Re: [Qemu-devel] [PULL 00/21] ppc-for-2.10 queue 20170730
On Fri, Jun 30, 2017 at 01:03:46PM +0200, Greg Kurz wrote: > Not sure Sam's and Suraj's email addresses are correct but you also used > them in the "target/ppc/cpu-models: set POWER9_v1.0 as POWER9 DD1" thread > and, strangely, I don't seem to receive 'unknow recipient' messages from > the Redhat MX servers... :) Sam & Suraj are now Red Hat on-site partners, which gives then @redhat.com emails as well as their IBM ones. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: [Qemu-devel] [PATCH] spapr: make spapr_populate_hotplug_cpu_dt() static
On Fri, Jun 30, 2017 at 03:18:10PM +0200, Greg Kurz wrote:
> Since commit ff9006ddbfd1 ("spapr: move spapr_core_[foo]plug() callbacks
> close to machine code in spapr.c"), this function doesn't need to be extern
> anymore.
>
> Signed-off-by: Greg Kurz
Applied to ppc-for-2.10.
> ---
> hw/ppc/spapr.c |4 ++--
> include/hw/ppc/spapr.h |2 --
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0ee9fac50bd4..65d8ad2f4966 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2863,8 +2863,8 @@ out:
> error_propagate(errp, local_err);
> }
>
> -void *spapr_populate_hotplug_cpu_dt(CPUState *cs, int *fdt_offset,
> -sPAPRMachineState *spapr)
> +static void *spapr_populate_hotplug_cpu_dt(CPUState *cs, int *fdt_offset,
> + sPAPRMachineState *spapr)
> {
> PowerPCCPU *cpu = POWERPC_CPU(cs);
> DeviceClass *dc = DEVICE_GET_CLASS(cs);
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index a66bbac35242..12bf9697990e 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -640,8 +640,6 @@ void
> spapr_hotplug_req_add_by_count_indexed(sPAPRDRConnectorType drc_type,
> void spapr_hotplug_req_remove_by_count_indexed(sPAPRDRConnectorType drc_type,
> uint32_t count, uint32_t
> index);
> void spapr_cpu_parse_features(sPAPRMachineState *spapr);
> -void *spapr_populate_hotplug_cpu_dt(CPUState *cs, int *fdt_offset,
> -sPAPRMachineState *spapr);
>
> /* CPU and LMB DRC release callbacks. */
> void spapr_core_release(DeviceState *dev);
>
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
Re: [Qemu-devel] [PATCH] spapr: refresh "platform-specific" hcalls comment
On Fri, Jun 30, 2017 at 12:05:32PM +0200, Greg Kurz wrote:
> We have more of these since the addition of KVMPPC_H_LOGICAL_MEMOP in 2012.
>
> Signed-off-by: Greg Kurz
Applied to ppc-for-2.10.
> ---
> include/hw/ppc/spapr.h |5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index a66bbac35242..1826cc4fd696 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -377,9 +377,8 @@ struct sPAPRMachineState {
> * as well.
> *
> * We also need some hcalls which are specific to qemu / KVM-on-POWER.
> - * So far we just need one for H_RTAS, but in future we'll need more
> - * for extensions like virtio. We put those into the 0xf000-0xfffc
> - * range which is reserved by PAPR for "platform-specific" hcalls.
> + * We put those into the 0xf000-0xfffc range which is reserved by PAPR
> + * for "platform-specific" hcalls.
> */
> #define KVMPPC_HCALL_BASE 0xf000
> #define KVMPPC_H_RTAS (KVMPPC_HCALL_BASE + 0x0)
>
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
Re: [Qemu-devel] [PATCH] spapr: fix bogus function name in comment
On Fri, Jun 30, 2017 at 11:37:07AM +0200, Greg Kurz wrote:
> $ git grep spapr_ppc_reset
> hw/ppc/spapr.c: * as part of spapr_ppc_reset().
>
> $ git grep ppc_spapr_reset
> hw/ppc/spapr.c:static void ppc_spapr_reset(void)
> hw/ppc/spapr.c:mc->reset = ppc_spapr_reset;
> hw/ppc/spapr_hcall.c:/* If ppc_spapr_reset() did not set up a HPT
> but one is necessary
>
> Signed-off-by: Greg Kurz
Applied to ppc-for-2.10.
> ---
> hw/ppc/spapr.c |2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0ee9fac50bd4..43a1cb5725d6 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1973,7 +1973,7 @@ static void spapr_boot_set(void *opaque, const char
> *boot_device,
> * Unlike PCI DR devices, LMB DR devices explicitly register this reset
> * routine. Reset for PCI DR devices will be handled by PHB reset routine
> * when it walks all its children devices. LMB devices reset occurs
> - * as part of spapr_ppc_reset().
> + * as part of ppc_spapr_reset().
> */
> static void spapr_drc_reset(void *opaque)
> {
>
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
Re: [Qemu-devel] [PATCH] spapr: fix migration to pseries machine < 2.8
On Wed, Jun 28, 2017 at 04:09:19PM +0200, Laurent Vivier wrote:
1;4602;0c> since commit 5c4537bd ("spapr: Fix 2.7<->2.8 migration of PCI host
bridge"),
> some migration fields are forged from the new ones in spapr_pci_pre_save().
>
> It works well, except when the number of MSI devices is 0,
> because in this case the function exits immediately.
>
> This fix moves the migration code before the exit code.
>
> The problem can be reproduced with these commands:
>
> source qemu-2.9:
>
> qemu-system-ppc64 -monitor stdio -M pseries-2.6 -nodefaults -S
>
> destination qemu-2.6:
>
> qemu-system-ppc64 -monitor stdio -M pseries-2.6 -nodefaults \
> -incoming tcp:0:
>
> on the source:
>
> migrate tcp:localhost:
>
> Destination fails with the following error:
>
> qemu-system-ppc64: error while loading state for
>instance 0x0 of device 'spapr_pci'
> qemu-system-ppc64: load of migration failed: Invalid argument
>
> Signed-off-by: Laurent Vivier
Applied to ppc-for-2.10.
> ---
> hw/ppc/spapr_pci.c | 28 ++--
> 1 file changed, 14 insertions(+), 14 deletions(-)
>
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 0b447f2..bd30b4f 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -1873,20 +1873,6 @@ static void spapr_pci_pre_save(void *opaque)
> gpointer key, value;
> int i;
>
> -g_free(sphb->msi_devs);
> -sphb->msi_devs = NULL;
> -sphb->msi_devs_num = g_hash_table_size(sphb->msi);
> -if (!sphb->msi_devs_num) {
> -return;
> -}
> -sphb->msi_devs = g_malloc(sphb->msi_devs_num *
> sizeof(spapr_pci_msi_mig));
> -
> -g_hash_table_iter_init(&iter, sphb->msi);
> -for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
> -sphb->msi_devs[i].key = *(uint32_t *) key;
> -sphb->msi_devs[i].value = *(spapr_pci_msi *) value;
> -}
> -
> if (sphb->pre_2_8_migration) {
> sphb->mig_liobn = sphb->dma_liobn[0];
> sphb->mig_mem_win_addr = sphb->mem_win_addr;
> @@ -1900,6 +1886,20 @@ static void spapr_pci_pre_save(void *opaque)
> sphb->mig_mem_win_size += sphb->mem64_win_size;
> }
> }
> +
> +g_free(sphb->msi_devs);
> +sphb->msi_devs = NULL;
> +sphb->msi_devs_num = g_hash_table_size(sphb->msi);
> +if (!sphb->msi_devs_num) {
> +return;
> +}
> +sphb->msi_devs = g_malloc(sphb->msi_devs_num *
> sizeof(spapr_pci_msi_mig));
> +
> +g_hash_table_iter_init(&iter, sphb->msi);
> +for (i = 0; g_hash_table_iter_next(&iter, &key, &value); ++i) {
> +sphb->msi_devs[i].key = *(uint32_t *) key;
> +sphb->msi_devs[i].value = *(spapr_pci_msi *) value;
> +}
> }
>
> static int spapr_pci_post_load(void *opaque, int version_id)
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
[Qemu-devel] [Bug 1701798] [NEW] dynamically linked binaries crash for big-endian targets
Public bug reported: On the targets hppa m68k mips mips64 powerpc powerpc64 s390x sparc64 dynamically linked binaries crash, but statically linked binaries work. On the targets aarch64 alpha armhf powerpc64le sh4 both dynamically linked and statically linked binaries work. How to reproduce: 1) On Ubuntu 16.04, install the packages g++-5-aarch64-linux-gnu g++-5-alpha-linux-gnu g++-5-arm-linux-gnueabihf g++-5-hppa-linux-gnu g++-5-m68k-linux-gnu g++-5-mips-linux-gnu g++-5-mips64-linux-gnuabi64 g++-5-powerpc-linux-gnu g++-5-powerpc64-linux-gnu g++-5-powerpc64le-linux-gnu g++-5-s390x-linux-gnu g++-5-sh4-linux-gnu g++-5-sparc64-linux-gnu 2) Install qemu 2.9.0 from source (for m68k, use the 2.7.0-m68k code from https://github.com/vivier/qemu-m68k.git): $ ../configure --prefix=/home/bruno/inst-qemu/2.9.0 --target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,i386-softmmu,m68k-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,sparc64-softmmu,x86_64-softmmu,aarch64-linux-user,alpha-linux-user,arm-linux-user,hppa-linux-user,m68k-linux-user,mips-linux-user,mipsel-linux-user,mips64-linux-user,mips64el-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,s390x-linux-user,sh4-linux-user,sparc-linux-user,sparc64-linux-user --disable-strip --disable-werror --enable-gtk --enable-vnc $ make $ make install 3) Cross-compile the programs: $ aarch64-linux-gnu-gcc-5 -O hello.c -o hello.aarch64 $ alpha-linux-gnu-gcc-5 -O hello.c -o hello.alpha $ arm-linux-gnueabihf-gcc-5 -O hello.c -o hello.armhf $ hppa-linux-gnu-gcc-5 -O hello.c -o hello.hppa $ m68k-linux-gnu-gcc-5 -O hello.c -o hello.m68k $ mips-linux-gnu-gcc-5 -O hello.c -o hello.mips $ mips64-linux-gnuabi64-gcc-5 -O hello.c -o hello.mips64 $ powerpc-linux-gnu-gcc-5 -O hello.c -o hello.powerpc $ powerpc64-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64 $ powerpc64le-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64le $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x $ sh4-linux-gnu-gcc-5 -O hello.c -o hello.sh4 $ sparc64-linux-gnu-gcc-5 -O hello.c -o hello.sparc64 4) Run the programs: * aarch64 works: $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 hello.aarch64 Hello world * alpha works: $ QEMU_LD_PREFIX=/usr/alpha-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-alpha hello.alpha Hello world * armhf works: $ QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf ~/inst-qemu/2.9.0/bin/qemu-arm hello.armhf Hello world * powerpc64le works: $ QEMU_LD_PREFIX=/usr/powerpc64le-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc64le hello.powerpc64le Hello world * sh4 works: $ QEMU_LD_PREFIX=/usr/sh4-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sh4 hello.sh4 Hello world * = sparc64 does not work: $ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sparc64 hello.sparc64 Segmentation fault (core dumped) When I copy the file to a machine with `uname -srm` = "Linux 4.5.0-2-sparc64 sparc64", it works: $ ./hello.sparc64 Hello world When I copy the file and its execution environment /usr/sparc64-linux-gnu to the same machine and run the binary in a chroot environment: # /bin/hello.sparc64 Hello world * = mips does not work: $ QEMU_LD_PREFIX=/usr/mips-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-mips hello.mips qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.16.0-4-4kc-malta mips", it works: $ ./hello.mips Hello world When I copy the file and its execution environment /usr/mips-linux-gnu to the same machine and run the binary in a chroot environment: # /bin/hello.mips Hello world * = mips64 does not work: $ QEMU_LD_PREFIX=/usr/mips64-linux-gnuabi64 ~/inst-qemu/2.9.0/bin/qemu-mips64 hello.mips64 qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.16.0-4-5kc-malta mips64", it works: $ ./hello.mips64 Hello world * = powerpc does not work: $ QEMU_LD_PREFIX=/usr/powerpc-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc hello.powerpc qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.17.2-200.fc20.ppc64p7 ppc64", it works: $ ./hello.powerpc Hello world * = powerpc64 does not work: $ QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc64 hello.powerpc64 qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.17.2-200.fc20.ppc64p7 ppc64", it works: $ ./hello.powerpc64 Hello world * = s390x does not work: $ QEMU_LD_PREFIX=/usr/s390x-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-s390x hello.s390x $ QEMU_LD_PREFIX=/usr/s390x-linux-gnu ~/inst-qemu/2.8.1/bin/qemu-s390x hello.s390x qemu-s390x: /media/develdata/devel/build/qemu-2.8.1/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. Segmentation fault (core dumped)
[Qemu-devel] [Bug 1701808] Re: stack smashing in or after recvmsg system call in aarch64 user mode
Likewise for 32-bit arm: $ ~/inst-qemu/2.9.0/bin/qemu-arm ./a.arm *** stack smashing detected ***: ./a.arm terminated qemu: uncaught target signal 6 (Aborted) - core dumped ** Attachment added: "Statically compiled test program for arm" https://bugs.launchpad.net/qemu/+bug/1701808/+attachment/4907353/+files/a.arm -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1701808 Title: stack smashing in or after recvmsg system call in aarch64 user mode Status in QEMU: New Bug description: A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware. How to reproduce: $ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0 $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out *** stack smashing detected ***: ./a.out terminated qemu: uncaught target signal 6 (Aborted) - core dumped On native aarch64 hardware: $ ./a.out $ echo $? 0 The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1701808/+subscriptions
[Qemu-devel] [Bug 1701808] Re: stack smashing in or after recvmsg system call in aarch64 user mode
** Attachment added: "Statically compiled test program" https://bugs.launchpad.net/qemu/+bug/1701808/+attachment/4907340/+files/a.out -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1701808 Title: stack smashing in or after recvmsg system call in aarch64 user mode Status in QEMU: New Bug description: A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware. How to reproduce: $ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0 $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out *** stack smashing detected ***: ./a.out terminated qemu: uncaught target signal 6 (Aborted) - core dumped On native aarch64 hardware: $ ./a.out $ echo $? 0 The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1701808/+subscriptions
[Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets
I would guess that the problem comes from a missing (or an extra) BSWAP call in one of the files include/elf.h include/hw/elf_ops.h linux-user/elfload.c -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1701798 Title: dynamically linked binaries crash for big-endian targets Status in QEMU: New Bug description: On the targets hppa m68k mips mips64 powerpc powerpc64 s390x sparc64 dynamically linked binaries crash, but statically linked binaries work. On the targets aarch64 alpha armhf powerpc64le sh4 both dynamically linked and statically linked binaries work. How to reproduce: 1) On Ubuntu 16.04, install the packages g++-5-aarch64-linux-gnu g++-5-alpha-linux-gnu g++-5-arm-linux-gnueabihf g++-5-hppa-linux-gnu g++-5-m68k-linux-gnu g++-5-mips-linux-gnu g++-5-mips64-linux-gnuabi64 g++-5-powerpc-linux-gnu g++-5-powerpc64-linux-gnu g++-5-powerpc64le-linux-gnu g++-5-s390x-linux-gnu g++-5-sh4-linux-gnu g++-5-sparc64-linux-gnu 2) Install qemu 2.9.0 from source (for m68k, use the 2.7.0-m68k code from https://github.com/vivier/qemu-m68k.git): $ ../configure --prefix=/home/bruno/inst-qemu/2.9.0 --target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,i386-softmmu,m68k-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,sparc64-softmmu,x86_64-softmmu,aarch64-linux-user,alpha-linux-user,arm-linux-user,hppa-linux-user,m68k-linux-user,mips-linux-user,mipsel-linux-user,mips64-linux-user,mips64el-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,s390x-linux-user,sh4-linux-user,sparc-linux-user,sparc64-linux-user --disable-strip --disable-werror --enable-gtk --enable-vnc $ make $ make install 3) Cross-compile the programs: $ aarch64-linux-gnu-gcc-5 -O hello.c -o hello.aarch64 $ alpha-linux-gnu-gcc-5 -O hello.c -o hello.alpha $ arm-linux-gnueabihf-gcc-5 -O hello.c -o hello.armhf $ hppa-linux-gnu-gcc-5 -O hello.c -o hello.hppa $ m68k-linux-gnu-gcc-5 -O hello.c -o hello.m68k $ mips-linux-gnu-gcc-5 -O hello.c -o hello.mips $ mips64-linux-gnuabi64-gcc-5 -O hello.c -o hello.mips64 $ powerpc-linux-gnu-gcc-5 -O hello.c -o hello.powerpc $ powerpc64-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64 $ powerpc64le-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64le $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x $ sh4-linux-gnu-gcc-5 -O hello.c -o hello.sh4 $ sparc64-linux-gnu-gcc-5 -O hello.c -o hello.sparc64 4) Run the programs: * aarch64 works: $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 hello.aarch64 Hello world * alpha works: $ QEMU_LD_PREFIX=/usr/alpha-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-alpha hello.alpha Hello world * armhf works: $ QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf ~/inst-qemu/2.9.0/bin/qemu-arm hello.armhf Hello world * powerpc64le works: $ QEMU_LD_PREFIX=/usr/powerpc64le-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc64le hello.powerpc64le Hello world * sh4 works: $ QEMU_LD_PREFIX=/usr/sh4-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sh4 hello.sh4 Hello world * = sparc64 does not work: $ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sparc64 hello.sparc64 Segmentation fault (core dumped) When I copy the file to a machine with `uname -srm` = "Linux 4.5.0-2-sparc64 sparc64", it works: $ ./hello.sparc64 Hello world When I copy the file and its execution environment /usr/sparc64-linux-gnu to the same machine and run the binary in a chroot environment: # /bin/hello.sparc64 Hello world * = mips does not work: $ QEMU_LD_PREFIX=/usr/mips-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-mips hello.mips qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.16.0-4-4kc-malta mips", it works: $ ./hello.mips Hello world When I copy the file and its execution environment /usr/mips-linux-gnu to the same machine and run the binary in a chroot environment: # /bin/hello.mips Hello world * = mips64 does not work: $ QEMU_LD_PREFIX=/usr/mips64-linux-gnuabi64 ~/inst-qemu/2.9.0/bin/qemu-mips64 hello.mips64 qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.16.0-4-5kc-malta mips64", it works: $ ./hello.mips64 Hello world * = powerpc does not work: $ QEMU_LD_PREFIX=/usr/powerpc-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-ppc hello.powerpc qemu: uncaught target signal 11 (Segmentation fault) - core dumped When I copy the file to a machine with `uname -srm` = "Linux 3.17.2-200.fc20.ppc64p7 ppc64", it works: $ ./hello.powerpc Hello world * = powerpc64 does not work: $ QEMU_LD_PREFIX=/usr/powerpc64-li
[Qemu-devel] [Bug 1701808] [NEW] stack smashing in or after recvmsg system call in aarch64 user mode
Public bug reported: A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware. How to reproduce: $ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0 $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out *** stack smashing detected ***: ./a.out terminated qemu: uncaught target signal 6 (Aborted) - core dumped On native aarch64 hardware: $ ./a.out $ echo $? 0 The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory. ** Affects: qemu Importance: Undecided Status: New ** Attachment added: "Test program" https://bugs.launchpad.net/bugs/1701808/+attachment/4907339/+files/testpassfd.c -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1701808 Title: stack smashing in or after recvmsg system call in aarch64 user mode Status in QEMU: New Bug description: A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware. How to reproduce: $ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0 $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out *** stack smashing detected ***: ./a.out terminated qemu: uncaught target signal 6 (Aborted) - core dumped On native aarch64 hardware: $ ./a.out $ echo $? 0 The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1701808/+subscriptions
Re: [Qemu-devel] [RFC 00/15] Error API: Flag errors in *errp even if errors are being ignored
On Fri, Jun 30, 2017 at 01:40:58PM +0200, Markus Armbruster wrote: > Eduardo Habkost writes: > > > On Thu, Jun 29, 2017 at 08:54:29AM +0200, Markus Armbruster wrote: > >> Eduardo Habkost writes: > >> > >> > On Wed, Jun 28, 2017 at 11:05:26AM +0200, Markus Armbruster wrote: > >> >> Eduardo Habkost writes: > > [...] > >> >> > I understand the reason we need to support errp==NULL, as it > >> >> > makes life simpler for callers that don't want any extra error > >> >> > information. However, this has the cost of making the functions > >> >> > that report errors more complex and error-prone. > >> >> > > >> >> > (Evidence of that: the 34 ERR_IS_* cases handled by the "use > >> >> > ERR_IS_* macros" patches in the series. Where existing code will > >> >> > crash or behave differently if errp is NULL.) > >> >> > >> >> Which of them could *not* use a suitable return value instead of *errp? > >> > > >> > I don't know. But I'm not trying to improve those 34 ERR_IS_* cases. I > >> > am trying to improve the 700+ functions that need the > >> > local_err/error_propagate() boilerplate code today. This series already > >> > handles 346 of them automatically (see patch 14/15). > >> > >> I agree the goal is reducing error_propagate() boilerplate. I latched > >> onto the 34 ERR_IS_* cases only because you presented them as examples. > > > > The 34 ERR_IS_* cases were evidence of how easy it is to introduce > > mistakes with the current API. Probably most of them are instances of > > (1) and (2) below. > > The current interface can be abused, but how much abuse actually creeps > in? I think we've been doing reasonably well there since we got rid of > the bad examples and improved documentation. See the 30+ cases touched by patch 09/15. Except for the ones in error.c, all of them look like bugs to me. I didn't investigate when each of them were introduced, though. > > Moreover, the revised interface could also be abused. Nothing stops you > from dereferencing errp before or after, the only thing that changes are > the examples people see in code. I'm afraid the people who reinvent bad > examples from scratch despite the documentation telling them not to will > also bypass any macros the documentation tells them to use. > > *Especially* if we use macros only sometimes. ERR_IS_SET(&err) makes no > sense, so we'd still test err directly there, wouldn't we? Any interface can be abused. But I still believe a simpler and easier interface for propagating errors is less likely to be abused. But in either case, tools to detect abuse would be welcome. We can write Coccinelle scripts to detect most abuse of the existing error API. > [...] > >> > is fixed because ERR_IS_SET(errp) will work even if errp is NULL. > >> > > >> >> > TODO > >> >> > > >> >> > > >> >> > * Simplify more cases of local_error/error_propagate() to use > >> >> > errp directly. > >> >> > * Update API documentation and code examples. > >> >> > * Add a mechanism to ensure errp is never NULL. > >> >> > > >> >> > Git branch > >> >> > -- > >> >> > > >> >> > This series depend on a few extra cleanups that I didn't submit > >> >> > to qemu-devel yet. A git branch including this series is > >> >> > available at: > >> >> > > >> >> > git://github.com/ehabkost/qemu-hacks.git > >> >> > work/err-api-rework-ignore-ptr-v1 > > I doubt the macros make the bug fixing materially easier, and I doubt > they can reduce future bugs of this kind. What they can do is letting > us get rid of error_propagate() boilerplate with relative ease. > > If we switch to returning success/failure (which also gets rid of the > boilerplate), then the macros may still let us get rid of boilerplate > more quickly, for some additional churn. Worthwhile? Depends on how > long the return value change takes us. My assumption is that it will take a very long time. > > I think the first order of business is to figure out whether we want to > pursue returning success/failure. OK. I will reply about that in a separate message. -- Eduardo
Re: [Qemu-devel] [RFC 00/15] Error API: Flag errors in *errp even if errors are being ignored
On Fri, Jun 30, 2017 at 01:40:58PM +0200, Markus Armbruster wrote: [...] > > I doubt the macros make the bug fixing materially easier, and I doubt > they can reduce future bugs of this kind. What they can do is letting > us get rid of error_propagate() boilerplate with relative ease. > > If we switch to returning success/failure (which also gets rid of the > boilerplate), then the macros may still let us get rid of boilerplate > more quickly, for some additional churn. Worthwhile? Depends on how > long the return value change takes us. > > I think the first order of business is to figure out whether we want to > pursue returning success/failure. About this, I'm unsure. Returning error information in two separate locations (the return value and *errp) makes it easier to introduce bugs that are hard to detect. Especially when the tree is an inconsistent state where we mix -1/0, -errno/0, FALSE/TRUE, NULL/non-NULL and void functions. -- Eduardo
[Qemu-devel] [PATCH 1/3] add some vcpu-pin related functions.
Signed-off-by: Benyu Xu
---
cpus.c| 126 ++
include/qom/cpu.h | 9
include/sysemu/cpus.h | 2 +
3 files changed, 137 insertions(+)
diff --git a/cpus.c b/cpus.c
index 14bb8d5..40c3abf 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1648,6 +1648,132 @@ void cpu_remove(CPUState *cpu)
qemu_cpu_kick(cpu);
}
+int get_pcpu_num(bool pin_auto, int *pcpu_id_array)
+{
+int pcpu_num = 0;
+#ifdef _GNU_SOURCE
+int pcpu_range = 1024;
+int pcpu_id = 0;
+int ret;
+cpu_set_t *pcpu_set;
+size_t setsize;
+
+pcpu_set = CPU_ALLOC(pcpu_range);
+if (pcpu_set == NULL) {
+pcpu_num = -1;
+return pcpu_num;
+}
+
+setsize = CPU_ALLOC_SIZE(pcpu_range);
+
+for ( ; ; ) {
+CPU_ZERO_S(setsize, pcpu_set);
+ret = sched_getaffinity(0, setsize, pcpu_set);
+if (ret < 0 && errno == EINVAL && pcpu_range < 131072) {
+CPU_FREE(pcpu_set);
+pcpu_range *= 2;
+pcpu_set = CPU_ALLOC(pcpu_range);
+if (pcpu_set == NULL) {
+pcpu_num = -1;
+return pcpu_num;
+}
+setsize = CPU_ALLOC_SIZE(pcpu_range);
+continue;
+}
+
+if (ret == 0) {
+for ( ; pcpu_id < 131072; pcpu_id++) {
+if (CPU_ISSET_S(pcpu_id, setsize, pcpu_set)) {
+pcpu_num++;
+if (pin_auto == true) {
+pcpu_id_array[0] = pcpu_num;
+pcpu_id_array[pcpu_num] = pcpu_id;
+}
+}
+}
+CPU_FREE(pcpu_set);
+return pcpu_num;
+}
+CPU_FREE(pcpu_set);
+}
+#else
+pcpu_num = -2;
+return pcpu_num;
+#endif
+}
+
+void cpu_pin(CPUState *cpu, int pcpu_id)
+{
+cpu_set_t *pcpu_id_mask;
+size_t masksize;
+pid_t vcpu_pid;
+int num_cpus;
+
+if (pcpu_id == 0) {
+num_cpus = pcpu_id + 1;
+} else {
+num_cpus = pcpu_id;
+}
+
+pcpu_id_mask = CPU_ALLOC(num_cpus);
+if (pcpu_id_mask == NULL) {
+error_report("warning: can not alloc cpu set! pcpu #%d",
+ pcpu_id);
+return ;
+}
+masksize = CPU_ALLOC_SIZE(num_cpus);
+CPU_ZERO_S(masksize, pcpu_id_mask);
+CPU_SET_S(pcpu_id, masksize, pcpu_id_mask);
+
+vcpu_pid = cpu->thread_id;
+
+if (sched_setaffinity(vcpu_pid, masksize, pcpu_id_mask) != 0) {
+error_report("warning: set affinity failed! vcpu pid=%d, pcpu #%d",
+ vcpu_pid, pcpu_id);
+CPU_FREE(pcpu_id_mask);
+return ;
+}
+
+if (sched_getaffinity(vcpu_pid, masksize, pcpu_id_mask) != 0) {
+error_report("warning: get affinity failed! vcpu pid=%d, pcpu #%d",
+ vcpu_pid, pcpu_id);
+CPU_FREE(pcpu_id_mask);
+return ;
+}
+
+CPU_FREE(pcpu_id_mask);
+}
+
+/* *
+ * pcpu_id_array: content the host processor's id array to pin
+ * pcpu_id_array[0]: the processor count
+ * pcpu_id_array[1...]: the processor id to pin
+ * */
+void pin_all_vcpus(int smp_cpus_num, const int *pcpu_id_array, Error **errp)
+{
+int pcpu_id = 0;
+int pcpu_num = pcpu_id_array[0];
+int vcpu_id = 0;
+CPUState *cpu;
+
+if (pcpu_num <= 0) {
+return;
+}
+
+if (smp_cpus_num > pcpu_num) {
+error_setg(errp,
+"pcpu id list only has %d pcpu(s), less than smp_cpus_num %d",
+ pcpu_num, smp_cpus_num);
+return;
+}
+
+CPU_FOREACH(cpu) {
+pcpu_id = pcpu_id_array[vcpu_id + 1];
+cpu_pin(cpu, pcpu_id);
+vcpu_id++;
+}
+}
+
void cpu_remove_sync(CPUState *cpu)
{
cpu_remove(cpu);
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 89ddb68..8f14295 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -869,6 +869,15 @@ void cpu_exit(CPUState *cpu);
void cpu_resume(CPUState *cpu);
/**
+ * cpu_pin:
+ * @cpu: The vitual CPU to pin.
+ * @pcpu_id: The host's physical or logical processor's id.
+ *
+ * pin CPU, i.e. set the CPU's affinity.
+ */
+void cpu_pin(CPUState *cpu, int pcpu_id);
+
+/**
* cpu_remove:
* @cpu: The CPU to remove.
*
diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index 731756d..513a0c6 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -7,6 +7,8 @@
bool qemu_in_vcpu_thread(void);
void qemu_init_cpu_loop(void);
void resume_all_vcpus(void);
+int get_pcpu_num(bool pin_default, int *pcpu_id_array);
+void pin_all_vcpus(int smp_cpu_num, const int *pcpu_id_array, Error **errp);
void pause_all_vcpus(void);
void cpu_stop_current(void);
void cpu_ticks_init(void);
--
1.8.3.1
[Qemu-devel] [PATCH 2/3] vcpu pin: parameters parse and execution.
