[Qemu-devel] [PATCH v1 for-2.12 0/9] s390x/tcg: facilitites and instructions

[Qemu-devel] [PATCH v1 for-2.12 0/9] s390x/tcg: facilitites and instructions

[David Hildenbrand]

Wire up some io instructions and implement new facilitites. Make sure
to take care of MTTCG when it comes to atomic operations.

As we are now able to install/boot a Fedora 26/27 as well as an upstream
kernel compiled for z12, let's bump up the QEMU cpu model to a very
stripped down version of a z12 (with missing base features). Take care
of backwards compatibility (as we defined the QEMU model as
migration-safe).

Try it yourself: https://github.com/davidhildenbrand/qemu.git s390x-queue

This branch is based on https://github.com/cohuck/qemu.git s390x-next
and contains other patches sent previously, especially
- s390x/tcg: CCW hotplug support
- cpus: make pause_all_cpus() play with SMP on single threaded TCG
- cpu-exec: fix missed CPU kick during interrupt injection

$ baseurl=https://ftp-stud.hs-esslingen.de/pub/fedora-secondary/releases/27/Server/s390x/os/
$ wget ${baseurl}/images/kernel.img
$ wget ${baseurl}/images/initrd.img
$ qemu-img create -f qcow2 guest-tcg.qcow2 8G
$ qemu-system-s390x \
    -nographic -machine s390-ccw-virtio -m 2048 \
    --accel tcg,thread=multi -smp 4,maxcpus=4 \
    -hda guest-tcg.qcow2 \
    -kernel kernel.img \
    -initrd initrd.img \
    --append "TERM=linux inst.repo=${baseurl}/ ip=dhcp inst.geoloc=0"

Please note that we still have problems with floating interrupts. I have
already patches and will send them out soon, once the current set of
patches have been reviewed and picked up. So if you run into problems,
try with -smp 1.


David Hildenbrand (9):
  s390x/tcg: ALSI/ALSGI are atomic with interlocked-acccess facility 1
  s390x/tcg: implement Interlocked-Access Facility 2
  s390x/tcg: wire up SET ADDRESS LIMIT
  s390x/tcg: wire up SET CHANNEL MONITOR
  s390x/tcg: Implement STORE CHANNEL PATH STATUS
  s390x/tcg: Implement SIGA instruction
  s390x/tcg: implement extract-CPU-time facility
  s390x/tcg: we already implement the Set-Program-Parameter facility
  s390x: change the QEMU cpu model to a stripped down z12

 hw/s390x/s390-virtio-ccw.c  |  6 +++
 target/s390x/cpu.h          |  3 ++
 target/s390x/cpu_models.c   | 97 +++++++++++++++++++-------------------------
 target/s390x/cpu_models.h   |  1 +
 target/s390x/gen-features.c | 87 ++++++++++++++++++++++++++++++++++++++++
 target/s390x/helper.h       |  2 +
 target/s390x/insn-data.def  | 22 ++++++----
 target/s390x/misc_helper.c  | 18 +++++++++
 target/s390x/translate.c    | 98 +++++++++++++++++++++++++++++++++++++++++++++
 9 files changed, 270 insertions(+), 64 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH v1 for-2.12 1/9] s390x/tcg: ALSI/ALSGI are atomic with interlocked-acccess facility 1

[David Hildenbrand]

We can simply reuse our ASI implementation. Only the way CC is
calculated differs.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/insn-data.def | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 57f2e5133f..166ee7c80b 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -70,9 +70,9 @@
     C(0xc20b, ALFI,    RIL_a, EI,  r1, i2_32u, new, r1_32, add, addu32)
     C(0xc20a, ALGFI,   RIL_a, EI,  r1, i2_32u, r1, 0, add, addu64)
 /* ADD LOGICAL WITH SIGNED IMMEDIATE */
-    C(0xeb6e, ALSI,    SIY,   GIE, m1_32u, i2, new, m1_32, add, addu32)
+    D(0xeb6e, ALSI,    SIY,   GIE, la1, i2, new, 0, asi, addu32, MO_TEUL)
     C(0xecda, ALHSIK,  RIE_d, DO,  r3, i2, new, r1_32, add, addu32)
-    C(0xeb7e, ALGSI,   SIY,   GIE, m1_64, i2, new, m1_64, add, addu64)
+    D(0xeb7e, ALGSI,   SIY,   GIE, la1, i2, new, 0, asi, addu64, MO_TEQ)
     C(0xecdb, ALGHSIK, RIE_d, DO,  r3, i2, r1, 0, add, addu64)
 /* ADD LOGICAL WITH SIGNED IMMEDIATE HIGH */
     C(0xcc0a, ALSIH,   RIL_a, HW,  r1_sr32, i2, new, r1_32h, add, addu32)
-- 
2.14.3

[Qemu-devel] [PATCH v1 for-2.12 2/9] s390x/tcg: implement Interlocked-Access Facility 2

[David Hildenbrand]

With this facility, OI/OIY, NI/NIY and XI/XIY are atomic. All operate on
one byte (MO_UB).

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu_models.c  |  1 +
 target/s390x/insn-data.def | 12 ++++++------
 target/s390x/translate.c   | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index c4c37b3b15..94d24e423d 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -842,6 +842,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
         S390_FEAT_STFLE_45,
         S390_FEAT_STFLE_49,
         S390_FEAT_LOCAL_TLB_CLEARING,
+        S390_FEAT_INTERLOCKED_ACCESS_2,
         S390_FEAT_STFLE_53,
         S390_FEAT_MSA_EXT_5,
         S390_FEAT_MSA_EXT_3,
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 166ee7c80b..4e6dd6e348 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -99,8 +99,8 @@
     D(0xa505, NIHL,    RI_a,  Z,   r1_o, i2_16u, r1, 0, andi, 0, 0x1020)
     D(0xa506, NILH,    RI_a,  Z,   r1_o, i2_16u, r1, 0, andi, 0, 0x1010)
     D(0xa507, NILL,    RI_a,  Z,   r1_o, i2_16u, r1, 0, andi, 0, 0x1000)
-    C(0x9400, NI,      SI,    Z,   m1_8u, i2_8u, new, m1_8, and, nz64)
-    C(0xeb54, NIY,     SIY,   LD,  m1_8u, i2_8u, new, m1_8, and, nz64)
+    C(0x9400, NI,      SI,    Z,   la1, i2_8u, new, 0, ni, nz64)
+    C(0xeb54, NIY,     SIY,   LD,  la1, i2_8u, new, 0, ni, nz64)
 
 /* BRANCH AND SAVE */
     C(0x0d00, BASR,    RR_a,  Z,   0, r2_nz, r1, 0, bas, 0)
@@ -357,8 +357,8 @@
 /* EXCLUSIVE OR IMMEDIATE */
     D(0xc006, XIHF,    RIL_a, EI,  r1_o, i2_32u, r1, 0, xori, 0, 0x2020)
     D(0xc007, XILF,    RIL_a, EI,  r1_o, i2_32u, r1, 0, xori, 0, 0x2000)
-    C(0x9700, XI,      SI,    Z,   m1_8u, i2_8u, new, m1_8, xor, nz64)
-    C(0xeb57, XIY,     SIY,   LD,  m1_8u, i2_8u, new, m1_8, xor, nz64)
+    C(0x9700, XI,      SI,    Z,   la1, i2_8u, new, 0, xi, nz64)
+    C(0xeb57, XIY,     SIY,   LD,  la1, i2_8u, new, 0, xi, nz64)
 
 /* EXECUTE */
     C(0x4400, EX,      RX_a,  Z,   0, a2, 0, 0, ex, 0)
@@ -698,8 +698,8 @@
     D(0xa509, OIHL,    RI_a,  Z,   r1_o, i2_16u, r1, 0, ori, 0, 0x1020)
     D(0xa50a, OILH,    RI_a,  Z,   r1_o, i2_16u, r1, 0, ori, 0, 0x1010)
     D(0xa50b, OILL,    RI_a,  Z,   r1_o, i2_16u, r1, 0, ori, 0, 0x1000)
-    C(0x9600, OI,      SI,    Z,   m1_8u, i2_8u, new, m1_8, or, nz64)
-    C(0xeb56, OIY,     SIY,   LD,  m1_8u, i2_8u, new, m1_8, or, nz64)
+    C(0x9600, OI,      SI,    Z,   la1, i2_8u, new, 0, oi, nz64)
+    C(0xeb56, OIY,     SIY,   LD,  la1, i2_8u, new, 0, oi, nz64)
 
