Re: [Qemu-devel] [PATCH v2 02/15] target/ppc: remove getVSR()/putVSR() from mem_helper.c

[Mark Cave-Ayland]

On 12/06/2019 02:04, David Gibson wrote:

> On Sun, Jun 02, 2019 at 12:08:50PM +0100, Mark Cave-Ayland wrote:
>> Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
>> registers are in host endian order" functions getVSR() and putVSR() which 
>> used
>> to convert the VSR registers into host endian order are no longer required.
>>
>> Signed-off-by: Mark Cave-Ayland 
>> ---
>>  target/ppc/mem_helper.c | 25 ++---
>>  1 file changed, 14 insertions(+), 11 deletions(-)
>>
>> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
>> index 5b0f9ee50d..17a3c931a9 100644
>> --- a/target/ppc/mem_helper.c
>> +++ b/target/ppc/mem_helper.c
>> @@ -417,26 +417,27 @@ STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
>>  void helper_##name(CPUPPCState *env, target_ulong addr, \
>> target_ulong xt_num, target_ulong rb)\
>>  {   \
>> -int i;  \
>> -ppc_vsr_t xt;   \
>> +ppc_vsr_t *xt = &env->vsr[xt_num];  \
>> +ppc_vsr_t t;\
>>  uint64_t nb = GET_NB(rb);   \
>> +int i;  \
>>  \
>> -xt.s128 = int128_zero();\
>> +t.s128 = int128_zero(); \
>>  if (nb) {   \
>>  nb = (nb >= 16) ? 16 : nb;  \
>>  if (msr_le && !lj) {\
>>  for (i = 16; i > 16 - nb; i--) {\
>> -xt.VsrB(i - 1) = cpu_ldub_data_ra(env, addr, GETPC());  \
>> +t.VsrB(i - 1) = cpu_ldub_data_ra(env, addr, GETPC());   \
>>  addr = addr_add(env, addr, 1);  \
>>  }   \
>>  } else {\
>>  for (i = 0; i < nb; i++) {  \
>> -xt.VsrB(i) = cpu_ldub_data_ra(env, addr, GETPC());  \
>> +t.VsrB(i) = cpu_ldub_data_ra(env, addr, GETPC());   \
>>  addr = addr_add(env, addr, 1);  \
>>  }   \
>>  }   \
>>  }   \
>> -putVSR(xt_num, &xt, env);   \
>> +*xt = t;\
>>  }
>>  
>>  VSX_LXVL(lxvl, 0)
>> @@ -447,26 +448,28 @@ VSX_LXVL(lxvll, 1)
>>  void helper_##name(CPUPPCState *env, target_ulong addr,   \
>> target_ulong xt_num, target_ulong rb)  \
>>  { \
>> -int i;\
>> -ppc_vsr_t xt; \
>> +ppc_vsr_t *xt = &env->vsr[xt_num];\
>> +ppc_vsr_t t = *xt;\
>>  target_ulong nb = GET_NB(rb); \
>> +int i;\
>>\
>>  if (!nb) {\
>>  return;   \
>>  } \
>> -getVSR(xt_num, &xt, env); \
>> +  \
>>  nb = (nb >= 16) ? 16 : nb;\
>>  if (msr_le && !lj) {  \
>>  for (i = 16; i > 16 - nb; i--) {  \
>> -cpu_stb_data_ra(env, addr, xt.VsrB(i - 1), GETPC());  \
>> +cpu_stb_data_ra(env, addr, t.VsrB(i - 1), GETPC());   \
>>  addr = addr_add(env, addr, 1);\
>>  } \
>>  } else {  \
>>  for (i = 0; i < nb; i++) {\
>> -cpu_stb_data_ra(env, addr, xt.VsrB(i), GETPC());  \
>> +cpu_stb_data

Re: [Qemu-devel] [PATCH v2 02/15] target/ppc: remove getVSR()/putVSR() from mem_helper.c

[Mark Cave-Ayland]

On 12/06/2019 20:47, Richard Henderson wrote:

> On 6/2/19 4:08 AM, Mark Cave-Ayland wrote:
>> -getVSR(xt_num, &xt, env); \
>> +  \
>>  nb = (nb >= 16) ? 16 : nb;\
>>  if (msr_le && !lj) {  \
>>  for (i = 16; i > 16 - nb; i--) {  \
>> -cpu_stb_data_ra(env, addr, xt.VsrB(i - 1), GETPC());  \
>> +cpu_stb_data_ra(env, addr, t.VsrB(i - 1), GETPC());   \
>>  addr = addr_add(env, addr, 1);\
>>  } \
>>  } else {  \
>>  for (i = 0; i < nb; i++) {\
>> -cpu_stb_data_ra(env, addr, xt.VsrB(i), GETPC());  \
>> +cpu_stb_data_ra(env, addr, t.VsrB(i), GETPC())  ; \
>>  addr = addr_add(env, addr, 1);\
>>  } \
>>  } \
>> +*xt = t;  \
> 
> Do not write back stores.

Yeah, my mistake - David also managed to spot this one.

> Actually, in this case there's no reason to copy t = *xt.  Just store directly
> from xt->VsrB(i).

Okay I'll fix that in v3.


ATB,

Mark.

Re: [Qemu-devel] [PATCH v2 01/15] target/ppc: remove getVSR()/putVSR() from fpu_helper.c

[Mark Cave-Ayland]

On 12/06/2019 20:45, Richard Henderson wrote:

> On 6/2/19 4:08 AM, Mark Cave-Ayland wrote:
>>  void helper_xvxsigsp(CPUPPCState *env, uint32_t opcode)
>>  {
>> -ppc_vsr_t xt, xb;
>> +ppc_vsr_t *xt = &env->vsr[xT(opcode)];
>> +ppc_vsr_t *xb = &env->vsr[xB(opcode)];
>> +ppc_vsr_t t = *xt;
>>  uint32_t exp, i, fraction;
>>  
>> -getVSR(xB(opcode), &xb, env);
>> -memset(&xt, 0, sizeof(xt));
> 
> Change in behaviour -- zero init to copy init.
> 
> Note for future cleanup: most of these initializations do not need to happen,
> because we overwrite all elements of T without consuming the previous value.
> 
> 
>> @@ -3410,23 +3382,22 @@ void helper_xsrqpi(CPUPPCState *env, uint32_t opcode)
>>  env->fp_status.float_exception_flags &= ~float_flag_inexact;
>>  }
>>  
>> -helper_compute_fprf_float128(env, xt.f128);
>> +helper_compute_fprf_float128(env, t.f128);
>> +*xt = t;
>>  do_float_check_status(env, GETPC());
>> -putVSR(rD(opcode) + 32, &xt, env);
> 
> Change in behaviour -- writeback happens before do_float_check_status instead
> of after.  This may well be a bug fix, but if so should happen separately.

I've now fixed both of these. FWIW this is probably going to be my last bit of 
work
on VSX for a while since as I don't have 64-bit reference hardware, and writing 
and
testing these patchsets takes a long time. At least I feel that things are now 
in a
place where people can start to take more advantage of the vector ops should 
they wish.


ATB,

Mark.

Re: [Qemu-devel] [PATCH] RISC-V: Fix a memory leak when realizing a sifive_e

[Palmer Dabbelt]

On Fri, 14 Jun 2019 05:25:50 PDT (-0700), phi...@redhat.com wrote:

On 6/14/19 2:08 PM, Palmer Dabbelt wrote:

Coverity pointed out a memory leak in riscv_sifive_e_soc_realize(),
where a pair of recently added MemoryRegion instances would not be freed
if there were errors elsewhere in the function.  The fix here is to
simply not use dynamic allocation for these instances: there's always
one of each in SiFiveESoCState, so instead we just include them within
the struct.

Thanks to Peter for pointing out the bug and suggesting the fix!


a.k.a. Suggested-by: Peter Maydell 

Maybe the thanks can go below the '---' tag, so it doesn't stay in the
git history.


Works for me.





Fixes: 30efbf330a45 ("SiFive RISC-V GPIO Device")
Signed-off-by: Palmer Dabbelt 


Reviewed-by: Philippe Mathieu-Daudé 


Thanks!




---
 hw/riscv/sifive_e.c | 12 +---
 include/hw/riscv/sifive_e.h |  2 ++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 80ac56fa7d5e..83375afcd1d6 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -158,17 +158,15 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, 
Error **errp)

 SiFiveESoCState *s = RISCV_E_SOC(dev);
 MemoryRegion *sys_mem = get_system_memory();
-MemoryRegion *xip_mem = g_new(MemoryRegion, 1);
-MemoryRegion *mask_rom = g_new(MemoryRegion, 1);

 object_property_set_bool(OBJECT(&s->cpus), true, "realized",
 &error_abort);

 /* Mask ROM */
-memory_region_init_rom(mask_rom, NULL, "riscv.sifive.e.mrom",
+memory_region_init_rom(&s->mask_rom, NULL, "riscv.sifive.e.mrom",
 memmap[SIFIVE_E_MROM].size, &error_fatal);
 memory_region_add_subregion(sys_mem,
-memmap[SIFIVE_E_MROM].base, mask_rom);
+memmap[SIFIVE_E_MROM].base, &s->mask_rom);

 /* MMIO */
 s->plic = sifive_plic_create(memmap[SIFIVE_E_PLIC].base,
@@ -228,10 +226,10 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, 
Error **errp)
 memmap[SIFIVE_E_PWM2].base, memmap[SIFIVE_E_PWM2].size);

 /* Flash memory */
-memory_region_init_ram(xip_mem, NULL, "riscv.sifive.e.xip",
+memory_region_init_ram(&s->xip_mem, NULL, "riscv.sifive.e.xip",
 memmap[SIFIVE_E_XIP].size, &error_fatal);
-memory_region_set_readonly(xip_mem, true);
-memory_region_add_subregion(sys_mem, memmap[SIFIVE_E_XIP].base, xip_mem);
+memory_region_set_readonly(&s->xip_mem, true);
+memory_region_add_subregion(sys_mem, memmap[SIFIVE_E_XIP].base, 
&s->xip_mem);
 }

 static void riscv_sifive_e_machine_init(MachineClass *mc)
diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
index 3b14eb74621f..d175b24cb209 100644
--- a/include/hw/riscv/sifive_e.h
+++ b/include/hw/riscv/sifive_e.h
@@ -33,6 +33,8 @@ typedef struct SiFiveESoCState {
 RISCVHartArrayState cpus;
 DeviceState *plic;
 SIFIVEGPIOState gpio;
+MemoryRegion xip_mem;
+MemoryRegion mask_rom;
 } SiFiveESoCState;

 typedef struct SiFiveEState {

Re: [Qemu-devel] [PATCH 4/7] linux-headers: import improved definition of KVM_GET/SET_NESTED_STATE structs

[Liran Alon]

> On 15 Jun 2019, at 3:42, Paolo Bonzini  wrote:
> 
> This patch improves the KVM_GET/SET_NESTED_STATE structs by detailing
> the format of VMX nested state in a struct.  The VMX nested state is
> accessible through struct kvm_vmx_nested_state though, to avoid
> changing the size of the structs, it has to be accessed as "vmx.data[0]"
> rather than just "vmx.data".
> 
> Also, the values of the "format" field are defined as macros.  This
> patch should be sent to Linus very shortly.
> 
> Signed-off-by: Paolo Bonzini 
> ---
> linux-headers/asm-x86/kvm.h | 11 +++
> 1 file changed, 11 insertions(+)
> 
> diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
> index 7a0e64ccd6..06b8727a3b 100644
> --- a/linux-headers/asm-x86/kvm.h
> +++ b/linux-headers/asm-x86/kvm.h
> @@ -383,6 +383,9 @@ struct kvm_sync_regs {
> #define KVM_X86_QUIRK_LAPIC_MMIO_HOLE (1 << 2)
> #define KVM_X86_QUIRK_OUT_7E_INC_RIP  (1 << 3)
> 
> +#define KVM_STATE_NESTED_FORMAT_VMX  0
> +#define KVM_STATE_NESTED_FORMAT_SVM  1
> +
> #define KVM_STATE_NESTED_GUEST_MODE   0x0001
> #define KVM_STATE_NESTED_RUN_PENDING  0x0002
> #define KVM_STATE_NESTED_EVMCS0x0004
> @@ -390,6 +393,11 @@ struct kvm_sync_regs {
> #define KVM_STATE_NESTED_SMM_GUEST_MODE   0x0001
> #define KVM_STATE_NESTED_SMM_VMXON0x0002
> 
> +struct kvm_vmx_nested_state_data {
> + __u8 vmcs12[0x1000];
> + __u8 shadow_vmcs12[0x1000];
> +};

Do you think we should replace this 0x1000 with VMCS12_SIZE?

> +
> struct kvm_vmx_nested_state {
>   __u64 vmxon_pa;
>   __u64 vmcs_pa;
> @@ -397,6 +405,9 @@ struct kvm_vmx_nested_state {
>   struct {
>   __u16 flags;
>   } smm;
> +
> + __u8 pad[120 - 18];
> + struct kvm_vmx_nested_state_data data[0];
> };

I don’t like this pad[] thing.
It creates weird dependency between the padding in kvm_nested_state and this 
one.
Also, it doesn’t separate nicely between header & data regions.
What do you think on the following alternative patch?
(Note that it should still preserve kvm_nested_state struct size)

-struct kvm_vmx_nested_state {
+struct kvm_vmx_nested_state_data {
+   __u8 vmcs12[0x1000];
+   __u8 shadow_vmcs12[0x1000];
+};
+
+struct kvm_vmx_nested_state_hdr {
__u64 vmxon_pa;
-   __u64 vmcs_pa;
+   __u64 vmcs12_pa;

struct {
__u16 flags;
} smm;
 };

+struct kvm_svm_nested_state_data {
+   /* TODO: Implement */
+};
+
+struct kvm_svm_nested_state_hdr {
+   /* TODO: Implement */
+};
+
 /* for KVM_CAP_NESTED_STATE */
 struct kvm_nested_state {
-   /* KVM_STATE_* flags */
__u16 flags;
-
-   /* 0 for VMX, 1 for SVM.  */
__u16 format;
-
-   /* 128 for SVM, 128 + VMCS size for VMX.  */
__u32 size;

union {
-   /* VMXON, VMCS */
-   struct kvm_vmx_nested_state vmx;
+   struct kvm_vmx_nested_state_hdr vmx;
+   struct kvm_svm_nested_state_hdr svm;

/* Pad the header to 128 bytes.  */
__u8 pad[120];
-   };
+   } hdr;

-   __u8 data[0];
+   /*
+* Define data region as 0 bytes to preserve backwards-compatability
+* to old definition of kvm_nested_state in order to avoid changing
+* KVM_{GET,PUT}_NESTED_STATE ioctl values.
+*/
+   union {
+   struct kvm_vmx_nested_state_data vmx[0];
+   struct kvm_svm_nested_state_data svm[0];
+   } data;
 };

I think this is cleaner.

-Liran

Re: [Qemu-devel] [PATCH v7 2/2] hw/arm: Add arm SBSA reference machine, devices part

[Hongbo Zhang]

On Mon, 3 Jun 2019 at 18:54, Philippe Mathieu-Daudé  wrote:
>
> Hi Hongbo, Ard.
>
> On 4/18/19 6:04 AM, Hongbo Zhang wrote:
> > Following the previous patch, this patch adds peripheral devices to the
> > newly introduced SBSA-ref machine.
> >
> > Signed-off-by: Hongbo Zhang 
> > ---
> >  hw/arm/sbsa-ref.c | 451 
> > ++
> >  1 file changed, 451 insertions(+)
> >
> > diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
> > index 652ec13..3fb0027 100644
> > --- a/hw/arm/sbsa-ref.c
> > +++ b/hw/arm/sbsa-ref.c
> > @@ -21,6 +21,7 @@
> >  #include "qapi/error.h"
> >  #include "qemu/error-report.h"
> >  #include "qemu/units.h"
> > +#include "sysemu/device_tree.h"
> >  #include "sysemu/numa.h"
> >  #include "sysemu/sysemu.h"
> >  #include "exec/address-spaces.h"
> > @@ -28,11 +29,28 @@
> >  #include "kvm_arm.h"
> >  #include "hw/arm/arm.h"
> >  #include "hw/boards.h"
> > +#include "hw/ide/internal.h"
> > +#include "hw/ide/ahci_internal.h"
> >  #include "hw/intc/arm_gicv3_common.h"
> > +#include "hw/loader.h"
> > +#include "hw/pci-host/gpex.h"
> > +#include "hw/usb.h"
> > +#include "net/net.h"
> >
> >  #define RAMLIMIT_GB 8192
> >  #define RAMLIMIT_BYTES (RAMLIMIT_GB * GiB)
> >
> > +#define NUM_IRQS256
> > +#define NUM_SMMU_IRQS   4
> > +#define NUM_SATA_PORTS  6
> > +
> > +#define VIRTUAL_PMU_IRQ7
> > +#define ARCH_GIC_MAINT_IRQ 9
> > +#define ARCH_TIMER_VIRT_IRQ11
> > +#define ARCH_TIMER_S_EL1_IRQ   13
> > +#define ARCH_TIMER_NS_EL1_IRQ  14
> > +#define ARCH_TIMER_NS_EL2_IRQ  10
> > +
> >  enum {
> >  SBSA_FLASH,
> >  SBSA_MEM,
> > @@ -115,6 +133,415 @@ static const int sbsa_ref_irqmap[] = {
> >  [SBSA_EHCI] = 11,
> >  };
> >
> > +/*
> > + * Firmware on this machine only uses ACPI table to load OS, these limited
> > + * device tree nodes are just to let firmware know the info which varies 
> > from
> > + * command line parameters, so it is not necessary to be fully compatible
> > + * with the kernel CPU and NUMA binding rules.
> > + */
> > +static void create_fdt(SBSAMachineState *vms)
> > +{
> > +void *fdt = create_device_tree(&vms->fdt_size);
> > +const MachineState *ms = MACHINE(vms);
> > +int cpu;
> > +
> > +if (!fdt) {
> > +error_report("create_device_tree() failed");
> > +exit(1);
> > +}
> > +
> > +vms->fdt = fdt;
> > +
> > +qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,sbsa-ref");
> > +qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
> > +qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
> > +
> > +if (have_numa_distance) {
> > +int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
> > +uint32_t *matrix = g_malloc0(size);
> > +int idx, i, j;
> > +
> > +for (i = 0; i < nb_numa_nodes; i++) {
> > +for (j = 0; j < nb_numa_nodes; j++) {
> > +idx = (i * nb_numa_nodes + j) * 3;
> > +matrix[idx + 0] = cpu_to_be32(i);
> > +matrix[idx + 1] = cpu_to_be32(j);
> > +matrix[idx + 2] = cpu_to_be32(numa_info[i].distance[j]);
> > +}
> > +}
> > +
> > +qemu_fdt_add_subnode(fdt, "/distance-map");
> > +qemu_fdt_setprop(fdt, "/distance-map", "distance-matrix",
> > + matrix, size);
> > +g_free(matrix);
> > +}
> > +
> > +qemu_fdt_add_subnode(vms->fdt, "/cpus");
> > +
> > +for (cpu = vms->smp_cpus - 1; cpu >= 0; cpu--) {
> > +char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> > +ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
> > +CPUState *cs = CPU(armcpu);
> > +
> > +qemu_fdt_add_subnode(vms->fdt, nodename);
> > +
> > +if (ms->possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
> > +qemu_fdt_setprop_cell(vms->fdt, nodename, "numa-node-id",
> > +ms->possible_cpus->cpus[cs->cpu_index].props.node_id);
> > +}
> > +
> > +g_free(nodename);
> > +}
> > +}
> > +
> > +static void create_one_flash(const char *name, hwaddr flashbase,
> > + hwaddr flashsize, const char *file,
> > + MemoryRegion *sysmem)
> > +{
> > +/*
> > + * Create and map a single flash device. We use the same
> > + * parameters as the flash devices on the Versatile Express board.
> > + */
> > +DriveInfo *dinfo = drive_get_next(IF_PFLASH);
> > +DeviceState *dev = qdev_create(NULL, "cfi.pflash01");
>
> Please use TYPE_PFLASH_CFI01 instead of "cfi.pflash01".
>
> I wanted to ask "does it has to be CFI01?" because this device model is
> in bad shape, but I guess I answered myself looking at the EDK2 platform
> code:
>
> - P30_CFI_ADDR_VENDOR_ID is not used
> - NorFlashDxe::NorFlashReadCfiData() is not implemented
> - All commands in NorFlashDxe uses:
> SEND_NOR_COMMAND(..., P30_CMD_...)
>   which are specific to the Intel P30 Nor flash family (CFI01)

Re: [Qemu-devel] [PATCH V1] Introducing virtio-example.

[Yoni Bettan]

Hi Stefan and thank you for your review.

I am sorry for my late response, I have updated the specification 
according to your review (and Eduardo's review) and sent it to the 
virtio-comment mailing list.


On 5/15/19 12:43 PM, Stefan Hajnoczi wrote:

On Sun, Apr 28, 2019 at 04:26:31PM +0300, Yoni Bettan wrote:

The main goal is to create an example to be used as template or
guideline for contributors when they wish to create a new virtio
device and to document "the right way" to do so.

It consists of several parts:

 1. The device specification
 * it can be found in the device header
 * it will hopefully be added to the official virtio specification

 2. The device implementation for Qemu-KVM hypervisor
 * this patch content

 3. The device driver for linux
 * it will hopefully be added to linux
 * for now it can be found at https://github.com/ybettan/\
 QemuDeviceDrivers/blob/master/virtio/virtio_example_driver.c

 4. A blog on virtio
 * introducing the virtio concept
 * gives some motivation for virtio-devices to be used
 * bring extra documentation on "how to write":
 - device specification
 - device implementation
 - device driver for linux
 * it can be found at https://howtovms.wordpress.com

Signed-off-by: Yoni Bettan 
---

Existing VIRTIO devices provide plenty of examples of how to implement
device emulation and guest drivers.  This device is trivial and doesn't
address the interesting decisions that device designers face.  Its
usefulness is limited.  I don't think it should go into the spec, Linux,
or QEMU.

The following areas would be more helpful than an example device:

  * Expanding "Appendix B. Creating New Device Types" in the spec:

https://docs.oasis-open.org/virtio/virtio/v1.1/cs01/virtio-v1.1-cs01.html#x1-444000B

  * A code commentary of an existing device like virtio-net or
virtio-scsi since they are non-trivial.  That would be a good fit for
a series of blog posts.

  * Improving the doc comments in Linux and QEMU.


RFC -> V1:
 
 * Updated the commit message to be more informative about the full

   working flow.

 * Added the device specification to the device header.

 * Removed the PCI-ID given for the device.
   This was done by forcing the device to be in modern-only mode therefore
   the PCI-ID is now generated automatically.
 
 * Made all requests consist of both input and output buffer instead

   of separating them into 2 different requests.

 * Made the device IO deal with integers instead of strings.
   The user have read/write access to the device using sysfs,
   therefore the driver's input are strings, in the RFC version
   those strings where passed directly to the device and the integer
   conversion was done inside the device, now the driver is handling those
   conversions and the device is unaware of them.

 * Added more documentation for the get_features() function.

 * Simplified the error propagation in virtio_example_pci_realize()
   function.

 * Removed all code of previous previous patch from standard-headers.


  hw/virtio/Makefile.objs|   1 +
  hw/virtio/virtio-example.c | 110 +
  hw/virtio/virtio-pci.c |  47 
  hw/virtio/virtio-pci.h |  14 
  include/hw/virtio/virtio-example.h |  92 
  5 files changed, 264 insertions(+)
  create mode 100644 hw/virtio/virtio-example.c
  create mode 100644 include/hw/virtio/virtio-example.h

diff --git a/hw/virtio/Makefile.objs b/hw/virtio/Makefile.objs
index 1b2799cfd8..7a6fb2505c 100644
--- a/hw/virtio/Makefile.objs
+++ b/hw/virtio/Makefile.objs
@@ -7,6 +7,7 @@ common-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
  common-obj-$(CONFIG_VIRTIO_MMIO) += virtio-mmio.o
  obj-$(CONFIG_VIRTIO_BALLOON) += virtio-balloon.o
  obj-$(CONFIG_VIRTIO_CRYPTO) += virtio-crypto.o
+obj-$(CONFIG_VIRTIO_CRYPTO) += virtio-example.o

CRYPTO? :)


  obj-$(call land,$(CONFIG_VIRTIO_CRYPTO),$(CONFIG_VIRTIO_PCI)) += 
virtio-crypto-pci.o
  
  obj-$(CONFIG_LINUX) += vhost.o vhost-backend.o vhost-user.o

diff --git a/hw/virtio/virtio-example.c b/hw/virtio/virtio-example.c
new file mode 100644
index 00..fd72f7c3a5
--- /dev/null
+++ b/hw/virtio/virtio-example.c
@@ -0,0 +1,110 @@
+/*
+ * A virtio device example.
+ *
+ * Copyright 2019 Red Hat, Inc.
+ * Copyright 2019 Yoni Bettan 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version.  See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/iov.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-example.h"
+
+
+/*
+ * this function is called when the driver 'kick' the virtqueue.
+ * since we can have more than 1 virtqueue we need the vq argument i

[Qemu-devel] [PATCH v3 00/15] target/ppc: remove getVSR()/putVSR() and further tidy-up

[Mark Cave-Ayland]

With the conversion of PPC VSX registers to host endian during the 4.0 
development
cycle, the VSX helpers getVSR() and putVSR() which were used to convert between 
big
endian and host endian (and are currently just a no-op) can now be removed. This
eliminates an extra copy for each VSX source register at runtime.

Patches 1-3 do the elimination work on a per-file basis and switch VSX register
accesses to be via pointers rather than on copies managed using 
getVSR()/putVSR().

After this patches 4-14 change the VSX registers to be passed to helpers via 
pointers
rather than register number so that the decode of the vector register pointers 
occurs
at translation time instead of at runtime. This matches how VMX instructions are
currently decoded.

Finally patch 15 performs some related tidy-up around VSX_FMADD which decodes 
the
a or m form at translation time, allowing a single helper function to be used 
for
both implementations.

Greg: I've added you as CC since you managed to find a bug in my last series. 
This
one is much more mechanical, but if you are able to confirm this doesn't 
introduce
any regressions in your test images then that would be great.

Signed-off-by: Mark Cave-Ayland 

v3:
- Rebase onto master
- Add latest R-B tags from Richard
- Fix zero init in helper_xvxsigsp() in patch 1
- Preserve order of do_float_check_status() in helper_xsrqpi() in patch 1
- Remove accidental write after store in VSX_STXVL() macro, and also just use
  the xt pointer directly in patch 2

v2:
- Rebase onto master
- Use working copy of VSX destination registers in patches 1-3 to keep current
  semantics where src == dest and exception handling
- Add patches 4 and 6 to split out helper functions still requiring an opcode
  parameter
- Remove opcode parameter from GEN_VSX_HELPER_X3 and GEN_VSX_HELPER_X2 as it
  isn't required for the common case
- Drop VSX_TEST_DC improvement patch since it is no longer applicable with the
  removal of opcode from the above macros
- Rework VSX_MADD improvement patch to use a single helper for both a and m
  forms as suggested by Richard


Mark Cave-Ayland (15):
  target/ppc: remove getVSR()/putVSR() from fpu_helper.c
  target/ppc: remove getVSR()/putVSR() from mem_helper.c
  target/ppc: remove getVSR()/putVSR() from int_helper.c
  target/ppc: introduce separate VSX_CMP macro for xvcmp* instructions
  target/ppc: introduce GEN_VSX_HELPER_X3 macro to fpu_helper.c
  target/ppc: introduce separate generator and helper for xscvqpdp
  target/ppc: introduce GEN_VSX_HELPER_X2 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_X2_AB macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_X1 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_R3 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_R2 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_R2_AB macro to fpu_helper.c
  target/ppc: decode target register in VSX_VECTOR_LOAD_STORE_LENGTH at
translation time
  target/ppc: decode target register in VSX_EXTRACT_INSERT at
translation time
  target/ppc: improve VSX_FMADD with new GEN_VSX_HELPER_VSX_MADD macro

 target/ppc/fpu_helper.c | 841 
 target/ppc/helper.h | 320 +++---
 target/ppc/int_helper.c |  26 +-
 target/ppc/internal.h   |  12 -
 target/ppc/mem_helper.c |  25 +-
 target/ppc/translate/vsx-impl.inc.c | 567 
 target/ppc/translate/vsx-ops.inc.c  |  70 +--
 7 files changed, 952 insertions(+), 909 deletions(-)

-- 
2.11.0

[Qemu-devel] [PATCH v3 02/15] target/ppc: remove getVSR()/putVSR() from mem_helper.c

[Mark Cave-Ayland]

Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
registers are in host endian order" functions getVSR() and putVSR() which used
to convert the VSR registers into host endian order are no longer required.

Signed-off-by: Mark Cave-Ayland 
---
 target/ppc/mem_helper.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 5b0f9ee50d..87632ccf53 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -417,26 +417,27 @@ STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
 void helper_##name(CPUPPCState *env, target_ulong addr, \
target_ulong xt_num, target_ulong rb)\
 {   \
-int i;  \
-ppc_vsr_t xt;   \
+ppc_vsr_t *xt = &env->vsr[xt_num];  \
+ppc_vsr_t t;\
 uint64_t nb = GET_NB(rb);   \
+int i;  \
 \
-xt.s128 = int128_zero();\
+t.s128 = int128_zero(); \
 if (nb) {   \
 nb = (nb >= 16) ? 16 : nb;  \
 if (msr_le && !lj) {\
 for (i = 16; i > 16 - nb; i--) {\
-xt.VsrB(i - 1) = cpu_ldub_data_ra(env, addr, GETPC());  \
+t.VsrB(i - 1) = cpu_ldub_data_ra(env, addr, GETPC());   \
 addr = addr_add(env, addr, 1);  \
 }   \
 } else {\
 for (i = 0; i < nb; i++) {  \
-xt.VsrB(i) = cpu_ldub_data_ra(env, addr, GETPC());  \
+t.VsrB(i) = cpu_ldub_data_ra(env, addr, GETPC());   \
 addr = addr_add(env, addr, 1);  \
 }   \
 }   \
 }   \
-putVSR(xt_num, &xt, env);   \
+*xt = t;\
 }
 
 VSX_LXVL(lxvl, 0)
@@ -447,23 +448,23 @@ VSX_LXVL(lxvll, 1)
 void helper_##name(CPUPPCState *env, target_ulong addr,   \
target_ulong xt_num, target_ulong rb)  \
 { \
-int i;\
-ppc_vsr_t xt; \
+ppc_vsr_t *xt = &env->vsr[xt_num];\
 target_ulong nb = GET_NB(rb); \
+int i;\
   \
 if (!nb) {\
 return;   \
 } \
-getVSR(xt_num, &xt, env); \
+  \
 nb = (nb >= 16) ? 16 : nb;\
 if (msr_le && !lj) {  \
 for (i = 16; i > 16 - nb; i--) {  \
-cpu_stb_data_ra(env, addr, xt.VsrB(i - 1), GETPC());  \
+cpu_stb_data_ra(env, addr, xt->VsrB(i - 1), GETPC()); \
 addr = addr_add(env, addr, 1);\
 } \
 } else {  \
 for (i = 0; i < nb; i++) {\
-cpu_stb_data_ra(env, addr, xt.VsrB(i), GETPC());  \
+cpu_stb_data_ra(env, addr, xt->VsrB(i), GETPC()); \
 addr = addr_add(env, addr, 1);\
 } \
 } \
-- 
2.11.0

[Qemu-devel] [PATCH v3 03/15] target/ppc: remove getVSR()/putVSR() from int_helper.c

[Mark Cave-Ayland]

Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
registers are in host endian order" functions getVSR() and putVSR() which used
to convert the VSR registers into host endian order are no longer required.

Now that there are now no more users of getVSR()/putVSR() these functions can
be completely removed.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/int_helper.c | 22 ++
 target/ppc/internal.h   | 12 
 2 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 8ce89f2ad9..3b8939edcc 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -1902,38 +1902,36 @@ VEXTRACT(d, u64)
 void helper_xxextractuw(CPUPPCState *env, target_ulong xtn,
 target_ulong xbn, uint32_t index)
 {
-ppc_vsr_t xt, xb;
+ppc_vsr_t *xt = &env->vsr[xtn];
+ppc_vsr_t *xb = &env->vsr[xbn];
+ppc_vsr_t t = { };
 size_t es = sizeof(uint32_t);
 uint32_t ext_index;
 int i;
 
-getVSR(xbn, &xb, env);
-memset(&xt, 0, sizeof(xt));
-
 ext_index = index;
 for (i = 0; i < es; i++, ext_index++) {
-xt.VsrB(8 - es + i) = xb.VsrB(ext_index % 16);
+t.VsrB(8 - es + i) = xb->VsrB(ext_index % 16);
 }
 
-putVSR(xtn, &xt, env);
+*xt = t;
 }
 
 void helper_xxinsertw(CPUPPCState *env, target_ulong xtn,
   target_ulong xbn, uint32_t index)
 {
-ppc_vsr_t xt, xb;
+ppc_vsr_t *xt = &env->vsr[xtn];
+ppc_vsr_t *xb = &env->vsr[xbn];
+ppc_vsr_t t = *xt;
 size_t es = sizeof(uint32_t);
 int ins_index, i = 0;
 
-getVSR(xbn, &xb, env);
-getVSR(xtn, &xt, env);
-
 ins_index = index;
 for (i = 0; i < es && ins_index < 16; i++, ins_index++) {
-xt.VsrB(ins_index) = xb.VsrB(8 - es + i);
+t.VsrB(ins_index) = xb->VsrB(8 - es + i);
 }
 
-putVSR(xtn, &xt, env);
+*xt = t;
 }
 
 #define VEXT_SIGNED(name, element, cast)\
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index fb6f64ed1e..d3d327e548 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -204,18 +204,6 @@ EXTRACT_HELPER(IMM8, 11, 8);
 EXTRACT_HELPER(DCMX, 16, 7);
 EXTRACT_HELPER_SPLIT_3(DCMX_XV, 5, 16, 0, 1, 2, 5, 1, 6, 6);
 
-static inline void getVSR(int n, ppc_vsr_t *vsr, CPUPPCState *env)
-{
-vsr->VsrD(0) = env->vsr[n].VsrD(0);
-vsr->VsrD(1) = env->vsr[n].VsrD(1);
-}
-
-static inline void putVSR(int n, ppc_vsr_t *vsr, CPUPPCState *env)
-{
-env->vsr[n].VsrD(0) = vsr->VsrD(0);
-env->vsr[n].VsrD(1) = vsr->VsrD(1);
-}
-
 void helper_compute_fprf_float16(CPUPPCState *env, float16 arg);
 void helper_compute_fprf_float32(CPUPPCState *env, float32 arg);
 void helper_compute_fprf_float128(CPUPPCState *env, float128 arg);
-- 
2.11.0

[Qemu-devel] [PATCH v3 05/15] target/ppc: introduce GEN_VSX_HELPER_X3 macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_X3 macro which performs the decode based
upon xT, xA and xB at translation time.

With the previous changes to the VSX_CMP generator and helper macros the
opcode parameter is no longer required in the common case and can be
removed.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c |  42 ---
 target/ppc/helper.h | 120 +++
 target/ppc/translate/vsx-impl.inc.c | 137 
 3 files changed, 151 insertions(+), 148 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index b1ce954354..012dfdac3e 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -1801,11 +1801,9 @@ uint32_t helper_efdcmpeq(CPUPPCState *env, uint64_t op1, 
uint64_t op2)
  *   sfprf - set FPRF
  */
 #define VSX_ADD_SUB(name, op, nels, tp, fld, sfprf, r2sp)\
-void helper_##name(CPUPPCState *env, uint32_t opcode)\
+void helper_##name(CPUPPCState *env, ppc_vsr_t *xt,  \
+   ppc_vsr_t *xa, ppc_vsr_t *xb) \
 {\
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];   \
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
 ppc_vsr_t t = *xt;   \
 int i;   \
  \
@@ -1884,11 +1882,9 @@ void helper_xsaddqp(CPUPPCState *env, uint32_t opcode)
  *   sfprf - set FPRF
  */
 #define VSX_MUL(op, nels, tp, fld, sfprf, r2sp)  \
-void helper_##op(CPUPPCState *env, uint32_t opcode)  \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt,\
+ ppc_vsr_t *xa, ppc_vsr_t *xb)   \
 {\
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];   \
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
 ppc_vsr_t t = *xt;   \
 int i;   \
  \
@@ -1962,11 +1958,9 @@ void helper_xsmulqp(CPUPPCState *env, uint32_t opcode)
  *   sfprf - set FPRF
  */
 #define VSX_DIV(op, nels, tp, fld, sfprf, r2sp)   \
-void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)\
 { \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];\
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];\
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];\
 ppc_vsr_t t = *xt;\
 int i;\
   \
@@ -2304,11 +2298,9 @@ VSX_TSQRT(xvtsqrtsp, 4, float32, VsrW(i), -126, 23)
  *   sfprf - set FPRF
  */
 #define VSX_MADD(op, nels, tp, fld, maddflgs, afrm, sfprf, r2sp)  \
-void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)\
 { \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];\
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];\
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];\
 ppc_vsr_t t = *xt, *b, *c;\
 int i;\
   \
@@ -2402,11 +2394,9 @@ VSX_MADD(xvnmsubmsp, 4, float32, VsrW(i), NMSUB_FLGS, 0, 
0, 0)
  *   svxvc - set VXVC bit
  */
 #define VSX_SCALAR_CMP_DP(op, cmp, exp, svxvc)   

[Qemu-devel] [PATCH v3 09/15] target/ppc: introduce GEN_VSX_HELPER_X1 macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_X1 macro which performs the decode based
upon xB at translation time.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c |  6 ++
 target/ppc/helper.h |  8 
 target/ppc/translate/vsx-impl.inc.c | 24 
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 902d63b139..5fb43b619e 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2236,9 +2236,8 @@ VSX_TDIV(xvtdivsp, 4, float32, VsrW(i), -126, 127, 23)
  *   nbits - number of fraction bits
  */
 #define VSX_TSQRT(op, nels, tp, fld, emin, nbits)   \
-void helper_##op(CPUPPCState *env, uint32_t opcode) \
+void helper_##op(CPUPPCState *env, uint32_t opcode, ppc_vsr_t *xb)  \
 {   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];  \
 int i;  \
 int fe_flag = 0;\
 int fg_flag = 0;\
@@ -3258,9 +3257,8 @@ VSX_TEST_DC(xvtstdcsp, 4, xB(opcode), float32, VsrW(i), 
VsrW(i), UINT32_MAX, 0)
 VSX_TEST_DC(xststdcdp, 1, xB(opcode), float64, VsrD(0), VsrD(0), 0, 1)
 VSX_TEST_DC(xststdcqp, 1, (rB(opcode) + 32), float128, f128, VsrD(0), 0, 1)
 
-void helper_xststdcsp(CPUPPCState *env, uint32_t opcode)
+void helper_xststdcsp(CPUPPCState *env, uint32_t opcode, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];
 uint32_t dcmx, sign, exp;
 uint32_t cc, match = 0, not_sp = 0;
 
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 0ab1ef2aee..a8886c56ad 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -376,7 +376,7 @@ DEF_HELPER_3(xsredp, void, env, vsr, vsr)
 DEF_HELPER_3(xssqrtdp, void, env, vsr, vsr)
 DEF_HELPER_3(xsrsqrtedp, void, env, vsr, vsr)
 DEF_HELPER_4(xstdivdp, void, env, i32, vsr, vsr)
-DEF_HELPER_2(xstsqrtdp, void, env, i32)
+DEF_HELPER_3(xstsqrtdp, void, env, i32, vsr)
 DEF_HELPER_4(xsmaddadp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xsmaddmdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xsmsubadp, void, env, vsr, vsr, vsr)
@@ -423,7 +423,7 @@ DEF_HELPER_3(xscvuxdsp, void, env, vsr, vsr)
 DEF_HELPER_3(xscvsxdsp, void, env, vsr, vsr)
 DEF_HELPER_2(xscvudqp, void, env, i32)
 DEF_HELPER_3(xscvuxddp, void, env, vsr, vsr)
-DEF_HELPER_2(xststdcsp, void, env, i32)
+DEF_HELPER_3(xststdcsp, void, env, i32, vsr)
 DEF_HELPER_2(xststdcdp, void, env, i32)
 DEF_HELPER_2(xststdcqp, void, env, i32)
 DEF_HELPER_3(xsrdpi, void, env, vsr, vsr)
@@ -461,7 +461,7 @@ DEF_HELPER_3(xvredp, void, env, vsr, vsr)
 DEF_HELPER_3(xvsqrtdp, void, env, vsr, vsr)
 DEF_HELPER_3(xvrsqrtedp, void, env, vsr, vsr)
 DEF_HELPER_4(xvtdivdp, void, env, i32, vsr, vsr)
-DEF_HELPER_2(xvtsqrtdp, void, env, i32)
+DEF_HELPER_3(xvtsqrtdp, void, env, i32, vsr)
 DEF_HELPER_4(xvmaddadp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmaddmdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmsubadp, void, env, vsr, vsr, vsr)
@@ -499,7 +499,7 @@ DEF_HELPER_3(xvresp, void, env, vsr, vsr)
 DEF_HELPER_3(xvsqrtsp, void, env, vsr, vsr)
 DEF_HELPER_3(xvrsqrtesp, void, env, vsr, vsr)
 DEF_HELPER_4(xvtdivsp, void, env, i32, vsr, vsr)
-DEF_HELPER_2(xvtsqrtsp, void, env, i32)
+DEF_HELPER_3(xvtsqrtsp, void, env, i32, vsr)
 DEF_HELPER_4(xvmaddasp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmaddmsp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmsubasp, void, env, vsr, vsr, vsr)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 9b4603ac33..8af093d256 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1079,6 +1079,22 @@ static void gen_##name(DisasContext *ctx)
 \
 tcg_temp_free_ptr(xb);\
 }
 
+#define GEN_VSX_HELPER_X1(name, op1, op2, inval, type)\
+static void gen_##name(DisasContext *ctx) \
+{ \
+TCGv_i32 opc; \
+TCGv_ptr xb;  \
+if (unlikely(!ctx->vsx_enabled)) {\
+gen_exception(ctx, POWERPC_EXCP_VSXU);\
+return;   \
+} \
+opc = tcg_const_i32(ctx->opcode); \
+xb = gen_vsr_ptr(xB(ctx->opcode));

[Qemu-devel] [PATCH v3 06/15] target/ppc: introduce separate generator and helper for xscvqpdp

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new generator and helper function which perform the decode based
upon xT and xB at translation time.

