Re: [Qemu-devel] Arm virtual machine networking problem with build for 64bit host

[mar.krzeminski]

Hello,

Problem solved, there was bug in my gmac model, that cause writes 
outside my gmac device state structure.

That leads to such (undefined) behaviour.

Regards,
Marcin


W dniu 10.10.2015 o 22:34, mar.krzeminski pisze:

Hello,

I have my own virtual machine (already asked some questions about that 
here).
I also have my own gmac model. I am building qemu (version 2.4.0.1) 
for 32 and 64 linux hosts.
The problem is with 64 bit binary. If I run as guest under qemu linux, 
I could not even ping my machine.
In 32 bit version it works fine. And if I run in this 64 bit host 
u-boot pingf from u-boot qorks fine.
From debugging it seems that under linux (32 bit arm) started on 64 
linux host can_receive function from my model,
is called only once when virtual machine is booting, there is no 
furthers call so that is why I can not ping.

I am running qemu in this way (based on yocto scripts):

/qemu-system-arm -kernel zImage.bin -net nic,vlan=0 -net 
tap,vlan=0,ifname=tap0,script=no,downscript=no -M macine-a9 -dtb 
zImage.dtb -serial null -serial null -serial null -serial mon:stdio 
-serial null -nographic -smp 2 -readconfig config -m 512 --append 
"ip=192.168.7.2::192.168.7.1:255.255.255.0 noinitrd 
console=ttyS3,19200 earlyprintk debug=31"/


As there is lack of documentation (or maybe there is but I haven't got 
it ), my question is where should I start debugging what is going wrong?
As for now it seems that my model does not receive ping and it is not 
asked if can receive one. Situation is same when I ping from quest the 
host's tap,

or from host guest machine.

Regards,
Marcin

Re: [Qemu-devel] [PATCH v4 3/3] pcie: Add support for Single Root I/O Virtualization (SR/IOV)

[Knut Omang]

On Wed, 2015-10-07 at 18:06 +0300, Marcel Apfelbaum wrote:
> On 09/12/2015 03:36 PM, Knut Omang wrote:
> > This patch provides the building blocks for creating an SR/IOV
> > PCIe Extended Capability header and register/unregister
> > SR/IOV Virtual Functions.
> > 
> > Signed-off-by: Knut Omang 
> > ---
> >   hw/pci/Makefile.objs|   2 +-
> >   hw/pci/pci.c|  99 
> >   hw/pci/pcie.c   |   9 +-
> >   hw/pci/pcie_sriov.c | 271
> > 
> >   include/hw/pci/pci.h|  11 +-
> >   include/hw/pci/pcie.h   |   6 +
> >   include/hw/pci/pcie_sriov.h |  55 +
> >   include/qemu/typedefs.h |   2 +
> >   8 files changed, 426 insertions(+), 29 deletions(-)
> >   create mode 100644 hw/pci/pcie_sriov.c
> >   create mode 100644 include/hw/pci/pcie_sriov.h
> > 
> > diff --git a/hw/pci/Makefile.objs b/hw/pci/Makefile.objs
> > index 9f905e6..2226980 100644
> > --- a/hw/pci/Makefile.objs
> > +++ b/hw/pci/Makefile.objs
> > @@ -3,7 +3,7 @@ common-obj-$(CONFIG_PCI) += msix.o msi.o
> >   common-obj-$(CONFIG_PCI) += shpc.o
> >   common-obj-$(CONFIG_PCI) += slotid_cap.o
> >   common-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
> > -common-obj-$(CONFIG_PCI) += pcie.o pcie_aer.o pcie_port.o
> > +common-obj-$(CONFIG_PCI) += pcie.o pcie_aer.o pcie_port.o
> > pcie_sriov.o
> > 
> >   common-obj-$(call lnot,$(CONFIG_PCI)) += pci-stub.o
> >   common-obj-$(CONFIG_ALL) += pci-stub.o
> > diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> > index a5cc015..9c0eba1 100644
> > --- a/hw/pci/pci.c
> > +++ b/hw/pci/pci.c
> > @@ -153,6 +153,9 @@ int pci_bar(PCIDevice *d, int reg)
> >   {
> >   uint8_t type;
> > 
> > +/* PCIe virtual functions do not have their own BARs */
> > +assert(!pci_is_vf(d));
> > +
> >   if (reg != PCI_ROM_SLOT)
> >   return PCI_BASE_ADDRESS_0 + reg * 4;
> > 
> > @@ -211,22 +214,13 @@ void pci_device_deassert_intx(PCIDevice *dev)
> >   }
> >   }
> > 
> > -static void pci_do_device_reset(PCIDevice *dev)
> > +static void pci_reset_regions(PCIDevice *dev)
> >   {
> >   int r;
> > +if (pci_is_vf(dev)) {
> > +return;
> > +}
> > 
> > -pci_device_deassert_intx(dev);
> > -assert(dev->irq_state == 0);
> > -
> > -/* Clear all writable bits */
> > -pci_word_test_and_clear_mask(dev->config + PCI_COMMAND,
> > - pci_get_word(dev->wmask +
> > PCI_COMMAND) |
> > - pci_get_word(dev->w1cmask +
> > PCI_COMMAND));
> > -pci_word_test_and_clear_mask(dev->config + PCI_STATUS,
> > - pci_get_word(dev->wmask +
> > PCI_STATUS) |
> > - pci_get_word(dev->w1cmask +
> > PCI_STATUS));
> > -dev->config[PCI_CACHE_LINE_SIZE] = 0x0;
> > -dev->config[PCI_INTERRUPT_LINE] = 0x0;
> >   for (r = 0; r < PCI_NUM_REGIONS; ++r) {
> >   PCIIORegion *region = &dev->io_regions[r];
> >   if (!region->size) {
> > @@ -240,6 +234,27 @@ static void pci_do_device_reset(PCIDevice
> > *dev)
> >   pci_set_long(dev->config + pci_bar(dev, r), region
> > ->type);
> >   }
> >   }
> > +}
> > +
> > +static void pci_do_device_reset(PCIDevice *dev)
> > +{
> > +qdev_reset_all(&dev->qdev);
> > +
> > +dev->irq_state = 0;
> > +pci_update_irq_status(dev);
> > +pci_device_deassert_intx(dev);
> > +assert(dev->irq_state == 0);
> > +
> > +/* Clear all writable bits */
> > +pci_word_test_and_clear_mask(dev->config + PCI_COMMAND,
> > + pci_get_word(dev->wmask +
> > PCI_COMMAND) |
> > + pci_get_word(dev->w1cmask +
> > PCI_COMMAND));
> > +pci_word_test_and_clear_mask(dev->config + PCI_STATUS,
> > + pci_get_word(dev->wmask +
> > PCI_STATUS) |
> > + pci_get_word(dev->w1cmask +
> > PCI_STATUS));
> > +dev->config[PCI_CACHE_LINE_SIZE] = 0x0;
> > +dev->config[PCI_INTERRUPT_LINE] = 0x0;
> > +pci_reset_regions(dev);
> >   pci_update_mappings(dev);
> > 
> >   msi_reset(dev);
> > @@ -771,6 +786,15 @@ static void pci_init_multifunction(PCIBus
> > *bus, PCIDevice *dev, Error **errp)
> >   dev->config[PCI_HEADER_TYPE] |=
> > PCI_HEADER_TYPE_MULTI_FUNCTION;
> >   }
> > 
> > +/* With SR/IOV and ARI, a device at function 0 need not be a
> > multifunction
> > + * device, as it may just be a VF that ended up with function
> > 0 in
> > + * the legacy PCI interpretation. Avoid failing in such cases:
> > + */
> > +if (pci_is_vf(dev) &&
> > +dev->exp.sriov_vf.pf->cap_present &
> > QEMU_PCI_CAP_MULTIFUNCTION) {
> > +return;
> > +}
> > +
> >   /*
> >* multifunction bit is interpreted in two ways as follows.
> >*   - all functions must set the bit to 1.
> > @@ -962,6 +986,7 @@ void pci_register_bar(PCIDevice *pci_dev, int
> > reg

Re: [Qemu-devel] [PATCH v2] armv7-m: exit on external reset request

[Peter Crosthwaite]

Looks great. But I think you want to split this into staged patches.
Use git reset HEAD^ to undo the git commit (but keep the file changes)
then git add -p to select hunks to stage. Then commit the logically
sequential groups of changes as indiv. patches. A general rule is you
should try and avoid commiting refactorings along with new features. I
see 3 patches here.

On Sat, Oct 10, 2015 at 11:54 AM, Michael Davidsaver
 wrote:
> Implement the SYSRESETREQ bit of the AIRCR register
> for armv7-m (ie. cortex-m3) to trigger a GPIO out.
>

This is probably the second patch (your new self-contained feature).

> Change armv7m_init to return the DeviceState* for the NVIC.
> This allows access to all GPIO blocks, not just the IRQ inputs.
> Move qdev_get_gpio_in() calls out of armv7m_init() into
> board code for stellaris and stm32f205 boards.
>

This is the first patch (refactorings).

Ideally we do this in a more QOM-correct way like with the A-class
MPCores but this rework actually gets us closer to that, so I see the
value in taking this as the first step. The function that now returns
a DeviceState is easily reworked to be a QOM object construction.

> Add GPIO in for the stellaris board which calls
> qemu_system_reset_request() on reset request.

Third patch (connect it all up).

