[Qemu-devel] Fwd: Installing QEMU-KVM from Source

[Tushar Bhardwaj]

Respected Sir,

I readied yours articles which is highly informative. I have installed
Qemu-KVM using virt-manager, and there is no folder to track migration.c
code. Please tell me how to install QEMU-KVM using source code so that I
can do the required changes in migration code.

-- 

"Purity and Simplicity Reflects the Inner Beauty of soul"




*Thank you With Regards:Tushar Sharma,*


*IIT Kharagpur*





-- 

"Purity and Simplicity Reflects the Inner Beauty of soul"




*Thank you With Regards:Tushar Sharma,*


*IIT Kharagpur*

Re: [Qemu-devel] [PATCH] hw/ppc/spapr: Fix segfault when instantiating a 'pc-dimm' without 'memdev'

[Thomas Huth]

On 18.08.2017 03:25, David Gibson wrote:
> On Thu, Aug 17, 2017 at 08:33:10PM +0200, Thomas Huth wrote:
>> QEMU currently crashes when trying to use a 'pc-dimm' on the pseries
>> machine without specifying its 'memdev' property. Let's add a sanity
>> check to the pre_plug handler to fix this issue.
>>
>> Signed-off-by: Thomas Huth 
> 
> Thanks for all these patches fixing little bugs in 2.10.

... or 2.11 ;-) ... not sure if there will be another RC next week or
the final 2.10 release?

Anyway, the fixes are required for a new qtest that I'm working on
(calling device_add + device_del for all available devices), that's why
I'm coming up with all these patches now. There is another crash with
one of the ppc64 devices, where I don't know how to fix it yet - so if
somebody got a clue, help is appreciated:

$ qemu-system-ppc64 -nographic -S -nodefaults -monitor stdio -M pseries
QEMU 2.9.92 monitor - type 'help' for more information
(qemu) device_add macio-oldworld,id=x
(qemu) device_del x
(qemu) **
ERROR:qemu/qom/object.c:1611:object_get_canonical_path_component:
 assertion failed: (obj->parent != NULL)
Aborted (core dumped)

>> ---
>>  hw/ppc/spapr.c | 11 +--
>>  1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>> index f7a1972..22d400a 100644
>> --- a/hw/ppc/spapr.c
>> +++ b/hw/ppc/spapr.c
>> @@ -2808,10 +2808,17 @@ static void spapr_memory_pre_plug(HotplugHandler 
>> *hotplug_dev, DeviceState *dev,
>>  {
>>  PCDIMMDevice *dimm = PC_DIMM(dev);
>>  PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
>> -MemoryRegion *mr = ddc->get_memory_region(dimm);
>> -uint64_t size = memory_region_size(mr);
>> +MemoryRegion *mr;
>> +uint64_t size;
>>  char *mem_dev;
>>  
>> +if (!dimm->hostmem) {
> 
> Isn't checking dimm->hostmem directly here an abstraction violation?
> Could we just check for a NULL return from get_memory_region instead?

The crash happens within get_memory_region: pc_dimm_get_memory_region()
calls host_memory_backend_get_memory(), which calls
host_memory_backend_mr_inited() - and that function dereferences the
NULL pointer.

I could add an additional check to one of the called functions and
return NULL in case the pointer is already NULL ... do you prefer that?
Let me know, then I'll send a v2...

> 
>> +error_setg(errp, "'" PC_DIMM_MEMDEV_PROP "' property must be set");
>> +return;
>> +}
>> +
>> +mr = ddc->get_memory_region(dimm);
>> +size = memory_region_size(mr);
>>  if (size % SPAPR_MEMORY_BLOCK_SIZE) {
>>  error_setg(errp, "Hotplugged memory size must be a multiple of "
>>"%lld MB", SPAPR_MEMORY_BLOCK_SIZE / M_BYTE);
> 

 Thomas



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] Fwd: Installing QEMU-KVM from Source

[Fam Zheng]

On Fri, 08/18 12:38, Tushar Bhardwaj wrote:
> Respected Sir,
> 
> I readied yours articles which is highly informative. I have installed
> Qemu-KVM using virt-manager, and there is no folder to track migration.c
> code. Please tell me how to install QEMU-KVM using source code so that I
> can do the required changes in migration code.

If you want guidance to develop QEMU:

https://wiki.qemu.org/Documentation/GettingStartedDevelopers

Quick pointer: https://www.qemu.org/download/#source

> To download and build QEMU from git:
> 
> git clone git://git.qemu-project.org/qemu.git
> cd qemu
> git submodule init
> git submodule update --recursive
> ./configure
> make

Fam

Re: [Qemu-devel] [PATCH v14 3/5] virtio-balloon: VIRTIO_BALLOON_F_SG

[Wei Wang]

On 08/18/2017 10:22 AM, Michael S. Tsirkin wrote:

+static void send_balloon_page_sg(struct virtio_balloon *vb,
+struct virtqueue *vq,
+void *addr,
+uint32_t size)
+{
+   unsigned int len;
+   int ret;
+
+   do {
+   ret = add_one_sg(vq, addr, size);
+   virtqueue_kick(vq);
+   wait_event(vb->acked, virtqueue_get_buf(vq, &len));
+   /*
+* It is uncommon to see the vq is full, because the sg is sent
+* one by one and the device is able to handle it in time. But
+* if that happens, we go back to retry after an entry gets
+* released.
+*/
Why send one by one though? Why not batch some s/gs and wait for all
of them to be completed? If memory if fragmented, waiting every time is
worse than what we have now (VIRTIO_BALLOON_ARRAY_PFNS_MAX at a time).



OK, I'll do batching in some fashion.


Best,
Wei

Re: [Qemu-devel] [PATCH 2/6] tests: Add network filter tests to the check-qtest-s390x list

[Cornelia Huck]

On Thu, 17 Aug 2017 16:02:00 +0200
Thomas Huth  wrote:

> On 17.08.2017 10:41, Cornelia Huck wrote:
> > On Thu, 17 Aug 2017 08:25:09 +0200
> > Thomas Huth  wrote:
> >   
> >> With some small modifications, we can also use the the netfilter,
> >> the fiter-mirror and the filter-redirector tests on s390x.  
> > 
> > s/fiter/filter/  
> 
> OK ... could you please fix that when picking up the patch (in case I do
> not have to resend)?

Sure.

> 
> >>
> >> Signed-off-by: Thomas Huth 
> >> ---
> >>  tests/Makefile.include |  3 +++
> >>  tests/test-filter-mirror.c |  9 +++--
> >>  tests/test-filter-redirector.c | 22 --
> >>  tests/test-netfilter.c | 11 ++-
> >>  4 files changed, 36 insertions(+), 9 deletions(-)
> >>  
> >   
> >> diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c
> >> index a1d5865..d569d27 100644
> >> --- a/tests/test-filter-mirror.c
> >> +++ b/tests/test-filter-mirror.c
> >> @@ -25,6 +25,11 @@ static void test_mirror(void)
> >>  char *recv_buf;
> >>  uint32_t size = sizeof(send_buf);
> >>  size = htonl(size);
> >> +const char *devstr = "e1000";
> >> +
> >> +if (g_str_equal(qtest_get_arch(), "s390x")) {
> >> +devstr = "virtio-net-ccw";
> >> +}  
> > 
> > I'm wondering if we could unify selection of the network device
> > somehow. There's probably two cases:
> > - Test a specific device. This obviously needs to be decided
> >   individually.
> > - Just use a functional network device. For s390x, this will be
> >   virtio-net-ccw; for other architectures, this test uses e1000, while
> >   one of the tests below uses rtl8139 (why?). A helper for that may be
> >   useful.  
> 
> Maybe ... OTOH, this likely increases also test coverage if we do not
> use the same PCI NIC in all the tests...?

It just looks like a bit of unneeded churn to me.

Re coverage: Do we have a very simple test that we can run for all kind
of NICs? This would give some reliable testing for various devices
instead of having to rely on people picking different devices for their
tests...

Re: [Qemu-devel] [PATCH v14 5/5] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_VQ

[Wei Wang]

On 08/18/2017 10:28 AM, Michael S. Tsirkin wrote:

On Thu, Aug 17, 2017 at 11:26:56AM +0800, Wei Wang wrote:

Add a new vq to report hints of guest free pages to the host.

Signed-off-by: Wei Wang 
Signed-off-by: Liang Li 
---
  drivers/virtio/virtio_balloon.c | 167 +++-
  include/uapi/linux/virtio_balloon.h |   1 +
  2 files changed, 147 insertions(+), 21 deletions(-)

diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index 72041b4..e6755bc 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -54,11 +54,12 @@ static struct vfsmount *balloon_mnt;
  
  struct virtio_balloon {

struct virtio_device *vdev;
-   struct virtqueue *inflate_vq, *deflate_vq, *stats_vq;
+   struct virtqueue *inflate_vq, *deflate_vq, *stats_vq, *free_page_vq;
  
  	/* The balloon servicing is delegated to a freezable workqueue. */

struct work_struct update_balloon_stats_work;
struct work_struct update_balloon_size_work;
+   struct work_struct report_free_page_work;
  
  	/* Prevent updating balloon when it is being canceled. */

spinlock_t stop_update_lock;
@@ -90,6 +91,13 @@ struct virtio_balloon {
/* Memory statistics */
struct virtio_balloon_stat stats[VIRTIO_BALLOON_S_NR];
  
+	/*

+* Used by the device and driver to signal each other.
+* device->driver: start the free page report.
+* driver->device: end the free page report.
+*/
+   __virtio32 report_free_page_signal;
+
/* To register callback in oom notifier call chain */
struct notifier_block nb;
  };
@@ -174,6 +182,17 @@ static void send_balloon_page_sg(struct virtio_balloon *vb,
} while (unlikely(ret == -ENOSPC));
  }
  
+static void send_free_page_sg(struct virtqueue *vq, void *addr, uint32_t size)

+{
+   unsigned int len;
+
+   add_one_sg(vq, addr, size);
+   virtqueue_kick(vq);
+   /* Release entries if there are */
+   while (virtqueue_get_buf(vq, &len))
+   ;
+}
+
  /*
   * Send balloon pages in sgs to host. The balloon pages are recorded in the
   * page xbitmap. Each bit in the bitmap corresponds to a page of PAGE_SIZE.
@@ -511,42 +530,143 @@ static void update_balloon_size_func(struct work_struct 
*work)
queue_work(system_freezable_wq, work);
  }
  
+static void virtio_balloon_send_free_pages(void *opaque, unsigned long pfn,

+  unsigned long nr_pages)
+{
+   struct virtio_balloon *vb = (struct virtio_balloon *)opaque;
+   void *addr = (void *)pfn_to_kaddr(pfn);
+   uint32_t len = nr_pages << PAGE_SHIFT;
+
+   send_free_page_sg(vb->free_page_vq, addr, len);
+}
+
+static void report_free_page_completion(struct virtio_balloon *vb)
+{
+   struct virtqueue *vq = vb->free_page_vq;
+   struct scatterlist sg;
+   unsigned int len;
+   int ret;
+
+   sg_init_one(&sg, &vb->report_free_page_signal, sizeof(__virtio32));
+retry:
+   ret = virtqueue_add_outbuf(vq, &sg, 1, vb, GFP_KERNEL);
+   virtqueue_kick(vq);
+   if (unlikely(ret == -ENOSPC)) {
+   wait_event(vb->acked, virtqueue_get_buf(vq, &len));
+   goto retry;
+   }
+}

So the annoying thing here is that once this starts going,
it will keep sending free pages from the list even if
host is no longer interested. There should be a way
for host to tell guest "stop" or "start from the beginning".


This can be achieved via two output signal buf here:
signal_buf_start: filled with VIRTIO_BALLOON_F_FREE_PAGE_REPORT_START
signal_buf_end: filled with VIRTIO_BALLOON_F_FREE_PAGE_REPORT_END

The device holds both, and can put one of them to the vq and notify.





It's the result of using same vq for guest to host and
host to guest communication, and I think it's not a great idea.
I'd reuse stats vq for host to guest requests maybe.




As we discussed before, we can't have a vq interleave the report of 
stats and free pages.
The vq will be locked when one command is in use. So, when live 
migration starts, the
periodically reported stats will be delayed. Would this be OK? Or would 
you like to have

one host to guest vq, and multiple host to guest vqs? That is,

- host to guest:
CMD_VQ

- guest to host:
STATS_REPORT_VQ
FREE_PAGE_VQ


Best,
Wei

Re: [Qemu-devel] [PATCH v14 5/5] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_VQ

[Wei Wang]

On 08/18/2017 10:13 AM, Michael S. Tsirkin wrote:

On Thu, Aug 17, 2017 at 11:26:56AM +0800, Wei Wang wrote:

Add a new vq to report hints of guest free pages to the host.

Please add some text here explaining the report_free_page_signal
thing.


I also really think we need some kind of ID in the
buffer to do a handshake. whenever id changes you
add another outbuf.


Please let me introduce the current design first:
1) device put the signal buf to the vq and notify the driver (we need
a buffer because currently the device can't notify when the vq is empty);

2) the driver starts the report of free page blocks via inbuf;

3) the driver adds an the signal buf via outbuf to tell the device all 
are reported.



Could you please elaborate more on the usage of ID?


+retry:
+   ret = virtqueue_add_outbuf(vq, &sg, 1, vb, GFP_KERNEL);
+   virtqueue_kick(vq);
+   if (unlikely(ret == -ENOSPC)) {

what if there's another error?


Another error is -EIO, how about disabling the free page report feature?
(I also saw it isn't handled in many other virtio devices e.g. virtio-net)


+   wait_event(vb->acked, virtqueue_get_buf(vq, &len));
+   goto retry;
+   }

what is this trickery doing? needs more comments or
a simplification.


Just this:
if the vq is full, blocking wait till an entry gets released, then 
retry. This is the
final one, which puts the signal buf to the vq to signify the end of the 
report and

the mm lock is not held here, so it is fine to block.






+}
+
+static void report_free_page(struct work_struct *work)
+{
+   struct virtio_balloon *vb;
+
+   vb = container_of(work, struct virtio_balloon, report_free_page_work);
+   walk_free_mem_block(vb, 0, &virtio_balloon_send_free_pages);

That's a lot of work here. And system_wq documentation says:
  *
  * system_wq is the one used by schedule[_delayed]_work[_on]().
  * Multi-CPU multi-threaded.  There are users which expect relatively
  * short queue flush time.  Don't queue works which can run for too
  * long.

You might want to create your own wq, maybe even with WQ_CPU_INTENSIVE.


Thanks for the reminder. If not creating a new wq, how about 
system_unbound_wq?
The first round of live migration needs the free pages, in that way we 
can have the

pages reported to the hypervisor quicker.




+   report_free_page_completion(vb);

So first you get list of pages, then an outbuf telling you
what they are in end of.  I think it's backwards.
Add an outbuf first followed by inbufs that tell you
what they are.



If we have the signal filled with those flags like
VIRTIO_BALLOON_F_FREE_PAGE_REPORT_START,
Probably not necessary to have an inbuf followed by an outbuf, right?


Best,
Wei

Re: [Qemu-devel] [Bug 1706296] Re: Booting NT 4 disk causes /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion failed: (!qemu_mutex_iothread_locked())

[Alex Bennée]

John Arbuckle  writes:

> Using '-cpu 486' gets past the assertion error. I guess Windows NT 4.0
> is not compatible with newer Intel processors.

It might be related. The assertion error is caused by the fact an
exception has occurred and processor is trying to dump a stack frame that
overlaps from RAM into device memory. As the IRQ/exception handling is
already under the BQL (as it changes machine state) we get the assertion
when it tries to take the BQL a second time when accessing device
memory.

We can drop the lock in the stack frame writing code but I don't know
what effect that would have as the guest still might crash having tried
to write a stack frame to device memory

>
> Currently I can install Windows NT 4.0, but booting from the
> installation has its problems. It won't boot unless you use the NTFS
> file system. Even with this file system I still see a BSOD that states
> INACCESSIBLE_BOOT_DEVICE. Not sure what is wrong. Switching to a SCSI
> controller didn't help.


--
Alex Bennée

Re: [Qemu-devel] RFH: difference in read-only mapped bios.bin - memory corruption?

[Philipp Hahn]

Hello,

Am 15.08.2017 um 13:25 schrieb Laszlo Ersek:
> On 08/14/17 20:39, Dr. David Alan Gilbert wrote:
>> * Philipp Hahn (h...@univention.de) wrote:
>>> I'm currently investigating a problem, were a Linux VM does not reboot
>>> and gets stuck in the SeaBIOS reboot code:
>>>
>>> I'm using SeaBIOS-1.7 from Debian with a more modern qemu-2.8
...>>> If I dump both regions and compare them, I get a difference:
...>> You might want seabios commit c68aff5 and b837e6 that got fixed after
>> I tracked down some reboot hangs - although they were rare, not every
>> time.  c68aff5 did certainly cause a corruption, and the address of that
>> corruption was determined at link time and could overlay random useful
>> bits of code if you were unlucky.

Thanks you for the commit IDs - to me this looks like they fixed the
problem. Testing with seabios-1.10 does not show any reboot problem so far.

>>> 1. How can it be, that the low-mem ROM mapping is modified?
>>
>> I can't remember all the details, but PC ROM is shadowed and mapped over
>> with RAM at various times,
> 
> Right. I don't remember for sure, but I believe the state of the PAM
> registers doesn't only affect what the VCPUs see in that address range,
> but also what your monitor commands will dump. (This would be the
> logical choice -- make the monitor output what the VCPUs see anyway, at
> the moment, dependent on the PAM settings.)

That makes sense.
Do you know by change what change in Qemu triggered that bug, as I've
never seen any reboot problem with qemu-1.1.2, but only since switching
to qemu-2.8?

Thanks again for your excellent help.

Philipp

Re: [Qemu-devel] Help with Windows NT 4.0

[Artyom Tarasenko]

On Fri, Aug 18, 2017 at 6:31 AM, Programmingkid
 wrote:
>
>> On Aug 15, 2017, at 6:27 PM, Paolo Bonzini  wrote:
>>
>> On 15/08/2017 20:46, Programmingkid wrote:
>>>
 On Aug 14, 2017, at 2:51 AM, Paolo Bonzini  wrote:

 On 13/08/2017 21:13, Programmingkid wrote:
> Lately I found out that Windows NT 4.0 seems to work well with the
> 486 and pentium processors. Using "-cpu 486" made installing it
> actually work. Now I am seeing another issue. When I boot Windows NT
> 4.0 I see this error message:
>
> *** STOP: 0x007B (0x807A8610,0x,0x,0x)
> INACESSIBLE_BOOT_DEVICE
>
> Would anyone know a way to solve this issue?

 Hervé is probably the best person to answer this question.  Maybe try
 installing it with SCSI disks ("-drive if=scsi,id=hd,file=... -drive
 if=scsi,id=cd,file=... -device lsi -device scsi-hd,drive=hd -device
 scsi-cd,drive=cd").

 Thanks,

 Paolo
>>>
>>> Thanks for the help. Unfortunately trying to boot from the install CD leads 
>>> to the INACCESSIBLE_BOOT_DEVICE error when using SCSI.
>>
>> Try with 0.12.
>>
>> Paolo
>
> I finally figured out why I was seeing the INACESSIBLE_BOOT_DEVICE error. It 
> was because of the qcow2 image format. As soon as I switched to the qcow 
> format, the error disappeared.

That's weird. The image format is not guest visible. Probably you are
hitting some sort of timing issue.


-- 
Regards,
Artyom Tarasenko

SPARC and PPC PReP under qemu blog: http://tyom.blogspot.com/search/label/qemu

Re: [Qemu-devel] [PATCH 2/6] tests: Add network filter tests to the check-qtest-s390x list

[Thomas Huth]

On 18.08.2017 09:54, Cornelia Huck wrote:
> On Thu, 17 Aug 2017 16:02:00 +0200
> Thomas Huth  wrote:
> 
>> On 17.08.2017 10:41, Cornelia Huck wrote:
[...]
>>> I'm wondering if we could unify selection of the network device
>>> somehow. There's probably two cases:
>>> - Test a specific device. This obviously needs to be decided
>>>   individually.
>>> - Just use a functional network device. For s390x, this will be
>>>   virtio-net-ccw; for other architectures, this test uses e1000, while
>>>   one of the tests below uses rtl8139 (why?). A helper for that may be
>>>   useful.  
>>
>> Maybe ... OTOH, this likely increases also test coverage if we do not
>> use the same PCI NIC in all the tests...?
> 
> It just looks like a bit of unneeded churn to me.
> 
> Re coverage: Do we have a very simple test that we can run for all kind
> of NICs? This would give some reliable testing for various devices
> instead of having to rely on people picking different devices for their
> tests...

I think there is only the pxe-tester that comes close to a generic NIC
tester. But there are two issues:
1) You need a firmware that has a driver for the NIC
2) It's not a very fast test, so adding lots of NICs there might slow
   down "make check" quite a bit.

(There are also some dedicated NIC tests available already, e.g.
tests/rtl8139-test.c tests at least some aspects of that NIC.)

Hmm, maybe we could also use a function that returns a different NIC for
the i386 and x86_64 architectures, something like:

char *get_preferred_nic_name(void)
{
const char *arch = qtest_get_arch();

if (g_str_equal(arch, "i386")) {
return "rtl8139";
} else if (g_str_equal(arch, "s390x")) {
return "virtio-net-ccw";
} else if (g_str_equal(arch, "ppc64")) {
return "spapr-vlan";
} else {
return "e1000";
}
}

That way, we'd also get test coverage for both, e1000 and rtl8139... ?

 Thomas

Re: [Qemu-devel] [PATCH v5 5/6] block: add throttle block filter driver

[Alberto Garcia]

On Fri 18 Aug 2017 05:10:18 AM CEST, Manos Pitsidianakis wrote:
> block/throttle.c uses existing I/O throttle infrastructure inside a
> block filter driver. I/O operations are intercepted in the filter's
> read/write coroutines, and referred to block/throttle-groups.c
>
> The driver can be used with the syntax
> -drive driver=throttle,file.filename=foo.qcow2, \
> limits.iops-total=...,throttle-group=bar

I had understood that we would get rid of the limits.* options in this
driver, or did I get it wrong?

Other than that, the rest of the code looks perfect to me.

Berto

Re: [Qemu-devel] RFH: difference in read-only mapped bios.bin - memory corruption?

[Dr. David Alan Gilbert]

* Philipp Hahn (h...@univention.de) wrote:
> Hello,
> 
> Am 15.08.2017 um 13:25 schrieb Laszlo Ersek:
> > On 08/14/17 20:39, Dr. David Alan Gilbert wrote:
> >> * Philipp Hahn (h...@univention.de) wrote:
> >>> I'm currently investigating a problem, were a Linux VM does not reboot
> >>> and gets stuck in the SeaBIOS reboot code:
> >>>
> >>> I'm using SeaBIOS-1.7 from Debian with a more modern qemu-2.8
> ...>>> If I dump both regions and compare them, I get a difference:
> ...>> You might want seabios commit c68aff5 and b837e6 that got fixed after
> >> I tracked down some reboot hangs - although they were rare, not every
> >> time.  c68aff5 did certainly cause a corruption, and the address of that
> >> corruption was determined at link time and could overlay random useful
> >> bits of code if you were unlucky.
> 
> Thanks you for the commit IDs - to me this looks like they fixed the
> problem. Testing with seabios-1.10 does not show any reboot problem so far.
> 
> >>> 1. How can it be, that the low-mem ROM mapping is modified?
> >>
> >> I can't remember all the details, but PC ROM is shadowed and mapped over
> >> with RAM at various times,
> > 
> > Right. I don't remember for sure, but I believe the state of the PAM
> > registers doesn't only affect what the VCPUs see in that address range,
> > but also what your monitor commands will dump. (This would be the
> > logical choice -- make the monitor output what the VCPUs see anyway, at
> > the moment, dependent on the PAM settings.)
> 
> That makes sense.
> Do you know by change what change in Qemu triggered that bug, as I've
> never seen any reboot problem with qemu-1.1.2, but only since switching
> to qemu-2.8?

I didn't go back as far as 1.1.2, but I tried bisecting around 2.4/2.6
before I understood the failure and the bisect was very flaky;  I think
in the end it's a timing race where it comes down to the exact corrupt
value;  going back to ancient qemu might be taking some other path
through seabios but I ddin't investigate.

Dave

> Thanks again for your excellent help.
> 
> Philipp
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [Bug 1706296] Re: Booting NT 4 disk causes /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion failed: (!qemu_mutex_iothread_locked())

[Peter Maydell]

On 18 August 2017 at 09:40, Alex Bennée  wrote:
>
> John Arbuckle  writes:
>
>> Using '-cpu 486' gets past the assertion error. I guess Windows NT 4.0
>> is not compatible with newer Intel processors.
>
> It might be related. The assertion error is caused by the fact an
> exception has occurred and processor is trying to dump a stack frame that
> overlaps from RAM into device memory. As the IRQ/exception handling is
> already under the BQL (as it changes machine state) we get the assertion
> when it tries to take the BQL a second time when accessing device
> memory.

This sounds worrying -- lots and lots of target backend code
does writes to memory. Is it all going to cause assertions if
it happens to be pointing at a device?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 5/6] block: add throttle block filter driver

[Manos Pitsidianakis]

On Fri, Aug 18, 2017 at 10:23:09AM +0200, Alberto Garcia wrote:

On Fri 18 Aug 2017 05:10:18 AM CEST, Manos Pitsidianakis wrote:

block/throttle.c uses existing I/O throttle infrastructure inside a
block filter driver. I/O operations are intercepted in the filter's
read/write coroutines, and referred to block/throttle-groups.c

The driver can be used with the syntax
-drive driver=throttle,file.filename=foo.qcow2, \
limits.iops-total=...,throttle-group=bar


I had understood that we would get rid of the limits.* options in this
driver, or did I get it wrong?

Other than that, the rest of the code looks perfect to me.

Berto



I was going to send a patch after this was merged along with adding 
ThrottleGroups to the root container, to speed things up. Do you prefer 
to do this in this patch?


The root container patch probably has to go to the 'remove legacy' 
series since adding it here means the name collision errors introduce 
error paths in block/block-backend.c that go away in that series, and 
that'd be a waste of effort.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC PATCH 11/12] ppc4xx: Export ECB and PLB emulation

[David Gibson]

On Mon, Aug 14, 2017 at 01:06:42PM +0200, BALATON Zoltan wrote:
> On Mon, 14 Aug 2017, David Gibson wrote:
> > On Sun, Aug 13, 2017 at 07:04:38PM +0200, BALATON Zoltan wrote:
> > > These devices are found in some other ppc4xx cores too.
> 
> Thanks for the quick review, hope more will follow for other patches too
> maybe also from others.
> 
> > Elsewhere in the series you moved things that were used elsewhere out
> > of 405_uc, why not do that here as well?
> 
> I've moved those because those devices needed to be modified extensively
> while these two in this patch are used basically unchanged (they may not
> even be completely correct for 460EX but seem to work well enough) so I've
> left them here. I could add this explanation to the commit message or maybe
> move them to ppc4xx_devs to make it clearer that they are not only used by
> 405 emulation.

I think move them.  Probably to their own file - I think smaller files
are usually going to be more readable than one big file with heaps of
4xx devices.

> > > Also add some more PLB registers for 460EX.
> > 
> > Separate patch for that please, it's logically unrelated.  Plus the
> > commit message should say what these registers are, where they appear,
> > why do we need them?
> 
> OK. I don't really know what these registers are. I guess we need them
> because U-Boot or other guests poke them but they are only added to avoid
> the crash, not really emulated (just read zero, ignore write) for
> now.

Ok, so say that in the commit message.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC PATCH 12/12] ppc: Add aCube Sam460ex board

[David Gibson]

On Sun, Aug 13, 2017 at 07:04:38PM +0200, BALATON Zoltan wrote:
> Add emulation of aCube Sam460ex board based on AMCC 460EX embedded SoC.
> This is not a full implementation yet with a lot of components still
> missing but enough to start a Linux kernel and the U-Boot firmware.
> 
> Signed-off-by: François Revol 
> Signed-off-by: BALATON Zoltan 

There are a *lot* of devices defined here.  Most of them look like
they belong to the SoC, not the board (since they use DCRs), so it
doesn't really make sense to define them in a board file.  It would
also make it easier to review if they were split up into separate
patches.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 5/6] block: add throttle block filter driver

[Alberto Garcia]

On Fri 18 Aug 2017 11:07:22 AM CEST, Manos Pitsidianakis wrote:

>>> The driver can be used with the syntax
>>> -drive driver=throttle,file.filename=foo.qcow2, \
>>> limits.iops-total=...,throttle-group=bar
>>
>>I had understood that we would get rid of the limits.* options in this
>>driver, or did I get it wrong?
>>
> I was going to send a patch after this was merged along with adding
> ThrottleGroups to the root container, to speed things up. Do you
> prefer to do this in this patch?

I'm not sure what's the benefit of adding a complete infrastructure that
you are going to remove immediately afterwards :-?

> The root container patch probably has to go to the 'remove legacy'
> series since adding it here means the name collision errors introduce
> error paths in block/block-backend.c that go away in that series, and
> that'd be a waste of effort.

Ok.

