Re: [Qemu-devel] [PATCH qemu v2] hw/char/sh_serial: Add timeout handling to unbreak serial input
On 28/09/2018 14:36, Geert Uytterhoeven wrote:
> Hi Paolo,
>
> On Tue, Sep 11, 2018 at 3:11 PM Paolo Bonzini wrote:
>> On 05/09/2018 15:11, Geert Uytterhoeven wrote:
>>> As of commit 18e8cf159177100e ("serial: sh-sci: increase RX FIFO trigger
>>> defaults for (H)SCIF") in Linux v4.11-rc1, the serial console on the
>>> QEMU SH4 target is broken: it delays serial input until enough data has
>>> been received.
>>>
>>> Since aforementioned commit, the Linux SCIF driver programs the Receive
>>> FIFO Data Count Trigger bits in the FIFO Control Register, to postpone
>>> generating a receive interrupt until:
>>> 1. At least the receive trigger count of bytes of data are available
>>> in the receive FIFO, OR
>>> 2. No further data has been received for at least 15 etu after the
>>> last received data.
>>>
>>> While QEMU implements the former, it does not implement the latter.
>>> Hence the receive interrupt is not generated until the former condition
>>> is met.
>>>
>>> Fix this by adding basic timeout handling. As the QEMU SCIF emulation
>>> ignores any serial speed programming, the timeout value used conforms to
>>> a default speed of 9600 bps, which is fine for any interactive console.
>>>
>>> Reported-by: Rob Landley
>>> Signed-off-by: Geert Uytterhoeven
>>> Tested-by: Ulrich Hecht
>>> Tested-by: Rob Landley
>>> Tested-by: Rich Felker
>
>> Queued, thanks.
>
> Does that mean it should show up in qemu.git anytime soon?
Yes, I'm testing the pull request now. (I went to Kernel Recipes and
forgot at home my ssh private key, otherwise I'd have sent it last week!)
Paolo
Re: [Qemu-devel] Problem translating very high virtual addresses to physical on x86
On 28/09/2018 14:28, Aldo Mazzeo wrote: > I was trying to translate a very high virtual address (like > 0x0011) to physical on x86-64 with *paging disabled*. The > problem is that the obtained physical page is 0 because PG_ADDRESS_MASK > is applied to the pte in the virtual to physical to translation > (see target/i386/helper.c:842 in the 2.12.1 branch), cutting out the > high bits in the virtual address. Hi, x86_64 is never active with paging disabled, so physical addresses with paging disabled are always 32-bits. In addition, physical addresses on x86 are constrained to 52-bits, so that address is invalid. Paolo > I tried to track back when this mask was introduced in the equation, > and I found the commit e7e898a76aa00e2238b119ed2910442b1c3cacdd which > replaces PHYS_ADDR_MASK with PG_ADDRESS_MASK and moves the line in a > section of code that is executed even if paging is disabled. In my > opinion, PG_ADDRESS_MASK should not be applied when paging is disabled, > but I would like to have some expert's opinion on this. >
Re: [Qemu-devel] [PATCH RFC v4 7/7] qemu_thread_create: propagate theerror to callers to handle
On 09/29/2018 11:04 AM, Fam Zheng wrote:
> On Wed, Sep 26, 2018 at 7:13 PM Fei Li wrote:
>>
>>
>> On 09/26/2018 06:36 PM, Fam Zheng wrote:
>>> On Wed, 09/26 18:02, Fei Li wrote:
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 289af4fab5..8b044e2798 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -15,6 +15,7 @@
#include "qemu/atomic.h"
#include "qemu/notify.h"
#include "qemu-thread-common.h"
+#include "qapi/error.h"
static bool name_threads;
@@ -504,9 +505,9 @@ static void *qemu_thread_start(void *args)
return start_routine(arg);
}
-void qemu_thread_create(QemuThread *thread, const char *name,
- void *(*start_routine)(void*),
- void *arg, int mode)
+bool qemu_thread_create(QemuThread *thread, const char *name,
+void *(*start_routine)(void *),
+void *arg, int mode, Error **errp)
{
sigset_t set, oldset;
int err;
@@ -515,7 +516,9 @@ void qemu_thread_create(QemuThread *thread, const char
*name,
err = pthread_attr_init(&attr);
if (err) {
-error_exit(err, __func__);
+error_setg(errp, "pthread_attr_init failed: %s", strerror(err));
>>> This can use error_setg_errno.
ok.
>>>
+errno = err;
>>> Is errno used anywhere in this series? The windows implementation doesn't
>>> set
>>> it.
>> Yes, this is used for the return value in qemu_signal_init() for patch
>> 1/7, I use
>> "return -1" for the further judgement in qemu_init_main_loop() in
>> previous versions
>> but in this version I keep "return -errno" and add the "errno = err"
>> here, just as I
>> explained in [v3 1/7]. ;)
> This makes an inconsistent function contract: on error, does errno get
> set? For Linux implementation it is yes, but for Windows it is no.
> Which I think is wrong. Am I missing anything?
>
> Fam
You are right. Sorry that I only explained why adding the errno = err
for linux,
somehow overlooked the latter part "The windows implementaion ...".
Now three options are in my mind:
- add the "errno = GetLastError()" for windows too
- change "return -errno;" to "return -1;" in qemu_signal_init() in this
patch but not in 1/7 patch
- change "return -errno;" to "return -1" in qemu_signal_init() in 1/7 patch
Which one do you think is better?
Have a nice day, thanks for the advice :)
Fei
>
+return false;
}
if (mode == QEMU_THREAD_DETACHED) {
@@ -530,16 +533,21 @@ void qemu_thread_create(QemuThread *thread, const
char *name,
qemu_thread_args->name = g_strdup(name);
qemu_thread_args->start_routine = start_routine;
qemu_thread_args->arg = arg;
-
err = pthread_create(&thread->thread, &attr,
qemu_thread_start, qemu_thread_args);
-
-if (err)
-error_exit(err, __func__);
+if (err) {
+error_setg(errp, "pthread_create failed: %s", strerror(err));
+errno = err;
>>> Same questions here.
>>>
+pthread_attr_destroy(&attr);
+g_free(qemu_thread_args->name);
+g_free(qemu_thread_args);
+return false;
+}
pthread_sigmask(SIG_SETMASK, &oldset, NULL);
pthread_attr_destroy(&attr);
+return true;
}
void qemu_thread_get_self(QemuThread *thread)
diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c
index 1a27e1cf6f..96e5d19ca3 100644
--- a/util/qemu-thread-win32.c
+++ b/util/qemu-thread-win32.c
@@ -20,6 +20,7 @@
#include "qemu/thread.h"
#include "qemu/notify.h"
#include "qemu-thread-common.h"
+#include "qapi/error.h"
#include
static bool name_threads;
@@ -388,9 +389,9 @@ void *qemu_thread_join(QemuThread *thread)
return ret;
}
-void qemu_thread_create(QemuThread *thread, const char *name,
- void *(*start_routine)(void *),
- void *arg, int mode)
+bool qemu_thread_create(QemuThread *thread, const char *name,
+void *(*start_routine)(void *),
+void *arg, int mode, Error **errp)
{
HANDLE hThread;
struct QemuThreadData *data;
@@ -409,10 +410,17 @@ void qemu_thread_create(QemuThread *thread, const
char *name,
hThread = (HANDLE) _beginthreadex(NULL, 0, win32_start_routine,
data, 0, &thread->tid);
if (!hThread) {
-error_exit(GetLastError(), __func__);
+if (data->mode != QEMU_THREAD_DETACHED) {
+Dele
[Qemu-devel] [PULL 05/79] atomic: fix comment s/x64_64/x86_64/
From: "Emilio G. Cota" Signed-off-by: Emilio G. Cota Message-Id: <20180903171831.15446-4-c...@braap.org> Reviewed-by: Alex Bennée Signed-off-by: Paolo Bonzini --- include/qemu/atomic.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h index 9ed39ef..de3e36f 100644 --- a/include/qemu/atomic.h +++ b/include/qemu/atomic.h @@ -98,7 +98,7 @@ * We'd prefer not want to pull in everything else TCG related, so handle * those few cases by hand. * - * Note that x32 is fully detected with __x64_64__ + _ILP32, and that for + * Note that x32 is fully detected with __x86_64__ + _ILP32, and that for * Sparc we always force the use of sparcv9 in configure. */ #if defined(__x86_64__) || defined(__sparc__) -- 1.8.3.1
[Qemu-devel] [PULL 03/79] es1370: fix ADC_FRAMEADR and ADC_FRAMECNT
They are not consecutive with DAC1_FRAME* and DAC2_FRAME*.
Fixes: 154c1d1f960c5147a3f8ef00907504112f271cd8
Signed-off-by: Paolo Bonzini
---
hw/audio/es1370.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
index dd75c9e..4f980a5 100644
--- a/hw/audio/es1370.c
+++ b/hw/audio/es1370.c
@@ -506,10 +506,13 @@ static void es1370_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
d - &s->chan[0], val >> 16, (val & 0x));
break;
+case ES1370_REG_ADC_FRAMEADR:
+d += 2;
+goto frameadr;
case ES1370_REG_DAC1_FRAMEADR:
case ES1370_REG_DAC2_FRAMEADR:
-case ES1370_REG_ADC_FRAMEADR:
d += (addr - ES1370_REG_DAC1_FRAMEADR) >> 3;
+frameadr:
d->frame_addr = val;
ldebug ("chan %td frame address %#x\n", d - &s->chan[0], val);
break;
@@ -521,10 +524,13 @@ static void es1370_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
lwarn ("writing to phantom frame address %#x\n", val);
break;
+case ES1370_REG_ADC_FRAMECNT:
+d += 2;
+goto framecnt;
case ES1370_REG_DAC1_FRAMECNT:
case ES1370_REG_DAC2_FRAMECNT:
-case ES1370_REG_ADC_FRAMECNT:
d += (addr - ES1370_REG_DAC1_FRAMECNT) >> 3;
+framecnt:
d->frame_cnt = val;
d->leftover = 0;
ldebug ("chan %td frame count %d, buffer size %d\n",
--
1.8.3.1
[Qemu-devel] [PULL 06/79] cpus: initialize timers_state.vm_clock_lock
From: "Emilio G. Cota"
We forgot to initialize the spinlock introduced in 94377115b2
("cpus: protect TimerState writes with a spinlock", 2018-08-23).
Fix it.
Signed-off-by: Emilio G. Cota
Message-Id: <20180903171831.15446-5-c...@braap.org>
Reviewed-by: Alex Bennée
Signed-off-by: Paolo Bonzini
---
cpus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/cpus.c b/cpus.c
index 7197883..4abc3b3 100644
--- a/cpus.c
+++ b/cpus.c
@@ -823,6 +823,7 @@ int cpu_throttle_get_percentage(void)
void cpu_ticks_init(void)
{
seqlock_init(&timers_state.vm_clock_seqlock);
+qemu_spin_init(&timers_state.vm_clock_lock);
vmstate_register(NULL, 0, &vmstate_timers, &timers_state);
throttle_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL_RT,
cpu_throttle_timer_tick, NULL);
--
1.8.3.1
[Qemu-devel] [PULL 02/79] qsp: hide indirect function calls from Coverity
Coverity does not see anymore that qemu_mutex_lock is taking a lock.
Hide all the QSP magic so that static analysis works again.
Signed-off-by: Paolo Bonzini
---
include/qemu/thread.h | 17 +
1 file changed, 17 insertions(+)
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index dacebcf..b2661b6 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -48,6 +48,22 @@ extern QemuCondWaitFunc qemu_cond_wait_func;
#define qemu_mutex_trylock__raw(m) \
qemu_mutex_trylock_impl(m, __FILE__, __LINE__)
+#ifdef __COVERITY__
+/*
+ * Coverity is severely confused by the indirect function calls,
+ * hide them.
+ */
+#define qemu_mutex_lock(m) \
+qemu_mutex_lock_impl(m, __FILE__, __LINE__);
+#define qemu_mutex_trylock(m) \
+qemu_mutex_trylock_impl(m, __FILE__, __LINE__);
+#define qemu_rec_mutex_lock(m) \
+qemu_rec_mutex_lock_impl(m, __FILE__, __LINE__);
+#define qemu_rec_mutex_trylock(m) \
+qemu_rec_mutex_trylock_impl(m, __FILE__, __LINE__);
+#define qemu_cond_wait(c, m)\
+qemu_cond_wait_impl(c, m, __FILE__, __LINE__);
+#else
#define qemu_mutex_lock(m) ({ \
QemuMutexLockFunc _f = atomic_read(&qemu_mutex_lock_func); \
_f(m, __FILE__, __LINE__); \
@@ -73,6 +89,7 @@ extern QemuCondWaitFunc qemu_cond_wait_func;
QemuCondWaitFunc _f = atomic_read(&qemu_cond_wait_func);\
_f(c, m, __FILE__, __LINE__); \
})
+#endif
#define qemu_mutex_unlock(mutex) \
qemu_mutex_unlock_impl(mutex, __FILE__, __LINE__)
--
1.8.3.1
[Qemu-devel] [PULL 07/79] cacheinfo: add i/d cache_linesize_log
From: "Emilio G. Cota" Signed-off-by: Emilio G. Cota Message-Id: <20180910232752.31565-2-c...@braap.org> Signed-off-by: Paolo Bonzini --- include/qemu/osdep.h | 2 ++ util/cacheinfo.c | 8 2 files changed, 10 insertions(+) diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index a91068d..a746a5e 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -570,6 +570,8 @@ extern uintptr_t qemu_real_host_page_size; extern intptr_t qemu_real_host_page_mask; extern int qemu_icache_linesize; +extern int qemu_icache_linesize_log; extern int qemu_dcache_linesize; +extern int qemu_dcache_linesize_log; #endif diff --git a/util/cacheinfo.c b/util/cacheinfo.c index db5172d..6c8fe79 100644 --- a/util/cacheinfo.c +++ b/util/cacheinfo.c @@ -7,9 +7,12 @@ */ #include "qemu/osdep.h" +#include "qemu/host-utils.h" int qemu_icache_linesize = 0; +int qemu_icache_linesize_log; int qemu_dcache_linesize = 0; +int qemu_dcache_linesize_log; /* * Operating system specific detection mechanisms. @@ -172,6 +175,11 @@ static void __attribute__((constructor)) init_cache_info(void) arch_cache_info(&isize, &dsize); fallback_cache_info(&isize, &dsize); +assert((isize & (isize - 1)) == 0); +assert((dsize & (dsize - 1)) == 0); + qemu_icache_linesize = isize; +qemu_icache_linesize_log = ctz32(isize); qemu_dcache_linesize = dsize; +qemu_dcache_linesize_log = ctz32(dsize); } -- 1.8.3.1
[Qemu-devel] [PULL 01/79] virtio: Return true from virtio_queue_empty if broken
From: Fam Zheng
Both virtio-blk and virtio-scsi use virtio_queue_empty() as the
loop condition in VQ handlers (virtio_blk_handle_vq,
virtio_scsi_handle_cmd_vq). When a device is marked broken in
virtqueue_pop, for example if a vIOMMU address translation failed, we
want to break out of the loop.
This fixes a hanging problem when booting a CentOS 3.10.0-862.el7.x86_64
kernel with ATS enabled:
$ qemu-system-x86_64 \
... \
-device intel-iommu,intremap=on,caching-mode=on,eim=on,device-iotlb=on \
-device virtio-scsi-pci,iommu_platform=on,ats=on,id=scsi0,bus=pci.4,addr=0x0
The dead loop happens immediately when the kernel boots and initializes
the device, where virtio_scsi_data_plane_handle_cmd will not return:
> ...
> #13 0x5586602b7793 in virtio_scsi_handle_cmd_vq
> #14 0x5586602b8d66 in virtio_scsi_data_plane_handle_cmd
> #15 0x5586602ddab7 in virtio_queue_notify_aio_vq
> #16 0x5586602dfc9f in virtio_queue_host_notifier_aio_poll
> #17 0x5586607885da in run_poll_handlers_once
> #18 0x55866078880e in try_poll_mode
> #19 0x5586607888eb in aio_poll
> #20 0x558660784561 in aio_wait_bh_oneshot
> #21 0x5586602b9582 in virtio_scsi_dataplane_stop
> #22 0x5586605a7110 in virtio_bus_stop_ioeventfd
> #23 0x5586605a9426 in virtio_pci_stop_ioeventfd
> #24 0x5586605ab808 in virtio_pci_common_write
> #25 0x558660242396 in memory_region_write_accessor
> #26 0x5586602425ab in access_with_adjusted_size
> #27 0x558660245281 in memory_region_dispatch_write
> #28 0x5586601e008e in flatview_write_continue
> #29 0x5586601e01d8 in flatview_write
> #30 0x5586601e04de in address_space_write
> #31 0x5586601e052f in address_space_rw
> #32 0x5586602607f2 in kvm_cpu_exec
> #33 0x558660227148 in qemu_kvm_cpu_thread_fn
> #34 0x55866078bde7 in qemu_thread_start
> #35 0x7f5784906594 in start_thread
> #36 0x7f5784639e6f in clone
With this patch, virtio_queue_empty will now return 1 as soon as the
vdev is marked as broken, after a "virtio: zero sized buffers are not
allowed" error.
To be consistent, update virtio_queue_empty_rcu as well.
Signed-off-by: Fam Zheng
Message-Id: <20180910145616.8598-2-f...@redhat.com>
Signed-off-by: Paolo Bonzini
---
hw/virtio/virtio.c | 8
1 file changed, 8 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index f6a588a..94f5c8e 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -358,6 +358,10 @@ int virtio_queue_ready(VirtQueue *vq)
* Called within rcu_read_lock(). */
static int virtio_queue_empty_rcu(VirtQueue *vq)
{
+if (unlikely(vq->vdev->broken)) {
+return 1;
+}
+
if (unlikely(!vq->vring.avail)) {
return 1;
}
@@ -373,6 +377,10 @@ int virtio_queue_empty(VirtQueue *vq)
{
bool empty;
+if (unlikely(vq->vdev->broken)) {
+return 1;
+}
+
if (unlikely(!vq->vring.avail)) {
return 1;
}
--
1.8.3.1
[Qemu-devel] [PULL 15/79] dump: fix Windows dump memory run mapping
From: Viktor Prutyanov
We should map and use guest memory run by parts if it can't be mapped as
a whole.
After this patch, continuos guest physical memory blocks which are not
continuos in host virtual address space will be processed correctly.
Signed-off-by: Viktor Prutyanov
Message-Id: <1535567456-6904-1-git-send-email-viktor.prutya...@virtuozzo.com>
Signed-off-by: Paolo Bonzini
---
win_dump.c | 40 ++--
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/win_dump.c b/win_dump.c
index b15c191..e10a783 100644
--- a/win_dump.c
+++ b/win_dump.c
@@ -30,28 +30,32 @@ static size_t write_run(WinDumpPhyMemRun64 *run, int fd,
Error **errp)
void *buf;
uint64_t addr = run->BasePage << TARGET_PAGE_BITS;
uint64_t size = run->PageCount << TARGET_PAGE_BITS;
-uint64_t len = size;
+uint64_t len, l;
+size_t total = 0;
-buf = cpu_physical_memory_map(addr, &len, false);
-if (!buf) {
-error_setg(errp, "win-dump: failed to map run");
-return 0;
-}
-if (len != size) {
-error_setg(errp, "win-dump: failed to map entire run");
-len = 0;
-goto out_unmap;
-}
+while (size) {
+len = size;
-len = qemu_write_full(fd, buf, len);
-if (len != size) {
-error_setg(errp, QERR_IO_ERROR);
-}
+buf = cpu_physical_memory_map(addr, &len, false);
+if (!buf) {
+error_setg(errp, "win-dump: failed to map physical range"
+ " 0x%016" PRIx64 "-0x%016" PRIx64, addr, addr +
size - 1);
+return 0;
+}
+
+l = qemu_write_full(fd, buf, len);
+cpu_physical_memory_unmap(buf, addr, false, len);
+if (l != len) {
+error_setg(errp, QERR_IO_ERROR);
+return 0;
+}
-out_unmap:
-cpu_physical_memory_unmap(buf, addr, false, len);
+addr += l;
+size -= l;
+total += l;
+}
-return len;
+return total;
}
static void write_runs(DumpState *s, WinDumpHeader64 *h, Error **errp)
--
1.8.3.1
[Qemu-devel] [PULL 04/79] ps2: prevent changing irq state on save and load
From: Pavel Dovgalyuk
Commit 2858ab09e6f708e381fc1a1cc87e747a690c4884 changed
PS/2 keyboard/mouse buffers to the standard size. However, its state
may change when migrating from the old buffer size and therefore irq needs
updating. But this change made wrong, because it throws the whole queue
if there are too much data instead of cropping it.
That commit also updates irq (because the queue state may change).
But updating the irq may change the VM state (and determinism of
the execution). E.g., when replaying the execution, one may save
the VM state and the state of the interrupt controller will be updated
at the moment of saving, instead of using the recorded update events.
This patch makes the queue update deterministic: it removes the update_irq
call and crops the queue to prevent losing the characters and changing
the required irq status.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180511081601.14610.39946.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
hw/input/ps2.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index fdfcadf..6c43fc2 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -914,7 +914,12 @@ static void ps2_common_post_load(PS2State *s)
uint8_t tmp_data[PS2_QUEUE_SIZE];
/* set the useful data buffer queue size, < PS2_QUEUE_SIZE */
-size = (q->count < 0 || q->count > PS2_QUEUE_SIZE) ? 0 : q->count;
+size = q->count;
+if (q->count < 0) {
+size = 0;
+} else if (q->count > PS2_QUEUE_SIZE) {
+size = PS2_QUEUE_SIZE;
+}
/* move the queue elements to the start of data array */
for (i = 0; i < size; i++) {
@@ -929,7 +934,6 @@ static void ps2_common_post_load(PS2State *s)
q->rptr = 0;
q->wptr = (size == PS2_QUEUE_SIZE) ? 0 : size;
q->count = size;
-s->update_irq(s->update_arg, q->count != 0);
}
static void ps2_kbd_reset(void *opaque)
--
1.8.3.1
[Qemu-devel] [PULL 08/79] util: add atomic64
From: "Emilio G. Cota"
This introduces read/set accessors for int64_t and uint64_t.
Signed-off-by: Emilio G. Cota
Message-Id: <20180910232752.31565-3-c...@braap.org>
Signed-off-by: Paolo Bonzini
---
include/qemu/atomic.h | 34 +
util/Makefile.objs| 1 +
util/atomic64.c | 83 +++
util/cacheinfo.c | 3 ++
4 files changed, 121 insertions(+)
create mode 100644 util/atomic64.c
diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h
index de3e36f..f6993a8 100644
--- a/include/qemu/atomic.h
+++ b/include/qemu/atomic.h
@@ -450,4 +450,38 @@
_oldn; \
})
+/* Abstractions to access atomically (i.e. "once") i64/u64 variables */
+#ifdef CONFIG_ATOMIC64
+static inline int64_t atomic_read_i64(const int64_t *ptr)
+{
+/* use __nocheck because sizeof(void *) might be < sizeof(u64) */
+return atomic_read__nocheck(ptr);
+}
+
+static inline uint64_t atomic_read_u64(const uint64_t *ptr)
+{
+return atomic_read__nocheck(ptr);
+}
+
+static inline void atomic_set_i64(int64_t *ptr, int64_t val)
+{
+atomic_set__nocheck(ptr, val);
+}
+
+static inline void atomic_set_u64(uint64_t *ptr, uint64_t val)
+{
+atomic_set__nocheck(ptr, val);
+}
+
+static inline void atomic64_init(void)
+{
+}
+#else /* !CONFIG_ATOMIC64 */
+int64_t atomic_read_i64(const int64_t *ptr);
+uint64_t atomic_read_u64(const uint64_t *ptr);
+void atomic_set_i64(int64_t *ptr, int64_t val);
+void atomic_set_u64(uint64_t *ptr, uint64_t val);
+void atomic64_init(void);
+#endif /* !CONFIG_ATOMIC64 */
+
#endif /* QEMU_ATOMIC_H */
diff --git a/util/Makefile.objs b/util/Makefile.objs
index 0e88899..0820923 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -3,6 +3,7 @@ util-obj-y += bufferiszero.o
util-obj-y += lockcnt.o
util-obj-y += aiocb.o async.o aio-wait.o thread-pool.o qemu-timer.o
util-obj-y += main-loop.o iohandler.o
+util-obj-$(call lnot,$(CONFIG_ATOMIC64)) += atomic64.o
util-obj-$(CONFIG_POSIX) += aio-posix.o
util-obj-$(CONFIG_POSIX) += compatfd.o
util-obj-$(CONFIG_POSIX) += event_notifier-posix.o
diff --git a/util/atomic64.c b/util/atomic64.c
new file mode 100644
index 000..b198a6c
--- /dev/null
+++ b/util/atomic64.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2018, Emilio G. Cota
+ *
+ * License: GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/atomic.h"
+#include "qemu/thread.h"
+
+#ifdef CONFIG_ATOMIC64
+#error This file must only be compiled if !CONFIG_ATOMIC64
+#endif
+
+/*
+ * When !CONFIG_ATOMIC64, we serialize both reads and writes with spinlocks.
+ * We use an array of spinlocks, with padding computed at run-time based on
+ * the host's dcache line size.
+ * We point to the array with a void * to simplify the padding's computation.
+ * Each spinlock is located every lock_size bytes.
+ */
+static void *lock_array;
+static size_t lock_size;
+
+/*
+ * Systems without CONFIG_ATOMIC64 are unlikely to have many cores, so we use a
+ * small array of locks.
+ */
+#define NR_LOCKS 16
+
+static QemuSpin *addr_to_lock(const void *addr)
+{
+uintptr_t a = (uintptr_t)addr;
+uintptr_t idx;
+
+idx = a >> qemu_dcache_linesize_log;
+idx ^= (idx >> 8) ^ (idx >> 16);
+idx &= NR_LOCKS - 1;
+return lock_array + idx * lock_size;
+}
+
+#define GEN_READ(name, type)\
+type name(const type *ptr) \
+{ \
+QemuSpin *lock = addr_to_lock(ptr); \
+type ret; \
+\
+qemu_spin_lock(lock); \
+ret = *ptr; \
+qemu_spin_unlock(lock); \
+return ret; \
+}
+
+GEN_READ(atomic_read_i64, int64_t)
+GEN_READ(atomic_read_u64, uint64_t)
+#undef GEN_READ
+
+#define GEN_SET(name, type) \
+void name(type *ptr, type val) \
+{ \
+QemuSpin *lock = addr_to_lock(ptr); \
+\
+qemu_spin_lock(lock); \
+*ptr = val; \
+qemu_spin_unlock(lock); \
+}
+
+GEN_SET(atomic_set_i64, int64_t)
+GEN_SET(atomic_set_u64, uint64_t)
+#undef GEN_SET
+
+void atomic64_init(void)
+{
+int i;
+
+lock_size = ROUND_UP(sizeof(QemuSpin), qemu_dcache_linesize);
+lock_array = qemu_memalign(qemu_dcache_linesize, lock_size * NR_LOCKS);
+for (i = 0; i < NR_LOCKS; i++) {
+QemuSpin *lock = lock_array + i * lock_size;
+
+qemu_spin_init(lock);
+}
+}
diff --git a/util/cacheinfo.c b/util/cacheinfo.c
index 6c8fe79..3cd080b 100644
--- a/util/cacheinfo.c
+++ b/util/cacheinfo.c
@@ -8,6 +8,7 @@
[Qemu-devel] [PULL 11/79] test-rcu-list: access n_reclaims and n_nodes_removed with atomic64
From: "Emilio G. Cota"
To avoid undefined behaviour.
Note that these "atomics" are atomic in the "access once" sense.
The variables are updated by a single thread at a time, so no
"full" atomics are necessary.
Signed-off-by: Emilio G. Cota
Message-Id: <20180910232752.31565-6-c...@braap.org>
Signed-off-by: Paolo Bonzini
---
tests/test-rcu-list.c | 20 +++-
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/tests/test-rcu-list.c b/tests/test-rcu-list.c
index 192bfbf..2e6f70b 100644
--- a/tests/test-rcu-list.c
+++ b/tests/test-rcu-list.c
@@ -33,8 +33,8 @@
static QemuMutex counts_mutex;
static long long n_reads = 0LL;
static long long n_updates = 0LL;
-static long long n_reclaims = 0LL;
-static long long n_nodes_removed = 0LL;
+static int64_t n_reclaims;
+static int64_t n_nodes_removed;
static long long n_nodes = 0LL;
static int g_test_in_charge = 0;
@@ -104,7 +104,7 @@ static void reclaim_list_el(struct rcu_head *prcu)
struct list_element *el = container_of(prcu, struct list_element, rcu);
g_free(el);
/* Accessed only from call_rcu thread. */
-n_reclaims++;
+atomic_set_i64(&n_reclaims, n_reclaims + 1);
}
#if TEST_LIST_TYPE == 1
@@ -232,7 +232,7 @@ static void *rcu_q_updater(void *arg)
qemu_mutex_lock(&counts_mutex);
n_nodes += n_nodes_local;
n_updates += n_updates_local;
-n_nodes_removed += n_removed_local;
+atomic_set_i64(&n_nodes_removed, n_nodes_removed + n_removed_local);
qemu_mutex_unlock(&counts_mutex);
return NULL;
}
@@ -286,19 +286,21 @@ static void rcu_qtest(const char *test, int duration, int
nreaders)
n_removed_local++;
}
qemu_mutex_lock(&counts_mutex);
-n_nodes_removed += n_removed_local;
+atomic_set_i64(&n_nodes_removed, n_nodes_removed + n_removed_local);
qemu_mutex_unlock(&counts_mutex);
synchronize_rcu();
-while (n_nodes_removed > n_reclaims) {
+while (atomic_read_i64(&n_nodes_removed) > atomic_read_i64(&n_reclaims)) {
g_usleep(100);
synchronize_rcu();
}
if (g_test_in_charge) {
-g_assert_cmpint(n_nodes_removed, ==, n_reclaims);
+g_assert_cmpint(atomic_read_i64(&n_nodes_removed), ==,
+atomic_read_i64(&n_reclaims));
} else {
printf("%s: %d readers; 1 updater; nodes read: " \
- "%lld, nodes removed: %lld; nodes reclaimed: %lld\n",
- test, nthreadsrunning - 1, n_reads, n_nodes_removed,
n_reclaims);
+ "%lld, nodes removed: %"PRIi64"; nodes reclaimed: %"PRIi64"\n",
+ test, nthreadsrunning - 1, n_reads,
+ atomic_read_i64(&n_nodes_removed),
atomic_read_i64(&n_reclaims));
exit(0);
}
}
--
1.8.3.1
[Qemu-devel] [PULL 00/79] Misc QEMU patches for 2018-09-30
The following changes since commit 042938f46e1c477419d1931381fdadffaa49d45e: Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180926a' into staging (2018-09-28 17:07:23 +0100) are available in the git repository at: git://github.com/bonzini/qemu.git tags/for-upstream for you to fetch changes up to 54b570779677ff8620a79ed81ddf0906b1d23f4e: hw/scsi/mptendian: Avoid taking address of fields in packed structs (2018-09-30 10:08:28 +0200) * configure fix for environment variables (Daniel) * fix memory leaks (Alex) * x86_64 MTTCG (Emilio) * introduce atomic64 (Emilio) * Fix for virtio hang (Fam, myself) * SH serial port fix (Geert) * Deprecate rotation_rate for scsi-block (Fam) * Extend memory-backend-file availability to all POSIX hosts (Hikaru) * Memory API cleanups and fixes (Igor, Li Qiang, Peter, Philippe) * MSI/IOMMU fix (Jan) * Socket reconnection fixes (Marc-André) * icount fixes (Emilio, myself) * QSP fixes for Coverity (myself) * Some record/replay improovements (Pavel) * Packed struct fixes (Peter) * Windows dump fixes and elf2dmp (Viktor) * kbmclock fix (Yongji) Alex Bennée (1): cpus: fix TCG kick timer leak Daniel P. Berrangé (1): configure: preserve various environment variables in config.status Emilio G. Cota (22): atomic: fix comment s/x64_64/x86_64/ cpus: initialize timers_state.vm_clock_lock cacheinfo: add i/d cache_linesize_log util: add atomic64 tests: add atomic64-bench qsp: use atomic64 accessors test-rcu-list: access n_reclaims and n_nodes_removed with atomic64 cpus: access .qemu_icount with atomic64 cpus: access .qemu_icount_bias with atomic64 target/i386: move cpu_cc_srcT to DisasContext target/i386: move cpu_A0 to DisasContext target/i386: move cpu_T0 to DisasContext target/i386: move cpu_T1 to DisasContext target/i386: move cpu_tmp0 to DisasContext target/i386: move cpu_tmp4 to DisasContext target/i386: move cpu_ptr0 to DisasContext target/i386: move cpu_ptr1 to DisasContext target/i386: move cpu_tmp2_i32 to DisasContext target/i386: move cpu_tmp3_i32 to DisasContext target/i386: move cpu_tmp1_i64 to DisasContext target/i386: move x86_64_hregs to DisasContext configure: enable mttcg for i386 and x86_64 Fam Zheng (2): virtio: Return true from virtio_queue_empty if broken scsi-block: Deprecate rotation_rate Geert Uytterhoeven (1): hw/char/sh_serial: Add timeout handling to unbreak serial input Hikaru Nishida (1): hostmem-file: make available memory-backend-file on POSIX-based hosts Igor Mammedov (1): memory: cleanup side effects of memory_region_init_foo() on failure Jan Kiszka (1): kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case Li Qiang (5): fw_cfg_mem: add read memory region callback hw: debugexit: add read callback hw: pc-testdev: add read memory region callback hw: hyperv_testdev: add read callback hw: edu: replace device name with macro Li Zhijian (1): change get_image_size return type to int64_t Liran Alon (1): i386: Compile CPUX86State xsave_buf only when support KVM or HVF Marc-André Lureau (9): hostmem-memfd: add checks before adding hostmem-memfd & properties util: add qemu_write_pidfile() util: use fcntl() for qemu_write_pidfile() locking Delete PID file on exit Revert "chardev: tcp: postpone TLS work until machine done" Revert "chardev: tcp: postpone async connection setup" char-socket: update all ioc handlers when changing context test-char: add socket reconnect test qom/object: add some interface asserts Mark Cave-Ayland (1): lsi53c895a: convert to trace-events Paolo Bonzini (9): qsp: hide indirect function calls from Coverity es1370: fix ADC_FRAMEADR and ADC_FRAMECNT cpus: take seqlock across qemu_icount updates serial: fix DLL writes char-pty: remove unnecessary #ifdef target/i386: unify masking of interrupts target/i386: rename HF_SVMI_MASK to HF_GUEST_MASK hvf: drop unused variable virtio: do not take address of packed members Pavel Dovgalyuk (10): ps2: prevent changing irq state on save and load replay: wake up vCPU when replaying replay: flush events when exiting translator: fix breakpoint processing replay: allow loading any snapshots before recording timer: introduce new virtual clock slirp: fix ipv6 timers ui: fix virtual timers target/i386: fix translation for icount mode replay: replay BH for IDE trim operation Peter Maydell (4): memory: Remove old_mmio accessors hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps struct docs/devel/memory.txt: Document _with_attrs
[Qemu-devel] [PULL 16/79] hostmem-memfd: add checks before adding hostmem-memfd & properties
From: Marc-André Lureau
Run some memfd-related checks before registering hostmem-memfd &
various properties. This will help libvirt to figure out what the host
is supposed to be capable of.
qemu_memfd_check() is changed to a less optimized version, since it is
used with various flags, it no longer caches the result.
