Re: [PATCH] ppc: remove excessive logging

2019-12-16 Thread Thomas Huth 
On 15/12/2019 22.15, Joakim Tjernlund wrote:
[...]
>> LOG_EXCP() is not enabled by default, you have to edit source to enable it
> 
> LOG_EXCP is enabled on Gentoo, what about other distros?

I don't think that this is enabled by any other distro. Why is this
enabled on Gentoo at all? It really should not be enabled in builds that
are supposed to be used by normal users. Have you tried to contact the
package maintainers of the QEMU Gentoo package and asked them to disable
it there again?

 Thomas

Re: [PATCH] virtio: update queue size on guest write

2019-12-16 Thread Stefano Garzarella 
On Fri, Dec 13, 2019 at 09:24:03AM -0500, Michael S. Tsirkin wrote:
> Some guests read back queue size after writing it.
> Update the size immediatly upon write otherwise
> they get confused.
> 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  hw/virtio/virtio-pci.c | 2 ++
>  1 file changed, 2 insertions(+)

Reviewed-by: Stefano Garzarella 


Just a question, should we do the same in virtio-mmio?

Maybe doing virtio_queue_set_num() in any case (legacy and non-legacy)
during VIRTIO_MMIO_QUEUE_NUM writing.

Thanks,
Stefano

> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index c6b47a9c73..e5c759e19e 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1256,6 +1256,8 @@ static void virtio_pci_common_write(void *opaque, 
> hwaddr addr,
>  break;
>  case VIRTIO_PCI_COMMON_Q_SIZE:
>  proxy->vqs[vdev->queue_sel].num = val;
> +virtio_queue_set_num(vdev, vdev->queue_sel,
> + proxy->vqs[vdev->queue_sel].num);
>  break;
>  case VIRTIO_PCI_COMMON_Q_MSIX:
>  msix_vector_unuse(&proxy->pci_dev,
> -- 
> MST
> 
> 

--

Re: [PATCH] ppc: remove excessive logging

2019-12-16 Thread Joakim Tjernlund 
On Mon, 2019-12-16 at 09:27 +0100, Thomas Huth wrote:
> 
> On 15/12/2019 22.15, Joakim Tjernlund wrote:
> [...]
> > > LOG_EXCP() is not enabled by default, you have to edit source to enable it
> > 
> > LOG_EXCP is enabled on Gentoo, what about other distros?
> 
> I don't think that this is enabled by any other distro. Why is this
> enabled on Gentoo at all? It really should not be enabled in builds that
> are supposed to be used by normal users. Have you tried to contact the
> package maintainers of the QEMU Gentoo package and asked them to disable
> it there again?

hmm, I have been carrying that patch for a long time(years) and now when I look 
into the code/package
I don't see it enabled any more so I will delete this patch now from my tree 
and see what happens.

 Jocke

Re: [PATCH] ppc: remove excessive logging

2019-12-16 Thread da...@gibson.dropbear.id.au 
On Mon, Dec 16, 2019 at 09:27:13AM +0100, Thomas Huth wrote:
> On 15/12/2019 22.15, Joakim Tjernlund wrote:
> [...]
> >> LOG_EXCP() is not enabled by default, you have to edit source to enable it
> > 
> > LOG_EXCP is enabled on Gentoo, what about other distros?
> 
> I don't think that this is enabled by any other distro. Why is this
> enabled on Gentoo at all? It really should not be enabled in builds that
> are supposed to be used by normal users. Have you tried to contact the
> package maintainers of the QEMU Gentoo package and asked them to disable
> it there again?

I concur.  LOG_EXCP is definitely there for qemu developer debugging,
it's not intended for use in "normal" builds.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH 11/21] hw/ipmi: Fix latent realize() error handling bugs

2019-12-16 Thread Markus Armbruster 
Corey Minyard  writes:

> On Sat, Nov 30, 2019 at 08:42:30PM +0100, Markus Armbruster wrote:
>> isa_ipmi_bt_realize(), ipmi_isa_realize(), pci_ipmi_bt_realize(), and
>> pci_ipmi_kcs_realize() crash when IPMIInterfaceClass method init()
>> fails and their @errp argument is null.  First messed up in commit
>> 0719029c47 "ipmi: Add an ISA KCS low-level interface", then imitated
>> in commit a9b74079cb "ipmi: Add a BT low-level interface" and commit
>> 12f983c6aa "ipmi: Add PCI IPMI interfaces".
>> 
>> The bug can't bite as no caller actually passes null, and none of the
>> init() methods can actually fail.  Fix it anyway.
>
> Well, whatever.  It looks correct and is better style.  I've added this
> to my tree.

I've since posted v2 with a revamped commit message, and I'm ready to
post a pull request.  I really want the whole thing committed before the
Christmas break, so Vladimir can base on it more easily.  Options:

* You post a pull request before me.

* Ask me to drop this patch from my pull request, so you can take it
  through your tree at your leisure.

* Post your Reviewed-by or Acked-by for me to include in my pull
  request.

* Do nothing; I'll post my pull request later this week.

Re: [PATCH] i386: pass CLZERO to guests with EPYC CPU model on AMD ZEN platform

2019-12-16 Thread Ani Sinha 
Hi :

Can I get some love for this patch?

thanks
ani

On Dec 4, 2019, 3:06 PM +0530, Ani Sinha , wrote:
CLZERO CPUID should be passed on to the guests that use EPYC or EPYC-IBPB CPU
model when the AMD ZEN based host supports it. This change makes it recognize
this CPUID for guests which use EPYC or EPYC-IBPB CPU model.

Signed-off-by: Ani Sinha 
---
target/i386/cpu.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 69f518a..55f0691 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3813,6 +3813,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
CPUID_EXT3_TOPOEXT,
+ .features[FEAT_8000_0008_EBX] =
+ CPUID_8000_0008_EBX_CLZERO,
.features[FEAT_7_0_EBX] =
CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
--
1.9.4

RE: xen-block: race condition when stopping the device (WAS: Re: [Xen-devel] [xen-4.13-testing test] 144736: regressions - FAIL)

2019-12-16 Thread Durrant, Paul 
> -Original Message-
[snip]
> >>
> >> This feels like a race condition between the init/free code with
> >> handler. Anthony, does it ring any bell?
> >>
> >
> >  From that stack bt it looks like an iothread managed to run after the
> sring was NULLed. This should not be able happen as the dataplane should
> have been moved back onto QEMU's main thread context before the ring is
> unmapped.
> 
> My knowledge of this code is fairly limited, so correct me if I am wrong.
> 
> blk_set_aio_context() would set the context for the block aio. AFAICT,
> the only aio for the block is xen_block_complete_aio().

Not quite. xen_block_dataplane_start() calls xen_device_bind_event_channel() 
and that will add an event channel fd into the aio context, so the shared ring 
is polled by the iothread as well as block i/o completion.

> 
> In the stack above, we are not dealing with a block aio but an aio tie
> to the event channel (see the call from xen_device_poll). So I don't
> think the blk_set_aio_context() would affect the aio.
> 

For the reason I outline above, it does.

> So it would be possible to get the iothread running because we received
> a notification on the event channel while we are stopping the block (i.e
> xen_block_dataplane_stop()).
> 

We should assume an iothread can essentially run at any time, as it is a 
polling entity. It should eventually block polling on fds assign to its aio 
context but I don't think the abstraction guarantees that it cannot be awoken 
for other reasons (e.g. off a timeout). However and event from the frontend 
will certainly cause the evtchn fd poll to wake up.

> If xen_block_dataplane_stop() grab the context lock first, then the
> iothread dealing with the event may wait on the lock until its released.
> 
> By the time the lock is grabbed, we may have free all the resources
> (including srings). So the event iothread will end up to dereference a
> NULL pointer.
> 

I think the problem may actually be that xen_block_dataplane_event() does not 
acquire the context and thus is not synchronized with 
xen_block_dataplane_stop(). The documentation in multiple-iothreads.txt is not 
clear whether a poll handler called by an iothread needs to acquire the context 
though; TBH I would not have thought it necessary.

> It feels to me we need a way to quiesce all the iothreads (blk,
> event,...) before continuing. But I am a bit unsure how to do this in
> QEMU.
> 

Looking at virtio-blk.c I see that it does seem to close off its evtchn 
equivalent from iothread context via aio_wait_bh_oneshot(). So I wonder whether 
the 'right' thing to do is to call xen_device_unbind_event_channel() using the 
same mechanism to ensure xen_block_dataplane_event() can't race.

  Paul

> Cheers,
> 
> --
> Julien Grall

RE: [Xen-devel] xen-block: race condition when stopping the device (WAS: Re: [xen-4.13-testing test] 144736: regressions - FAIL)

2019-12-16 Thread Durrant, Paul 
> -Original Message-
> From: Xen-devel  On Behalf Of
> Durrant, Paul
> Sent: 16 December 2019 09:34
> To: Julien Grall ; Ian Jackson 
> Cc: Jürgen Groß ; Stefano Stabellini
> ; qemu-devel@nongnu.org; osstest service owner
> ; Anthony Perard
> ; xen-de...@lists.xenproject.org
> Subject: Re: [Xen-devel] xen-block: race condition when stopping the
> device (WAS: Re: [xen-4.13-testing test] 144736: regressions - FAIL)
> 
> > -Original Message-
> [snip]
> > >>
> > >> This feels like a race condition between the init/free code with
> > >> handler. Anthony, does it ring any bell?
> > >>
> > >
> > >  From that stack bt it looks like an iothread managed to run after the
> > sring was NULLed. This should not be able happen as the dataplane should
> > have been moved back onto QEMU's main thread context before the ring is
> > unmapped.
> >
> > My knowledge of this code is fairly limited, so correct me if I am
> wrong.
> >
> > blk_set_aio_context() would set the context for the block aio. AFAICT,
> > the only aio for the block is xen_block_complete_aio().
> 
> Not quite. xen_block_dataplane_start() calls
> xen_device_bind_event_channel() and that will add an event channel fd into
> the aio context, so the shared ring is polled by the iothread as well as
> block i/o completion.
> 
> >
> > In the stack above, we are not dealing with a block aio but an aio tie
> > to the event channel (see the call from xen_device_poll). So I don't
> > think the blk_set_aio_context() would affect the aio.
> >
> 
> For the reason I outline above, it does.
> 
> > So it would be possible to get the iothread running because we received
> > a notification on the event channel while we are stopping the block (i.e
> > xen_block_dataplane_stop()).
> >
> 
> We should assume an iothread can essentially run at any time, as it is a
> polling entity. It should eventually block polling on fds assign to its
> aio context but I don't think the abstraction guarantees that it cannot be
> awoken for other reasons (e.g. off a timeout). However and event from the
> frontend will certainly cause the evtchn fd poll to wake up.
> 
> > If xen_block_dataplane_stop() grab the context lock first, then the
> > iothread dealing with the event may wait on the lock until its released.
> >
> > By the time the lock is grabbed, we may have free all the resources
> > (including srings). So the event iothread will end up to dereference a
> > NULL pointer.
> >
> 
> I think the problem may actually be that xen_block_dataplane_event() does
> not acquire the context and thus is not synchronized with
> xen_block_dataplane_stop(). The documentation in multiple-iothreads.txt is
> not clear whether a poll handler called by an iothread needs to acquire
> the context though; TBH I would not have thought it necessary.
> 
> > It feels to me we need a way to quiesce all the iothreads (blk,
> > event,...) before continuing. But I am a bit unsure how to do this in
> > QEMU.
> >
> 
> Looking at virtio-blk.c I see that it does seem to close off its evtchn
> equivalent from iothread context via aio_wait_bh_oneshot(). So I wonder
> whether the 'right' thing to do is to call
> xen_device_unbind_event_channel() using the same mechanism to ensure
> xen_block_dataplane_event() can't race.

Digging around the virtio-blk history I see:

commit 1010cadf62332017648abee0d7a3dc7f2eef9632
Author: Stefan Hajnoczi 
Date:   Wed Mar 7 14:42:03 2018 +

virtio-blk: fix race between .ioeventfd_stop() and vq handler

If the main loop thread invokes .ioeventfd_stop() just as the vq handler
function begins in the IOThread then the handler may lose the race for
the AioContext lock.  By the time the vq handler is able to acquire the
AioContext lock the ioeventfd has already been removed and the handler
isn't supposed to run anymore!

Use the new aio_wait_bh_oneshot() function to perform ioeventfd removal
from within the IOThread.  This way no races with the vq handler are
possible.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Fam Zheng 
Acked-by: Paolo Bonzini 
Message-id: 20180307144205.20619-3-stefa...@redhat.com
Signed-off-by: Stefan Hajnoczi 

...so I think xen-block has exactly the same problem. I think we may also be 
missing a qemu_bh_cancel() to make sure block aio completions are stopped. I'll 
prep a patch.

  Paul

> 
>   Paul
> 
> > Cheers,
> >
> > --
> > Julien Grall
> ___
> Xen-devel mailing list
> xen-de...@lists.xenproject.org
> https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH v6 8/8] tests: add dbus-vmstate-test

2019-12-16 Thread Daniel P . Berrangé 
On Fri, Dec 13, 2019 at 06:20:15PM +, Dr. David Alan Gilbert wrote:
> * Marc-André Lureau (marcandre.lur...@redhat.com) wrote:
> > Signed-off-by: Marc-André Lureau 
> 
> > +static gboolean
> > +vmstate_save(VMState1 *object, GDBusMethodInvocation *invocation,
> > + gpointer user_data)
> > +{
> > +TestServer *h = user_data;
> > +GVariant *var;
> > +
> > +var = g_variant_new_fixed_array(G_VARIANT_TYPE_BYTE,
> > +h->id->data, h->id->size, 
> > sizeof(char));
> > +g_dbus_method_invocation_return_value(invocation,
> > +  g_variant_new("(@ay)", var));
> > +h->save_called = true;
> > +
> > +return TRUE;
> > +}
> > +
> > +static gboolean
> > +wait_for_migration_complete(gpointer user_data)
> 
> It's a shame we don't have a way to share this with migration-test.c;
> we occasionally add more debug/cases in there.

Easy enough to create a tests/migration-helpers.{c,h} file to share
code between tests.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH v4 0/2] virtio: make seg_max virtqueue size dependent

2019-12-16 Thread Denis Plotnikov 
v4:
  * rebased on 4.2 [MST]

v3:
  * add property to set in machine type [MST]
  * add min queue size check [Stefan]
  * add avocado based test [Max, Stefan, Eduardo, Cleber]

v2:
  * the standalone patch to make seg_max virtqueue size dependent
  * other patches are postponed

v1:
  the initial series

Denis Plotnikov (2):
  virtio: make seg_max virtqueue size dependent
  tests: add virtio-scsi and virtio-blk seg_max_adjust test

 hw/block/virtio-blk.c |   9 +-
 hw/core/machine.c |   3 +
 hw/scsi/vhost-scsi.c  |   2 +
 hw/scsi/virtio-scsi.c |  10 +-
 include/hw/virtio/virtio-blk.h|   1 +
 include/hw/virtio/virtio-scsi.h   |   1 +
 tests/acceptance/virtio_seg_max_adjust.py | 135 ++
 7 files changed, 159 insertions(+), 2 deletions(-)
 create mode 100755 tests/acceptance/virtio_seg_max_adjust.py

-- 
2.17.0

[PATCH v4 2/2] tests: add virtio-scsi and virtio-blk seg_max_adjust test

2019-12-16 Thread Denis Plotnikov 
It tests proper seg_max_adjust settings for all machine types except
'none', 'isapc', 'microvm'

Signed-off-by: Denis Plotnikov 
---
 tests/acceptance/virtio_seg_max_adjust.py | 135 ++
 1 file changed, 135 insertions(+)
 create mode 100755 tests/acceptance/virtio_seg_max_adjust.py

diff --git a/tests/acceptance/virtio_seg_max_adjust.py 
b/tests/acceptance/virtio_seg_max_adjust.py
new file mode 100755
index 00..00cf2565d9
--- /dev/null
+++ b/tests/acceptance/virtio_seg_max_adjust.py
@@ -0,0 +1,135 @@
+#!/usr/bin/env python
+#
+# Test virtio-scsi and virtio-blk queue settings for all machine types
+#
+# Copyright (c) 2019 Virtuozzo International GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import sys
+import os
+import re
+
+sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python'))
+from qemu.machine import QEMUMachine
+from avocado_qemu import Test
+
+#list of machine types and virtqueue properties to test
+VIRTIO_SCSI_PROPS = {'seg_max_adjust': 'seg_max_adjust'}
+VIRTIO_BLK_PROPS = {'seg_max_adjust': 'seg-max-adjust'}
+
+DEV_TYPES = {'virtio-scsi-pci': VIRTIO_SCSI_PROPS,
+ 'virtio-blk-pci': VIRTIO_BLK_PROPS}
+
+VM_DEV_PARAMS = {'virtio-scsi-pci': ['-device', 'virtio-scsi-pci,id=scsi0'],
+ 'virtio-blk-pci': ['-device',
+'virtio-blk-pci,id=scsi0,drive=drive0',
+'-drive',
+'driver=null-co,id=drive0,if=none']}
+
+
+class VirtioMaxSegSettingsCheck(Test):
+@staticmethod
+def make_pattern(props):
+pattern_items = ['{0} = \w+'.format(prop) for prop in props]
+return '|'.join(pattern_items)
+
+def query_virtqueue(self, vm, dev_type_name):
+query_ok = False
+error = None
+props = None
+
+output = vm.command('human-monitor-command',
+command_line = 'info qtree')
+props_list = DEV_TYPES[dev_type_name].values();
+pattern = self.make_pattern(props_list)
+res = re.findall(pattern, output)
+
+if len(res) != len(props_list):
+props_list = set(props_list)
+res = set(res)
+not_found = props_list.difference(res)
+not_found = ', '.join(not_found)
+error = '({0}): The following properties not found: {1}'\
+ .format(dev_type_name, not_found)
+else:
+query_ok = True
+props = dict()
+for prop in res:
+p = prop.split(' = ')
+props[p[0]] = p[1]
+return query_ok, props, error
+
+def check_mt(self, mt, dev_type_name):
+with QEMUMachine(self.qemu_bin) as vm:
+vm.set_machine(mt["name"])
+for s in VM_DEV_PARAMS[dev_type_name]:
+vm.add_args(s)
+vm.launch()
+query_ok, props, error = self.query_virtqueue(vm, dev_type_name)
+
+if not query_ok:
+self.fail('machine type {0}: {1}'.format(mt['name'], error))
+
+for prop_name, prop_val in props.items():
+expected_val = mt[prop_name]
+self.assertEqual(expected_val, prop_val)
+
+@staticmethod
+def seg_max_adjust_enabled(mt):
+# machine types > 4.2 should have seg_max_adjust = true
+# others seg_max_adjust = false
+mt = mt.split("-")
+
+# machine types with one line name and name like pc-x.x
+if len(mt) <= 2:
+return False
+
+# machine types like pc--x.x[.x]
+ver = mt[2]
+ver = ver.split(".");
+
+# all versions greater than 4.2 goes with seg_max_adjust enabled
+major = int(ver[0])
+minor = int(ver[1])
+
+if major > 4 or (major == 4 and minor > 2):
+return True
+return False
+
+def test_machine_types(self):
+# collect all machine types except 'none', 'isapc', 'microvm'
+with QEMUMachine(self.qemu_bin) as vm:
+vm.launch()
+machines = [m['name'] for m in vm.command('query-machines')]
+vm.shutdown()
+machines.remove('none')
+machines.remove('isapc')
+machines.remove('microvm')
+
+for dev_type in DEV_TYPES:
+# create the list of machine types and their parameters.
+mtypes

[PATCH v4 1/2] virtio: make seg_max virtqueue size dependent

2019-12-16 Thread Denis Plotnikov 
Before the patch, seg_max parameter was immutable and hardcoded
to 126 (128 - 2) without respect to queue size. This has two negative effects:

1. when queue size is < 128, we have Virtio 1.1 specfication violation:
   (2.6.5.3.1 Driver Requirements) seq_max must be <= queue_size.
   This violation affects the old Linux guests (ver < 4.14). These guests
   crash on these queue_size setups.

2. when queue_size > 128, as was pointed out by Denis Lunev 
,
   seg_max restrics guest's block request length which affects guests'
   performance making them issues more block request than needed.
   https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03721.html

To mitigate this two effects, the patch adds the property adjusting seg_max
to queue size automaticaly. Since seg_max is a guest visible parameter,
the property is machine type managable and allows to choose between
old (seg_max = 126 always) and new (seg_max = queue_size - 2) behaviors.

Not to change the behavior of the older VMs, prevent setting the default
seg_max_adjust value for older machine types.

Signed-off-by: Denis Plotnikov 
---
 hw/block/virtio-blk.c   |  9 -
 hw/core/machine.c   |  3 +++
 hw/scsi/vhost-scsi.c|  2 ++
 hw/scsi/virtio-scsi.c   | 10 +-
 include/hw/virtio/virtio-blk.h  |  1 +
 include/hw/virtio/virtio-scsi.h |  1 +
 6 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index d62e6377c2..0f6f8113b7 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -908,7 +908,8 @@ static void virtio_blk_update_config(VirtIODevice *vdev, 
uint8_t *config)
 blk_get_geometry(s->blk, &capacity);
 memset(&blkcfg, 0, sizeof(blkcfg));
 virtio_stq_p(vdev, &blkcfg.capacity, capacity);
-virtio_stl_p(vdev, &blkcfg.seg_max, 128 - 2);
+virtio_stl_p(vdev, &blkcfg.seg_max,
+ s->conf.seg_max_adjust ? s->conf.queue_size - 2 : 128 - 2);
 virtio_stw_p(vdev, &blkcfg.geometry.cylinders, conf->cyls);
 virtio_stl_p(vdev, &blkcfg.blk_size, blk_size);
 virtio_stw_p(vdev, &blkcfg.min_io_size, conf->min_io_size / blk_size);
@@ -1133,6 +1134,11 @@ static void virtio_blk_device_realize(DeviceState *dev, 
Error **errp)
 error_setg(errp, "num-queues property must be larger than 0");
 return;
 }
+if (conf->queue_size <= 2) {
+error_setg(errp, "invalid queue-size property (%" PRIu16 "), "
+   "must be > 2", conf->queue_size);
+return;
+}
 if (!is_power_of_2(conf->queue_size) ||
 conf->queue_size > VIRTQUEUE_MAX_SIZE) {
 error_setg(errp, "invalid queue-size property (%" PRIu16 "), "
@@ -1262,6 +1268,7 @@ static Property virtio_blk_properties[] = {
 true),
 DEFINE_PROP_UINT16("num-queues", VirtIOBlock, conf.num_queues, 1),
 DEFINE_PROP_UINT16("queue-size", VirtIOBlock, conf.queue_size, 128),
+DEFINE_PROP_BOOL("seg-max-adjust", VirtIOBlock, conf.seg_max_adjust, true),
 DEFINE_PROP_LINK("iothread", VirtIOBlock, conf.iothread, TYPE_IOTHREAD,
  IOThread *),
 DEFINE_PROP_BIT64("discard", VirtIOBlock, host_features,
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 023548b4f3..bfa320387e 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -29,6 +29,9 @@
 
 GlobalProperty hw_compat_4_2[] = {
 { "virtio-blk-device", "x-enable-wce-if-config-wce", "off" },
+{ "virtio-blk-device", "seg-max-adjust", "off"},
+{ "virtio-scsi-device", "seg_max_adjust", "off"},
+{ "vhost-blk-device", "seg_max_adjust", "off"},
 };
 const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2);
 
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index c693fc748a..26f710d3ec 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -275,6 +275,8 @@ static Property vhost_scsi_properties[] = {
 DEFINE_PROP_UINT32("num_queues", VirtIOSCSICommon, conf.num_queues, 1),
 DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSICommon, conf.virtqueue_size,
128),
+DEFINE_PROP_BOOL("seg_max_adjust", VirtIOSCSICommon, conf.seg_max_adjust,
+  true),
 DEFINE_PROP_UINT32("max_sectors", VirtIOSCSICommon, conf.max_sectors,
0x),
 DEFINE_PROP_UINT32("cmd_per_lun", VirtIOSCSICommon, conf.cmd_per_lun, 128),
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index e8b2b64d09..405cb6c953 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -654,7 +654,8 @@ static void virtio_scsi_get_config(VirtIODevice *vdev,
 VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(vdev);
 
 virtio_stl_p(vdev, &scsiconf->num_queues, s->conf.num_queues);
-virtio_stl_p(vdev, &scsiconf->seg_max, 128 - 2);
+virtio_stl_p(vdev, &scsiconf->seg_max,
+ s->conf.seg_max_adjust ? s->conf.virtqueue_size - 2 : 128 - 
2);
 virtio_stl_p(vdev, &scsiconf->max_sectors, s->conf.max_sectors);
 vi

[Bug 1856335] Re: Cache Layout wrong on many Zen Arch CPUs

2019-12-16 Thread Damir 
** Description changed:

  AMD CPUs have L3 cache per 2, 3 or 4 cores. Currently, TOPOEXT seems to
  always map Cache ass if it was an 4-Core per CCX CPU, which is
  incorrect, and costs upwards 30% performance (more realistically 10%) in
  L3 Cache Layout aware applications.
  
  Example on a 4-CCX CPU (1950X /w 8 Cores and no SMT):
  
-   
- EPYC-IBPB
- AMD
- 
+   
+ EPYC-IBPB
+ AMD
+ 
  
  In windows, coreinfo reports correctly:
  
    Unified Cache 1, Level 3,8 MB, Assoc  16, LineSize  64
    Unified Cache 6, Level 3,8 MB, Assoc  16, LineSize  64
  
  On a 3-CCX CPU (3960X /w 6 cores and no SMT):
  
-  
- EPYC-IBPB
- AMD
- 
+  
+ EPYC-IBPB
+ AMD
+ 
  
  in windows, coreinfo reports incorrectly:
  
  --  Unified Cache  1, Level 3,8 MB, Assoc  16, LineSize  64
  **  Unified Cache  6, Level 3,8 MB, Assoc  16, LineSize  64
  
+ Validated against 3.0, 3.1, 4.1 and 4.2 versions of qemu-kvm.
  
- Validated against 3.0, 3.1, 4.1 and 4.2 versions of qemu-kvm. 
- 
- With newer Qemu there is a fix (that does behave correctly) in using the dies 
parameter: 
-  
+ With newer Qemu there is a fix (that does behave correctly) in using the dies 
parameter:
+  
  
  The problem is that the dies are exposed differently than how AMD does
- it natively, they are exposed to Windows as sockets, which means, you
- can't ever have a machine with more than two CCX (6 cores) as Windows
- only supports two sockets. (Should this be reported as a separate bug?)
+ it natively, they are exposed to Windows as sockets, which means, that
+ if you are nto a business user, you can't ever have a machine with more
+ than two CCX (6 cores) as consumer versions of Windows only supports two
+ sockets. (Should this be reported as a separate bug?)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856335

Title:
  Cache Layout wrong on many Zen Arch CPUs

Status in QEMU:
  New

Bug description:
  AMD CPUs have L3 cache per 2, 3 or 4 cores. Currently, TOPOEXT seems
  to always map Cache ass if it was an 4-Core per CCX CPU, which is
  incorrect, and costs upwards 30% performance (more realistically 10%)
  in L3 Cache Layout aware applications.

  Example on a 4-CCX CPU (1950X /w 8 Cores and no SMT):

    
  EPYC-IBPB
  AMD
  

  In windows, coreinfo reports correctly:

    Unified Cache 1, Level 3,8 MB, Assoc  16, LineSize  64
    Unified Cache 6, Level 3,8 MB, Assoc  16, LineSize  64

  On a 3-CCX CPU (3960X /w 6 cores and no SMT):

   
  EPYC-IBPB
  AMD
  

  in windows, coreinfo reports incorrectly:

  --  Unified Cache  1, Level 3,8 MB, Assoc  16, LineSize  64
  **  Unified Cache  6, Level 3,8 MB, Assoc  16, LineSize  64

  Validated against 3.0, 3.1, 4.1 and 4.2 versions of qemu-kvm.

  With newer Qemu there is a fix (that does behave correctly) in using the dies 
parameter:
   

  The problem is that the dies are exposed differently than how AMD does
  it natively, they are exposed to Windows as sockets, which means, that
  if you are nto a business user, you can't ever have a machine with
  more than two CCX (6 cores) as consumer versions of Windows only
  supports two sockets. (Should this be reported as a separate bug?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856335/+subscriptions

RE: [Xen-devel] xen-block: race condition when stopping the device (WAS: Re: [xen-4.13-testing test] 144736: regressions - FAIL)

2019-12-16 Thread Durrant, Paul 
> -Original Message-
> From: Durrant, Paul 
> Sent: 16 December 2019 09:50
> To: Durrant, Paul ; Julien Grall ;
> Ian Jackson 
> Cc: Jürgen Groß ; Stefano Stabellini
> ; qemu-devel@nongnu.org; osstest service owner
> ; Anthony Perard
> ; xen-de...@lists.xenproject.org
> Subject: RE: [Xen-devel] xen-block: race condition when stopping the
> device (WAS: Re: [xen-4.13-testing test] 144736: regressions - FAIL)
> 
> > -Original Message-
> > From: Xen-devel  On Behalf Of
> > Durrant, Paul
> > Sent: 16 December 2019 09:34
> > To: Julien Grall ; Ian Jackson 
> > Cc: Jürgen Groß ; Stefano Stabellini
> > ; qemu-devel@nongnu.org; osstest service owner
> > ; Anthony Perard
> > ; xen-de...@lists.xenproject.org
> > Subject: Re: [Xen-devel] xen-block: race condition when stopping the
> > device (WAS: Re: [xen-4.13-testing test] 144736: regressions - FAIL)
> >
> > > -Original Message-
> > [snip]
> > > >>
> > > >> This feels like a race condition between the init/free code with
> > > >> handler. Anthony, does it ring any bell?
> > > >>
> > > >
> > > >  From that stack bt it looks like an iothread managed to run after
> the
> > > sring was NULLed. This should not be able happen as the dataplane
> should
> > > have been moved back onto QEMU's main thread context before the ring
> is
> > > unmapped.
> > >
> > > My knowledge of this code is fairly limited, so correct me if I am
> > wrong.
> > >
> > > blk_set_aio_context() would set the context for the block aio. AFAICT,
> > > the only aio for the block is xen_block_complete_aio().
> >
> > Not quite. xen_block_dataplane_start() calls
> > xen_device_bind_event_channel() and that will add an event channel fd
> into
> > the aio context, so the shared ring is polled by the iothread as well as
> > block i/o completion.
> >
> > >
> > > In the stack above, we are not dealing with a block aio but an aio tie
> > > to the event channel (see the call from xen_device_poll). So I don't
> > > think the blk_set_aio_context() would affect the aio.
> > >
> >
> > For the reason I outline above, it does.
> >
> > > So it would be possible to get the iothread running because we
> received
> > > a notification on the event channel while we are stopping the block
> (i.e
> > > xen_block_dataplane_stop()).
> > >
> >
> > We should assume an iothread can essentially run at any time, as it is a
> > polling entity. It should eventually block polling on fds assign to its
> > aio context but I don't think the abstraction guarantees that it cannot
> be
> > awoken for other reasons (e.g. off a timeout). However and event from
> the
> > frontend will certainly cause the evtchn fd poll to wake up.
> >
> > > If xen_block_dataplane_stop() grab the context lock first, then the
> > > iothread dealing with the event may wait on the lock until its
> released.
> > >
> > > By the time the lock is grabbed, we may have free all the resources
> > > (including srings). So the event iothread will end up to dereference a
> > > NULL pointer.
> > >
> >
> > I think the problem may actually be that xen_block_dataplane_event()
> does
> > not acquire the context and thus is not synchronized with
> > xen_block_dataplane_stop(). The documentation in multiple-iothreads.txt
> is
> > not clear whether a poll handler called by an iothread needs to acquire
> > the context though; TBH I would not have thought it necessary.
> >
> > > It feels to me we need a way to quiesce all the iothreads (blk,
> > > event,...) before continuing. But I am a bit unsure how to do this in
> > > QEMU.
> > >
> >
> > Looking at virtio-blk.c I see that it does seem to close off its evtchn
> > equivalent from iothread context via aio_wait_bh_oneshot(). So I wonder
> > whether the 'right' thing to do is to call
> > xen_device_unbind_event_channel() using the same mechanism to ensure
> > xen_block_dataplane_event() can't race.
> 
> Digging around the virtio-blk history I see:
> 
> commit 1010cadf62332017648abee0d7a3dc7f2eef9632
> Author: Stefan Hajnoczi 
> Date:   Wed Mar 7 14:42:03 2018 +
> 
> virtio-blk: fix race between .ioeventfd_stop() and vq handler
> 
> If the main loop thread invokes .ioeventfd_stop() just as the vq
> handler
> function begins in the IOThread then the handler may lose the race for
> the AioContext lock.  By the time the vq handler is able to acquire
> the
> AioContext lock the ioeventfd has already been removed and the handler
> isn't supposed to run anymore!
> 
> Use the new aio_wait_bh_oneshot() function to perform ioeventfd
> removal
> from within the IOThread.  This way no races with the vq handler are
> possible.
> 
> Signed-off-by: Stefan Hajnoczi 
> Reviewed-by: Fam Zheng 
> Acked-by: Paolo Bonzini 
> Message-id: 20180307144205.20619-3-stefa...@redhat.com
> Signed-off-by: Stefan Hajnoczi 
> 
> ...so I think xen-block has exactly the same problem. I think we may also
> be missing a qemu_bh_cancel() to make sure block aio completions are
> stopped. I'l

Re: [PULL 00/10] Bluetooth removal, and qtest & misc patches

2019-12-16 Thread Peter Maydell 
On Thu, 12 Dec 2019 at 18:54, Thomas Huth  wrote:
>
>  Hi,
>
> the following changes since commit 52901abf94477b400cf88c1f70bb305e690ba2de:
>
>   Update version for v4.2.0-rc5 release (2019-12-10 17:15:21 +)
>
> are available in the Git repository at:
>
>   https://gitlab.com/huth/qemu.git tags/pull-request-2019-12-12
>
> for you to fetch changes up to e38f04c4db40a9219cc0c516a6c68b9ca0a783d0:
>
>   tests: use g_test_rand_int (2019-12-12 08:16:24 +0100)
>
> 
> - Removal of the deprecated bluetooth code
> - Some qtest and misc patches
> 

Hi; this fails to build on some of my build hosts:

OSX:
[...]
  GEN target/sparc/trace.c
  GEN util/trace.c
  GEN hw/core/trace.c
  CC  qga/main.o
  CC  qemu-nbd.o
  CC  qemu-img.o
make: *** No rule to make target `config-all-devices.mak', needed by
`aarch64-softmmu/all'.  Stop.
make: *** Waiting for unfinished jobs

ppc64 linux:
  CC  chardev/char-mux.o
  CC  chardev/char-null.o
  CC  chardev/char-parallel.o
  CC  chardev/char-pipe.o
  CC  chardev/char-pty.o
  CC  chardev/char-ringbuf.o
  CC  chardev/char-serial.o
  CC  chardev/char-socket.o
  CC  chardev/char-stdio.o
make: *** No rule to make target `/home/pm215/qemu/hw/bt/Kconfig',
needed by `aarch64-softmmu/config-devices.mak'.  Stop.
make: *** Waiting for unfinished jobs
  CC  chardev/char-udp.o
make: Leaving directory `/home/pm215/qemu/build/all'


windows crossbuilds:
  CC  chardev/char-serial.o
  CC  chardev/char-socket.o
  CC  chardev/char-stdio.o
  CC  chardev/char-udp.o
  CC  chardev/char-win.o
make: *** No rule to make target
'/home/petmay01/qemu-for-merges/hw/bt/Kconfig', needed by
'aarch64-softmmu/config-devices.mak'.  Stop.
make: *** Waiting for unfinished jobs
  CC  chardev/char-win-stdio.o

It's possible this is a lurking bug in our makefiles
where it doesn't regenerate the config-devices dependencies
properly; I'm not sure and haven't investigated.

thanks
-- PMM

Re: [PATCH] virtio: update queue size on guest write

2019-12-16 Thread Michael S. Tsirkin 
On Mon, Dec 16, 2019 at 09:50:13AM +0100, Stefano Garzarella wrote:
> On Fri, Dec 13, 2019 at 09:24:03AM -0500, Michael S. Tsirkin wrote:
> > Some guests read back queue size after writing it.
> > Update the size immediatly upon write otherwise
> > they get confused.
> > 
> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >  hw/virtio/virtio-pci.c | 2 ++
> >  1 file changed, 2 insertions(+)
> 
> Reviewed-by: Stefano Garzarella 
> 
> 
> Just a question, should we do the same in virtio-mmio?
> 
> Maybe doing virtio_queue_set_num() in any case (legacy and non-legacy)
> during VIRTIO_MMIO_QUEUE_NUM writing.
> 
> Thanks,
> Stefano

I guess it makes sense ...

