[Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510

[Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510

[David Gibson]

The following changes since commit dd1559bb267becbb838de41132ef60771d183e5d:

  Merge remote-tracking branch 'elmarco/tags/chr-tests-pull-request' into staging (2017-05-05 17:07:55 +0100)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.10-20170510

for you to fetch changes up to ca1de9d144f11e52f0e67c8d78b4206b2849eff0:

  pnv: Fix build failures on some host platforms (2017-05-10 16:46:01 +1000)

----------------------------------------------------------------
ppc patch queue for 2017-05-10

Highlights of this set:
  * Some fixes for POWER9
  * TCG support for POWER9 radix MMU
  * VGA rom for Mac machine types
  * Fixes for the XICS interrupt controller
  * MTTCG support for ppc targets

As suggested by Paolo, I've tried to add the Docker tests to my
standard pre-pull-request tests.  I haven't wholly suceeded; this has
been tested with some of the Docker images, but others I haven't
managed due to problems that as best I can tell are not due to
problems in this patch series.  I'll continue working on this for
future pull requests.

----------------------------------------------------------------
Bharata B Rao (1):
      cpus: Fix CPU unplug for MTTCG

Cédric Le Goater (1):
      ppc/pnv: restrict BMC object to the BMC simulator

David Gibson (3):
      spapr: Don't accidentally advertise HTM support on POWER9
      target/ppc: Allow workarounds for POWER9 DD1
      pnv: Fix build failures on some host platforms

Mark Cave-Ayland (4):
      Add QemuMacDrivers as submodule
      Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule
      ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs
      ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs

Nikunj A Dadhania (5):
      target/ppc: Emulate LL/SC using cmpxchg helpers
      cputlb: handle first atomic write to the page
      target/ppc: Generate fence operations
      tcg: enable MTTCG by default for PPC64 on x86
      target/ppc: do not reset reserve_addr in exec_enter

Paolo Bonzini (1):
      ppc: xics: fix compilation with CentOS 6

Sam Bobroff (2):
      ppc/xics: Fix stale irq->status bits after get
      ppc/xics: preserve P and Q bits for KVM IRQs

Suraj Jitindar Singh (5):
      target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE
      target/ppc: Update tlbie to check privilege level based on GTSE
      target/ppc: Change tlbie invalid fields for POWER9 support
      target/ppc: Implement ISA V3.00 radix page fault handler
      target/ppc: Enable RADIX mmu mode for pseries TCG guest

 .gitmodules                 |   3 +
 Makefile                    |   3 +-
 configure                   |   2 +
 cpus.c                      |   6 +
 cputlb.c                    |   8 +-
 hw/intc/xics_kvm.c          |  13 +++
 hw/ppc/mac_newworld.c       |  18 ++-
 hw/ppc/mac_oldworld.c       |  18 ++-
 hw/ppc/pnv.c                |   2 +-
 hw/ppc/spapr.c              |  17 ++-
 hw/ppc/spapr_hcall.c        |  18 ++-
 include/hw/ppc/pnv.h        |   3 +-
 include/hw/ppc/pnv_lpc.h    |   4 +-
 include/hw/ppc/pnv_occ.h    |   4 +-
 include/hw/ppc/xics.h       |   4 +-
 pc-bios/README              |   3 +
 pc-bios/qemu_vga.ndrv       | Bin 0 -> 14752 bytes
 roms/QemuMacDrivers         |   1 +
 target/ppc/Makefile.objs    |   1 +
 target/ppc/cpu-models.h     |   1 +
 target/ppc/cpu.h            |   4 +
 target/ppc/excp_helper.c    |   3 +
 target/ppc/kvm.c            |  11 ++
 target/ppc/mmu-book3s-v3.c  |   6 +-
 target/ppc/mmu-book3s-v3.h  |   5 +
 target/ppc/mmu-radix64.c    | 259 ++++++++++++++++++++++++++++++++++++++++++++
 target/ppc/mmu-radix64.h    |  71 ++++++++++++
 target/ppc/translate.c      |  48 ++++++--
 target/ppc/translate_init.c |  11 +-
 29 files changed, 498 insertions(+), 49 deletions(-)
 create mode 100644 pc-bios/qemu_vga.ndrv
 create mode 160000 roms/QemuMacDrivers
 create mode 100644 target/ppc/mmu-radix64.c
 create mode 100644 target/ppc/mmu-radix64.h

[Qemu-devel] [PULL 01/22] ppc/pnv: restrict BMC object to the BMC simulator

[David Gibson]

From: Cédric Le Goater <clg@kaod.org>

Today, when a PowerNV guest runs, it uses the sensor definitions of
the BMC simulator to populate the device tree. But an external IPMI
BMC could also be used and, in that case, it is not (yet) possible to
retrieve the sensor list. Generating the OEM SEL event for shutdown or
reboot also does not make sense as it should be generated on the BMC
side.

This change allows a guest to use an 'ipmi-bmc-extern' backend to the
'isa-ipmi-bt' device and a 'chardev' for transport such as :

	-chardev socket,id=ipmi0,host=localhost,port=9002,reconnect=10 \
	-device ipmi-bmc-extern,id=bmc0,chardev=ipmi0 \
	-device isa-ipmi-bt,bmc=bmc0,irq=10

and connect to a BMC simulator, the OpenIPMI ipmi_sim simulator for
instance.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/pnv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index d4bcdb0..251baea 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -511,7 +511,7 @@ static void ppc_powernv_reset(void)
      * This is the internal simulator but it could also be an external
      * BMC.
      */
-    obj = object_resolve_path_type("", TYPE_IPMI_BMC, NULL);
+    obj = object_resolve_path_type("", "ipmi-bmc-sim", NULL);
     if (obj) {
         pnv->bmc = IPMI_BMC(obj);
     }
-- 
2.9.3

[Qemu-devel] [PULL 02/22] target/ppc: Emulate LL/SC using cmpxchg helpers

[David Gibson]

From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>

Emulating LL/SC with cmpxchg is not correct, since it can suffer from
the ABA problem. However, portable parallel code is written assuming
only cmpxchg which means that in practice this is a viable alternative.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/translate.c | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index f40b5a1..50b6d4d 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -73,6 +73,7 @@ static TCGv cpu_cfar;
 #endif
 static TCGv cpu_xer, cpu_so, cpu_ov, cpu_ca, cpu_ov32, cpu_ca32;
 static TCGv cpu_reserve;
+static TCGv cpu_reserve_val;
 static TCGv cpu_fpscr;
 static TCGv_i32 cpu_access_type;
 
@@ -181,6 +182,9 @@ void ppc_translate_init(void)
     cpu_reserve = tcg_global_mem_new(cpu_env,
                                      offsetof(CPUPPCState, reserve_addr),
                                      "reserve_addr");
+    cpu_reserve_val = tcg_global_mem_new(cpu_env,
+                                     offsetof(CPUPPCState, reserve_val),
+                                     "reserve_val");
 
     cpu_fpscr = tcg_global_mem_new(cpu_env,
                                    offsetof(CPUPPCState, fpscr), "fpscr");
@@ -3023,7 +3027,7 @@ static void gen_##name(DisasContext *ctx)                            \
     }                                                                \
     tcg_gen_qemu_ld_tl(gpr, t0, ctx->mem_idx, memop);                \
     tcg_gen_mov_tl(cpu_reserve, t0);                                 \
-    tcg_gen_st_tl(gpr, cpu_env, offsetof(CPUPPCState, reserve_val)); \
+    tcg_gen_mov_tl(cpu_reserve_val, gpr);                            \
     tcg_temp_free(t0);                                               \
 }
 
@@ -3155,14 +3159,27 @@ static void gen_conditional_store(DisasContext *ctx, TCGv EA,
 static void gen_conditional_store(DisasContext *ctx, TCGv EA,
                                   int reg, int memop)
 {
-    TCGLabel *l1;
+    TCGLabel *l1 = gen_new_label();
+    TCGLabel *l2 = gen_new_label();
+    TCGv t0;
 
-    tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
-    l1 = gen_new_label();
     tcg_gen_brcond_tl(TCG_COND_NE, EA, cpu_reserve, l1);
-    tcg_gen_ori_i32(cpu_crf[0], cpu_crf[0], CRF_EQ);
-    tcg_gen_qemu_st_tl(cpu_gpr[reg], EA, ctx->mem_idx, memop);
+
+    t0 = tcg_temp_new();
+    tcg_gen_atomic_cmpxchg_tl(t0, cpu_reserve, cpu_reserve_val,
+                              cpu_gpr[reg], ctx->mem_idx,
+                              DEF_MEMOP(memop) | MO_ALIGN);
+    tcg_gen_setcond_tl(TCG_COND_EQ, t0, t0, cpu_reserve_val);
+    tcg_gen_shli_tl(t0, t0, CRF_EQ_BIT);
+    tcg_gen_or_tl(t0, t0, cpu_so);
+    tcg_gen_trunc_tl_i32(cpu_crf[0], t0);
+    tcg_temp_free(t0);
+    tcg_gen_br(l2);
+
     gen_set_label(l1);
+    tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
+
+    gen_set_label(l2);
     tcg_gen_movi_tl(cpu_reserve, -1);
 }
 #endif
-- 
2.9.3

[Qemu-devel] [PULL 03/22] cputlb: handle first atomic write to the page

[David Gibson]

From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>

In case where the conditional write is the first write to the page,
TLB_NOTDIRTY will be set and stop_the_world is triggered. Handle this as
a special case and set the dirty bit. After that fall through to the
actual atomic instruction below.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 cputlb.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cputlb.c b/cputlb.c
index f5d056c..743776a 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -930,7 +930,13 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
         tlb_addr = tlbe->addr_write;
     }
 
-    /* Notice an IO access, or a notdirty page.  */
+    /* Check notdirty */
+    if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
+        tlb_set_dirty(ENV_GET_CPU(env), addr);
+        tlb_addr = tlb_addr & ~TLB_NOTDIRTY;
+    }
+
+    /* Notice an IO access  */
     if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
         /* There's really nothing that can be done to
            support this apart from stop-the-world.  */
-- 
2.9.3

[Qemu-devel] [PULL 04/22] target/ppc: Generate fence operations

[David Gibson]

From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/translate.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 50b6d4d..4a1f24a 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -2971,6 +2971,7 @@ static void gen_stswx(DisasContext *ctx)
 /* eieio */
 static void gen_eieio(DisasContext *ctx)
 {
+    tcg_gen_mb(TCG_MO_LD_ST | TCG_BAR_SC);
 }
 
 #if !defined(CONFIG_USER_ONLY)
@@ -3008,6 +3009,7 @@ static void gen_isync(DisasContext *ctx)
     if (!ctx->pr) {
         gen_check_tlb_flush(ctx, false);
     }
+    tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
     gen_stop_exception(ctx);
 }
 
@@ -3028,6 +3030,7 @@ static void gen_##name(DisasContext *ctx)                            \
     tcg_gen_qemu_ld_tl(gpr, t0, ctx->mem_idx, memop);                \
     tcg_gen_mov_tl(cpu_reserve, t0);                                 \
     tcg_gen_mov_tl(cpu_reserve_val, gpr);                            \
+    tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);                           \
     tcg_temp_free(t0);                                               \
 }
 