Berto

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH 09/12] ppc440: Add emulation of plb-pcix controller found in some 440 SoCs

[luigi burdo]

hi Balaton,
i can help with amigaos4 for sam .
i can test it on P5040 book3e and on G5 quad book3s machine.
note sam for boot amigaos need a special modified version of uboot that is 
available on acube website it is a firmware update. without modified uboot will 
be not posdible auto boot amigaos.
idont know if is possible use standard uboot incuded in qemu for boot amigaos 
from uboot command line. i can ask help to Enrico Vidale as my FB friend but i 
dont know if he will be available for this kind of helping.

bye
luigi

Inviato da iPad

> Il giorno 14 ago 2017, alle ore 01:30, BALATON Zoltan  ha 
> scritto:
> 
> Signed-off-by: BALATON Zoltan 
> ---
> hw/ppc/Makefile.objs |   2 +-
> hw/ppc/ppc440_pcix.c | 506 +++
> 2 files changed, 507 insertions(+), 1 deletion(-)
> create mode 100644 hw/ppc/ppc440_pcix.c
> 
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index 2077216..9c5d58a 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -13,7 +13,7 @@ endif
> obj-$(CONFIG_PSERIES) += spapr_rtas_ddw.o
> # PowerPC 4xx boards
> obj-y += ppc405_boards.o ppc4xx_devs.o ppc405_uc.o ppc440_bamboo.o
> -obj-y += ppc4xx_pci.o ppc4xx_i2c.o
> +obj-y += ppc4xx_pci.o ppc440_pcix.o ppc4xx_i2c.o
> # PReP
> obj-$(CONFIG_PREP) += prep.o
> obj-$(CONFIG_PREP) += prep_systemio.o
> diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
> new file mode 100644
> index 000..3abd0d0
> --- /dev/null
> +++ b/hw/ppc/ppc440_pcix.c
> @@ -0,0 +1,506 @@
> +/*
> + * Emulation of the ibm,plb-pcix PCI controller
> + * This is found in some 440 SoCs e.g. the 460EX.
> + *
> + * Copyright (c) 2016 BALATON Zoltan
> + *
> + * Derived from ppc4xx_pci.c and pci-host/ppce500.c
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License, version 2, as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/hw.h"
> +#include "hw/ppc/ppc.h"
> +#include "hw/ppc/ppc4xx.h"
> +#include "hw/pci/pci.h"
> +#include "hw/pci/pci_host.h"
> +#include "exec/address-spaces.h"
> +
> +/*#define DEBUG_PCI*/
> +
> +#ifdef DEBUG_PCI
> +#define DPRINTF(fmt, ...) fprintf(stderr, fmt, ## __VA_ARGS__);
> +#else
> +#define DPRINTF(fmt, ...)
> +#endif /* DEBUG */
> +
> +struct PLBOutMap {
> +uint64_t la;
> +uint64_t pcia;
> +uint32_t sa;
> +MemoryRegion mr;
> +};
> +
> +struct PLBInMap {
> +uint64_t sa;
> +uint64_t la;
> +MemoryRegion mr;
> +};
> +
> +#define TYPE_PPC440_PCIX_HOST_BRIDGE "ppc440-pcix-host"
> +#define PPC440_PCIX_HOST_BRIDGE(obj) \
> +OBJECT_CHECK(PPC440PCIXState, (obj), TYPE_PPC440_PCIX_HOST_BRIDGE)
> +
> +#define PPC440_PCIX_NR_POMS 3
> +#define PPC440_PCIX_NR_PIMS 3
> +
> +typedef struct PPC440PCIXState {
> +PCIHostState parent_obj;
> +
> +PCIDevice *dev;
> +struct PLBOutMap pom[PPC440_PCIX_NR_POMS];
> +struct PLBInMap pim[PPC440_PCIX_NR_PIMS];
> +uint32_t sts;
> +qemu_irq irq[PCI_NUM_PINS];
> +AddressSpace bm_as;
> +MemoryRegion bm;
> +
> +MemoryRegion container;
> +MemoryRegion iomem;
> +MemoryRegion busmem;
> +} PPC440PCIXState;
> +
> +#define PPC440_REG_BASE 0x8
> +#define PPC440_REG_SIZE 0xff
> +
> +#define PCIC0_CFGADDR   0x0
> +#define PCIC0_CFGDATA   0x4
> +
> +#define PCIX0_POM0LAL   0x68
> +#define PCIX0_POM0LAH   0x6c
> +#define PCIX0_POM0SA0x70
> +#define PCIX0_POM0PCIAL 0x74
> +#define PCIX0_POM0PCIAH 0x78
> +#define PCIX0_POM1LAL   0x7c
> +#define PCIX0_POM1LAH   0x80
> +#define PCIX0_POM1SA0x84
> +#define PCIX0_POM1PCIAL 0x88
> +#define PCIX0_POM1PCIAH 0x8c
> +#define PCIX0_POM2SA0x90
> +
> +#define PCIX0_PIM0SAL   0x98
> +#define PCIX0_PIM0LAL   0x9c
> +#define PCIX0_PIM0LAH   0xa0
> +#define PCIX0_PIM1SA0xa4
> +#define PCIX0_PIM1LAL   0xa8
> +#define PCIX0_PIM1LAH   0xac
> +#define PCIX0_PIM2SAL   0xb0
> +#define PCIX0_PIM2LAL   0xb4
> +#define PCIX0_PIM2LAH   0xb8
> +#define PCIX0_PIM0SAH   0xf8
> +#define PCIX0_PIM2SAH   0xfc
> +
> +#define PCIX0_STS   0xe0
> +
> +#define PCI_ALL_SIZE(PPC440_REG_BASE + PPC440_REG_SIZE)
> +
> +/* DMA mapping */
> +static void ppc440_pcix_update_pim(PPC440PCIXState *s, int idx)
> +{
> +MemoryRegion *mem = &s->pim[idx].mr;
> +char *name;
> +uint64_t size;
> +
> +if (memory_region_is_mapped(mem)) {
> +/* Before we modify anything, unmap and destroy the region */

[Qemu-devel] [PATCH] scsi-bus: correct responses for INQUIRY and REQUEST SENSE

[Hannes Reinecke]

According to SPC-3 INQUIRY and REQUEST SENSE should return GOOD
even on unsupported LUNS.

Signed-off-by: Hannes Reinecke 
---
 hw/scsi/scsi-bus.c | 29 +
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index e364410a23..ade31c11f5 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -516,8 +516,10 @@ static size_t scsi_sense_len(SCSIRequest *req)
 static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
 {
 SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
+int fixed_sense = (req->cmd.buf[1] & 1) == 0;
 
-if (req->lun != 0) {
+if (req->lun != 0 &&
+buf[0] != INQUIRY && buf[0] != REQUEST_SENSE) {
 scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));
 scsi_req_complete(req, CHECK_CONDITION);
 return 0;
@@ -535,9 +537,28 @@ static int32_t scsi_target_send_command(SCSIRequest *req, 
uint8_t *buf)
 break;
 case REQUEST_SENSE:
 scsi_target_alloc_buf(&r->req, scsi_sense_len(req));
-r->len = scsi_device_get_sense(r->req.dev, r->buf,
-   MIN(req->cmd.xfer, r->buf_len),
-   (req->cmd.buf[1] & 1) == 0);
+if (req->lun != 0) {
+const struct SCSISense sense = SENSE_CODE(LUN_NOT_SUPPORTED);
+
+if (fixed_sense) {
+r->buf[0] = 0x70;
+r->buf[2] = sense.key;
+r->buf[10] = 10;
+r->buf[12] = sense.asc;
+r->buf[13] = sense.ascq;
+r->len = MIN(req->cmd.xfer, SCSI_SENSE_LEN);
+} else {
+r->buf[0] = 0x72;
+r->buf[1] = sense.key;
+r->buf[2] = sense.asc;
+r->buf[3] = sense.ascq;
+r->len = 8;
+}
+} else {
+r->len = scsi_device_get_sense(r->req.dev, r->buf,
+   MIN(req->cmd.xfer, r->buf_len),
+   fixed_sense);
+}
 if (r->req.dev->sense_is_ua) {
 scsi_device_unit_attention_reported(req->dev);
 r->req.dev->sense_len = 0;
-- 
2.12.0

[Qemu-devel] [PATCH] s390x: wire up diag288 in tcg

[Cornelia Huck]

Make the diag288 watchdog useable via tcg as well.

Signed-off-by: Cornelia Huck 
---
 target/s390x/misc_helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index d23ffcd890..80a13a1b66 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -103,6 +103,14 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, 
uint32_t r3, uint32_t num)
 handle_diag_308(env, r1, r3);
 r = 0;
 break;
+case 0x288:
+/* time bomb (watchdog) */
+r = handle_diag_288(env, r1, r3);
+if (r) {
+program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO);
+r = 0;
+}
+break;
 default:
 r = -1;
 break;
-- 
2.13.5

Re: [Qemu-devel] [PATCH for-2.10 v3 2/3] hw/acpi: Move acpi_set_pci_info to pcihp

[Igor Mammedov]

On Fri, 18 Aug 2017 04:40:02 +0300
"Michael S. Tsirkin"  wrote:

> On Thu, Aug 17, 2017 at 05:23:46PM +0100, Anthony PERARD wrote:
> > This means that the function will be call and the property
> > acpi-pcihp-bsel will be set even if ACPI build is disable.
> > 
> > To do PCI passthrough with Xen, the property acpi-pcihp-bsel needs to be
> > set, but this was done only when ACPI tables are built which is not
> > needed for a Xen guest. The need for the property starts with commit
> > "pc: pcihp: avoid adding ACPI_PCIHP_PROP_BSEL twice"
> > (f0c9d64a68b776374ec4732424a3e27753ce37b6).
> > 
> > Reported-by: Sander Eikelenboom 
> > Signed-off-by: Anthony PERARD 
> > 
> > ---
> > Changes in V3:
> >   - move acpi_set_pci_info to pcihp instead
> > 
> > Changes in V2:
> >   - check for acpi_enabled before calling acpi_set_pci_info.
> >   - set the property on the root bus only.
> > 
> > This patch would be a canditade to backport to 2.9, along with
> > "hw/acpi: Limit hotplug to root bus on legacy mode"
> > 
> > CC: Stefano Stabellini 
> > CC: Bruce Rogers 
> > ---
> >  hw/acpi/pcihp.c  | 31 +++
> >  hw/i386/acpi-build.c | 32 
> >  2 files changed, 31 insertions(+), 32 deletions(-)
> > 
> > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> > index 9db3c2eaf2..44e8842db8 100644
> > --- a/hw/acpi/pcihp.c
> > +++ b/hw/acpi/pcihp.c
> > @@ -75,6 +75,36 @@ static int acpi_pcihp_get_bsel(PCIBus *bus)
> >  }
> >  }
> >  
> > +/* Assign BSEL property to all buses.  In the future, this can be changed
> > + * to only assign to buses that support hotplug.
> > + */
> > +static void *acpi_set_bsel(PCIBus *bus, void *opaque)
> > +{
> > +unsigned *bsel_alloc = opaque;
> > +unsigned *bus_bsel;
> > +
> > +if (qbus_is_hotpluggable(BUS(bus))) {
> > +bus_bsel = g_malloc(sizeof *bus_bsel);
> > +
> > +*bus_bsel = (*bsel_alloc)++;
> > +object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
> > +   bus_bsel, &error_abort);
> > +}
> > +
> > +return bsel_alloc;
> > +}
> > +
> > +static void acpi_set_pci_info(void)
> > +{
> > +PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
> > +unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT;
> > +
> > +if (bus) {
> > +/* Scan all PCI buses. Set property to enable acpi based hotplug. 
> > */
> > +pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, 
> > &bsel_alloc);
> > +}
> > +}
> > +
> >  static void acpi_pcihp_test_hotplug_bus(PCIBus *bus, void *opaque)
> >  {
> >  AcpiPciHpFind *find = opaque;
> > @@ -177,6 +207,7 @@ static void acpi_pcihp_update(AcpiPciHpState *s)
> >  
> >  void acpi_pcihp_reset(AcpiPciHpState *s)
> >  {
> > +acpi_set_pci_info();
> >  acpi_pcihp_update(s);
> >  }  
> 
> IIUC doing this on reset will add property over and over again leaking
> memory.
in v2 I've explicitly suggested to call it once, like:

acpi_set_pci_info() {

   static bool bsel_is set;

   if (bsel_is set)
   return;
   bsel_is set = true;

   ...
}

not patch related:
BTW bsel assignment is not stable in hotplug + migration use case,
and we probably should fix it up in 2.11 (CCing Marcel)

> I think that we need to do it on machine done.
> 
> Igor,  I think reordering acpi-build like earlier version did
> is less intrusive and more appropriate for 2.10.
> 
> For 2.10 I would like to see ideally some changes that
> are all if (xen) making it obvious non xen is not
> affected. I can then ack it and it will be merged in xen tree.
it didn't work before so I'd just push fix to 2.11 without
intermediate fix.
But if you guys think it's worth to fix in 2.10, I'm fine with v2
for it if Anthony will take care of it (rebase this series)
in 2.11 merge window.


> 
> Clean it up after 2.10.
> 
> >  
> > diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> > index 98dd424678..4d19d91e1b 100644
> > --- a/hw/i386/acpi-build.c
> > +++ b/hw/i386/acpi-build.c
> > @@ -493,36 +493,6 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
> > PCMachineState *pcms)
> >   table_data->len - madt_start, 1, NULL, NULL);
> >  }
> >  
> > -/* Assign BSEL property to all buses.  In the future, this can be changed
> > - * to only assign to buses that support hotplug.
> > - */
> > -static void *acpi_set_bsel(PCIBus *bus, void *opaque)
> > -{
> > -unsigned *bsel_alloc = opaque;
> > -unsigned *bus_bsel;
> > -
> > -if (qbus_is_hotpluggable(BUS(bus))) {
> > -bus_bsel = g_malloc(sizeof *bus_bsel);
> > -
> > -*bus_bsel = (*bsel_alloc)++;
> > -object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
> > -   bus_bsel, &error_abort);
> > -}
> > -
> > -return bsel_alloc;
> > -}
> > -
> > -static void acpi_set_pci_info(void)
> > -{
> > -PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
> > -unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEF

Re: [Qemu-devel] [PATCH for-2.10 v3 2/3] hw/acpi: Move acpi_set_pci_info to pcihp

[Igor Mammedov]

On Thu, 17 Aug 2017 17:23:46 +0100
Anthony PERARD  wrote:

> This means that the function will be call and the property
> acpi-pcihp-bsel will be set even if ACPI build is disable.
s/call/called/
s/disable/disabled/

Maybe something along this lines:

HW part of APCI PCI hotplug in QEMU depends on ACPI_PCIHP_PROP_BSEL
being set on a PCI bus that supports ACPI hotplug. It should work
regardless of source of ACPI tables (QEMU generator/legacy Seabios/Xen).
So move ACPI_PCIHP_PROP_BSEL initialization into HW ACPI impl. part
from QEMU's ACPI table generator.

> 
> To do PCI passthrough with Xen, the property acpi-pcihp-bsel needs to be
> set, but this was done only when ACPI tables are built which is not
> needed for a Xen guest. The need for the property starts with commit
> "pc: pcihp: avoid adding ACPI_PCIHP_PROP_BSEL twice"
> (f0c9d64a68b776374ec4732424a3e27753ce37b6).
> 
> Reported-by: Sander Eikelenboom 
> Signed-off-by: Anthony PERARD 
> 
> ---
> Changes in V3:
>   - move acpi_set_pci_info to pcihp instead
> 
> Changes in V2:
>   - check for acpi_enabled before calling acpi_set_pci_info.
>   - set the property on the root bus only.
> 
> This patch would be a canditade to backport to 2.9, along with
> "hw/acpi: Limit hotplug to root bus on legacy mode"
> 
> CC: Stefano Stabellini 
> CC: Bruce Rogers 
> ---
>  hw/acpi/pcihp.c  | 31 +++
>  hw/i386/acpi-build.c | 32 
>  2 files changed, 31 insertions(+), 32 deletions(-)
> 
> diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> index 9db3c2eaf2..44e8842db8 100644
> --- a/hw/acpi/pcihp.c
> +++ b/hw/acpi/pcihp.c
> @@ -75,6 +75,36 @@ static int acpi_pcihp_get_bsel(PCIBus *bus)
>  }
>  }
>  
> +/* Assign BSEL property to all buses.  In the future, this can be changed
> + * to only assign to buses that support hotplug.
> + */
> +static void *acpi_set_bsel(PCIBus *bus, void *opaque)
> +{
> +unsigned *bsel_alloc = opaque;
> +unsigned *bus_bsel;
> +
> +if (qbus_is_hotpluggable(BUS(bus))) {
> +bus_bsel = g_malloc(sizeof *bus_bsel);
> +
> +*bus_bsel = (*bsel_alloc)++;
> +object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
> +   bus_bsel, &error_abort);
> +}
> +
> +return bsel_alloc;
> +}
> +
> +static void acpi_set_pci_info(void)
> +{
> +PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
> +unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT;
> +
> +if (bus) {
> +/* Scan all PCI buses. Set property to enable acpi based hotplug. */
> +pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, &bsel_alloc);
> +}
> +}
> +
>  static void acpi_pcihp_test_hotplug_bus(PCIBus *bus, void *opaque)
>  {
>  AcpiPciHpFind *find = opaque;
> @@ -177,6 +207,7 @@ static void acpi_pcihp_update(AcpiPciHpState *s)
>  
>  void acpi_pcihp_reset(AcpiPciHpState *s)
>  {
> +acpi_set_pci_info();
>  acpi_pcihp_update(s);
>  }
>  
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 98dd424678..4d19d91e1b 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -493,36 +493,6 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
> PCMachineState *pcms)
>   table_data->len - madt_start, 1, NULL, NULL);
>  }
>  
> -/* Assign BSEL property to all buses.  In the future, this can be changed
> - * to only assign to buses that support hotplug.
> - */
> -static void *acpi_set_bsel(PCIBus *bus, void *opaque)
> -{
> -unsigned *bsel_alloc = opaque;
> -unsigned *bus_bsel;
> -
> -if (qbus_is_hotpluggable(BUS(bus))) {
> -bus_bsel = g_malloc(sizeof *bus_bsel);
> -
> -*bus_bsel = (*bsel_alloc)++;
> -object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
> -   bus_bsel, &error_abort);
> -}
> -
> -return bsel_alloc;
> -}
> -
> -static void acpi_set_pci_info(void)
> -{
> -PCIBus *bus = find_i440fx(); /* TODO: Q35 support */
> -unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT;
> -
> -if (bus) {
> -/* Scan all PCI buses. Set property to enable acpi based hotplug. */
> -pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, &bsel_alloc);
> -}
> -}
> -
>  static void build_append_pcihp_notify_entry(Aml *method, int slot)
>  {
>  Aml *if_ctx;
> @@ -2888,8 +2858,6 @@ void acpi_setup(void)
>  
>  build_state = g_malloc0(sizeof *build_state);
>  
> -acpi_set_pci_info();
> -
>  acpi_build_tables_init(&tables);
>  acpi_build(&tables, MACHINE(pcms));
>  

Re: [Qemu-devel] [PATCH v1 for-2.11 01/10] target/s390x: move cc_name() to cc_helper.c

[David Hildenbrand]

On 17.08.2017 11:22, David Hildenbrand wrote:
> While at it, move the translations into the function.
> 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/cc_helper.c | 48 
> 
>  target/s390x/cpu.h   | 48 
> +---
>  2 files changed, 49 insertions(+), 47 deletions(-)
> 
> diff --git a/target/s390x/cc_helper.c b/target/s390x/cc_helper.c
> index 1cf8551..a4562e5 100644
> --- a/target/s390x/cc_helper.c
> +++ b/target/s390x/cc_helper.c
> @@ -31,6 +31,54 @@
>  #define HELPER_LOG(x...)
>  #endif
>  
> +const char *cc_name(int cc_op)
> +{
> +static const char *cc_names[] = {
> +[CC_OP_CONST0]= "CC_OP_CONST0",
> +[CC_OP_CONST1]= "CC_OP_CONST1",
> +[CC_OP_CONST2]= "CC_OP_CONST2",
> +[CC_OP_CONST3]= "CC_OP_CONST3",
> +[CC_OP_DYNAMIC]   = "CC_OP_DYNAMIC",
> +[CC_OP_STATIC]= "CC_OP_STATIC",
> +[CC_OP_NZ]= "CC_OP_NZ",
> +[CC_OP_LTGT_32]   = "CC_OP_LTGT_32",
> +[CC_OP_LTGT_64]   = "CC_OP_LTGT_64",
> +[CC_OP_LTUGTU_32] = "CC_OP_LTUGTU_32",
> +[CC_OP_LTUGTU_64] = "CC_OP_LTUGTU_64",
> +[CC_OP_LTGT0_32]  = "CC_OP_LTGT0_32",
> +[CC_OP_LTGT0_64]  = "CC_OP_LTGT0_64",
> +[CC_OP_ADD_64]= "CC_OP_ADD_64",
> +[CC_OP_ADDU_64]   = "CC_OP_ADDU_64",
> +[CC_OP_ADDC_64]   = "CC_OP_ADDC_64",
> +[CC_OP_SUB_64]= "CC_OP_SUB_64",
> +[CC_OP_SUBU_64]   = "CC_OP_SUBU_64",
> +[CC_OP_SUBB_64]   = "CC_OP_SUBB_64",
> +[CC_OP_ABS_64]= "CC_OP_ABS_64",
> +[CC_OP_NABS_64]   = "CC_OP_NABS_64",
> +[CC_OP_ADD_32]= "CC_OP_ADD_32",
> +[CC_OP_ADDU_32]   = "CC_OP_ADDU_32",
> +[CC_OP_ADDC_32]   = "CC_OP_ADDC_32",
> +[CC_OP_SUB_32]= "CC_OP_SUB_32",
> +[CC_OP_SUBU_32]   = "CC_OP_SUBU_32",
> +[CC_OP_SUBB_32]   = "CC_OP_SUBB_32",
> +[CC_OP_ABS_32]= "CC_OP_ABS_32",
> +[CC_OP_NABS_32]   = "CC_OP_NABS_32",
> +[CC_OP_COMP_32]   = "CC_OP_COMP_32",
> +[CC_OP_COMP_64]   = "CC_OP_COMP_64",
> +[CC_OP_TM_32] = "CC_OP_TM_32",
> +[CC_OP_TM_64] = "CC_OP_TM_64",
> +[CC_OP_NZ_F32]= "CC_OP_NZ_F32",
> +[CC_OP_NZ_F64]= "CC_OP_NZ_F64",
> +[CC_OP_NZ_F128]   = "CC_OP_NZ_F128",
> +[CC_OP_ICM]   = "CC_OP_ICM",
> +[CC_OP_SLA_32]= "CC_OP_SLA_32",
> +[CC_OP_SLA_64]= "CC_OP_SLA_64",
> +[CC_OP_FLOGR] = "CC_OP_FLOGR",
> +};
> +
> +return cc_names[cc_op];
> +}
> +
>  static uint32_t cc_calc_ltgt_32(int32_t src, int32_t dst)
>  {
>  if (src == dst) {
> diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> index 29fdd5d..3e798ef 100644
> --- a/target/s390x/cpu.h
> +++ b/target/s390x/cpu.h
> @@ -744,53 +744,7 @@ enum cc_op {
>  CC_OP_MAX
>  };
>  
> -static const char *cc_names[] = {
> -[CC_OP_CONST0]= "CC_OP_CONST0",
> -[CC_OP_CONST1]= "CC_OP_CONST1",
> -[CC_OP_CONST2]= "CC_OP_CONST2",
> -[CC_OP_CONST3]= "CC_OP_CONST3",
> -[CC_OP_DYNAMIC]   = "CC_OP_DYNAMIC",
> -[CC_OP_STATIC]= "CC_OP_STATIC",
> -[CC_OP_NZ]= "CC_OP_NZ",
> -[CC_OP_LTGT_32]   = "CC_OP_LTGT_32",
> -[CC_OP_LTGT_64]   = "CC_OP_LTGT_64",
> -[CC_OP_LTUGTU_32] = "CC_OP_LTUGTU_32",
> -[CC_OP_LTUGTU_64] = "CC_OP_LTUGTU_64",
> -[CC_OP_LTGT0_32]  = "CC_OP_LTGT0_32",
> -[CC_OP_LTGT0_64]  = "CC_OP_LTGT0_64",
> -[CC_OP_ADD_64]= "CC_OP_ADD_64",
> -[CC_OP_ADDU_64]   = "CC_OP_ADDU_64",
> -[CC_OP_ADDC_64]   = "CC_OP_ADDC_64",
> -[CC_OP_SUB_64]= "CC_OP_SUB_64",
> -[CC_OP_SUBU_64]   = "CC_OP_SUBU_64",
> -[CC_OP_SUBB_64]   = "CC_OP_SUBB_64",
> -[CC_OP_ABS_64]= "CC_OP_ABS_64",
> -[CC_OP_NABS_64]   = "CC_OP_NABS_64",
> -[CC_OP_ADD_32]= "CC_OP_ADD_32",
> -[CC_OP_ADDU_32]   = "CC_OP_ADDU_32",
> -[CC_OP_ADDC_32]   = "CC_OP_ADDC_32",
> -[CC_OP_SUB_32]= "CC_OP_SUB_32",
> -[CC_OP_SUBU_32]   = "CC_OP_SUBU_32",
> -[CC_OP_SUBB_32]   = "CC_OP_SUBB_32",
> -[CC_OP_ABS_32]= "CC_OP_ABS_32",
> -[CC_OP_NABS_32]   = "CC_OP_NABS_32",
> -[CC_OP_COMP_32]   = "CC_OP_COMP_32",
> -[CC_OP_COMP_64]   = "CC_OP_COMP_64",
> -[CC_OP_TM_32] = "CC_OP_TM_32",
> -[CC_OP_TM_64] = "CC_OP_TM_64",
> -[CC_OP_NZ_F32]= "CC_OP_NZ_F32",
> -[CC_OP_NZ_F64]= "CC_OP_NZ_F64",
> -[CC_OP_NZ_F128]   = "CC_OP_NZ_F128",
> -[CC_OP_ICM]   = "CC_OP_ICM",
> -[CC_OP_SLA_32]= "CC_OP_SLA_32",
> -[CC_OP_SLA_64]= "CC_OP_SLA_64",
> -[CC_OP_FLOGR] = "CC_OP_FLOGR",
> -};
> -
> -static inline const char *cc_name(int cc_op)
> -{
> -return cc_names[cc_op];
> -}
> +const char *cc_name(int cc_op);
>  
>  static inline void setcc(S390CPU *cpu, uint64_t cc)
>  {
> 

Just compiled with --disable-tcg

s390_cpu_dump_state() needs cc_name. I suggest moving it to hel

Re: [Qemu-devel] [PATCH v1 for-2.11 01/10] target/s390x: move cc_name() to cc_helper.c

[Thomas Huth]

On 18.08.2017 11:59, David Hildenbrand wrote:
> On 17.08.2017 11:22, David Hildenbrand wrote:
>> While at it, move the translations into the function.
>>
>> Signed-off-by: David Hildenbrand 
>> ---
>>  target/s390x/cc_helper.c | 48 
>> 
>>  target/s390x/cpu.h   | 48 
>> +---
>>  2 files changed, 49 insertions(+), 47 deletions(-)
[...]
> Just compiled with --disable-tcg
> 
> s390_cpu_dump_state() needs cc_name. I suggest moving it to helper.c
> instead. Opinions?

Sounds fine to me, too.

 Thomas

[Qemu-devel] [PATCH v4 1/5] ppc: spapr: Register and handle HCALL to receive updated RTAS region

[Aravinda Prasad]

Receive updates from SLOF about the updated rtas-base.
A separate patch for SLOF [1] adds functionality to invoke
a private HCALL whenever OS issues instantiate-rtas with
a new rtas-base.

This is required as QEMU needs to know the updated rtas-base
as it allocates error reporting structure in RTAS space upon
a machine check exception.

[1] https://lists.ozlabs.org/pipermail/linuxppc-dev/2014-August/120386.html

Signed-off-by: Aravinda Prasad 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_hcall.c   |8 
 include/hw/ppc/spapr.h |4 +++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 72ea5a8..e66c72e 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1062,6 +1062,13 @@ static target_ulong h_rtas(PowerPCCPU *cpu, 
sPAPRMachineState *spapr,
nret, rtas_r3 + 12 + 4*nargs);
 }
 
+static target_ulong h_rtas_update(PowerPCCPU *cpu, sPAPRMachineState *spapr,
+  target_ulong opcode, target_ulong *args)
+{
+spapr->rtas_addr = args[0];
+return 0;
+}
+
 static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPRMachineState *spapr,
target_ulong opcode, target_ulong *args)
 {
@@ -1717,6 +1724,7 @@ static void hypercall_register_types(void)
 
 /* qemu/KVM-PPC specific hcalls */
 spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas);
+spapr_register_hypercall(KVMPPC_H_RTAS_UPDATE, h_rtas_update);
 
 /* ibm,client-architecture-support support */
 spapr_register_hypercall(KVMPPC_H_CAS, h_client_architecture_support);
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 2a303a7..46012b3 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -90,6 +90,7 @@ struct sPAPRMachineState {
 
 hwaddr rma_size;
 int vrma_adjust;
+hwaddr rtas_addr;
 ssize_t rtas_size;
 void *rtas_blob;
 long kernel_size;
@@ -399,7 +400,8 @@ struct sPAPRMachineState {
 #define KVMPPC_H_LOGICAL_MEMOP  (KVMPPC_HCALL_BASE + 0x1)
 /* Client Architecture support */
 #define KVMPPC_H_CAS(KVMPPC_HCALL_BASE + 0x2)
-#define KVMPPC_HCALL_MAXKVMPPC_H_CAS
+#define KVMPPC_H_RTAS_UPDATE(KVMPPC_HCALL_BASE + 0x3)
+#define KVMPPC_HCALL_MAXKVMPPC_H_RTAS_UPDATE
 
 typedef struct sPAPRDeviceTreeUpdateHeader {
 uint32_t version_id;

[Qemu-devel] [PATCH v4 0/5] target-ppc/spapr: Add FWNMI support in QEMU for PowerKVM guests

[Aravinda Prasad]

This series of patches adds support for FWNMI in PowerKVM guests.

Memory error such as bit flips that cannot be corrected
by hardware is passed on to the kernel for handling
by raising machine check exception (an NMI). Upon such
machine check exception, if the address in error belongs
to guest then KVM causes a guest exit with KVM_EXIT_NMI
exit reason.

This patch series adds functionality to pass on such
machine check exception to the guest kernel by suitably
handling KVM_EXIT_NMI exit and building the error log.

The KVM changes are now part of the upstream kernel
(commit e20bbd3d). This series containe QEMU changes.

Change Log v4:
- Included the RTAS_DISP_FULLY_RECOVERED scenario in
  patch 4/5.

Change Log v3:
- Rebased to v2.10.0-rc0 (git://github.com/dgibson/qemu)

Change Log v2:
- Added KVM capability
- Serialized multiple NMIs with a conditional wait

---

Aravinda Prasad (5):
  ppc: spapr: Register and handle HCALL to receive updated RTAS region
  ppc: spapr: Handle "ibm,nmi-register" and "ibm,nmi-interlock" RTAS calls
  Wrapper function to wait on condition for the main loop mutex
  target/ppc: Handle NMI guest exit
  ppc: spapr: Enable FWNMI capability


 cpus.c   |5 ++
 hw/ppc/spapr.c   |   12 ++
 hw/ppc/spapr_hcall.c |8 
 hw/ppc/spapr_rtas.c  |   52 ++
 include/hw/ppc/spapr.h   |   14 ++-
 include/qemu/main-loop.h |8 
 target/ppc/kvm.c |   93 ++
 target/ppc/kvm_ppc.h |   82 +
 8 files changed, 272 insertions(+), 2 deletions(-)

--
Aravinda Prasad

[Qemu-devel] [PATCH v4 3/5] Wrapper function to wait on condition for the main loop mutex

[Aravinda Prasad]

Introduce a wrapper function to wait on condition for
the main loop mutex. This function atomically releases
the main loop mutex and causes the calling thread to
block on the condition.