Regards,
Peter

> ---
>  hw/arm/armv7m.c|  9 ++---
>  hw/arm/stellaris.c | 36 +---
>  hw/arm/stm32f205_soc.c | 13 ++---
>  hw/intc/armv7m_nvic.c  |  7 ++-
>  include/hw/arm/arm.h   |  2 +-
>  5 files changed, 40 insertions(+), 27 deletions(-)
>

Re: [Qemu-devel] [PATCH 3/3] armv7-m: add MPU to cortex-m3 and cortex-m4

[Peter Crosthwaite]

On Fri, Oct 9, 2015 at 6:28 AM, Michael Davidsaver
 wrote:
> The M series MPU is almost the same as the already
> implemented R series MPU.  So use the M series
> and translate as best we can.
>

There is some work on list for this that never got a respin:

https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg01945.html

> The HFNMIENA bit in MPU_CTRL is not implemented.
>
> Implement CFSR and MMFAR to report fault address
> to MemManage handler.
>
> Add MPU feature flag to cortex-m3 and -m4.
> ---
>  hw/intc/armv7m_nvic.c | 154 
> --
>  target-arm/cpu-qom.h  |   4 ++
>  target-arm/cpu.c  |  14 +
>  target-arm/helper.c   |   7 +++
>  4 files changed, 174 insertions(+), 5 deletions(-)
>
> diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
> index a671d84..94011cf 100644
> --- a/hw/intc/armv7m_nvic.c
> +++ b/hw/intc/armv7m_nvic.c
> @@ -245,12 +245,11 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t 
> offset)
>  if (s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled) val |= (1 << 18);
>  return val;
>  case 0xd28: /* Configurable Fault Status.  */
> -/* TODO: Implement Fault Status.  */
> -qemu_log_mask(LOG_UNIMP, "Configurable Fault Status 
> unimplemented\n");
> -return 0;
> +return ARM_CPU(current_cpu)->pmsav7_cfsr;

You should avoid dereferenced inline QOM casts and create a local variable.

> +case 0xd34: /* MMFAR MemManage Fault Address */
> +return ARM_CPU(current_cpu)->pmsav7_mmfar;

Why reorder the addresses in the switch?

>  case 0xd2c: /* Hard Fault Status.  */
>  case 0xd30: /* Debug Fault Status.  */
> -case 0xd34: /* Mem Manage Address.  */
>  case 0xd38: /* Bus Fault Address.  */
>  case 0xd3c: /* Aux Fault Status.  */
>  /* TODO: Implement fault status registers.  */
> @@ -283,6 +282,55 @@ static uint32_t nvic_readl(nvic_state *s, uint32_t 
> offset)
>  case 0xd70: /* ISAR4.  */
>  return 0x01310102;
>  /* TODO: Implement debug registers.  */
> +case 0xd90: /* MPU_TYPE */
> +cpu = ARM_CPU(current_cpu);
> +return cpu->has_mpu ? (cpu->pmsav7_dregion<<8) : 0;
> +break;
> +case 0xd94: /* MPU_CTRL */
> +val = 0;
> +cpu = ARM_CPU(current_cpu);
> +if(cpu->env.cp15.sctlr_el[0] & SCTLR_M)
> +val |= 1; /* ENABLE */
> +/* HFNMIENA not implemented, see nvic_writel() */
> +if(cpu->env.cp15.sctlr_el[0] & SCTLR_BR)
> +val |= 4; /* PRIVDEFENA */
> +return val;
> +case 0xd98: /* MPU_RNR */
> +return ARM_CPU(current_cpu)->env.cp15.c6_rgnr;
> +case 0xd9c: /* MPU_RBAR */
> +case 0xda4: /* MPU_RBAR_A1 */
> +case 0xdaC: /* MPU_RBAR_A2 */
> +case 0xdb4: /* MPU_RBAR_A3 */
> +{
> +uint32_t range;
> +cpu = ARM_CPU(current_cpu);
> +if(offset==0xd9c)

spaces around ==

> +range = cpu->env.cp15.c6_rgnr;
> +else
> +range = (offset-0xda4)/8;
> +
> +if(range>=cpu->pmsav7_dregion) return 0;

{} for if body, return on new line. If you run your patch through
scripts/checkpatch.pl it will detect some of these conventions.

> +
> +return (cpu->env.pmsav7.drbar[range]&(0x1f)) | (range&0xf);

Spaces around &, parentheses around hex constant not needed.

> +}
> +case 0xda0: /* MPU_RASR */
> +case 0xda8: /* MPU_RASR_A1 */
> +case 0xdb0: /* MPU_RASR_A2 */
> +case 0xdb8: /* MPU_RASR_A3 */
> +{
> +uint32_t range;
> +cpu = ARM_CPU(current_cpu);
> +
> +if(offset==0xda0)
> +range = cpu->env.cp15.c6_rgnr;
> +else
> +range = (offset-0xda8)/8;
> +
> +if(range>=cpu->pmsav7_dregion) return 0;
> +
> +return ((cpu->env.pmsav7.dracr[range]&0x)<<16)
> +| (cpu->env.pmsav7.drsr[range]&0x);
> +}

More style nits here.

Regards,
Peter

>  default:
>  qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", 
> offset);
>  return 0;
> @@ -376,14 +424,110 @@ static void nvic_writel(nvic_state *s, uint32_t 
> offset, uint32_t value)
>  s->gic.irq_state[ARMV7M_EXCP_USAGE].enabled = (value & (1 << 18)) != 
> 0;
>  break;

Re: [Qemu-devel] [PATCH 2/3] armv7-m: fix non-IRQ exceptions

[Peter Crosthwaite]

On Fri, Oct 9, 2015 at 6:28 AM, Michael Davidsaver
 wrote:
> Handlers will not be entered unless v7m.exception is updated.
> For example, an invalid instruction won't invoke UsageError,
> but rather re-executes the invalid instruction forever.
>
> Add warn and fix of mis-aligned handlers.
>
> Ensure exception return "addresses" always fault,
> and trap them just before the EXCP_DATA_ABORT
> handler would be invoked and execute return instead
> of MemManage.
> This removes the need for the "armv7m.hack" MemoryRegion.
> ---
>  hw/arm/armv7m.c |  8 
>  target-arm/helper.c | 27 +--
>  2 files changed, 21 insertions(+), 14 deletions(-)
>
> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> index eb214db..0fc95de 100644
> --- a/hw/arm/armv7m.c
> +++ b/hw/arm/armv7m.c
> @@ -178,7 +178,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
> mem_size, int num_irq,
>  uint64_t lowaddr;
>  int i;
>  int big_endian;
> -MemoryRegion *hack = g_new(MemoryRegion, 1);
>
>  if (cpu_model == NULL) {
> cpu_model = "cortex-m3";
> @@ -226,13 +225,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
> mem_size, int num_irq,
>  }
>  }
>
> -/* Hack to map an additional page of ram at the top of the address
> -   space.  This stops qemu complaining about executing code outside RAM
> -   when returning from an exception.  */
> -memory_region_init_ram(hack, NULL, "armv7m.hack", 0x1000, &error_fatal);
> -vmstate_register_ram_global(hack);
> -memory_region_add_subregion(system_memory, 0xf000, hack);
> -

CC PMM, Alistair and Marcin. They were discussing this recently.

Regards,
Peter

>  qemu_register_reset(armv7m_reset, cpu);
>  return pic;
>  }
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 8367997..56b238f 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -5346,18 +5346,23 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
>  switch (cs->exception_index) {
>  case EXCP_UDEF:
>  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
> -return;
> +env->v7m.exception = ARMV7M_EXCP_USAGE;
> +break;
>  case EXCP_SWI:
>  /* The PC already points to the next instruction.  */
>  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
> -return;
> +env->v7m.exception = ARMV7M_EXCP_SVC;
> +break;
>  case EXCP_PREFETCH_ABORT:
>  case EXCP_DATA_ABORT:
> -/* TODO: if we implemented the MPU registers, this is where we
> - * should set the MMFAR, etc from exception.fsr and 
> exception.vaddress.
> - */
> +if(env->v7m.exception!=0 && env->exception.vaddress>=0xfff0) {
> +/* this isn't a real fault, but rather a result of return from 
> interrupt */
> +do_v7m_exception_exit(env);
> +return;
> +}
>  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
> -return;
> +env->v7m.exception = ARMV7M_EXCP_MEM;
> +break;
>  case EXCP_BKPT:
>  if (semihosting_enabled()) {
>  int nr;
> @@ -5407,6 +5412,12 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
>  addr = ldl_phys(cs->as, env->v7m.vecbase + env->v7m.exception * 4);
>  env->regs[15] = addr & 0xfffe;
>  env->thumb = addr & 1;
> +if(!env->thumb) {
> +qemu_log_mask(LOG_GUEST_ERROR,
> +  "M profile interrupt handler with misaligned "
> +  "PC is UNPREDICTABLE\n");
> +env->thumb = 1;
> +}
>  }
>
>  /* Function used to synchronize QEMU's AArch64 register set with AArch32
> @@ -6682,6 +6693,10 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, 
> uint32_t address,
>  *phys_ptr = address;
>  *prot = 0;
>
> +/* ensure exception returns take precidence */
> +if(env->v7m.exception!=0 && env->exception.vaddress>=0xfff0)
> +return true;
> +
>  if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
>  get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
>  } else { /* MPU enabled */
> --
> 2.1.4
>

[Qemu-devel] [PATCH] Qemu/Xen: Fix early freeing MSIX MMIO memory region

[Lan Tianyu]

From: >

msix->mmio is added to XenPCIPassthroughState's object as property.
object_finalize_child_property is called for XenPCIPassthroughState's
object, which calls object_property_del_all, which is going to try to
delete msix->mmio. object_finalize_child_property() will access
msix->mmio's obj. But the whole msix struct has already been freed
by xen_pt_msix_delete. This will cause segment fault when msix->mmio
has been overwritten.

This patch is to fix the issue.

