }
>  
> -cc->debug_excp_handler(cpu);
> +return cc->debug_excp_handler(cpu);
>  }
>  
>  /* main execution loop */
> @@ -375,12 +375,15 @@ int cpu_exec(CPUArchState *env)
>  if (cpu->exception_index >= 0) {
>  if (cpu->exception_index >= EXCP_INTERRUPT) {
>  /* exit request from the cpu execution loop */
> -ret = cpu->exception_index;
> -if (ret == EXCP_DEBUG) {
> -cpu_handle_debug_exception(env);
> +if (cpu->exception_index == EXCP_DEBUG) {
> +ret = cpu_handle_debug_exception(env);
> +} else {
> +ret = cpu->exception_index;
> +}
> +if (ret >= 0) {

This condition is always true for both 0 and EXCP_DEBUG.

> +cpu->exception_index = -1;
> +break;
>  }
> -cpu->exception_index = -1;
> -break;
>  } else {
>  #if defined(CONFIG_USER_ONLY)
>  /* if user mode only, we simulate a fake exception
> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> index 2098f1c..c1d6c20 100644
> --- a/include/qom/cpu.h
> +++ b/include/qom/cpu.h
> @@ -95,7 +95,8 @@ struct TranslationBlock;
>   * @get_phys_page_debug: Callback for obtaining a physical address.
>   * @gdb_read_register: Callback for letting GDB read a register.
>   * @gdb_write_register: Callback for letting GDB write a register.
> - * @debug_excp_handler: Callback for handling debug exceptions.
> + * @debug_excp_handler: Callback for handling debug exceptions.  Should
> + * return either #EXCP_DEBUG or zero.
>   * @vmsd: State description for migration.
>   * @gdb_num_core_regs: Number of core registers accessible to GDB.
>   * @gdb_core_xml_file: File name for core registers GDB XML description.
> @@ -140,7 +141,7 @@ typedef struct CPUClass {
>  hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
>  int (*gdb_read_register)(CPUState *cpu, uint8_t *buf, int reg);
>  int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
> -void (*debug_excp_handler)(CPUState *cpu);
> +int (*debug_excp_handler)(CPUState *cpu);
>  
>  int (*write_elf64_note)(WriteCoreDumpFunction f, CPUState *cpu,
>  int cpuid, void *opaque);
> diff --git a/qom/cpu.c b/qom/cpu.c
> index 9c68fa4..e86fec5 100644
> --- a/qom/cpu.c
> +++ b/qom/cpu.c
> @@ -193,6 +193,11 @@ static bool cpu_common_virtio_is_big_endian(CPUState 
> *cpu)
>  return target_words_bigendian();
>  }
>  
> +static int cpu_common_debug_excp_handler(CPUState *cpu)
> +{
> +return EXCP_DEBUG;
> +}
> +
>  static void cpu_common_noop(CPUState *cpu)
>  {
>  }
> @@ -340,7 +345,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
>  k->gdb_read_register = cpu_common_gdb_read_register;
>  k->gdb_write_register = cpu_common_gdb_write_register;
>  k->virtio_is_big_endian = cpu_common_virtio_is_big_endian;
> -k->debug_excp_handler = cpu_common_noop;
> +k->debug_excp_handler = cpu_common_debug_excp_handler;
>  k->cpu_exec_enter = cpu_common_noop;
>  k->cpu_exec_exit = cpu_common_noop;
>  k->cpu_exec_interrupt = cpu_common_exec_interrupt;
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index 2bed914..40b7f79 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -732,7 +732,7 @@ static bool check_breakpoints(ARMCPU *cpu)
>  return false;
>  }
>  
> -void arm_debug_excp_handler(CPUState *cs)
> +int arm_debug_excp_handler(CPUState *cs)
>  {
>  /* Called by core code when a watchpoint or breakpoint fires;
>   * need to check which one and raise the appropriate exception.
> @@ -756,9 +756,9 @@ void arm_debug_excp_handler(CPUState *cs)
>  }
>  env->exception.vaddress = wp_hit->hitaddr;
>   

[Qemu-devel] [PATCH] i386: Introduce ARAT CPU feature

[Jan Kiszka]

From: Jan Kiszka 

ARAT signals that the APIC timer does not stop in power saving states.
As our APICs are emulated, it's fine to expose this feature to guests,
at least when asking for KVM host features or with CPU types that
include the flag. The exact model number that introduced the feature is
not known, but reports can be found that it's at least available since
Sandy Bridge.

Signed-off-by: Jan Kiszka 
---
 target-i386/cpu.c | 33 -
 target-i386/cpu.h |  3 +++
 target-i386/kvm.c |  2 ++
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 3305e09..e435a08 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -284,6 +284,17 @@ static const char *cpuid_xsave_feature_name[] = {
 NULL, NULL, NULL, NULL,
 };
 
+static const char *cpuid_6_feature_name[] = {
+NULL, NULL, "arat", NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+NULL, NULL, NULL, NULL,
+};
+
 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
 #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
   CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
@@ -339,6 +350,7 @@ static const char *cpuid_xsave_feature_name[] = {
   CPUID_7_0_EBX_ERMS, CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
   CPUID_7_0_EBX_RDSEED */
 #define TCG_APM_FEATURES 0
+#define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT
 
 
 typedef struct FeatureWordInfo {
@@ -408,6 +420,11 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 .cpuid_reg = R_EAX,
 .tcg_features = 0,
 },
+[FEAT_6_EAX] = {
+.feat_names = cpuid_6_feature_name,
+.cpuid_eax = 6, .cpuid_reg = R_EAX,
+.tcg_features = TCG_6_EAX_FEATURES,
+},
 };
 
 typedef struct X86RegisterInfo32 {
@@ -1001,6 +1018,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
 .features[FEAT_8000_0001_ECX] =
 CPUID_EXT3_LAHF_LM,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)",
 },
@@ -1030,6 +1049,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT3_LAHF_LM,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Xeon E312xx (Sandy Bridge)",
 },
@@ -1062,6 +1083,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_EXT3_LAHF_LM,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)",
 },
@@ -1096,6 +1119,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Core Processor (Haswell, no TSX)",
 },{
@@ -1130,6 +1155,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_RTM,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Core Processor (Haswell)",
 },
@@ -1166,6 +1193,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_SMAP,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Core Processor (Broadwell, no TSX)",
 },
@@ -1202,6 +1231,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_SMAP,
 .features[FEAT_XSAVE] =
 CPUID_XSAVE_XSAVEOPT,
+.features[FEAT_6_EAX] =
+CPUID_6_EAX_ARAT,
 .xlevel = 0x800A,
 .model_id = "Intel Core Processor (Broadwell)",
 },
@@ -2358,7 +2389,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 break;
 case 6:
 /* Thermal and Power Leaf */
-*eax = 0;
+*eax = env->features[FEAT_6_EAX];
 *ebx = 0;
 *ecx = 0;
 *edx = 0;
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 4ee12ca..800158e 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -412,6 +412,7 @@ typedef enum FeatureWord {
 FEAT_KVM,   /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
 FEAT_SVM,   /* CPUID[8000_000A].EDX */
 FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */
+   

Re: [Qemu-devel] [PATCH 0/4] gdbstub: improve query packet parsing, add qAttached support

[Jan Kiszka]

On 2015-02-12 05:19, Peter Maydell wrote:
> On 7 February 2015 at 08:38, Jan Kiszka  wrote:
>> This addresses the review comments on the previews two patches to add
>> qAttached support. No longer trivial, so maybe you can pick it up,
>> Peter.
>>
>> Jan
>>
>>
>> CC: Fabien Chouteau 
>> CC: Jan Kiszka 
> 
> Reviewed-by: Peter Maydell 
> 
> If you can find a tree for this to go through it might be
> faster than trying to get me to apply it directly...

If you have a suggestion for such a tree, I'll try. Otherwise: ping
(still applies cleanly).

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v2] device-tree: Make a common-obj

[Peter Crosthwaite]

There is no reason for device tree API to be built per-target.
common-obj it. There is an extraneous inclusion of config.h that
needs to be removed.

Cc: Alexander Graf 
Reviewed-by: Andreas Färber 
Signed-off-by: Peter Crosthwaite 
---
 Makefile.objs   | 2 ++
 Makefile.target | 1 -
 device_tree.c   | 1 -
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index 28999d3..4881d2c 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -76,6 +76,8 @@ common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o
 
 common-obj-$(CONFIG_SMARTCARD_NSS) += $(libcacard-y)
 
+common-obj-$(CONFIG_FDT) += device_tree.o
+
 ##
 # qapi
 
diff --git a/Makefile.target b/Makefile.target
index 1083377..5100013 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -129,7 +129,6 @@ ifdef CONFIG_SOFTMMU
 obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o ioport.o numa.o
 obj-y += qtest.o bootdevice.o
 obj-y += hw/
-obj-$(CONFIG_FDT) += device_tree.o
 obj-$(CONFIG_KVM) += kvm-all.o
 obj-y += memory.o savevm.o cputlb.o
 obj-y += memory_mapping.o
diff --git a/device_tree.c b/device_tree.c
index 3d119ef..d2de580 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -18,7 +18,6 @@
 #include 
 #include 
 
-#include "config.h"
 #include "qemu-common.h"
 #include "qemu/error-report.h"
 #include "sysemu/device_tree.h"
-- 
1.9.1

Re: [Qemu-devel] [PATCH 1/2] monitor: Split mon_get_cpu fn to remove ENV_GET_CPU

[Peter Crosthwaite]

On Mon, May 18, 2015 at 9:52 AM, Andreas Färber  wrote:
> Am 18.05.2015 um 18:44 schrieb Peter Crosthwaite:
>> On Mon, May 18, 2015 at 9:13 AM, Richard Henderson  wrote:
>>> On 05/17/2015 12:51 PM, Peter Crosthwaite wrote:
 @@ -1208,7 +1203,6 @@ static void monitor_printc(Monitor *mon, int c)
  static void memory_dump(Monitor *mon, int count, int format, int wsize,
  hwaddr addr, int is_physical)
  {
 -CPUArchState *env;
  int l, line_size, i, max_digits, len;
  uint8_t buf[16];
  uint64_t v;
 @@ -1216,8 +1210,8 @@ static void memory_dump(Monitor *mon, int count, int 
 format, int wsize,
  if (format == 'i') {
  int flags;
  flags = 0;
 -env = mon_get_cpu();
  #ifdef TARGET_I386
 +CPUArchState *env = mon_get_env();
  if (wsize == 2) {
>>>
>>> C99 declaration after statement.  I forget if we care or not?
>
> We care, but we haven't strictly enforced it everywhere.
>
>> Generally we do, but I have seen incidences of the notable exception
>> of conditionally compiled code. Otherwise would need two complicated
>> sets of #ifdef.
>>
>> Unfortunately we can't just unconditionally define it anymore, as the
>> hunk below removes the only unconditional usage throwing an "unused"
>> werror.
>>
>>> Anyway, fixable by changing the line above to
>>>
>>> int flags = 0;
>>>
>>
>> I'll just make this change.
>
> If this is supposed to go through qom-cpu, I could do that change
> myself. The alternative would've been #if defined(TARGET_foo) ||
> defined(TARGET_bar) ... #endif for the declaration.
>
> I was rather wondering whether mon_get_env() should be ameliorated to
> mon_get_cpu_env() for clarity? env is just short for environment.
>
> Otherwise modulo the above nit,
>

Change made, s/mon_get_env/mon_get_cpu_env

> Reviewed-by: Andreas Färber 
>

Thanks,

Regards,
Peter

> Regards,
> Andreas
>
>>> Otherwise,
>>>
>>> Reviewed-by: Richard Henderson 
>>
>> Thanks.
>>
>> Regards,
>> Peter
>
> --
> SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton; HRB
> 21284 (AG Nürnberg)
>

Re: [Qemu-devel] u-boot on qemu-x86

[Bin Meng]

Hi Saket,

On Tue, May 5, 2015 at 10:11 PM, Saket Sinha  wrote:
> Hi,
>
> I am trying to run u-boot as a coreboot payload on qemu-x86.Currently
> facing some difficulty in the process.
>
> Has anyone tried running u-boot bare-metal or as a coreboot payload on
> qemu-x86  before?
>

Reply this thread for completeness in case someone else wants to try
U-Boot on qemu-x86.

The latest U-Boot git repo
(http://git.denx.de/?p=u-boot/u-boot-x86.git;a=summary) contains
U-Boot bare-metal support for QEMU x86 targets (i440fx and q35), as
well as being loaded from coreboot.

Regards,
Bin

[Qemu-devel] [PATCH v2 0/2] monitor+disas: Remove uses of ENV_GET_CPU

[Peter Crosthwaite]

Neither the monitor or disassembly core has a good reason to navigate from an
env pointer to a cpu pointer. Disas should not need env awarness at all, that
is removed in P2.

The monitor is trickier, the env is still needed by some #ifdef switched target
specific code but all common code only needs to trade in CPU pointers. As the
monitor always has access to a CPU pointer naturally, remove ENV_GET_CPU usages
(P1).

This is related to my multi-arch work, where the goal is to minimise use of
architecture defined global definitions, ENV_GET_CPU being a major headache in
that whole effort. The longer term goal is to limit ENV_GET_CPU use to genuinely
architecture specific code.

But I think these two patches stand in their own right, so sending ahead of the
motherload series. This brings both modules closer to common-oby-y'ification.

First RFC for multi arch is avaiable here:

https://lists.gnu.org/archive/html/qemu-devel/2015-05/msg01771.html

The two patches are done together to avoid a conflict with monitor_disas which
is touched by both patches. If one patch gets acked, the other nacked then
either can be merged independently with trivial edits.

Changed since v1:
Addressed RH and Andreas comments on P1.

Peter Crosthwaite (2):
  monitor: Split mon_get_cpu fn to remove ENV_GET_CPU
  disas: Remove uses of CPU env

 disas.c   | 14 +-
 include/disas/disas.h |  4 +--
 include/qemu/log.h|  4 +--
 monitor.c | 65 +++
 target-alpha/translate.c  |  2 +-
 target-arm/translate-a64.c|  2 +-
 target-arm/translate.c|  2 +-
 target-cris/translate.c   |  2 +-
 target-i386/translate.c   |  2 +-
 target-lm32/translate.c   |  2 +-
 target-m68k/translate.c   |  2 +-
 target-microblaze/translate.c |  2 +-
 target-mips/translate.c   |  2 +-
 target-openrisc/translate.c   |  2 +-
 target-ppc/translate.c|  2 +-
 target-s390x/translate.c  |  2 +-
 target-sh4/translate.c|  2 +-
 target-sparc/translate.c  |  2 +-
 target-tricore/translate.c|  2 +-
 target-unicore32/translate.c  |  2 +-
 target-xtensa/translate.c |  2 +-
 21 files changed, 57 insertions(+), 64 deletions(-)

-- 
1.9.1

[Qemu-devel] [PATCH v2 2/2] disas: Remove uses of CPU env

[Peter Crosthwaite]

disas does not need to access the CPU env for any reason. Change the
APIs to accept CPU pointers instead. Small change pattern needs to be
applied to all target translate.c. This brings us closer to making
disas.o a common-obj and less architecture specific in general.

Cc: Richard Henderson 
Cc: Peter Maydell 
Cc: "Edgar E. Iglesias" 
Cc: Paolo Bonzini 
Cc: Eduardo Habkost 
Cc: Michael Walle 
Cc: Aurelien Jarno 
Cc: Leon Alrae 
Cc: Jia Liu 
Cc: Alexander Graf 
Cc: Mark Cave-Ayland 
Cc: Bastian Koppelmann 
Cc: Guan Xuetao 
Cc: Max Filippov 
Reviewed-by: Richard Henderson 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Peter Crosthwaite 
---
 disas.c   | 14 +++---
 include/disas/disas.h |  4 ++--
 include/qemu/log.h|  4 ++--
 monitor.c |  2 +-
 target-alpha/translate.c  |  2 +-
 target-arm/translate-a64.c|  2 +-
 target-arm/translate.c|  2 +-
 target-cris/translate.c   |  2 +-
 target-i386/translate.c   |  2 +-
 target-lm32/translate.c   |  2 +-
 target-m68k/translate.c   |  2 +-
 target-microblaze/translate.c |  2 +-
 target-mips/translate.c   |  2 +-
 target-openrisc/translate.c   |  2 +-
 target-ppc/translate.c|  2 +-
 target-s390x/translate.c  |  2 +-
 target-sh4/translate.c|  2 +-
 target-sparc/translate.c  |  2 +-
 target-tricore/translate.c|  2 +-
 target-unicore32/translate.c  |  2 +-
 target-xtensa/translate.c |  2 +-
 21 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/disas.c b/disas.c
index 44a019a..576c6a4 100644
--- a/disas.c
+++ b/disas.c
@@ -9,7 +9,7 @@
 
 typedef struct CPUDebug {
 struct disassemble_info info;
-CPUArchState *env;
+CPUState *cpu;
 } CPUDebug;
 
 /* Filled in by elfload.c.  Simplistic, but will do for now. */
@@ -39,7 +39,7 @@ target_read_memory (bfd_vma memaddr,
 {
 CPUDebug *s = container_of(info, CPUDebug, info);
 
-cpu_memory_rw_debug(ENV_GET_CPU(s->env), memaddr, myaddr, length, 0);
+cpu_memory_rw_debug(s->cpu, memaddr, myaddr, length, 0);
 return 0;
 }
 
@@ -195,7 +195,7 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
bit 16 indicates little endian.
 other targets - unused
  */
-void target_disas(FILE *out, CPUArchState *env, target_ulong code,
+void target_disas(FILE *out, CPUState *cpu, target_ulong code,
   target_ulong size, int flags)
 {
 target_ulong pc;
@@ -205,7 +205,7 @@ void target_disas(FILE *out, CPUArchState *env, 
target_ulong code,
 
 INIT_DISASSEMBLE_INFO(s.info, out, fprintf);
 
-s.env = env;
+s.cpu = cpu;
 s.info.read_memory_func = target_read_memory;
 s.info.buffer_vma = code;
 s.info.buffer_length = size;
@@ -430,7 +430,7 @@ monitor_read_memory (bfd_vma memaddr, bfd_byte *myaddr, int 
length,
 if (monitor_disas_is_physical) {
 cpu_physical_memory_read(memaddr, myaddr, length);
 } else {
-cpu_memory_rw_debug(ENV_GET_CPU(s->env), memaddr, myaddr, length, 0);
+cpu_memory_rw_debug(s->cpu, memaddr, myaddr, length, 0);
 }
 return 0;
 }
@@ -447,7 +447,7 @@ monitor_fprintf(FILE *stream, const char *fmt, ...)
 
 /* Disassembler for the monitor.
See target_disas for a description of flags. */
-void monitor_disas(Monitor *mon, CPUArchState *env,
+void monitor_disas(Monitor *mon, CPUState *cpu,
target_ulong pc, int nb_insn, int is_physical, int flags)
 {
 int count, i;
@@ -456,7 +456,7 @@ void monitor_disas(Monitor *mon, CPUArchState *env,
 
 INIT_DISASSEMBLE_INFO(s.info, (FILE *)mon, monitor_fprintf);
 
-s.env = env;
+s.cpu = cpu;
 monitor_disas_is_physical = is_physical;
 s.info.read_memory_func = monitor_read_memory;
 s.info.print_address_func = generic_print_target_address;
diff --git a/include/disas/disas.h b/include/disas/disas.h
index c13ca9a..2b9293b 100644
--- a/include/disas/disas.h
+++ b/include/disas/disas.h
@@ -6,10 +6,10 @@
 #ifdef NEED_CPU_H
 /* Disassemble this for me please... (debugging). */
 void disas(FILE *out, void *code, unsigned long size);
-void target_disas(FILE *out, CPUArchState *env, target_ulong code,
+void target_disas(FILE *out, CPUState *cpu, target_ulong code,
   target_ulong size, int flags);
 
-void monitor_disas(Monitor *mon, CPUArchState *env,
+void monitor_disas(Monitor *mon, CPUState *cpu,
target_ulong pc, int nb_insn, int is_physical, int flags);
 
 /* Look up symbol for debugging purpose.  Returns "" if unknown. */
diff --git a/include/qemu/log.h b/include/qemu/log.h
index 195f665..f880e66 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -104,10 +104,10 @@ static inline void log_cpu_state_mask(int mask, CPUState 
*cpu, int flags)
 
 #ifdef NEED_CPU_H
 /* disas() and target_disas() to qemu_logfile: */
-static inline void log_target_disas(CPUArchState *env, target_ulong start,
+static inline void log_target_disas(CPUState *cpu, ta

[Qemu-devel] [PATCH v2 1/2] monitor: Split mon_get_cpu fn to remove ENV_GET_CPU

[Peter Crosthwaite]

The monitor currently has one helper, mon_get_cpu() which will return
an env pointer. The target specific users of this API want an env, but
all the target agnostic users really just want the cpu pointer. These
users then need to use the target-specifically defined ENV_GET_CPU to
navigate back up to the CPU from the ENV. Split the API for the two
uses cases to remove all need for ENV_GET_CPU.

Reviewed-by: Richard Henderson 
Reviewed-by: Andreas Färber 
Signed-off-by: Peter Crosthwaite 
---
Changed since v1:
s/mon_get_env/mon_get_cpu_env (Andreas review)
Avoid C99 declaration (RH review)
---
 monitor.c | 65 ---
 1 file changed, 29 insertions(+), 36 deletions(-)

diff --git a/monitor.c b/monitor.c
index b2561e1..365c0e4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1010,28 +1010,28 @@ int monitor_set_cpu(int cpu_index)
 return 0;
 }
 
-static CPUArchState *mon_get_cpu(void)
+static CPUState *mon_get_cpu(void)
 {
 if (!cur_mon->mon_cpu) {
 monitor_set_cpu(0);
 }
 cpu_synchronize_state(cur_mon->mon_cpu);
-return cur_mon->mon_cpu->env_ptr;
+return cur_mon->mon_cpu;
+}
+
+static CPUArchState *mon_get_cpu_env(void)
+{
+return mon_get_cpu()->env_ptr;
 }
 
 int monitor_get_cpu_index(void)
 {
-CPUState *cpu = ENV_GET_CPU(mon_get_cpu());
-return cpu->cpu_index;
+return mon_get_cpu()->cpu_index;
 }
 
 static void hmp_info_registers(Monitor *mon, const QDict *qdict)
 {
-CPUState *cpu;
-CPUArchState *env;
-env = mon_get_cpu();
-cpu = ENV_GET_CPU(env);
-cpu_dump_state(cpu, (FILE *)mon, monitor_fprintf, CPU_DUMP_FPU);
+cpu_dump_state(mon_get_cpu(), (FILE *)mon, monitor_fprintf, CPU_DUMP_FPU);
 }
 
 static void hmp_info_jit(Monitor *mon, const QDict *qdict)
@@ -1064,12 +1064,7 @@ static void hmp_info_history(Monitor *mon, const QDict 
*qdict)
 
 static void hmp_info_cpustats(Monitor *mon, const QDict *qdict)
 {
-CPUState *cpu;
-CPUArchState *env;
-
-env = mon_get_cpu();
-cpu = ENV_GET_CPU(env);
-cpu_dump_statistics(cpu, (FILE *)mon, &monitor_fprintf, 0);
+cpu_dump_statistics(mon_get_cpu(), (FILE *)mon, &monitor_fprintf, 0);
 }
 
 static void hmp_info_trace_events(Monitor *mon, const QDict *qdict)
@@ -1208,16 +1203,14 @@ static void monitor_printc(Monitor *mon, int c)
 static void memory_dump(Monitor *mon, int count, int format, int wsize,
 hwaddr addr, int is_physical)
 {
-CPUArchState *env;
 int l, line_size, i, max_digits, len;
 uint8_t buf[16];
 uint64_t v;
 
 if (format == 'i') {
-int flags;
-flags = 0;
-env = mon_get_cpu();
+int flags = 0;
 #ifdef TARGET_I386
+CPUArchState *env = mon_get_cpu_env();
 if (wsize == 2) {
 flags = 1;
 } else if (wsize == 4) {
@@ -1238,10 +1231,11 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 }
 #endif
 #ifdef TARGET_PPC
+CPUArchState *env = mon_get_cpu_env();
 flags = msr_le << 16;
 flags |= env->bfd_mach;
 #endif
-monitor_disas(mon, env, addr, count, is_physical, flags);
+monitor_disas(mon, mon_get_cpu_env(), addr, count, is_physical, flags);
 return;
 }
 
@@ -1280,8 +1274,7 @@ static void memory_dump(Monitor *mon, int count, int 
format, int wsize,
 if (is_physical) {
 cpu_physical_memory_read(addr, buf, l);
 } else {
-env = mon_get_cpu();
-if (cpu_memory_rw_debug(ENV_GET_CPU(env), addr, buf, l, 0) < 0) {
+if (cpu_memory_rw_debug(mon_get_cpu(), addr, buf, l, 0) < 0) {
 monitor_printf(mon, " Cannot access memory\n");
 break;
 }
@@ -1660,7 +1653,7 @@ static void hmp_info_tlb(Monitor *mon, const QDict *qdict)
 {
 CPUArchState *env;
 
-env = mon_get_cpu();
+env = mon_get_cpu_env();
 
 if (!(env->cr[0] & CR0_PG_MASK)) {
 monitor_printf(mon, "PG disabled\n");
@@ -1883,7 +1876,7 @@ static void hmp_info_mem(Monitor *mon, const QDict *qdict)
 {
 CPUArchState *env;
 
-env = mon_get_cpu();
+env = mon_get_cpu_env();
 
 if (!(env->cr[0] & CR0_PG_MASK)) {
 monitor_printf(mon, "PG disabled\n");
@@ -1920,7 +1913,7 @@ static void print_tlb(Monitor *mon, int idx, tlb_t *tlb)
 
 static void hmp_info_tlb(Monitor *mon, const QDict *qdict)
 {
-CPUArchState *env = mon_get_cpu();
+CPUArchState *env = mon_get_cpu_env();
 int i;
 
 monitor_printf (mon, "ITLB:\n");
@@ -1936,7 +1929,7 @@ static void hmp_info_tlb(Monitor *mon, const QDict *qdict)
 #if defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_XTENSA)
 static void hmp_info_tlb(Monitor *mon, const QDict *qdict)
 {
-CPUArchState *env1 = mon_get_cpu();
+CPUArchState *env1 = mon_get_cpu_env();
 
 dump_mmu((FILE*)mon, (fprintf_function)monitor_printf, env1);
 }
@@ -2969,7 +2962,7 @@ typedef struct MonitorDef {
 #if defin

Re: [Qemu-devel] [PATCH v2 3/7] disas: arm-a64: Make printfer and stream variable

[Peter Crosthwaite]

On Mon, May 11, 2015 at 8:57 AM, Richard Henderson  wrote:
> On 05/09/2015 01:11 PM, Peter Crosthwaite wrote:
>>  class QEMUDisassembler : public Disassembler {
>>  public:
>> -explicit QEMUDisassembler(FILE *stream) : stream_(stream) { }
>> +QEMUDisassembler() {
>> +printf_ = NULL;
>> +stream_ = NULL;
>> +}
>
> As a nit, I would have written this
>
>   QEMUDisassembler(FILE *stream) : stream_(NULL), printf_(NULL) { }
>

Changed made in V3.