> > 
> > diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> > index c6b47a9c73..e5c759e19e 100644
> > --- a/hw/virtio/virtio-pci.c
> > +++ b/hw/virtio/virtio-pci.c
> > @@ -1256,6 +1256,8 @@ static void virtio_pci_common_write(void *opaque, 
> > hwaddr addr,
> >  break;
> >  case VIRTIO_PCI_COMMON_Q_SIZE:
> >  proxy->vqs[vdev->queue_sel].num = val;
> > +virtio_queue_set_num(vdev, vdev->queue_sel,
> > + proxy->vqs[vdev->queue_sel].num);
> >  break;
> >  case VIRTIO_PCI_COMMON_Q_MSIX:
> >  msix_vector_unuse(&proxy->pci_dev,
> > -- 
> > MST
> > 
> > 
> 
> --

Re: [PATCH v4 0/2] virtio: make seg_max virtqueue size dependent

2019-12-16 Thread Michael S. Tsirkin 
On Mon, Dec 16, 2019 at 01:04:49PM +0300, Denis Plotnikov wrote:
> v4:
>   * rebased on 4.2 [MST]


Looks good. Can I get some acks from storage guys pls?

> v3:
>   * add property to set in machine type [MST]
>   * add min queue size check [Stefan]
>   * add avocado based test [Max, Stefan, Eduardo, Cleber]
> 
> v2:
>   * the standalone patch to make seg_max virtqueue size dependent
>   * other patches are postponed
> 
> v1:
>   the initial series
> 
> Denis Plotnikov (2):
>   virtio: make seg_max virtqueue size dependent
>   tests: add virtio-scsi and virtio-blk seg_max_adjust test
> 
>  hw/block/virtio-blk.c |   9 +-
>  hw/core/machine.c |   3 +
>  hw/scsi/vhost-scsi.c  |   2 +
>  hw/scsi/virtio-scsi.c |  10 +-
>  include/hw/virtio/virtio-blk.h|   1 +
>  include/hw/virtio/virtio-scsi.h   |   1 +
>  tests/acceptance/virtio_seg_max_adjust.py | 135 ++
>  7 files changed, 159 insertions(+), 2 deletions(-)
>  create mode 100755 tests/acceptance/virtio_seg_max_adjust.py
> 
> -- 
> 2.17.0

[PATCH v1 01/16] configure: allow disable of cross compilation containers

2019-12-16 Thread Alex Bennée 
Our docker infrastructure isn't quite as multiarch as we would wish so
lets allow the user to disable it if they want. This will allow us to
use still run check-tcg on non-x86 CI setups.

Signed-off-by: Alex Bennée 
Reviewed-by: Stefan Weil 
---
 configure  | 8 +++-
 tests/tcg/configure.sh | 6 --
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 2c72e04d23f..419e1554978 100755
--- a/configure
+++ b/configure
@@ -302,6 +302,7 @@ audio_win_int=""
 libs_qga=""
 debug_info="yes"
 stack_protector=""
+use_containers="yes"
 
 if test -e "$source_path/.git"
 then
@@ -1539,6 +1540,10 @@ for opt do
   ;;
   --disable-plugins) plugins="no"
   ;;
+  --enable-containers) use_containers="yes"
+  ;;
+  --disable-containers) use_containers="no"
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
@@ -1722,6 +1727,7 @@ Advanced options (experts only):
track the maximum stack usage of stacks created by 
qemu_alloc_stack
   --enable-plugins
enable plugins via shared library loading
+  --disable-containers don't use containers for cross-building
 
 Optional features, enabled with --enable-FEATURE and
 disabled with --disable-FEATURE, default is enabled if available:
@@ -8023,7 +8029,7 @@ done
 (for i in $cross_cc_vars; do
   export $i
 done
-export target_list source_path
+export target_list source_path use_containers
 $source_path/tests/tcg/configure.sh)
 
 # temporary config to build submodules
diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index 6c4a471aeae..210e68396f2 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -36,8 +36,10 @@ TMPC="${TMPDIR1}/qemu-conf.c"
 TMPE="${TMPDIR1}/qemu-conf.exe"
 
 container="no"
-if has "docker" || has "podman"; then
-  container=$($python $source_path/tests/docker/docker.py probe)
+if test $use_containers = "yes"; then
+if has "docker" || has "podman"; then
+container=$($python $source_path/tests/docker/docker.py probe)
+fi
 fi
 
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
-- 
2.20.1

[PATCH v1 02/16] tests/vm: Allow to set qemu-img path

2019-12-16 Thread Alex Bennée 
From: Wainer dos Santos Moschetta 

By default VM build test use qemu-img from system's PATH to
create the image disk. Due the lack of qemu-img on the system
or the desire to simply use a version built with QEMU, it would
be nice to allow one to set its path. So this patch makes that
possible by reading the path to qemu-img from QEMU_IMG if set,
otherwise it fallback to default behavior.

Signed-off-by: Wainer dos Santos Moschetta 
Message-Id: <20191114134246.12073-2-waine...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
---
 docs/devel/testing.rst| 6 --
 tests/vm/Makefile.include | 1 +
 tests/vm/basevm.py| 5 +
 tests/vm/centos   | 2 +-
 tests/vm/fedora   | 4 +---
 tests/vm/freebsd  | 3 +--
 tests/vm/netbsd   | 3 +--
 tests/vm/openbsd  | 3 +--
 tests/vm/ubuntu.i386  | 2 +-
 9 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 8e981e062d5..9be6cd44109 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -418,13 +418,15 @@ access, so they SHOULD NOT be exposed to external 
interfaces if you are
 concerned about attackers taking control of the guest and potentially
 exploiting a QEMU security bug to compromise the host.
 
-QEMU binary

+QEMU binaries
+-
 
 By default, qemu-system-x86_64 is searched in $PATH to run the guest. If there
 isn't one, or if it is older than 2.10, the test won't work. In this case,
 provide the QEMU binary in env var: ``QEMU=/path/to/qemu-2.10+``.
 
+Likewise the path to qemu-img can be set in QEMU_IMG environment variable.
+
 Make jobs
 -
 
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index fea348e845c..9e7c46a4735 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -34,6 +34,7 @@ vm-help vm-test:
@echo "DEBUG=1   - Enable verbose output on 
host and interactive debugging"
@echo "V=1   - Enable verbose ouput on host 
and guest commands"
@echo "QEMU=/path/to/qemu- Change path to QEMU binary"
+   @echo "QEMU_IMG=/path/to/qemu-img- Change path to qemu-img tool"
 
 vm-build-all: $(addprefix vm-build-, $(IMAGES))
 
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 0b8c1b26576..930ad821eed 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -152,6 +152,11 @@ class BaseVM(object):
 def build_image(self, img):
 raise NotImplementedError
 
+def exec_qemu_img(self, *args):
+cmd = [os.environ.get("QEMU_IMG", "qemu-img")]
+cmd.extend(list(args))
+subprocess.check_call(cmd)
+
 def add_source_dir(self, src_dir):
 name = "data-" + hashlib.sha1(src_dir.encode("utf-8")).hexdigest()[:5]
 tarfile = os.path.join(self._tmpdir, name + ".tar")
diff --git a/tests/vm/centos b/tests/vm/centos
index b9e851f2d33..f2f0befd845 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -68,7 +68,7 @@ class CentosVM(basevm.BaseVM):
 sys.stderr.write("Extracting the image...\n")
 subprocess.check_call(["ln", "-f", cimg, img_tmp + ".xz"])
 subprocess.check_call(["xz", "--keep", "-dvf", img_tmp + ".xz"])
-subprocess.check_call(["qemu-img", "resize", img_tmp, "50G"])
+self.exec_qemu_img("resize", img_tmp, "50G")
 self.boot(img_tmp, extra_args = ["-cdrom", self._gen_cloud_init_iso()])
 self.wait_ssh()
 self.ssh_root_check("touch /etc/cloud/cloud-init.disabled")
diff --git a/tests/vm/fedora b/tests/vm/fedora
index 7fec1479fb7..8e270fc0f03 100755
--- a/tests/vm/fedora
+++ b/tests/vm/fedora
@@ -74,9 +74,7 @@ class FedoraVM(basevm.BaseVM):
 
 self.print_step("Preparing iso and disk image")
 subprocess.check_call(["cp", "-f", cimg, iso])
-subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
-   img_tmp, self.size])
-
+self.exec_qemu_img("create", "-f", "qcow2", img_tmp, self.size)
 self.print_step("Booting installer")
 self.boot(img_tmp, extra_args = [
 "-bios", "pc-bios/bios-256k.bin",
diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index 2a19461a909..1825cc58218 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -82,8 +82,7 @@ class FreeBSDVM(basevm.BaseVM):
 self.print_step("Preparing iso and disk image")
 subprocess.check_call(["cp", "-f", cimg, iso_xz])
 subprocess.check_call(["xz", "-dvf", iso_xz])
-subprocess.check_call(["qemu-img", "create", "-f", "qcow2",
-   img_tmp, self.size])
+self.exec_qemu_img("create", "-f", "qcow2", img_tmp, self.size)
 
 self.print_step("Booting installer")
 self.boot(img_tmp, extra_args = [
diff --git a/tests/vm/netbsd b/tests/vm/netbsd
index 611e6cc5b5c..ec6f3563b25 100755
--- a/tests/vm/netbsd
+++ b/tests/vm/netbsd
@@ -77

[PATCH v1 00/16] testing and logging changes for master

2019-12-16 Thread Alex Bennée 
Hi,

This series will be my first post 4.2 PR this week. It contains a
number of testing related fixes including enabling builds for arm64,
ppc64 and s390x hosts. We also start defaulting to out-of-tree builds
in anticipation of it's deprecation.

As there is no obvious tree for logging changes I've also included
Robert's RCU series which makes the changing the the output logfile
safe and atomic.

Everything has already had a fair bit of review but if you want to
have a look be my guest. I plan to send the PR by the end of the week.

Alex Bennée (1):
  configure: allow disable of cross compilation containers

Paolo Bonzini (1):
  ci: build out-of-tree

Robert Foley (6):
  Fix double free issue in qemu_set_log_filename().
  Cleaned up flow of code in qemu_set_log(), to simplify and clarify.
  Add a mutex to guarantee single writer to qemu_logfile handle.
  qemu_log_lock/unlock now preserves the qemu_logfile handle.
  Add use of RCU for qemu_logfile.
  Added tests for close and change of logfile.

Thomas Huth (7):
  travis.yml: Run tcg tests with tci
  iotests: Provide a function for checking the creation of huge files
  iotests: Skip test 060 if it is not possible to create large files
  iotests: Skip test 079 if it is not possible to create large files
  tests/hd-geo-test: Skip test when images can not be created
  tests/test-util-filemonitor: Skip test on non-x86 Travis containers
  travis.yml: Enable builds on arm64, ppc64le and s390x

Wainer dos Santos Moschetta (1):
  tests/vm: Allow to set qemu-img path

 docs/devel/testing.rst|   6 +-
 configure |   9 ++-
 include/exec/log.h|  33 +--
 include/qemu/log.h|  48 ---
 accel/tcg/cpu-exec.c  |   4 +-
 accel/tcg/translate-all.c |   4 +-
 accel/tcg/translator.c|   4 +-
 exec.c|   4 +-
 hw/net/can/can_sja1000.c  |   4 +-
 net/can/can_socketcan.c   |   5 +-
 target/cris/translate.c   |   4 +-
 target/i386/translate.c   |   5 +-
 target/lm32/translate.c   |   4 +-
 target/microblaze/translate.c |   4 +-
 target/nios2/translate.c  |   4 +-
 target/tilegx/translate.c |   6 --
 target/unicore32/translate.c  |   4 +-
 tcg/tcg.c |  28 +
 tests/hd-geo-test.c   |  12 +++-
 tests/test-logging.c  |  80 +
 tests/test-util-filemonitor.c |  11 
 util/log.c| 100 
 .cirrus.yml   |   8 ++-
 .gitlab-ci.yml|  28 ++---
 .shippable.yml|   4 +-
 .travis.yml   | 106 +++---
 tests/qemu-iotests/005|   5 +-
 tests/qemu-iotests/060|   3 +
 tests/qemu-iotests/079|   3 +
 tests/qemu-iotests/220|   6 +-
 tests/qemu-iotests/common.rc  |  10 
 tests/tcg/configure.sh|   6 +-
 tests/vm/Makefile.include |   1 +
 tests/vm/basevm.py|   5 ++
 tests/vm/centos   |   2 +-
 tests/vm/fedora   |   4 +-
 tests/vm/freebsd  |   3 +-
 tests/vm/netbsd   |   3 +-
 tests/vm/openbsd  |   3 +-
 tests/vm/ubuntu.i386  |   2 +-
 40 files changed, 465 insertions(+), 120 deletions(-)

-- 
2.20.1

[PATCH v1 04/16] iotests: Provide a function for checking the creation of huge files

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

Some tests create huge (but sparse) files, and to be able to run those
tests in certain limited environments (like CI containers), we have to
check for the possibility to create such files first. Thus let's introduce
a common function to check for large files, and replace the already
existing checks in the iotests 005 and 220 with this function.

Reviewed-by: Alex Bennée 
Signed-off-by: Thomas Huth 
Reviewed-by: Cleber Rosa 
Tested-by: Cleber Rosa 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20191204154618.23560-2-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/005   |  5 +
 tests/qemu-iotests/220   |  6 ++
 tests/qemu-iotests/common.rc | 10 ++
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/tests/qemu-iotests/005 b/tests/qemu-iotests/005
index 58442762fe3..b6d03ac37de 100755
--- a/tests/qemu-iotests/005
+++ b/tests/qemu-iotests/005
@@ -59,10 +59,7 @@ fi
 # Sanity check: For raw, we require a file system that permits the creation
 # of a HUGE (but very sparse) file. Check we can create it before continuing.
 if [ "$IMGFMT" = "raw" ]; then
-if ! truncate --size=5T "$TEST_IMG"; then
-_notrun "file system on $TEST_DIR does not support large enough files"
-fi
-rm "$TEST_IMG"
+_require_large_file 5T
 fi
 
 echo
diff --git a/tests/qemu-iotests/220 b/tests/qemu-iotests/220
index 2d62c5dcac2..15159270d33 100755
--- a/tests/qemu-iotests/220
+++ b/tests/qemu-iotests/220
@@ -42,10 +42,8 @@ echo "== Creating huge file =="
 
 # Sanity check: We require a file system that permits the creation
 # of a HUGE (but very sparse) file.  tmpfs works, ext4 does not.
-if ! truncate --size=513T "$TEST_IMG"; then
-_notrun "file system on $TEST_DIR does not support large enough files"
-fi
-rm "$TEST_IMG"
+_require_large_file 513T
+
 IMGOPTS='cluster_size=2M,refcount_bits=1' _make_test_img 513T
 
 echo "== Populating refcounts =="
diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 0cc8acc9edd..6f0582c79af 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -643,5 +643,15 @@ _require_drivers()
 done
 }
 
+# Check that we have a file system that allows huge (but very sparse) files
+#
+_require_large_file()
+{
+if ! truncate --size="$1" "$TEST_IMG"; then
+_notrun "file system on $TEST_DIR does not support large enough files"
+fi
+rm "$TEST_IMG"
+}
+
 # make sure this script returns success
 true
-- 
2.20.1

[PATCH v1 03/16] travis.yml: Run tcg tests with tci

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

So far we only have compile coverage for tci. But since commit
2f160e0f9797c7522bfd0d09218d0c9340a5137c ("tci: Add implementation
for INDEX_op_ld16u_i64") has been included now, we can also run the
"tcg" and "qtest" tests with tci, so let's enable them in Travis now.
Since we don't gain much additional test coverage by compiling all
targets, and TCI is broken e.g. with the Sparc targets, we also limit
the target list to a reasonable subset now (which should still get us
test coverage by tests/boot-serial-test for example).

Tested-by: Stefan Weil 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Thomas Huth 
Message-Id: <20191204083133.6198-1-th...@redhat.com>
[AJB: just --enable-debug-tcg]
Signed-off-by: Alex Bennée 
---
 .travis.yml | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6cb8af6fa59..15946293ff3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -214,10 +214,11 @@ matrix:
 - TEST_CMD=""
 
 
-# We manually include builds which we disable "make check" for
+# Check the TCG interpreter (TCI)
 - env:
-- CONFIG="--enable-debug --enable-tcg-interpreter"
-- TEST_CMD=""
+- CONFIG="--enable-debug-tcg --enable-tcg-interpreter --disable-kvm 
--disable-containers
+
--target-list=alpha-softmmu,arm-softmmu,hppa-softmmu,m68k-softmmu,microblaze-softmmu,moxie-softmmu,ppc-softmmu,s390x-softmmu,x86_64-softmmu"
+- TEST_CMD="make check-qtest check-tcg V=1"
 
 
 # We don't need to exercise every backend with every front-end
-- 
2.20.1

[PATCH v1 05/16] iotests: Skip test 060 if it is not possible to create large files

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

Test 060 fails in the arm64, s390x and ppc64le LXD containers on Travis
(which we will hopefully enable in our CI soon). These containers
apparently do not allow large files to be created. The repair process
in test 060 creates a file of 64 GiB, so test first whether such large
files are possible and skip the test if that's not the case.

Signed-off-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20191204154618.23560-3-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/060 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060
index b91d8321bb8..d96f17a4846 100755
--- a/tests/qemu-iotests/060
+++ b/tests/qemu-iotests/060
@@ -49,6 +49,9 @@ _supported_fmt qcow2
 _supported_proto file
 _supported_os Linux
 
+# The repair process will create a large file - so check for availability first
+_require_large_file 64G
+
 rt_offset=65536  # 0x1 (XXX: just an assumption)
 rb_offset=131072 # 0x2 (XXX: just an assumption)
 l1_offset=196608 # 0x3 (XXX: just an assumption)
-- 
2.20.1

[PATCH v1 06/16] iotests: Skip test 079 if it is not possible to create large files

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

Test 079 fails in the arm64, s390x and ppc64le LXD containers on Travis
(which we will hopefully enable in our CI soon). These containers
apparently do not allow large files to be created. Test 079 tries to
create a 4G sparse file, which is apparently already too big for these
containers, so check first whether we can really create such files before
executing the test.

Signed-off-by: Thomas Huth 
Signed-off-by: Alex Bennée 
Message-Id: <20191204154618.23560-4-th...@redhat.com>
---
 tests/qemu-iotests/079 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qemu-iotests/079 b/tests/qemu-iotests/079
index 81f0c21f530..78536d3bbfa 100755
--- a/tests/qemu-iotests/079
+++ b/tests/qemu-iotests/079
@@ -39,6 +39,9 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
 _supported_fmt qcow2
 _supported_proto file nfs
 
+# Some containers (e.g. non-x86 on Travis) do not allow large files
+_require_large_file 4G
+
 echo "=== Check option preallocation and cluster_size ==="
 echo
 cluster_sizes="16384 32768 65536 131072 262144 524288 1048576 2097152 4194304"
-- 
2.20.1

[PATCH v1 07/16] tests/hd-geo-test: Skip test when images can not be created

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

In certain environments like restricted containers, we can not create
huge test images. To be able to use "make check" in such container
environments, too, let's skip the hd-geo-test instead of failing when
the test images could not be created.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Thomas Huth 
Signed-off-by: Alex Bennée 
Message-Id: <20191204154618.23560-5-th...@redhat.com>
---
 tests/hd-geo-test.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tests/hd-geo-test.c b/tests/hd-geo-test.c
index 7e86c5416cc..a2498005440 100644
--- a/tests/hd-geo-test.c
+++ b/tests/hd-geo-test.c
@@ -34,8 +34,13 @@ static char *create_test_img(int secs)
 fd = mkstemp(template);
 g_assert(fd >= 0);
 ret = ftruncate(fd, (off_t)secs * 512);
-g_assert(ret == 0);
 close(fd);
+
+if (ret) {
+free(template);
+template = NULL;
+}
+
 return template;
 }
 
@@ -934,6 +939,10 @@ int main(int argc, char **argv)
 for (i = 0; i < backend_last; i++) {
 if (img_secs[i] >= 0) {
 img_file_name[i] = create_test_img(img_secs[i]);
+if (!img_file_name[i]) {
+g_test_message("Could not create test images.");
+goto test_add_done;
+}
 } else {
 img_file_name[i] = NULL;
 }
@@ -965,6 +974,7 @@ int main(int argc, char **argv)
"skipping hd-geo/override/* tests");
 }
 
+test_add_done:
 ret = g_test_run();
 
 for (i = 0; i < backend_last; i++) {
-- 
2.20.1

[PATCH v1 08/16] tests/test-util-filemonitor: Skip test on non-x86 Travis containers

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

test-util-filemonitor fails in restricted non-x86 Travis containers
since they apparently blacklisted some required system calls there.
Let's simply skip the test if we detect such an environment.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Signed-off-by: Thomas Huth 
Signed-off-by: Alex Bennée 
Message-Id: <20191204154618.23560-6-th...@redhat.com>
---
 tests/test-util-filemonitor.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/tests/test-util-filemonitor.c b/tests/test-util-filemonitor.c
index 301cd2db619..45009c69f41 100644
--- a/tests/test-util-filemonitor.c
+++ b/tests/test-util-filemonitor.c
@@ -406,10 +406,21 @@ test_file_monitor_events(void)
 char *pathdst = NULL;
 QFileMonitorTestData data;
 GHashTable *ids = g_hash_table_new(g_int64_hash, g_int64_equal);
+char *travis_arch;
 
 qemu_mutex_init(&data.lock);
 data.records = NULL;
 
+/*
+ * This test does not work on Travis LXD containers since some
+ * syscalls are blocked in that environment.
+ */
+travis_arch = getenv("TRAVIS_ARCH");
+if (travis_arch && !g_str_equal(travis_arch, "x86_64")) {
+g_test_skip("Test does not work on non-x86 Travis containers.");
+return;
+}
+
 /*
  * The file monitor needs the main loop running in
  * order to receive events from inotify. We must
-- 
2.20.1

[PATCH v1 09/16] travis.yml: Enable builds on arm64, ppc64le and s390x

2019-12-16 Thread Alex Bennée 
From: Thomas Huth 

Travis recently added the possibility to test on these architectures,
too, so let's enable them in our travis.yml file to extend our test
coverage.

Unfortunately, the libssh in this Ubuntu version (bionic) is in a pretty
unusable Frankenstein state and libspice-server-dev is not available here,
so we can not use the global list of packages to install, but have to
provide individual package lists instead.

Also, some of the iotests crash when using "dist: bionic" on arm64
and ppc64le, thus these two builders have to use "dist: xenial" until
the problem is understood / fixed.

Signed-off-by: Thomas Huth 
Acked-by: David Gibson 
Message-Id: <20191204154618.23560-8-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
 .travis.yml | 86 +
 1 file changed, 86 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 15946293ff3..b68566b1fe9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -354,6 +354,92 @@ matrix:
 - TEST_CMD="make -j3 check-tcg V=1"
 - CACHE_NAME="${TRAVIS_BRANCH}-linux-gcc-debug-tcg"
 
+- arch: arm64
+  dist: xenial
+  addons:
+apt_packages:
+  - libaio-dev
+  - libattr1-dev
+  - libbrlapi-dev
+  - libcap-ng-dev
+  - libgcrypt20-dev
+  - libgnutls28-dev
+  - libgtk-3-dev
+  - libiscsi-dev
+  - liblttng-ust-dev
+  - libncurses5-dev
+  - libnfs-dev
+  - libnss3-dev
+  - libpixman-1-dev
+  - libpng-dev
+  - librados-dev
+  - libsdl2-dev
+  - libseccomp-dev
+  - liburcu-dev
+  - libusb-1.0-0-dev
+  - libvdeplug-dev
+  - libvte-2.91-dev
+  env:
+- TEST_CMD="make check check-tcg V=1"
+- CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS}"
+
+- arch: ppc64le
+  dist: xenial
+  addons:
+apt_packages:
+  - libaio-dev
+  - libattr1-dev
+  - libbrlapi-dev
+  - libcap-ng-dev
+  - libgcrypt20-dev
+  - libgnutls28-dev
+  - libgtk-3-dev
+  - libiscsi-dev
+  - liblttng-ust-dev
+  - libncurses5-dev
+  - libnfs-dev
+  - libnss3-dev
+  - libpixman-1-dev
+  - libpng-dev
+  - librados-dev
+  - libsdl2-dev
+  - libseccomp-dev
+  - liburcu-dev
+  - libusb-1.0-0-dev
+  - libvdeplug-dev
+  - libvte-2.91-dev
+  env:
+- TEST_CMD="make check check-tcg V=1"
+- CONFIG="--disable-containers 
--target-list=${MAIN_SOFTMMU_TARGETS},ppc64le-linux-user"
+
+- arch: s390x
+  dist: bionic
+  addons:
+apt_packages:
+  - libaio-dev
+  - libattr1-dev
+  - libbrlapi-dev
+  - libcap-ng-dev
+  - libgcrypt20-dev
+  - libgnutls28-dev
+  - libgtk-3-dev
+  - libiscsi-dev
+  - liblttng-ust-dev
+  - libncurses5-dev
+  - libnfs-dev
+  - libnss3-dev
+  - libpixman-1-dev
+  - libpng-dev
+  - librados-dev
+  - libsdl2-dev
+  - libseccomp-dev
+  - liburcu-dev
+  - libusb-1.0-0-dev
+  - libvdeplug-dev
+  - libvte-2.91-dev
+  env:
+- TEST_CMD="make check check-tcg V=1"
+- CONFIG="--disable-containers 
--target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
 
 # Release builds
 # The make-release script expect a QEMU version, so our tag must start 
with a 'v'.
-- 
2.20.1

[PATCH v1 10/16] ci: build out-of-tree

2019-12-16 Thread Alex Bennée 
From: Paolo Bonzini 

Most developers are using out-of-tree builds and it was discussed in the past
to only allow those.  To prepare for the transition, use out-of-tree builds
in all continuous integration jobs.

Based on a patch by Marc-André Lureau.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Alex Bennée 
Message-Id: <1576074829-56711-1-git-send-email-pbonz...@redhat.com>
---
 configure  |  1 +
 .cirrus.yml|  8 ++--
 .gitlab-ci.yml | 28 +---
 .shippable.yml |  4 +++-
 .travis.yml| 13 -
 5 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/configure b/configure
index 419e1554978..49dd65611db 100755
--- a/configure
+++ b/configure
@@ -6427,6 +6427,7 @@ else
 echo "local state directory   queried at runtime"
 echo "Windows SDK   $win_sdk"
 fi
+echo "Build directory   $(pwd)"
 echo "Source path   $source_path"
 echo "GIT binary$git"
 echo "GIT submodules$git_submodules"
diff --git a/.cirrus.yml b/.cirrus.yml
index 27efc48619b..90645fede6b 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -22,7 +22,9 @@ macos_task:
   install_script:
 - brew install pkg-config python gnu-sed glib pixman make sdl2
   script:
-- ./configure --python=/usr/local/bin/python3 || { cat config.log; exit 1; 
}
+- mkdir build
+- cd build
+- ../configure --python=/usr/local/bin/python3 || { cat config.log; exit 
1; }
 - gmake -j$(sysctl -n hw.ncpu)
 - gmake check -j$(sysctl -n hw.ncpu)
 
@@ -33,6 +35,8 @@ macos_xcode_task:
   install_script:
 - brew install pkg-config gnu-sed glib pixman make sdl2
   script:
-- ./configure --cc=clang || { cat config.log; exit 1; }
+- mkdir build
+- cd build
+- ../configure --cc=clang || { cat config.log; exit 1; }
 - gmake -j$(sysctl -n hw.ncpu)
 - gmake check -j$(sysctl -n hw.ncpu)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 62a96097983..9707902e12a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,9 @@ build-system1:
  script:
  - apt-get install -y -qq libgtk-3-dev libvte-dev nettle-dev libcacard-dev
   libusb-dev libvde-dev libspice-protocol-dev libgl1-mesa-dev 
libvdeplug-dev
- - ./configure --enable-werror --target-list="aarch64-softmmu alpha-softmmu
+ - mkdir build
+ - cd build
+ - ../configure --enable-werror --target-list="aarch64-softmmu alpha-softmmu
   cris-softmmu hppa-softmmu lm32-softmmu moxie-softmmu microblazeel-softmmu
   mips64el-softmmu m68k-softmmu ppc-softmmu riscv64-softmmu sparc-softmmu"
  - make -j2
@@ -16,7 +18,9 @@ build-system2:
  script:
  - apt-get install -y -qq libsdl2-dev libgcrypt-dev libbrlapi-dev libaio-dev
   libfdt-dev liblzo2-dev librdmacm-dev libibverbs-dev libibumad-dev
- - ./configure --enable-werror --target-list="tricore-softmmu unicore32-softmmu
+ - mkdir build
+ - cd build
+ - ../configure --enable-werror --target-list="tricore-softmmu 
unicore32-softmmu
   microblaze-softmmu mips-softmmu riscv32-softmmu s390x-softmmu sh4-softmmu
   sparc64-softmmu x86_64-softmmu xtensa-softmmu nios2-softmmu or1k-softmmu"
  - make -j2
@@ -24,7 +28,9 @@ build-system2:
 
 build-disabled:
  script:
- - ./configure --enable-werror --disable-rdma --disable-slirp --disable-curl
+ - mkdir build
+ - cd build
+ - ../configure --enable-werror --disable-rdma --disable-slirp --disable-curl
   --disable-capstone --disable-live-block-migration --disable-glusterfs
   --disable-replication --disable-coroutine-pool --disable-smartcard
   --disable-guest-agent --disable-curses --disable-libxml2 --disable-tpm
@@ -37,7 +43,9 @@ build-disabled:
 build-tcg-disabled:
  script:
  - apt-get install -y -qq clang libgtk-3-dev libbluetooth-dev libusb-dev
- - ./configure --cc=clang --enable-werror --disable-tcg --audio-drv-list=""
+ - mkdir build
+ - cd build
+ - ../configure --cc=clang --enable-werror --disable-tcg --audio-drv-list=""
  - make -j2
  - make check-unit
  - make check-qapi-schema
@@ -52,7 +60,9 @@ build-tcg-disabled:
 
 build-user:
  script:
- - ./configure --enable-werror --disable-system --disable-guest-agent
+ - mkdir build
+ - cd build
+ - ../configure --enable-werror --disable-system --disable-guest-agent
--disable-capstone --disable-slirp --disable-fdt
  - make -j2
  - make run-tcg-tests-i386-linux-user run-tcg-tests-x86_64-linux-user
@@ -61,7 +71,9 @@ build-clang:
  script:
  - apt-get install -y -qq clang libsdl2-dev libattr1-dev libcap-ng-dev
   xfslibs-dev libiscsi-dev libnfs-dev libseccomp-dev gnutls-dev librbd-dev
- - ./configure --cc=clang --cxx=clang++ --enable-werror
+ - mkdir build
+ - cd build
+ - ../configure --cc=clang --cxx=clang++ --enable-werror
   --target-list="alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu
  ppc-softmmu s390x-softmmu x86_64-softmmu arm-linux-user"
  - make -j2
@@ -70,7 +82,9 @@ build-clang:
 build-tci:
  script:
  - TARGETS="aarch64 alpha arm hppa m68k microblaze moxie ppc64 s390x x86_64"
- - ./configure --ena

[PULL 00/34] target-arm queue

2019-12-16 Thread Peter Maydell 


First arm pullreq of 5.0!

