[Qemu-devel] [RFC v5 10/86] memory: add backward compatibility for old portio registration

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 memory.c |   32 
 memory.h |   17 +
 2 files changed, 49 insertions(+), 0 deletions(-)

diff --git a/memory.c b/memory.c
index 62bd60b..bb04952 100644
--- a/memory.c
+++ b/memory.c
@@ -211,6 +211,21 @@ static AddressSpace address_space_memory = {
 .ops = &address_space_ops_memory,
 };
 
+static const MemoryRegionPortio *find_portio(MemoryRegion *mr, uint64_t offset,
+ unsigned width, bool write)
+{
+const MemoryRegionPortio *mrp;
+
+for (mrp = mr->ops->old_portio; mrp->size; ++mrp) {
+if (offset >= mrp->offset && offset < mrp->offset + mrp->len
+&& width == mrp->size
+&& (write ? (bool)mrp->write : (bool)mrp->read)) {
+return mrp;
+}
+}
+return NULL;
+}
+
 static void memory_region_iorange_read(IORange *iorange,
uint64_t offset,
unsigned width,
@@ -218,6 +233,15 @@ static void memory_region_iorange_read(IORange *iorange,
 {
 MemoryRegion *mr = container_of(iorange, MemoryRegion, iorange);
 
+if (mr->ops->old_portio) {
+const MemoryRegionPortio *mrp = find_portio(mr, offset, width, false);
+
+*data = ((uint64_t)1 << (width * 8)) - 1;
+if (mrp) {
+*data = mrp->read(mr->opaque, offset - mrp->offset);
+}
+return;
+}
 *data = mr->ops->read(mr->opaque, offset, width);
 }
 
@@ -228,6 +252,14 @@ static void memory_region_iorange_write(IORange *iorange,
 {
 MemoryRegion *mr = container_of(iorange, MemoryRegion, iorange);
 
+if (mr->ops->old_portio) {
+const MemoryRegionPortio *mrp = find_portio(mr, offset, width, true);
+
+if (mrp) {
+mrp->write(mr->opaque, offset - mrp->offset, data);
+}
+return;
+}
 mr->ops->write(mr->opaque, offset, data, width);
 }
 
diff --git a/memory.h b/memory.h
index 2afbf13..f026eae 100644
--- a/memory.h
+++ b/memory.h
@@ -10,9 +10,11 @@
 #include "targphys.h"
 #include "qemu-queue.h"
 #include "iorange.h"
+#include "ioport.h"
 
 typedef struct MemoryRegionOps MemoryRegionOps;
 typedef struct MemoryRegion MemoryRegion;
+typedef struct MemoryRegionPortio MemoryRegionPortio;
 
 /* Must match *_DIRTY_FLAGS in cpu-all.h.  To be replaced with dynamic
  * registration.
@@ -65,6 +67,11 @@ struct MemoryRegionOps {
  */
  bool unaligned;
 } impl;
+
+/* If .read and .write are not present, old_portio may be used for
+ * backwards compatibility with old portio registration
+ */
+const MemoryRegionPortio *old_portio;
 };
 
 typedef struct CoalescedMemoryRange CoalescedMemoryRange;
@@ -92,6 +99,16 @@ struct MemoryRegion {
 uint8_t dirty_log_mask;
 };
 
+struct MemoryRegionPortio {
+uint32_t offset;
+uint32_t len;
+unsigned size;
+IOPortReadFunc *read;
+IOPortWriteFunc *write;
+};
+
+#define PORTIO_END { }
+
 /* Initialize a memory region
  *
  * The region typically acts as a container for other memory regions.
-- 
1.7.5.3

[Qemu-devel] [ANNOUNCE] libguestfs 1.12 released

[Richard W.M. Jones]

libguestfs is a library and a set of tools for reading, writing,
managing, inspecting, rescuing and resizing disk images and offline
and live virtual machines.

I'm pleased to announce the release of libguestfs 1.12, the next
stable branch of libguestfs.  There are many changes and new features
in this release: please see the notes below.

You can get source from the website:

http://libguestfs.org/
http://libguestfs.org/download/1.12-stable/

Binary packages will be available by the end of the week from:

http://koji.fedoraproject.org/koji/packageinfo?packageID=8391 (Fedora)
http://libguestfs.org/download/binaries/ (Debian, Ubuntu)

Release notes for libguestfs 1.12.0
---

These release notes only cover the differences from the previous
stable/dev branch split (1.10.0).  For detailed changelogs, please see
the git repository, or the ChangeLog file distributed in the tarball.

