[Qemu-devel] [PATCH] target-mips: add 24KEc CPU definition

[André Draszik]

Define a new CPU definition supporting 24KEc cores, similar to
the existing 24Kc, but with added support for DSP instructions
and MIPS16e (and without FPU).

Signed-off-by: André Draszik 
---
 target-mips/translate_init.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/target-mips/translate_init.c b/target-mips/translate_init.c
index 39ed5c4..6ae23e4 100644
--- a/target-mips/translate_init.c
+++ b/target-mips/translate_init.c
@@ -256,6 +256,28 @@ static const mips_def_t mips_defs[] =
 .mmu_type = MMU_TYPE_R4000,
 },
 {
+.name = "24KEc",
+.CP0_PRid = 0x00019600,
+.CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
+   (MMU_TYPE_R4000 << CP0C0_MT),
+.CP0_Config1 = MIPS_CONFIG1 | (15 << CP0C1_MMU) |
+   (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) |
+   (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) |
+   (1 << CP0C1_CA),
+.CP0_Config2 = MIPS_CONFIG2,
+.CP0_Config3 = MIPS_CONFIG3 | (1 << CP0C3_DSPP) | (0 << CP0C3_VInt),
+.CP0_LLAddr_rw_bitmask = 0,
+.CP0_LLAddr_shift = 4,
+.SYNCI_Step = 32,
+.CCRes = 2,
+/* we have a DSP, but no FPU */
+.CP0_Status_rw_bitmask = 0x1378FF1F,
+.SEGBITS = 32,
+.PABITS = 32,
+.insn_flags = CPU_MIPS32R2 | ASE_MIPS16 | ASE_DSP,
+.mmu_type = MMU_TYPE_R4000,
+},
+{
 .name = "24Kf",
 .CP0_PRid = 0x00019300,
 .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
-- 
2.8.1

Re: [Qemu-devel] [RFC PATCH 3/3] hw/arm/virt: add nvdimm emulation support

[kwangwoo....@sk.com]

Hi Peter,

Please, check the comments below. Thanks a lot!

> -Original Message-
> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
> Sent: Tuesday, July 26, 2016 1:06 AM
> To: 이광우(LEE KWANGWOO) MS SW
> Cc: Xiao Guangrong; Michael S. Tsirkin; Igor Mammedov; Paolo Bonzini; Richard 
> Henderson; Eduardo
> Habkost; Shannon Zhao; Shannon Zhao; QEMU Developers; qemu-arm; 정우석(CHUNG WOO 
> SUK) MS SW; 김현철(KIM
> HYUNCHUL) MS SW
> Subject: Re: [RFC PATCH 3/3] hw/arm/virt: add nvdimm emulation support
> 
> On 20 July 2016 at 01:49, Kwangwoo Lee  wrote:
> > This patch enables evaluating NVDIMM on aarch64 virt platform. The
> > option - nvdimm - passed after machine type is disabled by default.
> >
> > The command below has been used to test the feature:
> >
> > ./aarch64-softmmu/qemu-system-aarch64  \
> > -machine type=virt,nvdimm=on   \
> > -cpu cortex-a57 -smp 1 \
> > -bios ~/oss/edk2/Build/ArmVirtQemu-AARCH64/DEBUG_GCC49/FV/QEMU_EFI.fd \
> > -m 512,maxmem=2G,slots=2   \
> > -object memory-backend-file,id=mem1,share,mem-path=./nvdimm1,size=1G \
> > -device nvdimm,memdev=mem1,id=nv1  \
> > -fsdev local,id=r,path=/media/sf_Share,security_model=none \
> > -device virtio-9p-device,fsdev=r,mount_tag=r   \
> > -kernel ../linux/arch/arm64/boot/Image \
> > --append "console=ttyAMA0 acpi=force"  \
> > -nographic
> >
> > Signed-off-by: Kwangwoo Lee 
> > ---
> >  default-configs/aarch64-softmmu.mak |  2 ++
> >  hw/arm/virt-acpi-build.c|  5 +
> >  hw/arm/virt.c   | 34 ++
> >  include/hw/arm/virt-acpi-build.h|  1 +
> >  include/hw/arm/virt.h   |  4 
> >  5 files changed, 46 insertions(+)
> >
> > diff --git a/default-configs/aarch64-softmmu.mak 
> > b/default-configs/aarch64-softmmu.mak
> > index 5790cd2..295816b 100644
> > --- a/default-configs/aarch64-softmmu.mak
> > +++ b/default-configs/aarch64-softmmu.mak
> > @@ -8,3 +8,5 @@ CONFIG_DDC=y
> >  CONFIG_DPCD=y
> >  CONFIG_XLNX_ZYNQMP=y
> >  CONFIG_MEM_HOTPLUG=y
> > +CONFIG_NVDIMM=y
> > +CONFIG_ACPI_NVDIMM=y
> > diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> > index 28fc59c..c3caaa9 100644
> > --- a/hw/arm/virt-acpi-build.c
> > +++ b/hw/arm/virt-acpi-build.c
> > @@ -648,6 +648,7 @@ struct AcpiBuildState {
> >  static
> >  void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
> >  {
> > +AcpiNVDIMMState *acpi_nvdimm = guest_info->acpi_nvdimm;
> >  GArray *table_offsets;
> >  unsigned dsdt, rsdt;
> >  GArray *tables_blob = tables->table_data;
> > @@ -695,6 +696,10 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
> > AcpiBuildTables *tables)
> >  build_srat(tables_blob, tables->linker, guest_info);
> >  }
> >
> > +if (acpi_nvdimm->is_enabled) {
> > +nvdimm_build_acpi(table_offsets, tables_blob, tables->linker,
> > +  acpi_nvdimm);
> > +}
> >  /* RSDT is pointed to by RSDP */
> >  rsdt = tables_blob->len;
> >  build_rsdt(tables_blob, tables->linker, table_offsets, NULL, NULL);
> > diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> > index f7ff411..f9db19c 100644
> > --- a/hw/arm/virt.c
> > +++ b/hw/arm/virt.c
> > @@ -94,6 +94,7 @@ typedef struct {
> >  bool highmem;
> >  int32_t gic_version;
> >  MemoryHotplugState hotplug_memory;
> > +AcpiNVDIMMState acpi_nvdimm;
> >  } VirtMachineState;
> >
> >  #define TYPE_VIRT_MACHINE   MACHINE_TYPE_NAME("virt")
> > @@ -180,6 +181,7 @@ static const MemMapEntry a15memmap[] = {
> >  [VIRT_FW_CFG] = { 0x0902, 0x0018 },
> >  [VIRT_GPIO] =   { 0x0903, 0x1000 },
> >  [VIRT_SECURE_UART] ={ 0x0904, 0x1000 },
> > +[VIRT_ACPI_IO] ={ 0x0905, 0x1000 },
> >  [VIRT_MMIO] =   { 0x0a00, 0x0200 },
> >  /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that 
> > size */
> >  [VIRT_PLATFORM_BUS] =   { 0x0c00, 0x0200 },
> > @@ -1376,6 +1378,7 @@ static void machvirt_init(MachineState *machine)
> >  guest_info->irqmap = vbi->irqmap;
> >  guest_info->use_highmem = vms->highmem;
> >  guest_info->gic_version = gic_version;
> > +guest_info->acpi_nvdimm = &vms->acpi_nvdimm;
> >  guest_info_state->machine_done.notify = virt_guest_info_machine_done;
> >  qemu_add_machine_init_done_notifier(&guest_info_state->machine_done);
> >
> > @@ -1413,6 +1416,18 @@ static void machvirt_init(MachineState *machine)
> >  &vms->hotplug_memory.mr);
> >  }
> >
> > +if (vms->acpi_nvdimm.is_enabled) {
> > +AcpiNVDIMMState *acpi_nvdimm = &vms->acpi_nvdimm;
> > +
> > +acpi_nvdimm->dsm_io.type = NVDIMM_

Re: [Qemu-devel] [PULL v2 27/30] mptsas: remove unnecessary internal msi state flag

[Cao jin]

On 07/26/2016 01:01 PM, Amit Shah wrote:

On (Tue) 05 Jul 2016 [18:47:40], Michael S. Tsirkin wrote:

From: Cao jin 

internal flag msi_in_use in unnecessary, msi_uninit() could be called
directly, and msi_enabled() is enough to check device msi state.

cc: Markus Armbruster 
cc: Marcel Apfelbaum 
cc: Paolo Bonzini 
cc: Michael S. Tsirkin 

Reviewed-by: Markus Armbruster 
Signed-off-by: Cao jin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 


[...]


  static void mptsas_reset(DeviceState *dev)
@@ -1375,7 +1370,6 @@ static const VMStateDescription vmstate_mptsas = {
  .post_load = mptsas_post_load,
  .fields  = (VMStateField[]) {
  VMSTATE_PCI_DEVICE(dev, MPTSASState),
-VMSTATE_BOOL(msi_in_use, MPTSASState),


This removes vmstate -- please use 'unused' instead of removing this
value.

Flagged by the static checker.




Hi Amit

I will take care of this.
BTW, did't see it in coverity scan outstanding defects, Do I missed or 
it is checked by other static check tools?

--
Yours Sincerely,

Cao jin

[Qemu-devel] usb keyboard and mouse can't work on QEMU ARM64 with KVM

[Shannon Zhao]

Hi，

Recently I'm trying to use usb keyboard and mouse with QEMU on ARM64. Below is 
my QEMU command line,
host and guest kernel both are 4.7.0-rc7+, and I ran it on Hikey board.

qemu-system-aarch64 \
-smp 1 -cpu host -enable-kvm \
-m 256 -M virt \
-k en-us \
-nographic \
-device usb-ehci -device usb-kbd -device usb-mouse -usb\
-kernel Image \
-initrd guestfs.cpio.gz \
-append "rdinit=/sbin/init console=ttyAMA0 root=/dev/ram 
earlycon=pl011,0x900 rw"

The following guest log shows that usb controller can be probed but the 
keyboard and mouse can't be
found.

[1.597433] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[1.599562] ehci-pci: EHCI PCI platform driver
[1.608082] ehci-pci :00:03.0: EHCI Host Controller
[1.609485] ehci-pci :00:03.0: new USB bus registered, assigned bus 
number 1
[1.611833] ehci-pci :00:03.0: irq 49, io mem 0x10041000
[1.623599] ehci-pci :00:03.0: USB 2.0 started, EHCI 1.00
[1.625867] hub 1-0:1.0: USB hub found
[1.626906] hub 1-0:1.0: 6 ports detected
[1.628685] ehci-platform: EHCI generic platform driver
[1.630263] ehci-msm: Qualcomm On-Chip EHCI Host Controller
[1.631947] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[1.633547] ohci-pci: OHCI PCI platform driver
[1.634807] ohci-platform: OHCI generic platform driver
[...]
[1.939001] usb 1-1: new high-speed USB device number 2 using ehci-pci
[   17.467040] usb 1-1: device not accepting address 2, error -110
[   17.579165] usb 1-1: new high-speed USB device number 3 using ehci-pci
[   32.287242] random: dd urandom read with 7 bits of entropy available
[   33.110970] usb 1-1: device not accepting address 3, error -110
[   33.223030] usb 1-1: new high-speed USB device number 4 using ehci-pci
[   43.635185] usb 1-1: device not accepting address 4, error -110
[   43.747033] usb 1-1: new high-speed USB device number 5 using ehci-pci
[   54.159043] usb 1-1: device not accepting address 5, error -110
[   54.160752] usb usb1-port1: unable to enumerate USB device
[   54.307290] usb 1-2: new high-speed USB device number 6 using ehci-pci
[   69.839052] usb 1-2: device not accepting address 6, error -110
[   69.951249] usb 1-2: new high-speed USB device number 7 using ehci-pci
[   85.483171] usb 1-2: device not accepting address 7, error -110
[   85.595035] usb 1-2: new high-speed USB device number 8 using ehci-pci
[   90.619247] usb 1-2: device descriptor read/8, error -110
[   95.743482] usb 1-2: device descriptor read/8, error -110
[   95.959165] usb 1-2: new high-speed USB device number 9 using ehci-pci
[  106.371177] usb 1-2: device not accepting address 9, error -110
[  106.372894] usb usb1-port2: unable to enumerate USB device

lsusb shows:
root@genericarmv8:~# lsusb
Bus 001 Device 001: ID 1d6b:0002

Besides, I have also tried QEMU TCG without KVM. The guest can successfully 
probe usb controller,
keyboard and mouse.
lsusb shows:
root@genericarmv8:~# lsusb
Bus 001 Device 002: ID 0627:0001
Bus 001 Device 003: ID 0627:0001
Bus 001 Device 001: ID 1d6b:0002

So it looks like that usb keyboard and mouse don't work with KVM on QEMU ARM64 
while they can work
with TCG. IIUC, all the usb devices are emulated by QEMU, it has nothing with 
KVM. So it really
confused me and I'm not familiar with usb devices. Also I have seen someone 
else reports this issue
before[1].

[1]https://lists.gnu.org/archive/html/qemu-arm/2016-06/msg00110.html

Any comments and help are welcome. Thanks in advance.

Thanks,
-- 
Shannon

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Igor Mammedov]

On Tue, 26 Jul 2016 10:41:38 +0530
Amit Shah  wrote:

> On (Wed) 20 Jul 2016 [12:08:32], Eduardo Habkost wrote:
> > From: Igor Mammedov 
> > 
> > instance_id is generated by last_used_id + 1 for a given device type
> > so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
> > When CPU in the middle is hot-removed and migration started
> > APICs with instance_ids 0 and 2 are transferred in migration stream.
> > However target starts with 2 CPUs and APICs' instance_ids are
> > generated from scratch [0, 1] hence migration fails with error
> >   Unknown savevm section or instance 'apic' 2
> > 
> > Fix issue by manually registering APIC's vmsd with apic_id as
> > instance_id, in this case instance_id on target will always
> > match instance_id on source as apic_id is the same for a given
> > cpu instance.
> > 
> > Reported-by: Bharata B Rao 
> > Signed-off-by: Igor Mammedov 
> > Reviewed-by: Dr. David Alan Gilbert 
> > Reviewed-by: Michael S. Tsirkin 
> > Signed-off-by: Eduardo Habkost   
> 
> After these patches, the static checker complains about missing
> sections:
> 
> Section "apic-common" does not exist in dest
> Section "apic" does not exist in dest
> Section "kvm-apic" does not exist in dest
It works for me, could you post reproducing commands?

> 
> This will break migration from older versions.
> 
>   Amit

Re: [Qemu-devel] usb keyboard and mouse can't work on QEMU ARM64 with KVM

[Ard Biesheuvel]

On 26 July 2016 at 09:34, Shannon Zhao  wrote:
> Hi，
>
> Recently I'm trying to use usb keyboard and mouse with QEMU on ARM64. Below 
> is my QEMU command line,
> host and guest kernel both are 4.7.0-rc7+, and I ran it on Hikey board.
>
> qemu-system-aarch64 \
> -smp 1 -cpu host -enable-kvm \
> -m 256 -M virt \
> -k en-us \
> -nographic \
> -device usb-ehci -device usb-kbd -device usb-mouse -usb\
> -kernel Image \
> -initrd guestfs.cpio.gz \
> -append "rdinit=/sbin/init console=ttyAMA0 root=/dev/ram 
> earlycon=pl011,0x900 rw"
>
> The following guest log shows that usb controller can be probed but the 
> keyboard and mouse can't be
> found.
>
> [1.597433] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
> [1.599562] ehci-pci: EHCI PCI platform driver
> [1.608082] ehci-pci :00:03.0: EHCI Host Controller
> [1.609485] ehci-pci :00:03.0: new USB bus registered, assigned bus 
> number 1
> [1.611833] ehci-pci :00:03.0: irq 49, io mem 0x10041000
> [1.623599] ehci-pci :00:03.0: USB 2.0 started, EHCI 1.00
> [1.625867] hub 1-0:1.0: USB hub found
> [1.626906] hub 1-0:1.0: 6 ports detected
> [1.628685] ehci-platform: EHCI generic platform driver
> [1.630263] ehci-msm: Qualcomm On-Chip EHCI Host Controller
> [1.631947] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
> [1.633547] ohci-pci: OHCI PCI platform driver
> [1.634807] ohci-platform: OHCI generic platform driver
> [...]
> [1.939001] usb 1-1: new high-speed USB device number 2 using ehci-pci
> [   17.467040] usb 1-1: device not accepting address 2, error -110
> [   17.579165] usb 1-1: new high-speed USB device number 3 using ehci-pci
> [   32.287242] random: dd urandom read with 7 bits of entropy available
> [   33.110970] usb 1-1: device not accepting address 3, error -110
> [   33.223030] usb 1-1: new high-speed USB device number 4 using ehci-pci
> [   43.635185] usb 1-1: device not accepting address 4, error -110
> [   43.747033] usb 1-1: new high-speed USB device number 5 using ehci-pci
> [   54.159043] usb 1-1: device not accepting address 5, error -110
> [   54.160752] usb usb1-port1: unable to enumerate USB device
> [   54.307290] usb 1-2: new high-speed USB device number 6 using ehci-pci
> [   69.839052] usb 1-2: device not accepting address 6, error -110
> [   69.951249] usb 1-2: new high-speed USB device number 7 using ehci-pci
> [   85.483171] usb 1-2: device not accepting address 7, error -110
> [   85.595035] usb 1-2: new high-speed USB device number 8 using ehci-pci
> [   90.619247] usb 1-2: device descriptor read/8, error -110
> [   95.743482] usb 1-2: device descriptor read/8, error -110
> [   95.959165] usb 1-2: new high-speed USB device number 9 using ehci-pci
> [  106.371177] usb 1-2: device not accepting address 9, error -110
> [  106.372894] usb usb1-port2: unable to enumerate USB device
>
> lsusb shows:
> root@genericarmv8:~# lsusb
> Bus 001 Device 001: ID 1d6b:0002
>
> Besides, I have also tried QEMU TCG without KVM. The guest can successfully 
> probe usb controller,
> keyboard and mouse.
> lsusb shows:
> root@genericarmv8:~# lsusb
> Bus 001 Device 002: ID 0627:0001
> Bus 001 Device 003: ID 0627:0001
> Bus 001 Device 001: ID 1d6b:0002
>
> So it looks like that usb keyboard and mouse don't work with KVM on QEMU 
> ARM64 while they can work
> with TCG. IIUC, all the usb devices are emulated by QEMU, it has nothing with 
> KVM. So it really
> confused me and I'm not familiar with usb devices. Also I have seen someone 
> else reports this issue
> before[1].
>
> [1]https://lists.gnu.org/archive/html/qemu-arm/2016-06/msg00110.html
>
> Any comments and help are welcome. Thanks in advance.
>

Does your QEMU have this patch?
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d636e21c44ecf982a22a7bc4ca89186079ac283

-- 
Ard.

[Qemu-devel] [PATCH v23 02/12] Backup: clear all bitmap when doing block checkpoint

[Changlong Xie]

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
---
 block/backup.c   | 18 ++
 include/block/block_backup.h | 25 +
 2 files changed, 43 insertions(+)
 create mode 100644 include/block/block_backup.h

diff --git a/block/backup.c b/block/backup.c
index 2c05323..3bce416 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -17,6 +17,7 @@
 #include "block/block.h"
 #include "block/block_int.h"
 #include "block/blockjob.h"
+#include "block/block_backup.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/ratelimit.h"
@@ -253,6 +254,23 @@ static void backup_attached_aio_context(BlockJob *job, 
AioContext *aio_context)
 blk_set_aio_context(s->target, aio_context);
 }
 
+void backup_do_checkpoint(BlockJob *job, Error **errp)
+{
+BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common);
+int64_t len;
+
+assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP);
+
+if (backup_job->sync_mode != MIRROR_SYNC_MODE_NONE) {
+error_setg(errp, "The backup job only supports block checkpoint in"
+   " sync=none mode");
+return;
+}
+
+len = DIV_ROUND_UP(backup_job->common.len, backup_job->cluster_size);
+bitmap_zero(backup_job->done_bitmap, len);
+}
+
 static const BlockJobDriver backup_job_driver = {
 .instance_size  = sizeof(BackupBlockJob),
 .job_type   = BLOCK_JOB_TYPE_BACKUP,
diff --git a/include/block/block_backup.h b/include/block/block_backup.h
new file mode 100644
index 000..157596c
--- /dev/null
+++ b/include/block/block_backup.h
@@ -0,0 +1,25 @@
+/*
+ * QEMU backup
+ *
+ * Copyright (c) 2013 Proxmox Server Solutions
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 Intel Corporation
+ * Copyright (c) 2016 FUJITSU LIMITED
+ *
+ * Authors:
+ *  Dietmar Maurer 
+ *  Changlong Xie 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef BLOCK_BACKUP_H
+#define BLOCK_BACKUP_H
+
+#include "block/block_int.h"
+
+void backup_do_checkpoint(BlockJob *job, Error **errp);
+
+#endif
-- 
1.9.3

[Qemu-devel] [PATCH v23 01/12] unblock backup operations in backing file

[Changlong Xie]

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
---
 block.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/block.c b/block.c
index 30d64e6..194a060 100644
--- a/block.c
+++ b/block.c
@@ -1311,6 +1311,23 @@ void bdrv_set_backing_hd(BlockDriverState *bs, 
BlockDriverState *backing_hd)
 /* Otherwise we won't be able to commit due to check in bdrv_commit */
 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
 bs->backing_blocker);
+/*
+ * We do backup in 3 ways:
+ * 1. drive backup
+ *The target bs is new opened, and the source is top BDS
+ * 2. blockdev backup
+ *Both the source and the target are top BDSes.
+ * 3. internal backup(used for block replication)
+ *Both the source and the target are backing file
+ *
+ * In case 1 and 2, neither the source nor the target is the backing file.
+ * In case 3, we will block the top BDS, so there is only one block job
+ * for the top BDS and its backing chain.
+ */
+bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
+bs->backing_blocker);
+bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
+bs->backing_blocker);
 out:
 bdrv_refresh_limits(bs, NULL);
 }
-- 
1.9.3

[Qemu-devel] [PATCH v23 03/12] Backup: export interfaces for extra serialization

[Changlong Xie]

Normal backup(sync='none') workflow:
step 1. NBD peformance I/O write from client to server
   qcow2_co_writev
bdrv_co_writev
 ...
   bdrv_aligned_pwritev
notifier_with_return_list_notify -> backup_do_cow
 bdrv_driver_pwritev // write new contents

step 2. drive-backup sync=none
   backup_do_cow
   {
wait_for_overlapping_requests
cow_request_begin
for(; start < end; start++) {
bdrv_co_readv_no_serialising //read old contents from Secondary disk
bdrv_co_writev // write old contents to hidden-disk
}
cow_request_end
   }

step 3. Then roll back to "step 1" to write new contents to Secondary disk.

And for replication, we must make sure that we only read the old contents from
Secondary disk in order to keep contents consistent.

1) Replication workflow of Secondary
 virtio-blk
  ^
--->  1 NBD   |
   || server   3 replication
   ||^^
   |||   backing backing  |
   ||  Secondary disk 6< hidden-disk 5 < active-disk 4
   ||| ^
   ||'-'
   ||   drive-backup sync=none 2

Hence, we need these interfaces to implement coarse-grained serialization 
between
COW of Secondary disk and the read operation of replication.

Example codes about how to use them:

*#include "block/block_backup.h"

static coroutine_fn int xxx_co_readv()
{
CowRequest req;
BlockJob *job = secondary_disk->bs->job;

if (job) {
  backup_wait_for_overlapping_requests(job, start, end);
  backup_cow_request_begin(&req, job, start, end);
  ret = bdrv_co_readv();
  backup_cow_request_end(&req);
  goto out;
}
ret = bdrv_co_readv();
out:
return ret;
}

Signed-off-by: Changlong Xie 
Signed-off-by: Wen Congyang 
Signed-off-by: Wang WeiWei 
---
 block/backup.c   | 41 ++---
 include/block/block_backup.h | 14 ++
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index 3bce416..919b63a 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -28,13 +28,6 @@
 #define BACKUP_CLUSTER_SIZE_DEFAULT (1 << 16)
 #define SLICE_TIME 1ULL /* ns */
 
-typedef struct CowRequest {
-int64_t start;
-int64_t end;
-QLIST_ENTRY(CowRequest) list;
-CoQueue wait_queue; /* coroutines blocked on this request */
-} CowRequest;
-
 typedef struct BackupBlockJob {
 BlockJob common;
 BlockBackend *target;
@@ -271,6 +264,40 @@ void backup_do_checkpoint(BlockJob *job, Error **errp)
 bitmap_zero(backup_job->done_bitmap, len);
 }
 
+void backup_wait_for_overlapping_requests(BlockJob *job, int64_t sector_num,
+  int nb_sectors)
+{
+BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common);
+int64_t sectors_per_cluster = cluster_size_sectors(backup_job);
+int64_t start, end;
+
+assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP);
+
+start = sector_num / sectors_per_cluster;
+end = DIV_ROUND_UP(sector_num + nb_sectors, sectors_per_cluster);
+wait_for_overlapping_requests(backup_job, start, end);
+}
+
+void backup_cow_request_begin(CowRequest *req, BlockJob *job,
+  int64_t sector_num,
+  int nb_sectors)
+{
+BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common);
+int64_t sectors_per_cluster = cluster_size_sectors(backup_job);
+int64_t start, end;
+
+assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP);
+
+start = sector_num / sectors_per_cluster;
+end = DIV_ROUND_UP(sector_num + nb_sectors, sectors_per_cluster);
+cow_request_begin(req, backup_job, start, end);
+}
+
+void backup_cow_request_end(CowRequest *req)
+{
+cow_request_end(req);
+}
+
 static const BlockJobDriver backup_job_driver = {
 .instance_size  = sizeof(BackupBlockJob),
 .job_type   = BLOCK_JOB_TYPE_BACKUP,
diff --git a/include/block/block_backup.h b/include/block/block_backup.h
index 157596c..8a75947 100644
--- a/include/block/block_backup.h
+++ b/include/block/block_backup.h
@@ -20,6 +20,20 @@
 
 #include "block/block_int.h"
 
+typedef struct CowRequest {
+int64_t start;
+int64_t end;
+QLIST_ENTRY(CowRequest) list;
+CoQueue wait_queue; /* coroutines blocked on this request */
+} CowRequest;
+
+void backup_wait_for_overlapping_requests(BlockJob *job, int64_t sector_num,
+  int nb_sectors);
+void backup_cow_request_begin(CowRequest *req, BlockJob *job,
+

[Qemu-devel] [PATCH v23 00/12] Block replication for continuous checkpoints

[Changlong Xie]

Block replication is a very important feature which is used for
continuous checkpoints(for example: COLO).

You can get the detailed information about block replication from here:
http://wiki.qemu.org/Features/BlockReplication

Usage:
Please refer to docs/block-replication.txt

You can get the patch here:
https://github.com//Pating/qemu/tree/block-replication-v23

You can get the patch with framework here:
https://github.com//Pating/qemu/tree/colo_framework_v22

TODO:
1. Continuous block replication. It will be started after basic functions
   are accepted.

Changs Log:

V23:
1. Address comments from Stefan and Max, this series introduce p7/p12
p2. add Copyright for block_backup.h 
p7. support configure --disable-replication
p8. update 2.7 to 2.8
p11. update 2.7 to 2.8, add missing "top-id"
p12. update MAINTAINERS
V22:
1. Rebase to the lastest code
2. modify code adapt to the modification of backup_start & commit_active_start
3. rewrite io_read & io_write for interface changes 
V21:
1. Rebase to the lastest code
2. use bdrv_pwrite_zeroes() and BDRV_SECTOR_BITS for p9
V20 Resend:
1. Resend to avoid bothering qemu-trivial maintainers
2. Address comments from Eric, fix header file issue and add a brief commit 
message for p7
V20:
1. Rebase to the lastest code
2. Address comments from stefan
p8: 
1. error_setg() with an error message when check_top_bs() fails. 
2. remove bdrv_ref(s->hidden_disk->bs) since commit 5c438bc6
3. use bloc_job_cancel_sync() before active commit
p9: 
1. fix uninitialized 'pattern_buf'
2. introduce mkstemp(3) to fix unique filenames
3. use qemu_vfree() for qemu_blockalign() memory
4. add missing replication_start_all()
5. remove useless pattern for io_write()
V19:
1. Rebase to v2.6.0
2. Address comments from stefan
p3: a new patch that export interfaces for extra serialization
p8: 
1. call replication_stop() before freeing s->top_id
2. check top_bs
3. reopen file readonly in error return paths
4. enable extra serialization between read and COW
p9: try to hanlde SIGABRT
V18:
p6: add local_err in all replication callbacks to prevent "errp == NULL"
p7: add missing qemu_iovec_destroy(xxx)
V17:
1. Rebase to the lastest codes 
p2: refactor backup_do_checkpoint addressed comments from Jeff Cody
p4: fix bugs in "drive_add buddy xxx" hmp commands
p6: add "since: 2.7"
p7: fix bug in replication_close(), add missing "qapi/error.h", add 
test-replication 
p8: add "since: 2.7"
V16:
1. Rebase to the newest codes
2. Address comments from Stefan & hailiang
p3: we don't need this patch now
p4: add "top-id" parameters for secondary
p6: fix NULL pointer in replication callbacks, remove unnecessary typedefs, 
add doc comments that explain the semantics of Replication
p7: Refactor AioContext for thread-safe, remove unnecessary get_top_bs()
*Note*: I'm working on replication testcase now, will send out in V17
V15:
1. Rebase to the newest codes
2. Fix typos and coding style addresed Eric's comments
3. Address Stefan's comments
   1) Make backup_do_checkpoint public, drop the changes on BlockJobDriver
   2) Update the message and description for [PATCH 4/9]
   3) Make replication_(start/stop/do_checkpoint)_all as global interfaces
   4) Introduce AioContext lock to protect start/stop/do_checkpoint callbacks
   5) Use BdrvChild instead of holding on to BlockDriverState * pointers
4. Clear BDRV_O_INACTIVE for hidden disk's open_flags since commit 09e0c771  
5. Introduce replication_get_error_all to check replication status
6. Remove useless discard interface
V14:
1. Implement auto complete active commit
2. Implement active commit block job for replication.c
3. Address the comments from Stefan, add replication-specific API and data
   structure, also remove old block layer APIs
V13:
1. Rebase to the newest codes
2. Remove redundant marcos and semicolon in replication.c 
3. Fix typos in block-replication.txt
V12:
1. Rebase to the newest codes
2. Use backing reference to replcace 'allow-write-backing-file'
V11:
1. Reopen the backing file when starting blcok replication if it is not
   opened in R/W mode
2. Unblock BLOCK_OP_TYPE_BACKUP_SOURCE and BLOCK_OP_TYPE_BACKUP_TARGET
   when opening backing file
3. Block the top BDS so there is only one block job for the top BDS and
   its backing chain.
V10:
1. Use blockdev-remove-medium and blockdev-insert-medium to replace backing
   reference.
2. Address the comments from Eric Blake
V9:
1. Update the error messages
2. Rebase to the newest qemu
3. Split child add/delete support. These patches are sent in another patchset.
V8:
1. Address Alberto Garcia's comments
V7:
1. Implement adding/removing quorum child. Remove the option non-connect.
2. Simplify the backing refrence option according to Stefan Hajnoczi's 
suggestion
V6:
1. Rebase to the newest qemu.
V5:
1. Address the comments from Gong Lei
2. Speed the failover up. The secondary vm can take over very quickly even
   if there are too many I/O requests.
V4:
1. Introduce a new driver replication to avoid touch nbd and q

[Qemu-devel] [PATCH v23 08/12] Introduce new APIs to do replication operation

[Changlong Xie]

This commit introduces six replication interfaces(for block, network etc).
Firstly we can use replication_(new/remove) to create/destroy replication
instances, then in migration we can use replication_(start/stop/do_checkpoint
/get_error)_all to handle all replication operations. More detail please
refer to replication.h

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
---
 Makefile.objs|   1 +
 qapi/block-core.json |  13 
 replication.c| 107 +++
 replication.h| 174 +++
 4 files changed, 295 insertions(+)
 create mode 100644 replication.c
 create mode 100644 replication.h

diff --git a/Makefile.objs b/Makefile.objs
index 6d5ddcf..7301544 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -15,6 +15,7 @@ block-obj-$(CONFIG_POSIX) += aio-posix.o
 block-obj-$(CONFIG_WIN32) += aio-win32.o
 block-obj-y += block/
 block-obj-y += qemu-io-cmds.o
+block-obj-$(CONFIG_REPLICATION) += replication.o
 
 block-obj-m = block/
 
diff --git a/qapi/block-core.json b/qapi/block-core.json
index f462345..7258a87 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2147,6 +2147,19 @@
 '*debug_level': 'int' } }
 