The following changes since commit 084a398bf8aa7634738e6c6c0103236ee1b3b72f:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into 
staging (2019-12-13 18:14:07 +)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20191216-1

for you to fetch changes up to f80741d107673f162e3b097fc76a1590036cc9d1:

  target/arm: ensure we use current exception state after SCR update 
(2019-12-16 10:52:58 +)


target-arm queue:
 * Add support for Cortex-M7 CPU
 * exynos4210_gic: Suppress gcc9 format-truncation warnings
 * aspeed: Various minor bug fixes and improvements
 * aspeed: Add support for the tacoma-bmc board
 * Honour HCR_EL32.TID1 and .TID2 trapping requirements
 * Handle trapping to EL2 of AArch32 VMRS instructions
 * Handle AArch32 CP15 trapping via HSTR_EL2
 * Add support for missing Jazelle system registers
 * arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on
 * Add support for DC CVAP & DC CVADP instructions
 * Fix assertion when SCR.NS is changed in Secure-SVC &c
 * enable SHPC native hot plug in arm ACPI


Alex Bennée (1):
  target/arm: ensure we use current exception state after SCR update

Beata Michalska (4):
  tcg: cputlb: Add probe_read
  Memory: Enable writeback for given memory region
  migration: ram: Switch to ram block writeback
  target/arm: Add support for DC CVAP & DC CVADP ins

Christophe Lyon (1):
  target/arm: Add support for cortex-m7 CPU

Cédric Le Goater (12):
  aspeed/i2c: Add support for pool buffer transfers
  aspeed/i2c: Check SRAM enablement on AST2500
  aspeed: Add a DRAM memory region at the SoC level
  aspeed/i2c: Add support for DMA transfers
  aspeed/i2c: Add trace events
  aspeed/smc: Restore default AHB window mapping at reset
  aspeed/smc: Do not map disabled segment on the AST2600
  aspeed/smc: Add AST2600 timings registers
  aspeed: Remove AspeedBoardConfig array and use AspeedMachineClass
  aspeed: Add support for the tacoma-bmc board
  aspeed: Change the "scu" property definition
  aspeed: Change the "nic" property definition

David Gibson (1):
  exynos4210_gic: Suppress gcc9 format-truncation warnings

Heyi Guo (2):
  hw/arm/acpi: simplify AML bit and/or statement
  hw/arm/acpi: enable SHPC native hot plug

Joel Stanley (4):
  aspeed/sdmc: Make ast2600 default 1G
  aspeed/scu: Fix W1C behavior
  watchdog/aspeed: Improve watchdog timeout message
  watchdog/aspeed: Fix AST2600 frequency behaviour

Marc Zyngier (5):
  target/arm: Honor HCR_EL2.TID2 trapping requirements
  target/arm: Honor HCR_EL2.TID1 trapping requirements
  target/arm: Handle trapping to EL2 of AArch32 VMRS instructions
  target/arm: Handle AArch32 CP15 trapping via HSTR_EL2
  target/arm: Add support for missing Jazelle system registers

Niek Linnenbank (1):
  arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on()

PanNengyuan (1):
  gpio: fix memory leak in aspeed_gpio_init()

Philippe Mathieu-Daudé (2):
  hw/arm/sbsa-ref: Simplify by moving the gic in the machine state
  hw/arm/virt: Simplify by moving the gic in the machine state

 include/exec/exec-all.h   |   6 +
 include/exec/memory.h |   6 +
 include/exec/ram_addr.h   |   8 +
 include/hw/arm/aspeed.h   |  24 +--
 include/hw/arm/aspeed_soc.h   |   1 +
 include/hw/arm/virt.h |   1 +
 include/hw/i2c/aspeed_i2c.h   |  16 ++
 include/hw/ssi/aspeed_smc.h   |   1 +
 include/hw/watchdog/wdt_aspeed.h  |   1 +
 include/qemu/cutils.h |   1 +
 target/arm/cpu.h  |  20 +-
 target/arm/helper.h   |   3 +
 target/arm/translate.h|   2 +
 exec.c|  36 
 hw/arm/aspeed.c   | 271 +--
 hw/arm/aspeed_ast2600.c   |  25 ++-
 hw/arm/aspeed_soc.c   |  22 +-
 hw/arm/sbsa-ref.c |  86 
 hw/arm/virt-acpi-build.c  |  21 +-
 hw/arm/virt.c | 109 +-
 hw/gpio/aspeed_gpio.c |   1 +
 hw/i2c/aspeed_i2c.c   | 439 +++---
 hw/intc/exynos4210_gic.c  |   9 +-
 hw/misc/aspeed_scu.c  |  19 +-
 hw/misc/aspeed_sdmc.c |   6 +-
 hw/net/ftgmac100.c|  19 +-
 hw/ssi/aspeed_smc.c   |  63 --
 hw/timer/aspeed_timer.c   |  17 +-
 hw/watchdog/wdt_aspeed.c  |  41 ++--
 linux-user/elfload.c  |   2 +
 memory.c  |  12 ++
 migration/ram.c   |   5 +-
 target/arm/arm-powerctl.c |   3 +
 target/arm/cpu.c

[PATCH v1 11/16] Fix double free issue in qemu_set_log_filename().

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

After freeing the logfilename, we set logfilename to NULL, in case of an
error which returns without setting logfilename.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-2-robert.fo...@linaro.org>
---
 util/log.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/log.c b/util/log.c
index 1ca13059eef..4316fe74eee 100644
--- a/util/log.c
+++ b/util/log.c
@@ -113,6 +113,7 @@ void qemu_set_log_filename(const char *filename, Error 
**errp)
 {
 char *pidstr;
 g_free(logfilename);
+logfilename = NULL;
 
 pidstr = strstr(filename, "%");
 if (pidstr) {
-- 
2.20.1

[PULL 04/34] aspeed/i2c: Check SRAM enablement on AST2500

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The SRAM must be enabled before using the Buffer Pool mode or the DMA
mode. This is not required on other SoCs.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Tested-by: Jae Hyun Yoo 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-3-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/i2c/aspeed_i2c.h |  3 +++
 hw/i2c/aspeed_i2c.c | 37 +
 2 files changed, 40 insertions(+)

diff --git a/include/hw/i2c/aspeed_i2c.h b/include/hw/i2c/aspeed_i2c.h
index 5313d07aa72..7a555072dfb 100644
--- a/include/hw/i2c/aspeed_i2c.h
+++ b/include/hw/i2c/aspeed_i2c.h
@@ -61,6 +61,7 @@ typedef struct AspeedI2CState {
 qemu_irq irq;
 
 uint32_t intr_status;
+uint32_t ctrl_global;
 MemoryRegion pool_iomem;
 uint8_t pool[ASPEED_I2C_MAX_POOL_SIZE];
 
@@ -83,6 +84,8 @@ typedef struct AspeedI2CClass {
 uint64_t pool_size;
 hwaddr pool_base;
 uint8_t *(*bus_pool_base)(AspeedI2CBus *);
+bool check_sram;
+
 } AspeedI2CClass;
 
 I2CBus *aspeed_i2c_get_bus(DeviceState *dev, int busnr);
diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index e21f45d9686..c7929aa2850 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -31,6 +31,8 @@
 #define I2C_CTRL_STATUS 0x00/* Device Interrupt Status */
 #define I2C_CTRL_ASSIGN 0x08/* Device Interrupt Target
Assignment */
+#define I2C_CTRL_GLOBAL 0x0C/* Global Control Register */
+#define   I2C_CTRL_SRAM_EN BIT(0)
 
 /* I2C Device (Bus) Register */
 
@@ -271,6 +273,29 @@ static uint8_t aspeed_i2c_get_addr(AspeedI2CBus *bus)
 }
 }
 
+static bool aspeed_i2c_check_sram(AspeedI2CBus *bus)
+{
+AspeedI2CState *s = bus->controller;
+AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(s);
+
+if (!aic->check_sram) {
+return true;
+}
+
+/*
+ * AST2500: SRAM must be enabled before using the Buffer Pool or
+ * DMA mode.
+ */
+if (!(s->ctrl_global & I2C_CTRL_SRAM_EN) &&
+(bus->cmd & (I2CD_RX_DMA_ENABLE | I2CD_TX_DMA_ENABLE |
+ I2CD_RX_BUFF_ENABLE | I2CD_TX_BUFF_ENABLE))) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: SRAM is not enabled\n", __func__);
+return false;
+}
+
+return true;
+}
+
 /*
  * The state machine needs some refinement. It is only used to track
  * invalid STOP commands for the moment.
@@ -282,6 +307,10 @@ static void aspeed_i2c_bus_handle_cmd(AspeedI2CBus *bus, 
uint64_t value)
 bus->cmd &= ~0x;
 bus->cmd |= value & 0x;
 
+if (!aspeed_i2c_check_sram(bus)) {
+return;
+}
+
 if (bus->cmd & I2CD_M_START_CMD) {
 uint8_t state = aspeed_i2c_get_state(bus) & I2CD_MACTIVE ?
 I2CD_MSTARTR : I2CD_MSTART;
@@ -436,6 +465,8 @@ static uint64_t aspeed_i2c_ctrl_read(void *opaque, hwaddr 
offset,
 switch (offset) {
 case I2C_CTRL_STATUS:
 return s->intr_status;
+case I2C_CTRL_GLOBAL:
+return s->ctrl_global;
 default:
 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIx "\n",
   __func__, offset);
@@ -448,7 +479,12 @@ static uint64_t aspeed_i2c_ctrl_read(void *opaque, hwaddr 
offset,
 static void aspeed_i2c_ctrl_write(void *opaque, hwaddr offset,
   uint64_t value, unsigned size)
 {
+AspeedI2CState *s = opaque;
+
 switch (offset) {
+case I2C_CTRL_GLOBAL:
+s->ctrl_global = value;
+break;
 case I2C_CTRL_STATUS:
 default:
 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIx "\n",
@@ -684,6 +720,7 @@ static void aspeed_2500_i2c_class_init(ObjectClass *klass, 
void *data)
 aic->pool_size = 0x100;
 aic->pool_base = 0x200;
 aic->bus_pool_base = aspeed_2500_i2c_bus_pool_base;
+aic->check_sram = true;
 }
 
 static const TypeInfo aspeed_2500_i2c_info = {
-- 
2.20.1

[PATCH v1 13/16] Add a mutex to guarantee single writer to qemu_logfile handle.

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

Also added qemu_logfile_init() for initializing the logfile mutex.

Note that inside qemu_set_log() we needed to add a pair of
qemu_mutex_unlock() calls in order to avoid a double lock in
qemu_log_close().  This unavoidable temporary ugliness will be
cleaned up in a later patch in this series.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-4-robert.fo...@linaro.org>
---
 util/log.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/util/log.c b/util/log.c
index 417d16ec66e..953a66b5a8d 100644
--- a/util/log.c
+++ b/util/log.c
@@ -24,8 +24,10 @@
 #include "qapi/error.h"
 #include "qemu/cutils.h"
 #include "trace/control.h"
+#include "qemu/thread.h"
 
 static char *logfilename;
+static QemuMutex qemu_logfile_mutex;
 FILE *qemu_logfile;
 int qemu_loglevel;
 static int log_append = 0;
@@ -49,6 +51,11 @@ int qemu_log(const char *fmt, ...)
 return ret;
 }
 
+static void __attribute__((__constructor__)) qemu_logfile_init(void)
+{
+qemu_mutex_init(&qemu_logfile_mutex);
+}
+
 static bool log_uses_own_buffers;
 
 /* enable or disable low levels log */
@@ -70,7 +77,9 @@ void qemu_set_log(int log_flags)
 if (qemu_loglevel && (!is_daemonized() || logfilename)) {
 need_to_open_file = true;
 }
+qemu_mutex_lock(&qemu_logfile_mutex);
 if (qemu_logfile && !need_to_open_file) {
+qemu_mutex_unlock(&qemu_logfile_mutex);
 qemu_log_close();
 } else if (!qemu_logfile && need_to_open_file) {
 if (logfilename) {
@@ -105,6 +114,7 @@ void qemu_set_log(int log_flags)
 #endif
 log_append = 1;
 }
+qemu_mutex_unlock(&qemu_logfile_mutex);
 }
 }
 
@@ -240,12 +250,14 @@ void qemu_log_flush(void)
 /* Close the log file */
 void qemu_log_close(void)
 {
+qemu_mutex_lock(&qemu_logfile_mutex);
 if (qemu_logfile) {
 if (qemu_logfile != stderr) {
 fclose(qemu_logfile);
 }
 qemu_logfile = NULL;
 }
+qemu_mutex_unlock(&qemu_logfile_mutex);
 }
 
 const QEMULogItem qemu_log_items[] = {
-- 
2.20.1

[PULL 09/34] aspeed/scu: Fix W1C behavior

2019-12-16 Thread Peter Maydell 
From: Joel Stanley 

This models the clock write one to clear registers, and fixes up some
incorrect behavior in all of the write to clear registers.

There was also a typo in one of the register definitions.

Reviewed-by: Cédric Le Goater 
Reviewed-by: Alex Bennée 
Signed-off-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-8-...@kaod.org
[clg: checkpatch.pl fixes ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: Peter Maydell 
---
 hw/misc/aspeed_scu.c | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index 717509bc546..f62fa25e347 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -98,7 +98,7 @@
 #define AST2600_CLK_STOP_CTRL TO_REG(0x80)
 #define AST2600_CLK_STOP_CTRL_CLR TO_REG(0x84)
 #define AST2600_CLK_STOP_CTRL2 TO_REG(0x90)
-#define AST2600_CLK_STOP_CTR2L_CLR TO_REG(0x94)
+#define AST2600_CLK_STOP_CTRL2_CLR TO_REG(0x94)
 #define AST2600_SDRAM_HANDSHAKE   TO_REG(0x100)
 #define AST2600_HPLL_PARAMTO_REG(0x200)
 #define AST2600_HPLL_EXT  TO_REG(0x204)
@@ -532,11 +532,13 @@ static uint64_t aspeed_ast2600_scu_read(void *opaque, 
hwaddr offset,
 return s->regs[reg];
 }
 
-static void aspeed_ast2600_scu_write(void *opaque, hwaddr offset, uint64_t 
data,
- unsigned size)
+static void aspeed_ast2600_scu_write(void *opaque, hwaddr offset,
+ uint64_t data64, unsigned size)
 {
 AspeedSCUState *s = ASPEED_SCU(opaque);
 int reg = TO_REG(offset);
+/* Truncate here so bitwise operations below behave as expected */
+uint32_t data = data64;
 
 if (reg >= ASPEED_AST2600_SCU_NR_REGS) {
 qemu_log_mask(LOG_GUEST_ERROR,
@@ -563,15 +565,22 @@ static void aspeed_ast2600_scu_write(void *opaque, hwaddr 
offset, uint64_t data,
 /* fall through */
 case AST2600_SYS_RST_CTRL:
 case AST2600_SYS_RST_CTRL2:
+case AST2600_CLK_STOP_CTRL:
+case AST2600_CLK_STOP_CTRL2:
 /* W1S (Write 1 to set) registers */
 s->regs[reg] |= data;
 return;
 case AST2600_SYS_RST_CTRL_CLR:
 case AST2600_SYS_RST_CTRL2_CLR:
+case AST2600_CLK_STOP_CTRL_CLR:
+case AST2600_CLK_STOP_CTRL2_CLR:
 case AST2600_HW_STRAP1_CLR:
 case AST2600_HW_STRAP2_CLR:
-/* W1C (Write 1 to clear) registers */
-s->regs[reg] &= ~data;
+/*
+ * W1C (Write 1 to clear) registers are offset by one address from
+ * the data register
+ */
+s->regs[reg - 1] &= ~data;
 return;
 
 case AST2600_RNG_DATA:
-- 
2.20.1

[PULL 06/34] aspeed/i2c: Add support for DMA transfers

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The I2C controller of the Aspeed AST2500 and AST2600 SoCs supports DMA
transfers to and from DRAM.

A pair of registers defines the buffer address and the length of the
DMA transfer. The address should be aligned on 4 bytes and the maximum
length should not exceed 4K. The receive or transmit DMA transfer can
then be initiated with specific bits in the Command/Status register of
the controller.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Tested-by: Jae Hyun Yoo 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-5-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/i2c/aspeed_i2c.h |   5 ++
 hw/arm/aspeed_ast2600.c |   5 ++
 hw/arm/aspeed_soc.c |   5 ++
 hw/i2c/aspeed_i2c.c | 126 +++-
 4 files changed, 138 insertions(+), 3 deletions(-)

diff --git a/include/hw/i2c/aspeed_i2c.h b/include/hw/i2c/aspeed_i2c.h
index 7a555072dfb..f1b9e5bf91e 100644
--- a/include/hw/i2c/aspeed_i2c.h
+++ b/include/hw/i2c/aspeed_i2c.h
@@ -52,6 +52,8 @@ typedef struct AspeedI2CBus {
 uint32_t cmd;
 uint32_t buf;
 uint32_t pool_ctrl;
+uint32_t dma_addr;
+uint32_t dma_len;
 } AspeedI2CBus;
 
 typedef struct AspeedI2CState {
@@ -66,6 +68,8 @@ typedef struct AspeedI2CState {
 uint8_t pool[ASPEED_I2C_MAX_POOL_SIZE];
 
 AspeedI2CBus busses[ASPEED_I2C_NR_BUSSES];
+MemoryRegion *dram_mr;
+AddressSpace dram_as;
 } AspeedI2CState;
 
 #define ASPEED_I2C_CLASS(klass) \
@@ -85,6 +89,7 @@ typedef struct AspeedI2CClass {
 hwaddr pool_base;
 uint8_t *(*bus_pool_base)(AspeedI2CBus *);
 bool check_sram;
+bool has_dma;
 
 } AspeedI2CClass;
 
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index a403c2aae06..0881eb25983 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -343,6 +343,11 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
Error **errp)
 }
 
 /* I2C */
+object_property_set_link(OBJECT(&s->i2c), OBJECT(s->dram_mr), "dram", 
&err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
 object_property_set_bool(OBJECT(&s->i2c), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index dd1ee0e3336..b01c9774419 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -311,6 +311,11 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 }
 
 /* I2C */
+object_property_set_link(OBJECT(&s->i2c), OBJECT(s->dram_mr), "dram", 
&err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
 object_property_set_bool(OBJECT(&s->i2c), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index c7929aa2850..030d9c56be6 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -23,8 +23,11 @@
 #include "migration/vmstate.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
+#include "qemu/error-report.h"
+#include "qapi/error.h"
 #include "hw/i2c/aspeed_i2c.h"
 #include "hw/irq.h"
+#include "hw/qdev-properties.h"
 
 /* I2C Global Register */
 
@@ -138,7 +141,8 @@
 #define   I2CD_BYTE_BUF_TX_MASK0xff
 #define   I2CD_BYTE_BUF_RX_SHIFT   8
 #define   I2CD_BYTE_BUF_RX_MASK0xff
-
+#define I2CD_DMA_ADDR   0x24   /* DMA Buffer Address */
+#define I2CD_DMA_LEN0x28   /* DMA Transfer Length < 4KB */
 
 static inline bool aspeed_i2c_bus_is_master(AspeedI2CBus *bus)
 {
@@ -165,6 +169,7 @@ static uint64_t aspeed_i2c_bus_read(void *opaque, hwaddr 
offset,
 unsigned size)
 {
 AspeedI2CBus *bus = opaque;
+AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
 
 switch (offset) {
 case I2CD_FUN_CTRL_REG:
@@ -183,6 +188,18 @@ static uint64_t aspeed_i2c_bus_read(void *opaque, hwaddr 
offset,
 return bus->buf;
 case I2CD_CMD_REG:
 return bus->cmd | (i2c_bus_busy(bus->bus) << 16);
+case I2CD_DMA_ADDR:
+if (!aic->has_dma) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: No DMA support\n",  __func__);
+return -1;
+}
+return bus->dma_addr;
+case I2CD_DMA_LEN:
+if (!aic->has_dma) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: No DMA support\n",  __func__);
+return -1;
+}
+return bus->dma_len;
 default:
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__, offset);
@@ -201,6 +218,24 @@ static uint8_t aspeed_i2c_get_state(AspeedI2CBus *bus)
 return (bus->cmd >> I2CD_TX_STATE_SHIFT) & I2CD_TX_STATE_MASK;
 }
 
+static int aspeed_i2c_dma_read(AspeedI2CBus *bus, uint8_t *data)
+{
+MemTxResult result;
+AspeedI2CState *s = bus->controller;
+
+result = address_space_read(&s->dram_as, bus->dma_addr,
+ME

[PULL 07/34] aspeed/i2c: Add trace events

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Tested-by: Jae Hyun Yoo 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-6-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/i2c/aspeed_i2c.c | 93 ++---
 hw/i2c/trace-events |  9 +
 2 files changed, 89 insertions(+), 13 deletions(-)

diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 030d9c56be6..2da04a4bff3 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -28,6 +28,7 @@
 #include "hw/i2c/aspeed_i2c.h"
 #include "hw/irq.h"
 #include "hw/qdev-properties.h"
+#include "trace.h"
 
 /* I2C Global Register */
 
@@ -158,6 +159,13 @@ static inline void 
aspeed_i2c_bus_raise_interrupt(AspeedI2CBus *bus)
 {
 AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
 
+trace_aspeed_i2c_bus_raise_interrupt(bus->intr_status,
+  bus->intr_status & I2CD_INTR_TX_NAK ? "nak|" : "",
+  bus->intr_status & I2CD_INTR_TX_ACK ? "ack|" : "",
+  bus->intr_status & I2CD_INTR_RX_DONE ? "done|" : "",
+  bus->intr_status & I2CD_INTR_NORMAL_STOP ? "normal|" : "",
+  bus->intr_status & I2CD_INTR_ABNORMAL ? "abnormal" : "");
+
 bus->intr_status &= bus->intr_ctrl;
 if (bus->intr_status) {
 bus->controller->intr_status |= 1 << bus->id;
@@ -170,41 +178,57 @@ static uint64_t aspeed_i2c_bus_read(void *opaque, hwaddr 
offset,
 {
 AspeedI2CBus *bus = opaque;
 AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
+uint64_t value = -1;
 
 switch (offset) {
 case I2CD_FUN_CTRL_REG:
-return bus->ctrl;
+value = bus->ctrl;
+break;
 case I2CD_AC_TIMING_REG1:
-return bus->timing[0];
+value = bus->timing[0];
+break;
 case I2CD_AC_TIMING_REG2:
-return bus->timing[1];
+value = bus->timing[1];
+break;
 case I2CD_INTR_CTRL_REG:
-return bus->intr_ctrl;
+value = bus->intr_ctrl;
+break;
 case I2CD_INTR_STS_REG:
-return bus->intr_status;
+value = bus->intr_status;
+break;
 case I2CD_POOL_CTRL_REG:
-return bus->pool_ctrl;
+value = bus->pool_ctrl;
+break;
 case I2CD_BYTE_BUF_REG:
-return bus->buf;
+value = bus->buf;
+break;
 case I2CD_CMD_REG:
-return bus->cmd | (i2c_bus_busy(bus->bus) << 16);
+value = bus->cmd | (i2c_bus_busy(bus->bus) << 16);
+break;
 case I2CD_DMA_ADDR:
 if (!aic->has_dma) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: No DMA support\n",  __func__);
-return -1;
+break;
 }
-return bus->dma_addr;
+value = bus->dma_addr;
+break;
 case I2CD_DMA_LEN:
 if (!aic->has_dma) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: No DMA support\n",  __func__);
-return -1;
+break;
 }
-return bus->dma_len;
+value = bus->dma_len;
+break;
+
 default:
 qemu_log_mask(LOG_GUEST_ERROR,
   "%s: Bad offset 0x%" HWADDR_PRIx "\n", __func__, offset);
-return -1;
+value = -1;
+break;
 }
+
+trace_aspeed_i2c_bus_read(bus->id, offset, size, value);
+return value;
 }
 
 static void aspeed_i2c_set_state(AspeedI2CBus *bus, uint8_t state)
@@ -246,6 +270,9 @@ static int aspeed_i2c_bus_send(AspeedI2CBus *bus, uint8_t 
pool_start)
 for (i = pool_start; i < I2CD_POOL_TX_COUNT(bus->pool_ctrl); i++) {
 uint8_t *pool_base = aic->bus_pool_base(bus);
 
+trace_aspeed_i2c_bus_send("BUF", i + 1,
+  I2CD_POOL_TX_COUNT(bus->pool_ctrl),
+  pool_base[i]);
 ret = i2c_send(bus->bus, pool_base[i]);
 if (ret) {
 break;
@@ -256,6 +283,7 @@ static int aspeed_i2c_bus_send(AspeedI2CBus *bus, uint8_t 
pool_start)
 while (bus->dma_len) {
 uint8_t data;
 aspeed_i2c_dma_read(bus, &data);
+trace_aspeed_i2c_bus_send("DMA", bus->dma_len, bus->dma_len, data);
 ret = i2c_send(bus->bus, data);
 if (ret) {
 break;
@@ -263,6 +291,7 @@ static int aspeed_i2c_bus_send(AspeedI2CBus *bus, uint8_t 
pool_start)
 }
 bus->cmd &= ~I2CD_TX_DMA_ENABLE;
 } else {
+trace_aspeed_i2c_bus_send("BYTE", pool_start, 1, bus->buf);
 ret = i2c_send(bus->bus, bus->buf);
 }
 
@@ -281,6 +310,9 @@ static void aspeed_i2c_bus_recv(AspeedI2CBus *bus)
 
 for (i = 0; i < I2CD_POOL_RX_SIZE(bus->pool_ctrl); i++) {
 pool_base[i] = i2c_recv(bus->bus);
+trace_aspeed_i2c_bus_recv("BUF", i + 1,
+  I2CD_POOL_RX_SIZE(bus->pool_ctrl),
+  pool_base[i]);
 }

[PULL 01/34] target/arm: Add support for cortex-m7 CPU

2019-12-16 Thread Peter Maydell 
From: Christophe Lyon 

This is derived from cortex-m4 description, adding DP support and FPv5
instructions with the corresponding flags in isar and mvfr2.

Checked that it could successfully execute
vrinta.f32 s15, s15
while cortex-m4 emulation rejects it with "illegal instruction".

Signed-off-by: Christophe Lyon 
Reviewed-by: Alex Bennée 
Reviewed-by: Peter Maydell 
Message-id: 20191025090841.10299-1-christophe.l...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.c | 33 +
 1 file changed, 33 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 7a4ac9339bf..dd51adac059 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1975,6 +1975,37 @@ static void cortex_m4_initfn(Object *obj)
 cpu->isar.id_isar6 = 0x;
 }
 
+static void cortex_m7_initfn(Object *obj)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+set_feature(&cpu->env, ARM_FEATURE_V7);
+set_feature(&cpu->env, ARM_FEATURE_M);
+set_feature(&cpu->env, ARM_FEATURE_M_MAIN);
+set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
+set_feature(&cpu->env, ARM_FEATURE_VFP4);
+cpu->midr = 0x411fc272; /* r1p2 */
+cpu->pmsav7_dregion = 8;
+cpu->isar.mvfr0 = 0x10110221;
+cpu->isar.mvfr1 = 0x1211;
+cpu->isar.mvfr2 = 0x0040;
+cpu->id_pfr0 = 0x0030;
+cpu->id_pfr1 = 0x0200;
+cpu->id_dfr0 = 0x0010;
+cpu->id_afr0 = 0x;
+cpu->id_mmfr0 = 0x00100030;
+cpu->id_mmfr1 = 0x;
+cpu->id_mmfr2 = 0x0100;
+cpu->id_mmfr3 = 0x;
+cpu->isar.id_isar0 = 0x01101110;
+cpu->isar.id_isar1 = 0x02112000;
+cpu->isar.id_isar2 = 0x20232231;
+cpu->isar.id_isar3 = 0x0131;
+cpu->isar.id_isar4 = 0x01310132;
+cpu->isar.id_isar5 = 0x;
+cpu->isar.id_isar6 = 0x;
+}
+
 static void cortex_m33_initfn(Object *obj)
 {
 ARMCPU *cpu = ARM_CPU(obj);
@@ -2559,6 +2590,8 @@ static const ARMCPUInfo arm_cpus[] = {
  .class_init = arm_v7m_class_init },
 { .name = "cortex-m4",   .initfn = cortex_m4_initfn,
  .class_init = arm_v7m_class_init },
+{ .name = "cortex-m7",   .initfn = cortex_m7_initfn,
+ .class_init = arm_v7m_class_init },
 { .name = "cortex-m33",  .initfn = cortex_m33_initfn,
  .class_init = arm_v7m_class_init },
 { .name = "cortex-r5",   .initfn = cortex_r5_initfn },
-- 
2.20.1

[PULL 15/34] aspeed: Remove AspeedBoardConfig array and use AspeedMachineClass

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

AspeedBoardConfig is a redundant way to define class attributes and it
complexifies the machine definition and initialization.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-14-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/arm/aspeed.h |  24 ++--
 hw/arm/aspeed.c | 243 ++--
 2 files changed, 143 insertions(+), 124 deletions(-)

diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h
index f49bc7081e4..4423cd0cda7 100644
--- a/include/hw/arm/aspeed.h
+++ b/include/hw/arm/aspeed.h
@@ -13,19 +13,6 @@
 
 typedef struct AspeedBoardState AspeedBoardState;
 
-typedef struct AspeedBoardConfig {
-const char *name;
-const char *desc;
-const char *soc_name;
-uint32_t hw_strap1;
-uint32_t hw_strap2;
-const char *fmc_model;
-const char *spi_model;
-uint32_t num_cs;
-void (*i2c_init)(AspeedBoardState *bmc);
-uint32_t ram;
-} AspeedBoardConfig;
-
 #define TYPE_ASPEED_MACHINE   MACHINE_TYPE_NAME("aspeed")
 #define ASPEED_MACHINE(obj) \
 OBJECT_CHECK(AspeedMachine, (obj), TYPE_ASPEED_MACHINE)
@@ -41,7 +28,16 @@ typedef struct AspeedMachine {
 
 typedef struct AspeedMachineClass {
 MachineClass parent_obj;
-const AspeedBoardConfig *board;
+
+const char *name;
+const char *desc;
+const char *soc_name;
+uint32_t hw_strap1;
+uint32_t hw_strap2;
+const char *fmc_model;
+const char *spi_model;
+uint32_t num_cs;
+void (*i2c_init)(AspeedBoardState *bmc);
 } AspeedMachineClass;
 
 
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 028191ff36f..e34e6787430 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -167,10 +167,10 @@ static void aspeed_board_init_flashes(AspeedSMCState *s, 
const char *flashtype,
 }
 }
 
-static void aspeed_board_init(MachineState *machine,
-  const AspeedBoardConfig *cfg)
+static void aspeed_machine_init(MachineState *machine)
 {
 AspeedBoardState *bmc;
+AspeedMachineClass *amc = ASPEED_MACHINE_GET_CLASS(machine);
 AspeedSoCClass *sc;
 DriveInfo *drive0 = drive_get(IF_MTD, 0, 0);
 ram_addr_t max_ram_size;
@@ -182,18 +182,18 @@ static void aspeed_board_init(MachineState *machine,
UINT32_MAX);
 
 object_initialize_child(OBJECT(machine), "soc", &bmc->soc,
-(sizeof(bmc->soc)), cfg->soc_name, &error_abort,
+(sizeof(bmc->soc)), amc->soc_name, &error_abort,
 NULL);
 
 sc = ASPEED_SOC_GET_CLASS(&bmc->soc);
 
 object_property_set_uint(OBJECT(&bmc->soc), ram_size, "ram-size",
  &error_abort);
-object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap1, "hw-strap1",
+object_property_set_int(OBJECT(&bmc->soc), amc->hw_strap1, "hw-strap1",
 &error_abort);
-object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap2, "hw-strap2",
+object_property_set_int(OBJECT(&bmc->soc), amc->hw_strap2, "hw-strap2",
 &error_abort);
-object_property_set_int(OBJECT(&bmc->soc), cfg->num_cs, "num-cs",
+object_property_set_int(OBJECT(&bmc->soc), amc->num_cs, "num-cs",
 &error_abort);
 object_property_set_int(OBJECT(&bmc->soc), machine->smp.cpus, "num-cpus",
 &error_abort);
@@ -230,8 +230,8 @@ static void aspeed_board_init(MachineState *machine,
   "max_ram", max_ram_size  - ram_size);
 memory_region_add_subregion(&bmc->ram_container, ram_size, &bmc->max_ram);
 
-aspeed_board_init_flashes(&bmc->soc.fmc, cfg->fmc_model, &error_abort);
-aspeed_board_init_flashes(&bmc->soc.spi[0], cfg->spi_model, &error_abort);
+aspeed_board_init_flashes(&bmc->soc.fmc, amc->fmc_model, &error_abort);
+aspeed_board_init_flashes(&bmc->soc.spi[0], amc->spi_model, &error_abort);
 
 /* Install first FMC flash content as a boot rom. */
 if (drive0) {
@@ -255,8 +255,8 @@ static void aspeed_board_init(MachineState *machine,
 aspeed_board_binfo.loader_start = sc->memmap[ASPEED_SDRAM];
 aspeed_board_binfo.nb_cpus = bmc->soc.num_cpus;
 
-if (cfg->i2c_init) {
-cfg->i2c_init(bmc);
+if (amc->i2c_init) {
+amc->i2c_init(bmc);
 }
 
 for (i = 0; i < ARRAY_SIZE(bmc->soc.sdhci.slots); i++) {
@@ -383,118 +383,141 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState 
*bmc)
  0x60);
 }
 
-static void aspeed_machine_init(MachineState *machine)
-{
-AspeedMachineClass *amc = ASPEED_MACHINE_GET_CLASS(machine);
-
-aspeed_board_init(machine, amc->board);
-}
-
 static void aspeed_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
-AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
-const AspeedBoardConfig *board = data;
 
-

[PULL 02/34] exynos4210_gic: Suppress gcc9 format-truncation warnings

2019-12-16 Thread Peter Maydell 
From: David Gibson 

exynos4210_gic_realize() prints the number of cpus into some temporary
buffers, but it only allows 3 bytes space for it.  That's plenty:
existing machines will only ever set this value to EXYNOS4210_NCPUS
(2).  But the compiler can't always figure that out, so some[*] gcc9
versions emit -Wformat-truncation warnings.

We can fix that by hinting the constraint to the compiler with a
suitably placed assert().

[*] The bizarre thing here, is that I've long gotten these warnings
compiling in a 32-bit x86 container as host - Fedora 30 with
gcc-9.2.1-1.fc30.i686 - but it compiles just fine on my normal
x86_64 host - Fedora 30 with and gcc-9.2.1-1.fc30.x86_64.

Signed-off-by: David Gibson 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
[PMM: deleted stray blank line]
Signed-off-by: Peter Maydell 
---
 hw/intc/exynos4210_gic.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c
index a1b699b6bab..9a84d8522e9 100644
--- a/hw/intc/exynos4210_gic.c
+++ b/hw/intc/exynos4210_gic.c
@@ -293,6 +293,7 @@ static void exynos4210_gic_realize(DeviceState *dev, Error 
**errp)
 char cpu_alias_name[sizeof(cpu_prefix) + 3];
 char dist_alias_name[sizeof(cpu_prefix) + 3];
 SysBusDevice *gicbusdev;
+uint32_t n = s->num_cpu;
 uint32_t i;
 
 s->gic = qdev_create(NULL, "arm_gic");
@@ -313,7 +314,13 @@ static void exynos4210_gic_realize(DeviceState *dev, Error 
**errp)
 memory_region_init(&s->dist_container, obj, "exynos4210-dist-container",
 EXYNOS4210_EXT_GIC_DIST_REGION_SIZE);
 
-for (i = 0; i < s->num_cpu; i++) {
+/*
+ * This clues in gcc that our on-stack buffers do, in fact have
+ * enough room for the cpu numbers.  gcc 9.2.1 on 32-bit x86
+ * doesn't figure this out, otherwise and gives spurious warnings.
+ */
+assert(n <= EXYNOS4210_NCPUS);
+for (i = 0; i < n; i++) {
 /* Map CPU interface per SMP Core */
 sprintf(cpu_alias_name, "%s%x", cpu_prefix, i);
 memory_region_init_alias(&s->cpu_alias[i], obj,
-- 
2.20.1

[PULL 10/34] watchdog/aspeed: Improve watchdog timeout message

2019-12-16 Thread Peter Maydell 
From: Joel Stanley 

Users benefit from knowing which watchdog timer has expired. The address
of the watchdog's registers unambiguously indicates which has expired,
so log that.