Signed-off-by: Marc-André Lureau
Message-Id: <20180906161415.8543-1-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
backends/hostmem-memfd.c | 32 +++-
include/qemu/memfd.h | 18 +-
tests/vhost-user-test.c | 6 +++---
util/memfd.c | 35 ++-
4 files changed, 45 insertions(+), 46 deletions(-)
diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c
index 1e20fe0..3800bd0 100644
--- a/backends/hostmem-memfd.c
+++ b/backends/hostmem-memfd.c
@@ -140,18 +140,22 @@ memfd_backend_class_init(ObjectClass *oc, void *data)
bc->alloc = memfd_backend_memory_alloc;
-object_class_property_add_bool(oc, "hugetlb",
- memfd_backend_get_hugetlb,
- memfd_backend_set_hugetlb,
- &error_abort);
-object_class_property_add(oc, "hugetlbsize", "int",
- memfd_backend_get_hugetlbsize,
- memfd_backend_set_hugetlbsize,
- NULL, NULL, &error_abort);
-object_class_property_add_bool(oc, "seal",
- memfd_backend_get_seal,
- memfd_backend_set_seal,
- &error_abort);
+if (qemu_memfd_check(MFD_HUGETLB)) {
+object_class_property_add_bool(oc, "hugetlb",
+ memfd_backend_get_hugetlb,
+ memfd_backend_set_hugetlb,
+ &error_abort);
+object_class_property_add(oc, "hugetlbsize", "int",
+ memfd_backend_get_hugetlbsize,
+ memfd_backend_set_hugetlbsize,
+ NULL, NULL, &error_abort);
+}
+if (qemu_memfd_check(MFD_ALLOW_SEALING)) {
+object_class_property_add_bool(oc, "seal",
+ memfd_backend_get_seal,
+ memfd_backend_set_seal,
+ &error_abort);
+}
}
static const TypeInfo memfd_backend_info = {
@@ -164,7 +168,9 @@ static const TypeInfo memfd_backend_info = {
static void register_types(void)
{
-type_register_static(&memfd_backend_info);
+if (qemu_memfd_check(0)) {
+type_register_static(&memfd_backend_info);
+}
}
type_init(register_types);
diff --git a/include/qemu/memfd.h b/include/qemu/memfd.h
index 49e7963..d551c28 100644
--- a/include/qemu/memfd.h
+++ b/include/qemu/memfd.h
@@ -16,12 +16,28 @@
#define F_SEAL_WRITE0x0008 /* prevent writes */
#endif
+#ifndef MFD_CLOEXEC
+#define MFD_CLOEXEC 0x0001U
+#endif
+
+#ifndef MFD_ALLOW_SEALING
+#define MFD_ALLOW_SEALING 0x0002U
+#endif
+
+#ifndef MFD_HUGETLB
+#define MFD_HUGETLB 0x0004U
+#endif
+
+#ifndef MFD_HUGE_SHIFT
+#define MFD_HUGE_SHIFT 26
+#endif
+
int qemu_memfd_create(const char *name, size_t size, bool hugetlb,
uint64_t hugetlbsize, unsigned int seals, Error **errp);
bool qemu_memfd_alloc_check(void);
void *qemu_memfd_alloc(const char *name, size_t size, unsigned int seals,
int *fd, Error **errp);
void qemu_memfd_free(void *ptr, size_t size, int fd);
-bool qemu_memfd_check(void);
+bool qemu_memfd_check(unsigned int flags);
#endif /* QEMU_MEMFD_H */
diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index 716aff7..45d58d8 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -169,7 +169,7 @@ static char *get_qemu_cmd(TestServer *s,
int mem, enum test_memfd memfd, const char *mem_path,
const char *chr_opts, const char *extra)
{
-if (memfd == TEST_MEMFD_AUTO && qemu_memfd_check()) {
+if (memfd == TEST_MEMFD_AUTO && qemu_memfd_check(0)) {
memfd = TEST_MEMFD_YES;
}
@@ -903,7 +903,7 @@ static void test_multiqueue(void)
s->queues = 2;
test_server_listen(s);
-if (qemu_memfd_check()) {
+if (qemu_memfd_check(0)) {
cmd = g_strdup_printf(
QEMU_CMD_MEMFD QEMU_CMD_CHR QEMU_CMD_NETDEV ",queues=%d "
"-device virtio-net-pci,netdev=net0,mq=on,vectors=%d",
@@ -963,7 +963,7 @@ int main(int argc, char **argv)
/* run the main loop thread so the chardev may operate */
thread = g_thread_new(NULL, thread_function, loop);
-if (qemu_memfd_check()) {
+if (qemu_memfd_check(0)) {
qtest_add_data_func("/vhost-user/read-guest-mem/mem
[Qemu-devel] [PULL 30/79] target/i386: move cpu_tmp4 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 78 -
1 file changed, 39 insertions(+), 39 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 873231f..0ad6ffc 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,6 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv cpu_tmp4;
static TCGv_ptr cpu_ptr0, cpu_ptr1;
static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
@@ -141,6 +140,7 @@ typedef struct DisasContext {
/* TCG local register indexes (only used inside old micro ops) */
TCGv tmp0;
+TCGv tmp4;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -909,10 +909,10 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b,
TCGv reg)
size = s->cc_op - CC_OP_SUBB;
switch (jcc_op) {
case JCC_BE:
-tcg_gen_mov_tl(cpu_tmp4, s->cc_srcT);
-gen_extu(size, cpu_tmp4);
+tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
+gen_extu(size, s->tmp4);
t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
-cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = cpu_tmp4,
+cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = s->tmp4,
.reg2 = t0, .mask = -1, .use_reg2 = true };
break;
@@ -922,10 +922,10 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b,
TCGv reg)
case JCC_LE:
cond = TCG_COND_LE;
fast_jcc_l:
-tcg_gen_mov_tl(cpu_tmp4, s->cc_srcT);
-gen_exts(size, cpu_tmp4);
+tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
+gen_exts(size, s->tmp4);
t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, true);
-cc = (CCPrepare) { .cond = cond, .reg = cpu_tmp4,
+cc = (CCPrepare) { .cond = cond, .reg = s->tmp4,
.reg2 = t0, .mask = -1, .use_reg2 = true };
break;
@@ -1277,32 +1277,32 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
}
switch(op) {
case OP_ADCL:
-gen_compute_eflags_c(s1, cpu_tmp4);
+gen_compute_eflags_c(s1, s1->tmp4);
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_add_tl(s1->T0, cpu_tmp4, s1->T1);
+tcg_gen_add_tl(s1->T0, s1->tmp4, s1->T1);
tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
s1->mem_index, ot | MO_LE);
} else {
tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
-tcg_gen_add_tl(s1->T0, s1->T0, cpu_tmp4);
+tcg_gen_add_tl(s1->T0, s1->T0, s1->tmp4);
gen_op_st_rm_T0_A0(s1, ot, d);
}
-gen_op_update3_cc(s1, cpu_tmp4);
+gen_op_update3_cc(s1, s1->tmp4);
set_cc_op(s1, CC_OP_ADCB + ot);
break;
case OP_SBBL:
-gen_compute_eflags_c(s1, cpu_tmp4);
+gen_compute_eflags_c(s1, s1->tmp4);
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_add_tl(s1->T0, s1->T1, cpu_tmp4);
+tcg_gen_add_tl(s1->T0, s1->T1, s1->tmp4);
tcg_gen_neg_tl(s1->T0, s1->T0);
tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
s1->mem_index, ot | MO_LE);
} else {
tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
-tcg_gen_sub_tl(s1->T0, s1->T0, cpu_tmp4);
+tcg_gen_sub_tl(s1->T0, s1->T0, s1->tmp4);
gen_op_st_rm_T0_A0(s1, ot, d);
}
-gen_op_update3_cc(s1, cpu_tmp4);
+gen_op_update3_cc(s1, s1->tmp4);
set_cc_op(s1, CC_OP_SBBB + ot);
break;
case OP_ADDL:
@@ -1492,15 +1492,15 @@ static void gen_shift_rm_im(DisasContext *s, TCGMemOp
ot, int op1, int op2,
if (is_right) {
if (is_arith) {
gen_exts(ot, s->T0);
-tcg_gen_sari_tl(cpu_tmp4, s->T0, op2 - 1);
+tcg_gen_sari_tl(s->tmp4, s->T0, op2 - 1);
tcg_gen_sari_tl(s->T0, s->T0, op2);
} else {
gen_extu(ot, s->T0);
-tcg_gen_shri_tl(cpu_tmp4, s->T0, op2 - 1);
+tcg_gen_shri_tl(s->tmp4, s->T0, op2 - 1);
tcg_gen_shri_tl(s->T0, s->T0, op2);
}
} else {
-tcg_gen_shli_tl(cpu_tmp4, s->T0, op2 - 1);
+tcg_gen_shli_tl(s->tmp4, s->T0, op2 - 1);
tcg_gen_shli_tl(s->T0, s->T0, op2);
}
}
@@ -1510,7 +1510,7 @@ static void gen_shift_rm_im(DisasContext *s, TCGMemOp ot,
int op1, int op2,
/* update eflags if non zero shift */
if (op2 != 0) {
-tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
+tcg_gen_mov_tl(cpu_cc_src, s->tmp4);
tcg_gen_mov_tl(cpu_cc_dst, s->T0);
set_cc_op(s, (is_right
[Qemu-devel] [PULL 13/79] cpus: access .qemu_icount with atomic64
From: "Emilio G. Cota" Signed-off-by: Emilio G. Cota Message-Id: <20180910232752.31565-10-c...@braap.org> Signed-off-by: Paolo Bonzini --- cpus.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpus.c b/cpus.c index 6e1a892..fed8ec1 100644 --- a/cpus.c +++ b/cpus.c @@ -250,8 +250,8 @@ static void cpu_update_icount_locked(CPUState *cpu) int64_t executed = cpu_get_icount_executed(cpu); cpu->icount_budget -= executed; -atomic_set__nocheck(&timers_state.qemu_icount, -timers_state.qemu_icount + executed); +atomic_set_i64(&timers_state.qemu_icount, + timers_state.qemu_icount + executed); } /* @@ -280,8 +280,8 @@ static int64_t cpu_get_icount_raw_locked(void) /* Take into account what has run */ cpu_update_icount_locked(cpu); } -/* The read is protected by the seqlock, so __nocheck is okay. */ -return atomic_read__nocheck(&timers_state.qemu_icount); +/* The read is protected by the seqlock, but needs atomic64 to avoid UB */ +return atomic_read_i64(&timers_state.qemu_icount); } static int64_t cpu_get_icount_locked(void) -- 1.8.3.1
[Qemu-devel] [PULL 12/79] cpus: take seqlock across qemu_icount updates
Even though writes of qemu_icount can safely race with reads in
qemu_icount_raw, qemu_icount is also read by icount_adjust, which
runs in the I/O thread. Therefore, writes do needs protection of
the vm_clock_lock; for simplicity the patch protects it with both
seqlock+spinlock, which we already do for hosts that lack 64-bit atomics.
The bug actually predated the introduction of vm_clock_lock;
cpu_update_icount would have needed the BQL before the spinlock was
introduced.
Reported-by: Emilio G. Cota
Signed-off-by: Paolo Bonzini
---
cpus.c | 22 ++
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/cpus.c b/cpus.c
index 4abc3b3..6e1a892 100644
--- a/cpus.c
+++ b/cpus.c
@@ -245,21 +245,27 @@ static int64_t cpu_get_icount_executed(CPUState *cpu)
* account executed instructions. This is done by the TCG vCPU
* thread so the main-loop can see time has moved forward.
*/
-void cpu_update_icount(CPUState *cpu)
+static void cpu_update_icount_locked(CPUState *cpu)
{
int64_t executed = cpu_get_icount_executed(cpu);
cpu->icount_budget -= executed;
-#ifndef CONFIG_ATOMIC64
-seqlock_write_lock(&timers_state.vm_clock_seqlock,
- &timers_state.vm_clock_lock);
-#endif
atomic_set__nocheck(&timers_state.qemu_icount,
timers_state.qemu_icount + executed);
-#ifndef CONFIG_ATOMIC64
+}
+
+/*
+ * Update the global shared timer_state.qemu_icount to take into
+ * account executed instructions. This is done by the TCG vCPU
+ * thread so the main-loop can see time has moved forward.
+ */
+void cpu_update_icount(CPUState *cpu)
+{
+seqlock_write_lock(&timers_state.vm_clock_seqlock,
+ &timers_state.vm_clock_lock);
+cpu_update_icount_locked(cpu);
seqlock_write_unlock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
-#endif
}
static int64_t cpu_get_icount_raw_locked(void)
@@ -272,7 +278,7 @@ static int64_t cpu_get_icount_raw_locked(void)
exit(1);
}
/* Take into account what has run */
-cpu_update_icount(cpu);
+cpu_update_icount_locked(cpu);
}
/* The read is protected by the seqlock, so __nocheck is okay. */
return atomic_read__nocheck(&timers_state.qemu_icount);
--
1.8.3.1
[Qemu-devel] [PULL 19/79] hw/char/sh_serial: Add timeout handling to unbreak serial input
From: Geert Uytterhoeven
As of commit 18e8cf159177100e ("serial: sh-sci: increase RX FIFO trigger
defaults for (H)SCIF") in Linux v4.11-rc1, the serial console on the
QEMU SH4 target is broken: it delays serial input until enough data has
been received.
Since aforementioned commit, the Linux SCIF driver programs the Receive
FIFO Data Count Trigger bits in the FIFO Control Register, to postpone
generating a receive interrupt until:
1. At least the receive trigger count of bytes of data are available
in the receive FIFO, OR
2. No further data has been received for at least 15 etu after the
last received data.
While QEMU implements the former, it does not implement the latter.
Hence the receive interrupt is not generated until the former condition
is met.
Fix this by adding basic timeout handling. As the QEMU SCIF emulation
ignores any serial speed programming, the timeout value used conforms to
a default speed of 9600 bps, which is fine for any interactive console.
Reported-by: Rob Landley
Signed-off-by: Geert Uytterhoeven
Tested-by: Ulrich Hecht
Tested-by: Rob Landley
Tested-by: Rich Felker
Message-Id: <20180905131125.12635-1-geert+rene...@glider.be>
Signed-off-by: Paolo Bonzini
---
hw/char/sh_serial.c | 20
1 file changed, 20 insertions(+)
diff --git a/hw/char/sh_serial.c b/hw/char/sh_serial.c
index 373a405..1283156 100644
--- a/hw/char/sh_serial.c
+++ b/hw/char/sh_serial.c
@@ -29,6 +29,7 @@
#include "hw/sh4/sh.h"
#include "chardev/char-fe.h"
#include "qapi/error.h"
+#include "qemu/timer.h"
//#define DEBUG_SERIAL
@@ -63,6 +64,8 @@ typedef struct {
int rtrg;
CharBackend chr;
+QEMUTimer *fifo_timeout_timer;
+uint64_t etu; /* Elementary Time Unit (ns) */
qemu_irq eri;
qemu_irq rxi;
@@ -314,6 +317,16 @@ static int sh_serial_can_receive1(void *opaque)
return sh_serial_can_receive(s);
}
+static void sh_serial_timeout_int(void *opaque)
+{
+sh_serial_state *s = opaque;
+
+s->flags |= SH_SERIAL_FLAG_RDF;
+if (s->scr & (1 << 6) && s->rxi) {
+qemu_set_irq(s->rxi, 1);
+}
+}
+
static void sh_serial_receive1(void *opaque, const uint8_t *buf, int size)
{
sh_serial_state *s = opaque;
@@ -330,8 +343,12 @@ static void sh_serial_receive1(void *opaque, const uint8_t
*buf, int size)
if (s->rx_cnt >= s->rtrg) {
s->flags |= SH_SERIAL_FLAG_RDF;
if (s->scr & (1 << 6) && s->rxi) {
+timer_del(s->fifo_timeout_timer);
qemu_set_irq(s->rxi, 1);
}
+} else {
+timer_mod(s->fifo_timeout_timer,
+qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 15 * s->etu);
}
}
}
@@ -402,6 +419,9 @@ void sh_serial_init(MemoryRegion *sysmem,
sh_serial_event, NULL, s, NULL, true);
}
+s->fifo_timeout_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
+ sh_serial_timeout_int, s);
+s->etu = NANOSECONDS_PER_SECOND / 9600;
s->eri = eri_source;
s->rxi = rxi_source;
s->txi = txi_source;
--
1.8.3.1
[Qemu-devel] [PULL 10/79] qsp: use atomic64 accessors
From: "Emilio G. Cota"
With the seqlock, we either have to use atomics to remain
within defined behaviour (and note that 64-bit atomics aren't
always guaranteed to compile, irrespective of __nocheck), or
drop the atomics and be in undefined behaviour territory.
Fix it by dropping the seqlock and using atomic64 accessors.
This will limit scalability when !CONFIG_ATOMIC64, but those
machines (1) don't have many users and (2) are unlikely to
have many cores.
- With CONFIG_ATOMIC64:
$ tests/atomic_add-bench -n 1 -m -p
Throughput: 13.00 Mops/s
- Forcing !CONFIG_ATOMIC64:
$ tests/atomic_add-bench -n 1 -m -p
Throughput: 10.89 Mops/s
Signed-off-by: Emilio G. Cota
Message-Id: <20180910232752.31565-5-c...@braap.org>
Signed-off-by: Paolo Bonzini
---
util/qsp.c | 49 -
1 file changed, 8 insertions(+), 41 deletions(-)
diff --git a/util/qsp.c b/util/qsp.c
index b0c2575..c16af03 100644
--- a/util/qsp.c
+++ b/util/qsp.c
@@ -84,13 +84,6 @@ struct QSPEntry {
uint64_t n_acqs;
uint64_t ns;
unsigned int n_objs; /* count of coalesced objs; only used for reporting */
-#ifndef CONFIG_ATOMIC64
-/*
- * If we cannot update the counts atomically, then use a seqlock.
- * We don't need an associated lock because the updates are thread-local.
- */
-QemuSeqLock sequence;
-#endif
};
typedef struct QSPEntry QSPEntry;
@@ -345,46 +338,15 @@ static QSPEntry *qsp_entry_get(const void *obj, const
char *file, int line,
}
/*
- * @from is in the global hash table; read it atomically if the host
- * supports it, otherwise use the seqlock.
- */
-static void qsp_entry_aggregate(QSPEntry *to, const QSPEntry *from)
-{
-#ifdef CONFIG_ATOMIC64
-to->ns += atomic_read__nocheck(&from->ns);
-to->n_acqs += atomic_read__nocheck(&from->n_acqs);
-#else
-unsigned int version;
-uint64_t ns, n_acqs;
-
-do {
-version = seqlock_read_begin(&from->sequence);
-ns = atomic_read__nocheck(&from->ns);
-n_acqs = atomic_read__nocheck(&from->n_acqs);
-} while (seqlock_read_retry(&from->sequence, version));
-
-to->ns += ns;
-to->n_acqs += n_acqs;
-#endif
-}
-
-/*
* @e is in the global hash table; it is only written to by the current thread,
* so we write to it atomically (as in "write once") to prevent torn reads.
- * If the host doesn't support u64 atomics, use the seqlock.
*/
static inline void do_qsp_entry_record(QSPEntry *e, int64_t delta, bool acq)
{
-#ifndef CONFIG_ATOMIC64
-seqlock_write_begin(&e->sequence);
-#endif
-atomic_set__nocheck(&e->ns, e->ns + delta);
+atomic_set_u64(&e->ns, e->ns + delta);
if (acq) {
-atomic_set__nocheck(&e->n_acqs, e->n_acqs + 1);
+atomic_set_u64(&e->n_acqs, e->n_acqs + 1);
}
-#ifndef CONFIG_ATOMIC64
-seqlock_write_end(&e->sequence);
-#endif
}
static inline void qsp_entry_record(QSPEntry *e, int64_t delta)
@@ -550,7 +512,12 @@ static void qsp_aggregate(struct qht *global_ht, void *p,
uint32_t h, void *up)
hash = qsp_entry_no_thread_hash(e);
agg = qsp_entry_find(ht, e, hash);
-qsp_entry_aggregate(agg, e);
+/*
+ * The entry is in the global hash table; read from it atomically (as in
+ * "read once").
+ */
+agg->ns += atomic_read_u64(&e->ns);
+agg->n_acqs += atomic_read_u64(&e->n_acqs);
}
static void qsp_iter_diff(struct qht *orig, void *p, uint32_t hash, void *htp)
--
1.8.3.1
[Qemu-devel] [PULL 14/79] cpus: access .qemu_icount_bias with atomic64
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Message-Id: <20180910232752.31565-11-c...@braap.org>
Signed-off-by: Paolo Bonzini
---
cpus.c | 21 +++--
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/cpus.c b/cpus.c
index fed8ec1..d8b3b46 100644
--- a/cpus.c
+++ b/cpus.c
@@ -287,7 +287,8 @@ static int64_t cpu_get_icount_raw_locked(void)
static int64_t cpu_get_icount_locked(void)
{
int64_t icount = cpu_get_icount_raw_locked();
-return atomic_read__nocheck(&timers_state.qemu_icount_bias) +
cpu_icount_to_ns(icount);
+return atomic_read_i64(&timers_state.qemu_icount_bias) +
+cpu_icount_to_ns(icount);
}
int64_t cpu_get_icount_raw(void)
@@ -460,9 +461,9 @@ static void icount_adjust(void)
timers_state.icount_time_shift + 1);
}
last_delta = delta;
-atomic_set__nocheck(&timers_state.qemu_icount_bias,
-cur_icount - (timers_state.qemu_icount
- << timers_state.icount_time_shift));
+atomic_set_i64(&timers_state.qemu_icount_bias,
+ cur_icount - (timers_state.qemu_icount
+ << timers_state.icount_time_shift));
seqlock_write_unlock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
}
@@ -522,8 +523,8 @@ static void icount_warp_rt(void)
int64_t delta = clock - cur_icount;
warp_delta = MIN(warp_delta, delta);
}
-atomic_set__nocheck(&timers_state.qemu_icount_bias,
-timers_state.qemu_icount_bias + warp_delta);
+atomic_set_i64(&timers_state.qemu_icount_bias,
+ timers_state.qemu_icount_bias + warp_delta);
}
timers_state.vm_clock_warp_start = -1;
seqlock_write_unlock(&timers_state.vm_clock_seqlock,
@@ -554,8 +555,8 @@ void qtest_clock_warp(int64_t dest)
seqlock_write_lock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
-atomic_set__nocheck(&timers_state.qemu_icount_bias,
-timers_state.qemu_icount_bias + warp);
+atomic_set_i64(&timers_state.qemu_icount_bias,
+ timers_state.qemu_icount_bias + warp);
seqlock_write_unlock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
@@ -626,8 +627,8 @@ void qemu_start_warp_timer(void)
*/
seqlock_write_lock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
-atomic_set__nocheck(&timers_state.qemu_icount_bias,
-timers_state.qemu_icount_bias + deadline);
+atomic_set_i64(&timers_state.qemu_icount_bias,
+ timers_state.qemu_icount_bias + deadline);
seqlock_write_unlock(&timers_state.vm_clock_seqlock,
&timers_state.vm_clock_lock);
qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
--
1.8.3.1
[Qemu-devel] [PULL 42/79] timer: introduce new virtual clock
From: Pavel Dovgalyuk
Slirp and VNC modules use virtual clock for processing some events that
are related to the guest execution speed.
But virtual clock-related events are consideres to be deterministic and
are recorded/replayed by icount mechanism. But slirp and VNC lie outside
the recorded guest core (which includes CPU and peripherals).
Therefore slirp and VNC are external for the guest, but should work at
guest speed.
This patch introduces new virtual clock which can be used for external
subsystems for running timers that are synchronized with the guest.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912082002.3228.82417.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
include/qemu/timer.h | 9 +
util/qemu-timer.c| 2 ++
2 files changed, 11 insertions(+)
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 39ea907..a005ed2 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -42,6 +42,14 @@
* In icount mode, this clock counts nanoseconds while the virtual
* machine is running. It is used to increase @QEMU_CLOCK_VIRTUAL
* while the CPUs are sleeping and thus not executing instructions.
+ *
+ * @QEMU_CLOCK_VIRTUAL_EXT: virtual clock for external subsystems
+ *
+ * The virtual clock only runs during the emulation. It stops
+ * when the virtual machine is stopped. The timers for this clock
+ * do not recorded in rr mode, therefore this clock could be used
+ * for the subsystems that operate outside the guest core.
+ *
*/
typedef enum {
@@ -49,6 +57,7 @@ typedef enum {
QEMU_CLOCK_VIRTUAL = 1,
QEMU_CLOCK_HOST = 2,
QEMU_CLOCK_VIRTUAL_RT = 3,
+QEMU_CLOCK_VIRTUAL_EXT = 4,
QEMU_CLOCK_MAX
} QEMUClockType;
diff --git a/util/qemu-timer.c b/util/qemu-timer.c
index 86bfe84..eb60d8f 100644
--- a/util/qemu-timer.c
+++ b/util/qemu-timer.c
@@ -496,6 +496,7 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
switch (timer_list->clock->type) {
case QEMU_CLOCK_REALTIME:
+case QEMU_CLOCK_VIRTUAL_EXT:
break;
default:
case QEMU_CLOCK_VIRTUAL:
@@ -597,6 +598,7 @@ int64_t qemu_clock_get_ns(QEMUClockType type)
return get_clock();
default:
case QEMU_CLOCK_VIRTUAL:
+case QEMU_CLOCK_VIRTUAL_EXT:
if (use_icount) {
return cpu_get_icount();
} else {
--
1.8.3.1
[Qemu-devel] [PULL 20/79] util: add qemu_write_pidfile()
From: Marc-André Lureau
There are variants of qemu_create_pidfile() in qemu-pr-helper and
qemu-ga. Let's have a common implementation in libqemuutil.
The code is initially based from pr-helper write_pidfile(), with
various improvements and suggestions from Daniel Berrangé:
QEMU will leave the pidfile existing on disk when it exits which
initially made me think it avoids the deletion race. The app
managing QEMU, however, may well delete the pidfile after it has
seen QEMU exit, and even if the app locks the pidfile before
deleting it, there is still a race.
eg consider the following sequence
QEMU 1libvirtdQEMU 2
1.lock(pidfile)
2.exit()
3. open(pidfile)
4. lock(pidfile)
5. open(pidfile)
6. unlink(pidfile)
7. close(pidfile)
8. lock(pidfile)
IOW, at step 8 the new QEMU has successfully acquired the lock, but
the pidfile no longer exists on disk because it was deleted after
the original QEMU exited.
While we could just say no external app should ever delete the
pidfile, I don't think that is satisfactory as people don't read
docs, and admins don't like stale pidfiles being left around on
disk.
To make this robust, I think we might want to copy libvirt's
approach to pidfile acquisition which runs in a loop and checks that
the file on disk /after/ acquiring the lock matches the file that
was locked. Then we could in fact safely let QEMU delete its own
pidfiles on clean exit..
Signed-off-by: Marc-André Lureau
Message-Id: <20180831145314.14736-2-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
include/qemu/osdep.h | 3 ++-
os-posix.c| 24 --
os-win32.c| 25 ---
qga/main.c| 54
scsi/qemu-pr-helper.c | 40 --
util/oslib-posix.c| 68 +++
util/oslib-win32.c| 27
vl.c | 4 +--
8 files changed, 114 insertions(+), 131 deletions(-)
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index a746a5e..4f8559e 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -448,7 +448,8 @@ bool qemu_has_ofd_lock(void);
#define FMT_pid "%d"
#endif
-int qemu_create_pidfile(const char *filename);
+bool qemu_write_pidfile(const char *pidfile, Error **errp);
+
int qemu_get_thread_id(void);
#ifndef CONFIG_IOVEC
diff --git a/os-posix.c b/os-posix.c
index 8f39447..4bd80e4 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -344,30 +344,6 @@ void os_set_line_buffering(void)
setvbuf(stdout, NULL, _IOLBF, 0);
}
-int qemu_create_pidfile(const char *filename)
-{
-char buffer[128];
-int len;
-int fd;
-
-fd = qemu_open(filename, O_RDWR | O_CREAT, 0600);
-if (fd == -1) {
-return -1;
-}
-if (lockf(fd, F_TLOCK, 0) == -1) {
-close(fd);
-return -1;
-}
-len = snprintf(buffer, sizeof(buffer), FMT_pid "\n", getpid());
-if (write(fd, buffer, len) != len) {
-close(fd);
-return -1;
-}
-
-/* keep pidfile open & locked forever */
-return 0;
-}
-
bool is_daemonized(void)
{
return daemonize;
diff --git a/os-win32.c b/os-win32.c
index 0674f94..0e0d7f5 100644
--- a/os-win32.c
+++ b/os-win32.c
@@ -97,28 +97,3 @@ int os_parse_cmd_args(int index, const char *optarg)
{
return -1;
}
-
-int qemu_create_pidfile(const char *filename)
-{
-char buffer[128];
-int len;
-HANDLE file;
-OVERLAPPED overlap;
-BOOL ret;
-memset(&overlap, 0, sizeof(overlap));
-
-file = CreateFile(filename, GENERIC_WRITE, FILE_SHARE_READ, NULL,
- OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
-
-if (file == INVALID_HANDLE_VALUE) {
-return -1;
-}
-len = snprintf(buffer, sizeof(buffer), "%d\n", getpid());
-ret = WriteFile(file, (LPCVOID)buffer, (DWORD)len,
-NULL, &overlap);
-CloseHandle(file);
-if (ret == 0) {
-return -1;
-}
-return 0;
-}
diff --git a/qga/main.c b/qga/main.c
index 6d70242..c399320 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -340,46 +340,6 @@ static FILE *ga_open_logfile(const char *logfile)
return f;
}
-#ifndef _WIN32
-static bool ga_open_pidfile(const char *pidfile)
-{
-int pidfd;
-char pidstr[32];
-
-pidfd = qemu_open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
-if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) {
-g_critical("Cannot lock pid file, %s", strerror(errno));
-if (pidfd != -1) {
-close(pidfd);
-}
-return false;
-}
-
-if (ftruncate(pidfd, 0)) {
-g_critical("Failed to truncate pid file");
-goto fail;
-}
-snprintf(pidstr, sizeof(pidstr), "%
[Qemu-devel] [PULL 44/79] ui: fix virtual timers
From: Pavel Dovgalyuk
UI uses timers based on virtual clock for managing key queue.
This is incorrect because this service is not related to the guest state,
and its events should not be recorded and replayed. But these timers should
stop when the guest is not executing.
This patch changes using virtual clock to the new virtual_ext clock,
which runs as virtual clock, but its timers are not saved to the log.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912082013.3228.33664.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
ui/input.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ui/input.c b/ui/input.c
index 51b1019..dd7f6d7 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -271,7 +271,7 @@ static void qemu_input_queue_process(void *opaque)
item = QTAILQ_FIRST(queue);
switch (item->type) {
case QEMU_INPUT_QUEUE_DELAY:
-timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
+timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_EXT)
+ item->delay_ms);
return;
case QEMU_INPUT_QUEUE_EVENT:
@@ -301,7 +301,7 @@ static void qemu_input_queue_delay(struct
QemuInputEventQueueHead *queue,
queue_count++;
if (start_timer) {
-timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
+timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_EXT)
+ item->delay_ms);
}
}
@@ -448,8 +448,8 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
}
if (!kbd_timer) {
-kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
- &kbd_queue);
+kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL_EXT,
+ qemu_input_queue_process, &kbd_queue);
}
if (queue_count < queue_limit) {
qemu_input_queue_delay(&kbd_queue, kbd_timer,
--
1.8.3.1
[Qemu-devel] [PULL 09/79] tests: add atomic64-bench
From: "Emilio G. Cota"
- With CONFIG_ATOMIC64:
$ tests/atomic64-bench -n 1
Throughput: 310.40 Mops/s
- Without:
$ tests/atomic64-bench -n 1
Throughput: 149.08 Mops/s
Signed-off-by: Emilio G. Cota
Message-Id: <20180910232752.31565-4-c...@braap.org>
Signed-off-by: Paolo Bonzini
---
tests/Makefile.include | 3 +-
tests/atomic64-bench.c | 171 +
2 files changed, 173 insertions(+), 1 deletion(-)
create mode 100644 tests/atomic64-bench.c
diff --git a/tests/Makefile.include b/tests/Makefile.include
index d0c0a92..175d013 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -613,7 +613,7 @@ test-obj-y = tests/check-qnum.o tests/check-qstring.o
tests/check-qdict.o \
tests/test-rcu-tailq.o \
tests/test-qdist.o tests/test-shift128.o \
tests/test-qht.o tests/qht-bench.o tests/test-qht-par.o \
- tests/atomic_add-bench.o
+ tests/atomic_add-bench.o tests/atomic64-bench.o
$(test-obj-y): QEMU_INCLUDES += -Itests
QEMU_CFLAGS += -I$(SRC_PATH)/tests
@@ -668,6 +668,7 @@ tests/test-qht-par$(EXESUF): tests/test-qht-par.o
tests/qht-bench$(EXESUF) $(tes
tests/qht-bench$(EXESUF): tests/qht-bench.o $(test-util-obj-y)
tests/test-bufferiszero$(EXESUF): tests/test-bufferiszero.o $(test-util-obj-y)
tests/atomic_add-bench$(EXESUF): tests/atomic_add-bench.o $(test-util-obj-y)
+tests/atomic64-bench$(EXESUF): tests/atomic64-bench.o $(test-util-obj-y)
tests/test-qdev-global-props$(EXESUF): tests/test-qdev-global-props.o \
hw/core/qdev.o hw/core/qdev-properties.o hw/core/hotplug.o\
diff --git a/tests/atomic64-bench.c b/tests/atomic64-bench.c
new file mode 100644
index 000..7169256
--- /dev/null
+++ b/tests/atomic64-bench.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2018, Emilio G. Cota
+ *
+ * License: GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu/thread.h"
+#include "qemu/host-utils.h"
+#include "qemu/processor.h"
+
+struct thread_info {
+uint64_t r;
+uint64_t accesses;
+} QEMU_ALIGNED(64);
+
+struct count {
+int64_t i64;
+} QEMU_ALIGNED(64);
+
+static QemuThread *threads;
+static struct thread_info *th_info;
+static unsigned int n_threads = 1;
+static unsigned int n_ready_threads;
+static struct count *counts;
+static unsigned int duration = 1;
+static unsigned int range = 1024;
+static bool test_start;
+static bool test_stop;
+
+static const char commands_string[] =
+" -d = duration in seconds\n"
+" -n = number of threads\n"
+" -r = range (will be rounded up to pow2)";
+
+static void usage_complete(char *argv[])
+{
+fprintf(stderr, "Usage: %s [options]\n", argv[0]);
+fprintf(stderr, "options:\n%s\n", commands_string);
+}
+
+/*
+ * From: https://en.wikipedia.org/wiki/Xorshift
+ * This is faster than rand_r(), and gives us a wider range (RAND_MAX is only
+ * guaranteed to be >= INT_MAX).