The xscvqpdp helper is the only 2 parameter xT/xB implementation that requires
the opcode to be passed as an additional parameter, so handling this separately
allows us to optimise the conversion in the next commit.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c |  5 ++---
 target/ppc/helper.h |  2 +-
 target/ppc/translate/vsx-impl.inc.c | 18 +-
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 012dfdac3e..230ee2f072 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2899,10 +2899,9 @@ VSX_CVT_FP_TO_FP_HP(xvcvhpsp, 4, float16, float32, 
VsrH(2 * i + 1), VsrW(i), 0)
  * xscvqpdp isn't using VSX_CVT_FP_TO_FP() because xscvqpdpo will be
  * added to this later.
  */
-void helper_xscvqpdp(CPUPPCState *env, uint32_t opcode)
+void helper_xscvqpdp(CPUPPCState *env, uint32_t opcode,
+ ppc_vsr_t *xt, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];
 ppc_vsr_t t = { };
 float_status tstat;
 
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index f6a97cedc6..5d15166988 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -405,7 +405,7 @@ DEF_HELPER_2(xscvdphp, void, env, i32)
 DEF_HELPER_2(xscvdpqp, void, env, i32)
 DEF_HELPER_2(xscvdpsp, void, env, i32)
 DEF_HELPER_2(xscvdpspn, i64, env, i64)
-DEF_HELPER_2(xscvqpdp, void, env, i32)
+DEF_HELPER_4(xscvqpdp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xscvqpsdz, void, env, i32)
 DEF_HELPER_2(xscvqpswz, void, env, i32)
 DEF_HELPER_2(xscvqpudz, void, env, i32)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index b24be00ccf..ffbe3b0fac 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -999,6 +999,23 @@ VSX_CMP(xvcmpgesp, 0x0C, 0x0A, 0, PPC2_VSX)
 VSX_CMP(xvcmpgtsp, 0x0C, 0x09, 0, PPC2_VSX)
 VSX_CMP(xvcmpnesp, 0x0C, 0x0B, 0, PPC2_VSX)
 
+static void gen_xscvqpdp(DisasContext *ctx)
+{
+TCGv_i32 opc;
+TCGv_ptr xt, xb;
+if (unlikely(!ctx->vsx_enabled)) {
+gen_exception(ctx, POWERPC_EXCP_VSXU);
+return;
+}
+opc = tcg_const_i32(ctx->opcode);
+xt = gen_vsr_ptr(xT(ctx->opcode));
+xb = gen_vsr_ptr(xB(ctx->opcode));
+gen_helper_xscvqpdp(cpu_env, opc, xt, xb);
+tcg_temp_free_i32(opc);
+tcg_temp_free_ptr(xt);
+tcg_temp_free_ptr(xb);
+}
+
 #define GEN_VSX_HELPER_2(name, op1, op2, inval, type) \
 static void gen_##name(DisasContext *ctx) \
 { \
@@ -1087,7 +1104,6 @@ GEN_VSX_HELPER_2(xscvdphp, 0x16, 0x15, 0x11, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvdpsp, 0x12, 0x10, 0, PPC2_VSX)
 GEN_VSX_HELPER_2(xscvdpqp, 0x04, 0x1A, 0x16, PPC2_ISA300)
 GEN_VSX_HELPER_XT_XB_ENV(xscvdpspn, 0x16, 0x10, 0, PPC2_VSX207)
-GEN_VSX_HELPER_2(xscvqpdp, 0x04, 0x1A, 0x14, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvqpsdz, 0x04, 0x1A, 0x19, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvqpswz, 0x04, 0x1A, 0x09, PPC2_ISA300)
 GEN_VSX_HELPER_2(xscvqpudz, 0x04, 0x1A, 0x11, PPC2_ISA300)
-- 
2.11.0

[Qemu-devel] [PATCH v3 04/15] target/ppc: introduce separate VSX_CMP macro for xvcmp* instructions

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new VSX_CMP macro which performs the decode based upon xT, xA
and xB at translation time.

Subsequent commits will make the same changes for other instructions however
the xvcmp* instructions are different in that they return a set of flags to be
optionally written back to the crf[6] register. Move this logic from the
helper function to the generator function, along with the float_status update.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 15 +---
 target/ppc/helper.h | 20 +--
 target/ppc/translate/vsx-impl.inc.c | 49 +++--
 3 files changed, 59 insertions(+), 25 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 8da805d175..b1ce954354 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2746,12 +2746,11 @@ VSX_MAX_MINJ(xsminjdp, 0);
  *   exp   - expected result of comparison
  */
 #define VSX_CMP(op, nels, tp, fld, cmp, svxvc, exp)   \
-void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+uint32_t helper_##op(CPUPPCState *env, ppc_vsr_t *xt, \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)\
 { \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];\
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];\
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];\
 ppc_vsr_t t = *xt;\
+uint32_t crf6 = 0;\
 int i;\
 int all_true = 1; \
 int all_false = 1;\
@@ -2780,11 +2779,9 @@ void helper_##op(CPUPPCState *env, uint32_t opcode)  
 \
 } \
   \
 *xt = t;  \
-if ((opcode >> (31 - 21)) & 1) {  \
-env->crf[6] = (all_true ? 0x8 : 0) | (all_false ? 0x2 : 0);   \
-} \
-do_float_check_status(env, GETPC());  \
- }
+crf6 = (all_true ? 0x8 : 0) | (all_false ? 0x2 : 0);  \
+return crf6;  \
+}
 
 VSX_CMP(xvcmpeqdp, 2, float64, VsrD(i), eq, 0, 1)
 VSX_CMP(xvcmpgedp, 2, float64, VsrD(i), le, 1, 1)
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 02b67a333e..8666415169 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -108,6 +108,10 @@ DEF_HELPER_FLAGS_1(ftsqrt, TCG_CALL_NO_RWG_SE, i32, i64)
 #define dh_ctype_avr ppc_avr_t *
 #define dh_is_signed_avr dh_is_signed_ptr
 
+#define dh_alias_vsr ptr
+#define dh_ctype_vsr ppc_vsr_t *
+#define dh_is_signed_vsr dh_is_signed_ptr
+
 DEF_HELPER_3(vavgub, void, avr, avr, avr)
 DEF_HELPER_3(vavguh, void, avr, avr, avr)
 DEF_HELPER_3(vavguw, void, avr, avr, avr)
@@ -468,10 +472,10 @@ DEF_HELPER_2(xvnmsubadp, void, env, i32)
 DEF_HELPER_2(xvnmsubmdp, void, env, i32)
 DEF_HELPER_2(xvmaxdp, void, env, i32)
 DEF_HELPER_2(xvmindp, void, env, i32)
-DEF_HELPER_2(xvcmpeqdp, void, env, i32)
-DEF_HELPER_2(xvcmpgedp, void, env, i32)
-DEF_HELPER_2(xvcmpgtdp, void, env, i32)
-DEF_HELPER_2(xvcmpnedp, void, env, i32)
+DEF_HELPER_FLAGS_4(xvcmpeqdp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpgedp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpgtdp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpnedp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
 DEF_HELPER_2(xvcvdpsp, void, env, i32)
 DEF_HELPER_2(xvcvdpsxds, void, env, i32)
 DEF_HELPER_2(xvcvdpsxws, void, env, i32)
@@ -506,10 +510,10 @@ DEF_HELPER_2(xvnmsubasp, void, env, i32)
 DEF_HELPER_2(xvnmsubmsp, void, env, i32)
 DEF_HELPER_2(xvmaxsp, void, env, i32)
 DEF_HELPER_2(xvminsp, void, env, i32)
-DEF_HELPER_2(xvcmpeqsp, void, env, i32)
-DEF_HELPER_2(xvcmpgesp, void, env, i32)
-DEF_HELPER_2(xvcmpgtsp, void, env, i32)
-DEF_HELPER_2(xvcmpnesp, void, env, i32)
+DEF_HELPER_FLAGS_4(xvcmpeqsp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpgesp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpgtsp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
+DEF_HELPER_FLAGS_4(xvcmpnesp, TCG_CALL_NO_RWG, i32, env, vsr, vsr, vsr)
 DEF_HELPER_2(xvcvspdp, void, env, i32)
 DEF_HELPER_2(xvcvsphp, void, env, i32)
 DEF_HELPER_2(xvcvhp

[Qemu-devel] [PATCH v3 08/15] target/ppc: introduce GEN_VSX_HELPER_X2_AB macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_X2_AB macro which performs the decode based
upon xA and xB at translation time.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 15 ++-
 target/ppc/helper.h | 12 ++--
 target/ppc/translate/vsx-impl.inc.c | 30 --
 3 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 44dff1b459..902d63b139 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2179,10 +2179,9 @@ VSX_RSQRTE(xvrsqrtesp, 4, float32, VsrW(i), 0, 0)
  *   nbits - number of fraction bits
  */
 #define VSX_TDIV(op, nels, tp, fld, emin, emax, nbits)  \
-void helper_##op(CPUPPCState *env, uint32_t opcode) \
+void helper_##op(CPUPPCState *env, uint32_t opcode, \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)  \
 {   \
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];  \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];  \
 int i;  \
 int fe_flag = 0;\
 int fg_flag = 0;\
@@ -2431,10 +2430,9 @@ VSX_SCALAR_CMP_DP(xscmpgedp, le, 1, 1)
 VSX_SCALAR_CMP_DP(xscmpgtdp, lt, 1, 1)
 VSX_SCALAR_CMP_DP(xscmpnedp, eq, 0, 0)
 
-void helper_xscmpexpdp(CPUPPCState *env, uint32_t opcode)
+void helper_xscmpexpdp(CPUPPCState *env, uint32_t opcode,
+   ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];
 int64_t exp_a, exp_b;
 uint32_t cc;
 
@@ -2492,10 +2490,9 @@ void helper_xscmpexpqp(CPUPPCState *env, uint32_t opcode)
 }
 
 #define VSX_SCALAR_CMP(op, ordered)  \
-void helper_##op(CPUPPCState *env, uint32_t opcode)  \
+void helper_##op(CPUPPCState *env, uint32_t opcode,  \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)   \
 {\
-ppc_vsr_t *xa = &env->vsr[xA(opcode)];   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
 uint32_t cc = 0; \
 bool vxsnan_flag = false, vxvc_flag = false; \
  \
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index f56476ec41..0ab1ef2aee 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -375,7 +375,7 @@ DEF_HELPER_2(xsdivqp, void, env, i32)
 DEF_HELPER_3(xsredp, void, env, vsr, vsr)
 DEF_HELPER_3(xssqrtdp, void, env, vsr, vsr)
 DEF_HELPER_3(xsrsqrtedp, void, env, vsr, vsr)
-DEF_HELPER_2(xstdivdp, void, env, i32)
+DEF_HELPER_4(xstdivdp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xstsqrtdp, void, env, i32)
 DEF_HELPER_4(xsmaddadp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xsmaddmdp, void, env, vsr, vsr, vsr)
@@ -389,10 +389,10 @@ DEF_HELPER_4(xscmpeqdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpgtdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpgedp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpnedp, void, env, vsr, vsr, vsr)
-DEF_HELPER_2(xscmpexpdp, void, env, i32)
+DEF_HELPER_4(xscmpexpdp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xscmpexpqp, void, env, i32)
-DEF_HELPER_2(xscmpodp, void, env, i32)
-DEF_HELPER_2(xscmpudp, void, env, i32)
+DEF_HELPER_4(xscmpodp, void, env, i32, vsr, vsr)
+DEF_HELPER_4(xscmpudp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xscmpoqp, void, env, i32)
 DEF_HELPER_2(xscmpuqp, void, env, i32)
 DEF_HELPER_4(xsmaxdp, void, env, vsr, vsr, vsr)
@@ -460,7 +460,7 @@ DEF_HELPER_4(xvdivdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_3(xvredp, void, env, vsr, vsr)
 DEF_HELPER_3(xvsqrtdp, void, env, vsr, vsr)
 DEF_HELPER_3(xvrsqrtedp, void, env, vsr, vsr)
-DEF_HELPER_2(xvtdivdp, void, env, i32)
+DEF_HELPER_4(xvtdivdp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xvtsqrtdp, void, env, i32)
 DEF_HELPER_4(xvmaddadp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmaddmdp, void, env, vsr, vsr, vsr)
@@ -498,7 +498,7 @@ DEF_HELPER_4(xvdivsp, void, env, vsr, vsr, vsr)
 DEF_HELPER_3(xvresp, void, env, vsr, vsr)
 DEF_HELPER_3(xvsqrtsp, void, env, vsr, vsr)
 DEF_HELPER_3(xvrsqrtesp, void, env, vsr, vsr)
-DEF_HELPER_2(xvtdivsp, void, env, i32)
+DEF_HELPER_4(xvtdivsp, void, env, i32, vsr, vsr)
 DEF_HELPER_2(xvtsqrtsp, void, env, i32)
 DEF_HELPER_4(xvmaddasp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xvmaddmsp, void, env, vsr, vsr, vsr)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translat

[Qemu-devel] [PATCH v3 07/15] target/ppc: introduce GEN_VSX_HELPER_X2 macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_X2 macro which performs the decode based
upon xT and xB at translation time.

With the previous change to the xscvqpdp generator and helper functions the
opcode parameter is no longer required in the common case and can be
removed.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c |  36 +++---
 target/ppc/helper.h | 120 
 target/ppc/translate/vsx-impl.inc.c | 135 
 3 files changed, 144 insertions(+), 147 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 230ee2f072..44dff1b459 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2040,10 +2040,8 @@ void helper_xsdivqp(CPUPPCState *env, uint32_t opcode)
  *   sfprf - set FPRF
  */
 #define VSX_RE(op, nels, tp, fld, sfprf, r2sp)\
-void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, ppc_vsr_t *xb)  \
 { \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];\
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];\
 ppc_vsr_t t = *xt;\
 int i;\
   \
@@ -2082,10 +2080,8 @@ VSX_RE(xvresp, 4, float32, VsrW(i), 0, 0)
  *   sfprf - set FPRF
  */
 #define VSX_SQRT(op, nels, tp, fld, sfprf, r2sp) \
-void helper_##op(CPUPPCState *env, uint32_t opcode)  \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, ppc_vsr_t *xb) \
 {\
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
 ppc_vsr_t t = *xt;   \
 int i;   \
  \
@@ -2132,10 +2128,8 @@ VSX_SQRT(xvsqrtsp, 4, float32, VsrW(i), 0, 0)
  *   sfprf - set FPRF
  */
 #define VSX_RSQRTE(op, nels, tp, fld, sfprf, r2sp)   \
-void helper_##op(CPUPPCState *env, uint32_t opcode)  \
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, ppc_vsr_t *xb) \
 {\
-ppc_vsr_t *xt = &env->vsr[xT(opcode)];   \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
 ppc_vsr_t t = *xt;   \
 int i;   \
  \
@@ -2791,10 +2785,8 @@ VSX_CMP(xvcmpnesp, 4, float32, VsrW(i), eq, 0, 0)
  *   sfprf - set FPRF
  */
 #define VSX_CVT_FP_TO_FP(op, nels, stp, ttp, sfld, tfld, sfprf)\
-void helper_##op(CPUPPCState *env, uint32_t opcode)\
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, ppc_vsr_t *xb)   \
 {  \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)]; \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)]; \
 ppc_vsr_t t = *xt; \
 int i; \
\
@@ -2867,10 +2859,8 @@ VSX_CVT_FP_TO_FP_VECTOR(xscvdpqp, 1, float64, float128, 
VsrD(0), f128, 1)
  *   sfprf - set FPRF
  */
 #define VSX_CVT_FP_TO_FP_HP(op, nels, stp, ttp, sfld, tfld, sfprf) \
-void helper_##op(CPUPPCState *env, uint32_t opcode)\
+void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, ppc_vsr_t *xb)   \
 {  \
-ppc_vsr_t *xt = &env->vsr[xT(opcode)]; \
-ppc_vsr_t *xb = &env->vsr[xB(opcode)]; \
 ppc_vsr_t t = { }; \
 int i; \
\
@@ -2949,11 +2939,9 @@ uint64_t helper_xscvspdpn(CPUPPCState *env, uint64_t xb)
  *   rnan  - resulting NaN
  */
 #define VSX_CVT_FP_TO_INT(op, nels, stp, ttp, sfld, tfld, rnan)  \
-void helper_##op(CPUPPCS

Re: [Qemu-devel] [PATCH 3/7] KVM: i386: Add support for KVM_CAP_EXCEPTION_PAYLOAD

[Liran Alon]

> On 15 Jun 2019, at 3:57, Liran Alon  wrote:
> 
>> On 15 Jun 2019, at 3:42, Paolo Bonzini  wrote:
>> 
>> From: Liran Alon 
>> 
>> +static bool is_vmx_enabled(CPUX86State *env)
>> +{
>> +return (IS_INTEL_CPU(env) && (env->cr[4] & CR4_VMXE_MASK));
>> +}
>> +
>> +static bool is_svm_enabled(CPUX86State *env)
>> +{
>> +return (IS_AMD_CPU(env) && (env->efer & MSR_EFER_SVME));
>> +}
>> +
>> +static bool is_nested_virt_enabled(CPUX86State *env)
>> +{
>> +return (is_vmx_enabled(env) || is_svm_enabled(env));
>> +}
> 
> I have later realised that this nested_virt_enabled() function is not enough 
> to determine if nested_state is required to be sent.
> This is because it may be that vCPU is running L2 but have momentarily 
> entered SMM due to SMI.
> In this case, CR4 & MSR_EFER are saved in SMRAM and are set to 0 on entering 
> to SMM.
> This means that in case (env->hflags & HF_SMM_MASK), we theoretically should 
> have read saved CR4 & MSR_EFER from SMRAM.
> However, because we cannot reference guest memory at this point (Not valid in 
> case we migrate guest in post-copy), I should change
> code to assume that in case (env->hflags & HF_SMM_MASK), we need to assume 
> that nested-state is needed.
> This should break backwards-compatability migration only in very rare cases 
> and therefore I think it should be sufficient.
> Any objections to this idea?
> 

Actually, this is even worse than I originally thought.
Even in case guest is not currently in SMM mode, if it’s in VMX non-root mode, 
the CR4 read here is L2 CR4. Not L1 CR4.
Therefore, CR4.VMXE doesn’t necessarily indicate if guest have 
nested-virtualization enabled. Same is true for MSR_EFER in case of SVM.

Putting this all together, in case kernel doesn’t support extracting 
nested-state, there is no decent way to know if guest is running 
nested-virtualization.
Which means that in theory we always need to fail migration in case kernel 
doesn’t support KVM_CAP_NESTED_STATE or KVM_CAP_EXCEPTION_PAYLOAD
and vCPU is exposed with VMX/SVM capability.

I can condition this behaviour with a flag that can be manipulated using QMP to 
allow user to indicate it wishes to migrate guest anyway in this case.
This however bring me back to the entire discussion I had with Dr. David Alan 
Gilbert on migration backwards compatibility in general and the fact that I 
believe
we should have a generic QMP command which allows to provide list of VMState 
subsections that can be ignored in migration…
See: https://www.mail-archive.com/qemu-devel@nongnu.org/msg622274.html

Paolo, What are your thoughts on how I would proceed with this?

-Liran

[Qemu-devel] [PATCH v3 01/15] target/ppc: remove getVSR()/putVSR() from fpu_helper.c

[Mark Cave-Ayland]

Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
registers are in host endian order" functions getVSR() and putVSR() which used
to convert the VSR registers into host endian order are no longer required.

Signed-off-by: Mark Cave-Ayland 
---
 target/ppc/fpu_helper.c | 762 +++-
 1 file changed, 366 insertions(+), 396 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index ffbd19afa1..8da805d175 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -1803,35 +1803,35 @@ uint32_t helper_efdcmpeq(CPUPPCState *env, uint64_t 
op1, uint64_t op2)
 #define VSX_ADD_SUB(name, op, nels, tp, fld, sfprf, r2sp)\
 void helper_##name(CPUPPCState *env, uint32_t opcode)\
 {\
-ppc_vsr_t xt, xa, xb;\
+ppc_vsr_t *xt = &env->vsr[xT(opcode)];   \
+ppc_vsr_t *xa = &env->vsr[xA(opcode)];   \
+ppc_vsr_t *xb = &env->vsr[xB(opcode)];   \
+ppc_vsr_t t = *xt;   \
 int i;   \
  \
-getVSR(xA(opcode), &xa, env);\
-getVSR(xB(opcode), &xb, env);\
-getVSR(xT(opcode), &xt, env);\
 helper_reset_fpstatus(env);  \
  \
 for (i = 0; i < nels; i++) { \
 float_status tstat = env->fp_status; \
 set_float_exception_flags(0, &tstat);\
-xt.fld = tp##_##op(xa.fld, xb.fld, &tstat);  \
+t.fld = tp##_##op(xa->fld, xb->fld, &tstat); \
 env->fp_status.float_exception_flags |= tstat.float_exception_flags; \
  \
 if (unlikely(tstat.float_exception_flags & float_flag_invalid)) {\
 float_invalid_op_addsub(env, sfprf, GETPC(), \
-tp##_classify(xa.fld) |  \
-tp##_classify(xb.fld));  \
+tp##_classify(xa->fld) | \
+tp##_classify(xb->fld)); \
 }\
  \
 if (r2sp) {  \
-xt.fld = helper_frsp(env, xt.fld);   \
+t.fld = helper_frsp(env, t.fld); \
 }\
  \
 if (sfprf) { \
-helper_compute_fprf_float64(env, xt.fld);\
+helper_compute_fprf_float64(env, t.fld); \
 }\
 }\
-putVSR(xT(opcode), &xt, env);\
+*xt = t; \
 do_float_check_status(env, GETPC()); \
 }
 
@@ -1846,12 +1846,12 @@ VSX_ADD_SUB(xvsubsp, sub, 4, float32, VsrW(i), 0, 0)
 
 void helper_xsaddqp(CPUPPCState *env, uint32_t opcode)
 {
-ppc_vsr_t xt, xa, xb;
+ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
+ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
+ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
+ppc_vsr_t t = *xt;
 float_status tstat;
 
-getVSR(rA(opcode) + 32, &xa, env);
-getVSR(rB(opcode) + 32, &xb, env);
-getVSR(rD(opcode) + 32, &xt, env);
 helper_reset_fpstatus(env);
 
 tstat = env->fp_status;
@@ -1860,18 +1860,18 @@ void helper_xsaddqp(CPUPPCState *env, uint32_t opcode)
 }
 
 set_float_exception_flags(0, &tstat);
-xt.f128 = float128_add(xa.f128, xb.f128, &tstat);
+t.f128 = float128_add(xa->f128, xb->f128, &tstat);
 env->fp_status.float_exception_flags |= tstat.float_exception_flags;
 
 if (unlikely(tstat.float_exc

[Qemu-devel] [PATCH v3 11/15] target/ppc: introduce GEN_VSX_HELPER_R2 macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_R2 macro which performs the decode based
upon rD and rB at translation time.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 30 -
 target/ppc/helper.h | 20 +--
 target/ppc/translate/vsx-impl.inc.c | 38 +++--
 3 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 44970ebec9..cb593517ae 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2808,10 +2808,9 @@ VSX_CVT_FP_TO_FP(xvcvspdp, 2, float32, float64, VsrW(2 * 
i), VsrD(i), 0)
  *   sfprf - set FPRF
  */
 #define VSX_CVT_FP_TO_FP_VECTOR(op, nels, stp, ttp, sfld, tfld, sfprf)\
-void helper_##op(CPUPPCState *env, uint32_t opcode)   \
+void helper_##op(CPUPPCState *env, uint32_t opcode,   \
+ ppc_vsr_t *xt, ppc_vsr_t *xb)\
 {   \
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32]; \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32]; \
 ppc_vsr_t t = *xt;  \
 int i;  \
 \
@@ -2975,10 +2974,9 @@ VSX_CVT_FP_TO_INT(xvcvspuxws, 4, float32, uint32, 
VsrW(i), VsrW(i), 0U)
  *   rnan  - resulting NaN
  */
 #define VSX_CVT_FP_TO_INT_VECTOR(op, stp, ttp, sfld, tfld, rnan) \
-void helper_##op(CPUPPCState *env, uint32_t opcode)  \
+void helper_##op(CPUPPCState *env, uint32_t opcode,  \
+ ppc_vsr_t *xt, ppc_vsr_t *xb)   \
 {\
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];  \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];  \
 ppc_vsr_t t = { };   \
  \
 t.tfld = stp##_to_##ttp##_round_to_zero(xb->sfld, &env->fp_status);  \
@@ -3052,10 +3050,9 @@ VSX_CVT_INT_TO_FP(xvcvuxwsp, 4, uint32, float32, 
VsrW(i), VsrW(i), 0, 0)
  *   tfld  - target vsr_t field
  */
 #define VSX_CVT_INT_TO_FP_VECTOR(op, stp, ttp, sfld, tfld)  \
-void helper_##op(CPUPPCState *env, uint32_t opcode) \
+void helper_##op(CPUPPCState *env, uint32_t opcode, \
+ ppc_vsr_t *xt, ppc_vsr_t *xb)  \
 {   \
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32]; \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32]; \
 ppc_vsr_t t = *xt;  \
 \
 t.tfld = stp##_to_##ttp(xb->sfld, &env->fp_status); \
@@ -3278,10 +3275,9 @@ void helper_xststdcsp(CPUPPCState *env, uint32_t opcode, 
ppc_vsr_t *xb)
 env->crf[BF(opcode)] = cc;
 }
 
-void helper_xsrqpi(CPUPPCState *env, uint32_t opcode)
+void helper_xsrqpi(CPUPPCState *env, uint32_t opcode,
+   ppc_vsr_t *xt, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = { };
 uint8_t r = Rrm(opcode);
 uint8_t ex = Rc(opcode);
@@ -3336,10 +3332,9 @@ void helper_xsrqpi(CPUPPCState *env, uint32_t opcode)
 *xt = t;
 }
 
-void helper_xsrqpxp(CPUPPCState *env, uint32_t opcode)
+void helper_xsrqpxp(CPUPPCState *env, uint32_t opcode,
+ppc_vsr_t *xt, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = { };
 uint8_t r = Rrm(opcode);
 uint8_t rmc = RMC(opcode);
@@ -3391,10 +3386,9 @@ void helper_xsrqpxp(CPUPPCState *env, uint32_t opcode)
 do_float_check_status(env, GETPC());
 }
 
-void helper_xssqrtqp(CPUPPCState *env, uint32_t opcode)
+void helper_xssqrtqp(CPUPPCState *env, uint32_t opcode,
+ ppc_vsr_t *xt, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = { };
 float_status tstat;
 
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 9134da9cbb..2e0646f5eb 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -402,16 +402,16 @@ DEF_HELPER_5(xsmincdp, void, env, i32, vsr, vsr, vsr)
 DEF_HELPER_5(xsmaxjdp, void, env, i32, 

[Qemu-devel] [PATCH v3 12/15] target/ppc: introduce GEN_VSX_HELPER_R2_AB macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_R2_AB macro which performs the decode based
upon rA and rB at translation time.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 10 --
 target/ppc/helper.h |  6 +++---
 target/ppc/translate/vsx-impl.inc.c | 24 +---
 3 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index cb593517ae..f0a897cb9a 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2452,10 +2452,9 @@ void helper_xscmpexpdp(CPUPPCState *env, uint32_t opcode,
 do_float_check_status(env, GETPC());
 }
 
-void helper_xscmpexpqp(CPUPPCState *env, uint32_t opcode)
+void helper_xscmpexpqp(CPUPPCState *env, uint32_t opcode,
+   ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 int64_t exp_a, exp_b;
 uint32_t cc;
 
@@ -2531,10 +2530,9 @@ VSX_SCALAR_CMP(xscmpodp, 1)
 VSX_SCALAR_CMP(xscmpudp, 0)
 
 #define VSX_SCALAR_CMPQ(op, ordered)\
-void helper_##op(CPUPPCState *env, uint32_t opcode) \
+void helper_##op(CPUPPCState *env, uint32_t opcode, \
+ ppc_vsr_t *xa, ppc_vsr_t *xb)  \
 {   \
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32]; \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32]; \
 uint32_t cc = 0;\
 bool vxsnan_flag = false, vxvc_flag = false;\
 \
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 2e0646f5eb..a5e12a3933 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -390,11 +390,11 @@ DEF_HELPER_4(xscmpgtdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpgedp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpnedp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xscmpexpdp, void, env, i32, vsr, vsr)
-DEF_HELPER_2(xscmpexpqp, void, env, i32)
+DEF_HELPER_4(xscmpexpqp, void, env, i32, vsr, vsr)
 DEF_HELPER_4(xscmpodp, void, env, i32, vsr, vsr)
 DEF_HELPER_4(xscmpudp, void, env, i32, vsr, vsr)
-DEF_HELPER_2(xscmpoqp, void, env, i32)
-DEF_HELPER_2(xscmpuqp, void, env, i32)
+DEF_HELPER_4(xscmpoqp, void, env, i32, vsr, vsr)
+DEF_HELPER_4(xscmpuqp, void, env, i32, vsr, vsr)
 DEF_HELPER_4(xsmaxdp, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xsmindp, void, env, vsr, vsr, vsr)
 DEF_HELPER_5(xsmaxcdp, void, env, i32, vsr, vsr, vsr)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 05db509a0c..5cf053e7f2 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1133,6 +1133,24 @@ static void gen_##name(DisasContext *ctx)
 \
 tcg_temp_free_ptr(xb);\
 }
 
+#define GEN_VSX_HELPER_R2_AB(name, op1, op2, inval, type) \
+static void gen_##name(DisasContext *ctx) \
+{ \
+TCGv_i32 opc; \
+TCGv_ptr xa, xb;  \
+if (unlikely(!ctx->vsx_enabled)) {\
+gen_exception(ctx, POWERPC_EXCP_VSXU);\
+return;   \
+} \
+opc = tcg_const_i32(ctx->opcode); \
+xa = gen_vsr_ptr(rA(ctx->opcode) + 32);   \
+xb = gen_vsr_ptr(rB(ctx->opcode) + 32);   \
+gen_helper_##name(cpu_env, opc, xa, xb);  \
+tcg_temp_free_i32(opc);   \
+tcg_temp_free_ptr(xa);\
+tcg_temp_free_ptr(xb);\
+}
+
 #define GEN_VSX_HELPER_XT_XB_ENV(name, op1, op2, inval, type) \
 static void gen_##name(DisasContext *ctx) \
 { \
@@ -1176,11 +1194,11 @@ GEN_VSX_HELPER_X3(xscmpgtdp, 0x0C, 0x01, 0, PPC2_ISA300)
 GEN_VSX_HELPER_X3(xscmpgedp, 0x0C, 0x02, 0, PPC2_ISA300)
 GEN_VSX_HELPER_X3(xscmpnedp, 0x0C, 0x03, 0, PPC2_ISA300)
 GEN_VSX_HELPER_X2_AB(xscmpexpdp, 0x0C, 0x07, 0, PPC2_ISA300)
-GEN_VSX_HELPER_2(xscmpexpqp, 0x04, 

[Qemu-devel] [PATCH v3 13/15] target/ppc: decode target register in VSX_VECTOR_LOAD_STORE_LENGTH at translation time

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/helper.h |  8 +++
 target/ppc/mem_helper.c |  6 ++---
 target/ppc/translate/vsx-impl.inc.c | 47 +++--
 3 files changed, 30 insertions(+), 31 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index a5e12a3933..7ed9e2 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -279,10 +279,10 @@ DEF_HELPER_3(stvebx, void, env, avr, tl)
 DEF_HELPER_3(stvehx, void, env, avr, tl)
 DEF_HELPER_3(stvewx, void, env, avr, tl)
 #if defined(TARGET_PPC64)
-DEF_HELPER_4(lxvl, void, env, tl, tl, tl)
-DEF_HELPER_4(lxvll, void, env, tl, tl, tl)
-DEF_HELPER_4(stxvl, void, env, tl, tl, tl)
-DEF_HELPER_4(stxvll, void, env, tl, tl, tl)
+DEF_HELPER_4(lxvl, void, env, tl, vsr, tl)
+DEF_HELPER_4(lxvll, void, env, tl, vsr, tl)
+DEF_HELPER_4(stxvl, void, env, tl, vsr, tl)
+DEF_HELPER_4(stxvll, void, env, tl, vsr, tl)
 #endif
 DEF_HELPER_4(vsumsws, void, env, avr, avr, avr)
 DEF_HELPER_4(vsum2sws, void, env, avr, avr, avr)
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 87632ccf53..6f4ffa3661 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -415,9 +415,8 @@ STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
 
 #define VSX_LXVL(name, lj)  \
 void helper_##name(CPUPPCState *env, target_ulong addr, \
-   target_ulong xt_num, target_ulong rb)\
+   ppc_vsr_t *xt, target_ulong rb)  \
 {   \
-ppc_vsr_t *xt = &env->vsr[xt_num];  \
 ppc_vsr_t t;\
 uint64_t nb = GET_NB(rb);   \
 int i;  \
@@ -446,9 +445,8 @@ VSX_LXVL(lxvll, 1)
 
 #define VSX_STXVL(name, lj)   \
 void helper_##name(CPUPPCState *env, target_ulong addr,   \
-   target_ulong xt_num, target_ulong rb)  \
+   ppc_vsr_t *xt, target_ulong rb)\
 { \
-ppc_vsr_t *xt = &env->vsr[xt_num];\
 target_ulong nb = GET_NB(rb); \
 int i;\
   \
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 5cf053e7f2..e853ee1386 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -344,29 +344,30 @@ VSX_VECTOR_STORE(stxv, st_i64, 0)
 VSX_VECTOR_STORE(stxvx, st_i64, 1)
 
 #ifdef TARGET_PPC64
-#define VSX_VECTOR_LOAD_STORE_LENGTH(name)  \
-static void gen_##name(DisasContext *ctx)   \
-{   \
-TCGv EA, xt;\
-\
-if (xT(ctx->opcode) < 32) { \
-if (unlikely(!ctx->vsx_enabled)) {  \
-gen_exception(ctx, POWERPC_EXCP_VSXU);  \
-return; \
-}   \
-} else {\
-if (unlikely(!ctx->altivec_enabled)) {  \
-gen_exception(ctx, POWERPC_EXCP_VPU);   \
-return; \
-}   \
-}   \
-EA = tcg_temp_new();\
-xt = tcg_const_tl(xT(ctx->opcode)); \
-gen_set_access_type(ctx, ACCESS_INT);   \
-gen_addr_register(ctx, EA); \
-gen_helper_##name(cpu_env, EA, xt, cpu_gpr[rB(ctx->opcode)]); \
-tcg_temp_free(EA);  \
-tcg_temp_free(xt);  \
+#define VSX_VECTOR_LOAD_STORE_LENGTH(name) \
+static void gen_##name(DisasContext *ctx)  \
+{  \
+TCGv EA;   \
+TCGv_ptr xt;   \
+   \
+if (xT(ctx->opcode) < 32) {\
+

[Qemu-devel] [PATCH v3 14/15] target/ppc: decode target register in VSX_EXTRACT_INSERT at translation time

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/helper.h |  4 ++--
 target/ppc/int_helper.c | 12 
 target/ppc/translate/vsx-impl.inc.c | 10 +-
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 7ed9e2..3d5150a524 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -534,8 +534,8 @@ DEF_HELPER_3(xvrspip, void, env, vsr, vsr)
 DEF_HELPER_3(xvrspiz, void, env, vsr, vsr)
 DEF_HELPER_4(xxperm, void, env, vsr, vsr, vsr)
 DEF_HELPER_4(xxpermr, void, env, vsr, vsr, vsr)
-DEF_HELPER_4(xxextractuw, void, env, tl, tl, i32)
-DEF_HELPER_4(xxinsertw, void, env, tl, tl, i32)
+DEF_HELPER_4(xxextractuw, void, env, vsr, vsr, i32)
+DEF_HELPER_4(xxinsertw, void, env, vsr, vsr, i32)
 DEF_HELPER_3(xvxsigsp, void, env, vsr, vsr)
 
 DEF_HELPER_2(efscfsi, i32, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 3b8939edcc..5c07ef3e4d 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -1899,11 +1899,9 @@ VEXTRACT(uw, u32)
 VEXTRACT(d, u64)
 #undef VEXTRACT
 
-void helper_xxextractuw(CPUPPCState *env, target_ulong xtn,
-target_ulong xbn, uint32_t index)
+void helper_xxextractuw(CPUPPCState *env, ppc_vsr_t *xt,
+ppc_vsr_t *xb, uint32_t index)
 {
-ppc_vsr_t *xt = &env->vsr[xtn];
-ppc_vsr_t *xb = &env->vsr[xbn];
 ppc_vsr_t t = { };
 size_t es = sizeof(uint32_t);
 uint32_t ext_index;
@@ -1917,11 +1915,9 @@ void helper_xxextractuw(CPUPPCState *env, target_ulong 
xtn,
 *xt = t;
 }
 
-void helper_xxinsertw(CPUPPCState *env, target_ulong xtn,
-  target_ulong xbn, uint32_t index)
+void helper_xxinsertw(CPUPPCState *env, ppc_vsr_t *xt,
+  ppc_vsr_t *xb, uint32_t index)
 {
-ppc_vsr_t *xt = &env->vsr[xtn];
-ppc_vsr_t *xb = &env->vsr[xbn];
 ppc_vsr_t t = *xt;
 size_t es = sizeof(uint32_t);
 int ins_index, i = 0;
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index e853ee1386..7a4b7cb8f9 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -1632,7 +1632,7 @@ static void gen_xxsldwi(DisasContext *ctx)
 #define VSX_EXTRACT_INSERT(name)\
 static void gen_##name(DisasContext *ctx)   \
 {   \
-TCGv xt, xb;\
+TCGv_ptr xt, xb;\
 TCGv_i32 t0;\
 TCGv_i64 t1;\
 uint8_t uimm = UIMM4(ctx->opcode);  \
@@ -1641,8 +1641,8 @@ static void gen_##name(DisasContext *ctx) 
  \
 gen_exception(ctx, POWERPC_EXCP_VSXU);  \
 return; \
 }   \
-xt = tcg_const_tl(xT(ctx->opcode)); \
-xb = tcg_const_tl(xB(ctx->opcode)); \
+xt = gen_vsr_ptr(xT(ctx->opcode));  \
+xb = gen_vsr_ptr(xB(ctx->opcode));  \
 t0 = tcg_temp_new_i32();\
 t1 = tcg_temp_new_i64();\
 /*  \
@@ -1657,8 +1657,8 @@ static void gen_##name(DisasContext *ctx) 
  \
 }   \
 tcg_gen_movi_i32(t0, uimm); \
 gen_helper_##name(cpu_env, xt, xb, t0); \
-tcg_temp_free(xb);  \
-tcg_temp_free(xt);  \
+tcg_temp_free_ptr(xb);  \
+tcg_temp_free_ptr(xt);  \
 tcg_temp_free_i32(t0);  \
 tcg_temp_free_i64(t1);  \
 }
-- 
2.11.0

[Qemu-devel] [PATCH v3 10/15] target/ppc: introduce GEN_VSX_HELPER_R3 macro to fpu_helper.c

[Mark Cave-Ayland]

Rather than perform the VSR register decoding within the helper itself,
introduce a new GEN_VSX_HELPER_R3 macro which performs the decode based
upon rD, rA and rB at translation time.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 36 
 target/ppc/helper.h | 16 
 target/ppc/translate/vsx-impl.inc.c | 36 
 3 files changed, 48 insertions(+), 40 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 5fb43b619e..44970ebec9 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -1842,11 +1842,9 @@ VSX_ADD_SUB(xssubsp, sub, 1, float64, VsrD(0), 1, 1)
 VSX_ADD_SUB(xvsubdp, sub, 2, float64, VsrD(i), 0, 0)
 VSX_ADD_SUB(xvsubsp, sub, 4, float32, VsrW(i), 0, 0)
 
-void helper_xsaddqp(CPUPPCState *env, uint32_t opcode)
+void helper_xsaddqp(CPUPPCState *env, uint32_t opcode,
+ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = *xt;
 float_status tstat;
 
@@ -1920,11 +1918,9 @@ VSX_MUL(xsmulsp, 1, float64, VsrD(0), 1, 1)
 VSX_MUL(xvmuldp, 2, float64, VsrD(i), 0, 0)
 VSX_MUL(xvmulsp, 4, float32, VsrW(i), 0, 0)
 
-void helper_xsmulqp(CPUPPCState *env, uint32_t opcode)
+void helper_xsmulqp(CPUPPCState *env, uint32_t opcode,
+ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = *xt;
 float_status tstat;
 
@@ -1999,11 +1995,9 @@ VSX_DIV(xsdivsp, 1, float64, VsrD(0), 1, 1)
 VSX_DIV(xvdivdp, 2, float64, VsrD(i), 0, 0)
 VSX_DIV(xvdivsp, 4, float32, VsrW(i), 0, 0)
 
-void helper_xsdivqp(CPUPPCState *env, uint32_t opcode)
+void helper_xsdivqp(CPUPPCState *env, uint32_t opcode,
+ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = *xt;
 float_status tstat;
 
@@ -2620,11 +2614,9 @@ VSX_MAX_MIN(xvmindp, minnum, 2, float64, VsrD(i))
 VSX_MAX_MIN(xvminsp, minnum, 4, float32, VsrW(i))
 
 #define VSX_MAX_MINC(name, max)   \
-void helper_##name(CPUPPCState *env, uint32_t opcode) \
+void helper_##name(CPUPPCState *env, uint32_t opcode, \
+   ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)   \
 { \
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];   \
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];   \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];   \
 ppc_vsr_t t = *xt;\
 bool vxsnan_flag = false, vex_flag = false;   \
   \
@@ -2657,11 +2649,9 @@ VSX_MAX_MINC(xsmaxcdp, 1);
 VSX_MAX_MINC(xsmincdp, 0);
 
 #define VSX_MAX_MINJ(name, max)   \
-void helper_##name(CPUPPCState *env, uint32_t opcode) \
+void helper_##name(CPUPPCState *env, uint32_t opcode, \
+   ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)   \
 { \
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];   \
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];   \
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];   \
 ppc_vsr_t t = *xt;\
 bool vxsnan_flag = false, vex_flag = false;   \
   \
@@ -3436,11 +3426,9 @@ void helper_xssqrtqp(CPUPPCState *env, uint32_t opcode)
 do_float_check_status(env, GETPC());
 }
 
-void helper_xssubqp(CPUPPCState *env, uint32_t opcode)
+void helper_xssubqp(CPUPPCState *env, uint32_t opcode,
+ppc_vsr_t *xt, ppc_vsr_t *xa, ppc_vsr_t *xb)
 {
-ppc_vsr_t *xt = &env->vsr[rD(opcode) + 32];
-ppc_vsr_t *xa = &env->vsr[rA(opcode) + 32];
-ppc_vsr_t *xb = &env->vsr[rB(opcode) + 32];
 ppc_vsr_t t = *xt;
 float_status tstat;
 
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index a8886c56ad..9134da9cbb 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -366,12 +366,12 @@ DEF_HELPER_4(bcdt

[Qemu-devel] [PATCH v3 15/15] target/ppc: improve VSX_FMADD with new GEN_VSX_HELPER_VSX_MADD macro

[Mark Cave-Ayland]

Introduce a new GEN_VSX_HELPER_VSX_MADD macro for the generator function which
enables the source and destination registers to be decoded at translation time.