 /* PACK */
     /* Really format SS_b, but we pack both lengths into one argument
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 79d2ee650c..edfe51b5c3 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -1417,6 +1417,17 @@ static ExitStatus op_andi(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_ni(DisasContext *s, DisasOps *o)
+{
+    o->in1 = tcg_temp_new_i64();
+    /* Perform the atomic operation in memory. */
+    tcg_gen_atomic_fetch_and_i64(o->in1, o->addr1, o->in2, get_mem_index(s),
+                                 MO_UB);
+    /* We need to recompute the operation for setting CC.  */
+    tcg_gen_and_i64(o->out, o->in1, o->in2);
+    return NO_EXIT;
+}
+
 static ExitStatus op_bas(DisasContext *s, DisasOps *o)
 {
     tcg_gen_movi_i64(o->out, pc_to_link_info(s, s->next_pc));
@@ -3368,6 +3379,17 @@ static ExitStatus op_ori(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_oi(DisasContext *s, DisasOps *o)
+{
+    o->in1 = tcg_temp_new_i64();
+    /* Perform the atomic operation in memory. */
+    tcg_gen_atomic_fetch_or_i64(o->in1, o->addr1, o->in2, get_mem_index(s),
+                                MO_UB);
+    /* We need to recompute the operation for setting CC.  */
+    tcg_gen_or_i64(o->out, o->in1, o->in2);
+    return NO_EXIT;
+}
+
 static ExitStatus op_pack(DisasContext *s, DisasOps *o)
 {
     TCGv_i32 l = tcg_const_i32(get_field(s->fields, l1));
@@ -4633,6 +4655,17 @@ static ExitStatus op_xori(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_xi(DisasContext *s, DisasOps *o)
+{
+    o->in1 = tcg_temp_new_i64();
+    /* Perform the atomic operation in memory. */
+    tcg_gen_atomic_fetch_xor_i64(o->in1, o->addr1, o->in2, get_mem_index(s),
+                                 MO_UB);
+    /* We need to recompute the operation for setting CC.  */
+    tcg_gen_xor_i64(o->out, o->in1, o->in2);
+    return NO_EXIT;
+}
+
 static ExitStatus op_zero(DisasContext *s, DisasOps *o)
 {
     o->out = tcg_const_i64(0);
-- 
2.14.3

[Qemu-devel] [PATCH v1 for-2.12 3/9] s390x/tcg: wire up SET ADDRESS LIMIT

[David Hildenbrand]

Let's handle it just like KVM:
    Depending on the model, this instruction may not be
    provided. When this instruction is not provided, it is
    checked for operand exception and privileged-opera-
    tion exception, and then is suppressed.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/helper.h      | 1 +
 target/s390x/insn-data.def | 1 +
 target/s390x/misc_helper.c | 9 +++++++++
 target/s390x/translate.c   | 7 +++++++
 4 files changed, 18 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 2ce57edc14..95ad44bc39 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -165,6 +165,7 @@ DEF_HELPER_2(hsch, void, env, i64)
 DEF_HELPER_3(msch, void, env, i64, i64)
 DEF_HELPER_2(rchp, void, env, i64)
 DEF_HELPER_2(rsch, void, env, i64)
+DEF_HELPER_2(sal, void, env, i64)
 DEF_HELPER_3(ssch, void, env, i64, i64)
 DEF_HELPER_2(stcrw, void, env, i64)
 DEF_HELPER_3(stsch, void, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 4e6dd6e348..8793350963 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1054,6 +1054,7 @@
     C(0xb232, MSCH,    S,     Z,   0, insn, 0, 0, msch, 0)
     C(0xb23b, RCHP,    S,     Z,   0, 0, 0, 0, rchp, 0)
     C(0xb238, RSCH,    S,     Z,   0, 0, 0, 0, rsch, 0)
+    C(0xb237, SAL,     S,     Z,   0, 0, 0, 0, sal, 0)
     C(0xb233, SSCH,    S,     Z,   0, insn, 0, 0, ssch, 0)
     C(0xb239, STCRW,   S,     Z,   0, insn, 0, 0, stcrw, 0)
     C(0xb234, STSCH,   S,     Z,   0, insn, 0, 0, stsch, 0)
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 55e78c56d2..d0d4441572 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -377,6 +377,15 @@ void HELPER(rsch)(CPUS390XState *env, uint64_t r1)
     qemu_mutex_unlock_iothread();
 }
 
+void HELPER(sal)(CPUS390XState *env, uint64_t r1)
+{
+    S390CPU *cpu = s390_env_get_cpu(env);
+
+    qemu_mutex_lock_iothread();
+    ioinst_handle_sal(cpu, r1, GETPC());
+    qemu_mutex_unlock_iothread();
+}
+
 void HELPER(ssch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = s390_env_get_cpu(env);
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index edfe51b5c3..a6346ac139 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4088,6 +4088,13 @@ static ExitStatus op_rsch(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_sal(DisasContext *s, DisasOps *o)
+{
+    check_privileged(s);
+    gen_helper_sal(cpu_env, regs[1]);
+    return NO_EXIT;
+}
+
 static ExitStatus op_ssch(DisasContext *s, DisasOps *o)
 {
     check_privileged(s);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 3/9] s390x/tcg: wire up SET ADDRESS LIMIT

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:44 +0100
David Hildenbrand <david@redhat.com> wrote:

> Let's handle it just like KVM:
>     Depending on the model, this instruction may not be
>     provided. When this instruction is not provided, it is
>     checked for operand exception and privileged-opera-
>     tion exception, and then is suppressed.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/helper.h      | 1 +
>  target/s390x/insn-data.def | 1 +
>  target/s390x/misc_helper.c | 9 +++++++++
>  target/s390x/translate.c   | 7 +++++++
>  4 files changed, 18 insertions(+)

Looks reasonable (does Linux use this at all?)

Re: [Qemu-devel] [PATCH v1 for-2.12 3/9] s390x/tcg: wire up SET ADDRESS LIMIT

[David Hildenbrand]

On 05.12.2017 15:56, Cornelia Huck wrote:
> On Mon,  4 Dec 2017 15:01:44 +0100
> David Hildenbrand <david@redhat.com> wrote:
> 
>> Let's handle it just like KVM:
>>     Depending on the model, this instruction may not be
>>     provided. When this instruction is not provided, it is
>>     checked for operand exception and privileged-opera-
>>     tion exception, and then is suppressed.
>>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
>>  target/s390x/helper.h      | 1 +
>>  target/s390x/insn-data.def | 1 +
>>  target/s390x/misc_helper.c | 9 +++++++++
>>  target/s390x/translate.c   | 7 +++++++
>>  4 files changed, 18 insertions(+)
> 
> Looks reasonable (does Linux use this at all?)
> 

Don't know, but assume not. I just went ahead and wired up everything I
could find :)

-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH v1 for-2.12 4/9] s390x/tcg: wire up SET CHANNEL MONITOR

[David Hildenbrand]

