Re: [Qemu-devel] [PATCH] pci: Don't call pci_irq_handler() for a negative intx

2015-07-05 Thread Michael S. Tsirkin 
On Sun, Jul 05, 2015 at 09:28:28AM +1000, Benjamin Herrenschmidt wrote:
> Under some circumstances, pci_intx() can return -1 (when the interrupt
> pin in the config space is 0 which normally means no interrupt).
> 
> I have seen cases of pci_set_irq() being called on such devices, in
> turn causing pci_irq_handler() to be called with "-1" as an argument
> which doesn't seem like a terribly good idea.
> 
> Signed-off-by: Benjamin Herrenschmidt 

Isn't this a device bug though?

I did a grep over all callers of pci_set_irq and didn't
find any that fails to set an interrupt pin.

So how about an assert instead?

And maybe stick it in pci_intx to make sure all callers
get checked.

> ---
>  hw/pci/pci.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index 8185bbc..eea6f5d 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -1281,7 +1281,9 @@ qemu_irq pci_allocate_irq(PCIDevice *pci_dev)
>  void pci_set_irq(PCIDevice *pci_dev, int level)
>  {
>  int intx = pci_intx(pci_dev);
> -pci_irq_handler(pci_dev, intx, level);
> +if (intx >= 0) {
> +pci_irq_handler(pci_dev, intx, level);
> +}
>  }
>  
>  /* Special hooks used by device assignment */
>

[Qemu-devel] [PATCH qemu] vfio: Unregister IOMMU notifiers when container is destroyed

2015-07-05 Thread Alexey Kardashevskiy 
On systems with guest visible IOMMU, adding a new memory region onto
PCI bus calls vfio_listener_region_add() for every DMA window. This
installs a notifier for IOMMU memory regions. The notifier is supposed
to be removed vfio_listener_region_del(), however in the case of mixed
PHB (emulated + VFIO devices) when last VFIO device is unplugged and
container gets destroyed, all existing DMA windows stay alive altogether
with the notifiers which are on the linked list which head was in
the destroyed container.

This unregisters IOMMU memory region notifier when a container is
destroyed.

Signed-off-by: Alexey Kardashevskiy 
---
 hw/vfio/common.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index b1045da..85ee9b0 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -772,11 +772,19 @@ static void vfio_disconnect_container(VFIOGroup *group)
 
 if (QLIST_EMPTY(&container->group_list)) {
 VFIOAddressSpace *space = container->space;
+VFIOGuestIOMMU *giommu, *tmp;
 
 if (container->iommu_data.release) {
 container->iommu_data.release(container);
 }
 QLIST_REMOVE(container, next);
+
+QLIST_FOREACH_SAFE(giommu, &container->giommu_list, giommu_next, tmp) {
+memory_region_unregister_iommu_notifier(&giommu->n);
+QLIST_REMOVE(giommu, giommu_next);
+g_free(giommu);
+}
+
 trace_vfio_disconnect_container(container->fd);
 close(container->fd);
 g_free(container);
-- 
2.4.0.rc3.8.gfb3e7d5

Re: [Qemu-devel] [PATCH] pci: Don't call pci_irq_handler() for a negative intx

2015-07-05 Thread Benjamin Herrenschmidt 
On Sun, 2015-07-05 at 09:03 +0200, Michael S. Tsirkin wrote:
> On Sun, Jul 05, 2015 at 09:28:28AM +1000, Benjamin Herrenschmidt wrote:
> > Under some circumstances, pci_intx() can return -1 (when the interrupt
> > pin in the config space is 0 which normally means no interrupt).
> > 
> > I have seen cases of pci_set_irq() being called on such devices, in
> > turn causing pci_irq_handler() to be called with "-1" as an argument
> > which doesn't seem like a terribly good idea.
> > 
> > Signed-off-by: Benjamin Herrenschmidt 
> 
> Isn't this a device bug though?

Possibly, I can try to dig a bit more see if I can reproduce and find
out who is causing it.

> I did a grep over all callers of pci_set_irq and didn't
> find any that fails to set an interrupt pin.
> 
> So how about an assert instead?
> 
> And maybe stick it in pci_intx to make sure all callers
> get checked.

Ok, It's also possible that this doesn't happen anymore, I've carried
that patch for monthes and rebased several times on top of newer qemu's.

I *think* it might have been something that happens due to some generic
code initializations, something like pci_update_irq_disabled() in
pci_default_write_config()... I'll dbl check.

Cheers,
Ben.

Re: [Qemu-devel] [Qemu-ppc] [PATCHv2 0/4] Start allowing ISA to be configured out

2015-07-05 Thread David Gibson 
On Sun, Jul 05, 2015 at 09:36:38AM +1000, Benjamin Herrenschmidt wrote:
> On Thu, 2015-07-02 at 15:53 +1000, David Gibson wrote:
> >  default-configs/ppc64-softmmu.mak |   2 +-
> 
> Note: My native POWER8 work will need ISA back here, so maybe don't
> remove it ?

So far this series doesn't remove anything - it removes
CONFIG_ISA_MMIO which didn't do anything anyway, and adds
CONFIG_SERIAL_ISA, since its no longer implied by CONFIG_SERIAL.

The series just allows things to be removed, it doesn't actually
remove them from ppc64.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpbJa9L6UkvT.pgp
Description: PGP signature

[Qemu-devel] Qemu Runtime Dependencies

2015-07-05 Thread jean-christophe Manciot 
Hello guys,

Once qemu has been successfully built, where can I find the runtime
dependencies?
I cannot find any "qemu.spec" file; maybe there's a way to generate it

-- 
*Jean-Christophe Manciot*

* [image: Architecte réseaux et Sécurité]

*[image:
Network & Security Architect]

[Qemu-devel] [PATCH] qga: fail early for invalid time

2015-07-05 Thread Marc-André Lureau 
It's possible to set system time with dates after 2070, however, it's
not possible to set the RTC. It has limitation to up to year
2070 (1970+100). In order to keep both clock in sync and before the
kernel complains on invalid values, bail out early.

Signed-off-by: Marc-André Lureau 
---
 qga/commands-posix.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index befd00b..d8847be 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -154,6 +154,8 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
Error **errp)
 
 /* If user has passed a time, validate and set it. */
 if (has_time) {
+GDate date = { 0, };
+
 /* year-2038 will overflow in case time_t is 32bit */
 if (time_ns / 10 != (time_t)(time_ns / 10)) {
 error_setg(errp, "Time %" PRId64 " is too large", time_ns);
@@ -162,6 +164,11 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
Error **errp)
 
 tv.tv_sec = time_ns / 10;
 tv.tv_usec = (time_ns % 10) / 1000;
+g_date_set_time_t(&date, tv.tv_sec);
+if (date.year < 1970 || date.year >= 2070) {
+error_setg_errno(errp, errno, "Invalid time");
+return;
+}
 
 ret = settimeofday(&tv, NULL);
 if (ret < 0) {
-- 
2.4.3

Re: [Qemu-devel] [RFC 10/10] fdc: change default drive to 288

2015-07-05 Thread Kevin O'Connor 
On Tue, Jun 30, 2015 at 09:20:40PM -0400, John Snow wrote:
> The 2.88 drive is more suitable as a default because
> it can still read 1.44 images correctly, but the reverse
> is not true.
> 
> Since there exist virtio-win drivers that are shipped on
> 2.88 floppy images, this patch will allow VMs booted without
> a floppy disk inserted to later insert a 2.88MB floppy and
> have that work.

On real machines, 1.44MB floppy drives were very common.  It was
exceptionally rare to see 2.88MB floppy drives though.  There is a
risk that changing the default to an exotic piece of hardware will
expose quirks in guest Operating Systems.

-Kevin

[Qemu-devel] [v2] arm_mptimer fixes

2015-07-05 Thread Dmitry Osipenko 
Hello, this is V2 of arm_mptimer patch series. Comments and suggestion from V1
has been addressed and the series was re-tested, including new test for IT bit
masking/unmasking.

[PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change
[PATCH v2 2/2] arm_mptimer: Respect IT bit state

[Qemu-devel] [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Dmitry Osipenko 
Timer, running in periodic mode, can't be stopped or coming one-shot
tick won't be canceled because timer control code just doesn't handle
timer disabling. Fix it by deleting the timer if enable bit isn't set.

Timer won't start periodic ticking if ONE-SHOT -> PERIODIC mode change
happened after one-shot tick was completed. Fix it by starting ticking
only if the timer isn't ticking right now.

To avoid code churning, these two fixes are squashed in one commit.

Signed-off-by: Dmitry Osipenko 
---

Commits are squashed as per Peter Crosthwaite suggestion.

 hw/timer/arm_mptimer.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 8b93b3c..0e132b1 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -122,11 +122,18 @@ static void timerblock_write(void *opaque, hwaddr addr,
 case 8: /* Control.  */
 old = tb->control;
 tb->control = value;
-if (((old & 1) == 0) && (value & 1)) {
-if (tb->count == 0 && (tb->control & 2)) {
+if (value & 1) {
+if ((old & 1) && (tb->count != 0)) {
+/* Do nothing if timer is ticking right now.  */
+break;
+}
+if (tb->control & 2) {
 tb->count = tb->load;
 }
 timerblock_reload(tb, 1);
+} else if (old & 1) {
+/* Shutdown the timer.  */
+timer_del(tb->timer);
 }
 break;
 case 12: /* Interrupt status.  */
-- 
2.4.4

[Qemu-devel] [PATCH v2 2/2] arm_mptimer: Respect IT bit state

2015-07-05 Thread Dmitry Osipenko 
Timer should fire interrupt only if IT(interrupt enable) bit state of control
register is enabled and timer should update IRQ status on IT bit change as it
would mask/unmask the interrupt line.

Signed-off-by: Dmitry Osipenko 
---

v2: Added missed IRQ status update on control register write as per
Peter Crosthwaite comment.

 hw/timer/arm_mptimer.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 0e132b1..22fa46e 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -38,7 +38,7 @@ static inline int get_current_cpu(ARMMPTimerState *s)
 
 static inline void timerblock_update_irq(TimerBlock *tb)
 {
-qemu_set_irq(tb->irq, tb->status);
+qemu_set_irq(tb->irq, tb->status && (tb->control & 4));
 }
 
 /* Return conversion factor from mpcore timer ticks to qemu timer ticks.  */
@@ -122,6 +122,9 @@ static void timerblock_write(void *opaque, hwaddr addr,
 case 8: /* Control.  */
 old = tb->control;
 tb->control = value;
+if ((old & 4) != (value & 4)) {
+timerblock_update_irq(tb);
+}
 if (value & 1) {
 if ((old & 1) && (tb->count != 0)) {
 /* Do nothing if timer is ticking right now.  */
-- 
2.4.4

Re: [Qemu-devel] [PULL 0/3] X86 queue, 2015-07-03

2015-07-05 Thread Peter Maydell 
On 3 July 2015 at 21:47, Eduardo Habkost  wrote:
> The following changes since commit 35360642d043c2a5366e8a04a10e5545e7353bd5:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20150703-1' 
> into staging (2015-07-03 12:05:31 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
>
> for you to fetch changes up to de9a6f1c8ab4fcfd9927da5ae28e75efe10f721c:
>
>   target-i386: emulate CPUID level of real hardware (2015-07-03 17:38:25 
> -0300)
>
> 
> X86 queue, 2015-07-03

Hi. I'm afraid this fails to build:

/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c: In function
‘spapr_machine_2_1_class_init’:
/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c:1888:34: error:
expected ‘}’ before ‘TYPE_X86_CPU’
 SPAPR_COMPAT_2_1
  ^
/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c:1888:109: error:
expected ‘}’ before ‘TYPE_X86_CPU’
 SPAPR_COMPAT_2_1

  ^
/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c:1888:187: error:
expected ‘}’ before ‘TYPE_X86_CPU’
 SPAPR_COMPAT_2_1

  ^
/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c:1888:261: error:
expected ‘}’ before ‘TYPE_X86_CPU’
 SPAPR_COMPAT_2_1

^
/home/petmay01/linaro/qemu-for-merges/hw/ppc/spapr.c:1888:337: error:
expected ‘}’ before ‘TYPE_X86_CPU’
 SPAPR_COMPAT_2_1

[and further errors, probably just cascade]

-- PMM

Re: [Qemu-devel] [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:
> Timer, running in periodic mode, can't be stopped or coming one-shot
> tick won't be canceled because timer control code just doesn't handle
> timer disabling. Fix it by deleting the timer if enable bit isn't set.
>
> Timer won't start periodic ticking if ONE-SHOT -> PERIODIC mode change
> happened after one-shot tick was completed. Fix it by starting ticking
> only if the timer isn't ticking right now.
>
> To avoid code churning, these two fixes are squashed in one commit.
>
> Signed-off-by: Dmitry Osipenko 
> ---
>
> Commits are squashed as per Peter Crosthwaite suggestion.
>
>  hw/timer/arm_mptimer.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
> index 8b93b3c..0e132b1 100644
> --- a/hw/timer/arm_mptimer.c
> +++ b/hw/timer/arm_mptimer.c
> @@ -122,11 +122,18 @@ static void timerblock_write(void *opaque, hwaddr addr,
>  case 8: /* Control.  */
>  old = tb->control;
>  tb->control = value;
> -if (((old & 1) == 0) && (value & 1)) {
> -if (tb->count == 0 && (tb->control & 2)) {
> +if (value & 1) {
> +if ((old & 1) && (tb->count != 0)) {
> +/* Do nothing if timer is ticking right now.  */
> +break;
> +}
> +if (tb->control & 2) {

So when the timer was previously disabled (!(old & 1)) and the count
is non-zero this will cause a spurious auto-reload. I don't this
causes a bug today because the code as-is doesn't support arbitrary
count values, but it is a developer trap should the assumption that
tb->count equals either 0 or the reload value not hold true.

>  tb->count = tb->load;
>  }
>  timerblock_reload(tb, 1);
> +} else if (old & 1) {
> +/* Shutdown the timer.  */
> +timer_del(tb->timer);

In general, this seems to now dup the code paths for control and
load/counter writes. Both now have a del and reload call for various
changes-of state. I had a go to see if I can consolidate. Turns out,
doing so should implement timer pause and resumption while fixing both
of your bugs, I'll send some patches.

Regards,
Peter

>  }
>  break;
>  case 12: /* Interrupt status.  */
> --
> 2.4.4
>
>

Re: [Qemu-devel] [PULL 0/6] NUMA queue, 2015-07-03

2015-07-05 Thread Peter Maydell 
On 3 July 2015 at 21:50, Eduardo Habkost  wrote:
> The following changes since commit 35360642d043c2a5366e8a04a10e5545e7353bd5:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20150703-1' 
> into staging (2015-07-03 12:05:31 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/numa-pull-request
>
> for you to fetch changes up to e75e2a14d5c13ad38dcf72b69922dee2dafbb0d0:
>
>   numa: API to lookup NUMA node by address (2015-07-03 17:47:58 -0300)
>
> 
> NUMA queue, 2015-07-03
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v2 2/2] arm_mptimer: Respect IT bit state

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:
> Timer should fire interrupt only if IT(interrupt enable) bit state of control
> register is enabled and timer should update IRQ status on IT bit change as it
> would mask/unmask the interrupt line.
>
> Signed-off-by: Dmitry Osipenko 

Reviewed-by: Peter Crosthwaite 

> ---
>
> v2: Added missed IRQ status update on control register write as per
> Peter Crosthwaite comment.
>
>  hw/timer/arm_mptimer.c | 5 -
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
> index 0e132b1..22fa46e 100644
> --- a/hw/timer/arm_mptimer.c
> +++ b/hw/timer/arm_mptimer.c
> @@ -38,7 +38,7 @@ static inline int get_current_cpu(ARMMPTimerState *s)
>
>  static inline void timerblock_update_irq(TimerBlock *tb)
>  {
> -qemu_set_irq(tb->irq, tb->status);
> +qemu_set_irq(tb->irq, tb->status && (tb->control & 4));
>  }
>
>  /* Return conversion factor from mpcore timer ticks to qemu timer ticks.  */
> @@ -122,6 +122,9 @@ static void timerblock_write(void *opaque, hwaddr addr,
>  case 8: /* Control.  */
>  old = tb->control;
>  tb->control = value;
> +if ((old & 4) != (value & 4)) {
> +timerblock_update_irq(tb);
> +}
>  if (value & 1) {
>  if ((old & 1) && (tb->count != 0)) {
>  /* Do nothing if timer is ticking right now.  */
> --
> 2.4.4
>
>

Re: [Qemu-devel] [v2] arm_mptimer fixes

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:
> Hello, this is V2 of arm_mptimer patch series. Comments and suggestion from V1
> has been addressed and the series was re-tested, including new test for IT bit
> masking/unmasking.
>
> [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change
> [PATCH v2 2/2] arm_mptimer: Respect IT bit state
>

This looks like an ad-hoc cover letter. Use git to generate patch series covers.

git format-patch HEAD~N --thread --cover-letter -vX

For N patches version X of the series.

Edit the -cover-letter file with your cover mail contents and send
all the generated patches along with cover.

This series doesn't show up in the patch tracking system due to irregular cover.

Regards,
Peter

Re: [Qemu-devel] [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Dmitry Osipenko 

05.07.2015 22:07, Peter Crosthwaite пишет:

-if (((old & 1) == 0) && (value & 1)) {
-if (tb->count == 0 && (tb->control & 2)) {
+if (value & 1) {
+if ((old & 1) && (tb->count != 0)) {
+/* Do nothing if timer is ticking right now.  */
+break;
+}
+if (tb->control & 2) {


So when the timer was previously disabled (!(old & 1)) and the count
is non-zero this will cause a spurious auto-reload. I don't this
causes a bug today because the code as-is doesn't support arbitrary
count values, but it is a developer trap should the assumption that
tb->count equals either 0 or the reload value not hold true.



tb->count can be either 0 or tb->load, so it shouldn't hurt to re-load it here.


  tb->count = tb->load;
  }
  timerblock_reload(tb, 1);
+} else if (old & 1) {
+/* Shutdown the timer.  */
+timer_del(tb->timer);


In general, this seems to now dup the code paths for control and
load/counter writes. Both now have a del and reload call for various
changes-of state. I had a go to see if I can consolidate. Turns out,
doing so should implement timer pause and resumption while fixing both
of your bugs, I'll send some patches.


Yeah, still there is some room for optimizations.

Well, I think it would be more reasonable to implement pausing with a conversion 
to ptimer use, since it should result in a cleaner and simpler code.


--
Dmitry

Re: [Qemu-devel] [v2] arm_mptimer fixes

2015-07-05 Thread Dmitry Osipenko 

05.07.2015 22:52, Peter Crosthwaite пишет:

On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:

Hello, this is V2 of arm_mptimer patch series. Comments and suggestion from V1
has been addressed and the series was re-tested, including new test for IT bit
masking/unmasking.

[PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change
[PATCH v2 2/2] arm_mptimer: Respect IT bit state



This looks like an ad-hoc cover letter. Use git to generate patch series covers.

git format-patch HEAD~N --thread --cover-letter -vX

For N patches version X of the series.

Edit the -cover-letter file with your cover mail contents and send
all the generated patches along with cover.

This series doesn't show up in the patch tracking system due to irregular cover.

Regards,
Peter



Thanks for advice, I used --compose --no-chain-reply-to. Please let me know if I 
should re-sent and sorry for the mess.


--
Dmitry

Re: [Qemu-devel] [v2] arm_mptimer fixes

2015-07-05 Thread Dmitry Osipenko 

05.07.2015 22:52, Peter Crosthwaite пишет:

This series doesn't show up in the patch tracking system due to irregular cover.


BTW, doesn't QEMU use patchwork for tracking? I see both patches there.

--
Dmitry

[Qemu-devel] [RFC v1 1/2] timer: arm_mp: Factor out timer value calculation

2015-07-05 Thread Peter Crosthwaite 
Factor out the code that calculates the runtime value of the timer.
Updates tb->count to the calculated value. Prepares support for pausing
the timer where the timer disable event should sync the counter to its
current value.

Signed-off-by: Peter Crosthwaite 
---
 hw/timer/arm_mptimer.c | 29 ++---
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 8b93b3c..04dfb63 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -72,25 +72,32 @@ static void timerblock_tick(void *opaque)
 timerblock_update_irq(tb);
 }
 
+static void timerblock_sync(TimerBlock *tb)
+{
+int64_t val;
+
+if (((tb->control & 1) == 0) || (tb->count == 0)) {
+return;
+}
+/* Slow and ugly, but hopefully won't happen too often.  */
+val = tb->tick - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+val /= timerblock_scale(tb);
+if (val < 0) {
+val = 0;
+}
+tb->count = val;
+}
+
 static uint64_t timerblock_read(void *opaque, hwaddr addr,
 unsigned size)
 {
 TimerBlock *tb = (TimerBlock *)opaque;
-int64_t val;
 switch (addr) {
 case 0: /* Load */
 return tb->load;
 case 4: /* Counter.  */
-if (((tb->control & 1) == 0) || (tb->count == 0)) {
-return 0;
-}
-/* Slow and ugly, but hopefully won't happen too often.  */
-val = tb->tick - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
-val /= timerblock_scale(tb);
-if (val < 0) {
-val = 0;
-}
-return val;
+timerblock_sync(tb);
+return tb->count;
 case 8: /* Control.  */
 return tb->control;
 case 12: /* Interrupt status.  */
-- 
1.9.1

[Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Peter Crosthwaite 
Hi Dmitry,

Based on my comment earlier, this is what I came up with RE consolidation of
those arm_mptimer code paths that were giving you problems. I have not done the
interrupt mask fix, as that one from your series is reasonably independent.

Regards,
Peter

Peter Crosthwaite (2):
  timer: arm_mp: Factor out timer value calculation
  timer: arm_mp: consolidate control and counter write logic

 hw/timer/arm_mptimer.c | 73 +-
 1 file changed, 42 insertions(+), 31 deletions(-)

-- 
1.9.1

[Qemu-devel] [RFC v1 2/2] timer: arm_mp: consolidate control and counter write logic

2015-07-05 Thread Peter Crosthwaite 
Writing to any of the load, counter or control registers can require a
reload of the timer. Currently load and counter share a code path, but
the control logic is separate. Consolidate them by reducing the switch
to only sync the timer state. For load/counter this just means setting
tb->count to the new value. For control, this means setting tb->count
to the current value. Then outside the switch, any old timers are
discarded, and if the timer is (still is, or has just become) enabled,
setup a new one.

A fast escape path is added to control writes. If it is detected that
the timer was, and still is running without change of prescaler, don't
do the restart. This avoid an un-needed restart that could potentially
cause timer rounding errors.

For further consolidation, move the auto-load refresh logic to
timerblock_reload.

This change fixes two bugs and implements a missing feature.

Previously a running timer could not be stopped, the commonifying of
the timer_del call now means clearing the enable bit in the control
register now correctly stops a running timer.

There was a bug where if starting a timer in periodic mode after
one-shot expiration, the timer would not restart. This was because of
a bad conditional for the old do-nothing fast path.

This implements pause and resumption of the timer. Clearing the enable
bit, and the setting it again later will cause the timer to pick up
where it left off. The paused value of the timer can be read by the
guest. Another use of this stop and restart feature, is it also now
models a change of prescaler for a running timer.

Signed-off-by: Peter Crosthwaite 
---
 hw/timer/arm_mptimer.c | 44 
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 04dfb63..69899cf 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -50,7 +50,11 @@ static inline uint32_t timerblock_scale(TimerBlock *tb)
 static void timerblock_reload(TimerBlock *tb, int restart)
 {
 if (tb->count == 0) {
-return;
+if (tb->control & 2) {
+tb->count = tb->load;
+} else {
+return;
+}
 }
 if (restart) {
 tb->tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
@@ -63,12 +67,8 @@ static void timerblock_tick(void *opaque)
 {
 TimerBlock *tb = (TimerBlock *)opaque;
 tb->status = 1;
-if (tb->control & 2) {
-tb->count = tb->load;
-timerblock_reload(tb, 0);
-} else {
-tb->count = 0;
-}
+tb->count = 0;
+timerblock_reload(tb, 0);
 timerblock_update_irq(tb);
 }
 
@@ -113,33 +113,37 @@ static void timerblock_write(void *opaque, hwaddr addr,
 TimerBlock *tb = (TimerBlock *)opaque;
 int64_t old;
 switch (addr) {
+/* Breaking from this switch implies that timer needs to be refreshed.
+ * Operations that do not affect the running timer must return directly
+ * to avoid a spurious reload of the timer.
+ */
 case 0: /* Load */
 tb->load = value;
 /* Fall through.  */
 case 4: /* Counter.  */
-if ((tb->control & 1) && tb->count) {
-/* Cancel the previous timer.  */
-timer_del(tb->timer);
-}
 tb->count = value;
-if (tb->control & 1) {
-timerblock_reload(tb, 1);
-}
 break;
 case 8: /* Control.  */
 old = tb->control;
 tb->control = value;
-if (((old & 1) == 0) && (value & 1)) {
-if (tb->count == 0 && (tb->control & 2)) {
-tb->count = tb->load;
-}
-timerblock_reload(tb, 1);
+if ((value & 1) && (old & 1) && tb->count != 0 &&
+!extract64(value ^ old, 8, 8)) {
+/* Timer was running, and still is, without prescale change */
+return;
 }
+timerblock_sync(tb);
 break;
 case 12: /* Interrupt status.  */
 tb->status &= ~value;
 timerblock_update_irq(tb);
-break;
+return;
+}
+
+/* Cancel any previous timer.  */
+timer_del(tb->timer);
+
+if (tb->control & 1) {
+timerblock_reload(tb, 1);
 }
 }
 
-- 
1.9.1

Re: [Qemu-devel] Qemu Runtime Dependencies

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 6:06 AM, jean-christophe Manciot
 wrote:
>
> Hello guys,
>
> Once qemu has been successfully built, where can I find the runtime 
> dependencies?
> I cannot find any "qemu.spec" file; maybe there's a way to generate it
>

Not sure about spec files, but for a home-cooked GNU build, ldd
usually gives you good clues, eg:

$ ldd ./arm-softmmu/qemu-system-arm
linux-vdso.so.1 =>  (0x7ffe0a15b000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f306080)
libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x7f30605fd000)
libncurses.so.5 => /lib/x86_64-linux-gnu/libncurses.so.5
(0x7f30603d9000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x7f30601b)
libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0
(0x7f305fea8000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f305fc9f000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x7f305f99b000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f305f695000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x7f305f47e000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x7f305f26)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f305ee9b000)
/lib64/ld-linux-x86-64.so.2 (0x7f30617f)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f305ec96000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x7f305ea58000)


I don't know of any deps that are not libs from my own uses of QEMU.

Regards,
Peter

> --
> Jean-Christophe Manciot
>
>

Re: [Qemu-devel] [PATCH qom v4 0/7] Unify and QOMify (target|monitor)_disas

2015-07-05 Thread Peter Crosthwaite 
Ping!

If this or orphaned, I'd like to send the PULL on the H-freeze.

Regards,
Peter

On Tue, Jun 23, 2015 at 8:57 PM, Peter Crosthwaite
 wrote:
> These two functions are mostly trying to do the same thing, which is
> disassemble a target instruction (sequence) for printfing. The
> architecture specific setup is largely duped between the two functions.
>
> The approach is to add a single QOM hook on the CPU level to setup the
> disassembler (P1&2). The two stage flags system is removed. That is,
> the old scheme, is for the translate/montitor code to pass in flags
> that disas.c then interprets. Instead the entire job of setting up arch
> specifics is outsourced to target-specific code (via the new QOM hook)
> removing the need for the flags system. Both monitor_disas and
> target_disas then calls this singly defined hook if it is available.
>
> Three architectures (microblaze, cris and ARM) are patched
> to use the new QOMification and at the same time, make the
> monitor_disas consistent with target_disas. The #if defined TARGET_FOO
> for each is removed from disas.c (bringing us closer to the exciting
> goal of no #ifdef TARGET_FOO in system mode code).
>
> Microblaze is trivial, the target_disas setup is directly applicable
> to monitor_disas to bring in microblaze monitor disas support (P5).
>
> Cris had a small hiccup, a patch is needed to handle monitor_disas's
> 0 buffer length (P6). Then cris is patched to enable monitor disas
> in same way as microblaze (P7).
>
> ARM is the harder. The vixl A64 disas was hardcoded to fprintf with
> a statically inited output stream (matching target_disas). The vixl
> printfery is patched to be runtime variable (P3). P4 brings
> ARM monitor disassembly online (via using the target_disas
> implementation as the QOMified implementation).
>
> Changed since v3:
> Minor commit message tweaks.
> Fix CPP contructor argument order.
>
> Changed since v2 (RTH/PMM review):
> Rebased on monitor+disas ENV_GET_CPU removal
> Fixed minor comments (see indiv patches).
>
> Changed since v1 (RTH review):
> Use QOMified approach.
> Remove flags system.
> Limit scope to only the 3 converted arches
> Addressed comments on CPP constructor changes
>
> Peter Crosthwaite (7):
>   disas: Add print_insn to disassemble info
>   disas: QOMify target specific setup
>   disas: arm-a64: Make printfer and stream variable
>   disas: arm: QOMify target specific disas setup
>   disas: microblaze: QOMify target specific disas setup
>   disas: cris: Fix 0 buffer length case
>   disas: cris: QOMify target specific disas setup
>
>  disas.c | 119 
> ++--
>  disas/arm-a64.cc|  22 +++--
>  disas/cris.c|   6 +--
>  include/disas/bfd.h |   6 +++
>  include/qom/cpu.h   |   4 ++
>  target-arm/cpu.c|  35 ++
>  target-cris/cpu.c   |  16 +++
>  target-microblaze/cpu.c |   8 
>  8 files changed, 133 insertions(+), 83 deletions(-)
>
> --
> 1.9.1
>
>

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Dmitry Osipenko 

05.07.2015 23:26, Peter Crosthwaite пишет:

Hi Dmitry,

Based on my comment earlier, this is what I came up with RE consolidation of
those arm_mptimer code paths that were giving you problems. I have not done the
interrupt mask fix, as that one from your series is reasonably independent.

Regards,
Peter

Peter Crosthwaite (2):
   timer: arm_mp: Factor out timer value calculation
   timer: arm_mp: consolidate control and counter write logic

  hw/timer/arm_mptimer.c | 73 +-
  1 file changed, 42 insertions(+), 31 deletions(-)



Hi Peter, thanks a lot! Generally, I don't have any trouble with currently 
missed functionality, just noticed it while was hacking my NVIDIA Tegra2 
emulation pet-project and decided to contribute =).


It looks like you are trying to duplicate what generic ptimer is already doing, 
isn't it?


--
Dmitry

[Qemu-devel] [PATCH] disas: Defeature print_target_address

2015-07-05 Thread Peter Crosthwaite 
It does not work in multi-arch as it requires the CPU specific
TARGET_VIRT_ADDR_SPACE_BITS global define. Just use the generic
version that does no masking. Targets should be responsible for
passing in a sane virtual address.