@@ -3177,6 +3180,10 @@ static void gen_conditional_store(DisasContext *ctx, TCGv EA,
     tcg_gen_br(l2);
 
     gen_set_label(l1);
+
+    /* Address mismatch implies failure.  But we still need to provide the
+       memory barrier semantics of the instruction.  */
+    tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
     tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
 
     gen_set_label(l2);
@@ -3308,6 +3315,7 @@ static void gen_sync(DisasContext *ctx)
     if (((l == 2) || !(ctx->insns_flags & PPC_64B)) && !ctx->pr) {
         gen_check_tlb_flush(ctx, true);
     }
+    tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
 }
 
 /* wait */
-- 
2.9.3

[Qemu-devel] [PULL 05/22] cpus: Fix CPU unplug for MTTCG

[David Gibson]

From: Bharata B Rao <bharata@linux.vnet.ibm.com>

Ensure that the unplugged CPU thread is destroyed and the waiting
thread is notified about it. This is needed for CPU unplug to work
correctly in MTTCG mode.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 cpus.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cpus.c b/cpus.c
index 740b8dc..79f780b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1483,6 +1483,12 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
                 /* Ignore everything else? */
                 break;
             }
+        } else if (cpu->unplug) {
+            qemu_tcg_destroy_vcpu(cpu);
+            cpu->created = false;
+            qemu_cond_signal(&qemu_cpu_cond);
+            qemu_mutex_unlock_iothread();
+            return NULL;
         }
 
         atomic_mb_set(&cpu->exit_request, 0);
-- 
2.9.3

[Qemu-devel] [PULL 06/22] tcg: enable MTTCG by default for PPC64 on x86

[David Gibson]

From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>

This enables the multi-threaded system emulation by default for PPC64
guests using the x86_64 TCG back-end.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 configure        | 2 ++
 target/ppc/cpu.h | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/configure b/configure
index 48a9370..a1834b1 100755
--- a/configure
+++ b/configure
@@ -6090,12 +6090,14 @@ case "$target_name" in
   ppc64)
     TARGET_BASE_ARCH=ppc
     TARGET_ABI_DIR=ppc
+    mttcg=yes
     gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml"
   ;;
   ppc64le)
     TARGET_ARCH=ppc64
     TARGET_BASE_ARCH=ppc
     TARGET_ABI_DIR=ppc
+    mttcg=yes
     gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml"
   ;;
   ppc64abi32)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index e0ff041..ece535d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -30,6 +30,8 @@
 #define TARGET_LONG_BITS 64
 #define TARGET_PAGE_BITS 12
 
+#define TCG_GUEST_DEFAULT_MO 0
+
 /* Note that the official physical address space bits is 62-M where M
    is implementation dependent.  I've not looked up M for the set of
    cpus we emulate at the system level.  */
-- 
2.9.3

[Qemu-devel] [PULL 07/22] target/ppc: do not reset reserve_addr in exec_enter

[David Gibson]

From: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>

In case when atomic operation is not supported, exit_atomic is called
and we stop the world and execute the atomic operation. This results
in a following call chain:

tcg_gen_atomic_cmpxchg_tl()
  -> gen_helper_exit_atomic()
     -> HELPER(exit_atomic)
        -> cpu_loop_exit_atomic() -> EXCP_ATOMIC
           -> qemu_tcg_cpu_thread_fn() => case EXCP_ATOMIC
              -> cpu_exec_step_atomic()
                 -> cpu_step_atomic()
                    -> cc->cpu_exec_enter() = ppc_cpu_exec_enter()
                       Sets env->reserve_addr = -1;

But by the time it return back, the reservation is erased and the code
fails, this continues forever and the lock is never taken.

Instead set this in powerpc_excp()

Now that ppc_cpu_exec_enter() doesn't have anything meaningful to do,
let us get rid of the function.

Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/excp_helper.c    | 3 +++
 target/ppc/translate_init.c | 9 ---------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index f4ee7aa..a6bcb47 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -728,6 +728,9 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
     cs->exception_index = POWERPC_EXCP_NONE;
     env->error_code = 0;
 
+    /* Reset the reservation */
+    env->reserve_addr = -1;
+
     /* Any interrupt is context synchronizing, check if TCG TLB
      * needs a delayed flush on ppc64
      */
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index e82e3e6..9b048cd 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -10436,14 +10436,6 @@ static bool ppc_cpu_has_work(CPUState *cs)
     return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
 }
 
-static void ppc_cpu_exec_enter(CPUState *cs)
-{
-    PowerPCCPU *cpu = POWERPC_CPU(cs);
-    CPUPPCState *env = &cpu->env;
-
-    env->reserve_addr = -1;
-}
-
 /* CPUClass::reset() */
 static void ppc_cpu_reset(CPUState *s)
 {
@@ -10660,7 +10652,6 @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data)
     cc->get_phys_page_debug = ppc_cpu_get_phys_page_debug;
     cc->vmsd = &vmstate_ppc_cpu;
 #endif
-    cc->cpu_exec_enter = ppc_cpu_exec_enter;
 #if defined(CONFIG_SOFTMMU)
     cc->write_elf64_note = ppc64_cpu_write_elf64_note;
     cc->write_elf32_note = ppc32_cpu_write_elf32_note;
-- 
2.9.3

[Qemu-devel] [PULL 08/22] ppc/xics: Fix stale irq->status bits after get

[David Gibson]

From: Sam Bobroff <sam.bobroff@au1.ibm.com>

ics_get_kvm_state() "or"s set bits into irq->status but does not mask
out clear bits.

Correct this by initializing the IRQ status to zero before adding bits
to it.

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/intc/xics_kvm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 42e0e0e..03c1fc7 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -213,6 +213,7 @@ static void ics_get_kvm_state(ICSState *ics)
             irq->priority = irq->saved_priority;
         }
 
+        irq->status = 0;
         if (state & KVM_XICS_PENDING) {
             if (state & KVM_XICS_LEVEL_SENSITIVE) {
                 irq->status |= XICS_STATUS_ASSERTED;
-- 
2.9.3

[Qemu-devel] [PULL 09/22] ppc/xics: preserve P and Q bits for KVM IRQs

[David Gibson]

From: Sam Bobroff <sam.bobroff@au1.ibm.com>

Kernel commit 17d48610ae0f ("KVM: PPC: Book 3S: XICS: Implement ICS
P/Q states") added new bits to the state used by KVM IRQs. Currently,
QEMU does not preserve these bits, so migrating (or otherwise saving
and restoring) the guest state causes the P and Q bits to be cleared.

Clearing the P bit has no effect, because the kernel will set it based
on other data, but the loss of a set Q bit will cause a lost
interrupt.

This patch preserves the P and Q bits, correcting the problem.

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/intc/xics_kvm.c    | 12 ++++++++++++
 include/hw/ppc/xics.h |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 03c1fc7..dd93531 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -229,6 +229,12 @@ static void ics_get_kvm_state(ICSState *ics)
                     | XICS_STATUS_REJECTED;
             }
         }
+        if (state & KVM_XICS_PRESENTED) {
+                irq->status |= XICS_STATUS_PRESENTED;
+        }
+        if (state & KVM_XICS_QUEUED) {
+                irq->status |= XICS_STATUS_QUEUED;
+        }
     }
 }
 
@@ -266,6 +272,12 @@ static int ics_set_kvm_state(ICSState *ics, int version_id)
                 state |= KVM_XICS_PENDING;
             }
         }
+        if (irq->status & XICS_STATUS_PRESENTED) {
+                state |= KVM_XICS_PRESENTED;
+        }
+        if (irq->status & XICS_STATUS_QUEUED) {
+                state |= KVM_XICS_QUEUED;
+        }
 
         ret = ioctl(kernel_xics_fd, KVM_SET_DEVICE_ATTR, &attr);
         if (ret != 0) {
diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
index c215dc7..68525c8 100644
--- a/include/hw/ppc/xics.h
+++ b/include/hw/ppc/xics.h
@@ -144,6 +144,8 @@ struct ICSIRQState {
 #define XICS_STATUS_SENT               0x2
 #define XICS_STATUS_REJECTED           0x4
 #define XICS_STATUS_MASKED_PENDING     0x8
+#define XICS_STATUS_PRESENTED          0x10
+#define XICS_STATUS_QUEUED             0x20
     uint8_t status;
 /* (flags & XICS_FLAGS_IRQ_MASK) == 0 means the interrupt is not allocated */
 #define XICS_FLAGS_IRQ_LSI             0x1
-- 
2.9.3

[Qemu-devel] [PULL 10/22] Add QemuMacDrivers as submodule

[David Gibson]

From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

The QemuMacDrivers project provides virtualisation drivers for PPC MacOS
guests.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 .gitmodules         | 3 +++
 pc-bios/README      | 3 +++
 roms/QemuMacDrivers | 1 +
 3 files changed, 7 insertions(+)
 create mode 160000 roms/QemuMacDrivers

diff --git a/.gitmodules b/.gitmodules
index ca323b4..5b0c212 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -34,3 +34,6 @@
 [submodule "roms/skiboot"]
 	path = roms/skiboot
 	url = git://git.qemu.org/skiboot.git
+[submodule "roms/QemuMacDrivers"]
+	path = roms/QemuMacDrivers
+	url = git://git.qemu.org/QemuMacDrivers.git
diff --git a/pc-bios/README b/pc-bios/README
index dcead36..ebc699d 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -47,3 +47,6 @@
   (OpenPower Abstraction Layer) firmware for OpenPOWER systems. It can
   run an hypervisor OS or simply a host OS on the "baremetal"
   platform, also known as the PowerNV (Non-Virtualized) platform.
+
+- QemuMacDrivers (https://github.com/ozbenh/QemuMacDrivers) is a project to
+  provide virtualised drivers for PPC MacOS guests.
diff --git a/roms/QemuMacDrivers b/roms/QemuMacDrivers
new file mode 160000
index 0000000..d4e7d7a
--- /dev/null
+++ b/roms/QemuMacDrivers
@@ -0,0 +1 @@
+Subproject commit d4e7d7ac663fcb55f1b93575445fcbca372f17a7
-- 
2.9.3

[Qemu-devel] [PULL 11/22] Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule

[David Gibson]

