Re: [Qemu-devel] Problems with bridge Networking

[Mark McLoughlin]

On Thu, 2009-11-12 at 03:31 +, Armin Garcia wrote:
> I have the next problem I configure the tun/tap and all great any error,
> I have an IP from my dhcp, I can see my virtual machine (winxp) from my
> other computers, but  In my virtual machine I cant connect to internet,
> I mean, when I start my browser it doenst resolve anything, I cant see
> google or any another web page

I don't see an obvious problem; running tcpdump against the tap device
will give you more information as to what's going on

Also, make sure /proc/sys/net/bridge/bridge-nf-call-iptables is zero

Cheers,
Mark.

[Qemu-devel] [PATCH 04/20] pci: remove pci_addr_to_config() by open code

[Isaku Yamahata]

This patch removes pci_addr_to_config() and open code it
as suggested by Michael S. Tsirkin .

Signed-off-by: Isaku Yamahata 
---
 hw/pci_host.c |9 ++---
 1 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/hw/pci_host.c b/hw/pci_host.c
index 4196ebc..93c94e8 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -47,15 +47,10 @@ static inline PCIDevice *pci_addr_to_dev(PCIBus *bus, 
uint32_t addr)
 return pci_find_device(bus, bus_num, PCI_SLOT(devfn), PCI_FUNC(devfn));
 }
 
-static inline uint32_t pci_addr_to_config(uint32_t addr)
-{
-return addr & (PCI_CONFIG_SPACE_SIZE - 1);
-}
-
 void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len)
 {
 PCIDevice *pci_dev = pci_addr_to_dev(s, addr);
-uint32_t config_addr = pci_addr_to_config(addr);
+uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
 
 if (!pci_dev)
 return;
@@ -68,7 +63,7 @@ void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, 
int len)
 uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len)
 {
 PCIDevice *pci_dev = pci_addr_to_dev(s, addr);
-uint32_t config_addr = pci_addr_to_config(addr);
+uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
 uint32_t val;
 
 assert(len == 1 || len == 2 || len == 4);
-- 
1.6.0.2

[Qemu-devel] [PATCH 10/20] pci: kill unnecessary included in pci.c

[Isaku Yamahata]

including pci_host.h isn't needed by pci.c.
This patch kills it.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index e73f07c..67818b7 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -23,7 +23,6 @@
  */
 #include "hw.h"
 #include "pci.h"
-#include "pci_host.h"
 #include "monitor.h"
 #include "net.h"
 #include "sysemu.h"
-- 
1.6.0.2

[Qemu-devel] Handling Bios Interrupts

[Aditya Agarwal]

How or which section of the QEMU source is actually handling BIOS interrupt
call, I have written a
new user interrupt 0x79 in BIOS.BIN, but I need to ask QEMU to purposely
invoke INT 0x79 call,
where this ISR will write some byte info into BDA/BIOS DATA AREA.

[Qemu-devel] Posting to qemu-devel list

[Aditya Agarwal]

Please add my email id to post to the qemu-devel list.

Best,

Aditya

[Qemu-devel] [PATCH 20/20] pci: remove goto in pci_bridge_filter().

[Isaku Yamahata]

This patch removes ugly goto in pci_bridge_filter() by
introducing subfunction, pci_bridge_filter_nomap().

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |   16 +++-
 1 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index add919b..90bdf5e 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -691,6 +691,12 @@ static pcibus_t pci_bridge_get_limit(PCIDevice *bridge, 
uint8_t type)
 return limit;
 }
 
+static void pci_bridge_filter_nomap(pcibus_t *addr, pcibus_t *size)
+{
+*addr = PCI_BAR_UNMAPPED;
+*size = 0;
+}
+
 static void pci_bridge_filter(PCIDevice *d, pcibus_t *addr, pcibus_t *size,
   uint8_t type)
 {
@@ -703,11 +709,13 @@ static void pci_bridge_filter(PCIDevice *d, pcibus_t 
*addr, pcibus_t *size,
 
 if (type & PCI_BASE_ADDRESS_SPACE_IO) {
 if (!(cmd & PCI_COMMAND_IO)) {
-goto no_map;
+pci_bridge_filter_nomap(addr, size);
+return;
 }
 } else {
 if (!(cmd & PCI_COMMAND_MEMORY)) {
-goto no_map;
+pci_bridge_filter_nomap(addr, size);
+return;
 }
 }
 
@@ -716,9 +724,7 @@ static void pci_bridge_filter(PCIDevice *d, pcibus_t *addr, 
pcibus_t *size,
 }
 
 if (base > limit) {
-no_map:
-*addr = PCI_BAR_UNMAPPED;
-*size = 0;
+pci_bridge_filter_nomap(addr, size);
 } else {
 *addr = base;
 *size = limit - base + 1;
-- 
1.6.0.2

[Qemu-devel] [PATCH 13/20] pci: move typedef, PCIHostState, PCIExpressHost to qemu-common.h.

[Isaku Yamahata]

This patch moves two typedefs, PCIHostState and PCIExpressHost to
qemu-common.h for consistency as PCIBus and PCIDevice are typedefed
in qemu-common.h.

Signed-off-by: Isaku Yamahata 
---
 hw/pci_host.h  |4 ++--
 hw/pcie_host.h |4 ++--
 qemu-common.h  |2 ++
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/pci_host.h b/hw/pci_host.h
index cf3a339..a006687 100644
--- a/hw/pci_host.h
+++ b/hw/pci_host.h
@@ -30,11 +30,11 @@
 
 #include "sysbus.h"
 
-typedef struct {
+struct PCIHostState {
 SysBusDevice busdev;
 uint32_t config_reg;
 PCIBus *bus;
-} PCIHostState;
+};
 
 void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len);
 uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len);
diff --git a/hw/pcie_host.h b/hw/pcie_host.h
index a7771c9..7754ac9 100644
--- a/hw/pcie_host.h
+++ b/hw/pcie_host.h
@@ -24,7 +24,7 @@
 
 #include "pci_host.h"
 
-typedef struct {
+struct PCIExpressHost {
 PCIHostState pci;
 
 /* express part */
@@ -37,7 +37,7 @@ typedef struct {
 
 /* result of cpu_register_io_memory() to map MMCONFIG area */
 int mmio_index;
-} PCIExpressHost;
+};
 
 int pcie_host_init(PCIExpressHost *e);
 void pcie_host_mmcfg_unmap(PCIExpressHost *e);
diff --git a/qemu-common.h b/qemu-common.h
index b779cfe..8ecac61 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -198,6 +198,8 @@ typedef struct i2c_bus i2c_bus;
 typedef struct i2c_slave i2c_slave;
 typedef struct SMBusDevice SMBusDevice;
 typedef struct QEMUTimer QEMUTimer;
+typedef struct PCIHostState PCIHostState;
+typedef struct PCIExpressHost PCIExpressHost;
 typedef struct PCIBus PCIBus;
 typedef struct PCIDevice PCIDevice;
 typedef struct SerialState SerialState;
-- 
1.6.0.2

[Qemu-devel] [PATCH 17/20] pci: remove magic number, 256 in pci.c

[Isaku Yamahata]

This patch replaces magic number, 256, with ARRAY_SIZE().

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 2eff7fe..dce445a 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -487,7 +487,8 @@ static PCIDevice *do_pci_register_device(PCIDevice 
*pci_dev, PCIBus *bus,
  uint8_t header_type)
 {
 if (devfn < 0) {
-for(devfn = bus->devfn_min ; devfn < 256; devfn += 8) {
+for(devfn = bus->devfn_min ; devfn < ARRAY_SIZE(bus->devices);
+devfn += 8) {
 if (!bus->devices[devfn])
 goto found;
 }
@@ -1025,7 +1026,7 @@ static void pci_for_each_device_under_bus(PCIBus *bus,
 PCIDevice *d;
 int devfn;
 
-for(devfn = 0; devfn < 256; devfn++) {
+for(devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
 d = bus->devices[devfn];
 if (d)
 fn(bus, d);
-- 
1.6.0.2

[Qemu-devel] [PATCH 19/20] pci: pci bridge related clean up.

[Isaku Yamahata]

- fix bridge prefetchable memory accesser to check 64bit or not.
- use pcibus_t consistently instead mixing pcibus_t and uint64_t.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |   18 +++---
 hw/pci.h |1 +
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index d1b884a..add919b 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -634,19 +634,23 @@ static uint32_t pci_config_get_io_base(PCIDevice *d,
 return val;
 }
 
-static uint64_t pci_config_get_memory_base(PCIDevice *d, uint32_t base)
+static pcibus_t pci_config_get_memory_base(PCIDevice *d, uint32_t base)
 {
-return ((uint64_t)pci_get_word(d->config + base) & PCI_MEMORY_RANGE_MASK)
+return ((pcibus_t)pci_get_word(d->config + base) & PCI_MEMORY_RANGE_MASK)
 << 16;
 }
 
-static uint64_t pci_config_get_pref_base(PCIDevice *d,
+static pcibus_t pci_config_get_pref_base(PCIDevice *d,
  uint32_t base, uint32_t upper)
 {
-uint64_t val;
-val = ((uint64_t)pci_get_word(d->config + base) &
-   PCI_PREF_RANGE_MASK) << 16;
-val |= (uint64_t)pci_get_long(d->config + upper) << 32;
+pcibus_t tmp;
+pcibus_t val;
+
+tmp = (pcibus_t)pci_get_word(d->config + base);
+val = (tmp & PCI_PREF_RANGE_MASK) << 16;
+if (tmp & PCI_PREF_RANGE_TYPE_64) {
+val |= (pcibus_t)pci_get_long(d->config + upper) << 32;
+}
 return val;
 }
 
diff --git a/hw/pci.h b/hw/pci.h
index 72a476e..03639b7 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -131,6 +131,7 @@ typedef struct PCIIORegion {
 #define PCI_PREF_MEMORY_BASE0x24/* Prefetchable memory range behind */
 #define PCI_PREF_MEMORY_LIMIT   0x26
 #define  PCI_PREF_RANGE_MASK(~0x0fUL)
+#define  PCI_PREF_RANGE_TYPE_64 0x01
 #define PCI_PREF_BASE_UPPER32   0x28/* Upper half of prefetchable memory 
range */
 #define PCI_PREF_LIMIT_UPPER32 0x2c
 #define PCI_SUBSYSTEM_VENDOR_ID 0x2c/* 16 bits */
-- 
1.6.0.2

[Qemu-devel] [PATCH 14/20] pci: remove unused constants.

[Isaku Yamahata]

This patch removes unused constants committed by
fb23162885f7fd8cf7334bed22c25ac32c7d8b9d.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.h |9 -
 1 files changed, 0 insertions(+), 9 deletions(-)

diff --git a/hw/pci.h b/hw/pci.h
index 988d2c0..72a476e 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -101,14 +101,6 @@ typedef struct PCIIORegion {
 #define  PCI_COMMAND_IO0x1 /* Enable response in I/O space 
*/
 #define  PCI_COMMAND_MEMORY0x2 /* Enable response in Memory space */
 #define  PCI_COMMAND_MASTER0x4 /* Enable bus master */
-#define  PCI_COMMAND_SPECIAL   0x8 /* Enable response to special cycles */
-#define  PCI_COMMAND_INVALIDATE 0x10   /* Use memory write and invalidate */
-#define  PCI_COMMAND_VGA_PALETTE 0x20  /* Enable palette snooping */
-#define  PCI_COMMAND_PARITY0x40/* Enable parity checking */
-#define  PCI_COMMAND_WAIT  0x80/* Enable address/data stepping */
-#define  PCI_COMMAND_SERR  0x100   /* Enable SERR */
-#define  PCI_COMMAND_FAST_BACK 0x200   /* Enable back-to-back writes */
-#define  PCI_COMMAND_INTX_DISABLE 0x400 /* INTx Emulation Disable */
 #define PCI_STATUS  0x06/* 16 bits */
 #define PCI_REVISION_ID 0x08/* 8 bits  */
 #define PCI_CLASS_PROG 0x09/* Reg. Level Programming Interface */
@@ -128,7 +120,6 @@ typedef struct PCIIORegion {
 #define PCI_PRIMARY_BUS0x18/* Primary bus number */
 #define PCI_SECONDARY_BUS  0x19/* Secondary bus number */
 #define PCI_SUBORDINATE_BUS0x1a/* Highest bus number behind the bridge 
*/
-#define PCI_SEC_LATENCY_TIMER   0x1b/* Latency timer for secondary 
interface */
 #define PCI_IO_BASE 0x1c/* I/O range behind the bridge */
 #define PCI_IO_LIMIT0x1d
 #define  PCI_IO_RANGE_TYPE_32  0x01
-- 
1.6.0.2

[Qemu-devel] [PATCH 16/20] pci: kill goto in pci_update_mappings()

[Isaku Yamahata]

This patch kills nasty goto in pci_update_mappings().

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |   54 --
 1 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index cae3d53..2eff7fe 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -756,35 +756,37 @@ static void pci_update_mappings(PCIDevice *d)
 new_addr = pci_get_long(d->config + pci_bar(d, i));
 }
 /* the ROM slot has a specific enable bit */
-if (i == PCI_ROM_SLOT && !(new_addr & PCI_ROM_ADDRESS_ENABLE))
-goto no_mem_map;
-new_addr = new_addr & ~(r->size - 1);
-last_addr = new_addr + r->size - 1;
-/* NOTE: we do not support wrapping */
-/* XXX: as we cannot support really dynamic
-   mappings, we handle specific values as invalid
-   mappings. */
-if (last_addr <= new_addr || new_addr == 0 ||
-last_addr == PCI_BAR_UNMAPPED ||
-
-/* Now pcibus_t is 64bit.
- * Check if 32 bit BAR wrap around explicitly.
- * Without this, PC ide doesn't work well.
- * TODO: remove this work around.
- */
-(!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64) &&
- last_addr >= UINT32_MAX) ||
-
-/*
- * OS is allowed to set BAR beyond its addressable
- * bits. For example, 32 bit OS can set 64bit bar
- * to >4G. Check it.
- */
-last_addr >= TARGET_PHYS_ADDR_MAX) {
+if (i == PCI_ROM_SLOT &&
+!(new_addr & PCI_ROM_ADDRESS_ENABLE)) {
 new_addr = PCI_BAR_UNMAPPED;
+} else {
+new_addr = new_addr & ~(r->size - 1);
+last_addr = new_addr + r->size - 1;
+/* NOTE: we do not support wrapping */
+/* XXX: as we cannot support really dynamic
+   mappings, we handle specific values as invalid
+   mappings. */
+if (last_addr <= new_addr || new_addr == 0 ||
+last_addr == PCI_BAR_UNMAPPED ||
+
+/* Now pcibus_t is 64bit.
+ * Check if 32 bit BAR wrap around explicitly.
+ * Without this, PC ide doesn't work well.
+ * TODO: remove this work around.
+ */
+(!(r->type & PCI_BASE_ADDRESS_MEM_TYPE_64) &&
+ last_addr >= UINT32_MAX) ||
+
+/*
+ * OS is allowed to set BAR beyond its addressable
+ * bits. For example, 32 bit OS can set 64bit bar
+ * to >4G. Check it.
+ */
+last_addr >= TARGET_PHYS_ADDR_MAX) {
+new_addr = PCI_BAR_UNMAPPED;
+}
 }
 } else {
-no_mem_map:
 new_addr = PCI_BAR_UNMAPPED;
 }
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 18/20] pci: fix pci_config_get_io_base().

[Isaku Yamahata]

fix typo in pci_config_get_io_base().

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index dce445a..d1b884a 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -629,7 +629,7 @@ static uint32_t pci_config_get_io_base(PCIDevice *d,
 
 val = ((uint32_t)d->config[base] & PCI_IO_RANGE_MASK) << 8;
 if (d->config[base] & PCI_IO_RANGE_TYPE_32) {
-val |= (uint32_t)pci_get_word(d->config + PCI_IO_BASE_UPPER16) << 16;
+val |= (uint32_t)pci_get_word(d->config + base_upper16) << 16;
 }
 return val;
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 07/20] pci: remove pci_sub_bus() by open coding.

[Isaku Yamahata]

Because pci_sub_bus() is used only once so eliminate it
by open coding as suggested by "Michael S. Tsirkin" .

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |   12 
 1 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 4169d4f..bdd4063 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -239,13 +239,6 @@ int pci_bus_num(PCIBus *s)
 return s->parent_dev->config[PCI_SECONDARY_BUS];
 }
 
-static uint8_t pci_sub_bus(PCIBus *s)
-{
-if (!s->parent_dev)
-return 255; /* pci host bridge */
-return s->parent_dev->config[PCI_SUBORDINATE_BUS];
-}
-
 static int get_pci_config_device(QEMUFile *f, void *pv, size_t size)
 {
 PCIDevice *s = container_of(pv, PCIDevice, config);
@@ -1179,7 +1172,10 @@ PCIBus *pci_find_bus(PCIBus *bus, int bus_num)
 
 /* try child bus */
 QLIST_FOREACH(sec, &bus->child, sibling) {
-if (pci_bus_num(sec) <= bus_num && bus_num <= pci_sub_bus(sec)) {
+
+if (!bus->parent_dev /* pci host bridge */
+|| (pci_bus_num(sec) <= bus_num &&
+bus->parent_dev->config[PCI_SUBORDINATE_BUS])) {
 return pci_find_bus(sec, bus_num);
 }
 }
-- 
1.6.0.2

[Qemu-devel] [PATCH 05/20] pci: rename pci_addr_to_dev(), pcie_mmcfg_addr_to_dev().

[Isaku Yamahata]

This patch renames pci_addr_to_dev(), pcie_mmcfg_addr_to_dev()
to pci_dev_find_by_addr(), pcie_dev_find_by_mmcfg_addr()
as "Michael S. Tsirkin"  suggested.

Signed-off-by: Isaku Yamahata 
---
 hw/pci_host.c  |6 +++---
 hw/pcie_host.c |7 ---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/pci_host.c b/hw/pci_host.c
index 93c94e8..adecd7e 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -40,7 +40,7 @@ do { printf("pci_host_data: " fmt , ## __VA_ARGS__); } while 
(0)
  */
 
 /* the helper functio to get a PCIDeice* for a given pci address */
-static inline PCIDevice *pci_addr_to_dev(PCIBus *bus, uint32_t addr)
+static inline PCIDevice *pci_dev_find_by_addr(PCIBus *bus, uint32_t addr)
 {
 uint8_t bus_num = (addr >> 16) & 0xff;
 uint8_t devfn = (addr >> 8) & 0xff;
@@ -49,7 +49,7 @@ static inline PCIDevice *pci_addr_to_dev(PCIBus *bus, 
uint32_t addr)
 
 void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len)
 {
-PCIDevice *pci_dev = pci_addr_to_dev(s, addr);
+PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
 uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
 
 if (!pci_dev)
@@ -62,7 +62,7 @@ void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, 
int len)
 
 uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len)
 {
-PCIDevice *pci_dev = pci_addr_to_dev(s, addr);
+PCIDevice *pci_dev = pci_dev_find_by_addr(s, addr);
 uint32_t config_addr = addr & (PCI_CONFIG_SPACE_SIZE - 1);
 uint32_t val;
 
diff --git a/hw/pcie_host.c b/hw/pcie_host.c
index 61285da..08c3527 100644
--- a/hw/pcie_host.c
+++ b/hw/pcie_host.c
@@ -46,7 +46,8 @@
 
 
 /* a helper function to get a PCIDevice for a given mmconfig address */
-static inline PCIDevice *pcie_mmcfg_addr_to_dev(PCIBus *s, uint32_t mmcfg_addr)
+static inline PCIDevice *pcie_dev_find_by_mmcfg_addr(PCIBus *s,
+ uint32_t mmcfg_addr)
 {
 return pci_find_device(s, PCIE_MMCFG_BUS(mmcfg_addr),
PCI_SLOT(PCIE_MMCFG_DEVFN(mmcfg_addr)),
@@ -56,7 +57,7 @@ static inline PCIDevice *pcie_mmcfg_addr_to_dev(PCIBus *s, 
uint32_t mmcfg_addr)
 static void pcie_mmcfg_data_write(PCIBus *s,
   uint32_t mmcfg_addr, uint32_t val, int len)
 {
-PCIDevice *pci_dev = pcie_mmcfg_addr_to_dev(s, mmcfg_addr);
+PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
 
 if (!pci_dev)
 return;
@@ -68,7 +69,7 @@ static void pcie_mmcfg_data_write(PCIBus *s,
 static uint32_t pcie_mmcfg_data_read(PCIBus *s,
  uint32_t mmcfg_addr, int len)
 {
-PCIDevice *pci_dev = pcie_mmcfg_addr_to_dev(s, mmcfg_addr);
+PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
 uint32_t val;
 
 assert(len == 1 || len == 2 || len == 4);
-- 
1.6.0.2

[Qemu-devel] [PATCH 11/20] pci: clean up of pci_init_wmask().

[Isaku Yamahata]

This patch replaces for loop by memset in pci_init_wmask().

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 67818b7..9698efb 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -426,15 +426,15 @@ static void pci_init_cmask(PCIDevice *dev)
 
 static void pci_init_wmask(PCIDevice *dev)
 {
-int i;
 int config_size = pci_config_size(dev);
 
 dev->wmask[PCI_CACHE_LINE_SIZE] = 0xff;
 dev->wmask[PCI_INTERRUPT_LINE] = 0xff;
 pci_set_word(dev->wmask + PCI_COMMAND,
  PCI_COMMAND_IO | PCI_COMMAND_MEMORY | PCI_COMMAND_MASTER);
-for (i = PCI_CONFIG_HEADER_SIZE; i < config_size; ++i)
-dev->wmask[i] = 0xff;
+
+memset(dev->wmask + PCI_CONFIG_HEADER_SIZE, 0xff,
+   config_size - PCI_CONFIG_HEADER_SIZE);
 }
 
 static void pci_init_wmask_bridge(PCIDevice *d)
-- 
1.6.0.2

[Qemu-devel] [PATCH 03/20] pci: simplify pci_data_read(), pcie_mmcfg_data_read().

[Isaku Yamahata]

simplify ugly switch by memcpy trick.
And add one assert().

Signed-off-by: Isaku Yamahata 
---
 hw/pci_host.c  |   16 
 hw/pcie_host.c |   16 
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/hw/pci_host.c b/hw/pci_host.c
index f4518dc..4196ebc 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -71,19 +71,11 @@ uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len)
 uint32_t config_addr = pci_addr_to_config(addr);
 uint32_t val;
 
+assert(len == 1 || len == 2 || len == 4);
 if (!pci_dev) {
-switch(len) {
-case 1:
-val = 0xff;
-break;
-case 2:
-val = 0x;
-break;
-default:
-case 4:
-val = 0x;
-break;
-}
+val = 0;
+memset(&val, 0xff, len);
+val = le32_to_cpu(val);
 } else {
 val = pci_dev->config_read(pci_dev, config_addr, len);
 PCI_DPRINTF("%s: %s: addr=%02"PRIx32" val=%08"PRIx32" len=%d\n",
diff --git a/hw/pcie_host.c b/hw/pcie_host.c
index b52fec6..61285da 100644
--- a/hw/pcie_host.c
+++ b/hw/pcie_host.c
@@ -71,19 +71,11 @@ static uint32_t pcie_mmcfg_data_read(PCIBus *s,
 PCIDevice *pci_dev = pcie_mmcfg_addr_to_dev(s, mmcfg_addr);
 uint32_t val;
 
+assert(len == 1 || len == 2 || len == 4);
 if (!pci_dev) {
-switch(len) {
-case 1:
-val = 0xff;
-break;
-case 2:
-val = 0x;
-break;
-default:
-case 4:
-val = 0x;
-break;
-}
+val = 0;
+memset(&val, 0xff, len);
+val = le32_to_cpu(val);
 } else {
 val = pci_dev->config_read(pci_dev,
PCIE_MMCFG_CONFOFFSET(mmcfg_addr), len);
-- 
1.6.0.2

[Qemu-devel] [PATCH 08/20] pci: s/pci_find_host_bus/pci_find_root_bus/g

[Isaku Yamahata]

This patch renames pci_find_host_bus() to pci_find_root_bus()
as suggested by "Michael S. Tsirkin" .

