Re: [Qemu-devel] qapi/misc.json is too big, let's bite off a few chunks

[Markus Armbruster]

Paolo Bonzini  writes:

> On 27/05/19 10:00, Markus Armbruster wrote:
>> As long as we don't have an active QOM maintainer[*], the benefit is
>> low.
>> 
>> 
>> [*] We need one.  I'm not volunteering.
>
> I think Daniel, Eduardo and I could count as de facto maintainer.  I
> guess I could maintain it if I get two partners in crime as reviewers.

Alright, we need two volunteers for the reviewer role, and one patch to
MAINTAINERS.

A mention in MAINTAINERS is the traditional punishment for good work, so
let's see who's been doing the work.  Aha:

Eduardo Habkost
Marc-André Lureau
Markus Armbruster
Eric Blake
Philippe Mathieu-Daudé

Details appended.

QOM is not a particularly active subsystem now: 51 commits in two years.

We obviously need maintainers to review and merge patches.  The nominal
maintainer hasn't been doing that since 2015.  Git shows the following
top committers taking on / getting sucked into QOM:

Markus Armbruster 
Eduardo Habkost 
Paolo Bonzini 
Marc-André Lureau 
Eric Blake 

We really need nominal maintainer(s) again.

Of course, *active* maintainers would be even better: I consider QOM
stuck in an unhappy place where much of its potential is still
potential.

But let's start small.  Volunteers for the reviewer role, please step
forward :)



The details I promised:

Output of "scripts/get_maintainer.pl --git --git-since='2-years-ago' |
grep commit_signer" sorted by file size:

= qom/object.c =
"Marc-André Lureau"  (commit_signer:20/36=56%)
Markus Armbruster  (commit_signer:15/36=42%)
Eric Blake  (commit_signer:14/36=39%)
Eduardo Habkost  (commit_signer:14/36=39%)
"Philippe Mathieu-Daudé"  (commit_signer:9/36=25%)

= include/qom/object.h =
Eduardo Habkost  (commit_signer:9/18=50%)
"Marc-André Lureau"  (commit_signer:8/18=44%)
Igor Mammedov  (commit_signer:6/18=33%)
Markus Armbruster  (commit_signer:6/18=33%)
David Gibson  (commit_signer:5/18=28%)

= include/qom/object_interfaces.h =
Eduardo Habkost  (commit_signer:8/5=100%)
Igor Mammedov  (commit_signer:3/5=60%)
"Marc-André Lureau"  (commit_signer:2/5=40%)
"Philippe Mathieu-Daudé"  (commit_signer:2/5=40%)
Eric Blake  (commit_signer:1/5=20%)

= qom/object_interfaces.c =
Eric Blake  (commit_signer:9/12=75%)
"Marc-André Lureau"  (commit_signer:7/12=58%)
Markus Armbruster  (commit_signer:7/12=58%)
Eduardo Habkost  (commit_signer:6/12=50%)
"Philippe Mathieu-Daudé"  (commit_signer:4/12=33%)

= qom/qom-qobject.c =

= include/qom/qom-qobject.h =

= qom/trace-events =
Stefan Hajnoczi  (commit_signer:2/2=100%)
"Philippe Mathieu-Daudé"  (commit_signer:2/2=100%)
Markus Armbruster  (commit_signer:1/2=50%)
Michael Tokarev  (commit_signer:1/2=50%)

= qom/Makefile.objs =

[Qemu-devel] [PATCH v2] q35: fix mmconfig and PCI0._CRS

[Gerd Hoffmann]

This patch changes the handling of the mmconfig area.  Thanks to the
pci(e) expander devices we already have the logic to exclude address
ranges from PCI0._CRS.  We can simply add the mmconfig address range
to the list get it excluded as well.

With that in place we can go with a fixed pci hole which covers the
whole area from the end of (low) ram to the ioapic.

This will make the whole logic alot less fragile.  No matter where the
firmware places the mmconfig xbar, things should work correctly.  The
guest also gets a bit more PCI address space (seabios boot):

# cat /proc/iomem
[ ... ]
7ffdd000-7fff : reserved
8000-afff : PCI Bus :00<<-- this is new
b000-bfff : PCI MMCONFIG  [bus 00-ff]
  b000-bfff : reserved
c000-febf : PCI Bus :00
  f800-fbff : :00:01.0
[ ... ]

So this is a guest visible change.

Cc: László Érsek 
Signed-off-by: Gerd Hoffmann 
Reviewed-by: Igor Mammedov 
---
 tests/bios-tables-test-allowed-diff.h |  8 +++
 hw/i386/acpi-build.c  | 14 
 hw/pci-host/q35.c | 31 +++
 3 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/tests/bios-tables-test-allowed-diff.h 
b/tests/bios-tables-test-allowed-diff.h
index dfb8523c8bf4..3bbd22c62a3b 100644
--- a/tests/bios-tables-test-allowed-diff.h
+++ b/tests/bios-tables-test-allowed-diff.h
@@ -1 +1,9 @@
 /* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/q35/DSDT",
+"tests/data/acpi/q35/DSDT.bridge",
+"tests/data/acpi/q35/DSDT.mmio64",
+"tests/data/acpi/q35/DSDT.ipmibt",
+"tests/data/acpi/q35/DSDT.cphp",
+"tests/data/acpi/q35/DSDT.memhp",
+"tests/data/acpi/q35/DSDT.numamem",
+"tests/data/acpi/q35/DSDT.dimmpxm",
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 85dc1640bc67..8e4f26977619 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -122,6 +122,8 @@ typedef struct FwCfgTPMConfig {
 uint8_t tpmppi_version;
 } QEMU_PACKED FwCfgTPMConfig;
 
+static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg);
+
 static void init_common_fadt_data(Object *o, AcpiFadtData *data)
 {
 uint32_t io = object_property_get_uint(o, ACPI_PM_PROP_PM_IO_BASE, NULL);
@@ -1807,6 +1809,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 CrsRangeSet crs_range_set;
 PCMachineState *pcms = PC_MACHINE(machine);
 PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(machine);
+AcpiMcfgInfo mcfg;
 uint32_t nr_mem = machine->ram_slots;
 int root_bus_limit = 0xFF;
 PCIBus *bus = NULL;
@@ -1921,6 +1924,17 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 }
 }
 
+/*
+ * At this point crs_range_set has all the ranges used by pci
+ * busses *other* than PCI0.  These ranges will be excluded from
+ * the PCI0._CRS.  Add mmconfig to the set so it will be excluded
+ * too.
+ */
+if (acpi_get_mcfg(&mcfg)) {
+crs_range_insert(crs_range_set.mem_ranges,
+ mcfg.base, mcfg.base + mcfg.size - 1);
+}
+
 scope = aml_scope("\\_SB.PCI0");
 /* build PCI0._CRS */
 crs = aml_resource_template();
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 960939f5ed3e..72093320befe 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -258,15 +258,6 @@ static void q35_host_initfn(Object *obj)
 object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
  (Object **) &s->mch.address_space_io,
  qdev_prop_allow_set_link_before_realize, 0, NULL);
-
-/* Leave enough space for the biggest MCFG BAR */
-/* TODO: this matches current bios behaviour, but
- * it's not a power of two, which means an MTRR
- * can't cover it exactly.
- */
-range_set_bounds(&s->mch.pci_hole,
-MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT + MCH_HOST_BRIDGE_PCIEXBAR_MAX,
-IO_APIC_DEFAULT_ADDRESS - 1);
 }
 
 static const TypeInfo q35_host_info = {
@@ -338,20 +329,6 @@ static void mch_update_pciexbar(MCHPCIState *mch)
 }
 addr = pciexbar & addr_mask;
 pcie_host_mmcfg_update(pehb, enable, addr, length);
-/* Leave enough space for the MCFG BAR */
-/*
- * TODO: this matches current bios behaviour, but it's not a power of two,
- * which means an MTRR can't cover it exactly.
- */
-if (enable) {
-range_set_bounds(&mch->pci_hole,
- addr + length,
- IO_APIC_DEFAULT_ADDRESS - 1);
-} else {
-range_set_bounds(&mch->pci_hole,
- MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT,
- IO_APIC_DEFAULT_ADDRESS - 1);
-}
 }
 
 /* PAM */
@@ -484,6 +461,14 @@ static void mch_update(MCHPCIState *mch)
 mch_update_pam(mch);
 mch_update_smram(mch);
 mch_update_ext_tseg_mbytes(mch);
+
+/*
+ * pci hole goes from end-of-low-ram to io-apic.
+ * mmconfig will b

[Qemu-devel] [PATCH v2] q35: split memory at 2G

[Gerd Hoffmann]

Original q35 behavior was to split memory at 2.75 GB, leaving space for
the mmconfig bar at 0xb00 and pci I/O window starting at 0xc000.

Note: Those machine types have been removed from the qemu codebase
meanwhile because they could not be live-migrated so there was little
value in keeping them around.

With the effort to allow for gigabyte-alignment of guest memory that
behavior was changed:  The split was moved to 2G, but only in case the
memory didn't fit below 2.75 GB.

So today the address space between 2G and 2,75G is not used for guest
memory in typical use cases, where the guest memory is sized at a power
of two or a gigabyte number.  But if you configure your guest with some
odd amount of memory (such as 2.5G) the address space is used.

This patch removes that oddity for 4.1+ machine types.  The memory is
split at 2G no matter what.

Signed-off-by: Gerd Hoffmann 
Acked-by: Laszlo Ersek 
---
 include/hw/i386/pc.h | 1 +
 hw/i386/pc.c | 1 +
 hw/i386/pc_q35.c | 7 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 5d5636241e34..dfe3e6104181 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -120,6 +120,7 @@ typedef struct PCMachineClass {
 
 /* RAM / address space compat: */
 bool gigabyte_align;
+bool gigabyte_split;
 bool has_reserved_memory;
 bool enforce_aligned_dimm;
 bool broken_reserved_end;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index edc240bcbf59..3cc9432bd187 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2722,6 +2722,7 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 pcmc->smbios_defaults = true;
 pcmc->smbios_uuid_encoded = true;
 pcmc->gigabyte_align = true;
+pcmc->gigabyte_split = true;
 pcmc->has_reserved_memory = true;
 pcmc->kvmclock_enabled = true;
 pcmc->enforce_aligned_dimm = true;
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index dcddc6466200..57d06d55ef4d 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -143,8 +143,10 @@ static void pc_q35_init(MachineState *machine)
  * If it doesn't, we need to split it in chunks below and above 4G.
  * In any case, try to make sure that guest addresses aligned at
  * 1G boundaries get mapped to host addresses aligned at 1G boundaries.
+ *
+ * qemu 4.1+ machines: split at 2G unconditionally (gigabyte_split = true)
  */
-if (machine->ram_size >= 0xb000) {
+if (machine->ram_size >= 0xb000 || pcmc->gigabyte_split) {
 lowmem = 0x8000;
 } else {
 lowmem = 0xb000;
@@ -376,8 +378,11 @@ DEFINE_Q35_MACHINE(v4_1, "pc-q35-4.1", NULL,
 
 static void pc_q35_4_0_1_machine_options(MachineClass *m)
 {
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+
 pc_q35_4_1_machine_options(m);
 m->alias = NULL;
+pcmc->gigabyte_split = false;
 compat_props_add(m->compat_props, hw_compat_4_0_1, hw_compat_4_0_1_len);
 compat_props_add(m->compat_props, pc_compat_4_0_1, pc_compat_4_0_1_len);
 }
-- 
2.18.1

Re: [Qemu-devel] [PATCH 15/18] Boot Linux Console Test: add a test for aarch64 + virt

[Laszlo Ersek]

On 06/07/19 05:26, Eduardo Habkost wrote:

> Thread 4 (Thread 0x7f2e45fff700 (LWP 6461)):
> #0  0x7f2e4ec03500 in nanosleep () at /lib64/libpthread.so.0
> #1  0x7f2e4fb229d7 in g_usleep () at /lib64/libglib-2.0.so.0
> #2  0x559a4e7ca4c9 in qemu_chr_write_buffer (s=s@entry=0x559a502d0ac0, 
> buf=buf@entry=0x7f2e45ffdd90 "7", len=1, offset=offset@entry=0x7f2e45ffdd60, 
> write_all=true) at chardev/char.c:115
> #3  0x559a4e7ca78f in qemu_chr_write (s=0x559a502d0ac0, 
> buf=buf@entry=0x7f2e45ffdd90 "7", len=len@entry=1, 
> write_all=write_all@entry=true) at chardev/char.c:148
> #4  0x559a4e7cc7e2 in qemu_chr_fe_write_all (be=be@entry=0x559a504b4c50, 
> buf=buf@entry=0x7f2e45ffdd90 "7", len=len@entry=1) at chardev/char-fe.c:53
> #5  0x559a4e58f320 in pl011_write (opaque=0x559a504b47d0, offset=0, 
> value=55, size=) at hw/char/pl011.c:183
> #6  0x559a4e325121 in memory_region_write_accessor (mr=0x559a504b4ae0, 
> addr=0, value=, size=2, shift=, mask= out>, attrs=...) at /home/ehabkost/rh/proj/virt/qemu/memory.c:503
> #7  0x559a4e322cd6 in access_with_adjusted_size (addr=addr@entry=0, 
> value=value@entry=0x7f2e45ffded8, size=size@entry=2, 
> access_size_min=, access_size_max=, 
> access_fn=access_fn@entry=
> 0x559a4e3250a0 , mr=0x559a504b4ae0, 
> attrs=...) at /home/ehabkost/rh/proj/virt/qemu/memory.c:569
> #8  0x559a4e32763f in memory_region_dispatch_write 
> (mr=mr@entry=0x559a504b4ae0, addr=addr@entry=0, data=, 
> data@entry=55, size=size@entry=2, attrs=...) at 
> /home/ehabkost/rh/proj/virt/qemu/memory.c:1497
> #9  0x559a4e338708 in io_writex (env=env@entry=0x559a503d5620, 
> mmu_idx=mmu_idx@entry=1, val=val@entry=55, 
> addr=addr@entry=18446462598867529728, retaddr=139836732143069, size=2, 
> iotlbentry=, iotlbentry=)
> at /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cputlb.c:945
> #10 0x559a4e33d203 in store_helper (big_endian=false, size=2, 
> retaddr=, oi=, val=55, 
> addr=18446462598867529728, env=0x559a503d5620) at 
> /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cputlb.c:1544
> #11 0x559a4e33d203 in helper_le_stw_mmu (env=0x559a503d5620, 
> addr=18446462598867529728, val=55, oi=, 
> retaddr=139836732143069) at 
> /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cputlb.c:1636
> #12 0x7f2e46bef5dd in code_gen_buffer ()
> #13 0x559a4e352381 in cpu_tb_exec (itb=, 
> cpu=0x559a503d5620) at 
> /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cpu-exec.c:171
> #14 0x559a4e352381 in cpu_loop_exec_tb (tb_exit=, 
> last_tb=, tb=, cpu=0x559a503d5620) at 
> /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cpu-exec.c:618
> #15 0x559a4e352381 in cpu_exec (cpu=cpu@entry=0x559a503cd360) at 
> /home/ehabkost/rh/proj/virt/qemu/accel/tcg/cpu-exec.c:729
> #16 0x559a4e30ea0f in tcg_cpu_exec (cpu=0x559a503cd360) at 
> /home/ehabkost/rh/proj/virt/qemu/cpus.c:1434
> #17 0x559a4e310b6b in qemu_tcg_cpu_thread_fn 
> (arg=arg@entry=0x559a503cd360) at /home/ehabkost/rh/proj/virt/qemu/cpus.c:1743
> #18 0x559a4e83669a in qemu_thread_start (args=) at 
> util/qemu-thread-posix.c:502
> #19 0x7f2e4ebf958e in start_thread () at /lib64/libpthread.so.0
> #20 0x7f2e4eb266f3 in clone () at /lib64/libc.so.6

See also .

$ git show 6ab3fc32ea64 -- hw/char/pl011.c

Thanks
Laszlo

Re: [Qemu-devel] [PATCH v2] q35: fix mmconfig and PCI0._CRS

[Laszlo Ersek]

On 06/07/19 09:34, Gerd Hoffmann wrote:
> This patch changes the handling of the mmconfig area.  Thanks to the
> pci(e) expander devices we already have the logic to exclude address
> ranges from PCI0._CRS.  We can simply add the mmconfig address range
> to the list get it excluded as well.
> 
> With that in place we can go with a fixed pci hole which covers the
> whole area from the end of (low) ram to the ioapic.
> 
> This will make the whole logic alot less fragile.  No matter where the
> firmware places the mmconfig xbar, things should work correctly.  The
> guest also gets a bit more PCI address space (seabios boot):
> 
> # cat /proc/iomem
> [ ... ]
> 7ffdd000-7fff : reserved
> 8000-afff : PCI Bus :00<<-- this is new
> b000-bfff : PCI MMCONFIG  [bus 00-ff]
>   b000-bfff : reserved
> c000-febf : PCI Bus :00
>   f800-fbff : :00:01.0
> [ ... ]
> 
> So this is a guest visible change.
> 
> Cc: László Érsek 
> Signed-off-by: Gerd Hoffmann 
> Reviewed-by: Igor Mammedov 
> ---
>  tests/bios-tables-test-allowed-diff.h |  8 +++
>  hw/i386/acpi-build.c  | 14 
>  hw/pci-host/q35.c | 31 +++
>  3 files changed, 30 insertions(+), 23 deletions(-)
> 
> diff --git a/tests/bios-tables-test-allowed-diff.h 
> b/tests/bios-tables-test-allowed-diff.h
> index dfb8523c8bf4..3bbd22c62a3b 100644
> --- a/tests/bios-tables-test-allowed-diff.h
> +++ b/tests/bios-tables-test-allowed-diff.h
> @@ -1 +1,9 @@
>  /* List of comma-separated changed AML files to ignore */
> +"tests/data/acpi/q35/DSDT",
> +"tests/data/acpi/q35/DSDT.bridge",
> +"tests/data/acpi/q35/DSDT.mmio64",
> +"tests/data/acpi/q35/DSDT.ipmibt",
> +"tests/data/acpi/q35/DSDT.cphp",
> +"tests/data/acpi/q35/DSDT.memhp",
> +"tests/data/acpi/q35/DSDT.numamem",
> +"tests/data/acpi/q35/DSDT.dimmpxm",
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 85dc1640bc67..8e4f26977619 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -122,6 +122,8 @@ typedef struct FwCfgTPMConfig {
>  uint8_t tpmppi_version;
>  } QEMU_PACKED FwCfgTPMConfig;
>  
> +static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg);
> +
>  static void init_common_fadt_data(Object *o, AcpiFadtData *data)
>  {
>  uint32_t io = object_property_get_uint(o, ACPI_PM_PROP_PM_IO_BASE, NULL);
> @@ -1807,6 +1809,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>  CrsRangeSet crs_range_set;
>  PCMachineState *pcms = PC_MACHINE(machine);
>  PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(machine);
> +AcpiMcfgInfo mcfg;
>  uint32_t nr_mem = machine->ram_slots;
>  int root_bus_limit = 0xFF;
>  PCIBus *bus = NULL;
> @@ -1921,6 +1924,17 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
>  }
>  }
>  
> +/*
> + * At this point crs_range_set has all the ranges used by pci
> + * busses *other* than PCI0.  These ranges will be excluded from
> + * the PCI0._CRS.  Add mmconfig to the set so it will be excluded
> + * too.
> + */
> +if (acpi_get_mcfg(&mcfg)) {
> +crs_range_insert(crs_range_set.mem_ranges,
> + mcfg.base, mcfg.base + mcfg.size - 1);
> +}
> +
>  scope = aml_scope("\\_SB.PCI0");
>  /* build PCI0._CRS */
>  crs = aml_resource_template();
> diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
> index 960939f5ed3e..72093320befe 100644
> --- a/hw/pci-host/q35.c
> +++ b/hw/pci-host/q35.c
> @@ -258,15 +258,6 @@ static void q35_host_initfn(Object *obj)
>  object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
>   (Object **) &s->mch.address_space_io,
>   qdev_prop_allow_set_link_before_realize, 0, 
> NULL);
> -
> -/* Leave enough space for the biggest MCFG BAR */
> -/* TODO: this matches current bios behaviour, but
> - * it's not a power of two, which means an MTRR
> - * can't cover it exactly.
> - */
> -range_set_bounds(&s->mch.pci_hole,
> -MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT + MCH_HOST_BRIDGE_PCIEXBAR_MAX,
> -IO_APIC_DEFAULT_ADDRESS - 1);
>  }
>  
>  static const TypeInfo q35_host_info = {
> @@ -338,20 +329,6 @@ static void mch_update_pciexbar(MCHPCIState *mch)
>  }
>  addr = pciexbar & addr_mask;
>  pcie_host_mmcfg_update(pehb, enable, addr, length);
> -/* Leave enough space for the MCFG BAR */
> -/*
> - * TODO: this matches current bios behaviour, but it's not a power of 
> two,
> - * which means an MTRR can't cover it exactly.
> - */
> -if (enable) {
> -range_set_bounds(&mch->pci_hole,
> - addr + length,
> - IO_APIC_DEFAULT_ADDRESS - 1);
> -} else {
> -range_set_bounds(&mch->pci_hole,
> - MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT,
> - 

[Qemu-devel] [Bug 1831545] Re: "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86 host

[Alex Bennée]

** Tags added: tcg

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1831545

Title:
  "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86
  host

Status in QEMU:
  New

Bug description:
  As described in https://lists.gnu.org/archive/html/qemu-
  devel//2019-05/msg07362.html I run into TCG regression in qemu-git.

  Unfortunately, fix from bug
  https://bugs.launchpad.net/qemu/+bug/1830872 seems to be nonn-
  effective for my case.

  For reproduction (on 32-bit x86 host, in my case Slackware with gcc
  5.5.0):

  ./configure --target-list=x86_64-softmmu --disable-werror --enable-
  debug-tcg

  make (-j5 in my case)

  try to boot any 64-bit kernel:

  x86_64-softmmu/qemu-system-x86_64 -kernel /boot/bzImage-4.12.0-x64
  -accel tcg

  result is - qemu appear to hang right after "Booting the kernel" line.
  Decompression (xz) was ok.

  Tested with qemu-git commit  e2a58ff493a2e00db3e963c1839c5374500110f2

  32-bit OS can be booted fine, and -enable-kvm also allow 64 bit
  kernel/os to boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1831545/+subscriptions

Re: [Qemu-devel] [PATCH v6 5/7] qemu-coroutine-sleep: introduce qemu_co_sleep_wake

[Kevin Wolf]

Am 11.04.2019 um 19:27 hat Vladimir Sementsov-Ogievskiy geschrieben:
> Introduce a function to gracefully wake-up a coroutine, sleeping in
> qemu_co_sleep_ns() sleep.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 

You can simply reenter the coroutine while it has yielded in
qemu_co_sleep_ns(). This is supported.

I think what you add here is just the condition that you wake up the
coroutine only if it's currently sleeping, but not when it has yielded
for other reasons. This suggests that you're trying to reenter a
coroutine of which you don't know where exactly in its code it currently
is. This is wrong.

Just knowing that it's sleeping doesn't tell you where the coroutine is.
It could have called a function that sleeps internally and must not be
woken up early. If you reenter a coroutine, you always must know the
exact point where it yielded (or in exceptional cases, the exact points
(plural)). Just reentering because it sleeps will wake it up in
unexpected places, generally speaking.

So I don't think this function is a good idea. It's too easy to misuse,
and if you don't misuse it, you can directly call aio_co_wake().

Kevin

Re: [Qemu-devel] [PATCH v6 6/7] block/nbd-client: nbd reconnect

[Kevin Wolf]

Am 07.06.2019 um 05:17 hat Eric Blake geschrieben:
> On 4/11/19 12:27 PM, Vladimir Sementsov-Ogievskiy wrote:
> > +static coroutine_fn void nbd_reconnect_loop(NBDConnection *con)
> > +{
> > +NBDClientSession *s = nbd_get_client_session(con->bs);
> > +uint64_t start_time_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
> > +uint64_t delay_ns = s->reconnect_delay * 10UL;
> 
> Do we have a #define constant for nanoseconds in a second to make this
> more legible than counting '0's?
> 
> > +uint64_t timeout = 10UL; /* 1 sec */
> > +uint64_t max_timeout = 160UL; /* 16 sec */
> 
> 1 * constant, 16 * constant
> 
> > +
> > +nbd_reconnect_attempt(con);
> > +
> > +while (nbd_client_connecting(s)) {
> > +if (s->state == NBD_CLIENT_CONNECTING_WAIT &&
> > +qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - start_time_ns > 
> > delay_ns)
> > +{
> > +s->state = NBD_CLIENT_CONNECTING_NOWAIT;
> > +qemu_co_queue_restart_all(&s->free_sema);
> > +}
> > +
> > +bdrv_dec_in_flight(con->bs);
> > +qemu_co_sleep_ns(QEMU_CLOCK_REALTIME, timeout);
> 
> Another place where I'd like someone more familiar with coroutines to
> also have a look.

What's the exact question you'd like me to answer?

But anyway, bdrv_dec/inc_in_flight() around the sleep looks wrong to me.
Either the operation must be waited for in drain, then you can't
decrease the counter even during the sleep. Or drain doesn't have to
consider it, then why is the counter even increased in the first place?

The way it currently is, drain can return assuming that there are no
requests, but after the timeout the request automatically comes back
while the drain caller assumes that there is no more activity. This
doesn't look right.

Kevin


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] spapr: Don't use the "dual" interrupt controller mode with an old hypervisor

[Cédric Le Goater]

On 07/06/2019 02:19, David Gibson wrote:
> On Thu, Jun 06, 2019 at 07:08:59PM +0200, Greg Kurz wrote:
>> If KVM is too old to support XIVE native exploitation mode, we might end
>> up using the emulated XIVE after CAS. This is sub-optimal if KVM in-kernel
>> XICS is available, which is the case most of the time.
> 
> This is intentional.  A predictable guest environment trumps performance.

I don't agree. 

If the user does not specify any specific interrupt mode, we should favor 
the faster one. 

Here is the current matrix (with this patch) for guests running on an 
old KVM, that is without KVM XIVE support. Let's discuss on what we
want. 

kernel_irqchip

   (default) 
ic-mode allowed   offon 

dualXICS KVM   XICS emul.(3)   XICS KVM (default mode)
xicsXICS KVM   XICS emul.  XICS KVM
xiveXIVE emul.(1)  XIVE emul. QEMU failure (2)


(1) QEMU warns with "warning: kernel_irqchip requested but unavailable: 
IRQ_XIVE capability must be present for KVM" 
(2) QEMU fails with "kernel_irqchip requested but unavailable: 
IRQ_XIVE capability must be present for KVM" 
(3) That is wrong I think, we should get XIVE emulated.


what you would want is XIVE emulation when ic-mode=dual and 
kernel_irqchip=allowed, which is the behavior with this patch (but there
are reboot bugs)

 
>> Also, an old KVM may not allow to destroy and re-create the KVM XICS, which
>> is precisely what "dual" does during machine reset. This causes QEMU to try
>> to switch to emulated XICS and to crash because RTAS call de-registration
>> isn't handled correctly. We could possibly fix that, but again we would
>> still end up with an emulated XICS or XIVE.
> 
> Ugh, that's a problem.

Yes. It's another problem around the way we cleanup the allocated resources.
It should be another patch.

> 
>> "dual" is definitely not a good choice with older KVMs. Internally force
>> XICS when we detect this.
> 
> But this is not an acceptable solution.  Silently changing the guest
> visible environment based on host capabilities is never ok. 

If the host (KVM) doesn't have a capability, what is the point of trying 
to use it if we can do better. I know you are considering KVM/QEMU as a
whole but who would run with kernel_irqchip=off ?

> We must
> either give the guest environment that the user has requested, or fail
> outright.

'dual' mode means both and the user is not requesting XIVE. We are changing 
the priority of choices from :

 1. KVM XIVE
 2. QEMU XIVE
 3. KVM XICS
 4. QEMU XICS

to:

 1. KVM XIVE
 2. KVM XICS
 3. QEMU XIVE
 4. QEMU XICS

which is better I think.

C.


> 
>>
>> Signed-off-by: Greg Kurz 
>> ---
>>  hw/ppc/spapr_irq.c |   10 ++
>>  1 file changed, 10 insertions(+)
>>
>> diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
>> index 3156daf09381..d788bd662a7a 100644
>> --- a/hw/ppc/spapr_irq.c
>> +++ b/hw/ppc/spapr_irq.c
>> @@ -18,6 +18,7 @@
>>  #include "hw/ppc/xics_spapr.h"
>>  #include "cpu-models.h"
>>  #include "sysemu/kvm.h"
>> +#include "kvm_ppc.h"
>>  
>>  #include "trace.h"
>>  
>> @@ -668,6 +669,15 @@ static void spapr_irq_check(SpaprMachineState *spapr, 
>> Error **errp)
>>  return;
>>  }
>>  }
>> +
>> +/*
>> + * KVM may be too old to support XIVE, in which case we'd rather try
>> + * to use the in-kernel XICS instead of the emulated XIVE.
>> + */
>> +if (kvm_enabled() && !kvmppc_has_cap_xive() &&
>> +spapr->irq == &spapr_irq_dual) {
>> +spapr->irq = &spapr_irq_xics;
>> +}
>>  }
>>  
>>  /*
>>
> 

Re: [Qemu-devel] qapi/misc.json is too big, let's bite off a few chunks

[Markus Armbruster]

Paolo Bonzini  writes:

> On 23/05/19 18:14, Markus Armbruster wrote:
>> * Machine core (Eduardo, Marcel)
>> 
>>   query-machines, query-current-machine, 
>> 
>>   ~60 lines.  Hardly worthwhile from a "let's shrink misc.json" point of
>>   view.  Might be worthwhile from a "let's make get_maintainers.pl
>>   work".
>> 
>> * CPUs (Paolo, Richard)
>> 
>>   query-cpus, query-cpus-fast
>> 
>>   ~300 lines.  The commands are implemented in cpus.c, which MAINTAINERS
>>   covers both under "Main loop" and under "Guest CPU cores (TCG) /
>>   Overall".  Neither feels right to me for these QMP commands.
>> 
>> * NUMA (Eduardo)
>> 
>>   query-memdev, set-numa-node
>> 
>>   ~200 lines.
>
> I would move all three of these and add a new entry to MAINTAINERS.