Let's just wire it up like KVM.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/helper.h      | 1 +
 target/s390x/insn-data.def | 1 +
 target/s390x/misc_helper.c | 9 +++++++++
 target/s390x/translate.c   | 7 +++++++
 4 files changed, 18 insertions(+)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 95ad44bc39..e5282b939c 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -166,6 +166,7 @@ DEF_HELPER_3(msch, void, env, i64, i64)
 DEF_HELPER_2(rchp, void, env, i64)
 DEF_HELPER_2(rsch, void, env, i64)
 DEF_HELPER_2(sal, void, env, i64)
+DEF_HELPER_4(schm, void, env, i64, i64, i64)
 DEF_HELPER_3(ssch, void, env, i64, i64)
 DEF_HELPER_2(stcrw, void, env, i64)
 DEF_HELPER_3(stsch, void, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 8793350963..e21d226092 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1055,6 +1055,7 @@
     C(0xb23b, RCHP,    S,     Z,   0, 0, 0, 0, rchp, 0)
     C(0xb238, RSCH,    S,     Z,   0, 0, 0, 0, rsch, 0)
     C(0xb237, SAL,     S,     Z,   0, 0, 0, 0, sal, 0)
+    C(0xb23c, SCHM,    S,     Z,   0, insn, 0, 0, schm, 0)
     C(0xb233, SSCH,    S,     Z,   0, insn, 0, 0, ssch, 0)
     C(0xb239, STCRW,   S,     Z,   0, insn, 0, 0, stcrw, 0)
     C(0xb234, STSCH,   S,     Z,   0, insn, 0, 0, stsch, 0)
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index d0d4441572..98ecedb499 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -386,6 +386,15 @@ void HELPER(sal)(CPUS390XState *env, uint64_t r1)
     qemu_mutex_unlock_iothread();
 }
 
+void HELPER(schm)(CPUS390XState *env, uint64_t r1, uint64_t r2, uint64_t inst)
+{
+    S390CPU *cpu = s390_env_get_cpu(env);
+
+    qemu_mutex_lock_iothread();
+    ioinst_handle_schm(cpu, r1, r2, inst >> 16, GETPC());
+    qemu_mutex_unlock_iothread();
+}
+
 void HELPER(ssch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = s390_env_get_cpu(env);
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index a6346ac139..bd3fc6448e 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4095,6 +4095,13 @@ static ExitStatus op_sal(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_schm(DisasContext *s, DisasOps *o)
+{
+    check_privileged(s);
+    gen_helper_schm(cpu_env, regs[1], regs[2], o->in2);
+    return NO_EXIT;
+}
+
 static ExitStatus op_ssch(DisasContext *s, DisasOps *o)
 {
     check_privileged(s);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 4/9] s390x/tcg: wire up SET CHANNEL MONITOR

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:45 +0100
David Hildenbrand <david@redhat.com> wrote:

> Let's just wire it up like KVM.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/helper.h      | 1 +
>  target/s390x/insn-data.def | 1 +
>  target/s390x/misc_helper.c | 9 +++++++++
>  target/s390x/translate.c   | 7 +++++++
>  4 files changed, 18 insertions(+)

So we would have generated an exception before if someone tried to
enable channel measurements under tcg?

Re: [Qemu-devel] [PATCH v1 for-2.12 4/9] s390x/tcg: wire up SET CHANNEL MONITOR

[David Hildenbrand]

On 04.12.2017 18:24, Cornelia Huck wrote:
> On Mon,  4 Dec 2017 15:01:45 +0100
> David Hildenbrand <david@redhat.com> wrote:
> 
>> Let's just wire it up like KVM.
>>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
>>  target/s390x/helper.h      | 1 +
>>  target/s390x/insn-data.def | 1 +
>>  target/s390x/misc_helper.c | 9 +++++++++
>>  target/s390x/translate.c   | 7 +++++++
>>  4 files changed, 18 insertions(+)
> 
> So we would have generated an exception before if someone tried to
> enable channel measurements under tcg?
> 

Yes, PGM_OPERATION should have been triggered.

-- 

Thanks,

David / dhildenb

Re: [Qemu-devel] [PATCH v1 for-2.12 4/9] s390x/tcg: wire up SET CHANNEL MONITOR

[Cornelia Huck]

On Mon, 4 Dec 2017 18:27:55 +0100
David Hildenbrand <david@redhat.com> wrote:

> On 04.12.2017 18:24, Cornelia Huck wrote:
> > On Mon,  4 Dec 2017 15:01:45 +0100
> > David Hildenbrand <david@redhat.com> wrote:
> >   
> >> Let's just wire it up like KVM.
> >>
> >> Signed-off-by: David Hildenbrand <david@redhat.com>
> >> ---
> >>  target/s390x/helper.h      | 1 +
> >>  target/s390x/insn-data.def | 1 +
> >>  target/s390x/misc_helper.c | 9 +++++++++
> >>  target/s390x/translate.c   | 7 +++++++
> >>  4 files changed, 18 insertions(+)  
> > 
> > So we would have generated an exception before if someone tried to
> > enable channel measurements under tcg?
> >   
> 
> Yes, PGM_OPERATION should have been triggered.
> 

Next question: What happens now if we try to enable channel
measurements? :)

Re: [Qemu-devel] [PATCH v1 for-2.12 4/9] s390x/tcg: wire up SET CHANNEL MONITOR

[David Hildenbrand]

On 04.12.2017 18:32, Cornelia Huck wrote:
> On Mon, 4 Dec 2017 18:27:55 +0100
> David Hildenbrand <david@redhat.com> wrote:
> 
>> On 04.12.2017 18:24, Cornelia Huck wrote:
>>> On Mon,  4 Dec 2017 15:01:45 +0100
>>> David Hildenbrand <david@redhat.com> wrote:
>>>   
>>>> Let's just wire it up like KVM.
>>>>
>>>> Signed-off-by: David Hildenbrand <david@redhat.com>
>>>> ---
>>>>  target/s390x/helper.h      | 1 +
>>>>  target/s390x/insn-data.def | 1 +
>>>>  target/s390x/misc_helper.c | 9 +++++++++
>>>>  target/s390x/translate.c   | 7 +++++++
>>>>  4 files changed, 18 insertions(+)  
>>>
>>> So we would have generated an exception before if someone tried to
>>> enable channel measurements under tcg?
>>>   
>>
>> Yes, PGM_OPERATION should have been triggered.
>>
> 
> Next question: What happens now if we try to enable channel
> measurements? :)
> 

With my limited knowledge of the magical world of css, it seems to work.

[root@localhost ~]# chccwdev --attribute cmb_enable=1 0.0.0001
Setting cmb_enable attribute of 0.0.0001 to 1
Done


-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH v1 for-2.12 5/9] s390x/tcg: Implement STORE CHANNEL PATH STATUS

[David Hildenbrand]

Just like KVM does, we should suppress this instruction:
    When this instruction is not provided, it is
    checked for privileged operation exception and the
    instruction is suppressed by the machine

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/insn-data.def | 1 +
 target/s390x/translate.c   | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index e21d226092..c7353e7f11 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1056,6 +1056,7 @@
     C(0xb238, RSCH,    S,     Z,   0, 0, 0, 0, rsch, 0)
     C(0xb237, SAL,     S,     Z,   0, 0, 0, 0, sal, 0)
     C(0xb23c, SCHM,    S,     Z,   0, insn, 0, 0, schm, 0)
+    C(0xb23a, STCPS,   S,     Z,   0, 0, 0, 0, stcps, 0)
     C(0xb233, SSCH,    S,     Z,   0, insn, 0, 0, ssch, 0)
     C(0xb239, STCRW,   S,     Z,   0, insn, 0, 0, stcrw, 0)
     C(0xb234, STSCH,   S,     Z,   0, insn, 0, 0, stsch, 0)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index bd3fc6448e..5c2432678c 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4102,6 +4102,13 @@ static ExitStatus op_schm(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_stcps(DisasContext *s, DisasOps *o)
+{
+    check_privileged(s);
+    /* The instruction is suppressed if not provided. */
+    return NO_EXIT;
+}
+
 static ExitStatus op_ssch(DisasContext *s, DisasOps *o)
 {
     check_privileged(s);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 5/9] s390x/tcg: Implement STORE CHANNEL PATH STATUS

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:46 +0100
David Hildenbrand <david@redhat.com> wrote:

> Just like KVM does, we should suppress this instruction:
>     When this instruction is not provided, it is
>     checked for privileged operation exception and the
>     instruction is suppressed by the machine
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/insn-data.def | 1 +
>  target/s390x/translate.c   | 7 +++++++
>  2 files changed, 8 insertions(+)

Yes, given that we don't support real channel paths, we can't implement
it in a useful way anyway.

