[Qemu-devel] [PULL 0/7] ppc-for-2.12 queue 20180410

[Qemu-devel] [PULL 0/7] ppc-for-2.12 queue 20180410

[David Gibson]

The following changes since commit 915d34c5f99b0ab91517c69f54272bfdb6ca2b32:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2018-04-09 17:29:10 +0100)

are available in the Git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.12-20180410

for you to fetch changes up to 6b3913e0858488ef3358c1683605d6894a6cadb0:

  roms/u-boot-sam460ex: Change to qemu git mirror and update (2018-04-10 10:05:38 +1000)

----------------------------------------------------------------
ppc patch queue 2018-04-10

Here's a rather late pull request with a handful of fixes for 2.12.
These have been blocked for some time, because I wasn't able to
complete my usual test set due to the SCSI problem fixed in 37c5174
"scsi-disk: Don't enlarge min_io_size to max_io_size".

Since we're in hard freeze, these are all bugfixes.  Most are also
regressions, although in one case it's only a "regression" because a
longstanding bug has been exposed by a new machine type (sam460ex) in
the testcases.  There are also a couple of sam460ex fixes that aren't
regressions since the board didn't exist before.  On the flipside
though, they're low risk because they only touch board specific code
for a board that doesn't exist in any released version.

----------------------------------------------------------------
Alexey Kardashevskiy (1):
      spapr: Initialize reserved areas list in FDT in H_CAS handler

BALATON Zoltan (2):
      sam460ex: Fix timer frequency and clock multipliers
      roms/u-boot-sam460ex: Change to qemu git mirror and update

David Gibson (2):
      target/ppc: Initialize lazy_tlb_flush correctly
      target/ppc: Fix backwards migration of msr_mask

Thomas Huth (2):
      hw/misc/macio: Fix crash when listing device properties of macio device
      tests/boot-serial: Test the sam460ex board

 .gitmodules              |  2 +-
 hw/misc/macio/macio.c    | 14 +++++++-------
 hw/ppc/ppc440_uc.c       |  3 +--
 hw/ppc/sam460ex.c        |  7 ++++---
 hw/ppc/spapr.c           |  1 +
 roms/u-boot-sam460ex     |  2 +-
 target/ppc/machine.c     | 10 +++++++++-
 target/ppc/translate.c   |  7 +++----
 tests/boot-serial-test.c |  2 ++
 9 files changed, 29 insertions(+), 19 deletions(-)

[Qemu-devel] [PULL 1/7] target/ppc: Initialize lazy_tlb_flush correctly

[David Gibson]

ppc_tr_init_disas_context() correctly sets lazy_tlb_flush to true on
certain CPU models.  However, it leaves it uninitialized, instead of
setting it to false on all others.

It wasn't caught before now because we didn't have examples in the tests
that exercised this path.  However it can now be caught using clang's
undefined behaviour sanitizer and the sam460ex board.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
---
 target/ppc/translate.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 218665b408..3457d29f8e 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7237,10 +7237,9 @@ static int ppc_tr_init_disas_context(DisasContextBase *dcbase,
     ctx->sf_mode = msr_is_64bit(env, env->msr);
     ctx->has_cfar = !!(env->flags & POWERPC_FLAG_CFAR);
 #endif
-    if (env->mmu_model == POWERPC_MMU_32B ||
-        env->mmu_model == POWERPC_MMU_601 ||
-        (env->mmu_model & POWERPC_MMU_64B))
-            ctx->lazy_tlb_flush = true;
+    ctx->lazy_tlb_flush = env->mmu_model == POWERPC_MMU_32B
+        || env->mmu_model == POWERPC_MMU_601
+        || (env->mmu_model & POWERPC_MMU_64B);
 
     ctx->fpu_enabled = !!msr_fp;
     if ((env->flags & POWERPC_FLAG_SPE) && msr_spe)
-- 
2.14.3

[Qemu-devel] [PULL 2/7] hw/misc/macio: Fix crash when listing device properties of macio device