New features

  guestfish:

   - guestfish strings can use escapes,
 eg. > write /foo "line 1\nline 2\n"

   - guestfish write-append command can be used to append to files.

   - Long-running file uploads and downloads can be cancelled through the
 API or by hitting ^C in guestfish.

   - New guestfish "display" command for displaying graphical files
 inside guests.

   - In guestfish, tab completion now works on /dev/mapper devices.

  virt-inspector:

   - Inspection API can get an icon or logo for certain guests.

   - virt-inspector includes the logo and hostname for certain guests.

   - virt-inspector can now get the version and release numbers for RPM
 packages.

   - CentOS and Scientific Linux are now treated as separate distros by
 the inspection API.

  virt-resize:

   - virt-resize can now handle btrfs.

   - New virt-resize --ntfsresize-force option allows Windows VMs to be
 resized multiple times.

  other virt tools:

   - guestfish, guestmount, virt-cat, virt-df, virt-edit, virt-filesystems,
 virt-inspector, virt-ls and virt-rescue now allow you to use
 "-d UUID" option to specify a guest by UUID.  This makes them more
 robust to use from other programs.

   - virt-ls -lR option allows complex file iteration and guest analysis.

   - virt-win-reg supports HKEY_USERS\ and HKEY_USERS\.

   - virt-win-reg new option --unsafe-printable-strings allows printable
 strings to be displayed in the output (unsafely: read the documentation
 before using).

   - virt-edit has been rewritten in C.

  API and language bindings:

   - Java is now completely supported.
 See http://libguestfs.org/guestfs-java.3.html

   - JRuby is supported via the Java bindings.

   - guestfs_close now appears in trace messages.

   - Python binding adds explicit g.close() method.

   - Python programs can now use the new event API.

   - Python GIL is released during libguestfs calls, allowing multithreaded
 Python programs to work properly.

   - 9pfs (Plan 9 filesystems exported from the host) are now supported.

   - Add -DGUESTFS_WARN_DEPRECATED=1 to warn about use of deprecated API
 functions in C programs.

   - New manual page guestfs-recipes(1) with recipes.

   - mkfs-opts can now set inode size and sector size on created filesystems
 (thanks Nikita Menkovich).

   - guestfs_last_errno is now accessible from OCaml (as g#last_errno ()).

Security

 - optargs_bitmask is checked even for calls that have no optional
   arguments.  This closes a possible exploit in the daemon from
   untrusted callers.

New APIs

  btrfs-filesystem-resize, get-pgroup, inspect-get-icon, is-zero,
  is-zero-device, list-9p, list-dm-devices, mount-9p, ntfsresize-opts,
  set-pgroup, write-append

Internals

 - Coverity (a static analysis tool) was run across the codebase and
   many fixes were made.

 - Generator can handle functions that return RBufferOut and have
   optional arguments.

 - Compatible with Perl 5.14.

 - Compatible with gcc 4.6.

 - Perform safety checks on QEMU.

 - C API tests can now fully test calls that have optional arguments.

 - Use ./configure --enable-install-daemon to install /usr/sbin/guestfsd.

 - po-docs directory now covers all man pages.

 - stderr from qemu process is now captured by the event subsystem.

Bugs fixed

 - 602997 part-get-bootable gives wrong result with an unordered part layout
 - 661280 virt-rescue: panic when shutting down: "/sbin/reboot: No such file or 
directory"
 - 700369 qemu-system-x86_64 says 'KVM not supported for this target'
 - 705200 guestmount attempt results in access denied
 - 714981 'list-filesystems' does not know about virtio 9p filesystems or 
detect existing mounts
 - 717786 libguestfs python bindings should have an explicit close call
 - 721275 virt-resize in F16 should support btrfs

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http

[Qemu-devel] [RFC v5 09/86] memory: I/O address space support

[Avi Kivity]

Allow registering I/O ports via the same mechanism as mmio ranges.

