Re: aio_poll() assertion fail on Windows

[Volker Rümelin]

> Whilst testing a Windows build of git master of qemu-system-ppc in 
> MSYS2/MingW64 I noticed the following assertion message in the console after 
> booting into OpenBIOS and then closing the GTK GUI window without booting a 
> client OS:
>
> $ ./qemu-system-ppc
> **
> ERROR:../util/aio-win32.c:337:aio_poll: assertion failed: 
> (in_aio_context_home_thread(ctx))
> Bail out! ERROR:../util/aio-win32.c:337:aio_poll: assertion failed: 
> (in_aio_context_home_thread(ctx))
>
> Has anyone else seen this at all?
>

This error appears since commit 9ce44e2ce2 "qmp: Move dispatcher to a 
coroutine". I think I can see the problem, but I'll have to ask Kevin. I really 
don't know the qmp code.

With best regards,
Volker

[PATCH v4 0/5] RISC-V Pointer Masking implementation

[Alexey Baturo]

Hi folks,

Addressing code style issues that were found by patchew.
Also big thanks to Richard Henderson for reviewing the series and giving great 
comments!

Thanks

Alexey Baturo (4):
  [RISCV_PM] Add J-extension into RISC-V
  [RISCV_PM] Support CSRs required for RISC-V PM extension except for
ones in hypervisor mode
  [RISCV_PM] Print new PM CSRs in QEMU logs
  [RISCV_PM] Support pointer masking for RISC-V for i/c/f/d/a types of
instructions

Anatoly Parshintsev (1):
  [RISCV_PM] Implement address masking functions required for RISC-V
Pointer Masking extension

 target/riscv/cpu.c  |  30 +++
 target/riscv/cpu.h  |  33 +++
 target/riscv/cpu_bits.h |  66 ++
 target/riscv/csr.c  | 271 
 target/riscv/insn_trans/trans_rva.c.inc |   3 +
 target/riscv/insn_trans/trans_rvd.c.inc |   2 +
 target/riscv/insn_trans/trans_rvf.c.inc |   2 +
 target/riscv/insn_trans/trans_rvi.c.inc |   2 +
 target/riscv/translate.c|  44 
 9 files changed, 453 insertions(+)

-- 
2.20.1

[PATCH v4 2/5] [RISCV_PM] Support CSRs required for RISC-V PM extension except for ones in hypervisor mode

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c  |   1 +
 target/riscv/cpu.h  |  12 ++
 target/riscv/cpu_bits.h |  66 ++
 target/riscv/csr.c  | 271 
 4 files changed, 350 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index fe6bab4a52..d63031eb08 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -440,6 +440,7 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 }
 if (cpu->cfg.ext_j) {
 target_misa |= RVJ;
+env->mmte |= PM_EXT_INITIAL;
 }
 if (cpu->cfg.ext_v) {
 target_misa |= RVV;
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index eca611a367..c236f01fff 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -226,6 +226,18 @@ struct CPURISCVState {
 
 /* True if in debugger mode.  */
 bool debugger;
+
+/*
+ * CSRs for PM
+ * TODO: move these csr to appropriate groups
+ */
+target_ulong mmte;
+target_ulong mpmmask;
+target_ulong mpmbase;
+target_ulong spmmask;
+target_ulong spmbase;
+target_ulong upmmask;
+target_ulong upmbase;
 #endif
 
 float_status fp_status;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index bd36062877..84c93c77ae 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -354,6 +354,21 @@
 #define CSR_MHPMCOUNTER30H  0xb9e
 #define CSR_MHPMCOUNTER31H  0xb9f
 
+/* Custom user register */
+#define CSR_UMTE0x8c0
+#define CSR_UPMMASK 0x8c1
+#define CSR_UPMBASE 0x8c2
+
+/* Custom machine register */
+#define CSR_MMTE0x7c0
+#define CSR_MPMMASK 0x7c1
+#define CSR_MPMBASE 0x7c2
+
+/* Custom supervisor register */
+#define CSR_SMTE0x9c0
+#define CSR_SPMMASK 0x9c1
+#define CSR_SPMBASE 0x9c2
+
 /* Legacy Machine Protection and Translation (priv v1.9.1) */
 #define CSR_MBASE   0x380
 #define CSR_MBOUND  0x381
@@ -604,4 +619,55 @@
 #define MIE_UTIE   (1 << IRQ_U_TIMER)
 #define MIE_SSIE   (1 << IRQ_S_SOFT)
 #define MIE_USIE   (1 << IRQ_U_SOFT)
+
+/* general mte CSR bits*/
+#define PM_ENABLE   0x0001ULL
+#define PM_CURRENT  0x0002ULL
+#define PM_XS_MASK  0x0003ULL
+
+/* PM XS bits values */
+#define PM_EXT_DISABLE  0xULL
+#define PM_EXT_INITIAL  0x0001ULL
+#define PM_EXT_CLEAN0x0002ULL
+#define PM_EXT_DIRTY0x0003ULL
+
+/* offsets for every pair of control bits per each priv level */
+#define XS_OFFSET0ULL
+#define U_OFFSET 2ULL
+#define S_OFFSET 4ULL
+#define M_OFFSET 6ULL
+
+#define PM_XS_BITS   (PM_XS_MASK << XS_OFFSET)
+#define U_PM_ENABLE  (PM_ENABLE  << U_OFFSET)
+#define U_PM_CURRENT (PM_CURRENT << U_OFFSET)
+#define S_PM_ENABLE  (PM_ENABLE  << S_OFFSET)
+#define S_PM_CURRENT (PM_CURRENT << S_OFFSET)
+#define M_PM_ENABLE  (PM_ENABLE  << M_OFFSET)
+
+/* mmte CSR bits */
+#define MMTE_PM_XS_BITS PM_XS_BITS
+#define MMTE_U_PM_ENABLEU_PM_ENABLE
+#define MMTE_U_PM_CURRENT   U_PM_CURRENT
+#define MMTE_S_PM_ENABLES_PM_ENABLE
+#define MMTE_S_PM_CURRENT   S_PM_CURRENT
+#define MMTE_M_PM_ENABLEM_PM_ENABLE
+#define MMTE_MASK   (MMTE_U_PM_ENABLE | MMTE_U_PM_CURRENT | \
+ MMTE_S_PM_ENABLE | MMTE_S_PM_CURRENT | \
+ MMTE_M_PM_ENABLE | MMTE_PM_XS_BITS)
+
+/* smte CSR bits */
+#define SMTE_PM_XS_BITS PM_XS_BITS
+#define SMTE_U_PM_ENABLEU_PM_ENABLE
+#define SMTE_U_PM_CURRENT   U_PM_CURRENT
+#define SMTE_S_PM_ENABLES_PM_ENABLE
+#define SMTE_S_PM_CURRENT   S_PM_CURRENT
+#define SMTE_MASK   (SMTE_U_PM_ENABLE | SMTE_U_PM_CURRENT | \
+ SMTE_S_PM_ENABLE | SMTE_S_PM_CURRENT | \
+ SMTE_PM_XS_BITS)
+
+/* umte CSR bits */
+#define UMTE_U_PM_ENABLEU_PM_ENABLE
+#define UMTE_U_PM_CURRENT   U_PM_CURRENT
+#define UMTE_MASK   (UMTE_U_PM_ENABLE | MMTE_U_PM_CURRENT)
+
 #endif
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index aaef6c6f20..e4839c8fc9 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -140,6 +140,11 @@ static int any(CPURISCVState *env, int csrno)
 return 0;
 }
 
+static int umode(CPURISCVState *env, int csrno)
+{
+return -!riscv_has_ext(env, RVU);
+}
+
 static int smode(CPURISCVState *env, int csrno)
 {
 return -!riscv_has_ext(env, RVS);
@@ -1250,6 +1255,257 @@ static int write_pmpaddr(CPURISCVState *env, int csrno, 
target_ulong val)
 return 0;
 }
 
+/*
+ * Functions to access Pointer Masking feature registers
+ * We have to check if current priv lvl could modify
+ * csr in given mode
+ */
+static int check_pm_current_disabled(CPURISCVState *env, int csrno)
+{
+int csr_priv = get_field(csrno, 0xC00);
+/*
+ * If priv lvls differ that means we're accessing csr from higher priv lvl,
+ * so allow 

[PATCH v4 3/5] [RISCV_PM] Print new PM CSRs in QEMU logs

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c | 25 +
 1 file changed, 25 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index d63031eb08..5916ebe5c2 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -255,6 +255,31 @@ static void riscv_cpu_dump_state(CPUState *cs, FILE *f, 
int flags)
 qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "htval ", env->htval);
 qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "mtval2 ", env->mtval2);
 }
+if (riscv_has_ext(env, RVJ)) {
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "mmte", env->mmte);
+switch (env->priv) {
+case PRV_U:
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "upmbase ",
+ env->upmbase);
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "upmmask ",
+ env->upmmask);
+break;
+case PRV_S:
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "spmbase ",
+ env->spmbase);
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "spmmask ",
+ env->spmmask);
+break;
+case PRV_M:
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "mpmbase ",
+ env->mpmbase);
+qemu_fprintf(f, " %s " TARGET_FMT_lx "\n", "mpmmask ",
+ env->mpmmask);
+break;
+default:
+assert(0 && "Unreachable");
+}
+}
 #endif
 
 for (i = 0; i < 32; i++) {
-- 
2.20.1

[PATCH v4 4/5] [RISCV_PM] Support pointer masking for RISC-V for i/c/f/d/a types of instructions

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/insn_trans/trans_rva.c.inc |  3 +++
 target/riscv/insn_trans/trans_rvd.c.inc |  2 ++
 target/riscv/insn_trans/trans_rvf.c.inc |  2 ++
 target/riscv/insn_trans/trans_rvi.c.inc |  2 ++
 target/riscv/translate.c| 14 ++
 5 files changed, 23 insertions(+)

diff --git a/target/riscv/insn_trans/trans_rva.c.inc 
b/target/riscv/insn_trans/trans_rva.c.inc
index be8a9f06dd..5559e347ba 100644
--- a/target/riscv/insn_trans/trans_rva.c.inc
+++ b/target/riscv/insn_trans/trans_rva.c.inc
@@ -26,6 +26,7 @@ static inline bool gen_lr(DisasContext *ctx, arg_atomic *a, 
MemOp mop)
 if (a->rl) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
 }
+gen_pm_adjust_address(ctx, src1, src1);
 tcg_gen_qemu_ld_tl(load_val, src1, ctx->mem_idx, mop);
 if (a->aq) {
 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
@@ -46,6 +47,7 @@ static inline bool gen_sc(DisasContext *ctx, arg_atomic *a, 
MemOp mop)
 TCGLabel *l2 = gen_new_label();
 
 gen_get_gpr(src1, a->rs1);
+gen_pm_adjust_address(ctx, src1, src1);
 tcg_gen_brcond_tl(TCG_COND_NE, load_res, src1, l1);
 
 gen_get_gpr(src2, a->rs2);
@@ -91,6 +93,7 @@ static bool gen_amo(DisasContext *ctx, arg_atomic *a,
 gen_get_gpr(src1, a->rs1);
 gen_get_gpr(src2, a->rs2);
 
+gen_pm_adjust_address(ctx, src1, src1);
 (*func)(src2, src1, src2, ctx->mem_idx, mop);
 
 gen_set_gpr(a->rd, src2);
diff --git a/target/riscv/insn_trans/trans_rvd.c.inc 
b/target/riscv/insn_trans/trans_rvd.c.inc
index 4f832637fa..935342f66d 100644
--- a/target/riscv/insn_trans/trans_rvd.c.inc
+++ b/target/riscv/insn_trans/trans_rvd.c.inc
@@ -25,6 +25,7 @@ static bool trans_fld(DisasContext *ctx, arg_fld *a)
 TCGv t0 = tcg_temp_new();
 gen_get_gpr(t0, a->rs1);
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 
 tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], t0, ctx->mem_idx, MO_TEQ);
 
@@ -40,6 +41,7 @@ static bool trans_fsd(DisasContext *ctx, arg_fsd *a)
 TCGv t0 = tcg_temp_new();
 gen_get_gpr(t0, a->rs1);
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 
 tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEQ);
 
diff --git a/target/riscv/insn_trans/trans_rvf.c.inc 
b/target/riscv/insn_trans/trans_rvf.c.inc
index 3dfec8211d..04b3c3eb3d 100644
--- a/target/riscv/insn_trans/trans_rvf.c.inc
+++ b/target/riscv/insn_trans/trans_rvf.c.inc
@@ -30,6 +30,7 @@ static bool trans_flw(DisasContext *ctx, arg_flw *a)
 TCGv t0 = tcg_temp_new();
 gen_get_gpr(t0, a->rs1);
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 
 tcg_gen_qemu_ld_i64(cpu_fpr[a->rd], t0, ctx->mem_idx, MO_TEUL);
 gen_nanbox_s(cpu_fpr[a->rd], cpu_fpr[a->rd]);
@@ -47,6 +48,7 @@ static bool trans_fsw(DisasContext *ctx, arg_fsw *a)
 gen_get_gpr(t0, a->rs1);
 
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 
 tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEUL);
 
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
b/target/riscv/insn_trans/trans_rvi.c.inc
index d04ca0394c..bee7f6be46 100644
--- a/target/riscv/insn_trans/trans_rvi.c.inc
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
@@ -141,6 +141,7 @@ static bool gen_load(DisasContext *ctx, arg_lb *a, MemOp 
memop)
 TCGv t1 = tcg_temp_new();
 gen_get_gpr(t0, a->rs1);
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 
 tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, memop);
 gen_set_gpr(a->rd, t1);
@@ -180,6 +181,7 @@ static bool gen_store(DisasContext *ctx, arg_sb *a, MemOp 
memop)
 TCGv dat = tcg_temp_new();
 gen_get_gpr(t0, a->rs1);
 tcg_gen_addi_tl(t0, t0, a->imm);
+gen_pm_adjust_address(ctx, t0, t0);
 gen_get_gpr(dat, a->rs2);
 
 tcg_gen_qemu_st_tl(dat, t0, ctx->mem_idx, memop);
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 79dca2291b..a7cbf909f3 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -101,6 +101,16 @@ static void gen_nanbox_s(TCGv_i64 out, TCGv_i64 in)
 tcg_gen_ori_i64(out, in, MAKE_64BIT_MASK(32, 32));
 }
 
+/*
+ * Temp stub: generates address adjustment for PointerMasking
+ */
+static void gen_pm_adjust_address(DisasContext *s,
+  TCGv_i64  dst,
+  TCGv_i64  src)
+{
+tcg_gen_mov_i64(dst, src);
+}
+
 /*
  * A narrow n-bit operation, where n < FLEN, checks that input operands
  * are correctly Nan-boxed, i.e., all upper FLEN - n bits are 1.
@@ -380,6 +390,7 @@ static void gen_load_c(DisasContext *ctx, uint32_t opc, int 
rd, int rs1,
 TCGv t1 = tcg_temp_new();
 gen_get_gpr(t0, rs1);
 tcg_gen_addi_tl(t0, t0, imm);
+gen_pm_adjust_address(ctx, t0, t0);
 int memop = tcg_memop_lookup[(opc >> 12) & 0x7];
 
 if (memop < 0) {
@@ -400,6 +411,7 @@ static void gen_store_c(DisasContext *ctx, uint32_t opc, 

[PATCH v4 1/5] [RISCV_PM] Add J-extension into RISC-V

[Alexey Baturo]

Signed-off-by: Alexey Baturo 
---
 target/riscv/cpu.c | 4 
 target/riscv/cpu.h | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 0bbfd7f457..fe6bab4a52 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -438,6 +438,9 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 if (cpu->cfg.ext_h) {
 target_misa |= RVH;
 }
+if (cpu->cfg.ext_j) {
+target_misa |= RVJ;
+}
 if (cpu->cfg.ext_v) {
 target_misa |= RVV;
 if (!is_power_of_2(cpu->cfg.vlen)) {
@@ -516,6 +519,7 @@ static Property riscv_cpu_properties[] = {
 DEFINE_PROP_BOOL("u", RISCVCPU, cfg.ext_u, true),
 /* This is experimental so mark with 'x-' */
 DEFINE_PROP_BOOL("x-h", RISCVCPU, cfg.ext_h, false),
+DEFINE_PROP_BOOL("x-j", RISCVCPU, cfg.ext_j, false),
 DEFINE_PROP_BOOL("x-v", RISCVCPU, cfg.ext_v, false),
 DEFINE_PROP_BOOL("Counters", RISCVCPU, cfg.ext_counters, true),
 DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index de275782e6..eca611a367 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -66,6 +66,7 @@
 #define RVS RV('S')
 #define RVU RV('U')
 #define RVH RV('H')
+#define RVJ RV('J')
 
 /* S extension denotes that Supervisor mode exists, however it is possible
to have a core that support S mode but does not have an MMU and there
@@ -277,6 +278,7 @@ struct RISCVCPU {
 bool ext_s;
 bool ext_u;
 bool ext_h;
+bool ext_j;
 bool ext_v;
 bool ext_counters;
 bool ext_ifencei;
-- 
2.20.1

[PATCH v4 5/5] [RISCV_PM] Implement address masking functions required for RISC-V Pointer Masking extension

[Alexey Baturo]

From: Anatoly Parshintsev 

Signed-off-by: Anatoly Parshintsev 
---
 target/riscv/cpu.h   | 19 +++
 target/riscv/translate.c | 34 --
 2 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index c236f01fff..13accaa232 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -386,6 +386,7 @@ FIELD(TB_FLAGS, VL_EQ_VLMAX, 2, 1)
 FIELD(TB_FLAGS, LMUL, 3, 2)
 FIELD(TB_FLAGS, SEW, 5, 3)
 FIELD(TB_FLAGS, VILL, 8, 1)
+FIELD(TB_FLAGS, PM_ENABLED, 9, 1)
 
 /*
  * A simplification for VLMAX
@@ -432,6 +433,24 @@ static inline void cpu_get_tb_cpu_state(CPURISCVState 
*env, target_ulong *pc,
 if (riscv_cpu_fp_enabled(env)) {
 flags |= env->mstatus & MSTATUS_FS;
 }
+if (riscv_has_ext(env, RVJ)) {
+int priv = cpu_mmu_index(env, false);
+bool pm_enabled = false;
+switch (priv) {
+case PRV_U:
+pm_enabled = env->mmte & U_PM_ENABLE;
+break;
+case PRV_S:
+pm_enabled = env->mmte & S_PM_ENABLE;
+break;
+case PRV_M:
+pm_enabled = env->mmte & M_PM_ENABLE;
+break;
+default:
+g_assert_not_reached();
+}
+flags = FIELD_DP32(flags, TB_FLAGS, PM_ENABLED, pm_enabled);
+}
 #endif
 *pflags = flags;
 }
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index a7cbf909f3..b3e7b93bc9 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -36,6 +36,9 @@ static TCGv cpu_gpr[32], cpu_pc, cpu_vl;
 static TCGv_i64 cpu_fpr[32]; /* assume F and D extensions */
 static TCGv load_res;
 static TCGv load_val;
+/* globals for PM CSRs */
+static TCGv pm_mask[4];
+static TCGv pm_base[4];
 
 #include "exec/gen-icount.h"
 
@@ -63,6 +66,10 @@ typedef struct DisasContext {
 uint16_t vlen;
 uint16_t mlen;
 bool vl_eq_vlmax;
+/* PointerMasking extension */
+bool pm_enabled;
+TCGv pm_mask;
+TCGv pm_base;
 } DisasContext;
 
 #ifdef TARGET_RISCV64
@@ -102,13 +109,19 @@ static void gen_nanbox_s(TCGv_i64 out, TCGv_i64 in)
 }
 
 /*
- * Temp stub: generates address adjustment for PointerMasking
+ * Generates address adjustment for PointerMasking
  */
 static void gen_pm_adjust_address(DisasContext *s,
   TCGv_i64  dst,
   TCGv_i64  src)
 {
-tcg_gen_mov_i64(dst, src);
+if (!s->pm_enabled) {
+/* Load unmodified address */
+tcg_gen_mov_i64(dst, src);
+} else {
+tcg_gen_andc_i64(dst, src, s->pm_mask);
+tcg_gen_or_i64(dst, dst, s->pm_base);
+}
 }
 
 /*
@@ -826,6 +839,10 @@ static void riscv_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cs)
 ctx->lmul = FIELD_EX32(tb_flags, TB_FLAGS, LMUL);
 ctx->mlen = 1 << (ctx->sew  + 3 - ctx->lmul);
 ctx->vl_eq_vlmax = FIELD_EX32(tb_flags, TB_FLAGS, VL_EQ_VLMAX);
+ctx->pm_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_ENABLED);
+int priv = cpu_mmu_index(env, false);
+ctx->pm_mask = pm_mask[priv];
+ctx->pm_base = pm_base[priv];
 }
 
 static void riscv_tr_tb_start(DisasContextBase *db, CPUState *cpu)
@@ -945,4 +962,17 @@ void riscv_translate_init(void)
  "load_res");
 load_val = tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, load_val),
  "load_val");
+/* Assign PM CSRs to tcg globals */
+pm_mask[PRV_U] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, upmmask), "upmmask");
+pm_base[PRV_U] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, upmbase), "upmbase");
+pm_mask[PRV_S] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, spmmask), "spmmask");
+pm_base[PRV_S] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, spmbase), "spmbase");
+pm_mask[PRV_M] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, mpmmask), "mpmmask");
+pm_base[PRV_M] =
+  tcg_global_mem_new(cpu_env, offsetof(CPURISCVState, mpmbase), "mpmbase");
 }
-- 
2.20.1

Re: [PULL 07/37] cpus: extract out hax-specific code to target/i386/

[Volker Rümelin]

>> Hi Claudio,
>>
>> is there a reason why you removed current_cpu = cpu; from 
>> hax_cpu_thread_fn() when you moved that function to target/i386/hax-cpus.c? 
>> This change broke HAX on Windows. Adding back that line makes it work again.
>
> Hello Volker, I see the change in the history and it was clearly an ugly 
> mistake on my part.
> There was no reason or intention to remove the current_cpu = cpu assignment
>
> The fix seems indeed to just + current_cpu = cpu;
> and I will send a patch momentarily that does just that,
>
> but I don't know of any CI coverage for Windows + hax currently,
> so it would be good if you could spin the change to verify that it fixes the 
> problem.
>

That was very quick. Only 5 hours from bug report to pull request. I've tested 
current master together with the patch from Paolo's PR. HAX on Windows works.

With best regards,
Volker

Re: [PATCH] drivers/virt: vmgenid: add vm generation id driver

[Willy Tarreau]

On Sat, Oct 17, 2020 at 08:55:34AM +0200, Jann Horn wrote:
> My suggestion is to use a counter *in the UAPI*, not in the hypervisor
> protocol. (And as long as that counter can only miss increments in a
> cryptographically negligible fraction of cases, everything's fine.)

OK I got it now and I agree.

> > If what is sought is pure
> > randomness (in the sense that it's unpredictable, which I don't think
> > is needed here), then randoms are better.
> 
> And this is what *the hypervisor protocol* gives us (which could be
> very useful for reseeding the kernel RNG).

As an external source, yes very likely, as long as it's not trivially
observable by everyone under the same hypervisor :-)

> > Now the initial needs in the forwarded message are not entirely clear
> > to me but I wanted to rule out the apparent mismatch between the expressed
> > needs for uniqueness and the proposed solutions solely based on randomness.
> 
> Sure, from a theoretical standpoint, it would be a little bit nicer if
> the hypervisor protocol included a generation number along with the
> 128-bit random value. But AFAIU it doesn't, so if we want this to just
> work under Microsoft's existing hypervisor, we'll have to make do with
> checking whether the random value changed. :P

OK got it, thanks for the explanation!

Willy

Re: [PULL 09/14] qmp: Move dispatcher to a coroutine

[Volker Rümelin]

> From: Kevin Wolf 
>
> This moves the QMP dispatcher to a coroutine and runs all QMP command
> handlers that declare 'coroutine': true in coroutine context so they
> can avoid blocking the main loop while doing I/O or waiting for other
> events.
>
> For commands that are not declared safe to run in a coroutine, the
> dispatcher drops out of coroutine context by calling the QMP command
> handler from a bottom half.

Hi Kevin,

since commit 9ce44e2ce2 "qmp: Move dispatcher to a coroutine" I see the 
following error on Windows whenever I close the QEMU window or shut down the 
guest.

$ ./qemu-system-x86_64.exe -machine pc,accel=tcg -display gtk
**
ERROR:../qemu/util/aio-win32.c:337:aio_poll: assertion failed: 
(in_aio_context_home_thread(ctx))
Bail out! ERROR:../qemu/util/aio-win32.c:337:aio_poll: assertion failed: 
(in_aio_context_home_thread(ctx))

I wonder if you forgot to apply the changes to util/aio-posix.c to 
util/aio-win32.c too? This solves the problem on my Windows host. But I have to 
admit I don't know the code here.

With best regards,
Volker

> diff --git a/util/aio-posix.c b/util/aio-posix.c
> index 280f27bb99..30f5354b1e 100644
> --- a/util/aio-posix.c
> +++ b/util/aio-posix.c
> @@ -15,6 +15,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "block/block.h"
> +#include "qemu/main-loop.h"
>  #include "qemu/rcu.h"
>  #include "qemu/rcu_queue.h"
>  #include "qemu/sockets.h"
> @@ -558,8 +559,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
>   * There cannot be two concurrent aio_poll calls for the same AioContext 
> (or
>   * an aio_poll concurrent with a GSource prepare/check/dispatch 
> callback).
>   * We rely on this below to avoid slow locked accesses to ctx->notify_me.
> + *
> + * aio_poll() may only be called in the AioContext's thread. 
> iohandler_ctx
> + * is special in that it runs in the main thread, but that thread's 
> context
> + * is qemu_aio_context.
>   */
> -assert(in_aio_context_home_thread(ctx));
> +assert(in_aio_context_home_thread(ctx == iohandler_get_aio_context() ?
> +  qemu_get_aio_context() : ctx));
>  
>  qemu_lockcnt_inc(&ctx->list_lock);
>  

Re: [PATCH v2 0/2] target/arm: Fix tlb flush page vs tbi

[Philippe Mathieu-Daudé]

On 10/16/20 11:07 PM, Richard Henderson wrote:

Since the FAR_ELx fix at 38d931687fa1, it is reported that
page granularity flushing is broken.

This makes sense, since TCG will record the entire virtual
address in its TLB, not simply the 56 significant bits.
With no other TCG support, the ARM backend should require
256 different page flushes to clear the virtual address of
any possible tag.

So I added a new tcg interface that allows passing the size
of the virtual address.  I thought a simple bit-count was a
cleaner interface than passing in a mask, since it means that
we couldn't be passed nonsensical masks like 0xdeadbeef.  It
also makes it easy to re-direct special cases.


Series:
Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH] tests/acceptance: add MIPS record/replay tests

[Philippe Mathieu-Daudé]

On 10/16/20 6:50 PM, Philippe Mathieu-Daudé wrote:

On 10/16/20 5:40 PM, Philippe Mathieu-Daudé wrote:

On 10/15/20 1:25 PM, Pavel Dovgalyuk wrote:

This patch adds MIPS-targeted acceptance tests for
record/replay functions.

Signed-off-by: Pavel Dovgalyuk 
---
  0 files changed

diff --git a/tests/acceptance/replay_kernel.py 
b/tests/acceptance/replay_kernel.py

index 952f429cac..6c3d1ec3fb 100644
--- a/tests/acceptance/replay_kernel.py
+++ b/tests/acceptance/replay_kernel.py
@@ -9,6 +9,8 @@
  # later.  See the COPYING file in the top-level directory.
  import os
+import lzma
+import shutil
  import logging
  import time
@@ -19,7 +21,7 @@ from avocado.utils import archive
  from avocado.utils import process
  from boot_linux_console import LinuxKernelTest
-class ReplayKernel(LinuxKernelTest):
+class ReplayKernelBase(LinuxKernelTest):
  """
  Boots a Linux kernel in record mode and checks that the console
  is operational and the kernel command line is properly passed
@@ -74,6 +76,7 @@ class ReplayKernel(LinuxKernelTest):
  logger = logging.getLogger('replay')
  logger.info('replay overhead {:.2%}'.format(t2 / t1 - 1))
+class ReplayKernelNormal(ReplayKernelBase):
  @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
  def test_x86_64_pc(self):
  """
@@ -91,6 +94,103 @@ class ReplayKernel(LinuxKernelTest):
  self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+    def test_mips_malta(self):
+    """
+    :avocado: tags=arch:mips
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:big
+    """
+    deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+   'linux-image-2.6.32-5-4kc-malta_2.6.32-48_mips.deb')
+    deb_hash = 'a8cfc28ad8f45f54811fc6cf74fc43ffcfe0ba04'
+    deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+    kernel_path = self.extract_from_deb(deb_path,
+ '/boot/vmlinux-2.6.32-5-4kc-malta')
+    kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 
'console=ttyS0'
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line

+
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+
+    def test_mips64el_malta(self):
+    """
+    This test requires the ar tool to extract "data.tar.gz" from
+    the Debian package.
+
+    The kernel can be rebuilt using this Debian kernel source 
[1] and

+    following the instructions on [2].
+
+    [1] http://snapshot.debian.org/package/linux-2.6/2.6.32-48/
+    #linux-source-2.6.32_2.6.32-48
+    [2] https://kernel-team.pages.debian.net/kernel-handbook/
+    ch-common-tasks.html#s-common-official
+
+    :avocado: tags=arch:mips64el
+    :avocado: tags=machine:malta
+    """
+    deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+ 'linux-image-2.6.32-5-5kc-malta_2.6.32-48_mipsel.deb')
+    deb_hash = '1aaec92083bf22fda31e0d27fa8d9a388e5fc3d5'
+    deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+    kernel_path = self.extract_from_deb(deb_path,
+ '/boot/vmlinux-2.6.32-5-5kc-malta')
+    kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 
'console=ttyS0'
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+
+    def do_test_mips_malta32el_nanomips(self, kernel_path_xz):
+    kernel_path = self.workdir + "kernel"
+    with lzma.open(kernel_path_xz, 'rb') as f_in:
+    with open(kernel_path, 'wb') as f_out:
+    shutil.copyfileobj(f_in, f_out)
+
+    kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE
+   + 'mem=256m@@0x0 '
+   + 'console=ttyS0')
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5,

+    args=('-cpu', 'I7200'))
+
+    def test_mips_malta32el_nanomips_4k(self):
+    """
+    :avocado: tags=arch:mipsel
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:little
+    """
+    kernel_url = 
('https://mipsdistros.mips.com/LinuxDistro/nanomips/'

+ 'kernels/v4.15.18-432-gb2eb9a8b07a1-20180627102142/'
+  'generic_nano32r6el_page4k.xz')
+    kernel_hash = '477456aafd2a0f1ddc9482727f20fe9575565dd6'
+    kernel_path_xz = self.fetch_asset(kernel_url, 
asset_hash=kernel_hash)

+    self.do_test_mips_malta32el_nanomips(kernel_path_xz)
+
+    def test_mips_malta32el_nanomips_16k_up(self):
+    """
+    :avocado: tags=arch:mipsel
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:little
+    """
+    kernel_url = 
('https://mipsdistros.m

Re: [RFC PATCH v3] target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)

[Philippe Mathieu-Daudé]

On 10/16/20 7:28 PM, Richard Henderson wrote:

On 10/16/20 6:33 AM, Philippe Mathieu-Daudé wrote:

Per "MIPS32 34K Processor Core Family Software User's Manual,
Revision 01.13" page 8 in "Joint TLB (JTLB)" section:

   "The JTLB is a fully associative TLB cache containing 16, 32,
or 64-dual-entries mapping up to 128 virtual pages to their
corresponding physical addresses."