Signed-off-by: Peter Crosthwaite 
---
Depends on "Unify and QOMify (target|monitor)_disas" series

 disas.c | 12 ++--
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/disas.c b/disas.c
index 69a6066..0ae70c2 100644
--- a/disas.c
+++ b/disas.c
@@ -72,14 +72,6 @@ generic_print_address (bfd_vma addr, struct disassemble_info 
*info)
 (*info->fprintf_func) (info->stream, "0x%" PRIx64, addr);
 }
 
-/* Print address in hex, truncated to the width of a target virtual address. */
-static void
-generic_print_target_address(bfd_vma addr, struct disassemble_info *info)
-{
-uint64_t mask = ~0ULL >> (64 - TARGET_VIRT_ADDR_SPACE_BITS);
-generic_print_address(addr & mask, info);
-}
-
 /* Print address in hex, truncated to the width of a host virtual address. */
 static void
 generic_print_host_address(bfd_vma addr, struct disassemble_info *info)
@@ -201,7 +193,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 s.info.read_memory_func = target_read_memory;
 s.info.buffer_vma = code;
 s.info.buffer_length = size;
-s.info.print_address_func = generic_print_target_address;
+s.info.print_address_func = generic_print_address;
 
 #ifdef TARGET_WORDS_BIGENDIAN
 s.info.endian = BFD_ENDIAN_BIG;
@@ -424,7 +416,7 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 s.cpu = cpu;
 monitor_disas_is_physical = is_physical;
 s.info.read_memory_func = monitor_read_memory;
-s.info.print_address_func = generic_print_target_address;
+s.info.print_address_func = generic_print_address;
 
 s.info.buffer_vma = pc;
 
-- 
1.9.1

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 1:47 PM, Dmitry Osipenko  wrote:
> 05.07.2015 23:26, Peter Crosthwaite пишет:
>
>> Hi Dmitry,
>>
>> Based on my comment earlier, this is what I came up with RE consolidation
>> of
>> those arm_mptimer code paths that were giving you problems. I have not
>> done the
>> interrupt mask fix, as that one from your series is reasonably
>> independent.
>>
>> Regards,
>> Peter
>>
>> Peter Crosthwaite (2):
>>timer: arm_mp: Factor out timer value calculation
>>timer: arm_mp: consolidate control and counter write logic
>>
>>   hw/timer/arm_mptimer.c | 73
>> +-
>>   1 file changed, 42 insertions(+), 31 deletions(-)
>>
>
> Hi Peter, thanks a lot! Generally, I don't have any trouble with currently
> missed functionality, just noticed it while was hacking my NVIDIA Tegra2
> emulation pet-project and decided to contribute =).
>
> It looks like you are trying to duplicate what generic ptimer is already
> doing, isn't it?
>

Yes, ptimer was probably the correct way to do this in the first
place. Some of the new code structures introduced in this patch series
are directly applicable though for that conversion effort.

Regards,
Peter

> --
> Dmitry
>

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 1:58 PM, Peter Crosthwaite
 wrote:
> On Sun, Jul 5, 2015 at 1:47 PM, Dmitry Osipenko  wrote:
>> 05.07.2015 23:26, Peter Crosthwaite пишет:
>>
>>> Hi Dmitry,
>>>
>>> Based on my comment earlier, this is what I came up with RE consolidation
>>> of
>>> those arm_mptimer code paths that were giving you problems. I have not
>>> done the
>>> interrupt mask fix, as that one from your series is reasonably
>>> independent.
>>>
>>> Regards,
>>> Peter
>>>
>>> Peter Crosthwaite (2):
>>>timer: arm_mp: Factor out timer value calculation
>>>timer: arm_mp: consolidate control and counter write logic
>>>
>>>   hw/timer/arm_mptimer.c | 73
>>> +-
>>>   1 file changed, 42 insertions(+), 31 deletions(-)
>>>
>>
>> Hi Peter, thanks a lot! Generally, I don't have any trouble with currently
>> missed functionality, just noticed it while was hacking my NVIDIA Tegra2
>> emulation pet-project and decided to contribute =).
>>
>> It looks like you are trying to duplicate what generic ptimer is already
>> doing, isn't it?
>>
>
> Yes, ptimer was probably the correct way to do this in the first
> place. Some of the new code structures introduced in this patch series
> are directly applicable though for that conversion effort.
>

Conversion also comes at the price of a VMSD version bump if Peter is
ok with that.

Regards,
Peter

> Regards,
> Peter
>
>> --
>> Dmitry
>>

Re: [Qemu-devel] [PULL 00/35] Ide patches

2015-07-05 Thread Peter Maydell 
On 4 July 2015 at 07:06, John Snow  wrote:
> The following changes since commit 35360642d043c2a5366e8a04a10e5545e7353bd5:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20150703-1' 
> into staging (2015-07-03 12:05:31 +0100)
>
> are available in the git repository at:
>
>   https://github.com/jnsnow/qemu.git tags/ide-pull-request
>
> for you to fetch changes up to 7c649ac5b607e2339fb54fc0fc01311ba5eacadd:
>
>   ahci: fix sdb fis semantics (2015-07-04 02:06:05 -0400)
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Peter Maydell 
On 5 July 2015 at 22:01, Peter Crosthwaite  wrote:
> On Sun, Jul 5, 2015 at 1:58 PM, Peter Crosthwaite
>  wrote:
>> On Sun, Jul 5, 2015 at 1:47 PM, Dmitry Osipenko  wrote:
>>> Hi Peter, thanks a lot! Generally, I don't have any trouble with currently
>>> missed functionality, just noticed it while was hacking my NVIDIA Tegra2
>>> emulation pet-project and decided to contribute =).

Given that it's the eve of hardfreeze for 2.4, if these
aren't causing actual problems for you I'm wondering if maybe
we should leave master as is for 2.4 and put in a proper
rework patchset after that is released? (This is a bugfix
though so certainly in scope for 2.4 still if we want.)

>>> It looks like you are trying to duplicate what generic ptimer is already
>>> doing, isn't it?
>>>
>>
>> Yes, ptimer was probably the correct way to do this in the first
>> place. Some of the new code structures introduced in this patch series
>> are directly applicable though for that conversion effort.
>>
>
> Conversion also comes at the price of a VMSD version bump if Peter is
> ok with that.

Yes, we don't currently provide cross-version migration on
ARM so version bumps are OK.

thanks
-- PMM

[Qemu-devel] [Bug 1471583] [NEW] QCA988X Wifi Card Not PCI Passing Through

2015-07-05 Thread bill 
Public bug reported:

CPU:  Intel(R) Xeon(R) CPU E3-1265L v3 @ 2.50GHz
KVM:  qemu-kvm-1.5.3-86.el7_1.2.x86_64
Kernel:  4.1.1-1.el7.elrepo.x86_64, and kernel-3.10.0-229.7.2.el7.x86_64
Host & Guest: CentOS 7.1
Using virt-manager-1.1.0-12.el7.noarch to create, configure, and start guest

I am trying to do a PCI passthrough of a QCA988X wifi card.  It's a Doodle Labs 
military-grade 802.11ac miniPCI card, which uses the ath10k kernel driver.  
This card configures nicely on the host, and seems to pass through to the 
guest, but early in the boot of the guest it says "Unknown header type" at the 
wifi's bus address.  And sure enough, lspci -vv on the host then shows:
!!! Unknown header type 7f
Kernel driver in use: vfio-pci

When the guest has booted, of course it shows as an Unclassified device.
Host and guest must run at least kernel 4.0 so the wifi card's current
firmware will load, and so that its driver comes with the kernel.  I
have both host and guest set up for the wifi card.  I tried running
kernel 3.10 in the host and passing through the PCI device, but same
behavior.

I am passing through to the guest an Intel i350 ethernet card just fine,
in fact I'm passing through two of its SR-IOV virt interfaces to the
guest, so that works.

On the host, before I start the guest, the wifi card looks like this
(lspci -vv):

0a:00.0 Network controller: Qualcomm Atheros QCA988x 802.11ac Wireless Network 
Adapter
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- https://bugs.launchpad.net/bugs/1471583

Title:
  QCA988X Wifi Card Not PCI Passing Through

Status in QEMU:
  New

Bug description:
  CPU:  Intel(R) Xeon(R) CPU E3-1265L v3 @ 2.50GHz
  KVM:  qemu-kvm-1.5.3-86.el7_1.2.x86_64
  Kernel:  4.1.1-1.el7.elrepo.x86_64, and kernel-3.10.0-229.7.2.el7.x86_64
  Host & Guest: CentOS 7.1
  Using virt-manager-1.1.0-12.el7.noarch to create, configure, and start guest

  I am trying to do a PCI passthrough of a QCA988X wifi card.  It's a Doodle 
Labs military-grade 802.11ac miniPCI card, which uses the ath10k kernel driver. 
 This card configures nicely on the host, and seems to pass through to the 
guest, but early in the boot of the guest it says "Unknown header type" at the 
wifi's bus address.  And sure enough, lspci -vv on the host then shows:
  !!! Unknown header type 7f
  Kernel driver in use: vfio-pci

  When the guest has booted, of course it shows as an Unclassified
  device.  Host and guest must run at least kernel 4.0 so the wifi
  card's current firmware will load, and so that its driver comes with
  the kernel.  I have both host and guest set up for the wifi card.  I
  tried running kernel 3.10 in the host and passing through the PCI
  device, but same behavior.

  I am passing through to the guest an Intel i350 ethernet card just
  fine, in fact I'm passing through two of its SR-IOV virt interfaces to
  the guest, so that works.

  On the host, before I start the guest, the wifi card looks like this
  (lspci -vv):

  0a:00.0 Network controller: Qualcomm Atheros QCA988x 802.11ac Wireless 
Network Adapter
  Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
  Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- 
SERR- https://bugs.launchpad.net/qemu/+bug/1471583/+subscriptions

[Qemu-devel] [PATCH] cpu_defs: Simplify CPUTLB padding logic

2015-07-05 Thread Peter Crosthwaite 
There was a complicated subtractive arithmetic for determining the
padding on the CPUTLBEntry structure. Simplify this with a union.

Signed-off-by: Peter Crosthwaite 
---
 include/exec/cpu-defs.h | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 98b9cff..5093be2 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -105,17 +105,18 @@ typedef struct CPUTLBEntry {
bit 3  : indicates that the entry is invalid
bit 2..0   : zero
 */
-target_ulong addr_read;
-target_ulong addr_write;
-target_ulong addr_code;
-/* Addend to virtual address to get host address.  IO accesses
-   use the corresponding iotlb value.  */
-uintptr_t addend;
-/* padding to get a power of two size */
-uint8_t dummy[(1 << CPU_TLB_ENTRY_BITS) -
-  (sizeof(target_ulong) * 3 +
-   ((-sizeof(target_ulong) * 3) & (sizeof(uintptr_t) - 1)) +
-   sizeof(uintptr_t))];
+union {
+struct {
+target_ulong addr_read;
+target_ulong addr_write;
+target_ulong addr_code;
+/* Addend to virtual address to get host address.  IO accesses
+   use the corresponding iotlb value.  */
+uintptr_t addend;
+};
+/* padding to get a power of two size */
+uint8_t dummy[1 << CPU_TLB_ENTRY_BITS];
+};
 } CPUTLBEntry;
 
 QEMU_BUILD_BUG_ON(sizeof(CPUTLBEntry) != (1 << CPU_TLB_ENTRY_BITS));
-- 
1.9.1

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 2:06 PM, Peter Maydell  wrote:
> On 5 July 2015 at 22:01, Peter Crosthwaite  
> wrote:
>> On Sun, Jul 5, 2015 at 1:58 PM, Peter Crosthwaite
>>  wrote:
>>> On Sun, Jul 5, 2015 at 1:47 PM, Dmitry Osipenko  wrote:
 Hi Peter, thanks a lot! Generally, I don't have any trouble with currently
 missed functionality, just noticed it while was hacking my NVIDIA Tegra2
 emulation pet-project and decided to contribute =).
>
> Given that it's the eve of hardfreeze for 2.4, if these
> aren't causing actual problems for you I'm wondering if maybe
> we should leave master as is for 2.4 and put in a proper
> rework patchset after that is released? (This is a bugfix
> though so certainly in scope for 2.4 still if we want.)
>

I think bugfixes should go in, which probably means apply Dmitrys
series, and i'll rebase my refactorings on. His patches are correct
and I was just exploring alternatives which is probably not
soft-freeze appropriate. Putting an RB.

Regards,
Peter

 It looks like you are trying to duplicate what generic ptimer is already
 doing, isn't it?

>>>
>>> Yes, ptimer was probably the correct way to do this in the first
>>> place. Some of the new code structures introduced in this patch series
>>> are directly applicable though for that conversion effort.
>>>
>>
>> Conversion also comes at the price of a VMSD version bump if Peter is
>> ok with that.
>
> Yes, we don't currently provide cross-version migration on
> ARM so version bumps are OK.
>
> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Peter Crosthwaite 
On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:
> Timer, running in periodic mode, can't be stopped or coming one-shot
> tick won't be canceled because timer control code just doesn't handle
> timer disabling. Fix it by deleting the timer if enable bit isn't set.
>
You don't need to itemize one-shot and periodic separately, disabling
the running timer just doesn't work universally.

> Timer won't start periodic ticking if ONE-SHOT -> PERIODIC mode change
> happened after one-shot tick was completed. Fix it by starting ticking
> only if the timer isn't ticking right now.
>

Needs some grammar work. Try:

The running timer can't be stopped because timer control code just
doesn't handle disabling the timer. Fix it by deleting the timer if
the enable bit is cleared.

The timer won't start periodic ticking if a ONE-SHOT -> PERIODIC mode
change happens after a one-shot tick was completed. Fix it by
re-starting ticking if the timer isn't ticking right now.

> To avoid code churning, these two fixes are squashed in one commit.
>
> Signed-off-by: Dmitry Osipenko 

Otherwise:

Reviewed-by: Peter Crosthwaite 

Regards,
Peter

> ---
>
> Commits are squashed as per Peter Crosthwaite suggestion.
>
>  hw/timer/arm_mptimer.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
> index 8b93b3c..0e132b1 100644
> --- a/hw/timer/arm_mptimer.c
> +++ b/hw/timer/arm_mptimer.c
> @@ -122,11 +122,18 @@ static void timerblock_write(void *opaque, hwaddr addr,
>  case 8: /* Control.  */
>  old = tb->control;
>  tb->control = value;
> -if (((old & 1) == 0) && (value & 1)) {
> -if (tb->count == 0 && (tb->control & 2)) {
> +if (value & 1) {
> +if ((old & 1) && (tb->count != 0)) {
> +/* Do nothing if timer is ticking right now.  */
> +break;
> +}
> +if (tb->control & 2) {
>  tb->count = tb->load;
>  }
>  timerblock_reload(tb, 1);
> +} else if (old & 1) {
> +/* Shutdown the timer.  */
> +timer_del(tb->timer);
>  }
>  break;
>  case 12: /* Interrupt status.  */
> --
> 2.4.4
>
>

Re: [Qemu-devel] [RFC v1 0/2] ARM MPTimer fixes and refactoring

2015-07-05 Thread Dmitry Osipenko 

06.07.2015 00:06, Peter Maydell пишет:

On 5 July 2015 at 22:01, Peter Crosthwaite  wrote:

On Sun, Jul 5, 2015 at 1:58 PM, Peter Crosthwaite
 wrote:

On Sun, Jul 5, 2015 at 1:47 PM, Dmitry Osipenko  wrote:

Hi Peter, thanks a lot! Generally, I don't have any trouble with currently
missed functionality, just noticed it while was hacking my NVIDIA Tegra2
emulation pet-project and decided to contribute =).


Given that it's the eve of hardfreeze for 2.4, if these
aren't causing actual problems for you I'm wondering if maybe
we should leave master as is for 2.4 and put in a proper
rework patchset after that is released? (This is a bugfix
though so certainly in scope for 2.4 still if we want.)



Sure, I'm totally ok with leaving master as-is. However, my recent two patches 
looks quite simple and still fixing issues. Peter, you decide.


Potentially, shutdown issue might cause troubles with Linux kernel in SMP QEMU 
setup.


--
Dmitry

Re: [Qemu-devel] [PATCH 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Dmitry Osipenko 

06.07.2015 00:19, Peter Crosthwaite пишет:

On Sun, Jul 5, 2015 at 8:39 AM, Dmitry Osipenko  wrote:

Timer, running in periodic mode, can't be stopped or coming one-shot
tick won't be canceled because timer control code just doesn't handle
timer disabling. Fix it by deleting the timer if enable bit isn't set.


You don't need to itemize one-shot and periodic separately, disabling
the running timer just doesn't work universally.



Fair enough.



Timer won't start periodic ticking if ONE-SHOT -> PERIODIC mode change
happened after one-shot tick was completed. Fix it by starting ticking
only if the timer isn't ticking right now.



Needs some grammar work. Try:

The running timer can't be stopped because timer control code just
doesn't handle disabling the timer. Fix it by deleting the timer if
the enable bit is cleared.

The timer won't start periodic ticking if a ONE-SHOT -> PERIODIC mode
change happens after a one-shot tick was completed. Fix it by
re-starting ticking if the timer isn't ticking right now.

Otherwise:

Reviewed-by: Peter Crosthwaite 

Regards,
Peter



Sounds good, I'll pick it. Thanks.

--
Dmitry

[Qemu-devel] [Bug 1471583] Re: QCA988X Wifi Card Not PCI Passing Through

2015-07-05 Thread Alex Williamson 
It probably needs a quirk like this to avoid bus resets:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/pci/quirks.c?id=c3e59ee4e76686b0c84ca8faa1011d10cd4ca1b8

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1471583

Title:
  QCA988X Wifi Card Not PCI Passing Through

Status in QEMU:
  New

Bug description:
  CPU:  Intel(R) Xeon(R) CPU E3-1265L v3 @ 2.50GHz
  KVM:  qemu-kvm-1.5.3-86.el7_1.2.x86_64
  Kernel:  4.1.1-1.el7.elrepo.x86_64, and kernel-3.10.0-229.7.2.el7.x86_64
  Host & Guest: CentOS 7.1
  Using virt-manager-1.1.0-12.el7.noarch to create, configure, and start guest

  I am trying to do a PCI passthrough of a QCA988X wifi card.  It's a Doodle 
Labs military-grade 802.11ac miniPCI card, which uses the ath10k kernel driver. 
 This card configures nicely on the host, and seems to pass through to the 
guest, but early in the boot of the guest it says "Unknown header type" at the 
wifi's bus address.  And sure enough, lspci -vv on the host then shows:
  !!! Unknown header type 7f
  Kernel driver in use: vfio-pci

  When the guest has booted, of course it shows as an Unclassified
  device.  Host and guest must run at least kernel 4.0 so the wifi
  card's current firmware will load, and so that its driver comes with
  the kernel.  I have both host and guest set up for the wifi card.  I
  tried running kernel 3.10 in the host and passing through the PCI
  device, but same behavior.

  I am passing through to the guest an Intel i350 ethernet card just
  fine, in fact I'm passing through two of its SR-IOV virt interfaces to
  the guest, so that works.

  On the host, before I start the guest, the wifi card looks like this
  (lspci -vv):

  0a:00.0 Network controller: Qualcomm Atheros QCA988x 802.11ac Wireless 
Network Adapter
  Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
  Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- 
SERR- https://bugs.launchpad.net/qemu/+bug/1471583/+subscriptions

[Qemu-devel] [Bug 1471583] Re: QCA988X Wifi Card Not PCI Passing Through

2015-07-05 Thread Alex Williamson 
IOW, add a line like this below the line added by the above patch:

DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x003c,
quirk_no_bus_reset);

Double check that vendor:device ID against 'lspci -nn', that's
168c:003c.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1471583

Title:
  QCA988X Wifi Card Not PCI Passing Through

Status in QEMU:
  New

Bug description:
  CPU:  Intel(R) Xeon(R) CPU E3-1265L v3 @ 2.50GHz
  KVM:  qemu-kvm-1.5.3-86.el7_1.2.x86_64
  Kernel:  4.1.1-1.el7.elrepo.x86_64, and kernel-3.10.0-229.7.2.el7.x86_64
  Host & Guest: CentOS 7.1
  Using virt-manager-1.1.0-12.el7.noarch to create, configure, and start guest

  I am trying to do a PCI passthrough of a QCA988X wifi card.  It's a Doodle 
Labs military-grade 802.11ac miniPCI card, which uses the ath10k kernel driver. 
 This card configures nicely on the host, and seems to pass through to the 
guest, but early in the boot of the guest it says "Unknown header type" at the 
wifi's bus address.  And sure enough, lspci -vv on the host then shows:
  !!! Unknown header type 7f
  Kernel driver in use: vfio-pci

  When the guest has booted, of course it shows as an Unclassified
  device.  Host and guest must run at least kernel 4.0 so the wifi
  card's current firmware will load, and so that its driver comes with
  the kernel.  I have both host and guest set up for the wifi card.  I
  tried running kernel 3.10 in the host and passing through the PCI
  device, but same behavior.

  I am passing through to the guest an Intel i350 ethernet card just
  fine, in fact I'm passing through two of its SR-IOV virt interfaces to
  the guest, so that works.

  On the host, before I start the guest, the wifi card looks like this
  (lspci -vv):

  0a:00.0 Network controller: Qualcomm Atheros QCA988x 802.11ac Wireless 
Network Adapter
  Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx+
  Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- 
SERR- https://bugs.launchpad.net/qemu/+bug/1471583/+subscriptions

[Qemu-devel] [PATCH v2 1/2] arm_mptimer: Fix timer shutdown and mode change

2015-07-05 Thread Dmitry Osipenko 
The running timer can't be stopped because timer control code just
doesn't handle disabling the timer. Fix it by deleting the timer if
the enable bit is cleared.

The timer won't start periodic ticking if a ONE-SHOT -> PERIODIC mode
change happens after a one-shot tick was completed. Fix it by
re-starting ticking if the timer isn't ticking right now.

To avoid code churning, these two fixes are squashed in one commit.

Signed-off-by: Dmitry Osipenko 
Reviewed-by: Peter Crosthwaite 
---

v1: Commits are squashed as per Peter Crosthwaite suggestion.

v2: Grammar fixes of commit message as per Peter Crosthwaite suggestion.

 hw/timer/arm_mptimer.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 8b93b3c..0e132b1 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -122,11 +122,18 @@ static void timerblock_write(void *opaque, hwaddr addr,
 case 8: /* Control.  */
 old = tb->control;
 tb->control = value;
-if (((old & 1) == 0) && (value & 1)) {
-if (tb->count == 0 && (tb->control & 2)) {
+if (value & 1) {
+if ((old & 1) && (tb->count != 0)) {
+/* Do nothing if timer is ticking right now.  */
+break;
+}
+if (tb->control & 2) {
 tb->count = tb->load;
 }
 timerblock_reload(tb, 1);
+} else if (old & 1) {
+/* Shutdown the timer.  */
+timer_del(tb->timer);
 }
 break;
 case 12: /* Interrupt status.  */
-- 
2.4.4

[Qemu-devel] [PATCH v3 2/2] arm_mptimer: Respect IT bit state

2015-07-05 Thread Dmitry Osipenko 
The timer should fire interrupt only if IT(interrupt enable) bit state of
control register is enabled and the timer should update IRQ status on IT
bit change as it would mask/unmask the interrupt line.

Signed-off-by: Dmitry Osipenko 
Reviewed-by: Peter Crosthwaite 
---

v2: Added missed IRQ status update on control register write as per
Peter Crosthwaite comment.

v3: No code change, just re-send.

 hw/timer/arm_mptimer.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 0e132b1..22fa46e 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -38,7 +38,7 @@ static inline int get_current_cpu(ARMMPTimerState *s)
 
 static inline void timerblock_update_irq(TimerBlock *tb)
 {
-qemu_set_irq(tb->irq, tb->status);
+qemu_set_irq(tb->irq, tb->status && (tb->control & 4));
 }
 
 /* Return conversion factor from mpcore timer ticks to qemu timer ticks.  */
@@ -122,6 +122,9 @@ static void timerblock_write(void *opaque, hwaddr addr,
 case 8: /* Control.  */
 old = tb->control;
 tb->control = value;
+if ((old & 4) != (value & 4)) {
+timerblock_update_irq(tb);
+}
 if (value & 1) {
 if ((old & 1) && (tb->count != 0)) {
 /* Do nothing if timer is ticking right now.  */
-- 
2.4.4

[Qemu-devel] [PATCH v3 0/2] arm_mptimer fixes

2015-07-05 Thread Dmitry Osipenko 
Hello, this is V3 of arm_mptimer patch series. No code changes here, just
grammar fixes for "shutdown and mode change" patch and general re-send, as
V2 was screwed for patchtracker.

Dmitry Osipenko (2):
  arm_mptimer: Fix timer shutdown and mode change
  arm_mptimer: Respect IT bit state

 hw/timer/arm_mptimer.c | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

-- 
2.4.4

Re: [Qemu-devel] [PATCH pic32 v2 1/5] Speed of MIPS CPU timer made configurable per platform.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 3:02 AM, Aurelien Jarno  wrote:
> On 2015-06-30 21:12, Serge Vakulenko wrote:
>> @@ -153,5 +153,6 @@ void cpu_mips_clock_init (CPUMIPSState *env)
>>   */
>>  if (!kvm_enabled()) {
>>  env->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &mips_timer_cb, env);
>> +env->count_freq = count_freq;
>>  }
>>  }
>
> So it means the value passed as an argument to this function is ignored
> in the KVM case. I guess we want to be able to tell the kernel about the
> request frequency.

Sound like a new feature request for MIPS KVM developers. I cannot
find any such possibility in the current KVM API.

My patch changes nothing for existing platforms like Malta, Fulong or
MIPSsim. Everything continues to work as it is. Only for pic32mx7 cpu
the clock rate is decreased to 40MHz. I'm not sure anybody could ever
run KVM on this processor. :)

Regards,
--Serge

> Otherwise it looks fine.
>
> --
> Aurelien Jarno  GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH pic32 v2 2/5] Fixed random index generation for TLBWR instruction. It was not quite random and did not skip Wired entries.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 3:11 AM, Aurelien Jarno  wrote:
> On 2015-06-30 21:12, Serge Vakulenko wrote:
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  hw/mips/cputimer.c | 18 +-
>>  1 file changed, 5 insertions(+), 13 deletions(-)
>>
>> diff --git a/hw/mips/cputimer.c b/hw/mips/cputimer.c
>> index 4f02a9f..94a29df 100644
>> --- a/hw/mips/cputimer.c
>> +++ b/hw/mips/cputimer.c
>> @@ -25,21 +25,13 @@
>>  #include "qemu/timer.h"
>>  #include "sysemu/kvm.h"
>>
>> -#define TIMER_FREQ   100 * 1000 * 1000
>> -
>> -/* XXX: do not use a global */
>> +/* Generate a random TLB index.
>> + * Skip wired entries. */
>>  uint32_t cpu_mips_get_random (CPUMIPSState *env)
>>  {
>> -static uint32_t lfsr = 1;
>> -static uint32_t prev_idx = 0;
>> -uint32_t idx;
>> -/* Don't return same value twice, so get another value */
>> -do {
>> -lfsr = (lfsr >> 1) ^ (-(lfsr & 1u) & 0xd001u);
>> -idx = lfsr % (env->tlb->nb_tlb - env->CP0_Wired) + env->CP0_Wired;
>> -} while (idx == prev_idx);
>> -prev_idx = idx;
>> -return idx;
>> +env->CP0_Random = env->CP0_Wired +
>> +random() % (env->tlb->nb_tlb - env->CP0_Wired);
>> +return env->CP0_Random;
>>  }
>>
>>  /* MIPS R4K timer */
>
> Can you please give us more details about what issue you are trying to
> fix there? Especially I don't understand about the "skip wired entries"
> part. It seems the original code handles the wired entries correctly,
> and at least your patch doesn't seem to change anything regarded that
> part.

The original code looks fine by itself. But when you try to run in for
nb_tlb=16 and CP0_Wired=1, you get a sequence:

15, 6, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7,
2, 7, 2, 7, 2...

This is what happens when 4.4bsd kernel starts on pic32mz processor.
It makes the VM subsystem a bit crazy. Later the sequence becomes
better, but I think it makes sense to improve it somehow.

> Secondly, I don't think calling random() is the correct thing to do.
> It's an expensive function that is not thread safe. Quoting the
> specification:
>
>   "Within the required constraints of the upper and lower bounds, the
>   manner in which the processor selects values for the Random register
>   is implementation-dependent."
>
> So it's fine if we use a PRNG like the current code, but I agree we
> might want to improve it if it has some issues. We want to keep its
> value reproducible though so that the icount mode works as expected.

I agree that random() is somewhat heavy routine, and we don't need so
much randomness here. OK, in the next version of this patch set I'll
propose another variant of simple random generator, like TLCG or
something.

> --
> Aurelien Jarno  GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PATCH v10 01/21] i.MX: Split UART emulator in a header file and a source file

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX serial emulator into a header file and a source file

Changes since v8:
* no changes

Changes since v9:
* Small style rework

 hw/char/imx_serial.c |  82 +-
 include/hw/char/imx_serial.h | 102 +++
 2 files changed, 104 insertions(+), 80 deletions(-)
 create mode 100644 include/hw/char/imx_serial.h

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index f3fbc77..1dcb325 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -4,6 +4,7 @@
  * Copyright (c) 2008 OKL
  * Originally Written by Hans Jiang
  * Copyright (c) 2011 NICTA Pty Ltd.
+ * Updated by Jean-Christophe Dubois 
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -17,8 +18,7 @@
  * is a real serial device.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
+#include "hw/char/imx_serial.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/char.h"
 #include "hw/arm/imx.h"
@@ -43,35 +43,6 @@ do { printf("imx_serial: " fmt , ##args); } while (0)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define TYPE_IMX_SERIAL "imx-serial"
-#define IMX_SERIAL(obj) OBJECT_CHECK(IMXSerialState, (obj), TYPE_IMX_SERIAL)
-
-typedef struct IMXSerialState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-int32_t readbuff;
-
-uint32_t usr1;
-uint32_t usr2;
-uint32_t ucr1;
-uint32_t ucr2;
-uint32_t uts1;
-
-/*
- * The registers below are implemented just so that the
- * guest OS sees what it has written
- */
-uint32_t onems;
-uint32_t ufcr;
-uint32_t ubmr;
-uint32_t ubrc;
-uint32_t ucr3;
-
-qemu_irq irq;
-CharDriverState *chr;
-} IMXSerialState;
-
 static const VMStateDescription vmstate_imx_serial = {
 .name = "imx-serial",
 .version_id = 1,
@@ -91,55 +62,6 @@ static const VMStateDescription vmstate_imx_serial = {
 },
 };
 
-
-#define URXD_CHARRDY(1<<15)   /* character read is valid */
-#define URXD_ERR(1<<14)   /* Character has error */
-#define URXD_BRK(1<<11)   /* Break received */
-
-#define USR1_PARTYER(1<<15)   /* Parity Error */
-#define USR1_RTSS   (1<<14)   /* RTS pin status */
-#define USR1_TRDY   (1<<13)   /* Tx ready */
-#define USR1_RTSD   (1<<12)   /* RTS delta: pin changed state */
-#define USR1_ESCF   (1<<11)   /* Escape sequence interrupt */
-#define USR1_FRAMERR(1<<10)   /* Framing error  */
-#define USR1_RRDY   (1<<9)/* receiver ready */
-#define USR1_AGTIM  (1<<8)/* Aging timer interrupt */
-#define USR1_DTRD   (1<<7)/* DTR changed */
-#define USR1_RXDS   (1<<6)/* Receiver is idle */
-#define USR1_AIRINT (1<<5)/* Aysnch IR interrupt */
-#define USR1_AWAKE  (1<<4)/* Falling edge detected on RXd pin */
-
-#define USR2_ADET   (1<<15)   /* Autobaud complete */
-#define USR2_TXFE   (1<<14)   /* Transmit FIFO empty */
-#define USR2_DTRF   (1<<13)   /* DTR/DSR transition */
-#define USR2_IDLE   (1<<12)   /* UART has been idle for too long */
-#define USR2_ACST   (1<<11)   /* Autobaud counter stopped */
-#define USR2_RIDELT (1<<10)   /* Ring Indicator delta */
-#define USR2_RIIN   (1<<9)/* Ring Indicator Input */
-#define USR2_IRINT  (1<<8)/* Serial Infrared Interrupt */
-#define USR2_WAKE   (1<<7)/* Start bit detected */
-#define USR2_DCDDELT(1<<6)/* Data Carrier Detect delta */
-#define USR2_DCDIN  (1<<5)/* Data Carrier Detect Input */
-#define USR2_RTSF   (1<<4)/* RTS transition */
-#define USR2_TXDC   (1<<3)/* Transmission complete */
-#define USR2_BRCD   (1<<2)/* Break condition detected */
-#define USR2_ORE(1<<1)/* Overrun error */
-#define USR2_RDR(1<<0)/* Receive data ready */
-
-#define UCR1_TRDYEN (1<<13)   /* Tx Ready Interrupt Enable */
-#define UCR1_RRDYEN (1<<9)/* Rx Ready Interrupt Enable */
-#define UCR1_TXMPTYEN   (1<<6)/* Tx Empty Interrupt Enable */
-#define UCR1_UARTEN (1<<0)/* UART Enable */
-
-#define UCR2_TXEN   (1<<2)/* Transmitter enable */
-#define UCR2_RXEN   (1<<1)/* Receiver enable */
-#define UCR2_SRST   (1<<0)/* Reset complete */
-
-#define UTS1_TXEMPTY(1<<6)
-#define UTS1_RXEMPTY(1<<5)
-#define UTS1_TXFULL (1<<4)
-#define UTS1_RXFULL (1<<3)
-
 static void imx_update(IMXSerialState *s)
 {
 uint32_t flags;
diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
new file mode 100644
index

[Qemu-devel] [PATCH v10 00/21] i.MX: Add i.MX25 support through the 3DS evaluation board.