This enables the determination of a or m form to be made at translation time so
that a single helper function can now be used for both variants.

Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Richard Henderson 
---
 target/ppc/fpu_helper.c | 68 ++-
 target/ppc/helper.h | 48 --
 target/ppc/translate/vsx-impl.inc.c | 81 +
 target/ppc/translate/vsx-ops.inc.c  | 70 +---
 4 files changed, 122 insertions(+), 145 deletions(-)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index f0a897cb9a..f437c88aad 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -2280,24 +2280,15 @@ VSX_TSQRT(xvtsqrtsp, 4, float32, VsrW(i), -126, 23)
  *   fld   - vsr_t field (VsrD(*) or VsrW(*))
  *   maddflgs - flags for the float*muladd routine that control the
  *   various forms (madd, msub, nmadd, nmsub)
- *   afrm  - A form (1=A, 0=M)
  *   sfprf - set FPRF
  */
-#define VSX_MADD(op, nels, tp, fld, maddflgs, afrm, sfprf, r2sp)  \
+#define VSX_MADD(op, nels, tp, fld, maddflgs, sfprf, r2sp)\
 void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, \
- ppc_vsr_t *xa, ppc_vsr_t *xb)\
+ ppc_vsr_t *xa, ppc_vsr_t *b, ppc_vsr_t *c)   \
 { \
-ppc_vsr_t t = *xt, *b, *c;\
+ppc_vsr_t t = *xt;\
 int i;\
   \
-if (afrm) { /* AxB + T */ \
-b = xb;   \
-c = xt;   \
-} else { /* AxT + B */\
-b = xt;   \
-c = xb;   \
-} \
-  \
 helper_reset_fpstatus(env);   \
   \
 for (i = 0; i < nels; i++) {  \
@@ -2336,41 +2327,24 @@ void helper_##op(CPUPPCState *env, ppc_vsr_t *xt,   
  \
 do_float_check_status(env, GETPC());  \
 }
 
-VSX_MADD(xsmaddadp, 1, float64, VsrD(0), MADD_FLGS, 1, 1, 0)
-VSX_MADD(xsmaddmdp, 1, float64, VsrD(0), MADD_FLGS, 0, 1, 0)
-VSX_MADD(xsmsubadp, 1, float64, VsrD(0), MSUB_FLGS, 1, 1, 0)
-VSX_MADD(xsmsubmdp, 1, float64, VsrD(0), MSUB_FLGS, 0, 1, 0)
-VSX_MADD(xsnmaddadp, 1, float64, VsrD(0), NMADD_FLGS, 1, 1, 0)
-VSX_MADD(xsnmaddmdp, 1, float64, VsrD(0), NMADD_FLGS, 0, 1, 0)
-VSX_MADD(xsnmsubadp, 1, float64, VsrD(0), NMSUB_FLGS, 1, 1, 0)
-VSX_MADD(xsnmsubmdp, 1, float64, VsrD(0), NMSUB_FLGS, 0, 1, 0)
-
-VSX_MADD(xsmaddasp, 1, float64, VsrD(0), MADD_FLGS, 1, 1, 1)
-VSX_MADD(xsmaddmsp, 1, float64, VsrD(0), MADD_FLGS, 0, 1, 1)
-VSX_MADD(xsmsubasp, 1, float64, VsrD(0), MSUB_FLGS, 1, 1, 1)
-VSX_MADD(xsmsubmsp, 1, float64, VsrD(0), MSUB_FLGS, 0, 1, 1)
-VSX_MADD(xsnmaddasp, 1, float64, VsrD(0), NMADD_FLGS, 1, 1, 1)
-VSX_MADD(xsnmaddmsp, 1, float64, VsrD(0), NMADD_FLGS, 0, 1, 1)
-VSX_MADD(xsnmsubasp, 1, float64, VsrD(0), NMSUB_FLGS, 1, 1, 1)
-VSX_MADD(xsnmsubmsp, 1, float64, VsrD(0), NMSUB_FLGS, 0, 1, 1)
-
-VSX_MADD(xvmaddadp, 2, float64, VsrD(i), MADD_FLGS, 1, 0, 0)
-VSX_MADD(xvmaddmdp, 2, float64, VsrD(i), MADD_FLGS, 0, 0, 0)
-VSX_MADD(xvmsubadp, 2, float64, VsrD(i), MSUB_FLGS, 1, 0, 0)
-VSX_MADD(xvmsubmdp, 2, float64, VsrD(i), MSUB_FLGS, 0, 0, 0)
-VSX_MADD(xvnmaddadp, 2, float64, VsrD(i), NMADD_FLGS, 1, 0, 0)
-VSX_MADD(xvnmaddmdp, 2, float64, VsrD(i), NMADD_FLGS, 0, 0, 0)
-VSX_MADD(xvnmsubadp, 2, float64, VsrD(i), NMSUB_FLGS, 1, 0, 0)
-VSX_MADD(xvnmsubmdp, 2, float64, VsrD(i), NMSUB_FLGS, 0, 0, 0)
-
-VSX_MADD(xvmaddasp, 4, float32, VsrW(i), MADD_FLGS, 1, 0, 0)
-VSX_MADD(xvmaddmsp, 4, float32, VsrW(i), MADD_FLGS, 0, 0, 0)
-VSX_MADD(xvmsubasp, 4, float32, VsrW(i), MSUB_FLGS, 1, 0, 0)
-VSX_MADD(xvmsubmsp, 4, float32, VsrW(i), MSUB_FLGS, 0, 0, 0)
-VSX_MADD(xvnmaddasp, 4, float32, VsrW(i), NMADD_FLGS, 1, 0, 0)
-VSX_MADD(xvnmaddmsp, 4, float32, VsrW(i), NMADD_FLGS, 0, 0, 0)
-VSX_MADD(xvnmsubasp, 4

Re: [Qemu-devel] [PATCH v3 00/15] target/ppc: remove getVSR()/putVSR() and further tidy-up

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616123751.781-1-mark.cave-ayl...@ilande.co.uk/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v3 00/15] target/ppc: remove getVSR()/putVSR() and 
further tidy-up
Type: series
Message-id: 20190616123751.781-1-mark.cave-ayl...@ilande.co.uk

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20190616123751.781-1-mark.cave-ayl...@ilande.co.uk -> 
patchew/20190616123751.781-1-mark.cave-ayl...@ilande.co.uk
Switched to a new branch 'test'
cf215f0211 target/ppc: improve VSX_FMADD with new GEN_VSX_HELPER_VSX_MADD macro
6181c072c0 target/ppc: decode target register in VSX_EXTRACT_INSERT at 
translation time
172bdc4e29 target/ppc: decode target register in VSX_VECTOR_LOAD_STORE_LENGTH 
at translation time
14ca2eedff target/ppc: introduce GEN_VSX_HELPER_R2_AB macro to fpu_helper.c
e2c44f0799 target/ppc: introduce GEN_VSX_HELPER_R2 macro to fpu_helper.c
2f79ed9a9a target/ppc: introduce GEN_VSX_HELPER_R3 macro to fpu_helper.c
17abdcb489 target/ppc: introduce GEN_VSX_HELPER_X1 macro to fpu_helper.c
2090258624 target/ppc: introduce GEN_VSX_HELPER_X2_AB macro to fpu_helper.c
0195869440 target/ppc: introduce GEN_VSX_HELPER_X2 macro to fpu_helper.c
dacf650f62 target/ppc: introduce separate generator and helper for xscvqpdp
8274d1ddd3 target/ppc: introduce GEN_VSX_HELPER_X3 macro to fpu_helper.c
25605f2cb6 target/ppc: introduce separate VSX_CMP macro for xvcmp* instructions
b87783ade3 target/ppc: remove getVSR()/putVSR() from int_helper.c
27f85ba7f7 target/ppc: remove getVSR()/putVSR() from mem_helper.c
c11cf2467d target/ppc: remove getVSR()/putVSR() from fpu_helper.c

=== OUTPUT BEGIN ===
1/15 Checking commit c11cf2467d33 (target/ppc: remove getVSR()/putVSR() from 
fpu_helper.c)
2/15 Checking commit 27f85ba7f7ce (target/ppc: remove getVSR()/putVSR() from 
mem_helper.c)
3/15 Checking commit b87783ade3f7 (target/ppc: remove getVSR()/putVSR() from 
int_helper.c)
4/15 Checking commit 25605f2cb6af (target/ppc: introduce separate VSX_CMP macro 
for xvcmp* instructions)
5/15 Checking commit 8274d1ddd37f (target/ppc: introduce GEN_VSX_HELPER_X3 
macro to fpu_helper.c)
6/15 Checking commit dacf650f62e2 (target/ppc: introduce separate generator and 
helper for xscvqpdp)
7/15 Checking commit 0195869440db (target/ppc: introduce GEN_VSX_HELPER_X2 
macro to fpu_helper.c)
8/15 Checking commit 209025862401 (target/ppc: introduce GEN_VSX_HELPER_X2_AB 
macro to fpu_helper.c)
9/15 Checking commit 17abdcb48935 (target/ppc: introduce GEN_VSX_HELPER_X1 
macro to fpu_helper.c)
10/15 Checking commit 2f79ed9a9aff (target/ppc: introduce GEN_VSX_HELPER_R3 
macro to fpu_helper.c)
11/15 Checking commit e2c44f079928 (target/ppc: introduce GEN_VSX_HELPER_R2 
macro to fpu_helper.c)
12/15 Checking commit 14ca2eedff9c (target/ppc: introduce GEN_VSX_HELPER_R2_AB 
macro to fpu_helper.c)
13/15 Checking commit 172bdc4e2952 (target/ppc: decode target register in 
VSX_VECTOR_LOAD_STORE_LENGTH at translation time)
14/15 Checking commit 6181c072c009 (target/ppc: decode target register in 
VSX_EXTRACT_INSERT at translation time)
15/15 Checking commit cf215f0211f2 (target/ppc: improve VSX_FMADD with new 
GEN_VSX_HELPER_VSX_MADD macro)
WARNING: Block comments use a leading /* on a separate line
#279: FILE: target/ppc/translate/vsx-impl.inc.c:1312:
+/*\

WARNING: Block comments use a leading /* on a separate line
#285: FILE: target/ppc/translate/vsx-impl.inc.c:1318:
+/*\

ERROR: Macros with complex values should be enclosed in parenthesis
#326: FILE: target/ppc/translate/vsx-ops.inc.c:66:
+#define GEN_XX3FORM_NAME(name, opcname, opc2, opc3, fl2)   \
+GEN_HANDLER2_E(name, opcname, 0x3C, opc2 | 0, opc3, 0, PPC_NONE, fl2), \
+GEN_HANDLER2_E(name, opcname, 0x3C, opc2 | 1, opc3, 0, PPC_NONE, fl2), \
+GEN_HANDLER2_E(name, opcname, 0x3C, opc2 | 2, opc3, 0, PPC_NONE, fl2), \
+GEN_HANDLER2_E(name, opcname, 0x3C, opc2 | 3, opc3, 0, PPC_NONE, fl2)

total: 1 errors, 2 warnings, 377 lines checked

Patch 15/15 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190616123751.781-1-mark.cave-ayl...@ilande.co.uk/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] Mapping of the guests user and kernel pages to host memory

[Dimitris Karnikis]

Hello,
I am interested in understanding on how QEMU maps the user and kernel
pages of a guest OS to the host OS memory (working on 3.1.0 but any 
version is acceptable with target x86-64 arch).
Since QEMU runs on user space, these pages will be also mapped on the 
user space of the host machine. So my question here is, where do the 
allocations take place, and in which place of the source code I could 
find the mapping.


Thank you for your time,
Dimitris

[Qemu-devel] [PATCH 1/6] m68k cpu instantiation comments improvements

[Lucien Murray-Pitts]

Improvement in comments for the instantiation functions.
This is to highlight what each cpu class, in the 68000 series, contains
in terms of instructions/features.

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/cpu.c | 47 +++
 target/m68k/cpu.h | 40 +---
 2 files changed, 72 insertions(+), 15 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index c144278661..cc770a8042 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -104,6 +104,10 @@ static void m5206_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_CF_ISA_A);
 }
 
+
+/*
+ * Base feature set, including isns. for m68k family
+ */
 static void m68000_cpu_initfn(Object *obj)
 {
 M68kCPU *cpu = M68K_CPU(obj);
@@ -115,6 +119,12 @@ static void m68000_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
 
+/*
+ * Adds BFCHG, BFCLR, BFEXTS, BFEXTU, BFFFO, BFINS, BFSET, BFTST, CAS, CAS2,
+ *  CHK2, CMP2, DIVSL, DIVUL, EXTB, PACK, TRAPcc, UNPK.
+ *
+ * 68020/30 Only:CALLM, cpBcc, cpDBcc, cpGEN, cpRESTORE, cpSAVE, cpScc, 
cpTRAPcc
+ */
 static void m68020_cpu_initfn(Object *obj)
 {
 M68kCPU *cpu = M68K_CPU(obj);
@@ -137,8 +147,34 @@ static void m68020_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_CHK2);
 m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
+
+/*
+ * Adds: PFLUSH (*5)
+ * 68030 Only: PFLUSHA (*5), PLOAD (*5), PMOVE
+ * 68030/40 Only: PTEST
+ *
+ * NOTES:
+ *  5. Not valid on MC68EC030
+ */
 #define m68030_cpu_initfn m68020_cpu_initfn
 
+/*
+ * Adds: CINV, CPUSH
+ * Adds all with Note *2: FABS, FSABS, FDABS, FADD, FSADD, FDADD, FBcc, FCMP,
+ *FDBcc, FDIV, FSDIV, FDDIV, FMOVE, FSMOVE, FDMOVE,
+ *FMOVEM, FMUL, FSMUL, FDMUL, FNEG, FSNEG, FDNEG, FNOP,
+ *FRESTORE, FSAVE, FScc, FSQRT, FSSQRT, FDSQRT, FSUB,
+ *FSSUB, FDSUB, FTRAPcc, FTST
+ *
+ * Adds with Notes *2, and *3: FACOS, FASIN, FATAN, FATANH, FCOS, FCOSH, FETOX,
+ * FETOXM, FGETEXP, FGETMAN, FINT, FINTRZ, FLOG10,
+ * FLOG2, FLOGN, FLOGNP1, FMOD, FMOVECR, FREM,
+ * FSCALE, FSGLDIV, FSGLMUL, FSIN, FSINCOS, FSINH,
+ * FTAN, FTANH, FTENTOX, FTWOTOX
+ * NOTES:
+ * 2. Not applicable to the MC68EC040, MC68LC040, MC68EC060, and MC68LC060.
+ * 3. These are software-supported instructions on the MC68040 and MC68060.
+ */
 static void m68040_cpu_initfn(Object *obj)
 {
 M68kCPU *cpu = M68K_CPU(obj);
@@ -148,6 +184,17 @@ static void m68040_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_M68040);
 }
 
+/*
+ * Adds: PLPA
+ * Adds all with Note *2: CAS, CAS2, MULS, MULU, CHK2, CMP2, DIVS, DIVU
+ * All F instructions are as per m68040 with exception to; FMOVEM NOTE3
+ *
+ * Does NOT implement MOVEP
+ *
+ * NOTES:
+ * 2. Not applicable to the MC68EC040, MC68LC040, MC68EC060, and MC68LC060.
+ * 3. These are software-supported instructions on the MC68040 and MC68060.
+ */
 static void m68060_cpu_initfn(Object *obj)
 {
 M68kCPU *cpu = M68K_CPU(obj);
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 3c4d7de017..b5b3db01c9 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -468,36 +468,46 @@ void m68k_switch_sp(CPUM68KState *env);
 void do_m68k_semihosting(CPUM68KState *env, int nr);
 
 /*
+ * The 68000 family is defined in six main CPU classes, the 680[012346]0.
+ * Generally each successive CPU adds enhanced data/stack/instructions.
+ * However, some features are only common to one, or a few classes.
+ * The features covers those subsets of instructons.
+ *
+ * CPU32/32+ are basically 680010 compatible with some 68020 class instructons,
+ * and some additional CPU32 instructions. Mostly Supervisor state differences.
+ *
+ * The ColdFire core ISA is a RISC-style reduction of the 68000 series cpu.
  * There are 4 ColdFire core ISA revisions: A, A+, B and C.
  * Each feature covers the subset of instructions common to the
  * ISA revisions mentioned.
  */
 
 enum m68k_features {
-M68K_FEATURE_M68000,
-M68K_FEATURE_CF_ISA_A,
+M68K_FEATURE_M68000,   /* Base m68k instruction set */
+M68K_FEATURE_M68040,   /* Additional insn. specific to MC68040 */
+M68K_FEATURE_CF_ISA_A, /* Base Coldfire set Rev A. */
 M68K_FEATURE_CF_ISA_B, /* (ISA B or C).  */
 M68K_FEATURE_CF_ISA_APLUSC, /* BIT/BITREV, FF1, STRLDSR (ISA A+ or C).  */
-M68K_FEATURE_BRAL, /* Long unconditional branch.  (ISA A+ or B).  */
+M68K_FEATURE_BRAL, /* BRA with Long branch.  (680[2346]0, ISA A+ or B). */
 M68K_FEATURE_CF_FPU,
 M68K_FEATURE_CF_MAC,
 M68K_FEATURE_CF_EMAC,
 M68K_FEATURE_CF_EMAC_B, /* Revision B EMAC (dual accumulate).  */
-M68K_FEATURE_USP, /* User Stack Pointer.  (ISA A+, B or C).  */
+M68K_FEATURE_USP, /* User Stack Pointer. (680[012346]0, ISA A+, B or C).*/
+M68K_FEATU

[Qemu-devel] [PATCH 0/6] target/m68k: Overhaul of MOVEC instruction to support exception/MSP

[Lucien Murray-Pitts]

The 68000 does not support the MOVEC instruction, it was added with the 68010.
A new 68010 CPU class was created, and the MOVEC instruction moved to that 
class.

Futher on the 68010, 68060 and CPU32 the ISP doesnt exist.
These CPUs only have SSP/USP.
(NOTE: ColdFire has a different MOVEC helper, this hasnt been touched.)

Unsupported contrl registers (CR) generate a cpu abort, this has been fixed to
correctly generate an ILLEGAL INSTRUCTION exception.

On supporting CPUs the SR register also implements a single bit,  the "M"
(master-mode) bit that determines which of the ISP/MSP is active at the time.
A fix was enetered to support this behavior, with an MSP feature being greated.


Brief overview;
 - Added "CPU class" m68k_feature to each CPU init
   so MOVEC can detect wrong CR (Control Register) access
 - Added cascaded "inheritance" of m68k_features by calling m680xx_cpu_initfn()
   of previous CPU so that 68060 inherits 68040, and so on
 - Added comments above m680xx_cpu_initfn to identify additional supported
   features for that CPU class
 - Added more detailed comments, including CPU classes supported,
   to enum m68k_features
 - Added more detailed comments to each case of m68k_move_to/from helpers
   to list the supported CPUs for that CR
 - Added CPU class detection for each CR type, exits switch if unsupported
 - Added ILLEGAL INSTRUCITON exception condition when the helper fails to
   decode the CR
 - Moved abort only to handle unimplemented control registers,
   all other unknown CR will cause ILLEGAL instruciton
 - Fixed m68k_switch_sp so it switches only if MSP feature is implemented
 - Changed the MOVEC instruction in translate to be 68010 not 68000
 - Added missing BUSCR/PCR CR defines, and decodes for helpers for the 68060

Long overview;

MOVEC EXCEPTIONS
===
Because the MOVEC MSP support results in an illegal instruction exception
if the wrong Control Register is accessed then it was necessary to
know the CPU class in the MOVEC instruction (or a less wider method
would be to only check for MOVEC support).

A broader approach was taken to allow any unsupported CR to generate
exceptions.

To do this a sizable overhaul of the CPU initialize funcitons was needed
to add a feature showing the CPU class.

So in the CPU classes the m680XX_cpu_initfn functions have been rearranged
to cascade starting from the base 68000, so that the 68010 then inherits
from this, and so on until the 68060.

Because each cpu class inherits the previous CPU class, then for example
the 68020 also has the feature 68010, and 68000 and so on upto the 68060.

To do this the patch adds classes for each CPU family 680[012346] so that
illegal access to specific control registers can be checked.

The helpers m68k_movec_to, and m68k_movec_from have been updated to support
the exception ILLEGAL INSTRUCTION for all control registers that
are illegal per CPU class, and for any unkown control register.

All other cases will result in an ILLEGAL INSTRUCTION exception as per the
manual. (rather than the abort it used to trigger)


EXTENDED SUPPORT FOR MISSING CONTROL REGISTERS
===
Added defines for BUS, and Processor Configuration Register (PCR) for MC68060,
and case statements in the helper for the missing Cache Address Register (CAAR),
and the new BUS, and PCR which results in a cpu abort (unimplemented error)
which doesnt change the behavior for these registers.


SR "M" bit
===
The stack swapper helper was fixed to correctly check if the CPU has the MSP,
otherwise defaulting to the ISP always.


COMMENTS
===
Additional comments added to the features set to claify
exactly what differentiates each cpu class.  (m68k_features)

Added some more detailed comments to each cpu initialization function
to make it clear the instructions added/changed for that CPU to make
future debugging easier, and the reason for the feature flags more clear.

These comments could go deeper into explaining supported/ehnaced modes,
but this wasnt done in this patch.

There are comments in the existing code referring to the EC/L/and-so-on
classes, however no code has been implemented to handle these specific
varitations of each CPU class, and so no m68k_feature was mde to
distinguish them that way.



Notes:
Splitting of original patch for clarity as requested by Laurent

Patch: 20190609164349.GA60211@localhost.localdomain
([PATCH v2] Incorrect Stack Pointer shadow register support on some m68k 
CPUs)
  v1->v2
- Submitted previous patch to fix existing non-compliant comment style 
- Added a comment about sp in CPUM68KState structure
- updated movec in the same patch to issue exception
- Reworked code in m68k

[Qemu-devel] [PATCH 2/6] Cascade m68k_features by m680xx_cpu_initfn() to improve readability

[Lucien Murray-Pitts]

The m680XX_cpu_initfn functions have been rearranged to cascade starting from
the base 68000, so that the 68010 then inherits from this, and so on until the
68060.

This makes it simpler to track features since in most cases the m68k were
product enhancements on each other, with only a few instructions being retired.

Because each cpu class inherits the previous CPU class, then for example
the 68020 also has the feature 68010, and 68000 and so on upto the 68060.

- Added 68010 cpu class, and moved correct features into 68000/68010.
- Added m68k_unset_feature to allow removing a feature in the inheritence
- Created real m68030_cpu_initfn to replace the macro define
  for more obvious calling/future expansion

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/cpu.c | 58 +--
 1 file changed, 36 insertions(+), 22 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index cc770a8042..f3246d6e72 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -42,6 +42,11 @@ static void m68k_set_feature(CPUM68KState *env, int feature)
 env->features |= (1u << feature);
 }
 
+static void m68k_unset_feature(CPUM68KState *env, int feature)
+{
+env->features &= (-1u - (1u << feature));
+}
+
 /* CPUClass::reset() */
 static void m68k_cpu_reset(CPUState *s)
 {
@@ -119,6 +124,21 @@ static void m68000_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
 
+
+/*
+ * Adds BKPT, MOVE-from-SR *now priv instr, and MOVEC, MOVES, RTD
+ */
+static void m68010_cpu_initfn(Object *obj)
+{
+M68kCPU *cpu = M68K_CPU(obj);
+CPUM68KState *env = &cpu->env;
+
+m68000_cpu_initfn(obj);
+m68k_set_feature(env, M68K_FEATURE_RTD);
+m68k_set_feature(env, M68K_FEATURE_BKPT);
+}
+
+
 /*
  * Adds BFCHG, BFCLR, BFEXTS, BFEXTU, BFFFO, BFINS, BFSET, BFTST, CAS, CAS2,
  *  CHK2, CMP2, DIVSL, DIVUL, EXTB, PACK, TRAPcc, UNPK.
@@ -130,9 +150,7 @@ static void m68020_cpu_initfn(Object *obj)
 M68kCPU *cpu = M68K_CPU(obj);
 CPUM68KState *env = &cpu->env;
 
-m68k_set_feature(env, M68K_FEATURE_M68000);
-m68k_set_feature(env, M68K_FEATURE_USP);
-m68k_set_feature(env, M68K_FEATURE_WORD_INDEX);
+m68010_cpu_initfn(obj);
 m68k_set_feature(env, M68K_FEATURE_QUAD_MULDIV);
 m68k_set_feature(env, M68K_FEATURE_BRAL);
 m68k_set_feature(env, M68K_FEATURE_BCCL);
@@ -142,10 +160,7 @@ static void m68020_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_LONG_MULDIV);
 m68k_set_feature(env, M68K_FEATURE_FPU);
 m68k_set_feature(env, M68K_FEATURE_CAS);
-m68k_set_feature(env, M68K_FEATURE_BKPT);
-m68k_set_feature(env, M68K_FEATURE_RTD);
 m68k_set_feature(env, M68K_FEATURE_CHK2);
-m68k_set_feature(env, M68K_FEATURE_MOVEP);
 }
 
 /*
@@ -156,7 +171,14 @@ static void m68020_cpu_initfn(Object *obj)
  * NOTES:
  *  5. Not valid on MC68EC030
  */
-#define m68030_cpu_initfn m68020_cpu_initfn
+static void m68030_cpu_initfn(Object *obj)
+{
+M68kCPU *cpu = M68K_CPU(obj);
+CPUM68KState *env = &cpu->env;
+
+m68020_cpu_initfn(obj);
+}
+
 
 /*
  * Adds: CINV, CPUSH
@@ -180,7 +202,7 @@ static void m68040_cpu_initfn(Object *obj)
 M68kCPU *cpu = M68K_CPU(obj);
 CPUM68KState *env = &cpu->env;
 
-m68020_cpu_initfn(obj);
+m68030_cpu_initfn(obj);
 m68k_set_feature(env, M68K_FEATURE_M68040);
 }
 
@@ -200,20 +222,11 @@ static void m68060_cpu_initfn(Object *obj)
 M68kCPU *cpu = M68K_CPU(obj);
 CPUM68KState *env = &cpu->env;
 
-m68k_set_feature(env, M68K_FEATURE_M68000);
-m68k_set_feature(env, M68K_FEATURE_USP);
-m68k_set_feature(env, M68K_FEATURE_WORD_INDEX);
-m68k_set_feature(env, M68K_FEATURE_BRAL);
-m68k_set_feature(env, M68K_FEATURE_BCCL);
-m68k_set_feature(env, M68K_FEATURE_BITFIELD);
-m68k_set_feature(env, M68K_FEATURE_EXT_FULL);
-m68k_set_feature(env, M68K_FEATURE_SCALED_INDEX);
-m68k_set_feature(env, M68K_FEATURE_LONG_MULDIV);
-m68k_set_feature(env, M68K_FEATURE_FPU);
-m68k_set_feature(env, M68K_FEATURE_CAS);
-m68k_set_feature(env, M68K_FEATURE_BKPT);
-m68k_set_feature(env, M68K_FEATURE_RTD);
-m68k_set_feature(env, M68K_FEATURE_CHK2);
+m68040_cpu_initfn(obj);
+m68k_unset_feature(env, M68K_FEATURE_MOVEP);
+
+/* Implemented as a software feature */
+m68k_unset_feature(env, M68K_FEATURE_QUAD_MULDIV);
 }
 
 static void m5208_cpu_initfn(Object *obj)
@@ -350,6 +363,7 @@ static const TypeInfo m68k_cpus_type_infos[] = {
 .class_init = m68k_cpu_class_init,
 },
 DEFINE_M68K_CPU_TYPE("m68000", m68000_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m68010", m68010_cpu_initfn),
 DEFINE_M68K_CPU_TYPE("m68020", m68020_cpu_initfn),
 DEFINE_M68K_CPU_TYPE("m68030", m68030_cpu_initfn),
 DEFINE_M68K_CPU_TYPE("m68040", m68040_cpu_initfn),
-- 
2.21.0

[Qemu-devel] [PATCH 5/6] MOVEC insn. doesnt generate exception if wrong CR is accessed

[Lucien Murray-Pitts]

Added "CPU class" m68k_feature to each CPU init func so MOVEC can detect wrong
CR (Control Register) access.

Added CPU class detection for each CR type in the m68k_move_to/from helpers,
so that it throws and exception if an unsupported register is requested
for that CPU class.

Reclassified MOVEC insn. as only supported in 68010.

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/cpu.c   |   3 +
 target/m68k/cpu.h   |   4 +
 target/m68k/helper.c| 192 ++--
 target/m68k/translate.c |   2 +-
 4 files changed, 155 insertions(+), 46 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index f3246d6e72..50260de97d 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -134,6 +134,7 @@ static void m68010_cpu_initfn(Object *obj)
 CPUM68KState *env = &cpu->env;
 
 m68000_cpu_initfn(obj);
+m68k_set_feature(env, M68K_FEATURE_M68010);
 m68k_set_feature(env, M68K_FEATURE_RTD);
 m68k_set_feature(env, M68K_FEATURE_BKPT);
 }
@@ -151,6 +152,7 @@ static void m68020_cpu_initfn(Object *obj)
 CPUM68KState *env = &cpu->env;
 
 m68010_cpu_initfn(obj);
+m68k_set_feature(env, M68K_FEATURE_M68020);
 m68k_set_feature(env, M68K_FEATURE_QUAD_MULDIV);
 m68k_set_feature(env, M68K_FEATURE_BRAL);
 m68k_set_feature(env, M68K_FEATURE_BCCL);
@@ -177,6 +179,7 @@ static void m68030_cpu_initfn(Object *obj)
 CPUM68KState *env = &cpu->env;
 
 m68020_cpu_initfn(obj);
+m68k_set_feature(env, M68K_FEATURE_M68030);
 }
 
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 2386419c42..86ba19f779 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -488,7 +488,11 @@ void do_m68k_semihosting(CPUM68KState *env, int nr);
 
 enum m68k_features {
 M68K_FEATURE_M68000,   /* Base m68k instruction set */
+M68K_FEATURE_M68010,   /* Additional insn. specific to MC68010 */
+M68K_FEATURE_M68020,   /* Additional insn. specific to MC68020 */
+M68K_FEATURE_M68030,   /* Additional insn. specific to MC68030 */
 M68K_FEATURE_M68040,   /* Additional insn. specific to MC68040 */
+M68K_FEATURE_M68060,   /* Additional insn. specific to MC68060 */
 M68K_FEATURE_CF_ISA_A, /* Base Coldfire set Rev A. */
 M68K_FEATURE_CF_ISA_B, /* (ISA B or C).  */
 M68K_FEATURE_CF_ISA_APLUSC, /* BIT/BITREV, FF1, STRLDSR (ISA A+ or C).  */
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 47b352c9c9..119fc3af2b 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -192,6 +192,16 @@ void HELPER(cf_movec_to)(CPUM68KState *env, uint32_t reg, 
uint32_t val)
 }
 }
 
+
+
+static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
+{
+CPUState *cs = CPU(m68k_env_get_cpu(env));
+
+cs->exception_index = tt;
+cpu_loop_exit_restore(cs, raddr);
+}
+
 void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t reg, uint32_t val)
 {
 M68kCPU *cpu = m68k_env_get_cpu(env);
@@ -211,52 +221,96 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 return;
 /* MC680[2346]0 */
 case M68K_CR_CACR:
-env->cacr = val;
-m68k_switch_sp(env);
-return;
+if (m68k_feature(env, M68K_FEATURE_M68020)
+ || m68k_feature(env, M68K_FEATURE_M68030)
+ || m68k_feature(env, M68K_FEATURE_M68040)
+ || m68k_feature(env, M68K_FEATURE_M68060)) {
+env->cacr = val;
+m68k_switch_sp(env);
+return;
+}
+break;
 /* MC680[46]0 */
 case M68K_CR_TC:
-env->mmu.tcr = val;
-return;
+if (m68k_feature(env, M68K_FEATURE_M68040)
+ || m68k_feature(env, M68K_FEATURE_M68060)) {
+env->mmu.tcr = val;
+return;
+}
+break;
 /* MC680[4]0 */
 case M68K_CR_MMUSR:
-env->mmu.mmusr = val;
-return;
+if (m68k_feature(env, M68K_FEATURE_M68040)) {
+env->mmu.mmusr = val;
+return;
+}
+break;
 /* MC680[46]0 */
 case M68K_CR_SRP:
-env->mmu.srp = val;
-return;
-case M68K_CR_URP:
-env->mmu.urp = val;
-return;
+if (m68k_feature(env, M68K_FEATURE_M68040)
+ || m68k_feature(env, M68K_FEATURE_M68060)) {
+env->mmu.srp = val;
+return;
+}
+break;
 /* MC680[46]0 */
+case M68K_CR_URP:
+if (m68k_feature(env, M68K_FEATURE_M68040)
+ || m68k_feature(env, M68K_FEATURE_M68060)) {
+env->mmu.urp = val;
+return;
+}
+break;
+/* MC680[12346]0 */
 case M68K_CR_USP:
 env->sp[M68K_USP] = val;
 return;
 /* MC680[234]0 */
 case M68K_CR_MSP:
-env->sp[M68K_SSP] = val;
-return;
+if (m68k_feature(env, M68K_FEATURE_M68020)
+ || m68k_feature(env, M68K_FEATURE_M68030)
+ || m68k_feature(env, M68K_FEATURE_M68040)) {
+env->sp[M68K_SSP] = val;
+ret

[Qemu-devel] [PATCH 3/6] Improved comments on m68k_move_to/from helpers

[Lucien Murray-Pitts]

Added more detailed comments to each case of m68k_move_to/from helpers to list
the supported CPUs for that CR as they were wrong in some cases, and
missing some cpu classes in other cases.