There is no particular reason to restrict the 34Kf core model to
16 TLB entries, so raise its config to 64.

This is helpful for other projects, in particular the Yocto Project:

   Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit
   MIPS CI loop. It was observed that in this case CI test execution
   time was almost twice longer than 64bit MIPS variant that runs
   under MIPS64R2-generic model. It was investigated and concluded
   that the difference in number of TLBs 16 in 34Kf case vs 64 in
   MIPS64R2-generic is responsible for most of CI real time execution
   difference. Because with 16 TLBs linux user-land trashes TLB more
   and it needs to execute more instructions in TLB refill handler
   calls, as result it runs much longer.

(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html)

Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992
Reported-by: Victor Kamensky 
Signed-off-by: Philippe Mathieu-Daudé 
---
v3: KISS
Supersedes: <20201015224746.540027-1-f4...@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé 
---
  target/mips/translate_init.c.inc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Richard Henderson 


Thanks, applied to mips-next.

Re: [PATCH v11 05/12] linux-user/elfload: Fix coding style in load_elf_image

[Philippe Mathieu-Daudé]

On 10/16/20 8:42 PM, Richard Henderson wrote:

Fixing this now will clarify following patches.

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  linux-user/elfload.c | 12 +---
  1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 1a3150df7c..290ef70222 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2531,9 +2531,15 @@ static void load_elf_image(const char *image_name, int 
image_fd,
  abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em, 
vaddr_len;
  int elf_prot = 0;
  
-if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;

-if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
-if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
+if (eppnt->p_flags & PF_R) {
+elf_prot |= PROT_READ;
+}
+if (eppnt->p_flags & PF_W) {
+elf_prot |= PROT_WRITE;
+}
+if (eppnt->p_flags & PF_X) {
+elf_prot |= PROT_EXEC;
+}
  
  vaddr = load_bias + eppnt->p_vaddr;

  vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);

Re: [PATCH v11 06/12] linux-user/elfload: Adjust iteration over phdr

[Philippe Mathieu-Daudé]

On 10/16/20 8:42 PM, Richard Henderson wrote:

The second loop uses a loop induction variable, and the first
does not.  Transform the first to match the second, to simplify
a following patch moving code between them.

Signed-off-by: Richard Henderson 


Reviewed-by: Philippe Mathieu-Daudé 


---
  linux-user/elfload.c | 9 +
  1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 290ef70222..210592aa90 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2426,17 +2426,18 @@ static void load_elf_image(const char *image_name, int 
image_fd,
  loaddr = -1, hiaddr = 0;
  info->alignment = 0;
  for (i = 0; i < ehdr->e_phnum; ++i) {
-if (phdr[i].p_type == PT_LOAD) {
-abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
+struct elf_phdr *eppnt = phdr + i;
+if (eppnt->p_type == PT_LOAD) {
+abi_ulong a = eppnt->p_vaddr - eppnt->p_offset;
  if (a < loaddr) {
  loaddr = a;
  }
-a = phdr[i].p_vaddr + phdr[i].p_memsz;
+a = eppnt->p_vaddr + eppnt->p_memsz;
  if (a > hiaddr) {
  hiaddr = a;
  }
  ++info->nsegs;
-info->alignment |= phdr[i].p_align;
+info->alignment |= eppnt->p_align;
  }
  }
  

Re: [PATCH v11 08/12] linux-user/elfload: Use Error for load_elf_image

[Philippe Mathieu-Daudé]

On 10/16/20 8:42 PM, Richard Henderson wrote:

This is a bit clearer than open-coding some of this
with a bare c string.


c -> C?



Signed-off-by: Richard Henderson 
---
  linux-user/elfload.c | 37 -
  1 file changed, 20 insertions(+), 17 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v11 09/12] linux-user/elfload: Use Error for load_elf_interp

[Philippe Mathieu-Daudé]

On 10/16/20 8:42 PM, Richard Henderson wrote:

This is slightly clearer than just using strerror, though
the different forms produced by error_setg_file_open and
error_setg_errno isn't entirely convenient.

Signed-off-by: Richard Henderson 
---
  linux-user/elfload.c | 15 ---
  1 file changed, 8 insertions(+), 7 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v1] migration: using trace_ to replace DPRINTF

[Bihong Yu]

Signed-off-by: Bihong Yu 
---
 migration/block.c  | 36 ++--
 migration/page_cache.c | 13 +++--
 migration/trace-events | 13 +
 3 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/migration/block.c b/migration/block.c
index 273392b..1c3e261 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -26,6 +26,7 @@
 #include "qemu-file.h"
 #include "migration/vmstate.h"
 #include "sysemu/block-backend.h"
+#include "trace.h"
 
 #define BLK_MIG_BLOCK_SIZE   (1 << 20)
 #define BDRV_SECTORS_PER_DIRTY_CHUNK (BLK_MIG_BLOCK_SIZE >> BDRV_SECTOR_BITS)
@@ -434,10 +435,9 @@ static int init_blk_migration(QEMUFile *f)
 block_mig_state.total_sector_sum += sectors;
 
 if (bmds->shared_base) {
-DPRINTF("Start migration for %s with shared base image\n",
-bdrv_get_device_name(bs));
+trace_init_blk_migration_shared(bdrv_get_device_name(bs));
 } else {
-DPRINTF("Start full migration for %s\n", bdrv_get_device_name(bs));
+trace_init_blk_migration_full(bdrv_get_device_name(bs));
 }
 
 QSIMPLEQ_INSERT_TAIL(&block_mig_state.bmds_list, bmds, entry);
@@ -592,7 +592,7 @@ static int mig_save_device_dirty(QEMUFile *f, 
BlkMigDevState *bmds,
 return (bmds->cur_dirty >= bmds->total_sectors);
 
 error:
-DPRINTF("Error reading sector %" PRId64 "\n", sector);
+trace_mig_save_device_dirty(sector);
 g_free(blk->buf);
 g_free(blk);
 return ret;
@@ -628,9 +628,9 @@ static int flush_blks(QEMUFile *f)
 BlkMigBlock *blk;
 int ret = 0;
 
-DPRINTF("%s Enter submitted %d read_done %d transferred %d\n",
-__func__, block_mig_state.submitted, block_mig_state.read_done,
-block_mig_state.transferred);
+trace_flush_blks("Enter", block_mig_state.submitted,
+ block_mig_state.read_done,
+ block_mig_state.transferred);
 
 blk_mig_lock();
 while ((blk = QSIMPLEQ_FIRST(&block_mig_state.blk_list)) != NULL) {
@@ -656,9 +656,9 @@ static int flush_blks(QEMUFile *f)
 }
 blk_mig_unlock();
 
-DPRINTF("%s Exit submitted %d read_done %d transferred %d\n", __func__,
-block_mig_state.submitted, block_mig_state.read_done,
-block_mig_state.transferred);
+trace_flush_blks("Exit", block_mig_state.submitted,
+ block_mig_state.read_done,
+ block_mig_state.transferred);
 return ret;
 }
 
@@ -727,8 +727,8 @@ static int block_save_setup(QEMUFile *f, void *opaque)
 {
 int ret;
 
-DPRINTF("Enter save live setup submitted %d transferred %d\n",
-block_mig_state.submitted, block_mig_state.transferred);
+trace_block_save("setup", block_mig_state.submitted,
+ block_mig_state.transferred);
 
 qemu_mutex_lock_iothread();
 ret = init_blk_migration(f);
@@ -759,8 +759,8 @@ static int block_save_iterate(QEMUFile *f, void *opaque)
 int64_t last_ftell = qemu_ftell(f);
 int64_t delta_ftell;
 
-DPRINTF("Enter save live iterate submitted %d transferred %d\n",
-block_mig_state.submitted, block_mig_state.transferred);
+trace_block_save("iterate", block_mig_state.submitted,
+ block_mig_state.transferred);
 
 ret = flush_blks(f);
 if (ret) {
@@ -825,8 +825,8 @@ static int block_save_complete(QEMUFile *f, void *opaque)
 {
 int ret;
 
-DPRINTF("Enter save live complete submitted %d transferred %d\n",
-block_mig_state.submitted, block_mig_state.transferred);
+trace_block_save("complete", block_mig_state.submitted,
+ block_mig_state.transferred);
 
 ret = flush_blks(f);
 if (ret) {
@@ -851,7 +851,7 @@ static int block_save_complete(QEMUFile *f, void *opaque)
 /* report completion */
 qemu_put_be64(f, (100 << BDRV_SECTOR_BITS) | BLK_MIG_FLAG_PROGRESS);
 
-DPRINTF("Block migration completed\n");
+trace_block_save_complete();
 
 qemu_put_be64(f, BLK_MIG_FLAG_EOS);
 
@@ -884,7 +884,7 @@ static void block_save_pending(QEMUFile *f, void *opaque, 
uint64_t max_size,
 pending = max_size + BLK_MIG_BLOCK_SIZE;
 }
 
-DPRINTF("Enter save live pending  %" PRIu64 "\n", pending);
+trace_block_save_pending(pending);
 /* We don't do postcopy */
 *res_precopy_only += pending;
 }
diff --git a/migration/page_cache.c b/migration/page_cache.c
index 775582f..d554efa 100644
--- a/migration/page_cache.c
+++ b/migration/page_cache.c
@@ -18,14 +18,7 @@
 #include "qapi/error.h"
 #include "qemu/host-utils.h"
 #include "page_cache.h"
-
-#ifdef DEBUG_CACHE
-#define DPRINTF(fmt, ...) \
-do { fprintf(stdout, "cache: " fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do { } while (0)
-#endif
+#include "trace.h"
 
 /* the page in cache will not be replaced in two cycles */
 #define CACHED_PAGE_LIFETIME 2
@@ -75,7 +68,7 @@ PageCache *cach

Re: [PATCH 1/5] m48t59-isa: remove legacy m48t59_init_isa() function

[Philippe Mathieu-Daudé]

On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

This function is no longer used within the codebase.

Signed-off-by: Mark Cave-Ayland 
---
  hw/rtc/m48t59-isa.c | 25 -
  include/hw/rtc/m48t59.h |  2 --
  2 files changed, 27 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Re: [PATCH 2/5] sun4m: use qdev properties instead of legacy m48t59_init() function

[Philippe Mathieu-Daudé]

On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
  hw/sparc/sun4m.c | 8 +++-
  1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 54a2b2f9ef..a9bb60f2b2 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -966,7 +966,13 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
  create_unimplemented_device("SUNW,sx", hwdef->sx_base, 0x2000);
  }
  
-nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x2000, 1968, 8);

+dev = qdev_new("sysbus-m48t08");
+qdev_prop_set_int32(dev, "base-year", 1968);
+s = SYS_BUS_DEVICE(dev);
+sysbus_realize_and_unref(s, &error_fatal);
+sysbus_connect_irq(s, 0, slavio_irq[0]);
+sysbus_mmio_map(s, 0, hwdef->nvram_base);
+nvram = NVRAM(dev);


While here, can you declare "Nvram *nvram"?

Reviewed-by: Philippe Mathieu-Daudé 

  
  slavio_timer_init_all(hwdef->counter_base, slavio_irq[19], slavio_cpu_irq, smp_cpus);
  

Re: [PATCH 3/5] sun4u: use qdev properties instead of legacy m48t59_init() function

[Philippe Mathieu-Daudé]

On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Philippe Mathieu-Daudé 


---
  hw/sparc64/sun4u.c | 7 +--
  1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index ad5ca2472a..05e659c8a4 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -671,10 +671,13 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
  pci_ide_create_devs(pci_dev);
  
  /* Map NVRAM into I/O (ebus) space */

-nvram = m48t59_init(NULL, 0, 0, NVRAM_SIZE, 1968, 59);
-s = SYS_BUS_DEVICE(nvram);
+dev = qdev_new("sysbus-m48t59");
+qdev_prop_set_int32(dev, "base-year", 1968);
+s = SYS_BUS_DEVICE(dev);
+sysbus_realize_and_unref(s, &error_fatal);
  memory_region_add_subregion(pci_address_space_io(ebus), 0x2000,
  sysbus_mmio_get_region(s, 0));
+nvram = NVRAM(dev);
   
  initrd_size = 0;

  initrd_addr = 0;

Re: [PATCH 4/5] ppc405_boards: use qdev properties instead of legacy m48t59_init() function

[Philippe Mathieu-Daudé]

On 10/16/20 10:38 PM, BALATON Zoltan via wrote:

On Fri, 16 Oct 2020, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
hw/ppc/ppc405_boards.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 6198ec1035..4687715b15 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -28,6 +28,8 @@
#include "qemu-common.h"
#include "cpu.h"
#include "hw/ppc/ppc.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
#include "ppc405.h"
#include "hw/rtc/m48t59.h"
#include "hw/block/flash.h"
@@ -145,6 +147,8 @@ static void ref405ep_init(MachineState *machine)
    char *filename;
    ppc4xx_bd_info_t bd;
    CPUPPCState *env;
+    DeviceState *dev;
+    SysBusDevice *s;
    qemu_irq *pic;
    MemoryRegion *bios;
    MemoryRegion *sram = g_new(MemoryRegion, 1);
@@ -227,7 +231,11 @@ static void ref405ep_init(MachineState *machine)
    /* Register FPGA */
    ref405ep_fpga_init(sysmem, 0xF030);
    /* Register NVRAM */
-    m48t59_init(NULL, 0xF000, 0, 8192, 1968, 8);
+    dev = qdev_new("sysbus-m48t08");
+    qdev_prop_set_int32(dev, "base-year", 1968);


Is there anything that uses other than 1968 as base year? If not this 
could be the default in the device so you don't need these set prop 
calls here and in sun machines.


The only other place this device is used seems to be ppc/prep machine 
that uses the isa version but does not set a base year. Is that a bug? 
The original prep machine removed in b2ce76a0730 used 2000 but that's 
unlikely as well as these machines predate that.


=)

Anyway, the sysbus and 
isa versions are different


They shouldn't, it is the same chipset, wired differently.

so their default base-year could be set 
independently and then boards won't need to set this propery and may be 
could use qdev_create_simple instead or whatever that was renamed to.


Agreed.

Preferably following Zoltan's suggestion:
Reviewed-by: Philippe Mathieu-Daudé 



Regards,
BALATON Zoltan


+    s = SYS_BUS_DEVICE(dev);
+    sysbus_realize_and_unref(s, &error_fatal);
+    sysbus_mmio_map(s, 0, 0xF000);
    /* Load kernel */
    linux_boot = (kernel_filename != NULL);
    if (linux_boot) {

Re: [PATCH 5/5] m48t59: remove legacy m48t59_init() function

[Philippe Mathieu-Daudé]

On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

Now that all of the callers of this function have been switched to use qdev
properties, this legacy init function can now be removed.

Signed-off-by: Mark Cave-Ayland 
---
  hw/rtc/m48t59.c | 35 ---
  include/hw/rtc/m48t59.h |  4 
  2 files changed, 39 deletions(-)


In the PoC I started after your suggestion, I see:

#define TYPE_M48T02_SRAM "sysbus-m48t02"
#define TYPE_M48T08_SRAM "sysbus-m48t08"
#define TYPE_M48T59_SRAM "sysbus-m48t59"

static void m48t02_class_init(ObjectClass *oc, void *data)
{
M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

amc->model = 2;
amc->size = 2 * KiB;
};

static void m48t08_class_init(ObjectClass *oc, void *data)
{
M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

amc->model = 8;
amc->size = 8 * KiB;
};

static void m48t59_class_init(ObjectClass *oc, void *data)
{
M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

amc->model = 59;
amc->size = 8 * KiB;
};

static const TypeInfo m48t59_register_types[] = {
{
.name   = TYPE_M48T02_SRAM,
.parent = TYPE_M48TXX_SYSBUS,
.class_init = m48t02_class_init,
}, {
.name   = TYPE_M48T08_SRAM,
.parent = TYPE_M48TXX_SYSBUS,
.class_init = m48t08_class_init,
}, {
.name   = TYPE_M48T59_SRAM,
.parent = TYPE_M48TXX_SYSBUS,
.class_init = m48t59_class_init,
}, {
.name   = TYPE_M48TXX_SYSBUS,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size  = sizeof(M48txxSysBusState),
.instance_init = m48t59_init1,
.class_size = sizeof(M48txxSysBusDeviceClass),
.class_init = m48txx_sysbus_class_init,
.abstract   = true,
.interfaces = (InterfaceInfo[]) {
{ TYPE_NVRAM },
{ }
}
}
};

and:

#define TYPE_M48T59_SRAM "isa-m48t59"

static void m48t59_class_init(ObjectClass *oc, void *data)
{
M48txxISADeviceClass *midc = M48TXX_ISA_CLASS(oc);

midc->model = 59;
midc->size = 8 * KiB;
};

static const TypeInfo m48t59_isa_register_types[] = {
{
.name   = TYPE_M48T59_SRAM,
.parent = TYPE_M48TXX_ISA,
.class_init = m48t59_class_init,
}, {
.name   = TYPE_M48TXX_ISA,
.parent = TYPE_ISA_DEVICE,
.instance_size  = sizeof(M48txxISAState),
.class_size = sizeof(M48txxISADeviceClass),
.class_init = m48txx_isa_class_init,
.abstract   = true,
.interfaces = (InterfaceInfo[]) {
{ TYPE_NVRAM },
{ }
}
}
};

I guess I didn't pursue because I wondered what was the
best way to have the same model usable by sysbus/isa.

IIRC I wanted to proceed as having TYPE_M48T59_SRAM being
an abstract qdev parent, and then TYPE_M48TXX_SYSBUS /
TYPE_M48TXX_ISA implementing the SYSBUS/ISA interfaces.

As it need some thinking I postponed that for after 5.2.

Anyhow back to this patch:

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v1] migration: using trace_ to replace DPRINTF

[Philippe Mathieu-Daudé]

On 10/17/20 11:35 AM, Bihong Yu wrote:

Signed-off-by: Bihong Yu 
---
  migration/block.c  | 36 ++--
  migration/page_cache.c | 13 +++--
  migration/trace-events | 13 +
  3 files changed, 34 insertions(+), 28 deletions(-)

...

diff --git a/migration/trace-events b/migration/trace-events
index 338f38b..772bb81 100644
--- a/migration/trace-events
+++ b/migration/trace-events
@@ -325,3 +325,16 @@ get_ramblock_vfn_hash(const char *idstr, uint64_t vfn, uint32_t 
crc) "ramblock n
  calc_page_dirty_rate(const char *idstr, uint32_t new_crc, uint32_t old_crc) "ramblock name: 
%s, new crc: %" PRIu32 ", old crc: %" PRIu32
  skip_sample_ramblock(const char *idstr, uint64_t ramblock_size) "ramblock name: 
%s, ramblock size: %" PRIu64
  find_page_matched(const char *idstr) "ramblock %s addr or size changed"
+
+# block.c
+init_blk_migration_shared(const char *blk_device_name) "Start migration for %s with 
shared base image"
+init_blk_migration_full(const char *blk_device_name) "Start full migration for 
%s"
+mig_save_device_dirty(int64_t sector) "Error reading sector %" PRId64
+flush_blks(const char *action, int submitted, int read_done, int transferred) "%s 
submitted %d read_done %d transferred %d"
+block_save(const char *mig_stage, int submitted, int transferred) "Enter save live 
%s submitted %d transferred %d"
+block_save_complete(void) "Block migration completed"
+block_save_pending(uint64_t pending) "Enter save live pending  %" PRIu64
+
+# page_cache.c
+cache_init(int64_t max_num_items) "Setting cache buckets to %" PRId64
+cache_insert(void) "Error allocating page"


The patch is good, but I strongly recommend to have trace events
starting with the subsystem prefix (here migration). So we can
keep using the 'block*' rule to match all events from the block
subsystem, without including the migration events.

Thanks,

Phil.

Re: [PATCH v3 08/15] hw/misc/bcm2835_cprman: add a PLL channel skeleton implementation

[Philippe Mathieu-Daudé]

On 10/10/20 6:05 PM, Philippe Mathieu-Daudé wrote:

On 10/10/20 3:57 PM, Luc Michel wrote:

PLLs are composed of multiple channels. Each channel outputs one clock
signal. They are modeled as one device taking the PLL generated clock as
input, and outputting a new clock.

A channel shares the CM register with its parent PLL, and has its own
A2W_CTRL register. A write to the CM register will trigger an update of
the PLL and all its channels, while a write to an A2W_CTRL channel
register will update the required channel only.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Luc Michel 
---
  include/hw/misc/bcm2835_cprman.h   |  44 ++
  include/hw/misc/bcm2835_cprman_internals.h | 146 +++
  hw/misc/bcm2835_cprman.c   | 155 +++--
  3 files changed, 337 insertions(+), 8 deletions(-)

[...]


+#define FILL_PLL_CHANNEL_INIT_INFO_common(pll_, channel_)    \
+    .parent = CPRMAN_ ## pll_,   \
+    .cm_offset = R_CM_ ## pll_,  \
+    .cm_load_mask = R_CM_ ## pll_ ## _ ## LOAD ## channel_ ## _MASK, \
+    .a2w_ctrl_offset = R_A2W_ ## pll_ ## _ ## channel_
+
+#define FILL_PLL_CHANNEL_INIT_INFO(pll_, channel_)   \
+    FILL_PLL_CHANNEL_INIT_INFO_common(pll_, channel_),   \
+    .cm_hold_mask = R_CM_ ## pll_ ## _ ## HOLD ## channel_ ## _MASK, \
+    .fixed_divider = 1
+
+#define FILL_PLL_CHANNEL_INIT_INFO_nohold(pll_, channel_) \
+    FILL_PLL_CHANNEL_INIT_INFO_common(pll_, channel_),    \
+    .cm_hold_mask = 0
+
+static PLLChannelInitInfo PLL_CHANNEL_INIT_INFO[] = {


Hmm I missed this static definition in an header.
As it is local and only include once, I'd prefer match the
rest of the source tree style and name it .c.inc:

-- >8 --
diff --git a/hw/misc/bcm2835_cprman.c b/hw/misc/bcm2835_cprman.c
index 7e415a017c9..9d4c0ee6c73 100644
--- a/hw/misc/bcm2835_cprman.c
+++ b/hw/misc/bcm2835_cprman.c
@@ -48,7 +48,7 @@
  #include "migration/vmstate.h"
  #include "hw/qdev-properties.h"
  #include "hw/misc/bcm2835_cprman.h"
-#include "hw/misc/bcm2835_cprman_internals.h"
+#include "bcm2835_cprman_internals.c.inc"
  #include "trace.h"

  /* PLL */
diff --git a/include/hw/misc/bcm2835_cprman_internals.h 
b/hw/misc/bcm2835_cprman_internals.c.inc

similarity index 100%
rename from include/hw/misc/bcm2835_cprman_internals.h
rename to hw/misc/bcm2835_cprman_internals.c.inc
---


This can be applied directly by Peter, or can
be cleaned later. This is not a blocker to get
this series merged.

Re: [PATCH] tests/acceptance: add MIPS record/replay tests

[Philippe Mathieu-Daudé]

On 10/17/20 11:05 AM, Philippe Mathieu-Daudé wrote:

On 10/16/20 6:50 PM, Philippe Mathieu-Daudé wrote:

On 10/16/20 5:40 PM, Philippe Mathieu-Daudé wrote:

On 10/15/20 1:25 PM, Pavel Dovgalyuk wrote:

This patch adds MIPS-targeted acceptance tests for
record/replay functions.

Signed-off-by: Pavel Dovgalyuk 
---
  0 files changed


???



diff --git a/tests/acceptance/replay_kernel.py 
b/tests/acceptance/replay_kernel.py

index 952f429cac..6c3d1ec3fb 100644
--- a/tests/acceptance/replay_kernel.py
+++ b/tests/acceptance/replay_kernel.py
@@ -9,6 +9,8 @@
  # later.  See the COPYING file in the top-level directory.
  import os
+import lzma
+import shutil
  import logging
  import time
@@ -19,7 +21,7 @@ from avocado.utils import archive
  from avocado.utils import process
  from boot_linux_console import LinuxKernelTest
-class ReplayKernel(LinuxKernelTest):
+class ReplayKernelBase(LinuxKernelTest):
  """
  Boots a Linux kernel in record mode and checks that the console
  is operational and the kernel command line is properly passed
@@ -74,6 +76,7 @@ class ReplayKernel(LinuxKernelTest):
  logger = logging.getLogger('replay')
  logger.info('replay overhead {:.2%}'.format(t2 / t1 - 1))
+class ReplayKernelNormal(ReplayKernelBase):
  @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
  def test_x86_64_pc(self):
  """
@@ -91,6 +94,103 @@ class ReplayKernel(LinuxKernelTest):
  self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+    def test_mips_malta(self):
+    """
+    :avocado: tags=arch:mips
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:big
+    """
+    deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+   
'linux-image-2.6.32-5-4kc-malta_2.6.32-48_mips.deb')

+    deb_hash = 'a8cfc28ad8f45f54811fc6cf74fc43ffcfe0ba04'
+    deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+    kernel_path = self.extract_from_deb(deb_path,
+ '/boot/vmlinux-2.6.32-5-4kc-malta')
+    kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 
'console=ttyS0'
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line

+
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+
+    def test_mips64el_malta(self):
+    """
+    This test requires the ar tool to extract "data.tar.gz" from
+    the Debian package.
+
+    The kernel can be rebuilt using this Debian kernel source 
[1] and

+    following the instructions on [2].
+
+    [1] http://snapshot.debian.org/package/linux-2.6/2.6.32-48/
+    #linux-source-2.6.32_2.6.32-48
+    [2] https://kernel-team.pages.debian.net/kernel-handbook/
+    ch-common-tasks.html#s-common-official
+
+    :avocado: tags=arch:mips64el
+    :avocado: tags=machine:malta
+    """
+    deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+ 'linux-image-2.6.32-5-5kc-malta_2.6.32-48_mipsel.deb')
+    deb_hash = '1aaec92083bf22fda31e0d27fa8d9a388e5fc3d5'
+    deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+    kernel_path = self.extract_from_deb(deb_path,
+ '/boot/vmlinux-2.6.32-5-5kc-malta')
+    kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 
'console=ttyS0'
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5)

+
+    def do_test_mips_malta32el_nanomips(self, kernel_path_xz):
+    kernel_path = self.workdir + "kernel"
+    with lzma.open(kernel_path_xz, 'rb') as f_in:
+    with open(kernel_path, 'wb') as f_out:
+    shutil.copyfileobj(f_in, f_out)
+
+    kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE
+   + 'mem=256m@@0x0 '
+   + 'console=ttyS0')
+    console_pattern = 'Kernel command line: %s' % 
kernel_command_line
+    self.run_rr(kernel_path, kernel_command_line, 
console_pattern, shift=5,

+    args=('-cpu', 'I7200'))
+
+    def test_mips_malta32el_nanomips_4k(self):
+    """
+    :avocado: tags=arch:mipsel
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:little
+    """
+    kernel_url = 
('https://mipsdistros.mips.com/LinuxDistro/nanomips/'

+ 'kernels/v4.15.18-432-gb2eb9a8b07a1-20180627102142/'
+  'generic_nano32r6el_page4k.xz')
+    kernel_hash = '477456aafd2a0f1ddc9482727f20fe9575565dd6'
+    kernel_path_xz = self.fetch_asset(kernel_url, 
asset_hash=kernel_hash)

+    self.do_test_mips_malta32el_nanomips(kernel_path_xz)
+
+    def test_mips_malta32el_nanomips_16k_up(self):
+    """
+    :avocado: tags=arch:mipsel
+    :avocado: tags=machine:malta
+    :avocado: tags=endian:lit

Re: [PATCH 4/5] ppc405_boards: use qdev properties instead of legacy m48t59_init() function

[BALATON Zoltan via]

On Sat, 17 Oct 2020, Philippe Mathieu-Daudé wrote:

On 10/16/20 10:38 PM, BALATON Zoltan via wrote:

On Fri, 16 Oct 2020, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
hw/ppc/ppc405_boards.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 6198ec1035..4687715b15 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -28,6 +28,8 @@
#include "qemu-common.h"
#include "cpu.h"
#include "hw/ppc/ppc.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
#include "ppc405.h"
#include "hw/rtc/m48t59.h"
#include "hw/block/flash.h"
@@ -145,6 +147,8 @@ static void ref405ep_init(MachineState *machine)
    char *filename;
    ppc4xx_bd_info_t bd;
    CPUPPCState *env;
+    DeviceState *dev;
+    SysBusDevice *s;
    qemu_irq *pic;
    MemoryRegion *bios;
    MemoryRegion *sram = g_new(MemoryRegion, 1);
@@ -227,7 +231,11 @@ static void ref405ep_init(MachineState *machine)
    /* Register FPGA */
    ref405ep_fpga_init(sysmem, 0xF030);
    /* Register NVRAM */
-    m48t59_init(NULL, 0xF000, 0, 8192, 1968, 8);
+    dev = qdev_new("sysbus-m48t08");
+    qdev_prop_set_int32(dev, "base-year", 1968);


Is there anything that uses other than 1968 as base year? If not this could 
be the default in the device so you don't need these set prop calls here 
and in sun machines.


The only other place this device is used seems to be ppc/prep machine that 
uses the isa version but does not set a base year. Is that a bug? The 
original prep machine removed in b2ce76a0730 used 2000 but that's unlikely 
as well as these machines predate that.


=)


Anyway, the sysbus and isa versions are different


They shouldn't, it is the same chipset, wired differently.


I mean in QEMU the sysbus and isa devices are different object types so 
their default is settable independently. So setting the sysbus device 
base-year does not change the isa device which can be sorted out in 
another patch independently from this series later when the behaviour on 
40p is confirmed.


Regards,
BALATON Zoltan

so their default base-year could be set independently and then boards won't 
need to set this propery and may be could use qdev_create_simple instead or 
whatever that was renamed to.