2015-07-05 Thread Jean-Christophe Dubois 
This series of patches add the support for the i.MX25 processor through the
Freescale 3DS evaluation board.

For now a limited set of devices are supported.
* GPT timers (from i.MX31)
* EPIT timers (from i.MX31)
* Serial ports (from i.MX31)
* Ethernet FEC port
* I2C controller

In the process the KZM platform was split into an i.MX31 SOC
and a plateform part.

Also, I2C devices was added to the i.MX31 SOC.

This was tested by:
* booting a minimal linux system on the i.MX25_3DS platform
* booting the Xvisor hypervisor on the i.MX25_3DS platform
* booting a minimal linux system on the KZM platform

Jean-Christophe Dubois (21):
  i.MX: Split UART emulator in a header file and a source file
  i.MX: Move serial initialization to init/realize of DeviceClass.
  i.MX:Fix Coding style for UART emulator.
  i.MX: Split AVIC emulator in a header file and a source file
  i.MX: Fix Coding style for AVIC emulator.
  i.MX: Split CCM emulator in a header file and a source file
  i.MX: Fix Coding style for CCM emulator
  i.MX: Split EPIT emulator in a header file and a source file
  i.MX: Move Qdev EPIT construction helper as inline function.
  i.MX: Fix Coding style for EPIT emulator
  i.MX: Split GPT emulator in a header file and a source file
  i.MX: Move Qdev GPT construction helper as inline function.
  i.MX: Fix Coding style for GPT emulator
  i.MX: Add SOC support for i.MX31
  i.MX: KZM now uses the standalone i.MX31 SOC support
  i.MX: Add I2C controller emulator
  i.MX: Add FEC Ethernet Emulator
  i.MX: Add SOC support for i.MX25
  i.MX: Add the i.MX25 3DS PDK plateform
  i.MX: Add qtest support for I2C device emulator.
  i.MX: Adding i2C devices to i.MX31 SOC

 default-configs/arm-softmmu.mak |   6 +
 hw/arm/Makefile.objs|   4 +-
 hw/arm/fsl-imx25.c  | 272 +++
 hw/arm/fsl-imx31.c  | 249 ++
 hw/arm/imx25_3ds.c  | 170 ++
 hw/arm/kzm.c| 212 ++--
 hw/char/imx_serial.c| 182 +++
 hw/i2c/Makefile.objs|   1 +
 hw/i2c/imx_i2c.c| 339 +++
 hw/intc/imx_avic.c  |  56 +---
 hw/misc/imx_ccm.c   |  81 +
 hw/net/Makefile.objs|   1 +
 hw/net/imx_fec.c| 709 
 hw/timer/imx_epit.c |  75 +
 hw/timer/imx_gpt.c  |  96 +-
 include/hw/arm/fsl-imx25.h  | 234 +
 include/hw/arm/fsl-imx31.h  | 111 +++
 include/hw/arm/imx.h|  34 --
 include/hw/char/imx_serial.h| 102 ++
 include/hw/i2c/imx_i2c.h|  85 +
 include/hw/intc/imx_avic.h  |  55 
 include/hw/misc/imx_ccm.h   |  91 ++
 include/hw/net/imx_fec.h| 113 +++
 include/hw/timer/imx_epit.h |  79 +
 include/hw/timer/imx_gpt.h  | 107 ++
 tests/Makefile  |   3 +
 tests/ds1338-test.c |  75 +
 tests/libqos/i2c-imx.c  | 209 
 tests/libqos/i2c.h  |   3 +
 29 files changed, 3197 insertions(+), 557 deletions(-)
 create mode 100644 hw/arm/fsl-imx25.c
 create mode 100644 hw/arm/fsl-imx31.c
 create mode 100644 hw/arm/imx25_3ds.c
 create mode 100644 hw/i2c/imx_i2c.c
 create mode 100644 hw/net/imx_fec.c
 create mode 100644 include/hw/arm/fsl-imx25.h
 create mode 100644 include/hw/arm/fsl-imx31.h
 delete mode 100644 include/hw/arm/imx.h
 create mode 100644 include/hw/char/imx_serial.h
 create mode 100644 include/hw/i2c/imx_i2c.h
 create mode 100644 include/hw/intc/imx_avic.h
 create mode 100644 include/hw/misc/imx_ccm.h
 create mode 100644 include/hw/net/imx_fec.h
 create mode 100644 include/hw/timer/imx_epit.h
 create mode 100644 include/hw/timer/imx_gpt.h
 create mode 100644 tests/ds1338-test.c
 create mode 100644 tests/libqos/i2c-imx.c

-- 
2.1.4

[Qemu-devel] [PATCH v10 05/21] i.MX: Fix Coding style for AVIC emulator.

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* improve log
* Do style cleaning

Changes since v9:
* Change patch title.

 hw/intc/imx_avic.c | 16 +++-
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/hw/intc/imx_avic.c b/hw/intc/imx_avic.c
index c5eecb5..96c376b 100644
--- a/hw/intc/imx_avic.c
+++ b/hw/intc/imx_avic.c
@@ -22,7 +22,7 @@
 
 #ifdef DEBUG_INT
 #define DPRINTF(fmt, args...) \
-do { printf("imx_avic: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_AVIC, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -34,13 +34,13 @@ do { printf("imx_avic: " fmt , ##args); } while (0)
 #define DEBUG_IMPLEMENTATION 1
 #if DEBUG_IMPLEMENTATION
 #  define IPRINTF(fmt, args...) \
-do  { fprintf(stderr, "imx_avic: " fmt, ##args); } while (0)
+do  { fprintf(stderr, "%s: " fmt, TYPE_IMX_AVIC, ##args); } while (0)
 #else
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
 static const VMStateDescription vmstate_imx_avic = {
-.name = "imx-avic",
+.name = TYPE_IMX_AVIC,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -54,8 +54,6 @@ static const VMStateDescription vmstate_imx_avic = {
 },
 };
 
-
-
 static inline int imx_avic_prio(IMXAVICState *s, int irq)
 {
 uint32_t word = irq / PRIO_PER_WORD;
@@ -215,7 +213,7 @@ static uint64_t imx_avic_read(void *opaque,
 return 0x4;
 
 default:
-IPRINTF("imx_avic_read: Bad offset 0x%x\n", (int)offset);
+IPRINTF("%s: Bad offset 0x%x\n", __func__, (int)offset);
 return 0;
 }
 }
@@ -227,12 +225,12 @@ static void imx_avic_write(void *opaque, hwaddr offset,
 
 /* Vector Registers not yet supported */
 if (offset >= 0x100 && offset <= 0x2fc) {
-IPRINTF("imx_avic_write to vector register %d ignored\n",
+IPRINTF("%s to vector register %d ignored\n", __func__,
 (unsigned int)((offset - 0x100) >> 2));
 return;
 }
 
-DPRINTF("imx_avic_write(0x%x) = %x\n",
+DPRINTF("%s(0x%x) = %x\n", __func__,
 (unsigned int)offset>>2, (unsigned int)val);
 switch (offset >> 2) {
 case 0: /* Interrupt Control Register, INTCNTL */
@@ -307,7 +305,7 @@ static void imx_avic_write(void *opaque, hwaddr offset,
 return;
 
 default:
-IPRINTF("imx_avic_write: Bad offset %x\n", (int)offset);
+IPRINTF("%s: Bad offset %x\n", __func__, (int)offset);
 }
 imx_avic_update(s);
 }
-- 
2.1.4

[Qemu-devel] [PATCH v10 03/21] i.MX:Fix Coding style for UART emulator.

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not preset on v7

Changes since v8:
* Fix coding style

Changes since v9:
* no change

 hw/char/imx_serial.c | 30 +++---
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index ef5af05..0f5d1c3 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -25,7 +25,7 @@
 //#define DEBUG_SERIAL 1
 #ifdef DEBUG_SERIAL
 #define DPRINTF(fmt, args...) \
-do { printf("imx_serial: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_SERIAL, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -163,13 +163,13 @@ static uint64_t imx_serial_read(void *opaque, hwaddr 
offset,
 return 0x0; /* TODO */
 
 default:
-IPRINTF("imx_serial_read: bad offset: 0x%x\n", (int)offset);
+IPRINTF("%s: bad offset: 0x%x\n", __func__, (int)offset);
 return 0;
 }
 }
 
 static void imx_serial_write(void *opaque, hwaddr offset,
-  uint64_t value, unsigned size)
+ uint64_t value, unsigned size)
 {
 IMXSerialState *s = (IMXSerialState *)opaque;
 unsigned char ch;
@@ -219,25 +219,25 @@ static void imx_serial_write(void *opaque, hwaddr offset,
 
 case 0x25: /* USR1 */
 value &= USR1_AWAKE | USR1_AIRINT | USR1_DTRD | USR1_AGTIM |
-USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
+ USR1_FRAMERR | USR1_ESCF | USR1_RTSD | USR1_PARTYER;
 s->usr1 &= ~value;
 break;
 
 case 0x26: /* USR2 */
-   /*
-* Writing 1 to some bits clears them; all other
-* values are ignored
-*/
+/*
+ * Writing 1 to some bits clears them; all other
+ * values are ignored
+ */
 value &= USR2_ADET | USR2_DTRF | USR2_IDLE | USR2_ACST |
-USR2_RIDELT | USR2_IRINT | USR2_WAKE |
-USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
+ USR2_RIDELT | USR2_IRINT | USR2_WAKE |
+ USR2_DCDDELT | USR2_RTSF | USR2_BRCD | USR2_ORE;
 s->usr2 &= ~value;
 break;
 
-/*
- * Linux expects to see what it writes to these registers
- * We don't currently alter the baud rate
- */
+/*
+ * Linux expects to see what it writes to these registers
+ * We don't currently alter the baud rate
+ */
 case 0x29: /* UBIR */
 s->ubrc = value & 0x;
 break;
@@ -265,7 +265,7 @@ static void imx_serial_write(void *opaque, hwaddr offset,
 break;
 
 default:
-IPRINTF("imx_serial_write: Bad offset 0x%x\n", (int)offset);
+IPRINTF("%s: Bad offset 0x%x\n", __func__, (int)offset);
 }
 }
 
-- 
2.1.4

[Qemu-devel] [PATCH v10 06/21] i.MX: Split CCM emulator in a header file and a source file

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX CCM emulator into a header file and a source file

Changes since v8:
* no change

Changes since v9:
* change kzm to avoid run time error on CCM creation.

 hw/arm/kzm.c  |  2 +-
 hw/misc/imx_ccm.c | 70 ++--
 include/hw/arm/imx.h  | 11 +-
 include/hw/misc/imx_ccm.h | 91 +++
 4 files changed, 96 insertions(+), 78 deletions(-)
 create mode 100644 include/hw/misc/imx_ccm.h

diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index c906da7..d7af230 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -115,7 +115,7 @@ static void kzm_init(MachineState *machine)
 imx_serial_create(0, 0x43f9, qdev_get_gpio_in(dev, 45));
 imx_serial_create(1, 0x43f94000, qdev_get_gpio_in(dev, 32));
 
-ccm = sysbus_create_simple("imx_ccm", 0x53f8, NULL);
+ccm = sysbus_create_simple(TYPE_IMX_CCM, 0x53f8, NULL);
 
 imx_timerp_create(0x53f94000, qdev_get_gpio_in(dev, 28), ccm);
 imx_timerp_create(0x53f98000, qdev_get_gpio_in(dev, 27), ccm);
diff --git a/hw/misc/imx_ccm.c b/hw/misc/imx_ccm.c
index 0920288..2e9bd9c 100644
--- a/hw/misc/imx_ccm.c
+++ b/hw/misc/imx_ccm.c
@@ -2,6 +2,7 @@
  * IMX31 Clock Control Module
  *
  * Copyright (C) 2012 NICTA
+ * Updated by Jean-Christophe Dubois 
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -10,10 +11,7 @@
  * the CCM.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
-#include "sysemu/sysemu.h"
-#include "hw/arm/imx.h"
+#include "hw/misc/imx_ccm.h"
 
 #define CKIH_FREQ 2600 /* 26MHz crystal input */
 #define CKIL_FREQ32768 /* nominal 32khz clock */
@@ -29,30 +27,6 @@ do { printf("imx_ccm: " fmt , ##args); } while (0)
 
 static int imx_ccm_post_load(void *opaque, int version_id);
 
-#define TYPE_IMX_CCM "imx_ccm"
-#define IMX_CCM(obj) OBJECT_CHECK(IMXCCMState, (obj), TYPE_IMX_CCM)
-
-typedef struct IMXCCMState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-
-uint32_t ccmr;
-uint32_t pdr0;
-uint32_t pdr1;
-uint32_t mpctl;
-uint32_t spctl;
-uint32_t cgr[3];
-uint32_t pmcr0;
-uint32_t pmcr1;
-
-/* Frequencies precalculated on register changes */
-uint32_t pll_refclk_freq;
-uint32_t mcu_clk_freq;
-uint32_t hsp_clk_freq;
-uint32_t ipg_clk_freq;
-} IMXCCMState;
-
 static const VMStateDescription vmstate_imx_ccm = {
 .name = "imx-ccm",
 .version_id = 1,
@@ -72,44 +46,6 @@ static const VMStateDescription vmstate_imx_ccm = {
 .post_load = imx_ccm_post_load,
 };
 
-/* CCMR */
-#define CCMR_FPME (1<<0)
-#define CCMR_MPE  (1<<3)
-#define CCMR_MDS  (1<<7)
-#define CCMR_FPMF (1<<26)
-#define CCMR_PRCS (3<<1)
-
-/* PDR0 */
-#define PDR0_MCU_PODF_SHIFT (0)
-#define PDR0_MCU_PODF_MASK (0x7)
-#define PDR0_MAX_PODF_SHIFT (3)
-#define PDR0_MAX_PODF_MASK (0x7)
-#define PDR0_IPG_PODF_SHIFT (6)
-#define PDR0_IPG_PODF_MASK (0x3)
-#define PDR0_NFC_PODF_SHIFT (8)
-#define PDR0_NFC_PODF_MASK (0x7)
-#define PDR0_HSP_PODF_SHIFT (11)
-#define PDR0_HSP_PODF_MASK (0x7)
-#define PDR0_PER_PODF_SHIFT (16)
-#define PDR0_PER_PODF_MASK (0x1f)
-#define PDR0_CSI_PODF_SHIFT (23)
-#define PDR0_CSI_PODF_MASK (0x1ff)
-
-#define EXTRACT(value, name) (((value) >> PDR0_##name##_PODF_SHIFT) \
-  & PDR0_##name##_PODF_MASK)
-#define INSERT(value, name) (((value) & PDR0_##name##_PODF_MASK) << \
- PDR0_##name##_PODF_SHIFT)
-/* PLL control registers */
-#define PD(v) (((v) >> 26) & 0xf)
-#define MFD(v) (((v) >> 16) & 0x3ff)
-#define MFI(v) (((v) >> 10) & 0xf);
-#define MFN(v) ((v) & 0x3ff)
-
-#define PLL_PD(x)   (((x) & 0xf) << 26)
-#define PLL_MFD(x)  (((x) & 0x3ff) << 16)
-#define PLL_MFI(x)  (((x) & 0xf) << 10)
-#define PLL_MFN(x)  (((x) & 0x3ff) << 0)
-
 uint32_t imx_clock_frequency(DeviceState *dev, IMXClk clock)
 {
 IMXCCMState *s = IMX_CCM(dev);
@@ -286,7 +222,7 @@ static int imx_ccm_init(SysBusDevice *dev)
 IMXCCMState *s = IMX_CCM(dev);
 
 memory_region_init_io(&s->iomem, OBJECT(dev), &imx_ccm_ops, s,
-  "imx_ccm", 0x1000);
+  TYPE_IMX_CCM, 0x1000);
 sysbus_init_mmio(dev, &s->iomem);
 
 return 0;
diff --git a/include/hw/arm/imx.h b/include/hw/arm/imx.h
index b861e80..0e8cc5a 100644
--- a/include/hw/arm/imx.h
+++ b/include/hw/arm/imx.h
@@ -14,6 +14,7 @@
 #include "hw/qdev-core.h"
 #include "hw/sysbus.h"
 #include "hw/char/imx_serial.h"
+#include "hw/misc/imx_ccm.h"
 
 /***
  * This Qdev construction h

[Qemu-devel] [PATCH v10 02/21] i.MX: Move serial initialization to init/realize of DeviceClass.

2015-07-05 Thread Jean-Christophe Dubois 
Move constructor to DeviceClass methods
 * imx_serial_init
 * imx_serial_realize

imx32_serial_properties is renamed to imx_serial_properties.

The Qdev construction helper is moved to an include file as an
inline function. This function is going to be removed soon.

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Remove Qdev construction helper

Changes since v9:
* Qdev construction helper is reintegrated and moved to a header file
  as an inline function.

 hw/char/imx_serial.c | 70 +++-
 include/hw/arm/imx.h | 30 +-
 2 files changed, 49 insertions(+), 51 deletions(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index 1dcb325..ef5af05 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -21,7 +21,6 @@
 #include "hw/char/imx_serial.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/char.h"
-#include "hw/arm/imx.h"
 
 //#define DEBUG_SERIAL 1
 #ifdef DEBUG_SERIAL
@@ -38,13 +37,13 @@ do { printf("imx_serial: " fmt , ##args); } while (0)
 //#define DEBUG_IMPLEMENTATION 1
 #ifdef DEBUG_IMPLEMENTATION
 #  define IPRINTF(fmt, args...) \
-do  { fprintf(stderr, "imx_serial: " fmt, ##args); } while (0)
+do  { fprintf(stderr, "%s: " fmt, TYPE_IMX_SERIAL, ##args); } while (0)
 #else
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
 static const VMStateDescription vmstate_imx_serial = {
-.name = "imx-serial",
+.name = TYPE_IMX_SERIAL,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -299,22 +298,18 @@ static void imx_event(void *opaque, int event)
 }
 }
 
-
 static const struct MemoryRegionOps imx_serial_ops = {
 .read = imx_serial_read,
 .write = imx_serial_write,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static int imx_serial_init(SysBusDevice *dev)
+static void imx_serial_realize(DeviceState *dev, Error **errp)
 {
 IMXSerialState *s = IMX_SERIAL(dev);
 
-
-memory_region_init_io(&s->iomem, OBJECT(s), &imx_serial_ops, s,
-  "imx-serial", 0x1000);
-sysbus_init_mmio(dev, &s->iomem);
-sysbus_init_irq(dev, &s->irq);
+/* FIXME use a qdev chardev prop instead of qemu_char_get_next_serial() */
+s->chr = qemu_char_get_next_serial();
 
 if (s->chr) {
 qemu_chr_add_handlers(s->chr, imx_can_receive, imx_receive,
@@ -323,45 +318,20 @@ static int imx_serial_init(SysBusDevice *dev)
 DPRINTF("No char dev for uart at 0x%lx\n",
 (unsigned long)s->iomem.ram_addr);
 }
-
-return 0;
 }
 
-void imx_serial_create(int uart, const hwaddr addr, qemu_irq irq)
+static void imx_serial_init(Object *obj)
 {
-DeviceState *dev;
-SysBusDevice *bus;
-CharDriverState *chr;
-const char chr_name[] = "serial";
-char label[ARRAY_SIZE(chr_name) + 1];
-
-dev = qdev_create(NULL, TYPE_IMX_SERIAL);
-
-if (uart >= MAX_SERIAL_PORTS) {
-hw_error("Cannot assign uart %d: QEMU supports only %d ports\n",
- uart, MAX_SERIAL_PORTS);
-}
-chr = serial_hds[uart];
-if (!chr) {
-snprintf(label, ARRAY_SIZE(label), "%s%d", chr_name, uart);
-chr = qemu_chr_new(label, "null", NULL);
-if (!(chr)) {
-hw_error("Can't assign serial port to imx-uart%d.\n", uart);
-}
-}
-
-qdev_prop_set_chr(dev, "chardev", chr);
-bus = SYS_BUS_DEVICE(dev);
-qdev_init_nofail(dev);
-if (addr != (hwaddr)-1) {
-sysbus_mmio_map(bus, 0, addr);
-}
-sysbus_connect_irq(bus, 0, irq);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+IMXSerialState *s = IMX_SERIAL(obj);
 
+memory_region_init_io(&s->iomem, obj, &imx_serial_ops, s,
+  TYPE_IMX_SERIAL, 0x1000);
+sysbus_init_mmio(sbd, &s->iomem);
+sysbus_init_irq(sbd, &s->irq);
 }
 
-
-static Property imx32_serial_properties[] = {
+static Property imx_serial_properties[] = {
 DEFINE_PROP_CHR("chardev", IMXSerialState, chr),
 DEFINE_PROP_END_OF_LIST(),
 };
@@ -369,21 +339,21 @@ static Property imx32_serial_properties[] = {
 static void imx_serial_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = imx_serial_init;
+dc->realize = imx_serial_realize;
 dc->vmsd = &vmstate_imx_serial;
 dc->reset = imx_serial_reset_at_boot;
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 dc->desc = "i.MX series UART";
-dc->props = imx32_serial_properties;
+dc->props = imx_serial_properties;
 }
 
 static const TypeInfo imx_serial_info = {
-.name = TYPE_IMX_SERIAL,
-.parent

[Qemu-devel] [PATCH v10 04/21] i.MX: Split AVIC emulator in a header file and a source file

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX AVIC emulator into a header file and a source file

Changes since v8:
* no changes

Changes since v9:
* Small style rework.

 hw/arm/kzm.c   |  3 ++-
 hw/intc/imx_avic.c | 40 +++--
 include/hw/intc/imx_avic.h | 55 ++
 3 files changed, 60 insertions(+), 38 deletions(-)
 create mode 100644 include/hw/intc/imx_avic.h

diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index 5be0369..c906da7 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -22,6 +22,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/char/serial.h"
+#include "hw/intc/imx_avic.h"
 #include "hw/arm/imx.h"
 
 /* Memory map for Kzm Emulation Baseboard:
@@ -106,7 +107,7 @@ static void kzm_init(MachineState *machine)
 memory_region_init_ram(sram, NULL, "kzm.sram", 0x4000, &error_abort);
 memory_region_add_subregion(address_space_mem, 0x1FFFC000, sram);
 
-dev = sysbus_create_varargs("imx_avic", 0x6800,
+dev = sysbus_create_varargs(TYPE_IMX_AVIC, 0x6800,
 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ),
 qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_FIQ),
 NULL);
diff --git a/hw/intc/imx_avic.c b/hw/intc/imx_avic.c
index e48f66c..c5eecb5 100644
--- a/hw/intc/imx_avic.c
+++ b/hw/intc/imx_avic.c
@@ -7,6 +7,7 @@
  * Copyright (c) 2008 OKL
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under the GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
@@ -14,9 +15,7 @@
  * TODO: implement vectors.
  */
 
-#include "hw/hw.h"
-#include "hw/sysbus.h"
-#include "qemu/host-utils.h"
+#include "hw/intc/imx_avic.h"
 
 #define DEBUG_INT 1
 #undef DEBUG_INT /* comment out for debugging */
@@ -40,39 +39,6 @@ do { printf("imx_avic: " fmt , ##args); } while (0)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_AVIC_NUM_IRQS 64
-
-/* Interrupt Control Bits */
-#define ABFLAG (1<<25)
-#define ABFEN (1<<24)
-#define NIDIS (1<<22) /* Normal Interrupt disable */
-#define FIDIS (1<<21) /* Fast interrupt disable */
-#define NIAD  (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
-#define FIAD  (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
-#define NM(1<<18) /* Normal interrupt mode */
-
-
-#define PRIO_PER_WORD (sizeof(uint32_t) * 8 / 4)
-#define PRIO_WORDS (IMX_AVIC_NUM_IRQS/PRIO_PER_WORD)
-
-#define TYPE_IMX_AVIC "imx_avic"
-#define IMX_AVIC(obj) \
-OBJECT_CHECK(IMXAVICState, (obj), TYPE_IMX_AVIC)
-
-typedef struct IMXAVICState {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-uint64_t pending;
-uint64_t enabled;
-uint64_t is_fiq;
-uint32_t intcntl;
-uint32_t intmask;
-qemu_irq irq;
-qemu_irq fiq;
-uint32_t prio[PRIO_WORDS]; /* Priorities are 4-bits each */
-} IMXAVICState;
-
 static const VMStateDescription vmstate_imx_avic = {
 .name = "imx-avic",
 .version_id = 1,
@@ -370,7 +336,7 @@ static int imx_avic_init(SysBusDevice *sbd)
 IMXAVICState *s = IMX_AVIC(dev);
 
 memory_region_init_io(&s->iomem, OBJECT(s), &imx_avic_ops, s,
-  "imx_avic", 0x1000);
+  TYPE_IMX_AVIC, 0x1000);
 sysbus_init_mmio(sbd, &s->iomem);
 
 qdev_init_gpio_in(dev, imx_avic_set_irq, IMX_AVIC_NUM_IRQS);
diff --git a/include/hw/intc/imx_avic.h b/include/hw/intc/imx_avic.h
new file mode 100644
index 000..63646ca
--- /dev/null
+++ b/include/hw/intc/imx_avic.h
@@ -0,0 +1,55 @@
+/*
+ * i.MX31 Vectored Interrupt Controller
+ *
+ * Note this is NOT the PL192 provided by ARM, but
+ * a custom implementation by Freescale.
+ *
+ * Copyright (c) 2008 OKL
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Jean-Christophe Dubois 
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ *
+ * TODO: implement vectors.
+ */
+#ifndef IMX_AVIC_H
+#define IMX_AVIC_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_IMX_AVIC "imx.avic"
+#define IMX_AVIC(obj) OBJECT_CHECK(IMXAVICState, (obj), TYPE_IMX_AVIC)
+
+#define IMX_AVIC_NUM_IRQS 64
+
+/* Interrupt Control Bits */
+#define ABFLAG (1<<25)
+#define ABFEN (1<<24)
+#define NIDIS (1<<22) /* Normal Interrupt disable */
+#define FIDIS (1<<21) /* Fast interrupt disable */
+#define NIAD  (1<<20) /* Normal Interrupt Arbiter Rise ARM level */
+#define FIAD  (1<<19) /* Fast Interrupt Arbiter Rise ARM level */
+#define NM(1<<18) /*

[Qemu-devel] [PATCH v10 11/21] i.MX: Split GPT emulator in a header file and a source file

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX GPT emulator into a header file and a source file

Changes since v8:
* no change

Changes since v9:
* no change

 hw/timer/imx_gpt.c |  79 ++---
 include/hw/timer/imx_gpt.h | 107 +
 2 files changed, 110 insertions(+), 76 deletions(-)
 create mode 100644 include/hw/timer/imx_gpt.h

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 3b31010..f61d4e5 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -5,23 +5,18 @@
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
  * Updated by Peter Chubb
- * Updated by Jean-Christophe Dubois
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
  *
  */
 
-#include "hw/hw.h"
-#include "qemu/bitops.h"
-#include "qemu/timer.h"
-#include "hw/ptimer.h"
-#include "hw/sysbus.h"
 #include "hw/arm/imx.h"
+#include "hw/timer/imx_gpt.h"
+#include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
 
-#define TYPE_IMX_GPT "imx.gpt"
-
 /*
  * Define to 1 for debug messages
  */
@@ -74,74 +69,6 @@ static char const *imx_gpt_reg_name(uint32_t reg)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_GPT(obj) \
-OBJECT_CHECK(IMXGPTState, (obj), TYPE_IMX_GPT)
-/*
- * GPT : General purpose timer
- *
- * This timer counts up continuously while it is enabled, resetting itself
- * to 0 when it reaches GPT_TIMER_MAX (in freerun mode) or when it
- * reaches the value of one of the ocrX (in periodic mode).
- */
-
-#define GPT_TIMER_MAX  0XUL
-
-/* Control register.  Not all of these bits have any effect (yet) */
-#define GPT_CR_EN (1 << 0)  /* GPT Enable */
-#define GPT_CR_ENMOD  (1 << 1)  /* GPT Enable Mode */
-#define GPT_CR_DBGEN  (1 << 2)  /* GPT Debug mode enable */
-#define GPT_CR_WAITEN (1 << 3)  /* GPT Wait Mode Enable  */
-#define GPT_CR_DOZEN  (1 << 4)  /* GPT Doze mode enable */
-#define GPT_CR_STOPEN (1 << 5)  /* GPT Stop Mode Enable */
-#define GPT_CR_CLKSRC_SHIFT (6)
-#define GPT_CR_CLKSRC_MASK  (0x7)
-
-#define GPT_CR_FRR(1 << 9)  /* Freerun or Restart */
-#define GPT_CR_SWR(1 << 15) /* Software Reset */
-#define GPT_CR_IM1(3 << 16) /* Input capture channel 1 mode (2 bits) */
-#define GPT_CR_IM2(3 << 18) /* Input capture channel 2 mode (2 bits) */
-#define GPT_CR_OM1(7 << 20) /* Output Compare Channel 1 Mode (3 bits) */
-#define GPT_CR_OM2(7 << 23) /* Output Compare Channel 2 Mode (3 bits) */
-#define GPT_CR_OM3(7 << 26) /* Output Compare Channel 3 Mode (3 bits) */
-#define GPT_CR_FO1(1 << 29) /* Force Output Compare Channel 1 */
-#define GPT_CR_FO2(1 << 30) /* Force Output Compare Channel 2 */
-#define GPT_CR_FO3(1 << 31) /* Force Output Compare Channel 3 */
-
-#define GPT_SR_OF1  (1 << 0)
-#define GPT_SR_OF2  (1 << 1)
-#define GPT_SR_OF3  (1 << 2)
-#define GPT_SR_ROV  (1 << 5)
-
-#define GPT_IR_OF1IE  (1 << 0)
-#define GPT_IR_OF2IE  (1 << 1)
-#define GPT_IR_OF3IE  (1 << 2)
-#define GPT_IR_ROVIE  (1 << 5)
-
-typedef struct {
-SysBusDevice busdev;
-ptimer_state *timer;
-MemoryRegion iomem;
-DeviceState *ccm;
-
-uint32_t cr;
-uint32_t pr;
-uint32_t sr;
-uint32_t ir;
-uint32_t ocr1;
-uint32_t ocr2;
-uint32_t ocr3;
-uint32_t icr1;
-uint32_t icr2;
-uint32_t cnt;
-
-uint32_t next_timeout;
-uint32_t next_int;
-
-uint32_t freq;
-
-qemu_irq irq;
-} IMXGPTState;
-
 static const VMStateDescription vmstate_imx_timer_gpt = {
 .name = "imx.gpt",
 .version_id = 3,
diff --git a/include/hw/timer/imx_gpt.h b/include/hw/timer/imx_gpt.h
new file mode 100644
index 000..e055951
--- /dev/null
+++ b/include/hw/timer/imx_gpt.h
@@ -0,0 +1,107 @@
+/*
+ * i.MX GPT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY O

[Qemu-devel] [PATCH v10 08/21] i.MX: Split EPIT emulator in a header file and a source file

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Splited the i.MX EPIT emulator into a header file and a source file