+ */
+static uint64_t xorshift64star(uint64_t x)
+{
+x ^= x >> 12; /* a */
+x ^= x << 25; /* b */
+x ^= x >> 27; /* c */
+return x * UINT64_C(2685821657736338717);
+}
+
+static void *thread_func(void *arg)
+{
+struct thread_info *info = arg;
+
+atomic_inc(&n_ready_threads);
+while (!atomic_read(&test_start)) {
+cpu_relax();
+}
+
+while (!atomic_read(&test_stop)) {
+unsigned int index;
+
+info->r = xorshift64star(info->r);
+index = info->r & (range - 1);
+atomic_read_i64(&counts[index].i64);
+info->accesses++;
+}
+return NULL;
+}
+
+static void run_test(void)
+{
+unsigned int remaining;
+unsigned int i;
+
+while (atomic_read(&n_ready_threads) != n_threads) {
+cpu_relax();
+}
+atomic_set(&test_start, true);
+do {
+remaining = sleep(duration);
+} while (remaining);
+atomic_set(&test_stop, true);
+
+for (i = 0; i < n_threads; i++) {
+qemu_thread_join(&threads[i]);
+}
+}
+
+static void create_threads(void)
+{
+unsigned int i;
+
+threads = g_new(QemuThread, n_threads);
+th_info = g_new(struct thread_info, n_threads);
+counts = g_malloc0_n(range, sizeof(*counts));
+
+for (i = 0; i < n_threads; i++) {
+struct thread_info *info = &th_info[i];
+
+info->r = (i + 1) ^ time(NULL);
+info->accesses = 0;
+qemu_thread_create(&threads[i], NULL, thread_func, info,
+ QEMU_THREAD_JOINABLE);
+}
+}
+
+static void pr_params(void)
+{
+printf("Parameters:\n");
+printf(" # of threads: %u\n", n_threads);
+printf(" duration: %u\n", duration);
+printf(" ops' range:%u\n", range);
+}
+
+static void pr_stats(void)
+{
+unsigned long long val = 0;
+double tx;
+int i;
+
+for (i = 0; i < n_threads; i++) {
+val += th_info[i].accesses;
+}
+tx = val / duration / 1e6;
+
+printf("Results:\n");
+printf("Duration:%u
[Qemu-devel] [PULL 22/79] serial: fix DLL writes
Commit 0147883450fe84bb8de2d4a58381881f4262ce9b tries to handle
word-sized writes to DLL/DLH, but due to a typo,
this patch is causing tracebacks in all Linux kernels running the PXA
serial driver, due to an unexpected DLL register value. Here is the
surrounding code from drivers/tty/serial/pxa.c:
serial_out(up, UART_DLL, quot & 0xff); /* LS of divisor */
/*
* work around Errata #75 according to Intel(R) PXA27x
* Processor Family Specification Update (Nov 2005)
*/
dll = serial_in(up, UART_DLL);
WARN_ON(dll != (quot & 0xff)); // <-- warning
Reported-by: Guenter Roeck
Tested-by: Guenter Roeck
Fixes: 0147883450fe84bb8de2d4a58381881f4262ce9b
Signed-off-by: Paolo Bonzini
---
hw/char/serial.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 251f40f..02463e3 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -345,9 +345,9 @@ static void serial_ioport_write(void *opaque, hwaddr addr,
uint64_t val,
default:
case 0:
if (s->lcr & UART_LCR_DLAB) {
-if (size == 2) {
+if (size == 1) {
s->divider = (s->divider & 0xff00) | val;
-} else if (size == 4) {
+} else {
s->divider = val;
}
serial_update_parameters(s);
--
1.8.3.1
[Qemu-devel] [PULL 24/79] change get_image_size return type to int64_t
From: Li Zhijian
Previously, if the size of initrd >=2G, qemu exits with error:
root@haswell-OptiPlex-9020:/home/lizj#
/home/lizhijian/lkp/qemu-colo/x86_64-softmmu/qemu-system-x86_64 -kernel
./vmlinuz-4.16.0-rc4 -initrd large.cgz -nographic
qemu: error reading initrd large.cgz: No such file or directory
root@haswell-OptiPlex-9020:/home/lizj# du -sh large.cgz
2.5Glarge.cgz
this patch changes the caller side that use this function to calculate
size of initrd file as well.
v2: update error message and int64_t printing format
Signed-off-by: Li Zhijian
Message-Id: <1536833233-14121-1-git-send-email-lizhij...@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini
---
hw/alpha/dp264.c| 3 ++-
hw/core/loader.c| 5 +++--
hw/hppa/machine.c | 2 +-
hw/i386/pc.c| 7 ++-
hw/mips/mips_fulong2e.c | 4 ++--
hw/mips/mips_malta.c| 4 ++--
hw/mips/mips_mipssim.c | 3 +--
hw/mips/mips_r4k.c | 4 ++--
hw/moxie/moxiesim.c | 2 +-
include/hw/loader.h | 2 +-
10 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 80b987f..dd62f2a 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -150,7 +150,8 @@ static void clipper_init(MachineState *machine)
}
if (initrd_filename) {
-long initrd_base, initrd_size;
+long initrd_base;
+int64_t initrd_size;
initrd_size = get_image_size(initrd_filename);
if (initrd_size < 0) {
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 390987a..aa0b3fc 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -61,9 +61,10 @@
static int roms_loaded;
/* return the size or -1 if error */
-int get_image_size(const char *filename)
+int64_t get_image_size(const char *filename)
{
-int fd, size;
+int fd;
+int64_t size;
fd = open(filename, O_RDONLY | O_BINARY);
if (fd < 0)
return -1;
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 0fb8fb8..ac6dd7f 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -191,7 +191,7 @@ static void machine_hppa_init(MachineState *machine)
if (initrd_filename) {
ram_addr_t initrd_base;
-long initrd_size;
+int64_t initrd_size;
initrd_size = get_image_size(initrd_filename);
if (initrd_size < 0) {
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 0314845..cd5029c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -838,7 +838,8 @@ static void load_linux(PCMachineState *pcms,
FWCfgState *fw_cfg)
{
uint16_t protocol;
-int setup_size, kernel_size, initrd_size = 0, cmdline_size;
+int setup_size, kernel_size, cmdline_size;
+int64_t initrd_size = 0;
int dtb_size, setup_data_offset;
uint32_t initrd_max;
uint8_t header[8192], *setup, *kernel, *initrd_data;
@@ -974,6 +975,10 @@ static void load_linux(PCMachineState *pcms,
fprintf(stderr, "qemu: error reading initrd %s: %s\n",
initrd_filename, strerror(errno));
exit(1);
+} else if (initrd_size >= initrd_max) {
+fprintf(stderr, "qemu: initrd is too large, cannot support."
+"(max: %"PRIu32", need %"PRId64")\n", initrd_max,
initrd_size);
+exit(1);
}
initrd_addr = (initrd_max-initrd_size) & ~4095;
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index c1694c8..91655ea 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -104,9 +104,9 @@ static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf,
int index,
static int64_t load_kernel (CPUMIPSState *env)
{
-int64_t kernel_entry, kernel_low, kernel_high;
+int64_t kernel_entry, kernel_low, kernel_high, initrd_size;
int index = 0;
-long kernel_size, initrd_size;
+long kernel_size;
ram_addr_t initrd_offset;
uint32_t *prom_buf;
long prom_size;
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 40041d5..64ab5d1 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -995,8 +995,8 @@ static void GCC_FMT_ATTR(3, 4) prom_set(uint32_t* prom_buf,
int index,
/* Kernel */
static int64_t load_kernel (void)
{
-int64_t kernel_entry, kernel_high;
-long kernel_size, initrd_size;
+int64_t kernel_entry, kernel_high, initrd_size;
+long kernel_size;
ram_addr_t initrd_offset;
int big_endian;
uint32_t *prom_buf;
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
index 241faa1..f665752 100644
--- a/hw/mips/mips_mipssim.c
+++ b/hw/mips/mips_mipssim.c
@@ -58,9 +58,8 @@ typedef struct ResetData {
static int64_t load_kernel(void)
{
-int64_t entry, kernel_high;
+int64_t entry, kernel_high, initrd_size;
long kernel_size;
-long initrd_size;
ram_addr_t initrd_offset;
int big_endian;
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index d5725d0..ef6b810 100644
--- a/hw/mips/mip
[Qemu-devel] [PULL 46/79] hw: debugexit: add read callback
From: Li Qiang
Signed-off-by: Li Qiang
Message-Id: <20180912160118.21158-3-liq...@163.com>
Signed-off-by: Paolo Bonzini
---
hw/misc/debugexit.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/hw/misc/debugexit.c b/hw/misc/debugexit.c
index 84fa1a5..bed2932 100644
--- a/hw/misc/debugexit.c
+++ b/hw/misc/debugexit.c
@@ -23,6 +23,11 @@ typedef struct ISADebugExitState {
MemoryRegion io;
} ISADebugExitState;
+static uint64_t debug_exit_read(void *opaque, hwaddr addr, unsigned size)
+{
+return 0;
+}
+
static void debug_exit_write(void *opaque, hwaddr addr, uint64_t val,
unsigned width)
{
@@ -30,6 +35,7 @@ static void debug_exit_write(void *opaque, hwaddr addr,
uint64_t val,
}
static const MemoryRegionOps debug_exit_ops = {
+.read = debug_exit_read,
.write = debug_exit_write,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
--
1.8.3.1
[Qemu-devel] [PULL 26/79] target/i386: move cpu_A0 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 472
1 file changed, 236 insertions(+), 236 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index e9f5124..c6b1baa 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -72,7 +72,6 @@
//#define MACRO_TEST 1
/* global register indexes */
-static TCGv cpu_A0;
static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2;
static TCGv_i32 cpu_cc_op;
static TCGv cpu_regs[CPU_NB_REGS];
@@ -138,6 +137,7 @@ typedef struct DisasContext {
/* TCG local temps */
TCGv cc_srcT;
+TCGv A0;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -395,9 +395,9 @@ static inline void gen_op_mov_v_reg(TCGMemOp ot, TCGv t0,
int reg)
static void gen_add_A0_im(DisasContext *s, int val)
{
-tcg_gen_addi_tl(cpu_A0, cpu_A0, val);
+tcg_gen_addi_tl(s->A0, s->A0, val);
if (!CODE64(s)) {
-tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
+tcg_gen_ext32u_tl(s->A0, s->A0);
}
}
@@ -431,7 +431,7 @@ static inline void gen_op_st_v(DisasContext *s, int idx,
TCGv t0, TCGv a0)
static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
{
if (d == OR_TMP0) {
-gen_op_st_v(s, idx, cpu_T0, cpu_A0);
+gen_op_st_v(s, idx, cpu_T0, s->A0);
} else {
gen_op_mov_reg_v(idx, d, cpu_T0);
}
@@ -453,7 +453,7 @@ static void gen_lea_v_seg(DisasContext *s, TCGMemOp aflag,
TCGv a0,
#ifdef TARGET_X86_64
case MO_64:
if (ovr_seg < 0) {
-tcg_gen_mov_tl(cpu_A0, a0);
+tcg_gen_mov_tl(s->A0, a0);
return;
}
break;
@@ -464,14 +464,14 @@ static void gen_lea_v_seg(DisasContext *s, TCGMemOp
aflag, TCGv a0,
ovr_seg = def_seg;
}
if (ovr_seg < 0) {
-tcg_gen_ext32u_tl(cpu_A0, a0);
+tcg_gen_ext32u_tl(s->A0, a0);
return;
}
break;
case MO_16:
/* 16 bit address */
-tcg_gen_ext16u_tl(cpu_A0, a0);
-a0 = cpu_A0;
+tcg_gen_ext16u_tl(s->A0, a0);
+a0 = s->A0;
if (ovr_seg < 0) {
if (s->addseg) {
ovr_seg = def_seg;
@@ -488,13 +488,13 @@ static void gen_lea_v_seg(DisasContext *s, TCGMemOp
aflag, TCGv a0,
TCGv seg = cpu_seg_base[ovr_seg];
if (aflag == MO_64) {
-tcg_gen_add_tl(cpu_A0, a0, seg);
+tcg_gen_add_tl(s->A0, a0, seg);
} else if (CODE64(s)) {
-tcg_gen_ext32u_tl(cpu_A0, a0);
-tcg_gen_add_tl(cpu_A0, cpu_A0, seg);
+tcg_gen_ext32u_tl(s->A0, a0);
+tcg_gen_add_tl(s->A0, s->A0, seg);
} else {
-tcg_gen_add_tl(cpu_A0, a0, seg);
-tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
+tcg_gen_add_tl(s->A0, a0, seg);
+tcg_gen_ext32u_tl(s->A0, s->A0);
}
}
}
@@ -640,9 +640,9 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
static inline void gen_movs(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_ESI(s);
-gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
+gen_op_ld_v(s, ot, cpu_T0, s->A0);
gen_string_movl_A0_EDI(s);
-gen_op_st_v(s, ot, cpu_T0, cpu_A0);
+gen_op_st_v(s, ot, cpu_T0, s->A0);
gen_op_movl_T0_Dshift(ot);
gen_op_add_reg_T0(s->aflag, R_ESI);
gen_op_add_reg_T0(s->aflag, R_EDI);
@@ -1072,7 +1072,7 @@ static inline void gen_stos(DisasContext *s, TCGMemOp ot)
{
gen_op_mov_v_reg(MO_32, cpu_T0, R_EAX);
gen_string_movl_A0_EDI(s);
-gen_op_st_v(s, ot, cpu_T0, cpu_A0);
+gen_op_st_v(s, ot, cpu_T0, s->A0);
gen_op_movl_T0_Dshift(ot);
gen_op_add_reg_T0(s->aflag, R_EDI);
}
@@ -1080,7 +1080,7 @@ static inline void gen_stos(DisasContext *s, TCGMemOp ot)
static inline void gen_lods(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_ESI(s);
-gen_op_ld_v(s, ot, cpu_T0, cpu_A0);
+gen_op_ld_v(s, ot, cpu_T0, s->A0);
gen_op_mov_reg_v(ot, R_EAX, cpu_T0);
gen_op_movl_T0_Dshift(ot);
gen_op_add_reg_T0(s->aflag, R_ESI);
@@ -1089,7 +1089,7 @@ static inline void gen_lods(DisasContext *s, TCGMemOp ot)
static inline void gen_scas(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_EDI(s);
-gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
+gen_op_ld_v(s, ot, cpu_T1, s->A0);
gen_op(s, OP_CMPL, ot, R_EAX);
gen_op_movl_T0_Dshift(ot);
gen_op_add_reg_T0(s->aflag, R_EDI);
@@ -1098,7 +1098,7 @@ static inline void gen_scas(DisasContext *s, TCGMemOp ot)
static inline void gen_cmps(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_EDI(s);
-gen_op_ld_v(s, ot, cpu_T1, cpu_A0);
+gen_op_ld_v(s, ot, cpu_T1, s->A0);
gen_string_movl_A0_ESI(s);
gen_op(s, OP_CMPL, ot, OR_TMP0);
gen_op_movl_T0_Dshift(ot);
@@ -1128,11 +1128,11 @@ static inline void gen_ins(DisasContext *s,
[Qemu-devel] [PULL 17/79] kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case
From: Jan Kiszka
The AMD IOMMU does not (yet) support interrupt remapping. But
kvm_arch_fixup_msi_route assumes that all implementations do and crashes
when the AMD IOMMU is used in KVM mode.
Fixes: 8b5ed7dffa1f ("intel_iommu: add support for split irqchip")
Reported-by: Christopher Goldsworthy
Signed-off-by: Jan Kiszka
Message-Id: <48ae78d8-58ec-8813-8680-6f407ea46...@siemens.com>
Reviewed-by: Peter Xu
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Paolo Bonzini
---
target/i386/kvm.c | 4
1 file changed, 4 insertions(+)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 0b2a07d..de892db 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -3669,6 +3669,10 @@ int kvm_arch_fixup_msi_route(struct
kvm_irq_routing_entry *route,
MSIMessage src, dst;
X86IOMMUClass *class = X86_IOMMU_GET_CLASS(iommu);
+if (!class->int_remap) {
+return 0;
+}
+
src.address = route->u.msi.address_hi;
src.address <<= VTD_MSI_ADDR_HI_SHIFT;
src.address |= route->u.msi.address_lo;
--
1.8.3.1
[Qemu-devel] [PULL 32/79] target/i386: move cpu_ptr1 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 52 -
1 file changed, 26 insertions(+), 26 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 9531daf..c51f61c 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,6 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv_ptr cpu_ptr1;
static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
@@ -142,6 +141,7 @@ typedef struct DisasContext {
TCGv tmp0;
TCGv tmp4;
TCGv_ptr ptr0;
+TCGv_ptr ptr1;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -3473,8 +3473,8 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
}
tcg_gen_addi_ptr(s->ptr0, cpu_env, op2_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op1_offset);
-sse_fn_epp(cpu_env, s->ptr0, cpu_ptr1);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op1_offset);
+sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
break;
case 0x050: /* movmskps */
rm = (modrm & 7) | REX_B(s);
@@ -3503,14 +3503,14 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
}
op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
switch(b >> 8) {
case 0x0:
-gen_helper_cvtpi2ps(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvtpi2ps(cpu_env, s->ptr0, s->ptr1);
break;
default:
case 0x1:
-gen_helper_cvtpi2pd(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvtpi2pd(cpu_env, s->ptr0, s->ptr1);
break;
}
break;
@@ -3548,19 +3548,19 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
}
op1_offset = offsetof(CPUX86State,fpregs[reg & 7].mmx);
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
switch(b) {
case 0x02c:
-gen_helper_cvttps2pi(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvttps2pi(cpu_env, s->ptr0, s->ptr1);
break;
case 0x12c:
-gen_helper_cvttpd2pi(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvttpd2pi(cpu_env, s->ptr0, s->ptr1);
break;
case 0x02d:
-gen_helper_cvtps2pi(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvtps2pi(cpu_env, s->ptr0, s->ptr1);
break;
case 0x12d:
-gen_helper_cvtpd2pi(cpu_env, s->ptr0, cpu_ptr1);
+gen_helper_cvtpd2pi(cpu_env, s->ptr0, s->ptr1);
break;
}
break;
@@ -3749,8 +3749,8 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
}
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
-sse_fn_epp(cpu_env, s->ptr0, cpu_ptr1);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
+sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
if (b == 0x17) {
set_cc_op(s, CC_OP_EFLAGS);
@@ -4298,8 +4298,8 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
}
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
-sse_fn_eppi(cpu_env, s->ptr0, cpu_ptr1, tcg_const_i32(val));
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
+sse_fn_eppi(cpu_env, s->ptr0, s->ptr1, tcg_const_i32(val));
break;
case 0x33a:
@@ -4421,17 +4421,17 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
goto illegal_op;
}
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
-sse_fn_epp(cpu_env, s->ptr0, cpu_ptr1);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
+sse_fn_epp(cpu_env, s->ptr0, s->ptr1);
break;
case 0x70: /* pshufx insn */
case 0xc6: /* pshufx insn */
val = x86_ldub_code(env, s);
tcg_gen_addi_ptr(s->ptr0, cpu_env, op1_offset);
-tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
+tcg_gen_addi_ptr(s->ptr1, cpu_env, op2_offset);
/* XXX: introduce a new
[Qemu-devel] [PULL 18/79] configure: preserve various environment variables in config.status
From: Daniel P. Berrangé The config.status script is auto-generated by configure upon completion. The intention is that config.status can be later invoked by the developer directly, or by make indirectly, to re-detect the same environment that configure originally used. The current config.status script, however, only contains a record of the command line arguments to configure. Various environment variables have an effect on what configure will find. In particular PKG_CONFIG_LIBDIR & PKG_CONFIG_PATH vars will affect what libraries pkg-config finds. The PATH var will affect what toolchain binaries and -config scripts are found. The LD_LIBRARY_PATH var will affect what libraries are found. Most commands have env variables that will override the name/path of the default version configure finds. All these key env variables should be recorded in the config.status script. Autoconf would also preserve CFLAGS, LDFLAGS, LIBS, CPPFLAGS, but QEMU deals with those differently, expecting extra flags to be set using configure args, rather than env variables. At the end of the script we also don't have the original values of those env vars, as we modify them during configure. Reviewed-by: Eric Blake Reviewed-by: Stefan Weil Signed-off-by: Daniel P. Berrange Message-Id: <20180904123603.10016-1-berra...@redhat.com> Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini Signed-off-by: Daniel P. Berrangé --- configure | 40 1 file changed, 40 insertions(+) diff --git a/configure b/configure index 7fd989a..95462f8 100755 --- a/configure +++ b/configure @@ -7527,6 +7527,46 @@ cat> config.status + echo "export $envname" >> config.status +else + echo "unset $envname" >> config.status +fi +} + +# Preserve various env variables that influence what +# features/build target configure will detect +preserve_env AR +preserve_env AS +preserve_env CC +preserve_env CPP +preserve_env CXX +preserve_env INSTALL +preserve_env LD +preserve_env LD_LIBRARY_PATH +preserve_env LIBTOOL +preserve_env MAKE +preserve_env NM +preserve_env OBJCOPY +preserve_env PATH +preserve_env PKG_CONFIG +preserve_env PKG_CONFIG_LIBDIR +preserve_env PKG_CONFIG_PATH +preserve_env PYTHON +preserve_env SDL_CONFIG +preserve_env SDL2_CONFIG +preserve_env SMBD +preserve_env STRIP +preserve_env WINDRES + printf "exec" >>config.status printf " '%s'" "$0" "$@" >>config.status echo ' "$@"' >>config.status -- 1.8.3.1
[Qemu-devel] [PULL 48/79] hw: hyperv_testdev: add read callback
From: Li Qiang
Signed-off-by: Li Qiang
Message-Id: <20180912160118.21158-4-liq...@163.com>
Signed-off-by: Paolo Bonzini
---
hw/misc/hyperv_testdev.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/misc/hyperv_testdev.c b/hw/misc/hyperv_testdev.c
index bf6bbfa..7549f47 100644
--- a/hw/misc/hyperv_testdev.c
+++ b/hw/misc/hyperv_testdev.c
@@ -105,7 +105,12 @@ static void hv_synic_test_dev_control(HypervTestDev *dev,
uint32_t ctl,
}
}
-static void hv_test_dev_control(void *opaque, hwaddr addr, uint64_t data,
+static uint64_t hv_test_dev_read(void *opaque, hwaddr addr, unsigned size)
+{
+return 0;
+}
+
+static void hv_test_dev_write(void *opaque, hwaddr addr, uint64_t data,
uint32_t len)
{
HypervTestDev *dev = HYPERV_TEST_DEV(opaque);
@@ -127,7 +132,8 @@ static void hv_test_dev_control(void *opaque, hwaddr addr,
uint64_t data,
}
static const MemoryRegionOps synic_test_sint_ops = {
-.write = hv_test_dev_control,
+.read = hv_test_dev_read,
+.write = hv_test_dev_write,
.valid.min_access_size = 4,
.valid.max_access_size = 4,
.endianness = DEVICE_LITTLE_ENDIAN,
--
1.8.3.1
[Qemu-devel] [PULL 31/79] target/i386: move cpu_ptr0 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 101 +---
1 file changed, 52 insertions(+), 49 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 0ad6ffc..9531daf 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,7 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv_ptr cpu_ptr0, cpu_ptr1;
+static TCGv_ptr cpu_ptr1;
static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
@@ -141,6 +141,7 @@ typedef struct DisasContext {
/* TCG local register indexes (only used inside old micro ops) */
TCGv tmp0;
TCGv tmp4;
+TCGv_ptr ptr0;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -3147,27 +3148,27 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
#endif
{
gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,fpregs[reg].mmx));
tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
-gen_helper_movl_mm_T0_mmx(cpu_ptr0, cpu_tmp2_i32);
+gen_helper_movl_mm_T0_mmx(s->ptr0, cpu_tmp2_i32);
}
break;
case 0x16e: /* movd xmm, ea */
#ifdef TARGET_X86_64
if (s->dflag == MO_64) {
gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,xmm_regs[reg]));
-gen_helper_movq_mm_T0_xmm(cpu_ptr0, s->T0);
+gen_helper_movq_mm_T0_xmm(s->ptr0, s->T0);
} else
#endif
{
gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,xmm_regs[reg]));
tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
-gen_helper_movl_mm_T0_xmm(cpu_ptr0, cpu_tmp2_i32);
+gen_helper_movl_mm_T0_xmm(s->ptr0, cpu_tmp2_i32);
}
break;
case 0x6f: /* movq mm, ea */
@@ -3312,14 +3313,14 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
goto illegal_op;
field_length = x86_ldub_code(env, s) & 0x3F;
bit_index = x86_ldub_code(env, s) & 0x3F;
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,xmm_regs[reg]));
if (b1 == 1)
-gen_helper_extrq_i(cpu_env, cpu_ptr0,
+gen_helper_extrq_i(cpu_env, s->ptr0,
tcg_const_i32(bit_index),
tcg_const_i32(field_length));
else
-gen_helper_insertq_i(cpu_env, cpu_ptr0,
+gen_helper_insertq_i(cpu_env, s->ptr0,
tcg_const_i32(bit_index),
tcg_const_i32(field_length));
}
@@ -3471,22 +3472,22 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
rm = (modrm & 7);
op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
}
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
+tcg_gen_addi_ptr(s->ptr0, cpu_env, op2_offset);
tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op1_offset);
-sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
+sse_fn_epp(cpu_env, s->ptr0, cpu_ptr1);
break;
case 0x050: /* movmskps */
rm = (modrm & 7) | REX_B(s);
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,xmm_regs[rm]));
-gen_helper_movmskps(cpu_tmp2_i32, cpu_env, cpu_ptr0);
+gen_helper_movmskps(cpu_tmp2_i32, cpu_env, s->ptr0);
tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
break;
case 0x150: /* movmskpd */
rm = (modrm & 7) | REX_B(s);
-tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
+tcg_gen_addi_ptr(s->ptr0, cpu_env,
offsetof(CPUX86State,xmm_regs[rm]));
-gen_helper_movmskpd(cpu_tmp2_i32, cpu_env, cpu_ptr0);
+gen_helper_movmskpd(cpu_tmp2_i32, cpu_env, s->ptr0);
tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
break;
case 0x02a: /* cvtpi2ps */
@@ -3501,15 +3502,15 @@ static void gen_sse(CPUX86Stat
[Qemu-devel] [PULL 34/79] target/i386: move cpu_tmp3_i32 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 64 -
1 file changed, 32 insertions(+), 32 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index ec68f7d..cd880cc 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,6 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv_i32 cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
#include "exec/gen-icount.h"
@@ -143,6 +142,7 @@ typedef struct DisasContext {
TCGv_ptr ptr0;
TCGv_ptr ptr1;
TCGv_i32 tmp2_i32;
+TCGv_i32 tmp3_i32;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -1159,8 +1159,8 @@ static inline void gen_outs(DisasContext *s, TCGMemOp ot)
tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0x);
-tcg_gen_trunc_tl_i32(cpu_tmp3_i32, s->T0);
-gen_helper_out_func(ot, s->tmp2_i32, cpu_tmp3_i32);
+tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T0);
+gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_ESI);
gen_bpt_io(s, s->tmp2_i32, ot);
@@ -1426,8 +1426,8 @@ static void gen_shift_flags(DisasContext *s, TCGMemOp ot,
TCGv result,
if (s->cc_op == CC_OP_DYNAMIC) {
oldop = cpu_cc_op;
} else {
-tcg_gen_movi_i32(cpu_tmp3_i32, s->cc_op);
-oldop = cpu_tmp3_i32;
+tcg_gen_movi_i32(s->tmp3_i32, s->cc_op);
+oldop = s->tmp3_i32;
}
/* Conditionally store the CC_OP value. */
@@ -1546,11 +1546,11 @@ static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot,
int op1, int is_right)
#ifdef TARGET_X86_64
case MO_32:
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
-tcg_gen_trunc_tl_i32(cpu_tmp3_i32, s->T1);
+tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
if (is_right) {
-tcg_gen_rotr_i32(s->tmp2_i32, s->tmp2_i32, cpu_tmp3_i32);
+tcg_gen_rotr_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
} else {
-tcg_gen_rotl_i32(s->tmp2_i32, s->tmp2_i32, cpu_tmp3_i32);
+tcg_gen_rotl_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
}
tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
break;
@@ -1593,9 +1593,9 @@ static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot,
int op1, int is_right)
t1 = tcg_temp_new_i32();
tcg_gen_trunc_tl_i32(t1, s->T1);
tcg_gen_movi_i32(s->tmp2_i32, CC_OP_ADCOX);
-tcg_gen_movi_i32(cpu_tmp3_i32, CC_OP_EFLAGS);
+tcg_gen_movi_i32(s->tmp3_i32, CC_OP_EFLAGS);
tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
-s->tmp2_i32, cpu_tmp3_i32);
+s->tmp2_i32, s->tmp3_i32);
tcg_temp_free_i32(t0);
tcg_temp_free_i32(t1);
@@ -3912,11 +3912,11 @@ static void gen_sse(CPUX86State *env, DisasContext *s,
int b,
switch (ot) {
default:
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
-tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EDX]);
-tcg_gen_mulu2_i32(s->tmp2_i32, cpu_tmp3_i32,
- s->tmp2_i32, cpu_tmp3_i32);
+tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EDX]);
+tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32,
+ s->tmp2_i32, s->tmp3_i32);
tcg_gen_extu_i32_tl(cpu_regs[s->vex_v], s->tmp2_i32);
-tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp3_i32);
+tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp3_i32);
break;
#ifdef TARGET_X86_64
case MO_64:
@@ -4882,11 +4882,11 @@ static target_ulong disas_insn(DisasContext *s,
CPUState *cpu)
default:
case MO_32:
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
-tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
-tcg_gen_mulu2_i32(s->tmp2_i32, cpu_tmp3_i32,
- s->tmp2_i32, cpu_tmp3_i32);
+tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]);
+tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32,
+ s->tmp2_i32, s->tmp3_i32);
tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32);
-tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
+tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32);
tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
set_cc_op(s, CC_OP_MULL);
@@ -4933,14 +4933,14 @@ static target_ulong disas_insn(DisasContext *s,
CPUState *cpu)
default:
case MO_32:
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->
[Qemu-devel] [PULL 70/79] replay: replay BH for IDE trim operation
From: Pavel Dovgalyuk
This patch makes IDE trim BH deterministic, because it affects
the device state. Therefore its invocation should be replayed
instead of running at the random moment.
Signed-off-by: Pavel Dovgalyuk
Reviewed-by: Paolo Bonzini
Message-Id: <20180912081950.3228.68987.stgit@pasha-VirtualBox>
Acked-by: John Snow
Signed-off-by: Paolo Bonzini
---
hw/ide/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 2c62efc..04e22e7 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -35,6 +35,7 @@
#include "sysemu/block-backend.h"
#include "qapi/error.h"
#include "qemu/cutils.h"
+#include "sysemu/replay.h"
#include "hw/ide/internal.h"
#include "trace.h"
@@ -479,7 +480,7 @@ static void ide_issue_trim_cb(void *opaque, int ret)
done:
iocb->aiocb = NULL;
if (iocb->bh) {
-qemu_bh_schedule(iocb->bh);
+replay_bh_schedule_event(iocb->bh);
}
}
--
1.8.3.1
[Qemu-devel] [PULL 21/79] util: use fcntl() for qemu_write_pidfile() locking
From: Marc-André Lureau
Daniel Berrangé suggested to use fcntl() locks rather than lockf().
'man lockf':
On Linux, lockf() is just an interface on top of fcntl(2) locking.
Many other systems implement lockf() in this way, but note that
POSIX.1 leaves the relationship between lockf() and fcntl(2) locks
unspecified. A portable application should probably avoid mixing
calls to these interfaces.
IOW, if its just a shim around fcntl() on many systems, it is clearer
if we just use fcntl() directly, as we then know how fcntl() locks will
behave if they're on a network filesystem like NFS.