Agreed.

Preferably following Zoltan's suggestion:
Reviewed-by: Philippe Mathieu-Daudé 



Regards,
BALATON Zoltan


+    s = SYS_BUS_DEVICE(dev);
+    sysbus_realize_and_unref(s, &error_fatal);
+    sysbus_mmio_map(s, 0, 0xF000);
    /* Load kernel */
    linux_boot = (kernel_filename != NULL);
    if (linux_boot) {

Re: [PULL 0/9] x86 queue, 2020-10-15

[Peter Maydell]

On Thu, 15 Oct 2020 at 17:45, Eduardo Habkost  wrote:
>
> The following changes since commit 57c98ea9acdcef5021f5671efa6475a5794a51c4:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/ui-20201014-pull-request' 
> into staging (2020-10-14 13:56:06 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-next-pull-request
>
> for you to fetch changes up to 3e6a015cbd0f61c19cdc02d5ce74a3e60235cb9a:
>
>   i386: Mark Icelake-Client CPU models deprecated (2020-10-14 15:28:55 -0400)
>
> 
> x86 queue, 2020-10-15
>
> Cleanups:
> * Drop x86_cpu_get_supported_feature_word() forward declaration
>   (Vitaly Kuznetsov)
> * Delete kvm_allows_irq0_override() (Eduardo Habkost)
> * Correct documentation of kvm_irqchip_*() (Eduardo Habkost)
> * Fix FEATURE_HYPERV_EDX value in hyperv_passthrough case (Zhenyu Wang)
>
> Deprecation:
> * CPU model deprecation API (Robert Hoo)
> * Mark Icelake-Client CPU models deprecated (Robert Hoo)
>
> Bug fixes:
> * Remove core_id assert check in CPUID 0x801E (Babu Moger)
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.

-- PMM

Re: [PULL 0/5] 9p queue 2020-10-15

[Peter Maydell]

On Thu, 15 Oct 2020 at 22:04, Christian Schoenebeck
 wrote:
>
> The following changes since commit 57c98ea9acdcef5021f5671efa6475a5794a51c4:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/ui-20201014-pull-request' 
> into staging (2020-10-14 13:56:06 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/cschoenebeck/qemu.git tags/pull-9p-20201015
>
> for you to fetch changes up to 97a64ec211d051439b654950ed3f7cffc47d489b:
>
>   tests/9pfs: add local Tmkdir test (2020-10-15 16:11:17 +0200)
>
> 
> 9pfs: add tests using local fs driver
>
> The currently existing 9pfs test cases are all solely using the 9pfs 'synth'
> fileystem driver, which is a very simple and purely simulated (in RAM only)
> filesystem. There are issues though where the 'synth' fs driver is not
> sufficient. For example the following two bugs need test cases running the
> 9pfs 'local' fs driver:
>
> https://bugs.launchpad.net/qemu/+bug/1336794
> https://bugs.launchpad.net/qemu/+bug/1877384
>
> This patch set for that reason introduces 9pfs test cases using the 9pfs
> 'local' filesystem driver along to the already existing tests on 'synth'.

Build failure, OSX:

Compiling C object tests/qtest/libqos/libqos.fa.p/virtio-9p.c.o
../../tests/qtest/libqos/virtio-9p.c:37:17: error: implicit
declaration of function 'get_current_dir_name' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
char *pwd = get_current_dir_name();
^
../../tests/qtest/libqos/virtio-9p.c:37:17: error: this function
declaration is not a prototype [-Werror,-Wstrict-prototypes]
../../tests/qtest/libqos/virtio-9p.c:37:11: error: incompatible
integer to pointer conversion initializing 'char *' with an expression
of type 'int' [-Werror,-Wint-conversion]
char *pwd = get_current_dir_name();


thanks
-- PMM

Re: [PULL 0/3] Usb 20201016 patches

[Peter Maydell]

On Fri, 16 Oct 2020 at 06:28, Gerd Hoffmann  wrote:
>
> The following changes since commit 57c98ea9acdcef5021f5671efa6475a5794a51c4:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/ui-20201014-pull-request' 
> into staging (2020-10-14 13:56:06 +0100)
>
> are available in the Git repository at:
>
>   git://git.kraxel.org/qemu tags/usb-20201016-pull-request
>
> for you to fetch changes up to 9832f6783c4198658d101c6b8e8a14e1f2c57aa3:
>
>   hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet() (2020-10-15 
> 12:16:42 +0200)
>
> 
> usb: fixes for dwc2 + ehci.
>
> 
>
> Anthony PERARD via (1):
>   usb/hcd-ehci: Fix error handling on missing device for iTD
>
> Mauro Matteo Cascella (1):
>   hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()
>
> Paul Zimmerman (1):
>   usb: hcd-dwc2: change assert()s to qemu_log_mask(LOG_GUEST_ERROR...)

Anthony PERARD via (1):
  usb/hcd-ehci: Fix error handling on missing device for iTD
ERROR: pull request includes commits attributed to list

Can you fix up the author for that commit, please?

thanks
-- PMM

Re: [PATCH 2/5] sun4m: use qdev properties instead of legacy m48t59_init() function

[Mark Cave-Ayland]

On 17/10/2020 10:42, Philippe Mathieu-Daudé wrote:


On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
  hw/sparc/sun4m.c | 8 +++-
  1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 54a2b2f9ef..a9bb60f2b2 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -966,7 +966,13 @@ static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
  create_unimplemented_device("SUNW,sx", hwdef->sx_base, 0x2000);
  }
-    nvram = m48t59_init(slavio_irq[0], hwdef->nvram_base, 0, 0x2000, 1968, 8);
+    dev = qdev_new("sysbus-m48t08");
+    qdev_prop_set_int32(dev, "base-year", 1968);
+    s = SYS_BUS_DEVICE(dev);
+    sysbus_realize_and_unref(s, &error_fatal);
+    sysbus_connect_irq(s, 0, slavio_irq[0]);
+    sysbus_mmio_map(s, 0, hwdef->nvram_base);
+    nvram = NVRAM(dev);


While here, can you declare "Nvram *nvram"?

Reviewed-by: Philippe Mathieu-Daudé 

  slavio_timer_init_all(hwdef->counter_base, slavio_irq[19], slavio_cpu_irq, 
smp_cpus);


Yes, that's a good idea. I can fix that up before I apply to my qemu-macppc branc if 
there are no other issues.



ATB,

Mark.

Re: [PATCH 4/5] ppc405_boards: use qdev properties instead of legacy m48t59_init() function

[Mark Cave-Ayland]

On 17/10/2020 10:45, Philippe Mathieu-Daudé wrote:


On 10/16/20 10:38 PM, BALATON Zoltan via wrote:

On Fri, 16 Oct 2020, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
hw/ppc/ppc405_boards.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 6198ec1035..4687715b15 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -28,6 +28,8 @@
#include "qemu-common.h"
#include "cpu.h"
#include "hw/ppc/ppc.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
#include "ppc405.h"
#include "hw/rtc/m48t59.h"
#include "hw/block/flash.h"
@@ -145,6 +147,8 @@ static void ref405ep_init(MachineState *machine)
    char *filename;
    ppc4xx_bd_info_t bd;
    CPUPPCState *env;
+    DeviceState *dev;
+    SysBusDevice *s;
    qemu_irq *pic;
    MemoryRegion *bios;
    MemoryRegion *sram = g_new(MemoryRegion, 1);
@@ -227,7 +231,11 @@ static void ref405ep_init(MachineState *machine)
    /* Register FPGA */
    ref405ep_fpga_init(sysmem, 0xF030);
    /* Register NVRAM */
-    m48t59_init(NULL, 0xF000, 0, 8192, 1968, 8);
+    dev = qdev_new("sysbus-m48t08");
+    qdev_prop_set_int32(dev, "base-year", 1968);


Is there anything that uses other than 1968 as base year? If not this could be the 
default in the device so you don't need these set prop calls here and in sun machines.


The only other place this device is used seems to be ppc/prep machine that uses the 
isa version but does not set a base year. Is that a bug? The original prep machine 
removed in b2ce76a0730 used 2000 but that's unlikely as well as these machines 
predate that.


=)


This is quite interesting, since if you look at prep.c you see that the machine has 
both a MC146818 RTC and a M48T59 RTC, and the NVRAM variables are stored in the 
M48T59. My guess is that a real 40p has a MC146818, but OHW only supported M48T59 and 
so it was only ever used to pass data from QEMU to OHW - the OS would use MC146818 
for the clock which has the base year set correctly.



Anyway, the sysbus and isa versions are different


They shouldn't, it is the same chipset, wired differently.

so their default base-year could be set independently and then boards won't need to 
set this propery and may be could use qdev_create_simple instead or whatever that 
was renamed to.


Agreed.

Preferably following Zoltan's suggestion:
Reviewed-by: Philippe Mathieu-Daudé 


There is certainly some more untangling to be done here, but given my current backlog 
it is something that will need to wait until after 5.2.



ATB,

Mark.

Re: [PATCH 5/5] m48t59: remove legacy m48t59_init() function

[Mark Cave-Ayland]

On 17/10/2020 10:53, Philippe Mathieu-Daudé wrote:


On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:

Now that all of the callers of this function have been switched to use qdev
properties, this legacy init function can now be removed.

Signed-off-by: Mark Cave-Ayland 
---
  hw/rtc/m48t59.c | 35 ---
  include/hw/rtc/m48t59.h |  4 
  2 files changed, 39 deletions(-)


In the PoC I started after your suggestion, I see:

#define TYPE_M48T02_SRAM "sysbus-m48t02"
#define TYPE_M48T08_SRAM "sysbus-m48t08"
#define TYPE_M48T59_SRAM "sysbus-m48t59"

static void m48t02_class_init(ObjectClass *oc, void *data)
{
     M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

     amc->model = 2;
     amc->size = 2 * KiB;
};

static void m48t08_class_init(ObjectClass *oc, void *data)
{
     M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

     amc->model = 8;
     amc->size = 8 * KiB;
};

static void m48t59_class_init(ObjectClass *oc, void *data)
{
     M48txxSysBusDeviceClass *amc = M48TXX_SYS_BUS_CLASS(oc);

     amc->model = 59;
     amc->size = 8 * KiB;
};

static const TypeInfo m48t59_register_types[] = {
     {
     .name   = TYPE_M48T02_SRAM,
     .parent = TYPE_M48TXX_SYSBUS,
     .class_init = m48t02_class_init,
     }, {
     .name   = TYPE_M48T08_SRAM,
     .parent = TYPE_M48TXX_SYSBUS,
     .class_init = m48t08_class_init,
     }, {
     .name   = TYPE_M48T59_SRAM,
     .parent = TYPE_M48TXX_SYSBUS,
     .class_init = m48t59_class_init,
     }, {
     .name   = TYPE_M48TXX_SYSBUS,
     .parent = TYPE_SYS_BUS_DEVICE,
     .instance_size  = sizeof(M48txxSysBusState),
     .instance_init = m48t59_init1,
     .class_size = sizeof(M48txxSysBusDeviceClass),
     .class_init = m48txx_sysbus_class_init,
     .abstract   = true,
     .interfaces = (InterfaceInfo[]) {
     { TYPE_NVRAM },
     { }
     }
     }
};

and:

#define TYPE_M48T59_SRAM "isa-m48t59"

static void m48t59_class_init(ObjectClass *oc, void *data)
{
     M48txxISADeviceClass *midc = M48TXX_ISA_CLASS(oc);

     midc->model = 59;
     midc->size = 8 * KiB;
};

static const TypeInfo m48t59_isa_register_types[] = {
     {
     .name   = TYPE_M48T59_SRAM,
     .parent = TYPE_M48TXX_ISA,
     .class_init = m48t59_class_init,
     }, {
     .name   = TYPE_M48TXX_ISA,
     .parent = TYPE_ISA_DEVICE,
     .instance_size  = sizeof(M48txxISAState),
     .class_size = sizeof(M48txxISADeviceClass),
     .class_init = m48txx_isa_class_init,
     .abstract   = true,
     .interfaces = (InterfaceInfo[]) {
     { TYPE_NVRAM },
     { }
     }
     }
};

I guess I didn't pursue because I wondered what was the
best way to have the same model usable by sysbus/isa.

IIRC I wanted to proceed as having TYPE_M48T59_SRAM being
an abstract qdev parent, and then TYPE_M48TXX_SYSBUS /
TYPE_M48TXX_ISA implementing the SYSBUS/ISA interfaces.

As it need some thinking I postponed that for after 5.2.

Anyhow back to this patch:

Reviewed-by: Philippe Mathieu-Daudé 


Ha indeed, I think you also came to the same conclusion that I did in my previous 
email :)


I'm also not convinced by the dynamic generation of various M48TXX types using 
class_data - this seems overly complex, and there's nothing there I can see that 
can't be just as easily handled using qdev properties using an abstract parent as you 
suggest above.



ATB,

Mark.

Re: [PULL 09/31] hw/core/clock: introduce clock object

[Philippe Mathieu-Daudé]

Hi Damien, Peter,

On 4/30/20 1:51 PM, Peter Maydell wrote:

This object may be used to represent a clock inside a clock tree.

A clock may be connected to another clock so that it receives update,
through a callback, whenever the source/parent clock is updated.

Although only the root clock of a clock tree controls the values
(represented as periods) of all clocks in tree, each clock holds
a local state containing the current value so that it can be fetched
independently. It will allows us to fullfill migration requirements
by migrating each clock independently of others.

This is based on the original work of Frederic Konrad.

Signed-off-by: Damien Hedde 
Reviewed-by: Alistair Francis 
Reviewed-by: Edgar E. Iglesias 
Message-id: 20200406135251.157596-2-damien.he...@greensocs.com
[PMM: Use uint64_t rather than unsigned long long in trace events;
  the dtrace backend can't handle the latter]
Signed-off-by: Peter Maydell 
---
  hw/core/Makefile.objs |   1 +
  include/hw/clock.h| 216 ++
  hw/core/clock.c   | 130 +
  hw/core/trace-events  |   7 ++
  4 files changed, 354 insertions(+)
  create mode 100644 include/hw/clock.h
  create mode 100644 hw/core/clock.c

diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index 6215e7c2085..1d9b0aa2057 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -7,6 +7,7 @@ common-obj-y += hotplug.o
  common-obj-y += vmstate-if.o
  # irq.o needed for qdev GPIO handling:
  common-obj-y += irq.o
+common-obj-y += clock.o
  
  common-obj-$(CONFIG_SOFTMMU) += reset.o

  common-obj-$(CONFIG_SOFTMMU) += qdev-fw.o
diff --git a/include/hw/clock.h b/include/hw/clock.h
new file mode 100644
index 000..82a7f3c6982
--- /dev/null
+++ b/include/hw/clock.h
@@ -0,0 +1,216 @@
+/*
+ * Hardware Clocks
+ *
+ * Copyright GreenSocs 2016-2020
+ *
+ * Authors:
+ *  Frederic Konrad
+ *  Damien Hedde
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_HW_CLOCK_H
+#define QEMU_HW_CLOCK_H
+
+#include "qom/object.h"
+#include "qemu/queue.h"
+
+#define TYPE_CLOCK "clock"
+#define CLOCK(obj) OBJECT_CHECK(Clock, (obj), TYPE_CLOCK)
+
+typedef void ClockCallback(void *opaque);
+
+/*
+ * clock store a value representing the clock's period in 2^-32ns unit.
+ * It can represent:
+ *  + periods from 2^-32ns up to 4seconds
+ *  + frequency from ~0.25Hz 2e10Ghz
+ * Resolution of frequency representation decreases with frequency:
+ * + at 100MHz, resolution is ~2mHz
+ * + at 1Ghz,   resolution is ~0.2Hz
+ * + at 10Ghz,  resolution is ~20Hz
+ */
+#define CLOCK_SECOND (10llu << 32)
+
+/*
+ * macro helpers to convert to hertz / nanosecond
+ */
+#define CLOCK_PERIOD_FROM_NS(ns) ((ns) * (CLOCK_SECOND / 10llu))
+#define CLOCK_PERIOD_TO_NS(per) ((per) / (CLOCK_SECOND / 10llu))
+#define CLOCK_PERIOD_FROM_HZ(hz) (((hz) != 0) ? CLOCK_SECOND / (hz) : 0u)


I'm having Floating Point Exception using a frequency of 1GHz.

Using frequency >=1GHz we have CLOCK_PERIOD_FROM_HZ(hz) > 0x1.

Then CLOCK_PERIOD_TO_NS(0x1) = 0.

So for frequency >=1GHz clock_get_ns() returns 0.


+#define CLOCK_PERIOD_TO_HZ(per) (((per) != 0) ? CLOCK_SECOND / (per) : 0u)
+

[...]

[Bug 1900241] [NEW] [regression][powerpc] some vcpus are found offline inside guest with different vsmt setting from qemu-cmdline and breaks subsequent vcpu hotplug operation (xive)

[Satheesh Rajendran]

Public bug reported:

Env:
Host: Power9 HW ppc64le

# lscpu
Architecture:ppc64le
Byte Order:  Little Endian
CPU(s):  128
On-line CPU(s) list: 24-31,40-159
Thread(s) per core:  4
Core(s) per socket:  16
Socket(s):   2
NUMA node(s):2
Model:   2.3 (pvr 004e 1203)
Model name:  POWER9, altivec supported
Frequency boost: enabled
CPU max MHz: 3800.
CPU min MHz: 2300.
L1d cache:   1 MiB
L1i cache:   1 MiB
L2 cache:8 MiB
L3 cache:160 MiB
NUMA node0 CPU(s):   24-31,40-79
NUMA node8 CPU(s):   80-159
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Mds:   Not affected
Vulnerability Meltdown:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio)
Vulnerability Spectre v1:Mitigation; __user pointer sanitization, ori31 
speculation barrier enabled
Vulnerability Spectre v2:Mitigation; Software count cache flush 
(hardware accelerated), Software link stack flush
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort:   Not affected


Host Kernel: 5.9.0-0.rc8.28.fc34.ppc64le (Fedora rawhide)
Guest Kernel: Fedora33(5.8.6-301.fc33.ppc64le)

Qemu: e12ce85b2c79d83a340953291912875c30b3af06 (qemu/master)


Steps to reproduce:

Boot below kvm guest: (-M pseries,vsmt=2 -smp 8,cores=8,threads=1)

 /home/sath/qemu/build/qemu-system-ppc64 -name vm1 -M pseries,vsmt=2
-accel kvm -m 4096  -smp 8,cores=8,threads=1 -nographic -nodefaults
-serial mon:stdio -vga none -nographic -device virtio-scsi-pci -drive
file=/home/sath/tests/data/avocado-vt/images/fdevel-
ppc64le.qcow2,if=none,id=hd0,format=qcow2,cache=none -device scsi-
hd,drive=hd0


lscpu inside guest:
Actual:
[root@atest-guest ~]# lscpu
Architecture:ppc64le
Byte Order:  Little Endian
CPU(s):  8
On-line CPU(s) list: 0,2,4,6
Off-line CPU(s) list:1,3,5,7 --NOK
Thread(s) per core:  1
Core(s) per socket:  4
Socket(s):   1
NUMA node(s):1
Model:   2.3 (pvr 004e 1203)
Model name:  POWER9 (architected), altivec supported
Hypervisor vendor:   KVM
Virtualization type: para
L1d cache:   128 KiB
L1i cache:   128 KiB
NUMA node0 CPU(s):   0,2,4,6
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Mds:   Not affected
Vulnerability Meltdown:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio)
Vulnerability Spectre v1:Mitigation; __user pointer sanitization, ori31 
 speculation barrier enabled
Vulnerability Spectre v2:Mitigation; Software count cache flush (hardwar
 e accelerated), Software link stack flush
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort:   Not affected


Expected:

[root@atest-guest ~]# lscpu
Architecture:ppc64le
Byte Order:  Little Endian
CPU(s):  8
On-line CPU(s) list: 0-7
Thread(s) per core:  1
Core(s) per socket:  8
Socket(s):   1
NUMA node(s):1
Model:   2.3 (pvr 004e 1203)
Model name:  POWER9 (architected), altivec supported
Hypervisor vendor:   KVM
Virtualization type: para
L1d cache:   256 KiB
L1i cache:   256 KiB
NUMA node0 CPU(s):   0-7
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Mds:   Not affected
Vulnerability Meltdown:  Mitigation; RFI Flush, L1D private per thread
Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio)
Vulnerability Spectre v1:Mitigation; __user pointer sanitization, ori31 
 speculation barrier enabled
Vulnerability Spectre v2:Mitigation; Software count cache flush (hardwar
 e accelerated), Software link stack flush
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort:   Not affected


There by further vcpuhotplug opera

[Bug 1900241] Re: some vcpus are found offline inside guest with different vsmt setting from qemu-cmdline and breaks subsequent vcpu hotplug operation (xive)

[Satheesh Rajendran]

Did a git bisect and the bad commit is

acbdb9956fe93f4669141f103cb543d3025775db is the first bad commit
commit acbdb9956fe93f4669141f103cb543d3025775db
Author: Cédric Le Goater 
Date:   Thu Aug 20 15:45:46 2020 +0200

spapr/xive: Allocate IPIs independently from the other sources

The vCPU IPIs are now allocated in kvmppc_xive_cpu_connect() when the
vCPU connects to the KVM device and not when all the sources are reset
in kvmppc_xive_source_reset()

This requires extra care for hotplug vCPUs and VM restore.

Signed-off-by: Cédric Le Goater 
Message-Id: <20200820134547.2355743-4-...@kaod.org>
Signed-off-by: David Gibson 

 hw/intc/spapr_xive_kvm.c | 47 ++-
 1 file changed, 42 insertions(+), 5 deletions(-)



# git bisect log
git bisect start
# good: [d0ed6a69d399ae193959225cdeaa9382746c91cc] Update version for v5.1.0 
release
git bisect good d0ed6a69d399ae193959225cdeaa9382746c91cc
# bad: [7daf8f8d011cdd5d3e86930ed2bde969425c790c] Merge remote-tracking branch 
'remotes/kevin/tags/for-upstream' into staging
git bisect bad 7daf8f8d011cdd5d3e86930ed2bde969425c790c
# skip: [7595a65818ea9b49c36650a8c217a1ef9bd6e62a] hw/riscv: Sort the Kconfig 
options in alphabetical order
git bisect skip 7595a65818ea9b49c36650a8c217a1ef9bd6e62a
# skip: [3b65b742543bc6c2ad35e3b42401a26b48a87f26] target/hppa: Fix boot with 
old Linux installation CDs
git bisect skip 3b65b742543bc6c2ad35e3b42401a26b48a87f26
# bad: [f4ef8c9cc10b3bee829b9775879d4ff9f77c2442] Merge remote-tracking branch 
'remotes/ehabkost/tags/machine-next-pull-request' into staging
git bisect bad f4ef8c9cc10b3bee829b9775879d4ff9f77c2442
# good: [4ee40a6b98c02b72fc5dd262df9d3ac8680d767b] hw/usb: Add U2F device check 
to passthru mode
git bisect good 4ee40a6b98c02b72fc5dd262df9d3ac8680d767b
# skip: [fe4b0b5bfa96c38ad1cad0689a86cca9f307e353] tcg: Implement 256-bit dup 
for tcg_gen_gvec_dup_mem
git bisect skip fe4b0b5bfa96c38ad1cad0689a86cca9f307e353
# skip: [287b1defeb44398d02669d97ebdc347d650f274d] target/microblaze: Cache 
mem_index in DisasContext
git bisect skip 287b1defeb44398d02669d97ebdc347d650f274d
# skip: [7a1fb2ef40df508e90eb756a80d67e6435246cae] block/nvme: Extract 
nvme_poll_queue()
git bisect skip 7a1fb2ef40df508e90eb756a80d67e6435246cae
# good: [536e340f464d7c2ef55cca47c7535d9409bf03c7] target/microblaze: Convert 
msrclr, msrset to decodetree
git bisect good 536e340f464d7c2ef55cca47c7535d9409bf03c7
# good: [227de21ed0759e275a469394af72c999d0134bb5] Merge remote-tracking branch 
'remotes/rth/tags/pull-tcg-20200903' into staging
git bisect good 227de21ed0759e275a469394af72c999d0134bb5
# bad: [b95ba83fc56ebfc4b6869f21db0c757c0c191104] Merge remote-tracking branch 
'remotes/dgibson/tags/ppc-for-5.2-20200908' into staging
git bisect bad b95ba83fc56ebfc4b6869f21db0c757c0c191104
# good: [789035f1239054331b335801a06bdbef026f02e1] oss-fuzz: fix rpath
git bisect good 789035f1239054331b335801a06bdbef026f02e1
# good: [00942071a0eabeb3ebc3bd594296859587f8f3c8] Merge remote-tracking branch 
'remotes/rth/tags/pull-mb-20200907-2' into staging
git bisect good 00942071a0eabeb3ebc3bd594296859587f8f3c8
# bad: [554c2169e9251ca2829ab968bd9ba5641a5abe1d] ppc/spapr: Use 
start-powered-off CPUState property
git bisect bad 554c2169e9251ca2829ab968bd9ba5641a5abe1d
# good: [235d3b116213828f4206e2e4b199a32bffc96f35] spapr/xive: Modify 
kvm_cpu_is_enabled() interface
git bisect good 235d3b116213828f4206e2e4b199a32bffc96f35
# bad: [90d282d0858cf5a38f3e8a7e201aeab2a0ccbe88] ppc/spapr_nvdimm: use 
g_autofree in spapr_nvdimm_validate_opts()
git bisect bad 90d282d0858cf5a38f3e8a7e201aeab2a0ccbe88
# bad: [acbdb9956fe93f4669141f103cb543d3025775db] spapr/xive: Allocate IPIs 
independently from the other sources
git bisect bad acbdb9956fe93f4669141f103cb543d3025775db
# good: [fa94447a2cd6643609d5822d5b5f739dc8ad8a8c] spapr/xive: Use 
kvmppc_xive_source_reset() in post_load
git bisect good fa94447a2cd6643609d5822d5b5f739dc8ad8a8c
# first bad commit: [acbdb9956fe93f4669141f103cb543d3025775db] spapr/xive: 
Allocate IPIs independently from the other sources


Regards,
-Satheesh

** Summary changed:

- some vcpus are found offline inside guest with different vsmt setting from 
qemu-cmdline and breaks subsequent vcpu hotplug operation (xive)
+ [regression][powerpc] some vcpus are found offline inside guest with 
different vsmt setting from qemu-cmdline and breaks subsequent vcpu hotplug 
operation (xive)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1900241

Title:
  [regression][powerpc] some vcpus are found offline inside guest with
  different vsmt setting from qemu-cmdline and breaks subsequent vcpu
  hotplug operation (xive)

Status in QEMU:
  New

Bug description:
  Env:
  Host: Power9 HW ppc64le

  # lscpu
  Architecture:ppc64le
  Byte Order:  Little Endian
  CPU(s): 

Re: [PATCH 4/5] ppc405_boards: use qdev properties instead of legacy m48t59_init() function

[Mark Cave-Ayland]

On 17/10/2020 11:44, BALATON Zoltan via wrote:


On Sat, 17 Oct 2020, Philippe Mathieu-Daudé wrote:

On 10/16/20 10:38 PM, BALATON Zoltan via wrote:

On Fri, 16 Oct 2020, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
hw/ppc/ppc405_boards.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 6198ec1035..4687715b15 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -28,6 +28,8 @@
#include "qemu-common.h"
#include "cpu.h"
#include "hw/ppc/ppc.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
#include "ppc405.h"
#include "hw/rtc/m48t59.h"
#include "hw/block/flash.h"
@@ -145,6 +147,8 @@ static void ref405ep_init(MachineState *machine)
    char *filename;
    ppc4xx_bd_info_t bd;
    CPUPPCState *env;
+    DeviceState *dev;
+    SysBusDevice *s;
    qemu_irq *pic;
    MemoryRegion *bios;
    MemoryRegion *sram = g_new(MemoryRegion, 1);
@@ -227,7 +231,11 @@ static void ref405ep_init(MachineState *machine)
    /* Register FPGA */
    ref405ep_fpga_init(sysmem, 0xF030);
    /* Register NVRAM */
-    m48t59_init(NULL, 0xF000, 0, 8192, 1968, 8);
+    dev = qdev_new("sysbus-m48t08");
+    qdev_prop_set_int32(dev, "base-year", 1968);


Is there anything that uses other than 1968 as base year? If not this could be the 
default in the device so you don't need these set prop calls here and in sun 
machines.


The only other place this device is used seems to be ppc/prep machine that uses 
the isa version but does not set a base year. Is that a bug? The original prep 
machine removed in b2ce76a0730 used 2000 but that's unlikely as well as these 
machines predate that.


=)


Anyway, the sysbus and isa versions are different


They shouldn't, it is the same chipset, wired differently.


I mean in QEMU the sysbus and isa devices are different object types so their default 
is settable independently. So setting the sysbus device base-year does not change the 
isa device which can be sorted out in another patch independently from this series 
later when the behaviour on 40p is confirmed.


Right, there are certainly some questions around exactly how this behaviour works but 
in general people seem happy with this series. I'm going to apply this to my 
qemu-macppc branch with the NVRAM cast suggested by Philippe so the basic conversion 
is done, and then other improvements/tidy-ups can follow up later as time allows.



ATB,

Mark.

Re: [PULL 0/5] 9p queue 2020-10-15

[Christian Schoenebeck]

On Samstag, 17. Oktober 2020 12:50:13 CEST Peter Maydell wrote:
> On Thu, 15 Oct 2020 at 22:04, Christian Schoenebeck
> 
>  wrote:
> > The following changes since commit 
57c98ea9acdcef5021f5671efa6475a5794a51c4:
> >   Merge remote-tracking branch
> >   'remotes/kraxel/tags/ui-20201014-pull-request' into staging (2020-10-14
> >   13:56:06 +0100)> 
> > are available in the Git repository at:
> >   https://github.com/cschoenebeck/qemu.git tags/pull-9p-20201015
> > 
> > for you to fetch changes up to 97a64ec211d051439b654950ed3f7cffc47d489b:
> >   tests/9pfs: add local Tmkdir test (2020-10-15 16:11:17 +0200)
> > 
> > 
> > 9pfs: add tests using local fs driver
> > 
> > The currently existing 9pfs test cases are all solely using the 9pfs
> > 'synth' fileystem driver, which is a very simple and purely simulated (in
> > RAM only) filesystem. There are issues though where the 'synth' fs driver
> > is not sufficient. For example the following two bugs need test cases
> > running the 9pfs 'local' fs driver:
> > 
> > https://bugs.launchpad.net/qemu/+bug/1336794
> > https://bugs.launchpad.net/qemu/+bug/1877384
> > 
> > This patch set for that reason introduces 9pfs test cases using the 9pfs
> > 'local' filesystem driver along to the already existing tests on 'synth'.
> 
> Build failure, OSX:
> 
> Compiling C object tests/qtest/libqos/libqos.fa.p/virtio-9p.c.o
> ../../tests/qtest/libqos/virtio-9p.c:37:17: error: implicit
> declaration of function 'get_current_dir_name' is invalid in C99
> [-Werror,-Wimplicit-function-declaration]
> char *pwd = get_current_dir_name();
> ^
> ../../tests/qtest/libqos/virtio-9p.c:37:17: error: this function
> declaration is not a prototype [-Werror,-Wstrict-prototypes]
> ../../tests/qtest/libqos/virtio-9p.c:37:11: error: incompatible
> integer to pointer conversion initializing 'char *' with an expression
> of type 'int' [-Werror,-Wint-conversion]
> char *pwd = get_current_dir_name();
> 
> 
> thanks
> -- PMM

Oops, get_current_dir_name() is a GNU extension. I just enabled Cirrus-CI to 
prevent this from happening again. Sorry Peter.