Changes since: v8:
* no change

Changes since v9:
* no change

 hw/timer/imx_epit.c | 52 ++---
 include/hw/timer/imx_epit.h | 79 +
 2 files changed, 82 insertions(+), 49 deletions(-)
 create mode 100644 include/hw/timer/imx_epit.h

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index ffefc22..f1f82e9 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -5,23 +5,18 @@
  * Copyright (c) 2011 NICTA Pty Ltd
  * Originally written by Hans Jiang
  * Updated by Peter Chubb
- * Updated by Jean-Christophe Dubois
+ * Updated by Jean-Christophe Dubois 
  *
  * This code is licensed under GPL version 2 or later.  See
  * the COPYING file in the top-level directory.
  *
  */
 
-#include "hw/hw.h"
-#include "qemu/bitops.h"
-#include "qemu/timer.h"
-#include "hw/ptimer.h"
-#include "hw/sysbus.h"
 #include "hw/arm/imx.h"
+#include "hw/timer/imx_epit.h"
+#include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
 
-#define TYPE_IMX_EPIT "imx.epit"
-
 #define DEBUG_TIMER 0
 #if DEBUG_TIMER
 
@@ -61,30 +56,6 @@ static char const *imx_epit_reg_name(uint32_t reg)
 #  define IPRINTF(fmt, args...) do {} while (0)
 #endif
 
-#define IMX_EPIT(obj) \
-OBJECT_CHECK(IMXEPITState, (obj), TYPE_IMX_EPIT)
-
-/*
- * EPIT: Enhanced periodic interrupt timer
- */
-
-#define CR_EN   (1 << 0)
-#define CR_ENMOD(1 << 1)
-#define CR_OCIEN(1 << 2)
-#define CR_RLD  (1 << 3)
-#define CR_PRESCALE_SHIFT (4)
-#define CR_PRESCALE_MASK  (0xfff)
-#define CR_SWR  (1 << 16)
-#define CR_IOVW (1 << 17)
-#define CR_DBGEN(1 << 18)
-#define CR_WAITEN   (1 << 19)
-#define CR_DOZEN(1 << 20)
-#define CR_STOPEN   (1 << 21)
-#define CR_CLKSRC_SHIFT (24)
-#define CR_CLKSRC_MASK  (0x3 << CR_CLKSRC_SHIFT)
-
-#define EPIT_TIMER_MAX  0XUL
-
 /*
  * Exact clock frequencies vary from board to board.
  * These are typical.
@@ -96,23 +67,6 @@ static const IMXClk imx_epit_clocks[] =  {
 CLK_32k,  /* 11 ipg_clk_32k -- ~32kHz */
 };
 
-typedef struct {
-SysBusDevice busdev;
-ptimer_state *timer_reload;
-ptimer_state *timer_cmp;
-MemoryRegion iomem;
-DeviceState *ccm;
-
-uint32_t cr;
-uint32_t sr;
-uint32_t lr;
-uint32_t cmp;
-uint32_t cnt;
-
-uint32_t freq;
-qemu_irq irq;
-} IMXEPITState;
-
 /*
  * Update interrupt status
  */
diff --git a/include/hw/timer/imx_epit.h b/include/hw/timer/imx_epit.h
new file mode 100644
index 000..70e16ee
--- /dev/null
+++ b/include/hw/timer/imx_epit.h
@@ -0,0 +1,79 @@
+/*
+ * i.MX EPIT Timer
+ *
+ * Copyright (c) 2008 OK Labs
+ * Copyright (c) 2011 NICTA Pty Ltd
+ * Originally written by Hans Jiang
+ * Updated by Peter Chubb
+ * Updated by Jean-Christophe Dubois 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef IMX_EPIT_H
+#define IMX_EPIT_H
+
+#include "hw/sysbus.h"
+#include "hw/ptimer.h"
+
+/*
+ * EPIT: Enhanced periodic interrupt timer
+ */
+
+#define CR_EN   (1 << 0)
+#define CR_ENMOD(1 << 1)
+#define CR_OCIEN(1 << 2)
+#define CR_RLD  (1 << 3)
+#define CR_PRESCALE_SHIFT (4)
+#define CR_PRESCALE_MASK  (0xfff)
+#define CR_SWR  (1 << 16)
+#define CR_IOVW (1 << 17)
+#define CR_DBGEN(1 << 18)
+#define CR_WAITEN   (1 << 19)
+#define CR_DOZEN(1 << 20)
+#define CR_STOPEN   (1 << 21)
+#define CR_CLKSRC_SHIFT (24)
+#define CR_CLKSRC_MASK  (0x3 << CR_CLKSRC_SHIFT)
+
+#define EPIT_TIMER_MAX  0XUL
+
+#define TYPE_IMX_EPIT "imx.epit"
+#define IMX_EPIT(obj) OBJECT_CHECK(IMXEPITState, (obj)

[Qemu-devel] [PATCH v10 07/21] i.MX: Fix Coding style for CCM emulator

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Improve logs

Changes since v9:
* Change patch title.

 hw/misc/imx_ccm.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/hw/misc/imx_ccm.c b/hw/misc/imx_ccm.c
index 2e9bd9c..2e19dbb 100644
--- a/hw/misc/imx_ccm.c
+++ b/hw/misc/imx_ccm.c
@@ -16,11 +16,10 @@
 #define CKIH_FREQ 2600 /* 26MHz crystal input */
 #define CKIL_FREQ32768 /* nominal 32khz clock */
 
-
 //#define DEBUG_CCM 1
 #ifdef DEBUG_CCM
 #define DPRINTF(fmt, args...) \
-do { printf("imx_ccm: " fmt , ##args); } while (0)
+do { printf("%s: " fmt , TYPE_IMX_CCM, ##args); } while (0)
 #else
 #define DPRINTF(fmt, args...) do {} while (0)
 #endif
@@ -28,7 +27,7 @@ do { printf("imx_ccm: " fmt , ##args); } while (0)
 static int imx_ccm_post_load(void *opaque, int version_id);
 
 static const VMStateDescription vmstate_imx_ccm = {
-.name = "imx-ccm",
+.name = TYPE_IMX_CCM,
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
@@ -110,7 +109,7 @@ static void update_clocks(IMXCCMState *s)
 s->hsp_clk_freq = s->mcu_clk_freq / (1 + EXTRACT(s->pdr0, HSP));
 s->ipg_clk_freq = s->hsp_clk_freq / (1 + EXTRACT(s->pdr0, IPG));
 
-DPRINTF("Clocks: mcu %uMHz, HSP %uMHz, IPG %uHz\n",
+DPRINTF("%s: mcu %uMHz, HSP %uMHz, IPG %uHz\n", __func__,
 s->mcu_clk_freq / 100,
 s->hsp_clk_freq / 100,
 s->ipg_clk_freq);
@@ -136,7 +135,7 @@ static uint64_t imx_ccm_read(void *opaque, hwaddr offset,
 {
 IMXCCMState *s = (IMXCCMState *)opaque;
 
-DPRINTF("read(offset=%x)", offset >> 2);
+DPRINTF("%s(offset=%x)", __func__, offset >> 2);
 switch (offset >> 2) {
 case 0: /* CCMR */
 DPRINTF(" ccmr = 0x%x\n", s->ccmr);
@@ -177,7 +176,7 @@ static void imx_ccm_write(void *opaque, hwaddr offset,
 {
 IMXCCMState *s = (IMXCCMState *)opaque;
 
-DPRINTF("write(offset=%x, value = %x)\n",
+DPRINTF("%s(offset=%x, value = %x)\n", __func__,
 offset >> 2, (unsigned int)value);
 switch (offset >> 2) {
 case 0:
-- 
2.1.4

[Qemu-devel] [PATCH v10 15/21] i.MX: KZM now uses the standalone i.MX31 SOC support

2015-07-05 Thread Jean-Christophe Dubois 
Tested by booting a minimal linux system on the emulated plateform

Note: Qdev construction helper functions are removed with this patch.

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* update KZM target to use new emulators

Changes since v8:
* update KZM to user i.MX31 SOC
* rework SDRAM memory initialisation

Changes since v9:
* remove all Qdev construction helper fucntions.

 hw/arm/Makefile.objs |   4 +-
 hw/arm/kzm.c | 213 ++-
 include/hw/arm/imx.h |  72 -
 3 files changed, 112 insertions(+), 177 deletions(-)
 delete mode 100644 include/hw/arm/imx.h

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index f35f731..2fbe344 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -1,6 +1,6 @@
 obj-y += boot.o collie.o exynos4_boards.o gumstix.o highbank.o
 obj-$(CONFIG_DIGIC) += digic_boards.o
-obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
+obj-y += integratorcp.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
 obj-$(CONFIG_ACPI) += virt-acpi-build.o
@@ -13,4 +13,4 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
-obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o
+obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
index d7af230..6925833 100644
--- a/hw/arm/kzm.c
+++ b/hw/arm/kzm.c
@@ -13,131 +13,138 @@
  * i.MX31 SoC
  */
 
-#include "hw/sysbus.h"
+#include "hw/arm/fsl-imx31.h"
+#include "hw/boards.h"
+#include "qemu/error-report.h"
 #include "exec/address-spaces.h"
-#include "hw/hw.h"
-#include "hw/arm/arm.h"
-#include "hw/devices.h"
 #include "net/net.h"
-#include "sysemu/sysemu.h"
-#include "hw/boards.h"
+#include "hw/devices.h"
 #include "hw/char/serial.h"
-#include "hw/intc/imx_avic.h"
-#include "hw/arm/imx.h"
-
-/* Memory map for Kzm Emulation Baseboard:
- * 0x-0x3fff 16k secure ROM   IGNORED
- * 0x4000-0x00407fff Reserved IGNORED
- * 0x00404000-0x00407fff ROM  IGNORED
- * 0x00408000-0x0fff Reserved IGNORED
- * 0x1000-0x1fffbfff RAM aliasing IGNORED
- * 0x1fffc000-0x1fff RAM  EMULATED
- * 0x2000-0x2fff Reserved IGNORED
- * 0x3000-0x7fff I.MX31 Internal Register Space
- *   0x43f0 IO_AREA0
- *   0x43f9 UART1 EMULATED
- *   0x43f94000 UART2 EMULATED
- *   0x6800 AVIC  EMULATED
- *   0x53f8 CCM   EMULATED
- *   0x53f94000 PIT 1 EMULATED
- *   0x53f98000 PIT 2 EMULATED
- *   0x53f9 GPT   EMULATED
- * 0x8000-0x87ff RAM  EMULATED
- * 0x8800-0x8fff RAM Aliasing EMULATED
- * 0xa000-0xafff NAND Flash   IGNORED
- * 0xb000-0xb3ff Unavailable  IGNORED
- * 0xb400-0xb4000fff 8-bit free space IGNORED
- * 0xb4001000-0xb400100f Board controlIGNORED
- *  0xb4001003   DIP switch
- * 0xb4001010-0xb400101f 7-segment LEDIGNORED
- * 0xb4001020-0xb400102f LED  IGNORED
- * 0xb4001030-0xb400103f LED  IGNORED
- * 0xb4001040-0xb400104f FPGA, UART   EMULATED
- * 0xb4001050-0xb400105f FPGA, UART   EMULATED
- * 0xb4001060-0xb40f FPGA IGNORED
- * 0xb600-0xb61f LAN controller   EMULATED
- * 0xb620-0xb62f FPGA NAND Controller IGNORED
- * 0xb630-0xb7ff Free IGNORED
- * 0xb800-0xb8004fff Memory control registers IGNORED
- * 0xc000-0xc3ff PCMCIA/CFIGNORED
- * 0xc400-0x Reserved IGNORED
- */
-
-#define KZM_RAMADDRESS (0x8000)
-#define KZM_FPGA   (0xb4001040)
+#include "sysemu/qtest.h"
+
+/* Memory map for Kzm Emulation Baseboard:
+ * 0x-0x7fff See i.MX31 SOC for support
+ * 0x8000-0x8fff RAM  EMULATED
+ * 0x9000-0x9fff RAM  EMULATED
+ * 0xa000-0xafff FlashIGNORED
+ * 0xb000-0xb3ff Unavailable  IGNORED
+ * 0xb400-0xb4000fff 8-bit free space IGNORED
+ * 0xb4001000-0xb400100f Board controlIGNORED
+ *  0xb4001003   DIP swit

[Qemu-devel] [PATCH v10 16/21] i.MX: Add I2C controller emulator

2015-07-05 Thread Jean-Christophe Dubois 
The slave mode is not implemented.

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* none

Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()

Changes since v3:
* use realise for device initialization
* More QOM cast
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type

Changes since v4:
* none

Changes since v5:
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.

Changes since v6:
* port to new memory API

Change since v7:
* refactor emulator to be used by SOC

Changes since v8:
* no change

Changes since v9:
* no change
 default-configs/arm-softmmu.mak |   2 +
 hw/i2c/Makefile.objs|   1 +
 hw/i2c/imx_i2c.c| 339 
 include/hw/i2c/imx_i2c.h|  85 ++
 4 files changed, 427 insertions(+)
 create mode 100644 hw/i2c/imx_i2c.c
 create mode 100644 include/hw/i2c/imx_i2c.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 3f86e7e..47390db 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,8 @@ CONFIG_ALLWINNER_A10=y
 
 CONFIG_FSL_IMX31=y
 
+CONFIG_IMX_I2C=y
+
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
diff --git a/hw/i2c/Makefile.objs b/hw/i2c/Makefile.objs
index 0f13060..aeb8f38 100644
--- a/hw/i2c/Makefile.objs
+++ b/hw/i2c/Makefile.objs
@@ -4,4 +4,5 @@ common-obj-$(CONFIG_ACPI_X86) += smbus_ich9.o
 common-obj-$(CONFIG_APM) += pm_smbus.o
 common-obj-$(CONFIG_BITBANG_I2C) += bitbang_i2c.o
 common-obj-$(CONFIG_EXYNOS4) += exynos4210_i2c.o
+common-obj-$(CONFIG_IMX_I2C) += imx_i2c.o
 obj-$(CONFIG_OMAP) += omap_i2c.o
diff --git a/hw/i2c/imx_i2c.c b/hw/i2c/imx_i2c.c
new file mode 100644
index 000..468712b
--- /dev/null
+++ b/hw/i2c/imx_i2c.c
@@ -0,0 +1,339 @@
+/*
+ *  i.MX I2C Bus Serial Interface Emulation
+ *
+ *  Copyright (C) 2013 Jean-Christophe Dubois. 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ *
+ */
+
+#include "hw/i2c/imx_i2c.h"
+#include "hw/i2c/i2c.h"
+
+#ifndef IMX_I2C_DEBUG
+#define IMX_I2C_DEBUG 0
+#endif
+
+#if IMX_I2C_DEBUG
+#define DPRINT(fmt, args...)  \
+do { fprintf(stderr, "%s: "fmt, __func__, ## args); } while (0)
+
+static const char *imx_i2c_get_regname(unsigned offset)
+{
+switch (offset) {
+case IADR_ADDR:
+return "IADR";
+case IFDR_ADDR:
+return "IFDR";
+case I2CR_ADDR:
+return "I2CR";
+case I2SR_ADDR:
+return "I2SR";
+case I2DR_ADDR:
+return "I2DR";
+default:
+return "[?]";
+}
+}
+#else
+#define DPRINT(fmt, args...)  do { } while (0)
+#endif
+
+static inline bool imx_i2c_is_enabled(IMXI2CState *s)
+{
+return s->i2cr & I2CR_IEN;
+}
+
+static inline bool imx_i2c_interrupt_is_enabled(IMXI2CState *s)
+{
+return s->i2cr & I2CR_IIEN;
+}
+
+static inline bool imx_i2c_is_master(IMXI2CState *s)
+{
+return s->i2cr & I2CR_MSTA;
+}
+
+static inline bool imx_i2c_direction_is_tx(IMXI2CState *s)
+{
+return s->i2cr & I2CR_MTX;
+}
+
+static void imx_i2c_reset(DeviceState *dev)
+{
+IMXI2CState *s = IMX_I2C(dev);
+
+if (s->address != ADDR_RESET) {
+i2c_end_transfer(s->bus);
+}
+
+s->address= ADDR_RESET;
+s->iadr   = IADR_RESET;
+s->ifdr   = IFDR_RESET;
+s->i2cr   = I2CR_RESET;
+s->i2sr   = I2SR_RESET;
+s->i2dr_read  = I2DR_RESET;
+s->i2dr_write = I2DR_RESET;
+}
+
+static inline void imx_i2c_raise_interrupt(IMXI2CState *s)
+{
+/*
+ * raise an interrupt if the device is enabled and it is configured
+ * to generate some interrupts.
+ */
+if (imx_i2c_is_enabled(s) && imx_i2c_interrupt_is_enabled(s)) {
+s->i2sr |= I2SR_IIF;
+qemu_irq_raise(s->irq);
+}
+}
+
+static uint64_t imx_i2c_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+uint16_t value;
+IMXI2CState *

[Qemu-devel] [PATCH v10 10/21] i.MX: Fix Coding style for EPIT emulator

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Fix coding style

Changes since v9:
* no change

 hw/timer/imx_epit.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index 68dc0bc..9649851 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -127,9 +127,9 @@ static void imx_epit_reset(DeviceState *dev)
 
 static uint32_t imx_epit_update_count(IMXEPITState *s)
 {
- s->cnt = ptimer_get_count(s->timer_reload);
+s->cnt = ptimer_get_count(s->timer_reload);
 
- return s->cnt;
+return s->cnt;
 }
 
 static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
@@ -287,13 +287,13 @@ static void imx_epit_cmp(void *opaque)
 }
 
 static const MemoryRegionOps imx_epit_ops = {
-  .read = imx_epit_read,
-  .write = imx_epit_write,
-  .endianness = DEVICE_NATIVE_ENDIAN,
+.read = imx_epit_read,
+.write = imx_epit_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static const VMStateDescription vmstate_imx_timer_epit = {
-.name = "imx.epit",
+.name = TYPE_IMX_EPIT,
 .version_id = 2,
 .minimum_version_id = 2,
 .fields = (VMStateField[]) {
-- 
2.1.4

[Qemu-devel] [PATCH v10 17/21] i.MX: Add FEC Ethernet Emulator

2015-07-05 Thread Jean-Christophe Dubois 
This is based on mcf_fec.c FEC implementation for Coldfire

  * A generic PHY was added (borrowwed from LAN9118)
  * The buffer management is also modified as buffers are
slightly different between Coldfire and i.MX

Signed-off-by: Jean-Christophe Dubois 
Reviewed-by: Peter Crosthwaite 
---

Changes since v1:
* none

Changes since v2:
* use QOM cast
* reworked debug printf
* use CamelCase for state type
* warn with qemu_log_mask(LOG_GUEST_ERROR) or qemu_log_mask(LOG_UNIMP)
* move to dma_memory_read/write API
* rework interrupt handling
* use qemu_flush_queued_packets() in rx_enable()

Changes since v3:
* use realise for device initialization
* More QOM cast
* reworked debug printf some more
* standardise GPL header
* use CamelCase for buffer descriptor type

Changes since v4:
* none

Changes since v5:
* replace hw_error() with qemu_log_mask(LOG_GUEST_ERROR, ...)
* remove reformating of imx.h header file.
* remove unnecessary spaces.

Changes since v6:
* port to new memory API

Changes since v7:
* refactor to be used by SOC

Changes since v8:
* no change

Changes since v9:
* no change

 default-configs/arm-softmmu.mak |   1 +
 hw/net/Makefile.objs|   1 +
 hw/net/imx_fec.c| 709 
 include/hw/net/imx_fec.h| 113 +++
 4 files changed, 824 insertions(+)
 create mode 100644 hw/net/imx_fec.c
 create mode 100644 include/hw/net/imx_fec.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 47390db..5fa84c6 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -28,6 +28,7 @@ CONFIG_SSI_M25P80=y
 CONFIG_LAN9118=y
 CONFIG_SMC91C111=y
 CONFIG_ALLWINNER_EMAC=y
+CONFIG_IMX_FEC=y
 CONFIG_DS1338=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
diff --git a/hw/net/Makefile.objs b/hw/net/Makefile.objs
index 9880173..64d0449 100644
--- a/hw/net/Makefile.objs
+++ b/hw/net/Makefile.objs
@@ -19,6 +19,7 @@ common-obj-$(CONFIG_XGMAC) += xgmac.o
 common-obj-$(CONFIG_MIPSNET) += mipsnet.o
 common-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 common-obj-$(CONFIG_ALLWINNER_EMAC) += allwinner_emac.o
+common-obj-$(CONFIG_IMX_FEC) += imx_fec.o
 
 common-obj-$(CONFIG_CADENCE) += cadence_gem.o
 common-obj-$(CONFIG_STELLARIS_ENET) += stellaris_enet.o
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
new file mode 100644
index 000..725f3fa
--- /dev/null
+++ b/hw/net/imx_fec.c
@@ -0,0 +1,709 @@
+/*
+ * i.MX Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois. 
+ *
+ * Based on Coldfire Fast Ethernet Controller emulation.
+ *
+ * Copyright (c) 2007 CodeSourcery.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/net/imx_fec.h"
+#include "sysemu/dma.h"
+
+/* For crc32 */
+#include 
+
+#ifndef IMX_FEC_DEBUG
+#define IMX_FEC_DEBUG  0
+#endif
+
+#ifndef IMX_PHY_DEBUG
+#define IMX_PHY_DEBUG  0
+#endif
+
+#if IMX_FEC_DEBUG
+#define FEC_PRINTF(fmt, ...) \
+do { fprintf(stderr, "%s[%s]: " fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define FEC_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+#if IMX_PHY_DEBUG
+#define PHY_PRINTF(fmt, ...) \
+do { fprintf(stderr, "%s.phy[%s]: " fmt , TYPE_IMX_FEC, __func__, \
+ ## __VA_ARGS__); \
+} while (0)
+#else
+#define PHY_PRINTF(fmt, ...) do {} while (0)
+#endif
+
+static const VMStateDescription vmstate_imx_fec = {
+.name = TYPE_IMX_FEC,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(irq_state, IMXFECState),
+VMSTATE_UINT32(eir, IMXFECState),
+VMSTATE_UINT32(eimr, IMXFECState),
+VMSTATE_UINT32(rx_enabled, IMXFECState),
+VMSTATE_UINT32(rx_descriptor, IMXFECState),
+VMSTATE_UINT32(tx_descriptor, IMXFECState),
+VMSTATE_UINT32(ecr, IMXFECState),
+VMSTATE_UINT32(mmfr, IMXFECState),
+VMSTATE_UINT32(mscr, IMXFECState),
+VMSTATE_UINT32(mibc, IMXFECState),
+VMSTATE_UINT32(rcr, IMXFECState),
+VMSTATE_UINT32(tcr, IMXFECState),
+VMSTATE_UINT32(tfwr, IMXFECState),
+VMSTATE_UINT32(frsr, IMXFECState),
+VMSTATE_UINT32(erdsr, IMXFECState),
+VMSTATE_UINT32(etdsr, IMXFE

[Qemu-devel] [PATCH v10 19/21] i.MX: Add the i.MX25 3DS PDK plateform

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* Added a ds1338 I2C device for qtest purpose.

Changes since v2:
* none
 
Changes since v3:
* Rework GPL header  
* use I2C constructor helper.

Changes since v4:
* use sysbus_create_simple() instead of I2C constructor helper

Changes since v5:
* Add ds1338 only for qtest mode.
* small comment fixes.

Changes since v6:
* Allow for more than 4 serial if suppoted by Qemu.

Changes since v7:
* Move the SOC part into its own file.

Changes since v8:
* rework SDRAM memory initialisation

Changes since v9:
* no change

 hw/arm/Makefile.objs |   2 +-
 hw/arm/imx25_3ds.c   | 170 +++
 2 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/imx25_3ds.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index b83aaca..dc11c0a 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,5 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
-obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_3ds.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/imx25_3ds.c b/hw/arm/imx25_3ds.c
new file mode 100644
index 000..fef462a
--- /dev/null
+++ b/hw/arm/imx25_3ds.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * 3Dstack Board System emulation.
+ *
+ * Based on hw/arm/kzm.c
+ *
+ * Copyright (c) 2008 OKL and 2011 NICTA
+ * Written by Hans at OK-Labs
+ * Updated by Peter Chubb.
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx25.h"
+#include "hw/boards.h"
+#include "qemu/error-report.h"
+#include "exec/address-spaces.h"
+#include "sysemu/qtest.h"
+#include "hw/i2c/i2c.h"
+
+/* Memory map for 3D-Stack Emulation Baseboard:
+ * 0x-0x7fff See i.MX25 SOC fr support
+ * 0x8000-0x87ff RAM + Alias  EMULATED
+ * 0x9000-0x9fff RAM + Alias  EMULATED
+ * 0xa000-0xa7ff FlashIGNORED
+ * 0xa800-0xafff FlashIGNORED
+ * 0xb000-0xb1ff SRAM IGNORED
+ * 0xb200-0xb3ff SRAM IGNORED
+ * 0xb400-0xb5ff CS4  IGNORED
+ * 0xb600-0xb8000fff Reserved IGNORED
+ * 0xb8001000-0xb8001fff SDRAM CTRL reg   IGNORED
+ * 0xb8002000-0xb8002fff WEIM CTRL regIGNORED
+ * 0xb8003000-0xb8003fff M3IF CTRL regIGNORED
+ * 0xb8004000-0xb8004fff EMI CTRL reg IGNORED
+ * 0xb8005000-0xbaff Reserved IGNORED
+ * 0xbb00-0xbb000fff NAND flash area buf  IGNORED
+ * 0xbb001000-0xbb0011ff NAND flash reserved  IGNORED
+ * 0xbb001200-0xbb001dff Reserved IGNORED
+ * 0xbb001e00-0xbb001fff NAN flash CTRL reg   IGNORED
+ * 0xbb012000-0xbfff Reserved IGNORED
+ * 0xc000-0x Reserved IGNORED
+ */
+
+typedef struct imx25_3ds {
+FslImx25State soc;
+MemoryRegion ram[2];
+MemoryRegion ram_alias;
+} imx25_3ds;
+
+#define IMX25_3DS_ADDRESS   (FSL_IMX25_SDRAM0_ADDR)
+
+static struct arm_boot_info imx25_3ds_binfo;
+
+static void imx25_3ds_init(MachineState *machine)
+{
+imx25_3ds *s = g_new0(imx25_3ds, 1);
+Error *err = NULL;
+unsigned int ram_size;
+int i;
+
+object_initialize(&s->soc, sizeof(s->soc), TYPE_FSL_IMX25);
+object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc),
+  &error_abort);
+
+object_property_set_bool(OBJECT(&s->soc), true, "realized", &err);
+if (err != NULL) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
+
+/* We need to initialize our memory */
+
+if (machine->ram_size > (FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE)) {
+   error_report("WARNING: RAM size " RAM_ADDR_FMT " above max supported, "
+ "reduced to %x", machine->ram_size,
+ FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE);
+   machine->ram_size = FSL_IMX25_SDRAM0_SIZE + FSL_IMX25_SDRAM1_SIZE;
+}
+
+ram_size = machine->ram_size;
+i = 0;
+
+/* create our main memory */
+while (ram_size && (i

[Qemu-devel] [PATCH v10 20/21] i.MX: Add qtest support for I2C device emulator.

2015-07-05 Thread Jean-Christophe Dubois 
This is using a ds1338 RTC chip on the I2C bus. This RTC chip is
not present on the real 3DS PDK board.

Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* use a common header file for I2C regs definition

Changes since v3:
* rework GPL headers.

Changes since v4:
* none

Changes since v5:
* none

Changes since v6:
* none

Changes since v7:
* adapt to new i.MX I2C header file.

Changes since v8:
* no change

Changes since v9:
* no change

 tests/Makefile |   3 +
 tests/ds1338-test.c|  75 ++
 tests/libqos/i2c-imx.c | 209 +
 tests/libqos/i2c.h |   3 +
 4 files changed, 290 insertions(+)
 create mode 100644 tests/ds1338-test.c
 create mode 100644 tests/libqos/i2c-imx.c

diff --git a/tests/Makefile b/tests/Makefile
index c5e4744..93890a8 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -193,6 +193,7 @@ check-qtest-sparc64-y = tests/endianness-test$(EXESUF)
 gcov-files-sparc-y += hw/timer/m48t59.c
 gcov-files-sparc64-y += hw/timer/m48t59.c
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
+check-qtest-arm-y = tests/ds1338-test$(EXESUF)
 gcov-files-arm-y += hw/misc/tmp105.c
 check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
 gcov-files-arm-y += arm-softmmu/hw/block/virtio-blk.c
@@ -342,6 +343,7 @@ libqos-pc-obj-y = $(libqos-obj-y) tests/libqos/pci-pc.o
 libqos-pc-obj-y += tests/libqos/malloc-pc.o tests/libqos/libqos-pc.o
 libqos-pc-obj-y += tests/libqos/ahci.o
 libqos-omap-obj-y = $(libqos-obj-y) tests/libqos/i2c-omap.o
+libqos-imx-obj-y = $(libqos-obj-y) tests/libqos/i2c-imx.o
 libqos-usb-obj-y = $(libqos-pc-obj-y) tests/libqos/usb.o
 libqos-virtio-obj-y = $(libqos-pc-obj-y) tests/libqos/virtio.o 
tests/libqos/virtio-pci.o tests/libqos/virtio-mmio.o 
tests/libqos/malloc-generic.o
 
@@ -356,6 +358,7 @@ tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o
 tests/boot-order-test$(EXESUF): tests/boot-order-test.o $(libqos-obj-y)
 tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
+tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
 tests/q35-test$(EXESUF): tests/q35-test.o $(libqos-pc-obj-y)
 tests/fw_cfg-test$(EXESUF): tests/fw_cfg-test.o $(libqos-pc-obj-y)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
new file mode 100644
index 000..fbc989b
--- /dev/null
+++ b/tests/ds1338-test.c
@@ -0,0 +1,75 @@
+/*
+ * QTest testcase for the DS1338 RTC
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "libqtest.h"
+#include "libqos/i2c.h"
+
+#include 
+
+#define IMX25_I2C_0_BASE 0x43F8
+
+#define DS1338_ADDR 0x68
+
+static I2CAdapter *i2c;
+static uint8_t addr;
+
+#define bcd2bin(x)(((x) & 0x0f) + ((x) >> 4) * 10)
+
+static void send_and_receive(void)
+{
+uint8_t cmd[1];
+uint8_t resp[7];
+time_t now = time(NULL);
+struct tm *tm_ptr = gmtime(&now);
+
+/* reset the index in the RTC memory */
+cmd[0] = 0;
+i2c_send(i2c, addr, cmd, 1);
+
+/* retrieve the date */
+i2c_recv(i2c, addr, resp, 7);
+
+/* check retreived time againt local time */
+g_assert_cmpuint(bcd2bin(resp[4]), == , tm_ptr->tm_mday);
+g_assert_cmpuint(bcd2bin(resp[5]), == , 1 + tm_ptr->tm_mon);
+g_assert_cmpuint(2000 + bcd2bin(resp[6]), == , 1900 + tm_ptr->tm_year);
+}
+
+int main(int argc, char **argv)
+{
+QTestState *s = NULL;
+int ret;
+
+g_test_init(&argc, &argv, NULL);
+
+s = qtest_start("-display none -machine imx25_3ds");
+i2c = imx_i2c_create(IMX25_I2C_0_BASE);
+addr = DS1338_ADDR;
+
+qtest_add_func("/ds1338/tx-rx", send_and_receive);
+
+ret = g_test_run();
+
+if (s) {
+qtest_quit(s);
+}
+g_free(i2c);
+
+return ret;
+}
diff --git a/tests/libqos/i2c-imx.c b/tests/libqos/i2c-imx.c
new file mode 100644
index 000..b5cef66
--- /dev/null
+++ b/tests/libqos/i2c-imx.c
@@ -0,0 +1,209 @@
+/*
+ * QTest i.MX I2C driver
+ *
+ * Copyright (c) 2013 Jean-Christophe Dubois
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *

[Qemu-devel] [PATCH v10 09/21] i.MX: Move Qdev EPIT construction helper as inline function.