 ##
+# @ReplicationMode
+#
+# An enumeration of replication modes.
+#
+# @primary: Primary mode, the vm's state will be sent to secondary QEMU.
+#
+# @secondary: Secondary mode, receive the vm's state from primary QEMU.
+#
+# Since: 2.8
+##
+{ 'enum' : 'ReplicationMode', 'data' : [ 'primary', 'secondary' ] }
+
+##
 # @BlockdevOptions
 #
 # Options for creating a block device.  Many options are available for all
diff --git a/replication.c b/replication.c
new file mode 100644
index 000..be3a42f
--- /dev/null
+++ b/replication.c
@@ -0,0 +1,107 @@
+/*
+ * Replication filter
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 Intel Corporation
+ * Copyright (c) 2016 FUJITSU LIMITED
+ *
+ * Author:
+ *   Changlong Xie 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "replication.h"
+
+static QLIST_HEAD(, ReplicationState) replication_states;
+
+ReplicationState *replication_new(void *opaque, ReplicationOps *ops)
+{
+ReplicationState *rs;
+
+assert(ops != NULL);
+rs = g_new0(ReplicationState, 1);
+rs->opaque = opaque;
+rs->ops = ops;
+QLIST_INSERT_HEAD(&replication_states, rs, node);
+
+return rs;
+}
+
+void replication_remove(ReplicationState *rs)
+{
+if (rs) {
+QLIST_REMOVE(rs, node);
+g_free(rs);
+}
+}
+
+/*
+ * The caller of the function MUST make sure vm stopped
+ */
+void replication_start_all(ReplicationMode mode, Error **errp)
+{
+ReplicationState *rs, *next;
+Error *local_err = NULL;
+
+QLIST_FOREACH_SAFE(rs, &replication_states, node, next) {
+if (rs->ops && rs->ops->start) {
+rs->ops->start(rs, mode, &local_err);
+}
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
+
+void replication_do_checkpoint_all(Error **errp)
+{
+ReplicationState *rs, *next;
+Error *local_err = NULL;
+
+QLIST_FOREACH_SAFE(rs, &replication_states, node, next) {
+if (rs->ops && rs->ops->checkpoint) {
+rs->ops->checkpoint(rs, &local_err);
+}
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
+
+void replication_get_error_all(Error **errp)
+{
+ReplicationState *rs, *next;
+Error *local_err = NULL;
+
+QLIST_FOREACH_SAFE(rs, &replication_states, node, next) {
+if (rs->ops && rs->ops->get_error) {
+rs->ops->get_error(rs, &local_err);
+}
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
+
+void replication_stop_all(bool failover, Error **errp)
+{
+ReplicationState *rs, *next;
+Error *local_err = NULL;
+
+QLIST_FOREACH_SAFE(rs, &replication_states, node, next) {
+if (rs->ops && rs->ops->stop) {
+rs->ops->stop(rs, failover, &local_err);
+}
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
diff --git a/replication.h b/replication.h
new file mode 100644
index 000..ece6ca6
--- /dev/null
+++ b/replication.h
@@ -0,0 +1,174 @@
+/*
+ * Replication filter
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 Intel Corporation
+ * Copyright (c) 2016 FUJITSU LIMITED
+ *
+ * Author:
+ *   Changlong Xie 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef REPLICATION_H
+#define R

[Qemu-devel] [PATCH v23 09/12] Implement new driver for block replication

[Changlong Xie]

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
---
 block/Makefile.objs |   1 +
 block/replication.c | 658 
 2 files changed, 659 insertions(+)
 create mode 100644 block/replication.c

diff --git a/block/Makefile.objs b/block/Makefile.objs
index 8a3270b..55da626 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -23,6 +23,7 @@ block-obj-$(CONFIG_LIBSSH2) += ssh.o
 block-obj-y += accounting.o dirty-bitmap.o
 block-obj-y += write-threshold.o
 block-obj-y += backup.o
+block-obj-$(CONFIG_REPLICATION) += replication.o
 
 block-obj-y += crypto.o
 
diff --git a/block/replication.c b/block/replication.c
new file mode 100644
index 000..ec35348
--- /dev/null
+++ b/block/replication.c
@@ -0,0 +1,658 @@
+/*
+ * Replication Block filter
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 Intel Corporation
+ * Copyright (c) 2016 FUJITSU LIMITED
+ *
+ * Author:
+ *   Wen Congyang 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "block/nbd.h"
+#include "block/blockjob.h"
+#include "block/block_int.h"
+#include "block/block_backup.h"
+#include "sysemu/block-backend.h"
+#include "qapi/error.h"
+#include "replication.h"
+
+typedef struct BDRVReplicationState {
+ReplicationMode mode;
+int replication_state;
+BdrvChild *active_disk;
+BdrvChild *hidden_disk;
+BdrvChild *secondary_disk;
+char *top_id;
+ReplicationState *rs;
+Error *blocker;
+int orig_hidden_flags;
+int orig_secondary_flags;
+int error;
+} BDRVReplicationState;
+
+enum {
+BLOCK_REPLICATION_NONE, /* block replication is not started */
+BLOCK_REPLICATION_RUNNING,  /* block replication is running */
+BLOCK_REPLICATION_FAILOVER, /* failover is running in background */
+BLOCK_REPLICATION_FAILOVER_FAILED,  /* failover failed */
+BLOCK_REPLICATION_DONE, /* block replication is done */
+};
+
+static void replication_start(ReplicationState *rs, ReplicationMode mode,
+  Error **errp);
+static void replication_do_checkpoint(ReplicationState *rs, Error **errp);
+static void replication_get_error(ReplicationState *rs, Error **errp);
+static void replication_stop(ReplicationState *rs, bool failover,
+ Error **errp);
+
+#define REPLICATION_MODE"mode"
+#define REPLICATION_TOP_ID  "top-id"
+static QemuOptsList replication_runtime_opts = {
+.name = "replication",
+.head = QTAILQ_HEAD_INITIALIZER(replication_runtime_opts.head),
+.desc = {
+{
+.name = REPLICATION_MODE,
+.type = QEMU_OPT_STRING,
+},
+{
+.name = REPLICATION_TOP_ID,
+.type = QEMU_OPT_STRING,
+},
+{ /* end of list */ }
+},
+};
+
+static ReplicationOps replication_ops = {
+.start = replication_start,
+.checkpoint = replication_do_checkpoint,
+.get_error = replication_get_error,
+.stop = replication_stop,
+};
+
+static int replication_open(BlockDriverState *bs, QDict *options,
+int flags, Error **errp)
+{
+int ret;
+BDRVReplicationState *s = bs->opaque;
+Error *local_err = NULL;
+QemuOpts *opts = NULL;
+const char *mode;
+const char *top_id;
+
+ret = -EINVAL;
+opts = qemu_opts_create(&replication_runtime_opts, NULL, 0, &error_abort);
+qemu_opts_absorb_qdict(opts, options, &local_err);
+if (local_err) {
+goto fail;
+}
+
+mode = qemu_opt_get(opts, REPLICATION_MODE);
+if (!mode) {
+error_setg(&local_err, "Missing the option mode");
+goto fail;
+}
+
+if (!strcmp(mode, "primary")) {
+s->mode = REPLICATION_MODE_PRIMARY;
+} else if (!strcmp(mode, "secondary")) {
+s->mode = REPLICATION_MODE_SECONDARY;
+top_id = qemu_opt_get(opts, REPLICATION_TOP_ID);
+s->top_id = g_strdup(top_id);
+if (!s->top_id) {
+error_setg(&local_err, "Missing the option top-id");
+goto fail;
+}
+} else {
+error_setg(&local_err,
+   "The option mode's value should be primary or secondary");
+goto fail;
+}
+
+s->rs = replication_new(bs, &replication_ops);
+
+ret = 0;
+
+fail:
+qemu_opts_del(opts);
+error_propagate(errp, local_err);
+
+return ret;
+}
+
+static void replication_close(BlockDriverState *bs)
+{
+BDRVReplicationState *s = bs->opaque;
+
+if (s->replication_state == BLOCK_REPLICATION_RUNNING) {
+replication_stop(s->rs, false, NULL);
+}
+
+if (s->mode == REPLICATION_MODE_SECONDARY) {
+g_free(s->top_id);
+}
+
+replication_rem

[Qemu-devel] [PATCH v23 04/12] Link backup into block core

[Changlong Xie]

From: Wen Congyang 

Some programs that add a dependency on it will use
the block layer directly.

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Jeff Cody 
---
 block/Makefile.objs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/Makefile.objs b/block/Makefile.objs
index 2593a2f..8a3270b 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -22,11 +22,11 @@ block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o
 block-obj-$(CONFIG_LIBSSH2) += ssh.o
 block-obj-y += accounting.o dirty-bitmap.o
 block-obj-y += write-threshold.o
+block-obj-y += backup.o
 
 block-obj-y += crypto.o
 
 common-obj-y += stream.o
-common-obj-y += backup.o
 
 iscsi.o-cflags := $(LIBISCSI_CFLAGS)
 iscsi.o-libs   := $(LIBISCSI_LIBS)
-- 
1.9.3

[Qemu-devel] [PATCH v23 06/12] auto complete active commit

[Changlong Xie]

From: Wen Congyang 

Auto complete mirror job in background to prevent from
blocking synchronously

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
---
 block/mirror.c| 13 +
 blockdev.c|  2 +-
 include/block/block_int.h |  3 ++-
 qemu-img.c|  2 +-
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/block/mirror.c b/block/mirror.c
index 69a1a7c..30c2477 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -906,7 +906,8 @@ static void mirror_start_job(const char *job_id, 
BlockDriverState *bs,
  BlockCompletionFunc *cb,
  void *opaque, Error **errp,
  const BlockJobDriver *driver,
- bool is_none_mode, BlockDriverState *base)
+ bool is_none_mode, BlockDriverState *base,
+ bool auto_complete)
 {
 MirrorBlockJob *s;
 
@@ -942,6 +943,9 @@ static void mirror_start_job(const char *job_id, 
BlockDriverState *bs,
 s->granularity = granularity;
 s->buf_size = ROUND_UP(buf_size, granularity);
 s->unmap = unmap;
+if (auto_complete) {
+s->should_complete = true;
+}
 
 s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, NULL, errp);
 if (!s->dirty_bitmap) {
@@ -980,14 +984,15 @@ void mirror_start(const char *job_id, BlockDriverState 
*bs,
 mirror_start_job(job_id, bs, target, replaces,
  speed, granularity, buf_size, backing_mode,
  on_source_error, on_target_error, unmap, cb, opaque, errp,
- &mirror_job_driver, is_none_mode, base);
+ &mirror_job_driver, is_none_mode, base, false);
 }
 
 void commit_active_start(const char *job_id, BlockDriverState *bs,
  BlockDriverState *base, int64_t speed,
  BlockdevOnError on_error,
  BlockCompletionFunc *cb,
- void *opaque, Error **errp)
+ void *opaque, Error **errp,
+ bool auto_complete)
 {
 int64_t length, base_length;
 int orig_base_flags;
@@ -1028,7 +1033,7 @@ void commit_active_start(const char *job_id, 
BlockDriverState *bs,
 mirror_start_job(job_id, bs, base, NULL, speed, 0, 0,
  MIRROR_LEAVE_BACKING_CHAIN,
  on_error, on_error, false, cb, opaque, &local_err,
- &commit_active_job_driver, false, base);
+ &commit_active_job_driver, false, base, auto_complete);
 if (local_err) {
 error_propagate(errp, local_err);
 goto error_restore_flags;
diff --git a/blockdev.c b/blockdev.c
index eafeba9..be7be7b 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3140,7 +3140,7 @@ void qmp_block_commit(bool has_job_id, const char 
*job_id, const char *device,
 goto out;
 }
 commit_active_start(has_job_id ? job_id : NULL, bs, base_bs, speed,
-on_error, block_job_cb, bs, &local_err);
+on_error, block_job_cb, bs, &local_err, false);
 } else {
 commit_start(has_job_id ? job_id : NULL, bs, base_bs, top_bs, speed,
  on_error, block_job_cb, bs,
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 1fe0fd9..f812740 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -699,13 +699,14 @@ void commit_start(const char *job_id, BlockDriverState 
*bs,
  * @cb: Completion function for the job.
  * @opaque: Opaque pointer value passed to @cb.
  * @errp: Error object.
+ * @auto_complete: Auto complete the job.
  *
  */
 void commit_active_start(const char *job_id, BlockDriverState *bs,
  BlockDriverState *base, int64_t speed,
  BlockdevOnError on_error,
  BlockCompletionFunc *cb,
- void *opaque, Error **errp);
+ void *opaque, Error **errp, bool auto_complete);
 /*
  * mirror_start:
  * @job_id: The id of the newly-created job, or %NULL to use the
diff --git a/qemu-img.c b/qemu-img.c
index 2e40e1f..ae204c9 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -921,7 +921,7 @@ static int img_commit(int argc, char **argv)
 };
 
 commit_active_start("commit", bs, base_bs, 0, BLOCKDEV_ON_ERROR_REPORT,
-common_block_job_cb, &cbi, &local_err);
+common_block_job_cb, &cbi, &local_err, false);
 if (local_err) {
 goto done;
 }
-- 
1.9.3

[Qemu-devel] [PATCH v23 07/12] configure: support replication

[Changlong Xie]

configure --(enable/disable)-replication to switch replication
support on/off, and it is on by default.
We later introduce replation support.

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
---
 configure | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/configure b/configure
index 6ffa4a8..20a6564 100755
--- a/configure
+++ b/configure
@@ -320,6 +320,7 @@ vhdx=""
 numa=""
 tcmalloc="no"
 jemalloc="no"
+replication="yes"
 
 # parse CC options first
 for opt do
@@ -1150,6 +1151,10 @@ for opt do
   ;;
   --enable-jemalloc) jemalloc="yes"
   ;;
+  --disable-replication) replication="no"
+  ;;
+  --enable-replication) replication="yes"
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
@@ -1380,6 +1385,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   numalibnuma support
   tcmalloctcmalloc support
   jemallocjemalloc support
+  replication replication support
 
 NOTE: The object files are built at the place where configure is launched
 EOF
@@ -4896,6 +4902,7 @@ echo "NUMA host support $numa"
 echo "tcmalloc support  $tcmalloc"
 echo "jemalloc support  $jemalloc"
 echo "avx2 optimization $avx2_opt"
+echo "replication support $replication"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -5466,6 +5473,10 @@ if test "$have_rtnetlink" = "yes" ; then
   echo "CONFIG_RTNETLINK=y" >> $config_host_mak
 fi
 
+if test "$replication" = "yes" ; then
+  echo "CONFIG_REPLICATION=y" >> $config_host_mak
+fi
+
 # Hold two types of flag:
 #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting the name on
 # a thread we have a handle to
-- 
1.9.3

[Qemu-devel] [PATCH v23 12/12] MAINTAINERS: add maintainer for replication

[Changlong Xie]

As per Stefan's suggestion, add Wen and I as co-maintainers
of replication.

Cc: Stefan Hajnoczi 
Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
---
 MAINTAINERS | 8 
 1 file changed, 8 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d1439a8..8fa2a25 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1619,6 +1619,14 @@ L: qemu-bl...@nongnu.org
 S: Supported
 F: tests/image-fuzzer/
 
+replication
+M: Wen Congyang 
+M: Changlong Xie 
+S: Supported
+F: replication*
+F: block/replication.c
+F: test/test-replication.c
+
 Build and test automation
 -
 M: Alex Bennée 
-- 
1.9.3

[Qemu-devel] [PATCH v23 05/12] docs: block replication's description

[Changlong Xie]

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
---
 docs/block-replication.txt | 239 +
 1 file changed, 239 insertions(+)
 create mode 100644 docs/block-replication.txt

diff --git a/docs/block-replication.txt b/docs/block-replication.txt
new file mode 100644
index 000..6bde673
--- /dev/null
+++ b/docs/block-replication.txt
@@ -0,0 +1,239 @@
+Block replication
+
+Copyright Fujitsu, Corp. 2016
+Copyright (c) 2016 Intel Corporation
+Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+
+This work is licensed under the terms of the GNU GPL, version 2 or later.
+See the COPYING file in the top-level directory.
+
+Block replication is used for continuous checkpoints. It is designed
+for COLO (COarse-grain LOck-stepping) where the Secondary VM is running.
+It can also be applied for FT/HA (Fault-tolerance/High Assurance) scenario,
+where the Secondary VM is not running.
+
+This document gives an overview of block replication's design.
+
+== Background ==
+High availability solutions such as micro checkpoint and COLO will do
+consecutive checkpoints. The VM state of the Primary and Secondary VM is
+identical right after a VM checkpoint, but becomes different as the VM
+executes till the next checkpoint. To support disk contents checkpoint,
+the modified disk contents in the Secondary VM must be buffered, and are
+only dropped at next checkpoint time. To reduce the network transportation
+effort during a vmstate checkpoint, the disk modification operations of
+the Primary disk are asynchronously forwarded to the Secondary node.
+
+== Workflow ==
+The following is the image of block replication workflow:
+
++--+++
+|Primary Write Requests||Secondary Write Requests|
++--+++
+  |   |
+  |  (4)
+  |   V
+  |  /-\
+  |  Copy and Forward| |
+  |-(1)--+   | Disk Buffer |
+  |  |   | |
+  | (3)  \-/
+  | speculative  ^
+  |write through(2)
+  |  |   |
+  V  V   |
+   +--+   ++
+   | Primary Disk |   | Secondary Disk |
+   +--+   ++
+
+1) Primary write requests will be copied and forwarded to Secondary
+   QEMU.
+2) Before Primary write requests are written to Secondary disk, the
+   original sector content will be read from Secondary disk and
+   buffered in the Disk buffer, but it will not overwrite the existing
+   sector content (it could be from either "Secondary Write Requests" or
+   previous COW of "Primary Write Requests") in the Disk buffer.
+3) Primary write requests will be written to Secondary disk.
+4) Secondary write requests will be buffered in the Disk buffer and it
+   will overwrite the existing sector content in the buffer.
+
+== Architecture ==
+We are going to implement block replication from many basic
+blocks that are already in QEMU.
+
+ virtio-blk   ||
+ ^||.--
+ |||| Secondary
+1 Quorum  ||'--
+ /  \ ||
+/\||
+   Primary2 filter
+ disk ^
 virtio-blk
+  |
  ^
+3 NBD  --->  3 NBD 
  |
+client|| server
  2 filter
+  ||^  
  ^
+. |||  
  |
+Primary | ||  Secondary disk <- hidden-disk 5 
<- active-disk 4
+' |||  backing^   backing
+  ||| |
+  ||| |
+  ||'-'
+  || 

[Qemu-devel] [PATCH v23 10/12] tests: add unit test case for replication

[Changlong Xie]

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
---
 tests/.gitignore |   1 +
 tests/Makefile.include   |   4 +
 tests/test-replication.c | 575 +++
 3 files changed, 580 insertions(+)
 create mode 100644 tests/test-replication.c

diff --git a/tests/.gitignore b/tests/.gitignore
index dbb5263..b4a9cfc 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -63,6 +63,7 @@ test-qmp-introspect.[ch]
 test-qmp-marshal.c
 test-qmp-output-visitor
 test-rcu-list
+test-replication
 test-rfifolock
 test-string-input-visitor
 test-string-output-visitor
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 9286148..bc6a44e 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -111,6 +111,7 @@ check-unit-y += tests/test-crypto-xts$(EXESUF)
 check-unit-y += tests/test-crypto-block$(EXESUF)
 gcov-files-test-logging-y = tests/test-logging.c
 check-unit-y += tests/test-logging$(EXESUF)
+check-unit-$(CONFIG_REPLICATION) += tests/test-replication$(EXESUF)
 
 check-block-$(CONFIG_POSIX) += tests/qemu-iotests-quick.sh
 
@@ -478,6 +479,9 @@ tests/test-base64$(EXESUF): tests/test-base64.o \
 
 tests/test-logging$(EXESUF): tests/test-logging.o $(test-util-obj-y)
 
+tests/test-replication$(EXESUF): tests/test-replication.o $(test-util-obj-y) \
+   $(test-block-obj-y)
+
 tests/test-qapi-types.c tests/test-qapi-types.h :\
 $(SRC_PATH)/tests/qapi-schema/qapi-schema-test.json 
$(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
$(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-types.py \
diff --git a/tests/test-replication.c b/tests/test-replication.c
new file mode 100644
index 000..b63f1ef
--- /dev/null
+++ b/tests/test-replication.c
@@ -0,0 +1,575 @@
+/*
+ * Block replication tests
+ *
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Author: Changlong Xie 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "replication.h"
+#include "block/block_int.h"
+#include "sysemu/block-backend.h"
+
+#define IMG_SIZE (64 * 1024 * 1024)
+
+/* primary */
+#define P_ID "primary-id"
+static char p_local_disk[] = "/tmp/p_local_disk.XX";
+
+/* secondary */
+#define S_ID "secondary-id"
+#define S_LOCAL_DISK_ID "secondary-local-disk-id"
+static char s_local_disk[] = "/tmp/s_local_disk.XX";
+static char s_active_disk[] = "/tmp/s_active_disk.XX";
+static char s_hidden_disk[] = "/tmp/s_hidden_disk.XX";
+
+/* FIXME: steal from blockdev.c */
+QemuOptsList qemu_drive_opts = {
+.name = "drive",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_drive_opts.head),
+.desc = {
+{ /* end of list */ }
+},
+};
+
+#define NOT_DONE 0x7fff
+
+static void blk_rw_done(void *opaque, int ret)
+{
+*(int *)opaque = ret;
+}
+
+static void test_blk_read(BlockBackend *blk, long pattern,
+  int64_t pattern_offset, int64_t pattern_count,
+  int64_t offset, int64_t count,
+  bool expect_failed)
+{
+void *pattern_buf = NULL;
+QEMUIOVector qiov;
+void *cmp_buf = NULL;
+int async_ret = NOT_DONE;
+
+if (pattern) {
+cmp_buf = g_malloc(pattern_count);
+memset(cmp_buf, pattern, pattern_count);
+}
+
+pattern_buf = g_malloc(count);
+if (pattern) {
+memset(pattern_buf, pattern, count);
+} else {
+memset(pattern_buf, 0x00, count);
+}
+
+qemu_iovec_init(&qiov, 1);
+qemu_iovec_add(&qiov, pattern_buf, count);
+
+blk_aio_preadv(blk, offset, &qiov, 0, blk_rw_done, &async_ret);
+while (async_ret == NOT_DONE) {
+main_loop_wait(false);
+}
+
+if (expect_failed) {
+g_assert(async_ret != 0);
+} else {
+g_assert(async_ret == 0);
+if (pattern) {
+g_assert(memcmp(pattern_buf + pattern_offset,
+cmp_buf, pattern_count) <= 0);
+}
+}
+
+g_free(pattern_buf);
+}
+
+static void test_blk_write(BlockBackend *blk, long pattern, int64_t offset,
+   int64_t count, bool expect_failed)
+{
+void *pattern_buf = NULL;
+QEMUIOVector qiov;
+int async_ret = NOT_DONE;
+
+pattern_buf = g_malloc(count);
+if (pattern) {
+memset(pattern_buf, pattern, count);
+} else {
+memset(pattern_buf, 0x00, count);
+}
+
+qemu_iovec_init(&qiov, 1);
+qemu_iovec_add(&qiov, pattern_buf, count);
+
+blk_aio_pwritev(blk, offset, &qiov, 0, blk_rw_done, &async_ret);
+while (async_ret == NOT_DONE) {
+main_loop_wait(false);
+}
+
+if (expect_failed) {
+g_assert(async_ret != 0);
+} else {
+g_assert(async_ret == 0);
+}
+
+g_free(pattern_buf);
+}
+
+/*
+ * Create a uniquely-named empty temporary file.
+ */
+static void make_temp(char *template)
+{
+int fd;
+
+

Re: [Qemu-devel] [PATCH v4 6/8] STM32F205: Connect the ADC devices

[Peter Maydell]

On 26 July 2016 at 06:08, Alistair Francis  wrote:
> I think this function should work:
>
> /*
>  * qemu_allocate_or_irqs
>  * @in_irq: An input IRQ. It will be the result of the @out_irqs ORed together
>  * @n: The number of interrupt lines that should be ORed together
>  *
>  * returns: An array of interrupts that should be ORed together
>  *
>  * OR all of the interrupts returned in the array into a single @in_irq.
>  */
> qemu_irq *qemu_allocate_or_irqs(qemu_irq in_irq, int n);

As I say, it really needs to be an actual device because
it has to have state (tracking the level of all the inputs
so when one changes it can recalculate the new output).

-- PMM

[Qemu-devel] [PATCH v23 11/12] support replication driver in blockdev-add

[Changlong Xie]

From: Wen Congyang 

Signed-off-by: Wen Congyang 
Signed-off-by: Changlong Xie 
Signed-off-by: Wang WeiWei 
Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
Reviewed-by: Eric Blake 
---
 qapi/block-core.json | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7258a87..48aa112 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -248,6 +248,7 @@
 #   2.3: 'host_floppy' deprecated
 #   2.5: 'host_floppy' dropped
 #   2.6: 'luks' added
+#   2.8: 'replication' added
 #
 # @backing_file: #optional the name of the backing file (for copy-on-write)
 #
@@ -1696,8 +1697,8 @@
   'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop',
 'dmg', 'file', 'ftp', 'ftps', 'gluster', 'host_cdrom',
 'host_device', 'http', 'https', 'luks', 'null-aio', 'null-co',
-'parallels', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp',
-'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
+'parallels', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 
'replication',
+'tftp', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
 
 ##
 # @BlockdevOptionsFile
@@ -2160,6 +2161,22 @@
 { 'enum' : 'ReplicationMode', 'data' : [ 'primary', 'secondary' ] }
 
 ##
+# @BlockdevOptionsReplication
+#
+# Driver specific block device options for replication
+#
+# @mode: the replication mode
+#
+# @top-id: the id to protect replication model chain
+#
+# Since: 2.8
+##
+{ 'struct': 'BlockdevOptionsReplication',
+  'base': 'BlockdevOptionsGenericFormat',
+  'data': { 'mode': 'ReplicationMode',
+'top-id': 'str' } }
+
+##
 # @BlockdevOptions
 #
 # Options for creating a block device.  Many options are available for all
@@ -2224,6 +2241,7 @@
   'quorum': 'BlockdevOptionsQuorum',
   'raw':'BlockdevOptionsGenericFormat',
 # TODO rbd: Wait for structured options
+  'replication':'BlockdevOptionsReplication',
 # TODO sheepdog: Wait for structured options
 # TODO ssh: Should take InetSocketAddress for 'host'?
   'tftp':   'BlockdevOptionsFile',
-- 
1.9.3

Re: [Qemu-devel] [RFC PATCH 3/3] hw/arm/virt: add nvdimm emulation support

[Peter Maydell]

On 26 July 2016 at 08:03, kwangwoo@sk.com  wrote:
> Hi Peter,
>
> Please, check the comments below. Thanks a lot!
>
>> -Original Message-
>> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
>> This seems to be missing code to write the device tree
>> information about whatever this device is?
>
> Is it OK to just add a memory region which cannot be used without ACPI?
> This is unclear to me. If you suggest that it is better way, I'll revise
> this patch to add a device tree node. Please, help me to understand.

They don't necessarily both have to be added in the exact same patch
if it's less confusing to split it, but the series as a whole
should support both DT and ACPI (and your kernel patches also
ought to have both DT and ACPI bindings I think).

thanks
-- PMM

Re: [Qemu-devel] [PULL 4/7] scripts: refactor the VM class in iotests for reuse

[Daniel P. Berrange]

On Tue, Jul 26, 2016 at 02:23:52AM +0200, Max Reitz wrote:
> On 22.07.2016 10:00, Amit Shah wrote:
> > From: "Daniel P. Berrange" 
> > 
> > The iotests module has a python class for controlling QEMU
> > processes. Pull the generic functionality out of this file
> > and create a scripts/qemu.py module containing a QEMUMachine
> > class. Put the QTest integration support into a subclass
> > QEMUQtestMachine.
> > 
> > Signed-off-by: Daniel P. Berrange 
> > Message-Id: <1469020993-29426-4-git-send-email-berra...@redhat.com>
> > Signed-off-by: Amit Shah 
> > ---
> >  scripts/qemu.py   | 202 
> > ++
> >  scripts/qtest.py  |  34 +++
> >  tests/qemu-iotests/iotests.py | 135 +---
> >  3 files changed, 240 insertions(+), 131 deletions(-)
> >  create mode 100644 scripts/qemu.py
> 
> Hm, I have even more questions...
> 
> (I'm starting to wonder if I'm doing anything horribly wrong, because
> this patch basically completely breaks the Python iotests for me.)

[snip]

I'll investigate this and send any neccessary fixes asap.


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 1/3] qdist: fix memory leak during binning

[Marc-André Lureau]

Hi

On Mon, Jul 25, 2016 at 7:03 PM, Emilio G. Cota  wrote:
> In qdist_bin__internal(), to->entries is initialized to a 1-element array,
> which we then leak when n == from->n. Fix it.
>
> Signed-off-by: Emilio G. Cota 
> ---
>  util/qdist.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/util/qdist.c b/util/qdist.c
> index 56f5738..eb2236c 100644
> --- a/util/qdist.c
> +++ b/util/qdist.c
> @@ -188,7 +188,7 @@ void qdist_bin__internal(struct qdist *to, const struct 
> qdist *from, size_t n)
>  }
>  }
>  /* they're equally spaced, so copy the dist and bail out */
> -to->entries = g_new(struct qdist_entry, from->n);
> +to->entries = g_realloc_n(to->entries, n, sizeof(*to->entries));

This is already part of the leak series:
https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg04168.html

>  to->n = from->n;
>  memcpy(to->entries, from->entries, sizeof(*to->entries) * to->n);
>  return;
> --
> 2.5.0
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] usb keyboard and mouse can't work on QEMU ARM64 with KVM

[Shannon Zhao]

On 2016/7/26 16:07, Ard Biesheuvel wrote:
> On 26 July 2016 at 09:34, Shannon Zhao  wrote:
>> > Hi，
>> >
>> > Recently I'm trying to use usb keyboard and mouse with QEMU on ARM64. 
>> > Below is my QEMU command line,
>> > host and guest kernel both are 4.7.0-rc7+, and I ran it on Hikey board.
>> >
>> > qemu-system-aarch64 \
>> > -smp 1 -cpu host -enable-kvm \
>> > -m 256 -M virt \
>> > -k en-us \
>> > -nographic \
>> > -device usb-ehci -device usb-kbd -device usb-mouse -usb\
>> > -kernel Image \
>> > -initrd guestfs.cpio.gz \
>> > -append "rdinit=/sbin/init console=ttyAMA0 root=/dev/ram 
>> > earlycon=pl011,0x900 rw"
>> >
>> > The following guest log shows that usb controller can be probed but the 
>> > keyboard and mouse can't be
>> > found.
>> >
>> > [1.597433] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
>> > [1.599562] ehci-pci: EHCI PCI platform driver
>> > [1.608082] ehci-pci :00:03.0: EHCI Host Controller
>> > [1.609485] ehci-pci :00:03.0: new USB bus registered, assigned bus 
>> > number 1
>> > [1.611833] ehci-pci :00:03.0: irq 49, io mem 0x10041000
>> > [1.623599] ehci-pci :00:03.0: USB 2.0 started, EHCI 1.00
>> > [1.625867] hub 1-0:1.0: USB hub found
>> > [1.626906] hub 1-0:1.0: 6 ports detected
>> > [1.628685] ehci-platform: EHCI generic platform driver
>> > [1.630263] ehci-msm: Qualcomm On-Chip EHCI Host Controller
>> > [1.631947] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
>> > [1.633547] ohci-pci: OHCI PCI platform driver
>> > [1.634807] ohci-platform: OHCI generic platform driver
>> > [...]
>> > [1.939001] usb 1-1: new high-speed USB device number 2 using ehci-pci
>> > [   17.467040] usb 1-1: device not accepting address 2, error -110
>> > [   17.579165] usb 1-1: new high-speed USB device number 3 using ehci-pci
>> > [   32.287242] random: dd urandom read with 7 bits of entropy available
>> > [   33.110970] usb 1-1: device not accepting address 3, error -110
>> > [   33.223030] usb 1-1: new high-speed USB device number 4 using ehci-pci
>> > [   43.635185] usb 1-1: device not accepting address 4, error -110
>> > [   43.747033] usb 1-1: new high-speed USB device number 5 using ehci-pci
>> > [   54.159043] usb 1-1: device not accepting address 5, error -110
>> > [   54.160752] usb usb1-port1: unable to enumerate USB device
>> > [   54.307290] usb 1-2: new high-speed USB device number 6 using ehci-pci
>> > [   69.839052] usb 1-2: device not accepting address 6, error -110
>> > [   69.951249] usb 1-2: new high-speed USB device number 7 using ehci-pci
>> > [   85.483171] usb 1-2: device not accepting address 7, error -110
>> > [   85.595035] usb 1-2: new high-speed USB device number 8 using ehci-pci
>> > [   90.619247] usb 1-2: device descriptor read/8, error -110
>> > [   95.743482] usb 1-2: device descriptor read/8, error -110
>> > [   95.959165] usb 1-2: new high-speed USB device number 9 using ehci-pci
>> > [  106.371177] usb 1-2: device not accepting address 9, error -110
>> > [  106.372894] usb usb1-port2: unable to enumerate USB device
>> >
>> > lsusb shows:
>> > root@genericarmv8:~# lsusb
>> > Bus 001 Device 001: ID 1d6b:0002
>> >
>> > Besides, I have also tried QEMU TCG without KVM. The guest can 
>> > successfully probe usb controller,
>> > keyboard and mouse.
>> > lsusb shows:
>> > root@genericarmv8:~# lsusb
>> > Bus 001 Device 002: ID 0627:0001
>> > Bus 001 Device 003: ID 0627:0001
>> > Bus 001 Device 001: ID 1d6b:0002
>> >
>> > So it looks like that usb keyboard and mouse don't work with KVM on QEMU 
>> > ARM64 while they can work
>> > with TCG. IIUC, all the usb devices are emulated by QEMU, it has nothing 
>> > with KVM. So it really
>> > confused me and I'm not familiar with usb devices. Also I have seen 
>> > someone else reports this issue
>> > before[1].
>> >
>> > [1]https://lists.gnu.org/archive/html/qemu-arm/2016-06/msg00110.html
>> >
>> > Any comments and help are welcome. Thanks in advance.
>> >
> Does your QEMU have this patch?
> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d636e21c44ecf982a22a7bc4ca89186079ac283

Great! I applied this patch and the keyboard and mouse can work with KVM
now. Thanks a lot, Ard.