Am I supposed to rebase for v2 PRs?

Fix for this is currently test running:

> index 1524982634..d43647b3b7 100644
> --- a/tests/qtest/libqos/virtio-9p.c
> +++ b/tests/qtest/libqos/virtio-9p.c
> @@ -34,9 +34,9 @@ static char *concat_path(const char* a, const char* b)
> 
>  static void init_local_test_path(void)
>  {
> 
> -char *pwd = get_current_dir_name();
> +char *pwd = g_get_current_dir();
> 
>  local_test_path = concat_path(pwd, "qtest-9p-local");
> 
> -free(pwd);
> +g_free(pwd);
> 
>  }
>  
>  /* Creates the directory for the 9pfs 'local' filesystem driver to access.
>  */

Best regards,
Christian Schoenebeck

Re: [PATCH v8 0/5] Mac Old World ROM experiment (ppc/mac_* clean ups and loading binary ROM)

[Mark Cave-Ayland]

On 16/10/2020 13:19, BALATON Zoltan via wrote:


On Fri, 16 Oct 2020, Mark Cave-Ayland wrote:

On 16/10/2020 00:47, BALATON Zoltan via wrote:

This is the cut down version of the earlier series omitting unfinished
patches that I plan to rework later and rebased to Mark's qemu-macppc
branch. Compared to v7 the only change is the cast to (target_ulong)
from (uint32_t) as requested by Mark in patch 1.


FWIW the reason for suggesting the cast to target_ulong is so that the same code 
works for both qemu-system-ppc and qemu-system-ppc64. For qemu-system-ppc that 
should correctly drop the sign extension from 32-bit, whilst still allowing someone 
to load a 64-bit ELF into qemu-system-ppc64 if requested.


Can you confirm that the sign extension behaviour is still correct for both 
qemu-system-ppc and qemu-system-ppc64? If so I'm happy to give it a R-B tag.


I've tried it now again with both ppc and ppc64: both OpenBIOS and a G3 beige ROM can 
be loaded with qemu-system-ppc but qemu-system-ppc64 fails with OpenBIOS when casting 
to target_ulong (i think because target_ulong is 64 bit there but g3beige is still 32 
bit but I haven't throughly debugged it). But everything works with my original 
uint32_t cast, so ditch it and use my original version. Should I resubmit or you can 
fix up? (I think I wait until it's clear if this will be taken by David or you and 
send a fixed version cc-ing David if this is decided to go through the PPC queue.)


Hmmm yes I see that qemu-system-ppc64 fails because target_ulong will always 
represent a 64-bit quantity, even if you request a 32-bit CPU. Rather than add some 
CPU-specific code let's keep the uint32_t cast for now as I would hope it is unlikely 
someone would load an ELF in high memory, and perhaps the sign-extended address bug 
will get fixed later.


With the cast reverted to uint32_t then for patches 1 and 2:
Reviewed-by: Mark Cave-Ayland 

If you can send a v9 with the cast fixed I'll apply this to my qemu-macppc branch 
right away.



ATB,

Mark.

Re: [PULL 0/5] 9p queue 2020-10-15

[Peter Maydell]

On Sat, 17 Oct 2020 at 12:55, Christian Schoenebeck
 wrote:
> Oops, get_current_dir_name() is a GNU extension. I just enabled Cirrus-CI to
> prevent this from happening again. Sorry Peter.
>
> Am I supposed to rebase for v2 PRs?

Yeah, just rebase and resend, please.

thanks
-- PMM

Re: [PATCH v2 2/3] grackle: use qdev gpios for PCI IRQs

[Mark Cave-Ayland]

On 16/10/2020 01:26, BALATON Zoltan via wrote:

As said in previous message the i2c and SPD patches are not quite ready yet so I've 
omitted those from this series, I may rework them later once this part is merged and 
can rebase the rest on top of that. We would also need your screamer patches to get 
the Mac ROM working, what is still missing for those?


The 2 main reasons for not merging the screamer patches so far are:

1) Hangs in MacOS 9.0 and 9.1 on startup

Probably related to DBDMA interrupts, but I haven't had time to dig into this in much 
detail.


2) Reduced OS X emulation speed

When OS X detects the sound hardware it enables its internal sound engine which does 
2 things: firstly it constantly runs DBDMA requests which execute in the bottom-half 
even if no sound is being generated, so you end up reducing the raw emulation speed 
and secondly the OS X sound engine is floating point based so you end up running a 
lot more background floating point arithmetic in the OS.


I'm open to further ideas as to how this can be improved. The DBDMA overhead could be 
reduced by running DBDMA in the iothread if that is possible but that would be a fair 
bit of work.



ATB,

Mark.

Re: [PULL v2 00/22] Build system + misc changes for 2020-10-16

[Peter Maydell]

On Fri, 16 Oct 2020 at 16:56, Paolo Bonzini  wrote:
>
> The following changes since commit 3e40748834923798aa57e3751db13a069e2c617b:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-mb-20201014' into 
> staging (2020-10-15 20:30:24 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 61f6bb4b9b3b33d0371e5f76d756838df372f2ec:
>
>   ci: include configure and meson logs in all jobs if configure fails 
> (2020-10-16 10:01:43 -0400)
>
> 
> * Drop ninjatool and just require ninja (Paolo)
> * Fix docs build under msys2 (Yonggang)
> * HAX snafu fix (Claudio)
> * Disable signal handlers during fuzzing (Alex)
> * Miscellaneous fixes (Bruce, Greg)

Half my build hosts fail with a weird backtrace from mtest2make:
Traceback (most recent call last):
  File "scripts/mtest2make.py", line 37, in 
introspect = json.load(sys.stdin)
  File "/usr/lib/python3.6/json/__init__.py", line 299, in load
parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
  File "/usr/lib/python3.6/json/__init__.py", line 354, in loads
return _default_decoder.decode(s)
  File "/usr/lib/python3.6/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
make: *** Deleting file 'Makefile.mtest'

followed by:

ERROR: Cannot find Ninja

If you're going to introduce a new build-dependency not satisfied
by a submodule, it would be nice to mention it in the pullrequest
cover letter...

-- PMM

Re: [PULL v2 00/22] Build system + misc changes for 2020-10-16

[Peter Maydell]

On Sat, 17 Oct 2020 at 14:09, Peter Maydell  wrote:
>
> On Fri, 16 Oct 2020 at 16:56, Paolo Bonzini  wrote:
> >
> > The following changes since commit 3e40748834923798aa57e3751db13a069e2c617b:
> >
> >   Merge remote-tracking branch 'remotes/rth/tags/pull-mb-20201014' into 
> > staging (2020-10-15 20:30:24 +0100)
> >
> > are available in the Git repository at:
> >
> >   https://gitlab.com/bonzini/qemu.git tags/for-upstream
> >
> > for you to fetch changes up to 61f6bb4b9b3b33d0371e5f76d756838df372f2ec:
> >
> >   ci: include configure and meson logs in all jobs if configure fails 
> > (2020-10-16 10:01:43 -0400)
> >
> > 
> > * Drop ninjatool and just require ninja (Paolo)
> > * Fix docs build under msys2 (Yonggang)
> > * HAX snafu fix (Claudio)
> > * Disable signal handlers during fuzzing (Alex)
> > * Miscellaneous fixes (Bruce, Greg)
>
> Half my build hosts fail with a weird backtrace from mtest2make:
> Traceback (most recent call last):
>   File "scripts/mtest2make.py", line 37, in 
> introspect = json.load(sys.stdin)
>   File "/usr/lib/python3.6/json/__init__.py", line 299, in load
> parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
>   File "/usr/lib/python3.6/json/__init__.py", line 354, in loads
> return _default_decoder.decode(s)
>   File "/usr/lib/python3.6/json/decoder.py", line 339, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>   File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode
> raise JSONDecodeError("Expecting value", s, err.value) from None
> json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
> make: *** Deleting file 'Makefile.mtest'
>
> followed by:
>
> ERROR: Cannot find Ninja

I'm updating various build machines and will give the pullreq a
retry, but in the meantime:

The NetBSD tests/vm setup fails slightly differently:

ERROR: Could not detect Ninja v1.7 or newer

thanks
-- PMM

Re: [PATCH] drivers/virt: vmgenid: add vm generation id driver

[Jason A. Donenfeld]

After discussing this offline with Jann a bit, I have a few general
comments on the design of this.

First, the UUID communicated by the hypervisor should be consumed by
the kernel -- added as another input to the rng -- and then userspace
should be notified that it should reseed any userspace RNGs that it
may have, without actually communicating that UUID to userspace. IOW,
I agree with Jann there. Then, it's the functioning of this
notification mechanism to userspace that is interesting to me.

There are a few design goals of notifying userspace: it should be
fast, because people who are using userspace RNGs are usually doing so
in the first place to completely avoid syscall overhead for whatever
high performance application they have - e.g. I recall conversations
with Colm about his TLS implementation needing to make random IVs
_really_ fast. It should also happen as early as possible, with no
race or as minimal as possible race window, so that userspace doesn't
begin using old randomness and then switch over after the damage is
already done.

I'm also not wedded to using Microsoft's proprietary hypervisor design
for this. If we come up with a better interface, I don't think it's
asking too much to implement that and reasonably expect for Microsoft
to catch up. Maybe someone here will find that controversial, but
whatever -- discussing ideal designs does not seem out of place or
inappropriate for how we usually approach things in the kernel, and a
closed source hypervisor coming along shouldn't disrupt that.

So, anyway, here are a few options with some pros and cons for the
kernel notifying userspace that its RNG should reseed.

1. SIGRND - a new signal. Lol.

2. Userspace opens a file descriptor that it can epoll on. Pros are
that many notification mechanisms already use this. Cons is that this
requires syscall and might be more racy than we want. Another con is
that this a new thing for userspace programs to do.

3. We stick an atomic counter in the vDSO, Jann's suggestion. Pros are
that this is extremely fast, and also simple to use and implement.
There are enough sequence points in typical crypto programs that
checking to see whether this counter has changed before doing whatever
operation seems easy enough. Cons are that typically we've been
conservative about adding things to the vDSO, and this is also a new
thing for userspace programs to do.

4. We already have a mechanism for this kind of thing, because the
same issue comes up when fork()ing. The solution was MADV_WIPEONFORK,
where userspace marks a page to be zeroed when forking, for the
purposes of the RNG being notified when its world gets split in two.
This is basically the same thing as we're discussing here with guest
snapshots, except it's on the system level rather than the process
level, and a system has many processes. But the problem space is still
almost the same, and we could simply reuse that same mechanism. There
are a few implementation strategies for that:

4a. We mess with the PTEs of all processes' pages that are
MADV_WIPEONFORK, like fork does now, when the hypervisor notifies us
to do so. Then we wind up reusing the already existing logic for
userspace RNGs. Cons might be that this usually requires semaphores,
and we're in irq context, so we'd have to hoist to a workqueue, which
means either more wake up latency, or a larger race window.

4b. We just memzero all processes' pages that are MADV_WIPEONFORK,
when the hypervisor notifies us to do so. Then we wind up reusing the
already existing logic for userspace RNGs.

4c. The guest kernel maintains an array of physical addresses that are
MADV_WIPEONFORK. The hypervisor knows about this array and its
location through whatever protocol, and before resuming a
moved/snapshotted/duplicated VM, it takes the responsibility for
memzeroing this memory. The huge pro here would be that this
eliminates all races, and reduces complexity quite a bit, because the
hypervisor can perfectly synchronize its bringup (and SMP bringup)
with this, and it can even optimize things like on-disk memory
snapshots to simply not write out those pages to disk.

A 4c-like approach seems like it'd be a lot of bang for the buck -- we
reuse the existing mechanism (MADV_WIPEONFORK), so there's no new
userspace API to deal with, and it'd be race free, and eliminate a lot
of kernel complexity.

But 4b and 3 don't seem too bad either.

Any thoughts on 4c? Is that utterly insane, or does that actually get
us somewhere close to what we want?

Jason

Re: [PULL v2 00/22] Build system + misc changes for 2020-10-16

[Paolo Bonzini]

On 17/10/20 15:09, Peter Maydell wrote:
> Traceback (most recent call last):
>   File "scripts/mtest2make.py", line 37, in 
> introspect = json.load(sys.stdin)
>   File "/usr/lib/python3.6/json/__init__.py", line 299, in load
> parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
>   File "/usr/lib/python3.6/json/__init__.py", line 354, in loads
> return _default_decoder.decode(s)
>   File "/usr/lib/python3.6/json/decoder.py", line 339, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>   File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode
> raise JSONDecodeError("Expecting value", s, err.value) from None
> json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
> make: *** Deleting file 'Makefile.mtest'
> 
> followed by:
> 
> ERROR: Cannot find Ninja

The most likely cause is that the Makefile is forcing configure to rerun
because you don't have ninja in config-host.mak; this works (as shown by
the error) but only after mtest2make has barfed.  I can add a dependency
from Makefile.mtest to config-host.mak which technically isn't needed
but doesn't hurt.

OpenBSD and NetBSD call the ninja package "ninja-build" unlike FreeBSD.
 I'm sure I had used the right name but well I didn't.  I'll send a v3.

Paolo

Re: [PULL v2 00/22] Build system + misc changes for 2020-10-16

[Paolo Bonzini]

On 17/10/20 15:22, Peter Maydell wrote:
> I'm updating various build machines and will give the pullreq a
> retry, but in the meantime:
> 
> The NetBSD tests/vm setup fails slightly differently:
> 
> ERROR: Could not detect Ninja v1.7 or newer

That's because ninja is apparently a chat program on NetBSD...

Paolo

Re: [PATCH 5/5] m48t59: remove legacy m48t59_init() function

[Philippe Mathieu-Daudé]

On 10/17/20 1:19 PM, Mark Cave-Ayland wrote:

On 17/10/2020 10:53, Philippe Mathieu-Daudé wrote:


On 10/16/20 8:27 PM, Mark Cave-Ayland wrote:
Now that all of the callers of this function have been switched to 
use qdev

properties, this legacy init function can now be removed.

Signed-off-by: Mark Cave-Ayland 
---
  hw/rtc/m48t59.c | 35 ---
  include/hw/rtc/m48t59.h |  4 
  2 files changed, 39 deletions(-)

...


static void m48t59_class_init(ObjectClass *oc, void *data)
{
 M48txxISADeviceClass *midc = M48TXX_ISA_CLASS(oc);

 midc->model = 59;
 midc->size = 8 * KiB;
};

static const TypeInfo m48t59_isa_register_types[] = {
 {
 .name   = TYPE_M48T59_SRAM,
 .parent = TYPE_M48TXX_ISA,
 .class_init = m48t59_class_init,
 }, {
 .name   = TYPE_M48TXX_ISA,
 .parent = TYPE_ISA_DEVICE,
 .instance_size  = sizeof(M48txxISAState),
 .class_size = sizeof(M48txxISADeviceClass),
 .class_init = m48txx_isa_class_init,
 .abstract   = true,
 .interfaces = (InterfaceInfo[]) {
 { TYPE_NVRAM },
 { }
 }
 }
};

I guess I didn't pursue because I wondered what was the
best way to have the same model usable by sysbus/isa.

IIRC I wanted to proceed as having TYPE_M48T59_SRAM being
an abstract qdev parent, and then TYPE_M48TXX_SYSBUS /
TYPE_M48TXX_ISA implementing the SYSBUS/ISA interfaces.

As it need some thinking I postponed that for after 5.2.

Anyhow back to this patch:

Reviewed-by: Philippe Mathieu-Daudé 


Ha indeed, I think you also came to the same conclusion that I did in my 
previous email :)


I'm also not convinced by the dynamic generation of various M48TXX types 
using class_data - this seems overly complex, and there's nothing there 
I can see that can't be just as easily handled using qdev properties 
using an abstract parent as you suggest above.


Yeah, no advantage except having uniform code style that serves
as example.




ATB,

Mark.

[PULL 10/44] target/mips: Add loongson-ext lsdc2 group of instructions

[Philippe Mathieu-Daudé]

From: Jiaxun Yang 

LDC2/SDC2 opcodes have been rewritten as "load & store with offset"
group of instructions by loongson-ext ASE.

This patch add implementation of these instructions:

  gslbx: load 1 bytes to GPR
  gslhx: load 2 bytes to GPR
  gslwx: load 4 bytes to GPR
  gsldx: load 8 bytes to GPR
  gslwxc1: load 4 bytes to FPR
  gsldxc1: load 8 bytes to FPR
  gssbx: store 1 bytes from GPR
  gsshx: store 2 bytes from GPR
  gsswx: store 4 bytes from GPR
  gssdx: store 8 bytes from GPR
  gsswxc1: store 4 bytes from FPR
  gssdxc1: store 8 bytes from FPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang 
Signed-off-by: Huacai Chen 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1602831120-3377-5-git-send-email-che...@lemote.com>
---
 target/mips/translate.c | 179 
 1 file changed, 179 insertions(+)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index b335645e03b..f449758606d 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -484,6 +484,24 @@ enum {
 OPC_GSSDRC1 = 0x7 | OPC_GSSHFS,
 };
 
+/* Loongson EXT LDC2/SDC2 opcodes */
+#define MASK_LOONGSON_LSDC2(op)   (MASK_OP_MAJOR(op) | (op & 0x7))
+
+enum {
+OPC_GSLBX  = 0x0 | OPC_LDC2,
+OPC_GSLHX  = 0x1 | OPC_LDC2,
+OPC_GSLWX  = 0x2 | OPC_LDC2,
+OPC_GSLDX  = 0x3 | OPC_LDC2,
+OPC_GSLWXC1= 0x6 | OPC_LDC2,
+OPC_GSLDXC1= 0x7 | OPC_LDC2,
+OPC_GSSBX  = 0x0 | OPC_SDC2,
+OPC_GSSHX  = 0x1 | OPC_SDC2,
+OPC_GSSWX  = 0x2 | OPC_SDC2,
+OPC_GSSDX  = 0x3 | OPC_SDC2,
+OPC_GSSWXC1= 0x6 | OPC_SDC2,
+OPC_GSSDXC1= 0x7 | OPC_SDC2,
+};
+
 /* BSHFL opcodes */
 #define MASK_BSHFL(op)  (MASK_SPECIAL3(op) | (op & (0x1F << 6)))
 
@@ -6172,6 +6190,165 @@ static void gen_loongson_lswc2(DisasContext *ctx, int 
rt,
 tcg_temp_free(t0);
 }
 
+/* Loongson EXT LDC2/SDC2 */
+static void gen_loongson_lsdc2(DisasContext *ctx, int rt,
+   int rs, int rd)
+{
+int offset = sextract32(ctx->opcode, 3, 8);
+uint32_t opc = MASK_LOONGSON_LSDC2(ctx->opcode);
+TCGv t0, t1;
+TCGv_i32 fp0;
+
+/* Pre-conditions */
+switch (opc) {
+case OPC_GSLBX:
+case OPC_GSLHX:
+case OPC_GSLWX:
+case OPC_GSLDX:
+/* prefetch, implement as NOP */
+if (rt == 0) {
+return;
+}
+break;
+case OPC_GSSBX:
+case OPC_GSSHX:
+case OPC_GSSWX:
+case OPC_GSSDX:
+break;
+case OPC_GSLWXC1:
+#if defined(TARGET_MIPS64)
+case OPC_GSLDXC1:
+#endif
+check_cp1_enabled(ctx);
+/* prefetch, implement as NOP */
+if (rt == 0) {
+return;
+}
+break;
+case OPC_GSSWXC1:
+#if defined(TARGET_MIPS64)
+case OPC_GSSDXC1:
+#endif
+check_cp1_enabled(ctx);
+break;
+default:
+MIPS_INVAL("loongson_lsdc2");
+generate_exception_end(ctx, EXCP_RI);
+return;
+break;
+}
+
+t0 = tcg_temp_new();
+
+gen_base_offset_addr(ctx, t0, rs, offset);
+gen_op_addr_add(ctx, t0, cpu_gpr[rd], t0);
+
+switch (opc) {
+case OPC_GSLBX:
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_SB);
+gen_store_gpr(t0, rt);
+break;
+case OPC_GSLHX:
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TESW |
+   ctx->default_tcg_memop_mask);
+gen_store_gpr(t0, rt);
+break;
+case OPC_GSLWX:
+gen_base_offset_addr(ctx, t0, rs, offset);
+if (rd) {
+gen_op_addr_add(ctx, t0, cpu_gpr[rd], t0);
+}
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TESL |
+   ctx->default_tcg_memop_mask);
+gen_store_gpr(t0, rt);
+break;
+#if defined(TARGET_MIPS64)
+case OPC_GSLDX:
+gen_base_offset_addr(ctx, t0, rs, offset);
+if (rd) {
+gen_op_addr_add(ctx, t0, cpu_gpr[rd], t0);
+}
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_store_gpr(t0, rt);
+break;
+#endif
+case OPC_GSLWXC1:
+check_cp1_enabled(ctx);
+gen_base_offset_addr(ctx, t0, rs, offset);
+if (rd) {
+gen_op_addr_add(ctx, t0, cpu_gpr[rd], t0);
+}
+fp0 = tcg_temp_new_i32();
+tcg_gen_qemu_ld_i32(fp0, t0, ctx->mem_idx, MO_TESL |
+ctx->default_tcg_memop_mask);
+gen_store_fpr32(ctx, fp0, rt);
+tcg_temp_free_i32(fp0);
+break;
+#if defined(TARGET_MIPS64)
+case OPC_GSLDXC1:
+check_cp1_enabled(ctx);
+gen_base_offset_addr(ctx, t0, rs, offset);
+if (rd) {
+gen_op_addr_add(ctx, t0, cpu_gpr[rd], t0);
+}
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEQ |
+   ctx->defa

[PULL 00/44] mips-next patches for 2020-10-17

[Philippe Mathieu-Daudé]

The following changes since commit 7daf8f8d011cdd5d3e86930ed2bde969425c790c:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging=
 (2020-10-16 17:39:01 +0100)

are available in the Git repository at:

  https://gitlab.com/philmd/qemu.git tags/mips-next-20201017

for you to fetch changes up to 68fa519a6cb455005317bd61f95214b58b2f1e69:

  target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64) (20=
20-10-17 13:59:40 +0200)


MIPS patches queue

. Fix some comment spelling errors
. Demacro some TCG helpers
. Add loongson-ext lswc2/lsdc2 group of instructions
. Log unimplemented cache opcode
. Increase number of TLB entries on the 34Kf core
. Allow the CPU to use dynamic frequencies
. Calculate the CP0 timer period using the CPU frequency
. Set CPU frequency for each machine
. Fix Malta FPGA I/O region size
. Allow running qtests when ROM is missing
. Add record/replay acceptance tests
. Update MIPS CPU documentation
. MAINTAINERS updates

CI jobs results:
  https://gitlab.com/philmd/qemu/-/pipelines/203931842
  https://travis-ci.org/github/philmd/qemu/builds/736491461
  https://cirrus-ci.com/build/6272264062631936
  https://app.shippable.com/github/philmd/qemu/runs/886/summary/console


Aleksandar Markovic (4):
  target/mips: Demacro helpers for .
  target/mips: Demacro helpers for MF.
  target/mips: Demacro helpers for .
  MAINTAINERS: Remove myself

Eduardo Habkost (1):
  hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON

Huacai Chen (1):
  docs/system: Update MIPS CPU documentation

Jiaxun Yang (3):
  target/mips: Add loongson-ext lswc2 group of instructions (Part 1)
  target/mips: Add loongson-ext lswc2 group of instructions (Part 2)
  target/mips: Add loongson-ext lsdc2 group of instructions

Luc Michel (1):
  hw/core/clock: Add the clock_new helper function

Pavel Dovgalyuk (2):
  hw/mips: Remove exit(1) in case of missing ROM
  tests/acceptance: Add MIPS record/replay tests

Philippe Mathieu-Daud=C3=A9 (31):
  util/cutils: Introduce freq_to_str() to display Hertz units
  hw/qdev-clock: Display error hint when clock is missing from device
  target/mips/op_helper: Convert multiple if() to switch case
  target/mips/op_helper: Document Invalidate/Writeback opcodes as no-op
  target/mips/op_helper: Log unimplemented cache opcode
  target/mips: Move cpu_mips_get_random() with CP0 helpers
  target/mips/cp0_timer: Explicit unit in variable name
  target/mips/cp0_timer: Document TIMER_PERIOD origin
  target/mips: Move cp0_count_ns to CPUMIPSState
  target/mips/cpu: Calculate the CP0 timer period using the CPU
frequency
  target/mips/cpu: Make cp0_count_rate a property
  target/mips/cpu: Allow the CPU to use dynamic frequencies
  target/mips/cpu: Introduce mips_cpu_create_with_clock() helper
  hw/mips/r4k: Explicit CPU frequency is 200 MHz
  hw/mips/fuloong2e: Set CPU frequency to 533 MHz
  hw/mips/mipssim: Correct CPU frequency
  hw/mips/jazz: Correct CPU frequencies
  hw/mips/cps: Expose input clock and connect it to CPU cores
  hw/mips/boston: Set CPU frequency to 1 GHz
  hw/mips/malta: Set CPU frequency to 320 MHz
  hw/mips/cps: Do not allow use without input clock
  target/mips/cpu: Display warning when CPU is used without input clock
  hw/mips/malta: Fix FPGA I/O region size
  hw/mips/malta: Move gt64120 related code together
  hw/mips/malta: Use clearer qdev style
  hw/mips: Simplify loading 64-bit ELF kernels
  hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)
  MAINTAINERS: Put myself forward for MIPS target
  MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton
mail
  MAINTAINERS: Remove duplicated Malta test entries
  target/mips: Increase number of TLB entries on the 34Kf core (16 ->
64)

zhaolichang (1):
  target/mips: Fix some comment spelling errors

 docs/system/cpu-models-mips.rst.inc |  10 +-
 include/hw/clock.h  |  13 +
 include/hw/mips/cps.h   |   2 +
 include/hw/mips/mips.h  |   4 +-
 include/qemu/cutils.h   |  12 +
 target/mips/cpu.h   |  26 ++
 target/mips/internal.h  |   4 +-
 hw/core/clock.c |  15 +
 hw/core/qdev-clock.c|  11 +
 hw/mips/boston.c|  21 +-
 hw/mips/cps.c   |   9 +
 hw/mips/fuloong2e.c |  18 +-
 hw/mips/jazz.c  |  23 +-
 hw/mips/malta.c |  59 ++--
 hw/mips/mipssim.c   |  30 +-
 hw/mips/r4k.c   |  16 +-
 target/mips/cp0_helper.c|  25 ++
 target/mips/cp0_timer.c |  51 +---
 target/mips/cpu.c   |  55 +++-
 target/mips/fpu_helper.c| 220 ++
 target/mips/op_helper.c |  27 +-
 target/mips/translate.c | 453 +

[PULL 07/44] target/mips: Demacro helpers for .

[Philippe Mathieu-Daudé]

From: Aleksandar Markovic 

Remove function definitions via macros to achieve better code clarity.

Signed-off-by: Aleksandar Markovic 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1602103041-32017-4-git-send-email-aleksandar.qemu.de...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/fpu_helper.c | 98 
 1 file changed, 78 insertions(+), 20 deletions(-)

diff --git a/target/mips/fpu_helper.c b/target/mips/fpu_helper.c
index b3c715494a9..6cc956c023d 100644
--- a/target/mips/fpu_helper.c
+++ b/target/mips/fpu_helper.c
@@ -1475,29 +1475,87 @@ uint64_t helper_float_mulr_ps(CPUMIPSState *env, 
uint64_t fdt0, uint64_t fdt1)
 return ((uint64_t)fsth2 << 32) | fstl2;
 }
 
-#define FLOAT_MINMAX(name, bits, minmaxfunc)\
-uint ## bits ## _t helper_float_ ## name(CPUMIPSState *env, \
- uint ## bits ## _t fs, \
- uint ## bits ## _t ft) \
-{   \
-uint ## bits ## _t fdret;   \
-\
-fdret = float ## bits ## _ ## minmaxfunc(fs, ft,\
-   &env->active_fpu.fp_status); \
-update_fcr31(env, GETPC()); \
-return fdret;   \
+
+uint32_t helper_float_max_s(CPUMIPSState *env, uint32_t fs, uint32_t ft)
+{
+uint32_t fdret;
+
+fdret = float32_maxnum(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
 }
 
-FLOAT_MINMAX(max_s, 32, maxnum)
-FLOAT_MINMAX(max_d, 64, maxnum)
-FLOAT_MINMAX(maxa_s, 32, maxnummag)
-FLOAT_MINMAX(maxa_d, 64, maxnummag)
+uint64_t helper_float_max_d(CPUMIPSState *env, uint64_t fs, uint64_t ft)
+{
+uint64_t fdret;
+
+fdret = float64_maxnum(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint32_t helper_float_maxa_s(CPUMIPSState *env, uint32_t fs, uint32_t ft)
+{
+uint32_t fdret;
+
+fdret = float32_maxnummag(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint64_t helper_float_maxa_d(CPUMIPSState *env, uint64_t fs, uint64_t ft)
+{
+uint64_t fdret;
+
+fdret = float64_maxnummag(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint32_t helper_float_min_s(CPUMIPSState *env, uint32_t fs, uint32_t ft)
+{
+uint32_t fdret;
+
+fdret = float32_minnum(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint64_t helper_float_min_d(CPUMIPSState *env, uint64_t fs, uint64_t ft)
+{
+uint64_t fdret;
+
+fdret = float64_minnum(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint32_t helper_float_mina_s(CPUMIPSState *env, uint32_t fs, uint32_t ft)
+{
+uint32_t fdret;
+
+fdret = float32_minnummag(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint64_t helper_float_mina_d(CPUMIPSState *env, uint64_t fs, uint64_t ft)
+{
+uint64_t fdret;
+
+fdret = float64_minnummag(fs, ft, &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
 
-FLOAT_MINMAX(min_s, 32, minnum)
-FLOAT_MINMAX(min_d, 64, minnum)
-FLOAT_MINMAX(mina_s, 32, minnummag)
-FLOAT_MINMAX(mina_d, 64, minnummag)
-#undef FLOAT_MINMAX
 
 /* ternary operations */
 
-- 
2.26.2

[PULL 02/44] hw/qdev-clock: Display error hint when clock is missing from device

[Philippe Mathieu-Daudé]

Instead of directly aborting, display a hint to help the developer
figure out the problem (likely trying to connect a clock to a device
pre-dating the Clock API, thus not expecting clocks).