From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 Makefile              |   3 ++-
 pc-bios/qemu_vga.ndrv | Bin 0 -> 14752 bytes
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 pc-bios/qemu_vga.ndrv

diff --git a/Makefile b/Makefile
index 31d41a7..c830d7a 100644
--- a/Makefile
+++ b/Makefile
@@ -552,7 +552,8 @@ multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin \
 s390-ccw.img \
 spapr-rtas.bin slof.bin skiboot.lid \
 palcode-clipper \
-u-boot.e500
+u-boot.e500 \
+qemu_vga.ndrv
 else
 BLOBS=
 endif
diff --git a/pc-bios/qemu_vga.ndrv b/pc-bios/qemu_vga.ndrv
new file mode 100644
index 0000000000000000000000000000000000000000..6e02f74d61e01c87cf50b10e174a6626bee13677
GIT binary patch
literal 14752
zcmc&*e{fsHonQU1B+DjoT9<S1kGzn$rx4?sVweXu#!i$V*LE;O!RcIXkSx8#y2_T2
z<XFDEM9+4@gn?_Ffpk(1s6&7YL+H3O{i9rfIBm*ZW&(w2OUn=-l!Pf$uFw*Cp@HZ=
z-+e3TNtP05@8%5Oyxs5ae)s!pzx&<Qd*6tRFO4djH%G^!0mhi=7q3qIJD#~e3o}zC
zjXxc^!o^qyEYr+tHMCWpVk`qqb0(9qO&`se#etG$#W?Y2!nD84(9b;4MjfgFXlG~f
zsASB1TGTmDC};kNX6ElpnF5|=fK1z!20YQeOw?Bx@D`L8Q5_T92v`gF2S5n09k3Jd
zAm9+-FyQBacL9GfGt&aVR{_@pdH@(_x(je0-~g9`u?nL7jW4g-wAP{>>2ywvbuQLw
zJ6CG=cGfWFj)k@=vGq!9Ybc<^dqab4oqt%lUD*<fCt~AN?_b?bk2^v^C1UKi+CLId
z!rsuZ5@Y?5NVqE;js*M(jE$q~NP?{&9|;V_A|s)HR=RIx-M6le3=jK9g57ZxqG2VW
zunkcf&bop@_h`(Y2t`J`k*>jbBs_}7^-7|9B%#D&qtQfe7PsOT^RNt)Yev9nw|jLY
zI$nr#hvLylTq#6%kAxCgTz@PQRbq+pTa==>^<bZ^83~5`BkRZf(QB?>g|Tar(Y`IQ
z)sd0Sp)I#7{@_3)7BqCa_Unb624bOv!h7AZzE^OSl}>1tp=q5mRt)Wq%)@$z6y0`i
zB_4={qNF`{L`Om0+>@>Ffa>Q?G3P6vnV9Jr`15IIf@i!)-Y>iZzM(qIPaK&@e>iPo
zjt7>eXH~T}sXnqSIlZ4n)i<t9s_C|*JZKK49{YXL!%TZ!^~~8dVQK;Hv4NSY8`S`7
zRzsF2)@fELHT6zXn_yA&`xhV4-d;;%9GahS7Jm-M&Js@67z2Kf0e><_!+g|$KbFJW
zUo+qj>9p;N0k@C(rjC7-Or1HO)Q<AG?=rL}Q$I!9X|(O9HtVkpZJXwgwf)f0-d?2r
zIYWD$&X4Uj1J2PllYR;M+D1Ago;-~84V<!X>zrgwP4&!#XQj+Y7p#W!_L#lZ!~Wi{
zb+KyIXKz*OEy>h@-zPN_+bAz({i?(A#9`QMoyMf;304PNNz+H!^69skYmbRF?ODoN
z_H?mUYUlRdpFW$lFKpZP+e#n!d0Cz`zuuEhA4T~CJfFcctxd8`C_gO^S{9?c5#{|T
zUyHIA<-G?R7@J+f81Xy3gt_)DVaoxYwj<0+JbGB;e&So+!OXhPG(Ji7CPccfN#=lz
zzofAk;{`N<MsM3&kQ-y+4^^q3eUy~vNEcV`_0b$D=pa}-PC6nzV*F0<)2BVp82Bl}
zSV@enF^v7D7+Y5`)`PLz^syI?qx@7)`odA2?`2QZ82Ics_^d|TG2$QX`!Q#ghh5Pv
z+OZxi?~1lvG&avJ&~;J0V=d6S%IV&60kqd-^r=B#S_88|UMqCsK;4P@0@N!}ucCR#
zr!nT5QuE#acKXw-ol~{6Zee5V!k+YJZ=~KiPx>`MmZc<zjDL)DrZ6_cx1cd6#$So?
z4|`bci+tQ5d?&!H9=3cBx3f;i1HbGfzs%4$V)Qx0k*RlCouGF;==B|}XIHowTdc<t
ztH;aoV~Olbe}LGrocP4Ej`;VmMfVU7>JEx4?3|7h>r=;_)^U!T4E<gfxQ`9EXLVe;
z9+UL32X$P<KN|WypyO<MjL`dOI&W;Z-nPit78EqzGtlVQahDl+Z`X0oVM9Nc!0j^N
zs&!mtmiMLxeI2#UrC*|0VYK04qwgI}pUe8f^DC26XR`XA?Ma`1Q699;9ejjcf$~xK
zAlYIiY!L<iM4>Ho9v1MJ4qJHjx@`sViMm^_JGd;Ux9auF_!>lgxoAHw`U{zyJZ7Wa
zD(HQtx3ja*?;l{__jUXNt~b<A>h%h4Gt^J$^~<=vP!~2`!1o8#59#fdJQkz=kX~PO
znV9E3QRlivyQ<f1^`bp2>Nkk`CcW+ua<N{$UTzZY?PL$gli{aHZ?6z?LjR1%OuqIo
zU!{<<Dia$~e<{zNu;DsQkKy@ivP|ts|D{~4;dyJXpznP>=}+Dev@g~7LG=A$slLYe
zl8a+yPh!k=EyY|e#CVF+7=Ie_)wNpEY1$(Q=V5<$HR<W|$DOhtgKncdS?SY)%q3fx
zY1)c8kiO{jF6VYCrGq0z|HrzO2g_cNC(B-eeHL>&G%%^{6k=clt&6gEz1FoI-m<$p
zytWrQymng$`2VB!2&-%NMdPw%G^!$l$G-5RPK|Z8`$8kKC9zrHb^=$^?h7iiWots<
zd>H>gyDuD-En_i(3j?RM`?jKAEG}>^j19N@;^VSqBp`6KM{dmUh;qL?XgaM~m}?q5
zqmKD+TO(WgHi&u)cnrvvkR<AoVQjUb>}Wfc{sZ}BF(12B9^nnxI%G@woC`Th*91fU
zXLA(B3D`m-f5me`JSWAI<GnsxM-yWc&?CuRg|dccHDq$3JcTmJSB>$K7`IS7Gj#{m
zi{`A@W4sr@Blf4=7Ul(?8DGRc!jjP6Cg2>HoBWe-L9GrG=lAPZkF2D<rF~$|b~EJx
zn#$O~sTx@gn12AggX`}hf!k@WmUl9<hkfO!4|Lkn%%m>)U1#S+`k3&`dHGr~-Vb6w
z^=@ByL8?a(Vx}rJ#gYf>m@V}d=nvY$@}zAHb6-Qbr>rqXIb`aEkCFrbX6ryc@UiyS
z=7j}$|2#f+2tF=k`S><+t|tW_Cd#)`@1D=_F<gv~zfxZ0W$7-mrNM3<VYgmxpP4UW
zpK88$>Gt{XqV~!7j|6+FK2w#<(jTannq<cBa<P@$<tNbp_rTX5Ap1pPEAM*}eTPf+
zHO5wz=Wg@-nD#`(Do*P>Xf5Syn{sg<7LvgSjJcd44$e^CL~(mJa&H&p6S11sf?KC+
zuR?Bi9I<>z`##$w&w%z(*6Cr@Jk}ylu;F~usajZ-YB4>a`fB>2pO>H?8S@Vz2lVl?
ziDBO|%s+dP`Gs8eM$F&6yMdn%t}c}8aB;e&<RX1_3b}6RNq_oB%C)@~S~KUzy+K<C
z$(fV!%Y2`Q9G$a}Q_TI>%4D#WeI4c=h0d?uhxsoi)93Vo<wB-G(5)9fz|RcWYv<87
z`a-_%+IK+@loxz(Y2URUKwruWK2Kk)iSxVu20tf%Y!x!T2U<5kcMSUj`76$03qx>s
zhCawC79OW^p-zo57xO=zw!@4Z>WzZ6Kz6GEt_fkk)yrPnaVeYS(dX-y)~BNuv?nsL
z#04G=Ywf;!-(u`u>=miGkLX-mJ#fl)GqtzPVGlXQ?AUucFeVLL4cangYPVCnJm~n^
zz%g6Lz!~!8zbwXGLQ1F4_0lvjXHU`I1-;<B_oc<8Bgj=ndP2RN>V-NpuC4ig$Ytt7
zKK3-(Lhy#z$Zo+Io@loMM>4`UdE81$sO#~Q*;Q5}i+<Uhm;4quQz0Kl+vWSK!;kq9
z6L^k%iCF8{hQ6Tvx%%$yNuT>w##TAL^|)VbZRFWp#8lx^he7L}B0eQ+OPEiOJ%4_N
z@*u<*hWHcYd2ItTlRhZ!pkFoeI7gvgjP^0ipN)ND{<krId6D^hvoU=?Vm*)P3%Y%n
z6K6mh#XRJmon0Ewjb4I1>(IX%c(-aby{cNwMxKhs#1cO9X;1pU$1}PWK9cbP7i4zM
z!hcBCeJN%JSb*~(j#+W<F;53Z-!SMPyRYavD8C$YmKD)K6Lh;tx53BPWo@v8MTOoI
zUqJ7Lb6(Yx{_~z9bCTV~oM(?_=cIjy&NHw(+W$A^UxWD<6`9|SdnAT)nF+S7!dzkO
z-N=8kc3uvB+rdYbetrprxegfnE}pPceqNF1gSp&shVG2@^B~2E@;iIdAMYyQg<|?X
z<g{Y{{pb_#c3a0&C*gb01>L3P_TdVC-zpE5#|ck4Cg@#vP!)a({tbTWCjF}QkO_MO