Signed-off-by: Aravinda Prasad 
---
 cpus.c   |5 +
 include/qemu/main-loop.h |8 
 2 files changed, 13 insertions(+)

diff --git a/cpus.c b/cpus.c
index 9bed61e..9712013 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1589,6 +1589,11 @@ void qemu_mutex_unlock_iothread(void)
 qemu_mutex_unlock(&qemu_global_mutex);
 }
 
+void qemu_cond_wait_iothread(QemuCond *cond)
+{
+qemu_cond_wait(cond, &qemu_global_mutex);
+}
+
 static bool all_vcpus_paused(void)
 {
 CPUState *cpu;
diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index 6b4b60b..618cb2f 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -279,6 +279,14 @@ void qemu_mutex_lock_iothread(void);
  */
 void qemu_mutex_unlock_iothread(void);
 
+/**
+ * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
+ *
+ * This function atomically releases the main loop mutex and causes
+ * the calling thread to block on the condition.
+ */
+void qemu_cond_wait_iothread(QemuCond *cond);
+
 /* internal interfaces */
 
 void qemu_fd_register(int fd);

Re: [Qemu-devel] [PATCH 5/6] block: Fix write/resize permissions for inactive images

[Xie Changlong]

在 5/5/2017 12:52 AM, Kevin Wolf 写道:
  
+/* Returns whether the image file can be written to right now */

+bool bdrv_is_writable(BlockDriverState *bs)
+{
+return !bdrv_is_read_only(bs) && !(bs->open_flags & BDRV_O_INACTIVE);
+}
+


This commit use BDRV_O_INACTIVE to judge whether the image file can be 
written or not. But it blocks replication driver on the secondary node. 
For replication in secondary, we must ensure that the whole chain are 
writable:



  ||
  ||.--
  ||| Secondary
  ||'--
  ||
  ||

virtio-blk
 ^
-->  3 NBD   |
  || server  2 filter
  ||^^
  ||||
  ||  Secondary disk <- hidden-disk 5 <- active-disk 4
  |||  backing^   backing
  ||| |
  ||| |
  ||'-'
  ||   drive-backup sync=none 6

The root casue is when we run replication in secondary, vmstate changes 
to RUN_STATE_INMIGRATE, then blockdev_init() sets bdrv_flags |= 
BDRV_O_INACTIVE. So the whole chain become readonly. I've tried on my 
side, but it seems not easy to fix it. I wonder if there is any way to 
bypass this? Any suggestion would be appreciated.


It's very easy to reproduce this scenario:
(gdb) r
Starting program: /root/.xie/qemu-colo/x86_64-softmmu/qemu-system-x86_64 
-boot c -m 2048 -smp 2 -qmp stdio -vnc :0 -name secondary -enable-kvm 
-cpu qemu64,+kvmclock -device piix3-usb-uhci -device usb-tablet -drive 
if=none,id=colo-disk,file.filename=/root/.xie/suse.qcow2.orgin,file.node-name=secondary_disk,driver=qcow2,node-name=sec-qcow2-driver-for-nbd 
-drive 
if=ide,id=active-disk0,node-name=active-disk111,throttling.bps-total=7000,driver=replication,node-name=secondary-replication-driver,mode=secondary,top-id=active-disk0,file.driver=qcow2,file.node-name=active-qcow2-driver,file.file.filename=/mnt/ramfs/active_disk.img,file.file.node-name=active_disk,file.backing.driver=qcow2,file.backing.file.filename=/mnt/ramfs/hidden_disk.img,file.backing.node-name=hidden-qcow2-driver,file.backing.file.node-name=hidden_disk,file.backing.backing=colo-disk 
-incoming tcp:0:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x74801700 (LWP 25252)]
[New Thread 0x74000700 (LWP 25255)]
qemu-system-x86_64: -drive 
if=ide,id=active-disk0,node-name=active-disk111,throttling.bps-total=7000,driver=replication,node-name=secondary-replication-driver,mode=secondary,top-id=active-disk0,file.driver=qcow2,file.node-name=active-qcow2-driver,file.file.filename=/mnt/ramfs/active_disk.img,file.file.node-name=active_disk,file.backing.driver=qcow2,file.backing.file.filename=/mnt/ramfs/hidden_disk.img,file.backing.node-name=hidden-qcow2-driver,file.backing.file.node-name=hidden_disk,file.backing.backing=colo-disk: 
Block node is read-only

[Thread 0x74000700 (LWP 25255) exited]
[Thread 0x74801700 (LWP 25252) exited]
[Inferior 1 (process 25248) exited with code 01]
Missing separate debuginfos, use: debuginfo-install 
glib2-2.46.2-4.el7.x86_64 glibc-2.17-157.el7_3.4.x86_64 
libacl-2.2.51-12.el7.x86_64 libattr-2.4.46-12.el7.x86_64 
libgcc-4.8.5-11.el7.x86_64 libgcrypt-1.5.3-13.el7_3.1.x86_64 
libgpg-error-1.12-3.el7.x86_64 libstdc++-4.8.5-11.el7.x86_64 
libuuid-2.23.2-33.el7_3.2.x86_64 openssl-libs-1.0.1e-60.el7_3.1.x86_64 
pixman-0.34.0-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64

(gdb)

--
Thanks
-Xie

[Qemu-devel] [PATCH v4 4/5] target/ppc: Handle NMI guest exit

[Aravinda Prasad]

Memory error such as bit flips that cannot be corrected
by hardware are passed on to the kernel for handling.
If the memory address in error belongs to guest then
guest kernel is responsible for taking suitable action.
Patch [1] enhances KVM to exit guest with exit reason
set to KVM_EXIT_NMI in such cases.

This patch handles KVM_EXIT_NMI exit. If the guest OS
has registered the machine check handling routine by
calling "ibm,nmi-register", then the handler builds
the error log and invokes the registered handler else
invokes the handler at 0x200.

[1] https://www.spinics.net/lists/kvm-ppc/msg12637.html
(e20bbd3d and related commits)

Signed-off-by: Aravinda Prasad 
Signed-off-by: Mahesh Salgaonkar 
---
 hw/ppc/spapr.c   |4 ++
 target/ppc/kvm.c |   91 ++
 target/ppc/kvm_ppc.h |   82 +
 3 files changed, 177 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0bb2c4a..6cc3f69 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2346,6 +2346,10 @@ static void ppc_spapr_init(MachineState *machine)
 error_report("Could not get size of LPAR rtas '%s'", filename);
 exit(1);
 }
+
+/* Resize blob to accommodate error log. */
+spapr->rtas_size = RTAS_ERRLOG_OFFSET + sizeof(struct RtasMCELog);
+
 spapr->rtas_blob = g_malloc(spapr->rtas_size);
 if (load_image_size(filename, spapr->rtas_blob, spapr->rtas_size) < 0) {
 error_report("Could not load LPAR rtas '%s'", filename);
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 8571379..e9ea45f 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -1782,6 +1782,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
*run)
 ret = 0;
 break;
 
+case KVM_EXIT_NMI:
+DPRINTF("handle NMI exception\n");
+ret = kvm_handle_nmi(cpu, run);
+break;
+
 default:
 fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
 ret = -1;
@@ -2704,6 +2709,92 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
 return data & 0x;
 }
 
+int kvm_handle_nmi(PowerPCCPU *cpu, struct kvm_run *run)
+{
+struct RtasMCELog mc_log;
+CPUPPCState *env = &cpu->env;
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
+target_ulong msr = 0;
+
+cpu_synchronize_state(CPU(cpu));
+
+/*
+ * Properly set bits in MSR before we invoke the handler.
+ * SRR0/1, DAR and DSISR are properly set by KVM
+ */
+if (!(*pcc->interrupts_big_endian)(cpu)) {
+msr |= (1ULL << MSR_LE);
+}
+
+if (env->msr && (1ULL << MSR_SF)) {
+msr |= (1ULL << MSR_SF);
+}
+
+msr |= (1ULL << MSR_ME);
+env->msr = msr;
+
+if (!spapr->guest_machine_check_addr) {
+/*
+ * If OS has not registered with "ibm,nmi-register"
+ * jump to 0x200
+ */
+env->nip = 0x200;
+return 0;
+}
+
+while (spapr->mc_in_progress) {
+/*
+ * Check whether the same CPU got machine check error
+ * while still handling the mc error (i.e., before
+ * that CPU called "ibm,nmi-interlock"
+ */
+if (spapr->mc_cpu == cpu->cpu_dt_id) {
+qemu_system_guest_panicked(NULL);
+}
+qemu_cond_wait_iothread(&spapr->mc_delivery_cond);
+}
+spapr->mc_in_progress = true;
+spapr->mc_cpu = cpu->cpu_dt_id;
+
+/* Set error log fields */
+mc_log.r3 = env->gpr[3];
+mc_log.err_log.byte0 = 0;
+mc_log.err_log.byte1 =
+(RTAS_SEVERITY_ERROR_SYNC << RTAS_ELOG_SEVERITY_SHIFT);
+if (run->flags & KVM_RUN_PPC_NMI_DISP_FULLY_RECOV) {
+mc_log.err_log.byte1 |=
+(RTAS_DISP_NOT_RECOVERED << RTAS_ELOG_DISPOSITION_SHIFT);
+} else {
+mc_log.err_log.byte1 |=
+(RTAS_DISP_FULLY_RECOVERED << RTAS_ELOG_DISPOSITION_SHIFT);
+}
+mc_log.err_log.byte2 =
+(RTAS_INITIATOR_MEMORY << RTAS_ELOG_INITIATOR_SHIFT);
+mc_log.err_log.byte2 |= RTAS_TARGET_MEMORY;
+
+if (env->spr[SPR_DSISR] & P7_DSISR_MC_UE) {
+mc_log.err_log.byte3 = RTAS_TYPE_ECC_UNCORR;
+} else {
+mc_log.err_log.byte3 = 0;
+}
+
+/* Handle all Host/Guest LE/BE combinations */
+if (env->msr & (1ULL << MSR_LE)) {
+mc_log.r3 = cpu_to_le64(mc_log.r3);
+} else {
+mc_log.r3 = cpu_to_be64(mc_log.r3);
+}
+
+cpu_physical_memory_write(spapr->rtas_addr + RTAS_ERRLOG_OFFSET,
+  &mc_log, sizeof(mc_log));
+
+env->nip = spapr->guest_machine_check_addr;
+env->gpr[3] = spapr->rtas_addr + RTAS_ERRLOG_OFFSET;
+
+return 0;
+}
+
 int kvmppc_enable_hwrng(void)
 {
 if (!kvm_enabled() || !kvm_check_extension(kvm_state, KVM_CAP_PPC_HWRNG)) {
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 6bc6fb3..872c7e4 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_pp

[Qemu-devel] [PATCH v4 2/5] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls

[Aravinda Prasad]

This patch adds support in QEMU to handle "ibm,nmi-register"
and "ibm,nmi-interlock" RTAS calls.

The machine check notification address is saved when the
OS issues "ibm,nmi-register" RTAS call.

This patch also handles the case when multiple processors
experience machine check at or about the same time by
handling "ibm,nmi-interlock" call. In such cases, as per
PAPR, subsequent processors serialize waiting for the first
processor to issue the "ibm,nmi-interlock" call. The second
processor waits till the first processor, which also
received a machine check error, is done reading the error
log. The first processor issues "ibm,nmi-interlock" call
when the error log is consumed. This patch implements the
releasing part of the error-log while subsequent patch
(which builds error log) handles the locking part.

Signed-off-by: Aravinda Prasad 
---
 hw/ppc/spapr.c |8 
 hw/ppc/spapr_rtas.c|   35 +++
 include/hw/ppc/spapr.h |   10 +-
 3 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 2a3e53d..0bb2c4a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1441,6 +1441,11 @@ static void ppc_spapr_reset(void)
 first_ppc_cpu->env.nip = SPAPR_ENTRY_POINT;
 
 spapr->cas_reboot = false;
+
+spapr->mc_in_progress = false;
+spapr->guest_machine_check_addr = 0;
+qemu_cond_destroy(&spapr->mc_delivery_cond);
+qemu_cond_init(&spapr->mc_delivery_cond);
 }
 
 static void spapr_create_nvram(sPAPRMachineState *spapr)
@@ -2491,6 +2496,9 @@ static void ppc_spapr_init(MachineState *machine)
 
 kvmppc_spapr_enable_inkernel_multitce();
 }
+
+spapr->mc_in_progress = false;
+qemu_cond_init(&spapr->mc_delivery_cond);
 }
 
 static int spapr_kvm_type(const char *vm_type)
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 94a2799..2f3c47b 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -348,6 +348,37 @@ static void rtas_get_power_level(PowerPCCPU *cpu, 
sPAPRMachineState *spapr,
 rtas_st(rets, 1, 100);
 }
 
+static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
+  sPAPRMachineState *spapr,
+  uint32_t token, uint32_t nargs,
+  target_ulong args,
+  uint32_t nret, target_ulong rets)
+{
+spapr->guest_machine_check_addr = rtas_ld(args, 1);
+rtas_st(rets, 0, RTAS_OUT_SUCCESS);
+}
+
+static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
+   sPAPRMachineState *spapr,
+   uint32_t token, uint32_t nargs,
+   target_ulong args,
+   uint32_t nret, target_ulong rets)
+{
+if (!spapr->guest_machine_check_addr) {
+/* NMI register not called */
+rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
+} else {
+/*
+ * VCPU issuing "ibm,nmi-interlock" is done with NMI handling,
+ * hence unset mc_in_progress.
+ */
+spapr->mc_in_progress = false;
+qemu_cond_signal(&spapr->mc_delivery_cond);
+rtas_st(rets, 0, RTAS_OUT_SUCCESS);
+}
+}
+
+
 static struct rtas_call {
 const char *name;
 spapr_rtas_fn fn;
@@ -489,6 +520,10 @@ static void core_rtas_register_types(void)
 rtas_set_power_level);
 spapr_rtas_register(RTAS_GET_POWER_LEVEL, "get-power-level",
 rtas_get_power_level);
+spapr_rtas_register(RTAS_IBM_NMI_REGISTER, "ibm,nmi-register",
+rtas_ibm_nmi_register);
+spapr_rtas_register(RTAS_IBM_NMI_INTERLOCK, "ibm,nmi-interlock",
+rtas_ibm_nmi_interlock);
 }
 
 type_init(core_rtas_register_types)
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 46012b3..eee8d33 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -123,6 +123,12 @@ struct sPAPRMachineState {
  * occurs during the unplug process. */
 QTAILQ_HEAD(, sPAPRDIMMState) pending_dimm_unplugs;
 
+/* State related to "ibm,nmi-register" and "ibm,nmi-interlock" calls */
+target_ulong guest_machine_check_addr;
+bool mc_in_progress;
+int mc_cpu;
+QemuCond mc_delivery_cond;
+
 /*< public >*/
 char *kvm_type;
 MemoryHotplugState hotplug_memory;
@@ -519,8 +525,10 @@ target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong 
opcode,
 #define RTAS_IBM_CREATE_PE_DMA_WINDOW   (RTAS_TOKEN_BASE + 0x27)
 #define RTAS_IBM_REMOVE_PE_DMA_WINDOW   (RTAS_TOKEN_BASE + 0x28)
 #define RTAS_IBM_RESET_PE_DMA_WINDOW(RTAS_TOKEN_BASE + 0x29)
+#define RTAS_IBM_NMI_REGISTER   (RTAS_TOKEN_BASE + 0x2A)
+#define RTAS_IBM_NMI_INTERLOCK  (RTAS_TOKEN_BASE + 0x2B)
 
-#define RTAS_TOKEN_MAX  (RTAS_TOKEN_BASE + 0x2A)
+#define RTAS_TOKEN_MAX  (RTAS_TOKEN_B

[Qemu-devel] [PATCH for-2.11 03/27] sparc: convert cpu features to qdev properties

[Igor Mammedov]

SPARC is the last target that uses legacy way of parsing
and initializing cpu features, drop legacy approach and
convert features to properties so that SPARC could as minimum
benefit from generic cpu_generic_init(), common with
x86 +-feat parser

PS:
the main purpose is to remove legacy way of cpu creation as
a blocker for unifying cpu creation code across targets.

Signed-off-by: Igor Mammedov 
---
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
CC: Eduardo Habkost 
---
 target/sparc/cpu.c | 66 ++
 1 file changed, 66 insertions(+)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index f4e7343..e735d73 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -22,6 +22,8 @@
 #include "cpu.h"
 #include "qemu/error-report.h"
 #include "exec/exec-all.h"
+#include "hw/qdev-properties.h"
+#include "qapi/visitor.h"
 
 //#define DEBUG_FEATURES
 
@@ -853,6 +855,69 @@ static void sparc_cpu_initfn(Object *obj)
 }
 }
 
+static void sparc_get_nwindows(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+SPARCCPU *cpu = SPARC_CPU(obj);
+int64_t value = cpu->env.def.nwindows;
+
+visit_type_int(v, name, &value, errp);
+}
+
+static void sparc_set_nwindows(Object *obj, Visitor *v, const char *name,
+   void *opaque, Error **errp)
+{
+const int64_t min = MIN_NWINDOWS;
+const int64_t max = MAX_NWINDOWS;
+SPARCCPU *cpu = SPARC_CPU(obj);
+Error *err = NULL;
+int64_t value;
+
+visit_type_int(v, name, &value, &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+if (value < min || value > max) {
+error_setg(errp, "Property %s.%s doesn't take value %" PRId64
+   " (minimum: %" PRId64 ", maximum: %" PRId64 ")",
+   object_get_typename(obj), name ? name : "null",
+   value, min, max);
+return;
+}
+cpu->env.def.nwindows = value;
+}
+
+static PropertyInfo qdev_prop_nwindows = {
+.name  = "int",
+.get   = sparc_get_nwindows,
+.set   = sparc_set_nwindows,
+};
+
+static Property sparc_cpu_properties[] = {
+DEFINE_PROP_BIT("float",SPARCCPU, env.def.features, 0, false),
+DEFINE_PROP_BIT("float128", SPARCCPU, env.def.features, 1, false),
+DEFINE_PROP_BIT("swap", SPARCCPU, env.def.features, 2, false),
+DEFINE_PROP_BIT("mul",  SPARCCPU, env.def.features, 3, false),
+DEFINE_PROP_BIT("div",  SPARCCPU, env.def.features, 4, false),
+DEFINE_PROP_BIT("flush",SPARCCPU, env.def.features, 5, false),
+DEFINE_PROP_BIT("fsqrt",SPARCCPU, env.def.features, 6, false),
+DEFINE_PROP_BIT("fmul", SPARCCPU, env.def.features, 7, false),
+DEFINE_PROP_BIT("vis1", SPARCCPU, env.def.features, 8, false),
+DEFINE_PROP_BIT("vis2", SPARCCPU, env.def.features, 9, false),
+DEFINE_PROP_BIT("fsmuld",   SPARCCPU, env.def.features, 10, false),
+DEFINE_PROP_BIT("hypv", SPARCCPU, env.def.features, 11, false),
+DEFINE_PROP_BIT("cmt",  SPARCCPU, env.def.features, 12, false),
+DEFINE_PROP_BIT("gl",   SPARCCPU, env.def.features, 13, false),
+DEFINE_PROP_UNSIGNED("iu-version", SPARCCPU, env.def.iu_version, 0,
+ qdev_prop_uint64, target_ulong),
+DEFINE_PROP_UINT32("fpu-version", SPARCCPU, env.def.fpu_version, 0),
+DEFINE_PROP_UINT32("mmu-version", SPARCCPU, env.def.mmu_version, 0),
+{ .name  = "nwindows", .info  = &qdev_prop_nwindows },
+DEFINE_PROP_END_OF_LIST()
+};
+
 static void sparc_cpu_class_init(ObjectClass *oc, void *data)
 {
 SPARCCPUClass *scc = SPARC_CPU_CLASS(oc);
@@ -861,6 +926,7 @@ static void sparc_cpu_class_init(ObjectClass *oc, void 
*data)
 
 scc->parent_realize = dc->realize;
 dc->realize = sparc_cpu_realizefn;
+dc->props = sparc_cpu_properties;
 
 scc->parent_reset = cc->reset;
 cc->reset = sparc_cpu_reset;
-- 
2.7.4

[Qemu-devel] [PATCH v4 5/5] ppc: spapr: Enable FWNMI capability

[Aravinda Prasad]

Enable the KVM capability KVM_CAP_PPC_FWNMI so that
the KVM causes guest exit with NMI as exit reason
when it encounters a machine check exception on the
address belonging to a guest. Without this capability
enabled, KVM redirects machine check exceptions to
guest's 0x200 vector.

Signed-off-by: Aravinda Prasad 
---
 hw/ppc/spapr_rtas.c |   17 +
 target/ppc/kvm.c|2 ++
 2 files changed, 19 insertions(+)

diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 2f3c47b..c2a361a 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -47,6 +47,8 @@
 #include "trace.h"
 #include "hw/ppc/fdt.h"
 
+extern int cap_fwnmi;
+
 static void rtas_display_character(PowerPCCPU *cpu, sPAPRMachineState *spapr,
uint32_t token, uint32_t nargs,
target_ulong args,
@@ -354,7 +356,22 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
   target_ulong args,
   uint32_t nret, target_ulong rets)
 {
+int ret;
+CPUState *cs = CPU(cpu);
+
+if (!cap_fwnmi) {
+rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
+return;
+}
+
 spapr->guest_machine_check_addr = rtas_ld(args, 1);
+
+ret = kvm_vcpu_enable_cap(cs, KVM_CAP_PPC_FWNMI, 0);
+if (ret < 0) {
+rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
+return;
+}
+
 rtas_st(rets, 0, RTAS_OUT_SUCCESS);
 }
 
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index e9ea45f..7d37dba 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -90,6 +90,7 @@ static int cap_htm; /* Hardware transactional 
memory support */
 static int cap_mmu_radix;
 static int cap_mmu_hash_v3;
 static int cap_resize_hpt;
+int cap_fwnmi;
 
 static uint32_t debug_inst_opcode;
 
@@ -147,6 +148,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_mmu_radix = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_RADIX);
 cap_mmu_hash_v3 = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3);
 cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
+cap_fwnmi = kvm_check_extension(s, KVM_CAP_PPC_FWNMI);
 
 if (!cap_interrupt_level) {
 fprintf(stderr, "KVM: Couldn't find level irq capability. Expect the "

[Qemu-devel] [PATCH for-2.11 01/27] sparc: convert cpu models to SPARC cpu subclasses

[Igor Mammedov]

QOMfy cpu models handling introducing propper cpu types
for each cpu model.

Signed-off-by: Igor Mammedov 
---
with this and conversion of features to properties,
it would be possible to replace cpu_sparc_init() with
cpu_generic_init() and reuse common -cpu handling
infrastructure.

CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
CC: Philippe Mathieu-Daudé 

v2:
  * make base class abstract (Philippe Mathieu-Daudé )
---
 target/sparc/cpu-qom.h |   2 +
 target/sparc/cpu.c | 121 +
 2 files changed, 84 insertions(+), 39 deletions(-)

diff --git a/target/sparc/cpu-qom.h b/target/sparc/cpu-qom.h
index f63af72..af6d57a 100644
--- a/target/sparc/cpu-qom.h
+++ b/target/sparc/cpu-qom.h
@@ -35,6 +35,7 @@
 #define SPARC_CPU_GET_CLASS(obj) \
 OBJECT_GET_CLASS(SPARCCPUClass, (obj), TYPE_SPARC_CPU)
 
+typedef struct sparc_def_t sparc_def_t;
 /**
  * SPARCCPUClass:
  * @parent_realize: The parent class' realize handler.
@@ -49,6 +50,7 @@ typedef struct SPARCCPUClass {
 
 DeviceRealize parent_realize;
 void (*parent_reset)(CPUState *cpu);
+sparc_def_t *cpu_def;
 } SPARCCPUClass;
 
 typedef struct SPARCCPU SPARCCPU;
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index d606eb5..2994c09 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -25,8 +25,6 @@
 
 //#define DEBUG_FEATURES
 
-static int cpu_sparc_find_by_name(sparc_def_t *cpu_def, const char *cpu_model);
-
 /* CPUClass::reset() */
 static void sparc_cpu_reset(CPUState *s)
 {
@@ -111,17 +109,9 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
 {
 CPUSPARCState *env = &cpu->env;
 char *s = g_strdup(cpu_model);
-char *featurestr, *name = strtok(s, ",");
-sparc_def_t def1, *def = &def1;
+char *featurestr = strtok(s, ",");
 Error *err = NULL;
 
-if (cpu_sparc_find_by_name(def, name) < 0) {
-g_free(s);
-return -1;
-}
-
-env->def = g_memdup(def, sizeof(*def));
-
 featurestr = strtok(NULL, ",");
 sparc_cpu_parse_features(CPU(cpu), featurestr, &err);
 g_free(s);
@@ -130,18 +120,18 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
 return -1;
 }
 
-env->version = def->iu_version;
-env->fsr = def->fpu_version;
-env->nwindows = def->nwindows;
+env->version = env->def->iu_version;
+env->fsr = env->def->fpu_version;
+env->nwindows = env->def->nwindows;
 #if !defined(TARGET_SPARC64)
-env->mmuregs[0] |= def->mmu_version;
+env->mmuregs[0] |= env->def->mmu_version;
 cpu_sparc_set_id(env, 0);
-env->mxccregs[7] |= def->mxcc_version;
+env->mxccregs[7] |= env->def->mxcc_version;
 #else
-env->mmu_version = def->mmu_version;
-env->maxtl = def->maxtl;
-env->version |= def->maxtl << 8;
-env->version |= def->nwindows - 1;
+env->mmu_version = env->def->mmu_version;
+env->maxtl = env->def->maxtl;
+env->version |= env->def->maxtl << 8;
+env->version |= env->def->nwindows - 1;
 #endif
 return 0;
 }
@@ -149,8 +139,19 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
 SPARCCPU *cpu_sparc_init(const char *cpu_model)
 {
 SPARCCPU *cpu;
+ObjectClass *oc;
+char *str, *name;
+
+str = g_strdup(cpu_model);
+name = strtok(str, ",");
+oc = cpu_class_by_name(TYPE_SPARC_CPU, name);
+if (oc == NULL) {
+g_free(str);
+return NULL;
+}
+g_free(str);
 
-cpu = SPARC_CPU(object_new(TYPE_SPARC_CPU));
+cpu = SPARC_CPU(object_new(object_class_get_name(oc)));
 
 if (cpu_sparc_register(cpu, cpu_model) < 0) {
 object_unref(OBJECT(cpu));
@@ -553,23 +554,6 @@ static void add_flagname_to_bitmaps(const char *flagname, 
uint32_t *features)
 error_report("CPU feature %s not found", flagname);
 }
 
-static int cpu_sparc_find_by_name(sparc_def_t *cpu_def, const char *name)
-{
-unsigned int i;
-const sparc_def_t *def = NULL;
-
-for (i = 0; i < ARRAY_SIZE(sparc_defs); i++) {
-if (strcasecmp(name, sparc_defs[i].name) == 0) {
-def = &sparc_defs[i];
-}
-}
-if (!def) {
-return -1;
-}
-memcpy(cpu_def, def, sizeof(*def));
-return 0;
-}
-
 static void sparc_cpu_parse_features(CPUState *cs, char *features,
  Error **errp)
 {
@@ -796,6 +780,36 @@ static bool sparc_cpu_has_work(CPUState *cs)
cpu_interrupts_enabled(env);
 }
 
+static char *sparc_cpu_type_name(const char *cpu_model)
+{
+char *name = g_strdup_printf("%s-" TYPE_SPARC_CPU, cpu_model);
+char *s = name;
+
+/* SPARC cpu model names happen to have whitespaces,
+ * as type names shouldn't have spaces replace them with '-'
+ */
+while ((s = strchr(s, ' '))) {
+*s = '-';
+}
+
+return name;
+}
+
+static ObjectClass *sparc_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+char *typename;
+
+if (cpu_model == NULL) {
+return NULL;
+}
+

[Qemu-devel] [PATCH for-2.11 07/27] sparc: replace custom cpu feature parsing with cpu_legacy_parse_featurestr()

[Igor Mammedov]

with features converted to properties we can reuse shared
with x86 cpu_legacy_parse_featurestr() for features parsing
and drop legacy parser that manipulated CPU directly.

With that in place and sparc_cpu_parse_features() providing
generic CPUClass::parse_features callback, the cpu_sparc_init()
will do the same job as cpu_generic_init() so replace content
of cpu_sparc_init() with it.