Double-checking: do you propose to move all three to a single new QAPI
module, with a new MAINTAINERS entry covering just the new QAPI module?
If yes, care to propose a QAPI module file name, a MAINTAINERS head
line, and maintainers?

Or do you propose to create three QAPI modules machine.json, cpus.json,
numa.json, with machine.json filed in MAINTAINERS under "Machine core",
numa.json under "NUMA", and cpus.json under a new entry?

Re: [Qemu-devel] [PATCH] spapr: Don't use the "dual" interrupt controller mode with an old hypervisor

[Cédric Le Goater]

> kernel_irqchip
> 
>(default) 
> ic-mode allowed   offon 
> 
> dualXICS KVM   XICS emul.(3)   XICS KVM (default mode)
> xicsXICS KVM   XICS emul.  XICS KVM
> xiveXIVE emul.(1)  XIVE emul. QEMU failure (2)
> 
> 
> (1) QEMU warns with "warning: kernel_irqchip requested but unavailable: 
> IRQ_XIVE capability must be present for KVM" 
> (2) QEMU fails with "kernel_irqchip requested but unavailable: 
> IRQ_XIVE capability must be present for KVM" 
> (3) That is wrong I think, we should get XIVE emulated.
> 
> 
> what you would want is XIVE emulation when ic-mode=dual and 
> kernel_irqchip=allowed, which is the behavior with this patch (but there
 ^
  without
> are reboot bugs)

Re: [Qemu-devel] qapi/misc.json is too big, let's bite off a few chunks

[Philippe Mathieu-Daudé]

On 6/7/19 8:59 AM, Markus Armbruster wrote:
[...]
> QOM is not a particularly active subsystem now: 51 commits in two years.
> 
> We obviously need maintainers to review and merge patches.  The nominal
> maintainer hasn't been doing that since 2015.  Git shows the following
> top committers taking on / getting sucked into QOM:
> 
> Markus Armbruster 
> Eduardo Habkost 
> Paolo Bonzini 
> Marc-André Lureau 
> Eric Blake 
> 
> We really need nominal maintainer(s) again.
> 
> Of course, *active* maintainers would be even better: I consider QOM
> stuck in an unhappy place where much of its potential is still
> potential.
> 
> But let's start small.  Volunteers for the reviewer role, please step
> forward :)
> 
> 
> 
> The details I promised:
> 
> Output of "scripts/get_maintainer.pl --git --git-since='2-years-ago' |
> grep commit_signer" sorted by file size:
> 
[...]
> = include/qom/object_interfaces.h =
> Eduardo Habkost  (commit_signer:8/5=100%)
> Igor Mammedov  (commit_signer:3/5=60%)
> "Marc-André Lureau"  (commit_signer:2/5=40%)
> "Philippe Mathieu-Daudé"  (commit_signer:2/5=40%)
> Eric Blake  (commit_signer:1/5=20%)

get_maintainer's commit_signer is lying...

[...]
> = qom/trace-events =
> Stefan Hajnoczi  (commit_signer:2/2=100%)
> "Philippe Mathieu-Daudé"  (commit_signer:2/2=100%)
> Markus Armbruster  (commit_signer:1/2=50%)
> Michael Tokarev  (commit_signer:1/2=50%)

This 'git log -p' history of this file is very interesting...

[Qemu-devel] [PATCH] edid: add xmax + ymax properties

[Gerd Hoffmann]

Add new properties to allow setting the maximum display resolution.
Resolutions larger than that will not be included in the mode list.
In linux guests xrandr can be used to list modes.

Note: The existing xres and yres properties set the preferred display
resolution, i.e. the mode should be first in the mode list and guests
should use it by default.

Signed-off-by: Gerd Hoffmann 
---
 include/hw/display/edid.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/hw/display/edid.h b/include/hw/display/edid.h
index bacf1708894b..7948bd2c40f8 100644
--- a/include/hw/display/edid.h
+++ b/include/hw/display/edid.h
@@ -22,6 +22,8 @@ void qemu_edid_region_io(MemoryRegion *region, Object *owner,
 
 #define DEFINE_EDID_PROPERTIES(_state, _edid_info)  \
 DEFINE_PROP_UINT32("xres", _state, _edid_info.prefx, 0),\
-DEFINE_PROP_UINT32("yres", _state, _edid_info.prefy, 0)
+DEFINE_PROP_UINT32("yres", _state, _edid_info.prefy, 0),\
+DEFINE_PROP_UINT32("xmax", _state, _edid_info.maxx, 0), \
+DEFINE_PROP_UINT32("ymax", _state, _edid_info.maxy, 0)
 
 #endif /* EDID_H */
-- 
2.18.1

Re: [Qemu-devel] [PATCH v2] m68k comments break patch submission due to being incorrectly formatted

[Peter Maydell]

On Fri, 7 Jun 2019 at 04:30, Lucien Murray-Pitts
 wrote:
> checkpatch is correctly identifying the wrong style in the changed code.
> This changed code contains the original comments with ADDITIONAL edits
> resulting in pachew/checkpatch complaining.
>
> The m68k is, by my guess, older code and nearly all the comments are different
> from the style guide.  Some are "/**" or "/*commment here" and so on.

Yeah. We have a fair bit of old-style code in the codebase. There
are two different approaches we take to this:
 (1) the most common is "fix the parts your patch is touching anyway"
(ie in a new-feature patch you make the minimum fixes to the surrounding
old code needed to keep checkpatch happy with it)
 (2) mass fix-up of old style stuff as a separate patch

Mostly we use (1) but this does have the downside that old style
can lurk in not-often-touched files for a long time. So if the
maintainer (in this case Laurent) is happy with a type (2) fix-up
that's good too. (Personally I used to be much more in favour
of sticking with approach 1 but my opinion has changed over
time as I've seen the downsides of it.)

thanks
-- PMM

[Qemu-devel] [PATCH] edid: flip the default to enabled

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 include/hw/virtio/virtio-gpu.h | 2 +-
 hw/core/machine.c  | 8 +++-
 hw/display/bochs-display.c | 2 +-
 hw/display/vga-pci.c   | 4 ++--
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 8ecac1987a7f..6dd57f2025ec 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -125,7 +125,7 @@ typedef struct VirtIOGPUBaseClass {
 #define VIRTIO_GPU_BASE_PROPERTIES(_state, _conf)   \
 DEFINE_PROP_UINT32("max_outputs", _state, _conf.max_outputs, 1),\
 DEFINE_PROP_BIT("edid", _state, _conf.flags, \
-VIRTIO_GPU_FLAG_EDID_ENABLED, false), \
+VIRTIO_GPU_FLAG_EDID_ENABLED, true), \
 DEFINE_PROP_UINT32("xres", _state, _conf.xres, 1024), \
 DEFINE_PROP_UINT32("yres", _state, _conf.yres, 768)
 
diff --git a/hw/core/machine.c b/hw/core/machine.c
index f1a0f45f9c83..84ebb8d24701 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -24,7 +24,13 @@
 #include "hw/pci/pci.h"
 #include "hw/mem/nvdimm.h"
 
-GlobalProperty hw_compat_4_0_1[] = {};
+GlobalProperty hw_compat_4_0_1[] = {
+{ "VGA","edid", "false" },
+{ "secondary-vga",  "edid", "false" },
+{ "bochs-display",  "edid", "false" },
+{ "virtio-vga", "edid", "false" },
+{ "virtio-gpu-pci", "edid", "false" },
+};
 const size_t hw_compat_4_0_1_len = G_N_ELEMENTS(hw_compat_4_0_1);
 
 GlobalProperty hw_compat_4_0[] = {};
diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c
index 3d439eb2407b..681a047d793c 100644
--- a/hw/display/bochs-display.c
+++ b/hw/display/bochs-display.c
@@ -336,7 +336,7 @@ static void bochs_display_exit(PCIDevice *dev)
 
 static Property bochs_display_properties[] = {
 DEFINE_PROP_SIZE("vgamem", BochsDisplayState, vgamem, 16 * MiB),
-DEFINE_PROP_BOOL("edid", BochsDisplayState, enable_edid, false),
+DEFINE_PROP_BOOL("edid", BochsDisplayState, enable_edid, true),
 DEFINE_EDID_PROPERTIES(BochsDisplayState, edid_info),
 DEFINE_PROP_END_OF_LIST(),
 };
diff --git a/hw/display/vga-pci.c b/hw/display/vga-pci.c
index a17c96e703fe..3b76457ab077 100644
--- a/hw/display/vga-pci.c
+++ b/hw/display/vga-pci.c
@@ -338,7 +338,7 @@ static Property vga_pci_properties[] = {
 DEFINE_PROP_BIT("qemu-extended-regs",
 PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_QEXT, true),
 DEFINE_PROP_BIT("edid",
-PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_EDID, false),
+PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_EDID, true),
 DEFINE_EDID_PROPERTIES(PCIVGAState, edid_info),
 DEFINE_PROP_BOOL("global-vmstate", PCIVGAState, vga.global_vmstate, false),
 DEFINE_PROP_END_OF_LIST(),
@@ -349,7 +349,7 @@ static Property secondary_pci_properties[] = {
 DEFINE_PROP_BIT("qemu-extended-regs",
 PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_QEXT, true),
 DEFINE_PROP_BIT("edid",
-PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_EDID, false),
+PCIVGAState, flags, PCI_VGA_FLAG_ENABLE_EDID, true),
 DEFINE_EDID_PROPERTIES(PCIVGAState, edid_info),
 DEFINE_PROP_END_OF_LIST(),
 };
-- 
2.18.1

Re: [Qemu-devel] [PATCH 5/5] vhost-user-gpu: initialize msghdr & iov at declaration

[Peter Maydell]

On Wed, 5 Jun 2019 at 16:01, Marc-André Lureau
 wrote:
>
> This should fix uninitialized fields found by coverity CID 1401762.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  contrib/vhost-user-gpu/main.c | 21 -
>  1 file changed, 8 insertions(+), 13 deletions(-)
>

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 2/5] vhost-user: check unix_listen() return value

[Peter Maydell]

On Wed, 5 Jun 2019 at 16:02, Marc-André Lureau
 wrote:
>
> This check shouldn't be necessary, since &error_fatal is given as
> argument and will exit() on failure. However, this change should
> silence coverity CID 1401761 & 1401705.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  contrib/vhost-user-gpu/main.c   | 4 
>  contrib/vhost-user-input/main.c | 4 
>  2 files changed, 8 insertions(+)
>
> diff --git a/contrib/vhost-user-gpu/main.c b/contrib/vhost-user-gpu/main.c
> index 9614c9422c..e0b6df5b4d 100644
> --- a/contrib/vhost-user-gpu/main.c
> +++ b/contrib/vhost-user-gpu/main.c
> @@ -1160,6 +1160,10 @@ main(int argc, char *argv[])
>
>  if (opt_socket_path) {
>  int lsock = unix_listen(opt_socket_path, &error_fatal);
> +if (lsock < 0) {
> +g_printerr("Failed to listen on %s.\n", opt_socket_path);
> +exit(EXIT_FAILURE);
> +}
>  fd = accept(lsock, NULL, NULL);
>  close(lsock);
>  } else {
> diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c
> index 8d493f598e..8b854117f5 100644
> --- a/contrib/vhost-user-input/main.c
> +++ b/contrib/vhost-user-input/main.c
> @@ -367,6 +367,10 @@ main(int argc, char *argv[])
>
>  if (opt_socket_path) {
>  int lsock = unix_listen(opt_socket_path, &error_fatal);
> +if (lsock < 0) {
> +g_printerr("Failed to listen on %s.\n", opt_socket_path);
> +exit(EXIT_FAILURE);
> +}
>  fd = accept(lsock, NULL, NULL);
>  close(lsock);
>  } else {
> --
> 2.22.0.rc2.384.g1a9a72ea1d
>

Maybe better to just assert(lsock >= 0) ?
(I hadn't noticed the &error_fatal -- it means this new code
is unreachable.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH 4/5] vhost-user-input: check ioctl(EVIOCGNAME) return value

[Peter Maydell]

On Wed, 5 Jun 2019 at 16:04, Marc-André Lureau
 wrote:
>
> This should fix coverity CID 1401704.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  contrib/vhost-user-input/main.c | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c
> index 54f882602a..8b4e7d2536 100644
> --- a/contrib/vhost-user-input/main.c
> +++ b/contrib/vhost-user-input/main.c
> @@ -342,7 +342,11 @@ main(int argc, char *argv[])
>
>  vi.config = g_array_new(false, false, sizeof(virtio_input_config));
>  memset(&id, 0, sizeof(id));
> -ioctl(vi.evdevfd, EVIOCGNAME(sizeof(id.u.string) - 1), id.u.string);
> +if (ioctl(vi.evdevfd, EVIOCGNAME(sizeof(id.u.string) - 1),
> +  id.u.string) < 0) {
> +g_printerr("Failed to get evdev name: %s\n", g_strerror(errno));
> +exit(EXIT_FAILURE);
> +}


Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 0/3] misc usb-mtp fixes

[Peter Maydell]

On Mon, 1 Apr 2019 at 22:17, Bandan Das  wrote:
>
> v4:
>   Added 1/3: 
> v3:
>   2/2: Fix indentation
>Add back sending RES_OK for success
> v2:
>   1/2: Add Reviewed-by tag
>   2/2: remove extra vars and directly call usb_mtp_queue_result
>
> The first patch removes a unnecessary function
> and the second is just a code reorg of usb_mtp_write_data
> to make it less confusing. Applies on top of
> [PATCH v3] usb-mtp: fix return status of delete
> Message-ID:
>
> Bandan Das (3):
>   usb-mtp: fix return status of delete
>   usb-mtp: remove usb_mtp_object_free_one
>   usb-mtp: refactor the flow of usb_mtp_write_data

Hi Bandan, Gerd -- what's the status of this patchset?
I think this is the one that fixes the CID1399415
Coverity issue about usb_mtp_write_data() return values, right?

thanks
-- PMM

Re: [Qemu-devel] [PATCH] migration: Add error_desc for file channel errors

[Yury Kotov]

Ping

22.04.2019, 13:50, "Yury Kotov" :
> Currently, there is no information about error if outgoing migration was 
> failed
> because of file channel errors.
> Example (QMP session):
> -> { "execute": "migrate", "arguments": { "uri": "exec:head -c 1" }}
> <- { "return": {} }
> ...
> -> { "execute": "query-migrate" }
> <- { "return": { "status": "failed" }} // There is not error's description
>
> And even in the QEMU's output there is nothing.
>
> This patch
> 1) Adds errp for the most of QEMUFileOps
> 2) Adds qemu_file_get_error_obj/qemu_file_set_error_obj
> 3) And finally using of qemu_file_get_error_obj in migration.c
>
> And now, the status for the mentioned fail will be:
> -> { "execute": "query-migrate" }
> <- { "return": { "status": "failed",
>  "error-desc": "Unable to write to command: Broken pipe" }}
>
> Signed-off-by: Yury Kotov 
> ---
>  migration/migration.c | 10 --
>  migration/qemu-file-channel.c | 30 +
>  migration/qemu-file.c | 63 ---
>  migration/qemu-file.h | 15 ++---
>  migration/savevm.c | 6 ++--
>  5 files changed, 88 insertions(+), 36 deletions(-)
>
> diff --git a/migration/migration.c b/migration/migration.c
> index 609e0df5d0..7bcdc4613b 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -2949,6 +2949,7 @@ static MigThrError 
> migration_detect_error(MigrationState *s)
>  {
>  int ret;
>  int state = s->state;
> + Error *local_error = NULL;
>
>  if (state == MIGRATION_STATUS_CANCELLING ||
>  state == MIGRATION_STATUS_CANCELLED) {
> @@ -2957,13 +2958,18 @@ static MigThrError 
> migration_detect_error(MigrationState *s)
>  }
>
>  /* Try to detect any file errors */
> - ret = qemu_file_get_error(s->to_dst_file);
> -
> + ret = qemu_file_get_error_obj(s->to_dst_file, &local_error);
>  if (!ret) {
>  /* Everything is fine */
> + assert(!local_error);
>  return MIG_THR_ERR_NONE;
>  }
>
> + if (local_error) {
> + migrate_set_error(s, local_error);
> + error_free(local_error);
> + }
> +
>  if (state == MIGRATION_STATUS_POSTCOPY_ACTIVE && ret == -EIO) {
>  /*
>   * For postcopy, we allow the network to be down for a
> diff --git a/migration/qemu-file-channel.c b/migration/qemu-file-channel.c
> index 8e639eb496..c382ea2d78 100644
> --- a/migration/qemu-file-channel.c
> +++ b/migration/qemu-file-channel.c
> @@ -33,7 +33,8 @@
>  static ssize_t channel_writev_buffer(void *opaque,
>   struct iovec *iov,
>   int iovcnt,
> - int64_t pos)
> + int64_t pos,
> + Error **errp)
>  {
>  QIOChannel *ioc = QIO_CHANNEL(opaque);
>  ssize_t done = 0;
> @@ -47,7 +48,7 @@ static ssize_t channel_writev_buffer(void *opaque,
>
>  while (nlocal_iov > 0) {
>  ssize_t len;
> - len = qio_channel_writev(ioc, local_iov, nlocal_iov, NULL);
> + len = qio_channel_writev(ioc, local_iov, nlocal_iov, errp);
>  if (len == QIO_CHANNEL_ERR_BLOCK) {
>  if (qemu_in_coroutine()) {
>  qio_channel_yield(ioc, G_IO_OUT);
> @@ -57,7 +58,6 @@ static ssize_t channel_writev_buffer(void *opaque,
>  continue;
>  }
>  if (len < 0) {
> - /* XXX handle Error objects */
>  done = -EIO;
>  goto cleanup;
>  }
> @@ -75,13 +75,14 @@ static ssize_t channel_writev_buffer(void *opaque,
>  static ssize_t channel_get_buffer(void *opaque,
>    uint8_t *buf,
>    int64_t pos,
> - size_t size)
> + size_t size,
> + Error **errp)
>  {
>  QIOChannel *ioc = QIO_CHANNEL(opaque);
>  ssize_t ret;
>
>  do {
> - ret = qio_channel_read(ioc, (char *)buf, size, NULL);
> + ret = qio_channel_read(ioc, (char *)buf, size, errp);
>  if (ret < 0) {
>  if (ret == QIO_CHANNEL_ERR_BLOCK) {
>  if (qemu_in_coroutine()) {
> @@ -90,7 +91,6 @@ static ssize_t channel_get_buffer(void *opaque,
>  qio_channel_wait(ioc, G_IO_IN);
>  }
>  } else {
> - /* XXX handle Error * object */
>  return -EIO;
>  }
>  }
> @@ -100,18 +100,20 @@ static ssize_t channel_get_buffer(void *opaque,
>  }
>
> -static int channel_close(void *opaque)
> +static int channel_close(void *opaque, Error **errp)
>  {
> + int ret;
>  QIOChannel *ioc = QIO_CHANNEL(opaque);
> - qio_channel_close(ioc, NULL);
> + ret = qio_channel_close(ioc, errp);
>  object_unref(OBJECT(ioc));
> - return 0;
> + return ret;
>  }
>
>  static int channel_shutdown(void *opaque,
>  bool rd,
> - bool wr)
> + bool wr,
> + Error **errp)
>  {
>  QIOChannel *ioc = QIO_CHANNEL(opaque);
>
> @@ -125,8 +127,7 @@ static int channel_shutdown(void *opaque,
>  } else {
>  mode = QIO_CHANNEL_SHUTDOWN_WRITE;
>  }
> - if (qio_channel_shutdown(ioc, mode, NU

Re: [Qemu-devel] [PATCH v2] m68k comments break patch submission due to being incorrectly formatted

[Laurent Vivier]

Le 07/06/2019 à 10:34, Peter Maydell a écrit :
> On Fri, 7 Jun 2019 at 04:30, Lucien Murray-Pitts
>  wrote:
>> checkpatch is correctly identifying the wrong style in the changed code.
>> This changed code contains the original comments with ADDITIONAL edits
>> resulting in pachew/checkpatch complaining.
>>
>> The m68k is, by my guess, older code and nearly all the comments are 
>> different
>> from the style guide.  Some are "/**" or "/*commment here" and so on.
> 
> Yeah. We have a fair bit of old-style code in the codebase. There
> are two different approaches we take to this:
>  (1) the most common is "fix the parts your patch is touching anyway"
> (ie in a new-feature patch you make the minimum fixes to the surrounding
> old code needed to keep checkpatch happy with it)
>  (2) mass fix-up of old style stuff as a separate patch
> 
> Mostly we use (1) but this does have the downside that old style
> can lurk in not-often-touched files for a long time. So if the
> maintainer (in this case Laurent) is happy with a type (2) fix-up
> that's good too. (Personally I used to be much more in favour
> of sticking with approach 1 but my opinion has changed over
> time as I've seen the downsides of it.)

I also prefer (1) because (2) hides real commit modifying the code ((2)
complicates the use of 'git blame') but (1) ends with having mixed style
in one file and it's very ugly. Moreover it complicates life of new
contributors that don't know what to do with the errors from checkpatch
or patchew. So, in the case of m68k, I agree with a massive update of
the comment style.

Thanks,
Laurent

[Qemu-devel] [PULL 04/52] tests/docker: Update the Fedora cross compile images to 30

[Alex Bennée]

While at it remove the bogus :latest tag for cris cross compiler. It
tends to break caching and cause confusion.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

diff --git a/tests/docker/dockerfiles/fedora-cris-cross.docker 
b/tests/docker/dockerfiles/fedora-cris-cross.docker
index b168ada615..09e7e449f9 100644
--- a/tests/docker/dockerfiles/fedora-cris-cross.docker
+++ b/tests/docker/dockerfiles/fedora-cris-cross.docker
@@ -2,7 +2,7 @@
 # Cross compiler for cris system tests
 #
 
-FROM fedora:latest
+FROM fedora:30
 ENV PACKAGES gcc-cris-linux-gnu
 RUN dnf install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
diff --git a/tests/docker/dockerfiles/fedora-i386-cross.docker 
b/tests/docker/dockerfiles/fedora-i386-cross.docker
index eb8108d118..9106cf9ebe 100644
--- a/tests/docker/dockerfiles/fedora-i386-cross.docker
+++ b/tests/docker/dockerfiles/fedora-i386-cross.docker
@@ -1,4 +1,4 @@
-FROM fedora:29
+FROM fedora:30
 ENV PACKAGES \
 gcc \
 glib2-devel.i686 \
-- 
2.20.1

[Qemu-devel] [PULL 03/52] tests/docker: Update the Fedora image to Fedora 30

[Alex Bennée]

From: Philippe Mathieu-Daudé 

Fedora 30 got released:

  https://fedoramagazine.org/announcing-fedora-30/

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Marc-André Lureau 
Tested-by: Stefano Garzarella 
Reviewed-by: Stefano Garzarella 
Message-Id: <20190528153304.27157-1-phi...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index afbba29ada..12c460597e 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,4 +1,4 @@
-FROM fedora:29
+FROM fedora:30
 ENV PACKAGES \
 bc \
 bison \
-- 
2.20.1

[Qemu-devel] [PULL 05/52] tests/docker: Update the Ubuntu image to 19.04

[Alex Bennée]

This has aged a little and we have a separate LTS image for testing on
the older distros. Update it to a more recent release like its Fedora
cousin.

Besides it is useful to have something with gcc-9 on it for squashing
those stringop truncation errors.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 

diff --git a/tests/docker/dockerfiles/ubuntu.docker 
b/tests/docker/dockerfiles/ubuntu.docker
index 36e2b17de5..8d256961f0 100644
--- a/tests/docker/dockerfiles/ubuntu.docker
+++ b/tests/docker/dockerfiles/ubuntu.docker
@@ -1,6 +1,15 @@
-FROM ubuntu:16.04
-RUN echo "deb http://archive.ubuntu.com/ubuntu/ trusty universe multiverse" >> 
\
-/etc/apt/sources.list
+#
+# Latest Ubuntu Release
+#
+# Useful for testing against relatively bleeding edge libraries and
+# compilers. We also have seperate recipe for the most recent LTS
+# release.
+#
+# When updating use the full tag not :latest otherwise the build
+# system won't pick up that it has changed.
+#
+
+FROM ubuntu:19.04
 ENV PACKAGES flex bison \
 ccache \
 clang \
@@ -21,7 +30,7 @@ ENV PACKAGES flex bison \
 libepoxy-dev \
 libfdt-dev \
 libgbm-dev \
-libgnutls-dev \
+libgnutls28-dev \
 libgtk-3-dev \
 libibverbs-dev \
 libiscsi-dev \
@@ -34,7 +43,7 @@ ENV PACKAGES flex bison \
 libnss3-dev \
 libnuma-dev \
 libpixman-1-dev \
-libpng12-dev \
+libpng-dev \
 librados-dev \
 librbd-dev \
 librdmacm-dev \
-- 
2.20.1

[Qemu-devel] [PULL 02/52] qemu-io-cmds: use clock_gettime for benchmarking

[Alex Bennée]

The previous use of gettimeofday() ran into undefined behaviour when
we ended up doing a div 0 for a very short operation. This is because
gettimeofday only works at the microsecond level as well as being
prone to discontinuous jumps in system time. Using clock_gettime with
CLOCK_MONOTONIC gives greater precision and alleviates some of the
potential problems with time jumping around.

We could use CLOCK_MONOTONIC_RAW to avoid being tripped up by NTP and
adjtime but that is Linux specific so I decided it would do for now.