> but the difference is unlikely to matter here.
>
> Reviewed-by: Richard Henderson 
>

Thanks,

Regards,
Peter

>
> r~
>

Re: [Qemu-devel] [PATCH v2 4/7] disas: arm: QOMify target specific disas setup

[Peter Crosthwaite]

On Mon, May 18, 2015 at 9:31 AM, Peter Maydell  wrote:
> On 9 May 2015 at 21:11, Peter Crosthwaite  wrote:
>> Move the target_disas() ARM specifics to the QOM disas_set_info hook

>>
>> +static int
>> +print_insn_thumb1(bfd_vma pc, disassemble_info *info)
>> +{
>> +  return print_insn_arm(pc | 1, info);
>> +}
>> +
>> +static void arm_disas_set_info(CPUState *cpu, disassemble_info *info)
>> +{
>> +ARMCPU *ac = ARM_CPU(cpu);
>> +CPUARMState *env = &ac->env;
>> +
>> +if (env->aarch64) {
>
> if (is_a64(env)) please.

Fixed.

> (At some point I'm likely to tidy up handling of A64 pstate,
> and maybe this flag will disappear back into the uncached pstate.)
>
> Otherwise
> Reviewed-by: Peter Maydell 
>

Thanks.

Regards,
Peter

> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH 05/10 v10] target-tilegx/opcode_tilegx.h: Modify it to fit qemu using

[Chen Gang]

For "Hello world" with shared glibc, it needs to implement additional
instructions and fix one additional bug (it is about syscall_nr.h: need
stat64 and fstatat64).

I shall send patch v11 within this month.  :-)

Thanks.

On 5/22/15 09:48, Chen Gang wrote:
> On 05/22/2015 07:40 AM, Chris Metcalf wrote:
>> Congratulations!
>>
> 
> Again, really thank all of you very much!!  :-)
> 
> 
>>> On May 21, 2015, at 4:58 PM, Chen Gang  wrote:
>>>
>>>
>>> After fix additional 3 bugs (one for mnz, one for mz, one for v1cmpeqi),
>>> at present, tilegx linux user can print "Hello World"! :-)
>>>
>>> I shall reconstruct/prepare the code and send patch v11 for review
>>> within this month.
>>>
>>> Thanks.
>>>
 On 5/19/15 10:47, Chen Gang wrote:
 Hello All:

 I also found another bug: I did not set the system call error number to
 r1 register, which will cause new_heap() fail although mmap64 succeed.

 Hope it is my last bug for printing "Hello world" executable binary.

 Thanks.

> On 05/12/2015 07:16 PM, Chen Gang wrote:
>> On 05/12/2015 07:08 PM, Peter Maydell wrote:
>>> On 12 May 2015 at 11:56, Chen Gang  wrote:
>>> Welcome any other members' ideas, suggestions or completions for it.
>>>
>>> If one of another members also suggests to drop all uint8_t and 
>>> uint16_t,
>>> I shall drop them (more explanations for dropping them will be better).
>>
>> I agree with Richard on this one.
>>
>
> OK, thanks.
>

>>>
>>> -- 
>>> Chen Gang
>>>
>>> Open, share, and attitude like air, water, and life which God blessed
> 

-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed

[Qemu-devel] [PATCH v3 0/7] Unify and QOMify (target|monitor)_disas

[Peter Crosthwaite]

Depends on series: [PATCH v2 0/2] monitor+disas: Remove uses of ENV_GET_CPU

Intended for QOM queue.

These two functions are mostly trying to do the same thing, which is
disassemble a target instruction (sequence) for printfing. The
architecture specific setup is largely duped between the two functions.

The approach is to add a single QOM hook on the CPU level to setup the
disassembler (P1&2). The two stage flags system is removed. That is,
the old scheme, is for the translate/montitor code to pass in flags
that disas.c then interprets. Instead the entire job of setting up arch
specifics is outsourced to target-specific code (via the new QOM hook)
removing the need for the flags system. Both monitor_disas and
target_disas then calls this singly defined hook if it is available.

Three architectures (microblaze, cris and ARM) are patched
to use the new QOMification and at the same time, make the
monitor_disas consistent with target_disas. The #if defined TARGET_FOO
for each is removed from disas.c (bringing us closer to the exciting
goal of no #ifdef TARGET_FOO in system mode code).

Microblaze is trivial, the target_disas setup is directly applicable
to monitor_disas to bring in microblaze monitor disas support (P5).

Cris had a small hiccup, a patch is needed to handle monitor_disas's
0 buffer length (P6). Then cris is patched to enable monitor disas
in same way as microblaze (P7).

ARM is the harder. The vixl A64 disas was hardcoded to fprintf with
a statically inited output stream (matching target_disas). The vixl
printfery is patched to be runtime variable (P3). P4 brings
ARM monitor disassembly online (via using the target_disas
implementation as the QOMified implementation).

Changed since v2 (RTH/PMM review):
Rebased on monitor+disas ENV_GET_CPU removal
Fixed minor comments (see indiv patches).

Changed since v1 (RTH review):
Use QOMified approach.
Remove flags system.
Limit scope to only the 3 converted arches
Addressed comments on CPP constructor changes

Peter Crosthwaite (7):
  disas: Add print_insn to disassemble info
  disas: QOMify target specific setup
  disas: arm-a64: Make printfer and stream variable
  disas: arm: QOMify target specific disas setup
  disas: microblaze: QOMify target specific disas setup
  disas: cris: Fix 0 buffer length case
  disas: cris: QOMify target specific disas setup

 disas.c | 119 ++--
 disas/arm-a64.cc|  22 +++--
 disas/cris.c|   6 +--
 include/disas/bfd.h |   6 +++
 include/qom/cpu.h   |   4 ++
 target-arm/cpu.c|  35 ++
 target-cris/cpu.c   |  16 +++
 target-microblaze/cpu.c |   8 
 8 files changed, 133 insertions(+), 83 deletions(-)

-- 
1.9.1

[Qemu-devel] [PATCH v3 2/7] disas: QOMify target specific setup

[Peter Crosthwaite]

Add a QOM function hook for target-specific disassembly setup. This
allows removal of the #ifdeffery currently implementing target specific
disas setup from disas.c.

Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
---
 disas.c   | 22 ++
 include/qom/cpu.h |  4 
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/disas.c b/disas.c
index 363c3bf..ff5425d 100644
--- a/disas.c
+++ b/disas.c
@@ -1,5 +1,6 @@
 /* General "disassemble this chunk" code.  Used for debugging. */
 #include "config.h"
+#include "qemu-common.h"
 #include "disas/bfd.h"
 #include "elf.h"
 #include 
@@ -198,6 +199,7 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
   target_ulong size, int flags)
 {
+CPUClass *cc = CPU_GET_CLASS(cpu);
 target_ulong pc;
 int count;
 CPUDebug s;
@@ -215,6 +217,11 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #else
 s.info.endian = BFD_ENDIAN_LITTLE;
 #endif
+
+if (cc->disas_set_info) {
+cc->disas_set_info(cpu, &s.info);
+}
+
 #if defined(TARGET_I386)
 if (flags == 2) {
 s.info.mach = bfd_mach_x86_64;
@@ -449,6 +456,7 @@ monitor_fprintf(FILE *stream, const char *fmt, ...)
 void monitor_disas(Monitor *mon, CPUState *cpu,
target_ulong pc, int nb_insn, int is_physical, int flags)
 {
+CPUClass *cc = CPU_GET_CLASS(cpu);
 int count, i;
 CPUDebug s;
 
@@ -466,6 +474,11 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 #else
 s.info.endian = BFD_ENDIAN_LITTLE;
 #endif
+
+if (cc->disas_set_info) {
+cc->disas_set_info(cpu, &s.info);
+}
+
 #if defined(TARGET_I386)
 if (flags == 2) {
 s.info.mach = bfd_mach_x86_64;
@@ -519,11 +532,12 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
 s.info.print_insn = print_insn_lm32;
-#else
-monitor_printf(mon, "0x" TARGET_FMT_lx
-   ": Asm output not supported on this arch\n", pc);
-return;
 #endif
+if (!s.info.print_insn) {
+monitor_printf(mon, "0x" TARGET_FMT_lx
+   ": Asm output not supported on this arch\n", pc);
+return;
+}
 
 for(i = 0; i < nb_insn; i++) {
monitor_printf(mon, "0x" TARGET_FMT_lx ":  ", pc);
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 39f0f19..363c928 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -23,6 +23,7 @@
 #include 
 #include 
 #include "hw/qdev-core.h"
+#include "disas/bfd.h"
 #include "exec/hwaddr.h"
 #include "exec/memattrs.h"
 #include "qemu/queue.h"
@@ -117,6 +118,7 @@ struct TranslationBlock;
  * @cpu_exec_enter: Callback for cpu_exec preparation.
  * @cpu_exec_exit: Callback for cpu_exec cleanup.
  * @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec.
+ * @disas_set_info: Setup architecture specific components of disassembly info
  *
  * Represents a CPU family or model.
  */
@@ -172,6 +174,8 @@ typedef struct CPUClass {
 void (*cpu_exec_enter)(CPUState *cpu);
 void (*cpu_exec_exit)(CPUState *cpu);
 bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
+
+void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 } CPUClass;
 
 #ifdef HOST_WORDS_BIGENDIAN
-- 
1.9.1

[Qemu-devel] [PATCH v3 3/7] disas: arm-a64: Make printfer and stream variable

[Peter Crosthwaite]

In a normal disassembly flow, the printf and stream being used varies
from disas job to job. In particular it varies if mixing monitor_disas
and target_disas.

Make both the printfer function and target stream settable in the
QEMUDisassmbler class. Remove the stream_ initialisation from the
constructor as it will now runtime vary (and an initial value won't
mean very much).

Reviewed-by: Claudio Fontana 
Tested-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
---
Changed since v2:
Changed styling of NULL variable construction
Changed since v1:
Drop explicit from constructor
Keep NULL stream_ initialiser
Initialise printf_ to NULL
---
 disas/arm-a64.cc | 22 +-
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/disas/arm-a64.cc b/disas/arm-a64.cc
index e04f946..be5a733 100644
--- a/disas/arm-a64.cc
+++ b/disas/arm-a64.cc
@@ -35,16 +35,25 @@ static Disassembler *vixl_disasm = NULL;
  */
 class QEMUDisassembler : public Disassembler {
 public:
-explicit QEMUDisassembler(FILE *stream) : stream_(stream) { }
+QEMUDisassembler() : stream_(NULL), printf_(NULL) { }
 ~QEMUDisassembler() { }
 
+void SetStream(FILE *stream) {
+stream_ = stream;
+}
+
+void SetPrintf(int (*printf_fn)(FILE *, const char *, ...)) {
+printf_ = printf_fn;
+}
+
 protected:
 virtual void ProcessOutput(const Instruction *instr) {
-fprintf(stream_, "%08" PRIx32 "  %s",
+printf_(stream_, "%08" PRIx32 "  %s",
 instr->InstructionBits(), GetOutput());
 }
 
 private:
+int (*printf_)(FILE *, const char *, ...);
 FILE *stream_;
 };
 
@@ -53,9 +62,9 @@ static int vixl_is_initialized(void)
 return vixl_decoder != NULL;
 }
 
-static void vixl_init(FILE *f) {
+static void vixl_init() {
 vixl_decoder = new Decoder();
-vixl_disasm = new QEMUDisassembler(f);
+vixl_disasm = new QEMUDisassembler();
 vixl_decoder->AppendVisitor(vixl_disasm);
 }
 
@@ -78,9 +87,12 @@ int print_insn_arm_a64(uint64_t addr, disassemble_info *info)
 }
 
 if (!vixl_is_initialized()) {
-vixl_init(info->stream);
+vixl_init();
 }
 
+((QEMUDisassembler *)vixl_disasm)->SetPrintf(info->fprintf_func);
+((QEMUDisassembler *)vixl_disasm)->SetStream(info->stream);
+
 instrval = bytes[0] | bytes[1] << 8 | bytes[2] << 16 | bytes[3] << 24;
 instr = reinterpret_cast(&instrval);
 vixl_disasm->MapCodeAddress(addr, instr);
-- 
1.9.1

[Qemu-devel] [PATCH v3 4/7] disas: arm: QOMify target specific disas setup

[Peter Crosthwaite]

Move the target_disas() ARM specifics to the QOM disas_set_info hook
and delete the ARM specific code in disas.c.

This has the extra advantage of the more fully featured target_disas()
implementation now applying to monitor_disas().

Currently, target_disas() has multi-endian, thumb and AArch64
support whereas the existing monitor_disas() support only has vanilla
AA32 support.

E.G. Running an AA64 linux kernel the following -d in_asm disas happens
(taget_disas()):

IN:
0x4000:  58c0  ldr x0, pc+24 (addr 0x4018)
0x4004:  aa1f03e1  mov x1, xzr

However before this patch, disasing the same from the monitor:

(qemu) xp/i 0x4000
0x4000:  58c0  stmdapl  r0, {r6, r7}

After this patch:
(qemu) xp/i 0x4000
0x4000:  58c0  ldr x0, pc+24 (addr 0x4018)

Reviewed-by: Peter Maydell 
Signed-off-by: Peter Crosthwaite 
---
Changed since v2:
Replace env->aarch64 with is_a64(env) (PMM review)
Fix grammar error in commit message
---
 disas.c  | 32 
 target-arm/cpu.c | 35 +++
 2 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/disas.c b/disas.c
index ff5425d..fde5029 100644
--- a/disas.c
+++ b/disas.c
@@ -151,14 +151,6 @@ bfd_vma bfd_getb16 (const bfd_byte *addr)
   return (bfd_vma) v;
 }
 
-#ifdef TARGET_ARM
-static int
-print_insn_thumb1(bfd_vma pc, disassemble_info *info)
-{
-  return print_insn_arm(pc | 1, info);
-}
-#endif
-
 static int print_insn_objdump(bfd_vma pc, disassemble_info *info,
   const char *prefix)
 {
@@ -191,7 +183,6 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 /* Disassemble this for me please... (debugging). 'flags' has the following
values:
 i386 - 1 means 16 bit code, 2 means 64 bit code
-arm  - bit 0 = thumb, bit 1 = reverse endian, bit 2 = A64
 ppc  - bits 0:15 specify (optionally) the machine instruction set;
bit 16 indicates little endian.
 other targets - unused
@@ -231,27 +222,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 s.info.mach = bfd_mach_i386_i386;
 }
 s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_ARM)
-if (flags & 4) {
-/* We might not be compiled with the A64 disassembler
- * because it needs a C++ compiler; in that case we will
- * fall through to the default print_insn_od case.
- */
-#if defined(CONFIG_ARM_A64_DIS)
-s.info.print_insn = print_insn_arm_a64;
-#endif
-} else if (flags & 1) {
-s.info.print_insn = print_insn_thumb1;
-} else {
-s.info.print_insn = print_insn_arm;
-}
-if (flags & 2) {
-#ifdef TARGET_WORDS_BIGENDIAN
-s.info.endian = BFD_ENDIAN_LITTLE;
-#else
-s.info.endian = BFD_ENDIAN_BIG;
-#endif
-}
 #elif defined(TARGET_SPARC)
 s.info.print_insn = print_insn_sparc;
 #ifdef TARGET_SPARC64
@@ -488,8 +458,6 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 s.info.mach = bfd_mach_i386_i386;
 }
 s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_ARM)
-s.info.print_insn = print_insn_arm;
 #elif defined(TARGET_ALPHA)
 s.info.print_insn = print_insn_alpha;
 #elif defined(TARGET_SPARC)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 3ca3fa8..e39586b 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -362,6 +362,39 @@ static inline void unset_feature(CPUARMState *env, int 
feature)
 env->features &= ~(1ULL << feature);
 }
 
+static int
+print_insn_thumb1(bfd_vma pc, disassemble_info *info)
+{
+  return print_insn_arm(pc | 1, info);
+}
+
+static void arm_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+ARMCPU *ac = ARM_CPU(cpu);
+CPUARMState *env = &ac->env;
+
+if (is_a64(env)) {
+/* We might not be compiled with the A64 disassembler
+ * because it needs a C++ compiler. Leave print_insn
+ * unset in this case to use the caller default behaviour.
+ */
+#if defined(CONFIG_ARM_A64_DIS)
+info->print_insn = print_insn_arm_a64;
+#endif
+} else if (env->thumb) {
+info->print_insn = print_insn_thumb1;
+} else {
+info->print_insn = print_insn_arm;
+}
+if (env->bswap_code) {
+#ifdef TARGET_WORDS_BIGENDIAN
+info->endian = BFD_ENDIAN_LITTLE;
+#else
+info->endian = BFD_ENDIAN_BIG;
+#endif
+}
+}
+
 static void arm_cpu_initfn(Object *obj)
 {
 CPUState *cs = CPU(obj);
@@ -1229,6 +1262,8 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->gdb_core_xml_file = "arm-core.xml";
 cc->gdb_stop_before_watchpoint = true;
 cc->debug_excp_handler = arm_debug_excp_handler;
+
+cc->disas_set_info = arm_disas_set_info;
 }
 
 static void cpu_register(const ARMCPUInfo *info)
-- 
1.9.1

[Qemu-devel] [PATCH v3 1/7] disas: Add print_insn to disassemble info

[Peter Crosthwaite]

Add the print_insn pointer to the disassemble info structure. This is
to prepare for QOMification support, where a QOM CPU hook function will
be responsible for setting the print_insn function. Add this function
to the existing struct to consolidate such that only the one struct
needs to be passed to the new QOM API.

Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
---
 disas.c | 68 ++---
 include/disas/bfd.h |  6 +
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/disas.c b/disas.c
index 576c6a4..363c3bf 100644
--- a/disas.c
+++ b/disas.c
@@ -201,7 +201,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 target_ulong pc;
 int count;
 CPUDebug s;
-int (*print_insn)(bfd_vma pc, disassemble_info *info) = NULL;
 
 INIT_DISASSEMBLE_INFO(s.info, out, fprintf);
 
@@ -224,7 +223,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 } else {
 s.info.mach = bfd_mach_i386_i386;
 }
-print_insn = print_insn_i386;
+s.info.print_insn = print_insn_i386;
 #elif defined(TARGET_ARM)
 if (flags & 4) {
 /* We might not be compiled with the A64 disassembler
@@ -232,12 +231,12 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
  * fall through to the default print_insn_od case.
  */
 #if defined(CONFIG_ARM_A64_DIS)
-print_insn = print_insn_arm_a64;
+s.info.print_insn = print_insn_arm_a64;
 #endif
 } else if (flags & 1) {
-print_insn = print_insn_thumb1;
+s.info.print_insn = print_insn_thumb1;
 } else {
-print_insn = print_insn_arm;
+s.info.print_insn = print_insn_arm;
 }
 if (flags & 2) {
 #ifdef TARGET_WORDS_BIGENDIAN
@@ -247,7 +246,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #endif
 }
 #elif defined(TARGET_SPARC)
-print_insn = print_insn_sparc;
+s.info.print_insn = print_insn_sparc;
 #ifdef TARGET_SPARC64
 s.info.mach = bfd_mach_sparc_v9b;
 #endif
@@ -266,49 +265,49 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #endif
 }
 s.info.disassembler_options = (char *)"any";
-print_insn = print_insn_ppc;
+s.info.print_insn = print_insn_ppc;
 #elif defined(TARGET_M68K)
-print_insn = print_insn_m68k;
+s.info.print_insn = print_insn_m68k;
 #elif defined(TARGET_MIPS)
 #ifdef TARGET_WORDS_BIGENDIAN
-print_insn = print_insn_big_mips;
+s.info.print_insn = print_insn_big_mips;
 #else
-print_insn = print_insn_little_mips;
+s.info.print_insn = print_insn_little_mips;
 #endif
 #elif defined(TARGET_SH4)
 s.info.mach = bfd_mach_sh4;
-print_insn = print_insn_sh;
+s.info.print_insn = print_insn_sh;
 #elif defined(TARGET_ALPHA)
 s.info.mach = bfd_mach_alpha_ev6;
-print_insn = print_insn_alpha;
+s.info.print_insn = print_insn_alpha;
 #elif defined(TARGET_CRIS)
 if (flags != 32) {
 s.info.mach = bfd_mach_cris_v0_v10;
-print_insn = print_insn_crisv10;
+s.info.print_insn = print_insn_crisv10;
 } else {
 s.info.mach = bfd_mach_cris_v32;
-print_insn = print_insn_crisv32;
+s.info.print_insn = print_insn_crisv32;
 }
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
-print_insn = print_insn_s390;
+s.info.print_insn = print_insn_s390;
 #elif defined(TARGET_MICROBLAZE)
 s.info.mach = bfd_arch_microblaze;
-print_insn = print_insn_microblaze;
+s.info.print_insn = print_insn_microblaze;
 #elif defined(TARGET_MOXIE)
 s.info.mach = bfd_arch_moxie;
-print_insn = print_insn_moxie;
+s.info.print_insn = print_insn_moxie;
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
-print_insn = print_insn_lm32;
+s.info.print_insn = print_insn_lm32;
 #endif
-if (print_insn == NULL) {
-print_insn = print_insn_od_target;
+if (s.info.print_insn == NULL) {
+s.info.print_insn = print_insn_od_target;
 }
 
 for (pc = code; size > 0; pc += count, size -= count) {
fprintf(out, "0x" TARGET_FMT_lx ":  ", pc);
-   count = print_insn(pc, &s.info);
+   count = s.info.print_insn(pc, &s.info);
 #if 0
 {
 int i;
@@ -452,7 +451,6 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 {
 int count, i;
 CPUDebug s;
-int (*print_insn)(bfd_vma pc, disassemble_info *info);
 
 INIT_DISASSEMBLE_INFO(s.info, (FILE *)mon, monitor_fprintf);
 
@@ -476,13 +474,13 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 } else {
 s.info.mach = bfd_mach_i386_i386;
 }
-print_insn = print_insn_i386;
+s.info.print_insn = print_insn_i386;
 #elif defined(TARGET_ARM)
-print_insn = print_insn_arm;
+s.info.print_insn = print_insn_arm;
 #elif defined(TARGET_ALPHA)
-print_insn = print_insn_alpha;
+s.info.print_insn = print_insn_alpha;
 #elif defined(TARGET_SPARC)
-print_insn 

[Qemu-devel] [PATCH v3 5/7] disas: microblaze: QOMify target specific disas setup

[Peter Crosthwaite]

Move the target_disas() MB specifics to the QOM disas_set_info hook
and delete the MB specific code in disas.c.

This also now adds support for monitor disas to Microblaze.

E.g.
(qemu) xp 0x9000
9000: 0x94208001

And before this patch:
(qemu) xp/i 0x9000
0x9000: Asm output not supported on this arch

After:
(qemu) xp/i 0x9000
0x9000:  mfsr1, rmsr

Signed-off-by: Peter Crosthwaite 
---
 disas.c | 3 ---
 target-microblaze/cpu.c | 8 
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/disas.c b/disas.c
index fde5029..937e08b 100644
--- a/disas.c
+++ b/disas.c
@@ -268,9 +268,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
 s.info.print_insn = print_insn_s390;
-#elif defined(TARGET_MICROBLAZE)
-s.info.mach = bfd_arch_microblaze;
-s.info.print_insn = print_insn_microblaze;
 #elif defined(TARGET_MOXIE)
 s.info.mach = bfd_arch_moxie;
 s.info.print_insn = print_insn_moxie;
diff --git a/target-microblaze/cpu.c b/target-microblaze/cpu.c
index 67e3182..89b8363 100644
--- a/target-microblaze/cpu.c
+++ b/target-microblaze/cpu.c
@@ -111,6 +111,12 @@ static void mb_cpu_reset(CPUState *s)
 #endif
 }
 
+static void mb_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+info->mach = bfd_arch_microblaze;
+info->print_insn = print_insn_microblaze;
+}
+
 static void mb_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -183,6 +189,8 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 dc->vmsd = &vmstate_mb_cpu;
 dc->props = mb_properties;
 cc->gdb_num_core_regs = 32 + 5;
+
+cc->disas_set_info = mb_disas_set_info;
 }
 
 static const TypeInfo mb_cpu_type_info = {
-- 
1.9.1

Re: [Qemu-devel] [PATCH 2/2] linux-user: Add HWCAP for SH4

[Aurelien Jarno]

On 2015-05-23 15:06, Richard Henderson wrote:
> Only exposing FPU and LLSC as the only features
> supported by the translator.
> 
> Signed-off-by: Richard Henderson 
> ---
>  linux-user/elfload.c | 29 +
>  1 file changed, 29 insertions(+)
> 
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 0ba9706..b71e866 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -1075,6 +1075,35 @@ static inline void 
> elf_core_copy_regs(target_elf_gregset_t *regs,
>  #define USE_ELF_CORE_DUMP
>  #define ELF_EXEC_PAGESIZE4096
>  
> +enum {
> +SH_CPU_HAS_FPU= 0x0001, /* Hardware FPU support */
> +SH_CPU_HAS_P2_FLUSH_BUG   = 0x0002, /* Need to flush the cache in P2 
> area */
> +SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit 
> support */
> +SH_CPU_HAS_DSP= 0x0008, /* SH-DSP: DSP support */
> +SH_CPU_HAS_PERF_COUNTER   = 0x0010, /* Hardware performance counters */
> +SH_CPU_HAS_PTEA   = 0x0020, /* PTEA register */
> +SH_CPU_HAS_LLSC   = 0x0040, /* movli.l/movco.l */
> +SH_CPU_HAS_L2_CACHE   = 0x0080, /* Secondary cache / URAM */
> +SH_CPU_HAS_OP32   = 0x0100, /* 32-bit instruction support */
> +SH_CPU_HAS_PTEAEX = 0x0200, /* PTE ASID Extension support */
> +};
> +
> +#define ELF_HWCAP get_elf_hwcap()
> +
> +static uint32_t get_elf_hwcap(void)
> +{
> +SuperHCPU *cpu = SUPERH_CPU(thread_cpu);
> +uint32_t hwcap = 0;
> +
> +hwcap |= SH_CPU_HAS_FPU;
> +
> +if (cpu->env.features & SH_FEATURE_SH4A) {
> +hwcap |= SH_CPU_HAS_LLSC;
> +}
> +
> +return hwcap;
> +}
> +
>  #endif
>  
>  #ifdef TARGET_CRIS

Reviewed-by: Aurelien Jarno 
 

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PATCH v3 6/7] disas: cris: Fix 0 buffer length case

[Peter Crosthwaite]

Cris has the complication of variable length instructions and has
a check in place to clamp memory reads in case the disas request
doesn't have enough bytes for the instruction being disas'd. This
breaks down in the case where disassembling for the monitor where
the buffer length is defaulted to 0.

The buffer length should never be zero for a regular target_disas,
so we can safely assume the 0 case is for the monitor in which case
consider the buffer length to be the max for cris instructions.

Signed-off-by: Peter Crosthwaite 
---
 disas/cris.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/disas/cris.c b/disas/cris.c
index e6cff7a..1b76a09 100644
--- a/disas/cris.c
+++ b/disas/cris.c
@@ -2575,9 +2575,9 @@ print_insn_cris_generic (bfd_vma memaddr,
  If we can't get any data, or we do not get enough data, we print
  the error message.  */
 
-  nbytes = info->buffer_length;
-  if (nbytes > MAX_BYTES_PER_CRIS_INSN)
- nbytes = MAX_BYTES_PER_CRIS_INSN;
+  nbytes = info->buffer_length ? info->buffer_length
+   : MAX_BYTES_PER_CRIS_INSN;
+  nbytes = MIN(nbytes, MAX_BYTES_PER_CRIS_INSN);
   status = (*info->read_memory_func) (memaddr, buffer, nbytes, info);  
 
   /* If we did not get all we asked for, then clear the rest.
-- 
1.9.1

[Qemu-devel] [PATCH v3 7/7] disas: cris: QOMify target specific disas setup

[Peter Crosthwaite]

Move the target_disas() cris specifics to the QOM disas_set_info hook
and delete the cris specific code in disas.c.

This also now adds support for monitor disas to cris.

E.g.
(qemu) xp 0x40004000
40004000: 0x1e6f25f0

And before this patch:
(qemu) xp/i 0x40004000
0x40004000: Asm output not supported on this arch

After:
(qemu) xp/i 0x40004000
0x40004000:  di
(qemu) xp/i 0x40004002
0x40004002:  move.d 0xb003c004,$r1

Note: second example is 6-byte misaligned instruction!