Thanks,
-- 
Shannon

Re: [Qemu-devel] [PATCH 2/3] qdist: use g_realloc_n instead of g_realloc

[Marc-André Lureau]

Hi

On Mon, Jul 25, 2016 at 7:03 PM, Emilio G. Cota  wrote:
> While at it, remove the unnecessary parentheses around dist->size.
>
> Signed-off-by: Emilio G. Cota 
> ---
>  util/qdist.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/util/qdist.c b/util/qdist.c
> index eb2236c..cc31140 100644
> --- a/util/qdist.c
> +++ b/util/qdist.c
> @@ -62,8 +62,8 @@ void qdist_add(struct qdist *dist, double x, long count)
>
>  if (unlikely(dist->n == dist->size)) {
>  dist->size *= 2;
> -dist->entries = g_realloc(dist->entries,
> -  sizeof(*dist->entries) * (dist->size));
> +dist->entries = g_realloc_n(dist->entries, dist->size,
> +sizeof(*dist->entries));
>  }
>  dist->n++;
>  entry = &dist->entries[dist->n - 1];
> --
> 2.5.0
>
>

Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

[Qemu-devel] [PATCH] mptsas: Fix a migration compatible issue

[Cao jin]

My previous commit 2e2aa316 removed internal flag msi_in_use, which
exists in vmstate, use VMSTATE_UNUSED for migration compatibility.

Reported-by: Amit Shah 
Suggested-by: Amit Shah 
Cc: Markus Armbruster 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Michael S. Tsirkin 
Cc: Amit Shah 
Signed-off-by: Cao jin 
---
 hw/scsi/mptsas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index c1a0649..0ed24d1 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -1370,7 +1370,7 @@ static const VMStateDescription vmstate_mptsas = {
 .post_load = mptsas_post_load,
 .fields  = (VMStateField[]) {
 VMSTATE_PCI_DEVICE(dev, MPTSASState),
-
+VMSTATE_UNUSED(sizeof(bool)), /* Was msi_in_use */
 VMSTATE_UINT32(state, MPTSASState),
 VMSTATE_UINT8(who_init, MPTSASState),
 VMSTATE_UINT8(doorbell_state, MPTSASState),
-- 
2.1.0

[Qemu-devel] [Bug 1603636] Re: Guest has not initialized the display yet on ubuntu 16.10 PPC

[T. Huth]

If git bisect says something about "XX revisions left to test after this" then 
you're not done yet, you have to continue the git bisecting process until it is 
finished.
And if you need the sdl2 patch additionally, you have to apply it manually 
after each step if necessary. I'm sorry, it's quite cumbersome, but likely 
still the best solution to determine where your problem comes from.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1603636

Title:
  Guest has not initialized the display yet on ubuntu 16.10 PPC

Status in QEMU:
  New

Bug description:
  Hi
  tested with all kind of configure, with all kind of machine types but i have 
the same issue ... 
  on lastest quemo 2.6 "Guest has not initialized the display yet"
  note with lastest git repository the situation become worst because on 
i386-softmmu i have the message but qemu exit alone because looklike there is 
not a bios 

  this is gdb of i386-softmmu

  (gdb) run
  Starting program: /home/amigaone/src/qemu/i386-softmmu/qemu-system-i386 
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/powerpc-linux-gnu/libthread_db.so.1".
  [New Thread 0xf7f78b70 (LWP 25074)]
  [New Thread 0xf770bb70 (LWP 25075)]
  [New Thread 0xf6dfdb70 (LWP 25076)]
  [New Thread 0xf65fdb70 (LWP 25077)]
  [New Thread 0xf3337b70 (LWP 25078)]
  [New Thread 0xe4146b70 (LWP 25087)]
  qemu-system-i386: Trying to execute code outside RAM or ROM at 0x000a
  This usually means one of the following happened:

  (1) You told QEMU to execute a kernel for the wrong machine type, and it 
crashed on startup (eg trying to run a raspberry pi kernel on a versatilepb 
QEMU machine)
  (2) You didn't give QEMU a kernel or BIOS filename at all, and QEMU executed 
a ROM full of no-op instructions until it fell off the end
  (3) Your guest kernel has a bug and crashed by jumping off into nowhere

  This is almost always one of the first two, so check your command line and 
that you are using the right type of kernel for this machine.
  If you think option (3) is likely then you can try debugging your guest with 
the -d debug options; in particular -d guest_errors will cause the log to 
include a dump of the guest register state at this point.

  Execution cannot continue; stopping here.

  [Thread 0xe4146b70 (LWP 25087) exited]
  [Thread 0xf65fdb70 (LWP 25077) exited]
  [Thread 0xf6dfdb70 (LWP 25076) exited]
  [Thread 0xf770bb70 (LWP 25075) exited]
  [Thread 0xf7f78b70 (LWP 25074) exited]
  [Thread 0xf7f7c000 (LWP 25070) exited]
  [Inferior 1 (process 25070) exited with code 01]

  
  this is my ldd 
  ldd ./qemu-system-i386 
linux-vdso32.so.1 =>  (0x0010)
libvirglrenderer.so.0 => /usr/local/lib/libvirglrenderer.so.0 
(0x0ff8a000)
libepoxy.so.0 => /usr/lib/powerpc-linux-gnu/libepoxy.so.0 (0x0fe86000)
libgbm.so.1 => /usr/local/lib/libgbm.so.1 (0x0fe55000)
libX11.so.6 => /usr/lib/powerpc-linux-gnu/libX11.so.6 (0x0fcf2000)
libz.so.1 => /lib/powerpc-linux-gnu/libz.so.1 (0x0fcb1000)
libcurl-gnutls.so.4 => /usr/lib/powerpc-linux-gnu/libcurl-gnutls.so.4 
(0x0fc1)
libssh2.so.1 => /usr/lib/powerpc-linux-gnu/libssh2.so.1 (0x0fbbf000)
libbz2.so.1.0 => /lib/powerpc-linux-gnu/libbz2.so.1.0 (0x0fb7e000)
libpixman-1.so.0 => /usr/lib/powerpc-linux-gnu/libpixman-1.so.0 
(0x0fadd000)
libutil.so.1 => /lib/powerpc-linux-gnu/libutil.so.1 (0x0faac000)
libnuma.so.1 => /usr/lib/powerpc-linux-gnu/libnuma.so.1 (0x0fa79000)
libncurses.so.5 => /lib/powerpc-linux-gnu/libncurses.so.5 (0x0fa28000)
libtinfo.so.5 => /lib/powerpc-linux-gnu/libtinfo.so.5 (0x0f9d7000)
libuuid.so.1 => /lib/powerpc-linux-gnu/libuuid.so.1 (0x0f9a6000)
libpng16.so.16 => /usr/lib/powerpc-linux-gnu/libpng16.so.16 (0x0f945000)
libjpeg.so.8 => /usr/lib/powerpc-linux-gnu/libjpeg.so.8 (0x0f8d4000)
libSDL2-2.0.so.0 => /usr/local/lib/libSDL2-2.0.so.0 (0x0f77d000)
libnettle.so.6 => /usr/lib/powerpc-linux-gnu/libnettle.so.6 (0x0f71c000)
libgnutls.so.30 => /usr/lib/powerpc-linux-gnu/libgnutls.so.30 
(0x0f5ca000)
libgtk-x11-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgtk-x11-2.0.so.0 
(0x0f0e6000)
libgdk-x11-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgdk-x11-2.0.so.0 
(0x0f005000)
libcairo.so.2 => /usr/lib/powerpc-linux-gnu/libcairo.so.2 (0x0eec3000)
libgdk_pixbuf-2.0.so.0 => 
/usr/lib/powerpc-linux-gnu/libgdk_pixbuf-2.0.so.0 (0x0ee72000)
libgobject-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgobject-2.0.so.0 
(0x0edf1000)
libglib-2.0.so.0 => /lib/powerpc-linux-gnu/libglib-2.0.so.0 (0x0eca)
libsnappy.so.1 => /usr/lib/powerpc-linux-gnu/libsnappy.so.1 (0x0ec6f000)
libusb-1.0.so.0 => /lib/powerpc-linux-gnu/libusb-1.0.so.0 (0x0ec2e000)
librt.so.1 => /lib/powerpc-linux-gnu/librt.so.1 (0x0ebfd000)
 

[Qemu-devel] [Bug 1603636] Re: Guest has not initialized the display yet on ubuntu 16.10 PPC

[luigiburdo]

Hi T,
Ok. I m sorry i was thinking only this was needed i will made the other git 
bisect and report 

Luigi

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1603636

Title:
  Guest has not initialized the display yet on ubuntu 16.10 PPC

Status in QEMU:
  New

Bug description:
  Hi
  tested with all kind of configure, with all kind of machine types but i have 
the same issue ... 
  on lastest quemo 2.6 "Guest has not initialized the display yet"
  note with lastest git repository the situation become worst because on 
i386-softmmu i have the message but qemu exit alone because looklike there is 
not a bios 

  this is gdb of i386-softmmu

  (gdb) run
  Starting program: /home/amigaone/src/qemu/i386-softmmu/qemu-system-i386 
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/powerpc-linux-gnu/libthread_db.so.1".
  [New Thread 0xf7f78b70 (LWP 25074)]
  [New Thread 0xf770bb70 (LWP 25075)]
  [New Thread 0xf6dfdb70 (LWP 25076)]
  [New Thread 0xf65fdb70 (LWP 25077)]
  [New Thread 0xf3337b70 (LWP 25078)]
  [New Thread 0xe4146b70 (LWP 25087)]
  qemu-system-i386: Trying to execute code outside RAM or ROM at 0x000a
  This usually means one of the following happened:

  (1) You told QEMU to execute a kernel for the wrong machine type, and it 
crashed on startup (eg trying to run a raspberry pi kernel on a versatilepb 
QEMU machine)
  (2) You didn't give QEMU a kernel or BIOS filename at all, and QEMU executed 
a ROM full of no-op instructions until it fell off the end
  (3) Your guest kernel has a bug and crashed by jumping off into nowhere

  This is almost always one of the first two, so check your command line and 
that you are using the right type of kernel for this machine.
  If you think option (3) is likely then you can try debugging your guest with 
the -d debug options; in particular -d guest_errors will cause the log to 
include a dump of the guest register state at this point.

  Execution cannot continue; stopping here.

  [Thread 0xe4146b70 (LWP 25087) exited]
  [Thread 0xf65fdb70 (LWP 25077) exited]
  [Thread 0xf6dfdb70 (LWP 25076) exited]
  [Thread 0xf770bb70 (LWP 25075) exited]
  [Thread 0xf7f78b70 (LWP 25074) exited]
  [Thread 0xf7f7c000 (LWP 25070) exited]
  [Inferior 1 (process 25070) exited with code 01]

  
  this is my ldd 
  ldd ./qemu-system-i386 
linux-vdso32.so.1 =>  (0x0010)
libvirglrenderer.so.0 => /usr/local/lib/libvirglrenderer.so.0 
(0x0ff8a000)
libepoxy.so.0 => /usr/lib/powerpc-linux-gnu/libepoxy.so.0 (0x0fe86000)
libgbm.so.1 => /usr/local/lib/libgbm.so.1 (0x0fe55000)
libX11.so.6 => /usr/lib/powerpc-linux-gnu/libX11.so.6 (0x0fcf2000)
libz.so.1 => /lib/powerpc-linux-gnu/libz.so.1 (0x0fcb1000)
libcurl-gnutls.so.4 => /usr/lib/powerpc-linux-gnu/libcurl-gnutls.so.4 
(0x0fc1)
libssh2.so.1 => /usr/lib/powerpc-linux-gnu/libssh2.so.1 (0x0fbbf000)
libbz2.so.1.0 => /lib/powerpc-linux-gnu/libbz2.so.1.0 (0x0fb7e000)
libpixman-1.so.0 => /usr/lib/powerpc-linux-gnu/libpixman-1.so.0 
(0x0fadd000)
libutil.so.1 => /lib/powerpc-linux-gnu/libutil.so.1 (0x0faac000)
libnuma.so.1 => /usr/lib/powerpc-linux-gnu/libnuma.so.1 (0x0fa79000)
libncurses.so.5 => /lib/powerpc-linux-gnu/libncurses.so.5 (0x0fa28000)
libtinfo.so.5 => /lib/powerpc-linux-gnu/libtinfo.so.5 (0x0f9d7000)
libuuid.so.1 => /lib/powerpc-linux-gnu/libuuid.so.1 (0x0f9a6000)
libpng16.so.16 => /usr/lib/powerpc-linux-gnu/libpng16.so.16 (0x0f945000)
libjpeg.so.8 => /usr/lib/powerpc-linux-gnu/libjpeg.so.8 (0x0f8d4000)
libSDL2-2.0.so.0 => /usr/local/lib/libSDL2-2.0.so.0 (0x0f77d000)
libnettle.so.6 => /usr/lib/powerpc-linux-gnu/libnettle.so.6 (0x0f71c000)
libgnutls.so.30 => /usr/lib/powerpc-linux-gnu/libgnutls.so.30 
(0x0f5ca000)
libgtk-x11-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgtk-x11-2.0.so.0 
(0x0f0e6000)
libgdk-x11-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgdk-x11-2.0.so.0 
(0x0f005000)
libcairo.so.2 => /usr/lib/powerpc-linux-gnu/libcairo.so.2 (0x0eec3000)
libgdk_pixbuf-2.0.so.0 => 
/usr/lib/powerpc-linux-gnu/libgdk_pixbuf-2.0.so.0 (0x0ee72000)
libgobject-2.0.so.0 => /usr/lib/powerpc-linux-gnu/libgobject-2.0.so.0 
(0x0edf1000)
libglib-2.0.so.0 => /lib/powerpc-linux-gnu/libglib-2.0.so.0 (0x0eca)
libsnappy.so.1 => /usr/lib/powerpc-linux-gnu/libsnappy.so.1 (0x0ec6f000)
libusb-1.0.so.0 => /lib/powerpc-linux-gnu/libusb-1.0.so.0 (0x0ec2e000)
librt.so.1 => /lib/powerpc-linux-gnu/librt.so.1 (0x0ebfd000)
libm.so.6 => /lib/powerpc-linux-gnu/libm.so.6 (0x0eb0c000)
libgcc_s.so.1 => /lib/powerpc-linux-gnu/libgcc_s.so.1 (0x0eacb000)
libpthread.so.0 => /lib/powerpc-linux-gnu/libpthread.so.0 (0x0ea88000)
libc.so.6 => /lib/powerpc-linux-gnu/libc.so.6 (0x0e8d4

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 23/07/2016 08:30, David Gibson wrote:
> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>>
>>
>> On 22/07/2016 08:43, David Gibson wrote:
>>> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
 As userfaultfd syscall is available on powerpc, migration
 postcopy can be used.

 This patch adds the support needed to test this on powerpc,
 instead of using a bootsector to run code to modify memory,
 we use a FORTH script in "boot-command" property.

 As spapr machine doesn't support "-prom-env" argument
 (the nvram is initialized by SLOF and not by QEMU),
 "boot-command" is provided to SLOF via a file mapped nvram
 (with "-drive file=...,if=pflash")

 Signed-off-by: Laurent Vivier 
 ---
 v2: move FORTH script directly in sprintf()
 use openbios_firmware_abi.h
 remove useless "default" case

  tests/Makefile.include |   1 +
  tests/postcopy-test.c  | 116 
 +
  2 files changed, 98 insertions(+), 19 deletions(-)
>>>
>>> There's a mostly cosmetic problem with this.  If you run make check
>>> for a ppc64 target on an x86 machine, you get:
>>>
>>> GTESTER check-qtest-ppc64
>>> "kvm" accelerator not found.
>>> "kvm" accelerator not found.
>>
>> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
>> and fall back to tcg.
>>
>> accel.c:
>>
>>  80 void configure_accelerator(MachineState *ms)
>>  81 {
>> ...
>> 100 acc = accel_find(buf);
>> 101 if (!acc) {
>> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", buf);
>> 103 continue;
>> 104 }
>>
>> We can remove the "-machine" argument to use the default instead (tcg or
>> kvm).
> 
> That sounds like a good option for a general test.
> 

In fact, we can't: we need to add a "-machine accel=" to our command
line to override the "-machine accel=qtest" provided by the qtest
framework. If we don't override it, the machine doesn't start.

Laurent

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Thomas Huth]

On 26.07.2016 11:23, Laurent Vivier wrote:
> 
> 
> On 23/07/2016 08:30, David Gibson wrote:
>> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>>>
>>>
>>> On 22/07/2016 08:43, David Gibson wrote:
 On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
> As userfaultfd syscall is available on powerpc, migration
> postcopy can be used.
>
> This patch adds the support needed to test this on powerpc,
> instead of using a bootsector to run code to modify memory,
> we use a FORTH script in "boot-command" property.
>
> As spapr machine doesn't support "-prom-env" argument
> (the nvram is initialized by SLOF and not by QEMU),
> "boot-command" is provided to SLOF via a file mapped nvram
> (with "-drive file=...,if=pflash")
>
> Signed-off-by: Laurent Vivier 
> ---
> v2: move FORTH script directly in sprintf()
> use openbios_firmware_abi.h
> remove useless "default" case
>
>  tests/Makefile.include |   1 +
>  tests/postcopy-test.c  | 116 
> +
>  2 files changed, 98 insertions(+), 19 deletions(-)

 There's a mostly cosmetic problem with this.  If you run make check
 for a ppc64 target on an x86 machine, you get:

 GTESTER check-qtest-ppc64
 "kvm" accelerator not found.
 "kvm" accelerator not found.
>>>
>>> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
>>> and fall back to tcg.
>>>
>>> accel.c:
>>>
>>>  80 void configure_accelerator(MachineState *ms)
>>>  81 {
>>> ...
>>> 100 acc = accel_find(buf);
>>> 101 if (!acc) {
>>> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", buf);
>>> 103 continue;
>>> 104 }
>>>
>>> We can remove the "-machine" argument to use the default instead (tcg or
>>> kvm).
>>
>> That sounds like a good option for a general test.
> 
> In fact, we can't: we need to add a "-machine accel=" to our command
> line to override the "-machine accel=qtest" provided by the qtest
> framework. If we don't override it, the machine doesn't start.

Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?

 Thomas

[Qemu-devel] R: [PATCH v2] Unbreak FreeBSD build after optionrom update.

[Paolo Bonzini]

> Update the build flags appropriately for FreeBSD and add the correct
> LD_EMULATION type for the FreeBSD build case.
> 
> Signed-off-by: Sean Bruno 

I posted the right fix a couple days ago, but didn't manage to send a pull 
request before leaving and I am on mobile until next Monday.

Search the archive for cc-c-option to get the right fix.

Also, the commit message for a build fix patch really should include the error 
message, so please do that even if your v3 only includes the change to the 
emulation name.

Thanks,

Paolo

> ---
>  pc-bios/optionrom/Makefile | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
> index d88ce11..5cf7c93 100644
> --- a/pc-bios/optionrom/Makefile
> +++ b/pc-bios/optionrom/Makefile
> @@ -28,7 +28,11 @@ endif
>  CFLAGS := $(filter -O% -g%, $(CFLAGS))
>  QEMU_INCLUDES += -I$(SRC_PATH)
>  
> +ifdef CONFIG_BSD
> +Wa = -Wa 
> +else
>  Wa = -Wa,
> +endif
>  ASFLAGS += -32
>  QEMU_CFLAGS += $(call cc-option, $(QEMU_CFLAGS), $(Wa)-32)
>  
> @@ -44,8 +48,12 @@ build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin 
> kvmvapic.bin
>  ifdef CONFIG_WIN32
>  LD_EMULATION = i386pe
>  else
> +ifdef CONFIG_BSD
> +LD_EMULATION = elf_i386_fbsd
> +else
>  LD_EMULATION = elf_i386
>  endif
> +endif
>  
>  %.img: %.o
>   $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_EMULATION) -Ttext 0 
> -e _start -s -o $@ $<,"  Building $(TARGET_DIR)$@")
> -- 
> 2.8.4
> 

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 26/07/2016 11:28, Thomas Huth wrote:
> On 26.07.2016 11:23, Laurent Vivier wrote:
>>
>>
>> On 23/07/2016 08:30, David Gibson wrote:
>>> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:


 On 22/07/2016 08:43, David Gibson wrote:
> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
>> As userfaultfd syscall is available on powerpc, migration
>> postcopy can be used.
>>
>> This patch adds the support needed to test this on powerpc,
>> instead of using a bootsector to run code to modify memory,
>> we use a FORTH script in "boot-command" property.
>>
>> As spapr machine doesn't support "-prom-env" argument
>> (the nvram is initialized by SLOF and not by QEMU),
>> "boot-command" is provided to SLOF via a file mapped nvram
>> (with "-drive file=...,if=pflash")
>>
>> Signed-off-by: Laurent Vivier 
>> ---
>> v2: move FORTH script directly in sprintf()
>> use openbios_firmware_abi.h
>> remove useless "default" case
>>
>>  tests/Makefile.include |   1 +
>>  tests/postcopy-test.c  | 116 
>> +
>>  2 files changed, 98 insertions(+), 19 deletions(-)
>
> There's a mostly cosmetic problem with this.  If you run make check
> for a ppc64 target on an x86 machine, you get:
>
> GTESTER check-qtest-ppc64
> "kvm" accelerator not found.
> "kvm" accelerator not found.

 I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
 and fall back to tcg.

 accel.c:

  80 void configure_accelerator(MachineState *ms)
  81 {
 ...
 100 acc = accel_find(buf);
 101 if (!acc) {
 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
 buf);
 103 continue;
 104 }

 We can remove the "-machine" argument to use the default instead (tcg or
 kvm).
>>>
>>> That sounds like a good option for a general test.
>>
>> In fact, we can't: we need to add a "-machine accel=" to our command
>> line to override the "-machine accel=qtest" provided by the qtest
>> framework. If we don't override it, the machine doesn't start.
> 
> Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?

I think it needs to be dynamic as the same binary test is used on x86 to
test x86 and ppc64, and vice-versa. I'm going to check if we have
something like "qtest_get_accel()"...

Thanks,
Laurent

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Igor Mammedov]

On Tue, 26 Jul 2016 10:41:38 +0530
Amit Shah  wrote:

> On (Wed) 20 Jul 2016 [12:08:32], Eduardo Habkost wrote:
> > From: Igor Mammedov 
> > 
> > instance_id is generated by last_used_id + 1 for a given device type
> > so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
> > When CPU in the middle is hot-removed and migration started
> > APICs with instance_ids 0 and 2 are transferred in migration stream.
> > However target starts with 2 CPUs and APICs' instance_ids are
> > generated from scratch [0, 1] hence migration fails with error
> >   Unknown savevm section or instance 'apic' 2
> > 
> > Fix issue by manually registering APIC's vmsd with apic_id as
> > instance_id, in this case instance_id on target will always
> > match instance_id on source as apic_id is the same for a given
> > cpu instance.
> > 
> > Reported-by: Bharata B Rao 
> > Signed-off-by: Igor Mammedov 
> > Reviewed-by: Dr. David Alan Gilbert 
> > Reviewed-by: Michael S. Tsirkin 
> > Signed-off-by: Eduardo Habkost   
> 
> After these patches, the static checker complains about missing
> sections:
> 
> Section "apic-common" does not exist in dest
> Section "apic" does not exist in dest
> Section "kvm-apic" does not exist in dest
> 
> This will break migration from older versions.
Still can't reproduce:
here is my CLI on SRC:
  qemu-system-x86_64-v2.6.0  \
   -snapshot -enable-kvm -smp 6,maxcpus=6 -m 256M rhel72.img -monitor stdio -M 
pc-i440fx-2.6 -nodefaults

monitor# stop
monitor# migrate "exec:gzip -c > STATEFILE.gz"
^C

CLI on DST:
  qemu-system-x86_64-v2.7.0-rc0 \
   -snapshot -enable-kvm -smp 6,maxcpus=6 -m 256M rhel72.img -monitor stdio -M 
pc-i440fx-2.6 -nodefaults -incoming "exec: gzip -c -d STATEFILE.gz"

But I've found issue with I2C, which breaks migration for me with:

(qemu) qemu-system-x86_64: Missing section footer for i2c_bus
qemu-system-x86_64: load of migration failed: Invalid argument

Which is bisects to:

commit 2293c27faddf9547dd8b52423caa6e85844eec3a
Author: KONRAD Frederic 
Date:   Tue Jun 14 15:59:14 2016 +0100

i2c: implement broadcast write

hacking migration hunks of it to old VMState fixes I2C issue,
and no apic related issues are noticed.

> 
>   Amit
> 

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 26/07/2016 11:39, Laurent Vivier wrote:
> 
> 
> On 26/07/2016 11:28, Thomas Huth wrote:
>> On 26.07.2016 11:23, Laurent Vivier wrote:
>>>
>>>
>>> On 23/07/2016 08:30, David Gibson wrote:
 On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>
>
> On 22/07/2016 08:43, David Gibson wrote:
>> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
>>> As userfaultfd syscall is available on powerpc, migration
>>> postcopy can be used.
>>>
>>> This patch adds the support needed to test this on powerpc,
>>> instead of using a bootsector to run code to modify memory,
>>> we use a FORTH script in "boot-command" property.
>>>
>>> As spapr machine doesn't support "-prom-env" argument
>>> (the nvram is initialized by SLOF and not by QEMU),
>>> "boot-command" is provided to SLOF via a file mapped nvram
>>> (with "-drive file=...,if=pflash")
>>>
>>> Signed-off-by: Laurent Vivier 
>>> ---
>>> v2: move FORTH script directly in sprintf()
>>> use openbios_firmware_abi.h
>>> remove useless "default" case
>>>
>>>  tests/Makefile.include |   1 +
>>>  tests/postcopy-test.c  | 116 
>>> +
>>>  2 files changed, 98 insertions(+), 19 deletions(-)
>>
>> There's a mostly cosmetic problem with this.  If you run make check
>> for a ppc64 target on an x86 machine, you get:
>>
>> GTESTER check-qtest-ppc64
>> "kvm" accelerator not found.
>> "kvm" accelerator not found.
>
> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
> and fall back to tcg.
>
> accel.c:
>
>  80 void configure_accelerator(MachineState *ms)
>  81 {
> ...
> 100 acc = accel_find(buf);
> 101 if (!acc) {
> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
> buf);
> 103 continue;
> 104 }
>
> We can remove the "-machine" argument to use the default instead (tcg or
> kvm).

 That sounds like a good option for a general test.
>>>
>>> In fact, we can't: we need to add a "-machine accel=" to our command
>>> line to override the "-machine accel=qtest" provided by the qtest
>>> framework. If we don't override it, the machine doesn't start.
>>
>> Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
> 
> I think it needs to be dynamic as the same binary test is used on x86 to
> test x86 and ppc64, and vice-versa. I'm going to check if we have
> something like "qtest_get_accel()"...

Something like that should work:

--- a/tests/postcopy-test.c
+++ b/tests/postcopy-test.c
@@ -380,12 +380,17 @@ static void test_migrate(void)
   tmpfs, bootpath, uri);
 } else if (strcmp(arch, "ppc64") == 0) {
 init_bootfile_ppc(bootpath);
-cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
+#ifdef _ARCH_PPC64
+#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
+#else
+#define QEMU_CMD_ACCEL"-machine accel=tcg"
+#endif
+cmd_src = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
   " -name pcsource,debug-threads=on"
   " -serial file:%s/src_serial"
   " -drive file=%s,if=pflash,format=raw",
   tmpfs, bootpath);
-cmd_dst = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
+cmd_dst = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
   " -name pcdest,debug-threads=on"
   " -serial file:%s/dest_serial"
   " -incoming %s",

Laurent

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Dr. David Alan Gilbert]

* Laurent Vivier (lviv...@redhat.com) wrote:
> 
> 
> On 26/07/2016 11:39, Laurent Vivier wrote:
> > 
> > 
> > On 26/07/2016 11:28, Thomas Huth wrote:
> >> On 26.07.2016 11:23, Laurent Vivier wrote:
> >>>
> >>>
> >>> On 23/07/2016 08:30, David Gibson wrote:
>  On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
> >
> >
> > On 22/07/2016 08:43, David Gibson wrote:
> >> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
> >>> As userfaultfd syscall is available on powerpc, migration
> >>> postcopy can be used.
> >>>
> >>> This patch adds the support needed to test this on powerpc,
> >>> instead of using a bootsector to run code to modify memory,
> >>> we use a FORTH script in "boot-command" property.
> >>>
> >>> As spapr machine doesn't support "-prom-env" argument
> >>> (the nvram is initialized by SLOF and not by QEMU),
> >>> "boot-command" is provided to SLOF via a file mapped nvram
> >>> (with "-drive file=...,if=pflash")
> >>>
> >>> Signed-off-by: Laurent Vivier 
> >>> ---
> >>> v2: move FORTH script directly in sprintf()
> >>> use openbios_firmware_abi.h
> >>> remove useless "default" case
> >>>
> >>>  tests/Makefile.include |   1 +
> >>>  tests/postcopy-test.c  | 116 
> >>> +
> >>>  2 files changed, 98 insertions(+), 19 deletions(-)
> >>
> >> There's a mostly cosmetic problem with this.  If you run make check
> >> for a ppc64 target on an x86 machine, you get:
> >>
> >> GTESTER check-qtest-ppc64
> >> "kvm" accelerator not found.
> >> "kvm" accelerator not found.
> >
> > I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
> > and fall back to tcg.
> >
> > accel.c:
> >
> >  80 void configure_accelerator(MachineState *ms)
> >  81 {
> > ...
> > 100 acc = accel_find(buf);
> > 101 if (!acc) {
> > 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
> > buf);
> > 103 continue;
> > 104 }
> >
> > We can remove the "-machine" argument to use the default instead (tcg or
> > kvm).
> 
>  That sounds like a good option for a general test.
> >>>
> >>> In fact, we can't: we need to add a "-machine accel=" to our command
> >>> line to override the "-machine accel=qtest" provided by the qtest
> >>> framework. If we don't override it, the machine doesn't start.
> >>
> >> Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
> > 
> > I think it needs to be dynamic as the same binary test is used on x86 to
> > test x86 and ppc64, and vice-versa. I'm going to check if we have
> > something like "qtest_get_accel()"...
> 
> Something like that should work:
> 
> --- a/tests/postcopy-test.c
> +++ b/tests/postcopy-test.c
> @@ -380,12 +380,17 @@ static void test_migrate(void)
>tmpfs, bootpath, uri);
>  } else if (strcmp(arch, "ppc64") == 0) {
>  init_bootfile_ppc(bootpath);
> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
> +#ifdef _ARCH_PPC64
> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
> +#else
> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
> +#endif
> +cmd_src = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
>" -name pcsource,debug-threads=on"
>" -serial file:%s/src_serial"
>" -drive file=%s,if=pflash,format=raw",
>tmpfs, bootpath);
> -cmd_dst = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
> +cmd_dst = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
>" -name pcdest,debug-threads=on"
>" -serial file:%s/dest_serial"
>" -incoming %s",
> 
> Laurent

Is it worth the hastle to just get rid of the two warnings?

Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 26/07/2016 11:54, Dr. David Alan Gilbert wrote:
> * Laurent Vivier (lviv...@redhat.com) wrote:
>>
>>
>> On 26/07/2016 11:39, Laurent Vivier wrote:
>>>
>>>
>>> On 26/07/2016 11:28, Thomas Huth wrote:
 On 26.07.2016 11:23, Laurent Vivier wrote:
>
>
> On 23/07/2016 08:30, David Gibson wrote:
>> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>>>
>>>
>>> On 22/07/2016 08:43, David Gibson wrote:
 On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
> As userfaultfd syscall is available on powerpc, migration
> postcopy can be used.
>
> This patch adds the support needed to test this on powerpc,
> instead of using a bootsector to run code to modify memory,
> we use a FORTH script in "boot-command" property.
>
> As spapr machine doesn't support "-prom-env" argument
> (the nvram is initialized by SLOF and not by QEMU),
> "boot-command" is provided to SLOF via a file mapped nvram
> (with "-drive file=...,if=pflash")
>
> Signed-off-by: Laurent Vivier 
> ---
> v2: move FORTH script directly in sprintf()
> use openbios_firmware_abi.h
> remove useless "default" case
>
>  tests/Makefile.include |   1 +
>  tests/postcopy-test.c  | 116 
> +
>  2 files changed, 98 insertions(+), 19 deletions(-)

 There's a mostly cosmetic problem with this.  If you run make check
 for a ppc64 target on an x86 machine, you get:

 GTESTER check-qtest-ppc64
 "kvm" accelerator not found.
 "kvm" accelerator not found.
>>>
>>> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
>>> and fall back to tcg.
>>>
>>> accel.c:
>>>
>>>  80 void configure_accelerator(MachineState *ms)
>>>  81 {
>>> ...
>>> 100 acc = accel_find(buf);
>>> 101 if (!acc) {
>>> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
>>> buf);
>>> 103 continue;
>>> 104 }
>>>
>>> We can remove the "-machine" argument to use the default instead (tcg or
>>> kvm).
>>
>> That sounds like a good option for a general test.
>
> In fact, we can't: we need to add a "-machine accel=" to our command
> line to override the "-machine accel=qtest" provided by the qtest
> framework. If we don't override it, the machine doesn't start.

 Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
>>>
>>> I think it needs to be dynamic as the same binary test is used on x86 to
>>> test x86 and ppc64, and vice-versa. I'm going to check if we have
>>> something like "qtest_get_accel()"...
>>
>> Something like that should work:
>>
>> --- a/tests/postcopy-test.c
>> +++ b/tests/postcopy-test.c
>> @@ -380,12 +380,17 @@ static void test_migrate(void)
>>tmpfs, bootpath, uri);
>>  } else if (strcmp(arch, "ppc64") == 0) {
>>  init_bootfile_ppc(bootpath);
>> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
>> +#ifdef _ARCH_PPC64
>> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
>> +#else
>> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
>> +#endif
>> +cmd_src = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
>>" -name pcsource,debug-threads=on"
>>" -serial file:%s/src_serial"
>>" -drive file=%s,if=pflash,format=raw",
>>tmpfs, bootpath);
>> -cmd_dst = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
>> +cmd_dst = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
>>" -name pcdest,debug-threads=on"
>>" -serial file:%s/dest_serial"
>>" -incoming %s",
>>
>> Laurent
> 
> Is it worth the hastle to just get rid of the two warnings?

I don't know, it's why I'd like to have the opinion of David.

Laurent

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Thomas Huth]

On 26.07.2016 11:53, Laurent Vivier wrote:
> 
> 
> On 26/07/2016 11:39, Laurent Vivier wrote:
>>
>>
>> On 26/07/2016 11:28, Thomas Huth wrote:
>>> On 26.07.2016 11:23, Laurent Vivier wrote:


 On 23/07/2016 08:30, David Gibson wrote:
> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>>
>>
>> On 22/07/2016 08:43, David Gibson wrote:
>>> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
 As userfaultfd syscall is available on powerpc, migration
 postcopy can be used.

 This patch adds the support needed to test this on powerpc,
 instead of using a bootsector to run code to modify memory,
 we use a FORTH script in "boot-command" property.

 As spapr machine doesn't support "-prom-env" argument
 (the nvram is initialized by SLOF and not by QEMU),
 "boot-command" is provided to SLOF via a file mapped nvram
 (with "-drive file=...,if=pflash")

 Signed-off-by: Laurent Vivier 
 ---
 v2: move FORTH script directly in sprintf()
 use openbios_firmware_abi.h
 remove useless "default" case

  tests/Makefile.include |   1 +
  tests/postcopy-test.c  | 116 
 +
  2 files changed, 98 insertions(+), 19 deletions(-)
>>>
>>> There's a mostly cosmetic problem with this.  If you run make check
>>> for a ppc64 target on an x86 machine, you get:
>>>
>>> GTESTER check-qtest-ppc64
>>> "kvm" accelerator not found.
>>> "kvm" accelerator not found.
>>
>> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
>> and fall back to tcg.
>>
>> accel.c:
>>
>>  80 void configure_accelerator(MachineState *ms)
>>  81 {
>> ...
>> 100 acc = accel_find(buf);
>> 101 if (!acc) {
>> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
>> buf);
>> 103 continue;
>> 104 }
>>
>> We can remove the "-machine" argument to use the default instead (tcg or
>> kvm).
>
> That sounds like a good option for a general test.

 In fact, we can't: we need to add a "-machine accel=" to our command
 line to override the "-machine accel=qtest" provided by the qtest
 framework. If we don't override it, the machine doesn't start.
>>>
>>> Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
>>
>> I think it needs to be dynamic as the same binary test is used on x86 to
>> test x86 and ppc64, and vice-versa. I'm going to check if we have
>> something like "qtest_get_accel()"...
> 
> Something like that should work:
> 
> --- a/tests/postcopy-test.c
> +++ b/tests/postcopy-test.c
> @@ -380,12 +380,17 @@ static void test_migrate(void)
>tmpfs, bootpath, uri);
>  } else if (strcmp(arch, "ppc64") == 0) {
>  init_bootfile_ppc(bootpath);
> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
> +#ifdef _ARCH_PPC64

I think you'd need to test CONFIG_KVM, too, since it could also have
been disabled on on PPC, couldn't it?

> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
> +#else
> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
> +#endif

Alternatively, what about shutting up the message in accel.c by changing
it like that:

if (!qtest_enabled()) {
error_report("\"%s\" accelerator not found.\n", buf);
}

?

 Thomas

Re: [Qemu-devel] [PATCH] hw/mips_malta: Fix YAMON API print routine

[Leon Alrae]

On Fri, Jul 22, 2016 at 10:55:40AM +0100, Paul Burton wrote:
> The print routine provided as part of the in-built bootloader had a bug
> in that it attempted to use a jump instruction as part of a loop, but
> the target has its upper bits zeroed leading to control flow
> transferring to 0xb814 rather than the intended 0xbfc00814. Fix this
> by using a branch instruction instead, which seems more fit for purpose.
> 
> A simple way to test this is to build a Linux kernel with EVA enabled &
> attempt to boot it in QEMU. It will attempt to print a message
> indicating the configuration mismatch but QEMU would previously
> incorrectly jump & wind up printing a continuous stream of the letter E.
> 
> Signed-off-by: Paul Burton 
> Cc: Aurelien Jarno 
> Cc: Leon Alrae 
> ---
>  hw/mips/mips_malta.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to target-mips queue.

Thanks,
Leon

[Qemu-devel] [PATCH v2 1/1] Reorganize help output of '-display' option

[Robert Ho]

The '-display' help information is not very correct. This patch sort
it a little.
Also, in its help information, reveals what implicit display option
will be chosen if no definition.

Changelog:
v2:
 --fix typo of 'display'
 --change some discription words

Signed-off-by: Robert Ho 
---
 qemu-options.hx | 29 ++---
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 17f15ad..ddeec72 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -930,10 +930,25 @@ ETEXI
 
 DEF("display", HAS_ARG, QEMU_OPTION_display,
 "-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]\n"
-"[,window_close=on|off]|curses|none|\n"
-"gtk[,grab_on_hover=on|off]|\n"
-"vnc=[,]\n"
-"select display type\n", QEMU_ARCH_ALL)
+"[,window_close=on|off][,gl=on|off]|curses|none|\n"
+"-display gtk[,grab_on_hover=on|off][,gl=on|off]|\n"
+"-display vnc=[,]\n"
+"-display curses\n"
+"-display none"
+"select display type\n"
+"The default display is equivalent to\n"
+#if defined(CONFIG_GTK)
+"\t\"-display gtk\"\n"
+#elif defined(CONFIG_SDL)
+"\t\"-display sdl\"\n"
+#elif defined(CONFIG_COCOA)
+"\t\"-display cocoa\"\n"
+#elif defined(CONFIG_VNC)
+"\t\"-vnc localhost:0,to=99,id=default\"\n"
+#else
+"\t\"-display none\"\n"
+#endif
+, QEMU_ARCH_ALL)
 STEXI
 @item -display @var{type}
 @findex -display
@@ -980,7 +995,7 @@ the console and monitor.
 ETEXI
 
 DEF("curses", 0, QEMU_OPTION_curses,
-"-curses use a curses/ncurses interface instead of SDL\n",
+"-curses shorthand for -display curses\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -curses
@@ -1030,7 +1045,7 @@ Disable SDL window close capability.
 ETEXI
 
 DEF("sdl", 0, QEMU_OPTION_sdl,
-"-sdlenable SDL\n", QEMU_ARCH_ALL)
+"-sdlshorthand for -display sdl\n", QEMU_ARCH_ALL)
 STEXI
 @item -sdl
 @findex -sdl
@@ -1227,7 +1242,7 @@ Set the initial graphical resolution and depth (PPC, 
SPARC only).
 ETEXI
 
 DEF("vnc", HAS_ARG, QEMU_OPTION_vnc ,
-"-vnc displaystart a VNC server on display\n", QEMU_ARCH_ALL)
+"-vnc   shorthand for -display vnc=\n", QEMU_ARCH_ALL)
 STEXI
 @item -vnc @var{display}[,@var{option}[,@var{option}[,...]]]
 @findex -vnc
-- 
1.8.3.1

[Qemu-devel] [PATCH] imx: Use 'const char', not 'char const'

[Peter Maydell]

'char const' means the same thing as 'const char', but we
use the former in only a handful of places and we use the
latter over six thousand times. Switch the imx reg_name()
functions to bring them in line with everything else.

Signed-off-by: Peter Maydell 
---
Just a minor style nit I noticed. The only other uses of
'char const' in the codebase are all in qga/commands-posix.c.

 hw/misc/imx25_ccm.c | 2 +-
 hw/misc/imx31_ccm.c | 2 +-
 hw/misc/imx6_ccm.c  | 4 ++--
 hw/misc/imx6_src.c  | 2 +-
 hw/ssi/imx_spi.c| 2 +-
 hw/timer/imx_epit.c | 2 +-
 hw/timer/imx_gpt.c  | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/misc/imx25_ccm.c b/hw/misc/imx25_ccm.c
index 5cd8c0a..19e948a 100644
--- a/hw/misc/imx25_ccm.c
+++ b/hw/misc/imx25_ccm.c
@@ -27,7 +27,7 @@
 } \
 } while (0)
 
-static char const *imx25_ccm_reg_name(uint32_t reg)
+static const char *imx25_ccm_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
diff --git a/hw/misc/imx31_ccm.c b/hw/misc/imx31_ccm.c
index 1c03e52..b890c38 100644
--- a/hw/misc/imx31_ccm.c
+++ b/hw/misc/imx31_ccm.c
@@ -29,7 +29,7 @@
 } \
 } while (0)
 
-static char const *imx31_ccm_reg_name(uint32_t reg)
+static const char *imx31_ccm_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
diff --git a/hw/misc/imx6_ccm.c b/hw/misc/imx6_ccm.c
index 17e15d4..1b42101 100644
--- a/hw/misc/imx6_ccm.c
+++ b/hw/misc/imx6_ccm.c
@@ -26,7 +26,7 @@
 } \
 } while (0)
 
-static char const *imx6_ccm_reg_name(uint32_t reg)
+static const char *imx6_ccm_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
@@ -99,7 +99,7 @@ static char const *imx6_ccm_reg_name(uint32_t reg)
 }
 }
 
-static char const *imx6_analog_reg_name(uint32_t reg)
+static const char *imx6_analog_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index 8bb6829..55b817b 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -27,7 +27,7 @@
 } \
 } while (0)
 
-static char const *imx6_src_reg_name(uint32_t reg)
+static const char *imx6_src_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c
index 4226199..e4e395f 100644
--- a/hw/ssi/imx_spi.c
+++ b/hw/ssi/imx_spi.c
@@ -25,7 +25,7 @@
 } \
 } while (0)
 
-static char const *imx_spi_reg_name(uint32_t reg)
+static const char *imx_spi_reg_name(uint32_t reg)
 {
 static char unknown[20];
 
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index eddf348..9832fe0 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -30,7 +30,7 @@
 } \
 } while (0)
 
-static char const *imx_epit_reg_name(uint32_t reg)
+static const char *imx_epit_reg_name(uint32_t reg)
 {
 switch (reg) {
 case 0:
diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 82bc73c..214c056 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -29,7 +29,7 @@
 } \
 } while (0)
 
-static char const *imx_gpt_reg_name(uint32_t reg)
+static const char *imx_gpt_reg_name(uint32_t reg)
 {
 switch (reg) {
 case 0:
-- 
1.9.1

Re: [Qemu-devel] [PULL for-2.7 0/3] qemu-ga patch queue for 2.7

[Peter Maydell]

On 25 July 2016 at 20:04, Michael Roth  wrote:
> The following changes since commit 2d2e632ad00d11867c6c5625605b1fbc022dd62f:
>
>   Update version for v2.7.0-rc0 release (2016-07-22 15:32:42 +0100)
>
> are available in the git repository at:
>
>   git://github.com/mdroth/qemu.git tags/qga-pull-2016-07-25-tag
>
> for you to fetch changes up to 690604f696db6b3da35988e29da3f8d7966e12bc:
>
>   configure: mark qemu-ga VSS includes as system headers (2016-07-25 13:23:18 
> -0500)
>
> 
> qemu-ga patch queue for 2.7
>
> * fix w32 build failures due to -Werror when building with VSS/fsfreeze
>   enabled
> * fix leaking for qemu-ga config files in `make check`

Applied, thanks.

-- PMM

[Qemu-devel] [RFC PATCH v1 0/2] GICv3 live migration support

[vijay . kilari]

From: Vijaya Kumar K 

This series introduces support for GICv3 live migration with
new VGIC implementation in 4.7-rc3 kernel.
In this series, patch 2 & 3 of the previous implementation
are ported.
https://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg05284.html

Kernel patches which implement this functionality are:
http://www.spinics.net/lists/arm-kernel/msg519596.html

This API definition is as per draft version of VGICv3 specification
https://lists.cs.columbia.edu/pipermail/kvmarm/2016-May/020355.html

Patch 1 of this series will be synced with KVM patches
in next revision.

Tested Live migration of Idle VM running with 4 VCPUs and 8GB RAM.

Vijaya Kumar K (2):
  kernel: Add definitions for GICv3 attributes
  hw/intc/arm_gicv3_kvm: Implement get/put functions

 hw/intc/arm_gicv3_common.c |3 +
 hw/intc/arm_gicv3_kvm.c|  496 +++-
 hw/intc/gicv3_internal.h   |  113 
 include/hw/intc/arm_gicv3_common.h |1 +
 linux-headers/asm-arm64/kvm.h  |   22 +-
 5 files changed, 624 insertions(+), 11 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [RFC PATCH v1 1/2] kernel: Add definitions for GICv3 attributes

[vijay . kilari]

From: Vijaya Kumar K 

This temporary patch adds kernel API definitions. Use proper header update
procedure after these features are released.

Signed-off-by: Pavel Fedin 
---
 linux-headers/asm-arm64/kvm.h |   22 +-
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index 7d82d1f..9a21242 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -180,14 +180,14 @@ struct kvm_arch_memory_slot {
KVM_REG_ARM64_SYSREG_ ## n ## _MASK)
 
 #define __ARM64_SYS_REG(op0,op1,crn,crm,op2) \
-   (KVM_REG_ARM64 | KVM_REG_ARM64_SYSREG | \
-   ARM64_SYS_REG_SHIFT_MASK(op0, OP0) | \
+   (ARM64_SYS_REG_SHIFT_MASK(op0, OP0) | \
ARM64_SYS_REG_SHIFT_MASK(op1, OP1) | \
ARM64_SYS_REG_SHIFT_MASK(crn, CRN) | \
ARM64_SYS_REG_SHIFT_MASK(crm, CRM) | \
ARM64_SYS_REG_SHIFT_MASK(op2, OP2))
 
-#define ARM64_SYS_REG(...) (__ARM64_SYS_REG(__VA_ARGS__) | KVM_REG_SIZE_U64)
+#define ARM64_SYS_REG(...) (__ARM64_SYS_REG(__VA_ARGS__) | KVM_REG_ARM64 | \
+   KVM_REG_SIZE_U64 | KVM_REG_ARM64_SYSREG)
 
 #define KVM_REG_ARM_TIMER_CTL  ARM64_SYS_REG(3, 3, 14, 3, 1)
 #define KVM_REG_ARM_TIMER_CNT  ARM64_SYS_REG(3, 3, 14, 3, 2)
@@ -197,12 +197,24 @@ struct kvm_arch_memory_slot {
 #define KVM_DEV_ARM_VGIC_GRP_ADDR  0
 #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1
 #define KVM_DEV_ARM_VGIC_GRP_CPU_REGS  2
+#define   KVM_DEV_ARM_VGIC_64BIT(1ULL << 63)
 #define   KVM_DEV_ARM_VGIC_CPUID_SHIFT 32
-#define   KVM_DEV_ARM_VGIC_CPUID_MASK  (0xffULL << 
KVM_DEV_ARM_VGIC_CPUID_SHIFT)
+#define   KVM_DEV_ARM_VGIC_CPUID_MASK  \
+  (0xULL << KVM_DEV_ARM_VGIC_CPUID_SHIFT)
 #define   KVM_DEV_ARM_VGIC_OFFSET_SHIFT0
-#define   KVM_DEV_ARM_VGIC_OFFSET_MASK (0xULL << 
KVM_DEV_ARM_VGIC_OFFSET_SHIFT)
+#define   KVM_DEV_ARM_VGIC_OFFSET_MASK \
+  (0xULL << KVM_DEV_ARM_VGIC_OFFSET_SHIFT)
+#define   KVM_DEV_ARM_VGIC_SYSREG_MASK (KVM_REG_ARM64_SYSREG_OP0_MASK | \
+KVM_REG_ARM64_SYSREG_OP1_MASK | \
+KVM_REG_ARM64_SYSREG_CRN_MASK | \
+KVM_REG_ARM64_SYSREG_CRM_MASK | \
+KVM_REG_ARM64_SYSREG_OP2_MASK)
+#define   KVM_DEV_ARM_VGIC_SYSREG(op0,op1,crn,crm,op2) \
+   __ARM64_SYS_REG(op0,op1,crn,crm,op2)
 #define KVM_DEV_ARM_VGIC_GRP_NR_IRQS   3
 #define KVM_DEV_ARM_VGIC_GRP_CTRL  4
+#define KVM_DEV_ARM_VGIC_GRP_REDIST_REGS 5
+#define KVM_DEV_ARM_VGIC_GRP_CPU_SYSREGS 6
 #define   KVM_DEV_ARM_VGIC_CTRL_INIT   0
 
 /* Device Control API on vcpu fd */
-- 
1.7.9.5

[Qemu-devel] [RFC PATCH v1 2/2] hw/intc/arm_gicv3_kvm: Implement get/put functions

[vijay . kilari]

From: Vijaya Kumar K 

This actually implements pre_save and post_load methods for in-kernel
vGICv3.

Signed-off-by: Pavel Fedin 
Signed-off-by: Vijaya Kumar K 
[Vijay: - Adjusted macros to handle gicr variables
 - Used gicr_typer for affinity
 - Made all GICD/GICR registers access as 32-bit.
 - All ICC register access as 64 bit.
 ]
---
 hw/intc/arm_gicv3_common.c |3 +
 hw/intc/arm_gicv3_kvm.c|  496 +++-
 hw/intc/gicv3_internal.h   |  113 
 include/hw/intc/arm_gicv3_common.h |1 +
 4 files changed, 607 insertions(+), 6 deletions(-)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 0f8c4b8..55102f7 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -54,6 +54,7 @@ static const VMStateDescription vmstate_gicv3_cpu = {
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
+VMSTATE_BOOL(cpu_enabled, GICv3CPUState),
 VMSTATE_UINT32(level, GICv3CPUState),
 VMSTATE_UINT32(gicr_ctlr, GICv3CPUState),
 VMSTATE_UINT32_ARRAY(gicr_statusr, GICv3CPUState, 2),
@@ -64,6 +65,7 @@ static const VMStateDescription vmstate_gicv3_cpu = {
 VMSTATE_UINT32(gicr_ienabler0, GICv3CPUState),
 VMSTATE_UINT32(gicr_ipendr0, GICv3CPUState),
 VMSTATE_UINT32(gicr_iactiver0, GICv3CPUState),
+VMSTATE_UINT32(level, GICv3CPUState),
 VMSTATE_UINT32(edge_trigger, GICv3CPUState),
 VMSTATE_UINT32(gicr_igrpmodr0, GICv3CPUState),
 VMSTATE_UINT32(gicr_nsacr, GICv3CPUState),
@@ -220,6 +222,7 @@ static void arm_gicv3_common_reset(DeviceState *dev)
 for (i = 0; i < s->num_cpu; i++) {
 GICv3CPUState *cs = &s->cpu[i];
 
+cs->cpu_enabled = false;
 cs->level = 0;
 cs->gicr_ctlr = 0;
 cs->gicr_statusr[GICV3_S] = 0;
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index 711fde3..9b35165 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -23,8 +23,11 @@
 #include "qapi/error.h"
 #include "hw/intc/arm_gicv3_common.h"
 #include "hw/sysbus.h"
+#include "migration/migration.h"
+#include "qemu/error-report.h"
 #include "sysemu/kvm.h"
 #include "kvm_arm.h"
+#include "gicv3_internal.h"
 #include "vgic_common.h"
 #include "migration/migration.h"
 
@@ -44,6 +47,23 @@
 #define KVM_ARM_GICV3_GET_CLASS(obj) \
  OBJECT_GET_CLASS(KVMARMGICv3Class, (obj), TYPE_KVM_ARM_GICV3)
 
+#define ICC_PMR_EL1 \
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b0100, 0b0110, 0b000)
+#define ICC_BPR0_EL1\
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1000, 0b011)
+#define ICC_APR0_EL1(n) \
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1000, 0b100 | n)
+#define ICC_APR1_EL1(n) \
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1001, 0b000 | n)
+#define ICC_BPR1_EL1\
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1100, 0b011)
+#define ICC_CTLR_EL1\
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1100, 0b100)
+#define ICC_IGRPEN0_EL1 \
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1100, 0b110)
+#define ICC_IGRPEN1_EL1 \
+KVM_DEV_ARM_VGIC_SYSREG(0b11, 0b000, 0b1100, 0b1100, 0b111)
+
 typedef struct KVMARMGICv3Class {
 ARMGICv3CommonClass parent_class;
 DeviceRealize parent_realize;
@@ -57,16 +77,469 @@ static void kvm_arm_gicv3_set_irq(void *opaque, int irq, 
int level)
 kvm_arm_gic_set_irq(s->num_irq, irq, level);
 }
 
+#define KVM_VGIC_ATTR(reg, cpuaff) \
+((cpuaff << KVM_DEV_ARM_VGIC_CPUID_SHIFT) | (reg))
+
+static inline void kvm_gicd_access(GICv3State *s, int offset, int cpu,
+   uint32_t *val, bool write)
+{
+kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_DIST_REGS,
+   KVM_VGIC_ATTR(offset, ((s->cpu[cpu].gicr_typer >> 32) & 
0x)),
+   val, write);
+}
+
+static inline void kvm_gicr_access(GICv3State *s, int offset, int cpu,
+   uint32_t *val, bool write)
+{
+kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_REDIST_REGS,
+   KVM_VGIC_ATTR(offset, ((s->cpu[cpu].gicr_typer >> 32) & 
0x)),
+   val, write);
+}
+
+static inline void kvm_gicc_access(GICv3State *s, uint64_t reg, int cpu,
+   uint64_t *val, bool write)
+{
+kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CPU_SYSREGS,
+   KVM_VGIC_ATTR(reg, ((s->cpu[cpu].gicr_typer >> 32) & 0x)),
+   val, write);
+}
+
+/*
+ * Translate from the in-kernel field for an IRQ value to/from the qemu
+ * representation.
+ */
+typedef void (*vgic_translate_fn)(GICv3State *s, int irq, int cpu,
+  uint32_t *field, bool to_kernel);
+
+/* synthetic translate function used for clear/set registers to completely
+ * clear a setting using a clear-register before setting the remaining bits
+ * using a set-register */
+static void translate_clear(GICv3State *s, int irq, int 

Re: [Qemu-devel] [RFC PATCH v1 2/2] hw/intc/arm_gicv3_kvm: Implement get/put functions

[Peter Maydell]

On 26 July 2016 at 12:01,   wrote:
> From: Vijaya Kumar K 
>
> This actually implements pre_save and post_load methods for in-kernel
> vGICv3.
>
> Signed-off-by: Pavel Fedin 
> Signed-off-by: Vijaya Kumar K 
> [Vijay: - Adjusted macros to handle gicr variables
>  - Used gicr_typer for affinity
>  - Made all GICD/GICR registers access as 32-bit.
>  - All ICC register access as 64 bit.
>  ]
> ---
>  hw/intc/arm_gicv3_common.c |3 +
>  hw/intc/arm_gicv3_kvm.c|  496 
> +++-
>  hw/intc/gicv3_internal.h   |  113 
>  include/hw/intc/arm_gicv3_common.h |1 +
>  4 files changed, 607 insertions(+), 6 deletions(-)

Please base this on the rearrangement I did in
http://patchwork.ozlabs.org/patch/626746/
not Pavel's first version.

thanks
-- PMM

Re: [Qemu-devel] [PULL v2 27/30] mptsas: remove unnecessary internal msi state flag

[Amit Shah]

On (Tue) 26 Jul 2016 [15:29:36], Cao jin wrote:
> Hi Amit
> 
> I will take care of this.
> BTW, did't see it in coverity scan outstanding defects, Do I missed or it is
> checked by other static check tools?

This is checked with the vmstate static checker --
scripts/vmstate-static-checker.py.

The -dump-vmstate cmdline option to qemu gives a json file that the
static checker uses as input.  Get a 'before' and 'after' version of
the json files, and pass those on to the checker with '-s' and '-d'
arguments respectively.

Thanks,

Amit

Re: [Qemu-devel] [PATCH] target-mips: add 24KEc CPU definition

[Leon Alrae]

On Tue, Jul 26, 2016 at 12:42:45AM +0100, André Draszik wrote:
> Define a new CPU definition supporting 24KEc cores, similar to
> the existing 24Kc, but with added support for DSP instructions
> and MIPS16e (and without FPU).
> 
> Signed-off-by: André Draszik 
> ---
>  target-mips/translate_init.c | 22 ++
>  1 file changed, 22 insertions(+)

Thanks for the patch. We are currently in hard feature freeze and we are
merging bug-fixes only, so I applied it to the post-v2.7 target-mips queue.

Leon

[Qemu-devel] [PATCH v2 1/1] block: improve error handling in raw_open

[Halil Pasic]

Make raw_open for POSIX more consistent in handling errors by setting
the error object also when qemu_open fails. The error object was set
generally set in case of errors, but I guess this case was overlooked.
Do the same for win32.

Signed-off-by: Halil Pasic 
Reviewed-by: Sascha Silbe 
Tested-by: Marc Hartmayer  (POSIX only)

---

Stumbled upon this (POSIX) while testing VMs with too many SCSI disks in
respect to my nofile limit. When open hits the nofile limit while trying
to hotplug yet another SCSI disk via libvirt we end up with no adequate
error message (one stating too many files). Sadly this patch in not
sufficient to fix this problem because drive_new (/qemu/blockdev.c)
handles errors using error_report_err which is documented as not to be
used in QMP context. Do not have a patch for that, because I'm unsure
whats the best way to deal with it. My guess right now is to make sure
we propagate errors at least until reaching code which is called  only
QMP in context and handle communicating the error to the requester of
the operation there. Any suggestions or ideas?

The win32 part was not tested, and the sole reason I touched it is
to not introduce unnecessary divergence.

v1 -> v2:
* fixed win32 by the correct error_setg_*
* use the original errno consequently

---
 block/raw-posix.c | 1 +
 block/raw-win32.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index c979ac3..786f068 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -485,6 +485,7 @@ static int raw_open_common(BlockDriverState *bs, QDict 
*options,
 s->fd = -1;
 fd = qemu_open(filename, s->open_flags, 0644);
 if (fd < 0) {
+error_setg_errno(errp, errno, "Could not open file");
 ret = -errno;
 if (ret == -EROFS) {
 ret = -EACCES;
diff --git a/block/raw-win32.c b/block/raw-win32.c
index 62edb1a..6f074f4 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -337,6 +337,7 @@ static int raw_open(BlockDriverState *bs, QDict *options, 
int flags,
 if (s->hfile == INVALID_HANDLE_VALUE) {
 int err = GetLastError();
 
+error_setg_win32(errp, err, "Could not open file");
 if (err == ERROR_ACCESS_DENIED) {
 ret = -EACCES;
 } else {
-- 
2.6.6

Re: [Qemu-devel] [PATCH] tcg: Merge GETPC and GETRA

[Leon Alrae]

On Tue, Jul 26, 2016 at 06:12:40AM +0530, Richard Henderson wrote:
> The return address argument to the softmmu template helpers was
> confused.  In the legacy case, we wanted to indicate that there
> is no return address, and so passed in NULL.  However, we then
> immediately subtracted GETPC_ADJ from NULL, resulting in a non-zero
> value, indicating the presence of an (invalid) return address.
> 
> Push the GETPC_ADJ subtraction down to the only point it's required:
> immediately before use within cpu_restore_state, after all NULL pointer
> checks have been completed.  This makes GETPC and GETRA identical.
> 
> Remove GETRA as the lesser used macro, replacing all uses with GETPC.
> 
> Signed-off-by: Richard Henderson 
> ---
> 
> Ben, this should fix the "-2" problem that you reported.  Of course,
> as also discussed in that thread, this won't fix the whole issue.
> 
> 
> r~
> 
> ---
>  cputlb.c|  6 ++
>  include/exec/exec-all.h |  9 +++--
>  softmmu_template.h  | 32 ++--
>  target-arm/helper.c |  6 +++---
>  target-mips/op_helper.c | 18 +-
>  translate-all.c |  1 +
>  6 files changed, 24 insertions(+), 48 deletions(-)

Looks good to me:

Reviewed-by: Leon Alrae 

Thanks,
Leon

Re: [Qemu-devel] [PULL 0/5] ppc-for-2.7 queue 20160726

[Peter Maydell]

On 26 July 2016 at 04:06, David Gibson  wrote:
> The following changes since commit 2d2e632ad00d11867c6c5625605b1fbc022dd62f:
>
>   Update version for v2.7.0-rc0 release (2016-07-22 15:32:42 +0100)
>
> are available in the git repository at:
>
>   git://github.com/dgibson/qemu.git tags/ppc-for-2.7-20160726
>
> for you to fetch changes up to 12bf2d33fe520f9cfd09f7bf9d46ae3202c3cb49:
>
>   spapr: disintricate core-id from DT semantics (2016-07-25 15:43:41 +1000)
>
> 
> ppc patch queue 2016-07-26
>
> Here's the current batch of ppc and spapr related patches intended for
> qemu-2.7.  Given the late stage in 2.7 development, these are all
> bugfixes with one exception:
>
> The "spapr: disintricate core-id from DT semantics" changes the way
> ids are assigned in the new core-based hotplug infrastructure.  This
> isn't strictly a bugfix, but we've determined that the current way of
> assigning core-ids will cause considerable grief with future plans for
> cpu hotplug.  Therefore it's better to fix this now, late in 2.7,
> before we have a released version with the problematic numbering.