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Luc Michel 
Reviewed-by: Damien Hedde 
Reviewed-by: Edgar E. Iglesias 
Message-Id: <20201012095804.3335117-4-f4...@amsat.org>
---
 hw/core/qdev-clock.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/core/qdev-clock.c b/hw/core/qdev-clock.c
index 47ecb5b4fae..6a9a340d0fb 100644
--- a/hw/core/qdev-clock.c
+++ b/hw/core/qdev-clock.c
@@ -12,6 +12,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "hw/qdev-clock.h"
 #include "hw/qdev-core.h"
 #include "qapi/error.h"
@@ -153,6 +154,11 @@ Clock *qdev_get_clock_in(DeviceState *dev, const char 
*name)
 assert(name);
 
 ncl = qdev_get_clocklist(dev, name);
+if (!ncl) {
+error_report("Can not find clock-in '%s' for device type '%s'",
+ name, object_get_typename(OBJECT(dev)));
+abort();
+}
 assert(!ncl->output);
 
 return ncl->clock;
@@ -165,6 +171,11 @@ Clock *qdev_get_clock_out(DeviceState *dev, const char 
*name)
 assert(name);
 
 ncl = qdev_get_clocklist(dev, name);
+if (!ncl) {
+error_report("Can not find clock-out '%s' for device type '%s'",
+ name, object_get_typename(OBJECT(dev)));
+abort();
+}
 assert(ncl->output);
 
 return ncl->clock;
-- 
2.26.2

[PULL 04/44] target/mips: Fix some comment spelling errors

[Philippe Mathieu-Daudé]

From: zhaolichang 

There are many spelling errors in the comments in target/mips/.
Use spellcheck to check the spelling errors.

Signed-off-by: zhaolichang 
Reviewed-by: David Edmondson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201009064449.2336-7-zhaolich...@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/internal.h   |  2 +-
 target/mips/translate.c  | 10 +-
 target/mips/translate_init.c.inc |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/mips/internal.h b/target/mips/internal.h
index 7f159a9230c..b811f547f38 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -188,7 +188,7 @@ static inline bool 
cpu_mips_hw_interrupts_pending(CPUMIPSState *env)
 /*
  * A MIPS configured with a vectorizing external interrupt controller
  * will feed a vector into the Cause pending lines. The core treats
- * the status lines as a vector level, not as indiviual masks.
+ * the status lines as a vector level, not as individual masks.
  */
 r = pending > status;
 } else {
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 398edf72898..b4d009078e0 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -3718,7 +3718,7 @@ static void gen_st_cond(DisasContext *ctx, int rt, int 
base, int offset,
 
 t0 = tcg_temp_new();
 addr = tcg_temp_new();
-/* compare the address against that of the preceeding LL */
+/* compare the address against that of the preceding LL */
 gen_base_offset_addr(ctx, addr, base, offset);
 tcg_gen_brcond_tl(TCG_COND_EQ, addr, cpu_lladdr, l1);
 tcg_temp_free(addr);
@@ -25597,7 +25597,7 @@ static void gen_mxu_D16MAX_D16MIN(DisasContext *ctx)
 }
 /* return resulting half-words to its original position */
 tcg_gen_shri_i32(t0, t0, 16);
-/* finaly update the destination */
+/* finally update the destination */
 tcg_gen_or_i32(mxu_gpr[XRa - 1], mxu_gpr[XRa - 1], t0);
 
 tcg_temp_free(t1);
@@ -25633,7 +25633,7 @@ static void gen_mxu_D16MAX_D16MIN(DisasContext *ctx)
 }
 /* return resulting half-words to its original position */
 tcg_gen_shri_i32(t0, t0, 16);
-/* finaly update the destination */
+/* finally update the destination */
 tcg_gen_or_i32(mxu_gpr[XRa - 1], mxu_gpr[XRa - 1], t0);
 
 tcg_temp_free(t1);
@@ -25702,7 +25702,7 @@ static void gen_mxu_Q8MAX_Q8MIN(DisasContext *ctx)
 }
 /* return resulting byte to its original position */
 tcg_gen_shri_i32(t0, t0, 8 * (3 - i));
-/* finaly update the destination */
+/* finally update the destination */
 tcg_gen_or_i32(mxu_gpr[XRa - 1], mxu_gpr[XRa - 1], t0);
 }
 
@@ -25742,7 +25742,7 @@ static void gen_mxu_Q8MAX_Q8MIN(DisasContext *ctx)
 }
 /* return resulting byte to its original position */
 tcg_gen_shri_i32(t0, t0, 8 * (3 - i));
-/* finaly update the destination */
+/* finally update the destination */
 tcg_gen_or_i32(mxu_gpr[XRa - 1], mxu_gpr[XRa - 1], t0);
 }
 
diff --git a/target/mips/translate_init.c.inc b/target/mips/translate_init.c.inc
index 637caccd890..c735b2bf667 100644
--- a/target/mips/translate_init.c.inc
+++ b/target/mips/translate_init.c.inc
@@ -995,7 +995,7 @@ static void mvp_init (CPUMIPSState *env, const mips_def_t 
*def)
 
 /* MVPConf1 implemented, TLB sharable, no gating storage support,
programmable cache partitioning implemented, number of allocatable
-   and sharable TLB entries, MVP has allocatable TCs, 2 VPEs
+   and shareable TLB entries, MVP has allocatable TCs, 2 VPEs
implemented, 5 TCs implemented. */
 env->mvp->CP0_MVPConf0 = (1U << CP0MVPC0_M) | (1 << CP0MVPC0_TLBS) |
  (0 << CP0MVPC0_GS) | (1 << CP0MVPC0_PCP) |
-- 
2.26.2

[PULL 01/44] util/cutils: Introduce freq_to_str() to display Hertz units

[Philippe Mathieu-Daudé]

Introduce freq_to_str() to convert frequency values in human
friendly units using the SI units for Hertz.

Suggested-by: Luc Michel 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Luc Michel 
Message-Id: <20201012095804.3335117-2-f4...@amsat.org>
---
 include/qemu/cutils.h | 12 
 util/cutils.c | 14 ++
 2 files changed, 26 insertions(+)

diff --git a/include/qemu/cutils.h b/include/qemu/cutils.h
index 3a86ec0321e..4bbf4834ea5 100644
--- a/include/qemu/cutils.h
+++ b/include/qemu/cutils.h
@@ -158,6 +158,18 @@ int qemu_strtosz_metric(const char *nptr, const char 
**end, uint64_t *result);
 
 char *size_to_str(uint64_t val);
 
+/**
+ * freq_to_str:
+ * @freq_hz: frequency to stringify
+ *
+ * Return human readable string for frequency @freq_hz.
+ * Use SI units like KHz, MHz, and so forth.
+ *
+ * The caller is responsible for releasing the value returned
+ * with g_free() after use.
+ */
+char *freq_to_str(uint64_t freq_hz);
+
 /* used to print char* safely */
 #define STR_OR_NULL(str) ((str) ? (str) : "null")
 
diff --git a/util/cutils.c b/util/cutils.c
index 8da34e04b0b..be4e43a9eff 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -885,6 +885,20 @@ char *size_to_str(uint64_t val)
 return g_strdup_printf("%0.3g %sB", (double)val / div, suffixes[i]);
 }
 
+char *freq_to_str(uint64_t freq_hz)
+{
+static const char *const suffixes[] = { "", "K", "M", "G", "T", "P", "E" };
+double freq = freq_hz;
+size_t idx = 0;
+
+while (freq >= 1000.0 && idx < ARRAY_SIZE(suffixes)) {
+freq /= 1000.0;
+idx++;
+}
+
+return g_strdup_printf("%0.3g %sHz", freq, suffixes[idx]);
+}
+
 int qemu_pstrcmp0(const char **str1, const char **str2)
 {
 return g_strcmp0(*str1, *str2);
-- 
2.26.2

[PULL 09/44] target/mips: Add loongson-ext lswc2 group of instructions (Part 2)

[Philippe Mathieu-Daudé]

From: Jiaxun Yang 

LWC2 & SWC2 have been rewritten by Loongson EXT vendor ASE
as "load/store quad word" and "shifted load/store" groups of
instructions.

This patch add implementation of these instructions:

  gslwlc1: similar to lwl but RT is FPR instead of GPR
  gslwrc1: similar to lwr but RT is FPR instead of GPR
  gsldlc1: similar to ldl but RT is FPR instead of GPR
  gsldrc1: similar to ldr but RT is FPR instead of GPR
  gsswlc1: similar to swl but RT is FPR instead of GPR
  gsswrc1: similar to swr but RT is FPR instead of GPR
  gssdlc1: similar to sdl but RT is FPR instead of GPR
  gssdrc1: similar to sdr but RT is FPR instead of GPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang 
Signed-off-by: Huacai Chen 
Message-Id: <1602831120-3377-4-git-send-email-che...@lemote.com>
[PMD: Reuse t1 on MIPS32, reintroduce t2/fp0]
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/translate.c | 182 +++-
 1 file changed, 180 insertions(+), 2 deletions(-)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index e83954d782f..b335645e03b 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -471,6 +471,19 @@ enum {
 OPC_GSSHFS  = OPC_SWC2,
 };
 
+/* Loongson EXT shifted load/store opcodes */
+#define MASK_LOONGSON_GSSHFLS(op) (MASK_OP_MAJOR(op) | (op & 0xc03f))
+enum {
+OPC_GSLWLC1 = 0x4 | OPC_GSSHFL,
+OPC_GSLWRC1 = 0x5 | OPC_GSSHFL,
+OPC_GSLDLC1 = 0x6 | OPC_GSSHFL,
+OPC_GSLDRC1 = 0x7 | OPC_GSSHFL,
+OPC_GSSWLC1 = 0x4 | OPC_GSSHFS,
+OPC_GSSWRC1 = 0x5 | OPC_GSSHFS,
+OPC_GSSDLC1 = 0x6 | OPC_GSSHFS,
+OPC_GSSDRC1 = 0x7 | OPC_GSSHFS,
+};
+
 /* BSHFL opcodes */
 #define MASK_BSHFL(op)  (MASK_SPECIAL3(op) | (op & (0x1F << 6)))
 
@@ -5924,12 +5937,13 @@ no_rd:
 static void gen_loongson_lswc2(DisasContext *ctx, int rt,
int rs, int rd)
 {
-TCGv t0;
+TCGv t0, t1, t2;
+TCGv_i32 fp0;
 #if defined(TARGET_MIPS64)
-TCGv t1;
 int lsq_rt1 = ctx->opcode & 0x1f;
 int lsq_offset = sextract32(ctx->opcode, 6, 9) << 4;
 #endif
+int shf_offset = sextract32(ctx->opcode, 6, 8);
 
 t0 = tcg_temp_new();
 
@@ -5986,6 +6000,170 @@ static void gen_loongson_lswc2(DisasContext *ctx, int 
rt,
 tcg_temp_free(t1);
 break;
 #endif
+case OPC_GSSHFL:
+switch (MASK_LOONGSON_GSSHFLS(ctx->opcode)) {
+case OPC_GSLWLC1:
+check_cp1_enabled(ctx);
+gen_base_offset_addr(ctx, t0, rs, shf_offset);
+t1 = tcg_temp_new();
+tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
+tcg_gen_andi_tl(t1, t0, 3);
+#ifndef TARGET_WORDS_BIGENDIAN
+tcg_gen_xori_tl(t1, t1, 3);
+#endif
+tcg_gen_shli_tl(t1, t1, 3);
+tcg_gen_andi_tl(t0, t0, ~3);
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEUL);
+tcg_gen_shl_tl(t0, t0, t1);
+t2 = tcg_const_tl(-1);
+tcg_gen_shl_tl(t2, t2, t1);
+fp0 = tcg_temp_new_i32();
+gen_load_fpr32(ctx, fp0, rt);
+tcg_gen_ext_i32_tl(t1, fp0);
+tcg_gen_andc_tl(t1, t1, t2);
+tcg_temp_free(t2);
+tcg_gen_or_tl(t0, t0, t1);
+tcg_temp_free(t1);
+#if defined(TARGET_MIPS64)
+tcg_gen_extrl_i64_i32(fp0, t0);
+#else
+tcg_gen_ext32s_tl(fp0, t0);
+#endif
+gen_store_fpr32(ctx, fp0, rt);
+tcg_temp_free_i32(fp0);
+break;
+case OPC_GSLWRC1:
+check_cp1_enabled(ctx);
+gen_base_offset_addr(ctx, t0, rs, shf_offset);
+t1 = tcg_temp_new();
+tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_UB);
+tcg_gen_andi_tl(t1, t0, 3);
+#ifdef TARGET_WORDS_BIGENDIAN
+tcg_gen_xori_tl(t1, t1, 3);
+#endif
+tcg_gen_shli_tl(t1, t1, 3);
+tcg_gen_andi_tl(t0, t0, ~3);
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEUL);
+tcg_gen_shr_tl(t0, t0, t1);
+tcg_gen_xori_tl(t1, t1, 31);
+t2 = tcg_const_tl(0xfffeull);
+tcg_gen_shl_tl(t2, t2, t1);
+fp0 = tcg_temp_new_i32();
+gen_load_fpr32(ctx, fp0, rt);
+tcg_gen_ext_i32_tl(t1, fp0);
+tcg_gen_and_tl(t1, t1, t2);
+tcg_temp_free(t2);
+tcg_gen_or_tl(t0, t0, t1);
+tcg_temp_free(t1);
+#if defined(TARGET_MIPS64)
+tcg_gen_extrl_i64_i32(fp0, t0);
+#else
+tcg_gen_ext32s_tl(fp0, t0);
+#endif
+gen_store_fpr32(ctx, fp0, rt);
+tcg_temp_free_i32(fp0);
+break;
+#if defined(TARGET_MIPS64)
+case OPC_GSLDLC1:
+check_cp1_enabled(ctx);
+gen_base_offset_addr(ctx, t0, rs, shf_offset);
+t1 = tcg_temp_new();
+tcg_gen_qemu_

[PULL 18/44] target/mips/cpu: Calculate the CP0 timer period using the CPU frequency

[Philippe Mathieu-Daudé]

The CP0 timer period is a function of the CPU frequency.
Start using the default values, which will be replaced by
properties in the next commits.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Jiaxun Yang 
Message-Id: <20201012095804.3335117-10-f4...@amsat.org>
---
 target/mips/cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 84b727fefa8..46188139b7b 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -144,13 +144,13 @@ static void mips_cpu_disas_set_info(CPUState *s, 
disassemble_info *info)
  */
 #define CPU_FREQ_HZ_DEFAULT 2
 #define CP0_COUNT_RATE_DEFAULT  2
-#define TIMER_PERIOD_DEFAULT10  /* 1 / (CPU_FREQ_HZ / CP0_COUNT_RATE) */
 
 static void mips_cp0_period_set(MIPSCPU *cpu)
 {
 CPUMIPSState *env = &cpu->env;
 
-env->cp0_count_ns = TIMER_PERIOD_DEFAULT;
+env->cp0_count_ns = muldiv64(NANOSECONDS_PER_SECOND, 
CP0_COUNT_RATE_DEFAULT,
+ CPU_FREQ_HZ_DEFAULT);
 }
 
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
-- 
2.26.2

[PULL 05/44] target/mips: Demacro helpers for .

[Philippe Mathieu-Daudé]

From: Aleksandar Markovic 

Remove function definitions via macros to achieve better code clarity.

Signed-off-by: Aleksandar Markovic 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1602103041-32017-2-git-send-email-aleksandar.qemu.de...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/fpu_helper.c | 59 ++--
 1 file changed, 39 insertions(+), 20 deletions(-)

diff --git a/target/mips/fpu_helper.c b/target/mips/fpu_helper.c
index 56beda49d82..f851723f22d 100644
--- a/target/mips/fpu_helper.c
+++ b/target/mips/fpu_helper.c
@@ -983,27 +983,46 @@ uint32_t helper_float_floor_2008_w_s(CPUMIPSState *env, 
uint32_t fst0)
 }
 
 /* unary operations, not modifying fp status  */
-#define FLOAT_UNOP(name)   \
-uint64_t helper_float_ ## name ## _d(uint64_t fdt0)\
-{  \
-return float64_ ## name(fdt0); \
-}  \
-uint32_t helper_float_ ## name ## _s(uint32_t fst0)\
-{  \
-return float32_ ## name(fst0); \
-}  \
-uint64_t helper_float_ ## name ## _ps(uint64_t fdt0)   \
-{  \
-uint32_t wt0;  \
-uint32_t wth0; \
-   \
-wt0 = float32_ ## name(fdt0 & 0X); \
-wth0 = float32_ ## name(fdt0 >> 32);   \
-return ((uint64_t)wth0 << 32) | wt0;   \
+
+uint64_t helper_float_abs_d(uint64_t fdt0)
+{
+   return float64_abs(fdt0);
+}
+
+uint32_t helper_float_abs_s(uint32_t fst0)
+{
+return float32_abs(fst0);
+}
+
+uint64_t helper_float_abs_ps(uint64_t fdt0)
+{
+uint32_t wt0;
+uint32_t wth0;
+
+wt0 = float32_abs(fdt0 & 0X);
+wth0 = float32_abs(fdt0 >> 32);
+return ((uint64_t)wth0 << 32) | wt0;
+}
+
+uint64_t helper_float_chs_d(uint64_t fdt0)
+{
+   return float64_chs(fdt0);
+}
+
+uint32_t helper_float_chs_s(uint32_t fst0)
+{
+return float32_chs(fst0);
+}
+
+uint64_t helper_float_chs_ps(uint64_t fdt0)
+{
+uint32_t wt0;
+uint32_t wth0;
+
+wt0 = float32_chs(fdt0 & 0X);
+wth0 = float32_chs(fdt0 >> 32);
+return ((uint64_t)wth0 << 32) | wt0;
 }
-FLOAT_UNOP(abs)
-FLOAT_UNOP(chs)
-#undef FLOAT_UNOP
 
 /* MIPS specific unary operations */
 uint64_t helper_float_recip_d(CPUMIPSState *env, uint64_t fdt0)
-- 
2.26.2

[PULL 03/44] hw/core/clock: Add the clock_new helper function

[Philippe Mathieu-Daudé]

From: Luc Michel 

This function creates a clock and parents it to another object with a
given name. It calls clock_setup_canonical_path before returning the
new clock.

This function is useful to create clocks in devices when one doesn't
want to expose it at the qdev level (as an input or an output).

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Luc Michel 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20201010135759.437903-4-...@lmichel.fr>
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/clock.h | 13 +
 hw/core/clock.c| 15 +++
 2 files changed, 28 insertions(+)

diff --git a/include/hw/clock.h b/include/hw/clock.h
index d357594df99..cbc5e6ced1e 100644
--- a/include/hw/clock.h
+++ b/include/hw/clock.h
@@ -90,6 +90,19 @@ extern const VMStateDescription vmstate_clock;
  */
 void clock_setup_canonical_path(Clock *clk);
 
+/**
+ * clock_new:
+ * @parent: the clock parent
+ * @name: the clock object name
+ *
+ * Helper function to create a new clock and parent it to @parent. There is no
+ * need to call clock_setup_canonical_path on the returned clock as it is done
+ * by this function.
+ *
+ * @return the newly created clock
+ */
+Clock *clock_new(Object *parent, const char *name);
+
 /**
  * clock_set_callback:
  * @clk: the clock to register the callback into
diff --git a/hw/core/clock.c b/hw/core/clock.c
index 7066282f7b9..f866717a835 100644
--- a/hw/core/clock.c
+++ b/hw/core/clock.c
@@ -23,6 +23,21 @@ void clock_setup_canonical_path(Clock *clk)
 clk->canonical_path = object_get_canonical_path(OBJECT(clk));
 }
 
+Clock *clock_new(Object *parent, const char *name)
+{
+Object *obj;
+Clock *clk;
+
+obj = object_new(TYPE_CLOCK);
+object_property_add_child(parent, name, obj);
+object_unref(obj);
+
+clk = CLOCK(obj);
+clock_setup_canonical_path(clk);
+
+return clk;
+}
+
 void clock_set_callback(Clock *clk, ClockCallback *cb, void *opaque)
 {
 clk->callback = cb;
-- 
2.26.2

[PULL 19/44] target/mips/cpu: Make cp0_count_rate a property

[Philippe Mathieu-Daudé]

Since not all CPU implementations use a cores use a CP0 timer
at half the frequency of the CPU, make this variable a property.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-11-f4...@amsat.org>
---
 target/mips/cpu.h |  9 +
 target/mips/cpu.c | 19 +++
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 085a88e9550..baeceb892ef 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1151,6 +1151,7 @@ struct CPUMIPSState {
 /**
  * MIPSCPU:
  * @env: #CPUMIPSState
+ * @cp0_count_rate: rate at which the coprocessor 0 counter increments
  *
  * A MIPS CPU.
  */
@@ -1161,6 +1162,14 @@ struct MIPSCPU {
 
 CPUNegativeOffsetState neg;
 CPUMIPSState env;
+/*
+ * The Count register acts as a timer, incrementing at a constant rate,
+ * whether or not an instruction is executed, retired, or any forward
+ * progress is made through the pipeline. The rate at which the counter
+ * increments is implementation dependent, and is a function of the
+ * pipeline clock of the processor, not the issue width of the processor.
+ */
+unsigned cp0_count_rate;
 };
 
 
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 46188139b7b..461edfe22b7 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -26,7 +26,7 @@
 #include "qemu/module.h"
 #include "sysemu/kvm.h"
 #include "exec/exec-all.h"
-
+#include "hw/qdev-properties.h"
 
 static void mips_cpu_set_pc(CPUState *cs, vaddr value)
 {
@@ -135,12 +135,7 @@ static void mips_cpu_disas_set_info(CPUState *s, 
disassemble_info *info)
 }
 
 /*
- * Since commit 6af0bf9c7c3 this model assumes a CPU clocked at 200MHz
- * and a CP0 timer running at half the clock of the CPU (cp0_count_rate = 2).
- *
- * TIMER_FREQ_HZ = CPU_FREQ_HZ / CP0_COUNT_RATE = 200 MHz / 2 = 100 MHz
- *
- * TIMER_PERIOD_NS = 1 / TIMER_FREQ_HZ = 10 ns
+ * Since commit 6af0bf9c7c3 this model assumes a CPU clocked at 200MHz.
  */
 #define CPU_FREQ_HZ_DEFAULT 2
 #define CP0_COUNT_RATE_DEFAULT  2
@@ -149,7 +144,7 @@ static void mips_cp0_period_set(MIPSCPU *cpu)
 {
 CPUMIPSState *env = &cpu->env;
 
-env->cp0_count_ns = muldiv64(NANOSECONDS_PER_SECOND, 
CP0_COUNT_RATE_DEFAULT,
+env->cp0_count_ns = muldiv64(NANOSECONDS_PER_SECOND, cpu->cp0_count_rate,
  CPU_FREQ_HZ_DEFAULT);
 }
 
@@ -202,6 +197,13 @@ static ObjectClass *mips_cpu_class_by_name(const char 
*cpu_model)
 return oc;
 }
 
+static Property mips_cpu_properties[] = {
+/* CP0 timer running at half the clock of the CPU */
+DEFINE_PROP_UINT32("cp0-count-rate", MIPSCPU, cp0_count_rate,
+   CP0_COUNT_RATE_DEFAULT),
+DEFINE_PROP_END_OF_LIST()
+};
+
 static void mips_cpu_class_init(ObjectClass *c, void *data)
 {
 MIPSCPUClass *mcc = MIPS_CPU_CLASS(c);
@@ -211,6 +213,7 @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
 device_class_set_parent_realize(dc, mips_cpu_realizefn,
 &mcc->parent_realize);
 device_class_set_parent_reset(dc, mips_cpu_reset, &mcc->parent_reset);
+device_class_set_props(dc, mips_cpu_properties);
 
 cc->class_by_name = mips_cpu_class_by_name;
 cc->has_work = mips_cpu_has_work;
-- 
2.26.2

[PULL 06/44] target/mips: Demacro helpers for MF.

[Philippe Mathieu-Daudé]

From: Aleksandar Markovic 

Remove function definitions via macros to achieve better code clarity.

Signed-off-by: Aleksandar Markovic 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1602103041-32017-3-git-send-email-aleksandar.qemu.de...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/fpu_helper.c | 63 +---
 1 file changed, 46 insertions(+), 17 deletions(-)

diff --git a/target/mips/fpu_helper.c b/target/mips/fpu_helper.c
index f851723f22d..b3c715494a9 100644
--- a/target/mips/fpu_helper.c
+++ b/target/mips/fpu_helper.c
@@ -1666,25 +1666,54 @@ uint64_t helper_float_nmsub_ps(CPUMIPSState *env, 
uint64_t fdt0,
 }
 
 
-#define FLOAT_FMADDSUB(name, bits, muladd_arg)  \
-uint ## bits ## _t helper_float_ ## name(CPUMIPSState *env, \
- uint ## bits ## _t fs, \
- uint ## bits ## _t ft, \
- uint ## bits ## _t fd) \
-{   \
-uint ## bits ## _t fdret;   \
-\
-fdret = float ## bits ## _muladd(fs, ft, fd, muladd_arg,\
- &env->active_fpu.fp_status);   \
-update_fcr31(env, GETPC()); \
-return fdret;   \
+uint32_t helper_float_maddf_s(CPUMIPSState *env, uint32_t fs,
+  uint32_t ft, uint32_t fd)
+{
+uint32_t fdret;
+
+fdret = float32_muladd(fs, ft, fd, 0,
+   &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint64_t helper_float_maddf_d(CPUMIPSState *env, uint64_t fs,
+  uint64_t ft, uint64_t fd)
+{
+uint64_t fdret;
+
+fdret = float64_muladd(fs, ft, fd, 0,
+   &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint32_t helper_float_msubf_s(CPUMIPSState *env, uint32_t fs,
+  uint32_t ft, uint32_t fd)
+{
+uint32_t fdret;
+
+fdret = float32_muladd(fs, ft, fd, float_muladd_negate_product,
+   &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
+}
+
+uint64_t helper_float_msubf_d(CPUMIPSState *env, uint64_t fs,
+  uint64_t ft, uint64_t fd)
+{
+uint64_t fdret;
+
+fdret = float64_muladd(fs, ft, fd, float_muladd_negate_product,
+   &env->active_fpu.fp_status);
+
+update_fcr31(env, GETPC());
+return fdret;
 }
 
-FLOAT_FMADDSUB(maddf_s, 32, 0)
-FLOAT_FMADDSUB(maddf_d, 64, 0)
-FLOAT_FMADDSUB(msubf_s, 32, float_muladd_negate_product)
-FLOAT_FMADDSUB(msubf_d, 64, float_muladd_negate_product)
-#undef FLOAT_FMADDSUB
 
 /* compare operations */
 #define FOP_COND_D(op, cond)   \
-- 
2.26.2

[PULL 12/44] target/mips/op_helper: Document Invalidate/Writeback opcodes as no-op

[Philippe Mathieu-Daudé]

QEMU does not model caches, so there is not much to do with the
Invalidate/Writeback opcodes. Make it explicit adding a comment.