Signed-off-by: Alex Bennée 

diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 30a7d9a13b..8904733961 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -248,20 +248,21 @@ static void cvtstr(double value, char *str, size_t size)
 
 
 
-static struct timeval tsub(struct timeval t1, struct timeval t2)
+static struct timespec tsub(struct timespec t1, struct timespec t2)
 {
-t1.tv_usec -= t2.tv_usec;
-if (t1.tv_usec < 0) {
-t1.tv_usec += 100;
+t1.tv_nsec -= t2.tv_nsec;
+if (t1.tv_nsec < 0) {
+t1.tv_nsec += NANOSECONDS_PER_SECOND;
 t1.tv_sec--;
 }
 t1.tv_sec -= t2.tv_sec;
 return t1;
 }
 
-static double tdiv(double value, struct timeval tv)
+static double tdiv(double value, struct timespec tv)
 {
-return value / ((double)tv.tv_sec + ((double)tv.tv_usec / 100.0));
+double seconds = tv.tv_sec + (tv.tv_nsec / 1e9);
+return value / seconds;
 }
 
 #define HOURS(sec)  ((sec) / (60 * 60))
@@ -274,29 +275,27 @@ enum {
 VERBOSE_FIXED_TIME  = 0x2,
 };
 
-static void timestr(struct timeval *tv, char *ts, size_t size, int format)
+static void timestr(struct timespec *tv, char *ts, size_t size, int format)
 {
-double usec = (double)tv->tv_usec / 100.0;
+double frac_sec = tv->tv_nsec / 1e9;
 
 if (format & TERSE_FIXED_TIME) {
 if (!HOURS(tv->tv_sec)) {
-snprintf(ts, size, "%u:%02u.%02u",
-(unsigned int) MINUTES(tv->tv_sec),
-(unsigned int) SECONDS(tv->tv_sec),
-(unsigned int) (usec * 100));
+snprintf(ts, size, "%u:%05.2f",
+ (unsigned int) MINUTES(tv->tv_sec),
+ SECONDS(tv->tv_sec) + frac_sec);
 return;
 }
 format |= VERBOSE_FIXED_TIME; /* fallback if hours needed */
 }
 
 if ((format & VERBOSE_FIXED_TIME) || tv->tv_sec) {
-snprintf(ts, size, "%u:%02u:%02u.%02u",
+snprintf(ts, size, "%u:%02u:%05.2f",
 (unsigned int) HOURS(tv->tv_sec),
 (unsigned int) MINUTES(tv->tv_sec),
-(unsigned int) SECONDS(tv->tv_sec),
-(unsigned int) (usec * 100));
+ SECONDS(tv->tv_sec) + frac_sec);
 } else {
-snprintf(ts, size, "0.%04u sec", (unsigned int) (usec * 1));
+snprintf(ts, size, "%05.2f sec", frac_sec);
 }
 }
 
@@ -376,7 +375,7 @@ static void dump_buffer(const void *buffer, int64_t offset, 
int64_t len)
 }
 }
 
-static void print_report(const char *op, struct timeval *t, int64_t offset,
+static void print_report(const char *op, struct timespec *t, int64_t offset,
  int64_t count, int64_t total, int cnt, bool Cflag)
 {
 char s1[64], s2[64], ts[64];
@@ -649,7 +648,7 @@ static const cmdinfo_t read_cmd = {
 
 static int read_f(BlockBackend *blk, int argc, char **argv)
 {
-struct timeval t1, t2;
+struct timespec t1, t2;
 bool Cflag = false, qflag = false, vflag = false;
 bool Pflag = false, sflag = false, lflag = false, bflag = false;
 int c, cnt, ret;
@@ -758,13 +757,13 @@ static int read_f(BlockBackend *blk, int argc, char 
**argv)
 
 buf = qemu_io_alloc(blk, count, 0xab);
 
-gettimeofday(&t1, NULL);
+clock_gettime(CLOCK_MONOTONIC, &t1);
 if (bflag) {
 ret = do_load_vmstate(blk, buf, offset, count, &total);
 } else {
 ret = do_pread(blk, buf, offset, count, &total);
 }
-gettimeofday(&t2, NULL);
+clock_gettime(CLOCK_MONOTONIC, &t2);
 
 if (ret < 0) {
 printf("read failed: %s\n", strerror(-ret));
@@ -836,7 +835,7 @@ static const cmdinfo_t readv_cmd = {
 
 static int readv_f(BlockBackend *blk, int argc, char **argv)
 {
-struct timeval t1, t2;
+struct timespec t1, t2;
 bool Cflag = false, qflag = false, vflag = false;
 int c, cnt, ret;
 char *buf;
@@ -891,9 +890,9 @@ static int readv_f(BlockBackend *blk, int argc, char **argv)
 return -EINVAL;
 }
 
-gettimeofday(&t1, NULL);
+clock_gettime(CLOCK_MONOTONIC, &t1);
 ret = do_aio_readv(blk, &qiov, offset, &total);
-gettimeofday(&t2, NULL);
+clock_gettime(CLOCK_MONOTONIC, &t2);
 
 if (ret < 0) {
 printf("readv failed: %s\n", strerror(-ret));
@@ -972,7 +971,7 @@ static const cmdinfo_t write_cmd = {
 
 static int write_f(BlockBackend *blk, int argc, char **argv)
 {
-struct timeval t1, t2;
+struct timespec t1, t2;
 bool Cf

[Qemu-devel] [PULL 00/52] testing, gdbstub and cputlb fixes

[Alex Bennée]

The following changes since commit 0d74f3b4277a7ecb0ccb80c865797d11f8e466f5:

  Merge remote-tracking branch 
'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-06-06 
14:09:14 +0100)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-testing-gdbstub-cputlb-070619-1

for you to fetch changes up to 611a3db380ef9f670c5c82837c4889f7e19ded10:

  gdbstub: Implement qemu physical memory mode (2019-06-07 08:39:03 +0100)


Various fixes and updates:

  - editor config tweak for shell scripts
  - iotest updates (still not default for make check)
  - various docker updates
  - gcc/ubsan updates for travis
  - clean-ups for tests/vm including autoinstall
  - semihosting fix for Coverity
  - fixes for cputlb in 64-on-32 cases
  - gdbstub re-factor + maintainership update


Alex Bennée (13):
  editorconfig: add setting for shell scripts
  qemu-io-cmds: use clock_gettime for benchmarking
  tests/docker: Update the Fedora cross compile images to 30
  tests/docker: Update the Ubuntu image to 19.04
  .travis.yml: bump gcc sanitiser job to gcc-9
  .travis.yml: add clang ubsan job
  semihosting: split console_out into string and char versions
  cputlb: use uint64_t for interim values for unaligned load
  tests/tcg: better detect truncated reads
  tests/tcg: clean-up VPATH/TESTS for i386
  tests/tcg/x86_64: add a PVH crt.o for x86_64 system tests
  MAINTAINERS: put myself forward for gdbstub
  cputlb: cast size_t to target_ulong before using for address masks

Gerd Hoffmann (14):
  scripts: use git archive in archive-source
  tests/vm: python3 fixes
  tests/vm: send proxy environment variables over ssh
  tests/vm: use ssh with pty unconditionally
  tests/vm: run test builds on snapshot
  tests/vm: proper guest shutdown
  tests/vm: add vm-boot-{ssh,serial}- targets
  tests/vm: add DEBUG=1 to help text
  tests/vm: serial console support helpers
  tests/vm: openbsd autoinstall, using serial console
  tests/vm: freebsd autoinstall, using serial console
  tests/vm: netbsd autoinstall, using serial console
  tests/vm: fedora autoinstall, using serial console
  tests/vm: ubuntu.i386: apt proxy setup

Jon Doron (20):
  gdbstub: Add infrastructure to parse cmd packets
  gdbstub: Implement deatch (D pkt) with new infra
  gdbstub: Implement thread_alive (T pkt) with new infra
  gdbstub: Implement continue (c pkt) with new infra
  gdbstub: Implement continue with signal (C pkt) with new infra
  gdbstub: Implement set_thread (H pkt) with new infra
  gdbstub: Implement breakpoint commands (Z/z pkt) with new infra
  gdbstub: Implement set register (P pkt) with new infra
  gdbstub: Implement get register (p pkt) with new infra
  gdbstub: Implement write memory (M pkt) with new infra
  gdbstub: Implement read memory (m pkt) with new infra
  gdbstub: Implement write all registers (G pkt) with new infra
  gdbstub: Implement read all registers (g pkt) with new infra
  gdbstub: Implement file io (F pkt) with new infra
  gdbstub: Implement step (s pkt) with new infra
  gdbstub: Implement v commands with new infra
  gdbstub: Implement generic set/query (Q/q pkt) with new infra
  gdbstub: Implement target halted (? pkt) with new infra
  gdbstub: Clear unused variables in gdb_handle_packet
  gdbstub: Implement qemu physical memory mode

Philippe Mathieu-Daudé (1):
  tests/docker: Update the Fedora image to Fedora 30

Wainer dos Santos Moschetta (4):
  tests/vm: Use python configured on build
  tests/vm: Port basevm to Python 3
  tests/vm: Fix build-centos docker-based tests run
  tests/vm: Add missing variables on help

 .editorconfig |4 +
 .travis.yml   |   17 +-
 MAINTAINERS   |4 +-
 accel/tcg/cputlb.c|4 +-
 gdbstub.c | 1761 +++--
 hw/semihosting/console.c  |   34 +-
 include/hw/semihosting/console.h  |   25 +-
 linux-user/arm/semihost.c |   31 +-
 qemu-io-cmds.c|   77 +-
 scripts/archive-source.sh |   72 +-
 target/arm/arm-semi.c |4 +-
 tests/docker/dockerfiles/fedora-cris-cross.docker |2 +-
 tests/docker/dockerfiles/fedora-i386-cross.docker |2 +-
 tests/docker/dockerfiles/fedora.docker|2 +-
 tests/docker/dockerfiles/ubuntu.docker|   19 +-
 tests/tcg/i386/Makefile.softmmu-target|   10 +-
 tests/tcg/multiarch/system/memory.c   |   36 +-
 tests/tc

[Qemu-devel] [PULL 07/52] .travis.yml: add clang ubsan job

[Alex Bennée]

We document this on our wiki and we might as well catch it in our CI
rather than waiting for it to be picked up on merge:

  https://wiki.qemu.org/Testing#clang_UBSan

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

diff --git a/.travis.yml b/.travis.yml
index f0aa37f2d1..2f1658602e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -152,6 +152,13 @@ matrix:
   compiler: clang
 
 
+- env:
+- CONFIG="--target-list=${MAIN_SOFTMMU_TARGETS} "
+  compiler: clang
+  before_script:
+- ./configure ${CONFIG} --extra-cflags="-fsanitize=undefined -Werror" 
|| { cat config.log && exit 1; }
+
+
 - env:
 - CONFIG="--disable-user --target-list-exclude=${MAIN_SOFTMMU_TARGETS}"
   compiler: clang
-- 
2.20.1

[Qemu-devel] [PULL 09/52] tests/vm: Port basevm to Python 3

[Alex Bennée]

From: Wainer dos Santos Moschetta 

Fixed tests/vm/basevm.py to run with Python 3:
 - hashlib.sha1() requires an binary encoded object.
 - uses floor division ("//") (PEP 238).
 - decode bytes to unicode when needed.

Signed-off-by: Wainer dos Santos Moschetta 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190329210804.22121-3-waine...@redhat.com>
Signed-off-by: Alex Bennée 
Tested-by: Philippe Mathieu-Daudé 

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 0556bdcf9e..083befce9f 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -85,12 +85,12 @@ class BaseVM(object):
 if not sha256sum:
 return True
 checksum = subprocess.check_output(["sha256sum", fname]).split()[0]
-return sha256sum == checksum
+return sha256sum == checksum.decode()
 
 cache_dir = os.path.expanduser("~/.cache/qemu-vm/download")
 if not os.path.exists(cache_dir):
 os.makedirs(cache_dir)
-fname = os.path.join(cache_dir, hashlib.sha1(url).hexdigest())
+fname = os.path.join(cache_dir, hashlib.sha1(url.encode()).hexdigest())
 if os.path.exists(fname) and check_sha256sum(fname):
 return fname
 logging.debug("Downloading %s to %s...", url, fname)
@@ -134,7 +134,7 @@ class BaseVM(object):
 raise NotImplementedError
 
 def add_source_dir(self, src_dir):
-name = "data-" + hashlib.sha1(src_dir).hexdigest()[:5]
+name = "data-" + hashlib.sha1(src_dir.encode()).hexdigest()[:5]
 tarfile = os.path.join(self._tmpdir, name + ".tar")
 logging.debug("Creating archive %s for src_dir dir: %s", tarfile, 
src_dir)
 subprocess.check_call(["./scripts/archive-source.sh", tarfile],
@@ -204,7 +204,7 @@ def parse_args(vmcls):
 
 def get_default_jobs():
 if kvm_available(vmcls.arch):
-return multiprocessing.cpu_count() / 2
+return multiprocessing.cpu_count() // 2
 else:
 return 1
 
-- 
2.20.1

[Qemu-devel] [PULL 10/52] tests/vm: Fix build-centos docker-based tests run

[Alex Bennée]

From: Wainer dos Santos Moschetta 

`make vm-build-centos` run docker-based tests on CentOS. The
created containers should have network otherwise some tests
fail. Also fixed the BUILD_SCRIPT template to correctly
evaluate "V=1" for verbose output.

Signed-off-by: Wainer dos Santos Moschetta 
Message-Id: <20190329210804.22121-5-waine...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/centos b/tests/vm/centos
index ba133ea429..7417b50af4 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -26,9 +26,9 @@ class CentosVM(basevm.BaseVM):
 export SRC_ARCHIVE=/dev/vdb;
 sudo chmod a+r $SRC_ARCHIVE;
 tar -xf $SRC_ARCHIVE;
-make docker-test-block@centos7 V={verbose} J={jobs};
-make docker-test-quick@centos7 V={verbose} J={jobs};
-make docker-test-mingw@fedora V={verbose} J={jobs};
+make docker-test-block@centos7 {verbose} J={jobs} NETWORK=1;
+make docker-test-quick@centos7 {verbose} J={jobs} NETWORK=1;
+make docker-test-mingw@fedora  {verbose} J={jobs} NETWORK=1;
 """
 
 def _gen_cloud_init_iso(self):
-- 
2.20.1

[Qemu-devel] [PULL 01/52] editorconfig: add setting for shell scripts

[Alex Bennée]

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 

diff --git a/.editorconfig b/.editorconfig
index df6db65531..a001f340bd 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -26,6 +26,10 @@ file_type_emacs = makefile
 indent_style = space
 indent_size = 4
 
+[*.sh]
+indent_style = space
+indent_size = 4
+
 [*.{s,S}]
 indent_style = tab
 indent_size = 8
-- 
2.20.1

[Qemu-devel] [PULL 11/52] tests/vm: Add missing variables on help

[Alex Bennée]

From: Wainer dos Santos Moschetta 

Added description of variables missing on vm-test help.

Signed-off-by: Wainer dos Santos Moschetta 
Message-Id: <20190329210804.22121-6-waine...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 6f82676306..c59411bee0 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -21,9 +21,13 @@ vm-test:
@echo "  vm-clean-all- Clean up VM images"
@echo
@echo "Special variables:"
-   @echo "BUILD_TARGET=foo  - override the build target"
-   @echo "TARGET_LIST=a,b,c - Override target list in 
builds."
+   @echo "BUILD_TARGET=foo  - Override the build target"
+   @echo "TARGET_LIST=a,b,c - Override target list in 
builds"
@echo 'EXTRA_CONFIGURE_OPTS="..."'
+   @echo "J=[0..9]* - Override the -jN parameter 
for make commands"
+   @echo "DEBUG=1   - Enable verbose output on 
host and interactive debugging"
+   @echo "V=1   - Enable verbose ouput on host 
and guest commands"
+   @echo "QEMU=/path/to/qemu- Change path to QEMU binary"
 
 vm-build-all: $(addprefix vm-build-, $(IMAGES))
 
-- 
2.20.1

[Qemu-devel] [PATCH v17 12/24] target/rx: Add RX to SysEmuTarget

[Yoshinori Sato]

From: Richard Henderson 

Fixes check-qtest-rx: tests/qmp-cmd-test

Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 qapi/common.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qapi/common.json b/qapi/common.json
index 99d313ef3b..d0fc931159 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -183,6 +183,7 @@
 #is true even for "qemu-system-x86_64".
 #
 # ppcemb: dropped in 3.1
+# rx: added in 4.1
 #
 # Since: 3.0
 ##
@@ -190,6 +191,6 @@
   'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
  'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
  'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
- 'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
+ 'ppc64', 'riscv32', 'riscv64', 'rx', 's390x', 'sh4',
  'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
  'x86_64', 'xtensa', 'xtensaeb' ] }
-- 
2.11.0

[Qemu-devel] [PULL 36/52] gdbstub: Implement continue (c pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-5-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index ad00f223f2..c3089a6b5a 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1531,6 +1531,16 @@ static void handle_thread_alive(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 put_packet(gdb_ctx->s, "OK");
 }
 
+static void handle_continue(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (gdb_ctx->num_params) {
+gdb_set_cpu_pc(gdb_ctx->s, gdb_ctx->params[0].val_ull);
+}
+
+gdb_ctx->s->signal = 0;
+gdb_continue(gdb_ctx->s);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1567,13 +1577,16 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 gdb_breakpoint_remove_all();
 break;
 case 'c':
-if (*p != '\0') {
-addr = strtoull(p, (char **)&p, 16);
-gdb_set_cpu_pc(s, addr);
+{
+static const GdbCmdParseEntry continue_cmd_desc = {
+.handler = handle_continue,
+.cmd = "c",
+.cmd_startswith = 1,
+.schema = "L0"
+};
+cmd_parser = &continue_cmd_desc;
 }
-s->signal = 0;
-gdb_continue(s);
-return RS_IDLE;
+break;
 case 'C':
 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
 if (s->signal == -1)
-- 
2.20.1

[Qemu-devel] [PULL 06/52] .travis.yml: bump gcc sanitiser job to gcc-9

[Alex Bennée]

The toolchain PPA has it so we might as well use it. We currently have
to add:

  -Wno-error=stringop-truncation

as there are still strncpy operations in the tree operating on things
that haven't been annotated with QEMU_NONSTRING.

Signed-off-by: Alex Bennée 

diff --git a/.travis.yml b/.travis.yml
index b053a836a3..f0aa37f2d1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -240,8 +240,8 @@ matrix:
 - ubuntu-toolchain-r-test
   packages:
 # Extra toolchains
-- gcc-7
-- g++-7
+- gcc-9
+- g++-9
 # Build dependencies
 - libaio-dev
 - libattr1-dev
@@ -270,11 +270,11 @@ matrix:
   language: generic
   compiler: none
   env:
-- COMPILER_NAME=gcc CXX=g++-7 CC=gcc-7
-- CONFIG="--cc=gcc-7 --cxx=g++-7 --disable-pie --disable-linux-user"
+- COMPILER_NAME=gcc CXX=g++-9 CC=gcc-9
+- CONFIG="--cc=gcc-9 --cxx=g++-9 --disable-pie --disable-linux-user"
 - TEST_CMD=""
   before_script:
-- ./configure ${CONFIG} --extra-cflags="-g3 -O0 -fsanitize=thread 
-fuse-ld=gold" || { cat config.log && exit 1; }
+- ./configure ${CONFIG} --extra-cflags="-g3 -O0 
-Wno-error=stringop-truncation -fsanitize=thread -fuse-ld=gold" || { cat 
config.log && exit 1; }
 
 
 # Run check-tcg against linux-user
-- 
2.20.1

[Qemu-devel] [PULL 17/52] tests/vm: proper guest shutdown

[Alex Bennée]

From: Gerd Hoffmann 

When not running in snapshot mode ask the guest to poweroff and wait for
this to finish instead of simply quitting qemu, so the guest can flush
pending updates to disk.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-7-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 395eefaec9..f27178f3c7 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -51,6 +51,8 @@ class BaseVM(object):
 name = "#base"
 # The guest architecture, to be overridden by subclasses
 arch = "#arch"
+# command to halt the guest, can be overridden by subclasses
+poweroff = "poweroff"
 def __init__(self, debug=False, vcpus=None):
 self._guest = None
 self._tmpdir = os.path.realpath(tempfile.mkdtemp(prefix="vm-test-",
@@ -202,6 +204,10 @@ class BaseVM(object):
 def wait(self):
 self._guest.wait()
 
+def graceful_shutdown(self):
+self.ssh_root(self.poweroff)
+self._guest.wait()
+
 def qmp(self, *args, **kwargs):
 return self._guest.qmp(*args, **kwargs)
 
@@ -278,11 +284,13 @@ def main(vmcls):
 traceback.print_exc()
 return 2
 
-if args.interactive:
-if vm.ssh(*cmd) == 0:
-return 0
+exitcode = 0
+if vm.ssh(*cmd) != 0:
+exitcode = 3
+if exitcode != 0 and args.interactive:
 vm.ssh()
-return 3
-else:
-if vm.ssh(*cmd) != 0:
-return 3
+
+if not args.snapshot:
+vm.graceful_shutdown()
+
+return exitcode
-- 
2.20.1

[Qemu-devel] [PATCH v17 20/24] target/rx: Use prt_ldmi for XCHG_mr disassembly

[Yoshinori Sato]

From: Richard Henderson 

Note that the ld == 3 case handled by prt_ldmi is decoded as
XCHG_rr and cannot appear here.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 515b365528..db10385fd0 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -366,13 +366,7 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-static const char msize[][4] = {
-"b", "w", "l", "ub", "uw",
-};
-char dsp[8];
-
-rx_index_addr(ctx, dsp, a->ld, a->mi);
-prt("xchg\t%s[r%d].%s, r%d", dsp, a->rs, msize[a->mi], a->rd);
+prt_ldmi(ctx, "xchg", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
-- 
2.11.0

[Qemu-devel] [PATCH] kvm-all: Add/update fprintf's for kvm_*_ioeventfd_del

[Yury Kotov]

Signed-off-by: Yury Kotov 
---
 accel/kvm/kvm-all.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 524c4ddfbd..e4ac3386cb 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -864,8 +864,8 @@ static void kvm_mem_ioeventfd_add(MemoryListener *listener,
data, true, int128_get64(section->size),
match_data);
 if (r < 0) {
-fprintf(stderr, "%s: error adding ioeventfd: %s\n",
-__func__, strerror(-r));
+fprintf(stderr, "%s: error adding ioeventfd: %s (%d)\n",
+__func__, strerror(-r), -r);
 abort();
 }
 }
@@ -882,6 +882,8 @@ static void kvm_mem_ioeventfd_del(MemoryListener *listener,
data, false, int128_get64(section->size),
match_data);
 if (r < 0) {
+fprintf(stderr, "%s: error deleting ioeventfd: %s (%d)\n",
+__func__, strerror(-r), -r);
 abort();
 }
 }
@@ -898,8 +900,8 @@ static void kvm_io_ioeventfd_add(MemoryListener *listener,
   data, true, int128_get64(section->size),
   match_data);
 if (r < 0) {
-fprintf(stderr, "%s: error adding ioeventfd: %s\n",
-__func__, strerror(-r));
+fprintf(stderr, "%s: error adding ioeventfd: %s (%d)\n",
+__func__, strerror(-r), -r);
 abort();
 }
 }
@@ -917,6 +919,8 @@ static void kvm_io_ioeventfd_del(MemoryListener *listener,
   data, false, int128_get64(section->size),
   match_data);
 if (r < 0) {
+fprintf(stderr, "%s: error deleting ioeventfd: %s (%d)\n",
+__func__, strerror(-r), -r);
 abort();
 }
 }
-- 
2.21.0

[Qemu-devel] [PULL 08/52] tests/vm: Use python configured on build

[Alex Bennée]

From: Wainer dos Santos Moschetta 

Changed the vm-test makefile to execute python scripts
with the interpreter configured on build. This allows to
run vm-test targets properly in Linux distros with Python 3
only support.

Signed-off-by: Wainer dos Santos Moschetta 
Message-Id: <20190329210804.22121-2-waine...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 992d823f6b..6f82676306 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -35,7 +35,7 @@ $(IMAGES_DIR)/%.img:  $(SRC_PATH)/tests/vm/% \
$(SRC_PATH)/tests/vm/Makefile.include
@mkdir -p $(IMAGES_DIR)
$(call quiet-command, \
-   $< \
+   $(PYTHON) $< \
$(if $(V)$(DEBUG), --debug) \
--image "$@" \
--force \
@@ -46,7 +46,7 @@ $(IMAGES_DIR)/%.img:  $(SRC_PATH)/tests/vm/% \
 # Build in VM $(IMAGE)
 vm-build-%: $(IMAGES_DIR)/%.img
$(call quiet-command, \
-   $(SRC_PATH)/tests/vm/$* \
+   $(PYTHON) $(SRC_PATH)/tests/vm/$* \
$(if $(V)$(DEBUG), --debug) \
$(if $(DEBUG), --interactive) \
$(if $(J),--jobs $(J)) \
-- 
2.20.1

[Qemu-devel] [PATCH v17 14/24] tests: Add rx to machine-none-test.c

[Yoshinori Sato]

From: Richard Henderson 

Fixes check-qtest-rx: tests/machine-none-test.

Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 tests/machine-none-test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 4c6d470798..80df277357 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -56,6 +56,7 @@ static struct arch2cpu cpus_map[] = {
 { "hppa", "hppa" },
 { "riscv64", "rv64gcsu-v1.10.0" },
 { "riscv32", "rv32gcsu-v1.9.1" },
+{ "rx", "rx62n" },
 };
 
 static const char *get_cpu_model_by_arch(const char *arch)
-- 
2.11.0

[Qemu-devel] [PATCH v17 13/24] target/rx: Fix cpu types and names

[Yoshinori Sato]

From: Richard Henderson 

There was confusion here about abstract classes and naming cpus.
We had registered a concrete class named "-rxcpu".  This was put
into the default cpu fields, and matched, so basic tests worked.
However, no value for -cpu could ever match in rx_cpu_class_by_name.

Rename the base class to "rx-cpu" and make it abstract.  This
matches what we do for most other targets.  Create a new concrete
cpu with the name "rx62n-rx-cpu".

Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu.h | 12 ++--
 hw/rx/rx-virt.c |  2 +-
 hw/rx/rx62n.c   |  2 +-
 target/rx/cpu.c | 43 ++-
 4 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/target/rx/cpu.h b/target/rx/cpu.h
index 8c1a4e448d..a0b6975963 100644
--- a/target/rx/cpu.h
+++ b/target/rx/cpu.h
@@ -24,14 +24,14 @@
 #include "hw/registerfields.h"
 #include "qom/cpu.h"
 
-#define TYPE_RXCPU "rxcpu"
+#define TYPE_RX_CPU "rx-cpu"
 
 #define RXCPU_CLASS(klass) \
-OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RXCPU)
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RX_CPU)
 #define RXCPU(obj) \
-OBJECT_CHECK(RXCPU, (obj), TYPE_RXCPU)
+OBJECT_CHECK(RXCPU, (obj), TYPE_RX_CPU)
 #define RXCPU_GET_CLASS(obj) \
-OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RXCPU)
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RX_CPU)
 
 /*
  * RXCPUClass:
@@ -164,9 +164,9 @@ static inline RXCPU *rx_env_get_cpu(CPURXState *env)
 
 #define ENV_OFFSET offsetof(RXCPU, env)
 
-#define RX_CPU_TYPE_SUFFIX "-" TYPE_RXCPU
+#define RX_CPU_TYPE_SUFFIX "-" TYPE_RX_CPU
 #define RX_CPU_TYPE_NAME(model) model RX_CPU_TYPE_SUFFIX
-#define CPU_RESOLVING_TYPE TYPE_RXCPU
+#define CPU_RESOLVING_TYPE TYPE_RX_CPU
 
 extern const char rx_crname[][6];
 
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
index 3deb7cb335..72a2989fcf 100644
--- a/hw/rx/rx-virt.c
+++ b/hw/rx/rx-virt.c
@@ -88,7 +88,7 @@ static void rxvirt_class_init(ObjectClass *oc, void *data)
 mc->desc = "RX QEMU Virtual Target";
 mc->init = rxvirt_init;
 mc->is_default = 1;
-mc->default_cpu_type = TYPE_RXCPU;
+mc->default_cpu_type = RX_CPU_TYPE_NAME("rx62n");
 }
 
 static const TypeInfo rxvirt_type = {
diff --git a/hw/rx/rx62n.c b/hw/rx/rx62n.c
index c6660b75b4..3a8fe7b0bf 100644
--- a/hw/rx/rx62n.c
+++ b/hw/rx/rx62n.c
@@ -195,7 +195,7 @@ static void rx62n_realize(DeviceState *dev, Error **errp)
 }
 
 object_initialize_child(OBJECT(s), "cpu", &s->cpu,
-sizeof(RXCPU), TYPE_RXCPU,
+sizeof(RXCPU), RX_CPU_TYPE_NAME("rx62n"),
 errp, NULL);
 object_property_set_bool(OBJECT(&s->cpu), true, "realized", errp);
 
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 3268077d08..41fe1de4bb 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -74,13 +74,14 @@ static void rx_cpu_list_entry(gpointer data, gpointer 
user_data)
 const char *typename = object_class_get_name(OBJECT_CLASS(data));
 int len = strlen(typename) - strlen(RX_CPU_TYPE_SUFFIX);
 
-qemu_printf("%.*s\n", len, typename);
+qemu_printf("  %.*s\n", len, typename);
 }
 
 void rx_cpu_list(void)
 {
-GSList *list;
-list = object_class_get_list_sorted(TYPE_RXCPU, false);
+GSList *list = object_class_get_list_sorted(TYPE_RX_CPU, false);
+
+qemu_printf("Available CPUs:\n");
 g_slist_foreach(list, rx_cpu_list_entry, NULL);
 g_slist_free(list);
 }
@@ -88,15 +89,17 @@ void rx_cpu_list(void)
 static ObjectClass *rx_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
-char *typename = NULL;
+char *typename;
 
-typename = g_strdup_printf(RX_CPU_TYPE_NAME(""));
+typename = g_strdup_printf(RX_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
-if (oc != NULL && object_class_is_abstract(oc)) {
-oc = NULL;
-}
-
 g_free(typename);
+
+if (oc == NULL ||
+object_class_is_abstract(oc) ||
+!object_class_dynamic_cast(oc, TYPE_RX_CPU)) {
+return NULL;
+}
 return oc;
 }
 
@@ -166,7 +169,7 @@ static void rx_cpu_init(Object *obj)
 qdev_init_gpio_in(DEVICE(cpu), rx_cpu_set_irq, 2);
 }
 
-static void rxcpu_class_init(ObjectClass *klass, void *data)
+static void rx_cpu_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 CPUClass *cc = CPU_CLASS(klass);
@@ -195,22 +198,28 @@ static void rxcpu_class_init(ObjectClass *klass, void 
*data)
 cc->gdb_num_core_regs = 26;
 }
 
-static const TypeInfo rxcpu_info = {
-.name = TYPE_RXCPU,
+static const TypeInfo rx_cpu_info = {
+.name = TYPE_RX_CPU,
 .parent = TYPE_CPU,
 .instance_size = sizeof(RXCPU),
 .instance_init = rx_cpu_init,
-.abstract = false,
+.abstract = true,
 .class_size = sizeof(RXCPUClass),
-.class_init = rxcpu_class_init,
+.class_init = rx_cpu_class_init,
+};
+
+static const TypeInf

[Qemu-devel] [PULL 38/52] gdbstub: Implement set_thread (H pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-7-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 3425f0674d..7735c244b3 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1560,6 +1560,51 @@ static void handle_cont_with_sig(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 gdb_continue(gdb_ctx->s);
 }
 