[Qemu-devel] [PATCH v1 for-2.12 6/9] s390x/tcg: Implement SIGA instruction

[David Hildenbrand]

I have no idea what that instruction does, but KVM seems to suppress it,
setting cc=3 (and as it seems to be an io instruction, it should be
protected). Let's do the same for TCG, so we're at least equal.

(it is used in the kernel for qdio, I wasn't even able to find the real
 name of that instruction)

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/insn-data.def | 1 +
 target/s390x/translate.c   | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index c7353e7f11..f7b66b0091 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1056,6 +1056,7 @@
     C(0xb238, RSCH,    S,     Z,   0, 0, 0, 0, rsch, 0)
     C(0xb237, SAL,     S,     Z,   0, 0, 0, 0, sal, 0)
     C(0xb23c, SCHM,    S,     Z,   0, insn, 0, 0, schm, 0)
+    C(0xb274, SIGA,    S,     Z,   0, 0, 0, 0, siga, 0)
     C(0xb23a, STCPS,   S,     Z,   0, 0, 0, 0, stcps, 0)
     C(0xb233, SSCH,    S,     Z,   0, insn, 0, 0, ssch, 0)
     C(0xb239, STCRW,   S,     Z,   0, insn, 0, 0, stcrw, 0)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 5c2432678c..1e4079464a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4102,6 +4102,14 @@ static ExitStatus op_schm(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_siga(DisasContext *s, DisasOps *o)
+{
+    check_privileged(s);
+    /* From KVM code: Not provided, set CC = 3 for subchannel not operational */
+    gen_op_movi_cc(s, 3);
+    return NO_EXIT;
+}
+
 static ExitStatus op_stcps(DisasContext *s, DisasOps *o)
 {
     check_privileged(s);
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 6/9] s390x/tcg: Implement SIGA instruction

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:47 +0100
David Hildenbrand <david@redhat.com> wrote:

> I have no idea what that instruction does, but KVM seems to suppress it,
> setting cc=3 (and as it seems to be an io instruction, it should be
> protected). Let's do the same for TCG, so we're at least equal.
> 
> (it is used in the kernel for qdio, I wasn't even able to find the real
>  name of that instruction)

<arcane knowledge from previous life>
It's called SIGNAL ADAPTER, and we don't indicate qdio in the chsc
stuff.
</arcane knowledge from previous life>

Following the KVM lead for undocumented stuff is the way to go,
unsatisfying though it is.

[Don't binutils etc. know the name?]

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/insn-data.def | 1 +
>  target/s390x/translate.c   | 8 ++++++++
>  2 files changed, 9 insertions(+)

[Qemu-devel] [PATCH v1 for-2.12 7/9] s390x/tcg: implement extract-CPU-time facility

[David Hildenbrand]

It only provies the EXTRACT CPU TIME instruction. We can reuse the stpt
helper, which calculates the CPU timer value.

As the instruction is not priviledged, but we don't have a CPU timer
value in case of linux user, we simply fake the CPU timer to be 0.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu_models.c  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/translate.c   | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 94d24e423d..0be037eac1 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -834,6 +834,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
         S390_FEAT_STORE_CLOCK_FAST,
         S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
         S390_FEAT_ETF3_ENH,
+        S390_FEAT_EXTRACT_CPU_TIME,
         S390_FEAT_COMPARE_AND_SWAP_AND_STORE,
         S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
         S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index f7b66b0091..5e33bd27ff 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -369,6 +369,8 @@
     C(0xb24f, EAR,     RRE,   Z,   0, 0, new, r1_32, ear, 0)
 /* EXTRACT CPU ATTRIBUTE */
     C(0xeb4c, ECAG,    RSY_a, GIE, 0, a2, r1, 0, ecag, 0)
+/* EXTRACT CPU TIME */
+    C(0xc801, ECTG,    SSF,   ECT, 0, 0, 0, 0, ectg, 0)
 /* EXTRACT FPC */
     C(0xb38c, EFPC,    RRE,   Z,   0, 0, new, r1_32, efpc, 0)
 /* EXTRACT PSW */
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 1e4079464a..e0f55fc8e9 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -3887,6 +3887,41 @@ static ExitStatus op_spm(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_ectg(DisasContext *s, DisasOps *o)
+{
+    int b1 = get_field(s->fields, b1);
+    int d1 = get_field(s->fields, d1);
+    int b2 = get_field(s->fields, b2);
+    int d2 = get_field(s->fields, d2);
+    int r3 = get_field(s->fields, r3);
+    TCGv_i64 tmp = tcg_temp_new_i64();
+
+    /* fetch all operands first */
+    o->in1 = tcg_temp_new_i64();
+    tcg_gen_addi_i64(o->in1, regs[b1], d1);
+    o->in2 = tcg_temp_new_i64();
+    tcg_gen_addi_i64(o->in2, regs[b2], d2);
+    o->addr1 = get_address(s, 0, r3, 0);
+
+    /* load the third operand into r3 before modifying anything */
+    tcg_gen_qemu_ld64(regs[r3], o->addr1, get_mem_index(s));
+
+#ifndef CONFIG_USER_ONLY
+    /* subtract CPU timer from first operand and store in GR0 */
+    gen_helper_stpt(tmp, cpu_env);
+    tcg_gen_sub_i64(regs[0], o->in1, tmp);
+#else
+    /* we don't have a CPU timer, fake value 0 */
+    tcg_gen_mov_i64(regs[0], o->in1);
+#endif
+
+    /* store second operand in GR1 */
+    tcg_gen_mov_i64(regs[1], o->in2);
+
+    tcg_temp_free_i64(tmp);
+    return NO_EXIT;
+}
+
 #ifndef CONFIG_USER_ONLY
 static ExitStatus op_spka(DisasContext *s, DisasOps *o)
 {
@@ -5639,6 +5674,7 @@ enum DisasInsnEnum {
 #define FAC_MSA3        S390_FEAT_MSA_EXT_3 /* msa-extension-3 facility */
 #define FAC_MSA4        S390_FEAT_MSA_EXT_4 /* msa-extension-4 facility */
 #define FAC_MSA5        S390_FEAT_MSA_EXT_5 /* msa-extension-5 facility */
+#define FAC_ECT         S390_FEAT_EXTRACT_CPU_TIME
 
 static const DisasInsn insn_info[] = {
 #include "insn-data.def"
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 7/9] s390x/tcg: implement extract-CPU-time facility

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:48 +0100
David Hildenbrand <david@redhat.com> wrote:

> It only provies the EXTRACT CPU TIME instruction. We can reuse the stpt

s/provies/provides/

> helper, which calculates the CPU timer value.
> 
> As the instruction is not priviledged, but we don't have a CPU timer

s/priviledged/privileged/

> value in case of linux user, we simply fake the CPU timer to be 0.

There's probably nothing else we could do.

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/cpu_models.c  |  1 +
>  target/s390x/insn-data.def |  2 ++
>  target/s390x/translate.c   | 36 ++++++++++++++++++++++++++++++++++++
>  3 files changed, 39 insertions(+)

Re: [Qemu-devel] [PATCH v1 for-2.12 7/9] s390x/tcg: implement extract-CPU-time facility

[David Hildenbrand]

On 05.12.2017 16:14, Cornelia Huck wrote:
> On Mon,  4 Dec 2017 15:01:48 +0100
> David Hildenbrand <david@redhat.com> wrote:
> 
>> It only provies the EXTRACT CPU TIME instruction. We can reuse the stpt
> 
> s/provies/provides/
> 
>> helper, which calculates the CPU timer value.
>>
>> As the instruction is not priviledged, but we don't have a CPU timer
> 
> s/priviledged/privileged/

Didn't checkpatch once check for possible spelling mistakes? (or only in
the kernel)? Thanks :)

> 
>> value in case of linux user, we simply fake the CPU timer to be 0.
> 
> There's probably nothing else we could do.