[David Gibson]

From: Thomas Huth <thuth@redhat.com>

The macio-newworld device can currently be used to abort QEMU unexpectedly:

$ ppc-softmmu/qemu-system-ppc -S -M ref405ep,accel=qtest -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 11, "major": 2},
 "package": "build-all"}, "capabilities": []}}
{ 'execute': 'qmp_capabilities' }
{"return": {}}
{ 'execute': 'device-list-properties',
  'arguments': {'typename': 'macio-newworld'}}
Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222:
Device 'serial0' is in use
Aborted (core dumped)

qdev properties should be set during realize(), not during instance_init(),
so move the related code there to fix this problem.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/misc/macio/macio.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 454244f59e..b74a6572b0 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -115,6 +115,13 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
     memory_region_add_subregion(&s->bar, 0x16000,
                                 sysbus_mmio_get_region(sysbus_dev, 0));
 
+    qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
+    qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
+    qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
+    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hds[0]);
+    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hds[1]);
+    qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
+    qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
     object_property_set_bool(OBJECT(&s->escc), true, "realized", &err);
     if (err) {
         error_propagate(errp, err);
@@ -341,13 +348,6 @@ static void macio_instance_init(Object *obj)
     object_property_add_child(obj, "dbdma", OBJECT(&s->dbdma), NULL);
 
     object_initialize(&s->escc, sizeof(s->escc), TYPE_ESCC);
-    qdev_prop_set_uint32(DEVICE(&s->escc), "disabled", 0);
-    qdev_prop_set_uint32(DEVICE(&s->escc), "frequency", ESCC_CLOCK);
-    qdev_prop_set_uint32(DEVICE(&s->escc), "it_shift", 4);
-    qdev_prop_set_chr(DEVICE(&s->escc), "chrA", serial_hds[0]);
-    qdev_prop_set_chr(DEVICE(&s->escc), "chrB", serial_hds[1]);
-    qdev_prop_set_uint32(DEVICE(&s->escc), "chnBtype", escc_serial);
-    qdev_prop_set_uint32(DEVICE(&s->escc), "chnAtype", escc_serial);
     qdev_set_parent_bus(DEVICE(&s->escc), sysbus_get_default());
     object_property_add_child(obj, "escc", OBJECT(&s->escc), NULL);
 }
-- 
2.14.3

[Qemu-devel] [PULL 3/7] target/ppc: Fix backwards migration of msr_mask

[David Gibson]

21b786f "PowerPC: Add TS bits into msr_mask" added the transaction states
to msr_mask for recent POWER CPUs to allow correct migration of machines
that are in certain interim transactional memory states.

This was correct, but unfortunately breaks backwards of pseries-2.7 and
earlier machine types which (stupidly) transferred the msr_mask in the
migration stream and failed if it wasn't equal on each end.

This works around the problem by masking out the new MSR bits in the
compatibility code to send the msr_mask on old machine types.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Tested-by: Greg Kurz <groug@kaod.org>
Tested-by: Lukáš Doktor <ldoktor@redhat.com>
---
 target/ppc/machine.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index e475206c6a..0634cdb295 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -190,7 +190,15 @@ static int cpu_pre_save(void *opaque)
 
     /* Hacks for migration compatibility between 2.6, 2.7 & 2.8 */
     if (cpu->pre_2_8_migration) {
-        cpu->mig_msr_mask = env->msr_mask;
+        /* Mask out bits that got added to msr_mask since the versions
+         * which stupidly included it in the migration stream. */
+        target_ulong metamask = 0
+#if defined(TARGET_PPC64)
+            | (1ULL << MSR_TS0)
+            | (1ULL << MSR_TS1)
+#endif
+            ;
+        cpu->mig_msr_mask = env->msr_mask & ~metamask;
         cpu->mig_insns_flags = env->insns_flags & insns_compat_mask;
         cpu->mig_insns_flags2 = env->insns_flags2 & insns_compat_mask2;
         cpu->mig_nb_BATs = env->nb_BATs;
-- 
2.14.3

[Qemu-devel] [PULL 4/7] spapr: Initialize reserved areas list in FDT in H_CAS handler

[David Gibson]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

At the moment the device tree produced by the H_CAS handler has no
reserved map initialized at all which is not correct as at least one
empty record is required to be present as a marker of the end.
This does not cause problems now as the only consumer is SLOF which
does not look at the reserved map area.