Signed-off-by: Lan Tianyu 
---
 hw/xen/xen_pt.c |8 
 hw/xen/xen_pt.h |1 +
 hw/xen/xen_pt_config_init.c |2 +-
 hw/xen/xen_pt_msi.c |   13 -
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 2b54f52..aa96288 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -938,10 +938,18 @@ static void xen_pci_passthrough_class_init(ObjectClass 
*klass, void *data)
 dc->props = xen_pci_passthrough_properties;
 };
 
+static void xen_pci_passthrough_finalize(Object *obj)
+{
+XenPCIPassthroughState *s = XEN_PT_DEVICE(obj);
+
+xen_pt_msix_delete(s);
+}
+
 static const TypeInfo xen_pci_passthrough_info = {
 .name = TYPE_XEN_PT_DEVICE,
 .parent = TYPE_PCI_DEVICE,
 .instance_size = sizeof(XenPCIPassthroughState),
+.instance_finalize = xen_pci_passthrough_finalize,
 .class_init = xen_pci_passthrough_class_init,
 };
 
diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index 3bc22eb..c545280 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -305,6 +305,7 @@ void xen_pt_msi_disable(XenPCIPassthroughState *s);
 
 int xen_pt_msix_init(XenPCIPassthroughState *s, uint32_t base);
 void xen_pt_msix_delete(XenPCIPassthroughState *s);
+void xen_pt_msix_unmap(XenPCIPassthroughState *s);
 int xen_pt_msix_update(XenPCIPassthroughState *s);
 int xen_pt_msix_update_remap(XenPCIPassthroughState *s, int bar_index);
 void xen_pt_msix_disable(XenPCIPassthroughState *s);
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 4a5bc11..0efee11 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -2079,7 +2079,7 @@ void xen_pt_config_delete(XenPCIPassthroughState *s)
 
 /* free MSI/MSI-X info table */
 if (s->msix) {
-xen_pt_msix_delete(s);
+xen_pt_msix_unmap(s);
 }
 g_free(s->msi);
 
diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c
index e3d7194..82de2bc 100644
--- a/hw/xen/xen_pt_msi.c
+++ b/hw/xen/xen_pt_msi.c
@@ -610,7 +610,7 @@ error_out:
 return rc;
 }
 
-void xen_pt_msix_delete(XenPCIPassthroughState *s)
+void xen_pt_msix_unmap(XenPCIPassthroughState *s)
 {
 XenPTMSIX *msix = s->msix;
 
@@ -627,6 +627,17 @@ void xen_pt_msix_delete(XenPCIPassthroughState *s)
 }
 
 memory_region_del_subregion(&s->bar[msix->bar_index], &msix->mmio);
+}
+
+void xen_pt_msix_delete(XenPCIPassthroughState *s)
+{
+XenPTMSIX *msix = s->msix;
+
+if (!msix) {
+return;
+}
+
+object_unparent(OBJECT(&msix->mmio));
 
 g_free(s->msix);
 s->msix = NULL;
-- 
1.7.9.5

[Qemu-devel] [RFC 3/4] ahci: Add allwinner AHCI

[Peter Crosthwaite]

Add a Sysbus AHCI subclass for the Allwinner AHCI. It has a few extra
vendor specific registers that are used for phy and power init.

Signed-off-by: Peter Crosthwaite 
---
 hw/ide/ahci.c | 98 +++
 hw/ide/ahci.h | 16 ++
 2 files changed, 114 insertions(+)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index eff01b2..a7fa147 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1692,9 +1692,107 @@ static const TypeInfo sysbus_ahci_info = {
 .class_init= sysbus_ahci_class_init,
 };
 
+#define ALLWINNER_AHCI_MMIO_OFF  0x80
+#define ALLWINNER_AHCI_MMIO_SIZE 0x80
+
+#define ALLWINNER_AHCI_BISTAFR((0xa0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTCR ((0xa4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTFCTR   ((0xa8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTSR ((0xac - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_BISTDECR   ((0xb0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_DIAGNR0((0xb4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_DIAGNR1((0xb8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_OOBR   ((0xbc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS0R((0xc0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS1R((0xc4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PHYCS2R((0xc8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_TIMER1MS   ((0xe0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_GPARAM1R   ((0xe8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_GPARAM2R   ((0xec - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_PPARAMR((0xf0 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_TESTR  ((0xf4 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_VERSIONR   ((0xf8 - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_IDR((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+#define ALLWINNER_AHCI_RWCR   ((0xfc - ALLWINNER_AHCI_MMIO_OFF) / 4)
+
+static uint64_t allwinner_ahci_mem_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+AllwinnerAHCIState *a = opaque;
+uint64_t val = a->regs[addr/4];
+
+switch (addr / 4) {
+case ALLWINNER_AHCI_PHYCS0R:
+val |= 0x2 << 28;
+break;
+case ALLWINNER_AHCI_PHYCS2R:
+val &= ~(0x1 << 24);
+break;
+}
+DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n",
+addr, val, size);
+return  val;
+}
+
+static void allwinner_ahci_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+AllwinnerAHCIState *a = opaque;
+
+DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n",
+addr, val, size);
+a->regs[addr/4] = val;
+}
+
+static const MemoryRegionOps allwinner_ahci_mem_ops = {
+.read = allwinner_ahci_mem_read,
+.write = allwinner_ahci_mem_write,
+.valid.min_access_size = 4,
+.valid.max_access_size = 4,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void allwinner_ahci_init(Object *obj)
+{
+SysbusAHCIState *s = SYSBUS_AHCI(obj);
+AllwinnerAHCIState *a = ALLWINNER_AHCI(obj);
+
+memory_region_init_io(&a->mmio, OBJECT(obj), &allwinner_ahci_mem_ops, a,
+  "allwinner_ahci", ALLWINNER_AHCI_MMIO_SIZE);
+memory_region_add_subregion(&s->ahci.mem, ALLWINNER_AHCI_MMIO_OFF,
+&a->mmio);
+}
+
+static const VMStateDescription vmstate_allwinner_ahci = {
+.name = "a10.pic",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32_ARRAY(regs, AllwinnerAHCIState,
+ ALLWINNER_AHCI_MMIO_SIZE/4),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void allwinner_ahci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->vmsd = &vmstate_allwinner_ahci;
+}
+
+static const TypeInfo allwinner_ahci_info = {
+.name  = TYPE_ALLWINNER_AHCI,
+.parent= TYPE_SYSBUS_AHCI,
+.instance_size = sizeof(AllwinnerAHCIState),
+.instance_init = allwinner_ahci_init,
+.class_init= allwinner_ahci_class_init,
+};
+
 static void sysbus_ahci_register_types(void)
 {
 type_register_static(&sysbus_ahci_info);
+type_register_static(&allwinner_ahci_info);
 }
 
 type_init(sysbus_ahci_register_types)
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index 4ccaf5d..8973249 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -386,4 +386,20 @@ typedef struct SysbusAHCIState {
 uint32_t num_ports;
 } SysbusAHCIState;
 
+#define TYPE_ALLWINNER_AHCI "allwinner-ahci"
+#define ALLWINNER_AHCI(obj) OBJECT_CHECK(AllwinnerAHCIState, (obj), \
+   TYPE_ALLWINNER_AHCI)
+
+#define ALLWINNER_AHCI_MMIO_OFF  0x80
+#define ALLWINNER_AHCI_MMIO_SIZE 0x80
+
+typedef struct AllwinnerAHCIState {
+/*<

[Qemu-devel] [RFC 0/4] AHCI patches + Allwinner SATA

[Peter Crosthwaite]

Hi John and Beniamino,

This patch series adds bear-minimum Allwinner SATA support.

P1 is a trivial to help debug AHCI.

Regards,
Peter

Peter Crosthwaite (4):
  ahci: Add some MMIO debug printfs
  ahci: split realize and init
  ahci: Add allwinner AHCI
  arm: allwinner-a10: Add SATA

 hw/arm/allwinner-a10.c |  11 +++
 hw/ide/ahci.c  | 155 -
 hw/ide/ahci.h  |  19 -
 hw/ide/ich.c   |  10 ++-
 include/hw/arm/allwinner-a10.h |   5 ++
 5 files changed, 179 insertions(+), 21 deletions(-)

-- 
1.9.1

[Qemu-devel] [RFC 1/4] ahci: Add some MMIO debug printfs

[Peter Crosthwaite]

These are useful for bringup of AHCI.

Signed-off-by: Peter Crosthwaite 
---
 hw/ide/ahci.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 796be15..4cfce8f 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -378,17 +378,23 @@ static uint64_t ahci_mem_read(void *opaque, hwaddr addr, 
unsigned size)
 int ofst = addr - aligned;
 uint64_t lo = ahci_mem_read_32(opaque, aligned);
 uint64_t hi;
+uint64_t val;
 
 /* if < 8 byte read does not cross 4 byte boundary */
 if (ofst + size <= 4) {
-return lo >> (ofst * 8);
+val = lo >> (ofst * 8);
+} else {
+g_assert_cmpint(size, >, 1);
+
+/* If the 64bit read is unaligned, we will produce undefined
+ * results. AHCI does not support unaligned 64bit reads. */
+hi = ahci_mem_read_32(opaque, aligned + 4);
+val = (hi << 32 | lo) >> (ofst * 8);
 }
-g_assert_cmpint(size, >, 1);
 
-/* If the 64bit read is unaligned, we will produce undefined
- * results. AHCI does not support unaligned 64bit reads. */
-hi = ahci_mem_read_32(opaque, aligned + 4);
-return (hi << 32 | lo) >> (ofst * 8);
+DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n",
+addr, val, size);
+return val;
 }
 
 
@@ -397,6 +403,9 @@ static void ahci_mem_write(void *opaque, hwaddr addr,
 {
 AHCIState *s = opaque;
 
+DPRINTF(-1, "addr=0x%" HWADDR_PRIx " val=0x%" PRIx64 ", size=%d\n",
+addr, val, size);
+
 /* Only aligned reads are allowed on AHCI */
 if (addr & 3) {
 fprintf(stderr, "ahci: Mis-aligned write to addr 0x"
-- 
1.9.1

[Qemu-devel] [RFC 2/4] ahci: split realize and init

[Peter Crosthwaite]

Do the init level tasks asap and the realize later (mainly when
num_ports is available). This allows sub-class realize routines
to work with the device post-init.