Signed-off-by: Igor Mammedov 
---
CC: Riku Voipio 
CC: Laurent Vivier 
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 

v2:
  * use new cpu_legacy_parse_featurestr() without
plus_features/minus_features
  * drop cpu_legacy_apply_features() as it's been removed in
previuos patch and new cpu_legacy_parse_featurestr()
does its job
---
 default-configs/sparc-bsd-user.mak |   1 +
 default-configs/sparc-linux-user.mak   |   1 +
 default-configs/sparc-softmmu.mak  |   1 +
 default-configs/sparc32plus-linux-user.mak |   1 +
 default-configs/sparc64-bsd-user.mak   |   1 +
 default-configs/sparc64-linux-user.mak |   1 +
 default-configs/sparc64-softmmu.mak|   1 +
 target/sparc/cpu.c | 146 +
 8 files changed, 12 insertions(+), 141 deletions(-)

diff --git a/default-configs/sparc-bsd-user.mak 
b/default-configs/sparc-bsd-user.mak
index 21e0950..caea9ea 100644
--- a/default-configs/sparc-bsd-user.mak
+++ b/default-configs/sparc-bsd-user.mak
@@ -1 +1,2 @@
 # Default configuration for sparc-bsd-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc-linux-user.mak 
b/default-configs/sparc-linux-user.mak
index 9c716d1..0f23504 100644
--- a/default-configs/sparc-linux-user.mak
+++ b/default-configs/sparc-linux-user.mak
@@ -1 +1,2 @@
 # Default configuration for sparc-linux-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc-softmmu.mak 
b/default-configs/sparc-softmmu.mak
index 004b0f4..d8fa9fd 100644
--- a/default-configs/sparc-softmmu.mak
+++ b/default-configs/sparc-softmmu.mak
@@ -18,3 +18,4 @@ CONFIG_GRLIB=y
 CONFIG_STP2000=y
 CONFIG_ECCMEMCTL=y
 CONFIG_SUN4M=y
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc32plus-linux-user.mak 
b/default-configs/sparc32plus-linux-user.mak
index 432e880..e3cc16b 100644
--- a/default-configs/sparc32plus-linux-user.mak
+++ b/default-configs/sparc32plus-linux-user.mak
@@ -1 +1,2 @@
 # Default configuration for sparc32plus-linux-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc64-bsd-user.mak 
b/default-configs/sparc64-bsd-user.mak
index b8b9eea..25bfa1f 100644
--- a/default-configs/sparc64-bsd-user.mak
+++ b/default-configs/sparc64-bsd-user.mak
@@ -1 +1,2 @@
 # Default configuration for sparc64-bsd-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc64-linux-user.mak 
b/default-configs/sparc64-linux-user.mak
index bf1bdd6..7c8a9f0 100644
--- a/default-configs/sparc64-linux-user.mak
+++ b/default-configs/sparc64-linux-user.mak
@@ -1 +1,2 @@
 # Default configuration for sparc64-linux-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/sparc64-softmmu.mak 
b/default-configs/sparc64-softmmu.mak
index d07876a..658546a 100644
--- a/default-configs/sparc64-softmmu.mak
+++ b/default-configs/sparc64-softmmu.mak
@@ -16,3 +16,4 @@ CONFIG_MC146818RTC=y
 CONFIG_ISA_TESTDEV=y
 CONFIG_EMPTY_SLOT=y
 CONFIG_SUN4V_RTC=y
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 7f74b1c..fd01cbf 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -104,51 +104,15 @@ static void cpu_sparc_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 #endif
 }
 
-static void sparc_cpu_parse_features(CPUState *cs, char *features,
- Error **errp);
-
-static int cpu_sparc_register(SPARCCPU *cpu, const char *cpu_model)
+static void sparc_cpu_parse_features(const char *typename, char *features,
+ Error **errp)
 {
-char *s = g_strdup(cpu_model);
-char *featurestr = strtok(s, ",");
-Error *err = NULL;
-
-featurestr = strtok(NULL, ",");
-sparc_cpu_parse_features(CPU(cpu), featurestr, &err);
-g_free(s);
-if (err) {
-error_report_err(err);
-return -1;
-}
-
-return 0;
+cpu_legacy_parse_featurestr(typename, features, errp);
 }
 
 SPARCCPU *cpu_sparc_init(const char *cpu_model)
 {
-SPARCCPU *cpu;
-ObjectClass *oc;
-char *str, *name;
-
-str = g_strdup(cpu_model);
-name = strtok(str, ",");
-oc = cpu_class_by_name(TYPE_SPARC_CPU, name);
-if (oc == NULL) {
-g_free(str);
-return NULL;
-}
-g_free(str);
-
-cpu = SPARC_CPU(object_new(object_class_get_name(oc)));
-
-if (cpu_sparc_register(cpu, cpu_model) < 0) {
-object_unref(OBJECT(cpu));
-return NULL;
-}
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
+return SPARC_CPU(cpu_generic_init(TYPE_SPARC_CPU, cpu_model));
 }
 
 void cpu

[Qemu-devel] [PATCH for-2.11 00/27] complete cpu QOMification and remove cpu_FOO_init() helpers

[Igor Mammedov]

ChangeLog:
  * rebase on top of rc3 
  * drop MIPS CPU QOMifying patches as it's superseeded
by another series: "[PATCH 0/8] QOMify MIPS cpu"
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg03041.html
  * new patch to hide plus/minus features handling inside of feature parsing:
 "target-i386: cpu: convert plus/minus properties to global properties"
  * SPARC: make base CPU class abstract

While looking at ways to to get rid of ad-hoc cpu_model
parsing in every machine/*-user and unifying -cpu option
parsing, making it generic, I've noticed that most of
the targets have cpu_FOO_init() helper that does nothing
except of calling cpu_generic_init() and a few that do
additional ad-hoc cpu initialization outside of QOM model.

The most of the later could be easily fixed and
the 2 remaining mips/sparc targets are missing proper
conversion of cpu models to cpu subclasses and/or
cpu features to properties, with that fixed it's
possible get rid of custom cpu_FOO_init() helpers and
reuse cpu_generic_init() instead (which reduces code
size quite a bit).

That's what this series (1st part of cpu_model unification) does.
Patches:
 * 1-8: complete QOMifying SPARC cpu including features into properties
conversion and cpu models into classes so it could use
cpu_generic_init() to create cpus.

above patches care only about completing CPU QOMinfication and
might be not pretty or clean as they could be,
but leave cleanups and follow up code simplification is way out of scope 
and (might|should) be done on top by respective maintainers or someone
who cares about it.

 * the rest of the patches are just replacing custom cpu_FOO_init()
   with cpu_generic_init() and sometimes dealing with target 
   specific oddities in handling cpu name to typename conversion

git tree for testing/viewing:
https://github.com/imammedo/qemu.git cpu_init_def_target_cpu_V2
https://github.com/imammedo/qemu/commits/cpu_init_def_target_cpu_V2

Ref to v1:
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04414.html

PS:

SPARC are the only targets that received 'heavy' refactoring
so I've treated them with more manual testing the rest of series if
slightly tested /make check for softmmu targets and running busybox for
the most of *-linux targets /, and not regressions were noticed.

And now about follow up series, as end result of unificathion,
I'm looking for:

   - replacing many ad-hoc ways of specifying default cpu with
 a one generic way
   - cpu_model parsing done with common cpu_model_helper that
 will be called from 3 places: generic machine code and [linux|bsd]-user
   - cpu_model_helper returning cpu type name that
 the rest of the code will deal with
   - get rid of cpu_init() and leave only cpu_generic_init() throughout the tree
   - make cpu_model_helper usable at pre machine_init() time
 so that commands like hotplugable-cpus could be used
 in with HMP/QMP preconfiguration interface I'm working on.
 (it's the real reason why I'm doing all of of this)


Igor Mammedov (27):
  sparc: convert cpu models to SPARC cpu subclasses
  sparc: embed sparc_def_t into CPUSPARCState
  sparc: convert cpu features to qdev properties
  sparc: move adhoc CPUSPARCState initialization to realize time
  target-i386: cpu: convert plus/minus properties to global properties
  x86: extract legacy cpu features format parser
  sparc: replace custom cpu feature parsing with
cpu_legacy_parse_featurestr()
  sparc: replace cpu_sparc_init() with cpu_generic_init()
  s390x: replace cpu_s390x_init() with cpu_generic_init()
  alpha: replace cpu_alpha_init() with cpu_generic_init()
  hppa: replace cpu_hppa_init() with cpu_generic_init()
  m68k: replace cpu_m68k_init() with cpu_generic_init()
  microblaze: replace cpu_mb_init() with cpu_generic_init()
  nios2: replace cpu_nios2_init() with cpu_generic_init()
  tilegx: replace cpu_tilegx_init() with cpu_generic_init()
  xtensa: replace cpu_xtensa_init() with cpu_generic_init()
  tricore: replace cpu_tricore_init() with cpu_generic_init()
  sh4: replace cpu_sh4_init() with cpu_generic_init()
  arm: replace cpu_arm_init() with cpu_generic_init()
  cris: replace cpu_cris_init() with cpu_generic_init()
  x86: replace cpu_x86_init() with cpu_generic_init()
  lm32: replace cpu_lm32_init() with cpu_generic_init()
  moxie: replace cpu_moxie_init() with cpu_generic_init()
  openrisc: replace cpu_openrisc_init() with cpu_generic_init()
  unicore32: replace uc32_cpu_init() with cpu_generic_init()
  ppc: replace cpu_ppc_init() with cpu_generic_init()
  fix build failure in nbd_read_reply_entry()

 include/qom/cpu.h  |   2 +
 linux-user/sparc/target_syscall.h  |   2 +-
 target/alpha/cpu.h |   4 +-
 target/arm/cpu.h   |   3 +-
 target/cris/cpu.h  |   3 +-
 target/hppa/cpu.h  |   4 +-
 target/i386/cpu.h  |   3 +-
 target

[Qemu-devel] [PATCH for-2.11 12/27] m68k: replace cpu_m68k_init() with cpu_generic_init()

[Igor Mammedov]

call register_m68k_insns() at realize time which makes
cpu_m68k_init() typical object creation function.
As result we can replace it with cpu_generic_init()
which does the same job, reducing code duplication a bit.

Signed-off-by: Igor Mammedov 
Tested-by: Thomas Huth 
Acked-by: Laurent Vivier 
---
 target/m68k/cpu.h|  3 +--
 hw/m68k/an5206.c |  2 +-
 hw/m68k/mcf5208.c|  2 +-
 target/m68k/cpu.c|  2 ++
 target/m68k/helper.c | 20 
 5 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 38a7e11..d936547 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -163,7 +163,6 @@ int m68k_cpu_gdb_write_register(CPUState *cpu, uint8_t 
*buf, int reg);
 
 void m68k_tcg_init(void);
 void m68k_cpu_init_gdb(M68kCPU *cpu);
-M68kCPU *cpu_m68k_init(const char *cpu_model);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
@@ -322,7 +321,7 @@ void register_m68k_insns (CPUM68KState *env);
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define cpu_init(cpu_model) CPU(cpu_m68k_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_M68K_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_m68k_signal_handler
 #define cpu_list m68k_cpu_list
diff --git a/hw/m68k/an5206.c b/hw/m68k/an5206.c
index c762441..7b9b15d 100644
--- a/hw/m68k/an5206.c
+++ b/hw/m68k/an5206.c
@@ -42,7 +42,7 @@ static void an5206_init(MachineState *machine)
 if (!cpu_model) {
 cpu_model = "m5206";
 }
-cpu = cpu_m68k_init(cpu_model);
+cpu = M68K_CPU(cpu_generic_init(TYPE_M68K_CPU, cpu_model));
 if (!cpu) {
 error_report("Unable to find m68k CPU definition");
 exit(1);
diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index f4b1387..1a0f180 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -232,7 +232,7 @@ static void mcf5208evb_init(MachineState *machine)
 if (!cpu_model) {
 cpu_model = "m5208";
 }
-cpu = cpu_m68k_init(cpu_model);
+cpu = M68K_CPU(cpu_generic_init(TYPE_M68K_CPU, cpu_model));
 if (!cpu) {
 fprintf(stderr, "Unable to find m68k CPU definition\n");
 exit(1);
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index a14b6dd..55bf24b 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -230,6 +230,8 @@ static void m68k_cpu_realizefn(DeviceState *dev, Error 
**errp)
 M68kCPUClass *mcc = M68K_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
+register_m68k_insns(&cpu->env);
+
 cpu_exec_realizefn(cs, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index caae291..7e50ff5 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -156,26 +156,6 @@ static int m68k_fpu_gdb_set_reg(CPUM68KState *env, uint8_t 
*mem_buf, int n)
 return 0;
 }
 
-M68kCPU *cpu_m68k_init(const char *cpu_model)
-{
-M68kCPU *cpu;
-CPUM68KState *env;
-ObjectClass *oc;
-
-oc = cpu_class_by_name(TYPE_M68K_CPU, cpu_model);
-if (oc == NULL) {
-return NULL;
-}
-cpu = M68K_CPU(object_new(object_class_get_name(oc)));
-env = &cpu->env;
-
-register_m68k_insns(env);
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
-}
-
 void m68k_cpu_init_gdb(M68kCPU *cpu)
 {
 CPUState *cs = CPU(cpu);
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 05/27] target-i386: cpu: convert plus/minus properties to global properties

[Igor Mammedov]

Since
 (commit d4a606b3 i386: Don't override -cpu options on -cpu host/max)
it became possible to delete hack where it was necessary to
postpone applying plus/minus features to realize time
after max_features were applied to keep legacy +-feat
override semantics.

with above commit it's possible to convert +-feat to a set
of GlobalProperty items and keep +-feat override semantics,
these properties should be added to global list at the end
to override properties that were set with feat=on|off syntax.

Signed-off-by: Igor Mammedov 
---
CC: Richard Henderson 
CC: Eduardo Habkost 
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
CC: Philippe Mathieu-Daudé 
---
 target/i386/cpu.c | 108 --
 1 file changed, 40 insertions(+), 68 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ddc45ab..84f552d 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2058,23 +2058,32 @@ static const char *x86_cpu_feature_name(FeatureWord w, 
int bitnr)
 return feature_word_info[w].feat_names[bitnr];
 }
 
-/* Compatibily hack to maintain legacy +-feat semantic,
- * where +-feat overwrites any feature set by
- * feat=on|feat even if the later is parsed after +-feat
- * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
- */
-static GList *plus_features, *minus_features;
-
 static gint compare_string(gconstpointer a, gconstpointer b)
 {
 return g_strcmp0(a, b);
 }
 
-/* Parse "+feature,-feature,feature=foo" CPU feature string
- */
+static void
+cpu_add_feat_as_prop(const char *typename, const char *name, const char *val)
+{
+GlobalProperty *prop = g_new0(typeof(*prop), 1);
+prop->driver = typename;
+prop->property = g_strdup(name);
+prop->value = g_strdup(val);
+prop->errp = &error_fatal;
+qdev_prop_register_global(prop);
+}
+
+/* Parse "+feature,-feature,feature=foo" CPU feature string */
 static void x86_cpu_parse_featurestr(const char *typename, char *features,
  Error **errp)
 {
+/* Compatibily hack to maintain legacy +-feat semantic,
+ * where +-feat overwrites any feature set by
+ * feat=on|feat even if the later is parsed after +-feat
+ * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
+ */
+GList *l, *plus_features = NULL, *minus_features = NULL;
 char *featurestr; /* Single 'key=value" string being parsed */
 static bool cpu_globals_initialized;
 bool ambiguous = false;
@@ -2095,7 +2104,6 @@ static void x86_cpu_parse_featurestr(const char 
*typename, char *features,
 const char *val = NULL;
 char *eq = NULL;
 char num[32];
-GlobalProperty *prop;
 
 /* Compatibility syntax: */
 if (featurestr[0] == '+') {
@@ -2147,21 +2155,32 @@ static void x86_cpu_parse_featurestr(const char 
*typename, char *features,
 name = "tsc-frequency";
 }
 
-prop = g_new0(typeof(*prop), 1);
-prop->driver = typename;
-prop->property = g_strdup(name);
-prop->value = g_strdup(val);
-prop->errp = &error_fatal;
-qdev_prop_register_global(prop);
+cpu_add_feat_as_prop(typename, name, val);
 }
 
 if (ambiguous) {
 warn_report("Compatibility of ambiguous CPU model "
 "strings won't be kept on future QEMU versions");
 }
+
+for (l = plus_features; l; l = l->next) {
+const char *name = l->data;
+cpu_add_feat_as_prop(typename, name, "on");
+}
+if (plus_features) {
+g_list_free_full(plus_features, g_free);
+}
+
+for (l = minus_features; l; l = l->next) {
+const char *name = l->data;
+cpu_add_feat_as_prop(typename, name, "off");
+}
+if (minus_features) {
+g_list_free_full(minus_features, g_free);
+}
 }
 
-static void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
+static void x86_cpu_expand_features(X86CPU *cpu);
 static int x86_cpu_filter_features(X86CPU *cpu);
 
 /* Check for missing features that may prevent the CPU class from
@@ -2172,7 +2191,6 @@ static void 
x86_cpu_class_check_missing_features(X86CPUClass *xcc,
 {
 X86CPU *xc;
 FeatureWord w;
-Error *err = NULL;
 strList **next = missing_feats;
 
 if (xcc->kvm_required && !kvm_enabled()) {
@@ -2184,18 +2202,7 @@ static void 
x86_cpu_class_check_missing_features(X86CPUClass *xcc,
 
 xc = X86_CPU(object_new(object_class_get_name(OBJECT_CLASS(xcc;
 
-x86_cpu_expand_features(xc, &err);
-if (err) {
-/* Errors at x86_cpu_expand_features should never happen,
- * but in case it does, just report the model as not
- * runnable at all using the "type" property.
- */
-strList *new = g_new0(strList, 1);
-new->value = g_strdup("type");
-*next = new;
-next = &new->next;
-}
-
+x86_cpu_expand_features(xc);
 x86_cpu_filter_features(xc);
 
 for (w = 0; w < FEATURE_WORDS; w++) {
@@ 

[Qemu-devel] [PATCH for-2.11 04/27] sparc: move adhoc CPUSPARCState initialization to realize time

[Igor Mammedov]

SPARCCPU::env was initialized from previosuly set properties
(with help of sparc_cpu_parse_features) in cpu_sparc_register().
However there is not reason to keep it there as this task is
typically done at realize time. So move post properties
initialization into sparc_cpu_realizefn, which brings
cpu_sparc_init() closer to cpu_generic_init().

Signed-off-by: Igor Mammedov 
---
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
---
 target/sparc/cpu.c | 30 +++---
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index e735d73..7f74b1c 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -109,7 +109,6 @@ static void sparc_cpu_parse_features(CPUState *cs, char 
*features,
 
 static int cpu_sparc_register(SPARCCPU *cpu, const char *cpu_model)
 {
-CPUSPARCState *env = &cpu->env;
 char *s = g_strdup(cpu_model);
 char *featurestr = strtok(s, ",");
 Error *err = NULL;
@@ -122,19 +121,6 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
 return -1;
 }
 
-env->version = env->def.iu_version;
-env->fsr = env->def.fpu_version;
-env->nwindows = env->def.nwindows;
-#if !defined(TARGET_SPARC64)
-env->mmuregs[0] |= env->def.mmu_version;
-cpu_sparc_set_id(env, 0);
-env->mxccregs[7] |= env->def.mxcc_version;
-#else
-env->mmu_version = env->def.mmu_version;
-env->maxtl = env->def.maxtl;
-env->version |= env->def.maxtl << 8;
-env->version |= env->def.nwindows - 1;
-#endif
 return 0;
 }
 
@@ -817,15 +803,29 @@ static void sparc_cpu_realizefn(DeviceState *dev, Error 
**errp)
 CPUState *cs = CPU(dev);
 SPARCCPUClass *scc = SPARC_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
-#if defined(CONFIG_USER_ONLY)
 SPARCCPU *cpu = SPARC_CPU(dev);
 CPUSPARCState *env = &cpu->env;
 
+#if defined(CONFIG_USER_ONLY)
 if ((env->def.features & CPU_FEATURE_FLOAT)) {
 env->def.features |= CPU_FEATURE_FLOAT128;
 }
 #endif
 
+env->version = env->def.iu_version;
+env->fsr = env->def.fpu_version;
+env->nwindows = env->def.nwindows;
+#if !defined(TARGET_SPARC64)
+env->mmuregs[0] |= env->def.mmu_version;
+cpu_sparc_set_id(env, 0);
+env->mxccregs[7] |= env->def.mxcc_version;
+#else
+env->mmu_version = env->def.mmu_version;
+env->maxtl = env->def.maxtl;
+env->version |= env->def.maxtl << 8;
+env->version |= env->def.nwindows - 1;
+#endif
+
 cpu_exec_realizefn(cs, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 09/27] s390x: replace cpu_s390x_init() with cpu_generic_init()

[Igor Mammedov]

cpu_s390x_init() is used only *-user targets indirectly
via cpu_init() macro and has a hack to assign ids to created
cpus (I'm not sure if 'id' really matters to *-user emulation).

So to on safe side, instead of having custom wrapper to do numbering
replace it with cpu_generic_init() and use S390CPUClass::next_cpu_id
which could serve the same purpose as static variable and move cpu->id
initialization to s390_cpu_initfn for CONFIG_USER_ONLY use-case.

PS:
ifdef is ugly but it allows us to hide s390x detail that isn't
set by *-user targets and reuse generic cpu creation utility
for btoh machine and user emulation.

Signed-off-by: Igor Mammedov 
Acked-by: Cornelia Huck 
---
perhaps cpu->id isn't need by CONFIG_USER_ONLY but I'd leave to it
s390x maintainers to deal with it.
---
 target/s390x/cpu.h|  3 +--
 target/s390x/cpu.c|  7 +++
 target/s390x/helper.c | 14 --
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 29fdd5d..7891d68 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -474,7 +474,6 @@ static inline bool get_per_in_range(CPUS390XState *env, 
uint64_t addr)
 }
 }
 
-S390CPU *cpu_s390x_init(const char *cpu_model);
 S390CPU *s390x_new_cpu(const char *cpu_model, int64_t id, Error **errp);
 S390CPU *cpu_s390x_create(const char *cpu_model, Error **errp);
 void s390x_translate_init(void);
@@ -638,7 +637,7 @@ static inline unsigned int s390_cpu_set_state(uint8_t 
cpu_state, S390CPU *cpu)
 
 extern void subsystem_reset(void);
 
-#define cpu_init(model) CPU(cpu_s390x_init(model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_S390_CPU, cpu_model)
 #define cpu_signal_handler cpu_s390x_signal_handler
 
 void s390_cpu_list(FILE *f, fprintf_function cpu_fprintf);
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 489bc25..72b0b9e 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -303,6 +303,13 @@ static void s390_cpu_initfn(Object *obj)
 inited = true;
 s390x_translate_init();
 }
+
+#if defined(CONFIG_USER_ONLY)
+{
+S390CPUClass *scc = S390_CPU_GET_CLASS(obj);
+cpu->id = scc->next_cpu_id;
+}
+#endif
 }
 
 static void s390_cpu_finalize(Object *obj)
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index 0c989b1..5c23552 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -128,20 +128,6 @@ out:
 return cpu;
 }
 
-S390CPU *cpu_s390x_init(const char *cpu_model)
-{
-Error *err = NULL;
-S390CPU *cpu;
-/* Use to track CPU ID for linux-user only */
-static int64_t next_cpu_id;
-
-cpu = s390x_new_cpu(cpu_model, next_cpu_id++, &err);
-if (err) {
-error_report_err(err);
-}
-return cpu;
-}
-
 #ifndef CONFIG_USER_ONLY
 
 hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 06/27] x86: extract legacy cpu features format parser

[Igor Mammedov]

Move cpu_model +-feat parsing into a separate file so that it
could be reused later for parsing similar format of sparc target

Signed-off-by: Igor Mammedov 
---
CC: Richard Henderson 
CC: Eduardo Habkost 
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
CC: Philippe Mathieu-Daudé 
---
 include/qom/cpu.h |   2 +
 default-configs/i386-bsd-user.mak |   1 +
 default-configs/i386-linux-user.mak   |   1 +
 default-configs/i386-softmmu.mak  |   1 +
 default-configs/x86_64-bsd-user.mak   |   1 +
 default-configs/x86_64-linux-user.mak |   1 +
 default-configs/x86_64-softmmu.mak|   1 +
 target/i386/cpu.c | 125 +-
 util/Makefile.objs|   1 +
 util/legacy_cpu_features_parser.c | 161 ++
 10 files changed, 171 insertions(+), 124 deletions(-)
 create mode 100644 util/legacy_cpu_features_parser.c

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 25eefea..30247dc 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -1038,4 +1038,6 @@ extern const struct VMStateDescription vmstate_cpu_common;
 
 #define UNASSIGNED_CPU_INDEX -1
 
+void cpu_legacy_parse_featurestr(const char *typename, char *features,
+ Error **errp);
 #endif
diff --git a/default-configs/i386-bsd-user.mak 
b/default-configs/i386-bsd-user.mak
index af1b31a..b28a05f 100644
--- a/default-configs/i386-bsd-user.mak
+++ b/default-configs/i386-bsd-user.mak
@@ -1 +1,2 @@
 # Default configuration for i386-bsd-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/i386-linux-user.mak 
b/default-configs/i386-linux-user.mak
index 8657e68..c136967 100644
--- a/default-configs/i386-linux-user.mak
+++ b/default-configs/i386-linux-user.mak
@@ -1 +1,2 @@
 # Default configuration for i386-linux-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index d2ab2f6..e3e7c0e 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -59,3 +59,4 @@ CONFIG_SMBIOS=y
 CONFIG_HYPERV_TESTDEV=$(CONFIG_KVM)
 CONFIG_PXB=y
 CONFIG_ACPI_VMGENID=y
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/x86_64-bsd-user.mak 
b/default-configs/x86_64-bsd-user.mak
index 73e5d34..952323c 100644
--- a/default-configs/x86_64-bsd-user.mak
+++ b/default-configs/x86_64-bsd-user.mak
@@ -1 +1,2 @@
 # Default configuration for x86_64-bsd-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/x86_64-linux-user.mak 
b/default-configs/x86_64-linux-user.mak
index bec1d9e..b513ef2 100644
--- a/default-configs/x86_64-linux-user.mak
+++ b/default-configs/x86_64-linux-user.mak
@@ -1 +1,2 @@
 # Default configuration for x86_64-linux-user
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 9bde2f1..6594ddf 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -59,3 +59,4 @@ CONFIG_SMBIOS=y
 CONFIG_HYPERV_TESTDEV=$(CONFIG_KVM)
 CONFIG_PXB=y
 CONFIG_ACPI_VMGENID=y
+CONFIG_LEGACY_CPU_FEATURES=y
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 84f552d..ac60c1a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -17,7 +17,6 @@
  * License along with this library; if not, see .
  */
 #include "qemu/osdep.h"
-#include "qemu/cutils.h"
 
 #include "cpu.h"
 #include "exec/exec-all.h"
@@ -2030,13 +2029,6 @@ static const PropertyInfo qdev_prop_spinlocks = {
 /* Convert all '_' in a feature string option name to '-', to make feature
  * name conform to QOM property naming rule, which uses '-' instead of '_'.
  */
-static inline void feat2prop(char *s)
-{
-while ((s = strchr(s, '_'))) {
-*s = '-';
-}
-}
-
 /* Return the feature property name for a feature flag bit */
 static const char *x86_cpu_feature_name(FeatureWord w, int bitnr)
 {
@@ -2058,126 +2050,11 @@ static const char *x86_cpu_feature_name(FeatureWord w, 
int bitnr)
 return feature_word_info[w].feat_names[bitnr];
 }
 
-static gint compare_string(gconstpointer a, gconstpointer b)
-{
-return g_strcmp0(a, b);
-}
-
-static void
-cpu_add_feat_as_prop(const char *typename, const char *name, const char *val)
-{
-GlobalProperty *prop = g_new0(typeof(*prop), 1);
-prop->driver = typename;
-prop->property = g_strdup(name);
-prop->value = g_strdup(val);
-prop->errp = &error_fatal;
-qdev_prop_register_global(prop);
-}
-
 /* Parse "+feature,-feature,feature=foo" CPU feature string */
 static void x86_cpu_parse_featurestr(const char *typename, char *features,
  Error **errp)
 {
-/* Compatibily hack to maintain legacy +-feat semantic,
- * where +-feat overwrites any feature set by
- * feat=on|feat even if the later is parsed after +-feat
- * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
- */
-GList *l, *plus_features = NULL, *minus_features

[Qemu-devel] [PATCH for-2.11 10/27] alpha: replace cpu_alpha_init() with cpu_generic_init()

[Igor Mammedov]

cpu_alpha_init() used to provide default fallback if invalid
(i.e. non existent) cpu_model were provided.

dp264 machine provides its own default so sole user of fallback
is [bsd|linux]-user targets which specifies 'any' cpu model that
fallbacks to "ev67" in cpu_alpha_init(). Push fallback handling
into alpha_cpu_class_by_name() and replace cpu_alpha_init() with
cpu_generic_init().

Signed-off-by: Igor Mammedov 
Acked-by: Richard Henderson 
---
PS:
  tested only linux-user as I don't have bsd box to test on
---
 target/alpha/cpu.h |  4 +---
 hw/alpha/dp264.c   |  8 ++--
 target/alpha/cpu.c | 20 +---
 3 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index e95be2b..0738e97 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -468,9 +468,7 @@ enum {
 
 void alpha_translate_init(void);
 
-AlphaCPU *cpu_alpha_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(cpu_alpha_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_ALPHA_CPU, cpu_model)
 
 void alpha_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 3b307ad..1c5a177 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -51,7 +51,7 @@ static int clipper_pci_map_irq(PCIDevice *d, int irq_num)
 static void clipper_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
+const char *cpu_model = machine->cpu_model ? machine->cpu_model : "ev67";
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
@@ -67,7 +67,11 @@ static void clipper_init(MachineState *machine)
 /* Create up to 4 cpus.  */
 memset(cpus, 0, sizeof(cpus));
 for (i = 0; i < smp_cpus; ++i) {
-cpus[i] = cpu_alpha_init(cpu_model ? cpu_model : "ev67");
+cpus[i] = ALPHA_CPU(cpu_generic_init(TYPE_ALPHA_CPU, cpu_model));
+if (!cpus[i]) {
+error_report("Unable to find CPU definition");
+exit(1);
+}
 }
 
 cpus[0]->env.trap_arg0 = ram_size;
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index 76150f4..1ea597b 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -155,24 +155,14 @@ static ObjectClass *alpha_cpu_class_by_name(const char 
*cpu_model)
 if (oc != NULL && object_class_is_abstract(oc)) {
 oc = NULL;
 }
-return oc;
-}
-
-AlphaCPU *cpu_alpha_init(const char *cpu_model)
-{
-AlphaCPU *cpu;
-ObjectClass *cpu_class;
 
-cpu_class = alpha_cpu_class_by_name(cpu_model);
-if (cpu_class == NULL) {
-/* Default to ev67; no reason not to emulate insns by default.  */
-cpu_class = object_class_by_name(TYPE("ev67"));
+/* TODO: remove match everything nonsense */
+/* Default to ev67; no reason not to emulate insns by default. */
+if (!oc) {
+oc = object_class_by_name(TYPE("ev67"));
 }
-cpu = ALPHA_CPU(object_new(object_class_get_name(cpu_class)));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
 
-return cpu;
+return oc;
 }
 
 static void ev4_cpu_initfn(Object *obj)
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 02/27] sparc: embed sparc_def_t into CPUSPARCState

[Igor Mammedov]

Make CPUSPARCState::def embedded so it would be allocated as part
of cpu instance and we won't have to worry about cleaning def pointer
up mannualy on cpu destruction.

Signed-off-by: Igor Mammedov 
---
Embedded CPUSPARCState::def also needed for follow up patch
to use its fields with static qdev properties.