Signed-off-by: Benyu Xu
---
vl.c | 115 +++
1 file changed, 115 insertions(+)
diff --git a/vl.c b/vl.c
index 36ff3f4..8c5dd25 100644
--- a/vl.c
+++ b/vl.c
@@ -167,6 +167,7 @@ int smp_cpus = 1;
int max_cpus = 1;
int smp_cores = 1;
int smp_threads = 1;
+int pcpu_id_array[131072 + 2] = {0}; /* 131072 = 1024 * 128 */
int acpi_enabled = 1;
int no_hpet = 0;
int fd_bootchk = 1;
@@ -1270,6 +1271,106 @@ static void smp_parse(QemuOpts *opts)
}
}
+static void vcpupin_parse(const char *pcpu_id_list, const int smp_cpus_num)
+{
+long pcpu_id;
+int pcpu_num = 0;
+bool pin_auto = false;
+bool id_is_range = false;
+long id_range_left;
+long id_range_right;
+int host_cpu_num;
+const char *tmp_id_list = pcpu_id_list;
+int ret = 0;
+
+if (!pcpu_id_list) {
+return;
+}
+
+if (strcmp(pcpu_id_list, "auto") == 0) {
+pin_auto = true;
+}
+
+host_cpu_num = get_pcpu_num(pin_auto, pcpu_id_array);
+if (host_cpu_num <= 0) {
+error_report("cannot determine host cpu number");
+exit(1);
+}
+
+if (smp_cpus_num > host_cpu_num) {
+error_report("host can serve only %d cpus, less than smp_cpus_num %d",
+ host_cpu_num, smp_cpus_num);
+exit(1);
+}
+
+if (pin_auto == true) {
+return;
+}
+
+if (isdigit(tmp_id_list[0]) == 0) {
+error_report("invalid pcpu id list %s", pcpu_id_list);
+error_report("pcpu id list should be \"auto\" or begin by digit");
+exit(1);
+}
+
+while (tmp_id_list[0] != '\0') {
+if (isdigit(tmp_id_list[0]) == 0 && tmp_id_list[0] != ',' &&
+tmp_id_list[0] != '-') {
+error_report("invalid pcpu id list %s", pcpu_id_list);
+error_report("pcpu id list only accept digit or ',' or '-'");
+exit(1);
+}
+tmp_id_list++;
+}
+tmp_id_list = pcpu_id_list;
+
+while (tmp_id_list) {
+ret = qemu_strtol(tmp_id_list, &tmp_id_list, 10, &pcpu_id);
+if (ret == ERANGE || pcpu_id < 0 || pcpu_id >= host_cpu_num) {
+error_report("pcpu id %ld is out of range", pcpu_id);
+exit(1);
+}
+
+if (id_is_range == true) {
+id_range_right = pcpu_id;
+if (id_range_right <= id_range_left) {
+error_report("invalid pcpu id list [%ld-%ld]",
+ id_range_left, id_range_right);
+exit(1);
+}
+for (; id_range_left <= id_range_right; id_range_left++) {
+pcpu_id_array[0] = pcpu_num;
+pcpu_id_array[pcpu_num] = id_range_left;
+pcpu_num++;
+}
+pcpu_num--;
+} else {
+pcpu_num++;
+pcpu_id_array[0] = pcpu_num;
+pcpu_id_array[pcpu_num] = pcpu_id;
+}
+
+if (tmp_id_list[0] == '\0') {
+break;
+} else if (tmp_id_list[0] == '-') {
+id_is_range = true;
+id_range_left = pcpu_id;
+} else {
+id_is_range = false;
+}
+tmp_id_list++;
+
+if (tmp_id_list[0] == '\0') {
+error_report("invalid pcpu id list %s", pcpu_id_list);
+error_report("pcpu id list should be end by digit");
+exit(1);
+} else if (isdigit(tmp_id_list[0]) == 0) {
+error_report("invalid pcpu id list %s", pcpu_id_list);
+exit(1);
+}
+}
+}
+
static void realtime_init(void)
{
if (enable_mlock) {
@@ -3024,6 +3125,9 @@ int main(int argc, char **argv, char **envp)
Error *main_loop_err = NULL;
Error *err = NULL;
bool list_data_dirs = false;
+
+const char *pcpu_id_list = NULL;
+
typedef struct BlockdevOptions_queue {
BlockdevOptions *bdo;
Location loc;
@@ -3810,6 +3914,9 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
break;
+case QEMU_OPTION_vcpupin:
+pcpu_id_list = optarg;
+break;
case QEMU_OPTION_vnc:
vnc_parse(optarg, &error_fatal);
break;
@@ -4222,6 +4329,8 @@ int main(int argc, char **argv, char **envp)
smp_parse(qemu_opts_find(qemu_find_opts("smp-opts"), NULL));
+vcpupin_parse(pcpu_id_list, smp_cpus);
+
machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */
if (max_cpus > machine_class->max_cpus) {
error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
@@ -4621,6 +4730,12 @@ int main(int argc, char **argv, char **envp)
machine_run_board_init(current_machine);
+pin_all_vcpus(smp_cpus, pcpu_id_array, &err);
+if (err) {
+error_report_err(err);
+exit(1);
+}
+
realtime_init();
soundhw_init();
--
1.8.3.1
[Qemu-devel] [PATCH 0/3] pin vcpus to pcpus(set CPU affinity).
Pin vcpus to pcpus(set CPU affinity). When run a Qemu in terminal, if we want to set the cpu affinity, for example, using the tool taskset, we should find the cpus' thread ID first and then pin it manually. It's a tedious process, now a new feature "vcpupin" can help this. This feature will be helpful to do performance tuning, it's more flexible and easily to use than external tools. Add option "-vcpupin [pcpu_id_list]" to implement this feature. use the host's physical or logical processor(pcpu) id to made a list to set cpu affinity, the vcpus will sequentially pin to the pcpus of this list. This means we should use the option -smp to allocate vcpus. Here use ',' to seperate the single id or id sequence, use '-' as the id sequence's connector. eg: a) qemu ... -smp 8 -vcpupin 0,2,4,6-10 ... It means qemu will pin 8 vcpus one by one and 1:1 to pcpu 0,2,4,6,7,8,9,10. b) qemu ... -smp 8 -vcpupin 6-10,0,4,2 ... It means qemu will pin 8 vcpus one by one and 1:1 to pcpu 6,7,8,9,10,0,4,2. c) qemu ... -smp 8 -vcpupin auto ... It means qemu will pin 8 vcpus one by one and 1:1 to pcpu 0,1,2,3,4,5,6,7. Benyu Xu (3): add some vcpu-pin related functions. vcpu pin: parameters parse and execution. add option -vcpupin into qemu-options. cpus.c| 126 ++ include/qom/cpu.h | 9 include/sysemu/cpus.h | 2 + qemu-options.hx | 19 vl.c | 115 + 5 files changed, 271 insertions(+) -- 1.8.3.1
[Qemu-devel] [PATCH 3/3] add option -vcpupin into qemu-options.
Signed-off-by: Benyu Xu
---
qemu-options.hx | 19 +++
1 file changed, 19 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
index 297bd8a..0c2cec3 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -141,6 +141,25 @@ given, the total number of CPUs @var{n} can be omitted.
@var{maxcpus}
specifies the maximum number of hotpluggable CPUs.
ETEXI
+DEF("vcpupin", HAS_ARG, QEMU_OPTION_vcpupin,
+"-vcpupin [pcpu_id_list]\n"
+"use the host's physical or logical processor(pcpu) id\n"
+"to made a pcpu id list to set cpu affinity.\n"
+"here use ',' to seperate the single id or id sequence,\n"
+"use '-' as a id sequence's connector,\n"
+"eg. qemu ... -smp 8 -vcpupin 0,2,4,6-10 ... \n"
+"this means qemu will pin 8 vcpus one by one and 1:1 to\n"
+"pcpu 0,2,4,6,7,8,9,10\n"
+"if pcpu_id_list=\"auto\", it means the pcpu id list is\n"
+"0,1,...,[smp_cpu_num-1]\n", QEMU_ARCH_ALL)
+STEXI
+@item -vcpupin @var{pcpu_id_list}
+@findex -vcpupin
+Pin the vcpus to pcpus(set CPU affinity). Use pcpus' id 0,1,2,3...etc. to
+make a valid pcpu id list, the vcpus will sequentially pin to the pcpus of
+this list 1:1 , this means we should use the @option{-smp} to allocate vcpus.
+ETEXI
+
DEF("numa", HAS_ARG, QEMU_OPTION_numa,
"-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n"
"-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n"
--
1.8.3.1
[Qemu-devel] [PATCH v2] block: fix leaks in bdrv_open_driver()
bdrv_open_driver() is called in two places, bdrv_new_open_driver() and
bdrv_open_common(). In the latter, failure cleanup in is in its caller,
bdrv_open_inherit(), which unrefs the bs->file of the failed driver open if it
exists.
Let's move the bs->file cleanup to bdrv_open_driver() to take care of all
callers and do not set bs->drv to NULL unless the driver's open function
failed. When bs is destroyed by removing its last reference, bdrv_close()
checks bs->drv to perform the needed cleanups and also call the driver's close
function.
Signed-off-by: Manos Pitsidianakis
---
v2:
move bdrv_unref_child(bs, bs->file) to bdrv_open_driver
do not set bs->drv to NULL if open succeeds
block.c | 21 +
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/block.c b/block.c
index 694396281b..df2a46990c 100644
--- a/block.c
+++ b/block.c
@@ -1091,6 +1091,7 @@ static int bdrv_open_driver(BlockDriverState *bs,
BlockDriver *drv,
{
Error *local_err = NULL;
int ret;
+bool open_failed;
bdrv_assign_node_name(bs, node_name, &local_err);
if (local_err) {
@@ -,7 +1112,9 @@ static int bdrv_open_driver(BlockDriverState *bs,
BlockDriver *drv,
ret = 0;
}
-if (ret < 0) {
+open_failed = ret < 0;
+
+if (open_failed) {
if (local_err) {
error_propagate(errp, local_err);
} else if (bs->filename[0]) {
@@ -1142,10 +1145,15 @@ static int bdrv_open_driver(BlockDriverState *bs,
BlockDriver *drv,
return 0;
free_and_fail:
-/* FIXME Close bs first if already opened*/
-g_free(bs->opaque);
-bs->opaque = NULL;
-bs->drv = NULL;
+if (open_failed) {
+g_free(bs->opaque);
+bs->opaque = NULL;
+bs->drv = NULL;
+}
+if (bs->file != NULL) {
+bdrv_unref_child(bs, bs->file);
+bs->file = NULL;
+}
return ret;
}
@@ -2607,9 +2615,6 @@ static BlockDriverState *bdrv_open_inherit(const char
*filename,
fail:
blk_unref(file);
-if (bs->file != NULL) {
-bdrv_unref_child(bs, bs->file);
-}
QDECREF(snapshot_options);
QDECREF(bs->explicit_options);
QDECREF(bs->options);
--
2.11.0
[Qemu-devel] [Bug 1701821] [NEW] floating-point operation bugs in qemu-sh4
Public bug reported: When running the gnulib testsuite, I'm seeing test failures in the tests for libm functions asinf cbrtf copysignf coshf expm1f fabsf floor fmaf ldexpf logbf round roundf sinhf tanhf How to reproduce: - Using gnulib, run ./gnulib-tool --create-testdir --dir=../testdir-math --single-configure asinf cbrtf copysignf coshf expm1f fabsf floor fma fmaf fmal ldexpf logbf round roundf sinhf tanhf - Set environment variables for using qemu-sh4. - cd testdir-math; mkdir build-sh4; cd build-sh4; ./configure --host=sh4-linux; make; make check Here are the failures (from the file testdir-math/build-sh4/gltests /test-suite.log): FAIL: test-asinf pc=0xf6751cdc sr=0x0101 pr=0xf6758e86 fpscr=0x0008 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0xf6751cd6 fpul=0x3f1a r0=0xf6751d88 r1=0x r2=0x0008 r3=0x r4=0xf6ffe21c r5=0xf6ffe230 r6=0xf6ffe2fc r7=0x r8=0x3f1a r9=0x3f1a r10=0x r11=0x r12=0xf67ab008 r13=0x r14=0x r15=0xf6ffe230 r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x Unhandled trap: 0x180 FAIL test-asinf (exit status: 1) FAIL: test-cbrtf pc=0x00400980 sr=0x0001 pr=0x00400684 fpscr=0x0008 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0x00400960 fpul=0x r0=0x00400ae8 r1=0x00412070 r2=0x3f1a r3=0xf6ffe2c0 r4=0x0001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x r8=0x00412064 r9=0x00400960 r10=0x r11=0x r12=0xf671dc58 r13=0x r14=0x r15=0xf6ffe21c r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x Unhandled trap: 0x180 FAIL test-cbrtf (exit status: 1) FAIL: test-copysignf pc=0x004004ce sr=0x0001 pr=0xf668d28c fpscr=0x0008 spc=0x ssr=0x gbr=0xf6674678 vbr=0x sgr=0x dbr=0x delayed_pc=0x004004d2 fpul=0x r0=0x8000 r1=0x3f4d r2=0xf6674284 r3=0xf6ffe2b0 r4=0x0001 r5=0xf6ffe2e4 r6=0xf6ffe2ec r7=0x r8=0x00411088 r9=0x00411084 r10=0x r11=0x r12=0xf67a8c58 r13=0x r14=0x r15=0xf6ffe240 r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x in conditional delay slot (delayed_pc=0x004004d2) Unhandled trap: 0x1a0 FAIL test-copysignf (exit status: 1) FAIL: test-coshf pc=0xf675223a sr=0x0101 pr=0xf675223c fpscr=0x0008 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0xf675231c fpul=0x3f1a r0=0x3f1a r1=0x3f1a r2=0x00e0 r3=0xf6ffe2c0 r4=0x0001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x r8=0x00400734 r9=0x r10=0x r11=0x r12=0xf67ab008 r13=0x r14=0x r15=0xf6ffe240 r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x in delay slot (delayed_pc=0xf675231c) Unhandled trap: 0x1a0 FAIL test-coshf (exit status: 1) FAIL: test-expm1f = pc=0xf6757e08 sr=0x pr=0x004005ce fpscr=0x00081000 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0xf6757dfe fpul=0x r0=0xf6757fb0 r1=0x1000 r2=0x0008 r3=0x3eb17218 r4=0x0001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x r8=0x00400514 r9=0x0064 r10=0x00400514 r11=0x r12=0xf67ab008 r13=0x r14=0x r15=0xf6ffe234 r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x Unhandled trap: 0x180 FAIL test-expm1f (exit status: 1) FAIL: test-fabsf pc=0x00400504 sr=0x0001 pr=0xf660228c fpscr=0x0008 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0x004004ec fpul=0x r0=0x00400640 r1=0x00412074 r2=0x r3=0x00412078 r4=0x0001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x0008 r8=0x004007ac r9=0x r10=0x r11=0x r12=0xf671dc58 r13=0x r14=0x r15=0xf6ffe260 r16=0x r17=0x r18=0x r19=0x r20=0x r21=0x r22=0x r23=0x Unhandled trap: 0x180 FAIL test-fabsf (exit status: 1) FAIL: test-floor2 = ../../gltests/test-floor2.c:130: assertion 'correct_result_p (x, reference)' failed qemu: uncaught target signal 6 (Aborted) - core dumped FAIL test-floor2 (exit status: 134) FAIL: test-fmaf2 pc=0xf675f5ac sr=0x0101 pr=0xf675f5a6 fpscr=0x0008 spc=0x ssr=0x gbr=0xf65e98e8 vbr=0x sgr=0x dbr=0x delayed_pc=0xf675f5a6 fpul=0x0180 r0=0xf675f4a
[Qemu-devel] [PATCH 1/3] hw/arm/virt: add pmu interrupt state
Mimicking gicv3-maintenance-interrupt, add the PMU's interrupt to
CPU state.