Signed-off-by: Peter Crosthwaite 
---
 hw/ide/ahci.c | 36 +++-
 hw/ide/ahci.h |  3 ++-
 hw/ide/ich.c  | 10 +-
 3 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 4cfce8f..eff01b2 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1436,24 +1436,26 @@ static const IDEDMAOps ahci_dma_ops = {
 .cmd_done = ahci_cmd_done,
 };
 
-void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
+void ahci_init(AHCIState *s, DeviceState *qdev)
 {
-qemu_irq *irqs;
-int i;
-
-s->as = as;
-s->ports = ports;
-s->dev = g_new0(AHCIDevice, ports);
 s->container = qdev;
-ahci_reg_init(s);
 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s,
   "ahci", AHCI_MEM_BAR_SIZE);
 memory_region_init_io(&s->idp, OBJECT(qdev), &ahci_idp_ops, s,
   "ahci-idp", 32);
+}
 
-irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
+void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
+{
+qemu_irq *irqs;
+int i;
 
+s->as = as;
+s->ports = ports;
+s->dev = g_new0(AHCIDevice, ports);
+ahci_reg_init(s);
+irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
 for (i = 0; i < s->ports; i++) {
 AHCIDevice *ad = &s->dev[i];
 
@@ -1648,17 +1650,24 @@ static void sysbus_ahci_reset(DeviceState *dev)
 ahci_reset(&s->ahci);
 }
 
-static void sysbus_ahci_realize(DeviceState *dev, Error **errp)
+static void sysbus_ahci_init(Object *obj)
 {
-SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
-SysbusAHCIState *s = SYSBUS_AHCI(dev);
+SysbusAHCIState *s = SYSBUS_AHCI(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 
-ahci_init(&s->ahci, dev, &address_space_memory, s->num_ports);
+ahci_init(&s->ahci, DEVICE(obj));
 
 sysbus_init_mmio(sbd, &s->ahci.mem);
 sysbus_init_irq(sbd, &s->ahci.irq);
 }
 
+static void sysbus_ahci_realize(DeviceState *dev, Error **errp)
+{
+SysbusAHCIState *s = SYSBUS_AHCI(dev);
+
+ahci_realize(&s->ahci, dev, &address_space_memory, s->num_ports);
+}
+
 static Property sysbus_ahci_properties[] = {
 DEFINE_PROP_UINT32("num-ports", SysbusAHCIState, num_ports, 1),
 DEFINE_PROP_END_OF_LIST(),
@@ -1679,6 +1688,7 @@ static const TypeInfo sysbus_ahci_info = {
 .name  = TYPE_SYSBUS_AHCI,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(SysbusAHCIState),
+.instance_init = sysbus_ahci_init,
 .class_init= sysbus_ahci_class_init,
 };
 
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index c9b3805..4ccaf5d 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -366,7 +366,8 @@ typedef struct SDBFIS {
 uint32_t payload;
 } QEMU_PACKED SDBFIS;
 
-void ahci_init(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports);
+void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int 
ports);
+void ahci_init(AHCIState *s, DeviceState *qdev);
 void ahci_uninit(AHCIState *s);
 
 void ahci_reset(AHCIState *s);
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index 350c7f1..16925fa 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -97,6 +97,13 @@ static void pci_ich9_reset(DeviceState *dev)
 ahci_reset(&d->ahci);
 }
 
+static void pci_ich9_ahci_init(Object *obj)
+{
+struct AHCIPCIState *d = ICH_AHCI(obj);
+
+ahci_init(&d->ahci, DEVICE(obj));
+}
+
 static void pci_ich9_ahci_realize(PCIDevice *dev, Error **errp)
 {
 struct AHCIPCIState *d;
@@ -104,7 +111,7 @@ static void pci_ich9_ahci_realize(PCIDevice *dev, Error 
**errp)
 uint8_t *sata_cap;
 d = ICH_AHCI(dev);
 
-ahci_init(&d->ahci, DEVICE(dev), pci_get_address_space(dev), 6);
+ahci_realize(&d->ahci, DEVICE(dev), pci_get_address_space(dev), 6);
 
 pci_config_set_prog_interface(dev->config, AHCI_PROGMODE_MAJOR_REV_1);
 
@@ -171,6 +178,7 @@ static const TypeInfo ich_ahci_info = {
 .name  = TYPE_ICH9_AHCI,
 .parent= TYPE_PCI_DEVICE,
 .instance_size = sizeof(AHCIPCIState),
+.instance_init = pci_ich9_ahci_init,
 .class_init= ich_ahci_class_init,
 };
 
-- 
1.9.1

[Qemu-devel] [RFC 4/4] arm: allwinner-a10: Add SATA

[Peter Crosthwaite]

Add the Allwinner A10 AHCI controller module to the SoC.

Signed-off-by: Peter Crosthwaite 
---
 hw/arm/allwinner-a10.c | 11 +++
 include/hw/arm/allwinner-a10.h |  5 +
 2 files changed, 16 insertions(+)

diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
index 56e924d..145038d 100644
--- a/hw/arm/allwinner-a10.c
+++ b/hw/arm/allwinner-a10.c
@@ -42,6 +42,9 @@ static void aw_a10_init(Object *obj)
 
 object_initialize(&s->ccm, sizeof(s->ccm), TYPE_AW_A10_CCM);
 qdev_set_parent_bus(DEVICE(&s->ccm), sysbus_get_default());
+
+object_initialize(&s->sata, sizeof(s->sata), TYPE_ALLWINNER_AHCI);
+qdev_set_parent_bus(DEVICE(&s->sata), sysbus_get_default());
 }
 
 static void aw_a10_realize(DeviceState *dev, Error **errp)
@@ -104,6 +107,14 @@ static void aw_a10_realize(DeviceState *dev, Error **errp)
 sysbusdev = SYS_BUS_DEVICE(&s->ccm);
 sysbus_mmio_map(sysbusdev, 0, AW_A10_CCM_REG_BASE);
 
+object_property_set_bool(OBJECT(&s->sata), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->sata), 0, AW_A10_SATA_BASE);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->sata), 0, s->irq[56]);
+
 /* FIXME use a qdev chardev prop instead of serial_hds[] */
 serial_mm_init(get_system_memory(), AW_A10_UART0_REG_BASE, 2, s->irq[1],
115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);
diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
index 88632c0..e0daff8 100644
--- a/include/hw/arm/allwinner-a10.h
+++ b/include/hw/arm/allwinner-a10.h
@@ -8,6 +8,8 @@
 #include "hw/intc/allwinner-a10-pic.h"
 #include "hw/net/allwinner_emac.h"
 #include "hw/misc/allwinner-a10-ccm.h"
+#include "hw/ide/pci.h"
+#include "hw/ide/ahci.h"
 
 #include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
@@ -18,6 +20,7 @@
 #define AW_A10_PIT_REG_BASE 0x01c20c00
 #define AW_A10_UART0_REG_BASE   0x01c28000
 #define AW_A10_EMAC_BASE0x01c0b000
+#define AW_A10_SATA_BASE0x01c18000
 
 #define AW_A10_SDRAM_BASE   0x4000
 
@@ -35,6 +38,8 @@ typedef struct AwA10State {
 AwA10PICState intc;
 AwEmacState emac;
 AwA10CCMState ccm;
+
+AllwinnerAHCIState sata;
 } AwA10State;
 
 #define ALLWINNER_H_
-- 
1.9.1

Re: [Qemu-devel] QEMU+Linux ARMv7A current state

[Peter Crosthwaite]

On Sun, Oct 4, 2015 at 9:09 PM, Guenter Roeck  wrote:
> On 10/04/2015 07:21 PM, Peter Crosthwaite wrote:
>>
>> On Sun, Oct 4, 2015 at 6:08 PM, Guenter Roeck  wrote:
>>>
>>> On 10/04/2015 02:38 PM, Beniamino Galvani wrote:


 On Sun, Oct 04, 2015 at 02:11:35PM -0700, Guenter Roeck wrote:
>
>
> What is your qemu command line ?



 qemu-system-arm \
   -M cubieboard \
   -kernel ../linux/zImage-dtb \
   -serial stdio \
   -append "console=ttyS0 rw root=/dev/nfs
 nfsroot=10.0.0.1:/nfs,v3 ip=10.0.0.22" \
   -m 1024 \
   -net nic,vlan=0,model=allwinner-emac \
   -net tap,vlan=0,ifname=tap0,script=net-up.sh \
   -s \
   -d guest_errors

 Beniamino

>>>
>>> With the mainline kernel and sun4i-a10-cubieboard.dtb, this gives me lots
>>> of
>>>
>>> [2.480983] Division by zero in kernel.
>>> [2.481074] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
>>> 4.3.0-rc3-00055-gdd36d7393d63 #1
>>> [2.481250] Hardware name: Allwinner A1X (Device Tree)
>>> [2.481376] [] (unwind_backtrace) from []
>>> (show_stack+0x10/0x14)
>>> [2.481544] [] (show_stack) from []
>>> (dump_stack+0x78/0x94)
>>> [2.481700] [] (dump_stack) from []
>>> (Ldiv0+0x8/0x10)
>>> [2.481848] [] (Ldiv0) from []
>>> (sun4i_a10_get_mod0_factors+0x74/0xb8)
>>> [2.482024] [] (sun4i_a10_get_mod0_factors) from
>>> []
>>> (clk_factors_determine_rate+0x68/0xfc)
>>> [2.482231] [] (clk_factors_determine_rate) from
>>> []
>>> (clk_composite_determine_rate+0x94/0x1d0)
>>> [2.482443] [] (clk_composite_determine_rate) from
>>> []
>>> (clk_core_round_rate_nolock+0x84/0xa8)
>>> [2.482654] [] (clk_core_round_rate_nolock) from
>>> []
>>> (clk_round_rate+0x38/0x54)
>>> [2.482845] [] (clk_round_rate) from []
>>> (sunxi_mmc_set_ios+0x9c/0x314)
>>> [2.483023] [] (sunxi_mmc_set_ios) from []
>>> (mmc_power_up+0xf8/0x104)
>>> [2.483197] [] (mmc_power_up) from []
>>> (mmc_start_host+0x44/0x6c)
>>> [2.483363] [] (mmc_start_host) from []
>>> (mmc_add_host+0x58/0x7c)
>>> [2.483528] [] (mmc_add_host) from []
>>> (sunxi_mmc_probe+0x488/0x590)
>>> [2.483701] [] (sunxi_mmc_probe) from []
>>> (platform_drv_probe+0x48/0xa4)
>>>
>>
>> I think that's the expected warnings we have been ignoring. I have a
>> hack to make them go away.
>>
>
> Division by zero isn't something that should be ignored.
> Any idea where it is coming from ?
>
> Also, is your hack in the kernel or in qemu ?
>
>>> Do you have a special devicetree file ?
>>>
>>> It also doesn't seem to accept the qemu "initrd" argument, which is
>>> unexpected.
>>>
>>
>> Yes I noticed the same and went to the SATA solution.
>>
>
> Here is a one-line qemu fix for the initrd problem.
>
> diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
> index 1582250..db3ec40 100644
> --- a/hw/arm/cubieboard.c
> +++ b/hw/arm/cubieboard.c
> @@ -71,6 +71,7 @@ static void cubieboard_init(MachineState *machine)
>  cubieboard_binfo.ram_size = machine->ram_size;
>  cubieboard_binfo.kernel_filename = machine->kernel_filename;
>  cubieboard_binfo.kernel_cmdline = machine->kernel_cmdline;
> +cubieboard_binfo.initrd_filename = machine->initrd_filename;
>  arm_load_kernel(&s->a10->cpu, &cubieboard_binfo);
>  }
>
> Guess that is less complex than getting sata to work ?
>

Makes sense. Do you (or Beniamino) want to spin the patch? Ideally we
should support both SATA and initrd.