z=~8V#JK|=BE{*rFir2{3k<%omAA(;EmVc)wefDi3U(TP!ohr{+{pt5b{Fzp_<;nLb
z#y(y|z8P&BGq+8p(=)YMITw+f2VO5Gr<3npeC-j>xwW?uatx_;T&B7b^11juw9t=-
zIX@x!#63dhd_($3OxI@DQ4;xCl;>xVZJjpnZg__7>&cE&KgF8ld1m=DJ?W30DUg-+
z$U{vH=?k>y(4K{Q72Qjr?wERu=Z<0A|C(g{2EqM}_9B-4Y`UIVN$2Pv2Cw9km8wND
z`lFZbP~-{ZZHQAIR=%M?E{aVpas$>5Xp!#lbWohalkU*l@uYoea<-oDf0P&J>}$Lq
z%iT}va{r{#hrKl;_pf`>e>#dh)R-qjZgZu!-LRe-3fGhA{Tc9uTxBx1#!SDF1L<^5
zCdb5lnM^;Tae8d}@D1+{<ffR1#?hUxSQ{P>bL^$DkjVo%o$%v7;rA8~c>N0H<<N`W
z%YJu3Jz#njI$)q-o5r0CJ!dWOLH+3v&jsRHMNjnmQoF`HygbD&7tbq1+gCA<o656O
zxR-`~M49wqn>_%T8`vV8-|O(CGqwcV{s!fRz|nc_1j-Wd8p?CvJu`O$WYhUMfO`Yn
zPYb$N3cAbb3EsYnareP@%+uT10`%iNgO>);pT=4;V^J;>W#jnXV&l<QDnUc%Yl<0Z
z&>hN4;tr*#UuAQaM{#y7V|A+Uit2q+bcU)pPWR<xyTZG2<KD^dyR7=Sd*9*X_&s~!
zy^V1%%o|VhKF;dAK1X}%jJaB!T1N3tp}A*MWmtO^U4oD7-9$-Rlc2Rzr=<qX)iVJ;
zeld-wGb-ZF$5j5}yj9(3;EnS$ow9*9=i?XSP3U$;_OpKU<-aST?12p%@LOI#e(UpQ
z@K_HX=(=|r>jLB4=+~)DnjYh832R+`fzx<e%$K!gCN3Iv%J(+hJ0f3Qj(w$<?m20X
zL0oKdVV$9jvxu{sXyM-Co3!?L-%@At+}<+N_NcQ;-#eX<$+UvvBhL2YbXG>$Np}X`
zZCZmo=nM`Vvvv$93hpLNrh%VYuWtt*E;c)d`EgI=+<`Un9-YzfJb~C>qt;>%nP3jJ
z){?wGg*!!@2SBghyUp4`YXRj&UX_<ED3^J6pgicDP6c02rgq^sRNOIv*53QyVm<)B
z4?tZ~YZ0?Cr@Gx-jr$oZ?Ny`?`EmR>FoWN@9%juhEA0pA-{?=o<U!|C7~4(y_a3lz
zAioPjPj=*b;Y^IfZ?V@veE!=a^w&(ffDN;@IV|?AOWjq{{yoorgU+ABHpek1+0hHz
zHM=ku@eO@`h0i<ad=q^h2cNP$SOJ}+zlZyXdsH8t1>d|G<2-;SjDb8A$obOa=v#?0
zVsLsmLz8k5ls$reos8e~+O@5N^3Jd%AE9_yK1{wM<h$fL)cvCZc~H7s_!j(}y+}M8
z{1HCrIK$}z54}>nBmEVnpNUhTxmWa?7nd@9WLhtzHydl(jb$q2s>J=nF!*Q%E~87A
zwwbkPce7UQ2_{e6P4Ua|Lm{h~Vl>Y4{{^1r&1JCHj9729hMEj|q@1pw_E8VBHxf-g
zcg~J3$U$?!$Ist`zAec2TD2qK<NK6LI9AXYqd%33d#VpU{QYHEf0qCBTKO3p>(X+3
z24@x3x;9E@Zc#UjI)01c?N+`1$tM@neco@QG}ps?uK&>I`s6vHh4brsln03N8{Sm5
z{K~*wXLD-Kl0=S!yJ?h9@v_<Lb2s<X*;3?LM%!n88<c<RtRj1AHa&OA<ee1vXswcO
zdwsa?wzFpZ-ojjE99PY8TlDol4IIfwV{W+8S#^UM^c?f)@i8Hcc?U5fg!OC{`H2N*
z$}Of>1#QQ)f_ZFw9vA4;c-grflsDpc2Fm5k(`bXODZevOIWsrU)4S5Y6Mo9`boIey
zN%gsvNtxp6B>1WWUx<SlIYH;_0OU)Z!Fwx@o2#dOhMaUia;KxrjkRzc*7CjdZV12I
zUi*ur_BP?q?}0Aebj~o)IRrke@HfQkbK6n247jbhk2!Z2%BF$SysV&Xrnn9KH&HGV
z{rgb1i9TH@+d2IP)2m)9?@M=|4$*fh%H?XqdzrRHsMEZ-4>?zMzsiR0-^4cE|168*
zw+iy_PPJZ~+3Q#WeJKXya)0Qn*d7P}qTf3t_}d(4FTol5IzxE{^j0V8H=~XGpZZbx
zG8uaQ*V8QTcO~Q6n)iMY{9S#1C4Z-b_yg@Bya)6>TA#Ty49EA=`IYoQ?+H;m@($y;
zmh3r5{3e2a6GiCgzuOpMVdniA@}W$e6Z<;isAU7ufZpcCsUt>z!+FX3pshnayfUet
zyf)c(3cOBM93p?BSdBg0z^kc-=jix-OSM?Oi#a>_dn=O_N9e4B{r5HT?#W5=1uy&X
zdGvA9ehK|NTUUm0k076GU_bCO`w`gcvE4!VTqowoTEU+40DdQ}BpFby)2yt@#dw+a
zsuQ5`G(aQTY8m%q!k+<dFJMT>4qW9z)F%L5S1n(Yl|&2YNam{Jb!j)^g4beyp4KDg
z?pOI;>6;z<(C)=MVX4npGsag_K7jc;_4(4Bbhd+>dq{3P?-6<9Jm36+`}>Uey<{15
zew=8^n!cv7uk(CT4cM=PzUX(=7RV>hOmO==JOkc*Wz0OgAGQ$VFy<caX90UFc+ch@
z8GoJtooVuoN+`1zajjf`_YL^g68NeT`05h)-V*ql68QEKcvb@MDuI_u;9E-IttIeH
zCGd46@Nx-!X9>K!1b%r5yr%@dvKXH1N_es>*_YmHq<D#?^ndhM>BBNQ1~>uuCEzq(
zBmObqNx*}E`v6#CR<v8^0J8wNvh{kvm4JneSuOzH1%Qs_DZn;BAK+TRVr-#lzz2ZW
z0WSj{1E7yN2-+A|_6pzy#>)Q$_%#6Ui<UnM_zoZrxD&7ja24Qk{0#mn;BCNRz+M1o
zIs5?3>G&F;7GOqt{~q8cfCGSCfI+}Izzu*#Kow)Q^MI28^s|9?+qVH@fH1&;SD5bw
zBmt1Q0`pfO!a3gr{2YM(PS9{p1F%y#A&;{kIs`pR7b=$l7Glg90Q6UJ1aJsC^XkSd
zgT9S__0?1xPALCGPseR*`ZhG(aZ49fiu{>O9BI3}ncnIR`^WF(FG}Ben=(9FdQ=fY
zV0a`L+qyLrj1bA(tGrTRIJi0zRBmbvI+=KNIyACH8Ve<cq<F%g7>%Pza(yc_61-7r
zOs;SW>Id<h16k<C)Pgd}c@|~phV=rVCpHa8dSm{8f}wGzcpaSHj}H06c=LJnaFAVf
zm9#b#izlQ2UcJ82$s|cKaEBWHI;F;_-lD%x&e_7?c`bNnIuVP6sYxF*81ct~YggeN
z@R$;hON}jZc%vkceg0@v3DO(bI^M~6177?t(jD0O{nw262g9VTVP!ZH8<*lyh}zuj
z#LL=fQ1EVhA8%MscqyhNMq?vNP$E_9uTo1P=mHJ#(QpDP%HnTVVC(?bkKS=DI%ZX-
zqt=h&#qzikRDz^N9hZ|InrGI1fEfU6WqlU#GT=1e9M)nbKmxP^+5xaz*=zy8hVyXL
z2Wy4L3@XnEZZbAu0la}P{0ThZr#TL`<ydQ&%jO1n0ibP50CoZ%06YZ1y0L*z+X=(C
zlc>KB_*CG)x4jO~1ZWqyP2#DFXSkrA!C&gxtIN_83WxDQK~}5u4t}o2U$)OxSBLQl
zK(2agR2iY#Jg>h+!D<R8JorW-jBgtBnFO*)iYs9ykch-?Y7FTA(K2)Pig*KE@wj7r
zLWfQQBd)Lvy<EKAz~wD5e{?8B#)~QVID$TV2q|%9M7u*VFj=AzA2<{nbBiCJWps~h
zj`ZS_k34F(D>TDah4=8%ddX`BJ>HU!jQPj={af;Tf+27@p5IYPP``ZsiDY3%tfFWn
zmWX>0C&v6SW%Xz*9*O1A0{x4$x?}#ai!@`-{8s9}9*bq34B2lm@+Qal;tk-6K7pYR
zS?Gx%a@UPg9HpBYlhUw1{w+M6g{1fhqe(HkKQe|-bmnn{iA%K5n3%E|-_9WP@Q+l)
z=QV}1eZF3+{BcDD+(H7NJ_3)!w<m=yeF!myIG8SmFN2CT5e{GZAXMiKf+W26?aE!F
zSe^*YK_!|Pq75$!@8NqQ+!Rrpg8Zs3gy?XAQrBan3=9>UbDfe*;A<uN+^C2Ed>`-k
z$Na-_{o^M|uSjwKIQA)>0c@G{XV$Q<o<g1_p}Z0C8#tsWtPDV9TPL1~#dZx(Sv*nK
z|McCpudn-7_=rE)O#73&dwqZRo!#!68e3YE(j9$k`bg%!K_}ZV64zG*l+o>$mLe(8
z)rt_6NI(s=O(psNPPQ(RkTyp~M}pYLq%an^v{V|6ldgiwW<T~cOvO``Eq-b1HO(z8
zPIkwtUa&#me<^Su(Hk2jD2T7IAhZ|8ASybo1bqZ1B_dKhG&~x{%8@{Xq}afxD&9=Y
zNqSRU|NKmH-MU`dDBZlGiN;GK;629(s8JxNN%hFg)dc^L$h0|`r6Ir3I{tV(v;|xG
z)qXv}K)~th>hEn5Rko_@cH|acPx9F^ok^+LhT#xMU{>QWDJni1%j=nlM5Mvc7Q)en
sM1umzbH?y-7-u#x?AL2jC=P~U*d}QVABJ&7MuX5B@0M|k|F`G=0B)l1CIA2c