Signed-off-by: Andrew Jones
---
hw/arm/virt.c| 3 +++
target/arm/cpu.c | 2 ++
target/arm/cpu.h | 2 ++
3 files changed, 7 insertions(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 010f7244bf7c..9781e1cc5ed7 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -610,6 +610,9 @@ static void create_gic(VirtMachineState *vms, qemu_irq *pic)
qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0,
qdev_get_gpio_in(gicdev, ppibase
+ ARCH_GICV3_MAINT_IRQ));
+qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0,
+qdev_get_gpio_in(gicdev, ppibase
+ + VIRTUAL_PMU_IRQ));
sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev,
ARM_CPU_IRQ));
sysbus_connect_irq(gicbusdev, i + smp_cpus,
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 28a914129857..70cc8f4474af 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -499,6 +499,8 @@ static void arm_cpu_initfn(Object *obj)
qdev_init_gpio_out_named(DEVICE(cpu), &cpu->gicv3_maintenance_interrupt,
"gicv3-maintenance-interrupt", 1);
+qdev_init_gpio_out_named(DEVICE(cpu), &cpu->pmu_interrupt,
+ "pmu-interrupt", 1);
#endif
/* DTB consumers generally don't in fact care what the 'compatible'
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 102c58afac52..8d91166eb97b 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -584,6 +584,8 @@ struct ARMCPU {
qemu_irq gt_timer_outputs[NUM_GTIMERS];
/* GPIO output for GICv3 maintenance interrupt signal */
qemu_irq gicv3_maintenance_interrupt;
+/* GPIO output for the PMU interrupt */
+qemu_irq pmu_interrupt;
/* MemoryRegion to use for secure physical accesses */
MemoryRegion *secure_memory;
--
1.8.3.1
[Qemu-devel] [PATCH 0/3] ARM: KVM: Enable in-kernel PMU with user space gic
Andrew Jones (3): hw/arm/virt: add pmu interrupt state target/arm/kvm: split pmu init from creation hw/arm/virt: allow pmu instantiation with userspace irqchip hw/arm/virt.c| 13 +++-- target/arm/cpu.c | 2 ++ target/arm/cpu.h | 2 ++ target/arm/kvm.c | 6 +- target/arm/kvm32.c | 6 ++ target/arm/kvm64.c | 55 +--- target/arm/kvm_arm.h | 6 ++ 7 files changed, 58 insertions(+), 32 deletions(-) -- 1.8.3.1
[Qemu-devel] [PATCH 3/3] hw/arm/virt: allow pmu instantiation with userspace irqchip
Move the in-kernel-irqchip test to only guard the creation,
not the init'ing of the PMU. Also add the PMU to the KVM
device irq line synchronization to enable its use.
Signed-off-by: Andrew Jones
---
hw/arm/virt.c | 2 +-
target/arm/kvm.c | 6 +-
target/arm/kvm64.c | 3 +--
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 0cb8b479232d..53592fd0f30c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -495,7 +495,7 @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)
if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {
return;
}
-if (kvm_enabled() &&
+if (kvm_irqchip_in_kernel() &&
!kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ))) {
return;
}
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 7c17f0d629d7..211a7bf7befd 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -567,7 +567,11 @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run
*run)
switched_level &= ~KVM_ARM_DEV_EL1_PTIMER;
}
-/* XXX PMU IRQ is missing */
+if (switched_level & KVM_ARM_DEV_PMU) {
+qemu_set_irq(cpu->pmu_interrupt,
+ !!(run->s.regs.device_irq_level & KVM_ARM_DEV_PMU));
+switched_level &= ~KVM_ARM_DEV_PMU;
+}
if (switched_level) {
qemu_log_mask(LOG_UNIMP, "%s: unhandled in-kernel device IRQ %x\n",
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index d94e0a04f015..54e58e407812 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -506,8 +506,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
if (!arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_EL1_32BIT;
}
-if (!kvm_irqchip_in_kernel() ||
-!kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PMU_V3)) {
+if (!kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PMU_V3)) {
cpu->has_pmu = false;
}
if (cpu->has_pmu) {
--
1.8.3.1
[Qemu-devel] [PATCH 2/3] target/arm/kvm: split pmu init from creation
When adding a PMU with a userspace irqchip we only do the INIT
stage of the device creation.
Signed-off-by: Andrew Jones
---
hw/arm/virt.c| 10 --
target/arm/kvm32.c | 6 ++
target/arm/kvm64.c | 52 +---
target/arm/kvm_arm.h | 6 ++
4 files changed, 45 insertions(+), 29 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9781e1cc5ed7..0cb8b479232d 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -492,8 +492,14 @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)
CPU_FOREACH(cpu) {
armcpu = ARM_CPU(cpu);
-if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU) ||
-(kvm_enabled() && !kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ
{
+if (!arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {
+return;
+}
+if (kvm_enabled() &&
+!kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ))) {
+return;
+}
+if (kvm_enabled() && !kvm_arm_pmu_init(cpu)) {
return;
}
}
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index 069da0c5fd10..a51695f25911 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -527,3 +527,9 @@ int kvm_arm_pmu_create(CPUState *cs, int irq)
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
return 0;
}
+
+int kvm_arm_pmu_init(CPUState *cs)
+{
+qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
+return 0;
+}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index a16abc8d129e..d94e0a04f015 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -381,46 +381,44 @@ static CPUWatchpoint *find_hw_watchpoint(CPUState *cpu,
target_ulong addr)
return NULL;
}
-static bool kvm_arm_pmu_support_ctrl(CPUState *cs, struct kvm_device_attr
*attr)
-{
-return kvm_vcpu_ioctl(cs, KVM_HAS_DEVICE_ATTR, attr) == 0;
-}
-
-int kvm_arm_pmu_create(CPUState *cs, int irq)
+static bool kvm_arm_pmu_set_attr(CPUState *cs, struct kvm_device_attr *attr)
{
int err;
-struct kvm_device_attr attr = {
-.group = KVM_ARM_VCPU_PMU_V3_CTRL,
-.addr = (intptr_t)&irq,
-.attr = KVM_ARM_VCPU_PMU_V3_IRQ,
-.flags = 0,
-};
-
-if (!kvm_arm_pmu_support_ctrl(cs, &attr)) {
-return 0;
+err = kvm_vcpu_ioctl(cs, KVM_HAS_DEVICE_ATTR, attr);
+if (err != 0) {
+return false;
}
-err = kvm_vcpu_ioctl(cs, KVM_SET_DEVICE_ATTR, &attr);
+err = kvm_vcpu_ioctl(cs, KVM_SET_DEVICE_ATTR, attr);
if (err < 0) {
fprintf(stderr, "KVM_SET_DEVICE_ATTR failed: %s\n",
strerror(-err));
abort();
}
-attr.group = KVM_ARM_VCPU_PMU_V3_CTRL;
-attr.attr = KVM_ARM_VCPU_PMU_V3_INIT;
-attr.addr = 0;
-attr.flags = 0;
+return true;
+}
-err = kvm_vcpu_ioctl(cs, KVM_SET_DEVICE_ATTR, &attr);
-if (err < 0) {
-fprintf(stderr, "KVM_SET_DEVICE_ATTR failed: %s\n",
-strerror(-err));
-abort();
-}
+int kvm_arm_pmu_init(CPUState *cs)
+{
+struct kvm_device_attr attr = {
+.group = KVM_ARM_VCPU_PMU_V3_CTRL,
+.attr = KVM_ARM_VCPU_PMU_V3_INIT,
+};
+
+return kvm_arm_pmu_set_attr(cs, &attr);
+}
+
+int kvm_arm_pmu_create(CPUState *cs, int irq)
+{
+struct kvm_device_attr attr = {
+.group = KVM_ARM_VCPU_PMU_V3_CTRL,
+.addr = (intptr_t)&irq,
+.attr = KVM_ARM_VCPU_PMU_V3_IRQ,
+};
-return 1;
+return kvm_arm_pmu_set_attr(cs, &attr);
}
static inline void set_feature(uint64_t *features, int feature)
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index 633d08828a5d..3382762aa023 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -196,6 +196,7 @@ int kvm_arm_sync_mpstate_to_qemu(ARMCPU *cpu);
int kvm_arm_vgic_probe(void);
int kvm_arm_pmu_create(CPUState *cs, int irq);
+int kvm_arm_pmu_init(CPUState *cs);
#else
@@ -209,6 +210,11 @@ static inline int kvm_arm_pmu_create(CPUState *cs, int irq)
return 0;
}
+static inline int kvm_arm_pmu_init(CPUState *cs)
+{
+return 0;
+}
+
#endif
static inline const char *gic_class_name(void)
--
1.8.3.1
[Qemu-devel] [Bug 1701835] [NEW] floating-point operation bugs in qemu-alpha
Public bug reported: When running the gnulib testsuite, I'm seeing test failures in the tests for libm functions cbrt cbrtf ceil ceilf coshf exp2 exp2f floor floorf fma fmaf fmal frexp frexpf hypot hypotf hypotl ilogb ilogbf isfinite isinf isnan isnand isnanf ldexp ldexpf ldexpl log1p log1pf log2 log2f logb logbf logbl rint rintf rintl signbit sqrt sqrtf strtod that I don't see when running the same (statically linked) executables in a VM, through qemu-system-alpha. How to reproduce: - Using gnulib, run ./gnulib-tool --create-testdir --dir=../testdir-math --single-configure cbrt cbrtf ceil ceilf coshf exp2 exp2f float floor floorf fma fmaf fmal frexp frexpf hypot hypotf hypotl ilogb ilogbf isfinite isinf isnan isnand isnanf ldexp ldexpf ldexpl log1p log1pf log2 log2f logb logbf logbl math printf-frexp rint rintf rintl round roundf signbit sqrt sqrtf strtod trunc truncf - Copy the resulting directory to a VM running Linux 2.6.26 with qemu-system-alpha. - There, configure and build the package: mkdir build-native-static; cd build-native-static; ../configure CPPFLAGS="-Wall" LDFLAGS="-static"; make; make check Only 4 tests fail. - Copy the resulting binaries back to the original x86_64 machine. - Set environment variables for using qemu-alpha. - Here, 50 tests fail that did not fail originally: $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-cbrt ../../gltests/test-cbrt.h:39: assertion 'err > - L_(4.0) * L_(16.0) / TWO_MANT_DIG && err < L_(4.0) * L_(16.0) / TWO_MANT_DIG' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceil1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceil2 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceilf1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ceilf2 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-coshf ../../gltests/test-coshf.c:37: assertion 'y >= 1.1854652f && y <= 1.1854653f' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-float Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floor1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floor2 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floorf1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-floorf2 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fma1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fma2 ../../gltests/test-fma2.h:116: assertion 'result == expected' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmaf1 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmaf2 ../../gltests/test-fma2.h:116: assertion 'result == expected' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-fmal2 ../../gltests/test-fma2.h:116: assertion 'result == expected' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-frexp Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-frexpf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypot Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypotf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-hypotl ../../gltests/test-hypot.h:41: assertion 'z == HUGEVAL' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ilogb Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ilogbf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isfinite Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isinf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnan Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnand-nolibm Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnand Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnanf-nolibm Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-isnanf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexp Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexpf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-ldexpl ../../gltests/test-ldexp.h:99: assertion 'y == expected' failed Aborted (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log1p Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log1pf Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alpha test-log2 Floating point exception (core dumped) $ ~/inst-qemu/2.9.0/bin/qemu-alph
Re: [Qemu-devel] QEMU website (wiki) improvements