Regards,
Peter

> Thanks,
> Guenter
>

Re: [Qemu-devel] QEMU+Linux ARMv7A current state

[Peter Crosthwaite]

On Sun, Oct 4, 2015 at 12:56 PM, Beniamino Galvani  wrote:
> On Sat, Oct 03, 2015 at 02:31:08PM -0700, Peter Crosthwaite wrote:
>> QEMU cubieboard has no usable storage media, but the real hardware
>> does have AHCI sata. I added sysbus-ahci at the right place but turns
>> out the SATA controller has some custom power/clock (not really
>> sure??) registers specific to this SoC. It sets/clears bits then polls
>> them back expecting them to change to the other value asynchronously.
>> The kernel device probe then times-out. So I subclassed sysbus-ahci
>> and added the missing registers and forced the polled registers to the
>> "I'm done" state. It works.
>
> Cool, are you going to submit patches for this?
>
>> I am using meta-sunxi Yocto-layer to build out the allwinner custom
>> kernel/rootfs etc, and with the clock and Sata changes I get a boot.
>> But when I change to the unedited kernel+dtb+rootfs I get stuck. RTC
>> messages are around the point of failure which is not modelled in
>> QEMU, so that is suspect.
>
> I don't know, this needs some investigation; on my side a recent
> multi_v7_defconfig kernel, unmodified sun4i-a10-cubieboard.dtb and a
> rootfs built with buildroot mounted through NFS work just fine, with
> the mentioned warnings regarding clk registers and also these:
>

False alarm. There were some guest-side issues getting the login
console. With just the SATA (and/or Guenters initrd fix) we are good.

I'm dropping the CCM patches as they don't add anything real and don't
stop any real functionality.

Regards,
Peter

> Ignoring attempt to switch CPSR_A flag from non-secure world with SCR.AW bit 
> clear
> Ignoring attempt to switch CPSR_F flag from non-secure world with SCR.FW bit 
> clear
>
> which probably would be solved by setting the property 'has_el3' of
> the CPU to false before realization.
>
> Beniamino

Re: [Qemu-devel] [PATCH 2/3] armv7-m: fix non-IRQ exceptions

[Michael Davidsaver]

I'm starting to doubt my diagnosis.  The bug may be in my understanding of
the interrupt priorities.  I'll have to do another test program.
On Oct 11, 2015 11:25 AM, "Peter Crosthwaite" 
wrote:

> On Fri, Oct 9, 2015 at 6:28 AM, Michael Davidsaver
>  wrote:
> > Handlers will not be entered unless v7m.exception is updated.
> > For example, an invalid instruction won't invoke UsageError,
> > but rather re-executes the invalid instruction forever.
> >
> > Add warn and fix of mis-aligned handlers.
> >
> > Ensure exception return "addresses" always fault,
> > and trap them just before the EXCP_DATA_ABORT
> > handler would be invoked and execute return instead
> > of MemManage.
> > This removes the need for the "armv7m.hack" MemoryRegion.
> > ---
> >  hw/arm/armv7m.c |  8 
> >  target-arm/helper.c | 27 +--
> >  2 files changed, 21 insertions(+), 14 deletions(-)
> >
> > diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> > index eb214db..0fc95de 100644
> > --- a/hw/arm/armv7m.c
> > +++ b/hw/arm/armv7m.c
> > @@ -178,7 +178,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
> int mem_size, int num_irq,
> >  uint64_t lowaddr;
> >  int i;
> >  int big_endian;
> > -MemoryRegion *hack = g_new(MemoryRegion, 1);
> >
> >  if (cpu_model == NULL) {
> > cpu_model = "cortex-m3";
> > @@ -226,13 +225,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
> int mem_size, int num_irq,
> >  }
> >  }
> >
> > -/* Hack to map an additional page of ram at the top of the address
> > -   space.  This stops qemu complaining about executing code outside
> RAM
> > -   when returning from an exception.  */
> > -memory_region_init_ram(hack, NULL, "armv7m.hack", 0x1000,
> &error_fatal);
> > -vmstate_register_ram_global(hack);
> > -memory_region_add_subregion(system_memory, 0xf000, hack);
> > -
>
> CC PMM, Alistair and Marcin. They were discussing this recently.
>
> Regards,
> Peter
>
> >  qemu_register_reset(armv7m_reset, cpu);
> >  return pic;
> >  }
> > diff --git a/target-arm/helper.c b/target-arm/helper.c
> > index 8367997..56b238f 100644
> > --- a/target-arm/helper.c
> > +++ b/target-arm/helper.c
> > @@ -5346,18 +5346,23 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
> >  switch (cs->exception_index) {
> >  case EXCP_UDEF:
> >  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE);
> > -return;
> > +env->v7m.exception = ARMV7M_EXCP_USAGE;
> > +break;
> >  case EXCP_SWI:
> >  /* The PC already points to the next instruction.  */
> >  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC);
> > -return;
> > +env->v7m.exception = ARMV7M_EXCP_SVC;
> > +break;
> >  case EXCP_PREFETCH_ABORT:
> >  case EXCP_DATA_ABORT:
> > -/* TODO: if we implemented the MPU registers, this is where we
> > - * should set the MMFAR, etc from exception.fsr and
> exception.vaddress.
> > - */
> > +if(env->v7m.exception!=0 &&
> env->exception.vaddress>=0xfff0) {
> > +/* this isn't a real fault, but rather a result of return
> from interrupt */
> > +do_v7m_exception_exit(env);
> > +return;
> > +}
> >  armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM);
> > -return;
> > +env->v7m.exception = ARMV7M_EXCP_MEM;
> > +break;
> >  case EXCP_BKPT:
> >  if (semihosting_enabled()) {
> >  int nr;
> > @@ -5407,6 +5412,12 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
> >  addr = ldl_phys(cs->as, env->v7m.vecbase + env->v7m.exception * 4);
> >  env->regs[15] = addr & 0xfffe;
> >  env->thumb = addr & 1;
> > +if(!env->thumb) {
> > +qemu_log_mask(LOG_GUEST_ERROR,
> > +  "M profile interrupt handler with misaligned "
> > +  "PC is UNPREDICTABLE\n");
> > +env->thumb = 1;
> > +}
> >  }
> >
> >  /* Function used to synchronize QEMU's AArch64 register set with AArch32
> > @@ -6682,6 +6693,10 @@ static bool get_phys_addr_pmsav7(CPUARMState
> *env, uint32_t address,
> >  *phys_ptr = address;
> >  *prot = 0;
> >
> > +/* ensure exception returns take precidence */
> > +if(env->v7m.exception!=0 && env->exception.vaddress>=0xfff0)
> > +return true;
> > +
> >  if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
> >  get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
> >  } else { /* MPU enabled */
> > --
> > 2.1.4
> >
>

Re: [Qemu-devel] [PATCH 2/3] armv7-m: fix non-IRQ exceptions

[Peter Maydell]

On 11 October 2015 at 19:58, Michael Davidsaver  wrote:
> I'm starting to doubt my diagnosis.  The bug may be in my understanding of
> the interrupt priorities.  I'll have to do another test program.

Note that our handling of prioritization of the internal
exceptions is pretty badly broken. The fix for this probably
involves a redesign rather than a point fix :-/

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2] target-mips: remove wrong checks for recip.fmt and rsqrt.fmt

[Aurelien Jarno]

(sorry for the late answer)

On 2015-08-26 14:12, Petar Jovanovic wrote:
> From: Petar Jovanovic 
> 
> Instructions recip.{s|d} and rsqrt.{s|d} do not require 64-bit FPU neither
> they require any particular mode for its FPU. This patch removes the checks
> that may break a program that uses these instructions.

That is correct. That said these instructions do require at least a
MIPS32R2 or a MIPS64R1 CPU. I guess we should add these checks now that
check_cop1x do not guard them anymore.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [Bug 1505041] [NEW] Live snapshot revert times increases linearly with snapshot age

[Francois Gouget]

Public bug reported:

The WineTestBot (https://testbot.winehq.org/) uses QEmu live snapshots
to ensure the Wine tests are always run in a pristine Windows
environment. However the revert times keep increasing linearly with the
age of the snapshot, going from tens of seconds to thousands. While the
revert takes place the qemu process takes 100% of a core and there is no
disk activity. Obviously waiting over 20 minutes before being able to
run a 10 second test is not viable.

Only some VMs are impacted. Based on libvirt's XML files the common
point appears to be the presence of the following  tags:


  
  
  


Where the unaffected VMs have the following clock definition instead:



Yet shutting down the affected VMs, changing the clock definition,
creating a live snapshot and trying to revert to it 6 months later
results in slow revert times (>400 seconds).

Changing the tickpolicy to catchup for rtc and/or pit has no effect on
the revert time (and unsurprisingly causes the clock to run fast in the
guest).


To reproduce this problem do the following:
* Create a Windows VM (either 32 or 64 bits). This is known to happen with at 
least Windows 2000, XP, 2003, 2008 and 10.
* That VM will have the  tags shown above, with the possible addition of 
an hypervclock timer.
* Shut down the VM.
* date -s "2014/04/01"
* Start the VM.
* Take a live snapshot.
* Shut down the VM.
* date -s ""
* Revert to the live snapshot.