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/helper.c | 41 +++--
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index b0bb579403..5483ce9837 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -197,40 +197,47 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 M68kCPU *cpu = m68k_env_get_cpu(env);
 
 switch (reg) {
-/* MC680[1234]0 */
+/* MC680[12346]0 */
 case M68K_CR_SFC:
 env->sfc = val & 7;
 return;
+/* MC680[12346]0 */
 case M68K_CR_DFC:
 env->dfc = val & 7;
 return;
+/* MC680[12346]0 */
 case M68K_CR_VBR:
 env->vbr = val;
 return;
-/* MC680[234]0 */
+/* MC680[2346]0 */
 case M68K_CR_CACR:
 env->cacr = val;
 m68k_switch_sp(env);
 return;
-/* MC680[34]0 */
+/* MC680[46]0 */
 case M68K_CR_TC:
 env->mmu.tcr = val;
 return;
+/* MC680[4]0 */
 case M68K_CR_MMUSR:
 env->mmu.mmusr = val;
 return;
+/* MC680[46]0 */
 case M68K_CR_SRP:
 env->mmu.srp = val;
 return;
 case M68K_CR_URP:
 env->mmu.urp = val;
 return;
+/* MC680[46]0 */
 case M68K_CR_USP:
 env->sp[M68K_USP] = val;
 return;
+/* MC680[234]0 */
 case M68K_CR_MSP:
 env->sp[M68K_SSP] = val;
 return;
+/* MC680[234]0 */
 case M68K_CR_ISP:
 env->sp[M68K_ISP] = val;
 return;
@@ -238,12 +245,15 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 case M68K_CR_ITT0:
 env->mmu.ttr[M68K_ITTR0] = val;
 return;
+/* MC68040/MC68LC040 */
 case M68K_CR_ITT1:
  env->mmu.ttr[M68K_ITTR1] = val;
 return;
+/* MC68040/MC68LC040 */
 case M68K_CR_DTT0:
 env->mmu.ttr[M68K_DTTR0] = val;
 return;
+/* MC68040/MC68LC040 */
 case M68K_CR_DTT1:
 env->mmu.ttr[M68K_DTTR1] = val;
 return;
@@ -257,39 +267,50 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 M68kCPU *cpu = m68k_env_get_cpu(env);
 
 switch (reg) {
-/* MC680[1234]0 */
+/* MC680[12346]0 */
 case M68K_CR_SFC:
 return env->sfc;
+/* MC680[12346]0 */
 case M68K_CR_DFC:
 return env->dfc;
+/* MC680[12346]0 */
 case M68K_CR_VBR:
 return env->vbr;
-/* MC680[234]0 */
+/* MC680[2346]0 */
 case M68K_CR_CACR:
 return env->cacr;
-/* MC680[34]0 */
+/* MC680[46]0 */
 case M68K_CR_TC:
 return env->mmu.tcr;
+/* MC680[4]0 */
 case M68K_CR_MMUSR:
 return env->mmu.mmusr;
+/* MC680[46]0 */
 case M68K_CR_SRP:
 return env->mmu.srp;
+/* MC680[46]0 */
 case M68K_CR_USP:
 return env->sp[M68K_USP];
+/* MC680[234]0 */
 case M68K_CR_MSP:
 return env->sp[M68K_SSP];
+/* MC680[234]0 */
 case M68K_CR_ISP:
 return env->sp[M68K_ISP];
 /* MC68040/MC68LC040 */
 case M68K_CR_URP:
 return env->mmu.urp;
-case M68K_CR_ITT0:
+/* MC68040/MC68LC040 */
+case M68K_CR_ITT0: /* MC68EC040 only: M68K_CR_IACR0 */
 return env->mmu.ttr[M68K_ITTR0];
-case M68K_CR_ITT1:
+/* MC68040/MC68LC040 */
+case M68K_CR_ITT1: /* MC68EC040 only: M68K_CR_IACR1 */
 return env->mmu.ttr[M68K_ITTR1];
-case M68K_CR_DTT0:
+/* MC68040/MC68LC040 */
+case M68K_CR_DTT0: /* MC68EC040 only: M68K_CR_DACR0 */
 return env->mmu.ttr[M68K_DTTR0];
-case M68K_CR_DTT1:
+/* MC68040/MC68LC040 */
+case M68K_CR_DTT1: /* MC68EC040 only: M68K_CR_DACR1 */
 return env->mmu.ttr[M68K_DTTR1];
 }
 cpu_abort(CPU(cpu), "Unimplemented control register read 0x%x\n",
-- 
2.21.0

[Qemu-devel] [PATCH 4/6] Add missing BUSCR/PCR CR defines, and BUSCR/PCR/CAAR CR to m68k_move_to/from

[Lucien Murray-Pitts]

The BUSCR/PCR CR defines were missing for 68060, and the move_to/from helper
functions were also missing a decode for the 68060 M68K_CR_CAAR CR register.

Added missing defines, and respective decodes for all three CR registers to
the helpers.

Although this patch defines them, the implementation is empty in this patch
and these registers will result in a cpu abort - which is the default prior
to this patch.

This patch aims to reach full coverage of all CR registers within the helpers.

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/cpu.h|  4 
 target/m68k/helper.c | 14 ++
 2 files changed, 18 insertions(+)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index b5b3db01c9..2386419c42 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -411,6 +411,10 @@ typedef enum {
 #define M68K_CR_DACR00x006
 #define M68K_CR_DACR10x007
 
+/* MC68060 */
+#define M68K_CR_BUSCR0x008
+#define M68K_CR_PCR  0x808
+
 #define M68K_FPIAR_SHIFT  0
 #define M68K_FPIAR(1 << M68K_FPIAR_SHIFT)
 #define M68K_FPSR_SHIFT   1
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 5483ce9837..47b352c9c9 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -257,6 +257,14 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 case M68K_CR_DTT1:
 env->mmu.ttr[M68K_DTTR1] = val;
 return;
+/* Unimplemented Registers */
+case M68K_CR_CAAR:
+case M68K_CR_PCR:
+case M68K_CR_BUSCR:
+cpu_abort(CPU(cpu),
+  "Unimplemented control register write 0x%x = 0x%x\n",
+  reg, val);
+return;
 }
 cpu_abort(CPU(cpu), "Unimplemented control register write 0x%x = 0x%x\n",
   reg, val);
@@ -312,6 +320,12 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 /* MC68040/MC68LC040 */
 case M68K_CR_DTT1: /* MC68EC040 only: M68K_CR_DACR1 */
 return env->mmu.ttr[M68K_DTTR1];
+/* Unimplemented Registers */
+case M68K_CR_CAAR:
+case M68K_CR_PCR:
+case M68K_CR_BUSCR:
+cpu_abort(CPU(cpu), "Unimplemented control register read 0x%x\n",
+  reg);
 }
 cpu_abort(CPU(cpu), "Unimplemented control register read 0x%x\n",
   reg);
-- 
2.21.0

[Qemu-devel] [PATCH v20 05/24] target/rx: simplify rx_cpu_class_by_name

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu.c | 20 +++-
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index a6dde613ab..e3d76af55d 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -72,9 +72,8 @@ static void rx_cpu_reset(CPUState *s)
 static void rx_cpu_list_entry(gpointer data, gpointer user_data)
 {
 const char *typename = object_class_get_name(OBJECT_CLASS(data));
-int len = strlen(typename) - strlen(RX_CPU_TYPE_SUFFIX);
 
-qemu_printf("%.*s\n", len, typename);
+qemu_printf("%s\n", typename);
 }
 
 void rx_cpu_list(void)
@@ -88,25 +87,12 @@ void rx_cpu_list(void)
 static ObjectClass *rx_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
-char *typename;
 
 oc = object_class_by_name(cpu_model);
-if (oc != NULL && object_class_dynamic_cast(oc, TYPE_RX_CPU) != NULL &&
-!object_class_is_abstract(oc)) {
-return oc;
-}
-
-typename = g_strdup_printf(RX_CPU_TYPE_NAME("%s"), cpu_model);
-oc = object_class_by_name(typename);
-if (oc != NULL && object_class_is_abstract(oc)) {
+if (object_class_dynamic_cast(oc, TYPE_RX_CPU) == NULL ||
+object_class_is_abstract(oc)) {
 oc = NULL;
 }
-g_free(typename);
-
-if (!oc) {
-/* default to rx62n */
-oc = object_class_by_name(TYPE_RX62N_CPU);
-}
 
 return oc;
 }
-- 
2.11.0

[Qemu-devel] [PATCH v20 19/24] hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

While the VIRT machine can use different microcontrollers,
the RX62N microcontroller is tied to the RX62N CPU core.

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx-virt.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
index 4cfe2e3123..9676a5e7bf 100644
--- a/hw/rx/rx-virt.c
+++ b/hw/rx/rx-virt.c
@@ -17,6 +17,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
@@ -56,6 +57,7 @@ static void rx_load_image(RXCPU *cpu, const char *filename,
 
 static void rxvirt_init(MachineState *machine)
 {
+MachineClass *mc = MACHINE_GET_CLASS(machine);
 RX62NState *s = g_new(RX62NState, 1);
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *sdram = g_new(MemoryRegion, 1);
@@ -64,6 +66,12 @@ static void rxvirt_init(MachineState *machine)
 void *dtb = NULL;
 int dtb_size;
 
+if (strcmp(machine->cpu_type, mc->default_cpu_type) != 0) {
+error_report("This board can only be used with CPU %s",
+ mc->default_cpu_type);
+exit(1);
+}
+
 /* Allocate memory space */
 memory_region_init_ram(sdram, NULL, "sdram", 16 * MiB,
&error_fatal);
-- 
2.11.0

[Qemu-devel] [PATCH 6/6] Added MSP detection support for stack pointer swap helpers

[Lucien Murray-Pitts]

On m68k there are two varities of stack pointers,  USP with SSP or ISP/MSP.

Only the 68020/30/40 support the MSP register the stack swap helpers dont
support this feature.

This patch adds this support, as well as comments to CPUM68KState to
make it clear how stacks are handled

Signed-off-by: Lucien Murray-Pitts 
---
 target/m68k/cpu.c| 1 +
 target/m68k/cpu.h| 8 +++-
 target/m68k/helper.c | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 50260de97d..f1610e2745 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -137,6 +137,7 @@ static void m68010_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_M68010);
 m68k_set_feature(env, M68K_FEATURE_RTD);
 m68k_set_feature(env, M68K_FEATURE_BKPT);
+m68k_set_feature(env, M68K_FEATURE_MSP);
 }
 
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 86ba19f779..7a8e4872e2 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -93,7 +93,13 @@ typedef struct CPUM68KState {
 uint32_t pc;
 uint32_t sr;
 
-/* SSP and USP.  The current_sp is stored in aregs[7], the other here.  */
+/*
+ * The 68020/30/40 support two supervisor stacks, ISP and MSP.
+ * The 68000/10, Coldfire, and CPU32 only have USP/SSP.
+ *
+ * The current_sp is stored in aregs[7], the other here.
+ * The USP, SSP, and if used the additional ISP for 68020/30/40.
+ */
 int current_sp;
 uint32_t sp[3];
 
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 119fc3af2b..17a4380b5b 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -474,7 +474,8 @@ void m68k_switch_sp(CPUM68KState *env)
 env->sp[env->current_sp] = env->aregs[7];
 if (m68k_feature(env, M68K_FEATURE_M68000)) {
 if (env->sr & SR_S) {
-if (env->sr & SR_M) {
+/* SR:Master-Mode bit unimplemented then ISP is not available */
+if (!m68k_feature(env, M68K_FEATURE_MSP) || env->sr & SR_M) {
 new_sp = M68K_SSP;
 } else {
 new_sp = M68K_ISP;
-- 
2.21.0

[Qemu-devel] [PATCH v20 12/24] target/rx: Dump bytes for each insn during disassembly

[Yoshinori Sato]

From: Richard Henderson 

There are so many different forms of each RX instruction
that it will be very useful to be able to look at the bytes
to see on which path a bug may lie.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-24-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 5a32a87534..d73b53db44 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -102,7 +102,21 @@ static int bdsp_s(DisasContext *ctx, int d)
 /* Include the auto-generated decoder.  */
 #include "decode.inc.c"
 
-#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+static void dump_bytes(DisasContext *ctx)
+{
+int i, len = ctx->len;
+
+for (i = 0; i < len; ++i) {
+ctx->dis->fprintf_func(ctx->dis->stream, "%02x ", ctx->bytes[i]);
+}
+ctx->dis->fprintf_func(ctx->dis->stream, "%*c", (8 - i) * 3, '\t');
+}
+
+#define prt(...) \
+do {\
+dump_bytes(ctx);\
+ctx->dis->fprintf_func(ctx->dis->stream, __VA_ARGS__);  \
+} while (0)
 
 #define RX_MEMORY_BYTE 0
 #define RX_MEMORY_WORD 1
-- 
2.11.0

[Qemu-devel] [PATCH v20 10/24] target/rx: Emit all disassembly in one prt()

[Yoshinori Sato]

From: Richard Henderson 

Many of the multi-part prints have been eliminated by previous
patches.  Eliminate the rest of them.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-22-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 75 +--
 1 file changed, 39 insertions(+), 36 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index db10385fd0..ebc1a44249 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -228,24 +228,21 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-char dspd[8], dsps[8];
+char dspd[8], dsps[8], szc = size[a->sz];
 
-prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
 /* mov.[bwl] rs,rd */
-prt("r%d, r%d", a->rs, a->rd);
-return true;
-}
-if (a->lds == 3) {
+prt("mov.%c\tr%d, r%d", szc, a->rs, a->rd);
+} else if (a->lds == 3) {
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
+prt("mov.%c\tr%d, %s[r%d]", szc, a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
-prt("%s[r%d], r%d", dsps, a->rs, a->rd);
+prt("mov.%c\t%s[r%d], r%d", szc, dsps, a->rs, a->rd);
 } else {
 rx_index_addr(ctx, dsps, a->lds, a->sz);
 rx_index_addr(ctx, dspd, a->ldd, a->sz);
-prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
+prt("mov.%c\t%s[r%d], %s[r%d]", szc, dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -254,8 +251,11 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 /* mov.[bwl] rs,[-rd] */
 static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 {
-prt("mov.%c\tr%d, ", size[a->sz], a->rs);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
+if (a->ad) {
+prt("mov.%c\tr%d, [-r%d]", size[a->sz], a->rs, a->rd);
+} else {
+prt("mov.%c\tr%d, [r%d+]", size[a->sz], a->rs, a->rd);
+}
 return true;
 }
 
@@ -263,9 +263,11 @@ static bool trans_MOV_rp(DisasContext *ctx, arg_MOV_rp *a)
 /* mov.[bwl] [-rd],rs */
 static bool trans_MOV_pr(DisasContext *ctx, arg_MOV_pr *a)
 {
-prt("mov.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("mov.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("mov.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -299,9 +301,11 @@ static bool trans_MOVU_ar(DisasContext *ctx, arg_MOVU_ar 
*a)
 /* movu.[bw] [-rs],rd */
 static bool trans_MOVU_pr(DisasContext *ctx, arg_MOVU_pr *a)
 {
-prt("movu.%c\t", size[a->sz]);
-prt((a->ad == 0) ? "[r%d+]" : "[-r%d]", a->rd);
-prt(", r%d", a->rs);
+if (a->ad) {
+prt("movu.%c\t[-r%d], r%d", size[a->sz], a->rd, a->rs);
+} else {
+prt("movu.%c\t[r%d+], r%d", size[a->sz], a->rd, a->rs);
+}
 return true;
 }
 
@@ -478,11 +482,11 @@ static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 /* not rs, rd */
 static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 {
-prt("not\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("not\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("not\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -490,11 +494,11 @@ static bool trans_NOT_rr(DisasContext *ctx, arg_NOT_rr *a)
 /* neg rs, rd */
 static bool trans_NEG_rr(DisasContext *ctx, arg_NEG_rr *a)
 {
-prt("neg\t");
 if (a->rs != a->rd) {
-prt("r%d, ", a->rs);
+prt("neg\tr%d, r%d", a->rs, a->rd);
+} else {
+prt("neg\tr%d", a->rs);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -606,11 +610,10 @@ static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 /* abs rs, rd */
 static bool trans_ABS_rr(DisasContext *ctx, arg_ABS_rr *a)
 {
-prt("abs\t");
-if (a->rs == a->rd) {
-prt("r%d", a->rd);
+if (a->rs != a->rd) {
+prt("abs\tr%d, r%d", a->rs, a->rd);
 } else {
-prt("r%d, r%d", a->rs, a->rd);
+prt("abs\tr%d", a->rs);
 }
 return true;
 }
@@ -733,11 +736,11 @@ static bool trans_DIVU_mr(DisasContext *ctx, arg_DIVU_mr 
*a)
 /* shll #imm:5, rs, rd */
 static bool trans_SHLL_irr(DisasContext *ctx, arg_SHLL_irr *a)
 {
-prt("shll\t#%d, ", a->imm);
 if (a->rs2 != a->rd) {
-prt("r%d, ", a->rs2);
+prt("shll\t#%d, r%d, r%d", a->imm, a->rs2, a->rd);
+} else {
+prt("shll\t#%d, r%d", a->imm, a->rd);
 }
-prt("r%d", a->rd);
 return true;
 }
 
@@ -752,11 +755,11 @@ static bool trans_SHLL_rr(DisasContext *ctx, arg_SHLL_rr 
*a)
 /* shar #imm:5, rs, rd */
 static bool trans_SHAR_irr(DisasContext *ctx, arg_

[Qemu-devel] [PATCH v20 23/24] MAINTAINERS: Add RX

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-18-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 MAINTAINERS | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index acbad134ec..46bef20cc9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -273,6 +273,13 @@ F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
 
+RENESAS RX CPUs
+M: Yoshinori Sato 
+S: Maintained
+F: target/rx/
+F: hw/rx/
+F: include/hw/rx/
+
 S390 TCG CPUs
 M: Richard Henderson 
 M: David Hildenbrand 
@@ -1102,6 +1109,18 @@ F: pc-bios/canyonlands.dt[sb]
 F: pc-bios/u-boot-sam460ex-20100605.bin
 F: roms/u-boot-sam460ex
 
+RX Machines
+---
+rx-virt
+M: Yoshinori Sato 
+S: Maintained
+F: hw/rx/rxqemu.c
+F: hw/intc/rx_icu.c
+F: hw/timer/renesas_*.c
+F: hw/char/renesas_sci.c
+F: include/hw/timer/renesas_*.h
+F: include/hw/char/renesas_sci.h
+
 SH4 Machines
 
 R2D
-- 
2.11.0

[Qemu-devel] [PATCH v20 17/24] target/rx: Move rx_load_image to rx-virt.

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx-virt.c | 22 ++
 target/rx/cpu.c | 22 --
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
index ed0a3a1da0..4cfe2e3123 100644
--- a/hw/rx/rx-virt.c
+++ b/hw/rx/rx-virt.c
@@ -32,6 +32,28 @@
 /* Same address of GDB integrated simulator */
 #define SDRAM_BASE 0x0100
 
+static void rx_load_image(RXCPU *cpu, const char *filename,
+  uint32_t start, uint32_t size)
+{
+static uint32_t extable[32];
+long kernel_size;
+int i;
+
+kernel_size = load_image_targphys(filename, start, size);
+if (kernel_size < 0) {
+fprintf(stderr, "qemu: could not load kernel '%s'\n", filename);
+exit(1);
+}
+cpu->env.pc = start;
+
+/* setup exception trap trampoline */
+/* linux kernel only works little-endian mode */
+for (i = 0; i < ARRAY_SIZE(extable); i++) {
+extable[i] = cpu_to_le32(0x10 + i * 4);
+}
+rom_add_blob_fixed("extable", extable, sizeof(extable), 0xff80);
+}
+
 static void rxvirt_init(MachineState *machine)
 {
 RX62NState *s = g_new(RX62NState, 1);
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index e3d76af55d..ea38639f47 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -215,25 +215,3 @@ static void rx_cpu_register_types(void)
 }
 
 type_init(rx_cpu_register_types)
-
-void rx_load_image(RXCPU *cpu, const char *filename,
-   uint32_t start, uint32_t size)
-{
-static uint32_t extable[32];
-long kernel_size;
-int i;
-
-kernel_size = load_image_targphys(filename, start, size);
-if (kernel_size < 0) {
-fprintf(stderr, "qemu: could not load kernel '%s'\n", filename);
-exit(1);
-}
-cpu->env.pc = start;
-
-/* setup exception trap trampoline */
-/* linux kernel only works little-endian mode */
-for (i = 0; i < ARRAY_SIZE(extable); i++) {
-extable[i] = cpu_to_le32(0x10 + i * 4);
-}
-rom_add_blob_fixed("extable", extable, sizeof(extable), 0xff80);
-}
-- 
2.11.0

[Qemu-devel] [PATCH v20 18/24] hw/rx: Honor -accel qtest

[Yoshinori Sato]

From: Richard Henderson 

Issue an error if no kernel, no bios, and not qtest'ing.
Fixes make check-qtest-rx: test/qom-test.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-16-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
We could squash this with the previous patch

Signed-off-by: Yoshinori Sato 
---
 hw/rx/rx62n.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/rx/rx62n.c b/hw/rx/rx62n.c
index 74d2fd0ee3..05d82d0b8f 100644
--- a/hw/rx/rx62n.c
+++ b/hw/rx/rx62n.c
@@ -21,11 +21,13 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "hw/hw.h"
 #include "hw/rx/rx62n.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
 #include "cpu.h"
 
 /*
@@ -190,8 +192,14 @@ static void rx62n_realize(DeviceState *dev, Error **errp)
 memory_region_init_rom(&s->c_flash, NULL, "codeflash",
RX62N_CFLASH_SIZE, errp);
 memory_region_add_subregion(s->sysmem, RX62N_CFLASH_BASE, &s->c_flash);
+
 if (!s->kernel) {
-rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+if (bios_name) {
+rom_add_file_fixed(bios_name, RX62N_CFLASH_BASE, 0);
+}  else if (!qtest_enabled()) {
+error_report("No bios or kernel specified");
+exit(1);
+}
 }
 
 /* Initialize CPU */
-- 
2.11.0

[Qemu-devel] [PATCH v20 07/24] target/rx: Disassemble rx_index_addr into a string

[Yoshinori Sato]

From: Richard Henderson 

We were eliding all zero indexes.  It is only ld==0 that does
not have an index in the instruction.  This also allows us to
avoid breaking the final print into multiple pieces.

Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-19-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 154 +++---
 1 file changed, 55 insertions(+), 99 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 8cada4825d..64342537ee 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -107,49 +107,42 @@ static const char psw[] = {
 'i', 'u', 0, 0, 0, 0, 0, 0,
 };
 
-static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
-bfd_byte buf[2];
+uint32_t addr = ctx->addr;
+uint8_t buf[2];
+uint16_t dsp;
+
 switch (ld) {
 case 0:
-return 0;
+/* No index; return empty string.  */
+out[0] = '\0';
+return;
 case 1:
-ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
 ctx->addr += 1;
-return ((uint8_t)buf[0]) << size;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+dsp = buf[0];
+break;
 case 2:
-ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
 ctx->addr += 2;
-return lduw_le_p(buf) << size;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+dsp = lduw_le_p(buf);
+break;
+default:
+g_assert_not_reached();
 }
-g_assert_not_reached();
+
+sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
 static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
 {
-int dsp;
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+char dsp[8];
+
 if (ld < 3) {
-switch (mi) {
-case 4:
-/* dsp[rs].ub */
-dsp = rx_index_addr(ld, RX_MEMORY_BYTE, ctx);
-break;
-case 3:
-/* dsp[rs].uw */
-dsp = rx_index_addr(ld, RX_MEMORY_WORD, ctx);
-break;
-default:
-/* dsp[rs].b */
-/* dsp[rs].w */
-/* dsp[rs].l */
-dsp = rx_index_addr(ld, mi, ctx);
-break;
-}
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]%s", rs, sizes[mi]);
+rx_index_addr(ctx, dsp, ld, mi);
+prt("%s[r%d]%s", dsp, rs, sizes[mi]);
 } else {
 prt("r%d", rs);
 }
@@ -235,7 +228,7 @@ static bool trans_MOV_ra(DisasContext *ctx, arg_MOV_ra *a)
 /* mov.[bwl] rs,rd */
 static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 {
-int dsp;
+char dspd[8], dsps[8];
 
 prt("mov.%c\t", size[a->sz]);
 if (a->lds == 3 && a->ldd == 3) {
@@ -244,29 +237,15 @@ static bool trans_MOV_mm(DisasContext *ctx, arg_MOV_mm *a)
 return true;
 }
 if (a->lds == 3) {
-prt("r%d, ", a->rd);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("r%d, %s[r%d]", a->rs, dspd, a->rd);
 } else if (a->ldd == 3) {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], r%d", a->rs, a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+prt("%s[r%d], r%d", dsps, a->rs, a->rd);
 } else {
-dsp = rx_index_addr(a->lds, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d], ", a->rs);
-dsp = rx_index_addr(a->ldd, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rd);
+rx_index_addr(ctx, dsps, a->lds, a->sz);
+rx_index_addr(ctx, dspd, a->ldd, a->sz);
+prt("%s[r%d], %s[r%d]", dsps, a->rs, dspd, a->rd);
 }
 return true;
 }
@@ -357,12 +336,10 @@ static bool trans_PUSH_r(DisasContext *ctx, arg_PUSH_r *a)
 /* push dsp[rs] */
 static bool trans_PUSH_m(DisasContext *ctx, arg_PUSH_m *a)
 {
-prt("push\t");
-int dsp = rx_index_addr(a->ld, a->sz, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-prt("[r%d]", a->rs);
+char dsp[8];
+
+rx_index_addr(ctx, dsp, a->ld, a->sz);
+prt("push\t%s[r%d]", dsp, a->rs);
 return true;
 }
 
@@ -389,17 +366,13 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-int dsp;
 static const char msize[][4] = {
 "b", "w", "l", "ub", "uw",
 };
+char dsp[8];
 
-prt("xchg\t");
-dsp = rx_index_addr(a->ld, a->mi, ctx);
-if (dsp > 0) {
-prt("%d", dsp);
-}
-pr

[Qemu-devel] [PATCH v20 03/24] target/rx: CPU definition

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-4-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use newer QOM style, split cpu-qom.h, restrict access to
 extable array, use rx_cpu_tlb_fill() extracted from patch of
 Yoshinori Sato 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 

Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu-qom.h |  42 +
 target/rx/cpu.h | 201 +
 target/rx/cpu.c | 252 
 target/rx/gdbstub.c | 112 +++
 target/rx/monitor.c |  38 
 5 files changed, 645 insertions(+)
 create mode 100644 target/rx/cpu-qom.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/gdbstub.c
 create mode 100644 target/rx/monitor.c

diff --git a/target/rx/cpu-qom.h b/target/rx/cpu-qom.h
new file mode 100644
index 00..4ae3b38b3e
--- /dev/null
+++ b/target/rx/cpu-qom.h
@@ -0,0 +1,42 @@
+#ifndef QEMU_SUPERH_CPU_QOM_H
+#define QEMU_SUPERH_CPU_QOM_H
+
+#include "qom/cpu.h"
+/*
+ * RX CPU
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ * SPDX-License-Identifier: LGPL-2.0+
+ */
+
+#define TYPE_RX_CPU "rx-cpu"
+
+#define TYPE_RX62N_CPU RX_CPU_TYPE_NAME("rx62n")
+
+#define RXCPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(RXCPUClass, (klass), TYPE_RX_CPU)
+#define RXCPU(obj) \
+OBJECT_CHECK(RXCPU, (obj), TYPE_RX_CPU)
+#define RXCPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(RXCPUClass, (obj), TYPE_RX_CPU)
+
+/*
+ * RXCPUClass:
+ * @parent_realize: The parent class' realize handler.
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A RX CPU model.
+ */
+typedef struct RXCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+DeviceRealize parent_realize;
+void (*parent_reset)(CPUState *cpu);
+
+} RXCPUClass;
+
+#define CPUArchState struct CPURXState
+
+#endif
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
new file mode 100644
index 00..3e5f371f51
--- /dev/null
+++ b/target/rx/cpu.h
@@ -0,0 +1,201 @@
+/*
+ *  RX emulation definition
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_H
+#define RX_CPU_H
+
+#include "qemu/bitops.h"
+#include "qemu-common.h"
+#include "hw/registerfields.h"
+#include "cpu-qom.h"
+#include "qom/cpu.h"
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#include "exec/cpu-defs.h"
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+/* PSW define */
+REG32(PSW, 0)
+FIELD(PSW, C, 0, 1)
+FIELD(PSW, Z, 1, 1)
+FIELD(PSW, S, 2, 1)
+FIELD(PSW, O, 3, 1)
+FIELD(PSW, I, 16, 1)
+FIELD(PSW, U, 17, 1)
+FIELD(PSW, PM, 20, 1)
+FIELD(PSW, IPL, 24, 4)
+
+/* FPSW define */
+REG32(FPSW, 0)
+FIELD(FPSW, RM, 0, 2)
+FIELD(FPSW, CV, 2, 1)
+FIELD(FPSW, CO, 3, 1)
+FIELD(FPSW, CZ, 4, 1)
+FIELD(FPSW, CU, 5, 1)
+FIELD(FPSW, CX, 6, 1)
+FIELD(FPSW, CE, 7, 1)
+FIELD(FPSW, CAUSE, 2, 6)
+FIELD(FPSW, DN, 8, 1)
+FIELD(FPSW, EV, 10, 1)
+FIELD(FPSW, EO, 11, 1)
+FIELD(FPSW, EZ, 12, 1)
+FIELD(FPSW, EU, 13, 1)
+FIELD(FPSW, EX, 14, 1)
+FIELD(FPSW, ENABLE, 10, 5)
+FIELD(FPSW, FV, 26, 1)
+FIELD(FPSW, FO, 27, 1)
+FIELD(FPSW, FZ, 28, 1)
+FIELD(FPSW, FU, 29, 1)
+FIELD(FPSW, FX, 30, 1)
+FIELD(FPSW, FLAGS, 26, 4)
+FIELD(FPSW, FS, 31, 1)
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+enum {
+NUM_REGS = 16,
+};
+
+typedef struct CPURXState {
+/* CPU registers */
+uint32_t regs[NUM_REGS];/* general registers */
+uint32_t psw_o; /* O bit of status register */
+uint32_t psw_s; /* S bit of status register */
+uint32_t psw_z; /* Z bit of status register */
+uint32_t psw_c; /* C bit of status register */
+uint32_t psw_u;
+uint32_t psw_i;
+uint32_t psw_pm;
+uint32_t psw_ipl;
+uint32_t bpsw;  /* backup status */
+uint32_t bpc;   /* backup pc */
+uint32_t isp;   /* global base register */
+uint32_t usp;   /* vector base register */
+uint32_t pc;/* program counter */
+uint32_t intb;  /* interrupt vector */
+uint32_t fintv;
+uint32_t fpsw;
+uint64_t acc;
+
+/* Fields up to this point are cleared by a CPU reset */
+struct {} end_reset_fields;
+
+ 

[Qemu-devel] [PATCH v20 20/24] qemu/bitops.h: Add extract8 and extract16

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-10-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/qemu/bitops.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
index 3f0926cf40..764f9d1ea0 100644
--- a/include/qemu/bitops.h
+++ b/include/qemu/bitops.h
@@ -301,6 +301,44 @@ static inline uint32_t extract32(uint32_t value, int 
start, int length)
 }
 
 /**
+ * extract8:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 8 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 8 bit word. It is valid to request that
+ * all 8 bits are returned (ie @length 8 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint8_t extract8(uint8_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 8 - start);
+return extract32(value, start, length);
+}
+
+/**
+ * extract16:
+ * @value: the value to extract the bit field from
+ * @start: the lowest bit in the bit field (numbered from 0)
+ * @length: the length of the bit field
+ *
+ * Extract from the 16 bit input @value the bit field specified by the
+ * @start and @length parameters, and return it. The bit field must
+ * lie entirely within the 16 bit word. It is valid to request that
+ * all 16 bits are returned (ie @length 16 and @start 0).
+ *
+ * Returns: the value of the bit field extracted from the input value.
+ */
+static inline uint16_t extract16(uint16_t value, int start, int length)
+{
+assert(start >= 0 && length > 0 && length <= 16 - start);
+return extract32(value, start, length);
+}
+
+/**
  * extract64:
  * @value: the value to extract the bit field from
  * @start: the lowest bit in the bit field (numbered from 0)
-- 
2.11.0

[Qemu-devel] [PATCH v20 22/24] Add rx-softmmu

[Yoshinori Sato]

Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-17-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
pick ed65c02993 target/rx: Add RX to SysEmuTarget
pick 01372568ae tests: Add rx to machine-none-test.c
[PMD: Squashed patches from Richard Henderson modifying
  qapi/common.json and tests/machine-none-test.c]
Signed-off-by: Philippe Mathieu-Daudé 

Signed-off-by: Yoshinori Sato 
---
 configure  | 8 
 default-configs/rx-softmmu.mak | 3 +++
 qapi/common.json   | 3 ++-
 include/exec/poison.h  | 1 +
 include/sysemu/arch_init.h | 1 +
 arch_init.c| 2 ++
 tests/machine-none-test.c  | 1 +
 hw/Kconfig | 1 +
 8 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/rx-softmmu.mak

diff --git a/configure b/configure
index b091b82cb3..d6e16c58c3 100755
--- a/configure
+++ b/configure
@@ -7595,6 +7595,11 @@ case "$target_name" in
 gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml riscv-64bit-csr.xml"
 target_compiler=$cross_cc_riscv64
   ;;
+  rx)
+TARGET_ARCH=rx
+bflt="yes"
+target_compiler=$cross_cc_rx
+  ;;
   sh4|sh4eb)
 TARGET_ARCH=sh4
 bflt="yes"
@@ -7815,6 +7820,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   riscv*)
 disas_config "RISCV"
   ;;
+  rx)
+disas_config "RX"
+  ;;
   s390*)
 disas_config "S390"
   ;;
diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
new file mode 100644
index 00..a3eecefb11
--- /dev/null
+++ b/default-configs/rx-softmmu.mak
@@ -0,0 +1,3 @@
+# Default configuration for rx-softmmu
+
+CONFIG_RX_VIRT=y
diff --git a/qapi/common.json b/qapi/common.json
index 99d313ef3b..d0fc931159 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -183,6 +183,7 @@
 #is true even for "qemu-system-x86_64".
 #
 # ppcemb: dropped in 3.1
+# rx: added in 4.1
 #
 # Since: 3.0
 ##
@@ -190,6 +191,6 @@
   'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
  'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
  'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
- 'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
+ 'ppc64', 'riscv32', 'riscv64', 'rx', 's390x', 'sh4',
  'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
  'x86_64', 'xtensa', 'xtensaeb' ] }
diff --git a/include/exec/poison.h b/include/exec/poison.h
index b862320fa6..c17911d859 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -26,6 +26,7 @@
 #pragma GCC poison TARGET_PPC
 #pragma GCC poison TARGET_PPC64
 #pragma GCC poison TARGET_ABI32
+#pragma GCC poison TARGET_RX
 #pragma GCC poison TARGET_S390X
 #pragma GCC poison TARGET_SH4
 #pragma GCC poison TARGET_SPARC
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 10cbafe970..3f4f844f7b 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -25,6 +25,7 @@ enum {
 QEMU_ARCH_NIOS2 = (1 << 17),
 QEMU_ARCH_HPPA = (1 << 18),
 QEMU_ARCH_RISCV = (1 << 19),
+QEMU_ARCH_RX = (1 << 20),
 };
 
 extern const uint32_t arch_type;
diff --git a/arch_init.c b/arch_init.c
index 74b0708634..48d9b4c86f 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -73,6 +73,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_PPC
 #elif defined(TARGET_RISCV)
 #define QEMU_ARCH QEMU_ARCH_RISCV
+#elif defined(TARGET_RX)
+#define QEMU_ARCH QEMU_ARCH_RX
 #elif defined(TARGET_S390X)
 #define QEMU_ARCH QEMU_ARCH_S390X
 #elif defined(TARGET_SH4)
diff --git a/tests/machine-none-test.c b/tests/machine-none-test.c
index 4c6d470798..80df277357 100644
--- a/tests/machine-none-test.c
+++ b/tests/machine-none-test.c
@@ -56,6 +56,7 @@ static struct arch2cpu cpus_map[] = {
 { "hppa", "hppa" },
 { "riscv64", "rv64gcsu-v1.10.0" },
 { "riscv32", "rv32gcsu-v1.9.1" },
+{ "rx", "rx62n" },
 };
 
 static const char *get_cpu_model_by_arch(const char *arch)
diff --git a/hw/Kconfig b/hw/Kconfig
index 195f541e50..b0c7221240 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -54,6 +54,7 @@ source nios2/Kconfig
 source openrisc/Kconfig
 source ppc/Kconfig
 source riscv/Kconfig
+source rx/Kconfig
 source s390x/Kconfig
 source sh4/Kconfig
 source sparc/Kconfig
-- 
2.11.0

[Qemu-devel] [PATCH v20 15/24] hw/char: RX62N serial communication interface (SCI)

[Yoshinori Sato]

This module supported only non FIFO type.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-8-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/char/renesas_sci.h |  45 ++
 hw/char/renesas_sci.c | 340 ++
 hw/char/Kconfig   |   3 +
 hw/char/Makefile.objs |   1 +
 4 files changed, 389 insertions(+)
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 hw/char/renesas_sci.c

diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
new file mode 100644
index 00..50d1336944
--- /dev/null
+++ b/include/hw/char/renesas_sci.h
@@ -0,0 +1,45 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#include "chardev/char-fe.h"
+#include "qemu/timer.h"
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_SCI "renesas-sci"
+#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
+
+enum {
+ERI = 0,
+RXI = 1,
+TXI = 2,
+TEI = 3,
+SCI_NR_IRQ = 4,
+};
+
+typedef struct {
+SysBusDevice parent_obj;
+MemoryRegion memory;
+
+uint8_t smr;
+uint8_t brr;
+uint8_t scr;
+uint8_t tdr;
+uint8_t ssr;
+uint8_t rdr;
+uint8_t scmr;
+uint8_t semr;
+
+uint8_t read_ssr;
+int64_t trtime;
+int64_t rx_next;
+QEMUTimer *timer;
+CharBackend chr;
+uint64_t input_freq;
+qemu_irq irq[SCI_NR_IRQ];
+} RSCIState;
diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
new file mode 100644
index 00..6298cbf43a
--- /dev/null
+++ b/hw/char/renesas_sci.c
@@ -0,0 +1,340 @@
+/*
+ * Renesas Serial Communication Interface
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/char/renesas_sci.h"
+#include "qemu/error-report.h"
+
+/* SCI register map */
+REG8(SMR, 0)
+  FIELD(SMR, CKS,  0, 2)
+  FIELD(SMR, MP,   2, 1)
+  FIELD(SMR, STOP, 3, 1)
+  FIELD(SMR, PM,   4, 1)
+  FIELD(SMR, PE,   5, 1)
+  FIELD(SMR, CHR,  6, 1)
+  FIELD(SMR, CM,   7, 1)
+REG8(BRR, 1)
+REG8(SCR, 2)
+  FIELD(SCR, CKE, 0, 2)
+  FIELD(SCR, TEIE, 2, 1)
+  FIELD(SCR, MPIE, 3, 1)
+  FIELD(SCR, RE,   4, 1)
+  FIELD(SCR, TE,   5, 1)
+  FIELD(SCR, RIE,  6, 1)
+  FIELD(SCR, TIE,  7, 1)
+REG8(TDR, 3)
+REG8(SSR, 4)
+  FIELD(SSR, MPBT, 0, 1)
+  FIELD(SSR, MPB,  1, 1)
+  FIELD(SSR, TEND, 2, 1)
+  FIELD(SSR, ERR, 3, 3)
+FIELD(SSR, PER,  3, 1)
+FIELD(SSR, FER,  4, 1)
+FIELD(SSR, ORER, 5, 1)
+  FIELD(SSR, RDRF, 6, 1)
+  FIELD(SSR, TDRE, 7, 1)
+REG8(RDR, 5)
+REG8(SCMR, 6)
+  FIELD(SCMR, SMIF, 0, 1)
+  FIELD(SCMR, SINV, 2, 1)
+  FIELD(SCMR, SDIR, 3, 1)
+  FIELD(SCMR, BCP2, 7, 1)
+REG8(SEMR, 7)
+  FIELD(SEMR, ACS0, 0, 1)
+  FIELD(SEMR, ABCS, 4, 1)
+
+static int can_receive(void *opaque)
+{
+RSCIState *sci = RSCI(opaque);
+if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
+return 0;
+} else {
+return FIELD_EX8(sci->scr, SCR, RE);
+}
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+RSCIState *sci = RSCI(opaque);
+sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
+if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
+sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_set_irq(sci->irq[ERI], 1);
+}
+} else {
+sci->rdr = buf[0];
+sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
+if (FIELD_EX8(sci->scr, SCR, RIE)) {
+qemu_irq_pulse(sci->irq[RXI]);
+}
+}
+}
+
+static void send_byte(RSCIState *sci)
+{
+if (qemu_chr_fe_backend_connected(&sci->chr)) {
+qemu_chr_fe_write_all(&sci->chr, &sci->tdr, 1);
+}
+timer_mod(sci->timer,
+  qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime);
+sci->

[Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[Yoshinori Sato]

Hello.
This patch series is added Renesas RX target emulation.