However when DTC's "Improve libfdt's memory safety" changeset hits
the QEMU upstream, there will be errors reported and crashes observed.

This fixes the problem by adding an empty entry to the reserved map,
just like create_device_tree() does already.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 2c0be8c898..a81570e7c8 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -865,6 +865,7 @@ int spapr_h_cas_compose_response(sPAPRMachineState *spapr,
     /* Create skeleton */
     fdt_skel = g_malloc0(size);
     _FDT((fdt_create(fdt_skel, size)));
+    _FDT((fdt_finish_reservemap(fdt_skel)));
     _FDT((fdt_begin_node(fdt_skel, "")));
     _FDT((fdt_end_node(fdt_skel)));
     _FDT((fdt_finish(fdt_skel)));
-- 
2.14.3

[Qemu-devel] [PULL 5/7] tests/boot-serial: Test the sam460ex board

[David Gibson]

From: Thomas Huth <thuth@redhat.com>

We've got a U-Boot firmware for this board in our repository, and
the firmware prints some output to the serial console, so we can
check this board in the boot-serial tester, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tests/boot-serial-test.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index 5b24cd26c1..011525d8cf 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -79,12 +79,14 @@ static testdef_t tests[] = {
     { "ppc", "40p", "-boot d", "Booting from device d" },
     { "ppc", "g3beige", "", "PowerPC,750" },
     { "ppc", "mac99", "", "PowerPC,G4" },
+    { "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
     { "ppc64", "ppce500", "", "U-Boot" },
     { "ppc64", "prep", "-boot e", "Booting from device e" },
     { "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
     { "ppc64", "mac99", "", "PowerPC,970FX" },
     { "ppc64", "pseries", "", "Open Firmware" },
     { "ppc64", "powernv", "-cpu POWER8", "OPAL" },
+    { "ppc64", "sam460ex", "-device e1000", "8086  100e" },
     { "i386", "isapc", "-cpu qemu32 -device sga", "SGABIOS" },
     { "i386", "pc", "-device sga", "SGABIOS" },
     { "i386", "q35", "-device sga", "SGABIOS" },
-- 
2.14.3

[Qemu-devel] [PULL 6/7] sam460ex: Fix timer frequency and clock multipliers

[David Gibson]

From: BALATON Zoltan <balaton@eik.bme.hu>

We only emulate timer running at CPU frequency which is what most
guests expect so set the frequency to match real hardware. This also
allows setting clock multipliers which caused slowdown previously due
to wrong timer frequency.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/ppc440_uc.c | 3 +--
 hw/ppc/sam460ex.c  | 7 ++++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c
index 976ab2b5d8..e312fdba70 100644
--- a/hw/ppc/ppc440_uc.c
+++ b/hw/ppc/ppc440_uc.c
@@ -392,8 +392,7 @@ static uint32_t dcr_read_sdr(void *opaque, int dcrn)
     case SDR0_CFGDATA:
         switch (sdr->addr) {
         case SDR0_STRP0:
-            /* FIXME: Is this correct? This breaks timing in U-Boot */
-            ret = 0; /*(0xb5 << 8) | (1 << 4) | 9 */
+            ret = (0xb5 << 8) | (1 << 4) | 9;
             break;
         case SDR0_STRP1:
             ret = (5 << 29) | (2 << 26) | (1 << 24);
diff --git a/hw/ppc/sam460ex.c b/hw/ppc/sam460ex.c
index 70b8e76d9c..dfff262f96 100644
--- a/hw/ppc/sam460ex.c
+++ b/hw/ppc/sam460ex.c
@@ -67,6 +67,7 @@
    IRQ12 = SM502_INT
 */
 