If the revert takes more than 2 minutes then there is a problem.


A workaround is to set track='guest' on the rtc timer. This makes the revert 
fast and may even be the correct solution. But why is it not the default or 
better documented?
 * It setting track='wall' or omitting track, then the revert is slow and the 
clock in the guest is not updated.
 * It setting track='guest' the revert is fast and the clock in the guest is 
not updated.


I found three past mentions of this issue but as far as I can tell none of them 
got anywhere:

* [Qemu-discuss] massive slowdown for reverts after given amount of time on any 
newer versions
   https://lists.gnu.org/archive/html/qemu-discuss/2013-02/msg0.html

* The above post references another one from 2011 wrt qemu 0.14:
   https://lists.gnu.org/archive/html/qemu-devel/2011-03/msg02645.html

* Comment #9 of Launchpad bug 1174654 matches this slow revert issue. However
   the bug was really about another issue so this was not followed on.
   https://bugs.launchpad.net/qemu/+bug/1174654/comments/9


I'm currently running into this issue with QEmu 2.1 but it looks like this bug 
has been there all along.
1:2.1+dfsg-12+deb8u2 qemu-kvm
1:2.1+dfsg-12+deb8u2 qemu-system-common
1:2.1+dfsg-12+deb8u2 qemu-system-x86

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1505041

Title:
  Live snapshot revert times increases linearly with snapshot age

Status in QEMU:
  New

Bug description:
  The WineTestBot (https://testbot.winehq.org/) uses QEmu live snapshots
  to ensure the Wine tests are always run in a pristine Windows
  environment. However the revert times keep increasing linearly with
  the age of the snapshot, going from tens of seconds to thousands.
  While the revert takes place the qemu process takes 100% of a core and
  there is no disk activity. Obviously waiting over 20 minutes before
  being able to run a 10 second test is not viable.

  Only some VMs are impacted. Based on libvirt's XML files the common
  point appears to be the presence of the following  tags:

  



  

  Where the unaffected VMs have the following clock definition instead:

  

  Yet shutting down the affected VMs, changing the clock definition,
  creating a live snapshot and trying to revert to it 6 months later
  results in slow revert times (>400 seconds).

  Changing the tickpolicy to catchup for rtc and/or pit has no effect on
  the revert time (and unsurprisingly causes the clock to run fast in
  the guest).

  
  To reproduce this problem do the following:
  * Create a Windows VM (either 32 or 64 bits). This is known to happen with at 
least Windows 2000, XP, 2003, 2008 and 10.
  * That VM will have the  tags shown above, with the possible addition 
of an hypervclock timer.
  * Shut down the VM.
  * date -s "2014/04/01"
  * Start the VM.
  * Take a live snapshot.
  * Shut down the VM.
  * date -s ""
  * Revert to the live snapshot.

  If the revert takes more than 2 minutes then there is a problem.

  
  A workaround is to set track='guest' on the rtc timer. This makes the revert 
fast and may even be the correct solution. But why is it not the default or 
better documented?
   * It setting track='wall' or omitting track, then the revert is slow and the 
clock in the guest is not updated.
   * It setting track='guest' the revert is fast and the clock in the 

Re: [Qemu-devel] [PATCH v3 00/32] implement vNVDIMM

[Bharata B Rao]

Xiao,

Are these patches present in any git tree so that they can be easily tried out.

Regards,
Bharata.

On Sun, Oct 11, 2015 at 9:22 AM, Xiao Guangrong
 wrote:
> Changelog in v3:
> There is huge change in this version, thank Igor, Stefan, Paolo, Eduardo,
> Michael for their valuable comments, the patchset finally gets better shape.
> - changes from Igor's comments:
>   1) abstract dimm device type from pc-dimm and create nvdimm device based on
>  dimm, then it uses memory backend device as nvdimm's memory and NUMA has
>  easily been implemented.
>   2) let file-backend device support any kind of filesystem not only for
>  hugetlbfs and let it work on file not only for directory which is
>  achieved by extending 'mem-path' - if it's a directory then it works as
>  current behavior, otherwise if it's file then directly allocates memory
>  from it.
>   3) we figure out a unused memory hole below 4G that is 0xFF0 ~
>  0xFFF0, this range is large enough for NVDIMM ACPI as build 64-bit
>  ACPI SSDT/DSDT table will break windows XP.
>  BTW, only make SSDT.rev = 2 can not work since the width is only depended
>  on DSDT.rev based on 19.6.28 DefinitionBlock (Declare Definition Block)
>  in ACPI spec:
> | Note: For compatibility with ACPI versions before ACPI 2.0, the bit
> | width of Integer objects is dependent on the ComplianceRevision of the DSDT.
> | If the ComplianceRevision is less than 2, all integers are restricted to 32
> | bits. Otherwise, full 64-bit integers are used. The version of the DSDT sets
> | the global integer width for all integers, including integers in SSDTs.
>   4) use the lowest ACPI spec version to document AML terms.
>   5) use "nvdimm" as nvdimm device name instead of "pc-nvdimm"
>
> - changes from Stefan's comments:
>   1) do not do endian adjustment in-place since _DSM memory is visible to 
> guest
>   2) use target platform's target page size instead of fixed PAGE_SIZE
>  definition
>   3) lots of code style improvement and typo fixes.
>   4) live migration fix
> - changes from Paolo's comments:
>   1) improve the name of memory region
>
> - other changes:
>   1) return exact buffer size for _DSM method instead of the page size.
>   2) introduce mutex in NVDIMM ACPI as the _DSM memory is shared by all nvdimm
>  devices.
>   3) NUMA support
>   4) implement _FIT method
>   5) rename "configdata" to "reserve-label-data"
>   6) simplify _DSM arg3 determination
>   7) main changelog update to let it reflect v3.
>
> Changlog in v2:
> - Use litten endian for DSM method, thanks for Stefan's suggestion
>
> - introduce a new parameter, @configdata, if it's false, Qemu will
>   build a static and readonly namespace in memory and use it serveing
>   for DSM GET_CONFIG_SIZE/GET_CONFIG_DATA requests. In this case, no
>   reserved region is needed at the end of the @file, it is good for
>   the user who want to pass whole nvdimm device and make its data
>   completely be visible to guest
>
> - divide the source code into separated files and add maintain info
>
> BTW, PCOMMIT virtualization on KVM side is work in progress, hopefully will
> be posted on next week
>
> == Background ==
> NVDIMM (A Non-Volatile Dual In-line Memory Module) is going to be supported
> on Intel's platform. They are discovered via ACPI and configured by _DSM
> method of NVDIMM device in ACPI. There has some supporting documents which
> can be found at:
> ACPI 6: http://www.uefi.org/sites/default/files/resources/ACPI_6.0.pdf
> NVDIMM Namespace: http://pmem.io/documents/NVDIMM_Namespace_Spec.pdf
> DSM Interface Example: 
> http://pmem.io/documents/NVDIMM_DSM_Interface_Example.pdf
> Driver Writer's Guide: 
> http://pmem.io/documents/NVDIMM_Driver_Writers_Guide.pdf
>
> Currently, the NVDIMM driver has been merged into upstream Linux Kernel and
> this patchset tries to enable it in virtualization field
>
> == Design ==
> NVDIMM supports two mode accesses, one is PMEM which maps NVDIMM into CPU's
> address space then CPU can directly access it as normal memory, another is
> BLK which is used as block device to reduce the occupying of CPU address
> space
>
> BLK mode accesses NVDIMM via Command Register window and Data Register window.
> BLK virtualization has high workload since each sector access will cause at
> least two VM-EXIT. So we currently only imperilment vPMEM in this patchset
>
> --- vPMEM design ---
> We introduce a new device named "nvdimm", it uses memory backend device as
> NVDIMM memory. The file in file-backend device can be a regular file and block
> device. We can use any file when we do test or emulation, however,
> in the real word, the files passed to guest are:
> - the regular file in the filesystem with DAX enabled created on NVDIMM device
>   on host
> - the raw PMEM device on host, e,g /dev/pmem0
> Memory access on the address created by mmap on these kinds of files can
> directly reach NVDIMM device on host.
>
> --- vConfigur

Re: [Qemu-devel] [PATCH v3 00/32] implement vNVDIMM

[Xiao Guangrong]

On 10/12/2015 10:59 AM, Bharata B Rao wrote:

Xiao,

Are these patches present in any git tree so that they can be easily tried out.



Sorry, currently no git tree out of my workspace is available :(

BTW, this patchset is based on top of the commit b37686f7e on qemu tree:
commit b37686f7e84b22cfaf7fd01ac5133f2617cc3027
Merge: 8be6e62 98cf48f
Author: Peter Maydell 
Date:   Fri Oct 9 12:18:13 2015 +0100

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' 
into staging

Thanks.


Regards,
Bharata.

On Sun, Oct 11, 2015 at 9:22 AM, Xiao Guangrong
 wrote:

Changelog in v3:
There is huge change in this version, thank Igor, Stefan, Paolo, Eduardo,
Michael for their valuable comments, the patchset finally gets better shape.
- changes from Igor's comments:
   1) abstract dimm device type from pc-dimm and create nvdimm device based on
  dimm, then it uses memory backend device as nvdimm's memory and NUMA has
  easily been implemented.
   2) let file-backend device support any kind of filesystem not only for
  hugetlbfs and let it work on file not only for directory which is
  achieved by extending 'mem-path' - if it's a directory then it works as
  current behavior, otherwise if it's file then directly allocates memory
  from it.
   3) we figure out a unused memory hole below 4G that is 0xFF0 ~
  0xFFF0, this range is large enough for NVDIMM ACPI as build 64-bit
  ACPI SSDT/DSDT table will break windows XP.
  BTW, only make SSDT.rev = 2 can not work since the width is only depended
  on DSDT.rev based on 19.6.28 DefinitionBlock (Declare Definition Block)
  in ACPI spec:
| Note: For compatibility with ACPI versions before ACPI 2.0, the bit
| width of Integer objects is dependent on the ComplianceRevision of the DSDT.
| If the ComplianceRevision is less than 2, all integers are restricted to 32
| bits. Otherwise, full 64-bit integers are used. The version of the DSDT sets
| the global integer width for all integers, including integers in SSDTs.
   4) use the lowest ACPI spec version to document AML terms.
   5) use "nvdimm" as nvdimm device name instead of "pc-nvdimm"

- changes from Stefan's comments:
   1) do not do endian adjustment in-place since _DSM memory is visible to guest
   2) use target platform's target page size instead of fixed PAGE_SIZE
  definition
   3) lots of code style improvement and typo fixes.
   4) live migration fix
- changes from Paolo's comments:
   1) improve the name of memory region

- other changes:
   1) return exact buffer size for _DSM method instead of the page size.
   2) introduce mutex in NVDIMM ACPI as the _DSM memory is shared by all nvdimm
  devices.
   3) NUMA support
   4) implement _FIT method
   5) rename "configdata" to "reserve-label-data"
   6) simplify _DSM arg3 determination
   7) main changelog update to let it reflect v3.