+static void handle_set_thread(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+CPUState *cpu;
+
+if (gdb_ctx->num_params != 2) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+if (gdb_ctx->params[1].thread_id.kind == GDB_READ_THREAD_ERR) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+if (gdb_ctx->params[1].thread_id.kind != GDB_ONE_THREAD) {
+put_packet(gdb_ctx->s, "OK");
+return;
+}
+
+cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[1].thread_id.pid,
+  gdb_ctx->params[1].thread_id.tid);
+if (!cpu) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+/*
+ * Note: This command is deprecated and modern gdb's will be using the
+ *   vCont command instead.
+ */
+switch (gdb_ctx->params[0].opcode) {
+case 'c':
+gdb_ctx->s->c_cpu = cpu;
+put_packet(gdb_ctx->s, "OK");
+break;
+case 'g':
+gdb_ctx->s->g_cpu = cpu;
+put_packet(gdb_ctx->s, "OK");
+break;
+default:
+put_packet(gdb_ctx->s, "E22");
+break;
+}
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1573,7 +1618,6 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 char thread_id[16];
 uint8_t *registers;
 target_ulong addr, len;
-GDBThreadIdKind thread_kind;
 const GdbCmdParseEntry *cmd_parser = NULL;
 
 trace_gdbstub_io_command(line_buf);
@@ -1836,35 +1880,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, "E22");
 break;
 case 'H':
-type = *p++;
-
-thread_kind = read_thread_id(p, &p, &pid, &tid);
-if (thread_kind == GDB_READ_THREAD_ERR) {
-put_packet(s, "E22");
-break;
-}
-
-if (thread_kind != GDB_ONE_THREAD) {
-put_packet(s, "OK");
-break;
-}
-cpu = gdb_get_cpu(s, pid, tid);
-if (cpu == NULL) {
-put_packet(s, "E22");
-break;
-}
-switch (type) {
-case 'c':
-s->c_cpu = cpu;
-put_packet(s, "OK");
-break;
-case 'g':
-s->g_cpu = cpu;
-put_packet(s, "OK");
-break;
-default:
- put_packet(s, "E22");
- break;
+{
+static const GdbCmdParseEntry set_thread_cmd_desc = {
+.handler = handle_set_thread,
+.cmd = "H",
+.cmd_startswith = 1,
+.schema = "o.t0"
+};
+cmd_parser = &set_thread_cmd_desc;
 }
 break;
 case 'T':
-- 
2.20.1

[Qemu-devel] [PATCH v17 23/24] target/rx: Dump bytes for each insn during disassembly

[Yoshinori Sato]

From: Richard Henderson 

There are so many different forms of each RX instruction
that it will be very useful to be able to look at the bytes
to see on which path a bug may lie.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 5a32a87534..d73b53db44 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -102,7 +102,21 @@ static int bdsp_s(DisasContext *ctx, int d)
 /* Include the auto-generated decoder.  */
 #include "decode.inc.c"
 
-#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+static void dump_bytes(DisasContext *ctx)
+{
+int i, len = ctx->len;
+
+for (i = 0; i < len; ++i) {
+ctx->dis->fprintf_func(ctx->dis->stream, "%02x ", ctx->bytes[i]);
+}
+ctx->dis->fprintf_func(ctx->dis->stream, "%*c", (8 - i) * 3, '\t');
+}
+
+#define prt(...) \
+do {\
+dump_bytes(ctx);\
+ctx->dis->fprintf_func(ctx->dis->stream, __VA_ARGS__);  \
+} while (0)
 
 #define RX_MEMORY_BYTE 0
 #define RX_MEMORY_WORD 1
-- 
2.11.0

[Qemu-devel] [PATCH v17 02/24] target/rx: TCG helper

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190516055244.95559-3-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/helper.h|  31 
 target/rx/helper.c| 148 
 target/rx/op_helper.c | 481 ++
 3 files changed, 660 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..1dae74eae7
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,148 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+cpu_stl_all(env, env->isp, save_psw);
+env->isp -= 4;
+cpu_stl_all(env, env->isp, env->pc);
+env->pc = cpu_ldl_all(env, env->intb + env->ack_irq * 4);
+env->psw_ipl = env->ack_ipl;
+cs->interrupt_request &= ~CPU_INTERRUP

[Qemu-devel] [PATCH v17 11/24] target/rx: Convert to CPUClass::tlb_fill

[Yoshinori Sato]

From: Richard Henderson 

The interface for tlb_fill has changed very recently.
Move the function into cpu.c so that it may be static
while assigning to the CPUClass methods.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu.c   | 14 ++
 target/rx/op_helper.c | 11 ---
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 4b96f2e463..3268077d08 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -143,6 +143,19 @@ static void rx_cpu_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 info->print_insn = print_insn_rx;
 }
 
+static bool rx_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
+MMUAccessType access_type, int mmu_idx,
+bool probe, uintptr_t retaddr)
+{
+uint32_t address, physical, prot;
+
+/* Linear mapping */
+address = physical = addr & TARGET_PAGE_MASK;
+prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE);
+return true;
+}
+
 static void rx_cpu_init(Object *obj)
 {
 CPUState *cs = CPU(obj);
@@ -177,6 +190,7 @@ static void rxcpu_class_init(ObjectClass *klass, void *data)
 cc->get_phys_page_debug = rx_cpu_get_phys_page_debug;
 cc->disas_set_info = rx_cpu_disas_set_info;
 cc->tcg_initialize = rx_translate_init;
+cc->tlb_fill = rx_cpu_tlb_fill;
 
 cc->gdb_num_core_regs = 26;
 }
diff --git a/target/rx/op_helper.c b/target/rx/op_helper.c
index 9a460070e9..fb7ae3c3ec 100644
--- a/target/rx/op_helper.c
+++ b/target/rx/op_helper.c
@@ -468,14 +468,3 @@ void QEMU_NORETURN helper_rxbrk(CPURXState *env)
 {
 raise_exception(env, 0x100, 0);
 }
-
-void tlb_fill(CPUState *cs, target_ulong addr, int size,
-  MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
-{
-uint32_t address, physical, prot;
-
-/* Linear mapping */
-address = physical = addr & TARGET_PAGE_MASK;
-prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
-tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE);
-}
-- 
2.11.0

[Qemu-devel] [PATCH v17 09/24] qemu/bitops.h: Add extract8 and extract16

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-12-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 3f0926cf40..764f9d1ea0 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -301,6 +301,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 }
 
 /**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
+/**
  * extract64:
  * @value: the value to extract the bit field from
  * @start: the lowest bit in the bit field (numbered from 0)
-- 
2.11.0

[Qemu-devel] [PATCH v17 17/24] MAINTAINERS: Add RX

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-13-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index a96829ea83..b65ba2447e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -272,6 +272,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1108,6 +1115,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+RX-QEMU
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.11.0

[Qemu-devel] [PATCH v17 08/24] hw/rx: RX Target hardware definition

[Yoshinori Sato]

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

Signed-off-by: Yoshinori Sato 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-9-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  94 
 hw/rx/rx-virt.c   | 105 ++
 hw/rx/rx62n.c | 238 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 460 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..5f6912fe46
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,94 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME(TYPE_RX62N)
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+enum {
+RX62N_NR_TMR = 2,
+RX62N_NR_CMT = 2,
+RX62N_NR_SCI = 6,
+};
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..3deb7cb335
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,105 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/rx/rx62n.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include "sysemu/device_tree.h"
+#include "hw/boards.h"
+
+/* Same address of GDB integrated simulator */
+#define SDRAM_BASE 0x0100
+
+static void rxvirt_init(MachineSta

[Qemu-devel] [PATCH v17 10/24] hw/registerfields.h: Add 8bit and 16bit register macros

[Yoshinori Sato]

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-11-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.11.0

[Qemu-devel] [PATCH v17 15/24] hw/rx: Honor -accel qtest

[Yoshinori Sato]

From: Richard Henderson 

Issue an error if no kernel, no bios, and not qtest'ing.
Fixes make check-qtest-rx: test/qom-test.

Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx62n.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/rx/rx62n.c b/hw/rx/rx62n.c
index 3a8fe7b0bf..e55257c622 100644
--- a/hw/rx/rx62n.c
+++ b/hw/rx/rx62n.c
@@ -21,11 +21,13 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "hw/hw.h"
 #include "hw/rx/rx62n.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
 #include "cpu.h"
 
 /*
@@ -190,8 +192,14 @@ static void rx62n_realize(DeviceState *dev, Error **errp)
 memory_region_init_rom(&s->c_flash, NULL, "codeflash",
RX62N_CFLASH_SIZE, errp);
 memory_region_add_subregion(s->sysmem, RX62N_CFLASH_BASE, &s->c_flash);
+
 if (!s->kernel) {
-rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+if (bios_name) {
+rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+}  else if (!qtest_enabled()) {
+error_report("No bios or kernel specified");
+exit(1);
+}
 }
 
 object_initialize_child(OBJECT(s), "cpu", &s->cpu,
-- 
2.11.0

[Qemu-devel] [PATCH v17 16/24] Add rx-softmmu

[Yoshinori Sato]

Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190516055244.95559-10-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 hw/Kconfig | 1 +
 5 files changed, 15 insertions(+)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/configure b/configure
index b091b82cb3..d6e16c58c3 100755
--- a/configure
+++ b/configure
@@ -7595,6 +7595,11 @@ case "$target_name" in
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml"
 target_compiler=$cross_cc_riscv64
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7815,6 +7820,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 10cbafe970..3f4f844f7b 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -25,6 +25,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index f4f3f610c8..cc25ddd7ca 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -74,6 +74,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/hw/Kconfig b/hw/Kconfig
index 195f541e50..b0c7221240 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -54,6 +54,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.11.0

[Qemu-devel] [PATCH v17 01/24] target/rx: TCG translation

[Yoshinori Sato]

This part only supported RXv1 instructions.
Instruction manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01us0032ej0120_rxsm.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-2-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/translate.c   | 2432 +++
 target/rx/Makefile.objs |   12 +
 target/rx/insns.decode  |  621 
 3 files changed, 3065 insertions(+)
 create mode 100644 target/rx/translate.c
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

diff --git a/target/rx/translate.c b/target/rx/translate.c
new file mode 100644
index 00..3765ea0895
--- /dev/null
+++ b/target/rx/translate.c
@@ -0,0 +1,2432 @@
+/*
+ *  RX translation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "qemu/qemu-print.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/translator.h"
+#include "trace-tcg.h"
+#include "exec/log.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+CPURXState *env;
+uint32_t pc;
+} DisasContext;
+
+typedef struct DisasCompare {
+TCGv value;
+TCGv temp;
+TCGCond cond;
+} DisasCompare;
+
+const char rx_crname[][6] = {
+"psw", "pc", "usp", "fpsw", "", "", "", "",
+"bpsw", "bpc", "isp", "fintv", "intb", "", "", "",
+};
+
+/* Target-specific values for dc->base.is_jmp.  */
+#define DISAS_JUMPDISAS_TARGET_0
+#define DISAS_UPDATE  DISAS_TARGET_1
+#define DISAS_EXITDISAS_TARGET_2
+
+/* global register indexes */
+static TCGv cpu_regs[16];
+static TCGv cpu_psw_o, cpu_psw_s, cpu_psw_z, cpu_psw_c;
+static TCGv cpu_psw_i, cpu_psw_pm, cpu_psw_u, cpu_psw_ipl;
+static TCGv cpu_usp, cpu_fpsw, cpu_bpsw, cpu_bpc, cpu_isp;
+static TCGv cpu_fintv, cpu_intb, cpu_pc;
+static TCGv_i64 cpu_acc;
+
+#define cpu_sp cpu_regs[0]
+
+#include "exec/gen-icount.h"
+
+/* decoder helper */
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+while (++i <= n) {
+uint8_t b = cpu_ldub_code(ctx->env, ctx->base.pc_next++);
+insn |= b << (32 - i * 8);
+}
+return insn;
+}
+
+static uint32_t li(DisasContext *ctx, int sz)
+{
+int32_t tmp, addr;
+CPURXState *env = ctx->env;
+addr = ctx->base.pc_next;
+
+tcg_debug_assert(sz < 4);
+switch (sz) {
+case 1:
+ctx->base.pc_next += 1;
+return cpu_ldsb_code(env, addr);
+case 2:
+ctx->base.pc_next += 2;
+return cpu_ldsw_code(env, addr);
+case 3:
+ctx->base.pc_next += 3;
+tmp = cpu_ldsb_code(env, addr + 2) << 16;
+tmp |= cpu_lduw_code(env, addr) & 0x;
+return tmp;
+case 0:
+ctx->base.pc_next += 4;
+return cpu_ldl_code(env, addr);
+}
+return 0;
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder. */
+#include "decode.inc.c"
+
+void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int i;
+uint32_t psw;
+
+psw = rx_cpu_pack_psw(env);
+qemu_fprintf(f, "pc=0x%08x psw=0x%08x\n",
+ env->pc, psw);
+for (i = 0; i < 16; i += 4) {
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->regs[i], i + 1, env->regs[i + 1],
+ i + 2, env->regs[i + 2], i + 3, env->regs[i + 3]);
+}
+}
+
+static bool use_goto_tb(DisasContext *dc, target_ulong dest)
+{
+if (unlikely(dc->base.singlestep_enabled)) {
+return false;
+} else {
+return true;
+}
+}
+
+static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
+{
+if (use_goto_tb(dc, dest)) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(dc->base.tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest);
+if (dc->base.singlestep_

[Qemu-devel] [PATCH v17 00/24] Add RX archtecture support

[Yoshinori Sato]

Hello.
This patch series is added Renesas RX target emulation.

Changes v17.
Remove cpu class name suffix.

My git repository is bellow.
git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190607

Testing binaries bellow.
u-boot
Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz

starting
$ gzip -d u-boot.bin.gz
$ qemu-system-rx -bios u-boot.bin

linux and pico-root (only sash)
Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
   https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)

starting
$ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"


Richard Henderson (11):
  target/rx: Convert to CPUClass::tlb_fill
  target/rx: Add RX to SysEmuTarget
  target/rx: Fix cpu types and names
  tests: Add rx to machine-none-test.c
  hw/rx: Honor -accel qtest
  target/rx: Disassemble rx_index_addr into a string
  target/rx: Replace operand with prt_ldmi in disassembler
  target/rx: Use prt_ldmi for XCHG_mr disassembly
  target/rx: Emit all disassembly in one prt()
  target/rx: Collect all bytes during disassembly
  target/rx: Dump bytes for each insn during disassembly

Yoshinori Sato (13):
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  qemu/bitops.h: Add extract8 and extract16
  hw/registerfields.h: Add 8bit and 16bit register macros
  Add rx-softmmu
  MAINTAINERS: Add RX
  target/rx: Remove suffix in cpu class.

 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 qapi/common.json   |3 +-
 include/disas/dis-asm.h|5 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   56 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   94 ++
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   53 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu.h|  226 
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  340 ++
 hw/intc/rx_icu.c   |  376 +++
 hw/rx/rx-virt.c|  105 ++
 hw/rx/rx62n.c  |  246 
 hw/timer/renesas_cmt.c |  275 +
 hw/timer/renesas_tmr.c |  455 
 target/rx/cpu.c|  241 
 target/rx/disas.c  | 1446 
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  148 +++
 target/rx/monitor.c|   38 +
 target/rx/op_helper.c  |  470 
 target/rx/translate.c  | 2432 
 tests/machine-none-test.c  |1 +
 MAINTAINERS|   19 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   12 +
 target/rx/insns.decode |  621 ++
 42 files changed, 8011 insertions(+), 2 deletions(-)
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/helper.h
 create mode 100644 hw/char/renesas_sci.c
 create mode 100644 hw/intc/rx_icu.c
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/disas.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/monitor.c
 create mode 100644 target/rx/op_helper.c
 create mode 100644 target/rx/translate.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

-- 
2.11.0

[Qemu-devel] [PATCH v17 24/24] target/rx: Remove suffix in cpu class.

[Yoshinori Sato]

New CPUs should not be suffixed like other devices.

Signed-off-by: Yoshinori Sato 
---
 include/hw/rx/rx62n.h | 2 +-
 target/rx/cpu.h   | 3 +--
 target/rx/cpu.c   | 8 ++--
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
index 5f6912fe46..e57c5ec091 100644
--- a/include/hw/rx/rx62n.h
+++ b/include/hw/rx/rx62n.h
@@ -30,7 +30,7 @@
 #include "target/rx/cpu.h"
 #include "qemu/units.h"
 
-#define TYPE_RX62N "rx62n"
+#define TYPE_RX62N "rx62n-mcu"
 #define TYPE_RX62N_CPU RX_CPU_TYPE_NAME(TYPE_RX62N)
 #define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
 
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
index a0b6975963..080ea604a3 100644
--- a/target/rx/cpu.h
+++ b/target/rx/cpu.h
@@ -164,8 +164,7 @@ static inline RXCPU *rx_env_get_cpu(CPURXState *env)
 
 #define ENV_OFFSET offsetof(RXCPU, env)
 
-#define RX_CPU_TYPE_SUFFIX "-" TYPE_RX_CPU
-#define RX_CPU_TYPE_NAME(model) model RX_CPU_TYPE_SUFFIX
+#define RX_CPU_TYPE_NAME(model) model
 #define CPU_RESOLVING_TYPE TYPE_RX_CPU
 
 extern const char rx_crname[][6];
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 41fe1de4bb..d8c662b231 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -72,9 +72,8 @@ static void rx_cpu_reset(CPUState *s)
 static void rx_cpu_list_entry(gpointer data, gpointer user_data)
 {
 const char *typename = object_class_get_name(OBJECT_CLASS(data));
-int len = strlen(typename) - strlen(RX_CPU_TYPE_SUFFIX);
 
-qemu_printf("  %.*s\n", len, typename);
+qemu_printf("  %s\n",  typename);
 }
 
 void rx_cpu_list(void)
@@ -89,11 +88,8 @@ void rx_cpu_list(void)
 static ObjectClass *rx_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
-char *typename;
 
-typename = g_strdup_printf(RX_CPU_TYPE_NAME("%s"), cpu_model);
-oc = object_class_by_name(typename);
-g_free(typename);
+oc = object_class_by_name(cpu_model);
 
 if (oc == NULL ||
 object_class_is_abstract(oc) ||
-- 
2.11.0

[Qemu-devel] [PATCH v17 18/24] target/rx: Disassemble rx_index_addr into a string

[Yoshinori Sato]

From: Richard Henderson 

We were eliding all zero indexes.  It is only ld==0 that does
not have an index in the instruction.  This also allows us to
avoid breaking the final print into multiple pieces.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 154 +++---
 1 file changed, 55 insertions(+), 99 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 8cada4825d..64342537ee 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -107,49 +107,42 @@ static const char psw[] = {
 'i', 'u', 0, 0, 0, 0, 0, 0,
 };
 
-static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
-bfd_byte buf[2];
+uint32_t addr = ctx->addr;
+uint8_t buf[2];
+uint16_t dsp;
+
 switch (ld) {
 case 0:
-return 0;
+/* No index; return empty string.  */
+out[0] = '\0';
+return;
 case 1:
-ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
 ctx->addr += 1;
-return ((uint8_t)buf[0]) << size;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+dsp = buf[0];
+break;
 case 2:
-ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
 ctx->addr += 2;
-return lduw_le_p(buf) << size;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+dsp = lduw_le_p(buf);
+break;
+default:
+g_assert_not_reached();
 }
-g_assert_not_reached();
+
+sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
 static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
 {
-int dsp;
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+char dsp[8];
+
 if (ld < 3) {
-switch (mi) {
-case 4:
-/* dsp[rs].ub */
-dsp = rx_index_addr(ld, RX_MEMORY_BYTE, ctx);
-break;
-case 3:
-/* dsp[rs].uw */
-dsp = rx_index_addr(ld, RX_MEMORY_WORD, ctx);
-break;
-default:
-/* dsp[rs].b */
-/* dsp[rs].w */
-/* dsp[rs].l */
-dsp = rx_index_addr(ld, mi, ctx);
-break;
-}
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]%s", rs, sizes[mi]);
+rx_index_addr(ctx, dsp, ld, mi);
+prt("%s[r%d]%s", dsp, rs, sizes[mi]);
 } else {
 prt("r%d", rs);
 }
@@ -235,7 +228,7 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-int dsp;
+char dspd[8], dsps[8];
 
 prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
@@ -244,29 +237,15 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 return true;
 }
 if (a->lds == 3) {
-prt("r%d, ", a->rd);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], r%d", a->rs, a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+prt("%s[r%d], r%d", dsps, a->rs, a->rd);
 } else {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], ", a->rs);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -357,12 +336,10 @@ static bool trans_PUSH_r(DisasContext *ctx, arg_PUSH_r *a)
 /* push dsp[rs] */
 static bool trans_PUSH_m(DisasContext *ctx, arg_PUSH_m *a)
 {
-prt("push\t");
-int dsp = rx_index_addr(a->ld, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+char dsp[8];
+
+rx_index_addr(ctx, dsp, a->ld, a->sz);
+prt("push\t%s[r%d]", dsp, a->rs);
 return true;
 }
 
@@ -389,17 +366,13 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-int dsp;
 static const char msize[][4] = {
 "b", "w", "l", "ub", "uw",
 };
+char dsp[8];
 
-prt("xchg\t");
-dsp = rx_index_addr(a->ld, a->mi, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d].%s, r%d", a->rs, msize[a->mi], a->rd);
+rx_index_addr(ctx, dsp, a->ld, a->mi);
+prt

[Qemu-devel] [PATCH v17 22/24] target/rx: Collect all bytes during disassembly

[Yoshinori Sato]

From: Richard Henderson 

Collected, to be used in the next patch.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 62 +--
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index ebc1a44249..5a32a87534 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -25,43 +25,59 @@ typedef struct DisasContext {
 disassemble_info *dis;
 uint32_t addr;
 uint32_t pc;
+uint8_t len;
+uint8_t bytes[8];
 } DisasContext;
 
 
 static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
-   int i, int n)
+  int i, int n)
 {
-bfd_byte buf;
+uint32_t addr = ctx->addr;
+
+g_assert(ctx->len == i);
+g_assert(n <= ARRAY_SIZE(ctx->bytes));
+
 while (++i <= n) {
-ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
-insn |= buf << (32 - i * 8);
+ctx->dis->read_memory_func(addr++, &ctx->bytes[i - 1], 1, ctx->dis);
+insn |= ctx->bytes[i - 1] << (32 - i * 8);
 }
+ctx->addr = addr;
+ctx->len = n;
+
 return insn;
 }
 
 static int32_t li(DisasContext *ctx, int sz)
 {
-int32_t addr;
-bfd_byte buf[4];
-addr = ctx->addr;
+uint32_t addr = ctx->addr;
+uintptr_t len = ctx->len;
 
 switch (sz) {
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-return (int8_t)buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+return (int8_t)ctx->bytes[len];
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-return ldsw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+return ldsw_le_p(ctx->bytes + len);
 case 3:
+g_assert(len + 3 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 3;
-ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
-return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+ctx->len += 3;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 3, ctx->dis);
+return (int8_t)ctx->bytes[len + 2] << 16 | lduw_le_p(ctx->bytes + len);
 case 0:
+g_assert(len + 4 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 4;
-ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
-return ldl_le_p(buf);
+ctx->len += 4;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 4, ctx->dis);
+return ldl_le_p(ctx->bytes + len);
 default:
 g_assert_not_reached();
 }
@@ -110,7 +126,7 @@ static const char psw[] = {
 static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
 uint32_t addr = ctx->addr;
-uint8_t buf[2];
+uintptr_t len = ctx->len;
 uint16_t dsp;
 
 switch (ld) {
@@ -119,14 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 out[0] = '\0';
 return;
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-dsp = buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+dsp = ctx->bytes[len];
 break;
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-dsp = lduw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+dsp = lduw_le_p(ctx->bytes + len);
 break;
 default:
 g_assert_not_reached();
@@ -1392,8 +1412,10 @@ int print_insn_rx(bfd_vma addr, disassemble_info *dis)
 DisasContext ctx;
 uint32_t insn;
 int i;
+
 ctx.dis = dis;
 ctx.pc = ctx.addr = addr;
+ctx.len = 0;
 
 insn = decode_load(&ctx);
 if (!decode(&ctx, insn)) {
-- 
2.11.0

[Qemu-devel] [PULL 42/52] gdbstub: Implement write memory (M pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-11-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 63809b2ab9..681a0c8550 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1702,6 +1702,31 @@ static void handle_get_reg(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
 }
 
+static void handle_write_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (gdb_ctx->num_params != 3) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+/* hextomem() reads 2*len bytes */
+if (gdb_ctx->params[1].val_ull > strlen(gdb_ctx->params[2].data) / 2) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+hextomem(gdb_ctx->mem_buf, gdb_ctx->params[2].data,
+ gdb_ctx->params[1].val_ull);
+if (target_memory_rw_debug(gdb_ctx->s->g_cpu, gdb_ctx->params[0].val_ull,
+   gdb_ctx->mem_buf,
+   gdb_ctx->params[1].val_ull, true)) {
+put_packet(gdb_ctx->s, "E14");
+return;
+}
+
+put_packet(gdb_ctx->s, "OK");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1910,24 +1935,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'M':
-addr = strtoull(p, (char **)&p, 16);
-if (*p == ',')
-p++;
-len = strtoull(p, (char **)&p, 16);
-if (*p == ':')
-p++;
-
-/* hextomem() reads 2*len bytes */
-if (len > strlen(p) / 2) {
-put_packet (s, "E22");
-break;
-}
-hextomem(mem_buf, p, len);
-if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
-   true) != 0) {
-put_packet(s, "E14");
-} else {
-put_packet(s, "OK");
+{
+static const GdbCmdParseEntry write_mem_cmd_desc = {
+.handler = handle_write_mem,
+.cmd = "M",
+.cmd_startswith = 1,
+.schema = "L,L:s0"
+};
+cmd_parser = &write_mem_cmd_desc;
 }
 break;
 case 'p':
-- 
2.20.1

[Qemu-devel] [PATCH v17 05/24] hw/intc: RX62N interrupt controller (ICUa)

[Yoshinori Sato]

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-6-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/intc/rx_icu.h |  56 +++
 hw/intc/rx_icu.c | 376 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 436 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..acfcf06aef
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,56 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1,  /* Falling */
+TRG_PEDGE = 2,  /* Raising */
+TRG_BEDGE = 3,  /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+/* Software interrupt request */
+SWI = 27,
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rx-icu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..cb28c7a8d2
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,376 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/intc/rx_icu.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(&icu->req_irq) < 0) {
+atomic_set(&icu->req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = &icu->src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sensitive irq */
+issue = level;
+src->level = level;
+break;
+case TRG_NEDGE:
+   

[Qemu-devel] [PATCH v17 07/24] hw/char: RX62N serial communication interface (SCI)

[Yoshinori Sato]

This module supported only non FIFO type.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-8-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/char/renesas_sci.h |  45 ++
 hw/char/renesas_sci.c | 340 ++
 hw/char/Kconfig   |   3 +
 hw/char/Makefile.objs |   1 +
 4 files changed, 389 insertions(+)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 hw/char/renesas_sci.c

diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
new file mode 100644
index 00..50d1336944
--- /dev/null
+++ b/include/hw/char/renesas_sci.h
@@ -0,0 +1,45 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_SCI "renesas-sci"
+#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
+
+enum {
+ERI = 0,
+RXI = 1,
+TXI = 2,
+TEI = 3,
+SCI_NR_IRQ = 4,
+};
+
+typedef struct {
+SysBusDevice parent_obj;
+MemoryRegion memory;
+
+uint8_t smr;
+uint8_t brr;
+uint8_t scr;
+uint8_t tdr;
+uint8_t ssr;
+uint8_t rdr;
+uint8_t scmr;
+uint8_t semr;
+
+uint8_t read_ssr;
+int64_t trtime;
+int64_t rx_next;
+QEMUTimer *timer;
+CharBackend chr;
+uint64_t input_freq;
+qemu_irq irq[SCI_NR_IRQ];
+} RSCIState;
diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
new file mode 100644
index 00..6298cbf43a
--- /dev/null
+++ b/hw/char/renesas_sci.c
@@ -0,0 +1,340 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/char/renesas_sci.h"
+#include "qemu/error-report.h"
+
+/* SCI register map */
+REG8(SMR, 0)
+  FIELD(SMR, CKS,  0, 2)
+  FIELD(SMR, MP,   2, 1)
+  FIELD(SMR, STOP, 3, 1)
+  FIELD(SMR, PM,   4, 1)
+  FIELD(SMR, PE,   5, 1)
+  FIELD(SMR, CHR,  6, 1)
+  FIELD(SMR, CM,   7, 1)
+REG8(BRR, 1)
+REG8(SCR, 2)
+  FIELD(SCR, CKE, 0, 2)
+  FIELD(SCR, TEIE, 2, 1)
+  FIELD(SCR, MPIE, 3, 1)
+  FIELD(SCR, RE,   4, 1)
+  FIELD(SCR, TE,   5, 1)
+  FIELD(SCR, RIE,  6, 1)
+  FIELD(SCR, TIE,  7, 1)
+REG8(TDR, 3)
+REG8(SSR, 4)
+  FIELD(SSR, MPBT, 0, 1)
+  FIELD(SSR, MPB,  1, 1)
+  FIELD(SSR, TEND, 2, 1)
+  FIELD(SSR, ERR, 3, 3)
+FIELD(SSR, PER,  3, 1)
+FIELD(SSR, FER,  4, 1)
+FIELD(SSR, ORER, 5, 1)
+  FIELD(SSR, RDRF, 6, 1)
+  FIELD(SSR, TDRE, 7, 1)
+REG8(RDR, 5)
+REG8(SCMR, 6)
+  FIELD(SCMR, SMIF, 0, 1)
+  FIELD(SCMR, SINV, 2, 1)
+  FIELD(SCMR, SDIR, 3, 1)
+  FIELD(SCMR, BCP2, 7, 1)
+REG8(SEMR, 7)
+  FIELD(SEMR, ACS0, 0, 1)
+  FIELD(SEMR, ABCS, 4, 1)
+
+static int can_receive(void *opaque)
+{
+RSCIState *sci = RSCI(opaque);
+if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
+return 0;
+} else {
+return FIELD_EX8(sci->scr, SCR, RE);
+}
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+RSCIState *sci = RSCI(opaque);
+sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
+if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
+sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_set_irq(sci->irq[ERI], 1);
+}
+} else {
+sci->rdr = buf[0];
+sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_irq_pulse(sci->irq[RXI]);
+}
+}
+}
+
+static void send_byte(RSCIState *sci)
+{
+if (qemu_chr_fe_backend_connected(&sci->chr)) {
+qemu_chr_fe_write_all(&sci->chr, &sci->tdr, 1);
+}
+timer_mod(sci->timer,
+  qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime);
+sci->ssr = FIELD_DP8(sci->ssr, SSR, TEND