Reviewed-by: Cédric Le Goater 
Reviewed-by: Alex Bennée 
Signed-off-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-9-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/watchdog/wdt_aspeed.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index 145be6f99ce..d283d07d654 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -219,7 +219,8 @@ static void aspeed_wdt_timer_expired(void *dev)
 return;
 }
 
-qemu_log_mask(CPU_LOG_RESET, "Watchdog timer expired.\n");
+qemu_log_mask(CPU_LOG_RESET, "Watchdog timer %" HWADDR_PRIx " expired.\n",
+  s->iomem.addr);
 watchdog_perform_action();
 timer_del(s->timer);
 }
-- 
2.20.1

[PULL 08/34] aspeed/sdmc: Make ast2600 default 1G

2019-12-16 Thread Peter Maydell 
From: Joel Stanley 

Most boards have this much.

Reviewed-by: Cédric Le Goater 
Reviewed-by: Alex Bennée 
Signed-off-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-7-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/misc/aspeed_sdmc.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
index f3a63a2e01d..2df3244b53c 100644
--- a/hw/misc/aspeed_sdmc.c
+++ b/hw/misc/aspeed_sdmc.c
@@ -208,10 +208,10 @@ static int ast2600_rambits(AspeedSDMCState *s)
 }
 
 /* use a common default */
-warn_report("Invalid RAM size 0x%" PRIx64 ". Using default 512M",
+warn_report("Invalid RAM size 0x%" PRIx64 ". Using default 1024M",
 s->ram_size);
-s->ram_size = 512 << 20;
-return ASPEED_SDMC_AST2600_512MB;
+s->ram_size = 1024 << 20;
+return ASPEED_SDMC_AST2600_1024MB;
 }
 
 static void aspeed_sdmc_reset(DeviceState *dev)
-- 
2.20.1

[PULL 22/34] target/arm: Handle trapping to EL2 of AArch32 VMRS instructions

2019-12-16 Thread Peter Maydell 
From: Marc Zyngier 

HCR_EL2.TID3 requires that AArch32 reads of MVFR[012] are trapped to
EL2, and HCR_EL2.TID0 does the same for reads of FPSID.
In order to handle this, introduce a new TCG helper function that
checks for these control bits before executing the VMRC instruction.

Tested with a hacked-up version of KVM/arm64 that sets the control
bits for 32bit guests.

Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Marc Zyngier 
Reviewed-by: Richard Henderson 
Message-id: 20191201122018.25808-4-...@kernel.org
[PMM: move helper declaration to helper.h; make it
 TCG_CALL_NO_WG]
Signed-off-by: Peter Maydell 
---
 target/arm/helper.h|  2 ++
 target/arm/translate-vfp.inc.c | 20 
 target/arm/vfp_helper.c| 29 +
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 3d4ec267a2c..7ce5169afb5 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -226,6 +226,8 @@ DEF_HELPER_FLAGS_2(rintd, TCG_CALL_NO_RWG, f64, f64, ptr)
 DEF_HELPER_FLAGS_2(vjcvt, TCG_CALL_NO_RWG, i32, f64, env)
 DEF_HELPER_FLAGS_2(fjcvtzs, TCG_CALL_NO_RWG, i64, f64, ptr)
 
+DEF_HELPER_FLAGS_3(check_hcr_el2_trap, TCG_CALL_NO_WG, void, env, i32, i32)
+
 /* neon_helper.c */
 DEF_HELPER_FLAGS_3(neon_qadd_u8, TCG_CALL_NO_RWG, i32, env, i32, i32)
 DEF_HELPER_FLAGS_3(neon_qadd_s8, TCG_CALL_NO_RWG, i32, env, i32, i32)
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index 85c5ef897be..bf90ac0e5b7 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -761,13 +761,25 @@ static bool trans_VMSR_VMRS(DisasContext *s, 
arg_VMSR_VMRS *a)
 if (a->l) {
 /* VMRS, move VFP special register to gp register */
 switch (a->reg) {
-case ARM_VFP_FPSID:
-case ARM_VFP_FPEXC:
-case ARM_VFP_FPINST:
-case ARM_VFP_FPINST2:
 case ARM_VFP_MVFR0:
 case ARM_VFP_MVFR1:
 case ARM_VFP_MVFR2:
+case ARM_VFP_FPSID:
+if (s->current_el == 1) {
+TCGv_i32 tcg_reg, tcg_rt;
+
+gen_set_condexec(s);
+gen_set_pc_im(s, s->pc_curr);
+tcg_reg = tcg_const_i32(a->reg);
+tcg_rt = tcg_const_i32(a->rt);
+gen_helper_check_hcr_el2_trap(cpu_env, tcg_rt, tcg_reg);
+tcg_temp_free_i32(tcg_reg);
+tcg_temp_free_i32(tcg_rt);
+}
+/* fall through */
+case ARM_VFP_FPEXC:
+case ARM_VFP_FPINST:
+case ARM_VFP_FPINST2:
 tmp = load_cpu_field(vfp.xregs[a->reg]);
 break;
 case ARM_VFP_FPSCR:
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
index 9710ef1c3e5..0ae7d4f34a9 100644
--- a/target/arm/vfp_helper.c
+++ b/target/arm/vfp_helper.c
@@ -1322,4 +1322,33 @@ float64 HELPER(frint64_d)(float64 f, void *fpst)
 return frint_d(f, fpst, 64);
 }
 
+void HELPER(check_hcr_el2_trap)(CPUARMState *env, uint32_t rt, uint32_t reg)
+{
+uint32_t syndrome;
+
+switch (reg) {
+case ARM_VFP_MVFR0:
+case ARM_VFP_MVFR1:
+case ARM_VFP_MVFR2:
+if (!(arm_hcr_el2_eff(env) & HCR_TID3)) {
+return;
+}
+break;
+case ARM_VFP_FPSID:
+if (!(arm_hcr_el2_eff(env) & HCR_TID0)) {
+return;
+}
+break;
+default:
+g_assert_not_reached();
+}
+
+syndrome = ((EC_FPIDTRAP << ARM_EL_EC_SHIFT)
+| ARM_EL_IL
+| (1 << 24) | (0xe << 20) | (7 << 14)
+| (reg << 10) | (rt << 5) | 1);
+
+raise_exception(env, EXCP_HYP_TRAP, syndrome, 2);
+}
+
 #endif
-- 
2.20.1

[PULL 05/34] aspeed: Add a DRAM memory region at the SoC level

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

Currently, we link the DRAM memory region to the FMC model (for DMAs)
through a property alias at the SoC level. The I2C model will need a
similar region for DMA support, add a DRAM region property at the SoC
level for both model to use.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Tested-by: Jae Hyun Yoo 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-4-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/arm/aspeed_soc.h | 1 +
 hw/arm/aspeed_ast2600.c | 7 +--
 hw/arm/aspeed_soc.c | 9 +++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
index 495c08be1b8..e84380984f7 100644
--- a/include/hw/arm/aspeed_soc.h
+++ b/include/hw/arm/aspeed_soc.h
@@ -40,6 +40,7 @@ typedef struct AspeedSoCState {
 ARMCPU cpu[ASPEED_CPUS_NUM];
 uint32_t num_cpus;
 A15MPPrivState a7mpcore;
+MemoryRegion *dram_mr;
 MemoryRegion sram;
 AspeedVICState vic;
 AspeedRtcState rtc;
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 931887ac681..a403c2aae06 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -158,8 +158,6 @@ static void aspeed_soc_ast2600_init(Object *obj)
   typename);
 object_property_add_alias(obj, "num-cs", OBJECT(&s->fmc), "num-cs",
   &error_abort);
-object_property_add_alias(obj, "dram", OBJECT(&s->fmc), "dram",
-  &error_abort);
 
 for (i = 0; i < sc->spis_num; i++) {
 snprintf(typename, sizeof(typename), "aspeed.spi%d-%s", i + 1, 
socname);
@@ -362,6 +360,11 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
Error **errp)
 }
 
 /* FMC, The number of CS is set at the board level */
+object_property_set_link(OBJECT(&s->fmc), OBJECT(s->dram_mr), "dram", 
&err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
 object_property_set_int(OBJECT(&s->fmc), sc->memmap[ASPEED_SDRAM],
 "sdram-base", &err);
 if (err) {
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index f4fe243458f..dd1ee0e3336 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -175,8 +175,6 @@ static void aspeed_soc_init(Object *obj)
   typename);
 object_property_add_alias(obj, "num-cs", OBJECT(&s->fmc), "num-cs",
   &error_abort);
-object_property_add_alias(obj, "dram", OBJECT(&s->fmc), "dram",
-  &error_abort);
 
 for (i = 0; i < sc->spis_num; i++) {
 snprintf(typename, sizeof(typename), "aspeed.spi%d-%s", i + 1, 
socname);
@@ -323,6 +321,11 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
aspeed_soc_get_irq(s, ASPEED_I2C));
 
 /* FMC, The number of CS is set at the board level */
+object_property_set_link(OBJECT(&s->fmc), OBJECT(s->dram_mr), "dram", 
&err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
 object_property_set_int(OBJECT(&s->fmc), sc->memmap[ASPEED_SDRAM],
 "sdram-base", &err);
 if (err) {
@@ -429,6 +432,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 }
 static Property aspeed_soc_properties[] = {
 DEFINE_PROP_UINT32("num-cpus", AspeedSoCState, num_cpus, 0),
+DEFINE_PROP_LINK("dram", AspeedSoCState, dram_mr, TYPE_MEMORY_REGION,
+ MemoryRegion *),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.20.1

[PULL 12/34] aspeed/smc: Restore default AHB window mapping at reset

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The current model only restores the Segment Register values but leaves
the previous CS mapping behind. Introduce a helper setting the
register value and mapping the region at the requested address. Use
this helper when a Segment register is set and at reset.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-11-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/ssi/aspeed_smc.c | 32 +---
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index f0c7bbbad30..955ec21852a 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -475,10 +475,26 @@ static bool aspeed_smc_flash_overlap(const AspeedSMCState 
*s,
 return false;
 }
 
+static void aspeed_smc_flash_set_segment_region(AspeedSMCState *s, int cs,
+uint64_t regval)
+{
+AspeedSMCFlash *fl = &s->flashes[cs];
+AspeedSegments seg;
+
+s->ctrl->reg_to_segment(s, regval, &seg);
+
+memory_region_transaction_begin();
+memory_region_set_size(&fl->mmio, seg.size);
+memory_region_set_address(&fl->mmio, seg.addr - 
s->ctrl->flash_window_base);
+memory_region_set_enabled(&fl->mmio, true);
+memory_region_transaction_commit();
+
+s->regs[R_SEG_ADDR0 + cs] = regval;
+}
+
 static void aspeed_smc_flash_set_segment(AspeedSMCState *s, int cs,
  uint64_t new)
 {
-AspeedSMCFlash *fl = &s->flashes[cs];
 AspeedSegments seg;
 
 s->ctrl->reg_to_segment(s, new, &seg);
@@ -529,13 +545,7 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState 
*s, int cs,
 aspeed_smc_flash_overlap(s, &seg, cs);
 
 /* All should be fine now to move the region */
-memory_region_transaction_begin();
-memory_region_set_size(&fl->mmio, seg.size);
-memory_region_set_address(&fl->mmio, seg.addr - 
s->ctrl->flash_window_base);
-memory_region_set_enabled(&fl->mmio, true);
-memory_region_transaction_commit();
-
-s->regs[R_SEG_ADDR0 + cs] = new;
+aspeed_smc_flash_set_segment_region(s, cs, new);
 }
 
 static uint64_t aspeed_smc_flash_default_read(void *opaque, hwaddr addr,
@@ -897,10 +907,10 @@ static void aspeed_smc_reset(DeviceState *d)
 qemu_set_irq(s->cs_lines[i], true);
 }
 
-/* setup default segment register values for all */
+/* setup the default segment register values and regions for all */
 for (i = 0; i < s->ctrl->max_slaves; ++i) {
-s->regs[R_SEG_ADDR0 + i] =
-s->ctrl->segment_to_reg(s, &s->ctrl->segments[i]);
+aspeed_smc_flash_set_segment_region(s, i,
+s->ctrl->segment_to_reg(s, &s->ctrl->segments[i]));
 }
 
 /* HW strapping flash type for the AST2600 controllers  */
-- 
2.20.1

[PULL 11/34] watchdog/aspeed: Fix AST2600 frequency behaviour

2019-12-16 Thread Peter Maydell 
From: Joel Stanley 

The AST2600 control register sneakily changed the meaning of bit 4
without anyone noticing. It no longer controls the 1MHz vs APB clock
select, and instead always runs at 1MHz.

The AST2500 was always 1MHz too, but it retained bit 4, making it read
only. We can model both using the same fixed 1MHz calculation.

Fixes: 6b2b2a703cad ("hw: wdt_aspeed: Add AST2600 support")
Reviewed-by: Cédric Le Goater 
Reviewed-by: Alex Bennée 
Signed-off-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-10-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/watchdog/wdt_aspeed.h |  1 +
 hw/watchdog/wdt_aspeed.c | 21 +
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/include/hw/watchdog/wdt_aspeed.h b/include/hw/watchdog/wdt_aspeed.h
index dfedd7662dd..819c22993a6 100644
--- a/include/hw/watchdog/wdt_aspeed.h
+++ b/include/hw/watchdog/wdt_aspeed.h
@@ -47,6 +47,7 @@ typedef struct AspeedWDTClass {
 uint32_t ext_pulse_width_mask;
 uint32_t reset_ctrl_reg;
 void (*reset_pulse)(AspeedWDTState *s, uint32_t property);
+void (*wdt_reload)(AspeedWDTState *s);
 }  AspeedWDTClass;
 
 #endif /* WDT_ASPEED_H */
diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c
index d283d07d654..122aa8daaad 100644
--- a/hw/watchdog/wdt_aspeed.c
+++ b/hw/watchdog/wdt_aspeed.c
@@ -93,11 +93,11 @@ static uint64_t aspeed_wdt_read(void *opaque, hwaddr 
offset, unsigned size)
 
 }
 
-static void aspeed_wdt_reload(AspeedWDTState *s, bool pclk)
+static void aspeed_wdt_reload(AspeedWDTState *s)
 {
 uint64_t reload;
 
-if (pclk) {
+if (!(s->regs[WDT_CTRL] & WDT_CTRL_1MHZ_CLK)) {
 reload = muldiv64(s->regs[WDT_RELOAD_VALUE], NANOSECONDS_PER_SECOND,
   s->pclk_freq);
 } else {
@@ -109,6 +109,16 @@ static void aspeed_wdt_reload(AspeedWDTState *s, bool pclk)
 }
 }
 
+static void aspeed_wdt_reload_1mhz(AspeedWDTState *s)
+{
+uint64_t reload = s->regs[WDT_RELOAD_VALUE] * 1000ULL;
+
+if (aspeed_wdt_is_enabled(s)) {
+timer_mod(s->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + reload);
+}
+}
+
+
 static void aspeed_wdt_write(void *opaque, hwaddr offset, uint64_t data,
  unsigned size)
 {
@@ -130,13 +140,13 @@ static void aspeed_wdt_write(void *opaque, hwaddr offset, 
uint64_t data,
 case WDT_RESTART:
 if ((data & 0x) == WDT_RESTART_MAGIC) {
 s->regs[WDT_STATUS] = s->regs[WDT_RELOAD_VALUE];
-aspeed_wdt_reload(s, !(s->regs[WDT_CTRL] & WDT_CTRL_1MHZ_CLK));
+awc->wdt_reload(s);
 }
 break;
 case WDT_CTRL:
 if (enable && !aspeed_wdt_is_enabled(s)) {
 s->regs[WDT_CTRL] = data;
-aspeed_wdt_reload(s, !(data & WDT_CTRL_1MHZ_CLK));
+awc->wdt_reload(s);
 } else if (!enable && aspeed_wdt_is_enabled(s)) {
 s->regs[WDT_CTRL] = data;
 timer_del(s->timer);
@@ -283,6 +293,7 @@ static void aspeed_2400_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->offset = 0x20;
 awc->ext_pulse_width_mask = 0xff;
 awc->reset_ctrl_reg = SCU_RESET_CONTROL1;
+awc->wdt_reload = aspeed_wdt_reload;
 }
 
 static const TypeInfo aspeed_2400_wdt_info = {
@@ -317,6 +328,7 @@ static void aspeed_2500_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->ext_pulse_width_mask = 0xf;
 awc->reset_ctrl_reg = SCU_RESET_CONTROL1;
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
+awc->wdt_reload = aspeed_wdt_reload_1mhz;
 }
 
 static const TypeInfo aspeed_2500_wdt_info = {
@@ -336,6 +348,7 @@ static void aspeed_2600_wdt_class_init(ObjectClass *klass, 
void *data)
 awc->ext_pulse_width_mask = 0xf; /* TODO */
 awc->reset_ctrl_reg = AST2600_SCU_RESET_CONTROL1;
 awc->reset_pulse = aspeed_2500_wdt_reset_pulse;
+awc->wdt_reload = aspeed_wdt_reload_1mhz;
 }
 
 static const TypeInfo aspeed_2600_wdt_info = {
-- 
2.20.1

[PULL 03/34] aspeed/i2c: Add support for pool buffer transfers

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The Aspeed I2C controller can operate in different transfer modes :

  - Byte Buffer mode, using a dedicated register to transfer a
byte. This is what the model supports today.

  - Pool Buffer mode, using an internal SRAM to transfer multiple
bytes in the same command sequence.

Each SoC has different SRAM characteristics. On the AST2400, 2048
bytes of SRAM are available at offset 0x800 of the controller AHB
window. The pool buffer can be configured from 1 to 256 bytes per bus.

On the AST2500, the SRAM is at offset 0x200 and the pool buffer is of
16 bytes per bus.

On the AST2600, the SRAM is at offset 0xC00 and the pool buffer is of
32 bytes per bus. It can be splitted in two for TX and RX but the
current model does not add support for it as it it unused by known
drivers.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Tested-by: Jae Hyun Yoo 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-2-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/i2c/aspeed_i2c.h |   8 ++
 hw/i2c/aspeed_i2c.c | 197 
 2 files changed, 186 insertions(+), 19 deletions(-)

diff --git a/include/hw/i2c/aspeed_i2c.h b/include/hw/i2c/aspeed_i2c.h
index 13e01059189..5313d07aa72 100644
--- a/include/hw/i2c/aspeed_i2c.h
+++ b/include/hw/i2c/aspeed_i2c.h
@@ -32,6 +32,7 @@
 OBJECT_CHECK(AspeedI2CState, (obj), TYPE_ASPEED_I2C)
 
 #define ASPEED_I2C_NR_BUSSES 16
+#define ASPEED_I2C_MAX_POOL_SIZE 0x800
 
 struct AspeedI2CState;
 
@@ -50,6 +51,7 @@ typedef struct AspeedI2CBus {
 uint32_t intr_status;
 uint32_t cmd;
 uint32_t buf;
+uint32_t pool_ctrl;
 } AspeedI2CBus;
 
 typedef struct AspeedI2CState {
@@ -59,6 +61,8 @@ typedef struct AspeedI2CState {
 qemu_irq irq;
 
 uint32_t intr_status;
+MemoryRegion pool_iomem;
+uint8_t pool[ASPEED_I2C_MAX_POOL_SIZE];
 
 AspeedI2CBus busses[ASPEED_I2C_NR_BUSSES];
 } AspeedI2CState;
@@ -75,6 +79,10 @@ typedef struct AspeedI2CClass {
 uint8_t reg_size;
 uint8_t gap;
 qemu_irq (*bus_get_irq)(AspeedI2CBus *);
+
+uint64_t pool_size;
+hwaddr pool_base;
+uint8_t *(*bus_pool_base)(AspeedI2CBus *);
 } AspeedI2CClass;
 
 I2CBus *aspeed_i2c_get_bus(DeviceState *dev, int busnr);
diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 06c119f385b..e21f45d9686 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -35,8 +35,7 @@
 /* I2C Device (Bus) Register */
 
 #define I2CD_FUN_CTRL_REG   0x00   /* I2CD Function Control  */
-#define   I2CD_BUFF_SEL_MASK   (0x7 << 20)
-#define   I2CD_BUFF_SEL(x) (x << 20)
+#define   I2CD_POOL_PAGE_SEL(x)(((x) >> 20) & 0x7)  /* AST2400 */
 #define   I2CD_M_SDA_LOCK_EN   (0x1 << 16)
 #define   I2CD_MULTI_MASTER_DIS(0x1 << 15)
 #define   I2CD_M_SCL_DRIVE_EN  (0x1 << 14)
@@ -113,10 +112,12 @@
 #define   I2CD_SCL_O_OUT_DIR   (0x1 << 12)
 #define   I2CD_BUS_RECOVER_CMD_EN  (0x1 << 11)
 #define   I2CD_S_ALT_EN(0x1 << 10)
-#define   I2CD_RX_DMA_ENABLE   (0x1 << 9)
-#define   I2CD_TX_DMA_ENABLE   (0x1 << 8)
 
 /* Command Bit */
+#define   I2CD_RX_DMA_ENABLE   (0x1 << 9)
+#define   I2CD_TX_DMA_ENABLE   (0x1 << 8)
+#define   I2CD_RX_BUFF_ENABLE  (0x1 << 7)
+#define   I2CD_TX_BUFF_ENABLE  (0x1 << 6)
 #define   I2CD_M_STOP_CMD  (0x1 << 5)
 #define   I2CD_M_S_RX_CMD_LAST (0x1 << 4)
 #define   I2CD_M_RX_CMD(0x1 << 3)
@@ -125,7 +126,11 @@
 #define   I2CD_M_START_CMD (0x1)
 
 #define I2CD_DEV_ADDR_REG   0x18   /* Slave Device Address */
-#define I2CD_BUF_CTRL_REG   0x1c   /* Pool Buffer Control */
+#define I2CD_POOL_CTRL_REG  0x1c   /* Pool Buffer Control */
+#define   I2CD_POOL_RX_COUNT(x)(((x) >> 24) & 0xff)
+#define   I2CD_POOL_RX_SIZE(x) x) >> 16) & 0xff) + 1)
+#define   I2CD_POOL_TX_COUNT(x)x) >> 8) & 0xff) + 1)
+#define   I2CD_POOL_OFFSET(x)  (((x) & 0x3f) << 2)  /* AST2400 */
 #define I2CD_BYTE_BUF_REG   0x20   /* Transmit/Receive Byte Buffer */
 #define   I2CD_BYTE_BUF_TX_SHIFT   0
 #define   I2CD_BYTE_BUF_TX_MASK0xff
@@ -170,6 +175,8 @@ static uint64_t aspeed_i2c_bus_read(void *opaque, hwaddr 
offset,
 return bus->intr_ctrl;
 case I2CD_INTR_STS_REG:
 return bus->intr_status;
+case I2CD_POOL_CTRL_REG:
+return bus->pool_ctrl;
 case I2CD_BYTE_BUF_REG:
 return bus->buf;
 case I2CD_CMD_REG:
@@ -192,14 +199,58 @@ static uint8_t aspeed_i2c_get_state(AspeedI2CBus *bus)
 return (bus->cmd >> I2CD_TX_STATE_SHIFT) & I2CD_TX_STATE_MASK;
 }
 
+static int aspeed_i2c_bus_send(AspeedI2CBus *bus, uint8_t pool_start)
+{
+AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
+int ret = -1;
+

[PULL 25/34] arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on()

2019-12-16 Thread Peter Maydell 
From: Niek Linnenbank 

This change ensures that the FPU can be accessed in Non-Secure mode
when the CPU core is reset using the arm_set_cpu_on() function call.
The NSACR.{CP11,CP10} bits define the exception level required to
access the FPU in Non-Secure mode. Without these bits set, the CPU
will give an undefined exception trap on the first FPU access for the
secondary cores under Linux.

This is necessary because in this power-control codepath QEMU
is effectively emulating a bit of EL3 firmware, and has to set
the CPU up as the EL3 firmware would.

Fixes: fc1120a7f5
Cc: qemu-sta...@nongnu.org
Signed-off-by: Niek Linnenbank 
[PMM: added clarifying para to commit message]
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/arm-powerctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
index f77a950db67..b064513d44a 100644
--- a/target/arm/arm-powerctl.c
+++ b/target/arm/arm-powerctl.c
@@ -104,6 +104,9 @@ static void arm_set_cpu_on_async_work(CPUState 
*target_cpu_state,
 /* Processor is not in secure mode */
 target_cpu->env.cp15.scr_el3 |= SCR_NS;
 
+/* Set NSACR.{CP11,CP10} so NS can access the FPU */
+target_cpu->env.cp15.nsacr |= 3 << 10;
+
 /*
  * If QEMU is providing the equivalent of EL3 firmware, then we need
  * to make sure a CPU targeting EL2 comes out of reset with a
-- 
2.20.1

[PULL 18/34] aspeed: Change the "scu" property definition

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The Aspeed Watchdog and Timer models have a link pointing to the SCU
controller model of the machine.

Change the "scu" property definition so that it explicitly sets the
pointer. The property isn't optional : not being able to set the link
is a bug and QEMU should rather abort than exit in this case.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Greg Kurz 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-17-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed_ast2600.c  |  8 
 hw/arm/aspeed_soc.c  |  8 
 hw/timer/aspeed_timer.c  | 17 +
 hw/watchdog/wdt_aspeed.c | 17 -
 4 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 0881eb25983..810fd7de0c0 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -146,8 +146,6 @@ static void aspeed_soc_ast2600_init(Object *obj)
 snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
 sysbus_init_child_obj(obj, "timerctrl", OBJECT(&s->timerctrl),
   sizeof(s->timerctrl), typename);
-object_property_add_const_link(OBJECT(&s->timerctrl), "scu",
-   OBJECT(&s->scu), &error_abort);
 
 snprintf(typename, sizeof(typename), "aspeed.i2c-%s", socname);
 sysbus_init_child_obj(obj, "i2c", OBJECT(&s->i2c), sizeof(s->i2c),
@@ -177,8 +175,6 @@ static void aspeed_soc_ast2600_init(Object *obj)
 snprintf(typename, sizeof(typename), "aspeed.wdt-%s", socname);
 sysbus_init_child_obj(obj, "wdt[*]", OBJECT(&s->wdt[i]),
   sizeof(s->wdt[i]), typename);
-object_property_add_const_link(OBJECT(&s->wdt[i]), "scu",
-   OBJECT(&s->scu), &error_abort);
 }
 
 for (i = 0; i < sc->macs_num; i++) {
@@ -323,6 +319,8 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
Error **errp)
aspeed_soc_get_irq(s, ASPEED_RTC));
 
 /* Timer */
+object_property_set_link(OBJECT(&s->timerctrl),
+ OBJECT(&s->scu), "scu", &error_abort);
 object_property_set_bool(OBJECT(&s->timerctrl), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
@@ -415,6 +413,8 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
Error **errp)
 for (i = 0; i < sc->wdts_num; i++) {
 AspeedWDTClass *awc = ASPEED_WDT_GET_CLASS(&s->wdt[i]);
 
+object_property_set_link(OBJECT(&s->wdt[i]),
+ OBJECT(&s->scu), "scu", &error_abort);
 object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index b01c9774419..a6237e59401 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -163,8 +163,6 @@ static void aspeed_soc_init(Object *obj)
 snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
 sysbus_init_child_obj(obj, "timerctrl", OBJECT(&s->timerctrl),
   sizeof(s->timerctrl), typename);
-object_property_add_const_link(OBJECT(&s->timerctrl), "scu",
-   OBJECT(&s->scu), &error_abort);
 
 snprintf(typename, sizeof(typename), "aspeed.i2c-%s", socname);
 sysbus_init_child_obj(obj, "i2c", OBJECT(&s->i2c), sizeof(s->i2c),
@@ -194,8 +192,6 @@ static void aspeed_soc_init(Object *obj)
 snprintf(typename, sizeof(typename), "aspeed.wdt-%s", socname);
 sysbus_init_child_obj(obj, "wdt[*]", OBJECT(&s->wdt[i]),
   sizeof(s->wdt[i]), typename);
-object_property_add_const_link(OBJECT(&s->wdt[i]), "scu",
-   OBJECT(&s->scu), &error_abort);
 }
 
 for (i = 0; i < sc->macs_num; i++) {
@@ -291,6 +287,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
aspeed_soc_get_irq(s, ASPEED_RTC));
 
 /* Timer */
+object_property_set_link(OBJECT(&s->timerctrl),
+ OBJECT(&s->scu), "scu", &error_abort);
 object_property_set_bool(OBJECT(&s->timerctrl), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
@@ -376,6 +374,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 for (i = 0; i < sc->wdts_num; i++) {
 AspeedWDTClass *awc = ASPEED_WDT_GET_CLASS(&s->wdt[i]);
 
+object_property_set_link(OBJECT(&s->wdt[i]),
+ OBJECT(&s->scu), "scu", &error_abort);
 object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &err);
 if (err) {
 error_propagate(errp, err);
diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
index bcce2192a92..a8c38cc1189 100644
--- a/hw/timer/aspeed_timer.c
+++ b/hw/timer/aspeed_timer.c
@@ -19,6 +19

[PULL 13/34] aspeed/smc: Do not map disabled segment on the AST2600

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The segments can be disabled on the AST2600 (zero register value).
CS0 is open by default but not the other CS. This is closing the
access to the flash device in user mode and forbids scanning.

In the model, check the segment size and disable the associated region
when the value is zero.

Fixes: bcaa8ddd081c ("aspeed/smc: Add AST2600 support")
Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-12-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/ssi/aspeed_smc.c | 16 +++-
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 955ec21852a..86cadbe4cc0 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -444,8 +444,13 @@ static void aspeed_2600_smc_reg_to_segment(const 
AspeedSMCState *s,
 uint32_t start_offset = (reg << 16) & AST2600_SEG_ADDR_MASK;
 uint32_t end_offset = reg & AST2600_SEG_ADDR_MASK;
 
-seg->addr = s->ctrl->flash_window_base + start_offset;
-seg->size = end_offset + MiB - start_offset;
+if (reg) {
+seg->addr = s->ctrl->flash_window_base + start_offset;
+seg->size = end_offset + MiB - start_offset;
+} else {
+seg->addr = s->ctrl->flash_window_base;
+seg->size = 0;
+}
 }
 
 static bool aspeed_smc_flash_overlap(const AspeedSMCState *s,
@@ -486,7 +491,7 @@ static void 
aspeed_smc_flash_set_segment_region(AspeedSMCState *s, int cs,
 memory_region_transaction_begin();
 memory_region_set_size(&fl->mmio, seg.size);
 memory_region_set_address(&fl->mmio, seg.addr - 
s->ctrl->flash_window_base);
-memory_region_set_enabled(&fl->mmio, true);
+memory_region_set_enabled(&fl->mmio, !!seg.size);
 memory_region_transaction_commit();
 
 s->regs[R_SEG_ADDR0 + cs] = regval;
@@ -526,8 +531,9 @@ static void aspeed_smc_flash_set_segment(AspeedSMCState *s, 
int cs,
 }
 
 /* Keep the segment in the overall flash window */
-if (seg.addr + seg.size <= s->ctrl->flash_window_base ||
-seg.addr > s->ctrl->flash_window_base + s->ctrl->flash_window_size) {
+if (seg.size &&
+(seg.addr + seg.size <= s->ctrl->flash_window_base ||
+ seg.addr > s->ctrl->flash_window_base + s->ctrl->flash_window_size)) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: new segment for CS%d is invalid : "
   "[ 0x%"HWADDR_PRIx" - 0x%"HWADDR_PRIx" ]\n",
   s->ctrl->name, cs, seg.addr, seg.addr + seg.size);
-- 
2.20.1

[PULL 32/34] hw/arm/acpi: enable SHPC native hot plug

2019-12-16 Thread Peter Maydell 
From: Heyi Guo 

After the introduction of generic PCIe root port and PCIe-PCI bridge,
we will also have SHPC controller on ARM, so just enable SHPC native
hot plug.

Also update tests/data/acpi/virt/DSDT* to pass "make check".

Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Igor Mammedov 
Signed-off-by: Heyi Guo 
Message-id: 20191209063719.23086-3-guoh...@huawei.com
Signed-off-by: Peter Maydell 
---
 hw/arm/virt-acpi-build.c  |   7 ++-
 tests/data/acpi/virt/DSDT | Bin 18462 -> 18462 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19799 -> 19799 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18462 -> 18462 bytes
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 51b293e0a1e..bd5f771e9be 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -267,7 +267,12 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
 aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
 aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
-aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1D),
+
+/*
+ * Allow OS control for all 5 features:
+ * PCIeHotplug SHPCHotplug PME AER PCIeCapability.
+ */
+aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1F),
   aml_name("CTRL")));
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1;
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
05bcfc8a912f58f266aa906563ea01c24906717e..d0f3afeb134fdf1c11f64cd06dbcdd30be603b80
 100644
GIT binary patch
delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q{tja=*8809zbbW3Ff0C~9xM*si-

delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q|2ja=*87-cu_bW3Ff0C~j-M*si-

diff --git a/tests/data/acpi/virt/DSDT.memhp b/tests/data/acpi/virt/DSDT.memhp
index 
c041a910fdf272cb89263bb636239ae3a5e1708d..41ccc6431b917252bcbaac86c33b340c796be5ce
 100644
GIT binary patch
delta 28
kcmcaUi}Cs_MlP3NmymE@1_mbija=*8809zbbeqQp0Eq|*2mk;8

delta 28
kcmcaUi}Cs_MlP3NmymE@1_ma@ja=*87-cu_beqQp0ErX{2mk;8

diff --git a/tests/data/acpi/virt/DSDT.numamem 
b/tests/data/acpi/virt/DSDT.numamem
index 
05bcfc8a912f58f266aa906563ea01c24906717e..d0f3afeb134fdf1c11f64cd06dbcdd30be603b80
 100644
GIT binary patch
delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q{tja=*8809zbbW3Ff0C~9xM*si-

delta 28
kcmbO?fpOjhMlP3Nmk>D*1_q|2ja=*87-cu_bW3Ff0C~j-M*si-

-- 
2.20.1

[PULL 14/34] aspeed/smc: Add AST2600 timings registers

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

Each CS has its own Read Timing Compensation Register on newer SoCs.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-13-...@kaod.org
Signed-off-by: Peter Maydell 
---
 include/hw/ssi/aspeed_smc.h |  1 +
 hw/ssi/aspeed_smc.c | 17 ++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/include/hw/ssi/aspeed_smc.h b/include/hw/ssi/aspeed_smc.h
index 684d16e3361..6fbbb238f15 100644
--- a/include/hw/ssi/aspeed_smc.h
+++ b/include/hw/ssi/aspeed_smc.h
@@ -40,6 +40,7 @@ typedef struct AspeedSMCController {
 uint8_t r_ce_ctrl;
 uint8_t r_ctrl0;
 uint8_t r_timings;
+uint8_t nregs_timings;
 uint8_t conf_enable_w0;
 uint8_t max_slaves;
 const AspeedSegments *segments;
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 86cadbe4cc0..7755eca3497 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -137,7 +137,7 @@
 /* Checksum Calculation Result */
 #define R_DMA_CHECKSUM(0x90 / 4)
 
-/* Misc Control Register #2 */
+/* Read Timing Compensation Register */
 #define R_TIMINGS (0x94 / 4)
 
 /* SPI controller registers and bits (AST2400) */
@@ -256,6 +256,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 5,
 .segments  = aspeed_segments_legacy,
@@ -271,6 +272,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 5,
 .segments  = aspeed_segments_fmc,
@@ -288,6 +290,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = 0xff,
 .r_ctrl0   = R_SPI_CTRL0,
 .r_timings = R_SPI_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= SPI_CONF_ENABLE_W0,
 .max_slaves= 1,
 .segments  = aspeed_segments_spi,
@@ -303,6 +306,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 3,
 .segments  = aspeed_segments_ast2500_fmc,
@@ -320,6 +324,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 2,
 .segments  = aspeed_segments_ast2500_spi1,
@@ -335,6 +340,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 2,
 .segments  = aspeed_segments_ast2500_spi2,
@@ -350,6 +356,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 1,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 3,
 .segments  = aspeed_segments_ast2600_fmc,
@@ -365,6 +372,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 2,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 2,
 .segments  = aspeed_segments_ast2600_spi1,
@@ -380,6 +388,7 @@ static const AspeedSMCController controllers[] = {
 .r_ce_ctrl = R_CE_CTRL,
 .r_ctrl0   = R_CTRL0,
 .r_timings = R_TIMINGS,
+.nregs_timings = 3,
 .conf_enable_w0= CONF_ENABLE_W0,
 .max_slaves= 3,
 .segments  = aspeed_segments_ast2600_spi2,
@@ -951,7 +960,8 @@ static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, 
unsigned int size)
 addr >>= 2;
 
 if (addr == s->r_conf ||
-addr == s->r_timings ||
+(addr >= s->r_timings &&
+ addr < s->r_timings + s->ctrl->nregs_timings) ||
 addr == s->r_ce_ctrl ||
 addr == R_INTR_CTRL ||
 addr == R_DUMMY_DATA ||
@@ -1216,7 +1226,8 @@ static void aspeed_smc_write(void *opaque, hwaddr addr, 
uint64_t data,
 addr >>= 2;
 
 if (addr == s->r

[PULL 17/34] gpio: fix memory leak in aspeed_gpio_init()

2019-12-16 Thread Peter Maydell 
From: PanNengyuan 

Address Sanitizer shows memory leak in hw/gpio/aspeed_gpio.c:875

Reported-by: Euler Robot 
Signed-off-by: PanNengyuan 
Reviewed-by: Cédric Le Goater 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-16-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/gpio/aspeed_gpio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
index 7acc5fa8e29..41e11ea9b04 100644
--- a/hw/gpio/aspeed_gpio.c
+++ b/hw/gpio/aspeed_gpio.c
@@ -876,6 +876,7 @@ static void aspeed_gpio_init(Object *obj)
pin_idx % GPIOS_PER_GROUP);
 object_property_add(obj, name, "bool", aspeed_gpio_get_pin,
 aspeed_gpio_set_pin, NULL, NULL, NULL);
+g_free(name);
 }
 }
 
-- 
2.20.1

[PULL 28/34] migration: ram: Switch to ram block writeback

2019-12-16 Thread Peter Maydell 
From: Beata Michalska 

Switch to ram block writeback for pmem migration.

Signed-off-by: Beata Michalska 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Acked-by: Dr. David Alan Gilbert 
Message-id: 20191121000843.24844-4-beata.michal...@linaro.org
Signed-off-by: Peter Maydell 
---
 migration/ram.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 5078f94490d..38070f1bb23 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -33,7 +33,6 @@
 #include "qemu/bitops.h"
 #include "qemu/bitmap.h"
 #include "qemu/main-loop.h"
-#include "qemu/pmem.h"
 #include "xbzrle.h"
 #include "ram.h"
 #include "migration.h"
@@ -3981,9 +3980,7 @@ static int ram_load_cleanup(void *opaque)
 RAMBlock *rb;
 
 RAMBLOCK_FOREACH_NOT_IGNORED(rb) {
-if (ramblock_is_pmem(rb)) {
-pmem_persist(rb->host, rb->used_length);
-}
+qemu_ram_block_writeback(rb);
 }
 
 xbzrle_load_cleanup();
-- 
2.20.1

[PULL 30/34] hw/arm/sbsa-ref: Simplify by moving the gic in the machine state

2019-12-16 Thread Peter Maydell 
From: Philippe Mathieu-Daudé 

Make the gic a field in the machine state, and instead of filling
an array of qemu_irq and passing it around, directly call
qdev_get_gpio_in() on the gic field.

Signed-off-by: Philippe Mathieu-Daudé 
Message-id: 20191206162303.30338-1-phi...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/sbsa-ref.c | 86 +++
 1 file changed, 42 insertions(+), 44 deletions(-)

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index 27046cc284f..5853bdee5ce 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -89,6 +89,7 @@ typedef struct {
 void *fdt;
 int fdt_size;
 int psci_conduit;
+DeviceState *gic;
 PFlashCFI01 *flash[2];
 } SBSAMachineState;
 
@@ -328,10 +329,9 @@ static void create_secure_ram(SBSAMachineState *sms,
 memory_region_add_subregion(secure_sysmem, base, secram);
 }
 
-static void create_gic(SBSAMachineState *sms, qemu_irq *pic)
+static void create_gic(SBSAMachineState *sms)
 {
 unsigned int smp_cpus = MACHINE(sms)->smp.cpus;
-DeviceState *gicdev;
 SysBusDevice *gicbusdev;
 const char *gictype;
 uint32_t redist0_capacity, redist0_count;
@@ -339,25 +339,25 @@ static void create_gic(SBSAMachineState *sms, qemu_irq 
*pic)
 
 gictype = gicv3_class_name();
 
-gicdev = qdev_create(NULL, gictype);
-qdev_prop_set_uint32(gicdev, "revision", 3);
-qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus);
+sms->gic = qdev_create(NULL, gictype);
+qdev_prop_set_uint32(sms->gic, "revision", 3);
+qdev_prop_set_uint32(sms->gic, "num-cpu", smp_cpus);
 /*
  * Note that the num-irq property counts both internal and external
  * interrupts; there are always 32 of the former (mandated by GIC spec).
  */
-qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
-qdev_prop_set_bit(gicdev, "has-security-extensions", true);
+qdev_prop_set_uint32(sms->gic, "num-irq", NUM_IRQS + 32);
+qdev_prop_set_bit(sms->gic, "has-security-extensions", true);
 
 redist0_capacity =
 sbsa_ref_memmap[SBSA_GIC_REDIST].size / GICV3_REDIST_SIZE;
 redist0_count = MIN(smp_cpus, redist0_capacity);
 
-qdev_prop_set_uint32(gicdev, "len-redist-region-count", 1);
-qdev_prop_set_uint32(gicdev, "redist-region-count[0]", redist0_count);
+qdev_prop_set_uint32(sms->gic, "len-redist-region-count", 1);
+qdev_prop_set_uint32(sms->gic, "redist-region-count[0]", redist0_count);
 
-qdev_init_nofail(gicdev);
-gicbusdev = SYS_BUS_DEVICE(gicdev);
+qdev_init_nofail(sms->gic);
+gicbusdev = SYS_BUS_DEVICE(sms->gic);
 sysbus_mmio_map(gicbusdev, 0, sbsa_ref_memmap[SBSA_GIC_DIST].base);
 sysbus_mmio_map(gicbusdev, 1, sbsa_ref_memmap[SBSA_GIC_REDIST].base);
 
@@ -383,15 +383,15 @@ static void create_gic(SBSAMachineState *sms, qemu_irq 
*pic)
 
 for (irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) {
 qdev_connect_gpio_out(cpudev, irq,
-  qdev_get_gpio_in(gicdev,
+  qdev_get_gpio_in(sms->gic,
ppibase + timer_irq[irq]));
 }
 
 qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0,
-qdev_get_gpio_in(gicdev, ppibase
+qdev_get_gpio_in(sms->gic, ppibase
  + ARCH_GIC_MAINT_IRQ));
 qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0,
-qdev_get_gpio_in(gicdev, ppibase
+qdev_get_gpio_in(sms->gic, ppibase
  + VIRTUAL_PMU_IRQ));
 
 sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, 
ARM_CPU_IRQ));
@@ -402,13 +402,9 @@ static void create_gic(SBSAMachineState *sms, qemu_irq 
*pic)
 sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
 }
-
-for (i = 0; i < NUM_IRQS; i++) {
-pic[i] = qdev_get_gpio_in(gicdev, i);
-}
 }
 
-static void create_uart(const SBSAMachineState *sms, qemu_irq *pic, int uart,
+static void create_uart(const SBSAMachineState *sms, int uart,
 MemoryRegion *mem, Chardev *chr)
 {
 hwaddr base = sbsa_ref_memmap[uart].base;
@@ -420,15 +416,15 @@ static void create_uart(const SBSAMachineState *sms, 
qemu_irq *pic, int uart,
 qdev_init_nofail(dev);
 memory_region_add_subregion(mem, base,
 sysbus_mmio_get_region(s, 0));
-sysbus_connect_irq(s, 0, pic[irq]);
+sysbus_connect_irq(s, 0, qdev_get_gpio_in(sms->gic, irq));
 }
 
-static void create_rtc(const SBSAMachineState *sms, qemu_irq *pic)
+static void create_rtc(const SBSAMachineState *sms)
 {
 hwaddr base = sbsa_ref_memmap[SBSA_RTC].base;
 int irq = sbsa_ref_irqmap[

[PULL 23/34] target/arm: Handle AArch32 CP15 trapping via HSTR_EL2

2019-12-16 Thread Peter Maydell 
From: Marc Zyngier 

HSTR_EL2 offers a way to trap ranges of CP15 system register
accesses to EL2, and it looks like this register is completely
ignored by QEMU.

To avoid adding extra .accessfn filters all over the place (which
would have a direct performance impact), let's add a new TB flag
that gets set whenever HSTR_EL2 is non-zero and that QEMU translates
a context where this trap has a chance to apply, and only generate
the extra access check if the hypervisor is actively using this feature.

Tested with a hand-crafted KVM guest accessing CBAR.

Signed-off-by: Marc Zyngier 
Reviewed-by: Richard Henderson 
Message-id: 20191201122018.25808-5-...@kernel.org
[PMM: use is_a64(); fix comment syntax]
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   |  2 ++
 target/arm/translate.h |  2 ++
 target/arm/helper.c|  6 ++
 target/arm/op_helper.c | 22 ++
 target/arm/translate.c |  3 ++-
 5 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 83a809d4bac..cebb3511a51 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3215,6 +3215,8 @@ FIELD(TBFLAG_A32, NS, 6, 1)
 FIELD(TBFLAG_A32, VFPEN, 7, 1)  /* Partially cached, minus FPEXC. */
 FIELD(TBFLAG_A32, CONDEXEC, 8, 8)   /* Not cached. */
 FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
+FIELD(TBFLAG_A32, HSTR_ACTIVE, 17, 1)
+
 /* For M profile only, set if FPCCR.LSPACT is set */
 FIELD(TBFLAG_A32, LSPACT, 18, 1)/* Not cached. */
 /* For M profile only, set if we must create a new FP context */
diff --git a/target/arm/translate.h b/target/arm/translate.h
index dd24f91f265..b837b7fcbf1 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -77,6 +77,8 @@ typedef struct DisasContext {
 bool pauth_active;
 /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
 bool bt;
+/* True if any CP15 access is trapped by HSTR_EL2 */
+bool hstr_active;
 /*
  * >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
  *  < 0, set by the current instruction.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 93ecab27c0c..0ba08d550aa 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11283,6 +11283,12 @@ static uint32_t rebuild_hflags_a32(CPUARMState *env, 
int fp_el,
 if (arm_el_is_aa64(env, 1)) {
 flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
 }
+
+if (arm_current_el(env) < 2 && env->cp15.hstr_el2 &&
+(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+flags = FIELD_DP32(flags, TBFLAG_A32, HSTR_ACTIVE, 1);
+}
+
 return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
 }
 
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index b529d6c1bf7..e5a346cb87a 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -603,6 +603,27 @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void 
*rip, uint32_t syndrome,
 raise_exception(env, EXCP_UDEF, syndrome, exception_target_el(env));
 }
 
+/*
+ * Check for an EL2 trap due to HSTR_EL2. We expect EL0 accesses
+ * to sysregs non accessible at EL0 to have UNDEF-ed already.
+ */
+if (!is_a64(env) && arm_current_el(env) < 2 && ri->cp == 15 &&
+(arm_hcr_el2_eff(env) & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
+uint32_t mask = 1 << ri->crn;
+
+if (ri->type & ARM_CP_64BIT) {
+mask = 1 << ri->crm;
+}
+
+/* T4 and T14 are RES0 */
+mask &= ~((1 << 4) | (1 << 14));
+
+if (env->cp15.hstr_el2 & mask) {
+target_el = 2;
+goto exept;
+}
+}
+
 if (!ri->accessfn) {
 return;
 }
@@ -652,6 +673,7 @@ void HELPER(access_check_cp_reg)(CPUARMState *env, void 
*rip, uint32_t syndrome,
 g_assert_not_reached();
 }
 
+exept:
 raise_exception(env, EXCP_UDEF, syndrome, target_el);
 }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 4d5d4bd8886..f162be8434f 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6897,7 +6897,7 @@ static int disas_coproc_insn(DisasContext *s, uint32_t 
insn)
 return 1;
 }
 
-if (ri->accessfn ||
+if (s->hstr_active || ri->accessfn ||
 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
 /* Emit code to perform further access permissions checks at
  * runtime; this may result in an exception.
@@ -10843,6 +10843,7 @@ static void arm_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
!arm_el_is_aa64(env, 3);
 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
+dc->hstr_active = FIELD_EX32(tb_flags, TBFLAG_A32, HSTR_ACTIVE);
 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
 dc->condexec_mask = (condexec & 0xf)

[PULL 16/34] aspeed: Add support for the tacoma-bmc board

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The Tacoma BMC board is replacement board for the BMC of the OpenPOWER
Witherspoon system. It uses a AST2600 SoC instead of a AST2500 and the
I2C layout is the same as it controls the same main board. Used for HW
bringup.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-15-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index e34e6787430..cc06af4fbb3 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -92,6 +92,10 @@ struct AspeedBoardState {
 #define AST2600_EVB_HW_STRAP1 0x00C0
 #define AST2600_EVB_HW_STRAP2 0x0003
 
+/* Tacoma hardware value */
+#define TACOMA_BMC_HW_STRAP1  0x
+#define TACOMA_BMC_HW_STRAP2  0x
+
 /*
  * The max ram region is for firmwares that scan the address space
  * with load/store to guess how much RAM the SoC has.
@@ -363,6 +367,9 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc)
 AspeedSoCState *soc = &bmc->soc;
 uint8_t *eeprom_buf = g_malloc0(8 * 1024);
 
+/* Bus 3: TODO bmp280@77 */
+/* Bus 3: TODO max31785@52 */
+/* Bus 3: TODO dps310@76 */
 i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 3), TYPE_PCA9552,
  0x60);
 
@@ -381,6 +388,7 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc)
   eeprom_buf);
 i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 11), TYPE_PCA9552,
  0x60);
+/* Bus 11: TODO ucd90160@64 */
 }
 
 static void aspeed_machine_class_init(ObjectClass *oc, void *data)
@@ -485,6 +493,22 @@ static void 
aspeed_machine_ast2600_evb_class_init(ObjectClass *oc, void *data)
 mc->default_ram_size = 1 * GiB;
 };
 
+static void aspeed_machine_tacoma_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
+
+mc->desc   = "Aspeed AST2600 EVB (Cortex A7)";
+amc->soc_name  = "ast2600-a0";
+amc->hw_strap1 = TACOMA_BMC_HW_STRAP1;
+amc->hw_strap2 = TACOMA_BMC_HW_STRAP2;
+amc->fmc_model = "mx66l1g45g";
+amc->spi_model = "mx66l1g45g";
+amc->num_cs= 2;
+amc->i2c_init  = witherspoon_bmc_i2c_init; /* Same board layout */
+mc->default_ram_size = 1 * GiB;
+};
+
 static const TypeInfo aspeed_machine_types[] = {
 {
 .name  = MACHINE_TYPE_NAME("palmetto-bmc"),
@@ -510,6 +534,10 @@ static const TypeInfo aspeed_machine_types[] = {
 .name  = MACHINE_TYPE_NAME("ast2600-evb"),
 .parent= TYPE_ASPEED_MACHINE,
 .class_init= aspeed_machine_ast2600_evb_class_init,
+}, {
+.name  = MACHINE_TYPE_NAME("tacoma-bmc"),
+.parent= TYPE_ASPEED_MACHINE,
+.class_init= aspeed_machine_tacoma_class_init,
 }, {
 .name  = TYPE_ASPEED_MACHINE,
 .parent= TYPE_MACHINE,
-- 
2.20.1

[PULL 27/34] Memory: Enable writeback for given memory region

2019-12-16 Thread Peter Maydell 
From: Beata Michalska 

Add an option to trigger memory writeback to sync given memory region
with the corresponding backing store, case one is available.
This extends the support for persistent memory, allowing syncing on-demand.

Signed-off-by: Beata Michalska 
Reviewed-by: Richard Henderson 
Message-id: 20191121000843.24844-3-beata.michal...@linaro.org
Signed-off-by: Peter Maydell 
---
 include/exec/memory.h   |  6 ++
 include/exec/ram_addr.h |  8 
 include/qemu/cutils.h   |  1 +
 exec.c  | 36 
 memory.c| 12 
 util/cutils.c   | 38 ++
 6 files changed, 101 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index e499dc215b3..27a84e0cc34 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1265,6 +1265,12 @@ void *memory_region_get_ram_ptr(MemoryRegion *mr);
  */
 void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize,
   Error **errp);
+/**
+ * memory_region_do_writeback: Trigger writeback for selected address range
+ * [addr, addr + size]
+ *
+ */
+void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size);
 
 /**
  * memory_region_set_log: Turn dirty logging on or off for a region.
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index bed0554f4d2..5adebb0bc7c 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -174,6 +174,14 @@ void qemu_ram_free(RAMBlock *block);
 
 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp);
 
+void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length);
+
+/* Clear whole block of mem */
+static inline void qemu_ram_block_writeback(RAMBlock *block)
+{
+qemu_ram_writeback(block, 0, block->used_length);
+}
+
 #define DIRTY_CLIENTS_ALL ((1 << DIRTY_MEMORY_NUM) - 1)
 #define DIRTY_CLIENTS_NOCODE  (DIRTY_CLIENTS_ALL & ~(1 << DIRTY_MEMORY_CODE))
 
diff --git a/include/qemu/cutils.h b/include/qemu/cutils.h
index b54c847e0fe..eb59852dfdf 100644
--- a/include/qemu/cutils.h
+++ b/include/qemu/cutils.h
@@ -130,6 +130,7 @@ const char *qemu_strchrnul(const char *s, int c);
 #endif
 time_t mktimegm(struct tm *tm);
 int qemu_fdatasync(int fd);
+int qemu_msync(void *addr, size_t length, int fd);
 int fcntl_setfl(int fd, int flag);
 int qemu_parse_fd(const char *param);
 int qemu_strtoi(const char *nptr, const char **endptr, int base,
diff --git a/exec.c b/exec.c
index ffdb5185353..a34c3481840 100644
--- a/exec.c
+++ b/exec.c
@@ -65,6 +65,8 @@
 #include "exec/ram_addr.h"
 #include "exec/log.h"
 
+#include "qemu/pmem.h"
+
 #include "migration/vmstate.h"
 
 #include "qemu/range.h"
@@ -2156,6 +2158,40 @@ int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, 
Error **errp)
 return 0;
 }
 
+/*
+ * Trigger sync on the given ram block for range [start, start + length]
+ * with the backing store if one is available.
+ * Otherwise no-op.
+ * @Note: this is supposed to be a synchronous op.
+ */
+void qemu_ram_writeback(RAMBlock *block, ram_addr_t start, ram_addr_t length)
+{
+void *addr = ramblock_ptr(block, start);
+
+/* The requested range should fit in within the block range */
+g_assert((start + length) <= block->used_length);
+
+#ifdef CONFIG_LIBPMEM
+/* The lack of support for pmem should not block the sync */
+if (ramblock_is_pmem(block)) {
+pmem_persist(addr, length);
+return;
+}
+#endif
+if (block->fd >= 0) {
+/**
+ * Case there is no support for PMEM or the memory has not been
+ * specified as persistent (or is not one) - use the msync.
+ * Less optimal but still achieves the same goal
+ */
+if (qemu_msync(addr, length, block->fd)) {
+warn_report("%s: failed to sync memory range: start: "
+RAM_ADDR_FMT " length: " RAM_ADDR_FMT,
+__func__, start, length);
+}
+}
+}
+
 /* Called with ram_list.mutex held */
 static void dirty_memory_extend(ram_addr_t old_ram_size,
 ram_addr_t new_ram_size)
diff --git a/memory.c b/memory.c
index 06484c2bff2..0228cad38d0 100644
--- a/memory.c
+++ b/memory.c
@@ -2207,6 +2207,18 @@ void memory_region_ram_resize(MemoryRegion *mr, 
ram_addr_t newsize, Error **errp
 qemu_ram_resize(mr->ram_block, newsize, errp);
 }
 
+
+void memory_region_do_writeback(MemoryRegion *mr, hwaddr addr, hwaddr size)
+{
+/*
+ * Might be extended case needed to cover
+ * different types of memory regions
+ */
+if (mr->ram_block && mr->dirty_log_mask) {
+qemu_ram_writeback(mr->ram_block, addr, size);
+}
+}
+
 /*
  * Call proper memory listeners about the change on the newly
  * added/removed CoalescedMemoryRange.
diff --git a/util/cutils.c b/util/cutils.c
index 77acadc70ac..23801652303 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -164,6 +164,44 @@ int qemu_fda

[PULL 26/34] tcg: cputlb: Add probe_read

2019-12-16 Thread Peter Maydell 
From: Beata Michalska 

Add probe_read alongside the write probing equivalent.

Signed-off-by: Beata Michalska 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-id: 20191121000843.24844-2-beata.michal...@linaro.org
Signed-off-by: Peter Maydell 
---
 include/exec/exec-all.h | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d85e610e85b..350c4b451be 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -339,6 +339,12 @@ static inline void *probe_write(CPUArchState *env, 
target_ulong addr, int size,
 return probe_access(env, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
 }
 
+static inline void *probe_read(CPUArchState *env, target_ulong addr, int size,
+   int mmu_idx, uintptr_t retaddr)
+{
+return probe_access(env, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
+}
+
 #define CODE_GEN_ALIGN   16 /* must be >= of the size of a icache line 
*/
 
 /* Estimated block size for TB allocation.  */
-- 
2.20.1

[PATCH v1 12/16] Cleaned up flow of code in qemu_set_log(), to simplify and clarify.

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

Also added some explanation of the reasoning behind the branches.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-3-robert.fo...@linaro.org>
---
 util/log.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/util/log.c b/util/log.c
index 4316fe74eee..417d16ec66e 100644
--- a/util/log.c
+++ b/util/log.c
@@ -54,12 +54,25 @@ static bool log_uses_own_buffers;
 /* enable or disable low levels log */
 void qemu_set_log(int log_flags)
 {
+bool need_to_open_file = false;
 qemu_loglevel = log_flags;
 #ifdef CONFIG_TRACE_LOG
 qemu_loglevel |= LOG_TRACE;
 #endif
-if (!qemu_logfile &&
-(is_daemonized() ? logfilename != NULL : qemu_loglevel)) {
+/*
+ * In all cases we only log if qemu_loglevel is set.
+ * Also:
+ *   If not daemonized we will always log either to stderr
+ * or to a file (if there is a logfilename).
+ *   If we are daemonized,
+ * we will only log if there is a logfilename.
+ */
+if (qemu_loglevel && (!is_daemonized() || logfilename)) {
+need_to_open_file = true;
+}
+if (qemu_logfile && !need_to_open_file) {
+qemu_log_close();
+} else if (!qemu_logfile && need_to_open_file) {
 if (logfilename) {
 qemu_logfile = fopen(logfilename, log_append ? "a" : "w");
 if (!qemu_logfile) {
@@ -93,10 +106,6 @@ void qemu_set_log(int log_flags)
 log_append = 1;
 }
 }
-if (qemu_logfile &&
-(is_daemonized() ? logfilename == NULL : !qemu_loglevel)) {
-qemu_log_close();
-}
 }
 
 void qemu_log_needs_buffers(void)
-- 
2.20.1

[PULL 19/34] aspeed: Change the "nic" property definition

2019-12-16 Thread Peter Maydell 
From: Cédric Le Goater 

The Aspeed MII model has a link pointing to its associated FTGMAC100
NIC in the machine.

Change the "nic" property definition so that it explicitly sets the
pointer. The property isn't optional : not being able to set the link
is a bug and QEMU should rather abort than exit in this case.

Signed-off-by: Cédric Le Goater 
Reviewed-by: Greg Kurz 
Reviewed-by: Joel Stanley 
Signed-off-by: Cédric Le Goater 
Message-id: 20191119141211.25716-18-...@kaod.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed_ast2600.c |  5 ++---
 hw/net/ftgmac100.c  | 19 +--
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 810fd7de0c0..be88005dab8 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -183,9 +183,6 @@ static void aspeed_soc_ast2600_init(Object *obj)
 
 sysbus_init_child_obj(obj, "mii[*]", &s->mii[i], sizeof(s->mii[i]),
   TYPE_ASPEED_MII);
-object_property_add_const_link(OBJECT(&s->mii[i]), "nic",
-   OBJECT(&s->ftgmac100[i]),
-   &error_abort);
 }
 
 sysbus_init_child_obj(obj, "xdma", OBJECT(&s->xdma), sizeof(s->xdma),
@@ -441,6 +438,8 @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, 
Error **errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(&s->ftgmac100[i]), 0,
aspeed_soc_get_irq(s, ASPEED_ETH1 + i));
 
+object_property_set_link(OBJECT(&s->mii[i]), OBJECT(&s->ftgmac100[i]),
+ "nic", &error_abort);
 object_property_set_bool(OBJECT(&s->mii[i]), true, "realized",
  &err);
 if (err) {
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index eb8b441461a..86ac25894a8 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -1204,17 +1204,8 @@ static void aspeed_mii_realize(DeviceState *dev, Error 
**errp)
 {
 AspeedMiiState *s = ASPEED_MII(dev);
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
-Object *obj;
-Error *local_err = NULL;
 
-obj = object_property_get_link(OBJECT(dev), "nic", &local_err);
-if (!obj) {
-error_propagate(errp, local_err);
-error_prepend(errp, "required link 'nic' not found: ");
-return;
-}
-
-s->nic = FTGMAC100(obj);
+assert(s->nic);
 
 memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s,
   TYPE_ASPEED_MII, 0x8);
@@ -1231,6 +1222,13 @@ static const VMStateDescription vmstate_aspeed_mii = {
 VMSTATE_END_OF_LIST()
 }
 };
+
+static Property aspeed_mii_properties[] = {
+DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100,
+ FTGMAC100State *),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void aspeed_mii_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1239,6 +1237,7 @@ static void aspeed_mii_class_init(ObjectClass *klass, 
void *data)
 dc->reset = aspeed_mii_reset;
 dc->realize = aspeed_mii_realize;
 dc->desc = "Aspeed MII controller";
+dc->props = aspeed_mii_properties;
 }
 
 static const TypeInfo aspeed_mii_info = {
-- 
2.20.1

Re: [PATCH v1 10/16] ci: build out-of-tree

2019-12-16 Thread Li-Wen Hsu 
On Mon, Dec 16, 2019 at 7:07 PM Alex Bennée  wrote:
>
> From: Paolo Bonzini 
>
> Most developers are using out-of-tree builds and it was discussed in the past
> to only allow those.  To prepare for the transition, use out-of-tree builds
> in all continuous integration jobs.
>
> Based on a patch by Marc-André Lureau.
>
> Signed-off-by: Paolo Bonzini 
> Signed-off-by: Alex Bennée 

On Mon, Apr 29, 2019 at 12:55 AM Thomas Huth  wrote:
>
> We are going to enable the qemu-iotests during "make check" again,
> and for running the iotests, we need bash and gnu-sed.
>
> Signed-off-by: Thomas Huth 

Reviewed-by: Li-Wen Hsu

[PULL 29/34] target/arm: Add support for DC CVAP & DC CVADP ins

2019-12-16 Thread Peter Maydell 
From: Beata Michalska 

ARMv8.2 introduced support for Data Cache Clean instructions
to PoP (point-of-persistence) - DC CVAP and PoDP (point-of-deep-persistence)
- DV CVADP. Both specify conceptual points in a memory system where all writes
that are to reach them are considered persistent.
The support provided considers both to be actually the same so there is no
distinction between the two. If none is available (there is no backing store
for given memory) both will result in Data Cache Clean up to the point of
coherency. Otherwise sync for the specified range shall be performed.

Signed-off-by: Beata Michalska 
Reviewed-by: Richard Henderson 
Message-id: 20191121000843.24844-5-beata.michal...@linaro.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h | 10 
 linux-user/elfload.c |  2 ++
 target/arm/cpu64.c   |  1 +
 target/arm/helper.c  | 56 
 4 files changed, 69 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index cebb3511a51..4106e4ae590 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3618,6 +3618,16 @@ static inline bool isar_feature_aa64_frint(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FRINTTS) != 0;
 }
 
+static inline bool isar_feature_aa64_dcpop(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, DPB) != 0;
+}
+
+static inline bool isar_feature_aa64_dcpodp(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, DPB) >= 2;
+}
+
 static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id)
 {
 /* We always set the AdvSIMD and FP fields identically wrt FP16.  */
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index f6693e57609..07b16cc0f47 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -656,6 +656,7 @@ static uint32_t get_elf_hwcap(void)
 GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT);
 GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB);
 GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM);
+GET_FEATURE_ID(aa64_dcpop, ARM_HWCAP_A64_DCPOP);
 
 return hwcaps;
 }
@@ -665,6 +666,7 @@ static uint32_t get_elf_hwcap2(void)
 ARMCPU *cpu = ARM_CPU(thread_cpu);
 uint32_t hwcaps = 0;
 
+GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP);
 GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2);
 GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT);
 
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index a39d6fcea34..61fd0ade29a 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -646,6 +646,7 @@ static void aarch64_max_initfn(Object *obj)
 cpu->isar.id_aa64isar0 = t;
 
 t = cpu->isar.id_aa64isar1;
+t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2);
 t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, APA, 1); /* PAuth, architected only */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a4f7b61b4e1..3a93844a3bc 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5974,6 +5974,52 @@ static const ARMCPRegInfo rndr_reginfo[] = {
   .access = PL0_R, .readfn = rndr_readfn },
 REGINFO_SENTINEL
 };
+
+#ifndef CONFIG_USER_ONLY
+static void dccvap_writefn(CPUARMState *env, const ARMCPRegInfo *opaque,
+  uint64_t value)
+{
+ARMCPU *cpu = env_archcpu(env);
+/* CTR_EL0 System register -> DminLine, bits [19:16] */
+uint64_t dline_size = 4 << ((cpu->ctr >> 16) & 0xF);
+uint64_t vaddr_in = (uint64_t) value;
+uint64_t vaddr = vaddr_in & ~(dline_size - 1);
+void *haddr;
+int mem_idx = cpu_mmu_index(env, false);
+
+/* This won't be crossing page boundaries */
+haddr = probe_read(env, vaddr, dline_size, mem_idx, GETPC());
+if (haddr) {
+
+ram_addr_t offset;
+MemoryRegion *mr;
+
+/* RCU lock is already being held */
+mr = memory_region_from_host(haddr, &offset);
+
+if (mr) {
+memory_region_do_writeback(mr, offset, dline_size);
+}
+}
+}
+
+static const ARMCPRegInfo dcpop_reg[] = {
+{ .name = "DC_CVAP", .state = ARM_CP_STATE_AA64,
+  .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 1,
+  .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
+  .accessfn = aa64_cacheop_access, .writefn = dccvap_writefn },
+REGINFO_SENTINEL
+};
+
+static const ARMCPRegInfo dcpodp_reg[] = {
+{ .name = "DC_CVADP", .state = ARM_CP_STATE_AA64,
+  .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 1,
+  .access = PL0_W, .type = ARM_CP_NO_RAW | ARM_CP_SUPPRESS_TB_END,
+  .accessfn = aa64_cacheop_access, .writefn = dccvap_writefn },
+REGINFO_SENTINEL
+};
+#endif /*CONFIG_USER_ONLY*/
+
 #endif
 
 static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -7046,6 +7092,16 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 if (cpu_isar_feature(aa64_rndr, cpu)) {

[RFC QEMU PATCH] pc-bios/s390-ccw: Add zipl-like "BOOT_IMAGE=x" to the kernel parameters

2019-12-16 Thread Thomas Huth 
ZIPL adds a "BOOT_IMAGE=x" to the kernel parameters to indicate which
kernel entry has been chosen during the boot process. Apparently some
Linux tools like "dracut" use this setting, so we should provide this
kernel parameter with the s390-ccw bios, too.

However, it's a little bit tricky to get additional parameters from the
s390-ccw bios into the kernel command line: Since we are running the
ZIPL stage 3 boot loader first (which then finally jumps into the Linux
kernel), we have to adapt to the parameter conventions of ZIPL and put
the argument into ZIPLs "COMMAND_LINE_EXTRA" area. Unfortunately, the
location of this area changed in the course of time (it has been moved
between ZIPL v2.9 and v2.10), so we need to detect the right version of
ZIPL here, too. The only reasonable way that I could figure out was the
start address of the ZIPL stage 3 bootloader which has been changed in
almost the same timeframe - just a little bit earlier, between v2.8 and
v2.9, so if a user is using exactly ZIPL v2.9, they won't see the new
BOOT_IMAGE parameter (but at least the new code in s390-ccw should also
not hurt in this case - the area where we write the parameter to is just
the lowest part of the stack area of ZIPL, which should be unused).

