[Qemu-devel] [PULL 0/5] target-mips queue for 2.4

[Qemu-devel] [PULL 0/5] target-mips queue for 2.4

[Leon Alrae]

Hi,

This last minute pull request for -rc3 contains target-mips bug fixes and
it also includes recent Herve's dp8393x fixes.

Thanks,
Leon

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Aurelien Jarno <aurelien@aurel32.net>

The following changes since commit f8787f8723eaca1be99e3b1873e54de163fffa93:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150727' into staging (2015-07-27 19:37:09 +0100)

are available in the git repository at:

  git://github.com/lalrae/qemu.git tags/mips-20150728

for you to fetch changes up to 52579c681cb12bf64de793e85edc50d990f4d42f:

  net/dp8393x: do not use memory_region_init_rom_device with NULL (2015-07-28 09:30:10 +0100)

----------------------------------------------------------------
MIPS patches 2015-07-28

Changes:
* net/dp8393x fixes
* Vectored Interrupts bug fix
* fix for a bug in machine.c which was provoking a warning on FreeBSD

----------------------------------------------------------------
Hervé Poussineau (3):
      net/dp8393x: disable user creation
      net/dp8393x: remove check of runt packets
      net/dp8393x: do not use memory_region_init_rom_device with NULL

Leon Alrae (1):
      target-mips: fix passing incompatible pointer type in machine.c

Yongbok Kim (1):
      target-mips: fix offset calculation for Interrupts

 hw/net/dp8393x.c        | 17 ++++++++++-------
 target-mips/helper.c    | 46 +++++++++++++++++++++-------------------------
 target-mips/machine.c   |  3 ++-
 target-mips/op_helper.c |  2 --
 4 files changed, 33 insertions(+), 35 deletions(-)

[Qemu-devel] [PULL 1/5] target-mips: fix passing incompatible pointer type in machine.c

[Leon Alrae]

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 target-mips/machine.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-mips/machine.c b/target-mips/machine.c
index 8fa755c..b15c43a 100644
--- a/target-mips/machine.c
+++ b/target-mips/machine.c
@@ -153,6 +153,7 @@ static void put_tlb(QEMUFile *f, void *pv, size_t size)
 {
     r4k_tlb_t *v = pv;
 
+    uint8_t asid = v->ASID;
     uint16_t flags = ((v->EHINV << 15) |
                       (v->RI1 << 14) |
                       (v->RI0 << 13) |
@@ -168,7 +169,7 @@ static void put_tlb(QEMUFile *f, void *pv, size_t size)
 
     qemu_put_betls(f, &v->VPN);
     qemu_put_be32s(f, &v->PageMask);
-    qemu_put_8s(f, &v->ASID);
+    qemu_put_8s(f, &asid);
     qemu_put_be16s(f, &flags);
     qemu_put_be64s(f, &v->PFN[0]);
     qemu_put_be64s(f, &v->PFN[1]);
-- 
2.1.0

[Qemu-devel] [PULL 2/5] target-mips: fix offset calculation for Interrupts

[Leon Alrae]

From: Yongbok Kim <yongbok.kim@imgtec.com>

Correct computation of vector offsets for EXCP_EXT_INTERRUPT.
For instance, if Cause.IV is 0 the vector offset should be 0x180.

Simplify the finding vector number logic for the Vectored Interrupts.

Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
[leon.alrae@imgtec.com: cosmetic changes]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 target-mips/helper.c    | 46 +++++++++++++++++++++-------------------------
 target-mips/op_helper.c |  2 --
 2 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/target-mips/helper.c b/target-mips/helper.c
index 8e3204a..04ba19f 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -565,34 +565,30 @@ void mips_cpu_do_interrupt(CPUState *cs)
         break;
     case EXCP_EXT_INTERRUPT:
         cause = 0;
-        if (env->CP0_Cause & (1 << CP0Ca_IV))
-            offset = 0x200;
-
-        if (env->CP0_Config3 & ((1 << CP0C3_VInt) | (1 << CP0C3_VEIC))) {
-            /* Vectored Interrupts.  */
-            unsigned int spacing;
-            unsigned int vector;
-            unsigned int pending = (env->CP0_Cause & CP0Ca_IP_mask) >> 8;
-
-            pending &= env->CP0_Status >> 8;
-            /* Compute the Vector Spacing.  */
-            spacing = (env->CP0_IntCtl >> CP0IntCtl_VS) & ((1 << 6) - 1);
-            spacing <<= 5;
-
-            if (env->CP0_Config3 & (1 << CP0C3_VInt)) {
-                /* For VInt mode, the MIPS computes the vector internally.  */
-                for (vector = 7; vector > 0; vector--) {
-                    if (pending & (1 << vector)) {
-                        /* Found it.  */
-                        break;
+        if (env->CP0_Cause & (1 << CP0Ca_IV)) {
+            uint32_t spacing = (env->CP0_IntCtl >> CP0IntCtl_VS) & 0x1f;
+
+            if ((env->CP0_Status & (1 << CP0St_BEV)) || spacing == 0) {
+                offset = 0x200;
+            } else {
+                uint32_t vector = 0;
+                uint32_t pending = (env->CP0_Cause & CP0Ca_IP_mask) >> CP0Ca_IP;
+
+                if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
+                    /* For VEIC mode, the external interrupt controller feeds
+                     * the vector through the CP0Cause IP lines.  */
+                    vector = pending;
+                } else {
+                    /* Vectored Interrupts
+                     * Mask with Status.IM7-IM0 to get enabled interrupts. */
+                    pending &= (env->CP0_Status >> CP0St_IM) & 0xff;
+                    /* Find the highest-priority interrupt. */
+                    while (pending >>= 1) {
+                        vector++;
                     }
                 }
-            } else {
-                /* For VEIC mode, the external interrupt controller feeds the
-                   vector through the CP0Cause IP lines.  */
-                vector = pending;
+                offset = 0x200 + (vector * (spacing << 5));
             }
-            offset = 0x200 + vector * spacing;
         }
         goto set_EPC;
     case EXCP_LTLBL:
diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index 9c28631..db4f6b9 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -1432,7 +1432,6 @@ void helper_mttc0_status(CPUMIPSState *env, target_ulong arg1)
 
 void helper_mtc0_intctl(CPUMIPSState *env, target_ulong arg1)
 {
-    /* vectored interrupts not implemented, no performance counters. */
     env->CP0_IntCtl = (env->CP0_IntCtl & ~0x000003e0) | (arg1 & 0x000003e0);
 }
 