Signed-off-by: Peter Crosthwaite 
---
 disas.c   |  8 
 target-cris/cpu.c | 16 
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/disas.c b/disas.c
index 937e08b..69a6066 100644
--- a/disas.c
+++ b/disas.c
@@ -257,14 +257,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #elif defined(TARGET_ALPHA)
 s.info.mach = bfd_mach_alpha_ev6;
 s.info.print_insn = print_insn_alpha;
-#elif defined(TARGET_CRIS)
-if (flags != 32) {
-s.info.mach = bfd_mach_cris_v0_v10;
-s.info.print_insn = print_insn_crisv10;
-} else {
-s.info.mach = bfd_mach_cris_v32;
-s.info.print_insn = print_insn_crisv32;
-}
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
 s.info.print_insn = print_insn_s390;
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index 16cfba9..d555ea0 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -161,6 +161,20 @@ static void cris_cpu_set_irq(void *opaque, int irq, int 
level)
 }
 #endif
 
+static void cris_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+CRISCPU *cc = CRIS_CPU(cpu);
+CPUCRISState *env = &cc->env;
+
+if (env->pregs[PR_VR] != 32) {
+info->mach = bfd_mach_cris_v0_v10;
+info->print_insn = print_insn_crisv10;
+} else {
+info->mach = bfd_mach_cris_v32;
+info->print_insn = print_insn_crisv32;
+}
+}
+
 static void cris_cpu_initfn(Object *obj)
 {
 CPUState *cs = CPU(obj);
@@ -292,6 +306,8 @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
 
 cc->gdb_num_core_regs = 49;
 cc->gdb_stop_before_watchpoint = true;
+
+cc->disas_set_info = cris_disas_set_info;
 }
 
 static const TypeInfo cris_cpu_type_info = {
-- 
1.9.1

Re: [Qemu-devel] [PATCH 0/2] sh4 linux-user cpu and hwcap

[Aurelien Jarno]

On 2015-05-23 15:06, Richard Henderson wrote:
> As reported by Rich the other day.  As I don't have a user-land
> binary that depends on this, I merely note that it still runs 
> the linux-user-test sh4 binary.  And gdb confirms that the LLSC
> bit does get set.

How would you like to see this patches merged? As they basically touch
linux-user code only, I think they should go through Riku.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH 1/2] linux-user: Default sh4 to sh7785

[Aurelien Jarno]

On 2015-05-23 15:06, Richard Henderson wrote:
> Signed-off-by: Richard Henderson 
> ---
>  linux-user/main.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/linux-user/main.c b/linux-user/main.c
> index 3f32db0..7e0a439 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -3929,6 +3929,8 @@ int main(int argc, char **argv, char **envp)
>  # else
>  cpu_model = "750";
>  # endif
> +#elif defined TARGET_SH4
> +cpu_model = TYPE_SH7785_CPU;
>  #else
>  cpu_model = "any";
>  #endif

Reviewed-by: Aurelien Jarno 

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH 0/2] sh4 linux-user cpu and hwcap

[Rich Felker]

On Sat, May 23, 2015 at 03:06:52PM -0700, Richard Henderson wrote:
> As reported by Rich the other day.  As I don't have a user-land
> binary that depends on this, I merely note that it still runs 
> the linux-user-test sh4 binary.  And gdb confirms that the LLSC
> bit does get set.
> 
> Rich, can you confirm that this is good enough for your musl test?

I haven't had a chance to build qemu from source with them applied,
but in principle they look correct, and they should be fine as long as
they do what they claim to (changing cpu default for user, and adding
hwcap with the LLSC cap set).

Rich

[Qemu-devel] [PATCH v3 3/8] target-sh4: optimize addc using add2

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index f9bc24c..a7a8f39 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -642,17 +642,15 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0x300e:   /* addc Rm,Rn */
 {
-TCGv t0, t1;
-t0 = tcg_temp_new();
+TCGv t0, t1, t2;
+t0 = tcg_const_tl(0);
 t1 = tcg_temp_new();
-tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
-tcg_gen_add_i32(t1, cpu_sr_t, t0);
-tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), t0);
-tcg_gen_setcond_i32(TCG_COND_GTU, t0, t0, t1);
-tcg_gen_or_i32(cpu_sr_t, cpu_sr_t, t0);
+t2 = tcg_temp_new();
+tcg_gen_add2_i32(t1, t2, REG(B11_8), t0, REG(B7_4), t0);
+tcg_gen_add2_i32(REG(B11_8), cpu_sr_t, t1, t2, cpu_sr_t, t0);
 tcg_temp_free(t0);
-tcg_gen_mov_i32(REG(B11_8), t1);
 tcg_temp_free(t1);
+tcg_temp_free(t2);
 }
return;
 case 0x300f:   /* addv Rm,Rn */
-- 
2.1.4

[Qemu-devel] [PATCH v3 4/8] target-sh4: optimize subc using sub2

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index a7a8f39..d5b448e 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -881,18 +881,15 @@ static void _decode_opc(DisasContext * ctx)
 case 0x300a:   /* subc Rm,Rn */
 {
 TCGv t0, t1, t2;
-t0 = tcg_temp_new();
+t0 = tcg_const_tl(0);
 t1 = tcg_temp_new();
-tcg_gen_sub_i32(t1, REG(B11_8), REG(B7_4));
-tcg_gen_sub_i32(t0, t1, cpu_sr_t);
 t2 = tcg_temp_new();
-tcg_gen_setcond_i32(TCG_COND_LTU, t2, REG(B11_8), t1);
-tcg_gen_setcond_i32(TCG_COND_LTU, t1, t1, t0);
-tcg_gen_or_i32(cpu_sr_t, t1, t2);
-tcg_temp_free(t2);
-tcg_temp_free(t1);
-tcg_gen_mov_i32(REG(B11_8), t0);
+tcg_gen_sub2_i32(t1, t2, REG(B11_8), t0, REG(B7_4), t0);
+tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t, t1, t2, cpu_sr_t, t0);
+tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
 tcg_temp_free(t0);
+tcg_temp_free(t1);
+tcg_temp_free(t2);
 }
return;
 case 0x300b:   /* subv Rm,Rn */
-- 
2.1.4

[Qemu-devel] [PATCH v3 1/8] target-sh4: use bit number for SR constants

[Aurelien Jarno]

Use the bit number for SR constants instead of using a bit mask. This
make possible to also use the constants for shifts.

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.c   |  3 +-
 target-sh4/cpu.h   | 30 ++--
 target-sh4/gdbstub.c   |  4 +--
 target-sh4/helper.c| 27 +-
 target-sh4/op_helper.c | 26 -
 target-sh4/translate.c | 75 ++
 6 files changed, 85 insertions(+), 80 deletions(-)

diff --git a/target-sh4/cpu.c b/target-sh4/cpu.c
index d187a2b..cccb14f 100644
--- a/target-sh4/cpu.c
+++ b/target-sh4/cpu.c
@@ -61,7 +61,8 @@ static void superh_cpu_reset(CPUState *s)
 env->fpscr = FPSCR_PR; /* value for userspace according to the kernel */
 set_float_rounding_mode(float_round_nearest_even, &env->fp_status); /* ?! 
*/
 #else
-env->sr = SR_MD | SR_RB | SR_BL | SR_I3 | SR_I2 | SR_I1 | SR_I0;
+env->sr = (1u << SR_MD) | (1u << SR_RB) | (1u << SR_BL) |
+  (1u << SR_I3) | (1u << SR_I2) | (1u << SR_I1) | (1u << SR_I0);
 env->fpscr = FPSCR_DN | FPSCR_RM_ZERO; /* CPU reset value according to SH4 
manual */
 set_float_rounding_mode(float_round_to_zero, &env->fp_status);
 set_flush_to_zero(1, &env->fp_status);
diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index c8dea6c..76fda35 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -47,18 +47,18 @@
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define SR_MD (1 << 30)
-#define SR_RB (1 << 29)
-#define SR_BL (1 << 28)
-#define SR_FD (1 << 15)
-#define SR_M  (1 << 9)
-#define SR_Q  (1 << 8)
-#define SR_I3 (1 << 7)
-#define SR_I2 (1 << 6)
-#define SR_I1 (1 << 5)
-#define SR_I0 (1 << 4)
-#define SR_S  (1 << 1)
-#define SR_T  (1 << 0)
+#define SR_MD 30
+#define SR_RB 29
+#define SR_BL 28
+#define SR_FD 15
+#define SR_M  9
+#define SR_Q  8
+#define SR_I3 7
+#define SR_I2 6
+#define SR_I1 5
+#define SR_I0 4
+#define SR_S  1
+#define SR_T  0
 
 #define FPSCR_MASK (0x003f)
 #define FPSCR_FR   (1 << 21)
@@ -234,7 +234,7 @@ void cpu_load_tlb(CPUSH4State * env);
 #define MMU_USER_IDX 1
 static inline int cpu_mmu_index (CPUSH4State *env)
 {
-return (env->sr & SR_MD) == 0 ? 1 : 0;
+return (env->sr & (1u << SR_MD)) == 0 ? 1 : 0;
 }
 
 #include "exec/cpu-all.h"
@@ -339,8 +339,8 @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, 
target_ulong *pc,
 *flags = (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL
 | DELAY_SLOT_TRUE | DELAY_SLOT_CLEARME))   /* Bits  0- 3 */
 | (env->fpscr & (FPSCR_FR | FPSCR_SZ | FPSCR_PR))  /* Bits 19-21 */
-| (env->sr & (SR_MD | SR_RB))  /* Bits 29-30 */
-| (env->sr & SR_FD)/* Bit 15 */
+| (env->sr & ((1u << SR_MD) | (1u << SR_RB)))  /* Bits 29-30 */
+| (env->sr & (1u << SR_FD))/* Bit 15 */
 | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 4 */
 }
 
diff --git a/target-sh4/gdbstub.c b/target-sh4/gdbstub.c
index df4fa2a..05ba728 100644
--- a/target-sh4/gdbstub.c
+++ b/target-sh4/gdbstub.c
@@ -31,7 +31,7 @@ int superh_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 switch (n) {
 case 0 ... 7:
-if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
+if ((env->sr & (1u << SR_MD)) && (env->sr & (1u << SR_RB))) {
 return gdb_get_regl(mem_buf, env->gregs[n + 16]);
 } else {
 return gdb_get_regl(mem_buf, env->gregs[n]);
@@ -83,7 +83,7 @@ int superh_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 
 switch (n) {
 case 0 ... 7:
-if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
+if ((env->sr & (1u << SR_MD)) && (env->sr & (1u << SR_RB))) {
 env->gregs[n + 16] = ldl_p(mem_buf);
 } else {
 env->gregs[n] = ldl_p(mem_buf);
diff --git a/target-sh4/helper.c b/target-sh4/helper.c
index 5811360..1cb0e8d 100644
--- a/target-sh4/helper.c
+++ b/target-sh4/helper.c
@@ -93,7 +93,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 do_exp = cs->exception_index != -1;
 do_irq = do_irq && (cs->exception_index == -1);
 
-if (env->sr & SR_BL) {
+if (env->sr & (1u << SR_BL)) {
 if (do_exp && cs->exception_index != 0x1e0) {
 cs->exception_index = 0x000; /* masked exception -> reset */
 }
@@ -165,7 +165,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 env->ssr = env->sr;
 env->spc = env->pc;
 env->sgr = env->gregs[15];
-env->sr |= SR_BL | SR_MD | SR_RB;
+env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
 
 if (env->flags & (DELAY_SLOT | DELAY_SLOT_CONDITIONAL)) {
 /* Branch instruction should be executed again before delay slot. */
@@ -182,7 +182,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 case 0x000:
  

[Qemu-devel] [PATCH v3 7/8] target-sh4: factorize fmov implementation

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index daea268..882c8d8 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -1029,24 +1029,18 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
CHECK_FPU_ENABLED
+const int fr = XREG(B7_4);
+TCGv addr = tcg_temp_new_i32();
+tcg_gen_subi_i32(addr, REG(B11_8), 4);
 if (ctx->flags & FPSCR_SZ) {
-   TCGv addr = tcg_temp_new_i32();
-   int fr = XREG(B7_4);
-   tcg_gen_subi_i32(addr, REG(B11_8), 4);
 tcg_gen_qemu_st_i32(cpu_fregs[fr+1], addr, ctx->memidx, MO_TEUL);
tcg_gen_subi_i32(addr, addr, 4);
 tcg_gen_qemu_st_i32(cpu_fregs[fr], addr, ctx->memidx, MO_TEUL);
-   tcg_gen_mov_i32(REG(B11_8), addr);
-   tcg_temp_free(addr);
} else {
-   TCGv addr;
-   addr = tcg_temp_new_i32();
-   tcg_gen_subi_i32(addr, REG(B11_8), 4);
-tcg_gen_qemu_st_i32(cpu_fregs[FREG(B7_4)], addr,
-ctx->memidx, MO_TEUL);
-   tcg_gen_mov_i32(REG(B11_8), addr);
-   tcg_temp_free(addr);
+tcg_gen_qemu_st_i32(cpu_fregs[fr], addr, ctx->memidx, MO_TEUL);
}
+tcg_gen_mov_i32(REG(B11_8), addr);
+tcg_temp_free(addr);
return;
 case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
CHECK_FPU_ENABLED
-- 
2.1.4

[Qemu-devel] [PATCH v3 5/8] target-sh4: optimize negc using add2 and sub2

[Aurelien Jarno]

Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index d5b448e..250632a 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -795,12 +795,12 @@ static void _decode_opc(DisasContext * ctx)
return;
 case 0x600a:   /* negc Rm,Rn */
 {
-TCGv t0 = tcg_temp_new();
-tcg_gen_neg_i32(t0, REG(B7_4));
-tcg_gen_sub_i32(REG(B11_8), t0, cpu_sr_t);
-tcg_gen_setcondi_i32(TCG_COND_GTU, cpu_sr_t, t0, 0);
-tcg_gen_setcond_i32(TCG_COND_GTU, t0, REG(B11_8), t0);
-tcg_gen_or_i32(cpu_sr_t, cpu_sr_t, t0);
+TCGv t0 = tcg_const_i32(0);
+tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
+ REG(B7_4), t0, cpu_sr_t, t0);
+tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
+ t0, t0, REG(B11_8), cpu_sr_t);
+tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
 tcg_temp_free(t0);
 }
return;
-- 
2.1.4

[Qemu-devel] [PATCH v3 2/8] target-sh4: Split out T from SR

[Aurelien Jarno]

In preparation for more efficient setting of this field.

Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.h   |  14 +++-
 target-sh4/gdbstub.c   |   4 +-
 target-sh4/helper.c|   2 +-
 target-sh4/op_helper.c |  32 ++--
 target-sh4/translate.c | 212 -
 5 files changed, 111 insertions(+), 153 deletions(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 76fda35..a308c53 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -138,7 +138,8 @@ typedef struct CPUSH4State {
 uint32_t flags;/* general execution flags */
 uint32_t gregs[24];/* general registers */
 float32 fregs[32]; /* floating point registers */
-uint32_t sr;   /* status register */
+uint32_t sr;/* status register (with T split out) */
+uint32_t sr_t;  /* T bit of status register */
 uint32_t ssr;  /* saved status register */
 uint32_t spc;  /* saved program counter */
 uint32_t gbr;  /* global base register */
@@ -331,6 +332,17 @@ static inline int cpu_ptel_pr (uint32_t ptel)
 
 #define TB_FLAG_PENDING_MOVCA  (1 << 4)
 
+static inline target_ulong cpu_read_sr(CPUSH4State *env)
+{
+return env->sr | (env->sr_t << SR_T);
+}
+
+static inline void cpu_write_sr(CPUSH4State *env, target_ulong sr)
+{
+env->sr_t = sr & (1u << SR_T);
+env->sr = sr & ~(1u << SR_T);
+}
+
 static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
 target_ulong *cs_base, int *flags)
 {
diff --git a/target-sh4/gdbstub.c b/target-sh4/gdbstub.c
index 05ba728..a365a27 100644
--- a/target-sh4/gdbstub.c
+++ b/target-sh4/gdbstub.c
@@ -51,7 +51,7 @@ int superh_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 case 21:
 return gdb_get_regl(mem_buf, env->macl);
 case 22:
-return gdb_get_regl(mem_buf, env->sr);
+return gdb_get_regl(mem_buf, cpu_read_sr(env));
 case 23:
 return gdb_get_regl(mem_buf, env->fpul);
 case 24:
@@ -111,7 +111,7 @@ int superh_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 env->macl = ldl_p(mem_buf);
 break;
 case 22:
-env->sr = ldl_p(mem_buf);
+cpu_write_sr(env, ldl_p(mem_buf));
 break;
 case 23:
 env->fpul = ldl_p(mem_buf);
diff --git a/target-sh4/helper.c b/target-sh4/helper.c
index 1cb0e8d..a533f08 100644
--- a/target-sh4/helper.c
+++ b/target-sh4/helper.c
@@ -162,7 +162,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 log_cpu_state(cs, 0);
 }
 
-env->ssr = env->sr;
+env->ssr = cpu_read_sr(env);
 env->spc = env->pc;
 env->sgr = env->gregs[15];
 env->sr |= (1u << SR_BL) | (1u << SR_MD) | (1u << SR_RB);
diff --git a/target-sh4/op_helper.c b/target-sh4/op_helper.c
index 6f34292..524d7f6 100644
--- a/target-sh4/op_helper.c
+++ b/target-sh4/op_helper.c
@@ -156,11 +156,11 @@ void helper_ocbi(CPUSH4State *env, uint32_t address)
 }
 }
 
-#define T (env->sr & (1u << SR_T))
+#define T (env->sr_t)
 #define Q (env->sr & (1u << SR_Q) ? 1 : 0)
 #define M (env->sr & (1u << SR_M) ? 1 : 0)
-#define SETT (env->sr |= (1u << SR_T))
-#define CLRT (env->sr &= ~(1u << SR_T))
+#define SETT (env->sr_t = 1)
+#define CLRT (env->sr_t = 0)
 #define SETQ (env->sr |= (1u << SR_Q))
 #define CLRQ (env->sr &= ~(1u << SR_Q))
 #define SETM (env->sr |= (1u << SR_M))
@@ -309,16 +309,6 @@ void helper_macw(CPUSH4State *env, uint32_t arg0, uint32_t 
arg1)
 }
 }
 
-static inline void set_t(CPUSH4State *env)
-{
-env->sr |= (1u << SR_T);
-}
-
-static inline void clr_t(CPUSH4State *env)
-{
-env->sr &= ~(1u << SR_T);
-}
-
 void helper_ld_fpscr(CPUSH4State *env, uint32_t val)
 {
 env->fpscr = val & FPSCR_MASK;
@@ -403,10 +393,8 @@ void helper_fcmp_eq_FT(CPUSH4State *env, float32 t0, 
float32 t1)
 relation = float32_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_equal) {
-set_t(env);
 } else {
-clr_t(env);
+env->sr_t = (relation == float_relation_equal);
 }
 }
 
@@ -418,10 +406,8 @@ void helper_fcmp_eq_DT(CPUSH4State *env, float64 t0, 
float64 t1)
 relation = float64_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_equal) {
-set_t(env);
 } else {
-clr_t(env);
+env->sr_t = (relation == float_relation_equal);
 }
 }
 
@@ -433,10 +419,8 @@ void helper_fcmp_gt_FT(CPUSH4State *env, float32 t0, 
float32 t1)
 relation = float32_compare(t0, t1, &env->fp_status);
 if (unlikely(relation == float_relation_unordered)) {
 update_fpscr(env, GETPC());
-} else if (relation == float_relation_greater) {
-set_t(env);

[Qemu-devel] [PATCH v3 8/8] target-sh4: remove dead code

[Aurelien Jarno]

Reviewed-by: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/translate.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index 882c8d8..38d4a6f 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -18,7 +18,6 @@
  */
 
 #define DEBUG_DISAS
-//#define SH4_SINGLE_STEP
 
 #include "cpu.h"
 #include "disas/disas.h"
-- 
2.1.4

[Qemu-devel] [PATCH v3 0/8] target-sh4: optimizations and cleanups

[Aurelien Jarno]

This patchset improves the SH4 emulation by using the recently added
TCG instructions, namely add2, sub2 and movcond. For that the T, Q and
M bits are split out from the SR register. This allow the optimizer and
the liveness analysis to do some more optimisations.

The last two patches are doing cleanup in the code.

Changes v2 -> v3:
- rebased
- patch 2: don't mask out T bit from env->sr when reading
- patch 6: don't mask out Q and M bits from env->sr when reading
   correctly compute M bit in div0s
   add some comments to explain the tricks used in div1

Changes v1 -> v2:
- rebased
- added last patch

Aurelien Jarno (8):
  target-sh4: use bit number for SR constants
  target-sh4: Split out T from SR
  target-sh4: optimize addc using add2
  target-sh4: optimize subc using sub2
  target-sh4: optimize negc using add2 and sub2
  target-sh4: split out Q and M from of SR and optimize div1
  target-sh4: factorize fmov implementation
  target-sh4: remove dead code

 target-sh4/cpu.c   |   3 +-
 target-sh4/cpu.h   |  50 +---
 target-sh4/gdbstub.c   |   8 +-
 target-sh4/helper.c|  29 ++---
 target-sh4/helper.h|   1 -
 target-sh4/op_helper.c | 148 +---
 target-sh4/translate.c | 307 +
 7 files changed, 217 insertions(+), 329 deletions(-)

-- 
2.1.4

[Qemu-devel] [PATCH v3 6/8] target-sh4: split out Q and M from of SR and optimize div1

[Aurelien Jarno]

Splitting Q and M out of SR, it's possible to optimize div1 by using
TCG code instead of an helper.

Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.h   |  12 +++--
 target-sh4/helper.h|   1 -
 target-sh4/op_helper.c | 118 -
 target-sh4/translate.c |  70 -
 4 files changed, 69 insertions(+), 132 deletions(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index a308c53..4a027a6 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -139,6 +139,8 @@ typedef struct CPUSH4State {
 uint32_t gregs[24];/* general registers */
 float32 fregs[32]; /* floating point registers */
 uint32_t sr;/* status register (with T split out) */
+uint32_t sr_m;  /* M bit of status register */
+uint32_t sr_q;  /* Q bit of status register */
 uint32_t sr_t;  /* T bit of status register */
 uint32_t ssr;  /* saved status register */
 uint32_t spc;  /* saved program counter */
@@ -334,13 +336,17 @@ static inline int cpu_ptel_pr (uint32_t ptel)
 
 static inline target_ulong cpu_read_sr(CPUSH4State *env)
 {
-return env->sr | (env->sr_t << SR_T);
+return env->sr | (env->sr_m << SR_M) |
+ (env->sr_q << SR_Q) |
+ (env->sr_t << SR_T);
 }
 
 static inline void cpu_write_sr(CPUSH4State *env, target_ulong sr)
 {
-env->sr_t = sr & (1u << SR_T);
-env->sr = sr & ~(1u << SR_T);
+env->sr_m = (sr >> SR_M) & 1;
+env->sr_q = (sr >> SR_Q) & 1;
+env->sr_t = (sr >> SR_T) & 1;
+env->sr = sr & ~((1u << SR_M) | (1u << SR_Q) | (1u << SR_T));
 }
 
 static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
diff --git a/target-sh4/helper.h b/target-sh4/helper.h
index 3b5c436..c9bc407 100644
--- a/target-sh4/helper.h
+++ b/target-sh4/helper.h
@@ -11,7 +11,6 @@ DEF_HELPER_3(movcal, void, env, i32, i32)
 DEF_HELPER_1(discard_movcal_backup, void, env)
 DEF_HELPER_2(ocbi, void, env, i32)
 
-DEF_HELPER_3(div1, i32, env, i32, i32)
 DEF_HELPER_3(macl, void, env, i32, i32)
 DEF_HELPER_3(macw, void, env, i32, i32)
 
diff --git a/target-sh4/op_helper.c b/target-sh4/op_helper.c
index 524d7f6..cbc11ae 100644
--- a/target-sh4/op_helper.c
+++ b/target-sh4/op_helper.c
@@ -156,124 +156,6 @@ void helper_ocbi(CPUSH4State *env, uint32_t address)
 }
 }
 
-#define T (env->sr_t)
-#define Q (env->sr & (1u << SR_Q) ? 1 : 0)
-#define M (env->sr & (1u << SR_M) ? 1 : 0)
-#define SETT (env->sr_t = 1)
-#define CLRT (env->sr_t = 0)
-#define SETQ (env->sr |= (1u << SR_Q))
-#define CLRQ (env->sr &= ~(1u << SR_Q))
-#define SETM (env->sr |= (1u << SR_M))
-#define CLRM (env->sr &= ~(1u << SR_M))
-
-uint32_t helper_div1(CPUSH4State *env, uint32_t arg0, uint32_t arg1)
-{
-uint32_t tmp0, tmp2;
-uint8_t old_q, tmp1 = 0xff;
-
-//printf("div1 arg0=0x%08x arg1=0x%08x M=%d Q=%d T=%d\n", arg0, arg1, M, 
Q, T);
-old_q = Q;
-if ((0x8000 & arg1) != 0)
-   SETQ;
-else
-   CLRQ;
-tmp2 = arg0;
-arg1 <<= 1;
-arg1 |= T;
-switch (old_q) {
-case 0:
-   switch (M) {
-   case 0:
-   tmp0 = arg1;
-   arg1 -= tmp2;
-   tmp1 = arg1 > tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   case 1:
-   tmp0 = arg1;
-   arg1 += tmp2;
-   tmp1 = arg1 < tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   }
-   break;
-case 1:
-   switch (M) {
-   case 0:
-   tmp0 = arg1;
-   arg1 += tmp2;
-   tmp1 = arg1 < tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   }
-   break;
-   case 1:
-   tmp0 = arg1;
-   arg1 -= tmp2;
-   tmp1 = arg1 > tmp0;
-   switch (Q) {
-   case 0:
-   if (tmp1 == 0)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   case 1:
-   if (tmp1)
-   SETQ;
-   else
-   CLRQ;
-   break;
-   

[Qemu-devel] [PATCH 00/10] target-s390x: TCG fixes and improvements

[Aurelien Jarno]

This patchset fixes a few issues with the s390x emulation and improves
it a bit by a emulating a few more instructions.

With this patchset and the ones posted a few days ago, I have been able
to build the GNU libc in both a 64-bit guest with 64-bit userland and a
64-bit guest with a 31-bit userland and pass the testsuite in both
cases.