Am 23.01.2017 um 11:28 schrieb Stefan Hajnoczi: > On Sun, Jan 22, 2017 at 04:19:43PM +0100, Stefan Weil wrote: >> On 03/02/15 23:12, Stefan Hajnoczi wrote: >>> On Sat, Feb 28, 2015 at 04:29:44PM +0100, Stefan Weil wrote: * It does not support secure access (https), so each login is insecure. Can we get a free server certificate? >>> >>> This is on my todo list. I'm travelling right now but will work on it >>> over the coming weeks. >>> >>> There are some gotchas: >>> >>> 1. qemu.org vs qemu-project.org. Unless we get a SNI certificate, the >>>certificate will only be valid for one or the other. Users will get >>>an untrusted certificate message if they go to the other domain name. >>> >>> 2. We use subdomains, so a wildcard certificate is necessary. That's >>>not always offered for free so I need to compare the certificate >>>vendors. >>> >>> Stefan >> >> >> Although this discussion thread is rather old, its subject >> still applies. >> >> In the meantime there are free certificates available. >> We could add https support with a certificate from >> https://letsencrypt.org/. As long as there is only a >> small number of host names (*), I'd simply add them all >> to the primary certificate. In addition, SNI certificates >> for the different names can be installed. > > Good idea, Jeff and I have discussed Let's Encrypt and have experience > setting it up. > >> I can help with the installation if that is needed. >> >> Stefan >> >> (*) >> >> qemu.org >> qemu.osuosl.org >> qemu-project.org >> wiki.qemu.org >> wiki.qemu-project.org >> www.qemu.org >> www.qemu-project.org >> >> Are there more host names used? > > git.qemu.org > git.qemu-project.org > It looks like there were some changes since my last mail: The official website is now again www.qemu.org instead of qemu-project.org. Is qemu-project.org now deprecated? Also HTTPS was enabled, but uses a self signed certificate and does not show the correct contents, so https://www.qemu.org/ still does not work. Stefan
[Qemu-devel] [PATCH v2 0/8] target/s390x tcg patches
Changes since v1: * Errors corrected in CONVERT UNICODE * Address writeback corrected in SRST/SRSTU * IDTES feature added. * RISBG handling fixed. r~ David Hildenbrand (1): target/s390x: Allow to enable "idtes" feature for TCG Richard Henderson (7): target/s390x: Implement CSST target/s390x: Implement CONVERT UNICODE insns target/s390x: Tidy SRST target/s390x: Implement SRSTU target/s390x: Implement TRTR target/s390x: Mark ETF3 and ETF3_ENH facilities as available target/s390x: Fix risbg handling target/s390x/helper.h | 11 +- target/s390x/cpu_models.c | 5 + target/s390x/mem_helper.c | 585 +++-- target/s390x/translate.c | 92 ++- target/s390x/insn-data.def | 21 +- 5 files changed, 689 insertions(+), 25 deletions(-) -- 2.9.4
[Qemu-devel] [PATCH v2 4/8] target/s390x: Implement SRSTU
Signed-off-by: Richard Henderson
---
target/s390x/helper.h | 1 +
target/s390x/mem_helper.c | 41 +
target/s390x/translate.c | 13 +
target/s390x/insn-data.def | 2 ++
4 files changed, 57 insertions(+)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index a2e5b9b..32314e0 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -13,6 +13,7 @@ DEF_HELPER_FLAGS_3(divu32, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(divs64, TCG_CALL_NO_WG, s64, env, s64, s64)
DEF_HELPER_FLAGS_4(divu64, TCG_CALL_NO_WG, i64, env, i64, i64, i64)
DEF_HELPER_3(srst, void, env, i32, i32)
+DEF_HELPER_3(srstu, void, env, i32, i32)
DEF_HELPER_4(clst, i64, env, i64, i64, i64)
DEF_HELPER_FLAGS_4(mvn, TCG_CALL_NO_WG, void, env, i32, i64, i64)
DEF_HELPER_FLAGS_4(mvo, TCG_CALL_NO_WG, void, env, i32, i64, i64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 74b48aa..e3db68d 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -576,6 +576,47 @@ void HELPER(srst)(CPUS390XState *env, uint32_t r1,
uint32_t r2)
set_address(env, r2, str + len);
}
+void HELPER(srstu)(CPUS390XState *env, uint32_t r1, uint32_t r2)
+{
+uintptr_t ra = GETPC();
+uint32_t len;
+uint16_t v, c = env->regs[0];
+uint64_t end, str, adj_end;
+
+/* Bits 32-47 of R0 must be zero. */
+if (env->regs[0] & 0xu) {
+cpu_restore_state(ENV_GET_CPU(env), ra);
+program_interrupt(env, PGM_SPECIFICATION, 6);
+}
+
+str = get_address(env, r2);
+end = get_address(env, r1);
+
+/* If the LSB of the two addresses differ, use one extra byte. */
+adj_end = end + ((str ^ end) & 1);
+
+/* Lest we fail to service interrupts in a timely manner, limit the
+ amount of work we're willing to do. For now, let's cap at 8k. */
+for (len = 0; len < 0x2000; len += 2) {
+if (str + len == adj_end) {
+/* End of input found. */
+env->cc_op = 2;
+return;
+}
+v = cpu_lduw_data_ra(env, str + len, ra);
+if (v == c) {
+/* Character found. Set R1 to the location; R2 is unmodified. */
+env->cc_op = 1;
+set_address(env, r1, str + len);
+return;
+}
+}
+
+/* CPU-determined bytes processed. Advance R2 to next byte to process. */
+env->cc_op = 3;
+set_address(env, r2, str + len);
+}
+
/* unsigned string compare (c is string terminator) */
uint64_t HELPER(clst)(CPUS390XState *env, uint64_t c, uint64_t s1, uint64_t s2)
{
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index b887843..09b77ea 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4291,6 +4291,19 @@ static ExitStatus op_srst(DisasContext *s, DisasOps *o)
return NO_EXIT;
}
+static ExitStatus op_srstu(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
+TCGv_i32 r2 = tcg_const_i32(get_field(s->fields, r2));
+
+gen_helper_srstu(cpu_env, r1, r2);
+
+tcg_temp_free_i32(r1);
+tcg_temp_free_i32(r2);
+set_cc_static(s);
+return NO_EXIT;
+}
+
static ExitStatus op_sub(DisasContext *s, DisasOps *o)
{
tcg_gen_sub_i64(o->out, o->in1, o->in2);
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index bc6ff01..1d34df03 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -737,6 +737,8 @@
/* SEARCH STRING */
C(0xb25e, SRST,RRE, Z, 0, 0, 0, 0, srst, 0)
+/* SEARCH STRING UNICODE */
+C(0xb9be, SRSTU, RRE, ETF3, 0, 0, 0, 0, srstu, 0)
/* SET ACCESS */
C(0xb24e, SAR, RRE, Z, 0, r2_o, 0, 0, sar, 0)
--
2.9.4
[Qemu-devel] [PATCH v2 1/8] target/s390x: Implement CSST
Signed-off-by: Richard Henderson
---
target/s390x/helper.h | 1 +
target/s390x/cpu_models.c | 2 +
target/s390x/mem_helper.c | 189 +
target/s390x/translate.c | 13 +++-
target/s390x/insn-data.def | 2 +
5 files changed, 206 insertions(+), 1 deletion(-)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 964097b..23e8d1d 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -33,6 +33,7 @@ DEF_HELPER_3(celgb, i64, env, i64, i32)
DEF_HELPER_3(cdlgb, i64, env, i64, i32)
DEF_HELPER_3(cxlgb, i64, env, i64, i32)
DEF_HELPER_4(cdsg, void, env, i64, i32, i32)
+DEF_HELPER_4(csst, i32, env, i32, i64, i64)
DEF_HELPER_FLAGS_3(aeb, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(adb, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_5(axb, TCG_CALL_NO_WG, i64, env, i64, i64, i64, i64)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 63903c2..08290ce 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -684,6 +684,8 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
S390_FEAT_ETF2_ENH,
S390_FEAT_STORE_CLOCK_FAST,
S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
+S390_FEAT_COMPARE_AND_SWAP_AND_STORE,
+S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
S390_FEAT_EXECUTE_EXT,
S390_FEAT_FLOATING_POINT_SUPPPORT_ENH,
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index ede8471..513b402 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1353,6 +1353,195 @@ void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
env->regs[r1 + 1] = int128_getlo(oldv);
}
+uint32_t HELPER(csst)(CPUS390XState *env, uint32_t r3, uint64_t a1, uint64_t
a2)
+{
+#if !defined(CONFIG_USER_ONLY) || defined(CONFIG_ATOMIC128)
+uint32_t mem_idx = cpu_mmu_index(env, false);
+#endif
+uintptr_t ra = GETPC();
+uint32_t fc = extract32(env->regs[0], 0, 8);
+uint32_t sc = extract32(env->regs[0], 8, 8);
+uint64_t pl = get_address(env, 1) & -16;
+uint64_t svh, svl;
+uint32_t cc;
+
+/* Sanity check the function code and storage characteristic. */
+if (fc > 1 || sc > 3) {
+if (!s390_has_feat(S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2)) {
+goto spec_exception;
+}
+if (fc > 2 || sc > 4 || (fc == 2 && (r3 & 1))) {
+goto spec_exception;
+}
+}
+
+/* Sanity check the alignments. */
+if (extract32(a1, 0, 4 << fc) || extract32(a2, 0, 1 << sc)) {
+goto spec_exception;
+}
+
+/* Sanity check writability of the store address. */
+#ifndef CONFIG_USER_ONLY
+probe_write(env, a2, mem_idx, ra);
+#endif
+
+/* Note that the compare-and-swap is atomic, and the store is atomic, but
+ the complete operation is not. Therefore we do not need to assert
serial
+ context in order to implement this. That said, restart early if we
can't
+ support either operation that is supposed to be atomic. */
+if (parallel_cpus) {
+int mask = 0;
+#if !defined(CONFIG_ATOMIC64)
+mask = -8;
+#elif !defined(CONFIG_ATOMIC128)
+mask = -16;
+#endif
+if (((4 << fc) | (1 << sc)) & mask) {
+cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+}
+}
+
+/* All loads happen before all stores. For simplicity, load the entire
+ store value area from the parameter list. */
+svh = cpu_ldq_data_ra(env, pl + 16, ra);
+svl = cpu_ldq_data_ra(env, pl + 24, ra);
+
+switch (fc) {
+case 0:
+{
+uint32_t nv = cpu_ldl_data_ra(env, pl, ra);
+uint32_t cv = env->regs[r3];
+uint32_t ov;
+
+if (parallel_cpus) {
+#ifdef CONFIG_USER_ONLY
+uint32_t *haddr = g2h(a1);
+ov = atomic_cmpxchg__nocheck(haddr, cv, nv);
+#else
+TCGMemOpIdx oi = make_memop_idx(MO_TEUL | MO_ALIGN, mem_idx);
+ov = helper_atomic_cmpxchgl_be_mmu(env, a1, cv, nv, oi, ra);
+#endif
+} else {
+ov = cpu_ldl_data_ra(env, a1, ra);
+cpu_stl_data_ra(env, a1, (ov == cv ? nv : ov), ra);
+}
+cc = (ov != cv);
+env->regs[r3] = deposit64(env->regs[r3], 32, 32, ov);
+}
+break;
+
+case 1:
+{
+uint64_t nv = cpu_ldq_data_ra(env, pl, ra);
+uint64_t cv = env->regs[r3];
+uint64_t ov;
+
+if (parallel_cpus) {
+#ifdef CONFIG_USER_ONLY
+# ifdef CONFIG_ATOMIC64
+uint64_t *haddr = g2h(a1);
+ov = atomic_cmpxchg__nocheck(haddr, cv, nv);
+# else
+/* Note that we asserted !parallel_cpus above. */
+g_assert_not_reached();
+# endif
+#else
+TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN, mem_idx);
+ov = helper_atomic_cmpxchgq_be_mm
Re: [Qemu-devel] [PATCH v1] target-s390x: fix risbg handling
On 06/25/2017 03:19 PM, Aurelien Jarno wrote:
On 2017-06-23 01:12, David Hildenbrand wrote:
If we have for example: r3 contains 0x
ec 33 3f bf 61 55 risbg %r3,%r3,63,191,97
We want to rotate 33 to the left and only keep MSB bit 63 of that. So the
result is then exactly 1 (we're reading the sign of the 32 bit value).
Current code assumes that we can do that via an extract, which is not
true (at least not that easy) and produces a 0.
I think the mistake there is that the rotation is done to the left,
while in extract the "shift" is done to the right. The following patch
should be enough:
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3441,8 +3441,8 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
}
/* In some cases we can implement this with extract. */
-if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
-tcg_gen_extract_i64(o->out, o->in2, rot, len);
+if (imask == 0 && pos == 0 && len > 0 && rot - len >= 0) {
+tcg_gen_extract_i64(o->out, o->in2, 64 - rot, len);
return NO_EXIT;
Agreed. Included.
r~
[Qemu-devel] [PATCH v2 7/8] target/s390x: Allow to enable "idtes" feature for TCG
From: David Hildenbrand
STFL bit 4 and 5 are just indications to the guest, which TLB entries an
IDTE call will clear. These are performance indicators for the guest.
STFL bit 4:
INVALIDATE DAT TABLE ENTRY (IDTE) performs
the invalidation-and-clearing operation by
selectively clearing TLB segment-table entries
when a segment-table entry or entries are
invalidated. IDTE also performs the clearing-by-
ASCE operation. Unless bit 4 is one, IDTE simply
purges all TLBs. Bit 3 is one if bit 4 is one.
We can simply set STFL bit 4 ("idtes") and still purge the complete TLB.
Purging more than advertised is never bad. E.g. Linux doesn't even care
about this bit. We can optimized this later.
This is helpful, as the z9 base model contains this facility.
STFL bit 5 (clearing TLB region-table-entries) was never implemented on
real HW, therefore we can simply ignore it for now.
Signed-off-by: David Hildenbrand
Message-Id: <20170627161032.5014-1-da...@redhat.com>
Signed-off-by: Richard Henderson
---
target/s390x/cpu_models.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 91ef8eb..ca9168d 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -676,6 +676,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
{
static const int feats[] = {
S390_FEAT_DAT_ENH,
+S390_FEAT_IDTE_SEGMENT,
S390_FEAT_STFLE,
S390_FEAT_EXTENDED_IMMEDIATE,
S390_FEAT_EXTENDED_TRANSLATION_2,
--
2.9.4
[Qemu-devel] [PATCH v2 3/8] target/s390x: Tidy SRST
Since we require all registers saved on input, read R0 from ENV instead
of passing it manually. Recognize the specification exception when R0
contains incorrect data. Keep high bits of result registers unmodified
when in 31 or 24-bit mode.