[Qemu-devel] [PATCH v17 21/24] target/rx: Emit all disassembly in one prt()

[Yoshinori Sato]

From: Richard Henderson 

Many of the multi-part prints have been eliminated by previous
patches.  Eliminate the rest of them.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 75 +--
 1 file changed, 39 insertions(+), 36 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index db10385fd0..ebc1a44249 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -228,24 +228,21 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-char dspd[8], dsps[8];
+char dspd[8], dsps[8], szc = size[a->sz];
 
-prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
 /* mov.[bwl] rs,rd */
-prt("r%d, r%d", a->rs, a->rd);
-return true;
-}
-if (a->lds == 3) {
+prt("mov.%c\tr%d, r%d", szc, a->rs, a->rd);
+} else if (a->lds == 3) {
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
+prt("mov.%c\tr%d, %s[r%d]", szc, a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
-prt("%s[r%d], r%d", dsps, a->rs, a->rd);
+prt("mov.%c\t%s[r%d], r%d", szc, dsps, a->rs, a->rd);
 } else {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
+prt("mov.%c\t%s[r%d], %s[r%d]", szc, dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -254,8 +251,11 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 /* mov.[bwl] rs,[-rd] */
 static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 {
-prt("mov.%c\tr%d, ", size[a->sz], a->rs);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
+if (a->ad) {
+prt("mov.%c\tr%d, [-r%d]", size[a->sz], a->rs, a->rd);
+} else {
+prt("mov.%c\tr%d, [r%d+]", size[a->sz], a->rs, a->rd);
+}
 return true;
 }
 
@@ -263,9 +263,11 @@ static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 /* mov.[bwl] [-rd],rs */
 static bool trans_MOV_pr(DisasContext *ctx, arg_MOV_pr *a)
 {
-prt("mov.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("mov.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("mov.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -299,9 +301,11 @@ static bool trans_MOVU_ar(DisasContext *ctx, arg_MOVU_ar 
*a)
 /* movu.[bw] [-rs],rd */
 static bool trans_MOVU_pr(DisasContext *ctx, arg_MOVU_pr *a)
 {
-prt("movu.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("movu.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("movu.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -478,11 +482,11 @@ static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 /* not rs, rd */
 static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 {
-prt("not\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("not\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("not\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -490,11 +494,11 @@ static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 /* neg rs, rd */
 static bool trans_NEG_rr(DisasContext *ctx, arg_NEG_rr *a)
 {
-prt("neg\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("neg\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("neg\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -606,11 +610,10 @@ static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 /* abs rs, rd */
 static bool trans_ABS_rr(DisasContext *ctx, arg_ABS_rr *a)
 {
-prt("abs\t");
-if (a->rs == a->rd) {
-prt("r%d", a->rd);
+if (a->rs != a->rd) {
+prt("abs\tr%d, r%d", a->rs, a->rd);
 } else {
-prt("r%d, r%d", a->rs, a->rd);
+prt("abs\tr%d", a->rs);
 }
 return true;
 }
@@ -733,11 +736,11 @@ static bool trans_DIVU_mr(DisasContext *ctx, arg_DIVU_mr 
*a)
 /* shll #imm:5, rs, rd */
 static bool trans_SHLL_irr(DisasContext *ctx, arg_SHLL_irr *a)
 {
-prt("shll\t#%d, ", a->imm);
 if (a->rs2 != a->rd) {
-prt("r%d, ", a->rs2);
+prt("shll\t#%d, r%d, r%d", a->imm, a->rs2, a->rd);
+} else {
+prt("shll\t#%d, r%d", a->imm, a->rd);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -752,11 +755,11 @@ static bool trans_SHLL_rr(DisasContext *ctx, arg_SHLL_rr 
*a)
 /* shar #imm:5, rs, rd */
 static bool trans_SHAR_irr(DisasContext *ctx, arg_SHAR_irr *a)
 {
-prt("shar\t#%d,", a->imm);
 if (a->rs2 != a->rd) {
-prt("r%d, ", a->rs2);
+prt("shar\t#%d, r%d, 

[Qemu-devel] [PULL 15/52] tests/vm: use ssh with pty unconditionally

[Alex Bennée]

From: Gerd Hoffmann 

Allways ask ssh to run with a pseudo terminal.
Not having a terminal causes problems now and then.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-5-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 5e30bac661..395eefaec9 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -107,16 +107,14 @@ class BaseVM(object):
 os.rename(fname + ".download", fname)
 return fname
 
-def _ssh_do(self, user, cmd, check, interactive=False):
-ssh_cmd = ["ssh", "-q",
+def _ssh_do(self, user, cmd, check):
+ssh_cmd = ["ssh", "-q", "-t",
"-o", "StrictHostKeyChecking=no",
"-o", "UserKnownHostsFile=" + os.devnull,
"-o", "ConnectTimeout=1",
"-p", self.ssh_port, "-i", self._ssh_key_file]
 for var in self.envvars:
 ssh_cmd += ['-o', "SendEnv=%s" % var ]
-if interactive:
-ssh_cmd += ['-t']
 assert not isinstance(cmd, str)
 ssh_cmd += ["%s@127.0.0.1" % user] + list(cmd)
 logging.debug("ssh_cmd: %s", " ".join(ssh_cmd))
@@ -128,9 +126,6 @@ class BaseVM(object):
 def ssh(self, *cmd):
 return self._ssh_do(self.GUEST_USER, cmd, False)
 
-def ssh_interactive(self, *cmd):
-return self._ssh_do(self.GUEST_USER, cmd, False, True)
-
 def ssh_root(self, *cmd):
 return self._ssh_do("root", cmd, False)
 
@@ -284,9 +279,9 @@ def main(vmcls):
 return 2
 
 if args.interactive:
-if vm.ssh_interactive(*cmd) == 0:
+if vm.ssh(*cmd) == 0:
 return 0
-vm.ssh_interactive()
+vm.ssh()
 return 3
 else:
 if vm.ssh(*cmd) != 0:
-- 
2.20.1

[Qemu-devel] [PULL 29/52] tests/tcg: clean-up VPATH/TESTS for i386

[Alex Bennée]

Since we only run build the multiarch tests and we use a fully
resolved path for the crt object we don't need the wildcard or VPATH
messing about.

Signed-off-by: Alex Bennée 

diff --git a/tests/tcg/i386/Makefile.softmmu-target 
b/tests/tcg/i386/Makefile.softmmu-target
index e1f98177aa..e1d880f9b5 100644
--- a/tests/tcg/i386/Makefile.softmmu-target
+++ b/tests/tcg/i386/Makefile.softmmu-target
@@ -8,15 +8,10 @@
 
 I386_SYSTEM_SRC=$(SRC_PATH)/tests/tcg/i386/system
 X64_SYSTEM_SRC=$(SRC_PATH)/tests/tcg/x86_64/system
-# Set search path for all sources
-VPATH+=$(I386_SYSTEM_SRC)
 
 # These objects provide the basic boot code and helper functions for all tests
 CRT_OBJS=boot.o
 
-X86_TEST_SRCS=$(wildcard $(I386_SYSTEM_SRC)/*.c)
-X86_TESTS = $(patsubst $(I386_SYSTEM_SRC)/%.c, %, $(X86_TEST_SRCS))
-
 ifeq ($(TARGET_X86_64), y)
 CRT_PATH=$(X64_SYSTEM_SRC)
 LINK_SCRIPT=$(X64_SYSTEM_SRC)/kernel.ld
@@ -26,12 +21,12 @@ CRT_PATH=$(I386_SYSTEM_SRC)
 CFLAGS+=-m32
 LINK_SCRIPT=$(I386_SYSTEM_SRC)/kernel.ld
 LDFLAGS=-Wl,-T$(LINK_SCRIPT) -Wl,-melf_i386
-# FIXME: move to common once x86_64 is bootstrapped
-TESTS+=$(X86_TESTS) $(MULTIARCH_TESTS)
 endif
 CFLAGS+=-nostdlib -ggdb -O0 $(MINILIB_INC)
 LDFLAGS+=-static -nostdlib $(CRT_OBJS) $(MINILIB_OBJS) -lgcc
 
+TESTS+=$(MULTIARCH_TESTS)
+
 # building head blobs
 .PRECIOUS: $(CRT_OBJS)
 
-- 
2.20.1

[Qemu-devel] [PATCH v17 19/24] target/rx: Replace operand with prt_ldmi in disassembler

[Yoshinori Sato]

From: Richard Henderson 

This has consistency with prt_ri().  It loads all data before
beginning output.  It uses exactly one call to prt() to emit
the full instruction.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Richard Henderson 
Signed-off-by: Yoshinori Sato 
---
 target/rx/disas.c | 77 +++
 1 file changed, 27 insertions(+), 50 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 64342537ee..515b365528 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -135,18 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
-static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+static void prt_ldmi(DisasContext *ctx, const char *insn,
+ int ld, int mi, int rs, int rd)
 {
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
 char dsp[8];
 
 if (ld < 3) {
 rx_index_addr(ctx, dsp, ld, mi);
-prt("%s[r%d]%s", dsp, rs, sizes[mi]);
+prt("%s\t%s[r%d]%s, r%d", insn, dsp, rs, sizes[mi], rd);
 } else {
-prt("r%d", rs);
+prt("%s\tr%d, r%d", insn, rs, rd);
 }
-prt(", r%d", rd);
 }
 
 static void prt_ir(DisasContext *ctx, const char *insn, int imm, int rd)
@@ -416,8 +416,7 @@ static bool trans_AND_ir(DisasContext *ctx, arg_AND_ir *a)
 /* and rs,rd */
 static bool trans_AND_mr(DisasContext *ctx, arg_AND_mr *a)
 {
-prt("and\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "and", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -440,8 +439,7 @@ static bool trans_OR_ir(DisasContext *ctx, arg_OR_ir *a)
 /* or rs,rd */
 static bool trans_OR_mr(DisasContext *ctx, arg_OR_mr *a)
 {
-prt("or\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "or", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -463,8 +461,7 @@ static bool trans_XOR_ir(DisasContext *ctx, arg_XOR_ir *a)
 /* xor rs,rd */
 static bool trans_XOR_mr(DisasContext *ctx, arg_XOR_mr *a)
 {
-prt("xor\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "xor", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -479,8 +476,7 @@ static bool trans_TST_ir(DisasContext *ctx, arg_TST_ir *a)
 /* tst rs, rd */
 static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 {
-prt("tst\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "tst", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -548,8 +544,7 @@ static bool trans_ADD_irr(DisasContext *ctx, arg_ADD_irr *a)
 /* add dsp[rs], rd */
 static bool trans_ADD_mr(DisasContext *ctx, arg_ADD_mr *a)
 {
-prt("add\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "add", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -573,8 +568,7 @@ static bool trans_CMP_ir(DisasContext *ctx, arg_CMP_ir *a)
 /* cmp dsp[rs], rs2 */
 static bool trans_CMP_mr(DisasContext *ctx, arg_CMP_mr *a)
 {
-prt("cmp\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "cmp", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -589,8 +583,7 @@ static bool trans_SUB_ir(DisasContext *ctx, arg_SUB_ir *a)
 /* sub dsp[rs], rd */
 static bool trans_SUB_mr(DisasContext *ctx, arg_SUB_mr *a)
 {
-prt("sub\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "sub", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -611,8 +604,7 @@ static bool trans_SBB_rr(DisasContext *ctx, arg_SBB_rr *a)
 /* sbb dsp[rs], rd */
 static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 {
-prt("sbb\t");
-operand(ctx, a->ld, RX_IM_LONG, a->rs, a->rd);
+prt_ldmi(ctx, "sbb", a->ld, RX_IM_LONG, a->rs, a->rd);
 return true;
 }
 
@@ -640,8 +632,7 @@ static bool trans_MAX_ir(DisasContext *ctx, arg_MAX_ir *a)
 /* max dsp[rs], rd */
 static bool trans_MAX_mr(DisasContext *ctx, arg_MAX_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "max", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -656,8 +647,7 @@ static bool trans_MIN_ir(DisasContext *ctx, arg_MIN_ir *a)
 /* min dsp[rs], rd */
 static bool trans_MIN_mr(DisasContext *ctx, arg_MIN_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "min", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -673,8 +663,7 @@ static bool trans_MUL_ir(DisasContext *ctx, arg_MUL_ir *a)
 /* mul dsp[rs], rd */
 static bool trans_MUL_mr(DisasContext *ctx, arg_MUL_mr *a)
 {
-prt("mul\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "mul", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -696,8 +685,7 @@ static bool trans_EMUL_ir(DisasContext *ctx, arg_EMUL_ir *a)
 /* emul dsp[rs], rd */
 static bool trans_EMUL_mr(DisasContext *ctx, arg_EMUL_mr *a)
 {
-prt("emul\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "emul", a->ld, a->mi, 

[Qemu-devel] [PULL 32/52] cputlb: cast size_t to target_ulong before using for address masks

[Alex Bennée]

While size_t is defined to happily access the biggest host object this
isn't the case when generating masks for 64 bit guests on 32 bit
hosts. Otherwise we end up truncating the address when we fall back to
our unaligned helper.

Fixes: https://bugs.launchpad.net/qemu/+bug/1831545

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Tested-by: Andrew Randrianasulu 
Reviewed-by: Philippe Mathieu-Daudé 

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index b796ab1cbe..8f814a1a2c 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1306,7 +1306,7 @@ load_helper(CPUArchState *env, target_ulong addr, 
TCGMemOpIdx oi,
 uint64_t r1, r2;
 unsigned shift;
 do_unaligned_access:
-addr1 = addr & ~(size - 1);
+addr1 = addr & ~((target_ulong)size - 1);
 addr2 = addr1 + size;
 r1 = full_load(env, addr1, oi, retaddr);
 r2 = full_load(env, addr2, oi, retaddr);
-- 
2.20.1

[Qemu-devel] [PULL 45/52] gdbstub: Implement read all registers (g pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-14-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 880bbb469a..b3c5ced80d 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1774,6 +1774,21 @@ static void handle_write_all_regs(GdbCmdContext 
*gdb_ctx, void *user_ctx)
 put_packet(gdb_ctx->s, "OK");
 }
 
+static void handle_read_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+target_ulong addr, len;
+
+cpu_synchronize_state(gdb_ctx->s->g_cpu);
+len = 0;
+for (addr = 0; addr < gdb_ctx->s->g_cpu->gdb_num_g_regs; addr++) {
+len += gdb_read_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf + len,
+ addr);
+}
+
+memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, len);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1781,7 +1796,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 CPUClass *cc;
 const char *p;
 uint32_t pid, tid;
-int ch, reg_size, type, res;
+int ch, type, res;
 uint8_t mem_buf[MAX_PACKET_LENGTH];
 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
 char thread_id[16];
@@ -1940,14 +1955,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'g':
-cpu_synchronize_state(s->g_cpu);
-len = 0;
-for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
-reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
-len += reg_size;
+{
+static const GdbCmdParseEntry read_all_regs_cmd_desc = {
+.handler = handle_read_all_regs,
+.cmd = "g",
+.cmd_startswith = 1
+};
+cmd_parser = &read_all_regs_cmd_desc;
 }
-memtohex(buf, mem_buf, len);
-put_packet(s, buf);
 break;
 case 'G':
 {
-- 
2.20.1

[Qemu-devel] [PULL 43/52] gdbstub: Implement read memory (m pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-12-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 681a0c8550..ceaa47d184 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1727,6 +1727,30 @@ static void handle_write_mem(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 put_packet(gdb_ctx->s, "OK");
 }
 
+static void handle_read_mem(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (gdb_ctx->num_params != 2) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+/* memtohex() doubles the required space */
+if (gdb_ctx->params[1].val_ull > MAX_PACKET_LENGTH / 2) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+if (target_memory_rw_debug(gdb_ctx->s->g_cpu, gdb_ctx->params[0].val_ull,
+   gdb_ctx->mem_buf,
+   gdb_ctx->params[1].val_ull, false)) {
+put_packet(gdb_ctx->s, "E14");
+return;
+}
+
+memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, gdb_ctx->params[1].val_ull);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1916,22 +1940,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, "OK");
 break;
 case 'm':
-addr = strtoull(p, (char **)&p, 16);
-if (*p == ',')
-p++;
-len = strtoull(p, NULL, 16);
-
-/* memtohex() doubles the required space */
-if (len > MAX_PACKET_LENGTH / 2) {
-put_packet (s, "E22");
-break;
-}
-
-if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
-put_packet (s, "E14");
-} else {
-memtohex(buf, mem_buf, len);
-put_packet(s, buf);
+{
+static const GdbCmdParseEntry read_mem_cmd_desc = {
+.handler = handle_read_mem,
+.cmd = "m",
+.cmd_startswith = 1,
+.schema = "L,L0"
+};
+cmd_parser = &read_mem_cmd_desc;
 }
 break;
 case 'M':
-- 
2.20.1

[Qemu-devel] [PULL 30/52] tests/tcg/x86_64: add a PVH crt.o for x86_64 system tests

[Alex Bennée]

Instead of doing the full real to 64 bit dance we are attempting to
leverage Xen's PVH boot spec to go from 32 bit to 64 bit.

Signed-off-by: Alex Bennée 

diff --git a/tests/tcg/i386/Makefile.softmmu-target 
b/tests/tcg/i386/Makefile.softmmu-target
index e1d880f9b5..0a4364868c 100644
--- a/tests/tcg/i386/Makefile.softmmu-target
+++ b/tests/tcg/i386/Makefile.softmmu-target
@@ -14,6 +14,7 @@ CRT_OBJS=boot.o
 
 ifeq ($(TARGET_X86_64), y)
 CRT_PATH=$(X64_SYSTEM_SRC)
+CFLAGS=-march=x86-64
 LINK_SCRIPT=$(X64_SYSTEM_SRC)/kernel.ld
 LDFLAGS=-Wl,-T$(LINK_SCRIPT) -Wl,-melf_x86_64
 else
diff --git a/tests/tcg/x86_64/system/boot.S b/tests/tcg/x86_64/system/boot.S
new file mode 100644
index 00..205cfbd398
--- /dev/null
+++ b/tests/tcg/x86_64/system/boot.S
@@ -0,0 +1,277 @@
+/*
+ * x86_64 boot and support code
+ *
+ * Copyright 2019 Linaro
+ *
+ * This work is licensed under the terms of the GNU GPL, version 3 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Unlike the i386 version we instead use Xen's PVHVM booting header
+ * which should drop us automatically into 32 bit mode ready to go. I've
+ * nabbed bits of the Linux kernel setup to achieve this.
+ *
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+.section .head
+
+#define ELFNOTE_START(name, type, flags)   \
+.pushsection .note.name, flags,@note   ;   \
+  .balign 4;   \
+  .long 2f - 1f/* namesz */;   \
+  .long 4484f - 3f /* descsz */;   \
+  .long type   ;   \
+1:.asciz #name ;   \
+2:.balign 4;   \
+3:
+
+#define ELFNOTE_END\
+4484:.balign 4 ;   \
+.popsection;
+
+#define ELFNOTE(name, type, desc)  \
+   ELFNOTE_START(name, type, "")   \
+   desc;   \
+   ELFNOTE_END
+
+#define XEN_ELFNOTE_ENTRY  1
+#define XEN_ELFNOTE_HYPERCALL_PAGE 2
+#define XEN_ELFNOTE_VIRT_BASE  3
+#define XEN_ELFNOTE_PADDR_OFFSET   4
+#define XEN_ELFNOTE_PHYS32_ENTRY  18
+
+#define __ASM_FORM(x)  x
+#define __ASM_FORM_RAW(x) x
+#define __ASM_FORM_COMMA(x) x,
+#define __ASM_SEL(a,b)   __ASM_FORM(b)
+#define __ASM_SEL_RAW(a,b)  __ASM_FORM_RAW(b)
+#define _ASM_PTR   __ASM_SEL(.long, .quad)
+
+   ELFNOTE(Xen, XEN_ELFNOTE_VIRT_BASE,  _ASM_PTR 0x10)
+   ELFNOTE(Xen, XEN_ELFNOTE_ENTRY,  _ASM_PTR _start)
+   ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY,   _ASM_PTR _start)/* entry 
== virtbase */
+   ELFNOTE(Xen, XEN_ELFNOTE_PADDR_OFFSET,   _ASM_PTR 0)
+
+   /*
+   * Entry point for PVH guests.
+   *
+   * Xen ABI specifies the following register state when we come here:
+   *
+   * - `ebx`: contains the physical memory address where the loader has 
placed
+   *  the boot start info structure.
+   * - `cr0`: bit 0 (PE) must be set. All the other writeable bits are 
cleared.
+   * - `cr4`: all bits are cleared.
+   * - `cs `: must be a 32-bit read/execute code segment with a base of ‘0’
+   *  and a limit of ‘0x’. The selector value is 
unspecified.
+   * - `ds`, `es`: must be a 32-bit read/write data segment with a base of
+   *   ‘0’ and a limit of ‘0x’. The selector values 
are all
+   *   unspecified.
+   * - `tr`: must be a 32-bit TSS (active) with a base of '0' and a limit
+   * of '0x67'.
+   * - `eflags`: bit 17 (VM) must be cleared. Bit 9 (IF) must be cleared.
+   * Bit 8 (TF) must be cleared. Other bits are all 
unspecified.
+   *
+   * All other processor registers and flag bits are unspecified. The OS 
is in
+   * charge of setting up it's own stack, GDT and IDT.
+   */
+.code32
+.section .text
+
+.global _start
+_start:
+   cld
+lgdt gdtr
+
+ljmp $0x8,$.Lloadcs
+.Lloadcs:
+mov $0x10,%eax
+mov %eax,%ds
+mov %eax,%es
+mov %eax,%fs
+mov %eax,%gs
+mov %eax,%ss
+
+   /* Enable PAE mode (bit 5). */
+   mov %cr4, %eax
+   btsl $5, %eax
+   mov %eax, %cr4
+
+#define MSR_EFER   0xc080 /* extended feature register */
+
+   /* Enable Long mode. */
+   mov $MSR_EFER, %ecx
+   rdmsr
+   btsl $8, %eax
+   wrmsr
+
+   /* Enable paging */
+   mov $.Lpml4, %ecx
+   mov %ecx, %cr3
+
+   mov %cr0, %eax
+   btsl $31, %eax
+   mov %eax, %cr0
+
+   /* Jump to 64-bit mode. */
+lgdt gdtr64
+ljmp $0x8,$.Lenter64
+
+.code64
+.section .text
+.Lenter64:
+
+
+   // Setup stack ASAP
+   movq $stack_end,%rsp
+
+/* don't worry about stack frame, assume everthing is garbage when we 
return */
+   call main
+
+/* output any n

[Qemu-devel] [PATCH v17 03/24] target/rx: CPU definition

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190516055244.95559-4-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 target/rx/cpu.h | 227 
 target/rx/cpu.c | 222 ++
 target/rx/gdbstub.c | 112 ++
 target/rx/monitor.c |  38 +
 4 files changed, 599 insertions(+)
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/monitor.c

diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..8c1a4e448d
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,227 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "qom/cpu.h"
+
+#define TYPE_RXCPU "rxcpu"
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RXCPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RXCPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RXCPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define CPUArchState struct CPURXState
+
+#include "exec/cpu-defs.h"
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 27, 1)
+FIELD(FPSW, FZ, 28, 1)
+FIELD(FPSW, FU, 29, 1)
+FIELD(FPSW, FX, 30, 1)
+FIELD(FPSW, FLAGS, 26, 4)
+FIELD(FPSW, FS, 31, 1)
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+enum {
+NUM_REGS = 16,
+};
+
+typedef struct CPURXState {
+/* CPU registers */
+uint32_t regs[NUM_REGS];/* general registers */
+uint32_t psw_o; /* O bit of status register */
+uint32_t psw_s; /* S bit of status register */
+uint32_t psw_z; /* Z bit of status register */
+uint32_t psw_c; /* C bit of status register */
+uint32_t psw_u;
+uint32_t psw_i;
+uint32_t psw_pm;
+uint32_t psw_ipl;
+uint32_t bpsw;  /* backup status */
+uint32_t bpc;   /* backup pc */
+uint32_t isp;   /* global base register */
+uint32_t usp;   /* vector base register */
+uint32_t pc;/* program counter */
+uint32_t intb;  /* interrupt vector */
+uint32_t fintv;
+uint32_t fpsw;
+uint64_t acc;
+
+/* Fields up to this point are cleared by a CPU reset */
+struct {} end_reset_fields;
+
+/* Internal use */
+uint32_t in_sleep;
+uint32_t req_irq;   /* Requested interrupt no (hard) */
+uint32_t req_ipl;   /* Requested interrupt level */
+uint32_t ack_irq;   /* execute irq */
+uint32_t ack_ipl;   /* execute ipl */
+float_status fp_status;
+qemu_irq ack;   /* Interrupt acknowledge */
+
+CPU_COMMON
+} CPURXState;
+
+/*
+ * RXCPU:
+ * @env: #CPURXState
+ *
+ * A RX CPU
+ */
+struct RXCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPURXState env;
+};
+
+typedef struct RXCPU RXCPU;
+
+static inline RXCPU *rx_env_get_cpu(CPURXState *env)
+{
+return container_of(env, RXCPU, env);
+}

[Qemu-devel] [PULL 13/52] tests/vm: python3 fixes

[Alex Bennée]

From: Gerd Hoffmann 

Add proper unicode handling when processing strings.
Also need to explicitly say we want int not float.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-3-kra...@redhat.com>
[AJB: fix conflicts with tests/vm: Port basevm to Python 3]
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 083befce9f..4847549592 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -73,7 +73,7 @@ class BaseVM(object):
 "-vnc", "127.0.0.1:0,to=20",
 "-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
 if vcpus and vcpus > 1:
-self._args += ["-smp", str(vcpus)]
+self._args += ["-smp", "%d" % vcpus]
 if kvm_available(self.arch):
 self._args += ["-enable-kvm"]
 else:
@@ -85,12 +85,13 @@ class BaseVM(object):
 if not sha256sum:
 return True
 checksum = subprocess.check_output(["sha256sum", fname]).split()[0]
-return sha256sum == checksum.decode()
+return sha256sum == checksum.decode("utf-8")
 
 cache_dir = os.path.expanduser("~/.cache/qemu-vm/download")
 if not os.path.exists(cache_dir):
 os.makedirs(cache_dir)
-fname = os.path.join(cache_dir, hashlib.sha1(url.encode()).hexdigest())
+fname = os.path.join(cache_dir,
+ hashlib.sha1(url.encode("utf-8")).hexdigest())
 if os.path.exists(fname) and check_sha256sum(fname):
 return fname
 logging.debug("Downloading %s to %s...", url, fname)
@@ -134,7 +135,7 @@ class BaseVM(object):
 raise NotImplementedError
 
 def add_source_dir(self, src_dir):
-name = "data-" + hashlib.sha1(src_dir.encode()).hexdigest()[:5]
+name = "data-" + hashlib.sha1(src_dir.encode("utf-8")).hexdigest()[:5]
 tarfile = os.path.join(self._tmpdir, name + ".tar")
 logging.debug("Creating archive %s for src_dir dir: %s", tarfile, 
src_dir)
 subprocess.check_call(["./scripts/archive-source.sh", tarfile],
@@ -256,7 +257,7 @@ def main(vmcls):
 vm.add_source_dir(args.build_qemu)
 cmd = [vm.BUILD_SCRIPT.format(
configure_opts = " ".join(argv),
-   jobs=args.jobs,
+   jobs=int(args.jobs),
target=args.build_target,
verbose = "V=1" if args.verbose else "")]
 else:
-- 
2.20.1

[Qemu-devel] [PULL 27/52] cputlb: use uint64_t for interim values for unaligned load

[Alex Bennée]

When running on 32 bit TCG backends a wide unaligned load ends up
truncating data before returning to the guest. We specifically have
the return type as uint64_t to avoid any premature truncation so we
should use the same for the interim types.

Fixes: https://bugs.launchpad.net/qemu/+bug/1830872
Fixes: eed5664238e

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Tested-by: Laszlo Ersek 
Tested-by: Igor Mammedov 

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index cdcc377102..b796ab1cbe 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1303,7 +1303,7 @@ load_helper(CPUArchState *env, target_ulong addr, 
TCGMemOpIdx oi,
 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
 >= TARGET_PAGE_SIZE)) {
 target_ulong addr1, addr2;
-tcg_target_ulong r1, r2;
+uint64_t r1, r2;
 unsigned shift;
 do_unaligned_access:
 addr1 = addr & ~(size - 1);
-- 
2.20.1

[Qemu-devel] [PULL 26/52] semihosting: split console_out into string and char versions

[Alex Bennée]

This is ostensibly to avoid the weirdness of len looking like it might
come from a guest and sometimes being used. While we are at it fix up
the error checking for the arm-linux-user implementation of the API
which got flagged up by Coverity (CID 1401700).