Changlog in v2:
- Use litten endian for DSM method, thanks for Stefan's suggestion

- introduce a new parameter, @configdata, if it's false, Qemu will
   build a static and readonly namespace in memory and use it serveing
   for DSM GET_CONFIG_SIZE/GET_CONFIG_DATA requests. In this case, no
   reserved region is needed at the end of the @file, it is good for
   the user who want to pass whole nvdimm device and make its data
   completely be visible to guest

- divide the source code into separated files and add maintain info

BTW, PCOMMIT virtualization on KVM side is work in progress, hopefully will
be posted on next week

== Background ==
NVDIMM (A Non-Volatile Dual In-line Memory Module) is going to be supported
on Intel's platform. They are discovered via ACPI and configured by _DSM
method of NVDIMM device in ACPI. There has some supporting documents which
can be found at:
ACPI 6: http://www.uefi.org/sites/default/files/resources/ACPI_6.0.pdf
NVDIMM Namespace: http://pmem.io/documents/NVDIMM_Namespace_Spec.pdf
DSM Interface Example: http://pmem.io/documents/NVDIMM_DSM_Interface_Example.pdf
Driver Writer's Guide: http://pmem.io/documents/NVDIMM_Driver_Writers_Guide.pdf

Currently, the NVDIMM driver has been merged into upstream Linux Kernel and
this patchset tries to enable it in virtualization field

== Design ==
NVDIMM supports two mode accesses, one is PMEM which maps NVDIMM into CPU's
address space then CPU can directly access it as normal memory, another is
BLK which is used as block device to reduce the occupying of CPU address
space

BLK mode accesses NVDIMM via Command Register window and Data Register window.
BLK virtualization has high workload since each sector access will cause at
least two VM-EXIT. So we currently only imperilment vPMEM in this patchset

--- vPMEM design ---
We introduce a new device named "nvdimm", it uses memory backend device as
NVDIMM memory. The file in file-backend device can be a regular file and block
device. We can use any file when we do test or emulation, however,
in the real word, the files passed

[Qemu-devel] [PATCH v3 2/3] armv7-m: Implement SYSRESETREQ

[Michael Davidsaver]

Implement the SYSRESETREQ bit of the AIRCR register
for armv7-m (ie. cortex-m3) to trigger a GPIO out.

Signed-off-by: Michael Davidsaver 
---
 hw/intc/armv7m_nvic.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 3ec8408..6fc167e 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -28,6 +28,7 @@ typedef struct {
 MemoryRegion gic_iomem_alias;
 MemoryRegion container;
 uint32_t num_irq;
+qemu_irq sysresetreq;
 } nvic_state;
 
 #define TYPE_NVIC "armv7m_nvic"
@@ -348,10 +349,13 @@ static void nvic_writel(nvic_state *s, uint32_t offset, 
uint32_t value)
 break;
 case 0xd0c: /* Application Interrupt/Reset Control.  */
 if ((value >> 16) == 0x05fa) {
+if (value & 4) {
+qemu_irq_pulse(s->sysresetreq);
+}
 if (value & 2) {
 qemu_log_mask(LOG_UNIMP, "VECTCLRACTIVE unimplemented\n");
 }
-if (value & 5) {
+if (value & 1) {
 qemu_log_mask(LOG_UNIMP, "AIRCR system reset unimplemented\n");
 }
 if (value & 0x700) {
@@ -535,11 +539,14 @@ static void armv7m_nvic_instance_init(Object *obj)
  * value in the GICState struct.
  */
 GICState *s = ARM_GIC_COMMON(obj);
+DeviceState *dev = DEVICE(obj);
+nvic_state *nvic = NVIC(obj);
 /* The ARM v7m may have anything from 0 to 496 external interrupt
  * IRQ lines. We default to 64. Other boards may differ and should
  * set the num-irq property appropriately.
  */
 s->num_irq = 64;
+qdev_init_gpio_out_named(dev, &nvic->sysresetreq, "SYSRESETREQ", 1);
 }
 
 static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
-- 
2.1.4

[Qemu-devel] [PATCH v3 3/3] stellaris: exit on external reset request

[Michael Davidsaver]

Add GPIO in for the stellaris board which calls
qemu_system_reset_request() on reset request.

Signed-off-by: Michael Davidsaver 
---
 hw/arm/stellaris.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 82a4ad5..0114e0a 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -16,6 +16,7 @@
 #include "net/net.h"
 #include "hw/boards.h"
 #include "exec/address-spaces.h"
+#include "sysemu/sysemu.h"
 
 #define GPIO_A 0
 #define GPIO_B 1
@@ -1176,6 +1177,14 @@ static int stellaris_adc_init(SysBusDevice *sbd)
 return 0;
 }
 
+static
+void do_sys_reset(void *opaque, int n, int level)
+{
+if (level) {
+qemu_system_reset_request();
+}
+}
+
 /* Board init.  */
 static stellaris_board_info stellaris_boards[] = {
   { "LM3S811EVB",
@@ -1243,6 +1252,9 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 nvic = armv7m_init(system_memory, flash_size, NUM_IRQ_LINES,
   kernel_filename, cpu_model);
 
+qdev_connect_gpio_out_named(nvic, "SYSRESETREQ", 0,
+qemu_allocate_irq(&do_sys_reset, NULL, 0));
+
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
 qdev_get_gpio_in(nvic, 14),
-- 
2.1.4

[Qemu-devel] [PATCH v3 1/3] armv7-m: Return DeviceState* from armv7m_init()

[Michael Davidsaver]

Change armv7m_init to return the DeviceState* for the NVIC.
This allows access to all GPIO blocks, not just the IRQ inputs.
Move qdev_get_gpio_in() calls out of armv7m_init() into
board code for stellaris and stm32f205 boards.

Signed-off-by: Michael Davidsaver 
---
 hw/arm/armv7m.c|  9 ++---
 hw/arm/stellaris.c | 29 ++---
 hw/arm/stm32f205_soc.c | 15 ---
 include/hw/arm/arm.h   |  2 +-
 4 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index eb214db..a80d2ad 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -166,17 +166,15 @@ static void armv7m_reset(void *opaque)
mem_size is in bytes.
Returns the NVIC array.  */
 
-qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
+DeviceState *armv7m_init(MemoryRegion *system_memory, int mem_size, int 
num_irq,
   const char *kernel_filename, const char *cpu_model)
 {
 ARMCPU *cpu;
 CPUARMState *env;
 DeviceState *nvic;
-qemu_irq *pic = g_new(qemu_irq, num_irq);
 int image_size;
 uint64_t entry;
 uint64_t lowaddr;
-int i;
 int big_endian;
 MemoryRegion *hack = g_new(MemoryRegion, 1);
 
@@ -198,9 +196,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
mem_size, int num_irq,
 qdev_init_nofail(nvic);
 sysbus_connect_irq(SYS_BUS_DEVICE(nvic), 0,
qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
-for (i = 0; i < num_irq; i++) {
-pic[i] = qdev_get_gpio_in(nvic, i);
-}
 
 #ifdef TARGET_WORDS_BIGENDIAN
 big_endian = 1;
@@ -234,7 +229,7 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
mem_size, int num_irq,
 memory_region_add_subregion(system_memory, 0xf000, hack);
 
 qemu_register_reset(armv7m_reset, cpu);
-return pic;
+return nvic;
 }
 
 static Property bitband_properties[] = {
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 3d6486f..82a4ad5 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -1210,8 +1210,7 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 0x40024000, 0x40025000, 0x40026000};
 static const int gpio_irq[7] = {0, 1, 2, 3, 4, 30, 31};
 
-qemu_irq *pic;
-DeviceState *gpio_dev[7];
+DeviceState *gpio_dev[7], *nvic;
 qemu_irq gpio_in[7][8];
 qemu_irq gpio_out[7][8];
 qemu_irq adc;
@@ -1241,12 +1240,16 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 vmstate_register_ram_global(sram);
 memory_region_add_subregion(system_memory, 0x2000, sram);
 
-pic = armv7m_init(system_memory, flash_size, NUM_IRQ_LINES,
+nvic = armv7m_init(system_memory, flash_size, NUM_IRQ_LINES,
   kernel_filename, cpu_model);
 
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
-pic[14], pic[15], pic[16], pic[17], NULL);
+qdev_get_gpio_in(nvic, 14),
+qdev_get_gpio_in(nvic, 15),
+qdev_get_gpio_in(nvic, 16),
+qdev_get_gpio_in(nvic, 17),
+NULL);
 adc = qdev_get_gpio_in(dev, 0);
 } else {
 adc = NULL;
@@ -1255,19 +1258,21 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 if (board->dc2 & (0x1 << i)) {
 dev = sysbus_create_simple(TYPE_STELLARIS_GPTM,
0x4003 + i * 0x1000,
-   pic[timer_irq[i]]);
+   qdev_get_gpio_in(nvic, timer_irq[i]));
 /* TODO: This is incorrect, but we get away with it because
the ADC output is only ever pulsed.  */
 qdev_connect_gpio_out(dev, 0, adc);
 }
 }
 
-stellaris_sys_init(0x400fe000, pic[28], board, nd_table[0].macaddr.a);
+stellaris_sys_init(0x400fe000, qdev_get_gpio_in(nvic, 28),
+   board, nd_table[0].macaddr.a);
 
 for (i = 0; i < 7; i++) {
 if (board->dc4 & (1 << i)) {
 gpio_dev[i] = sysbus_create_simple("pl061_luminary", gpio_addr[i],
-   pic[gpio_irq[i]]);
+   qdev_get_gpio_in(nvic,
+gpio_irq[i]));
 for (j = 0; j < 8; j++) {
 gpio_in[i][j] = qdev_get_gpio_in(gpio_dev[i], j);
 gpio_out[i][j] = NULL;
@@ -1276,7 +1281,8 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 }
 
 if (board->dc2 & (1 << 12)) {
-dev = sysbus_create_simple(TYPE_STELLARIS_I2C, 0x4002, pic[8]);
+dev = sysbus_create_simple(TYPE_STELLARIS_I2C, 0x4

[Qemu-devel] [Bug 1505062] [NEW] Regression: QEMU 2.4 on Linux 4.2 fails to init display with SMM enabled

[Alex]

Public bug reported:

QEMU version: 2.4, also tested b37686f (2015-10-09 12:18:13 +0100) not working. 
Requires KVM and SDL, possibly others.
Kernel version: 4.1 working, 4.2 not working.
Architecture: x86_64
Target: x86_64, also tested i386 not working.