Signed-off-by: Avi Kivity 
---
 exec-memory.h |3 ++
 memory.c  |   60 -
 memory.h  |2 +
 3 files changed, 64 insertions(+), 1 deletions(-)

diff --git a/exec-memory.h b/exec-memory.h
index 7eb9085..aad21b5 100644
--- a/exec-memory.h
+++ b/exec-memory.h
@@ -18,6 +18,9 @@ MemoryRegion *get_system_memory(void);
 /* Set the root memory region.  This region is the system memory map. */
 void set_system_memory_map(MemoryRegion *mr);
 
+/* Set the I/O memory region.  This region is the I/O memory map. */
+void set_system_io_map(MemoryRegion *mr);
+
 #endif
 
 #endif
diff --git a/memory.c b/memory.c
index bc8bfa2..62bd60b 100644
--- a/memory.c
+++ b/memory.c
@@ -13,6 +13,7 @@
 
 #include "memory.h"
 #include "exec-memory.h"
+#include "ioport.h"
 #include 
 
 typedef struct AddrRange AddrRange;
@@ -210,6 +211,52 @@ static AddressSpace address_space_memory = {
 .ops = &address_space_ops_memory,
 };
 
+static void memory_region_iorange_read(IORange *iorange,
+   uint64_t offset,
+   unsigned width,
+   uint64_t *data)
+{
+MemoryRegion *mr = container_of(iorange, MemoryRegion, iorange);
+
+*data = mr->ops->read(mr->opaque, offset, width);
+}
+
+static void memory_region_iorange_write(IORange *iorange,
+uint64_t offset,
+unsigned width,
+uint64_t data)
+{
+MemoryRegion *mr = container_of(iorange, MemoryRegion, iorange);
+
+mr->ops->write(mr->opaque, offset, data, width);
+}
+
+static const IORangeOps memory_region_iorange_ops = {
+.read = memory_region_iorange_read,
+.write = memory_region_iorange_write,
+};
+
+static void as_io_range_add(AddressSpace *as, FlatRange *fr)
+{
+iorange_init(&fr->mr->iorange, &memory_region_iorange_ops,
+ fr->addr.start,fr->addr.size);
+ioport_register(&fr->mr->iorange);
+}
+
+static void as_io_range_del(AddressSpace *as, FlatRange *fr)
+{
+isa_unassign_ioport(fr->addr.start, fr->addr.size);
+}
+
+static const AddressSpaceOps address_space_ops_io = {
+.range_add = as_io_range_add,
+.range_del = as_io_range_del,
+};
+
+static AddressSpace address_space_io = {
+.ops = &address_space_ops_io,
+};
+
 /* Render a memory region into the global view.  Ranges in @view obscure
  * ranges in @mr.
  */
@@ -358,7 +405,12 @@ static void address_space_update_topology(AddressSpace *as)
 
 static void memory_region_update_topology(void)
 {
-address_space_update_topology(&address_space_memory);
+if (address_space_memory.root) {
+address_space_update_topology(&address_space_memory);
+}
+if (address_space_io.root) {
+address_space_update_topology(&address_space_io);
+}
 }
 
 void memory_region_init(MemoryRegion *mr,
@@ -772,3 +824,9 @@ void set_system_memory_map(MemoryRegion *mr)
 address_space_memory.root = mr;
 memory_region_update_topology();
 }
+
+void set_system_io_map(MemoryRegion *mr)
+{
+address_space_io.root = mr;
+memory_region_update_topology();
+}
diff --git a/memory.h b/memory.h
index 0994b18..2afbf13 100644
--- a/memory.h
+++ b/memory.h
@@ -9,6 +9,7 @@
 #include "cpu-common.h"
 #include "targphys.h"
 #include "qemu-queue.h"
+#include "iorange.h"
 
 typedef struct MemoryRegionOps MemoryRegionOps;
 typedef struct MemoryRegion MemoryRegion;
@@ -78,6 +79,7 @@ struct MemoryRegion {
 target_phys_addr_t offset;
 bool backend_registered;
 ram_addr_t ram_addr;
+IORange iorange;
 bool terminates;
 MemoryRegion *alias;
 target_phys_addr_t alias_offset;
-- 
1.7.5.3

[Qemu-devel] [PATCH V2 2/3] xen: Fix the memory registration to reflect of what is done by Xen.

[Anthony PERARD]

A Xen guest memory is allocated by libxc. But this memory is not
allocated continuously, instead, it leaves the VGA IO memory space not
allocated, same for the MMIO space (at HVM_BELOW_4G_MMIO_START of size
HVM_BELOW_4G_MMIO_LENGTH).