Suggested-by: Jiaxun Yang 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Jiaxun Yang 
Message-Id: <20200813181527.22551-3-f4...@amsat.org>
---
 target/mips/op_helper.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index c15f5c07761..2496d1dd718 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -1586,6 +1586,11 @@ void helper_cache(CPUMIPSState *env, target_ulong addr, 
uint32_t op)
 memory_region_dispatch_read(env->itc_tag, index, &env->CP0_TagLo,
 MO_64, MEMTXATTRS_UNSPECIFIED);
 break;
+case 0b000: /* Index Invalidate */
+case 0b100: /* Hit Invalidate */
+case 0b110: /* Hit Writeback */
+/* no-op */
+break;
 default:
 break;
 }
-- 
2.26.2

[PULL 13/44] target/mips/op_helper: Log unimplemented cache opcode

[Philippe Mathieu-Daudé]

In case the guest uses a cache opcode we are not expecting,
log it to give us a chance to notice it, in case we should
actually do something.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Jiaxun Yang 
Message-Id: <20200813181527.22551-4-f4...@amsat.org>
---
 target/mips/op_helper.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index 2496d1dd718..0050d0616b6 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -1574,6 +1574,13 @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
 void helper_cache(CPUMIPSState *env, target_ulong addr, uint32_t op)
 {
 #ifndef CONFIG_USER_ONLY
+static const char *const type_name[] = {
+"Primary Instruction",
+"Primary Data or Unified Primary",
+"Tertiary",
+"Secondary"
+};
+uint32_t cache_type = extract32(op, 0, 2);
 uint32_t cache_operation = extract32(op, 2, 3);
 target_ulong index = addr & 0x1fff;
 
@@ -1592,6 +1599,8 @@ void helper_cache(CPUMIPSState *env, target_ulong addr, 
uint32_t op)
 /* no-op */
 break;
 default:
+qemu_log_mask(LOG_UNIMP, "cache operation:%u (type: %s cache)\n",
+  cache_operation, type_name[cache_type]);
 break;
 }
 #endif
-- 
2.26.2

[PULL 25/44] hw/mips/jazz: Correct CPU frequencies

[Philippe Mathieu-Daudé]

The Magnum 4000PC CPU runs at 100 MHz, and the Acer PICA-61
CPU at ~134 MHz.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-17-f4...@amsat.org>
---
 hw/mips/jazz.c | 15 ++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index 47723093b63..8f1ad55ba34 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "hw/clock.h"
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/intc/i8259.h"
@@ -142,6 +143,7 @@ static void mips_jazz_init(MachineState *machine,
 MemoryRegion *address_space = get_system_memory();
 char *filename;
 int bios_size, n;
+Clock *cpuclk;
 MIPSCPU *cpu;
 CPUClass *cc;
 CPUMIPSState *env;
@@ -163,14 +165,25 @@ static void mips_jazz_init(MachineState *machine,
 MemoryRegion *bios2 = g_new(MemoryRegion, 1);
 SysBusESPState *sysbus_esp;
 ESPState *esp;
+static const struct {
+unsigned freq_hz;
+unsigned pll_mult;
+} ext_clk[] = {
+[JAZZ_MAGNUM] = {5000, 2},
+[JAZZ_PICA61] = {, 4},
+};
 
 if (machine->ram_size > 256 * MiB) {
 error_report("RAM size more than 256Mb is not supported");
 exit(EXIT_FAILURE);
 }
 
+cpuclk = clock_new(OBJECT(machine), "cpu-refclk");
+clock_set_hz(cpuclk, ext_clk[jazz_model].freq_hz
+ * ext_clk[jazz_model].pll_mult);
+
 /* init CPUs */
-cpu = MIPS_CPU(cpu_create(machine->cpu_type));
+cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk);
 env = &cpu->env;
 qemu_register_reset(main_cpu_reset, cpu);
 
-- 
2.26.2

[PULL 41/44] MAINTAINERS: Put myself forward for MIPS target

[Philippe Mathieu-Daudé]

To avoid the MIPS target being orphan, volunteer to keep an eye
on it and put together pull requests.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Jiaxun Yang 
Reviewed-by: Thomas Huth 
Message-Id: <20201013101659.3557154-2-f4...@amsat.org>
---
 MAINTAINERS | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index b91bd754d16..50fb9fda34d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -220,10 +220,11 @@ F: hw/microblaze/
 F: disas/microblaze.c
 
 MIPS TCG CPUs
+M: Philippe Mathieu-Daudé 
 R: Aurelien Jarno 
 R: Jiaxun Yang 
 R: Aleksandar Rikalo 
-S: Orphaned
+S: Odd Fixes
 F: target/mips/
 F: default-configs/*mips*
 F: disas/*mips*
@@ -2817,11 +2818,12 @@ F: tcg/i386/
 F: disas/i386.c
 
 MIPS TCG target
+M: Philippe Mathieu-Daudé 
 R: Aurelien Jarno 
 R: Huacai Chen 
 R: Jiaxun Yang 
 R: Aleksandar Rikalo 
-S: Orphaned
+S: Odd Fixes
 F: tcg/mips/
 
 PPC TCG target
-- 
2.26.2

[PULL 14/44] target/mips: Move cpu_mips_get_random() with CP0 helpers

[Philippe Mathieu-Daudé]

The get_random() helper uses the CP0_Wired register, which is
unrelated to the CP0_Count register used as timer.
Commit e16fe40c872 ("Move the MIPS CPU timer in a separate file")
incorrectly moved this get_random() helper with timer specific
code. Move it back to generic CP0 helpers.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
Reviewed-by: Luc Michel 
Message-Id: <20201012095804.3335117-6-f4...@amsat.org>
---
 target/mips/internal.h   |  2 +-
 target/mips/cp0_helper.c | 25 +
 target/mips/cp0_timer.c  | 25 -
 3 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/target/mips/internal.h b/target/mips/internal.h
index b811f547f38..dd8a7809b64 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -144,6 +144,7 @@ void r4k_helper_tlbr(CPUMIPSState *env);
 void r4k_helper_tlbinv(CPUMIPSState *env);
 void r4k_helper_tlbinvf(CPUMIPSState *env);
 void r4k_invalidate_tlb(CPUMIPSState *env, int idx, int use_extra);
+uint32_t cpu_mips_get_random(CPUMIPSState *env);
 
 void mips_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
 vaddr addr, unsigned size,
@@ -209,7 +210,6 @@ void cpu_state_reset(CPUMIPSState *s);
 void cpu_mips_realize_env(CPUMIPSState *env);
 
 /* cp0_timer.c */
-uint32_t cpu_mips_get_random(CPUMIPSState *env);
 uint32_t cpu_mips_get_count(CPUMIPSState *env);
 void cpu_mips_store_count(CPUMIPSState *env, uint32_t value);
 void cpu_mips_store_compare(CPUMIPSState *env, uint32_t value);
diff --git a/target/mips/cp0_helper.c b/target/mips/cp0_helper.c
index de64add038b..12143ac55b9 100644
--- a/target/mips/cp0_helper.c
+++ b/target/mips/cp0_helper.c
@@ -203,6 +203,31 @@ static void sync_c0_entryhi(CPUMIPSState *cpu, int tc)
 *tcst |= asid;
 }
 
+/* XXX: do not use a global */
+uint32_t cpu_mips_get_random(CPUMIPSState *env)
+{
+static uint32_t seed = 1;
+static uint32_t prev_idx;
+uint32_t idx;
+uint32_t nb_rand_tlb = env->tlb->nb_tlb - env->CP0_Wired;
+
+if (nb_rand_tlb == 1) {
+return env->tlb->nb_tlb - 1;
+}
+
+/* Don't return same value twice, so get another value */
+do {
+/*
+ * Use a simple algorithm of Linear Congruential Generator
+ * from ISO/IEC 9899 standard.
+ */
+seed = 1103515245 * seed + 12345;
+idx = (seed >> 16) % nb_rand_tlb + env->CP0_Wired;
+} while (idx == prev_idx);
+prev_idx = idx;
+return idx;
+}
+
 /* CP0 helpers */
 target_ulong helper_mfc0_mvpcontrol(CPUMIPSState *env)
 {
diff --git a/target/mips/cp0_timer.c b/target/mips/cp0_timer.c
index bd7efb152dd..9c38e9da1c8 100644
--- a/target/mips/cp0_timer.c
+++ b/target/mips/cp0_timer.c
@@ -29,31 +29,6 @@
 
 #define TIMER_PERIOD 10 /* 10 ns period for 100 Mhz frequency */
 
-/* XXX: do not use a global */
-uint32_t cpu_mips_get_random(CPUMIPSState *env)
-{
-static uint32_t seed = 1;
-static uint32_t prev_idx = 0;
-uint32_t idx;
-uint32_t nb_rand_tlb = env->tlb->nb_tlb - env->CP0_Wired;
-
-if (nb_rand_tlb == 1) {
-return env->tlb->nb_tlb - 1;
-}
-
-/* Don't return same value twice, so get another value */
-do {
-/*
- * Use a simple algorithm of Linear Congruential Generator
- * from ISO/IEC 9899 standard.
- */
-seed = 1103515245 * seed + 12345;
-idx = (seed >> 16) % nb_rand_tlb + env->CP0_Wired;
-} while (idx == prev_idx);
-prev_idx = idx;
-return idx;
-}
-
 /* MIPS R4K timer */
 static void cpu_mips_timer_update(CPUMIPSState *env)
 {
-- 
2.26.2

[PULL 08/44] target/mips: Add loongson-ext lswc2 group of instructions (Part 1)

[Philippe Mathieu-Daudé]

From: Jiaxun Yang 

LWC2 & SWC2 have been rewritten by Loongson EXT vendor ASE
as "load/store quad word" and "shifted load/store" groups of
instructions.

This patch add implementation of these instructions:

  gslq: load 16 bytes to GPR
  gssq: store 16 bytes from GPR
  gslqc1: load 16 bytes to FPR
  gssqc1: store 16 bytes from FPR

Details of Loongson-EXT is here:
https://github.com/FlyGoat/loongson-insn/blob/master/loongson-ext.md

Signed-off-by: Jiaxun Yang 
Signed-off-by: Huacai Chen 
Message-Id: <1602831120-3377-3-git-send-email-che...@lemote.com>
[PMD: Restrict t1 variable to TARGET_MIPS64, remove unused t2/fp0]
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/translate.c | 86 +
 1 file changed, 86 insertions(+)

diff --git a/target/mips/translate.c b/target/mips/translate.c
index b4d009078e0..e83954d782f 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -460,6 +460,17 @@ enum {
 R6_OPC_SCD = 0x27 | OPC_SPECIAL3,
 };
 
+/* Loongson EXT load/store quad word opcodes */
+#define MASK_LOONGSON_GSLSQ(op)   (MASK_OP_MAJOR(op) | (op & 0x8020))
+enum {
+OPC_GSLQ= 0x0020 | OPC_LWC2,
+OPC_GSLQC1  = 0x8020 | OPC_LWC2,
+OPC_GSSHFL  = OPC_LWC2,
+OPC_GSSQ= 0x0020 | OPC_SWC2,
+OPC_GSSQC1  = 0x8020 | OPC_SWC2,
+OPC_GSSHFS  = OPC_SWC2,
+};
+
 /* BSHFL opcodes */
 #define MASK_BSHFL(op)  (MASK_SPECIAL3(op) | (op & (0x1F << 6)))
 
@@ -5910,6 +5921,79 @@ no_rd:
 tcg_temp_free_i64(t1);
 }
 
+static void gen_loongson_lswc2(DisasContext *ctx, int rt,
+   int rs, int rd)
+{
+TCGv t0;
+#if defined(TARGET_MIPS64)
+TCGv t1;
+int lsq_rt1 = ctx->opcode & 0x1f;
+int lsq_offset = sextract32(ctx->opcode, 6, 9) << 4;
+#endif
+
+t0 = tcg_temp_new();
+
+switch (MASK_LOONGSON_GSLSQ(ctx->opcode)) {
+#if defined(TARGET_MIPS64)
+case OPC_GSLQ:
+t1 = tcg_temp_new();
+gen_base_offset_addr(ctx, t0, rs, lsq_offset);
+tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_base_offset_addr(ctx, t0, rs, lsq_offset + 8);
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_store_gpr(t1, rt);
+gen_store_gpr(t0, lsq_rt1);
+tcg_temp_free(t1);
+break;
+case OPC_GSLQC1:
+check_cp1_enabled(ctx);
+t1 = tcg_temp_new();
+gen_base_offset_addr(ctx, t0, rs, lsq_offset);
+tcg_gen_qemu_ld_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_base_offset_addr(ctx, t0, rs, lsq_offset + 8);
+tcg_gen_qemu_ld_tl(t0, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_store_fpr64(ctx, t1, rt);
+gen_store_fpr64(ctx, t0, lsq_rt1);
+tcg_temp_free(t1);
+break;
+case OPC_GSSQ:
+t1 = tcg_temp_new();
+gen_base_offset_addr(ctx, t0, rs, lsq_offset);
+gen_load_gpr(t1, rt);
+tcg_gen_qemu_st_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_base_offset_addr(ctx, t0, rs, lsq_offset + 8);
+gen_load_gpr(t1, lsq_rt1);
+tcg_gen_qemu_st_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+tcg_temp_free(t1);
+break;
+case OPC_GSSQC1:
+check_cp1_enabled(ctx);
+t1 = tcg_temp_new();
+gen_base_offset_addr(ctx, t0, rs, lsq_offset);
+gen_load_fpr64(ctx, t1, rt);
+tcg_gen_qemu_st_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+gen_base_offset_addr(ctx, t0, rs, lsq_offset + 8);
+gen_load_fpr64(ctx, t1, lsq_rt1);
+tcg_gen_qemu_st_tl(t1, t0, ctx->mem_idx, MO_TEQ |
+   ctx->default_tcg_memop_mask);
+tcg_temp_free(t1);
+break;
+#endif
+default:
+MIPS_INVAL("loongson_gslsq");
+generate_exception_end(ctx, EXCP_RI);
+break;
+}
+tcg_temp_free(t0);
+}
+
 /* Traps */
 static void gen_trap(DisasContext *ctx, uint32_t opc,
  int rs, int rt, int16_t imm)
@@ -30774,6 +30858,8 @@ static void decode_opc(CPUMIPSState *env, DisasContext 
*ctx)
 /* OPC_BC, OPC_BALC */
 gen_compute_compact_branch(ctx, op, 0, 0,
sextract32(ctx->opcode << 2, 0, 28));
+} else if (ctx->insn_flags & ASE_LEXT) {
+gen_loongson_lswc2(ctx, rt, rs, rd);
 } else {
 /* OPC_LWC2, OPC_SWC2 */
 /* COP2: Not implemented. */
-- 
2.26.2

[PULL 34/44] hw/mips: Simplify loading 64-bit ELF kernels

[Philippe Mathieu-Daudé]

Since 82790064116 ("Cast ELF datatypes properly to host 64bit types")
we don't need to sign-extend the entry_point address. Remove this
unnecessary code.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20200927163943.614604-2-f4...@amsat.org>
---
 hw/mips/mipssim.c | 6 +-
 hw/mips/r4k.c | 6 +-
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/hw/mips/mipssim.c b/hw/mips/mipssim.c
index f0042f7f436..afef4f2e77a 100644
--- a/hw/mips/mipssim.c
+++ b/hw/mips/mipssim.c
@@ -77,11 +77,7 @@ static int64_t load_kernel(void)
(uint64_t *)&entry, NULL,
(uint64_t *)&kernel_high, NULL, big_endian,
EM_MIPS, 1, 0);
-if (kernel_size >= 0) {
-if ((entry & ~0x7fffULL) == 0x8000) {
-entry = (int32_t)entry;
-}
-} else {
+if (kernel_size < 0) {
 error_report("could not load kernel '%s': %s",
  loaderparams.kernel_filename,
  load_elf_strerror(kernel_size));
diff --git a/hw/mips/r4k.c b/hw/mips/r4k.c
index 39bc626e7c5..7ee37c49689 100644
--- a/hw/mips/r4k.c
+++ b/hw/mips/r4k.c
@@ -102,11 +102,7 @@ static int64_t load_kernel(void)
(uint64_t *)&entry, NULL,
(uint64_t *)&kernel_high, NULL, big_endian,
EM_MIPS, 1, 0);
-if (kernel_size >= 0) {
-if ((entry & ~0x7fffULL) == 0x8000) {
-entry = (int32_t)entry;
-}
-} else {
+if (kernel_size < 0) {
 error_report("could not load kernel '%s': %s",
  loaderparams.kernel_filename,
  load_elf_strerror(kernel_size));
-- 
2.26.2

[PULL 11/44] target/mips/op_helper: Convert multiple if() to switch case

[Philippe Mathieu-Daudé]

The cache operation is encoded in bits [20:18] of the instruction.
The 'op' argument of helper_cache() contains the bits [20:16].
Extract the 3 bits and parse them using a switch case. This allow
us to handle multiple cache types (the cache type is encoded in
bits [17:16]).

Previously the if() block was only checking the D-Cache (Primary
Data or Unified Primary). Now we also handle the I-Cache (Primary
Instruction), S-Cache (Secondary) and T-Cache (Terciary).

Reported-by: Jiaxun Yang 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Jiaxun Yang 
Message-Id: <20200813181527.22551-2-f4...@amsat.org>
---
 target/mips/op_helper.c | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c
index 9552b280e07..c15f5c07761 100644
--- a/target/mips/op_helper.c
+++ b/target/mips/op_helper.c
@@ -1574,15 +1574,20 @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
 void helper_cache(CPUMIPSState *env, target_ulong addr, uint32_t op)
 {
 #ifndef CONFIG_USER_ONLY
+uint32_t cache_operation = extract32(op, 2, 3);
 target_ulong index = addr & 0x1fff;
-if (op == 9) {
-/* Index Store Tag */
+
+switch (cache_operation) {
+case 0b010: /* Index Store Tag */
 memory_region_dispatch_write(env->itc_tag, index, env->CP0_TagLo,
  MO_64, MEMTXATTRS_UNSPECIFIED);
-} else if (op == 5) {
-/* Index Load Tag */
+break;
+case 0b001: /* Index Load Tag */
 memory_region_dispatch_read(env->itc_tag, index, &env->CP0_TagLo,
 MO_64, MEMTXATTRS_UNSPECIFIED);
+break;
+default:
+break;
 }
 #endif
 }
-- 
2.26.2

[PULL 42/44] MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail

[Philippe Mathieu-Daudé]

Paul's Wavecomp email has been bouncing for months. He told us
he "no longer has access to modern MIPS CPUs or Boston hardware,
and wouldn't currently have time to spend on them if he did." [1]
but "perhaps that might change in the future." [2].
Be fair and downgrade the status of the Boston board to "Odd Fixes"
(has a maintainer but they don't have time to do much other).
Similarly to commit 2b107c2c1c (".mailmap: Update Paul Burton email
address"), update his email address here too.

[1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg718739.html
[2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg728605.html

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Message-Id: <20201013101659.3557154-4-f4...@amsat.org>
---
 MAINTAINERS | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 50fb9fda34d..8770cd6d05a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1162,9 +1162,9 @@ S: Maintained
 F: hw/intc/loongson_liointc.c
 
 Boston
-M: Paul Burton 
+M: Paul Burton 
 R: Aleksandar Rikalo 
-S: Maintained
+S: Odd Fixes
 F: hw/core/loader-fit.c
 F: hw/mips/boston.c
 F: hw/pci-host/xilinx-pcie.c
-- 
2.26.2

[PULL 15/44] target/mips/cp0_timer: Explicit unit in variable name

[Philippe Mathieu-Daudé]

Name variables holding nanoseconds with the '_ns' suffix.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Aleksandar Markovic 
Message-Id: <20201012095804.3335117-7-f4...@amsat.org>
---
 target/mips/cp0_timer.c | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/target/mips/cp0_timer.c b/target/mips/cp0_timer.c
index 9c38e9da1c8..5194c967ae3 100644
--- a/target/mips/cp0_timer.c
+++ b/target/mips/cp0_timer.c
@@ -32,13 +32,14 @@
 /* MIPS R4K timer */
 static void cpu_mips_timer_update(CPUMIPSState *env)
 {
-uint64_t now, next;
+uint64_t now_ns, next_ns;
 uint32_t wait;
 
-now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
-wait = env->CP0_Compare - env->CP0_Count - (uint32_t)(now / TIMER_PERIOD);
-next = now + (uint64_t)wait * TIMER_PERIOD;
-timer_mod(env->timer, next);
+now_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+wait = env->CP0_Compare - env->CP0_Count -
+   (uint32_t)(now_ns / TIMER_PERIOD);
+next_ns = now_ns + (uint64_t)wait * TIMER_PERIOD;
+timer_mod(env->timer, next_ns);
 }
 
 /* Expire the timer.  */
@@ -56,16 +57,16 @@ uint32_t cpu_mips_get_count(CPUMIPSState *env)
 if (env->CP0_Cause & (1 << CP0Ca_DC)) {
 return env->CP0_Count;
 } else {
-uint64_t now;
+uint64_t now_ns;
 
-now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+now_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 if (timer_pending(env->timer)
-&& timer_expired(env->timer, now)) {
+&& timer_expired(env->timer, now_ns)) {
 /* The timer has already expired.  */
 cpu_mips_timer_expire(env);
 }
 
-return env->CP0_Count + (uint32_t)(now / TIMER_PERIOD);
+return env->CP0_Count + (uint32_t)(now_ns / TIMER_PERIOD);
 }
 }
 
-- 
2.26.2

[PULL 16/44] target/mips/cp0_timer: Document TIMER_PERIOD origin

[Philippe Mathieu-Daudé]

TIMER_PERIOD value of '10 ns' can be explained looking at
commit 6af0bf9c7c3doc, where the CPU frequency is 200 MHz
and CP0 default count rate is half the frequency of the
CPU. Document that.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-8-f4...@amsat.org>
---
 target/mips/cp0_timer.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/target/mips/cp0_timer.c b/target/mips/cp0_timer.c
index 5194c967ae3..6fec5fe0ff7 100644
--- a/target/mips/cp0_timer.c
+++ b/target/mips/cp0_timer.c
@@ -27,7 +27,17 @@
 #include "sysemu/kvm.h"
 #include "internal.h"
 
-#define TIMER_PERIOD 10 /* 10 ns period for 100 Mhz frequency */
+/*
+ * Since commit 6af0bf9c7c3 this model assumes a CPU clocked at 200MHz
+ * and a CP0 timer running at half the clock of the CPU (cp0_count_rate = 2).
+ *
+ * TIMER_FREQ_HZ = CPU_FREQ_HZ / CP0_COUNT_RATE = 200 MHz / 2 = 100 MHz
+ *
+ * TIMER_PERIOD_NS = 1 / TIMER_FREQ_HZ = 10 ns
+ */
+#define CPU_FREQ_HZ_DEFAULT 2
+#define CP0_COUNT_RATE_DEFAULT  2
+#define TIMER_PERIOD10  /* 1 / (CPU_FREQ_HZ / CP0_COUNT_RATE) */
 
 /* MIPS R4K timer */
 static void cpu_mips_timer_update(CPUMIPSState *env)
-- 
2.26.2

[PULL 39/44] docs/system: Update MIPS CPU documentation

[Philippe Mathieu-Daudé]

From: Huacai Chen 

Add Loongson-3A CPU models description.

Signed-off-by: Huacai Chen 
Message-Id: <1602059975-10115-10-git-send-email-che...@lemote.com>
[PMD: Split patch in 2: CPU / machine]
Signed-off-by: Philippe Mathieu-Daudé 
---
 docs/system/cpu-models-mips.rst.inc | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/docs/system/cpu-models-mips.rst.inc 
b/docs/system/cpu-models-mips.rst.inc
index 499b5b6fedb..02cc4bb884c 100644
--- a/docs/system/cpu-models-mips.rst.inc
+++ b/docs/system/cpu-models-mips.rst.inc
@@ -48,11 +48,17 @@ across all desired hosts.
 ``I6400``
 MIPS64 Processor (Release 6, 2014)
 
+``Loongson-2E``
+MIPS64 Processor (Loongson 2, 2006)
+
 ``Loongson-2F``
 MIPS64 Processor (Loongson 2, 2008)
 
-``Loongson-2E``
-MIPS64 Processor (Loongson 2, 2006)
+``Loongson-3A1000``
+MIPS64 Processor (Loongson 3, 2010)
+
+``Loongson-3A4000``
+MIPS64 Processor (Loongson 3, 2018)
 
 ``mips64dspr2``
 MIPS64 Processor (Release 2, 2006)
-- 
2.26.2

[PULL 17/44] target/mips: Move cp0_count_ns to CPUMIPSState

[Philippe Mathieu-Daudé]

Currently the CP0 timer period is fixed at 10 ns, corresponding
to a fixed CPU frequency of 200 MHz (using half the speed of the
CPU).

In few commits we will be able to use a different CPU frequency.
In preparation, move the cp0_count_ns variable to CPUMIPSState
so we can modify it.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Jiaxun Yang 
Message-Id: <20201012095804.3335117-9-f4...@amsat.org>
---
 target/mips/cpu.h   |  1 +
 target/mips/cp0_timer.c | 23 ++-
 target/mips/cpu.c   | 21 +
 3 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 7cf7f5239f7..085a88e9550 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1145,6 +1145,7 @@ struct CPUMIPSState {
 struct MIPSITUState *itu;
 MemoryRegion *itc_tag; /* ITC Configuration Tags */
 target_ulong exception_base; /* ExceptionBase input to the core */
+uint64_t cp0_count_ns; /* CP0_Count clock period (in nanoseconds) */
 };
 
 /**
diff --git a/target/mips/cp0_timer.c b/target/mips/cp0_timer.c
index 6fec5fe0ff7..5ec0d6249e9 100644
--- a/target/mips/cp0_timer.c
+++ b/target/mips/cp0_timer.c
@@ -27,18 +27,6 @@
 #include "sysemu/kvm.h"
 #include "internal.h"
 
-/*
- * Since commit 6af0bf9c7c3 this model assumes a CPU clocked at 200MHz
- * and a CP0 timer running at half the clock of the CPU (cp0_count_rate = 2).
- *
- * TIMER_FREQ_HZ = CPU_FREQ_HZ / CP0_COUNT_RATE = 200 MHz / 2 = 100 MHz
- *
- * TIMER_PERIOD_NS = 1 / TIMER_FREQ_HZ = 10 ns
- */
-#define CPU_FREQ_HZ_DEFAULT 2
-#define CP0_COUNT_RATE_DEFAULT  2
-#define TIMER_PERIOD10  /* 1 / (CPU_FREQ_HZ / CP0_COUNT_RATE) */
-
 /* MIPS R4K timer */
 static void cpu_mips_timer_update(CPUMIPSState *env)
 {
@@ -47,8 +35,8 @@ static void cpu_mips_timer_update(CPUMIPSState *env)
 
 now_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 wait = env->CP0_Compare - env->CP0_Count -
-   (uint32_t)(now_ns / TIMER_PERIOD);
-next_ns = now_ns + (uint64_t)wait * TIMER_PERIOD;
+   (uint32_t)(now_ns / env->cp0_count_ns);
+next_ns = now_ns + (uint64_t)wait * env->cp0_count_ns;
 timer_mod(env->timer, next_ns);
 }
 
@@ -76,7 +64,7 @@ uint32_t cpu_mips_get_count(CPUMIPSState *env)
 cpu_mips_timer_expire(env);
 }
 
-return env->CP0_Count + (uint32_t)(now_ns / TIMER_PERIOD);
+return env->CP0_Count + (uint32_t)(now_ns / env->cp0_count_ns);
 }
 }
 
@@ -92,7 +80,8 @@ void cpu_mips_store_count(CPUMIPSState *env, uint32_t count)
 } else {
 /* Store new count register */
 env->CP0_Count = count -
-   (uint32_t)(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 
TIMER_PERIOD);
+   (uint32_t)(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
+  env->cp0_count_ns);
 /* Update timer timer */
 cpu_mips_timer_update(env);
 }
@@ -119,7 +108,7 @@ void cpu_mips_stop_count(CPUMIPSState *env)
 {
 /* Store the current value */
 env->CP0_Count += (uint32_t)(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
- TIMER_PERIOD);
+ env->cp0_count_ns);
 }
 
 static void mips_timer_cb(void *opaque)
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index e86cd065483..84b727fefa8 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -134,6 +134,25 @@ static void mips_cpu_disas_set_info(CPUState *s, 
disassemble_info *info)
 }
 }
 
+/*
+ * Since commit 6af0bf9c7c3 this model assumes a CPU clocked at 200MHz
+ * and a CP0 timer running at half the clock of the CPU (cp0_count_rate = 2).
+ *
+ * TIMER_FREQ_HZ = CPU_FREQ_HZ / CP0_COUNT_RATE = 200 MHz / 2 = 100 MHz
+ *
+ * TIMER_PERIOD_NS = 1 / TIMER_FREQ_HZ = 10 ns
+ */
+#define CPU_FREQ_HZ_DEFAULT 2
+#define CP0_COUNT_RATE_DEFAULT  2
+#define TIMER_PERIOD_DEFAULT10  /* 1 / (CPU_FREQ_HZ / CP0_COUNT_RATE) */
+
+static void mips_cp0_period_set(MIPSCPU *cpu)
+{
+CPUMIPSState *env = &cpu->env;
+
+env->cp0_count_ns = TIMER_PERIOD_DEFAULT;
+}
+
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -141,6 +160,8 @@ static void mips_cpu_realizefn(DeviceState *dev, Error 
**errp)
 MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
+mips_cp0_period_set(cpu);
+
 cpu_exec_realizefn(cs, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
-- 
2.26.2

[PULL 40/44] MAINTAINERS: Remove myself

[Philippe Mathieu-Daudé]

From: Aleksandar Markovic 

I have been working on project other than QEMU for some time, and would
like to devote myself to that project. It is impossible for me to find
enough time to perform maintainer's duties with needed meticulousness
and patience.

I wish prosperous future to QEMU and all colleagues in QEMU community.

Signed-off-by: Aleksandar Markovic 
Message-Id: <1602103041-32017-6-git-send-email-aleksandar.qemu.de...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS | 17 +
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 99ab02bbab3..b91bd754d16 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -220,11 +220,10 @@ F: hw/microblaze/
 F: disas/microblaze.c
 
 MIPS TCG CPUs
-M: Aleksandar Markovic 
 R: Aurelien Jarno 
 R: Jiaxun Yang 
 R: Aleksandar Rikalo 
-S: Maintained
+S: Orphaned
 F: target/mips/
 F: default-configs/*mips*
 F: disas/*mips*
@@ -386,7 +385,6 @@ F: target/arm/kvm.c
 
 MIPS KVM CPUs
 M: Huacai Chen 
-M: Aleksandar Markovic 
 S: Odd Fixes
 F: target/mips/kvm.c
 
@@ -1123,10 +1121,9 @@ F: hw/display/jazz_led.c
 F: hw/dma/rc4030.c
 
 Malta
-M: Aleksandar Markovic 
 M: Philippe Mathieu-Daudé 
 R: Aurelien Jarno 
-S: Maintained
+S: Odd Fixes
 F: hw/isa/piix4.c
 F: hw/acpi/piix4.c
 F: hw/mips/malta.c
@@ -1136,14 +1133,12 @@ F: tests/acceptance/linux_ssh_mips_malta.py
 F: tests/acceptance/machine_mips_malta.py
 
 Mipssim
-M: Aleksandar Markovic 
 R: Aleksandar Rikalo 
-S: Odd Fixes
+S: Orphaned
 F: hw/mips/mipssim.c
 F: hw/net/mipsnet.c
 
 R4000
-M: Aleksandar Markovic 
 R: Aurelien Jarno 
 R: Aleksandar Rikalo 
 S: Obsolete
@@ -1152,7 +1147,6 @@ F: hw/mips/r4k.c
 Fuloong 2E
 M: Huacai Chen 
 M: Philippe Mathieu-Daudé 
-M: Aleksandar Markovic 
 R: Jiaxun Yang 
 S: Odd Fixes
 F: hw/mips/fuloong2e.c
@@ -2823,12 +2817,11 @@ F: tcg/i386/
 F: disas/i386.c
 
 MIPS TCG target
-M: Aleksandar Markovic 
 R: Aurelien Jarno 
 R: Huacai Chen 
 R: Jiaxun Yang 
 R: Aleksandar Rikalo 
-S: Maintained
+S: Orphaned
 F: tcg/mips/
 
 PPC TCG target
@@ -3169,7 +3162,7 @@ S: Odd Fixes
 F: scripts/git-submodule.sh
 
 UI translations
-M: Aleksandar Markovic 
+S: Orphaned
 F: po/*.po
 
 Sphinx documentation configuration and build machinery
-- 
2.26.2

[PULL 20/44] target/mips/cpu: Allow the CPU to use dynamic frequencies

[Philippe Mathieu-Daudé]

Use the Clock API and let the CPU object have an input clock.