@@ -1473,7 +1472,6 @@ target_ulong helper_mftc0_ebase(CPUMIPSState *env)
 
 void helper_mtc0_ebase(CPUMIPSState *env, target_ulong arg1)
 {
-    /* vectored interrupts not implemented */
     env->CP0_EBase = (env->CP0_EBase & ~0x3FFFF000) | (arg1 & 0x3FFFF000);
 }
 
-- 
2.1.0

[Qemu-devel] [PULL 3/5] net/dp8393x: disable user creation

[Leon Alrae]

From: Hervé Poussineau <hpoussin@reactos.org>

Netcard needs an address space to write data to, which can't be specified
on command line.
This fixes a crash when user starts QEMU with "-device dp8393x"

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 hw/net/dp8393x.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 451ff72..93d6a47 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -889,6 +889,8 @@ static void dp8393x_class_init(ObjectClass *klass, void *data)
     dc->reset = dp8393x_reset;
     dc->vmsd = &vmstate_dp8393x;
     dc->props = dp8393x_properties;
+    /* Reason: dma_mr property can't be set */
+    dc->cannot_instantiate_with_device_add_yet = true;
 }
 
 static const TypeInfo dp8393x_info = {
-- 
2.1.0

[Qemu-devel] [PULL 4/5] net/dp8393x: remove check of runt packets

[Leon Alrae]

From: Hervé Poussineau <hpoussin@reactos.org>

Ethernet requires that messages are at least 64 bytes on the wire. This
limitation does not exist on emulation (no wire message), so remove the
check. Netcard is now able to receive small network packets.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 hw/net/dp8393x.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 93d6a47..0f45146 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -643,11 +643,6 @@ static int dp8393x_receive_filter(dp8393xState *s, const uint8_t * buf,
     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
     int i;
 
-    /* Check for runt packet (remember that checksum is not there) */
-    if (size < 64 - 4) {
-        return (s->regs[SONIC_RCR] & SONIC_RCR_RNT) ? 0 : -1;
-    }
-
     /* Check promiscuous mode */
     if ((s->regs[SONIC_RCR] & SONIC_RCR_PRO) && (buf[0] & 1) == 0) {
         return 0;
-- 
2.1.0

[Qemu-devel] [PULL 5/5] net/dp8393x: do not use memory_region_init_rom_device with NULL

[Leon Alrae]

From: Hervé Poussineau <hpoussin@reactos.org>

Replace memory_region_init_rom_device() with memory_region_init_ram() and
memory_region_set_readonly().
This fixes a guest-triggerable QEMU crash when guest tries to write to PROM.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[leon.alrae@imgtec.com: shorten subject length]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
---
 hw/net/dp8393x.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 0f45146..ab607e4 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -831,6 +831,7 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
     dp8393xState *s = DP8393X(dev);
     int i, checksum;
     uint8_t *prom;
+    Error *local_err = NULL;
 
     address_space_init(&s->as, s->dma_mr, "dp8393x");
     memory_region_init_io(&s->mmio, OBJECT(dev), &dp8393x_ops, s,
@@ -843,8 +844,13 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
     s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s);
     s->regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */
 
-    memory_region_init_rom_device(&s->prom, OBJECT(dev), NULL, NULL,
-                                  "dp8393x-prom", SONIC_PROM_SIZE, NULL);
+    memory_region_init_ram(&s->prom, OBJECT(dev),
+                           "dp8393x-prom", SONIC_PROM_SIZE, &local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return;
+    }
+    memory_region_set_readonly(&s->prom, true);
     prom = memory_region_get_ram_ptr(&s->prom);
     checksum = 0;
     for (i = 0; i < 6; i++) {
-- 
2.1.0

Re: [Qemu-devel] [PULL 0/5] target-mips queue for 2.4

[Peter Maydell]

On 28 July 2015 at 11:04, Leon Alrae <leon.alrae@imgtec.com> wrote:
> Hi,
>
> This last minute pull request for -rc3 contains target-mips bug fixes and
> it also includes recent Herve's dp8393x fixes.
>
> Thanks,
> Leon
>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: Aurelien Jarno <aurelien@aurel32.net>
>
> The following changes since commit f8787f8723eaca1be99e3b1873e54de163fffa93:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20150727' into staging (2015-07-27 19:37:09 +0100)
>
> are available in the git repository at:
>
>   git://github.com/lalrae/qemu.git tags/mips-20150728
>
> for you to fetch changes up to 52579c681cb12bf64de793e85edc50d990f4d42f:
>
>   net/dp8393x: do not use memory_region_init_rom_device with NULL (2015-07-28 09:30:10 +0100)
>
> ----------------------------------------------------------------
> MIPS patches 2015-07-28
>
> Changes:
> * net/dp8393x fixes
> * Vectored Interrupts bug fix
> * fix for a bug in machine.c which was provoking a warning on FreeBSD

Applied, thanks.

-- PMM