Suggested-by: Daniel P. Berrangé
Signed-off-by: Marc-André Lureau
Message-Id: <20180831145314.14736-3-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
util/oslib-posix.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 0e3ab9d..fbd0dc8 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -95,6 +95,11 @@ bool qemu_write_pidfile(const char *path, Error **errp)
while (1) {
struct stat a, b;
+struct flock lock = {
+.l_type = F_WRLCK,
+.l_whence = SEEK_SET,
+.l_len = 0,
+};
fd = qemu_open(path, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
if (fd == -1) {
@@ -107,7 +112,7 @@ bool qemu_write_pidfile(const char *path, Error **errp)
goto fail_close;
}
-if (lockf(fd, F_TLOCK, 0) < 0) {
+if (fcntl(fd, F_SETLK, &lock)) {
error_setg_errno(errp, errno, "Cannot lock pid file");
goto fail_close;
}
--
1.8.3.1
[Qemu-devel] [PULL 28/79] target/i386: move cpu_T1 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 341
1 file changed, 170 insertions(+), 171 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 73fd7e5..bd27e65 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -78,8 +78,6 @@ static TCGv cpu_regs[CPU_NB_REGS];
static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-/* local temps */
-static TCGv cpu_T1;
/* local register indexes (only used inside old micro ops) */
static TCGv cpu_tmp0, cpu_tmp4;
static TCGv_ptr cpu_ptr0, cpu_ptr1;
@@ -139,6 +137,7 @@ typedef struct DisasContext {
TCGv cc_srcT;
TCGv A0;
TCGv T0;
+TCGv T1;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -656,20 +655,20 @@ static void gen_op_update1_cc(DisasContext *s)
static void gen_op_update2_cc(DisasContext *s)
{
-tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
+tcg_gen_mov_tl(cpu_cc_src, s->T1);
tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
static void gen_op_update3_cc(DisasContext *s, TCGv reg)
{
tcg_gen_mov_tl(cpu_cc_src2, reg);
-tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
+tcg_gen_mov_tl(cpu_cc_src, s->T1);
tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
static inline void gen_op_testl_T0_T1_cc(DisasContext *s)
{
-tcg_gen_and_tl(cpu_cc_dst, s->T0, cpu_T1);
+tcg_gen_and_tl(cpu_cc_dst, s->T0, s->T1);
}
static void gen_op_update_neg_cc(DisasContext *s)
@@ -1090,7 +1089,7 @@ static inline void gen_lods(DisasContext *s, TCGMemOp ot)
static inline void gen_scas(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_EDI(s);
-gen_op_ld_v(s, ot, cpu_T1, s->A0);
+gen_op_ld_v(s, ot, s->T1, s->A0);
gen_op(s, OP_CMPL, ot, R_EAX);
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_EDI);
@@ -1099,7 +1098,7 @@ static inline void gen_scas(DisasContext *s, TCGMemOp ot)
static inline void gen_cmps(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_EDI(s);
-gen_op_ld_v(s, ot, cpu_T1, s->A0);
+gen_op_ld_v(s, ot, s->T1, s->A0);
gen_string_movl_A0_ESI(s);
gen_op(s, OP_CMPL, ot, OR_TMP0);
gen_op_movl_T0_Dshift(s, ot);
@@ -1274,11 +1273,11 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
case OP_ADCL:
gen_compute_eflags_c(s1, cpu_tmp4);
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_add_tl(s1->T0, cpu_tmp4, cpu_T1);
+tcg_gen_add_tl(s1->T0, cpu_tmp4, s1->T1);
tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
s1->mem_index, ot | MO_LE);
} else {
-tcg_gen_add_tl(s1->T0, s1->T0, cpu_T1);
+tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
tcg_gen_add_tl(s1->T0, s1->T0, cpu_tmp4);
gen_op_st_rm_T0_A0(s1, ot, d);
}
@@ -1288,12 +1287,12 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
case OP_SBBL:
gen_compute_eflags_c(s1, cpu_tmp4);
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_add_tl(s1->T0, cpu_T1, cpu_tmp4);
+tcg_gen_add_tl(s1->T0, s1->T1, cpu_tmp4);
tcg_gen_neg_tl(s1->T0, s1->T0);
tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
s1->mem_index, ot | MO_LE);
} else {
-tcg_gen_sub_tl(s1->T0, s1->T0, cpu_T1);
+tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
tcg_gen_sub_tl(s1->T0, s1->T0, cpu_tmp4);
gen_op_st_rm_T0_A0(s1, ot, d);
}
@@ -1302,10 +1301,10 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
break;
case OP_ADDL:
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, cpu_T1,
+tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T1,
s1->mem_index, ot | MO_LE);
} else {
-tcg_gen_add_tl(s1->T0, s1->T0, cpu_T1);
+tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
gen_op_st_rm_T0_A0(s1, ot, d);
}
gen_op_update2_cc(s1);
@@ -1313,13 +1312,13 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
break;
case OP_SUBL:
if (s1->prefix & PREFIX_LOCK) {
-tcg_gen_neg_tl(s1->T0, cpu_T1);
+tcg_gen_neg_tl(s1->T0, s1->T1);
tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, s1->A0, s1->T0,
s1->mem_index, ot | MO_LE);
-tcg_gen_sub_tl(s1->T0, s1->cc_srcT, cpu_T1);
+tcg_gen_sub_tl(s1->T0, s1->cc_srcT, s1->T1);
} else {
tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
-tcg_gen_sub_tl(s1->T0, s1->T0, cpu_T1);
+tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
gen_op_st_rm_T0_A0(s1, ot, d);
}
[Qemu-devel] [PULL 33/79] target/i386: move cpu_tmp2_i32 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 347
1 file changed, 174 insertions(+), 173 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index c51f61c..ec68f7d 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,7 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
+static TCGv_i32 cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
#include "exec/gen-icount.h"
@@ -142,6 +142,7 @@ typedef struct DisasContext {
TCGv tmp4;
TCGv_ptr ptr0;
TCGv_ptr ptr1;
+TCGv_i32 tmp2_i32;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -617,16 +618,16 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
target_ulong next_eip;
if (s->pe && (s->cpl > s->iopl || s->vm86)) {
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
+tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
switch (ot) {
case MO_8:
-gen_helper_check_iob(cpu_env, cpu_tmp2_i32);
+gen_helper_check_iob(cpu_env, s->tmp2_i32);
break;
case MO_16:
-gen_helper_check_iow(cpu_env, cpu_tmp2_i32);
+gen_helper_check_iow(cpu_env, s->tmp2_i32);
break;
case MO_32:
-gen_helper_check_iol(cpu_env, cpu_tmp2_i32);
+gen_helper_check_iol(cpu_env, s->tmp2_i32);
break;
default:
tcg_abort();
@@ -637,8 +638,8 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
gen_jmp_im(s, cur_eip);
svm_flags |= (1 << (4 + ot));
next_eip = s->pc - s->cs_base;
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
-gen_helper_svm_check_io(cpu_env, cpu_tmp2_i32,
+tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+gen_helper_svm_check_io(cpu_env, s->tmp2_i32,
tcg_const_i32(svm_flags),
tcg_const_i32(next_eip - cur_eip));
}
@@ -1136,13 +1137,13 @@ static inline void gen_ins(DisasContext *s, TCGMemOp ot)
case of page fault. */
tcg_gen_movi_tl(s->T0, 0);
gen_op_st_v(s, ot, s->T0, s->A0);
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
-tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0x);
-gen_helper_in_func(ot, s->T0, cpu_tmp2_i32);
+tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
+tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0x);
+gen_helper_in_func(ot, s->T0, s->tmp2_i32);
gen_op_st_v(s, ot, s->T0, s->A0);
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_EDI);
-gen_bpt_io(s, cpu_tmp2_i32, ot);
+gen_bpt_io(s, s->tmp2_i32, ot);
if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
gen_io_end();
}
@@ -1156,13 +1157,13 @@ static inline void gen_outs(DisasContext *s, TCGMemOp
ot)
gen_string_movl_A0_ESI(s);
gen_op_ld_v(s, ot, s->T0, s->A0);
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
-tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0x);
+tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
+tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0x);
tcg_gen_trunc_tl_i32(cpu_tmp3_i32, s->T0);
-gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
+gen_helper_out_func(ot, s->tmp2_i32, cpu_tmp3_i32);
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_ESI);
-gen_bpt_io(s, cpu_tmp2_i32, ot);
+gen_bpt_io(s, s->tmp2_i32, ot);
if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
gen_io_end();
}
@@ -1421,7 +1422,7 @@ static void gen_shift_flags(DisasContext *s, TCGMemOp ot,
TCGv result,
tcg_temp_free(z_tl);
/* Get the two potential CC_OP values into temporaries. */
-tcg_gen_movi_i32(cpu_tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
+tcg_gen_movi_i32(s->tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
if (s->cc_op == CC_OP_DYNAMIC) {
oldop = cpu_cc_op;
} else {
@@ -1433,7 +1434,7 @@ static void gen_shift_flags(DisasContext *s, TCGMemOp ot,
TCGv result,
z32 = tcg_const_i32(0);
s32 = tcg_temp_new_i32();
tcg_gen_trunc_tl_i32(s32, count);
-tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, cpu_tmp2_i32, oldop);
+tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, s->tmp2_i32, oldop);
tcg_temp_free_i32(z32);
tcg_temp_free_i32(s32);
@@ -1544,14 +1545,14 @@ static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot,
int op1, int is_right)
do_long:
#ifdef TARGET_X86_64
case MO_32:
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
+tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
tcg_gen_trunc_tl_i32(cpu_tmp3_i32, s->T1);
if (is_right) {
-tcg_gen_rotr_i32(cpu_tmp2_i32, c
[Qemu-devel] [PULL 66/79] qom/object: add some interface asserts
From: Marc-André Lureau
An interface can't have any instance size or callback, or itself
implement other interfaces (this is unsupported).
Signed-off-by: Marc-André Lureau
Message-Id: <20180912125303.29158-1-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
qom/object.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/qom/object.c b/qom/object.c
index 75d1d48..9222b23 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -286,7 +286,14 @@ static void type_initialize(TypeImpl *ti)
if (ti->instance_size == 0) {
ti->abstract = true;
}
-
+if (type_is_ancestor(ti, type_interface)) {
+assert(ti->instance_size == 0);
+assert(ti->abstract);
+assert(!ti->instance_init);
+assert(!ti->instance_post_init);
+assert(!ti->instance_finalize);
+assert(!ti->num_interfaces);
+}
ti->class = g_malloc0(ti->class_size);
parent = type_get_parent(ti);
--
1.8.3.1
[Qemu-devel] [PULL 23/79] Delete PID file on exit
From: Marc-André Lureau
Register an exit notifier to remove the PID file. By the time atexit()
is called, qemu_write_pidfile() guarantees QEMU owns the PID file,
thus we could safely remove it when exiting.
Signed-off-by: Marc-André Lureau
Message-Id: <20180907121319.8607-4-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
vl.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/vl.c b/vl.c
index fa6db17..f2964d9 100644
--- a/vl.c
+++ b/vl.c
@@ -2560,6 +2560,16 @@ static void qemu_run_exit_notifiers(void)
notifier_list_notify(&exit_notifiers, NULL);
}
+static const char *pid_file;
+static Notifier qemu_unlink_pidfile_notifier;
+
+static void qemu_unlink_pidfile(Notifier *n, void *data)
+{
+if (pid_file) {
+unlink(pid_file);
+}
+}
+
bool machine_init_done;
void qemu_add_machine_init_done_notifier(Notifier *notify)
@@ -2884,7 +2894,6 @@ int main(int argc, char **argv, char **envp)
const char *vga_model = NULL;
const char *qtest_chrdev = NULL;
const char *qtest_log = NULL;
-const char *pid_file = NULL;
const char *incoming = NULL;
bool userconfig = true;
bool nographic = false;
@@ -3911,6 +3920,9 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
+qemu_unlink_pidfile_notifier.notify = qemu_unlink_pidfile;
+qemu_add_exit_notifier(&qemu_unlink_pidfile_notifier);
+
if (qemu_init_main_loop(&main_loop_err)) {
error_report_err(main_loop_err);
exit(1);
--
1.8.3.1
[Qemu-devel] [PULL 38/79] replay: wake up vCPU when replaying
From: Pavel Dovgalyuk
In record/replay icount mode vCPU thread and iothread synchronize
the execution using the checkpoints.
vCPU thread processes the virtual timers and iothread processes all others.
When iothread wants to wake up sleeping vCPU thread, it sends dummy queued
work. Therefore it could be the following sequence of the events in
record mode:
- IO: sending dummy work
- IO: processing timers
- CPU: wakeup
- CPU: clearing dummy work
- CPU: processing virtual timers
But due to the races in replay mode the sequence may change:
- IO: sending dummy work
- CPU: wakeup
- CPU: clearing dummy work
- CPU: sleeping again because nothing to do
- IO: Processing timers
- CPU:
In this case vCPU will not wake up, because dummy work is not to be set up
again.
This patch tries to wake up the vCPU when it sleeps and the icount warp
checkpoint isn't met. It means that vCPU has something to do, because
there are no other reasons of non-matching warp checkpoint.
Signed-off-by: Pavel Dovgalyuk
--
v5: improve checking that vCPU is still sleeping
Message-Id: <20180912081945.3228.19776.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
cpus.c | 31 +--
include/sysemu/replay.h | 3 +++
replay/replay.c | 12
3 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/cpus.c b/cpus.c
index d8b3b46..68f08f5 100644
--- a/cpus.c
+++ b/cpus.c
@@ -583,18 +583,29 @@ void qemu_start_warp_timer(void)
return;
}
-/* warp clock deterministically in record/replay mode */
-if (!replay_checkpoint(CHECKPOINT_CLOCK_WARP_START)) {
-return;
-}
+if (replay_mode != REPLAY_MODE_PLAY) {
+if (!all_cpu_threads_idle()) {
+return;
+}
-if (!all_cpu_threads_idle()) {
-return;
-}
+if (qtest_enabled()) {
+/* When testing, qtest commands advance icount. */
+return;
+}
-if (qtest_enabled()) {
-/* When testing, qtest commands advance icount. */
-return;
+replay_checkpoint(CHECKPOINT_CLOCK_WARP_START);
+} else {
+/* warp clock deterministically in record/replay mode */
+if (!replay_checkpoint(CHECKPOINT_CLOCK_WARP_START)) {
+/* vCPU is sleeping and warp can't be started.
+ It is probably a race condition: notification sent
+ to vCPU was processed in advance and vCPU went to sleep.
+ Therefore we have to wake it up for doing someting. */
+if (replay_has_checkpoint()) {
+qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
+}
+return;
+}
}
/* We want to use the earliest deadline from ALL vm_clocks */
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 3ced6bc..7f7a594 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -120,6 +120,9 @@ void replay_shutdown_request(ShutdownCause cause);
Returns 0 in PLAY mode if checkpoint was not found.
Returns 1 in all other cases. */
bool replay_checkpoint(ReplayCheckpoint checkpoint);
+/*! Used to determine that checkpoint is pending.
+Does not proceed to the next event in the log. */
+bool replay_has_checkpoint(void);
/* Asynchronous events queue */
diff --git a/replay/replay.c b/replay/replay.c
index 8228261..379b51a 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -224,6 +224,18 @@ out:
return res;
}
+bool replay_has_checkpoint(void)
+{
+bool res = false;
+if (replay_mode == REPLAY_MODE_PLAY) {
+g_assert(replay_mutex_locked());
+replay_account_executed_instructions();
+res = EVENT_CHECKPOINT <= replay_state.data_kind
+ && replay_state.data_kind <= EVENT_CHECKPOINT_LAST;
+}
+return res;
+}
+
static void replay_enable(const char *fname, int mode)
{
const char *fmode = NULL;
--
1.8.3.1
[Qemu-devel] [PULL 37/79] configure: enable mttcg for i386 and x86_64
From: "Emilio G. Cota" Reviewed-by: Richard Henderson Signed-off-by: Emilio G. Cota Signed-off-by: Paolo Bonzini --- configure | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index 95462f8..3c33c9f 100755 --- a/configure +++ b/configure @@ -7024,12 +7024,14 @@ TARGET_ABI_DIR="" case "$target_name" in i386) +mttcg="yes" gdb_xml_files="i386-32bit.xml i386-32bit-core.xml i386-32bit-sse.xml" target_compiler=$cross_cc_i386 target_compiler_cflags=$cross_cc_ccflags_i386 ;; x86_64) TARGET_BASE_ARCH=i386 +mttcg="yes" gdb_xml_files="i386-64bit.xml i386-64bit-core.xml i386-64bit-sse.xml" target_compiler=$cross_cc_x86_64 ;; -- 1.8.3.1
[Qemu-devel] [PULL 25/79] target/i386: move cpu_cc_srcT to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 32 ++--
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 1f9d1d9..e9f5124 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -73,7 +73,7 @@
/* global register indexes */
static TCGv cpu_A0;
-static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2, cpu_cc_srcT;
+static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2;
static TCGv_i32 cpu_cc_op;
static TCGv cpu_regs[CPU_NB_REGS];
static TCGv cpu_seg_base[6];
@@ -135,6 +135,10 @@ typedef struct DisasContext {
int cpuid_ext3_features;
int cpuid_7_0_ebx_features;
int cpuid_xsave_features;
+
+/* TCG local temps */
+TCGv cc_srcT;
+
sigjmp_buf jmpbuf;
} DisasContext;
@@ -244,7 +248,7 @@ static void set_cc_op(DisasContext *s, CCOp op)
tcg_gen_discard_tl(cpu_cc_src2);
}
if (dead & USES_CC_SRCT) {
-tcg_gen_discard_tl(cpu_cc_srcT);
+tcg_gen_discard_tl(s->cc_srcT);
}
if (op == CC_OP_DYNAMIC) {
@@ -667,11 +671,11 @@ static inline void gen_op_testl_T0_T1_cc(void)
tcg_gen_and_tl(cpu_cc_dst, cpu_T0, cpu_T1);
}
-static void gen_op_update_neg_cc(void)
+static void gen_op_update_neg_cc(DisasContext *s)
{
tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
tcg_gen_neg_tl(cpu_cc_src, cpu_T0);
-tcg_gen_movi_tl(cpu_cc_srcT, 0);
+tcg_gen_movi_tl(s->cc_srcT, 0);
}
/* compute all eflags to cc_src */
@@ -742,7 +746,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv
reg)
t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
/* If no temporary was used, be careful not to alias t1 and t0. */
t0 = t1 == cpu_cc_src ? cpu_tmp0 : reg;
-tcg_gen_mov_tl(t0, cpu_cc_srcT);
+tcg_gen_mov_tl(t0, s->cc_srcT);
gen_extu(size, t0);
goto add_sub;
@@ -899,7 +903,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b,
TCGv reg)
size = s->cc_op - CC_OP_SUBB;
switch (jcc_op) {
case JCC_BE:
-tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
+tcg_gen_mov_tl(cpu_tmp4, s->cc_srcT);
gen_extu(size, cpu_tmp4);
t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = cpu_tmp4,
@@ -912,7 +916,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b,
TCGv reg)
case JCC_LE:
cond = TCG_COND_LE;
fast_jcc_l:
-tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
+tcg_gen_mov_tl(cpu_tmp4, s->cc_srcT);
gen_exts(size, cpu_tmp4);
t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, true);
cc = (CCPrepare) { .cond = cond, .reg = cpu_tmp4,
@@ -1309,11 +1313,11 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp
ot, int d)
case OP_SUBL:
if (s1->prefix & PREFIX_LOCK) {
tcg_gen_neg_tl(cpu_T0, cpu_T1);
-tcg_gen_atomic_fetch_add_tl(cpu_cc_srcT, cpu_A0, cpu_T0,
+tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, cpu_A0, cpu_T0,
s1->mem_index, ot | MO_LE);
-tcg_gen_sub_tl(cpu_T0, cpu_cc_srcT, cpu_T1);
+tcg_gen_sub_tl(cpu_T0, s1->cc_srcT, cpu_T1);
} else {
-tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
+tcg_gen_mov_tl(s1->cc_srcT, cpu_T0);
tcg_gen_sub_tl(cpu_T0, cpu_T0, cpu_T1);
gen_op_st_rm_T0_A0(s1, ot, d);
}
@@ -1356,7 +1360,7 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp ot,
int d)
break;
case OP_CMPL:
tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
-tcg_gen_mov_tl(cpu_cc_srcT, cpu_T0);
+tcg_gen_mov_tl(s1->cc_srcT, cpu_T0);
tcg_gen_sub_tl(cpu_cc_dst, cpu_T0, cpu_T1);
set_cc_op(s1, CC_OP_SUBB + ot);
break;
@@ -4823,7 +4827,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState
*cpu)
gen_op_mov_reg_v(ot, rm, cpu_T0);
}
}
-gen_op_update_neg_cc();
+gen_op_update_neg_cc(s);
set_cc_op(s, CC_OP_SUBB + ot);
break;
case 4: /* mul */
@@ -5283,7 +5287,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState
*cpu)
}
}
tcg_gen_mov_tl(cpu_cc_src, oldv);
-tcg_gen_mov_tl(cpu_cc_srcT, cmpv);
+tcg_gen_mov_tl(s->cc_srcT, cmpv);
tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv);
set_cc_op(s, CC_OP_SUBB + ot);
tcg_temp_free(oldv);
@@ -8463,7 +8467,7 @@ static void i386_tr_init_disas_context(DisasContextBase
*dcbase, CPUState *cpu)
cpu_tmp4 = tcg_temp_new();
cpu_ptr0 = tcg_temp_new_ptr();
cpu_ptr1 = tcg_temp_new_ptr();
-cpu_cc_srcT = tcg_temp_local_new();
+dc->cc
[Qemu-devel] [PULL 65/79] accel/tcg: Remove dead code
From: Thomas Huth
The global cpu_single_env variable has been removed more than 5 years
ago, so apparently nobody used this dead debug code in that timeframe
anymore. Thus let's remove it completely now.
Signed-off-by: Thomas Huth
Message-Id: <1537204134-15905-1-git-send-email-th...@redhat.com>
Reviewed-by: Peter Maydell
Signed-off-by: Paolo Bonzini
---
accel/tcg/translate-all.c | 9 -
1 file changed, 9 deletions(-)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 898c3bb..e589c35 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -2011,15 +2011,6 @@ void tb_invalidate_phys_page_fast(struct page_collection
*pages,
{
PageDesc *p;
-#if 0
-if (1) {
-qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
- cpu_single_env->mem_io_vaddr, len,
- cpu_single_env->eip,
- cpu_single_env->eip +
- (intptr_t)cpu_single_env->segs[R_CS].base);
-}
-#endif
assert_memory_lock();
p = page_find(start >> TARGET_PAGE_BITS);
--
1.8.3.1
[Qemu-devel] [PULL 40/79] translator: fix breakpoint processing
From: Pavel Dovgalyuk
QEMU cannot pass through the breakpoints when 'si' command is used
in remote gdb. This patch disables inserting the breakpoints
when we are already single stepping though the gdb remote protocol.
This patch also fixes icount calculation for the blocks that include
breakpoints - instruction with breakpoint is not executed and shouldn't
be used in icount calculation.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912081910.3228.8523.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
accel/tcg/translator.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 0f9dca9..afd0a49 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -34,6 +34,8 @@ void translator_loop_temp_check(DisasContextBase *db)
void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
CPUState *cpu, TranslationBlock *tb)
{
+int bp_insn = 0;
+
/* Initialize DisasContext */
db->tb = tb;
db->pc_first = tb->pc;
@@ -71,11 +73,13 @@ void translator_loop(const TranslatorOps *ops,
DisasContextBase *db,
tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */
/* Pass breakpoint hits to target for further processing */
-if (unlikely(!QTAILQ_EMPTY(&cpu->breakpoints))) {
+if (!db->singlestep_enabled
+&& unlikely(!QTAILQ_EMPTY(&cpu->breakpoints))) {
CPUBreakpoint *bp;
QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
if (bp->pc == db->pc_next) {
if (ops->breakpoint_check(db, cpu, bp)) {
+bp_insn = 1;
break;
}
}
@@ -118,7 +122,7 @@ void translator_loop(const TranslatorOps *ops,
DisasContextBase *db,
/* Emit code to exit the TB, as indicated by db->is_jmp. */
ops->tb_stop(db, cpu);
-gen_tb_end(db->tb, db->num_insns);
+gen_tb_end(db->tb, db->num_insns - bp_insn);
/* The disas_log hook may use these values rather than recompute. */
db->tb->size = db->pc_next - db->pc_first;
--
1.8.3.1
[Qemu-devel] [PULL 27/79] target/i386: move cpu_T0 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 1174 ---
1 file changed, 594 insertions(+), 580 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index c6b1baa..73fd7e5 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,7 +79,7 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
/* local temps */
-static TCGv cpu_T0, cpu_T1;
+static TCGv cpu_T1;
/* local register indexes (only used inside old micro ops) */
static TCGv cpu_tmp0, cpu_tmp4;
static TCGv_ptr cpu_ptr0, cpu_ptr1;
@@ -138,6 +138,7 @@ typedef struct DisasContext {
/* TCG local temps */
TCGv cc_srcT;
TCGv A0;
+TCGv T0;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -412,9 +413,9 @@ static inline void gen_op_add_reg_im(TCGMemOp size, int
reg, int32_t val)
gen_op_mov_reg_v(size, reg, cpu_tmp0);
}
-static inline void gen_op_add_reg_T0(TCGMemOp size, int reg)
+static inline void gen_op_add_reg_T0(DisasContext *s, TCGMemOp size, int reg)
{
-tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], cpu_T0);
+tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], s->T0);
gen_op_mov_reg_v(size, reg, cpu_tmp0);
}
@@ -431,9 +432,9 @@ static inline void gen_op_st_v(DisasContext *s, int idx,
TCGv t0, TCGv a0)
static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
{
if (d == OR_TMP0) {
-gen_op_st_v(s, idx, cpu_T0, s->A0);
+gen_op_st_v(s, idx, s->T0, s->A0);
} else {
-gen_op_mov_reg_v(idx, d, cpu_T0);
+gen_op_mov_reg_v(idx, d, s->T0);
}
}
@@ -509,10 +510,10 @@ static inline void gen_string_movl_A0_EDI(DisasContext *s)
gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1);
}
-static inline void gen_op_movl_T0_Dshift(TCGMemOp ot)
+static inline void gen_op_movl_T0_Dshift(DisasContext *s, TCGMemOp ot)
{
-tcg_gen_ld32s_tl(cpu_T0, cpu_env, offsetof(CPUX86State, df));
-tcg_gen_shli_tl(cpu_T0, cpu_T0, ot);
+tcg_gen_ld32s_tl(s->T0, cpu_env, offsetof(CPUX86State, df));
+tcg_gen_shli_tl(s->T0, s->T0, ot);
};
static TCGv gen_ext_tl(TCGv dst, TCGv src, TCGMemOp size, bool sign)
@@ -610,7 +611,7 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
target_ulong next_eip;
if (s->pe && (s->cpl > s->iopl || s->vm86)) {
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
+tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
switch (ot) {
case MO_8:
gen_helper_check_iob(cpu_env, cpu_tmp2_i32);
@@ -630,7 +631,7 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
gen_jmp_im(cur_eip);
svm_flags |= (1 << (4 + ot));
next_eip = s->pc - s->cs_base;
-tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T0);
+tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
gen_helper_svm_check_io(cpu_env, cpu_tmp2_i32,
tcg_const_i32(svm_flags),
tcg_const_i32(next_eip - cur_eip));
@@ -640,41 +641,41 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
static inline void gen_movs(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_ESI(s);
-gen_op_ld_v(s, ot, cpu_T0, s->A0);
+gen_op_ld_v(s, ot, s->T0, s->A0);
gen_string_movl_A0_EDI(s);
-gen_op_st_v(s, ot, cpu_T0, s->A0);
-gen_op_movl_T0_Dshift(ot);
-gen_op_add_reg_T0(s->aflag, R_ESI);
-gen_op_add_reg_T0(s->aflag, R_EDI);
+gen_op_st_v(s, ot, s->T0, s->A0);
+gen_op_movl_T0_Dshift(s, ot);
+gen_op_add_reg_T0(s, s->aflag, R_ESI);
+gen_op_add_reg_T0(s, s->aflag, R_EDI);
}
-static void gen_op_update1_cc(void)
+static void gen_op_update1_cc(DisasContext *s)
{
-tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
+tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
-static void gen_op_update2_cc(void)
+static void gen_op_update2_cc(DisasContext *s)
{
tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
-tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
+tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
-static void gen_op_update3_cc(TCGv reg)
+static void gen_op_update3_cc(DisasContext *s, TCGv reg)
{
tcg_gen_mov_tl(cpu_cc_src2, reg);
tcg_gen_mov_tl(cpu_cc_src, cpu_T1);
-tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
+tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
-static inline void gen_op_testl_T0_T1_cc(void)
+static inline void gen_op_testl_T0_T1_cc(DisasContext *s)
{
-tcg_gen_and_tl(cpu_cc_dst, cpu_T0, cpu_T1);
+tcg_gen_and_tl(cpu_cc_dst, s->T0, cpu_T1);
}
static void gen_op_update_neg_cc(DisasContext *s)
{
-tcg_gen_mov_tl(cpu_cc_dst, cpu_T0);
-tcg_gen_neg_tl(cpu_cc_src, cpu_T0);
+tcg_gen_mov_tl(cpu_cc_dst, s->T0);
+tcg_gen_neg_tl(cpu_cc_src, s->T0);
tcg_gen_movi_tl(s->cc_srcT, 0);
}
@@ -1022,11 +1023,11 @@ static inline void gen_compute_eflags_c(DisasCont
[Qemu-devel] [PULL 29/79] target/i386: move cpu_tmp0 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 282
1 file changed, 144 insertions(+), 138 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index bd27e65..873231f 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -78,8 +78,8 @@ static TCGv cpu_regs[CPU_NB_REGS];
static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-/* local register indexes (only used inside old micro ops) */
-static TCGv cpu_tmp0, cpu_tmp4;
+
+static TCGv cpu_tmp4;
static TCGv_ptr cpu_ptr0, cpu_ptr1;
static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
static TCGv_i64 cpu_tmp1_i64;
@@ -139,6 +139,9 @@ typedef struct DisasContext {
TCGv T0;
TCGv T1;
+/* TCG local register indexes (only used inside old micro ops) */
+TCGv tmp0;
+
sigjmp_buf jmpbuf;
} DisasContext;
@@ -406,16 +409,17 @@ static inline void gen_op_jmp_v(TCGv dest)
tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip));
}
-static inline void gen_op_add_reg_im(TCGMemOp size, int reg, int32_t val)
+static inline
+void gen_op_add_reg_im(DisasContext *s, TCGMemOp size, int reg, int32_t val)
{
-tcg_gen_addi_tl(cpu_tmp0, cpu_regs[reg], val);
-gen_op_mov_reg_v(size, reg, cpu_tmp0);
+tcg_gen_addi_tl(s->tmp0, cpu_regs[reg], val);
+gen_op_mov_reg_v(size, reg, s->tmp0);
}
static inline void gen_op_add_reg_T0(DisasContext *s, TCGMemOp size, int reg)
{
-tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], s->T0);
-gen_op_mov_reg_v(size, reg, cpu_tmp0);
+tcg_gen_add_tl(s->tmp0, cpu_regs[reg], s->T0);
+gen_op_mov_reg_v(size, reg, s->tmp0);
}
static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
@@ -437,10 +441,10 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s,
int idx, int d)
}
}
-static inline void gen_jmp_im(target_ulong pc)
+static inline void gen_jmp_im(DisasContext *s, target_ulong pc)
{
-tcg_gen_movi_tl(cpu_tmp0, pc);
-gen_op_jmp_v(cpu_tmp0);
+tcg_gen_movi_tl(s->tmp0, pc);
+gen_op_jmp_v(s->tmp0);
}
/* Compute SEG:REG into A0. SEG is selected from the override segment
@@ -556,18 +560,20 @@ static void gen_exts(TCGMemOp ot, TCGv reg)
gen_ext_tl(reg, reg, ot, true);
}
-static inline void gen_op_jnz_ecx(TCGMemOp size, TCGLabel *label1)
+static inline
+void gen_op_jnz_ecx(DisasContext *s, TCGMemOp size, TCGLabel *label1)
{
-tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
-gen_extu(size, cpu_tmp0);
-tcg_gen_brcondi_tl(TCG_COND_NE, cpu_tmp0, 0, label1);
+tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]);
+gen_extu(size, s->tmp0);
+tcg_gen_brcondi_tl(TCG_COND_NE, s->tmp0, 0, label1);
}
-static inline void gen_op_jz_ecx(TCGMemOp size, TCGLabel *label1)
+static inline
+void gen_op_jz_ecx(DisasContext *s, TCGMemOp size, TCGLabel *label1)
{
-tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
-gen_extu(size, cpu_tmp0);
-tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
+tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]);
+gen_extu(size, s->tmp0);
+tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1);
}
static void gen_helper_in_func(TCGMemOp ot, TCGv v, TCGv_i32 n)
@@ -627,7 +633,7 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
}
if(s->flags & HF_SVMI_MASK) {
gen_update_cc_op(s);
-gen_jmp_im(cur_eip);
+gen_jmp_im(s, cur_eip);
svm_flags |= (1 << (4 + ot));
next_eip = s->pc - s->cs_base;
tcg_gen_trunc_tl_i32(cpu_tmp2_i32, s->T0);
@@ -743,9 +749,9 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv
reg)
case CC_OP_SUBB ... CC_OP_SUBQ:
/* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
size = s->cc_op - CC_OP_SUBB;
-t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
+t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
/* If no temporary was used, be careful not to alias t1 and t0. */
-t0 = t1 == cpu_cc_src ? cpu_tmp0 : reg;
+t0 = t1 == cpu_cc_src ? s->tmp0 : reg;
tcg_gen_mov_tl(t0, s->cc_srcT);
gen_extu(size, t0);
goto add_sub;
@@ -753,7 +759,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv
reg)
case CC_OP_ADDB ... CC_OP_ADDQ:
/* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
size = s->cc_op - CC_OP_ADDB;
-t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
+t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
add_sub:
return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
@@ -905,7 +911,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b,
TCGv reg)
case JCC_BE:
tcg_gen_mov_tl(cpu_tmp4, s->cc_srcT);
gen_extu(size, cpu_tmp4);
-t0 = gen_ext_tl(cpu_tmp0, cpu_
[Qemu-devel] [PULL 36/79] target/i386: move x86_64_hregs to DisasContext
From: "Emilio G. Cota"
And convert it to a bool to use an existing hole
in the struct.
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 307
1 file changed, 154 insertions(+), 153 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 61a98ef..b8222dc 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -81,10 +81,6 @@ static TCGv_i64 cpu_bndu[4];
#include "exec/gen-icount.h"
-#ifdef TARGET_X86_64
-static int x86_64_hregs;
-#endif
-
typedef struct DisasContext {
DisasContextBase base;
@@ -109,6 +105,9 @@ typedef struct DisasContext {
int ss32; /* 32 bit stack segment */
CCOp cc_op; /* current CC operation */
bool cc_op_dirty;
+#ifdef TARGET_X86_64
+bool x86_64_hregs;
+#endif
int addseg; /* non zero if either DS/ES/SS have a non zero base */
int f_st; /* currently unused */
int vm86; /* vm86 mode */
@@ -307,13 +306,13 @@ static void gen_update_cc_op(DisasContext *s)
* [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
* true for this special case, false otherwise.
*/
-static inline bool byte_reg_is_xH(int reg)
+static inline bool byte_reg_is_xH(DisasContext *s, int reg)
{
if (reg < 4) {
return false;
}
#ifdef TARGET_X86_64
-if (reg >= 8 || x86_64_hregs) {
+if (reg >= 8 || s->x86_64_hregs) {
return false;
}
#endif
@@ -360,11 +359,11 @@ static inline TCGMemOp mo_b_d32(int b, TCGMemOp ot)
return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
}
-static void gen_op_mov_reg_v(TCGMemOp ot, int reg, TCGv t0)
+static void gen_op_mov_reg_v(DisasContext *s, TCGMemOp ot, int reg, TCGv t0)
{
switch(ot) {
case MO_8:
-if (!byte_reg_is_xH(reg)) {
+if (!byte_reg_is_xH(s, reg)) {
tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 8);
} else {
tcg_gen_deposit_tl(cpu_regs[reg - 4], cpu_regs[reg - 4], t0, 8, 8);
@@ -388,9 +387,10 @@ static void gen_op_mov_reg_v(TCGMemOp ot, int reg, TCGv t0)
}
}
-static inline void gen_op_mov_v_reg(TCGMemOp ot, TCGv t0, int reg)
+static inline
+void gen_op_mov_v_reg(DisasContext *s, TCGMemOp ot, TCGv t0, int reg)
{
-if (ot == MO_8 && byte_reg_is_xH(reg)) {
+if (ot == MO_8 && byte_reg_is_xH(s, reg)) {
tcg_gen_extract_tl(t0, cpu_regs[reg - 4], 8, 8);
} else {
tcg_gen_mov_tl(t0, cpu_regs[reg]);
@@ -414,13 +414,13 @@ static inline
void gen_op_add_reg_im(DisasContext *s, TCGMemOp size, int reg, int32_t val)
{
tcg_gen_addi_tl(s->tmp0, cpu_regs[reg], val);
-gen_op_mov_reg_v(size, reg, s->tmp0);
+gen_op_mov_reg_v(s, size, reg, s->tmp0);
}
static inline void gen_op_add_reg_T0(DisasContext *s, TCGMemOp size, int reg)
{
tcg_gen_add_tl(s->tmp0, cpu_regs[reg], s->T0);
-gen_op_mov_reg_v(size, reg, s->tmp0);
+gen_op_mov_reg_v(s, size, reg, s->tmp0);
}
static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
@@ -438,7 +438,7 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s, int
idx, int d)
if (d == OR_TMP0) {
gen_op_st_v(s, idx, s->T0, s->A0);
} else {
-gen_op_mov_reg_v(idx, d, s->T0);
+gen_op_mov_reg_v(s, idx, d, s->T0);
}
}
@@ -1077,7 +1077,7 @@ static TCGLabel *gen_jz_ecx_string(DisasContext *s,
target_ulong next_eip)
static inline void gen_stos(DisasContext *s, TCGMemOp ot)
{
-gen_op_mov_v_reg(MO_32, s->T0, R_EAX);
+gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
gen_string_movl_A0_EDI(s);
gen_op_st_v(s, ot, s->T0, s->A0);
gen_op_movl_T0_Dshift(s, ot);
@@ -1088,7 +1088,7 @@ static inline void gen_lods(DisasContext *s, TCGMemOp ot)
{
gen_string_movl_A0_ESI(s);
gen_op_ld_v(s, ot, s->T0, s->A0);
-gen_op_mov_reg_v(ot, R_EAX, s->T0);
+gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_ESI);
}
@@ -1272,7 +1272,7 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
{
if (d != OR_TMP0) {
-gen_op_mov_v_reg(ot, s1->T0, d);
+gen_op_mov_v_reg(s1, ot, s1->T0, d);
} else if (!(s1->prefix & PREFIX_LOCK)) {
gen_op_ld_v(s1, ot, s1->T0, s1->A0);
}
@@ -1383,7 +1383,7 @@ static void gen_inc(DisasContext *s1, TCGMemOp ot, int d,
int c)
s1->mem_index, ot | MO_LE);
} else {
if (d != OR_TMP0) {
-gen_op_mov_v_reg(ot, s1->T0, d);
+gen_op_mov_v_reg(s1, ot, s1->T0, d);
} else {
gen_op_ld_v(s1, ot, s1->T0, s1->A0);
}
@@ -1450,7 +1450,7 @@ static void gen_shift_rm_T1(DisasContext *s, TCGMemOp ot,
int op1,
if (op1 == OR_TMP0) {
gen_op_ld_v(s, ot, s->T0, s->A0);
} else {
-gen_op_mov_v_reg(ot, s->
[Qemu-devel] [PULL 43/79] slirp: fix ipv6 timers
From: Pavel Dovgalyuk
ICMP implementation for IPv6 uses timers based on virtual clock.