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1782026
Signed-off-by: Thomas Huth 
---
 Note: I've marked the patch as RFC since I'm not quite sure whether
 this is really the right way to address this issue: It's unfortunate
 that we have to mess with different location in ZIPL which might also
 change again in the future. As suggested by Christian on IRC last week,
 maybe it would make more sense to change ZIPL to add this parameter
 already when zipl is installed (i.e. by the Linux userspace "zipl" pro-
 gram), instead of adding it during boot time? Also, the BOOT_IMAGE para-
 meter on s390x is quite different from the BOOT_IMAGE paramter that is
 used on x86 - while s390x only uses one single number here, the x86
 variant (added by grub2, I guess) uses the boot device + full filename
 of the kernel on the boot partition. Should we maybe make the s390x
 variant more conform to x86? If so, I think this really has to be fixed
 in zipl userspace tool, and not in the s390-ccw bios (and zipl stage3
 bootloader).

 pc-bios/s390-ccw/bootmap.c  | 56 +++--
 pc-bios/s390-ccw/jump2ipl.c |  2 +-
 pc-bios/s390-ccw/s390-ccw.h |  2 ++
 3 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index d13b7cbd15..bc7fa597b4 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -49,6 +49,56 @@ static inline bool is_iso_vd_valid(IsoVolDesc *vd)
vd->type <= VOL_DESC_TYPE_PARTITION;
 }
 
+/**
+ * The ZIPL boot loader adds a BOOT_IMAGE=x to the kernel parameters
+ * (where x is the number of the selected boot entry). Since some
+ * programs might rely on this parameter, we mimic this behavior here.
+ */
+static void add_boot_image_param(uint64_t start_addr, int index)
+{
+/* "BOOT_IMAGE=00" in EBCDIC */
+char bootimg_str[15] = {
+0xc2, 0xd6, 0xd6, 0xe3, 0x6d, 0xc9, 0xd4, 0xc1, 0xc7, 0xc5, 0x7e,
+0xf0, 0xf0, 0
+};
+
+/* Only do it for Linux images */
+if (memcmp((char *)LINUX_MAGIC_ADDR, "S390EP", 6) != 0) {
+return;
+}
+
+if (index < 10) {
+bootimg_str[11] = 0xf0 + index;  /* 0xf0 is '0' in EBCDIC */
+bootimg_str[12] = 0;
+} else if (index < 100) {
+bootimg_str[11] = 0xf0 + index / 10;
+bootimg_str[12] = 0xf0 + index % 10;
+} else {
+/* This should never happen since index should be < MAX_BOOT_ENTRIES */
+panic("BOOT_IMAGE index too big");
+}
+
+/*
+ * Now write the parameter to the COMMAND_LINE_EXTRA area of the zipl
+ * stage3 boot loader that we are going to run. Unfortunately, the
+ * location of this area changed in the course of time, but we can
+ * use the stage3 start address to determine which area we have to
+ * use (unless it is zipl v2.9 - the start address already has changed
+ * there but the area has not been moved yet ... so for this version
+ * we are writing the parameters into the unused stack area instead
+ * and thus the BOOT_PARAM won't show up there)
+ */
+if ((start_addr & 0x7fff) == 0xa050) {
+*(uint64_t *)0xa020 = true;
+memcpy((char *)0xa000 - 0x400, bootimg_str, sizeof(bootimg_str));
+} else if ((start_addr & 0x7fff) == 0xa000) {
+*(uint64_t *)0x9020 = true;
+memcpy((char *)0xe000, bootimg_str, sizeof(bootimg_str));
+} else {
+sclp_print("\nWarning: Unsupported ZIPL stage 3 start address.\n");
+}
+}
+
 /***
  * IPL an ECKD DASD (CDL or LDL/CMS format)
  */
@@ -480,7 +530,7 @@ static void zipl_load_segment(ComponentEntry *entry)
 }
 
 /* Run a zipl program */
-

[PULL 20/34] target/arm: Honor HCR_EL2.TID2 trapping requirements

2019-12-16 Thread Peter Maydell 
From: Marc Zyngier 

HCR_EL2.TID2 mandates that access from EL1 to CTR_EL0, CCSIDR_EL1,
CCSIDR2_EL1, CLIDR_EL1, CSSELR_EL1 are trapped to EL2, and QEMU
completely ignores it, making it impossible for hypervisors to
virtualize the cache hierarchy.

Do the right thing by trapping to EL2 if HCR_EL2.TID2 is set.

Signed-off-by: Marc Zyngier 
Reviewed-by: Edgar E. Iglesias 
Reviewed-by: Richard Henderson 
Message-id: 20191201122018.25808-2-...@kernel.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 31 +++
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0bf8f53d4b8..1e546096b82 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1910,6 +1910,17 @@ static void scr_write(CPUARMState *env, const 
ARMCPRegInfo *ri, uint64_t value)
 raw_write(env, ri, value);
 }
 
+static CPAccessResult access_aa64_tid2(CPUARMState *env,
+   const ARMCPRegInfo *ri,
+   bool isread)
+{
+if (arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_TID2)) {
+return CP_ACCESS_TRAP_EL2;
+}
+
+return CP_ACCESS_OK;
+}
+
 static uint64_t ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
 {
 ARMCPU *cpu = env_archcpu(env);
@@ -2110,10 +2121,14 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
   .writefn = pmintenclr_write },
 { .name = "CCSIDR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 0,
-  .access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
+  .access = PL1_R,
+  .accessfn = access_aa64_tid2,
+  .readfn = ccsidr_read, .type = ARM_CP_NO_RAW },
 { .name = "CSSELR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
-  .access = PL1_RW, .writefn = csselr_write, .resetvalue = 0,
+  .access = PL1_RW,
+  .accessfn = access_aa64_tid2,
+  .writefn = csselr_write, .resetvalue = 0,
   .bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
  offsetof(CPUARMState, cp15.csselr_ns) } },
 /* Auxiliary ID register: this actually has an IMPDEF value but for now
@@ -5204,6 +5219,11 @@ static CPAccessResult ctr_el0_access(CPUARMState *env, 
const ARMCPRegInfo *ri,
 if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UCT)) {
 return CP_ACCESS_TRAP;
 }
+
+if (arm_current_el(env) < 2 && arm_hcr_el2_eff(env) & HCR_TID2) {
+return CP_ACCESS_TRAP_EL2;
+}
+
 return CP_ACCESS_OK;
 }
 
@@ -6184,7 +6204,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 ARMCPRegInfo clidr = {
 .name = "CLIDR", .state = ARM_CP_STATE_BOTH,
 .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = 1,
-.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->clidr
+.access = PL1_R, .type = ARM_CP_CONST,
+.accessfn = access_aa64_tid2,
+.resetvalue = cpu->clidr
 };
 define_one_arm_cp_reg(cpu, &clidr);
 define_arm_cp_regs(cpu, v7_cp_reginfo);
@@ -6717,7 +6739,8 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 /* These are common to v8 and pre-v8 */
 { .name = "CTR",
   .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 1,
-  .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
+  .access = PL1_R, .accessfn = ctr_el0_access,
+  .type = ARM_CP_CONST, .resetvalue = cpu->ctr },
 { .name = "CTR_EL0", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 0, .crm = 0,
   .access = PL0_R, .accessfn = ctr_el0_access,
-- 
2.20.1

[PULL 34/34] target/arm: ensure we use current exception state after SCR update

2019-12-16 Thread Peter Maydell 
From: Alex Bennée 

A write to the SCR can change the effective EL by droppping the system
from secure to non-secure mode. However if we use a cached current_el
from before the change we'll rebuild the flags incorrectly. To fix
this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL
should be used when recomputing the flags.

Signed-off-by: Alex Bennée 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-id: 20191212114734.6962-1-alex.ben...@linaro.org
Cc: Richard Henderson 
Message-Id: <20191209143723.6368-1-alex.ben...@linaro.org>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   |  8 ++--
 target/arm/helper.h|  1 +
 target/arm/helper.c| 14 +-
 target/arm/translate.c |  6 +-
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4106e4ae590..5f70e9e0438 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2238,6 +2238,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
  * RAISES_EXC is for when the read or write hook might raise an exception;
  * the generated code will synchronize the CPU state before calling the hook
  * so that it is safe for the hook to call raise_exception().
+ * NEWEL is for writes to registers that might change the exception
+ * level - typically on older ARM chips. For those cases we need to
+ * re-read the new el when recomputing the translation flags.
  */
 #define ARM_CP_SPECIAL   0x0001
 #define ARM_CP_CONST 0x0002
@@ -2257,10 +2260,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_SVE   0x2000
 #define ARM_CP_NO_GDB0x4000
 #define ARM_CP_RAISES_EXC0x8000
+#define ARM_CP_NEWEL 0x1
 /* Used only as a terminator for ARMCPRegInfo lists */
-#define ARM_CP_SENTINEL  0x
+#define ARM_CP_SENTINEL  0xf
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0xf0ff
+#define ARM_CP_FLAG_MASK 0x1f0ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 7ce5169afb5..aa3d8cd08fa 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -91,6 +91,7 @@ DEF_HELPER_2(get_user_reg, i32, env, i32)
 DEF_HELPER_3(set_user_reg, void, env, i32, i32)
 
 DEF_HELPER_FLAGS_2(rebuild_hflags_m32, TCG_CALL_NO_RWG, void, env, int)
+DEF_HELPER_FLAGS_1(rebuild_hflags_a32_newel, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_FLAGS_2(rebuild_hflags_a32, TCG_CALL_NO_RWG, void, env, int)
 DEF_HELPER_FLAGS_2(rebuild_hflags_a64, TCG_CALL_NO_RWG, void, env, int)
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 3a93844a3bc..5074b5f69ca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5133,7 +5133,7 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
   .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.scr_el3),
   .resetvalue = 0, .writefn = scr_write },
-{ .name = "SCR",  .type = ARM_CP_ALIAS,
+{ .name = "SCR",  .type = ARM_CP_ALIAS | ARM_CP_NEWEL,
   .cp = 15, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 0,
   .access = PL1_RW, .accessfn = access_trap_aa32s_el1,
   .fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3),
@@ -11472,6 +11472,18 @@ void HELPER(rebuild_hflags_m32)(CPUARMState *env, int 
el)
 env->hflags = rebuild_hflags_m32(env, fp_el, mmu_idx);
 }
 
+/*
+ * If we have triggered a EL state change we can't rely on the
+ * translator having passed it too us, we need to recompute.
+ */
+void HELPER(rebuild_hflags_a32_newel)(CPUARMState *env)
+{
+int el = arm_current_el(env);
+int fp_el = fp_exception_el(env, el);
+ARMMMUIdx mmu_idx = arm_mmu_idx_el(env, el);
+env->hflags = rebuild_hflags_a32(env, fp_el, mmu_idx);
+}
+
 void HELPER(rebuild_hflags_a32)(CPUARMState *env, int el)
 {
 int fp_el = fp_exception_el(env, el);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index f162be8434f..2b6c1f91bf9 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -7083,7 +7083,11 @@ static int disas_coproc_insn(DisasContext *s, uint32_t 
insn)
 if (arm_dc_feature(s, ARM_FEATURE_M)) {
 gen_helper_rebuild_hflags_m32(cpu_env, tcg_el);
 } else {
-gen_helper_rebuild_hflags_a32(cpu_env, tcg_el);
+if (ri->type & ARM_CP_NEWEL) {
+gen_helper_rebuild_hflags_a32_newel(cpu_env);
+} else {
+gen_helper_rebuild_hflags_a32(cpu_env, tcg_el);
+}
 }
 tcg_temp_free_i32(tcg_el);
 /*
-- 
2.20.1

[PULL 21/34] target/arm: Honor HCR_EL2.TID1 trapping requirements

2019-12-16 Thread Peter Maydell 
From: Marc Zyngier 

HCR_EL2.TID1 mandates that access from EL1 to REVIDR_EL1, AIDR_EL1
(and their 32bit equivalents) as well as TCMTR, TLBTR are trapped
to EL2. QEMU ignores it, making it harder for a hypervisor to
virtualize the HW (though to be fair, no known hypervisor actually
cares).

Do the right thing by trapping to EL2 if HCR_EL2.TID1 is set.

Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Marc Zyngier 
Reviewed-by: Richard Henderson 
Message-id: 20191201122018.25808-3-...@kernel.org
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 36 
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1e546096b82..93ecab27c0c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1973,6 +1973,26 @@ static uint64_t isr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 return ret;
 }
 
+static CPAccessResult access_aa64_tid1(CPUARMState *env, const ARMCPRegInfo 
*ri,
+   bool isread)
+{
+if (arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_TID1)) {
+return CP_ACCESS_TRAP_EL2;
+}
+
+return CP_ACCESS_OK;
+}
+
+static CPAccessResult access_aa32_tid1(CPUARMState *env, const ARMCPRegInfo 
*ri,
+   bool isread)
+{
+if (arm_feature(env, ARM_FEATURE_V8)) {
+return access_aa64_tid1(env, ri, isread);
+}
+
+return CP_ACCESS_OK;
+}
+
 static const ARMCPRegInfo v7_cp_reginfo[] = {
 /* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
 { .name = "NOP", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
@@ -2136,7 +2156,9 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
  */
 { .name = "AIDR", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 7,
-  .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+  .access = PL1_R, .type = ARM_CP_CONST,
+  .accessfn = access_aa64_tid1,
+  .resetvalue = 0 },
 /* Auxiliary fault status registers: these also are IMPDEF, and we
  * choose to RAZ/WI for all cores.
  */
@@ -6732,7 +6754,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .access = PL1_R, .resetvalue = cpu->midr },
 { .name = "REVIDR_EL1", .state = ARM_CP_STATE_BOTH,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 6,
-  .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = cpu->revidr 
},
+  .access = PL1_R,
+  .accessfn = access_aa64_tid1,
+  .type = ARM_CP_CONST, .resetvalue = cpu->revidr },
 REGINFO_SENTINEL
 };
 ARMCPRegInfo id_cp_reginfo[] = {
@@ -6748,14 +6772,18 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 /* TCMTR and TLBTR exist in v8 but have no 64-bit versions */
 { .name = "TCMTR",
   .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 2,
-  .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
+  .access = PL1_R,
+  .accessfn = access_aa32_tid1,
+  .type = ARM_CP_CONST, .resetvalue = 0 },
 REGINFO_SENTINEL
 };
 /* TLBTR is specific to VMSA */
 ARMCPRegInfo id_tlbtr_reginfo = {
   .name = "TLBTR",
   .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 3,
-  .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0,
+  .access = PL1_R,
+  .accessfn = access_aa32_tid1,
+  .type = ARM_CP_CONST, .resetvalue = 0,
 };
 /* MPUIR is specific to PMSA V6+ */
 ARMCPRegInfo id_mpuir_reginfo = {
-- 
2.20.1

[PATCH v1 16/16] Added tests for close and change of logfile.

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

One test ensures that the logfile handle is still valid even if
the logfile is changed during logging.
The other test validates that the logfile handle remains valid under
the logfile lock even if the logfile is closed.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-7-robert.fo...@linaro.org>
---
 tests/test-logging.c | 80 
 1 file changed, 80 insertions(+)

diff --git a/tests/test-logging.c b/tests/test-logging.c
index a12585f70af..1e646f045dc 100644
--- a/tests/test-logging.c
+++ b/tests/test-logging.c
@@ -108,6 +108,82 @@ static void test_parse_path(gconstpointer data)
 error_free_or_abort(&err);
 }
 
+static void test_logfile_write(gconstpointer data)
+{
+QemuLogFile *logfile;
+QemuLogFile *logfile2;
+gchar const *dir = data;
+Error *err = NULL;
+g_autofree gchar *file_path;
+g_autofree gchar *file_path1;
+FILE *orig_fd;
+
+/*
+ * Before starting test, set log flags, to ensure the file gets
+ * opened below with the call to qemu_set_log_filename().
+ * In cases where a logging backend other than log is used,
+ * this is needed.
+ */
+qemu_set_log(CPU_LOG_TB_OUT_ASM);
+file_path = g_build_filename(dir, "qemu_test_log_write0.log", NULL);
+file_path1 = g_build_filename(dir, "qemu_test_log_write1.log", NULL);
+
+/*
+ * Test that even if an open file handle is changed,
+ * our handle remains valid due to RCU.
+ */
+qemu_set_log_filename(file_path, &err);
+g_assert(!err);
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+orig_fd = logfile->fd;
+g_assert(logfile && logfile->fd);
+fprintf(logfile->fd, "%s 1st write to file\n", __func__);
+fflush(logfile->fd);
+
+/* Change the logfile and ensure that the handle is still valid. */
+qemu_set_log_filename(file_path1, &err);
+g_assert(!err);
+logfile2 = atomic_rcu_read(&qemu_logfile);
+g_assert(logfile->fd == orig_fd);
+g_assert(logfile2->fd != logfile->fd);
+fprintf(logfile->fd, "%s 2nd write to file\n", __func__);
+fflush(logfile->fd);
+rcu_read_unlock();
+}
+
+static void test_logfile_lock(gconstpointer data)
+{
+FILE *logfile;
+gchar const *dir = data;
+Error *err = NULL;
+g_autofree gchar *file_path;
+
+file_path = g_build_filename(dir, "qemu_test_logfile_lock0.log", NULL);
+
+/*
+ * Test the use of the logfile lock, such
+ * that even if an open file handle is closed,
+ * our handle remains valid for use due to RCU.
+ */
+qemu_set_log_filename(file_path, &err);
+logfile = qemu_log_lock();
+g_assert(logfile);
+fprintf(logfile, "%s 1st write to file\n", __func__);
+fflush(logfile);
+
+/*
+ * Initiate a close file and make sure our handle remains
+ * valid since we still have the logfile lock.
+ */
+qemu_log_close();
+fprintf(logfile, "%s 2nd write to file\n", __func__);
+fflush(logfile);
+qemu_log_unlock(logfile);
+
+g_assert(!err);
+}
+
 /* Remove a directory and all its entries (non-recursive). */
 static void rmdir_full(gchar const *root)
 {
@@ -134,6 +210,10 @@ int main(int argc, char **argv)
 
 g_test_add_func("/logging/parse_range", test_parse_range);
 g_test_add_data_func("/logging/parse_path", tmp_path, test_parse_path);
+g_test_add_data_func("/logging/logfile_write_path",
+ tmp_path, test_logfile_write);
+g_test_add_data_func("/logging/logfile_lock_path",
+ tmp_path, test_logfile_lock);
 
 rc = g_test_run();
 
-- 
2.20.1

[PULL 24/34] target/arm: Add support for missing Jazelle system registers

2019-12-16 Thread Peter Maydell 
From: Marc Zyngier 

QEMU lacks the minimum Jazelle implementation that is required
by the architecture (everything is RAZ or RAZ/WI). Add it
together with the HCR_EL2.TID0 trapping that goes with it.

Signed-off-by: Marc Zyngier 
Reviewed-by: Edgar E. Iglesias 
Reviewed-by: Richard Henderson 
Message-id: 20191201122018.25808-6-...@kernel.org
[PMM: moved ARMCPRegInfo array to file scope, marked it
 'static global', moved new condition down in
 register_cp_regs_for_features() to go with other feature
 things rather than up with the v6/v7/v8 stuff]
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 0ba08d550aa..a4f7b61b4e1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6040,6 +6040,30 @@ static CPAccessResult access_aa32_tid3(CPUARMState *env, 
const ARMCPRegInfo *ri,
 return CP_ACCESS_OK;
 }
 
+static CPAccessResult access_jazelle(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+if (arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_TID0)) {
+return CP_ACCESS_TRAP_EL2;
+}
+
+return CP_ACCESS_OK;
+}
+
+static const ARMCPRegInfo jazelle_regs[] = {
+{ .name = "JIDR",
+  .cp = 14, .crn = 0, .crm = 0, .opc1 = 7, .opc2 = 0,
+  .access = PL1_R, .accessfn = access_jazelle,
+  .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "JOSCR",
+  .cp = 14, .crn = 1, .crm = 0, .opc1 = 7, .opc2 = 0,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "JMCR",
+  .cp = 14, .crn = 2, .crm = 0, .opc1 = 7, .opc2 = 0,
+  .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+REGINFO_SENTINEL
+};
+
 void register_cp_regs_for_features(ARMCPU *cpu)
 {
 /* Register all the coprocessor registers based on feature bits */
@@ -6699,6 +6723,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 if (arm_feature(env, ARM_FEATURE_LPAE)) {
 define_arm_cp_regs(cpu, lpae_cp_reginfo);
 }
+if (cpu_isar_feature(jazelle, cpu)) {
+define_arm_cp_regs(cpu, jazelle_regs);
+}
 /* Slightly awkwardly, the OMAP and StrongARM cores need all of
  * cp15 crn=0 to be writes-ignored, whereas for other cores they should
  * be read-only (ie write causes UNDEF exception).
-- 
2.20.1

[PULL 31/34] hw/arm/acpi: simplify AML bit and/or statement

2019-12-16 Thread Peter Maydell 
From: Heyi Guo 

The last argument of AML bit and/or statement is the target variable,
so we don't need to use a NULL target and then an additional store
operation; using just aml_and() or aml_or() statement is enough.

Also update tests/data/acpi/virt/DSDT* to pass "make check".

Cc: Shannon Zhao 
Cc: Peter Maydell 
Cc: "Michael S. Tsirkin" 
Cc: Igor Mammedov 
Suggested-by: Igor Mammedov 
Reviewed-by: Igor Mammedov 
Signed-off-by: Heyi Guo 
Message-id: 20191209063719.23086-2-guoh...@huawei.com
Signed-off-by: Peter Maydell 
---
 hw/arm/virt-acpi-build.c  |  16 
 tests/data/acpi/virt/DSDT | Bin 18470 -> 18462 bytes
 tests/data/acpi/virt/DSDT.memhp   | Bin 19807 -> 19799 bytes
 tests/data/acpi/virt/DSDT.numamem | Bin 18470 -> 18462 bytes
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 4cd50175e04..51b293e0a1e 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -267,17 +267,17 @@ static void acpi_dsdt_add_pci(Aml *scope, const 
MemMapEntry *memmap,
 aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
 aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
 aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
-aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"), aml_int(0x1D), NULL),
-aml_name("CTRL")));
+aml_append(ifctx, aml_and(aml_name("CTRL"), aml_int(0x1D),
+  aml_name("CTRL")));
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1;
-aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x08), NULL),
- aml_name("CDW1")));
+aml_append(ifctx1, aml_or(aml_name("CDW1"), aml_int(0x08),
+  aml_name("CDW1")));
 aml_append(ifctx, ifctx1);
 
 ifctx1 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), aml_name("CTRL";
-aml_append(ifctx1, aml_store(aml_or(aml_name("CDW1"), aml_int(0x10), NULL),
- aml_name("CDW1")));
+aml_append(ifctx1, aml_or(aml_name("CDW1"), aml_int(0x10),
+  aml_name("CDW1")));
 aml_append(ifctx, ifctx1);
 
 aml_append(ifctx, aml_store(aml_name("CTRL"), aml_name("CDW3")));
@@ -285,8 +285,8 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry 
*memmap,
 aml_append(method, ifctx);
 
 elsectx = aml_else();
-aml_append(elsectx, aml_store(aml_or(aml_name("CDW1"), aml_int(4), NULL),
-  aml_name("CDW1")));
+aml_append(elsectx, aml_or(aml_name("CDW1"), aml_int(4),
+   aml_name("CDW1")));
 aml_append(elsectx, aml_return(aml_arg(3)));
 aml_append(method, elsectx);
 aml_append(dev, method);
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
index 
bce76e3d23e99e6c5ef64c94c770282dd30ecdd0..05bcfc8a912f58f266aa906563ea01c24906717e
 100644
GIT binary patch
delta 133
zcmZ2BfpOjhMlP3Nmk>D*1_q|2iCof5o%I{lJ2{y;?{412x!p#mARjJS5V=5L(&S9WT970c2Uv;Nq{%?q7$gZ1761tsfcPNsCD{x4
MAmS{W8QoPG0j8@bzW@LL

delta 141
zcmbO?fpOUcMlP3Nmk>1%1_q`n6S<_B8XGpMcXBc{-rKy1bGwazA7{LOuro_nHiNTE
zxZwi7$(3%F{sq;}AwfP|vJ41%1_q`n6S<_B8XGpMcXBc{-rKy1bGwazA7{LOuro_nHiNTE
zxZwi7$(3%F{sq;}AwfP|vJ4

[PATCH v1 15/16] Add use of RCU for qemu_logfile.

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

This now allows changing the logfile while logging is active,
and also solves the issue of a seg fault while changing the logfile.

Any read access to the qemu_logfile handle will use
the rcu_read_lock()/unlock() around the use of the handle.
To fetch the handle we will use atomic_rcu_read().
We also in many cases do a check for validity of the
logfile handle before using it to deal with the case where the
file is closed and set to NULL.

The cases where we write to the qemu_logfile will use atomic_rcu_set().
Writers will also use call_rcu() with a newly added qemu_logfile_free
function for freeing/closing when readers have finished.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-6-robert.fo...@linaro.org>
---
 include/exec/log.h | 33 ++---
 include/qemu/log.h | 41 ++
 tcg/tcg.c  | 12 ++--
 util/log.c | 72 --
 4 files changed, 125 insertions(+), 33 deletions(-)

diff --git a/include/exec/log.h b/include/exec/log.h
index e2cfd436e61..9bd1e4aa20b 100644
--- a/include/exec/log.h
+++ b/include/exec/log.h
@@ -15,8 +15,15 @@
  */
 static inline void log_cpu_state(CPUState *cpu, int flags)
 {
+QemuLogFile *logfile;
+
 if (qemu_log_enabled()) {
-cpu_dump_state(cpu, qemu_logfile, flags);
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+cpu_dump_state(cpu, logfile->fd, flags);
+}
+rcu_read_unlock();
 }
 }
 
@@ -40,19 +47,37 @@ static inline void log_cpu_state_mask(int mask, CPUState 
*cpu, int flags)
 static inline void log_target_disas(CPUState *cpu, target_ulong start,
 target_ulong len)
 {
-target_disas(qemu_logfile, cpu, start, len);
+QemuLogFile *logfile;
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+target_disas(logfile->fd, cpu, start, len);
+}
+rcu_read_unlock();
 }
 
 static inline void log_disas(void *code, unsigned long size)
 {
-disas(qemu_logfile, code, size);
+QemuLogFile *logfile;
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+disas(logfile->fd, code, size);
+}
+rcu_read_unlock();
 }
 
 #if defined(CONFIG_USER_ONLY)
 /* page_dump() output to the log file: */
 static inline void log_page_dump(void)
 {
-page_dump(qemu_logfile);
+QemuLogFile *logfile;
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+page_dump(logfile->fd);
+}
+rcu_read_unlock();
 }
 #endif
 #endif
diff --git a/include/qemu/log.h b/include/qemu/log.h
index a7c5b01571f..e0f4e406283 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -3,9 +3,16 @@
 
 /* A small part of this API is split into its own header */
 #include "qemu/log-for-trace.h"
+#include "qemu/rcu.h"
+
+typedef struct QemuLogFile {
+struct rcu_head rcu;
+FILE *fd;
+} QemuLogFile;
 
 /* Private global variable, don't use */
-extern FILE *qemu_logfile;
+extern QemuLogFile *qemu_logfile;
+
 
 /* 
  * The new API:
@@ -25,7 +32,16 @@ static inline bool qemu_log_enabled(void)
  */
 static inline bool qemu_log_separate(void)
 {
-return qemu_logfile != NULL && qemu_logfile != stderr;
+QemuLogFile *logfile;
+bool res = false;
+
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile && logfile->fd != stderr) {
+res = true;
+}
+rcu_read_unlock();
+return res;
 }
 
 #define CPU_LOG_TB_OUT_ASM (1 << 0)
@@ -55,8 +71,15 @@ static inline bool qemu_log_separate(void)
 
 static inline FILE *qemu_log_lock(void)
 {
-qemu_flockfile(qemu_logfile);
-return logfile->fd;
+QemuLogFile *logfile;
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+qemu_flockfile(logfile->fd);
+return logfile->fd;
+} else {
+return NULL;
+}
 }
 
 static inline void qemu_log_unlock(FILE *fd)
@@ -64,6 +87,7 @@ static inline void qemu_log_unlock(FILE *fd)
 if (fd) {
 qemu_funlockfile(fd);
 }
+rcu_read_unlock();
 }
 
 /* Logging functions: */
@@ -73,9 +97,14 @@ static inline void qemu_log_unlock(FILE *fd)
 static inline void GCC_FMT_ATTR(1, 0)
 qemu_log_vprintf(const char *fmt, va_list va)
 {
-if (qemu_logfile) {
-vfprintf(qemu_logfile, fmt, va);
+QemuLogFile *logfile;
+
+rcu_read_lock();
+logfile = atomic_rcu_read(&qemu_logfile);
+if (logfile) {
+vfprintf(logfile->fd, fmt, va);
 }
+rcu_read_unlock();
 }
 
 /* log only if a bit is set on the current loglevel mask:
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 0511266d85d..4f616ba38bf 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2114,9 +2114,17 @@ static void tcg_dump_ops(TCGContext *s, bool have_prefs)
 }
 
 if (have_prefs |

[PATCH v1 14/16] qemu_log_lock/unlock now preserves the qemu_logfile handle.

2019-12-16 Thread Alex Bennée 
From: Robert Foley 

qemu_log_lock() now returns a handle and qemu_log_unlock() receives a
handle to unlock.  This allows for changing the handle during logging
and ensures the lock() and unlock() are for the same file.

Also in target/tilegx/translate.c removed the qemu_log_lock()/unlock()
calls (and the log("\n")), since the translator can longjmp out of the
loop if it attempts to translate an instruction in an inaccessible page.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20191118211528.3221-5-robert.fo...@linaro.org>
---
 include/qemu/log.h|  9 ++---
 accel/tcg/cpu-exec.c  |  4 ++--
 accel/tcg/translate-all.c |  4 ++--
 accel/tcg/translator.c|  4 ++--
 exec.c|  4 ++--
 hw/net/can/can_sja1000.c  |  4 ++--
 net/can/can_socketcan.c   |  5 ++---
 target/cris/translate.c   |  4 ++--
 target/i386/translate.c   |  5 +++--
 target/lm32/translate.c   |  4 ++--
 target/microblaze/translate.c |  4 ++--
 target/nios2/translate.c  |  4 ++--
 target/tilegx/translate.c |  6 --
 target/unicore32/translate.c  |  4 ++--
 tcg/tcg.c | 16 
 15 files changed, 39 insertions(+), 42 deletions(-)

diff --git a/include/qemu/log.h b/include/qemu/log.h
index a91105b2adc..a7c5b01571f 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -53,14 +53,17 @@ static inline bool qemu_log_separate(void)
  * qemu_loglevel is never set when qemu_logfile is unset.
  */
 
-static inline void qemu_log_lock(void)
+static inline FILE *qemu_log_lock(void)
 {
 qemu_flockfile(qemu_logfile);
+return logfile->fd;
 }
 
-static inline void qemu_log_unlock(void)
+static inline void qemu_log_unlock(FILE *fd)
 {
-qemu_funlockfile(qemu_logfile);
+if (fd) {
+qemu_funlockfile(fd);
+}
 }
 
 /* Logging functions: */
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index c01f59c7433..62068d10c3c 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -156,7 +156,7 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, 
TranslationBlock *itb)
 #if defined(DEBUG_DISAS)
 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
 && qemu_log_in_addr_range(itb->pc)) {
-qemu_log_lock();
+FILE *logfile = qemu_log_lock();
 int flags = 0;
 if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
 flags |= CPU_DUMP_FPU;
@@ -165,7 +165,7 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, 
TranslationBlock *itb)
 flags |= CPU_DUMP_CCOP;
 #endif
 log_cpu_state(cpu, flags);
-qemu_log_unlock();
+qemu_log_unlock(logfile);
 }
 #endif /* DEBUG_DISAS */
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 9f48da94721..bb325a2bc44 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1804,7 +1804,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 #ifdef DEBUG_DISAS
 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
 qemu_log_in_addr_range(tb->pc)) {
-qemu_log_lock();
+FILE *logfile = qemu_log_lock();
 qemu_log("OUT: [size=%d]\n", gen_code_size);
 if (tcg_ctx->data_gen_ptr) {
 size_t code_size = tcg_ctx->data_gen_ptr - tb->tc.ptr;
@@ -1829,7 +1829,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 }
 qemu_log("\n");
 qemu_log_flush();
-qemu_log_unlock();
+qemu_log_unlock(logfile);
 }
 #endif
 
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index f977682be79..603d17ff831 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -138,11 +138,11 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 #ifdef DEBUG_DISAS
 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
 && qemu_log_in_addr_range(db->pc_first)) {
-qemu_log_lock();
+FILE *logfile = qemu_log_lock();
 qemu_log("\n");
 ops->disas_log(db, cpu);
 qemu_log("\n");
-qemu_log_unlock();
+qemu_log_unlock(logfile);
 }
 #endif
 }
diff --git a/exec.c b/exec.c
index ffdb5185353..c994a00f102 100644
--- a/exec.c
+++ b/exec.c
@@ -1223,13 +1223,13 @@ void cpu_abort(CPUState *cpu, const char *fmt, ...)
 fprintf(stderr, "\n");
 cpu_dump_state(cpu, stderr, CPU_DUMP_FPU | CPU_DUMP_CCOP);
 if (qemu_log_separate()) {
-qemu_log_lock();
+FILE *logfile = qemu_log_lock();
 qemu_log("qemu: fatal: ");
 qemu_log_vprintf(fmt, ap2);
 qemu_log("\n");
 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
 qemu_log_flush();
-qemu_log_unlock();
+qemu_log_unlock(logfile);
 qemu_log_close();
 }
 va_end(ap2);
diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c
index 1f81341554f..39c78faf9b2 100644
--- a/hw/net/can/can_sja1000.c
+++ b/hw/net/can/can_sja1000.c
@@ -247,

[PULL 33/34] hw/arm/virt: Simplify by moving the gic in the machine state

2019-12-16 Thread Peter Maydell 
From: Philippe Mathieu-Daudé 

Make the gic a field in the machine state, and instead of filling
an array of qemu_irq and passing it around, directly call
qdev_get_gpio_in() on the gic field.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Luc Michel 
Message-id: 20191209090306.20433-1-phi...@redhat.com
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/hw/arm/virt.h |   1 +
 hw/arm/virt.c | 109 +-
 2 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 0b41083e9d5..38f0c33c77c 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -136,6 +136,7 @@ typedef struct {
 uint32_t iommu_phandle;
 int psci_conduit;
 hwaddr highest_gpa;
+DeviceState *gic;
 DeviceState *acpi_dev;
 Notifier powerdown_notifier;
 } VirtMachineState;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index bf4b1cbfb86..6f2a45d1b4c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -531,7 +531,7 @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)
 }
 }
 