Changes for v19.
Follow tcg changes.
Cleanup cpu.c.
simplify rx_cpu_class_by_name and rx_load_image move to rx-virt.

My git repository is bellow.
git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190616

Testing binaries bellow.
u-boot
Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz

starting
$ gzip -d u-boot.bin.gz
$ qemu-system-rx -bios u-boot.bin

linux and pico-root (only sash)
Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
   https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)

starting
$ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"

Philippe Mathieu-Daudé (3):
  hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
  hw/registerfields.h: Add 8bit and 16bit register macros
  BootLinuxConsoleTest: Test the RX-Virt machine

Richard Henderson (7):
  target/rx: Disassemble rx_index_addr into a string
  target/rx: Replace operand with prt_ldmi in disassembler
  target/rx: Use prt_ldmi for XCHG_mr disassembly
  target/rx: Emit all disassembly in one prt()
  target/rx: Collect all bytes during disassembly
  target/rx: Dump bytes for each insn during disassembly
  hw/rx: Honor -accel qtest

Yoshinori Sato (14):
  target/rx: TCG translation
  target/rx: TCG helper
  target/rx: CPU definition
  target/rx: Follow the change of tcg.
  target/rx: simplify rx_cpu_class_by_name
  target/rx: RX disassembler
  hw/intc: RX62N interrupt controller (ICUa)
  hw/timer: RX62N internal timer modules
  hw/char: RX62N serial communication interface (SCI)
  hw/rx: RX Target hardware definition
  target/rx: Move rx_load_image to rx-virt.
  qemu/bitops.h: Add extract8 and extract16
  Add rx-softmmu
  MAINTAINERS: Add RX

 configure  |8 +
 default-configs/rx-softmmu.mak |3 +
 qapi/common.json   |3 +-
 include/disas/dis-asm.h|5 +
 include/exec/poison.h  |1 +
 include/hw/char/renesas_sci.h  |   45 +
 include/hw/intc/rx_icu.h   |   56 +
 include/hw/registerfields.h|   32 +-
 include/hw/rx/rx.h |7 +
 include/hw/rx/rx62n.h  |   91 ++
 include/hw/timer/renesas_cmt.h |   38 +
 include/hw/timer/renesas_tmr.h |   53 +
 include/qemu/bitops.h  |   38 +
 include/sysemu/arch_init.h |1 +
 target/rx/cpu-param.h  |   31 +
 target/rx/cpu-qom.h|   42 +
 target/rx/cpu.h|  182 +++
 target/rx/helper.h |   31 +
 arch_init.c|2 +
 hw/char/renesas_sci.c  |  340 +
 hw/intc/rx_icu.c   |  376 +
 hw/rx/rx-virt.c|  135 ++
 hw/rx/rx62n.c  |  246 
 hw/timer/renesas_cmt.c |  275 
 hw/timer/renesas_tmr.c |  455 ++
 target/rx/cpu.c|  217 +++
 target/rx/disas.c  | 1446 +++
 target/rx/gdbstub.c|  112 ++
 target/rx/helper.c |  148 ++
 target/rx/monitor.c|   38 +
 target/rx/op_helper.c  |  470 ++
 target/rx/translate.c  | 2432 
 tests/machine-none-test.c  |1 +
 MAINTAINERS|   19 +
 hw/Kconfig |1 +
 hw/char/Kconfig|3 +
 hw/char/Makefile.objs  |1 +
 hw/intc/Kconfig|3 +
 hw/intc/Makefile.objs  |1 +
 hw/rx/Kconfig  |   14 +
 hw/rx/Makefile.objs|2 +
 hw/timer/Kconfig   |6 +
 hw/timer/Makefile.objs |3 +
 target/rx/Makefile.objs|   12 +
 target/rx/insns.decode |  621 
 tests/acceptance/boot_linux_console.py |   46 +
 46 files changed, 8090 insertions(+), 2 deletions(-)
 create mode 100644 default-configs/rx-softmmu.mak
 create mode 100644 include/hw/char/renesas_sci.h
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 target/rx/cpu-param.h
 create mode 100644 target/rx/cpu-qom.h
 create mode 100644 target/rx/cpu.h
 create mode 100644 target/rx/helper.h
 create mode 100644 hw/char/renesas_sci.c
 create mode 100644 hw/intc/rx_icu.c
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c
 create mode 100644 target/rx/cpu.c
 create mode 100644 target/rx/disas.c
 c

[Qemu-devel] [PATCH v20 14/24] hw/timer: RX62N internal timer modules

[Yoshinori Sato]

renesas_tmr: 8bit timer modules.
renesas_cmt: 16bit compare match timer modules.
This part use many renesas's CPU.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-7-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/timer/renesas_cmt.h |  38 
 include/hw/timer/renesas_tmr.h |  53 +
 hw/timer/renesas_cmt.c | 275 +
 hw/timer/renesas_tmr.c | 455 +
 hw/timer/Kconfig   |   6 +
 hw/timer/Makefile.objs |   3 +
 6 files changed, 830 insertions(+)
 create mode 100644 include/hw/timer/renesas_cmt.h
 create mode 100644 include/hw/timer/renesas_tmr.h
 create mode 100644 hw/timer/renesas_cmt.c
 create mode 100644 hw/timer/renesas_tmr.c

diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
new file mode 100644
index 00..acd25c6e0b
--- /dev/null
+++ b/include/hw/timer/renesas_cmt.h
@@ -0,0 +1,38 @@
+/*
+ * Renesas Compare-match timer Object
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_CMT_H
+#define HW_RENESAS_CMT_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_CMT "renesas-cmt"
+#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
+
+enum {
+CMT_CH = 2,
+CMT_NR_IRQ = 1 * CMT_CH,
+};
+
+typedef struct RCMTState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint16_t cmstr;
+uint16_t cmcr[CMT_CH];
+uint16_t cmcnt[CMT_CH];
+uint16_t cmcor[CMT_CH];
+int64_t tick[CMT_CH];
+qemu_irq cmi[CMT_CH];
+QEMUTimer *timer[CMT_CH];
+} RCMTState;
+
+#endif
diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
new file mode 100644
index 00..5787004c74
--- /dev/null
+++ b/include/hw/timer/renesas_tmr.h
@@ -0,0 +1,53 @@
+/*
+ * Renesas 8bit timer Object
+ *
+ * Copyright (c) 2018 Yoshinori Sato
+ *
+ * This code is licensed under the GPL version 2 or later.
+ *
+ */
+
+#ifndef HW_RENESAS_TMR_H
+#define HW_RENESAS_TMR_H
+
+#include "hw/sysbus.h"
+
+#define TYPE_RENESAS_TMR "renesas-tmr"
+#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
+
+enum timer_event {
+cmia = 0,
+cmib = 1,
+ovi = 2,
+none = 3,
+TMR_NR_EVENTS = 4
+};
+
+enum {
+TMR_CH = 2,
+TMR_NR_IRQ = 3 * TMR_CH,
+};
+
+typedef struct RTMRState {
+SysBusDevice parent_obj;
+
+uint64_t input_freq;
+MemoryRegion memory;
+
+uint8_t tcnt[TMR_CH];
+uint8_t tcora[TMR_CH];
+uint8_t tcorb[TMR_CH];
+uint8_t tcr[TMR_CH];
+uint8_t tccr[TMR_CH];
+uint8_t tcor[TMR_CH];
+uint8_t tcsr[TMR_CH];
+int64_t tick;
+int64_t div_round[TMR_CH];
+enum timer_event next[TMR_CH];
+qemu_irq cmia[TMR_CH];
+qemu_irq cmib[TMR_CH];
+qemu_irq ovi[TMR_CH];
+QEMUTimer *timer[TMR_CH];
+} RTMRState;
+
+#endif
diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
new file mode 100644
index 00..a2a2b92055
--- /dev/null
+++ b/hw/timer/renesas_cmt.c
@@ -0,0 +1,275 @@
+/*
+ * Renesas 16bit Compare-match timer
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/timer/renesas_cmt.h"
+#include "qemu/error-report.h"
+
+/*
+ *  +0 CMSTR - common control
+ *  +2 CMCR  - ch0
+ *  +4 CMCNT - ch0
+ *  +6 CMCOR - ch0
+ *  +8 CMCR  - ch1
+ * +10 CMCNT - ch1
+ * +12 CMCOR - ch1
+ * If we think that the address of CH 0 has an offset of +2,
+ * we can treat it with the same address as CH 1, so define it like that.
+ */
+REG16(CMSTR, 0)
+  FIELD(CMSTR, STR0, 0, 1)
+  FIELD(CMSTR, STR1, 1, 1)
+  FIELD(CMSTR, STR,  0, 2)
+/* This addeess is channel offset */
+REG16(CMCR, 0)
+  FIELD(CMCR, CKS, 0, 2)
+  FIELD(CMCR, CMIE, 6, 1)
+REG16(CMCNT, 2)
+REG16(CMCOR, 4)
+
+static void update_events(RCMTS

[Qemu-devel] [PATCH v20 09/24] target/rx: Use prt_ldmi for XCHG_mr disassembly

[Yoshinori Sato]

From: Richard Henderson 

Note that the ld == 3 case handled by prt_ldmi is decoded as
XCHG_rr and cannot appear here.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-21-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 515b365528..db10385fd0 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -366,13 +366,7 @@ static bool trans_XCHG_rr(DisasContext *ctx, arg_XCHG_rr 
*a)
 /* xchg dsp[rs].,rd */
 static bool trans_XCHG_mr(DisasContext *ctx, arg_XCHG_mr *a)
 {
-static const char msize[][4] = {
-"b", "w", "l", "ub", "uw",
-};
-char dsp[8];
-
-rx_index_addr(ctx, dsp, a->ld, a->mi);
-prt("xchg\t%s[r%d].%s, r%d", dsp, a->rs, msize[a->mi], a->rd);
+prt_ldmi(ctx, "xchg", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
-- 
2.11.0

[Qemu-devel] [PATCH v20 11/24] target/rx: Collect all bytes during disassembly

[Yoshinori Sato]

From: Richard Henderson 

Collected, to be used in the next patch.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-23-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 62 +--
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index ebc1a44249..5a32a87534 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -25,43 +25,59 @@ typedef struct DisasContext {
 disassemble_info *dis;
 uint32_t addr;
 uint32_t pc;
+uint8_t len;
+uint8_t bytes[8];
 } DisasContext;
 
 
 static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
-   int i, int n)
+  int i, int n)
 {
-bfd_byte buf;
+uint32_t addr = ctx->addr;
+
+g_assert(ctx->len == i);
+g_assert(n <= ARRAY_SIZE(ctx->bytes));
+
 while (++i <= n) {
-ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
-insn |= buf << (32 - i * 8);
+ctx->dis->read_memory_func(addr++, &ctx->bytes[i - 1], 1, ctx->dis);
+insn |= ctx->bytes[i - 1] << (32 - i * 8);
 }
+ctx->addr = addr;
+ctx->len = n;
+
 return insn;
 }
 
 static int32_t li(DisasContext *ctx, int sz)
 {
-int32_t addr;
-bfd_byte buf[4];
-addr = ctx->addr;
+uint32_t addr = ctx->addr;
+uintptr_t len = ctx->len;
 
 switch (sz) {
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-return (int8_t)buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+return (int8_t)ctx->bytes[len];
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-return ldsw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+return ldsw_le_p(ctx->bytes + len);
 case 3:
+g_assert(len + 3 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 3;
-ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
-return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+ctx->len += 3;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 3, ctx->dis);
+return (int8_t)ctx->bytes[len + 2] << 16 | lduw_le_p(ctx->bytes + len);
 case 0:
+g_assert(len + 4 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 4;
-ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
-return ldl_le_p(buf);
+ctx->len += 4;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 4, ctx->dis);
+return ldl_le_p(ctx->bytes + len);
 default:
 g_assert_not_reached();
 }
@@ -110,7 +126,7 @@ static const char psw[] = {
 static void rx_index_addr(DisasContext *ctx, char out[8], int ld, int mi)
 {
 uint32_t addr = ctx->addr;
-uint8_t buf[2];
+uintptr_t len = ctx->len;
 uint16_t dsp;
 
 switch (ld) {
@@ -119,14 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 out[0] = '\0';
 return;
 case 1:
+g_assert(len + 1 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 1;
-ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
-dsp = buf[0];
+ctx->len += 1;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 1, ctx->dis);
+dsp = ctx->bytes[len];
 break;
 case 2:
+g_assert(len + 2 <= ARRAY_SIZE(ctx->bytes));
 ctx->addr += 2;
-ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
-dsp = lduw_le_p(buf);
+ctx->len += 2;
+ctx->dis->read_memory_func(addr, ctx->bytes + len, 2, ctx->dis);
+dsp = lduw_le_p(ctx->bytes + len);
 break;
 default:
 g_assert_not_reached();
@@ -1392,8 +1412,10 @@ int print_insn_rx(bfd_vma addr, disassemble_info *dis)
 DisasContext ctx;
 uint32_t insn;
 int i;
+
 ctx.dis = dis;
 ctx.pc = ctx.addr = addr;
+ctx.len = 0;
 
 insn = decode_load(&ctx);
 if (!decode(&ctx, insn)) {
-- 
2.11.0

[Qemu-devel] [PATCH v20 21/24] hw/registerfields.h: Add 8bit and 16bit register macros

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Some RX peripheral using 8bit and 16bit registers.
Added 8bit and 16bit APIs.

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-11-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index 2659a58737..a0bb0654d6 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -22,6 +22,14 @@
 enum { A_ ## reg = (addr) };  \
 enum { R_ ## reg = (addr) / 4 };
 
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };
+
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };
+
 /* Define SHIFT, LENGTH and MASK constants for a field within a register */
 
 /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and R_FOO_BAR_LENGTH
@@ -34,6 +42,12 @@
 MAKE_64BIT_MASK(shift, length)};
 
 /* Extract a field from a register */
+#define FIELD_EX8(storage, reg, field)\
+extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_EX16(storage, reg, field)   \
+extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
 #define FIELD_EX32(storage, reg, field)   \
 extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
@@ -49,6 +63,22 @@
  * Assigning values larger then the target field will result in
  * compilation warnings.
  */
+#define FIELD_DP8(storage, reg, field, val) ({\
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint8_t d;\
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
+#define FIELD_DP16(storage, reg, field, val) ({   \
+struct {  \
+unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
+} v = { .v = val };   \
+uint16_t d;   \
+d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
+d; })
 #define FIELD_DP32(storage, reg, field, val) ({   \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
@@ -57,7 +87,7 @@
 d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
 d; })
-#define FIELD_DP64(storage, reg, field, val) ({   \
+#define FIELD_DP64(storage, reg, field, val) ({ \
 struct {  \
 unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
 } v = { .v = val };   \
-- 
2.11.0

[Qemu-devel] [PATCH v20 06/24] target/rx: RX disassembler

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-5-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
---
 include/disas/dis-asm.h |5 +
 target/rx/disas.c   | 1480 +++
 2 files changed, 1485 insertions(+)
 create mode 100644 target/rx/disas.c

diff --git a/include/disas/dis-asm.h b/include/disas/dis-asm.h
index e9c7dd8eb4..a900bd0a27 100644
--- a/include/disas/dis-asm.h
+++ b/include/disas/dis-asm.h
@@ -226,6 +226,10 @@ enum bfd_architecture
 #define bfd_mach_nios2r22
   bfd_arch_lm32,   /* Lattice Mico32 */
 #define bfd_mach_lm32 1
+  bfd_arch_rx,   /* Renesas RX */
+#define bfd_mach_rx0x75
+#define bfd_mach_rx_v2 0x76
+#define bfd_mach_rx_v3 0x77
   bfd_arch_last
   };
 #define bfd_mach_s390_31 31
@@ -433,6 +437,7 @@ int print_insn_little_nios2 (bfd_vma, 
disassemble_info*);
 int print_insn_xtensa   (bfd_vma, disassemble_info*);
 int print_insn_riscv32  (bfd_vma, disassemble_info*);
 int print_insn_riscv64  (bfd_vma, disassemble_info*);
+int print_insn_rx(bfd_vma, disassemble_info *);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
diff --git a/target/rx/disas.c b/target/rx/disas.c
new file mode 100644
index 00..8cada4825d
--- /dev/null
+++ b/target/rx/disas.c
@@ -0,0 +1,1480 @@
+/*
+ * Renesas RX Disassembler
+ *
+ * Copyright (c) 2019 Yoshinori Sato 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "disas/dis-asm.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+
+typedef struct DisasContext {
+disassemble_info *dis;
+uint32_t addr;
+uint32_t pc;
+} DisasContext;
+
+
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+bfd_byte buf;
+while (++i <= n) {
+ctx->dis->read_memory_func(ctx->addr++, &buf, 1, ctx->dis);
+insn |= buf << (32 - i * 8);
+}
+return insn;
+}
+
+static int32_t li(DisasContext *ctx, int sz)
+{
+int32_t addr;
+bfd_byte buf[4];
+addr = ctx->addr;
+
+switch (sz) {
+case 1:
+ctx->addr += 1;
+ctx->dis->read_memory_func(addr, buf, 1, ctx->dis);
+return (int8_t)buf[0];
+case 2:
+ctx->addr += 2;
+ctx->dis->read_memory_func(addr, buf, 2, ctx->dis);
+return ldsw_le_p(buf);
+case 3:
+ctx->addr += 3;
+ctx->dis->read_memory_func(addr, buf, 3, ctx->dis);
+return (int8_t)buf[2] << 16 | lduw_le_p(buf);
+case 0:
+ctx->addr += 4;
+ctx->dis->read_memory_func(addr, buf, 4, ctx->dis);
+return ldl_le_p(buf);
+default:
+g_assert_not_reached();
+}
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder.  */
+#include "decode.inc.c"
+
+#define prt(...) (ctx->dis->fprintf_func)((ctx->dis->stream), __VA_ARGS__)
+
+#define RX_MEMORY_BYTE 0
+#define RX_MEMORY_WORD 1
+#define RX_MEMORY_LONG 2
+
+#define RX_IM_BYTE 0
+#define RX_IM_WORD 1
+#define RX_IM_LONG 2
+#define RX_IM_UWORD 3
+
+static const char size[] = {'b', 'w', 'l'};
+static const char cond[][4] = {
+"eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
+"ge", "lt", "gt", "le", "o", "no", "ra", "f"
+};
+static const char psw[] = {
+'c', 'z', 's', 'o', 0, 0, 0, 0,
+'i', 'u', 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t rx_index_addr(int ld, int size, DisasContext *ctx)
+{
+bfd_byte buf[2];
+switch (ld) {
+case 0:
+return 0;
+case 1:
+ctx->dis->read_memory_func(ctx->addr, buf, 1, ctx->dis);
+ctx->addr += 1;
+return ((uint8_t)buf[0]) << size;
+case 2:
+ctx->dis->read_memory_func(ctx->addr, buf, 2, ctx->dis);
+ctx->addr += 2;
+return lduw_le_p(buf) << size;
+}
+g_assert_not_reached();
+}
+
+static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+{
+int dsp;
+static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
+if (ld < 3) {
+switch (mi) {
+case 4:
+/* dsp[rs].ub */
+dsp = rx_index_addr(ld, R

[Qemu-devel] [PATCH v20 08/24] target/rx: Replace operand with prt_ldmi in disassembler

[Yoshinori Sato]

From: Richard Henderson 

This has consistency with prt_ri().  It loads all data before
beginning output.  It uses exactly one call to prt() to emit
the full instruction.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Yoshinori Sato 
Message-Id: <20190607091116.49044-20-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/disas.c | 77 +++
 1 file changed, 27 insertions(+), 50 deletions(-)

diff --git a/target/rx/disas.c b/target/rx/disas.c
index 64342537ee..515b365528 100644
--- a/target/rx/disas.c
+++ b/target/rx/disas.c
@@ -135,18 +135,18 @@ static void rx_index_addr(DisasContext *ctx, char out[8], 
int ld, int mi)
 sprintf(out, "%u", dsp << (mi < 3 ? mi : 4 - mi));
 }
 
-static void operand(DisasContext *ctx, int ld, int mi, int rs, int rd)
+static void prt_ldmi(DisasContext *ctx, const char *insn,
+ int ld, int mi, int rs, int rd)
 {
 static const char sizes[][4] = {".b", ".w", ".l", ".uw", ".ub"};
 char dsp[8];
 
 if (ld < 3) {
 rx_index_addr(ctx, dsp, ld, mi);
-prt("%s[r%d]%s", dsp, rs, sizes[mi]);
+prt("%s\t%s[r%d]%s, r%d", insn, dsp, rs, sizes[mi], rd);
 } else {
-prt("r%d", rs);
+prt("%s\tr%d, r%d", insn, rs, rd);
 }
-prt(", r%d", rd);
 }
 
 static void prt_ir(DisasContext *ctx, const char *insn, int imm, int rd)
@@ -416,8 +416,7 @@ static bool trans_AND_ir(DisasContext *ctx, arg_AND_ir *a)
 /* and rs,rd */
 static bool trans_AND_mr(DisasContext *ctx, arg_AND_mr *a)
 {
-prt("and\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "and", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -440,8 +439,7 @@ static bool trans_OR_ir(DisasContext *ctx, arg_OR_ir *a)
 /* or rs,rd */
 static bool trans_OR_mr(DisasContext *ctx, arg_OR_mr *a)
 {
-prt("or\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "or", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -463,8 +461,7 @@ static bool trans_XOR_ir(DisasContext *ctx, arg_XOR_ir *a)
 /* xor rs,rd */
 static bool trans_XOR_mr(DisasContext *ctx, arg_XOR_mr *a)
 {
-prt("xor\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "xor", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -479,8 +476,7 @@ static bool trans_TST_ir(DisasContext *ctx, arg_TST_ir *a)
 /* tst rs, rd */
 static bool trans_TST_mr(DisasContext *ctx, arg_TST_mr *a)
 {
-prt("tst\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "tst", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -548,8 +544,7 @@ static bool trans_ADD_irr(DisasContext *ctx, arg_ADD_irr *a)
 /* add dsp[rs], rd */
 static bool trans_ADD_mr(DisasContext *ctx, arg_ADD_mr *a)
 {
-prt("add\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "add", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -573,8 +568,7 @@ static bool trans_CMP_ir(DisasContext *ctx, arg_CMP_ir *a)
 /* cmp dsp[rs], rs2 */
 static bool trans_CMP_mr(DisasContext *ctx, arg_CMP_mr *a)
 {
-prt("cmp\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "cmp", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -589,8 +583,7 @@ static bool trans_SUB_ir(DisasContext *ctx, arg_SUB_ir *a)
 /* sub dsp[rs], rd */
 static bool trans_SUB_mr(DisasContext *ctx, arg_SUB_mr *a)
 {
-prt("sub\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "sub", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -611,8 +604,7 @@ static bool trans_SBB_rr(DisasContext *ctx, arg_SBB_rr *a)
 /* sbb dsp[rs], rd */
 static bool trans_SBB_mr(DisasContext *ctx, arg_SBB_mr *a)
 {
-prt("sbb\t");
-operand(ctx, a->ld, RX_IM_LONG, a->rs, a->rd);
+prt_ldmi(ctx, "sbb", a->ld, RX_IM_LONG, a->rs, a->rd);
 return true;
 }
 
@@ -640,8 +632,7 @@ static bool trans_MAX_ir(DisasContext *ctx, arg_MAX_ir *a)
 /* max dsp[rs], rd */
 static bool trans_MAX_mr(DisasContext *ctx, arg_MAX_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "max", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -656,8 +647,7 @@ static bool trans_MIN_ir(DisasContext *ctx, arg_MIN_ir *a)
 /* min dsp[rs], rd */
 static bool trans_MIN_mr(DisasContext *ctx, arg_MIN_mr *a)
 {
-prt("max\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "min", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -673,8 +663,7 @@ static bool trans_MUL_ir(DisasContext *ctx, arg_MUL_ir *a)
 /* mul dsp[rs], rd */
 static bool trans_MUL_mr(DisasContext *ctx, arg_MUL_mr *a)
 {
-prt("mul\t");
-operand(ctx, a->ld, a->mi, a->rs, a->rd);
+prt_ldmi(ctx, "mul", a->ld, a->mi, a->rs, a->rd);
 return true;
 }
 
@@ -696,8 +685,7 @@ static bool trans_EMUL_ir(DisasContext *ctx, arg_EMUL_ir *a)
 /* emul dsp[rs], rd */
 static bool trans_EMUL_mr(DisasCont

[Qemu-devel] [PATCH v20 24/24] BootLinuxConsoleTest: Test the RX-Virt machine

[Yoshinori Sato]

From: Philippe Mathieu-Daudé 

Add two tests for the rx-virt machine, based on the recommended test
setup from Yoshinori Sato:
https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03586.html

- U-Boot prompt
- Linux kernel with Sash shell

These are very quick tests:

  $ avocado run -t arch:rx tests/acceptance/boot_linux_console.py
  JOB ID : 84a6ef01c0b87975ecbfcb31a920afd735753ace
  JOB LOG: 
/home/phil/avocado/job-results/job-2019-05-24T05.02-84a6ef0/job.log
   (1/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_uboot: 
PASS (0.11 s)
   (2/2) tests/acceptance/boot_linux_console.py:BootLinuxConsole.test_rx_linux: 
PASS (0.45 s)
  RESULTS: PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | 
CANCEL 0

Tests can also be run with:

  $ avocado --show=console run -t arch:rx tests/acceptance/boot_linux_console.py
  console: U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty (Feb 05 2019 - 21:56:06 
+0900)
  console: Linux version 4.19.0+ (yo-satoh@yo-satoh-debian) (gcc version 9.0.0 
20181105 (experimental) (GCC)) #137 Wed Feb 20 23:20:02 JST 2019
  console: Built 1 zonelists, mobility grouping on.  Total pages: 8128
  ...
  console: SuperH (H)SCI(F) driver initialized
  console: 88240.serial: ttySC0 at MMIO 0x88240 (irq = 215, base_baud = 0) is a 
sci
  console: console [ttySC0] enabled
  console: 88248.serial: ttySC1 at MMIO 0x88248 (irq = 219, base_baud = 0) is a 
sci

Signed-off-by: Philippe Mathieu-Daudé 
---
Based-on: 20190517045136.3509-1-richard.hender...@linaro.org
"RX architecture support"

Signed-off-by: Yoshinori Sato 
---
 tests/acceptance/boot_linux_console.py | 46 ++
 1 file changed, 46 insertions(+)

diff --git a/tests/acceptance/boot_linux_console.py 
b/tests/acceptance/boot_linux_console.py
index 32159503e9..19aab894d1 100644
--- a/tests/acceptance/boot_linux_console.py
+++ b/tests/acceptance/boot_linux_console.py
@@ -354,3 +354,49 @@ class BootLinuxConsole(Test):
 self.vm.launch()
 console_pattern = 'Kernel command line: %s' % kernel_command_line
 self.wait_for_console_pattern(console_pattern)
+
+def test_rx_uboot(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+uboot_url = ('https://acc.dl.osdn.jp/users/23/23888/u-boot.bin.gz')
+uboot_hash = '9b78dbd43b40b2526848c0b1ce9de02c24f4dcdb'
+uboot_path = self.fetch_asset(uboot_url, asset_hash=uboot_hash)
+uboot_path = archive.uncompress(uboot_path, self.workdir)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+self.vm.add_args('-bios', uboot_path,
+ '-no-reboot')
+self.vm.launch()
+uboot_version = 'U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty'
+self.wait_for_console_pattern(uboot_version)
+gcc_version = 'rx-unknown-linux-gcc (GCC) 9.0.0 20181105 
(experimental)'
+# FIXME limit baudrate on chardev, else we type too fast
+#self.exec_command_and_wait_for_pattern('version', gcc_version)
+
+def test_rx_linux(self):
+"""
+:avocado: tags=arch:rx
+:avocado: tags=machine:rx-virt
+:avocado: tags=endian:little
+"""
+dtb_url = ('https://acc.dl.osdn.jp/users/23/23887/rx-qemu.dtb')
+dtb_hash = '7b4e4e2c71905da44e86ce47adee2210b026ac18'
+dtb_path = self.fetch_asset(dtb_url, asset_hash=dtb_hash)
+kernel_url = ('http://acc.dl.osdn.jp/users/23/23845/zImage')
+kernel_hash = '39a81067f8d72faad90866ddfefa19165d68fc99'
+kernel_path = self.fetch_asset(kernel_url, asset_hash=kernel_hash)
+
+self.vm.set_machine('rx-virt')
+self.vm.set_console()
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 'earlycon'
+self.vm.add_args('-kernel', kernel_path,
+ '-dtb', dtb_path,
+ '-no-reboot')
+self.vm.launch()
+self.wait_for_console_pattern('Sash command shell (version 1.1.1)')
+self.exec_command_and_wait_for_pattern('printenv',
+   'TERM=linux')
-- 
2.11.0

[Qemu-devel] [PATCH v20 16/24] hw/rx: RX Target hardware definition

[Yoshinori Sato]

rx62n - RX62N cpu.
rx-virt - RX QEMU virtual target.

Signed-off-by: Yoshinori Sato 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-9-ys...@users.sourceforge.jp>
Signed-off-by: Richard Henderson 
[PMD: Use TYPE_RX62N_CPU, use #define for RX62N_NR_TMR/CMT/SCI,
 renamed CPU -> MCU, device -> microcontroller]
Signed-off-by: Philippe Mathieu-Daudé 
---
v19: Fixed typo (Peter Maydell)

Signed-off-by: Yoshinori Sato 
---
 include/hw/rx/rx.h|   7 ++
 include/hw/rx/rx62n.h |  91 +++
 hw/rx/rx-virt.c   | 105 ++
 hw/rx/rx62n.c | 238 ++
 hw/rx/Kconfig |  14 +++
 hw/rx/Makefile.objs   |   2 +
 6 files changed, 457 insertions(+)
 create mode 100644 include/hw/rx/rx.h
 create mode 100644 include/hw/rx/rx62n.h
 create mode 100644 hw/rx/rx-virt.c
 create mode 100644 hw/rx/rx62n.c
 create mode 100644 hw/rx/Kconfig
 create mode 100644 hw/rx/Makefile.objs

diff --git a/include/hw/rx/rx.h b/include/hw/rx/rx.h
new file mode 100644
index 00..ff5924b81f
--- /dev/null
+++ b/include/hw/rx/rx.h
@@ -0,0 +1,7 @@
+#ifndef QEMU_RX_H
+#define QEMU_RX_H
+/* Definitions for RX board emulation.  */
+
+#include "target/rx/cpu-qom.h"
+
+#endif
diff --git a/include/hw/rx/rx62n.h b/include/hw/rx/rx62n.h
new file mode 100644
index 00..97ea8ddb8e
--- /dev/null
+++ b/include/hw/rx/rx62n.h
@@ -0,0 +1,91 @@
+/*
+ * RX62N MCU Object
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_RX_RX62N_H
+#define HW_RX_RX62N_H
+
+#include "hw/sysbus.h"
+#include "hw/intc/rx_icu.h"
+#include "hw/timer/renesas_tmr.h"
+#include "hw/timer/renesas_cmt.h"
+#include "hw/char/renesas_sci.h"
+#include "target/rx/cpu.h"
+#include "qemu/units.h"
+
+#define TYPE_RX62N "rx62n"
+#define RX62N(obj) OBJECT_CHECK(RX62NState, (obj), TYPE_RX62N)
+
+#define RX62N_NR_TMR2
+#define RX62N_NR_CMT2
+#define RX62N_NR_SCI6
+
+typedef struct RX62NState {
+SysBusDevice parent_obj;
+
+RXCPU cpu;
+RXICUState icu;
+RTMRState tmr[RX62N_NR_TMR];
+RCMTState cmt[RX62N_NR_CMT];
+RSCIState sci[RX62N_NR_SCI];
+
+MemoryRegion *sysmem;
+bool kernel;
+
+MemoryRegion iram;
+MemoryRegion iomem1;
+MemoryRegion d_flash;
+MemoryRegion iomem2;
+MemoryRegion iomem3;
+MemoryRegion c_flash;
+qemu_irq irq[NR_IRQS];
+} RX62NState;
+
+/*
+ * RX62N Peripheral Address
+ * See users manual section 5
+ */
+#define RX62N_ICUBASE 0x00087000
+#define RX62N_TMRBASE 0x00088200
+#define RX62N_CMTBASE 0x00088000
+#define RX62N_SCIBASE 0x00088240
+
+/*
+ * RX62N Peripheral IRQ
+ * See users manual section 11
+ */
+#define RX62N_TMR_IRQBASE 174
+#define RX62N_CMT_IRQBASE 28
+#define RX62N_SCI_IRQBASE 214
+
+/*
+ * RX62N Internal Memory
+ * It is the value of R5F562N8.
+ * Please change the size for R5F562N7.
+ */
+#define RX62N_IRAM_BASE 0x
+#define RX62N_IRAM_SIZE (96 * KiB)
+#define RX62N_DFLASH_BASE 0x0010
+#define RX62N_DFLASH_SIZE (32 * KiB)
+#define RX62N_CFLASH_BASE 0xfff8
+#define RX62N_CFLASH_SIZE (512 * KiB)
+
+#define RX62N_PCLK (48 * 1000 * 1000)
+#endif
diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
new file mode 100644
index 00..ed0a3a1da0
--- /dev/null
+++ b/hw/rx/rx-virt.c
@@ -0,0 +1,105 @@
+/*
+ * RX QEMU virtual platform
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/loader.h"
+#include "hw/rx/rx62n.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/qtest.h"
+#include 

[Qemu-devel] [PATCH v20 01/24] target/rx: TCG translation

[Yoshinori Sato]

This part only supported RXv1 instructions.
Instruction manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01us0032ej0120_rxsm.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-2-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/rx/translate.c   | 2432 +++
 target/rx/Makefile.objs |   12 +
 target/rx/insns.decode  |  621 
 3 files changed, 3065 insertions(+)
 create mode 100644 target/rx/translate.c
 create mode 100644 target/rx/Makefile.objs
 create mode 100644 target/rx/insns.decode

diff --git a/target/rx/translate.c b/target/rx/translate.c
new file mode 100644
index 00..3765ea0895
--- /dev/null
+++ b/target/rx/translate.c
@@ -0,0 +1,2432 @@
+/*
+ *  RX translation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bswap.h"
+#include "qemu/qemu-print.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+#include "exec/helper-gen.h"
+#include "exec/translator.h"
+#include "trace-tcg.h"
+#include "exec/log.h"
+
+typedef struct DisasContext {
+DisasContextBase base;
+CPURXState *env;
+uint32_t pc;
+} DisasContext;
+
+typedef struct DisasCompare {
+TCGv value;
+TCGv temp;
+TCGCond cond;
+} DisasCompare;
+
+const char rx_crname[][6] = {
+"psw", "pc", "usp", "fpsw", "", "", "", "",
+"bpsw", "bpc", "isp", "fintv", "intb", "", "", "",
+};
+
+/* Target-specific values for dc->base.is_jmp.  */
+#define DISAS_JUMPDISAS_TARGET_0
+#define DISAS_UPDATE  DISAS_TARGET_1
+#define DISAS_EXITDISAS_TARGET_2
+
+/* global register indexes */
+static TCGv cpu_regs[16];
+static TCGv cpu_psw_o, cpu_psw_s, cpu_psw_z, cpu_psw_c;
+static TCGv cpu_psw_i, cpu_psw_pm, cpu_psw_u, cpu_psw_ipl;
+static TCGv cpu_usp, cpu_fpsw, cpu_bpsw, cpu_bpc, cpu_isp;
+static TCGv cpu_fintv, cpu_intb, cpu_pc;
+static TCGv_i64 cpu_acc;
+
+#define cpu_sp cpu_regs[0]
+
+#include "exec/gen-icount.h"
+
+/* decoder helper */
+static uint32_t decode_load_bytes(DisasContext *ctx, uint32_t insn,
+   int i, int n)
+{
+while (++i <= n) {
+uint8_t b = cpu_ldub_code(ctx->env, ctx->base.pc_next++);
+insn |= b << (32 - i * 8);
+}
+return insn;
+}
+
+static uint32_t li(DisasContext *ctx, int sz)
+{
+int32_t tmp, addr;
+CPURXState *env = ctx->env;
+addr = ctx->base.pc_next;
+
+tcg_debug_assert(sz < 4);
+switch (sz) {
+case 1:
+ctx->base.pc_next += 1;
+return cpu_ldsb_code(env, addr);
+case 2:
+ctx->base.pc_next += 2;
+return cpu_ldsw_code(env, addr);
+case 3:
+ctx->base.pc_next += 3;
+tmp = cpu_ldsb_code(env, addr + 2) << 16;
+tmp |= cpu_lduw_code(env, addr) & 0x;
+return tmp;
+case 0:
+ctx->base.pc_next += 4;
+return cpu_ldl_code(env, addr);
+}
+return 0;
+}
+
+static int bdsp_s(DisasContext *ctx, int d)
+{
+/*
+ * 0 -> 8
+ * 1 -> 9
+ * 2 -> 10
+ * 3 -> 3
+ * :
+ * 7 -> 7
+ */
+if (d < 3) {
+d += 8;
+}
+return d;
+}
+
+/* Include the auto-generated decoder. */
+#include "decode.inc.c"
+
+void rx_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int i;
+uint32_t psw;
+
+psw = rx_cpu_pack_psw(env);
+qemu_fprintf(f, "pc=0x%08x psw=0x%08x\n",
+ env->pc, psw);
+for (i = 0; i < 16; i += 4) {
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->regs[i], i + 1, env->regs[i + 1],
+ i + 2, env->regs[i + 2], i + 3, env->regs[i + 3]);
+}
+}
+
+static bool use_goto_tb(DisasContext *dc, target_ulong dest)
+{
+if (unlikely(dc->base.singlestep_enabled)) {
+return false;
+} else {
+return true;
+}
+}
+
+static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
+{
+if (use_goto_tb(dc, dest)) {
+tcg_gen_goto_tb(n);
+tcg_gen_movi_i32(cpu_pc, dest);
+tcg_gen_exit_tb(dc->base.tb, n);
+} else {
+tcg_gen_movi_i32(cpu_pc, dest)

[Qemu-devel] [PATCH v20 02/24] target/rx: TCG helper

[Yoshinori Sato]

Signed-off-by: Yoshinori Sato 
Reviewed-by: Richard Henderson 
Message-Id: <20190607091116.49044-3-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
[PMD: Removed tlb_fill, extracted from patch of Yoshinori Sato
 'Convert to CPUClass::tlb_fill']
Signed-off-by: Philippe Mathieu-Daudé 