So to reflect that, we do not register the physical memory for this two
holes. But we still keep only one RAMBlock for the all RAM as it is more
easier than have two separate blocks (1 above 4G). Also this prevent QEMU
from use the MMIO space for a ROM.

Signed-off-by: Anthony PERARD 
---
 xen-all.c |   27 ---
 1 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/xen-all.c b/xen-all.c
index b19da37..d535f90 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -19,6 +19,7 @@
 
 #include 
 #include 
+#include 
 
 //#define DEBUG_XEN
 
@@ -144,6 +145,12 @@ static void xen_ram_init(ram_addr_t ram_size)
 new_block->host = NULL;
 new_block->offset = 0;
 new_block->length = ram_size;
+if (ram_size >= HVM_BELOW_4G_RAM_END) {
+/* Xen does not allocate the memory continuously, and keep a hole at
+ * HVM_BELOW_4G_MMIO_START of HVM_BELOW_4G_MMIO_LENGTH
+ */
+new_block->length += HVM_BELOW_4G_MMIO_LENGTH;
+}
 
 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
 
@@ -152,20 +159,26 @@ static void xen_ram_init(ram_addr_t ram_size)
 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
0xff, new_block->length >> TARGET_PAGE_BITS);
 
-if (ram_size >= 0xe000 ) {
-above_4g_mem_size = ram_size - 0xe000;
-below_4g_mem_size = 0xe000;
+if (ram_size >= HVM_BELOW_4G_RAM_END) {
+above_4g_mem_size = ram_size - HVM_BELOW_4G_RAM_END;
+below_4g_mem_size = HVM_BELOW_4G_RAM_END;
 } else {
 below_4g_mem_size = ram_size;
 }
 
-cpu_register_physical_memory(0, below_4g_mem_size, new_block->offset);
-#if TARGET_PHYS_ADDR_BITS > 32
+cpu_register_physical_memory(0, 0xa, 0);
+/* Skip of the VGA IO memory space, it will be registered later by the VGA
+ * emulated device.
+ *
+ * The area between 0xc and 0x10 will be used by SeaBIOS to load
+ * the Options ROM, so it is registered here as RAM.
+ */
+cpu_register_physical_memory(0xc, below_4g_mem_size - 0xc,
+ 0xc);
 if (above_4g_mem_size > 0) {
 cpu_register_physical_memory(0x1ULL, above_4g_mem_size,
- new_block->offset + below_4g_mem_size);
+ 0x1ULL);
 }
-#endif
 }
 
 void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size)
-- 
Anthony PERARD

[Qemu-devel] [RFC v5 61/86] pci: remove support for pre memory API BARs

[Avi Kivity]

Not used anymore.

Signed-off-by: Avi Kivity 
---
 hw/pci.c |   33 ++---
 1 files changed, 2 insertions(+), 31 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 6ed08ae..e6a3e56 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -848,18 +848,7 @@ static void pci_unregister_io_regions(PCIDevice *pci_dev)
 r = &pci_dev->io_regions[i];
 if (!r->size || r->addr == PCI_BAR_UNMAPPED)
 continue;
-if (r->memory) {
-memory_region_del_subregion(r->address_space, r->memory);
-} else {
-if (r->type == PCI_BASE_ADDRESS_SPACE_IO) {
-isa_unassign_ioport(r->addr, r->filtered_size);
-} else {
-cpu_register_physical_memory(pci_to_cpu_addr(pci_dev->bus,
- r->addr),
- r->filtered_size,
- IO_MEM_UNASSIGNED);
-}
-}
+memory_region_del_subregion(r->address_space, r->memory);
 }
 }
 
@@ -1058,25 +1047,7 @@ static void pci_update_mappings(PCIDevice *d)
 
 /* now do the real mapping */
 if (r->addr != PCI_BAR_UNMAPPED) {
-if (r->memory) {
-memory_region_del_subregion(r->address_space, r->memory);
-} else if (r->type & PCI_BASE_ADDRESS_SPACE_IO) {
-int class;
-/* NOTE: specific hack for IDE in PC case:
-   only one byte must be mapped. */
-class = pci_get_word(d->config + PCI_CLASS_DEVICE);
-if (class == 0x0101 && r->size == 4) {
-isa_unassign_ioport(r->addr + 2, 1);
-} else {
-isa_unassign_ioport(r->addr, r->filtered_size);
-}
-} else {
-cpu_register_physical_memory(pci_to_cpu_addr(d->bus,
- r->addr),
- r->filtered_size,
- IO_MEM_UNASSIGNED);
-qemu_unregister_coalesced_mmio(r->addr, r->filtered_size);
-}
+memory_region_del_subregion(r->address_space, r->memory);
 }
 r->addr = new_addr;
 r->filtered_size = filtered_size;
-- 
1.7.5.3

Re: [Qemu-devel] [PATCH v8 3/4] guest agent: qemu-ga daemon

[Luiz Capitulino]

On Tue, 19 Jul 2011 15:41:54 -0500
Michael Roth  wrote:

> This is the actual guest daemon, it listens for requests over a
> virtio-serial/isa-serial/unix socket channel and routes them through
> to dispatch routines, and writes the results back to the channel in
> a manner similar to QMP.
> 
> A shorthand invocation:
> 
>   qemu-ga -d
> 
> Is equivalent to:
> 
>   qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
>   -f /var/run/qemu-ga.pid -d
> 
> Signed-off-by: Michael Roth 
> ---
>  Makefile   |8 +-
>  configure  |1 +
>  qemu-ga.c  |  667 
> 
>  qga/guest-agent-core.h |4 +
>  4 files changed, 677 insertions(+), 3 deletions(-)
>  create mode 100644 qemu-ga.c
> 
> diff --git a/Makefile b/Makefile
> index b8cdf0e..0d2e33d 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -140,7 +140,7 @@ endif
>  ##
>  
>  qemu-img.o: qemu-img-cmds.h
> -qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o: $(GENERATED_HEADERS)
> +qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o qemu-ga.o: 
> $(GENERATED_HEADERS)
>  
>  qemu-img$(EXESUF): qemu-img.o qemu-tool.o qemu-error.o $(oslib-obj-y) 
> $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
> qemu-timer-common.o
>  
> @@ -184,13 +184,15 @@ test-qmp-commands: test-qmp-commands.o qfloat.o qint.o 
> qdict.o qstring.o qlist.o
>  
>  QGALIB=qga/guest-agent-command-state.o
>  
> +qemu-ga$(EXESUF): qemu-ga.o $(QGALIB) qemu-tool.o qemu-error.o error.o 
> $(oslib-obj-y) $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) 
> $(version-obj-y) $(qapi-obj-y) qemu-timer-common.o qemu-sockets.o module.o 
> qapi/qmp-dispatch.o qapi/qmp-registry.o
> +
>  QEMULIBS=libhw32 libhw64 libuser libdis libdis-user
>  
>  clean:
>  # avoid old build problems by removing potentially incorrect old files
>   rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
> gen-op-arm.h
>   rm -f qemu-options.def
> - rm -f *.o *.d *.a *.lo $(TOOLS) TAGS cscope.* *.pod *~ */*~
> + rm -f *.o *.d *.a *.lo $(TOOLS) qemu-ga TAGS cscope.* *.pod *~ */*~
>   rm -Rf .libs
>   rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
> net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
> qga/*.d
>   rm -f qemu-img-cmds.h
> @@ -386,4 +388,4 @@ tarbin:
>   $(mandir)/man8/qemu-nbd.8
>  
>  # Include automatically generated dependency files
> --include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d 
> qapi/*.d)
> +-include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d 
> qapi/*.d qga/*.d)
> diff --git a/configure b/configure
> index 6a03002..445f674 100755
> --- a/configure
> +++ b/configure
> @@ -2532,6 +2532,7 @@ if test "$softmmu" = yes ; then
>tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
>if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
>tools="qemu-nbd\$(EXESUF) $tools"
> +  tools="qemu-ga\$(EXESUF) $tools"
>  if [ "$check_utests" = "yes" ]; then
>tools="check-qint check-qstring check-qdict check-qlist $tools"
>tools="check-qfloat check-qjson $tools"
> diff --git a/qemu-ga.c b/qemu-ga.c
> new file mode 100644
> index 000..eb09100
> --- /dev/null
> +++ b/qemu-ga.c
> @@ -0,0 +1,667 @@
> +/*
> + * QEMU Guest Agent
> + *
> + * Copyright IBM Corp. 2011
> + *
> + * Authors:
> + *  Adam Litke
> + *  Michael Roth  
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include "qemu_socket.h"
> +#include "json-streamer.h"
> +#include "json-parser.h"
> +#include "qint.h"
> +#include "qjson.h"
> +#include "qga/guest-agent-core.h"
> +#include "module.h"
> +#include "signal.h"
> +#include "qerror.h"
> +#include "error_int.h"
> +
> +#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
> +#define QGA_PIDFILE_DEFAULT "/var/run/qemu-ga.pid"
> +#define QGA_BAUDRATE_DEFAULT B38400 /* for isa-serial channels */
> +#define QGA_TIMEOUT_DEFAULT 30*1000 /* ms */
> +
> +struct GAState {
> +JSONMessageParser parser;
> +GMainLoop *main_loop;
> +guint conn_id;
> +GSocket *conn_sock;
> +GIOChannel *conn_channel;
> +guint listen_id;
> +GSocket *listen_sock;
> +GIOChannel *listen_channel;
> +const char *path;
> +const char *method;
> +bool virtio; /* fastpath to check for virtio to deal with poll() quirks 
> */
> +GACommandState *command_state;
> +GLogLevelFlags log_level;
> +FILE *log_file;
> +bool logging_enabled;
> +};
> +
> +static struct GAState *ga_state;
> +
> +static void quit_handler(int sig)
> +{
> +g_debug("recieved signal num %d, quitting", sig);
> +
> +if (g_main_loo

Re: [Qemu-devel] live snapshot wiki updated

[Blue Swirl]

On Wed, Jul 20, 2011 at 4:51 PM, Kevin Wolf  wrote:
> Am 20.07.2011 15:25, schrieb Jes Sorensen:
>> On 07/20/11 12:01, Kevin Wolf wrote:
> Right, we're stuck with the two horros of NFS and selinux, so we need
> something that gets around the problem. In a sane world we would simply
> say 'no NFS, no selinux', but as you say that will never happen.
>
> My suggestion of a callback mechanism where libvirt registers the
> callback with QEMU for open() calls, allowing libvirt to perform the
> open and return the open file descriptor would get around this problem.
>>> To me this sounds more like a problem than a solution. It basically
>>> means that during an open (which may even be initiated by a monitor
>>> command), you need monitor interaction. It basically means that open
>>> becomes asynchronous, and requires clients to deal with that, which
>>> sounds at least "interesting"... Also you have to add some magic to all
>>> places opening something.
>>>
>>> I think if libvirt wants qemu to use an fd instead of a file name, it
>>> shouldn't pass a file name but an fd in the first place. Which means
>>> that the two that we need are support for an fd: protocol (patches on
>>> the list, need review), and a way for libvirt to override the backing
>>> file of an image.
>>
>> The problem is that QEMU will find backing file file names inside the
>> images which it will be unable to open. How do you suggest we get around
>> that?
>
> This is the part with allowing libvirt to override the backing file. Of
> course, this is not something that we can add with five lines of code,
> it requires -blockdev.

There could still be some issues:
Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just trickery by a devious guest to
corrupt storage?

This could be handled so that instead of naming the backing file, QEMU
asks for a descriptor for the backing file by presenting the
descriptor to main file C, but I think the real solution is that
libvirt should handle the storage formats completely and it should
present QEMU with only a raw file like interface (read/write/seek) for
the data. Then any backing files would be handled within libvirt.
Performance could suffer, though.

Re: [Qemu-devel] [PATCHv2] target-arm: support for ARM1176JZF-s cores

[Jamie Iles]

On Wed, Jul 20, 2011 at 03:35:19PM +0100, Peter Maydell wrote:
> On 19 July 2011 13:32, Jamie Iles  wrote:
> > Add support for v6K ARM1176JZF-S.  This core includes the VA<->PA
> > translation capability and security extensions.
> 
> > +static uint32_t arm1176_cp15_c0_c1[8] =
> > +{ 0x111, 0x11, 0x33, 0x01130003, 0x01130003, 0x10030302, 0x01222100, 0 };
> 
> This seems to be the wrong value for the AUXFR0 (0,c0,c1,3 : fourth item
> in this list). The 1176JZF-S TRM says its value is 0x0, not 0x01130003
> (which I think you've miscopied from the 0,c0,c1,4 MMFR0 entry).