If no clock is connected, keep using the default frequency of
200 MHz used since the introduction of the 'r4k' machine in
commit 6af0bf9c7c3.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-12-f4...@amsat.org>
---
 target/mips/cpu.h |  4 
 target/mips/cpu.c | 11 +--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index baeceb892ef..062a4ba6225 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -4,6 +4,7 @@
 #include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 #include "fpu/softfloat-types.h"
+#include "hw/clock.h"
 #include "mips-defs.h"
 
 #define TCG_GUEST_DEFAULT_MO (0)
@@ -1151,6 +1152,8 @@ struct CPUMIPSState {
 /**
  * MIPSCPU:
  * @env: #CPUMIPSState
+ * @clock: this CPU input clock (may be connected
+ * to an output clock from another device).
  * @cp0_count_rate: rate at which the coprocessor 0 counter increments
  *
  * A MIPS CPU.
@@ -1160,6 +1163,7 @@ struct MIPSCPU {
 CPUState parent_obj;
 /*< public >*/
 
+Clock *clock;
 CPUNegativeOffsetState neg;
 CPUMIPSState env;
 /*
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 461edfe22b7..2a6f4840e20 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -27,6 +27,7 @@
 #include "sysemu/kvm.h"
 #include "exec/exec-all.h"
 #include "hw/qdev-properties.h"
+#include "hw/qdev-clock.h"
 
 static void mips_cpu_set_pc(CPUState *cs, vaddr value)
 {
@@ -144,8 +145,9 @@ static void mips_cp0_period_set(MIPSCPU *cpu)
 {
 CPUMIPSState *env = &cpu->env;
 
-env->cp0_count_ns = muldiv64(NANOSECONDS_PER_SECOND, cpu->cp0_count_rate,
- CPU_FREQ_HZ_DEFAULT);
+env->cp0_count_ns = cpu->cp0_count_rate
+* clock_get_ns(MIPS_CPU(cpu)->clock);
+assert(env->cp0_count_ns);
 }
 
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
@@ -155,6 +157,10 @@ static void mips_cpu_realizefn(DeviceState *dev, Error 
**errp)
 MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
+if (!clock_get(cpu->clock)) {
+/* Initialize the frequency in case the clock remains unconnected. */
+clock_set_hz(cpu->clock, CPU_FREQ_HZ_DEFAULT);
+}
 mips_cp0_period_set(cpu);
 
 cpu_exec_realizefn(cs, &local_err);
@@ -178,6 +184,7 @@ static void mips_cpu_initfn(Object *obj)
 MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(obj);
 
 cpu_set_cpustate_pointers(cpu);
+cpu->clock = qdev_init_clock_in(DEVICE(obj), "clk-in", NULL, cpu);
 env->cpu_model = mcc->cpu_def;
 }
 
-- 
2.26.2

[PULL 22/44] hw/mips/r4k: Explicit CPU frequency is 200 MHz

[Philippe Mathieu-Daudé]

Since its introduction in commit 6af0bf9c7c3,
the 'r4k' machine runs at 200 MHz.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-14-f4...@amsat.org>
---
 hw/mips/r4k.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/mips/r4k.c b/hw/mips/r4k.c
index 3487013a4a1..39bc626e7c5 100644
--- a/hw/mips/r4k.c
+++ b/hw/mips/r4k.c
@@ -13,6 +13,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "hw/clock.h"
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/intc/i8259.h"
@@ -182,6 +183,7 @@ void mips_r4k_init(MachineState *machine)
 MemoryRegion *isa_io = g_new(MemoryRegion, 1);
 MemoryRegion *isa_mem = g_new(MemoryRegion, 1);
 int bios_size;
+Clock *cpuclk;
 MIPSCPU *cpu;
 CPUMIPSState *env;
 ResetData *reset_info;
@@ -192,8 +194,11 @@ void mips_r4k_init(MachineState *machine)
 DriveInfo *dinfo;
 int be;
 
+cpuclk = clock_new(OBJECT(machine), "cpu-refclk");
+clock_set_hz(cpuclk, 2); /* 200 MHz */
+
 /* init CPUs */
-cpu = MIPS_CPU(cpu_create(machine->cpu_type));
+cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk);
 env = &cpu->env;
 
 reset_info = g_malloc0(sizeof(ResetData));
-- 
2.26.2

[PULL 23/44] hw/mips/fuloong2e: Set CPU frequency to 533 MHz

[Philippe Mathieu-Daudé]

The CPU frequency is normally provided by the firmware in the
"cpuclock" environment variable. The 2E board can handles up
to 660MHz, but be conservative and take the same value used
by the Linux kernel: 533 MHz.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Jiaxun Yang 
Message-Id: <20201012095804.3335117-15-f4...@amsat.org>
---
 hw/mips/fuloong2e.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index b000ed1d7f7..b8234f61083 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -23,6 +23,7 @@
 #include "qemu/units.h"
 #include "qapi/error.h"
 #include "cpu.h"
+#include "hw/clock.h"
 #include "hw/intc/i8259.h"
 #include "hw/dma/i8257.h"
 #include "hw/isa/superio.h"
@@ -298,12 +299,16 @@ static void mips_fuloong2e_init(MachineState *machine)
 PCIBus *pci_bus;
 ISABus *isa_bus;
 I2CBus *smbus;
+Clock *cpuclk;
 MIPSCPU *cpu;
 CPUMIPSState *env;
 DeviceState *dev;
 
+cpuclk = clock_new(OBJECT(machine), "cpu-refclk");
+clock_set_hz(cpuclk, 53308); /* ~533 MHz */
+
 /* init CPUs */
-cpu = MIPS_CPU(cpu_create(machine->cpu_type));
+cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk);
 env = &cpu->env;
 
 qemu_register_reset(main_cpu_reset, cpu);
-- 
2.26.2

[PULL 21/44] target/mips/cpu: Introduce mips_cpu_create_with_clock() helper

[Philippe Mathieu-Daudé]

Introduce an helper to create a MIPS CPU and connect it to
a reference clock. This helper is not MIPS specific, but so
far only MIPS CPUs need it.

Suggested-by: Huacai Chen 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-13-f4...@amsat.org>
---
 target/mips/cpu.h | 12 
 target/mips/cpu.c | 12 
 2 files changed, 24 insertions(+)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 062a4ba6225..d41579d44ae 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1307,4 +1307,16 @@ static inline void cpu_get_tb_cpu_state(CPUMIPSState 
*env, target_ulong *pc,
 MIPS_HFLAG_HWRENA_ULR);
 }
 
+/**
+ * mips_cpu_create_with_clock:
+ * @typename: a MIPS CPU type.
+ * @cpu_refclk: this cpu input clock (an output clock of another device)
+ *
+ * Instantiates a MIPS CPU, set the input clock of the CPU to @cpu_refclk,
+ * then realizes the CPU.
+ *
+ * Returns: A #CPUState or %NULL if an error occurred.
+ */
+MIPSCPU *mips_cpu_create_with_clock(const char *cpu_type, Clock *cpu_refclk);
+
 #endif /* MIPS_CPU_H */
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 2a6f4840e20..33a9ed5c24b 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -288,3 +288,15 @@ static void mips_cpu_register_types(void)
 }
 
 type_init(mips_cpu_register_types)
+
+/* Could be used by generic CPU object */
+MIPSCPU *mips_cpu_create_with_clock(const char *cpu_type, Clock *cpu_refclk)
+{
+DeviceState *cpu;
+
+cpu = DEVICE(object_new(cpu_type));
+qdev_connect_clock_in(cpu, "clk-in", cpu_refclk);
+qdev_realize(cpu, NULL, &error_abort);
+
+return MIPS_CPU(cpu);
+}
-- 
2.26.2

[PULL 27/44] hw/mips/boston: Set CPU frequency to 1 GHz

[Philippe Mathieu-Daudé]

The I6400 can run at 1 GHz or more. Create a 'cpuclk'
output clock and connect it to the CPU input clock.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-19-f4...@amsat.org>
---
 hw/mips/boston.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/hw/mips/boston.c b/hw/mips/boston.c
index 1b3f69e949c..cf2296f4488 100644
--- a/hw/mips/boston.c
+++ b/hw/mips/boston.c
@@ -30,6 +30,7 @@
 #include "hw/mips/cps.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/pci-host/xilinx-pcie.h"
+#include "hw/qdev-clock.h"
 #include "hw/qdev-properties.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
@@ -54,6 +55,7 @@ struct BostonState {
 MachineState *mach;
 MIPSCPSState cps;
 SerialMM *uart;
+Clock *cpuclk;
 
 CharBackend lcd_display;
 char lcd_content[8];
@@ -251,10 +253,19 @@ static const MemoryRegionOps boston_platreg_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
+static void mips_boston_instance_init(Object *obj)
+{
+BostonState *s = BOSTON(obj);
+
+s->cpuclk = qdev_init_clock_out(DEVICE(obj), "cpu-refclk");
+clock_set_hz(s->cpuclk, 10); /* 1 GHz */
+}
+
 static const TypeInfo boston_device = {
 .name  = TYPE_MIPS_BOSTON,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(BostonState),
+.instance_init = mips_boston_instance_init,
 };
 
 static void boston_register_types(void)
@@ -462,6 +473,8 @@ static void boston_mach_init(MachineState *machine)
 &error_fatal);
 object_property_set_int(OBJECT(&s->cps), "num-vp", machine->smp.cpus,
 &error_fatal);
+qdev_connect_clock_in(DEVICE(&s->cps), "clk-in",
+  qdev_get_clock_out(dev, "cpu-refclk"));
 sysbus_realize(SYS_BUS_DEVICE(&s->cps), &error_fatal);
 
 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
-- 
2.26.2

[PULL v2 1/5] tests/9pfs: change qtest name prefix to synth

[Christian Schoenebeck]

All existing 9pfs test cases are using the 'synth' fs driver so far, which
means they are not accessing real files, but a purely simulated (in RAM
only) file system.

Let's make this clear by changing the prefix of the individual qtest case
names from 'fs/' to 'synth/'. That way they'll be easily distinguishable
from upcoming new 9pfs test cases supposed to be using a different fs
driver.

Signed-off-by: Christian Schoenebeck 
Message-Id: 

Signed-off-by: Christian Schoenebeck 
---
 tests/qtest/virtio-9p-test.c | 28 ++--
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/tests/qtest/virtio-9p-test.c b/tests/qtest/virtio-9p-test.c
index de30b717b6..3281153b9c 100644
--- a/tests/qtest/virtio-9p-test.c
+++ b/tests/qtest/virtio-9p-test.c
@@ -897,26 +897,26 @@ static void fs_readdir_split_512(void *obj, void *data,
 
 static void register_virtio_9p_test(void)
 {
-qos_add_test("config", "virtio-9p", pci_config, NULL);
-qos_add_test("fs/version/basic", "virtio-9p", fs_version, NULL);
-qos_add_test("fs/attach/basic", "virtio-9p", fs_attach, NULL);
-qos_add_test("fs/walk/basic", "virtio-9p", fs_walk, NULL);
-qos_add_test("fs/walk/no_slash", "virtio-9p", fs_walk_no_slash,
+qos_add_test("synth/config", "virtio-9p", pci_config, NULL);
+qos_add_test("synth/version/basic", "virtio-9p", fs_version, NULL);
+qos_add_test("synth/attach/basic", "virtio-9p", fs_attach, NULL);
+qos_add_test("synth/walk/basic", "virtio-9p", fs_walk, NULL);
+qos_add_test("synth/walk/no_slash", "virtio-9p", fs_walk_no_slash,
  NULL);
-qos_add_test("fs/walk/dotdot_from_root", "virtio-9p",
+qos_add_test("synth/walk/dotdot_from_root", "virtio-9p",
  fs_walk_dotdot, NULL);
-qos_add_test("fs/lopen/basic", "virtio-9p", fs_lopen, NULL);
-qos_add_test("fs/write/basic", "virtio-9p", fs_write, NULL);
-qos_add_test("fs/flush/success", "virtio-9p", fs_flush_success,
+qos_add_test("synth/lopen/basic", "virtio-9p", fs_lopen, NULL);
+qos_add_test("synth/write/basic", "virtio-9p", fs_write, NULL);
+qos_add_test("synth/flush/success", "virtio-9p", fs_flush_success,
  NULL);
-qos_add_test("fs/flush/ignored", "virtio-9p", fs_flush_ignored,
+qos_add_test("synth/flush/ignored", "virtio-9p", fs_flush_ignored,
  NULL);
-qos_add_test("fs/readdir/basic", "virtio-9p", fs_readdir, NULL);
-qos_add_test("fs/readdir/split_512", "virtio-9p",
+qos_add_test("synth/readdir/basic", "virtio-9p", fs_readdir, NULL);
+qos_add_test("synth/readdir/split_512", "virtio-9p",
  fs_readdir_split_512, NULL);
-qos_add_test("fs/readdir/split_256", "virtio-9p",
+qos_add_test("synth/readdir/split_256", "virtio-9p",
  fs_readdir_split_256, NULL);
-qos_add_test("fs/readdir/split_128", "virtio-9p",
+qos_add_test("synth/readdir/split_128", "virtio-9p",
  fs_readdir_split_128, NULL);
 }
 
-- 
2.20.1

[PULL 24/44] hw/mips/mipssim: Correct CPU frequency

[Philippe Mathieu-Daudé]

The MIPSsim machine CPU frequency is too fast running at 200 MHz,
while it should be 12 MHz for the 24K and 6 MHz for the 5K core.

Ref: Linux commit c78cbf49c4ed
("Support for MIPSsim, the cycle accurate MIPS simulator.")

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-16-f4...@amsat.org>
---
 hw/mips/mipssim.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/mips/mipssim.c b/hw/mips/mipssim.c
index 5d4ad74828d..f0042f7f436 100644
--- a/hw/mips/mipssim.c
+++ b/hw/mips/mipssim.c
@@ -29,6 +29,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "hw/clock.h"
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/char/serial.h"
@@ -150,13 +151,21 @@ mips_mipssim_init(MachineState *machine)
 MemoryRegion *address_space_mem = get_system_memory();
 MemoryRegion *isa = g_new(MemoryRegion, 1);
 MemoryRegion *bios = g_new(MemoryRegion, 1);
+Clock *cpuclk;
 MIPSCPU *cpu;
 CPUMIPSState *env;
 ResetData *reset_info;
 int bios_size;
 
+cpuclk = clock_new(OBJECT(machine), "cpu-refclk");
+#ifdef TARGET_MIPS64
+clock_set_hz(cpuclk, 600); /* 6 MHz */
+#else
+clock_set_hz(cpuclk, 1200); /* 12 MHz */
+#endif
+
 /* Init CPUs. */
-cpu = MIPS_CPU(cpu_create(machine->cpu_type));
+cpu = mips_cpu_create_with_clock(machine->cpu_type, cpuclk);
 env = &cpu->env;
 
 reset_info = g_malloc0(sizeof(ResetData));
-- 
2.26.2

[PULL 32/44] hw/mips/malta: Move gt64120 related code together

[Philippe Mathieu-Daudé]

The 'empty_slot' region created is related to the gt64120.
Move its creation close to the gt64120 instance creation.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20201012160503.3472140-2-f4...@amsat.org>
---
 hw/mips/malta.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index a4a4c386268..944045d7701 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1239,13 +1239,6 @@ void mips_malta_init(MachineState *machine)
 DeviceState *dev = qdev_new(TYPE_MIPS_MALTA);
 MaltaState *s = MIPS_MALTA(dev);
 
-/*
- * The whole address space decoded by the GT-64120A doesn't generate
- * exception when accessing invalid memory. Create an empty slot to
- * emulate this feature.
- */
-empty_slot_init("GT64120", 0, 0x2000);
-
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
 
 /* create CPU */
@@ -1399,6 +1392,12 @@ void mips_malta_init(MachineState *machine)
 
 /* Northbridge */
 pci_bus = gt64120_register(s->i8259);
+/*
+ * The whole address space decoded by the GT-64120A doesn't generate
+ * exception when accessing invalid memory. Create an empty slot to
+ * emulate this feature.
+ */
+empty_slot_init("GT64120", 0, 0x2000);
 
 /* Southbridge */
 dev = piix4_create(pci_bus, &isa_bus, &smbus);
-- 
2.26.2

[PULL 26/44] hw/mips/cps: Expose input clock and connect it to CPU cores

[Philippe Mathieu-Daudé]

Expose a qdev input clock named 'clk-in', and connect it to each
core to forward-propagate the clock.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-18-f4...@amsat.org>
---
 include/hw/mips/cps.h | 2 ++
 hw/mips/cps.c | 4 
 2 files changed, 6 insertions(+)

diff --git a/include/hw/mips/cps.h b/include/hw/mips/cps.h
index 9e35a881366..859a8d4a674 100644
--- a/include/hw/mips/cps.h
+++ b/include/hw/mips/cps.h
@@ -21,6 +21,7 @@
 #define MIPS_CPS_H
 
 #include "hw/sysbus.h"
+#include "hw/clock.h"
 #include "hw/misc/mips_cmgcr.h"
 #include "hw/intc/mips_gic.h"
 #include "hw/misc/mips_cpc.h"
@@ -43,6 +44,7 @@ struct MIPSCPSState {
 MIPSGICState gic;
 MIPSCPCState cpc;
 MIPSITUState itu;
+Clock *clock;
 };
 
 qemu_irq get_cps_irq(MIPSCPSState *cps, int pin_number);
diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index 23c0f87e41a..af7b58c4bdd 100644
--- a/hw/mips/cps.c
+++ b/hw/mips/cps.c
@@ -22,6 +22,7 @@
 #include "qemu/module.h"
 #include "hw/mips/cps.h"
 #include "hw/mips/mips.h"
+#include "hw/qdev-clock.h"
 #include "hw/qdev-properties.h"
 #include "hw/mips/cpudevs.h"
 #include "sysemu/kvm.h"
@@ -38,6 +39,7 @@ static void mips_cps_init(Object *obj)
 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 MIPSCPSState *s = MIPS_CPS(obj);
 
+s->clock = qdev_init_clock_in(DEVICE(obj), "clk-in", NULL, NULL);
 /*
  * Cover entire address space as there do not seem to be any
  * constraints for the base address of CPC and GIC.
@@ -80,6 +82,8 @@ static void mips_cps_realize(DeviceState *dev, Error **errp)
   errp)) {
 return;
 }
+/* All cores use the same clock tree */
+qdev_connect_clock_in(DEVICE(cpu), "clk-in", s->clock);
 
 if (!qdev_realize_and_unref(DEVICE(cpu), NULL, errp)) {
 return;
-- 
2.26.2

[PULL v2 2/5] tests/9pfs: introduce local tests

[Christian Schoenebeck]

This patch introduces 9pfs test cases using the 9pfs 'local'
filesystem driver which reads/writes/creates/deletes real files
and directories.

In this initial version, there is only one local test which actually
only checks if the 9pfs 'local' device was created successfully.

Before the 9pfs 'local' tests are run, a test directory 'qtest-9p-local'
is created (with world rwx permissions) under the current working
directory. At this point that test directory is not auto deleted yet.

Signed-off-by: Christian Schoenebeck 
Message-Id: 
<81fc4b3b6b6c9bf7999e79f5e7cbc364a5f09ddb.1602182956.git.qemu_...@crudebyte.com>
Signed-off-by: Christian Schoenebeck 
---
 tests/qtest/libqos/virtio-9p.c | 81 ++
 tests/qtest/libqos/virtio-9p.h |  5 +++
 tests/qtest/virtio-9p-test.c   | 44 --
 3 files changed, 116 insertions(+), 14 deletions(-)

diff --git a/tests/qtest/libqos/virtio-9p.c b/tests/qtest/libqos/virtio-9p.c
index 2e300063e3..ee331166de 100644
--- a/tests/qtest/libqos/virtio-9p.c
+++ b/tests/qtest/libqos/virtio-9p.c
@@ -24,6 +24,34 @@
 #include "qgraph.h"
 
 static QGuestAllocator *alloc;
+static char *local_test_path;
+
+/* Concatenates the passed 2 pathes. Returned result must be freed. */
+static char *concat_path(const char* a, const char* b)
+{
+return g_build_filename(a, b, NULL);
+}
+
+static void init_local_test_path(void)
+{
+char *pwd = g_get_current_dir();
+local_test_path = concat_path(pwd, "qtest-9p-local");
+g_free(pwd);
+}
+
+/* Creates the directory for the 9pfs 'local' filesystem driver to access. */
+static void create_local_test_dir(void)
+{
+struct stat st;
+
+g_assert(local_test_path != NULL);
+mkdir(local_test_path, 0777);
+
+/* ensure test directory exists now ... */
+g_assert(stat(local_test_path, &st) == 0);
+/* ... and is actually a directory */
+g_assert((st.st_mode & S_IFMT) == S_IFDIR);
+}
 
 static void virtio_9p_cleanup(QVirtio9P *interface)
 {
@@ -146,11 +174,64 @@ static void *virtio_9p_pci_create(void *pci_bus, 
QGuestAllocator *t_alloc,
 return obj;
 }
 
+/**
+ * Performs regular expression based search and replace on @a haystack.
+ *
+ * @param haystack - input string to be parsed, result of replacement is
+ *   stored back to @a haystack
+ * @param pattern - the regular expression pattern for scanning @a haystack
+ * @param replace_fmt - matches of supplied @a pattern are replaced by this,
+ *  if necessary glib printf format can be used to add
+ *  variable arguments of this function to this
+ *  replacement string
+ */
+static void regex_replace(GString *haystack, const char *pattern,
+  const char *replace_fmt, ...)
+{
+GRegex *regex;
+char *replace, *s;
+va_list argp;
+
+va_start(argp, replace_fmt);
+replace = g_strdup_vprintf(replace_fmt, argp);
+va_end(argp);
+
+regex = g_regex_new(pattern, 0, 0, NULL);
+s = g_regex_replace(regex, haystack->str, -1, 0, replace, 0, NULL);
+g_string_assign(haystack, s);
+g_free(s);
+g_regex_unref(regex);
+g_free(replace);
+}
+
+void virtio_9p_assign_local_driver(GString *cmd_line, const char *args)
+{
+g_assert_nonnull(local_test_path);
+
+/* replace 'synth' driver by 'local' driver */
+regex_replace(cmd_line, "-fsdev synth,", "-fsdev local,");
+
+/* append 'path=...' to '-fsdev ...' group */
+regex_replace(cmd_line, "(-fsdev \\w[^ ]*)", "\\1,path='%s'",
+  local_test_path);
+
+if (!args) {
+return;
+}
+
+/* append passed args to '-fsdev ...' group */
+regex_replace(cmd_line, "(-fsdev \\w[^ ]*)", "\\1,%s", args);
+}
+
 static void virtio_9p_register_nodes(void)
 {
 const char *str_simple = "fsdev=fsdev0,mount_tag=" MOUNT_TAG;
 const char *str_addr = "fsdev=fsdev0,addr=04.0,mount_tag=" MOUNT_TAG;
 
+/* make sure test dir for the 'local' tests exists and is clean */
+init_local_test_path();
+create_local_test_dir();
+
 QPCIAddress addr = {
 .devfn = QPCI_DEVFN(4, 0),
 };
diff --git a/tests/qtest/libqos/virtio-9p.h b/tests/qtest/libqos/virtio-9p.h
index b1e6badc4a..326a603f72 100644
--- a/tests/qtest/libqos/virtio-9p.h
+++ b/tests/qtest/libqos/virtio-9p.h
@@ -44,4 +44,9 @@ struct QVirtio9PDevice {
 QVirtio9P v9p;
 };
 
+/**
+ * Prepares QEMU command line for 9pfs tests using the 'local' fs driver.
+ */
+void virtio_9p_assign_local_driver(GString *cmd_line, const char *args);
+
 #endif
diff --git a/tests/qtest/virtio-9p-test.c b/tests/qtest/virtio-9p-test.c
index 3281153b9c..af7e169d3a 100644
--- a/tests/qtest/virtio-9p-test.c
+++ b/tests/qtest/virtio-9p-test.c
@@ -895,29 +895,45 @@ static void fs_readdir_split_512(void *obj, void *data,
 fs_readdir_split(obj, data, t_alloc, 512);
 }
 
+static void *assign_9p_local_driver(GString *cmd_line, void *arg)
+{
+virtio_9p_assign_local_driver(cmd_line, "sec

[PULL 28/44] hw/mips/malta: Set CPU frequency to 320 MHz

[Philippe Mathieu-Daudé]

The CoreLV card with ID 0x420's CPU clocked at 320 MHz. Create
a 'cpuclk' output clock and connect it to the CPU input clock.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-20-f4...@amsat.org>
---
 hw/mips/malta.c | 19 ---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index 4019c9dc1a8..1e2b750719e 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -26,6 +26,7 @@
 #include "qemu/units.h"
 #include "qemu-common.h"
 #include "cpu.h"
+#include "hw/clock.h"
 #include "hw/southbridge/piix.h"
 #include "hw/isa/superio.h"
 #include "hw/char/serial.h"
@@ -57,6 +58,7 @@
 #include "sysemu/kvm.h"
 #include "hw/semihosting/semihost.h"
 #include "hw/mips/cps.h"
+#include "hw/qdev-clock.h"
 
 #define ENVP_ADDR   0x80002000l
 #define ENVP_NB_ENTRIES 16
@@ -94,6 +96,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(MaltaState, MIPS_MALTA)
 struct MaltaState {
 SysBusDevice parent_obj;
 
+Clock *cpuclk;
 MIPSCPSState cps;
 qemu_irq i8259[ISA_NUM_IRQS];
 };
@@ -1159,7 +1162,7 @@ static void main_cpu_reset(void *opaque)
 }
 }
 
-static void create_cpu_without_cps(MachineState *ms,
+static void create_cpu_without_cps(MachineState *ms, MaltaState *s,
qemu_irq *cbus_irq, qemu_irq *i8259_irq)
 {
 CPUMIPSState *env;
@@ -1167,7 +1170,7 @@ static void create_cpu_without_cps(MachineState *ms,
 int i;
 
 for (i = 0; i < ms->smp.cpus; i++) {
-cpu = MIPS_CPU(cpu_create(ms->cpu_type));
+cpu = mips_cpu_create_with_clock(ms->cpu_type, s->cpuclk);
 
 /* Init internal devices */
 cpu_mips_irq_init_cpu(cpu);
@@ -1189,6 +1192,7 @@ static void create_cps(MachineState *ms, MaltaState *s,
 &error_fatal);
 object_property_set_int(OBJECT(&s->cps), "num-vp", ms->smp.cpus,
 &error_fatal);
+qdev_connect_clock_in(DEVICE(&s->cps), "clk-in", s->cpuclk);
 sysbus_realize(SYS_BUS_DEVICE(&s->cps), &error_fatal);
 
 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
@@ -1203,7 +1207,7 @@ static void mips_create_cpu(MachineState *ms, MaltaState 
*s,
 if ((ms->smp.cpus > 1) && cpu_supports_cps_smp(ms->cpu_type)) {
 create_cps(ms, s, cbus_irq, i8259_irq);
 } else {
-create_cpu_without_cps(ms, cbus_irq, i8259_irq);
+create_cpu_without_cps(ms, s, cbus_irq, i8259_irq);
 }
 }
 
@@ -1421,10 +1425,19 @@ void mips_malta_init(MachineState *machine)
 pci_vga_init(pci_bus);
 }
 
+static void mips_malta_instance_init(Object *obj)
+{
+MaltaState *s = MIPS_MALTA(obj);
+
+s->cpuclk = qdev_init_clock_out(DEVICE(obj), "cpu-refclk");
+clock_set_hz(s->cpuclk, 32000); /* 320 MHz */
+}
+
 static const TypeInfo mips_malta_device = {
 .name  = TYPE_MIPS_MALTA,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(MaltaState),
+.instance_init = mips_malta_instance_init,
 };
 
 static void mips_malta_machine_init(MachineClass *mc)
-- 
2.26.2

[PULL 33/44] hw/mips/malta: Use clearer qdev style

[Philippe Mathieu-Daudé]

In order to be consistent with the other code base uses,
rewrite slightly how the MIPS_MALTA object is created.
No logical change.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20201012160503.3472140-3-f4...@amsat.org>
---
 hw/mips/malta.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index 944045d7701..ff3225bb8e3 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1235,11 +1235,11 @@ void mips_malta_init(MachineState *machine)
 DriveInfo *dinfo;
 int fl_idx = 0;
 int be;
+MaltaState *s;
+DeviceState *dev;
 
-DeviceState *dev = qdev_new(TYPE_MIPS_MALTA);
-MaltaState *s = MIPS_MALTA(dev);
-
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+s = MIPS_MALTA(qdev_new(TYPE_MIPS_MALTA));
+sysbus_realize_and_unref(SYS_BUS_DEVICE(s), &error_fatal);
 
 /* create CPU */
 mips_create_cpu(machine, s, &cbus_irq, &i8259_irq);
-- 
2.26.2

[PULL v2 3/5] tests/9pfs: wipe local 9pfs test directory

[Christian Schoenebeck]

Before running the first 9pfs test case, make sure the test directory
for running the 9pfs 'local' tests on is entirely empty. For that
reason simply delete the test directory (if any) before (re)creating
it on test suite startup.

Note: The preferable precise behaviour would be the test directory
only being wiped once *before* a test suite run. Right now the test
directory is also wiped at the *end* of a test suite run because
libqos is calling the virtio_9p_register_nodes() callback for some
reason also when a test suite completed. This is suboptimal as
developers cannot immediately see what files and directories the
9pfs local tests created precisely after the test suite completed.
But fortunately the test directory is not wiped if some test failed.
So it is probably not worth it drilling another hole into libqos
for this issue.