Signed-off-by: Alex Bennée 

diff --git a/hw/semihosting/console.c b/hw/semihosting/console.c
index 466ea6dade..4a5758972d 100644
--- a/hw/semihosting/console.c
+++ b/hw/semihosting/console.c
@@ -36,26 +36,24 @@ int qemu_semihosting_log_out(const char *s, int len)
 /*
  * A re-implementation of lock_user_string that we can use locally
  * instead of relying on softmmu-semi. Hopefully we can deprecate that
- * in time. We either copy len bytes if specified or until we find a NULL.
+ * in time. Copy string until we find a 0 or address error.
  */
-static GString *copy_user_string(CPUArchState *env, target_ulong addr, int len)
+static GString *copy_user_string(CPUArchState *env, target_ulong addr)
 {
 CPUState *cpu = ENV_GET_CPU(env);
-GString *s = g_string_sized_new(len ? len : 128);
+GString *s = g_string_sized_new(128);
 uint8_t c;
-bool done;
 
 do {
 if (cpu_memory_rw_debug(cpu, addr++, &c, 1, 0) == 0) {
 s = g_string_append_c(s, c);
-done = len ? s->len == len : c == 0;
 } else {
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: passed inaccessible address " TARGET_FMT_lx,
   __func__, addr);
-done = true;
+break;
 }
-} while (!done);
+} while (c!=0);
 
 return s;
 }
@@ -68,9 +66,9 @@ static void semihosting_cb(CPUState *cs, target_ulong ret, 
target_ulong err)
 }
 }
 
-int qemu_semihosting_console_out(CPUArchState *env, target_ulong addr, int len)
+int qemu_semihosting_console_outs(CPUArchState *env, target_ulong addr)
 {
-GString *s = copy_user_string(env, addr, len);
+GString *s = copy_user_string(env, addr);
 int out = s->len;
 
 if (use_gdb_syscalls()) {
@@ -82,3 +80,21 @@ int qemu_semihosting_console_out(CPUArchState *env, 
target_ulong addr, int len)
 g_string_free(s, true);
 return out;
 }
+
+void qemu_semihosting_console_outc(CPUArchState *env, target_ulong addr)
+{
+CPUState *cpu = ENV_GET_CPU(env);
+uint8_t c;
+
+if (cpu_memory_rw_debug(cpu, addr, &c, 1, 0) == 0) {
+if (use_gdb_syscalls()) {
+gdb_do_syscall(semihosting_cb, "write,2,%x,%x", addr, 1);
+} else {
+qemu_semihosting_log_out((const char *) &c, 1);
+}
+} else {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: passed inaccessible address " TARGET_FMT_lx,
+  __func__, addr);
+}
+}
diff --git a/include/hw/semihosting/console.h b/include/hw/semihosting/console.h
index 30e66ae20a..3a4fba7590 100644
--- a/include/hw/semihosting/console.h
+++ b/include/hw/semihosting/console.h
@@ -10,17 +10,30 @@
 #define _SEMIHOST_CONSOLE_H_
 
 /**
- * qemu_semihosting_console_out:
+ * qemu_semihosting_console_outs:
  * @env: CPUArchState
- * @s: host address of guest string
- * @len: length of string or 0 (string is null terminated)
+ * @s: host address of null terminated guest string
  *
- * Send a guest string to the debug console. This may be the remote
- * gdb session if a softmmu guest is currently being debugged.
+ * Send a null terminated guest string to the debug console. This may
+ * be the remote gdb session if a softmmu guest is currently being
+ * debugged.
  *
  * Returns: number of bytes written.
  */
-int qemu_semihosting_console_out(CPUArchState *env, target_ulong s, int len);
+int qemu_semihosting_console_outs(CPUArchState *env, target_ulong s);
+
+/**
+ * qemu_semihosting_console_outc:
+ * @env: CPUArchState
+ * @s: host address of null terminated guest string
+ *
+ * Send single character from guest memory to the debug console. This
+ * may be the remote gdb session if a softmmu guest is currently being
+ * debugged.
+ *
+ * Returns: nothing
+ */
+void qemu_semihosting_console_outc(CPUArchState *env, target_ulong c);
 
 /**
  * qemu_semihosting_log_out:
diff --git a/linux-user/arm/semihost.c b/linux-user/arm/semihost.c
index 9554102a85..a16b525eec 100644
--- a/linux-user/arm/semihost.c
+++ b/linux-user/arm/semihost.c
@@ -15,10 +15,35 @@
 #include "hw/semihosting/console.h"
 #include "qemu.h"
 
-int qemu_semihosting_console_out(CPUArchState *env, target_ulong addr, int len)
+int qemu_semihosting_console_outs(CPUArchState *env, target_ulong addr)
 {
-void *s = lock_user_string(addr);
-len = write(STDERR_FILENO, s, len ? len : strlen(s));
+int len = target_strlen(addr);
+void *s;
+if (len < 0){
+   qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: passed inaccessible address " TARGET_FMT_lx,
+ __func__, addr);
+   return 0;
+}
+s = lock_user(VERIFY_READ, addr, (long)(len + 1), 1);
+g_assert(s);  /* target_strlen has already verified

[Qemu-devel] [PATCH v17 06/24] hw/timer: RX62N internal timer modules

[Yoshinori Sato]

renesas_tmr: 8bit timer modules.
renesas_cmt: 16bit compare match timer modules.
This part use many renesas's CPU.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-7-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/hw/timer/renesas_cmt.h |  38 
 include/hw/timer/renesas_tmr.h |  53 +
 hw/timer/renesas_cmt.c | 275 +
 hw/timer/renesas_tmr.c | 455 +
 hw/timer/Kconfig   |   6 +
 hw/timer/Makefile.objs |   3 +
 6 files changed, 830 insertions(+)
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c

diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
new file mode 100644
index 00..acd25c6e0b
--- /dev/null
+++ b/include/hw/timer/renesas_cmt.h
@@ -0,0 +1,38 @@
+/*
+ * Renesas Compare-match timer Object
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_CMT_H
+#define HW_RENESAS_CMT_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_CMT "renesas-cmt"
+#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
+
+enum {
+CMT_CH = 2,
+CMT_NR_IRQ = 1 * CMT_CH,
+};
+
+typedef struct RCMTState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint16_t cmstr;
+uint16_t cmcr[CMT_CH];
+uint16_t cmcnt[CMT_CH];
+uint16_t cmcor[CMT_CH];
+int64_t tick[CMT_CH];
+qemu_irq cmi[CMT_CH];
+QEMUTimer *timer[CMT_CH];
+} RCMTState;
+
+#endif
diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
new file mode 100644
index 00..5787004c74
--- /dev/null
+++ b/include/hw/timer/renesas_tmr.h
@@ -0,0 +1,53 @@
+/*
+ * Renesas 8bit timer Object
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_TMR_H
+#define HW_RENESAS_TMR_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_TMR "renesas-tmr"
+#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
+
+enum timer_event {
+cmia = 0,
+cmib = 1,
+ovi = 2,
+none = 3,
+TMR_NR_EVENTS = 4
+};
+
+enum {
+TMR_CH = 2,
+TMR_NR_IRQ = 3 * TMR_CH,
+};
+
+typedef struct RTMRState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint8_t tcnt[TMR_CH];
+uint8_t tcora[TMR_CH];
+uint8_t tcorb[TMR_CH];
+uint8_t tcr[TMR_CH];
+uint8_t tccr[TMR_CH];
+uint8_t tcor[TMR_CH];
+uint8_t tcsr[TMR_CH];
+int64_t tick;
+int64_t div_round[TMR_CH];
+enum timer_event next[TMR_CH];
+qemu_irq cmia[TMR_CH];
+qemu_irq cmib[TMR_CH];
+qemu_irq ovi[TMR_CH];
+QEMUTimer *timer[TMR_CH];
+} RTMRState;
+
+#endif
diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
new file mode 100644
index 00..a2a2b92055
--- /dev/null
+++ b/hw/timer/renesas_cmt.c
@@ -0,0 +1,275 @@
+/*
+ * Renesas 16bit Compare-match timer
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/timer/renesas_cmt.h"
+#include "qemu/error-report.h"
+
+/*
+ *  +0 CMSTR - common control
+ *  +2 CMCR  - ch0
+ *  +4 CMCNT - ch0
+ *  +6 CMCOR - ch0
+ *  +8 CMCR  - ch1
+ * +10 CMCNT - ch1
+ * +12 CMCOR - ch1
+ * If we think that the address of CH 0 has an offset of +2,
+ * we can treat it with the same address as CH 1, so define it like that.
+ */
+REG16(CMSTR, 0)
+  FIELD(CMSTR, STR0, 0, 1)
+  FIELD(CMSTR, STR1, 1, 1)
+  FIELD(CMSTR, STR,  0, 2)
+/* This addeess is channel offset */
+REG16(CMCR, 0)
+  FIELD(CMCR, CKS, 0, 2)
+  FIELD(CMCR, CMIE, 6, 1)
+REG16(CMCNT, 2)
+REG16(CMCOR, 4)
+
+static void update_events(RCMTState *cmt, int ch)
+{
+int64_t 

[Qemu-devel] [PULL 25/52] tests/vm: ubuntu.i386: apt proxy setup

[Alex Bennée]

From: Gerd Hoffmann 

Configure apt proxy so package downloads can be cached and can pass
firewalls.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-15-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
index a22d137e76..b869afd212 100755
--- a/tests/vm/ubuntu.i386
+++ b/tests/vm/ubuntu.i386
@@ -51,6 +51,10 @@ class UbuntuX86VM(basevm.BaseVM):
   "ssh-authorized-keys:\n",
   "- %s\n" % basevm.SSH_PUB_KEY,
   "locale: en_US.UTF-8\n"])
+proxy = os.environ.get("http_proxy")
+if not proxy is None:
+udata.writelines(["apt:\n",
+  "  proxy: %s" % proxy])
 udata.close()
 subprocess.check_call(["genisoimage", "-output", "cloud-init.iso",
"-volid", "cidata", "-joliet", "-rock",
-- 
2.20.1

[Qemu-devel] [PULL 51/52] gdbstub: Clear unused variables in gdb_handle_packet

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-20-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 26c0c30682..12671e6e11 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2284,17 +2284,11 @@ static void handle_target_halt(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
-const char *p;
-int ch;
-uint8_t mem_buf[MAX_PACKET_LENGTH];
-char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
 const GdbCmdParseEntry *cmd_parser = NULL;
 
 trace_gdbstub_io_command(line_buf);
 
-p = line_buf;
-ch = *p++;
-switch(ch) {
+switch (line_buf[0]) {
 case '!':
 put_packet(s, "OK");
 break;
@@ -2511,8 +2505,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 break;
 default:
 /* put empty packet */
-buf[0] = '\0';
-put_packet(s, buf);
+put_packet(s, "");
 break;
 }
 
-- 
2.20.1

[Qemu-devel] [PATCH v17 04/24] target/rx: RX disassembler

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190516055244.95559-5-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index 9240ec32c2..de17792e88 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = rx_index_addr(ld, R

Re: [Qemu-devel] [Qemu-ppc] [PULL 09/29] target/ppc: introduce get_cpu_vsr{l, h}() and set_cpu_vsr{l, h}() helpers for VSR register access

[Laurent Vivier]

On 06/06/2019 22:21, Mark Cave-Ayland wrote:
> On 06/06/2019 20:24, Laurent Vivier wrote:
> 
>> On 05/06/2019 09:43, Laurent Vivier wrote:
>>> On 05/06/2019 08:32, Mark Cave-Ayland wrote:
 On 04/06/2019 22:23, Laurent Vivier wrote:

> This patch breaks something in the libcrypto.
>
> I've been able to reproduce the problem with Fedora 29:
>
> dnf install 'dnf-command(download)'
> dnf download --source coreutils-single
> rpm --verify coreutils-8.30-7.fc29.src.rpm
> error: coreutils-8.30-7.fc29.src.rpm: Header V3 RSA/SHA256 Signature, key 
> ID 429476b4: BAD
> error: coreutils-8.30-7.fc29.src.rpm: Header SHA256 digest: BAD (Expected 
> fa042669e74ac435bd5defaa8c2e4efe779a0329c24f2b6377591c53b38aa280 != 
> d6e22527412fafc4aa12882432d0d157e5427097710eeb2d5fce8fbc52a47be6)
> error: coreutils-8.30-7.fc29.src.rpm: not an rpm package (or package 
> manifest)
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=1715017
>
> I've tested with origin/master (47fbad45d47af8af784bb12a5719489edcd89b4c) 
> and all the 
> merged fixes for this patch don't fix this problem.
>
> We should be able to reproduce it on Debian Sid too: it breaks ssh (this 
> is one of the rare binaries using libcrypto on debian).
>
> I've been able to reproduce it with qemu linux-user if I enable 
> PPC_FEATURE2_VEC_CRYPTO in linux-user/elfload.c
> (git clone -b linux-user-ppc64-hwcap g...@github.com:vivier/qemu.git).
>
> To ease debugging, you can install a Fedora 29 chroot with something like:
>
> curl -o container.tar.xz 
> http://download-ib01.fedoraproject.org/pub/fedora-secondary/releases/29/Container/ppc64le/images/Fedora-Container-Base-29-1.2.ppc64le.tar.xz
> tar Jxvf container.tar.xz '*/layer.tar'
> mkdir -p chroot/ppc64le/29
> cd chroot/ppc64le/29
> tar xf $OLDPWD/*/layer.tar
> cd -
> cp ~/qemu/ppc64le-linux-user/qemu-ppc64le chroot/ppc64le/29/
> [use "configure --target-list=ppc64le-linux-user --static 
> --disable-tools" and don't forget to run scripts/qemu-binfmt-conf.sh]

 One of Anton's VSX patches hasn't landed in master yet and is still queued 
 in
 ppc-for-4.1: "target/ppc: Fix lxvw4x, lxvh8x and lxvb16x".

 Can you try David's ppc-for-4.1 branch first and let me know if that 
 solves the
 issue? If not, I'll take a look at it later in the week when I have a bit 
 more time.
>>>
>>> Thank you Mark.
>>>
>>> Anton's patch fixes the problem.
>>
>> But there are two problems remaining with Fedora 29:
>>
>> - in libssl (openssl-libs-1.1.1-3.fc29.ppc64le):
>>
>>   $ curl -o /dev/null https://www.google.com
>>   ...
>>   curl: (35) error:1408F119:SSL routines:ssl3_get_record:decryption failed 
>> or bad record mac
>>
>> - in the kernel (4.18.16-300.fc29.ppc64le):
>>
>> [   39.742120] crypto_register_alg 'aes' = 0
>> [   39.919286] crypto_register_alg 'cbc(aes)' = 0
>> [   40.053942] crypto_register_alg 'ctr(aes)' = 0
>> [   40.372764] alg: skcipher: Test 1 failed (invalid result) on encryption 
>> for p8_aes_xts
>> [   40.373458] : 91 7c f6 9e bd 68 b2 ec 9b 9f e9 a3 ea dd a6 92
>> [   40.373568] 0010: 98 10 35 57 5e dc 36 1e 9a f7 bc ba 39 f2 5c eb
>> [   40.374139] crypto_register_alg 'xts(aes)' = 0
>> [   40.389241] alg: hash: Test 2 failed for p8_ghash
>> [   40.389422] : 5f 89 ab f7 20 57 20 57 20 57 20 57 20 57 20 57
>>
>> My qemu is on top of 
>>
>> 0d74f3b427 Merge remote-tracking branch 
>> 'remotes/vivier2/tags/trivial-branch-pull-request' into staging
>> + "target/ppc: Fix lxvw4x, lxvh8x and lxvb16x"
> 
> Hmmm and this is definitely a regression introduced by the same patch as 
> given in the
> subject?

I bisected and regression comes with:

commit 571fbe6ccd7a159789e5d473e2837d45764197ec
Author: Richard Henderson 
Date:   Sat May 18 12:14:29 2019 -0700

target/ppc: Use vector variable shifts for VSL, VSR, VSRA

The gvec expanders take care of masking the shift amount
against the element width.

Signed-off-by: Richard Henderson 
Message-Id: <20190518191430.21686-2-richard.hender...@linaro.org>
Signed-off-by: David Gibson 

Thanks,
Laurent

[Qemu-devel] [PULL 44/52] gdbstub: Implement write all registers (G pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-13-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index ceaa47d184..880bbb469a 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1751,6 +1751,29 @@ static void handle_read_mem(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
 }
 
+static void handle_write_all_regs(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+target_ulong addr, len;
+uint8_t *registers;
+int reg_size;
+
+if (!gdb_ctx->num_params) {
+return;
+}
+
+cpu_synchronize_state(gdb_ctx->s->g_cpu);
+registers = gdb_ctx->mem_buf;
+len = strlen(gdb_ctx->params[0].data) / 2;
+hextomem(registers, gdb_ctx->params[0].data, len);
+for (addr = 0; addr < gdb_ctx->s->g_cpu->gdb_num_g_regs && len > 0;
+ addr++) {
+reg_size = gdb_write_register(gdb_ctx->s->g_cpu, registers, addr);
+len -= reg_size;
+registers += reg_size;
+}
+put_packet(gdb_ctx->s, "OK");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1762,7 +1785,6 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 uint8_t mem_buf[MAX_PACKET_LENGTH];
 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
 char thread_id[16];
-uint8_t *registers;
 target_ulong addr, len;
 const GdbCmdParseEntry *cmd_parser = NULL;
 
@@ -1928,16 +1950,15 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, buf);
 break;
 case 'G':
-cpu_synchronize_state(s->g_cpu);
-registers = mem_buf;
-len = strlen(p) / 2;
-hextomem((uint8_t *)registers, p, len);
-for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
-reg_size = gdb_write_register(s->g_cpu, registers, addr);
-len -= reg_size;
-registers += reg_size;
+{
+static const GdbCmdParseEntry write_all_regs_cmd_desc = {
+.handler = handle_write_all_regs,
+.cmd = "G",
+.cmd_startswith = 1,
+.schema = "s0"
+};
+cmd_parser = &write_all_regs_cmd_desc;
 }
-put_packet(s, "OK");
 break;
 case 'm':
 {
-- 
2.20.1

[Qemu-devel] [PULL 20/52] tests/vm: serial console support helpers

[Alex Bennée]

From: Gerd Hoffmann 

Add a bunch of helpers to talk to the guest using the
serial console.

Also drop the hard-coded -serial parameter for the vm
so QEMUMachine.set_console() actually works.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-10-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index f27178f3c7..8894267f07 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -2,10 +2,11 @@
 #
 # VM testing base class
 #
-# Copyright 2017 Red Hat Inc.
+# Copyright 2017-2019 Red Hat Inc.
 #
 # Authors:
 #  Fam Zheng 
+#  Gerd Hoffmann 
 #
 # This code is licensed under the GPL version 2 or later.  See
 # the COPYING file in the top-level directory.
@@ -13,7 +14,9 @@
 
 from __future__ import print_function
 import os
+import re
 import sys
+import socket
 import logging
 import time
 import datetime
@@ -79,8 +82,7 @@ class BaseVM(object):
 "-cpu", "max",
 "-netdev", "user,id=vnet,hostfwd=:127.0.0.1:0-:22",
 "-device", "virtio-net-pci,netdev=vnet",
-"-vnc", "127.0.0.1:0,to=20",
-"-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
+"-vnc", "127.0.0.1:0,to=20"]
 if vcpus and vcpus > 1:
 self._args += ["-smp", "%d" % vcpus]
 if kvm_available(self.arch):
@@ -162,6 +164,8 @@ class BaseVM(object):
 logging.debug("QEMU args: %s", " ".join(args))
 qemu_bin = os.environ.get("QEMU", "qemu-system-" + self.arch)
 guest = QEMUMachine(binary=qemu_bin, args=args)
+guest.set_machine('pc')
+guest.set_console()
 try:
 guest.launch()
 except:
@@ -184,6 +188,81 @@ class BaseVM(object):
 raise Exception("Cannot find ssh port from 'info usernet':\n%s" % \
 usernet_info)
 
+def console_init(self, timeout = 120):
+vm = self._guest
+vm.console_socket.settimeout(timeout)
+
+def console_log(self, text):
+for line in re.split("[\r\n]", text):
+# filter out terminal escape sequences
+line = re.sub("\x1b\[[0-9;?]*[a-zA-Z]", "", line)
+line = re.sub("\x1b\([0-9;?]*[a-zA-Z]", "", line)
+# replace unprintable chars
+line = re.sub("\x1b", "", line)
+line = re.sub("[\x00-\x1f]", ".", line)
+if line == "":
+continue
+# log console line
+sys.stderr.write("con recv: %s\n" % line)
+
+def console_wait(self, expect):
+vm = self._guest
+output = ""
+while True:
+try:
+chars = vm.console_socket.recv(1024)
+except socket.timeout:
+sys.stderr.write("console: *** read timeout ***\n")
+sys.stderr.write("console: waiting for: '%s'\n" % expect)
+sys.stderr.write("console: line buffer:\n")
+sys.stderr.write("\n")
+self.console_log(output.rstrip())
+sys.stderr.write("\n")
+raise
+output += chars.decode("latin1")
+if expect in output:
+break
+if "\r" in output or "\n" in output:
+lines = re.split("[\r\n]", output)
+output = lines.pop()
+if self.debug:
+self.console_log("\n".join(lines))
+if self.debug:
+self.console_log(output)
+
+def console_send(self, command):
+vm = self._guest
+if self.debug:
+logline = re.sub("\n", "", command)
+logline = re.sub("[\x00-\x1f]", ".", logline)
+sys.stderr.write("con send: %s\n" % logline)
+for char in list(command):
+vm.console_socket.send(char.encode("utf-8"))
+time.sleep(0.01)
+
+def console_wait_send(self, wait, command):
+self.console_wait(wait)
+self.console_send(command)
+
+def console_ssh_init(self, prompt, user, pw):
+sshkey_cmd = "echo '%s' > .ssh/authorized_keys\n" % 
SSH_PUB_KEY.rstrip()
+self.console_wait_send("login:","%s\n" % user)
+self.console_wait_send("Password:", "%s\n" % pw)
+self.console_wait_send(prompt,  "mkdir .ssh\n")
+self.console_wait_send(prompt,  sshkey_cmd)
+self.console_wait_send(prompt,  "chmod 755 .ssh\n")
+self.console_wait_send(prompt,  "chmod 644 .ssh/authorized_keys\n")
+
+def console_sshd_config(self, prompt):
+self.console_wait(prompt)
+self.console_send("echo 'PermitRootLogin yes' >> 
/etc/ssh/sshd_config\n")
+for var in self.envvars:
+self.console_wait(prompt)
+self.console_send("echo 'AcceptEnv %s' >> /etc/ssh/sshd_config\n" 
% var)
+
+def print_step(self, text):
+sys.stderr.write("### %s

[Qemu-devel] [PULL 23/52] tests/vm: netbsd autoinstall, using serial console

[Alex Bennée]

From: Gerd Hoffmann 

Instead of fetching the prebuilt image from patchew download the install
iso and prepare the image locally.  Install to disk, using the serial
console.  Create qemu user, configure ssh login.  Install packages
needed for qemu builds.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Kamil Rytarowski 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-13-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/netbsd b/tests/vm/netbsd
index 4c6624ea5e..6dbfc1b0fb 100755
--- a/tests/vm/netbsd
+++ b/tests/vm/netbsd
@@ -2,10 +2,11 @@
 #
 # NetBSD VM image
 #
-# Copyright 2017 Red Hat Inc.
+# Copyright 2017-2019 Red Hat Inc.
 #
 # Authors:
 #  Fam Zheng 
+#  Gerd Hoffmann 
 #
 # This code is licensed under the GPL version 2 or later.  See
 # the COPYING file in the top-level directory.
@@ -13,32 +14,198 @@
 
 import os
 import sys
+import time
 import subprocess
 import basevm
 
 class NetBSDVM(basevm.BaseVM):
 name = "netbsd"
 arch = "x86_64"
+
+link = 
"https://cdn.netbsd.org/pub/NetBSD/NetBSD-8.0/images/NetBSD-8.0-amd64.iso";
+size = "20G"
+pkgs = [
+# tools
+"git-base",
+"pkgconf",
+"xz",
+"python37",
+
+# gnu tools
+"bash",
+"gmake",
+"gsed",
+"flex", "bison",
+
+# libs: crypto
+"gnutls",
+
+# libs: images
+"jpeg",
+"png",
+
+   # libs: ui
+"SDL2",
+"gtk3+",
+"libxkbcommon",
+]
+
 BUILD_SCRIPT = """
 set -e;
-rm -rf /var/tmp/qemu-test.*
-cd $(mktemp -d /var/tmp/qemu-test.XX);
+rm -rf /home/qemu/qemu-test.*
+cd $(mktemp -d /home/qemu/qemu-test.XX);
+mkdir src build; cd src;
 tar -xf /dev/rld1a;
-./configure --python=python2.7 {configure_opts};
+cd ../build
+../src/configure --python=python3.7 --disable-opengl {configure_opts};
 gmake --output-sync -j{jobs} {target} {verbose};
 """
+poweroff = "/sbin/poweroff"
 
 def build_image(self, img):
-cimg = 
self._download_with_cache("http://download.patchew.org/netbsd-7.1-amd64.img.xz";,
- 
sha256sum='b633d565b0eac3d02015cd0c81440bd8a7a8df8512615ac1ee05d318be015732')
-img_tmp_xz = img + ".tmp.xz"
+cimg = self._download_with_cache(self.link)
 img_tmp = img + ".tmp"
-sys.stderr.write("Extracting the image...\n")
-subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
-subprocess.check_call(["xz", "-dvf", img_tmp_xz])
+iso = img + ".install.iso"
+
+self.print_step("Preparing iso and disk image")
+subprocess.check_call(["cp", "-f", cimg, iso])
+subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
+   img_tmp, self.size])
+
+self.print_step("Booting installer")
+self.boot(img_tmp, extra_args = [
+"-device", "VGA",
+"-machine", "graphics=off",
+"-cdrom", iso
+])
+self.console_init()
+self.console_wait("Primary Bootstrap")
+
+# serial console boot menu output doesn't work for some
+# reason, so we have to fly blind ...
+for char in list("5consdev com0\n"):
+time.sleep(0.2)
+self.console_send(char)
+self.console_wait("")
+self.console_wait_send("> ", "boot\n")
+
+self.console_wait_send("Terminal type","xterm\n")
+self.console_wait_send("a: Installation messages", "a\n")
+self.console_wait_send("b: US-English","b\n")
+self.console_wait_send("a: Install NetBSD","a\n")
+self.console_wait("Shall we continue?")
+self.console_wait_send("b: Yes",   "b\n")
+
+self.console_wait_send("a: ld0",   "a\n")
+self.console_wait_send("a: This is the correct",   "a\n")
+self.console_wait_send("b: Use the entire disk",   "b\n")
+self.console_wait("NetBSD bootcode")
+self.console_wait_send("a: Yes",   "a\n")
+self.console_wait_send("b: Use existing part", "b\n")
+self.console_wait_send("x: Partition sizes ok","x\n")
+self.console_wait_send("for your NetBSD disk", "\n")
+self.console_wait("Shall we continue?")
+self.console_wait_send("b: Yes",   "b\n")
+
+self.console_wait_send("b: Use serial port com0",  "b\n")
+self.console_wait_send("f: Set serial baud rate",  "f\n")
+self.console_wait_send("a: 9600",  "a\n")
+self.console_wait_send("x: Exit",  "x\n")
+
+self.console_wait_send("a: Full installation", "a\n")
+self.console_wait_send("a: CD-ROM","a\n")
+
+self.print_step("I

[Qemu-devel] [PULL 16/52] tests/vm: run test builds on snapshot

[Alex Bennée]

From: Gerd Hoffmann 

The build script doesn't shutdown the guest VMs properly,
which results in filesystem corruption and guest boot
failures sooner or later.

