[Qemu-devel] [PULL 1.3 0/6] ppc 1.3 patch queue 2012-11-26

[Qemu-devel] [PULL 1.3 0/6] ppc 1.3 patch queue 2012-11-26

[Alexander Graf]

Hi Blue / Aurelien,

This is my patch queue for ppc with patches that should go into 1.3.
Please pull.

Alex


The following changes since commit cab1e8f3e37d8e883c270e3afd9c7c1c18332f0e:
  Anthony Liguori (1):
        Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

are available in the git repository at:

  git://repo.or.cz/qemu/agraf.git ppc-for-upstream-1.3

Alexander Graf (1):
      fbdev: fix pixman compile on old pixman

Alexey Kardashevskiy (2):
      kvm: fix incorrect length in a loop over kvm dirty pages map
      pseries: Fix bug in PCI MSI allocation

Julio Guerra (1):
      PPC: Fix missing TRACE exception

Peter Maydell (2):
      hw/ide/macio: Fix segfault caused by NULL DMAContext*
      vl.c: Fix broken -usb option

 hw/ide/macio.c         |    6 ++++--
 hw/spapr_pci.c         |    2 +-
 kvm-all.c              |    2 +-
 qemu-pixman.c          |    2 ++
 target-ppc/translate.c |    3 ++-
 vl.c                   |   12 ++++--------
 6 files changed, 14 insertions(+), 13 deletions(-)

[Qemu-devel] [PATCH 1/6] hw/ide/macio: Fix segfault caused by NULL DMAContext*

[Alexander Graf]

From: Peter Maydell <peter.maydell@linaro.org>

Pass qemu_sglist_init the global dma_context_memory rather than a NULL
pointer; this fixes a segfault in dma_memory_map() when the guest
starts using DMA.

Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/ide/macio.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 720af6e..d2edcc0 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
 
     s->io_buffer_size = io->len;
 
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
     qemu_sglist_add(&s->sg, io->addr, io->len);
     io->addr += io->len;
     io->len = 0;
@@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
     s->io_buffer_index = 0;
     s->io_buffer_size = io->len;
 
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
     qemu_sglist_add(&s->sg, io->addr, io->len);
     io->addr += io->len;
     io->len = 0;
-- 
1.6.0.2

[Qemu-devel] [PATCH 2/6] PPC: Fix missing TRACE exception

[Alexander Graf]

From: Julio Guerra <guerr@julio.in>

This patch fixes bug 1031698 :
https://bugs.launchpad.net/qemu/+bug/1031698

If we look at the (truncated) translation of the conditional branch
instruction in the test submitted in the bug post, the call to the
exception helper is missing in the "bne-false" chunk of translated
code :

IN:
bne-    0x1800278

OUT:
0xb544236d:  jne    0xb5442396

0xb5442373:  mov    %ebp,(%esp)
0xb5442376:  mov    $0x44,%ebx
0xb544237b:  mov    %ebx,0x4(%esp)
0xb544237f:  mov    $0x1800278,%ebx
0xb5442384:  mov    %ebx,0x25c(%ebp)
0xb544238a:  call   0x827475a
                     ^^^^^^^^^^^^^^^^^^

0xb5442396:  mov    %ebp,(%esp)
0xb5442399:  mov    $0x44,%ebx
0xb544239e:  mov    %ebx,0x4(%esp)
0xb54423a2:  mov    $0x1800270,%ebx
0xb54423a7:  mov    %ebx,0x25c(%ebp)

Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by
gen_bcond) changes ctx->exception's value to excp's :

gen_bcond()
{
  gen_goto_tb(ctx, 0, ctx->nip + li - 4);
  /* ctx->exception value is POWERPC_EXCP_BRANCH */

  gen_goto_tb(ctx, 1, ctx->nip);
  /* ctx->exception now value is POWERPC_EXCP_TRACE */
}

Making the following gen_goto_tb()'s test false during the second call :

if ((ctx->singlestep_enabled &
    (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) &&
    ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) {
         target_ulong tmp = ctx->nip;
         ctx->nip = dest;
         /* ... and this is the missing call */
         gen_exception(ctx, POWERPC_EXCP_TRACE);
         ctx->nip = tmp;
}

So the patch simply adds the missing matching case, fixing our problem.