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Amit Shah]

On (Tue) 26 Jul 2016 [10:00:49], Igor Mammedov wrote:
> On Tue, 26 Jul 2016 10:41:38 +0530
> Amit Shah  wrote:
> 
> > On (Wed) 20 Jul 2016 [12:08:32], Eduardo Habkost wrote:
> > > From: Igor Mammedov 
> > > 
> > > instance_id is generated by last_used_id + 1 for a given device type
> > > so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
> > > When CPU in the middle is hot-removed and migration started
> > > APICs with instance_ids 0 and 2 are transferred in migration stream.
> > > However target starts with 2 CPUs and APICs' instance_ids are
> > > generated from scratch [0, 1] hence migration fails with error
> > >   Unknown savevm section or instance 'apic' 2
> > > 
> > > Fix issue by manually registering APIC's vmsd with apic_id as
> > > instance_id, in this case instance_id on target will always
> > > match instance_id on source as apic_id is the same for a given
> > > cpu instance.
> > > 
> > > Reported-by: Bharata B Rao 
> > > Signed-off-by: Igor Mammedov 
> > > Reviewed-by: Dr. David Alan Gilbert 
> > > Reviewed-by: Michael S. Tsirkin 
> > > Signed-off-by: Eduardo Habkost   
> > 
> > After these patches, the static checker complains about missing
> > sections:
> > 
> > Section "apic-common" does not exist in dest
> > Section "apic" does not exist in dest
> > Section "kvm-apic" does not exist in dest
> It works for me, could you post reproducing commands?

This was flagged by a nightly run of the static checker when this
series was pulled.  On a 'before' tree, ie one w/o the patches, do
this:

qemu -dump-vmstate before.json

and for after:

qemu -dump-vmstate after.json

then,

python ./scripts/vmstate-static-checker.py -s before.json -d after.json

and that shows the output from above.


Amit

Re: [Qemu-devel] [PATCH v2 2/6] cadence_gem: Add the num-priority-queues property

[Peter Maydell]

On 26 July 2016 at 01:12, Alistair Francis  wrote:
> The Cadence GEM hardware supports N number priority queues, this patch is a
> step towards that by adding the property to set the queues. At the moment
> behaviour doesn't change as we only use queue 0.
>
> Signed-off-by: Alistair Francis 
> ---

> @@ -1218,7 +1220,7 @@ static void gem_realize(DeviceState *dev, Error **errp)
>  {
>  CadenceGEMState *s = CADENCE_GEM(dev);
>
> -sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq);
> +sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[0]);
>
>  qemu_macaddr_default_if_unset(&s->conf.macaddr);

At some point realize() needs to error-check the num-priority-queues
property (ie check it isn't >8). Do you do that later in the series?
(if so fine, if not, this patch is as good a place as any to put it.)

> @@ -1243,13 +1245,15 @@ static void gem_init(Object *obj)
>  static const VMStateDescription vmstate_cadence_gem = {
>  .name = "cadence_gem",
>  .version_id = 2,
> -.minimum_version_id = 2,
> +.minimum_version_id = 3,

You need to bump .version_id too.

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH] mptsas: Fix a migration compatible issue

[Amit Shah]

On (Tue) 26 Jul 2016 [17:03:23], Cao jin wrote:
> My previous commit 2e2aa316 removed internal flag msi_in_use, which
> exists in vmstate, use VMSTATE_UNUSED for migration compatibility.
> 
> Reported-by: Amit Shah 
> Suggested-by: Amit Shah 
> Cc: Markus Armbruster 
> Cc: Marcel Apfelbaum 
> Cc: Paolo Bonzini 
> Cc: Michael S. Tsirkin 
> Cc: Amit Shah 
> Signed-off-by: Cao jin 

Reviewed-by: Amit Shah 

Amit

[Qemu-devel] [PATCH v4 01/15] target-ppc: Introduce Power9 family

[Nikunj A Dadhania]

From: "Aneesh Kumar K.V" 

The patch adds CPU PVR definition for POWER9 and enables QEMU to launch
guests/linux-user in TCG mode.

Signed-off-by: Aneesh Kumar K.V 
[ Added POWER9 alias, POWER9 SPAPR core and dropped MMU defines ]
Signed-off-by: Nikunj A Dadhania 
---
 hw/ppc/spapr_cpu_core.c |  5 +++
 target-ppc/cpu-models.c |  5 +++
 target-ppc/cpu-models.h |  1 +
 target-ppc/cpu-qom.h|  1 +
 target-ppc/mmu_helper.c |  2 +-
 target-ppc/translate_init.c | 86 -
 6 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 5a132bf..713c5f3 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -352,6 +352,7 @@ SPAPR_CPU_CORE_INITFN(POWER7+_v2.1, POWER7plus);
 SPAPR_CPU_CORE_INITFN(POWER8_v2.0, POWER8);
 SPAPR_CPU_CORE_INITFN(POWER8E_v2.1, POWER8E);
 SPAPR_CPU_CORE_INITFN(POWER8NVL_v1.0, POWER8NVL);
+SPAPR_CPU_CORE_INITFN(POWER9_v1.0, POWER9);
 
 typedef struct SPAPRCoreInfo {
 const char *name;
@@ -395,6 +396,10 @@ static const SPAPRCoreInfo spapr_cores[] = {
 { .name = "POWER8NVL_v1.0", .initfn = spapr_cpu_core_POWER8NVL_initfn },
 { .name = "POWER8NVL", .initfn = spapr_cpu_core_POWER8NVL_initfn },
 
+/* POWER9 and aliases */
+{ .name = "POWER9_v1.0", .initfn = spapr_cpu_core_POWER9_initfn },
+{ .name = "POWER9", .initfn = spapr_cpu_core_POWER9_initfn },
+
 { .name = NULL }
 };
 
diff --git a/target-ppc/cpu-models.c b/target-ppc/cpu-models.c
index 5209e63..901cf40 100644
--- a/target-ppc/cpu-models.c
+++ b/target-ppc/cpu-models.c
@@ -1147,6 +1147,10 @@
 "POWER8NVL v1.0")
 POWERPC_DEF("970_v2.2",  CPU_POWERPC_970_v22,970,
 "PowerPC 970 v2.2")
+
+POWERPC_DEF("POWER9_v1.0",   CPU_POWERPC_POWER9_BASE,POWER9,
+"POWER9 v1.0")
+
 POWERPC_DEF("970fx_v1.0",CPU_POWERPC_970FX_v10,  970,
 "PowerPC 970FX v1.0 (G5)")
 POWERPC_DEF("970fx_v2.0",CPU_POWERPC_970FX_v20,  970,
@@ -1395,6 +1399,7 @@ PowerPCCPUAlias ppc_cpu_aliases[] = {
 { "POWER8E", "POWER8E_v2.1" },
 { "POWER8", "POWER8_v2.0" },
 { "POWER8NVL", "POWER8NVL_v1.0" },
+{ "POWER9", "POWER9_v1.0" },
 { "970", "970_v2.2" },
 { "970fx", "970fx_v3.1" },
 { "970mp", "970mp_v1.1" },
diff --git a/target-ppc/cpu-models.h b/target-ppc/cpu-models.h
index f21a44c..7d9e6a2 100644
--- a/target-ppc/cpu-models.h
+++ b/target-ppc/cpu-models.h
@@ -562,6 +562,7 @@ enum {
 CPU_POWERPC_POWER8_v20 = 0x004D0200,
 CPU_POWERPC_POWER8NVL_BASE = 0x004C,
 CPU_POWERPC_POWER8NVL_v10  = 0x004C0100,
+CPU_POWERPC_POWER9_BASE= 0x004E,
 CPU_POWERPC_970_v22= 0x00390202,
 CPU_POWERPC_970FX_v10  = 0x00391100,
 CPU_POWERPC_970FX_v20  = 0x003C0200,
diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index 2864105..713deef 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -86,6 +86,7 @@ enum powerpc_mmu_t {
 POWERPC_MMU_2_07   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
  | POWERPC_MMU_64K
  | POWERPC_MMU_AMR | 0x0004,
+/* FIXME Add POWERPC_MMU_3_OO defines */
 /* Architecture 2.07 "degraded" (no 1T segments)   */
 POWERPC_MMU_2_07a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
  | 0x0004,
diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index 3eb3cd7..737f338 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -1941,7 +1941,7 @@ void ppc_tlb_invalidate_all(CPUPPCState *env)
 break;
 default:
 /* XXX: TODO */
-cpu_abort(CPU(cpu), "Unknown MMU model\n");
+cpu_abort(CPU(cpu), "Unknown MMU model %d\n", env->mmu_model);
 break;
 }
 }
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 5f28a36..1e12d80 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -7459,7 +7459,8 @@ enum BOOK3S_CPU_TYPE {
 BOOK3S_CPU_POWER5PLUS,
 BOOK3S_CPU_POWER6,
 BOOK3S_CPU_POWER7,
-BOOK3S_CPU_POWER8
+BOOK3S_CPU_POWER8,
+BOOK3S_CPU_POWER9
 };
 
 static void gen_fscr_facility_check(DisasContext *ctx, int facility_sprn,
@@ -8241,6 +8242,7 @@ static void init_proc_book3s_64(CPUPPCState *env, int 
version)
 break;
 case BOOK3S_CPU_POWER7:
 case BOOK3S_CPU_POWER8:
+case BOOK3S_CPU_POWER9:
 gen_spr_book3s_ids(env);
 gen_spr_amr(env, version >= BOOK3S_CPU_POWER8);
 gen_spr_book3s_purr(env);
@@ -8293,6 +8295,7 @@ static void init_proc_book3s_64(CPUPPCState *env, int 
version)
 break;
 case BOOK3S_CPU_POWER7:
 case BOOK3S_CPU_POWER8:
+case BOOK3S_CPU_POWER9:
 default:
 env->slb_nr = 32;
 break;
@@ -8310,6 +8313,7 @@ static void init_proc_book3s_64(CPUPPCState *e

[Qemu-devel] [PATCH v4 03/15] target-ppc: adding addpcis instruction

[Nikunj A Dadhania]

ISA 3.0 instruction for adding immediate value shifted with next
instruction address and return the result in the target register.

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: David Gibson 
---
 target-ppc/translate.c | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 92030b6..ca246ea 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -432,6 +432,20 @@ static inline uint32_t name(uint32_t opcode)   
   \
 return (((opcode >> (shift1)) & ((1 << (nb1)) - 1)) << nb2) | \
 ((opcode >> (shift2)) & ((1 << (nb2)) - 1));  \
 }
+
+#define EXTRACT_HELPER_DXFORM(name,   \
+  d0_bits, shift_op_d0, shift_d0, \
+  d1_bits, shift_op_d1, shift_d1, \
+  d2_bits, shift_op_d2, shift_d2) \
+static inline int16_t name(uint32_t opcode)   \
+{ \
+return\
+(((opcode >> (shift_op_d0)) & ((1 << (d0_bits)) - 1)) << (shift_d0)) | 
\
+(((opcode >> (shift_op_d1)) & ((1 << (d1_bits)) - 1)) << (shift_d1)) | 
\
+(((opcode >> (shift_op_d2)) & ((1 << (d2_bits)) - 1)) << (shift_d2));  
\
+}
+
+
 /* Opcode part 1 */
 EXTRACT_HELPER(opc1, 26, 6);
 /* Opcode part 2 */
@@ -501,6 +515,9 @@ EXTRACT_HELPER(FPL, 25, 1);
 EXTRACT_HELPER(FPFLM, 17, 8);
 EXTRACT_HELPER(FPW, 16, 1);
 
+/* addpcis */
+EXTRACT_HELPER_DXFORM(DX, 10, 6, 6, 5, 16, 1, 1, 0, 0)
+
 /***Jump target decoding   ***/
 /* Immediate address */
 static inline target_ulong LI(uint32_t opcode)
@@ -984,6 +1001,14 @@ static void gen_addis(DisasContext *ctx)
 }
 }
 
+/* addpcis */
+static void gen_addpcis(DisasContext *ctx)
+{
+target_long d = DX(ctx->opcode);
+
+tcg_gen_movi_tl(cpu_gpr[rD(ctx->opcode)], ctx->nip + (d << 16));
+}
+
 static inline void gen_op_arith_divw(DisasContext *ctx, TCGv ret, TCGv arg1,
  TCGv arg2, int sign, int compute_ov)
 {
@@ -9877,6 +9902,7 @@ GEN_HANDLER(addi, 0x0E, 0xFF, 0xFF, 0x, 
PPC_INTEGER),
 GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER2(addic_, "addic.", 0x0D, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER(addis, 0x0F, 0xFF, 0xFF, 0x, PPC_INTEGER),
+GEN_HANDLER_E(addpcis, 0x13, 0x2, 0xFF, 0x, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(mulhw, 0x1F, 0x0B, 0x02, 0x0400, PPC_INTEGER),
 GEN_HANDLER(mulhwu, 0x1F, 0x0B, 0x00, 0x0400, PPC_INTEGER),
 GEN_HANDLER(mullw, 0x1F, 0x0B, 0x07, 0x, PPC_INTEGER),
-- 
2.7.4

[Qemu-devel] [PATCH v4 06/15] target-ppc: add modulo dword operations

[Nikunj A Dadhania]

Adding following instructions for ISA3.0 support

modud: Modulo Unsigned Dword
modsd: Modulo Signed Dword

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson opcode)],\
+cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],   \
+sign);\
+}
+
+GEN_INT_ARITH_MODD(modud, 0x08, 0);
+GEN_INT_ARITH_MODD(modsd, 0x18, 1);
+#endif
+
 /* mulhw  mulhw. */
 static void gen_mulhw(DisasContext *ctx)
 {
@@ -10303,6 +10349,8 @@ GEN_HANDLER_E(divdeu, 0x1F, 0x09, 0x0C, 0, PPC_NONE, 
PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divdeuo, 0x1F, 0x09, 0x1C, 0, PPC_NONE, PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divde, 0x1F, 0x09, 0x0D, 0, PPC_NONE, PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divdeo, 0x1F, 0x09, 0x1D, 0, PPC_NONE, PPC2_DIVE_ISA206),
+GEN_HANDLER_E(modsd, 0x1F, 0x09, 0x18, 0x0001, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(modud, 0x1F, 0x09, 0x08, 0x0001, PPC_NONE, PPC2_ISA300),
 
 #undef GEN_INT_ARITH_MUL_HELPER
 #define GEN_INT_ARITH_MUL_HELPER(name, opc3)  \
-- 
2.7.4

[Qemu-devel] [PATCH v4 04/15] target-ppc: add cmprb instruction

[Nikunj A Dadhania]

ISA 3.0 Compare Ranged Byte instruction useful for
isupper/islower/isaplha kind of operation.

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/translate.c | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index ca246ea..7e349e8 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -817,6 +817,43 @@ static void gen_cmpli(DisasContext *ctx)
 }
 }
 
+/* cmprb - range comparison: isupper, isaplha, islower*/
+static void gen_cmprb(DisasContext *ctx)
+{
+TCGv_i32 src1 = tcg_temp_new_i32();
+TCGv_i32 src2 = tcg_temp_new_i32();
+TCGv_i32 src2lo = tcg_temp_new_i32();
+TCGv_i32 src2hi = tcg_temp_new_i32();
+TCGv_i32 crf = cpu_crf[crfD(ctx->opcode)];
+
+tcg_gen_trunc_tl_i32(src1, cpu_gpr[rA(ctx->opcode)]);
+tcg_gen_trunc_tl_i32(src2, cpu_gpr[rB(ctx->opcode)]);
+
+tcg_gen_ext8u_i32(src2lo, src2);
+tcg_gen_shri_i32(src2, src2, 8);
+tcg_gen_ext8u_i32(src2hi, src2);
+
+tcg_gen_setcond_i32(TCG_COND_LEU, src2lo, src2lo, src1);
+tcg_gen_setcond_i32(TCG_COND_LEU, src2hi, src1, src2hi);
+tcg_gen_and_i32(crf, src2lo, src2hi);
+
+if (ctx->opcode & 0x0020) {
+tcg_gen_shri_i32(src2, src2, 8);
+tcg_gen_ext8u_i32(src2lo, src2);
+tcg_gen_shri_i32(src2, src2, 8);
+tcg_gen_ext8u_i32(src2hi, src2);
+tcg_gen_setcond_i32(TCG_COND_LEU, src2lo, src2lo, src1);
+tcg_gen_setcond_i32(TCG_COND_LEU, src2hi, src1, src2hi);
+tcg_gen_and_i32(src2lo, src2lo, src2hi);
+tcg_gen_or_i32(crf, crf, src2lo);
+}
+tcg_gen_shli_i32(crf, crf, CRF_GT);
+tcg_temp_free_i32(src1);
+tcg_temp_free_i32(src2);
+tcg_temp_free_i32(src2lo);
+tcg_temp_free_i32(src2hi);
+}
+
 /* isel (PowerPC 2.03 specification) */
 static void gen_isel(DisasContext *ctx)
 {
@@ -9897,6 +9934,7 @@ GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x0040, 
PPC_INTEGER),
 GEN_HANDLER(cmpl, 0x1F, 0x00, 0x01, 0x0040, PPC_INTEGER),
 GEN_HANDLER(cmpli, 0x0A, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
 GEN_HANDLER_E(cmpb, 0x1F, 0x1C, 0x0F, 0x0001, PPC_NONE, PPC2_ISA205),
+GEN_HANDLER_E(cmprb, 0x1F, 0x00, 0x06, 0x0041, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(isel, 0x1F, 0x0F, 0xFF, 0x0001, PPC_ISEL),
 GEN_HANDLER(addi, 0x0E, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x, PPC_INTEGER),
-- 
2.7.4

[Qemu-devel] [PATCH v4 02/15] target-ppc: Introduce POWER ISA 3.0 flag

[Nikunj A Dadhania]

This flag will be used for POWER9 instructions.

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: David Gibson 
---
 target-ppc/cpu.h| 5 -
 target-ppc/translate_init.c | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 5fce1ff..c499315 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -2094,6 +2094,8 @@ enum {
 PPC2_TM= 0x0002ULL,
 /* Server PM instructgions (ISA 2.06, Book III)  */
 PPC2_PM_ISA206 = 0x0004ULL,
+/* POWER ISA 3.0 */
+PPC2_ISA300= 0x0008ULL,
 
 #define PPC_TCG_INSNS2 (PPC2_BOOKE206 | PPC2_VSX | PPC2_PRCNTL | PPC2_DBRX | \
 PPC2_ISA205 | PPC2_VSX207 | PPC2_PERM_ISA206 | \
@@ -2101,7 +2103,8 @@ enum {
 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206 | \
 PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | \
 PPC2_ALTIVEC_207 | PPC2_ISA207S | PPC2_DFP | \
-PPC2_FP_CVT_S64 | PPC2_TM | PPC2_PM_ISA206)
+PPC2_FP_CVT_S64 | PPC2_TM | PPC2_PM_ISA206 | \
+PPC2_ISA300)
 };
 
 /*/
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 1e12d80..0d8cff1 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -8820,7 +8820,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 PPC2_FP_TST_ISA206 | PPC2_BCTAR_ISA207 |
 PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 |
 PPC2_ISA205 | PPC2_ISA207S | PPC2_FP_CVT_S64 |
-PPC2_TM | PPC2_PM_ISA206;
+PPC2_TM | PPC2_PM_ISA206 | PPC2_ISA300;
 pcc->msr_mask = (1ull << MSR_SF) |
 (1ull << MSR_TM) |
 (1ull << MSR_VR) |
-- 
2.7.4

[Qemu-devel] [PATCH v4 08/15] target-ppc: implement branch-less divd[o][.]

[Nikunj A Dadhania]

Similar to divw, implement branch-less divd.

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c | 48 ++--
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 69d9ae0..ba22e13 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1122,37 +1122,41 @@ GEN_DIVE(divweo, divwe, 1);
 static inline void gen_op_arith_divd(DisasContext *ctx, TCGv ret, TCGv arg1,
  TCGv arg2, int sign, int compute_ov)
 {
-TCGLabel *l1 = gen_new_label();
-TCGLabel *l2 = gen_new_label();
+TCGv_i64 t0 = tcg_temp_new_i64();
+TCGv_i64 t1 = tcg_temp_new_i64();
+TCGv_i64 t2 = tcg_temp_new_i64();
+TCGv_i64 t3 = tcg_temp_new_i64();
 
-tcg_gen_brcondi_i64(TCG_COND_EQ, arg2, 0, l1);
-if (sign) {
-TCGLabel *l3 = gen_new_label();
-tcg_gen_brcondi_i64(TCG_COND_NE, arg2, -1, l3);
-tcg_gen_brcondi_i64(TCG_COND_EQ, arg1, INT64_MIN, l1);
-gen_set_label(l3);
-tcg_gen_div_i64(ret, arg1, arg2);
-} else {
-tcg_gen_divu_i64(ret, arg1, arg2);
-}
-if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 0);
-}
-tcg_gen_br(l2);
-gen_set_label(l1);
+tcg_gen_mov_i64(t0, arg1);
+tcg_gen_mov_i64(t1, arg2);
 if (sign) {
-tcg_gen_sari_i64(ret, arg1, 63);
+tcg_gen_setcondi_i64(TCG_COND_EQ, t2, t0, INT64_MIN);
+tcg_gen_setcondi_i64(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_i64(t2, t2, t3);
+tcg_gen_setcondi_i64(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_i64(t2, t2, t3);
+tcg_gen_movi_i64(t3, 0);
+tcg_gen_movcond_i64(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_div_i64(ret, t0, t1);
 } else {
-tcg_gen_movi_i64(ret, 0);
+tcg_gen_setcondi_i64(TCG_COND_EQ, t2, t1, 0);
+tcg_gen_movi_i64(t3, 0);
+tcg_gen_movcond_i64(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_divu_i64(ret, t0, t1);
 }
 if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 1);
-tcg_gen_movi_tl(cpu_so, 1);
+tcg_gen_mov_tl(cpu_ov, t2);
+tcg_gen_or_tl(cpu_so, cpu_so, cpu_ov);
 }
-gen_set_label(l2);
+tcg_temp_free_i64(t0);
+tcg_temp_free_i64(t1);
+tcg_temp_free_i64(t2);
+tcg_temp_free_i64(t3);
+
 if (unlikely(Rc(ctx->opcode) != 0))
 gen_set_Rc0(ctx, ret);
 }
+
 #define GEN_INT_ARITH_DIVD(name, opc3, sign, compute_ov)  \
 static void glue(gen_, name)(DisasContext *ctx)
   \
 { \
-- 
2.7.4

[Qemu-devel] [PATCH v4 10/15] target-ppc: add cnttzw[.] instruction

[Nikunj A Dadhania]

Add ISA3.0: Count trailing zeros word instruction.

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/helper.h |  1 +
 target-ppc/int_helper.c |  5 +
 target-ppc/translate.c  | 11 +++
 3 files changed, 17 insertions(+)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 0c29c01..9c79808 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -38,6 +38,7 @@ DEF_HELPER_4(divweu, tl, env, tl, tl, i32)
 DEF_HELPER_4(divwe, tl, env, tl, tl, i32)
 
 DEF_HELPER_FLAGS_1(cntlzw, TCG_CALL_NO_RWG_SE, tl, tl)
+DEF_HELPER_FLAGS_1(cnttzw, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntb, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntw, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_2(cmpb, TCG_CALL_NO_RWG_SE, tl, tl, tl)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 93e8dfa..02b6df3 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -145,6 +145,11 @@ target_ulong helper_cntlzw(target_ulong t)
 return clz32(t);
 }
 
+target_ulong helper_cnttzw(target_ulong t)
+{
+return ctz32(t);
+}
+
 #if defined(TARGET_PPC64)
 target_ulong helper_cntlzd(target_ulong t)
 {
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 038106d..b1a875e 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1584,6 +1584,16 @@ static void gen_cntlzw(DisasContext *ctx)
 if (unlikely(Rc(ctx->opcode) != 0))
 gen_set_Rc0(ctx, cpu_gpr[rA(ctx->opcode)]);
 }
+
+/* cnttzw */
+static void gen_cnttzw(DisasContext *ctx)
+{
+gen_helper_cnttzw(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rS(ctx->opcode)]);
+if (unlikely(Rc(ctx->opcode) != 0)) {
+gen_set_Rc0(ctx, cpu_gpr[rA(ctx->opcode)]);
+}
+}
+
 /* eqv & eqv. */
 GEN_LOGICAL2(eqv, tcg_gen_eqv_tl, 0x08, PPC_INTEGER);
 /* extsb & extsb. */
@@ -10058,6 +10068,7 @@ GEN_HANDLER(subfic, 0x08, 0xFF, 0xFF, 0x, 
PPC_INTEGER),
 GEN_HANDLER2(andi_, "andi.", 0x1C, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER2(andis_, "andis.", 0x1D, 0xFF, 0xFF, 0x, PPC_INTEGER),
 GEN_HANDLER(cntlzw, 0x1F, 0x1A, 0x00, 0x, PPC_INTEGER),
+GEN_HANDLER_E(cnttzw, 0x1F, 0x1A, 0x10, 0x, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(or, 0x1F, 0x1C, 0x0D, 0x, PPC_INTEGER),
 GEN_HANDLER(xor, 0x1F, 0x1C, 0x09, 0x, PPC_INTEGER),
 GEN_HANDLER(ori, 0x18, 0xFF, 0xFF, 0x, PPC_INTEGER),
-- 
2.7.4

[Qemu-devel] [PATCH v4 05/15] target-ppc: add modulo word operations

[Nikunj A Dadhania]

Adding following instructions:

moduw: Modulo Unsigned Word
modsw: Modulo Signed Word

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/translate.c | 48 
 1 file changed, 48 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 7e349e8..966e848 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1175,6 +1175,52 @@ GEN_DIVE(divde, divde, 0);
 GEN_DIVE(divdeo, divde, 1);
 #endif
 
+static inline void gen_op_arith_modw(DisasContext *ctx, TCGv ret, TCGv arg1,
+ TCGv arg2, int sign)
+{
+TCGv_i32 t0 = tcg_temp_new_i32();
+TCGv_i32 t1 = tcg_temp_new_i32();
+
+tcg_gen_trunc_tl_i32(t0, arg1);
+tcg_gen_trunc_tl_i32(t1, arg2);
+if (sign) {
+TCGv_i32 t2 = tcg_temp_new_i32();
+TCGv_i32 t3 = tcg_temp_new_i32();
+tcg_gen_setcondi_i32(TCG_COND_EQ, t2, t0, INT_MIN);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_i32(t2, t2, t3);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_i32(t2, t2, t3);
+tcg_gen_movi_i32(t3, 0);
+tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_rem_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t3);
+} else {
+TCGv_i32 t2 = tcg_const_i32(1);
+TCGv_i32 t3 = tcg_const_i32(0);
+tcg_gen_movcond_i32(TCG_COND_EQ, t1, t1, t3, t2, t1);
+tcg_gen_remu_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t3);
+}
+tcg_temp_free_i32(t0);
+tcg_temp_free_i32(t1);
+}
+
+#define GEN_INT_ARITH_MODW(name, opc3, sign)\
+static void glue(gen_, name)(DisasContext *ctx) \
+{   \
+gen_op_arith_modw(ctx, cpu_gpr[rD(ctx->opcode)],\
+  cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)],   \
+  sign);\
+}
+
+GEN_INT_ARITH_MODW(moduw, 0x08, 0);
+GEN_INT_ARITH_MODW(modsw, 0x18, 1);
+
 /* mulhw  mulhw. */
 static void gen_mulhw(DisasContext *ctx)
 {
@@ -10241,6 +10287,8 @@ GEN_HANDLER_E(divwe, 0x1F, 0x0B, 0x0D, 0, PPC_NONE, 
PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divweo, 0x1F, 0x0B, 0x1D, 0, PPC_NONE, PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divweu, 0x1F, 0x0B, 0x0C, 0, PPC_NONE, PPC2_DIVE_ISA206),
 GEN_HANDLER_E(divweuo, 0x1F, 0x0B, 0x1C, 0, PPC_NONE, PPC2_DIVE_ISA206),
+GEN_HANDLER_E(modsw, 0x1F, 0x0B, 0x18, 0x0001, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(moduw, 0x1F, 0x0B, 0x08, 0x0001, PPC_NONE, PPC2_ISA300),
 
 #if defined(TARGET_PPC64)
 #undef GEN_INT_ARITH_DIVD
-- 
2.7.4

[Qemu-devel] [PATCH v4 09/15] target-ppc: add cnttzd[.] instruction

[Nikunj A Dadhania]

From: Sandipan Das 

Add ISA3.0 Count trailing zeros double word

Signed-off-by: Sandipan Das 
[ added ISA300 flag ]
Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/helper.h |  1 +
 target-ppc/int_helper.c |  5 +
 target-ppc/translate.c  | 10 ++
 3 files changed, 16 insertions(+)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 1f5cfd0..0c29c01 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -44,6 +44,7 @@ DEF_HELPER_FLAGS_2(cmpb, TCG_CALL_NO_RWG_SE, tl, tl, tl)
 DEF_HELPER_3(sraw, tl, env, tl, tl)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_1(cntlzd, TCG_CALL_NO_RWG_SE, tl, tl)
+DEF_HELPER_FLAGS_1(cnttzd, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntd, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_2(bpermd, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_3(srad, tl, env, tl, tl)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 7445376..93e8dfa 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -150,6 +150,11 @@ target_ulong helper_cntlzd(target_ulong t)
 {
 return clz64(t);
 }
+
+target_ulong helper_cnttzd(target_ulong t)
+{
+return ctz64(t);
+}
 #endif
 
 #if defined(TARGET_PPC64)
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index ba22e13..038106d 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1824,6 +1824,15 @@ static void gen_cntlzd(DisasContext *ctx)
 if (unlikely(Rc(ctx->opcode) != 0))
 gen_set_Rc0(ctx, cpu_gpr[rA(ctx->opcode)]);
 }
+
+/* cnttzd */
+static void gen_cnttzd(DisasContext *ctx)
+{
+gen_helper_cnttzd(cpu_gpr[rA(ctx->opcode)], cpu_gpr[rS(ctx->opcode)]);
+if (unlikely(Rc(ctx->opcode) != 0)) {
+gen_set_Rc0(ctx, cpu_gpr[rA(ctx->opcode)]);
+}
+}
 #endif
 
 /*** Integer rotate***/
@@ -10061,6 +10070,7 @@ GEN_HANDLER_E(prtyw, 0x1F, 0x1A, 0x04, 0xF801, 
PPC_NONE, PPC2_ISA205),
 #if defined(TARGET_PPC64)
 GEN_HANDLER(popcntd, 0x1F, 0x1A, 0x0F, 0xF801, PPC_POPCNTWD),
 GEN_HANDLER(cntlzd, 0x1F, 0x1A, 0x01, 0x, PPC_64B),
+GEN_HANDLER_E(cnttzd, 0x1F, 0x1A, 0x11, 0x, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER_E(prtyd, 0x1F, 0x1A, 0x05, 0xF801, PPC_NONE, PPC2_ISA205),
 GEN_HANDLER_E(bpermd, 0x1F, 0x1C, 0x07, 0x0001, PPC_NONE, 
PPC2_PERM_ISA206),
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH v4 14/15] target-ppc: add maddhd and maddhdu instruction

[Nikunj A Dadhania]

maddhd: Multiply-Add High Doubleword
maddhdu: Multiply-Add High Doubleword Unsigned

Above two instruction are dual form and differ by 1 bit
(31st bit)

Multiplies two 64-bit registers (RA * RB), adds third register(RC) to
the result(quadword) and returns the higher dword in the target
register(RT).