literal 0
HcmV?d00001

-- 
2.9.3

[Qemu-devel] [PULL 12/22] ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs

[David Gibson]

From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/mac_oldworld.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 5df94e2..97bb854 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -53,6 +53,8 @@
 #define CLOCKFREQ 266000000UL
 #define BUSFREQ 66000000UL
 
+#define NDRV_VGA_FILENAME "qemu_vga.ndrv"
+
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
                             Error **errp)
 {
@@ -99,7 +101,8 @@ static void ppc_heathrow_init(MachineState *machine)
     MACIOIDEState *macio_ide;
     DeviceState *dev;
     BusState *adb_bus;
-    int bios_size;
+    int bios_size, ndrv_size;
+    uint8_t *ndrv_file;
     MemoryRegion *pic_mem;
     MemoryRegion *escc_mem, *escc_bar = g_new(MemoryRegion, 1);
     uint16_t ppc_boot_device;
@@ -355,6 +358,19 @@ static void ppc_heathrow_init(MachineState *machine)
     fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_CLOCKFREQ, CLOCKFREQ);
     fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_BUSFREQ, BUSFREQ);
 
+    /* MacOS NDRV VGA driver */
+    filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, NDRV_VGA_FILENAME);
+    if (filename) {
+        ndrv_size = get_image_size(filename);
+        if (ndrv_size != -1) {
+            ndrv_file = g_malloc(ndrv_size);
+            ndrv_size = load_image(filename, ndrv_file);
+
+            fw_cfg_add_file(fw_cfg, "ndrv/qemu_vga.ndrv", ndrv_file, ndrv_size);
+        }
+        g_free(filename);
+    }
+
     qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
 }
 
-- 
2.9.3

[Qemu-devel] [PULL 13/22] ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs

[David Gibson]

From: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/mac_newworld.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 68aaedc..bae1c0a 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -80,6 +80,8 @@
 #define CLOCKFREQ (266UL * 1000UL * 1000UL)
 #define BUSFREQ (100UL * 1000UL * 1000UL)
 
+#define NDRV_VGA_FILENAME "qemu_vga.ndrv"
+
 /* UniN device */
 static void unin_write(void *opaque, hwaddr addr, uint64_t value,
                        unsigned size)
@@ -160,7 +162,8 @@ static void ppc_core99_init(MachineState *machine)
     MACIOIDEState *macio_ide;
     BusState *adb_bus;
     MacIONVRAMState *nvr;
-    int bios_size;
+    int bios_size, ndrv_size;
+    uint8_t *ndrv_file;
     MemoryRegion *pic_mem, *escc_mem;
     MemoryRegion *escc_bar = g_new(MemoryRegion, 1);
     int ppc_boot_device;
@@ -494,6 +497,19 @@ static void ppc_core99_init(MachineState *machine)
     fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_BUSFREQ, BUSFREQ);
     fw_cfg_add_i32(fw_cfg, FW_CFG_PPC_NVRAM_ADDR, nvram_addr);
 
+    /* MacOS NDRV VGA driver */
+    filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, NDRV_VGA_FILENAME);
+    if (filename) {
+        ndrv_size = get_image_size(filename);
+        if (ndrv_size != -1) {
+            ndrv_file = g_malloc(ndrv_size);
+            ndrv_size = load_image(filename, ndrv_file);
+
+            fw_cfg_add_file(fw_cfg, "ndrv/qemu_vga.ndrv", ndrv_file, ndrv_size);
+        }
+        g_free(filename);
+    }
+
     qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
 }
 
-- 
2.9.3

[Qemu-devel] [PULL 14/22] target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE

[David Gibson]

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

The UPRT and GTSE bits are set when a guest calls H_REGISTER_PROCESS_TABLE
to choose determine how address translation is performed. Currently these
bits in the LPCR are only set for the cpu which handles the H_CALL, however
they need to be set for all cpus for that guest as address translation
cannot be performed differently on a per cpu basis.

Update the H_CALL handler to set these bits in the LPCR correctly for all
cpus of the guest.

Note it is the reponsibility of the guest to ensure that any secondary cpus
are suspended when the H_CALL is made and thus we can safely update these
values here.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr_hcall.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 9f18f75..0d608d6 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -936,7 +936,7 @@ static target_ulong h_register_process_table(PowerPCCPU *cpu,
                                              target_ulong opcode,
                                              target_ulong *args)
 {
-    CPUPPCState *env = &cpu->env;
+    CPUState *cs;
     target_ulong flags = args[0];
     target_ulong proc_tbl = args[1];
     target_ulong page_size = args[2];
@@ -992,16 +992,12 @@ static target_ulong h_register_process_table(PowerPCCPU *cpu,
     spapr_check_setup_free_hpt(spapr, spapr->patb_entry, cproc);
 
     spapr->patb_entry = cproc; /* Save new process table */
-    if ((flags & FLAG_RADIX) || (flags & FLAG_HASH_PROC_TBL)) {
-        /* Use Process TBL */
-        env->spr[SPR_LPCR] |= LPCR_UPRT;
-    } else {
-        env->spr[SPR_LPCR] &= ~LPCR_UPRT;
-    }
-    if (flags & FLAG_GTSE) { /* Partition Uses Guest Translation Shootdwn */
-        env->spr[SPR_LPCR] |= LPCR_GTSE;
-    } else {
-        env->spr[SPR_LPCR] &= ~LPCR_GTSE;
+
+    /* Update the UPRT and GTSE bits in the LPCR for all cpus */
+    CPU_FOREACH(cs) {
+        set_spr(cs, SPR_LPCR, LPCR_UPRT | LPCR_GTSE,
+                ((flags & (FLAG_RADIX | FLAG_HASH_PROC_TBL)) ? LPCR_UPRT : 0) |
+                ((flags & FLAG_GTSE) ? LPCR_GTSE : 0));
     }
 
     if (kvm_enabled()) {
-- 
2.9.3

[Qemu-devel] [PULL 15/22] target/ppc: Update tlbie to check privilege level based on GTSE

[David Gibson]

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

The Guest Translation Shootdown Enable (GTSE) bit in the Logical Partition
Control Register (LPCR) can be set to enable a guest to use the tlbie
instruction directly to invalidate translations.

When the GTSE bit is set then the tlbie instruction is supervisor
privileged, otherwise it is hypervisor privileged.

Add a guest translation shootdown enable (gtse) field to the diassembly
context and use this to check the correct privilege level at code
generation time.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/translate.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 4a1f24a..1ce6ab1 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -218,6 +218,7 @@ struct DisasContext {
     bool vsx_enabled;
     bool spe_enabled;
     bool tm_enabled;
+    bool gtse;
     ppc_spr_t *spr_cb; /* Needed to check rights for mfspr/mtspr */
     int singlestep_enabled;
     uint64_t insns_flags;
@@ -4538,7 +4539,12 @@ static void gen_tlbie(DisasContext *ctx)
     GEN_PRIV;
 #else
     TCGv_i32 t1;
-    CHK_HV;
+
+    if (ctx->gtse) {
+        CHK_SV; /* If gtse is set then tblie is supervisor privileged */
+    } else {
+        CHK_HV; /* Else hypervisor privileged */
+    }
 
     if (NARROW_MODE(ctx)) {
         TCGv t0 = tcg_temp_new();
@@ -7252,6 +7258,7 @@ void gen_intermediate_code(CPUPPCState *env, struct TranslationBlock *tb)
         ctx.tm_enabled = false;
     }
 #endif
+    ctx.gtse = !!(env->spr[SPR_LPCR] & LPCR_GTSE);
     if ((env->flags & POWERPC_FLAG_SE) && msr_se)
         ctx.singlestep_enabled = CPU_SINGLE_STEP;
     else
-- 
2.9.3

[Qemu-devel] [PULL 16/22] target/ppc: Change tlbie invalid fields for POWER9 support

[David Gibson]

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

The tlbie[l] instructions are used to invalidate TLB entries used to cache
address translations.

In ISAv3.00 (POWER9) more fields were added to the tblie[l] instructions
which were previously invalid. We don't care about any of these new fields
since we just invalidate the whole world anyway but we need to not
cause an illegal instruction exception when the instructions are called.
We also don't want to allow an older processor to have these fields set
since that would be invalid.

Add a new GEN_HANDLER for the ISAv3 instructions with the correct invalid
mask. These will only be generated to a POWER9 processor for now based on
the instruction flag. Also remove the PPC_MEM_TLBIE instruction flag from
the POWER9 processor definition to ensure the old tlbie isn't generated.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/translate.c      | 2 ++
 target/ppc/translate_init.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 1ce6ab1..c0cd64d 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -6578,6 +6578,8 @@ GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM_TLBIA),
  * different ISA versions */
 GEN_HANDLER(tlbiel, 0x1F, 0x12, 0x08, 0x001F0001, PPC_MEM_TLBIE),
 GEN_HANDLER(tlbie, 0x1F, 0x12, 0x09, 0x001F0001, PPC_MEM_TLBIE),
+GEN_HANDLER_E(tlbiel, 0x1F, 0x12, 0x08, 0x00100001, PPC_NONE, PPC2_ISA300),
+GEN_HANDLER_E(tlbie, 0x1F, 0x12, 0x09, 0x00100001, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER(tlbsync, 0x1F, 0x16, 0x11, 0x03FFF801, PPC_MEM_TLBSYNC),
 #if defined(TARGET_PPC64)
 GEN_HANDLER(slbia, 0x1F, 0x12, 0x0F, 0x031FFC01, PPC_SLBI),
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 9b048cd..fda30b0 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8960,7 +8960,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
                        PPC_FLOAT_EXT |
                        PPC_CACHE | PPC_CACHE_ICBI | PPC_CACHE_DCBZ |
                        PPC_MEM_SYNC | PPC_MEM_EIEIO |
-                       PPC_MEM_TLBIE | PPC_MEM_TLBSYNC |
+                       PPC_MEM_TLBSYNC |
                        PPC_64B | PPC_64BX | PPC_ALTIVEC |
                        PPC_SEGMENT_64B | PPC_SLBI |
                        PPC_POPCNTB | PPC_POPCNTWD |
-- 
2.9.3

[Qemu-devel] [PULL 17/22] target/ppc: Implement ISA V3.00 radix page fault handler

[David Gibson]

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

ISA V3.00 introduced a new radix mmu model. Implement the page fault
handler for this so we can run a tcg guest in radix mode and perform
address translation correctly.

In real mode (mmu turned off) addresses are masked to remove the top
4 bits and then are subject to partition scoped translation, since we only
support pseries at this stage it is only necessary to perform the masking
and then we're done.

In virtual mode (mmu turned on) address translation if performed as
follows:

1. Use the quadrant to determine the fully qualified address.

The fully qualified address is defined as the combination of the effective
address, the effective logical partition id (LPID) and the effective
process id (PID). Based on the quadrant (EA63:62) we set the pid and lpid
like so:

quadrant 0: lpid = LPIDR, pid = PIDR
quadrant 1: HV only (not allowed in pseries)
quadrant 2: HV only (not allowed in pseries)
quadrant 3: lpid = LPIDR, pid = 0

If we can't get the fully qualified address we raise a segment interrupt.

2. Find the guest radix tree

We ask the virtual hypervisor for the partition table which was registered
with H_REGISTER_PROC_TBL which points us to the process table in guest
memory. We then index this table by pid to get the process table entry
which points us to the appropriate radix tree to translate the address.

If the process table isn't big enough to contain an entry for the current
pid then we raise a storage interrupt.

3. Walk the radix tree

Next we walk the radix tree where each level is a table of page directory
entries indexed by some number of bits from the effective address, where
the number of bits is determined by the table size. We continue to walk
the tree (while entries are valid and the table is of minimum size) until
we reach a table of page table entries, indicated by having the leaf bit
set. The appropriate pte is then checked for sufficient access permissions,
the reference and change bits are updated and the real address is
calculated from the real page number bits of the pte and the low bits of
the effective address.

If we can't find an entry or can't access the entry bacause of permissions
then we raise a storage interrupt.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/Makefile.objs   |   1 +
 target/ppc/cpu.h           |   2 +
 target/ppc/mmu-book3s-v3.c |   6 +-
 target/ppc/mmu-book3s-v3.h |   5 +
 target/ppc/mmu-radix64.c   | 259 +++++++++++++++++++++++++++++++++++++++++++++
 target/ppc/mmu-radix64.h   |  71 +++++++++++++
 6 files changed, 340 insertions(+), 4 deletions(-)
 create mode 100644 target/ppc/mmu-radix64.c
 create mode 100644 target/ppc/mmu-radix64.h

diff --git a/target/ppc/Makefile.objs b/target/ppc/Makefile.objs
index f963777..f92ba67 100644
--- a/target/ppc/Makefile.objs
+++ b/target/ppc/Makefile.objs
@@ -4,6 +4,7 @@ obj-y += translate.o
 ifeq ($(CONFIG_SOFTMMU),y)
 obj-y += machine.o mmu_helper.o mmu-hash32.o monitor.o arch_dump.o
 obj-$(TARGET_PPC64) += mmu-hash64.o mmu-book3s-v3.o compat.o
+obj-$(TARGET_PPC64) += mmu-radix64.o
 endif
 obj-$(CONFIG_KVM) += kvm.o
 obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index ece535d..c0f63f6 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -482,6 +482,8 @@ struct ppc_slb_t {
 #define DSISR_ISSTORE            0x02000000
 /* Not permitted by virtual page class key protection */
 #define DSISR_AMR                0x00200000
+/* Unsupported Radix Tree Configuration */
+#define DSISR_R_BADCONFIG        0x00080000
 
 /* SRR1 error code fields */
 
diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
index 005c963..e7798b3 100644
--- a/target/ppc/mmu-book3s-v3.c
+++ b/target/ppc/mmu-book3s-v3.c
@@ -22,15 +22,13 @@
 #include "cpu.h"
 #include "mmu-hash64.h"
 #include "mmu-book3s-v3.h"
-#include "qemu/error-report.h"
+#include "mmu-radix64.h"
 
 int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
                               int mmu_idx)
 {
     if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
-        /* TODO - Unsupported */
-        error_report("Guest Radix Support Unimplemented");
-        exit(1);
+        return ppc_radix64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
     } else { /* Guest uses hash */
         return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
     }
diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
index 636f6ab..56095da 100644
--- a/target/ppc/mmu-book3s-v3.h
+++ b/target/ppc/mmu-book3s-v3.h
@@ -25,6 +25,11 @@
 /* Partition Table Entry Fields */
 #define PATBE1_GR 0x8000000000000000
 
+/* Process Table Entry */
+struct prtb_entry {
+    uint64_t prtbe0, prtbe1;
+};
+
 #ifdef TARGET_PPC64
 
 static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
new file mode 100644
index 0000000..de18c0b
--- /dev/null
+++ b/target/ppc/mmu-radix64.c
@@ -0,0 +1,259 @@
+/*
+ *  PowerPC Radix MMU mulation helpers for QEMU.
+ *
+ *  Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
+#include "qemu/error-report.h"
+#include "sysemu/kvm.h"
+#include "kvm_ppc.h"
+#include "exec/log.h"
+#include "mmu-radix64.h"
+#include "mmu-book3s-v3.h"
+
+static bool ppc_radix64_get_fully_qualified_addr(CPUPPCState *env, vaddr eaddr,
+                                                 uint64_t *lpid, uint64_t *pid)
+{
+    /* We don't have HV support yet and shouldn't get here with it set anyway */
+    assert(!msr_hv);
+
+    if (!msr_hv) { /* !MSR[HV] -> Guest */
+        switch (eaddr & R_EADDR_QUADRANT) {
+        case R_EADDR_QUADRANT0: /* Guest application */
+            *lpid = env->spr[SPR_LPIDR];
+            *pid = env->spr[SPR_BOOKS_PID];
+            break;
+        case R_EADDR_QUADRANT1: /* Illegal */
+        case R_EADDR_QUADRANT2:
+            return false;
+        case R_EADDR_QUADRANT3: /* Guest OS */
+            *lpid = env->spr[SPR_LPIDR];
+            *pid = 0; /* pid set to 0 -> addresses guest operating system */
+            break;
+        }
+    }
+
+    return true;
+}
+
+static void ppc_radix64_raise_segi(PowerPCCPU *cpu, int rwx, vaddr eaddr)
+{
+    CPUState *cs = CPU(cpu);
+    CPUPPCState *env = &cpu->env;
+
+    if (rwx == 2) { /* Instruction Segment Interrupt */
+        cs->exception_index = POWERPC_EXCP_ISEG;
+    } else { /* Data Segment Interrupt */
+        cs->exception_index = POWERPC_EXCP_DSEG;
+        env->spr[SPR_DAR] = eaddr;
+    }
+    env->error_code = 0;
+}
+
+static void ppc_radix64_raise_si(PowerPCCPU *cpu, int rwx, vaddr eaddr,
+                                uint32_t cause)
+{
+    CPUState *cs = CPU(cpu);
+    CPUPPCState *env = &cpu->env;
+
+    if (rwx == 2) { /* Instruction Storage Interrupt */
+        cs->exception_index = POWERPC_EXCP_ISI;
+        env->error_code = cause;
+    } else { /* Data Storage Interrupt */
+        cs->exception_index = POWERPC_EXCP_DSI;
+        if (rwx == 1) { /* Write -> Store */
+            cause |= DSISR_ISSTORE;
+        }
+        env->spr[SPR_DSISR] = cause;
+        env->spr[SPR_DAR] = eaddr;
+        env->error_code = 0;
+    }
+}
+
+
+static bool ppc_radix64_check_prot(PowerPCCPU *cpu, int rwx, uint64_t pte,
+                                   int *fault_cause, int *prot)
+{
+    CPUPPCState *env = &cpu->env;
+    const int need_prot[] = { PAGE_READ, PAGE_WRITE, PAGE_EXEC };
+
+    /* Check Page Attributes (pte58:59) */
+    if (((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO) && (rwx == 2)) {
+        /*
+         * Radix PTE entries with the non-idempotent I/O attribute are treated
+         * as guarded storage
+         */
+        *fault_cause |= SRR1_NOEXEC_GUARD;
+        return true;
+    }
+
+    /* Determine permissions allowed by Encoded Access Authority */
+    if ((pte & R_PTE_EAA_PRIV) && msr_pr) { /* Insufficient Privilege */
+        *prot = 0;
+    } else if (msr_pr || (pte & R_PTE_EAA_PRIV)) {
+        *prot = ppc_radix64_get_prot_eaa(pte);
+    } else { /* !msr_pr && !(pte & R_PTE_EAA_PRIV) */
+        *prot = ppc_radix64_get_prot_eaa(pte);
+        *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */
+    }
+
+    /* Check if requested access type is allowed */
+    if (need_prot[rwx] & ~(*prot)) { /* Page Protected for that Access */
+        *fault_cause |= DSISR_PROTFAULT;
+        return true;
+    }
+
+    return false;
+}
+
+static void ppc_radix64_set_rc(PowerPCCPU *cpu, int rwx, uint64_t pte,
+                               hwaddr pte_addr, int *prot)
+{
+    CPUState *cs = CPU(cpu);
+    uint64_t npte;
+
+    npte = pte | R_PTE_R; /* Always set reference bit */
+
+    if (rwx == 1) { /* Store/Write */
+        npte |= R_PTE_C; /* Set change bit */
+    } else {
+        /*
+         * Treat the page as read-only for now, so that a later write
+         * will pass through this function again to set the C bit.
+         */
+        *prot &= ~PAGE_WRITE;
+    }
+
+    if (pte ^ npte) { /* If pte has changed then write it back */
+        stq_phys(cs->as, pte_addr, npte);
+    }
+}
+
+static uint64_t ppc_radix64_walk_tree(PowerPCCPU *cpu, int rwx, vaddr eaddr,
+                                      uint64_t base_addr, uint64_t nls,
+                                      hwaddr *raddr, int *psize,
+                                      int *fault_cause, int *prot,
+                                      hwaddr *pte_addr)
+{
+    CPUState *cs = CPU(cpu);
+    uint64_t index, pde;
+
+    if (nls < 5) { /* Directory maps less than 2**5 entries */
+        *fault_cause |= DSISR_R_BADCONFIG;
+        return 0;
+    }
+
+    /* Read page <directory/table> entry from guest address space */
+    index = eaddr >> (*psize - nls); /* Shift */
+    index &= ((1UL << nls) - 1); /* Mask */
+    pde = ldq_phys(cs->as, base_addr + (index * sizeof(pde)));
+    if (!(pde & R_PTE_VALID)) { /* Invalid Entry */
+        *fault_cause |= DSISR_NOPTE;
+        return 0;
+    }
+
+    *psize -= nls;
+
+    /* Check if Leaf Entry -> Page Table Entry -> Stop the Search */
+    if (pde & R_PTE_LEAF) {
+        uint64_t rpn = pde & R_PTE_RPN;
+        uint64_t mask = (1UL << *psize) - 1;
+
+        if (ppc_radix64_check_prot(cpu, rwx, pde, fault_cause, prot)) {
+            return 0; /* Protection Denied Access */
+        }
+
+        /* Or high bits of rpn and low bits to ea to form whole real addr */
+        *raddr = (rpn & ~mask) | (eaddr & mask);
+        *pte_addr = base_addr + (index * sizeof(pde));
+        return pde;
+    }
+
+    /* Next Level of Radix Tree */
+    return ppc_radix64_walk_tree(cpu, rwx, eaddr, pde & R_PDE_NLB,
+                                 pde & R_PDE_NLS, raddr, psize,
+                                 fault_cause, prot, pte_addr);
+}
+
+int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
+                                 int mmu_idx)
+{
+    CPUState *cs = CPU(cpu);
+    CPUPPCState *env = &cpu->env;
+    PPCVirtualHypervisorClass *vhc =
+        PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
+    hwaddr raddr, pte_addr;
+    uint64_t lpid = 0, pid = 0, offset, size, patbe, prtbe0, pte;
+    int page_size, prot, fault_cause = 0;
+
+    assert((rwx == 0) || (rwx == 1) || (rwx == 2));
+    assert(!msr_hv); /* For now there is no Radix PowerNV Support */
+    assert(cpu->vhyp);
+    assert(ppc64_use_proc_tbl(cpu));
+
+    /* Real Mode Access */
+    if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) {
+        /* In real mode top 4 effective addr bits (mostly) ignored */
+        raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
+
+        tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+                     PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
+                     TARGET_PAGE_SIZE);
+        return 0;
+    }
+
+    /* Virtual Mode Access - get the fully qualified address */
+    if (!ppc_radix64_get_fully_qualified_addr(env, eaddr, &lpid, &pid)) {
+        ppc_radix64_raise_segi(cpu, rwx, eaddr);
+        return 1;
+    }
+
+    /* Get Process Table */
+    patbe = vhc->get_patbe(cpu->vhyp);
+
+    /* Index Process Table by PID to Find Corresponding Process Table Entry */
+    offset = pid * sizeof(struct prtb_entry);
+    size = 1ULL << ((patbe & PATBE1_R_PRTS) + 12);
+    if (offset >= size) {
+        /* offset exceeds size of the process table */
+        ppc_radix64_raise_si(cpu, rwx, eaddr, DSISR_NOPTE);
+        return 1;
+    }
+    prtbe0 = ldq_phys(cs->as, (patbe & PATBE1_R_PRTB) + offset);
+
+    /* Walk Radix Tree from Process Table Entry to Convert EA to RA */
+    page_size = PRTBE_R_GET_RTS(prtbe0);
+    pte = ppc_radix64_walk_tree(cpu, rwx, eaddr & R_EADDR_MASK,
+                                prtbe0 & PRTBE_R_RPDB, prtbe0 & PRTBE_R_RPDS,
+                                &raddr, &page_size, &fault_cause, &prot,
+                                &pte_addr);
+    if (!pte) {
+        ppc_radix64_raise_si(cpu, rwx, eaddr, fault_cause);
+        return 1;
+    }
+
+    /* Update Reference and Change Bits */
+    ppc_radix64_set_rc(cpu, rwx, pte, pte_addr, &prot);
+
+    tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
+                 prot, mmu_idx, 1UL << page_size);
+    return 1;
+}
diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
new file mode 100644
index 0000000..1b1da56
--- /dev/null
+++ b/target/ppc/mmu-radix64.h
@@ -0,0 +1,71 @@
+#ifndef MMU_RADIX64_H
+#define MMU_RADIX64_H
+
+#ifndef CONFIG_USER_ONLY
+
+/* Radix Quadrants */
+#define R_EADDR_MASK            0x3FFFFFFFFFFFFFFF
+#define R_EADDR_QUADRANT        0xC000000000000000
+#define R_EADDR_QUADRANT0       0x0000000000000000
+#define R_EADDR_QUADRANT1       0x4000000000000000
+#define R_EADDR_QUADRANT2       0x8000000000000000
+#define R_EADDR_QUADRANT3       0xC000000000000000
+
+/* Radix Partition Table Entry Fields */
+#define PATBE1_R_PRTB           0x0FFFFFFFFFFFF000
+#define PATBE1_R_PRTS           0x000000000000001F
+
+/* Radix Process Table Entry Fields */
+#define PRTBE_R_GET_RTS(rts)    (((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31
+#define PRTBE_R_RPDB            0x0FFFFFFFFFFFFF00
+#define PRTBE_R_RPDS            0x000000000000001F
+
+/* Radix Page Directory/Table Entry Fields */
+#define R_PTE_VALID             0x8000000000000000
+#define R_PTE_LEAF              0x4000000000000000
+#define R_PTE_SW0               0x2000000000000000
+#define R_PTE_RPN               0x01FFFFFFFFFFF000
+#define R_PTE_SW1               0x0000000000000E00
+#define R_GET_SW(sw)            (((sw >> 58) & 0x8) | ((sw >> 9) & 0x7))
+#define R_PTE_R                 0x0000000000000100
+#define R_PTE_C                 0x0000000000000080
+#define R_PTE_ATT               0x0000000000000030
+#define R_PTE_ATT_NORMAL        0x0000000000000000
+#define R_PTE_ATT_SAO           0x0000000000000010
+#define R_PTE_ATT_NI_IO         0x0000000000000020
+#define R_PTE_ATT_TOLERANT_IO   0x0000000000000030
+#define R_PTE_EAA_PRIV          0x0000000000000008
+#define R_PTE_EAA_R             0x0000000000000004
+#define R_PTE_EAA_RW            0x0000000000000002
+#define R_PTE_EAA_X             0x0000000000000001
+#define R_PDE_NLB               PRTBE_R_RPDB
+#define R_PDE_NLS               PRTBE_R_RPDS
+
+#ifdef TARGET_PPC64
+
+int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
+                                 int mmu_idx);
+
+static inline int ppc_radix64_get_prot_eaa(uint64_t pte)
+{
+    return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
+           (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
+           (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
+}
+
+static inline int ppc_radix64_get_prot_amr(PowerPCCPU *cpu)
+{
+    CPUPPCState *env = &cpu->env;
+    int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */
+    int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */
+
+    return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit is set */
+           (amr & 0x1 ? 0 : PAGE_READ) |
+           (iamr & 0x1 ? 0 : PAGE_EXEC);
+}
+
+#endif /* TARGET_PPC64 */
+
+#endif /* CONFIG_USER_ONLY */
+
+#endif /* MMU_RADIX64_H */
-- 
2.9.3