We could also setup and use a CPU timer, but I don't want to go down
that path right now :)

-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH v1 for-2.12 8/9] s390x/tcg: we already implement the Set-Program-Parameter facility

[David Hildenbrand]

The Set-Program-Parameter facility (also known as Load-Program-Parameter
faciliy) provides the LPP instruction used to load the program
parameter. We already implement that instruction in TCG, so add it to our
list.

Note: Not documented in the PoP but in "The Load-Program-Parameter and
CPU-Measurement Facilities) - SA23-2260-05 document.

While at it, make the whole list ordered (accoring to cpu_features_def.h).

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu_models.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 0be037eac1..edac7fdecf 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -824,12 +824,12 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
         S390_FEAT_IDTE_SEGMENT,
         S390_FEAT_STFLE,
         S390_FEAT_SENSE_RUNNING_STATUS,
-        S390_FEAT_EXTENDED_IMMEDIATE,
         S390_FEAT_EXTENDED_TRANSLATION_2,
         S390_FEAT_MSA,
-        S390_FEAT_EXTENDED_TRANSLATION_3,
         S390_FEAT_LONG_DISPLACEMENT,
         S390_FEAT_LONG_DISPLACEMENT_FAST,
+        S390_FEAT_EXTENDED_IMMEDIATE,
+        S390_FEAT_EXTENDED_TRANSLATION_3,
         S390_FEAT_ETF2_ENH,
         S390_FEAT_STORE_CLOCK_FAST,
         S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
@@ -839,6 +839,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
         S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
         S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
         S390_FEAT_EXECUTE_EXT,
+        S390_FEAT_SET_PROGRAM_PARAMETERS,
         S390_FEAT_FLOATING_POINT_SUPPPORT_ENH,
         S390_FEAT_STFLE_45,
         S390_FEAT_STFLE_49,
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 8/9] s390x/tcg: we already implement the Set-Program-Parameter facility

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:49 +0100
David Hildenbrand <david@redhat.com> wrote:

> The Set-Program-Parameter facility (also known as Load-Program-Parameter
> faciliy) provides the LPP instruction used to load the program

s/faciliy/facility/

> parameter. We already implement that instruction in TCG, so add it to our
> list.
> 
> Note: Not documented in the PoP but in "The Load-Program-Parameter and
> CPU-Measurement Facilities) - SA23-2260-05 document.

Yeah for additional docs! Not. (At least it's public.)

> 
> While at it, make the whole list ordered (accoring to cpu_features_def.h).

s/accoring/according/

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/cpu_models.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

[Qemu-devel] [PATCH v1 for-2.12 9/9] s390x: change the QEMU cpu model to a stripped down z12

[David Hildenbrand]

We are good enough to boot upstream Linux kernels / Fedora 26/27. That
should be suficient for now.

As the QEMU CPU model is migration safe, let's add compatibility code.
Generate the feature list to reduce the trouble of messing things up in the
future.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 hw/s390x/s390-virtio-ccw.c  |   6 +++
 target/s390x/cpu.h          |   3 ++
 target/s390x/cpu_models.c   | 100 ++++++++++++++++++--------------------------
 target/s390x/cpu_models.h   |   1 +
 target/s390x/gen-features.c |  87 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 138 insertions(+), 59 deletions(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index a23b8aec9f..edd18b7fac 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -721,6 +721,9 @@ bool css_migration_enabled(void)
 
 static void ccw_machine_2_12_instance_options(MachineState *machine)
 {
+    const S390FeatBitmap qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V2_12 };
+
+    s390_set_qemu_cpu_model(0x2827, 12, 2, qemu_cpu_feat);
 }
 
 static void ccw_machine_2_12_class_options(MachineClass *mc)
@@ -730,7 +733,10 @@ DEFINE_CCW_MACHINE(2_12, "2.12", true);
 
 static void ccw_machine_2_11_instance_options(MachineState *machine)
 {
+    const S390FeatBitmap qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V2_11 };
     ccw_machine_2_12_instance_options(machine);
+
+    s390_set_qemu_cpu_model(0x2064, 7, 1, qemu_cpu_feat);
 }
 
 static void ccw_machine_2_11_class_options(MachineClass *mc)
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 4d3e7920f5..969598b211 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -719,6 +719,9 @@ static inline unsigned int s390_cpu_set_state(uint8_t cpu_state, S390CPU *cpu)
 /* cpu_models.c */
 void s390_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 #define cpu_list s390_cpu_list
+void s390_set_qemu_cpu_model(uint16_t type, uint8_t gen, uint8_t ec_ga,
+                             const S390FeatBitmap features);
+
 
 /* helper.c */
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_S390_CPU, cpu_model)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index edac7fdecf..f0577f8155 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -15,7 +15,6 @@
 #include "internal.h"
 #include "kvm_s390x.h"
 #include "sysemu/kvm.h"
-#include "gen-features.h"
 #include "qapi/error.h"
 #include "qapi/visitor.h"
 #include "qemu/error-report.h"
@@ -81,6 +80,11 @@ static S390CPUDef s390_cpu_defs[] = {
     CPUDEF_INIT(0x3906, 14, 1, 47, 0x08000000U, "z14", "IBM z14 GA1"),
 };
 
+#define QEMU_MAX_CPU_TYPE 0x2827
+#define QEMU_MAX_CPU_GEN 12
+#define QEMU_MAX_CPU_EC_GA 2
+static const S390FeatBitmap qemu_max_cpu_feat = { S390_FEAT_LIST_QEMU_MAX };
+
 /* features part of a base model but not relevant for finding a base model */
 S390FeatBitmap ignored_base_feat;
 
@@ -812,51 +816,6 @@ static void check_compatibility(const S390CPUModel *max_model,
                   "available in the configuration: ");
 }
 
-/**
- * The base TCG CPU model "qemu" is based on the z900. However, we already
- * can also emulate some additional features of later CPU generations, so
- * we add these additional feature bits here.
- */
-static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
-{
-    static const int feats[] = {
-        S390_FEAT_DAT_ENH,
-        S390_FEAT_IDTE_SEGMENT,
-        S390_FEAT_STFLE,
-        S390_FEAT_SENSE_RUNNING_STATUS,
-        S390_FEAT_EXTENDED_TRANSLATION_2,
-        S390_FEAT_MSA,
-        S390_FEAT_LONG_DISPLACEMENT,
-        S390_FEAT_LONG_DISPLACEMENT_FAST,
-        S390_FEAT_EXTENDED_IMMEDIATE,
-        S390_FEAT_EXTENDED_TRANSLATION_3,
-        S390_FEAT_ETF2_ENH,
-        S390_FEAT_STORE_CLOCK_FAST,
-        S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
-        S390_FEAT_ETF3_ENH,
-        S390_FEAT_EXTRACT_CPU_TIME,
-        S390_FEAT_COMPARE_AND_SWAP_AND_STORE,
-        S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
-        S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
-        S390_FEAT_EXECUTE_EXT,
-        S390_FEAT_SET_PROGRAM_PARAMETERS,
-        S390_FEAT_FLOATING_POINT_SUPPPORT_ENH,
-        S390_FEAT_STFLE_45,
-        S390_FEAT_STFLE_49,
-        S390_FEAT_LOCAL_TLB_CLEARING,
-        S390_FEAT_INTERLOCKED_ACCESS_2,
-        S390_FEAT_STFLE_53,
-        S390_FEAT_MSA_EXT_5,
-        S390_FEAT_MSA_EXT_3,
-        S390_FEAT_MSA_EXT_4,
-    };
-    int i;
-
-    for (i = 0; i < ARRAY_SIZE(feats); i++) {
-        set_bit(feats[i], fbm);
-    }
-}
-
 static S390CPUModel *get_max_cpu_model(Error **errp)
 {
     static S390CPUModel max_model;
@@ -869,12 +828,10 @@ static S390CPUModel *get_max_cpu_model(Error **errp)
     if (kvm_enabled()) {
         kvm_s390_get_host_cpu_model(&max_model, errp);
     } else {
-        /* TCG emulates a z900 (with some optional additional features) */
-        max_model.def = &s390_cpu_defs[0];
-        bitmap_copy(max_model.features, max_model.def->default_feat,
-                    S390_FEAT_MAX);
-        add_qemu_cpu_model_features(max_model.features);
-    }
+        max_model.def = s390_find_cpu_def(QEMU_MAX_CPU_TYPE, QEMU_MAX_CPU_GEN,
+                                          QEMU_MAX_CPU_EC_GA, NULL);
+        bitmap_copy(max_model.features, qemu_max_cpu_feat, S390_FEAT_MAX);
+   }
     if (!*errp) {
         cached = true;
         return &max_model;
@@ -1130,18 +1087,43 @@ static void s390_host_cpu_model_initfn(Object *obj)
 }
 #endif
 