Aurelien Jarno (10):
  target-s390x: fix PSW value on dynamical exception from helpers
  target-s390x: fix MMU index computation
  target-s390x: define default NaN values
  target-s390x: silence NaNs for LOAD LENGTHENED and LOAD ROUNDED
  target-s390x: detect tininess before rounding for FP operations
  target-s390x: improve facilities list
  target-s390x: enable fully implemented facilities
  target-s390x: implement STFLE instruction
  target-s390x: move a few instructions to the correct facility
  target-s390x: implement LAY and LAEY instructions

 fpu/softfloat-specialize.h |  8 +++--
 target-s390x/cpu.c |  8 +
 target-s390x/cpu.h | 81 +++---
 target-s390x/fpu_helper.c  | 12 +++
 target-s390x/helper.h  |  1 +
 target-s390x/insn-data.def | 13 +---
 target-s390x/misc_helper.c | 21 +++-
 target-s390x/translate.c   | 46 --
 8 files changed, 170 insertions(+), 20 deletions(-)

-- 
2.1.4

[Qemu-devel] [PATCH 10/10] target-s390x: implement LAY and LAEY instructions

[Aurelien Jarno]

This complete the general-instructions-extension facility, enable it.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.h |  2 +-
 target-s390x/insn-data.def |  3 +++
 target-s390x/translate.c   | 35 +++
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 3110c1f..43a1c70 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -200,7 +200,7 @@ static const uint64_t facilities_dw[] = {
 (0ULL << 32) | /* b31: Extract-CPU-time facility */
 (0ULL << 31) | /* b32: Compare-and-swap-and-store facility */
 (0ULL << 30) | /* b33: Compare-and-swap-and-store facility 2 */
-(0ULL << 29) | /* b34: General-instructions-extension facility */
+(1ULL << 29) | /* b34: General-instructions-extension facility */
 (1ULL << 28) | /* b35: Execute-extensions facility  */
 (0ULL << 27) | /* b36: Enhanced-monitor facility */
 (0ULL << 26) | /* b37: Floating-point extension facility */
diff --git a/target-s390x/insn-data.def b/target-s390x/insn-data.def
index d57ce32..c44838d 100644
--- a/target-s390x/insn-data.def
+++ b/target-s390x/insn-data.def
@@ -357,6 +357,9 @@
 /* LOAD ADDRESS */
 C(0x4100, LA,  RX_a,  Z,   0, a2, 0, r1, mov2, 0)
 C(0xe371, LAY, RXY_a, LD,  0, a2, 0, r1, mov2, 0)
+/* LOAD ADDRESS EXTENDED */
+C(0x5100, LAE, RX_a,  Z,   0, a2, 0, r1, mov2e, 0)
+C(0xe375, LAEY,RXY_a, GIE, 0, a2, 0, r1, mov2e, 0)
 /* LOAD ADDRESS RELATIVE LONG */
 C(0xc000, LARL,RIL_b, Z,   0, ri2, 0, r1, mov2, 0)
 /* LOAD AND ADD */
diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index 78b8cdc..da7cc42 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -2566,6 +2566,41 @@ static ExitStatus op_mov2(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_mov2e(DisasContext *s, DisasOps *o)
+{
+int b2 = get_field(s->fields, b2);
+TCGv ar1 = tcg_temp_new_i64();
+
+o->out = o->in2;
+o->g_out = o->g_in2;
+TCGV_UNUSED_I64(o->in2);
+o->g_in2 = false;
+
+switch (s->tb->flags & FLAG_MASK_ASC) {
+case PSW_ASC_PRIMARY >> 32:
+tcg_gen_movi_i64(ar1, 0);
+break;
+case PSW_ASC_ACCREG >> 32:
+tcg_gen_movi_i64(ar1, 1);
+break;
+case PSW_ASC_SECONDARY >> 32:
+if (b2) {
+tcg_gen_ld32u_i64(ar1, cpu_env, offsetof(CPUS390XState, 
aregs[b2]));
+} else {
+tcg_gen_movi_i64(ar1, 0);
+}
+break;
+case PSW_ASC_HOME >> 32:
+tcg_gen_movi_i64(ar1, 2);
+break;
+}
+
+tcg_gen_st32_i64(ar1, cpu_env, offsetof(CPUS390XState, aregs[1]));
+tcg_temp_free_i64(ar1);
+
+return NO_EXIT;
+}
+
 static ExitStatus op_movx(DisasContext *s, DisasOps *o)
 {
 o->out = o->in1;
-- 
2.1.4

[Qemu-devel] [PATCH 05/10] target-s390x: detect tininess before rounding for FP operations

[Aurelien Jarno]

The s390x floating point unit detects tininess before rounding, so set
the softfloat fp_status up appropriately.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/target-s390x/cpu.c b/target-s390x/cpu.c
index d2f9836..7f17823 100644
--- a/target-s390x/cpu.c
+++ b/target-s390x/cpu.c
@@ -118,6 +118,10 @@ static void s390_cpu_initial_reset(CPUState *s)
 
 env->pfault_token = -1UL;
 
+/* tininess for underflow is detected before rounding */
+set_float_detect_tininess(float_tininess_before_rounding,
+  &env->fpu_status);
+
 /* Reset state inside the kernel that we cannot access yet from QEMU. */
 if (kvm_enabled()) {
 kvm_s390_reset_vcpu(cpu);
@@ -143,6 +147,10 @@ static void s390_cpu_full_reset(CPUState *s)
 
 env->pfault_token = -1UL;
 
+/* tininess for underflow is detected before rounding */
+set_float_detect_tininess(float_tininess_before_rounding,
+  &env->fpu_status);
+
 /* Reset state inside the kernel that we cannot access yet from QEMU. */
 if (kvm_enabled()) {
 kvm_s390_reset_vcpu(cpu);
-- 
2.1.4

[Qemu-devel] [PATCH 01/10] target-s390x: fix PSW value on dynamical exception from helpers

[Aurelien Jarno]

runtime_exception computes the psw.addr value using the actual exception
address and the instruction length computed by calling the get_ilen
function. However as explained above the get_ilen code, it returns the
actual instruction length, and not the ILC. Therefore there is no need to
multiply the value by 2.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/misc_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index 3ec7268..b375ab7 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -61,7 +61,7 @@ void QEMU_NORETURN runtime_exception(CPUS390XState *env, int 
excp,
 /* Advance past the insn.  */
 t = cpu_ldub_code(env, env->psw.addr);
 env->int_pgm_ilen = t = get_ilen(t);
-env->psw.addr += 2 * t;
+env->psw.addr += t;
 
 cpu_loop_exit(cs);
 }
-- 
2.1.4

[Qemu-devel] [PATCH 07/10] target-s390x: enable fully implemented facilities

[Aurelien Jarno]

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 8bda2e0..35bfdec 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -169,7 +169,7 @@ typedef struct CPUS390XState {
 static const uint64_t facilities_dw[] = {
 (1ULL << 63) | /* b 0: z/Architecture new instructions added to ESA/390 */
 (1ULL << 62) | /* b 1: z/Architecture architectural */
-(0ULL << 61) | /* b 2: z/Architecture architectural active */
+(1ULL << 61) | /* b 2: z/Architecture architectural active */
 (0ULL << 60) | /* b 3: IDTE */
 (0ULL << 59) | /* b 4: IDTE selective clearing when segtab invalidated */
 (0ULL << 58) | /* b 5: IDTE selective clearing when regtab invalidated */
@@ -188,7 +188,7 @@ static const uint64_t facilities_dw[] = {
 (0ULL << 45) | /* b18: Long-displacement facility */
 (0ULL << 44) | /* b19: High performance long-displacement facility */
 (0ULL << 43) | /* b20: HFP-multiply-and-add/subtract facility */
-(0ULL << 42) | /* b21: Extended-immediate facility */
+(1ULL << 42) | /* b21: Extended-immediate facility */
 (0ULL << 41) | /* b22: Extended-translation facility 3 */
 (0ULL << 40) | /* b23: HFP-unnormalized-extension facility */
 (0ULL << 39) | /* b24: ETF2-enhancement facility */
@@ -201,7 +201,7 @@ static const uint64_t facilities_dw[] = {
 (0ULL << 31) | /* b32: Compare-and-swap-and-store facility */
 (0ULL << 30) | /* b33: Compare-and-swap-and-store facility 2 */
 (0ULL << 29) | /* b34: General-instructions-extension facility */
-(0ULL << 28) | /* b35: Execute-extensions facility  */
+(1ULL << 28) | /* b35: Execute-extensions facility  */
 (0ULL << 27) | /* b36: Enhanced-monitor facility */
 (0ULL << 26) | /* b37: Floating-point extension facility */
 (0ULL << 24) | /* b39: IBM internal use */
-- 
2.1.4

[Qemu-devel] [PATCH 02/10] target-s390x: fix MMU index computation

[Aurelien Jarno]

The cpu_mmu_index function wrongly looks at PSW P bit to determine the
MMU index, while this bit actually only control the use of priviledge
instructions. The addressing mode is detected by looking at the PSW ASC
bits instead.

This used to work more or less correctly up to kernel 3.6 as the kernel
was running in primary space and userland in secondary space. Since
kernel 3.7 the default is to run the kernel in home space and userland
in primary space. While the current QEMU code seems to work it open some
security issues, like accessing the lowcore memory in R/W mode from a
userspace process once it has been accessed by the kernel (it is then
cached by the QEMU TLB).

At the same time change the MMU_USER_IDX value so that it matches the
value used in recent kernels.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.h | 15 +++
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 71ef847..99773e0 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -48,7 +48,7 @@
 #define MMU_MODE1_SUFFIX _secondary
 #define MMU_MODE2_SUFFIX _home
 
-#define MMU_USER_IDX 1
+#define MMU_USER_IDX 0
 
 #define MAX_EXT_QUEUE 16
 #define MAX_IO_QUEUE 16
@@ -295,11 +295,18 @@ typedef struct CPUS390XState {
 
 static inline int cpu_mmu_index (CPUS390XState *env)
 {
-if (env->psw.mask & PSW_MASK_PSTATE) {
+switch (env->psw.mask & PSW_MASK_ASC) {
+case PSW_ASC_PRIMARY:
+return 0;
+case PSW_ASC_SECONDARY:
 return 1;
+case PSW_ASC_HOME:
+return 2;
+case PSW_ASC_ACCREG:
+/* Fallthrough: access register mode is not yet supported */
+default:
+abort();
 }
-
-return 0;
 }
 
 static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc,
-- 
2.1.4

[Qemu-devel] [PATCH 09/10] target-s390x: move a few instructions to the correct facility

[Aurelien Jarno]

LY is part of the long-displacement facility.
RISBHG and RISBLG are part of the high-word facility.
STCMH is part of the z/Architecture.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/insn-data.def | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-s390x/insn-data.def b/target-s390x/insn-data.def
index fd45730..d57ce32 100644
--- a/target-s390x/insn-data.def
+++ b/target-s390x/insn-data.def
@@ -336,7 +336,7 @@
 /* LOAD */
 C(0x1800, LR,  RR_a,  Z,   0, r2_o, 0, cond_r1r2_32, mov2, 0)
 C(0x5800, L,   RX_a,  Z,   0, a2, new, r1_32, ld32s, 0)
-C(0xe358, LY,  RXY_a, Z,   0, a2, new, r1_32, ld32s, 0)
+C(0xe358, LY,  RXY_a, LD,  0, a2, new, r1_32, ld32s, 0)
 C(0xb904, LGR, RRE,   Z,   0, r2_o, 0, r1, mov2, 0)
 C(0xb914, LGFR,RRE,   Z,   0, r2_32s, 0, r1, mov2, 0)
 C(0xe304, LG,  RXY_a, Z,   0, a2, r1, 0, ld64, 0)
@@ -595,8 +595,8 @@
 
 /* ROTATE THEN INSERT SELECTED BITS */
 C(0xec55, RISBG,   RIE_f, GIE, 0, r2, r1, 0, risbg, s64)
-C(0xec5d, RISBHG,  RIE_f, GIE, 0, r2, r1, 0, risbg, 0)
-C(0xec51, RISBLG,  RIE_f, GIE, 0, r2, r1, 0, risbg, 0)
+C(0xec5d, RISBHG,  RIE_f, HW,  0, r2, r1, 0, risbg, 0)
+C(0xec51, RISBLG,  RIE_f, HW,  0, r2, r1, 0, risbg, 0)
 /* ROTATE_THEN  SELECTED BITS */
 C(0xec54, RNSBG,   RIE_f, GIE, 0, r2, r1, 0, rosbg, 0)
 C(0xec56, ROSBG,   RIE_f, GIE, 0, r2, r1, 0, rosbg, 0)
@@ -670,7 +670,7 @@
 /* STORE CHARACTERS UNDER MASK */
 D(0xbe00, STCM,RS_b,  Z,   r1_o, a2, 0, 0, stcm, 0, 0)
 D(0xeb2d, STCMY,   RSY_b, LD,  r1_o, a2, 0, 0, stcm, 0, 0)
-D(0xeb2c, STCMH,   RSY_b, LD,  r1_o, a2, 0, 0, stcm, 0, 32)
+D(0xeb2c, STCMH,   RSY_b, Z,   r1_o, a2, 0, 0, stcm, 0, 32)
 /* STORE HALFWORD */
 C(0x4000, STH, RX_a,  Z,   r1_o, a2, 0, 0, st16, 0)
 C(0xe370, STHY,RXY_a, LD,  r1_o, a2, 0, 0, st16, 0)
-- 
2.1.4

[Qemu-devel] [PATCH 04/10] target-s390x: silence NaNs for LOAD LENGTHENED and LOAD ROUNDED

[Aurelien Jarno]

LOAD LENGTHENED and LOAD ROUNDED are considered as FP operations and
thus need to convert input sNaN into corresponding qNaN.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/fpu_helper.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/target-s390x/fpu_helper.c b/target-s390x/fpu_helper.c
index b946ec1..96eabb6 100644
--- a/target-s390x/fpu_helper.c
+++ b/target-s390x/fpu_helper.c
@@ -265,7 +265,7 @@ uint64_t HELPER(ldeb)(CPUS390XState *env, uint64_t f2)
 {
 float64 ret = float32_to_float64(f2, &env->fpu_status);
 handle_exceptions(env, GETPC());
-return ret;
+return float64_maybe_silence_nan(ret);
 }
 
 /* convert 128-bit float to 64-bit float */
@@ -273,7 +273,7 @@ uint64_t HELPER(ldxb)(CPUS390XState *env, uint64_t ah, 
uint64_t al)
 {
 float64 ret = float128_to_float64(make_float128(ah, al), &env->fpu_status);
 handle_exceptions(env, GETPC());
-return ret;
+return float64_maybe_silence_nan(ret);
 }
 
 /* convert 64-bit float to 128-bit float */
@@ -281,7 +281,7 @@ uint64_t HELPER(lxdb)(CPUS390XState *env, uint64_t f2)
 {
 float128 ret = float64_to_float128(f2, &env->fpu_status);
 handle_exceptions(env, GETPC());
-return RET128(ret);
+return RET128(float128_maybe_silence_nan(ret));
 }
 
 /* convert 32-bit float to 128-bit float */
@@ -289,7 +289,7 @@ uint64_t HELPER(lxeb)(CPUS390XState *env, uint64_t f2)
 {
 float128 ret = float32_to_float128(f2, &env->fpu_status);
 handle_exceptions(env, GETPC());
-return RET128(ret);
+return RET128(float128_maybe_silence_nan(ret));
 }
 
 /* convert 64-bit float to 32-bit float */
@@ -297,7 +297,7 @@ uint64_t HELPER(ledb)(CPUS390XState *env, uint64_t f2)
 {
 float32 ret = float64_to_float32(f2, &env->fpu_status);
 handle_exceptions(env, GETPC());
-return ret;
+return float32_maybe_silence_nan(ret);
 }
 
 /* convert 128-bit float to 32-bit float */
@@ -305,7 +305,7 @@ uint64_t HELPER(lexb)(CPUS390XState *env, uint64_t ah, 
uint64_t al)
 {
 float32 ret = float128_to_float32(make_float128(ah, al), &env->fpu_status);
 handle_exceptions(env, GETPC());
-return ret;
+return float32_maybe_silence_nan(ret);
 }
 
 /* 32-bit FP compare */
-- 
2.1.4

[Qemu-devel] [PATCH 08/10] target-s390x: implement STFLE instruction

[Aurelien Jarno]

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.h |  2 +-
 target-s390x/helper.h  |  1 +
 target-s390x/insn-data.def |  2 ++
 target-s390x/misc_helper.c | 19 +++
 target-s390x/translate.c   |  7 +++
 5 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 35bfdec..3110c1f 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -174,7 +174,7 @@ static const uint64_t facilities_dw[] = {
 (0ULL << 59) | /* b 4: IDTE selective clearing when segtab invalidated */
 (0ULL << 58) | /* b 5: IDTE selective clearing when regtab invalidated */
 (0ULL << 57) | /* b 6: ASN-and-LX-reuse facility */
-(0ULL << 56) | /* b 7: Store-facility-list-extended facility */
+(1ULL << 56) | /* b 7: Store-facility-list-extended facility */
 (0ULL << 55) | /* b 8: Enhanced-DAT facility */
 (0ULL << 54) | /* b 9: Sense-running-status facility */
 (0ULL << 53) | /* b10: Conditional-SSKE facility */
diff --git a/target-s390x/helper.h b/target-s390x/helper.h
index e6f2afb..2dc01a0 100644
--- a/target-s390x/helper.h
+++ b/target-s390x/helper.h
@@ -79,6 +79,7 @@ DEF_HELPER_FLAGS_5(calc_cc, TCG_CALL_NO_RWG_SE, i32, env, 
i32, i64, i64, i64)
 DEF_HELPER_FLAGS_2(sfpc, TCG_CALL_NO_RWG, void, env, i64)
 DEF_HELPER_FLAGS_2(sfas, TCG_CALL_NO_WG, void, env, i64)
 DEF_HELPER_FLAGS_1(popcnt, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_2(stfle, i32, env, i64)
 
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target-s390x/insn-data.def b/target-s390x/insn-data.def
index 72c3a2e..fd45730 100644
--- a/target-s390x/insn-data.def
+++ b/target-s390x/insn-data.def
@@ -827,6 +827,8 @@
 /* STORE CPU TIMER */
 C(0xb209, STPT,S, Z,   la2, 0, new, m1_64, stpt, 0)
 /* STORE FACILITY LIST */
+C(0xb2b0, STFLE,   S, SFLE, 0, a2, 0, 0, stfle, 0)
+/* STORE FACILITY LIST */
 C(0xb2b1, STFL,S, Z,   0, 0, 0, 0, stfl, 0)
 /* STORE PREFIX */
 C(0xb211, STPX,S, Z,   la2, 0, new, m1_32, stpx, 0)
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index b375ab7..711f365 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -76,6 +76,25 @@ void HELPER(exception)(CPUS390XState *env, uint32_t excp)
 cpu_loop_exit(cs);
 }
 
+/* Store faciliy list extended */
+uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t dest)
+{
+int nf = sizeof(facilities_dw) / sizeof(facilities_dw[0]);
+int rf = (env->regs[0] & 0xff) + 1;
+int i;
+
+for (i = 0; i < MIN(nf, rf); i++) {
+cpu_stq_data(env, dest, facilities_dw[i]);
+dest += 8;
+}
+
+if (rf > nf) {
+env->regs[0] = (env->regs[0] & ~0xff) | (nf - 1);
+}
+
+return (rf < nf) ? 3 : 0;
+}
+
 #ifndef CONFIG_USER_ONLY
 
 void program_interrupt(CPUS390XState *env, uint32_t code, int ilen)
diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index 542da53..78b8cdc 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -3382,6 +3382,13 @@ static ExitStatus op_stfl(DisasContext *s, DisasOps *o)
 return NO_EXIT;
 }
 
+static ExitStatus op_stfle(DisasContext *s, DisasOps *o)
+{
+gen_helper_stfle(cc_op, cpu_env, o->in2);
+set_cc_static(s);
+return NO_EXIT;
+}
+
 static ExitStatus op_stpt(DisasContext *s, DisasOps *o)
 {
 check_privileged(s);
-- 
2.1.4

[Qemu-devel] [PATCH 06/10] target-s390x: improve facilities list

[Aurelien Jarno]

We currently use an hardcoded value for the STFL instruction. Move that
to a still hardcoded value but computed from bit values. This is more
maintainable and can be reused for the STFLE instruction.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 target-s390x/cpu.h   | 66 
 target-s390x/translate.c |  4 +--
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 99773e0..8bda2e0 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -165,6 +165,72 @@ typedef struct CPUS390XState {
 #include "cpu-qom.h"
 #include 
 
+/* Facilities list */
+static const uint64_t facilities_dw[] = {
+(1ULL << 63) | /* b 0: z/Architecture new instructions added to ESA/390 */
+(1ULL << 62) | /* b 1: z/Architecture architectural */
+(0ULL << 61) | /* b 2: z/Architecture architectural active */
+(0ULL << 60) | /* b 3: IDTE */
+(0ULL << 59) | /* b 4: IDTE selective clearing when segtab invalidated */
+(0ULL << 58) | /* b 5: IDTE selective clearing when regtab invalidated */
+(0ULL << 57) | /* b 6: ASN-and-LX-reuse facility */
+(0ULL << 56) | /* b 7: Store-facility-list-extended facility */
+(0ULL << 55) | /* b 8: Enhanced-DAT facility */
+(0ULL << 54) | /* b 9: Sense-running-status facility */
+(0ULL << 53) | /* b10: Conditional-SSKE facility */
+(0ULL << 52) | /* b11: Configuration-topology facility */
+(0ULL << 51) | /* b12: IBM internal use */
+(0ULL << 50) | /* b13: IPTE-Range facility */
+(0ULL << 49) | /* b14: Nonquiescing key-setting facility */
+(0ULL << 48) | /* b15: IBM internal use */
+(0ULL << 47) | /* b16: Extended-translation facility 2 */
+(0ULL << 46) | /* b17: Message-security assist */
+(0ULL << 45) | /* b18: Long-displacement facility */
+(0ULL << 44) | /* b19: High performance long-displacement facility */
+(0ULL << 43) | /* b20: HFP-multiply-and-add/subtract facility */
+(0ULL << 42) | /* b21: Extended-immediate facility */
+(0ULL << 41) | /* b22: Extended-translation facility 3 */
+(0ULL << 40) | /* b23: HFP-unnormalized-extension facility */
+(0ULL << 39) | /* b24: ETF2-enhancement facility */
+(0ULL << 38) | /* b25: Store-clock-fast facility */
+(0ULL << 37) | /* b26: Parsing-enhancement facility */
+(0ULL << 36) | /* b27: Move-with-optional-specifications facility */
+(0ULL << 35) | /* b28: TOD-clock-steering facility */
+(0ULL << 33) | /* b30: ETF3-enhancement facility */
+(0ULL << 32) | /* b31: Extract-CPU-time facility */
+(0ULL << 31) | /* b32: Compare-and-swap-and-store facility */
+(0ULL << 30) | /* b33: Compare-and-swap-and-store facility 2 */
+(0ULL << 29) | /* b34: General-instructions-extension facility */
+(0ULL << 28) | /* b35: Execute-extensions facility  */
+(0ULL << 27) | /* b36: Enhanced-monitor facility */
+(0ULL << 26) | /* b37: Floating-point extension facility */
+(0ULL << 24) | /* b39: IBM internal use */
+(0ULL << 23) | /* b40: Set-program-parameters facility */
+(0ULL << 22) | /* b41: Floating-point-support-enhancement facilities */
+(0ULL << 21) | /* b42: DFP facility */
+(0ULL << 20) | /* b43: High performance DFP facility */
+(0ULL << 19) | /* b44: PFPO instruction */
+(0ULL << 18) | /* b45: Fast-BCR-serialization facility */
+(0ULL << 17) | /* b46: IBM internal use */
+(0ULL << 16) | /* b47: CMPSC-enhancement facility */
+(0ULL << 15) | /* b48: DFP zoned-conversion facility */
+(0ULL << 14) | /* b49: Execution-hint, load-and-trap facility */
+(0ULL << 13) | /* b50: Transactional-execution facility */
+(0ULL << 12) | /* b51: Local-TLB-clearing facility */
+(0ULL << 11) | /* b52: interlocked-access facility 2 */
+(0ULL <<  1) | /* b62: IBM internal use */
+(0ULL <<  0)   /* b63: IBM internal use */
+,
+(0ULL << 61) | /* b66: Reset-reference-bits-multiple facility */
+(0ULL << 60) | /* b67: CPU-measurement counter facility */
+(0ULL << 59) | /* b68: CPU-measurement sampling facility */
+(0ULL << 54) | /* b73: Transactional-execution facility in zArch */
+(0ULL << 52) | /* b75: Access-exception-fetch/store-indication facility */
+(0ULL << 51) | /* b76: Message-security-assist-extension-3 facility */
+(0ULL << 50) | /* b77: Message-security-assist-extension-4 facility */
+(0ULL << 49)   /* b78: Enhanced-DAT facility 2 */
+};
+
 /* distinguish between 24 bit and 31 bit addressing */
 #define HIGH_ORDER_BIT 0x8000
 
diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index 745195f..542da53 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -3373,10 +3373,8 @@ static ExitStatus op_spt(DisasContext *s, DisasOps *o)
 static ExitStatus op_stfl(DisasContext *s, DisasOps *o)
 {
 TCGv_i64 f, a;
-/* We really ought to have more complete indication of facilities
- 

[Qemu-devel] [PATCH 03/10] target-s390x: define default NaN values

[Aurelien Jarno]

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Aurelien Jarno 
---
 fpu/softfloat-specialize.h | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fpu/softfloat-specialize.h b/fpu/softfloat-specialize.h
index fa1214a..6dd41d8 100644
--- a/fpu/softfloat-specialize.h
+++ b/fpu/softfloat-specialize.h
@@ -113,7 +113,7 @@ const float16 float16_default_nan = const_float16(0xFE00);
 #if defined(TARGET_SPARC)
 const float32 float32_default_nan = const_float32(0x7FFF);
 #elif defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_ALPHA) || \
-  defined(TARGET_XTENSA)
+  defined(TARGET_XTENSA) || defined(TARGET_S390X)
 const float32 float32_default_nan = const_float32(0x7FC0);
 #elif SNAN_BIT_IS_ONE
 const float32 float32_default_nan = const_float32(0x7FBF);
@@ -126,7 +126,8 @@ const float32 float32_default_nan = 
const_float32(0xFFC0);
 **/
 #if defined(TARGET_SPARC)
 const float64 float64_default_nan = const_float64(LIT64( 0x7FFF ));
-#elif defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_ALPHA)
+#elif defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_ALPHA) || \
+  defined(TARGET_S390X)
 const float64 float64_default_nan = const_float64(LIT64( 0x7FF8 ));
 #elif SNAN_BIT_IS_ONE
 const float64 float64_default_nan = const_float64(LIT64(0x7FF7));
@@ -155,6 +156,9 @@ const floatx80 floatx80_default_nan
 #if SNAN_BIT_IS_ONE
 #define float128_default_nan_high LIT64(0x7FFF7FFF)
 #define float128_default_nan_low  LIT64(0x)
+#elif defined(TARGET_S390X)
+#define float128_default_nan_high LIT64( 0x7FFF8000 )
+#define float128_default_nan_low  LIT64( 0x )
 #else
 #define float128_default_nan_high LIT64( 0x8000 )
 #define float128_default_nan_low  LIT64( 0x )
-- 
2.1.4

Re: [Qemu-devel] [PATCH] configure: Check for libfdt version 1.4.0

[David Gibson]

On Mon, May 18, 2015 at 09:43:21AM +0200, Thomas Huth wrote:
> Some recent patches require functions from libfdt version 1.4.0,
> so we should check for this version during the configure step
> already. Unfortunately, there does not seem to be a proper #define
> for the version number in the libfdt headers. So alternatively, we
> check for the availability of the fdtXX_t types instead which have
> just been introduced with version 1.4.0.

Um.. I'm confused by this.  As far as I can recall the fdtXX_t types
have been in libfdt since.. well, forever, basically.

> 
> Signed-off-by: Thomas Huth 
> ---
>  configure | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/configure b/configure
> index b18aa9e..87a5bbc 100755
> --- a/configure
> +++ b/configure
> @@ -3091,9 +3091,10 @@ fi
>  if test "$fdt" != "no" ; then
>fdt_libs="-lfdt"
># explicitly check for libfdt_env.h as it is missing in some stable 
> installs
> +  # and also test for fdtXX_t to make sure we are on a version >= 1.4.0
>cat > $TMPC << EOF
>  #include 
> -int main(void) { return 0; }
> +int main(void) { fdt32_t x = 0; return x; }
>  EOF
>if compile_prog "" "$fdt_libs" ; then
>  # system DTC is good - use it
> @@ -3111,7 +3112,7 @@ EOF
>  fdt_libs="-L\$(BUILD_DIR)/dtc/libfdt $fdt_libs"
>elif test "$fdt" = "yes" ; then
>  # have neither and want - prompt for system/submodule install
> -error_exit "DTC (libfdt) not present. Your options:" \
> +error_exit "DTC (libfdt) version >= 1.4.0 not present. Your options:" \
>  "  (1) Preferred: Install the DTC (libfdt) devel package" \
>  "  (2) Fetch the DTC submodule, using:" \
>  "  git submodule update --init dtc"

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpYV1NPOl5dD.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 2/6] Split header writing out of qemu_savevm_state_begin

[David Gibson]

On Thu, May 21, 2015 at 01:24:12PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> Split qemu_savevm_state_begin to:
>   qemu_savevm_state_header   That writes the initial file header.
>   qemu_savevm_state_beginThat sets up devices and does the first
>  device pass.
> 
> Used later in postcopy.
> 
> Signed-off-by: Dr. David Alan Gilbert 
> Reviewed-by: Amit Shah 

Reviewed-by: David Gibson 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpKFNZxHh7DV.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 4/6] Create MigrationIncomingState

[David Gibson]

On Thu, May 21, 2015 at 01:24:14PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> There are currently lots of pieces of incoming migration state scattered
> around, and postcopy is adding more, and it seems better to try and keep
> it together.
> 
> allocate MIS in process_incoming_migration_co
> 
> Signed-off-by: Dr. David Alan Gilbert 
> Reviewed-by: Amit Shah 

Reviewed-by: David Gibson 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpWtRiEKZtfk.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 2/3] cpus: Convert cpu_index into a bitmap

[David Gibson]

On Thu, May 21, 2015 at 10:32:07AM +0530, Bharata B Rao wrote:
> Currently CPUState.cpu_index is monotonically increasing and a newly
> created CPU always gets the next higher index. The next available
> index is calculated by counting the existing number of CPUs. This is
> fine as long as we only add CPUs, but there are architectures which
> are starting to support CPU removal too. For an architecture like PowerPC
> which derives its CPU identifier (device tree ID) from cpu_index, the
> existing logic of generating cpu_index values causes problems.
> 
> With the currently proposed method of handling vCPU removal by parking
> the vCPU fd in QEMU
> (Ref: http://lists.gnu.org/archive/html/qemu-devel/2015-02/msg02604.html),
> generating cpu_index this way will not work for PowerPC.
> 
> This patch changes the way cpu_index is handed out by maintaining
> a bit map of the CPUs that tracks both addition and removal of CPUs.
> 
> The CPU bitmap allocation logic is part of cpu_exec_init() which is
> called by instance_init routines of various CPU targets. Newly added
> cpu_exec_exit() API handles the deallocation part and this routine is
> called from generic CPU::instance_finalize().
> 
> Note: This new CPU enumeration is for !CONFIG_USER_ONLY only.
> CONFIG_USER_ONLY continues to have the old enumeration logic.
> 
> Signed-off-by: Bharata B Rao 
> Reviewed-by: Eduardo Habkost 

Reviewed-by: David Gibson 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpGYPucPQM8D.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 1/3] cpus: Add Error argument to cpu_exec_init()

[David Gibson]

On Thu, May 21, 2015 at 10:32:06AM +0530, Bharata B Rao wrote:
> Add an Error argument to cpu_exec_init() to let users collect the
> error. This is in preparation to change the CPU enumeration logic
> in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
> can fail if cpu_index values corresponding to max_cpus have already
> been handed out.
> 
> Since all current callers of cpu_exec_init() are from instance_init,
> use error_abort Error arugment to abort in case of an error.
> 
> Signed-off-by: Bharata B Rao 
> Reviewed-by: Eduardo Habkost 

Reviewed-by: David Gibson 
-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpFO4uHClbXr.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] spapr: ensure we have at least one XICS server

[David Gibson]

On Wed, May 13, 2015 at 12:29:33PM +0200, Greg Kurz wrote:
> XICS needs to know the upper value for cpu_index as it is used to compute
> the number of servers:
> 
> smp_cpus * kvmppc_smt_threads() / smp_threads
> 
> When passing -smp cpus=1,threads=9 on a POWER8 host, we end up with:
> 
> 1 * 8 / 9 = 0
> 
> ... which leads to an assertion in both emulated:
> 
> Number of servers needs to be greater 0
> Aborted (core dumped)
> 
> ... and in-kernel XICS:
> 
> xics_kvm_realize: Assertion `icp->nr_servers' failed.
> Aborted (core dumped)
> 
> With this patch, we are sure that nr_servers > 0. Passing the same bogus
> -smp option then leads to:
> 
> qemu-system-ppc64: Cannot support more than 8 threads on PPC with KVM
> 
> ... which is a lot more explicit than the XICS errors.
> 
> Signed-off-by: Greg Kurz 

Looks sensible, thanks.

Applied to spapr-next branch.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpu1HZVPStbf.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 1/6] Add qemu_get_counted_string to read a string prefixed by a count byte

[David Gibson]

On Thu, May 21, 2015 at 01:24:11PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> and use it in loadvm_state and ram_load.
> 
> Where ever it's used, check the return and error if it failed.
> 
> Minor: ram_load was using a 257 byte array for its string, the
>maximum length is 255 bytes + 0 terminator, so fix to 256
> 
> Signed-off-by: Dr. David Alan Gilbert 
> Reviewed-by: Amit Shah 

Reviewed-by: David Gibson 


-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgp_ye21THfBZ.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH qemu] pseries: Update SLOF firmware image to qemu-slof-20150429

[David Gibson]

On Sun, May 24, 2015 at 08:16:30PM +1000, Alexey Kardashevskiy wrote:
> On 12.05.2015 19:58, Alexey Kardashevskiy wrote:
> >On 05/07/2015 05:10 PM, Alexey Kardashevskiy wrote:
> >>The changelog is:
> >>   > version: update to 20150429
> >>   > pci: Use QEMU created PCI device nodes
> >>   > usb: support 64-bit pci bars
> >>   > pci: Support 64-bit address translation
> >>   > pci: program correct bridge limit registers during probe
> >>   > scsi: handle report-luns failure
> >>   > Fix "key?" Forth word when using USB keyboards
> >>   > Remove bulk.fs package
> >>   > Include make.rules in the library Makefiles
> >
> >Ping? It is mirrored to qemu.org...
> 
> Is everyone on vacation/conference? :)

I don't know about everyone, but I was on holiday.

I can see that the new SLOF version has been mirrored to qemu.org, so
I've applied this update to spapr-next.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpRBFunQOdkF.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 01/13] block: Add op blocker type "device IO"

[Fam Zheng]

On Sat, 05/23 18:51, Max Reitz wrote:
> On 22.05.2015 06:54, Fam Zheng wrote:
> >On Thu, 05/21 15:32, Fam Zheng wrote:
> >>On Thu, 05/21 15:06, Wen Congyang wrote:
> >>>On 05/21/2015 02:42 PM, Fam Zheng wrote:
> It blocks device IO.
> 
> All bdrv_op_block_all/blk_op_block_all callers are taken care of:
> 
> - virtio_blk_data_plane_create
> - virtio_scsi_hotplug
> 
>    Device creation, unblock it.
> 
> - bdrv_set_backing_hd
> 
>    Backing hd is not used by device, so blocking is OK.
> 
> - backup_start
> 
>    Blocking target when backup is running, unblock it.
> >>>Do you forget it?
> >>Oh I think the commit log is wrong: the target image is only written to by
> >>block job, there cannot be a device on it, so it it's similar to
> >>bdrv_set_backing_hd.
> >Correction: if it's blockdev-backup, the target could have a device, in that
> >sense it should be unblocked like block_job_create(). I'll fix it.
> 
> Really? I think it makes sense not to allow I/O on a backup target. At least
> I can't imagine a use case where you'd want to do that... But that doesn't
> necessarily mean anything, of course.

Sure that nobody other than backup job itself should write to backup target,
but it's valid to read it - image fleecing aims to export it through NBD
server. If you attach it back to guest, it is as valid a scenario, isn't it?

So at least for image fleecing, we need to either 1) split device IO blocker to
read and write and only block write on target. 2) don't add device IO blocker
at all, expect the disk's end user to take the responsibility. And I'm afraid
1) will be too complicated.

Fam

Re: [Qemu-devel] [PATCH v6 12/13] block: Block "device IO" during bdrv_drain and bdrv_drain_all

[Fam Zheng]

On Sat, 05/23 19:11, Max Reitz wrote:
> On 21.05.2015 08:43, Fam Zheng wrote:
> >We don't want new requests from guest, so block the operation around the
> >nested poll.
> >
> >It also avoids looping forever when iothread is submitting a lot of requests.
> >
> >Signed-off-by: Fam Zheng 
> >---
> >  block/io.c | 22 --
> >  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> Hm, I don't know about this. When I see someone calling
> bdrv_drain()/bdrv_drain_all(), I'm expecting that every request has been
> drained afterwards. This patch implies that this is not necessarily the
> case, because apparently in some configurations the guest can still submit
> I/O even while bdrv_drain() is running,

In dataplane, aio_poll in bdrv_drain_all will poll the ioeventfd, which could
call the handlers of virtio queues. That's how guest I/O sneaks in.


> but this means that even after this
> patch, the same can happen if I/O is submitted after bdrv_op_unblock() and
> before anything the caller of bdrv_drain() wants to do while the BDS is
> still drained. So this looks to me more like the caller must ensure that the
> BDS won't receive new requests, and do so before bdrv_drain() is called.

Yes, callers of bdrv_drain*() should use a blocker like you reasoned. Other
patches in this series looked at qmp_transaction, but there are more, which may
still be wrong until they're fixed.

This patch, however, fixes one of the potential issues of those callers:

> >It also avoids looping forever when iothread is submitting a lot of
> >requests.

Fam

[Qemu-devel] [PATCH v9 00/24] Generate ACPI v5.1 tables and expose them to guest over fw_cfg on ARM

[Shannon Zhao]

From: Shannon Zhao 

This patch series generate seven ACPI tables for machine virt on ARM.
The set of generated tables are:
- RSDP
- RSDT
- MADT
- GTDT
- FADT
- DSDT
- MCFG (For PCIe host bridge)

These tables are created dynamically using the function of aml-build.c,
taking into account the needed information passed from the virt machine
model. When the generation is finalized, it use fw_cfg to expose the
tables to guest.

You can fetch this from following repo:
http://git.linaro.org/people/shannon.zhao/qemu.git  ACPI_ARM_v9

And this patchset refers to Alexander Spyridakis's patches which are
sent to qemu-devel mailing list before.
http://lists.gnu.org/archive/html/qemu-devel/2014-10/msg03987.html

Thanks to Laszlo's work on UEFI (ArmVirtualizationQemu) supporting
downloading ACPI tables over fw_cfg, we now can use ACPI in VM.

Now upstream kernel applies ACPI patchset, so we can boot it with ACPI,
while we need to apply patches[1] to make tty work, patch[2] to make
virtio-mmio work and apply patch[3] and the relevant patches to make PCI
devices works, e.g. virtio-net-pci, e1000.
On the other hand, you can directly use the Fedora Linux kernel from
following address:
https://git.fedorahosted.org/cgit/kernel-arm64.git/log/?h=devel

I've done test with following VM:
xp, windows2008, sles11 on X86
upstream kernel and Fedora Linux kernel on ARM64

In addtion, dump all the acpi tables, use iasl -d *.dat to convert to
*.asl and use iasl -tc *.asl to compile them to *.hex. No error appears.

If you want to test, you could get kernel Image from [4] which contains
uart, virtio-mmio, pci drivers, UEFI binary from [5] and Qemu command
line example from [6].

[1] http://git.linaro.org/leg/acpi/acpi.git/shortlog/refs/heads/acpi-sbsa
[2] 
http://git.linaro.org/leg/acpi/acpi.git/commit/57acba56d55e3fb521fd6ce767446459ef7a4943
[3] 
https://git.fedorahosted.org/cgit/kernel-arm64.git/commit/?h=devel&id=8cf58cbe94b982b680229e5b164231eea0ca2d11
[4] http://people.linaro.org/~shannon.zhao/ACPI_ARM/Image.gz
[5] http://people.linaro.org/~shannon.zhao/ACPI_ARM/QEMU_EFI.fd
[6] http://people.linaro.org/~shannon.zhao/ACPI_ARM/acpi_test.sh

changes since v8:
  * remove empty _CRS in processor device node and use a define macro
for SPI base (Igor)
  * Add some reviewd-bys from Igor and Alex

changes since v7:
  * replace build_append_uint32 with 4 build_append_byte (Igor)
  * Fix byte order of aml_unicode() (Igor)
  * Use upper case for enum values and fix enums in aml-build.h (Michael)
  * implement aml_interrupt() based on ACPI 5.0 (Igor)
  * use separate assert (Laszlo)
  * some doc comments fix (Igor & Michael)

changes since v6:
  * add build_append_uint32 (Peter)
  * drop some unnecessary headers and adjust the order of headers (Peter)
  * drop struct AcpiDsdtInfo, AcpiMadtInfo, AcpiGtdtInfo, AcpiPcieInfo
and reuse MemMapEntry[] and irqmap[] (Peter)
  * record PCI ranges info in MemMapEntry[], not calculate those (Peter)
  * add a separate patch for splitting CONFIG_ACPI (Peter)
  * use VMSTATE_BOOL (Alex)

changes since v5:
  * Fix table version (Igor)
  * only create CPU device objects for present CPUs (Igor)
  * drop madt->local_apic_address and madt->flags (Igor)
  * adjust implementation of ToUUID macro (Igor)
  * Fix aml_buffer() (Michael & Igor)
  * Fix aml_not()

changes since v4:
  * use trace_* instead of DPRINTF (Igor & Alex)
  * use standard QEMU style for structs (Michael)
  * add "-no-acpi" option support for arm
  * use extractNN for bits operation (Alex)
  * use AmlReadAndWrite enum for rw flags (Igor)
  * s/uint64_t/uint32_t/ (Igor)
  * use enum for interrupt flag (Igor)
  * simplify aml_device use in DSDT (Alex)
  * share RSDT table generating code with x86 (Igor)
  * remove unnecessary 1 in MCFG table generating code (Alex & Peter)
  * use string for ToUUID macro (Igor)
  * aml_or and aml_and use two args (Igor)
  * add comments on UUID (Michael)
  * change PCI MMIO region non-cacheable (Peter)
  * fix wrong io map (Peter)
  * add several reviewed-by's from Alex, thanks

changes since v3:
  * rebase on upstream qemu
  * fix _HID of CPU (Heyi Guo)
  * Add PCIe host bridge

changes since v2:
  * rebase on Igor Mammedov's new branch ASL_API_v3
  * use rsdt instead of xsdt according to Igor Mammedov's suggestion

changes since v1:
  * fix bug found by Laszlo
  * move common helpers into dedictated file and change generating
table order according to Igor's comments
  * fix copyright and function name according to Michael's comments

Shannon Zhao (24):
  hw/acpi/aml-build: Make enum values to be upper case to match coding
style
  hw/arm/virt: Move common definitions to virt.h
  hw/arm/virt: Record PCIe ranges in MemMapEntry array
  hw/arm/virt-acpi-build: Basic framework for building ACPI tables on
ARM
  hw/acpi/aml-build: Add aml_memory32_fixed() term
  hw/acpi/aml-build: Add aml_interrupt() term
  hw/arm/virt-acpi-build: Generation of DSDT table for virt devices
  hw/arm/virt-ac

[Qemu-devel] [PATCH v9 04/24] hw/arm/virt-acpi-build: Basic framework for building ACPI tables on ARM

[Shannon Zhao]

From: Shannon Zhao 

Introduce a preliminary framework in virt-acpi-build.c with the main
ACPI build functions. It exposes the generated ACPI contents to
guest over fw_cfg.

The required ACPI v5.1 tables for ARM are:
- RSDP: Initial table that points to XSDT
- RSDT: Points to FADT GTDT MADT tables
- FADT: Generic information about the machine
- GTDT: Generic timer description table
- MADT: Multiple APIC description table
- DSDT: Holds all information about system devices/peripherals, pointed by FADT

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
---
 hw/arm/Makefile.objs |   1 +
 hw/arm/virt-acpi-build.c | 182 +++
 include/hw/arm/virt-acpi-build.h |  41 +
 qemu-options.hx  |   2 +-
 trace-events |   3 +
 5 files changed, 228 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/virt-acpi-build.c
 create mode 100644 include/hw/arm/virt-acpi-build.h

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a75a182..4b09caf 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_DIGIC) += digic_boards.o
 obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-$(CONFIG_ACPI) += virt-acpi-build.o
 obj-y += netduino2.o
 
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
new file mode 100644
index 000..b8a5bd8
--- /dev/null
+++ b/hw/arm/virt-acpi-build.c
@@ -0,0 +1,182 @@
+/* Support for generating ACPI tables and passing them to Guests
+ *
+ * ARM virt ACPI generation
+ *
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Author: Michael S. Tsirkin 
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO.,LTD.
+ *
+ * Author: Shannon Zhao 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu-common.h"
+#include "hw/arm/virt-acpi-build.h"
+#include "qemu/bitmap.h"
+#include "trace.h"
+#include "qom/cpu.h"
+#include "target-arm/cpu.h"
+#include "hw/acpi/acpi-defs.h"
+#include "hw/acpi/acpi.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/acpi/bios-linker-loader.h"
+#include "hw/loader.h"
+#include "hw/hw.h"
+#include "hw/acpi/aml-build.h"
+
+typedef
+struct AcpiBuildState {
+/* Copy of table in RAM (for patching). */
+MemoryRegion *table_mr;
+MemoryRegion *rsdp_mr;
+MemoryRegion *linker_mr;
+/* Is table patched? */
+bool patched;
+VirtGuestInfo *guest_info;
+} AcpiBuildState;
+
+static
+void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
+{
+GArray *table_offsets;
+
+table_offsets = g_array_new(false, true /* clear */,
+sizeof(uint32_t));
+
+bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
+ 64, false /* high memory */);
+
+/*
+ * The ACPI v5.1 tables for Hardware-reduced ACPI platform are:
+ * RSDP
+ * RSDT
+ * FADT
+ * GTDT
+ * MADT
+ * DSDT
+ */
+
+/* Cleanup memory that's no longer used. */
+g_array_free(table_offsets, true);
+}
+
+static void acpi_ram_update(MemoryRegion *mr, GArray *data)
+{
+uint32_t size = acpi_data_len(data);
+
+/* Make sure RAM size is correct - in case it got changed
+ * e.g. by migration */
+memory_region_ram_resize(mr, size, &error_abort);
+
+memcpy(memory_region_get_ram_ptr(mr), data->data, size);
+memory_region_set_dirty(mr, 0, size);
+}
+
+static void virt_acpi_build_update(void *build_opaque, uint32_t offset)
+{
+AcpiBuildState *build_state = build_opaque;
+AcpiBuildTables tables;
+
+/* No state to update or already patched? Nothing to do. */
+if (!build_state || build_state->patched) {
+return;
+}
+build_state->patched = true;
+
+acpi_build_tables_init(&tables);
+
+virt_acpi_build(build_state->guest_info, &tables);
+
+acpi_ram_update(build_state->table_mr, tables.table_data);
+acpi_ram_update(build_state->rsdp_mr, tables.rsdp);
+acpi_ram_update(build_state->linker_mr, tables.linker);
+
+
+acpi_build_tables_cle

[Qemu-devel] [PATCH v9 06/24] hw/acpi/aml-build: Add aml_interrupt() term

[Shannon Zhao]

From: Shannon Zhao 

Add aml_interrupt() for describing device interrupt in resource template.
These can be used to generating DSDT table for ACPI on ARM.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 27 +++
 include/hw/acpi/aml-build.h | 42 ++
 2 files changed, 69 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index ad4d7ea..0d99941 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -533,6 +533,33 @@ Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
 return var;
 }
 
+/*
+ * ACPI 5.0: 6.4.3.6 Extended Interrupt Descriptor
+ * Type 1, Large Item Name 0x9
+ */
+Aml *aml_interrupt(AmlConsumerAndProducer con_and_pro,
+   AmlLevelAndEdge level_and_edge,
+   AmlActiveHighAndLow high_and_low, AmlShared shared,
+   uint32_t irq)
+{
+Aml *var = aml_alloc();
+uint8_t irq_flags = con_and_pro | (level_and_edge << 1)
+| (high_and_low << 2) | (shared << 3);
+
+build_append_byte(var->buf, 0x89); /* Extended irq descriptor */
+build_append_byte(var->buf, 6); /* Length, bits[7:0] minimum value = 6 */
+build_append_byte(var->buf, 0); /* Length, bits[15:8] minimum value = 0 */
+build_append_byte(var->buf, irq_flags); /* Interrupt Vector Information. */
+build_append_byte(var->buf, 0x01);  /* Interrupt table length = 1 */
+
+/* Interrupt Number */
+build_append_byte(var->buf, extract32(irq, 0, 8));  /* bits[7:0] */
+build_append_byte(var->buf, extract32(irq, 8, 8));  /* bits[15:8] */
+build_append_byte(var->buf, extract32(irq, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(irq, 24, 8)); /* bits[31:24] */
+return var;
+}
+
 /* ACPI 1.0b: 6.4.2.5 I/O Port Descriptor */
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index bd0d9e7..df23479 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -111,6 +111,44 @@ typedef enum {
 AML_READ_WRITE = 1,
 } AmlReadAndWrite;
 
+/*
+ * ACPI 5.0: Table 6-187 Extended Interrupt Descriptor Definition
+ * Interrupt Vector Flags Bits[0] Consumer/Producer
+ */
+typedef enum {
+AML_CONSUMER_PRODUCER = 0,
+AML_CONSUMER = 1,
+} AmlConsumerAndProducer;
+
+/*
+ * ACPI 5.0: Table 6-187 Extended Interrupt Descriptor Definition
+ * _HE field definition
+ */
+typedef enum {
+AML_LEVEL = 0,
+AML_EDGE = 1,
+} AmlLevelAndEdge;
+
+/*
+ * ACPI 5.0: Table 6-187 Extended Interrupt Descriptor Definition
+ * _LL field definition
+ */
+typedef enum {
+AML_ACTIVE_HIGH = 0,
+AML_ACTIVE_LOW = 1,
+} AmlActiveHighAndLow;
+
+/*
+ * ACPI 5.0: Table 6-187 Extended Interrupt Descriptor Definition
+ * _SHR field definition
+ */
+typedef enum {
+AML_EXCLUSIVE = 0,
+AML_SHARED = 1,
+AML_EXCLUSIVE_AND_WAKE = 2,
+AML_SHARED_AND_WAKE = 3,
+} AmlShared;
+
 typedef
 struct AcpiBuildTables {
 GArray *table_data;
@@ -170,6 +208,10 @@ Aml *aml_call3(const char *method, Aml *arg1, Aml *arg2, 
Aml *arg3);
 Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, Aml *arg3, Aml *arg4);
 Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
 AmlReadAndWrite read_and_write);
+Aml *aml_interrupt(AmlConsumerAndProducer con_and_pro,
+   AmlLevelAndEdge level_and_edge,
+   AmlActiveHighAndLow high_and_low, AmlShared shared,
+   uint32_t irq);
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len);
 Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
-- 
2.0.4

[Qemu-devel] [PATCH v9 07/24] hw/arm/virt-acpi-build: Generation of DSDT table for virt devices

[Shannon Zhao]

From: Shannon Zhao 

DSDT consists of the usual common table header plus a definition
block in AML encoding which describes all devices in the platform.

After initializing DSDT with header information the namespace is
created which is followed by the device encodings. The devices are
described using the Resource Template for the 32-Bit Fixed Memory
Range and the Extended Interrupt Descriptors.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 132 +++
 1 file changed, 132 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index b8a5bd8..2cf2cc5 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -40,6 +40,134 @@
 #include "hw/hw.h"
 #include "hw/acpi/aml-build.h"
 
+#define ARM_SPI_BASE 32
+
+static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
+{
+uint16_t i;
+
+for (i = 0; i < smp_cpus; i++) {
+Aml *dev = aml_device("C%03x", i);
+aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));
+aml_append(dev, aml_name_decl("_UID", aml_int(i)));
+aml_append(scope, dev);
+}
+}
+
+static void acpi_dsdt_add_uart(Aml *scope, const MemMapEntry *uart_memmap,
+   int uart_irq)
+{
+Aml *dev = aml_device("COM0");
+aml_append(dev, aml_name_decl("_HID", aml_string("ARMH0011")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(uart_memmap->base,
+   uart_memmap->size, AML_READ_WRITE));
+aml_append(crs,
+   aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
+ AML_EXCLUSIVE, uart_irq));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_rtc(Aml *scope, const MemMapEntry *rtc_memmap,
+  int rtc_irq)
+{
+Aml *dev = aml_device("RTC0");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0013")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(rtc_memmap->base,
+   rtc_memmap->size, AML_READ_WRITE));
+aml_append(crs,
+   aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
+ AML_EXCLUSIVE, rtc_irq));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_flash(Aml *scope, const MemMapEntry *flash_memmap)
+{
+Aml *dev, *crs;
+hwaddr base = flash_memmap->base;
+hwaddr size = flash_memmap->size;
+
+dev = aml_device("FLS0");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0015")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base, size, AML_READ_WRITE));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+
+dev = aml_device("FLS1");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0015")));
+aml_append(dev, aml_name_decl("_UID", aml_int(1)));
+crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base + size, size, AML_READ_WRITE));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_virtio(Aml *scope,
+ const MemMapEntry *virtio_mmio_memmap,
+ int mmio_irq, int num)
+{
+hwaddr base = virtio_mmio_memmap->base;
+hwaddr size = virtio_mmio_memmap->size;
+int irq = mmio_irq;
+int i;
+
+for (i = 0; i < num; i++) {
+Aml *dev = aml_device("VR%02u", i);
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0005")));
+aml_append(dev, aml_name_decl("_UID", aml_int(i)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base, size, AML_READ_WRITE));
+aml_append(crs,
+   aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
+ AML_EXCLUSIVE, irq + i));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+base += size;
+}
+}
+
+/* DSDT */
+static void
+build_dsdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
+{
+Aml *scope, *dsdt;
+const MemMapEntry *memmap = guest_info->memmap;
+const int *irqmap = guest_info->irqmap;
+
+dsdt = init_aml_allocator();
+/* Reserve space for header */
+acpi_data_push(dsdt->buf, sizeof(AcpiTableHeader));
+
+scope = aml_scope("\\_SB");
+acpi_dsdt_add_cpus(scope, guest_info->smp_cpus);
+acpi_dsdt_add_uart(scope, &memmap[VIRT_UART],
+   (irqmap[VIRT_UART] + ARM_SPI_BASE));
+acpi_dsdt_add_

[Qemu-devel] [PATCH v9 08/24] hw/arm/virt-acpi-build: Generate FADT table and update ACPI headers

[Shannon Zhao]

From: Shannon Zhao 

In the case of mach virt, it is used to set the Hardware Reduced bit
and enable PSCI SMP booting through HVC. So ignore FACS and FADT
points to DSDT.