Use the --snapshot to run builds on a snapshot,
That way killing the VM doesn't corrupt the base image.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Acked-by: Ed Maste 
Message-Id: <20190520124716.30472-6-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index c59411bee0..276b870216 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -57,6 +57,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(V),--verbose) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
+   --snapshot \
--build-qemu $(SRC_PATH) -- \
$(if $(TARGET_LIST),--target-list=$(TARGET_LIST)) \
$(if $(EXTRA_CONFIGURE_OPTS),$(EXTRA_CONFIGURE_OPTS)), \
-- 
2.20.1

[Qemu-devel] [PULL 41/52] gdbstub: Implement get register (p pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-10-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 630f931765..63809b2ab9 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1672,6 +1672,36 @@ static void handle_set_reg(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 put_packet(gdb_ctx->s, "OK");
 }
 
+static void handle_get_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+int reg_size;
+
+/*
+ * Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
+ * This works, but can be very slow.  Anything new enough to
+ * understand XML also knows how to use this properly.
+ */
+if (!gdb_has_xml) {
+put_packet(gdb_ctx->s, "");
+return;
+}
+
+if (!gdb_ctx->num_params) {
+put_packet(gdb_ctx->s, "E14");
+return;
+}
+
+reg_size = gdb_read_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf,
+ gdb_ctx->params[0].val_ull);
+if (!reg_size) {
+put_packet(gdb_ctx->s, "E14");
+return;
+}
+
+memtohex(gdb_ctx->str_buf, gdb_ctx->mem_buf, reg_size);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1901,18 +1931,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'p':
-/* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
-   This works, but can be very slow.  Anything new enough to
-   understand XML also knows how to use this properly.  */
-if (!gdb_has_xml)
-goto unknown_command;
-addr = strtoull(p, (char **)&p, 16);
-reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
-if (reg_size) {
-memtohex(buf, mem_buf, reg_size);
-put_packet(s, buf);
-} else {
-put_packet(s, "E14");
+{
+static const GdbCmdParseEntry get_reg_cmd_desc = {
+.handler = handle_get_reg,
+.cmd = "p",
+.cmd_startswith = 1,
+.schema = "L0"
+};
+cmd_parser = &get_reg_cmd_desc;
 }
 break;
 case 'P':
-- 
2.20.1

[Qemu-devel] [PULL 40/52] gdbstub: Implement set register (P pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-9-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 8416f4c13f..630f931765 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1651,6 +1651,27 @@ static void handle_remove_bp(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 put_packet(gdb_ctx->s, "E22");
 }
 
+static void handle_set_reg(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+int reg_size;
+
+if (!gdb_has_xml) {
+put_packet(gdb_ctx->s, "E00");
+return;
+}
+
+if (gdb_ctx->num_params != 2) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+reg_size = strlen(gdb_ctx->params[1].data) / 2;
+hextomem(gdb_ctx->mem_buf, gdb_ctx->params[1].data, reg_size);
+gdb_write_register(gdb_ctx->s->g_cpu, gdb_ctx->mem_buf,
+   gdb_ctx->params[0].val_ull);
+put_packet(gdb_ctx->s, "OK");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1895,15 +1916,15 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'P':
-if (!gdb_has_xml)
-goto unknown_command;
-addr = strtoull(p, (char **)&p, 16);
-if (*p == '=')
-p++;
-reg_size = strlen(p) / 2;
-hextomem(mem_buf, p, reg_size);
-gdb_write_register(s->g_cpu, mem_buf, addr);
-put_packet(s, "OK");
+{
+static const GdbCmdParseEntry set_reg_cmd_desc = {
+.handler = handle_set_reg,
+.cmd = "P",
+.cmd_startswith = 1,
+.schema = "L?s0"
+};
+cmd_parser = &set_reg_cmd_desc;
+}
 break;
 case 'Z':
 {
-- 
2.20.1

[Qemu-devel] [PULL 33/52] gdbstub: Add infrastructure to parse cmd packets

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-2-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 462f89edfe..09fe5a4b99 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1268,6 +1268,201 @@ out:
 return res;
 }
 
+typedef union GdbCmdVariant {
+const char *data;
+uint8_t opcode;
+unsigned long val_ul;
+unsigned long long val_ull;
+struct {
+GDBThreadIdKind kind;
+uint32_t pid;
+uint32_t tid;
+} thread_id;
+} GdbCmdVariant;
+
+static const char *cmd_next_param(const char *param, const char delimiter)
+{
+static const char all_delimiters[] = ",;:=";
+char curr_delimiters[2] = {0};
+const char *delimiters;
+
+if (delimiter == '?') {
+delimiters = all_delimiters;
+} else if (delimiter == '0') {
+return strchr(param, '\0');
+} else if (delimiter == '.' && *param) {
+return param + 1;
+} else {
+curr_delimiters[0] = delimiter;
+delimiters = curr_delimiters;
+}
+
+param += strcspn(param, delimiters);
+if (*param) {
+param++;
+}
+return param;
+}
+
+static int cmd_parse_params(const char *data, const char *schema,
+GdbCmdVariant *params, int *num_params)
+{
+int curr_param;
+const char *curr_schema, *curr_data;
+
+*num_params = 0;
+
+if (!schema) {
+return 0;
+}
+
+curr_schema = schema;
+curr_param = 0;
+curr_data = data;
+while (curr_schema[0] && curr_schema[1] && *curr_data) {
+switch (curr_schema[0]) {
+case 'l':
+if (qemu_strtoul(curr_data, &curr_data, 16,
+ ¶ms[curr_param].val_ul)) {
+return -EINVAL;
+}
+curr_param++;
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+case 'L':
+if (qemu_strtou64(curr_data, &curr_data, 16,
+  (uint64_t *)¶ms[curr_param].val_ull)) {
+return -EINVAL;
+}
+curr_param++;
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+case 's':
+params[curr_param].data = curr_data;
+curr_param++;
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+case 'o':
+params[curr_param].opcode = *(uint8_t *)curr_data;
+curr_param++;
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+case 't':
+params[curr_param].thread_id.kind =
+read_thread_id(curr_data, &curr_data,
+   ¶ms[curr_param].thread_id.pid,
+   ¶ms[curr_param].thread_id.tid);
+curr_param++;
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+case '?':
+curr_data = cmd_next_param(curr_data, curr_schema[1]);
+break;
+default:
+return -EINVAL;
+}
+curr_schema += 2;
+}
+
+*num_params = curr_param;
+return 0;
+}
+
+typedef struct GdbCmdContext {
+GDBState *s;
+GdbCmdVariant *params;
+int num_params;
+uint8_t mem_buf[MAX_PACKET_LENGTH];
+char str_buf[MAX_PACKET_LENGTH + 1];
+} GdbCmdContext;
+
+typedef void (*GdbCmdHandler)(GdbCmdContext *gdb_ctx, void *user_ctx);
+
+/*
+ * cmd_startswith -> cmd is compared using startswith
+ *
+ *
+ * schema definitions:
+ * Each schema parameter entry consists of 2 chars,
+ * the first char represents the parameter type handling
+ * the second char represents the delimiter for the next parameter
+ *
+ * Currently supported schema types:
+ * 'l' -> unsigned long (stored in .val_ul)
+ * 'L' -> unsigned long long (stored in .val_ull)
+ * 's' -> string (stored in .data)
+ * 'o' -> single char (stored in .opcode)
+ * 't' -> thread id (stored in .thread_id)
+ * '?' -> skip according to delimiter
+ *
+ * Currently supported delimiters:
+ * '?' -> Stop at any delimiter (",;:=\0")
+ * '0' -> Stop at "\0"
+ * '.' -> Skip 1 char unless reached "\0"
+ * Any other value is treated as the delimiter value itself
+ */
+typedef struct GdbCmdParseEntry {
+GdbCmdHandler handler;
+const char *cmd;
+bool cmd_startswith;
+const char *schema;
+} GdbCmdParseEntry;
+
+static inline int startswith(const char *string, const char *pattern)
+{
+  return !strncmp(string, pattern, strlen(pattern));
+}
+
+static int process_string_cmd(
+GDBState *s, void *user_ctx, const char *data,
+const GdbCmdParseEntry *cmds, int num_cmds)
+__attribute__((unused));
+
+static int process_string_cmd(GDBState *s, void *user_ctx, const char *data,
+  const GdbCmdParseEntry *cmds, int num_cmds)
+{
+int i, schema_len, max_num_params = 0;
+GdbCmdContext gdb_c

[Qemu-devel] [PULL 19/52] tests/vm: add DEBUG=1 to help text

[Alex Bennée]

From: Gerd Hoffmann 

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Thomas Huth 
Message-Id: <20190520124716.30472-9-kra...@redhat.com>
[AJB: fix minor conflict]
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index e329129bd6..628eecade7 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -25,6 +25,8 @@ vm-test:
@echo "  vm-boot-ssh- - Boot guest and login via ssh"
@echo
@echo "Special variables:"
+   @echo "DEBUG=1   - be verbose, also start 
interactive"
+   @echo "shell on build failures"
@echo "BUILD_TARGET=foo  - Override the build target"
@echo "TARGET_LIST=a,b,c - Override target list in 
builds"
@echo 'EXTRA_CONFIGURE_OPTS="..."'
-- 
2.20.1

[Qemu-devel] [PULL 18/52] tests/vm: add vm-boot-{ssh, serial}- targets

[Alex Bennée]

From: Gerd Hoffmann 

For testing/troubleshooting convinience.

make vm-boot-serial-
  Boot guest, with the serial console on stdio.

make vm-boot-ssh-
  Boot guest, login via ssh.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-8-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 276b870216..e329129bd6 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -20,6 +20,10 @@ vm-test:
@echo "  vm-build-all- Build QEMU in all VMs"
@echo "  vm-clean-all- Clean up VM images"
@echo
+   @echo "For trouble-shooting:"
+   @echo "  vm-boot-serial-  - Boot guest, serial console 
on stdio"
+   @echo "  vm-boot-ssh- - Boot guest and login via ssh"
+   @echo
@echo "Special variables:"
@echo "BUILD_TARGET=foo  - Override the build target"
@echo "TARGET_LIST=a,b,c - Override target list in 
builds"
@@ -63,3 +67,18 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(EXTRA_CONFIGURE_OPTS),$(EXTRA_CONFIGURE_OPTS)), \
"  VM-BUILD $*")
 
+vm-boot-serial-%: $(IMAGES_DIR)/%.img
+   qemu-system-x86_64 -enable-kvm -m 4G -smp 2 -nographic \
+   -drive if=none,id=vblk,cache=writeback,file="$<" \
+   -netdev user,id=vnet \
+   -device virtio-blk-pci,drive=vblk \
+   -device virtio-net-pci,netdev=vnet \
+   || true
+
+vm-boot-ssh-%: $(IMAGES_DIR)/%.img
+   $(call quiet-command, \
+   $(SRC_PATH)/tests/vm/$* \
+   --image "$<" \
+   --interactive \
+   false, \
+   "  VM-BOOT-SSH $*")
-- 
2.20.1

[Qemu-devel] [PULL 28/52] tests/tcg: better detect truncated reads

[Alex Bennée]

If we've truncated a wider read we can detect the condition earlier by
looking at the number of zeros we've read. So we don't trip up on
cases where we have written zeros to the start of the buffer we also
ensure we only start each offset read from the right address.

Signed-off-by: Alex Bennée 

diff --git a/tests/tcg/multiarch/system/memory.c 
b/tests/tcg/multiarch/system/memory.c
index dc1d8a98ff..d124502d73 100644
--- a/tests/tcg/multiarch/system/memory.c
+++ b/tests/tcg/multiarch/system/memory.c
@@ -208,6 +208,7 @@ static bool read_test_data_u32(int offset)
 
 for (i = 0; i < max; i++) {
 uint8_t b1, b2, b3, b4;
+int zeros = 0;
 word = *ptr++;
 
 b1 = word >> 24 & 0xff;
@@ -215,6 +216,16 @@ static bool read_test_data_u32(int offset)
 b3 = word >> 8 & 0xff;
 b4 = word & 0xff;
 
+zeros += (b1 == 0 ? 1 : 0);
+zeros += (b2 == 0 ? 1 : 0);
+zeros += (b3 == 0 ? 1 : 0);
+zeros += (b4 == 0 ? 1 : 0);
+if (zeros > 1) {
+ml_printf("Error @ %p, more zeros than expected: %d, %d, %d, %d",
+  ptr - 1, b1, b2, b3, b4);
+return false;
+}
+
 if ((b1 < b2 && b1 != 0) ||
 (b2 < b3 && b2 != 0) ||
 (b3 < b4 && b3 != 0)) {
@@ -238,6 +249,7 @@ static bool read_test_data_u64(int offset)
 
 for (i = 0; i < max; i++) {
 uint8_t b1, b2, b3, b4, b5, b6, b7, b8;
+int zeros = 0;
 word = *ptr++;
 
 b1 = ((uint64_t) (word >> 56)) & 0xff;
@@ -249,6 +261,20 @@ static bool read_test_data_u64(int offset)
 b7 = (word >> 8)  & 0xff;
 b8 = (word >> 0)  & 0xff;
 
+zeros += (b1 == 0 ? 1 : 0);
+zeros += (b2 == 0 ? 1 : 0);
+zeros += (b3 == 0 ? 1 : 0);
+zeros += (b4 == 0 ? 1 : 0);
+zeros += (b5 == 0 ? 1 : 0);
+zeros += (b6 == 0 ? 1 : 0);
+zeros += (b7 == 0 ? 1 : 0);
+zeros += (b8 == 0 ? 1 : 0);
+if (zeros > 1) {
+ml_printf("Error @ %p, more zeros than expected: %d, %d, %d, %d, 
%d, %d, %d, %d",
+  ptr - 1, b1, b2, b3, b4, b5, b6, b7, b8);
+return false;
+}
+
 if ((b1 < b2 && b1 != 0) ||
 (b2 < b3 && b2 != 0) ||
 (b3 < b4 && b3 != 0) ||
@@ -272,7 +298,7 @@ read_ufn read_ufns[] = { read_test_data_u16,
  read_test_data_u32,
  read_test_data_u64 };
 
-bool do_unsigned_reads(void)
+bool do_unsigned_reads(int start_off)
 {
 int i;
 bool ok = true;
@@ -280,11 +306,11 @@ bool do_unsigned_reads(void)
 for (i = 0; i < ARRAY_SIZE(read_ufns) && ok; i++) {
 #if CHECK_UNALIGNED
 int off;
-for (off = 0; off < 8 && ok; off++) {
+for (off = start_off; off < 8 && ok; off++) {
 ok = read_ufns[i](off);
 }
 #else
-ok = read_ufns[i](0);
+ok = read_ufns[i](start_off);
 #endif
 }
 
@@ -298,11 +324,11 @@ static bool do_unsigned_test(init_ufn fn)
 int i;
 for (i = 0; i < 8 && ok; i++) {
 fn(i);
-ok = do_unsigned_reads();
+ok = do_unsigned_reads(i);
 }
 #else
 fn(0);
-return do_unsigned_reads();
+return do_unsigned_reads(0);
 #endif
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 31/52] MAINTAINERS: put myself forward for gdbstub

[Alex Bennée]

As I've been reviewing a lot of this recently and I'm going to put
together a pull request I'd better keep an eye on it. Philippe has
also volunteered to be a reviewer.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 

diff --git a/MAINTAINERS b/MAINTAINERS
index a96829ea83..9fd93d9c6a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1872,7 +1872,9 @@ F: util/error.c
 F: util/qemu-error.c
 
 GDB stub
-S: Orphan
+M: Alex Bennée 
+R: Philippe Mathieu-Daudé 
+S: Maintained
 F: gdbstub*
 F: gdb-xml/
 
-- 
2.20.1

[Qemu-devel] [PULL 37/52] gdbstub: Implement continue with signal (C pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-6-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index c3089a6b5a..3425f0674d 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1541,6 +1541,25 @@ static void handle_continue(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 gdb_continue(gdb_ctx->s);
 }
 
+static void handle_cont_with_sig(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+unsigned long signal = 0;
+
+/*
+ * Note: C sig;[addr] is currently unsupported and we simply
+ *   omit the addr parameter
+ */
+if (gdb_ctx->num_params) {
+signal = gdb_ctx->params[0].val_ul;
+}
+
+gdb_ctx->s->signal = gdb_signal_to_target(signal);
+if (gdb_ctx->s->signal == -1) {
+gdb_ctx->s->signal = 0;
+}
+gdb_continue(gdb_ctx->s);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1588,11 +1607,16 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'C':
-s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
-if (s->signal == -1)
-s->signal = 0;
-gdb_continue(s);
-return RS_IDLE;
+{
+static const GdbCmdParseEntry cont_with_sig_cmd_desc = {
+.handler = handle_cont_with_sig,
+.cmd = "C",
+.cmd_startswith = 1,
+.schema = "l0"
+};
+cmd_parser = &cont_with_sig_cmd_desc;
+}
+break;
 case 'v':
 if (strncmp(p, "Cont", 4) == 0) {
 p += 4;
-- 
2.20.1

[Qemu-devel] [PULL 46/52] gdbstub: Implement file io (F pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-15-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index b3c5ced80d..1871077cd7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1789,6 +1789,25 @@ static void handle_read_all_regs(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 put_packet(gdb_ctx->s, gdb_ctx->str_buf);
 }
 
+static void handle_file_io(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (gdb_ctx->num_params >= 2 && gdb_ctx->s->current_syscall_cb) {
+target_ulong ret, err;
+
+ret = (target_ulong)gdb_ctx->params[0].val_ull;
+err = (target_ulong)gdb_ctx->params[1].val_ull;
+gdb_ctx->s->current_syscall_cb(gdb_ctx->s->c_cpu, ret, err);
+gdb_ctx->s->current_syscall_cb = NULL;
+}
+
+if (gdb_ctx->num_params >= 3 && gdb_ctx->params[2].opcode == (uint8_t)'C') 
{
+put_packet(gdb_ctx->s, "T02");
+return;
+}
+
+gdb_continue(gdb_ctx->s);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1930,28 +1949,13 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 return RS_IDLE;
 case 'F':
 {
-target_ulong ret;
-target_ulong err;
-
-ret = strtoull(p, (char **)&p, 16);
-if (*p == ',') {
-p++;
-err = strtoull(p, (char **)&p, 16);
-} else {
-err = 0;
-}
-if (*p == ',')
-p++;
-type = *p;
-if (s->current_syscall_cb) {
-s->current_syscall_cb(s->c_cpu, ret, err);
-s->current_syscall_cb = NULL;
-}
-if (type == 'C') {
-put_packet(s, "T02");
-} else {
-gdb_continue(s);
-}
+static const GdbCmdParseEntry file_io_cmd_desc = {
+.handler = handle_file_io,
+.cmd = "F",
+.cmd_startswith = 1,
+.schema = "L,L,o0"
+};
+cmd_parser = &file_io_cmd_desc;
 }
 break;
 case 'g':
-- 
2.20.1

[Qemu-devel] [PULL 50/52] gdbstub: Implement target halted (? pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Note: The user-mode thread-id has been correctly reported since bd88c780e6

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-19-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index c45cefd721..26c0c30682 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -2265,13 +2265,29 @@ static void handle_gen_set(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 }
 }
 
+static void handle_target_halt(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+char thread_id[16];
+
+gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->c_cpu, thread_id,
+  sizeof(thread_id));
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
+ GDB_SIGNAL_TRAP, thread_id);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+/*
+ * Remove all the breakpoints when this query is issued,
+ * because gdb is doing an initial connect and the state
+ * should be cleaned up.
+ */
+gdb_breakpoint_remove_all();
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 const char *p;
 int ch;
 uint8_t mem_buf[MAX_PACKET_LENGTH];
 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
-char thread_id[16];
 const GdbCmdParseEntry *cmd_parser = NULL;
 
 trace_gdbstub_io_command(line_buf);
@@ -2283,15 +2299,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, "OK");
 break;
 case '?':
-/* TODO: Make this return the correct value for user-mode.  */
-snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
- gdb_fmt_thread_id(s, s->c_cpu, thread_id, sizeof(thread_id)));
-put_packet(s, buf);
-/* Remove all the breakpoints when this query is issued,
- * because gdb is doing and initial connect and the state
- * should be cleaned up.
- */
-gdb_breakpoint_remove_all();
+{
+static const GdbCmdParseEntry target_halted_cmd_desc = {
+.handler = handle_target_halt,
+.cmd = "?",
+.cmd_startswith = 1
+};
+cmd_parser = &target_halted_cmd_desc;
+}
 break;
 case 'c':
 {
-- 
2.20.1

[Qemu-devel] [PULL 39/52] gdbstub: Implement breakpoint commands (Z/z pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-8-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 7735c244b3..8416f4c13f 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -950,7 +950,7 @@ static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
 }
 #endif
 
-static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
+static int gdb_breakpoint_insert(int type, target_ulong addr, target_ulong len)
 {
 CPUState *cpu;
 int err = 0;
@@ -987,7 +987,7 @@ static int gdb_breakpoint_insert(target_ulong addr, 
target_ulong len, int type)
 }
 }
 
-static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
+static int gdb_breakpoint_remove(int type, target_ulong addr, target_ulong len)
 {
 CPUState *cpu;
 int err = 0;
@@ -1605,6 +1605,52 @@ static void handle_set_thread(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 }
 }
 
+static void handle_insert_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+int res;
+
+if (gdb_ctx->num_params != 3) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+res = gdb_breakpoint_insert(gdb_ctx->params[0].val_ul,
+gdb_ctx->params[1].val_ull,
+gdb_ctx->params[2].val_ull);
+if (res >= 0) {
+put_packet(gdb_ctx->s, "OK");
+return;
+} else if (res == -ENOSYS) {
+put_packet(gdb_ctx->s, "");
+return;
+}
+
+put_packet(gdb_ctx->s, "E22");
+}
+
+static void handle_remove_bp(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+int res;
+
+if (gdb_ctx->num_params != 3) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+res = gdb_breakpoint_remove(gdb_ctx->params[0].val_ul,
+gdb_ctx->params[1].val_ull,
+gdb_ctx->params[2].val_ull);
+if (res >= 0) {
+put_packet(gdb_ctx->s, "OK");
+return;
+} else if (res == -ENOSYS) {
+put_packet(gdb_ctx->s, "");
+return;
+}
+
+put_packet(gdb_ctx->s, "E22");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1860,24 +1906,26 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, "OK");
 break;
 case 'Z':
+{
+static const GdbCmdParseEntry insert_bp_cmd_desc = {
+.handler = handle_insert_bp,
+.cmd = "Z",
+.cmd_startswith = 1,
+.schema = "l?L?L0"
+};
+cmd_parser = &insert_bp_cmd_desc;
+}
+break;
 case 'z':
-type = strtoul(p, (char **)&p, 16);
-if (*p == ',')
-p++;
-addr = strtoull(p, (char **)&p, 16);
-if (*p == ',')
-p++;
-len = strtoull(p, (char **)&p, 16);
-if (ch == 'Z')
-res = gdb_breakpoint_insert(addr, len, type);
-else
-res = gdb_breakpoint_remove(addr, len, type);
-if (res >= 0)
- put_packet(s, "OK");
-else if (res == -ENOSYS)
-put_packet(s, "");
-else
-put_packet(s, "E22");
+{
+static const GdbCmdParseEntry remove_bp_cmd_desc = {
+.handler = handle_remove_bp,
+.cmd = "z",
+.cmd_startswith = 1,
+.schema = "l?L?L0"
+};
+cmd_parser = &remove_bp_cmd_desc;
+}
 break;
 case 'H':
 {
-- 
2.20.1

[Qemu-devel] [PULL 48/52] gdbstub: Implement v commands with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-17-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 6fd276892a..5a4d10f1c0 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1818,6 +1818,106 @@ static void handle_step(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 gdb_continue(gdb_ctx->s);
 }
 
+static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+put_packet(gdb_ctx->s, "vCont;c;C;s;S");
+}
+
+static void handle_v_cont(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+int res;
+
+if (!gdb_ctx->num_params) {
+return;
+}
+
+res = gdb_handle_vcont(gdb_ctx->s, gdb_ctx->params[0].data);
+if ((res == -EINVAL) || (res == -ERANGE)) {
+put_packet(gdb_ctx->s, "E22");
+} else if (res) {
+put_packet(gdb_ctx->s, "");
+}
+}
+
+static void handle_v_attach(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+GDBProcess *process;
+CPUState *cpu;
+char thread_id[16];
+
+pstrcpy(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "E22");
+if (!gdb_ctx->num_params) {
+goto cleanup;
+}
+
+process = gdb_get_process(gdb_ctx->s, gdb_ctx->params[0].val_ul);
+if (!process) {
+goto cleanup;
+}
+
+cpu = get_first_cpu_in_process(gdb_ctx->s, process);
+if (!cpu) {
+goto cleanup;
+}
+
+process->attached = true;
+gdb_ctx->s->g_cpu = cpu;
+gdb_ctx->s->c_cpu = cpu;
+
+gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "T%02xthread:%s;",
+ GDB_SIGNAL_TRAP, thread_id);
+cleanup:
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
+static void handle_v_kill(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+/* Kill the target */
+put_packet(gdb_ctx->s, "OK");
+error_report("QEMU: Terminated via GDBstub");
+exit(0);
+}
+
+static GdbCmdParseEntry gdb_v_commands_table[] = {
+/* Order is important if has same prefix */
+{
+.handler = handle_v_cont_query,
+.cmd = "Cont?",
+.cmd_startswith = 1
+},
+{
+.handler = handle_v_cont,
+.cmd = "Cont",
+.cmd_startswith = 1,
+.schema = "s0"
+},
+{
+.handler = handle_v_attach,
+.cmd = "Attach;",
+.cmd_startswith = 1,
+.schema = "l0"
+},
+{
+.handler = handle_v_kill,
+.cmd = "Kill;",
+.cmd_startswith = 1
+},
+};
+
+static void handle_v_commands(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (!gdb_ctx->num_params) {
+return;
+}
+
+if (process_string_cmd(gdb_ctx->s, NULL, gdb_ctx->params[0].data,
+   gdb_v_commands_table,
+   ARRAY_SIZE(gdb_v_commands_table))) {
+put_packet(gdb_ctx->s, "");
+}
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1825,7 +1925,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 CPUClass *cc;
 const char *p;
 uint32_t pid, tid;
-int ch, type, res;
+int ch, type;
 uint8_t mem_buf[MAX_PACKET_LENGTH];
 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
 char thread_id[16];
@@ -1874,66 +1974,16 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'v':
-if (strncmp(p, "Cont", 4) == 0) {
-p += 4;
-if (*p == '?') {
-put_packet(s, "vCont;c;C;s;S");
-break;
-}
-
-res = gdb_handle_vcont(s, p);
-
-if (res) {
-if ((res == -EINVAL) || (res == -ERANGE)) {
-put_packet(s, "E22");
-break;
-}
-goto unknown_command;
-}
-break;
-} else if (strncmp(p, "Attach;", 7) == 0) {
-unsigned long pid;
-
-p += 7;
-
-if (qemu_strtoul(p, &p, 16, &pid)) {
-put_packet(s, "E22");
-break;
-}
-
-process = gdb_get_process(s, pid);
-
-if (process == NULL) {
-put_packet(s, "E22");
-break;
-}
-
-cpu = get_first_cpu_in_process(s, process);
-
-if (cpu == NULL) {
-/* Refuse to attach an empty process */
-put_packet(s, "E22");
-break;
-}
-
-process->attached = true;
-
-s->g_cpu = cpu;
-s->c_cpu = cpu;
-
-snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
- gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
-
-put_packet(s, buf);
-break;
-} else if (strncmp(p, "Kill;", 5) == 0) {
-/* Kill the target */
-put_packet(s, "OK");
-error_report("QEMU: Terminated via GDBstub");
-   

[Qemu-devel] [PULL 47/52] gdbstub: Implement step (s pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-16-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 1871077cd7..6fd276892a 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1808,6 +1808,16 @@ static void handle_file_io(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 gdb_continue(gdb_ctx->s);
 }
 
+static void handle_step(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (gdb_ctx->num_params) {
+gdb_set_cpu_pc(gdb_ctx->s, (target_ulong)gdb_ctx->params[0].val_ull);
+}
+
+cpu_single_step(gdb_ctx->s->c_cpu, sstep_flags);
+gdb_continue(gdb_ctx->s);
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1940,13 +1950,16 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 's':
-if (*p != '\0') {
-addr = strtoull(p, (char **)&p, 16);
-gdb_set_cpu_pc(s, addr);
+{
+static const GdbCmdParseEntry step_cmd_desc = {
+.handler = handle_step,
+.cmd = "s",
+.cmd_startswith = 1,
+.schema = "L0"
+};
+cmd_parser = &step_cmd_desc;
 }
-cpu_single_step(s->c_cpu, sstep_flags);
-gdb_continue(s);
-return RS_IDLE;
+break;
 case 'F':
 {
 static const GdbCmdParseEntry file_io_cmd_desc = {
-- 
2.20.1

[Qemu-devel] [PULL 22/52] tests/vm: freebsd autoinstall, using serial console

[Alex Bennée]

From: Gerd Hoffmann 

Instead of fetching the prebuilt image from patchew download the install
iso and prepare the image locally.  Install to disk, using the serial
console.  Create qemu user, configure ssh login.  Install packages
needed for qemu builds.