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* remove qdev construction helper

Changes since v9:
* Qdev construction helper is reintegrated and moved to a header file
  as an inline function.

 hw/timer/imx_epit.c  | 11 ---
 include/hw/arm/imx.h | 17 ++---
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index f1f82e9..68dc0bc 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -12,7 +12,6 @@
  *
  */
 
-#include "hw/arm/imx.h"
 #include "hw/timer/imx_epit.h"
 #include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
@@ -287,16 +286,6 @@ static void imx_epit_cmp(void *opaque)
 imx_epit_update_int(s);
 }
 
-void imx_timerp_create(const hwaddr addr, qemu_irq irq, DeviceState *ccm)
-{
-IMXEPITState *pp;
-DeviceState *dev;
-
-dev = sysbus_create_simple(TYPE_IMX_EPIT, addr, irq);
-pp = IMX_EPIT(dev);
-pp->ccm = ccm;
-}
-
 static const MemoryRegionOps imx_epit_ops = {
   .read = imx_epit_read,
   .write = imx_epit_write,
diff --git a/include/hw/arm/imx.h b/include/hw/arm/imx.h
index 0e8cc5a..c6cb192 100644
--- a/include/hw/arm/imx.h
+++ b/include/hw/arm/imx.h
@@ -15,6 +15,7 @@
 #include "hw/sysbus.h"
 #include "hw/char/imx_serial.h"
 #include "hw/misc/imx_ccm.h"
+#include "hw/timer/imx_epit.h"
 
 /***
  * This Qdev construction helper is going to be removed soon
@@ -41,12 +42,22 @@ static inline void imx_serial_create(int uart, const hwaddr 
addr, qemu_irq irq)
}
 }
 
+static inline
 void imx_timerp_create(const hwaddr addr,
   qemu_irq irq,
-  DeviceState *ccm);
+  DeviceState *ccm)
+{
+IMXEPITState *pp;
+DeviceState *dev;
+
+dev = sysbus_create_simple(TYPE_IMX_EPIT, addr, irq);
+pp = IMX_EPIT(dev);
+pp->ccm = ccm;
+}
+
 void imx_timerg_create(const hwaddr addr,
-  qemu_irq irq,
-  DeviceState *ccm);
+   qemu_irq irq,
+   DeviceState *ccm);
 
 
 
-- 
2.1.4

[Qemu-devel] [PATCH v10 18/21] i.MX: Add SOC support for i.MX25

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* Added a SOC specific file for i.MX25

Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* reworked the memory allocation for SOC memory

Changes since v9:
* no change

 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/fsl-imx25.c  | 272 
 include/hw/arm/fsl-imx25.h  | 234 ++
 4 files changed, 508 insertions(+)
 create mode 100644 hw/arm/fsl-imx25.c
 create mode 100644 include/hw/arm/fsl-imx25.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 5fa84c6..bf7572b 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -100,6 +100,7 @@ CONFIG_ALLWINNER_A10_PIC=y
 CONFIG_ALLWINNER_A10=y
 
 CONFIG_FSL_IMX31=y
+CONFIG_FSL_IMX25=y
 
 CONFIG_IMX_I2C=y
 
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2fbe344..b83aaca 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,4 +13,5 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
new file mode 100644
index 000..8325a9c
--- /dev/null
+++ b/hw/arm/fsl-imx25.c
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * i.MX25 SOC emulation.
+ *
+ * Based on hw/arm/xlnx-zynqmp.c
+ *
+ * Copyright (C) 2015 Xilinx Inc
+ * Written by Peter Crosthwaite 
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx25.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+static void fsl_imx25_init(Object *obj)
+{
+FslImx25State *s = FSL_IMX25(obj);
+int i;
+
+object_initialize(&s->cpu, sizeof(s->cpu), "arm926-" TYPE_ARM_CPU);
+
+object_initialize(&s->avic, sizeof(s->avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(&s->avic), sysbus_get_default());
+
+object_initialize(&s->ccm, sizeof(s->ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(&s->ccm), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX25_NUM_UARTS; i++) {
+if (i >= MAX_SERIAL_PORTS) {
+break;
+}
+object_initialize(&s->uart[i], sizeof(s->uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(&s->uart[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX25_NUM_GPTS; i++) {
+object_initialize(&s->gpt[i], sizeof(s->gpt[i]), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(&s->gpt[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX25_NUM_EPITS; i++) {
+object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
+}
+
+object_initialize(&s->fec, sizeof(s->fec), TYPE_IMX_FEC);
+qdev_set_parent_bus(DEVICE(&s->fec), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX25_NUM_I2CS; i++) {
+object_initialize(&s->i2c[i], sizeof(s->i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(&s->i2c[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx25_realize(DeviceState *dev, Error **errp)
+{
+FslImx25State *s = FSL_IMX25(dev);
+uint8_t i;
+Error *err = NULL;
+
+/* Initialize the CPU */
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+
+/* Initialize the PIC */
+object_property_set_bool(OBJECT(&s->avic), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+/* Connect the PIC interrupt to the CPU */
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->avic), 0, FSL_IMX25_AVIC_ADDR);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->avic), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_IRQ));

Re: [Qemu-devel] [PATCH pic32 v2 2/5] Fixed random index generation for TLBWR instruction. It was not quite random and did not skip Wired entries.

2015-07-05 Thread Serge Vakulenko 
On Thu, Jul 2, 2015 at 12:52 AM, Antony Pavlov  wrote:
> On Tue, 30 Jun 2015 21:12:31 -0700
> Serge Vakulenko  wrote:
>
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  hw/mips/cputimer.c | 18 +-
>>  1 file changed, 5 insertions(+), 13 deletions(-)
>>
>> diff --git a/hw/mips/cputimer.c b/hw/mips/cputimer.c
>> index 4f02a9f..94a29df 100644
>> --- a/hw/mips/cputimer.c
>> +++ b/hw/mips/cputimer.c
>> @@ -25,21 +25,13 @@
>>  #include "qemu/timer.h"
>>  #include "sysemu/kvm.h"
>>
>> -#define TIMER_FREQ   100 * 1000 * 1000
>> -
>
> This is a part of the 'Speed of MIPS CPU timer made configurable per 
> platform.' patch.

Oops... Thanks for pointing this out. I'll move it to a proper place
in the next version of the patch set.

Regards,
--Serge

>
> --
> Best regards,
>   Antony Pavlov

[Qemu-devel] [PATCH v10 21/21] i.MX: Adding i2C devices to i.MX31 SOC

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* not present on v8

Changes since v9:
* Added 3 I2C devices to i.MX31 SOC

 hw/arm/fsl-imx31.c | 30 ++
 include/hw/arm/fsl-imx31.h | 12 
 2 files changed, 42 insertions(+)

diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 809070b..5fa917f 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -53,6 +53,11 @@ static void fsl_imx31_init(Object *obj)
 object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
 qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
 }
+
+for (i = 0; i < FSL_IMX31_NUM_I2CS; i++) {
+object_initialize(&s->i2c[i], sizeof(s->i2c[i]), TYPE_IMX_I2C);
+qdev_set_parent_bus(DEVICE(&s->i2c[i]), sysbus_get_default());
+}
 }
 
 static void fsl_imx31_realize(DeviceState *dev, Error **errp)
@@ -169,6 +174,31 @@ static void fsl_imx31_realize(DeviceState *dev, Error 
**errp)
 epit_table[i].irq));
 }
 
+/* Initialize all I2C */
+for (i = 0; i < FSL_IMX31_NUM_I2CS; i++) {
+static const struct {
+hwaddr addr;
+unsigned int irq;
+} i2c_table[FSL_IMX31_NUM_I2CS] = {
+{ FSL_IMX31_I2C1_ADDR, FSL_IMX31_I2C1_IRQ  },
+{ FSL_IMX31_I2C2_ADDR, FSL_IMX31_I2C2_IRQ  },
+{ FSL_IMX31_I2C3_ADDR, FSL_IMX31_I2C3_IRQ }
+};
+
+/* Initialize the I2C */
+object_property_set_bool(OBJECT(&s->i2c[i]), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+/* Map I2C memory */
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->i2c[i]), 0, i2c_table[i].addr);
+/* Connet I2C IRQ to PIC */
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->i2c[i]), 0,
+   qdev_get_gpio_in(DEVICE(&s->avic),
+i2c_table[i].irq));
+}
+
 /* On a real system, the first 16k is a `secure boot rom' */
 memory_region_init_rom_device(&s->secure_rom, NULL, NULL, NULL,
   "imx31.secure_rom",
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
index f1bb299..c02e198 100644
--- a/include/hw/arm/fsl-imx31.h
+++ b/include/hw/arm/fsl-imx31.h
@@ -23,6 +23,7 @@
 #include "hw/char/imx_serial.h"
 #include "hw/timer/imx_gpt.h"
 #include "hw/timer/imx_epit.h"
+#include "hw/i2c/imx_i2c.h"
 #include "exec/memory.h"
 
 #define TYPE_FSL_IMX31 "fsl,imx31"
@@ -31,6 +32,7 @@
 #define FSL_IMX31_NUM_UARTS 2
 #define FSL_IMX31_NUM_GPTS 1
 #define FSL_IMX31_NUM_EPITS 2
+#define FSL_IMX31_NUM_I2CS 3
 
 typedef struct {
 /*< private >*/
@@ -43,6 +45,7 @@ typedef struct {
 IMXSerialState uart[FSL_IMX31_NUM_UARTS];
 IMXGPTStategpt[FSL_IMX31_NUM_GPTS];
 IMXEPITState   epit[FSL_IMX31_NUM_EPITS];
+IMXI2CStatei2c[FSL_IMX31_NUM_I2CS];
 MemoryRegion   secure_rom;
 MemoryRegion   rom;
 MemoryRegion   iram;
@@ -57,10 +60,16 @@ typedef struct {
 #define FSL_IMX31_IRAM_ALIAS_SIZE  0xFFC
 #define FSL_IMX31_IRAM_ADDR0x1FFFC000
 #define FSL_IMX31_IRAM_SIZE0x4000
+#define FSL_IMX31_I2C1_ADDR0x43F8
+#define FSL_IMX31_I2C1_SIZE0x4000
+#define FSL_IMX31_I2C3_ADDR0x43F84000
+#define FSL_IMX31_I2C3_SIZE0x4000
 #define FSL_IMX31_UART1_ADDR   0x43F9
 #define FSL_IMX31_UART1_SIZE   0x4000
 #define FSL_IMX31_UART2_ADDR   0x43F94000
 #define FSL_IMX31_UART2_SIZE   0x4000
+#define FSL_IMX31_I2C2_ADDR0x43F98000
+#define FSL_IMX31_I2C2_SIZE0x4000
 #define FSL_IMX31_CCM_ADDR 0x53F8
 #define FSL_IMX31_CCM_SIZE 0x4000
 #define FSL_IMX31_GPT_ADDR 0x53F9
@@ -95,5 +104,8 @@ typedef struct {
 #define FSL_IMX31_GPT_IRQ  29
 #define FSL_IMX31_UART2_IRQ32
 #define FSL_IMX31_UART1_IRQ45
+#define FSL_IMX31_I2C1_IRQ 10
+#define FSL_IMX31_I2C2_IRQ 4
+#define FSL_IMX31_I2C3_IRQ 3
 
 #endif // FSL_IMX31_H
-- 
2.1.4

[Qemu-devel] [PATCH v10 13/21] i.MX: Fix Coding style for GPT emulator

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* Fix coding style

Changes since v9:
* no change

 hw/timer/imx_gpt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 218607b..4bac67d 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -69,7 +69,7 @@ static char const *imx_gpt_reg_name(uint32_t reg)
 #endif
 
 static const VMStateDescription vmstate_imx_timer_gpt = {
-.name = "imx.gpt",
+.name = TYPE_IMX_GPT,
 .version_id = 3,
 .minimum_version_id = 3,
 .fields = (VMStateField[]) {
@@ -106,7 +106,7 @@ static void imx_gpt_set_freq(IMXGPTState *s)
 {
 uint32_t clksrc = extract32(s->cr, GPT_CR_CLKSRC_SHIFT, 3);
 uint32_t freq = imx_clock_frequency(s->ccm, imx_gpt_clocks[clksrc])
-/ (1 + s->pr);
+/ (1 + s->pr);
 s->freq = freq;
 
 DPRINTF("Setting clksrc %d to frequency %d\n", clksrc, freq);
@@ -133,7 +133,7 @@ static uint32_t imx_gpt_update_count(IMXGPTState *s)
 }
 
 static inline uint32_t imx_gpt_find_limit(uint32_t count, uint32_t reg,
- uint32_t timeout)
+  uint32_t timeout)
 {
 if ((count < reg) && (timeout > reg)) {
 timeout = reg;
-- 
2.1.4

Re: [Qemu-devel] [PATCH pic32 v2 2/5] Fixed random index generation for TLBWR instruction. It was not quite random and did not skip Wired entries.

2015-07-05 Thread Serge Vakulenko 
On Fri, Jul 3, 2015 at 2:39 PM, Maciej W. Rozycki  wrote:
> On Wed, 1 Jul 2015, Aurelien Jarno wrote:
>
>> Secondly, I don't think calling random() is the correct thing to do.
>> It's an expensive function that is not thread safe. Quoting the
>> specification:
>>
>>   "Within the required constraints of the upper and lower bounds, the
>>   manner in which the processor selects values for the Random register
>>   is implementation-dependent."
>>
>> So it's fine if we use a PRNG like the current code, but I agree we
>> might want to improve it if it has some issues. We want to keep its
>> value reproducible though so that the icount mode works as expected.
>
>  Implementations often implement CP0.Random as a free-running counter that
> decrements between the bounds set as each instruction executes.

That's true as a first approximation, but in a real core the picture
is usually a bit more complicated. Decrementing every clock cycle
consumes too much energy. Decrementing only on TLBWR instruction makes
the sequence too predictable and can result in extra thrashing for
some applications.

Regards,
--Serge

>   Maciej

[Qemu-devel] [PATCH v10 14/21] i.MX: Add SOC support for i.MX31

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* use defines instead of hardcoded values for IRQ and ADDR
* Add i.MX31 SOC support

Changes since v9:
* no change.

 default-configs/arm-softmmu.mak |   2 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/fsl-imx31.c  | 219 
 include/hw/arm/fsl-imx31.h  |  99 ++
 4 files changed, 321 insertions(+)
 create mode 100644 hw/arm/fsl-imx31.c
 create mode 100644 include/hw/arm/fsl-imx31.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 74f1db3..3f86e7e 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -98,6 +98,8 @@ CONFIG_ALLWINNER_A10_PIT=y
 CONFIG_ALLWINNER_A10_PIC=y
 CONFIG_ALLWINNER_A10=y
 
+CONFIG_FSL_IMX31=y
+
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index cf346c1..f35f731 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -13,3 +13,4 @@ obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
 obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
+obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
new file mode 100644
index 000..809070b
--- /dev/null
+++ b/hw/arm/fsl-imx31.c
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 2013 Jean-Christophe Dubois 
+ *
+ * i.MX31 SOC emulation.
+ *
+ * Based on hw/arm/fsl-imx31.c
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ */
+
+#include "hw/arm/fsl-imx31.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+static void fsl_imx31_init(Object *obj)
+{
+FslImx31State *s = FSL_IMX31(obj);
+int i;
+
+object_initialize(&s->cpu, sizeof(s->cpu), "arm1136-" TYPE_ARM_CPU);
+
+object_initialize(&s->avic, sizeof(s->avic), TYPE_IMX_AVIC);
+qdev_set_parent_bus(DEVICE(&s->avic), sysbus_get_default());
+
+object_initialize(&s->ccm, sizeof(s->ccm), TYPE_IMX_CCM);
+qdev_set_parent_bus(DEVICE(&s->ccm), sysbus_get_default());
+
+for (i = 0; i < FSL_IMX31_NUM_UARTS; i++) {
+if (i >= MAX_SERIAL_PORTS) {
+break;
+}
+object_initialize(&s->uart[i], sizeof(s->uart[i]), TYPE_IMX_SERIAL);
+qdev_set_parent_bus(DEVICE(&s->uart[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX31_NUM_GPTS; i++) {
+object_initialize(&s->gpt[i], sizeof(s->gpt[i]), TYPE_IMX_GPT);
+qdev_set_parent_bus(DEVICE(&s->gpt[i]), sysbus_get_default());
+}
+
+for (i = 0; i < FSL_IMX31_NUM_EPITS; i++) {
+object_initialize(&s->epit[i], sizeof(s->epit[i]), TYPE_IMX_EPIT);
+qdev_set_parent_bus(DEVICE(&s->epit[i]), sysbus_get_default());
+}
+}
+
+static void fsl_imx31_realize(DeviceState *dev, Error **errp)
+{
+FslImx31State *s = FSL_IMX31(dev);
+uint16_t i;
+Error *err = NULL;
+
+/* Initialize the CPU */
+object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+
+/* Initialize the PIC */
+object_property_set_bool(OBJECT(&s->avic), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+/* Connect the PIC interrupt to the CPU */
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->avic), 0, FSL_IMX31_AVIC_ADDR);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->avic), 0,
+   qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_IRQ));
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->avic), 1,
+   qdev_get_gpio_in(DEVICE(&s->cpu), ARM_CPU_FIQ));
+
+/* Initialize the CCM */
+object_property_set_bool(OBJECT(&s->ccm), true, "realized", &err);
+if (err) {
+error_propagate((errp), (err));
+return;
+}
+/* Map CCM memory */
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->ccm), 0, 0x53f8);
+
+/* Initialize all UARTS */
+for (i = 0; i < FSL_IMX31_N

[Qemu-devel] [PATCH v10 12/21] i.MX: Move Qdev GPT construction helper as inline function.

2015-07-05 Thread Jean-Christophe Dubois 
Signed-off-by: Jean-Christophe Dubois 
---

Changes since v1:
* not present on v1

Changes since v2:
* not present on v2

Changes since v3:
* not present on v3

Changes since v4:
* not present on v4

Changes since v5:
* not present on v5

Changes since v6:
* not present on v6

Changes since v7:
* not present on v7

Changes since v8:
* remove Qdev construction helper

Changes since v9:
* Qdev construction helper is reintegrated and moved to a header file
  as an inline function.

 hw/timer/imx_gpt.c   | 11 ---
 include/hw/arm/imx.h | 12 ++--
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index f61d4e5..218607b 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -12,7 +12,6 @@
  *
  */
 
-#include "hw/arm/imx.h"
 #include "hw/timer/imx_gpt.h"
 #include "hw/misc/imx_ccm.h"
 #include "qemu/main-loop.h"
@@ -449,16 +448,6 @@ static void imx_gpt_realize(DeviceState *dev, Error **errp)
 s->timer = ptimer_init(bh);
 }
 
-void imx_timerg_create(const hwaddr addr, qemu_irq irq, DeviceState *ccm)
-{
-IMXGPTState *pp;
-DeviceState *dev;
-
-dev = sysbus_create_simple(TYPE_IMX_GPT, addr, irq);
-pp = IMX_GPT(dev);
-pp->ccm = ccm;
-}
-
 static void imx_gpt_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
diff --git a/include/hw/arm/imx.h b/include/hw/arm/imx.h
index c6cb192..b7aa4b6 100644
--- a/include/hw/arm/imx.h
+++ b/include/hw/arm/imx.h
@@ -16,6 +16,7 @@
 #include "hw/char/imx_serial.h"
 #include "hw/misc/imx_ccm.h"
 #include "hw/timer/imx_epit.h"
+#include "hw/timer/imx_gpt.h"
 
 /***
  * This Qdev construction helper is going to be removed soon
@@ -55,10 +56,17 @@ void imx_timerp_create(const hwaddr addr,
 pp->ccm = ccm;
 }
 
+static inline
 void imx_timerg_create(const hwaddr addr,
qemu_irq irq,
-   DeviceState *ccm);
-
+   DeviceState *ccm)
+{
+IMXGPTState *pp;
+DeviceState *dev;
 
+dev = sysbus_create_simple(TYPE_IMX_GPT, addr, irq);
+pp = IMX_GPT(dev);
+pp->ccm = ccm;
+}
 
 #endif /* IMX_H */
-- 
2.1.4

Re: [Qemu-devel] [PATCH pic32 v2 0/5] Support for Microchip pic32mx7 and pic32mz microcontrollers

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 10:31 PM, Antony Pavlov  wrote:
> On Tue, 30 Jun 2015 21:12:29 -0700
> Serge Vakulenko  wrote:
>
>> Please find below a set of patches, which allow to simulate Microchip PIC32
>> microcontrollers on QEMU. For examples of real PIC32 applications running
>> on QEMU, see page: https://github.com/sergev/qemu/wiki
>>
>> (1) Make the CPU clock frequency configurable per platform.
>> Currently the clock rate for all MIPS platforms is fixed at 100MHz.
>> Need to make it 40MHz for pic32mx7.
>>
>> (2) For TLBWR instruction, the generated random index value has been not
>> quite random and did not take into account the Wired register value. 
>> Fixed.
>>
>> (3) Added support for external interrupt controller mode (EIC).
>> Required for pic32.
>>
>> (4) Added two processor variants: M4K and microAptivUP.
>> Needed for pic32mx and pic32mz simulation.
>>
>> (5) Added two machine platforms: Microchip pic32mx7 and pic32mz
>> microcontrollers. Several board types supported for each platform:
>>
>> pic32mx7-explorer16  PIC32MX7 microcontroller on Microchip Explorer-16 
>> board
>> pic32mx7-max32   PIC32MX7 microcontroller on chipKIT Max32 board
>> pic32mx7-maximitePIC32MX7 microcontroller on Geoff's Maximite 
>> computer
>> pic32mz-explorer16   PIC32MZ microcontroller on Microchip Explorer-16 
>> board
>> pic32mz-meb2 PIC32MZ microcontroller on Microchip MEB-II board
>> pic32mz-wifire   PIC32MZ microcontroller on chipKIT WiFire board
>>
>>
>> Serge Vakulenko (5):
>>   Speed of MIPS CPU timer made configurable per platform.
>>   Fixed random index generation for TLBWR instruction. It was not quite
>> random and did not skip Wired entries.
>>   Added support for external interrupt controller (EIC) mode.
>>   Two new processor variants: M4K and microAptivP.
>>   Two new machine platforms: pic32mz7 and pic32mz.
>
> Please fix your subject lines according to "Write a good commit message" 
> section
> of http://wiki.qemu.org/Contribute/SubmitAPatch.
>
> Also please use the imperative mood in the subject line.

Understood.
Will be fixed in the next (v3) variant of patch set.

Thanks,
--Serge

> --
> Best regards,
>   Antony Pavlov

Re: [Qemu-devel] [PATCH qemu v7 06/14] spapr_iommu: Introduce "enabled" state for TCE table

2015-07-05 Thread Alexey Kardashevskiy 

On 07/04/2015 11:12 AM, Alexey Kardashevskiy wrote:

On 05/27/2015 05:05 PM, Paolo Bonzini wrote:



On 27/05/2015 01:55, Alexey Kardashevskiy wrote:

One step back :) Whole dance is what here? There are:
1) del+set_size(0)
2) set_size(not zero)+add


Then no need for begin/commit. :)


I got a new problem here - set_size(0) + set_size(not 0) do not invoke
region_del/region_add which does not seem right. As the result,
vfio_listener_region_del() never gets called and the IOMMU MR notifier
stays in the container->giommu_list. What is the correct solution to this?

Incorrect (most likely :) ) solution is in
[PATCH qemu v9 13/13] spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows
(DDW)
where I explicitely do  memory_region_del_subregion() +
memory_region_add_subregion() which seems to do the right job.



Never mind, "[PATCH qemu] vfio: Unregister IOMMU notifiers when container 
is destroyed" seems to solve the problem. Thanks for listening :)




--
Alexey

Re: [Qemu-devel] [PATCH v3 2/2] arm_mptimer: Respect IT bit state

2015-07-05 Thread Dmitry Osipenko 

v2: Added missed IRQ status update on control register write as per
 Peter Crosthwaite comment.


Oh, no! Turned out, that is wrong. I wasn't testing that case properly on HW, V1 
is correct. Quote from ARM doc "If the timer interrupt is enabled, Interrupt ID 
29 is set as Pending in the Interrupt Distributor after the event flag is set."


--
Dmitry

[Qemu-devel] [PATCH v4] arm_mptimer: Respect IT bit state

2015-07-05 Thread Dmitry Osipenko 
The timer should fire the interrupt only if the IT (interrupt enable) bit
state of the control register is enabled.

Signed-off-by: Dmitry Osipenko 
Reviewed-by: Peter Crosthwaite 
---

v2: Added missed IRQ status update on control register write as per
Peter Crosthwaite comment.

v3: No code change, just re-send.

v4: Revert to v1, as it was correct, with a slightly change commit message.

 hw/timer/arm_mptimer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/timer/arm_mptimer.c b/hw/timer/arm_mptimer.c
index 0e132b1..3e59c2a 100644
--- a/hw/timer/arm_mptimer.c
+++ b/hw/timer/arm_mptimer.c
@@ -38,7 +38,7 @@ static inline int get_current_cpu(ARMMPTimerState *s)
 
 static inline void timerblock_update_irq(TimerBlock *tb)
 {
-qemu_set_irq(tb->irq, tb->status);
+qemu_set_irq(tb->irq, tb->status && (tb->control & 4));
 }
 
 /* Return conversion factor from mpcore timer ticks to qemu timer ticks.  */
-- 
2.4.4

Re: [Qemu-devel] TAP network breaks after debugger break-in

2015-07-05 Thread Fam Zheng 
On Sat, 07/04 10:47, Max Filippov wrote:
> Hello,
> 
> I'm using QEMU with TAP network and after the commit
> 0a2df857a703 "Merge remote-tracking branch
> 'remotes/stefanha/tags/net-pull-request' into staging"
> I've noticed that activation of debugger connected to QEMU's
> gdbstub during network I/O almost always breaks network
> connection: network stops working completely after return
> from the debugger.
> 
> Stefan, Fam, any hint on where to start debugging it?
> 

Which NIC are you using?

Fam

Re: [Qemu-devel] [PATCH v2 1/1] KVM s390 pci infrastructure modelling

2015-07-05 Thread Hong Bo Li 



On 7/5/2015 2:25, Michael S. Tsirkin wrote:

On Fri, Jul 03, 2015 at 07:09:59PM +0800, Hong Bo Li wrote:

But I would like to note that pci device drivers require driver handshake
before device goes away.
IIUC s390 hotplug is immediate, which is a problem.
Maybe doing the change will help make sure device removal is acked
by guest before it happens?


I did some prototype today. If define zpci first, the progress of unplug
will get complicated.

The point is that you don't have to remove the zpci device at all.
Remove pci device from zpci.

I think the complication you refer to is the guest ack of
the removal, isn't it?
It's complicated, but it has a chance to actually work with
pci device drivers.

This, as opposed to just removing the device whenever host
tells us to.


This patch supports the ack in this way:
After unplugging, the guest will do some cleanup work and disable the zpci 
device.
The "is_unplugged" flag in this patch is used to do this ack. Only after the 
device
be disabled, we can remove the zpci device from list and do unparent.

The complication I mean is:
1. If we define zpci first, the user can unplug a s390 pci device in two ways:
a) unplug the vfio pci device first, unplug the zpci device second.
If the user only tell us to unplug the vfio pci, after the ack, we will
still need to wait for the unplug zpci cmd from user,  before that,
we have to maintain a useless zpci in list.

b) Unplug the zpci device directly. This will cause the unplugging of vfio 
pci
automatically. Then on s390, we have a different unplug cmd comparing to
other platform.

2. If we define vfio pci first,  the user can unplug a s390 pci device in two 
ways:
a) Unplug the zpci first, unplug the vfio pci device second.
   We don't need to maintain the extra s390 zpci structure, after ack, we 
can
remove the zpci from list and do unparent.
b) Unplug the vfio pci directly. This will cause the unplugging of zpci
   automatically.  Then on s390, we have a same unplug cmd comparing to
   other platform.

The ack of these two methods are the same.



So I prefer defining vfio pci first.
And it looks like the vfio pci is the basic device, if we want this
vfio pci to work on s390, we have to define a zpci device to give some
additional information to it.

if vfio connects to the bus internal to zpci, it can get
things from the bus in a natural way.

If zpci is connected to vfio, it becomes much messier.



For these two ways, the vfio pci both connect to the s390 pci root bus.
And zpci devices connect to the s390-pci-fac-bus, there is no difference.

[Qemu-devel] [PATCH qemu v10 02/14] vmstate: Define VARRAY with VMS_ALLOC

2015-07-05 Thread Alexey Kardashevskiy 
This allows dynamic allocation for migrating arrays.

Already existing VMSTATE_VARRAY_UINT32 requires an array to be
pre-allocated, however there are cases when the size is not known in
advance and there is no real need to enforce it.

This defines another variant of VMSTATE_VARRAY_UINT32 with WMS_ALLOC
flag which tells the receiving side to allocate memory for the array
before receiving the data.

The first user of it is a dynamic DMA window which existence and size
are totally dynamic.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
 include/migration/vmstate.h | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 0695d7c..5881d9f 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -295,6 +295,16 @@ extern const VMStateInfo vmstate_info_bitmap;
 .offset = vmstate_offset_pointer(_state, _field, _type), \
 }
 
+#define VMSTATE_VARRAY_UINT32_ALLOC(_field, _state, _field_num, _version, 
_info, _type) {\
+.name   = (stringify(_field)),   \
+.version_id = (_version),\
+.num_offset = vmstate_offset_value(_state, _field_num, uint32_t),\
+.info   = &(_info),  \
+.size   = sizeof(_type), \
+.flags  = VMS_VARRAY_UINT32|VMS_POINTER|VMS_ALLOC,   \
+.offset = vmstate_offset_pointer(_state, _field, _type), \
+}
+
 #define VMSTATE_VARRAY_UINT16_UNSAFE(_field, _state, _field_num, _version, 
_info, _type) {\
 .name   = (stringify(_field)),   \
 .version_id = (_version),\
-- 
2.4.0.rc3.8.gfb3e7d5

[Qemu-devel] [PATCH qemu v10 08/14] spapr_pci: Do complete reset of DMA config when resetting PHB

2015-07-05 Thread Alexey Kardashevskiy 
On a system reset, DMA configuration has to reset too. At the moment
it clears the table content. This is enough for the single table case
but with DDW, we will also have to disable all DMA windows except
the default one. Furthermore according to sPAPR, if the guest removed
the default window and created a huge one at the same zero offset on
a PCI bus, the reset handler has to recreate the default window with
the default properties (2GB big, 4K pages).

This reworks SPAPR PHB code to disable the existing DMA window on reset
and then configure and enable the default window.
Without DDW that means that the same window will be disabled and then
enabled with no other change in behaviour.

This changes the table creation to do it in one place in PHB (VFIO PHB
just inherits the behaviour from PHB). The actual table allocation is
done from the reset handler and this is where dma_init_window() is called.

This disables all DMA windows on a PHB reset. It does not make any
difference now as there is just one DMA window but it will later with DDW
patches.