+static S390CPUDef s390_qemu_cpu_def;
+static S390CPUModel s390_qemu_cpu_model;
+
+/* Set the qemu CPU model (on machine initialization). Must not be called
+ * once CPUs have been created.
+ */
+void s390_set_qemu_cpu_model(uint16_t type, uint8_t gen, uint8_t ec_ga,
+                             const S390FeatBitmap features)
+{
+    const S390CPUDef *def = s390_find_cpu_def(type, gen, ec_ga, NULL);
+
+    g_assert(def);
+    g_assert(QTAILQ_EMPTY(&cpus));
+
+    /* TCG emulates some features that can usually not be enabled with
+     * the emulated machine generation. Make sure they can be enabled
+     * when using the QEMU model by adding them to full_feat. We have
+     * to copy the definition to do that.
+     */
+    memcpy(&s390_qemu_cpu_def, def, sizeof(s390_qemu_cpu_def));
+    bitmap_or(s390_qemu_cpu_def.full_feat, s390_qemu_cpu_def.full_feat,
+              qemu_max_cpu_feat, S390_FEAT_MAX);
+
+    /* build the CPU model */
+    s390_qemu_cpu_model.def = &s390_qemu_cpu_def;
+    bitmap_copy(s390_qemu_cpu_model.features, features, S390_FEAT_MAX);
+}
+
 static void s390_qemu_cpu_model_initfn(Object *obj)
 {
-    static S390CPUDef s390_qemu_cpu_defs;
     S390CPU *cpu = S390_CPU(obj);
 
     cpu->model = g_malloc0(sizeof(*cpu->model));
-    /* TCG emulates a z900 (with some optional additional features) */
-    memcpy(&s390_qemu_cpu_defs, &s390_cpu_defs[0], sizeof(s390_qemu_cpu_defs));
-    add_qemu_cpu_model_features(s390_qemu_cpu_defs.full_feat);
-    cpu->model->def = &s390_qemu_cpu_defs;
-    bitmap_copy(cpu->model->features, cpu->model->def->default_feat,
-                S390_FEAT_MAX);
+    /* has to be initialized by now via s390_set_qemu_cpu_model() */
+    g_assert(s390_qemu_cpu_model.def);
+    /* copy the CPU model so we can modify it */
+    memcpy(cpu->model, &s390_qemu_cpu_model, sizeof(*cpu->model));
 }
 
 static void s390_cpu_model_finalize(Object *obj)
diff --git a/target/s390x/cpu_models.h b/target/s390x/cpu_models.h
index 4c6dee1871..11cf5386fb 100644
--- a/target/s390x/cpu_models.h
+++ b/target/s390x/cpu_models.h
@@ -14,6 +14,7 @@
 #define TARGET_S390X_CPU_MODELS_H
 
 #include "cpu_features.h"
+#include "gen-features.h"
 #include "qom/cpu.h"
 
 /* static CPU definition */
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 68e6c31b4b..983f2dcd52 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -536,6 +536,51 @@ static uint16_t default_GEN14_GA1[] = {
     S390_FEAT_GROUP_MSA_EXT_8,
 };
 
+/* QEMU (CPU model) features */
+
+static uint16_t qemu_V2_11[] = {
+    S390_FEAT_GROUP_PLO,
+    S390_FEAT_ESAN3,
+    S390_FEAT_ZARCH,
+};
+
+static uint16_t qemu_V2_12[] = {
+    S390_FEAT_DAT_ENH,
+    S390_FEAT_IDTE_SEGMENT,
+    S390_FEAT_STFLE,
+    S390_FEAT_SENSE_RUNNING_STATUS,
+    S390_FEAT_EXTENDED_TRANSLATION_2,
+    S390_FEAT_MSA,
+    S390_FEAT_LONG_DISPLACEMENT,
+    S390_FEAT_LONG_DISPLACEMENT_FAST,
+    S390_FEAT_EXTENDED_IMMEDIATE,
+    S390_FEAT_EXTENDED_TRANSLATION_3,
+    S390_FEAT_ETF2_ENH,
+    S390_FEAT_STORE_CLOCK_FAST,
+    S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
+    S390_FEAT_ETF3_ENH,
+    S390_FEAT_EXTRACT_CPU_TIME,
+    S390_FEAT_COMPARE_AND_SWAP_AND_STORE,
+    S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
+    S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
+    S390_FEAT_EXECUTE_EXT,
+    S390_FEAT_SET_PROGRAM_PARAMETERS,
+    S390_FEAT_FLOATING_POINT_SUPPPORT_ENH,
+    S390_FEAT_STFLE_45,
+    S390_FEAT_STFLE_49,
+    S390_FEAT_LOCAL_TLB_CLEARING,
+    S390_FEAT_INTERLOCKED_ACCESS_2,
+    S390_FEAT_STFLE_53,
+    S390_FEAT_MSA_EXT_4,
+    S390_FEAT_MSA_EXT_3,
+};
+
+/* add all new definitions before this point */
+static uint16_t qemu_MAX[] = {
+    /* generates a dependency warning, leave it out for now */
+    S390_FEAT_MSA_EXT_5,
+};
+
 /****** END FEATURE DEFS ******/
 
 #define _YEARS  "2016"
@@ -627,6 +672,24 @@ static FeatGroupDefSpec FeatGroupDef[] = {
     FEAT_GROUP_INITIALIZER(MSA_EXT_8),
 };
 
+#define QEMU_FEAT_INITIALIZER(_name)                   \
+    {                                                  \
+        .name = "S390_FEAT_LIST_QEMU_" #_name,         \
+        .bits =                                        \
+            { .data = qemu_##_name,                    \
+              .len = ARRAY_SIZE(qemu_##_name) },       \
+    }
+
+/*******************************
+ * QEMU (CPU model) features
+ *******************************/
+static FeatGroupDefSpec QemuFeatDef[] = {
+    QEMU_FEAT_INITIALIZER(V2_11),
+    QEMU_FEAT_INITIALIZER(V2_12),
+    QEMU_FEAT_INITIALIZER(MAX),
+};
+
+
 static void set_bits(uint64_t list[], BitSpec bits)
 {
     uint32_t i;
@@ -684,6 +747,29 @@ static void print_feature_defs(void)
     }
 }
 
+static void print_qemu_feature_defs(void)
+{
+    uint64_t feat[S390_FEAT_MAX / 64 + 1] = {};
+    int i, j;
+
+    printf("\n/* QEMU (CPU model) feature list data */\n");
+
+    /* for now we assume that we only add new features */
+    for (i = 0; i < ARRAY_SIZE(QemuFeatDef); i++) {
+        set_bits(feat, QemuFeatDef[i].bits);
+
+        printf("#define %s\t", QemuFeatDef[i].name);
+        for (j = 0; j < ARRAY_SIZE(feat); j++) {
+            printf("0x%016"PRIx64"ULL", feat[j]);
+            if (j < ARRAY_SIZE(feat) - 1) {
+                printf(",");
+            } else {
+                printf("\n");
+            }
+        }
+    }
+}
+
 static void print_feature_group_defs(void)
 {
     int i, j;
@@ -721,6 +807,7 @@ int main(int argc, char *argv[])
            "#ifndef %s\n#define %s\n", __FILE__, _YEARS, _NAME_H, _NAME_H);
     print_feature_defs();
     print_feature_group_defs();
+    print_qemu_feature_defs();
     printf("\n#endif\n");
     return 0;
 }
-- 
2.14.3

Re: [Qemu-devel] [PATCH v1 for-2.12 9/9] s390x: change the QEMU cpu model to a stripped down z12

[Cornelia Huck]

On Mon,  4 Dec 2017 15:01:50 +0100
David Hildenbrand <david@redhat.com> wrote:

> We are good enough to boot upstream Linux kernels / Fedora 26/27. That
> should be suficient for now.

s/suficient/sufficient/

> 
> As the QEMU CPU model is migration safe, let's add compatibility code.
> Generate the feature list to reduce the trouble of messing things up in the
> future.