-static inline DeviceState *create_acpi_ged(VirtMachineState *vms, qemu_irq 
*pic)
+static inline DeviceState *create_acpi_ged(VirtMachineState *vms)
 {
 DeviceState *dev;
 MachineState *ms = MACHINE(vms);
@@ -547,14 +547,14 @@ static inline DeviceState 
*create_acpi_ged(VirtMachineState *vms, qemu_irq *pic)
 
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vms->memmap[VIRT_ACPI_GED].base);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 1, 
vms->memmap[VIRT_PCDIMM_ACPI].base);
-sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[irq]);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, qdev_get_gpio_in(vms->gic, 
irq));
 
 qdev_init_nofail(dev);
 
 return dev;
 }
 
-static void create_its(VirtMachineState *vms, DeviceState *gicdev)
+static void create_its(VirtMachineState *vms)
 {
 const char *itsclass = its_class_name();
 DeviceState *dev;
@@ -566,7 +566,7 @@ static void create_its(VirtMachineState *vms, DeviceState 
*gicdev)
 
 dev = qdev_create(NULL, itsclass);
 
-object_property_set_link(OBJECT(dev), OBJECT(gicdev), "parent-gicv3",
+object_property_set_link(OBJECT(dev), OBJECT(vms->gic), "parent-gicv3",
  &error_abort);
 qdev_init_nofail(dev);
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vms->memmap[VIRT_GIC_ITS].base);
@@ -574,7 +574,7 @@ static void create_its(VirtMachineState *vms, DeviceState 
*gicdev)
 fdt_add_its_gic_node(vms);
 }
 
-static void create_v2m(VirtMachineState *vms, qemu_irq *pic)
+static void create_v2m(VirtMachineState *vms)
 {
 int i;
 int irq = vms->irqmap[VIRT_GIC_V2M];
@@ -587,17 +587,17 @@ static void create_v2m(VirtMachineState *vms, qemu_irq 
*pic)
 qdev_init_nofail(dev);
 
 for (i = 0; i < NUM_GICV2M_SPIS; i++) {
-sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), i,
+   qdev_get_gpio_in(vms->gic, irq + i));
 }
 
 fdt_add_v2m_gic_node(vms);
 }
 
-static void create_gic(VirtMachineState *vms, qemu_irq *pic)
+static void create_gic(VirtMachineState *vms)
 {
 MachineState *ms = MACHINE(vms);
 /* We create a standalone GIC */
-DeviceState *gicdev;
 SysBusDevice *gicbusdev;
 const char *gictype;
 int type = vms->gic_version, i;
@@ -606,15 +606,15 @@ static void create_gic(VirtMachineState *vms, qemu_irq 
*pic)
 
 gictype = (type == 3) ? gicv3_class_name() : gic_class_name();
 
-gicdev = qdev_create(NULL, gictype);
-qdev_prop_set_uint32(gicdev, "revision", type);
-qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus);
+vms->gic = qdev_create(NULL, gictype);
+qdev_prop_set_uint32(vms->gic, "revision", type);
+qdev_prop_set_uint32(vms->gic, "num-cpu", smp_cpus);
 /* Note that the num-irq property counts both internal and external
  * interrupts; there are always 32 of the former (mandated by GIC spec).
  */
-qdev_prop_set_uint32(gicdev, "num-irq", NUM_IRQS + 32);
+qdev_prop_set_uint32(vms->gic, "num-irq", NUM_IRQS + 32);
 if (!kvm_irqchip_in_kernel()) {
-qdev_prop_set_bit(gicdev, "has-security-extensions", vms->secure);
+qdev_prop_set_bit(vms->gic, "has-security-extensions", vms->secure);
 }
 
 if (type == 3) {
@@ -624,25 +624,25 @@ static void create_gic(VirtMachineState *vms, qemu_irq 
*pic)
 
 nb_redist_regions = virt_gicv3_redist_region_count(vms);
 
-qdev_prop_set_uint32(gicdev, "len-redist-region-count",
+qdev_prop_set_uint32(vms->gic, "len-redist-region-count",
  nb_redist_regions);
-qdev_prop_set_uint32(gicdev, "redist-region-count[0]", redist0_count);
+qdev_prop_set_uint32(vms->gic, "redist-region-count[0]", 
redist0_count);
 
 if (nb_redist_regions == 2) {
 uint32_t redist1_capacity =
 vms->memmap[VIRT_HIGH_GIC_

Re: [PATCH] util/cacheinfo: fix crash when compiling with uClibc

2019-12-16 Thread Carlos Santos 
On Thu, Oct 17, 2019 at 8:06 PM Carlos Santos  wrote:
>
> On Thu, Oct 17, 2019 at 9:47 AM Peter Maydell  
> wrote:
> >
> > On Thu, 17 Oct 2019 at 13:39,  wrote:
> > >
> > > From: Carlos Santos 
> > >
> > > uClibc defines _SC_LEVEL1_ICACHE_LINESIZE and _SC_LEVEL1_DCACHE_LINESIZE
> > > but the corresponding sysconf calls returns -1, which is a valid result,
> > > meaning that the limit is indeterminate.
> > >
> > > Handle this situation using the fallback values instead of crashing due
> > > to an assertion failure.
> > >
> > > Signed-off-by: Carlos Santos 
> > > ---
> > >  util/cacheinfo.c | 10 --
> > >  1 file changed, 8 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/util/cacheinfo.c b/util/cacheinfo.c
> > > index ea6f3e99bf..d94dc6adc8 100644
> > > --- a/util/cacheinfo.c
> > > +++ b/util/cacheinfo.c
> > > @@ -93,10 +93,16 @@ static void sys_cache_info(int *isize, int *dsize)
> > >  static void sys_cache_info(int *isize, int *dsize)
> > >  {
> > >  # ifdef _SC_LEVEL1_ICACHE_LINESIZE
> > > -*isize = sysconf(_SC_LEVEL1_ICACHE_LINESIZE);
> > > +int tmp_isize = (int) sysconf(_SC_LEVEL1_ICACHE_LINESIZE);
> >
> > Do we need the cast here ?
>
> It's there to remind the reader that a type coercion may occur, since
> sysconf() returns a long and isize is an int.
>
> > > +if (tmp_isize > 0) {
> > > +*isize = tmp_isize;
> > > +}
> > >  # endif
> > >  # ifdef _SC_LEVEL1_DCACHE_LINESIZE
> > > -*dsize = sysconf(_SC_LEVEL1_DCACHE_LINESIZE);
> > > +int tmp_dsize = (int) sysconf(_SC_LEVEL1_DCACHE_LINESIZE);
> > > +if (tmp_dsize > 0) {
> > > +*dsize = tmp_dsize;
> > > +}
> > >  # endif
> > >  }
> > >  #endif /* sys_cache_info */
> > > --
> >
> > thanks
> > -- PMM
>
> --
> Carlos Santos
> Senior Software Maintenance Engineer
> Red Hat
> casan...@redhat.comT: +55-11-3534-6186

Hi,

Any chance to have this merged for Christmas? :-)

-- 
Carlos Santos
Senior Software Maintenance Engineer
Red Hat
casan...@redhat.comT: +55-11-3534-6186

Re: [PATCH v3 2/3] spapr: Add NVDIMM device support

2019-12-16 Thread Shivaprasad G Bhat 

Hi David,

On 11/22/2019 10:00 AM, David Gibson wrote:

On Mon, Oct 14, 2019 at 01:37:50PM -0500, Shivaprasad G Bhat wrote:
---

index 62f1a42592..815167e42f 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -708,6 +708,17 @@ static void spapr_drc_phb_class_init(ObjectClass *k, void 
*data)
  drck->dt_populate = spapr_phb_dt_populate;
  }
  
+static void spapr_drc_pmem_class_init(ObjectClass *k, void *data)

+{
+SpaprDrcClass *drck = SPAPR_DR_CONNECTOR_CLASS(k);
+
+drck->typeshift = SPAPR_DR_CONNECTOR_TYPE_SHIFT_PMEM;
+drck->typename = "MEM";

This is the same as the typename for LMB DRCs.  Doesn't that mean that
ibm,drc-types will end up with a duplicate in it?


Correct, this has to be "PMEM" instead of "MEM". Fixing it in next version.

Thanks,
Shivaprasad


+drck->drc_name_prefix = "PMEM ";

[Bug 1856549] [NEW] qemu-4.2.0/hw/misc/mac_via.c: 2 * bad test ?

2019-12-16 Thread dcb 
Public bug reported:

1.

qemu-4.2.0/hw/misc/mac_via.c:417:27: style: Expression is always false
because 'else if' condition matches previous condition at line 412.
[multiCondition]

} else if ((m->data_out & 0xf3) == 0xa1) {
...
} else if ((m->data_out & 0xf3) == 0xa1) {

2.

qemu-4.2.0/hw/misc/mac_via.c:467:27: style: Expression is always false
because 'else if' condition matches previous condition at line 463.
[multiCondition]

Duplicate.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856549

Title:
  qemu-4.2.0/hw/misc/mac_via.c: 2 * bad test ?

Status in QEMU:
  New

Bug description:
  1.

  qemu-4.2.0/hw/misc/mac_via.c:417:27: style: Expression is always false
  because 'else if' condition matches previous condition at line 412.
  [multiCondition]

  } else if ((m->data_out & 0xf3) == 0xa1) {
  ...
  } else if ((m->data_out & 0xf3) == 0xa1) {

  2.

  qemu-4.2.0/hw/misc/mac_via.c:467:27: style: Expression is always false
  because 'else if' condition matches previous condition at line 463.
  [multiCondition]

  Duplicate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856549/+subscriptions

Re: [PATCH v5 4/4] blockdev: honor bdrv_try_set_aio_context() context requirements

2019-12-16 Thread Kevin Wolf 
Am 13.12.2019 um 21:59 hat Eric Blake geschrieben:
> On 12/9/19 10:06 AM, Kevin Wolf wrote:
> > Am 28.11.2019 um 11:41 hat Sergio Lopez geschrieben:
> > > bdrv_try_set_aio_context() requires that the old context is held, and
> > > the new context is not held. Fix all the occurrences where it's not
> > > done this way.
> > > 
> > > Suggested-by: Max Reitz 
> > > Signed-off-by: Sergio Lopez 
> > > ---
> 
> > Or in fact, I think you need to hold the AioContext of a bs to
> > bdrv_unref() it, so maybe 'goto out' is right, but you need to unref
> > target_bs while you still hold old_context.
> 
> I suspect https://bugzilla.redhat.com/show_bug.cgi?id=1779036 is also a
> symptom of this.  The v5 patch did not fix this simple test case:

Speaking of a test case... I think this series should probably add
something to iotests.

Kevin

Re: [RFC QEMU PATCH] pc-bios/s390-ccw: Add zipl-like "BOOT_IMAGE=x" to the kernel parameters

2019-12-16 Thread Christian Borntraeger 



On 16.12.19 12:24, Thomas Huth wrote:
>  Note: I've marked the patch as RFC since I'm not quite sure whether
>  this is really the right way to address this issue: It's unfortunate
>  that we have to mess with different location in ZIPL which might also
>  change again in the future. As suggested by Christian on IRC last week,
>  maybe it would make more sense to change ZIPL to add this parameter
>  already when zipl is installed (i.e. by the Linux userspace "zipl" pro-
>  gram), instead of adding it during boot time? Also, the BOOT_IMAGE para-
>  meter on s390x is quite different from the BOOT_IMAGE paramter that is
>  used on x86 - while s390x only uses one single number here, the x86
>  variant (added by grub2, I guess) uses the boot device + full filename
>  of the kernel on the boot partition. Should we maybe make the s390x
>  variant more conform to x86? If so, I think this really has to be fixed
>  in zipl userspace tool, and not in the s390-ccw bios (and zipl stage3
>  bootloader).

Yes, I actually think we should revisit the whole BOOT_IMAGE scheme on s390.
Maybe we should use the kernel name, or the name of the boot menu entry.
And maybe we should not use 0 (when the default is running) but instead
really use to what 0 points to.

Re: [PATCH 0/8] Simplify memory_region_add_subregion_overlap(..., priority=0)

2019-12-16 Thread Michael S. Tsirkin 
On Sun, Dec 15, 2019 at 03:27:12PM +, Peter Maydell wrote:
> On Sun, 15 Dec 2019 at 09:51, Michael S. Tsirkin  wrote:
> >
> > On Sat, Dec 14, 2019 at 04:28:08PM +, Peter Maydell wrote:
> > > (It doesn't actually assert that it doesn't
> > > overlap because we have some legacy uses, notably
> > > in the x86 PC machines, which do overlap without using
> > > the right function, which we've never tried to tidy up.)
> >
> > It's not exactly legacy uses.
> >
> > To be more exact, the way the non overlap versions
> > are *used* is to mean "I don't care what happens when they overlap"
> > as opposed to "will never overlap".
> 
> Almost all of the use of the non-overlap versions is
> for "these are never going to overlap" -- devices or ram at
> fixed addresses in the address space that can't
> ever be mapped over by anything else. If you want
> "can overlap but I don't care which one wins" then
> that would be more clearly expressed by using the _overlap()
> version but just giving everything that can overlap there
> the same priority.

Problem is device doesn't always know whether something can overlap it.
Imagine device A at a fixed address.
Guest can program device B to overlap the fixed address.
How is device A supposed to know this can happen?



> > There are lots of regions where guest can make things overlapping
> > but doesn't, e.g. PCI BARs can be programmed to overlap
> > almost anything.
> >
> > What happens on real hardware if you then access one of
> > the BARs is undefined, but programming itself is harmless.
> > That's why we can't assert.
> 
> Yeah, good point, for the special case where it's the
> guest that's determining the addresses where something's
> mapped we might want to allow the behaviour to fall out
> of the implementation. (You could instead specify set of
> priorities that makes the undefined-behaviour something
> specific, rather than just an emergent property of
> the implementation QEMU happens to have, but it seems
> a bit hard to justify.)
> 
> thanks
> -- PMM

Re: [PATCH 0/8] Simplify memory_region_add_subregion_overlap(..., priority=0)

2019-12-16 Thread Peter Maydell 
On Mon, 16 Dec 2019 at 11:40, Michael S. Tsirkin  wrote:
>
> On Sun, Dec 15, 2019 at 03:27:12PM +, Peter Maydell wrote:
> > On Sun, 15 Dec 2019 at 09:51, Michael S. Tsirkin  wrote:
> > >
> > > On Sat, Dec 14, 2019 at 04:28:08PM +, Peter Maydell wrote:
> > > > (It doesn't actually assert that it doesn't
> > > > overlap because we have some legacy uses, notably
> > > > in the x86 PC machines, which do overlap without using
> > > > the right function, which we've never tried to tidy up.)
> > >
> > > It's not exactly legacy uses.
> > >
> > > To be more exact, the way the non overlap versions
> > > are *used* is to mean "I don't care what happens when they overlap"
> > > as opposed to "will never overlap".
> >
> > Almost all of the use of the non-overlap versions is
> > for "these are never going to overlap" -- devices or ram at
> > fixed addresses in the address space that can't
> > ever be mapped over by anything else. If you want
> > "can overlap but I don't care which one wins" then
> > that would be more clearly expressed by using the _overlap()
> > version but just giving everything that can overlap there
> > the same priority.
>
> Problem is device doesn't always know whether something can overlap it.
> Imagine device A at a fixed address.
> Guest can program device B to overlap the fixed address.
> How is device A supposed to know this can happen?

That's why (the original intention was) only one of the
regions needs to be marked 'overlap OK', not both.

thanks
-- PMM

Re: [PATCH v2 5/6] linux-user: convert target_munmap debug to a tracepoint

2019-12-16 Thread Alex Bennée 


Laurent Vivier  writes:

> Le 05/12/2019 à 13:25, Alex Bennée a écrit :
>> Convert the final bit of DEBUG_MMAP to a tracepoint and remove the
>> last remanents of the #ifdef hackery.
>> 
>> Signed-off-by: Alex Bennée 
>> Reviewed-by: Richard Henderson 
>> ---
>>  linux-user/mmap.c   | 9 ++---
>>  linux-user/trace-events | 1 +
>>  2 files changed, 3 insertions(+), 7 deletions(-)
>> 
>
> Reviewed-by: Laurent Vivier 

Are you going to take this series via your tree or would you like me to
put the PR together?

-- 
Alex Bennée

[Bug 1856549] Re: qemu-4.2.0/hw/misc/mac_via.c: 2 * bad test ?

2019-12-16 Thread dcb 
gcc compiler flag -Wduplicated-cond will catch this kind of problem.

You might want to switch it on in your builds. It has been available for
over a year.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1856549

Title:
  qemu-4.2.0/hw/misc/mac_via.c: 2 * bad test ?

Status in QEMU:
  New

Bug description:
  1.

  qemu-4.2.0/hw/misc/mac_via.c:417:27: style: Expression is always false
  because 'else if' condition matches previous condition at line 412.
  [multiCondition]

  } else if ((m->data_out & 0xf3) == 0xa1) {
  ...
  } else if ((m->data_out & 0xf3) == 0xa1) {

  2.

  qemu-4.2.0/hw/misc/mac_via.c:467:27: style: Expression is always false
  because 'else if' condition matches previous condition at line 463.
  [multiCondition]

  Duplicate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1856549/+subscriptions

Re: [PATCH v2 5/6] linux-user: convert target_munmap debug to a tracepoint

2019-12-16 Thread Laurent Vivier 
Le 16/12/2019 à 13:00, Alex Bennée a écrit :
> 
> Laurent Vivier  writes:
> 
>> Le 05/12/2019 à 13:25, Alex Bennée a écrit :
>>> Convert the final bit of DEBUG_MMAP to a tracepoint and remove the
>>> last remanents of the #ifdef hackery.
>>>
>>> Signed-off-by: Alex Bennée 
>>> Reviewed-by: Richard Henderson 
>>> ---
>>>  linux-user/mmap.c   | 9 ++---
>>>  linux-user/trace-events | 1 +
>>>  2 files changed, 3 insertions(+), 7 deletions(-)
>>>
>>
>> Reviewed-by: Laurent Vivier 
> 
> Are you going to take this series via your tree or would you like me to
> put the PR together?
> 

As you prefer.

Thanks,
Laurent

Re: [PATCH v6 00/25] monitor: add asynchronous command type

2019-12-16 Thread Kevin Wolf 
Am 13.12.2019 um 17:28 hat Marc-André Lureau geschrieben:
> On Fri, Dec 13, 2019 at 8:04 PM Kevin Wolf  wrote:
> >
> > Am 08.11.2019 um 16:00 hat Marc-André Lureau geschrieben:
> > > The following series implements an internal async command solution
> > > instead. By introducing a session context and a command return
> > > handler, QMP handlers can:
> > > - defer the return, allowing the mainloop to reenter
> > > - return only to the caller (instead of the broadcast event reply)
> > > - optionnally allow cancellation when the client is gone
> > > - track on-going qapi command(s) per session
> >
> > This requires major changes to existing QMP command handlers. Did you
> > consider at least optionally providing a way where instead of using the
> > new async_fn, QMP already creates a coroutine in which the handler is
> > executed?
> 
> Yes, but I don't see how this could be done without the basic callback
> infrastructure I propose here. Also forcing existing code to be
> translated to coroutine-aware is probably even more complicated.

I'll attach what I hacked up last week after discussing a problem with
Markus and Max. As you probably expected, screendump isn't really my
main motivation to look into this. The specific command we discussed was
block_resize, which can potentially block the monitor for a while, but
I'm sure that many more block commands have the same problem.

What my patch does is moving everything into a coroutine. This is wrong
because not everything can be run in a coroutine, so it needs to be made
optional (like you did with your async flag).

The problem isn't with completely coroutine-unaware code, though: That
one would just work, even if not taking advantage from the coroutine. A
potential problem exists with code that behaves differently when run in
a coroutine or outside of coroutine context (generally by checking
qemu_in_coroutine())), or calls of coroutine-unaware code into such
functions.

Running some command handlers outside of coroutine context wouldn't be
hard to add to my patch (basically just a BH), but I haven't looked into
the QAPI side of making it an option.

> > At least for some of the block layer commands, we could simply enable
> > this without changing any of the code and would automatically get rid of
> > blocking the guest while the command is doing I/O. If we need to
> > implement .async_fn, in contrast, it would be quite a bit of boiler
> > plate code for each single handler to create a coroutine for the real
> > handler and to wrap all parameters in a struct.
> 
> We could have the generator do that for you eventually, and spawn the
> coroutine.

Yes, if we need both, that's an option. I'd like to explore first if the
callback-based approach is actually needed, though.

> > > The screendump command is converted to an async:true version to solve
> > > rhbz#1230527. The command shows basic cancellation (this could be
> > > extended if needed). It could be further improved to do asynchronous
> > > IO writes as well.
> >
> > After converting it to QIOChannel like you already do, I/O would
> > automatically become asynchronous when run in a coroutine.
> >
> > If you don't want this yet, but only fix the BZ, I guess you could delay
> > that patch until later and just have a single yield and reenter of the
> > command handler coroutine like this:
> >
> > co = qemu_coroutine_self();
> > aio_co_schedule(qemu_coroutine_get_aio_context(co), co);
> > qemu_coroutine_yield();

(This specific code is wrong, I misread your patches. You don't want to
immediately reenter the coroutine, but only in graphic_hw_update_done().)

> If various places of code start doing that, we are in trouble, the
> stack may grow, cancellation becomes hairy.

I don't understand. How does the coroutine-based approach differ from
what your series does? Basically, instead of splitting qmp_screendump()
in two parts, you keep the existing single function, just with a
qemu_coroutine_yield() in the middle, and instead of calling
qmp_screendump_finish() you wake up the coroutine.

Yes, instead of malloc'ing a struct qmp_screendump, you would keep
things on the stack, but that doesn't make the stack grow as these
things are already on the stack in qmp_screendump().

> Furthermore, in the case of screendump, IO is not necessarily within
> the coroutine context. In this case, we need to wait for the QXL
> device to "flush" the screen. Communicating this event back to the
> coroutine isn't simpler than what I propose here.

Waiting for something in a coroutine means calling
qemu_coroutine_yield() and then letting the event handler call
aio_co_wake() to resume the coroutine. It's really simple. I'm pretty
sure that if qmp_screendump() is called in a coroutine, your I/O would
automatically end up in the coroutine context unless you do something
specifically to avoid it.

Kevin


>From 8d4b8ba34d33d3bbf3f0a21703928eb68895e169 Mon Sep 17 00:00:00 2001
From: Kevin Wolf 
Date: Thu, 12 Dec 2019 16:32:27

Re: [PULL 00/10] Bluetooth removal, and qtest & misc patches

2019-12-16 Thread Thomas Huth 
On 16/12/2019 11.27, Peter Maydell wrote:
> On Thu, 12 Dec 2019 at 18:54, Thomas Huth  wrote:
>>
>>  Hi,
>>
>> the following changes since commit 52901abf94477b400cf88c1f70bb305e690ba2de:
>>
>>   Update version for v4.2.0-rc5 release (2019-12-10 17:15:21 +)
>>
>> are available in the Git repository at:
>>
>>   https://gitlab.com/huth/qemu.git tags/pull-request-2019-12-12
>>
>> for you to fetch changes up to e38f04c4db40a9219cc0c516a6c68b9ca0a783d0:
>>
>>   tests: use g_test_rand_int (2019-12-12 08:16:24 +0100)
>>
>> 
>> - Removal of the deprecated bluetooth code
>> - Some qtest and misc patches
>> 
> 
> Hi; this fails to build on some of my build hosts:
> 
> OSX:
> [...]
>   GEN target/sparc/trace.c
>   GEN util/trace.c
>   GEN hw/core/trace.c
>   CC  qga/main.o
>   CC  qemu-nbd.o
>   CC  qemu-img.o
> make: *** No rule to make target `config-all-devices.mak', needed by
> `aarch64-softmmu/all'.  Stop.
> make: *** Waiting for unfinished jobs

I unfortunately can't reproduce the issue, but if you've got some spare
minutes, could you please check whether this patch helps:

diff --git a/Makefile b/Makefile
index b437a346d7..23aae1437b 100644
--- a/Makefile
+++ b/Makefile
@@ -365,7 +365,8 @@ ifeq ($(SUBDIR_DEVICES_MAK),)
 config-all-devices.mak: config-host.mak
$(call quiet-command,echo '# no devices' > $@,"GEN","$@")
 else
-config-all-devices.mak: $(SUBDIR_DEVICES_MAK) config-host.mak
+config-all-devices.mak: $(SUBDIR_DEVICES_MAK) config-host.mak \
+   $(SRC_PATH)/hw/Kconfig
$(call quiet-command, sed -n \
  's|^\([^=]*\)=\(.*\)$$|\1:=$$(findstring y,$$(\1)\2)|p' \
  $(SUBDIR_DEVICES_MAK) | sort -u > $@, \

?

> ppc64 linux:
>   CC  chardev/char-mux.o
>   CC  chardev/char-null.o
>   CC  chardev/char-parallel.o
>   CC  chardev/char-pipe.o
>   CC  chardev/char-pty.o
>   CC  chardev/char-ringbuf.o
>   CC  chardev/char-serial.o
>   CC  chardev/char-socket.o
>   CC  chardev/char-stdio.o
> make: *** No rule to make target `/home/pm215/qemu/hw/bt/Kconfig',
> needed by `aarch64-softmmu/config-devices.mak'.  Stop.
> make: *** Waiting for unfinished jobs
>   CC  chardev/char-udp.o
> make: Leaving directory `/home/pm215/qemu/build/all'
> 
> 
> windows crossbuilds:
>   CC  chardev/char-serial.o
>   CC  chardev/char-socket.o
>   CC  chardev/char-stdio.o
>   CC  chardev/char-udp.o
>   CC  chardev/char-win.o
> make: *** No rule to make target
> '/home/petmay01/qemu-for-merges/hw/bt/Kconfig', needed by
> 'aarch64-softmmu/config-devices.mak'.  Stop.
> make: *** Waiting for unfinished jobs
>   CC  chardev/char-win-stdio.o

These ones are really surprising to me ... *-softmmu/config-devices.mak
should have a proper dependency on hw/Kconfig so they should get
properly rebuild as far as I can tell. Could you please check the
*-softmmu/config-devices.mak.d dependency files whether the dependency
on hw/Kconfig is really there? Hmm, maybe "make" also tries to check the
old dependency to hw/bt/Kconfig first, before regenerating the files ...
not sure how to fix this properly, maybe leave an empty hw/bt/Kconfig
around for a while 'til all build systems have regenerated the
dependency files?

 Thomas

Re: [RFC QEMU PATCH] pc-bios/s390-ccw: Add zipl-like "BOOT_IMAGE=x" to the kernel parameters

2019-12-16 Thread Cornelia Huck 
On Mon, 16 Dec 2019 12:29:24 +0100
Christian Borntraeger  wrote:

> On 16.12.19 12:24, Thomas Huth wrote:
> >  Note: I've marked the patch as RFC since I'm not quite sure whether
> >  this is really the right way to address this issue: It's unfortunate
> >  that we have to mess with different location in ZIPL which might also
> >  change again in the future. As suggested by Christian on IRC last week,
> >  maybe it would make more sense to change ZIPL to add this parameter
> >  already when zipl is installed (i.e. by the Linux userspace "zipl" pro-
> >  gram), instead of adding it during boot time? Also, the BOOT_IMAGE para-
> >  meter on s390x is quite different from the BOOT_IMAGE paramter that is
> >  used on x86 - while s390x only uses one single number here, the x86
> >  variant (added by grub2, I guess) uses the boot device + full filename
> >  of the kernel on the boot partition. Should we maybe make the s390x
> >  variant more conform to x86? If so, I think this really has to be fixed
> >  in zipl userspace tool, and not in the s390-ccw bios (and zipl stage3
> >  bootloader).  
> 
> Yes, I actually think we should revisit the whole BOOT_IMAGE scheme on s390.
> Maybe we should use the kernel name, or the name of the boot menu entry.
> And maybe we should not use 0 (when the default is running) but instead
> really use to what 0 points to.

Probably dumb question: Is booting via the s390-ccw bios the only time
we boot without going through zipl? What about e.g. booting from the
reader under z/VM? There's probably no BOOT_IMAGE= statement there,
either?

Re: [RFC QEMU PATCH] pc-bios/s390-ccw: Add zipl-like "BOOT_IMAGE=x" to the kernel parameters

2019-12-16 Thread Christian Borntraeger 



On 16.12.19 13:09, Cornelia Huck wrote:
> On Mon, 16 Dec 2019 12:29:24 +0100
> Christian Borntraeger  wrote:
> 
>> On 16.12.19 12:24, Thomas Huth wrote:
>>>  Note: I've marked the patch as RFC since I'm not quite sure whether
>>>  this is really the right way to address this issue: It's unfortunate
>>>  that we have to mess with different location in ZIPL which might also
>>>  change again in the future. As suggested by Christian on IRC last week,
>>>  maybe it would make more sense to change ZIPL to add this parameter
>>>  already when zipl is installed (i.e. by the Linux userspace "zipl" pro-
>>>  gram), instead of adding it during boot time? Also, the BOOT_IMAGE para-
>>>  meter on s390x is quite different from the BOOT_IMAGE paramter that is
>>>  used on x86 - while s390x only uses one single number here, the x86
>>>  variant (added by grub2, I guess) uses the boot device + full filename
>>>  of the kernel on the boot partition. Should we maybe make the s390x
>>>  variant more conform to x86? If so, I think this really has to be fixed
>>>  in zipl userspace tool, and not in the s390-ccw bios (and zipl stage3
>>>  bootloader).  
>>
>> Yes, I actually think we should revisit the whole BOOT_IMAGE scheme on s390.
>> Maybe we should use the kernel name, or the name of the boot menu entry.
>> And maybe we should not use 0 (when the default is running) but instead
>> really use to what 0 points to.
> 
> Probably dumb question: Is booting via the s390-ccw bios the only time
> we boot without going through zipl? What about e.g. booting from the
> reader under z/VM? There's probably no BOOT_IMAGE= statement there,
> either?

I just learned from Peter that booting SCSI also has no BOOT_IMAGE (as
we have no menu). So Thomas, can you find out the use case for the initial
bug report.  That might give an indication on how to proceed for all cases.

[PATCH v9 0/2] qcow2: add zstd cluster compression

2019-12-16 Thread Vladimir Sementsov-Ogievskiy 
Hi all!

Here is my proposal, about how to correctly update qcow2 specification
to introduce new field, keeping in mind currently existing images and
downstream Qemu instances.

v9: Merge 01 and 02
Change wordings
Require header alignment

Vladimir Sementsov-Ogievskiy (2):
  docs: improve qcow2 spec about extending image header
  docs: qcow2: introduce compression type feature

 docs/interop/qcow2.txt | 53 +++---
 1 file changed, 50 insertions(+), 3 deletions(-)

-- 
2.18.0

[PATCH v9 2/2] docs: qcow2: introduce compression type feature

2019-12-16 Thread Vladimir Sementsov-Ogievskiy 
The patch add new additional field to qcow2 header: compression_type,
which specifies compression type. If field is absent or zero, default
compression type is set: ZLIB, which corresponds to current behavior.

New compression type (ZSTD) is to be added in further commit.

Suggested-by: Denis Plotnikov 
Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 docs/interop/qcow2.txt | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index d92c827763..77146b5169 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -109,6 +109,11 @@ the next fields through header_length.
 An External Data File Name header extension may
 be present if this bit is set.
 
+Bit 3:  Compression type bit.  If this bit is set,
+non-default compression is used for compressed
+clusters. compression_type field must be
+present and not zero.
+
 Bits 3-63:  Reserved (set to 0)
 
  80 -  87:  compatible_features
@@ -188,7 +193,16 @@ present*, if not altered by specific incompatible bit.
 *. Field is not present when header_length is less or equal to field's offset.
 Also, all additional fields are not present for version 2.
 
-< ... No additional fields in the header currently ... >
+  104:  compression_type
+Defines the compression method used for compressed 
clusters.
+A single compression type is applied to all compressed 
image
+clusters.
+If incompatible compression type bit is set: the field must
+be present and non-zero (which means non-zlib compression 
type)
+If incompatible compression type bit is unset: the field
+may not exist or it must be zero (which means zlib).
+Available compression type values:
+0: zlib 
 
 Header padding
 
-- 
2.18.0

[PATCH v9 1/2] docs: improve qcow2 spec about extending image header

2019-12-16 Thread Vladimir Sementsov-Ogievskiy 
Make it more obvious how to add new fields to the version 3 header and
how to interpret them.

The specification is adjusted so for new defined optional fields:

1. Software may support some of these optional fields and ignore the
   others, which means that features may be backported to downstream
   Qemu independently.
2. If we want to add incompatible field (or a field, for which some its
   values would be incompatible), it must be accompanied by
   incompatible feature bit.

Also the concept of "default is zero" is clarified, as it's strange to
say that the value of the field is assumed to be zero for the software
version which don't know about the field at all and don't know how to
treat it be it zero or not.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 docs/interop/qcow2.txt | 39 ---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index af5711e533..d92c827763 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -79,9 +79,9 @@ The first cluster of a qcow2 image contains the file header:
 Offset into the image file at which the snapshot table
 starts. Must be aligned to a cluster boundary.
 
-If the version is 3 or higher, the header has the following additional fields.
-For version 2, the values are assumed to be zero, unless specified otherwise
-in the description of a field.
+For version 2, the header is exactly 72 bytes in length, and finishes here.
+For version 3 or higher, the header length is at least 104 bytes, including
+the next fields through header_length.
 
  72 -  79:  incompatible_features
 Bitmask of incompatible features. An implementation must
@@ -164,6 +164,39 @@ in the description of a field.
 100 - 103:  header_length
 Length of the header structure in bytes. For version 2
 images, the length is always assumed to be 72 bytes.
+For version 3 it's at least 104 bytes and must be a 
multiply
+of 8.
+
+Additional fields (version 3 and higher)
+
+In general, these fields are optional and may be safely ignored by the 
software,
+as well as filled by zeros (which is equal to field absence), if software needs
+to set field B, but don't want to care about field A, which precedes B. More
+formally, additional fields have the following compatibility rules:
+
+1. If the value of the additional field must not be ignored for correct
+handling of the file, it will be accompanied by a corresponding incompatible
+feature bit.
+
+2. If there are no unrecognized incompatible feature bits set, an unknown
+additional field may be safely ignored other than preserving its value when
+rewriting the image header.
+
+3. An explicit value of 0 will have the same behavior as when the field is not
+present*, if not altered by specific incompatible bit.
+
+*. Field is not present when header_length is less or equal to field's offset.
+Also, all additional fields are not present for version 2.
+
+< ... No additional fields in the header currently ... >
+
+Header padding
+
+@header_length must be a multiply of 8, which means that if last additional 
field
+end is not aligned, some padding is needed. This padding must be zeroed, so 
that,
+if some existing (or future) additional field will fall into the padding, it
+will be interpreted accordingly to point [3.] of the previous paragraph, i.e.
+in same manner as when this field is not present.
 