Signed-off-by: Richard Henderson
---
target/s390x/helper.h | 2 +-
target/s390x/mem_helper.c | 25 ++---
target/s390x/translate.c | 9 +++--
target/s390x/insn-data.def | 2 +-
4 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 2793cf3..a2e5b9b 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -12,7 +12,7 @@ DEF_HELPER_FLAGS_3(divs32, TCG_CALL_NO_WG, s64, env, s64, s64)
DEF_HELPER_FLAGS_3(divu32, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(divs64, TCG_CALL_NO_WG, s64, env, s64, s64)
DEF_HELPER_FLAGS_4(divu64, TCG_CALL_NO_WG, i64, env, i64, i64, i64)
-DEF_HELPER_4(srst, i64, env, i64, i64, i64)
+DEF_HELPER_3(srst, void, env, i32, i32)
DEF_HELPER_4(clst, i64, env, i64, i64, i64)
DEF_HELPER_FLAGS_4(mvn, TCG_CALL_NO_WG, void, env, i32, i64, i64)
DEF_HELPER_FLAGS_4(mvo, TCG_CALL_NO_WG, void, env, i32, i64, i64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 0b18560..74b48aa 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -538,18 +538,21 @@ static inline void set_length(CPUS390XState *env, int
reg, uint64_t length)
}
/* search string (c is byte to search, r2 is string, r1 end of string) */
-uint64_t HELPER(srst)(CPUS390XState *env, uint64_t r0, uint64_t end,
- uint64_t str)
+void HELPER(srst)(CPUS390XState *env, uint32_t r1, uint32_t r2)
{
uintptr_t ra = GETPC();
+uint64_t end, str;
uint32_t len;
-uint8_t v, c = r0;
+uint8_t v, c = env->regs[0];
-str = wrap_address(env, str);
-end = wrap_address(env, end);
+/* Bits 32-55 must contain all 0. */
+if (env->regs[0] & 0xff00u) {
+cpu_restore_state(ENV_GET_CPU(env), ra);
+program_interrupt(env, PGM_SPECIFICATION, 6);
+}
-/* Assume for now that R2 is unmodified. */
-env->retxl = str;
+str = get_address(env, r2);
+end = get_address(env, r1);
/* Lest we fail to service interrupts in a timely manner, limit the
amount of work we're willing to do. For now, let's cap at 8k. */
@@ -557,20 +560,20 @@ uint64_t HELPER(srst)(CPUS390XState *env, uint64_t r0,
uint64_t end,
if (str + len == end) {
/* Character not found. R1 & R2 are unmodified. */
env->cc_op = 2;
-return end;
+return;
}
v = cpu_ldub_data_ra(env, str + len, ra);
if (v == c) {
/* Character found. Set R1 to the location; R2 is unmodified. */
env->cc_op = 1;
-return str + len;
+set_address(env, r1, str + len);
+return;
}
}
/* CPU-determined bytes processed. Advance R2 to next byte to process. */
-env->retxl = str + len;
env->cc_op = 3;
-return end;
+set_address(env, r2, str + len);
}
/* unsigned string compare (c is string terminator) */
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 9301daa..b887843 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4280,9 +4280,14 @@ static ExitStatus op_stpq(DisasContext *s, DisasOps *o)
static ExitStatus op_srst(DisasContext *s, DisasOps *o)
{
-gen_helper_srst(o->in1, cpu_env, regs[0], o->in1, o->in2);
+TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
+TCGv_i32 r2 = tcg_const_i32(get_field(s->fields, r2));
+
+gen_helper_srst(cpu_env, r1, r2);
+
+tcg_temp_free_i32(r1);
+tcg_temp_free_i32(r2);
set_cc_static(s);
-return_low128(o->in2);
return NO_EXIT;
}
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 323a301..bc6ff01 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -736,7 +736,7 @@
C(0xec57, RXSBG, RIE_f, GIE, 0, r2, r1, 0, rosbg, 0)
/* SEARCH STRING */
-C(0xb25e, SRST,RRE, Z, r1_o, r2_o, 0, 0, srst, 0)
+C(0xb25e, SRST,RRE, Z, 0, 0, 0, 0, srst, 0)
/* SET ACCESS */
C(0xb24e, SAR, RRE, Z, 0, r2_o, 0, 0, sar, 0)
--
2.9.4
[Qemu-devel] [PATCH v2 2/8] target/s390x: Implement CONVERT UNICODE insns
Signed-off-by: Richard Henderson
---
target/s390x/helper.h | 6 +
target/s390x/mem_helper.c | 310 +
target/s390x/translate.c | 44 +++
target/s390x/insn-data.def | 13 ++
4 files changed, 373 insertions(+)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 23e8d1d..2793cf3 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -107,6 +107,12 @@ DEF_HELPER_2(stfle, i32, env, i64)
DEF_HELPER_FLAGS_2(lpq, TCG_CALL_NO_WG, i64, env, i64)
DEF_HELPER_FLAGS_4(stpq, TCG_CALL_NO_WG, void, env, i64, i64, i64)
DEF_HELPER_4(mvcos, i32, env, i64, i64, i64)
+DEF_HELPER_4(cu12, i32, env, i32, i32, i32)
+DEF_HELPER_4(cu14, i32, env, i32, i32, i32)
+DEF_HELPER_4(cu21, i32, env, i32, i32, i32)
+DEF_HELPER_4(cu24, i32, env, i32, i32, i32)
+DEF_HELPER_4(cu41, i32, env, i32, i32, i32)
+DEF_HELPER_4(cu42, i32, env, i32, i32, i32)
#ifndef CONFIG_USER_ONLY
DEF_HELPER_3(servc, i32, env, i64, i64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 513b402..0b18560 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -2196,3 +2196,313 @@ uint32_t HELPER(mvcos)(CPUS390XState *env, uint64_t
dest, uint64_t src,
return cc;
}
+
+/* Decode a Unicode character. A return value < 0 indicates success, storing
+ the UTF-32 result into OCHAR and the input length into OLEN. A return
+ value >= 0 indicates failure, and the CC value to be returned. */
+typedef int (*decode_unicode_fn)(CPUS390XState *env, uint64_t addr,
+ uint64_t ilen, bool enh_check, uintptr_t ra,
+ uint32_t *ochar, uint32_t *olen);
+
+/* Encode a Unicode character. A return value < 0 indicates success, storing
+ the bytes into ADDR and the output length into OLEN. A return value >= 0
+ indicates failure, and the CC value to be returned. */
+typedef int (*encode_unicode_fn)(CPUS390XState *env, uint64_t addr,
+ uint64_t ilen, uintptr_t ra, uint32_t c,
+ uint32_t *olen);
+
+static int decode_utf8(CPUS390XState *env, uint64_t addr, uint64_t ilen,
+ bool enh_check, uintptr_t ra,
+ uint32_t *ochar, uint32_t *olen)
+{
+uint8_t s0, s1, s2, s3;
+uint32_t c, l;
+
+if (ilen < 1) {
+return 0;
+}
+s0 = cpu_ldub_data_ra(env, addr, ra);
+if (s0 <= 0x7f) {
+/* one byte character */
+l = 1;
+c = s0;
+} else if (s0 <= (enh_check ? 0xc1 : 0xbf)) {
+/* invalid character */
+return 2;
+} else if (s0 <= 0xdf) {
+/* two byte character */
+l = 2;
+if (ilen < 2) {
+return 0;
+}
+s1 = cpu_ldub_data_ra(env, addr + 1, ra);
+c = s0 & 0x1f;
+c = (c << 6) | (s1 & 0x3f);
+if (enh_check && (s1 & 0xc0) != 0x80) {
+return 2;
+}
+} else if (s0 <= 0xef) {
+/* three byte character */
+l = 3;
+if (ilen < 3) {
+return 0;
+}
+s1 = cpu_ldub_data_ra(env, addr + 1, ra);
+s2 = cpu_ldub_data_ra(env, addr + 2, ra);
+c = s0 & 0x0f;
+c = (c << 6) | (s1 & 0x3f);
+c = (c << 6) | (s2 & 0x3f);
+/* Fold the byte-by-byte range descriptions in the PoO into
+ tests against the complete value. It disallows encodings
+ that could be smaller, and the UTF-16 surrogates. */
+if (enh_check
+&& ((s1 & 0xc0) != 0x80
+|| (s2 & 0xc0) != 0x80
+|| c < 0x1000
+|| (c >= 0xd800 && c <= 0xdfff))) {
+return 2;
+}
+} else if (s0 <= (enh_check ? 0xf4 : 0xf7)) {
+/* four byte character */
+l = 4;
+if (ilen < 4) {
+return 0;
+}
+s1 = cpu_ldub_data_ra(env, addr + 1, ra);
+s2 = cpu_ldub_data_ra(env, addr + 2, ra);
+s3 = cpu_ldub_data_ra(env, addr + 3, ra);
+c = s0 & 0x0f;
+c = (c << 6) | (s1 & 0x3f);
+c = (c << 6) | (s2 & 0x3f);
+c = (c << 6) | (s3 & 0x3f);
+/* See above. */
+if (enh_check
+&& ((s1 & 0xc0) != 0x80
+|| (s2 & 0xc0) != 0x80
+|| (s3 & 0xc0) != 0x80
+|| c < 0x01
+|| c > 0x10)) {
+return 2;
+}
+} else {
+/* invalid character */
+return 2;
+}
+
+*ochar = c;
+*olen = l;
+return -1;
+}
+
+static int decode_utf16(CPUS390XState *env, uint64_t addr, uint64_t ilen,
+bool enh_check, uintptr_t ra,
+uint32_t *ochar, uint32_t *olen)
+{
+uint16_t s0, s1;
+uint32_t c, l;
+
+if (ilen < 2) {
+return 0;
+}
+s0 = cpu_lduw_data_ra(env, addr, ra);
+if ((s0 & 0xfc00) != 0xd800) {
+/* one word character */
+l = 2;
+
[Qemu-devel] [PATCH v2 5/8] target/s390x: Implement TRTR
Drop TRT from the set of insns handled internally by EXECUTE.
It's more important to adjust the existing helper to handle
both TRT and TRTR.
Reviewed-by: Aurelien Jarno
Signed-off-by: Richard Henderson
---
target/s390x/helper.h | 1 +
target/s390x/mem_helper.c | 20 +---
target/s390x/translate.c | 9 +
target/s390x/insn-data.def | 2 ++
4 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 32314e0..4b02907 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -97,6 +97,7 @@ DEF_HELPER_FLAGS_3(tp, TCG_CALL_NO_WG, i32, env, i64, i32)
DEF_HELPER_FLAGS_4(tr, TCG_CALL_NO_WG, void, env, i32, i64, i64)
DEF_HELPER_4(tre, i64, env, i64, i64, i64)
DEF_HELPER_4(trt, i32, env, i32, i64, i64)
+DEF_HELPER_4(trtr, i32, env, i32, i64, i64)
DEF_HELPER_5(trXX, i32, env, i32, i32, i32, i32)
DEF_HELPER_4(cksm, i64, env, i64, i64, i64)
DEF_HELPER_FLAGS_5(calc_cc, TCG_CALL_NO_RWG_SE, i32, env, i32, i64, i64, i64)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index e3db68d..b9d0477 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1277,17 +1277,18 @@ uint64_t HELPER(tre)(CPUS390XState *env, uint64_t array,
return array + i;
}
-static uint32_t do_helper_trt(CPUS390XState *env, uint32_t len, uint64_t array,
- uint64_t trans, uintptr_t ra)
+static inline uint32_t do_helper_trt(CPUS390XState *env, int len,
+ uint64_t array, uint64_t trans,
+ int inc, uintptr_t ra)
{
-uint32_t i;
+int i;
for (i = 0; i <= len; i++) {
-uint8_t byte = cpu_ldub_data_ra(env, array + i, ra);
+uint8_t byte = cpu_ldub_data_ra(env, array + i * inc, ra);
uint8_t sbyte = cpu_ldub_data_ra(env, trans + byte, ra);
if (sbyte != 0) {
-set_address(env, 1, array + i);
+set_address(env, 1, array + i * inc);
env->regs[2] = deposit64(env->regs[2], 0, 8, sbyte);
return (i == len) ? 2 : 1;
}
@@ -1299,7 +1300,13 @@ static uint32_t do_helper_trt(CPUS390XState *env,
uint32_t len, uint64_t array,
uint32_t HELPER(trt)(CPUS390XState *env, uint32_t len, uint64_t array,
uint64_t trans)
{
-return do_helper_trt(env, len, array, trans, GETPC());
+return do_helper_trt(env, len, array, trans, 1, GETPC());
+}
+
+uint32_t HELPER(trtr)(CPUS390XState *env, uint32_t len, uint64_t array,
+ uint64_t trans)
+{
+return do_helper_trt(env, len, array, trans, -1, GETPC());
}
/* Translate one/two to one/two */
@@ -2119,7 +2126,6 @@ void HELPER(ex)(CPUS390XState *env, uint32_t ilen,
uint64_t r1, uint64_t addr)
[0x6] = do_helper_oc,
[0x7] = do_helper_xc,
[0xc] = do_helper_tr,
-[0xd] = do_helper_trt,
};
dx_helper helper = dx[opc & 0xf];
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 09b77ea..1f0c401 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4440,6 +4440,15 @@ static ExitStatus op_trt(DisasContext *s, DisasOps *o)
return NO_EXIT;
}
+static ExitStatus op_trtr(DisasContext *s, DisasOps *o)
+{
+TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
+gen_helper_trtr(cc_op, cpu_env, l, o->addr1, o->in2);
+tcg_temp_free_i32(l);
+set_cc_static(s);
+return NO_EXIT;
+}
+
static ExitStatus op_trXX(DisasContext *s, DisasOps *o)
{
TCGv_i32 r1 = tcg_const_i32(get_field(s->fields, r1));
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 1d34df03..ad84c74 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -916,6 +916,8 @@
C(0xdc00, TR, SS_a, Z, la1, a2, 0, 0, tr, 0)
/* TRANSLATE AND TEST */
C(0xdd00, TRT, SS_a, Z, la1, a2, 0, 0, trt, 0)
+/* TRANSLATE AND TEST REVERSE */
+C(0xd000, TRTR,SS_a, ETF3, la1, a2, 0, 0, trtr, 0)
/* TRANSLATE EXTENDED */
C(0xb2a5, TRE, RRE, Z, 0, r2, r1_P, 0, tre, 0)
--
2.9.4
[Qemu-devel] [PATCH v2 6/8] target/s390x: Mark ETF3 and ETF3_ENH facilities as available
Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index 08290ce..91ef8eb 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -679,11 +679,13 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_STFLE, S390_FEAT_EXTENDED_IMMEDIATE, S390_FEAT_EXTENDED_TRANSLATION_2, +S390_FEAT_EXTENDED_TRANSLATION_3, S390_FEAT_LONG_DISPLACEMENT, S390_FEAT_LONG_DISPLACEMENT_FAST, S390_FEAT_ETF2_ENH, S390_FEAT_STORE_CLOCK_FAST, S390_FEAT_MOVE_WITH_OPTIONAL_SPEC, +S390_FEAT_ETF3_ENH, S390_FEAT_COMPARE_AND_SWAP_AND_STORE, S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2, S390_FEAT_GENERAL_INSTRUCTIONS_EXT, -- 2.9.4
[Qemu-devel] [PATCH v2 8/8] target/s390x: Fix risbg handling
The rotation is to the left, but extract shifts to the right.
The computation of the extract parameters needs adjusting.
For the entry condition, simplify
64 - rot + len <= 64
-rot + len <= 0
len <= rot
Reported-by: David Hildenbrand
Suggested-by: Aurelien Jarno
Signed-off-by: Richard Henderson
---
target/s390x/translate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 1f0c401..89b2ea5 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3472,8 +3472,8 @@ static ExitStatus op_risbg(DisasContext *s, DisasOps *o)
}
/* In some cases we can implement this with extract. */
-if (imask == 0 && pos == 0 && len > 0 && rot + len <= 64) {
-tcg_gen_extract_i64(o->out, o->in2, rot, len);
+if (imask == 0 && pos == 0 && len > 0 && len <= rot) {
+tcg_gen_extract_i64(o->out, o->in2, 64 - rot, len);
return NO_EXIT;
}
--
2.9.4
Re: [Qemu-devel] TPM status
On 06/29/17 21:31, Stefan Berger wrote: > On 06/27/2017 12:32 PM, Laszlo Ersek wrote: >> >> Looks great to me, thank you! >> >> Two requests in addition to the above remarks: >> - can you provide command line options / examples wherever appropriate? > > I didn't add it because we describe that on this page here: > > http://download.qemu.org/qemu-doc.html > > > "To create a passthrough TPM use the following two options: > > -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0" Yes, I saw that in the manual. The manual is huge, and personally I'd prefer either an embedded example or a more targeted reference. At least in "docs/pcie.txt", Marcel added a whole bunch of command line snippets, and it is *very* useful (to me anyway). "docs/specs/fw_cfg.txt" also talks about the command line under "Externally Provided Items". Thanks for considering it, Laszlo
Re: [Qemu-devel] [PATCH] util/cacheinfo: Fix warning generated by clang
On 06/30/2017 08:39 AM, Pranith Kumar wrote:
Clang generates the following warning on aarch64 host:
CC util/cacheinfo.o
/home/pranith/qemu/util/cacheinfo.c:121:48: warning: value size does not match
register size specified by the constraint and modifier [-Wasm-operand-widths]
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^
/home/pranith/qemu/util/cacheinfo.c:121:28: note: use constraint modifier "w"
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^~
%w0
That is an absolutely stupid warning. There's long precedent for the compiler
choosing the prefix for you based on the type of the argument.
Constraint modifier 'w' is not (yet?) accepted by gcc. Fix this by increasing
the ctr size.
Certainly it is -- since the beginning of time.
r~
Re: [Qemu-devel] [PATCH] util/cacheinfo: Fix warning generated by clang
On 1 July 2017 at 23:20, Richard Henderson wrote:
> On 06/30/2017 08:39 AM, Pranith Kumar wrote:
>>
>> Clang generates the following warning on aarch64 host:
>>
>>CC util/cacheinfo.o
>> /home/pranith/qemu/util/cacheinfo.c:121:48: warning: value size does not
>> match register size specified by the constraint and modifier
>> [-Wasm-operand-widths]
>> asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
>> ^
>> /home/pranith/qemu/util/cacheinfo.c:121:28: note: use constraint modifier
>> "w"
>> asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
>> ^~
>> %w0
>
>
> That is an absolutely stupid warning. There's long precedent for the
> compiler choosing the prefix for you based on the type of the argument.