So we can mess up things effortlessly? :)

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  hw/s390x/s390-virtio-ccw.c  |   6 +++
>  target/s390x/cpu.h          |   3 ++
>  target/s390x/cpu_models.c   | 100 ++++++++++++++++++--------------------------
>  target/s390x/cpu_models.h   |   1 +
>  target/s390x/gen-features.c |  87 ++++++++++++++++++++++++++++++++++++++
>  5 files changed, 138 insertions(+), 59 deletions(-)
> 
> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
> index a23b8aec9f..edd18b7fac 100644
> --- a/hw/s390x/s390-virtio-ccw.c
> +++ b/hw/s390x/s390-virtio-ccw.c
> @@ -721,6 +721,9 @@ bool css_migration_enabled(void)
>  
>  static void ccw_machine_2_12_instance_options(MachineState *machine)
>  {
> +    const S390FeatBitmap qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V2_12 };
> +
> +    s390_set_qemu_cpu_model(0x2827, 12, 2, qemu_cpu_feat);

Does this want a comment?

>  }
>  
>  static void ccw_machine_2_12_class_options(MachineClass *mc)
> @@ -730,7 +733,10 @@ DEFINE_CCW_MACHINE(2_12, "2.12", true);
>  
>  static void ccw_machine_2_11_instance_options(MachineState *machine)
>  {
> +    const S390FeatBitmap qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V2_11 };
>      ccw_machine_2_12_instance_options(machine);
> +
> +    s390_set_qemu_cpu_model(0x2064, 7, 1, qemu_cpu_feat);

Dito.

>  }
>  
>  static void ccw_machine_2_11_class_options(MachineClass *mc)

> @@ -81,6 +80,11 @@ static S390CPUDef s390_cpu_defs[] = {
>      CPUDEF_INIT(0x3906, 14, 1, 47, 0x08000000U, "z14", "IBM z14 GA1"),
>  };

> +static S390CPUDef s390_qemu_cpu_def;
> +static S390CPUModel s390_qemu_cpu_model;
> +
> +/* Set the qemu CPU model (on machine initialization). Must not be called
> + * once CPUs have been created.
> + */
> +void s390_set_qemu_cpu_model(uint16_t type, uint8_t gen, uint8_t ec_ga,
> +                             const S390FeatBitmap features)
> +{
> +    const S390CPUDef *def = s390_find_cpu_def(type, gen, ec_ga, NULL);
> +
> +    g_assert(def);
> +    g_assert(QTAILQ_EMPTY(&cpus));
> +
> +    /* TCG emulates some features that can usually not be enabled with
> +     * the emulated machine generation. Make sure they can be enabled
> +     * when using the QEMU model by adding them to full_feat. We have
> +     * to copy the definition to do that.
> +     */
> +    memcpy(&s390_qemu_cpu_def, def, sizeof(s390_qemu_cpu_def));
> +    bitmap_or(s390_qemu_cpu_def.full_feat, s390_qemu_cpu_def.full_feat,
> +              qemu_max_cpu_feat, S390_FEAT_MAX);
> +

So is this the place to e.g. enable zpci? Or does this need to go into
the feature definitions?

> +    /* build the CPU model */
> +    s390_qemu_cpu_model.def = &s390_qemu_cpu_def;
> +    bitmap_copy(s390_qemu_cpu_model.features, features, S390_FEAT_MAX);
> +}
> +
>  static void s390_qemu_cpu_model_initfn(Object *obj)
>  {
> -    static S390CPUDef s390_qemu_cpu_defs;
>      S390CPU *cpu = S390_CPU(obj);
>  
>      cpu->model = g_malloc0(sizeof(*cpu->model));
> -    /* TCG emulates a z900 (with some optional additional features) */
> -    memcpy(&s390_qemu_cpu_defs, &s390_cpu_defs[0], sizeof(s390_qemu_cpu_defs));
> -    add_qemu_cpu_model_features(s390_qemu_cpu_defs.full_feat);
> -    cpu->model->def = &s390_qemu_cpu_defs;
> -    bitmap_copy(cpu->model->features, cpu->model->def->default_feat,
> -                S390_FEAT_MAX);
> +    /* has to be initialized by now via s390_set_qemu_cpu_model() */
> +    g_assert(s390_qemu_cpu_model.def);
> +    /* copy the CPU model so we can modify it */
> +    memcpy(cpu->model, &s390_qemu_cpu_model, sizeof(*cpu->model));
>  }
>  
>  static void s390_cpu_model_finalize(Object *obj)
> diff --git a/target/s390x/cpu_models.h b/target/s390x/cpu_models.h
> index 4c6dee1871..11cf5386fb 100644
> --- a/target/s390x/cpu_models.h
> +++ b/target/s390x/cpu_models.h
> @@ -14,6 +14,7 @@
>  #define TARGET_S390X_CPU_MODELS_H
>  
>  #include "cpu_features.h"
> +#include "gen-features.h"
>  #include "qom/cpu.h"
>  
>  /* static CPU definition */
> diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
> index 68e6c31b4b..983f2dcd52 100644
> --- a/target/s390x/gen-features.c
> +++ b/target/s390x/gen-features.c
> @@ -536,6 +536,51 @@ static uint16_t default_GEN14_GA1[] = {
>      S390_FEAT_GROUP_MSA_EXT_8,
>  };
>  
> +/* QEMU (CPU model) features */
> +
> +static uint16_t qemu_V2_11[] = {
> +    S390_FEAT_GROUP_PLO,
> +    S390_FEAT_ESAN3,
> +    S390_FEAT_ZARCH,
> +};
> +
> +static uint16_t qemu_V2_12[] = {
> +    S390_FEAT_DAT_ENH,
> +    S390_FEAT_IDTE_SEGMENT,
> +    S390_FEAT_STFLE,
> +    S390_FEAT_SENSE_RUNNING_STATUS,
> +    S390_FEAT_EXTENDED_TRANSLATION_2,
> +    S390_FEAT_MSA,
> +    S390_FEAT_LONG_DISPLACEMENT,
> +    S390_FEAT_LONG_DISPLACEMENT_FAST,
> +    S390_FEAT_EXTENDED_IMMEDIATE,
> +    S390_FEAT_EXTENDED_TRANSLATION_3,
> +    S390_FEAT_ETF2_ENH,
> +    S390_FEAT_STORE_CLOCK_FAST,
> +    S390_FEAT_MOVE_WITH_OPTIONAL_SPEC,
> +    S390_FEAT_ETF3_ENH,
> +    S390_FEAT_EXTRACT_CPU_TIME,
> +    S390_FEAT_COMPARE_AND_SWAP_AND_STORE,
> +    S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2,
> +    S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
> +    S390_FEAT_EXECUTE_EXT,
> +    S390_FEAT_SET_PROGRAM_PARAMETERS,
> +    S390_FEAT_FLOATING_POINT_SUPPPORT_ENH,
> +    S390_FEAT_STFLE_45,
> +    S390_FEAT_STFLE_49,
> +    S390_FEAT_LOCAL_TLB_CLEARING,
> +    S390_FEAT_INTERLOCKED_ACCESS_2,
> +    S390_FEAT_STFLE_53,
> +    S390_FEAT_MSA_EXT_4,
> +    S390_FEAT_MSA_EXT_3,
> +};
> +
> +/* add all new definitions before this point */
> +static uint16_t qemu_MAX[] = {
> +    /* generates a dependency warning, leave it out for now */
> +    S390_FEAT_MSA_EXT_5,
> +};
> +
>  /****** END FEATURE DEFS ******/
>  
>  #define _YEARS  "2016"
> @@ -627,6 +672,24 @@ static FeatGroupDefSpec FeatGroupDef[] = {
>      FEAT_GROUP_INITIALIZER(MSA_EXT_8),
>  };
>  
> +#define QEMU_FEAT_INITIALIZER(_name)                   \
> +    {                                                  \
> +        .name = "S390_FEAT_LIST_QEMU_" #_name,         \
> +        .bits =                                        \
> +            { .data = qemu_##_name,                    \
> +              .len = ARRAY_SIZE(qemu_##_name) },       \
> +    }
> +
> +/*******************************
> + * QEMU (CPU model) features
> + *******************************/
> +static FeatGroupDefSpec QemuFeatDef[] = {
> +    QEMU_FEAT_INITIALIZER(V2_11),
> +    QEMU_FEAT_INITIALIZER(V2_12),
> +    QEMU_FEAT_INITIALIZER(MAX),
> +};
> +
> +
>  static void set_bits(uint64_t list[], BitSpec bits)
>  {
>      uint32_t i;
> @@ -684,6 +747,29 @@ static void print_feature_defs(void)
>      }
>  }
>  
> +static void print_qemu_feature_defs(void)
> +{
> +    uint64_t feat[S390_FEAT_MAX / 64 + 1] = {};
> +    int i, j;
> +
> +    printf("\n/* QEMU (CPU model) feature list data */\n");
> +
> +    /* for now we assume that we only add new features */
> +    for (i = 0; i < ARRAY_SIZE(QemuFeatDef); i++) {
> +        set_bits(feat, QemuFeatDef[i].bits);
> +
> +        printf("#define %s\t", QemuFeatDef[i].name);
> +        for (j = 0; j < ARRAY_SIZE(feat); j++) {
> +            printf("0x%016"PRIx64"ULL", feat[j]);
> +            if (j < ARRAY_SIZE(feat) - 1) {
> +                printf(",");
> +            } else {
> +                printf("\n");
> +            }
> +        }
> +    }
> +}
> +
>  static void print_feature_group_defs(void)
>  {
>      int i, j;
> @@ -721,6 +807,7 @@ int main(int argc, char *argv[])
>             "#ifndef %s\n#define %s\n", __FILE__, _YEARS, _NAME_H, _NAME_H);
>      print_feature_defs();
>      print_feature_group_defs();
> +    print_qemu_feature_defs();
>      printf("\n#endif\n");
>      return 0;
>  }