Signed-off-by: Christian Schoenebeck 
Message-Id: 

Signed-off-by: Christian Schoenebeck 
---
 tests/qtest/libqos/virtio-9p.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/tests/qtest/libqos/virtio-9p.c b/tests/qtest/libqos/virtio-9p.c
index ee331166de..8ee2a134bc 100644
--- a/tests/qtest/libqos/virtio-9p.c
+++ b/tests/qtest/libqos/virtio-9p.c
@@ -53,6 +53,18 @@ static void create_local_test_dir(void)
 g_assert((st.st_mode & S_IFMT) == S_IFDIR);
 }
 
+/* Deletes directory previously created by create_local_test_dir(). */
+static void remove_local_test_dir(void)
+{
+g_assert(local_test_path != NULL);
+char *cmd = g_strdup_printf("rm -r '%s'\n", local_test_path);
+int res = system(cmd);
+if (res < 0) {
+/* ignore error, dummy check to prevent compiler error */
+}
+g_free(cmd);
+}
+
 static void virtio_9p_cleanup(QVirtio9P *interface)
 {
 qvirtqueue_cleanup(interface->vdev->bus, interface->vq, alloc);
@@ -230,6 +242,7 @@ static void virtio_9p_register_nodes(void)
 
 /* make sure test dir for the 'local' tests exists and is clean */
 init_local_test_path();
+remove_local_test_dir();
 create_local_test_dir();
 
 QPCIAddress addr = {
-- 
2.20.1

[PULL 29/44] hw/mips/cps: Do not allow use without input clock

[Philippe Mathieu-Daudé]

Now than all QOM users provides the input clock, do not allow
using a CPS without input clock connected.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-21-f4...@amsat.org>
---
 hw/mips/cps.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index af7b58c4bdd..c624821315a 100644
--- a/hw/mips/cps.c
+++ b/hw/mips/cps.c
@@ -74,6 +74,11 @@ static void mips_cps_realize(DeviceState *dev, Error **errp)
 bool itu_present = false;
 bool saar_present = false;
 
+if (!clock_get(s->clock)) {
+error_setg(errp, "CPS input clock is not connected to an output 
clock");
+return;
+}
+
 for (i = 0; i < s->num_vp; i++) {
 cpu = MIPS_CPU(object_new(s->cpu_type));
 
-- 
2.26.2

[PULL 35/44] hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE)

[Philippe Mathieu-Daudé]

Instead of using a INITRD_PAGE_MASK definition, use the
simpler INITRD_PAGE_SIZE one which allows us to simplify
the code by using directly the self-explicit ROUND_UP()
macro.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20200927163943.614604-3-f4...@amsat.org>
---
 include/hw/mips/mips.h | 4 +++-
 hw/mips/fuloong2e.c| 3 +--
 hw/mips/malta.c| 6 +++---
 hw/mips/mipssim.c  | 3 +--
 hw/mips/r4k.c  | 3 +--
 5 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/include/hw/mips/mips.h b/include/hw/mips/mips.h
index 0af4c3d5d74..6c9c8805f3f 100644
--- a/include/hw/mips/mips.h
+++ b/include/hw/mips/mips.h
@@ -2,8 +2,10 @@
 #define HW_MIPS_H
 /* Definitions for mips board emulation.  */
 
+#include "qemu/units.h"
+
 /* Kernels can be configured with 64KB pages */
-#define INITRD_PAGE_MASK (~((1 << 16) - 1))
+#define INITRD_PAGE_SIZE (64 * KiB)
 
 #include "exec/memory.h"
 
diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index b8234f61083..de66215f95f 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -133,8 +133,7 @@ static int64_t load_kernel(CPUMIPSState *env)
 if (loaderparams.initrd_filename) {
 initrd_size = get_image_size(loaderparams.initrd_filename);
 if (initrd_size > 0) {
-initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) &
-INITRD_PAGE_MASK;
+initrd_offset = ROUND_UP(kernel_high, INITRD_PAGE_SIZE);
 if (initrd_offset + initrd_size > ram_size) {
 error_report("memory too small for initial ram disk '%s'",
  loaderparams.initrd_filename);
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index ff3225bb8e3..beb0f43941a 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1077,9 +1077,9 @@ static int64_t load_kernel(void)
  * the initrd.  It takes at most 128kiB for 2GB RAM and 4kiB
  * pages.
  */
-initrd_offset = (loaderparams.ram_low_size - initrd_size
- - (128 * KiB)
- - ~INITRD_PAGE_MASK) & INITRD_PAGE_MASK;
+initrd_offset = ROUND_UP(loaderparams.ram_low_size
+ - (initrd_size + 128 * KiB),
+ INITRD_PAGE_SIZE);
 if (kernel_high >= initrd_offset) {
 error_report("memory too small for initial ram disk '%s'",
  loaderparams.initrd_filename);
diff --git a/hw/mips/mipssim.c b/hw/mips/mipssim.c
index afef4f2e77a..97dcc232476 100644
--- a/hw/mips/mipssim.c
+++ b/hw/mips/mipssim.c
@@ -90,8 +90,7 @@ static int64_t load_kernel(void)
 if (loaderparams.initrd_filename) {
 initrd_size = get_image_size(loaderparams.initrd_filename);
 if (initrd_size > 0) {
-initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) &
-INITRD_PAGE_MASK;
+initrd_offset = ROUND_UP(kernel_high, INITRD_PAGE_SIZE);
 if (initrd_offset + initrd_size > loaderparams.ram_size) {
 error_report("memory too small for initial ram disk '%s'",
  loaderparams.initrd_filename);
diff --git a/hw/mips/r4k.c b/hw/mips/r4k.c
index 7ee37c49689..38308543421 100644
--- a/hw/mips/r4k.c
+++ b/hw/mips/r4k.c
@@ -115,8 +115,7 @@ static int64_t load_kernel(void)
 if (loaderparams.initrd_filename) {
 initrd_size = get_image_size(loaderparams.initrd_filename);
 if (initrd_size > 0) {
-initrd_offset = (kernel_high + ~INITRD_PAGE_MASK) &
- INITRD_PAGE_MASK;
+initrd_offset = ROUND_UP(kernel_high, INITRD_PAGE_SIZE);
 if (initrd_offset + initrd_size > ram_size) {
 error_report("memory too small for initial ram disk '%s'",
  loaderparams.initrd_filename);
-- 
2.26.2

[PULL v2 4/5] tests/9pfs: add virtio_9p_test_path()

[Christian Schoenebeck]

This new public function virtio_9p_test_path() allows 9pfs
'local' tests to translate a path from guest scope to host
scope. For instance by passing an empty string it would
return the root path on host of the exported 9pfs tree.

Signed-off-by: Christian Schoenebeck 
Message-Id: 

Signed-off-by: Christian Schoenebeck 
---
 tests/qtest/libqos/virtio-9p.c | 6 ++
 tests/qtest/libqos/virtio-9p.h | 5 +
 2 files changed, 11 insertions(+)

diff --git a/tests/qtest/libqos/virtio-9p.c b/tests/qtest/libqos/virtio-9p.c
index 8ee2a134bc..d43647b3b7 100644
--- a/tests/qtest/libqos/virtio-9p.c
+++ b/tests/qtest/libqos/virtio-9p.c
@@ -65,6 +65,12 @@ static void remove_local_test_dir(void)
 g_free(cmd);
 }
 
+char *virtio_9p_test_path(const char *path)
+{
+g_assert(local_test_path);
+return concat_path(local_test_path, path);
+}
+
 static void virtio_9p_cleanup(QVirtio9P *interface)
 {
 qvirtqueue_cleanup(interface->vdev->bus, interface->vq, alloc);
diff --git a/tests/qtest/libqos/virtio-9p.h b/tests/qtest/libqos/virtio-9p.h
index 326a603f72..19a4d97454 100644
--- a/tests/qtest/libqos/virtio-9p.h
+++ b/tests/qtest/libqos/virtio-9p.h
@@ -49,4 +49,9 @@ struct QVirtio9PDevice {
  */
 void virtio_9p_assign_local_driver(GString *cmd_line, const char *args);
 
+/**
+ * Returns path on host to the passed guest path. Result must be freed.
+ */
+char *virtio_9p_test_path(const char *path);
+
 #endif
-- 
2.20.1

[PULL 37/44] hw/mips: Remove exit(1) in case of missing ROM

[Philippe Mathieu-Daudé]

From: Pavel Dovgalyuk 

This patch updates MIPS-based machines to allow starting them without ROM.
In this case CPU starts to execute instructions from the empty memory,
but QEMU allows introspecting the machine configuration.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <159531210571.24117.231100997794891819.stgit@pasha-ThinkPad-X280>
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/fuloong2e.c |  8 +++-
 hw/mips/jazz.c  |  8 +++-
 hw/mips/malta.c | 11 ---
 hw/mips/mipssim.c   | 10 +++---
 4 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/hw/mips/fuloong2e.c b/hw/mips/fuloong2e.c
index de66215f95f..a9e0c2f8d30 100644
--- a/hw/mips/fuloong2e.c
+++ b/hw/mips/fuloong2e.c
@@ -337,10 +337,8 @@ static void mips_fuloong2e_init(MachineState *machine)
 kernel_entry = load_kernel(env);
 write_bootloader(env, memory_region_get_ram_ptr(bios), kernel_entry);
 } else {
-if (bios_name == NULL) {
-bios_name = FULOONG_BIOSNAME;
-}
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS,
+  bios_name ?: FULOONG_BIOSNAME);
 if (filename) {
 bios_size = load_image_targphys(filename, 0x1fc0LL,
 BIOS_SIZE);
@@ -350,7 +348,7 @@ static void mips_fuloong2e_init(MachineState *machine)
 }
 
 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
-!kernel_filename && !qtest_enabled()) {
+bios_name && !qtest_enabled()) {
 error_report("Could not load MIPS bios '%s'", bios_name);
 exit(1);
 }
diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index 8f1ad55ba34..71448f72ac9 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -218,10 +218,7 @@ static void mips_jazz_init(MachineState *machine,
 memory_region_add_subregion(address_space, 0xfff0LL, bios2);
 
 /* load the BIOS image. */
-if (bios_name == NULL) {
-bios_name = BIOS_FILENAME;
-}
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name ?: BIOS_FILENAME);
 if (filename) {
 bios_size = load_image_targphys(filename, 0xfff0LL,
 MAGNUM_BIOS_SIZE);
@@ -229,7 +226,8 @@ static void mips_jazz_init(MachineState *machine,
 } else {
 bios_size = -1;
 }
-if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE) && !qtest_enabled()) {
+if ((bios_size < 0 || bios_size > MAGNUM_BIOS_SIZE)
+&& bios_name && !qtest_enabled()) {
 error_report("Could not load MIPS bios '%s'", bios_name);
 exit(1);
 }
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index beb0f43941a..9d1a3b50b7a 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -1332,10 +1332,8 @@ void mips_malta_init(MachineState *machine)
 /* Load firmware from flash. */
 if (!dinfo) {
 /* Load a BIOS image. */
-if (bios_name == NULL) {
-bios_name = BIOS_FILENAME;
-}
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS,
+  bios_name ?: BIOS_FILENAME);
 if (filename) {
 bios_size = load_image_targphys(filename, FLASH_ADDRESS,
 BIOS_SIZE);
@@ -1344,9 +1342,8 @@ void mips_malta_init(MachineState *machine)
 bios_size = -1;
 }
 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
-!kernel_filename && !qtest_enabled()) {
-error_report("Could not load MIPS bios '%s', and no "
- "-kernel argument was specified", bios_name);
+bios_name && !qtest_enabled()) {
+error_report("Could not load MIPS bios '%s'", bios_name);
 exit(1);
 }
 }
diff --git a/hw/mips/mipssim.c b/hw/mips/mipssim.c
index 97dcc232476..aaa62a0f4b7 100644
--- a/hw/mips/mipssim.c
+++ b/hw/mips/mipssim.c
@@ -177,10 +177,7 @@ mips_mipssim_init(MachineState *machine)
 /* Map the BIOS / boot exception handler. */
 memory_region_add_subregion(address_space_mem, 0x1fc0LL, bios);
 /* Load a BIOS / boot exception handler image. */
-if (bios_name == NULL) {
-bios_name = BIOS_FILENAME;
-}
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name ?: BIOS_FILENAME);
 if (filename) {
 bios_size = load_image_targphys(filename, 0x1fc0LL, BIOS_SIZE);
 g_free(filename);
@@ -188,10 +185,9 @@ mips_mipssim_init(MachineState *machine)
 bios_size = -1;
 }
 if ((bios_size < 0 || bios_size > BIOS_SIZE) &&
-

[PULL 30/44] target/mips/cpu: Display warning when CPU is used without input clock

[Philippe Mathieu-Daudé]

All our QOM users provides an input clock. In order to avoid
avoid future machines added without clock, display a warning.

User-mode emulation use the CP0 timer with the RDHWR instruction
(see commit cdfcad788394) so keep using the fixed 200 MHz clock
without diplaying any warning. Only display it in system-mode
emulation.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20201012095804.3335117-22-f4...@amsat.org>
---
 target/mips/cpu.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 33a9ed5c24b..76d50b00b42 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -19,12 +19,14 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/cutils.h"
 #include "qapi/error.h"
 #include "cpu.h"
 #include "internal.h"
 #include "kvm_mips.h"
 #include "qemu/module.h"
 #include "sysemu/kvm.h"
+#include "sysemu/qtest.h"
 #include "exec/exec-all.h"
 #include "hw/qdev-properties.h"
 #include "hw/qdev-clock.h"
@@ -158,6 +160,14 @@ static void mips_cpu_realizefn(DeviceState *dev, Error 
**errp)
 Error *local_err = NULL;
 
 if (!clock_get(cpu->clock)) {
+#ifndef CONFIG_USER_ONLY
+if (!qtest_enabled()) {
+g_autofree char *cpu_freq_str = freq_to_str(CPU_FREQ_HZ_DEFAULT);
+
+warn_report("CPU input clock is not connected to any output clock, 
"
+"using default frequency of %s.", cpu_freq_str);
+}
+#endif
 /* Initialize the frequency in case the clock remains unconnected. */
 clock_set_hz(cpu->clock, CPU_FREQ_HZ_DEFAULT);
 }
-- 
2.26.2

[PULL 38/44] tests/acceptance: Add MIPS record/replay tests

[Philippe Mathieu-Daudé]

From: Pavel Dovgalyuk 

This patch adds MIPS-targeted acceptance tests for
record/replay functions.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <160276110297.2705.10918105269658307206.stgit@pasha-ThinkPad-X280>
[PMD: Moved 'override timeout' comment from instance to class,
  moved nanomips tests to ReplayKernelSlow class,
  tagged ReplayKernelSlow class with AVOCADO_TIMEOUT_EXPECTED]
Signed-off-by: Philippe Mathieu-Daudé 
---
 tests/acceptance/replay_kernel.py | 167 +-
 1 file changed, 166 insertions(+), 1 deletion(-)

diff --git a/tests/acceptance/replay_kernel.py 
b/tests/acceptance/replay_kernel.py
index 952f429cace..00c228382bd 100644
--- a/tests/acceptance/replay_kernel.py
+++ b/tests/acceptance/replay_kernel.py
@@ -9,6 +9,8 @@
 # later.  See the COPYING file in the top-level directory.
 
 import os
+import lzma
+import shutil
 import logging
 import time
 
@@ -19,7 +21,7 @@
 from avocado.utils import process
 from boot_linux_console import LinuxKernelTest
 
-class ReplayKernel(LinuxKernelTest):
+class ReplayKernelBase(LinuxKernelTest):
 """
 Boots a Linux kernel in record mode and checks that the console
 is operational and the kernel command line is properly passed
@@ -74,6 +76,7 @@ def run_rr(self, kernel_path, kernel_command_line, 
console_pattern,
 logger = logging.getLogger('replay')
 logger.info('replay overhead {:.2%}'.format(t2 / t1 - 1))
 
+class ReplayKernelNormal(ReplayKernelBase):
 @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab')
 def test_x86_64_pc(self):
 """
@@ -91,6 +94,51 @@ def test_x86_64_pc(self):
 
 self.run_rr(kernel_path, kernel_command_line, console_pattern, shift=5)
 
+def test_mips_malta(self):
+"""
+:avocado: tags=arch:mips
+:avocado: tags=machine:malta
+:avocado: tags=endian:big
+"""
+deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+   'linux-image-2.6.32-5-4kc-malta_2.6.32-48_mips.deb')
+deb_hash = 'a8cfc28ad8f45f54811fc6cf74fc43ffcfe0ba04'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinux-2.6.32-5-4kc-malta')
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 'console=ttyS0'
+console_pattern = 'Kernel command line: %s' % kernel_command_line
+
+self.run_rr(kernel_path, kernel_command_line, console_pattern, shift=5)
+
+def test_mips64el_malta(self):
+"""
+This test requires the ar tool to extract "data.tar.gz" from
+the Debian package.
+
+The kernel can be rebuilt using this Debian kernel source [1] and
+following the instructions on [2].
+
+[1] http://snapshot.debian.org/package/linux-2.6/2.6.32-48/
+#linux-source-2.6.32_2.6.32-48
+[2] https://kernel-team.pages.debian.net/kernel-handbook/
+ch-common-tasks.html#s-common-official
+
+:avocado: tags=arch:mips64el
+:avocado: tags=machine:malta
+"""
+deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20130217T032700Z/pool/main/l/linux-2.6/'
+   'linux-image-2.6.32-5-5kc-malta_2.6.32-48_mipsel.deb')
+deb_hash = '1aaec92083bf22fda31e0d27fa8d9a388e5fc3d5'
+deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+kernel_path = self.extract_from_deb(deb_path,
+'/boot/vmlinux-2.6.32-5-5kc-malta')
+kernel_command_line = self.KERNEL_COMMON_COMMAND_LINE + 'console=ttyS0'
+console_pattern = 'Kernel command line: %s' % kernel_command_line
+self.run_rr(kernel_path, kernel_command_line, console_pattern, shift=5)
+
 def test_aarch64_virt(self):
 """
 :avocado: tags=arch:aarch64
@@ -302,3 +350,120 @@ def test_xtensa_lx60(self):
 file_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
 self.do_test_advcal_2018(file_path, 'santas-sleigh-ride.elf',
  args=('-cpu', 'dc233c'))
+
+@skipUnless(os.getenv('AVOCADO_TIMEOUT_EXPECTED'), 'Test might timeout')
+class ReplayKernelSlow(ReplayKernelBase):
+# Override the timeout, because this kernel includes an inner
+# loop which is executed with TB recompilings during replay,
+# making it very slow.
+timeout = 180
+
+def test_mips_malta_cpio(self):
+"""
+:avocado: tags=arch:mips
+:avocado: tags=machine:malta
+:avocado: tags=endian:big
+:avocado: tags=slowness:high
+"""
+deb_url = ('http://snapshot.debian.org/archive/debian/'
+   '20160601T041800Z/pool/main/l/linux/'
+   'linux-image-4.5.0-2-4kc-malta_4.5.5-1_mips.deb')
+

[PULL 31/44] hw/mips/malta: Fix FPGA I/O region size

[Philippe Mathieu-Daudé]

The FPGA present on the CoreCard has an I/O region 1MiB wide.

Refs:
- Atlas User’s Manual (Document Number: MD5)
- Malta User’s Manual (Document Number: MD00048)

Fixes: ea85df72b60 ("mips_malta: convert to memory API")
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20200905213049.761949-1-f4...@amsat.org>
---
 hw/mips/malta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/mips/malta.c b/hw/mips/malta.c
index 1e2b750719e..a4a4c386268 100644
--- a/hw/mips/malta.c
+++ b/hw/mips/malta.c
@@ -578,7 +578,7 @@ static MaltaFPGAState *malta_fpga_init(MemoryRegion 
*address_space,
 memory_region_init_alias(&s->iomem_lo, NULL, "malta-fpga",
  &s->iomem, 0, 0x900);
 memory_region_init_alias(&s->iomem_hi, NULL, "malta-fpga",
- &s->iomem, 0xa00, 0x1 - 0xa00);
+ &s->iomem, 0xa00, 0x10 - 0xa00);
 
 memory_region_add_subregion(address_space, base, &s->iomem_lo);
 memory_region_add_subregion(address_space, base + 0xa00, &s->iomem_hi);
-- 
2.26.2

[PULL v2 0/5] 9p queue (previous 2020-10-15)

[Christian Schoenebeck]

The following changes since commit e12ce85b2c79d83a340953291912875c30b3af06:

  Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' 
into staging (2020-10-16 22:46:28 +0100)

are available in the Git repository at:

  https://github.com/cschoenebeck/qemu.git tags/pull-9p-20201017

for you to fetch changes up to fa4551e3f4416cc8c62086ac430b1ceb4f03eb6b:

  tests/9pfs: add local Tmkdir test (2020-10-17 15:58:39 +0200)


9pfs: add tests using local fs driver

The currently existing 9pfs test cases are all solely using the 9pfs 'synth'
fileystem driver, which is a very simple and purely simulated (in RAM only)
filesystem. There are issues though where the 'synth' fs driver is not
sufficient. For example the following two bugs need test cases running the
9pfs 'local' fs driver:

https://bugs.launchpad.net/qemu/+bug/1336794
https://bugs.launchpad.net/qemu/+bug/1877384

This patch set for that reason introduces 9pfs test cases using the 9pfs
'local' filesystem driver along to the already existing tests on 'synth'.


Christian Schoenebeck (5):
  tests/9pfs: change qtest name prefix to synth
  tests/9pfs: introduce local tests
  tests/9pfs: wipe local 9pfs test directory
  tests/9pfs: add virtio_9p_test_path()
  tests/9pfs: add local Tmkdir test

 tests/qtest/libqos/virtio-9p.c | 100 +
 tests/qtest/libqos/virtio-9p.h |  10 +++
 tests/qtest/virtio-9p-test.c   | 197 -
 3 files changed, 286 insertions(+), 21 deletions(-)

[PULL 36/44] hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON

[Philippe Mathieu-Daudé]

From: Eduardo Habkost 

This will make the type name constant consistent with the name of
the type checking macro.

Signed-off-by: Eduardo Habkost 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <20200902224311.1321159-19-ehabk...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/boston.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/mips/boston.c b/hw/mips/boston.c
index cf2296f4488..74c18edbb34 100644
--- a/hw/mips/boston.c
+++ b/hw/mips/boston.c
@@ -44,10 +44,10 @@
 #include 
 #include "qom/object.h"
 
-#define TYPE_MIPS_BOSTON "mips-boston"
+#define TYPE_BOSTON "mips-boston"
 typedef struct BostonState BostonState;
 DECLARE_INSTANCE_CHECKER(BostonState, BOSTON,
- TYPE_MIPS_BOSTON)
+ TYPE_BOSTON)
 
 struct BostonState {
 SysBusDevice parent_obj;
@@ -262,7 +262,7 @@ static void mips_boston_instance_init(Object *obj)
 }
 
 static const TypeInfo boston_device = {
-.name  = TYPE_MIPS_BOSTON,
+.name  = TYPE_BOSTON,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(BostonState),
 .instance_init = mips_boston_instance_init,
@@ -455,7 +455,7 @@ static void boston_mach_init(MachineState *machine)
 exit(1);
 }
 
-dev = qdev_new(TYPE_MIPS_BOSTON);
+dev = qdev_new(TYPE_BOSTON);
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
 
 s = BOSTON(dev);
-- 
2.26.2

Re: io_uring possibly the culprit for qemu hang (linux-5.4.y)

[Ju Hyung Park]

Hi Jens.

On Sat, Oct 17, 2020 at 3:07 AM Jens Axboe  wrote:
>
> Would be great if you could try 5.4.71 and see if that helps for your
> issue.
>

Oh wow, yeah it did fix the issue.

I'm able to reliably turn off and start the VM multiple times in a row.
Double checked by confirming QEMU is dynamically linked to liburing.so.1.

Looks like those 4 io_uring fixes helped.

Thanks!

[PULL 43/44] MAINTAINERS: Remove duplicated Malta test entries

[Philippe Mathieu-Daudé]

The Malta tests are already covered in the Malta section.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Message-Id: <20201013101659.3557154-3-f4...@amsat.org>
---
 MAINTAINERS | 2 --
 1 file changed, 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 8770cd6d05a..a7f0acf8663 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -237,8 +237,6 @@ F: include/hw/intc/mips_gic.h
 F: include/hw/mips/
 F: include/hw/misc/mips_*
 F: include/hw/timer/mips_gictimer.h
-F: tests/acceptance/linux_ssh_mips_malta.py
-F: tests/acceptance/machine_mips_malta.py
 F: tests/tcg/mips/
 K: ^Subject:.*(?i)mips
 
-- 
2.26.2

Re: [PULL v2 00/22] Build system + misc changes for 2020-10-16

[Peter Maydell]

On Sat, 17 Oct 2020 at 14:38, Paolo Bonzini  wrote:
> OpenBSD and NetBSD call the ninja package "ninja-build" unlike FreeBSD.
>  I'm sure I had used the right name but well I didn't.  I'll send a v3.

OpenBSD built OK but meson produces this new warning:

Library iconv found: NO
../src/meson.build:531: WARNING: iconv required for curses UI but not
available, disabling

thanks
-- PMM

[PULL 44/44] target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)

[Philippe Mathieu-Daudé]

Per "MIPS32 34K Processor Core Family Software User's Manual,
Revision 01.13" page 8 in "Joint TLB (JTLB)" section:

  "The JTLB is a fully associative TLB cache containing 16, 32,
   or 64-dual-entries mapping up to 128 virtual pages to their
   corresponding physical addresses."

There is no particular reason to restrict the 34Kf core model to
16 TLB entries, so raise its config to 64.

This is helpful for other projects, in particular the Yocto Project:

  Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit
  MIPS CI loop. It was observed that in this case CI test execution
  time was almost twice longer than 64bit MIPS variant that runs
  under MIPS64R2-generic model. It was investigated and concluded
  that the difference in number of TLBs 16 in 34Kf case vs 64 in
  MIPS64R2-generic is responsible for most of CI real time execution
  difference. Because with 16 TLBs linux user-land trashes TLB more
  and it needs to execute more instructions in TLB refill handler
  calls, as result it runs much longer.

(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html)

Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992
Reported-by: Victor Kamensky 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20201016133317.553068-1-f4...@amsat.org>
---
 target/mips/translate_init.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/mips/translate_init.c.inc b/target/mips/translate_init.c.inc
index c735b2bf667..fb5a9b38e5d 100644
--- a/target/mips/translate_init.c.inc
+++ b/target/mips/translate_init.c.inc
@@ -254,7 +254,7 @@ const mips_def_t mips_defs[] =
 .CP0_PRid = 0x00019500,
 .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
(MMU_TYPE_R4000 << CP0C0_MT),
-.CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) |
+.CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) |
(0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) |
(0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) |
(1 << CP0C1_CA),
-- 
2.26.2

[PULL v2 5/5] tests/9pfs: add local Tmkdir test

[Christian Schoenebeck]

This test case uses the 9pfs 'local' driver to create a directory
and then checks if the expected directory was actually created
(as real directory) on host side.

This patch introduces a custom split() implementation, because
the test code requires non empty array elements as result. For
that reason g_strsplit() would not be a good alternative, as
it would require additional filter code for reshuffling the
array, and the resulting code would be even more complex than
this split() function.

Signed-off-by: Christian Schoenebeck 
Message-Id: 

Signed-off-by: Christian Schoenebeck 
---
 tests/qtest/virtio-9p-test.c | 139 +++
 1 file changed, 139 insertions(+)

diff --git a/tests/qtest/virtio-9p-test.c b/tests/qtest/virtio-9p-test.c
index af7e169d3a..c15908f27b 100644
--- a/tests/qtest/virtio-9p-test.c
+++ b/tests/qtest/virtio-9p-test.c
@@ -18,6 +18,62 @@
 #define QVIRTIO_9P_TIMEOUT_US (10 * 1000 * 1000)
 static QGuestAllocator *alloc;
 
+/*
+ * Used to auto generate new fids. Start with arbitrary high value to avoid
+ * collision with hard coded fids in basic test code.
+ */
+static uint32_t fid_generator = 1000;
+
+static uint32_t genfid(void)
+{
+return fid_generator++;
+}
+
+/**
+ * Splits the @a in string by @a delim into individual (non empty) strings
+ * and outputs them to @a out. The output array @a out is NULL terminated.
+ *
+ * Output array @a out must be freed by calling split_free().
+ *
+ * @returns number of individual elements in output array @a out (without the
+ *  final NULL terminating element)
+ */
+static int split(const char *in, const char *delim, char ***out)
+{
+int n = 0, i = 0;
+char *tmp, *p;
+
+tmp = g_strdup(in);
+for (p = strtok(tmp, delim); p != NULL; p = strtok(NULL, delim)) {
+if (strlen(p) > 0) {
+++n;
+}
+}
+g_free(tmp);
+
+*out = g_new0(char *, n + 1); /* last element NULL delimiter */
+
+tmp = g_strdup(in);
+for (p = strtok(tmp, delim); p != NULL; p = strtok(NULL, delim)) {
+if (strlen(p) > 0) {
+(*out)[i++] = g_strdup(p);
+}
+}
+g_free(tmp);
+
+return n;
+}
+
+static void split_free(char ***out)
+{
+int i;
+for (i = 0; (*out)[i]; ++i) {
+g_free((*out)[i]);
+}
+g_free(*out);
+*out = NULL;
+}
+
 static void pci_config(void *obj, void *data, QGuestAllocator *t_alloc)
 {
 QVirtio9P *v9p = obj;
@@ -201,6 +257,7 @@ static const char *rmessage_name(uint8_t id)
 id == P9_RWALK ? "RWALK" :
 id == P9_RLOPEN ? "RLOPEN" :
 id == P9_RWRITE ? "RWRITE" :
+id == P9_RMKDIR ? "RMKDIR" :
 id == P9_RFLUSH ? "RFLUSH" :
 id == P9_RREADDIR ? "READDIR" :
 "";
@@ -578,6 +635,39 @@ static bool fs_dirents_contain_name(struct V9fsDirent *e, 
const char* name)
 return false;
 }
 
+/* size[4] Tmkdir tag[2] dfid[4] name[s] mode[4] gid[4] */
+static P9Req *v9fs_tmkdir(QVirtio9P *v9p, uint32_t dfid, const char *name,
+  uint32_t mode, uint32_t gid, uint16_t tag)
+{
+P9Req *req;
+
+uint32_t body_size = 4 + 4 + 4;
+uint16_t string_size = v9fs_string_size(name);
+
+g_assert_cmpint(body_size, <=, UINT32_MAX - string_size);
+body_size += string_size;
+
+req = v9fs_req_init(v9p, body_size, P9_TMKDIR, tag);
+v9fs_uint32_write(req, dfid);
+v9fs_string_write(req, name);
+v9fs_uint32_write(req, mode);
+v9fs_uint32_write(req, gid);
+v9fs_req_send(req);
+return req;
+}
+
+/* size[4] Rmkdir tag[2] qid[13] */
+static void v9fs_rmkdir(P9Req *req, v9fs_qid *qid)
+{
+v9fs_req_recv(req, P9_RMKDIR);
+if (qid) {
+v9fs_memread(req, qid, 13);
+} else {
+v9fs_memskip(req, 13);
+}
+v9fs_req_free(req);
+}
+
 /* basic readdir test where reply fits into a single response message */
 static void fs_readdir(void *obj, void *data, QGuestAllocator *t_alloc)
 {
@@ -877,6 +967,30 @@ static void fs_flush_ignored(void *obj, void *data, 
QGuestAllocator *t_alloc)
 g_free(wnames[0]);
 }
 
+static void fs_mkdir(void *obj, void *data, QGuestAllocator *t_alloc,
+ const char *path, const char *cname)
+{
+QVirtio9P *v9p = obj;
+alloc = t_alloc;
+char **wnames;
+char *const name = g_strdup(cname);
+P9Req *req;
+const uint32_t fid = genfid();
+
+int nwnames = split(path, "/", &wnames);
+
+req = v9fs_twalk(v9p, 0, fid, nwnames, wnames, 0);
+v9fs_req_wait_for_reply(req, NULL);
+v9fs_rwalk(req, NULL, NULL);
+
+req = v9fs_tmkdir(v9p, fid, name, 0750, 0, 0);
+v9fs_req_wait_for_reply(req, NULL);
+v9fs_rmkdir(req, NULL);
+
+g_free(name);
+split_free(&wnames);
+}
+
 static void fs_readdir_split_128(void *obj, void *data,
  QGuestAllocator *t_alloc)
 {
@@ -895,6 +1009,30 @@ static void fs_readdir_split_512(void *obj, void *data,
 fs_readdir_split(obj, data, t_alloc, 512);
 }
 
+
+/* tests using