+#define CPU_FREQ 1150000000
 #define SDRAM_NR_BANKS 4
 
 /* FIXME: See u-boot.git 8ac41e, also fix in ppc440_uc.c */
@@ -253,8 +254,8 @@ static int sam460ex_load_device_tree(hwaddr addr,
     char *filename;
     int fdt_size;
     void *fdt;
-    uint32_t tb_freq = 50000000;
-    uint32_t clock_freq = 50000000;
+    uint32_t tb_freq = CPU_FREQ;
+    uint32_t clock_freq = CPU_FREQ;
 
     filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, BINARY_DEVICE_TREE_FILE);
     if (!filename) {
@@ -416,7 +417,7 @@ static void sam460ex_init(MachineState *machine)
     boot_info = g_malloc0(sizeof(*boot_info));
     env->load_info = boot_info;
 
-    ppc_booke_timers_init(cpu, 50000000, 0);
+    ppc_booke_timers_init(cpu, CPU_FREQ, 0);
     ppc_dcr_init(env, NULL, NULL);
 
     /* PLB arbitrer */
-- 
2.14.3

[Qemu-devel] [PULL 7/7] roms/u-boot-sam460ex: Change to qemu git mirror and update

[David Gibson]

From: BALATON Zoltan <balaton@eik.bme.hu>

Now that we have a mirror of this repo on git.qemu.org change the
submodule to use that and update it to latest commit which fixes a
dangling symlink and removes two big binaries that are not needed.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 .gitmodules          | 2 +-
 roms/u-boot-sam460ex | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index c613722e3c..49e9c2e3f4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -45,4 +45,4 @@
 	url = git://github.com/hdeller/seabios-hppa.git
 [submodule "roms/u-boot-sam460ex"]
 	path = roms/u-boot-sam460ex
-	url = git://github.com/zbalaton/u-boot-sam460ex
+	url = git://git.qemu.org/u-boot-sam460ex.git
diff --git a/roms/u-boot-sam460ex b/roms/u-boot-sam460ex
index 119aa277f7..8ee007c421 160000
--- a/roms/u-boot-sam460ex
+++ b/roms/u-boot-sam460ex
@@ -1 +1 @@
-Subproject commit 119aa277f74a4a2d3f7ab6c9471292308eba14e4
+Subproject commit 8ee007c4216fd6a0d760589e8405ce4494497aa0
-- 
2.14.3

Re: [Qemu-devel] [PULL 0/7] ppc-for-2.12 queue 20180410

[Peter Maydell]

On 10 April 2018 at 13:52, David Gibson <david@gibson.dropbear.id.au> wrote:
> The following changes since commit 915d34c5f99b0ab91517c69f54272bfdb6ca2b32:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2018-04-09 17:29:10 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/dgibson/qemu.git tags/ppc-for-2.12-20180410
>
> for you to fetch changes up to 6b3913e0858488ef3358c1683605d6894a6cadb0:
>
>   roms/u-boot-sam460ex: Change to qemu git mirror and update (2018-04-10 10:05:38 +1000)
>
> ----------------------------------------------------------------
> ppc patch queue 2018-04-10
>
> Here's a rather late pull request with a handful of fixes for 2.12.
> These have been blocked for some time, because I wasn't able to
> complete my usual test set due to the SCSI problem fixed in 37c5174
> "scsi-disk: Don't enlarge min_io_size to max_io_size".
>
> Since we're in hard freeze, these are all bugfixes.  Most are also
> regressions, although in one case it's only a "regression" because a
> longstanding bug has been exposed by a new machine type (sam460ex) in
> the testcases.  There are also a couple of sam460ex fixes that aren't
> regressions since the board didn't exist before.  On the flipside
> though, they're low risk because they only touch board specific code
> for a board that doesn't exist in any released version.
>

Applied, thanks.

-- PMM