Signed-off-by: Julio Guerra <guerr@julio.in>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-ppc/translate.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 16b9c5d..987b04e 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -3473,7 +3473,8 @@ static inline void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
         if (unlikely(ctx->singlestep_enabled)) {
             if ((ctx->singlestep_enabled &
                 (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) &&
-                ctx->exception == POWERPC_EXCP_BRANCH) {
+                (ctx->exception == POWERPC_EXCP_BRANCH ||
+                 ctx->exception == POWERPC_EXCP_TRACE)) {
                 target_ulong tmp = ctx->nip;
                 ctx->nip = dest;
                 gen_exception(ctx, POWERPC_EXCP_TRACE);
-- 
1.6.0.2

[Qemu-devel] [PATCH 3/6] kvm: fix incorrect length in a loop over kvm dirty pages map

[Alexander Graf]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

QEMU allocates a map enough for 4k pages. However the system page size
can be 64K (for example on POWER) and the host kernel uses only a small
part of it as one big stores a dirty flag for 16 pages 4K each,
the hpratio variable stores this ratio and
the kvm_get_dirty_pages_log_range function handles it correctly.

However kvm_get_dirty_pages_log_range still goes beyond the data
provided by the host kernel which is not correct. It does not cause
errors at the moment as the whole bitmap is zeroed before doing KVM ioctl.

The patch reduces number of iterations over the map.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 kvm-all.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index 3bc3347..8e9a8d8 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -364,7 +364,7 @@ static int kvm_get_dirty_pages_log_range(MemoryRegionSection *section,
     unsigned int i, j;
     unsigned long page_number, c;
     hwaddr addr, addr1;
-    unsigned int len = ((section->size / TARGET_PAGE_SIZE) + HOST_LONG_BITS - 1) / HOST_LONG_BITS;
+    unsigned int len = ((section->size / getpagesize()) + HOST_LONG_BITS - 1) / HOST_LONG_BITS;
     unsigned long hpratio = getpagesize() / TARGET_PAGE_SIZE;
 
     /*
-- 
1.6.0.2

[Qemu-devel] [PATCH 4/6] pseries: Fix bug in PCI MSI allocation

[Alexander Graf]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

In one of the recent reworks to the XICS code, a bug was introduced where
we use the wrong sense and allocate level interrupts instead of message
interrupts for PCI MSIs.  This patch fixes it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/spapr_pci.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index a08ed11..3c5b855 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -351,7 +351,7 @@ static void rtas_ibm_change_msi(sPAPREnvironment *spapr,
 
     /* There is no cached config, allocate MSIs */
     if (!phb->msi_table[ndev].nvec) {
-        irq = spapr_allocate_irq_block(req_num, true);
+        irq = spapr_allocate_irq_block(req_num, false);
         if (irq < 0) {
             fprintf(stderr, "Cannot allocate MSIs for device#%d", ndev);
             rtas_st(rets, 0, -1); /* Hardware error */
-- 
1.6.0.2

[Qemu-devel] [PATCH 5/6] vl.c: Fix broken -usb option

[Alexander Graf]

From: Peter Maydell <peter.maydell@linaro.org>

Commit 094b287f0b accidentally broke the "-usb" command line
option, so it would have no effect if the user had not specified
any machine options at that point. (the return value from
'qemu_opts_find(qemu_find_opts("machine"), 0);' is NULL if there
are no user specified options, so it is only to be used for
looking up an option, not when trying to set one.) Similarly,
would '-usbdevice' no longer cause USB to default to enabled.