This is incorrect because this service is not related to the guest state,
and its events should not be recorded and replayed.
This patch changes using virtual clock to the new virtual_ext clock.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912082007.3228.91491.stgit@pasha-VirtualBox>
Reviewed-by: Samuel Thibault
Signed-off-by: Paolo Bonzini
---
slirp/ip6_icmp.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index ee333d0..3f41187 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -17,7 +17,7 @@ static void ra_timer_handler(void *opaque)
{
Slirp *slirp = opaque;
timer_mod(slirp->ra_timer,
- qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + NDP_Interval);
+ qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_EXT) + NDP_Interval);
ndp_send_ra(slirp);
}
@@ -27,9 +27,10 @@ void icmp6_init(Slirp *slirp)
return;
}
-slirp->ra_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, ra_timer_handler,
slirp);
+slirp->ra_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL_EXT,
+ ra_timer_handler, slirp);
timer_mod(slirp->ra_timer,
- qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + NDP_Interval);
+ qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_EXT) + NDP_Interval);
}
void icmp6_cleanup(Slirp *slirp)
--
1.8.3.1
[Qemu-devel] [PULL 35/79] target/i386: move cpu_tmp1_i64 to DisasContext
From: "Emilio G. Cota"
Signed-off-by: Emilio G. Cota
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 160
1 file changed, 80 insertions(+), 80 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index cd880cc..61a98ef 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -79,8 +79,6 @@ static TCGv cpu_seg_base[6];
static TCGv_i64 cpu_bndl[4];
static TCGv_i64 cpu_bndu[4];
-static TCGv_i64 cpu_tmp1_i64;
-
#include "exec/gen-icount.h"
#ifdef TARGET_X86_64
@@ -143,6 +141,7 @@ typedef struct DisasContext {
TCGv_ptr ptr1;
TCGv_i32 tmp2_i32;
TCGv_i32 tmp3_i32;
+TCGv_i64 tmp1_i64;
sigjmp_buf jmpbuf;
} DisasContext;
@@ -2107,12 +2106,12 @@ static void gen_bndck(CPUX86State *env, DisasContext
*s, int modrm,
{
TCGv ea = gen_lea_modrm_1(s, gen_lea_modrm_0(env, s, modrm));
-tcg_gen_extu_tl_i64(cpu_tmp1_i64, ea);
+tcg_gen_extu_tl_i64(s->tmp1_i64, ea);
if (!CODE64(s)) {
-tcg_gen_ext32u_i64(cpu_tmp1_i64, cpu_tmp1_i64);
+tcg_gen_ext32u_i64(s->tmp1_i64, s->tmp1_i64);
}
-tcg_gen_setcond_i64(cond, cpu_tmp1_i64, cpu_tmp1_i64, bndv);
-tcg_gen_extrl_i64_i32(s->tmp2_i32, cpu_tmp1_i64);
+tcg_gen_setcond_i64(cond, s->tmp1_i64, s->tmp1_i64, bndv);
+tcg_gen_extrl_i64_i32(s->tmp2_i32, s->tmp1_i64);
gen_helper_bndck(cpu_env, s->tmp2_i32);
}
@@ -2641,48 +2640,48 @@ static void gen_jmp(DisasContext *s, target_ulong eip)
static inline void gen_ldq_env_A0(DisasContext *s, int offset)
{
-tcg_gen_qemu_ld_i64(cpu_tmp1_i64, s->A0, s->mem_index, MO_LEQ);
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset);
+tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset);
}
static inline void gen_stq_env_A0(DisasContext *s, int offset)
{
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset);
-tcg_gen_qemu_st_i64(cpu_tmp1_i64, s->A0, s->mem_index, MO_LEQ);
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset);
+tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEQ);
}
static inline void gen_ldo_env_A0(DisasContext *s, int offset)
{
int mem_index = s->mem_index;
-tcg_gen_qemu_ld_i64(cpu_tmp1_i64, s->A0, mem_index, MO_LEQ);
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
+tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index, MO_LEQ);
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
tcg_gen_addi_tl(s->tmp0, s->A0, 8);
-tcg_gen_qemu_ld_i64(cpu_tmp1_i64, s->tmp0, mem_index, MO_LEQ);
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
+tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEQ);
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
}
static inline void gen_sto_env_A0(DisasContext *s, int offset)
{
int mem_index = s->mem_index;
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
-tcg_gen_qemu_st_i64(cpu_tmp1_i64, s->A0, mem_index, MO_LEQ);
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0)));
+tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index, MO_LEQ);
tcg_gen_addi_tl(s->tmp0, s->A0, 8);
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
-tcg_gen_qemu_st_i64(cpu_tmp1_i64, s->tmp0, mem_index, MO_LEQ);
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1)));
+tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEQ);
}
-static inline void gen_op_movo(int d_offset, int s_offset)
+static inline void gen_op_movo(DisasContext *s, int d_offset, int s_offset)
{
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg,
ZMM_Q(0)));
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg,
ZMM_Q(0)));
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg,
ZMM_Q(1)));
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg,
ZMM_Q(1)));
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg,
ZMM_Q(0)));
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg,
ZMM_Q(0)));
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset + offsetof(ZMMReg,
ZMM_Q(1)));
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset + offsetof(ZMMReg,
ZMM_Q(1)));
}
-static inline void gen_op_movq(int d_offset, int s_offset)
+static inline void gen_op_movq(DisasContext *s, int d_offset, int s_offset)
{
-tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset);
-tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
+tcg_gen_ld_i64(s->tmp1_i64, cpu_env, s_offset);
+tcg_gen_st_i64(s->tmp1_i64, cpu_env, d_offset);
}
static inline void gen_op_movl(DisasContext *s, int d_offset, int s_offset)
@@ -2691,10 +2690,10 @@ static inline void gen_op_movl(DisasContext *s, int
d_offset, int s_offset)
[Qemu-devel] [PULL 62/79] kvmclock: run KVM_KVMCLOCK_CTRL ioctl in vcpu thread
From: Yongji Xie
According to KVM API Documentation, we should only
run vcpu ioctls from the same thread that was used
to create the vcpu. This patch makes KVM_KVMCLOCK_CTRL
ioctl consistent with the Documentation.
No functional change.
Signed-off-by: Yongji Xie
Signed-off-by: Chai Wen
Message-Id: <1531315364-2551-1-git-send-email-xieyon...@baidu.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Yongji Xie
---
hw/i386/kvm/clock.c | 17 ++---
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/hw/i386/kvm/clock.c b/hw/i386/kvm/clock.c
index 0bf1c60..25ea783 100644
--- a/hw/i386/kvm/clock.c
+++ b/hw/i386/kvm/clock.c
@@ -147,6 +147,15 @@ static void kvm_update_clock(KVMClockState *s)
s->clock_is_reliable = kvm_has_adjust_clock_stable();
}
+static void do_kvmclock_ctrl(CPUState *cpu, run_on_cpu_data data)
+{
+int ret = kvm_vcpu_ioctl(cpu, KVM_KVMCLOCK_CTRL, 0);
+
+if (ret && ret != -EINVAL) {
+fprintf(stderr, "%s: %s\n", __func__, strerror(-ret));
+}
+}
+
static void kvmclock_vm_state_change(void *opaque, int running,
RunState state)
{
@@ -183,13 +192,7 @@ static void kvmclock_vm_state_change(void *opaque, int
running,
return;
}
CPU_FOREACH(cpu) {
-ret = kvm_vcpu_ioctl(cpu, KVM_KVMCLOCK_CTRL, 0);
-if (ret) {
-if (ret != -EINVAL) {
-fprintf(stderr, "%s: %s\n", __func__, strerror(-ret));
-}
-return;
-}
+run_on_cpu(cpu, do_kvmclock_ctrl, RUN_ON_CPU_NULL);
}
} else {
--
1.8.3.1
[Qemu-devel] [PULL 54/79] char-pty: remove unnecessary #ifdef
For some reason __APPLE__ was not checked in pty code. However, the #ifdef
is redundant: this file is already compiled only if CONFIG_POSIX, same as
util/qemu-openpty.c which it uses.
Reported-by: Roman Bolshakov
Signed-off-by: Paolo Bonzini
---
chardev/char-pty.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index 68fd4e2..e8d9a53 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -31,10 +31,6 @@
#include "chardev/char-io.h"
-#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \
-|| defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) \
-|| defined(__GLIBC__)
-
typedef struct {
Chardev parent;
QIOChannel *ioc;
@@ -299,5 +295,3 @@ static void register_types(void)
}
type_init(register_types);
-
-#endif
--
1.8.3.1
[Qemu-devel] [PULL 58/79] hw: edu: replace device name with macro
From: Li Qiang
Just as other devices do.
Signed-off-by: Li Qiang
Message-Id: <1536901871-2729-1-git-send-email-liq...@gmail.com>
Signed-off-by: Paolo Bonzini
---
hw/misc/edu.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index df26a4d..0687ffd 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -30,7 +30,8 @@
#include "qemu/main-loop.h" /* iothread mutex */
#include "qapi/visitor.h"
-#define EDU(obj)OBJECT_CHECK(EduState, obj, "edu")
+#define TYPE_PCI_EDU_DEVICE "edu"
+#define EDU(obj)OBJECT_CHECK(EduState, obj, TYPE_PCI_EDU_DEVICE)
#define FACT_IRQ0x0001
#define DMA_IRQ 0x0100
@@ -414,7 +415,7 @@ static void pci_edu_register_types(void)
{ },
};
static const TypeInfo edu_info = {
-.name = "edu",
+.name = TYPE_PCI_EDU_DEVICE,
.parent= TYPE_PCI_DEVICE,
.instance_size = sizeof(EduState),
.instance_init = edu_instance_init,
--
1.8.3.1
[Qemu-devel] [PULL 39/79] replay: flush events when exiting
From: Pavel Dovgalyuk
This patch adds events processing when emulation finishes instead
of just cleaning the queue. Now the bdrv coroutines will be in consistent
state when emulator closes. It allows correct polling of the block layer
at exit.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912081859.3228.79735.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
replay/replay-events.c | 14 +-
replay/replay-internal.h | 2 --
2 files changed, 1 insertion(+), 15 deletions(-)
diff --git a/replay/replay-events.c b/replay/replay-events.c
index 707de38..0964a82 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -94,18 +94,6 @@ void replay_disable_events(void)
}
}
-void replay_clear_events(void)
-{
-g_assert(replay_mutex_locked());
-
-while (!QTAILQ_EMPTY(&events_list)) {
-Event *event = QTAILQ_FIRST(&events_list);
-QTAILQ_REMOVE(&events_list, event, events);
-
-g_free(event);
-}
-}
-
/*! Adds specified async event to the queue */
void replay_add_event(ReplayAsyncEventKind event_kind,
void *opaque,
@@ -308,7 +296,7 @@ void replay_init_events(void)
void replay_finish_events(void)
{
events_enabled = false;
-replay_clear_events();
+replay_flush_events();
}
bool replay_events_enabled(void)
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index ac4b27b..9b0fd91 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -142,8 +142,6 @@ void replay_init_events(void);
void replay_finish_events(void);
/*! Flushes events queue */
void replay_flush_events(void);
-/*! Clears events list before loading new VM state */
-void replay_clear_events(void);
/*! Returns true if there are any unsaved events in the queue */
bool replay_has_events(void);
/*! Saves events from queue into the file */
--
1.8.3.1
[Qemu-devel] [PULL 51/79] Revert "chardev: tcp: postpone async connection setup"
From: Marc-André Lureau
This reverts commit 25679e5d58e258e9950685ffbd0cae4cd40d9cc2.
This commit broke "reconnect socket" chardev that are created after
"machine_done": they no longer try to connect. It broke also
vhost-user-test that uses chardev while there is no "machine_done"
event.
The goal of this patch was to move the "connect" source to the
frontend context. chr->gcontext is set with
qemu_chr_fe_set_handlers(). But there is no guarantee that it will be
called, so we can't delay connection until then: the chardev should
still attempt to connect during open(). qemu_chr_fe_set_handlers() is
eventually called later and will update the context.
Unless there is a good reason to not use initially the default
context, I think we should revert to the previous state to fix the
regressions.
Signed-off-by: Marc-André Lureau
Message-Id: <20180817135224.22971-3-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
chardev/char-socket.c | 17 +++--
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index e28d2cc..14f6567 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -1005,8 +1005,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
s->reconnect_time = reconnect;
}
-/* If reconnect_time is set, will do that in chr_machine_done. */
-if (!s->reconnect_time) {
+if (s->reconnect_time) {
+tcp_chr_connect_async(chr);
+} else {
if (s->is_listen) {
char *name;
s->listener = qio_net_listener_new();
@@ -1155,17 +1156,6 @@ char_socket_get_connected(Object *obj, Error **errp)
return s->connected;
}
-static int tcp_chr_machine_done_hook(Chardev *chr)
-{
-SocketChardev *s = SOCKET_CHARDEV(chr);
-
-if (s->reconnect_time) {
-tcp_chr_connect_async(chr);
-}
-
-return 0;
-}
-
static void char_socket_class_init(ObjectClass *oc, void *data)
{
ChardevClass *cc = CHARDEV_CLASS(oc);
@@ -1181,7 +1171,6 @@ static void char_socket_class_init(ObjectClass *oc, void
*data)
cc->chr_add_client = tcp_chr_add_client;
cc->chr_add_watch = tcp_chr_add_watch;
cc->chr_update_read_handler = tcp_chr_update_read_handler;
-cc->chr_machine_done = tcp_chr_machine_done_hook;
object_class_property_add(oc, "addr", "SocketAddress",
char_socket_get_addr, NULL,
--
1.8.3.1
[Qemu-devel] [PULL 69/79] hostmem-file: make available memory-backend-file on POSIX-based hosts
From: Hikaru Nishida
Before this change, memory-backend-file object is valid for Linux hosts
only because hostmem-file.c is compiled only on Linux hosts.
However, other POSIX-based hosts (such as macOS) can support
memory-backend-file object in the same way as on Linux hosts.
This patch makes hostmem-file.c and related functions to be compiled on
all POSIX-based hosts to make available memory-backend-file on them.
Signed-off-by: Hikaru Nishida
Message-Id: <20180924123205.29651-1-hikaru...@gmail.com>
Signed-off-by: Paolo Bonzini
---
backends/Makefile.objs | 2 +-
backends/hostmem-file.c | 2 +-
exec.c | 4 ++--
include/exec/memory.h | 2 +-
memory.c| 2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index ad7c032..717fcbd 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -4,7 +4,7 @@ common-obj-$(CONFIG_POSIX) += rng-random.o
common-obj-$(CONFIG_TPM) += tpm.o
common-obj-y += hostmem.o hostmem-ram.o
-common-obj-$(CONFIG_LINUX) += hostmem-file.o
+common-obj-$(CONFIG_POSIX) += hostmem-file.o
common-obj-y += cryptodev.o
common-obj-y += cryptodev-builtin.o
diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index 2476dcb..e640749 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -51,7 +51,7 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error
**errp)
error_setg(errp, "mem-path property not set");
return;
}
-#ifndef CONFIG_LINUX
+#ifndef CONFIG_POSIX
error_setg(errp, "-mem-path not supported on this host");
#else
if (!host_memory_backend_mr_inited(backend)) {
diff --git a/exec.c b/exec.c
index 6826c83..d0821e6 100644
--- a/exec.c
+++ b/exec.c
@@ -1734,7 +1734,7 @@ long qemu_getrampagesize(void)
}
#endif
-#ifdef __linux__
+#ifdef CONFIG_POSIX
static int64_t get_file_size(int fd)
{
int64_t size = lseek(fd, 0, SEEK_END);
@@ -2230,7 +2230,7 @@ static void ram_block_add(RAMBlock *new_block, Error
**errp, bool shared)
}
}
-#ifdef __linux__
+#ifdef CONFIG_POSIX
RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
uint32_t ram_flags, int fd,
Error **errp)
diff --git a/include/exec/memory.h b/include/exec/memory.h
index eb4f2fb..e78a9a4 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -633,7 +633,7 @@ void memory_region_init_resizeable_ram(MemoryRegion *mr,
uint64_t length,
void *host),
Error **errp);
-#ifdef __linux__
+#ifdef CONFIG_POSIX
/**
* memory_region_init_ram_from_file: Initialize RAM memory region with a
diff --git a/memory.c b/memory.c
index aceadb2..f797d82 100644
--- a/memory.c
+++ b/memory.c
@@ -1557,7 +1557,7 @@ void memory_region_init_resizeable_ram(MemoryRegion *mr,
}
}
-#ifdef __linux__
+#ifdef CONFIG_POSIX
void memory_region_init_ram_from_file(MemoryRegion *mr,
struct Object *owner,
const char *name,
--
1.8.3.1
[Qemu-devel] [PULL 67/79] hvf: drop unused variable
Signed-off-by: Paolo Bonzini --- target/i386/hvf/hvf.c | 1 - 1 file changed, 1 deletion(-) diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c index 5db167d..9f52bc4 100644 --- a/target/i386/hvf/hvf.c +++ b/target/i386/hvf/hvf.c @@ -72,7 +72,6 @@ #include "sysemu/sysemu.h" #include "target/i386/cpu.h" -pthread_rwlock_t mem_lock = PTHREAD_RWLOCK_INITIALIZER; HVFState *hvf_state; int hvf_disabled = 1; -- 1.8.3.1
[Qemu-devel] [PULL 41/79] replay: allow loading any snapshots before recording
From: Pavel Dovgalyuk
This patch enables using -loadvm in recording mode to allow starting
the execution recording from any of the available snapshots.
It also fixes loading of the record/replay state, therefore snapshots
created in replay mode may also be used for starting the new recording.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180912081939.3228.56131.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
replay/replay-snapshot.c | 17 -
vl.c | 7 ---
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/replay/replay-snapshot.c b/replay/replay-snapshot.c
index 2ab85cf..16bacc9 100644
--- a/replay/replay-snapshot.c
+++ b/replay/replay-snapshot.c
@@ -33,11 +33,18 @@ static int replay_pre_save(void *opaque)
static int replay_post_load(void *opaque, int version_id)
{
ReplayState *state = opaque;
-fseek(replay_file, state->file_offset, SEEK_SET);
-qemu_clock_set_last(QEMU_CLOCK_HOST, state->host_clock_last);
-/* If this was a vmstate, saved in recording mode,
- we need to initialize replay data fields. */
-replay_fetch_data_kind();
+if (replay_mode == REPLAY_MODE_PLAY) {
+fseek(replay_file, state->file_offset, SEEK_SET);
+qemu_clock_set_last(QEMU_CLOCK_HOST, state->host_clock_last);
+/* If this was a vmstate, saved in recording mode,
+ we need to initialize replay data fields. */
+replay_fetch_data_kind();
+} else if (replay_mode == REPLAY_MODE_RECORD) {
+/* This is only useful for loading the initial state.
+ Therefore reset all the counters. */
+state->instructions_count = 0;
+state->block_request_id = 0;
+}
return 0;
}
diff --git a/vl.c b/vl.c
index f2964d9..0388852 100644
--- a/vl.c
+++ b/vl.c
@@ -4535,9 +4535,7 @@ int main(int argc, char **argv, char **envp)
replay_checkpoint(CHECKPOINT_RESET);
qemu_system_reset(SHUTDOWN_CAUSE_NONE);
register_global_state();
-if (replay_mode != REPLAY_MODE_NONE) {
-replay_vmstate_init();
-} else if (loadvm) {
+if (loadvm) {
Error *local_err = NULL;
if (load_snapshot(loadvm, &local_err) < 0) {
error_report_err(local_err);
@@ -4545,6 +4543,9 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
}
+if (replay_mode != REPLAY_MODE_NONE) {
+replay_vmstate_init();
+}
qdev_prop_check_globals();
if (vmstate_dump_file) {
--
1.8.3.1
[Qemu-devel] [PULL 71/79] virtio: do not take address of packed members
The address of a packed member is not packed, which may cause accesses to unaligned pointers. Avoid this by reading the packed value before passing it to another function. Cc: Jason Wang Cc: Peter Maydell Signed-off-by: Paolo Bonzini --- hw/char/virtio-serial-bus.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index d2dd8ab..04e3ebe 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -667,9 +667,9 @@ static void virtio_serial_save_device(VirtIODevice *vdev, QEMUFile *f) /* The config space (ignored on the far end in current versions) */ get_config(vdev, (uint8_t *)&config); -qemu_put_be16s(f, &config.cols); -qemu_put_be16s(f, &config.rows); -qemu_put_be32s(f, &config.max_nr_ports); +qemu_put_be16(f, config.cols); +qemu_put_be16(f, config.rows); +qemu_put_be32(f, config.max_nr_ports); /* The ports map */ max_nr_ports = s->serial.max_virtserial_ports; -- 1.8.3.1
[Qemu-devel] [PULL 45/79] fw_cfg_mem: add read memory region callback
From: Li Qiang
Signed-off-by: Li Qiang
Message-Id: <20180912160118.21158-2-liq...@163.com>
Signed-off-by: Paolo Bonzini
---
hw/nvram/fw_cfg.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index d79a568..6de7809 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -434,6 +434,11 @@ static bool fw_cfg_data_mem_valid(void *opaque, hwaddr
addr,
return addr == 0;
}
+static uint64_t fw_cfg_ctl_mem_read(void *opaque, hwaddr addr, unsigned size)
+{
+return 0;
+}
+
static void fw_cfg_ctl_mem_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
@@ -468,6 +473,7 @@ static bool fw_cfg_comb_valid(void *opaque, hwaddr addr,
}
static const MemoryRegionOps fw_cfg_ctl_mem_ops = {
+.read = fw_cfg_ctl_mem_read,
.write = fw_cfg_ctl_mem_write,
.endianness = DEVICE_BIG_ENDIAN,
.valid.accepts = fw_cfg_ctl_mem_valid,
--
1.8.3.1
[Qemu-devel] [PULL 72/79] memory: Use MAKE_64BIT_MASK()
From: Philippe Mathieu-Daudé
Suggested-by: Paolo Bonzini
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20180927002416.1781-2-f4...@amsat.org>
Signed-off-by: Paolo Bonzini
Signed-off-by: Philippe Mathieu-Daudé
---
memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/memory.c b/memory.c
index f797d82..b3051d9 100644
--- a/memory.c
+++ b/memory.c
@@ -582,7 +582,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
/* FIXME: support unaligned access? */
access_size = MAX(MIN(size, access_size_max), access_size_min);
-access_mask = -1ULL >> (64 - access_size * 8);
+access_mask = MAKE_64BIT_MASK(0, access_size * 8);
if (memory_region_big_endian(mr)) {
for (i = 0; i < size; i += access_size) {
r |= access_fn(mr, addr + i, value, access_size,
--
1.8.3.1
[Qemu-devel] [PULL 73/79] memory: Refactor common shifting code from accessors
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20180927002416.1781-3-f4...@amsat.org>
Signed-off-by: Paolo Bonzini
Signed-off-by: Philippe Mathieu-Daudé
---
memory.c | 30 +-
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/memory.c b/memory.c
index b3051d9..a4d3fa7 100644
--- a/memory.c
+++ b/memory.c
@@ -374,6 +374,21 @@ static void adjust_endianness(MemoryRegion *mr, uint64_t
*data, unsigned size)
}
}
+static inline void memory_region_shift_read_access(uint64_t *value,
+ unsigned shift,
+ uint64_t mask,
+ uint64_t tmp)
+{
+*value |= (tmp & mask) << shift;
+}
+
+static inline uint64_t memory_region_shift_write_access(uint64_t *value,
+unsigned shift,
+uint64_t mask)
+{
+return (*value >> shift) & mask;
+}
+
static hwaddr memory_region_to_absolute_addr(MemoryRegion *mr, hwaddr offset)
{
MemoryRegion *root;
@@ -418,7 +433,7 @@ static MemTxResult
memory_region_oldmmio_read_accessor(MemoryRegion *mr,
hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, size);
}
-*value |= (tmp & mask) << shift;
+memory_region_shift_read_access(value, shift, mask, tmp);
return MEMTX_OK;
}
@@ -444,7 +459,7 @@ static MemTxResult
memory_region_read_accessor(MemoryRegion *mr,
hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, size);
}
-*value |= (tmp & mask) << shift;
+memory_region_shift_read_access(value, shift, mask, tmp);
return MEMTX_OK;
}
@@ -471,7 +486,7 @@ static MemTxResult
memory_region_read_with_attrs_accessor(MemoryRegion *mr,
hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, size);
}
-*value |= (tmp & mask) << shift;
+memory_region_shift_read_access(value, shift, mask, tmp);
return r;
}
@@ -483,9 +498,8 @@ static MemTxResult
memory_region_oldmmio_write_accessor(MemoryRegion *mr,
uint64_t mask,
MemTxAttrs attrs)
{
-uint64_t tmp;
+uint64_t tmp = memory_region_shift_write_access(value, shift, mask);
-tmp = (*value >> shift) & mask;
if (mr->subpage) {
trace_memory_region_subpage_write(get_cpu_index(), mr, addr, tmp,
size);
} else if (mr == &io_mem_notdirty) {
@@ -509,9 +523,8 @@ static MemTxResult
memory_region_write_accessor(MemoryRegion *mr,
uint64_t mask,
MemTxAttrs attrs)
{
-uint64_t tmp;
+uint64_t tmp = memory_region_shift_write_access(value, shift, mask);
-tmp = (*value >> shift) & mask;
if (mr->subpage) {
trace_memory_region_subpage_write(get_cpu_index(), mr, addr, tmp,
size);
} else if (mr == &io_mem_notdirty) {
@@ -535,9 +548,8 @@ static MemTxResult
memory_region_write_with_attrs_accessor(MemoryRegion *mr,
uint64_t mask,
MemTxAttrs attrs)
{
-uint64_t tmp;
+uint64_t tmp = memory_region_shift_write_access(value, shift, mask);
-tmp = (*value >> shift) & mask;
if (mr->subpage) {
trace_memory_region_subpage_write(get_cpu_index(), mr, addr, tmp,
size);
} else if (mr == &io_mem_notdirty) {
--
1.8.3.1
[Qemu-devel] [PULL 52/79] char-socket: update all ioc handlers when changing context
From: Marc-André Lureau
So far, tcp_chr_update_read_handler() only updated the read
handler. Let's also update the hup handler.
Factorize the code while at it. (note that s->ioc != NULL when
s->connected)
Signed-off-by: Marc-André Lureau
Message-Id: <20180817135224.22971-4-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
chardev/char-socket.c | 59 ---
1 file changed, 33 insertions(+), 26 deletions(-)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 14f6567..7cd0ae2 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -353,6 +353,15 @@ static GSource *tcp_chr_add_watch(Chardev *chr,
GIOCondition cond)
return qio_channel_create_watch(s->ioc, cond);
}
+static void remove_hup_source(SocketChardev *s)
+{
+if (s->hup_source != NULL) {
+g_source_destroy(s->hup_source);
+g_source_unref(s->hup_source);
+s->hup_source = NULL;
+}
+}
+
static void tcp_chr_free_connection(Chardev *chr)
{
SocketChardev *s = SOCKET_CHARDEV(chr);
@@ -367,11 +376,7 @@ static void tcp_chr_free_connection(Chardev *chr)
s->read_msgfds_num = 0;
}
-if (s->hup_source != NULL) {
-g_source_destroy(s->hup_source);
-g_source_unref(s->hup_source);
-s->hup_source = NULL;
-}
+remove_hup_source(s);
tcp_set_msgfds(chr, NULL, 0);
remove_fd_in_watch(chr);
@@ -540,6 +545,27 @@ static char *sockaddr_to_str(struct sockaddr_storage *ss,
socklen_t ss_len,
}
}
+static void update_ioc_handlers(SocketChardev *s)
+{
+Chardev *chr = CHARDEV(s);
+
+if (!s->connected) {
+return;
+}
+
+remove_fd_in_watch(chr);
+chr->gsource = io_add_watch_poll(chr, s->ioc,
+ tcp_chr_read_poll,
+ tcp_chr_read, chr,
+ chr->gcontext);
+
+remove_hup_source(s);
+s->hup_source = qio_channel_create_watch(s->ioc, G_IO_HUP);
+g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup,
+ chr, NULL);
+g_source_attach(s->hup_source, chr->gcontext);
+}
+
static void tcp_chr_connect(void *opaque)
{
Chardev *chr = CHARDEV(opaque);
@@ -552,16 +578,7 @@ static void tcp_chr_connect(void *opaque)
s->is_listen, s->is_telnet);
s->connected = 1;
-chr->gsource = io_add_watch_poll(chr, s->ioc,
- tcp_chr_read_poll,
- tcp_chr_read,
- chr, chr->gcontext);
-
-s->hup_source = qio_channel_create_watch(s->ioc, G_IO_HUP);
-g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup,
- chr, NULL);
-g_source_attach(s->hup_source, chr->gcontext);
-
+update_ioc_handlers(s);
qemu_chr_be_event(chr, CHR_EVENT_OPENED);
}
@@ -592,17 +609,7 @@ static void tcp_chr_update_read_handler(Chardev *chr)
tcp_chr_telnet_init(CHARDEV(s));
}
-if (!s->connected) {
-return;
-}
-
-remove_fd_in_watch(chr);
-if (s->ioc) {
-chr->gsource = io_add_watch_poll(chr, s->ioc,
- tcp_chr_read_poll,
- tcp_chr_read, chr,
- chr->gcontext);
-}
+update_ioc_handlers(s);
}
static gboolean tcp_chr_telnet_init_io(QIOChannel *ioc,
--
1.8.3.1
[Qemu-devel] [PULL 57/79] i386: Compile CPUX86State xsave_buf only when support KVM or HVF
From: Liran Alon
While at it, also rename var to indicate it is not used only in KVM.
Reviewed-by: Nikita Leshchenko
Reviewed-by: Patrick Colp
Signed-off-by: Liran Alon
Message-Id: <20180914003827.124570-2-liran.a...@oracle.com>
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.h | 4 +++-
target/i386/hvf/README.md | 2 +-
target/i386/hvf/hvf.c | 2 +-
target/i386/hvf/x86hvf.c | 4 ++--
target/i386/kvm.c | 6 +++---
5 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 6f0e4de..730c06f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1327,7 +1327,9 @@ typedef struct CPUX86State {
bool tsc_valid;
int64_t tsc_khz;
int64_t user_tsc_khz; /* for sanity check only */
-void *kvm_xsave_buf;
+#if defined(CONFIG_KVM) || defined(CONFIG_HVF)
+void *xsave_buf;
+#endif
#if defined(CONFIG_HVF)
HVFX86EmulatorState *hvf_emul;
#endif
diff --git a/target/i386/hvf/README.md b/target/i386/hvf/README.md
index 0d27a0d..2d33477 100644
--- a/target/i386/hvf/README.md
+++ b/target/i386/hvf/README.md
@@ -2,6 +2,6 @@
These sources (and ../hvf-all.c) are adapted from Veertu Inc's vdhh (Veertu
Desktop Hosted Hypervisor) (last known location:
https://github.com/veertuinc/vdhh) with some minor changes, the most
significant of which were:
-1. Adapt to our current QEMU's `CPUState` structure and `address_space_rw`
API; many struct members have been moved around (emulated x86 state,
kvm_xsave_buf) due to historical differences + QEMU needing to handle more
emulation targets.
+1. Adapt to our current QEMU's `CPUState` structure and `address_space_rw`
API; many struct members have been moved around (emulated x86 state, xsave_buf)
due to historical differences + QEMU needing to handle more emulation targets.
2. Removal of `apic_page` and hyperv-related functionality.
3. More relaxed use of `qemu_mutex_lock_iothread`.
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index df69e6d..5db167d 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -587,7 +587,7 @@ int hvf_init_vcpu(CPUState *cpu)
hvf_reset_vcpu(cpu);
x86cpu = X86_CPU(cpu);
-x86cpu->env.kvm_xsave_buf = qemu_memalign(4096, 4096);
+x86cpu->env.xsave_buf = qemu_memalign(4096, 4096);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_STAR, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_LSTAR, 1);
diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index 6c88939..df8e946 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -75,7 +75,7 @@ void hvf_put_xsave(CPUState *cpu_state)
struct X86XSaveArea *xsave;
-xsave = X86_CPU(cpu_state)->env.kvm_xsave_buf;
+xsave = X86_CPU(cpu_state)->env.xsave_buf;
x86_cpu_xsave_all_areas(X86_CPU(cpu_state), xsave);
@@ -163,7 +163,7 @@ void hvf_get_xsave(CPUState *cpu_state)
{
struct X86XSaveArea *xsave;
-xsave = X86_CPU(cpu_state)->env.kvm_xsave_buf;
+xsave = X86_CPU(cpu_state)->env.xsave_buf;
if (hv_vcpu_read_fpstate(cpu_state->hvf_fd, (void*)xsave, 4096)) {
abort();
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index de892db..dc4047b 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1189,7 +1189,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
}
if (has_xsave) {
-env->kvm_xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
+env->xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
}
cpu->kvm_msr_buf = g_malloc0(MSR_BUF_SIZE);
@@ -1639,7 +1639,7 @@ ASSERT_OFFSET(XSAVE_PKRU, pkru_state);
static int kvm_put_xsave(X86CPU *cpu)
{
CPUX86State *env = &cpu->env;
-X86XSaveArea *xsave = env->kvm_xsave_buf;
+X86XSaveArea *xsave = env->xsave_buf;
if (!has_xsave) {
return kvm_put_fpu(cpu);
@@ -2081,7 +2081,7 @@ static int kvm_get_fpu(X86CPU *cpu)
static int kvm_get_xsave(X86CPU *cpu)
{
CPUX86State *env = &cpu->env;
-X86XSaveArea *xsave = env->kvm_xsave_buf;
+X86XSaveArea *xsave = env->xsave_buf;
int ret;
if (!has_xsave) {
--
1.8.3.1
[Qemu-devel] [PULL 49/79] memory: cleanup side effects of memory_region_init_foo() on failure
From: Igor Mammedov
if MemoryRegion intialization fails it's left in semi-initialized state,
where it's size is not 0 and attached as child to owner object.
And this leds to crash in following use-case:
(monitor) object_add
memory-backend-file,id=mem1,size=9G,mem-path=/tmp/foo,discard-data=yes
memory.c:2083: memory_region_get_ram_ptr: Assertion `mr->ram_block' failed
Aborted (core dumped)
it happens due to assumption that memory region is intialized when
memory_region_size() != 0
and therefore it's ok to access it in
file_backend_unparent()
if (memory_region_size() != 0)
memory_region_get_ram_ptr()
which happens when object_add fails and unparents failed backend making
file_backend_unparent() access invalid memory region.