Signed-off-by: Isaku Yamahata 
---
 hw/pci-hotplug.c |4 ++--
 hw/pci.c |8 
 hw/pci.h |2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
index a254498..081d6d1 100644
--- a/hw/pci-hotplug.c
+++ b/hw/pci-hotplug.c
@@ -113,7 +113,7 @@ void drive_hot_add(Monitor *mon, const QDict *qdict)
 if (pci_read_devaddr(mon, pci_addr, &dom, &pci_bus, &slot)) {
 goto err;
 }
-dev = pci_find_device(pci_find_host_bus(0), pci_bus, slot, 0);
+dev = pci_find_device(pci_find_root_bus(0), pci_bus, slot, 0);
 if (!dev) {
 monitor_printf(mon, "no pci device with address %s\n", pci_addr);
 goto err;
@@ -257,7 +257,7 @@ void pci_device_hot_remove(Monitor *mon, const char 
*pci_addr)
 return;
 }
 
-d = pci_find_device(pci_find_host_bus(0), bus, slot, 0);
+d = pci_find_device(pci_find_root_bus(0), bus, slot, 0);
 if (!d) {
 monitor_printf(mon, "slot %d empty\n", slot);
 return;
diff --git a/hw/pci.c b/hw/pci.c
index bdd4063..e73f07c 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -146,7 +146,7 @@ static void pci_host_bus_register(int domain, PCIBus *bus)
 QLIST_INSERT_HEAD(&host_buses, host, next);
 }
 
-PCIBus *pci_find_host_bus(int domain)
+PCIBus *pci_find_root_bus(int domain)
 {
 struct PCIHostBus *host;
 
@@ -372,7 +372,7 @@ static int pci_parse_devaddr(const char *addr, int *domp, 
int *busp, unsigned *s
return -1;
 
 /* Note: QEMU doesn't implement domains other than 0 */
-if (!pci_find_bus(pci_find_host_bus(dom), bus))
+if (!pci_find_bus(pci_find_root_bus(dom), bus))
return -1;
 
 *domp = dom;
@@ -402,7 +402,7 @@ PCIBus *pci_get_bus_devfn(int *devfnp, const char *devaddr)
 
 if (!devaddr) {
 *devfnp = -1;
-return pci_find_bus(pci_find_host_bus(0), 0);
+return pci_find_bus(pci_find_root_bus(0), 0);
 }
 
 if (pci_parse_devaddr(devaddr, &dom, &bus, &slot) < 0) {
@@ -410,7 +410,7 @@ PCIBus *pci_get_bus_devfn(int *devfnp, const char *devaddr)
 }
 
 *devfnp = slot << 3;
-return pci_find_bus(pci_find_host_bus(0), bus);
+return pci_find_bus(pci_find_root_bus(0), bus);
 }
 
 static void pci_init_cmask(PCIDevice *dev)
diff --git a/hw/pci.h b/hw/pci.h
index d3378d3..cd04189 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -295,7 +295,7 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char 
*default_model,
const char *default_devaddr);
 int pci_bus_num(PCIBus *s);
 void pci_for_each_device(PCIBus *bus, int bus_num, void (*fn)(PCIBus *bus, 
PCIDevice *d));
-PCIBus *pci_find_host_bus(int domain);
+PCIBus *pci_find_root_bus(int domain);
 PCIBus *pci_find_bus(PCIBus *bus, int bus_num);
 PCIDevice *pci_find_device(PCIBus *bus, int bus_num, int slot, int function);
 PCIBus *pci_get_bus_devfn(int *devfnp, const char *devaddr);
-- 
1.6.0.2

[Qemu-devel] [PATCH 00/20] PCI express clean up patches.

[Isaku Yamahata]

Here is the patch series to clean up PCI express patches.
Although there remained some issues to address, the PCI express
patches was commited while I wasn't responsive last week. (Sorry for that)
This patch series addresses the remained issues.

They are mostly trivial fixes or cosmetics suggested by Michael.
I think I've covered almost all the issues. If I missed anything,
please be kind to point it out again.

Some random comments:

- PCI configuration space register constant.
  Now they're defined in pci.h and their symbol name is same to Linux's
  pci_regs.h.
  So it would make sense to import Linux pci_regs.h and remove the
  definitions in pci.h. If this is acceptable, I'll create the patch.

- PCI configuration space helper functions.
  Now range checking helper functions are introduced.
  range_overlaps() and so on.
  So it's possible to clean up each PCI devices by using them.
  If acceptable, I'll create the patch.

- endian swap related to PCI host bridge/guest endian/host endian:
  I gave up to address this.
  I'll leave it to someone who knows PPC spec well and has access to
  a big endian host machine.

- PCI bridge clean up:
  PCI bridge stuff needs more clean up. Possibly it would result
  in a new file pci_bridge.c.
  I'd like to address it later. Anyway I have to do it when
  I implement PCI express hot plug.
  
- PCI express initialization:
  Since it uses PCI initialization code, so it isn't separated
  from PCI cleanly.
  One possible way is to introduce PCI express specific qdev
  register function (PCIEDeviceInfo, pcie_qdev_register() and
  pcie_qdev_init() which calls pci_qdev_init()).
  I'm not sure it's worth while at the moment so I'd like to
  leave it untouched for now.

thanks,

Isaku Yamahata (20):
  pci: fix pci_info_device().
  pci: move pci_data_{read, write}() declaration from pci.h to
pci_host.h
  pci: simplify pci_data_read(), pcie_mmcfg_data_read().
  pci: remove pci_addr_to_config() by open code
  pci: rename pci_addr_to_dev(), pcie_mmcfg_addr_to_dev().
  pci: shorten pci_host_{conf, data}_register_xxx function a bit.
  pci: remove pci_sub_bus() by open coding.
  pci: s/pci_find_host_bus/pci_find_root_bus/g
  pci_host: remove unnecessary & 0xff.
  pci: kill unnecessary included in pci.c
  pci: clean up of pci_init_wmask().
  pci: remove some unnecessary comment in pci.h
  pci: move typedef, PCIHostState, PCIExpressHost to qemu-common.h.
  pci: remove unused constants.
  pci: clean up of pci_update_mappings()
  pci: kill goto in pci_update_mappings()
  pci: remove magic number, 256 in pci.c
  pci: fix pci_config_get_io_base().
  pci: pci bridge related clean up.
  pci: remove goto in pci_bridge_filter().

 hw/apb_pci.c |4 +-
 hw/grackle_pci.c |8 ++--
 hw/pci-hotplug.c |4 +-
 hw/pci.c |  126 -
 hw/pci.h |   25 ++-
 hw/pci_host.c|   44 +++
 hw/pci_host.h|   15 ---
 hw/pcie_host.c   |   23 +++--
 hw/pcie_host.h   |4 +-
 hw/piix_pci.c|2 +-
 hw/ppc4xx_pci.c  |2 +-
 hw/ppce500_pci.c |4 +-
 hw/prep_pci.c|2 +-
 hw/unin_pci.c|   16 +++---
 qemu-common.h|2 +
 15 files changed, 129 insertions(+), 152 deletions(-)

[Qemu-devel] [PATCH 12/20] pci: remove some unnecessary comment in pci.h

[Isaku Yamahata]

This patch removes some comment which should go into commit log
in pci.h.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.h |   11 ++-
 1 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/hw/pci.h b/hw/pci.h
index cd04189..988d2c0 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -382,17 +382,10 @@ typedef struct {
 PCIConfigWriteFunc *config_write;
 
 /* pci config header type */
-uint8_t header_type;/* this is necessary for initialization
- * code to know its header type before
- * device specific code can initialize
- * configuration space.
- */
+uint8_t header_type;
 
 /* pcie stuff */
-int is_express;   /* is this device pci express?
-   * initialization code needs to know this before
-   * each specific device initialization.
-   */
+int is_express;   /* is this device pci express? */
 } PCIDeviceInfo;
 
 void pci_qdev_register(PCIDeviceInfo *info);
-- 
1.6.0.2

[Qemu-devel] [PATCH 15/20] pci: clean up of pci_update_mappings()

[Isaku Yamahata]

This patch converts r->size == 0 to !r_size.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 9698efb..cae3d53 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -732,7 +732,7 @@ static void pci_update_mappings(PCIDevice *d)
 r = &d->io_regions[i];
 
 /* this region isn't registered */
-if (r->size == 0)
+if (!r->size)
 continue;
 
 if (r->type & PCI_BASE_ADDRESS_SPACE_IO) {
-- 
1.6.0.2

[Qemu-devel] [PATCH 02/20] pci: move pci_data_{read, write}() declaration from pci.h to pci_host.h

[Isaku Yamahata]

Now pci host stuff has been moved from pci.[hc] to pci_host.[hc]
so the declaration of pci_data_{read, write}() should be in
pci_host.h
This patch moves them from pci.h to pci_host.h for consistency.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.h  |2 --
 hw/pci_host.h |3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/pci.h b/hw/pci.h
index 9a56d0d..d3378d3 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -293,8 +293,6 @@ PCIDevice *pci_nic_init(NICInfo *nd, const char 
*default_model,
 const char *default_devaddr);
 PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char *default_model,
const char *default_devaddr);
-void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len);
-uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len);
 int pci_bus_num(PCIBus *s);
 void pci_for_each_device(PCIBus *bus, int bus_num, void (*fn)(PCIBus *bus, 
PCIDevice *d));
 PCIBus *pci_find_host_bus(int domain);
diff --git a/hw/pci_host.h b/hw/pci_host.h
index e5e877f..7cfa693 100644
--- a/hw/pci_host.h
+++ b/hw/pci_host.h
@@ -36,6 +36,9 @@ typedef struct {
 PCIBus *bus;
 } PCIHostState;
 
+void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, int len);
+uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len);
+
 /* for mmio */
 int pci_host_config_register_io_memory(PCIHostState *s);
 int pci_host_config_register_io_memory_noswap(PCIHostState *s);
-- 
1.6.0.2

[Qemu-devel] [PATCH 01/20] pci: fix pci_info_device().

[Isaku Yamahata]

It printed wrong limit value of bridge.
This patch fixes it.

Signed-off-by: Isaku Yamahata 
---
 hw/pci.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 2ab1117..4169d4f 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -985,7 +985,7 @@ static void pci_info_device(PCIBus *bus, PCIDevice *d)
base, limit);
 
 base = pci_bridge_get_base(d, PCI_BASE_ADDRESS_SPACE_MEMORY);
-limit= pci_config_get_memory_base(d, PCI_BASE_ADDRESS_SPACE_MEMORY);
+limit= pci_bridge_get_limit(d, PCI_BASE_ADDRESS_SPACE_MEMORY);
 monitor_printf(mon,
"  memory range [0x%08"PRIx64", 0x%08"PRIx64"]\n",
base, limit);
-- 
1.6.0.2

[Qemu-devel] [PATCH 09/20] pci_host: remove unnecessary & 0xff.

[Isaku Yamahata]

This patch removes unnecessary & 0xff in pci_dev_find_by_addr().

Signed-off-by: Isaku Yamahata 
---
 hw/pci_host.c |5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/pci_host.c b/hw/pci_host.c
index cd2ceb7..672d173 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -42,8 +42,9 @@ do { printf("pci_host_data: " fmt , ## __VA_ARGS__); } while 
(0)
 /* the helper functio to get a PCIDeice* for a given pci address */
 static inline PCIDevice *pci_dev_find_by_addr(PCIBus *bus, uint32_t addr)
 {
-uint8_t bus_num = (addr >> 16) & 0xff;
-uint8_t devfn = (addr >> 8) & 0xff;
+uint8_t bus_num = addr >> 16;
+uint8_t devfn = addr >> 8;
+
 return pci_find_device(bus, bus_num, PCI_SLOT(devfn), PCI_FUNC(devfn));
 }
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 06/20] pci: shorten pci_host_{conf, data}_register_xxx function a bit.

[Isaku Yamahata]

pci_host_data_register_io_memory and its variants are too long a bit.
So shorten them. Now they are
pci_host_{conf, data}_register_{mmio, mmio_noswap, ioport}()

Signed-off-by: Isaku Yamahata 
---
 hw/apb_pci.c |4 ++--
 hw/grackle_pci.c |8 
 hw/pci_host.c|8 
 hw/pci_host.h|8 
 hw/piix_pci.c|2 +-
 hw/ppc4xx_pci.c  |2 +-
 hw/ppce500_pci.c |4 ++--
 hw/prep_pci.c|2 +-
 hw/unin_pci.c|   16 
 9 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/hw/apb_pci.c b/hw/apb_pci.c
index 3999879..1a16a22 100644
--- a/hw/apb_pci.c
+++ b/hw/apb_pci.c
@@ -235,10 +235,10 @@ static int pci_pbm_init_device(SysBusDevice *dev)
   pci_apb_iowrite, s);
 sysbus_init_mmio(dev, 0x1ULL, pci_ioport);
 /* mem_config  */
-pci_mem_config = pci_host_config_register_io_memory(&s->host_state);
+pci_mem_config = pci_host_conf_register_mmio(&s->host_state);
 sysbus_init_mmio(dev, 0x10ULL, pci_mem_config);
 /* mem_data */
-pci_mem_data = pci_host_data_register_io_memory(&s->host_state);
+pci_mem_data = pci_host_data_register_mmio(&s->host_state);
 sysbus_init_mmio(dev, 0x1000ULL, pci_mem_data);
 return 0;
 }
diff --git a/hw/grackle_pci.c b/hw/grackle_pci.c
index f3a8a7d..089d1fb 100644
--- a/hw/grackle_pci.c
+++ b/hw/grackle_pci.c
@@ -108,8 +108,8 @@ static int pci_grackle_init_device(SysBusDevice *dev)
 
 s = FROM_SYSBUS(GrackleState, dev);
 
-pci_mem_config = pci_host_config_register_io_memory(&s->host_state);
-pci_mem_data = pci_host_data_register_io_memory(&s->host_state);
+pci_mem_config = pci_host_conf_register_mmio(&s->host_state);
+pci_mem_data = pci_host_data_register_mmio(&s->host_state);
 sysbus_init_mmio(dev, 0x1000, pci_mem_config);
 sysbus_init_mmio(dev, 0x1000, pci_mem_data);
 
@@ -126,8 +126,8 @@ static int pci_dec_21154_init_device(SysBusDevice *dev)
 
 s = FROM_SYSBUS(GrackleState, dev);
 
-pci_mem_config = pci_host_config_register_io_memory(&s->host_state);
-pci_mem_data = pci_host_data_register_io_memory(&s->host_state);
+pci_mem_config = pci_host_conf_register_mmio(&s->host_state);
+pci_mem_data = pci_host_data_register_mmio(&s->host_state);
 sysbus_init_mmio(dev, 0x1000, pci_mem_config);
 sysbus_init_mmio(dev, 0x1000, pci_mem_data);
 return 0;
diff --git a/hw/pci_host.c b/hw/pci_host.c
index adecd7e..cd2ceb7 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -118,7 +118,7 @@ static CPUReadMemoryFunc * const pci_host_config_read[] = {
 &pci_host_config_readl,
 };
 
-int pci_host_config_register_io_memory(PCIHostState *s)
+int pci_host_conf_register_mmio(PCIHostState *s)
 {
 return cpu_register_io_memory(pci_host_config_read,
   pci_host_config_write, s);
@@ -158,7 +158,7 @@ static CPUReadMemoryFunc * const 
pci_host_config_read_noswap[] = {
 &pci_host_config_readl_noswap,
 };
 
-int pci_host_config_register_io_memory_noswap(PCIHostState *s)
+int pci_host_conf_register_mmio_noswap(PCIHostState *s)
 {
 return cpu_register_io_memory(pci_host_config_read_noswap,
   pci_host_config_write_noswap, s);
@@ -182,7 +182,7 @@ static uint32_t pci_host_config_readl_ioport(void *opaque, 
uint32_t addr)
 return val;
 }
 
-void pci_host_config_register_ioport(pio_addr_t ioport, PCIHostState *s)
+void pci_host_conf_register_ioport(pio_addr_t ioport, PCIHostState *s)
 {
 register_ioport_write(ioport, 4, 4, pci_host_config_writel_ioport, s);
 register_ioport_read(ioport, 4, 4, pci_host_config_readl_ioport, s);
@@ -205,7 +205,7 @@ static CPUReadMemoryFunc * const pci_host_data_read_mmio[] 
= {
 pci_host_data_readl_mmio,
 };
 
-int pci_host_data_register_io_memory(PCIHostState *s)
+int pci_host_data_register_mmio(PCIHostState *s)
 {
 return cpu_register_io_memory(pci_host_data_read_mmio,
   pci_host_data_write_mmio,
diff --git a/hw/pci_host.h b/hw/pci_host.h
index 7cfa693..cf3a339 100644
--- a/hw/pci_host.h
+++ b/hw/pci_host.h
@@ -40,12 +40,12 @@ void pci_data_write(PCIBus *s, uint32_t addr, uint32_t val, 
int len);
 uint32_t pci_data_read(PCIBus *s, uint32_t addr, int len);
 
 /* for mmio */
-int pci_host_config_register_io_memory(PCIHostState *s);
-int pci_host_config_register_io_memory_noswap(PCIHostState *s);
-int pci_host_data_register_io_memory(PCIHostState *s);
+int pci_host_conf_register_mmio(PCIHostState *s);
+int pci_host_conf_register_mmio_noswap(PCIHostState *s);
+int pci_host_data_register_mmio(PCIHostState *s);
 
 /* for ioio */
-void pci_host_config_register_ioport(pio_addr_t ioport, PCIHostState *s);
+void pci_host_conf_register_ioport(pio_addr_t ioport, PCIHostState *s);
 void pci_host_data_register_ioport(pio_addr_t ioport, PCIHostState *s);
 
 #endif /* PCI_HOST_H */
diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index 5fb7d7b..a44f941 100644
--- a/hw/

Re: [Qemu-devel] load-store experiment...

[Chad]

On Wed, Nov 11, 2009 at 7:41 AM, Laurent Desnogues <
laurent.desnog...@gmail.com> wrote:

>
> > This version of tcg_out_mov for i386's tcg-target.c filters out the
> >
> > mov %ebx, %edx
> > mov %ebx, [some index]
> > mov %edx, %ebx
>
> The question is:  what TCG sequence produces this kind of code?
>
> I added register and instruction dumps - every case is related to
qemu_[ld/st], which makes sense since it's output is outside of tcg's
regular register tracking...

- Chad

[Qemu-devel] Re: [PATCH V6 28/32] pci: initialize pci config headers depending it pci header type.

[Isaku Yamahata]

On Tue, Nov 03, 2009 at 04:27:18PM +0200, Michael S. Tsirkin wrote:
> On Fri, Oct 30, 2009 at 09:21:22PM +0900, Isaku Yamahata wrote:
> > - Only sets default subsystem id for header type 00.(normal header type)
> >   because header type 01 doesn't have subsystem id, and uses the register
> >   for other purpose. So setting default subsystem id doesn't make sense.
> > 
> > - initialize wmask more for header type 01.(bridge header type)
> >   Without those wmasks, linux was confused not boot,
> >   and lspci was confused not to print out expected IO/memory range.
> > 
> > Signed-off-by: Isaku Yamahata 
> > ---
> >  hw/cirrus_vga.c |1 -
> >  hw/pci.c|   42 ++
> >  hw/pci.h|   29 +
> >  3 files changed, 67 insertions(+), 5 deletions(-)
> > 
> > diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
> > index ef72c62..c1bafd3 100644
> > --- a/hw/cirrus_vga.c
> > +++ b/hw/cirrus_vga.c
> > @@ -180,7 +180,6 @@
> >  #define PCI_COMMAND_PALETTESNOOPING 0x0020
> >  #define PCI_COMMAND_PARITYDETECTION 0x0040
> >  #define PCI_COMMAND_ADDRESSDATASTEPPING 0x0080
> > -#define PCI_COMMAND_SERR0x0100
> >  #define PCI_COMMAND_BACKTOBACKTRANS 0x0200
> >  // PCI 0x08, 0xff00 (0x09-0x0b:class,0x08:rev)
> >  #define PCI_CLASS_BASE_DISPLAY0x03
> > diff --git a/hw/pci.c b/hw/pci.c
> > index 46b22ec..beefae3 100644
> > --- a/hw/pci.c
> > +++ b/hw/pci.c
> > @@ -445,6 +445,30 @@ static void pci_init_wmask(PCIDevice *dev)
> >  dev->wmask[i] = 0xff;
> >  }
> >  
> > +static void pci_init_wmask_bridge(PCIDevice *d)
> > +{
> > +/* PCI_PRIMARY_BUS, PCI_SECONDARY_BUS, PCI_SUBORDINATE_BUS and
> > +   PCI_SEC_LETENCY_TIMER */
> > +memset(d->wmask + PCI_PRIMARY_BUS, 0xff, 4);
> > +
> > +/* base and limit */
> > +d->wmask[PCI_IO_BASE] = PCI_IO_RANGE_MASK & 0xff;
> > +d->wmask[PCI_IO_LIMIT] = PCI_IO_RANGE_MASK & 0xff;
> > +pci_set_word(d->wmask + PCI_MEMORY_BASE,
> > + PCI_MEMORY_RANGE_MASK & 0x);
> > +pci_set_word(d->wmask + PCI_MEMORY_LIMIT,
> > + PCI_MEMORY_RANGE_MASK & 0x);
> > +pci_set_word(d->wmask + PCI_PREF_MEMORY_BASE,
> > + PCI_PREF_RANGE_MASK & 0x);
> > +pci_set_word(d->wmask + PCI_PREF_MEMORY_LIMIT,
> > + PCI_PREF_RANGE_MASK & 0x);
> > +
> > +/* PCI_PREF_BASE_UPPER32 and PCI_PREF_LIMIT_UPPER32 */
> > +memset(d->wmask + PCI_PREF_BASE_UPPER32, 0xff, 8);
> > +
> > +pci_set_word(d->wmask + PCI_BRIDGE_CONTROL, 0x);
> > +}
> > +
> >  static void pci_config_alloc(PCIDevice *pci_dev)
> >  {
> >  int config_size = pci_config_size(pci_dev);
> > @@ -467,7 +491,8 @@ static void pci_config_free(PCIDevice *pci_dev)
> >  static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus,
> >   const char *name, int devfn,
> >   PCIConfigReadFunc *config_read,
> > - PCIConfigWriteFunc *config_write)
> > + PCIConfigWriteFunc *config_write,
> > + uint8_t header_type)
> >  {
> >  if (devfn < 0) {
> >  for(devfn = bus->devfn_min ; devfn < 256; devfn += 8) {
> > @@ -484,9 +509,16 @@ static PCIDevice *do_pci_register_device(PCIDevice 
> > *pci_dev, PCIBus *bus,
> >  pstrcpy(pci_dev->name, sizeof(pci_dev->name), name);
> >  memset(pci_dev->irq_state, 0, sizeof(pci_dev->irq_state));
> >  pci_config_alloc(pci_dev);
> > -pci_set_default_subsystem_id(pci_dev);
> > +
> > +header_type &= ~PCI_HEADER_TYPE_MULTI_FUNCTION;
> > +if (header_type == PCI_HEADER_TYPE_NORMAL) {
> > +pci_set_default_subsystem_id(pci_dev);
> > +}
> >  pci_init_cmask(pci_dev);
> >  pci_init_wmask(pci_dev);
> > +if (header_type == PCI_HEADER_TYPE_BRIDGE) {
> > +pci_init_wmask_bridge(pci_dev);
> > +}
> >  
> >  if (!config_read)
> >  config_read = pci_default_read_config;
> 
> Instead of this, can we have pci_init_bridge that will simply
> be called after device has been initialized?
> Down the road we will be able to move it to pci_bridge.c

Makes sense.
I will address it when I implement pci hot plug which requires
pcie port emulator.


> 
> 
> > @@ -509,7 +541,8 @@ PCIDevice *pci_register_device(PCIBus *bus, const char 
> > *name,
> >  
> >  pci_dev = qemu_mallocz(instance_size);
> >  pci_dev = do_pci_register_device(pci_dev, bus, name, devfn,
> > - config_read, config_write);
> > + config_read, config_write,
> > + PCI_HEADER_TYPE_NORMAL);
> >  return pci_dev;
> >  }
> >  static target_phys_addr_t pci_to_cpu_addr(target_phys_addr_t addr)
> > @@ -1059,7 +1092,8 @@ static int pci_qdev_init(DeviceState *qde

[Qemu-devel] Problems with bridge Networking

[Armin Garcia]

Well Maybe I know for some of you its a very commented and boring subject,
:( But Im very desesperate.

I use ubuntu 9.04 and i emulate a winxp

I have the next problem I configure the tun/tap and all great any error,
I have an IP from my dhcp, I can see my virtual machine (winxp) from my
other computers, but  In my virtual machine I cant connect to internet,
I mean, when I start my browser it doenst resolve anything, I cant see
google or any another web page

Really its very weird. I hope some of you can help me, and thanks so much.


I follow the next steps

apt-get install qemu bla bla bla (all package :p)

*apt-get install bridge-utils uml-utilities*


*modprobe tun
modprobe bridge
modprobe kqemu


*

*# ifconfig eth1 down*
*# brctl addbr br0*
*# ifconfig eth1 0.0.0.0 promisc up*
*# ifconfig br0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255 up
*
*# brctl stp br0 off*
*# brctl setfd br0 1*
*# brctl sethello br0 1*
*# brctl addif br0 eth1*
*# route add default gw 192.168.0.1 dev br0
*

vim /etc/qemu-ifup

*#!/bin/sh*
*ifconfig $1 0.0.0.0 promisc up*
*brctl addif br0 $1*

*chmod +x /etc/qemu-ifup

Starting qemu

**qemu -localtime -m 256 -boot c -hda winxp.img -net tap -net
nic,model=rtl8139*


Im doing something wrong?


thanks for read, and I hope somebody help me, Im very desesperate

thanks so much

regards

[Qemu-devel] Re: [PATCH V6 19/32] pci: make pci configuration transaction more accurate.

[Isaku Yamahata]

On Tue, Nov 10, 2009 at 05:49:55PM +0200, Michael S. Tsirkin wrote:
> On Fri, Oct 30, 2009 at 09:21:13PM +0900, Isaku Yamahata wrote:
> > This patch sorts out/enhances pci code to track pci bus topology
> > more accurately.
> > - Track host bus bridge with pci domain number. Although the
> >   current qemu implementation supports only pci domian 0 yet.
> > - Track pci bridge parent-child relationship.
> > When looking down from pci host bus for pci sub bus, be aware of
> > secondary bus/subordinate bus.
> > Thus pci configuration transaction is more accurately emulated.
> > 
> > This patch adds new member to PCIBus to track pci bus topology.
> > Since qdev already tracks down bus relationship, those new member
> > wouldn't be necessary.
> > However it would be addressed later because not all the pci device
> > isn't converted to qdev yet.
> > 
> > Signed-off-by: Isaku Yamahata 
> 
> I agree with what you are doing here, overall. Some comments:
> 
> > ---
> >  hw/pci-hotplug.c |4 +-
> >  hw/pci.c |  132 
> > +-
> >  hw/pci.h |8 ++-
> >  3 files changed, 108 insertions(+), 36 deletions(-)
> > 
> > diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
> > index 15a2dfb..48a641b 100644
> > --- a/hw/pci-hotplug.c
> > +++ b/hw/pci-hotplug.c
> > @@ -113,7 +113,7 @@ void drive_hot_add(Monitor *mon, const QDict *qdict)
> >  if (pci_read_devaddr(mon, pci_addr, &dom, &pci_bus, &slot)) {
> >  goto err;
> >  }
> > -dev = pci_find_device(pci_bus, slot, 0);
> > +dev = pci_find_device(pci_find_host_bus(0), pci_bus, slot, 0);
> >  if (!dev) {
> >  monitor_printf(mon, "no pci device with address %s\n", 
> > pci_addr);
> >  goto err;
> > @@ -257,7 +257,7 @@ void pci_device_hot_remove(Monitor *mon, const char 
> > *pci_addr)
> >  return;
> >  }
> >  
> > -d = pci_find_device(bus, slot, 0);
> > +d = pci_find_device(pci_find_host_bus(0), bus, slot, 0);
> >  if (!d) {
> >  monitor_printf(mon, "slot %d empty\n", slot);
> >  return;
> > diff --git a/hw/pci.c b/hw/pci.c
> > index a75d981..3e5780a 100644
> > --- a/hw/pci.c
> > +++ b/hw/pci.c
> > @@ -44,7 +44,10 @@ struct PCIBus {
> >  void *irq_opaque;
> >  PCIDevice *devices[256];
> >  PCIDevice *parent_dev;
> > -PCIBus *next;
> > +
> > +QLIST_HEAD(, PCIBus) child; /* this will be replaced by qdev later */
> > +QLIST_ENTRY(PCIBus) sibling;/* this will be replaced by qdev later */
> > +
> >  /* The bus IRQ state is the logical OR of the connected devices.
> > Keep a count of the number of devices with raised IRQs.  */
> >  int nirq;
> > @@ -69,7 +72,13 @@ static void pci_set_irq(void *opaque, int irq_num, int 
> > level);
> >  target_phys_addr_t pci_mem_base;
> >  static uint16_t pci_default_sub_vendor_id = 
> > PCI_SUBVENDOR_ID_REDHAT_QUMRANET;
> >  static uint16_t pci_default_sub_device_id = PCI_SUBDEVICE_ID_QEMU;
> > -static PCIBus *first_bus;
> > +
> > +struct PCIHostBus {
> > +int domain;
> > +struct PCIBus *bus;
> > +QLIST_ENTRY(PCIHostBus) next;
> > +};
> > +static QLIST_HEAD(, PCIHostBus) host_buses;
> >  
> >  static const VMStateDescription vmstate_pcibus = {
> >  .name = "PCIBUS",
> > @@ -127,6 +136,28 @@ static void pci_bus_reset(void *opaque)
> >  }
> >  }
> >  
> > +static void pci_host_bus_register(int domain, PCIBus *bus)
> > +{
> > +struct PCIHostBus *host;
> > +host = qemu_mallocz(sizeof(*host));
> > +host->domain = domain;
> > +host->bus = bus;
> > +QLIST_INSERT_HEAD(&host_buses, host, next);
> > +}
> > +
> > +PCIBus *pci_find_host_bus(int domain)
> > +{
> > +struct PCIHostBus *host;
> > +
> > +QLIST_FOREACH(host, &host_buses, next) {
> > +if (host->domain == domain) {
> > +return host->bus;
> > +}
> > +}
> > +
> > +return NULL;
> > +}
> > +
> >  void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent,
> >   const char *name, int devfn_min)
> >  {
> > @@ -134,8 +165,11 @@ void pci_bus_new_inplace(PCIBus *bus, DeviceState 
> > *parent,
> >  
> >  qbus_create_inplace(&bus->qbus, &pci_bus_info, parent, name);
> >  bus->devfn_min = devfn_min;
> > -bus->next = first_bus;
> > -first_bus = bus;
> > +
> > +/* host bridge */
> > +QLIST_INIT(&bus->child);
> > +pci_host_bus_register(0, bus); /* for now only pci domain 0 is 
> > supported */
> > +
> >  vmstate_register(nbus++, &vmstate_pcibus, bus);
> >  qemu_register_reset(pci_bus_reset, bus);
> >  }
> > @@ -177,7 +211,8 @@ PCIBus *pci_register_bus(DeviceState *parent, const 
> > char *name,
> >  return bus;
> >  }
> >  
> > -static void pci_register_secondary_bus(PCIBus *bus,
> > +static void pci_register_secondary_bus(PCIBus *parent,
> > +   PCIBus *bus,
> > PCIDevice *dev,
> > 

[Qemu-devel] Re: [PATCH V6 18/32] pci: remove bus_num member from struct PCIBus.

[Isaku Yamahata]

On Tue, Nov 10, 2009 at 05:46:40PM +0200, Michael S. Tsirkin wrote:
> On Tue, Nov 10, 2009 at 05:33:22PM +0200, Michael S. Tsirkin wrote:
> > On Fri, Oct 30, 2009 at 09:21:12PM +0900, Isaku Yamahata wrote:
> > > Since It can be retrieved from pci configuration space,
> > > the member is unnecessary.
> > > 
> > > Signed-off-by: Isaku Yamahata 
> > 
> > Acked-by: Michael S. Tsirkin 
> 
> Sorry, wait a second please:
> 
> > > ---
> > >  hw/pci.c |   21 ++---
> > >  1 files changed, 10 insertions(+), 11 deletions(-)
> > > 
> > > diff --git a/hw/pci.c b/hw/pci.c
> > > index 7da3db9..a75d981 100644
> > > --- a/hw/pci.c
> > > +++ b/hw/pci.c
> > > @@ -36,7 +36,6 @@
> > >  
> > >  struct PCIBus {
> > >  BusState qbus;
> > > -int bus_num;
> > >  int devfn_min;
> > >  pci_set_irq_fn set_irq;
> > >  pci_map_irq_fn map_irq;
> > > @@ -192,7 +191,9 @@ static void pci_register_secondary_bus(PCIBus *bus,
> > >  
> > >  int pci_bus_num(PCIBus *s)
> > >  {
> > > -return s->bus_num;
> > > +if (!s->parent_dev)
> > > +return 0;   /* pci host bridge */
> > > +return s->parent_dev->config[PCI_SECONDARY_BUS];
> 
> Why are you using the value from the *parent*?
> Because originally ...

You seem to be confuging PCIBus with PCIBridge.
"s" here is PCIBus. "s" in pci_brdige_write_config() is PCIBrdige.
And both PCIBridge and PCIDevice have bus member,
so it's more confusing.

  NULL
   ^
   | PCIBus::parent_dev
   |
PCIBus (pci host bridge)
includes
devices[256]
   ^
   | PCIDevice::bus
   |
PCIBridge
   includes PCIDevice
  | ^
PCIBridge::bus| | PCIBus::parent_dev
  v |
PCIBus


thanks,

 > >  }
> > >  
> > >  static int get_pci_config_device(QEMUFile *f, void *pv, size_t size)
> > > @@ -624,7 +625,7 @@ void pci_data_write(void *opaque, uint32_t addr, 
> > > uint32_t val, int len)
> > >  addr, val, len);
> > >  #endif
> > >  bus_num = (addr >> 16) & 0xff;
> > > -while (s && s->bus_num != bus_num)
> > > +while (s && pci_bus_num(s) != bus_num)
> > >  s = s->next;
> > >  if (!s)
> > >  return;
> > > @@ -645,7 +646,7 @@ uint32_t pci_data_read(void *opaque, uint32_t addr, 
> > > int len)
> > >  uint32_t val;
> > >  
> > >  bus_num = (addr >> 16) & 0xff;
> > > -while (s && s->bus_num != bus_num)
> > > +while (s && pci_bus_num(s) != bus_num)
> > >  s= s->next;
> > >  if (!s)
> > >  goto fail;
> > > @@ -760,7 +761,8 @@ static void pci_info_device(PCIDevice *d)
> > >  const pci_class_desc *desc;
> > >  
> > >  monitor_printf(mon, "  Bus %2d, device %3d, function %d:\n",
> > > -   d->bus->bus_num, PCI_SLOT(d->devfn), 
> > > PCI_FUNC(d->devfn));
> > > +   pci_bus_num(d->bus),
> > > +   PCI_SLOT(d->devfn), PCI_FUNC(d->devfn));
> > >  class = pci_get_word(d->config + PCI_CLASS_DEVICE);
> > >  monitor_printf(mon, "");
> > >  desc = pci_class_descriptions;
> > > @@ -816,7 +818,7 @@ void pci_for_each_device(int bus_num, void 
> > > (*fn)(PCIDevice *d))
> > >  PCIDevice *d;
> > >  int devfn;
> > >  
> > > -while (bus && bus->bus_num != bus_num)
> > > +while (bus && pci_bus_num(bus) != bus_num)
> > >  bus = bus->next;
> > >  if (bus) {
> > >  for(devfn = 0; devfn < 256; devfn++) {
> > > @@ -913,17 +915,14 @@ typedef struct {
> > >  static void pci_bridge_write_config(PCIDevice *d,
> > >   uint32_t address, uint32_t val, int len)
> > >  {
> > > -PCIBridge *s = (PCIBridge *)d;
> > > -
> > >  pci_default_write_config(d, address, val, len);
> > > -s->bus.bus_num = d->config[PCI_SECONDARY_BUS];
> 
> ... bus number used to equal PCI_SECONDARY_BUS for the *same* device.
> 
> > >  }
> > >  
> > >  PCIBus *pci_find_bus(int bus_num)
> > >  {
> > >  PCIBus *bus = first_bus;
> > >  
> > > -while (bus && bus->bus_num != bus_num)
> > > +while (bus && pci_bus_num(bus) != bus_num)
> > >  bus = bus->next;
> > >  
> > >  return bus;
> > > @@ -1149,7 +1148,7 @@ static void pcibus_dev_print(Monitor *mon, 
> > > DeviceState *dev, int indent)
> > >  monitor_printf(mon, "%*sclass %s, addr %02x:%02x.%x, "
> > > "pci id %04x:%04x (sub %04x:%04x)\n",
> > > indent, "", ctxt,
> > > -   d->bus->bus_num, PCI_SLOT(d->devfn), 
> > > PCI_FUNC(d->devfn),
> > > +   pci_bus_num(d->bus), PCI_SLOT(d->devfn), 
> > > PCI_FUNC(d->devfn),
> > > pci_get_word(d->config + PCI_VENDOR_ID),
> > > pci_get_word(d->config + PCI_DEVICE_ID),
> > > pci_get_word(d->config + PCI_SUBSYSTEM_VENDOR_ID),
> 

-- 
yamahata

[Qemu-devel] Re: virtio: Add memory statistics reporting to the balloon driver

[Rusty Russell]

On Thu, 12 Nov 2009 01:38:34 am Adam Litke wrote:
> > But it raises the question: what stats are generally useful cross-OS?  
> > Should
> > we be supplying numbers like "unused" (free) "instantly discardable" (ie.
> > clean), "discardable to disk" (ie. file-backed), "discardable to swap"
> > (ie. swap-backed) and "unswappable" instead?
> 
> While I see the virtue in presenting abstracted memory stats that seem
> more digestible in a virtualization context, I think we should keep the
> raw stats.  This concentrates the complexity in the host-side management
> daemon, and allows the host daemon to make better decisions (ie. by
> reacting to trends in individual statistics).  Different OSes (or
> different versions of the same OS), may also have different sets of
> statistics that will provide the answers that a management daemon needs.

OK, I see you made each one a separate feature bit, which does allow this
somewhat.  But you can't just change the meaning arbitrarily, all you can
do is refuse to supply some of them.  This is because virtio is an ABI,
but also it's plain sanity: run a new guest on an old host and get crazy
answers.

Two more questions:

I assume memtot should be equal to the initial memory granted to the guest
(perhaps reduced if the guest can't use all the memory for internal reasons)?

I'm not sure of the relevance to the host of the number of anonymous pages?
That's why I wondered if unswappable pages would be a better number to supply?

Thanks,
Rusty.

[Qemu-devel] qemu-thread doesn't compile on OS X

[C.W. Betts]

When I tried to compile qemu git with --enable-io-thread on Mac OS X 10.6.2, it 
botches on qemu-thread:
  CCqemu-thread.o
/Users/cwbetts/makestuff/qemu/qemu-thread.c: In function ‘qemu_mutex_timedlock’:
/Users/cwbetts/makestuff/qemu/qemu-thread.c:66: warning: implicit declaration 
of function ‘clock_gettime’
/Users/cwbetts/makestuff/qemu/qemu-thread.c:66: error: ‘CLOCK_REALTIME’ 
undeclared (first use in this function)
/Users/cwbetts/makestuff/qemu/qemu-thread.c:66: error: (Each undeclared 
identifier is reported only once
/Users/cwbetts/makestuff/qemu/qemu-thread.c:66: error: for each function it 
appears in.)
/Users/cwbetts/makestuff/qemu/qemu-thread.c:69: warning: implicit declaration 
of function ‘pthread_mutex_timedlock’
/Users/cwbetts/makestuff/qemu/qemu-thread.c: In function ‘qemu_cond_timedwait’:
/Users/cwbetts/makestuff/qemu/qemu-thread.c:125: error: ‘CLOCK_REALTIME’ 
undeclared (first use in this function)
make[1]: *** [qemu-thread.o] Error 1
make: *** [build-all] Error 2

Just a heads up.

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Anthony Liguori]

Alexander Graf wrote:

Juan, I'd really love to learn some new voodoo :-).
This whole new qdev whatever based save format was supposed to make 
things like this easy, right? I would've known what to do with the old 
code ...


I think Juan's mentioned something about writing a doc explaining how to 
use VMState correctly.  I think it would certainly be helpful for 
situations like this.


But the most important part of VMState is that it converts something 
that was previously open coded and opaque to something that is 
data-driven and introspectable.  I think it's done an extremely good job 
of achieving those goals.   As we get everything converted, we can 
potentially figure out some ways to make this all a bit easier to 
understand.  Right now, I think how we support backwards compatibility 
is admittedly awkward.


Regards,

Anthony Liguori


Alex

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

On 11.11.2009, at 23:22, Anthony Liguori wrote:


Alexander Graf wrote:

Anthony Liguori wrote:


Alexander Graf wrote:


The fw_cfg interface can only handle up to 16 bits of data for its
streams.
While that isn't too much of a problem when handling integers, we  
would

like to stream full kernel images over that interface!

So let's extend it to 32 bit length variables.

Signed-off-by: Alexander Graf 
---
hw/fw_cfg.c |8 
hw/fw_cfg.h |2 +-
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..3a3f694 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
#define FW_CFG_SIZE 2
 typedef struct _FWCfgEntry {
-uint16_t len;
+uint32_t len;
uint8_t *data;
void *callback_opaque;
FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
typedef struct _FWCfgState {
FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
uint16_t cur_entry;
-uint16_t cur_offset;
+uint32_t cur_offset;
} FWCfgState;
 static void fw_cfg_write(FWCfgState *s, uint8_t value)
@@ -171,12 +171,12 @@ static const VMStateDescription  
vmstate_fw_cfg = {

.minimum_version_id_old = 1,
.fields  = (VMStateField []) {
VMSTATE_UINT16(cur_entry, FWCfgState),
-VMSTATE_UINT16(cur_offset, FWCfgState),
+VMSTATE_UINT32(cur_offset, FWCfgState),
VMSTATE_END_OF_LIST()
}
};
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,
uint16_t len)
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,
uint32_t len)
{
FWCfgState *s = opaque;
int arch = !!(key & FW_CFG_ARCH_LOCAL);


We need to bump a version here.



Sure - which one?



The version_id field in vmstate_fw_cfg.  You also have to try to  
support older versions which means you may want to either split  
cur_offset into a high and low or ask Juan what the appropriate  
vodoo would be.


Juan, I'd really love to learn some new voodoo :-).
This whole new qdev whatever based save format was supposed to make  
things like this easy, right? I would've known what to do with the old  
code ...


Alex

[Qemu-devel] Re: [PATCH 2/6] Introduce copy_rom

[Alexander Graf]

On 11.11.2009, at 22:57, Anthony Liguori wrote:


Alexander Graf wrote:

We have several rom helpers currently, but none of them can get us
code that spans several roms into a pointer.

This patch introduces a function that copies over rom contents.

Signed-off-by: Alexander Graf 
---
hw/loader.c |   38 ++
hw/loader.h |1 +
2 files changed, 39 insertions(+), 0 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index 9153b38..cab53c1 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -701,6 +701,44 @@ static Rom *find_rom(target_phys_addr_t addr)
return NULL;
}
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size)
+{
+target_phys_addr_t end = addr + size;
+uint8_t *s, *d = dest;
+size_t l = 0;
+Rom *rom;
+
+QTAILQ_FOREACH(rom, &roms, next) {
+if (rom->max)
+continue;
+if (rom->min > addr)
+continue;
+if (rom->min + rom->romsize < addr)
+continue;
+if (rom->min > end)
+break;
+if (!rom->data)
+continue;
+
+d = dest + (rom->min - addr);
+s = rom->data;
+l = rom->romsize;
+
+if (rom->min < addr) {
+d = dest;
+s += (addr - rom->min);
+l -= (addr - rom->min);
+}
+if ((d + l) > (dest + size)) {
+l = dest - d;
+}
+
+memcpy(d, s, l);
+}
+
+return (d + l) - dest;
+}
+
void *rom_ptr(target_phys_addr_t addr)
{
Rom *rom;
diff --git a/hw/loader.h b/hw/loader.h
index 67dae57..6cfb03a 100644
--- a/hw/loader.h
+++ b/hw/loader.h
@@ -24,6 +24,7 @@ int rom_add_file(const char *file,
int rom_add_blob(const char *name, const void *blob, size_t len,
 target_phys_addr_t min, target_phys_addr_t max,  
int align);

int rom_load_all(void);
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size);



rom_copy() would have fit better.


Ok, will rename in v2.


Alex

[Qemu-devel] [PATCH 3/3] pci: fix the conversion of config field from array to pointer

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 hw/pci.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 2ab1117..a326930 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -273,9 +273,9 @@ static int get_pci_config_device(QEMUFile *f, void *pv, 
size_t size)
 /* just put buffer */
 static void put_pci_config_device(QEMUFile *f, void *pv, size_t size)
 {
-const uint8_t *v = pv;
+const uint8_t **v = pv;
 assert(size == pci_config_size(container_of(pv, PCIDevice, config)));
-qemu_put_buffer(f, v, size);
+qemu_put_buffer(f, *v, size);
 }

 static VMStateInfo vmstate_info_pci_config = {
-- 
1.6.2.5

[Qemu-devel] [PATCH 2/3] qemu_system_reset: we need to call it before loadvm/migration

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 vl.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/vl.c b/vl.c
index bf91ee1..fff8e8d 100644
--- a/vl.c
+++ b/vl.c
@@ -4044,7 +4044,6 @@ static void main_loop(void)
 qemu_system_ready = 1;
 qemu_cond_broadcast(&qemu_system_cond);
 #endif
-qemu_system_reset();

 for (;;) {
 do {
@@ -5835,6 +5834,7 @@ int main(int argc, char **argv, char **envp)

 rom_load_all();

+qemu_system_reset();
 if (loadvm) {
 if (load_vmstate(cur_mon, loadvm) < 0) {
 autostart = 0;
-- 
1.6.2.5

[Qemu-devel] [PATCH 1/3] fdc: fix vmstate variable passed

[Juan Quintela]

When code was transformed to use qdev_reset/vmstate registration, vmstate
was passed a variable of the wrong type

Signed-off-by: Juan Quintela 
---
 hw/fdc.c |   33 +
 1 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index d2bfa71..e875291 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -661,7 +661,7 @@ static int fdc_post_load(void *opaque, int version_id)
 }

 static const VMStateDescription vmstate_fdc = {
-.name = "fdc",
+.name = "fdctrl",
 .version_id = 2,
 .minimum_version_id = 2,
 .minimum_version_id_old = 2,
@@ -699,6 +699,31 @@ static const VMStateDescription vmstate_fdc = {
 }
 };

+static const VMStateDescription vmstate_fdc_isa = {
+.name = "fdc",
+.version_id = 2,
+.minimum_version_id = 2,
+.minimum_version_id_old = 2,
+.fields  = (VMStateField []) {
+/* Controller State */
+VMSTATE_STRUCT(state, fdctrl_isabus_t, 0, vmstate_fdc, fdctrl_t),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_fdc_sysbus = {
+.name = "fdc",
+.version_id = 2,
+.minimum_version_id = 2,
+.minimum_version_id_old = 2,
+.fields  = (VMStateField []) {
+/* Controller State */
+VMSTATE_STRUCT(state, fdctrl_sysbus_t, 0, vmstate_fdc, fdctrl_t),
+VMSTATE_END_OF_LIST()
+}
+};
+
+
 static void fdctrl_external_reset_sysbus(DeviceState *d)
 {
 fdctrl_sysbus_t *sys = container_of(d, fdctrl_sysbus_t, busdev.qdev);
@@ -1998,7 +2023,7 @@ static ISADeviceInfo isa_fdc_info = {
 .qdev.name  = "isa-fdc",
 .qdev.size  = sizeof(fdctrl_isabus_t),
 .qdev.no_user = 1,
-.qdev.vmsd  = &vmstate_fdc,
+.qdev.vmsd  = &vmstate_fdc_isa,
 .qdev.reset = fdctrl_external_reset_isa,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("driveA", fdctrl_isabus_t, state.drives[0].dinfo),
@@ -2011,7 +2036,7 @@ static SysBusDeviceInfo sysbus_fdc_info = {
 .init = sysbus_fdc_init1,
 .qdev.name  = "sysbus-fdc",
 .qdev.size  = sizeof(fdctrl_sysbus_t),
-.qdev.vmsd  = &vmstate_fdc,
+.qdev.vmsd  = &vmstate_fdc_sysbus,
 .qdev.reset = fdctrl_external_reset_sysbus,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("driveA", fdctrl_sysbus_t, state.drives[0].dinfo),
@@ -2024,7 +2049,7 @@ static SysBusDeviceInfo sun4m_fdc_info = {
 .init = sun4m_fdc_init1,
 .qdev.name  = "SUNW,fdtwo",
 .qdev.size  = sizeof(fdctrl_sysbus_t),
-.qdev.vmsd  = &vmstate_fdc,
+.qdev.vmsd  = &vmstate_fdc_sysbus,
 .qdev.reset = fdctrl_external_reset_sysbus,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("drive", fdctrl_sysbus_t, state.drives[0].dinfo),
-- 
1.6.2.5

[Qemu-devel] [PATCH 0/3] Fix migration (take 2)

[Juan Quintela]

Hi

With this three patches (on top of the one already in staging)
I am able to get migration working with today qemu/master.

- fdc: vmstate+reset qdev change made to use an vmstate that expected
  an fdctrl_t variable and received a fdctrl_isabus_t variable.  You can guess
  what happened.
- qemu_system_reset: moved from main_loop() to before loadvm/incoming migration.
  We can't reset "after" having loaded state, otherwise we lost the state that
  we have just loaded.
- pci: pcie changes moved config for one array to one pointer.  put method was
  not updated to deal with it.

With this I have migration working.

ToDo for tomorrow:
- check rest of vmstate+reset conversions.
- rtl8139 and e1000 still don't work with migration.  The networking changes
  broke them, but I haven't yet found which one.

Juan Quintela (3):
  fdc: fix vmstate variable passed
  qemu_system_reset: we need to call it before loadvm/migration
  pci: fix the conversion of config field from array to pointer

 hw/fdc.c |   33 +
 hw/pci.c |4 ++--
 vl.c |2 +-
 3 files changed, 32 insertions(+), 7 deletions(-)

Re: [Qemu-devel] [RFC 0/8]: QError v2

[Luiz Capitulino]

On Wed, 11 Nov 2009 15:20:30 -0600
Anthony Liguori  wrote:

> Luiz Capitulino wrote:
> >  Hi,
> >
> >  I can't remember seeing updated versions of a RFC series, but this should
> > prevent Anthony's scripts from merging these patches.
> >
> >  This new QError version has two major changes: the static error table has
> > been dropped and I'm using symbolic names instead of error codes.
> >
> >  Now, a call to:
> >
> > monitor_printf(mon, "husb: host usb device %d.%d is already open\n",
> >bus_num, addr);
> >
> >  Would become something like:
> >
> > qemu_error_new('DeviceAlreadyOpen', "{ 'bus_num': %d, 'addr': %d }",
> >bus_num, addr);
> >   
> 
> I mostly like this but this is not what the patches do :-)
> 
> Here's what I would like to see:
> 
> #define QERR_DEVICE_ALREADY_OPEN "{'class': 'DeviceAlreadyOpen', 'data' 
> : {'bus_num': %d, 'addr': %d}"
> 
> qemu_error_new(QERR_DEVICE_ALREADY_OPEN, bus_num, addr);
> 
> That gives us a nice simple interface with full error checking on the 
> parameters.
> 
> For human readable strings, I'd suggest making a table somewhere else 
> that looked like:
> 
> QErrorStringTable qerror_descriptions[] = {
> { QERR_DEVICE_ALREADY_OPEN, "This device at %(bus_num)d.%(addr)d is 
> already open." },
> ...
> };
> 
> There are a number of advantages to an approach like this.  The table 
> can be reused by both in the server and by a client.

 I'm ok with this, the only comment I have is that 'class' should
be a member of QErrorStringTable, so that we can use it to lookup the
table.

Re: [Qemu-devel] [PATCH] EHCI emulation module for review

[Michael Trimarchi]

Hi,

I'm working on this patch and I have some trouble after a data IN 
transaction.

I submit the urb but I don't receive any async completation.


88011e512140 2614190796 S Ii:2:008:7 -115:128 16 <

husb: data submit. ep 0x87 len 16 aurb 0xcf3850

So the state machine is blocked

Any hints?

Michael

[Qemu-devel] Re: [PATCH] fdc: Fix vmsave/restore regression

[Juan Quintela]

Jan Kiszka  wrote:
> This partly reverts 2be3783328: First, the conversion neglected to
> update the opaque translation in fdc_pre_save/fdc_post_load which causes
> memory corruptions on vmsave/restore. And second, we can't apply a
> common translation here as DeviceState->fdctrl_t is different for sysbus
> and ISA.