Fix this regression by using the same style of code for forcing
the usb=on machine option that we use for other aliases such as
'-enable-kvm'.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 vl.c |   12 ++++--------
 1 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/vl.c b/vl.c
index c8e9c78..a3ab384 100644
--- a/vl.c
+++ b/vl.c
@@ -3273,16 +3273,12 @@ int main(int argc, char **argv, char **envp)
                 break;
             }
             case QEMU_OPTION_usb:
-                machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
-                if (machine_opts) {
-                    qemu_opt_set_bool(machine_opts, "usb", true);
-                }
+                olist = qemu_find_opts("machine");
+                qemu_opts_parse(olist, "usb=on", 0);
                 break;
             case QEMU_OPTION_usbdevice:
-                machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
-                if (machine_opts) {
-                    qemu_opt_set_bool(machine_opts, "usb", true);
-                }
+                olist = qemu_find_opts("machine");
+                qemu_opts_parse(olist, "usb=on", 0);
                 add_device_config(DEV_USB, optarg);
                 break;
             case QEMU_OPTION_device:
-- 
1.6.0.2

[Qemu-devel] [PATCH 6/6] fbdev: fix pixman compile on old pixman

[Alexander Graf]

My QEMU compile failed with the following error:

qemu-pixman.c: In function ‘qemu_pixman_get_type’:
qemu-pixman.c:24: error: ‘PIXMAN_TYPE_BGRA’ undeclared (first use in this function)
qemu-pixman.c:24: error: (Each undeclared identifier is reported only once
qemu-pixman.c:24: error: for each function it appears in.)

Guard the PIXMAN_TYPE_BGRA branch like in the case right above the failing
case, so that compilation is fixed. Functionality on such old pixman is a
different question ;-).

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 qemu-pixman.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/qemu-pixman.c b/qemu-pixman.c
index ac7bc01..e46e180 100644
--- a/qemu-pixman.c
+++ b/qemu-pixman.c
@@ -21,7 +21,9 @@ int qemu_pixman_get_type(int rshift, int gshift, int bshift)
         if (rshift == 0) {
             type = PIXMAN_TYPE_ABGR;
         } else {
+#if PIXMAN_VERSION >= PIXMAN_VERSION_ENCODE(0, 21, 8)
             type = PIXMAN_TYPE_BGRA;
+#endif
         }
     }
     return type;
-- 
1.6.0.2

Re: [Qemu-devel] [PULL 1.3 0/6] ppc 1.3 patch queue 2012-11-26

[Anthony Liguori]

Alexander Graf <agraf@suse.de> writes:

> Hi Blue / Aurelien,
>
> This is my patch queue for ppc with patches that should go into 1.3.
> Please pull.

Pulled. Thanks.

Regards,

Anthony Liguori

>
> Alex
>
>
> The following changes since commit cab1e8f3e37d8e883c270e3afd9c7c1c18332f0e:
>   Anthony Liguori (1):
>         Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/agraf.git ppc-for-upstream-1.3
>
> Alexander Graf (1):
>       fbdev: fix pixman compile on old pixman
>
> Alexey Kardashevskiy (2):
>       kvm: fix incorrect length in a loop over kvm dirty pages map
>       pseries: Fix bug in PCI MSI allocation
>
> Julio Guerra (1):
>       PPC: Fix missing TRACE exception
>
> Peter Maydell (2):
>       hw/ide/macio: Fix segfault caused by NULL DMAContext*
>       vl.c: Fix broken -usb option
>
>  hw/ide/macio.c         |    6 ++++--
>  hw/spapr_pci.c         |    2 +-
>  kvm-all.c              |    2 +-
>  qemu-pixman.c          |    2 ++
>  target-ppc/translate.c |    3 ++-
>  vl.c                   |   12 ++++--------
>  6 files changed, 14 insertions(+), 13 deletions(-)