Signed-off-by: Yoshinori Sato 
---
 target/rx/helper.h|  31 
 target/rx/helper.c| 148 
 target/rx/op_helper.c | 470 ++
 3 files changed, 649 insertions(+)
 create mode 100644 target/rx/helper.h
 create mode 100644 target/rx/helper.c
 create mode 100644 target/rx/op_helper.c

diff --git a/target/rx/helper.h b/target/rx/helper.h
new file mode 100644
index 00..f0b7ebbbf7
--- /dev/null
+++ b/target/rx/helper.h
@@ -0,0 +1,31 @@
+DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
+DEF_HELPER_1(raise_access_fault, noreturn, env)
+DEF_HELPER_1(raise_privilege_violation, noreturn, env)
+DEF_HELPER_1(wait, noreturn, env)
+DEF_HELPER_1(debug, noreturn, env)
+DEF_HELPER_2(rxint, noreturn, env, i32)
+DEF_HELPER_1(rxbrk, noreturn, env)
+DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
+DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
+DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
+DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
+DEF_HELPER_2(set_fpsw, void, env, i32)
+DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(pack_psw, i32, env)
+DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
+DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_1(smovu, void, env)
+DEF_HELPER_1(smovf, void, env)
+DEF_HELPER_1(smovb, void, env)
+DEF_HELPER_2(sstr, void, env, i32)
+DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_1(satr, void, env)
diff --git a/target/rx/helper.c b/target/rx/helper.c
new file mode 100644
index 00..1dae74eae7
--- /dev/null
+++ b/target/rx/helper.c
@@ -0,0 +1,148 @@
+/*
+ *  RX emulation
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/cpu_ldst.h"
+#include "sysemu/sysemu.h"
+
+void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
+{
+if (env->psw_pm == 0) {
+env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
+if (rte) {
+/* PSW.PM can write RTE and RTFI */
+env->psw_pm = FIELD_EX32(psw, PSW, PM);
+}
+env->psw_u = FIELD_EX32(psw, PSW, U);
+env->psw_i = FIELD_EX32(psw, PSW, I);
+}
+env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
+env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
+env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
+env->psw_c = FIELD_EX32(psw, PSW, C);
+}
+
+#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
+void rx_cpu_do_interrupt(CPUState *cs)
+{
+RXCPU *cpu = RXCPU(cs);
+CPURXState *env = &cpu->env;
+int do_irq = cs->interrupt_request & INT_FLAGS;
+uint32_t save_psw;
+
+env->in_sleep = 0;
+
+if (env->psw_u) {
+env->usp = env->regs[0];
+} else {
+env->isp = env->regs[0];
+}
+save_psw = rx_cpu_pack_psw(env);
+env->psw_pm = env->psw_i = env->psw_u = 0;
+
+if (do_irq) {
+if (do_irq & CPU_INTERRUPT_FIR) {
+env->bpc = env->pc;
+env->bpsw = save_psw;
+env->pc = env->fintv;
+env->psw_ipl = 15;
+cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
+qemu_set_irq(env->ack, env->ack_irq);
+qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
+} else if (do_irq & CPU_INTERRUPT_HARD) {
+env->isp -= 4;
+cpu_stl_all(env, env->isp, save_psw);
+env->isp -= 4;
+  

[Qemu-devel] [PATCH v20 13/24] hw/intc: RX62N interrupt controller (ICUa)

[Yoshinori Sato]

This implementation supported only ICUa.
Hardware manual.
https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf

Signed-off-by: Yoshinori Sato 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190607091116.49044-6-ys...@users.sourceforge.jp>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 include/hw/intc/rx_icu.h |  56 +++
 hw/intc/rx_icu.c | 376 +++
 hw/intc/Kconfig  |   3 +
 hw/intc/Makefile.objs|   1 +
 4 files changed, 436 insertions(+)
 create mode 100644 include/hw/intc/rx_icu.h
 create mode 100644 hw/intc/rx_icu.c

diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
new file mode 100644
index 00..acfcf06aef
--- /dev/null
+++ b/include/hw/intc/rx_icu.h
@@ -0,0 +1,56 @@
+#ifndef RX_ICU_H
+#define RX_ICU_H
+
+#include "qemu-common.h"
+#include "hw/irq.h"
+
+enum TRG_MODE {
+TRG_LEVEL = 0,
+TRG_NEDGE = 1,  /* Falling */
+TRG_PEDGE = 2,  /* Raising */
+TRG_BEDGE = 3,  /* Both */
+};
+
+struct IRQSource {
+enum TRG_MODE sense;
+int level;
+};
+
+enum {
+/* Software interrupt request */
+SWI = 27,
+NR_IRQS = 256,
+};
+
+struct RXICUState {
+SysBusDevice parent_obj;
+
+MemoryRegion memory;
+struct IRQSource src[NR_IRQS];
+char *icutype;
+uint32_t nr_irqs;
+uint32_t *map;
+uint32_t nr_sense;
+uint32_t *init_sense;
+
+uint8_t ir[NR_IRQS];
+uint8_t dtcer[NR_IRQS];
+uint8_t ier[NR_IRQS / 8];
+uint8_t ipr[142];
+uint8_t dmasr[4];
+uint16_t fir;
+uint8_t nmisr;
+uint8_t nmier;
+uint8_t nmiclr;
+uint8_t nmicr;
+int req_irq;
+qemu_irq _irq;
+qemu_irq _fir;
+qemu_irq _swi;
+};
+typedef struct RXICUState RXICUState;
+
+#define TYPE_RXICU "rx-icu"
+#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
+
+#endif /* RX_ICU_H */
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
new file mode 100644
index 00..cb28c7a8d2
--- /dev/null
+++ b/hw/intc/rx_icu.c
@@ -0,0 +1,376 @@
+/*
+ * RX Interrupt Control Unit
+ *
+ * Warning: Only ICUa is supported.
+ *
+ * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
+ * (Rev.1.40 R01UH0033EJ0140)
+ *
+ * Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "hw/hw.h"
+#include "hw/sysbus.h"
+#include "hw/registerfields.h"
+#include "hw/intc/rx_icu.h"
+#include "qemu/error-report.h"
+
+REG8(IR, 0)
+  FIELD(IR, IR,  0, 1)
+REG8(DTCER, 0x100)
+  FIELD(DTCER, DTCE,  0, 1)
+REG8(IER, 0x200)
+REG8(SWINTR, 0x2e0)
+  FIELD(SWINTR, SWINT, 0, 1)
+REG16(FIR, 0x2f0)
+  FIELD(FIR, FVCT, 0, 8)
+  FIELD(FIR, FIEN, 15, 1)
+REG8(IPR, 0x300)
+  FIELD(IPR, IPR, 0, 4)
+REG8(DMRSR, 0x400)
+REG8(IRQCR, 0x500)
+  FIELD(IRQCR, IRQMD, 2, 2)
+REG8(NMISR, 0x580)
+  FIELD(NMISR, NMIST, 0, 1)
+  FIELD(NMISR, LVDST, 1, 1)
+  FIELD(NMISR, OSTST, 2, 1)
+REG8(NMIER, 0x581)
+  FIELD(NMIER, NMIEN, 0, 1)
+  FIELD(NMIER, LVDEN, 1, 1)
+  FIELD(NMIER, OSTEN, 2, 1)
+REG8(NMICLR, 0x582)
+  FIELD(NMICLR, NMICLR, 0, 1)
+  FIELD(NMICLR, OSTCLR, 2, 1)
+REG8(NMICR, 0x583)
+  FIELD(NMICR, NMIMD, 3, 1)
+
+#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
+
+static void set_irq(RXICUState *icu, int n_IRQ, int req)
+{
+if ((icu->fir & R_FIR_FIEN_MASK) &&
+(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
+qemu_set_irq(icu->_fir, req);
+} else {
+qemu_set_irq(icu->_irq, req);
+}
+}
+
+static void rxicu_request(RXICUState *icu, int n_IRQ)
+{
+int enable;
+
+enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
+if (n_IRQ > 0 && enable != 0 && atomic_read(&icu->req_irq) < 0) {
+atomic_set(&icu->req_irq, n_IRQ);
+set_irq(icu, n_IRQ, request(icu, n_IRQ));
+}
+}
+
+static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
+{
+RXICUState *icu = opaque;
+struct IRQSource *src;
+int issue;
+
+if (n_IRQ >= NR_IRQS) {
+error_report("%s: IRQ %d out of range", __func__, n_IRQ);
+return;
+}
+
+src = &icu->src[n_IRQ];
+
+level = (level != 0);
+switch (src->sense) {
+case TRG_LEVEL:
+/* level-sensitive irq */
+issue = level;
+src->level = level;
+b

[Qemu-devel] [PATCH v20 04/24] target/rx: Follow the change of tcg.

[Yoshinori Sato]

Add cpu-param.h
Remove CPU_COMMON
Use env_cpu

Signed-off-by: Yoshinori Sato 
---
 target/rx/cpu-param.h | 31 +++
 target/rx/cpu.h   | 21 +
 target/rx/cpu.c   |  1 +
 target/rx/op_helper.c |  6 +++---
 4 files changed, 36 insertions(+), 23 deletions(-)
 create mode 100644 target/rx/cpu-param.h

diff --git a/target/rx/cpu-param.h b/target/rx/cpu-param.h
new file mode 100644
index 00..5da87fbebe
--- /dev/null
+++ b/target/rx/cpu-param.h
@@ -0,0 +1,31 @@
+/*
+ *  RX cpu parameters
+ *
+ *  Copyright (c) 2019 Yoshinori Sato
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef RX_CPU_PARAM_H
+#define RX_CPU_PARAM_H
+
+#define TARGET_LONG_BITS 32
+#define TARGET_PAGE_BITS 12
+
+#define TARGET_PHYS_ADDR_SPACE_BITS 32
+#define TARGET_VIRT_ADDR_SPACE_BITS 32
+
+#define NB_MMU_MODES 1
+#define MMU_MODE0_SUFFIX _all
+
+#endif
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
index 3e5f371f51..3f9c4fdd25 100644
--- a/target/rx/cpu.h
+++ b/target/rx/cpu.h
@@ -25,14 +25,8 @@
 #include "cpu-qom.h"
 #include "qom/cpu.h"
 
-#define TARGET_LONG_BITS 32
-#define TARGET_PAGE_BITS 12
-
 #include "exec/cpu-defs.h"
 
-#define TARGET_PHYS_ADDR_SPACE_BITS 32
-#define TARGET_VIRT_ADDR_SPACE_BITS 32
-
 /* PSW define */
 REG32(PSW, 0)
 FIELD(PSW, C, 0, 1)
@@ -69,9 +63,6 @@ FIELD(FPSW, FX, 30, 1)
 FIELD(FPSW, FLAGS, 26, 4)
 FIELD(FPSW, FS, 31, 1)
 
-#define NB_MMU_MODES 1
-#define MMU_MODE0_SUFFIX _all
-
 enum {
 NUM_REGS = 16,
 };
@@ -108,8 +99,6 @@ typedef struct CPURXState {
 uint32_t ack_ipl;   /* execute ipl */
 float_status fp_status;
 qemu_irq ack;   /* Interrupt acknowledge */
-
-CPU_COMMON
 } CPURXState;
 
 /*
@@ -123,19 +112,13 @@ struct RXCPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPURXState env;
 };
 
 typedef struct RXCPU RXCPU;
 typedef RXCPU ArchCPU;
 
-static inline RXCPU *rx_env_get_cpu(CPURXState *env)
-{
-return container_of(env, RXCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(rx_env_get_cpu(e))
-
 #define ENV_OFFSET offsetof(RXCPU, env)
 
 #define RX_CPU_TYPE_SUFFIX "-" TYPE_RX_CPU
@@ -156,8 +139,6 @@ int cpu_rx_signal_handler(int host_signum, void *pinfo,
void *puc);
 
 void rx_cpu_list(void);
-void rx_load_image(RXCPU *cpu, const char *filename,
-   uint32_t start, uint32_t size);
 void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte);
 
 #define cpu_signal_handler cpu_rx_signal_handler
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 4147c5c939..a6dde613ab 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -173,6 +173,7 @@ static void rx_cpu_init(Object *obj)
 RXCPU *cpu = RXCPU(obj);
 CPURXState *env = &cpu->env;
 
+cpu_set_cpustate_pointers(cpu);
 cs->env_ptr = env;
 qdev_init_gpio_in(DEVICE(cpu), rx_cpu_set_irq, 2);
 }
diff --git a/target/rx/op_helper.c b/target/rx/op_helper.c
index fb7ae3c3ec..f89d294f2b 100644
--- a/target/rx/op_helper.c
+++ b/target/rx/op_helper.c
@@ -421,7 +421,7 @@ uint32_t helper_divu(CPURXState *env, uint32_t num, 
uint32_t den)
 static inline void QEMU_NORETURN raise_exception(CPURXState *env, int index,
  uintptr_t retaddr)
 {
-CPUState *cs = CPU(rx_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = index;
 cpu_loop_exit_restore(cs, retaddr);
@@ -444,7 +444,7 @@ void QEMU_NORETURN 
helper_raise_illegal_instruction(CPURXState *env)
 
 void QEMU_NORETURN helper_wait(CPURXState *env)
 {
-CPUState *cs = CPU(rx_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->halted = 1;
 env->in_sleep = 1;
@@ -453,7 +453,7 @@ void QEMU_NORETURN helper_wait(CPURXState *env)
 
 void QEMU_NORETURN helper_debug(CPURXState *env)
 {
-CPUState *cs = CPU(rx_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = EXCP_DEBUG;
 cpu_loop_exit(cs);
-- 
2.11.0

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Type: series
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp -> 
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
233b18cbe7 BootLinuxConsoleTest: Test the RX-Virt machine
904297282a MAINTAINERS: Add RX
43952adb47 Add rx-softmmu
fb8cc7379b hw/registerfields.h: Add 8bit and 16bit register macros
300109d593 qemu/bitops.h: Add extract8 and extract16
298abac567 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
b836e3b146 hw/rx: Honor -accel qtest
781b6ec24c target/rx: Move rx_load_image to rx-virt.
9577f3d230 hw/rx: RX Target hardware definition
891f2de8d8 hw/char: RX62N serial communication interface (SCI)
3495206576 hw/timer: RX62N internal timer modules
a905f500b4 hw/intc: RX62N interrupt controller (ICUa)
ece449ed10 target/rx: Dump bytes for each insn during disassembly
b95c9bad6b target/rx: Collect all bytes during disassembly
3dff5695a3 target/rx: Emit all disassembly in one prt()
704fec54d9 target/rx: Use prt_ldmi for XCHG_mr disassembly
7396e2ece1 target/rx: Replace operand with prt_ldmi in disassembler
60b13915e5 target/rx: Disassemble rx_index_addr into a string
d41d01e403 target/rx: RX disassembler
85b88c8cd4 target/rx: simplify rx_cpu_class_by_name
376f2b05c3 target/rx: Follow the change of tcg.
d86020dcdb target/rx: CPU definition
014cc684fa target/rx: TCG helper
4c5f19b6e4 target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit 4c5f19b6e47c (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit 014cc684fafc (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit d86020dcdb96 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit 376f2b05c385 (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit 85b88c8cd4f0 (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit d41d01e40305 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit 60b13915e559 (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 7396e2ece1ed (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit 704fec54d904 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit 3dff5695a3a3 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit b95c9bad6bb6 (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit ece449ed1087 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit a905f500b42f (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 3495206576c5 (hw/timer: RX62N internal timer modules)
WARNING: added, moved or 

Re: [Qemu-devel] [RFC PATCH 0/2] target: Build with CONFIG_SEMIHOSTING disabled

[Aleksandar Markovic]

> Aleksandar: Can we use SEMIHOSTING on KVM MIPS?
>

You can assume the answer is no, we can't. But James Hogan, who maintains
MIPS KVM, may have different view, and his answer would override mine.

Yours,
Aleksandar

> For ARM Peter said:
>
> "semihosting hooks either SVC or HLT instructions, and inside
>  KVM both of those go to EL1, ie to the guest, and can't be
>  trapped to KVM."
>
> Thanks,
>
> Phil.
>

[Qemu-devel] [PATCH v3 1/2] x86/cpu: Add support for UMONITOR/UMWAIT/TPAUSE

[Tao Xu]

UMONITOR, UMWAIT and TPAUSE are a set of user wait instructions.
This patch adds support for user wait instructions in KVM. Availability
of the user wait instructions is indicated by the presence of the CPUID
feature flag WAITPKG CPUID.0x07.0x0:ECX[5]. User wait instructions may
be executed at any privilege level, and use IA32_UMWAIT_CONTROL MSR to
set the maximum time.

The patch enable the umonitor, umwait and tpause features in KVM.
Because umwait and tpause can put a (psysical) CPU into a power saving
state, by default we dont't expose it to kvm and enable it only when
guest CPUID has it. And use QEMU command-line "-overcommit cpu-pm=on"
(enable_cpu_pm is enabled), a VM can use UMONITOR, UMWAIT and TPAUSE
instructions. If the instruction causes a delay, the amount of time
delayed is called here the physical delay. The physical delay is first
computed by determining the virtual delay (the time to delay relative to
the VM’s timestamp counter). Otherwise, UMONITOR, UMWAIT and TPAUSE cause
an invalid-opcode exception(#UD).

The release document ref below link:
https://software.intel.com/sites/default/files/\
managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf

Co-developed-by: Jingqi Liu 
Signed-off-by: Jingqi Liu 
Signed-off-by: Tao Xu 
---

changes in v3:
Simplify the patches, expose user wait instructions when the guest
has CPUID (Paolo)
---
 target/i386/cpu.c | 3 ++-
 target/i386/cpu.h | 1 +
 target/i386/kvm.c | 4 
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fbed2eb804..0fb86c90db 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1060,7 +1060,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = 
{
 .type = CPUID_FEATURE_WORD,
 .feat_names = {
 NULL, "avx512vbmi", "umip", "pku",
-NULL /* ospke */, NULL, "avx512vbmi2", NULL,
+NULL /* ospke */, "waitpkg", "avx512vbmi2", NULL,
 "gfni", "vaes", "vpclmulqdq", "avx512vnni",
 "avx512bitalg", NULL, "avx512-vpopcntdq", NULL,
 "la57", NULL, NULL, NULL,
@@ -5222,6 +5222,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 host_cpuid(5, 0, &cpu->mwait.eax, &cpu->mwait.ebx,
&cpu->mwait.ecx, &cpu->mwait.edx);
 env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
+env->features[FEAT_7_0_ECX] |= CPUID_7_0_ECX_WAITPKG;
 }
 }
 
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 0732e059ec..2f7c57a3c2 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -670,6 +670,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_ECX_UMIP (1U << 2)
 #define CPUID_7_0_ECX_PKU  (1U << 3)
 #define CPUID_7_0_ECX_OSPKE(1U << 4)
+#define CPUID_7_0_ECX_WAITPKG  (1U << 5) /* UMONITOR/UMWAIT/TPAUSE 
Instructions */
 #define CPUID_7_0_ECX_VBMI2(1U << 6) /* Additional VBMI Instrs */
 #define CPUID_7_0_ECX_GFNI (1U << 8)
 #define CPUID_7_0_ECX_VAES (1U << 9)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6899061b4e..3efdb90f11 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -388,6 +388,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, 
uint32_t function,
 if (host_tsx_blacklisted()) {
 ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE);
 }
+} else if (function == 7 && index == 0 && reg == R_ECX) {
+if (enable_cpu_pm) {
+ret |= CPUID_7_0_ECX_WAITPKG;
+}
 } else if (function == 7 && index == 0 && reg == R_EDX) {
 /*
  * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM hosts.
-- 
2.20.1

[Qemu-devel] [PATCH v3 0/2] x86: Enable user wait instructions

[Tao Xu]

UMONITOR, UMWAIT and TPAUSE are a set of user wait instructions.

UMONITOR arms address monitoring hardware using an address. A store
to an address within the specified address range triggers the
monitoring hardware to wake up the processor waiting in umwait.

UMWAIT instructs the processor to enter an implementation-dependent
optimized state while monitoring a range of addresses. The optimized
state may be either a light-weight power/performance optimized state
(c0.1 state) or an improved power/performance optimized state
(c0.2 state).

TPAUSE instructs the processor to enter an implementation-dependent
optimized state c0.1 or c0.2 state and wake up when time-stamp counter
reaches specified timeout.

Availability of the user wait instructions is indicated by the presence
of the CPUID feature flag WAITPKG CPUID.0x07.0x0:ECX[5].

The patches enable the umonitor, umwait and tpause features in KVM.
Because umwait and tpause can put a (psysical) CPU into a power saving
state, by default we dont't expose it in kvm and provide a capability to
enable it. Use kvm capability to enable UMONITOR, UMWAIT and TPAUSE when
QEMU use "-overcommit cpu-pm=on, a VM can use UMONITOR, UMWAIT and TPAUSE
instructions. If the instruction causes a delay, the amount of time
delayed is called here the physical delay. The physical delay is first
computed by determining the virtual delay (the time to delay relative to
the VM’s timestamp counter). Otherwise, UMONITOR, UMWAIT and TPAUSE cause
an invalid-opcode exception(#UD).

The dependency KVM patch link:
https://lkml.org/lkml/2019/6/16/50

The release document ref below link:
https://software.intel.com/sites/default/files/\
managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf

Changelog:
v3:
Simplify the patches, expose user wait instructions when the guest
has CPUID (Paolo)
v2:
Separated from the series
https://www.mail-archive.com/qemu-devel@nongnu.org/msg549526.html
Use kvm capability to enable UMONITOR, UMWAIT and TPAUSE when
QEMU use "-overcommit cpu-pm=on"
v1:
Sent out with MOVDIRI/MOVDIR64B instructions patches

Tao Xu (2):
  x86/cpu: Add support for UMONITOR/UMWAIT/TPAUSE
  target/i386: Add support for save/load IA32_UMWAIT_CONTROL MSR

 target/i386/cpu.c |  3 ++-
 target/i386/cpu.h |  3 +++
 target/i386/kvm.c | 17 +
 target/i386/machine.c | 20 
 4 files changed, 42 insertions(+), 1 deletion(-)

-- 
2.20.1

[Qemu-devel] [PATCH v3 2/2] target/i386: Add support for save/load IA32_UMWAIT_CONTROL MSR

[Tao Xu]

UMWAIT and TPAUSE instructions use IA32_UMWAIT_CONTROL at MSR index
E1H to determines the maximum time in TSC-quanta that the processor
can reside in either C0.1 or C0.2.

This patch is to Add support for save/load IA32_UMWAIT_CONTROL MSR in
guest.

Co-developed-by: Jingqi Liu 
Signed-off-by: Jingqi Liu 
Signed-off-by: Tao Xu 
---

no changes in v3:
---
 target/i386/cpu.h |  2 ++
 target/i386/kvm.c | 13 +
 target/i386/machine.c | 20 
 3 files changed, 35 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2f7c57a3c2..eb98b2e54a 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -450,6 +450,7 @@ typedef enum X86Seg {
 
 #define MSR_IA32_BNDCFGS0x0d90
 #define MSR_IA32_XSS0x0da0
+#define MSR_IA32_UMWAIT_CONTROL 0xe1
 
 #define XSTATE_FP_BIT   0
 #define XSTATE_SSE_BIT  1
@@ -1348,6 +1349,7 @@ typedef struct CPUX86State {
 uint16_t fpregs_format_vmstate;
 
 uint64_t xss;
+uint64_t umwait;
 
 TPRAccess tpr_access_type;
 } CPUX86State;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3efdb90f11..506c7cd038 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -91,6 +91,7 @@ static bool has_msr_hv_stimer;
 static bool has_msr_hv_frequencies;
 static bool has_msr_hv_reenlightenment;
 static bool has_msr_xss;
+static bool has_msr_umwait;
 static bool has_msr_spec_ctrl;
 static bool has_msr_virt_ssbd;
 static bool has_msr_smi_count;
@@ -1486,6 +1487,9 @@ static int kvm_get_supported_msrs(KVMState *s)
 case MSR_IA32_XSS:
 has_msr_xss = true;
 break;
+case MSR_IA32_UMWAIT_CONTROL:
+has_msr_umwait = true;
+break;
 case HV_X64_MSR_CRASH_CTL:
 has_msr_hv_crash = true;
 break;
@@ -2023,6 +2027,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 if (has_msr_xss) {
 kvm_msr_entry_add(cpu, MSR_IA32_XSS, env->xss);
 }
+if (has_msr_umwait) {
+kvm_msr_entry_add(cpu, MSR_IA32_UMWAIT_CONTROL, env->umwait);
+}
 if (has_msr_spec_ctrl) {
 kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
 }
@@ -2416,6 +2423,9 @@ static int kvm_get_msrs(X86CPU *cpu)
 if (has_msr_xss) {
 kvm_msr_entry_add(cpu, MSR_IA32_XSS, 0);
 }
+if (has_msr_umwait) {
+kvm_msr_entry_add(cpu, MSR_IA32_UMWAIT_CONTROL, 0);
+}
 if (has_msr_spec_ctrl) {
 kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
 }
@@ -2665,6 +2675,9 @@ static int kvm_get_msrs(X86CPU *cpu)
 case MSR_IA32_XSS:
 env->xss = msrs[i].data;
 break;
+case MSR_IA32_UMWAIT_CONTROL:
+env->umwait = msrs[i].data;
+break;
 default:
 if (msrs[i].index >= MSR_MC0_CTL &&
 msrs[i].index < MSR_MC0_CTL + (env->mcg_cap & 0xff) * 4) {
diff --git a/target/i386/machine.c b/target/i386/machine.c
index 4aff1a763f..db388b6b85 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -810,6 +810,25 @@ static const VMStateDescription vmstate_xss = {
 }
 };
 
+static bool umwait_needed(void *opaque)
+{
+X86CPU *cpu = opaque;
+CPUX86State *env = &cpu->env;
+
+return env->umwait != 0;
+}
+
+static const VMStateDescription vmstate_umwait = {
+.name = "cpu/umwait",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = umwait_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(env.umwait, X86CPU),
+VMSTATE_END_OF_LIST()
+}
+};
+
 #ifdef TARGET_X86_64
 static bool pkru_needed(void *opaque)
 {
@@ -1100,6 +1119,7 @@ VMStateDescription vmstate_x86_cpu = {
 &vmstate_msr_hyperv_reenlightenment,
 &vmstate_avx512,
 &vmstate_xss,
+&vmstate_umwait,
 &vmstate_tsc_khz,
 &vmstate_msr_smi_count,
 #ifdef TARGET_X86_64
-- 
2.20.1

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
ddea93d BootLinuxConsoleTest: Test the RX-Virt machine
74f0940 MAINTAINERS: Add RX
f3106ec Add rx-softmmu
1da40c3 hw/registerfields.h: Add 8bit and 16bit register macros
dd11e46 qemu/bitops.h: Add extract8 and extract16
8a27bba hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
710d25f hw/rx: Honor -accel qtest
8e145d9 target/rx: Move rx_load_image to rx-virt.
14b0bc0 hw/rx: RX Target hardware definition
cad9f7e hw/char: RX62N serial communication interface (SCI)
655bc26 hw/timer: RX62N internal timer modules
2309a1e hw/intc: RX62N interrupt controller (ICUa)
3ce6f15 target/rx: Dump bytes for each insn during disassembly
ecaf009 target/rx: Collect all bytes during disassembly
da34fac target/rx: Emit all disassembly in one prt()
84dc86b target/rx: Use prt_ldmi for XCHG_mr disassembly
5ff8a73 target/rx: Replace operand with prt_ldmi in disassembler
16dddb8 target/rx: Disassemble rx_index_addr into a string
77fa9a2 target/rx: RX disassembler
a3b3f57 target/rx: simplify rx_cpu_class_by_name
e93acbf target/rx: Follow the change of tcg.
bc35b11 target/rx: CPU definition
14b01de target/rx: TCG helper
a804cd0 target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit a804cd0b4fd9 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit 14b01de07ded (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit bc35b111d3a8 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit e93acbf0f80d (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit a3b3f57d12ee (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 77fa9a20f924 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit 16dddb8ce3b2 (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 5ff8a73eff90 (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit 84dc86be8458 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit da34fac0381b (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit ecaf00999e83 (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit 3ce6f15d90a7 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit 2309a1e755d6 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 655bc261bf4f (hw/timer: RX62N internal timer modules)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#50: 
new file mode 100644

total: 0 errors, 1 warnings, 839 lines checked

Patch 14/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in 

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Type: series
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 t [tag update]
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp -> 
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
403c350609 BootLinuxConsoleTest: Test the RX-Virt machine
98f6fb5e89 MAINTAINERS: Add RX
4252de2062 Add rx-softmmu
95d29650e9 hw/registerfields.h: Add 8bit and 16bit register macros
9e3ce57c55 qemu/bitops.h: Add extract8 and extract16
dc04a4b224 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
cc47cf664c hw/rx: Honor -accel qtest
ceb71505f3 target/rx: Move rx_load_image to rx-virt.
f20d5cc761 hw/rx: RX Target hardware definition
c37736b76c hw/char: RX62N serial communication interface (SCI)
8176ccfbcc hw/timer: RX62N internal timer modules
d9a5c82129 hw/intc: RX62N interrupt controller (ICUa)
8809801630 target/rx: Dump bytes for each insn during disassembly
e91060b6fc target/rx: Collect all bytes during disassembly
2e5775b8de target/rx: Emit all disassembly in one prt()
0c2a07b318 target/rx: Use prt_ldmi for XCHG_mr disassembly
5f427555c5 target/rx: Replace operand with prt_ldmi in disassembler
a837728954 target/rx: Disassemble rx_index_addr into a string
4501fa194e target/rx: RX disassembler
107b638962 target/rx: simplify rx_cpu_class_by_name
108dd5166a target/rx: Follow the change of tcg.
7e87ad503c target/rx: CPU definition
f34c576ead target/rx: TCG helper
4b7f3bbe5f target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit 4b7f3bbe5f8a (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit f34c576eadb5 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit 7e87ad503c0d (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit 108dd5166a69 (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit 107b63896230 (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 4501fa194ece (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit a83772895452 (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 5f427555c5a6 (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit 0c2a07b318aa (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit 2e5775b8dec1 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit e91060b6fc95 (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit 880980163031 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit d9a5c8212987 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 8176ccfbcca6 (hw/timer: RX62N internal timer modules)
WARNING: added, moved or 

[Qemu-devel] [PATCH] spapr/xive: Add proper rollback to kvmppc_xive_connect()

[Greg Kurz]

Make kvmppc_xive_disconnect() able to undo the changes of a partial
execution of kvmppc_xive_connect() and use it to perform rollback.

Based-on: <20190614165920.12670-2-...@kaod.org>
Signed-off-by: Greg Kurz 
---
 hw/intc/spapr_xive_kvm.c |   48 --
 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
index 5559f8bce5ef..3bf8e7a20e14 100644
--- a/hw/intc/spapr_xive_kvm.c
+++ b/hw/intc/spapr_xive_kvm.c
@@ -724,8 +724,7 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 xsrc->esb_mmap = kvmppc_xive_mmap(xive, KVM_XIVE_ESB_PAGE_OFFSET, esb_len,
   &local_err);
 if (local_err) {
-error_propagate(errp, local_err);
-return;
+goto fail;
 }
 
 memory_region_init_ram_device_ptr(&xsrc->esb_mmio_kvm, OBJECT(xsrc),
@@ -743,8 +742,7 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 xive->tm_mmap = kvmppc_xive_mmap(xive, KVM_XIVE_TIMA_PAGE_OFFSET, tima_len,
  &local_err);
 if (local_err) {
-error_propagate(errp, local_err);
-return;
+goto fail;
 }
 memory_region_init_ram_device_ptr(&xive->tm_mmio_kvm, OBJECT(xive),
   "xive.tima", tima_len, xive->tm_mmap);
@@ -760,21 +758,24 @@ void kvmppc_xive_connect(SpaprXive *xive, Error **errp)
 
 kvmppc_xive_cpu_connect(spapr_cpu_state(cpu)->tctx, &local_err);
 if (local_err) {
-error_propagate(errp, local_err);
-return;
+goto fail;
 }
 }
 
 /* Update the KVM sources */
 kvmppc_xive_source_reset(xsrc, &local_err);
 if (local_err) {
-error_propagate(errp, local_err);
-return;
+goto fail;
 }
 
 kvm_kernel_irqchip = true;
 kvm_msi_via_irqfd_allowed = true;
 kvm_gsi_direct_mapping = true;
+return;
+
+fail:
+error_propagate(errp, local_err);
+kvmppc_xive_disconnect(xive, NULL);
 }
 
 void kvmppc_xive_disconnect(SpaprXive *xive, Error **errp)
@@ -796,23 +797,29 @@ void kvmppc_xive_disconnect(SpaprXive *xive, Error **errp)
 xsrc = &xive->source;
 esb_len = (1ull << xsrc->esb_shift) * xsrc->nr_irqs;
 
-memory_region_del_subregion(&xsrc->esb_mmio, &xsrc->esb_mmio_kvm);
-object_unparent(OBJECT(&xsrc->esb_mmio_kvm));
-munmap(xsrc->esb_mmap, esb_len);
-xsrc->esb_mmap = NULL;
+if (xsrc->esb_mmap) {
+memory_region_del_subregion(&xsrc->esb_mmio, &xsrc->esb_mmio_kvm);
+object_unparent(OBJECT(&xsrc->esb_mmio_kvm));
+munmap(xsrc->esb_mmap, esb_len);
+xsrc->esb_mmap = NULL;
+}
 
-memory_region_del_subregion(&xive->tm_mmio, &xive->tm_mmio_kvm);
-object_unparent(OBJECT(&xive->tm_mmio_kvm));
-munmap(xive->tm_mmap, 4ull << TM_SHIFT);
-xive->tm_mmap = NULL;
+if (xive->tm_mmap) {
+memory_region_del_subregion(&xive->tm_mmio, &xive->tm_mmio_kvm);
+object_unparent(OBJECT(&xive->tm_mmio_kvm));
+munmap(xive->tm_mmap, 4ull << TM_SHIFT);
+xive->tm_mmap = NULL;
+}
 
 /*
  * When the KVM device fd is closed, the KVM device is destroyed
  * and removed from the list of devices of the VM. The VCPU
  * presenters are also detached from the device.
  */
-close(xive->fd);
-xive->fd = -1;
+if (xive->fd != -1) {
+close(xive->fd);
+xive->fd = -1;
+}
 
 kvm_kernel_irqchip = false;
 kvm_msi_via_irqfd_allowed = false;
@@ -822,5 +829,8 @@ void kvmppc_xive_disconnect(SpaprXive *xive, Error **errp)
 kvm_cpu_disable_all();
 
 /* VM Change state handler is not needed anymore */
-qemu_del_vm_change_state_handler(xive->change);
+if (xive->change) {
+qemu_del_vm_change_state_handler(xive->change);
+xive->change = NULL;
+}
 }

Re: [Qemu-devel] [PATCH v3 2/5] virtio: Set "start_on_kick" for legacy devices

[Greg Kurz]

On Fri, 14 Jun 2019 17:31:18 +0800
elohi...@gmail.com wrote:

> From: Xie Yongji 
> 
> Besides virtio 1.0 transitional devices, we should also
> set "start_on_kick" flag for legacy devices (virtio 0.9).
> 
> Signed-off-by: Xie Yongji 
> ---

Reviewed-by: Greg Kurz 

>  hw/virtio/virtio.c | 6 ++
>  include/hw/virtio/virtio.h | 2 +-
>  2 files changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 19062fbb96..473881e9ec 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -1212,8 +1212,7 @@ void virtio_reset(void *opaque)
>  k->reset(vdev);
>  }
>  
> -vdev->start_on_kick = (virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1) 
> &&
> -  !virtio_vdev_has_feature(vdev, 
> VIRTIO_F_VERSION_1));
> +vdev->start_on_kick = !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1);
>  vdev->started = false;
>  vdev->broken = false;
>  vdev->guest_features = 0;
> @@ -2325,8 +2324,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
>  g_malloc0(sizeof(*vdev->vector_queues) * nvectors);
>  }
>  
> -vdev->start_on_kick = (virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1) 
> &&
> -  !virtio_vdev_has_feature(vdev, 
> VIRTIO_F_VERSION_1));
> +vdev->start_on_kick = !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1);
>  vdev->started = false;
>  vdev->device_id = device_id;
>  vdev->status = 0;
> diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
> index 15d5366939..b189788cb2 100644
> --- a/include/hw/virtio/virtio.h
> +++ b/include/hw/virtio/virtio.h
> @@ -107,7 +107,7 @@ struct VirtIODevice
>  bool broken; /* device in invalid state, needs reset */
>  bool use_started;
>  bool started;
> -bool start_on_kick; /* virtio 1.0 transitional devices support that */
> +bool start_on_kick; /* when virtio 1.0 feature has not been negotiated */
>  VMChangeStateEntry *vmstate;
>  char *bus_name;
>  uint8_t device_endian;

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
0c27dd8 BootLinuxConsoleTest: Test the RX-Virt machine
2a6876d MAINTAINERS: Add RX
d251bcb Add rx-softmmu
74589c9 hw/registerfields.h: Add 8bit and 16bit register macros
d79dcb1 qemu/bitops.h: Add extract8 and extract16
7b48c06 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
f57add5 hw/rx: Honor -accel qtest
6250788 target/rx: Move rx_load_image to rx-virt.
7023958 hw/rx: RX Target hardware definition
02ccff2 hw/char: RX62N serial communication interface (SCI)
82f9b2f hw/timer: RX62N internal timer modules
d5bbed0 hw/intc: RX62N interrupt controller (ICUa)
70acbbd target/rx: Dump bytes for each insn during disassembly
2e7845e target/rx: Collect all bytes during disassembly
78b4585 target/rx: Emit all disassembly in one prt()
4f2586f target/rx: Use prt_ldmi for XCHG_mr disassembly
85b4ce9 target/rx: Replace operand with prt_ldmi in disassembler
33933e5 target/rx: Disassemble rx_index_addr into a string
72b9045 target/rx: RX disassembler
8ce563c target/rx: simplify rx_cpu_class_by_name
7f2e05e target/rx: Follow the change of tcg.
065893f target/rx: CPU definition
5f160a0 target/rx: TCG helper
24091fb target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit 24091fb702bb (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit 5f160a0c4667 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit 065893fc208c (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit 7f2e05e35322 (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit 8ce563cdcaed (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 72b9045c8042 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit 33933e5f814b (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 85b4ce969b9f (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit 4f2586f683be (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit 78b4585ca396 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit 2e7845e0912b (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit 70acbbdd2844 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit d5bbed0bb689 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 82f9b2f0f2d1 (hw/timer: RX62N internal timer modules)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#50: 
new file mode 100644

total: 0 errors, 1 warnings, 839 lines checked

Patch 14/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in 

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Type: series
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 t [tag update]
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp -> 
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
cff80b5d1e BootLinuxConsoleTest: Test the RX-Virt machine
2afa3191c4 MAINTAINERS: Add RX
2581cfc04d Add rx-softmmu
2190818c28 hw/registerfields.h: Add 8bit and 16bit register macros
997230fa9e qemu/bitops.h: Add extract8 and extract16
3481b34b73 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
c5d63912aa hw/rx: Honor -accel qtest
ad820302f8 target/rx: Move rx_load_image to rx-virt.
387d306c14 hw/rx: RX Target hardware definition
6f8b3aff27 hw/char: RX62N serial communication interface (SCI)
465e8e3419 hw/timer: RX62N internal timer modules
6f0b3c6dda hw/intc: RX62N interrupt controller (ICUa)
56bdfb0467 target/rx: Dump bytes for each insn during disassembly
747fb3b0c1 target/rx: Collect all bytes during disassembly
a00d8b4c86 target/rx: Emit all disassembly in one prt()
2923ce8078 target/rx: Use prt_ldmi for XCHG_mr disassembly
db364b4e70 target/rx: Replace operand with prt_ldmi in disassembler
ab02b67a15 target/rx: Disassemble rx_index_addr into a string
43ba920a8c target/rx: RX disassembler
c77e3d7ee3 target/rx: simplify rx_cpu_class_by_name
cb783ec841 target/rx: Follow the change of tcg.
ceb39de01c target/rx: CPU definition
56775c6167 target/rx: TCG helper
900643e454 target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit 900643e454ec (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit 56775c6167e1 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit ceb39de01c83 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit cb783ec8417f (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit c77e3d7ee3fd (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 43ba920a8c9c (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit ab02b67a153e (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit db364b4e7075 (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit 2923ce807857 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit a00d8b4c8652 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit 747fb3b0c178 (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit 56bdfb0467c9 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit 6f0b3c6ddafc (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 465e8e3419e0 (hw/timer: RX62N internal timer modules)
WARNING: added, moved or 

[Qemu-devel] [Bug 1832916] Re: linux-user does not check PROT_EXEC

[Richard Henderson]

It turns out we can't fix this without also fixing
our implementation of signal trampolines.

** Changed in: qemu
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832916

Title:
  linux-user does not check PROT_EXEC

Status in QEMU:
  Confirmed

Bug description:
  At no point do we actually verify that a page is PROT_EXEC before
  translating.  All we end up verifying is that the page is readable.
  Not the same thing, obviously.