Note that freebsd package downloads are delivered as non-cachable
content, so I had to configure squid with "ignore-no-store
ignore-private ignore-reload" for pkgmir.geo.freebsd.org to make the
caching actually work.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Tested-by: Thomas Huth 
Message-Id: <20190520124716.30472-12-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index b0066017a6..eb029bdfed 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -2,43 +2,202 @@
 #
 # FreeBSD VM image
 #
-# Copyright 2017 Red Hat Inc.
+# Copyright 2017-2019 Red Hat Inc.
 #
 # Authors:
 #  Fam Zheng 
+#  Gerd Hoffmann 
 #
 # This code is licensed under the GPL version 2 or later.  See
 # the COPYING file in the top-level directory.
 #
 
 import os
+import re
 import sys
+import time
+import socket
 import subprocess
 import basevm
 
 class FreeBSDVM(basevm.BaseVM):
 name = "freebsd"
 arch = "x86_64"
+
+link = 
"https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.0/FreeBSD-12.0-RELEASE-amd64-disc1.iso.xz";
+csum = "1d40015bea89d05b8bd13e2ed80c40b522a9ec1abd8e7c8b80954fb485fb99db"
+size = "20G"
+pkgs = [
+# build tools
+"git",
+"pkgconf",
+"bzip2",
+
+# gnu tools
+"bash",
+"gmake",
+"gsed",
+"flex", "bison",
+
+# libs: crypto
+"gnutls",
+
+# libs: images
+"jpeg-turbo",
+"png",
+
+# libs: ui
+"sdl2",
+"gtk3",
+"libxkbcommon",
+
+# libs: opengl
+"libepoxy",
+"mesa-libs",
+]
+
 BUILD_SCRIPT = """
 set -e;
-rm -rf /var/tmp/qemu-test.*
-cd $(mktemp -d /var/tmp/qemu-test.XX);
+rm -rf /home/qemu/qemu-test.*
+cd $(mktemp -d /home/qemu/qemu-test.XX);
+mkdir src build; cd src;
 tar -xf /dev/vtbd1;
-./configure {configure_opts};
+cd ../build
+../src/configure --python=python3.6 {configure_opts};
 gmake --output-sync -j{jobs} {target} {verbose};
 """
 
+def console_boot_serial(self):
+self.console_wait_send("Autoboot", "3")
+self.console_wait_send("OK", "set console=comconsole\n")
+self.console_wait_send("OK", "boot\n")
+
 def build_image(self, img):
-cimg = 
self._download_with_cache("http://download.patchew.org/freebsd-11.1-amd64.img.xz";,
-
sha256sum='adcb771549b37bc63826c501f05121a206ed3d9f55f49145908f7e1432d65891')
-img_tmp_xz = img + ".tmp.xz"
+self.print_step("Downloading install iso")
+cimg = self._download_with_cache(self.link, sha256sum=self.csum)
 img_tmp = img + ".tmp"
-sys.stderr.write("Extracting the image...\n")
-subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
-subprocess.check_call(["xz", "-dvf", img_tmp_xz])
+iso = img + ".install.iso"
+iso_xz = iso + ".xz"
+
+self.print_step("Preparing iso and disk image")
+subprocess.check_call(["cp", "-f", cimg, iso_xz])
+subprocess.check_call(["xz", "-dvf", iso_xz])
+subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
+   img_tmp, self.size])
+
+self.print_step("Booting installer")
+self.boot(img_tmp, extra_args = [
+"-machine", "graphics=off",
+"-cdrom", iso
+])
+self.console_init()
+self.console_boot_serial()
+self.console_wait_send("Console type",  "xterm\n")
+
+# pre-install configuration
+self.console_wait_send("Welcome",   "\n")
+self.console_wait_send("Keymap Selection",  "\n")
+self.console_wait_send("Set Hostname",  "freebsd\n")
+self.console_wait_send("Distribution Select",   "\n")
+self.console_wait_send("Partitioning",  "\n")
+self.console_wait_send("Partition", "\n")
+self.console_wait_send("Scheme","\n")
+self.console_wait_send("Editor","f")
+self.console_wait_send("Confirmation",  "c")
+
+self.print_step("Installation started now, this will take a while")
+
+# post-install configuration
+self.console_wait("New Password:")
+self.console_send("%s\n" % self.ROOT_PASS)
+self.console_wait("Retype New Password:")
+self.console_send("%s\n" % self.ROOT_PASS)
+
+self.console_wait_send("Network Configuration", "\n")
+self.console_wait_send("IPv4",  "y")
+self.console_wait_send("DHCP",   

[Qemu-devel] [Bug 1831545] Re: "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86 host

[Alex Bennée]

** Changed in: qemu
   Status: New => In Progress

** Changed in: qemu
 Assignee: (unassigned) => Alex Bennée (ajbennee)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1831545

Title:
  "accel/tcg: demacro cputlb" break qemu-system-x86_64 on 32-bit x86
  host

Status in QEMU:
  In Progress

Bug description:
  As described in https://lists.gnu.org/archive/html/qemu-
  devel//2019-05/msg07362.html I run into TCG regression in qemu-git.

  Unfortunately, fix from bug
  https://bugs.launchpad.net/qemu/+bug/1830872 seems to be nonn-
  effective for my case.

  For reproduction (on 32-bit x86 host, in my case Slackware with gcc
  5.5.0):

  ./configure --target-list=x86_64-softmmu --disable-werror --enable-
  debug-tcg

  make (-j5 in my case)

  try to boot any 64-bit kernel:

  x86_64-softmmu/qemu-system-x86_64 -kernel /boot/bzImage-4.12.0-x64
  -accel tcg

  result is - qemu appear to hang right after "Booting the kernel" line.
  Decompression (xz) was ok.

  Tested with qemu-git commit  e2a58ff493a2e00db3e963c1839c5374500110f2

  32-bit OS can be booted fine, and -enable-kvm also allow 64 bit
  kernel/os to boot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1831545/+subscriptions

[Qemu-devel] [PULL 24/52] tests/vm: fedora autoinstall, using serial console

[Alex Bennée]

From: Gerd Hoffmann 

Download the install iso and prepare the image locally.  Install to
disk, using the serial console.  Create qemu user, configure ssh login.
Install packages needed for qemu builds.

Yes, we have docker images for fedora.  But for trouble-shooting it
might be helpful to have a vm too.  When vm builds fail you can use
it to figure whenever the vm setup or the guest os is the problem.

Signed-off-by: Gerd Hoffmann 
Tested-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-14-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 628eecade7..5e37063d32 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -2,7 +2,7 @@
 
 .PHONY: vm-build-all vm-clean-all
 
-IMAGES := ubuntu.i386 freebsd netbsd openbsd centos
+IMAGES := ubuntu.i386 freebsd netbsd openbsd centos fedora
 IMAGES_DIR := $(HOME)/.cache/qemu-vm/images
 IMAGE_FILES := $(patsubst %, $(IMAGES_DIR)/%.img, $(IMAGES))
 
@@ -16,6 +16,7 @@ vm-test:
@echo "  vm-build-netbsd - Build QEMU in NetBSD VM"
@echo "  vm-build-openbsd- Build QEMU in OpenBSD VM"
@echo "  vm-build-centos - Build QEMU in CentOS VM, 
with Docker"
+   @echo "  vm-build-fedora - Build QEMU in Fedora VM"
@echo ""
@echo "  vm-build-all- Build QEMU in all VMs"
@echo "  vm-clean-all- Clean up VM images"
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 8894267f07..d4b816be14 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -205,7 +205,7 @@ class BaseVM(object):
 # log console line
 sys.stderr.write("con recv: %s\n" % line)
 
-def console_wait(self, expect):
+def console_wait(self, expect, expectalt = None):
 vm = self._guest
 output = ""
 while True:
@@ -214,6 +214,8 @@ class BaseVM(object):
 except socket.timeout:
 sys.stderr.write("console: *** read timeout ***\n")
 sys.stderr.write("console: waiting for: '%s'\n" % expect)
+if not expectalt is None:
+sys.stderr.write("console: waiting for: '%s' (alt)\n" % 
expectalt)
 sys.stderr.write("console: line buffer:\n")
 sys.stderr.write("\n")
 self.console_log(output.rstrip())
@@ -222,6 +224,8 @@ class BaseVM(object):
 output += chars.decode("latin1")
 if expect in output:
 break
+if not expectalt is None and expectalt in output:
+break
 if "\r" in output or "\n" in output:
 lines = re.split("[\r\n]", output)
 output = lines.pop()
@@ -229,6 +233,9 @@ class BaseVM(object):
 self.console_log("\n".join(lines))
 if self.debug:
 self.console_log(output)
+if not expectalt is None and expectalt in output:
+return False
+return True
 
 def console_send(self, command):
 vm = self._guest
diff --git a/tests/vm/fedora b/tests/vm/fedora
new file mode 100755
index 00..c5621d0832
--- /dev/null
+++ b/tests/vm/fedora
@@ -0,0 +1,187 @@
+#!/usr/bin/env python
+#
+# Fedora VM image
+#
+# Copyright 2019 Red Hat Inc.
+#
+# Authors:
+#  Gerd Hoffmann 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import re
+import sys
+import time
+import socket
+import subprocess
+import basevm
+
+class FedoraVM(basevm.BaseVM):
+name = "fedora"
+arch = "x86_64"
+
+base = "http://dl.fedoraproject.org/pub/fedora/linux/releases/30/";
+link = base + "Server/x86_64/iso/Fedora-Server-netinst-x86_64-30-1.2.iso"
+repo = base + "Server/x86_64/os/"
+full = base + "Everything/x86_64/os/"
+csum = "5e4eac4566d8c572bfb3bcf54b7d6c82006ec3c6c882a2c9235c6d3494d7b100"
+size = "20G"
+pkgs = [
+# tools
+'git-core',
+'flex', 'bison',
+'gcc', 'binutils', 'make',
+
+# perl
+'perl-Test-Harness',
+
+# libs: usb
+'"pkgconfig(libusb-1.0)"',
+'"pkgconfig(libusbredirparser-0.5)"',
+
+# libs: crypto
+'"pkgconfig(gnutls)"',
+
+# libs: ui
+'"pkgconfig(sdl2)"',
+'"pkgconfig(gtk+-3.0)"',
+'"pkgconfig(ncursesw)"',
+
+# libs: audio
+'"pkgconfig(libpulse)"',
+'"pkgconfig(alsa)"',
+]
+
+BUILD_SCRIPT = """
+set -e;
+rm -rf /home/qemu/qemu-test.*
+cd $(mktemp -d /home/qemu/qemu-test.XX);
+mkdir src build; cd src;
+tar -xf /dev/vdb;
+cd ../build
+../src/configure --python=python3 {configure_opts};
+gmake --output-sync -j{jobs} {target} {verbose};
+"""
+
+def b

[Qemu-devel] [PULL 35/52] gdbstub: Implement thread_alive (T pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Reviewed-by: Alex Bennée 
Message-Id: <20190529064148.19856-4-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 120e52f5d2..ad00f223f2 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1507,6 +1507,30 @@ static void handle_detach(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 put_packet(s, "OK");
 }
 
+static void handle_thread_alive(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+CPUState *cpu;
+
+if (!gdb_ctx->num_params) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+if (gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
+  gdb_ctx->params[0].thread_id.tid);
+if (!cpu) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+put_packet(gdb_ctx->s, "OK");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1807,17 +1831,14 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 }
 break;
 case 'T':
-thread_kind = read_thread_id(p, &p, &pid, &tid);
-if (thread_kind == GDB_READ_THREAD_ERR) {
-put_packet(s, "E22");
-break;
-}
-cpu = gdb_get_cpu(s, pid, tid);
-
-if (cpu != NULL) {
-put_packet(s, "OK");
-} else {
-put_packet(s, "E22");
+{
+static const GdbCmdParseEntry thread_alive_cmd_desc = {
+.handler = handle_thread_alive,
+.cmd = "T",
+.cmd_startswith = 1,
+.schema = "t0"
+};
+cmd_parser = &thread_alive_cmd_desc;
 }
 break;
 case 'q':
-- 
2.20.1

[Qemu-devel] [PULL 21/52] tests/vm: openbsd autoinstall, using serial console

[Alex Bennée]

From: Gerd Hoffmann 

Instead of fetching the prebuilt image from patchew download the install
iso and prepare the image locally.  Install to disk, using the serial
console.  Create qemu user, configure ssh login.  Install packages
needed for qemu builds.

Signed-off-by: Gerd Hoffmann 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190520124716.30472-11-kra...@redhat.com>
Signed-off-by: Alex Bennée 

diff --git a/tests/vm/openbsd b/tests/vm/openbsd
index 2105c01a26..c5f0a15218 100755
--- a/tests/vm/openbsd
+++ b/tests/vm/openbsd
@@ -2,10 +2,11 @@
 #
 # OpenBSD VM image
 #
-# Copyright 2017 Red Hat Inc.
+# Copyright 2017-2019 Red Hat Inc.
 #
 # Authors:
 #  Fam Zheng 
+#  Gerd Hoffmann 
 #
 # This code is licensed under the GPL version 2 or later.  See
 # the COPYING file in the top-level directory.
@@ -13,34 +14,165 @@
 
 import os
 import sys
+import socket
 import subprocess
 import basevm
 
 class OpenBSDVM(basevm.BaseVM):
 name = "openbsd"
 arch = "x86_64"
+
+link = "https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/install65.iso";
+csum = "38d1f8cadd502f1c27bf05c5abde6cc505dd28f3f34f8a941048ff9a54f9f608"
+size = "20G"
+pkgs = [
+# tools
+"git",
+"pkgconf",
+"bzip2", "xz",
+
+# gnu tools
+"bash",
+"gmake",
+"gsed",
+"bison",
+
+# libs: usb
+"libusb1",
+
+# libs: crypto
+"gnutls",
+
+# libs: images
+"jpeg",
+"png",
+
+   # libs: ui
+"sdl2",
+"gtk+3",
+"libxkbcommon",
+]
+
 BUILD_SCRIPT = """
 set -e;
-rm -rf /var/tmp/qemu-test.*
-cd $(mktemp -d /var/tmp/qemu-test.XX);
+rm -rf /home/qemu/qemu-test.*
+cd $(mktemp -d /home/qemu/qemu-test.XX);
+mkdir src build; cd src;
 tar -xf /dev/rsd1c;
-./configure --cc=x86_64-unknown-openbsd6.1-gcc-4.9.4 
--python=python2.7 {configure_opts};
-gmake --output-sync -j{jobs} {verbose};
-# XXX: "gmake check" seems to always hang or fail
-#gmake --output-sync -j{jobs} check {verbose};
+cd ../build
+../src/configure --cc=cc --python=python3 {configure_opts};
+gmake --output-sync -j{jobs} {target} {verbose};
 """
+poweroff = "halt -p"
 
 def build_image(self, img):
-cimg = 
self._download_with_cache("http://download.patchew.org/openbsd-6.1-amd64.img.xz";,
-
sha256sum='8c6cedc483e602cfee5e04f0406c64eb99138495e8ca580bc0293bcf0640c1bf')
-img_tmp_xz = img + ".tmp.xz"
+self.print_step("Downloading install iso")
+cimg = self._download_with_cache(self.link, sha256sum=self.csum)
 img_tmp = img + ".tmp"
-sys.stderr.write("Extracting the image...\n")
-subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
-subprocess.check_call(["xz", "-dvf", img_tmp_xz])
+iso = img + ".install.iso"
+
+self.print_step("Preparing iso and disk image")
+subprocess.check_call(["cp", "-f", cimg, iso])
+subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
+   img_tmp, self.size])
+
+self.print_step("Booting installer")
+self.boot(img_tmp, extra_args = [
+"-machine", "graphics=off",
+"-cdrom", iso
+])
+self.console_init()
+self.console_wait_send("boot>", "set tty com0\n")
+self.console_wait_send("boot>", "\n")
+
+# pre-install configuration
+self.console_wait_send("(I)nstall",   "i\n")
+self.console_wait_send("Terminal type",   "xterm\n")
+self.console_wait_send("System hostname", "openbsd\n")
+self.console_wait_send("Which network interface", "vio0\n")
+self.console_wait_send("IPv4 address","dhcp\n")
+self.console_wait_send("IPv6 address","none\n")
+self.console_wait_send("Which network interface", "done\n")
+self.console_wait_send("DNS domain name", "localnet\n")
+self.console_wait("Password for root account")
+self.console_send("%s\n" % self.ROOT_PASS)
+self.console_wait("Password for root account")
+self.console_send("%s\n" % self.ROOT_PASS)
+self.console_wait_send("Start sshd(8)",   "yes\n")
+self.console_wait_send("X Window System", "\n")
+self.console_wait_send("xenodm",  "\n")
+self.console_wait_send("console to com0", "\n")
+self.console_wait_send("Which speed", "\n")
+
+self.console_wait("Setup a user")
+self.console_send("%s\n" % self.GUEST_USER)
+self.console_wait("Full name")
+self.console_send("%s\n" % self.GUEST_USER)
+self.console_wait("Password")
+self.console_send("%s\n" % self.GUEST_PASS)
+self.console_wait("Password")
+  

[Qemu-devel] [PULL 49/52] gdbstub: Implement generic set/query (Q/q pkt) with new infra

[Alex Bennée]

From: Jon Doron 

The generic set/query packets contains implementation for varioius
sub-commands which are required for GDB and also additional commands
which are QEMU specific.

To see which QEMU specific commands are available use the command
gdb> maintenance packet qqemu.Supported

Currently the only implemented QEMU specific command is the command
that sets the single step behavior.

gdb> maintenance packet qqemu.sstepbits
Will display the MASK bits used to control the single stepping.

gdb> maintenance packet qqemu.sstep
Will display the current value of the mask used when single stepping.

gdb> maintenance packet Qqemu.sstep:HEX_VALUE
Will change the single step mask.

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-18-ari...@gmail.com>
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 5a4d10f1c0..c45cefd721 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1130,14 +1130,6 @@ static GDBThreadIdKind read_thread_id(const char *buf, 
const char **end_buf,
 return GDB_ONE_THREAD;
 }
 
-static int is_query_packet(const char *p, const char *query, char separator)
-{
-unsigned int query_len = strlen(query);
-
-return strncmp(p, query, query_len) == 0 &&
-(p[query_len] == '\0' || p[query_len] == separator);
-}
-
 /**
  * gdb_handle_vcont - Parses and handles a vCont packet.
  * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
@@ -1918,18 +1910,368 @@ static void handle_v_commands(GdbCmdContext *gdb_ctx, 
void *user_ctx)
 }
 }
 
-static int gdb_handle_packet(GDBState *s, const char *line_buf)
+static void handle_query_qemu_sstepbits(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf),
+ "ENABLE=%x,NOIRQ=%x,NOTIMER=%x", SSTEP_ENABLE,
+ SSTEP_NOIRQ, SSTEP_NOTIMER);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
+static void handle_set_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (!gdb_ctx->num_params) {
+return;
+}
+
+sstep_flags = gdb_ctx->params[0].val_ul;
+put_packet(gdb_ctx->s, "OK");
+}
+
+static void handle_query_qemu_sstep(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "0x%x", sstep_flags);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
+static void handle_query_curr_tid(GdbCmdContext *gdb_ctx, void *user_ctx)
 {
 CPUState *cpu;
 GDBProcess *process;
+char thread_id[16];
+
+/*
+ * "Current thread" remains vague in the spec, so always return
+ * the first thread of the current process (gdb returns the
+ * first thread).
+ */
+process = gdb_get_cpu_process(gdb_ctx->s, gdb_ctx->s->g_cpu);
+cpu = get_first_cpu_in_process(gdb_ctx->s, process);
+gdb_fmt_thread_id(gdb_ctx->s, cpu, thread_id, sizeof(thread_id));
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "QC%s", thread_id);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+}
+
+static void handle_query_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+char thread_id[16];
+
+if (!gdb_ctx->s->query_cpu) {
+put_packet(gdb_ctx->s, "l");
+return;
+}
+
+gdb_fmt_thread_id(gdb_ctx->s, gdb_ctx->s->query_cpu, thread_id,
+  sizeof(thread_id));
+snprintf(gdb_ctx->str_buf, sizeof(gdb_ctx->str_buf), "m%s", thread_id);
+put_packet(gdb_ctx->s, gdb_ctx->str_buf);
+gdb_ctx->s->query_cpu =
+gdb_next_attached_cpu(gdb_ctx->s, gdb_ctx->s->query_cpu);
+}
+
+static void handle_query_first_threads(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+gdb_ctx->s->query_cpu = gdb_first_attached_cpu(gdb_ctx->s);
+handle_query_threads(gdb_ctx, user_ctx);
+}
+
+static void handle_query_thread_extra(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+CPUState *cpu;
+int len;
+
+if (!gdb_ctx->num_params ||
+gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
+put_packet(gdb_ctx->s, "E22");
+return;
+}
+
+cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
+  gdb_ctx->params[0].thread_id.tid);
+if (!cpu) {
+return;
+}
+
+cpu_synchronize_state(cpu);
+
+if (gdb_ctx->s->multiprocess && (gdb_ctx->s->process_num > 1)) {
+/* Print the CPU model and name in multiprocess mode */
+ObjectClass *oc = object_get_class(OBJECT(cpu));
+const char *cpu_model = object_class_get_name(oc);
+char *cpu_name = object_get_canonical_path_component(OBJECT(cpu));
+len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 2,
+   "%s %s [%s]", cpu_model, cpu_name,
+   cpu->halted ? "halted " : "running");
+g_free(cpu_name);
+} else {
+/* memtohex() doubles the required space */
+len = snprintf((char *)gdb_ctx->mem_buf, sizeof(gdb_ctx->str_buf) / 2,
+"CPU#%d [%s]", cpu->cpu_index,
+cpu->ha

[Qemu-devel] [PULL 34/52] gdbstub: Implement deatch (D pkt) with new infra

[Alex Bennée]

From: Jon Doron 

Signed-off-by: Jon Doron 
Message-Id: <20190529064148.19856-3-ari...@gmail.com>
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 

diff --git a/gdbstub.c b/gdbstub.c
index 09fe5a4b99..120e52f5d2 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1413,11 +1413,6 @@ static inline int startswith(const char *string, const 
char *pattern)
   return !strncmp(string, pattern, strlen(pattern));
 }
 
-static int process_string_cmd(
-GDBState *s, void *user_ctx, const char *data,
-const GdbCmdParseEntry *cmds, int num_cmds)
-__attribute__((unused));
-
 static int process_string_cmd(GDBState *s, void *user_ctx, const char *data,
   const GdbCmdParseEntry *cmds, int num_cmds)
 {
@@ -1463,6 +1458,55 @@ static int process_string_cmd(GDBState *s, void 
*user_ctx, const char *data,
 return -1;
 }
 
+static void run_cmd_parser(GDBState *s, const char *data,
+   const GdbCmdParseEntry *cmd)
+{
+if (!data) {
+return;
+}
+
+/* In case there was an error during the command parsing we must
+* send a NULL packet to indicate the command is not supported */
+if (process_string_cmd(s, NULL, data, cmd, 1)) {
+put_packet(s, "");
+}
+}
+
+static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+GDBProcess *process;
+GDBState *s = gdb_ctx->s;
+uint32_t pid = 1;
+
+if (s->multiprocess) {
+if (!gdb_ctx->num_params) {
+put_packet(s, "E22");
+return;
+}
+
+pid = gdb_ctx->params[0].val_ul;
+}
+
+process = gdb_get_process(s, pid);
+gdb_process_breakpoint_remove_all(s, process);
+process->attached = false;
+
+if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
+s->c_cpu = gdb_first_attached_cpu(s);
+}
+
+if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
+s->g_cpu = gdb_first_attached_cpu(s);
+}
+
+if (!s->c_cpu) {
+/* No more process attached */
+gdb_syscall_mode = GDB_SYS_DISABLED;
+gdb_continue(s);
+}
+put_packet(s, "OK");
+}
+
 static int gdb_handle_packet(GDBState *s, const char *line_buf)
 {
 CPUState *cpu;
@@ -1477,6 +1521,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 uint8_t *registers;
 target_ulong addr, len;
 GDBThreadIdKind thread_kind;
+const GdbCmdParseEntry *cmd_parser = NULL;
 
 trace_gdbstub_io_command(line_buf);
 
@@ -1577,42 +1622,15 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 error_report("QEMU: Terminated via GDBstub");
 exit(0);
 case 'D':
-/* Detach packet */
-pid = 1;
-
-if (s->multiprocess) {
-unsigned long lpid;
-if (*p != ';') {
-put_packet(s, "E22");
-break;
-}
-
-if (qemu_strtoul(p + 1, &p, 16, &lpid)) {
-put_packet(s, "E22");
-break;
-}
-
-pid = lpid;
-}
-
-process = gdb_get_process(s, pid);
-gdb_process_breakpoint_remove_all(s, process);
-process->attached = false;
-
-if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
-s->c_cpu = gdb_first_attached_cpu(s);
-}
-
-if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
-s->g_cpu = gdb_first_attached_cpu(s);
-}
-
-if (s->c_cpu == NULL) {
-/* No more process attached */
-gdb_syscall_mode = GDB_SYS_DISABLED;
-gdb_continue(s);
+{
+static const GdbCmdParseEntry detach_cmd_desc = {
+.handler = handle_detach,
+.cmd = "D",
+.cmd_startswith = 1,
+.schema = "?.l0"
+};
+cmd_parser = &detach_cmd_desc;
 }
-put_packet(s, "OK");
 break;
 case 's':
 if (*p != '\0') {
@@ -1985,6 +2003,9 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 put_packet(s, buf);
 break;
 }
+
+run_cmd_parser(s, line_buf, cmd_parser);
+
 return RS_IDLE;
 }
 
-- 
2.20.1

[Qemu-devel] [PULL 03/35] s390x/tcg: Implement VECTOR FIND ANY ELEMENT EQUAL

[Cornelia Huck]

From: David Hildenbrand 

Complicated stuff. Provide two different helpers for CC an !CC handling.
We might want to add more helpers later.

zero_search() and match_index() are courtesy of Richard H.

Reviewed-by: Richard Henderson 
Signed-off-by: David Hildenbrand 
---
 target/s390x/Makefile.objs   |   2 +-
 target/s390x/helper.h|   8 ++
 target/s390x/insn-data.def   |   5 +
 target/s390x/translate_vx.inc.c  |  30 ++
 target/s390x/vec_string_helper.c | 154 +++
 5 files changed, 198 insertions(+), 1 deletion(-)
 create mode 100644 target/s390x/vec_string_helper.c

diff --git a/target/s390x/Makefile.objs b/target/s390x/Makefile.objs
index 0316457880d8..ffdd484ef05e 100644
--- a/target/s390x/Makefile.objs
+++ b/target/s390x/Makefile.objs
@@ -1,7 +1,7 @@
 obj-y += cpu.o cpu_models.o cpu_features.o gdbstub.o interrupt.o helper.o
 obj-$(CONFIG_TCG) += translate.o cc_helper.o excp_helper.o fpu_helper.o
 obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o crypto_helper.o
-obj-$(CONFIG_TCG) += vec_helper.o vec_int_helper.o
+obj-$(CONFIG_TCG) += vec_helper.o vec_int_helper.o vec_string_helper.o
 obj-$(CONFIG_SOFTMMU) += machine.o ioinst.o arch_dump.o mmu_helper.o diag.o
 obj-$(CONFIG_SOFTMMU) += sigp.o
 obj-$(CONFIG_KVM) += kvm.o
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 7755a96c3371..c45328cf73c1 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -211,6 +211,14 @@ DEF_HELPER_FLAGS_4(gvec_vscbi8, TCG_CALL_NO_RWG, void, 
ptr, cptr, cptr, i32)
 DEF_HELPER_FLAGS_4(gvec_vscbi16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
 DEF_HELPER_4(gvec_vtm, void, ptr, cptr, env, i32)
 
+/* === Vector String Instructions === */
+DEF_HELPER_FLAGS_4(gvec_vfae8, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfae16, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_FLAGS_4(gvec_vfae32, TCG_CALL_NO_RWG, void, ptr, cptr, cptr, i32)
+DEF_HELPER_5(gvec_vfae_cc8, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfae_cc16, void, ptr, cptr, cptr, env, i32)
+DEF_HELPER_5(gvec_vfae_cc32, void, ptr, cptr, cptr, env, i32)
+
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_3(servc, i32, env, i64, i64)
 DEF_HELPER_4(diag, void, env, i32, i32, i32)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index e61475bdc483..070ce2a471e0 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1191,6 +1191,11 @@
 /* VECTOR TEST UNDER MASK */
 F(0xe7d8, VTM, VRR_a, V,   0, 0, 0, 0, vtm, 0, IF_VEC)
 
+/* === Vector String Instructions === */
+
+/* VECTOR FIND ANY ELEMENT EQUAL */
+F(0xe782, VFAE,VRR_b, V,   0, 0, 0, 0, vfae, 0, IF_VEC)
+
 #ifndef CONFIG_USER_ONLY
 /* COMPARE AND SWAP AND PURGE */
 E(0xb250, CSP, RRE,   Z,   r1_32u, ra2, r1_P, 0, csp, 0, MO_TEUL, 
IF_PRIV)
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
index 7e0bfcb1907c..ebd7a877f17d 100644
--- a/target/s390x/translate_vx.inc.c
+++ b/target/s390x/translate_vx.inc.c
@@ -2353,3 +2353,33 @@ static DisasJumpType op_vtm(DisasContext *s, DisasOps *o)
 set_cc_static(s);
 return DISAS_NEXT;
 }
+
+static DisasJumpType op_vfae(DisasContext *s, DisasOps *o)
+{
+const uint8_t es = get_field(s->fields, m4);
+const uint8_t m5 = get_field(s->fields, m5);
+static gen_helper_gvec_3 * const g[3] = {
+gen_helper_gvec_vfae8,
+gen_helper_gvec_vfae16,
+gen_helper_gvec_vfae32,
+};
+static gen_helper_gvec_3_ptr * const g_cc[3] = {
+gen_helper_gvec_vfae_cc8,
+gen_helper_gvec_vfae_cc16,
+gen_helper_gvec_vfae_cc32,
+};
+if (es > ES_32) {
+gen_program_exception(s, PGM_SPECIFICATION);
+return DISAS_NORETURN;
+}
+
+if (extract32(m5, 0, 1)) {
+gen_gvec_3_ptr(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), cpu_env, m5, g_cc[es]);
+set_cc_static(s);
+} else {
+gen_gvec_3_ool(get_field(s->fields, v1), get_field(s->fields, v2),
+   get_field(s->fields, v3), m5, g[es]);
+}
+return DISAS_NEXT;
+}
diff --git a/target/s390x/vec_string_helper.c b/target/s390x/vec_string_helper.c
new file mode 100644
index ..56dc89c824de
--- /dev/null
+++ b/target/s390x/vec_string_helper.c
@@ -0,0 +1,154 @@
+/*
+ * QEMU TCG support -- s390x vector string instruction support
+ *
+ * Copyright (C) 2019 Red Hat Inc
+ *
+ * Authors:
+ *   David Hildenbrand 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "internal.h"
+#include "vec.h"
+#include "tcg/tcg.h"
+#include "tcg/tcg-gvec-desc.h"
+#include "exec/helper-proto.h"
+
+/*
+ * Returns a bit set in the MSB of each element that is zero,
+ * as defined by the mask.
+ */
+static inline uint64_t zer