Update the header definitions for FADT taking into account the new
additions of ACPI v5.1 in `include/hw/acpi/acpi-defs.h`

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c|  31 ++
 include/hw/acpi/acpi-defs.h | 135 
 2 files changed, 129 insertions(+), 37 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 2cf2cc5..0791501 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -137,6 +137,31 @@ static void acpi_dsdt_add_virtio(Aml *scope,
 }
 }
 
+/* FADT */
+static void
+build_fadt(GArray *table_data, GArray *linker, unsigned dsdt)
+{
+AcpiFadtDescriptorRev5_1 *fadt = acpi_data_push(table_data, sizeof(*fadt));
+
+/* Hardware Reduced = 1 and use PSCI 0.2+ and with HVC */
+fadt->flags = cpu_to_le32(1 << ACPI_FADT_F_HW_REDUCED_ACPI);
+fadt->arm_boot_flags = cpu_to_le16((1 << ACPI_FADT_ARM_USE_PSCI_G_0_2) |
+   (1 << ACPI_FADT_ARM_PSCI_USE_HVC));
+
+/* ACPI v5.1 (fadt->revision.fadt->minor_revision) */
+fadt->minor_revision = 0x1;
+
+fadt->dsdt = cpu_to_le32(dsdt);
+/* DSDT address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   table_data, &fadt->dsdt,
+   sizeof fadt->dsdt);
+
+build_header(linker, table_data,
+ (void *)fadt, "FACP", sizeof(*fadt), 5);
+}
+
 /* DSDT */
 static void
 build_dsdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
@@ -183,6 +208,7 @@ static
 void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
 {
 GArray *table_offsets;
+unsigned dsdt;
 GArray *tables_blob = tables->table_data;
 
 table_offsets = g_array_new(false, true /* clear */,
@@ -202,8 +228,13 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
  */
 
 /* DSDT is pointed to by FADT */
+dsdt = tables_blob->len;
 build_dsdt(tables_blob, tables->linker, guest_info);
 
+/* FADT MADT GTDT pointed to by RSDT */
+acpi_add_table(table_offsets, tables_blob);
+build_fadt(tables_blob, tables->linker, dsdt);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index c4468f8..fadcf84 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -88,46 +88,54 @@ struct AcpiTableHeader /* ACPI common table header 
*/
 typedef struct AcpiTableHeader AcpiTableHeader;
 
 /*
- * ACPI 1.0 Fixed ACPI Description Table (FADT)
+ * ACPI Fixed ACPI Description Table (FADT)
  */
+#define ACPI_FADT_COMMON_DEF /* FADT common definition */ \
+ACPI_TABLE_HEADER_DEF/* ACPI common table header */ \
+uint32_t firmware_ctrl;  /* Physical address of FACS */ \
+uint32_t dsdt; /* Physical address of DSDT */ \
+uint8_t  model;/* System Interrupt Model */ \
+uint8_t  reserved1;/* Reserved */ \
+uint16_t sci_int;  /* System vector of SCI interrupt */ \
+uint32_t smi_cmd;  /* Port address of SMI command port */ \
+uint8_t  acpi_enable;  /* Value to write to smi_cmd to enable ACPI */ \
+uint8_t  acpi_disable; /* Value to write to smi_cmd to disable ACPI */ \
+/* Value to write to SMI CMD to enter S4BIOS state */ \
+uint8_t  S4bios_req; \
+uint8_t  reserved2;/* Reserved - must be zero */ \
+/* Port address of Power Mgt 1a acpi_event Reg Blk */ \
+uint32_t pm1a_evt_blk; \
+/* Port address of Power Mgt 1b acpi_event Reg Blk */ \
+uint32_t pm1b_evt_blk; \
+uint32_t pm1a_cnt_blk; /* Port address of Power Mgt 1a Control Reg Blk */ \
+uint32_t pm1b_cnt_blk; /* Port address of Power Mgt 1b Control Reg Blk */ \
+uint32_t pm2_cnt_blk;  /* Port address of Power Mgt 2 Control Reg Blk */ \
+uint32_t pm_tmr_blk;   /* Port address of Power Mgt Timer Ctrl Reg Blk */ \
+/* Port addr of General Purpose acpi_event 0 Reg Blk */ \
+uint32_t gpe0_blk; \
+/* Port addr of General Purpose acpi_event 1 Reg Blk */ \
+uint32_t gpe1_blk; \
+uint8_t  pm1_evt_len;  /* Byte length of ports at pm1_x_evt_blk */ \
+uint8_t  pm1_cnt_len;  /* Byte length of ports at pm1_x_cnt_blk */ \
+uint8_t  pm2_cnt_len;  /* Byte Length of ports at pm2_cnt_blk */ \
+uint8_t  pm_tmr_len;   /* Byte Length of ports at pm_tm_blk */ \
+uint8_t  gpe0_blk_len; /* Byte Length of ports at gpe0_blk */ \
+uint8_t  gpe1_blk_len; /* Byte Length of ports at gpe1_blk */ \
+uint8_t  gpe1_base;/* Offset in gpe model where gpe1 events start */ \
+uint8_t  

[Qemu-devel] [PATCH v9 02/24] hw/arm/virt: Move common definitions to virt.h

[Shannon Zhao]

From: Shannon Zhao 

Move some common definitions to virt.h. These will be used by
generating ACPI tables.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt.c | 21 +--
 include/hw/arm/virt.h | 56 +++
 2 files changed, 57 insertions(+), 20 deletions(-)
 create mode 100644 include/hw/arm/virt.h

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a7f9a10..8959d0c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -31,6 +31,7 @@
 #include "hw/sysbus.h"
 #include "hw/arm/arm.h"
 #include "hw/arm/primecell.h"
+#include "hw/arm/virt.h"
 #include "hw/devices.h"
 #include "net/net.h"
 #include "sysemu/block-backend.h"
@@ -44,8 +45,6 @@
 #include "qemu/error-report.h"
 #include "hw/pci-host/gpex.h"
 
-#define NUM_VIRTIO_TRANSPORTS 32
-
 /* Number of external interrupt lines to configure the GIC with */
 #define NUM_IRQS 128
 
@@ -60,24 +59,6 @@
 #define GIC_FDT_IRQ_PPI_CPU_START 8
 #define GIC_FDT_IRQ_PPI_CPU_WIDTH 8
 
-enum {
-VIRT_FLASH,
-VIRT_MEM,
-VIRT_CPUPERIPHS,
-VIRT_GIC_DIST,
-VIRT_GIC_CPU,
-VIRT_UART,
-VIRT_MMIO,
-VIRT_RTC,
-VIRT_FW_CFG,
-VIRT_PCIE,
-};
-
-typedef struct MemMapEntry {
-hwaddr base;
-hwaddr size;
-} MemMapEntry;
-
 typedef struct VirtBoardInfo {
 struct arm_boot_info bootinfo;
 const char *cpu_model;
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
new file mode 100644
index 000..2fe0d2e
--- /dev/null
+++ b/include/hw/arm/virt.h
@@ -0,0 +1,56 @@
+/*
+ *
+ * Copyright (c) 2015 Linaro Limited
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ *
+ * Emulate a virtual board which works by passing Linux all the information
+ * it needs about what devices are present via the device tree.
+ * There are some restrictions about what we can do here:
+ *  + we can only present devices whose Linux drivers will work based
+ *purely on the device tree with no platform data at all
+ *  + we want to present a very stripped-down minimalist platform,
+ *both because this reduces the security attack surface from the guest
+ *and also because it reduces our exposure to being broken when
+ *the kernel updates its device tree bindings and requires further
+ *information in a device binding that we aren't providing.
+ * This is essentially the same approach kvmtool uses.
+ */
+
+#ifndef QEMU_ARM_VIRT_H
+#define QEMU_ARM_VIRT_H
+
+#include "qemu-common.h"
+
+#define NUM_VIRTIO_TRANSPORTS 32
+
+enum {
+VIRT_FLASH,
+VIRT_MEM,
+VIRT_CPUPERIPHS,
+VIRT_GIC_DIST,
+VIRT_GIC_CPU,
+VIRT_UART,
+VIRT_MMIO,
+VIRT_RTC,
+VIRT_FW_CFG,
+VIRT_PCIE,
+};
+
+typedef struct MemMapEntry {
+hwaddr base;
+hwaddr size;
+} MemMapEntry;
+
+
+#endif
-- 
2.0.4

[Qemu-devel] [PATCH v9 05/24] hw/acpi/aml-build: Add aml_memory32_fixed() term

[Shannon Zhao]

From: Shannon Zhao 

Add aml_memory32_fixed() for describing device mmio region in resource
template. These can be used to generating DSDT table for ACPI on ARM.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
---
 hw/acpi/aml-build.c | 28 
 include/hw/acpi/aml-build.h |  2 ++
 2 files changed, 30 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 7a478ae..ad4d7ea 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -26,6 +26,7 @@
 #include 
 #include "hw/acpi/aml-build.h"
 #include "qemu/bswap.h"
+#include "qemu/bitops.h"
 #include "hw/acpi/bios-linker-loader.h"
 
 static GArray *build_alloc_array(void)
@@ -505,6 +506,33 @@ Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, 
Aml *arg3, Aml *arg4)
 return var;
 }
 
+/*
+ * ACPI 1.0b: 6.4.3.4 32-Bit Fixed Location Memory Range Descriptor
+ * (Type 1, Large Item Name 0x6)
+ */
+Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
+AmlReadAndWrite read_and_write)
+{
+Aml *var = aml_alloc();
+build_append_byte(var->buf, 0x86); /* Memory32Fixed Resource Descriptor */
+build_append_byte(var->buf, 9);/* Length, bits[7:0] value = 9 */
+build_append_byte(var->buf, 0);/* Length, bits[15:8] value = 0 */
+build_append_byte(var->buf, read_and_write); /* Write status, 1 rw 0 ro */
+
+/* Range base address */
+build_append_byte(var->buf, extract32(addr, 0, 8));  /* bits[7:0] */
+build_append_byte(var->buf, extract32(addr, 8, 8));  /* bits[15:8] */
+build_append_byte(var->buf, extract32(addr, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(addr, 24, 8)); /* bits[31:24] */
+
+/* Range length */
+build_append_byte(var->buf, extract32(size, 0, 8));  /* bits[7:0] */
+build_append_byte(var->buf, extract32(size, 8, 8));  /* bits[15:8] */
+build_append_byte(var->buf, extract32(size, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(size, 24, 8)); /* bits[31:24] */
+return var;
+}
+
 /* ACPI 1.0b: 6.4.2.5 I/O Port Descriptor */
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index c0e81d4..bd0d9e7 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -168,6 +168,8 @@ Aml *aml_call1(const char *method, Aml *arg1);
 Aml *aml_call2(const char *method, Aml *arg1, Aml *arg2);
 Aml *aml_call3(const char *method, Aml *arg1, Aml *arg2, Aml *arg3);
 Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, Aml *arg3, Aml *arg4);
+Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
+AmlReadAndWrite read_and_write);
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len);
 Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
-- 
2.0.4

[Qemu-devel] [PATCH v9 17/24] hw/acpi/aml-build: Add aml_lnot() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 8 
 include/hw/acpi/aml-build.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 5002ad5..56cce41 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -607,6 +607,14 @@ Aml *aml_irq_no_flags(uint8_t irq)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefLNot */
+Aml *aml_lnot(Aml *arg)
+{
+Aml *var = aml_opcode(0x92 /* LNotOp */);
+aml_append(var, arg);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefLEqual */
 Aml *aml_equal(Aml *arg1, Aml *arg2)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 8690aeb..41b2cdd 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -222,6 +222,7 @@ Aml *aml_named_field(const char *name, unsigned length);
 Aml *aml_reserved_field(unsigned length);
 Aml *aml_local(int num);
 Aml *aml_string(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
+Aml *aml_lnot(Aml *arg);
 Aml *aml_equal(Aml *arg1, Aml *arg2);
 Aml *aml_processor(uint8_t proc_id, uint32_t pblk_addr, uint8_t pblk_len,
const char *name_format, ...) GCC_FMT_ATTR(4, 5);
-- 
2.0.4

[Qemu-devel] [PATCH v9 15/24] hw/acpi/aml-build: Add ToUUID macro

[Shannon Zhao]

From: Shannon Zhao 

Add ToUUID macro, this is useful for generating PCIe ACPI table.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 53 +
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 54 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 22478c2..ebce504 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -962,6 +962,59 @@ Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
  addr_trans, len, flags);
 }
 
+static uint8_t Hex2Byte(const char *src)
+{
+int hi, lo;
+
+hi = Hex2Digit(src[0]);
+assert(hi >= 0);
+assert(hi <= 15);
+
+lo = Hex2Digit(src[1]);
+assert(lo >= 0);
+assert(lo <= 15);
+return (hi << 4) | lo;
+}
+
+/*
+ * ACPI 3.0: 17.5.124 ToUUID (Convert String to UUID Macro)
+ * e.g. UUID: aabbccdd-eeff-gghh-iijj-kkllmmnnoopp
+ * call aml_touuid("aabbccdd-eeff-gghh-iijj-kkllmmnnoopp");
+ */
+Aml *aml_touuid(const char *uuid)
+{
+Aml *var = aml_bundle(0x11 /* BufferOp */, AML_BUFFER);
+
+assert(strlen(uuid) == 36);
+assert(uuid[8] == '-');
+assert(uuid[13] == '-');
+assert(uuid[18] == '-');
+assert(uuid[23] == '-');
+
+build_append_byte(var->buf, Hex2Byte(uuid + 6));  /* dd - at offset 00 */
+build_append_byte(var->buf, Hex2Byte(uuid + 4));  /* cc - at offset 01 */
+build_append_byte(var->buf, Hex2Byte(uuid + 2));  /* bb - at offset 02 */
+build_append_byte(var->buf, Hex2Byte(uuid + 0));  /* aa - at offset 03 */
+
+build_append_byte(var->buf, Hex2Byte(uuid + 11)); /* ff - at offset 04 */
+build_append_byte(var->buf, Hex2Byte(uuid + 9));  /* ee - at offset 05 */
+
+build_append_byte(var->buf, Hex2Byte(uuid + 16)); /* hh - at offset 06 */
+build_append_byte(var->buf, Hex2Byte(uuid + 14)); /* gg - at offset 07 */
+
+build_append_byte(var->buf, Hex2Byte(uuid + 19)); /* ii - at offset 08 */
+build_append_byte(var->buf, Hex2Byte(uuid + 21)); /* jj - at offset 09 */
+
+build_append_byte(var->buf, Hex2Byte(uuid + 24)); /* kk - at offset 10 */
+build_append_byte(var->buf, Hex2Byte(uuid + 26)); /* ll - at offset 11 */
+build_append_byte(var->buf, Hex2Byte(uuid + 28)); /* mm - at offset 12 */
+build_append_byte(var->buf, Hex2Byte(uuid + 30)); /* nn - at offset 13 */
+build_append_byte(var->buf, Hex2Byte(uuid + 32)); /* oo - at offset 14 */
+build_append_byte(var->buf, Hex2Byte(uuid + 34)); /* pp - at offset 15 */
+
+return var;
+}
+
 void
 build_header(GArray *linker, GArray *table_data,
  AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index fac70ea..a873b46 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -257,6 +257,7 @@ Aml *aml_buffer(int buffer_size, uint8_t *byte_list);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlAccessType type, AmlUpdateRule rule);
 Aml *aml_varpackage(uint32_t num_elements);
+Aml *aml_touuid(const char *uuid);
 
 void
 build_header(GArray *linker, GArray *table_data,
-- 
2.0.4

[Qemu-devel] [PATCH v9 03/24] hw/arm/virt: Record PCIe ranges in MemMapEntry array

[Shannon Zhao]

From: Shannon Zhao 

To generate ACPI table for PCIe controller, we need the base and size of
the PCIe ranges. Record these ranges in MemMapEntry array, then we could
share and use them for generating ACPI table.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt.c | 37 +
 include/hw/arm/virt.h |  3 +++
 2 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 8959d0c..250b9bc 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -112,14 +112,9 @@ static const MemMapEntry a15memmap[] = {
 [VIRT_FW_CFG] = { 0x0902, 0x000a },
 [VIRT_MMIO] =   { 0x0a00, 0x0200 },
 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
-/*
- * PCIE verbose map:
- *
- * MMIO window  { 0x1000, 0x2eff },
- * PIO window   { 0x3eff, 0x0001 },
- * ECAM { 0x3f00, 0x0100 },
- */
-[VIRT_PCIE] =   { 0x1000, 0x3000 },
+[VIRT_PCIE_MMIO] =  { 0x1000, 0x2eff },
+[VIRT_PCIE_PIO] =   { 0x3eff, 0x0001 },
+[VIRT_PCIE_ECAM] =  { 0x3f00, 0x0100 },
 [VIRT_MEM] ={ 0x4000, 30ULL * 1024 * 1024 * 1024 },
 };
 
@@ -625,16 +620,14 @@ static void create_pcie_irq_map(const VirtBoardInfo *vbi, 
uint32_t gic_phandle,
 static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
 uint32_t gic_phandle)
 {
-hwaddr base = vbi->memmap[VIRT_PCIE].base;
-hwaddr size = vbi->memmap[VIRT_PCIE].size;
-hwaddr end = base + size;
-hwaddr size_mmio;
-hwaddr size_ioport = 64 * 1024;
-int nr_pcie_buses = 16;
-hwaddr size_ecam = PCIE_MMCFG_SIZE_MIN * nr_pcie_buses;
-hwaddr base_mmio = base;
-hwaddr base_ioport;
-hwaddr base_ecam;
+hwaddr base_mmio = vbi->memmap[VIRT_PCIE_MMIO].base;
+hwaddr size_mmio = vbi->memmap[VIRT_PCIE_MMIO].size;
+hwaddr base_pio = vbi->memmap[VIRT_PCIE_PIO].base;
+hwaddr size_pio = vbi->memmap[VIRT_PCIE_PIO].size;
+hwaddr base_ecam = vbi->memmap[VIRT_PCIE_ECAM].base;
+hwaddr size_ecam = vbi->memmap[VIRT_PCIE_ECAM].size;
+hwaddr base = base_mmio;
+int nr_pcie_buses = size_ecam / PCIE_MMCFG_SIZE_MIN;
 int irq = vbi->irqmap[VIRT_PCIE];
 MemoryRegion *mmio_alias;
 MemoryRegion *mmio_reg;
@@ -644,10 +637,6 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
 char *nodename;
 int i;
 
-base_ecam = QEMU_ALIGN_DOWN(end - size_ecam, size_ecam);
-base_ioport = QEMU_ALIGN_DOWN(base_ecam - size_ioport, size_ioport);
-size_mmio = base_ioport - base;
-
 dev = qdev_create(NULL, TYPE_GPEX_HOST);
 qdev_init_nofail(dev);
 
@@ -670,7 +659,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
 memory_region_add_subregion(get_system_memory(), base_mmio, mmio_alias);
 
 /* Map IO port space */
-sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_ioport);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio);
 
 for (i = 0; i < GPEX_NUM_IRQS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
@@ -690,7 +679,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
  2, base_ecam, 2, size_ecam);
 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "ranges",
  1, FDT_PCI_RANGE_IOPORT, 2, 0,
- 2, base_ioport, 2, size_ioport,
+ 2, base_pio, 2, size_pio,
  1, FDT_PCI_RANGE_MMIO, 2, base_mmio,
  2, base_mmio, 2, size_mmio);
 
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 2fe0d2e..49a85cc 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -45,6 +45,9 @@ enum {
 VIRT_RTC,
 VIRT_FW_CFG,
 VIRT_PCIE,
+VIRT_PCIE_MMIO,
+VIRT_PCIE_PIO,
+VIRT_PCIE_ECAM,
 };
 
 typedef struct MemMapEntry {
-- 
2.0.4

[Qemu-devel] [PATCH v9 09/24] hw/arm/virt-acpi-build: Generate MADT table

[Shannon Zhao]

From: Shannon Zhao 

MADT describes GIC enabled ARM platforms. The GICC and GICD
subtables are used to define the GIC regions.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 57 
 include/hw/acpi/acpi-defs.h  | 38 ++-
 include/hw/arm/virt-acpi-build.h |  3 +++
 3 files changed, 97 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 0791501..29ad535 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -42,6 +42,20 @@
 
 #define ARM_SPI_BASE 32
 
+typedef struct VirtAcpiCpuInfo {
+DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
+} VirtAcpiCpuInfo;
+
+static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
+{
+CPUState *cpu;
+
+memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
+CPU_FOREACH(cpu) {
+set_bit(cpu->cpu_index, cpuinfo->found_cpus);
+}
+}
+
 static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
 {
 uint16_t i;
@@ -137,6 +151,43 @@ static void acpi_dsdt_add_virtio(Aml *scope,
 }
 }
 
+/* MADT */
+static void
+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
+   VirtAcpiCpuInfo *cpuinfo)
+{
+int madt_start = table_data->len;
+const MemMapEntry *memmap = guest_info->memmap;
+AcpiMultipleApicTable *madt;
+AcpiMadtGenericDistributor *gicd;
+int i;
+
+madt = acpi_data_push(table_data, sizeof *madt);
+
+for (i = 0; i < guest_info->smp_cpus; i++) {
+AcpiMadtGenericInterrupt *gicc = acpi_data_push(table_data,
+ sizeof *gicc);
+gicc->type = ACPI_APIC_GENERIC_INTERRUPT;
+gicc->length = sizeof(*gicc);
+gicc->base_address = memmap[VIRT_GIC_CPU].base;
+gicc->cpu_interface_number = i;
+gicc->arm_mpidr = i;
+gicc->uid = i;
+if (test_bit(i, cpuinfo->found_cpus)) {
+gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
+}
+}
+
+gicd = acpi_data_push(table_data, sizeof *gicd);
+gicd->type = ACPI_APIC_GENERIC_DISTRIBUTOR;
+gicd->length = sizeof(*gicd);
+gicd->base_address = memmap[VIRT_GIC_DIST].base;
+
+build_header(linker, table_data,
+ (void *)(table_data->data + madt_start), "APIC",
+ table_data->len - madt_start, 5);
+}
+
 /* FADT */
 static void
 build_fadt(GArray *table_data, GArray *linker, unsigned dsdt)
@@ -209,8 +260,11 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 {
 GArray *table_offsets;
 unsigned dsdt;
+VirtAcpiCpuInfo cpuinfo;
 GArray *tables_blob = tables->table_data;
 
+virt_acpi_get_cpu_info(&cpuinfo);
+
 table_offsets = g_array_new(false, true /* clear */,
 sizeof(uint32_t));
 
@@ -235,6 +289,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_fadt(tables_blob, tables->linker, dsdt);
 
+acpi_add_table(table_offsets, tables_blob);
+build_madt(tables_blob, tables->linker, guest_info, &cpuinfo);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index fadcf84..1e9dbe7 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -256,7 +256,13 @@ typedef struct AcpiMultipleApicTable AcpiMultipleApicTable;
 #define ACPI_APIC_IO_SAPIC   6
 #define ACPI_APIC_LOCAL_SAPIC7
 #define ACPI_APIC_XRUPT_SOURCE   8
-#define ACPI_APIC_RESERVED   9   /* 9 and greater are reserved 
*/
+#define ACPI_APIC_LOCAL_X2APIC   9
+#define ACPI_APIC_LOCAL_X2APIC_NMI  10
+#define ACPI_APIC_GENERIC_INTERRUPT 11
+#define ACPI_APIC_GENERIC_DISTRIBUTOR   12
+#define ACPI_APIC_GENERIC_MSI_FRAME 13
+#define ACPI_APIC_GENERIC_REDISTRIBUTOR 14
+#define ACPI_APIC_RESERVED  15   /* 15 and greater are reserved */
 
 /*
  * MADT sub-structures (Follow MULTIPLE_APIC_DESCRIPTION_TABLE)
@@ -304,6 +310,36 @@ struct AcpiMadtLocalNmi {
 } QEMU_PACKED;
 typedef struct AcpiMadtLocalNmi AcpiMadtLocalNmi;
 
+struct AcpiMadtGenericInterrupt {
+ACPI_SUB_HEADER_DEF
+uint16_t reserved;
+uint32_t cpu_interface_number;
+uint32_t uid;
+uint32_t flags;
+uint32_t parking_version;
+uint32_t performance_interrupt;
+uint64_t parked_address;
+uint64_t base_address;
+uint64_t gicv_base_address;
+uint64_t gich_base_address;
+uint32_t vgic_interrupt;
+uint64_t gicr_base_address;
+uint64_t arm_mpidr;
+} QEMU_PACKED;
+
+typedef struct AcpiMadtGenericInterrupt AcpiMadtGenericInterrupt;
+
+struct AcpiMadtGenericDistributor {
+ACPI_SUB_HEADER_DEF
+uint16_t reserved;
+uint32_t gic_id;
+uint64_t base_address;
+uint

[Qemu-devel] [PATCH v9 18/24] hw/acpi/aml-build: Add aml_else() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 7 +++
 include/hw/acpi/aml-build.h | 1 +
 2 files changed, 8 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 56cce41..cfe1b29 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -632,6 +632,13 @@ Aml *aml_if(Aml *predicate)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.3 Type 1 Opcodes Encoding: DefElse */
+Aml *aml_else(void)
+{
+Aml *var = aml_bundle(0xA1 /* ElseOp */, AML_PACKAGE);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefMethod */
 Aml *aml_method(const char *name, int arg_count)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 41b2cdd..c999ef1 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -254,6 +254,7 @@ Aml *aml_scope(const char *name_format, ...) 
GCC_FMT_ATTR(1, 2);
 Aml *aml_device(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 Aml *aml_method(const char *name, int arg_count);
 Aml *aml_if(Aml *predicate);
+Aml *aml_else(void);
 Aml *aml_package(uint8_t num_elements);
 Aml *aml_buffer(int buffer_size, uint8_t *byte_list);
 Aml *aml_resource_template(void);
-- 
2.0.4

[Qemu-devel] [PATCH v9 01/24] hw/acpi/aml-build: Make enum values to be upper case to match coding style

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 12 
 hw/i386/acpi-build.c| 58 +++---
 include/hw/acpi/aml-build.h | 68 ++---
 3 files changed, 69 insertions(+), 69 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 77ce00b..7a478ae 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -833,7 +833,7 @@ Aml *aml_word_bus_number(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
  uint16_t addr_trans, uint16_t len)
 
 {
-return aml_word_as_desc(aml_bus_number_range, min_fixed, max_fixed, dec,
+return aml_word_as_desc(AML_BUS_NUMBER_RANGE, min_fixed, max_fixed, dec,
 addr_gran, addr_min, addr_max, addr_trans, len, 0);
 }
 
@@ -850,7 +850,7 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
  uint16_t len)
 
 {
-return aml_word_as_desc(aml_io_range, min_fixed, max_fixed, dec,
+return aml_word_as_desc(AML_IO_RANGE, min_fixed, max_fixed, dec,
 addr_gran, addr_min, addr_max, addr_trans, len,
 isa_ranges);
 }
@@ -862,7 +862,7 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
  * ACPI 5.0: 19.5.34 DWordMemory (DWord Memory Resource Descriptor Macro)
  */
 Aml *aml_dword_memory(AmlDecode dec, AmlMinFixed min_fixed,
-  AmlMaxFixed max_fixed, AmlCacheble cacheable,
+  AmlMaxFixed max_fixed, AmlCacheable cacheable,
   AmlReadAndWrite read_and_write,
   uint32_t addr_gran, uint32_t addr_min,
   uint32_t addr_max, uint32_t addr_trans,
@@ -870,7 +870,7 @@ Aml *aml_dword_memory(AmlDecode dec, AmlMinFixed min_fixed,
 {
 uint8_t flags = read_and_write | (cacheable << 1);
 
-return aml_dword_as_desc(aml_memory_range, min_fixed, max_fixed,
+return aml_dword_as_desc(AML_MEMORY_RANGE, min_fixed, max_fixed,
  dec, addr_gran, addr_min, addr_max,
  addr_trans, len, flags);
 }
@@ -882,7 +882,7 @@ Aml *aml_dword_memory(AmlDecode dec, AmlMinFixed min_fixed,
  * ACPI 5.0: 19.5.102 QWordMemory (QWord Memory Resource Descriptor Macro)
  */
 Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
-  AmlMaxFixed max_fixed, AmlCacheble cacheable,
+  AmlMaxFixed max_fixed, AmlCacheable cacheable,
   AmlReadAndWrite read_and_write,
   uint64_t addr_gran, uint64_t addr_min,
   uint64_t addr_max, uint64_t addr_trans,
@@ -890,7 +890,7 @@ Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
 {
 uint8_t flags = read_and_write | (cacheable << 1);
 