Isn't that the problem? The type of the argument says "32 bits"
but the instruction here really wants 64 bits (MRS takes Xn, not Wn).
thanks
-- PMM
Re: [Qemu-devel] [PATCH] util/cacheinfo: Fix warning generated by clang
On 07/01/2017 03:30 PM, Peter Maydell wrote:
On 1 July 2017 at 23:20, Richard Henderson wrote:
On 06/30/2017 08:39 AM, Pranith Kumar wrote:
Clang generates the following warning on aarch64 host:
CC util/cacheinfo.o
/home/pranith/qemu/util/cacheinfo.c:121:48: warning: value size does not
match register size specified by the constraint and modifier
[-Wasm-operand-widths]
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^
/home/pranith/qemu/util/cacheinfo.c:121:28: note: use constraint modifier
"w"
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^~
%w0
That is an absolutely stupid warning. There's long precedent for the
compiler choosing the prefix for you based on the type of the argument.
Isn't that the problem? The type of the argument says "32 bits"
but the instruction here really wants 64 bits (MRS takes Xn, not Wn).
The warning is telling me to use %w to force Wn. So if the assembler really
doesn't like Wn, the warning is a bit more than confusing.
Perhaps it ought to be telling me to use %x to force Xn in spite of the type?
r~
Re: [Qemu-devel] [PATCH v11 01/29] Pass generic CPUState to gen_intermediate_code()
On 06/28/2017 05:20 AM, Lluís Vilanova wrote: -void gen_intermediate_code(CPUArchState *env, struct TranslationBlock *tb); +void gen_intermediate_code(CPUState *env, struct TranslationBlock *tb); Ought to change the argument name too. r~
Re: [Qemu-devel] [PATCH] util/cacheinfo: Fix warning generated by clang
On 1 July 2017 at 23:35, Richard Henderson wrote: > On 07/01/2017 03:30 PM, Peter Maydell wrote: >> >> On 1 July 2017 at 23:20, Richard Henderson wrote: >>> That is an absolutely stupid warning. There's long precedent for the >>> compiler choosing the prefix for you based on the type of the argument. >> >> >> Isn't that the problem? The type of the argument says "32 bits" >> but the instruction here really wants 64 bits (MRS takes Xn, not Wn). > > > The warning is telling me to use %w to force Wn. So if the assembler really > doesn't like Wn, the warning is a bit more than confusing. Wouldn't be the first time a compiler has produced a confusing warning :-) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63359 includes some previous gcc-vs-clang-dev discussion on the topic of the warning. It looks like the clang dev rationale is that having %0 always generate a 64-bit register access even when passed a 32-bit value is confusing (eg people expect "str %0, [addr]" : ... : "r" (var_32bits)" to do a 32 bit store, not a 64 bit store), so better to warn and nudge the code author into being explicit about the size they wanted. > Perhaps it ought to be telling me to use %x to force Xn in spite of the > type? You always get Xn anyway, regardless of the type. For us, I think the right thing to do is make 'ctr' be a uint64_t, because we're reading a 64 bit sysreg and silently truncating it as a side effect of the asm constraints is a bit obscure. thanks -- PMM
Re: [Qemu-devel] [PATCH v11 03/29] target: [tcg] Use a generic enum for DISAS_ values
On 06/28/2017 05:28 AM, Lluís Vilanova wrote: Used later. An enum makes expected values explicit and bounds the value space of switches. Signed-off-by: Lluís Vilanova --- include/exec/exec-all.h |6 -- include/exec/translator.h | 38 ++ target/arm/translate.h| 26 -- target/cris/translate.c |7 ++- target/i386/translate.c |4 target/lm32/translate.c |6 ++ target/m68k/translate.c |7 ++- target/microblaze/translate.c |6 ++ target/nios2/translate.c |6 ++ target/openrisc/translate.c |6 ++ target/s390x/translate.c |3 ++- target/unicore32/translate.c |7 ++- target/xtensa/translate.c |4 13 files changed, 106 insertions(+), 20 deletions(-) create mode 100644 include/exec/translator.h Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 04/29] target: [tcg] Add generic translation framework
On 06/29/2017 05:02 PM, Emilio G. Cota wrote: +void translate_block(const TranslatorOps *ops, DisasContextBase *db, + CPUState *cpu, TranslationBlock *tb); I'd rather avoid "block" here. Some alternatives: - tb_translate() - translate_tb() - translate() - translator_gen() - translator_loop() I like translator_loop. r~
Re: [Qemu-devel] [PATCH v11 04/29] target: [tcg] Add generic translation framework
On 06/28/2017 05:32 AM, Lluís Vilanova wrote: +void (*init_disas_context)(DisasContextBase *db, CPUState *cpu); +void (*init_globals)(DisasContextBase *db, CPUState *cpu); +void (*tb_start)(DisasContextBase *db, CPUState *cpu); +void (*insn_start)(DisasContextBase *db, CPUState *cpu); +BreakpointCheckType (*breakpoint_check)(DisasContextBase *db, CPUState *cpu, +const CPUBreakpoint *bp); +target_ulong (*translate_insn)(DisasContextBase *db, CPUState *cpu); +void (*tb_stop)(DisasContextBase *db, CPUState *cpu); +void (*disas_log)(const DisasContextBase *db, CPUState *cpu); Any reason not to stuff the cpu pointer into the DisasContextBase instead of passing it around separately? Otherwise, Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 05/29] target/i386: [tcg] Port to DisasContextBase
On 06/28/2017 05:36 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 142 +++ 1 file changed, 70 insertions(+), 72 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 06/29] target/i386: [tcg] Refactor init_disas_context
On 06/28/2017 05:40 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 43 --- 1 file changed, 24 insertions(+), 19 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 07/29] target/i386: [tcg] Refactor init_globals
On 06/28/2017 05:44 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 29 + 1 file changed, 17 insertions(+), 12 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 08/29] target/i386: [tcg] Refactor insn_start
On 06/28/2017 05:48 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 09/29] target/i386: [tcg] Refactor breakpoint_check
On 06/28/2017 05:52 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 59 ++- 1 file changed, 48 insertions(+), 11 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 10/29] target/i386: [tcg] Refactor translate_insn
On 06/28/2017 05:57 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 72 +++ 1 file changed, 48 insertions(+), 24 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 11/29] target/i386: [tcg] Refactor tb_stop
On 06/28/2017 06:01 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 26 ++ 1 file changed, 14 insertions(+), 12 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 12/29] target/i386: [tcg] Refactor disas_log
On 06/28/2017 06:05 AM, Lluís Vilanova wrote: +#ifdef TARGET_X86_64 +if (dc->code64) +disas_flags = 2; +else +#endif +disas_flags = !dc->code32; Even though this is code movement, missing braces. Otherwise, Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 13/29] target/i386: [tcg] Port to generic translation framework
On 06/28/2017 06:09 AM, Lluís Vilanova wrote: Signed-off-by: Lluís Vilanova --- target/i386/translate.c | 120 +++ 1 file changed, 18 insertions(+), 102 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 14/29] target/arm: [tcg] Port to DisasContextBase
On 06/28/2017 06:13 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 119 ++-- target/arm/translate.c | 114 +- target/arm/translate.h | 11 ++-- 3 files changed, 121 insertions(+), 123 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 15/29] target/arm: [tcg] Port to init_disas_context
On 06/28/2017 06:17 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate.c | 85 +++- 1 file changed, 47 insertions(+), 38 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 16/29] target/arm: [tcg, a64] Port to init_disas_context
On 06/28/2017 06:21 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 36 ++-- 1 file changed, 22 insertions(+), 14 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 17/29] target/arm: [tcg] Port to init_globals
On 06/28/2017 06:25 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate.c | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 18/29] target/arm: [tcg] Port to tb_start
On 06/28/2017 06:29 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate.c | 82 ++-- 1 file changed, 44 insertions(+), 38 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 19/29] target/arm: [tcg] Port to insn_start
On 06/28/2017 06:33 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate.c | 34 ++ 1 file changed, 22 insertions(+), 12 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 20/29] target/arm: [tcg, a64] Port to insn_start
On 06/28/2017 06:37 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 21/29] target/arm: [tcg] Port to breakpoint_check
On 06/28/2017 06:41 AM, Lluís Vilanova wrote:
-if (unlikely(dc->base.is_jmp > DISAS_NEXT)) {
-break;
-}
-
Surely this doesn't go away til the final conversion.
Otherwise,
Reviewed-by: Richard Henderson
r~
Re: [Qemu-devel] [PATCH v11 22/29] target/arm: [tcg, a64] Port to breakpoint_check
On 06/28/2017 06:45 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 58 +--- 1 file changed, 43 insertions(+), 15 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 23/29] target/arm: [tcg] Port to translate_insn
On 06/28/2017 06:49 AM, Lluís Vilanova wrote:
+/* We want to stop the TB if the next insn starts in a new page,
+ * or if it spans between this page and the next. This means that
+ * if we're looking at the last halfword in the page we need to
+ * see if it's a 16-bit Thumb insn (which will fit in this TB)
+ * or a 32-bit Thumb insn (which won't).
+ * This is to avoid generating a silly TB with a single 16-bit insn
+ * in it at the end of this page (which would execute correctly
+ * but isn't very efficient).
+ */
+return DISAS_PAGE_CROSS;
Any reason to introduce a new name as opposed to TOO_MANY? As far as I can
tell they're the same
+if (dc->ss_active && !dc->pstate_ss) {
+/* Singlestep state is Active-pending.
+ * If we're in this state at the start of a TB then either
+ * a) we just took an exception to an EL which is being debugged
+ * and this is the first insn in the exception handler
+ * b) debug exceptions were masked and we just unmasked them
+ * without changing EL (eg by clearing PSTATE.D)
+ * In either case we're going to take a swstep exception in the
+ * "did not step an insn" case, and so the syndrome ISV and EX
+ * bits should be zero.
+ */
+assert(dc->base.num_insns == 1);
+gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
+ default_exception_el(dc));
+dc->base.is_jmp = DISAS_SKIP;
This is surely DISAS_EXC -- see gen_step_complete_exception.
Why introduce a new name?
r~
Re: [Qemu-devel] [PATCH v11 24/29] target/arm: [tcg, a64] Port to translate_insn
On 06/28/2017 06:53 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 74 +++- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 9c870f6d07..586a01a2de 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -11244,6 +11244,9 @@ static void aarch64_trblock_init_disas_context(DisasContextBase *dcbase, dc->is_ldex = false; dc->ss_same_el = (arm_debug_target_el(env) == dc->current_el); +dc->next_page_start = +(dc->base.pc_first & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE; I think a better solution for a fixed-length ISA is to adjust max_insns. Perhaps the init_disas_context hook should be able to modify it? And, while I'm thinking of it -- why is the init_globals hook separate? There's nothing in between the two hook calls, and the more modern target front ends won't need it. r~
Re: [Qemu-devel] [PATCH v11 25/29] target/arm: [tcg] Port to tb_stop
On 06/28/2017 06:57 AM, Lluís Vilanova wrote:
-if (max_insns > TCG_MAX_INSNS) {
-max_insns = TCG_MAX_INSNS;
+if ((dc->base.tb->cflags & CF_LAST_IO) && dc->condjmp) {
+/* FIXME: This can theoretically happen with self-modifying code. */
+cpu_abort(cpu, "IO on conditional branch instruction");
}
...
-gen_io_end();
+if (dc->base.tb->cflags & CF_LAST_IO && dc->condjmp) {
+/* FIXME: This can theoretically happen with self-modifying code. */
+cpu_abort(cpu, "IO on conditional branch instruction");
Two copies of this code... sequentially, apparently?
r~
Re: [Qemu-devel] [PATCH v11 26/29] target/arm: [tcg, a64] Port to tb_stop
On 06/28/2017 07:01 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 123 +++- 1 file changed, 65 insertions(+), 58 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 27/29] target/arm: [tcg] Port to disas_log
On 06/28/2017 07:05 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 28/29] target/arm: [tcg, a64] Port to disas_log
On 06/28/2017 07:09 AM, Lluís Vilanova wrote: Incrementally paves the way towards using the generic instruction translation loop. Signed-off-by: Lluís Vilanova --- target/arm/translate-a64.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH v11 29/29] target/arm: [tcg] Port to generic translation framework
On 06/28/2017 07:13 AM, Lluís Vilanova wrote: @@ -11377,6 +11385,9 @@ static void aarch64_trblock_tb_stop(DisasContextBase *dcbase, CPUState *cpu) break; } } + +/* Functions above can change dc->pc, so re-align db->pc_next */ +dc->base.pc_next = dc->pc; } static void aarch64_trblock_disas_log(const DisasContextBase *dcbase, Surely this belonged in a previous patch. DisasContext dc1, *dc = &dc1; Drop the dc1 thing. +translate_block( +#ifdef TARGET_AARCH64 +ARM_TBFLAG_AARCH64_STATE(tb->flags) ? +&aarch64_translator_ops : #endif +&arm_translator_ops, It would be nicer to avoid the ifdef within the parameter list. Maybe pull the ops pointer computation to a separate statement. r~
Re: [Qemu-devel] [PATCH 1/7] vmgenid: replace x-write-pointer-available hack
Nice improvement!
> On Jun 29, 2017, at 9:23 AM, Marc-André Lureau
> wrote:
>
> This compat property sole function is to prevent the device from being
> instantiated. Instead of requiring an extra compat property, check if
> fw_cfg has DMA enabled.
>
> This has the additional benefit of handling other cases properly, like:
>
> $ qemu-system-x86_64 -device vmgenid -machine none
> qemu-system-x86_64: -device vmgenid: vmgenid requires DMA write support in
> fw_cfg, which this machine type does not provide
> $ qemu-system-x86_64 -device vmgenid -machine pc-i440fx-2.9 -global
> fw_cfg.dma_enabled=off
> qemu-system-x86_64: -device vmgenid: vmgenid requires DMA write support in
> fw_cfg, which this machine type does not provide
> $ qemu-system-x86_64 -device vmgenid -machine pc-i440fx-2.6 -global
> fw_cfg.dma_enabled=on
> [boots normally]
>
> Suggested-by: Eduardo Habkost
> Signed-off-by: Marc-André Lureau
Reviewed-by: Ben Warren mailto:m...@redhat.com>>
> ---
> include/hw/acpi/bios-linker-loader.h | 2 ++
> include/hw/compat.h | 4
> hw/acpi/bios-linker-loader.c | 6 ++
> hw/acpi/vmgenid.c| 9 +
> 4 files changed, 9 insertions(+), 12 deletions(-)
>
> diff --git a/include/hw/acpi/bios-linker-loader.h
> b/include/hw/acpi/bios-linker-loader.h
> index efe17b0b9c..a711dbced8 100644
> --- a/include/hw/acpi/bios-linker-loader.h
> +++ b/include/hw/acpi/bios-linker-loader.h
> @@ -7,6 +7,8 @@ typedef struct BIOSLinker {
> GArray *file_list;
> } BIOSLinker;
>
> +bool bios_linker_loader_can_write_pointer(void);
> +
> BIOSLinker *bios_linker_loader_init(void);
>
> void bios_linker_loader_alloc(BIOSLinker *linker,
> diff --git a/include/hw/compat.h b/include/hw/compat.h
> index 26cd5851a5..36f02179ac 100644
> --- a/include/hw/compat.h
> +++ b/include/hw/compat.h
> @@ -150,10 +150,6 @@
> .driver = "fw_cfg_io",\
> .property = "dma_enabled",\
> .value= "off",\
> -},{\
> -.driver = "vmgenid",\
> -.property = "x-write-pointer-available",\
> -.value= "off",\
> },
>
> #define HW_COMPAT_2_3 \
> diff --git a/hw/acpi/bios-linker-loader.c b/hw/acpi/bios-linker-loader.c
> index 046183a0f1..587d62cb93 100644
> --- a/hw/acpi/bios-linker-loader.c
> +++ b/hw/acpi/bios-linker-loader.c
> @@ -168,6 +168,12 @@ bios_linker_find_file(const BIOSLinker *linker, const
> char *name)
> return NULL;
> }
>
> +bool bios_linker_loader_can_write_pointer(void)
> +{
> +FWCfgState *fw_cfg = fw_cfg_find();
> +return fw_cfg && fw_cfg_dma_enabled(fw_cfg);
> +}
> +
> /*
> * bios_linker_loader_alloc: ask guest to load file into guest memory.