Step 0: Install versions listed above.
Step 1: Run "qemu-system-$TARGET -enable-kvm"
Step 2: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.3"
Step 3: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.4"
Step 4: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.3,smm=on"
Step 5: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.4,smm=off"
Step 6: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.3"
Step 7: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.4"
Step 8: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.3,smm=on"
Step 9: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.4,smm=off"

Expected behavior: All 8 invocations result in an rectangular SDL window
showing a framebuffer showing failure to locate a boot device.

Actual behavior: Invocations corresponding to steps 2, 4, 5, 6, 8, and 9
(i.e. those using 2.4 and *not* smm=off) behave as expected, however
those in steps 1, 3, and 7 result in a square black SDL window with no
text. Note that step 1 is more or less the "default configuration" for
QEMU with KVM.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1505062

Title:
  Regression: QEMU 2.4 on Linux 4.2 fails to init display with SMM
  enabled

Status in QEMU:
  New

Bug description:
  QEMU version: 2.4, also tested b37686f (2015-10-09 12:18:13 +0100) not 
working. Requires KVM and SDL, possibly others.
  Kernel version: 4.1 working, 4.2 not working.
  Architecture: x86_64
  Target: x86_64, also tested i386 not working.

  Step 0: Install versions listed above.
  Step 1: Run "qemu-system-$TARGET -enable-kvm"
  Step 2: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.3"
  Step 3: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.4"
  Step 4: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.3,smm=on"
  Step 5: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-i440fx-2.4,smm=off"
  Step 6: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.3"
  Step 7: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.4"
  Step 8: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.3,smm=on"
  Step 9: Run "qemu-system-$TARGET -enable-kvm -nodefaults -vga std -machine 
pc-q35-2.4,smm=off"

  Expected behavior: All 8 invocations result in an rectangular SDL
  window showing a framebuffer showing failure to locate a boot device.

  Actual behavior: Invocations corresponding to steps 2, 4, 5, 6, 8, and
  9 (i.e. those using 2.4 and *not* smm=off) behave as expected, however
  those in steps 1, 3, and 7 result in a square black SDL window with no
  text. Note that step 1 is more or less the "default configuration" for
  QEMU with KVM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1505062/+subscriptions

Re: [Qemu-devel] [PATCH 3/3] armv7-m: add MPU to cortex-m3 and cortex-m4

[Michael Davidsaver]

On 10/11/2015 11:23 AM, Peter Crosthwaite wrote:
> On Fri, Oct 9, 2015 at 6:28 AM, Michael Davidsaver
>  wrote:
>> The M series MPU is almost the same as the already
>> implemented R series MPU.  So use the M series
>> and translate as best we can.
>>
> There is some work on list for this that never got a respin:
>
> https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg01945.html

Well, I totally missed that.  I'll have look.

> ...
>> +case 0xd34: /* MMFAR MemManage Fault Address */
>> +return ARM_CPU(current_cpu)->pmsav7_mmfar;
> Why reorder the addresses in the switch?

I was thinking to avoid duplicating the qemu_log_mask() for the
unimplemented registers.  I take it that this to you is not the lesser
evil :)

> ... If you run your patch through scripts/checkpatch.pl it will detect
> some of these conventions. 

Will do.

> ... More style nits here

All noted.

> Regards, Peter 

Michael

Re: [Qemu-devel] [PATCH v3 00/32] implement vNVDIMM

[Xiao Guangrong]

On 10/11/2015 05:17 AM, Dan Williams wrote:

On Sat, Oct 10, 2015 at 8:52 PM, Xiao Guangrong
 wrote:
[..]

== Test ==
In host
1) create memory backed file, e.g # dd if=zero of=/tmp/nvdimm bs=1G count=10
2) append "-object memory-backend-file,share,id=mem1,
mem-path=/tmp/nvdimm -device nvdimm,memdev=mem1,reserve-label-data,
id=nv1" in QEMU command line

In guest, download the latest upsteam kernel (4.2 merge window) and enable
ACPI_NFIT, LIBNVDIMM and BLK_DEV_PMEM.
1) insmod drivers/nvdimm/libnvdimm.ko
2) insmod drivers/acpi/nfit.ko
3) insmod drivers/nvdimm/nd_btt.ko
4) insmod drivers/nvdimm/nd_pmem.ko
You can see the whole nvdimm device used as a single namespace and /dev/pmem0
appears. You can do whatever on /dev/pmem0 including DAX access.

Currently Linux NVDIMM driver does not support namespace operation on this
kind of PMEM, apply below changes to support dynamical namespace:

@@ -798,7 +823,8 @@ static int acpi_nfit_register_dimms(struct acpi_nfit_desc *a
 continue;
 }

-   if (nfit_mem->bdw && nfit_mem->memdev_pmem)
+   //if (nfit_mem->bdw && nfit_mem->memdev_pmem)
+   if (nfit_mem->memdev_pmem)
 flags |= NDD_ALIASING;


This is just for testing purposes, right?  I expect guests can


It's used to validate NVDIMM _DSM method and static namespace following
NVDIMM specs...


sub-divide persistent memory capacity by partitioning the resulting
block device(s).


I understand that it's a Linux design... Hmm, can the same expectation
apply to PBLK?

Re: [Qemu-devel] [PATCH v3 0/5] simplified QEMU guest exec

[Denis V. Lunev]

On 10/07/2015 01:32 PM, Denis V. Lunev wrote:

This patchset provides simplified guest-exec functionality. The
idea is simple. We drop original guest-pipe-open etc stuff and provides
simple and dumb API:
- spawn process (originally with stdin/stdout/stderr as /dev/null)
- later simple buffer is added for this purpose

That is all for now.

Changed from v2:
- fixed last minute typo in Win32 code in patch 2 (s/exiticode/exitcode/)

Changes from v1:
- use g_new0() instead of g_malloc0
- added explicit 'exited' bool to GuestExecStatus
- reworked documentation for GuestExecStatus
- added comment about platform-specific signals and exception codes
- replaces 'pid' with 'handle' in guest-exec api

Signed-off-by: Denis V. Lunev 
Signed-off-by: Yuri Pudgorodskiy 
CC: Michael Roth 

Denis V. Lunev (2):
   qga: drop guest_file_init helper and replace it with static
 initializers
   qga: handle possible SIGPIPE in guest-file-write

Yuri Pudgorodskiy (3):
   qga: guest exec functionality
   qga: handle G_IO_STATUS_AGAIN in ga_channel_write_all()
   qga: guest-exec simple stdin/stdout/stderr redirection

  qga/channel-posix.c  |  23 ++--
  qga/commands-posix.c |  10 +-
  qga/commands-win32.c |  10 +-
  qga/commands.c   | 363 +++
  qga/main.c   |   6 +
  qga/qapi-schema.json |  67 ++
  6 files changed, 453 insertions(+), 26 deletions(-)


ping

Re: [Qemu-devel] [Bug 1504513] [NEW] Socket leak on each call to qemu_socket()

[Markus Armbruster]

Mark Pizzolato  writes:

> Public bug reported:
>
> On any host platform where SOCK_CLOEXEC is defined (Linux at least), a
> socket is leaked on each call to qemu_socket() AND the socket returned
> hasn't been created with the desired SOCK_CLOEXEC attribute.  The
> qemu_socket routine is:
>
> Line 272 of util/osdep.c:
> /*
>  * Opens a socket with FD_CLOEXEC set
>  */
> int qemu_socket(int domain, int type, int protocol)
> {
> int ret;
>
> #ifdef SOCK_CLOEXEC
> ret = socket(domain, type | SOCK_CLOEXEC, protocol);
> if (ret != -1 || errno != EINVAL) {
> return ret;

If socket() succeeded (ret != -1), we return the socket.

If socket() failed with anything but EINVAL (ret == -1 && errno !=
EINVAL), we return -1 with errno set.

> }

Here, ret == -1 && errno == EINVAL.

> #endif
> ret = socket(domain, type, protocol);
> if (ret >= 0) {
> qemu_set_cloexec(ret);
> }
>
> return ret;
> }

How can this leak a socket?

How can this return a socket with FD_CLOEXEC not set?

Re: [Qemu-devel] [PATCH 1/2] [RFC] arm_gic_common.h: add gicv2 aliases for defines

[Pavel Fedin]

 Hi!

> It looks like the only thing in the gicv3 code that is using
> a define from the arm_gic_common.h file is "GIC_INTERNAL",
> so we can just put a suitable define of that into the v3 header
> (maybe giving it a better name in the process).

 Yes, indeed. Actually, first versions of my GICv3 patches did use own #define, 
but i was criticized for using GICV3_INTERNAL in my code and having 
GIC_INTERNAL in kvm_arm_gic_set_irq(), which is shared by both KVM 
implementations. So, i decided to use GIC_INTERNAL everywhere and inherited it 
from v2.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia