Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Gerhard Wiesinger]

On 10.11.2012 00:52, Peter Maydell wrote:

On 10 November 2012 00:45, Marek Vasut  wrote:

Gerd Hoffmann wrote:

Question is just whenever we'll go silently fixup stuff in console.c or
use assert()s to enforce callers getting this correct.  I'd tend to use
assert() as vmware-vga passing bogous stuff there IMHO indicates there
is a bug in vmware-vga.

Or rather some revisions of the guest X driver.

If qemu's vmware-vga is blithely trusting what the guest driver
hands it then that is itself a bug...

To answer Gerd's question, I think I'd go for clip rather than assert
(especially at this point in the release cycle), though I don't feel
very strongly about it.


I'd go for clipping rather than asserting too (no crash) in all layers 
as a defensive approach (console.c/vnc.c). Additionally logging that 
condition would be helpful that the arising bug (which occurred several 
times with a lot of unapplied fixes) can be detected by users easily and 
fixed accordingly.


Ciao,
Gerhard

[Qemu-devel] [PATCH] target-mips: Fix seg fault for LUI when MIPS_DEBUG_DISAS==1.

[Eric Johnson]

The call to gen_logic_imm for OPC_LUI passes -1 for rs.  This
causes the MIPS_DEBUG statement to seg fault due to the deference
of regnames[rs].  This patch fixes that.

Signed-off-by: Eric Johnson 
---
 target-mips/translate.c |   18 +++---
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/target-mips/translate.c b/target-mips/translate.c
index 8175da0..aba6327 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -2013,7 +2013,6 @@ static void gen_logic_imm(CPUMIPSState *env, DisasContext 
*ctx, uint32_t opc,
   int rt, int rs, int16_t imm)
 {
 target_ulong uimm;
-const char *opn = "imm logic";
 
 if (rt == 0) {
 /* If no destination, treat it as a NOP. */
@@ -2027,29 +2026,34 @@ static void gen_logic_imm(CPUMIPSState *env, 
DisasContext *ctx, uint32_t opc,
 tcg_gen_andi_tl(cpu_gpr[rt], cpu_gpr[rs], uimm);
 else
 tcg_gen_movi_tl(cpu_gpr[rt], 0);
-opn = "andi";
+MIPS_DEBUG("%s %s, %s, " TARGET_FMT_lx, "andi", regnames[rt],
+regnames[rs], uimm);
 break;
 case OPC_ORI:
 if (rs != 0)
 tcg_gen_ori_tl(cpu_gpr[rt], cpu_gpr[rs], uimm);
 else
 tcg_gen_movi_tl(cpu_gpr[rt], uimm);
-opn = "ori";
+MIPS_DEBUG("%s %s, %s, " TARGET_FMT_lx, "ori", regnames[rt],
+regnames[rs], uimm);
 break;
 case OPC_XORI:
 if (likely(rs != 0))
 tcg_gen_xori_tl(cpu_gpr[rt], cpu_gpr[rs], uimm);
 else
 tcg_gen_movi_tl(cpu_gpr[rt], uimm);
-opn = "xori";
+MIPS_DEBUG("%s %s, %s, " TARGET_FMT_lx, "xori", regnames[rt],
+regnames[rs], uimm);
 break;
 case OPC_LUI:
 tcg_gen_movi_tl(cpu_gpr[rt], imm << 16);
-opn = "lui";
+MIPS_DEBUG("lui %s, " TARGET_FMT_lx, regnames[rt], uimm);
+break;
+
+default:
+MIPS_DEBUG("Unknown logical immediate opcode %08x", opc);
 break;
 }
-(void)opn; /* avoid a compiler warning */
-MIPS_DEBUG("%s %s, %s, " TARGET_FMT_lx, opn, regnames[rt], regnames[rs], 
uimm);
 }
 
 /* Set on less than with immediate operand */
-- 
1.7.4.4

Re: [Qemu-devel] [RFC v1 2/3] ramlist: apply fine grain lock for ram_list

[Paolo Bonzini]

Il 09/11/2012 04:14, Liu Ping Fan ha scritto:
> From: Liu Ping Fan 
> 
> Signed-off-by: Liu Ping Fan 
> ---
>  cpu-all.h |1 +
>  exec.c|   46 +++---
>  2 files changed, 40 insertions(+), 7 deletions(-)

The problem here is that the ram_list is a pretty critical bit for TCG.

The migration thread series has patches that split the list in two: a
MRU-accessed list that uses the BQL, and another that uses a separate lock.

address_space_map could use the latter list.  In order to improve
performance further, we could sort the list from the biggest to the
smallest region, like KVM does in the kernel.

Paolo

> diff --git a/cpu-all.h b/cpu-all.h
> index 6aa7e58..d3ead99 100644
> --- a/cpu-all.h
> +++ b/cpu-all.h
> @@ -498,6 +498,7 @@ typedef struct RAMBlock {
>  } RAMBlock;
>  
>  typedef struct RAMList {
> +QemuMutex lock;
>  uint8_t *phys_dirty;
>  QLIST_HEAD(, RAMBlock) blocks;
>  } RAMList;
> diff --git a/exec.c b/exec.c
> index fe84718..e5f1c0f 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -2444,6 +2444,7 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
>  if (QLIST_EMPTY(&ram_list.blocks))
>  return 0;
>  
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREACH(block, &ram_list.blocks, next) {
>  ram_addr_t end, next = RAM_ADDR_MAX;
>  
> @@ -2459,6 +2460,7 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
>  mingap = next - end;
>  }
>  }
> +qemu_mutex_unlock(&ram_list.lock);
>  
>  if (offset == RAM_ADDR_MAX) {
>  fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 
> "\n",
> @@ -2474,8 +2476,10 @@ ram_addr_t last_ram_offset(void)
>  RAMBlock *block;
>  ram_addr_t last = 0;
>  
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREACH(block, &ram_list.blocks, next)
>  last = MAX(last, block->offset + block->length);
> +qemu_mutex_unlock(&ram_list.lock);
>  
>  return last;
>  }
> @@ -2503,6 +2507,7 @@ void qemu_ram_set_idstr(ram_addr_t addr, const char 
> *name, DeviceState *dev)
>  RAMBlock *new_block, *block;
>  
>  new_block = NULL;
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREACH(block, &ram_list.blocks, next) {
>  if (block->offset == addr) {
>  new_block = block;
> @@ -2528,6 +2533,7 @@ void qemu_ram_set_idstr(ram_addr_t addr, const char 
> *name, DeviceState *dev)
>  abort();
>  }
>  }
> +qemu_mutex_unlock(&ram_list.lock);
>  }
>  
>  static int memory_try_enable_merging(void *addr, size_t len)
> @@ -2582,12 +2588,6 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, 
> void *host,
>  }
>  new_block->length = size;
>  
> -QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
> -
> -ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
> -   last_ram_offset() >> 
> TARGET_PAGE_BITS);
> -memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
> -   0, size >> TARGET_PAGE_BITS);
>  cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
>  
>  qemu_ram_setup_dump(new_block->host, size);
> @@ -2596,6 +2596,15 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, 
> void *host,
>  if (kvm_enabled())
>  kvm_setup_guest_memory(new_block->host, size);
>  
> +qemu_mutex_lock(&ram_list.lock);
> +QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
> +
> +ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
> +   last_ram_offset() >> 
> TARGET_PAGE_BITS);
> +memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
> +   0, size >> TARGET_PAGE_BITS);
> +qemu_mutex_unlock(&ram_list.lock);
> +
>  return new_block->offset;
>  }
>  
> @@ -2608,19 +2617,23 @@ void qemu_ram_free_from_ptr(ram_addr_t addr)
>  {
>  RAMBlock *block;
>  
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREACH(block, &ram_list.blocks, next) {
>  if (addr == block->offset) {
>  QLIST_REMOVE(block, next);
>  g_free(block);
> +qemu_mutex_unlock(&ram_list.lock);
>  return;
>  }
>  }
> +qemu_mutex_unlock(&ram_list.lock);
>  }
>  
>  void qemu_ram_free(ram_addr_t addr)
>  {
>  RAMBlock *block;
>  
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREACH(block, &ram_list.blocks, next) {
>  if (addr == block->offset) {
>  QLIST_REMOVE(block, next);
> @@ -2649,10 +2662,11 @@ void qemu_ram_free(ram_addr_t addr)
>  #endif
>  }
>  g_free(block);
> +qemu_mutex_unlock(&ram_list.lock);
>  return;
>  }
>  }
> -
> +qemu_mutex_unlock(&ram_list.lock);
>  }
>  
>  #ifndef _WIN32
> @@ -2663,6 +2677,7 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
>  int flags;
>  void *area, *vaddr;
>  
> +qemu_mutex_lock(&ram_list.lock);
>  QLIST_FOREA

Re: [Qemu-devel] [RFC v1 1/3] bouce buffer has fine grain lock

[Paolo Bonzini]

Il 09/11/2012 04:14, Liu Ping Fan ha scritto:
> From: Liu Ping Fan 
> 
> Signed-off-by: Liu Ping Fan 
> ---
>  exec.c |   21 +
>  1 files changed, 13 insertions(+), 8 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index 73d5242..fe84718 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -3296,6 +3296,15 @@ void address_space_destroy_dispatch(AddressSpace *as)
>  as->dispatch = NULL;
>  }
>  
> +typedef struct {
> +QemuMutex lock;
> +void *buffer;
> +target_phys_addr_t addr;
> +target_phys_addr_t len;
> +} BounceBuffer;
> +
> +static BounceBuffer bounce;
> +
>  static void memory_map_init(void)
>  {
>  system_memory = g_malloc(sizeof(*system_memory));
> @@ -3308,6 +3317,8 @@ static void memory_map_init(void)
>  address_space_init(&address_space_io, system_io);
>  address_space_io.name = "I/O";
>  
> +qemu_mutex_init(&bounce.lock);
> +
>  memory_listener_register(&core_memory_listener, &address_space_memory);
>  memory_listener_register(&io_memory_listener, &address_space_io);
>  memory_listener_register(&tcg_memory_listener, &address_space_memory);
> @@ -3671,14 +3682,6 @@ void cpu_physical_memory_write_rom(target_phys_addr_t 
> addr,
>  }
>  }
>  
> -typedef struct {
> -void *buffer;
> -target_phys_addr_t addr;
> -target_phys_addr_t len;
> -} BounceBuffer;
> -
> -static BounceBuffer bounce;
> -
>  typedef struct MapClient {
>  void *opaque;
>  void (*callback)(void *opaque);
> @@ -3747,6 +3750,7 @@ void *address_space_map(AddressSpace *as,
>  section = &mr_obj;
>  
>  if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
> +qemu_mutex_lock(&bounce.lock);
>  if (todo || bounce.buffer) {
>  break;
>  }

"todo" must be checked before the if.

Also, you do not need to keep the lock after address_space_map exits.
In fact, it can be released as soon as bounce.buffer is written to.
After that point, bounce will not be touched (the lock only serves to
serialize writes to bounce.buffer).  That is,

 if (todo) {
 break;
 }
 qemu_mutex_lock(&bounce.lock);
 if (bounce.buffer) {
 qemu_mutex_unlock(&bounce.lock);
 break;
 }
 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
 qemu_mutex_unlock(&bounce.lock);


Of course, this must be documented.

Paolo

> @@ -3807,6 +3811,7 @@ void address_space_unmap(AddressSpace *as, void 
> *buffer, target_phys_addr_t len,
>  }
>  qemu_vfree(bounce.buffer);
>  bounce.buffer = NULL;
> +qemu_mutex_unlock(&bounce.lock);
>  cpu_notify_map_clients();
>  }
>  
> 

Re: [Qemu-devel] [PATCH] vnc: fix option misspelling ("non-adapative" -> "non-adaptive")

[Peter Maydell]

On 10 November 2012 01:01, Catalin Patulea  wrote:
>
> Signed-off-by: Catalin Patulea 
> ---
> D'oh, that was really stupid. Here it is with the correct length.
>
>  ui/vnc.c |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 61f120e..ba30362 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2945,7 +2945,7 @@ void vnc_display_open(DisplayState *ds, const char 
> *display, Error **errp)
>  #endif
>  } else if (strncmp(options, "lossy", 5) == 0) {
>  vs->lossy = true;
> -} else if (strncmp(options, "non-adapative", 13) == 0) {
> +} else if (strncmp(options, "non-adaptive", 12) == 0) {
>  vs->non_adaptive = true;
>  } else if (strncmp(options, "share=", 6) == 0) {
>  if (strncmp(options+6, "ignore", 6) == 0) {
> --
> 1.7.7.3
>

Reviewed-by: Peter Maydell 

If we're gonna do this I guess it should go into 1.3...
cc'ing Anthony.

-- PMM

Re: [Qemu-devel] [PATCH] Revert "aio: clean up now-unused functions"

[malc]

On Sat, 10 Nov 2012, Paolo Bonzini wrote:

> Il 09/11/2012 21:43, malc ha scritto:
> > 
> > Breaks (at least) SB16. Apparently doesn't do what commit message says
> > it does.
> > 
> > This reverts commit 22bfa75eafc21522afbb265091faa9cc0649e9fb.
> 
> NACK in this shape, but reverting just the async.c parts (and making
> aio_bh_update_timeout static otherwise you get a warning) is fine.

Please make a patch then, i'm just try to cure the symptoms here.

[..snip..]

-- 
mailto:av1...@comtv.ru

[Qemu-devel] [PATCH] vnc: fix option misspelling ("non-adapative" -> "non-adaptive")

[Catalin Patulea]

Signed-off-by: Catalin Patulea 
---
D'oh, that was really stupid. Here it is with the correct length.

 ui/vnc.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 61f120e..ba30362 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2945,7 +2945,7 @@ void vnc_display_open(DisplayState *ds, const char 
*display, Error **errp)
 #endif
 } else if (strncmp(options, "lossy", 5) == 0) {
 vs->lossy = true;
-} else if (strncmp(options, "non-adapative", 13) == 0) {
+} else if (strncmp(options, "non-adaptive", 12) == 0) {
 vs->non_adaptive = true;
 } else if (strncmp(options, "share=", 6) == 0) {
 if (strncmp(options+6, "ignore", 6) == 0) {
-- 
1.7.7.3

Re: [Qemu-devel] [PATCH] vnc: fix option misspelling ("non-adapative" -> "non-adaptive")

[Peter Maydell]

On 10 November 2012 00:31, Catalin Patulea  wrote:
>
> Signed-off-by: Catalin Patulea 
> ---
> A cursory web search shows that this flag doesn't show up much other than in
> QEMU mailing lists and source. I don't think this will break anything.

Yeah. In particular we documented it with the correct spelling
and nobody came along and reported the option as missing. I think
we can get away with this change. However...

> ui/vnc.c |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 61f120e..073fbe7 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2945,7 +2945,7 @@ void vnc_display_open(DisplayState *ds, const char 
> *display, Error **errp)
>  #endif
>  } else if (strncmp(options, "lossy", 5) == 0) {
>  vs->lossy = true;
> -} else if (strncmp(options, "non-adapative", 13) == 0) {
> +} else if (strncmp(options, "non-adaptive", 13) == 0) {

...this is a strncmp, you need to update the length parameter
because you've changed the string.

>  vs->non_adaptive = true;
>  } else if (strncmp(options, "share=", 6) == 0) {
>  if (strncmp(options+6, "ignore", 6) == 0) {
> --
> 1.7.7.3

-- PMM

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Peter Maydell]

On 10 November 2012 00:45, Marek Vasut  wrote:
> Gerd Hoffmann wrote:
>> Question is just whenever we'll go silently fixup stuff in console.c or
>> use assert()s to enforce callers getting this correct.  I'd tend to use
>> assert() as vmware-vga passing bogous stuff there IMHO indicates there
>> is a bug in vmware-vga.
>
> Or rather some revisions of the guest X driver.

If qemu's vmware-vga is blithely trusting what the guest driver
hands it then that is itself a bug...

To answer Gerd's question, I think I'd go for clip rather than assert
(especially at this point in the release cycle), though I don't feel
very strongly about it.

-- PMM

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Marek Vasut]

Dear Gerd Hoffmann,

> On 11/09/12 10:50, Peter Maydell wrote:
> > On 9 November 2012 10:42, Anthony Liguori  wrote:
> >> While the abstract discussion is fun, it never hurts to be defensive.  I
> >> agree the root cause is vmware-vga but checking in vnc doesn't hurt.
> > 
> > Defensive programming would suggest doing the clipping in the
> > console.c layer. That sounds a reasonable plan to me (especially
> > if we've hit similar problems multiple times in the past).
> 
> Fully agree, I'll cook up a patch as I'm touching that anyway.
> 
> Question is just whenever we'll go silently fixup stuff in console.c or
> use assert()s to enforce callers getting this correct.  I'd tend to use
> assert() as vmware-vga passing bogous stuff there IMHO indicates there
> is a bug in vmware-vga.

Or rather some revisions of the guest X driver. Though it's worth investigating 
it in the right place indeed.

> cheers,
>   Gerd

Best regards,
Marek Vasut

[Qemu-devel] [PATCH] vnc: fix option misspelling ("non-adapative" -> "non-adaptive")

[Catalin Patulea]

Signed-off-by: Catalin Patulea 
---
A cursory web search shows that this flag doesn't show up much other than in
QEMU mailing lists and source. I don't think this will break anything.

ui/vnc.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 61f120e..073fbe7 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2945,7 +2945,7 @@ void vnc_display_open(DisplayState *ds, const char 
*display, Error **errp)
 #endif
 } else if (strncmp(options, "lossy", 5) == 0) {
 vs->lossy = true;
-} else if (strncmp(options, "non-adapative", 13) == 0) {
+} else if (strncmp(options, "non-adaptive", 13) == 0) {
 vs->non_adaptive = true;
 } else if (strncmp(options, "share=", 6) == 0) {
 if (strncmp(options+6, "ignore", 6) == 0) {
-- 
1.7.7.3

Re: [Qemu-devel] [PATCH] Revert "aio: clean up now-unused functions"

[Paolo Bonzini]

Il 09/11/2012 21:43, malc ha scritto:
> 
> Breaks (at least) SB16. Apparently doesn't do what commit message says
> it does.
> 
> This reverts commit 22bfa75eafc21522afbb265091faa9cc0649e9fb.

NACK in this shape, but reverting just the async.c parts (and making
aio_bh_update_timeout static otherwise you get a warning) is fine.

Paolo

> ---
>  async.c   |   23 ---
>  oslib-posix.c |   31 +++
>  qemu-aio.h|1 +
>  qemu-common.h |1 +
>  4 files changed, 49 insertions(+), 7 deletions(-)
> 
> diff --git a/async.c b/async.c
> index 04f9dcb..564526f 100644
> --- a/async.c
> +++ b/async.c
> @@ -117,20 +117,16 @@ void qemu_bh_delete(QEMUBH *bh)
>  bh->deleted = 1;
>  }
>  
> -static gboolean
> -aio_ctx_prepare(GSource *source, gint*timeout)
> +void aio_bh_update_timeout(AioContext *ctx, uint32_t *timeout)
>  {
> -AioContext *ctx = (AioContext *) source;
>  QEMUBH *bh;
> -bool scheduled = false;
>  
>  for (bh = ctx->first_bh; bh; bh = bh->next) {
>  if (!bh->deleted && bh->scheduled) {
> -scheduled = true;
>  if (bh->idle) {
>  /* idle bottom halves will be polled at least
>   * every 10ms */
> -*timeout = 10;
> +*timeout = MIN(10, *timeout);
>  } else {
>  /* non-idle bottom halves will be executed
>   * immediately */
> @@ -139,8 +135,21 @@ aio_ctx_prepare(GSource *source, gint*timeout)
>  }
>  }
>  }
> +}
> +
> +static gboolean
> +aio_ctx_prepare(GSource *source, gint*timeout)
> +{
> +AioContext *ctx = (AioContext *) source;
> +uint32_t wait = -1;
> +aio_bh_update_timeout(ctx, &wait);
> +
> +if (wait != -1) {
> +*timeout = MIN(*timeout, wait);


> +return wait == 0;
> +}
>  
> -return scheduled;
> +return false;
>  }
>  
>  static gboolean
> diff --git a/oslib-posix.c b/oslib-posix.c
> index 9db9c3d..dbeb627 100644
> --- a/oslib-posix.c
> +++ b/oslib-posix.c
> @@ -61,6 +61,9 @@ static int running_on_valgrind = -1;
>  #ifdef CONFIG_LINUX
>  #include 
>  #endif
> +#ifdef CONFIG_EVENTFD
> +#include 
> +#endif
>  
>  int qemu_get_thread_id(void)
>  {
> @@ -180,6 +183,34 @@ int qemu_pipe(int pipefd[2])
>  return ret;
>  }
>  
> +/*
> + * Creates an eventfd that looks like a pipe and has EFD_CLOEXEC set.
> + */
> +int qemu_eventfd(int fds[2])
> +{
> +#ifdef CONFIG_EVENTFD
> +int ret;
> +
> +ret = eventfd(0, 0);
> +if (ret >= 0) {
> +fds[0] = ret;
> +fds[1] = dup(ret);
> +if (fds[1] == -1) {
> +close(ret);
> +return -1;
> +}
> +qemu_set_cloexec(ret);
> +qemu_set_cloexec(fds[1]);
> +return 0;
> +}
> +if (errno != ENOSYS) {
> +return -1;
> +}
> +#endif
> +
> +return qemu_pipe(fds);
> +}
> +
>  int qemu_utimens(const char *path, const struct timespec *times)
>  {
>  struct timeval tv[2], tv_now;
> diff --git a/qemu-aio.h b/qemu-aio.h
> index 1b7eb6e..2354617 100644
> --- a/qemu-aio.h
> +++ b/qemu-aio.h
> @@ -125,6 +125,7 @@ void aio_notify(AioContext *ctx);
>   * These are internal functions used by the QEMU main loop.
>   */
>  int aio_bh_poll(AioContext *ctx);
> +void aio_bh_update_timeout(AioContext *ctx, uint32_t *timeout);
>  
>  /**
>   * qemu_bh_schedule: Schedule a bottom half.
> diff --git a/qemu-common.h b/qemu-common.h
> index ac9985c..5059a97 100644
> --- a/qemu-common.h
> +++ b/qemu-common.h
> @@ -218,6 +218,7 @@ ssize_t qemu_recv_full(int fd, void *buf, size_t count, 
> int flags)
>  QEMU_WARN_UNUSED_RESULT;
>  
>  #ifndef _WIN32
> +int qemu_eventfd(int pipefd[2]);
>  int qemu_pipe(int pipefd[2]);
>  #endif
>  
> 

Re: [Qemu-devel] [PATCH] MAINTAINERS: add Stefan Hajnoczi as block and virtio-blk co-maintainer

[Paolo Bonzini]

Il 09/11/2012 14:29, Stefan Hajnoczi ha scritto:
> Kevin has requested co-maintainership to give him more time to write
> code.  We will alternate patch review duties on a weekly basis.
> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  MAINTAINERS | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 8f5681f..2ede20d 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -553,6 +553,7 @@ T: git git://github.com/kvaneesh/QEMU.git
>  
>  virtio-blk
>  M: Kevin Wolf 
> +M: Stefan Hajnoczi 
>  S: Supported
>  F: hw/virtio-blk*
>  
> @@ -583,6 +584,7 @@ F: audio/
>  
>  Block
>  M: Kevin Wolf 
> +M: Stefan Hajnoczi 
>  S: Supported
>  F: block*
>  F: block/
> 

Congratulations!

Paolo

[Qemu-devel] [PATCH] Revert "aio: clean up now-unused functions"

[malc]

Breaks (at least) SB16. Apparently doesn't do what commit message says
it does.

This reverts commit 22bfa75eafc21522afbb265091faa9cc0649e9fb.
---
 async.c   |   23 ---
 oslib-posix.c |   31 +++
 qemu-aio.h|1 +
 qemu-common.h |1 +
 4 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/async.c b/async.c
index 04f9dcb..564526f 100644
--- a/async.c
+++ b/async.c
@@ -117,20 +117,16 @@ void qemu_bh_delete(QEMUBH *bh)
 bh->deleted = 1;
 }
 
-static gboolean
-aio_ctx_prepare(GSource *source, gint*timeout)
+void aio_bh_update_timeout(AioContext *ctx, uint32_t *timeout)
 {
-AioContext *ctx = (AioContext *) source;
 QEMUBH *bh;
-bool scheduled = false;
 
 for (bh = ctx->first_bh; bh; bh = bh->next) {
 if (!bh->deleted && bh->scheduled) {
-scheduled = true;
 if (bh->idle) {
 /* idle bottom halves will be polled at least
  * every 10ms */
-*timeout = 10;
+*timeout = MIN(10, *timeout);
 } else {
 /* non-idle bottom halves will be executed
  * immediately */
@@ -139,8 +135,21 @@ aio_ctx_prepare(GSource *source, gint*timeout)
 }
 }
 }
+}
+
+static gboolean
+aio_ctx_prepare(GSource *source, gint*timeout)
+{
+AioContext *ctx = (AioContext *) source;
+uint32_t wait = -1;
+aio_bh_update_timeout(ctx, &wait);
+
+if (wait != -1) {
+*timeout = MIN(*timeout, wait);
+return wait == 0;
+}
 
-return scheduled;
+return false;
 }
 
 static gboolean
diff --git a/oslib-posix.c b/oslib-posix.c
index 9db9c3d..dbeb627 100644
--- a/oslib-posix.c
+++ b/oslib-posix.c
@@ -61,6 +61,9 @@ static int running_on_valgrind = -1;
 #ifdef CONFIG_LINUX
 #include 
 #endif
+#ifdef CONFIG_EVENTFD
+#include 
+#endif
 
 int qemu_get_thread_id(void)
 {
@@ -180,6 +183,34 @@ int qemu_pipe(int pipefd[2])
 return ret;
 }
 
+/*
+ * Creates an eventfd that looks like a pipe and has EFD_CLOEXEC set.
+ */
+int qemu_eventfd(int fds[2])
+{
+#ifdef CONFIG_EVENTFD
+int ret;
+
+ret = eventfd(0, 0);
+if (ret >= 0) {
+fds[0] = ret;
+fds[1] = dup(ret);
+if (fds[1] == -1) {
+close(ret);
+return -1;
+}
+qemu_set_cloexec(ret);
+qemu_set_cloexec(fds[1]);
+return 0;
+}
+if (errno != ENOSYS) {
+return -1;
+}
+#endif
+
+return qemu_pipe(fds);
+}
+
 int qemu_utimens(const char *path, const struct timespec *times)
 {
 struct timeval tv[2], tv_now;
diff --git a/qemu-aio.h b/qemu-aio.h
index 1b7eb6e..2354617 100644
--- a/qemu-aio.h
+++ b/qemu-aio.h
@@ -125,6 +125,7 @@ void aio_notify(AioContext *ctx);
  * These are internal functions used by the QEMU main loop.
  */
 int aio_bh_poll(AioContext *ctx);
+void aio_bh_update_timeout(AioContext *ctx, uint32_t *timeout);
 
 /**
  * qemu_bh_schedule: Schedule a bottom half.
diff --git a/qemu-common.h b/qemu-common.h
index ac9985c..5059a97 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -218,6 +218,7 @@ ssize_t qemu_recv_full(int fd, void *buf, size_t count, int 
flags)
 QEMU_WARN_UNUSED_RESULT;
 
 #ifndef _WIN32
+int qemu_eventfd(int pipefd[2]);
 int qemu_pipe(int pipefd[2]);
 #endif
 
-- 
1.7.8.1.385.gec330

Re: [Qemu-devel] [PATCH v11] kvm: notify host when the guest is panicked

[Sasha Levin]

On Mon, Nov 5, 2012 at 8:58 PM, Hu Tao  wrote:
> But in the case of panic notification, more dependency means more
> chances of failure of panic notification. Say, if we use a virtio device
> to do panic notification, then we will fail if: virtio itself has
> problems, virtio for some reason can't be deployed(neither built-in or
> as a module), or guest doesn't support virtio, etc.

Add polling to your virtio device. If it didn't notify of a panic but
taking more than 20 sec to answer your poll request you can assume
it's dead.

Actually, just use virtio-serial and something in userspace on the guest.

> We choose IO because compared to virtio device, it is not that heavy and
> less problematic.

Less problematic? Heavy? Are there any known issues with virtio that
should be fixed? You make virtio sound like an old IDE drive or
something.


Thanks,
Sasha

Re: [Qemu-devel] Crash on Windows XP startup

[Catalin Patulea]

I can post the target code and the code generated by TCG - not sure
how helpful that would be. There also seems to be a diff between what
is logged by "-d out_asm" and what I see in gdb with disass, and the
segv occurs in one of the diff blocks.

On Fri, Nov 9, 2012 at 1:42 PM, Catalin Patulea  wrote:
> SIGSEGV is in target code:
>
> (gdb) bt
> #0  0x402fd349 in code_gen_buffer ()
> #1  0x0056113b in cpu_x86_exec (env=0x19489f0)
> at /usr/local/google/home/catalinp/src/qemu/cpu-exec.c:599
> #2  0x005625f9 in tcg_cpu_exec (env=0x19489f0)
> at /usr/local/google/home/catalinp/src/qemu/cpus.c:1115
> #3  tcg_exec_all () at /usr/local/google/home/catalinp/src/qemu/cpus.c:1148
> #4  qemu_tcg_cpu_thread_fn (arg=)
> at /usr/local/google/home/catalinp/src/qemu/cpus.c:841
> #5  0x76315e9a in start_thread (arg=0x7fffee690700) at
> pthread_create.c:308
> #6  0x76042cbd in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
> #7  0x in ?? ()
>
> The patch (disabling the invalidate_and_set_dirty) does fix it for me as well.
>
> On Thu, Nov 8, 2012 at 1:53 PM, Gerhard Wiesinger  wrote:
>> Hello,
>>
>> I bisected down a Windows XP startup crash to the following commit:
>>
>> 0b57e287138728f72d88b06e69b970c5d745c44a is the first bad commit
>> commit 0b57e287138728f72d88b06e69b970c5d745c44a
>> Author: David Gibson 
>> Date:   Mon Sep 10 12:30:57 2012 +1000
>>
>> Reproduceable on qemu HEAD and by commenting out the refactored patch into a
>> function.
>>
>> How to proceed?
>>
>> Ciao,
>> Gerhard
>>
>> diff --git a/exec.c b/exec.c
>> index af94f9c..a937882 100644
>> --- a/exec.c
>> +++ b/exec.c
>> @@ -3501,7 +3501,7 @@ void cpu_physical_memory_write_rom(hwaddr addr,
>>  /* ROM/RAM case */
>>  ptr = qemu_get_ram_ptr(addr1);
>>  memcpy(ptr, buf, l);
>> -invalidate_and_set_dirty(addr1, l);
>> +//invalidate_and_set_dirty(addr1, l);
>>  qemu_put_ram_ptr(ptr);
>>  }
>>  len -= l;
>>
>>

Re: [Qemu-devel] Crash on Windows XP startup

[Catalin Patulea]

SIGSEGV is in target code:

(gdb) bt
#0  0x402fd349 in code_gen_buffer ()
#1  0x0056113b in cpu_x86_exec (env=0x19489f0)
at /usr/local/google/home/catalinp/src/qemu/cpu-exec.c:599
#2  0x005625f9 in tcg_cpu_exec (env=0x19489f0)
at /usr/local/google/home/catalinp/src/qemu/cpus.c:1115
#3  tcg_exec_all () at /usr/local/google/home/catalinp/src/qemu/cpus.c:1148
#4  qemu_tcg_cpu_thread_fn (arg=)
at /usr/local/google/home/catalinp/src/qemu/cpus.c:841
#5  0x76315e9a in start_thread (arg=0x7fffee690700) at
pthread_create.c:308
#6  0x76042cbd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x in ?? ()

The patch (disabling the invalidate_and_set_dirty) does fix it for me as well.

On Thu, Nov 8, 2012 at 1:53 PM, Gerhard Wiesinger  wrote:
> Hello,
>
> I bisected down a Windows XP startup crash to the following commit:
>
> 0b57e287138728f72d88b06e69b970c5d745c44a is the first bad commit
> commit 0b57e287138728f72d88b06e69b970c5d745c44a
> Author: David Gibson 
> Date:   Mon Sep 10 12:30:57 2012 +1000
>
> Reproduceable on qemu HEAD and by commenting out the refactored patch into a
> function.
>
> How to proceed?
>
> Ciao,
> Gerhard
>
> diff --git a/exec.c b/exec.c
> index af94f9c..a937882 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -3501,7 +3501,7 @@ void cpu_physical_memory_write_rom(hwaddr addr,
>  /* ROM/RAM case */
>  ptr = qemu_get_ram_ptr(addr1);
>  memcpy(ptr, buf, l);
> -invalidate_and_set_dirty(addr1, l);
> +//invalidate_and_set_dirty(addr1, l);
>  qemu_put_ram_ptr(ptr);
>  }
>  len -= l;
>
>

Re: [Qemu-devel] slow virtio network with vhost=on and multiple cores

[Peter Lieven]

Remark:
If i disable interrupts on CPU1-3 for virtio the performance is ok again.

Now we need someone with deeper knowledge of the in-kernel irqchip and the
virtio/vhost driver development to say if this is a regression in qemu-kvm
or a problem with the old virtio drivers if they receive the interrupt on
different CPUs.

Peter Lieven wrote:
> it seems that with in-kernel irqchip the interrupts are distributed across
> all vpcus. without in-kernel irqchip all interrupts are on cpu0. maybe
> this is related.
>
> without inkernel irqchip
>CPU0   CPU1   CPU2   CPU3
>   0: 16  0  0  0   IO-APIC-edge  timer
>   1: 23  0  0  0   IO-APIC-edge  i8042
>   4:  1  0  0  0   IO-APIC-edge
>   6:  4  0  0  0   IO-APIC-edge
> floppy
>   7:  0  0  0  0   IO-APIC-edge
> parport0
>   8:  0  0  0  0   IO-APIC-edge  rtc0
>   9:  0  0  0  0   IO-APIC-fasteoi   acpi
>  11: 76  0  0  0   IO-APIC-fasteoi
> uhci_hcd:usb1
>  12:102  0  0  0   IO-APIC-edge  i8042
>  14:  0  0  0  0   IO-APIC-edge
> ata_piix
>  15:  16881  0  0  0   IO-APIC-edge
> ata_piix
>  24:  0  0  0  0   PCI-MSI-edge
> virtio1-config
>  25:   5225  0  0  0   PCI-MSI-edge
> virtio1-requests
>  26:  0  0  0  0   PCI-MSI-edge
> virtio0-config
>  27:  72493  0  0  0   PCI-MSI-edge
> virtio0-input
> ...
>
> with inkernel irqchip
>CPU0   CPU1   CPU2   CPU3
>   0: 16  0  0  0   IO-APIC-edge  timer
>   1:  0  3  3  1   IO-APIC-edge  i8042
>   4:  0  0  1  0   IO-APIC-edge
>   6:  1  0  1  2   IO-APIC-edge
> floppy
>   7:  0  0  0  0   IO-APIC-edge
> parport0
>   8:  0  0  0  0   IO-APIC-edge  rtc0
>   9:  0  0  0  0   IO-APIC-fasteoi   acpi
>  11:  7  9  4  1   IO-APIC-fasteoi
> uhci_hcd:usb1
>  12: 30 27 29 34   IO-APIC-edge  i8042
>  14:  0  0  0  0   IO-APIC-edge
> ata_piix
>  15:943937950943   IO-APIC-edge
> ata_piix
>  24:  0  0  0  0   PCI-MSI-edge
> virtio0-config
>  25:930978980947   PCI-MSI-edge
> virtio0-input
>  26:  0  0  1  0   PCI-MSI-edge
> virtio0-output
>  27:  0  0  0  0   PCI-MSI-edge
> virtio1-config
>  28:543541542553   PCI-MSI-edge
> virtio1-requests
> ...
>
>

Re: [Qemu-devel] slow virtio network with vhost=on and multiple cores

[Peter Lieven]

it seems that with in-kernel irqchip the interrupts are distributed across
all vpcus. without in-kernel irqchip all interrupts are on cpu0. maybe
this is related.

without inkernel irqchip
   CPU0   CPU1   CPU2   CPU3
  0: 16  0  0  0   IO-APIC-edge  timer
  1: 23  0  0  0   IO-APIC-edge  i8042
  4:  1  0  0  0   IO-APIC-edge
  6:  4  0  0  0   IO-APIC-edge  floppy
  7:  0  0  0  0   IO-APIC-edge  parport0
  8:  0  0  0  0   IO-APIC-edge  rtc0
  9:  0  0  0  0   IO-APIC-fasteoi   acpi
 11: 76  0  0  0   IO-APIC-fasteoi  
uhci_hcd:usb1
 12:102  0  0  0   IO-APIC-edge  i8042
 14:  0  0  0  0   IO-APIC-edge  ata_piix
 15:  16881  0  0  0   IO-APIC-edge  ata_piix
 24:  0  0  0  0   PCI-MSI-edge 
virtio1-config
 25:   5225  0  0  0   PCI-MSI-edge 
virtio1-requests
 26:  0  0  0  0   PCI-MSI-edge 
virtio0-config
 27:  72493  0  0  0   PCI-MSI-edge 
virtio0-input
...

with inkernel irqchip
   CPU0   CPU1   CPU2   CPU3
  0: 16  0  0  0   IO-APIC-edge  timer
  1:  0  3  3  1   IO-APIC-edge  i8042
  4:  0  0  1  0   IO-APIC-edge
  6:  1  0  1  2   IO-APIC-edge  floppy
  7:  0  0  0  0   IO-APIC-edge  parport0
  8:  0  0  0  0   IO-APIC-edge  rtc0
  9:  0  0  0  0   IO-APIC-fasteoi   acpi
 11:  7  9  4  1   IO-APIC-fasteoi  
uhci_hcd:usb1
 12: 30 27 29 34   IO-APIC-edge  i8042
 14:  0  0  0  0   IO-APIC-edge  ata_piix
 15:943937950943   IO-APIC-edge  ata_piix
 24:  0  0  0  0   PCI-MSI-edge 
virtio0-config
 25:930978980947   PCI-MSI-edge 
virtio0-input
 26:  0  0  1  0   PCI-MSI-edge 
virtio0-output
 27:  0  0  0  0   PCI-MSI-edge 
virtio1-config
 28:543541542553   PCI-MSI-edge 
virtio1-requests
...

Re: [Qemu-devel] slow virtio network with vhost=on and multiple cores

[Peter Lieven]

Dietmar Maurer wrote:
>> Dietmar, how is the speed if you specify --machine pc,kernel_irqchip=off
>> as
>> cmdline option to qemu-kvm-1.2.0?
>
> I get full speed if i use that flag.
>
>

I also tried to reproduce it and can confirm your findings. Host Ubuntu
12.04 LTS (kernel 3.2) with vanilla qemu-kvm 1.2.0, vhost-net and an
Ubuntu 10.4.4 (Linux 2.6.32) as guest. Vhost-Net performance drops by
approx. factor 50-100 if I do not disable kernel_irqchip. Normal Virtio
and e1000 seems to work fine.

Re: [Qemu-devel] fixing qemu-0.1X endless loop in qcow2_alloc_cluster_offset

[Andreas Färber]

Am 15.10.2012 11:13, schrieb Kevin Wolf:
> What I'm suggesting (not even compile tested!) is:
> 
> Signed-off-by: Kevin Wolf 
> 
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 48e1b95..d665675 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -388,10 +388,7 @@ typedef struct QCowAIOCB {
> 
>  static void qcow2_aio_cancel(BlockDriverAIOCB *blockacb)
>  {
> -QCowAIOCB *acb = container_of(blockacb, QCowAIOCB, common);
> -if (acb->hd_aiocb)
> -bdrv_aio_cancel(acb->hd_aiocb);
> -qemu_aio_release(acb);
> +qemu_aio_flush();
>  }
> 
>  static AIOPool qcow2_aio_pool = {

Thanks, we've applied this to stable-0.15.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 09/24] ui/vnc-pallete.c: include headers it needs

[Peter Maydell]

On 9 November 2012 15:56, Eduardo Habkost  wrote:
> Include:
>  -  for g_malloc0()
>  -  for memset()
>
> Some of those headers were probably being included by accident because
> some other headers were including qemu-common.h, but those headers
> should eventually stop including qemu-common.h.

Typo in subject: should be 'palette'.

-- PMM

[Qemu-devel] [PATCH 24/24] qom: make CPU a child of DeviceState

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
[ehabkost: change CPU type declaration to hae TYPE_DEVICE as parent]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).
---
 include/qemu/cpu.h | 6 +++---
 qom/cpu.c  | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/qemu/cpu.h b/include/qemu/cpu.h
index 61b7698..bc004fd 100644
--- a/include/qemu/cpu.h
+++ b/include/qemu/cpu.h
@@ -20,7 +20,7 @@
 #ifndef QEMU_CPU_H
 #define QEMU_CPU_H
 
-#include "qemu/object.h"
+#include "hw/qdev-core.h"
 #include "qemu-thread.h"
 
 /**
@@ -46,7 +46,7 @@ typedef struct CPUState CPUState;
  */
 typedef struct CPUClass {
 /*< private >*/
-ObjectClass parent_class;
+DeviceClass parent_class;
 /*< public >*/
 
 void (*reset)(CPUState *cpu);
@@ -62,7 +62,7 @@ typedef struct CPUClass {
  */
 struct CPUState {
 /*< private >*/
-Object parent_obj;
+DeviceState parent_obj;
 /*< public >*/
 
 struct QemuThread *thread;
diff --git a/qom/cpu.c b/qom/cpu.c
index 5b36046..f59db7d 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -20,6 +20,7 @@
 
 #include "qemu/cpu.h"
 #include "qemu-common.h"
+#include "hw/qdev-core.h"
 
 void cpu_reset(CPUState *cpu)
 {
@@ -43,7 +44,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 
 static TypeInfo cpu_type_info = {
 .name = TYPE_CPU,
-.parent = TYPE_OBJECT,
+.parent = TYPE_DEVICE,
 .instance_size = sizeof(CPUState),
 .abstract = true,
 .class_size = sizeof(CPUClass),
-- 
1.7.11.7

[Qemu-devel] [PATCH 07/24] qemu-fsdev-dummy.c: include module.h

[Eduardo Habkost]

module.h is where machine_init() is defined, but qemu-fsdev-dummy.c
doesn't include it.

The header is probably being included by accident because some other
headers are including qemu-common.h, but those headers should eventually
stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 fsdev/qemu-fsdev-dummy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fsdev/qemu-fsdev-dummy.c b/fsdev/qemu-fsdev-dummy.c
index 4e700dd..300f275 100644
--- a/fsdev/qemu-fsdev-dummy.c
+++ b/fsdev/qemu-fsdev-dummy.c
@@ -14,6 +14,7 @@
 #include 
 #include "qemu-fsdev.h"
 #include "qemu-config.h"
+#include "module.h"
 
 int qemu_fsdev_add(QemuOpts *opts)
 {
-- 
1.7.11.7

[Qemu-devel] [PATCH 15/24] qlist.h: do not include qemu-common.h

[Eduardo Habkost]

I don't know why it was including it, as I don't see any code that
depends on anything from qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qlist.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/qlist.h b/qlist.h
index ae776f9..7408947 100644
--- a/qlist.h
+++ b/qlist.h
@@ -15,7 +15,6 @@
 
 #include "qobject.h"
 #include "qemu-queue.h"
-#include "qemu-common.h"
 #include "qemu-queue.h"
 
 typedef struct QListEntry {
-- 
1.7.11.7

[Qemu-devel] [PATCH 14/24] sysemu.h: include qemu-types.h instead of qemu-common.h

[Eduardo Habkost]

It just needs the Monitor and DeviceState typedefs, so it doesn't need
all of qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 sysemu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sysemu.h b/sysemu.h
index f5ac664..ab1ef8b 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -2,7 +2,7 @@
 #define SYSEMU_H
 /* Misc. things related to the system emulator.  */
 
-#include "qemu-common.h"
+#include "qemu-types.h"
 #include "qemu-option.h"
 #include "qemu-queue.h"
 #include "qemu-timer.h"
-- 
1.7.11.7

[Qemu-devel] [PATCH 00/24] CPU DeviceState v7

[Eduardo Habkost]

Changes on v7:
 - Use the new QEMU_WEAK_ALIAS mechanism instead of the (now extinct)
   GCC_WEAK attribute (patches 20 and 21)

v6:
 - Simple rebase against latest qemu.git master
 - Patch 13: some new typedefs were added and others were removed
 - Patch 19: trivial rebase
v5:
 - Tons of header cleanups just to eliminate qlist.h <-> cpu-common.h circular
   dependency (patches 1-17)
 - Add copyright/license information to qdev-properties.c (patch 17)
 - Add copyright/license information to qdev-properties-system.c (patch 22)
 - use error_report()+abort() instead of hw_error() on qdev.c (patch 18)
 - Move qemu_[un]register_reset() and qemu_devices_reset() to qdev-core.c
   (patch 19)
 - Make vmstate_[un]register() weak stubs, instead of a new function (patch 20)
 - Make sysbus_get_default() weak stub, instead of new qbus reset (un)register
   functions (patch 21)
 - Eliminate qdev-system.c (all code is kept on qdev.c, now) (patch 22)
v4:
  - Add GCC_WEAK_DECL to functions that have GCC_WEAK versions
  - Updated the qdev_init_gpio_in() code on qdev-system.c to current version
  - Patch description updates (moved changelog below "---" and/or move info
about changes made by different authors between SoB lines)
v3 (submitted by Igor):
  - rebased on top of 8b4a3df (today's master)
  - slight code reshuffling in (see commit's changelog)
 "qdev: separate core from the code used only by qemu-system-*"
 "move qemu_irq typedef out of cpu-common.h"
  - commit messages cleanup
v2:
  Removes the CONFIG_USER_ONLY ifdefs, and use weak symbols to move
  the vmstate and qemu_register_reset() handling to qdev-system.c

git tree for testing:
  https://github.com/ehabkost/qemu-hacks/tree/cpu_qdev.v7

References to previous versions:
  v6: http://article.gmane.org/gmane.comp.emulators.qemu/179918
  v5: http://article.gmane.org/gmane.comp.emulators.qemu/177426
  v4: http://article.gmane.org/gmane.comp.emulators.qemu/176127
  v3: http://article.gmane.org/gmane.comp.emulators.qemu/175980
  v2: http://article.gmane.org/gmane.comp.emulators.qemu/173909
  v1: http://article.gmane.org/gmane.comp.emulators.qemu/166630


Anthony Liguori (1):
  qdev: split up header so it can be used in cpu.h

Eduardo Habkost (20):
  user: move *-user/qemu-types.h to main directory
  user: rename qemu-types.h to qemu-user-types.h
  qemu-common.h: comment about usage rules
  move I/O-related definitions from qemu-common.h to a new header
(qemu-stdio.h)
  qemu-fsdev-dummy.c: include module.h
  vnc-palette.h: include 
  ui/vnc-pallete.c: include headers it needs
  qemu-config.h: include headers it needs
  qapi/qmp-registry.c: include headers it needs
  qga/channel-posix.c: include headers it needs
  create qemu-types.h for struct typedefs
  sysemu.h: include qemu-types.h instead of qemu-common.h
  qlist.h: do not include qemu-common.h
  qdev-properties.c: add copyright/license information
  qdev: qdev_create(): use error_report() instead of hw_error()
  qdev: move reset handler list from vl.c to qdev.c
  qdev: add weak aliases for vmstate handling on qdev.c
  qdev: add weak alias to sysbus_get_default() on qdev.c
  qdev-properties.c: separate core from the code used only by
qemu-system-*
  include qdev code into *-user, too

Igor Mammedov (3):
  move qemu_irq typedef out of cpu-common.h
  qapi-types.h: don't include qemu-common.h
  qom: make CPU a child of DeviceState

 Makefile.objs|   8 +
 bsd-user/qemu-types.h|  24 --
 bsd-user/qemu.h  |   2 +-
 cpu-all.h|   2 +-
 fsdev/qemu-fsdev-dummy.c |   1 +
 hw/Makefile.objs |   9 +-
 hw/arm-misc.h|   1 +
 hw/bt.h  |   2 +
 hw/devices.h |   2 +
 hw/hw.h  |   6 +-
 hw/irq.h |   2 +
 hw/mc146818rtc.c |   1 +
 hw/omap.h|   1 +
 hw/qdev-addr.c   |   1 +
 hw/qdev-core.h   | 232 +
 hw/qdev-monitor.h|  16 ++
 hw/qdev-properties-system.c  | 371 +++
 hw/qdev-properties.c | 352 +++--
 hw/qdev-properties.h | 131 ++
 hw/qdev-reset.h  |  11 +
 hw/qdev.c| 100 ++--
 hw/qdev.h| 371 +--
 hw/soc_dma.h |   1 +
 hw/xen.h |   1 +
 include/qemu/cpu.h   |   6 +-
 linux-user/qemu.h|   2 +-
 qapi/qmp-registry.c  |   2 +
 qemu-common.h  

[Qemu-devel] [PATCH 01/24] user: move *-user/qemu-types.h to main directory

[Eduardo Habkost]

The bsd-user/qemu-types.h and linux-user/qemu-types.h files are almost
the same, but linux-user have the additional definitions of tswapal().

This moves the linux-user file to the main directory, so the same file
can be used by linux-user and bsd-user.

Signed-off-by: Eduardo Habkost 
---
Cc: Blue Swirl 
Cc: Riku Voipio 
---
 bsd-user/qemu-types.h   | 24 
 linux-user/qemu-types.h => qemu-types.h |  0
 2 files changed, 24 deletions(-)
 delete mode 100644 bsd-user/qemu-types.h
 rename linux-user/qemu-types.h => qemu-types.h (100%)

diff --git a/bsd-user/qemu-types.h b/bsd-user/qemu-types.h
deleted file mode 100644
index 1adda9f..000
--- a/bsd-user/qemu-types.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef QEMU_TYPES_H
-#define QEMU_TYPES_H
-#include "cpu.h"
-
-#ifdef TARGET_ABI32
-typedef uint32_t abi_ulong;
-typedef int32_t abi_long;
-#define TARGET_ABI_FMT_lx "%08x"
-#define TARGET_ABI_FMT_ld "%d"
-#define TARGET_ABI_FMT_lu "%u"
-#define TARGET_ABI_BITS 32
-#else
-typedef target_ulong abi_ulong;
-typedef target_long abi_long;
-#define TARGET_ABI_FMT_lx TARGET_FMT_lx
-#define TARGET_ABI_FMT_ld TARGET_FMT_ld
-#define TARGET_ABI_FMT_lu TARGET_FMT_lu
-#define TARGET_ABI_BITS TARGET_LONG_BITS
-/* for consistency, define ABI32 too */
-#if TARGET_ABI_BITS == 32
-#define TARGET_ABI32 1
-#endif
-#endif
-#endif
diff --git a/linux-user/qemu-types.h b/qemu-types.h
similarity index 100%
rename from linux-user/qemu-types.h
rename to qemu-types.h
-- 
1.7.11.7

Re: [Qemu-devel] VHDX support

[Mario Premke]

Is anyone currently working on VHDX (as opposed to VHD) support, as used
by the most recent version of Hyper-V? If not, would you be interested
in patches?


I'm not aware of anyone working on it yet. Patches are welcome, of course.

Kevin


VHDX conversion seems to work already with qemu-img 1.1.1.
I have a VHDX image, changed the file ending to vhd and tried:

qemu-img convert -O raw WinXP.vhd test.raw

There were no errors or any other output, then to my astonishment:

qemu-kvm -hda test.raw &

... booted the old image on the spot.

Is it possible that the changes from vhd to vhdx are transparent to 
qemu-img?


Regards,
Mario 

Re: [Qemu-devel] [PATCH 16/37] target-i386: set kvm CPUID default feature values using static properties

[Eduardo Habkost]

On 22/10/2012, at 17:03, Igor Mammedov  wrote:

> Replace setting default supported kvm features in cpu_x86_find_by_name()
> by default values in corresponding static properties.
> 
> - Compile in kvm CPUID features only if CONFIG_KVM is defined.
> - Make "f-kvm_steal_tm" and "f-kvmclock_stable" CPUID features visible as 
> properties.
> 
> Signed-off-by: Igor Mammedov 
> ---
> target-i386/cpu.c | 30 +++---
> 1 file changed, 11 insertions(+), 19 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index dc4fcdf..407c5ce 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -200,12 +200,16 @@ static Property cpu_x86_properties[] = {
> DEFINE_PROP_BIT("f-fma4", X86CPU, env.cpuid_ext3_features, 16, false),
> DEFINE_PROP_BIT("f-cvt16", X86CPU, env.cpuid_ext3_features, 18, false),
> DEFINE_PROP_BIT("f-nodeid_msr", X86CPU, env.cpuid_ext3_features, 19, 
> false),
> -DEFINE_PROP_BIT("f-kvmclock", X86CPU, env.cpuid_kvm_features,  0, false),
> -DEFINE_PROP_BIT("f-kvm_nopiodelay", X86CPU, env.cpuid_kvm_features,  1, 
> false),
> -DEFINE_PROP_BIT("f-kvm_mmu", X86CPU, env.cpuid_kvm_features,  2, false),
> -DEFINE_PROP_BIT("f-kvmclock2", X86CPU, env.cpuid_kvm_features,  3, 
> false),
> -DEFINE_PROP_BIT("f-kvm_asyncpf", X86CPU, env.cpuid_kvm_features,  4, 
> false),
> -DEFINE_PROP_BIT("f-kvm_pv_eoi", X86CPU, env.cpuid_kvm_features,  6, 
> false),
> +#if defined(CONFIG_KVM)
> +DEFINE_PROP_BIT("f-kvmclock", X86CPU, env.cpuid_kvm_features,  0, true),
> +DEFINE_PROP_BIT("f-kvm_nopiodelay", X86CPU, env.cpuid_kvm_features,  1, 
> true),
> +DEFINE_PROP_BIT("f-kvm_mmu", X86CPU, env.cpuid_kvm_features,  2, true),
> +DEFINE_PROP_BIT("f-kvmclock2", X86CPU, env.cpuid_kvm_features,  3, true),
> +DEFINE_PROP_BIT("f-kvm_asyncpf", X86CPU, env.cpuid_kvm_features,  4, 
> true),
> +DEFINE_PROP_BIT("f-kvm_steal_tm", X86CPU, env.cpuid_kvm_features,  5, 
> true),
> +DEFINE_PROP_BIT("f-kvm_pv_eoi", X86CPU, env.cpuid_kvm_features,  6, 
> true),
> +DEFINE_PROP_BIT("f-kvmclock_stable", X86CPU, env.cpuid_kvm_features,  
> 24, true),
> +#endif
> DEFINE_PROP_BIT("f-npt", X86CPU, env.cpuid_svm_features,  0, false),
> DEFINE_PROP_BIT("f-lbrv", X86CPU, env.cpuid_svm_features,  1, false),
> DEFINE_PROP_BIT("f-svm_lock", X86CPU, env.cpuid_svm_features,  2, false),
> @@ -1314,7 +1318,7 @@ static int cpu_x86_find_by_name(X86CPU *cpu, x86_def_t 
> *x86_cpu_def,
> /* Features to be added*/
> uint32_t plus_features = 0, plus_ext_features = env->cpuid_ext_features;
> uint32_t plus_ext2_features = 0, plus_ext3_features = 0;
> -uint32_t plus_kvm_features = 0, plus_svm_features = 0;
> +uint32_t plus_kvm_features = env->cpuid_kvm_features, plus_svm_features 
> = 0;

This is where things gets interesting: now the PV EOI feature is enabled by 
default, but only on the pc-1.3 machine-type.

Maybe at this point in the series we are already able to use global properties 
for compatibility, so we can make the changes above, add "f-kvm_pv_eoi=false" 
to pc-1.2, and kill kvm_default_features and enable_kvm_pv_eoi(), all in the 
same patch?


> uint32_t plus_7_0_ebx_features = 0;
> /* Features to be removed */
> uint32_t minus_features = 0, minus_ext_features = 0;
> @@ -1334,18 +1338,6 @@ static int cpu_x86_find_by_name(X86CPU *cpu, x86_def_t 
> *x86_cpu_def,
> memcpy(x86_cpu_def, def, sizeof(*def));
> }
> 
> -#if defined(CONFIG_KVM)
> -plus_kvm_features = (1 << KVM_FEATURE_CLOCKSOURCE) |
> -(1 << KVM_FEATURE_NOP_IO_DELAY) | 
> -(1 << KVM_FEATURE_MMU_OP) |
> -(1 << KVM_FEATURE_CLOCKSOURCE2) |
> -(1 << KVM_FEATURE_ASYNC_PF) | 
> -(1 << KVM_FEATURE_STEAL_TIME) |
> -(1 << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT);
> -#else
> -plus_kvm_features = 0;
> -#endif
> -
> featurestr = strtok(NULL, ",");
> 
> while (featurestr) {
> -- 
> 1.7.11.7
> 
> 

-- 
Eduardo 

[Qemu-devel] [PATCH 10/24] qemu-config.h: include headers it needs

[Eduardo Habkost]

Include:
-  for FILE
- qemu-option.h for QemuOptsList

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qemu-config.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qemu-config.h b/qemu-config.h
index 5557562..812c4c5 100644
--- a/qemu-config.h
+++ b/qemu-config.h
@@ -1,6 +1,8 @@
 #ifndef QEMU_CONFIG_H
 #define QEMU_CONFIG_H
 
+#include 
+#include "qemu-option.h"
 #include "error.h"
 
 extern QemuOptsList qemu_fsdev_opts;
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH 15/37] target-i386: set default value of "hypervisor" feature using static property

[Eduardo Habkost]

On 22/10/2012, at 17:03, Igor Mammedov  wrote:

> Signed-off-by: Igor Mammedov 
> ---
> target-i386/cpu.c | 9 +++--
> 1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 3131945..dc4fcdf 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -174,7 +174,7 @@ static Property cpu_x86_properties[] = {
> DEFINE_PROP_BIT("f-xsave", X86CPU, env.cpuid_ext_features, 26, false),
> DEFINE_PROP_BIT("f-osxsave", X86CPU, env.cpuid_ext_features, 27, false),
> DEFINE_PROP_BIT("f-avx", X86CPU, env.cpuid_ext_features, 28, false),
> -DEFINE_PROP_BIT("f-hypervisor", X86CPU, env.cpuid_ext_features, 31, 
> false),
> +DEFINE_PROP_BIT("f-hypervisor", X86CPU, env.cpuid_ext_features, 31, 
> true),
> DEFINE_PROP_BIT("f-syscall", X86CPU, env.cpuid_ext2_features, 11, false),
> DEFINE_PROP_BIT("f-nx", X86CPU, env.cpuid_ext2_features, 20, false),
> DEFINE_PROP_BIT("f-xd", X86CPU, env.cpuid_ext2_features, 20, false),
> @@ -1307,11 +1307,12 @@ static int cpu_x86_find_by_name(X86CPU *cpu, 
> x86_def_t *x86_cpu_def,
> {
> unsigned int i;
> x86_def_t *def;
> +CPUX86State *env = &cpu->env;
> 
> char *s = g_strdup(cpu_model);
> char *featurestr, *name = strtok(s, ",");
> /* Features to be added*/
> -uint32_t plus_features = 0, plus_ext_features = 0;
> +uint32_t plus_features = 0, plus_ext_features = env->cpuid_ext_features;

Moving data back and forth between CPUX86State and x86_def_t makes the 
initialization ordering confusing (today data is moved from x86_def_t to 
X86CPU, and never the other way around).

As this code is removed in the next patches, I don't mind too much, but maybe 
it's simpler to implement this change only after the "use static properties for 
setting cpuid features" patch?

> uint32_t plus_ext2_features = 0, plus_ext3_features = 0;
> uint32_t plus_kvm_features = 0, plus_svm_features = 0;
> uint32_t plus_7_0_ebx_features = 0;
> @@ -1345,10 +1346,6 @@ static int cpu_x86_find_by_name(X86CPU *cpu, x86_def_t 
> *x86_cpu_def,
> plus_kvm_features = 0;
> #endif
> 
> -add_flagname_to_bitmaps("hypervisor", &plus_features,
> -&plus_ext_features, &plus_ext2_features, &plus_ext3_features,
> -&plus_kvm_features, &plus_svm_features,  &plus_7_0_ebx_features);
> -
> featurestr = strtok(NULL, ",");
> 
> while (featurestr) {
> -- 
> 1.7.11.7
> 
> 

-- 
Eduardo 

[Qemu-devel] [PATCH 16/24] qapi-types.h: don't include qemu-common.h

[Eduardo Habkost]

From: Igor Mammedov 

needed to prevent build breakage when CPU becomes a child of DeviceState

Signed-off-by: Igor Mammedov 
[ehabkost: include  too]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).

Changes v1 (from Igor) -> v2 (from Eduardo):
 - Include  too

Changes v2 -> v3 (from Eduardo):
 - Only commit description changes
---
 scripts/qapi-types.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index 1b84834..6bc2391 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -273,7 +273,8 @@ fdecl.write(mcgen('''
 #ifndef %(guard)s
 #define %(guard)s
 
-#include "qemu-common.h"
+#include 
+#include 
 
 ''',
   guard=guardname(h_file)))
-- 
1.7.11.7

[Qemu-devel] [PATCH 12/24] qga/channel-posix.c: include headers it needs

[Eduardo Habkost]

Include:
 -  for errno
 -  &  for fcntl()
 - "qemu-stdio.h" for qemu_open()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qga/channel-posix.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/qga/channel-posix.c b/qga/channel-posix.c
index d152827..2a68451 100644
--- a/qga/channel-posix.c
+++ b/qga/channel-posix.c
@@ -1,5 +1,9 @@
 #include 
 #include 
+#include 
+#include 
+#include 
+#include "qemu-stdio.h"
 #include "qemu_socket.h"
 #include "qga/channel.h"
 
-- 
1.7.11.7

[Qemu-devel] [PATCH 11/24] qapi/qmp-registry.c: include headers it needs

[Eduardo Habkost]

Include:
-  for g_malloc0()
-  for strcmp()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qapi/qmp-registry.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qapi/qmp-registry.c b/qapi/qmp-registry.c
index 5414613..c2c31b4 100644
--- a/qapi/qmp-registry.c
+++ b/qapi/qmp-registry.c
@@ -12,6 +12,8 @@
  *
  */
 
+#include 
+#include 
 #include "qapi/qmp-core.h"
 
 static QTAILQ_HEAD(QmpCommandList, QmpCommand) qmp_commands =
-- 
1.7.11.7

[Qemu-devel] [PATCH 20/24] qdev: add weak aliases for vmstate handling on qdev.c

[Eduardo Habkost]

Add weak alias to vmstate stub functions on qdev.c, so that qdev.o can
be used without savevm.o when vmstate support is not necessary (i.e. by
*-user).

Signed-off-by: Eduardo Habkost 
---
Originally submitted as:
  Subject: qdev-core: isolate vmstate handling into separate functions

Changes v1 -> v2:
 - Add GCC_WEAK_DECL to function declarations

Changes v2 -> v3:
 - Make vmstate_register_with_alias_id()/vmstate_unregister()
   have GCC_WEAK versions, instead of creating a new function
 - Kept qdev_get_vmsd() inside qdev.c

Changess v3 -> v4:
 - Use the new QEMU_WEAK_ALIAS system instead of GCC_WEAK
---
 hw/qdev.c | 24 
 vmstate.h |  2 ++
 2 files changed, 26 insertions(+)

diff --git a/hw/qdev.c b/hw/qdev.c
index c242097..94ae1cd 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -76,6 +76,30 @@ void qemu_devices_reset(void)
 }
 }
 
+/* vmstate register/unregister:
+ *
+ * The real implementations are on qdev-system.c and savevm.c.
+ * Those are weak symbols used by *-user.
+ */
+
+static int stub_vmstate_register_with_alias_id(DeviceState *dev,
+   int instance_id,
+   const VMStateDescription *vmsd,
+   void *base, int alias_id,
+   int required_for_version)
+{
+return 0;
+}
+QEMU_WEAK_ALIAS(vmstate_register_with_alias_id,
+stub_vmstate_register_with_alias_id);
+
+static void stub_vmstate_unregister(DeviceState *dev,
+const VMStateDescription *vmsd,
+void *opaque)
+{
+}
+QEMU_WEAK_ALIAS(vmstate_unregister, stub_vmstate_unregister);
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
diff --git a/vmstate.h b/vmstate.h
index 623af0a..114c994 100644
--- a/vmstate.h
+++ b/vmstate.h
@@ -624,6 +624,8 @@ void vmstate_save_state(QEMUFile *f, const 
VMStateDescription *vmsd,
 void *opaque);
 int vmstate_register(DeviceState *dev, int instance_id,
  const VMStateDescription *vmsd, void *base);
+
+/* The following functions have weak aliases on qdev-core, for *-user: */
 int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
const VMStateDescription *vmsd,
void *base, int alias_id,
-- 
1.7.11.7

[Qemu-devel] [PATCH 19/24] qdev: move reset handler list from vl.c to qdev.c

[Eduardo Habkost]

The core qdev code uses the reset handler list from vl.c, so move
qemu_register_reset(), qemu_unregister_reset() and qemu_devices_reset()
to qdev.c.

The function declarations were moved to a new qdev-reset.h file, that is
included by hw.h to keep compatibility, so we don't need to change all
files that use qemu_register_reset().

Signed-off-by: Eduardo Habkost 
---
 hw/hw.h |  6 +-
 hw/qdev-reset.h | 11 +++
 hw/qdev.c   | 41 +
 hw/qdev.h   |  1 +
 sysemu.h|  1 -
 vl.c| 40 
 6 files changed, 54 insertions(+), 46 deletions(-)
 create mode 100644 hw/qdev-reset.h

diff --git a/hw/hw.h b/hw/hw.h
index f530f6f..622a157 100644
--- a/hw/hw.h
+++ b/hw/hw.h
@@ -14,6 +14,7 @@
 #include "qemu-file.h"
 #include "vmstate.h"
 #include "qemu-log.h"
+#include "qdev-reset.h"
 
 #ifdef NEED_CPU_H
 #if TARGET_LONG_BITS == 64
@@ -37,11 +38,6 @@
 #endif
 #endif
 
-typedef void QEMUResetHandler(void *opaque);
-
-void qemu_register_reset(QEMUResetHandler *func, void *opaque);
-void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
-
 /* handler to set the boot_device order for a specific type of QEMUMachine */
 /* return 0 if success */
 typedef int QEMUBootSetHandler(void *opaque, const char *boot_devices);
diff --git a/hw/qdev-reset.h b/hw/qdev-reset.h
new file mode 100644
index 000..40ae9a5
--- /dev/null
+++ b/hw/qdev-reset.h
@@ -0,0 +1,11 @@
+/* Device reset handler function registration, used by qdev */
+#ifndef QDEV_RESET_H
+#define QDEV_RESET_H
+
+typedef void QEMUResetHandler(void *opaque);
+
+void qemu_register_reset(QEMUResetHandler *func, void *opaque);
+void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
+void qemu_devices_reset(void);
+
+#endif /* QDEV_RESET_H */
diff --git a/hw/qdev.c b/hw/qdev.c
index 2cc6434..c242097 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -35,6 +35,47 @@ int qdev_hotplug = 0;
 static bool qdev_hot_added = false;
 static bool qdev_hot_removed = false;
 
+typedef struct QEMUResetEntry {
+QTAILQ_ENTRY(QEMUResetEntry) entry;
+QEMUResetHandler *func;
+void *opaque;
+} QEMUResetEntry;
+
+static QTAILQ_HEAD(reset_handlers, QEMUResetEntry) reset_handlers =
+QTAILQ_HEAD_INITIALIZER(reset_handlers);
+
+void qemu_register_reset(QEMUResetHandler *func, void *opaque)
+{
+QEMUResetEntry *re = g_malloc0(sizeof(QEMUResetEntry));
+
+re->func = func;
+re->opaque = opaque;
+QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
+}
+
+void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
+{
+QEMUResetEntry *re;
+
+QTAILQ_FOREACH(re, &reset_handlers, entry) {
+if (re->func == func && re->opaque == opaque) {
+QTAILQ_REMOVE(&reset_handlers, re, entry);
+g_free(re);
+return;
+}
+}
+}
+
+void qemu_devices_reset(void)
+{
+QEMUResetEntry *re, *nre;
+
+/* reset all devices */
+QTAILQ_FOREACH_SAFE(re, &reset_handlers, entry, nre) {
+re->func(re->opaque);
+}
+}
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
diff --git a/hw/qdev.h b/hw/qdev.h
index 365b8d6..2487b3b 100644
--- a/hw/qdev.h
+++ b/hw/qdev.h
@@ -5,5 +5,6 @@
 #include "qdev-core.h"
 #include "qdev-properties.h"
 #include "qdev-monitor.h"
+#include "qdev-reset.h"
 
 #endif
diff --git a/sysemu.h b/sysemu.h
index ab1ef8b..51f19cc 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -57,7 +57,6 @@ void qemu_system_vmstop_request(RunState reason);
 int qemu_shutdown_requested_get(void);
 int qemu_reset_requested_get(void);
 void qemu_system_killed(int signal, pid_t pid);
-void qemu_devices_reset(void);
 void qemu_system_reset(bool report);
 
 void qemu_add_exit_notifier(Notifier *notify);
diff --git a/vl.c b/vl.c
index 4f03a72..c7448a2 100644
--- a/vl.c
+++ b/vl.c
@@ -1456,14 +1456,6 @@ void vm_start(void)
 
 /* reset/shutdown handler */
 
-typedef struct QEMUResetEntry {
-QTAILQ_ENTRY(QEMUResetEntry) entry;
-QEMUResetHandler *func;
-void *opaque;
-} QEMUResetEntry;
-
-static QTAILQ_HEAD(reset_handlers, QEMUResetEntry) reset_handlers =
-QTAILQ_HEAD_INITIALIZER(reset_handlers);
 static int reset_requested;
 static int shutdown_requested, shutdown_signal = -1;
 static pid_t shutdown_pid;
@@ -1560,38 +1552,6 @@ static bool qemu_vmstop_requested(RunState *r)
 return false;
 }
 
-void qemu_register_reset(QEMUResetHandler *func, void *opaque)
-{
-QEMUResetEntry *re = g_malloc0(sizeof(QEMUResetEntry));
-
-re->func = func;
-re->opaque = opaque;
-QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
-}
-
-void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
-{
-QEMUResetEntry *re;
-
-QTAILQ_FOREACH(re, &reset_handlers, entry) {
-if (re->func == func && re->opaque == opaque) {
-QTAILQ_REMOVE(&reset_handlers, re, entry);
-g_free(re);
-return;
-}
-}
-

[Qemu-devel] [PATCH 09/24] ui/vnc-pallete.c: include headers it needs

[Eduardo Habkost]

Include:
 -  for g_malloc0()
 -  for memset()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 ui/vnc-palette.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ui/vnc-palette.c b/ui/vnc-palette.c
index 63d5f64..c130dee 100644
--- a/ui/vnc-palette.c
+++ b/ui/vnc-palette.c
@@ -27,6 +27,8 @@
  */
 
 #include "vnc-palette.h"
+#include 
+#include 
 
 static VncPaletteEntry *palette_find(const VncPalette *palette,
  uint32_t color, unsigned int hash)
-- 
1.7.11.7

[Qemu-devel] [PATCH 17/24] qdev-properties.c: add copyright/license information

[Eduardo Habkost]

Add copyright and license information, based on git log,
and discussion at:

 http://article.gmane.org/gmane.comp.emulators.qemu/176405
 Message-ID: <20121017201414.ga5...@otherpad.lan.raisama.net>

The list of Copyright owners is huge, but I didn't think I really could
leave any of the authors out of the list.

Signed-off-by: Eduardo Habkost 
---
The only reason I am doing this is because:
 - I am going to mvoe some of the qdev-properties.c file to another file
 - I need to add a copyright/license header to the new file.
   See http://article.gmane.org/gmane.comp.emulators.qemu/176367
 - So, I need to document the copyright/license of the current
   qdev-properties.c code

I would really love to avoid this whole archaeology/legalese work,
because I am not a lawyer. I am only doing that because of the "new
files should have a copyright header" requirement.

Cc: Amit Shah 
Cc: Anthony Liguori 
Cc: Anthony PERARD 
Cc: Blue Swirl 
Cc: Christian Borntraeger 
Cc: Christoph Egger 
Cc: David 'Digit' Turner 
Cc: Donald Dutile 
Cc: dunrong huang 
Cc: Gerd Hoffmann 
Cc: Isaku Yamahata 
Cc: Jan Kiszka 
Cc: Jan Kiszka 
Cc: Juan Quintela 
Cc: Kevin Wolf 
Cc: Kusanagi Kouichi 
Cc: Markus Armbruster 
Cc: Michael Roth 
Cc: Michael S. Tsirkin 
Cc: Paolo Bonzini 
Cc: Stefan Hajnoczi 
Cc: Stefan Weil 
Cc: Stefan Weil 
Cc: Zhi Yong Wu 
---
 hw/qdev-properties.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 81d901c..ff5aa0a 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -1,3 +1,33 @@
+/*
+ * qdev property parsing and global properties
+ *
+ * Copyright (c) 2009-2010 Gerd Hoffmann 
+ * Copyright (c) 2009 Christoph Egger 
+ * Copyright (c) 2009-2010 Blue Swirl 
+ * Copyright (c) 2009 Juan Quintela 
+ * Copyright (c) 2010 Michael S. Tsirkin 
+ * Copyright (c) 2010,2012 Stefan Weil 
+ * Copyright (c) 2010-2012 Markus Armbruster 
+ * Copyright (c) 2010 Kevin Wolf 
+ * Copyright (c) 2010 Isaku Yamahata 
+ * Copyright (c) 2011 David 'Digit' Turner 
+ * Copyright (c) 2011-2012 Amit Shah 
+ * Copyright (c) 2011 Kusanagi Kouichi 
+ * Copyright (c) 2011-2012 Anthony Liguori 
+ * Copyright (c) 2011 Donald Dutile 
+ * Copyright (c) 2011-2012 Jan Kiszka 
+ * Copyright (c) 2011-2012 Paolo Bonzini 
+ * Copyright (c) 2012 Stefan Hajnoczi 
+ * Copyright (c) 2012 dunrong huang 
+ * Copyright (c) 2012 Michael Roth 
+ * Copyright (c) 2012 Anthony PERARD 
+ * Copyright (c) 2012 Christian Borntraeger 
+ * Copyright (c) 2012 Zhi Yong Wu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
 #include "net.h"
 #include "qdev.h"
 #include "qerror.h"
-- 
1.7.11.7

[Qemu-devel] [PATCH 23/24] include qdev code into *-user, too

[Eduardo Habkost]

The code depends on some functions from qemu-option.o, so add
qemu-option.o to universal-obj-y to make sure it's included.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
 - Keep files on the hw/ directory
   (it's simply easier to keep them there, as qdev.o depends on irq.o)
 - Add a $(hw-core-obj-y) variable to Makefile.objs for the qdev core code
 - Add irq.o to the list of core qdev files
   (as now the gpio code is being kept inside qdev.c)
---
 Makefile.objs| 8 
 hw/Makefile.objs | 8 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index 593a592..be3c8ef 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -18,6 +18,13 @@ qom-obj-y = qom/
 universal-obj-y += $(qom-obj-y)
 
 ###
+# Core hw code (qdev core)
+hw-core-obj-y += hw/
+hw-core-obj-y += qemu-option.o
+
+universal-obj-y += $(hw-core-obj-y)
+
+###
 # oslib-obj-y is code depending on the OS (win32 vs posix)
 oslib-obj-y = osdep.o cutils.o qemu-timer-common.o
 oslib-obj-$(CONFIG_WIN32) += oslib-win32.o qemu-thread-win32.o
@@ -244,5 +251,6 @@ nested-vars += \
block-obj-y \
user-obj-y \
common-obj-y \
+   hw-core-obj-y \
extra-obj-y
 dummy := $(call unnest-vars)
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 4833b90..2c931e9 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -1,3 +1,8 @@
+# core qdev-related obj files, also used by *-user:
+hw-core-obj-y += qdev.o qdev-properties.o
+# irq.o needed for qdev GPIO handling:
+hw-core-obj-y += irq.o
+
 common-obj-y = usb/ ide/
 common-obj-y += loader.o
 common-obj-$(CONFIG_VIRTIO) += virtio-console.o
@@ -155,7 +160,6 @@ common-obj-$(CONFIG_SOUND) += $(sound-obj-y)
 common-obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/
 
 common-obj-y += usb/
-common-obj-y += irq.o
 common-obj-$(CONFIG_PTIMER) += ptimer.o
 common-obj-$(CONFIG_MAX7310) += max7310.o
 common-obj-$(CONFIG_WM8750) += wm8750.o
@@ -181,7 +185,7 @@ common-obj-$(CONFIG_SD) += sd.o
 common-obj-y += bt.o bt-l2cap.o bt-sdp.o bt-hci.o bt-hid.o
 common-obj-y += bt-hci-csr.o
 common-obj-y += msmouse.o ps2.o
-common-obj-y += qdev.o qdev-properties.o qdev-monitor.o
+common-obj-y += qdev-monitor.o
 common-obj-y += qdev-properties-system.o
 common-obj-$(CONFIG_BRLAPI) += baum.o
 
-- 
1.7.11.7

[Qemu-devel] [PATCH 08/24] vnc-palette.h: include

[Eduardo Habkost]

 is needed for the 'bool' type, used in the header.

The header is probably being included by accident because some other
headers are including qemu-common.h, but those headers should eventually
stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 ui/vnc-palette.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ui/vnc-palette.h b/ui/vnc-palette.h
index 3260885..b82dc5d 100644
--- a/ui/vnc-palette.h
+++ b/ui/vnc-palette.h
@@ -32,6 +32,7 @@
 #include "qlist.h"
 #include "qemu-queue.h"
 #include 
+#include 
 
 #define VNC_PALETTE_HASH_SIZE 256
 #define VNC_PALETTE_MAX_SIZE  256
-- 
1.7.11.7

[Qemu-devel] BUG: virtio-scsi-pci device causes SIGABRT on master 2592c59

[Don Slutz]

Commit d22b096ef6e0b20810193b68a1d472f3fb8a4f9e is what I bisected to.

Using:

gdb --args ./x86_64-softmmu/qemu-system-x86_64 -machine pc,accel=kvm 
-name "test1" -serial pty -chardev stdio,id=seabio\
s -device isa-debugcon,iobase=0x402,chardev=seabios -m 1024 -monitor pty 
-monitor vc -device virtio-scsi-pci,id=scsi0 -\
drive if=none,id=disk0,file=/home/don/qemu-img/test1.raw -device 
scsi-disk,bus=scsi0.0,scsi-id=0,drive=disk0 -cdrom /ho\

me/don/isos/centos/x86_64/CentOS-6.3-x86_64-minimal.iso

dcs-xen-50:~/qemu>git-bisect good
Bisecting: 0 revisions left to test after this (roughly 1 step)
[12b40e471f33e552fa3d962887b416cf67831446] xen_pt: use separate 
MemoryListeners for memory and I/O

dcs-xen-50:~/qemu>git-bisect bad
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d22b096ef6e0b20810193b68a1d472f3fb8a4f9e] kvm: use separate 
MemoryListeners for memory and I/O

dcs-xen-50:~/qemu>git-bisect bad
d22b096ef6e0b20810193b68a1d472f3fb8a4f9e is the first bad commit
commit d22b096ef6e0b20810193b68a1d472f3fb8a4f9e
Author: Avi Kivity 
Date:   Sun Sep 30 22:21:11 2012 +0200

kvm: use separate MemoryListeners for memory and I/O

The construct

   if (address_space == get_system_memory()) {
   // memory thing
   } else {
   // io thing
   }

fails if we have more than two address spaces.  Use a separate listener
for memory and I/O, and utilize MemoryListener's address space 
filtering to

fix this.

Signed-off-by: Avi Kivity 

:100644 100644 92a71374ed1e040cef5ad70a6cb00adabf671dd4 
c69e01200461c7a87440f7a915bd171a9fc8f318 M  kvm-all.c



Searching bootorder for: /pci@i0cf8/*@4/*@0/*@255,0

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffef7d6700 (LWP 14635)]
0x74c24925 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install 
libxcb-1.8.1-1.fc17.x86_64

(gdb) bt
#0  0x74c24925 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x74c260d8 in __GI_abort () at abort.c:91
#2  0x55862da1 in kvm_mem_ioeventfd_add (listener=0x55cd97c0,
section=0x7fffef7d57f0, match_data=true, data=0, e=0x5660e8bc)
at /home/don/qemu/kvm-all.c:775
#3  0x558690f1 in address_space_add_del_ioeventfds 
(as=0x5650bf60,

fds_new=0x7fffe8000bf0, fds_new_nb=1, fds_old=0x0, fds_old_nb=0)
at /home/don/qemu/memory.c:616
#4  0x5586944d in address_space_update_ioeventfds 
(as=0x5650bf60)

at /home/don/qemu/memory.c:649
#5  0x55869fa3 in address_space_update_topology (as=0x5650bf60)
at /home/don/qemu/memory.c:730
#6  0x5586a0b7 in memory_region_transaction_commit ()
at /home/don/qemu/memory.c:750
#7  0x5586bc35 in memory_region_add_eventfd (mr=0x5660d0d8, 
addr=

16, size=2, match_data=true, data=0, e=0x5660e8bc)
at /home/don/qemu/memory.c:1231
#8  0x55736adf in virtio_pci_set_host_notifier_internal (proxy=
0x5660cb40, n=0, assign=true, set_handler=true)
at /home/don/qemu/hw/virtio-pci.c:178
#9  0x55736be1 in virtio_pci_start_ioeventfd (proxy=0x5660cb40)
at /home/don/qemu/hw/virtio-pci.c:204
---Type  to continue, or q  to quit---
#10 0x55736f89 in virtio_ioport_write (opaque=0x5660cb40, 
addr=18,

val=7) at /home/don/qemu/hw/virtio-pci.c:295
#11 0x557374b3 in virtio_pci_config_writeb (opaque=0x5660cb40,
addr=18, val=7) at /home/don/qemu/hw/virtio-pci.c:427
#12 0x55868054 in memory_region_iorange_write 
(iorange=0x7fffe8000b20,

offset=18, width=1, data=7) at /home/don/qemu/memory.c:431
#13 0x558607cc in ioport_writeb_thunk (opaque=0x7fffe8000b20, addr=
49234, data=7) at /home/don/qemu/ioport.c:212
#14 0x558601a6 in ioport_write (index=0, address=49234, data=7)
at /home/don/qemu/ioport.c:83
#15 0x55860d46 in cpu_outb (addr=49234, val=7 '\a')
at /home/don/qemu/ioport.c:289
#16 0x558646b4 in kvm_handle_io (port=49234, data=0x77ff3000,
direction=1, size=1, count=1) at /home/don/qemu/kvm-all.c:1451
#17 0x55864c9b in kvm_cpu_exec (env=0x5658d4e0)
at /home/don/qemu/kvm-all.c:1597
#18 0x557f1c31 in qemu_kvm_cpu_thread_fn (arg=0x5658d4e0)
at /home/don/qemu/cpus.c:753
#19 0x7604fd14 in start_thread (arg=0x7fffef7d6700)
at pthread_create.c:309
#20 0x74ce067d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb)

   -Don Slutz

[Qemu-devel] [PATCH 21/24] qdev: add weak alias to sysbus_get_default() on qdev.c

[Eduardo Habkost]

This version will be used on cases where sysbus.c is not compiled in
(e.g. *-user).

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
 - Use the new QEMU_WEAK_ALIAS mechanism, instead of GCC_WEAK
---
 hw/qdev-core.h |  5 -
 hw/qdev.c  | 13 +
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/hw/qdev-core.h b/hw/qdev-core.h
index 494b687..b64daf0 100644
--- a/hw/qdev-core.h
+++ b/hw/qdev-core.h
@@ -193,7 +193,10 @@ void qbus_free(BusState *bus);
 
 #define FROM_QBUS(type, dev) DO_UPCAST(type, qbus, dev)
 
-/* This should go away once we get rid of the NULL bus hack */
+/* This should go away once we get rid of the NULL bus hack.
+ * This has a weak alias for a stub function on qdev.c (for *-user, that
+ * doesn't have a main system bus).
+ */
 BusState *sysbus_get_default(void);
 
 char *qdev_get_fw_dev_path(DeviceState *dev);
diff --git a/hw/qdev.c b/hw/qdev.c
index 94ae1cd..0702659 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -100,6 +100,19 @@ static void stub_vmstate_unregister(DeviceState *dev,
 }
 QEMU_WEAK_ALIAS(vmstate_unregister, stub_vmstate_unregister);
 
+
+/* sysbus stub functions
+ *
+ * The real implementation is on sysbus.c, but the stub functions will be used
+ * on cases where sysbus.c is not compiled in (e.g. *-user).
+ */
+
+static BusState *sysbus_get_none(void)
+{
+return NULL;
+}
+QEMU_WEAK_ALIAS(sysbus_get_default, sysbus_get_none);
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
-- 
1.7.11.7

[Qemu-devel] [PATCH 05/24] qdev: split up header so it can be used in cpu.h

[Eduardo Habkost]

From: Anthony Liguori 

Header file dependency is a frickin' nightmare right now.  cpu.h tends to get
included in our 'include everything' header files but qdev also needs to include
those headers mainly for qdev-properties since it knows about CharDriverState
and friends.

We can solve this for now by splitting out qdev.h along the same lines that we
previously split the C file.  Then cpu.h just needs to include qdev-core.h

hw/qdev.h is split into following new headers:
hw/qdev-core.h
hw/qdev-properties.h
hw/qdev-monitor.h

Signed-off-by: Anthony Liguori 

[ehabkost: re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the
 original patch (by mistake, I guess)]
[ehabkost: kill qdev_prop_set_vlan() declaration]
[ehabkost: moved get_fw_dev_path() comment to the original location
 (I don't know why it was moved)]
[ehabkost: removed qdev_exists() declaration]
[ehabkost: keep using 'QemuOpts' instead of 'struct QemuOpts', as
 qdev-core.h includes qemu-option.h]

Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message)

Detailed changelog:

Changes v1 (from Anthony) -> v2 (from Eduardo):
 - re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the original
   patch (by mistake, I guess)
 - kill qdev_prop_set_vlan() declaration

Changes v2 -> v3 (from Eduardo):
 - moved get_fw_dev_path() comment to the original location (I don't
   know why it was moved)
 - removed qdev_exists() declaration
 - keep using 'QemuOpts' instead of 'struct QemuOpts', as qdev-core.h
   includes qemu-option.h

Changes v3 -> v4 (from Eduardo):
 - Edited commit message to include additional information about the
   specific files being created
---
 hw/mc146818rtc.c |   1 +
 hw/qdev-addr.c   |   1 +
 hw/qdev-core.h   | 238 +
 hw/qdev-monitor.h|  16 +++
 hw/qdev-properties.c |   1 +
 hw/qdev-properties.h | 130 ++
 hw/qdev.c|   1 +
 hw/qdev.h| 370 +--
 8 files changed, 392 insertions(+), 366 deletions(-)
 create mode 100644 hw/qdev-core.h
 create mode 100644 hw/qdev-monitor.h
 create mode 100644 hw/qdev-properties.h

diff --git a/hw/mc146818rtc.c b/hw/mc146818rtc.c
index 98839f2..7d84ce3 100644
--- a/hw/mc146818rtc.c
+++ b/hw/mc146818rtc.c
@@ -25,6 +25,7 @@
 #include "qemu-timer.h"
 #include "sysemu.h"
 #include "mc146818rtc.h"
+#include "qapi/qapi-visit-core.h"
 
 #ifdef TARGET_I386
 #include "apic.h"
diff --git a/hw/qdev-addr.c b/hw/qdev-addr.c
index de0ba87..ea32c31 100644
--- a/hw/qdev-addr.c
+++ b/hw/qdev-addr.c
@@ -1,6 +1,7 @@
 #include "qdev.h"
 #include "qdev-addr.h"
 #include "hwaddr.h"
+#include "qapi/qapi-visit-core.h"
 
 /* --- target physical address --- */
 
diff --git a/hw/qdev-core.h b/hw/qdev-core.h
new file mode 100644
index 000..fce9e22
--- /dev/null
+++ b/hw/qdev-core.h
@@ -0,0 +1,238 @@
+#ifndef QDEV_CORE_H
+#define QDEV_CORE_H
+
+#include "qemu-queue.h"
+#include "qemu-option.h"
+#include "qemu/object.h"
+#include "hw/irq.h"
+#include "error.h"
+
+typedef struct Property Property;
+
+typedef struct PropertyInfo PropertyInfo;
+
+typedef struct CompatProperty CompatProperty;
+
+typedef struct BusState BusState;
+
+typedef struct BusClass BusClass;
+
+enum DevState {
+DEV_STATE_CREATED = 1,
+DEV_STATE_INITIALIZED,
+};
+
+enum {
+DEV_NVECTORS_UNSPECIFIED = -1,
+};
+
+#define TYPE_DEVICE "device"
+#define DEVICE(obj) OBJECT_CHECK(DeviceState, (obj), TYPE_DEVICE)
+#define DEVICE_CLASS(klass) OBJECT_CLASS_CHECK(DeviceClass, (klass), 
TYPE_DEVICE)
+#define DEVICE_GET_CLASS(obj) OBJECT_GET_CLASS(DeviceClass, (obj), TYPE_DEVICE)
+
+typedef int (*qdev_initfn)(DeviceState *dev);
+typedef int (*qdev_event)(DeviceState *dev);
+typedef void (*qdev_resetfn)(DeviceState *dev);
+
+struct VMStateDescription;
+
+typedef struct DeviceClass {
+ObjectClass parent_class;
+
+const char *fw_name;
+const char *desc;
+Property *props;
+int no_user;
+
+/* callbacks */
+void (*reset)(DeviceState *dev);
+
+/* device state */
+const struct VMStateDescription *vmsd;
+
+/* Private to qdev / bus.  */
+qdev_initfn init;
+qdev_event unplug;
+qdev_event exit;
+const char *bus_type;
+} DeviceClass;
+
+/* This structure should not be accessed directly.  We declare it here
+   so that it can be embedded in individual device state structures.  */
+struct DeviceState {
+Object parent_obj;
+
+const char *id;
+enum DevState state;
+QemuOpts *opts;
+int hotplugged;
+BusState *parent_bus;
+int num_gpio_out;
+qemu_irq *gpio_out;
+int num_gpio_in;
+qemu_irq *gpio_in;
+QLIST_HEAD(, BusState) child_bus;
+int num_child_bus;
+int instance_id_alias;
+int alias_required_for_version;
+};
+
+#define TYP

[Qemu-devel] [PATCH 18/24] qdev: qdev_create(): use error_report() instead of hw_error()

[Eduardo Habkost]

hw_error() is specific for fatal hardware emulation errors, not for
internal errors related to the qdev object/class abstraction or object
initialization.

Replace it with an error_report() call, followed by abort().

This will also help reduce dependencies of the qdev code (as hw_error()
is from cpus.o, and depends on the CPU list from exec.o).

Signed-off-by: Eduardo Habkost 
---
 hw/qdev.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/qdev.c b/hw/qdev.c
index 7ddcd24..2cc6434 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -109,10 +109,12 @@ DeviceState *qdev_create(BusState *bus, const char *name)
 dev = qdev_try_create(bus, name);
 if (!dev) {
 if (bus) {
-hw_error("Unknown device '%s' for bus '%s'\n", name,
- object_get_typename(OBJECT(bus)));
+error_report("Unknown device '%s' for bus '%s'\n", name,
+ object_get_typename(OBJECT(bus)));
+abort();
 } else {
-hw_error("Unknown device '%s' for default sysbus\n", name);
+error_report("Unknown device '%s' for default sysbus\n", name);
+abort();
 }
 }
 
-- 
1.7.11.7

[Qemu-devel] [PATCH 22/24] qdev-properties.c: separate core from the code used only by qemu-system-*

[Eduardo Habkost]

This separates the qdev properties code in two parts:
 - qdev-properties.c, that contains most of the qdev properties code;
 - qdev-properties-system.c for code specific for qemu-system-*,
   containing:
   - Property types: drive, chr, netdev, vlan, that depend on code that
 won't be included on *-user
   - qemu_add_globals(), that depends on qemu-config.o.

This change should help on two things:
 - Allowing DeviceState to be used by *-user without pulling
   dependencies that are specific for qemu-system-*;
 - Writing qdev unit tests without pulling too many dependencies.

The copyright/license header for the new file is directly copied from
qdev-properties.c.

Signed-off-by: Eduardo Habkost 
[imammedo: keep qdev_get_child_bus() in hw/qdev.c]
[imammedo: put qdev_set_nic_properties() in hw/qdev-properties-system.c]
Signed-off-by: Igor Mammedov 
[ehabkost: updated the qdev_init_gpio_in() code on qdev-system.c to current
 version]
[ehabkost: added copyright/license information to new qdev*-system.c files]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).

Detailed changelog:

Changes v1 (ehabkost) -> v2 (imammedo):
 - keep qdev_get_child_bus() in hw/qdev.c
 - put qdev_set_nic_properties() in hw/qdev-properties-system.c

Changes v2 -> v3 (ehabkost):
 - updated the qdev_init_gpio_in() code on qdev-system.c to current
   version

Changes v3 -> v4 (ehabkost):
 - Added copyright/license information to qdev-properties-system.c
   (based on copyright/license of qdev-properties.c)
 - Whitespace change at the end of qdev-properties.c
 - Don't create qdev-system.c, now we can keep the qdev.c code as-is
   as the qdev.c dependencies were reduced
 - Rewrite patch description
---
 hw/Makefile.objs|   1 +
 hw/qdev-properties-system.c | 371 
 hw/qdev-properties.c| 321 +-
 hw/qdev-properties.h|   1 +
 hw/qdev.c   |  13 --
 5 files changed, 374 insertions(+), 333 deletions(-)
 create mode 100644 hw/qdev-properties-system.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index af4ab0c..4833b90 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -182,6 +182,7 @@ common-obj-y += bt.o bt-l2cap.o bt-sdp.o bt-hci.o bt-hid.o
 common-obj-y += bt-hci-csr.o
 common-obj-y += msmouse.o ps2.o
 common-obj-y += qdev.o qdev-properties.o qdev-monitor.o
+common-obj-y += qdev-properties-system.o
 common-obj-$(CONFIG_BRLAPI) += baum.o
 
 # xen backend driver support
diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c
new file mode 100644
index 000..d7ea4e3
--- /dev/null
+++ b/hw/qdev-properties-system.c
@@ -0,0 +1,371 @@
+/*
+ * qdev property parsing and global properties
+ * (parts specific for qemu-system-*)
+ *
+ * Copyright (c) 2009-2010 Gerd Hoffmann 
+ * Copyright (c) 2009 Christoph Egger 
+ * Copyright (c) 2009-2010 Blue Swirl 
+ * Copyright (c) 2009 Juan Quintela 
+ * Copyright (c) 2010 Michael S. Tsirkin 
+ * Copyright (c) 2010,2012 Stefan Weil 
+ * Copyright (c) 2010-2012 Markus Armbruster 
+ * Copyright (c) 2010 Kevin Wolf 
+ * Copyright (c) 2010 Isaku Yamahata 
+ * Copyright (c) 2011 David 'Digit' Turner 
+ * Copyright (c) 2011-2012 Amit Shah 
+ * Copyright (c) 2011 Kusanagi Kouichi 
+ * Copyright (c) 2011-2012 Anthony Liguori 
+ * Copyright (c) 2011 Donald Dutile 
+ * Copyright (c) 2011-2012 Jan Kiszka 
+ * Copyright (c) 2011-2012 Paolo Bonzini 
+ * Copyright (c) 2012 Stefan Hajnoczi 
+ * Copyright (c) 2012 dunrong huang 
+ * Copyright (c) 2012 Michael Roth 
+ * Copyright (c) 2012 Anthony PERARD 
+ * Copyright (c) 2012 Christian Borntraeger 
+ * Copyright (c) 2012 Zhi Yong Wu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "net.h"
+#include "qdev.h"
+#include "qerror.h"
+#include "blockdev.h"
+#include "hw/block-common.h"
+#include "net/hub.h"
+#include "qapi/qapi-visit-core.h"
+
+static void get_pointer(Object *obj, Visitor *v, Property *prop,
+const char *(*print)(void *ptr),
+const char *name, Error **errp)
+{
+DeviceState *dev = DEVICE(obj);
+void **ptr = qdev_get_prop_ptr(dev, prop);
+char *p;
+
+p = (char *) (*ptr ? print(*ptr) : "");
+visit_type_str(v, &p, name, errp);
+}
+
+static void set_pointer(Object *obj, Visitor *v, Property *prop,
+int (*parse)(DeviceState *dev, const char *str,
+ void **ptr),
+const char *name, Error **errp)
+{
+DeviceState *dev = DEVICE(obj);
+Error *local_err = NULL;
+void **ptr = qdev_get_prop_ptr(dev, prop);
+char *str;
+int ret;
+
+if (dev->state != DEV_STATE_CR

[Qemu-devel] [PATCH 06/24] move I/O-related definitions from qemu-common.h to a new header (qemu-stdio.h)

[Eduardo Habkost]

This will help reduce the qemu-common.h dependency hell.

Signed-off-by: Eduardo Habkost 
--
Changes v1 -> v2:
 - move qemu_open() & qemu_close() to qemu-stdio.h, too
---
 qemu-common.h | 59 ++
 qemu-stdio.h  | 76 +++
 2 files changed, 78 insertions(+), 57 deletions(-)
 create mode 100644 qemu-stdio.h

diff --git a/qemu-common.h b/qemu-common.h
index 6441bee..5080382 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -15,6 +15,8 @@
 #include "compiler.h"
 #include "config-host.h"
 
+#include "qemu-stdio.h"
+
 #if defined(__arm__) || defined(__sparc__) || defined(__mips__) || 
defined(__hppa__) || defined(__ia64__)
 #define WORDS_ALIGNED
 #endif
@@ -58,28 +60,6 @@ typedef struct MigrationParams MigrationParams;
 #include "qemu-os-posix.h"
 #endif
 
-#ifndef O_LARGEFILE
-#define O_LARGEFILE 0
-#endif
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-#ifndef MAP_ANONYMOUS
-#define MAP_ANONYMOUS MAP_ANON
-#endif
-#ifndef ENOMEDIUM
-#define ENOMEDIUM ENODEV
-#endif
-#if !defined(ENOTSUP)
-#define ENOTSUP 4096
-#endif
-#if !defined(ECANCELED)
-#define ECANCELED 4097
-#endif
-#ifndef TIME_MAX
-#define TIME_MAX LONG_MAX
-#endif
-
 /* HOST_LONG_BITS is the size of a native pointer in bits. */
 #if UINTPTR_MAX == UINT32_MAX
 # define HOST_LONG_BITS 32
@@ -89,39 +69,6 @@ typedef struct MigrationParams MigrationParams;
 # error Unknown pointer size
 #endif
 
-#ifndef CONFIG_IOVEC
-#define CONFIG_IOVEC
-struct iovec {
-void *iov_base;
-size_t iov_len;
-};
-/*
- * Use the same value as Linux for now.
- */
-#define IOV_MAX1024
-#else
-#include 
-#endif
-
-typedef int (*fprintf_function)(FILE *f, const char *fmt, ...)
-GCC_FMT_ATTR(2, 3);
-
-#ifdef _WIN32
-#define fsync _commit
-#if !defined(lseek)
-# define lseek _lseeki64
-#endif
-int qemu_ftruncate64(int, int64_t);
-#if !defined(ftruncate)
-# define ftruncate qemu_ftruncate64
-#endif
-
-static inline char *realpath(const char *path, char *resolved_path)
-{
-_fullpath(resolved_path, path, _MAX_PATH);
-return resolved_path;
-}
-#endif
 
 /* icount */
 void configure_icount(const char *option);
@@ -217,8 +164,6 @@ const char *path(const char *pathname);
 
 void *qemu_oom_check(void *ptr);
 
-int qemu_open(const char *name, int flags, ...);
-int qemu_close(int fd);
 ssize_t qemu_write_full(int fd, const void *buf, size_t count)
 QEMU_WARN_UNUSED_RESULT;
 ssize_t qemu_send_full(int fd, const void *buf, size_t count, int flags)
diff --git a/qemu-stdio.h b/qemu-stdio.h
new file mode 100644
index 000..b2e8eda
--- /dev/null
+++ b/qemu-stdio.h
@@ -0,0 +1,76 @@
+/* Some basic definitions related to stdio.h or other I/O interfaces
+ */
+#ifndef QEMU_STDIO_H
+#define QEMU_STDIO_H
+
+#include "compiler.h"
+#include "config-host.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifndef O_LARGEFILE
+#define O_LARGEFILE 0
+#endif
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+#ifndef MAP_ANONYMOUS
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+#ifndef ENOMEDIUM
+#define ENOMEDIUM ENODEV
+#endif
+#if !defined(ENOTSUP)
+#define ENOTSUP 4096
+#endif
+#if !defined(ECANCELED)
+#define ECANCELED 4097
+#endif
+#ifndef TIME_MAX
+#define TIME_MAX LONG_MAX
+#endif
+
+#ifndef CONFIG_IOVEC
+#define CONFIG_IOVEC
+struct iovec {
+void *iov_base;
+size_t iov_len;
+};
+/*
+ * Use the same value as Linux for now.
+ */
+#define IOV_MAX 1024
+#else
+#include 
+#endif
+
+typedef int (*fprintf_function)(FILE *f, const char *fmt, ...)
+GCC_FMT_ATTR(2, 3);
+
+#ifdef _WIN32
+#define fsync _commit
+#if !defined(lseek)
+# define lseek _lseeki64
+#endif
+int qemu_ftruncate64(int, int64_t);
+#if !defined(ftruncate)
+# define ftruncate qemu_ftruncate64
+#endif
+
+static inline char *realpath(const char *path, char *resolved_path)
+{
+_fullpath(resolved_path, path, _MAX_PATH);
+return resolved_path;
+}
+#endif
+
+int qemu_open(const char *name, int flags, ...);
+int qemu_close(int fd);
+
+#endif /* QEMU_STDIO_H */
-- 
1.7.11.7

[Qemu-devel] [PATCH 03/24] qemu-common.h: comment about usage rules

[Eduardo Habkost]

Every time we make a tiny change on a header file, we often find
circular header dependency problems. To avoid this nightmare, we need to
stop including qemu-common.h on other headers, and we should gradually
move the declarations from the catchall qemu-common.h header to their
specific headers.

This simply adds a comment documenting the rules about qemu-common.h,
hoping that people will see it before including qemu-common.h from other
header files, and before adding more declarations to qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qemu-common.h | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/qemu-common.h b/qemu-common.h
index ac9985c..ea43bfa 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -1,5 +1,14 @@
 
-/* Common header file that is included by all of qemu.  */
+/* Common header file that is included by all of qemu.
+ *
+ * This file is supposed to be included only by .c files. No header file should
+ * depend on qemu-common.h, as this would easily lead to circular header
+ * dependencies.
+ *
+ * If a header files uses a definition from qemu-common.h, that definition
+ * must be moved to a separate header file, and the header that uses it
+ * must include that header.
+ */
 #ifndef QEMU_COMMON_H
 #define QEMU_COMMON_H
 
-- 
1.7.11.7

[Qemu-devel] [PATCH 04/24] move qemu_irq typedef out of cpu-common.h

[Eduardo Habkost]

From: Igor Mammedov 

it's necessary for making CPU child of DEVICE without
causing circular header deps.

Signed-off-by: Igor Mammedov 
[ehabkost: re-added the typedef to hw/irq.h after rebasing]
Signed-off-by: Eduardo Habkost 
---
Changes v1 (from Igor) -> v2 (sent by Eduardo):
 - Chunk adding typedef on hw/irq.h was not present, because of patch
   rebase against qdev header split patch

Changes v2 -> v3 (from Igor):
 - sysemu.h doesn't need irq.h since 013c2f150

Changes v3 -> v4 (from Eduardo):
 - re-added the typedef code to hw/irq.h, after rebasing the patch
---
 hw/arm-misc.h | 1 +
 hw/bt.h   | 2 ++
 hw/devices.h  | 2 ++
 hw/irq.h  | 2 ++
 hw/omap.h | 1 +
 hw/soc_dma.h  | 1 +
 hw/xen.h  | 1 +
 qemu-common.h | 1 -
 8 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/arm-misc.h b/hw/arm-misc.h
index adb1665..d129678 100644
--- a/hw/arm-misc.h
+++ b/hw/arm-misc.h
@@ -12,6 +12,7 @@
 #define ARM_MISC_H 1
 
 #include "memory.h"
+#include "hw/irq.h"
 
 /* The CPU is also modeled as an interrupt controller.  */
 #define ARM_PIC_CPU_IRQ 0
diff --git a/hw/bt.h b/hw/bt.h
index a48b8d4..ebf6a37 100644
--- a/hw/bt.h
+++ b/hw/bt.h
@@ -23,6 +23,8 @@
  * along with this program; if not, see .
  */
 
+#include "hw/irq.h"
+
 /* BD Address */
 typedef struct {
 uint8_t b[6];
diff --git a/hw/devices.h b/hw/devices.h
index 1a55c1e..c60bcab 100644
--- a/hw/devices.h
+++ b/hw/devices.h
@@ -1,6 +1,8 @@
 #ifndef QEMU_DEVICES_H
 #define QEMU_DEVICES_H
 
+#include "hw/irq.h"
+
 /* ??? Not all users of this file can include cpu-common.h.  */
 struct MemoryRegion;
 
diff --git a/hw/irq.h b/hw/irq.h
index e640c10..610e6b7 100644
--- a/hw/irq.h
+++ b/hw/irq.h
@@ -3,6 +3,8 @@
 
 /* Generic IRQ/GPIO pin infrastructure.  */
 
+typedef struct IRQState *qemu_irq;
+
 typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
 
 void qemu_set_irq(qemu_irq irq, int level);
diff --git a/hw/omap.h b/hw/omap.h
index 8bd7c73..2b383ff 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -19,6 +19,7 @@
 #ifndef hw_omap_h
 #include "memory.h"
 # define hw_omap_h "omap.h"
+#include "hw/irq.h"
 
 # define OMAP_EMIFS_BASE   0x
 # define OMAP2_Q0_BASE 0x
diff --git a/hw/soc_dma.h b/hw/soc_dma.h
index 9340b8f..5948489 100644
--- a/hw/soc_dma.h
+++ b/hw/soc_dma.h
@@ -19,6 +19,7 @@
  */
 
 #include "memory.h"
+#include "hw/irq.h"
 
 struct soc_dma_s;
 struct soc_dma_ch_s;
diff --git a/hw/xen.h b/hw/xen.h
index d14e92d..e3cca7f 100644
--- a/hw/xen.h
+++ b/hw/xen.h
@@ -8,6 +8,7 @@
  */
 #include 
 
+#include "hw/irq.h"
 #include "qemu-common.h"
 
 /* xen-machine.c */
diff --git a/qemu-common.h b/qemu-common.h
index ea43bfa..6441bee 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -292,7 +292,6 @@ typedef struct PCIEPort PCIEPort;
 typedef struct PCIESlot PCIESlot;
 typedef struct MSIMessage MSIMessage;
 typedef struct SerialState SerialState;
-typedef struct IRQState *qemu_irq;
 typedef struct PCMCIACardState PCMCIACardState;
 typedef struct MouseTransformInfo MouseTransformInfo;
 typedef struct uWireSlave uWireSlave;
-- 
1.7.11.7

[Qemu-devel] [PATCH 13/24] create qemu-types.h for struct typedefs

[Eduardo Habkost]

Instead of keeping all those struct typedefs on qemu-common.h, move it
to a header that can be safely included by other headers, containing
only the struct typedefs and not pulling other dependencies.

Also, move some of the qdev-core.h typedefs to the new file, too, so
other headers don't need to include qdev-core.h only because of
DeviceState and other typedefs.

This will help us remove qemu-common.h dependencies from some headers
later.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
 - Rebased against latest qemu.git master
 - New typedefs: QEMUBH, QemuConsole
 - Old typedefs removed: DisplayAllocator, TextConsole, QEMUConsole
---
 hw/qdev-core.h | 11 +--
 qemu-common.h  | 52 +
 qemu-types.h   | 61 ++
 3 files changed, 63 insertions(+), 61 deletions(-)
 create mode 100644 qemu-types.h

diff --git a/hw/qdev-core.h b/hw/qdev-core.h
index fce9e22..494b687 100644
--- a/hw/qdev-core.h
+++ b/hw/qdev-core.h
@@ -3,20 +3,11 @@
 
 #include "qemu-queue.h"
 #include "qemu-option.h"
+#include "qemu-types.h"
 #include "qemu/object.h"
 #include "hw/irq.h"
 #include "error.h"
 
-typedef struct Property Property;
-
-typedef struct PropertyInfo PropertyInfo;
-
-typedef struct CompatProperty CompatProperty;
-
-typedef struct BusState BusState;
-
-typedef struct BusClass BusClass;
-
 enum DevState {
 DEV_STATE_CREATED = 1,
 DEV_STATE_INITIALIZED,
diff --git a/qemu-common.h b/qemu-common.h
index 5080382..1b4a12c 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -16,6 +16,7 @@
 #include "config-host.h"
 
 #include "qemu-stdio.h"
+#include "qemu-types.h"
 
 #if defined(__arm__) || defined(__sparc__) || defined(__mips__) || 
defined(__hppa__) || defined(__ia64__)
 #define WORDS_ALIGNED
@@ -23,15 +24,6 @@
 
 #define TFR(expr) do { if ((expr) != -1) break; } while (errno == EINTR)
 
-typedef struct QEMUTimer QEMUTimer;
-typedef struct QEMUFile QEMUFile;
-typedef struct QEMUBH QEMUBH;
-typedef struct DeviceState DeviceState;
-
-struct Monitor;
-typedef struct Monitor Monitor;
-typedef struct MigrationParams MigrationParams;
-
 /* we put basic includes here to avoid repeating them in device drivers */
 #include 
 #include 
@@ -205,48 +197,6 @@ struct ParallelIOArg {
 
 typedef int (*DMA_transfer_handler) (void *opaque, int nchan, int pos, int 
size);
 
-/* A load of opaque types so that device init declarations don't have to
-   pull in all the real definitions.  */
-typedef struct NICInfo NICInfo;
-typedef struct HCIInfo HCIInfo;
-typedef struct AudioState AudioState;
-typedef struct BlockDriverState BlockDriverState;
-typedef struct DriveInfo DriveInfo;
-typedef struct DisplayState DisplayState;
-typedef struct DisplayChangeListener DisplayChangeListener;
-typedef struct DisplaySurface DisplaySurface;
-typedef struct PixelFormat PixelFormat;
-typedef struct QemuConsole QemuConsole;
-typedef struct CharDriverState CharDriverState;
-typedef struct MACAddr MACAddr;
-typedef struct NetClientState NetClientState;
-typedef struct i2c_bus i2c_bus;
-typedef struct ISABus ISABus;
-typedef struct ISADevice ISADevice;
-typedef struct SMBusDevice SMBusDevice;
-typedef struct PCIHostState PCIHostState;
-typedef struct PCIExpressHost PCIExpressHost;
-typedef struct PCIBus PCIBus;
-typedef struct PCIDevice PCIDevice;
-typedef struct PCIExpressDevice PCIExpressDevice;
-typedef struct PCIBridge PCIBridge;
-typedef struct PCIEAERMsg PCIEAERMsg;
-typedef struct PCIEAERLog PCIEAERLog;
-typedef struct PCIEAERErr PCIEAERErr;
-typedef struct PCIEPort PCIEPort;
-typedef struct PCIESlot PCIESlot;
-typedef struct MSIMessage MSIMessage;
-typedef struct SerialState SerialState;
-typedef struct PCMCIACardState PCMCIACardState;
-typedef struct MouseTransformInfo MouseTransformInfo;
-typedef struct uWireSlave uWireSlave;
-typedef struct I2SCodec I2SCodec;
-typedef struct SSIBus SSIBus;
-typedef struct EventNotifier EventNotifier;
-typedef struct VirtIODevice VirtIODevice;
-typedef struct QEMUSGList QEMUSGList;
-typedef struct SHPCDevice SHPCDevice;
-
 typedef uint64_t pcibus_t;
 
 typedef enum LostTickPolicy {
diff --git a/qemu-types.h b/qemu-types.h
new file mode 100644
index 000..fd532a2
--- /dev/null
+++ b/qemu-types.h
@@ -0,0 +1,61 @@
+#ifndef QEMU_TYPEDEFS_H
+#define QEMU_TYPEDEFS_H
+
+/* A load of opaque types so that device init declarations don't have to
+   pull in all the real definitions.  */
+typedef struct QEMUTimer QEMUTimer;
+typedef struct QEMUFile QEMUFile;
+typedef struct QEMUBH QEMUBH;
+
+struct Monitor;
+typedef struct Monitor Monitor;
+typedef struct MigrationParams MigrationParams;
+
+typedef struct Property Property;
+typedef struct PropertyInfo PropertyInfo;
+typedef struct CompatProperty CompatProperty;
+typedef struct DeviceState DeviceState;
+typedef struct BusState BusState;
+typedef struct BusClass BusClass;
+
+typedef struct NICInfo NICInfo;
+typedef struct HCIInfo HCIInfo;
+typedef struct AudioStat

[Qemu-devel] [PATCH 02/24] user: rename qemu-types.h to qemu-user-types.h

[Eduardo Habkost]

The header file is specific for *-user, but I plan to introduce a more
generic qemu-types.h file, so I'm renaming it.

Signed-off-by: Eduardo Habkost 
---
Cc: Blue Swirl 
Cc: Riku Voipio 
---
 bsd-user/qemu.h   | 2 +-
 cpu-all.h | 2 +-
 linux-user/qemu.h | 2 +-
 qemu-types.h => qemu-user-types.h | 0
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename qemu-types.h => qemu-user-types.h (100%)

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 8a5ee3d..d268899 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -11,7 +11,7 @@
 #include 
 #endif /* DEBUG_REMAP */
 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 enum BSDType {
 target_freebsd,
diff --git a/cpu-all.h b/cpu-all.h
index c9c51b8..d6b2b19 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -180,7 +180,7 @@ static inline void tswap64s(uint64_t *s)
 
 #if defined(CONFIG_USER_ONLY)
 #include 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 5e53dca..ceddb3c 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -11,7 +11,7 @@
 #include 
 #endif /* DEBUG_REMAP */
 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 #include "thunk.h"
 #include "syscall_defs.h"
diff --git a/qemu-types.h b/qemu-user-types.h
similarity index 100%
rename from qemu-types.h
rename to qemu-user-types.h
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH 20/24] qdev: add stub vmstate handling to qdev.c

[Eduardo Habkost]

On Fri, Nov 09, 2012 at 11:08:35AM -0200, Eduardo Habkost wrote:
> Add GCC_WEAK vmstate symbols to qdev.c, so that qdev.o can be used
> without savevm.o (i.e. by *-user).
> 
> Signed-off-by: Eduardo Habkost 

So, this is now broken as GCC_WEAK is gone and now I have to use
QEMU_WEAK_ALIAS instead. I will send v7 of the series soon.

> ---
> Originally submitted as:
>   Subject: qdev-core: isolate vmstate handling into separate functions
> 
> Changes v1 -> v2:
>  - Add GCC_WEAK_DECL to function declarations
> 
> Changes v2 -> v3:
>  - Make vmstate_register_with_alias_id()/vmstate_unregister()
>have GCC_WEAK versions, instead of creating a new function
>  - Kept qdev_get_vmsd() inside qdev.c
> ---
>  hw/qdev.c | 21 +
>  vmstate.h |  6 --
>  2 files changed, 25 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/qdev.c b/hw/qdev.c
> index c242097..fe4de96 100644
> --- a/hw/qdev.c
> +++ b/hw/qdev.c
> @@ -76,6 +76,27 @@ void qemu_devices_reset(void)
>  }
>  }
>  
> +/* vmstate register/unregister:
> + *
> + * The real implementations are on qdev-system.c and savevm.c.
> + * Those are weak symbols used by *-user.
> + */
> +
> +GCC_WEAK int vmstate_register_with_alias_id(DeviceState *dev,
> +int instance_id,
> +const VMStateDescription *vmsd,
> +void *base, int alias_id,
> +int required_for_version)
> +{
> +return 0;
> +}
> +
> +GCC_WEAK void vmstate_unregister(DeviceState *dev,
> + const VMStateDescription *vmsd,
> + void *opaque)
> +{
> +}
> +
>  const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
>  {
>  DeviceClass *dc = DEVICE_GET_CLASS(dev);
> diff --git a/vmstate.h b/vmstate.h
> index 623af0a..7a56b88 100644
> --- a/vmstate.h
> +++ b/vmstate.h
> @@ -624,11 +624,13 @@ void vmstate_save_state(QEMUFile *f, const 
> VMStateDescription *vmsd,
>  void *opaque);
>  int vmstate_register(DeviceState *dev, int instance_id,
>   const VMStateDescription *vmsd, void *base);
> -int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
> +
> +/* The following functions have GCC_WEAK stubs on qdev-core, for *-user: */
> +GCC_WEAK_DECL int vmstate_register_with_alias_id(DeviceState *dev, int 
> instance_id,
> const VMStateDescription *vmsd,
> void *base, int alias_id,
> int required_for_version);
> -void vmstate_unregister(DeviceState *dev, const VMStateDescription *vmsd,
> +GCC_WEAK_DECL void vmstate_unregister(DeviceState *dev, const 
> VMStateDescription *vmsd,
>  void *opaque);
>  
>  struct MemoryRegion;
> -- 
> 1.7.11.4
> 
> 

-- 
Eduardo

[Qemu-devel] [PATCH 03/24] qemu-common.h: comment about usage rules

[Eduardo Habkost]

Every time we make a tiny change on a header file, we often find
circular header dependency problems. To avoid this nightmare, we need to
stop including qemu-common.h on other headers, and we should gradually
move the declarations from the catchall qemu-common.h header to their
specific headers.

This simply adds a comment documenting the rules about qemu-common.h,
hoping that people will see it before including qemu-common.h from other
header files, and before adding more declarations to qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qemu-common.h | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/qemu-common.h b/qemu-common.h
index ac9985c..ea43bfa 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -1,5 +1,14 @@
 
-/* Common header file that is included by all of qemu.  */
+/* Common header file that is included by all of qemu.
+ *
+ * This file is supposed to be included only by .c files. No header file should
+ * depend on qemu-common.h, as this would easily lead to circular header
+ * dependencies.
+ *
+ * If a header files uses a definition from qemu-common.h, that definition
+ * must be moved to a separate header file, and the header that uses it
+ * must include that header.
+ */
 #ifndef QEMU_COMMON_H
 #define QEMU_COMMON_H
 
-- 
1.7.11.4

[Qemu-devel] [PATCH 06/24] move I/O-related definitions from qemu-common.h to a new header (qemu-stdio.h)

[Eduardo Habkost]

This will help reduce the qemu-common.h dependency hell.

Signed-off-by: Eduardo Habkost 
--
Changes v1 -> v2:
 - move qemu_open() & qemu_close() to qemu-stdio.h, too
---
 qemu-common.h | 59 ++
 qemu-stdio.h  | 76 +++
 2 files changed, 78 insertions(+), 57 deletions(-)
 create mode 100644 qemu-stdio.h

diff --git a/qemu-common.h b/qemu-common.h
index 6441bee..5080382 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -15,6 +15,8 @@
 #include "compiler.h"
 #include "config-host.h"
 
+#include "qemu-stdio.h"
+
 #if defined(__arm__) || defined(__sparc__) || defined(__mips__) || 
defined(__hppa__) || defined(__ia64__)
 #define WORDS_ALIGNED
 #endif
@@ -58,28 +60,6 @@ typedef struct MigrationParams MigrationParams;
 #include "qemu-os-posix.h"
 #endif
 
-#ifndef O_LARGEFILE
-#define O_LARGEFILE 0
-#endif
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-#ifndef MAP_ANONYMOUS
-#define MAP_ANONYMOUS MAP_ANON
-#endif
-#ifndef ENOMEDIUM
-#define ENOMEDIUM ENODEV
-#endif
-#if !defined(ENOTSUP)
-#define ENOTSUP 4096
-#endif
-#if !defined(ECANCELED)
-#define ECANCELED 4097
-#endif
-#ifndef TIME_MAX
-#define TIME_MAX LONG_MAX
-#endif
-
 /* HOST_LONG_BITS is the size of a native pointer in bits. */
 #if UINTPTR_MAX == UINT32_MAX
 # define HOST_LONG_BITS 32
@@ -89,39 +69,6 @@ typedef struct MigrationParams MigrationParams;
 # error Unknown pointer size
 #endif
 
-#ifndef CONFIG_IOVEC
-#define CONFIG_IOVEC
-struct iovec {
-void *iov_base;
-size_t iov_len;
-};
-/*
- * Use the same value as Linux for now.
- */
-#define IOV_MAX1024
-#else
-#include 
-#endif
-
-typedef int (*fprintf_function)(FILE *f, const char *fmt, ...)
-GCC_FMT_ATTR(2, 3);
-
-#ifdef _WIN32
-#define fsync _commit
-#if !defined(lseek)
-# define lseek _lseeki64
-#endif
-int qemu_ftruncate64(int, int64_t);
-#if !defined(ftruncate)
-# define ftruncate qemu_ftruncate64
-#endif
-
-static inline char *realpath(const char *path, char *resolved_path)
-{
-_fullpath(resolved_path, path, _MAX_PATH);
-return resolved_path;
-}
-#endif
 
 /* icount */
 void configure_icount(const char *option);
@@ -217,8 +164,6 @@ const char *path(const char *pathname);
 
 void *qemu_oom_check(void *ptr);
 
-int qemu_open(const char *name, int flags, ...);
-int qemu_close(int fd);
 ssize_t qemu_write_full(int fd, const void *buf, size_t count)
 QEMU_WARN_UNUSED_RESULT;
 ssize_t qemu_send_full(int fd, const void *buf, size_t count, int flags)
diff --git a/qemu-stdio.h b/qemu-stdio.h
new file mode 100644
index 000..b2e8eda
--- /dev/null
+++ b/qemu-stdio.h
@@ -0,0 +1,76 @@
+/* Some basic definitions related to stdio.h or other I/O interfaces
+ */
+#ifndef QEMU_STDIO_H
+#define QEMU_STDIO_H
+
+#include "compiler.h"
+#include "config-host.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifndef O_LARGEFILE
+#define O_LARGEFILE 0
+#endif
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+#ifndef MAP_ANONYMOUS
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+#ifndef ENOMEDIUM
+#define ENOMEDIUM ENODEV
+#endif
+#if !defined(ENOTSUP)
+#define ENOTSUP 4096
+#endif
+#if !defined(ECANCELED)
+#define ECANCELED 4097
+#endif
+#ifndef TIME_MAX
+#define TIME_MAX LONG_MAX
+#endif
+
+#ifndef CONFIG_IOVEC
+#define CONFIG_IOVEC
+struct iovec {
+void *iov_base;
+size_t iov_len;
+};
+/*
+ * Use the same value as Linux for now.
+ */
+#define IOV_MAX 1024
+#else
+#include 
+#endif
+
+typedef int (*fprintf_function)(FILE *f, const char *fmt, ...)
+GCC_FMT_ATTR(2, 3);
+
+#ifdef _WIN32
+#define fsync _commit
+#if !defined(lseek)
+# define lseek _lseeki64
+#endif
+int qemu_ftruncate64(int, int64_t);
+#if !defined(ftruncate)
+# define ftruncate qemu_ftruncate64
+#endif
+
+static inline char *realpath(const char *path, char *resolved_path)
+{
+_fullpath(resolved_path, path, _MAX_PATH);
+return resolved_path;
+}
+#endif
+
+int qemu_open(const char *name, int flags, ...);
+int qemu_close(int fd);
+
+#endif /* QEMU_STDIO_H */
-- 
1.7.11.4

[Qemu-devel] [PATCH 10/24] qemu-config.h: include headers it needs

[Eduardo Habkost]

Include:
-  for FILE
- qemu-option.h for QemuOptsList

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qemu-config.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qemu-config.h b/qemu-config.h
index 5557562..812c4c5 100644
--- a/qemu-config.h
+++ b/qemu-config.h
@@ -1,6 +1,8 @@
 #ifndef QEMU_CONFIG_H
 #define QEMU_CONFIG_H
 
+#include 
+#include "qemu-option.h"
 #include "error.h"
 
 extern QemuOptsList qemu_fsdev_opts;
-- 
1.7.11.4

[Qemu-devel] [PATCH 07/24] qemu-fsdev-dummy.c: include module.h

[Eduardo Habkost]

module.h is where machine_init() is defined, but qemu-fsdev-dummy.c
doesn't include it.

The header is probably being included by accident because some other
headers are including qemu-common.h, but those headers should eventually
stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 fsdev/qemu-fsdev-dummy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fsdev/qemu-fsdev-dummy.c b/fsdev/qemu-fsdev-dummy.c
index 4e700dd..300f275 100644
--- a/fsdev/qemu-fsdev-dummy.c
+++ b/fsdev/qemu-fsdev-dummy.c
@@ -14,6 +14,7 @@
 #include 
 #include "qemu-fsdev.h"
 #include "qemu-config.h"
+#include "module.h"
 
 int qemu_fsdev_add(QemuOpts *opts)
 {
-- 
1.7.11.4

[Qemu-devel] [PATCH 04/24] move qemu_irq typedef out of cpu-common.h

[Eduardo Habkost]

From: Igor Mammedov 

it's necessary for making CPU child of DEVICE without
causing circular header deps.

Signed-off-by: Igor Mammedov 
[ehabkost: re-added the typedef to hw/irq.h after rebasing]
Signed-off-by: Eduardo Habkost 
---
Changes v1 (from Igor) -> v2 (sent by Eduardo):
 - Chunk adding typedef on hw/irq.h was not present, because of patch
   rebase against qdev header split patch

Changes v2 -> v3 (from Igor):
 - sysemu.h doesn't need irq.h since 013c2f150

Changes v3 -> v4 (from Eduardo):
 - re-added the typedef code to hw/irq.h, after rebasing the patch
---
 hw/arm-misc.h | 1 +
 hw/bt.h   | 2 ++
 hw/devices.h  | 2 ++
 hw/irq.h  | 2 ++
 hw/omap.h | 1 +
 hw/soc_dma.h  | 1 +
 hw/xen.h  | 1 +
 qemu-common.h | 1 -
 8 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/hw/arm-misc.h b/hw/arm-misc.h
index adb1665..d129678 100644
--- a/hw/arm-misc.h
+++ b/hw/arm-misc.h
@@ -12,6 +12,7 @@
 #define ARM_MISC_H 1
 
 #include "memory.h"
+#include "hw/irq.h"
 
 /* The CPU is also modeled as an interrupt controller.  */
 #define ARM_PIC_CPU_IRQ 0
diff --git a/hw/bt.h b/hw/bt.h
index a48b8d4..ebf6a37 100644
--- a/hw/bt.h
+++ b/hw/bt.h
@@ -23,6 +23,8 @@
  * along with this program; if not, see .
  */
 
+#include "hw/irq.h"
+
 /* BD Address */
 typedef struct {
 uint8_t b[6];
diff --git a/hw/devices.h b/hw/devices.h
index 1a55c1e..c60bcab 100644
--- a/hw/devices.h
+++ b/hw/devices.h
@@ -1,6 +1,8 @@
 #ifndef QEMU_DEVICES_H
 #define QEMU_DEVICES_H
 
+#include "hw/irq.h"
+
 /* ??? Not all users of this file can include cpu-common.h.  */
 struct MemoryRegion;
 
diff --git a/hw/irq.h b/hw/irq.h
index e640c10..610e6b7 100644
--- a/hw/irq.h
+++ b/hw/irq.h
@@ -3,6 +3,8 @@
 
 /* Generic IRQ/GPIO pin infrastructure.  */
 
+typedef struct IRQState *qemu_irq;
+
 typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
 
 void qemu_set_irq(qemu_irq irq, int level);
diff --git a/hw/omap.h b/hw/omap.h
index 8bd7c73..2b383ff 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -19,6 +19,7 @@
 #ifndef hw_omap_h
 #include "memory.h"
 # define hw_omap_h "omap.h"
+#include "hw/irq.h"
 
 # define OMAP_EMIFS_BASE   0x
 # define OMAP2_Q0_BASE 0x
diff --git a/hw/soc_dma.h b/hw/soc_dma.h
index 9340b8f..5948489 100644
--- a/hw/soc_dma.h
+++ b/hw/soc_dma.h
@@ -19,6 +19,7 @@
  */
 
 #include "memory.h"
+#include "hw/irq.h"
 
 struct soc_dma_s;
 struct soc_dma_ch_s;
diff --git a/hw/xen.h b/hw/xen.h
index d14e92d..e3cca7f 100644
--- a/hw/xen.h
+++ b/hw/xen.h
@@ -8,6 +8,7 @@
  */
 #include 
 
+#include "hw/irq.h"
 #include "qemu-common.h"
 
 /* xen-machine.c */
diff --git a/qemu-common.h b/qemu-common.h
index ea43bfa..6441bee 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -292,7 +292,6 @@ typedef struct PCIEPort PCIEPort;
 typedef struct PCIESlot PCIESlot;
 typedef struct MSIMessage MSIMessage;
 typedef struct SerialState SerialState;
-typedef struct IRQState *qemu_irq;
 typedef struct PCMCIACardState PCMCIACardState;
 typedef struct MouseTransformInfo MouseTransformInfo;
 typedef struct uWireSlave uWireSlave;
-- 
1.7.11.4

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Gerd Hoffmann]

On 11/09/12 10:50, Peter Maydell wrote:
> On 9 November 2012 10:42, Anthony Liguori  wrote:
>> While the abstract discussion is fun, it never hurts to be defensive.  I
>> agree the root cause is vmware-vga but checking in vnc doesn't hurt.
> 
> Defensive programming would suggest doing the clipping in the
> console.c layer. That sounds a reasonable plan to me (especially
> if we've hit similar problems multiple times in the past).

Fully agree, I'll cook up a patch as I'm touching that anyway.

Question is just whenever we'll go silently fixup stuff in console.c or
use assert()s to enforce callers getting this correct.  I'd tend to use
assert() as vmware-vga passing bogous stuff there IMHO indicates there
is a bug in vmware-vga.

cheers,
  Gerd

[Qemu-devel] [PATCH 15/24] qlist.h: do not include qemu-common.h

[Eduardo Habkost]

I don't know why it was including it, as I don't see any code that
depends on anything from qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qlist.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/qlist.h b/qlist.h
index ae776f9..7408947 100644
--- a/qlist.h
+++ b/qlist.h
@@ -15,7 +15,6 @@
 
 #include "qobject.h"
 #include "qemu-queue.h"
-#include "qemu-common.h"
 #include "qemu-queue.h"
 
 typedef struct QListEntry {
-- 
1.7.11.4

[Qemu-devel] [PATCH 24/24] qom: make CPU a child of DeviceState

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
[ehabkost: change CPU type declaration to hae TYPE_DEVICE as parent]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).
---
 include/qemu/cpu.h | 6 +++---
 qom/cpu.c  | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/include/qemu/cpu.h b/include/qemu/cpu.h
index 61b7698..bc004fd 100644
--- a/include/qemu/cpu.h
+++ b/include/qemu/cpu.h
@@ -20,7 +20,7 @@
 #ifndef QEMU_CPU_H
 #define QEMU_CPU_H
 
-#include "qemu/object.h"
+#include "hw/qdev-core.h"
 #include "qemu-thread.h"
 
 /**
@@ -46,7 +46,7 @@ typedef struct CPUState CPUState;
  */
 typedef struct CPUClass {
 /*< private >*/
-ObjectClass parent_class;
+DeviceClass parent_class;
 /*< public >*/
 
 void (*reset)(CPUState *cpu);
@@ -62,7 +62,7 @@ typedef struct CPUClass {
  */
 struct CPUState {
 /*< private >*/
-Object parent_obj;
+DeviceState parent_obj;
 /*< public >*/
 
 struct QemuThread *thread;
diff --git a/qom/cpu.c b/qom/cpu.c
index 5b36046..f59db7d 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -20,6 +20,7 @@
 
 #include "qemu/cpu.h"
 #include "qemu-common.h"
+#include "hw/qdev-core.h"
 
 void cpu_reset(CPUState *cpu)
 {
@@ -43,7 +44,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 
 static TypeInfo cpu_type_info = {
 .name = TYPE_CPU,
-.parent = TYPE_OBJECT,
+.parent = TYPE_DEVICE,
 .instance_size = sizeof(CPUState),
 .abstract = true,
 .class_size = sizeof(CPUClass),
-- 
1.7.11.4

[Qemu-devel] [PATCH 20/24] qdev: add stub vmstate handling to qdev.c

[Eduardo Habkost]

Add GCC_WEAK vmstate symbols to qdev.c, so that qdev.o can be used
without savevm.o (i.e. by *-user).

Signed-off-by: Eduardo Habkost 
---
Originally submitted as:
  Subject: qdev-core: isolate vmstate handling into separate functions

Changes v1 -> v2:
 - Add GCC_WEAK_DECL to function declarations

Changes v2 -> v3:
 - Make vmstate_register_with_alias_id()/vmstate_unregister()
   have GCC_WEAK versions, instead of creating a new function
 - Kept qdev_get_vmsd() inside qdev.c
---
 hw/qdev.c | 21 +
 vmstate.h |  6 --
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/hw/qdev.c b/hw/qdev.c
index c242097..fe4de96 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -76,6 +76,27 @@ void qemu_devices_reset(void)
 }
 }
 
+/* vmstate register/unregister:
+ *
+ * The real implementations are on qdev-system.c and savevm.c.
+ * Those are weak symbols used by *-user.
+ */
+
+GCC_WEAK int vmstate_register_with_alias_id(DeviceState *dev,
+int instance_id,
+const VMStateDescription *vmsd,
+void *base, int alias_id,
+int required_for_version)
+{
+return 0;
+}
+
+GCC_WEAK void vmstate_unregister(DeviceState *dev,
+ const VMStateDescription *vmsd,
+ void *opaque)
+{
+}
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
diff --git a/vmstate.h b/vmstate.h
index 623af0a..7a56b88 100644
--- a/vmstate.h
+++ b/vmstate.h
@@ -624,11 +624,13 @@ void vmstate_save_state(QEMUFile *f, const 
VMStateDescription *vmsd,
 void *opaque);
 int vmstate_register(DeviceState *dev, int instance_id,
  const VMStateDescription *vmsd, void *base);
-int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
+
+/* The following functions have GCC_WEAK stubs on qdev-core, for *-user: */
+GCC_WEAK_DECL int vmstate_register_with_alias_id(DeviceState *dev, int 
instance_id,
const VMStateDescription *vmsd,
void *base, int alias_id,
int required_for_version);
-void vmstate_unregister(DeviceState *dev, const VMStateDescription *vmsd,
+GCC_WEAK_DECL void vmstate_unregister(DeviceState *dev, const 
VMStateDescription *vmsd,
 void *opaque);
 
 struct MemoryRegion;
-- 
1.7.11.4

[Qemu-devel] [PATCH 08/24] vnc-palette.h: include

[Eduardo Habkost]

 is needed for the 'bool' type, used in the header.

The header is probably being included by accident because some other
headers are including qemu-common.h, but those headers should eventually
stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 ui/vnc-palette.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ui/vnc-palette.h b/ui/vnc-palette.h
index 3260885..b82dc5d 100644
--- a/ui/vnc-palette.h
+++ b/ui/vnc-palette.h
@@ -32,6 +32,7 @@
 #include "qlist.h"
 #include "qemu-queue.h"
 #include 
+#include 
 
 #define VNC_PALETTE_HASH_SIZE 256
 #define VNC_PALETTE_MAX_SIZE  256
-- 
1.7.11.4

[Qemu-devel] [PATCH 19/24] qdev: move reset handler list from vl.c to qdev.c

[Eduardo Habkost]

The core qdev code uses the reset handler list from vl.c, so move
qemu_register_reset(), qemu_unregister_reset() and qemu_devices_reset()
to qdev.c.

The function declarations were moved to a new qdev-reset.h file, that is
included by hw.h to keep compatibility, so we don't need to change all
files that use qemu_register_reset().

Signed-off-by: Eduardo Habkost 
---
 hw/hw.h |  6 +-
 hw/qdev-reset.h | 11 +++
 hw/qdev.c   | 41 +
 hw/qdev.h   |  1 +
 sysemu.h|  1 -
 vl.c| 40 
 6 files changed, 54 insertions(+), 46 deletions(-)
 create mode 100644 hw/qdev-reset.h

diff --git a/hw/hw.h b/hw/hw.h
index f530f6f..622a157 100644
--- a/hw/hw.h
+++ b/hw/hw.h
@@ -14,6 +14,7 @@
 #include "qemu-file.h"
 #include "vmstate.h"
 #include "qemu-log.h"
+#include "qdev-reset.h"
 
 #ifdef NEED_CPU_H
 #if TARGET_LONG_BITS == 64
@@ -37,11 +38,6 @@
 #endif
 #endif
 
-typedef void QEMUResetHandler(void *opaque);
-
-void qemu_register_reset(QEMUResetHandler *func, void *opaque);
-void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
-
 /* handler to set the boot_device order for a specific type of QEMUMachine */
 /* return 0 if success */
 typedef int QEMUBootSetHandler(void *opaque, const char *boot_devices);
diff --git a/hw/qdev-reset.h b/hw/qdev-reset.h
new file mode 100644
index 000..40ae9a5
--- /dev/null
+++ b/hw/qdev-reset.h
@@ -0,0 +1,11 @@
+/* Device reset handler function registration, used by qdev */
+#ifndef QDEV_RESET_H
+#define QDEV_RESET_H
+
+typedef void QEMUResetHandler(void *opaque);
+
+void qemu_register_reset(QEMUResetHandler *func, void *opaque);
+void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
+void qemu_devices_reset(void);
+
+#endif /* QDEV_RESET_H */
diff --git a/hw/qdev.c b/hw/qdev.c
index 2cc6434..c242097 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -35,6 +35,47 @@ int qdev_hotplug = 0;
 static bool qdev_hot_added = false;
 static bool qdev_hot_removed = false;
 
+typedef struct QEMUResetEntry {
+QTAILQ_ENTRY(QEMUResetEntry) entry;
+QEMUResetHandler *func;
+void *opaque;
+} QEMUResetEntry;
+
+static QTAILQ_HEAD(reset_handlers, QEMUResetEntry) reset_handlers =
+QTAILQ_HEAD_INITIALIZER(reset_handlers);
+
+void qemu_register_reset(QEMUResetHandler *func, void *opaque)
+{
+QEMUResetEntry *re = g_malloc0(sizeof(QEMUResetEntry));
+
+re->func = func;
+re->opaque = opaque;
+QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
+}
+
+void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
+{
+QEMUResetEntry *re;
+
+QTAILQ_FOREACH(re, &reset_handlers, entry) {
+if (re->func == func && re->opaque == opaque) {
+QTAILQ_REMOVE(&reset_handlers, re, entry);
+g_free(re);
+return;
+}
+}
+}
+
+void qemu_devices_reset(void)
+{
+QEMUResetEntry *re, *nre;
+
+/* reset all devices */
+QTAILQ_FOREACH_SAFE(re, &reset_handlers, entry, nre) {
+re->func(re->opaque);
+}
+}
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
diff --git a/hw/qdev.h b/hw/qdev.h
index 365b8d6..2487b3b 100644
--- a/hw/qdev.h
+++ b/hw/qdev.h
@@ -5,5 +5,6 @@
 #include "qdev-core.h"
 #include "qdev-properties.h"
 #include "qdev-monitor.h"
+#include "qdev-reset.h"
 
 #endif
diff --git a/sysemu.h b/sysemu.h
index ab1ef8b..51f19cc 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -57,7 +57,6 @@ void qemu_system_vmstop_request(RunState reason);
 int qemu_shutdown_requested_get(void);
 int qemu_reset_requested_get(void);
 void qemu_system_killed(int signal, pid_t pid);
-void qemu_devices_reset(void);
 void qemu_system_reset(bool report);
 
 void qemu_add_exit_notifier(Notifier *notify);
diff --git a/vl.c b/vl.c
index 4f03a72..c7448a2 100644
--- a/vl.c
+++ b/vl.c
@@ -1456,14 +1456,6 @@ void vm_start(void)
 
 /* reset/shutdown handler */
 
-typedef struct QEMUResetEntry {
-QTAILQ_ENTRY(QEMUResetEntry) entry;
-QEMUResetHandler *func;
-void *opaque;
-} QEMUResetEntry;
-
-static QTAILQ_HEAD(reset_handlers, QEMUResetEntry) reset_handlers =
-QTAILQ_HEAD_INITIALIZER(reset_handlers);
 static int reset_requested;
 static int shutdown_requested, shutdown_signal = -1;
 static pid_t shutdown_pid;
@@ -1560,38 +1552,6 @@ static bool qemu_vmstop_requested(RunState *r)
 return false;
 }
 
-void qemu_register_reset(QEMUResetHandler *func, void *opaque)
-{
-QEMUResetEntry *re = g_malloc0(sizeof(QEMUResetEntry));
-
-re->func = func;
-re->opaque = opaque;
-QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
-}
-
-void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
-{
-QEMUResetEntry *re;
-
-QTAILQ_FOREACH(re, &reset_handlers, entry) {
-if (re->func == func && re->opaque == opaque) {
-QTAILQ_REMOVE(&reset_handlers, re, entry);
-g_free(re);
-return;
-}
-}
-

[Qemu-devel] [PATCH 23/24] include qdev code into *-user, too

[Eduardo Habkost]

The code depends on some functions from qemu-option.o, so add
qemu-option.o to universal-obj-y to make sure it's included.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
 - Keep files on the hw/ directory
   (it's simply easier to keep them there, as qdev.o depends on irq.o)
 - Add a $(hw-core-obj-y) variable to Makefile.objs for the qdev core code
 - Add irq.o to the list of core qdev files
   (as now the gpio code is being kept inside qdev.c)
---
 Makefile.objs| 8 
 hw/Makefile.objs | 8 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index 593a592..be3c8ef 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -18,6 +18,13 @@ qom-obj-y = qom/
 universal-obj-y += $(qom-obj-y)
 
 ###
+# Core hw code (qdev core)
+hw-core-obj-y += hw/
+hw-core-obj-y += qemu-option.o
+
+universal-obj-y += $(hw-core-obj-y)
+
+###
 # oslib-obj-y is code depending on the OS (win32 vs posix)
 oslib-obj-y = osdep.o cutils.o qemu-timer-common.o
 oslib-obj-$(CONFIG_WIN32) += oslib-win32.o qemu-thread-win32.o
@@ -244,5 +251,6 @@ nested-vars += \
block-obj-y \
user-obj-y \
common-obj-y \
+   hw-core-obj-y \
extra-obj-y
 dummy := $(call unnest-vars)
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 4833b90..2c931e9 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -1,3 +1,8 @@
+# core qdev-related obj files, also used by *-user:
+hw-core-obj-y += qdev.o qdev-properties.o
+# irq.o needed for qdev GPIO handling:
+hw-core-obj-y += irq.o
+
 common-obj-y = usb/ ide/
 common-obj-y += loader.o
 common-obj-$(CONFIG_VIRTIO) += virtio-console.o
@@ -155,7 +160,6 @@ common-obj-$(CONFIG_SOUND) += $(sound-obj-y)
 common-obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/
 
 common-obj-y += usb/
-common-obj-y += irq.o
 common-obj-$(CONFIG_PTIMER) += ptimer.o
 common-obj-$(CONFIG_MAX7310) += max7310.o
 common-obj-$(CONFIG_WM8750) += wm8750.o
@@ -181,7 +185,7 @@ common-obj-$(CONFIG_SD) += sd.o
 common-obj-y += bt.o bt-l2cap.o bt-sdp.o bt-hci.o bt-hid.o
 common-obj-y += bt-hci-csr.o
 common-obj-y += msmouse.o ps2.o
-common-obj-y += qdev.o qdev-properties.o qdev-monitor.o
+common-obj-y += qdev-monitor.o
 common-obj-y += qdev-properties-system.o
 common-obj-$(CONFIG_BRLAPI) += baum.o
 
-- 
1.7.11.4

[Qemu-devel] [PATCH 01/24] user: move *-user/qemu-types.h to main directory

[Eduardo Habkost]

The bsd-user/qemu-types.h and linux-user/qemu-types.h files are almost
the same, but linux-user have the additional definitions of tswapal().

This moves the linux-user file to the main directory, so the same file
can be used by linux-user and bsd-user.

Signed-off-by: Eduardo Habkost 
---
Cc: Blue Swirl 
Cc: Riku Voipio 
---
 bsd-user/qemu-types.h   | 24 
 linux-user/qemu-types.h => qemu-types.h |  0
 2 files changed, 24 deletions(-)
 delete mode 100644 bsd-user/qemu-types.h
 rename linux-user/qemu-types.h => qemu-types.h (100%)

diff --git a/bsd-user/qemu-types.h b/bsd-user/qemu-types.h
deleted file mode 100644
index 1adda9f..000
--- a/bsd-user/qemu-types.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef QEMU_TYPES_H
-#define QEMU_TYPES_H
-#include "cpu.h"
-
-#ifdef TARGET_ABI32
-typedef uint32_t abi_ulong;
-typedef int32_t abi_long;
-#define TARGET_ABI_FMT_lx "%08x"
-#define TARGET_ABI_FMT_ld "%d"
-#define TARGET_ABI_FMT_lu "%u"
-#define TARGET_ABI_BITS 32
-#else
-typedef target_ulong abi_ulong;
-typedef target_long abi_long;
-#define TARGET_ABI_FMT_lx TARGET_FMT_lx
-#define TARGET_ABI_FMT_ld TARGET_FMT_ld
-#define TARGET_ABI_FMT_lu TARGET_FMT_lu
-#define TARGET_ABI_BITS TARGET_LONG_BITS
-/* for consistency, define ABI32 too */
-#if TARGET_ABI_BITS == 32
-#define TARGET_ABI32 1
-#endif
-#endif
-#endif
diff --git a/linux-user/qemu-types.h b/qemu-types.h
similarity index 100%
rename from linux-user/qemu-types.h
rename to qemu-types.h
-- 
1.7.11.4

[Qemu-devel] [PATCH] MAINTAINERS: add Stefan Hajnoczi as block and virtio-blk co-maintainer

[Stefan Hajnoczi]

Kevin has requested co-maintainership to give him more time to write
code.  We will alternate patch review duties on a weekly basis.

Signed-off-by: Stefan Hajnoczi 
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 8f5681f..2ede20d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -553,6 +553,7 @@ T: git git://github.com/kvaneesh/QEMU.git
 
 virtio-blk
 M: Kevin Wolf 
+M: Stefan Hajnoczi 
 S: Supported
 F: hw/virtio-blk*
 
@@ -583,6 +584,7 @@ F: audio/
 
 Block
 M: Kevin Wolf 
+M: Stefan Hajnoczi 
 S: Supported
 F: block*
 F: block/
-- 
1.7.12.1

[Qemu-devel] [PATCH 2/3] virtio-rng: remove extra request for entropy

[Amit Shah]

If we just got a few bytes from the backends, but the guest is ready to
accept more, don't poke the backends once more for more bytes; it
already knows (from the request in handle_input()).

Signed-off-by: Amit Shah 
---
 hw/virtio-rng.c |   10 --
 1 files changed, 0 insertions(+), 10 deletions(-)

diff --git a/hw/virtio-rng.c b/hw/virtio-rng.c
index 42ac30b..bb19cfa 100644
--- a/hw/virtio-rng.c
+++ b/hw/virtio-rng.c
@@ -70,16 +70,6 @@ static void chr_read(void *opaque, const void *buf, size_t 
size)
 virtqueue_push(vrng->vq, &elem, len);
 }
 virtio_notify(&vrng->vdev, vrng->vq);
-
-/*
- * Lastly, if we had multiple elems queued by the guest, and we
- * didn't have enough data to fill them all, indicate we want more
- * data.
- */
-len = pop_an_elem(vrng);
-if (len) {
-rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
-}
 }
 
 static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
-- 
1.7.7.6

[Qemu-devel] [PATCH 1/3] virtio-rng: use virtqueue_get_avail_bytes, fix migration

[Amit Shah]

Popping an elem from the vq just to find out its length causes problems
with save/load later on.  Use the new virtqueue_get_avail_bytes()
function instead, saves us the complexity in the migration code.

Signed-off-by: Amit Shah 
---
 hw/virtio-rng.c |   69 +++---
 1 files changed, 9 insertions(+), 60 deletions(-)

diff --git a/hw/virtio-rng.c b/hw/virtio-rng.c
index b7fb5e9..42ac30b 100644
--- a/hw/virtio-rng.c
+++ b/hw/virtio-rng.c
@@ -22,14 +22,10 @@ typedef struct VirtIORNG {
 
 /* Only one vq - guest puts buffer(s) on it when it needs entropy */
 VirtQueue *vq;
-VirtQueueElement elem;
 
 /* Config data for the device -- currently only chardev */
 VirtIORNGConf *conf;
 
-/* Whether we've popped a vq element into 'elem' above */
-bool popped;
-
 RngBackend *rng;
 } VirtIORNG;
 
@@ -42,23 +38,19 @@ static bool is_guest_ready(VirtIORNG *vrng)
 return false;
 }
 
-static size_t pop_an_elem(VirtIORNG *vrng)
+static size_t get_request_size(VirtQueue *vq)
 {
-size_t size;
+unsigned int in, out;
 
-if (!vrng->popped && !virtqueue_pop(vrng->vq, &vrng->elem)) {
-return 0;
-}
-vrng->popped = true;
-
-size = iov_size(vrng->elem.in_sg, vrng->elem.in_num);
-return size;
+virtqueue_get_avail_bytes(vq, &in, &out);
+return in;
 }
 
 /* Send data from a char device over to the guest */
 static void chr_read(void *opaque, const void *buf, size_t size)
 {
 VirtIORNG *vrng = opaque;
+VirtQueueElement elem;
 size_t len;
 int offset;
 
@@ -68,15 +60,14 @@ static void chr_read(void *opaque, const void *buf, size_t 
size)
 
 offset = 0;
 while (offset < size) {
-if (!pop_an_elem(vrng)) {
+if (!virtqueue_pop(vrng->vq, &elem)) {
 break;
 }
-len = iov_from_buf(vrng->elem.in_sg, vrng->elem.in_num,
+len = iov_from_buf(elem.in_sg, elem.in_num,
0, buf + offset, size - offset);
 offset += len;
 
-virtqueue_push(vrng->vq, &vrng->elem, len);
-vrng->popped = false;
+virtqueue_push(vrng->vq, &elem, len);
 }
 virtio_notify(&vrng->vdev, vrng->vq);
 
@@ -96,7 +87,7 @@ static void handle_input(VirtIODevice *vdev, VirtQueue *vq)
 VirtIORNG *vrng = DO_UPCAST(VirtIORNG, vdev, vdev);
 size_t size;
 
-size = pop_an_elem(vrng);
+size = get_request_size(vq);
 if (size) {
 rng_backend_request_entropy(vrng->rng, size, chr_read, vrng);
 }
@@ -112,23 +103,6 @@ static void virtio_rng_save(QEMUFile *f, void *opaque)
 VirtIORNG *vrng = opaque;
 
 virtio_save(&vrng->vdev, f);
-
-qemu_put_byte(f, vrng->popped);
-if (vrng->popped) {
-int i;
-
-qemu_put_be32(f, vrng->elem.index);
-
-qemu_put_be32(f, vrng->elem.in_num);
-for (i = 0; i < vrng->elem.in_num; i++) {
-qemu_put_be64(f, vrng->elem.in_addr[i]);
-}
-
-qemu_put_be32(f, vrng->elem.out_num);
-for (i = 0; i < vrng->elem.out_num; i++) {
-qemu_put_be64(f, vrng->elem.out_addr[i]);
-}
-}
 }
 
 static int virtio_rng_load(QEMUFile *f, void *opaque, int version_id)
@@ -139,30 +113,6 @@ static int virtio_rng_load(QEMUFile *f, void *opaque, int 
version_id)
 return -EINVAL;
 }
 virtio_load(&vrng->vdev, f);
-
-vrng->popped = qemu_get_byte(f);
-if (vrng->popped) {
-int i;
-
-vrng->elem.index = qemu_get_be32(f);
-
-vrng->elem.in_num = qemu_get_be32(f);
-g_assert(vrng->elem.in_num < VIRTQUEUE_MAX_SIZE);
-for (i = 0; i < vrng->elem.in_num; i++) {
-vrng->elem.in_addr[i] = qemu_get_be64(f);
-}
-
-vrng->elem.out_num = qemu_get_be32(f);
-g_assert(vrng->elem.out_num < VIRTQUEUE_MAX_SIZE);
-for (i = 0; i < vrng->elem.out_num; i++) {
-vrng->elem.out_addr[i] = qemu_get_be64(f);
-}
-
-virtqueue_map_sg(vrng->elem.in_sg, vrng->elem.in_addr,
- vrng->elem.in_num, 1);
-virtqueue_map_sg(vrng->elem.out_sg, vrng->elem.out_addr,
- vrng->elem.out_num, 0);
-}
 return 0;
 }
 
@@ -195,7 +145,6 @@ VirtIODevice *virtio_rng_init(DeviceState *dev, 
VirtIORNGConf *conf)
 
 vrng->qdev = dev;
 vrng->conf = conf;
-vrng->popped = false;
 register_savevm(dev, "virtio-rng", -1, 1, virtio_rng_save,
 virtio_rng_load, vrng);
 
-- 
1.7.7.6

[Qemu-devel] [PATCH 0/3] Fixes for virtio-rng

[Amit Shah]

Hey Anthony,

Here are the fixes for the virtio-rng code -- ideally these should be
folded in the series before you merge, but if the original series is
ready to apply, these can go in as follow-on patches.


Amit Shah (3):
  virtio-rng: use virtqueue_get_avail_bytes, fix migration
  virtio-rng: remove extra request for entropy
  virtio-rng: fix typos, comments

 hw/virtio-rng.c|   80 ++--
 include/qemu/rng.h |6 ++--
 2 files changed, 12 insertions(+), 74 deletions(-)

-- 
1.7.7.6

[Qemu-devel] [PATCH 3/3] virtio-rng: fix typos, comments

[Amit Shah]

Fix typos and update comments to match current implementation.

Signed-off-by: Amit Shah 
---
 hw/virtio-rng.c|1 -
 include/qemu/rng.h |6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/virtio-rng.c b/hw/virtio-rng.c
index bb19cfa..290b2b6 100644
--- a/hw/virtio-rng.c
+++ b/hw/virtio-rng.c
@@ -23,7 +23,6 @@ typedef struct VirtIORNG {
 /* Only one vq - guest puts buffer(s) on it when it needs entropy */
 VirtQueue *vq;
 
-/* Config data for the device -- currently only chardev */
 VirtIORNGConf *conf;
 
 RngBackend *rng;
diff --git a/include/qemu/rng.h b/include/qemu/rng.h
index 7e9d672..9836463 100644
--- a/include/qemu/rng.h
+++ b/include/qemu/rng.h
@@ -61,10 +61,10 @@ struct RngBackend
  * This function is used by the front-end to request entropy from an entropy
  * source.  This function can be called multiple times before @receive_entropy
  * is invoked with different values of @receive_entropy and @opaque.  The
- * backend will queue each request and handle appropriate.
+ * backend will queue each request and handle appropriately.
  *
  * The backend does not need to pass the full amount of data to 
@receive_entropy
- * but will pass at a value greater than 0.
+ * but will pass a a value greater than 0.
  */
 void rng_backend_request_entropy(RngBackend *s, size_t size,
  EntropyReceiveFunc *receive_entropy,
@@ -87,7 +87,7 @@ void rng_backend_cancel_requests(RngBackend *s);
  *
  * This function will open the backend if it is not already open.  Calling this
  * function on an already opened backend will not result in an error.
- */ 
+ */
 void rng_backend_open(RngBackend *s, Error **errp);
 
 #endif
-- 
1.7.7.6

[Qemu-devel] [PATCH 14/24] sysemu.h: include qemu-types.h instead of qemu-common.h

[Eduardo Habkost]

It just needs the Monitor and DeviceState typedefs, so it doesn't need
all of qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 sysemu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sysemu.h b/sysemu.h
index f5ac664..ab1ef8b 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -2,7 +2,7 @@
 #define SYSEMU_H
 /* Misc. things related to the system emulator.  */
 
-#include "qemu-common.h"
+#include "qemu-types.h"
 #include "qemu-option.h"
 #include "qemu-queue.h"
 #include "qemu-timer.h"
-- 
1.7.11.4

[Qemu-devel] [PATCH 13/24] create qemu-types.h for struct typedefs

[Eduardo Habkost]

Instead of keeping all those struct typedefs on qemu-common.h, move it
to a header that can be safely included by other headers, containing
only the struct typedefs and not pulling other dependencies.

Also, move some of the qdev-core.h typedefs to the new file, too, so
other headers don't need to include qdev-core.h only because of
DeviceState and other typedefs.

This will help us remove qemu-common.h dependencies from some headers
later.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
 - Rebased against latest qemu.git master
 - New typedefs: QEMUBH, QemuConsole
 - Old typedefs removed: DisplayAllocator, TextConsole, QEMUConsole
---
 hw/qdev-core.h | 11 +--
 qemu-common.h  | 52 +
 qemu-types.h   | 61 ++
 3 files changed, 63 insertions(+), 61 deletions(-)
 create mode 100644 qemu-types.h

diff --git a/hw/qdev-core.h b/hw/qdev-core.h
index fce9e22..494b687 100644
--- a/hw/qdev-core.h
+++ b/hw/qdev-core.h
@@ -3,20 +3,11 @@
 
 #include "qemu-queue.h"
 #include "qemu-option.h"
+#include "qemu-types.h"
 #include "qemu/object.h"
 #include "hw/irq.h"
 #include "error.h"
 
-typedef struct Property Property;
-
-typedef struct PropertyInfo PropertyInfo;
-
-typedef struct CompatProperty CompatProperty;
-
-typedef struct BusState BusState;
-
-typedef struct BusClass BusClass;
-
 enum DevState {
 DEV_STATE_CREATED = 1,
 DEV_STATE_INITIALIZED,
diff --git a/qemu-common.h b/qemu-common.h
index 5080382..1b4a12c 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -16,6 +16,7 @@
 #include "config-host.h"
 
 #include "qemu-stdio.h"
+#include "qemu-types.h"
 
 #if defined(__arm__) || defined(__sparc__) || defined(__mips__) || 
defined(__hppa__) || defined(__ia64__)
 #define WORDS_ALIGNED
@@ -23,15 +24,6 @@
 
 #define TFR(expr) do { if ((expr) != -1) break; } while (errno == EINTR)
 
-typedef struct QEMUTimer QEMUTimer;
-typedef struct QEMUFile QEMUFile;
-typedef struct QEMUBH QEMUBH;
-typedef struct DeviceState DeviceState;
-
-struct Monitor;
-typedef struct Monitor Monitor;
-typedef struct MigrationParams MigrationParams;
-
 /* we put basic includes here to avoid repeating them in device drivers */
 #include 
 #include 
@@ -205,48 +197,6 @@ struct ParallelIOArg {
 
 typedef int (*DMA_transfer_handler) (void *opaque, int nchan, int pos, int 
size);
 
-/* A load of opaque types so that device init declarations don't have to
-   pull in all the real definitions.  */
-typedef struct NICInfo NICInfo;
-typedef struct HCIInfo HCIInfo;
-typedef struct AudioState AudioState;
-typedef struct BlockDriverState BlockDriverState;
-typedef struct DriveInfo DriveInfo;
-typedef struct DisplayState DisplayState;
-typedef struct DisplayChangeListener DisplayChangeListener;
-typedef struct DisplaySurface DisplaySurface;
-typedef struct PixelFormat PixelFormat;
-typedef struct QemuConsole QemuConsole;
-typedef struct CharDriverState CharDriverState;
-typedef struct MACAddr MACAddr;
-typedef struct NetClientState NetClientState;
-typedef struct i2c_bus i2c_bus;
-typedef struct ISABus ISABus;
-typedef struct ISADevice ISADevice;
-typedef struct SMBusDevice SMBusDevice;
-typedef struct PCIHostState PCIHostState;
-typedef struct PCIExpressHost PCIExpressHost;
-typedef struct PCIBus PCIBus;
-typedef struct PCIDevice PCIDevice;
-typedef struct PCIExpressDevice PCIExpressDevice;
-typedef struct PCIBridge PCIBridge;
-typedef struct PCIEAERMsg PCIEAERMsg;
-typedef struct PCIEAERLog PCIEAERLog;
-typedef struct PCIEAERErr PCIEAERErr;
-typedef struct PCIEPort PCIEPort;
-typedef struct PCIESlot PCIESlot;
-typedef struct MSIMessage MSIMessage;
-typedef struct SerialState SerialState;
-typedef struct PCMCIACardState PCMCIACardState;
-typedef struct MouseTransformInfo MouseTransformInfo;
-typedef struct uWireSlave uWireSlave;
-typedef struct I2SCodec I2SCodec;
-typedef struct SSIBus SSIBus;
-typedef struct EventNotifier EventNotifier;
-typedef struct VirtIODevice VirtIODevice;
-typedef struct QEMUSGList QEMUSGList;
-typedef struct SHPCDevice SHPCDevice;
-
 typedef uint64_t pcibus_t;
 
 typedef enum LostTickPolicy {
diff --git a/qemu-types.h b/qemu-types.h
new file mode 100644
index 000..fd532a2
--- /dev/null
+++ b/qemu-types.h
@@ -0,0 +1,61 @@
+#ifndef QEMU_TYPEDEFS_H
+#define QEMU_TYPEDEFS_H
+
+/* A load of opaque types so that device init declarations don't have to
+   pull in all the real definitions.  */
+typedef struct QEMUTimer QEMUTimer;
+typedef struct QEMUFile QEMUFile;
+typedef struct QEMUBH QEMUBH;
+
+struct Monitor;
+typedef struct Monitor Monitor;
+typedef struct MigrationParams MigrationParams;
+
+typedef struct Property Property;
+typedef struct PropertyInfo PropertyInfo;
+typedef struct CompatProperty CompatProperty;
+typedef struct DeviceState DeviceState;
+typedef struct BusState BusState;
+typedef struct BusClass BusClass;
+
+typedef struct NICInfo NICInfo;
+typedef struct HCIInfo HCIInfo;
+typedef struct AudioStat

[Qemu-devel] [PATCH 17/24] qdev-properties.c: add copyright/license information

[Eduardo Habkost]

Add copyright and license information, based on git log,
and discussion at:

 http://article.gmane.org/gmane.comp.emulators.qemu/176405
 Message-ID: <20121017201414.ga5...@otherpad.lan.raisama.net>

The list of Copyright owners is huge, but I didn't think I really could
leave any of the authors out of the list.

Signed-off-by: Eduardo Habkost 
---
The only reason I am doing this is because:
 - I am going to mvoe some of the qdev-properties.c file to another file
 - I need to add a copyright/license header to the new file.
   See http://article.gmane.org/gmane.comp.emulators.qemu/176367
 - So, I need to document the copyright/license of the current
   qdev-properties.c code

I would really love to avoid this whole archaeology/legalese work,
because I am not a lawyer. I am only doing that because of the "new
files should have a copyright header" requirement.

Cc: Amit Shah 
Cc: Anthony Liguori 
Cc: Anthony PERARD 
Cc: Blue Swirl 
Cc: Christian Borntraeger 
Cc: Christoph Egger 
Cc: David 'Digit' Turner 
Cc: Donald Dutile 
Cc: dunrong huang 
Cc: Gerd Hoffmann 
Cc: Isaku Yamahata 
Cc: Jan Kiszka 
Cc: Jan Kiszka 
Cc: Juan Quintela 
Cc: Kevin Wolf 
Cc: Kusanagi Kouichi 
Cc: Markus Armbruster 
Cc: Michael Roth 
Cc: Michael S. Tsirkin 
Cc: Paolo Bonzini 
Cc: Stefan Hajnoczi 
Cc: Stefan Weil 
Cc: Stefan Weil 
Cc: Zhi Yong Wu 
---
 hw/qdev-properties.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 81d901c..ff5aa0a 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -1,3 +1,33 @@
+/*
+ * qdev property parsing and global properties
+ *
+ * Copyright (c) 2009-2010 Gerd Hoffmann 
+ * Copyright (c) 2009 Christoph Egger 
+ * Copyright (c) 2009-2010 Blue Swirl 
+ * Copyright (c) 2009 Juan Quintela 
+ * Copyright (c) 2010 Michael S. Tsirkin 
+ * Copyright (c) 2010,2012 Stefan Weil 
+ * Copyright (c) 2010-2012 Markus Armbruster 
+ * Copyright (c) 2010 Kevin Wolf 
+ * Copyright (c) 2010 Isaku Yamahata 
+ * Copyright (c) 2011 David 'Digit' Turner 
+ * Copyright (c) 2011-2012 Amit Shah 
+ * Copyright (c) 2011 Kusanagi Kouichi 
+ * Copyright (c) 2011-2012 Anthony Liguori 
+ * Copyright (c) 2011 Donald Dutile 
+ * Copyright (c) 2011-2012 Jan Kiszka 
+ * Copyright (c) 2011-2012 Paolo Bonzini 
+ * Copyright (c) 2012 Stefan Hajnoczi 
+ * Copyright (c) 2012 dunrong huang 
+ * Copyright (c) 2012 Michael Roth 
+ * Copyright (c) 2012 Anthony PERARD 
+ * Copyright (c) 2012 Christian Borntraeger 
+ * Copyright (c) 2012 Zhi Yong Wu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
 #include "net.h"
 #include "qdev.h"
 #include "qerror.h"
-- 
1.7.11.4

[Qemu-devel] [PATCH 22/24] qdev-properties.c: separate core from the code used only by qemu-system-*

[Eduardo Habkost]

This separates the qdev properties code in two parts:
 - qdev-properties.c, that contains most of the qdev properties code;
 - qdev-properties-system.c for code specific for qemu-system-*,
   containing:
   - Property types: drive, chr, netdev, vlan, that depend on code that
 won't be included on *-user
   - qemu_add_globals(), that depends on qemu-config.o.

This change should help on two things:
 - Allowing DeviceState to be used by *-user without pulling
   dependencies that are specific for qemu-system-*;
 - Writing qdev unit tests without pulling too many dependencies.

The copyright/license header for the new file is directly copied from
qdev-properties.c.

Signed-off-by: Eduardo Habkost 
[imammedo: keep qdev_get_child_bus() in hw/qdev.c]
[imammedo: put qdev_set_nic_properties() in hw/qdev-properties-system.c]
Signed-off-by: Igor Mammedov 
[ehabkost: updated the qdev_init_gpio_in() code on qdev-system.c to current
 version]
[ehabkost: added copyright/license information to new qdev*-system.c files]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).

Detailed changelog:

Changes v1 (ehabkost) -> v2 (imammedo):
 - keep qdev_get_child_bus() in hw/qdev.c
 - put qdev_set_nic_properties() in hw/qdev-properties-system.c

Changes v2 -> v3 (ehabkost):
 - updated the qdev_init_gpio_in() code on qdev-system.c to current
   version

Changes v3 -> v4 (ehabkost):
 - Added copyright/license information to qdev-properties-system.c
   (based on copyright/license of qdev-properties.c)
 - Whitespace change at the end of qdev-properties.c
 - Don't create qdev-system.c, now we can keep the qdev.c code as-is
   as the qdev.c dependencies were reduced
 - Rewrite patch description
---
 hw/Makefile.objs|   1 +
 hw/qdev-properties-system.c | 371 
 hw/qdev-properties.c| 321 +-
 hw/qdev-properties.h|   1 +
 hw/qdev.c   |  13 --
 5 files changed, 374 insertions(+), 333 deletions(-)
 create mode 100644 hw/qdev-properties-system.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index af4ab0c..4833b90 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -182,6 +182,7 @@ common-obj-y += bt.o bt-l2cap.o bt-sdp.o bt-hci.o bt-hid.o
 common-obj-y += bt-hci-csr.o
 common-obj-y += msmouse.o ps2.o
 common-obj-y += qdev.o qdev-properties.o qdev-monitor.o
+common-obj-y += qdev-properties-system.o
 common-obj-$(CONFIG_BRLAPI) += baum.o
 
 # xen backend driver support
diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c
new file mode 100644
index 000..d7ea4e3
--- /dev/null
+++ b/hw/qdev-properties-system.c
@@ -0,0 +1,371 @@
+/*
+ * qdev property parsing and global properties
+ * (parts specific for qemu-system-*)
+ *
+ * Copyright (c) 2009-2010 Gerd Hoffmann 
+ * Copyright (c) 2009 Christoph Egger 
+ * Copyright (c) 2009-2010 Blue Swirl 
+ * Copyright (c) 2009 Juan Quintela 
+ * Copyright (c) 2010 Michael S. Tsirkin 
+ * Copyright (c) 2010,2012 Stefan Weil 
+ * Copyright (c) 2010-2012 Markus Armbruster 
+ * Copyright (c) 2010 Kevin Wolf 
+ * Copyright (c) 2010 Isaku Yamahata 
+ * Copyright (c) 2011 David 'Digit' Turner 
+ * Copyright (c) 2011-2012 Amit Shah 
+ * Copyright (c) 2011 Kusanagi Kouichi 
+ * Copyright (c) 2011-2012 Anthony Liguori 
+ * Copyright (c) 2011 Donald Dutile 
+ * Copyright (c) 2011-2012 Jan Kiszka 
+ * Copyright (c) 2011-2012 Paolo Bonzini 
+ * Copyright (c) 2012 Stefan Hajnoczi 
+ * Copyright (c) 2012 dunrong huang 
+ * Copyright (c) 2012 Michael Roth 
+ * Copyright (c) 2012 Anthony PERARD 
+ * Copyright (c) 2012 Christian Borntraeger 
+ * Copyright (c) 2012 Zhi Yong Wu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "net.h"
+#include "qdev.h"
+#include "qerror.h"
+#include "blockdev.h"
+#include "hw/block-common.h"
+#include "net/hub.h"
+#include "qapi/qapi-visit-core.h"
+
+static void get_pointer(Object *obj, Visitor *v, Property *prop,
+const char *(*print)(void *ptr),
+const char *name, Error **errp)
+{
+DeviceState *dev = DEVICE(obj);
+void **ptr = qdev_get_prop_ptr(dev, prop);
+char *p;
+
+p = (char *) (*ptr ? print(*ptr) : "");
+visit_type_str(v, &p, name, errp);
+}
+
+static void set_pointer(Object *obj, Visitor *v, Property *prop,
+int (*parse)(DeviceState *dev, const char *str,
+ void **ptr),
+const char *name, Error **errp)
+{
+DeviceState *dev = DEVICE(obj);
+Error *local_err = NULL;
+void **ptr = qdev_get_prop_ptr(dev, prop);
+char *str;
+int ret;
+
+if (dev->state != DEV_STATE_CR

[Qemu-devel] [PATCH 00/24] CPU DeviceState v6

[Eduardo Habkost]

Changes on v6:
 - Simple rebase against latest qemu.git master
 - Patch 13: some new typedefs were added and others were removed
 - Patch 19: trivial rebase

v5:
 - Tons of header cleanups just to eliminate qlist.h <-> cpu-common.h circular
   dependency (patches 1-17)
 - Add copyright/license information to qdev-properties.c (patch 17)
 - Add copyright/license information to qdev-properties-system.c (patch 22)
 - use error_report()+abort() instead of hw_error() on qdev.c (patch 18)
 - Move qemu_[un]register_reset() and qemu_devices_reset() to qdev-core.c
   (patch 19)
 - Make vmstate_[un]register() weak stubs, instead of a new function (patch 20)
 - Make sysbus_get_default() weak stub, instead of new qbus reset (un)register
   functions (patch 21)
 - Eliminate qdev-system.c (all code is kept on qdev.c, now) (patch 22)

v4:
  - Add GCC_WEAK_DECL to functions that have GCC_WEAK versions
  - Updated the qdev_init_gpio_in() code on qdev-system.c to current version
  - Patch description updates (moved changelog below "---" and/or move info
about changes made by different authors between SoB lines)
v3 (submitted by Igor):
  - rebased on top of 8b4a3df (today's master)
  - slight code reshuffling in (see commit's changelog)
 "qdev: separate core from the code used only by qemu-system-*"
 "move qemu_irq typedef out of cpu-common.h"
  - commit messages cleanup
v2:
  Rremoves the CONFIG_USER_ONLY ifdefs, and use weak symbols to move
  the vmstate and qemu_register_reset() handling to qdev-system.c

git tree for testing:
  https://github.com/ehabkost/qemu-hacks/tree/cpu_qdev.v5

References to previous versions:
  v5: http://article.gmane.org/gmane.comp.emulators.qemu/177426
  v4: http://article.gmane.org/gmane.comp.emulators.qemu/176127
  v3: http://article.gmane.org/gmane.comp.emulators.qemu/175980
  v2: http://article.gmane.org/gmane.comp.emulators.qemu/173909
  v1: http://article.gmane.org/gmane.comp.emulators.qemu/166630



Anthony Liguori (1):
  qdev: split up header so it can be used in cpu.h

Eduardo Habkost (20):
  user: move *-user/qemu-types.h to main directory
  user: rename qemu-types.h to qemu-user-types.h
  qemu-common.h: comment about usage rules
  move I/O-related definitions from qemu-common.h to a new header
(qemu-stdio.h)
  qemu-fsdev-dummy.c: include module.h
  vnc-palette.h: include 
  ui/vnc-pallete.c: include headers it needs
  qemu-config.h: include headers it needs
  qapi/qmp-registry.c: include headers it needs
  qga/channel-posix.c: include headers it needs
  create qemu-types.h for struct typedefs
  sysemu.h: include qemu-types.h instead of qemu-common.h
  qlist.h: do not include qemu-common.h
  qdev-properties.c: add copyright/license information
  qdev: qdev_create(): use error_report() instead of hw_error()
  qdev: move reset handler list from vl.c to qdev.c
  qdev: add stub vmstate handling to qdev.c
  qdev: add sysbus_get_default() GCC_WEAK stub
  qdev-properties.c: separate core from the code used only by
qemu-system-*
  include qdev code into *-user, too

Igor Mammedov (3):
  move qemu_irq typedef out of cpu-common.h
  qapi-types.h: don't include qemu-common.h
  qom: make CPU a child of DeviceState

 Makefile.objs|   8 +
 bsd-user/qemu-types.h|  24 --
 bsd-user/qemu.h  |   2 +-
 cpu-all.h|   2 +-
 fsdev/qemu-fsdev-dummy.c |   1 +
 hw/Makefile.objs |   9 +-
 hw/arm-misc.h|   1 +
 hw/bt.h  |   2 +
 hw/devices.h |   2 +
 hw/hw.h  |   6 +-
 hw/irq.h |   2 +
 hw/mc146818rtc.c |   1 +
 hw/omap.h|   1 +
 hw/qdev-addr.c   |   1 +
 hw/qdev-core.h   | 229 +
 hw/qdev-monitor.h|  16 ++
 hw/qdev-properties-system.c  | 371 +++
 hw/qdev-properties.c | 352 +++--
 hw/qdev-properties.h | 131 ++
 hw/qdev-reset.h  |  11 +
 hw/qdev.c|  96 +--
 hw/qdev.h| 371 +--
 hw/soc_dma.h |   1 +
 hw/xen.h |   1 +
 include/qemu/cpu.h   |   6 +-
 linux-user/qemu.h|   2 +-
 qapi/qmp-registry.c  |   2 +
 qemu-common.h| 123 +
 qemu-config.h|   2 +
 qemu-stdio.h |  76 ++
 qemu-types.h |  

[Qemu-devel] [PATCH 16/24] qapi-types.h: don't include qemu-common.h

[Eduardo Habkost]

From: Igor Mammedov 

needed to prevent build breakage when CPU becomes a child of DeviceState

Signed-off-by: Igor Mammedov 
[ehabkost: include  too]
Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message).

Changes v1 (from Igor) -> v2 (from Eduardo):
 - Include  too

Changes v2 -> v3 (from Eduardo):
 - Only commit description changes
---
 scripts/qapi-types.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index 1b84834..6bc2391 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -273,7 +273,8 @@ fdecl.write(mcgen('''
 #ifndef %(guard)s
 #define %(guard)s
 
-#include "qemu-common.h"
+#include 
+#include 
 
 ''',
   guard=guardname(h_file)))
-- 
1.7.11.4

[Qemu-devel] [PATCH 12/24] qga/channel-posix.c: include headers it needs

[Eduardo Habkost]

Include:
 -  for errno
 -  &  for fcntl()
 - "qemu-stdio.h" for qemu_open()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qga/channel-posix.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/qga/channel-posix.c b/qga/channel-posix.c
index d152827..2a68451 100644
--- a/qga/channel-posix.c
+++ b/qga/channel-posix.c
@@ -1,5 +1,9 @@
 #include 
 #include 
+#include 
+#include 
+#include 
+#include "qemu-stdio.h"
 #include "qemu_socket.h"
 #include "qga/channel.h"
 
-- 
1.7.11.4

[Qemu-devel] [PATCH 05/24] qdev: split up header so it can be used in cpu.h

[Eduardo Habkost]

From: Anthony Liguori 

Header file dependency is a frickin' nightmare right now.  cpu.h tends to get
included in our 'include everything' header files but qdev also needs to include
those headers mainly for qdev-properties since it knows about CharDriverState
and friends.

We can solve this for now by splitting out qdev.h along the same lines that we
previously split the C file.  Then cpu.h just needs to include qdev-core.h

hw/qdev.h is split into following new headers:
hw/qdev-core.h
hw/qdev-properties.h
hw/qdev-monitor.h

Signed-off-by: Anthony Liguori 

[ehabkost: re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the
 original patch (by mistake, I guess)]
[ehabkost: kill qdev_prop_set_vlan() declaration]
[ehabkost: moved get_fw_dev_path() comment to the original location
 (I don't know why it was moved)]
[ehabkost: removed qdev_exists() declaration]
[ehabkost: keep using 'QemuOpts' instead of 'struct QemuOpts', as
 qdev-core.h includes qemu-option.h]

Signed-off-by: Eduardo Habkost 
---
Yes, there is "changelog" data before the "---" mark, but I believe that
in this case they are important to indicate authorship and the scope of
the Signed-off-by lines (so they need to get into the git commit
message)

Detailed changelog:

Changes v1 (from Anthony) -> v2 (from Eduardo):
 - re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the original
   patch (by mistake, I guess)
 - kill qdev_prop_set_vlan() declaration

Changes v2 -> v3 (from Eduardo):
 - moved get_fw_dev_path() comment to the original location (I don't
   know why it was moved)
 - removed qdev_exists() declaration
 - keep using 'QemuOpts' instead of 'struct QemuOpts', as qdev-core.h
   includes qemu-option.h

Changes v3 -> v4 (from Eduardo):
 - Edited commit message to include additional information about the
   specific files being created
---
 hw/mc146818rtc.c |   1 +
 hw/qdev-addr.c   |   1 +
 hw/qdev-core.h   | 238 +
 hw/qdev-monitor.h|  16 +++
 hw/qdev-properties.c |   1 +
 hw/qdev-properties.h | 130 ++
 hw/qdev.c|   1 +
 hw/qdev.h| 370 +--
 8 files changed, 392 insertions(+), 366 deletions(-)
 create mode 100644 hw/qdev-core.h
 create mode 100644 hw/qdev-monitor.h
 create mode 100644 hw/qdev-properties.h

diff --git a/hw/mc146818rtc.c b/hw/mc146818rtc.c
index 98839f2..7d84ce3 100644
--- a/hw/mc146818rtc.c
+++ b/hw/mc146818rtc.c
@@ -25,6 +25,7 @@
 #include "qemu-timer.h"
 #include "sysemu.h"
 #include "mc146818rtc.h"
+#include "qapi/qapi-visit-core.h"
 
 #ifdef TARGET_I386
 #include "apic.h"
diff --git a/hw/qdev-addr.c b/hw/qdev-addr.c
index de0ba87..ea32c31 100644
--- a/hw/qdev-addr.c
+++ b/hw/qdev-addr.c
@@ -1,6 +1,7 @@
 #include "qdev.h"
 #include "qdev-addr.h"
 #include "hwaddr.h"
+#include "qapi/qapi-visit-core.h"
 
 /* --- target physical address --- */
 
diff --git a/hw/qdev-core.h b/hw/qdev-core.h
new file mode 100644
index 000..fce9e22
--- /dev/null
+++ b/hw/qdev-core.h
@@ -0,0 +1,238 @@
+#ifndef QDEV_CORE_H
+#define QDEV_CORE_H
+
+#include "qemu-queue.h"
+#include "qemu-option.h"
+#include "qemu/object.h"
+#include "hw/irq.h"
+#include "error.h"
+
+typedef struct Property Property;
+
+typedef struct PropertyInfo PropertyInfo;
+
+typedef struct CompatProperty CompatProperty;
+
+typedef struct BusState BusState;
+
+typedef struct BusClass BusClass;
+
+enum DevState {
+DEV_STATE_CREATED = 1,
+DEV_STATE_INITIALIZED,
+};
+
+enum {
+DEV_NVECTORS_UNSPECIFIED = -1,
+};
+
+#define TYPE_DEVICE "device"
+#define DEVICE(obj) OBJECT_CHECK(DeviceState, (obj), TYPE_DEVICE)
+#define DEVICE_CLASS(klass) OBJECT_CLASS_CHECK(DeviceClass, (klass), 
TYPE_DEVICE)
+#define DEVICE_GET_CLASS(obj) OBJECT_GET_CLASS(DeviceClass, (obj), TYPE_DEVICE)
+
+typedef int (*qdev_initfn)(DeviceState *dev);
+typedef int (*qdev_event)(DeviceState *dev);
+typedef void (*qdev_resetfn)(DeviceState *dev);
+
+struct VMStateDescription;
+
+typedef struct DeviceClass {
+ObjectClass parent_class;
+
+const char *fw_name;
+const char *desc;
+Property *props;
+int no_user;
+
+/* callbacks */
+void (*reset)(DeviceState *dev);
+
+/* device state */
+const struct VMStateDescription *vmsd;
+
+/* Private to qdev / bus.  */
+qdev_initfn init;
+qdev_event unplug;
+qdev_event exit;
+const char *bus_type;
+} DeviceClass;
+
+/* This structure should not be accessed directly.  We declare it here
+   so that it can be embedded in individual device state structures.  */
+struct DeviceState {
+Object parent_obj;
+
+const char *id;
+enum DevState state;
+QemuOpts *opts;
+int hotplugged;
+BusState *parent_bus;
+int num_gpio_out;
+qemu_irq *gpio_out;
+int num_gpio_in;
+qemu_irq *gpio_in;
+QLIST_HEAD(, BusState) child_bus;
+int num_child_bus;
+int instance_id_alias;
+int alias_required_for_version;
+};
+
+#define TYP

[Qemu-devel] [PATCH 02/24] user: rename qemu-types.h to qemu-user-types.h

[Eduardo Habkost]

The header file is specific for *-user, but I plan to introduce a more
generic qemu-types.h file, so I'm renaming it.

Signed-off-by: Eduardo Habkost 
---
Cc: Blue Swirl 
Cc: Riku Voipio 
---
 bsd-user/qemu.h   | 2 +-
 cpu-all.h | 2 +-
 linux-user/qemu.h | 2 +-
 qemu-types.h => qemu-user-types.h | 0
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename qemu-types.h => qemu-user-types.h (100%)

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 8a5ee3d..d268899 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -11,7 +11,7 @@
 #include 
 #endif /* DEBUG_REMAP */
 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 enum BSDType {
 target_freebsd,
diff --git a/cpu-all.h b/cpu-all.h
index c9c51b8..d6b2b19 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -180,7 +180,7 @@ static inline void tswap64s(uint64_t *s)
 
 #if defined(CONFIG_USER_ONLY)
 #include 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 5e53dca..ceddb3c 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -11,7 +11,7 @@
 #include 
 #endif /* DEBUG_REMAP */
 
-#include "qemu-types.h"
+#include "qemu-user-types.h"
 
 #include "thunk.h"
 #include "syscall_defs.h"
diff --git a/qemu-types.h b/qemu-user-types.h
similarity index 100%
rename from qemu-types.h
rename to qemu-user-types.h
-- 
1.7.11.4

[Qemu-devel] [PATCH 09/24] ui/vnc-pallete.c: include headers it needs

[Eduardo Habkost]

Include:
 -  for g_malloc0()
 -  for memset()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 ui/vnc-palette.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ui/vnc-palette.c b/ui/vnc-palette.c
index 63d5f64..c130dee 100644
--- a/ui/vnc-palette.c
+++ b/ui/vnc-palette.c
@@ -27,6 +27,8 @@
  */
 
 #include "vnc-palette.h"
+#include 
+#include 
 
 static VncPaletteEntry *palette_find(const VncPalette *palette,
  uint32_t color, unsigned int hash)
-- 
1.7.11.4

[Qemu-devel] [PATCH 11/24] qapi/qmp-registry.c: include headers it needs

[Eduardo Habkost]

Include:
-  for g_malloc0()
-  for strcmp()

Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.

Signed-off-by: Eduardo Habkost 
---
 qapi/qmp-registry.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qapi/qmp-registry.c b/qapi/qmp-registry.c
index 5414613..c2c31b4 100644
--- a/qapi/qmp-registry.c
+++ b/qapi/qmp-registry.c
@@ -12,6 +12,8 @@
  *
  */
 
+#include 
+#include 
 #include "qapi/qmp-core.h"
 
 static QTAILQ_HEAD(QmpCommandList, QmpCommand) qmp_commands =
-- 
1.7.11.4

[Qemu-devel] [PATCH 18/24] qdev: qdev_create(): use error_report() instead of hw_error()

[Eduardo Habkost]

hw_error() is specific for fatal hardware emulation errors, not for
internal errors related to the qdev object/class abstraction or object
initialization.

Replace it with an error_report() call, followed by abort().

This will also help reduce dependencies of the qdev code (as hw_error()
is from cpus.o, and depends on the CPU list from exec.o).

Signed-off-by: Eduardo Habkost 
---
 hw/qdev.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/qdev.c b/hw/qdev.c
index 7ddcd24..2cc6434 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -109,10 +109,12 @@ DeviceState *qdev_create(BusState *bus, const char *name)
 dev = qdev_try_create(bus, name);
 if (!dev) {
 if (bus) {
-hw_error("Unknown device '%s' for bus '%s'\n", name,
- object_get_typename(OBJECT(bus)));
+error_report("Unknown device '%s' for bus '%s'\n", name,
+ object_get_typename(OBJECT(bus)));
+abort();
 } else {
-hw_error("Unknown device '%s' for default sysbus\n", name);
+error_report("Unknown device '%s' for default sysbus\n", name);
+abort();
 }
 }
 
-- 
1.7.11.4

[Qemu-devel] [PATCH 21/24] qdev: add sysbus_get_default() GCC_WEAK stub

[Eduardo Habkost]

This version will be used on cases where sysbus.c is not compiled in
(e.g. *-user).

Signed-off-by: Eduardo Habkost 
---
 hw/qdev-core.h |  2 +-
 hw/qdev.c  | 12 
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/qdev-core.h b/hw/qdev-core.h
index 494b687..19d9e03 100644
--- a/hw/qdev-core.h
+++ b/hw/qdev-core.h
@@ -194,7 +194,7 @@ void qbus_free(BusState *bus);
 #define FROM_QBUS(type, dev) DO_UPCAST(type, qbus, dev)
 
 /* This should go away once we get rid of the NULL bus hack */
-BusState *sysbus_get_default(void);
+GCC_WEAK_DECL BusState *sysbus_get_default(void);
 
 char *qdev_get_fw_dev_path(DeviceState *dev);
 
diff --git a/hw/qdev.c b/hw/qdev.c
index fe4de96..1c4ff03 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -97,6 +97,18 @@ GCC_WEAK void vmstate_unregister(DeviceState *dev,
 {
 }
 
+
+/* sysbus stub functions
+ *
+ * The real implementation is on sysbus.c, but the stub functions will be used
+ * on cases where sysbus.c is not compiled in (e.g. *-user).
+ */
+
+GCC_WEAK BusState *sysbus_get_default(void)
+{
+return NULL;
+}
+
 const VMStateDescription *qdev_get_vmsd(DeviceState *dev)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
-- 
1.7.11.4

[Qemu-devel] [PATCH V2] qemu-sockets: Fix parsing of the inet option 'to'.

[Anthony PERARD]

Having a qemu command line argument like "-vnc 127.0.0.1:0,to=99" is broken.
This have been break with commit 879e45c72da1569e07fbbc6a1aa2a708ea796044.

Signed-off-by: Anthony PERARD 

---
 qemu-sockets.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/qemu-sockets.c b/qemu-sockets.c
index abcd791..03ca98d 100644
--- a/qemu-sockets.c
+++ b/qemu-sockets.c
@@ -551,8 +551,9 @@ static InetSocketAddress *inet_parse(const char *str, Error 
**errp)
 optstr = str + pos;
 h = strstr(optstr, ",to=");
 if (h) {
-if (1 != sscanf(str, "%d%n", &to, &pos) ||
-(str[pos] != '\0' && str[pos] != ',')) {
+h += 4;
+if (sscanf(h, "%d%n", &to, &pos) != 1 ||
+(h[pos] != '\0' && h[pos] != ',')) {
 error_setg(errp, "error parsing to= argument");
 goto fail;
 }
-- 
Anthony PERARD

Re: [Qemu-devel] [PATCH] qemu-sockets: Fix parsing of the inet option 'to'.

[Anthony PERARD]

Re: [Qemu-devel] [PATCH] qemu-sockets: Fix parsing of the inet option 'to'.

[Markus Armbruster]

Anthony PERARD  writes:

> Having a qemu command line argument like "-vnc 127.0.0.1:0,to=99" is broken.
> This have been break with commit 879e45c72da1569e07fbbc6a1aa2a708ea796044.
>
> Signed-off-by: Anthony PERARD 
>
> ---
>  qemu-sockets.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/qemu-sockets.c b/qemu-sockets.c
> index abcd791..11d3d32 100644
> --- a/qemu-sockets.c
> +++ b/qemu-sockets.c
> @@ -551,8 +551,9 @@ static InetSocketAddress *inet_parse(const char *str, 
> Error **errp)
>  optstr = str + pos;
>  h = strstr(optstr, ",to=");
>  if (h) {
> -if (1 != sscanf(str, "%d%n", &to, &pos) ||
> -(str[pos] != '\0' && str[pos] != ',')) {
> +h += 4;
> +if (1 != sscanf(h, "%d%n", &to, &pos) ||
> +(h[pos] != '\0' && h[pos] != ',')) {

Since you're touching this line anyway, consider cleaning up the Yoda
comparison to sscanf(...) != 1

>  error_setg(errp, "error parsing to= argument");
>  goto fail;
>  }

Re: [Qemu-devel] [QEMU PATCH] microblaze: translate.c: Fix swaph decoding

[Edgar E. Iglesias]

On Thu, Nov 08, 2012 at 02:01:19PM +1000, Peter Crosthwaite wrote:
> The swaph instruction was not decoding correctly. s/1e1/1e2 on the
> 9 LSBs on the instruction decode.
> 
> Reported-by: David Holsgrove 
> Signed-off-by: Peter Crosthwaite 
> ---
>  target-microblaze/translate.c |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/target-microblaze/translate.c b/target-microblaze/translate.c
> index 7d864b1..6f27c24 100644
> --- a/target-microblaze/translate.c
> +++ b/target-microblaze/translate.c
> @@ -840,7 +840,7 @@ static void dec_bit(DisasContext *dc)
>  LOG_DIS("swapb r%d r%d\n", dc->rd, dc->ra);
>  tcg_gen_bswap32_i32(cpu_R[dc->rd], cpu_R[dc->ra]);
>  break;
> -case 0x1e1:
> +case 0x1e2:

Ouch.. I've applied the fix, thanks.

David, was this the bug that was causing the recent errors with the rebased
GCC port?

Cheers,
Edgar

Re: [Qemu-devel] Qemu Monitor

[Markus Armbruster]

You dropped cc: qemu-devel.  Please don't do that unless you're very
confident your question is of no interest whatsoever for anybody else.
I added it back.

Muhammad Nouman  writes:

> My target is MIPS ! then what should i do to see the tlb ?

Simply not implemented for MIPS, as far as I can see.  Patches welcome!

Re: [Qemu-devel] QEMU 1.2.0 -hda option not working

[Vipin Gahlaut]

Hi Dunrong,

Thanks for the link. This is great. I have now hdd recognized. I had
everything else included apart from "Enable SYM53C8XX Version 2 SCSI
Support". Once I included it, /dev/sda is available.

Thanks again Dunrong and FAM for your help.

Just for the others who may stumble upon this thread is that ARM doesn't
seem to have IDE support so only SCSI will help. (Option  ATA/ATAPI/MFM/RLL
support  --->) is not available in for ARM. Following instructions in the
link provided by Dunrong hard disk works like charm.

Best Regards
Vipin

On Fri, Nov 9, 2012 at 2:10 PM, Dunrong Huang  wrote:

> agree with Fam, please check your kernel config.
>
> this page may help you :
>
> https://fedoraproject.org/wiki/Architectures/ARM/HowToQemu#Build_Kernel_Image_From_Source
>
> 2012/11/9 Fam Zheng 
>
>> Try a kernel with this enabled [1]:
>>
>> Device Drivers  --->
>>  ATA/ATAPI/MFM/RLL support  --->
>>   <*> ATA/ATAPI/MFM/RLL support
>>   <*>   Enhanced IDE/MFM/RLL disk/cdrom/tape/floppy support
>>   [*] PCI IDE chipset support
>>
>> [1] http://www.gentoo.org/doc/en/kernel-config.xml
>>
>> ---
>> Best regards!
>> Fam Zheng
>>
>>
>> On Fri, Nov 9, 2012 at 4:19 PM, Fam Zheng  wrote:
>> > I'm wondering if the interface might be IDE in this case?
>> >
>> > ---
>> > Best regards!
>> > Fam Zheng
>> >
>> >
>> > On Fri, Nov 9, 2012 at 4:09 PM, Vipin Gahlaut 
>> wrote:
>> >> Hi Fam,
>> >>
>> >> My understanding is that I need to include SCSI driver support in
>> kernel
>> >> that I already did. Do I need to include something else as well?
>> >>
>> >> Best Regards
>> >> Vipin
>> >>
>> >>
>> >> On Fri, Nov 9, 2012 at 1:35 PM, Fam Zheng  wrote:
>> >>>
>> >>> Is the device driver compiled in the kernel?
>> >>>
>> >>> ---
>> >>> Best regards!
>> >>> Fam Zheng
>> >>>
>> >>>
>> >>> On Fri, Nov 9, 2012 at 3:59 PM, Vipin Gahlaut 
>> wrote:
>> >>> > Hi Dunrong,
>> >>> >
>> >>> > I tried your suggestion but it is not working. Please find more
>> details
>> >>> > below.
>> >>> >
>> >>> > 1. I have created image using qemu-img command (qemu-img create
>> >>> > -disk.img
>> >>> > 1G), loop mounted it and installed root file system on this image.
>> >>> >
>> >>> > 2. I am using linux kernel 3.5.5 and made sure that SCSI support is
>> >>> > included
>> >>> > in the kernel. Using QEMU 1.2.0
>> >>> >
>> >>> > 3. Running QEMU as below
>> >>> >
>> >>> > /usr/local/bin/qemu-system-arm -M versatilepb -kernel
>> >>> > /home/vgahlaut/labs/linux-3.5.5/arch/arm/boot/zImage -nographic -hda
>> >>> > /home/vgahlaut/labs/disk.img -append "root=/dev/sda mem=128M
>> >>> > console=ttyAMA0,115200"
>> >>> >
>> >>> > 4.Getting Error (VFS: Cannot open root device "sda" or
>> >>> > unknown-block(0,0):
>> >>> > error -6). Please see complete logs below
>> >>> > 
>> >>> > Uncompressing Linux... done, booting the kernel.
>> >>> > Booting Linux on physical CPU 0
>> >>> > Linux version 3.5.5 (vgahlaut@ubuntu) (gcc version 4.3.2
>> (crosstool-NG
>> >>> > 1.16.0) ) #21 Fri Nov 9 10:42:54 IST 2012
>> >>> > CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00093177
>> >>> > CPU: VIVT data cache, VIVT instruction cache
>> >>> > Machine: ARM-Versatile PB
>> >>> > Memory policy: ECC disabled, Data cache writeback
>> >>> > sched_clock: 32 bits at 24MHz, resolution 41ns, wraps every 178956ms
>> >>> > Built 1 zonelists in Zone order, mobility grouping on.  Total pages:
>> >>> > 32512
>> >>> > Kernel command line: root=/dev/sda mem=128M console=ttyAMA0,115200
>> >>> > PID hash table entries: 512 (order: -1, 2048 bytes)
>> >>> > Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
>> >>> > Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
>> >>> > Memory: 128MB = 128MB total
>> >>> > Memory: 126048k/126048k available, 5024k reserved, 0K highmem
>> >>> > Virtual kernel memory layout:
>> >>> > vector  : 0x - 0x1000   (   4 kB)
>> >>> > fixmap  : 0xfff0 - 0xfffe   ( 896 kB)
>> >>> > vmalloc : 0xc880 - 0xff00   ( 872 MB)
>> >>> > lowmem  : 0xc000 - 0xc800   ( 128 MB)
>> >>> >   .text : 0xc0008000 - 0xc0360810   (3427 kB)
>> >>> >   .init : 0xc0361000 - 0xc0381cbc   ( 132 kB)
>> >>> >   .data : 0xc0382000 - 0xc03a9100   ( 157 kB)
>> >>> >.bss : 0xc03a9124 - 0xc03c3c9c   ( 107 kB)
>> >>> > NR_IRQS:192
>> >>> > VIC @f114: id 0x00041190, vendor 0x41
>> >>> > FPGA IRQ chip 0 "SIC" @ f1003000, 21 irqs
>> >>> > Console: colour dummy device 80x30
>> >>> > Calibrating delay loop... 425.16 BogoMIPS (lpj=2125824)
>> >>> > pid_max: default: 32768 minimum: 301
>> >>> > Mount-cache hash table entries: 512
>> >>> > CPU: Testing write buffer coherency: ok
>> >>> > Setting up static identity map for 0x2c2aa0 - 0x2c2af8
>> >>> > devtmpfs: initialized
>> >>> > NET: Registered protocol family 16
>> >>> > Serial: AMBA PL011 UART driver
>> >>> > dev:f1: ttyAMA0 at MMIO 0x101f1000 (irq = 12) is a PL011 rev1
>> >>> > console [ttyAMA0] enabled
>> >>> > dev:f2: ttyAMA1 at MMIO 0x101f2000 (irq = 1

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Peter Maydell]

On 9 November 2012 10:42, Anthony Liguori  wrote:
> While the abstract discussion is fun, it never hurts to be defensive.  I
> agree the root cause is vmware-vga but checking in vnc doesn't hurt.

Defensive programming would suggest doing the clipping in the
console.c layer. That sounds a reasonable plan to me (especially
if we've hit similar problems multiple times in the past).

-- PMM

[Qemu-devel] [PATCH 2/8] usb-redir: Allow packets to have both data and an error-status

[Gerd Hoffmann]

From: Hans de Goede 

Signed-off-by: Hans de Goede 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/redirect.c |   56 ++--
 1 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index cd4388e..be9a232 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -521,22 +521,16 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, 
USBPacket *p,
  isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size);
 
 status = isop->status;
-if (status != usb_redir_success) {
-bufp_free(dev, isop, ep);
-p->status = USB_RET_IOERROR;
-return;
-}
-
 len = isop->len;
 if (len > p->iov.size) {
 ERROR("received iso data is larger then packet ep %02X (%d > 
%d)\n",
   ep, len, (int)p->iov.size);
-bufp_free(dev, isop, ep);
-p->status = USB_RET_BABBLE;
-return;
+len = p->iov.size;
+status = usb_redir_babble;
 }
 usb_packet_copy(p, isop->data, len);
 bufp_free(dev, isop, ep);
+usbredir_handle_status(dev, p, status);
 } else {
 /* If the stream was not started because of a pending error don't
send the packet to the usb-host */
@@ -656,21 +650,15 @@ static void usbredir_handle_interrupt_data(USBRedirDevice 
*dev,
 intp->status, intp->len);
 
 status = intp->status;
-if (status != usb_redir_success) {
-bufp_free(dev, intp, ep);
-usbredir_handle_status(dev, p, status);
-return;
-}
-
 len = intp->len;
 if (len > p->iov.size) {
 ERROR("received int data is larger then packet ep %02X\n", ep);
-bufp_free(dev, intp, ep);
-p->status = USB_RET_BABBLE;
-return;
+len = p->iov.size;
+status = usb_redir_babble;
 }
 usb_packet_copy(p, intp->data, len);
 bufp_free(dev, intp, ep);
+usbredir_handle_status(dev, p, status);
 } else {
 /* Output interrupt endpoint, normal async operation */
 struct usb_redir_interrupt_packet_header interrupt_packet;
@@ -1542,16 +1530,15 @@ static void usbredir_control_packet(void *priv, 
uint64_t id,
 p = usbredir_find_packet_by_id(dev, 0, id);
 if (p) {
 usbredir_handle_status(dev, p, control_packet->status);
-if (p->status == USB_RET_SUCCESS) {
+if (data_len > 0) {
 usbredir_log_data(dev, "ctrl data in:", data, data_len);
-if (data_len <= sizeof(dev->dev.data_buf)) {
-memcpy(dev->dev.data_buf, data, data_len);
-} else {
+if (data_len > sizeof(dev->dev.data_buf)) {
 ERROR("ctrl buffer too small (%d > %zu)\n",
   data_len, sizeof(dev->dev.data_buf));
 p->status = USB_RET_STALL;
-len = 0;
+data_len = len = sizeof(dev->dev.data_buf);
 }
+memcpy(dev->dev.data_buf, data, data_len);
 }
 p->actual_length = len;
 usb_generic_async_ctrl_complete(&dev->dev, p);
@@ -1575,20 +1562,19 @@ static void usbredir_bulk_packet(void *priv, uint64_t 
id,
 if (p) {
 size_t size = (p->combined) ? p->combined->iov.size : p->iov.size;
 usbredir_handle_status(dev, p, bulk_packet->status);
-if (p->status == USB_RET_SUCCESS) {
+if (data_len > 0) {
 usbredir_log_data(dev, "bulk data in:", data, data_len);
-if (data_len <= size) {
-if (p->combined) {
-iov_from_buf(p->combined->iov.iov, p->combined->iov.niov,
- 0, data, data_len);
-} else {
-usb_packet_copy(p, data, data_len);
-}
-} else {
+if (data_len > size) {
 ERROR("bulk got more data then requested (%d > %zd)\n",
   data_len, p->iov.size);
 p->status = USB_RET_BABBLE;
-len = 0;
+data_len = len = size;
+}
+if (p->combined) {
+iov_from_buf(p->combined->iov.iov, p->combined->iov.niov,
+ 0, data, data_len);
+} else {
+usb_packet_copy(p, data, data_len);
 }
 }
 p->actual_length = len;
@@ -1653,12 +1639,10 @@ static void usbredir_interrupt_packet(void *priv, 
uint64_t id,
 /* bufp_alloc also adds the packet to the ep queue */
 bufp_alloc(dev, data, data_len, interrupt_packet->status, ep);
 } else {
-int len = interrupt_packet->length;
-
 USBPacket *p = usbredir_find_packet_by_id(dev, ep, id);
 if (p) {
 usbredir_handle_status(dev, p, interrupt_packet->status);
-

[Qemu-devel] [PATCH 4/8] ehci: Add support for packets with both data and an error status

[Gerd Hoffmann]

From: Hans de Goede 

Signed-off-by: Hans de Goede 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci.c |  161 +---
 hw/usb/hcd-ehci.h |1 -
 2 files changed, 77 insertions(+), 85 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 73be575..ee6c9ae 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1126,16 +1126,16 @@ static int ehci_init_transfer(EHCIPacket *p)
 return 0;
 }
 
-static void ehci_finish_transfer(EHCIQueue *q, int status)
+static void ehci_finish_transfer(EHCIQueue *q, int len)
 {
 uint32_t cpage, offset;
 
-if (status > 0) {
+if (len > 0) {
 /* update cpage & offset */
 cpage  = get_field(q->qh.token, QTD_TOKEN_CPAGE);
 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
 
-offset += status;
+offset += len;
 cpage  += offset >> QTD_BUFPTR_SH;
 offset &= ~QTD_BUFPTR_MASK;
 
@@ -1168,7 +1168,6 @@ static void ehci_async_complete_packet(USBPort *port, 
USBPacket *packet)
 
 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
 p->async = EHCI_ASYNC_FINISHED;
-p->usb_status = packet->status ? packet->status : packet->actual_length;
 
 if (p->queue->async) {
 qemu_bh_schedule(p->queue->ehci->async_bh);
@@ -1178,58 +1177,60 @@ static void ehci_async_complete_packet(USBPort *port, 
USBPacket *packet)
 static void ehci_execute_complete(EHCIQueue *q)
 {
 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
+uint32_t tbytes;
 
 assert(p != NULL);
 assert(p->qtdaddr == q->qtdaddr);
 assert(p->async == EHCI_ASYNC_INITIALIZED ||
p->async == EHCI_ASYNC_FINISHED);
 
-DPRINTF("execute_complete: qhaddr 0x%x, next %x, qtdaddr 0x%x, status 
%d\n",
-q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status);
+DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
+"status %d, actual_length %d\n",
+q->qhaddr, q->qh.next, q->qtdaddr,
+p->packet.status, p->packet.actual_length);
 
-if (p->usb_status < 0) {
-switch (p->usb_status) {
-case USB_RET_IOERROR:
-case USB_RET_NODEV:
-q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
-set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
-ehci_raise_irq(q->ehci, USBSTS_ERRINT);
-break;
-case USB_RET_STALL:
-q->qh.token |= QTD_TOKEN_HALT;
-ehci_raise_irq(q->ehci, USBSTS_ERRINT);
-break;
-case USB_RET_NAK:
-set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
-return; /* We're not done yet with this transaction */
-case USB_RET_BABBLE:
-q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
-ehci_raise_irq(q->ehci, USBSTS_ERRINT);
-break;
-default:
-/* should not be triggerable */
-fprintf(stderr, "USB invalid response %d\n", p->usb_status);
-assert(0);
-break;
+switch (p->packet.status) {
+case USB_RET_SUCCESS:
+break;
+case USB_RET_IOERROR:
+case USB_RET_NODEV:
+q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
+set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
+ehci_raise_irq(q->ehci, USBSTS_ERRINT);
+break;
+case USB_RET_STALL:
+q->qh.token |= QTD_TOKEN_HALT;
+ehci_raise_irq(q->ehci, USBSTS_ERRINT);
+break;
+case USB_RET_NAK:
+set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
+return; /* We're not done yet with this transaction */
+case USB_RET_BABBLE:
+q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
+ehci_raise_irq(q->ehci, USBSTS_ERRINT);
+break;
+default:
+/* should not be triggerable */
+fprintf(stderr, "USB invalid response %d\n", p->packet.status);
+assert(0);
+break;
+}
+
+/* TODO check 4.12 for splits */
+tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
+if (tbytes && p->pid == USB_TOKEN_IN) {
+tbytes -= p->packet.actual_length;
+if (tbytes) {
+/* 4.15.1.2 must raise int on a short input packet */
+ehci_raise_irq(q->ehci, USBSTS_INT);
 }
 } else {
-// TODO check 4.12 for splits
-uint32_t tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
-
-if (tbytes && p->pid == USB_TOKEN_IN) {
-tbytes -= p->usb_status;
-if (tbytes) {
-/* 4.15.1.2 must raise int on a short input packet */
-ehci_raise_irq(q->ehci, USBSTS_INT);
-}
-} else {
-tbytes = 0;
-}
-
-DPRINTF("updating tbytes to %d\n", tbytes);
-set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
+tbytes = 0;
 }
-ehci_finish_transfer(q, p->usb_status);
+DPRINTF("updating tbytes to %d\n", tbytes);
+set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Michael Tokarev]

On 09.11.2012 13:00, Michael Tokarev wrote:
> On 09.11.2012 03:55, BALATON Zoltan wrote:
>> On Thu, 8 Nov 2012, Gerd Hoffmann wrote:
 I think this is fixing this at the wrong level. Either we
 should require that drivers (in this case vmware_vga.c)
 must not call dpy_gfx_update() with out of range values,
 or we should do the clipping in the console.c layer, but
 I don't think requiring every UI backend to clip is the
 right thing. Anthony?
>>>
>>> Agree.  IMHO vmware_vga.c is at fault here and should be fixed.  We can
>>> add some asserts to console.[ch] to enforce this ...
>>
>> Would the attached patch help?
> 
> I fixed this 2 times, and I remember two other people fixing
> the same thing too already.  Lemme find some refs...
> 
> http://thread.gmane.org/gmane.comp.emulators.qemu/166064
> 
> ---
> Is it the same as https://bugs.launchpad.net/bugs/918791 ?
> At least it appears to be the same theme...  But there,
> the patch (https://launchpadlibrarian.net/94916786/qemu-vmware.debdiff)
> also updates width/height.  My comment:
> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/918791/comments/21
> ---

Another reference: the same problem in qxl (Gerd should know this area):

 http://thread.gmane.org/gmane.comp.emulators.qemu/171093

this patch is a cleanup, -- the problem has been fixed twice in a row in qxl.
We've 3 fixes for it in vmware now too.

So figuring out the proper level where to fix it is important...

/mjt

Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC

[Anthony Liguori]

Peter Maydell  writes:

> On 9 November 2012 08:13, Gerhard Wiesinger  wrote:
>> (think of situations where bits might not be accurate due to CPU bugs or
>> even QEMU/KVM in aerospace where
>> bits fall to other states due to high energy cosmic ray).
>
> If any aeroplane manufacturer is using QEMU for some safety critical
> purpose it would be nice if they'd let us know. I could then avoid
> flying with them in future :-)

While the abstract discussion is fun, it never hurts to be defensive.  I
agree the root cause is vmware-vga but checking in vnc doesn't hurt.

Regards,

Anthony Liguori

>
> -- PMM

[Qemu-devel] [PATCH 8/8] ehci: fix migration

[Gerd Hoffmann]

Commit 5010d4dc618b6b8e7c21129c487c06f6493f71fc reorganized vmstate to
split core + pci, but got two little details wrong.  Fix them.

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci-pci.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/usb/hcd-ehci-pci.c b/hw/usb/hcd-ehci-pci.c
index d5c7d46..fe45a1f 100644
--- a/hw/usb/hcd-ehci-pci.c
+++ b/hw/usb/hcd-ehci-pci.c
@@ -91,6 +91,7 @@ static const VMStateDescription vmstate_ehci_pci = {
 .fields  = (VMStateField[]) {
 VMSTATE_PCI_DEVICE(pcidev, EHCIPCIState),
 VMSTATE_STRUCT(ehci, EHCIPCIState, 2, vmstate_ehci, EHCIState),
+VMSTATE_END_OF_LIST()
 }
 };
 
@@ -105,7 +106,7 @@ static void ehci_class_init(ObjectClass *klass, void *data)
 k->device_id = i->device_id;
 k->revision = i->revision;
 k->class_id = PCI_CLASS_SERIAL_USB;
-dc->vmsd = &vmstate_ehci;
+dc->vmsd = &vmstate_ehci_pci;
 dc->props = ehci_pci_properties;
 }
 
-- 
1.7.1

[Qemu-devel] [PATCH 6/8] usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()

[Gerd Hoffmann]

From: Hans de Goede 

Signed-off-by: Hans de Goede 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/combined-packet.c |   33 +++--
 1 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
index e722198..4a0c299 100644
--- a/hw/usb/combined-packet.c
+++ b/hw/usb/combined-packet.c
@@ -31,12 +31,16 @@ static void usb_combined_packet_add(USBCombinedPacket 
*combined, USBPacket *p)
 p->combined = combined;
 }
 
+/* Note will free combined when the last packet gets removed */
 static void usb_combined_packet_remove(USBCombinedPacket *combined,
USBPacket *p)
 {
 assert(p->combined == combined);
 p->combined = NULL;
 QTAILQ_REMOVE(&combined->packets, p, combined_entry);
+if (QTAILQ_EMPTY(&combined->packets)) {
+g_free(combined);
+}
 }
 
 /* Also handles completion of non combined packets for pipelined input eps */
@@ -45,9 +49,8 @@ void usb_combined_input_packet_complete(USBDevice *dev, 
USBPacket *p)
 USBCombinedPacket *combined = p->combined;
 USBEndpoint *ep = p->ep;
 USBPacket *next;
-enum { completing, complete, leftover };
-int status, actual_length, state = completing;
-bool short_not_ok;
+int status, actual_length;
+bool short_not_ok, done = false;
 
 if (combined == NULL) {
 usb_packet_complete_one(dev, p);
@@ -61,39 +64,34 @@ void usb_combined_input_packet_complete(USBDevice *dev, 
USBPacket *p)
 short_not_ok = QTAILQ_LAST(&combined->packets, packets_head)->short_not_ok;
 
 QTAILQ_FOREACH_SAFE(p, &combined->packets, combined_entry, next) {
-if (state == completing) {
+if (!done) {
 /* Distribute data over uncombined packets */
 if (actual_length >= p->iov.size) {
 p->actual_length = p->iov.size;
 } else {
 /* Send short or error packet to complete the transfer */
 p->actual_length = actual_length;
-state = complete;
+done = true;
 }
 /* Report status on the last packet */
-if (state == complete || next == NULL) {
+if (done || next == NULL) {
 p->status = status;
 } else {
 p->status = USB_RET_SUCCESS;
 }
 p->short_not_ok = short_not_ok;
+/* Note will free combined when the last packet gets removed! */
 usb_combined_packet_remove(combined, p);
 usb_packet_complete_one(dev, p);
 actual_length -= p->actual_length;
 } else {
 /* Remove any leftover packets from the queue */
-state = leftover;
 p->status = USB_RET_REMOVE_FROM_QUEUE;
+/* Note will free combined on the last packet! */
 dev->port->ops->complete(dev->port, p);
 }
 }
-/*
- * If we had leftover packets the hcd driver will have cancelled them
- * and usb_combined_packet_cancel has already freed combined!
- */
-if (state != leftover) {
-g_free(combined);
-}
+/* Do not use combined here, it has been freed! */
 leave:
 /* Check if there are packets in the queue waiting for our completion */
 usb_ep_combine_input_packets(ep);
@@ -104,14 +102,13 @@ void usb_combined_packet_cancel(USBDevice *dev, USBPacket 
*p)
 {
 USBCombinedPacket *combined = p->combined;
 assert(combined != NULL);
+USBPacket *first = p->combined->first;
 
+/* Note will free combined on the last packet! */
 usb_combined_packet_remove(combined, p);
-if (p == combined->first) {
+if (p == first) {
 usb_device_cancel_packet(dev, p);
 }
-if (QTAILQ_EMPTY(&combined->packets)) {
-g_free(combined);
-}
 }
 
 /*
-- 
1.7.1

[Qemu-devel] [PATCH v2] Fix piix4_pm savevm buffer overflow.

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 hw/acpi_piix4.c |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 15275cf..1fd6def 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -235,7 +235,7 @@ static int vmstate_acpi_post_load(void *opaque, int 
version_id)
  {   \
  .name   = (stringify(_field)),  \
  .version_id = 0,\
- .num= GPE_LEN,  \
+ .num= 1,\
  .info   = &vmstate_info_uint16, \
  .size   = sizeof(uint16_t), \
  .flags  = VMS_ARRAY | VMS_POINTER,  \
@@ -249,7 +249,9 @@ static const VMStateDescription vmstate_gpe = {
 .minimum_version_id_old = 1,
 .fields  = (VMStateField []) {
 VMSTATE_GPE_ARRAY(sts, ACPIGPE),
+VMSTATE_UNUSED(6),
 VMSTATE_GPE_ARRAY(en, ACPIGPE),
+VMSTATE_UNUSED(6),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
1.7.1

[Qemu-devel] [PATCH 5/8] xhci: Add support for packets with both data and an error status

[Gerd Hoffmann]

From: Hans de Goede 

Signed-off-by: Hans de Goede 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-xhci.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index d4a2e0c..a181d45 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1388,7 +1388,7 @@ static void xhci_xfer_report(XHCITransfer *xfer)
 XHCIState *xhci = xfer->xhci;
 int i;
 
-left = xfer->packet.status ? 0 : xfer->packet.actual_length;
+left = xfer->packet.actual_length;
 
 for (i = 0; i < xfer->trb_count; i++) {
 XHCITRB *trb = &xfer->trbs[i];
@@ -1416,7 +1416,7 @@ static void xhci_xfer_report(XHCITransfer *xfer)
 
 if (!reported && ((trb->control & TRB_TR_IOC) ||
   (shortpkt && (trb->control & TRB_TR_ISP)) ||
-  (xfer->status != CC_SUCCESS))) {
+  (xfer->status != CC_SUCCESS && left == 0))) {
 event.slotid = xfer->slotid;
 event.epid = xfer->epid;
 event.length = (trb->status & 0x1) - chunk;
-- 
1.7.1

[Qemu-devel] [PATCH 7/8] xhci: Fix some DMA host endian bugs

[Gerd Hoffmann]

From: David Gibson 

The xhci device does correct endian switches on the results of some DMAs
but not all.  In particular, there are many DMAs of what are essentially
arrays of 32-bit integers which never get byteswapped.  This causes them
to be interpreted incorrectly on big-endian hosts, since (as per the xhci
spec) these arrays are always little-endian in guest memory.

This patch adds some helper functions to fix these bugs.  This may not be
all the endian bugs in the xhci code, but it's certainly some of them and
the Linux guest xhci driver certainly gets further with these fixes.

Signed-off-by: David Gibson 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-xhci.c |   81 +++-
 1 files changed, 54 insertions(+), 27 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index a181d45..8ef4b07 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -634,6 +634,34 @@ static inline dma_addr_t xhci_mask64(uint64_t addr)
 }
 }
 
+static inline void xhci_dma_read_u32s(XHCIState *xhci, dma_addr_t addr,
+  uint32_t *buf, size_t len)
+{
+int i;
+
+assert((len % sizeof(uint32_t)) == 0);
+
+pci_dma_read(&xhci->pci_dev, addr, buf, len);
+
+for (i = 0; i < (len / sizeof(uint32_t)); i++) {
+buf[i] = le32_to_cpu(buf[i]);
+}
+}
+
+static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr,
+   uint32_t *buf, size_t len)
+{
+int i;
+uint32_t tmp[len / sizeof(uint32_t)];
+
+assert((len % sizeof(uint32_t)) == 0);
+
+for (i = 0; i < (len / sizeof(uint32_t)); i++) {
+tmp[i] = cpu_to_le32(buf[i]);
+}
+pci_dma_write(&xhci->pci_dev, addr, tmp, len);
+}
+
 static XHCIPort *xhci_lookup_port(XHCIState *xhci, struct USBPort *uport)
 {
 int index;
@@ -1045,14 +1073,14 @@ static void xhci_set_ep_state(XHCIState *xhci, 
XHCIEPContext *epctx,
 {
 uint32_t ctx[5];
 
-pci_dma_read(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
+xhci_dma_read_u32s(xhci, epctx->pctx, ctx, sizeof(ctx));
 ctx[0] &= ~EP_STATE_MASK;
 ctx[0] |= state;
 ctx[2] = epctx->ring.dequeue | epctx->ring.ccs;
 ctx[3] = (epctx->ring.dequeue >> 16) >> 16;
 DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n",
 epctx->pctx, state, ctx[3], ctx[2]);
-pci_dma_write(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
+xhci_dma_write_u32s(xhci, epctx->pctx, ctx, sizeof(ctx));
 epctx->state = state;
 }
 
@@ -1881,14 +1909,14 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, 
unsigned int slotid,
 assert(slotid >= 1 && slotid <= xhci->numslots);
 
 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
-pci_dma_read(&xhci->pci_dev, dcbaap + 8*slotid, &poctx, sizeof(poctx));
+poctx = ldq_le_pci_dma(&xhci->pci_dev, dcbaap + 8*slotid);
 ictx = xhci_mask64(pictx);
-octx = xhci_mask64(le64_to_cpu(poctx));
+octx = xhci_mask64(poctx);
 
 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
 
-pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
+xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx));
 
 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] != 0x3) {
 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
@@ -1896,8 +1924,8 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, 
unsigned int slotid,
 return CC_TRB_ERROR;
 }
 
-pci_dma_read(&xhci->pci_dev, ictx+32, slot_ctx, sizeof(slot_ctx));
-pci_dma_read(&xhci->pci_dev, ictx+64, ep0_ctx, sizeof(ep0_ctx));
+xhci_dma_read_u32s(xhci, ictx+32, slot_ctx, sizeof(slot_ctx));
+xhci_dma_read_u32s(xhci, ictx+64, ep0_ctx, sizeof(ep0_ctx));
 
 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n",
 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
@@ -1951,8 +1979,8 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, 
unsigned int slotid,
 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n",
 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
 
-pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
-pci_dma_write(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
+xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx));
+xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx));
 
 return res;
 }
@@ -1985,17 +2013,17 @@ static TRBCCode xhci_configure_slot(XHCIState *xhci, 
unsigned int slotid,
 }
 }
 
-pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
+xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx));
 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
 slot_ctx[3] |= SLOT_ADDRESSED << SLOT_STATE_SHIFT;
 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
 slot_ctx[0], slot_ctx[1]

[Qemu-devel] [PATCH 3/8] ehci: Get rid of the magical PROC_ERR status

[Gerd Hoffmann]

From: Hans de Goede 

Instead make ehci_execute and ehci_fill_queue return the again value.

Signed-off-by: Hans de Goede 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci.c |   55 +++-
 1 files changed, 24 insertions(+), 31 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 3a1f513..73be575 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -29,9 +29,6 @@
 
 #include "hw/usb/hcd-ehci.h"
 
-/* internal processing - reset HC to try and recover */
-#define USB_RET_PROCERR   (-99)
-
 /* Capability Registers Base Address - section 2.2 */
 #define CAPLENGTH0x  /* 1-byte, 0x0001 reserved */
 #define HCIVERSION   0x0002  /* 2-bytes, i/f version # */
@@ -,7 +1108,7 @@ static int ehci_init_transfer(EHCIPacket *p)
 while (bytes > 0) {
 if (cpage > 4) {
 fprintf(stderr, "cpage out of range (%d)\n", cpage);
-return USB_RET_PROCERR;
+return -1;
 }
 
 page  = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
@@ -1248,8 +1245,7 @@ static void ehci_execute_complete(EHCIQueue *q)
 }
 }
 
-// 4.10.3
-
+/* 4.10.3 returns "again" */
 static int ehci_execute(EHCIPacket *p, const char *action)
 {
 USBEndpoint *ep;
@@ -1261,13 +1257,13 @@ static int ehci_execute(EHCIPacket *p, const char 
*action)
 
 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
 fprintf(stderr, "Attempting to execute inactive qtd\n");
-return USB_RET_PROCERR;
+return -1;
 }
 
 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
 ehci_trace_guest_bug(p->queue->ehci,
  "guest requested more bytes than allowed");
-return USB_RET_PROCERR;
+return -1;
 }
 
 p->pid = (p->qtd.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH;
@@ -1291,7 +1287,7 @@ static int ehci_execute(EHCIPacket *p, const char *action)
 
 if (p->async == EHCI_ASYNC_NONE) {
 if (ehci_init_transfer(p) != 0) {
-return USB_RET_PROCERR;
+return -1;
 }
 
 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
@@ -1310,14 +1306,10 @@ static int ehci_execute(EHCIPacket *p, const char 
*action)
 
 if (p->packet.actual_length > BUFF_SIZE) {
 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
-return USB_RET_PROCERR;
+return -1;
 }
 
-if (p->packet.status == USB_RET_SUCCESS) {
-return p->packet.actual_length;
-} else {
-return p->packet.status;
-}
+return 1;
 }
 
 /*  4.7.2
@@ -1352,7 +1344,7 @@ static int ehci_process_itd(EHCIState *ehci,
 }
 
 if (len > BUFF_SIZE) {
-return USB_RET_PROCERR;
+return -1;
 }
 
 qemu_sglist_init(&ehci->isgl, 2, ehci->dma);
@@ -1752,8 +1744,7 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
 break;
 case EHCI_ASYNC_INFLIGHT:
 /* Check if the guest has added new tds to the queue */
-again = (ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head)) ==
- USB_RET_PROCERR) ? -1 : 1;
+again = ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head));
 /* Unfinished async handled packet, go horizontal */
 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
 break;
@@ -1790,6 +1781,7 @@ static int ehci_state_horizqh(EHCIQueue *q)
 return again;
 }
 
+/* Returns "again" */
 static int ehci_fill_queue(EHCIPacket *p)
 {
 USBEndpoint *ep = p->packet.ep;
@@ -1818,17 +1810,14 @@ static int ehci_fill_queue(EHCIPacket *p)
 p = ehci_alloc_packet(q);
 p->qtdaddr = qtdaddr;
 p->qtd = qtd;
-p->usb_status = ehci_execute(p, "queue");
-if (p->usb_status == USB_RET_PROCERR) {
-break;
+if (ehci_execute(p, "queue") == -1) {
+return -1;
 }
-assert(p->usb_status == USB_RET_ASYNC);
+assert(p->packet.status == USB_RET_ASYNC);
 p->async = EHCI_ASYNC_INFLIGHT;
 }
-if (p->usb_status != USB_RET_PROCERR) {
-usb_device_flush_ep_queue(ep->dev, ep);
-}
-return p->usb_status;
+usb_device_flush_ep_queue(ep->dev, ep);
+return 1;
 }
 
 static int ehci_state_execute(EHCIQueue *q)
@@ -1857,23 +1846,27 @@ static int ehci_state_execute(EHCIQueue *q)
 ehci_set_usbsts(q->ehci, USBSTS_REC);
 }
 
-p->usb_status = ehci_execute(p, "process");
-if (p->usb_status == USB_RET_PROCERR) {
-again = -1;
+again = ehci_execute(p, "process");
+if (again == -1) {
 goto out;
 }
-if (p->usb_status == USB_RET_ASYNC) {
+if (p->packet.status == USB_RET_ASYNC) {
 ehci_flush_qh(q);
 trace_usb_ehci_packet_action(p->queue, p, "async");
 p->async = EHCI_ASYNC_INFLIGHT;
 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
 if (q->async) {
-