  The following test case should work for any architecture, though I've
  only validated it for x86_64 and aarch64.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832916/+subscriptions

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp
Type: series
Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
63acf99 BootLinuxConsoleTest: Test the RX-Virt machine
55c11a3 MAINTAINERS: Add RX
e70d51d Add rx-softmmu
92d29e0 hw/registerfields.h: Add 8bit and 16bit register macros
daf1337 qemu/bitops.h: Add extract8 and extract16
2d9c0d6 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
ce5f6c3 hw/rx: Honor -accel qtest
a22cc3b target/rx: Move rx_load_image to rx-virt.
8736a61 hw/rx: RX Target hardware definition
dc2af92 hw/char: RX62N serial communication interface (SCI)
f3d48c1 hw/timer: RX62N internal timer modules
4a32817 hw/intc: RX62N interrupt controller (ICUa)
99e0a91 target/rx: Dump bytes for each insn during disassembly
92fc3b3 target/rx: Collect all bytes during disassembly
ba396eb target/rx: Emit all disassembly in one prt()
e0ed57b target/rx: Use prt_ldmi for XCHG_mr disassembly
44ee1c7 target/rx: Replace operand with prt_ldmi in disassembler
c62d37a target/rx: Disassemble rx_index_addr into a string
7f19f36 target/rx: RX disassembler
0998f1a target/rx: simplify rx_cpu_class_by_name
b5e3446 target/rx: Follow the change of tcg.
5338b4d target/rx: CPU definition
3f32ebc target/rx: TCG helper
af95d40 target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit af95d40319c1 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit 3f32ebceb081 (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit 5338b4d31288 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit b5e3446977c2 (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit 0998f1ad7b92 (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 7f19f364a358 (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit c62d37a04fd1 (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 44ee1c75bf83 (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit e0ed57b911f8 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit ba396eb8d526 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit 92fc3b3987e0 (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit 99e0a9185550 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit 4a32817f6463 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit f3d48c1450ab (hw/timer: RX62N internal timer modules)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#50: 
new file mode 100644

total: 0 errors, 1 warnings, 839 lines checked

Patch 14/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in 

Re: [Qemu-devel] [PATCH v20 03/24] target/rx: CPU definition

[Igor Mammedov]

On Sun, 16 Jun 2019 23:28:15 +0900
Yoshinori Sato  wrote:

> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> Message-Id: <20190607091116.49044-4-ys...@users.sourceforge.jp>
> Signed-off-by: Richard Henderson 
> [PMD: Use newer QOM style, split cpu-qom.h, restrict access to
>  extable array, use rx_cpu_tlb_fill() extracted from patch of
>  Yoshinori Sato 'Convert to CPUClass::tlb_fill']
> Signed-off-by: Philippe Mathieu-Daudé 
> 
> Signed-off-by: Yoshinori Sato 
> ---
[...]

> diff --git a/target/rx/cpu.c b/target/rx/cpu.c
> new file mode 100644
> index 00..4147c5c939
> --- /dev/null
> +++ b/target/rx/cpu.c
[...]

> +static void rx_cpu_list_entry(gpointer data, gpointer user_data)
> +{
> +const char *typename = object_class_get_name(OBJECT_CLASS(data));
> +int len = strlen(typename) - strlen(RX_CPU_TYPE_SUFFIX);
> +
> +qemu_printf("%.*s\n", len, typename);
> +}
> +
> +void rx_cpu_list(void)
> +{
> +GSList *list;
> +list = object_class_get_list_sorted(TYPE_RX_CPU, false);
> +g_slist_foreach(list, rx_cpu_list_entry, NULL);
> +g_slist_free(list);
> +}
> +
> +static ObjectClass *rx_cpu_class_by_name(const char *cpu_model)
> +{
> +ObjectClass *oc;
> +char *typename;
> +
> +oc = object_class_by_name(cpu_model);
> +if (oc != NULL && object_class_dynamic_cast(oc, TYPE_RX_CPU) != NULL &&
> +!object_class_is_abstract(oc)) {
> +return oc;
> +}
> +
> +typename = g_strdup_printf(RX_CPU_TYPE_NAME("%s"), cpu_model);
> +oc = object_class_by_name(typename);
> +if (oc != NULL && object_class_is_abstract(oc)) {
> +oc = NULL;
> +}
> +g_free(typename);
> +
> +if (!oc) {
> +/* default to rx62n */
> +oc = object_class_by_name(TYPE_RX62N_CPU);
> +}
please address comments made on v19 version of the patch
and reply with fixed v21 here (assuming it doesn't break follow up patches)

> +return oc;
> +}
> +
[...]

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
Type: series
Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 t [tag update]
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp -> 
patchew/20190616142836.10614-1-ys...@users.sourceforge.jp
Switched to a new branch 'test'
6cf003324f BootLinuxConsoleTest: Test the RX-Virt machine
5b245d8608 MAINTAINERS: Add RX
a0f72f1c22 Add rx-softmmu
29cee4bf91 hw/registerfields.h: Add 8bit and 16bit register macros
4dc22f4709 qemu/bitops.h: Add extract8 and extract16
6faffcc70c hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
8525a12c35 hw/rx: Honor -accel qtest
1a73fe6b98 target/rx: Move rx_load_image to rx-virt.
abe443904a hw/rx: RX Target hardware definition
65bcf6380e hw/char: RX62N serial communication interface (SCI)
1c2b600c8d hw/timer: RX62N internal timer modules
492f670463 hw/intc: RX62N interrupt controller (ICUa)
ee55183b75 target/rx: Dump bytes for each insn during disassembly
adf1747a39 target/rx: Collect all bytes during disassembly
af8bf138f1 target/rx: Emit all disassembly in one prt()
f5cc42e0d3 target/rx: Use prt_ldmi for XCHG_mr disassembly
10551aa38a target/rx: Replace operand with prt_ldmi in disassembler
cd70c31a2d target/rx: Disassemble rx_index_addr into a string
9ca9b0f1b7 target/rx: RX disassembler
006b47f9ab target/rx: simplify rx_cpu_class_by_name
c63cb5a1ca target/rx: Follow the change of tcg.
eeca36e3d4 target/rx: CPU definition
ce69a0fc32 target/rx: TCG helper
9407cbd6df target/rx: TCG translation

=== OUTPUT BEGIN ===
1/24 Checking commit 9407cbd6df21 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 1/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/24 Checking commit ce69a0fc32ce (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 649 lines checked

Patch 2/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/24 Checking commit eeca36e3d4cb (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 645 lines checked

Patch 3/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/24 Checking commit c63cb5a1ca57 (target/rx: Follow the change of tcg.)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 121 lines checked

Patch 4/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/24 Checking commit 006b47f9aba0 (target/rx: simplify rx_cpu_class_by_name)
6/24 Checking commit 9ca9b0f1b7bf (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 6/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/24 Checking commit cd70c31a2d67 (target/rx: Disassemble rx_index_addr into a 
string)
8/24 Checking commit 10551aa38ab8 (target/rx: Replace operand with prt_ldmi in 
disassembler)
9/24 Checking commit f5cc42e0d3c9 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
10/24 Checking commit af8bf138f119 (target/rx: Emit all disassembly in one 
prt())
11/24 Checking commit adf1747a39dc (target/rx: Collect all bytes during 
disassembly)
12/24 Checking commit ee55183b7577 (target/rx: Dump bytes for each insn during 
disassembly)
13/24 Checking commit 492f670463db (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warnings, 442 lines checked

Patch 13/24 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
14/24 Checking commit 1c2b600c8dbb (hw/timer: RX62N internal timer modules)
WARNING: added, moved or 

Re: [Qemu-devel] [PATCH v20 05/24] target/rx: simplify rx_cpu_class_by_name

[Igor Mammedov]

On Sun, 16 Jun 2019 23:28:17 +0900
Yoshinori Sato  wrote:

> Signed-off-by: Yoshinori Sato 
THere is no point in sending it as separate patch,
If you'd merged this patch into 3/24 I'd ack it.
So pls merge it there.

> ---
>  target/rx/cpu.c | 20 +++-
>  1 file changed, 3 insertions(+), 17 deletions(-)
> 
> diff --git a/target/rx/cpu.c b/target/rx/cpu.c
> index a6dde613ab..e3d76af55d 100644
> --- a/target/rx/cpu.c
> +++ b/target/rx/cpu.c
> @@ -72,9 +72,8 @@ static void rx_cpu_reset(CPUState *s)
>  static void rx_cpu_list_entry(gpointer data, gpointer user_data)
>  {
>  const char *typename = object_class_get_name(OBJECT_CLASS(data));
> -int len = strlen(typename) - strlen(RX_CPU_TYPE_SUFFIX);
>  
> -qemu_printf("%.*s\n", len, typename);
> +qemu_printf("%s\n", typename);
>  }
>  
>  void rx_cpu_list(void)
> @@ -88,25 +87,12 @@ void rx_cpu_list(void)
>  static ObjectClass *rx_cpu_class_by_name(const char *cpu_model)
>  {
>  ObjectClass *oc;
> -char *typename;
>  
>  oc = object_class_by_name(cpu_model);
> -if (oc != NULL && object_class_dynamic_cast(oc, TYPE_RX_CPU) != NULL &&
> -!object_class_is_abstract(oc)) {
> -return oc;
> -}
> -
> -typename = g_strdup_printf(RX_CPU_TYPE_NAME("%s"), cpu_model);
> -oc = object_class_by_name(typename);
> -if (oc != NULL && object_class_is_abstract(oc)) {
> +if (object_class_dynamic_cast(oc, TYPE_RX_CPU) == NULL ||
> +object_class_is_abstract(oc)) {
>  oc = NULL;
>  }
> -g_free(typename);
> -
> -if (!oc) {
> -/* default to rx62n */
> -oc = object_class_by_name(TYPE_RX62N_CPU);
> -}
>  
>  return oc;
>  }

Re: [Qemu-devel] [PATCH v20 17/24] target/rx: Move rx_load_image to rx-virt.

[Igor Mammedov]

On Sun, 16 Jun 2019 23:28:29 +0900
Yoshinori Sato  wrote:

> Signed-off-by: Yoshinori Sato 
> ---
>  hw/rx/rx-virt.c | 22 ++
>  target/rx/cpu.c | 22 --
>  2 files changed, 22 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/rx/rx-virt.c b/hw/rx/rx-virt.c
> index ed0a3a1da0..4cfe2e3123 100644
> --- a/hw/rx/rx-virt.c
> +++ b/hw/rx/rx-virt.c
> @@ -32,6 +32,28 @@
>  /* Same address of GDB integrated simulator */
>  #define SDRAM_BASE 0x0100
>  
> +static void rx_load_image(RXCPU *cpu, const char *filename,
> +  uint32_t start, uint32_t size)

function shouldn't be added to target/rx/cpu.c at all,
it should be introduced in 16/24 instead and this patch
shouldn't exist.

> +{
> +static uint32_t extable[32];
> +long kernel_size;
> +int i;
> +
> +kernel_size = load_image_targphys(filename, start, size);
> +if (kernel_size < 0) {
> +fprintf(stderr, "qemu: could not load kernel '%s'\n", filename);
> +exit(1);
> +}
> +cpu->env.pc = start;
> +
> +/* setup exception trap trampoline */
> +/* linux kernel only works little-endian mode */
> +for (i = 0; i < ARRAY_SIZE(extable); i++) {
> +extable[i] = cpu_to_le32(0x10 + i * 4);
> +}
> +rom_add_blob_fixed("extable", extable, sizeof(extable), 0xff80);
> +}
> +
>  static void rxvirt_init(MachineState *machine)
>  {
>  RX62NState *s = g_new(RX62NState, 1);
> diff --git a/target/rx/cpu.c b/target/rx/cpu.c
> index e3d76af55d..ea38639f47 100644
> --- a/target/rx/cpu.c
> +++ b/target/rx/cpu.c
> @@ -215,25 +215,3 @@ static void rx_cpu_register_types(void)
>  }
>  
>  type_init(rx_cpu_register_types)
> -
> -void rx_load_image(RXCPU *cpu, const char *filename,
> -   uint32_t start, uint32_t size)
> -{
> -static uint32_t extable[32];
> -long kernel_size;
> -int i;
> -
> -kernel_size = load_image_targphys(filename, start, size);
> -if (kernel_size < 0) {
> -fprintf(stderr, "qemu: could not load kernel '%s'\n", filename);
> -exit(1);
> -}
> -cpu->env.pc = start;
> -
> -/* setup exception trap trampoline */
> -/* linux kernel only works little-endian mode */
> -for (i = 0; i < ARRAY_SIZE(extable); i++) {
> -extable[i] = cpu_to_le32(0x10 + i * 4);
> -}
> -rom_add_blob_fixed("extable", extable, sizeof(extable), 0xff80);
> -}

Re: [Qemu-devel] [PATCH v20 21/24] hw/registerfields.h: Add 8bit and 16bit register macros

[Igor Mammedov]

On Sun, 16 Jun 2019 23:28:33 +0900
Yoshinori Sato  wrote:

> From: Philippe Mathieu-Daudé 
> 
> Some RX peripheral using 8bit and 16bit registers.
> Added 8bit and 16bit APIs.

probably should go before 13/24 (i.e. before actual users start using it)

this patch causes checkpatch errors but it uses macro magic style
common to registerfields.h.
we probably don't wish to fix existing code style at the moment.

> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> Reviewed-by: Philippe Mathieu-Daudé 
> Message-Id: <20190607091116.49044-11-ys...@users.sourceforge.jp>
> Tested-by: Philippe Mathieu-Daudé 
> Reviewed-by: Alistair Francis 
> Signed-off-by: Richard Henderson 
> ---
>  include/hw/registerfields.h | 32 +++-
>  1 file changed, 31 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
> index 2659a58737..a0bb0654d6 100644
> --- a/include/hw/registerfields.h
> +++ b/include/hw/registerfields.h
> @@ -22,6 +22,14 @@
>  enum { A_ ## reg = (addr) };  \
>  enum { R_ ## reg = (addr) / 4 };
>  
> +#define REG8(reg, addr)  \
> +enum { A_ ## reg = (addr) };  \
> +enum { R_ ## reg = (addr) };
> +
> +#define REG16(reg, addr)  \
> +enum { A_ ## reg = (addr) };  \
> +enum { R_ ## reg = (addr) / 2 };
> +
>  /* Define SHIFT, LENGTH and MASK constants for a field within a register */
>  
>  /* This macro will define R_FOO_BAR_MASK, R_FOO_BAR_SHIFT and 
> R_FOO_BAR_LENGTH
> @@ -34,6 +42,12 @@
>  MAKE_64BIT_MASK(shift, length)};
>  
>  /* Extract a field from a register */
> +#define FIELD_EX8(storage, reg, field)\
> +extract8((storage), R_ ## reg ## _ ## field ## _SHIFT,\
> +  R_ ## reg ## _ ## field ## _LENGTH)
> +#define FIELD_EX16(storage, reg, field)   \
> +extract16((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
> +  R_ ## reg ## _ ## field ## _LENGTH)
>  #define FIELD_EX32(storage, reg, field)   \
>  extract32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
>R_ ## reg ## _ ## field ## _LENGTH)
> @@ -49,6 +63,22 @@
>   * Assigning values larger then the target field will result in
>   * compilation warnings.
>   */
> +#define FIELD_DP8(storage, reg, field, val) ({\
> +struct {  \
> +unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
> +} v = { .v = val };   \
> +uint8_t d;\
> +d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
> +  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
> +d; })
> +#define FIELD_DP16(storage, reg, field, val) ({   \
> +struct {  \
> +unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
> +} v = { .v = val };   \
> +uint16_t d;   \
> +d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
> +  R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
> +d; })
>  #define FIELD_DP32(storage, reg, field, val) ({   \
>  struct {  \
>  unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
> @@ -57,7 +87,7 @@
>  d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
>R_ ## reg ## _ ## field ## _LENGTH, v.v);   \
>  d; })
> -#define FIELD_DP64(storage, reg, field, val) ({   \
> +#define FIELD_DP64(storage, reg, field, val) ({ \
>  struct {  \
>  unsigned int v:R_ ## reg ## _ ## field ## _LENGTH;\
>  } v = { .v = val };   \

Re: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support

[Igor Mammedov]

On Sun, 16 Jun 2019 08:18:18 -0700 (PDT)
no-re...@patchew.org wrote:

> Patchew URL: 
> https://patchew.org/QEMU/20190616142836.10614-1-ys...@users.sourceforge.jp/
> 
> 
to fix MAINTAINERS warning, you can add new entry there at
the first patch that introduces new directory/file and get rid of 23/24 patch

> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Subject: [Qemu-devel] [PATCH v20 00/24] Add RX archtecture support
> Type: series
> Message-id: 20190616142836.10614-1-ys...@users.sourceforge.jp
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> From https://github.com/patchew-project/qemu
>  * [new tag]   
> patchew/20190616142836.10614-1-ys...@users.sourceforge.jp -> 
> patchew/20190616142836.10614-1-ys...@users.sourceforge.jp
> Switched to a new branch 'test'
> 233b18cbe7 BootLinuxConsoleTest: Test the RX-Virt machine
> 904297282a MAINTAINERS: Add RX
> 43952adb47 Add rx-softmmu
> fb8cc7379b hw/registerfields.h: Add 8bit and 16bit register macros
> 300109d593 qemu/bitops.h: Add extract8 and extract16
> 298abac567 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
> b836e3b146 hw/rx: Honor -accel qtest
> 781b6ec24c target/rx: Move rx_load_image to rx-virt.
> 9577f3d230 hw/rx: RX Target hardware definition
> 891f2de8d8 hw/char: RX62N serial communication interface (SCI)
> 3495206576 hw/timer: RX62N internal timer modules
> a905f500b4 hw/intc: RX62N interrupt controller (ICUa)
> ece449ed10 target/rx: Dump bytes for each insn during disassembly
> b95c9bad6b target/rx: Collect all bytes during disassembly
> 3dff5695a3 target/rx: Emit all disassembly in one prt()
> 704fec54d9 target/rx: Use prt_ldmi for XCHG_mr disassembly
> 7396e2ece1 target/rx: Replace operand with prt_ldmi in disassembler
> 60b13915e5 target/rx: Disassemble rx_index_addr into a string
> d41d01e403 target/rx: RX disassembler
> 85b88c8cd4 target/rx: simplify rx_cpu_class_by_name
> 376f2b05c3 target/rx: Follow the change of tcg.
> d86020dcdb target/rx: CPU definition
> 014cc684fa target/rx: TCG helper
> 4c5f19b6e4 target/rx: TCG translation
> 
> === OUTPUT BEGIN ===
> 1/24 Checking commit 4c5f19b6e47c (target/rx: TCG translation)
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #20: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 3065 lines checked
> 
> Patch 1/24 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 2/24 Checking commit 014cc684fafc (target/rx: TCG helper)
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #20: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 649 lines checked
> 
> Patch 2/24 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 3/24 Checking commit d86020dcdb96 (target/rx: CPU definition)
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #20: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 645 lines checked
> 
> Patch 3/24 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 4/24 Checking commit 376f2b05c385 (target/rx: Follow the change of tcg.)
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #15: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 121 lines checked
> 
> Patch 4/24 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 5/24 Checking commit 85b88c8cd4f0 (target/rx: simplify rx_cpu_class_by_name)
> 6/24 Checking commit d41d01e40305 (target/rx: RX disassembler)
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #38: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 1497 lines checked
> 
> Patch 6/24 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 7/24 Checking commit 60b13915e559 (target/rx: Disassemble rx_index_addr into 
> a string)
> 8/24 Checking commit 7396e2ece1ed (target/rx: Replace operand with prt_ldmi 
> in disassembler)
> 9/24 Checking commit 704fec54d904 (target/rx: Use prt_ldmi for XCHG_mr 
> disassembly)
> 10/24 Checking commit 3dff5695a3a3 (target/rx: Emit all disassembly in one 
> prt())
> 11/24 Checking commit b95c9bad6bb6 (target/rx: Collect all bytes during 
> disassembly)
> 12/24 Checking commit ece449ed1087 (target/rx: Dump bytes for each insn 
> during disassembly)
> 13/24 Checking commit a905f500b42f (hw/intc

Re: [Qemu-devel] [PATCH v4 07/11] hmat acpi: Build Memory Side Cache Information Structure(s) in ACPI HMAT

[Igor Mammedov]

On Mon, 10 Jun 2019 21:39:12 +0800
Tao Xu  wrote:

> On 6/7/2019 12:45 AM, Igor Mammedov wrote:
> > On Thu, 6 Jun 2019 11:00:33 +0800
> > Tao Xu  wrote:
> >   
> ...
> >>
> >> But the kernel HMAT can read othe Memory Side Cache Information except
> >> SMBIOS entries and the host HMAT tables also haven’t SMBIOS Handles it
> >> also shows Number of SMBIOS handles (n) as 0. So I am wondering if it is
> >> better to setting "SMBIOS handles (n)" as 0, remove TODO and comment the
> >> reason why set it 0?  
> > 
> > My understanding is that SMBIOS handles are used to associate side cache
> > descriptions with RAM pointed by SMBIOS handles, so that OS would be
> > able to figure out what RAM modules are cached by what cache.
> > Hence I suspect that side cache table is useless in the best case without
> > valid references to SMBIOS handles.
> > (I might be totally mistaken but the matter requires clarification before
> > we commit to it)
> >   
> 
> I am sorry for not providing a detailed description for Memory Side 
> Cache use case. I will add more detailed description in next version of 
> patch.
> 
> As the commit message and /Documentation/admin-guide/mm/numaperf.rst of 
> Kernel HMAT(listed blow), Memory Side Cache Structure is used to provide 
> the cache information about System memory for the software to use. Then 
> the software can maximize the performance because it can choose the best 
> node to use.
> 
> Memory Side Cache Information Structure and System Locality Latency and 
> Bandwidth Information Structure can both provide more information than 
> numa distance for software to see. So back to the SMBIOS, in spec, 
> SMBIOS handles point to the memory side cache physical devices, but they 
> are also information and not contribute to the performance of the 
> described memory. The field "Proximity Domain for the Memory" can show 
> the described memory.
> 
> I am wondering if this explanation is clear? Thank you.

I didn't manage to find a definite answer in spec to what SMBIOS entry
should describe. Another use of 'Physical Memory Component' is in PMTT
table and it looks to me that it type 17 should reffer to DIMM device.

But well, considering spec isn't clear about subject and that linux
kernel doesn't seem to use this entries lets use it without SMBIOS
entries for now. Like you suggested, lets set number of SMBIOS handles to 0
and drop num_smbios_handles so that user won't be able to provide any.


> "System memory may be constructed in a hierarchy of elements with 
> various performance characteristics in order to provide large address 
> space of slower performing memory cached by a smaller higher performing 
> memory."
> 
> "An application does not need to know about caching attributes in order
> to use the system. Software may optionally query the memory cache
> attributes in order to maximize the performance out of such a setup.
> If the system provides a way for the kernel to discover this 
> information, for example with ACPI HMAT (Heterogeneous Memory Attribute 
> Table), the kernel will append these attributes to the NUMA node memory 
> target."
> 
> "Each cache level's directory provides its attributes. For example, the
> following shows a single cache level and the attributes available for
> software to query::
> 
>   # tree sys/devices/system/node/node0/memory_side_cache/
>   /sys/devices/system/node/node0/memory_side_cache/
>   |-- index1
>   |   |-- indexing
>   |   |-- line_size
>   |   |-- size
>   |   `-- write_policy
> "
> 

Re: [Qemu-devel] [PATCH v4 09/11] numa: Extend the command-line to provide memory side cache information

[Igor Mammedov]

On Wed,  8 May 2019 14:17:24 +0800
Tao Xu  wrote:

> From: Liu Jingqi 
> 
> Add -numa hmat-cache option to provide Memory Side Cache Information.
> These memory attributes help to build Memory Side Cache Information
> Structure(s) in ACPI Heterogeneous Memory Attribute Table (HMAT).
> 
> Signed-off-by: Liu Jingqi 
> Signed-off-by: Tao Xu 
> ---
> 
> Changes in v4 -> v3:
> - update the version tag from 4.0 to 4.1
> ---
>  numa.c | 75 ++
>  qapi/misc.json | 72 ++--
>  2 files changed, 145 insertions(+), 2 deletions(-)
> 
> diff --git a/numa.c b/numa.c
> index 1aecb7a2e9..4866736fc8 100644
> --- a/numa.c
> +++ b/numa.c
> @@ -300,6 +300,75 @@ static void parse_numa_hmat_lb(MachineState *ms, 
> NumaHmatLBOptions *node,
>  }
>  }
>  
> +static
> +void parse_numa_hmat_cache(MachineState *ms, NumaHmatCacheOptions *node,
> +Error **errp)
> +{
> +int nb_numa_nodes = ms->numa_state->num_nodes;
> +HMAT_Cache_Info *hmat_cache = NULL;
> +
> +if (node->node_id >= nb_numa_nodes) {
> +error_setg(errp, "Invalid node-id=%" PRIu32
> +   ", it should be less than %d.",
> +   node->node_id, nb_numa_nodes);
> +return;
> +}
> +if (!ms->numa_state->nodes[node->node_id].is_target) {
> +error_setg(errp, "Invalid node-id=%" PRIu32
> +   ", it isn't a target proximity domain.",
> +   node->node_id);
> +return;
> +}
> +
> +if (node->total > MAX_HMAT_CACHE_LEVEL) {
> +error_setg(errp, "Invalid total=%" PRIu8
> +   ", it should be less than or equal to %d.",
> +   node->total, MAX_HMAT_CACHE_LEVEL);
> +return;
> +}
> +if (node->level > node->total) {
> +error_setg(errp, "Invalid level=%" PRIu8
> +   ", it should be less than or equal to"
> +   " total=%" PRIu8 ".",
> +   node->level, node->total);
> +return;
> +}
> +if (ms->numa_state->hmat_cache[node->node_id][node->level]) {
> +error_setg(errp, "Duplicate configuration of the side cache for "
> +   "node-id=%" PRIu32 " and level=%" PRIu8 ".",
> +   node->node_id, node->level);
> +return;
> +}
> +
> +if ((node->level > 1) &&
> +ms->numa_state->hmat_cache[node->node_id][node->level - 1] &&
> +(node->size >=
> +ms->numa_state->hmat_cache[node->node_id][node->level - 
> 1]->size)) {
> +error_setg(errp, "Invalid size=0x%" PRIx64
> +   ", the size of level=%" PRIu8
> +   " should be less than the size(0x%" PRIx64
> +   ") of level=%" PRIu8 ".",
> +   node->size, node->level,
> +   ms->numa_state->hmat_cache[node->node_id]
> + [node->level - 1]->size,
> +   node->level - 1);
> +return;
> +}
> +
> +hmat_cache = g_malloc0(sizeof(*hmat_cache));
> +
> +hmat_cache->mem_proximity = node->node_id;
> +hmat_cache->size = node->size;
> +hmat_cache->total_levels = node->total;
> +hmat_cache->level = node->level;
> +hmat_cache->associativity = node->assoc;
> +hmat_cache->write_policy = node->policy;
> +hmat_cache->line_size = node->line;
> +hmat_cache->num_smbios_handles = 0;
> +
> +ms->numa_state->hmat_cache[node->node_id][node->level] = hmat_cache;
> +}
> +
>  static
>  void set_numa_options(MachineState *ms, NumaOptions *object, Error **errp)
>  {
> @@ -344,6 +413,12 @@ void set_numa_options(MachineState *ms, NumaOptions 
> *object, Error **errp)
>  goto end;
>  }
>  break;
> +case NUMA_OPTIONS_TYPE_HMAT_CACHE:
> +parse_numa_hmat_cache(ms, &object->u.hmat_cache, &err);
> +if (err) {
> +goto end;
> +}
> +break;
>  default:
>  abort();
>  }
> diff --git a/qapi/misc.json b/qapi/misc.json
> index d7fce75702..2b7e34b469 100644
> --- a/qapi/misc.json
> +++ b/qapi/misc.json
> @@ -2541,10 +2541,12 @@
>  #
>  # @hmat-lb: memory latency and bandwidth information (Since: 4.1)
>  #
> +# @hmat-cache: memory side cache information (Since: 4.1)
> +#
>  # Since: 2.1
>  ##
>  { 'enum': 'NumaOptionsType',
> -  'data': [ 'node', 'dist', 'cpu', 'hmat-lb' ] }
> +   'data': [ 'node', 'dist', 'cpu', 'hmat-lb', 'hmat-cache' ] }
stray whitespace in front???


>  ##
>  # @NumaOptions:
> @@ -2560,7 +2562,8 @@
>  'node': 'NumaNodeOptions',
>  'dist': 'NumaDistOptions',
>  'cpu': 'NumaCpuOptions',
> -'hmat-lb': 'NumaHmatLBOptions' }}
> +'hmat-lb': 'NumaHmatLBOptions',
> +'hmat-cache': 'NumaHmatCacheOptions' }}
>  
>  ##
>  # @NumaNodeOptions:
> @@ -2710,6 +2713,71 @@
> '*latency': 'uint16',
> '*bandwidth': 'uint16' }}
>  
> +##
> +# @HmatCacheAssoci

Re: [Qemu-devel] [PATCH v4 11/11] hmat acpi: Implement _HMA method to update HMAT at runtime

[Igor Mammedov]

On Wed,  8 May 2019 14:17:26 +0800
Tao Xu  wrote:

> From: Liu Jingqi 
> 
> OSPM evaluates HMAT only during system initialization.
> Any changes to the HMAT state at runtime or information
> regarding HMAT for hot plug are communicated using _HMA method.
> 
> _HMA is an optional object that enables the platform to provide
> the OS with updated Heterogeneous Memory Attributes information
> at runtime. _HMA provides OSPM with the latest HMAT in entirety
> overriding existing HMAT.

it seems that there aren't any user interface to actually introduce
new HMAT data during runtime. If it's so lets drop 10-11/11 for now,
you can add it later when/if you add QMP interface to update/replace
HMAT at runtime.

> Signed-off-by: Liu Jingqi 
> Signed-off-by: Tao Xu 
> ---
> 
> Changes in v4 -> v3:
> - move AcpiHmaState from PCMachineState to MachineState
> to make HMAT more generalic (Igor)
> - use build_acpi_aml_common() introduced in patch 10/11 to
> simplify hmat_build_aml (Igor)
> ---
>  hw/acpi/hmat.c  | 296 
>  hw/acpi/hmat.h  |  72 ++
>  hw/core/machine.c   |   3 +
>  hw/i386/acpi-build.c|   2 +
>  hw/i386/pc.c|   3 +
>  hw/i386/pc_piix.c   |   4 +
>  hw/i386/pc_q35.c|   4 +
>  include/hw/boards.h |   1 +
>  include/qemu/typedefs.h |   1 +
>  9 files changed, 386 insertions(+)
> 
> diff --git a/hw/acpi/hmat.c b/hw/acpi/hmat.c
> index 3a8c41162d..bc2dffd079 100644
> --- a/hw/acpi/hmat.c
> +++ b/hw/acpi/hmat.c
> @@ -28,6 +28,7 @@
>  #include "hw/i386/pc.h"
>  #include "hw/acpi/hmat.h"
>  #include "hw/nvram/fw_cfg.h"
> +#include "hw/mem/nvdimm.h"
>  
>  static uint32_t initiator_pxm[MAX_NODES], target_pxm[MAX_NODES];
>  static uint32_t num_initiator, num_target;
> @@ -262,6 +263,270 @@ static void hmat_build_hma(GArray *table_data, 
> MachineState *ms)
>  }
>  }
>  
> +static uint64_t
> +hmat_hma_method_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +printf("BUG: we never read _HMA IO Port.\n");
what real hardware would do in this case?

> +return 0;
> +}
> +
> +/* _HMA Method: read HMA data. */
> +static void hmat_handle_hma_method(AcpiHmaState *state,
> +   HmatHmamIn *in, hwaddr hmam_mem_addr)
> +{
> +HmatHmaBuffer *hma_buf = &state->hma_buf;
> +HmatHmamOut *read_hma_out;
> +GArray *hma;
> +uint32_t read_len = 0, ret_status;
> +int size;
> +
> +if (in != NULL) {
> +le32_to_cpus(&in->offset);
> +}
> +
> +hma = hma_buf->hma;
> +if (in->offset > hma->len) {
> +ret_status = HMAM_RET_STATUS_INVALID;
> +goto exit;
> +}
> +
> +   /* It is the first time to read HMA. */
> +if (!in->offset) {
> +hma_buf->dirty = false;
> +} else if (hma_buf->dirty) {
> +/* HMA has been changed during Reading HMA. */
> +ret_status = HMAM_RET_STATUS_HMA_CHANGED;
> +goto exit;
> +}
> +
> +ret_status = HMAM_RET_STATUS_SUCCESS;
> +read_len = MIN(hma->len - in->offset,
> +   HMAM_MEMORY_SIZE - 2 * sizeof(uint32_t));
> +exit:
> +size = sizeof(HmatHmamOut) + read_len;
> +read_hma_out = g_malloc(size);
> +
> +read_hma_out->len = cpu_to_le32(size);
> +read_hma_out->ret_status = cpu_to_le32(ret_status);
> +memcpy(read_hma_out->data, hma->data + in->offset, read_len);
> +
> +cpu_physical_memory_write(hmam_mem_addr, read_hma_out, size);
> +
> +g_free(read_hma_out);
> +}
> +
> +static void
> +hmat_hma_method_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> +{
> +AcpiHmaState *state = opaque;
> +hwaddr hmam_mem_addr = val;
> +HmatHmamIn *in;
> +
> +in = g_new(HmatHmamIn, 1);
> +cpu_physical_memory_read(hmam_mem_addr, in, sizeof(*in));
> +
> +hmat_handle_hma_method(state, in, hmam_mem_addr);
> +}
> +
> +static const MemoryRegionOps hmat_hma_method_ops = {
> +.read = hmat_hma_method_read,
> +.write = hmat_hma_method_write,
> +.endianness = DEVICE_LITTLE_ENDIAN,
> +.valid = {
> +.min_access_size = 4,
> +.max_access_size = 4,
> +},
> +};
> +
> +static void hmat_init_hma_buffer(HmatHmaBuffer *hma_buf)
> +{
> +hma_buf->hma = g_array_new(false, true /* clear */, 1);
> +}
> +
> +static uint8_t hmat_acpi_table_checksum(uint8_t *buffer, uint32_t length)
> +{
> +uint8_t sum = 0;
> +uint8_t *end = buffer + length;
> +
> +while (buffer < end) {
> +sum = (uint8_t) (sum + *(buffer++));
> +}
> +return (uint8_t)(0 - sum);
> +}
> +
> +static void hmat_build_header(AcpiTableHeader *h,
> + const char *sig, int len, uint8_t rev,
> + const char *oem_id, const char *oem_table_id)
> +{
> +memcpy(&h->signature, sig, 4);
> +h->length = cpu_to_le32(len);
> +h->revision = rev;
> +
> +if (oem_id) {
> +strncpy((char *)h->oem_id, oem_id, sizeof h->oem_id);
> +} else {
> +memcpy(h->oem_id, ACPI_BUILD

[Qemu-devel] [PATCH] atomic failures on qemu-system-riscv64

[Joel Sing]

While working on a Go (www.golang.org) port for riscv, I've run
into issues with atomics (namely LR/SC) on qemu-system-riscv64.
There are several reproducers for this problem including one
using gcc builtin atomics:

  https://gist.github.com/4a6f656c/8433032a3f70893a278259f8108aad90

And a version using inline assembly:

  https://gist.github.com/4a6f656c/d883091f5ca811822720213be343a75a

Depending on the qemu configuration the number of threads may
need increasing (to force context switching) and/or run in a
loop. Go's sync/atomic tests also fail regularly.

Having dug into the qemu code, what I believe is happening is
along the lines of the following while running the typical CAS
sequence:

1. Thread 1 runs and executes an LR - this assigns an address
   to load_res and a value to load_val (say 1). It performs a
   comparison, the value matches and decides to continue with
   its SC.

2. A context switch occurs and thread 2 is now run - it runs
   an LR and SC on the same address modifying the stored value.
   Another LR is executed loading load_val with the current
   value (say 3).

3. A context switch occurs and thread 1 is now run again, it
   continues on its LR/SC sequence and now runs the SC instruction.
   This is based on the assumption that it had a reservation
   and the SC will fail if the memory has changed. The underlying
   implementation of SC is a cmpxchg with the value in load_val
   - this no longer has the original value and hence successfully
   compares (as does the tcg_gen_setcond_tl() between the returned
   value and load_val) thus the SC succeeds when it should not.

The diff below clears load_res when the mode changes - with this
applied the reproducers work correctly, as do Go's atomic tests.
This is inline with v2.2 of the RISCV ISA specification:

"The SC must fail if there is an observable memory access from
another hart to the address, or if there is an intervening context
switch on this hart, or if in the meantime the hart executed a
privileged exception-return instruction."

However, it is worth noting that this language was changed in
later revisions of the specification and now states that an
LR/SC must fail if there is an SC to any address in between.
On its own this does not prevent the above context-switch
scenario and an additional note says that the kernel "should"
forcibly break a load reservation by running an SC instruction
on a preemptive context switch. The riscv linux kernel does not
currently do this, however a diff exists to change this:

  https://lore.kernel.org/linux-riscv/2019060722.15300-1-pal...@sifive.com/

As such, the below diff clears the load reservation on both
mode changes and on execution of an SC instruction. This results
in correct behaviour on both a patched and unpatched kernel and
seems to be the safer approach.

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b17f169681..19029429a7 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -113,6 +113,15 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong 
newpriv)
 }
 /* tlb_flush is unnecessary as mode is contained in mmu_idx */
 env->priv = newpriv;
+
+/* Clear the load reservation - otherwise a reservation placed in one
+ * context/process can be used by another, resulting in an SC succeeding
+ * incorrectly. Version 2.2 of the ISA specification explicitly requires
+ * this behaviour, while later revisions say that the kernel "should" use
+ * an SC instruction to force the yielding of a load reservation on a
+ * preemptive context switch. As a result, do both.
+ */
+env->load_res = 0;
 }
 
 /* get_physical_address - get the physical address for this virtual address
diff --git a/target/riscv/insn_trans/trans_rva.inc.c 
b/target/riscv/insn_trans/trans_rva.inc.c
index f6dbbc065e..bb560a9d05 100644
--- a/target/riscv/insn_trans/trans_rva.inc.c
+++ b/target/riscv/insn_trans/trans_rva.inc.c
@@ -61,13 +61,19 @@ static inline bool gen_sc(DisasContext *ctx, arg_atomic *a, 
TCGMemOp mop)
 
 gen_set_label(l1);
 /*
- * Address comparion failure.  However, we still need to
+ * Address comparison failure.  However, we still need to
  * provide the memory barrier implied by AQ/RL.
  */
 tcg_gen_mb(TCG_MO_ALL + a->aq * TCG_BAR_LDAQ + a->rl * TCG_BAR_STRL);
 tcg_gen_movi_tl(dat, 1);
 gen_set_gpr(a->rd, dat);
 
+/*
+ * Clear the load reservation, since an SC must fail if there is
+ * an SC to any address, in between an LR and SC pair.
+ */
+tcg_gen_movi_tl(load_res, 0);
+
 gen_set_label(l2);
 tcg_temp_free(dat);
 tcg_temp_free(src1);

Re: [Qemu-devel] [PATCH] atomic failures on qemu-system-riscv64

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190616191900.gh61...@hippo.sing.id.au/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH] atomic failures on qemu-system-riscv64
Type: series
Message-id: 20190616191900.gh61...@hippo.sing.id.au

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20190616191900.gh61...@hippo.sing.id.au -> 
patchew/20190616191900.gh61...@hippo.sing.id.au
Switched to a new branch 'test'
b582c6f8fc atomic failures on qemu-system-riscv64

=== OUTPUT BEGIN ===
WARNING: Block comments use a leading /* on a separate line
#81: FILE: target/riscv/cpu_helper.c:136:
+/* Clear the load reservation - otherwise a reservation placed in one

ERROR: Missing Signed-off-by: line(s)

total: 1 errors, 1 warnings, 35 lines checked

Commit b582c6f8fccc (atomic failures on qemu-system-riscv64) has style 
problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190616191900.gh61...@hippo.sing.id.au/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [PATCH] tcg: Fix mmap lock assert on translation failure

[Richard Henderson]

Check page flags before letting an invalid pc cause a SIGSEGV.