Fix it by making sure that memory_region_init_foo() APIs cleanup externally
visible side effects on failure (like set size to 0 and unparenting object)
Signed-off-by: Igor Mammedov
Message-Id: <1536064777-42312-1-git-send-email-imamm...@redhat.com>
Signed-off-by: Paolo Bonzini
---
memory.c | 48 ++--
1 file changed, 42 insertions(+), 6 deletions(-)
diff --git a/memory.c b/memory.c
index 9b73892..aceadb2 100644
--- a/memory.c
+++ b/memory.c
@@ -1518,12 +1518,18 @@ void
memory_region_init_ram_shared_nomigrate(MemoryRegion *mr,
bool share,
Error **errp)
{
+Error *err = NULL;
memory_region_init(mr, owner, name, size);
mr->ram = true;
mr->terminates = true;
mr->destructor = memory_region_destructor_ram;
-mr->ram_block = qemu_ram_alloc(size, share, mr, errp);
+mr->ram_block = qemu_ram_alloc(size, share, mr, &err);
mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
+if (err) {
+mr->size = int128_zero();
+object_unparent(OBJECT(mr));
+error_propagate(errp, err);
+}
}
void memory_region_init_resizeable_ram(MemoryRegion *mr,
@@ -1536,13 +1542,19 @@ void memory_region_init_resizeable_ram(MemoryRegion *mr,
void *host),
Error **errp)
{
+Error *err = NULL;
memory_region_init(mr, owner, name, size);
mr->ram = true;
mr->terminates = true;
mr->destructor = memory_region_destructor_ram;
mr->ram_block = qemu_ram_alloc_resizeable(size, max_size, resized,
- mr, errp);
+ mr, &err);
mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
+if (err) {
+mr->size = int128_zero();
+object_unparent(OBJECT(mr));
+error_propagate(errp, err);
+}
}
#ifdef __linux__
@@ -1555,13 +1567,19 @@ void memory_region_init_ram_from_file(MemoryRegion *mr,
const char *path,
Error **errp)
{
+Error *err = NULL;
memory_region_init(mr, owner, name, size);
mr->ram = true;
mr->terminates = true;
mr->destructor = memory_region_destructor_ram;
mr->align = align;
-mr->ram_block = qemu_ram_alloc_from_file(size, mr, ram_flags, path, errp);
+mr->ram_block = qemu_ram_alloc_from_file(size, mr, ram_flags, path, &err);
mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
+if (err) {
+mr->size = int128_zero();
+object_unparent(OBJECT(mr));
+error_propagate(errp, err);
+}
}
void memory_region_init_ram_from_fd(MemoryRegion *mr,
@@ -1572,14 +1590,20 @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
int fd,
Error **errp)
{
+Error *err = NULL;
memory_region_init(mr, owner, name, size);
mr->ram = true;
mr->terminates = true;
mr->destructor = memory_region_destructor_ram;
mr->ram_block = qemu_ram_alloc_from_fd(size, mr,
share ? RAM_SHARED : 0,
- fd, errp);
+ fd, &err);
mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
+if (err) {
+mr->size = int128_zero();
+object_unparent(OBJECT(mr));
+error_propagate(errp, err);
+}
}
#endif
@@ -1630,13 +1654,19 @@ void memory_region_init_rom_nomigrate(MemoryRegion *mr,
uint64_t size,
Error **errp)
{
+Error *err = NULL;
memory_region_init(mr, owner, name, size);
mr->ram = true;
mr->readonly = true;
mr->terminates = true;
mr->destructor = memory_region_destructor_ram;
-mr->ram_block = qemu_ram_alloc(size, false, mr, errp);
+mr->ram_block = qemu_ram_alloc(size, false, mr, &err);
mr->dirty_log_mask = tcg_enabled() ?
[Qemu-devel] [PULL 76/79] hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps struct
From: Peter Maydell
We've now removed the 'old_mmio' member from MemoryRegionOps,
so we can perform the copy as a simple struct copy rather
than having to do it via a memberwise copy.
Signed-off-by: Peter Maydell
Message-Id: <20180824170422.5783-3-peter.mayd...@linaro.org>
Based-on: <20180802174042.29234-1-peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
hw/nvram/fw_cfg.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 6de7809..946f765 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1115,12 +1115,7 @@ static void fw_cfg_mem_realize(DeviceState *dev, Error
**errp)
sysbus_init_mmio(sbd, &s->ctl_iomem);
if (s->data_width > data_ops->valid.max_access_size) {
-/* memberwise copy because the "old_mmio" member is const */
-s->wide_data_ops.read = data_ops->read;
-s->wide_data_ops.write = data_ops->write;
-s->wide_data_ops.endianness = data_ops->endianness;
-s->wide_data_ops.valid = data_ops->valid;
-s->wide_data_ops.impl = data_ops->impl;
+s->wide_data_ops = *data_ops;
s->wide_data_ops.valid.max_access_size = s->data_width;
s->wide_data_ops.impl.max_access_size = s->data_width;
--
1.8.3.1
[Qemu-devel] [PULL 59/79] dump: move Windows dump structures definitions
From: Viktor Prutyanov
This patch moves definitions of Windows dump structures to
include/qemu/win_dump_defs.h to keep create_win_dump() prototype separate.
Signed-off-by: Viktor Prutyanov
Message-Id: <1535546488-30208-2-git-send-email-viktor.prutya...@virtuozzo.com>
Signed-off-by: Paolo Bonzini
---
include/qemu/win_dump_defs.h | 179 +++
win_dump.h | 166 +--
2 files changed, 183 insertions(+), 162 deletions(-)
create mode 100644 include/qemu/win_dump_defs.h
diff --git a/include/qemu/win_dump_defs.h b/include/qemu/win_dump_defs.h
new file mode 100644
index 000..145096e
--- /dev/null
+++ b/include/qemu/win_dump_defs.h
@@ -0,0 +1,179 @@
+/*
+ * Windows crashdump definitions
+ *
+ * Copyright (c) 2018 Virtuozzo International GmbH
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_WIN_DUMP_DEFS_H
+#define QEMU_WIN_DUMP_DEFS_H
+
+typedef struct WinDumpPhyMemRun64 {
+uint64_t BasePage;
+uint64_t PageCount;
+} QEMU_PACKED WinDumpPhyMemRun64;
+
+typedef struct WinDumpPhyMemDesc64 {
+uint32_t NumberOfRuns;
+uint32_t unused;
+uint64_t NumberOfPages;
+WinDumpPhyMemRun64 Run[43];
+} QEMU_PACKED WinDumpPhyMemDesc64;
+
+typedef struct WinDumpExceptionRecord {
+uint32_t ExceptionCode;
+uint32_t ExceptionFlags;
+uint64_t ExceptionRecord;
+uint64_t ExceptionAddress;
+uint32_t NumberParameters;
+uint32_t unused;
+uint64_t ExceptionInformation[15];
+} QEMU_PACKED WinDumpExceptionRecord;
+
+typedef struct WinDumpHeader64 {
+char Signature[4];
+char ValidDump[4];
+uint32_t MajorVersion;
+uint32_t MinorVersion;
+uint64_t DirectoryTableBase;
+uint64_t PfnDatabase;
+uint64_t PsLoadedModuleList;
+uint64_t PsActiveProcessHead;
+uint32_t MachineImageType;
+uint32_t NumberProcessors;
+union {
+struct {
+uint32_t BugcheckCode;
+uint32_t unused0;
+uint64_t BugcheckParameter1;
+uint64_t BugcheckParameter2;
+uint64_t BugcheckParameter3;
+uint64_t BugcheckParameter4;
+};
+uint8_t BugcheckData[40];
+};
+uint8_t VersionUser[32];
+uint64_t KdDebuggerDataBlock;
+union {
+WinDumpPhyMemDesc64 PhysicalMemoryBlock;
+uint8_t PhysicalMemoryBlockBuffer[704];
+};
+union {
+uint8_t ContextBuffer[3000];
+};
+WinDumpExceptionRecord Exception;
+uint32_t DumpType;
+uint32_t unused1;
+uint64_t RequiredDumpSpace;
+uint64_t SystemTime;
+char Comment[128];
+uint64_t SystemUpTime;
+uint32_t MiniDumpFields;
+uint32_t SecondaryDataState;
+uint32_t ProductType;
+uint32_t SuiteMask;
+uint32_t WriterStatus;
+uint8_t unused2;
+uint8_t KdSecondaryVersion;
+uint8_t reserved[4018];
+} QEMU_PACKED WinDumpHeader64;
+
+#define KDBG_OWNER_TAG_OFFSET64 0x10
+#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0
+#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88
+#define KDBG_KI_PROCESSOR_BLOCK_OFFSET640x218
+#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338
+
+#define VMCOREINFO_ELF_NOTE_HDR_SIZE24
+
+#define WIN_CTX_X64 0x0010L
+
+#define WIN_CTX_CTL 0x0001L
+#define WIN_CTX_INT 0x0002L
+#define WIN_CTX_SEG 0x0004L
+#define WIN_CTX_FP 0x0008L
+#define WIN_CTX_DBG 0x0010L
+
+#define WIN_CTX_FULL(WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
+#define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
+
+#define LIVE_SYSTEM_DUMP0x0161
+
+typedef struct WinM128A {
+uint64_t low;
+int64_t high;
+} QEMU_ALIGNED(16) WinM128A;
+
+typedef struct WinContext {
+uint64_t PHome[6];
+
+uint32_t ContextFlags;
+uint32_t MxCsr;
+
+uint16_t SegCs;
+uint16_t SegDs;
+uint16_t SegEs;
+uint16_t SegFs;
+uint16_t SegGs;
+uint16_t SegSs;
+uint32_t EFlags;
+
+uint64_t Dr0;
+uint64_t Dr1;
+uint64_t Dr2;
+uint64_t Dr3;
+uint64_t Dr6;
+uint64_t Dr7;
+
+uint64_t Rax;
+uint64_t Rcx;
+uint64_t Rdx;
+uint64_t Rbx;
+uint64_t Rsp;
+uint64_t Rbp;
+uint64_t Rsi;
+uint64_t Rdi;
+uint64_t R8;
+uint64_t R9;
+uint64_t R10;
+uint64_t R11;
+uint64_t R12;
+uint64_t R13;
+uint64_t R14;
+uint64_t R15;
+
+uint64_t Rip;
+
+struct {
+uint16_t ControlWord;
+uint16_t StatusWord;
+uint8_t TagWord;
+uint8_t Reserved1;
+uint16_t ErrorOpcode;
+uint32_t ErrorOffset;
+uint16_t ErrorSelector;
+uint16_t Reserved2;
+uint32_t DataOffset;
+uint16_t DataSelector;
+uint16_t Reserved3;
+uint32_t MxCsr;
+uint32_t MxCsr_Mask;
+WinM128A FloatRegisters[8];
+WinM128A XmmRegisters[16];
+uint8_t Reser
[Qemu-devel] [PULL 75/79] memory: Remove old_mmio accessors
From: Peter Maydell
Now that all the users of old_mmio MemoryRegion accessors
have been converted, we can remove the core code support.
Signed-off-by: Peter Maydell
Message-Id: <20180824170422.5783-2-peter.mayd...@linaro.org>
Based-on: <20180802174042.29234-1-peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
docs/devel/memory.txt | 2 --
include/exec/memory.h | 5
memory.c | 63 ++-
3 files changed, 2 insertions(+), 68 deletions(-)
diff --git a/docs/devel/memory.txt b/docs/devel/memory.txt
index c1dee12..4fff0d5 100644
--- a/docs/devel/memory.txt
+++ b/docs/devel/memory.txt
@@ -342,5 +342,3 @@ various constraints can be supplied to control how these
callbacks are called:
- .impl.unaligned specifies that the *implementation* supports unaligned
accesses; if false, unaligned accesses will be emulated by two aligned
accesses.
- - .old_mmio eases the porting of code that was formerly using
- cpu_register_io_memory(). It should not be used in new code.
diff --git a/include/exec/memory.h b/include/exec/memory.h
index e78a9a4..3a427aa 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -201,11 +201,6 @@ struct MemoryRegionOps {
*/
bool unaligned;
} impl;
-
-/* If .read and .write are not present, old_mmio may be used for
- * backwards compatibility with old mmio registration
- */
-const MemoryRegionMmio old_mmio;
};
enum IOMMUMemoryRegionAttr {
diff --git a/memory.c b/memory.c
index b96aec7..d852f11 100644
--- a/memory.c
+++ b/memory.c
@@ -423,32 +423,6 @@ static int get_cpu_index(void)
return -1;
}
-static MemTxResult memory_region_oldmmio_read_accessor(MemoryRegion *mr,
- hwaddr addr,
- uint64_t *value,
- unsigned size,
- signed shift,
- uint64_t mask,
- MemTxAttrs attrs)
-{
-uint64_t tmp;
-
-tmp = mr->ops->old_mmio.read[ctz32(size)](mr->opaque, addr);
-if (mr->subpage) {
-trace_memory_region_subpage_read(get_cpu_index(), mr, addr, tmp, size);
-} else if (mr == &io_mem_notdirty) {
-/* Accesses to code which has previously been translated into a TB show
- * up in the MMIO path, as accesses to the io_mem_notdirty
- * MemoryRegion. */
-trace_memory_region_tb_read(get_cpu_index(), addr, tmp, size);
-} else if (TRACE_MEMORY_REGION_OPS_READ_ENABLED) {
-hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
-trace_memory_region_ops_read(get_cpu_index(), mr, abs_addr, tmp, size);
-}
-memory_region_shift_read_access(value, shift, mask, tmp);
-return MEMTX_OK;
-}
-
static MemTxResult memory_region_read_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
@@ -502,31 +476,6 @@ static MemTxResult
memory_region_read_with_attrs_accessor(MemoryRegion *mr,
return r;
}
-static MemTxResult memory_region_oldmmio_write_accessor(MemoryRegion *mr,
-hwaddr addr,
-uint64_t *value,
-unsigned size,
-signed shift,
-uint64_t mask,
-MemTxAttrs attrs)
-{
-uint64_t tmp = memory_region_shift_write_access(value, shift, mask);
-
-if (mr->subpage) {
-trace_memory_region_subpage_write(get_cpu_index(), mr, addr, tmp,
size);
-} else if (mr == &io_mem_notdirty) {
-/* Accesses to code which has previously been translated into a TB show
- * up in the MMIO path, as accesses to the io_mem_notdirty
- * MemoryRegion. */
-trace_memory_region_tb_write(get_cpu_index(), addr, tmp, size);
-} else if (TRACE_MEMORY_REGION_OPS_WRITE_ENABLED) {
-hwaddr abs_addr = memory_region_to_absolute_addr(mr, addr);
-trace_memory_region_ops_write(get_cpu_index(), mr, abs_addr, tmp,
size);
-}
-mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
-return MEMTX_OK;
-}
-
static MemTxResult memory_region_write_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
@@ -1418,16 +1367,12 @@ static MemTxResult
memory_region_dispatch_read1(MemoryRegion *mr,
mr->ops->impl.max_access_size,
[Qemu-devel] [PULL 53/79] test-char: add socket reconnect test
From: Marc-André Lureau
This test exhibits a regression fixed by the previous reverts.
Signed-off-by: Marc-André Lureau
Message-Id: <20180817135224.22971-5-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
tests/test-char.c | 18 ++
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/tests/test-char.c b/tests/test-char.c
index 2a2ff32..2670ff6 100644
--- a/tests/test-char.c
+++ b/tests/test-char.c
@@ -307,7 +307,7 @@ static int socket_can_read_hello(void *opaque)
return 10;
}
-static void char_socket_test_common(Chardev *chr)
+static void char_socket_test_common(Chardev *chr, bool reconnect)
{
Chardev *chr_client;
QObject *addr;
@@ -327,7 +327,8 @@ static void char_socket_test_common(Chardev *chr)
addr = object_property_get_qobject(OBJECT(chr), "addr", &error_abort);
qdict = qobject_to(QDict, addr);
port = qdict_get_str(qdict, "port");
-tmp = g_strdup_printf("tcp:127.0.0.1:%s", port);
+tmp = g_strdup_printf("tcp:127.0.0.1:%s%s", port,
+ reconnect ? ",reconnect=1" : "");
qobject_unref(qdict);
qemu_chr_fe_init(&be, chr, &error_abort);
@@ -368,7 +369,15 @@ static void char_socket_basic_test(void)
{
Chardev *chr = qemu_chr_new("server", "tcp:127.0.0.1:0,server,nowait");
-char_socket_test_common(chr);
+char_socket_test_common(chr, false);
+}
+
+
+static void char_socket_reconnect_test(void)
+{
+Chardev *chr = qemu_chr_new("server", "tcp:127.0.0.1:0,server,nowait");
+
+char_socket_test_common(chr, true);
}
@@ -400,7 +409,7 @@ static void char_socket_fdpass_test(void)
qemu_opts_del(opts);
-char_socket_test_common(chr);
+char_socket_test_common(chr, false);
}
@@ -819,6 +828,7 @@ int main(int argc, char **argv)
g_test_add_func("/char/file-fifo", char_file_fifo_test);
#endif
g_test_add_func("/char/socket/basic", char_socket_basic_test);
+g_test_add_func("/char/socket/reconnect", char_socket_reconnect_test);
g_test_add_func("/char/socket/fdpass", char_socket_fdpass_test);
g_test_add_func("/char/udp", char_udp_test);
#ifdef HAVE_CHARDEV_SERIAL
--
1.8.3.1
[Qemu-devel] [PULL 78/79] cpus: fix TCG kick timer leak
From: Alex Bennée
This is an alternative fix to Marc-André's original patch.
Reported-by: Marc-André Lureau
Suggested-by: Paolo Bonzini
Signed-off-by: Alex Bennée
Message-Id: <20180927171724.30128-1-alex.ben...@linaro.org>
Signed-off-by: Paolo Bonzini
---
cpus.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/cpus.c b/cpus.c
index 68f08f5..361678e 100644
--- a/cpus.c
+++ b/cpus.c
@@ -983,6 +983,8 @@ static void start_tcg_kick_timer(void)
if (!tcg_kick_vcpu_timer && CPU_NEXT(first_cpu)) {
tcg_kick_vcpu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
kick_tcg_thread, NULL);
+}
+if (tcg_kick_vcpu_timer && !timer_pending(tcg_kick_vcpu_timer)) {
timer_mod(tcg_kick_vcpu_timer, qemu_tcg_next_kick());
}
}
@@ -990,9 +992,8 @@ static void start_tcg_kick_timer(void)
static void stop_tcg_kick_timer(void)
{
assert(!mttcg_enabled);
-if (tcg_kick_vcpu_timer) {
+if (tcg_kick_vcpu_timer && timer_pending(tcg_kick_vcpu_timer)) {
timer_del(tcg_kick_vcpu_timer);
-tcg_kick_vcpu_timer = NULL;
}
}
--
1.8.3.1
[Qemu-devel] [PULL 56/79] target/i386: rename HF_SVMI_MASK to HF_GUEST_MASK
This flag will be used for KVM's nested VMX migration; the HF_GUEST_MASK name
is already used in KVM, adopt it in QEMU as well.
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.h | 4 ++--
target/i386/excp_helper.c | 2 +-
target/i386/seg_helper.c | 6 +++---
target/i386/svm_helper.c | 6 +++---
target/i386/translate.c | 4 ++--
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 227a5d9..6f0e4de 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -171,7 +171,7 @@ typedef enum X86Seg {
#define HF_AC_SHIFT 18 /* must be same as eflags */
#define HF_SMM_SHIFT19 /* CPU in SMM mode */
#define HF_SVME_SHIFT 20 /* SVME enabled (copy of EFER.SVME) */
-#define HF_SVMI_SHIFT 21 /* SVM intercepts are active */
+#define HF_GUEST_SHIFT 21 /* SVM intercepts are active */
#define HF_OSFXSR_SHIFT 22 /* CR4.OSFXSR */
#define HF_SMAP_SHIFT 23 /* CR4.SMAP */
#define HF_IOBPT_SHIFT 24 /* an io breakpoint enabled */
@@ -196,7 +196,7 @@ typedef enum X86Seg {
#define HF_AC_MASK (1 << HF_AC_SHIFT)
#define HF_SMM_MASK (1 << HF_SMM_SHIFT)
#define HF_SVME_MASK (1 << HF_SVME_SHIFT)
-#define HF_SVMI_MASK (1 << HF_SVMI_SHIFT)
+#define HF_GUEST_MASK(1 << HF_GUEST_SHIFT)
#define HF_OSFXSR_MASK (1 << HF_OSFXSR_SHIFT)
#define HF_SMAP_MASK (1 << HF_SMAP_SHIFT)
#define HF_IOBPT_MASK(1 << HF_IOBPT_SHIFT)
diff --git a/target/i386/excp_helper.c b/target/i386/excp_helper.c
index 37a33d5..49231f6 100644
--- a/target/i386/excp_helper.c
+++ b/target/i386/excp_helper.c
@@ -53,7 +53,7 @@ static int check_exception(CPUX86State *env, int intno, int
*error_code,
#if !defined(CONFIG_USER_ONLY)
if (env->old_exception == EXCP08_DBLE) {
-if (env->hflags & HF_SVMI_MASK) {
+if (env->hflags & HF_GUEST_MASK) {
cpu_vmexit(env, SVM_EXIT_SHUTDOWN, 0, retaddr); /* does not return
*/
}
diff --git a/target/i386/seg_helper.c b/target/i386/seg_helper.c
index ba9cc68..33714bc 100644
--- a/target/i386/seg_helper.c
+++ b/target/i386/seg_helper.c
@@ -1244,7 +1244,7 @@ static void do_interrupt_all(X86CPU *cpu, int intno, int
is_int,
}
if (env->cr[0] & CR0_PE_MASK) {
#if !defined(CONFIG_USER_ONLY)
-if (env->hflags & HF_SVMI_MASK) {
+if (env->hflags & HF_GUEST_MASK) {
handle_even_inj(env, intno, is_int, error_code, is_hw, 0);
}
#endif
@@ -1259,7 +1259,7 @@ static void do_interrupt_all(X86CPU *cpu, int intno, int
is_int,
}
} else {
#if !defined(CONFIG_USER_ONLY)
-if (env->hflags & HF_SVMI_MASK) {
+if (env->hflags & HF_GUEST_MASK) {
handle_even_inj(env, intno, is_int, error_code, is_hw, 1);
}
#endif
@@ -1267,7 +1267,7 @@ static void do_interrupt_all(X86CPU *cpu, int intno, int
is_int,
}
#if !defined(CONFIG_USER_ONLY)
-if (env->hflags & HF_SVMI_MASK) {
+if (env->hflags & HF_GUEST_MASK) {
CPUState *cs = CPU(cpu);
uint32_t event_inj = x86_ldl_phys(cs, env->vm_vmcb +
offsetof(struct vmcb,
diff --git a/target/i386/svm_helper.c b/target/i386/svm_helper.c
index 342ece0..9fd22a8 100644
--- a/target/i386/svm_helper.c
+++ b/target/i386/svm_helper.c
@@ -228,7 +228,7 @@ void helper_vmrun(CPUX86State *env, int aflag, int
next_eip_addend)
}
/* enable intercepts */
-env->hflags |= HF_SVMI_MASK;
+env->hflags |= HF_GUEST_MASK;
env->tsc_offset = x86_ldq_phys(cs, env->vm_vmcb +
offsetof(struct vmcb, control.tsc_offset));
@@ -503,7 +503,7 @@ void cpu_svm_check_intercept_param(CPUX86State *env,
uint32_t type,
{
CPUState *cs = CPU(x86_env_get_cpu(env));
-if (likely(!(env->hflags & HF_SVMI_MASK))) {
+if (likely(!(env->hflags & HF_GUEST_MASK))) {
return;
}
switch (type) {
@@ -697,7 +697,7 @@ void do_vmexit(CPUX86State *env, uint32_t exit_code,
uint64_t exit_info_1)
/* Reload the host state from vm_hsave */
env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
-env->hflags &= ~HF_SVMI_MASK;
+env->hflags &= ~HF_GUEST_MASK;
env->intercept = 0;
env->intercept_exceptions = 0;
cs->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
diff --git a/target/i386/translate.c b/target/i386/translate.c
index b8222dc..8fcd88e 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -632,7 +632,7 @@ static void gen_check_io(DisasContext *s, TCGMemOp ot,
target_ulong cur_eip,
tcg_abort();
}
}
-if(s->flags & HF_SVMI_MASK) {
+if(s->flags & HF_GUEST_MASK) {
gen_update_cc_op(s);
gen_jmp_im(s, cur_eip);
svm_flags |= (1 << (4 + ot));
@@ -2316,7 +2316,7 @@ gen_svm_check_intercept_param(DisasContext *s,
target_ulong pc_start,
uint32_t type, uint64_t param)
{
/* no SVM activ
[Qemu-devel] [PULL 61/79] MAINTAINERS: add myself as elf2dmp maintainer
From: Viktor Prutyanov Add myself as contrib/elf2dmp maintainer and elf2dmp as maintained. Signed-off-by: Viktor Prutyanov Message-Id: <20180918095422.4468-1-viktor.prutya...@phystech.edu> Signed-off-by: Paolo Bonzini --- MAINTAINERS | 5 + 1 file changed, 5 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index ce7c351..7ffaff4 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1896,6 +1896,11 @@ S: Maintained F: include/qemu/iova-tree.h F: util/iova-tree.c +elf2dmp +M: Viktor Prutyanov +S: Maintained +F: contrib/elf2dmp/ + Usermode Emulation -- Overall -- 1.8.3.1
[Qemu-devel] [PULL 50/79] Revert "chardev: tcp: postpone TLS work until machine done"
From: Marc-André Lureau
This reverts commit 99f2f54174a595e3ada6e4332fcd2b37ebb0d55d.
See next commit reverting 25679e5d58e258e9950685ffbd0cae4cd40d9cc2 as
well for rationale.
Signed-off-by: Marc-André Lureau
Message-Id: <20180817135224.22971-2-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini
Signed-off-by: Marc-André Lureau
---
chardev/char-socket.c | 10 --
1 file changed, 10 deletions(-)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index efbad6e..e28d2cc 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -32,7 +32,6 @@
#include "qapi/error.h"
#include "qapi/clone-visitor.h"
#include "qapi/qapi-visit-sockets.h"
-#include "sysemu/sysemu.h"
#include "chardev/char-io.h"
@@ -724,11 +723,6 @@ static void tcp_chr_tls_init(Chardev *chr)
Error *err = NULL;
gchar *name;
-if (!machine_init_done) {
-/* This will be postponed to machine_done notifier */
-return;
-}
-
if (s->is_listen) {
tioc = qio_channel_tls_new_server(
s->ioc, s->tls_creds,
@@ -1169,10 +1163,6 @@ static int tcp_chr_machine_done_hook(Chardev *chr)
tcp_chr_connect_async(chr);
}
-if (s->ioc && s->tls_creds) {
-tcp_chr_tls_init(chr);
-}
-
return 0;
}
--
1.8.3.1
[Qemu-devel] [PULL 64/79] lsi53c895a: convert to trace-events
From: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Message-Id: <20180917053229.4853-1-mark.cave-ayl...@ilande.co.uk>
Signed-off-by: Paolo Bonzini
---
hw/scsi/lsi53c895a.c | 214 +--
hw/scsi/trace-events | 62 +++
2 files changed, 165 insertions(+), 111 deletions(-)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 996b406..d1e6534 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -20,20 +20,7 @@
#include "hw/scsi/scsi.h"
#include "sysemu/dma.h"
#include "qemu/log.h"
-
-//#define DEBUG_LSI
-//#define DEBUG_LSI_REG
-
-#ifdef DEBUG_LSI
-#define DPRINTF(fmt, ...) \
-do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);}
while (0)
-#else
-#define DPRINTF(fmt, ...) do {} while(0)
-#define BADF(fmt, ...) \
-do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
-#endif
+#include "trace.h"
static const char *names[] = {
"SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
@@ -313,7 +300,7 @@ static inline int lsi_irq_on_rsl(LSIState *s)
static void lsi_soft_reset(LSIState *s)
{
-DPRINTF("Reset\n");
+trace_lsi_reset();
s->carry = 0;
s->msg_action = 0;
@@ -484,15 +471,13 @@ static void lsi_update_irq(LSIState *s)
level = 1;
if (level != last_level) {
-DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
-level, s->dstat, s->sist1, s->sist0);
+trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0);
last_level = level;
}
lsi_set_irq(s, level);
if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
-DPRINTF("Handled IRQs & disconnected, looking for pending "
-"processes\n");
+trace_lsi_update_irq_disconnected();
QTAILQ_FOREACH(p, &s->queue, next) {
if (p->pending) {
lsi_reselect(s, p);
@@ -508,8 +493,7 @@ static void lsi_script_scsi_interrupt(LSIState *s, int
stat0, int stat1)
uint32_t mask0;
uint32_t mask1;
-DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
-stat1, stat0, s->sist1, s->sist0);
+trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0);
s->sist0 |= stat0;
s->sist1 |= stat1;
/* Stop processor on fatal or unmasked interrupt. As a special hack
@@ -527,7 +511,7 @@ static void lsi_script_scsi_interrupt(LSIState *s, int
stat0, int stat1)
/* Stop SCRIPTS execution and raise a DMA interrupt. */
static void lsi_script_dma_interrupt(LSIState *s, int stat)
{
-DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
+trace_lsi_script_dma_interrupt(stat, s->dstat);
s->dstat |= stat;
lsi_update_irq(s);
lsi_stop_script(s);
@@ -547,9 +531,9 @@ static void lsi_bad_phase(LSIState *s, int out, int
new_phase)
} else {
s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
}
-DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
+trace_lsi_bad_phase_jump(s->dsp);
} else {
-DPRINTF("Phase mismatch interrupt\n");
+trace_lsi_bad_phase_interrupt();
lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
lsi_stop_script(s);
}
@@ -576,7 +560,7 @@ static void lsi_disconnect(LSIState *s)
static void lsi_bad_selection(LSIState *s, uint32_t id)
{
-DPRINTF("Selected absent target %d\n", id);
+trace_lsi_bad_selection(id);
lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
lsi_disconnect(s);
}
@@ -591,7 +575,7 @@ static void lsi_do_dma(LSIState *s, int out)
assert(s->current);
if (!s->current->dma_len) {
/* Wait until data is available. */
-DPRINTF("DMA no data available\n");
+trace_lsi_do_dma_unavailable();
return;
}
@@ -611,7 +595,7 @@ static void lsi_do_dma(LSIState *s, int out)
else if (s->sbms)
addr |= ((uint64_t)s->sbms << 32);
-DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
+trace_lsi_do_dma(addr, count);
s->csbc += count;
s->dnad += count;
s->dbc -= count;
@@ -640,7 +624,7 @@ static void lsi_queue_command(LSIState *s)
{
lsi_request *p = s->current;
-DPRINTF("Queueing tag=0x%x\n", p->tag);
+trace_lsi_queue_command(p->tag);
assert(s->current != NULL);
assert(s->current->dma_len == 0);
QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
@@ -654,9 +638,9 @@ static void lsi_queue_command(LSIState *s)
static void lsi_add_msg_byte(LSIState *s, uint8_t data)
{
if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
-BADF("MSG IN data too long\n");
+trace_lsi_add_msg_byte_error();
} else {
-DPRINTF("MSG IN 0x%02x\n", data);
+trace_lsi_add_msg_byte(data);
s->msg[s->msg_len++] = data;
}
}
@@ -676,7 +660,7 @@ static void lsi_rese
[Qemu-devel] [PULL 63/79] scsi-block: Deprecate rotation_rate
From: Fam Zheng
This option is added together with scsi-disk but is never honoured,
becuase we don't emulate the VPD page for scsi-block. We could intercept
and inject the user specified value like for max xfer len, but it's
probably not helpful since the intent of 070f80095ad was for random
entropy aspects, not for performance. If emulated rotation rate is
desired, scsi-hd is more suitable.
Signed-off-by: Fam Zheng
Message-Id: <20180917083138.3948-1-f...@redhat.com>
Signed-off-by: Paolo Bonzini
---
hw/scsi/scsi-disk.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 5ae7baa..c43163c 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2610,6 +2610,12 @@ static void scsi_block_realize(SCSIDevice *dev, Error
**errp)
return;
}
+if (s->rotation_rate) {
+error_report_once("rotation_rate is specified for scsi-block but is "
+ "not implemented. This option is deprecated and will
"
+ "be removed in a future version");
+}
+
/* check we are using a driver managing SG_IO (version 3 and after) */
rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
if (rc < 0) {
--
1.8.3.1
[Qemu-devel] [PULL 74/79] memory: Fix access_with_adjusted_size(small size) on big-endian memory regions
From: Philippe Mathieu-Daudé
Memory regions configured as DEVICE_BIG_ENDIAN (or DEVICE_NATIVE_ENDIAN on
big-endian guest) behave incorrectly when the memory access 'size' is smaller
than the implementation 'access_size'.
In the following code segment from access_with_adjusted_size():
if (memory_region_big_endian(mr)) {
for (i = 0; i < size; i += access_size) {
r |= access_fn(mr, addr + i, value, access_size,
(size - access_size - i) * 8, access_mask, attrs);
}
(size - access_size - i) * 8 is the number of bits that will arithmetic
shift the current value.
Currently we can only 'left' shift a read() access, and 'right' shift a write().
When the access 'size' is smaller than the implementation, we get a negative
number of bits to shift.
For the read() case, a negative 'left' shift is a 'right' shift :)
However since the 'shift' type is unsigned, there is currently no way to
right shift.
Fix this by changing the access_fn() prototype to handle signed shift values,
and modify the memory_region_shift_read|write_access() helpers to correctly
arithmetic shift the opposite direction when the 'shift' value is negative.
Signed-off-by: Philippe Mathieu-Daudé
Message-Id: <20180927002416.1781-4-f4...@amsat.org>
Signed-off-by: Paolo Bonzini
Signed-off-by: Philippe Mathieu-Daudé
---
memory.c | 34 +++---
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/memory.c b/memory.c
index a4d3fa7..b96aec7 100644
--- a/memory.c
+++ b/memory.c
@@ -375,18 +375,30 @@ static void adjust_endianness(MemoryRegion *mr, uint64_t
*data, unsigned size)
}
static inline void memory_region_shift_read_access(uint64_t *value,
- unsigned shift,
+ signed shift,
uint64_t mask,
uint64_t tmp)
{
-*value |= (tmp & mask) << shift;
+if (shift >= 0) {
+*value |= (tmp & mask) << shift;
+} else {
+*value |= (tmp & mask) >> -shift;
+}
}
static inline uint64_t memory_region_shift_write_access(uint64_t *value,
-unsigned shift,
+signed shift,
uint64_t mask)
{
-return (*value >> shift) & mask;
+uint64_t tmp;
+
+if (shift >= 0) {
+tmp = (*value >> shift) & mask;
+} else {
+tmp = (*value << -shift) & mask;
+}
+
+return tmp;
}
static hwaddr memory_region_to_absolute_addr(MemoryRegion *mr, hwaddr offset)
@@ -415,7 +427,7 @@ static MemTxResult
memory_region_oldmmio_read_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
unsigned size,
- unsigned shift,
+ signed shift,
uint64_t mask,
MemTxAttrs attrs)
{
@@ -441,7 +453,7 @@ static MemTxResult
memory_region_read_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
unsigned size,
-unsigned shift,
+signed shift,
uint64_t mask,
MemTxAttrs attrs)
{
@@ -467,7 +479,7 @@ static MemTxResult
memory_region_read_with_attrs_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
unsigned size,
- unsigned shift,
+ signed shift,
uint64_t mask,
MemTxAttrs attrs)
{
@@ -494,7 +506,7 @@ static MemTxResult
memory_region_oldmmio_write_accessor(MemoryRegion *mr,
hwaddr addr,
uint64_t *value,
unsigned size,
-unsigned shift,
+signed shift,
[Qemu-devel] [PULL 55/79] target/i386: unify masking of interrupts
Interrupt handling depends on various flags in env->hflags or env->hflags2,
and the exact detail were not exactly replicated between x86_cpu_has_work
and x86_cpu_exec_interrupt. Create a new function that extracts the
highest-priority non-masked interrupt, and use it in both functions.