This makes spapr_phb_dma_reset() and spapr_phb_dma_remove_window() public
as these will be used in DDW RTAS "ibm,reset-pe-dma-window" and
"ibm,remove-pe-dma-window" handlers later; the handlers will reside in
hw/ppc/spapr_rtas_ddw.c.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v9:
* as spapr_phb_vfio_reset() became not empty, this does not remove it but
adds spapr_phb_dma_reset() call
* added SPAPR_PCI_DMA_MAX_WINDOWS (was in
"spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)")
* object_child_foreach() is replaced with explicit loop over DMA windows
as later in the patchset we will be doing same loop and there the order
will matter (small windows should be enumerated first)

v7:
* s'finish_realize'dma_init_window' in the commit log
* added details (initial clause about reuse was there :) )
why exactly spapr_phb_dma_remove_window is public
---
 hw/ppc/spapr_pci.c  | 42 +-
 hw/ppc/spapr_pci_vfio.c |  4 
 include/hw/pci-host/spapr.h |  5 +
 3 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index e27ca15..00816b3 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -829,6 +829,35 @@ static int spapr_phb_dma_init_window(sPAPRPHBState *sphb,
 return 0;
 }
 
+int spapr_phb_dma_remove_window(sPAPRPHBState *sphb,
+sPAPRTCETable *tcet)
+{
+spapr_tce_table_disable(tcet);
+
+return 0;
+}
+
+int spapr_phb_dma_reset(sPAPRPHBState *sphb)
+{
+int i;
+sPAPRTCETable *tcet;
+sPAPRPHBClass *spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
+
+spc->dma_capabilities_update(sphb); /* Refresh @has_vfio status */
+
+for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
+tcet = spapr_tce_find_by_liobn(SPAPR_PCI_LIOBN(sphb->index, i));
+if (tcet) {
+spapr_phb_dma_remove_window(sphb, tcet);
+}
+}
+
+spc->dma_init_window(sphb, SPAPR_PCI_LIOBN(sphb->index, 0),
+ SPAPR_TCE_PAGE_SHIFT, sphb->dma32_window_size);
+
+return 0;
+}
+
 /* Macros to operate with address in OF binding to PCI */
 #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
 #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
@@ -1236,7 +1265,6 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 SysBusDevice *s = SYS_BUS_DEVICE(dev);
 sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
 PCIHostState *phb = PCI_HOST_BRIDGE(s);
-sPAPRPHBClass *info = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(s);
 char *namebuf;
 int i;
 PCIBus *bus;
@@ -1397,14 +1425,6 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-info->dma_capabilities_update(sphb);
-info->dma_init_window(sphb, sphb->dma_liobn, SPAPR_TCE_PAGE_SHIFT,
-  sphb->dma32_window_size);
-tcet = spapr_tce_find_by_liobn(sphb->dma_liobn);
-if (!tcet) {
-error_setg(errp, "failed to create TCE table");
-return;
-}
 memory_region_add_subregion(&sphb->iommu_root, 0,
 spapr_tce_get_iommu(tcet));
 
@@ -1424,6 +1444,10 @@ static int spapr_phb_children_reset(Object *child, void 
*opaque)
 
 static void spapr_phb_reset(DeviceState *qdev)
 {
+sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(qdev);
+
+spapr_phb_dma_reset(sphb);
+
 /* Reset the IOMMU state */
 object_child_foreach(OBJECT(qdev), spapr_phb_children_reset, NULL);
 }
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index 69d85ab..cf5483a 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -73,6 +73,10 @@ static void spapr_phb_vfio_eeh_reenable(sPAPRPHBVFIOState 
*svphb)
 
 static void spapr_phb_vfio_reset(DeviceState *qdev)
 {
+sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(qdev);
+
+spapr_phb_dma_reset(sphb);
+
 /*

[Qemu-devel] [PATCH qemu v10 07/14] spapr_iommu: Add root memory region

2015-07-05 Thread Alexey Kardashevskiy 
We are going to have multiple DMA windows at different offsets on
a PCI bus. For the sake of migration, we will have as many TCE table
objects pre-created as many windows supported.
So we need a way to map windows dynamically onto a PCI bus
when migration of a table is completed but at this stage a TCE table
object does not have access to a PHB to ask it to map a DMA window
backed by just migrated TCE table.

This adds a "root" memory region (UINT64_MAX long) to the TCE object.
This new region is mapped on a PCI bus with enabled overlapping as
there will be one root MR per TCE table, each of them mapped at 0.
The actual IOMMU memory region is a subregion of the root region and
a TCE table enables/disables this subregion and maps it at
the specific offset inside the root MR which is 1:1 mapping of
a PCI address space.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_iommu.c   | 13 ++---
 hw/ppc/spapr_pci.c |  2 +-
 include/hw/ppc/spapr.h |  2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 1378a7a..45c00d8 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -171,11 +171,16 @@ static MemoryRegionIOMMUOps spapr_iommu_ops = {
 static int spapr_tce_table_realize(DeviceState *dev)
 {
 sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
+Object *tcetobj = OBJECT(tcet);
+char tmp[32];
 
 tcet->fd = -1;
 
-memory_region_init_iommu(&tcet->iommu, OBJECT(dev), &spapr_iommu_ops,
- "iommu-spapr", 0);
+snprintf(tmp, sizeof(tmp), "tce-root-%x", tcet->liobn);
+memory_region_init(&tcet->root, tcetobj, tmp, UINT64_MAX);
+
+snprintf(tmp, sizeof(tmp), "tce-iommu-%x", tcet->liobn);
+memory_region_init_iommu(&tcet->iommu, tcetobj, &spapr_iommu_ops, tmp, 0);
 
 QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
 
@@ -221,6 +226,7 @@ static void spapr_tce_table_do_enable(sPAPRTCETable *tcet, 
bool vfio_accel)
 
 memory_region_set_size(&tcet->iommu,
(uint64_t)tcet->nb_table << tcet->page_shift);
+memory_region_add_subregion(&tcet->root, tcet->bus_offset, &tcet->iommu);
 
 tcet->enabled = true;
 }
@@ -246,6 +252,7 @@ void spapr_tce_table_disable(sPAPRTCETable *tcet)
 return;
 }
 
+memory_region_del_subregion(&tcet->root, &tcet->iommu);
 memory_region_set_size(&tcet->iommu, 0);
 
 spapr_tce_free_table(tcet->table, tcet->fd, tcet->nb_table);
@@ -268,7 +275,7 @@ static void spapr_tce_table_unrealize(DeviceState *dev, 
Error **errp)
 
 MemoryRegion *spapr_tce_get_iommu(sPAPRTCETable *tcet)
 {
-return &tcet->iommu;
+return &tcet->root;
 }
 
 static void spapr_tce_reset(DeviceState *dev)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 3ddd72f..e27ca15 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1405,7 +1405,7 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 error_setg(errp, "failed to create TCE table");
 return;
 }
-memory_region_add_subregion(&sphb->iommu_root, tcet->bus_offset,
+memory_region_add_subregion(&sphb->iommu_root, 0,
 spapr_tce_get_iommu(tcet));
 
 sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free);
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 1da0ade..e32e787 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -560,7 +560,7 @@ struct sPAPRTCETable {
 uint64_t *table;
 bool bypass;
 int fd;
-MemoryRegion iommu;
+MemoryRegion root, iommu;
 struct VIOsPAPRDevice *vdev; /* for @bypass migration compatibility only */
 QLIST_ENTRY(sPAPRTCETable) list;
 };
-- 
2.4.0.rc3.8.gfb3e7d5

[Qemu-devel] [PATCH qemu v10 04/14] spapr_iommu: Move table allocation to helpers

2015-07-05 Thread Alexey Kardashevskiy 
At the moment presence of vfio-pci devices on a bus affect the way
the guest view table is allocated. If there is no vfio-pci on a PHB
and the host kernel supports KVM acceleration of H_PUT_TCE, a table
is allocated in KVM. However, if there is vfio-pci and we do yet not
KVM acceleration for these, the table has to be allocated by
the userspace. At the moment the table is allocated once at boot time
but next patches will reallocate it.

This moves kvmppc_create_spapr_tce/g_malloc0 and their counterparts
to helpers.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_iommu.c | 58 +++-
 trace-events |  2 +-
 2 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index f61504e..0cf5010 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -74,6 +74,37 @@ static IOMMUAccessFlags 
spapr_tce_iommu_access_flags(uint64_t tce)
 }
 }
 
+static uint64_t *spapr_tce_alloc_table(uint32_t liobn,
+   uint32_t nb_table,
+   uint32_t page_shift,
+   int *fd,
+   bool vfio_accel)
+{
+uint64_t *table = NULL;
+uint64_t window_size = (uint64_t)nb_table << page_shift;
+
+if (kvm_enabled() && !(window_size >> 32)) {
+table = kvmppc_create_spapr_tce(liobn, window_size, fd, vfio_accel);
+}
+
+if (!table) {
+*fd = -1;
+table = g_malloc0(nb_table * sizeof(uint64_t));
+}
+
+trace_spapr_iommu_alloc_table(liobn, table, *fd);
+
+return table;
+}
+
+static void spapr_tce_free_table(uint64_t *table, int fd, uint32_t nb_table)
+{
+if (!kvm_enabled() ||
+(kvmppc_remove_spapr_tce(table, fd, nb_table) != 0)) {
+g_free(table);
+}
+}
+
 /* Called from RCU critical section */
 static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr 
addr,
bool is_write)
@@ -140,21 +171,13 @@ static MemoryRegionIOMMUOps spapr_iommu_ops = {
 static int spapr_tce_table_realize(DeviceState *dev)
 {
 sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
-uint64_t window_size = (uint64_t)tcet->nb_table << tcet->page_shift;
 
-if (kvm_enabled() && !(window_size >> 32)) {
-tcet->table = kvmppc_create_spapr_tce(tcet->liobn,
-  window_size,
-  &tcet->fd,
-  tcet->vfio_accel);
-}
-
-if (!tcet->table) {
-size_t table_size = tcet->nb_table * sizeof(uint64_t);
-tcet->table = g_malloc0(table_size);
-}
-
-trace_spapr_iommu_new_table(tcet->liobn, tcet, tcet->table, tcet->fd);
+tcet->fd = -1;
+tcet->table = spapr_tce_alloc_table(tcet->liobn,
+tcet->nb_table,
+tcet->page_shift,
+&tcet->fd,
+tcet->vfio_accel);
 
 memory_region_init_iommu(&tcet->iommu, OBJECT(dev), &spapr_iommu_ops,
  "iommu-spapr",
@@ -208,11 +231,8 @@ static void spapr_tce_table_unrealize(DeviceState *dev, 
Error **errp)
 
 QLIST_REMOVE(tcet, list);
 
-if (!kvm_enabled() ||
-(kvmppc_remove_spapr_tce(tcet->table, tcet->fd,
- tcet->nb_table) != 0)) {
-g_free(tcet->table);
-}
+spapr_tce_free_table(tcet->table, tcet->fd, tcet->nb_table);
+tcet->fd = -1;
 }
 
 MemoryRegion *spapr_tce_get_iommu(sPAPRTCETable *tcet)
diff --git a/trace-events b/trace-events
index 52b7efa..a93af9a 100644
--- a/trace-events
+++ b/trace-events
@@ -1362,7 +1362,7 @@ spapr_iommu_pci_get(uint64_t liobn, uint64_t ioba, 
uint64_t ret, uint64_t tce) "
 spapr_iommu_pci_indirect(uint64_t liobn, uint64_t ioba, uint64_t tce, uint64_t 
iobaN, uint64_t tceN, uint64_t ret) "liobn=%"PRIx64" ioba=0x%"PRIx64" 
tcelist=0x%"PRIx64" iobaN=0x%"PRIx64" tceN=0x%"PRIx64" ret=%"PRId64
 spapr_iommu_pci_stuff(uint64_t liobn, uint64_t ioba, uint64_t tce_value, 
uint64_t npages, uint64_t ret) "liobn=%"PRIx64" ioba=0x%"PRIx64" 
tcevalue=0x%"PRIx64" npages=%"PRId64" ret=%"PRId64
 spapr_iommu_xlate(uint64_t liobn, uint64_t ioba, uint64_t tce, unsigned perm, 
unsigned pgsize) "liobn=%"PRIx64" 0x%"PRIx64" -> 0x%"PRIx64" perm=%u mask=%x"
-spapr_iommu_new_table(uint64_t liobn, void *tcet, void *table, int fd) 
"liobn=%"PRIx64" tcet=%p table=%p fd=%d"
+spapr_iommu_alloc_table(uint64_t liobn, void *table, int fd) "liobn=%"PRIx64" 
table=%p fd=%d"
 
 # hw/ppc/ppc.c
 ppc_tb_adjust(uint64_t offs1, uint64_t offs2, int64_t diff, int64_t seconds) 
"adjusted from 0x%"PRIx64" to 0x%"PRIx64", diff %"PRId64" (%"PRId64"s)"
-- 
2.4.0.rc3.8.gfb3e7d5

[Qemu-devel] [PATCH qemu v10 03/14] spapr_pci: Convert finish_realize() to dma_capabilities_update()+dma_init_window()

2015-07-05 Thread Alexey Kardashevskiy 
This reworks finish_realize() which used to finalize DMA setup with
an assumption that it will not change later.

New callbacks supports various window parameters such as page and
windows sizes. The new callback return error code rather than Error**.

This is a mechanical change so no change in behaviour is expected.
This is a part of getting rid of spapr-pci-vfio-host-bridge type.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v8:
* moved spapr_phb_dma_capabilities_update() higher to avoid forward
declaration in following patches and keep DMA code together (i.e. next
to spapr_pci_dma_iommu())
---
 hw/ppc/spapr_pci.c  | 59 ++---
 hw/ppc/spapr_pci_vfio.c | 53 
 include/hw/pci-host/spapr.h |  8 +-
 3 files changed, 62 insertions(+), 58 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index a8f79d8..c1ca13d 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -808,6 +808,28 @@ static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, 
PCIDevice *pdev)
 return buf;
 }
 
+static int spapr_phb_dma_capabilities_update(sPAPRPHBState *sphb)
+{
+sphb->dma32_window_start = 0;
+sphb->dma32_window_size = SPAPR_PCI_DMA32_SIZE;
+
+return 0;
+}
+
+static int spapr_phb_dma_init_window(sPAPRPHBState *sphb,
+ uint32_t liobn, uint32_t page_shift,
+ uint64_t window_size)
+{
+uint64_t bus_offset = sphb->dma32_window_start;
+sPAPRTCETable *tcet;
+
+tcet = spapr_tce_new_table(DEVICE(sphb), liobn, bus_offset, page_shift,
+   window_size >> page_shift,
+   false);
+
+return tcet ? 0 : -1;
+}
+
 /* Macros to operate with address in OF binding to PCI */
 #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
 #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
@@ -1220,6 +1242,7 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 int i;
 PCIBus *bus;
 uint64_t msi_window_size = 4096;
+sPAPRTCETable *tcet;
 
 if (sphb->index != (uint32_t)-1) {
 hwaddr windows_base;
@@ -1369,33 +1392,18 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
 }
 }
 
-if (!info->finish_realize) {
-error_setg(errp, "finish_realize not defined");
-return;
-}
-
-info->finish_realize(sphb, errp);
-
-sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free);
-}
-
-static void spapr_phb_finish_realize(sPAPRPHBState *sphb, Error **errp)
-{
-sPAPRTCETable *tcet;
-uint32_t nb_table;
-
-nb_table = SPAPR_PCI_DMA32_SIZE >> SPAPR_TCE_PAGE_SHIFT;
-tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn,
-   0, SPAPR_TCE_PAGE_SHIFT, nb_table, false);
+info->dma_capabilities_update(sphb);
+info->dma_init_window(sphb, sphb->dma_liobn, SPAPR_TCE_PAGE_SHIFT,
+  sphb->dma32_window_size);
+tcet = spapr_tce_find_by_liobn(sphb->dma_liobn);
 if (!tcet) {
-error_setg(errp, "Unable to create TCE table for %s",
-   sphb->dtbusname);
-return ;
+error_setg(errp, "failed to create TCE table");
+return;
 }
-
-/* Register default 32bit DMA window */
-memory_region_add_subregion(&sphb->iommu_root, 0,
+memory_region_add_subregion(&sphb->iommu_root, tcet->bus_offset,
 spapr_tce_get_iommu(tcet));
+
+sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free);
 }
 
 static int spapr_phb_children_reset(Object *child, void *opaque)
@@ -1543,9 +1551,10 @@ static void spapr_phb_class_init(ObjectClass *klass, 
void *data)
 dc->vmsd = &vmstate_spapr_pci;
 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
 dc->cannot_instantiate_with_device_add_yet = false;
-spc->finish_realize = spapr_phb_finish_realize;
 hp->plug = spapr_phb_hot_plug_child;
 hp->unplug = spapr_phb_hot_unplug_child;
+spc->dma_capabilities_update = spapr_phb_dma_capabilities_update;
+spc->dma_init_window = spapr_phb_dma_init_window;
 }
 
 static const TypeInfo spapr_phb_info = {
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index cca45ed..6e3e17b 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -28,48 +28,36 @@ static Property spapr_phb_vfio_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
-static void spapr_phb_vfio_finish_realize(sPAPRPHBState *sphb, Error **errp)
+static int spapr_phb_vfio_dma_capabilities_update(sPAPRPHBState *sphb)
 {
 sPAPRPHBVFIOState *svphb = SPAPR_PCI_VFIO_HOST_BRIDGE(sphb);
 struct vfio_iommu_spapr_tce_info info = { .argsz = sizeof(info) };
 int ret;
-sPAPRTCETable *tcet;
-uint32_t liobn = svphb->phb.dma_liobn;
 
-if (svphb->iommugroupid == -1) {
-error_setg(errp, "Wrong IOMM

[Qemu-devel] [PATCH qemu v10 00/14] spapr: vfio: Enable Dynamic DMA windows (DDW)

2015-07-05 Thread Alexey Kardashevskiy 

(cut-n-paste from kernel patchset)

Each Partitionable Endpoint (IOMMU group) has an address range on a PCI bus
where devices are allowed to do DMA. These ranges are called DMA windows.
By default, there is a single DMA window, 1 or 2GB big, mapped at zero
on a PCI bus.

PAPR defines a DDW RTAS API which allows pseries guests
querying the hypervisor about DDW support and capabilities (page size mask
for now). A pseries guest may request an additional (to the default)
DMA windows using this RTAS API.
The existing pseries Linux guests request an additional window as big as
the guest RAM and map the entire guest window which effectively creates
direct mapping of the guest memory to a PCI bus.

This patchset reworks PPC64 IOMMU code and adds necessary structures
to support big windows.

Once a Linux guest discovers the presence of DDW, it does:
1. query hypervisor about number of available windows and page size masks;
2. create a window with the biggest possible page size (today 4K/64K/16M);
3. map the entire guest RAM via H_PUT_TCE* hypercalls;
4. switche dma_ops to direct_dma_ops on the selected PE.

Once this is done, H_PUT_TCE is not called anymore for 64bit devices and
the guest does not waste time on DMA map/unmap operations.

Note that 32bit devices won't use DDW and will keep using the default
DMA window so KVM optimizations will be required (to be posted later).

This patchset adds DDW support for pseries. The host kernel changes are
required, available in the current upstream.

This patchset is based on git://github.com/dgibson/qemu.git spapr-next branch.

Please comment. Thanks!

Changes:
v10:
* reworked "spapr_pci: Enable vfio-pci hotplug"
* added "vfio: Unregister IOMMU notifiers when container is destroyed"
* updated kernel header update with a tag

v9:
* removed "vfio: spapr: Move SPAPR-related code to a separate file"
* rebased on top of current dwg/spapr-next
* moved hw/vfio/* related patches to the end of the patchset
* included kernel headers update
* reworked "spapr_pci: Enable vfio-pci hotplug" a lot

v8:
* reworked unreferencing in "spapr_iommu: Introduce "enabled" state for TCE 
table"
* added clean-up patch "spapr_iommu: Remove vfio_accel flag from sPAPRTCETable"
* rebased on latest spapr-next

v7:
* bunch of cleanups, renames after David+Thomas+Michael review
* patches are reorganized and those which do not need the host kernel headers
update are put first and can be pulled if these are good enough :)

v6:
* spapr-pci-vfio-host-bridge is now a synonim of spapr-pci-host-bridge -
same PHB can host emulated and VFIO devices
* changed patches order
* lot of small changes

v5:
* TCE tables got "enabled" state and are persistent, i.e. not recreated
every reboot
* added v2 of SPAPR_TCE_IOMMU
* fixed migration for emulated PHB with enabled DDW
* huge pile of other changes

v4:
* reimplemented the whole thing
* machine reset and ddw-reset RTAS call both remove all TCE tables and
create the default one
* IOMMU group id is not needed to use VFIO PHB anymore, multiple groups
are supported on the same VFIO container and virtual PHB

v3:
* removed "reset" from API now
* reworked machine versions
* applied multiple comments
* includes David's machine QOM rework as this patchset adds a new machine type

v2:
* tested on emulated PHB
* removed "ddw" machine property, now it is PHB property
* disabled by default
* defined "pseries-2.2" machine which enables DDW by default
* fixed reset() and reference counting




Alexey Kardashevskiy (14):
  linux-headers: Update to 4.2-rc1
  vmstate: Define VARRAY with VMS_ALLOC
  spapr_pci: Convert finish_realize() to
dma_capabilities_update()+dma_init_window()
  spapr_iommu: Move table allocation to helpers
  spapr_iommu: Introduce "enabled" state for TCE table
  spapr_iommu: Remove vfio_accel flag from sPAPRTCETable
  spapr_iommu: Add root memory region
  spapr_pci: Do complete reset of DMA config when resetting PHB
  spapr_vfio_pci: Remove redundant spapr-pci-vfio-host-bridge
  spapr_pci: Enable vfio-pci hotplug
  spapr_pci_vfio: Enable multiple groups per container
  vfio: Unregister IOMMU notifiers when container is destroyed
  vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering)
  spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)

 hw/ppc/Makefile.objs|   3 +
 hw/ppc/spapr.c  |   5 +
 hw/ppc/spapr_iommu.c| 207 +---
 hw/ppc/spapr_pci.c  | 293 +--
 hw/ppc/spapr_pci_vfio.c | 191 ---
 hw/ppc/spapr_rtas_ddw.c | 300 
 hw/ppc/spapr_vio.c  |   9 +-
 hw/vfio/common.c| 139 +--
 include/hw/pci-host/spapr.h |  50 +++-
 include/hw/ppc/spapr.h  |  33 ++-
 include/hw/vfio/vfio-common.h   |   3

[Qemu-devel] [PATCH qemu v10 13/14] vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering)

2015-07-05 Thread Alexey Kardashevskiy 
This makes use of the new "memory registering" feature. The idea is
to provide the userspace ability to notify the host kernel about pages
which are going to be used for DMA. Having this information, the host
kernel can pin them all once per user process, do locked pages
accounting (once) and not spent time on doing that in real time with
possible failures which cannot be handled nicely in some cases.

This adds a guest RAM memory listener which notifies a VFIO container
about memory which needs to be pinned/unpinned. VFIO MMIO regions
(i.e. "skip dump" regions) are skipped.

The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
not call it when v2 is detected and enabled.

This does not change the guest visible interface.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v9:
* since there is no more SPAPR-specific data in container::iommu_data,
the memory preregistration fields are common and potentially can be used
by other architectures

v7:
* in vfio_spapr_ram_listener_region_del(), do unref() after ioctl()
* s'ramlistener'register_listener'

v6:
* fixed commit log (s/guest/userspace/), added note about no guest visible
change
* fixed error checking if ram registration failed
* added alignment check for section->offset_within_region

v5:
* simplified the patch
* added trace points
* added round_up() for the size
* SPAPR IOMMU v2 used
---
 hw/vfio/common.c  | 109 ++
 include/hw/vfio/vfio-common.h |   3 ++
 trace-events  |   1 +
 3 files changed, 104 insertions(+), 9 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 8eacfd7..0c7ba8c 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -488,6 +488,76 @@ static void vfio_listener_release(VFIOContainer *container)
 memory_listener_unregister(&container->iommu_data.type1.listener);
 }
 
+static void vfio_ram_do_region(VFIOContainer *container,
+  MemoryRegionSection *section, unsigned long req)
+{
+int ret;
+struct vfio_iommu_spapr_register_memory reg = { .argsz = sizeof(reg) };
+
+if (!memory_region_is_ram(section->mr) ||
+memory_region_is_skip_dump(section->mr)) {
+return;
+}
+
+if (unlikely((section->offset_within_region & (getpagesize() - 1 {
+error_report("%s received unaligned region", __func__);
+return;
+}
+
+reg.vaddr = (__u64) memory_region_get_ram_ptr(section->mr) +
+section->offset_within_region;
+reg.size = ROUND_UP(int128_get64(section->size), TARGET_PAGE_SIZE);
+
+ret = ioctl(container->fd, req, ®);
+trace_vfio_ram_register(_IOC_NR(req) - VFIO_BASE, reg.vaddr, reg.size,
+ret ? -errno : 0);
+if (!ret) {
+return;
+}
+
+/*
+ * On the initfn path, store the first error in the container so we
+ * can gracefully fail.  Runtime, there's not much we can do other
+ * than throw a hardware error.
+ */
+if (!container->iommu_data.ram_reg_initialized) {
+if (!container->iommu_data.ram_reg_error) {
+container->iommu_data.ram_reg_error = -errno;
+}
+} else {
+hw_error("vfio: RAM registering failed, unable to continue");
+}
+}
+
+static void vfio_ram_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+VFIOContainer *container = container_of(listener, VFIOContainer,
+iommu_data.register_listener);
+memory_region_ref(section->mr);
+vfio_ram_do_region(container, section, VFIO_IOMMU_SPAPR_REGISTER_MEMORY);
+}
+
+static void vfio_ram_listener_region_del(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+VFIOContainer *container = container_of(listener, VFIOContainer,
+iommu_data.register_listener);
+vfio_ram_do_region(container, section, VFIO_IOMMU_SPAPR_UNREGISTER_MEMORY);
+memory_region_unref(section->mr);
+}
+
+static const MemoryListener vfio_ram_memory_listener = {
+.region_add = vfio_ram_listener_region_add,
+.region_del = vfio_ram_listener_region_del,
+};
+
+static void vfio_spapr_listener_release_v2(VFIOContainer *container)
+{
+memory_listener_unregister(&container->iommu_data.register_listener);
+vfio_listener_release(container);
+}
+
 int vfio_mmap_region(Object *obj, VFIORegion *region,
  MemoryRegion *mem, MemoryRegion *submem,
  void **map, size_t size, off_t offset,
@@ -698,14 +768,18 @@ static int vfio_connect_container(VFIOGroup *group, 
AddressSpace *as)
 
 container->iommu_data.type1.initialized = true;
 
-} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_IOMMU)) {
+} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_

[Qemu-devel] [PATCH qemu v10 11/14] spapr_pci_vfio: Enable multiple groups per container

2015-07-05 Thread Alexey Kardashevskiy 
This enables multiple IOMMU groups in one VFIO container which means
that multiple devices from different groups can share the same IOMMU
table (or tables if DDW).

This removes a group id from vfio_container_ioctl(). The kernel support
is required for this; if the host kernel does not have the support,
it will allow only one group per container. The PHB's "iommuid" property
is ignored. The ioctl is called for every container attached to
the address space. At the moment there is just one container anyway.

If there is no container attached to the address space,
vfio_container_do_ioctl() returns -1.

This removes casts to sPAPRPHBVFIOState as none of sPAPRPHBVFIOState
members is accessed here.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_pci_vfio.c | 17 ++---
 hw/vfio/common.c| 20 ++--
 include/hw/vfio/vfio.h  |  2 +-
 3 files changed, 13 insertions(+), 26 deletions(-)

diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index 04ca4cf..fe7d7d1 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -33,7 +33,7 @@ int spapr_phb_vfio_dma_capabilities_update(sPAPRPHBState 
*sphb)
 struct vfio_iommu_spapr_tce_info info = { .argsz = sizeof(info) };
 int ret;
 
-ret = vfio_container_ioctl(&sphb->iommu_as, sphb->iommugroupid,
+ret = vfio_container_ioctl(&sphb->iommu_as,
VFIO_IOMMU_SPAPR_TCE_GET_INFO, &info);
 if (ret) {
 return ret;
@@ -59,8 +59,7 @@ void spapr_phb_vfio_eeh_reenable(sPAPRPHBState *sphb)
  * ensures that the contained PCI devices will work properly
  * after reboot.
  */
-vfio_container_ioctl(&sphb->iommu_as,
- sphb->iommugroupid, VFIO_EEH_PE_OP, &op);
+vfio_container_ioctl(&sphb->iommu_as, VFIO_EEH_PE_OP, &op);
 }
 
 int spapr_phb_vfio_eeh_set_option(sPAPRPHBState *sphb,
@@ -86,8 +85,7 @@ int spapr_phb_vfio_eeh_set_option(sPAPRPHBState *sphb,
 return RTAS_OUT_PARAM_ERROR;
 }
 
-ret = vfio_container_ioctl(&sphb->iommu_as, sphb->iommugroupid,
-   VFIO_EEH_PE_OP, &op);
+ret = vfio_container_ioctl(&sphb->iommu_as, VFIO_EEH_PE_OP, &op);
 if (ret < 0) {
 return RTAS_OUT_HW_ERROR;
 }
@@ -101,8 +99,7 @@ int spapr_phb_vfio_eeh_get_state(sPAPRPHBState *sphb, int 
*state)
 int ret;
 
 op.op = VFIO_EEH_PE_GET_STATE;
-ret = vfio_container_ioctl(&sphb->iommu_as, sphb->iommugroupid,
-   VFIO_EEH_PE_OP, &op);
+ret = vfio_container_ioctl(&sphb->iommu_as, VFIO_EEH_PE_OP, &op);
 if (ret < 0) {
 return RTAS_OUT_PARAM_ERROR;
 }
@@ -175,8 +172,7 @@ int spapr_phb_vfio_eeh_reset(sPAPRPHBState *sphb, int 
option)
 return RTAS_OUT_PARAM_ERROR;
 }
 
-ret = vfio_container_ioctl(&sphb->iommu_as, sphb->iommugroupid,
-   VFIO_EEH_PE_OP, &op);
+ret = vfio_container_ioctl(&sphb->iommu_as, VFIO_EEH_PE_OP, &op);
 if (ret < 0) {
 return RTAS_OUT_HW_ERROR;
 }
@@ -190,8 +186,7 @@ int spapr_phb_vfio_eeh_configure(sPAPRPHBState *sphb)
 int ret;
 
 op.op = VFIO_EEH_PE_CONFIGURE;
-ret = vfio_container_ioctl(&sphb->iommu_as, sphb->iommugroupid,
-   VFIO_EEH_PE_OP, &op);
+ret = vfio_container_ioctl(&sphb->iommu_as, VFIO_EEH_PE_OP, &op);
 if (ret < 0) {
 return RTAS_OUT_PARAM_ERROR;
 }
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index b1045da..89ef37b 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -918,34 +918,26 @@ void vfio_put_base_device(VFIODevice *vbasedev)
 close(vbasedev->fd);
 }
 
-static int vfio_container_do_ioctl(AddressSpace *as, int32_t groupid,
+static int vfio_container_do_ioctl(AddressSpace *as,
int req, void *param)
 {
-VFIOGroup *group;
 VFIOContainer *container;
 int ret = -1;
+VFIOAddressSpace *space = vfio_get_address_space(as);
 
-group = vfio_get_group(groupid, as);
-if (!group) {
-error_report("vfio: group %d not registered", groupid);
-return ret;
-}
-
-container = group->container;
-if (group->container) {
+QLIST_FOREACH(container, &space->containers, next) {
 ret = ioctl(container->fd, req, param);
 if (ret < 0) {
 error_report("vfio: failed to ioctl %d to container: ret=%d, %s",
  _IOC_NR(req) - VFIO_BASE, ret, strerror(errno));
+return -errno;
 }
 }
 
-vfio_put_group(group);
-
 return ret;
 }
 
-int vfio_container_ioctl(AddressSpace *as, int32_t groupid,
+int vfio_container_ioctl(AddressSpace *as,
  int req, void *param)
 {
 /* We allow only certain ioctls to the container */
@@ -960,5 +952,5 @@ int vfio_container_ioctl(AddressSpace *as, int32_t groupid,
 return -1;
 }
 
-return vfio_container_do_ioctl(as, groupid, req, param);
+ret

[Qemu-devel] [PATCH qemu v10 06/14] spapr_iommu: Remove vfio_accel flag from sPAPRTCETable

2015-07-05 Thread Alexey Kardashevskiy 
sPAPRTCETable has a vfio_accel flag which is passed to
kvmppc_create_spapr_tce() and controls whether to create a guest view
table in KVM as this depends on the host kernel ability to accelerate
H_PUT_TCE for VFIO devices. We would set this flag at the moment
when sPAPRTCETable is created in spapr_tce_new_table() and
use when the table is allocated in spapr_tce_table_realize().