I finished today the proper patch.  Please don't apply this one.

> Signed-off-by: Jan Kiszka 
> ---
>
>  hw/fdc.c |5 ++---
>  1 files changed, 2 insertions(+), 3 deletions(-)
>
> *** NOTE ***
> 'git shortlog|grep "reset + vmsd"' shows 10 such conversions. I only
> briefly checked the first one, and it looks similar broken. Could
> someone have a second look at them? Maybe it is also better to define a
> vmsd opaque in DeviceInfo, which would also allow to solve this issue
> differently.

It looks like a plan.

I am in the middle of trying to get migration working, and have at least
another 2 patches (appart from the one already in staging).

I am in the last round of testing.

Later, Juan.

Re: [Qemu-devel] virtio-rng

[Paul Brook]

> I'm writing a virtio-rng host-side driver for qemu-kvm, and I've got
> something up and running that works, and will pass data gathered from a
> char device on the host through to the virtio-rng driver on a guest copy
> of linux.

Why do you need a special device? Isn't a regular serial data stream (i.e. 
multiport virtio-console) sufficient? You can then connect that to your source 
of random data (e.g. /dev/random) without requiring any changes to qemu.

Paul

[Qemu-devel] [PATCH] fdc: Fix vmsave/restore regression

[Jan Kiszka]

This partly reverts 2be3783328: First, the conversion neglected to
update the opaque translation in fdc_pre_save/fdc_post_load which causes
memory corruptions on vmsave/restore. And second, we can't apply a
common translation here as DeviceState->fdctrl_t is different for sysbus
and ISA.

Signed-off-by: Jan Kiszka 
---

 hw/fdc.c |5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

*** NOTE ***
'git shortlog|grep "reset + vmsd"' shows 10 such conversions. I only
briefly checked the first one, and it looks similar broken. Could
someone have a second look at them? Maybe it is also better to define a
vmsd opaque in DeviceInfo, which would also allow to solve this issue
differently.

diff --git a/hw/fdc.c b/hw/fdc.c
index d2bfa71..1e1b827 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1932,6 +1932,8 @@ static int fdctrl_init_common(fdctrl_t *fdctrl)
 DMA_register_channel(fdctrl->dma_chann, &fdctrl_transfer_handler, 
fdctrl);
 fdctrl_connect_drives(fdctrl);
 
+vmstate_register(-1, &vmstate_fdc, fdctrl);
+
 return 0;
 }
 
@@ -1998,7 +2000,6 @@ static ISADeviceInfo isa_fdc_info = {
 .qdev.name  = "isa-fdc",
 .qdev.size  = sizeof(fdctrl_isabus_t),
 .qdev.no_user = 1,
-.qdev.vmsd  = &vmstate_fdc,
 .qdev.reset = fdctrl_external_reset_isa,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("driveA", fdctrl_isabus_t, state.drives[0].dinfo),
@@ -2011,7 +2012,6 @@ static SysBusDeviceInfo sysbus_fdc_info = {
 .init = sysbus_fdc_init1,
 .qdev.name  = "sysbus-fdc",
 .qdev.size  = sizeof(fdctrl_sysbus_t),
-.qdev.vmsd  = &vmstate_fdc,
 .qdev.reset = fdctrl_external_reset_sysbus,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("driveA", fdctrl_sysbus_t, state.drives[0].dinfo),
@@ -2024,7 +2024,6 @@ static SysBusDeviceInfo sun4m_fdc_info = {
 .init = sun4m_fdc_init1,
 .qdev.name  = "SUNW,fdtwo",
 .qdev.size  = sizeof(fdctrl_sysbus_t),
-.qdev.vmsd  = &vmstate_fdc,
 .qdev.reset = fdctrl_external_reset_sysbus,
 .qdev.props = (Property[]) {
 DEFINE_PROP_DRIVE("drive", fdctrl_sysbus_t, state.drives[0].dinfo),



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Anthony Liguori]

Alexander Graf wrote:

Anthony Liguori wrote:
  

Alexander Graf wrote:


The fw_cfg interface can only handle up to 16 bits of data for its
streams.
While that isn't too much of a problem when handling integers, we would
like to stream full kernel images over that interface!

So let's extend it to 32 bit length variables.

Signed-off-by: Alexander Graf 
---
 hw/fw_cfg.c |8 
 hw/fw_cfg.h |2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..3a3f694 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
 #define FW_CFG_SIZE 2
 
 typedef struct _FWCfgEntry {

-uint16_t len;
+uint32_t len;
 uint8_t *data;
 void *callback_opaque;
 FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
 typedef struct _FWCfgState {
 FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
 uint16_t cur_entry;
-uint16_t cur_offset;
+uint32_t cur_offset;
 } FWCfgState;
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)

@@ -171,12 +171,12 @@ static const VMStateDescription vmstate_fw_cfg = {
 .minimum_version_id_old = 1,
 .fields  = (VMStateField []) {
 VMSTATE_UINT16(cur_entry, FWCfgState),
-VMSTATE_UINT16(cur_offset, FWCfgState),
+VMSTATE_UINT32(cur_offset, FWCfgState),
 VMSTATE_END_OF_LIST()
 }
 };
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,

uint16_t len)
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,
uint32_t len)
 {
 FWCfgState *s = opaque;
 int arch = !!(key & FW_CFG_ARCH_LOCAL);
  
  

We need to bump a version here.



Sure - which one?
  


The version_id field in vmstate_fw_cfg.  You also have to try to support 
older versions which means you may want to either split cur_offset into 
a high and low or ask Juan what the appropriate vodoo would be.


Regards,

Anthony Liguori


Alex
  

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

Anthony Liguori wrote:
> Alexander Graf wrote:
>> The fw_cfg interface can only handle up to 16 bits of data for its
>> streams.
>> While that isn't too much of a problem when handling integers, we would
>> like to stream full kernel images over that interface!
>>
>> So let's extend it to 32 bit length variables.
>>
>> Signed-off-by: Alexander Graf 
>> ---
>>  hw/fw_cfg.c |8 
>>  hw/fw_cfg.h |2 +-
>>  2 files changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
>> index a6d811b..3a3f694 100644
>> --- a/hw/fw_cfg.c
>> +++ b/hw/fw_cfg.c
>> @@ -39,7 +39,7 @@
>>  #define FW_CFG_SIZE 2
>>  
>>  typedef struct _FWCfgEntry {
>> -uint16_t len;
>> +uint32_t len;
>>  uint8_t *data;
>>  void *callback_opaque;
>>  FWCfgCallback callback;
>> @@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
>>  typedef struct _FWCfgState {
>>  FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
>>  uint16_t cur_entry;
>> -uint16_t cur_offset;
>> +uint32_t cur_offset;
>>  } FWCfgState;
>>  
>>  static void fw_cfg_write(FWCfgState *s, uint8_t value)
>> @@ -171,12 +171,12 @@ static const VMStateDescription vmstate_fw_cfg = {
>>  .minimum_version_id_old = 1,
>>  .fields  = (VMStateField []) {
>>  VMSTATE_UINT16(cur_entry, FWCfgState),
>> -VMSTATE_UINT16(cur_offset, FWCfgState),
>> +VMSTATE_UINT32(cur_offset, FWCfgState),
>>  VMSTATE_END_OF_LIST()
>>  }
>>  };
>>  
>> -int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,
>> uint16_t len)
>> +int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data,
>> uint32_t len)
>>  {
>>  FWCfgState *s = opaque;
>>  int arch = !!(key & FW_CFG_ARCH_LOCAL);
>>   
>
> We need to bump a version here.

Sure - which one?


Alex

Re: [Qemu-devel] arm, mips and mipsel broken

[Paul Brook]

> > This is latent breakage introduced by 45a50b1.
> > See commits 97fe84f5 (makes breakage obvious) and f2d7497 (fixed ARM).
> > MIPS still needs fixing.
> 
> I can't find 97fe84f5 or f2d7497, what commits are those?

http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=97fe84f5
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=f2d7497

Paul

[Qemu-devel] Re: [PATCH 2/6] Introduce copy_rom

[Anthony Liguori]

Alexander Graf wrote:

We have several rom helpers currently, but none of them can get us
code that spans several roms into a pointer.

This patch introduces a function that copies over rom contents.

Signed-off-by: Alexander Graf 
---
 hw/loader.c |   38 ++
 hw/loader.h |1 +
 2 files changed, 39 insertions(+), 0 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index 9153b38..cab53c1 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -701,6 +701,44 @@ static Rom *find_rom(target_phys_addr_t addr)
 return NULL;
 }
 
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size)

+{
+target_phys_addr_t end = addr + size;
+uint8_t *s, *d = dest;
+size_t l = 0;
+Rom *rom;
+
+QTAILQ_FOREACH(rom, &roms, next) {
+if (rom->max)
+continue;
+if (rom->min > addr)
+continue;
+if (rom->min + rom->romsize < addr)
+continue;
+if (rom->min > end)
+break;
+if (!rom->data)
+continue;
+
+d = dest + (rom->min - addr);
+s = rom->data;
+l = rom->romsize;
+
+if (rom->min < addr) {
+d = dest;
+s += (addr - rom->min);
+l -= (addr - rom->min);
+}
+if ((d + l) > (dest + size)) {
+l = dest - d;
+}
+
+memcpy(d, s, l);
+}
+
+return (d + l) - dest;
+}
+
 void *rom_ptr(target_phys_addr_t addr)
 {
 Rom *rom;
diff --git a/hw/loader.h b/hw/loader.h
index 67dae57..6cfb03a 100644
--- a/hw/loader.h
+++ b/hw/loader.h
@@ -24,6 +24,7 @@ int rom_add_file(const char *file,
 int rom_add_blob(const char *name, const void *blob, size_t len,
  target_phys_addr_t min, target_phys_addr_t max, int align);
 int rom_load_all(void);
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size);
  


rom_copy() would have fit better.

Regards,

Anthony Liguori

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Anthony Liguori]

Alexander Graf wrote:

The fw_cfg interface can only handle up to 16 bits of data for its streams.
While that isn't too much of a problem when handling integers, we would
like to stream full kernel images over that interface!

So let's extend it to 32 bit length variables.

Signed-off-by: Alexander Graf 
---
 hw/fw_cfg.c |8 
 hw/fw_cfg.h |2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..3a3f694 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
 #define FW_CFG_SIZE 2
 
 typedef struct _FWCfgEntry {

-uint16_t len;
+uint32_t len;
 uint8_t *data;
 void *callback_opaque;
 FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
 typedef struct _FWCfgState {
 FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
 uint16_t cur_entry;
-uint16_t cur_offset;
+uint32_t cur_offset;
 } FWCfgState;
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)

@@ -171,12 +171,12 @@ static const VMStateDescription vmstate_fw_cfg = {
 .minimum_version_id_old = 1,
 .fields  = (VMStateField []) {
 VMSTATE_UINT16(cur_entry, FWCfgState),
-VMSTATE_UINT16(cur_offset, FWCfgState),
+VMSTATE_UINT32(cur_offset, FWCfgState),
 VMSTATE_END_OF_LIST()
 }
 };
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len)

+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len)
 {
 FWCfgState *s = opaque;
 int arch = !!(key & FW_CFG_ARCH_LOCAL);
  


We need to bump a version here.


diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 30dfec7..359d45a 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -28,7 +28,7 @@
 #ifndef NO_QEMU_PROTOS
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len);

+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len);
 int fw_cfg_add_i16(void *opaque, uint16_t key, uint16_t value);
 int fw_cfg_add_i32(void *opaque, uint16_t key, uint32_t value);
 int fw_cfg_add_i64(void *opaque, uint16_t key, uint64_t value);
  

[Qemu-devel] virtio-rng

[Ian Molton]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi folks,

I'm writing a virtio-rng host-side driver for qemu-kvm, and I've got
something up and running that works, and will pass data gathered from a
char device on the host through to the virtio-rng driver on a guest copy
of linux.

Ultimately it'll get its entropy from egd as well, but for now I'd like
to solve the issue in hw/qdev.c.

in qdev_init_chardev() the return value is picked based upon the name of
the device. For now, I've added a third 'if clause' to match for my
driver and pass through the CharDriverState * fron vl.c for my rng
driver, however I'd like to solve this properly.

I think a simple name->pointer type matching system would work fine,
however I'd like to know if anyone else has sorted this yet, or if I
should be doing things differently altogether.

also, what does '_hds' stand for? eg. 'virtcon_hds'[]

Thanks,

- -Ian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK+y1LAAoJEFIjE1w7L6YHlI4P/i4QPbsIASmCLtI9RiEtF7LF
NguXv+HCNme8MK6bQpHKLYIJ1q/DSImeeJPjqe/PF1unOBP0d4GmsC+qnLGj4CZn
LCRiqf+ZgVPI/fX8TQ8TOzN9o31EOnWmxOKuj+zDDhbRxG/mY2OzOQCLEBkQ26GL
Pru981FBVJiEPP2JnWnR6Hn+IZaazcyo+ychk0UhQYasmv8XTC75DiiProhyXFJk
TXa8UN+lWd1U1a0mmmg1gxttQrYZiC5i4+k609HY8v3poZ0kjmlH0hIUHt+3FHE8
pA1WL/B26EhNem3ZazGGJ8sNdGg60VTjEBSHyGveCdUtiQU2TWWESBOesQoALkoE
8mONeytgsv7GZ9sh0a1RTInvSsA2TyV/hzQphOtTl6SNEETlGEsFNJpLk+6GeO89
g5A3vdgsOL18ymWxDTf/Ts14mK4+QMa9x4T2Cpttip1LuOwDoV/PCKfpg1q9TT+d
C04TFR7qgl6eAsErHhHlFYmWNcMHn00t9jOEBUTMjIi5xKwsCr+ktWxF0yxLQdlu
co7gLZd4ck4N8GMltPjIXGMnqWLsemf4b7Gpg8wtIjmK5f7l58qVZW0Qsdx9ujJc
MLxQwKvk5OdE+uGMBUDynAGW926Fu/QhdrAhWSbzDFrIjysTY6fzXgNaQa+8HoL9
5fB9UiotqwfYy95HnZV9
=ABHJ
-END PGP SIGNATURE-

Re: [Qemu-devel] [RFC 0/8]: QError v2

[Anthony Liguori]

Luiz Capitulino wrote:

 Hi,

 I can't remember seeing updated versions of a RFC series, but this should
prevent Anthony's scripts from merging these patches.

 This new QError version has two major changes: the static error table has
been dropped and I'm using symbolic names instead of error codes.

 Now, a call to:

monitor_printf(mon, "husb: host usb device %d.%d is already open\n",
   bus_num, addr);

 Would become something like:

qemu_error_new('DeviceAlreadyOpen', "{ 'bus_num': %d, 'addr': %d }",
   bus_num, addr);
  


I mostly like this but this is not what the patches do :-)

Here's what I would like to see:

#define QERR_DEVICE_ALREADY_OPEN "{'class': 'DeviceAlreadyOpen', 'data' 
: {'bus_num': %d, 'addr': %d}"


qemu_error_new(QERR_DEVICE_ALREADY_OPEN, bus_num, addr);

That gives us a nice simple interface with full error checking on the 
parameters.


For human readable strings, I'd suggest making a table somewhere else 
that looked like:


QErrorStringTable qerror_descriptions[] = {
{ QERR_DEVICE_ALREADY_OPEN, "This device at %(bus_num)d.%(addr)d is 
already open." },

...
};

There are a number of advantages to an approach like this.  The table 
can be reused by both in the server and by a client.


Regards,

Anthony Liguori

Re: [Qemu-devel] arm, mips and mipsel broken

[Blue Swirl]

On Wed, Nov 11, 2009 at 8:28 PM, Paul Brook  wrote:
> On Tuesday 10 November 2009, Aurelien Jarno wrote:
>> On Tue, Nov 10, 2009 at 11:19:40PM +0200, Blue Swirl wrote:
>> > On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno 
> wrote:
>> > > Please note that at least qemu-system-arm, qemu-system-mips and
>> > > qemu-system-mipsel are broken by this commit:
>> >
>> > Given that none of the devices touched by the commit should be used by
>> > these targets, the breakage comes from just the single new call to
>> > qemu_system_reset in vl.c. This means that the reset functions for
>> > those boards and devices must be awfully buggy.
>>
>> I'll try to have a closer look at the problem tomorrow, if I can't find
>> the problem, it's what I'll commit.
>
> This is latent breakage introduced by 45a50b1.
> See commits 97fe84f5 (makes breakage obvious) and f2d7497 (fixed ARM).
> MIPS still needs fixing.

I can't find 97fe84f5 or f2d7497, what commits are those?

Re: [Qemu-devel] arm, mips and mipsel broken

[Blue Swirl]

On Wed, Nov 11, 2009 at 8:57 PM, Glauber Costa  wrote:
> On Tue, Nov 10, 2009 at 11:19:40PM +0200, Blue Swirl wrote:
>> On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno  
>> wrote:
>> > Please note that at least qemu-system-arm, qemu-system-mips and
>> > qemu-system-mipsel are broken by this commit:
>>
>> Given that none of the devices touched by the commit should be used by
>> these targets, the breakage comes from just the single new call to
>> qemu_system_reset in vl.c. This means that the reset functions for
>> those boards and devices must be awfully buggy.
>>
>> I think the easiest solution is to surround the call by
>> #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
>> #endif
>> until the devices have been fixed.
>
> if we don't call that, how can we be sure that the devices are in fact reset?
>
> We need a call to qemu_system_reset somewhere before we can start the machine

Strange, reverting the commits make PPC crash on boot, but
system_reset starts the system:
qemu: warning: could not load VGA bios 'video.x'
invalid/unsupported opcode: 00 - 00 - 00 ()  0
invalid/unsupported opcode: 00 - 00 - 00 () 0700 0
QEMU 0.11.50 monitor - type 'help' for more information
(qemu) system_reset
(qemu)
>> =
>> OpenBIOS 1.0 [Oct 18 2009 12:04]
>> Configuration device id QEMU version 1 machine id 2
>> CPUs: 1
>> Memory: 128M
>> UUID: ----
>> CPU type PowerPC,750
Welcome to OpenBIOS v1.0 built on Oct 18 2009 12:04

I'm not sure how to fix this.

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Michael S. Tsirkin]

On Thu, Nov 12, 2009 at 02:37:26AM +0800, Scott Tsai wrote:
> On Thu, Nov 12, 2009 at 2:09 AM, Michael S. Tsirkin  wrote:
> >> I do have a newbie question, when exactly would vrtio have to handle
> >> concurrent access from multiple threads?
> >> My current reading of the code suggests:
> >> 1. when CONFIG_IOTHREAD is true
> >> 2. when CONFIG_KVM is true and the guest machine has multiple CPUs
> >
> > Right. I don't think CONFIG_IOTHREAD can work correctly
> > without kvm though: how would atomics be handled?
> 
> I naively imagined it to work like this:
> When CONFIG_IOTHREAD is true and CONFIG_KVM is false,
> all the tcg CPUs run in the tcg_cpu_thread and device emulation code
> runs in io_thread,
> so if the tcg translators generate suitable memory barrier
> instructions when it sees a "lfence", "sfence", "mfence" instruction
> while emulating a x86 or "sync" while emulating a MIPS everything
> should work

that might not be enough. guest can do e.g. atomics on the same memory
with iothread. In parctice, with virtio it doesn't.

> but a quick look at target-*/translate.c suggests memory
> barrier instructions are treated as nops.
> 
> So maybe --enable-io-thread while --disable-kvm should not be allowed
> at configure time.
> Does anyone actually ship qemu with CONFIG_IOTHREAD enabled?

Re: [Qemu-devel] Re: [PATCH 10/11] Add a QObject JSON wrapper

[Luiz Capitulino]

On Wed, 11 Nov 2009 13:39:29 -0600
Anthony Liguori  wrote:

> Luiz Capitulino wrote:
> >  I think we should abort() on error, assuming the only way to fail
> > is a bad syntax.
> >   
> 
> We'll be using qobject_from_jsonf() to parse incoming QMP traffic.   We 
> definitely don't want to abort when we receive invalid input on the QMP 
> port.   Best to just close the session and let the user connect again.

 Sure, I just wouldn't like to add a check on every handler call to
qobject_from_jsonf().

 What about a new wrapper?

Re: [Qemu-devel] Re: [PATCH 10/11] Add a QObject JSON wrapper

[Anthony Liguori]

Luiz Capitulino wrote:

 I think we should abort() on error, assuming the only way to fail
is a bad syntax.
  


We'll be using qobject_from_jsonf() to parse incoming QMP traffic.   We 
definitely don't want to abort when we receive invalid input on the QMP 
port.   Best to just close the session and let the user connect again.


Regards,

Anthony Liguori

[Qemu-devel] [PATCH 2/3] Provide marshalling mechanism for json

[Anthony Liguori]

This introduces qobject_to_json which will convert a QObject to a JSON string
representation.

Signed-off-by: Anthony Liguori 
---
 qjson.c |  178 +++
 qjson.h |3 +
 2 files changed, 181 insertions(+), 0 deletions(-)

diff --git a/qjson.c b/qjson.c
index 45207f2..7270909 100644
--- a/qjson.c
+++ b/qjson.c
@@ -15,6 +15,11 @@
 #include "json-parser.h"
 #include "json-streamer.h"
 #include "qjson.h"
+#include "qint.h"
+#include "qlist.h"
+#include "qbool.h"
+#include "qfloat.h"
+#include "qdict.h"
 
 typedef struct JSONParsingState
 {
@@ -58,3 +63,176 @@ QObject *qobject_from_jsonf(const char *string, ...)
 
 return state.result;
 }
+
+typedef struct ToJsonIterState
+{
+int count;
+QString *str;
+} ToJsonIterState;
+
+static void to_json(const QObject *obj, QString *str);
+
+static void to_json_dict_iter(const char *key, QObject *obj, void *opaque)
+{
+ToJsonIterState *s = opaque;
+QString *qkey;
+
+if (s->count) {
+qstring_append(s->str, ", ");
+}
+
+qkey = qstring_from_str(key);
+to_json(QOBJECT(qkey), s->str);
+QDECREF(qkey);
+
+qstring_append(s->str, ": ");
+to_json(obj, s->str);
+s->count++;
+}
+
+static void to_json_list_iter(QObject *obj, void *opaque)
+{
+ToJsonIterState *s = opaque;
+
+if (s->count) {
+qstring_append(s->str, ", ");
+}
+
+to_json(obj, s->str);
+s->count++;
+}
+
+static void to_json(const QObject *obj, QString *str)
+{
+switch (qobject_type(obj)) {
+case QTYPE_QINT: {
+QInt *val = qobject_to_qint(obj);
+char buffer[1024];
+
+snprintf(buffer, sizeof(buffer), "%" PRId64, qint_get_int(val));
+qstring_append(str, buffer);
+break;
+}
+case QTYPE_QSTRING: {
+QString *val = qobject_to_qstring(obj);
+const char *ptr;
+
+ptr = qstring_get_str(val);
+qstring_append(str, "\"");
+while (*ptr) {
+if ((ptr[0] & 0xE0) == 0xE0 &&
+(ptr[1] & 0x80) && (ptr[2] & 0x80)) {
+uint16_t wchar;
+char escape[7];
+
+wchar  = (ptr[0] & 0x0F) << 12;
+wchar |= (ptr[1] & 0x3F) << 6;
+wchar |= (ptr[2] & 0x3F);
+ptr += 2;
+
+snprintf(escape, sizeof(escape), "\\u%04X", wchar);
+qstring_append(str, escape);
+} else if ((ptr[0] & 0xE0) == 0xC0 && (ptr[1] & 0x80)) {
+uint16_t wchar;
+char escape[7];
+
+wchar  = (ptr[0] & 0x1F) << 6;
+wchar |= (ptr[1] & 0x3F);
+ptr++;
+
+snprintf(escape, sizeof(escape), "\\u%04X", wchar);
+qstring_append(str, escape);
+} else switch (ptr[0]) {
+case '\"':
+qstring_append(str, "\\\"");
+break;
+case '\\':
+qstring_append(str, "");
+break;
+case '\b':
+qstring_append(str, "\\b");
+break;
+case '\n':
+qstring_append(str, "\\n");
+break;
+case '\r':
+qstring_append(str, "\\r");
+break;
+case '\t':
+qstring_append(str, "\\t");
+break;
+default: {
+char buf[2] = { ptr[0], 0 };
+qstring_append(str, buf);
+break;
+}
+}
+ptr++;
+}
+qstring_append(str, "\"");
+break;
+}
+case QTYPE_QDICT: {
+ToJsonIterState s;
+QDict *val = qobject_to_qdict(obj);
+
+s.count = 0;
+s.str = str;
+qstring_append(str, "{");
+qdict_iter(val, to_json_dict_iter, &s);
+qstring_append(str, "}");
+break;
+}
+case QTYPE_QLIST: {
+ToJsonIterState s;
+QList *val = qobject_to_qlist(obj);
+
+s.count = 0;
+s.str = str;
+qstring_append(str, "[");
+qlist_iter(val, (void *)to_json_list_iter, &s);
+qstring_append(str, "]");
+break;
+}
+case QTYPE_QFLOAT: {
+QFloat *val = qobject_to_qfloat(obj);
+char buffer[1024];
+int len;
+
+len = snprintf(buffer, sizeof(buffer), "%f", qfloat_get_double(val));
+while (len > 0 && buffer[len - 1] == '0') {
+len--;
+}
+
+if (len && buffer[len - 1] == '.') {
+buffer[len - 1] = 0;
+} else {
+buffer[len] = 0;
+}
+
+qstring_append(str, buffer);
+break;
+}
+case QTYPE_QBOOL: {
+QBool *val = qobject_to_qbool(obj);
+
+if (qbool_get_int(val)) {
+qstring_append(str, "true");
+} else {
+  

[Qemu-devel] [PATCH 3/3] Add test suite for json marshalling

[Anthony Liguori]

By reusing the qjson test suite.  After checking that we can demarshal, marshal
again and compared to the expected decoded value.  This doesn't work so well
for floats because they cannot be accurately represented in decimal but we
try our best.