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/translate.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 81a87e9..ec7064f 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -7750,6 +7750,29 @@ static void gen_maddld(DisasContext *ctx)
 tcg_gen_add_i64(cpu_gpr[rD(ctx->opcode)], t1, cpu_gpr[rC(ctx->opcode)]);
 tcg_temp_free_i64(t1);
 }
+
+/* maddhd maddhdu */
+static void gen_maddhd_maddhdu(DisasContext *ctx)
+{
+TCGv_i64 lo = tcg_temp_new_i64();
+TCGv_i64 hi = tcg_temp_new_i64();
+TCGv_i64 t1 = tcg_temp_new_i64();
+
+if (Rc(ctx->opcode)) {
+tcg_gen_mulu2_i64(lo, hi, cpu_gpr[rA(ctx->opcode)],
+  cpu_gpr[rB(ctx->opcode)]);
+tcg_gen_movi_i64(t1, 0);
+} else {
+tcg_gen_muls2_i64(lo, hi, cpu_gpr[rA(ctx->opcode)],
+  cpu_gpr[rB(ctx->opcode)]);
+tcg_gen_sari_i64(t1, cpu_gpr[rC(ctx->opcode)], 63);
+}
+tcg_gen_add2_i64(t1, cpu_gpr[rD(ctx->opcode)], lo, hi,
+ cpu_gpr[rC(ctx->opcode)], t1);
+tcg_temp_free_i64(lo);
+tcg_temp_free_i64(hi);
+tcg_temp_free_i64(t1);
+}
 #endif /* defined(TARGET_PPC64) */
 
 GEN_VXFORM_NOA(vclzb, 1, 28)
@@ -10368,6 +10391,8 @@ GEN_HANDLER(mfvscr, 0x04, 0x2, 0x18, 0x001ff800, 
PPC_ALTIVEC),
 GEN_HANDLER(mtvscr, 0x04, 0x2, 0x19, 0x03ff, PPC_ALTIVEC),
 GEN_HANDLER(vmladduhm, 0x04, 0x11, 0xFF, 0x, PPC_ALTIVEC),
 #if defined(TARGET_PPC64)
+GEN_HANDLER_E(maddhd_maddhdu, 0x04, 0x18, 0xFF, 0x, PPC_NONE,
+  PPC2_ISA300),
 GEN_HANDLER_E(maddld, 0x04, 0x19, 0xFF, 0x, PPC_NONE, PPC2_ISA300),
 #endif
 GEN_HANDLER2(evsel0, "evsel", 0x04, 0x1c, 0x09, 0x, PPC_SPE),
-- 
2.7.4

[Qemu-devel] [PATCH v4 15/15] target-ppc: introduce opc4 for Expanded Opcode

[Nikunj A Dadhania]

ISA 3.0 has introduced EO - Expanded Opcode. Introduce third level
indirect opcode table and corresponding parsing routines.

EO (11:12) Expanded opcode field
Formats: XX1

EO (11:15) Expanded opcode field
Formats: VX, X, XX2

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c  |  82 
 target-ppc/translate_init.c | 126 
 2 files changed, 154 insertions(+), 54 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index ec7064f..d522566 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -367,12 +367,13 @@ GEN_OPCODE2(name, onam, opc1, opc2, opc3, inval, type, 
PPC_NONE)
 #define GEN_HANDLER2_E(name, onam, opc1, opc2, opc3, inval, type, type2)  \
 GEN_OPCODE2(name, onam, opc1, opc2, opc3, inval, type, type2)
 
+#define GEN_HANDLER_E_2(name, opc1, opc2, opc3, opc4, inval, type, type2) \
+GEN_OPCODE3(name, opc1, opc2, opc3, opc4, inval, type, type2)
+
 typedef struct opcode_t {
-unsigned char opc1, opc2, opc3;
+unsigned char opc1, opc2, opc3, opc4;
 #if HOST_LONG_BITS == 64 /* Explicitly align to 64 bits */
-unsigned char pad[5];
-#else
-unsigned char pad[1];
+unsigned char pad[4];
 #endif
 opc_handler_t handler;
 const char *oname;
@@ -452,6 +453,8 @@ EXTRACT_HELPER(opc1, 26, 6);
 EXTRACT_HELPER(opc2, 1, 5);
 /* Opcode part 3 */
 EXTRACT_HELPER(opc3, 6, 5);
+/* Opcode part 4 */
+EXTRACT_HELPER(opc4, 16, 5);
 /* Update Cr0 flags */
 EXTRACT_HELPER(Rc, 0, 1);
 /* Update Cr6 flags (Altivec) */
@@ -589,7 +592,7 @@ EXTRACT_HELPER(SP, 19, 2);
 .opc1 = op1,  \
 .opc2 = op2,  \
 .opc3 = op3,  \
-.pad  = { 0, },   \
+.opc4 = 0xff, \
 .handler = {  \
 .inval1  = invl,  \
 .type = _typ, \
@@ -604,7 +607,7 @@ EXTRACT_HELPER(SP, 19, 2);
 .opc1 = op1,  \
 .opc2 = op2,  \
 .opc3 = op3,  \
-.pad  = { 0, },   \
+.opc4 = 0xff, \
 .handler = {  \
 .inval1  = invl1, \
 .inval2  = invl2, \
@@ -620,7 +623,7 @@ EXTRACT_HELPER(SP, 19, 2);
 .opc1 = op1,  \
 .opc2 = op2,  \
 .opc3 = op3,  \
-.pad  = { 0, },   \
+.opc4 = 0xff, \
 .handler = {  \
 .inval1  = invl,  \
 .type = _typ, \
@@ -630,13 +633,28 @@ EXTRACT_HELPER(SP, 19, 2);
 },\
 .oname = onam,\
 }
+#define GEN_OPCODE3(name, op1, op2, op3, op4, invl, _typ, _typ2)  \
+{ \
+.opc1 = op1,  \
+.opc2 = op2,  \
+.opc3 = op3,  \
+.opc4 = op4,  \
+.handler = {  \
+.inval1  = invl,  \
+.type = _typ, \
+.type2 = _typ2,   \
+.handler = &gen_##name,   \
+.oname = stringify(name), \
+},\
+.oname = stringify(name),  

[Qemu-devel] Making cputlb.c operations safe for MTTCG

[Alex Bennée]

Hi,

While I've been re-spinning the base patches I've brought forward some
of the async work for cputlb done on the ARM enabling set. Thanks to
Sergey's consolidation work we have a robust mechanism for halting all
vCPUs to get work done if we need to. The cputlb changes are actually
independent of any specific architecture fixes needed so it makes sense
to fix them all in the base set. This works well for the various
tlb_flush type operations.

Going through cputlb though I have come across one use case where
deferring the work until later seems like a potential bottleneck and
also introduces a potential race.

When we do code generation we use tlb_protect_code() to set the region
as DIRTY_MEMORY_CODE and update the SoftMMU TLB flags to force the slow
path if anything tries to write to areas which have generated code
blocks associated with them. This operation is intrinsically cross-vCPU
as any vCPU writing to the code needs to be trapped:

static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
{
CPUState *cpu;
ram_addr_t start1;
RAMBlock *block;
ram_addr_t end;

end = TARGET_PAGE_ALIGN(start + length);
start &= TARGET_PAGE_MASK;

rcu_read_lock();
block = qemu_get_ram_block(start);
assert(block == qemu_get_ram_block(end - 1));
start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
CPU_FOREACH(cpu) {
tlb_reset_dirty(cpu, start1, length);
}
rcu_read_unlock();
}

If we defer the updating of the other vCPUs to later we'll introduce a
potential race which while I'm sure would be tricky to hit could result
in for example a guest probe not getting picked up if placed just after
code generation.

As the eventual operation is the setting of a flag I'm wondering if we
can simply use atomic primitives to ensure we don't corrupt the lookup
address when setting the TLB_NOTDIRTY flag?

Of course the TLB structure itself covers a number of values but AFAICT
erroneously setting TLB_NOTDIRTY on a entry that gets updated to a new
address wouldn't cause a problem except triggering an additional
slow-path write. If we are careful about the filling of the TLB entries
can we be sure we are always safe?

I hope to have some patches to show by the end of the week.

--
Alex Bennée

[Qemu-devel] [PATCH v4 11/15] target-ppc: add cmpeqb instruction

[Nikunj A Dadhania]

Search a byte in the stream of 8bytes provided in the register

Suggested-by: Richard Henderson 
Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/helper.h |  1 +
 target-ppc/int_helper.c | 22 ++
 target-ppc/translate.c  | 12 
 3 files changed, 35 insertions(+)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index 9c79808..9e4bb7b 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -44,6 +44,7 @@ DEF_HELPER_FLAGS_1(popcntw, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_2(cmpb, TCG_CALL_NO_RWG_SE, tl, tl, tl)
 DEF_HELPER_3(sraw, tl, env, tl, tl)
 #if defined(TARGET_PPC64)
+DEF_HELPER_FLAGS_2(cmpeqb, TCG_CALL_NO_RWG_SE, i32, tl, tl)
 DEF_HELPER_FLAGS_1(cntlzd, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_1(cnttzd, TCG_CALL_NO_RWG_SE, tl, tl)
 DEF_HELPER_FLAGS_1(popcntd, TCG_CALL_NO_RWG_SE, tl, tl)
diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
index 02b6df3..15947ad 100644
--- a/target-ppc/int_helper.c
+++ b/target-ppc/int_helper.c
@@ -151,6 +151,28 @@ target_ulong helper_cnttzw(target_ulong t)
 }
 
 #if defined(TARGET_PPC64)
+/* if x = 0xab, returns 0xababababababababa */
+#define pattern(x) (((x) & 0xff) * (~(target_ulong)0 / 0xff))
+
+/* substract 1 from each byte, and with inverse, check if MSB is set at each
+ * byte.
+ * i.e. ((0x00 - 0x01) & ~(0x00)) & 0x80
+ *  (0xFF & 0xFF) & 0x80 = 0x80 (zero found)
+ */
+#define haszero(v) (((v) - pattern(0x01)) & ~(v) & pattern(0x80))
+
+/* When you XOR the pattern and there is a match, that byte will be zero */
+#define hasvalue(x, n)  (haszero((x) ^ pattern(n)))
+
+uint32_t helper_cmpeqb(target_ulong ra, target_ulong rb)
+{
+return hasvalue(rb, ra) ? 1 << CRF_GT : 0;
+}
+
+#undef pattern
+#undef haszero
+#undef hasvalue
+
 target_ulong helper_cntlzd(target_ulong t)
 {
 return clz64(t);
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index b1a875e..8d56da8 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -854,6 +854,15 @@ static void gen_cmprb(DisasContext *ctx)
 tcg_temp_free_i32(src2hi);
 }
 
+#if defined(TARGET_PPC64)
+/* cmpeqb */
+static void gen_cmpeqb(DisasContext *ctx)
+{
+gen_helper_cmpeqb(cpu_crf[crfD(ctx->opcode)], cpu_gpr[rA(ctx->opcode)],
+  cpu_gpr[rB(ctx->opcode)]);
+}
+#endif
+
 /* isel (PowerPC 2.03 specification) */
 static void gen_isel(DisasContext *ctx)
 {
@@ -10046,6 +10055,9 @@ GEN_HANDLER(cmp, 0x1F, 0x00, 0x00, 0x0040, 
PPC_INTEGER),
 GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
 GEN_HANDLER(cmpl, 0x1F, 0x00, 0x01, 0x0040, PPC_INTEGER),
 GEN_HANDLER(cmpli, 0x0A, 0xFF, 0xFF, 0x0040, PPC_INTEGER),
+#if defined(TARGET_PPC64)
+GEN_HANDLER_E(cmpeqb, 0x1F, 0x00, 0x07, 0x0060, PPC_NONE, PPC2_ISA300),
+#endif
 GEN_HANDLER_E(cmpb, 0x1F, 0x1C, 0x0F, 0x0001, PPC_NONE, PPC2_ISA205),
 GEN_HANDLER_E(cmprb, 0x1F, 0x00, 0x06, 0x0041, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(isel, 0x1F, 0x0F, 0xFF, 0x0001, PPC_ISEL),
-- 
2.7.4

[Qemu-devel] [PATCH v4 07/15] target-ppc: implement branch-less divw[o][.]

[Nikunj A Dadhania]

While implementing modulo instructions figured out that the
implementation uses many branches. Change the logic to achieve the
branch-less code. Undefined value is set to dividend in case of invalid
input.

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c | 48 +++-
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 7c7328f..69d9ae0 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1049,41 +1049,39 @@ static void gen_addpcis(DisasContext *ctx)
 static inline void gen_op_arith_divw(DisasContext *ctx, TCGv ret, TCGv arg1,
  TCGv arg2, int sign, int compute_ov)
 {
-TCGLabel *l1 = gen_new_label();
-TCGLabel *l2 = gen_new_label();
-TCGv_i32 t0 = tcg_temp_local_new_i32();
-TCGv_i32 t1 = tcg_temp_local_new_i32();
+TCGv_i32 t0 = tcg_temp_new_i32();
+TCGv_i32 t1 = tcg_temp_new_i32();
+TCGv_i32 t2 = tcg_temp_new_i32();
+TCGv_i32 t3 = tcg_temp_new_i32();
 
 tcg_gen_trunc_tl_i32(t0, arg1);
 tcg_gen_trunc_tl_i32(t1, arg2);
-tcg_gen_brcondi_i32(TCG_COND_EQ, t1, 0, l1);
-if (sign) {
-TCGLabel *l3 = gen_new_label();
-tcg_gen_brcondi_i32(TCG_COND_NE, t1, -1, l3);
-tcg_gen_brcondi_i32(TCG_COND_EQ, t0, INT32_MIN, l1);
-gen_set_label(l3);
-tcg_gen_div_i32(t0, t0, t1);
-} else {
-tcg_gen_divu_i32(t0, t0, t1);
-}
-if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 0);
-}
-tcg_gen_br(l2);
-gen_set_label(l1);
 if (sign) {
-tcg_gen_sari_i32(t0, t0, 31);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t2, t0, INT_MIN);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_i32(t2, t2, t3);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_i32(t2, t2, t3);
+tcg_gen_movi_i32(t3, 0);
+tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_div_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
 } else {
-tcg_gen_movi_i32(t0, 0);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t2, t1, 0);
+tcg_gen_movi_i32(t3, 0);
+tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_divu_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
 }
 if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 1);
-tcg_gen_movi_tl(cpu_so, 1);
+tcg_gen_extu_i32_tl(cpu_ov, t2);
+tcg_gen_or_tl(cpu_so, cpu_so, cpu_ov);
 }
-gen_set_label(l2);
-tcg_gen_extu_i32_tl(ret, t0);
 tcg_temp_free_i32(t0);
 tcg_temp_free_i32(t1);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t3);
+
 if (unlikely(Rc(ctx->opcode) != 0))
 gen_set_Rc0(ctx, ret);
 }
-- 
2.7.4

[Qemu-devel] [PATCH v4 13/15] target-ppc: add maddld instruction

[Nikunj A Dadhania]

maddld: Multiply-Add Low Doubleword

Multiplies two 64-bit registers (RA * RB), adds third register(RC) to
the result(quadword) and returns the lower dword in the target
register(RT).

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/translate.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index fa1c28c..81a87e9 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -7741,6 +7741,17 @@ GEN_VAFORM_PAIRED(vmsumshm, vmsumshs, 20)
 GEN_VAFORM_PAIRED(vsel, vperm, 21)
 GEN_VAFORM_PAIRED(vmaddfp, vnmsubfp, 23)
 
+#if defined(TARGET_PPC64)
+static void gen_maddld(DisasContext *ctx)
+{
+TCGv_i64 t1 = tcg_temp_new_i64();
+
+tcg_gen_mul_i64(t1, cpu_gpr[rA(ctx->opcode)], cpu_gpr[rB(ctx->opcode)]);
+tcg_gen_add_i64(cpu_gpr[rD(ctx->opcode)], t1, cpu_gpr[rC(ctx->opcode)]);
+tcg_temp_free_i64(t1);
+}
+#endif /* defined(TARGET_PPC64) */
+
 GEN_VXFORM_NOA(vclzb, 1, 28)
 GEN_VXFORM_NOA(vclzh, 1, 29)
 GEN_VXFORM_NOA(vclzw, 1, 30)
@@ -10356,6 +10367,9 @@ GEN_HANDLER(lvsr, 0x1f, 0x06, 0x01, 0x0001, 
PPC_ALTIVEC),
 GEN_HANDLER(mfvscr, 0x04, 0x2, 0x18, 0x001ff800, PPC_ALTIVEC),
 GEN_HANDLER(mtvscr, 0x04, 0x2, 0x19, 0x03ff, PPC_ALTIVEC),
 GEN_HANDLER(vmladduhm, 0x04, 0x11, 0xFF, 0x, PPC_ALTIVEC),
+#if defined(TARGET_PPC64)
+GEN_HANDLER_E(maddld, 0x04, 0x19, 0xFF, 0x, PPC_NONE, PPC2_ISA300),
+#endif
 GEN_HANDLER2(evsel0, "evsel", 0x04, 0x1c, 0x09, 0x, PPC_SPE),
 GEN_HANDLER2(evsel1, "evsel", 0x04, 0x1d, 0x09, 0x, PPC_SPE),
 GEN_HANDLER2(evsel2, "evsel", 0x04, 0x1e, 0x09, 0x, PPC_SPE),
-- 
2.7.4

[Qemu-devel] [PATCH v4 12/15] target-ppc: add setb instruction

[Nikunj A Dadhania]

From: Vivek Andrew Sha 

The CR number is provided in the opcode as - BFA (11:13)

Returns:
  -1 if bit 0 of CR field is set
   1 if bit 1 of CR field is set
   0 otherwise.

Signed-off-by: Vivek Andrew Sha 
[ reworded commit, used 32bit ops as crf is 32bits ]
Signed-off-by: Nikunj A Dadhania 
Reviewed-by: Richard Henderson 
---
 target-ppc/translate.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 8d56da8..fa1c28c 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -4868,6 +4868,27 @@ static void gen_mtspr(DisasContext *ctx)
 }
 }
 
+#if defined(TARGET_PPC64)
+/* setb */
+static void gen_setb(DisasContext *ctx)
+{
+TCGv_i32 t0 = tcg_temp_new_i32();
+TCGv_i32 t8 = tcg_temp_new_i32();
+TCGv_i32 tm1 = tcg_temp_new_i32();
+int crf = crfS(ctx->opcode);
+
+tcg_gen_setcondi_i32(TCG_COND_GEU, t0, cpu_crf[crf], 4);
+tcg_gen_movi_i32(t8, 8);
+tcg_gen_movi_i32(tm1, -1);
+tcg_gen_movcond_i32(TCG_COND_GEU, t0, cpu_crf[crf], t8, tm1, t0);
+tcg_gen_ext_i32_tl(cpu_gpr[rD(ctx->opcode)], t0);
+
+tcg_temp_free_i32(t0);
+tcg_temp_free_i32(t8);
+tcg_temp_free_i32(tm1);
+}
+#endif
+
 /*** Cache management  ***/
 
 /* dcbf */
@@ -10186,6 +10207,7 @@ GEN_HANDLER(mftb, 0x1F, 0x13, 0x0B, 0x0001, 
PPC_MFTB),
 GEN_HANDLER(mtcrf, 0x1F, 0x10, 0x04, 0x0801, PPC_MISC),
 #if defined(TARGET_PPC64)
 GEN_HANDLER(mtmsrd, 0x1F, 0x12, 0x05, 0x001EF801, PPC_64B),
+GEN_HANDLER_E(setb, 0x1F, 0x00, 0x04, 0x0003F801, PPC_NONE, PPC2_ISA300),
 #endif
 GEN_HANDLER(mtmsr, 0x1F, 0x12, 0x04, 0x001EF801, PPC_MISC),
 GEN_HANDLER(mtspr, 0x1F, 0x13, 0x0E, 0x, PPC_MISC),
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 4/6] cadence_gem: Add queue support

[Peter Maydell]

On 26 July 2016 at 01:12, Alistair Francis  wrote:
> Signed-off-by: Alistair Francis 
> ---
>
> There is a indentation error in this patch in the gem_transmit function.
> I have written it like that to make it easier to see the changes. It is
> fixed in the next patch.
>
> V2:
>  - Use the new screening function
>  - Update interrupt generation
>  - Increase vmstate to 3.0
>
>  hw/net/cadence_gem.c | 180 
> ---
>  include/hw/net/cadence_gem.h |   2 +-
>  2 files changed, 135 insertions(+), 47 deletions(-)
>
> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> index d38bc1e..28c2ddb 100644
> --- a/hw/net/cadence_gem.c
> +++ b/hw/net/cadence_gem.c
> @@ -142,6 +142,30 @@
>  #define GEM_DESCONF6  (0x0294/4)
>  #define GEM_DESCONF7  (0x0298/4)
>
> +#define GEM_INT_Q1_STATUS   (0x0400 / 4)
> +#define GEM_INT_Q1_MASK (0x0640 / 4)
> +
> +#define GEM_TRANSMIT_Q1_PTR (0x0440 / 4)
> +#define GEM_TRANSMIT_Q15_PTR(GEM_TRANSMIT_Q1_PTR + 14)
> +
> +#define GEM_RECEIVE_Q1_PTR  (0x0480 / 4)
> +#define GEM_RECEIVE_Q15_PTR (GEM_RECEIVE_Q1_PTR + 14)
> +
> +#define GEM_INT_Q1_ENABLE   (0x0600 / 4)
> +#define GEM_INT_Q7_ENABLE   (GEM_INT_Q1_ENABLE + 6)
> +#define GEM_INT_Q8_ENABLE   (0x0660 / 4)
> +#define GEM_INT_Q15_ENABLE  (GEM_INT_Q8_ENABLE + 7)
> +
> +#define GEM_INT_Q1_DISABLE  (0x0620 / 4)
> +#define GEM_INT_Q7_DISABLE  (GEM_INT_Q1_DISABLE + 6)
> +#define GEM_INT_Q8_DISABLE  (0x0680 / 4)
> +#define GEM_INT_Q15_DISABLE (GEM_INT_Q8_DISABLE + 7)
> +
> +#define GEM_INT_Q1_MASK (0x0640 / 4)
> +#define GEM_INT_Q7_MASK (GEM_INT_Q1_MASK + 6)
> +#define GEM_INT_Q8_MASK (0x06A0 / 4)
> +#define GEM_INT_Q15_MASK(GEM_INT_Q8_MASK + 7)
> +
>  #define GEM_SCREENING_TYPE1_REGISTER_0  (0x0500 / 4)
>
>  #define GEM_ST1R_UDP_PORT_MATCH_ENABLE  (1 << 29)
> @@ -316,9 +340,9 @@ static inline unsigned tx_desc_get_length(unsigned *desc)
>  return desc[1] & DESC_1_LENGTH;
>  }
>
> -static inline void print_gem_tx_desc(unsigned *desc)
> +static inline void print_gem_tx_desc(unsigned *desc, uint8_t queue)
>  {
> -DB_PRINT("TXDESC:\n");
> +DB_PRINT("TXDESC (queue %" PRId8 "):\n", queue);
>  DB_PRINT("bufaddr: 0x%08x\n", *desc);
>  DB_PRINT("used_hw: %d\n", tx_desc_get_used(desc));
>  DB_PRINT("wrap:%d\n", tx_desc_get_wrap(desc));
> @@ -448,6 +472,7 @@ static void phy_update_link(CadenceGEMState *s)
>  static int gem_can_receive(NetClientState *nc)
>  {
>  CadenceGEMState *s;
> +int i;
>
>  s = qemu_get_nic_opaque(nc);
>
> @@ -460,18 +485,20 @@ static int gem_can_receive(NetClientState *nc)
>  return 0;
>  }
>
> -if (rx_desc_get_ownership(s->rx_desc[0]) == 1) {
> -if (s->can_rx_state != 2) {
> -s->can_rx_state = 2;
> -DB_PRINT("can't receive - busy buffer descriptor 0x%x\n",
> - s->rx_desc_addr[0]);
> +for (i = 0; i < s->num_priority_queues; i++) {
> +if (rx_desc_get_ownership(s->rx_desc[i]) == 1) {
> +if (s->can_rx_state != 2) {
> +s->can_rx_state = 2;
> +DB_PRINT("can't receive - busy buffer descriptor (q%d) 
> 0x%x\n",
> + i, s->rx_desc_addr[i]);
> + }
> +return 0;
>  }
> -return 0;
>  }
>
>  if (s->can_rx_state != 0) {
>  s->can_rx_state = 0;
> -DB_PRINT("can receive 0x%x\n", s->rx_desc_addr[0]);
> +DB_PRINT("can receive\n");
>  }
>  return 1;
>  }
> @@ -482,9 +509,20 @@ static int gem_can_receive(NetClientState *nc)
>   */
>  static void gem_update_int_status(CadenceGEMState *s)
>  {
> -if (s->regs[GEM_ISR]) {
> -DB_PRINT("asserting int. (0x%08x)\n", s->regs[GEM_ISR]);
> +int i;
> +
> +if (!s->num_priority_queues && s->regs[GEM_ISR]) {

Other parts of the code assume that num_priority_queues can't
be zero (ie that the smallest case is "one priority queue").
Either they're wrong or this is.

> +/* No priority queues, just trigger the interrupt */
> +DB_PRINT("asserting int.\n", i);
>  qemu_set_irq(s->irq[0], 1);
> +return;
> +}
> +
> +for (i = 0; i < s->num_priority_queues; ++i) {
> +if (s->regs[GEM_INT_Q1_STATUS + i]) {
> +DB_PRINT("asserting int. (q=%d)\n", i);
> +qemu_set_irq(s->irq[i], 1);
> +}
>  }
>  }
>
> @@ -748,17 +786,17 @@ static int get_queue_from_screen(CadenceGEMState *s, 
> uint8_t *rxbuf_ptr)
>  return 0;
>  }
>
> -static void gem_get_rx_desc(CadenceGEMState *s)
> +static void gem_get_rx_desc(CadenceGEMState *s, int q)
>  {
> -DB_PRINT("read descriptor 0x%x\n", (unsigned)s->rx_desc_addr[0]);
> +DB_PRINT("read

Re: [Qemu-devel] [PATCH v2 3/6] cadence_gem: Add support for screening

[Peter Maydell]

On 26 July 2016 at 01:12, Alistair Francis  wrote:
> The Cadence GEM hardware allows incoming data to be 'screened' based on some
> register values. Add support for these screens.
>
> Signed-off-by: Alistair Francis 
> ---
> V2:
>  - Initial commit
>
>  hw/net/cadence_gem.c | 151 
> +++
>  include/hw/net/cadence_gem.h |   2 +
>  2 files changed, 153 insertions(+)
>
> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> index deae122..d38bc1e 100644
> --- a/hw/net/cadence_gem.c
> +++ b/hw/net/cadence_gem.c
> @@ -26,6 +26,7 @@
>  #include  /* For crc32 */
>
>  #include "hw/net/cadence_gem.h"
> +#include "qemu/log.h"
>  #include "net/checksum.h"
>
>  #ifdef CADENCE_GEM_ERR_DEBUG
> @@ -141,6 +142,37 @@
>  #define GEM_DESCONF6  (0x0294/4)
>  #define GEM_DESCONF7  (0x0298/4)
>
> +#define GEM_SCREENING_TYPE1_REGISTER_0  (0x0500 / 4)
> +
> +#define GEM_ST1R_UDP_PORT_MATCH_ENABLE  (1 << 29)
> +#define GEM_ST1R_DSTC_ENABLE(1 << 28)
> +#define GEM_ST1R_UDP_PORT_MATCH_SHIFT   (12)
> +#define GEM_ST1R_UDP_PORT_MATCH_WIDTH   (27 - GEM_ST1R_UDP_PORT_MATCH_SHIFT 
> + 1)
> +#define GEM_ST1R_DSTC_MATCH_SHIFT   (4)
> +#define GEM_ST1R_DSTC_MATCH_WIDTH   (11 - GEM_ST1R_DSTC_MATCH_SHIFT + 1)
> +#define GEM_ST1R_QUEUE_SHIFT(0)
> +#define GEM_ST1R_QUEUE_WIDTH(3 - GEM_ST1R_QUEUE_SHIFT + 1)
> +
> +#define GEM_SCREENING_TYPE2_REGISTER_0  (0x0540 / 4)
> +
> +#define GEM_ST2R_COMPARE_A_ENABLE   (1 << 18)
> +#define GEM_ST2R_COMPARE_A_SHIFT(13)
> +#define GEM_ST2R_COMPARE_WIDTH  (17 - GEM_ST2R_COMPARE_A_SHIFT + 1)
> +#define GEM_ST2R_ETHERTYPE_ENABLE   (1 << 12)
> +#define GEM_ST2R_ETHERTYPE_INDEX_SHIFT  (9)
> +#define GEM_ST2R_ETHERTYPE_INDEX_WIDTH  (11 - GEM_ST2R_ETHERTYPE_INDEX_SHIFT 
> \
> ++ 1)
> +#define GEM_ST2R_QUEUE_SHIFT(0)
> +#define GEM_ST2R_QUEUE_WIDTH(3 - GEM_ST2R_QUEUE_SHIFT + 1)
> +
> +#define GEM_SCREENING_TYPE2_ETHERTYPE_REG_0 (0x06e0 / 4)
> +#define GEM_TYPE2_COMPARE_0_WORD_0  (0x0700 / 4)
> +
> +#define GEM_T2CW1_COMPARE_OFFSET_SHIFT  (7)
> +#define GEM_T2CW1_COMPARE_OFFSET_WIDTH  (8 - GEM_T2CW1_COMPARE_OFFSET_SHIFT 
> + 1)
> +#define GEM_T2CW1_OFFSET_VALUE_SHIFT(0)
> +#define GEM_T2CW1_OFFSET_VALUE_WIDTH(6 - GEM_T2CW1_OFFSET_VALUE_SHIFT + 
> 1)
> +
>  /*/
>  #define GEM_NWCTRL_TXSTART 0x0200 /* Transmit Enable */
>  #define GEM_NWCTRL_TXENA   0x0008 /* Transmit Enable */
> @@ -601,6 +633,121 @@ static int gem_mac_address_filter(CadenceGEMState *s, 
> const uint8_t *packet)
>  return GEM_RX_REJECT;
>  }
>
> +/* Figure out which queue the recieved data should be sent to */

"received"

> +static int get_queue_from_screen(CadenceGEMState *s, uint8_t *rxbuf_ptr)

Nothing seems to call this -- this probably results in a complaint
about an unused function if you build at this point in the series
(possibly only with optimisation on).

Do we need to also pass in the length of the rxbuf to avoid
reading beyond the end of short packets?

> +{
> +uint32_t reg;
> +bool matched, mismatched;
> +int i, j;
> +
> +for (i = 0; i < s->num_type1_screeners; i++) {
> +reg = s->regs[GEM_SCREENING_TYPE1_REGISTER_0 + i];
> +matched = false;
> +mismatched = false;
> +
> +/* Screening is based on UDP Port */
> +if (reg & GEM_ST1R_UDP_PORT_MATCH_ENABLE) {
> +uint16_t udp_port = rxbuf_ptr[14 + 22] << 8 | rxbuf_ptr[14 + 23];
> +if (udp_port == extract32(reg, GEM_ST1R_UDP_PORT_MATCH_SHIFT,
> +   GEM_ST1R_UDP_PORT_MATCH_WIDTH)) {
> +matched = true;
> +} else {
> +mismatched = true;
> +}
> +}
> +
> +/* Screening is based on DS/TC */
> +if (reg & GEM_ST1R_DSTC_ENABLE) {
> +uint16_t dscp = rxbuf_ptr[14 + 1];

Why uint16_t if we're only reading one byte?

> +if (dscp == extract32(reg, GEM_ST1R_DSTC_MATCH_SHIFT,
> +   GEM_ST1R_DSTC_MATCH_WIDTH)) {
> +matched = true;
> +} else {
> +mismatched = true;
> +}
> +}
> +
> +if (matched && !mismatched) {
> +return extract32(reg, GEM_ST1R_QUEUE_SHIFT, 
> GEM_ST1R_QUEUE_WIDTH);
> +}
> +}
> +
> +for (i = 0; i < s->num_type2_screeners; i++) {
> +reg = s->regs[GEM_SCREENING_TYPE2_REGISTER_0 + i];
> +matched = false;
> +mismatched = false;
> +
> +if (reg & GEM_ST2R_ETHERTYPE_ENABLE) {
> +uint16_t type = rxbuf_ptr[12] << 8 | rxbuf_ptr[13];
> +int et_idx = extract32(reg, GEM_ST2R_ETHERTYPE_INDEX_SHIFT,
> +GEM_ST2R_ETHERTYPE_INDEX_WIDTH);
> +
> +if (et_idx > 

[Qemu-devel] [PATCH] ppc: Fix fault PC reporting for lve*/stve* VMX instructions

[Benjamin Herrenschmidt]

We forgot to do gen_update_nip() for these like we do with other
helpers. Fix this, but in a more efficient way by passing the RA
to the accessors instead so the overhead is only taken on faults.