> *
> diff --git a/hw/acpi/vmgenid.c b/hw/acpi/vmgenid.c
> index a32b847fe0..ab5da293fd 100644
> --- a/hw/acpi/vmgenid.c
> +++ b/hw/acpi/vmgenid.c
> @@ -205,17 +205,11 @@ static void vmgenid_handle_reset(void *opaque)
> memset(vms->vmgenid_addr_le, 0, ARRAY_SIZE(vms->vmgenid_addr_le));
> }
>
> -static Property vmgenid_properties[] = {
> -DEFINE_PROP_BOOL("x-write-pointer-available", VmGenIdState,
> - write_pointer_available, true),
> -DEFINE_PROP_END_OF_LIST(),
> -};
> -
> static void vmgenid_realize(DeviceState *dev, Error **errp)
> {
> VmGenIdState *vms = VMGENID(dev);
>
> -if (!vms->write_pointer_available) {
> +if (!bios_linker_loader_can_write_pointer()) {
> error_setg(errp, "%s requires DMA write support in fw_cfg, "
>"which this machine type does not provide",
> VMGENID_DEVICE);
> return;
> @@ -239,7 +233,6 @@ static void vmgenid_device_class_init(ObjectClass *klass,
> void *data)
> dc->vmsd = &vmstate_vmgenid;
> dc->realize = vmgenid_realize;
> dc->hotpluggable = false;
> -dc->props = vmgenid_properties;
>
> object_class_property_add_str(klass, VMGENID_GUID, NULL,
> vmgenid_set_guid, NULL);
> --
> 2.13.1.395.gf7b71de06
>
[Qemu-devel] [PATCH v2] tests: Add unit tests for the VM Generation ID feature
From: Ben Warren
The following tests are implemented:
* test that a GUID passed in by command line is propagated to the guest.
Read the GUID from guest memory
* test that the "auto" argument to the GUID generates a valid GUID, as
seen by the guest.
* test that a GUID passed in can be queried from the monitor
This patch is loosely based on a previous patch from:
Gal Hammer and Igor Mammedov
Signed-off-by: Ben Warren
Reviewed-by: Igor Mammedov
Reviewed-by: Marc-André Lureau
---
v1->v2: free g_alloc'd tables
tests/Makefile.include | 2 +
tests/vmgenid-test.c | 203 +
2 files changed, 205 insertions(+)
create mode 100644 tests/vmgenid-test.c
diff --git a/tests/Makefile.include b/tests/Makefile.include
index ae889ca..18cd06a 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -250,6 +250,7 @@ check-qtest-i386-y += tests/usb-hcd-xhci-test$(EXESUF)
gcov-files-i386-y += hw/usb/hcd-xhci.c
check-qtest-i386-y += tests/pc-cpu-test$(EXESUF)
check-qtest-i386-y += tests/q35-test$(EXESUF)
+check-qtest-i386-y += tests/vmgenid-test$(EXESUF)
gcov-files-i386-y += hw/pci-host/q35.c
check-qtest-i386-$(CONFIG_VHOST_NET_TEST_i386) +=
tests/vhost-user-test$(EXESUF)
ifeq ($(CONFIG_VHOST_NET_TEST_i386),)
@@ -760,6 +761,7 @@ tests/test-uuid$(EXESUF): tests/test-uuid.o
$(test-util-obj-y)
tests/test-arm-mptimer$(EXESUF): tests/test-arm-mptimer.o
tests/test-qapi-util$(EXESUF): tests/test-qapi-util.o $(test-util-obj-y)
tests/numa-test$(EXESUF): tests/numa-test.o
+tests/vmgenid-test$(EXESUF): tests/vmgenid-test.o tests/acpi-utils.o
tests/migration/stress$(EXESUF): tests/migration/stress.o
$(call quiet-command, $(LINKPROG) -static -O3 $(PTHREAD_LIB) -o $@ $<
,"LINK","$(TARGET_DIR)$@")
diff --git a/tests/vmgenid-test.c b/tests/vmgenid-test.c
new file mode 100644
index 000..e7ba38c
--- /dev/null
+++ b/tests/vmgenid-test.c
@@ -0,0 +1,203 @@
+/*
+ * QTest testcase for VM Generation ID
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ * Copyright (c) 2017 Skyport Systems
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include
+#include
+#include
+#include "qemu/osdep.h"
+#include "qemu/bitmap.h"
+#include "qemu/uuid.h"
+#include "hw/acpi/acpi-defs.h"
+#include "acpi-utils.h"
+#include "libqtest.h"
+
+#define VGID_GUID "324e6eaf-d1d1-4bf6-bf41-b9bb6c91fb87"
+#define VMGENID_GUID_OFFSET 40 /* allow space for
+ * OVMF SDT Header Probe Supressor
+ */
+#define RSDP_ADDR_INVALID 0x10 /* RSDP must be below this address */
+#define RSDP_SLEEP_US 10 /* Sleep for 100ms between tries */
+#define RSDP_TRIES_MAX100 /* Max total time is 10 seconds */
+
+typedef struct {
+AcpiTableHeader header;
+gchar name_op;
+gchar vgia[4];
+gchar val_op;
+uint32_t vgia_val;
+} QEMU_PACKED VgidTable;
+
+static uint32_t acpi_find_vgia(void)
+{
+uint32_t rsdp_offset;
+uint32_t guid_offset = 0;
+AcpiRsdpDescriptor rsdp_table;
+uint32_t rsdt;
+AcpiRsdtDescriptorRev1 rsdt_table;
+int tables_nr;
+uint32_t *tables;
+AcpiTableHeader ssdt_table;
+VgidTable vgid_table;
+int i;
+
+/* Tables may take a short time to be set up by the guest */
+for (i = 0; i < RSDP_TRIES_MAX; i++) {
+rsdp_offset = acpi_find_rsdp_address();
+if (rsdp_offset < RSDP_ADDR_INVALID) {
+break;
+}
+g_usleep(RSDP_SLEEP_US);
+}
+g_assert_cmphex(rsdp_offset, <, RSDP_ADDR_INVALID);
+
+acpi_parse_rsdp_table(rsdp_offset, &rsdp_table);
+
+rsdt = rsdp_table.rsdt_physical_address;
+/* read the header */
+ACPI_READ_TABLE_HEADER(&rsdt_table, rsdt);
+ACPI_ASSERT_CMP(rsdt_table.signature, "RSDT");
+
+/* compute the table entries in rsdt */
+tables_nr = (rsdt_table.length - sizeof(AcpiRsdtDescriptorRev1)) /
+sizeof(uint32_t);
+g_assert_cmpint(tables_nr, >, 0);
+
+/* get the addresses of the tables pointed by rsdt */
+tables = g_new0(uint32_t, tables_nr);
+ACPI_READ_ARRAY_PTR(tables, tables_nr, rsdt);
+
+for (i = 0; i < tables_nr; i++) {
+ACPI_READ_TABLE_HEADER(&ssdt_table, tables[i]);
+if (!strncmp((char *)ssdt_table.oem_table_id, "VMGENID", 7)) {
+/* the first entry in the table should be VGIA
+ * That's all we need
+ */
+ACPI_READ_FIELD(vgid_table.name_op, tables[i]);
+g_assert(vgid_table.name_op == 0x08); /* name */
+ACPI_READ_ARRAY(vgid_table.vgia, tables[i]);
+g_assert(memcmp(vgid_table.vgia, "VGIA", 4) == 0);
+ACPI_READ_FIELD(vgid_table.val_op, tables[i]);
+g_assert(vgid_table.val_op == 0x0C); /* dword */
+ACPI_READ_FIELD(vgid_table.vgia_val, tables[i]);
+/* The GUID is written at a fixed offset
Re: [Qemu-devel] [PATCH 23/31] ppc: use DIV_ROUND_UP
On Thu, Jun 22, 2017 at 02:41:56PM +0200, Marc-André Lureau wrote:
> I used the clang-tidy qemu-round check to generate the fix:
> https://github.com/elmarco/clang-tools-extra
>
> Signed-off-by: Marc-André Lureau
Acked-by: David Gibson
> ---
> target/ppc/mem_helper.c | 2 +-
> target/ppc/translate.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
> index e6383c6bfa..a34e604db3 100644
> --- a/target/ppc/mem_helper.c
> +++ b/target/ppc/mem_helper.c
> @@ -111,7 +111,7 @@ void helper_lswx(CPUPPCState *env, target_ulong addr,
> uint32_t reg,
> uint32_t ra, uint32_t rb)
> {
> if (likely(xer_bc != 0)) {
> -int num_used_regs = (xer_bc + 3) / 4;
> +int num_used_regs = DIV_ROUND_UP(xer_bc, 4);
> if (unlikely((ra != 0 && lsw_reg_in_range(reg, num_used_regs, ra)) ||
> lsw_reg_in_range(reg, num_used_regs, rb))) {
> raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM,
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index c0cd64d927..76f9ccde25 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -2882,7 +2882,7 @@ static void gen_lswi(DisasContext *ctx)
> }
> if (nb == 0)
> nb = 32;
> -nr = (nb + 3) / 4;
> +nr = DIV_ROUND_UP(nb, 4);
> if (unlikely(lsw_reg_in_range(start, nr, ra))) {
> gen_inval_exception(ctx, POWERPC_EXCP_INVAL_LSWX);
> return;
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
Re: [Qemu-devel] [PATCH v4 2/4] sockets: factor out create_fast_reuse_socket
On Mon, 2017-06-26 at 11:28 +0100, Daniel P. Berrange wrote:
> On Fri, Jun 23, 2017 at 12:31:06PM +0200, Knut Omang wrote:
> >
> > First refactoring step to prepare for fixing the problem
> > exposed with the test-listen test in the previous commit
> >
> > Signed-off-by: Knut Omang
> > ---
> > util/qemu-sockets.c | 24 +---
> > 1 file changed, 17 insertions(+), 7 deletions(-)
> >
> > diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> > index 852773d..699e36c 100644
> > --- a/util/qemu-sockets.c
> > +++ b/util/qemu-sockets.c
> > @@ -149,6 +149,20 @@ int inet_ai_family_from_address(InetSocketAddress
> > *addr,
> > return PF_UNSPEC;
> > }
> >
> > +static int create_fast_reuse_socket(struct addrinfo *e, Error **errp)
> > +{
> > +int slisten = qemu_socket(e->ai_family, e->ai_socktype, e-
> > >ai_protocol);
> > +if (slisten < 0) {
> > +if (!e->ai_next) {
> > +error_setg_errno(errp, errno, "Failed to create socket");
> > +}
>
> I think that having this method sometimes report an error message, and
> sometimes not report an error message, depending on state of a variable
> used by the caller is rather unpleasant. I'd much rather see this
> error message reporting remain in the caller.
>
> >
> > +return -1;
> > +}
> > +
> > +socket_set_fast_reuse(slisten);
> > +return slisten;
> > +}
> > +
> > static int inet_listen_saddr(InetSocketAddress *saddr,
> > int port_offset,
> > bool update_addr,
> > @@ -210,21 +224,17 @@ static int inet_listen_saddr(InetSocketAddress *saddr,
> > return -1;
> > }
> >
> > -/* create socket + bind */
> > +/* create socket + bind/listen */
> > for (e = res; e != NULL; e = e->ai_next) {
> > getnameinfo((struct sockaddr*)e->ai_addr,e->ai_addrlen,
> > uaddr,INET6_ADDRSTRLEN,uport,32,
> > NI_NUMERICHOST | NI_NUMERICSERV);
> > -slisten = qemu_socket(e->ai_family, e->ai_socktype, e-
> > >ai_protocol);
> > +
> > +slisten = create_fast_reuse_socket(e, &err);
> > if (slisten < 0) {
> > -if (!e->ai_next) {
> > -error_setg_errno(errp, errno, "Failed to create socket");
> > -}
> > continue;
>
> It isn't shown in this diff context, but at the end of the outer
> loop we have
>
> error_setg_errno(errp, errno, "Failed to find available port");
>
> so IIUC, even this pre-existing code is wrong. If 'e->ai_next' is
> NULL, we report an error message here. Then, we continue to the
> next loop iteration, which causes use to terminate the loop
> entirely. At which point we'll report another error message
> over the top of the one we already have. So I think the error
> reporting does still need refactoring, but not in the way it
> is done here.
Yes, I did scratch my head about this but I tried to keep the original semantics
to avoid mixing unrelated changes.
With the split into separate refactoring commits we are beyond that anyway.
I'll have a second look at it..
Thanks,
Knut
>
> >
> > }
> >
> > -socket_set_fast_reuse(slisten);
> > -
> > port_min = inet_getport(e);
> > port_max = saddr->has_to ? saddr->to + port_offset : port_min;
> > for (p = port_min; p <= port_max; p++) {
>
> Regards,
> Daniel
Re: [Qemu-devel] [PATCH] target-ppc: SPR_BOOKE_ESR not set on FP exceptions
On Wed, Jun 21, 2017 at 05:03:08PM -0700, Aaron Larson wrote:
> Properly set the book E exception syndrome register when a floating
> point exception occurs.
>
> Currently on a book E processor, the POWERPC_EXCP_FP exception handler
> fails to set "env->spr[SPR_BOOKE_ESR] = ESR_FP;" as required by the
> book E specification.
>
> Signed-off-by: Aaron Larson
Applied to ppc-for-2.10.
> ---
> target/ppc/excp_helper.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index 9cb2123..7a82bdd 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -282,6 +282,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int
> excp_model, int excp)
> * precise in the MSR.
> */
> msr |= 0x0010;
> +env->spr[SPR_BOOKE_ESR] = ESR_FP;
> break;
> case POWERPC_EXCP_INVAL:
> LOG_EXCP("Invalid instruction at " TARGET_FMT_lx "\n", env->nip);
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