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.c| 51 ++-
target/i386/cpu.h| 1 +
target/i386/seg_helper.c | 106 ++-
3 files changed, 91 insertions(+), 67 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index f24295e..c88876d 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5429,20 +5429,51 @@ static void x86_cpu_synchronize_from_tb(CPUState *cs,
TranslationBlock *tb)
cpu->env.eip = tb->pc - tb->cs_base;
}
-static bool x86_cpu_has_work(CPUState *cs)
+int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
{
X86CPU *cpu = X86_CPU(cs);
CPUX86State *env = &cpu->env;
-return ((cs->interrupt_request & (CPU_INTERRUPT_HARD |
- CPU_INTERRUPT_POLL)) &&
-(env->eflags & IF_MASK)) ||
- (cs->interrupt_request & (CPU_INTERRUPT_NMI |
- CPU_INTERRUPT_INIT |
- CPU_INTERRUPT_SIPI |
- CPU_INTERRUPT_MCE)) ||
- ((cs->interrupt_request & CPU_INTERRUPT_SMI) &&
-!(env->hflags & HF_SMM_MASK));
+#if !defined(CONFIG_USER_ONLY)
+if (interrupt_request & CPU_INTERRUPT_POLL) {
+return CPU_INTERRUPT_POLL;
+}
+#endif
+if (interrupt_request & CPU_INTERRUPT_SIPI) {
+return CPU_INTERRUPT_SIPI;
+}
+
+if (env->hflags2 & HF2_GIF_MASK) {
+if ((interrupt_request & CPU_INTERRUPT_SMI) &&
+!(env->hflags & HF_SMM_MASK)) {
+return CPU_INTERRUPT_SMI;
+} else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
+ !(env->hflags2 & HF2_NMI_MASK)) {
+return CPU_INTERRUPT_NMI;
+} else if (interrupt_request & CPU_INTERRUPT_MCE) {
+return CPU_INTERRUPT_MCE;
+} else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
+ (((env->hflags2 & HF2_VINTR_MASK) &&
+ (env->hflags2 & HF2_HIF_MASK)) ||
+(!(env->hflags2 & HF2_VINTR_MASK) &&
+ (env->eflags & IF_MASK &&
+ !(env->hflags & HF_INHIBIT_IRQ_MASK) {
+return CPU_INTERRUPT_HARD;
+#if !defined(CONFIG_USER_ONLY)
+} else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
+ (env->eflags & IF_MASK) &&
+ !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
+return CPU_INTERRUPT_VIRQ;
+#endif
+}
+}
+
+return 0;
+}
+
+static bool x86_cpu_has_work(CPUState *cs)
+{
+return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
}
static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index b572a8e..227a5d9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1485,6 +1485,7 @@ extern struct VMStateDescription vmstate_x86_cpu;
*/
void x86_cpu_do_interrupt(CPUState *cpu);
bool x86_cpu_exec_interrupt(CPUState *cpu, int int_req);
+int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request);
int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cpu,
int cpuid, void *opaque);
diff --git a/target/i386/seg_helper.c b/target/i386/seg_helper.c
index d1cbc6e..ba9cc68 100644
--- a/target/i386/seg_helper.c
+++ b/target/i386/seg_helper.c
@@ -1319,74 +1319,66 @@ bool x86_cpu_exec_interrupt(CPUState *cs, int
interrupt_request)
{
X86CPU *cpu = X86_CPU(cs);
CPUX86State *env = &cpu->env;
-bool ret = false;
+int intno;
+interrupt_request = x86_cpu_pending_interrupt(cs, interrupt_request);
+if (!interrupt_request) {
+return false;
+}
+
+/* Don't process multiple interrupt requests in a single call.
+ * This is required to make icount-driven execution deterministic.
+ */
+switch (interrupt_request) {
#if !defined(CONFIG_USER_ONLY)
-if (interrupt_request & CPU_INTERRUPT_POLL) {
+case CPU_INTERRUPT_POLL:
cs->interrupt_request &= ~CPU_INTERRUPT_POLL;
apic_poll_irq(cpu->apic_state);
-/* Don't process multiple interrupt requests in a single call.
- This is required to make icount-driven execution deterministic. */
-return true;
-}
+break;
#endif
-if (interrupt_request & CPU_INTERRUPT_SIPI) {
+case CPU_INTERRUPT_SIPI:
do_cpu_sipi(cpu);
-ret = true;
-} else if (env->hflags2 & HF2_GIF_MASK) {
-if ((interrupt_request & CPU_INTERRUPT_SMI) &&
-!(env->hflags & HF_SMM_MASK)) {
-cpu_svm_check_intercept_param(env, SVM_EXIT_SMI, 0, 0);
-
[Qemu-devel] virtio-console downgrade the virtio-pci-blk performance
Hi, I found an obvious performance downgrade when virtio-console combined with virtio-pci-blk. This phenomenon exists in nearly all Qemu versions and all Linux (CentOS7, Fedora 28, Ubuntu 18.04) distros. This is a disk cmd: -drive file=iscsi://127.0.0.1:3260/iqn.2016-02.com.test:system:fl-iscsi/1,format=raw,if=none,id=drive-virtio-disk0,cache=none,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1,write-cache=on If I add "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 ", the virtio disk 4k iops (randread/randwrite) would downgrade from 60k to 40k. In VM, if I rmmod virtio-console, the performance will back to normal. Any idea about this issue? I don't know this is a qemu issue or kernel issue. Thanks in advance. -- Thanks and Best Regards, Alex
[Qemu-devel] [PULL 77/79] docs/devel/memory.txt: Document _with_attrs accessors
From: Peter Maydell When we added the _with_attrs accessors we forgot to mention them in the documentation. Signed-off-by: Peter Maydell Message-Id: <20180824170422.5783-4-peter.mayd...@linaro.org> Based-on: <20180802174042.29234-1-peter.mayd...@linaro.org> Signed-off-by: Paolo Bonzini --- docs/devel/memory.txt | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/devel/memory.txt b/docs/devel/memory.txt index 4fff0d5..42577e1 100644 --- a/docs/devel/memory.txt +++ b/docs/devel/memory.txt @@ -326,8 +326,15 @@ visible as the pci-hole alias clips it to a 0.5GB range. MMIO Operations --- -MMIO regions are provided with ->read() and ->write() callbacks; in addition -various constraints can be supplied to control how these callbacks are called: +MMIO regions are provided with ->read() and ->write() callbacks, +which are sufficient for most devices. Some devices change behaviour +based on the attributes used for the memory transaction, or need +to be able to respond that the access should provoke a bus error +rather than completing successfully; those devices can use the +->read_with_attrs() and ->write_with_attrs() callbacks instead. + +In addition various constraints can be supplied to control how these +callbacks are called: - .valid.min_access_size, .valid.max_access_size define the access sizes (in bytes) which the device accepts; accesses outside this range will -- 1.8.3.1
[Qemu-devel] [PULL 68/79] target/i386: fix translation for icount mode
From: Pavel Dovgalyuk
This patch fixes the checking of boundary crossing instructions.
In icount mode only first instruction of the block may cross
the page boundary to keep the translation deterministic.
These conditions already existed, but compared the wrong variable.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20180920071702.22477.43980.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini
---
target/i386/translate.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 8fcd88e..83c1ebe 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -8538,10 +8538,10 @@ static void i386_tr_translate_insn(DisasContextBase
*dcbase, CPUState *cpu)
chance to happen */
dc->base.is_jmp = DISAS_TOO_MANY;
} else if ((tb_cflags(dc->base.tb) & CF_USE_ICOUNT)
- && ((dc->base.pc_next & TARGET_PAGE_MASK)
- != ((dc->base.pc_next + TARGET_MAX_INSN_SIZE - 1)
+ && ((pc_next & TARGET_PAGE_MASK)
+ != ((pc_next + TARGET_MAX_INSN_SIZE - 1)
& TARGET_PAGE_MASK)
- || (dc->base.pc_next & ~TARGET_PAGE_MASK) == 0)) {
+ || (pc_next & ~TARGET_PAGE_MASK) == 0)) {
/* Do not cross the boundary of the pages in icount mode,
it can cause an exception. Do it only when boundary is
crossed by the first instruction in the block.
--
1.8.3.1
[Qemu-devel] [PULL 79/79] hw/scsi/mptendian: Avoid taking address of fields in packed structs
From: Peter Maydell
Taking the address of a field in a packed struct is a bad idea, because
it might not be actually aligned enough for that pointer type (and
thus cause a crash on dereference on some host architectures). Newer
versions of clang warn about this. Avoid the bug by not using the
"modify in place" byte swapping functions.
This patch was produced with the following simple spatch script:
@@
expression E;
@@
-le16_to_cpus(&E);
+E = le16_to_cpu(E);
@@
expression E;
@@
-le32_to_cpus(&E);
+E = le32_to_cpu(E);
@@
expression E;
@@
-le64_to_cpus(&E);
+E = le64_to_cpu(E);
@@
expression E;
@@
-cpu_to_le16s(&E);
+E = cpu_to_le16(E);
@@
expression E;
@@
-cpu_to_le32s(&E);
+E = cpu_to_le32(E);
@@
expression E;
@@
-cpu_to_le64s(&E);
+E = cpu_to_le64(E);
followed by some minor tidying of overlong lines and bad indent.
Signed-off-by: Peter Maydell
Message-Id: <20180927134852.21490-1-peter.mayd...@linaro.org>
Reviewed-by: Fam Zheng
Signed-off-by: Paolo Bonzini
---
hw/scsi/mptendian.c | 163 ++--
1 file changed, 83 insertions(+), 80 deletions(-)
diff --git a/hw/scsi/mptendian.c b/hw/scsi/mptendian.c
index 8ae39a7..79f9973 100644
--- a/hw/scsi/mptendian.c
+++ b/hw/scsi/mptendian.c
@@ -35,152 +35,155 @@
static void mptsas_fix_sgentry_endianness(MPISGEntry *sge)
{
-le32_to_cpus(&sge->FlagsLength);
+sge->FlagsLength = le32_to_cpu(sge->FlagsLength);
if (sge->FlagsLength & MPI_SGE_FLAGS_64_BIT_ADDRESSING) {
- le64_to_cpus(&sge->u.Address64);
+sge->u.Address64 = le64_to_cpu(sge->u.Address64);
} else {
- le32_to_cpus(&sge->u.Address32);
+sge->u.Address32 = le32_to_cpu(sge->u.Address32);
}
}
static void mptsas_fix_sgentry_endianness_reply(MPISGEntry *sge)
{
if (sge->FlagsLength & MPI_SGE_FLAGS_64_BIT_ADDRESSING) {
- cpu_to_le64s(&sge->u.Address64);
+sge->u.Address64 = cpu_to_le64(sge->u.Address64);
} else {
- cpu_to_le32s(&sge->u.Address32);
+sge->u.Address32 = cpu_to_le32(sge->u.Address32);
}
-cpu_to_le32s(&sge->FlagsLength);
+sge->FlagsLength = cpu_to_le32(sge->FlagsLength);
}
void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req)
{
-le32_to_cpus(&req->MsgContext);
-le32_to_cpus(&req->Control);
-le32_to_cpus(&req->DataLength);
-le32_to_cpus(&req->SenseBufferLowAddr);
+req->MsgContext = le32_to_cpu(req->MsgContext);
+req->Control = le32_to_cpu(req->Control);
+req->DataLength = le32_to_cpu(req->DataLength);
+req->SenseBufferLowAddr = le32_to_cpu(req->SenseBufferLowAddr);
}
void mptsas_fix_scsi_io_reply_endianness(MPIMsgSCSIIOReply *reply)
{
-cpu_to_le32s(&reply->MsgContext);
-cpu_to_le16s(&reply->IOCStatus);
-cpu_to_le32s(&reply->IOCLogInfo);
-cpu_to_le32s(&reply->TransferCount);
-cpu_to_le32s(&reply->SenseCount);
-cpu_to_le32s(&reply->ResponseInfo);
-cpu_to_le16s(&reply->TaskTag);
+reply->MsgContext = cpu_to_le32(reply->MsgContext);
+reply->IOCStatus = cpu_to_le16(reply->IOCStatus);
+reply->IOCLogInfo = cpu_to_le32(reply->IOCLogInfo);
+reply->TransferCount = cpu_to_le32(reply->TransferCount);
+reply->SenseCount = cpu_to_le32(reply->SenseCount);
+reply->ResponseInfo = cpu_to_le32(reply->ResponseInfo);
+reply->TaskTag = cpu_to_le16(reply->TaskTag);
}
void mptsas_fix_scsi_task_mgmt_endianness(MPIMsgSCSITaskMgmt *req)
{
-le32_to_cpus(&req->MsgContext);
-le32_to_cpus(&req->TaskMsgContext);
+req->MsgContext = le32_to_cpu(req->MsgContext);
+req->TaskMsgContext = le32_to_cpu(req->TaskMsgContext);
}
void mptsas_fix_scsi_task_mgmt_reply_endianness(MPIMsgSCSITaskMgmtReply *reply)
{
-cpu_to_le32s(&reply->MsgContext);
-cpu_to_le16s(&reply->IOCStatus);
-cpu_to_le32s(&reply->IOCLogInfo);
-cpu_to_le32s(&reply->TerminationCount);
+reply->MsgContext = cpu_to_le32(reply->MsgContext);
+reply->IOCStatus = cpu_to_le16(reply->IOCStatus);
+reply->IOCLogInfo = cpu_to_le32(reply->IOCLogInfo);
+reply->TerminationCount = cpu_to_le32(reply->TerminationCount);
}
void mptsas_fix_ioc_init_endianness(MPIMsgIOCInit *req)
{
-le32_to_cpus(&req->MsgContext);
-le16_to_cpus(&req->ReplyFrameSize);
-le32_to_cpus(&req->HostMfaHighAddr);
-le32_to_cpus(&req->SenseBufferHighAddr);
-le32_to_cpus(&req->ReplyFifoHostSignalingAddr);
+req->MsgContext = le32_to_cpu(req->MsgContext);
+req->ReplyFrameSize = le16_to_cpu(req->ReplyFrameSize);
+req->HostMfaHighAddr = le32_to_cpu(req->HostMfaHighAddr);
+req->SenseBufferHighAddr = le32_to_cpu(req->SenseBufferHighAddr);
+req->ReplyFifoHostSignalingAddr =
+le32_to_cpu(req->ReplyFifoHostSignalingAddr);
mptsas_fix_sgentry_endianness(&req->HostPageBufferSGE);
-le16_to_cpus(&req->MsgVersion);
-le16_to_cpus(&req->HeaderVersion);
+req->MsgVersion = le16_to_cpu(req->MsgVersion);
+req->HeaderVersion = le16_to_cpu(req->HeaderVersion);
}
[Qemu-devel] [PATCH v6 00/25] Fixing record/replay and adding reverse debugging
Feature still broken :( Brief description of my tests. Guest image is Linux, which just powers off after kernel boots (instead of proceeding to user-space /init or /sbin/init). Base cmdline: qemu-system-x86_64 -nodefaults -machine pc,accel=tcg -m 2048 -cpu qemu64 -rtc clock=vm,base=2000-01-01T00:00:00 -kernel bzImage -initrd rootfs -append 'nokaslr console=ttyS0 rdinit=/init_poweroff' -nographic -serial SERIAL_VALUE -icount 1,sleep=off,rr=RR_VALUE,rrfile=icount_rr_capture.bin Test 1. When SERIAL_VALUE=none Running with RR_VALUE=record completes successfully. Running with RR_VALUE=replay doesn't completes. qemu process just eating ~100% cpu and memory usage doesn't grow after some moment. I don't see what happens because of problem no.2 (see below). Test 2. When SERIAL_VALUE=stdio Running with RR_VALUE=record completes successfully. Running with RR_VALUE=replay caues exit with error: "qemu-system-x86_64: Missing character write event in the replay log" These problems are same with qemu 2.12 (both vanilla and with previous versions of these patches applied). Furthemore, I consider whole icount mode broken and determinism isn't achievable. The irony is that I actually don't need record/replay feature. I've tried to use it only as instrument to debug failing determinism in qemu code. But since replay/record feature itself relies on determinism, which is broken, it's no wonder why it fails also (I just hoped to bypass it). Contact me if you need more details. I just tired a lot trying to get all these things working... Hope is leaving me... -- С уважением, Артем Писаренко
Re: [Qemu-devel] [Query] Live Migration between machines with different processor ids
> On 05-Sep-2018, at 6:11 PM, Jaggi, Manish wrote:
>
>
>
>> On 05-Sep-2018, at 5:50 PM, Andrew Jones wrote:
>>
>> External Email
>>
>> On Wed, Sep 05, 2018 at 11:46:11AM +, Jaggi, Manish wrote:
>>> (a) Changes in KVM:
>>>
>>> - Introducing a specific error code (KVM_EINVARIANT) in case of invariant
>>> writes.
>>> This should not change anything to API SET_ONE_REG KVM API.
>>> Not sure which is the best place to put the define…
>>> I have added in include/uapi/linux/kvm_para.h.
>>>
>>> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
>>> index 22fbbdbece3c..c8a4fbe8a8bb 100644
>>> --- a/arch/arm64/kvm/sys_regs.c
>>> +++ b/arch/arm64/kvm/sys_regs.c
>>> @@ -,7 +,7 @@ static int __set_id_reg(const struct sys_reg_desc
>>> *rd, void __user *uaddr,
>>>
>>> /* This is what we mean by invariant: you can't change it. */
>>> if (val != read_id_reg(rd, raz))
>>> - return -EINVAL;
>>> + return -KVM_EINVARIANT;
>>>
>>> return 0;
>>> }
>>> diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h
>>> index 6c0ce49931e5..3a49a321d0df 100644
>>> --- a/include/uapi/linux/kvm_para.h
>>> +++ b/include/uapi/linux/kvm_para.h
>>> @@ -17,6 +17,7 @@
>>> #define KVM_E2BIG E2BIG
>>> #define KVM_EPERM EPERM
>>> #define KVM_EOPNOTSUPP 95
>>> +#define KVM_EINVARIANT 96
>>>
>>> #define KVM_HC_VAPIC_POLL_IRQ 1
>>> #define KVM_HC_MMU_OP 2
>>>
>>> (b) Changes in Qemu code
>>>
>>> 1. Handling of new error code, which would update
>>> guest state with hosts invariant reg values.
>>>
>>> diff --git a/target/arm/kvm.c b/target/arm/kvm.c
>>> index 65f867d569..0cf14323a2 100644
>>> --- a/target/arm/kvm.c
>>> +++ b/target/arm/kvm.c
>>> @@ -452,7 +452,15 @@ bool write_list_to_kvmstate(ARMCPU *cpu, int level)
>>>abort();
>>>}
>>>ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &r);
>>> -if (ret) {
>>> +if (ignore_invariant && (ret == -KVM_EINVARIANT)) {
>>> +/* Update Guest invariant to match with migrated host regs*/
>>> +ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &r);
>>> +if (ret)
>>> +ok = false;
>>> +else
>>> +cpu->cpreg_values[i] = r.addr;
>>> +}
>>> +else if (ret) {
>>>/* We might fail for "unknown register" and also for
>>> * "you tried to set a register which is constant with
>>> * a different value from what it actually contains".
>>>
>>> 2. ignore_invariant is the flag I was referring to which is what you also
>>> mentioned opt-in. This can be supplied as a command line parameter to qemu
>>> on Machine B.
>>
>> The same libvirt folk also suggest that a QMP command be provided that
>> allows the selection of this ignore-invariant mode (in addition to or
>> instead of the command line parameter.) Otherwise a guest that has
>> already started without the parameter will not be able to migrate to
>> a "close enough” host
>
> ignore_invariant: This can be supplied as a command line parameter to qemu on
> Machine B.
> Machine A VM has to be migrated to B.
>
>> - even if it's decided later that it would be OK
>> to do so.
>>
>>>
>>> PS: I will add code to put warning logs as suggested by Dave.
>>
>> Yeah, I like that idea too.
>>
>> This approach looks good to me. Let's see what maintainers say when they
>> see the patch submission.
The patch was submiited to the list.
Please have a look
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03546.html
>
> Cool. Thanks.
>>
>> Thanks,
>> drew
Re: [Qemu-devel] [PATCH v4 03/24] pc-dimm: pass PCDIMMDevice to pc_dimm_.*plug
Hi David,
On 9/26/18 11:41 AM, David Hildenbrand wrote:
> We're plugging/unplugging a PCDIMMDevice, so directly pass this type
> instead of a more generic DeviceState.
>
> Signed-off-by: David Hildenbrand
Reviewed-by: Eric Auger
Thanks
Eric
> ---
> hw/i386/pc.c | 6 +++---
> hw/mem/pc-dimm.c | 16 +++-
> hw/ppc/spapr.c | 8
> include/hw/mem/pc-dimm.h | 6 +++---
> 4 files changed, 17 insertions(+), 19 deletions(-)
>
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 03148450c8..86c16f9aaf 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1699,7 +1699,7 @@ static void pc_memory_pre_plug(HotplugHandler
> *hotplug_dev, DeviceState *dev,
> return;
> }
>
> -pc_dimm_pre_plug(dev, MACHINE(hotplug_dev),
> +pc_dimm_pre_plug(PC_DIMM(dev), MACHINE(hotplug_dev),
> pcmc->enforce_aligned_dimm ? NULL : &legacy_align,
> errp);
> }
>
> @@ -1711,7 +1711,7 @@ static void pc_memory_plug(HotplugHandler *hotplug_dev,
> PCMachineState *pcms = PC_MACHINE(hotplug_dev);
> bool is_nvdimm = object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM);
>
> -pc_dimm_plug(dev, MACHINE(pcms), &local_err);
> +pc_dimm_plug(PC_DIMM(dev), MACHINE(pcms), &local_err);
> if (local_err) {
> goto out;
> }
> @@ -1771,7 +1771,7 @@ static void pc_memory_unplug(HotplugHandler
> *hotplug_dev,
> goto out;
> }
>
> -pc_dimm_unplug(dev, MACHINE(pcms));
> +pc_dimm_unplug(PC_DIMM(dev), MACHINE(pcms));
> object_unparent(OBJECT(dev));
>
> out:
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index fb6bcaedc4..2375eb2731 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -29,11 +29,11 @@
>
> static int pc_dimm_get_free_slot(const int *hint, int max_slots, Error
> **errp);
>
> -void pc_dimm_pre_plug(DeviceState *dev, MachineState *machine,
> +void pc_dimm_pre_plug(PCDIMMDevice *dimm, MachineState *machine,
>const uint64_t *legacy_align, Error **errp)
> {
> -PCDIMMDevice *dimm = PC_DIMM(dev);
> PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
> +DeviceState *dev = DEVICE(dimm);
> Error *local_err = NULL;
> MemoryRegion *mr;
> uint64_t addr, align;
> @@ -69,32 +69,30 @@ out:
> error_propagate(errp, local_err);
> }
>
> -void pc_dimm_plug(DeviceState *dev, MachineState *machine, Error **errp)
> +void pc_dimm_plug(PCDIMMDevice *dimm, MachineState *machine, Error **errp)
> {
> -PCDIMMDevice *dimm = PC_DIMM(dev);
> PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
> MemoryRegion *vmstate_mr = ddc->get_vmstate_memory_region(dimm,
>&error_abort);
> MemoryRegion *mr = ddc->get_memory_region(dimm, &error_abort);
> uint64_t addr;
>
> -addr = object_property_get_uint(OBJECT(dev), PC_DIMM_ADDR_PROP,
> +addr = object_property_get_uint(OBJECT(dimm), PC_DIMM_ADDR_PROP,
> &error_abort);
>
> memory_device_plug_region(machine, mr, addr);
> -vmstate_register_ram(vmstate_mr, dev);
> +vmstate_register_ram(vmstate_mr, DEVICE(dimm));
> }
>
> -void pc_dimm_unplug(DeviceState *dev, MachineState *machine)
> +void pc_dimm_unplug(PCDIMMDevice *dimm, MachineState *machine)
> {
> -PCDIMMDevice *dimm = PC_DIMM(dev);
> PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
> MemoryRegion *vmstate_mr = ddc->get_vmstate_memory_region(dimm,
>&error_abort);
> MemoryRegion *mr = ddc->get_memory_region(dimm, &error_abort);
>
> memory_device_unplug_region(machine, mr);
> -vmstate_unregister_ram(vmstate_mr, dev);
> +vmstate_unregister_ram(vmstate_mr, DEVICE(dimm));
> }
>
> static int pc_dimm_slot2bitmap(Object *obj, void *opaque)
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 98868d893a..c078347b66 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -3135,7 +3135,7 @@ static void spapr_memory_plug(HotplugHandler
> *hotplug_dev, DeviceState *dev,
>
> size = memory_region_size(mr);
>
> -pc_dimm_plug(dev, MACHINE(ms), &local_err);
> +pc_dimm_plug(dimm, MACHINE(ms), &local_err);
> if (local_err) {
> goto out;
> }
> @@ -3158,7 +3158,7 @@ static void spapr_memory_plug(HotplugHandler
> *hotplug_dev, DeviceState *dev,
> return;
>
> out_unplug:
> -pc_dimm_unplug(dev, MACHINE(ms));
> +pc_dimm_unplug(dimm, MACHINE(ms));
> out:
> error_propagate(errp, local_err);
> }
> @@ -3202,7 +3202,7 @@ static void spapr_memory_pre_plug(HotplugHandler
> *hotplug_dev, DeviceState *dev,
> return;
> }
>
> -pc_dimm_pre_plug(dev, MACHINE(hotplug_dev), NULL, errp);
> +pc_dimm_pre_plug(dimm, MACHINE(hotplug_dev), NULL, errp);
> }
>
> struct sPAPRDIMMState {
> @@ -3314,7 +3314,7 @@ static void spapr_memory_unplug(HotplugHandler
>
Re: [Qemu-devel] [PATCH v4 07/24] memory-device: forward errors in get_region_size()/get_plugged_size()
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> Let's properly forward the errors, so errors from get_region_size() /
> get_plugged_size() can be handled.
>
> Users right now call both functions after the device has been realized,
> which is will never fail, so it is fine to continue using error_abort.
>
> While at it, remove a leftover error check (suggedted by Igor).
suggested
>
> Reviewed-by: David Gibson
> Reviewed-by: Igor Mammedov
> Signed-off-by: David Hildenbrand
Reviewed-by: Eric Auger
Thanks
Eric
> ---
> hw/mem/memory-device.c | 9 +++--
> hw/mem/pc-dimm.c | 5 +++--
> include/hw/mem/memory-device.h | 4 ++--
> 3 files changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
> index f7013d1456..e935681438 100644
> --- a/hw/mem/memory-device.c
> +++ b/hw/mem/memory-device.c
> @@ -60,7 +60,7 @@ static int memory_device_used_region_size(Object *obj, void
> *opaque)
> const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(obj);
>
> if (dev->realized) {
> -*size += mdc->get_region_size(md);
> +*size += mdc->get_region_size(md, &error_abort);
> }
> }
>
> @@ -169,10 +169,7 @@ uint64_t memory_device_get_free_addr(MachineState *ms,
> const uint64_t *hint,
> uint64_t md_size, md_addr;
>
> md_addr = mdc->get_addr(md);
> -md_size = mdc->get_region_size(md);
> -if (*errp) {
> -goto out;
> -}
> +md_size = mdc->get_region_size(md, &error_abort);
>
> if (ranges_overlap(md_addr, md_size, new_addr, size)) {
> if (hint) {
> @@ -236,7 +233,7 @@ static int memory_device_plugged_size(Object *obj, void
> *opaque)
> const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(obj);
>
> if (dev->realized) {
> -*size += mdc->get_plugged_size(md);
> +*size += mdc->get_plugged_size(md, &error_abort);
> }
> }
>
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index 2375eb2731..c948d57c63 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -234,14 +234,15 @@ static uint64_t pc_dimm_md_get_addr(const
> MemoryDeviceState *md)
> return dimm->addr;
> }
>
> -static uint64_t pc_dimm_md_get_region_size(const MemoryDeviceState *md)
> +static uint64_t pc_dimm_md_get_region_size(const MemoryDeviceState *md,
> + Error **errp)
> {
> /* dropping const here is fine as we don't touch the memory region */
> PCDIMMDevice *dimm = PC_DIMM(md);
> const PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(md);
> MemoryRegion *mr;
>
> -mr = ddc->get_memory_region(dimm, &error_abort);
> +mr = ddc->get_memory_region(dimm, errp);
> if (!mr) {
> return 0;
> }
> diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
> index 2853b084b5..f02b229837 100644
> --- a/include/hw/mem/memory-device.h
> +++ b/include/hw/mem/memory-device.h
> @@ -33,8 +33,8 @@ typedef struct MemoryDeviceClass {
> InterfaceClass parent_class;
>
> uint64_t (*get_addr)(const MemoryDeviceState *md);
> -uint64_t (*get_plugged_size)(const MemoryDeviceState *md);
> -uint64_t (*get_region_size)(const MemoryDeviceState *md);
> +uint64_t (*get_plugged_size)(const MemoryDeviceState *md, Error **errp);
> +uint64_t (*get_region_size)(const MemoryDeviceState *md, Error **errp);
> void (*fill_device_info)(const MemoryDeviceState *md,
> MemoryDeviceInfo *info);
> } MemoryDeviceClass;
>
Re: [Qemu-devel] [PATCH v4 08/24] memory-device: document MemoryDeviceClass
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> Document the functions and when to not expect errors.
>
> Reviewed-by: David Gibson
> Signed-off-by: David Hildenbrand
> ---
> include/hw/mem/memory-device.h | 16
> 1 file changed, 16 insertions(+)
>
> diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
> index f02b229837..1d15cfc357 100644
> --- a/include/hw/mem/memory-device.h
> +++ b/include/hw/mem/memory-device.h
> @@ -29,9 +29,25 @@ typedef struct MemoryDeviceState {
> Object parent_obj;
> } MemoryDeviceState;
>
> +/**> + * MemoryDeviceClass:
> + * @get_addr: The address of the @md in guest physical memory. "0" means that
> + * no address has been specified by the user and that no address has been
> + * assigned yet.
> + * @get_plugged_size: The amount of memory provided by this @md currently
> + * usable ("plugged") by the guest. This is helpful for devices that
> + * dynamically manage the amount of memory accessible by the guest via
> + * the reserved memory region. For most devices, this corresponds to the
> + * size of the memory region.
> + * @get_region_size: The size of the memory region of the @md that's mapped
> + * in guest physical memory at @get_addr.
> + * @fill_device_info: Translate current @md state into #MemoryDeviceInfo.
I think it may be relevant to document whether all those functions are
mandated or if any are optional.
With respect to the form, you could get inspired of
include/exec/memory.h (see for instance IOMMUMemoryRegionClass doc)
Thanks
Eric
> + */
> typedef struct MemoryDeviceClass {
> +/* private */
> InterfaceClass parent_class;
>
> +/* public */
> uint64_t (*get_addr)(const MemoryDeviceState *md);
> uint64_t (*get_plugged_size)(const MemoryDeviceState *md, Error **errp);
> uint64_t (*get_region_size)(const MemoryDeviceState *md, Error **errp);
>
Re: [Qemu-devel] [PULL 00/79] Misc QEMU patches for 2018-09-30
Hi Paolo, Peter. On 9/30/18 10:11 AM, Paolo Bonzini wrote: > The following changes since commit 042938f46e1c477419d1931381fdadffaa49d45e: > > Merge remote-tracking branch > 'remotes/dgilbert/tags/pull-migration-20180926a' into staging (2018-09-28 > 17:07:23 +0100) > > are available in the git repository at: > > > git://github.com/bonzini/qemu.git tags/for-upstream > > for you to fetch changes up to 54b570779677ff8620a79ed81ddf0906b1d23f4e: > > hw/scsi/mptendian: Avoid taking address of fields in packed structs > (2018-09-30 10:08:28 +0200) > > > * configure fix for environment variables (Daniel) > * fix memory leaks (Alex) > * x86_64 MTTCG (Emilio) > * introduce atomic64 (Emilio) > * Fix for virtio hang (Fam, myself) > * SH serial port fix (Geert) > * Deprecate rotation_rate for scsi-block (Fam) > * Extend memory-backend-file availability to all POSIX hosts (Hikaru) > * Memory API cleanups and fixes (Igor, Li Qiang, Peter, Philippe) > * MSI/IOMMU fix (Jan) > * Socket reconnection fixes (Marc-André) > * icount fixes (Emilio, myself) > * QSP fixes for Coverity (myself) > * Some record/replay improovements (Pavel) > * Packed struct fixes (Peter) > * Windows dump fixes and elf2dmp (Viktor) > * kbmclock fix (Yongji) Paolo, thanks for queuing all of this, however I note some UTF-8 issues. Alex got lucky: Signed-off-by: Alex Bennée But Marc-André and myself have: Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Marc-André Lureau Peter, could you add a merge check regex for the most common X-by: failures? Thanks, Phil. > > Alex Bennée (1): > cpus: fix TCG kick timer leak > > Daniel P. Berrangé (1): > configure: preserve various environment variables in config.status > > Emilio G. Cota (22): > atomic: fix comment s/x64_64/x86_64/ > cpus: initialize timers_state.vm_clock_lock > cacheinfo: add i/d cache_linesize_log > util: add atomic64 > tests: add atomic64-bench > qsp: use atomic64 accessors > test-rcu-list: access n_reclaims and n_nodes_removed with atomic64 > cpus: access .qemu_icount with atomic64 > cpus: access .qemu_icount_bias with atomic64 > target/i386: move cpu_cc_srcT to DisasContext > target/i386: move cpu_A0 to DisasContext > target/i386: move cpu_T0 to DisasContext > target/i386: move cpu_T1 to DisasContext > target/i386: move cpu_tmp0 to DisasContext > target/i386: move cpu_tmp4 to DisasContext > target/i386: move cpu_ptr0 to DisasContext > target/i386: move cpu_ptr1 to DisasContext > target/i386: move cpu_tmp2_i32 to DisasContext > target/i386: move cpu_tmp3_i32 to DisasContext > target/i386: move cpu_tmp1_i64 to DisasContext > target/i386: move x86_64_hregs to DisasContext > configure: enable mttcg for i386 and x86_64 > > Fam Zheng (2): > virtio: Return true from virtio_queue_empty if broken > scsi-block: Deprecate rotation_rate > > Geert Uytterhoeven (1): > hw/char/sh_serial: Add timeout handling to unbreak serial input > > Hikaru Nishida (1): > hostmem-file: make available memory-backend-file on POSIX-based hosts > > Igor Mammedov (1): > memory: cleanup side effects of memory_region_init_foo() on failure > > Jan Kiszka (1): > kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case > > Li Qiang (5): > fw_cfg_mem: add read memory region callback > hw: debugexit: add read callback > hw: pc-testdev: add read memory region callback > hw: hyperv_testdev: add read callback > hw: edu: replace device name with macro > > Li Zhijian (1): > change get_image_size return type to int64_t > > Liran Alon (1): > i386: Compile CPUX86State xsave_buf only when support KVM or HVF > > Marc-André Lureau (9): > hostmem-memfd: add checks before adding hostmem-memfd & properties > util: add qemu_write_pidfile() > util: use fcntl() for qemu_write_pidfile() locking > Delete PID file on exit > Revert "chardev: tcp: postpone TLS work until machine done" > Revert "chardev: tcp: postpone async connection setup" > char-socket: update all ioc handlers when changing context > test-char: add socket reconnect test > qom/object: add some interface asserts > > Mark Cave-Ayland (1): > lsi53c895a: convert to trace-events > > Paolo Bonzini (9): > qsp: hide indirect function calls from Coverity > es1370: fix ADC_FRAMEADR and ADC_FRAMECNT > cpus: take seqlock across qemu_icount updates > serial: fix DLL writes > char-pty: remove unnecessary #ifdef > target/i386: unify masking of interrupts > target/i386: rename HF_SVMI_MASK to HF_GUEST_MASK > hvf: drop unused variable > virtio: do not take address of packed members > > Pavel Dovga
Re: [Qemu-devel] [PULL 00/79] Misc QEMU patches for 2018-09-30
On 30 September 2018 at 15:54, Philippe Mathieu-Daudé wrote: > Paolo, thanks for queuing all of this, however I note some UTF-8 issues. > > Alex got lucky: > > Signed-off-by: Alex Bennée > > But Marc-André and myself have: > > Signed-off-by: Philippe Mathieu-Daudé > Signed-off-by: Marc-André Lureau > > Peter, could you add a merge check regex for the most common X-by: failures? I don't object to adding a check, but it's more likely to happen if you have a suitable fragment of shell script I can drop into https://git.linaro.org/people/peter.maydell/misc-scripts.git/tree/apply-pullreq thanks -- PMM
Re: [Qemu-devel] [PATCH v6 7/7] elf: Toshiba/Sony rather than MIPS are the implementors of the R5900
On 9/15/18 12:28 PM, Fredrik Noring wrote: > Sources [1][2] indicate that the Emotion Engine was designed by Toshiba > and licensed to Sony. Others [3][4][5] claim it was a joint effort. It > therefore makes sense to refer to the CPU as "Toshiba/Sony R5900". > > [1] > http://cs.nyu.edu/courses/spring02/V22.0480-002/projects/aldrich/emotionengine.ppt > [2] http://archive.arstechnica.com/reviews/1q00/playstation2/m-ee-3.html > [3] > http://docencia.ac.upc.edu/ETSETB/SEGPAR/microprocessors/emotionengine%20(mpr).pdf > [4] http://www.eetimes.com/document.asp?doc_id=1144055 > [5] https://www.toshiba.co.jp/about/press/2001_09/pr2701.htm IMHO for minor changes in the descriptions, there is no need to reset the R-b tag. > Reported-by: Maciej W. Rozycki > Signed-off-by: Fredrik Noring Reviewed-by: Philippe Mathieu-Daudé > --- > include/elf.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/elf.h b/include/elf.h > index 312f68af81..2510fc7be4 100644 > --- a/include/elf.h > +++ b/include/elf.h > @@ -76,7 +76,7 @@ typedef int64_t Elf64_Sxword; > #define EF_MIPS_MACH_OCTEON2 0x008d /* Cavium Networks Octeon2 > */ > #define EF_MIPS_MACH_OCTEON3 0x008e /* Cavium Networks Octeon3 > */ > #define EF_MIPS_MACH_5400 0x0091 /* NEC VR5400 > */ > -#define EF_MIPS_MACH_5900 0x0092 /* MIPS R5900 > */ > +#define EF_MIPS_MACH_5900 0x0092 /* Toshiba/Sony R5900 > */ > #define EF_MIPS_MACH_5500 0x0098 /* NEC VR5500 > */ > #define EF_MIPS_MACH_9000 0x0099 /* PMC-Sierra's RM9000 > */ > #define EF_MIPS_MACH_LS2E 0x00a0 /* ST Microelectronics Loongson 2E > */ >
Re: [Qemu-devel] [PATCH v6 4/7] target/mips: R5900 DMULT[U], DDIV[U], LL[D] and SC[D] are user only
On 9/16/18 5:13 PM, Fredrik Noring wrote:
> The Linux kernel traps certain reserved instruction exceptions to
> emulate the corresponding instructions. QEMU is the kernel in user
> mode, so those traps are emulated by accepting the instructions.