Signed-off-by: Benjamin Herrenschmidt 
---
 target-ppc/mem_helper.c | 21 +++--
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
index e4de86b..e4ed377 100644
--- a/target-ppc/mem_helper.c
+++ b/target-ppc/mem_helper.c
@@ -232,16 +232,16 @@ target_ulong helper_lscbx(CPUPPCState *env, target_ulong 
addr, uint32_t reg,
 \
 if (needs_byteswap(env)) {  \
 r->element[LO_IDX ? index : (adjust - index)] = \
-swap(access(env, addr));\
+swap(access(env, addr, GETPC()));   \
 } else {\
 r->element[LO_IDX ? index : (adjust - index)] = \
-access(env, addr);  \
+access(env, addr, GETPC()); \
 }   \
 }
 #define I(x) (x)
-LVE(lvebx, cpu_ldub_data, I, u8)
-LVE(lvehx, cpu_lduw_data, bswap16, u16)
-LVE(lvewx, cpu_ldl_data, bswap32, u32)
+LVE(lvebx, cpu_ldub_data_ra, I, u8)
+LVE(lvehx, cpu_lduw_data_ra, bswap16, u16)
+LVE(lvewx, cpu_ldl_data_ra, bswap32, u32)
 #undef I
 #undef LVE
 
@@ -259,16 +259,17 @@ LVE(lvewx, cpu_ldl_data, bswap32, u32)
 \
 if (needs_byteswap(env)) {  \
 access(env, addr, swap(r->element[LO_IDX ? index :  \
-  (adjust - index)]));  \
+  (adjust - index)]),   \
+GETPC());   \
 } else {\
 access(env, addr, r->element[LO_IDX ? index :   \
- (adjust - index)]);\
+ (adjust - index)], GETPC());   \
 }   \
 }
 #define I(x) (x)
-STVE(stvebx, cpu_stb_data, I, u8)
-STVE(stvehx, cpu_stw_data, bswap16, u16)
-STVE(stvewx, cpu_stl_data, bswap32, u32)
+STVE(stvebx, cpu_stb_data_ra, I, u8)
+STVE(stvehx, cpu_stw_data_ra, bswap16, u16)
+STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
 #undef I
 #undef LVE
 

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Amit Shah]

On (Tue) 26 Jul 2016 [11:41:33], Igor Mammedov wrote:
> On Tue, 26 Jul 2016 10:41:38 +0530
> Amit Shah  wrote:
> 
> > On (Wed) 20 Jul 2016 [12:08:32], Eduardo Habkost wrote:
> > > From: Igor Mammedov 
> > > 
> > > instance_id is generated by last_used_id + 1 for a given device type
> > > so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
> > > When CPU in the middle is hot-removed and migration started
> > > APICs with instance_ids 0 and 2 are transferred in migration stream.
> > > However target starts with 2 CPUs and APICs' instance_ids are
> > > generated from scratch [0, 1] hence migration fails with error
> > >   Unknown savevm section or instance 'apic' 2
> > > 
> > > Fix issue by manually registering APIC's vmsd with apic_id as
> > > instance_id, in this case instance_id on target will always
> > > match instance_id on source as apic_id is the same for a given
> > > cpu instance.
> > > 
> > > Reported-by: Bharata B Rao 
> > > Signed-off-by: Igor Mammedov 
> > > Reviewed-by: Dr. David Alan Gilbert 
> > > Reviewed-by: Michael S. Tsirkin 
> > > Signed-off-by: Eduardo Habkost   
> > 
> > After these patches, the static checker complains about missing
> > sections:
> > 
> > Section "apic-common" does not exist in dest
> > Section "apic" does not exist in dest
> > Section "kvm-apic" does not exist in dest
> > 
> > This will break migration from older versions.
> Still can't reproduce:
> here is my CLI on SRC:
>   qemu-system-x86_64-v2.6.0  \
>-snapshot -enable-kvm -smp 6,maxcpus=6 -m 256M rhel72.img -monitor stdio 
> -M pc-i440fx-2.6 -nodefaults
> 
> monitor# stop
> monitor# migrate "exec:gzip -c > STATEFILE.gz"
> ^C
> 
> CLI on DST:
>   qemu-system-x86_64-v2.7.0-rc0 \
>-snapshot -enable-kvm -smp 6,maxcpus=6 -m 256M rhel72.img -monitor stdio 
> -M pc-i440fx-2.6 -nodefaults -incoming "exec: gzip -c -d STATEFILE.gz"

I'll check.

> But I've found issue with I2C, which breaks migration for me with:
> 
> (qemu) qemu-system-x86_64: Missing section footer for i2c_bus
> qemu-system-x86_64: load of migration failed: Invalid argument
> 
> Which is bisects to:
> 
> commit 2293c27faddf9547dd8b52423caa6e85844eec3a
> Author: KONRAD Frederic 
> Date:   Tue Jun 14 15:59:14 2016 +0100
> 
> i2c: implement broadcast write
> 
> hacking migration hunks of it to old VMState fixes I2C issue,
> and no apic related issues are noticed.

Yea, the i2c change will also break migration: adding a field
('broadcast') without updating version info.

i2c doesn't appear at all in the json output, so the script didn't
catch it.  I'll check why.

Amit

Re: [Qemu-devel] [PATCH] tcg: Merge GETPC and GETRA

[Benjamin Herrenschmidt]

On Tue, 2016-07-26 at 06:12 +0530, Richard Henderson wrote:
> The return address argument to the softmmu template helpers was
> confused.  In the legacy case, we wanted to indicate that there
> is no return address, and so passed in NULL.  However, we then
> immediately subtracted GETPC_ADJ from NULL, resulting in a non-zero
> value, indicating the presence of an (invalid) return address.
> 
> Push the GETPC_ADJ subtraction down to the only point it's required:
> immediately before use within cpu_restore_state, after all NULL
> pointer
> checks have been completed.  This makes GETPC and GETRA identical.
> 
> Remove GETRA as the lesser used macro, replacing all uses with GETPC.
> 
> Signed-off-by: Richard Henderson 
> ---
> 
> Ben, this should fix the "-2" problem that you reported.  Of course,
> as also discussed in that thread, this won't fix the whole issue.

I haven't had a chance to review the details of the patch but I
verified that all my test OSes still boot with it applied ;-)

Cheers,
Ben.

Re: [Qemu-devel] [PATCH] vl: remove unnecessary duplicate call to tpm_cleanup

[Michael Tokarev]

16.06.2016 15:25, Paolo Bonzini wrote:
> tpm_cleanup is called from main() and also registered with atexit from
> tpm_init.  The function only visits the tpm_backends linked list, and the
> atexit registration happens right after tpm_init fills in the list from
> -tpmdev options.  Therefore, the direct call is unnecessary.  Remove it.

Applied to -trivial. thanks!

/mjt

Re: [Qemu-devel] [PATCH] pic: fix typo in error message: KVM_GET_IRQCHIP -> KVM_SET_IRQCHIP

[Michael Tokarev]

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] sparc: Use g_memdup() instead of g_new0() + memcpy()

[Michael Tokarev]

16.06.2016 20:33, Thomas Huth wrote:
> There is no need to make sure that the memory is zeroed after the
> allocation if we also immediatly fill the whole buffer afterwards
> with memcpy(). Thus g_new0 should be g_new instead. But since we
> are also doing a memcpy() here, we can also simply replace both
> with g_memdup() instead.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] trace-event: display "%d" instead of "0x%d"

[Michael Tokarev]

22.06.2016 18:34, Laurent Vivier wrote:
> Display the slot number of mhp_pc_dimm_assigned_slot()
> using "%d" without the "0x".

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] linux-user, trivial: display "0x%x" instead of "0x%d"

[Michael Tokarev]

20.06.2016 12:51, Laurent Vivier wrote:
> Display an exception number, generally defined as an hexadecimal
> number (for instance, EXCP_HLT is 0x10001).

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] Document that curses usually needs -k option too

[Michael Tokarev]

Applied to -trivial, thank you!

/mjt

Re: [Qemu-devel] Confusing I/O throttling behavior with burst_length > 1 and max < avg

[Alberto Garcia]

On Thu, Jul 14, 2016 at 01:18:19PM +0100, Stefan Hajnoczi wrote:

> The following throttling behavior was observed with bps=512000
> bps_max=51200 throttling.bps-total-max-length=2:
> 
>   READ: io=512KB, aggrb=50KB/s, minb=50KB/s, maxb=50KB/s, mint=10061msec, 
> maxt=10061msec
> 
> If bps-total-max-length=1 then the result is different:
> 
>   READ: io=5056KB, aggrb=505KB/s, minb=505KB/s, maxb=505KB/s, mint=10006msec, 
> maxt=10006msec
> 
> The burst limits guest bps instead of adding on top of it when
> burst_length > 1.

Thanks Stefan,

I think we should forbid that kind of setup altogether. I wrote a few
more details in the bug report:

> https://bugzilla.redhat.com/show_bug.cgi?id=1355665

I can write the patch.

Berto

Re: [Qemu-devel] [PATCH for-2.6 0/2] Fix regression with the default naming of throttling groups

[Alberto Garcia]

On Fri, Jul 08, 2016 at 05:05:12PM +0300, Alberto Garcia wrote:
> Hi,
> 
> Stefan reported this, this is a regression caused by commit
> efaa7c4eeb7490c6f37f3.
> 
> I sent a separate series for the git master, this is the backport
> for QEMU v2.6.0.

ping

Berto

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 26/07/2016 12:02, Thomas Huth wrote:
> On 26.07.2016 11:53, Laurent Vivier wrote:
>>
>>
>> On 26/07/2016 11:39, Laurent Vivier wrote:
>>>
>>>
>>> On 26/07/2016 11:28, Thomas Huth wrote:
 On 26.07.2016 11:23, Laurent Vivier wrote:
>
>
> On 23/07/2016 08:30, David Gibson wrote:
>> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
>>>
>>>
>>> On 22/07/2016 08:43, David Gibson wrote:
 On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
> As userfaultfd syscall is available on powerpc, migration
> postcopy can be used.
>
> This patch adds the support needed to test this on powerpc,
> instead of using a bootsector to run code to modify memory,
> we use a FORTH script in "boot-command" property.
>
> As spapr machine doesn't support "-prom-env" argument
> (the nvram is initialized by SLOF and not by QEMU),
> "boot-command" is provided to SLOF via a file mapped nvram
> (with "-drive file=...,if=pflash")
>
> Signed-off-by: Laurent Vivier 
> ---
> v2: move FORTH script directly in sprintf()
> use openbios_firmware_abi.h
> remove useless "default" case
>
>  tests/Makefile.include |   1 +
>  tests/postcopy-test.c  | 116 
> +
>  2 files changed, 98 insertions(+), 19 deletions(-)

 There's a mostly cosmetic problem with this.  If you run make check
 for a ppc64 target on an x86 machine, you get:

 GTESTER check-qtest-ppc64
 "kvm" accelerator not found.
 "kvm" accelerator not found.
>>>
>>> I think this is because of "-machine accel=kvm:tcg", it tries to use kvm
>>> and fall back to tcg.
>>>
>>> accel.c:
>>>
>>>  80 void configure_accelerator(MachineState *ms)
>>>  81 {
>>> ...
>>> 100 acc = accel_find(buf);
>>> 101 if (!acc) {
>>> 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
>>> buf);
>>> 103 continue;
>>> 104 }
>>>
>>> We can remove the "-machine" argument to use the default instead (tcg or
>>> kvm).
>>
>> That sounds like a good option for a general test.
>
> In fact, we can't: we need to add a "-machine accel=" to our command
> line to override the "-machine accel=qtest" provided by the qtest
> framework. If we don't override it, the machine doesn't start.

 Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
>>>
>>> I think it needs to be dynamic as the same binary test is used on x86 to
>>> test x86 and ppc64, and vice-versa. I'm going to check if we have
>>> something like "qtest_get_accel()"...
>>
>> Something like that should work:
>>
>> --- a/tests/postcopy-test.c
>> +++ b/tests/postcopy-test.c
>> @@ -380,12 +380,17 @@ static void test_migrate(void)
>>tmpfs, bootpath, uri);
>>  } else if (strcmp(arch, "ppc64") == 0) {
>>  init_bootfile_ppc(bootpath);
>> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
>> +#ifdef _ARCH_PPC64
> 
> I think you'd need to test CONFIG_KVM, too, since it could also have
> been disabled on on PPC, couldn't it?

Sure.

>> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
>> +#else
>> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
>> +#endif
> 
> Alternatively, what about shutting up the message in accel.c by changing
> it like that:
> 
> if (!qtest_enabled()) {
> error_report("\"%s\" accelerator not found.\n", buf);
> }
> 

I've tried that, and we always get the messages in the "make check" output.

Laurent

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Igor Mammedov]

On Tue, 26 Jul 2016 17:17:47 +0530
Amit Shah  wrote:

> On (Tue) 26 Jul 2016 [10:00:49], Igor Mammedov wrote:
> > On Tue, 26 Jul 2016 10:41:38 +0530
> > Amit Shah  wrote:
> >   
> > > On (Wed) 20 Jul 2016 [12:08:32], Eduardo Habkost wrote:  
> > > > From: Igor Mammedov 
> > > > 
> > > > instance_id is generated by last_used_id + 1 for a given device type
> > > > so for QEMU with 3 CPUs instance_id for APICs is a seti of [0, 1, 2]
> > > > When CPU in the middle is hot-removed and migration started
> > > > APICs with instance_ids 0 and 2 are transferred in migration stream.
> > > > However target starts with 2 CPUs and APICs' instance_ids are
> > > > generated from scratch [0, 1] hence migration fails with error
> > > >   Unknown savevm section or instance 'apic' 2
> > > > 
> > > > Fix issue by manually registering APIC's vmsd with apic_id as
> > > > instance_id, in this case instance_id on target will always
> > > > match instance_id on source as apic_id is the same for a given
> > > > cpu instance.
> > > > 
> > > > Reported-by: Bharata B Rao 
> > > > Signed-off-by: Igor Mammedov 
> > > > Reviewed-by: Dr. David Alan Gilbert 
> > > > Reviewed-by: Michael S. Tsirkin 
> > > > Signed-off-by: Eduardo Habkost 
> > > 
> > > After these patches, the static checker complains about missing
> > > sections:
> > > 
> > > Section "apic-common" does not exist in dest
> > > Section "apic" does not exist in dest
> > > Section "kvm-apic" does not exist in dest  
> > It works for me, could you post reproducing commands?  
> 
> This was flagged by a nightly run of the static checker when this
> series was pulled.  On a 'before' tree, ie one w/o the patches, do
> this:
> 
> qemu -dump-vmstate before.json
> 
> and for after:
> 
> qemu -dump-vmstate after.json
> 
> then,
> 
> python ./scripts/vmstate-static-checker.py -s before.json -d after.json
I don't think it is valid comparison though, as it compares default PC machines.
In this case it's pc-i440fx-2.6 and pc-i440fx-2.7, you see the difference
which is expected due to instance_id change.

You shouldn't see it when comparing same machine types.
 
> and that shows the output from above.
>
> 
>   Amit

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[Laurent Vivier]

On 26/07/2016 14:53, Laurent Vivier wrote:
> 
> 
> On 26/07/2016 12:02, Thomas Huth wrote:
>> On 26.07.2016 11:53, Laurent Vivier wrote:
>>>
>>>
>>> On 26/07/2016 11:39, Laurent Vivier wrote:


 On 26/07/2016 11:28, Thomas Huth wrote:
> On 26.07.2016 11:23, Laurent Vivier wrote:
>>
>>
>> On 23/07/2016 08:30, David Gibson wrote:
>>> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:


 On 22/07/2016 08:43, David Gibson wrote:
> On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
>> As userfaultfd syscall is available on powerpc, migration
>> postcopy can be used.
>>
>> This patch adds the support needed to test this on powerpc,
>> instead of using a bootsector to run code to modify memory,
>> we use a FORTH script in "boot-command" property.
>>
>> As spapr machine doesn't support "-prom-env" argument
>> (the nvram is initialized by SLOF and not by QEMU),
>> "boot-command" is provided to SLOF via a file mapped nvram
>> (with "-drive file=...,if=pflash")
>>
>> Signed-off-by: Laurent Vivier 
>> ---
>> v2: move FORTH script directly in sprintf()
>> use openbios_firmware_abi.h
>> remove useless "default" case
>>
>>  tests/Makefile.include |   1 +
>>  tests/postcopy-test.c  | 116 
>> +
>>  2 files changed, 98 insertions(+), 19 deletions(-)
>
> There's a mostly cosmetic problem with this.  If you run make check
> for a ppc64 target on an x86 machine, you get:
>
> GTESTER check-qtest-ppc64
> "kvm" accelerator not found.
> "kvm" accelerator not found.

 I think this is because of "-machine accel=kvm:tcg", it tries to use 
 kvm
 and fall back to tcg.

 accel.c:

  80 void configure_accelerator(MachineState *ms)
  81 {
 ...
 100 acc = accel_find(buf);
 101 if (!acc) {
 102 fprintf(stderr, "\"%s\" accelerator not found.\n", 
 buf);
 103 continue;
 104 }

 We can remove the "-machine" argument to use the default instead (tcg 
 or
 kvm).
>>>
>>> That sounds like a good option for a general test.
>>
>> In fact, we can't: we need to add a "-machine accel=" to our command
>> line to override the "-machine accel=qtest" provided by the qtest
>> framework. If we don't override it, the machine doesn't start.
>
> Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?

 I think it needs to be dynamic as the same binary test is used on x86 to
 test x86 and ppc64, and vice-versa. I'm going to check if we have
 something like "qtest_get_accel()"...
>>>
>>> Something like that should work:
>>>
>>> --- a/tests/postcopy-test.c
>>> +++ b/tests/postcopy-test.c
>>> @@ -380,12 +380,17 @@ static void test_migrate(void)
>>>tmpfs, bootpath, uri);
>>>  } else if (strcmp(arch, "ppc64") == 0) {
>>>  init_bootfile_ppc(bootpath);
>>> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
>>> +#ifdef _ARCH_PPC64
>>
>> I think you'd need to test CONFIG_KVM, too, since it could also have
>> been disabled on on PPC, couldn't it?
> 
> Sure.
> 
>>> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
>>> +#else
>>> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
>>> +#endif
>>
>> Alternatively, what about shutting up the message in accel.c by changing
>> it like that:
>>
>> if (!qtest_enabled()) {
>> error_report("\"%s\" accelerator not found.\n", buf);
>> }
>>
> 
> I've tried that, and we always get the messages in the "make check" output.

No, I'm wrong: I didn't add the "qtest_enabled()", only replace the
fprintf() by an "error_report()"... it should work.

Laurent

Re: [Qemu-devel] [PATCH] qemu-img: fix error messages emitted by img_open()

[Stefan Hajnoczi]

On Mon, Jul 25, 2016 at 05:58:54PM +0200, Markus Armbruster wrote:
> Stefan Hajnoczi  writes:
> 
> > On Thu, Jul 21, 2016 at 10:41:53AM +0200, Reda Sallahi wrote:
> >> img_open_file() and img_open_opts() were printing error messages with a
> >> duplicate part because of a wrong use of error_reportf_err() (e.g.
> >> qemu-img: Could not open 'foo': Could not open 'foo': No such file or 
> >> directory)
> >> 
> >> This change uses error_report_err() instead to eliminate the duplicate 
> >> part.
> >> 
> >> Signed-off-by: Reda Sallahi 
> >> ---
> >>  qemu-img.c | 4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)
> >> 
> >> diff --git a/qemu-img.c b/qemu-img.c
> >> index 2e40e1f..dc6652d 100644
> >> --- a/qemu-img.c
> >> +++ b/qemu-img.c
> >> @@ -268,7 +268,7 @@ static BlockBackend *img_open_opts(const char *optstr,
> >>  options = qemu_opts_to_qdict(opts, NULL);
> >>  blk = blk_new_open(NULL, NULL, options, flags, &local_err);
> >>  if (!blk) {
> >> -error_reportf_err(local_err, "Could not open '%s': ", optstr);
> >> +error_report_err(local_err);
> >>  return NULL;
> >>  }
> >>  blk_set_enable_write_cache(blk, !writethrough);
> >> @@ -295,7 +295,7 @@ static BlockBackend *img_open_file(const char 
> >> *filename,
> >>  
> >>  blk = blk_new_open(filename, NULL, options, flags, &local_err);
> >>  if (!blk) {
> >> -error_reportf_err(local_err, "Could not open '%s': ", filename);
> >> +error_report(local_err);
> >>  return NULL;
> >>  }
> >>  blk_set_enable_write_cache(blk, !writethrough);
> >
> > The duplication happens in the "Could not open 'foo'" case, but other
> > error cases do not include the filename in the error message.
> >
> > We would lose information in those error cases since the filename is no
> > longer included by qemu-img.c in the error message.
> 
> Could you give an example of such an information loss?

The issue is that while this patch eliminates duplication in:

  qemu-img: Could not open 'foo': Could not open 'foo': No such file or 
directory

It loses the name from:

  qemu-img: Driver 'bar' is not whitelisted

or any other error message in block.c that doesn't include the filename.

This is probably the reason why qemu-img.c prepends "Could not open
'%s'".

> > I'm not aware of a clean way to distinguish Error objects.  Maybe
> > someone else can suggest one.  Otherwise it may be best to leave the
> > code as it is.
> 
> If you need to distinguish different kinds of errors to conditionally
> rewrite the error message so it makes actual sense, chances are the
> error messages that need the rewriting should be improved instead.
> 
> A more legitimate case is when a caller needs to handle different errors
> differently.  Doesn't occur all that often.
> 
> There are two techniques for callers to distinguish different kinds of
> Errors:
> 
> * ErrorClass, use error_get_class() to retrieve it.  This is actually a
>   remnant of the failed "rich" error object idea.  Almost always
>   ERROR_CLASS_GENERIC_ERROR, so this is unlikely to help.
> 
> * Error code separate from the Error object, e.g. the function returns
>   -errno in addition to an Error object.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL v2 27/30] mptsas: remove unnecessary internal msi state flag

[Michael S. Tsirkin]

On Tue, Jul 26, 2016 at 04:48:06PM +0530, Amit Shah wrote:
> On (Tue) 26 Jul 2016 [15:29:36], Cao jin wrote:
> > Hi Amit
> > 
> > I will take care of this.
> > BTW, did't see it in coverity scan outstanding defects, Do I missed or it is
> > checked by other static check tools?
> 
> This is checked with the vmstate static checker --
> scripts/vmstate-static-checker.py.
> 
> The -dump-vmstate cmdline option to qemu gives a json file that the
> static checker uses as input.  Get a 'before' and 'after' version of
> the json files, and pass those on to the checker with '-s' and '-d'
> arguments respectively.
> 
> Thanks,
> 
>   Amit

How about adding this to make check?
You can run this with a given machine type to avoid too much churn.

-- 
MST

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Amit Shah]

On (Tue) 26 Jul 2016 [14:58:39], Igor Mammedov wrote:
> > This was flagged by a nightly run of the static checker when this
> > series was pulled.  On a 'before' tree, ie one w/o the patches, do
> > this:
> > 
> > qemu -dump-vmstate before.json
> > 
> > and for after:
> > 
> > qemu -dump-vmstate after.json
> > 
> > then,
> > 
> > python ./scripts/vmstate-static-checker.py -s before.json -d after.json
> I don't think it is valid comparison though, as it compares default PC 
> machines.
> In this case it's pc-i440fx-2.6 and pc-i440fx-2.7, you see the difference
> which is expected due to instance_id change.
> 
> You shouldn't see it when comparing same machine types.

No, this is comparing the git tree just before and after the series is
applied.

Amit

[Qemu-devel] [PATCH] iotest: fix python based IO tests

[Daniel P. Berrange]

The previous commit refactoring iotests.py:

  commit 66613974468fb6e1609fb3eabf55981b1ee436cf
  Author: Daniel P. Berrange 
  Date:   Wed Jul 20 14:23:10 2016 +0100

scripts: refactor the VM class in iotests for reuse

was not properly tested and included a number of broken
bits.

 - The 'event_match' method was not moved into qemu.py
 - The 'self._args' list parameter in QEMUMachine needs
   to be copied otherwise modifications will affect the
   global 'qemu_opts' variable in iotests.py
 - The QEMUQtestMachine class methods had inverted
   parameter order for the super() calls
 - The QEMUQtestMachine class forgot to add
   '-machine accel=qtest'
 - The QEMUQtestMachine class constructor needs to set
   a default 'name' value before using it as it may
   be None
 - The QEMUQtestMachine class constructor needs to use
   named parameters when calling the super constructor
   as it is leaving out some positional parameters.
 - The 'qemu_prog' variable should be a string not a
   list in iotests.py
 - The VM classs constructor needs to use named
   parameters when calling the super constructor
   as it is leaving out some positional parameters.

Signed-off-by: Daniel P. Berrange 
---
 scripts/qemu.py   | 19 ++-
 scripts/qtest.py  | 15 +--
 tests/qemu-iotests/iotests.py | 23 +++
 3 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/scripts/qemu.py b/scripts/qemu.py
index 9cdad24..4ba920c 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -33,7 +33,7 @@ class QEMUMachine(object):
 self._qemu_log_path = os.path.join(test_dir, name + ".log")
 self._popen = None
 self._binary = binary
-self._args = args
+self._args = list(args) # Force copy args in case we modify them
 self._wrapper = wrapper
 self._events = []
 self._iolog = None
@@ -183,6 +183,23 @@ class QEMUMachine(object):
 return events
 
 def event_wait(self, name, timeout=60.0, match=None):
+# Test if 'match' is a recursive subset of 'event'
+def event_match(event, match=None):
+if match is None:
+return True
+
+for key in match:
+if key in event:
+if isinstance(event[key], dict):
+if not event_match(event[key], match[key]):
+return False
+elif event[key] != match[key]:
+return False
+else:
+return False
+
+return True
+
 # Search cached events
 for event in self._events:
 if (event['event'] == name) and event_match(event, match):
diff --git a/scripts/qtest.py b/scripts/qtest.py
index 03bc7f6..d5c3b2c 100644
--- a/scripts/qtest.py
+++ b/scripts/qtest.py
@@ -80,24 +80,27 @@ class QEMUQtestMachine(qemu.QEMUMachine):
 '''A QEMU VM'''
 
 def __init__(self, binary, args=[], name=None, test_dir="/var/tmp"):
-super(self, QEMUQtestMachine).__init__(binary, args, name, test_dir)
+if name is None:
+name = "qemu-%d" % os.getpid()
+super(QEMUQtestMachine, self).__init__(binary, args, name=name, 
test_dir=test_dir)
 self._qtest_path = os.path.join(test_dir, name + "-qtest.sock")
 
 def _base_args(self):
-args = super(self, QEMUQtestMachine)._base_args()
-args.extend(['-qtest', 'unix:path=' + self._qtest_path])
+args = super(QEMUQtestMachine, self)._base_args()
+args.extend(['-qtest', 'unix:path=' + self._qtest_path,
+ '-machine', 'accel=qtest'])
 return args
 
 def _pre_launch(self):
-super(self, QEMUQtestMachine)._pre_launch()
+super(QEMUQtestMachine, self)._pre_launch()
 self._qtest = QEMUQtestProtocol(self._qtest_path, server=True)
 
 def _post_launch(self):
-super(self, QEMUQtestMachine)._post_launch()
+super(QEMUQtestMachine, self)._post_launch()
 self._qtest.accept()
 
 def _post_shutdown(self):
-super(self, QEMUQtestMachine)._post_shutdown()
+super(QEMUQtestMachine, self)._post_shutdown()
 self._remove_if_exists(self._qtest_path)
 
 def qtest(self, cmd):
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 14427f4..bda3cdd 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -39,7 +39,7 @@ qemu_io_args = [os.environ.get('QEMU_IO_PROG', 'qemu-io')]
 if os.environ.get('QEMU_IO_OPTIONS'):
 qemu_io_args += os.environ['QEMU_IO_OPTIONS'].strip().split(' ')
 
-qemu_prog = [os.environ.get('QEMU_PROG', 'qemu')]
+qemu_prog = os.environ.get('QEMU_PROG', 'qemu')
 qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ')
 
 imgfmt = os.environ.get('IMGFMT', 'raw')
@@ -128,28 +128,11 @@ def log(msg, filters=[]):
 msg = flt(msg)
 print msg
 
-# Test if 'match' is a recursiv

Re: [Qemu-devel] [PATCH 4/4] block: Cater to iscsi with non-power-of-2 discard

[Stefan Hajnoczi]

On Thu, Jul 21, 2016 at 01:34:48PM -0600, Eric Blake wrote:
> Dell Equallogic iSCSI SANs have a very unusual advertised geometry:
> 
> $ iscsi-inq -e 1 -c $((0xb0)) iscsi://XXX/0
> wsnz:0
> maximum compare and write length:1
> optimal transfer length granularity:0
> maximum transfer length:0
> optimal transfer length:0
> maximum prefetch xdread xdwrite transfer length:0
> maximum unmap lba count:30720
> maximum unmap block descriptor count:2
> optimal unmap granularity:30720
> ugavalid:1
> unmap granularity alignment:0
> maximum write same length:30720
> 
> which says that both the maximum and the optimal discard size
> is 15M.  It is not immediately apparent if the device allows
> discard requests not aligned to the optimal size, nor if it
> allows discards at a finer granularity than the optimal size.
> 
> I tried to find details in the SCSI Commands Reference Manual
> Rev. A on what valid values of maximum and optimal sizes are
> permitted, but while that document mentions a "Block Limits
> VPD Page", I couldn't actually find documentation of that page
> or what values it would have, or if a SCSI device has an
> advertisement of its minimal unmap granularity.  So it is not
> obvious to me whether the Dell Equallogic device is compliance
> with the SCSI specification.
> 
> Fortunately, it is easy enough to support non-power-of-2 sizing,
> even if it means we are less efficient than truly possible when
> targetting that device (for example, it means that we refuse to
> unmap anything that is not a multiple of 15M and aligned to a
> 15M boundary, even if the device truly does support a smaller
> granularity where unmapping actually works).
> 
> Reported-by: Peter Lieven 
> Signed-off-by: Eric Blake 
> 
> ---
> Help in locating the actual specs on what SCSI requires for
> page 0xb0 would be nice. But this should at least avoid the
> assertion failures that Peter is hitting.  I was able to
> test this patch using NBD on a hacked up qemu where I made
> block/nbd.c report the same block limits, and could confirm
> the assert under qemu-io 'w -z 0 40m' and 'discard 0 40m'
> pre-patch, as well as the post-patch behavior of splitting
> things to 15M alignment ('discard 1M 15M' becomes a no-op
> because it is not aligned).  But obviously it needs to be
> tested on the actual iscsi SAN that triggered the original
> report.
> ---
>  include/block/block_int.h | 37 -
>  block/io.c| 15 +--
>  2 files changed, 29 insertions(+), 23 deletions(-)

Acked-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Igor Mammedov]

On Tue, 26 Jul 2016 18:41:22 +0530
Amit Shah  wrote:

> On (Tue) 26 Jul 2016 [14:58:39], Igor Mammedov wrote:
> > > This was flagged by a nightly run of the static checker when this
> > > series was pulled.  On a 'before' tree, ie one w/o the patches, do
> > > this:
> > > 
> > > qemu -dump-vmstate before.json
> > > 
> > > and for after:
> > > 
> > > qemu -dump-vmstate after.json
> > > 
> > > then,
> > > 
> > > python ./scripts/vmstate-static-checker.py -s before.json -d after.json  
> > I don't think it is valid comparison though, as it compares default PC 
> > machines.
> > In this case it's pc-i440fx-2.6 and pc-i440fx-2.7, you see the difference
> > which is expected due to instance_id change.
> > 
> > You shouldn't see it when comparing same machine types.  
> 
> No, this is comparing the git tree just before and after the series is
> applied.
I'd say it's expected change introduced by this commit, it should be fine
as it doesn't affect other machine types and 2.7 will be released with it.

I really don't see an issue here, care to point it out?