Signed-off-by: Anthony Liguori 
---
 check-qjson.c |   80 +---
 1 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/check-qjson.c b/check-qjson.c
index f763de6..4b591a5 100644
--- a/check-qjson.c
+++ b/check-qjson.c
@@ -27,12 +27,13 @@ START_TEST(escaped_string)
 struct {
 const char *encoded;
 const char *decoded;
+int skip;
 } test_cases[] = {
 { "\"\\\"\"", "\"" },
 { "\"hello world \\\"embedded string\\\"\"",
   "hello world \"embedded string\"" },
 { "\"hello world\\nwith new line\"", "hello world\nwith new line" },
-{ "\"single byte utf-8 \\u0020\"", "single byte utf-8  " },
+{ "\"single byte utf-8 \\u0020\"", "single byte utf-8  ", .skip = 1 },
 { "\"double byte utf-8 \\u00A2\"", "double byte utf-8 \xc2\xa2" },
 { "\"triple byte utf-8 \\u20AC\"", "triple byte utf-8 \xe2\x82\xac" },
 {}
@@ -50,6 +51,13 @@ START_TEST(escaped_string)
 str = qobject_to_qstring(obj);
 fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
 
+if (test_cases[i].skip == 0) {
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].encoded) == 
0);
+
+qobject_decref(obj);
+}
+
 QDECREF(str);
 }
 }
@@ -80,6 +88,11 @@ START_TEST(simple_string)
 str = qobject_to_qstring(obj);
 fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
 
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].encoded) == 0);
+
+qobject_decref(obj);
+
 QDECREF(str);
 }
 }
@@ -149,12 +162,13 @@ START_TEST(simple_number)
 struct {
 const char *encoded;
 int64_t decoded;
+int skip;
 } test_cases[] = {
 { "0", 0 },
 { "1234", 1234 },
 { "1", 1 },
 { "-32", -32 },
-{ "-0", 0 },
+{ "-0", 0, .skip = 1 },
 { },
 };
 
@@ -168,6 +182,13 @@ START_TEST(simple_number)
 
 qint = qobject_to_qint(obj);
 fail_unless(qint_get_int(qint) == test_cases[i].decoded);
+if (test_cases[i].skip == 0) {
+QString *str;
+
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].encoded) == 
0);
+QDECREF(str);
+}
 
 QDECREF(qint);
 }
@@ -180,11 +201,12 @@ START_TEST(float_number)
 struct {
 const char *encoded;
 double decoded;
+int skip;
 } test_cases[] = {
 { "32.43", 32.43 },
 { "0.222", 0.222 },
 { "-32.12313", -32.12313 },
-{ "-32.20e-10", -32.20e-10 },
+{ "-32.20e-10", -32.20e-10, .skip = 1 },
 { },
 };
 
@@ -199,6 +221,14 @@ START_TEST(float_number)
 qfloat = qobject_to_qfloat(obj);
 fail_unless(qfloat_get_double(qfloat) == test_cases[i].decoded);
 
+if (test_cases[i].skip == 0) {
+QString *str;
+
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].encoded) == 
0);
+QDECREF(str);
+}
+
 QDECREF(qfloat);
 }
 }
@@ -246,6 +276,7 @@ START_TEST(keyword_literal)
 {
 QObject *obj;
 QBool *qbool;
+QString *str;
 
 obj = qobject_from_json("true");
 fail_unless(obj != NULL);
@@ -254,6 +285,10 @@ START_TEST(keyword_literal)
 qbool = qobject_to_qbool(obj);
 fail_unless(qbool_get_int(qbool) != 0);
 
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), "true") == 0);
+QDECREF(str);
+
 QDECREF(qbool);
 
 obj = qobject_from_json("false");
@@ -263,6 +298,10 @@ START_TEST(keyword_literal)
 qbool = qobject_to_qbool(obj);
 fail_unless(qbool_get_int(qbool) == 0);
 
+str = qobject_to_json(obj);
+fail_unless(strcmp(qstring_get_str(str), "false") == 0);
+QDECREF(str);
+
 QDECREF(qbool);
 
 obj = qobject_from_jsonf("%i", false);
@@ -385,7 +424,7 @@ START_TEST(simple_dict)
 LiteralQObject decoded;
 } test_cases[] = {
 {
-.encoded = "{\"foo\":42,\"bar\":\"hello world\"}",
+.encoded = "{\"foo\": 42, \"bar\": \"hello world\"}",
 .decoded = QLIT_QDICT(((LiteralQDictEntry[]){
 { "foo", QLIT_QINT(42) },
 { "bar", QLIT_QSTR("hello world") },
@@ -397,7 +436,7 @@ START_TEST(simple_dict)
 { }
 })),
 }, {
-.encoded = "{\"foo\":43}",
+.encoded = "{\"foo\": 43}",
 .decoded = QLIT_QDICT(((

[Qemu-devel] [PATCH 1/3] QDict: Introduce qdict_iter()

[Anthony Liguori]

From: Luiz Capitulino 

This adds iterator support to QDict, it will be used by the
(to be introduced) QError module.

Signed-off-by: Luiz Capitulino 
Signed-off-by: Anthony Liguori 
---
 qdict.c |   19 +++
 qdict.h |3 +++
 2 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/qdict.c b/qdict.c
index a302f4c..0e04cb1 100644
--- a/qdict.c
+++ b/qdict.c
@@ -242,6 +242,25 @@ const char *qdict_get_try_str(const QDict *qdict, const 
char *key)
 }
 
 /**
+ * qdict_iter(): Iterate over all the dictionary's stored values.
+ *
+ * This function allows the user to provide an iterator, which will be
+ * called for each stored value in the dictionary.
+ */
+void qdict_iter(const QDict *qdict,
+void (*iter)(const char *key, QObject *obj, void *opaque),
+void *opaque)
+{
+int i;
+QDictEntry *entry;
+
+for (i = 0; i < QDICT_HASH_SIZE; i++) {
+QLIST_FOREACH(entry, &qdict->table[i], next)
+iter(entry->key, entry->value, opaque);
+}
+}
+
+/**
  * qentry_destroy(): Free all the memory allocated by a QDictEntry
  */
 static void qentry_destroy(QDictEntry *e)
diff --git a/qdict.h b/qdict.h
index 3102ca2..14b2633 100644
--- a/qdict.h
+++ b/qdict.h
@@ -27,6 +27,9 @@ void qdict_del(QDict *qdict, const char *key);
 int qdict_haskey(const QDict *qdict, const char *key);
 QObject *qdict_get(const QDict *qdict, const char *key);
 QDict *qobject_to_qdict(const QObject *obj);
+void qdict_iter(const QDict *qdict,
+void (*iter)(const char *key, QObject *obj, void *opaque),
+void *opaque);
 
 /* Helper to qdict_put_obj(), accepts any object */
 #define qdict_put(qdict, key, obj) \
-- 
1.6.2.5

Re: [Qemu-devel] arm, mips and mipsel broken

[Glauber Costa]

On Tue, Nov 10, 2009 at 11:19:40PM +0200, Blue Swirl wrote:
> On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno  wrote:
> > Please note that at least qemu-system-arm, qemu-system-mips and
> > qemu-system-mipsel are broken by this commit:
> 
> Given that none of the devices touched by the commit should be used by
> these targets, the breakage comes from just the single new call to
> qemu_system_reset in vl.c. This means that the reset functions for
> those boards and devices must be awfully buggy.
> 
> I think the easiest solution is to surround the call by
> #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
> #endif
> until the devices have been fixed.

if we don't call that, how can we be sure that the devices are in fact reset?

We need a call to qemu_system_reset somewhere before we can start the machine
> 
> 

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Scott Tsai]

On Thu, Nov 12, 2009 at 2:09 AM, Michael S. Tsirkin  wrote:
>> I do have a newbie question, when exactly would vrtio have to handle
>> concurrent access from multiple threads?
>> My current reading of the code suggests:
>> 1. when CONFIG_IOTHREAD is true
>> 2. when CONFIG_KVM is true and the guest machine has multiple CPUs
>
> Right. I don't think CONFIG_IOTHREAD can work correctly
> without kvm though: how would atomics be handled?

I naively imagined it to work like this:
When CONFIG_IOTHREAD is true and CONFIG_KVM is false,
all the tcg CPUs run in the tcg_cpu_thread and device emulation code
runs in io_thread,
so if the tcg translators generate suitable memory barrier
instructions when it sees a "lfence", "sfence", "mfence" instruction
while emulating a x86 or "sync" while emulating a MIPS everything
should work but a quick look at target-*/translate.c suggests memory
barrier instructions are treated as nops.

So maybe --enable-io-thread while --disable-kvm should not be allowed
at configure time.
Does anyone actually ship qemu with CONFIG_IOTHREAD enabled?

Re: [Qemu-devel] arm, mips and mipsel broken

[Paul Brook]

On Tuesday 10 November 2009, Aurelien Jarno wrote:
> On Tue, Nov 10, 2009 at 11:19:40PM +0200, Blue Swirl wrote:
> > On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno  
wrote:
> > > Please note that at least qemu-system-arm, qemu-system-mips and
> > > qemu-system-mipsel are broken by this commit:
> >
> > Given that none of the devices touched by the commit should be used by
> > these targets, the breakage comes from just the single new call to
> > qemu_system_reset in vl.c. This means that the reset functions for
> > those boards and devices must be awfully buggy.
> 
> I'll try to have a closer look at the problem tomorrow, if I can't find
> the problem, it's what I'll commit.

This is latent breakage introduced by 45a50b1.
See commits 97fe84f5 (makes breakage obvious) and f2d7497 (fixed ARM).
MIPS still needs fixing.

Paul

Re: [Qemu-devel] [PATCH] Add support for multiple simultaneously used keyboard devices.

[Filip Navara]

On Mon, Nov 9, 2009 at 3:35 PM, Anthony Liguori wrote:

> Filip Navara wrote:
>
>> The support for multiple keyboard devices is essential for emulating
>> embedded boards where multiple input devices are present (eg. keypad and
>> rotary encoder) which are implemented using separate QEMU devices.
>>
>> Signed-off-by: Filip Navara 
>>
>>
>
> What boards would we actually expose multiple keyboards with?
>

The one that I was about to submit in the next weeks and which I sent
patches for few months ago (search for AT91). It is a custom board with
rotary encoder and matrix keyboard, quite a common configuration. The PXA
controllers even have special "GPIO" pins for these two input devices.

Moreover, we're not doing anything useful here.  We're just repeating a
> single keypress to multiple keyboards which seems rather hackish.
>

The embedded systems I target don't have keyboards in the traditional sense,
they have some input devices connected to the GPIO controller. These input
devices could be reduced keyboards (eg. like on the classic mobile phones),
various kinds of buttons, rotary encoders and so on. Since no direct mapping
exists for these input devices on PC, the easiest way to emulate the input
is with real keyboard.

What I am trying to accomplish is to allow these emulated devices each
handle a distinct subset of the PC keys. The matrix keyboard emulation would
capture the numbers and few other keys and ignore the rest. The rotary
encoder would capture arrows and ignore the rest.

Current QEMU emulations hack it by hard-coding all the real input devices
into one emulated device, which is specific for the board and not reusable.
My emulation is based on the QDEV model and the approach used in Paul Brooks
machine description patches.

Obviously I am open to suggestions on how to better handle this.

Best regards,
Filip Navara

[Qemu-devel] Re: [PATCH 10/11] Add a QObject JSON wrapper

[Luiz Capitulino]

On Wed, 11 Nov 2009 11:29:02 -0600
Anthony Liguori  wrote:

> This provides a QObject interface for creating QObjects from a JSON 
> expression.
> 
> Signed-off-by: Anthony Liguori 
> ---
>  Makefile |2 +-
>  qjson.c  |   60 
>  qjson.h  |   23 +++
>  3 files changed, 84 insertions(+), 1 deletions(-)
>  create mode 100644 qjson.c
>  create mode 100644 qjson.h
> 
> diff --git a/Makefile b/Makefile
> index 6d68a1f..3818c51 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -136,7 +136,7 @@ obj-y += qemu-char.o aio.o savevm.o
>  obj-y += msmouse.o ps2.o
>  obj-y += qdev.o qdev-properties.o
>  obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o json-lexer.o
> -obj-y += json-streamer.o json-parser.o
> +obj-y += json-streamer.o json-parser.o qjson.o
>  obj-y += qemu-config.o
>  
>  obj-$(CONFIG_BRLAPI) += baum.o
> diff --git a/qjson.c b/qjson.c
> new file mode 100644
> index 000..45207f2
> --- /dev/null
> +++ b/qjson.c
> @@ -0,0 +1,60 @@
> +/*
> + * QObject JSON integration
> + *
> + * Copyright IBM, Corp. 2009
> + *
> + * Authors:
> + *  Anthony Liguori   
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or 
> later.
> + * See the COPYING.LIB file in the top-level directory.
> + *
> + */
> +
> +#include "json-lexer.h"
> +#include "json-parser.h"
> +#include "json-streamer.h"
> +#include "qjson.h"
> +
> +typedef struct JSONParsingState
> +{
> +JSONMessageParser parser;
> +va_list *ap;
> +QObject *result;
> +} JSONParsingState;
> +
> +static void parse_json(JSONMessageParser *parser, QList *tokens)
> +{
> +JSONParsingState *s = container_of(parser, JSONParsingState, parser);
> +s->result = json_parser_parse(tokens, s->ap);
> +}
> +
> +QObject *qobject_from_json(const char *string)
> +{
> +JSONParsingState state = {};
> +
> +json_message_parser_init(&state.parser, parse_json);
> +json_message_parser_feed(&state.parser, string, strlen(string));
> +json_message_parser_flush(&state.parser);
> +json_message_parser_destroy(&state.parser);
> +
> +return state.result;
> +}
> +
> +QObject *qobject_from_jsonf(const char *string, ...)
> +{
> +JSONParsingState state = {};
> +va_list ap;
> +
> +va_start(ap, string);
> +state.ap = ≈
> +
> +json_message_parser_init(&state.parser, parse_json);
> +json_message_parser_feed(&state.parser, string, strlen(string));
> +json_message_parser_flush(&state.parser);
> +json_message_parser_destroy(&state.parser);
> +
> +va_end(ap);
> +
> +return state.result;

 I think we should abort() on error, assuming the only way to fail
is a bad syntax.

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Michael S. Tsirkin]

On Thu, Nov 12, 2009 at 01:18:11AM +0800, Scott Tsai wrote:
> On Wed, Nov 11, 2009 at 10:08 PM, Michael S. Tsirkin  wrote:
> > On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
> >> If you don't need real barriers, then why does the kvm code have them?
> >
> > We need real barriers but AFAIK kvm does not have them :(
> > IOW: virtio is currently broken with kvm, and my patch did
> > not fix this. The comment that I added says as much.
> 
> How about just using GCC's __sync__synchronize atomic builtin (if
> detected as available by configure)?
> It's a full memory barrier instead of just a write barrier,  for x86,
> it generates the same code as the current Linux mb() implementation:
> "mfence" on x86_64
> "lock orl $0x0,(%esp)" on x86 unless -march is specified to a
> processor with "mfence".
> PPC could continue to use "eieio" while other architectures could just
> default to __sync_synchronize
> 
> I do have a newbie question, when exactly would vrtio have to handle
> concurrent access from multiple threads?
> My current reading of the code suggests:
> 1. when CONFIG_IOTHREAD is true
> 2. when CONFIG_KVM is true and the guest machine has multiple CPUs

Right. I don't think CONFIG_IOTHREAD can work correctly
without kvm though: how would atomics be handled?

-- 
MST

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Michael S. Tsirkin]

On Thu, Nov 12, 2009 at 01:18:11AM +0800, Scott Tsai wrote:
> On Wed, Nov 11, 2009 at 10:08 PM, Michael S. Tsirkin  wrote:
> > On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
> >> If you don't need real barriers, then why does the kvm code have them?
> >
> > We need real barriers but AFAIK kvm does not have them :(
> > IOW: virtio is currently broken with kvm, and my patch did
> > not fix this. The comment that I added says as much.
> 
> How about just using GCC's __sync__synchronize atomic builtin (if
> detected as available by configure)?
> It's a full memory barrier instead of just a write barrier,  for x86,
> it generates the same code as the current Linux mb() implementation:
> "mfence" on x86_64
> "lock orl $0x0,(%esp)" on x86 unless -march is specified to a
> processor with "mfence".
> PPC could continue to use "eieio" while other architectures could just
> default to __sync_synchronize

Hmm, on x86 that's more expensive than it needs to be...
We can also ifdef platforms that we care about ...

> I do have a newbie question, when exactly would vrtio have to handle
> concurrent access from multiple threads?
> My current reading of the code suggests:
> 1. when CONFIG_IOTHREAD is true
> 2. when CONFIG_KVM is true and the guest machine has multiple CPUs

[Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS

[Alexander Graf]

SeaBIOS clears RAM between we write our -kernel image to RAM and the int19
handler gets triggered.

So in order to work around that, I sat down and implemented Avi's suggestion
of "downloading" all blobs in runtime from the fw_cfg interface

Thanks to glommer who talked me into doing it ;-).

Alexander Graf (6):
  Make fw_cfg interface 32-bit aware
  Introduce copy_rom
  Convert multiboot to fw_cfg backed data storage
  Move common option rom code to header file
  Convert linux bootrom to external rom and fw_cfg
  Add linuxboot to BLOBS

 Makefile  |2 +-
 hw/fw_cfg.c   |8 +-
 hw/fw_cfg.h   |   13 +++-
 hw/loader.c   |   38 +
 hw/loader.h   |1 +
 hw/pc.c   |  169 +
 pc-bios/optionrom/Makefile|2 +-
 pc-bios/optionrom/linuxboot.S |  140 ++
 pc-bios/optionrom/multiboot.S |  108 ++-
 pc-bios/optionrom/optionrom.h |  107 ++
 10 files changed, 396 insertions(+), 192 deletions(-)
 create mode 100644 pc-bios/optionrom/linuxboot.S
 create mode 100644 pc-bios/optionrom/optionrom.h

[Qemu-devel] [PATCH 5/6] Convert linux bootrom to external rom and fw_cfg

[Alexander Graf]

We already have a working multiboot implementation that uses fw_cfg to get
its kernel module etc. data in int19 runtime now.

So what's missing is a working linux boot option rom. While at it I figured it
would be a good idea to take the opcode generator out of pc.c and instead use
a proper option rom, like we do with multiboot.

So here it is - an fw_cfg using option rom for -kernel with linux!

Signed-off-by: Alexander Graf 
---
 hw/fw_cfg.h   |8 ++-
 hw/pc.c   |  126 +++--
 pc-bios/optionrom/Makefile|2 +-
 pc-bios/optionrom/linuxboot.S |  140 +
 4 files changed, 172 insertions(+), 104 deletions(-)
 create mode 100644 pc-bios/optionrom/linuxboot.S

diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 1e004b7..7070c94 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -20,7 +20,13 @@
 #define FW_CFG_KERNEL_ENTRY 0x10
 #define FW_CFG_KERNEL_DATA  0x11
 #define FW_CFG_INITRD_DATA  0x12
-#define FW_CFG_MAX_ENTRY0x13
+#define FW_CFG_CMDLINE_ADDR 0x13
+#define FW_CFG_CMDLINE_SIZE 0x14
+#define FW_CFG_CMDLINE_DATA 0x15
+#define FW_CFG_SETUP_ADDR   0x16
+#define FW_CFG_SETUP_SIZE   0x17
+#define FW_CFG_SETUP_DATA   0x18
+#define FW_CFG_MAX_ENTRY0x19
 
 #define FW_CFG_WRITE_CHANNEL0x4000
 #define FW_CFG_ARCH_LOCAL   0x8000
diff --git a/hw/pc.c b/hw/pc.c
index 291ca1d..ece6c29 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -487,85 +487,6 @@ static void *bochs_bios_init(void)
 return fw_cfg;
 }
 
-/* Generate an initial boot sector which sets state and jump to
-   a specified vector */
-static void generate_bootsect(uint32_t gpr[8], uint16_t segs[6], uint16_t ip)
-{
-uint8_t rom[512], *p, *reloc;
-uint8_t sum;
-int i;
-
-memset(rom, 0, sizeof(rom));
-
-p = rom;
-/* Make sure we have an option rom signature */
-*p++ = 0x55;
-*p++ = 0xaa;
-
-/* ROM size in sectors*/
-*p++ = 1;
-
-/* Hook int19 */
-
-*p++ = 0x50;   /* push ax */
-*p++ = 0x1e;   /* push ds */
-*p++ = 0x31; *p++ = 0xc0;  /* xor ax, ax */
-*p++ = 0x8e; *p++ = 0xd8;  /* mov ax, ds */
-
-*p++ = 0xc7; *p++ = 0x06;   /* movvw _start,0x64 */
-*p++ = 0x64; *p++ = 0x00;
-reloc = p;
-*p++ = 0x00; *p++ = 0x00;
-
-*p++ = 0x8c; *p++ = 0x0e;   /* mov cs,0x66 */
-*p++ = 0x66; *p++ = 0x00;
-
-*p++ = 0x1f;   /* pop ds */
-*p++ = 0x58;   /* pop ax */
-*p++ = 0xcb;   /* lret */
-
-/* Actual code */
-*reloc = (p - rom);
-
-*p++ = 0xfa;   /* CLI */
-*p++ = 0xfc;   /* CLD */
-
-for (i = 0; i < 6; i++) {
-   if (i == 1) /* Skip CS */
-   continue;
-
-   *p++ = 0xb8;/* MOV AX,imm16 */
-   *p++ = segs[i];
-   *p++ = segs[i] >> 8;
-   *p++ = 0x8e;/* MOV ,AX */
-   *p++ = 0xc0 + (i << 3);
-}
-
-for (i = 0; i < 8; i++) {
-   *p++ = 0x66;/* 32-bit operand size */
-   *p++ = 0xb8 + i;/* MOV ,imm32 */
-   *p++ = gpr[i];
-   *p++ = gpr[i] >> 8;
-   *p++ = gpr[i] >> 16;
-   *p++ = gpr[i] >> 24;
-}
-
-*p++ = 0xea;   /* JMP FAR */
-*p++ = ip; /* IP */
-*p++ = ip >> 8;
-*p++ = segs[1];/* CS */
-*p++ = segs[1] >> 8;
-
-/* sign rom */
-sum = 0;
-for (i = 0; i < (sizeof(rom) - 1); i++)
-sum += rom[i];
-rom[sizeof(rom) - 1] = -sum;
-
-rom_add_blob("linux-bootsect", rom, sizeof(rom),
- PC_ROM_MIN_OPTION, PC_ROM_MAX, PC_ROM_ALIGN);
-}
-
 static long get_file_size(FILE *f)
 {
 long where, size;
@@ -812,12 +733,9 @@ static void load_linux(void *fw_cfg,
target_phys_addr_t max_ram_size)
 {
 uint16_t protocol;
-uint32_t gpr[8];
-uint16_t seg[6];
-uint16_t real_seg;
 int setup_size, kernel_size, initrd_size = 0, cmdline_size;
 uint32_t initrd_max;
-uint8_t header[8192], *setup, *kernel;
+uint8_t header[8192], *setup, *kernel, *initrd_data;
 target_phys_addr_t real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
 FILE *f;
 char *vmode;
@@ -886,9 +804,11 @@ static void load_linux(void *fw_cfg,
 if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
 
-/* kernel command line */
-rom_add_blob_fixed("cmdline", kernel_cmdline,
-   strlen(kernel_cmdline)+1, cmdline_addr);
+fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
+fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
+fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
+ (uint8_t*)strdup(kernel_cmdline),
+ strlen(kernel_cmdline)+1);
 
 if (protocol >= 0x202) {
stl_p(header+0x228, cmdline_addr);
@@ -937,7 +857,13 @@ static void load_linux(voi

[Qemu-devel] [PATCH 3/6] Convert multiboot to fw_cfg backed data storage

[Alexander Graf]

Right now we load the guest kernel to RAM, fire off the BIOS, hope it
doesn't clobber memory and run an option rom that jumps into the kernel.

That breaks with SeaBIOS, as that clears memory. So let's read all
kernel, module etc. data using the fw_cfg interface when in the int19
handler.

This patch implements said mechanism for multiboot.

Signed-off-by: Alexander Graf 
---
 hw/fw_cfg.h   |5 ++-
 hw/pc.c   |   43 ---
 pc-bios/optionrom/multiboot.S |   77 -
 3 files changed, 94 insertions(+), 31 deletions(-)

diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 359d45a..1e004b7 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -17,7 +17,10 @@
 #define FW_CFG_NUMA 0x0d
 #define FW_CFG_BOOT_MENU0x0e
 #define FW_CFG_MAX_CPUS 0x0f
-#define FW_CFG_MAX_ENTRY0x10
+#define FW_CFG_KERNEL_ENTRY 0x10
+#define FW_CFG_KERNEL_DATA  0x11
+#define FW_CFG_INITRD_DATA  0x12
+#define FW_CFG_MAX_ENTRY0x13
 
 #define FW_CFG_WRITE_CHANNEL0x4000
 #define FW_CFG_ARCH_LOCAL   0x8000
diff --git a/hw/pc.c b/hw/pc.c
index bf4718e..291ca1d 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -603,6 +603,8 @@ static int load_multiboot(void *fw_cfg,
 uint32_t mb_mod_end;
 uint8_t bootinfo[0x500];
 uint32_t cmdline = 0x200;
+uint8_t *mb_kernel_data;
+uint8_t *mb_bootinfo_data;
 
 /* Ok, let's see if it is a multiboot image.
The header is 12x32bit long, so the latest entry may be 8192 - 48. */
@@ -643,6 +645,12 @@ static int load_multiboot(void *fw_cfg,
 mh_load_addr = mh_entry_addr = elf_entry;
 mb_kernel_size = kernel_size;
 
+mb_kernel_data = qemu_malloc(mb_kernel_size);
+if (copy_rom(mb_kernel_data, elf_entry, kernel_size) != kernel_size) {
+fprintf(stderr, "Error while fetching elf kernel from rom\n");
+exit(1);
+}
+
 #ifdef DEBUG_MULTIBOOT
 fprintf(stderr, "qemu: loading multiboot-elf kernel (%#x bytes) with 
entry %#zx\n",
 mb_kernel_size, (size_t)mh_entry_addr);
@@ -656,7 +664,6 @@ static int load_multiboot(void *fw_cfg,
 uint32_t mh_bss_end_addr = ldl_p(header+i+24);
 #endif
 uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
-uint8_t *kernel;
 
 mh_entry_addr = ldl_p(header+i+28);
 mb_kernel_size = get_file_size(f) - mb_kernel_text_offset;
@@ -676,12 +683,9 @@ static int load_multiboot(void *fw_cfg,
 mb_kernel_size, mh_load_addr);
 #endif
 
-kernel = qemu_malloc(mb_kernel_size);
+mb_kernel_data = qemu_malloc(mb_kernel_size);
 fseek(f, mb_kernel_text_offset, SEEK_SET);
-fread(kernel, 1, mb_kernel_size, f);
-rom_add_blob_fixed(kernel_filename, kernel, mb_kernel_size,
-   mh_load_addr);
-qemu_free(kernel);
+fread(mb_kernel_data, 1, mb_kernel_size, f);
 fclose(f);
 }
 
@@ -732,9 +736,14 @@ static int load_multiboot(void *fw_cfg,
 exit(1);
 }
 mb_mod_end = mb_mod_start + mb_mod_length;
-rom_add_file_fixed(initrd_filename, mb_mod_start);
-
 mb_mod_count++;
+
+/* append module data at the end of last module */
+mb_kernel_data = qemu_realloc(mb_kernel_data,
+  mh_load_addr - mb_mod_end);
+load_image(initrd_filename,
+   mb_kernel_data + mb_mod_start - mh_load_addr);
+
 stl_p(bootinfo + mb_mod_info + 0, mb_mod_start);
 stl_p(bootinfo + mb_mod_info + 4, mb_mod_start + mb_mod_length);
 stl_p(bootinfo + mb_mod_info + 12, 0x0); /* reserved */
@@ -774,13 +783,21 @@ static int load_multiboot(void *fw_cfg,
 fprintf(stderr, "multiboot: mh_entry_addr = %#x\n", mh_entry_addr);
 #endif
 
+/* save bootinfo off the stack */
+mb_bootinfo_data = qemu_malloc(sizeof(bootinfo));
+memcpy(mb_bootinfo_data, bootinfo, sizeof(bootinfo));
+
 /* Pass variables to option rom */
-fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_entry_addr);
-fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, mb_bootinfo);
-fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, mmap_addr);
+fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ENTRY, mh_entry_addr);
+fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_load_addr);
+fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, mb_mod_end - mh_load_addr);
+fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, mb_kernel_data,
+ mb_mod_end - mh_load_addr);
 
-rom_add_blob_fixed("multiboot-info", bootinfo, sizeof(bootinfo),
-   mb_bootinfo);
+fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, mb_bootinfo);
+fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, sizeof(bootinfo));
+fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
+ sizeof(bootinfo));
 
 option_rom[n

[Qemu-devel] [PATCH 2/6] Introduce copy_rom

[Alexander Graf]

We have several rom helpers currently, but none of them can get us
code that spans several roms into a pointer.

This patch introduces a function that copies over rom contents.

Signed-off-by: Alexander Graf 
---
 hw/loader.c |   38 ++
 hw/loader.h |1 +
 2 files changed, 39 insertions(+), 0 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index 9153b38..cab53c1 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -701,6 +701,44 @@ static Rom *find_rom(target_phys_addr_t addr)
 return NULL;
 }
 
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size)
+{
+target_phys_addr_t end = addr + size;
+uint8_t *s, *d = dest;
+size_t l = 0;
+Rom *rom;
+
+QTAILQ_FOREACH(rom, &roms, next) {
+if (rom->max)
+continue;
+if (rom->min > addr)
+continue;
+if (rom->min + rom->romsize < addr)
+continue;
+if (rom->min > end)
+break;
+if (!rom->data)
+continue;
+
+d = dest + (rom->min - addr);
+s = rom->data;
+l = rom->romsize;
+
+if (rom->min < addr) {
+d = dest;
+s += (addr - rom->min);
+l -= (addr - rom->min);
+}
+if ((d + l) > (dest + size)) {
+l = dest - d;
+}
+
+memcpy(d, s, l);
+}
+
+return (d + l) - dest;
+}
+
 void *rom_ptr(target_phys_addr_t addr)
 {
 Rom *rom;
diff --git a/hw/loader.h b/hw/loader.h
index 67dae57..6cfb03a 100644
--- a/hw/loader.h
+++ b/hw/loader.h
@@ -24,6 +24,7 @@ int rom_add_file(const char *file,
 int rom_add_blob(const char *name, const void *blob, size_t len,
  target_phys_addr_t min, target_phys_addr_t max, int align);
 int rom_load_all(void);
+int copy_rom(uint8_t *dest, target_phys_addr_t addr, size_t size);
 void *rom_ptr(target_phys_addr_t addr);
 void do_info_roms(Monitor *mon);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 6/6] Add linuxboot to BLOBS

[Alexander Graf]

We should install linuxboot.bin too, so let's add it to the to-be-installed
blobs.

Signed-off-by: Alexander Graf 
---
 Makefile |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/Makefile b/Makefile
index 30f1c9d..a6647c2 100644
--- a/Makefile
+++ b/Makefile
@@ -256,7 +256,7 @@ video.x openbios-sparc32 openbios-sparc64 openbios-ppc \
 pxe-ne2k_pci.bin pxe-rtl8139.bin pxe-pcnet.bin pxe-e1000.bin \
 pxe-virtio.bin pxe-eepro100.bin pxe-pcnet.bin \
 bamboo.dtb petalogix-s3adsp1800.dtb \
-multiboot.bin
+multiboot.bin linuxboot.bin
 else
 BLOBS=
 endif
-- 
1.6.0.2

[Qemu-devel] [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

The fw_cfg interface can only handle up to 16 bits of data for its streams.
While that isn't too much of a problem when handling integers, we would
like to stream full kernel images over that interface!

So let's extend it to 32 bit length variables.

Signed-off-by: Alexander Graf 
---
 hw/fw_cfg.c |8 
 hw/fw_cfg.h |2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..3a3f694 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
 #define FW_CFG_SIZE 2
 
 typedef struct _FWCfgEntry {
-uint16_t len;
+uint32_t len;
 uint8_t *data;
 void *callback_opaque;
 FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
 typedef struct _FWCfgState {
 FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
 uint16_t cur_entry;
-uint16_t cur_offset;
+uint32_t cur_offset;
 } FWCfgState;
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)
@@ -171,12 +171,12 @@ static const VMStateDescription vmstate_fw_cfg = {
 .minimum_version_id_old = 1,
 .fields  = (VMStateField []) {
 VMSTATE_UINT16(cur_entry, FWCfgState),
-VMSTATE_UINT16(cur_offset, FWCfgState),
+VMSTATE_UINT32(cur_offset, FWCfgState),
 VMSTATE_END_OF_LIST()
 }
 };
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len)
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len)
 {
 FWCfgState *s = opaque;
 int arch = !!(key & FW_CFG_ARCH_LOCAL);
diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 30dfec7..359d45a 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -28,7 +28,7 @@
 #ifndef NO_QEMU_PROTOS
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len);
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len);
 int fw_cfg_add_i16(void *opaque, uint16_t key, uint16_t value);
 int fw_cfg_add_i32(void *opaque, uint16_t key, uint32_t value);
 int fw_cfg_add_i64(void *opaque, uint16_t key, uint64_t value);
-- 
1.6.0.2

[Qemu-devel] [PATCH 4/6] Move common option rom code to header file

[Alexander Graf]

We will have a linux boot option rom soon, so let's take all functionality
that might be useful for both to a header file that both roms can include.

That way we only have to write fw_cfg access code once.

Signed-off-by: Alexander Graf 
---
 pc-bios/optionrom/multiboot.S |   79 +-
 pc-bios/optionrom/optionrom.h |  107 +
 2 files changed, 110 insertions(+), 76 deletions(-)
 create mode 100644 pc-bios/optionrom/optionrom.h

diff --git a/pc-bios/optionrom/multiboot.S b/pc-bios/optionrom/multiboot.S
index dafac73..be5c9fc 100644
--- a/pc-bios/optionrom/multiboot.S
+++ b/pc-bios/optionrom/multiboot.S
@@ -18,86 +18,15 @@
  *   Authors: Alexander Graf 
  */
 
-#define NO_QEMU_PROTOS
-#include "../../hw/fw_cfg.h"
-
-#define BIOS_CFG_IOPORT_CFG0x510
-#define BIOS_CFG_IOPORT_DATA   0x511
+#include "optionrom.h"
 
 #define MULTIBOOT_MAGIC0x2badb002
 
 #define GS_PROT_JUMP   0
 #define GS_GDT_DESC6
 
-/* Break the translation block flow so -d cpu shows us values */
-#define DEBUG_HERE \
-   jmp 1f; \
-   1:
-   
-/* Read a variable from the fw_cfg device.
-   Clobbers:   %edx
-   Out:%eax */
-.macro read_fw VAR
-   mov $\VAR, %ax
-   mov $BIOS_CFG_IOPORT_CFG, %dx
-   outw%ax, (%dx)
-   mov $BIOS_CFG_IOPORT_DATA, %dx
-   inb (%dx), %al
-   shl $8, %eax
-   inb (%dx), %al
-   shl $8, %eax
-   inb (%dx), %al
-   shl $8, %eax
-   inb (%dx), %al
-   bswap   %eax
-.endm
 
-/*
- * Read a blob from the fw_cfg device.
- * Requires _ADDR, _SIZE and _DATA values for the parameter.
- *
- * Clobbers:   %eax, %edx, %es, %ecx, %edi
- */
-#define read_fw_blob(var) \
-   read_fw var ## _ADDR;   \
-   mov %eax, %edi; \
-   read_fw var ## _SIZE;   \
-   mov %eax, %ecx; \
-   mov $var ## _DATA, %ax; \
-   mov $BIOS_CFG_IOPORT_CFG, %edx; \
-   outw%ax, (%dx); \
-   mov $BIOS_CFG_IOPORT_DATA, %dx; \
-   cld;\
-   DEBUG_HERE \
-   rep insb(%dx), %es:(%edi);
-
-.code16
-.text
-   .global _start
-_start:
-   .short  0xaa55
-   .byte   (_end - _start) / 512
-   push%eax
-   push%ds
-
-   /* setup ds so we can access the IVT */
-   xor %ax, %ax
-   mov %ax, %ds
-
-   /* install our int 19 handler */
-   movw$int19_handler, (0x19*4)
-   mov %cs, (0x19*4+2)
-
-   pop %ds
-   pop %eax
-   lret
-
-int19_handler:
-   /* DS = CS */
-   movw%cs, %ax
-   movw%ax, %ds
-
-   /* fall through */
+BOOT_ROM_START
 
 run_multiboot:
 
@@ -249,6 +178,4 @@ gdt_desc:
 .short (5 * 8) - 1
 .long  gdt
 
-.align 512, 0
-_end:
-
+BOOT_ROM_END
diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h
new file mode 100644
index 000..34d69af
--- /dev/null
+++ b/pc-bios/optionrom/optionrom.h
@@ -0,0 +1,107 @@
+/*
+ * Common Option ROM Functions
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ *
+ * Copyright Novell Inc, 2009
+ *   Authors: Alexander Graf 
+ */
+
+
+#define NO_QEMU_PROTOS
+#include "../../hw/fw_cfg.h"
+
+#define BIOS_CFG_IOPORT_CFG0x510
+#define BIOS_CFG_IOPORT_DATA   0x511
+
+/* Break the translation block flow so -d cpu shows us values */
+#define DEBUG_HERE \
+   jmp 1f; \
+   1:
+   
+/*
+ * Read a variable from the fw_cfg device.
+ * Clobbers:   %edx
+ * Out:%eax
+ */
+.macro read_fw VAR
+   mov $\VAR, %ax
+   mov $BIOS_CFG_IOPORT_CFG, %dx
+   outw%ax, (%dx)
+   mov $BIOS_CFG_IOPORT_DATA, %dx
+   inb (%dx), %al
+   shl $8, %eax
+   inb (%dx), %al
+   shl $8, %eax
+   i

[Qemu-devel] Re: arm, mips and mipsel broken

[Blue Swirl]

On Wed, Nov 11, 2009 at 7:47 PM, Blue Swirl  wrote:
> On Wed, Nov 11, 2009 at 1:54 AM, Juan Quintela  wrote:
>> Blue Swirl  wrote:
>>> On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno  
>>> wrote:
 Please note that at least qemu-system-arm, qemu-system-mips and
 qemu-system-mipsel are broken by this commit:
>>>
>>> Given that none of the devices touched by the commit should be used by
>>> these targets, the breakage comes from just the single new call to
>>> qemu_system_reset in vl.c. This means that the reset functions for
>>> those boards and devices must be awfully buggy.
>>>
>>> I think the easiest solution is to surround the call by
>>> #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
>>> #endif
>>> until the devices have been fixed.
>>
>> That call also breaks loadvm from the command line on x86_64.
>> If I revert the rest of the patch except that line, I still get breakage
>> on rtl8139.
>
> Sigh. I'll leave only Sparc for now. Sorry for the trouble.
>

In fact it's easier to revert all commits and commit later one
architecture at a time.

[Qemu-devel] Re: arm, mips and mipsel broken

[Blue Swirl]

On Wed, Nov 11, 2009 at 1:54 AM, Juan Quintela  wrote:
> Blue Swirl  wrote:
>> On Tue, Nov 10, 2009 at 10:50 PM, Aurelien Jarno  
>> wrote:
>>> Please note that at least qemu-system-arm, qemu-system-mips and
>>> qemu-system-mipsel are broken by this commit:
>>
>> Given that none of the devices touched by the commit should be used by
>> these targets, the breakage comes from just the single new call to
>> qemu_system_reset in vl.c. This means that the reset functions for
>> those boards and devices must be awfully buggy.
>>
>> I think the easiest solution is to surround the call by
>> #if defined(TARGET_I386) || defined(TARGET_PPC) || defined(TARGET_SPARC)
>> #endif
>> until the devices have been fixed.
>
> That call also breaks loadvm from the command line on x86_64.
> If I revert the rest of the patch except that line, I still get breakage
> on rtl8139.

Sigh. I'll leave only Sparc for now. Sorry for the trouble.

[Qemu-devel] [PATCH 07/11] Add a lexer for JSON

[Anthony Liguori]

Our JSON parser is a three stage parser.  The first stage tokenizes the stream
into a set of lexical tokens.  Since the lexical grammar is regular, we can
use a finite state machine to model it.  The state machine will emit tokens
as they are identified.

Signed-off-by: Anthony Liguori 
---
 Makefile |2 +-
 json-lexer.c |  327 ++
 json-lexer.h |   50 +
 3 files changed, 378 insertions(+), 1 deletions(-)
 create mode 100644 json-lexer.c
 create mode 100644 json-lexer.h

diff --git a/Makefile b/Makefile
index 116cd70..e5ab879 100644
--- a/Makefile
+++ b/Makefile
@@ -135,7 +135,7 @@ obj-y += buffered_file.o migration.o migration-tcp.o 
qemu-sockets.o
 obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
-obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o
+obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o json-lexer.o
 obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
diff --git a/json-lexer.c b/json-lexer.c
new file mode 100644
index 000..53697c5
--- /dev/null
+++ b/json-lexer.c
@@ -0,0 +1,327 @@
+/*
+ * JSON lexer
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qstring.h"
+#include "qlist.h"
+#include "qdict.h"
+#include "qint.h"
+#include "qemu-common.h"
+#include "json-lexer.h"
+
+/*
+ * 
\"([^\\\"]|(\\\"\\'\\/\\b\\f\\n\\r\\t\\u[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]))*\"
+ * 
'([^\\']|(\\\"\\'\\/\\b\\f\\n\\r\\t\\u[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]))*'
+ * 0|([1-9][0-9]*(.[0-9]+)?([eE]([-+])?[0-9]+))
+ * [{}\[\],:]
+ * [a-z]+
+ *
+ */
+
+enum json_lexer_state {
+ERROR = 0,
+IN_DONE_STRING,
+IN_DQ_UCODE3,
+IN_DQ_UCODE2,
+IN_DQ_UCODE1,
+IN_DQ_UCODE0,
+IN_DQ_STRING_ESCAPE,
+IN_DQ_STRING,
+IN_SQ_UCODE3,
+IN_SQ_UCODE2,
+IN_SQ_UCODE1,
+IN_SQ_UCODE0,
+IN_SQ_STRING_ESCAPE,
+IN_SQ_STRING,
+IN_ZERO,
+IN_DIGITS,
+IN_DIGIT,
+IN_EXP_E,
+IN_MANTISSA,
+IN_MANTISSA_DIGITS,
+IN_NONZERO_NUMBER,
+IN_NEG_NONZERO_NUMBER,
+IN_KEYWORD,
+IN_ESCAPE,
+IN_ESCAPE_L,
+IN_ESCAPE_LL,
+IN_ESCAPE_DONE,
+IN_WHITESPACE,
+IN_OPERATOR_DONE,
+IN_START,
+};
+
+#define TERMINAL(state) [0 ... 0x7F] = (state)
+
+static const uint8_t json_lexer[][256] =  {
+[IN_DONE_STRING] = {
+TERMINAL(JSON_STRING),
+},
+
+/* double quote string */
+[IN_DQ_UCODE3] = {
+['0' ... '9'] = IN_DQ_STRING,
+['a' ... 'f'] = IN_DQ_STRING,
+['A' ... 'F'] = IN_DQ_STRING,
+},
+[IN_DQ_UCODE2] = {
+['0' ... '9'] = IN_DQ_UCODE3,
+['a' ... 'f'] = IN_DQ_UCODE3,
+['A' ... 'F'] = IN_DQ_UCODE3,
+},
+[IN_DQ_UCODE1] = {
+['0' ... '9'] = IN_DQ_UCODE2,
+['a' ... 'f'] = IN_DQ_UCODE2,
+['A' ... 'F'] = IN_DQ_UCODE2,
+},
+[IN_DQ_UCODE0] = {
+['0' ... '9'] = IN_DQ_UCODE1,
+['a' ... 'f'] = IN_DQ_UCODE1,
+['A' ... 'F'] = IN_DQ_UCODE1,
+},
+[IN_DQ_STRING_ESCAPE] = {
+['b'] = IN_DQ_STRING,
+['f'] =  IN_DQ_STRING,
+['n'] =  IN_DQ_STRING,
+['r'] =  IN_DQ_STRING,
+['t'] =  IN_DQ_STRING,
+['\''] = IN_DQ_STRING,
+['\"'] = IN_DQ_STRING,
+['u'] = IN_DQ_UCODE0,
+},
+[IN_DQ_STRING] = {
+[1 ... 0xFF] = IN_DQ_STRING,
+['\\'] = IN_DQ_STRING_ESCAPE,
+['"'] = IN_DONE_STRING,
+},
+
+/* single quote string */
+[IN_SQ_UCODE3] = {
+['0' ... '9'] = IN_SQ_STRING,
+['a' ... 'f'] = IN_SQ_STRING,
+['A' ... 'F'] = IN_SQ_STRING,
+},
+[IN_SQ_UCODE2] = {
+['0' ... '9'] = IN_SQ_UCODE3,
+['a' ... 'f'] = IN_SQ_UCODE3,
+['A' ... 'F'] = IN_SQ_UCODE3,
+},
+[IN_SQ_UCODE1] = {
+['0' ... '9'] = IN_SQ_UCODE2,
+['a' ... 'f'] = IN_SQ_UCODE2,
+['A' ... 'F'] = IN_SQ_UCODE2,
+},
+[IN_SQ_UCODE0] = {
+['0' ... '9'] = IN_SQ_UCODE1,
+['a' ... 'f'] = IN_SQ_UCODE1,
+['A' ... 'F'] = IN_SQ_UCODE1,
+},
+[IN_SQ_STRING_ESCAPE] = {
+['b'] = IN_SQ_STRING,
+['f'] =  IN_SQ_STRING,
+['n'] =  IN_SQ_STRING,
+['r'] =  IN_SQ_STRING,
+['t'] =  IN_SQ_STRING,
+['\''] = IN_SQ_STRING,
+['\"'] = IN_SQ_STRING,
+['u'] = IN_SQ_UCODE0,
+},
+[IN_SQ_STRING] = {
+[1 ... 0xFF] = IN_SQ_STRING,
+['\\'] = IN_SQ_STRING_ESCAPE,
+['\''] = IN_DONE_STRING,
+},
+
+/* Zero */
+[IN_ZERO] = {
+TERMINAL(JSON_INTEGER),
+['0' ... '9'] = ERROR,
+['.'] = IN_MANTISSA,
+},
+
+/* Float */
+[IN_DIGITS] = {
+TERMINAL(JSON_FLOAT),
+['0' ... '9'] = IN_DIGITS,
+},
+
+[IN_DIGIT] = {

[Qemu-devel] [PATCH 10/11] Add a QObject JSON wrapper

[Anthony Liguori]

This provides a QObject interface for creating QObjects from a JSON expression.

Signed-off-by: Anthony Liguori 
---
 Makefile |2 +-
 qjson.c  |   60 
 qjson.h  |   23 +++
 3 files changed, 84 insertions(+), 1 deletions(-)
 create mode 100644 qjson.c
 create mode 100644 qjson.h

diff --git a/Makefile b/Makefile
index 6d68a1f..3818c51 100644
--- a/Makefile
+++ b/Makefile
@@ -136,7 +136,7 @@ obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
 obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o json-lexer.o
-obj-y += json-streamer.o json-parser.o
+obj-y += json-streamer.o json-parser.o qjson.o
 obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
diff --git a/qjson.c b/qjson.c
new file mode 100644
index 000..45207f2
--- /dev/null
+++ b/qjson.c
@@ -0,0 +1,60 @@
+/*
+ * QObject JSON integration
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "json-lexer.h"
+#include "json-parser.h"
+#include "json-streamer.h"
+#include "qjson.h"
+
+typedef struct JSONParsingState
+{
+JSONMessageParser parser;
+va_list *ap;
+QObject *result;
+} JSONParsingState;
+
+static void parse_json(JSONMessageParser *parser, QList *tokens)
+{
+JSONParsingState *s = container_of(parser, JSONParsingState, parser);
+s->result = json_parser_parse(tokens, s->ap);
+}
+
+QObject *qobject_from_json(const char *string)
+{
+JSONParsingState state = {};
+
+json_message_parser_init(&state.parser, parse_json);
+json_message_parser_feed(&state.parser, string, strlen(string));
+json_message_parser_flush(&state.parser);
+json_message_parser_destroy(&state.parser);
+
+return state.result;
+}
+
+QObject *qobject_from_jsonf(const char *string, ...)
+{
+JSONParsingState state = {};
+va_list ap;
+
+va_start(ap, string);
+state.ap = ≈
+
+json_message_parser_init(&state.parser, parse_json);
+json_message_parser_feed(&state.parser, string, strlen(string));
+json_message_parser_flush(&state.parser);
+json_message_parser_destroy(&state.parser);
+
+va_end(ap);
+
+return state.result;
+}
diff --git a/qjson.h b/qjson.h
new file mode 100644
index 000..38be643
--- /dev/null
+++ b/qjson.h
@@ -0,0 +1,23 @@
+/*
+ * QObject JSON integration
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QJSON_H
+#define QJSON_H
+
+#include "qobject.h"
+
+QObject *qobject_from_json(const char *string);
+QObject *qobject_from_jsonf(const char *string, ...)
+__attribute__((__format__ (__printf__, 1, 2)));
+
+#endif /* QJSON_H */
-- 
1.6.2.5

[Qemu-devel] [PATCH 04/11] Add a QFloat datatype

[Anthony Liguori]

Signed-off-by: Anthony Liguori 
---
 Makefile  |3 +-
 qfloat.c  |   76 +
 qfloat.h  |   29 +++
 qobject.h |1 +
 4 files changed, 108 insertions(+), 1 deletions(-)
 create mode 100644 qfloat.c
 create mode 100644 qfloat.h

diff --git a/Makefile b/Makefile
index 30f1c9d..8d94fda 100644
--- a/Makefile
+++ b/Makefile
@@ -135,7 +135,8 @@ obj-y += buffered_file.o migration.o migration-tcp.o 
qemu-sockets.o
 obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
-obj-y += qint.o qstring.o qdict.o qlist.o qemu-config.o
+obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o
+obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
 obj-$(CONFIG_POSIX) += migration-exec.o migration-unix.o migration-fd.o
diff --git a/qfloat.c b/qfloat.c
new file mode 100644
index 000..05215f5
--- /dev/null
+++ b/qfloat.c
@@ -0,0 +1,76 @@
+/*
+ * QFloat Module
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * Authors:
+ *  Luiz Capitulino 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qfloat.h"
+#include "qobject.h"
+#include "qemu-common.h"
+
+static void qfloat_destroy_obj(QObject *obj);
+
+static const QType qfloat_type = {
+.code = QTYPE_QFLOAT,
+.destroy = qfloat_destroy_obj,
+};
+
+/**
+ * qfloat_from_int(): Create a new QFloat from a float
+ *
+ * Return strong reference.
+ */
+QFloat *qfloat_from_double(double value)
+{
+QFloat *qf;
+
+qf = qemu_malloc(sizeof(*qf));
+qf->value = value;
+QOBJECT_INIT(qf, &qfloat_type);
+
+return qf;
+}
+
+/**
+ * qfloat_get_double(): Get the stored float
+ */
+double qfloat_get_double(const QFloat *qf)
+{
+return qf->value;
+}
+
+/**
+ * qobject_to_qfloat(): Convert a QObject into a QFloat
+ */
+QFloat *qobject_to_qfloat(const QObject *obj)
+{
+if (qobject_type(obj) != QTYPE_QFLOAT)
+return NULL;
+
+return container_of(obj, QFloat, base);
+}
+
+/**
+ * qfloat_destroy_obj(): Free all memory allocated by a
+ * QFloat object
+ */
+static void qfloat_destroy_obj(QObject *obj)
+{
+assert(obj != NULL);
+qemu_free(qobject_to_qfloat(obj));
+}
diff --git a/qfloat.h b/qfloat.h
new file mode 100644
index 000..9d67876
--- /dev/null
+++ b/qfloat.h
@@ -0,0 +1,29 @@
+/*
+ * QFloat Module
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QFLOAT_H
+#define QFLOAT_H
+
+#include 
+#include "qobject.h"
+
+typedef struct QFloat {
+QObject_HEAD;
+double value;
+} QFloat;
+
+QFloat *qfloat_from_double(double value);
+double qfloat_get_double(const QFloat *qi);
+QFloat *qobject_to_qfloat(const QObject *obj);
+
+#endif /* QFLOAT_H */
diff --git a/qobject.h b/qobject.h
index 76f669f..67b03d0 100644
--- a/qobject.h
+++ b/qobject.h
@@ -41,6 +41,7 @@ typedef enum {
 QTYPE_QSTRING,
 QTYPE_QDICT,
 QTYPE_QLIST,
+QTYPE_QFLOAT,
 } qtype_code;
 
 struct QObject;
-- 
1.6.2.5

[Qemu-devel] [PATCH 02/11] Add operations to qlist to allow it to be used as a stack

[Anthony Liguori]

This makes lists no longer invariant. It's a very useful bit of functionality
though.

To deal with the fact that lists are no longer invariant, introduce a deep
copy mechanism for lists.

Signed-off-by: Anthony Liguori 
---
 qlist.c |   56 
 qlist.h |4 
 2 files changed, 60 insertions(+), 0 deletions(-)

diff --git a/qlist.c b/qlist.c
index ba2c66c..5fccb7d 100644
--- a/qlist.c
+++ b/qlist.c
@@ -37,6 +37,23 @@ QList *qlist_new(void)
 return qlist;
 }
 
+static void qlist_copy_elem(QObject *obj, void *opaque)
+{
+QList *dst = opaque;
+
+qobject_incref(obj);
+qlist_append_obj(dst, obj);
+}
+
+QList *qlist_copy(QList *src)
+{
+QList *dst = qlist_new();
+
+qlist_iter(src, qlist_copy_elem, dst);
+
+return dst;
+}
+
 /**
  * qlist_append_obj(): Append an QObject into QList
  *
@@ -67,6 +84,45 @@ void qlist_iter(const QList *qlist,
 iter(entry->value, opaque);
 }
 
+QObject *qlist_pop(QList *qlist)
+{
+QListEntry *entry;
+QObject *ret;
+
+if (qlist == NULL || QTAILQ_EMPTY(&qlist->head)) {
+return NULL;
+}
+
+entry = QTAILQ_FIRST(&qlist->head);
+QTAILQ_REMOVE(&qlist->head, entry, next);
+
+ret = entry->value;
+qemu_free(entry);
+
+return ret;
+}
+
+QObject *qlist_peek(QList *qlist)
+{
+QListEntry *entry;
+QObject *ret;
+
+if (qlist == NULL || QTAILQ_EMPTY(&qlist->head)) {
+return NULL;
+}
+
+entry = QTAILQ_FIRST(&qlist->head);
+
+ret = entry->value;
+
+return ret;
+}
+
+int qlist_empty(const QList *qlist)
+{
+return QTAILQ_EMPTY(&qlist->head);
+}
+
 /**
  * qobject_to_qlist(): Convert a QObject into a QList
  */
diff --git a/qlist.h b/qlist.h
index 3eb1eb8..afdc446 100644
--- a/qlist.h
+++ b/qlist.h
@@ -30,9 +30,13 @@ typedef struct QList {
 qlist_append_obj(qlist, QOBJECT(obj))
 
 QList *qlist_new(void);
+QList *qlist_copy(QList *src);
 void qlist_append_obj(QList *qlist, QObject *obj);
 void qlist_iter(const QList *qlist,
 void (*iter)(QObject *obj, void *opaque), void *opaque);
+QObject *qlist_pop(QList *qlist);
+QObject *qlist_peek(QList *qlist);
+int qlist_empty(const QList *qlist);
 QList *qobject_to_qlist(const QObject *obj);
 
 #endif /* QLIST_H */
-- 
1.6.2.5

[Qemu-devel] [PATCH 01/11] Properly escape QDECREF macro arguments

[Anthony Liguori]

QDECREF does not properly escape the macro arguments which can lead to
unexpected syntax errors.

Signed-off-by: Anthony Liguori 
---
 qobject.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/qobject.h b/qobject.h
index 4cc9287..76f669f 100644
--- a/qobject.h
+++ b/qobject.h
@@ -60,7 +60,7 @@ typedef struct QObject {
 QObject base
 
 /* Get the 'base' part of an object */
-#define QOBJECT(obj) (&obj->base)
+#define QOBJECT(obj) (&(obj)->base)
 
 /* High-level interface for qobject_incref() */
 #define QINCREF(obj)  \
-- 
1.6.2.5

[Qemu-devel] [PATCH 08/11] Add a JSON message boundary identifier

[Anthony Liguori]

The second stage of our JSON parser is a simple state machine that identifies
individual JSON values by counting the levels of nesting of tokens.  It does
not perform grammar validation.  We use this to emit a full JSON value to the
parser.

Signed-off-by: Anthony Liguori 
---
 Makefile|1 +
 json-streamer.c |   88 +++
 json-streamer.h |   39 
 3 files changed, 128 insertions(+), 0 deletions(-)
 create mode 100644 json-streamer.c
 create mode 100644 json-streamer.h

diff --git a/Makefile b/Makefile
index e5ab879..a2aab60 100644
--- a/Makefile
+++ b/Makefile
@@ -136,6 +136,7 @@ obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
 obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o json-lexer.o
+obj-y += json-streamer.o
 obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
diff --git a/json-streamer.c b/json-streamer.c
new file mode 100644
index 000..610ffea
--- /dev/null
+++ b/json-streamer.c
@@ -0,0 +1,88 @@
+/*
+ * JSON streaming support
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qlist.h"
+#include "qint.h"
+#include "qdict.h"
+#include "qemu-common.h"
+#include "json-lexer.h"
+#include "json-streamer.h"
+
+static void json_message_process_token(JSONLexer *lexer, QString *token, 
JSONTokenType type, int x, int y)
+{
+JSONMessageParser *parser = container_of(lexer, JSONMessageParser, lexer);
+QDict *dict;
+
+if (type == JSON_OPERATOR) {
+switch (qstring_get_str(token)[0]) {
+case '{':
+parser->brace_count++;
+break;
+case '}':
+parser->brace_count--;
+break;
+case '[':
+parser->bracket_count++;
+break;
+case ']':
+parser->bracket_count--;
+break;
+default:
+break;
+}
+}
+
+dict = qdict_new();
+qdict_put_obj(dict, "type", QOBJECT(qint_from_int(type)));
+QINCREF(token);
+qdict_put_obj(dict, "token", QOBJECT(token));
+qdict_put_obj(dict, "x", QOBJECT(qint_from_int(x)));
+qdict_put_obj(dict, "y", QOBJECT(qint_from_int(y)));
+
+qlist_append(parser->tokens, dict);
+
+if (parser->brace_count == 0 &&
+parser->bracket_count == 0) {
+parser->emit(parser, parser->tokens);
+QDECREF(parser->tokens);
+parser->tokens = qlist_new();
+}
+}
+
+void json_message_parser_init(JSONMessageParser *parser,
+  void (*func)(JSONMessageParser *, QList *))
+{
+parser->emit = func;
+parser->brace_count = 0;
+parser->bracket_count = 0;
+parser->tokens = qlist_new();
+
+json_lexer_init(&parser->lexer, json_message_process_token);
+}
+
+int json_message_parser_feed(JSONMessageParser *parser,
+ const char *buffer, size_t size)
+{
+return json_lexer_feed(&parser->lexer, buffer, size);
+}
+
+int json_message_parser_flush(JSONMessageParser *parser)
+{
+return json_lexer_flush(&parser->lexer);
+}
+
+void json_message_parser_destroy(JSONMessageParser *parser)
+{
+json_lexer_destroy(&parser->lexer);
+QDECREF(parser->tokens);
+}
diff --git a/json-streamer.h b/json-streamer.h
new file mode 100644
index 000..09f3bd7
--- /dev/null
+++ b/json-streamer.h
@@ -0,0 +1,39 @@
+/*
+ * JSON streaming support
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_JSON_STREAMER_H
+#define QEMU_JSON_STREAMER_H
+
+#include "qlist.h"
+#include "json-lexer.h"
+
+typedef struct JSONMessageParser
+{
+void (*emit)(struct JSONMessageParser *parser, QList *tokens);
+JSONLexer lexer;
+int brace_count;
+int bracket_count;
+QList *tokens;
+} JSONMessageParser;
+
+void json_message_parser_init(JSONMessageParser *parser,
+  void (*func)(JSONMessageParser *, QList *));
+
+int json_message_parser_feed(JSONMessageParser *parser,
+ const char *buffer, size_t size);
+
+int json_message_parser_flush(JSONMessageParser *parser);
+
+void json_message_parser_destroy(JSONMessageParser *parser);
+
+#endif
-- 
1.6.2.5

[Qemu-devel] [PATCH 03/11] Allow strings to grow in size

[Anthony Liguori]

This lets us use QString for building larger strings

Signed-off-by: Anthony Liguori 
---
 qstring.c |   37 -
 qstring.h |4 
 2 files changed, 40 insertions(+), 1 deletions(-)

diff --git a/qstring.c b/qstring.c
index 6d411da..441a9e6 100644
--- a/qstring.c
+++ b/qstring.c
@@ -21,6 +21,16 @@ static const QType qstring_type = {
 };
 
 /**
+ * qstring_new(): Create a new empty QString
+ *
+ * Return strong reference.
+ */
+QString *qstring_new(void)
+{
+return qstring_from_str("");
+}
+
+/**
  * qstring_from_str(): Create a new QString from a regular C string
  *
  * Return strong reference.
@@ -30,12 +40,37 @@ QString *qstring_from_str(const char *str)
 QString *qstring;
 
 qstring = qemu_malloc(sizeof(*qstring));
-qstring->string = qemu_strdup(str);
+
+qstring->length = strlen(str);
+qstring->capacity = qstring->length;
+
+qstring->string = qemu_malloc(qstring->capacity + 1);
+memcpy(qstring->string, str, qstring->length);
+qstring->string[qstring->length] = 0;
+
 QOBJECT_INIT(qstring, &qstring_type);
 
 return qstring;
 }
 
+/* qstring_append(): Append a C string to a QString
+ */
+void qstring_append(QString *qstring, const char *str)
+{
+size_t len = strlen(str);
+
+if (qstring->capacity < (qstring->length + len)) {
+qstring->capacity += len;
+qstring->capacity *= 2; /* use exponential growth */
+
+qstring->string = qemu_realloc(qstring->string, qstring->capacity + 1);
+}
+
+memcpy(qstring->string + qstring->length, str, len);
+qstring->length += len;
+qstring->string[qstring->length] = 0;
+}
+
 /**
  * qobject_to_qstring(): Convert a QObject to a QString
  */
diff --git a/qstring.h b/qstring.h
index e012cb7..65905d4 100644
--- a/qstring.h
+++ b/qstring.h
@@ -6,10 +6,14 @@
 typedef struct QString {
 QObject_HEAD;
 char *string;
+size_t length;
+size_t capacity;
 } QString;
 
+QString *qstring_new(void);
 QString *qstring_from_str(const char *str);
 const char *qstring_get_str(const QString *qstring);
+void qstring_append(QString *qstring, const char *str);
 QString *qobject_to_qstring(const QObject *obj);
 
 #endif /* QSTRING_H */
-- 
1.6.2.5

[Qemu-devel] [PATCH 11/11] Add a unit test for JSON support

[Anthony Liguori]

Signed-off-by: Anthony Liguori 
---
 Makefile  |1 +
 check-qjson.c |  608 +
 configure |2 +-
 3 files changed, 610 insertions(+), 1 deletions(-)
 create mode 100644 check-qjson.c

diff --git a/Makefile b/Makefile
index 3818c51..4b678e6 100644
--- a/Makefile
+++ b/Makefile
@@ -229,6 +229,7 @@ check-qstring: check-qstring.o qstring.o qemu-malloc.o
 check-qdict: check-qdict.o qdict.o qint.o qstring.o qemu-malloc.o
 check-qlist: check-qlist.o qlist.o qint.o qemu-malloc.o
 check-qfloat: check-qfloat.o qfloat.o qemu-malloc.o
+check-qjson: check-qjson.o qfloat.o qint.o qdict.o qstring.o qlist.o qbool.o 
qjson.o json-streamer.o json-lexer.o json-parser.o qemu-malloc.o
 
 clean:
 # avoid old build problems by removing potentially incorrect old files
diff --git a/check-qjson.c b/check-qjson.c
new file mode 100644
index 000..f763de6
--- /dev/null
+++ b/check-qjson.c
@@ -0,0 +1,608 @@
+/*
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+#include 
+#include 
+
+#include "qstring.h"
+#include "qint.h"
+#include "qdict.h"
+#include "qlist.h"
+#include "qfloat.h"
+#include "qbool.h"
+#include "qjson.h"
+
+#include "qemu-common.h"
+
+START_TEST(escaped_string)
+{
+int i;
+struct {
+const char *encoded;
+const char *decoded;
+} test_cases[] = {
+{ "\"\\\"\"", "\"" },
+{ "\"hello world \\\"embedded string\\\"\"",
+  "hello world \"embedded string\"" },
+{ "\"hello world\\nwith new line\"", "hello world\nwith new line" },
+{ "\"single byte utf-8 \\u0020\"", "single byte utf-8  " },
+{ "\"double byte utf-8 \\u00A2\"", "double byte utf-8 \xc2\xa2" },
+{ "\"triple byte utf-8 \\u20AC\"", "triple byte utf-8 \xe2\x82\xac" },
+{}
+};
+
+for (i = 0; test_cases[i].encoded; i++) {
+QObject *obj;
+QString *str;
+
+obj = qobject_from_json(test_cases[i].encoded);
+
+fail_unless(obj != NULL);
+fail_unless(qobject_type(obj) == QTYPE_QSTRING);
+
+str = qobject_to_qstring(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
+
+QDECREF(str);
+}
+}
+END_TEST
+
+START_TEST(simple_string)
+{
+int i;
+struct {
+const char *encoded;
+const char *decoded;
+} test_cases[] = {
+{ "\"hello world\"", "hello world" },
+{ "\"the quick brown fox jumped over the fence\"",
+  "the quick brown fox jumped over the fence" },
+{}
+};
+
+for (i = 0; test_cases[i].encoded; i++) {
+QObject *obj;
+QString *str;
+
+obj = qobject_from_json(test_cases[i].encoded);
+
+fail_unless(obj != NULL);
+fail_unless(qobject_type(obj) == QTYPE_QSTRING);
+
+str = qobject_to_qstring(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
+
+QDECREF(str);
+}
+}
+END_TEST
+
+START_TEST(single_quote_string)
+{
+int i;
+struct {
+const char *encoded;
+const char *decoded;
+} test_cases[] = {
+{ "'hello world'", "hello world" },
+{ "'the quick brown fox \\' jumped over the fence'",
+  "the quick brown fox ' jumped over the fence" },
+{}
+};
+
+for (i = 0; test_cases[i].encoded; i++) {
+QObject *obj;
+QString *str;
+
+obj = qobject_from_json(test_cases[i].encoded);
+
+fail_unless(obj != NULL);
+fail_unless(qobject_type(obj) == QTYPE_QSTRING);
+
+str = qobject_to_qstring(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
+
+QDECREF(str);
+}
+}
+END_TEST
+
+START_TEST(vararg_string)
+{
+int i;
+struct {
+const char *decoded;
+} test_cases[] = {
+{ "hello world" },
+{ "the quick brown fox jumped over the fence" },
+{}
+};
+
+for (i = 0; test_cases[i].decoded; i++) {
+QObject *obj;
+QString *str;
+
+obj = qobject_from_jsonf("%s", test_cases[i].decoded);
+
+fail_unless(obj != NULL);
+fail_unless(qobject_type(obj) == QTYPE_QSTRING);
+
+str = qobject_to_qstring(obj);
+fail_unless(strcmp(qstring_get_str(str), test_cases[i].decoded) == 0);
+
+QDECREF(str);
+}
+}
+END_TEST
+
+START_TEST(simple_number)
+{
+int i;
+struct {
+const char *encoded;
+int64_t decoded;
+} test_cases[] = {
+{ "0", 0 },
+{ "1234", 1234 },
+{ "1", 1 },
+{ "-32", -32 },
+{ "-0", 0 },
+{ },
+};
+
+for (i = 0; test_cases[i].encoded; i++) {
+QObject *obj;
+QInt *qint;
+
+obj = qobject_from_json(test_cases[i].encoded);
+  

[Qemu-devel] [PATCH 06/11] Add a QBool type

[Anthony Liguori]

Signed-off-by: Anthony Liguori 
---
 Makefile  |2 +-
 qbool.c   |   76 +
 qbool.h   |   29 +++
 qobject.h |1 +
 4 files changed, 107 insertions(+), 1 deletions(-)
 create mode 100644 qbool.c
 create mode 100644 qbool.h

diff --git a/Makefile b/Makefile
index 5662f9a..116cd70 100644
--- a/Makefile
+++ b/Makefile
@@ -135,7 +135,7 @@ obj-y += buffered_file.o migration.o migration-tcp.o 
qemu-sockets.o
 obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
-obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o
+obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o
 obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
diff --git a/qbool.c b/qbool.c
new file mode 100644
index 000..5ab734c
--- /dev/null
+++ b/qbool.c
@@ -0,0 +1,76 @@
+/*
+ * QBool Module
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * Authors:
+ *  Luiz Capitulino 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qbool.h"
+#include "qobject.h"
+#include "qemu-common.h"
+
+static void qbool_destroy_obj(QObject *obj);
+
+static const QType qbool_type = {
+.code = QTYPE_QBOOL,
+.destroy = qbool_destroy_obj,
+};
+
+/**
+ * qbool_from_int(): Create a new QBool from an int
+ *
+ * Return strong reference.
+ */
+QBool *qbool_from_int(int value)
+{
+QBool *qb;
+
+qb = qemu_malloc(sizeof(*qb));
+qb->value = value;
+QOBJECT_INIT(qb, &qbool_type);
+
+return qb;
+}
+
+/**
+ * qbool_get_int(): Get the stored int
+ */
+int qbool_get_int(const QBool *qb)
+{
+return qb->value;
+}
+
+/**
+ * qobject_to_qbool(): Convert a QObject into a QBool
+ */
+QBool *qobject_to_qbool(const QObject *obj)
+{
+if (qobject_type(obj) != QTYPE_QBOOL)
+return NULL;
+
+return container_of(obj, QBool, base);
+}
+
+/**
+ * qbool_destroy_obj(): Free all memory allocated by a
+ * QBool object
+ */
+static void qbool_destroy_obj(QObject *obj)
+{
+assert(obj != NULL);
+qemu_free(qobject_to_qbool(obj));
+}
diff --git a/qbool.h b/qbool.h
new file mode 100644
index 000..fe66fcd
--- /dev/null
+++ b/qbool.h
@@ -0,0 +1,29 @@
+/*
+ * QBool Module
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef QBOOL_H
+#define QBOOL_H
+
+#include 
+#include "qobject.h"
+
+typedef struct QBool {
+QObject_HEAD;
+int value;
+} QBool;
+
+QBool *qbool_from_int(int value);
+int qbool_get_int(const QBool *qb);
+QBool *qobject_to_qbool(const QObject *obj);
+
+#endif /* QBOOL_H */
diff --git a/qobject.h b/qobject.h
index 67b03d0..2270ec1 100644
--- a/qobject.h
+++ b/qobject.h
@@ -42,6 +42,7 @@ typedef enum {
 QTYPE_QDICT,
 QTYPE_QLIST,
 QTYPE_QFLOAT,
+QTYPE_QBOOL,
 } qtype_code;
 
 struct QObject;
-- 
1.6.2.5

[Qemu-devel] [PATCH 05/11] Add unit test for QFloat

[Anthony Liguori]

Signed-off-by: Anthony Liguori 
---
 Makefile   |1 +
 check-qfloat.c |   81 
 configure  |1 +
 3 files changed, 83 insertions(+), 0 deletions(-)
 create mode 100644 check-qfloat.c

diff --git a/Makefile b/Makefile
index 8d94fda..5662f9a 100644
--- a/Makefile
+++ b/Makefile
@@ -227,6 +227,7 @@ check-qint: check-qint.o qint.o qemu-malloc.o
 check-qstring: check-qstring.o qstring.o qemu-malloc.o
 check-qdict: check-qdict.o qdict.o qint.o qstring.o qemu-malloc.o
 check-qlist: check-qlist.o qlist.o qint.o qemu-malloc.o
+check-qfloat: check-qfloat.o qfloat.o qemu-malloc.o
 
 clean:
 # avoid old build problems by removing potentially incorrect old files
diff --git a/check-qfloat.c b/check-qfloat.c
new file mode 100644
index 000..3758700
--- /dev/null
+++ b/check-qfloat.c
@@ -0,0 +1,81 @@
+/*
+ * QFloat unit-tests.
+ *
+ * Copyright (C) 2009 Red Hat Inc.
+ *
+ * Authors:
+ *  Luiz Capitulino 
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+#include 
+
+#include "qfloat.h"
+#include "qemu-common.h"
+
+/*
+ * Public Interface test-cases
+ *
+ * (with some violations to access 'private' data)
+ */
+
+START_TEST(qfloat_from_double_test)
+{
+QFloat *qf;
+const double value = -42.23423;
+
+qf = qfloat_from_double(value);
+fail_unless(qf != NULL);
+fail_unless(qf->value == value);
+fail_unless(qf->base.refcnt == 1);
+fail_unless(qobject_type(QOBJECT(qf)) == QTYPE_QFLOAT);
+
+// destroy doesn't exit yet
+qemu_free(qf);
+}
+END_TEST
+
+START_TEST(qfloat_destroy_test)
+{
+QFloat *qf = qfloat_from_double(0.0);
+QDECREF(qf);
+}
+END_TEST
+
+static Suite *qfloat_suite(void)
+{
+Suite *s;
+TCase *qfloat_public_tcase;
+
+s = suite_create("QFloat test-suite");
+
+qfloat_public_tcase = tcase_create("Public Interface");
+suite_add_tcase(s, qfloat_public_tcase);
+tcase_add_test(qfloat_public_tcase, qfloat_from_double_test);
+tcase_add_test(qfloat_public_tcase, qfloat_destroy_test);
+
+return s;
+}
+
+int main(void)
+{
+int nf;
+Suite *s;
+SRunner *sr;
+
+s = qfloat_suite();
+sr = srunner_create(s);
+
+srunner_run_all(sr, CK_NORMAL);
+nf = srunner_ntests_failed(sr);
+srunner_free(sr);
+
+return (nf == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff --git a/configure b/configure
index fb66246..55be0fb 100755
--- a/configure
+++ b/configure
@@ -2092,6 +2092,7 @@ if test `expr "$target_list" : ".*softmmu.*"` != 0 ; then
   tools="qemu-nbd\$(EXESUF) qemu-io\$(EXESUF) $tools"
 if [ "$check_utests" = "yes" ]; then
   tools="check-qint check-qstring check-qdict check-qlist $tools"
+  tools="check-qfloat $tools"
 fi
   elif test "$mingw32" = "yes" ; then
   tools="qemu-io\$(EXESUF) $tools"
-- 
1.6.2.5

[Qemu-devel] [PATCH 09/11] Add a JSON parser

[Anthony Liguori]

This is the third and final stage of the JSON parser.  It parses lexical tokens
performing grammar validation and creating the final QObject representation.  It
uses a recursive decent parser.