[Qemu-devel] [PULL 18/22] target/ppc: Enable RADIX mmu mode for pseries TCG guest

[David Gibson]

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Now that we have added all the infrastructure we can enable a pseries TCG
guest to use radix.

In order to do this we have to add the appropriate bits to the
ibm,arch-vec-5-platform-support vector to represent that we support both
hash and radix mmu models.

A radix guest can now be booted in pseries tcg mode by specifying:
-cpu POWER9

Note that we assume hash, that is we allocate a hpt, until a guest tells
us otherwise via a H_REGISTER_PROCESS_TABLE call with radix specified - in
which case we free the hpt. If we were right and the guest is hash then
there's nothing for us to do.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 80d12d0..e2dc77c 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -855,6 +855,8 @@ static void spapr_dt_rtas(sPAPRMachineState *spapr, void *fdt)
  * option vector 5: */
 static void spapr_dt_ov5_platform_support(void *fdt, int chosen)
 {
+    PowerPCCPU *first_ppc_cpu = POWERPC_CPU(first_cpu);
+
     char val[2 * 3] = {
         24, 0x00, /* Hash/Radix, filled in below. */
         25, 0x00, /* Hash options: Segment Tables == no, GTSE == no. */
@@ -870,8 +872,13 @@ static void spapr_dt_ov5_platform_support(void *fdt, int chosen)
             val[1] = 0x00; /* Hash */
         }
     } else {
-        /* TODO: TCG case, hash */
-        val[1] = 0x00;
+        if (first_ppc_cpu->env.mmu_model & POWERPC_MMU_V3) {
+            /* V3 MMU supports both hash and radix (with dynamic switching) */
+            val[1] = 0xC0;
+        } else {
+            /* Otherwise we can only do hash */
+            val[1] = 0x00;
+        }
     }
     _FDT(fdt_setprop(fdt, chosen, "ibm,arch-vec-5-platform-support",
                      val, sizeof(val)));
@@ -2101,8 +2108,8 @@ static void ppc_spapr_init(MachineState *machine)
     }
 
     spapr_ovec_set(spapr->ov5, OV5_FORM1_AFFINITY);
-    if (kvmppc_has_cap_mmu_radix()) {
-        /* KVM always allows GTSE with radix... */
+    if (!kvm_enabled() || kvmppc_has_cap_mmu_radix()) {
+        /* KVM and TCG always allow GTSE with radix... */
         spapr_ovec_set(spapr->ov5, OV5_MMU_RADIX_GTSE);
     }
     /* ... but not with hash (currently). */
-- 
2.9.3

[Qemu-devel] [PULL 19/22] ppc: xics: fix compilation with CentOS 6

[David Gibson]

From: Paolo Bonzini <pbonzini@redhat.com>

The PowerPCCPU typedef is included twice if a file includes
both hw/ppc/xics.h and target/ppc/cpu-qom.h.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 include/hw/ppc/xics.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
index 68525c8..05e6acb 100644
--- a/include/hw/ppc/xics.h
+++ b/include/hw/ppc/xics.h
@@ -29,6 +29,7 @@
 #define XICS_H
 
 #include "hw/qdev.h"
+#include "target/ppc/cpu-qom.h"
 
 #define XICS_IPI        0x2
 #define XICS_BUID       0x1
@@ -46,7 +47,6 @@ typedef struct ICSStateClass ICSStateClass;
 typedef struct ICSState ICSState;
 typedef struct ICSIRQState ICSIRQState;
 typedef struct XICSFabric XICSFabric;
-typedef struct PowerPCCPU PowerPCCPU;
 
 #define TYPE_ICP "icp"
 #define ICP(obj) OBJECT_CHECK(ICPState, (obj), TYPE_ICP)
-- 
2.9.3

[Qemu-devel] [PULL 20/22] spapr: Don't accidentally advertise HTM support on POWER9

[David Gibson]

Logic in spapr_populate_pa_features() enables the bit advertising
Hardware Transactional Memory (HTM) in the guest's device tree only when
KVM advertises its availability with the KVM_CAP_PPC_HTM feature.

However, this assumes that the HTM bit is off in the base template used for
the device tree value.  That is true for POWER8, but not for POWER9.

It looks like that was accidentally changed in 9fb4541 "spapr: Enable ISA
3.0 MMU mode selection via CAS".

Fixes: 9fb4541f5803f8d2ba116b12113386e26482ba30

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
---
 hw/ppc/spapr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e2dc77c..1b7cada 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -219,7 +219,7 @@ static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset,
         /* 16: Vector */
         0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 12 - 17 */
         /* 18: Vec. Scalar, 20: Vec. XOR, 22: HTM */
-        0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 18 - 23 */
+        0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 18 - 23 */
         /* 24: Ext. Dec, 26: 64 bit ftrs, 28: PM ftrs */
         0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 24 - 29 */
         /* 30: MMR, 32: LE atomic, 34: EBB + ext EBB */
-- 
2.9.3

[Qemu-devel] [PULL 21/22] target/ppc: Allow workarounds for POWER9 DD1

[David Gibson]

POWER9 DD1 silicon has some bugs which mean it a) isn't really compliant
with the ISA v3.00 and b) require a number of special workarounds in the
kernel.

At the moment, qemu isn't aware of DD1.  For TCG we don't really want it to
be (why bother emulating buggy silicon).  But with KVM, the guest does need
to be aware of DD1 so it can apply the necessary workarounds.

Meanwhile, the feature negotiation between qemu and the guest strongly
favours architected compatibility modes to "raw" CPU modes.  In combination
with the above, this means the guest sees architected POWER9 mode, and
doesn't apply the DD1 workarounds.  Well, unless it has yet another
workaround to partially ignore what qemu tells it.