> 
>   Amit

[Qemu-devel] [PATCH] i2c: fix migration regression introduced by broadcast support

[Igor Mammedov]

QEMU fails migration with following error:

qemu-system-x86_64: Missing section footer for i2c_bus
qemu-system-x86_64: load of migration failed: Invalid argument

when migrating from:
  qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6
to
  qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6

Regression is added by commit 2293c27f (i2c: implement broadcast write)

Fix it by moving 'broadcast' VMState to an optional subsection
enabled by default and disabled via compat properties
for pc/q35-2.6 and older machine types.

Signed-off-by: Igor Mammedov 
---
CC: fred.kon...@greensocs.com
CC: alistair.fran...@xilinx.com
CC: crosthwaite.pe...@gmail.com
CC: hyun.k...@xilinx.com
CC: peter.mayd...@linaro.org
---
 include/hw/i2c/i2c.h  |  2 +-
 include/hw/i2c/pm_smbus.h |  1 +
 include/hw/i386/pc.h  | 10 ++
 hw/acpi/piix4.c   |  2 ++
 hw/arm/pxa2xx.c   |  4 ++--
 hw/arm/stellaris.c|  2 +-
 hw/i2c/aspeed_i2c.c   |  2 +-
 hw/i2c/bitbang_i2c.c  |  2 +-
 hw/i2c/core.c | 32 +---
 hw/i2c/exynos4210_i2c.c   |  2 +-
 hw/i2c/imx_i2c.c  |  2 +-
 hw/i2c/omap_i2c.c |  2 +-
 hw/i2c/pm_smbus.c |  2 +-
 hw/i2c/smbus_ich9.c   |  7 +++
 hw/i2c/versatile_i2c.c|  2 +-
 hw/misc/auxbus.c  |  2 +-
 16 files changed, 61 insertions(+), 15 deletions(-)

diff --git a/include/hw/i2c/i2c.h b/include/hw/i2c/i2c.h
index c4085aa..488a0fa 100644
--- a/include/hw/i2c/i2c.h
+++ b/include/hw/i2c/i2c.h
@@ -50,7 +50,7 @@ struct I2CSlave
 uint8_t address;
 };
 
-I2CBus *i2c_init_bus(DeviceState *parent, const char *name);
+I2CBus *i2c_init_bus(DeviceState *parent, const char *name, bool broadcast);
 void i2c_set_slave_address(I2CSlave *dev, uint8_t address);
 int i2c_bus_busy(I2CBus *bus);
 int i2c_start_transfer(I2CBus *bus, uint8_t address, int recv);
diff --git a/include/hw/i2c/pm_smbus.h b/include/hw/i2c/pm_smbus.h
index 2a837af..b17c052 100644
--- a/include/hw/i2c/pm_smbus.h
+++ b/include/hw/i2c/pm_smbus.h
@@ -3,6 +3,7 @@
 
 typedef struct PMSMBus {
 I2CBus *smbus;
+bool smb_broadcast_enabled;
 MemoryRegion io;
 
 uint8_t smb_stat;
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index c87c5c1..738b8a5 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -391,6 +391,16 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .driver   = "apic",\
 .property = "legacy-instance-id",\
 .value= "on",\
+},\
+{\
+.driver   = "ICH9 SMB",\
+.property = "smbus-broadcast-enabled",\
+.value= "off",\
+},\
+{\
+.driver   = "PIIX4_PM",\
+.property = "smbus-broadcast-enabled",\
+.value= "off",\
 },
 
 #define PC_COMPAT_2_5 \
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 2adc246..8a29179 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -669,6 +669,8 @@ static Property piix4_pm_properties[] = {
  use_acpi_pci_hotplug, true),
 DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
  acpi_memory_hotplug.is_enabled, true),
+DEFINE_PROP_BOOL("smbus-broadcast-enabled", PIIX4PMState,
+ smb.smb_broadcast_enabled, true),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index cb55704..045ab20 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -1491,7 +1491,7 @@ PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base,
 
 s = PXA2XX_I2C(i2c_dev);
 /* FIXME: Should the slave device really be on a separate bus?  */
-i2cbus = i2c_init_bus(dev, "dummy");
+i2cbus = i2c_init_bus(dev, "dummy", true);
 dev = i2c_create_slave(i2cbus, TYPE_PXA2XX_I2C_SLAVE, 0);
 s->slave = PXA2XX_I2C_SLAVE(dev);
 s->slave->host = s;
@@ -1505,7 +1505,7 @@ static void pxa2xx_i2c_initfn(Object *obj)
 PXA2xxI2CState *s = PXA2XX_I2C(obj);
 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 
-s->bus = i2c_init_bus(dev, "i2c");
+s->bus = i2c_init_bus(dev, "i2c", true);
 
 memory_region_init_io(&s->iomem, obj, &pxa2xx_i2c_ops, s,
   "pxa2xx-i2c", s->region_size);
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 794a3ad..ac38e4d 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -882,7 +882,7 @@ static void stellaris_i2c_init(Object *obj)
 I2CBus *bus;
 
 sysbus_init_irq(sbd, &s->irq);
-bus = i2c_init_bus(dev, "i2c");
+bus = i2c_init_bus(dev, "i2c", true);
 s->bus = bus;
 
 memory_region_init_io(&s->iomem, obj, &stellaris_i2c_ops, s,
diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index ce5b1f0..af62636 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -394,7 +394,7 @@ static void aspeed_i2c_realize(DeviceState *dev, Error 
**errp)
 snprintf(name, sizeof(name), "aspeed.i2c.%d", i);
 s->busses[i].controller = s;
 s->busses[i].id = i;
-s->busses[i].bus 

Re: [Qemu-devel] [PATCH v2] test: port postcopy test to ppc64

[David Gibson]

On Tue, Jul 26, 2016 at 11:58:17AM +0200, Laurent Vivier wrote:
> 
> 
> On 26/07/2016 11:54, Dr. David Alan Gilbert wrote:
> > * Laurent Vivier (lviv...@redhat.com) wrote:
> >>
> >>
> >> On 26/07/2016 11:39, Laurent Vivier wrote:
> >>>
> >>>
> >>> On 26/07/2016 11:28, Thomas Huth wrote:
>  On 26.07.2016 11:23, Laurent Vivier wrote:
> >
> >
> > On 23/07/2016 08:30, David Gibson wrote:
> >> On Fri, Jul 22, 2016 at 09:28:58AM +0200, Laurent Vivier wrote:
> >>>
> >>>
> >>> On 22/07/2016 08:43, David Gibson wrote:
>  On Thu, Jul 21, 2016 at 06:47:56PM +0200, Laurent Vivier wrote:
> > As userfaultfd syscall is available on powerpc, migration
> > postcopy can be used.
> >
> > This patch adds the support needed to test this on powerpc,
> > instead of using a bootsector to run code to modify memory,
> > we use a FORTH script in "boot-command" property.
> >
> > As spapr machine doesn't support "-prom-env" argument
> > (the nvram is initialized by SLOF and not by QEMU),
> > "boot-command" is provided to SLOF via a file mapped nvram
> > (with "-drive file=...,if=pflash")
> >
> > Signed-off-by: Laurent Vivier 
> > ---
> > v2: move FORTH script directly in sprintf()
> > use openbios_firmware_abi.h
> > remove useless "default" case
> >
> >  tests/Makefile.include |   1 +
> >  tests/postcopy-test.c  | 116 
> > +
> >  2 files changed, 98 insertions(+), 19 deletions(-)
> 
>  There's a mostly cosmetic problem with this.  If you run make check
>  for a ppc64 target on an x86 machine, you get:
> 
>  GTESTER check-qtest-ppc64
>  "kvm" accelerator not found.
>  "kvm" accelerator not found.
> >>>
> >>> I think this is because of "-machine accel=kvm:tcg", it tries to use 
> >>> kvm
> >>> and fall back to tcg.
> >>>
> >>> accel.c:
> >>>
> >>>  80 void configure_accelerator(MachineState *ms)
> >>>  81 {
> >>> ...
> >>> 100 acc = accel_find(buf);
> >>> 101 if (!acc) {
> >>> 102 fprintf(stderr, "\"%s\" accelerator not 
> >>> found.\n", buf);
> >>> 103 continue;
> >>> 104 }
> >>>
> >>> We can remove the "-machine" argument to use the default instead (tcg 
> >>> or
> >>> kvm).
> >>
> >> That sounds like a good option for a general test.
> >
> > In fact, we can't: we need to add a "-machine accel=" to our command
> > line to override the "-machine accel=qtest" provided by the qtest
> > framework. If we don't override it, the machine doesn't start.
> 
>  Would it work if you'd added some magic with "#ifdef CONFIG_KVM" here?
> >>>
> >>> I think it needs to be dynamic as the same binary test is used on x86 to
> >>> test x86 and ppc64, and vice-versa. I'm going to check if we have
> >>> something like "qtest_get_accel()"...
> >>
> >> Something like that should work:
> >>
> >> --- a/tests/postcopy-test.c
> >> +++ b/tests/postcopy-test.c
> >> @@ -380,12 +380,17 @@ static void test_migrate(void)
> >>tmpfs, bootpath, uri);
> >>  } else if (strcmp(arch, "ppc64") == 0) {
> >>  init_bootfile_ppc(bootpath);
> >> -cmd_src = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
> >> +#ifdef _ARCH_PPC64
> >> +#define QEMU_CMD_ACCEL"-machine accel=kvm:tcg"
> >> +#else
> >> +#define QEMU_CMD_ACCEL"-machine accel=tcg"
> >> +#endif
> >> +cmd_src = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
> >>" -name pcsource,debug-threads=on"
> >>" -serial file:%s/src_serial"
> >>" -drive file=%s,if=pflash,format=raw",
> >>tmpfs, bootpath);
> >> -cmd_dst = g_strdup_printf("-machine accel=kvm:tcg -m 256M"
> >> +cmd_dst = g_strdup_printf(QEMU_CMD_ACCEL " -m 256M"
> >>" -name pcdest,debug-threads=on"
> >>" -serial file:%s/dest_serial"
> >>" -incoming %s",
> >>
> >> Laurent
> > 
> > Is it worth the hastle to just get rid of the two warnings?
> 
> I don't know, it's why I'd like to have the opinion of David.

I'm not really sure either.  I do dislike leaving warnings as a rule,
because for someone not familiar with the details of the test it may
not be obvious whether a warning is harmless or not.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~d

Re: [Qemu-devel] [PATCH] i2c: fix migration regression introduced by broadcast support

[Michael S. Tsirkin]

On Tue, Jul 26, 2016 at 03:55:30PM +0200, Igor Mammedov wrote:
> QEMU fails migration with following error:
> 
> qemu-system-x86_64: Missing section footer for i2c_bus
> qemu-system-x86_64: load of migration failed: Invalid argument
> 
> when migrating from:
>   qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6
> to
>   qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6
> 
> Regression is added by commit 2293c27f (i2c: implement broadcast write)
> 
> Fix it by moving 'broadcast' VMState to an optional subsection
> enabled by default and disabled via compat properties
> for pc/q35-2.6 and older machine types.
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Michael S. Tsirkin 

> ---
> CC: fred.kon...@greensocs.com
> CC: alistair.fran...@xilinx.com
> CC: crosthwaite.pe...@gmail.com
> CC: hyun.k...@xilinx.com
> CC: peter.mayd...@linaro.org
> ---
>  include/hw/i2c/i2c.h  |  2 +-
>  include/hw/i2c/pm_smbus.h |  1 +
>  include/hw/i386/pc.h  | 10 ++
>  hw/acpi/piix4.c   |  2 ++
>  hw/arm/pxa2xx.c   |  4 ++--
>  hw/arm/stellaris.c|  2 +-
>  hw/i2c/aspeed_i2c.c   |  2 +-
>  hw/i2c/bitbang_i2c.c  |  2 +-
>  hw/i2c/core.c | 32 +---
>  hw/i2c/exynos4210_i2c.c   |  2 +-
>  hw/i2c/imx_i2c.c  |  2 +-
>  hw/i2c/omap_i2c.c |  2 +-
>  hw/i2c/pm_smbus.c |  2 +-
>  hw/i2c/smbus_ich9.c   |  7 +++
>  hw/i2c/versatile_i2c.c|  2 +-
>  hw/misc/auxbus.c  |  2 +-
>  16 files changed, 61 insertions(+), 15 deletions(-)
> 
> diff --git a/include/hw/i2c/i2c.h b/include/hw/i2c/i2c.h
> index c4085aa..488a0fa 100644
> --- a/include/hw/i2c/i2c.h
> +++ b/include/hw/i2c/i2c.h
> @@ -50,7 +50,7 @@ struct I2CSlave
>  uint8_t address;
>  };
>  
> -I2CBus *i2c_init_bus(DeviceState *parent, const char *name);
> +I2CBus *i2c_init_bus(DeviceState *parent, const char *name, bool broadcast);
>  void i2c_set_slave_address(I2CSlave *dev, uint8_t address);
>  int i2c_bus_busy(I2CBus *bus);
>  int i2c_start_transfer(I2CBus *bus, uint8_t address, int recv);
> diff --git a/include/hw/i2c/pm_smbus.h b/include/hw/i2c/pm_smbus.h
> index 2a837af..b17c052 100644
> --- a/include/hw/i2c/pm_smbus.h
> +++ b/include/hw/i2c/pm_smbus.h
> @@ -3,6 +3,7 @@
>  
>  typedef struct PMSMBus {
>  I2CBus *smbus;
> +bool smb_broadcast_enabled;
>  MemoryRegion io;
>  
>  uint8_t smb_stat;
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index c87c5c1..738b8a5 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -391,6 +391,16 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t 
> *);
>  .driver   = "apic",\
>  .property = "legacy-instance-id",\
>  .value= "on",\
> +},\
> +{\
> +.driver   = "ICH9 SMB",\
> +.property = "smbus-broadcast-enabled",\
> +.value= "off",\
> +},\
> +{\
> +.driver   = "PIIX4_PM",\
> +.property = "smbus-broadcast-enabled",\
> +.value= "off",\
>  },
>  
>  #define PC_COMPAT_2_5 \
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 2adc246..8a29179 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -669,6 +669,8 @@ static Property piix4_pm_properties[] = {
>   use_acpi_pci_hotplug, true),
>  DEFINE_PROP_BOOL("memory-hotplug-support", PIIX4PMState,
>   acpi_memory_hotplug.is_enabled, true),
> +DEFINE_PROP_BOOL("smbus-broadcast-enabled", PIIX4PMState,
> + smb.smb_broadcast_enabled, true),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
> index cb55704..045ab20 100644
> --- a/hw/arm/pxa2xx.c
> +++ b/hw/arm/pxa2xx.c
> @@ -1491,7 +1491,7 @@ PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base,
>  
>  s = PXA2XX_I2C(i2c_dev);
>  /* FIXME: Should the slave device really be on a separate bus?  */
> -i2cbus = i2c_init_bus(dev, "dummy");
> +i2cbus = i2c_init_bus(dev, "dummy", true);
>  dev = i2c_create_slave(i2cbus, TYPE_PXA2XX_I2C_SLAVE, 0);
>  s->slave = PXA2XX_I2C_SLAVE(dev);
>  s->slave->host = s;
> @@ -1505,7 +1505,7 @@ static void pxa2xx_i2c_initfn(Object *obj)
>  PXA2xxI2CState *s = PXA2XX_I2C(obj);
>  SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
>  
> -s->bus = i2c_init_bus(dev, "i2c");
> +s->bus = i2c_init_bus(dev, "i2c", true);
>  
>  memory_region_init_io(&s->iomem, obj, &pxa2xx_i2c_ops, s,
>"pxa2xx-i2c", s->region_size);
> diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
> index 794a3ad..ac38e4d 100644
> --- a/hw/arm/stellaris.c
> +++ b/hw/arm/stellaris.c
> @@ -882,7 +882,7 @@ static void stellaris_i2c_init(Object *obj)
>  I2CBus *bus;
>  
>  sysbus_init_irq(sbd, &s->irq);
> -bus = i2c_init_bus(dev, "i2c");
> +bus = i2c_init_bus(dev, "i2c", true);
>  s->bus = bus;
>  
>  memory_region_init_io(&s->iomem, obj, &stellaris_i2c_ops, s,
>

[Qemu-devel] [PATCH] cputlb: make tlb_reset_dirty safe for MTTCG

[Alex Bennée]

The main use case for tlb_reset_dirty is to set the TLB_NOTDIRTY flags
in TLB entries to force the slow-path on writes. This is used to mark
page ranges containing code which has been translated so it can be
invalidated if written to. To do this safely we need to ensure the TLB
entries in question for all vCPUs are updated before we attempt to run
the code otherwise a race could be introduced.

To achieve this we atomically set the flag in tlb_reset_dirty_range and
take care when setting it when the TLB entry is filled.

The helper function is made static as it isn't used outside of cputlb.

Signed-off-by: Alex Bennée 
---
 cputlb.c  | 57 ---
 include/exec/cputlb.h |  2 --
 2 files changed, 40 insertions(+), 19 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index e0d5bdd..e7b6a08 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -275,32 +275,52 @@ void tlb_unprotect_code(ram_addr_t ram_addr)
 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
 }

-static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe)
-{
-return (tlbe->addr_write & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0;
-}

-void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
+/*
+ * Dirty write flag handling
+ *
+ * When the TCG code writes to a location it looks up the address in
+ * the TLB and uses that data to compute the final address. If any of
+ * the lower bits of the address are set then the slow path is forced.
+ * There are a number of reasons to do this but for normal RAM the
+ * most usual is detecting writes to code regions which may invalidate
+ * generated code.
+ *
+ * Because we want other vCPUs to respond to changes straight away we
+ * update the te->addr_write field atomically. If the TLB entry has
+ * been changed by the vCPU in the mean time we skip the update.
+ */
+
+static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
uintptr_t length)
 {
-uintptr_t addr;
+/* paired with atomic_mb_set in tlb_set_page_with_attrs */
+uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write);
+uintptr_t addr = orig_addr;

-if (tlb_is_dirty_ram(tlb_entry)) {
-addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
+if ((addr & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0) {
+addr &= TARGET_PAGE_MASK;
+addr += atomic_read(&tlb_entry->addend);
 if ((addr - start) < length) {
-tlb_entry->addr_write |= TLB_NOTDIRTY;
+uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY;
+if (!atomic_bool_cmpxchg(&tlb_entry->addr_write, orig_addr, 
notdirty_addr)) {
+fprintf(stderr,"%s: raced setting the flag\n", __func__);
+}
 }
 }
 }

+/* This is a cross vCPU call (i.e. another vCPU resetting the flags of
+ * the target vCPU). As such care needs to be taken that we don't
+ * dangerously race with another vCPU update. The only thing actually
+ * updated is the target TLB entry ->addr_write flags.
+ */
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
 {
 CPUArchState *env;

 int mmu_idx;

-assert_cpu_is_self(cpu);
-
 env = cpu->env_ptr;
 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
 unsigned int i;
@@ -386,7 +406,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong 
vaddr,
 MemoryRegionSection *section;
 unsigned int index;
 target_ulong address;
-target_ulong code_address;
+target_ulong code_address, write_address;
 uintptr_t addend;
 CPUTLBEntry *te;
 hwaddr iotlb, xlat, sz;
@@ -443,21 +463,24 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong 
vaddr,
 } else {
 te->addr_code = -1;
 }
+
+write_address = -1;
 if (prot & PAGE_WRITE) {
 if ((memory_region_is_ram(section->mr) && section->readonly)
 || memory_region_is_romd(section->mr)) {
 /* Write access calls the I/O callback.  */
-te->addr_write = address | TLB_MMIO;
+write_address = address | TLB_MMIO;
 } else if (memory_region_is_ram(section->mr)
&& cpu_physical_memory_is_clean(
 memory_region_get_ram_addr(section->mr) + xlat)) {
-te->addr_write = address | TLB_NOTDIRTY;
+write_address = address | TLB_NOTDIRTY;
 } else {
-te->addr_write = address;
+write_address = address;
 }
-} else {
-te->addr_write = -1;
 }
+
+/* Pairs with flag setting in tlb_reset_dirty_range */
+atomic_mb_set(&te->addr_write, write_address);
 }

 /* Add a new TLB entry, but without specifying the memory
diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h
index d454c00..3f94178 100644
--- a/include/exec/cputlb.h
+++ b/include/exec/cputlb.h
@@ -23,8 +23,6 @@
 /* cputlb.c */
 void tlb_protect_code(ram_addr_t ram_addr);
 void tlb_

Re: [Qemu-devel] [PULL 26/28] apic: Use apic_id as apic's migration instance_id

[Igor Mammedov]

On Tue, 26 Jul 2016 18:41:22 +0530
Amit Shah  wrote:

> On (Tue) 26 Jul 2016 [14:58:39], Igor Mammedov wrote:
> > > This was flagged by a nightly run of the static checker when this
> > > series was pulled.  On a 'before' tree, ie one w/o the patches, do
> > > this:
> > > 
> > > qemu -dump-vmstate before.json
> > > 
> > > and for after:
> > > 
> > > qemu -dump-vmstate after.json
> > > 
> > > then,
> > > 
> > > python ./scripts/vmstate-static-checker.py -s before.json -d after.json  
> > I don't think it is valid comparison though, as it compares default PC 
> > machines.
> > In this case it's pc-i440fx-2.6 and pc-i440fx-2.7, you see the difference
> > which is expected due to instance_id change.
> > 
> > You shouldn't see it when comparing same machine types.  
> 
> No, this is comparing the git tree just before and after the series is
> applied.
I've checked dump_vmstate_json_to_file() implementation and it looks like
it dumps only dc->vmsd enabled devices.

In this patch vmstate registration has been moved to to apic_comon_realize()
that's why dump_vmstate_json_to_file() doesn't dump apics anymore and you see 
the change

> 
>   Amit
> 

[Qemu-devel] [PATCH v5 0/8] Update the Netduino 2 Machine

[Alistair Francis]

This patchset continues with the Netduino 2 and STM32F205 SoC
work.

This patch series makes a small change to the STM32F2xx
SoC to tidy up the code.

Next a feature is added to the STM32F2xx timer to display the
PWM duty cycle, when debugging is enabled.

Then the STM32F2xx SPI and ADC devices are added and connected
to the STM32F205 SoC.

Finally the maintainers file is updated to add myself as the
maintainer for the Netdunio 2 and STM32F2xx.

V5:
 - Add a irq ORing function
V4:
 - Add VMState to the new devices
 - Remove rand() function
V3:
 - Rebase
V2:
 - Update based on Peter C's coments
 - Rebase
 - Create an ADC folder for the ADC device


Alistair Francis (8):
  STM32F205: Remove the individual device variables
  STM32F2xx: Display PWM duty cycle from timer
  STM32F2xx: Add the ADC device
  STM32F2xx: Add the SPI device
  irq: Add a new irq device that allows the ORing of lines
  STM32F205: Connect the ADC devices
  STM32F205: Connect the SPI devices
  MAINTAINERS: Add Alistair to the maintainers list

 MAINTAINERS |  15 ++
 default-configs/arm-softmmu.mak |   2 +
 hw/Makefile.objs|   1 +
 hw/adc/Makefile.objs|   1 +
 hw/adc/stm32f2xx_adc.c  | 306 
 hw/arm/stm32f205_soc.c  |  82 ---
 hw/core/irq.c   |  44 ++
 hw/ssi/Makefile.objs|   1 +
 hw/ssi/stm32f2xx_spi.c  | 225 +
 hw/timer/stm32f2xx_timer.c  |   9 ++
 include/hw/adc/stm32f2xx_adc.h  |  87 
 include/hw/arm/stm32f205_soc.h  |   6 +
 include/hw/irq.h|  13 ++
 include/hw/ssi/stm32f2xx_spi.h  |  72 ++
 14 files changed, 846 insertions(+), 18 deletions(-)
 create mode 100644 hw/adc/Makefile.objs
 create mode 100644 hw/adc/stm32f2xx_adc.c
 create mode 100644 hw/ssi/stm32f2xx_spi.c
 create mode 100644 include/hw/adc/stm32f2xx_adc.h
 create mode 100644 include/hw/ssi/stm32f2xx_spi.h

-- 
2.7.4

[Qemu-devel] [PATCH v5 1/8] STM32F205: Remove the individual device variables

[Alistair Francis]

Cleanup the individual DeviceState and SysBusDevice
variables to re-use the same variable for each
device.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---

 hw/arm/stm32f205_soc.c | 35 +--
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
index de26b8c..5b6fa3b 100644
--- a/hw/arm/stm32f205_soc.c
+++ b/hw/arm/stm32f205_soc.c
@@ -62,8 +62,8 @@ static void stm32f205_soc_initfn(Object *obj)
 static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)
 {
 STM32F205State *s = STM32F205_SOC(dev_soc);
-DeviceState *syscfgdev, *usartdev, *timerdev, *nvic;
-SysBusDevice *syscfgbusdev, *usartbusdev, *timerbusdev;
+DeviceState *dev, *nvic;
+SysBusDevice *busdev;
 Error *err = NULL;
 int i;
 
@@ -94,44 +94,43 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, 
Error **errp)
s->kernel_filename, s->cpu_model);
 
 /* System configuration controller */
-syscfgdev = DEVICE(&s->syscfg);
+dev = DEVICE(&s->syscfg);
 object_property_set_bool(OBJECT(&s->syscfg), true, "realized", &err);
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-syscfgbusdev = SYS_BUS_DEVICE(syscfgdev);
-sysbus_mmio_map(syscfgbusdev, 0, 0x40013800);
-sysbus_connect_irq(syscfgbusdev, 0, qdev_get_gpio_in(nvic, 71));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, 0x40013800);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, 71));
 
 /* Attach UART (uses USART registers) and USART controllers */
 for (i = 0; i < STM_NUM_USARTS; i++) {
-usartdev = DEVICE(&(s->usart[i]));
-qdev_prop_set_chr(usartdev, "chardev", i < MAX_SERIAL_PORTS ? 
serial_hds[i] : NULL);
+dev = DEVICE(&(s->usart[i]));
+qdev_prop_set_chr(dev, "chardev",
+  i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL);
 object_property_set_bool(OBJECT(&s->usart[i]), true, "realized", &err);
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-usartbusdev = SYS_BUS_DEVICE(usartdev);
-sysbus_mmio_map(usartbusdev, 0, usart_addr[i]);
-sysbus_connect_irq(usartbusdev, 0,
-   qdev_get_gpio_in(nvic, usart_irq[i]));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, usart_addr[i]);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, usart_irq[i]));
 }
 
 /* Timer 2 to 5 */
 for (i = 0; i < STM_NUM_TIMERS; i++) {
-timerdev = DEVICE(&(s->timer[i]));
-qdev_prop_set_uint64(timerdev, "clock-frequency", 10);
+dev = DEVICE(&(s->timer[i]));
+qdev_prop_set_uint64(dev, "clock-frequency", 10);
 object_property_set_bool(OBJECT(&s->timer[i]), true, "realized", &err);
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-timerbusdev = SYS_BUS_DEVICE(timerdev);
-sysbus_mmio_map(timerbusdev, 0, timer_addr[i]);
-sysbus_connect_irq(timerbusdev, 0,
-   qdev_get_gpio_in(nvic, timer_irq[i]));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, timer_addr[i]);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, timer_irq[i]));
 }
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH v5 3/8] STM32F2xx: Add the ADC device

[Alistair Francis]

Add the STM32F2xx ADC device. This device randomly
generates values on each read.

This also includes creating a hw/adc directory.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
V4:
 - Remove the rand() function
 - Add VMState
 - Small cleanups
V2:
 - Address Peter C's comments
 - Create a ADC folder and move the file in there
 - Move some of the registers into arrays

 default-configs/arm-softmmu.mak |   1 +
 hw/Makefile.objs|   1 +
 hw/adc/Makefile.objs|   1 +
 hw/adc/stm32f2xx_adc.c  | 306 
 include/hw/adc/stm32f2xx_adc.h  |  87 
 5 files changed, 396 insertions(+)
 create mode 100644 hw/adc/Makefile.objs
 create mode 100644 hw/adc/stm32f2xx_adc.c
 create mode 100644 include/hw/adc/stm32f2xx_adc.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 7a19863..5b1696d 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -87,6 +87,7 @@ CONFIG_ZYNQ=y
 CONFIG_STM32F2XX_TIMER=y
 CONFIG_STM32F2XX_USART=y
 CONFIG_STM32F2XX_SYSCFG=y
+CONFIG_STM32F2XX_ADC=y
 CONFIG_STM32F205_SOC=y
 
 CONFIG_VERSATILE_PCI=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 4a07ed4..0ffd281 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -1,5 +1,6 @@
 devices-dirs-$(call land, $(CONFIG_VIRTIO),$(call 
land,$(CONFIG_VIRTFS),$(CONFIG_PCI))) += 9pfs/
 devices-dirs-$(CONFIG_ACPI) += acpi/
+devices-dirs-$(CONFIG_SOFTMMU) += adc/
 devices-dirs-$(CONFIG_SOFTMMU) += audio/
 devices-dirs-$(CONFIG_SOFTMMU) += block/
 devices-dirs-$(CONFIG_SOFTMMU) += bt/
diff --git a/hw/adc/Makefile.objs b/hw/adc/Makefile.objs
new file mode 100644
index 000..3f6dfde
--- /dev/null
+++ b/hw/adc/Makefile.objs
@@ -0,0 +1 @@
+obj-$(CONFIG_STM32F2XX_ADC) += stm32f2xx_adc.o
diff --git a/hw/adc/stm32f2xx_adc.c b/hw/adc/stm32f2xx_adc.c
new file mode 100644
index 000..90fe9de
--- /dev/null
+++ b/hw/adc/stm32f2xx_adc.c
@@ -0,0 +1,306 @@
+/*
+ * STM32F2XX ADC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "hw/adc/stm32f2xx_adc.h"
+
+#ifndef STM_ADC_ERR_DEBUG
+#define STM_ADC_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_ADC_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f2xx_adc_reset(DeviceState *dev)
+{
+STM32F2XXADCState *s = STM32F2XX_ADC(dev);
+
+s->adc_sr = 0x;
+s->adc_cr1 = 0x;
+s->adc_cr2 = 0x;
+s->adc_smpr1 = 0x;
+s->adc_smpr2 = 0x;
+s->adc_jofr[0] = 0x;
+s->adc_jofr[1] = 0x;
+s->adc_jofr[2] = 0x;
+s->adc_jofr[3] = 0x;
+s->adc_htr = 0x0FFF;
+s->adc_ltr = 0x;
+s->adc_sqr1 = 0x;
+s->adc_sqr2 = 0x;
+s->adc_sqr3 = 0x;
+s->adc_jsqr = 0x;
+s->adc_jdr[0] = 0x;
+s->adc_jdr[1] = 0x;
+s->adc_jdr[2] = 0x;
+s->adc_jdr[3] = 0x;
+s->adc_dr = 0x;
+}
+
+static uint32_t stm32f2xx_adc_generate_value(STM32F2XXADCState *s)
+{
+/* Attempts to fake some ADC values */
+s->adc_dr = s->adc_dr + 7;
+
+switch ((s->adc_cr1 & ADC_CR1_RES) >> 24) {
+case 0:
+/* 12-bit */
+s->adc_dr &= 0xFFF;
+break;
+case 1:
+/* 10-bit */
+s->adc_dr &= 0x3FF;
+break;
+case 2:
+/* 8-bit */
+s->adc_dr &= 0xFF;
+break;
+default:
+/* 6-bit */
+s->adc_dr &= 0x3F;
+}
+
+if (s->adc_cr2 & ADC_CR2_ALIGN) {
+return (s->adc_dr << 1) & 0xFFF0;
+} else {
+return s->adc_dr;
+}
+}
+
+

[Qemu-devel] [PATCH v5 8/8] MAINTAINERS: Add Alistair to the maintainers list

[Alistair Francis]

Add Alistair Francis as the maintainer for the Netduino 2
and SMM32F205 SoC.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---

 MAINTAINERS | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d1439a8..e55be55 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -475,6 +475,21 @@ S: Maintained
 F: hw/arm/virt-acpi-build.c
 F: include/hw/arm/virt-acpi-build.h
 
+STM32F205
+M: Alistair Francis 
+S: Maintained
+F: hw/arm/stm32f205_soc.c
+F: hw/misc/stm32f2xx_syscfg.c
+F: hw/char/stm32f2xx_usart.c
+F: hw/timer/stm32f2xx_timer.c
+F: hw/adc/*
+F: hw/ssi/stm32f2xx_spi.c
+
+Netduino 2
+M: Alistair Francis 
+S: Maintained
+F: hw/arm/netduino2.c
+
 CRIS Machines
 -
 Axis Dev88
-- 
2.7.4