 Directly after the image header, optional sections called header extensions can
 be stored. Each extension has a structure like the following:
-- 
2.18.0

Re: [RFC QEMU PATCH] pc-bios/s390-ccw: Add zipl-like "BOOT_IMAGE=x" to the kernel parameters

2019-12-16 Thread Thomas Huth 
On 16/12/2019 13.15, Christian Borntraeger wrote:
[...]
> I just learned from Peter that booting SCSI also has no BOOT_IMAGE (as
> we have no menu). So Thomas, can you find out the use case for the initial
> bug report.  That might give an indication on how to proceed for all cases.

Apparently this parameter is used by Dracut, see:

https://bugzilla.redhat.com/show_bug.cgi?id=1782026#c4

 Thomas

[Bug 1844814] Re: trace: SystemTap documentation out of date

2019-12-16 Thread Philippe Mathieu-Daudé 
Fixed in v4.2.0.

** Changed in: qemu
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1844814

Title:
  trace: SystemTap documentation out of date

Status in QEMU:
  Fix Released

Bug description:
  The docs/devel/tracing.txt help suggest:

  scripts/tracetool.py --backends=dtrace --format=stap \
   --binary path/to/qemu-binary \
   --target-type system \
   --target-name x86_64 \
   qemu.stp

  but since commit 2098c56a9bc this comment is outdated:

$ scripts/tracetool.py --backends=dtrace --format=stap \
  --binary mips-softmmu/qemu-system-mips \
  --target-type system \
  --target-name mips trace-events-all
Error: group name is required

  The offending commit seems:

  commit 2098c56a9bc5901e145fa5d4759f075808811685
  Author: Daniel P. Berrange 
  Date:   Wed Jan 25 16:14:14 2017 +

  trace: move setting of group name into Makefiles

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1844814/+subscriptions

[Bug 1844817] Re: trace: dynamic width format syntax not validated

2019-12-16 Thread Philippe Mathieu-Daudé 
Fixed in v4.2.0 (commits abc7cf3655 & 10f9f1fbed).

** Changed in: qemu
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1844817

Title:
  trace: dynamic width format syntax not validated

Status in QEMU:
  Fix Released

Bug description:
  The dtrace via stap backend cannot support the dynamic '*' width
  format.

  Eric noted in https://lists.gnu.org/archive/html/qemu-
  devel/2019-09/msg04720.html:

https://sourceware.org/systemtap/langref.pdf

section 9.2 printf, states:

"The printf formatting directives are similar to those of C, except that
they are fully checked for type by the translator."

and does NOT list handling for '*' under precision or width.

  Some trace events have been merged without checking this:

  $ git ls-files|fgrep trace-event|xargs git grep '*\("\|x\)'
  hw/block/trace-events:11:pflash_io_read(uint64_t offset, int width, int 
fmt_width, uint32_t value, uint8_t cmd, uint8_t wcycle) "offset:0x%04"PRIx64" 
width:%d value:0x%0*x cmd:0x%02x wcycle:%u"
  hw/block/trace-events:12:pflash_io_write(uint64_t offset, int width, int 
fmt_width, uint32_t value, uint8_t wcycle) "offset:0x%04"PRIx64" width:%d 
value:0x%0*x wcycle:%u"
  hw/block/trace-events:13:pflash_data_read(uint64_t offset, int width, 
uint32_t value) "data offset:0x%04"PRIx64" value:0x%0*x"
  hw/block/trace-events:14:pflash_data_write(uint64_t offset, int width, 
uint32_t value, uint64_t counter) "data offset:0x%04"PRIx64" value:0x%0*x 
counter:0x%016"PRIx64
  hw/mips/trace-events:2:gt64120_read(const char *regname, int width, uint64_t 
value) "gt64120 read %s value:0x%0*" PRIx64
  hw/mips/trace-events:3:gt64120_write(const char *regname, int width, uint64_t 
value) "gt64120 write %s value:0x%0*" PRIx64

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1844817/+subscriptions

Re: [PULL 00/10] Bluetooth removal, and qtest & misc patches

2019-12-16 Thread Paolo Bonzini 
On 16/12/19 13:08, Thomas Huth wrote:
>> windows crossbuilds:
>>   CC  chardev/char-serial.o
>>   CC  chardev/char-socket.o
>>   CC  chardev/char-stdio.o
>>   CC  chardev/char-udp.o
>>   CC  chardev/char-win.o
>> make: *** No rule to make target
>> '/home/petmay01/qemu-for-merges/hw/bt/Kconfig', needed by
>> 'aarch64-softmmu/config-devices.mak'.  Stop.
>> make: *** Waiting for unfinished jobs
>>   CC  chardev/char-win-stdio.o
> These ones are really surprising to me ... *-softmmu/config-devices.mak
> should have a proper dependency on hw/Kconfig so they should get
> properly rebuild as far as I can tell. Could you please check the
> *-softmmu/config-devices.mak.d dependency files whether the dependency
> on hw/Kconfig is really there? Hmm, maybe "make" also tries to check the
> old dependency to hw/bt/Kconfig first, before regenerating the files ...
> not sure how to fix this properly, maybe leave an empty hw/bt/Kconfig
> around for a while 'til all build systems have regenerated the
> dependency files?

I think in the past we've had patches where you just had to force a
"make distclean".

Paolo

Re: [PATCH 0/5] mips: machines: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
On Fri, Dec 6, 2019 at 3:41 PM Filip Bozuta  wrote:
>
> The scripts checkpatch.pl located in scripts folder
> was used to check for errors and warnings in fllowing
> mips machines:
>
> Jazz
> Malta
> Mipssim
> R4000
> Fulong 2E
> Boston
>
> All generated errors and warnings were corrected
> and the script was ran again to make sure there
> are no more errors and warnings
>
> Note:
>
> Boston machine was already clear of errors
> and warnings so the boston machine files
> were not edited.
>
> Note:
>
> One error occured due to the machro #IF 0.
> That error was not corrected beacuse there
> is some reduntant code within that macro that
> might be used in future versions.
>
> v2:
>
> * changed lines in hw/mips/mips_malta.c from 848 to
>   995 so that comments begin at the same line
>
> * changed line 573 in hw/mips/mips_malta.c to fix
>   the build error due to the function g_new0 that is
>   used for allocating
>
> * changed lines 103 and 107 in tests/acceptance/mips_malta.c
>   so that splitting lines are aligned vertically
>   belove the opening brackets
>
> * changed line 121 in mips_r4k.c so that INITRD_PAGE_MASK so
>   that it is aligned vertically belove the opening bracket
>
> Filip Bozuta (5):
>   mips: jazz: Renovate coding style
>   mips: malta: Renovate coding style
>   mips: mipssim: Renovate coding style
>   mips: r4000: Renovate coding style
>   mips: fulong 2e: Renovate coding style
>
>  hw/display/jazz_led.c| 123 +++---
>  hw/dma/rc4030.c  |  12 ++-
>  hw/isa/vt82c686.c|  23 +++--
>  hw/mips/mips_jazz.c  |  32 +++---
>  hw/mips/mips_malta.c | 169 
> ---
>  hw/mips/mips_r4k.c   |  55 ++
>  hw/net/mipsnet.c |  44 
>  hw/pci-host/bonito.c |  60 ++-
>  tests/acceptance/linux_ssh_mips_malta.py |   6 +-
>  9 files changed, 281 insertions(+), 243 deletions(-)
>

Applied to mips queue, with some minor modifications limited to
several lines of code.

Filip, please make sure to test build in future.

(Of course, other applicable unit and integration tests should be executed too.)

Thanks,
Aleksandar

> --
> 2.7.4
>
>

Re: [PATCH v3 0/5] MAINTAINERS: Fine adjustment for (mostly mips) content

2019-12-16 Thread Aleksandar Markovic 
On Tue, Dec 10, 2019 at 1:57 PM Aleksandar Markovic
 wrote:
>
> From: Aleksandar Markovic 
>
> v2->v3:
>
>   - changed patches 2, 3, 4 on Philippe's request
>   - add a patch on including acceptance test in MIPS section
>
> v1->v2:
>
>   - removed patch on new git infrastructure section
>   - added a patch that adds two files in Malta section
>
> The goal of this series is to:
>
>   * reduce the amount of "unmainatined" files (not having their
> maintainer in "MAINTAINERS")
>   * reduce the amount of nominally maintained files, but unmaintained
> in reality
>   * increase the role of non-mips open source participants in
> maintaining and reviewing mips content
>
> Best wishes to all new and former maintainers in future activities
> and enavours!
>
> Aleksandar Markovic (5):
>   MAINTAINERS: Add a section on UI translation
>   MAINTAINERS: Adjust maintainership for Fulong 2E board
>   MAINTAINERS: Adjust maintainership for Malta board
>   MAINTAINERS: Add three files to Malta section
>   MAINTAINERS: Add a file to MIPS section
>
>  MAINTAINERS | 15 ---
>  1 file changed, 12 insertions(+), 3 deletions(-)
>

Applied to mips queue.

> --
> 2.7.4
>
>

[PULL 05/11] mips: fulong 2e: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
From: Filip Bozuta 

The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_fulong2e.c
hw/isa/vt82c686.c
hw/pci-host/bonito.c
include/hw/isa/vt82c686.h

These mips Fulong 2E machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.

Signed-off-by: Filip Bozuta 
Signed-off-by: Aleksandar Markovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1575640687-20744-6-git-send-email-filip.boz...@rt-rk.com>
---
 hw/isa/vt82c686.c| 23 ++--
 hw/pci-host/bonito.c | 60 +---
 2 files changed, 45 insertions(+), 38 deletions(-)

diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 616f67f..f828708 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -27,7 +27,7 @@
 #include "qemu/timer.h"
 #include "exec/address-spaces.h"
 
-//#define DEBUG_VT82C686B
+/* #define DEBUG_VT82C686B */
 
 #ifdef DEBUG_VT82C686B
 #define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__, ##__VA_ARGS__)
@@ -35,8 +35,7 @@
 #define DPRINTF(fmt, ...)
 #endif
 
-typedef struct SuperIOConfig
-{
+typedef struct SuperIOConfig {
 uint8_t config[0x100];
 uint8_t index;
 uint8_t data;
@@ -102,7 +101,7 @@ static uint64_t superio_ioport_readb(void *opaque, hwaddr 
addr, unsigned size)
 SuperIOConfig *superio_conf = opaque;
 
 DPRINTF("superio_ioport_readb  address 0x%x\n", addr);
-return (superio_conf->config[superio_conf->index]);
+return superio_conf->config[superio_conf->index];
 }
 
 static const MemoryRegionOps superio_ops = {
@@ -143,7 +142,7 @@ static void vt82c686b_isa_reset(DeviceState *dev)
 }
 
 /* write config pci function0 registers. PCI-ISA bridge */
-static void vt82c686b_write_config(PCIDevice * d, uint32_t address,
+static void vt82c686b_write_config(PCIDevice *d, uint32_t address,
uint32_t val, int len)
 {
 VT82C686BState *vt686 = VT82C686B_DEVICE(d);
@@ -365,7 +364,7 @@ static void vt82c686b_pm_realize(PCIDevice *dev, Error 
**errp)
 pci_set_long(pci_conf + 0x48, 0x0001);
 
 /* SMB ports:0xeee0~0xeeef */
-s->smb_io_base =((s->smb_io_base & 0xfff0) + 0x0);
+s->smb_io_base = ((s->smb_io_base & 0xfff0) + 0x0);
 pci_conf[0x90] = s->smb_io_base | 1;
 pci_conf[0x91] = s->smb_io_base >> 8;
 pci_conf[0xd2] = 0x90;
@@ -462,16 +461,18 @@ static void vt82c686b_realize(PCIDevice *d, Error **errp)
 
 wmask = d->wmask;
 for (i = 0x00; i < 0xff; i++) {
-   if (i<=0x03 || (i>=0x08 && i<=0x3f)) {
-   wmask[i] = 0x00;
-   }
+if (i <= 0x03 || (i >= 0x08 && i <= 0x3f)) {
+wmask[i] = 0x00;
+}
 }
 
 memory_region_init_io(&vt82c->superio, OBJECT(d), &superio_ops,
   &vt82c->superio_conf, "superio", 2);
 memory_region_set_enabled(&vt82c->superio, false);
-/* The floppy also uses 0x3f0 and 0x3f1.
- * But we do not emulate a floppy, so just set it here. */
+/*
+ * The floppy also uses 0x3f0 and 0x3f1.
+ * But we do not emulate a floppy, so just set it here.
+ */
 memory_region_add_subregion(isa_bus->address_space_io, 0x3f0,
 &vt82c->superio);
 }
diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c
index ceee463..4692d41 100644
--- a/hw/pci-host/bonito.c
+++ b/hw/pci-host/bonito.c
@@ -14,7 +14,8 @@
  * fulong 2e mini pc has a bonito north bridge.
  */
 
-/* what is the meaning of devfn in qemu and IDSEL in bonito northbridge?
+/*
+ * what is the meaning of devfn in qemu and IDSEL in bonito northbridge?
  *
  * devfn   pci_slot<<3  + funno
  * one pci bus can have 32 devices and each device can have 8 functions.
@@ -49,7 +50,7 @@
 #include "sysemu/runstate.h"
 #include "exec/address-spaces.h"
 
-//#define DEBUG_BONITO
+/* #define DEBUG_BONITO */
 
 #ifdef DEBUG_BONITO
 #define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __func__, ##__VA_ARGS__)
@@ -60,45 +61,45 @@
 /* from linux soure code. include/asm-mips/mips-boards/bonito64.h*/
 #define BONITO_BOOT_BASE0x1fc0
 #define BONITO_BOOT_SIZE0x0010
-#define BONITO_BOOT_TOP (BONITO_BOOT_BASE+BONITO_BOOT_SIZE-1)
+#define BONITO_BOOT_TOP (BONITO_BOOT_BASE + BONITO_BOOT_SIZE - 1)
 #define BONITO_FLASH_BASE   0x1c00
 #define BONITO_FLASH_SIZE   0x0300
-#define BONITO_FLASH_TOP(BONITO_FLASH_BASE+BONITO_FLASH_SIZE-1)
+#define BONITO_FLASH_TOP(BONITO_FLASH_BASE + BONITO_FLASH_SIZE - 1)
 #define BONITO_SOCKET_BASE  0x1f80
 #define BONITO_SOCKET_SIZE  0x0040
-#define BONITO_SOCKET_TOP   (BONITO_SOCKET_BASE+BONITO_SOCKET_SIZE-1)
+#define BONITO_SOCKET_TOP   (BONITO_SOCKET_BASE + BONITO_SOCKET_SIZE - 1)
 #define BONITO_REG_BASE 0x1fe0
 #define BONITO_REG_SIZE 0x0004
-#d

[PULL 03/11] mips: mipssim: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
From: Filip Bozuta 

The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_mipssim.c
hw/net/mipsnet.c

All these mips mipssim machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.

Signed-off-by: Filip Bozuta 
Signed-off-by: Aleksandar Markovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1575640687-20744-4-git-send-email-filip.boz...@rt-rk.com>
---
 hw/net/mipsnet.c | 42 +++---
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index f7ae1ce..380ff5a 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -9,19 +9,19 @@
 
 /* MIPSnet register offsets */
 
-#define MIPSNET_DEV_ID 0x00
-#define MIPSNET_BUSY   0x08
-#define MIPSNET_RX_DATA_COUNT  0x0c
-#define MIPSNET_TX_DATA_COUNT  0x10
-#define MIPSNET_INT_CTL0x14
-# define MIPSNET_INTCTL_TXDONE 0x0001
-# define MIPSNET_INTCTL_RXDONE 0x0002
-# define MIPSNET_INTCTL_TESTBIT0x8000
-#define MIPSNET_INTERRUPT_INFO 0x18
-#define MIPSNET_RX_DATA_BUFFER 0x1c
-#define MIPSNET_TX_DATA_BUFFER 0x20
-
-#define MAX_ETH_FRAME_SIZE 1514
+#define MIPSNET_DEV_ID  0x00
+#define MIPSNET_BUSY0x08
+#define MIPSNET_RX_DATA_COUNT   0x0c
+#define MIPSNET_TX_DATA_COUNT   0x10
+#define MIPSNET_INT_CTL 0x14
+# define MIPSNET_INTCTL_TXDONE  0x0001
+# define MIPSNET_INTCTL_RXDONE  0x0002
+# define MIPSNET_INTCTL_TESTBIT 0x8000
+#define MIPSNET_INTERRUPT_INFO  0x18
+#define MIPSNET_RX_DATA_BUFFER  0x1c
+#define MIPSNET_TX_DATA_BUFFER  0x20
+
+#define MAX_ETH_FRAME_SIZE  1514
 
 #define TYPE_MIPS_NET "mipsnet"
 #define MIPS_NET(obj) OBJECT_CHECK(MIPSnetState, (obj), TYPE_MIPS_NET)
@@ -64,8 +64,9 @@ static void mipsnet_update_irq(MIPSnetState *s)
 
 static int mipsnet_buffer_full(MIPSnetState *s)
 {
-if (s->rx_count >= MAX_ETH_FRAME_SIZE)
+if (s->rx_count >= MAX_ETH_FRAME_SIZE) {
 return 1;
+}
 return 0;
 }
 
@@ -73,18 +74,21 @@ static int mipsnet_can_receive(NetClientState *nc)
 {
 MIPSnetState *s = qemu_get_nic_opaque(nc);
 
-if (s->busy)
+if (s->busy) {
 return 0;
+}
 return !mipsnet_buffer_full(s);
 }
 
-static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t 
size)
+static ssize_t mipsnet_receive(NetClientState *nc,
+   const uint8_t *buf, size_t size)
 {
 MIPSnetState *s = qemu_get_nic_opaque(nc);
 
 trace_mipsnet_receive(size);
-if (!mipsnet_can_receive(nc))
+if (!mipsnet_can_receive(nc)) {
 return 0;
+}
 
 if (size >= sizeof(s->rx_buffer)) {
 return 0;
@@ -115,10 +119,10 @@ static uint64_t mipsnet_ioport_read(void *opaque, hwaddr 
addr,
 addr &= 0x3f;
 switch (addr) {
 case MIPSNET_DEV_ID:
-ret = be32_to_cpu(0x4d495053); /* MIPS */
+ret = be32_to_cpu(0x4d495053);  /* MIPS */
 break;
 case MIPSNET_DEV_ID + 4:
-ret = be32_to_cpu(0x4e455430); /* NET0 */
+ret = be32_to_cpu(0x4e455430);  /* NET0 */
 break;
 case MIPSNET_BUSY:
 ret = s->busy;
-- 
2.7.4

[PULL 11/11] MAINTAINERS: Add a file to MIPS section

2019-12-16 Thread Aleksandar Markovic 
From: Aleksandar Markovic 

File tests/acceptance/linux_ssh_mips_malta.py is crucial for
entire MIPS platform, so add it to the MIPS section. The
maintainership will be shared with others.

Signed-off-by: Aleksandar Markovic 
Message-Id: <1575982519-29852-6-git-send-email-aleksandar.marko...@rt-rk.com>
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 2af7313..740401b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -221,6 +221,7 @@ F: include/hw/intc/mips_gic.h
 F: include/hw/mips/
 F: include/hw/misc/mips_*
 F: include/hw/timer/mips_gictimer.h
+F: tests/acceptance/linux_ssh_mips_malta.py
 F: tests/tcg/mips/
 K: ^Subject:.*(?i)mips
 
-- 
2.7.4

[PULL 01/11] mips: jazz: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
From: Filip Bozuta 

The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_jazz.c
hw/display/jazz_led.c
hw/dma/rc4030.c

All these mips jazz machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.

Signed-off-by: Filip Bozuta 
Signed-off-by: Aleksandar Markovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1575640687-20744-2-git-send-email-filip.boz...@rt-rk.com>
---
 hw/display/jazz_led.c | 123 +-
 hw/dma/rc4030.c   |  12 +++--
 hw/mips/mips_jazz.c   |  32 +++--
 3 files changed, 88 insertions(+), 79 deletions(-)

diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c
index 3e0112b..1d84559 100644
--- a/hw/display/jazz_led.c
+++ b/hw/display/jazz_led.c
@@ -90,25 +90,25 @@ static void draw_horizontal_line(DisplaySurface *ds,
 
 bpp = (surface_bits_per_pixel(ds) + 7) >> 3;
 d = surface_data(ds) + surface_stride(ds) * posy + bpp * posx1;
-switch(bpp) {
-case 1:
-for (x = posx1; x <= posx2; x++) {
-*((uint8_t *)d) = color;
-d++;
-}
-break;
-case 2:
-for (x = posx1; x <= posx2; x++) {
-*((uint16_t *)d) = color;
-d += 2;
-}
-break;
-case 4:
-for (x = posx1; x <= posx2; x++) {
-*((uint32_t *)d) = color;
-d += 4;
-}
-break;
+switch (bpp) {
+case 1:
+for (x = posx1; x <= posx2; x++) {
+*((uint8_t *)d) = color;
+d++;
+}
+break;
+case 2:
+for (x = posx1; x <= posx2; x++) {
+*((uint16_t *)d) = color;
+d += 2;
+}
+break;
+case 4:
+for (x = posx1; x <= posx2; x++) {
+*((uint32_t *)d) = color;
+d += 4;
+}
+break;
 }
 }
 
@@ -121,25 +121,25 @@ static void draw_vertical_line(DisplaySurface *ds,
 
 bpp = (surface_bits_per_pixel(ds) + 7) >> 3;
 d = surface_data(ds) + surface_stride(ds) * posy1 + bpp * posx;
-switch(bpp) {
-case 1:
-for (y = posy1; y <= posy2; y++) {
-*((uint8_t *)d) = color;
-d += surface_stride(ds);
-}
-break;
-case 2:
-for (y = posy1; y <= posy2; y++) {
-*((uint16_t *)d) = color;
-d += surface_stride(ds);
-}
-break;
-case 4:
-for (y = posy1; y <= posy2; y++) {
-*((uint32_t *)d) = color;
-d += surface_stride(ds);
-}
-break;
+switch (bpp) {
+case 1:
+for (y = posy1; y <= posy2; y++) {
+*((uint8_t *)d) = color;
+d += surface_stride(ds);
+}
+break;
+case 2:
+for (y = posy1; y <= posy2; y++) {
+*((uint16_t *)d) = color;
+d += surface_stride(ds);
+}
+break;
+case 4:
+for (y = posy1; y <= posy2; y++) {
+*((uint32_t *)d) = color;
+d += surface_stride(ds);
+}
+break;
 }
 }
 
@@ -164,28 +164,28 @@ static void jazz_led_update_display(void *opaque)
 if (s->state & REDRAW_SEGMENTS) {
 /* set colors according to bpp */
 switch (surface_bits_per_pixel(surface)) {
-case 8:
-color_segment = rgb_to_pixel8(0xaa, 0xaa, 0xaa);
-color_led = rgb_to_pixel8(0x00, 0xff, 0x00);
-break;
-case 15:
-color_segment = rgb_to_pixel15(0xaa, 0xaa, 0xaa);
-color_led = rgb_to_pixel15(0x00, 0xff, 0x00);
-break;
-case 16:
-color_segment = rgb_to_pixel16(0xaa, 0xaa, 0xaa);
-color_led = rgb_to_pixel16(0x00, 0xff, 0x00);
-break;
-case 24:
-color_segment = rgb_to_pixel24(0xaa, 0xaa, 0xaa);
-color_led = rgb_to_pixel24(0x00, 0xff, 0x00);
-break;
-case 32:
-color_segment = rgb_to_pixel32(0xaa, 0xaa, 0xaa);
-color_led = rgb_to_pixel32(0x00, 0xff, 0x00);
-break;
-default:
-return;
+case 8:
+color_segment = rgb_to_pixel8(0xaa, 0xaa, 0xaa);
+color_led = rgb_to_pixel8(0x00, 0xff, 0x00);
+break;
+case 15:
+color_segment = rgb_to_pixel15(0xaa, 0xaa, 0xaa);
+color_led = rgb_to_pixel15(0x00, 0xff, 0x00);
+break;
+case 16:
+color_segment = rgb_to_pixel16(0xaa, 0xaa, 0xaa);
+color_led = rgb_to_pixel16(0x00, 0xff, 0x00);
+

[PULL 02/11] mips: malta: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
From: Filip Bozuta 

The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in files:
hw/mips/mips_malta.c
hw/mips/gt64xxx_pci.c
tests/acceptance/linux_ssh_mips_malta.py

All these mips malta machine files were edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.

Signed-off-by: Filip Bozuta 
Signed-off-by: Aleksandar Markovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1575640687-20744-3-git-send-email-filip.boz...@rt-rk.com>
---
 hw/mips/mips_malta.c | 172 ---
 tests/acceptance/linux_ssh_mips_malta.py |   6 +-
 2 files changed, 91 insertions(+), 87 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 92e9ca5..783cd99 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -137,7 +137,8 @@ static void malta_fpga_update_display(void *opaque)
  */
 
 #if defined(DEBUG)
-#  define logout(fmt, ...) fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## 
__VA_ARGS__)
+#  define logout(fmt, ...) \
+  fprintf(stderr, "MALTA\t%-24s" fmt, __func__, ## __VA_ARGS__)
 #else
 #  define logout(fmt, ...) ((void)0)
 #endif
@@ -359,7 +360,6 @@ static uint64_t malta_fpga_read(void *opaque, hwaddr addr,
 
 /* SWITCH Register */
 case 0x00200:
-/* ori a3, a3, low(ram_low_size) */
 val = 0x;
 break;
 
@@ -569,7 +569,7 @@ static MaltaFPGAState *malta_fpga_init(MemoryRegion 
*address_space,
 MaltaFPGAState *s;
 Chardev *chr;
 
-s = (MaltaFPGAState *)g_malloc0(sizeof(MaltaFPGAState));
+s = g_new0(MaltaFPGAState, 1);
 
 memory_region_init_io(&s->iomem, NULL, &malta_fpga_ops, s,
   "malta-fpga", 0x10);
@@ -844,24 +844,24 @@ static void write_bootloader(uint8_t *base, int64_t 
run_addr,
 /* Small bootloader */
 p = (uint32_t *)base;
 
-stl_p(p++, 0x0800 |  /* j 
0x1fc00580 */
+stl_p(p++, 0x0800 |  /* j 0x1fc00580 */
  ((run_addr + 0x580) & 0x0fff) >> 2);
-stl_p(p++, 0x);  /* nop */
+stl_p(p++, 0x);  /* nop */
 
 /* YAMON service vector */
-stl_p(base + 0x500, run_addr + 0x0580);  /* start: */
-stl_p(base + 0x504, run_addr + 0x083c);  /* print_count: */
-stl_p(base + 0x520, run_addr + 0x0580);  /* start: */
-stl_p(base + 0x52c, run_addr + 0x0800);  /* flush_cache: */
-stl_p(base + 0x534, run_addr + 0x0808);  /* print: */
-stl_p(base + 0x538, run_addr + 0x0800);  /* reg_cpu_isr: */
-stl_p(base + 0x53c, run_addr + 0x0800);  /* unred_cpu_isr: */
-stl_p(base + 0x540, run_addr + 0x0800);  /* reg_ic_isr: */
-stl_p(base + 0x544, run_addr + 0x0800);  /* unred_ic_isr: */
-stl_p(base + 0x548, run_addr + 0x0800);  /* reg_esr: */
-stl_p(base + 0x54c, run_addr + 0x0800);  /* unreg_esr: */
-stl_p(base + 0x550, run_addr + 0x0800);  /* getchar: */
-stl_p(base + 0x554, run_addr + 0x0800);  /* syscon_read: */
+stl_p(base + 0x500, run_addr + 0x0580);  /* start: */
+stl_p(base + 0x504, run_addr + 0x083c);  /* print_count: */
+stl_p(base + 0x520, run_addr + 0x0580);  /* start: */
+stl_p(base + 0x52c, run_addr + 0x0800);  /* flush_cache: */
+stl_p(base + 0x534, run_addr + 0x0808);  /* print: */
+stl_p(base + 0x538, run_addr + 0x0800);  /* reg_cpu_isr: */
+stl_p(base + 0x53c, run_addr + 0x0800);  /* unred_cpu_isr: */
+stl_p(base + 0x540, run_addr + 0x0800);  /* reg_ic_isr: */
+stl_p(base + 0x544, run_addr + 0x0800);  /* unred_ic_isr: */
+stl_p(base + 0x548, run_addr + 0x0800);  /* reg_esr: */
+stl_p(base + 0x54c, run_addr + 0x0800);  /* unreg_esr: */
+stl_p(base + 0x550, run_addr + 0x0800);  /* getchar: */
+stl_p(base + 0x554, run_addr + 0x0800);  /* syscon_read: */
 
 
 /* Second part of the bootloader */
@@ -869,9 +869,9 @@ static void write_bootloader(uint8_t *base, int64_t 
run_addr,
 
 if (semihosting_get_argc()) {
 /* Preserve a0 content as arguments have been passed */
-stl_p(p++, 0x); /* nop */
+stl_p(p++, 0x);  /* nop */
 } else {
-stl_p(p++, 0x24040002); /* addiu a0, zero, 2 */
+stl_p(p++, 0x24040002);  /* addiu a0, zero, 2 */
 }
 
 /* lui sp, high(ENVP_ADDR) */
@@ -892,104 +892,106 @@ static void write_bootloader(uint8_t *base, int64_t 
run_addr,
 stl_p(p++, 0x34e7 | (loaderparams.ram_low_size & 0x));
 
 /* Load BAR registers as done by YAMON */
-stl_p(p++, 0x3c09b400);  /* lui t1, 
0xb400 */
+stl_p(p++, 0x3c09b400);  /* lui t1, 0xb400 */
 
 #ifdef TARGET

[PULL 04/11] mips: r4000: Renovate coding style

2019-12-16 Thread Aleksandar Markovic 
From: Filip Bozuta 

The script checkpatch.pl located in scripts folder was
used to detect all errors and warrnings in file:
hw/mips/mips_r4k.c

This mips r4000 machine file was edited and
all the errors and warrings generated by the checkpatch.pl
script were corrected and then the script was
ran again to make sure there are no more errors and warnings.

Signed-off-by: Filip Bozuta 
Signed-off-by: Aleksandar Markovic 
Reviewed-by: Aleksandar Markovic 
Message-Id: <1575640687-20744-5-git-send-email-filip.boz...@rt-rk.com>
---
 hw/mips/mips_r4k.c | 55 +-
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index 7002423..d1f5d6b 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -6,7 +6,7 @@
  * ISA memory at the 0x1000 (PHYS, 16Mb in size).
  * All peripherial devices are attached to this "bus" with
  * the standard PC ISA addresses.
-*/
+ */
 
 #include "qemu/osdep.h"
 #include "qemu/units.h"
@@ -54,17 +54,18 @@ static struct _loaderparams {
 const char *initrd_filename;
 } loaderparams;
 
-static void mips_qemu_write (void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
+static void mips_qemu_write(void *opaque, hwaddr addr,
+uint64_t val, unsigned size)
 {
-if ((addr & 0x) == 0 && val == 42)
+if ((addr & 0x) == 0 && val == 42) {
 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
-else if ((addr & 0x) == 4 && val == 42)
+} else if ((addr & 0x) == 4 && val == 42) {
 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+}
 }
 
-static uint64_t mips_qemu_read (void *opaque, hwaddr addr,
-unsigned size)
+static uint64_t mips_qemu_read(void *opaque, hwaddr addr,
+   unsigned size)
 {
 return 0;
 }
@@ -100,8 +101,9 @@ static int64_t load_kernel(void)
(uint64_t *)&kernel_high, big_endian,
EM_MIPS, 1, 0);
 if (kernel_size >= 0) {
-if ((entry & ~0x7fffULL) == 0x8000)
+if ((entry & ~0x7fffULL) == 0x8000) {
 entry = (int32_t)entry;
+}
 } else {
 error_report("could not load kernel '%s': %s",
  loaderparams.kernel_filename,
@@ -113,9 +115,10 @@ static int64_t load_kernel(void)
 initrd_size = 0;
 initrd_offset = 0;
 if (loaderparams.initrd_filename) {
-initrd_size = get_image_size (loaderparams.initrd_filename);
+initrd_size = get_image_size(loaderparams.initrd_filename);
 if (initrd_size > 0) {
-initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) & 
INITRD_PAGE_MASK;
+initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) &
+ INITRD_PAGE_MASK;
 if (initrd_offset + initrd_size > ram_size) {
 error_report("memory too small for initial ram disk '%s'",
  loaderparams.initrd_filename);
@@ -139,11 +142,13 @@ static int64_t load_kernel(void)
 params_buf[1] = tswap32(0x12345678);
 
 if (initrd_size > 0) {
-snprintf((char *)params_buf + 8, 256, "rd_start=0x%" PRIx64 " 
rd_size=%" PRId64 " %s",
+snprintf((char *)params_buf + 8, 256,
+ "rd_start=0x%" PRIx64 " rd_size=%" PRId64 " %s",
  cpu_mips_phys_to_kseg0(NULL, initrd_offset),
  initrd_size, loaderparams.kernel_cmdline);
 } else {
-snprintf((char *)params_buf + 8, 256, "%s", 
loaderparams.kernel_cmdline);
+snprintf((char *)params_buf + 8, 256,
+"%s", loaderparams.kernel_cmdline);
 }
 
 rom_add_blob_fixed("params", params_buf, params_size,
@@ -207,15 +212,21 @@ void mips_r4k_init(MachineState *machine)
 
 memory_region_add_subregion(address_space_mem, 0, ram);
 
-memory_region_init_io(iomem, NULL, &mips_qemu_ops, NULL, "mips-qemu", 
0x1);
+memory_region_init_io(iomem, NULL, &mips_qemu_ops,
+  NULL, "mips-qemu", 0x1);
+
 memory_region_add_subregion(address_space_mem, 0x1fbf, iomem);
 
-/* Try to load a BIOS image. If this fails, we continue regardless,
-   but initialize the hardware ourselves. When a kernel gets
-   preloaded we also initialize the hardware, since the BIOS wasn't
-   run. */
-if (bios_name == NULL)
+/*
+ * Try to load a BIOS image. If this fails, we continue regardless,
+ * but initialize the hardware ourselves. When a kernel gets
+ * preloaded we also initialize the hardware, since the BIOS wasn't
+ * run.
+ */
+
+if (bios_name == NULL) {
 bios_name = BIOS_FILENAME;
+}
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
 if (filename) {
 bios_size = get_image_size(filename);
@@ -227,6 +238,7 @@ void mips_r4k_init(MachineState *machine

  1   2   3   4   5   6   >