CC: Riku Voipio 
CC: Laurent Vivier 
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
---
 linux-user/sparc/target_syscall.h |  2 +-
 target/sparc/cpu.h|  8 
 target/sparc/cpu.c| 39 ---
 target/sparc/int32_helper.c   |  2 +-
 target/sparc/int64_helper.c   |  2 +-
 target/sparc/ldst_helper.c| 14 +++---
 target/sparc/mmu_helper.c |  2 +-
 target/sparc/translate.c  |  2 +-
 target/sparc/win_helper.c |  4 ++--
 9 files changed, 34 insertions(+), 41 deletions(-)

diff --git a/linux-user/sparc/target_syscall.h 
b/linux-user/sparc/target_syscall.h
index f97aa6b..5f09abf 100644
--- a/linux-user/sparc/target_syscall.h
+++ b/linux-user/sparc/target_syscall.h
@@ -31,7 +31,7 @@ struct target_pt_regs {
 
 static inline abi_ulong target_shmlba(CPUSPARCState *env)
 {
-if (!(env->def->features & CPU_FEATURE_FLUSH)) {
+if (!(env->def.features & CPU_FEATURE_FLUSH)) {
 return 64 * 1024;
 } else {
 return 256 * 1024;
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 95a36a4..0e41916 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -529,7 +529,7 @@ struct CPUSPARCState {
 #define SOFTINT_INTRMASK (0xFFFE)
 #define SOFTINT_REG_MASK (SOFTINT_STIMER|SOFTINT_INTRMASK|SOFTINT_TIMER)
 #endif
-sparc_def_t *def;
+sparc_def_t def;
 
 void *irq_manager;
 void (*qemu_irq_ack)(CPUSPARCState *env, void *irq_manager, int intno);
@@ -679,7 +679,7 @@ int cpu_sparc_signal_handler(int host_signum, void *pinfo, 
void *puc);
 #if defined (TARGET_SPARC64)
 static inline int cpu_has_hypervisor(CPUSPARCState *env1)
 {
-return env1->def->features & CPU_FEATURE_HYPV;
+return env1->def.features & CPU_FEATURE_HYPV;
 }
 
 static inline int cpu_hypervisor_mode(CPUSPARCState *env1)
@@ -788,14 +788,14 @@ static inline void cpu_get_tb_cpu_state(CPUSPARCState 
*env, target_ulong *pc,
 if (env->pstate & PS_AM) {
 flags |= TB_FLAG_AM_ENABLED;
 }
-if ((env->def->features & CPU_FEATURE_FLOAT)
+if ((env->def.features & CPU_FEATURE_FLOAT)
 && (env->pstate & PS_PEF)
 && (env->fprs & FPRS_FEF)) {
 flags |= TB_FLAG_FPU_ENABLED;
 }
 flags |= env->asi << TB_FLAG_ASI_SHIFT;
 #else
-if ((env->def->features & CPU_FEATURE_FLOAT) && env->psref) {
+if ((env->def.features & CPU_FEATURE_FLOAT) && env->psref) {
 flags |= TB_FLAG_FPU_ENABLED;
 }
 #endif
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 2994c09..f4e7343 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -66,7 +66,7 @@ static void sparc_cpu_reset(CPUState *s)
 env->lsu = 0;
 #else
 env->mmuregs[0] &= ~(MMU_E | MMU_NF);
-env->mmuregs[0] |= env->def->mmu_bm;
+env->mmuregs[0] |= env->def.mmu_bm;
 #endif
 env->pc = 0;
 env->npc = env->pc + 4;
@@ -120,18 +120,18 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
 return -1;
 }
 
-env->version = env->def->iu_version;
-env->fsr = env->def->fpu_version;
-env->nwindows = env->def->nwindows;
+env->version = env->def.iu_version;
+env->fsr = env->def.fpu_version;
+env->nwindows = env->def.nwindows;
 #if !defined(TARGET_SPARC64)
-env->mmuregs[0] |= env->def->mmu_version;
+env->mmuregs[0] |= env->def.mmu_version;
 cpu_sparc_set_id(env, 0);
-env->mxccregs[7] |= env->def->mxcc_version;
+env->mxccregs[7] |= env->def.mxcc_version;
 #else
-env->mmu_version = env->def->mmu_version;
-env->maxtl = env->def->maxtl;
-env->version |= env->def->maxtl << 8;
-env->version |= env->def->nwindows - 1;
+env->mmu_version = env->def.mmu_version;
+env->maxtl = env->def.maxtl;
+env->version |= env->def.maxtl << 8;
+env->version |= env->def.nwindows - 1;
 #endif
 return 0;
 }
@@ -558,7 +558,7 @@ static void sparc_cpu_parse_features(CPUState *cs, char 
*features,
  Error **errp)
 {
 SPARCCPU *cpu = SPARC_CPU(cs);
-sparc_def_t *cpu_def = cpu->env.def;
+sparc_def_t *cpu_def = &cpu->env.def;
 char *featurestr;
 uint32_t plus_features = 0;
 uint32_t minus_features = 0;
@@ -819,8 +819,8 @@ static void sparc_cpu_realizefn(DeviceState *dev, Error 
**errp)
 SPARCCPU *cpu = SPARC_CPU(dev);
 CPUSPARCState *env = &cpu->env;
 
-if ((env->def->features & CPU_FEATURE_FLOAT)) {
-env->def->features |= CPU_FEATURE_FLOAT128;
+if ((env->def.features & CPU_FEATURE_FLOAT)) {
+env->def.features |= CPU_FEATURE_FLOAT128;
 }
 #endif
 
@@ -848,15 +848,9 @@ static void sparc_cpu_initfn(Object *obj)
 gen_inte

[Qemu-devel] [PATCH for-2.11 11/27] hppa: replace cpu_hppa_init() with cpu_generic_init()

[Igor Mammedov]

drop custom cpu_hppa_init() in favor of cpu_generic_init(),
to make cpu_generic_init() work all we need is to provide
cc->class_by_name callback that would resolve any cpu_model
to the sole TYPE_HPPA_CPU to match current behaviour.

Signed-off-by: Igor Mammedov 
Acked-by: Richard Henderson 
---

tested with linux-user
---
 target/hppa/cpu.h |  4 +---
 target/hppa/cpu.c | 11 +++
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 4cf4ac6..8d14077 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -112,9 +112,7 @@ static inline int cpu_mmu_index(CPUHPPAState *env, bool 
ifetch)
 
 void hppa_translate_init(void);
 
-HPPACPU *cpu_hppa_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(cpu_hppa_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_HPPA_CPU, cpu_model)
 
 void hppa_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 30299e9..a477b45 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -112,15 +112,9 @@ static void hppa_cpu_initfn(Object *obj)
 hppa_translate_init();
 }
 
-HPPACPU *cpu_hppa_init(const char *cpu_model)
+static ObjectClass *hppa_cpu_class_by_name(const char *cpu_model)
 {
-HPPACPU *cpu;
-
-cpu = HPPA_CPU(object_new(TYPE_HPPA_CPU));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
+return object_class_by_name(TYPE_HPPA_CPU);
 }
 
 static void hppa_cpu_class_init(ObjectClass *oc, void *data)
@@ -132,6 +126,7 @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data)
 acc->parent_realize = dc->realize;
 dc->realize = hppa_cpu_realizefn;
 
+cc->class_by_name = hppa_cpu_class_by_name;
 cc->do_interrupt = hppa_cpu_do_interrupt;
 cc->cpu_exec_interrupt = hppa_cpu_exec_interrupt;
 cc->dump_state = hppa_cpu_dump_state;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 13/27] microblaze: replace cpu_mb_init() with cpu_generic_init()

[Igor Mammedov]

cpu_mb_init() always falls back to TYPE_MICROBLAZE_CPU object
regardless of cpu_model. Put fallback logic into
mb_cpu_class_by_name() which would translate any cpu_model
into TYPE_MICROBLAZE_CPU class and replace cpu_mb_init()
with cpu_generic_init().

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
---
 target/microblaze/cpu.h   |  3 +--
 target/microblaze/cpu.c   |  6 ++
 target/microblaze/translate.c | 11 ---
 3 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 5ce4c82..52b6b6a 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -331,7 +331,6 @@ int mb_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, 
int reg);
 int mb_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 void mb_tcg_init(void);
-MicroBlazeCPU *cpu_mb_init(const char *cpu_model);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
@@ -344,7 +343,7 @@ int cpu_mb_signal_handler(int host_signum, void *pinfo,
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define cpu_init(cpu_model) CPU(cpu_mb_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_MICROBLAZE_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_mb_signal_handler
 
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index f85ff01..ddffe86 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -253,6 +253,11 @@ static Property mb_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static ObjectClass *mb_cpu_class_by_name(const char *cpu_model)
+{
+return object_class_by_name(TYPE_MICROBLAZE_CPU);
+}
+
 static void mb_cpu_class_init(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
@@ -265,6 +270,7 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 mcc->parent_reset = cc->reset;
 cc->reset = mb_cpu_reset;
 
+cc->class_by_name = mb_cpu_class_by_name;
 cc->has_work = mb_cpu_has_work;
 cc->do_interrupt = mb_cpu_do_interrupt;
 cc->cpu_exec_interrupt = mb_cpu_exec_interrupt;
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index a24373c..83e2ef4 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1845,17 +1845,6 @@ void mb_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 cpu_fprintf(f, "\n\n");
 }
 
-MicroBlazeCPU *cpu_mb_init(const char *cpu_model)
-{
-MicroBlazeCPU *cpu;
-
-cpu = MICROBLAZE_CPU(object_new(TYPE_MICROBLAZE_CPU));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
-}
-
 void mb_tcg_init(void)
 {
 int i;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 08/27] sparc: replace cpu_sparc_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
---
CC: Fabien Chouteau 
CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
---
 target/sparc/cpu.h   | 3 +--
 hw/sparc/leon3.c | 2 +-
 hw/sparc/sun4m.c | 2 +-
 hw/sparc64/sparc64.c | 2 +-
 target/sparc/cpu.c   | 5 -
 5 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 0e41916..b45cfb4 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -579,7 +579,6 @@ void cpu_raise_exception_ra(CPUSPARCState *, int, 
uintptr_t) QEMU_NORETURN;
 
 #ifndef NO_CPU_IO_DEFS
 /* cpu_init.c */
-SPARCCPU *cpu_sparc_init(const char *cpu_model);
 void cpu_sparc_set_id(CPUSPARCState *env, unsigned int cpu);
 void sparc_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 /* mmu_helper.c */
@@ -656,7 +655,7 @@ hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, 
target_ulong addr,
 int cpu_sparc_signal_handler(int host_signum, void *pinfo, void *puc);
 
 #ifndef NO_CPU_IO_DEFS
-#define cpu_init(cpu_model) CPU(cpu_sparc_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_SPARC_CPU, cpu_model)
 #endif
 
 #define cpu_signal_handler cpu_sparc_signal_handler
diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index d5ff188..56512ec 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -126,7 +126,7 @@ static void leon3_generic_hw_init(MachineState *machine)
 cpu_model = "LEON3";
 }
 
-cpu = cpu_sparc_init(cpu_model);
+cpu = SPARC_CPU(cpu_generic_init(TYPE_SPARC_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
 exit(1);
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 89dd8a9..cf47dca 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -797,7 +797,7 @@ static void cpu_devinit(const char *cpu_model, unsigned int 
id,
 SPARCCPU *cpu;
 CPUSPARCState *env;
 
-cpu = cpu_sparc_init(cpu_model);
+cpu = SPARC_CPU(cpu_generic_init(TYPE_SPARC_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "qemu: Unable to find Sparc CPU definition\n");
 exit(1);
diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
index 4e4fdab..ecf38a4 100644
--- a/hw/sparc64/sparc64.c
+++ b/hw/sparc64/sparc64.c
@@ -353,7 +353,7 @@ SPARCCPU *sparc64_cpu_devinit(const char *cpu_model,
 if (cpu_model == NULL) {
 cpu_model = default_cpu_model;
 }
-cpu = cpu_sparc_init(cpu_model);
+cpu = SPARC_CPU(cpu_generic_init(TYPE_SPARC_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find Sparc CPU definition\n");
 exit(1);
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index fd01cbf..2917021 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -110,11 +110,6 @@ static void sparc_cpu_parse_features(const char *typename, 
char *features,
 cpu_legacy_parse_featurestr(typename, features, errp);
 }
 
-SPARCCPU *cpu_sparc_init(const char *cpu_model)
-{
-return SPARC_CPU(cpu_generic_init(TYPE_SPARC_CPU, cpu_model));
-}
-
 void cpu_sparc_set_id(CPUSPARCState *env, unsigned int cpu)
 {
 #if !defined(TARGET_SPARC64)
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 14/27] nios2: replace cpu_nios2_init() with cpu_generic_init()

[Igor Mammedov]

cpu_nios2_init() always falls back to TYPE_NIOS2_CPU object
regardless of cpu_model. Put fallback logic into
nios2_cpu_class_by_name() which would translate any cpu_model
into TYPE_NIOS2_CPU class and replace cpu_nios2_init()
with cpu_generic_init()

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
---
 target/nios2/cpu.h| 3 +--
 hw/nios2/10m50_devboard.c | 2 +-
 target/nios2/cpu.c| 9 +++--
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 13931f3..50d803a 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -212,7 +212,6 @@ static inline Nios2CPU *nios2_env_get_cpu(CPUNios2State 
*env)
 #define ENV_OFFSET offsetof(Nios2CPU, env)
 
 void nios2_tcg_init(void);
-Nios2CPU *cpu_nios2_init(const char *cpu_model);
 void nios2_cpu_do_interrupt(CPUState *cs);
 int cpu_nios2_signal_handler(int host_signum, void *pinfo, void *puc);
 void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUNios2State *env);
@@ -229,7 +228,7 @@ void nios2_check_interrupts(CPUNios2State *env);
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define cpu_init(cpu_model) CPU(cpu_nios2_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_NIOS2_CPU, cpu_model)
 
 #define cpu_gen_code cpu_nios2_gen_code
 #define cpu_signal_handler cpu_nios2_signal_handler
diff --git a/hw/nios2/10m50_devboard.c b/hw/nios2/10m50_devboard.c
index b6868b8..e4007f6 100644
--- a/hw/nios2/10m50_devboard.c
+++ b/hw/nios2/10m50_devboard.c
@@ -75,7 +75,7 @@ static void nios2_10m50_ghrd_init(MachineState *machine)
 phys_ram_alias);
 
 /* Create CPU -- FIXME */
-cpu = cpu_nios2_init("nios2");
+cpu = NIOS2_CPU(cpu_generic_init(TYPE_NIOS2_CPU, "nios2"));
 
 /* Register: CPU interrupt controller (PIC) */
 cpu_irq = nios2_cpu_pic_init(cpu);
diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index d56bb72..5b02fb6 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -83,13 +83,9 @@ static void nios2_cpu_initfn(Object *obj)
 }
 }
 
-Nios2CPU *cpu_nios2_init(const char *cpu_model)
+static ObjectClass *nios2_cpu_class_by_name(const char *cpu_model)
 {
-Nios2CPU *cpu = NIOS2_CPU(object_new(TYPE_NIOS2_CPU));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
+return object_class_by_name(TYPE_NIOS2_CPU);
 }
 
 static void nios2_cpu_realizefn(DeviceState *dev, Error **errp)
@@ -203,6 +199,7 @@ static void nios2_cpu_class_init(ObjectClass *oc, void 
*data)
 ncc->parent_reset = cc->reset;
 cc->reset = nios2_cpu_reset;
 
+cc->class_by_name = nios2_cpu_class_by_name;
 cc->has_work = nios2_cpu_has_work;
 cc->do_interrupt = nios2_cpu_do_interrupt;
 cc->cpu_exec_interrupt = nios2_cpu_exec_interrupt;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 18/27] sh4: replace cpu_sh4_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/sh4/cpu.h | 3 +--
 hw/sh4/r2d.c | 2 +-
 hw/sh4/shix.c| 2 +-
 target/sh4/cpu.c | 5 -
 4 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index 3c47f0d..79f85d3 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -238,7 +238,6 @@ void superh_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
 int mmu_idx, uintptr_t retaddr);
 
 void sh4_translate_init(void);
-SuperHCPU *cpu_sh4_init(const char *cpu_model);
 int cpu_sh4_signal_handler(int host_signum, void *pinfo,
void *puc);
 int superh_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int rw,
@@ -269,7 +268,7 @@ int cpu_sh4_is_cached(CPUSH4State * env, target_ulong addr);
 
 void cpu_load_tlb(CPUSH4State * env);
 
-#define cpu_init(cpu_model) CPU(cpu_sh4_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_SUPERH_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_sh4_signal_handler
 #define cpu_list sh4_cpu_list
diff --git a/hw/sh4/r2d.c b/hw/sh4/r2d.c
index a0462ad..22bc534 100644
--- a/hw/sh4/r2d.c
+++ b/hw/sh4/r2d.c
@@ -246,7 +246,7 @@ static void r2d_init(MachineState *machine)
 cpu_model = "SH7751R";
 }
 
-cpu = cpu_sh4_init(cpu_model);
+cpu = SUPERH_CPU(cpu_generic_init(TYPE_SUPERH_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/sh4/shix.c b/hw/sh4/shix.c
index e22eaf0..7f8a4b6 100644
--- a/hw/sh4/shix.c
+++ b/hw/sh4/shix.c
@@ -56,7 +56,7 @@ static void shix_init(MachineState *machine)
 if (!cpu_model)
 cpu_model = "any";
 
-cpu = cpu_sh4_init(cpu_model);
+cpu = SUPERH_CPU(cpu_generic_init(TYPE_SUPERH_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index 8536f6d..6ce7cba 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -156,11 +156,6 @@ static ObjectClass *superh_cpu_class_by_name(const char 
*cpu_model)
 return oc;
 }
 
-SuperHCPU *cpu_sh4_init(const char *cpu_model)
-{
-return SUPERH_CPU(cpu_generic_init(TYPE_SUPERH_CPU, cpu_model));
-}
-
 static void sh7750r_cpu_initfn(Object *obj)
 {
 SuperHCPU *cpu = SUPERH_CPU(obj);
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 15/27] tilegx: replace cpu_tilegx_init() with cpu_generic_init()

[Igor Mammedov]

cpu_tilegx_init() always falls back to TYPE_TILEGX_CPU object
regardless of cpu_model. Put fallback logic into
tilegx_cpu_class_by_name() which would translate any cpu_model
into TYPE_TILEGX_CPU class and replace cpu_tilegx_init()
with cpu_generic_init().

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/tilegx/cpu.h |  4 +---
 target/tilegx/cpu.c | 11 +++
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/target/tilegx/cpu.h b/target/tilegx/cpu.h
index f32be49..71cea04 100644
--- a/target/tilegx/cpu.h
+++ b/target/tilegx/cpu.h
@@ -164,9 +164,7 @@ static inline TileGXCPU *tilegx_env_get_cpu(CPUTLGState 
*env)
 void tilegx_tcg_init(void);
 int cpu_tilegx_signal_handler(int host_signum, void *pinfo, void *puc);
 
-TileGXCPU *cpu_tilegx_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(cpu_tilegx_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_TILEGX_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_tilegx_signal_handler
 
diff --git a/target/tilegx/cpu.c b/target/tilegx/cpu.c
index 4532639..7345f5a 100644
--- a/target/tilegx/cpu.c
+++ b/target/tilegx/cpu.c
@@ -52,15 +52,9 @@ static void tilegx_cpu_dump_state(CPUState *cs, FILE *f,
 env->pc, env->spregs[TILEGX_SPR_CMPEXCH]);
 }
 
-TileGXCPU *cpu_tilegx_init(const char *cpu_model)
+static ObjectClass *tilegx_cpu_class_by_name(const char *cpu_model)
 {
-TileGXCPU *cpu;
-
-cpu = TILEGX_CPU(object_new(TYPE_TILEGX_CPU));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
+return object_class_by_name(TYPE_TILEGX_CPU);
 }
 
 static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
@@ -159,6 +153,7 @@ static void tilegx_cpu_class_init(ObjectClass *oc, void 
*data)
 tcc->parent_reset = cc->reset;
 cc->reset = tilegx_cpu_reset;
 
+cc->class_by_name = tilegx_cpu_class_by_name;
 cc->has_work = tilegx_cpu_has_work;
 cc->do_interrupt = tilegx_cpu_do_interrupt;
 cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 23/27] moxie: replace cpu_moxie_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/moxie/cpu.h  | 3 +--
 hw/moxie/moxiesim.c | 2 +-
 target/moxie/cpu.c  | 5 -
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/target/moxie/cpu.h b/target/moxie/cpu.h
index 8991aae..75decaa 100644
--- a/target/moxie/cpu.h
+++ b/target/moxie/cpu.h
@@ -112,7 +112,6 @@ static inline MoxieCPU *moxie_env_get_cpu(CPUMoxieState 
*env)
 
 #define ENV_OFFSET offsetof(MoxieCPU, env)
 
-MoxieCPU *cpu_moxie_init(const char *cpu_model);
 void moxie_cpu_do_interrupt(CPUState *cs);
 void moxie_cpu_dump_state(CPUState *cpu, FILE *f,
   fprintf_function cpu_fprintf, int flags);
@@ -121,7 +120,7 @@ void moxie_translate_init(void);
 int cpu_moxie_signal_handler(int host_signum, void *pinfo,
  void *puc);
 
-#define cpu_init(cpu_model) CPU(cpu_moxie_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_MOXIE_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_moxie_signal_handler
 
diff --git a/hw/moxie/moxiesim.c b/hw/moxie/moxiesim.c
index df3f124..4c27b45 100644
--- a/hw/moxie/moxiesim.c
+++ b/hw/moxie/moxiesim.c
@@ -118,7 +118,7 @@ static void moxiesim_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "MoxieLite-moxie-cpu";
 }
-cpu = cpu_moxie_init(cpu_model);
+cpu = MOXIE_CPU(cpu_generic_init(TYPE_MOXIE_CPU, cpu_model));
 if (!cpu) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/target/moxie/cpu.c b/target/moxie/cpu.c
index 927b1a1..748d02f 100644
--- a/target/moxie/cpu.c
+++ b/target/moxie/cpu.c
@@ -150,11 +150,6 @@ static const MoxieCPUInfo moxie_cpus[] = {
 { .name = "any",.initfn = moxie_any_initfn },
 };
 
-MoxieCPU *cpu_moxie_init(const char *cpu_model)
-{
-return MOXIE_CPU(cpu_generic_init(TYPE_MOXIE_CPU, cpu_model));
-}
-
 static void cpu_register(const MoxieCPUInfo *info)
 {
 TypeInfo type_info = {
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 16/27] xtensa: replace cpu_xtensa_init() with cpu_generic_init()

[Igor Mammedov]

call xtensa_irq_init() at realize time which makes
cpu_xtensa_init() like generic cpu creation function.
As result we can replace it with cpu_generic_init()
which does the same job, reducing code duplication a bit.

Signed-off-by: Igor Mammedov 
---
CC: Max Filippov 
---
 target/xtensa/cpu.h|  4 +---
 hw/xtensa/sim.c|  2 +-
 hw/xtensa/xtfpga.c |  2 +-
 target/xtensa/cpu.c|  3 +++
 target/xtensa/helper.c | 22 --
 5 files changed, 6 insertions(+), 27 deletions(-)

diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index ee29fb1..4803331 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -475,9 +475,7 @@ void xtensa_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
 #define XTENSA_DEFAULT_CPU_MODEL "dc232b"
 #endif
 
-XtensaCPU *cpu_xtensa_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(cpu_xtensa_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_XTENSA_CPU, cpu_model)
 
 void xtensa_translate_init(void);
 void xtensa_breakpoint_handler(CPUState *cs);
diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
index 249cd1e..1b4767f 100644
--- a/hw/xtensa/sim.c
+++ b/hw/xtensa/sim.c
@@ -84,7 +84,7 @@ static void xtensa_sim_init(MachineState *machine)
 }
 
 for (n = 0; n < smp_cpus; n++) {
-cpu = cpu_xtensa_init(cpu_model);
+cpu = XTENSA_CPU(cpu_generic_init(TYPE_XTENSA_CPU, cpu_model));
 if (cpu == NULL) {
 error_report("unable to find CPU definition '%s'",
  cpu_model);
diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
index 635a4d4..182ec1e 100644
--- a/hw/xtensa/xtfpga.c
+++ b/hw/xtensa/xtfpga.c
@@ -232,7 +232,7 @@ static void lx_init(const LxBoardDesc *board, MachineState 
*machine)
 }
 
 for (n = 0; n < smp_cpus; n++) {
-cpu = cpu_xtensa_init(cpu_model);
+cpu = XTENSA_CPU(cpu_generic_init(TYPE_XTENSA_CPU, cpu_model));
 if (cpu == NULL) {
 error_report("unable to find CPU definition '%s'",
  cpu_model);
diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index cd7f958..85897df 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -100,9 +100,12 @@ static ObjectClass *xtensa_cpu_class_by_name(const char 
*cpu_model)
 static void xtensa_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
+XtensaCPU *cpu = XTENSA_CPU(dev);
 XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
+xtensa_irq_init(&cpu->env);
+
 cpu_exec_realizefn(cs, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
index bcd0b77..e8fba20 100644
--- a/target/xtensa/helper.c
+++ b/target/xtensa/helper.c
@@ -113,28 +113,6 @@ void xtensa_breakpoint_handler(CPUState *cs)
 }
 }
 
-XtensaCPU *cpu_xtensa_init(const char *cpu_model)
-{
-ObjectClass *oc;
-XtensaCPU *cpu;
-CPUXtensaState *env;
-
-oc = cpu_class_by_name(TYPE_XTENSA_CPU, cpu_model);
-if (oc == NULL) {
-return NULL;
-}
-
-cpu = XTENSA_CPU(object_new(object_class_get_name(oc)));
-env = &cpu->env;
-
-xtensa_irq_init(env);
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
-}
-
-
 void xtensa_cpu_list(FILE *f, fprintf_function cpu_fprintf)
 {
 XtensaConfigList *core = xtensa_cores;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 19/27] arm: replace cpu_arm_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Andrew Jones 
---
 target/arm/cpu.h| 3 +--
 hw/arm/musicpal.c   | 2 +-
 hw/arm/omap1.c  | 2 +-
 hw/arm/omap2.c  | 2 +-
 hw/arm/pxa2xx.c | 4 ++--
 hw/arm/strongarm.c  | 2 +-
 target/arm/helper.c | 5 -
 7 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b39d64a..5932ef1 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -748,7 +748,6 @@ int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t 
*buf, int reg);
 int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 #endif
 
-ARMCPU *cpu_arm_init(const char *cpu_model);
 target_ulong do_arm_semihosting(CPUARMState *env);
 void aarch64_sync_32_to_64(CPUARMState *env);
 void aarch64_sync_64_to_32(CPUARMState *env);
@@ -2001,7 +2000,7 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
unsigned int excp_idx,
 return unmasked || pstate_unmasked;
 }
 
-#define cpu_init(cpu_model) CPU(cpu_arm_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_ARM_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_arm_signal_handler
 #define cpu_list arm_cpu_list
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 7e8ab31..a8b3d46 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -1593,7 +1593,7 @@ static void musicpal_init(MachineState *machine)
 if (!cpu_model) {
 cpu_model = "arm926";
 }
-cpu = cpu_arm_init(cpu_model);
+cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, cpu_model));
 if (!cpu) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 3d15ff6..400ba30 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -3863,7 +3863,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 
 /* Core */
 s->mpu_model = omap310;
-s->cpu = cpu_arm_init(core);
+s->cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, core));
 if (s->cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index bbf0b7e..ece25ae 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -2261,7 +2261,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion 
*sysmem,
 
 /* Core */
 s->mpu_model = omap2420;
-s->cpu = cpu_arm_init(core ?: "arm1136-r2");
+s->cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, core ?: "arm1136-r2"));
 if (s->cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 194b0bc..b0ac3cf 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -2066,7 +2066,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
 if (!revision)
 revision = "pxa270";
 
-s->cpu = cpu_arm_init(revision);
+s->cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, revision));
 if (s->cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
@@ -2196,7 +2196,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space, 
unsigned int sdram_size)
 
 s = g_new0(PXA2xxState, 1);
 
-s->cpu = cpu_arm_init("pxa255");
+s->cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, "pxa255"));
 if (s->cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index 6a45dcc..884242b 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -1597,7 +1597,7 @@ StrongARMState *sa1110_init(MemoryRegion *sysmem,
 exit(1);
 }
 
-s->cpu = cpu_arm_init(rev);
+s->cpu = ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, rev));
 
 if (!s->cpu) {
 error_report("Unable to find CPU definition");
diff --git a/target/arm/helper.c b/target/arm/helper.c
index fa60040..0ec92d3 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5233,11 +5233,6 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 }
 }
 
-ARMCPU *cpu_arm_init(const char *cpu_model)
-{
-return ARM_CPU(cpu_generic_init(TYPE_ARM_CPU, cpu_model));
-}
-
 void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
 {
 CPUState *cs = CPU(cpu);
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 17/27] tricore: replace cpu_tricore_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/tricore/cpu.h   | 4 +---
 hw/tricore/tricore_testboard.c | 2 +-
 target/tricore/helper.c| 5 -
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index a3493a1..bc53c40 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -411,9 +411,7 @@ static inline void cpu_get_tb_cpu_state(CPUTriCoreState 
*env, target_ulong *pc,
 *flags = 0;
 }
 
-TriCoreCPU *cpu_tricore_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(cpu_tricore_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_TRICORE_CPU, cpu_model)
 
 
 /* helpers.c */
diff --git a/hw/tricore/tricore_testboard.c b/hw/tricore/tricore_testboard.c
index 6c57423..3fcd8bb 100644
--- a/hw/tricore/tricore_testboard.c
+++ b/hw/tricore/tricore_testboard.c
@@ -74,7 +74,7 @@ static void tricore_testboard_init(MachineState *machine, int 
board_id)
 if (!machine->cpu_model) {
 machine->cpu_model = "tc1796";
 }
-cpu = cpu_tricore_init(machine->cpu_model);
+cpu = TRICORE_CPU(cpu_generic_init(TYPE_TRICORE_CPU, machine->cpu_model));
 if (!cpu) {
 error_report("Unable to find CPU definition");
 exit(1);
diff --git a/target/tricore/helper.c b/target/tricore/helper.c
index 3118905..378c2a4 100644
--- a/target/tricore/helper.c
+++ b/target/tricore/helper.c
@@ -78,11 +78,6 @@ int cpu_tricore_handle_mmu_fault(CPUState *cs, target_ulong 
address,
 return ret;
 }
 
-TriCoreCPU *cpu_tricore_init(const char *cpu_model)
-{
-return TRICORE_CPU(cpu_generic_init(TYPE_TRICORE_CPU, cpu_model));
-}
-
 static void tricore_cpu_list_entry(gpointer data, gpointer user_data)
 {
 ObjectClass *oc = data;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 20/27] cris: replace cpu_cris_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/cris/cpu.h| 3 +--
 hw/cris/axis_dev88.c | 2 +-
 target/cris/cpu.c| 5 -
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 920e1c3..5d822de 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -216,7 +216,6 @@ int crisv10_cpu_gdb_read_register(CPUState *cpu, uint8_t 
*buf, int reg);
 int cris_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int cris_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
-CRISCPU *cpu_cris_init(const char *cpu_model);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
@@ -268,7 +267,7 @@ enum {
 #define TARGET_PHYS_ADDR_SPACE_BITS 32
 #define TARGET_VIRT_ADDR_SPACE_BITS 32
 