-return aml_qword_as_desc(aml_memory_range, min_fixed, max_fixed,
+return aml_qword_as_desc(AML_MEMORY_RANGE, min_fixed, max_fixed,
  dec, addr_gran, addr_min, addr_max,
  addr_trans, len, flags);
 }
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 73259e7..c7c6b61 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -620,31 +620,31 @@ build_ssdt(GArray *table_data, GArray *linker,
 /* build PCI0._CRS */
 crs = aml_resource_template();
 aml_append(crs,
-aml_word_bus_number(aml_min_fixed, aml_max_fixed, aml_pos_decode,
+aml_word_bus_number(AML_MIN_FIXED, AML_MAX_FIXED, AML_POS_DECODE,
 0x, 0x, 0x00FF, 0x, 0x0100));
-aml_append(crs, aml_io(aml_decode16, 0x0CF8, 0x0CF8, 0x01, 0x08));
+aml_append(crs, aml_io(AML_DECODE16, 0x0CF8, 0x0CF8, 0x01, 0x08));
 
 aml_append(crs,
-aml_word_io(aml_min_fixed, aml_max_fixed,
-aml_pos_decode, aml_entire_range,
+aml_word_io(AML_MIN_FIXED, AML_MAX_FIXED,
+AML_POS_DECODE, AML_ENTIRE_RANGE,
 0x, 0x, 0x0CF7, 0x, 0x0CF8));
 aml_append(crs,
-aml_word_io(aml_min_fixed, aml_max_fixed,
-aml_pos_decode, aml_entire_range,
+aml_word_io(AML_MIN_FIXED, AML_MAX_FIXED,
+AML_POS_DECODE, AML_ENTIRE_RANGE,
 0x, 0x0D00, 0x, 0x, 0xF300));
 aml_append(crs,
-aml_dword_memory(aml_pos_decode, aml_min_fixed, aml_max_fixed,
- aml_cacheable, aml_ReadWrite,
+aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED,
+ AML_CACHEABLE, AML_READ_WRITE,
  0, 0x000A, 0x000B, 0, 0x0002));
 aml_append(crs,
-aml_dword_memory(aml_pos_decode, aml_min_fixed, aml_max_fixed,
- aml_non_cacheable, aml_ReadWrite,
+aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED

[Qemu-devel] [PATCH v9 13/24] hw/arm/virt-acpi-build: Generate MCFG table

[Shannon Zhao]

From: Shannon Zhao 

Generate MCFG table for PCIe controller.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 23 +++
 1 file changed, 23 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f8c1dd8..95c83ee 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -39,6 +39,7 @@
 #include "hw/loader.h"
 #include "hw/hw.h"
 #include "hw/acpi/aml-build.h"
+#include "hw/pci/pcie_host.h"
 
 #define ARM_SPI_BASE 32
 
@@ -180,6 +181,25 @@ build_rsdp(GArray *rsdp_table, GArray *linker, unsigned 
rsdt)
 return rsdp_table;
 }
 
+static void
+build_mcfg(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
+{
+AcpiTableMcfg *mcfg;
+const MemMapEntry *memmap = guest_info->memmap;
+int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+
+mcfg = acpi_data_push(table_data, len);
+mcfg->allocation[0].address = cpu_to_le64(memmap[VIRT_PCIE_ECAM].base);
+
+/* Only a single allocation so no need to play with segments */
+mcfg->allocation[0].pci_segment = cpu_to_le16(0);
+mcfg->allocation[0].start_bus_number = 0;
+mcfg->allocation[0].end_bus_number = (memmap[VIRT_PCIE_ECAM].size
+  / PCIE_MMCFG_SIZE_MIN) - 1;
+
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 5);
+}
+
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, GArray *linker)
@@ -350,6 +370,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_gtdt(tables_blob, tables->linker);
 
+acpi_add_table(table_offsets, tables_blob);
+build_mcfg(tables_blob, tables->linker, guest_info);
+
 /* RSDT is pointed to by RSDP */
 rsdt = tables_blob->len;
 build_rsdt(tables_blob, tables->linker, table_offsets);
-- 
2.0.4

[Qemu-devel] [PATCH v9 14/24] hw/acpi/aml-build: Make aml_buffer() definition consistent with the spec

[Shannon Zhao]

From: Shannon Zhao 

According to ACPI spec, DefBuffer can take two parameters: BufferSize
and ByteList. Make it consistent with the spec. Uninitialized buffer
could be requested by passing ByteList as NULL to reserve space.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 16 ++--
 include/hw/acpi/aml-build.h |  2 +-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index de19c63..22478c2 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -642,10 +642,22 @@ Aml *aml_resource_template(void)
 return var;
 }
 
-/* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefBuffer */
-Aml *aml_buffer(void)
+/* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefBuffer
+ * Pass byte_list as NULL to request uninitialized buffer to reserve space.
+ */
+Aml *aml_buffer(int buffer_size, uint8_t *byte_list)
 {
+int i;
 Aml *var = aml_bundle(0x11 /* BufferOp */, AML_BUFFER);
+
+for (i = 0; i < buffer_size; i++) {
+if (byte_list == NULL) {
+build_append_byte(var->buf, 0x0);
+} else {
+build_append_byte(var->buf, byte_list[i]);
+}
+}
+
 return var;
 }
 
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index f4e678f..fac70ea 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -253,7 +253,7 @@ Aml *aml_device(const char *name_format, ...) 
GCC_FMT_ATTR(1, 2);
 Aml *aml_method(const char *name, int arg_count);
 Aml *aml_if(Aml *predicate);
 Aml *aml_package(uint8_t num_elements);
-Aml *aml_buffer(void);
+Aml *aml_buffer(int buffer_size, uint8_t *byte_list);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlAccessType type, AmlUpdateRule rule);
 Aml *aml_varpackage(uint32_t num_elements);
-- 
2.0.4

[Qemu-devel] [PATCH v9 12/24] hw/arm/virt-acpi-build: Generate RSDP table

[Shannon Zhao]

From: Shannon Zhao 

RSDP points to RSDT which in turn points to other tables.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 35 ++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 95c84d6..f8c1dd8 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -151,6 +151,35 @@ static void acpi_dsdt_add_virtio(Aml *scope,
 }
 }
 
+/* RSDP */
+static GArray *
+build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 16,
+ true /* fseg memory */);
+
+memcpy(&rsdp->signature, "RSD PTR ", sizeof(rsdp->signature));
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, sizeof(rsdp->oem_id));
+rsdp->length = cpu_to_le32(sizeof(*rsdp));
+rsdp->revision = 0x02;
+
+/* Point to RSDT */
+rsdp->rsdt_physical_address = cpu_to_le32(rsdt);
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker, ACPI_BUILD_RSDP_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   rsdp_table, &rsdp->rsdt_physical_address,
+   sizeof rsdp->rsdt_physical_address);
+rsdp->checksum = 0;
+/* Checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+rsdp, rsdp, sizeof *rsdp, &rsdp->checksum);
+
+return rsdp_table;
+}
+
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, GArray *linker)
@@ -285,7 +314,7 @@ static
 void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
 {
 GArray *table_offsets;
-unsigned dsdt;
+unsigned dsdt, rsdt;
 VirtAcpiCpuInfo cpuinfo;
 GArray *tables_blob = tables->table_data;
 
@@ -322,8 +351,12 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 build_gtdt(tables_blob, tables->linker);
 
 /* RSDT is pointed to by RSDP */
+rsdt = tables_blob->len;
 build_rsdt(tables_blob, tables->linker, table_offsets);
 
+/* RSDP is in FSEG memory, so allocate it separately */
+build_rsdp(tables->rsdp, tables->linker, rsdt);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
-- 
2.0.4

[Qemu-devel] [PATCH v9 11/24] hw/arm/virt-acpi-build: Generate RSDT table

[Shannon Zhao]

From: Shannon Zhao 

RSDT points to other tables FADT, MADT, GTDT. This code is shared with x86.

Here we still use RSDT as UEFI puts ACPI tables below 4G address space,
and UEFI ignore the RSDT or XSDT.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/acpi/aml-build.c | 24 
 hw/arm/virt-acpi-build.c|  3 +++
 hw/i386/acpi-build.c| 24 
 include/hw/acpi/aml-build.h |  2 ++
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 0d99941..de19c63 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1006,3 +1006,27 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->table_data, true);
 g_array_free(tables->tcpalog, mfre);
 }
+
+/* Build rsdt table */
+void
+build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
+{
+AcpiRsdtDescriptorRev1 *rsdt;
+size_t rsdt_len;
+int i;
+const int table_data_len = (sizeof(uint32_t) * table_offsets->len);
+
+rsdt_len = sizeof(*rsdt) + table_data_len;
+rsdt = acpi_data_push(table_data, rsdt_len);
+memcpy(rsdt->table_offset_entry, table_offsets->data, table_data_len);
+for (i = 0; i < table_offsets->len; ++i) {
+/* rsdt->table_offset_entry to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+   ACPI_BUILD_TABLE_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   table_data, 
&rsdt->table_offset_entry[i],
+   sizeof(uint32_t));
+}
+build_header(linker, table_data,
+ (void *)rsdt, "RSDT", rsdt_len, 1);
+}
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 90587ad..95c84d6 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -321,6 +321,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_gtdt(tables_blob, tables->linker);
 
+/* RSDT is pointed to by RSDP */
+build_rsdt(tables_blob, tables->linker, table_offsets);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index c7c6b61..3d19de6 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1208,30 +1208,6 @@ build_dsdt(GArray *table_data, GArray *linker, 
AcpiMiscInfo *misc)
  misc->dsdt_size, 1);
 }
 
-/* Build final rsdt table */
-static void
-build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
-{
-AcpiRsdtDescriptorRev1 *rsdt;
-size_t rsdt_len;
-int i;
-
-rsdt_len = sizeof(*rsdt) + sizeof(uint32_t) * table_offsets->len;
-rsdt = acpi_data_push(table_data, rsdt_len);
-memcpy(rsdt->table_offset_entry, table_offsets->data,
-   sizeof(uint32_t) * table_offsets->len);
-for (i = 0; i < table_offsets->len; ++i) {
-/* rsdt->table_offset_entry to be filled by Guest linker */
-bios_linker_loader_add_pointer(linker,
-   ACPI_BUILD_TABLE_FILE,
-   ACPI_BUILD_TABLE_FILE,
-   table_data, 
&rsdt->table_offset_entry[i],
-   sizeof(uint32_t));
-}
-build_header(linker, table_data,
- (void *)rsdt, "RSDT", rsdt_len, 1);
-}
-
 static GArray *
 build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index df23479..f4e678f 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -266,5 +266,7 @@ unsigned acpi_data_len(GArray *table);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
+void
+build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets);
 
 #endif
-- 
2.0.4

[Qemu-devel] [PATCH v9 20/24] hw/acpi/aml-build: Add aml_dword_io() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 18 ++
 include/hw/acpi/aml-build.h |  5 +
 2 files changed, 23 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 2927be1..bd91981 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -959,6 +959,24 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
 }
 
 /*
+ * ACPI 1.0b: 6.4.3.5.4 ASL Macros for DWORD Address Descriptor
+ *
+ * More verbose description at:
+ * ACPI 5.0: 19.5.33 DWordIO (DWord IO Resource Descriptor Macro)
+ */
+Aml *aml_dword_io(AmlMinFixed min_fixed, AmlMaxFixed max_fixed,
+ AmlDecode dec, AmlISARanges isa_ranges,
+ uint32_t addr_gran, uint32_t addr_min,
+ uint32_t addr_max, uint32_t addr_trans,
+ uint32_t len)
+
+{
+return aml_dword_as_desc(AML_IO_RANGE, min_fixed, max_fixed, dec,
+addr_gran, addr_min, addr_max, addr_trans, len,
+isa_ranges);
+}
+
+/*
  * ACPI 1.0b: 6.4.3.5.4 ASL Macros for DWORD Address Space Descriptor
  *
  * More verbose description at:
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index ae62995..b81c838 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -236,6 +236,11 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
  uint16_t addr_gran, uint16_t addr_min,
  uint16_t addr_max, uint16_t addr_trans,
  uint16_t len);
+Aml *aml_dword_io(AmlMinFixed min_fixed, AmlMaxFixed max_fixed,
+ AmlDecode dec, AmlISARanges isa_ranges,
+ uint32_t addr_gran, uint32_t addr_min,
+ uint32_t addr_max, uint32_t addr_trans,
+ uint32_t len);
 Aml *aml_dword_memory(AmlDecode dec, AmlMinFixed min_fixed,
   AmlMaxFixed max_fixed, AmlCacheable cacheable,
   AmlReadAndWrite read_and_write,
-- 
2.0.4

[Qemu-devel] [PATCH v9 22/24] hw/arm/virt-acpi-build: Add PCIe controller in ACPI DSDT table

[Shannon Zhao]

From: Shannon Zhao 

Add PCIe controller in ACPI DSDT table, so the guest can detect
the PCIe.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c | 154 +++
 1 file changed, 154 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 95c83ee..a9373cc 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -40,6 +40,7 @@
 #include "hw/hw.h"
 #include "hw/acpi/aml-build.h"
 #include "hw/pci/pcie_host.h"
+#include "hw/pci/pci.h"
 
 #define ARM_SPI_BASE 32
 
@@ -152,6 +153,157 @@ static void acpi_dsdt_add_virtio(Aml *scope,
 }
 }
 
+static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry *memmap, int irq)
+{
+Aml *method, *crs, *ifctx, *UUID, *ifctx1, *elsectx, *buf;
+int i, bus_no;
+hwaddr base_mmio = memmap[VIRT_PCIE_MMIO].base;
+hwaddr size_mmio = memmap[VIRT_PCIE_MMIO].size;
+hwaddr base_pio = memmap[VIRT_PCIE_PIO].base;
+hwaddr size_pio = memmap[VIRT_PCIE_PIO].size;
+hwaddr base_ecam = memmap[VIRT_PCIE_ECAM].base;
+hwaddr size_ecam = memmap[VIRT_PCIE_ECAM].size;
+int nr_pcie_buses = size_ecam / PCIE_MMCFG_SIZE_MIN;
+
+Aml *dev = aml_device("%s", "PCI0");
+aml_append(dev, aml_name_decl("_HID", aml_string("PNP0A08")));
+aml_append(dev, aml_name_decl("_CID", aml_string("PNP0A03")));
+aml_append(dev, aml_name_decl("_SEG", aml_int(0)));
+aml_append(dev, aml_name_decl("_BBN", aml_int(0)));
+aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
+aml_append(dev, aml_name_decl("_UID", aml_string("PCI0")));
+aml_append(dev, aml_name_decl("_STR", aml_unicode("PCIe 0 Device")));
+
+/* Declare the PCI Routing Table. */
+Aml *rt_pkg = aml_package(nr_pcie_buses * PCI_NUM_PINS);
+for (bus_no = 0; bus_no < nr_pcie_buses; bus_no++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
+int gsi = (i + bus_no) % PCI_NUM_PINS;
+Aml *pkg = aml_package(4);
+aml_append(pkg, aml_int((bus_no << 16) | 0x));
+aml_append(pkg, aml_int(i));
+aml_append(pkg, aml_name("GSI%d", gsi));
+aml_append(pkg, aml_int(0));
+aml_append(rt_pkg, pkg);
+}
+}
+aml_append(dev, aml_name_decl("_PRT", rt_pkg));
+
+/* Create GSI link device */
+for (i = 0; i < PCI_NUM_PINS; i++) {
+Aml *dev_gsi = aml_device("GSI%d", i);
+aml_append(dev_gsi, aml_name_decl("_HID", aml_string("PNP0C0F")));
+aml_append(dev_gsi, aml_name_decl("_UID", aml_int(0)));
+crs = aml_resource_template();
+aml_append(crs,
+   aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
+ AML_EXCLUSIVE, irq + i));
+aml_append(dev_gsi, aml_name_decl("_PRS", crs));
+crs = aml_resource_template();
+aml_append(crs,
+   aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH,
+ AML_EXCLUSIVE, irq + i));
+aml_append(dev_gsi, aml_name_decl("_CRS", crs));
+method = aml_method("_SRS", 1);
+aml_append(dev_gsi, method);
+aml_append(dev, dev_gsi);
+}
+
+method = aml_method("_CBA", 0);
+aml_append(method, aml_return(aml_int(base_ecam)));
+aml_append(dev, method);
+
+method = aml_method("_CRS", 0);
+Aml *rbuf = aml_resource_template();
+aml_append(rbuf,
+aml_word_bus_number(AML_MIN_FIXED, AML_MAX_FIXED, AML_POS_DECODE,
+0x, 0x, nr_pcie_buses - 1, 0x,
+nr_pcie_buses));
+aml_append(rbuf,
+aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED,
+ AML_NON_CACHEABLE, AML_READ_WRITE, 0x, base_mmio,
+ base_mmio + size_mmio - 1, 0x, size_mmio));
+aml_append(rbuf,
+aml_dword_io(AML_MIN_FIXED, AML_MAX_FIXED, AML_POS_DECODE,
+ AML_ENTIRE_RANGE, 0x, 0x, size_pio - 1, base_pio,
+ size_pio));
+
+aml_append(method, aml_name_decl("RBUF", rbuf));
+aml_append(method, aml_return(rbuf));
+aml_append(dev, method);
+
+/* Declare an _OSC (OS Control Handoff) method */
+aml_append(dev, aml_name_decl("SUPP", aml_int(0)));
+aml_append(dev, aml_name_decl("CTRL", aml_int(0)));
+method = aml_method("_OSC", 4);
+aml_append(method,
+aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
+
+/* PCI Firmware Specification 3.0
+ * 4.5.1. _OSC Interface for PCI Host Bridge Devices
+ * The _OSC interface for a PCI/PCI-X/PCI Express hierarchy is
+ * identified by the Universal Unique IDentifier (UUID)
+ * 33DB4D5B-1FF7-401C-9657-7441C03DD766
+ */
+UUID = aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766");
+ifctx = aml_if(aml_equal(aml_arg(0), UUID));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));

[Qemu-devel] [PATCH v9 23/24] ACPI: split CONFIG_ACPI into 4 pieces

[Shannon Zhao]

From: Shannon Zhao 

As core.c, piix4.c, ich9.c and pcihp.c are for x86, add CONFIG_ACPI_X86
to make it only for x86. ARM doesn't support cpu and memory hotplug, add
CONFIG_ACPI_CPU_HOTPLUG and CONFIG_ACPI_MEMORY_HOTPLUG to exclude them
for target-arm.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 default-configs/arm-softmmu.mak  | 1 +
 default-configs/i386-softmmu.mak | 3 +++
 default-configs/mips-softmmu.mak | 3 +++
 default-configs/mips64-softmmu.mak   | 3 +++
 default-configs/mips64el-softmmu.mak | 3 +++
 default-configs/mipsel-softmmu.mak   | 3 +++
 default-configs/x86_64-softmmu.mak   | 3 +++
 hw/acpi/Makefile.objs| 5 +++--
 hw/i2c/Makefile.objs | 2 +-
 9 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index a767e4b..74f1db3 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -101,3 +101,4 @@ CONFIG_ALLWINNER_A10=y
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
+CONFIG_ACPI=y
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 6a74e00..91d602c 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_IDE_ISA=y
diff --git a/default-configs/mips-softmmu.mak b/default-configs/mips-softmmu.mak
index cce2c81..fd0607d 100644
--- a/default-configs/mips-softmmu.mak
+++ b/default-configs/mips-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mips64-softmmu.mak 
b/default-configs/mips64-softmmu.mak
index 7a88a08..b8c7910 100644
--- a/default-configs/mips64-softmmu.mak
+++ b/default-configs/mips64-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mips64el-softmmu.mak 
b/default-configs/mips64el-softmmu.mak
index 095de43..ae4274b 100644
--- a/default-configs/mips64el-softmmu.mak
+++ b/default-configs/mips64el-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mipsel-softmmu.mak 
b/default-configs/mipsel-softmmu.mak
index 0e25108..1e2374b 100644
--- a/default-configs/mipsel-softmmu.mak
+++ b/default-configs/mipsel-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 46b87dd..2f2955b 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_X86=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_IDE_ISA=y
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index b9fefa7..29d46d8 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -1,5 +1,6 @@
-common-obj-$(CONFIG_ACPI) += core.o piix4.o ich9.o pcihp.o cpu_hotplug.o
-common-obj-$(CONFIG_ACPI) += memory_hotplug.o
+common-obj-$(CONFIG_ACPI_X86) += core.o piix4.o ich9.o pcihp.o
+common-obj-$(CONFIG_ACPI_CPU_HOTPLUG) += cpu_hotplug.o
+common-obj-$(CONFIG_ACPI_MEMORY_HOTPLUG) += memory_hotplug.o
 common-obj-$(CONFIG_ACPI) += acpi_interface.o
 common-obj-$(CONFIG_ACPI) += bios-linker-loader.o
 common-obj-$(CONFIG_ACPI) += aml-build.o
diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
index 648278e..0f13060 100644
--- a/hw/i2c/Makefile.objs
+++ b/hw/i2c/Makefile.objs
@@ -1,6 +1,6 @@
 common-obj-y += core.o smbus.o smbus_eeprom.o
 common-obj-$(CONFIG_VERSATILE_I2C) += versatile_i2c.o
-common-obj-$(CONFIG_ACPI) += smbus_ich9.o
+common-obj-$(CONFIG_ACPI_X86) += smbus_ich9.o
 common-obj-$(CONFIG_APM) += pm_smbus.o
 common-obj-$(CONFIG_BITBANG_I2C) += bitbang_i2c.o
 common-obj-$(CONFIG_EXYNOS4) += exynos4210_i2c.o
-- 
2.0.4

[Qemu-devel] [PATCH v9 19/24] hw/acpi/aml-build: Add aml_create_dword_field() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 11 +++
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 12 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index cfe1b29..2927be1 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -738,6 +738,17 @@ Aml *aml_field(const char *name, AmlAccessType type, 
AmlUpdateRule rule)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefCreateDWordField */
+Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name)
+{
+Aml *var = aml_alloc();
+build_append_byte(var->buf, 0x8A); /* CreateDWordFieldOp */
+aml_append(var, srcbuf);
+aml_append(var, index);
+build_append_namestring(var->buf, "%s", name);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.3 Data Objects Encoding: String */
 Aml *aml_string(const char *name_format, ...)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index c999ef1..ae62995 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -259,6 +259,7 @@ Aml *aml_package(uint8_t num_elements);
 Aml *aml_buffer(int buffer_size, uint8_t *byte_list);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlAccessType type, AmlUpdateRule rule);
+Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name);
 Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
 
-- 
2.0.4

[Qemu-devel] [PATCH v9 21/24] hw/acpi/aml-build: Add Unicode macro

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 17 +
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 18 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index bd91981..323b7bc 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1069,6 +1069,23 @@ Aml *aml_touuid(const char *uuid)
 return var;
 }
 
+/*
+ * ACPI 2.0b: 16.2.3.6.4.3  Unicode Macro (Convert Ascii String To Unicode)
+ */
+Aml *aml_unicode(const char *str)
+{
+int i = 0;
+Aml *var = aml_bundle(0x11 /* BufferOp */, AML_BUFFER);
+
+do {
+build_append_byte(var->buf, str[i]);
+build_append_byte(var->buf, 0);
+i++;
+} while (i <= strlen(str));
+
+return var;
+}
+
 void
 build_header(GArray *linker, GArray *table_data,
  AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index b81c838..9773bfd 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -267,6 +267,7 @@ Aml *aml_field(const char *name, AmlAccessType type, 
AmlUpdateRule rule);
 Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name);
 Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
+Aml *aml_unicode(const char *str);
 
 void
 build_header(GArray *linker, GArray *table_data,
-- 
2.0.4

[Qemu-devel] [PATCH v9 24/24] hw/arm/virt: Enable dynamic generation of ACPI v5.1 tables

[Shannon Zhao]

From: Shannon Zhao 

Initialize VirtGuestInfoState and register a machine_init_done notify to
call virt_acpi_build().