This patch addresses this by disabling support for compatibility modes when
using KVM on a POWER9 DD1 host.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 target/ppc/cpu-models.h |  1 +
 target/ppc/kvm.c        | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/target/ppc/cpu-models.h b/target/ppc/cpu-models.h
index d587e69..b563c45 100644
--- a/target/ppc/cpu-models.h
+++ b/target/ppc/cpu-models.h
@@ -561,6 +561,7 @@ enum {
     CPU_POWERPC_POWER8NVL_BASE     = 0x004C0000,
     CPU_POWERPC_POWER8NVL_v10      = 0x004C0100,
     CPU_POWERPC_POWER9_BASE        = 0x004E0000,
+    CPU_POWERPC_POWER9_DD1         = 0x004E0100,
     CPU_POWERPC_970_v22            = 0x00390202,
     CPU_POWERPC_970FX_v10          = 0x00391100,
     CPU_POWERPC_970FX_v20          = 0x003C0200,
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 8574c36..cb2cf2b 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2380,6 +2380,17 @@ static void kvmppc_host_cpu_class_init(ObjectClass *oc, void *data)
 
 #if defined(TARGET_PPC64)
     pcc->radix_page_info = kvm_get_radix_page_info();
+
+    if ((pcc->pvr & 0xffffff00) == CPU_POWERPC_POWER9_DD1) {
+        /*
+         * POWER9 DD1 has some bugs which make it not really ISA 3.00
+         * compliant.  More importantly, advertising ISA 3.00
+         * architected mode may prevent guests from activating
+         * necessary DD1 workarounds.
+         */
+        pcc->pcr_supported &= ~(PCR_COMPAT_3_00 | PCR_COMPAT_2_07
+                                | PCR_COMPAT_2_06 | PCR_COMPAT_2_05);
+    }
 #endif /* defined(TARGET_PPC64) */
 }
 
-- 
2.9.3

[Qemu-devel] [PULL 22/22] pnv: Fix build failures on some host platforms

[David Gibson]

This makes some changes to fix build failures on the 'min-glib' docker
image, and maybe other platforms with a buildchain that's less tolerant
about duplicated typedefs.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 include/hw/ppc/pnv.h     | 3 +--
 include/hw/ppc/pnv_lpc.h | 4 ++--
 include/hw/ppc/pnv_occ.h | 4 ++--
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index c1288f9..9c5437d 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -21,6 +21,7 @@
 
 #include "hw/boards.h"
 #include "hw/sysbus.h"
+#include "hw/ipmi/ipmi.h"
 #include "hw/ppc/pnv_lpc.h"
 #include "hw/ppc/pnv_psi.h"
 #include "hw/ppc/pnv_occ.h"
@@ -118,8 +119,6 @@ typedef struct PnvChipClass {
 #define POWERNV_MACHINE(obj) \
     OBJECT_CHECK(PnvMachineState, (obj), TYPE_POWERNV_MACHINE)
 
-typedef struct IPMIBmc IPMIBmc;
-
 typedef struct PnvMachineState {
     /*< private >*/
     MachineState parent_obj;
diff --git a/include/hw/ppc/pnv_lpc.h b/include/hw/ppc/pnv_lpc.h
index ccf969a..023b4f0 100644
--- a/include/hw/ppc/pnv_lpc.h
+++ b/include/hw/ppc/pnv_lpc.h
@@ -19,12 +19,12 @@
 #ifndef _PPC_PNV_LPC_H
 #define _PPC_PNV_LPC_H
 
+#include "hw/ppc/pnv_psi.h"
+
 #define TYPE_PNV_LPC "pnv-lpc"
 #define PNV_LPC(obj) \
      OBJECT_CHECK(PnvLpcController, (obj), TYPE_PNV_LPC)
 
-typedef struct PnvPsi PnvPsi;
-
 typedef struct PnvLpcController {
     DeviceState parent;
 
diff --git a/include/hw/ppc/pnv_occ.h b/include/hw/ppc/pnv_occ.h
index f8ec330..82f299d 100644
--- a/include/hw/ppc/pnv_occ.h
+++ b/include/hw/ppc/pnv_occ.h
@@ -19,11 +19,11 @@
 #ifndef _PPC_PNV_OCC_H
 #define _PPC_PNV_OCC_H
 
+#include "hw/ppc/pnv_psi.h"
+
 #define TYPE_PNV_OCC "pnv-occ"
 #define PNV_OCC(obj) OBJECT_CHECK(PnvOCC, (obj), TYPE_PNV_OCC)
 
-typedef struct PnvPsi PnvPsi;
-
 typedef struct PnvOCC {
     DeviceState xd;
 
-- 
2.9.3

Re: [Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20170510070115.13063-1-david@gibson.dropbear.id.au
Type: series
Subject: [Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
1b70f29 pnv: Fix build failures on some host platforms
86671f8 target/ppc: Allow workarounds for POWER9 DD1
6cedee8 spapr: Don't accidentally advertise HTM support on POWER9
6977773 ppc: xics: fix compilation with CentOS 6
eafc8f5 target/ppc: Enable RADIX mmu mode for pseries TCG guest
0695293 target/ppc: Implement ISA V3.00 radix page fault handler
44c9403 target/ppc: Change tlbie invalid fields for POWER9 support
9b09287 target/ppc: Update tlbie to check privilege level based on GTSE
d1a36ba target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE
7cf9c6f ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs
dd211ca ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs
757323f Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule
636240c Add QemuMacDrivers as submodule
bd86886 ppc/xics: preserve P and Q bits for KVM IRQs
c769966 ppc/xics: Fix stale irq->status bits after get
fe7ce46 target/ppc: do not reset reserve_addr in exec_enter
48eb3bf tcg: enable MTTCG by default for PPC64 on x86
46bdb83 cpus: Fix CPU unplug for MTTCG
64d1b41 target/ppc: Generate fence operations
688eb24 cputlb: handle first atomic write to the page
625734c target/ppc: Emulate LL/SC using cmpxchg helpers
d736912 ppc/pnv: restrict BMC object to the BMC simulator

=== OUTPUT BEGIN ===
Checking PATCH 1/22: ppc/pnv: restrict BMC object to the BMC simulator...
Checking PATCH 2/22: target/ppc: Emulate LL/SC using cmpxchg helpers...
Checking PATCH 3/22: cputlb: handle first atomic write to the page...
Checking PATCH 4/22: target/ppc: Generate fence operations...
Checking PATCH 5/22: cpus: Fix CPU unplug for MTTCG...
Checking PATCH 6/22: tcg: enable MTTCG by default for PPC64 on x86...
Checking PATCH 7/22: target/ppc: do not reset reserve_addr in exec_enter...
Checking PATCH 8/22: ppc/xics: Fix stale irq->status bits after get...
Checking PATCH 9/22: ppc/xics: preserve P and Q bits for KVM IRQs...
Checking PATCH 10/22: Add QemuMacDrivers as submodule...
Checking PATCH 11/22: Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule...
Checking PATCH 12/22: ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs...
Checking PATCH 13/22: ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs...
Checking PATCH 14/22: target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE...
Checking PATCH 15/22: target/ppc: Update tlbie to check privilege level based on GTSE...
Checking PATCH 16/22: target/ppc: Change tlbie invalid fields for POWER9 support...
Checking PATCH 17/22: target/ppc: Implement ISA V3.00 radix page fault handler...
ERROR: Macros with complex values should be enclosed in parenthesis
#413: FILE: target/ppc/mmu-radix64.h:19:
+#define PRTBE_R_GET_RTS(rts)    (((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31

total: 1 errors, 0 warnings, 373 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 18/22: target/ppc: Enable RADIX mmu mode for pseries TCG guest...
Checking PATCH 19/22: ppc: xics: fix compilation with CentOS 6...
Checking PATCH 20/22: spapr: Don't accidentally advertise HTM support on POWER9...
Checking PATCH 21/22: target/ppc: Allow workarounds for POWER9 DD1...
Checking PATCH 22/22: pnv: Fix build failures on some host platforms...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 5029 bytes --]

On Wed, May 10, 2017 at 12:50:29AM -0700, no-reply@patchew.org wrote:
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Message-id: 20170510070115.13063-1-david@gibson.dropbear.id.au
> Type: series
> Subject: [Qemu-devel] [PULL 00/22] ppc-for-2.10 queue 20170510
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> 
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
> 
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> 
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
>     echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
>     if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
>         failed=1
>         echo
>     fi
>     n=$((n+1))
> done
> 
> exit $failed
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> 1b70f29 pnv: Fix build failures on some host platforms
> 86671f8 target/ppc: Allow workarounds for POWER9 DD1
> 6cedee8 spapr: Don't accidentally advertise HTM support on POWER9
> 6977773 ppc: xics: fix compilation with CentOS 6
> eafc8f5 target/ppc: Enable RADIX mmu mode for pseries TCG guest
> 0695293 target/ppc: Implement ISA V3.00 radix page fault handler
> 44c9403 target/ppc: Change tlbie invalid fields for POWER9 support
> 9b09287 target/ppc: Update tlbie to check privilege level based on GTSE
> d1a36ba target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE
> 7cf9c6f ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs
> dd211ca ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs
> 757323f Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule
> 636240c Add QemuMacDrivers as submodule
> bd86886 ppc/xics: preserve P and Q bits for KVM IRQs
> c769966 ppc/xics: Fix stale irq->status bits after get
> fe7ce46 target/ppc: do not reset reserve_addr in exec_enter
> 48eb3bf tcg: enable MTTCG by default for PPC64 on x86
> 46bdb83 cpus: Fix CPU unplug for MTTCG
> 64d1b41 target/ppc: Generate fence operations
> 688eb24 cputlb: handle first atomic write to the page
> 625734c target/ppc: Emulate LL/SC using cmpxchg helpers
> d736912 ppc/pnv: restrict BMC object to the BMC simulator
> 
> === OUTPUT BEGIN ===
> Checking PATCH 1/22: ppc/pnv: restrict BMC object to the BMC simulator...
> Checking PATCH 2/22: target/ppc: Emulate LL/SC using cmpxchg helpers...
> Checking PATCH 3/22: cputlb: handle first atomic write to the page...
> Checking PATCH 4/22: target/ppc: Generate fence operations...
> Checking PATCH 5/22: cpus: Fix CPU unplug for MTTCG...
> Checking PATCH 6/22: tcg: enable MTTCG by default for PPC64 on x86...
> Checking PATCH 7/22: target/ppc: do not reset reserve_addr in exec_enter...
> Checking PATCH 8/22: ppc/xics: Fix stale irq->status bits after get...
> Checking PATCH 9/22: ppc/xics: preserve P and Q bits for KVM IRQs...
> Checking PATCH 10/22: Add QemuMacDrivers as submodule...
> Checking PATCH 11/22: Add QemuMacDrivers qemu_vga.ndrv revision d4e7d7a built as submodule...
> Checking PATCH 12/22: ppc: add qemu_vga.ndrv ROM to fw_cfg interface for OldWorld Macs...
> Checking PATCH 13/22: ppc: add qemu_vga.ndrv ROM to fw_cfg interface for NewWorld Macs...
> Checking PATCH 14/22: target/ppc: Set UPRT and GTSE on all cpus in H_REGISTER_PROCESS_TABLE...
> Checking PATCH 15/22: target/ppc: Update tlbie to check privilege level based on GTSE...
> Checking PATCH 16/22: target/ppc: Change tlbie invalid fields for POWER9 support...
> Checking PATCH 17/22: target/ppc: Implement ISA V3.00 radix page fault handler...
> ERROR: Macros with complex values should be enclosed in parenthesis
> #413: FILE: target/ppc/mmu-radix64.h:19:
> +#define PRTBE_R_GET_RTS(rts)    (((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31

Crud.  that's actually an important one, I should have caught it.

> total: 1 errors, 0 warnings, 373 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 18/22: target/ppc: Enable RADIX mmu mode for pseries TCG guest...
> Checking PATCH 19/22: ppc: xics: fix compilation with CentOS 6...
> Checking PATCH 20/22: spapr: Don't accidentally advertise HTM support on POWER9...
> Checking PATCH 21/22: target/ppc: Allow workarounds for POWER9 DD1...
> Checking PATCH 22/22: pnv: Fix build failures on some host platforms...
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-devel@freelists.org

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]