Now we explicitly enable/disable DMA windows via spapr_tce_table_enable()
and spapr_tce_table_disable() and can pass this flag directly without
caching it in sPAPRTCETable.

This removes the flag. This should cause no behavioural change.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v8:
* new to patchset, this is cleanup
---
 hw/ppc/spapr_iommu.c   | 8 +++-
 include/hw/ppc/spapr.h | 1 -
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index fbca136..1378a7a 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -207,7 +207,7 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, 
uint32_t liobn)
 return tcet;
 }
 
-static void spapr_tce_table_do_enable(sPAPRTCETable *tcet)
+static void spapr_tce_table_do_enable(sPAPRTCETable *tcet, bool vfio_accel)
 {
 if (!tcet->nb_table) {
 return;
@@ -217,7 +217,7 @@ static void spapr_tce_table_do_enable(sPAPRTCETable *tcet)
 tcet->nb_table,
 tcet->page_shift,
 &tcet->fd,
-tcet->vfio_accel);
+vfio_accel);
 
 memory_region_set_size(&tcet->iommu,
(uint64_t)tcet->nb_table << tcet->page_shift);
@@ -236,9 +236,8 @@ void spapr_tce_table_enable(sPAPRTCETable *tcet,
 tcet->bus_offset = bus_offset;
 tcet->page_shift = page_shift;
 tcet->nb_table = nb_table;
-tcet->vfio_accel = vfio_accel;
 
-spapr_tce_table_do_enable(tcet);
+spapr_tce_table_do_enable(tcet, vfio_accel);
 }
 
 void spapr_tce_table_disable(sPAPRTCETable *tcet)
@@ -256,7 +255,6 @@ void spapr_tce_table_disable(sPAPRTCETable *tcet)
 tcet->bus_offset = 0;
 tcet->page_shift = 0;
 tcet->nb_table = 0;
-tcet->vfio_accel = false;
 }
 
 static void spapr_tce_table_unrealize(DeviceState *dev, Error **errp)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index ed68c95..1da0ade 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -559,7 +559,6 @@ struct sPAPRTCETable {
 uint32_t page_shift;
 uint64_t *table;
 bool bypass;
-bool vfio_accel;
 int fd;
 MemoryRegion iommu;
 struct VIOsPAPRDevice *vdev; /* for @bypass migration compatibility only */
-- 
2.4.0.rc3.8.gfb3e7d5

[Qemu-devel] [PATCH qemu v10 01/14] linux-headers: Update to 4.2-rc1

2015-07-05 Thread Alexey Kardashevskiy 
This updates linux-headers against master 4.2-rc1 (commit
d770e558e21961ad6cfdf0ff7df0eb5d7d4f0754). This is the result of
./scripts/update-linux-headers.sh work.

Cc: Paolo Bonzini 
Cc: Michael S. Tsirkin 
Signed-off-by: Alexey Kardashevskiy 
---

This is for DDW support on sPAPR.
---
 include/standard-headers/linux/input.h  |  10 +-
 include/standard-headers/linux/virtio_balloon.h |   1 +
 include/standard-headers/linux/virtio_gpu.h |   2 +
 linux-headers/asm-x86/hyperv.h  |  11 ++
 linux-headers/linux/kvm.h   |   2 +-
 linux-headers/linux/vfio.h  | 102 -
 linux-headers/linux/virtio_pci.h| 192 
 7 files changed, 121 insertions(+), 199 deletions(-)
 delete mode 100644 linux-headers/linux/virtio_pci.h

diff --git a/include/standard-headers/linux/input.h 
b/include/standard-headers/linux/input.h
index b94d365..a459dd2 100644
--- a/include/standard-headers/linux/input.h
+++ b/include/standard-headers/linux/input.h
@@ -367,7 +367,8 @@ struct input_keymap_entry {
 #define KEY_MSDOS  151
 #define KEY_COFFEE 152 /* AL Terminal Lock/Screensaver */
 #define KEY_SCREENLOCK KEY_COFFEE
-#define KEY_DIRECTION  153
+#define KEY_ROTATE_DISPLAY 153 /* Display orientation for e.g. tablets 
*/
+#define KEY_DIRECTION  KEY_ROTATE_DISPLAY
 #define KEY_CYCLEWINDOWS   154
 #define KEY_MAIL   155
 #define KEY_BOOKMARKS  156 /* AC Bookmarks */
@@ -700,6 +701,10 @@ struct input_keymap_entry {
 #define KEY_NUMERIC_9  0x209
 #define KEY_NUMERIC_STAR   0x20a
 #define KEY_NUMERIC_POUND  0x20b
+#define KEY_NUMERIC_A  0x20c   /* Phone key A - HUT Telephony 0xb9 */
+#define KEY_NUMERIC_B  0x20d
+#define KEY_NUMERIC_C  0x20e
+#define KEY_NUMERIC_D  0x20f
 
 #define KEY_CAMERA_FOCUS   0x210
 #define KEY_WPS_BUTTON 0x211   /* WiFi Protected Setup key */
@@ -971,7 +976,8 @@ struct input_keymap_entry {
  */
 #define MT_TOOL_FINGER 0
 #define MT_TOOL_PEN1
-#define MT_TOOL_MAX1
+#define MT_TOOL_PALM   2
+#define MT_TOOL_MAX2
 
 /*
  * Values describing the status of a force-feedback effect
diff --git a/include/standard-headers/linux/virtio_balloon.h 
b/include/standard-headers/linux/virtio_balloon.h
index 88ada1d..2e2a6dc 100644
--- a/include/standard-headers/linux/virtio_balloon.h
+++ b/include/standard-headers/linux/virtio_balloon.h
@@ -26,6 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE. */
 #include "standard-headers/linux/types.h"
+#include "standard-headers/linux/virtio_types.h"
 #include "standard-headers/linux/virtio_ids.h"
 #include "standard-headers/linux/virtio_config.h"
 
diff --git a/include/standard-headers/linux/virtio_gpu.h 
b/include/standard-headers/linux/virtio_gpu.h
index cfcfb46..72ef815 100644
--- a/include/standard-headers/linux/virtio_gpu.h
+++ b/include/standard-headers/linux/virtio_gpu.h
@@ -38,6 +38,8 @@
 #ifndef VIRTIO_GPU_HW_H
 #define VIRTIO_GPU_HW_H
 
+#include "standard-headers/linux/types.h"
+
 enum virtio_gpu_ctrl_type {
VIRTIO_GPU_UNDEFINED = 0,
 
diff --git a/linux-headers/asm-x86/hyperv.h b/linux-headers/asm-x86/hyperv.h
index ce6068d..8fba544 100644
--- a/linux-headers/asm-x86/hyperv.h
+++ b/linux-headers/asm-x86/hyperv.h
@@ -199,6 +199,17 @@
 #define HV_X64_MSR_STIMER3_CONFIG  0x40B6
 #define HV_X64_MSR_STIMER3_COUNT   0x40B7
 
+/* Hyper-V guest crash notification MSR's */
+#define HV_X64_MSR_CRASH_P00x4100
+#define HV_X64_MSR_CRASH_P10x4101
+#define HV_X64_MSR_CRASH_P20x4102
+#define HV_X64_MSR_CRASH_P30x4103
+#define HV_X64_MSR_CRASH_P40x4104
+#define HV_X64_MSR_CRASH_CTL   0x4105
+#define HV_X64_MSR_CRASH_CTL_NOTIFY(1ULL << 63)
+#define HV_X64_MSR_CRASH_PARAMS\
+   (1 + (HV_X64_MSR_CRASH_P4 - HV_X64_MSR_CRASH_P0))
+
 #define HV_X64_MSR_HYPERCALL_ENABLE0x0001
 #define HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_SHIFT12
 #define HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_MASK \
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index fad9e5c..3bac873 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -897,7 +897,7 @@ struct kvm_xen_hvm_config {
  *
  * KVM_IRQFD_FLAG_RESAMPLE indicates resamplefd is valid and specifies
  * the irqfd to operate in resampling mode for level triggered interrupt
- * emlation.  See Documentation/virtual/kvm/api.txt.
+ * emulation.  See Documentation/virtual/kvm/api.txt.
  */
 #define KVM_IRQFD_FLAG_RESAMPLE (1 << 1)
 
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 0508d0b..aa276bc 100644
--- a/linux-headers/linux/vfio.h
+++

[Qemu-devel] [PATCH qemu v10 10/14] spapr_pci: Enable vfio-pci hotplug

2015-07-05 Thread Alexey Kardashevskiy 
sPAPR IOMMU is managing two copies of an TCE table:
1) a guest view of the table - this is what emulated devices use and
this is where H_GET_TCE reads from;
2) a hardware TCE table - only present if there is at least one vfio-pci
device on a PHB; it is updated via a memory listener on a PHB address
space which forwards map/unmap requests to vfio-pci IOMMU host driver.

At the moment presence of vfio-pci devices on a bus affect the way
the guest view table is allocated. If there is no vfio-pci on a PHB
and the host kernel supports KVM acceleration of H_PUT_TCE, a table
is allocated in KVM. However, if there is vfio-pci and we do yet not
support KVM acceleration for these, the table has to be allocated
by the userspace.

When vfio-pci device is hotplugged and there were no vfio-pci devices
already, the guest view table could have been allocated by KVM which
means that H_PUT_TCE is handled by the host kernel and since we
do not support vfio-pci in KVM, the hardware table will not be updated.

This reallocates the guest view table in QEMU if the first vfio-pci
device has just been plugged. spapr_tce_realloc_userspace() handles this.

This replays all the mappings to make sure that the tables are in sync.
This will not have a visible effect though as for a new device
the guest kernel will allocate-and-map new addresses and therefore
existing mappings from emulated devices will not be used by vfio-pci
devices.

This adds calls to spapr_phb_dma_capabilities_update() in PCI hotplug
hooks.

Signed-off-by: Alexey Kardashevskiy 
---
Changes:
v10:
* removed unnecessary  memory_region_del_subregion() and
memory_region_add_subregion() as
"vfio: Unregister IOMMU notifiers when container is destroyed" removes
notifiers in a more correct way

v9:
* spapr_phb_hotplug_dma_sync() enumerates TCE tables explicitely rather than
via object_child_foreach()
* spapr_phb_hotplug_dma_sync() does memory_region_del_subregion() +
memory_region_add_subregion() as otherwise vfio_listener_region_del() is not
called and we end up with vfio_iommu_map_notify registered twice (comments 
welcome!)
if we do hotplug+hotunplug+hotplug of the same device.
* moved spapr_phb_hotplug_dma_sync() on unplug event to rcu as before calling
spapr_phb_hotplug_dma_sync(), we need VFIO to release the container, otherwise
spapr_phb_dma_capabilities_update() will decide that the PHB still has VFIO 
device.
Actual VFIO PCI device release happens from rcu and since we add ours later,
it gets executed later and we are good.
---
 hw/ppc/spapr_iommu.c| 51 ++---
 hw/ppc/spapr_pci.c  | 47 +
 include/hw/pci-host/spapr.h |  1 +
 include/hw/ppc/spapr.h  |  2 ++
 trace-events|  2 ++
 5 files changed, 100 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 45c00d8..2d99c3b 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -78,12 +78,13 @@ static uint64_t *spapr_tce_alloc_table(uint32_t liobn,
uint32_t nb_table,
uint32_t page_shift,
int *fd,
-   bool vfio_accel)
+   bool vfio_accel,
+   bool force_userspace)
 {
 uint64_t *table = NULL;
 uint64_t window_size = (uint64_t)nb_table << page_shift;
 
-if (kvm_enabled() && !(window_size >> 32)) {
+if (kvm_enabled() && !force_userspace && !(window_size >> 32)) {
 table = kvmppc_create_spapr_tce(liobn, window_size, fd, vfio_accel);
 }
 
@@ -222,7 +223,8 @@ static void spapr_tce_table_do_enable(sPAPRTCETable *tcet, 
bool vfio_accel)
 tcet->nb_table,
 tcet->page_shift,
 &tcet->fd,
-vfio_accel);
+vfio_accel,
+false);
 
 memory_region_set_size(&tcet->iommu,
(uint64_t)tcet->nb_table << tcet->page_shift);
@@ -495,6 +497,49 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
*propname,
 return 0;
 }
 
+static int spapr_tce_do_replay(sPAPRTCETable *tcet, uint64_t *table)
+{
+target_ulong ioba = tcet->bus_offset, pgsz = (1ULL << tcet->page_shift);
+long i, ret = 0;
+
+for (i = 0; i < tcet->nb_table; ++i, ioba += pgsz) {
+ret = put_tce_emu(tcet, ioba, table[i]);
+if (ret) {
+break;
+}
+}
+
+return ret;
+}
+
+int spapr_tce_replay(sPAPRTCETable *tcet)
+{
+return spapr_tce_do_replay(tcet, tcet->table);
+}
+
+int spapr_tce_realloc_userspace(sPAPRTCETable *tcet, bool replay)
+{
+int ret = 0, oldfd;
+uint64_t *oldtable;
+
+oldtable = tcet->table;
+oldfd = tcet->fd;
+tcet->tabl

[Qemu-devel] [PATCH qemu v10 05/14] spapr_iommu: Introduce "enabled" state for TCE table

2015-07-05 Thread Alexey Kardashevskiy 
Currently TCE tables are created once at start and their size never
changes. We are going to change that by introducing a Dynamic DMA windows
support where DMA configuration may change during the guest execution.

This changes spapr_tce_new_table() to create an empty stub object. Only
LIOBN is assigned by the time of creation. It still will be called once
at the owner object (VIO or PHB) creation.

This introduces an "enabled" state for TCE table objects with two
helper functions - spapr_tce_table_enable()/spapr_tce_table_disable().
spapr_tce_table_enable() receives TCE table parameters and allocates
a guest view of the TCE table (in the user space or KVM).
spapr_tce_table_disable() disposes the table.

Follow up patches will disable+enable tables on reset (system reset
or DDW reset).

No visible change in behaviour is expected except the actual table
will be reallocated every reset. We might optimize this later.

The other way to implement this would be dynamically create/remove
the TCE table QOM objects but this would make migration impossible
as migration expects all QOM objects to exist at the receiver
so we have to have TCE table objects created when migration begins.

spapr_tce_table_do_enable() is separated from from spapr_tce_table_enable()
as later it will be called at the sPAPRTCETable post-migration stage when
it has all the properties set after the migration.

Signed-off-by: Alexey Kardashevskiy 
---
Changes:
v9 (no changes really):
* IOMMU regions are referenced by their parent which is the PHB root region,
there is no need in explicit unparenting so ignore first note from v8 changelog.

v8:
* add missing unparent_object() to spapr_tce_table_unrealize() (parenting
is made by memory_region_init_iommu)
* tcet->iommu is alive as long as sPAPRTCETable is,
memory_region_set_size() is used to enable/disable MR

v7:
* s'tmp[64]'tmp[32]' as we need less than 64bytes and more than 16 bytes
and 32 is the closest power-of-two (just looks nices to have power-of-two
values)
* updated commit log about having spapr_tce_table_do_enable() splitted
from spapr_tce_table_enable()

v6:
* got rid of set_props()
---
 hw/ppc/spapr_iommu.c| 79 +++--
 hw/ppc/spapr_pci.c  | 17 +++
 hw/ppc/spapr_pci_vfio.c | 10 +++
 hw/ppc/spapr_vio.c  |  9 +++---
 include/hw/ppc/spapr.h  | 11 +++
 5 files changed, 82 insertions(+), 44 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 0cf5010..fbca136 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -173,15 +173,9 @@ static int spapr_tce_table_realize(DeviceState *dev)
 sPAPRTCETable *tcet = SPAPR_TCE_TABLE(dev);
 
 tcet->fd = -1;
-tcet->table = spapr_tce_alloc_table(tcet->liobn,
-tcet->nb_table,
-tcet->page_shift,
-&tcet->fd,
-tcet->vfio_accel);
 
 memory_region_init_iommu(&tcet->iommu, OBJECT(dev), &spapr_iommu_ops,
- "iommu-spapr",
- (uint64_t)tcet->nb_table << tcet->page_shift);
+ "iommu-spapr", 0);
 
 QLIST_INSERT_HEAD(&spapr_tce_tables, tcet, list);
 
@@ -191,14 +185,10 @@ static int spapr_tce_table_realize(DeviceState *dev)
 return 0;
 }
 
-sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn,
-   uint64_t bus_offset,
-   uint32_t page_shift,
-   uint32_t nb_table,
-   bool vfio_accel)
+sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, uint32_t liobn)
 {
 sPAPRTCETable *tcet;
-char tmp[64];
+char tmp[32];
 
 if (spapr_tce_find_by_liobn(liobn)) {
 fprintf(stderr, "Attempted to create TCE table with duplicate"
@@ -206,16 +196,8 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, 
uint32_t liobn,
 return NULL;
 }
 
-if (!nb_table) {
-return NULL;
-}
-
 tcet = SPAPR_TCE_TABLE(object_new(TYPE_SPAPR_TCE_TABLE));
 tcet->liobn = liobn;
-tcet->bus_offset = bus_offset;
-tcet->page_shift = page_shift;
-tcet->nb_table = nb_table;
-tcet->vfio_accel = vfio_accel;
 
 snprintf(tmp, sizeof(tmp), "tce-table-%x", liobn);
 object_property_add_child(OBJECT(owner), tmp, OBJECT(tcet), NULL);
@@ -225,14 +207,65 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, 
uint32_t liobn,
 return tcet;
 }
 
+static void spapr_tce_table_do_enable(sPAPRTCETable *tcet)
+{
+if (!tcet->nb_table) {
+return;
+}
+
+tcet->table = spapr_tce_alloc_table(tcet->liobn,
+tcet->nb_table,
+tcet->page_shift,
+&tcet->fd,
+tcet->vfio_acc

[Qemu-devel] [PATCH qemu v10 09/14] spapr_vfio_pci: Remove redundant spapr-pci-vfio-host-bridge

2015-07-05 Thread Alexey Kardashevskiy 
sPAPRTCETable is handling 2 TCE tables already:

1) guest view of the TCE table - emulated devices use only this table;

2) hardware IOMMU table - VFIO PCI devices use it for actual work but
it does not replace 1) and it is not visible to the guest.
The initialization of this table is driven by vfio-pci device,
DMA map/unmap requests are handled via MemoryListener so there is very
little to do in spapr-pci-vfio-host-bridge.

This moves VFIO bits to the generic spapr-pci-host-bridge which allows
putting emulated and VFIO devices on the same PHB. It is still possible
to create multiple PHBs and avoid sharing PHB resouces for emulated and
VFIO devices.

If there is no VFIO-PCI device attaches, no special ioctls will be called.
If there are some VFIO-PCI devices attached, PHB may refuse to attach
another VFIO-PCI device if a VFIO container on the host kernel side
does not support container sharing.

This changes spapr-pci-host-bridge to support properties of
spapr-pci-vfio-host-bridge. This makes spapr-pci-vfio-host-bridge type
equal to spapr-pci-host-bridge except it has an additional "iommu"
property for backward compatibility reasons.

This moves PCI device lookup from spapr_phb_vfio_eeh_set_option() to
rtas_ibm_set_eeh_option() as we need to know if the device is "vfio-pci"
and decide whether to call spapr_phb_vfio_eeh_set_option() or not.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v9:
* s'iommugroupid shall not be used'iommugroupid is deprecated and will be 
ignored'
in error log

v8:
* call spapr_phb_vfio_eeh_set_option() on vfio-pci devices only (reported by 
Gavin)
---
 hw/ppc/spapr_pci.c  | 82 +++
 hw/ppc/spapr_pci_vfio.c | 85 +
 include/hw/pci-host/spapr.h | 25 ++---
 3 files changed, 55 insertions(+), 137 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 00816b3..76c988f 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -428,7 +428,6 @@ static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
 target_ulong rets)
 {
 sPAPRPHBState *sphb;
-sPAPRPHBClass *spc;
 PCIDevice *pdev;
 uint32_t addr, option;
 uint64_t buid;
@@ -443,7 +442,7 @@ static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
 option = rtas_ld(args, 3);
 
 sphb = spapr_pci_find_phb(spapr, buid);
-if (!sphb) {
+if (!sphb || !sphb->has_vfio) {
 goto param_error_exit;
 }
 
@@ -453,12 +452,7 @@ static void rtas_ibm_set_eeh_option(PowerPCCPU *cpu,
 goto param_error_exit;
 }
 
-spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
-if (!spc->eeh_set_option) {
-goto param_error_exit;
-}
-
-ret = spc->eeh_set_option(sphb, addr, option);
+ret = spapr_phb_vfio_eeh_set_option(sphb, pdev, option);
 rtas_st(rets, 0, ret);
 return;
 
@@ -473,7 +467,6 @@ static void rtas_ibm_get_config_addr_info2(PowerPCCPU *cpu,
target_ulong rets)
 {
 sPAPRPHBState *sphb;
-sPAPRPHBClass *spc;
 PCIDevice *pdev;
 uint32_t addr, option;
 uint64_t buid;
@@ -484,12 +477,7 @@ static void rtas_ibm_get_config_addr_info2(PowerPCCPU *cpu,
 
 buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
 sphb = spapr_pci_find_phb(spapr, buid);
-if (!sphb) {
-goto param_error_exit;
-}
-
-spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
-if (!spc->eeh_set_option) {
+if (!sphb || !sphb->has_vfio) {
 goto param_error_exit;
 }
 
@@ -529,7 +517,6 @@ static void rtas_ibm_read_slot_reset_state2(PowerPCCPU *cpu,
 target_ulong rets)
 {
 sPAPRPHBState *sphb;
-sPAPRPHBClass *spc;
 uint64_t buid;
 int state, ret;
 
@@ -539,16 +526,11 @@ static void rtas_ibm_read_slot_reset_state2(PowerPCCPU 
*cpu,
 
 buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
 sphb = spapr_pci_find_phb(spapr, buid);
-if (!sphb) {
+if (!sphb || !sphb->has_vfio) {
 goto param_error_exit;
 }
 
-spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
-if (!spc->eeh_get_state) {
-goto param_error_exit;
-}
-
-ret = spc->eeh_get_state(sphb, &state);
+ret = spapr_phb_vfio_eeh_get_state(sphb, &state);
 rtas_st(rets, 0, ret);
 if (ret != RTAS_OUT_SUCCESS) {
 return;
@@ -573,7 +555,6 @@ static void rtas_ibm_set_slot_reset(PowerPCCPU *cpu,
 target_ulong rets)
 {
 sPAPRPHBState *sphb;
-sPAPRPHBClass *spc;
 uint32_t option;
 uint64_t buid;
 int ret;
@@ -585,16 +566,11 @@ static void rtas_ibm_set_slot_reset(PowerPCCPU *cpu,
 buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
 option = rtas_ld(args, 3);
 sphb = spapr_pci_find_phb(spapr, buid);
-if (!sphb) {
+if (!sphb || !sphb->has_vfio) {
 goto param_error_exit;
 }

[Qemu-devel] [PATCH qemu v10 14/14] spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)

2015-07-05 Thread Alexey Kardashevskiy 
This adds support for Dynamic DMA Windows (DDW) option defined by
the SPAPR specification which allows to have additional DMA window(s)

This implements DDW for emulated and VFIO devices. As all TCE root regions
are mapped at 0 and 64bit long (and actual tables are child regions),
this replaces memory_region_add_subregion() with _overlap() to make
QEMU memory API happy.

This reserves RTAS token numbers for DDW calls.

This implements helpers to interact with VFIO kernel interface.

This changes the TCE table migration descriptor to support dynamic
tables as from now on, PHB will create as many stub TCE table objects
as PHB can possibly support but not all of them might be initialized at
the time of migration because DDW might or might not be requested by
the guest.

The "ddw" property is enabled by default on a PHB but for compatibility
the pseries-2.3 machine and older disable it.

This implements DDW for VFIO. The host kernel support is required.
This adds a "levels" property to PHB to control the number of levels
in the actual TCE table allocated by the host kernel, 0 is the default
value to tell QEMU to calculate the correct value. Current hardware
supports up to 5 levels.

The existing linux guests try creating one additional huge DMA window
with 64K or 16MB pages and map the entire guest RAM to. If succeeded,
the guest switches to dma_direct_ops and never calls TCE hypercalls
(H_PUT_TCE,...) again. This enables VFIO devices to use the entire RAM
and not waste time on map/unmap later. This adds a "dma64_win_addr"
property which is a bus address for the 64bit window and by default
set to 0x800... as this is what the modern POWER8 hardware
uses and this allows having emulated and VFIO devices on the same bus.

This adds 4 RTAS handlers:
* ibm,query-pe-dma-window
* ibm,create-pe-dma-window
* ibm,remove-pe-dma-window
* ibm,reset-pe-dma-window
These are registered from type_init() callback.

These RTAS handlers are implemented in a separate file to avoid polluting
spapr_iommu.c with PCI.

Signed-off-by: Alexey Kardashevskiy 
---
Changes:
v10:
* added dma64_win_addr property to PHB
* removed redundand check for "!migtable" in spapr_tce_table_post_load()

v9:
* fixed default 64bit window start (from mdroth)
* fixed type cast in dma window update code (from mdroth)
* spapr_phb_dma_update() now can fail and cause hotplug failure if
hardware TCE table cannot be mapped to the same bus address as the emulated one

v7:
* fixed uninitialized variables

v6:
* rework as there is no more special device for VFIO PHB

v5:
* total rework
* enabled for machines >2.3
* fixed migration
* merged rtas handlers here

v4:
* reset handler is back in generalized form

v3:
* removed reset
* windows_num is now 1 or bigger rather than 0-based value and it is only
changed in PHB code, not in RTAS
* added page mask check in create()
* added SPAPR_PCI_DDW_MAX_WINDOWS to track how many windows are already
created

v2:
* tested on hacked emulated E1000
* implemented DDW reset on the PHB reset
* spapr_pci_ddw_remove/spapr_pci_ddw_reset are public for reuse by VFIO
---
 hw/ppc/Makefile.objs|   3 +
 hw/ppc/spapr.c  |   5 +
 hw/ppc/spapr_iommu.c|  32 -
 hw/ppc/spapr_pci.c  | 110 ++--
 hw/ppc/spapr_pci_vfio.c |  88 +
 hw/ppc/spapr_rtas_ddw.c | 300 
 hw/vfio/common.c|   2 +
 include/hw/pci-host/spapr.h |  21 +++-
 include/hw/ppc/spapr.h  |  17 ++-
 trace-events|   6 +
 10 files changed, 568 insertions(+), 16 deletions(-)
 create mode 100644 hw/ppc/spapr_rtas_ddw.c

diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
index c8ab06e..0b2ff6d 100644
--- a/hw/ppc/Makefile.objs
+++ b/hw/ppc/Makefile.objs
@@ -7,6 +7,9 @@ obj-$(CONFIG_PSERIES) += spapr_pci.o spapr_rtc.o spapr_drc.o
 ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
 obj-y += spapr_pci_vfio.o
 endif
+ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES), yy)
+obj-y += spapr_rtas_ddw.o
+endif
 # PowerPC 4xx boards
 obj-y += ppc405_boards.o ppc4xx_devs.o ppc405_uc.o ppc440_bamboo.o
 obj-y += ppc4xx_pci.o
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5ca817c..d50d50b 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1860,6 +1860,11 @@ static const TypeInfo spapr_machine_info = {
 .driver   = "spapr-pci-host-bridge",\
 .property = "dynamic-reconfiguration",\
 .value= "off",\
+},\
+{\
+.driver   = TYPE_SPAPR_PCI_HOST_BRIDGE,\
+.property = "ddw",\
+.value= stringify(off),\
 },
 
 #define SPAPR_COMPAT_2_2 \
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 2d99c3b..b54c3d8 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -136,6 +136,15 @@ static IOMMUTLBEntry 
spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr addr,
 return ret;
 }
 
+static void spapr_tce_table_pre_save(void *opaque)
+{
+s

[Qemu-devel] [PATCH qemu v10 12/14] vfio: Unregister IOMMU notifiers when container is destroyed

2015-07-05 Thread Alexey Kardashevskiy 
On systems with guest visible IOMMU, adding a new memory region onto
PCI bus calls vfio_listener_region_add() for every DMA window. This
installs a notifier for IOMMU memory regions. The notifier is supposed
to be removed by vfio_listener_region_del(), however in the case of mixed
PHB (emulated + VFIO devices) when last VFIO device is unplugged and
container gets destroyed, all existing DMA windows stay alive altogether
with the notifiers which are on the linked list which head was in
the destroyed container.

This unregisters IOMMU memory region notifier when a container is
destroyed.

Signed-off-by: Alexey Kardashevskiy 
---
Changes:
v10:
* new to the patchset
---
 hw/vfio/common.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 89ef37b..8eacfd7 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -772,11 +772,19 @@ static void vfio_disconnect_container(VFIOGroup *group)
 
 if (QLIST_EMPTY(&container->group_list)) {
 VFIOAddressSpace *space = container->space;
+VFIOGuestIOMMU *giommu, *tmp;
 
 if (container->iommu_data.release) {
 container->iommu_data.release(container);
 }
 QLIST_REMOVE(container, next);
+
+QLIST_FOREACH_SAFE(giommu, &container->giommu_list, giommu_next, tmp) {
+memory_region_unregister_iommu_notifier(&giommu->n);
+QLIST_REMOVE(giommu, giommu_next);
+g_free(giommu);
+}
+
 trace_vfio_disconnect_container(container->fd);
 close(container->fd);
 g_free(container);
-- 
2.4.0.rc3.8.gfb3e7d5

Re: [Qemu-devel] [PATCH v5] hmp: add info iothreads command

2015-07-05 Thread Ting Wang 

On 2015-7-3 20:43, Markus Armbruster wrote:
> Copying the HMP maintainer Luiz.  You can feed your patch to
> scripts/get_maintainer to find people to cc yourself.
OK, thanks.

Ting
>
> Ting Wang  writes:
>
>> Make "info iothreads" available on the HMP monitor.
>>
>> For example, the results are as follows when executing qemu
>> command with "-object iothread,id=iothread-1 -object 
>> iothread,id=iothread-2".
>> (qemu) info iothreads
>> iothread-1: thread_id=123
>> iothread-2: thread_id=456
>>
>> Signed-off-by: Ting Wang 
> Reviewed-by: Markus Armbruster 
>
>

Re: [Qemu-devel] [PATCH] blockjob: add block_job_release function

2015-07-05 Thread Ting Wang 
Ping?