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a6a399d..05db8cb 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -44,6 +44,7 @@
 #include "qemu/bitops.h"
 #include "qemu/error-report.h"
 #include "hw/pci-host/gpex.h"
+#include "hw/arm/virt-acpi-build.h"
 
 /* Number of external interrupt lines to configure the GIC with */
 #define NUM_IRQS 128
@@ -697,6 +698,14 @@ static void *machvirt_dtb(const struct arm_boot_info 
*binfo, int *fdt_size)
 return board->fdt;
 }
 
+static
+void virt_guest_info_machine_done(Notifier *notifier, void *data)
+{
+VirtGuestInfoState *guest_info_state = container_of(notifier,
+  VirtGuestInfoState, 
machine_done);
+virt_acpi_setup(&guest_info_state->info);
+}
+
 static void machvirt_init(MachineState *machine)
 {
 VirtMachineState *vms = VIRT_MACHINE(machine);
@@ -706,6 +715,8 @@ static void machvirt_init(MachineState *machine)
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 const char *cpu_model = machine->cpu_model;
 VirtBoardInfo *vbi;
+VirtGuestInfoState *guest_info_state = g_malloc0(sizeof *guest_info_state);
+VirtGuestInfo *guest_info = &guest_info_state->info;
 uint32_t gic_phandle;
 char **cpustr;
 
@@ -798,6 +809,14 @@ static void machvirt_init(MachineState *machine)
 create_virtio_devices(vbi, pic);
 
 create_fw_cfg(vbi);
+rom_set_fw(fw_cfg_find());
+
+guest_info->smp_cpus = smp_cpus;
+guest_info->fw_cfg = fw_cfg_find();
+guest_info->memmap = vbi->memmap;
+guest_info->irqmap = vbi->irqmap;
+guest_info_state->machine_done.notify = virt_guest_info_machine_done;
+qemu_add_machine_init_done_notifier(&guest_info_state->machine_done);
 
 vbi->bootinfo.ram_size = machine->ram_size;
 vbi->bootinfo.kernel_filename = machine->kernel_filename;
-- 
2.0.4

[Qemu-devel] [PATCH v9 10/24] hw/arm/virt-acpi-build: Generate GTDT table

[Shannon Zhao]

From: Shannon Zhao 

ACPI v5.1 defines GTDT for ARM devices as a place to describe timer
related information in the system. The Arch Timer interrupts must
be provided for GTDT.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c| 29 +
 hw/arm/virt.c   |  8 
 include/hw/acpi/acpi-defs.h | 37 +
 include/hw/arm/virt.h   |  5 +
 4 files changed, 75 insertions(+), 4 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 29ad535..90587ad 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -151,6 +151,32 @@ static void acpi_dsdt_add_virtio(Aml *scope,
 }
 }
 
+/* GTDT */
+static void
+build_gtdt(GArray *table_data, GArray *linker)
+{
+int gtdt_start = table_data->len;
+AcpiGenericTimerTable *gtdt;
+
+gtdt = acpi_data_push(table_data, sizeof *gtdt);
+/* The interrupt values are the same with the device tree when adding 16 */
+gtdt->secure_el1_interrupt = ARCH_TIMER_S_EL1_IRQ + 16;
+gtdt->secure_el1_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->non_secure_el1_interrupt = ARCH_TIMER_NS_EL1_IRQ + 16;
+gtdt->non_secure_el1_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->virtual_timer_interrupt = ARCH_TIMER_VIRT_IRQ + 16;
+gtdt->virtual_timer_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->non_secure_el2_interrupt = ARCH_TIMER_NS_EL2_IRQ + 16;
+gtdt->non_secure_el2_flags = ACPI_EDGE_SENSITIVE;
+
+build_header(linker, table_data,
+ (void *)(table_data->data + gtdt_start), "GTDT",
+ table_data->len - gtdt_start, 5);
+}
+
 /* MADT */
 static void
 build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
@@ -292,6 +318,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_madt(tables_blob, tables->linker, guest_info, &cpuinfo);
 
+acpi_add_table(table_offsets, tables_blob);
+build_gtdt(tables_blob, tables->linker);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 250b9bc..a6a399d 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -265,10 +265,10 @@ static void fdt_add_timer_nodes(const VirtBoardInfo *vbi)
 "arm,armv7-timer");
 }
 qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts",
-   GIC_FDT_IRQ_TYPE_PPI, 13, irqflags,
-   GIC_FDT_IRQ_TYPE_PPI, 14, irqflags,
-   GIC_FDT_IRQ_TYPE_PPI, 11, irqflags,
-   GIC_FDT_IRQ_TYPE_PPI, 10, irqflags);
+   GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_S_EL1_IRQ, irqflags,
+   GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL1_IRQ, irqflags,
+   GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_VIRT_IRQ, irqflags,
+   GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL2_IRQ, irqflags);
 }
 
 static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 1e9dbe7..f503ec4 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -341,6 +341,43 @@ struct AcpiMadtGenericDistributor {
 typedef struct AcpiMadtGenericDistributor AcpiMadtGenericDistributor;
 
 /*
+ * Generic Timer Description Table (GTDT)
+ */
+
+#define ACPI_GTDT_INTERRUPT_MODE(1 << 0)
+#define ACPI_GTDT_INTERRUPT_POLARITY(1 << 1)
+#define ACPI_GTDT_ALWAYS_ON (1 << 2)
+
+/* Triggering */
+
+#define ACPI_LEVEL_SENSITIVE((uint8_t) 0x00)
+#define ACPI_EDGE_SENSITIVE ((uint8_t) 0x01)
+
+/* Polarity */
+
+#define ACPI_ACTIVE_HIGH((uint8_t) 0x00)
+#define ACPI_ACTIVE_LOW ((uint8_t) 0x01)
+#define ACPI_ACTIVE_BOTH((uint8_t) 0x02)
+
+struct AcpiGenericTimerTable {
+ACPI_TABLE_HEADER_DEF
+uint64_t counter_block_addresss;
+uint32_t reserved;
+uint32_t secure_el1_interrupt;
+uint32_t secure_el1_flags;
+uint32_t non_secure_el1_interrupt;
+uint32_t non_secure_el1_flags;
+uint32_t virtual_timer_interrupt;
+uint32_t virtual_timer_flags;
+uint32_t non_secure_el2_interrupt;
+uint32_t non_secure_el2_flags;
+uint64_t counter_read_block_address;
+uint32_t platform_timer_count;
+uint32_t platform_timer_offset;
+} QEMU_PACKED;
+typedef struct AcpiGenericTimerTable AcpiGenericTimerTable;
+
+/*
  * HPET Description Table
  */
 struct Acpi20Hpet {
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 49a85cc..ceec8b3 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -34,6 +34,11 @@
 
 #define NUM_VIRTIO_TRANSPORTS 32
 
+#define ARCH_TIMER_VIRT_IRQ   11
+#define ARCH_TIMER_S_EL1_IRQ  13
+#define ARCH_TIMER_NS_EL1_IRQ 14
+#define ARCH_TIMER_NS_EL2_

[Qemu-devel] [PATCH v9 16/24] hw/acpi/aml-build: Add aml_or() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Igor Mammedov 
---
 hw/acpi/aml-build.c | 10 ++
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 11 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index ebce504..5002ad5 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -455,6 +455,16 @@ Aml *aml_and(Aml *arg1, Aml *arg2)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefOr */
+Aml *aml_or(Aml *arg1, Aml *arg2)
+{
+Aml *var = aml_opcode(0x7D /* OrOp */);
+aml_append(var, arg1);
+aml_append(var, arg2);
+build_append_byte(var->buf, 0x00 /* NullNameOp */);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.3 Type 1 Opcodes Encoding: DefNotify */
 Aml *aml_notify(Aml *arg1, Aml *arg2)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index a873b46..8690aeb 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -201,6 +201,7 @@ Aml *aml_int(const uint64_t val);
 Aml *aml_arg(int pos);
 Aml *aml_store(Aml *val, Aml *target);
 Aml *aml_and(Aml *arg1, Aml *arg2);
+Aml *aml_or(Aml *arg1, Aml *arg2);
 Aml *aml_notify(Aml *arg1, Aml *arg2);
 Aml *aml_call1(const char *method, Aml *arg1);
 Aml *aml_call2(const char *method, Aml *arg1, Aml *arg2);
-- 
2.0.4

[Qemu-devel] [PATCH RFC v9 1/7] qemu-iotests: qemu machine type support

[Bo Tu]

From: Xiao Guang Chen 

This patch adds qemu machine type support to the io test suite.
Based on the qemu default machine type and alias of the default machine type
the reference output file can now vary from the default to a machine specific
output file if necessary. When using a machine specific reference file if the
default machine has an alias then use the alias as the output file name
otherwise use the default machine name as the output file name.

Reviewed-by: Max Reitz 
Reviewed-by: Michael Mueller 
Signed-off-by: Xiao Guang Chen 
---
 tests/qemu-iotests/check | 5 +
 tests/qemu-iotests/common.config | 9 +
 tests/qemu-iotests/iotests.py| 1 +
 3 files changed, 15 insertions(+)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index baeae80..22b2e63 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -324,6 +324,11 @@ do
 fi
 
 reference="$source_iotests/$seq.out"
+reference_machine="$source_iotests/$seq.$QEMU_DEFAULT_MACHINE.out"
+if [ -f "$reference_machine" ]; then
+reference="$reference_machine"
+fi
+
 if [ "$CACHEMODE" = "none" ]; then
 [ -f "$source_iotests/$seq.out.nocache" ] && 
reference="$source_iotests/$seq.out.nocache"
 fi
diff --git a/tests/qemu-iotests/common.config b/tests/qemu-iotests/common.config
index a1973ad..0288cb1 100644
--- a/tests/qemu-iotests/common.config
+++ b/tests/qemu-iotests/common.config
@@ -107,6 +107,15 @@ export QEMU=$QEMU_PROG
 export QEMU_IMG=$QEMU_IMG_PROG
 export QEMU_IO="$QEMU_IO_PROG $QEMU_IO_OPTIONS"
 export QEMU_NBD=$QEMU_NBD_PROG
+default_machine=$($QEMU -machine \? | awk '/(default)/{print $1}')
+default_alias_machine=$($QEMU -machine \? |\
+awk -v var_default_machine="$default_machine"\)\
+'{if ($(NF-2)=="(alias"&&$(NF-1)=="of"&&$(NF)==var_default_machine){print 
$1}}')
+if [ ! -z "$default_alias_machine" ]; then
+default_machine="$default_alias_machine"
+fi
+
+export QEMU_DEFAULT_MACHINE="$default_machine"
 
 [ -f /etc/qemu-iotest.config ]   && . /etc/qemu-iotest.config
 
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index e93e623..6a670c6 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -42,6 +42,7 @@ imgproto = os.environ.get('IMGPROTO', 'file')
 test_dir = os.environ.get('TEST_DIR', '/var/tmp')
 output_dir = os.environ.get('OUTPUT_DIR', '.')
 cachemode = os.environ.get('CACHEMODE')
+qemu_default_machine = os.environ.get('QEMU_DEFAULT_MACHINE')
 
 socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
 
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 0/7] Update tests/qemu-iotests failing cases for the s390 platform

[Bo Tu]

v9.
1.Fix issue of line over 80 characters for test 049
2.Add Reviewed-by statements for test 051,130
3.Please apply the series if there are no further objections

v8.
1.Modify error message in qemu-option.c when image size is invalid
2.Remove Reviewed-by statements if any functional changes in a new patch version
for test 049,051,130
3.Change patch subject for test 130
4.Add id definition for a drive which will work for all platforms in test 130
5.Disable virtio-scsi-pci for non-PCI systems in test 051

v7.
1. Add a pc specific output file for test 130.
2. A new variable device_id is defined in test 130 to support multiplatform.
3. Update the output file for test 051 based on it's current output.
4. change util/qemu-option.c and test case 049, generate error message
when image size is a negtive value or exceeds the maximum of uint64

v6.
1. Change the filter name from _filter_s390 to _filter_orphan.
2. Update the output file for tese case 081 because no default floopy and 
cd-rom.

v5:
1. Add a pc specific output file for test 051.
2. Add a filter to test case 051 to filter s390 specific warnings.
3. Check whether the machine type is pc or not rather than check whether the 
machine type
is s390.
4. When using a machine specific reference file if the default machine has an 
alias then
use the alias as the output file name otherwise use the default machine name as 
the output
file name.

v4:
1. Generate all patches based on the latest master branch.
2. Rearrange patches

v3:
1. Fix a typo in v2.

v2:
1. Drop the patches for test 039 for it has been fixed in upstream.
2. Integrate patches for test 071, 067 and 087.
3. Keep the other patches.

v1:
1. updated the test suite to be default-machine-type-aware, from the previous 
platform-aware
2. created a new patch "qemu-iotests: run qemu with -nodefaults" to counterpart 
the impact from the commit:
c88930a6866e74953e931ae749781e98e486e5c8
qemu-char: Permit only a single "stdio" character device

When more than one is used, the terminal settings aren't restored
correctly on exit.  Fixable.  However, such usage makes no sense,
because the users race for input, so outlaw it instead.

If you want to connect multiple things to stdio, use the mux
chardev.
3. updated all the checking of platform name to the current machine name

Bo Tu (3):
  qemu-iotests: s390x: fix test 049
  qemu-iotests: s390x: fix test 051
  qemu-iotests: s390x: fix test 130

Xiao Guang Chen (4):
  qemu-iotests: qemu machine type support
  qemu-iotests: run qemu with -nodefaults and fix 067,071,081 and 087
  qemu-iotests: s390x: fix test 041
  qemu-iotests: s390x: fix test 055

 tests/qemu-iotests/041   |   6 +
 tests/qemu-iotests/049.out   |  10 +-
 tests/qemu-iotests/051   |  85 +---
 tests/qemu-iotests/051.out   | 158 +-
 tests/qemu-iotests/051.pc.out| 433 +++
 tests/qemu-iotests/055   |   9 +
 tests/qemu-iotests/067   |   8 +-
 tests/qemu-iotests/067.out   | 266 +---
 tests/qemu-iotests/071.out   |   4 -
 tests/qemu-iotests/081.out   |   2 -
 tests/qemu-iotests/087.out   |  12 --
 tests/qemu-iotests/130   |   8 +-
 tests/qemu-iotests/130.out   |   4 +-
 tests/qemu-iotests/check |   5 +
 tests/qemu-iotests/common|   1 +
 tests/qemu-iotests/common.config |  11 +-
 tests/qemu-iotests/common.filter |   7 +
 tests/qemu-iotests/common.qemu   |   2 +-
 tests/qemu-iotests/iotests.py|   1 +
 util/qemu-option.c   |   5 +
 20 files changed, 603 insertions(+), 434 deletions(-)
 create mode 100644 tests/qemu-iotests/051.pc.out

-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 3/7] qemu-iotests: s390x: fix test 041

[Bo Tu]

From: Xiao Guang Chen 

There is no 'ide-cd' device defined on s390 platform, so
test_medium_not_found() test should be skipped.

Reviewed-by: Max Reitz 
Reviewed-by: Michael Mueller 
Signed-off-by: Xiao Guang Chen 
---
 tests/qemu-iotests/041 | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index 59a8f73..c6abe3c 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -197,6 +197,9 @@ class TestSingleDrive(ImageMirroringTestCase):
 'target image does not match source after mirroring')
 
 def test_medium_not_found(self):
+if iotests.qemu_default_machine != 'pc':
+return
+
 result = self.vm.qmp('drive-mirror', device='ide1-cd0', sync='full',
  target=target_img)
 self.assert_qmp(result, 'error/class', 'GenericError')
@@ -867,6 +870,9 @@ class TestRepairQuorum(ImageMirroringTestCase):
 if not self.has_quorum():
 return
 
+if iotests.qemu_default_machine != 'pc':
+return
+
 result = self.vm.qmp('drive-mirror', device='ide1-cd0', sync='full',
  node_name='repair0',
  replaces='img1',
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 2/7] qemu-iotests: run qemu with -nodefaults and fix 067, 071, 081 and 087

[Bo Tu]

From: Xiao Guang Chen 

This patch fixes an io test suite issue that was introduced with the
commit c88930a6866e74953e931ae749781e98e486e5c8 'qemu-char: Permit only
a single "stdio" character device'. The option supresses the creation of
default devices such as the floopy and cdrom. Output files for test case
067, 071, 081 and 087 need to be updated to accommodate this change.
Use virtio-blk instead of virtio-blk-pci as the device driver for test case
067. For virtio-blk-pci is the same with virtio-blk as device driver but
other platform such as s390 may not recognize the virtio-blk-pci.

Reviewed-by: Max Reitz 
Reviewed-by: Michael Mueller 
Signed-off-by: Xiao Guang Chen 
---
 tests/qemu-iotests/067   |   8 +-
 tests/qemu-iotests/067.out   | 266 +--
 tests/qemu-iotests/071.out   |   4 -
 tests/qemu-iotests/081.out   |   2 -
 tests/qemu-iotests/087.out   |  12 --
 tests/qemu-iotests/common|   1 +
 tests/qemu-iotests/common.config |   2 +-
 tests/qemu-iotests/common.qemu   |   2 +-
 8 files changed, 8 insertions(+), 289 deletions(-)

diff --git a/tests/qemu-iotests/067 b/tests/qemu-iotests/067
index 83eefa3..3e9a053 100755
--- a/tests/qemu-iotests/067
+++ b/tests/qemu-iotests/067
@@ -59,7 +59,7 @@ echo
 echo === -drive/-device and device_del ===
 echo
 
-run_qemu -drive file=$TEST_IMG,format=$IMGFMT,if=none,id=disk -device 
virtio-blk-pci,drive=disk,id=virtio0 <"${fifo_out}" 
\
 2>&1 \
 <"${fifo_in}" &
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 4/7] qemu-iotests: s390x: fix test 055

[Bo Tu]

From: Xiao Guang Chen 

There is no 'ide-cd' device defined on s390 platform, so
test_medium_not_found() test should be skipped.

Reviewed-by: Max Reitz 
Reviewed-by: Michael Mueller 
Signed-off-by: Xiao Guang Chen 
---
 tests/qemu-iotests/055 | 9 +
 1 file changed, 9 insertions(+)

diff --git a/tests/qemu-iotests/055 b/tests/qemu-iotests/055
index 017a609..e6e0ac4 100755
--- a/tests/qemu-iotests/055
+++ b/tests/qemu-iotests/055
@@ -104,11 +104,17 @@ class TestSingleDrive(iotests.QMPTestCase):
 self.do_test_pause('blockdev-backup', 'drive1', blockdev_target_img)
 
 def test_medium_not_found(self):
+if iotests.qemu_default_machine != 'pc':
+return
+
 result = self.vm.qmp('drive-backup', device='ide1-cd0',
  target=target_img, sync='full')
 self.assert_qmp(result, 'error/class', 'GenericError')
 
 def test_medium_not_found_blockdev_backup(self):
+if iotests.qemu_default_machine != 'pc':
+return
+
 result = self.vm.qmp('blockdev-backup', device='ide1-cd0',
  target='drive1', sync='full')
 self.assert_qmp(result, 'error/class', 'GenericError')
@@ -323,6 +329,9 @@ class TestSingleTransaction(iotests.QMPTestCase):
 self.do_test_pause('blockdev-backup', 'drive1', blockdev_target_img)
 
 def do_test_medium_not_found(self, cmd, target):
+if iotests.qemu_default_machine != 'pc':
+return
+
 result = self.vm.qmp('transaction', actions=[{
 'type': cmd,
 'data': { 'device': 'ide1-cd0',
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 7/7] qemu-iotests: s390x: fix test 130

[Bo Tu]

The default device id of hard disk on the s390 platform is "virtio0"
which differs to the "ide0-hd0" for the x86 platform. Setting id in
the drive definition, ie:"qemu -drive id=testdisk", will be the same
on all platforms.

Reviewed-by: Max Reitz 
Signed-off-by: Bo Tu 
---
 tests/qemu-iotests/130 | 8 
 tests/qemu-iotests/130.out | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/130 b/tests/qemu-iotests/130
index bc26247..9209992 100755
--- a/tests/qemu-iotests/130
+++ b/tests/qemu-iotests/130
@@ -59,8 +59,8 @@ echo
 # bdrv_make_empty() involves a header update for qcow2
 
 # Test that a backing file isn't written
-_launch_qemu -drive file="$TEST_IMG",backing.file.filename="$TEST_IMG.base"
-_send_qemu_cmd $QEMU_HANDLE "commit ide0-hd0" "(qemu)"
+_launch_qemu -drive 
id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base"
+_send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
 _cleanup_qemu
 _img_info | _filter_img_info
@@ -68,8 +68,8 @@ _img_info | _filter_img_info
 # Make sure that if there was a backing file that was just overridden on the
 # command line, that backing file is retained, with the right format
 _make_test_img -F raw -b "$TEST_IMG.orig" 64M
-_launch_qemu -drive 
file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT
-_send_qemu_cmd $QEMU_HANDLE "commit ide0-hd0" "(qemu)"
+_launch_qemu -drive 
id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT
+_send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
 _cleanup_qemu
 _img_info | _filter_img_info
diff --git a/tests/qemu-iotests/130.out b/tests/qemu-iotests/130.out
index ea68b5d..9ec9d2a 100644
--- a/tests/qemu-iotests/130.out
+++ b/tests/qemu-iotests/130.out
@@ -9,14 +9,14 @@ virtual size: 64M (67108864 bytes)
 === HMP commit ===
 
 QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) 
ccocomcommcommicommitcommit
 commit icommit 
idcommit 
idecommit 
ide0commit 
ide0-commit 
ide0-hcommit 
ide0-hdcommit ide0-hd0
+(qemu) 
ccocomcommcommicommitcommit
 commit tcommit 
tecommit 
tescommit 
testcommit 
testdcommit 
testdicommit 
testdiscommit testdisk
 (qemu) 
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64M (67108864 bytes)
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 
backing_file='TEST_DIR/t.IMGFMT.orig' backing_fmt='raw'
 QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) 
ccocomcommcommicommitcommit
 commit icommit 
idcommit 
idecommit 
ide0commit 
ide0-commit 
ide0-hcommit 
ide0-hdcommit ide0-hd0
+(qemu) 
ccocomcommcommicommitcommit
 commit tcommit 
tecommit 
tescommit 
testcommit 
testdcommit 
testdicommit 
testdiscommit testdisk
 (qemu) 
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 5/7] qemu-iotests: s390x: fix test 049

[Bo Tu]

when creating an image qemu-img enable us specifying the size of the
image using -o size=xx options. But when we specify an invalid size
such as a negtive size then different platform gives different result.

parse_option_size() function in util/qemu-option.c will be called to
parse the size, a cast was called in the function to cast the input
(saved as a double in the function) size to an unsigned int64 value,
when the input is a negtive value or exceeds the maximum of uint64, then
the result is undefined.

Language spec 6.3.1.4 Real floating and integers:
the result of this assignment/cast is undefined if the float is not
in the open interval (-1, U_MAX+1).

Reviewed-by: Max Reitz 
Signed-off-by: Bo Tu 
---
 tests/qemu-iotests/049.out | 10 --
 util/qemu-option.c |  5 +
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
index 9f93666..b8790f9 100644
--- a/tests/qemu-iotests/049.out
+++ b/tests/qemu-iotests/049.out
@@ -95,17 +95,15 @@ qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1024
 qemu-img: Image size must be less than 8 EiB!
 
 qemu-img create -f qcow2 -o size=-1024 TEST_DIR/t.qcow2
-qemu-img: qcow2 doesn't support shrinking images yet
-qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off 
cluster_size=65536 lazy_refcounts=off refcount_bits=16
+qemu-img: Parameter 'size' expects a non-negative number below 2^64
+qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
 
 qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- -1k
 qemu-img: Image size must be less than 8 EiB!
 
 qemu-img create -f qcow2 -o size=-1k TEST_DIR/t.qcow2
-qemu-img: qcow2 doesn't support shrinking images yet
-qemu-img: TEST_DIR/t.qcow2: Could not resize image: Operation not supported
-Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off 
cluster_size=65536 lazy_refcounts=off refcount_bits=16
+qemu-img: Parameter 'size' expects a non-negative number below 2^64
+qemu-img: TEST_DIR/t.qcow2: Invalid options for file format 'qcow2'
 
 qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- 1kilobyte
 qemu-img: Invalid image size specified! You may use k, M, G, T, P or E 
suffixes for
diff --git a/util/qemu-option.c b/util/qemu-option.c
index fda4e5f..57b20c5 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -179,6 +179,11 @@ void parse_option_size(const char *name, const char *value,
 
 if (value != NULL) {
 sizef = strtod(value, &postfix);
+if (sizef < 0 || sizef > UINT64_MAX) {
+error_set(errp, QERR_INVALID_PARAMETER_VALUE, name, \
+"a non-negative number below 2^64");
+return;
+}
 switch (*postfix) {
 case 'T':
 sizef *= 1024;
-- 
2.3.0

[Qemu-devel] [PATCH RFC v9 6/7] qemu-iotests: s390x: fix test 051

[Bo Tu]

The tests for device type "ide_cd" should only be tested for the pc
platform.
The default device id of hard disk on the s390 platform differs to that
of the x86 platform. A new variable device_id is defined and "virtio0"
set for the s390 platform. A x86 platform specific output file is also
needed.
A new filter was added to filter orphan warnings.

Reviewed-by: Max Reitz 
Signed-off-by: Bo Tu 
---
 tests/qemu-iotests/051   |  85 +---
 tests/qemu-iotests/051.out   | 158 +-
 tests/qemu-iotests/051.pc.out| 433 +++
 tests/qemu-iotests/common.filter |   7 +
 4 files changed, 550 insertions(+), 133 deletions(-)
 create mode 100644 tests/qemu-iotests/051.pc.out

diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
index 0360f37..f06ba78 100755
--- a/tests/qemu-iotests/051
+++ b/tests/qemu-iotests/051
@@ -102,7 +102,13 @@ echo
 echo === Device without drive ===
 echo
 
-run_qemu -device virtio-scsi-pci -device scsi-hd
+case "$QEMU_DEFAULT_MACHINE" in
+pc)
+   run_qemu -device virtio-scsi-pci -device scsi-hd
+   ;;
+*)
+   ;;
+esac
 
 echo
 echo === Overriding backing file ===
@@ -147,13 +153,19 @@ run_qemu -drive if=ide
 run_qemu -drive if=virtio
 run_qemu -drive if=scsi
 
-run_qemu -drive if=none,id=disk -device ide-cd,drive=disk
-run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-cd,drive=disk
+case "$QEMU_DEFAULT_MACHINE" in
+pc)
+run_qemu -drive if=none,id=disk -device ide-cd,drive=disk
+run_qemu -drive if=none,id=disk -device lsi53c895a -device 
scsi-cd,drive=disk
 
-run_qemu -drive if=none,id=disk -device ide-drive,drive=disk
-run_qemu -drive if=none,id=disk -device ide-hd,drive=disk
-run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-disk,drive=disk
-run_qemu -drive if=none,id=disk -device lsi53c895a -device scsi-hd,drive=disk
+run_qemu -drive if=none,id=disk -device ide-drive,drive=disk
+run_qemu -drive if=none,id=disk -device ide-hd,drive=disk
+run_qemu -drive if=none,id=disk -device lsi53c895a -device 
scsi-disk,drive=disk
+run_qemu -drive if=none,id=disk -device lsi53c895a -device 
scsi-hd,drive=disk
+;;
+*)
+;;
+esac
 
 echo
 echo === Read-only ===
@@ -167,13 +179,19 @@ run_qemu -drive file="$TEST_IMG",if=ide,readonly=on
 run_qemu -drive file="$TEST_IMG",if=virtio,readonly=on
 run_qemu -drive file="$TEST_IMG",if=scsi,readonly=on
 
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-cd,drive=disk
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-cd,drive=disk
+case "$QEMU_DEFAULT_MACHINE" in
+pc)
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-cd,drive=disk
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-cd,drive=disk
 
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-drive,drive=disk
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-hd,drive=disk
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-disk,drive=disk
-run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-hd,drive=disk
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-drive,drive=disk
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
ide-hd,drive=disk
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-disk,drive=disk
+run_qemu -drive file="$TEST_IMG",if=none,id=disk,readonly=on -device 
lsi53c895a -device scsi-hd,drive=disk
+;;
+*)
+;;
+esac
 
 echo
 echo === Cache modes ===
@@ -182,12 +200,12 @@ echo
 # Cannot use the test image because cache=none might not work on the host FS
 # Use cdrom so that we won't get errors about missing media
 
-run_qemu -drive media=cdrom,cache=none
-run_qemu -drive media=cdrom,cache=directsync
-run_qemu -drive media=cdrom,cache=writeback
-run_qemu -drive media=cdrom,cache=writethrough
-run_qemu -drive media=cdrom,cache=unsafe
-run_qemu -drive media=cdrom,cache=invalid_value
+run_qemu -drive if=scsi,media=cdrom,cache=none
+run_qemu -drive if=scsi,media=cdrom,cache=directsync
+run_qemu -drive if=scsi,media=cdrom,cache=writeback
+run_qemu -drive if=scsi,media=cdrom,cache=writethrough
+run_qemu -drive if=scsi,media=cdrom,cache=unsafe
+run_qemu -drive if=scsi,media=cdrom,cache=invalid_value
 
 echo
 echo === Specifying the protocol layer ===
@@ -251,28 +269,37 @@ echo
 echo === Snapshot mode ===
 echo
 
+case "$QEMU_DEFAULT_MACHINE" in
+pc)
+device_id="ide0-hd0"
+;;
+s390)
+device_id="virtio0"
+;;
+esac
+
 $QEMU_IO -c "write -P 0x11 0 4k" "$TEST_IMG" | _filter_qemu_io
 
-echo 'qemu-io ide0-hd0 "write -P 0x22 0 4k"' |

[Qemu-devel] [PATCH] microblaze: s3adsp: Instantiate CPU using QOM

[Peter Crosthwaite]

Instantiate and realise the CPU directly, rather than using
cpu_mb_init. Microblazes cpu_model argument is a dummy so remove the
default cpu_model set logic.

Signed-off-by: Peter Crosthwaite 
---
 hw/microblaze/petalogix_s3adsp1800_mmu.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/microblaze/petalogix_s3adsp1800_mmu.c 
b/hw/microblaze/petalogix_s3adsp1800_mmu.c
index 84f6e74..4dbbd1e 100644
--- a/hw/microblaze/petalogix_s3adsp1800_mmu.c
+++ b/hw/microblaze/petalogix_s3adsp1800_mmu.c
@@ -62,7 +62,6 @@ static void
 petalogix_s3adsp1800_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
 DeviceState *dev;
 MicroBlazeCPU *cpu;
 DriveInfo *dinfo;
@@ -73,11 +72,8 @@ petalogix_s3adsp1800_init(MachineState *machine)
 qemu_irq irq[32];
 MemoryRegion *sysmem = get_system_memory();
 
-/* init CPUs */
-if (cpu_model == NULL) {
-cpu_model = "microblaze";
-}
-cpu = cpu_mb_init(cpu_model);
+cpu = MICROBLAZE_CPU(object_new(TYPE_MICROBLAZE_CPU));
+object_property_set_bool(OBJECT(cpu), true, "realized", &error_abort);
 
 /* Attach emulated BRAM through the LMB.  */
 memory_region_init_ram(phys_lmb_bram, NULL,
-- 
1.9.1