-#define cpu_init(cpu_model) CPU(cpu_cris_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_CRIS_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_cris_signal_handler
 
diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
index 80674f6..5eb552b 100644
--- a/hw/cris/axis_dev88.c
+++ b/hw/cris/axis_dev88.c
@@ -271,7 +271,7 @@ void axisdev88_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "crisv32";
 }
-cpu = cpu_cris_init(cpu_model);
+cpu = CRIS_CPU(cpu_generic_init(TYPE_CRIS_CPU, cpu_model));
 env = &cpu->env;
 
 /* allocate RAM */
diff --git a/target/cris/cpu.c b/target/cris/cpu.c
index 5f766f0..ceebfed 100644
--- a/target/cris/cpu.c
+++ b/target/cris/cpu.c
@@ -89,11 +89,6 @@ static ObjectClass *cris_cpu_class_by_name(const char 
*cpu_model)
 return oc;
 }
 
-CRISCPU *cpu_cris_init(const char *cpu_model)
-{
-return CRIS_CPU(cpu_generic_init(TYPE_CRIS_CPU, cpu_model));
-}
-
 /* Sort alphabetically by VR. */
 static gint cris_cpu_list_compare(gconstpointer a, gconstpointer b)
 {
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 27/27] fix build failure in nbd_read_reply_entry()

[Igor Mammedov]

travis builds fail at HEAD at rc3 master with

  block/nbd-client.c: In function ‘nbd_read_reply_entry’:
  block/nbd-client.c:110:8: error: ‘ret’ may be used uninitialized in this 
function [-Werror=uninitialized]

fix it by initializing 'ret' to 0

Signed-off-by: Igor Mammedov 
---
 block/nbd-client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index 422ecb4..02c8e20 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -70,7 +70,7 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 {
 NBDClientSession *s = opaque;
 uint64_t i;
-int ret;
+int ret = 0;
 Error *local_err = NULL;
 
 while (!s->quit) {
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 22/27] lm32: replace cpu_lm32_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Acked-by: Michael Walle 
Reviewed-by: Eduardo Habkost 
---
 target/lm32/cpu.h | 3 +--
 hw/lm32/lm32_boards.c | 4 ++--
 hw/lm32/milkymist.c   | 2 +-
 target/lm32/helper.c  | 5 -
 4 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index 1d972cb..de265b5 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -238,7 +238,6 @@ static inline lm32_wp_t lm32_wp_type(uint32_t dc, int idx)
 return (dc >> (idx+1)*2) & 0x3;
 }
 
-LM32CPU *cpu_lm32_init(const char *cpu_model);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
@@ -256,7 +255,7 @@ void lm32_watchpoint_insert(CPULM32State *env, int index, 
target_ulong address,
 void lm32_watchpoint_remove(CPULM32State *env, int index);
 bool lm32_cpu_do_semihosting(CPUState *cs);
 
-#define cpu_init(cpu_model) CPU(cpu_lm32_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_LM32_CPU, cpu_model)
 
 #define cpu_list lm32_cpu_list
 #define cpu_signal_handler cpu_lm32_signal_handler
diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
index 8f0c307..eccf0ac 100644
--- a/hw/lm32/lm32_boards.c
+++ b/hw/lm32/lm32_boards.c
@@ -104,7 +104,7 @@ static void lm32_evr_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "lm32-full";
 }
-cpu = cpu_lm32_init(cpu_model);
+cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
 exit(1);
@@ -205,7 +205,7 @@ static void lm32_uclinux_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "lm32-full";
 }
-cpu = cpu_lm32_init(cpu_model);
+cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
 exit(1);
diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
index 5cae0f1..dffd879 100644
--- a/hw/lm32/milkymist.c
+++ b/hw/lm32/milkymist.c
@@ -111,7 +111,7 @@ milkymist_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "lm32-full";
 }
-cpu = cpu_lm32_init(cpu_model);
+cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
 exit(1);
diff --git a/target/lm32/helper.c b/target/lm32/helper.c
index 891da18..929cc36 100644
--- a/target/lm32/helper.c
+++ b/target/lm32/helper.c
@@ -219,11 +219,6 @@ bool lm32_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 return false;
 }
 
-LM32CPU *cpu_lm32_init(const char *cpu_model)
-{
-return LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
-}
-
 /* Some soc ignores the MSB on the address bus. Thus creating a shadow memory
  * area. As a general rule, 0x-0x7fff is cached, whereas
  * 0x8000-0x is not cached and used to access IO devices. */
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 21/27] x86: replace cpu_x86_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/i386/cpu.h | 3 +--
 target/i386/cpu.c | 5 -
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 0518673..525d35d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1327,7 +1327,6 @@ int x86_cpu_gdb_write_register(CPUState *cpu, uint8_t 
*buf, int reg);
 void x86_cpu_exec_enter(CPUState *cpu);
 void x86_cpu_exec_exit(CPUState *cpu);
 
-X86CPU *cpu_x86_init(const char *cpu_model);
 void x86_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 int cpu_x86_support_mca_broadcast(CPUX86State *env);
 
@@ -1507,7 +1506,7 @@ uint64_t cpu_get_tsc(CPUX86State *env);
 
 #define PHYS_ADDR_MASK MAKE_64BIT_MASK(0, TCG_PHYS_ADDR_BITS)
 
-#define cpu_init(cpu_model) CPU(cpu_x86_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_X86_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_x86_signal_handler
 #define cpu_list x86_cpu_list
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ac60c1a..217aade 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2522,11 +2522,6 @@ static gchar *x86_gdb_arch_name(CPUState *cs)
 #endif
 }
 
-X86CPU *cpu_x86_init(const char *cpu_model)
-{
-return X86_CPU(cpu_generic_init(TYPE_X86_CPU, cpu_model));
-}
-
 static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
 {
 X86CPUDefinition *cpudef = data;
-- 
2.7.4

[Qemu-devel] [PATCH for-2.11 24/27] openrisc: replace cpu_openrisc_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Acked-by: Stafford Horne 
Reviewed-by: Eduardo Habkost 
---
 target/openrisc/cpu.h  | 4 +---
 hw/openrisc/openrisc_sim.c | 2 +-
 target/openrisc/cpu.c  | 5 -
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
index 2721432..f51b89a 100644
--- a/target/openrisc/cpu.h
+++ b/target/openrisc/cpu.h
@@ -347,8 +347,6 @@ static inline OpenRISCCPU 
*openrisc_env_get_cpu(CPUOpenRISCState *env)
 
 #define ENV_OFFSET offsetof(OpenRISCCPU, env)
 
-OpenRISCCPU *cpu_openrisc_init(const char *cpu_model);
-
 void cpu_openrisc_list(FILE *f, fprintf_function cpu_fprintf);
 void openrisc_cpu_do_interrupt(CPUState *cpu);
 bool openrisc_cpu_exec_interrupt(CPUState *cpu, int int_req);
@@ -390,7 +388,7 @@ int cpu_openrisc_get_phys_data(OpenRISCCPU *cpu,
int *prot, target_ulong address, int rw);
 #endif
 
-#define cpu_init(cpu_model) CPU(cpu_openrisc_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_OPENRISC_CPU, cpu_model)
 
 #include "exec/cpu-all.h"
 
diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index e1eeffc..243d802 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -109,7 +109,7 @@ static void openrisc_sim_init(MachineState *machine)
 }
 
 for (n = 0; n < smp_cpus; n++) {
-cpu = cpu_openrisc_init(cpu_model);
+cpu = OPENRISC_CPU(cpu_generic_init(TYPE_OPENRISC_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition!\n");
 exit(1);
diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index 1d6330c..a979f0b 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -210,11 +210,6 @@ static void openrisc_cpu_register_types(void)
 }
 }
 
-OpenRISCCPU *cpu_openrisc_init(const char *cpu_model)
-{
-return OPENRISC_CPU(cpu_generic_init(TYPE_OPENRISC_CPU, cpu_model));
-}
-
 /* Sort alphabetically by type name, except for "any". */
 static gint openrisc_cpu_list_compare(gconstpointer a, gconstpointer b)
 {
-- 
2.7.4

Re: [Qemu-devel] [Bug 1706296] Re: Booting NT 4 disk causes /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion failed: (!qemu_mutex_iothread_locked())

[Alex Bennée]

Peter Maydell  writes:

> On 18 August 2017 at 09:40, Alex Bennée  wrote:
>>
>> John Arbuckle  writes:
>>
>>> Using '-cpu 486' gets past the assertion error. I guess Windows NT 4.0
>>> is not compatible with newer Intel processors.
>>
>> It might be related. The assertion error is caused by the fact an
>> exception has occurred and processor is trying to dump a stack frame that
>> overlaps from RAM into device memory. As the IRQ/exception handling is
>> already under the BQL (as it changes machine state) we get the assertion
>> when it tries to take the BQL a second time when accessing device
>> memory.
>
> This sounds worrying -- lots and lots of target backend code
> does writes to memory. Is it all going to cause assertions if
> it happens to be pointing at a device?

Currently yes.

That said from John's update it sounds very much like a symptom of not
emulating the right processor type rather than behaviour we are
incorrectly modelling. If we invert the lock before writing the stack
page is it just going to crash in a more esoteric way?

I'm not sure how you correctly emulate writing random stack pages to a
random device. Unless there is some sort of weird [un]documented behaviour
we should be doing?

--
Alex Bennée

[Qemu-devel] [PATCH for-2.11 26/27] ppc: replace cpu_ppc_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Acked-by: David Gibson 
Reviewed-by: Hervé Poussineau 
Reviewed-by: Eduardo Habkost 
---
 target/ppc/cpu.h| 3 +--
 hw/ppc/e500.c   | 3 ++-
 hw/ppc/mac_newworld.c   | 3 ++-
 hw/ppc/mac_oldworld.c   | 3 ++-
 hw/ppc/ppc440_bamboo.c  | 2 +-
 hw/ppc/ppc4xx_devs.c| 2 +-
 hw/ppc/prep.c   | 5 +++--
 hw/ppc/virtex_ml507.c   | 2 +-
 target/ppc/translate_init.c | 5 -
 9 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 46d3dd8..12f0949 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1276,7 +1276,6 @@ extern const struct VMStateDescription vmstate_ppc_cpu;
 #endif
 
 /*/
-PowerPCCPU *cpu_ppc_init(const char *cpu_model);
 void ppc_translate_init(void);
 const char *ppc_cpu_lookup_alias(const char *alias);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
@@ -1353,7 +1352,7 @@ static inline uint64_t ppc_dump_gpr(CPUPPCState *env, int 
gprn)
 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp);
 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val);
 
-#define cpu_init(cpu_model) CPU(cpu_ppc_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_POWERPC_CPU, cpu_model)
 
 #define cpu_signal_handler cpu_ppc_signal_handler
 #define cpu_list ppc_cpu_list
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 62f1857..f0596f3 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -819,7 +819,8 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 CPUState *cs;
 qemu_irq *input;
 
-cpu = cpu_ppc_init(machine->cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU,
+   machine->cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to initialize CPU!\n");
 exit(1);
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 3056d5f..d466634 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -187,7 +187,8 @@ static void ppc_core99_init(MachineState *machine)
 #endif
 }
 for (i = 0; i < smp_cpus; i++) {
-cpu = cpu_ppc_init(machine->cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU,
+   machine->cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find PowerPC CPU definition\n");
 exit(1);
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index f2ae60a..fcac399 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -116,7 +116,8 @@ static void ppc_heathrow_init(MachineState *machine)
 if (machine->cpu_model == NULL)
 machine->cpu_model = "G3";
 for (i = 0; i < smp_cpus; i++) {
-cpu = cpu_ppc_init(machine->cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU,
+   machine->cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find PowerPC CPU definition\n");
 exit(1);
diff --git a/hw/ppc/ppc440_bamboo.c b/hw/ppc/ppc440_bamboo.c
index 9d997bf..ca26398 100644
--- a/hw/ppc/ppc440_bamboo.c
+++ b/hw/ppc/ppc440_bamboo.c
@@ -186,7 +186,7 @@ static void bamboo_init(MachineState *machine)
 if (machine->cpu_model == NULL) {
 machine->cpu_model = "440EP";
 }
-cpu = cpu_ppc_init(machine->cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU, machine->cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to initialize CPU!\n");
 exit(1);
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index e7f413e..6b38ed7 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -56,7 +56,7 @@ PowerPCCPU *ppc4xx_init(const char *cpu_model,
 CPUPPCState *env;
 
 /* init CPUs */
-cpu = cpu_ppc_init(cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find PowerPC %s CPU definition\n",
 cpu_model);
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 36d3dcd..00f3321 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -520,7 +520,8 @@ static void ppc_prep_init(MachineState *machine)
 if (machine->cpu_model == NULL)
 machine->cpu_model = "602";
 for (i = 0; i < smp_cpus; i++) {
-cpu = cpu_ppc_init(machine->cpu_model);
+cpu = POWERPC_CPU(cpu_generic_init(TYPE_POWERPC_CPU,
+   machine->cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find PowerPC CPU definition\n");
 exit(1);
@@ -724,7 +725,7 @@ static void ibm_40p_init(MachineState *machine)
 if (!machine->cpu_model) {
 machine->cpu_model = "604";
 }
-cpu = cp

[Qemu-devel] [PATCH for-2.11 25/27] unicore32: replace uc32_cpu_init() with cpu_generic_init()

[Igor Mammedov]

it's just a wrapper, drop it and use cpu_generic_init() directly

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 target/unicore32/cpu.h| 4 +---
 hw/unicore32/puv3.c   | 2 +-
 target/unicore32/helper.c | 5 -
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/target/unicore32/cpu.h b/target/unicore32/cpu.h
index 7b5b405..7724108 100644
--- a/target/unicore32/cpu.h
+++ b/target/unicore32/cpu.h
@@ -165,9 +165,7 @@ static inline int cpu_mmu_index(CPUUniCore32State *env, 
bool ifetch)
 
 #include "exec/cpu-all.h"
 
-UniCore32CPU *uc32_cpu_init(const char *cpu_model);
-
-#define cpu_init(cpu_model) CPU(uc32_cpu_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_UNICORE32_CPU, cpu_model)
 
 static inline void cpu_get_tb_cpu_state(CPUUniCore32State *env, target_ulong 
*pc,
 target_ulong *cs_base, uint32_t *flags)
diff --git a/hw/unicore32/puv3.c b/hw/unicore32/puv3.c
index ff62efb..eb9862f 100644
--- a/hw/unicore32/puv3.c
+++ b/hw/unicore32/puv3.c
@@ -127,7 +127,7 @@ static void puv3_init(MachineState *machine)
 cpu_model = "UniCore-II";
 }
 
-cpu = uc32_cpu_init(cpu_model);
+cpu = UNICORE32_CPU(cpu_generic_init(TYPE_UNICORE32_CPU, cpu_model));
 if (!cpu) {
 error_report("Unable to find CPU definition");
 exit(1);
diff --git a/target/unicore32/helper.c b/target/unicore32/helper.c
index f9239dc..309dcd1 100644
--- a/target/unicore32/helper.c
+++ b/target/unicore32/helper.c
@@ -27,11 +27,6 @@
 #define DPRINTF(fmt, ...) do {} while (0)
 #endif
 
-UniCore32CPU *uc32_cpu_init(const char *cpu_model)
-{
-return UNICORE32_CPU(cpu_generic_init(TYPE_UNICORE32_CPU, cpu_model));
-}
-
 #ifndef CONFIG_USER_ONLY
 void helper_cp0_set(CPUUniCore32State *env, uint32_t val, uint32_t creg,
 uint32_t cop)
-- 
2.7.4

Re: [Qemu-devel] [Bug 1706296] Re: Booting NT 4 disk causes /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion failed: (!qemu_mutex_iothread_locked())

[Peter Maydell]

On 18 August 2017 at 11:23, Alex Bennée  wrote:
> Peter Maydell  writes:
>> On 18 August 2017 at 09:40, Alex Bennée  wrote:
>>> It might be related. The assertion error is caused by the fact an
>>> exception has occurred and processor is trying to dump a stack frame that
>>> overlaps from RAM into device memory. As the IRQ/exception handling is
>>> already under the BQL (as it changes machine state) we get the assertion
>>> when it tries to take the BQL a second time when accessing device
>>> memory.
>>
>> This sounds worrying -- lots and lots of target backend code
>> does writes to memory. Is it all going to cause assertions if
>> it happens to be pointing at a device?
>
> Currently yes.
>
> That said from John's update it sounds very much like a symptom of not
> emulating the right processor type rather than behaviour we are
> incorrectly modelling. If we invert the lock before writing the stack
> page is it just going to crash in a more esoteric way?
>
> I'm not sure how you correctly emulate writing random stack pages to a
> random device. Unless there is some sort of weird [un]documented behaviour
> we should be doing?

The desired behaviour is straightforward -- if the code calls
a function for "do a 4 byte write" then we do a 4 byte write
to the device. The only place where writing to a device has
to be special cased is when we're trying to execute code
from it (which is itself arguably a defect of our emulation).

It looks like we only get this double locking when the
target/ code does a write-by-virtual-address (which ends
up going via io_writex() which takes the lock again) --
write-by-physical-address, eg stl_phys and friends presumably
don't take the lock. That's a rather confusing mismatch of
semantics.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 0/5] target-ppc/spapr: Add FWNMI support in QEMU for PowerKVM guests

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 150305073858.13788.4068645609072927349.stgit@aravinda
Subject: [Qemu-devel] [PATCH v4 0/5] target-ppc/spapr: Add FWNMI support in 
QEMU for PowerKVM guests

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f473fc9b28 ppc: spapr: Enable FWNMI capability
11c89eaed9 target/ppc: Handle NMI guest exit
193cfab02d Wrapper function to wait on condition for the main loop mutex
b224364f6f ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS 
calls
cb8ce5b786 ppc: spapr: Register and handle HCALL to receive updated RTAS region

=== OUTPUT BEGIN ===
Checking PATCH 1/5: ppc: spapr: Register and handle HCALL to receive updated 
RTAS region...
Checking PATCH 2/5: ppc: spapr: Handle "ibm, nmi-register" and "ibm, 
nmi-interlock" RTAS calls...
Checking PATCH 3/5: Wrapper function to wait on condition for the main loop 
mutex...
Checking PATCH 4/5: target/ppc: Handle NMI guest exit...
Checking PATCH 5/5: ppc: spapr: Enable FWNMI capability...
ERROR: externs should be avoided in .c files
#24: FILE: hw/ppc/spapr_rtas.c:50:
+extern int cap_fwnmi;

total: 1 errors, 0 warnings, 44 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v4 0/5] target-ppc/spapr: Add FWNMI support in QEMU for PowerKVM guests

[David Gibson]

On Fri, Aug 18, 2017 at 03:36:44PM +0530, Aravinda Prasad wrote:
> This series of patches adds support for FWNMI in PowerKVM guests.
> 
> Memory error such as bit flips that cannot be corrected
> by hardware is passed on to the kernel for handling
> by raising machine check exception (an NMI). Upon such
> machine check exception, if the address in error belongs
> to guest then KVM causes a guest exit with KVM_EXIT_NMI
> exit reason.
> 
> This patch series adds functionality to pass on such
> machine check exception to the guest kernel by suitably
> handling KVM_EXIT_NMI exit and building the error log.
> 
> The KVM changes are now part of the upstream kernel
> (commit e20bbd3d). This series containe QEMU changes.
> 
> Change Log v4:
> - Included the RTAS_DISP_FULLY_RECOVERED scenario in
>   patch 4/5.

You don't seem to have addressed any of the other comments from the
last round, however.

> 
> Change Log v3:
> - Rebased to v2.10.0-rc0 (git://github.com/dgibson/qemu)
> 
> Change Log v2:
> - Added KVM capability
> - Serialized multiple NMIs with a conditional wait
> 
> ---
> 
> Aravinda Prasad (5):
>   ppc: spapr: Register and handle HCALL to receive updated RTAS region
>   ppc: spapr: Handle "ibm,nmi-register" and "ibm,nmi-interlock" RTAS calls
>   Wrapper function to wait on condition for the main loop mutex
>   target/ppc: Handle NMI guest exit
>   ppc: spapr: Enable FWNMI capability
> 
> 
>  cpus.c   |5 ++
>  hw/ppc/spapr.c   |   12 ++
>  hw/ppc/spapr_hcall.c |8 
>  hw/ppc/spapr_rtas.c  |   52 ++
>  include/hw/ppc/spapr.h   |   14 ++-
>  include/qemu/main-loop.h |8 
>  target/ppc/kvm.c |   93 
> ++
>  target/ppc/kvm_ppc.h |   82 +
>  8 files changed, 272 insertions(+), 2 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v1 for-2.11 01/10] target/s390x: move cc_name() to cc_helper.c

[Cornelia Huck]

On Fri, 18 Aug 2017 12:04:14 +0200
Thomas Huth  wrote:

> On 18.08.2017 11:59, David Hildenbrand wrote:
> > On 17.08.2017 11:22, David Hildenbrand wrote:  
> >> While at it, move the translations into the function.
> >>
> >> Signed-off-by: David Hildenbrand 
> >> ---
> >>  target/s390x/cc_helper.c | 48 
> >> 
> >>  target/s390x/cpu.h   | 48 
> >> +---
> >>  2 files changed, 49 insertions(+), 47 deletions(-)  
> [...]
> > Just compiled with --disable-tcg
> > 
> > s390_cpu_dump_state() needs cc_name. I suggest moving it to helper.c
> > instead. Opinions?  
> 
> Sounds fine to me, too.
> 
>  Thomas
> 
> 

Agreed.

[Qemu-devel] [PATCH] s390x/tcg: specification exception for unknown diag

[Cornelia Huck]

While the PoP is silent on the issue, z/VM documentation states
that unknown diagnose codes trigger a specification exception.
We already do that when running with kvm, so change tcg to do so
as well.

Signed-off-by: Cornelia Huck 
---

This is on top of "s390x: wire up diag288 in tcg".

---
 target/s390x/misc_helper.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 80a13a1b66..34d730ba73 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -106,10 +106,6 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, 
uint32_t r3, uint32_t num)
 case 0x288:
 /* time bomb (watchdog) */
 r = handle_diag_288(env, r1, r3);
-if (r) {
-program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO);
-r = 0;
-}
 break;
 default:
 r = -1;
@@ -117,7 +113,7 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t 
r3, uint32_t num)
 }
 
 if (r) {
-program_interrupt(env, PGM_OPERATION, ILEN_AUTO);
+program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO);
 }
 }
 
-- 
2.13.5

Re: [Qemu-devel] [RFC PATCH 09/12] ppc440: Add emulation of plb-pcix controller found in some 440 SoCs

[François Revol]

Hi,

Le 18/08/2017 à 03:53, David Gibson a écrit :
> On Sun, Aug 13, 2017 at 07:04:38PM +0200, BALATON Zoltan wrote:
> 
> You know I'm going to say it, right: needs a commit message.
> 
> What's a "plb-pcix", and what's an example of a 440 SoCs which has it.

IIRC that's the PCI(express) controller, which is not memory-mapped but
inside the DCR address space, so accessed from the PLB.

See:

http://www.embeddeddeveloper.com/assets/processors/amcc/datasheets/PP460EX_DS2063.pdf

page 9, 13.



François.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH 09/12] ppc440: Add emulation of plb-pcix controller found in some 440 SoCs

[François Revol]

Hi,

Le 18/08/2017 à 11:30, luigi burdo a écrit :
> hi Balaton, i can help with amigaos4 for sam . i can test it on P5040
> book3e and on G5 quad book3s machine. note sam for boot amigaos need
> a special modified version of uboot that is available on acube
> website it is a firmware update. without modified uboot will be not
> posdible auto boot amigaos. idont know if is possible use standard
> uboot incuded in qemu for boot amigaos from uboot command line. i can
> ask help to Enrico Vidale as my FB friend but i dont know if he will
> be available for this kind of helping.
> 

Yes they use their own custom U-Boot, with a lot of changes and code
duplication, and added x86 emulation to run a VGA BIOS, and never
upstreamed the changes... much like any other vendor, sadly.

I once managed to build a binary from their published source code with
an old compiler, although it's not exactly the same of the binary used,
which I think is actually run with the on-chip RAM or something weird alike.

François.

Re: [Qemu-devel] [RFC PATCH 12/12] ppc: Add aCube Sam460ex board

[François Revol]

Le 18/08/2017 à 08:10, David Gibson a écrit :
> On Sun, Aug 13, 2017 at 07:04:38PM +0200, BALATON Zoltan wrote:
>> Add emulation of aCube Sam460ex board based on AMCC 460EX embedded SoC.
>> This is not a full implementation yet with a lot of components still
>> missing but enough to start a Linux kernel and the U-Boot firmware.
>>
>> Signed-off-by: François Revol 
>> Signed-off-by: BALATON Zoltan 
> 
> There are a *lot* of devices defined here.  Most of them look like
> they belong to the SoC, not the board (since they use DCRs), so it
> doesn't really make sense to define them in a board file.  It would
> also make it easier to review if they were split up into separate
> patches.
> 


Indeed, I never thought it would need that many devices to run, and I
intended to move that out but never did.

While it'd make it easier to review, I also recall waiting 3 years to
get a simple patch in just because someone wanted the code to first be
refactored (hint: wacom) :p

François.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] s390x/tcg: specification exception for unknown diag

[Thomas Huth]

On 18.08.2017 13:00, Cornelia Huck wrote:
> While the PoP is silent on the issue, z/VM documentation states
> that unknown diagnose codes trigger a specification exception.
> We already do that when running with kvm, so change tcg to do so
> as well.

I just tried on a z/VM guest what happens if I call diag with an
unsupported code, and the Linux kernel then crashes with a specification
exception, indeed. So this sounds like the right thing to do!

> This is on top of "s390x: wire up diag288 in tcg".

May I suggest to order the patches the other way round? ... that's less
code churn that way.

 Thomas

Re: [Qemu-devel] [PATCH v2 for-2.11 0/2] Improvements for the pxe tester

[Cornelia Huck]

On Tue, 15 Aug 2017 17:27:55 +0200
Cornelia Huck  wrote:

> On Fri, 11 Aug 2017 07:57:54 +0200
> Thomas Huth  wrote:
> 
> > The first patch improves the buffer handling in the pxe tester a
> > little bit by allocating a separate buffer on the heap for each
> > architecture. This also gets rid of the huge pre-initialized
> > array in the tester, shrinking the size of the executable by
> > half of a megabyte!
> > The second patch adds s390x support to the pxe tester. Starting
> > with QEMU 2.10, the guest firmware on s390x can now net-boot via
> > TFTP, too, so we can automatically test this code in the pxe tester.
> > 
> > v2: Adressed Cornelia's review feedback from the first version, e.g.:
> >  - Use g_malloc0() instead of g_malloc()
> >  - Use sizeof with parentheses
> > 
> > Thomas Huth (2):
> >   tests/boot-sector: Do not overwrite the x86 buffer on other
> > architectures
> >   tests/pxe: Check virtio-net-ccw on s390x
> > 
> >  tests/Makefile.include |  1 +
> >  tests/boot-sector.c| 61 
> > +-
> >  tests/pxe-test.c   |  7 ++
> >  3 files changed, 54 insertions(+), 15 deletions(-)
> >   
> 
> It's that question again: Who picks this up? :)
> 
> I can take it through the s390 tree if nobody else wants it.

OK, I just went ahead and queued it to my s390-next branch.

Re: [Qemu-devel] [PATCH] s390x/tcg: specification exception for unknown diag

[Cornelia Huck]

On Fri, 18 Aug 2017 13:26:15 +0200
Thomas Huth  wrote:

> On 18.08.2017 13:00, Cornelia Huck wrote:
> > While the PoP is silent on the issue, z/VM documentation states
> > that unknown diagnose codes trigger a specification exception.
> > We already do that when running with kvm, so change tcg to do so
> > as well.  
> 
> I just tried on a z/VM guest what happens if I call diag with an
> unsupported code, and the Linux kernel then crashes with a specification
> exception, indeed. So this sounds like the right thing to do!

For reference, here's the relevant hunk in z/VM documentation:
https://www.ibm.com/support/knowledgecenter/SSB27U_6.4.0/com.ibm.zvm.v640.hcpb4/hcpb432.htm

> 
> > This is on top of "s390x: wire up diag288 in tcg".  
> 
> May I suggest to order the patches the other way round? ... that's less
> code churn that way.

Let me detangle my branches...