Re: [Qemu-devel] [PATCH v1 for-2.12 9/9] s390x: change the QEMU cpu model to a stripped down z12

[David Hildenbrand]

On 05.12.2017 16:24, Cornelia Huck wrote:
> On Mon,  4 Dec 2017 15:01:50 +0100
> David Hildenbrand <david@redhat.com> wrote:
> 
>> We are good enough to boot upstream Linux kernels / Fedora 26/27. That
>> should be suficient for now.
> 
> s/suficient/sufficient/
> 
>>
>> As the QEMU CPU model is migration safe, let's add compatibility code.
>> Generate the feature list to reduce the trouble of messing things up in the
>> future.
> 
> So we can mess up things effortlessly? :)

See, what I care about :P

s/trouble/chance/

> 
>>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> ---
>>  hw/s390x/s390-virtio-ccw.c  |   6 +++
>>  target/s390x/cpu.h          |   3 ++
>>  target/s390x/cpu_models.c   | 100 ++++++++++++++++++--------------------------
>>  target/s390x/cpu_models.h   |   1 +
>>  target/s390x/gen-features.c |  87 ++++++++++++++++++++++++++++++++++++++
>>  5 files changed, 138 insertions(+), 59 deletions(-)
>>
>> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
>> index a23b8aec9f..edd18b7fac 100644
>> --- a/hw/s390x/s390-virtio-ccw.c
>> +++ b/hw/s390x/s390-virtio-ccw.c
>> @@ -721,6 +721,9 @@ bool css_migration_enabled(void)
>>  
>>  static void ccw_machine_2_12_instance_options(MachineState *machine)
>>  {
>> +    const S390FeatBitmap qemu_cpu_feat = { S390_FEAT_LIST_QEMU_V2_12 };
>> +
>> +    s390_set_qemu_cpu_model(0x2827, 12, 2, qemu_cpu_feat);
> 
> Does this want a comment?

Yes, will add comments to both.
[...]
>> +
>> +    /* TCG emulates some features that can usually not be enabled with
>> +     * the emulated machine generation. Make sure they can be enabled
>> +     * when using the QEMU model by adding them to full_feat. We have
>> +     * to copy the definition to do that.
>> +     */
>> +    memcpy(&s390_qemu_cpu_def, def, sizeof(s390_qemu_cpu_def));
>> +    bitmap_or(s390_qemu_cpu_def.full_feat, s390_qemu_cpu_def.full_feat,
>> +              qemu_max_cpu_feat, S390_FEAT_MAX);
>> +
> 
> So is this the place to e.g. enable zpci? Or does this need to go into
> the feature definitions?

It will go into target/s390x/gen-features.c under:

1. "qemu_V2_12" if you want it to always be active with "-cpu qemu"
2. "qemu_MAX" if you only want to be able to enable it via "-cpu
qemu,zpci=on"

Thanks!

-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH v1 for-2.12 01/10] s390x/tcg: ASI/ASGI are atomic with interlocked-acccess facility 1

[David Hildenbrand]

The semantics of these operations changed. Let's implement them just
like LOAD AND ADD, so they are atomic.

This fixes random crashes when booting a Linux kernel compiled for
z196+ with SMP + MTTCG.

Signed-off-by: David Hildenbrand <david@redhat.com>
---

Whoops, forgot to include this patch as the first one.

 target/s390x/insn-data.def |  4 ++--
 target/s390x/translate.c   | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 43ab1963c8..57f2e5133f 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -39,10 +39,10 @@
     C(0xb9d8, AHHLR,   RRF_a, HW,  r2_sr32, r3, new, r1_32h, add, adds32)
 /* ADD IMMEDIATE */
     C(0xc209, AFI,     RIL_a, EI,  r1, i2, new, r1_32, add, adds32)
-    C(0xeb6a, ASI,     SIY,   GIE, m1_32s, i2, new, m1_32, add, adds32)
+    D(0xeb6a, ASI,     SIY,   GIE, la1, i2, new, 0, asi, adds32, MO_TESL)
     C(0xecd8, AHIK,    RIE_d, DO,  r3, i2, new, r1_32, add, adds32)
     C(0xc208, AGFI,    RIL_a, EI,  r1, i2, r1, 0, add, adds64)
-    C(0xeb7a, AGSI,    SIY,   GIE, m1_64, i2, new, m1_64, add, adds64)
+    D(0xeb7a, AGSI,    SIY,   GIE, la1, i2, new, 0, asi, adds64, MO_TEQ)
     C(0xecd9, AGHIK,   RIE_d, DO,  r3, i2, r1, 0, add, adds64)
 /* ADD IMMEDIATE HIGH */
     C(0xcc08, AIH,     RIL_a, HW,  r1_sr32, i2, new, r1_32h, add, adds32)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 5e051fdd03..79d2ee650c 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -1364,6 +1364,17 @@ static ExitStatus op_addc(DisasContext *s, DisasOps *o)
     return NO_EXIT;
 }
 
+static ExitStatus op_asi(DisasContext *s, DisasOps *o)
+{
+    o->in1 = tcg_temp_new_i64();
+    /* Perform the atomic addition in memory. */
+    tcg_gen_atomic_fetch_add_i64(o->in1, o->addr1, o->in2, get_mem_index(s),
+                                 s->insn->data);
+    /* However, we need to recompute the addition for setting CC.  */
+    tcg_gen_add_i64(o->out, o->in1, o->in2);
+    return NO_EXIT;
+}
+
 static ExitStatus op_aeb(DisasContext *s, DisasOps *o)
 {
     gen_helper_aeb(o->out, cpu_env, o->in1, o->in2);
-- 
2.14.3