>
> This change adds the function check_insn_opc_user_only to signal a
> reserved instruction exception for flagged CPUs in QEMU system mode.
>
> The MIPS III instructions DMULT[U], DDIV[U], LL[D] and SC[D] are not
> implemented in R5900 hardware. They are trapped and emulated by the
> Linux kernel and, accordingly, therefore QEMU user only instructions.
>
> Signed-off-by: Fredrik Noring
> ---
> target/mips/translate.c | 23 ++-
> 1 file changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index 0c445c11c5..5a5021fe36 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -1887,6 +1887,21 @@ static inline void check_insn_opc_removed(DisasContext
> *ctx, int flags)
> }
> }
>
> +/*
> + * The Linux kernel traps certain reserved instruction exceptions to
> + * emulate the corresponding instructions. QEMU is the kernel in user
> + * mode, so those traps are emulated by accepting the instructions.
> + *
> + * A reserved instruction exception is generated for flagged CPUs if
> + * QEMU runs in system mode.
> + */
> +static inline void check_insn_opc_user_only(DisasContext *ctx, int flags)
> +{
> +#ifndef CONFIG_USER_ONLY
> +check_insn_opc_removed(ctx, flags);
> +#endif
> +}
> +
> /* This code generates a "reserved instruction" exception if the
> CPU does not support 64-bit paired-single (PS) floating point data type */
> static inline void check_ps(DisasContext *ctx)
> @@ -22465,6 +22480,7 @@ static void decode_opc_special_legacy(CPUMIPSState
> *env, DisasContext *ctx)
Expanding the diff context for easier review:
#if defined(TARGET_MIPS64)
case OPC_DMULT:
case OPC_DMULTU:
> case OPC_DDIV:
> case OPC_DDIVU:
> check_insn(ctx, ISA_MIPS3);
> +check_insn_opc_user_only(ctx, INSN_R5900);
> check_mips_64(ctx);
> gen_muldiv(ctx, op1, 0, rs, rt);
> break;
> @@ -24968,6 +24984,7 @@ static void decode_opc(CPUMIPSState *env,
> DisasContext *ctx)
> break;
> case OPC_LL: /* Load and stores */
> check_insn(ctx, ISA_MIPS2);
> +check_insn_opc_user_only(ctx, INSN_R5900);
> /* Fallthrough */
> case OPC_LWL:
> case OPC_LWR:
> @@ -24993,6 +25010,7 @@ static void decode_opc(CPUMIPSState *env,
> DisasContext *ctx)
> case OPC_SC:
> check_insn(ctx, ISA_MIPS2);
> check_insn_opc_removed(ctx, ISA_MIPS32R6);
> +check_insn_opc_user_only(ctx, INSN_R5900);
> gen_st_cond(ctx, op, rt, rs, imm);
> break;
> case OPC_CACHE:
> @@ -25259,9 +25277,11 @@ static void decode_opc(CPUMIPSState *env,
> DisasContext *ctx)
>
> #if defined(TARGET_MIPS64)
> /* MIPS64 opcodes */
> +case OPC_LLD:
> +check_insn_opc_user_only(ctx, INSN_R5900);
> +/* fall through */
> case OPC_LDL:
> case OPC_LDR:
> -case OPC_LLD:
> check_insn_opc_removed(ctx, ISA_MIPS32R6);
> /* fall through */
> case OPC_LWU:
> @@ -25282,6 +25302,7 @@ static void decode_opc(CPUMIPSState *env,
> DisasContext *ctx)
> case OPC_SCD:
> check_insn_opc_removed(ctx, ISA_MIPS32R6);
> check_insn(ctx, ISA_MIPS3);
> +check_insn_opc_user_only(ctx, INSN_R5900);
> check_mips_64(ctx);
> gen_st_cond(ctx, op, rt, rs, imm);
> break;
>
Reviewed-by: Philippe Mathieu-Daudé
Re: [Qemu-devel] [PATCH v6 6/7] linux-user/mips: Recognise the R5900 CPU model
On 9/15/18 11:08 AM, Fredrik Noring wrote:
> This kind of ELF for the R5900 relies on an IEEE 754-1985 compliant FPU.
> The R5900 FPU hardware is noncompliant and it is therefore emulated in
> software by the Linux kernel. QEMU emulates a compliant FPU accordingly.
>
> Signed-off-by: Fredrik Noring
Reviewed-by: Philippe Mathieu-Daudé
> ---
> linux-user/mips/target_elf.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/linux-user/mips/target_elf.h b/linux-user/mips/target_elf.h
> index fa5d30bf99..a98c9bd6ad 100644
> --- a/linux-user/mips/target_elf.h
> +++ b/linux-user/mips/target_elf.h
> @@ -12,6 +12,9 @@ static inline const char *cpu_get_model(uint32_t eflags)
> if ((eflags & EF_MIPS_ARCH) == EF_MIPS_ARCH_32R6) {
> return "mips32r6-generic";
> }
> +if ((eflags & EF_MIPS_MACH) == EF_MIPS_MACH_5900) {
> +return "R5900";
> +}
> return "24Kf";
> }
> #endif
>
Re: [Qemu-devel] [PATCH v6 3/7] target/mips: Support R5900 instructions MOVN, MOVZ and PREF from MIPS IV
On 9/15/18 10:43 AM, Fredrik Noring wrote: > The R5900 is taken to be MIPS III with certain modifications. From > MIPS IV it implements the instructions MOVN, MOVZ and PREF. Again, you can keep R-b tag for simple rewording. > > Signed-off-by: Fredrik Noring Reviewed-by: Philippe Mathieu-Daudé > --- > target/mips/translate.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/target/mips/translate.c b/target/mips/translate.c > index 7e18ec0d03..0c445c11c5 100644 > --- a/target/mips/translate.c > +++ b/target/mips/translate.c > @@ -22422,7 +22422,7 @@ static void decode_opc_special_legacy(CPUMIPSState > *env, DisasContext *ctx) > case OPC_MOVN: /* Conditional move */ > case OPC_MOVZ: > check_insn(ctx, ISA_MIPS4 | ISA_MIPS32 | > - INSN_LOONGSON2E | INSN_LOONGSON2F); > + INSN_LOONGSON2E | INSN_LOONGSON2F | INSN_R5900); > gen_cond_move(ctx, op1, rd, rs, rt); > break; > case OPC_MFHI: /* Move from HI/LO */ > @@ -25006,7 +25006,8 @@ static void decode_opc(CPUMIPSState *env, > DisasContext *ctx) > break; > case OPC_PREF: > check_insn_opc_removed(ctx, ISA_MIPS32R6); > -check_insn(ctx, ISA_MIPS4 | ISA_MIPS32); > +check_insn(ctx, ISA_MIPS4 | ISA_MIPS32 | > + INSN_R5900); > /* Treat as NOP. */ > break; > >
Re: [Qemu-devel] [PATCH v6 1/7] target/mips: Define R5900 instructions and CPU preprocessor constants
On 9/7/18 7:43 PM, Fredrik Noring wrote: > The R5900 implements the 64-bit MIPS III instruction set except DMULT, > DMULTU, DDIV, DDIVU, LL, SC, LLD and SCD. The MIPS IV instructions MOVN, > MOVZ and PREF are implemented. It has the R5900 specific three-operand > instructions MADD, MADDU, MULT and MULTU as well as pipeline 1 versions > MULT1, MULTU1, DIV1, DIVU1, MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and > MTLO1. A set of 93 128-bit multimedia instructions specific to the > R5900 is also implemented. > > The Toshiba TX System RISC TX79 Core Architecture manual > > http://www.lukasz.dk/files/tx79architecture.pdf > > describes the C790 processor that is a follow-up to the R5900. There > are a few notable differences in that the R5900 FPU > > - is not IEEE 754-1985 compliant, > - does not implement double format, and > - its machine code is nonstandard. > > Signed-off-by: Fredrik Noring Reviewed-by: Philippe Mathieu-Daudé > --- > target/mips/mips-defs.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/target/mips/mips-defs.h b/target/mips/mips-defs.h > index c8e99791ad..76550de2da 100644 > --- a/target/mips/mips-defs.h > +++ b/target/mips/mips-defs.h > @@ -53,6 +53,7 @@ > #define ASE_MSA 0x0100 > > /* Chip specific instructions. */ > +#define INSN_R5900 0x1000 > #define INSN_LOONGSON2E 0x2000 > #define INSN_LOONGSON2F 0x4000 > #define INSN_VR54XX 0x8000 > @@ -63,6 +64,7 @@ > #define CPU_MIPS3 (CPU_MIPS2 | ISA_MIPS3) > #define CPU_MIPS4 (CPU_MIPS3 | ISA_MIPS4) > #define CPU_VR54XX (CPU_MIPS4 | INSN_VR54XX) > +#define CPU_R5900 (CPU_MIPS3 | INSN_R5900) > #define CPU_LOONGSON2E (CPU_MIPS3 | INSN_LOONGSON2E) > #define CPU_LOONGSON2F (CPU_MIPS3 | INSN_LOONGSON2F) > >
Re: [Qemu-devel] [PATCH v4 12/24] memory-device: add device class function set_addr()
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> To be able to factor out address asignment of memory devices, we will
s/asignment/assignment
> have to read (get_addr()) and write (set_addr()) the address.
>
> We can't use properties for this purpose, as properties are device
> specific. E.g. while the address property for a DIMM is called "addr", it
> might be called differently (e.g. "memaddr") for other devices.
>
> Especially virtio based memory devices cannot use "addr" as that is already
> reserved and used for the address on the bus (for the proxy device).
>
> Also, it might be possible to have memory devices without address
> properties (e.g. internal DIMM-like thingies).
>
> In contrast to get_addr(), we expect that set_addr() can fail.
>
> Keep it simple for now for pc-dimm and simply set the static property, that
> will fail once realized.
>
> Reviewed-by: David Gibson
> Reviewed-by: Igor Mammedov
> Signed-off-by: David Hildenbrand
Reviewed-by: Eric Auger
Thanks
Eric
> ---
> hw/mem/pc-dimm.c | 7 +++
> include/hw/mem/memory-device.h | 2 ++
> 2 files changed, 9 insertions(+)
>
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index 4bd8c496bb..5873172175 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -236,6 +236,12 @@ static uint64_t pc_dimm_md_get_addr(const
> MemoryDeviceState *md)
> return dimm->addr;
> }
>
> +static void pc_dimm_md_set_addr(MemoryDeviceState *md, uint64_t addr,
> +Error **errp)
> +{
> +object_property_set_uint(OBJECT(md), addr, PC_DIMM_ADDR_PROP, errp);
> +}
> +
> static MemoryRegion *pc_dimm_md_get_memory_region(MemoryDeviceState *md,
>Error **errp)
> {
> @@ -286,6 +292,7 @@ static void pc_dimm_class_init(ObjectClass *oc, void
> *data)
> ddc->get_vmstate_memory_region = pc_dimm_get_memory_region;
>
> mdc->get_addr = pc_dimm_md_get_addr;
> +mdc->set_addr = pc_dimm_md_set_addr;
> /* for a dimm plugged_size == region_size */
> mdc->get_plugged_size = memory_device_get_region_size;
> mdc->get_memory_region = pc_dimm_md_get_memory_region;
> diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
> index 642797655f..6395942b27 100644
> --- a/include/hw/mem/memory-device.h
> +++ b/include/hw/mem/memory-device.h
> @@ -34,6 +34,7 @@ typedef struct MemoryDeviceState {
> * @get_addr: The address of the @md in guest physical memory. "0" means that
> * no address has been specified by the user and that no address has been
> * assigned yet.
> + * @set_addr: Set the address of the @md in guest physical memory.
> * @get_plugged_size: The amount of memory provided by this @md currently
> * usable ("plugged") by the guest. This is helpful for devices that
> * dynamically manage the amount of memory accessible by the guest via
> @@ -51,6 +52,7 @@ typedef struct MemoryDeviceClass {
>
> /* public */
> uint64_t (*get_addr)(const MemoryDeviceState *md);
> +void (*set_addr)(MemoryDeviceState *md, uint64_t addr, Error **errp);
> uint64_t (*get_plugged_size)(const MemoryDeviceState *md, Error **errp);
> MemoryRegion *(*get_memory_region)(MemoryDeviceState *md, Error **errp);
> void (*fill_device_info)(const MemoryDeviceState *md,
>
Re: [Qemu-devel] [PATCH v6 2/7] target/mips: Support R5900 specific three-operand MULT and MULTU
On 9/15/18 11:25 AM, Fredrik Noring wrote:
> The three-operand MULT and MULTU are the only R5900 specific
> instructions emitted by GCC 7.3. The R5900 also implements the three-
> operand MADD and MADDU instructions, but they are omitted in QEMU for
> now since they are absent in programs compiled by current GCC versions.
I'm not sure this GCC information is worthless in the commit message.
> Likewise, the R5900 specific pipeline 1 instruction variants MULT1,
> MULTU1, DIV1, DIVU1, MADD1, MADDU1, MFHI1, MFLO1, MTHI1 and MTLO1
> are omitted here as well.
>
> Signed-off-by: Fredrik Noring
> ---
> target/mips/translate.c | 73
> +
> 1 file changed, 73 insertions(+)
>
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index ab16cdb911..7e18ec0d03 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -3768,6 +3768,77 @@ static void gen_muldiv(DisasContext *ctx, uint32_t opc,
> tcg_temp_free(t1);
> }
>
> +/*
> + * These MULT and MULTU instructions implemented in for example the
> + * Toshiba/Sony R5900 and the Toshiba TX19, TX39 and TX79 core
> + * architectures are special three-operand variants with the syntax
> + *
> + * MULT[U] rd, rs, rt
> + *
> + * such that
> + *
> + * (rd, LO, HI) <- rs * rt
> + *
> + * where the low-order 32-bits of the result is placed into both the
> + * GPR rd and the special register LO. The high-order 32-bits of the
> + * result is placed into the special register HI.
> + *
> + * If the GPR rd is omitted in assembly language, it is taken to be 0,
> + * which is the zero register that always reads as 0.
> + */
> +static void gen_mul_txxx(DisasContext *ctx, uint32_t opc,
> + int acc, int rd, int rs, int rt)
> +{
> +TCGv t0 = tcg_temp_new();
> +TCGv t1 = tcg_temp_new();
> +
> +gen_load_gpr(t0, rs);
> +gen_load_gpr(t1, rt);
> +
> +switch (opc) {
> +case OPC_MULT:
> +{
> +TCGv_i32 t2 = tcg_temp_new_i32();
> +TCGv_i32 t3 = tcg_temp_new_i32();
> +tcg_gen_trunc_tl_i32(t2, t0);
> +tcg_gen_trunc_tl_i32(t3, t1);
> +tcg_gen_muls2_i32(t2, t3, t2, t3);
> +if (rd) {
> +tcg_gen_ext_i32_tl(cpu_gpr[rd], t2);
> +}
> +tcg_gen_ext_i32_tl(cpu_LO[acc], t2);
> +tcg_gen_ext_i32_tl(cpu_HI[acc], t3);
> +tcg_temp_free_i32(t2);
> +tcg_temp_free_i32(t3);
> +}
> +break;
> +case OPC_MULTU:
> +{
> +TCGv_i32 t2 = tcg_temp_new_i32();
> +TCGv_i32 t3 = tcg_temp_new_i32();
> +tcg_gen_trunc_tl_i32(t2, t0);
> +tcg_gen_trunc_tl_i32(t3, t1);
> +tcg_gen_mulu2_i32(t2, t3, t2, t3);
> +if (rd) {
> +tcg_gen_ext_i32_tl(cpu_gpr[rd], t2);
> +}
> +tcg_gen_ext_i32_tl(cpu_LO[acc], t2);
> +tcg_gen_ext_i32_tl(cpu_HI[acc], t3);
> +tcg_temp_free_i32(t2);
> +tcg_temp_free_i32(t3);
> +}
> +break;
> +default:
> +MIPS_INVAL("mul R5900");
I'd use:
MIPS_INVAL("mul/div Toshiba");
> +generate_exception_end(ctx, EXCP_RI);
> +goto out;
> +}
> +
> + out:
> +tcg_temp_free(t0);
> +tcg_temp_free(t1);
> +}
> +
> static void gen_mul_vr54xx (DisasContext *ctx, uint32_t opc,
> int rd, int rs, int rt)
> {
> @@ -22378,6 +22449,8 @@ static void decode_opc_special_legacy(CPUMIPSState
> *env, DisasContext *ctx)
> check_insn(ctx, INSN_VR54XX);
> op1 = MASK_MUL_VR54XX(ctx->opcode);
> gen_mul_vr54xx(ctx, op1, rd, rs, rt);
> +} else if (ctx->insn_flags & INSN_R5900) {
> +gen_mul_txxx(ctx, op1, 0, rd, rs, rt);
Similarly, I'd name this gen_muldiv_txx9().
The code is correct, therefore:
Reviewed-by: Philippe Mathieu-Daudé
Maybe the maintainer will agree to do these minor changes when taking
the patches.
> } else {
> gen_muldiv(ctx, op1, rd & 3, rs, rt);
> }
>
Re: [Qemu-devel] [PATCH v4 14/24] memory-device: complete factoring out plug handling
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> With the new memory device functions in place, we can factor out
> plugging of memory devices completely.
>
> Reviewed-by: David Gibson
> Reviewed-by: Igor Mammedov
> Signed-off-by: David Hildenbrand
> ---
> hw/mem/memory-device.c | 13 ++---
> hw/mem/pc-dimm.c | 9 +
> include/hw/mem/memory-device.h | 3 +--
> 3 files changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
> index 54e3f23b15..3914e2fe6f 100644
> --- a/hw/mem/memory-device.c
> +++ b/hw/mem/memory-device.c
> @@ -275,10 +275,17 @@ out:
> error_propagate(errp, local_err);
> }
>
> -void memory_device_plug_region(MachineState *ms, MemoryRegion *mr,
> - uint64_t addr)
> +void memory_device_plug(MemoryDeviceState *md, MachineState *ms)
> {
> -/* we expect a previous call to memory_device_get_free_addr() */
> +const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md);
> +const uint64_t addr = mdc->get_addr(md);
> +MemoryRegion *mr;
> +
> +/*
> + * We expect a previous call to memory_device_pre_plug() succeeded so
> + * it and can't fail at this point.
comment to be reworded
Reviewed-by: Eric Auger
Thanks
Eric
> + */
> +mr = mdc->get_memory_region(md, &error_abort);
> g_assert(ms->device_memory);
>
> memory_region_add_subregion(&ms->device_memory->mr,
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index ea9968e379..07fa29a748 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -63,17 +63,10 @@ out:
> void pc_dimm_plug(PCDIMMDevice *dimm, MachineState *machine, Error **errp)
> {
> PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
> -MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(dimm);
> MemoryRegion *vmstate_mr = ddc->get_vmstate_memory_region(dimm,
>&error_abort);
> -MemoryRegion *mr = mdc->get_memory_region(MEMORY_DEVICE(dimm),
> - &error_abort);
> -uint64_t addr;
> -
> -addr = object_property_get_uint(OBJECT(dimm), PC_DIMM_ADDR_PROP,
> -&error_abort);
>
> -memory_device_plug_region(machine, mr, addr);
> +memory_device_plug(MEMORY_DEVICE(dimm), machine);
> vmstate_register_ram(vmstate_mr, DEVICE(dimm));
> }
>
> diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
> index df48b85285..8b58529843 100644
> --- a/include/hw/mem/memory-device.h
> +++ b/include/hw/mem/memory-device.h
> @@ -63,8 +63,7 @@ MemoryDeviceInfoList *qmp_memory_device_list(void);
> uint64_t get_plugged_memory_size(void);
> void memory_device_pre_plug(MemoryDeviceState *md, MachineState *ms,
> const uint64_t *legacy_align, Error **errp);
> -void memory_device_plug_region(MachineState *ms, MemoryRegion *mr,
> - uint64_t addr);
> +void memory_device_plug(MemoryDeviceState *md, MachineState *ms);
> void memory_device_unplug_region(MachineState *ms, MemoryRegion *mr);
> uint64_t memory_device_get_region_size(const MemoryDeviceState *md,
> Error **errp);
>
Re: [Qemu-devel] [PATCH v4 15/24] memory-device: complete factoring out unplug handling
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> With the new memory device functions in place, we can factor out
> unplugging of memory devices completely.
>
> Reviewed-by: David Gibson
> Reviewed-by: Igor Mammedov
> Signed-off-by: David Hildenbrand
> ---
> hw/mem/memory-device.c | 11 +--
> hw/mem/pc-dimm.c | 5 +
> include/hw/mem/memory-device.h | 2 +-
> 3 files changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
> index 3914e2fe6f..e8e282bf5e 100644
> --- a/hw/mem/memory-device.c
> +++ b/hw/mem/memory-device.c
> @@ -292,9 +292,16 @@ void memory_device_plug(MemoryDeviceState *md,
> MachineState *ms)
> addr - ms->device_memory->base, mr);
> }
>
> -void memory_device_unplug_region(MachineState *ms, MemoryRegion *mr)
> +void memory_device_unplug(MemoryDeviceState *md, MachineState *ms)
> {
> -/* we expect a previous call to memory_device_get_free_addr() */
> +const MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(md);
> +MemoryRegion *mr;
> +
> +/*
> + * We expect a previous call to memory_device_pre_plug() succeeded so
> + * it and can't fail at this point.
s/it and/it
Reviewed-by: Eric Auger
Thanks
Eric
> + */
> +mr = mdc->get_memory_region(md, &error_abort);
> g_assert(ms->device_memory);
>
> memory_region_del_subregion(&ms->device_memory->mr, mr);
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index 07fa29a748..5a9a3d831d 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -73,13 +73,10 @@ void pc_dimm_plug(PCDIMMDevice *dimm, MachineState
> *machine, Error **errp)
> void pc_dimm_unplug(PCDIMMDevice *dimm, MachineState *machine)
> {
> PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
> -MemoryDeviceClass *mdc = MEMORY_DEVICE_GET_CLASS(dimm);
> MemoryRegion *vmstate_mr = ddc->get_vmstate_memory_region(dimm,
>&error_abort);
> -MemoryRegion *mr = mdc->get_memory_region(MEMORY_DEVICE(dimm),
> - &error_abort);
>
> -memory_device_unplug_region(machine, mr);
> +memory_device_unplug(MEMORY_DEVICE(dimm), machine);
> vmstate_unregister_ram(vmstate_mr, DEVICE(dimm));
> }
>
> diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
> index 8b58529843..97de693bca 100644
> --- a/include/hw/mem/memory-device.h
> +++ b/include/hw/mem/memory-device.h
> @@ -64,7 +64,7 @@ uint64_t get_plugged_memory_size(void);
> void memory_device_pre_plug(MemoryDeviceState *md, MachineState *ms,
> const uint64_t *legacy_align, Error **errp);
> void memory_device_plug(MemoryDeviceState *md, MachineState *ms);
> -void memory_device_unplug_region(MachineState *ms, MemoryRegion *mr);
> +void memory_device_unplug(MemoryDeviceState *md, MachineState *ms);
> uint64_t memory_device_get_region_size(const MemoryDeviceState *md,
> Error **errp);
>
>
Re: [Qemu-devel] [PATCH v6 5/7] target/mips: Define the R5900 CPU
On 9/15/18 11:50 AM, Fredrik Noring wrote:
> The primary purpose of this change is to support programs compiled by
> GCC for the R5900 target and thereby run R5900 Linux distributions, for
> example Gentoo.
>
> GCC in version 7.3, by itself, by inspection of the GCC source code
> and inspection of the generated machine code, for the R5900 target,
> only emits two instructions that are specific to the R5900: the three-
> operand MULT and MULTU. GCC and libc also emit certain MIPS III
> instructions that are not part of the R5900 ISA. They are normally
> trapped and emulated by the Linux kernel, and therefore need to be
> treated accordingly by QEMU.
>
> A program compiled by GCC is taken to mean source code compiled by GCC
> under the restrictions above. One can, with the apparent limitations,
> with a bit of effort obtain a fully functioning operating system such
> as R5900 Gentoo. Strictly speaking, programs need not be compiled by
> GCC to make use of this change.
>
> Instructions and other facilities of the R5900 not implemented by this
> change are intended to signal provisional exceptions. One such example
> is the FPU that is not compliant with IEEE 754-1985 in system mode. It
> is therefore provisionally disabled. In user space the FPU is trapped
> and emulated by IEEE 754-1985 compliant software in the kernel, and
> this is handled accordingly by QEMU. Another example is the 93
> multimedia instructions specific to the R5900 that generate provisional
> reserved instruction exception signals.
>
> One of the benefits of running a Linux distribution under QEMU is that
> programs can be compiled with a native compiler, where the host and
> target are the same, as opposed to a cross-compiler, where they are
> not the same. This is especially important in cases where the target
> hardware does not have the resources to run a native compiler.
>
> Problems with cross-compilation are often related to host and target
> differences in integer sizes, pointer sizes, endianness, machine code,
> ABI, etc. Sometimes cross-compilation is not even supported by the
> build script for a given package. One effective way to avoid those
> problems is to replace the cross-compiler with a native compiler. This
> change of compilation methods does not resolve the inherent problems
> with cross-compilation.
>
> The native compiler naturally replaces the cross-compiler, because one
> typically uses one or the other, and preferably the native compiler
> when the circumstances admit this. The native compiler is also a good
> test case for the R5900 QEMU user mode. Additionally, Gentoo is well-
> known for compiling and installing its packages from sources.
>
> This change has been tested with Gentoo compiled for R5900, including
> native compilation of several packages under QEMU.
>
> Signed-off-by: Fredrik Noring
Reviewed-by: Philippe Mathieu-Daudé
> ---
> target/mips/translate_init.inc.c | 59
>
> 1 file changed, 59 insertions(+)
>
> diff --git a/target/mips/translate_init.inc.c
> b/target/mips/translate_init.inc.c
> index b3320b9dc7..b5dacf4ffe 100644
> --- a/target/mips/translate_init.inc.c
> +++ b/target/mips/translate_init.inc.c
> @@ -410,6 +410,65 @@ const mips_def_t mips_defs[] =
> .insn_flags = CPU_MIPS32R5 | ASE_MSA,
> .mmu_type = MMU_TYPE_R4000,
> },
> +{
> +/*
> + * The Toshiba TX System RISC TX79 Core Architecture manual
> + *
> + * http://www.lukasz.dk/files/tx79architecture.pdf
> + *
> + * describes the C790 processor that is a follow-up to the R5900.
> + * There are a few notable differences in that the R5900 FPU
> + *
> + * - is not IEEE 754-1985 compliant,
> + * - does not implement double format, and
> + * - its machine code is nonstandard.
> + */
> +.name = "R5900",
> +.CP0_PRid = 0x2E00,
> +/* No L2 cache, icache size 32k, dcache size 32k, uncached
> coherency. */
> +.CP0_Config0 = (0x3 << 9) | (0x3 << 6) | (0x2 << CP0C0_K0),
> +.CP0_Status_rw_bitmask = 0xF4C79C1F,
> +#ifdef CONFIG_USER_ONLY
> +/*
> + * R5900 hardware traps to the Linux kernel for IEEE 754-1985 and
> LL/SC
> + * emulation. For user only, QEMU is the kernel, so we emulate the
> traps
> + * by simply emulating the instructions directly.
> + *
> + * Note: Config1 is only used internally, the R5900 has only Config0.
> + */
> +.CP0_Config1 = (1 << CP0C1_FP) | (47 << CP0C1_MMU),
> +.CP0_LLAddr_rw_bitmask = 0x,
> +.CP0_LLAddr_shift = 4,
> +.CP1_fcr0 = (0x38 << FCR0_PRID) | (0x0 << FCR0_REV),
> +.CP1_fcr31 = 0,
> +.CP1_fcr31_rw_bitmask = 0x0183,
> +#else
> +/*
> + * The R5900 COP1 FPU implements single-precision floating-point
> + * operations but is not entirely IEEE 754-1985 compatible.
Re: [Qemu-devel] [PATCH v4 16/24] memory-device: trace when pre_assigning/assigning/unassigning addresses
Hi David,
On 9/26/18 11:42 AM, David Hildenbrand wrote:
> Let's trace the address when pre_pluggin/plugging/unplugging a memory device.
>
> Trace it when pre_plugging as well as when plugging, so we really know
> when a specific address is actually used.
>
> Reviewed-by: David Gibson
> Reviewed-by: Igor Mammedov
> Signed-off-by: David Hildenbrand
> ---
> hw/mem/memory-device.c | 6 ++
> hw/mem/pc-dimm.c | 8
> hw/mem/trace-events| 5 -
> 3 files changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
> index e8e282bf5e..cf85199a72 100644
> --- a/hw/mem/memory-device.c
> +++ b/hw/mem/memory-device.c
> @@ -17,6 +17,7 @@
> #include "qemu/range.h"
> #include "hw/virtio/vhost.h"
> #include "sysemu/kvm.h"
> +#include "trace.h"
>
> static gint memory_device_addr_sort(gconstpointer a, gconstpointer b)
> {
> @@ -271,6 +272,9 @@ void memory_device_pre_plug(MemoryDeviceState *md,
> MachineState *ms,
> goto out;
> }
> mdc->set_addr(md, addr, &local_err);
> +if (!local_err) {
> +trace_memory_device_pre_assign_address(addr);
> +}
> out:
> error_propagate(errp, local_err);
> }
> @@ -290,6 +294,7 @@ void memory_device_plug(MemoryDeviceState *md,
> MachineState *ms)
>
> memory_region_add_subregion(&ms->device_memory->mr,
> addr - ms->device_memory->base, mr);
> +trace_memory_device_assign_address(addr);
> }
>
> void memory_device_unplug(MemoryDeviceState *md, MachineState *ms)
> @@ -305,6 +310,7 @@ void memory_device_unplug(MemoryDeviceState *md,
> MachineState *ms)
> g_assert(ms->device_memory);
>
> memory_region_del_subregion(&ms->device_memory->mr, mr);
> +trace_memory_device_unassign_address(mdc->get_addr(md));
> }
>
> uint64_t memory_device_get_region_size(const MemoryDeviceState *md,
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index 5a9a3d831d..9c0c487cb6 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -34,7 +34,6 @@ void pc_dimm_pre_plug(PCDIMMDevice *dimm, MachineState
> *machine,
> {
> DeviceState *dev = DEVICE(dimm);
> Error *local_err = NULL;
> -uint64_t addr;
> int slot;
>
> slot = object_property_get_int(OBJECT(dev), PC_DIMM_SLOT_PROP,
> @@ -49,13 +48,6 @@ void pc_dimm_pre_plug(PCDIMMDevice *dimm, MachineState
> *machine,
>
> memory_device_pre_plug(MEMORY_DEVICE(dev), machine, legacy_align,
> &local_err);
> -if (local_err) {
> -goto out;
> -}
> -
> -addr = object_property_get_uint(OBJECT(dev), PC_DIMM_ADDR_PROP,
> -&error_abort);
> -trace_mhp_pc_dimm_assigned_address(addr);
> out:
> error_propagate(errp, local_err);
> }
> diff --git a/hw/mem/trace-events b/hw/mem/trace-events
> index e150dcc497..b40482077e 100644
> --- a/hw/mem/trace-events
> +++ b/hw/mem/trace-events
> @@ -2,4 +2,7 @@
>
> # hw/mem/pc-dimm.c
> mhp_pc_dimm_assigned_slot(int slot) "%d"
> -mhp_pc_dimm_assigned_address(uint64_t addr) "0x%"PRIx64
> +# hw/mem/memory-device.c
> +memory_device_pre_assign_address(uint64_t addr) "0x%"PRIx64
> +memory_device_assign_address(uint64_t addr) "0x%"PRIx64
> +memory_device_unassign_address(uint64_t addr) "0x%"PRIx64
In case we use several memory devices, wouldn't it make sense to pass
the mr name or id as well to uniquely identify the device?
nit: For debugging purpose it would look simpler to me to use the
original function name for the associated trace (all the more so there
is a single trace within) than the "assign_address" naming.
Thanks
Eric
>