Prepare for eventially validating PROT_EXEC.  The current wrinkle being
that we have a problem with our implementation of signals.  We should
be using a vdso like the kernel, but we instead put the trampoline on
the stack.  In the meantime, let PROT_READ match PROT_EXEC.

Fixes: https://bugs.launchpad.net/qemu/+bug/1832353
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h|  1 +
 include/exec/cpu_ldst_useronly_template.h |  8 +--
 accel/tcg/translate-all.c | 29 +++
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 536ea58f81..58b8915617 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -259,6 +259,7 @@ int walk_memory_regions(void *, walk_memory_regions_fn);
 int page_get_flags(target_ulong address);
 void page_set_flags(target_ulong start, target_ulong end, int flags);
 int page_check_range(target_ulong start, target_ulong len, int flags);
+void validate_exec_access(CPUArchState *env, target_ulong s, target_ulong l);
 #endif
 
 CPUArchState *cpu_copy(CPUArchState *env);
diff --git a/include/exec/cpu_ldst_useronly_template.h 
b/include/exec/cpu_ldst_useronly_template.h
index bc45e2b8d4..f095415149 100644
--- a/include/exec/cpu_ldst_useronly_template.h
+++ b/include/exec/cpu_ldst_useronly_template.h
@@ -64,7 +64,9 @@
 static inline RES_TYPE
 glue(glue(cpu_ld, USUFFIX), MEMSUFFIX)(CPUArchState *env, abi_ptr ptr)
 {
-#if !defined(CODE_ACCESS)
+#ifdef CODE_ACCESS
+validate_exec_access(env, ptr, DATA_SIZE);
+#else
 trace_guest_mem_before_exec(
 env_cpu(env), ptr,
 trace_mem_build_info(SHIFT, false, MO_TE, false));
@@ -88,7 +90,9 @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
 static inline int
 glue(glue(cpu_lds, SUFFIX), MEMSUFFIX)(CPUArchState *env, abi_ptr ptr)
 {
-#if !defined(CODE_ACCESS)
+#ifdef CODE_ACCESS
+validate_exec_access(env, ptr, DATA_SIZE);
+#else
 trace_guest_mem_before_exec(
 env_cpu(env), ptr,
 trace_mem_build_info(SHIFT, true, MO_TE, false));
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 5d1e08b169..1d4a8a260f 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -2600,10 +2600,39 @@ int page_check_range(target_ulong start, target_ulong 
len, int flags)
 }
 }
 }
+/*
+ * FIXME: We place the signal trampoline on the stack,
+ * even when the guest expects that to be in the vdso.
+ * Until we fix that, allow execute on any readable page.
+ */
+if ((flags & PAGE_EXEC) && !(p->flags & (PAGE_EXEC | PAGE_READ))) {
+return -1;
+}
 }
 return 0;
 }
 
+/*
+ * Called for each code read, longjmp out to issue SIGSEGV if the page(s)
+ * do not have execute access.
+ */
+void validate_exec_access(CPUArchState *env,
+  target_ulong ptr, target_ulong len)
+{
+if (page_check_range(ptr, len, PAGE_EXEC) < 0) {
+CPUState *cs = env_cpu(env);
+CPUClass *cc = CPU_GET_CLASS(cs);
+
+/* Like tb_gen_code, release the memory lock before cpu_loop_exit.  */
+assert_memory_lock();
+mmap_unlock();
+
+/* This is user-only.  The target must raise an exception.  */
+cc->tlb_fill(cs, ptr, 0, MMU_INST_FETCH, MMU_USER_IDX, false, 0);
+g_assert_not_reached();
+}
+}
+
 /* called from signal handler: invalidate the code and unprotect the
  * page. Return 0 if the fault was not handled, 1 if it was handled,
  * and 2 if it was handled but the caller must cause the TB to be
-- 
2.17.1

[Qemu-devel] [PATCH 2/2] tcg: Remove cpu_ld*_code_ra

[Richard Henderson]

These functions are not used, and are not usable in the
context of code generation, because we never have a helper
return address to pass in to them.

Signed-off-by: Richard Henderson 
---
 include/exec/cpu_ldst_useronly_template.h | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/exec/cpu_ldst_useronly_template.h 
b/include/exec/cpu_ldst_useronly_template.h
index e65733f7e2..8c7a2c6cd7 100644
--- a/include/exec/cpu_ldst_useronly_template.h
+++ b/include/exec/cpu_ldst_useronly_template.h
@@ -72,6 +72,7 @@ glue(glue(cpu_ld, USUFFIX), MEMSUFFIX)(CPUArchState *env, 
abi_ptr ptr)
 return glue(glue(ld, USUFFIX), _p)(g2h(ptr));
 }
 
+#ifndef CODE_ACCESS
 static inline RES_TYPE
 glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
   abi_ptr ptr,
@@ -83,6 +84,7 @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
 clear_helper_retaddr();
 return ret;
 }
+#endif
 
 #if DATA_SIZE <= 2
 static inline int
@@ -96,6 +98,7 @@ glue(glue(cpu_lds, SUFFIX), MEMSUFFIX)(CPUArchState *env, 
abi_ptr ptr)
 return glue(glue(lds, SUFFIX), _p)(g2h(ptr));
 }
 
+#ifndef CODE_ACCESS
 static inline int
 glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
   abi_ptr ptr,
@@ -107,7 +110,8 @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
 clear_helper_retaddr();
 return ret;
 }
-#endif
+#endif /* CODE_ACCESS */
+#endif /* DATA_SIZE <= 2 */
 
 #ifndef CODE_ACCESS
 static inline void
-- 
2.17.1

[Qemu-devel] [PATCH 1/2] tcg: Introduce set/clear_helper_retaddr

[Richard Henderson]

At present we have a potential error in that helper_retaddr contains
data for handle_cpu_signal, but we have not ensured that those stores
will be scheduled properly before the operation that may fault.

The "proper" C11 function from  for this is
atomic_signal_fence().  This expands to a compiler barrier, so it
seems reasonable to use our existing barrier() macro instead.

Adjust all of the setters of helper_retaddr.

Signed-off-by: Richard Henderson 
---
 include/exec/cpu_ldst.h   | 20 +++
 include/exec/cpu_ldst_useronly_template.h | 12 +++
 accel/tcg/user-exec.c | 11 +++---
 target/arm/helper-a64.c   |  8 ++---
 target/arm/sve_helper.c   | 43 +++
 5 files changed, 57 insertions(+), 37 deletions(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index a08b11bd2c..4aee3a5c6b 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -89,6 +89,26 @@ typedef target_ulong abi_ptr;
 
 extern __thread uintptr_t helper_retaddr;
 
+static inline void set_helper_retaddr(uintptr_t ra)
+{
+helper_retaddr = ra;
+/*
+ * Ensure that this write is visible to the SIGSEGV handler that
+ * may be invoked due to a subsequent invalid memory operation.
+ */
+barrier();
+}
+
+static inline void clear_helper_retaddr(void)
+{
+/*
+ * Ensure that previous memory operations have succeeded before
+ * removing the data visible to the signal handler.
+ */
+barrier();
+helper_retaddr = 0;
+}
+
 /* In user-only mode we provide only the _code and _data accessors. */
 
 #define MEMSUFFIX _data
diff --git a/include/exec/cpu_ldst_useronly_template.h 
b/include/exec/cpu_ldst_useronly_template.h
index bc45e2b8d4..e65733f7e2 100644
--- a/include/exec/cpu_ldst_useronly_template.h
+++ b/include/exec/cpu_ldst_useronly_template.h
@@ -78,9 +78,9 @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
   uintptr_t retaddr)
 {
 RES_TYPE ret;
-helper_retaddr = retaddr;
+set_helper_retaddr(retaddr);
 ret = glue(glue(cpu_ld, USUFFIX), MEMSUFFIX)(env, ptr);
-helper_retaddr = 0;
+clear_helper_retaddr();
 return ret;
 }
 
@@ -102,9 +102,9 @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
   uintptr_t retaddr)
 {
 int ret;
-helper_retaddr = retaddr;
+set_helper_retaddr(retaddr);
 ret = glue(glue(cpu_lds, SUFFIX), MEMSUFFIX)(env, ptr);
-helper_retaddr = 0;
+clear_helper_retaddr();
 return ret;
 }
 #endif
@@ -128,9 +128,9 @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), 
_ra)(CPUArchState *env,
   RES_TYPE v,
   uintptr_t retaddr)
 {
-helper_retaddr = retaddr;
+set_helper_retaddr(retaddr);
 glue(glue(cpu_st, SUFFIX), MEMSUFFIX)(env, ptr, v);
-helper_retaddr = 0;
+clear_helper_retaddr();
 }
 #endif
 
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index cb5f4b19c5..4384b59a4d 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -134,7 +134,7 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t 
*info,
  * currently executing TB was modified and must be exited
  * immediately.  Clear helper_retaddr for next execution.
  */
-helper_retaddr = 0;
+clear_helper_retaddr();
 cpu_exit_tb_from_sighandler(cpu, old_set);
 /* NORETURN */
 
@@ -152,7 +152,7 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t 
*info,
  * an exception.  Undo signal and retaddr state prior to longjmp.
  */
 sigprocmask(SIG_SETMASK, old_set, NULL);
-helper_retaddr = 0;
+clear_helper_retaddr();
 
 cc = CPU_GET_CLASS(cpu);
 access_type = is_write ? MMU_DATA_STORE : MMU_DATA_LOAD;
@@ -682,14 +682,15 @@ static void *atomic_mmu_lookup(CPUArchState *env, 
target_ulong addr,
 if (unlikely(addr & (size - 1))) {
 cpu_loop_exit_atomic(env_cpu(env), retaddr);
 }
-helper_retaddr = retaddr;
-return g2h(addr);
+void *ret = g2h(addr);
+set_helper_retaddr(retaddr);
+return ret;
 }
 
 /* Macro to call the above, with local variables from the use context.  */
 #define ATOMIC_MMU_DECLS do {} while (0)
 #define ATOMIC_MMU_LOOKUP  atomic_mmu_lookup(env, addr, DATA_SIZE, GETPC())
-#define ATOMIC_MMU_CLEANUP do { helper_retaddr = 0; } while (0)
+#define ATOMIC_MMU_CLEANUP do { clear_helper_retaddr(); } while (0)
 
 #define ATOMIC_NAME(X)   HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
 #define EXTRA_ARGS
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index 44e45a8037..060699b901 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -554,7 +554,7 @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, 
uint64_t addr,
   

[Qemu-devel] [PULL 00/11] virtio, acpi: fixes, cleanups

[Michael S. Tsirkin]

The following changes since commit f3d0bec9f80e4ed7796fffa834ba0a53f2094f7f:

  Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2019-06-14' 
into staging (2019-06-14 14:46:13 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to 5f6b3561bf58395fd6c906d7064a1a5693a2e426:

  tests/rebuild-expected-aml.sh: blow out difflist (2019-06-16 16:44:44 -0400)


virtio, acpi: fixes, cleanups

A bunch of minor fixes all over the place.

Signed-off-by: Michael S. Tsirkin 


Gerd Hoffmann (1):
  q35: fix mmconfig and PCI0._CRS

Li Hangjing (1):
  vhost: fix vhost_log size overflow during migration

Marc-André Lureau (6):
  vhost-user-gpu: do not send scanout update if no GPU socket
  vhost-user: check unix_listen() return value
  vhost-user: improve error report
  vhost-user-input: check ioctl(EVIOCGNAME) return value
  vhost-user-gpu: initialize msghdr & iov at declaration
  docs/vhost-user.json: some firmware.json copy leftovers

Michael S. Tsirkin (2):
  q35: update DSDT
  tests/rebuild-expected-aml.sh: blow out difflist

Wei Yang (1):
  hw/acpi: extract acpi_add_rom_blob()

 docs/interop/vhost-user.json|   6 ++---
 include/hw/acpi/utils.h |   9 +++
 contrib/vhost-user-gpu/main.c   |  29 +++
 contrib/vhost-user-input/main.c |  12 --
 hw/acpi/utils.c |  35 
 hw/arm/virt-acpi-build.c|  26 -
 hw/i386/acpi-build.c|  40 +++-
 hw/pci-host/q35.c   |  31 +++--
 hw/virtio/vhost.c   |  10 
 hw/acpi/Makefile.objs   |   2 +-
 tests/data/acpi/q35/DSDT| Bin 7815 -> 7841 bytes
 tests/data/acpi/q35/DSDT.bridge | Bin 7832 -> 7858 bytes
 tests/data/acpi/q35/DSDT.cphp   | Bin 8278 -> 8304 bytes
 tests/data/acpi/q35/DSDT.dimmpxm| Bin 9468 -> 9494 bytes
 tests/data/acpi/q35/DSDT.ipmibt | Bin 7890 -> 7916 bytes
 tests/data/acpi/q35/DSDT.memhp  | Bin 9174 -> 9200 bytes
 tests/data/acpi/q35/DSDT.mmio64 | Bin 8945 -> 8971 bytes
 tests/data/acpi/q35/DSDT.numamem| Bin 7821 -> 7847 bytes
 tests/data/acpi/rebuild-expected-aml.sh |   3 +++
 19 files changed, 127 insertions(+), 76 deletions(-)
 create mode 100644 include/hw/acpi/utils.h
 create mode 100644 hw/acpi/utils.c

[Qemu-devel] [PULL 07/11] vhost: fix vhost_log size overflow during migration

[Michael S. Tsirkin]

From: Li Hangjing 

When a guest which doesn't support multiqueue is migrated with a multi queues
vhost-user-blk deivce, a crash will occur like:

0 qemu_memfd_alloc (name=, size=562949953421312, 
seals=, fd=0x7f87171fe8b4, errp=0x7f87171fe8a8) at 
util/memfd.c:153
1 0x7f883559d7cf in vhost_log_alloc (size=70368744177664, share=true) at 
hw/virtio/vhost.c:186
2 0x7f88355a0758 in vhost_log_get (listener=0x7f8838bd7940, enable=1) at 
qemu-2-12/hw/virtio/vhost.c:211
3 vhost_dev_log_resize (listener=0x7f8838bd7940, enable=1) at 
hw/virtio/vhost.c:263
4 vhost_migration_log (listener=0x7f8838bd7940, enable=1) at 
hw/virtio/vhost.c:787
5 0x7f88355463d6 in memory_global_dirty_log_start () at memory.c:2503
6 0x7f8835550577 in ram_init_bitmaps (f=0x7f88384ce600, 
opaque=0x7f8836024098) at migration/ram.c:2173
7 ram_init_all (f=0x7f88384ce600, opaque=0x7f8836024098) at migration/ram.c:2192
8 ram_save_setup (f=0x7f88384ce600, opaque=0x7f8836024098) at 
migration/ram.c:2219
9 0x7f88357a419d in qemu_savevm_state_setup (f=0x7f88384ce600) at 
migration/savevm.c:1002
10 0x7f883579fc3e in migration_thread (opaque=0x7f8837530400) at 
migration/migration.c:2382
11 0x7f8832447893 in start_thread () from /lib64/libpthread.so.0
12 0x7f8832178bfd in clone () from /lib64/libc.so.6

This is because vhost_get_log_size() returns a overflowed vhost-log size.
In this function, it uses the uninitialized variable vqs->used_phys and
vqs->used_size to get the vhost-log size.

Signed-off-by: Li Hangjing 
Reviewed-by: Xie Yongji 
Reviewed-by: Chai Wen 
Message-Id: <20190603061524.24076-1-lihangj...@baidu.com>
Cc: qemu-sta...@nongnu.org
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/vhost.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 60747a6f93..bc899fc60e 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -131,6 +131,11 @@ static int vhost_sync_dirty_bitmap(struct vhost_dev *dev,
 }
 for (i = 0; i < dev->nvqs; ++i) {
 struct vhost_virtqueue *vq = dev->vqs + i;
+
+if (!vq->used_phys && !vq->used_size) {
+continue;
+}
+
 vhost_dev_sync_region(dev, section, start_addr, end_addr, 
vq->used_phys,
   range_get_last(vq->used_phys, vq->used_size));
 }
@@ -168,6 +173,11 @@ static uint64_t vhost_get_log_size(struct vhost_dev *dev)
 }
 for (i = 0; i < dev->nvqs; ++i) {
 struct vhost_virtqueue *vq = dev->vqs + i;
+
+if (!vq->used_phys && !vq->used_size) {
+continue;
+}
+
 uint64_t last = vq->used_phys + vq->used_size - 1;
 log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
 }
-- 
MST

[Qemu-devel] [PULL 10/11] q35: update DSDT

[Michael S. Tsirkin]

update expected files and drop them from allowed diff list.

Fixes: 4a4418369d6 ("q35: fix mmconfig and PCI0._CRS")
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test-allowed-diff.h |   8 
 tests/data/acpi/q35/DSDT  | Bin 7815 -> 7841 bytes
 tests/data/acpi/q35/DSDT.bridge   | Bin 7832 -> 7858 bytes
 tests/data/acpi/q35/DSDT.cphp | Bin 8278 -> 8304 bytes
 tests/data/acpi/q35/DSDT.dimmpxm  | Bin 9468 -> 9494 bytes
 tests/data/acpi/q35/DSDT.ipmibt   | Bin 7890 -> 7916 bytes
 tests/data/acpi/q35/DSDT.memhp| Bin 9174 -> 9200 bytes
 tests/data/acpi/q35/DSDT.mmio64   | Bin 8945 -> 8971 bytes
 tests/data/acpi/q35/DSDT.numamem  | Bin 7821 -> 7847 bytes
 9 files changed, 8 deletions(-)

diff --git a/tests/bios-tables-test-allowed-diff.h 
b/tests/bios-tables-test-allowed-diff.h
index 3bbd22c62a..dfb8523c8b 100644
--- a/tests/bios-tables-test-allowed-diff.h
+++ b/tests/bios-tables-test-allowed-diff.h
@@ -1,9 +1 @@
 /* List of comma-separated changed AML files to ignore */
-"tests/data/acpi/q35/DSDT",
-"tests/data/acpi/q35/DSDT.bridge",
-"tests/data/acpi/q35/DSDT.mmio64",
-"tests/data/acpi/q35/DSDT.ipmibt",
-"tests/data/acpi/q35/DSDT.cphp",
-"tests/data/acpi/q35/DSDT.memhp",
-"tests/data/acpi/q35/DSDT.numamem",
-"tests/data/acpi/q35/DSDT.dimmpxm",
diff --git a/tests/data/acpi/q35/DSDT b/tests/data/acpi/q35/DSDT
index 
7576ffcd05991ad5a3901c0f7698a52fffc6d6e2..f9f36d1645c9b57aea38350d67dfaa143845697d
 100644
GIT binary patch
delta 65
zcmZp-U1-bY66_MPP>z9t(QYHxMHw+i!5F>xV5j&1XHNr;c;}#CK`(BuZIeIB#Pf3e
R|NnnI0|czt>@4fT2mo%L69@nR

delta 51
zcmZ2z+iuI{66_MvF2}&Y*szi7qKue3e~eyyuv2`1v!?+^ymL^npaU1zoXH<$;x}i>
Hnll0bdb|$6

diff --git a/tests/data/acpi/q35/DSDT.bridge b/tests/data/acpi/q35/DSDT.bridge
index 
c623cc5d72a2e346793fa9128e7e88b6781241b2..29176832ca9842c6654273ae1246321aa38b2821
 100644
GIT binary patch
delta 65
zcmbPXyUCWzCD
R|NsB>3=ptlv$Jd{BLJG%6YKy0

delta 51
zcmdmFJHwXCCD%j;Bc5Du$

diff --git a/tests/data/acpi/q35/DSDT.cphp b/tests/data/acpi/q35/DSDT.cphp
index 
7ac526e4669fd84048b2d8ec6af8661503e1a9fa..19bdb5d21050f24aaacbafb1f84d6e1d541876c6
 100644
GIT binary patch
delta 65
zcmccS@WFx0CDZo3farV2oaTuv2`1v!?+^ymL^npcgmSw#jMA@w^=W
R|Nmdl00ApD?@)GO1OQ#b61)Ha

delta 51
zcmbQ{^~aOTCDxV5j&1XHNr;c;}#CK`(BuZIf+e<9Rv$
R|Np<90RmQR?vr(41OR*267c{4

delta 51
zcmaE3d&!o|CDGO}Xs{4sj*!A|i3&YlJw@y@!5F>xV5j&1XHNr;c;}#CK`(BuZId08;(0m#
R|Np<90RmQRo}}c$2mpN;68-=H

delta 51
zcmez1e$AcBCD`3

diff --git a/tests/data/acpi/q35/DSDT.mmio64 b/tests/data/acpi/q35/DSDT.mmio64
index 
f60ee77fb4d655e77c7ef1e8c205d741cc288939..20f627ed08a0cae4e144f3e4dd7dd5f1d8d0318c
 100644
GIT binary patch
delta 65
zcmez9+U>^W66_Mft<1o{_H$66_N4QHgoQ`Ff-!pW!A|i3&YlJw@y

[Qemu-devel] [PULL 11/11] tests/rebuild-expected-aml.sh: blow out difflist

[Michael S. Tsirkin]

As expected files have been updated, make sure we
do not forget to remove them from the allowed
diff list.

Signed-off-by: Michael S. Tsirkin 
---
 tests/data/acpi/rebuild-expected-aml.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/data/acpi/rebuild-expected-aml.sh 
b/tests/data/acpi/rebuild-expected-aml.sh
index d2853218dd..f89d4624bc 100755
--- a/tests/data/acpi/rebuild-expected-aml.sh
+++ b/tests/data/acpi/rebuild-expected-aml.sh
@@ -29,5 +29,8 @@ for qemu in $qemu_bins; do
 TEST_ACPI_REBUILD_AML=y QTEST_QEMU_BINARY=$qemu tests/bios-tables-test
 done
 
+eval `grep SRC_PATH= config-host.mak`
+
+echo '/* List of comma-separated changed AML files to ignore */' > 
${SRC_PATH}/tests/bios-tables-test-allowed-diff.h
 
 echo "The files were rebuilt and can be added to git."
-- 
MST

Re: [Qemu-devel] [PATCH v3 01/15] target/ppc: remove getVSR()/putVSR() from fpu_helper.c

[Richard Henderson]

On 6/16/19 5:37 AM, Mark Cave-Ayland wrote:
> Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
> registers are in host endian order" functions getVSR() and putVSR() which used
> to convert the VSR registers into host endian order are no longer required.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  target/ppc/fpu_helper.c | 762 
> +++-
>  1 file changed, 366 insertions(+), 396 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH qemu] loader: Trace loaded images

[Alexey Kardashevskiy]

On 14/06/2019 19:33, Stefan Hajnoczi wrote:
> On Fri, Jun 14, 2019 at 10:13:04AM +1000, Alexey Kardashevskiy wrote:
>>
>>
>> On 13/06/2019 23:08, Philippe Mathieu-Daudé wrote:
>>> Hi Alexey,
>>>
>>> On 6/13/19 7:09 AM, Alexey Kardashevskiy wrote:
 This adds a trace point which prints every loaded image. This includes
 bios/firmware/kernel/initradmdisk/pcirom.

 Signed-off-by: Alexey Kardashevskiy 
 ---

 The example for a pseries guest:

 loader_write_rom slof.bin: @0x0 size=0xe22e0 ROM=0
 loader_write_rom phdr #0: /home/aik/t/vml4120le: @0x40 size=0x13df000 
 ROM=0
 loader_write_rom /home/aik/t/le.cpio: @0x1ad size=0x9463a00 ROM=0
>>>
>>> I find the "ROM=0" part confuse, maybe you can change to "ROM:false".
>>
>> How? I mean I can do that in the code as rom->isrom?"true":"false" and
>> make trace point accept "%s" but it is quite ugly and others seem to
>> just use %d for bool.
> 
> Yes, %d is the convention for bool.  Perhaps you can name it "is_rom"
> instead of "ROM".  That way the name communicates that this is a boolean
> value.

It is quite obvious though that it is boolean even as "ROM" (what else
can that be realistically?) and there does not seem to be a convention
about xxx:N vs is_xxx:N. And personally I find longer lines worse for
limited width screens (I run multiple qemus in tiled tmux). Whose tree
is this going to? Let's ask that person :)


-- 
Alexey

Re: [Qemu-devel] [PATCH v3 02/15] target/ppc: remove getVSR()/putVSR() from mem_helper.c

[Richard Henderson]

On 6/16/19 5:37 AM, Mark Cave-Ayland wrote:
> Since commit 8a14d31b00 "target/ppc: switch fpr/vsrl registers so all VSX
> registers are in host endian order" functions getVSR() and putVSR() which used
> to convert the VSR registers into host endian order are no longer required.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  target/ppc/mem_helper.c | 23 ---
>  1 file changed, 12 insertions(+), 11 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 02/50] tcg/README: fix typo s/afterwise/afterwards/

[Richard Henderson]

On 6/14/19 10:11 AM, Alex Bennée wrote:
> From: "Emilio G. Cota" 
> 
> Afterwise is "wise after the fact", as in "hindsight".
> Here we meant "afterwards" (as in "subsequently"). Fix it.
> 
> Reviewed-by: Alex Bennée 
> Signed-off-by: Emilio G. Cota 
> ---
>  tcg/README | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 01/50] trace: expand mem_info:size_shift to 3 bits

[Richard Henderson]

On 6/14/19 10:11 AM, Alex Bennée wrote:
> From: "Emilio G. Cota" 
> 
> This will allow us to trace 16B-long memory accesses.
> 
> Reviewed-by: Alex Bennée 
> Signed-off-by: Emilio G. Cota 
> ---
>  trace-events | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/trace-events b/trace-events
> index 844ee58dd9..037169aab3 100644
> --- a/trace-events
> +++ b/trace-events
> @@ -159,7 +159,7 @@ vcpu guest_cpu_reset(void)
>  # Access information can be parsed as:
>  #
>  # struct mem_info {
> -# uint8_t size_shift : 2; /* interpreted as "1 << size_shift" bytes */
> +# uint8_t size_shift : 3; /* interpreted as "1 << size_shift" bytes */
>  # boolsign_extend: 1; /* sign-extended */
>  # uint8_t endianness : 1; /* 0: little, 1: big */
>  # boolstore  : 1; /* wheter it's a store operation */
> 

Well, 128B-long memory accesses.  But SVE supports 256B memory accesses
already.  So why not add one more bit now.


r~

Re: [Qemu-devel] [PATCH v3 1/5] virtio: add "use-started" property

[Yongji Xie]

On Fri, 14 Jun 2019 at 19:45, Greg Kurz  wrote:
>
> On Fri, 14 Jun 2019 17:31:17 +0800
> elohi...@gmail.com wrote:
>
> > From: Xie Yongji 
> >
> > In order to avoid migration issues, we introduce a "use-started"
> > property to the base virtio device to indicate whether use
> > "started" flag or not. This property will be true by default and
> > set to false when machine type <= 4.0.1.
> >
> > Suggested-by: Greg Kurz 
> > Signed-off-by: Xie Yongji 
> > ---
> >  hw/block/vhost-user-blk.c  |  4 ++--
> >  hw/core/machine.c  |  8 ++--
>
> This patch conflicts with latest upstream changes to hw_compat_4_0_1[].
>
> It seems you need to rebase. Also, I'm still not sure how we're supposed
> to handle hw_compat_4_0_1[] versus hw_compat_4_0[]... nobody commented
> on:
>
> https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg00637.html
> https://lists.gnu.org/archive/html/qemu-devel/2019-06/msg00641.html
>
> Maybe worth to sort that out before re-posting.
>

If hw_compat_4_0_1[] is introduced only for q35, I think this patch
should be OK. If not, maybe we should handle hw_compat_4_0_1[] in
other machine types (i440fx, arm, ppc, s390)?

Hi Alex and Paolo,

Any comment for this?

Thanks,
Yongji

Re: [Qemu-devel] [PATCH v3 03/50] cpu: introduce cpu_in_exclusive_work_context()

[Richard Henderson]

On 6/14/19 10:11 AM, Alex Bennée wrote:
>  start_exclusive();
> +cpu->in_exclusive_work_context = true;
>  wi->func(cpu, wi->data);
> +cpu->in_exclusive_work_context = false;
>  end_exclusive();

Is there a reason not to put those into start/end_exclusive?
And if not, what does in_exclusive_work_context mean?


r~

Re: [Qemu-devel] [Qemu-Devel][PATCH 1/3] Adding an optional tb execution counter.

[Richard Henderson]

On 6/14/19 6:53 AM, vandersonmr wrote:
> +void HELPER(inc_exec_freq)(void *ptr)
> +{
> +TranslationBlock* tb = (TranslationBlock*) ptr;
> +atomic_inc(&tb->exec_freq);
> +}
...
> +DEF_HELPER_FLAGS_1(inc_exec_freq, TCG_CALL_NO_RWG, void, ptr)
...
>  uint32_t flags; /* flags defining in which context the code was 
> generated */
>  uint16_t size;  /* size of target code for this block (1 <=
> size <= TARGET_PAGE_SIZE) */
> +uint64_t exec_freq;

It's not a frequency, but a count.

>  uint16_t icount;
>  uint32_t cflags;/* compile flags */

Consider where you've placed the data with respect to the packing of other
members of the structure.

>  static inline void gen_tb_start(TranslationBlock *tb)
>  {
>  TCGv_i32 count, imm;
>  
> +if (enable_freq_count) {
> +TCGv_ptr tb_ptr = tcg_temp_new_ptr();
> +tcg_gen_trunc_i64_ptr(tb_ptr, tcg_const_i64((int64_t) tb));
> +gen_helper_inc_exec_freq(tb_ptr);
> +}
> +
>  tcg_ctx->exitreq_label = gen_new_label();
>  if (tb_cflags(tb) & CF_USE_ICOUNT) {
>  count = tcg_temp_local_new_i32();

By placing the increment before the exit for interrupt check instead of after,
you're kinda counting the wrong thing, because the TB hasn't executed.


> diff --git a/linux-user/main.c b/linux-user/main.c
> index a59ae9439d..1bf7155670 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -58,6 +58,7 @@ static const char *seed_optarg;
>  unsigned long mmap_min_addr;
>  unsigned long guest_base;
>  int have_guest_base;
> +bool enable_freq_count = false;

This is being declared in multiple places and initialized in multiple places.
This needs to go elsewhere.


r~

Re: [Qemu-devel] [PATCH v7 2/2] hw/arm: Add arm SBSA reference machine, devices part

[Hongbo Zhang]

On Mon, 3 Jun 2019 at 18:54, Philippe Mathieu-Daudé  wrote:
>
> Hi Hongbo, Ard.
>
> On 4/18/19 6:04 AM, Hongbo Zhang wrote:
> > Following the previous patch, this patch adds peripheral devices to the
> > newly introduced SBSA-ref machine.
> >
> > Signed-off-by: Hongbo Zhang 
> > ---
> >  hw/arm/sbsa-ref.c | 451 
> > ++
> >  1 file changed, 451 insertions(+)
> >
> > diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
> > index 652ec13..3fb0027 100644
> > --- a/hw/arm/sbsa-ref.c
> > +++ b/hw/arm/sbsa-ref.c
> > @@ -21,6 +21,7 @@
> >  #include "qapi/error.h"
> >  #include "qemu/error-report.h"
> >  #include "qemu/units.h"
> > +#include "sysemu/device_tree.h"
> >  #include "sysemu/numa.h"
> >  #include "sysemu/sysemu.h"
> >  #include "exec/address-spaces.h"
> > @@ -28,11 +29,28 @@
> >  #include "kvm_arm.h"
> >  #include "hw/arm/arm.h"
> >  #include "hw/boards.h"
> > +#include "hw/ide/internal.h"
> > +#include "hw/ide/ahci_internal.h"
> >  #include "hw/intc/arm_gicv3_common.h"
> > +#include "hw/loader.h"
> > +#include "hw/pci-host/gpex.h"
> > +#include "hw/usb.h"
> > +#include "net/net.h"
> >
> >  #define RAMLIMIT_GB 8192
> >  #define RAMLIMIT_BYTES (RAMLIMIT_GB * GiB)
> >
> > +#define NUM_IRQS256
> > +#define NUM_SMMU_IRQS   4
> > +#define NUM_SATA_PORTS  6
> > +
> > +#define VIRTUAL_PMU_IRQ7
> > +#define ARCH_GIC_MAINT_IRQ 9
> > +#define ARCH_TIMER_VIRT_IRQ11
> > +#define ARCH_TIMER_S_EL1_IRQ   13
> > +#define ARCH_TIMER_NS_EL1_IRQ  14
> > +#define ARCH_TIMER_NS_EL2_IRQ  10
> > +
> >  enum {
> >  SBSA_FLASH,
> >  SBSA_MEM,
> > @@ -115,6 +133,415 @@ static const int sbsa_ref_irqmap[] = {
> >  [SBSA_EHCI] = 11,
> >  };
> >
> > +/*
> > + * Firmware on this machine only uses ACPI table to load OS, these limited
> > + * device tree nodes are just to let firmware know the info which varies 
> > from
> > + * command line parameters, so it is not necessary to be fully compatible
> > + * with the kernel CPU and NUMA binding rules.
> > + */
> > +static void create_fdt(SBSAMachineState *vms)
> > +{
> > +void *fdt = create_device_tree(&vms->fdt_size);
> > +const MachineState *ms = MACHINE(vms);
> > +int cpu;
> > +
> > +if (!fdt) {
> > +error_report("create_device_tree() failed");
> > +exit(1);
> > +}
> > +
> > +vms->fdt = fdt;
> > +
> > +qemu_fdt_setprop_string(fdt, "/", "compatible", "linux,sbsa-ref");
> > +qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x2);
> > +qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x2);
> > +
> > +if (have_numa_distance) {
> > +int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
> > +uint32_t *matrix = g_malloc0(size);
> > +int idx, i, j;
> > +
> > +for (i = 0; i < nb_numa_nodes; i++) {
> > +for (j = 0; j < nb_numa_nodes; j++) {
> > +idx = (i * nb_numa_nodes + j) * 3;
> > +matrix[idx + 0] = cpu_to_be32(i);
> > +matrix[idx + 1] = cpu_to_be32(j);
> > +matrix[idx + 2] = cpu_to_be32(numa_info[i].distance[j]);
> > +}
> > +}
> > +
> > +qemu_fdt_add_subnode(fdt, "/distance-map");
> > +qemu_fdt_setprop(fdt, "/distance-map", "distance-matrix",
> > + matrix, size);
> > +g_free(matrix);
> > +}
> > +
> > +qemu_fdt_add_subnode(vms->fdt, "/cpus");
> > +
> > +for (cpu = vms->smp_cpus - 1; cpu >= 0; cpu--) {
> > +char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
> > +ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
> > +CPUState *cs = CPU(armcpu);
> > +
> > +qemu_fdt_add_subnode(vms->fdt, nodename);
> > +
> > +if (ms->possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
> > +qemu_fdt_setprop_cell(vms->fdt, nodename, "numa-node-id",
> > +ms->possible_cpus->cpus[cs->cpu_index].props.node_id);
> > +}
> > +
> > +g_free(nodename);
> > +}
> > +}
> > +
> > +static void create_one_flash(const char *name, hwaddr flashbase,
> > + hwaddr flashsize, const char *file,
> > + MemoryRegion *sysmem)
> > +{
> > +/*
> > + * Create and map a single flash device. We use the same
> > + * parameters as the flash devices on the Versatile Express board.
> > + */
> > +DriveInfo *dinfo = drive_get_next(IF_PFLASH);
> > +DeviceState *dev = qdev_create(NULL, "cfi.pflash01");
>
> Please use TYPE_PFLASH_CFI01 instead of "cfi.pflash01".
>
And as reviewed by Markus, I will update to the new method of create
flash, as commit e0561e60f17, TYPE_PFLASH_CFI01 is used there.

> I wanted to ask "does it has to be CFI01?" because this device model is
> in bad shape, but I guess I answered myself looking at the EDK2 platform
> code:
>
> - P30_CFI_ADDR_VENDOR_ID is not used
> - NorFlashDxe::NorFlashReadCfiData() is not implemented
> - All co

Re: [Qemu-devel] [Qemu-Devel][PATCH 2/3] Saving counters between tb_flush events.

[Richard Henderson]

On 6/14/19 6:53 AM, vandersonmr wrote:
> A new hash map was added to store the accumulated execution
> frequency of the TBs even after tb_flush events. A dump
> function was also added as a way to visualize these frequencies.
> 
> Signed-off-by: vandersonmr 
> ---
>  accel/tcg/translate-all.c | 59 +++
>  accel/tcg/translate-all.h |  2 ++
>  exec.c|  7 +
>  include/exec/exec-all.h   |  3 ++
>  include/exec/tb-context.h |  9 ++
>  include/qom/cpu.h |  2 ++
>  6 files changed, 82 insertions(+)
> 
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index 5d1e08b169..0bc670ffad 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -1118,6 +1118,12 @@ static inline void code_gen_alloc(size_t tb_size)
>  }
>  }
>  
> +static bool statistics_cmp(const void* ap, const void *bp) {

Watch the formatting.

> +static void do_tb_dump_exec_freq(void *p, uint32_t hash, void *userp)
> +{
> +#if TARGET_LONG_SIZE == 8
> +TBStatistics *tbs = p;
> +printf("%016lx\t%lu\n", tbs->pc, tbs->total_exec_freq);
> +#elif TARGET_LONG_SIZE == 4
> +TBStatistics *tbs = p;
> +printf("%016x\t%lu\n", tbs->pc, tbs->total_exec_freq);
> +#endif
> +}

TARGET_FMT_lx.

> +static void do_tb_read_exec_freq(void *p, uint32_t hash, void *userp)
> +{
> +TranslationBlock *tb = p;
> +TBStatistics tbscmp;
> +tbscmp.pc = tb->pc;
> +tbscmp.cs_base = tb->cs_base;
> +tbscmp.flags = tb->flags;
> +
> +TBStatistics *tbs = qht_lookup(userp, &tbscmp, hash);
> +
> +uint64_t exec_freq = tb_get_and_reset_exec_freq((TranslationBlock*) p);
> +
> +if (tbs) {
> +tbs->total_exec_freq += exec_freq;
> +} else {
> +void *existing;
> +tbs = malloc(sizeof(TBStatistics));
> +tbs->total_exec_freq = exec_freq;
> +tbs->pc = tb->pc;
> +tbs->cs_base = tb->cs_base;
> +tbs->flags = tb->flags;
> +qht_insert(userp, tbs, hash, &existing);

If you're going to ignore the result, leave the last argument NULL.

> +}
> +}
> +
> +void tb_read_exec_freq(void)
> +{
> +qht_iter(&tb_ctx.htable, do_tb_read_exec_freq, &tb_ctx.tb_statistics);
> +}

Perhaps a comment that this is called with mmap_lock held.

> +extern bool enable_freq_count;

Second declaration.

> +uint64_t tb_get_and_reset_exec_freq(TranslationBlock *tb)
> +{
> +uint64_t exec_freq = atomic_load_acquire(&tb->exec_freq);
> +atomic_store_release(&tb->exec_freq, 0);
> +return exec_freq;
> +}

What are you intending here?  Either this needs a comment that it is called
with a lock held, and this does not need barriers at all (atomic_read,
atomic_set).  Or this should use atomic_xchg and do the load and store in one
atomic operation.


r~

Re: [Qemu-devel] [Qemu-Devel][PATCH 3/3] Adding command line option to linux-user.

[Richard Henderson]

On 6/14/19 6:53 AM, vandersonmr wrote:
> Added -execfreq to enable execution frequency counting and dump
> all the TB's addresses and their execution frequency at the end
> of the execution.
> 
> Signed-off-by: vandersonmr 
> ---
>  linux-user/exit.c | 5 +
>  linux-user/main.c | 7 +++
>  2 files changed, 12 insertions(+)
> 
> diff --git a/linux-user/exit.c b/linux-user/exit.c
> index bdda720553..0c6a2f2d5b 100644
> --- a/linux-user/exit.c
> +++ b/linux-user/exit.c
> @@ -26,8 +26,13 @@
>  extern void __gcov_dump(void);
>  #endif
>  
> +extern bool enable_freq_count;

A third declaration.


r~