Signed-off-by: Anthony Liguori 
---
 Makefile  |2 +-
 json-parser.c |  560 +
 json-parser.h |   22 +++
 3 files changed, 583 insertions(+), 1 deletions(-)
 create mode 100644 json-parser.c
 create mode 100644 json-parser.h

diff --git a/Makefile b/Makefile
index a2aab60..6d68a1f 100644
--- a/Makefile
+++ b/Makefile
@@ -136,7 +136,7 @@ obj-y += qemu-char.o aio.o savevm.o
 obj-y += msmouse.o ps2.o
 obj-y += qdev.o qdev-properties.o
 obj-y += qint.o qstring.o qdict.o qlist.o qfloat.o qbool.o json-lexer.o
-obj-y += json-streamer.o
+obj-y += json-streamer.o json-parser.o
 obj-y += qemu-config.o
 
 obj-$(CONFIG_BRLAPI) += baum.o
diff --git a/json-parser.c b/json-parser.c
new file mode 100644
index 000..a0c0dca
--- /dev/null
+++ b/json-parser.c
@@ -0,0 +1,560 @@
+/*
+ * JSON Parser 
+ *
+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include 
+
+#include "qemu-common.h"
+#include "qstring.h"
+#include "qint.h"
+#include "qdict.h"
+#include "qlist.h"
+#include "qfloat.h"
+#include "qbool.h"
+#include "json-parser.h"
+#include "json-lexer.h"
+
+typedef struct JSONParserContext
+{
+} JSONParserContext;
+
+#define BUG_ON(cond) assert(!(cond))
+
+/**
+ * TODO
+ *
+ * 0) make errors meaningful again
+ * 1) add geometry information to tokens
+ * 3) should we return a parsed size?
+ * 4) deal with premature EOI
+ */
+
+static QObject *parse_value(JSONParserContext *ctxt, QList **tokens, va_list 
*ap);
+
+/**
+ * Token manipulators
+ *
+ * tokens are dictionaries that contain a type, a string value, and geometry 
information
+ * about a token identified by the lexer.  These are routines that make 
working with
+ * these objects a bit easier.
+ */
+static const char *token_get_value(QObject *obj)
+{
+return qdict_get_str(qobject_to_qdict(obj), "token");
+}
+
+static JSONTokenType token_get_type(QObject *obj)
+{
+return qdict_get_int(qobject_to_qdict(obj), "type");
+}
+
+static int token_is_operator(QObject *obj, char op)
+{
+const char *val;
+
+if (token_get_type(obj) != JSON_OPERATOR) {
+return 0;
+}
+
+val = token_get_value(obj);
+
+return (val[0] == op) && (val[1] == 0);
+}
+
+static int token_is_keyword(QObject *obj, const char *value)
+{
+if (token_get_type(obj) != JSON_KEYWORD) {
+return 0;
+}
+
+return strcmp(token_get_value(obj), value) == 0;
+}
+
+static int token_is_escape(QObject *obj, const char *value)
+{
+if (token_get_type(obj) != JSON_ESCAPE) {
+return 0;
+}
+
+return (strcmp(token_get_value(obj), value) == 0);
+}
+
+/**
+ * Error handler
+ */
+static void parse_error(JSONParserContext *ctxt, QObject *token, const char 
*msg, ...)
+{
+fprintf(stderr, "parse error: %s\n", msg);
+}
+
+/**
+ * String helpers
+ *
+ * These helpers are used to unescape strings.
+ */
+static void wchar_to_utf8(uint16_t wchar, char *buffer, size_t buffer_length)
+{
+if (wchar <= 0x007F) {
+BUG_ON(buffer_length < 2);
+
+buffer[0] = wchar & 0x7F;
+buffer[1] = 0;
+} else if (wchar <= 0x07FF) {
+BUG_ON(buffer_length < 3);
+
+buffer[0] = 0xC0 | ((wchar >> 6) & 0x1F);
+buffer[1] = 0x80 | (wchar & 0x3F);
+buffer[2] = 0;
+} else {
+BUG_ON(buffer_length < 4);
+
+buffer[0] = 0xE0 | ((wchar >> 12) & 0x0F);
+buffer[1] = 0x80 | ((wchar >> 6) & 0x3F);
+buffer[2] = 0x80 | (wchar & 0x3F);
+buffer[3] = 0;
+}
+}
+
+static int hex2decimal(char ch)
+{
+if (ch >= '0' && ch <= '9') {
+return (ch - '0');
+} else if (ch >= 'a' && ch <= 'f') {
+return 10 + (ch - 'a');
+} else if (ch >= 'A' && ch <= 'F') {
+return 10 + (ch - 'A');
+}
+
+return -1;
+}
+
+/**
+ * parse_string(): Parse a json string and return a QObject
+ *
+ *  string
+ *  ""
+ *  " chars "
+ *  chars
+ *  char
+ *  char chars
+ *  char
+ *  any-Unicode-character-
+ *  except-"-or-\-or-
+ *  control-character
+ *  \"
+ *  \\
+ *  \/
+ *  \b
+ *  \f
+ *  \n
+ *  \r
+ *  \t
+ *  \u four-hex-digits 
+ */
+static QString *qstring_from_escaped_str(JSONParserContext *ctxt, QObject 
*token)
+{
+const char *ptr = token_get_value(token);
+QString *str;
+int double_quote = 1;
+
+if (*ptr == '"') {
+double_quote = 1;
+} else {
+double_quote = 0;
+}
+ptr++;
+
+str = qstring_new();
+while (*ptr && 
+   ((double_quote && *ptr != '"') || (!double_quote && *ptr != '\''))) 
{
+if (*ptr == '\\') {
+  

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Scott Tsai]

On Wed, Nov 11, 2009 at 10:08 PM, Michael S. Tsirkin  wrote:
> On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
>> If you don't need real barriers, then why does the kvm code have them?
>
> We need real barriers but AFAIK kvm does not have them :(
> IOW: virtio is currently broken with kvm, and my patch did
> not fix this. The comment that I added says as much.

How about just using GCC's __sync__synchronize atomic builtin (if
detected as available by configure)?
It's a full memory barrier instead of just a write barrier,  for x86,
it generates the same code as the current Linux mb() implementation:
"mfence" on x86_64
"lock orl $0x0,(%esp)" on x86 unless -march is specified to a
processor with "mfence".
PPC could continue to use "eieio" while other architectures could just
default to __sync_synchronize

I do have a newbie question, when exactly would vrtio have to handle
concurrent access from multiple threads?
My current reading of the code suggests:
1. when CONFIG_IOTHREAD is true
2. when CONFIG_KVM is true and the guest machine has multiple CPUs

Re: [Qemu-devel] [sneak preview] major scsi overhaul

[Paul Brook]

>> That cap is important.
>> For scsi-generic you probably don't have a choice because of the way the
>> kernel interface works.
>
>Exactly.  And why is the cap important for scsi-disk if scsi-generic
>does fine without?

With scsi-generic you're at the mercy of what the kernel API gives you, and if 
the guest hardware/OS isn't cooperative then you loose. With scsi-disk we can 
do significantly better.

> > The only way to make your API work is to skip straight from step 3 to
> > step 6, which effectively looses the command queueing capability.
> 
> It doesn't.  The disconnect and thus the opportunity to submit more
> commands while the device is busy doing the actual I/O is there.

Disconnecting on the first DMA request (after switching to a data phase and 
transferring zero bytes) is bizarre behavior, but probably allowable.

However by my reading DMA transfers must be performed synchronously by the 
SCRIPTS engine, so you need to do a lot of extra checking to prove that you 
can safely continue execution without actually performing the transfer.

> > It may be that it's
> > hard/impossible to get both command queueing and zero-copy.
> 
> I have it working.

More likely you have a nasty hack that happens to work with the Linux drivers. 
IIUC you're pretending that the DMA completed and eventually disconnecting the 
device, assuming that nothing will read that data until the command complete 
notification is received.

Consider the case there the guest transfers the data from a single command in 
two blocks, and has the HBA raise an interrupt in-between so that it can start 
processing before the command completes. This processing could even be done by 
the SCRIPTS engine itself, or a guest could even reuse the buffer for the 
second DMA block.

Paul

Re: [Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Paul Brook]

On Wednesday 11 November 2009, Michael S. Tsirkin wrote:
> On Wed, Nov 11, 2009 at 02:16:00PM +, Paul Brook wrote:
> > On Wednesday 11 November 2009, Michael S. Tsirkin wrote:
> > > On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
> > > > If you don't need real barriers, then why does the kvm code have
> > > > them?
> > >
> > > We need real barriers but AFAIK kvm does not have them :(
> > > IOW: virtio is currently broken with kvm, and my patch did
> > > not fix this. The comment that I added says as much.
> >
> > So your code just makes the bug harder to reproduce? Doesn't sound like a
> > good thing to me.
> >
> > Paul
> 
> There are multiple bugs, I can't fix all of them,
> for all architectures, in one patch.

Maybe not, but the associated comment now appears to be bogus. Either we 
execute everything in lockstep (as the comment says, in which case no barriers 
are required), or we need proper SMP barriers.
Having a half-harted barrier that maybe works some of the time on some hosts, 
and is completely unnecessary in most cases, and doesn't match the comment is 
IMO significantly worse than what we had before.

Paul

Re: [Qemu-devel] load-store experiment...

[Laurent Desnogues]

On Wed, Nov 11, 2009 at 8:51 AM, Chad  wrote:
> (this is mostly to get some ideas going rather than trying to get anything
> upstream... yet!)
>
> This version of tcg_out_mov for i386's tcg-target.c filters out the
>
> mov %ebx, %edx
> mov %ebx, [some index]
> mov %edx, %ebx

The question is:  what TCG sequence produces this kind of code?


Laurent

> I don't have benchmarks, but it does remove a few mov's and qemu can still
> load and run a linux kernel ;)
>
> It'd be easier to do more optimizations if qemu recorded output at the
> assembly instruction level.
>
> ---
>
> static uint8_t *lmovloc = 0;
> static int lmovret = -1, lmovarg = -1;
> static inline void tcg_out_mov(TCGContext *s, int ret, int arg)
> {
>     int ldiff, nowrite = 0;
>
>     if (arg != ret) {
>     /* Check for a mov, mov->x, mov pattern */
>     ldiff = s->code_ptr - lmovloc;
>     if (((ldiff == 8) || (ldiff == 5)) &&
>    (*(lmovloc + 2) == 0x89) &&
>    ((lmovret == ret) && (lmovarg == arg))) nowrite = 1;
>     /* Write */
>     lmovloc = s->code_ptr;
>     if (!nowrite) {
>     tcg_out_modrm(s, 0x8b, ret, arg);
>     } else {
>     qemu_log("removed\n");
>     }
>     lmovret = arg; lmovarg = ret;
>     }
> }
>

Re: [Qemu-devel] [sneak preview] major scsi overhaul

[Gerd Hoffmann]

On 11/11/09 15:13, Paul Brook wrote:

The current qemu code *does* cache the response.  scsi-disk caps the
buffer at 128k (which is big enough for any request I've seen in my
testing).  scsi-generic has no cap.


That cap is important.
For scsi-generic you probably don't have a choice because of the way the
kernel interface works.


Exactly.  And why is the cap important for scsi-disk if scsi-generic 
does fine without?



scsi-disk: dma_bdrv_{read,write} will split it into smaller chunks if
needed.


You seem to be assuming the HBA knows where it's going to put the data before
it issues the command.  This is not true (see blow).


You are talking about a real HBA I guess?


lsi (only one in-tree with TCQ support) works like this:

- allocate + parse scsi command.scsi_req_get+scsi_req_parse
- continue script processing, collect
DMA addresses and stick them into
a scatter list until it is complete.
- queue command and disconnect.
- submit I/O to the qemu block layerscsi_req_sgl

*can process more scsi commands here*

- when I/O is finished reselect tag
- return status, release request.   scsi_req_put


I'm pretty sure this is wrong,


This describes what the lsi emulation does with my patches applied.


and what actually happens is:

1) Wait for device to reconnect (goto 5), or commands from host (goto 2).

2) SCRIPTS connect to device, and send command.
3) If device has data immediately (metadata command) then goto 6
4) Device disconnects. goto 1

5) Device has data ready, and reconnects
6) SCRIPTS locate the next DMA block for this command, and initiate a (linear)
DMA transfer.
7) DATA is transferred. Note that DMA stalls the SCRIPTS processor until the
transfer completes.
8) If the device still has data then goto 6.
9) If the device runs out of data before the command completes then goto 3.
10) Command complete. goto 1


This is what a real HBA does.


Note that the IO command is parsed at stage 2, but the data transfer is not
requested until stage 6. i.e. after the command has partially completed. This
window between issue and data transfer is where other commands are issued.


Or when the device disconnects again in the middle of a transfer.


The only way to make your API work is to skip straight from step 3 to step 6,
which effectively looses the command queueing capability.


It doesn't.  The disconnect and thus the opportunity to submit more 
commands while the device is busy doing the actual I/O is there.



It may be that it's
hard/impossible to get both command queueing and zero-copy.


I have it working.

cheers,
  Gerd

[Qemu-devel] Re: virtio: Add memory statistics reporting to the balloon driver

[Adam Litke]

On Wed, 2009-11-11 at 13:13 +1030, Rusty Russell wrote:
> > It's not laziness, it's consistency.  How is actual different than free 
> > memory or any other stat?
> 
> Because it's a COLLECTION of stats.  For example, swap in should be < swap
> out.  Now, the current Linux implementation of all_vm_events() is non-atomic
> anyway, so maybe we can just document this as best-effort.  I'm saying that
> if it *is* a problem, I think we need a vq.

I can't see why we would care about the atomicity of the collection of
statistics.  Best-effort is good enough.  Any variance within the stats
will be overshadowed by the latency of the host-side management daemon.

> But it raises the question: what stats are generally useful cross-OS?  Should
> we be supplying numbers like "unused" (free) "instantly discardable" (ie.
> clean), "discardable to disk" (ie. file-backed), "discardable to swap"
> (ie. swap-backed) and "unswappable" instead?

While I see the virtue in presenting abstracted memory stats that seem
more digestible in a virtualization context, I think we should keep the
raw stats.  This concentrates the complexity in the host-side management
daemon, and allows the host daemon to make better decisions (ie. by
reacting to trends in individual statistics).  Different OSes (or
different versions of the same OS), may also have different sets of
statistics that will provide the answers that a management daemon needs.


-- 
Thanks,
Adam

Re: [Qemu-devel] Re: virtio: Add memory statistics reporting to the balloon driver

[Avi Kivity]

On 11/11/2009 03:26 PM, Adam Litke wrote:

On Wed, 2009-11-11 at 10:12 +, Daniel P. Berrange wrote:
   

This all suggests that we should only update the stats from the guest
when something on the host actually asks for them by issuing the QEMU
monitor command. We don't want any kind of continuous polling of stats
at any frequency, if nothing is using these stats on the host.
 

Agreed.  The next version of the patch will remove the timer completely.
We'll wake up in response to config change notifications only.
   


A vq with its own interrupt would be much nicer.

--
Do not meddle in the internals of kernels, for they are subtle and quick to 
panic.

Re: [Qemu-devel] Re: [sneak preview] major scsi overhaul

[Gerd Hoffmann]

On 11/11/09 14:30, Hannes Reinecke wrote:

Gerd Hoffmann wrote:

How about sticking a 'void *hba_private' element into SCSIRequest instead?


Would work for me, too.


Pushed (scsi.v7 now).

cheers,
  Gerd

[Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Michael S. Tsirkin]

On Wed, Nov 11, 2009 at 02:16:00PM +, Paul Brook wrote:
> On Wednesday 11 November 2009, Michael S. Tsirkin wrote:
> > On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
> > > If you don't need real barriers, then why does the kvm code have them?
> > 
> > We need real barriers but AFAIK kvm does not have them :(
> > IOW: virtio is currently broken with kvm, and my patch did
> > not fix this. The comment that I added says as much.
> 
> So your code just makes the bug harder to reproduce? Doesn't sound like a 
> good 
> thing to me.
> 
> Paul

There are multiple bugs, I can't fix all of them,
for all architectures, in one patch.

-- 
MST

[Qemu-devel] PATCH for "xorg JP106 evdev keyboard" underscore & backslash

[sanmaiwashi]

diff -uNr qemu-kvm-0.10.6/x_keymap.c qemu-kvm-0.10.6.patched/x_keymap.c
--- qemu-kvm-0.10.6/x_keymap.c  2009-08-02 18:00:28.0 +0900
+++ qemu-kvm-0.10.6.patched/x_keymap.c  2009-08-22 05:04:07.0 +0900
@@ -94,7 +94,7 @@
  */
 
 static const uint8_t evdev_keycode_to_pc_keycode[61] = {
-0, /*  97 EVDEV - RO   ("Internet" Keyboards) */
+0x73,  /*  97 EVDEV - RO   ("Internet" Keyboards) */
 0, /*  98 EVDEV - KATA (Katakana) */
 0, /*  99 EVDEV - HIRA (Hiragana) */
 0x79,  /* 100 EVDEV - HENK (Henkan) */

[Qemu-devel] Multiple Nics on a VLAN

[Shesha Sreenivasamurthy]

Hi All,
I'm using the following command to have two nics in multicast on the
same vlan. I see a storm of ARP requests. Does any one have any
suggestions?

qemu.bin.kvm84 -hda /live_disks/clone-disk.img -snapshot -serial
telnet:SERVER:5,nowait,server -monitor
tcp:SERVER:51000,server,nowait,nodelay -p 61000 -m 768m -smp 1 -vnc
SERVER:10 -net nic,model=e1000,vlan=0,macaddr=56:48:AA:BB:CC:DD -net
tap,vlan=0,script=netscripts/net0-ifup -net
nic,model=e1000,vlan=1,macaddr=56:48:AA:BB:CC:EE -net
socket,vlan=1,mcast=230.0.0.1:3001 -net
nic,model=e1000,vlan=1,macaddr=56:48:AA:BB:CC:FF -net
socket,vlan=1,mcast=230.0.0.1:3001 --uuid
cc6145a8-cdae-11de-ac18-003048d4fd3e

However, If I launch two QEMU with one nic in multicast, where eth0 in
both QEMU are connected to vlan1, the I can ping 1.1.1.1 -> 1.1.1.2
and vice versa.

I'm running CENTOS inside the VM.

Thanks,
Shesha

Re: [Qemu-devel] [PATCH V2 2/3] usb-gotemp: new module emulating a USB thermometer

[Greg KH]

On Wed, Nov 11, 2009 at 01:15:45AM +0100, Alexander Graf wrote:
> 
> On 11.11.2009, at 01:09, Anthony Liguori wrote:
> 
> > Scott Tsai wrote:
> >> On Wed, Nov 11, 2009 at 1:06 AM, Luiz Capitulino  >> > wrote:
> >>
>  I'd certainly like to make this code useful for something other  
>  than
>  developer training.

What code?  Where is it at?

>  How about a new monitor command "thermometer_set" that works like  
>  "mouse_move"?
>  "thermometer_set" would just set the temperature of the "first"
>  thermometer device it finds.
> 
> >>> Couldn't the device be a parameter?
> >>>
> >>> And I'd suggest usb_therm_set for the name.
> >>>
> >>>
> >>
> >> Looking at the existing "mouse_set" and "mouse_move" monitor  
> >> commands,
> >> they work on USB, PS/2 and other kinds of mice with "mouse_set"  
> >> selecting
> >> the mouse device affected by  "mouse_move".
> >> So how about a new command "therm_set" which selects the thermometer
> >> affected by "therm_temp" ?
> >>
> >> On a separate note, I understand that if a piece of code is not  
> >> useful enough
> >> we don't want to merge it to add to the maintenance burden.
> >> I still propose 'usb-gotemp' for merging because the fact that gregkh
> >> could give his
> >> driver tutorial several years in a roll to sizable audiences shows
> >> that there are people out there
> >> interested in getting into Linux driver development.
> >> With this code merged, people could follow the video and slides of  
> >> his talk
> >> without special hardware and this potentially grows the Linux  
> >> developer pool.
> >>
> >
> > And if Greg decides to change the device he uses for the tutorial,  
> > then in a few years it's not so useful anymore?
> 
> Well, why don't we ask him?

I don't understand the context here.

There is already an in-kernel driver for the gotemp usb device, that has
been there for many many years.  Why would you want to write a different
one instead?

Yes, I do use a different one for my "write a driver" tutorial, but when
I give that class, I note the differences between the userspace
interface for that driver, and the one that is already in the kernel.

> > That said, if we position this as an example device, I think that  
> > makes sense.
> 
> I personally don't think it should be a requirement for inclusion in  
> qemu that it's useful for years on for everyone using it. If there's a  
> big enough group of people using a feature it seems worthwhile. And if  
> Scott went through the trouble of implementing it, I'm pretty sure  
> there is enough of an audience around.

Implementing something I wrote 4 years ago?  :)

thanks,

greg k-h

[Qemu-devel] [PATCH] qemu-kvm: clear only essential parts of VirtIOBlockReq on object allocation - RESUBMIT

[Saul Tamari]

This patch reduces the size of memory being cleared on every virtio-blk IO.

Improve number of IOPS when using avirtio-blk device.

On every virtio-blk IO command passed to QEMU, virtio_blk_alloc_request()
allocates and clears (with qemu_mallocz()) a VirtIOBlockReq object.
The sizeof(VirtIOBlockReq) equals 41040 bytes on my x86-64 machine.
By moving the 'elem' variable to the end of VirtIOBlockReq and
clearing only upto the address of the 'elem.in_addr' field, the
memset() call now clears only 80 bytes.


Signed-off-by: Saul Tamari 
---

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 2630b99..de74b00 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -79,12 +79,13 @@ static inline void virtio_identify_template(struct
virtio_blk_config *bc)
 typedef struct VirtIOBlockReq
 {
 VirtIOBlock *dev;
-VirtQueueElement elem;
 struct virtio_blk_inhdr *in;
 struct virtio_blk_outhdr *out;
 struct virtio_scsi_inhdr *scsi;
 QEMUIOVector qiov;
 struct VirtIOBlockReq *next;
+/* Members that need clearing, must be added prior to elem */
+VirtQueueElement elem;
 } VirtIOBlockReq;

 static void virtio_blk_req_complete(VirtIOBlockReq *req, int status)
@@ -139,7 +140,8 @@ static void virtio_blk_flush_complete(void *opaque, int ret)

 static VirtIOBlockReq *virtio_blk_alloc_request(VirtIOBlock *s)
 {
-VirtIOBlockReq *req = qemu_mallocz(sizeof(*req));
+VirtIOBlockReq *req = qemu_malloc(sizeof(*req));
+memset(req, 0, offsetof(VirtIOBlockReq, elem.in_addr[0]));
 req->dev = s;
 return req;
 }

[Qemu-devel] [RFC] KVM Fault Tolerance: Kemari for KVM

[Fernando Luis Vázquez Cao]

Hi all,

It has been a while coming, but we have finally started work on
Kemari's port to KVM. For those not familiar with it, Kemari provides
the basic building block to create a virtualization-based fault
tolerant machine: a virtual machine synchronization mechanism.

Traditional high availability solutions can be classified in two
groups: fault tolerant servers, and software clustering.

Broadly speaking, fault tolerant servers protect us against hardware
failures and, generally, rely on redundant hardware (often
proprietary), and hardware failure detection to trigger fail-over.

On the other hand, software clustering, as its name indicates, takes
care of software failures and usually requires a standby server whose
software configuration for the part we are trying to make fault
tolerant must be identical to that of the active server.

Both solutions may be applied to virtualized environments. Indeed,
the current incarnation of Kemari (Xen-based) brings fault tolerant
server-like capabilities to virtual machines and integration with
existing HA stacks (Heartbeat, RHCS, etc) is under consideration.

After some time in the drawing board we completed the basic design of
Kemari for KVM, so we are sending an RFC at this point to get early
feedback and, hopefully, get things right from the start. Those
already familiar with Kemari and/or fault tolerance may want to skip
the "Background" and go directly to the design and implementation
bits.

This is a pretty long write-up, but please bear with me.

== Background ==

We started to play around with continuous virtual synchronization
technology about 3 years ago. As development progressed and, most
importantly, we got the first Xen-based working prototypes it became
clear that we needed a proper name for our toy: Kemari.

The goal of Kemari is to provide a fault tolerant platform for
virtualization environments, so that in the event of a hardware
failure the virtual machine fails over from compromised to properly
operating hardware (a physical machine) in a way that is completely
transparent to the guest operating system.

Although hardware based fault tolerant servers and HA servers
(software clustering) have been around for a (long) while, they
typically require specifically designed hardware and/or modifications
to applications. In contrast, by abstracting hardware using
virtualization, Kemari can be used on off-the-shelf hardware and no
application modifications are needed.

After a period of in-house development the first version of Kemari for
Xen was released in Nov 2008 as open source. However, by then it was
already pretty clear that a KVM port would have several
advantages. First, KVM is integrated into the Linux kernel, which
means one gets support for a wide variety of hardware for
free. Second, and in the same vein, KVM can also benefit from Linux'
low latency networking capabilities including RDMA, which is of
paramount importance for a extremely latency-sensitive functionality
like Kemari. Last, but not the least, KVM and its community is growing
rapidly, and there is increasing demand for Kemari-like functionality
for KVM.

Although the basic design principles will remain the same, our plan is
to write Kemari for KVM from scratch, since there does not seem to be
much opportunity for sharing between Xen and KVM.

== Design outline ==

The basic premise of fault tolerant servers is that when things go
awry with the hardware the running system should transparently
continue execution on an alternate physical host. For this to be
possible the state of the fallback host has to be identical to that of
the primary.

Kemari runs paired virtual machines in an active-passive configuration
and achieves whole-system replication by continuously copying the
state of the system (dirty pages and the state of the virtual devices)
from the active node to the passive node. An interesting implication
of this is that during normal operation only the active node is
actually executing code.

Another possible approach is to run a pair of systems in lock-step
(à la VMware FT). Since both the primary and fallback virtual machines
are active keeping them synchronized is a complex task, which usually
involves carefully injecting external events into both virtual
machines so that they result in identical states.

The latter approach is extremely architecture specific and not SMP
friendly. This spurred us to try the design that became Kemari, which
we believe lends itself to further optimizations.

== Implementation ==

The first step is to encapsulate the machine to be protected within a
virtual machine. Then the live migration functionality is leveraged to
keep the virtual machines synchronized.

Whereas during live migration dirty pages can be sent asynchronously
from the primary to the fallback server until the ratio of dirty pages
is low enough to guarantee very short downtimes, when it comes to
fault tolerance solutions whenever a synchronization point is reached
changes

[Qemu-devel] Re: [PATCH] qemu/virtio: make wmb compiler barrier + comments

[Paul Brook]

On Wednesday 11 November 2009, Michael S. Tsirkin wrote:
> On Wed, Nov 11, 2009 at 01:45:35PM +, Paul Brook wrote:
> > If you don't need real barriers, then why does the kvm code have them?
> 
> We need real barriers but AFAIK kvm does not have them :(
> IOW: virtio is currently broken with kvm, and my patch did
> not fix this. The comment that I added says as much.

So your code just makes the bug harder to reproduce? Doesn't sound like a good 
thing to me.

Paul