Re: [Qemu-devel] [RFC PATCH 0/9] TCG Vector types and example conversion

[Kirill Batuzov]

On Thu, 17 Aug 2017, Alex Bennée wrote:

> Hi,
> 
> With upcoming work on SVE I've been looking at the way we implement
> vector registers in QEMU's TCG. The current orthodoxy is to decompose
> the vector into a series of TCG registers, often calling a helper
> function the calculation of each element. The result of the helper is
> then is then stored back in the vector representation afterwards.
> There are occasional outliers like simd_tbl which access elements
> directly from a passed CPUFooState env pointer but these are rare.
> 
> This series introduces the concept of TCGv_vec type. This is a pointer
> to the start of the in memory representation of an arbitrarily long
> vector register. This is passed to a helper function as a pointer
> along with a normal TCG register containing information about the
> actual vector length and any additional information the helper needs
> to do the operation. The hope* is this saves on the churn of having
> the TCG do things element by element and allows the compiler to use
> native vector operations to streamline the helpers.
> 
> There are some downsides to this approach. The first is you have to be
> careful about register aliasing. If you are doing a same reg to same
> reg operation you need to make a copy of the vector so you don't
> trample your input data as you go. The second is this involves
> changing some of the assumptions the TCG makes about things. I've
> managed to keep all the changes within the core TCG code for now but
> so far it has only been tested for the tcg_call path which is the only
> place where TCGv_vec's should turn up. It is possible to do the same
> thing without touching the TCG code generation by using TCGv_ptrs and
> manually emitting tcg_addi ops to pass the correct address. Richard
> has been exploring this approach with his series. The downside of that
> is you do miss the ability to have named global vector registers which
> makes reading the TCG dumps a little easier.
> 
> I've only patched one helper in this series which implements the
> indexed smull. This is because it appears in the profiles for my test
> case which was using an arm64 ffmpeg to transcode:
> 
>   ./ffmpeg.arm64 -i big_buck_bunny_480p_surround-fix.avi \
> -threads 1 -qscale:v 3 -f null -
> 
> * hope. On an earlier revision (which included sqshrn conversions) I
>   had measured a minor saving but this had disappeared once I measured
>   the final code. However the profile is fairly dominated by
>   softfloat.
> 
> master:
>  8.05%  qemu-aarch64  qemu-aarch64 [.] roundAndPackFloat32
>  7.28%  qemu-aarch64  qemu-aarch64 [.] float32_mul
>  6.56%  qemu-aarch64  qemu-aarch64 [.] helper_lookup_tb_ptr
>  5.31%  qemu-aarch64  qemu-aarch64 [.] float32_muladd
>  4.09%  qemu-aarch64  qemu-aarch64 [.] helper_neon_mull_s16
>  4.00%  qemu-aarch64  qemu-aarch64 [.] addFloat32Sigs
>  3.86%  qemu-aarch64  qemu-aarch64 [.] subFloat32Sigs
>  2.26%  qemu-aarch64  qemu-aarch64 [.] helper_simd_tbl
>  2.00%  qemu-aarch64  qemu-aarch64 [.] float32_add
>  1.81%  qemu-aarch64  qemu-aarch64 [.] 
> helper_neon_unarrow_sat8
>  1.64%  qemu-aarch64  qemu-aarch64 [.] float32_sub
>  1.43%  qemu-aarch64  qemu-aarch64 [.] helper_neon_subl_u32
>  0.98%  qemu-aarch64  qemu-aarch64 [.] helper_neon_widen_u8
> 
> tcg-native-vectors-rfc:
>  7.93%  qemu-aarch64  qemu-aarch64 [.] roundAndPackFloat32
>  
>  7.54%  qemu-aarch64  qemu-aarch64 [.] float32_mul
>  
>  6.29%  qemu-aarch64  qemu-aarch64 [.] helper_lookup_tb_ptr
>  5.39%  qemu-aarch64  qemu-aarch64 [.] float32_muladd
>  3.92%  qemu-aarch64  qemu-aarch64 [.] addFloat32Sigs
>  3.86%  qemu-aarch64  qemu-aarch64 [.] subFloat32Sigs
>  3.62%  qemu-aarch64  qemu-aarch64 [.] 
> helper_advsimd_smull_idx_s32
>  2.19%  qemu-aarch64  qemu-aarch64 [.] helper_simd_tbl
>  2.09%  qemu-aarch64  qemu-aarch64 [.] helper_neon_mull_s16
>  1.99%  qemu-aarch64  qemu-aarch64 [.] float32_add
>  1.79%  qemu-aarch64  qemu-aarch64 [.] 
> helper_neon_unarrow_sat8
>  1.62%  qemu-aarch64  qemu-aarch64 [.] float32_sub
>  1.43%  qemu-aarch64  qemu-aarch64 [.] helper_neon_subl_u32
>  1.00%  qemu-aarch64  qemu-aarch64 [.] helper_neon_widen_u8
>  0.98%  qemu-aarch64  qemu-aarch64 [.] helper_neon_addl_u32
> 
> At the moment the default compiler settings don't actually vectorise
> the helper. I could get it to once I added some alignment guarantees
> but the casting I did broke the instruction emulation so I haven't
> included that patch in this series.
> 
> Given the results why continue investigating th

[Qemu-devel] [PATCH v3 for-2.11 03/18] target/s390x: simplify ri_allowed()

[David Hildenbrand]

Only used in KVM and there is no reason why it shouldn't be allowed for
tcg - it is simply not available.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio-ccw.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 1c7af39..3a674f5 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -276,9 +276,6 @@ static S390CcwMachineClass *get_machine_class(void)
 
 bool ri_allowed(void)
 {
-if (!kvm_enabled()) {
-return false;
-}
 /* for "none" machine this results in true */
 return get_machine_class()->ri_allowed;
 }
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 04/18] target/s390x: simplify gs_allowed()

[David Hildenbrand]

No need for kvm_enabled() as this function is only called from KVM and
there is no reason why it shouldn't be allowed for tcg. It is simply not
available under tcg.

Also, there is no need to check for the machine type anymore. Just like
ri_enabled(), we can directly use the stored flag, which results in
"true" for the "none" machine.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio-ccw.c | 14 ++
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 3a674f5..3e9b455 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -288,18 +288,8 @@ bool cpu_model_allowed(void)
 
 bool gs_allowed(void)
 {
-if (kvm_enabled()) {
-MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
-if (object_class_dynamic_cast(OBJECT_CLASS(mc),
-  TYPE_S390_CCW_MACHINE)) {
-S390CcwMachineClass *s390mc = S390_MACHINE_CLASS(mc);
-
-return s390mc->gs_allowed;
-}
-/* Make sure the "none" machine can have gs */
-return true;
-}
-return false;
+/* for "none" machine this results in true */
+return get_machine_class()->gs_allowed;
 }
 
 static char *machine_get_loadparm(Object *obj, Error **errp)
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 00/18] target/s390x: cleanup cpu.h

[David Hildenbrand]

... now featuring even more cleanups.

cpu.h is accessed outside of target/s390x. It should only contain
what is expected to be accessed outside of this folder. Therefore, create
internal.h and move a lot to that file. In addition, introduce
kvm-stub.c and kvm_390x.h for kvm specific functions.

Hopefully I haven't messed anything up. This now also compiles with
--disable-tcg.

v1 -> v2:
- Smaller style fixes.
- avoid CONFIG_KVM for "struct kvm_s390_irq" by using forward declaration.
- added a bunch of additional cleanup patches to remove as much dependency
  to kvm as possible for now. cpu.h will not include sysemu/kvm.h anymore.
- move cc_name() to helper.c instead of cc_helper.c (to fix --disable-tcg)

RFC -> v1:
- (hopefully) fixed a compile error
- move some functions from cpu.h to the only c file they are used in
- move kvm function and stubs to kvm_s390x.h and kvm-stub.c
- smaller requested style fixes


David Hildenbrand (18):
  s390x/kvm: drop KVMState parameter from s390_get_memslot_count()
  s390x/kvm: drop KVMState parameter from kvm_s390_set_mem_limit()
  target/s390x: simplify ri_allowed()
  target/s390x: simplify gs_allowed()
  target/s390x: no need to pass kvm_state to savevm_gtod handlers
  s390x/cpumodel: factor out determination of default model name
  s390x: drop inclusion of sysemu/kvm.h from some files
  target/s390x: move gtod_*() declarations to s390-virtio.h
  target/s390x: move cc_name() to helper.c
  target/s390x: move cpu_mmu_idx_to_asc() to excp_helper.c
  target/s390x: move psw_key_valid() to mem_helper.c
  target/s390x: move s390_do_cpu_reset() to diag.c
  target/s390x: move get_per_in_range() to misc_helper.c
  target/s390x: introduce internal.h
  target/s390x: move a couple of functions to cpu.c
  s390x: avoid calling kvm_ functions outside of target/s390x/
  s390x/kvm: move KVM declarations and stubs to separate files
  target/s390x: cleanup cpu.h

 hw/intc/s390_flic_kvm.c  |   1 +
 hw/s390x/s390-stattrib-kvm.c |   1 +
 hw/s390x/s390-stattrib.c |   2 +-
 hw/s390x/s390-virtio-ccw.c   |  23 +-
 hw/s390x/s390-virtio.c   |   7 +-
 hw/s390x/s390-virtio.h   |   2 +
 hw/s390x/sclp.c  |   3 +-
 hw/s390x/sclpcpu.c   |   1 -
 include/hw/s390x/css.h   |   1 +
 target/s390x/Makefile.objs   |   1 +
 target/s390x/arch_dump.c |   2 +-
 target/s390x/cc_helper.c |   1 +
 target/s390x/cpu.c   |  89 +
 target/s390x/cpu.h   | 759 ---
 target/s390x/cpu_models.c|  11 +
 target/s390x/diag.c  |   8 +
 target/s390x/excp_helper.c   |  15 +
 target/s390x/fpu_helper.c|   1 +
 target/s390x/gdbstub.c   |   1 +
 target/s390x/helper.c|  49 +++
 target/s390x/int_helper.c|   1 +
 target/s390x/internal.h  | 391 ++
 target/s390x/interrupt.c |   2 +
 target/s390x/ioinst.c|   1 +
 target/s390x/kvm-stub.c  | 111 +++
 target/s390x/kvm.c   |  18 +-
 target/s390x/kvm_s390x.h |  47 +++
 target/s390x/machine.c   |   2 +
 target/s390x/mem_helper.c|  12 +
 target/s390x/misc_helper.c   |  12 +
 target/s390x/mmu_helper.c|   2 +
 target/s390x/translate.c |   1 +
 32 files changed, 849 insertions(+), 729 deletions(-)
 create mode 100644 target/s390x/internal.h
 create mode 100644 target/s390x/kvm-stub.c
 create mode 100644 target/s390x/kvm_s390x.h

-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 01/18] s390x/kvm: drop KVMState parameter from s390_get_memslot_count()

[David Hildenbrand]

Not needed at that point.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/sclp.c| 2 +-
 target/s390x/cpu.h | 8 
 target/s390x/kvm.c | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 9253dbb..8dd1109 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -57,7 +57,7 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
 CPUState *cpu;
 int cpu_count = 0;
 int rnsize, rnmax;
-int slots = MIN(machine->ram_slots, s390_get_memslot_count(kvm_state));
+int slots = MIN(machine->ram_slots, s390_get_memslot_count());
 IplParameterBlock *ipib = s390_ipl_get_iplb();
 
 CPU_FOREACH(cpu) {
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 29fdd5d..44b1a7a 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -1164,7 +1164,7 @@ void kvm_s390_enable_css_support(S390CPU *cpu);
 int kvm_s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch,
 int vq, bool assign);
 int kvm_s390_cpu_restart(S390CPU *cpu);
-int kvm_s390_get_memslot_count(KVMState *s);
+int kvm_s390_get_memslot_count(void);
 int kvm_s390_cmma_active(void);
 void kvm_s390_cmma_reset(void);
 int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state);
@@ -1204,7 +1204,7 @@ static inline int kvm_s390_cpu_restart(S390CPU *cpu)
 static inline void kvm_s390_cmma_reset(void)
 {
 }
-static inline int kvm_s390_get_memslot_count(KVMState *s)
+static inline int kvm_s390_get_memslot_count(void)
 {
   return MAX_AVAIL_SLOTS;
 }
@@ -1263,10 +1263,10 @@ static inline int s390_cpu_restart(S390CPU *cpu)
 return -ENOSYS;
 }
 
-static inline int s390_get_memslot_count(KVMState *s)
+static inline int s390_get_memslot_count(void)
 {
 if (kvm_enabled()) {
-return kvm_s390_get_memslot_count(s);
+return kvm_s390_get_memslot_count();
 } else {
 return MAX_AVAIL_SLOTS;
 }
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index c4c5791..d0bb9e9 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -2289,9 +2289,9 @@ int kvm_s390_assign_subch_ioeventfd(EventNotifier 
*notifier, uint32_t sch,
 return kvm_vm_ioctl(kvm_state, KVM_IOEVENTFD, &kick);
 }
 
-int kvm_s390_get_memslot_count(KVMState *s)
+int kvm_s390_get_memslot_count(void)
 {
-return kvm_check_extension(s, KVM_CAP_NR_MEMSLOTS);
+return kvm_check_extension(kvm_state, KVM_CAP_NR_MEMSLOTS);
 }
 
 int kvm_s390_get_ri(void)
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 02/18] s390x/kvm: drop KVMState parameter from kvm_s390_set_mem_limit()

[David Hildenbrand]

Not needed at that point. Also drop it from kvm_s390_query_mem_limit()
we call in kvm_s390_set_mem_limit().

Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h |  7 +++
 target/s390x/kvm.c | 12 ++--
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 44b1a7a..798e299 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -1169,7 +1169,7 @@ int kvm_s390_cmma_active(void);
 void kvm_s390_cmma_reset(void);
 int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state);
 void kvm_s390_reset_vcpu(S390CPU *cpu);
-int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t 
*hw_limit);
+int kvm_s390_set_mem_limit(uint64_t new_limit, uint64_t *hw_limit);
 void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
 int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
 int kvm_s390_get_ri(void);
@@ -1215,8 +1215,7 @@ static inline int kvm_s390_set_cpu_state(S390CPU *cpu, 
uint8_t cpu_state)
 static inline void kvm_s390_reset_vcpu(S390CPU *cpu)
 {
 }
-static inline int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit,
- uint64_t *hw_limit)
+static inline int kvm_s390_set_mem_limit(uint64_t new_limit, uint64_t 
*hw_limit)
 {
 return 0;
 }
@@ -1243,7 +1242,7 @@ static inline void kvm_s390_crypto_reset(void)
 static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
 {
 if (kvm_enabled()) {
-return kvm_s390_set_mem_limit(kvm_state, new_limit, hw_limit);
+return kvm_s390_set_mem_limit(new_limit, hw_limit);
 }
 return 0;
 }
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index d0bb9e9..0e324ae 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -145,7 +145,7 @@ static int active_cmma;
 
 static void *legacy_s390_alloc(size_t size, uint64_t *align);
 
-static int kvm_s390_query_mem_limit(KVMState *s, uint64_t *memory_limit)
+static int kvm_s390_query_mem_limit(uint64_t *memory_limit)
 {
 struct kvm_device_attr attr = {
 .group = KVM_S390_VM_MEM_CTRL,
@@ -153,10 +153,10 @@ static int kvm_s390_query_mem_limit(KVMState *s, uint64_t 
*memory_limit)
 .addr = (uint64_t) memory_limit,
 };
 
-return kvm_vm_ioctl(s, KVM_GET_DEVICE_ATTR, &attr);
+return kvm_vm_ioctl(kvm_state, KVM_GET_DEVICE_ATTR, &attr);
 }
 
-int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t *hw_limit)
+int kvm_s390_set_mem_limit(uint64_t new_limit, uint64_t *hw_limit)
 {
 int rc;
 
@@ -166,18 +166,18 @@ int kvm_s390_set_mem_limit(KVMState *s, uint64_t 
new_limit, uint64_t *hw_limit)
 .addr = (uint64_t) &new_limit,
 };
 
-if (!kvm_vm_check_mem_attr(s, KVM_S390_VM_MEM_LIMIT_SIZE)) {
+if (!kvm_vm_check_mem_attr(kvm_state, KVM_S390_VM_MEM_LIMIT_SIZE)) {
 return 0;
 }
 
-rc = kvm_s390_query_mem_limit(s, hw_limit);
+rc = kvm_s390_query_mem_limit(hw_limit);
 if (rc) {
 return rc;
 } else if (*hw_limit < new_limit) {
 return -E2BIG;
 }
 
-return kvm_vm_ioctl(s, KVM_SET_DEVICE_ATTR, &attr);
+return kvm_vm_ioctl(kvm_state, KVM_SET_DEVICE_ATTR, &attr);
 }
 
 int kvm_s390_cmma_active(void)
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 06/18] s390x/cpumodel: factor out determination of default model name

[David Hildenbrand]

Now we can drop inclusion of "sysemu/kvm.h" from "s390-virtio.c".

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio.c| 7 +--
 target/s390x/cpu.h| 1 +
 target/s390x/cpu_models.c | 8 
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index afa4148..da3f49e 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -33,7 +33,6 @@
 #include "hw/boards.h"
 #include "hw/loader.h"
 #include "hw/virtio/virtio.h"
-#include "sysemu/kvm.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
 
@@ -93,11 +92,7 @@ void s390_init_cpus(MachineState *machine)
 gchar *name;
 
 if (machine->cpu_model == NULL) {
-if (kvm_enabled()) {
-machine->cpu_model = "host";
-} else {
-machine->cpu_model = "qemu";
-}
+machine->cpu_model = s390_default_cpu_model_name();
 }
 
 cpu_states = g_new0(S390CPU *, max_cpus);
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 798e299..3ce7ffc 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -647,6 +647,7 @@ void s390_cpu_model_register_props(Object *obj);
 void s390_cpu_model_class_register_props(ObjectClass *oc);
 void s390_realize_cpu_model(CPUState *cs, Error **errp);
 ObjectClass *s390_cpu_class_by_name(const char *name);
+const char *s390_default_cpu_model_name(void);
 
 #define EXCP_EXT 1 /* external interrupt */
 #define EXCP_SVC 2 /* supervisor call (syscall) */
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index fa1338f..915f067 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -1200,6 +1200,14 @@ ObjectClass *s390_cpu_class_by_name(const char *name)
 return oc;
 }
 
+const char *s390_default_cpu_model_name(void)
+{
+ if (kvm_enabled()) {
+return "host";
+ }
+ return "qemu";
+}
+
 static const TypeInfo qemu_s390_cpu_type_info = {
 .name = S390_CPU_TYPE_NAME("qemu"),
 .parent = TYPE_S390_CPU,
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 05/18] target/s390x: no need to pass kvm_state to savevm_gtod handlers

[David Hildenbrand]

Let's avoid any KVM stuff in s390-virtio-ccw.c. This parameter is simply
ignored.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio-ccw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 3e9b455..f19fab5 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -161,7 +161,7 @@ static void ccw_init(MachineState *machine)
 s390_create_virtio_net(BUS(css_bus), "virtio-net-ccw");
 
 /* Register savevm handler for guest TOD clock */
-register_savevm_live(NULL, "todclock", 0, 1, &savevm_gtod, kvm_state);
+register_savevm_live(NULL, "todclock", 0, 1, &savevm_gtod, NULL);
 }
 
 static void s390_cpu_plug(HotplugHandler *hotplug_dev,
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 08/18] target/s390x: move gtod_*() declarations to s390-virtio.h

[David Hildenbrand]

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio.h | 2 ++
 target/s390x/cpu.h | 3 ---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio.h b/hw/s390x/s390-virtio.h
index f2377a3..ca97fd6 100644
--- a/hw/s390x/s390-virtio.h
+++ b/hw/s390x/s390-virtio.h
@@ -30,4 +30,6 @@ void s390_create_virtio_net(BusState *bus, const char *name);
 void s390_nmi(NMIState *n, int cpu_index, Error **errp);
 void s390_machine_reset(void);
 void s390_memory_init(ram_addr_t mem_size);
+void gtod_save(QEMUFile *f, void *opaque);
+int gtod_load(QEMUFile *f, void *opaque, int version_id);
 #endif
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 3ce7ffc..c40d70d 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -594,9 +594,6 @@ static inline uint8_t s390_cpu_get_state(S390CPU *cpu)
 return cpu->env.cpu_state;
 }
 
-void gtod_save(QEMUFile *f, void *opaque);
-int gtod_load(QEMUFile *f, void *opaque, int version_id);
-
 void cpu_inject_ext(S390CPU *cpu, uint32_t code, uint32_t param,
 uint64_t param64);
 
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 10/18] target/s390x: move cpu_mmu_idx_to_asc() to excp_helper.c

[David Hildenbrand]

Only used in that file.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h | 14 --
 target/s390x/excp_helper.c | 14 ++
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 10208ec..c71a4bf 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -393,20 +393,6 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool 
ifetch)
 }
 }
 
-static inline uint64_t cpu_mmu_idx_to_asc(int mmu_idx)
-{
-switch (mmu_idx) {
-case MMU_PRIMARY_IDX:
-return PSW_ASC_PRIMARY;
-case MMU_SECONDARY_IDX:
-return PSW_ASC_SECONDARY;
-case MMU_HOME_IDX:
-return PSW_ASC_HOME;
-default:
-abort();
-}
-}
-
 static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc,
 target_ulong *cs_base, uint32_t *flags)
 {
diff --git a/target/s390x/excp_helper.c b/target/s390x/excp_helper.c
index d183377..db86259 100644
--- a/target/s390x/excp_helper.c
+++ b/target/s390x/excp_helper.c
@@ -68,6 +68,20 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr address,
 
 #else /* !CONFIG_USER_ONLY */
 
+static inline uint64_t cpu_mmu_idx_to_asc(int mmu_idx)
+{
+switch (mmu_idx) {
+case MMU_PRIMARY_IDX:
+return PSW_ASC_PRIMARY;
+case MMU_SECONDARY_IDX:
+return PSW_ASC_SECONDARY;
+case MMU_HOME_IDX:
+return PSW_ASC_HOME;
+default:
+abort();
+}
+}
+
 int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr orig_vaddr,
   int rw, int mmu_idx)
 {
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 09/18] target/s390x: move cc_name() to helper.c

[David Hildenbrand]

While at it, move the translations into the function and properly pass
enum cc_op as parameter. We can't move it to cc_helper.c as this would
break --disable-tcg.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h| 48 +---
 target/s390x/helper.c | 48 
 2 files changed, 49 insertions(+), 47 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index c40d70d..10208ec 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -742,53 +742,7 @@ enum cc_op {
 CC_OP_MAX
 };
 
-static const char *cc_names[] = {
-[CC_OP_CONST0]= "CC_OP_CONST0",
-[CC_OP_CONST1]= "CC_OP_CONST1",
-[CC_OP_CONST2]= "CC_OP_CONST2",
-[CC_OP_CONST3]= "CC_OP_CONST3",
-[CC_OP_DYNAMIC]   = "CC_OP_DYNAMIC",
-[CC_OP_STATIC]= "CC_OP_STATIC",
-[CC_OP_NZ]= "CC_OP_NZ",
-[CC_OP_LTGT_32]   = "CC_OP_LTGT_32",
-[CC_OP_LTGT_64]   = "CC_OP_LTGT_64",
-[CC_OP_LTUGTU_32] = "CC_OP_LTUGTU_32",
-[CC_OP_LTUGTU_64] = "CC_OP_LTUGTU_64",
-[CC_OP_LTGT0_32]  = "CC_OP_LTGT0_32",
-[CC_OP_LTGT0_64]  = "CC_OP_LTGT0_64",
-[CC_OP_ADD_64]= "CC_OP_ADD_64",
-[CC_OP_ADDU_64]   = "CC_OP_ADDU_64",
-[CC_OP_ADDC_64]   = "CC_OP_ADDC_64",
-[CC_OP_SUB_64]= "CC_OP_SUB_64",
-[CC_OP_SUBU_64]   = "CC_OP_SUBU_64",
-[CC_OP_SUBB_64]   = "CC_OP_SUBB_64",
-[CC_OP_ABS_64]= "CC_OP_ABS_64",
-[CC_OP_NABS_64]   = "CC_OP_NABS_64",
-[CC_OP_ADD_32]= "CC_OP_ADD_32",
-[CC_OP_ADDU_32]   = "CC_OP_ADDU_32",
-[CC_OP_ADDC_32]   = "CC_OP_ADDC_32",
-[CC_OP_SUB_32]= "CC_OP_SUB_32",
-[CC_OP_SUBU_32]   = "CC_OP_SUBU_32",
-[CC_OP_SUBB_32]   = "CC_OP_SUBB_32",
-[CC_OP_ABS_32]= "CC_OP_ABS_32",
-[CC_OP_NABS_32]   = "CC_OP_NABS_32",
-[CC_OP_COMP_32]   = "CC_OP_COMP_32",
-[CC_OP_COMP_64]   = "CC_OP_COMP_64",
-[CC_OP_TM_32] = "CC_OP_TM_32",
-[CC_OP_TM_64] = "CC_OP_TM_64",
-[CC_OP_NZ_F32]= "CC_OP_NZ_F32",
-[CC_OP_NZ_F64]= "CC_OP_NZ_F64",
-[CC_OP_NZ_F128]   = "CC_OP_NZ_F128",
-[CC_OP_ICM]   = "CC_OP_ICM",
-[CC_OP_SLA_32]= "CC_OP_SLA_32",
-[CC_OP_SLA_64]= "CC_OP_SLA_64",
-[CC_OP_FLOGR] = "CC_OP_FLOGR",
-};
-
-static inline const char *cc_name(int cc_op)
-{
-return cc_names[cc_op];
-}
+const char *cc_name(enum cc_op cc_op);
 
 static inline void setcc(S390CPU *cpu, uint64_t cc)
 {
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index 0c989b1..e31d3e5 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -352,3 +352,51 @@ void s390_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 
 cpu_fprintf(f, "\n");
 }
+
+const char *cc_name(enum cc_op cc_op)
+{
+static const char * const cc_names[] = {
+[CC_OP_CONST0]= "CC_OP_CONST0",
+[CC_OP_CONST1]= "CC_OP_CONST1",
+[CC_OP_CONST2]= "CC_OP_CONST2",
+[CC_OP_CONST3]= "CC_OP_CONST3",
+[CC_OP_DYNAMIC]   = "CC_OP_DYNAMIC",
+[CC_OP_STATIC]= "CC_OP_STATIC",
+[CC_OP_NZ]= "CC_OP_NZ",
+[CC_OP_LTGT_32]   = "CC_OP_LTGT_32",
+[CC_OP_LTGT_64]   = "CC_OP_LTGT_64",
+[CC_OP_LTUGTU_32] = "CC_OP_LTUGTU_32",
+[CC_OP_LTUGTU_64] = "CC_OP_LTUGTU_64",
+[CC_OP_LTGT0_32]  = "CC_OP_LTGT0_32",
+[CC_OP_LTGT0_64]  = "CC_OP_LTGT0_64",
+[CC_OP_ADD_64]= "CC_OP_ADD_64",
+[CC_OP_ADDU_64]   = "CC_OP_ADDU_64",
+[CC_OP_ADDC_64]   = "CC_OP_ADDC_64",
+[CC_OP_SUB_64]= "CC_OP_SUB_64",
+[CC_OP_SUBU_64]   = "CC_OP_SUBU_64",
+[CC_OP_SUBB_64]   = "CC_OP_SUBB_64",
+[CC_OP_ABS_64]= "CC_OP_ABS_64",
+[CC_OP_NABS_64]   = "CC_OP_NABS_64",
+[CC_OP_ADD_32]= "CC_OP_ADD_32",
+[CC_OP_ADDU_32]   = "CC_OP_ADDU_32",
+[CC_OP_ADDC_32]   = "CC_OP_ADDC_32",
+[CC_OP_SUB_32]= "CC_OP_SUB_32",
+[CC_OP_SUBU_32]   = "CC_OP_SUBU_32",
+[CC_OP_SUBB_32]   = "CC_OP_SUBB_32",
+[CC_OP_ABS_32]= "CC_OP_ABS_32",
+[CC_OP_NABS_32]   = "CC_OP_NABS_32",
+[CC_OP_COMP_32]   = "CC_OP_COMP_32",
+[CC_OP_COMP_64]   = "CC_OP_COMP_64",
+[CC_OP_TM_32] = "CC_OP_TM_32",
+[CC_OP_TM_64] = "CC_OP_TM_64",
+[CC_OP_NZ_F32]= "CC_OP_NZ_F32",
+[CC_OP_NZ_F64]= "CC_OP_NZ_F64",
+[CC_OP_NZ_F128]   = "CC_OP_NZ_F128",
+[CC_OP_ICM]   = "CC_OP_ICM",
+[CC_OP_SLA_32]= "CC_OP_SLA_32",
+[CC_OP_SLA_64]= "CC_OP_SLA_64",
+[CC_OP_FLOGR] = "CC_OP_FLOGR",
+};
+
+return cc_names[cc_op];
+}
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 07/18] s390x: drop inclusion of sysemu/kvm.h from some files

[David Hildenbrand]

s390-stattrib.c needs definition of TARGET_PAGE_SIZE, solve it via cpu.h.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-stattrib.c | 2 +-
 hw/s390x/sclp.c  | 1 -
 hw/s390x/sclpcpu.c   | 1 -
 target/s390x/arch_dump.c | 1 -
 4 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/hw/s390x/s390-stattrib.c b/hw/s390x/s390-stattrib.c
index d14923f..14a0271 100644
--- a/hw/s390x/s390-stattrib.c
+++ b/hw/s390x/s390-stattrib.c
@@ -11,12 +11,12 @@
 
 #include "qemu/osdep.h"
 #include "hw/boards.h"
+#include "cpu.h"
 #include "qmp-commands.h"
 #include "migration/qemu-file.h"
 #include "migration/register.h"
 #include "hw/s390x/storage-attributes.h"
 #include "qemu/error-report.h"
-#include "sysemu/kvm.h"
 #include "exec/ram_addr.h"
 #include "qapi/error.h"
 
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 8dd1109..0b45b74 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -15,7 +15,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "cpu.h"
-#include "sysemu/kvm.h"
 #include "exec/memory.h"
 #include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
diff --git a/hw/s390x/sclpcpu.c b/hw/s390x/sclpcpu.c
index b1f3ef8..023d059 100644
--- a/hw/s390x/sclpcpu.c
+++ b/hw/s390x/sclpcpu.c
@@ -18,7 +18,6 @@
 #include "hw/s390x/event-facility.h"
 #include "cpu.h"
 #include "sysemu/cpus.h"
-#include "sysemu/kvm.h"
 
 typedef struct ConfigMgtData {
 EventBufferHeader ebh;
diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
index 96c9fb9..399030d 100644
--- a/target/s390x/arch_dump.c
+++ b/target/s390x/arch_dump.c
@@ -16,7 +16,6 @@
 #include "elf.h"
 #include "exec/cpu-all.h"
 #include "sysemu/dump.h"
-#include "sysemu/kvm.h"
 
 
 struct S390xUserRegsStruct {
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 14/18] target/s390x: introduce internal.h

[David Hildenbrand]

cpu.h should only contain what really has to be accessed outside of
target/s390x/. Add internal.h which can only be used inside target/s390x/.

Move everything that isn't fast enough to run away and restructure it
right away. We'll move all kvm_* stuff later.

Minor style fixes to avoid checkpatch warning to:
- struct Lowcore: "{" goes into same line as typedef
- struct LowCore: add spaces around "-" in array length calculations
- time2tod() and tod2time(): move "{" to separate line
- get_per_atmid(): add space between ")" and "?". Move cases by one char.
- get_per_atmid(): drop extra paremthesis around (1 << 6)

Change license of new file to GPL2+ and keep copyright notice.

Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Hildenbrand 
---
 target/s390x/arch_dump.c   |   1 +
 target/s390x/cc_helper.c   |   1 +
 target/s390x/cpu.c |   1 +
 target/s390x/cpu.h | 343 ---
 target/s390x/cpu_models.c  |   1 +
 target/s390x/diag.c|   1 +
 target/s390x/excp_helper.c |   1 +
 target/s390x/fpu_helper.c  |   1 +
 target/s390x/gdbstub.c |   1 +
 target/s390x/helper.c  |   1 +
 target/s390x/int_helper.c  |   1 +
 target/s390x/internal.h| 391 +
 target/s390x/interrupt.c   |   1 +
 target/s390x/ioinst.c  |   1 +
 target/s390x/kvm.c |   1 +
 target/s390x/machine.c |   1 +
 target/s390x/mem_helper.c  |   1 +
 target/s390x/misc_helper.c |   1 +
 target/s390x/mmu_helper.c  |   1 +
 target/s390x/translate.c   |   1 +
 20 files changed, 409 insertions(+), 343 deletions(-)
 create mode 100644 target/s390x/internal.h

diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
index 399030d..9b0bf92 100644
--- a/target/s390x/arch_dump.c
+++ b/target/s390x/arch_dump.c
@@ -13,6 +13,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "internal.h"
 #include "elf.h"
 #include "exec/cpu-all.h"
 #include "sysemu/dump.h"
diff --git a/target/s390x/cc_helper.c b/target/s390x/cc_helper.c
index 1cf8551..f008897 100644
--- a/target/s390x/cc_helper.c
+++ b/target/s390x/cc_helper.c
@@ -20,6 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "internal.h"
 #include "exec/exec-all.h"
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 489bc25..dadd383 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -26,6 +26,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "internal.h"
 #include "qemu-common.h"
 #include "qemu/cutils.h"
 #include "qemu/timer.h"
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 55aab52..af941f8 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -213,20 +213,6 @@ static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
 extern const struct VMStateDescription vmstate_s390_cpu;
 #endif
 
-void s390_cpu_do_interrupt(CPUState *cpu);
-bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void s390_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
-  int cpuid, void *opaque);
-
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
-int s390_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int s390_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void s390_cpu_gdb_init(CPUState *cs);
-void s390x_cpu_debug_excp_handler(CPUState *cs);
-
 #include "sysemu/kvm.h"
 
 /* distinguish between 24 bit and 31 bit addressing */
@@ -390,26 +376,6 @@ static inline void cpu_get_tb_cpu_state(CPUS390XState* 
env, target_ulong *pc,
 *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW;
 }
 
-#define MAX_ILEN 6
-
-/* While the PoO talks about ILC (a number between 1-3) what is actually
-   stored in LowCore is shifted left one bit (an even between 2-6).  As
-   this is the actual length of the insn and therefore more useful, that
-   is what we want to pass around and manipulate.  To make sure that we
-   have applied this distinction universally, rename the "ILC" to "ILEN".  */
-static inline int get_ilen(uint8_t opc)
-{
-switch (opc >> 6) {
-case 0:
-return 2;
-case 1:
-case 2:
-return 4;
-default:
-return 6;
-}
-}
-
 /* PER bits from control register 9 */
 #define PER_CR9_EVENT_BRANCH   0x8000
 #define PER_CR9_EVENT_IFETCH   0x4000
@@ -426,66 +392,17 @@ static inline int get_ilen(uint8_t opc)
 #define PER_CODE_EVENT_STORE_REAL  0x0800
 #define PER_CODE_EVENT_NULLIFICATION   0x0100
 
-/* Compute the ATMID field that is stored in the per_perc_atmid lowcore
-   entry when a PER exception is triggered.  */
-static inline uint8_t get_per_atmid(CPUS390XState 

[Qemu-devel] [PATCH v3 for-2.11 17/18] s390x/kvm: move KVM declarations and stubs to separate files

[David Hildenbrand]

Let's do it just like the other architectures. Introduce kvm-stub.c
for stubs and kvm_s390x.h for the declarations.

Change license to GPL2+ and keep copyright notice.

As we are dropping the sysemu/kvm.h include from cpu.h, fix up includes.

Suggested-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 hw/intc/s390_flic_kvm.c  |   1 +
 hw/s390x/s390-stattrib-kvm.c |   1 +
 include/hw/s390x/css.h   |   1 +
 target/s390x/Makefile.objs   |   1 +
 target/s390x/cpu.c   |   2 +
 target/s390x/cpu.h   | 119 ---
 target/s390x/cpu_models.c|   2 +
 target/s390x/interrupt.c |   1 +
 target/s390x/kvm-stub.c  | 111 
 target/s390x/kvm.c   |   1 +
 target/s390x/kvm_s390x.h |  47 +
 target/s390x/machine.c   |   1 +
 target/s390x/mmu_helper.c|   1 +
 13 files changed, 170 insertions(+), 119 deletions(-)
 create mode 100644 target/s390x/kvm-stub.c
 create mode 100644 target/s390x/kvm_s390x.h

diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c
index be3fd00..7ead17a 100644
--- a/hw/intc/s390_flic_kvm.c
+++ b/hw/intc/s390_flic_kvm.c
@@ -13,6 +13,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "kvm_s390x.h"
 #include 
 #include "qemu/error-report.h"
 #include "qapi/error.h"
diff --git a/hw/s390x/s390-stattrib-kvm.c b/hw/s390x/s390-stattrib-kvm.c
index ff3f89f..ed95d13 100644
--- a/hw/s390x/s390-stattrib-kvm.c
+++ b/hw/s390x/s390-stattrib-kvm.c
@@ -17,6 +17,7 @@
 #include "sysemu/kvm.h"
 #include "exec/ram_addr.h"
 #include "cpu.h"
+#include "kvm_s390x.h"
 
 Object *kvm_s390_stattrib_create(void)
 {
diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
index 5c5fe6b..a4cc358 100644
--- a/include/hw/s390x/css.h
+++ b/include/hw/s390x/css.h
@@ -16,6 +16,7 @@
 #include "hw/s390x/adapter.h"
 #include "hw/s390x/s390_flic.h"
 #include "hw/s390x/ioinst.h"
+#include "sysemu/kvm.h"
 
 /* Channel subsystem constants. */
 #define MAX_DEVNO 65535
diff --git a/target/s390x/Makefile.objs b/target/s390x/Makefile.objs
index f42cd1f..9615256 100644
--- a/target/s390x/Makefile.objs
+++ b/target/s390x/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_TCG) += translate.o cc_helper.o excp_helper.o 
fpu_helper.o
 obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o ioinst.o arch_dump.o mmu_helper.o diag.o
 obj-$(CONFIG_KVM) += kvm.o
+obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
 
 # build and run feature list generator
 feat-src = $(SRC_PATH)/target/$(TARGET_BASE_ARCH)/
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index c538a95..7267b60 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -27,6 +27,8 @@
 #include "qapi/error.h"
 #include "cpu.h"
 #include "internal.h"
+#include "kvm_s390x.h"
+#include "sysemu/kvm.h"
 #include "qemu-common.h"
 #include "qemu/cutils.h"
 #include "qemu/timer.h"
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 77b2977..464db3e 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -213,8 +213,6 @@ static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
 extern const struct VMStateDescription vmstate_s390_cpu;
 #endif
 
-#include "sysemu/kvm.h"
-
 /* distinguish between 24 bit and 31 bit addressing */
 #define HIGH_ORDER_BIT 0x8000
 
@@ -407,39 +405,6 @@ int cpu_s390x_signal_handler(int host_signum, void *pinfo,
 void s390_enable_css_support(S390CPU *cpu);
 int s390_virtio_hypercall(CPUS390XState *env);
 
-#ifdef CONFIG_KVM
-void kvm_s390_service_interrupt(uint32_t parm);
-void kvm_s390_vcpu_interrupt(S390CPU *cpu, struct kvm_s390_irq *irq);
-void kvm_s390_floating_interrupt(struct kvm_s390_irq *irq);
-int kvm_s390_inject_flic(struct kvm_s390_irq *irq);
-void kvm_s390_access_exception(S390CPU *cpu, uint16_t code, uint64_t te_code);
-int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
-int len, bool is_write);
-int kvm_s390_get_clock(uint8_t *tod_high, uint64_t *tod_clock);
-int kvm_s390_set_clock(uint8_t *tod_high, uint64_t *tod_clock);
-#else
-static inline void kvm_s390_service_interrupt(uint32_t parm)
-{
-}
-static inline int kvm_s390_get_clock(uint8_t *tod_high, uint64_t *tod_low)
-{
-return -ENOSYS;
-}
-static inline int kvm_s390_set_clock(uint8_t *tod_high, uint64_t *tod_low)
-{
-return -ENOSYS;
-}
-static inline int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar,
-  void *hostbuf, int len, bool is_write)
-{
-return -ENOSYS;
-}
-static inline void kvm_s390_access_exception(S390CPU *cpu, uint16_t code,
- uint64_t te_code)
-{
-}
-#endif
-
 int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low);
 int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low);
 
@@ -704,90 +669,6 @@ int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, 
uint8_t ar, void *hostbuf,
 #define ILEN_AUT

[Qemu-devel] [PATCH v3 for-2.11 16/18] s390x: avoid calling kvm_ functions outside of target/s390x/

[David Hildenbrand]

Let's just introduce an helper.

Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Hildenbrand 
---
 hw/s390x/s390-virtio-ccw.c | 4 +---
 target/s390x/cpu.c | 7 +++
 target/s390x/cpu.h | 1 +
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index f19fab5..ce0c4bb 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -142,9 +142,7 @@ static void ccw_init(MachineState *machine)
 /* register hypercalls */
 virtio_ccw_register_hcalls();
 
-if (kvm_enabled()) {
-kvm_s390_enable_css_support(s390_cpu_addr2state(0));
-}
+s390_enable_css_support(s390_cpu_addr2state(0));
 /*
  * Non mcss-e enabled guests only see the devices from the default
  * css, which is determined by the value of the squash_mcss property.
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 90e2db7..c538a95 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -471,6 +471,13 @@ bool s390_get_squash_mcss(void)
 
 return false;
 }
+
+void s390_enable_css_support(S390CPU *cpu)
+{
+if (kvm_enabled()) {
+kvm_s390_enable_css_support(cpu);
+}
+}
 #endif
 
 static gchar *s390_gdb_arch_name(CPUState *cs)
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index a2cefb7..77b2977 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -404,6 +404,7 @@ int cpu_s390x_signal_handler(int host_signum, void *pinfo,
 
 #ifndef CONFIG_USER_ONLY
 
+void s390_enable_css_support(S390CPU *cpu);
 int s390_virtio_hypercall(CPUS390XState *env);
 
 #ifdef CONFIG_KVM
-- 
2.9.4

[Qemu-devel] [PATCH v3 for-2.11 15/18] target/s390x: move a couple of functions to cpu.c

[David Hildenbrand]

Prepare to move more stuff (especially KVM related) from cpu.h to
internal.h.

Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.c | 79 
 target/s390x/cpu.h | 89 ++
 2 files changed, 89 insertions(+), 79 deletions(-)

diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index dadd383..90e2db7 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -392,6 +392,85 @@ unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU 
*cpu)
 
 return s390_count_running_cpus();
 }
+
+int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low)
+{
+if (kvm_enabled()) {
+return kvm_s390_get_clock(tod_high, tod_low);
+}
+/* Fixme TCG */
+*tod_high = 0;
+*tod_low = 0;
+return 0;
+}
+
+int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low)
+{
+if (kvm_enabled()) {
+return kvm_s390_set_clock(tod_high, tod_low);
+}
+/* Fixme TCG */
+return 0;
+}
+
+int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
+{
+if (kvm_enabled()) {
+return kvm_s390_set_mem_limit(new_limit, hw_limit);
+}
+return 0;
+}
+
+void s390_cmma_reset(void)
+{
+if (kvm_enabled()) {
+kvm_s390_cmma_reset();
+}
+}
+
+int s390_cpu_restart(S390CPU *cpu)
+{
+if (kvm_enabled()) {
+return kvm_s390_cpu_restart(cpu);
+}
+return -ENOSYS;
+}
+
+int s390_get_memslot_count(void)
+{
+if (kvm_enabled()) {
+return kvm_s390_get_memslot_count();
+} else {
+return MAX_AVAIL_SLOTS;
+}
+}
+
+int s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch_id,
+int vq, bool assign)
+{
+if (kvm_enabled()) {
+return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
+} else {
+return 0;
+}
+}
+
+void s390_crypto_reset(void)
+{
+if (kvm_enabled()) {
+kvm_s390_crypto_reset();
+}
+}
+
+bool s390_get_squash_mcss(void)
+{
+if (object_property_get_bool(OBJECT(qdev_get_machine()), 
"s390-squash-mcss",
+ NULL)) {
+return true;
+}
+
+return false;
+}
 #endif
 
 static gchar *s390_gdb_arch_name(CPUState *cs)
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index af941f8..a2cefb7 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -439,25 +439,8 @@ static inline void kvm_s390_access_exception(S390CPU *cpu, 
uint16_t code,
 }
 #endif
 
-static inline int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low)
-{
-if (kvm_enabled()) {
-return kvm_s390_get_clock(tod_high, tod_low);
-}
-/* Fixme TCG */
-*tod_high = 0;
-*tod_low = 0;
-return 0;
-}
-
-static inline int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low)
-{
-if (kvm_enabled()) {
-return kvm_s390_set_clock(tod_high, tod_low);
-}
-/* Fixme TCG */
-return 0;
-}
+int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low);
+int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low);
 
 S390CPU *s390_cpu_addr2state(uint16_t cpu_addr);
 unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu);
@@ -805,69 +788,17 @@ static inline void kvm_s390_crypto_reset(void)
 }
 #endif
 
-static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
-{
-if (kvm_enabled()) {
-return kvm_s390_set_mem_limit(new_limit, hw_limit);
-}
-return 0;
-}
-
-static inline void s390_cmma_reset(void)
-{
-if (kvm_enabled()) {
-kvm_s390_cmma_reset();
-}
-}
-
-static inline int s390_cpu_restart(S390CPU *cpu)
-{
-if (kvm_enabled()) {
-return kvm_s390_cpu_restart(cpu);
-}
-return -ENOSYS;
-}
-
-static inline int s390_get_memslot_count(void)
-{
-if (kvm_enabled()) {
-return kvm_s390_get_memslot_count();
-} else {
-return MAX_AVAIL_SLOTS;
-}
-}
-
+int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit);
+void s390_cmma_reset(void);
+int s390_cpu_restart(S390CPU *cpu);
+int s390_get_memslot_count(void);
 void s390_io_interrupt(uint16_t subchannel_id, uint16_t subchannel_nr,
uint32_t io_int_parm, uint32_t io_int_word);
 void s390_crw_mchk(void);
-
-static inline int s390_assign_subch_ioeventfd(EventNotifier *notifier,
-  uint32_t sch_id, int vq,
-  bool assign)
-{
-if (kvm_enabled()) {
-return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
-} else {
-return 0;
-}
-}
-
-static inline void s390_crypto_reset(void)
-{
-if (kvm_enabled()) {
-kvm_s390_crypto_reset();
-}
-}
-
-static inline bool s390_get_squash_mcss(void)
-{
-if (object_property_get_bool(OBJECT(qdev_get_machine()), 
"s390-squash-mcss",
- NUL

[Qemu-devel] [PATCH v3 for-2.11 12/18] target/s390x: move s390_do_cpu_reset() to diag.c

[David Hildenbrand]

Only used in that file. Also drop the comment, not really needed.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h  | 7 ---
 target/s390x/diag.c | 7 +++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 8300cb2..9cdce6c 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -490,13 +490,6 @@ static inline hwaddr decode_basedisp_s(CPUS390XState *env, 
uint32_t ipb,
 /* Base/displacement are at the same locations. */
 #define decode_basedisp_rs decode_basedisp_s
 
-/* helper functions for run_on_cpu() */
-static inline void s390_do_cpu_reset(CPUState *cs, run_on_cpu_data arg)
-{
-S390CPUClass *scc = S390_CPU_GET_CLASS(cs);
-
-scc->cpu_reset(cs);
-}
 static inline void s390_do_cpu_full_reset(CPUState *cs, run_on_cpu_data arg)
 {
 cpu_reset(cs);
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 10ac845..1847cdb 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -39,6 +39,13 @@ static int modified_clear_reset(S390CPU *cpu)
 return 0;
 }
 
+static inline void s390_do_cpu_reset(CPUState *cs, run_on_cpu_data arg)
+{
+S390CPUClass *scc = S390_CPU_GET_CLASS(cs);
+
+scc->cpu_reset(cs);
+}
+
 static int load_normal_reset(S390CPU *cpu)
 {
 S390CPUClass *scc = S390_CPU_GET_CLASS(cpu);
-- 
2.9.4

Re: [Qemu-devel] [PATCH v2 3/3] s390x: wire up diag288 in tcg

[Thomas Huth]

On 18.08.2017 13:48, Cornelia Huck wrote:
> Make the diag288 watchdog useable via tcg as well.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  target/s390x/misc_helper.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
> index 5a1eba02ab..34d730ba73 100644
> --- a/target/s390x/misc_helper.c
> +++ b/target/s390x/misc_helper.c
> @@ -103,6 +103,10 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, 
> uint32_t r3, uint32_t num)
>  handle_diag_308(env, r1, r3);
>  r = 0;
>  break;
> +case 0x288:
> +/* time bomb (watchdog) */
> +r = handle_diag_288(env, r1, r3);
> +break;
>  default:
>  r = -1;
>  break;

Reviewed-by: Thomas Huth 

[Qemu-devel] [PATCH v2 0/3] s390x: diag-related things

[Cornelia Huck]

...which are a fix in tcg for diag handling and diag288 watchdog changes.

v1->v2: just reorder patches for less churn [Thomas]

Cornelia Huck (2):
  s390x/tcg: specification exception for unknown diag
  s390x: wire up diag288 in tcg

Thomas Huth (1):
  watchdog/wdt_diag288: Mark diag288 watchdog as non-hotpluggable

 hw/watchdog/wdt_diag288.c  | 1 +
 target/s390x/misc_helper.c | 6 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

-- 
2.13.5

[Qemu-devel] [PATCH v3 for-2.11 18/18] target/s390x: cleanup cpu.h

[David Hildenbrand]

Let's reshuffle the function prototypes so we get a cleaner outline
of the files.

Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h | 137 ++---
 1 file changed, 68 insertions(+), 69 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 464db3e..4ec3380 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -390,46 +390,6 @@ static inline void cpu_get_tb_cpu_state(CPUS390XState* 
env, target_ulong *pc,
 #define PER_CODE_EVENT_STORE_REAL  0x0800
 #define PER_CODE_EVENT_NULLIFICATION   0x0100
 
-S390CPU *cpu_s390x_init(const char *cpu_model);
-S390CPU *s390x_new_cpu(const char *cpu_model, int64_t id, Error **errp);
-
-/* you can call this signal handler from your SIGBUS and SIGSEGV
-   signal handlers to inform the virtual CPU of exceptions. non zero
-   is returned if the signal was handled by the virtual CPU.  */
-int cpu_s390x_signal_handler(int host_signum, void *pinfo,
-   void *puc);
-
-
-#ifndef CONFIG_USER_ONLY
-
-void s390_enable_css_support(S390CPU *cpu);
-int s390_virtio_hypercall(CPUS390XState *env);
-
-int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low);
-int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low);
-
-S390CPU *s390_cpu_addr2state(uint16_t cpu_addr);
-unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu);
-
-/* service interrupts are floating therefore we must not pass an cpustate */
-void s390_sclp_extint(uint32_t parm);
-
-#else
-static inline unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu)
-{
-return 0;
-}
-#endif
-
-extern void subsystem_reset(void);
-
-#define cpu_init(model) CPU(cpu_s390x_init(model))
-#define cpu_signal_handler cpu_s390x_signal_handler
-
-void s390_cpu_list(FILE *f, fprintf_function cpu_fprintf);
-#define cpu_list s390_cpu_list
-const char *s390_default_cpu_model_name(void);
-
 #define EXCP_EXT 1 /* external interrupt */
 #define EXCP_SVC 2 /* supervisor call (syscall) */
 #define EXCP_PGM 3 /* program interruption */
@@ -649,39 +609,10 @@ struct sysib_322 {
 /* SIGP order code mask corresponding to bit positions 56-63 */
 #define SIGP_ORDER_MASK 0x00ff
 
-int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code);
-
-int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,
- int len, bool is_write);
-
-#define s390_cpu_virt_mem_read(cpu, laddr, ar, dest, len)\
-s390_cpu_virt_mem_rw(cpu, laddr, ar, dest, len, false)
-#define s390_cpu_virt_mem_write(cpu, laddr, ar, dest, len)   \
-s390_cpu_virt_mem_rw(cpu, laddr, ar, dest, len, true)
-#define s390_cpu_virt_mem_check_write(cpu, laddr, ar, len)   \
-s390_cpu_virt_mem_rw(cpu, laddr, ar, NULL, len, true)
-
 /* from s390-virtio-ccw */
 #define MEM_SECTION_SIZE 0x1000UL
 #define MAX_AVAIL_SLOTS  32
 
-/* automatically detect the instruction length */
-#define ILEN_AUTO   0xff
-void program_interrupt(CPUS390XState *env, uint32_t code, int ilen);
-
-
-int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit);
-void s390_cmma_reset(void);
-int s390_cpu_restart(S390CPU *cpu);
-int s390_get_memslot_count(void);
-void s390_io_interrupt(uint16_t subchannel_id, uint16_t subchannel_nr,
-   uint32_t io_int_parm, uint32_t io_int_word);
-void s390_crw_mchk(void);
-int s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch_id,
-int vq, bool assign);
-void s390_crypto_reset(void);
-bool s390_get_squash_mcss(void);
-
 /* machine check interruption code */
 
 /* subclasses */
@@ -727,4 +658,72 @@ bool s390_get_squash_mcss(void);
 #define MCIC_VB_CT 0x0002ULL
 #define MCIC_VB_CC 0x0001ULL
 
+
+/* cpu.c */
+int s390_get_clock(uint8_t *tod_high, uint64_t *tod_low);
+int s390_set_clock(uint8_t *tod_high, uint64_t *tod_low);
+void s390_crypto_reset(void);
+bool s390_get_squash_mcss(void);
+int s390_get_memslot_count(void);
+int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit);
+void s390_cmma_reset(void);
+int s390_cpu_restart(S390CPU *cpu);
+void s390_enable_css_support(S390CPU *cpu);
+int s390_assign_subch_ioeventfd(EventNotifier *notifier, uint32_t sch_id,
+int vq, bool assign);
+#ifndef CONFIG_USER_ONLY
+unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu);
+#else
+static inline unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu)
+{
+return 0;
+}
+#endif /* CONFIG_USER_ONLY */
+
+
+/* cpu_models.c */
+void s390_cpu_list(FILE *f, fprintf_function cpu_fprintf);
+#define cpu_list s390_cpu_list
+const char *s390_default_cpu_model_name(void);
+
+
+/* helper.c */
+S390CPU *cpu_s390x_init(const char *cpu_model);
+#define cpu_init(model) CPU(cpu_s390x_init(model))
+S390CPU *s390x_new_cpu(const char *cpu_model, int64_t id, Error 

[Qemu-devel] [PATCH v3 for-2.11 11/18] target/s390x: move psw_key_valid() to mem_helper.c

[David Hildenbrand]

Only used in that file.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h| 11 ---
 target/s390x/mem_helper.c | 11 +++
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index c71a4bf..8300cb2 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -366,17 +366,6 @@ void s390x_cpu_debug_excp_handler(CPUState *cs);
 #define MMU_SECONDARY_IDX   1
 #define MMU_HOME_IDX2
 
-static inline bool psw_key_valid(CPUS390XState *env, uint8_t psw_key)
-{
-uint16_t pkm = env->cregs[3] >> 16;
-
-if (env->psw.mask & PSW_MASK_PSTATE) {
-/* PSW key has range 0..15, it is valid if the bit is 1 in the PKM */
-return pkm & (0x80 >> psw_key);
-}
-return true;
-}
-
 static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch)
 {
 switch (env->psw.mask & PSW_MASK_ASC) {
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index c71dce4..b91c740 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -56,6 +56,17 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType 
access_type,
 #define HELPER_LOG(x...)
 #endif
 
+static inline bool psw_key_valid(CPUS390XState *env, uint8_t psw_key)
+{
+uint16_t pkm = env->cregs[3] >> 16;
+
+if (env->psw.mask & PSW_MASK_PSTATE) {
+/* PSW key has range 0..15, it is valid if the bit is 1 in the PKM */
+return pkm & (0x80 >> psw_key);
+}
+return true;
+}
+
 /* Reduce the length so that addr + len doesn't cross a page boundary.  */
 static inline uint32_t adj_len_to_page(uint32_t len, uint64_t addr)
 {
-- 
2.9.4

[Qemu-devel] [PATCH v2 1/3] s390x/tcg: specification exception for unknown diag

[Cornelia Huck]

While the PoP is silent on the issue, z/VM documentation states
that unknown diagnose codes trigger a specification exception.
We already do that when running with kvm, so change tcg to do so
as well.

Signed-off-by: Cornelia Huck 
---
 target/s390x/misc_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index d23ffcd890..5a1eba02ab 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -109,7 +109,7 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t 
r3, uint32_t num)
 }
 
 if (r) {
-program_interrupt(env, PGM_OPERATION, ILEN_AUTO);
+program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO);
 }
 }
 
-- 
2.13.5

[Qemu-devel] [PATCH v2 2/3] watchdog/wdt_diag288: Mark diag288 watchdog as non-hotpluggable

[Cornelia Huck]

From: Thomas Huth 

QEMU currently aborts when the user tries to hot-unplug a diag288
device:

$ qemu-system-s390x -nographic -nodefaults -S -monitor stdio
QEMU 2.9.92 monitor - type 'help' for more information
(qemu) device_add diag288,id=x
(qemu) device_del x
**
ERROR:qemu/qdev-monitor.c:872:qdev_unplug: assertion failed: (hotplug_ctrl)
Aborted (core dumped)

The device is not designed as hot-pluggable (it should only be used
via the "-watchdog" parameter), so let's simply remove the possibility
to hotplug it to prevent that users can run into this ugly situation.

Signed-off-by: Thomas Huth 
Message-Id: <1502892528-22618-1-git-send-email-th...@redhat.com>
Signed-off-by: Cornelia Huck 
---
 hw/watchdog/wdt_diag288.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/watchdog/wdt_diag288.c b/hw/watchdog/wdt_diag288.c
index a7b64e2c40..47f289216a 100644
--- a/hw/watchdog/wdt_diag288.c
+++ b/hw/watchdog/wdt_diag288.c
@@ -121,6 +121,7 @@ static void wdt_diag288_class_init(ObjectClass *klass, void 
*data)
 dc->realize = wdt_diag288_realize;
 dc->unrealize = wdt_diag288_unrealize;
 dc->reset = wdt_diag288_reset;
+dc->hotpluggable = false;
 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
 dc->vmsd = &vmstate_diag288;
 diag288->handle_timer = wdt_diag288_handle_timer;
-- 
2.13.5

[Qemu-devel] [PATCH v3 for-2.11 13/18] target/s390x: move get_per_in_range() to misc_helper.c

[David Hildenbrand]

Only used in that file.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.h | 11 ---
 target/s390x/misc_helper.c | 11 +++
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 9cdce6c..55aab52 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -438,17 +438,6 @@ static inline uint8_t get_per_atmid(CPUS390XState *env)
((env->psw.mask & PSW_ASC_ACCREG)?(1 << 2) : 0);
 }
 
-/* Check if an address is within the PER starting address and the PER
-   ending address.  The address range might loop.  */
-static inline bool get_per_in_range(CPUS390XState *env, uint64_t addr)
-{
-if (env->cregs[10] <= env->cregs[11]) {
-return env->cregs[10] <= addr && addr <= env->cregs[11];
-} else {
-return env->cregs[10] <= addr || addr <= env->cregs[11];
-}
-}
-
 S390CPU *cpu_s390x_init(const char *cpu_model);
 S390CPU *s390x_new_cpu(const char *cpu_model, int64_t id, Error **errp);
 S390CPU *cpu_s390x_create(const char *cpu_model, Error **errp);
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index d23ffcd..ab0c53d 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -451,6 +451,17 @@ void HELPER(per_check_exception)(CPUS390XState *env)
 }
 }
 
+/* Check if an address is within the PER starting address and the PER
+   ending address.  The address range might loop.  */
+static inline bool get_per_in_range(CPUS390XState *env, uint64_t addr)
+{
+if (env->cregs[10] <= env->cregs[11]) {
+return env->cregs[10] <= addr && addr <= env->cregs[11];
+} else {
+return env->cregs[10] <= addr || addr <= env->cregs[11];
+}
+}
+
 void HELPER(per_branch)(CPUS390XState *env, uint64_t from, uint64_t to)
 {
 if ((env->cregs[9] & PER_CR9_EVENT_BRANCH)) {
-- 
2.9.4

[Qemu-devel] [PATCH v2 3/3] s390x: wire up diag288 in tcg

[Cornelia Huck]

Make the diag288 watchdog useable via tcg as well.

Signed-off-by: Cornelia Huck 
---
 target/s390x/misc_helper.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 5a1eba02ab..34d730ba73 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -103,6 +103,10 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, 
uint32_t r3, uint32_t num)
 handle_diag_308(env, r1, r3);
 r = 0;
 break;
+case 0x288:
+/* time bomb (watchdog) */
+r = handle_diag_288(env, r1, r3);
+break;
 default:
 r = -1;
 break;
-- 
2.13.5

Re: [Qemu-devel] [PATCH v3 for-2.11 00/18] target/s390x: cleanup cpu.h

[David Hildenbrand]

s/PATCH v3/PATCH v2/g

:]

-- 

Thanks,

David

Re: [Qemu-devel] [PATCH v2 1/3] s390x/tcg: specification exception for unknown diag

[Thomas Huth]

On 18.08.2017 13:48, Cornelia Huck wrote:
> While the PoP is silent on the issue, z/VM documentation states
> that unknown diagnose codes trigger a specification exception.
> We already do that when running with kvm, so change tcg to do so
> as well.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  target/s390x/misc_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
> index d23ffcd890..5a1eba02ab 100644
> --- a/target/s390x/misc_helper.c
> +++ b/target/s390x/misc_helper.c
> @@ -109,7 +109,7 @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, 
> uint32_t r3, uint32_t num)
>  }
>  
>  if (r) {
> -program_interrupt(env, PGM_OPERATION, ILEN_AUTO);
> +program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO);
>  }
>  }

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 5/6] block: Fix write/resize permissions for inactive images

[Fam Zheng]

On Fri, 08/18 18:06, Xie Changlong wrote:
> The root casue is when we run replication in secondary, vmstate changes to
> RUN_STATE_INMIGRATE, then blockdev_init() sets bdrv_flags |=
> BDRV_O_INACTIVE. So the whole chain become readonly. I've tried on my side,
> but it seems not easy to fix it. I wonder if there is any way to bypass
> this? Any suggestion would be appreciated.

The non-shared storage migration uses "nbd_server_add -w" at destinition side
where BDRV_O_INACTIVE is set for images like your case, the way it handles it is
by calling bdrv_invalidate_cache(). See nbd_export_new().

See also commit 3dff24f2dffc5f3aa46dc014122012848bd7959d.

I'm not sure if this is enough for block replication?

Fam