Regards,
Ting

On 2015-6-26 17:37, Ting Wang wrote:
> There is job resource leak in function mirror_start_job, 
> although bdrv_create_dirty_bitmap is unlikely failed.
> Add block_job_release for each release when needed.
>
> Signed-off-by: Ting Wang 
> ---
>  block/mirror.c   |  2 ++
>  blockjob.c   | 20 
>  include/block/blockjob.h |  8 
>  3 files changed, 22 insertions(+), 8 deletions(-)
>
> diff --git a/block/mirror.c b/block/mirror.c
> index 048e452..05034a8 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -689,6 +689,8 @@ static void mirror_start_job(BlockDriverState *bs, 
> BlockDriverState *target,
>  
>  s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, NULL, errp);
>  if (!s->dirty_bitmap) {
> +g_free(s->replaces);
> +block_job_release(bs);
>  return;
>  }
>  bdrv_set_enable_write_cache(s->target, true);
> diff --git a/blockjob.c b/blockjob.c
> index ec46fad..62bb906 100644
> --- a/blockjob.c
> +++ b/blockjob.c
> @@ -66,10 +66,7 @@ void *block_job_create(const BlockJobDriver *driver, 
> BlockDriverState *bs,
>  
>  block_job_set_speed(job, speed, &local_err);
>  if (local_err) {
> -bs->job = NULL;
> -bdrv_op_unblock_all(bs, job->blocker);
> -error_free(job->blocker);
> -g_free(job);
> +block_job_release(bs);
>  error_propagate(errp, local_err);
>  return NULL;
>  }
> @@ -77,18 +74,25 @@ void *block_job_create(const BlockJobDriver *driver, 
> BlockDriverState *bs,
>  return job;
>  }
>  
> -void block_job_completed(BlockJob *job, int ret)
> +void block_job_release(BlockDriverState *bs)
>  {
> -BlockDriverState *bs = job->bs;
> +BlockJob *job = bs->job;
>  
> -assert(bs->job == job);
> -job->cb(job->opaque, ret);
>  bs->job = NULL;
>  bdrv_op_unblock_all(bs, job->blocker);
>  error_free(job->blocker);
>  g_free(job);
>  }
>  
> +void block_job_completed(BlockJob *job, int ret)
> +{
> +BlockDriverState *bs = job->bs;
> +
> +assert(bs->job == job);
> +job->cb(job->opaque, ret);
> +block_job_release(bs);
> +}
> +
>  void block_job_set_speed(BlockJob *job, int64_t speed, Error **errp)
>  {
>  Error *local_err = NULL;
> diff --git a/include/block/blockjob.h b/include/block/blockjob.h
> index 57d8ef1..dd9d5e6 100644
> --- a/include/block/blockjob.h
> +++ b/include/block/blockjob.h
> @@ -166,6 +166,14 @@ void block_job_sleep_ns(BlockJob *job, QEMUClockType 
> type, int64_t ns);
>  void block_job_yield(BlockJob *job);
>  
>  /**
> + * block_job_release:
> + * @bs: The block device.
> + *
> + * Release job resources when an error occurred or job completed.
> + */
> +void block_job_release(BlockDriverState *bs);
> +
> +/**
>   * block_job_completed:
>   * @job: The job being completed.
>   * @ret: The status code.

Re: [Qemu-devel] [PATCH pic32 v2 3/5] Added support for external interrupt controller (EIC) mode.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 4:07 AM, Aurelien Jarno  wrote:
> On 2015-06-30 21:12, Serge Vakulenko wrote:
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  hw/mips/cputimer.c   | 17 +++--
>>  hw/mips/mips_int.c   | 12 ++--
>>  target-mips/cpu.h|  9 -
>>  target-mips/helper.c | 20 ++--
>>  4 files changed, 47 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/mips/cputimer.c b/hw/mips/cputimer.c
>> index 94a29df..849d62c 100644
>> --- a/hw/mips/cputimer.c
>> +++ b/hw/mips/cputimer.c
>> @@ -54,7 +54,13 @@ static void cpu_mips_timer_expire(CPUMIPSState *env)
>>  if (env->insn_flags & ISA_MIPS32R2) {
>>  env->CP0_Cause |= 1 << CP0Ca_TI;
>>  }
>> -qemu_irq_raise(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
>> +if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
>> +/* External interrupt controller mode. */
>> +env->eic_timer_irq(env, 1);
>> +} else {
>> +/* Legacy or vectored interrupt mode. */
>> +qemu_irq_raise(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
>> +}
>>  }
>>
>>  uint32_t cpu_mips_get_count (CPUMIPSState *env)
>> @@ -102,7 +108,14 @@ void cpu_mips_store_compare (CPUMIPSState *env, 
>> uint32_t value)
>>  cpu_mips_timer_update(env);
>>  if (env->insn_flags & ISA_MIPS32R2)
>>  env->CP0_Cause &= ~(1 << CP0Ca_TI);
>> -qemu_irq_lower(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
>> +
>> +if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
>> +/* External interrupt controller mode. */
>> +env->eic_timer_irq(env, 0);
>> +} else {
>> +/* Legacy or vectored interrupt mode. */
>> +qemu_irq_lower(env->irq[(env->CP0_IntCtl >> CP0IntCtl_IPTI) & 0x7]);
>> +}
>>  }
>>
>>  void cpu_mips_start_count(CPUMIPSState *env)
>> diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
>> index d740046..3452866 100644
>> --- a/hw/mips/mips_int.c
>> +++ b/hw/mips/mips_int.c
>> @@ -32,7 +32,7 @@ static void cpu_mips_irq_request(void *opaque, int irq, 
>> int level)
>>  CPUMIPSState *env = &cpu->env;
>>  CPUState *cs = CPU(cpu);
>>
>> -if (irq < 0 || irq > 7)
>> +if (irq < 0 || irq > 7 || (env->CP0_Config3 & (1 << CP0C3_VEIC)))
>>  return;
>
> In which case you go through these code path? The internal interrupt
> controller should not be used with an external one, so this should not
> be reached. Actually machines with an external interrupt controller
> should not even call cpu_mips_irq_init_cpu().

That's correct. Thanks for pointing this out. I will remove the unneeded code.

>>  if (level) {
>> @@ -74,5 +74,13 @@ void cpu_mips_soft_irq(CPUMIPSState *env, int irq, int 
>> level)
>>  return;
>>  }
>>
>> -qemu_set_irq(env->irq[irq], level);
>> +if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
>> +/* External interrupt controller mode. */
>> +if (level > 0) {
>> +env->eic_soft_irq(env, irq);
>
> It means software interrupts can be asserted, but not deasserted with an
> external vector interrupt. I don't think that is correct.

I agree - I'll fix it.

>> +}
>> +} else {
>> +/* Legacy or vectored interrupt mode. */
>> +qemu_set_irq(env->irq[irq], level);
>> +}
>>  }
>> diff --git a/target-mips/cpu.h b/target-mips/cpu.h
>> index c476166..ab830ee 100644
>> --- a/target-mips/cpu.h
>> +++ b/target-mips/cpu.h
>> @@ -596,6 +596,11 @@ struct CPUMIPSState {
>>  void *irq[8];
>>  QEMUTimer *timer; /* Internal timer */
>>  unsigned count_freq; /* rate of Count register */
>> +
>> +/* Fields for external interrupt controller. */
>> +void *eic_context;
>> +void (*eic_timer_irq)(CPUMIPSState *env, int raise);
>> +void (*eic_soft_irq)(CPUMIPSState *env, int num);
>
> I don't think this is the way to go. You should just define variable
> like eic_timer_irq and eic_soft_irq similar to the irq[8] field above,
> and allocate them with qemu_allocate_irqs(). That way you can pass the
> context of the external interrupt controller.

Nice idea. It makes the code really simple.

>>  };
>>
>>  #include "cpu-qom.h"
>> @@ -664,7 +669,9 @@ static inline int 
>> cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
>>  if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
>>  /* A MIPS configured with a vectorizing external interrupt 
>> controller
>> will feed a vector into the Cause pending lines. The core treats
>> -   the status lines as a vector level, not as indiviual masks.  */
>> +   the status lines as a vector level, not as individual masks.  */
>> +pending >>= CP0Ca_IP + 2;
>> +status >>= CP0Ca_IP + 2;
>>  r = pending > status;
>
> I don't think it's needed. As the pending and status field have been
> masked above, we don't need to shift them to do the comparison.

Agreed.

>>  } else {
>>  /* A MIPS configured with compatibility or VInt (Vectored 
>> Interrupts)
>> diff --git a/ta

[Qemu-devel] [PATCH] blockjob: Don't sleep too short

2015-07-05 Thread Fam Zheng 
block_job_sleep_ns is called by block job coroutines to yield the
execution to VCPU threads and monitor etc. It is pointless to sleep for
0 or a few nanoseconds, because that equals to a "yield + enter" with no
intermission in between (the timer fires immediately in the same
iteration of event loop), which means other code still doesn't get a
fair share of main loop / BQL.

Trim the sleep duration with a minimum value.

Reported-by: Alexandre DERUMIER 
Signed-off-by: Fam Zheng 
---
 blockjob.c   | 2 ++
 include/block/blockjob.h | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/blockjob.c b/blockjob.c
index ec46fad..b17ed1f 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -238,6 +238,8 @@ void block_job_sleep_ns(BlockJob *job, QEMUClockType type, 
int64_t ns)
 return;
 }
 
+ns = MAX(ns, BLOCK_JOB_SLEEP_NS_MIN);
+
 job->busy = false;
 if (block_job_is_paused(job)) {
 qemu_coroutine_yield();
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index 57d8ef1..3deb731 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -146,11 +146,13 @@ void *block_job_create(const BlockJobDriver *driver, 
BlockDriverState *bs,
int64_t speed, BlockCompletionFunc *cb,
void *opaque, Error **errp);
 
+#define BLOCK_JOB_SLEEP_NS_MIN 1000L
 /**
  * block_job_sleep_ns:
  * @job: The job that calls the function.
  * @clock: The clock to sleep on.
- * @ns: How many nanoseconds to stop for.
+ * @ns: How many nanoseconds to stop for. It sleeps at least
+ * for BLOCK_JOB_SLEEP_NS_MIN ns, even if a smaller value is specified.
  *
  * Put the job to sleep (assuming that it wasn't canceled) for @ns
  * nanoseconds.  Canceling the job will interrupt the wait immediately.
-- 
2.4.3

Re: [Qemu-devel] [PATCH pic32 v2 3/5] Added support for external interrupt controller (EIC) mode.

2015-07-05 Thread Serge Vakulenko 
On Sun, Jul 5, 2015 at 8:05 PM, Serge Vakulenko
 wrote:
> On Wed, Jul 1, 2015 at 4:07 AM, Aurelien Jarno  wrote:
>> On 2015-06-30 21:12, Serge Vakulenko wrote:
>>> diff --git a/target-mips/cpu.h b/target-mips/cpu.h
>>> index c476166..ab830ee 100644
>>> --- a/target-mips/cpu.h
>>> +++ b/target-mips/cpu.h
>>> @@ -664,7 +669,9 @@ static inline int 
>>> cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
>>>  if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
>>>  /* A MIPS configured with a vectorizing external interrupt 
>>> controller
>>> will feed a vector into the Cause pending lines. The core treats
>>> -   the status lines as a vector level, not as indiviual masks.  */
>>> +   the status lines as a vector level, not as individual masks.  */
>>> +pending >>= CP0Ca_IP + 2;
>>> +status >>= CP0Ca_IP + 2;
>>>  r = pending > status;
>>
>> I don't think it's needed. As the pending and status field have been
>> masked above, we don't need to shift them to do the comparison.

This is not true. The values still need to be shifted to get rid of
soft interrupt bits, otherwise the comparison becomes incorrect.

Best wishes,
--Serge

>> --
>> Aurelien Jarno  GPG: 4096R/1DDD8C9B
>> aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH] virtio-net: Drop net_virtio_info.can_receive

2015-07-05 Thread Jason Wang 


On 07/02/2015 08:46 PM, Stefan Hajnoczi wrote:
> On Tue, Jun 30, 2015 at 04:35:24PM +0800, Jason Wang wrote:
>> On 06/30/2015 11:06 AM, Fam Zheng wrote:
>>> virtio_net_receive still does the check by calling
>>> virtio_net_can_receive, if the device or driver is not ready, the packet
>>> is dropped.
>>>
>>> This is necessary because returning false from can_receive complicates
>>> things: the peer would disable sending until we explicitly flush the
>>> queue.
>>>
>>> Signed-off-by: Fam Zheng 
>>> ---
>>>  hw/net/virtio-net.c | 1 -
>>>  1 file changed, 1 deletion(-)
>>>
>>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
>>> index d728233..dbef0d0 100644
>>> --- a/hw/net/virtio-net.c
>>> +++ b/hw/net/virtio-net.c
>>> @@ -1503,7 +1503,6 @@ static int virtio_net_load_device(VirtIODevice *vdev, 
>>> QEMUFile *f,
>>>  static NetClientInfo net_virtio_info = {
>>>  .type = NET_CLIENT_OPTIONS_KIND_NIC,
>>>  .size = sizeof(NICState),
>>> -.can_receive = virtio_net_can_receive,
>>>  .receive = virtio_net_receive,
>>>  .link_status_changed = virtio_net_set_link_status,
>>>  .query_rx_filter = virtio_net_query_rxfilter,
>> A side effect of this patch is it will read and then drop packet is
>> guest driver is no ok.
> I think that the semantics of .can_receive() and .receive() return
> values are currently incorrect in many NICs.  They have .can_receive()
> functions that return false for conditions where .receive() would
> discard the packet.  So what happens is that packets get queued when
> they should actually be discarded.

Yes, but they are bugs more or less.

>
> The purpose of the flow control (queuing) mechanism is to tell the
> sender to hold off until the receiver has more rx buffers available.
> It's a short-term thing that doesn't included link down, rx disable, or
> NIC reset states.
>
> Therefore, I think this patch will not introduce a regression.  It is
> adjusting the code to stop queuing packets when they should actually be
> dropped.
>
> Thoughts?

I agree there's no functional issue. But it cause wasting of cpu cycles
(consider guest is being flooded). Sometime it maybe even dangerous. For
tap, we're probably ok since we have 756ae78b but for other backend, we
don't.

>
> Reviewed-by: Stefan Hajnoczi

Re: [Qemu-devel] [PATCH] block: update bdrv_drain_all()/bdrv_drain() comments

2015-07-05 Thread Fam Zheng 
On Thu, 07/02 17:24, Stefan Hajnoczi wrote:
> The doc comments for bdrv_drain_all() and bdrv_drain() are outdated:
> 
>  * The bdrv_drain() comment is a poor man's bdrv_lock()/bdrv_unlock()
>which Fam Zheng is currently developing.  Unfortunately this warning
>was never really enough because devices keep submitting I/O and op
>blockers don't prevent that.
> 
>  * The bdrv_drain_all() comment is still partially correct but reflects
>the nature of the implementation rather than API documentation.
> 
> Do make it clear that bdrv_drain() is only appropriate within an
> AioContext.  For anything spanning AioContexts you need
> bdrv_drain_all().
> 
> Cc: Markus Armbruster 
> Cc: Paolo Bonzini 
> Signed-off-by: Stefan Hajnoczi 

Reviewed-by: Fam Zheng

Re: [Qemu-devel] [PATCH pic32 v2 4/5] Two new processor variants: M4K and microAptivP.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 6:37 AM, Aurelien Jarno  wrote:
> On 2015-06-30 21:12, Serge Vakulenko wrote:
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  target-mips/cpu.h|  2 ++
>>  target-mips/translate_init.c | 46 
>> 
>>  2 files changed, 48 insertions(+)
>>
>> diff --git a/target-mips/cpu.h b/target-mips/cpu.h
>> index ab830ee..9f5890c 100644
>> --- a/target-mips/cpu.h
>> +++ b/target-mips/cpu.h
>> @@ -394,6 +394,7 @@ struct CPUMIPSState {
>>  #define CP0C0_M31
>>  #define CP0C0_K23  28
>>  #define CP0C0_KU   25
>> +#define CP0C0_SB   21
>
> Bits in the range 16:24 are implementation specific, so I do wonder if
> we want to have this bit there. At least we should mark it as
> implementation specific.

I tried to make the configuration as close as possible to a real PIC32
microcontroller - that's why I added Config0.SB and Config7.WII bits.
These bits are described in appropriate Microchip docs. As they are
not relevant for the simulation purposes, I'll better remove them for
simplicity.

>>  #define CP0C0_MDU  20
>>  #define CP0C0_MM   17
>>  #define CP0C0_BM   16
>> @@ -479,6 +480,7 @@ struct CPUMIPSState {
>>  #define CP0C5_NFExists   0
>>  int32_t CP0_Config6;
>>  int32_t CP0_Config7;
>> +#define CP0C7_WII31
>
> Same as above, Config6 and Config7 are implementation dependent.
>
>>  /* XXX: Maybe make LLAddr per-TC? */
>>  uint64_t lladdr;
>>  target_ulong llval;
>> diff --git a/target-mips/translate_init.c b/target-mips/translate_init.c
>> index ddfaff8..430a547 100644
>> --- a/target-mips/translate_init.c
>> +++ b/target-mips/translate_init.c
>> @@ -232,6 +232,52 @@ static const mips_def_t mips_defs[] =
>>  .mmu_type = MMU_TYPE_FMT,
>>  },
>>  {
>> +/* Configuration for Microchip PIC32MX microcontroller. */
>> +.name = "M4K",
>> +.CP0_PRid = 0x00018765,
>> +.CP0_Config0 = MIPS_CONFIG0 | (2 << CP0C0_K23) | (2 << CP0C0_KU) |
>> +   (1 << CP0C0_SB) | (1 << CP0C0_BM) |
>> +   (1 << CP0C0_AR) | (MMU_TYPE_FMT << CP0C0_MT),
>> +.CP0_Config1 = (1U << CP0C1_M) | (1 << CP0C1_CA) | (1 << CP0C1_EP),
>> +.CP0_Config2 = MIPS_CONFIG2,
>> +.CP0_Config3 = (1 << CP0C3_VEIC) | (1 << CP0C3_VInt),
>> +.CP0_LLAddr_rw_bitmask = 0,
>> +.CP0_LLAddr_shift = 4,
>> +.SYNCI_Step = 32,
>> +.CCRes = 2,
>> +.CP0_Status_rw_bitmask = 0x1258FF17,
>> +.SEGBITS = 32,
>> +.PABITS = 32,
>> +.insn_flags = CPU_MIPS32R2 | ASE_MIPS16,
>> +.mmu_type = MMU_TYPE_FMT,
>> +},
>> +{
>> +/* Configuration for Microchip PIC32MZ microcontroller. */
>> +.name = "microAptivP",
>> +.CP0_PRid = 0x00019e28,
>> +.CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
>> +(MMU_TYPE_R4000 << CP0C0_MT),
>> +.CP0_Config1 = MIPS_CONFIG1 | (15 << CP0C1_MMU) | (1 << CP0C1_PC),
>> +.CP0_Config2 = MIPS_CONFIG2,
>> +.CP0_Config3 = (1 << CP0C3_M) | (1 << CP0C3_IPLW) | (1 << 
>> CP0C3_MCU) |
>> +(2 << CP0C3_ISA) | (1 << CP0C3_ULRI) | (1 << CP0C3_RXI) 
>> |
>> +(1 << CP0C3_DSP2P) | (1 << CP0C3_DSPP) | (1 << 
>> CP0C3_VEIC) |
>> +(1 << CP0C3_VInt),
>
> DSP and DSPr2 are enabled here...
>
>> +.CP0_Config4 = (1 << CP0C4_M),
>> +.CP0_Config5 = (1 << CP0C5_NFExists),
>> +.CP0_Config6 = 0,
>> +.CP0_Config7 = (1 << CP0C7_WII),
>> +.CP0_LLAddr_rw_bitmask = 0,
>> +.CP0_LLAddr_shift = 4,
>> +.SYNCI_Step = 32,
>> +.CCRes = 2,
>> +.CP0_Status_rw_bitmask = 0x1278FF17,
>> +.SEGBITS = 32,
>> +.PABITS = 32,
>> +.insn_flags = CPU_MIPS32R2,
>
> so I guess you want to enable ASE_DSP and ASE_DSPR2 here.

Makes sense. Thank you for noticing this.

>> +.mmu_type = MMU_TYPE_R4000,
>> +},
>> +{
>>  .name = "24Kc",
>>  .CP0_PRid = 0x00019300,
>>  .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
>
> Otherwise it looks ok, though I haven't look at the PIC32 manual to
> check the values.
>
> --
> Aurelien Jarno  GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH pic32 v2 4/5] Two new processor variants: M4K and microAptivP.

2015-07-05 Thread Serge Vakulenko 
On Fri, Jul 3, 2015 at 3:04 PM, Maciej W. Rozycki  wrote:
> On Wed, 1 Jul 2015, Aurelien Jarno wrote:
>
>> > diff --git a/target-mips/translate_init.c b/target-mips/translate_init.c
>> > index ddfaff8..430a547 100644
>> > --- a/target-mips/translate_init.c
>> > +++ b/target-mips/translate_init.c
>> > @@ -232,6 +232,52 @@ static const mips_def_t mips_defs[] =
>> >  .mmu_type = MMU_TYPE_FMT,
>> >  },
>> >  {
>> > +/* Configuration for Microchip PIC32MX microcontroller. */
>> > +.name = "M4K",
>> > +.CP0_PRid = 0x00018765,
>
>  Hmm, does it make sense to set the Revision field here?  We keep it at 0
> for other templates, so why not 0x00018700?

OK, I will zero out the Revision field, to align with the rest of
configurations.

>  Also I suggest to move the template earlier on so that entries remain
> sorted by PRId, at least within the same vendor.  So this would go between
> "4KEmR1" and "4KEc" (the M4K is an MTI RTL, quite an old one actually).

Not a problem, I'll reorder it.

>> > +{
>> > +/* Configuration for Microchip PIC32MZ microcontroller. */
>> > +.name = "microAptivP",
>> > +.CP0_PRid = 0x00019e28,
>
>  Same question here, why not 0x00019e00?  Also why not "microAptivUP" as
> documentation calls it (vs "microAptivUC")?

Well... I don't see any reason not to change it to "microAptivUP", for
consistency with MIPS documentation.

>  And again, it looks to me like the entry better followed "M14Kc".
>
>> Otherwise it looks ok, though I haven't look at the PIC32 manual to
>> check the values.
>
>  I haven't checked if the bit patterns for configuration registers are
> sane either.  These RTLs are configurable, so (within some limits) real
> hardware will have different values anyway.
>
>   Maciej

Re: [Qemu-devel] [PATCH pic32 v2 5/5] Two new machine platforms: pic32mz7 and pic32mz.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 6:41 AM, Aurelien Jarno  wrote:
> On 2015-06-30 21:12, Serge Vakulenko wrote:
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  hw/mips/Makefile.objs   |3 +
>>  hw/mips/mips_pic32mx7.c | 1652 +
>>  hw/mips/mips_pic32mz.c  | 2840 
>> +++
>>  hw/mips/pic32_ethernet.c|  557 +
>>  hw/mips/pic32_gpio.c|   39 +
>>  hw/mips/pic32_load_hex.c|  238 
>>  hw/mips/pic32_peripherals.h |  210 
>>  hw/mips/pic32_sdcard.c  |  428 +++
>>  hw/mips/pic32_spi.c |  121 ++
>>  hw/mips/pic32_uart.c|  228 
>>  hw/mips/pic32mx.h   | 1290 
>>  hw/mips/pic32mz.h   | 2093 +++
>>  12 files changed, 9699 insertions(+)
>>  create mode 100644 hw/mips/mips_pic32mx7.c
>>  create mode 100644 hw/mips/mips_pic32mz.c
>>  create mode 100644 hw/mips/pic32_ethernet.c
>>  create mode 100644 hw/mips/pic32_gpio.c
>>  create mode 100644 hw/mips/pic32_load_hex.c
>>  create mode 100644 hw/mips/pic32_peripherals.h
>>  create mode 100644 hw/mips/pic32_sdcard.c
>>  create mode 100644 hw/mips/pic32_spi.c
>>  create mode 100644 hw/mips/pic32_uart.c
>>  create mode 100644 hw/mips/pic32mx.h
>>  create mode 100644 hw/mips/pic32mz.h
>
> This patch is huge, and needs to be splitted to ease the review.

I'll prepare a new patch set, with every new file put into a separate
message. Other issues fixed as well.

> --
> Aurelien Jarno  GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PATCH] block: Initialize local_err in bdrv_append_temp_snapshot

2015-07-05 Thread Fam Zheng 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Fam Zheng 
---
 block.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block.c b/block.c
index 7e130cc..42eb8e3 100644
--- a/block.c
+++ b/block.c
@@ -1271,7 +1271,7 @@ int bdrv_append_temp_snapshot(BlockDriverState *bs, int 
flags, Error **errp)
 QemuOpts *opts = NULL;
 QDict *snapshot_options;
 BlockDriverState *bs_snapshot;
-Error *local_err;
+Error *local_err = NULL;
 int ret;
 
 /* if snapshot, we create a temporary backing file and open it
-- 
2.4.3

Re: [Qemu-devel] [PATCH pic32 v2 5/5] Two new machine platforms: pic32mz7 and pic32mz.

2015-07-05 Thread Serge Vakulenko 
On Wed, Jul 1, 2015 at 10:56 PM, Antony Pavlov  wrote:
> On Tue, 30 Jun 2015 21:12:34 -0700
> Serge Vakulenko  wrote:
>
>> Signed-off-by: Serge Vakulenko 
>> ---
>>  hw/mips/Makefile.objs   |3 +
>>  hw/mips/mips_pic32mx7.c | 1652 +
>>  hw/mips/mips_pic32mz.c  | 2840 
>> +++
>>  hw/mips/pic32_ethernet.c|  557 +
>>  hw/mips/pic32_gpio.c|   39 +
>>  hw/mips/pic32_load_hex.c|  238 
>>  hw/mips/pic32_peripherals.h |  210 
>>  hw/mips/pic32_sdcard.c  |  428 +++
>>  hw/mips/pic32_spi.c |  121 ++
>>  hw/mips/pic32_uart.c|  228 
>>  hw/mips/pic32mx.h   | 1290 
>>  hw/mips/pic32mz.h   | 2093 +++
>>  12 files changed, 9699 insertions(+)
>>  create mode 100644 hw/mips/mips_pic32mx7.c
>>  create mode 100644 hw/mips/mips_pic32mz.c
>>  create mode 100644 hw/mips/pic32_ethernet.c
>>  create mode 100644 hw/mips/pic32_gpio.c
>>  create mode 100644 hw/mips/pic32_load_hex.c
>>  create mode 100644 hw/mips/pic32_peripherals.h
>>  create mode 100644 hw/mips/pic32_sdcard.c
>>  create mode 100644 hw/mips/pic32_spi.c
>>  create mode 100644 hw/mips/pic32_uart.c
>>  create mode 100644 hw/mips/pic32mx.h
>>  create mode 100644 hw/mips/pic32mz.h
>>
>> diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
>> index 9633f3a..dcbaec9 100644
>> --- a/hw/mips/Makefile.objs
>> +++ b/hw/mips/Makefile.objs
>> @@ -3,3 +3,6 @@ obj-y += addr.o cputimer.o mips_int.o
>>  obj-$(CONFIG_JAZZ) += mips_jazz.o
>>  obj-$(CONFIG_FULONG) += mips_fulong2e.o
>>  obj-y += gt64xxx_pci.o
>> +obj-y += mips_pic32mz.o mips_pic32mx7.o
>> +obj-y += pic32_load_hex.o pic32_sdcard.o pic32_spi.o pic32_uart.o 
>> pic32_gpio.o
>> +obj-y += pic32_ethernet.o
>
> Can we move mips-unrelated stuff to the appropriate dirs?
> E.g. pic32_gpio.c can to go to hw/gpio.

All these files are pic32-related. They depend on pic32_t data
structure declared in pic32_peripherals.h and register definitions in
pic32mx.h and pic32mz.h. I see no point to move them around.

> Also please use separate patch for every peripheral controller (see 
> Aurelien's comment).

Agreed.

>> diff --git a/hw/mips/mips_pic32mx7.c b/hw/mips/mips_pic32mx7.c
>> new file mode 100644
>> index 000..1d8ffb5
>> --- /dev/null
>> +++ b/hw/mips/mips_pic32mx7.c
>> @@ -0,0 +1,1652 @@
>> +/*
>> + * QEMU support for Microchip PIC32MX7 microcontroller.
>> + *
>> + * Copyright (c) 2015 Serge Vakulenko
>> + *
>> + * Permission is hereby granted, free of charge, to any person obtaining a 
>> copy
>> + * of this software and associated documentation files (the "Software"), to 
>> deal
>> + * in the Software without restriction, including without limitation the 
>> rights
>> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
>> + * copies of the Software, and to permit persons to whom the Software is
>> + * furnished to do so, subject to the following conditions:
>> + *
>> + * The above copyright notice and this permission notice shall be included 
>> in
>> + * all copies or substantial portions of the Software.
>> + *
>> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
>> OR
>> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
>> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
>> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
>> OTHER
>> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
>> FROM,
>> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>> + * THE SOFTWARE.
>> + */
>> +
>> +/* Only 32-bit little endian mode supported. */
>> +#include "config.h"
>> +#if !defined TARGET_MIPS64 && !defined TARGET_WORDS_BIGENDIAN
>
> Please don't use C preprocessor directive for conditional compilation of the 
> whole file.
> Use Makefile instead. See CONFIG_FULONG for example (fulong2e is 
> mips64le-only).

Makes sense.

Thanks,
--Serge

> --
> Best regards,
>   Antony Pavlov

[Qemu-devel] [Bug 1435359] Re: Booting kernel 3.19.2 fails most of the time

2015-07-05 Thread Bart Van Assche 
The following patch might  fix this (I have not yet tested this patch
myself): https://lkml.org/lkml/2015/7/5/217

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1435359

Title:
  Booting kernel 3.19.2 fails most of the time

Status in QEMU:
  New

Bug description:
  Host system: openSuSE 13.2 + kernel 4.0.0-rc4 + qemu 2.2.1.

  When I try to boot a virtual machine with Ubuntu 14.10 and kernel
  3.13.0 every boot succeeds. However, with kernel 3.19.2 booting fails
  most of the time. The following appears in /var/log/libvirt/qemu
  /ubuntu-vm.log when I try to boot that VM with kernel 3.19.2:

  2015-03-23 02:44:18.801+: starting up
  LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
QEMU_AUDIO_DRV=spice /usr/bin/qemu-system-x86_64 -name ubuntu-vm -S -machine 
pc-i440fx-2.1,accel=kvm,usb=off -cpu Haswell -m 2048 -realtime mlock=off -smp 
4,sockets=4,cores=1,threads=1 -uuid 395110dc-9fbe-4542-8fce-4ef958f24b2c 
-no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/ubuntu-vm.monitor,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global 
PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device 
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device 
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4 -drive 
file=/var/lib/libvirt/images/ubuntusaucy.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
 -drive 
file=/var/lib/libvirt/images/ubuntu-14.04-mini.iso,if=none,id=drive-ide0-0-0,readonly=on,format=raw
 -device ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=2 
-netdev tap,fd=22,id=hostnet0,vhost=on,vhostfd=23 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:5e:71:5e,bus=pci.0,addr=0x3 
-chardev spicevmc,id=charchannel0,name=vdagent -device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
 -spice port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on 
-device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 
-chardev spicevmc,id=charredir0,name=usbredir -device 
usb-redir,chardev=charredir0,id=redir0 -chardev 
spicevmc,id=charredir1,name=usbredir -device 
usb-redir,chardev=charredir1,id=redir1 -chardev 
spicevmc,id=charredir2,name=usbredir -device 
usb-redir,chardev=charredir2,id=redir2 -chardev 
spicevmc,id=charredir3,name=usbredir -device 
usb-redir,chardev=charredir3,id=redir3 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -object 
rng-random,id=rng0,filename=/dev/random -device 
virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x9 -msg timestamp=on
  main_channel_link: add main channel client
  main_channel_handle_parsed: net test: latency 0.229000 ms, bitrate 
284 bps (27126.736111 Mbps)
  red_dispatcher_set_cursor_peer: 
  inputs_connect: inputs channel client create
  ((null):30728): SpiceWorker-ERROR **: 
red_worker.c:8337:red_marshall_qxl_drawable: invalid type
  KVM: injection failed, MSI lost (Input/output error)
  qemu-system-x86_64: /home/bart/software/qemu-2.2.1/hw/net/vhost_net.c:264: 
vhost_net_stop_one: Assertion `r >= 0' failed.
  2015-03-23 02:44:44.952+: shutting down

  That message is similar to the message reported by the older qemu
  version provided by openSuse (qemu 2.1.0 + qemu-kvm 2.1.0):

  2015-03-21 13:51:00.724+: starting up
  LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
QEMU_AUDIO_DRV=spice /usr/bin/qemu-system-x86_64 -name ubuntu-vm -S -machine 
pc-i440fx-2.1,accel=kvm,usb=off -cpu Haswell -m 1024 -realtime mlock=off -smp 
4,sockets=4,cores=1,threads=1 -uuid 395110dc-9fbe-4542-8fce-4ef958f24b2c 
-no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/ubuntu-vm.monitor,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global 
PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device 
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device 
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr
  =0x5 -device 
ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device 
ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device 
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive 
file=/var/lib/libvirt/images/ubuntusaucy.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
 -device 
virti

  1   2   >