Ahh, yes.  Thanks for that, a good spot.

Jamie

8<--

>From af92ff0cd28077ff187f2ac1d952f71297b7d026 Mon Sep 17 00:00:00 2001
From: Jamie Iles 
Date: Thu, 23 Jun 2011 11:37:19 +0100
Subject: [PATCHv3] target-arm: support for ARM1176JZF-s cores

Add support for v6K ARM1176JZF-S.  This core includes the VA<->PA
translation capability and security extensions.

v2: Model the version with the VFP
v3: fix up the AFR0 value to be in line with TRM (0x0)

Cc: Peter Maydell 
Cc: Paul Brook 
Cc: Aurelien Jarno 
Signed-off-by: Jamie Iles 
---
 target-arm/cpu.h|1 +
 target-arm/helper.c |   23 +++
 2 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 01f5b57..8708f9e 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -414,6 +414,7 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
 #define ARM_CPUID_PXA270_C5   0x69054117
 #define ARM_CPUID_ARM1136 0x4117b363
 #define ARM_CPUID_ARM1136_R2  0x4107b362
+#define ARM_CPUID_ARM1176 0x410fb767
 #define ARM_CPUID_ARM11MPCORE 0x410fb022
 #define ARM_CPUID_CORTEXA80x410fc080
 #define ARM_CPUID_CORTEXA90x410fc090
diff --git a/target-arm/helper.c b/target-arm/helper.c
index eda881b..2050653 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -36,6 +36,12 @@ static uint32_t arm1136_cp15_c0_c1[8] =
 static uint32_t arm1136_cp15_c0_c2[8] =
 { 0x00140011, 0x12002111, 0x1123, 0x01102131, 0x141, 0, 0, 0 };
 
+static uint32_t arm1176_cp15_c0_c1[8] =
+{ 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
+
+static uint32_t arm1176_cp15_c0_c2[8] =
+{ 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
+
 static uint32_t cpu_arm_find_by_name(const char *name);
 
 static inline void set_feature(CPUARMState *env, int feature)
@@ -86,6 +92,21 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
 env->cp15.c0_cachetype = 0x1dd20d2;
 env->cp15.c1_sys = 0x00050078;
 break;
+case ARM_CPUID_ARM1176:
+set_feature(env, ARM_FEATURE_V4T);
+set_feature(env, ARM_FEATURE_V5);
+set_feature(env, ARM_FEATURE_V6);
+set_feature(env, ARM_FEATURE_V6K);
+set_feature(env, ARM_FEATURE_VFP);
+set_feature(env, ARM_FEATURE_AUXCR);
+env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b5;
+env->vfp.xregs[ARM_VFP_MVFR0] = 0x;
+env->vfp.xregs[ARM_VFP_MVFR1] = 0x;
+memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
+memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
+env->cp15.c0_cachetype = 0x1dd20d2;
+env->cp15.c1_sys = 0x00050078;
+break;
 case ARM_CPUID_ARM11MPCORE:
 set_feature(env, ARM_FEATURE_V4T);
 set_feature(env, ARM_FEATURE_V5);
@@ -377,6 +398,7 @@ static const struct arm_cpu_t arm_cpu_names[] = {
 { ARM_CPUID_ARM1026, "arm1026"},
 { ARM_CPUID_ARM1136, "arm1136"},
 { ARM_CPUID_ARM1136_R2, "arm1136-r2"},
+{ ARM_CPUID_ARM1176, "arm1176"},
 { ARM_CPUID_ARM11MPCORE, "arm11mpcore"},
 { ARM_CPUID_CORTEXM3, "cortex-m3"},
 { ARM_CPUID_CORTEXA8, "cortex-a8"},
@@ -1770,6 +1792,7 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
 return 1;
 case ARM_CPUID_ARM1136:
 case ARM_CPUID_ARM1136_R2:
+case ARM_CPUID_ARM1176:
 return 7;
 case ARM_CPUID_ARM11MPCORE:
 return 1;
-- 
1.7.4.1

[Qemu-devel] [RFC v5 74/86] ppc405_uc: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/ppc405_uc.c |  117 +---
 1 files changed, 52 insertions(+), 65 deletions(-)

diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 06a053b..e5b18fe 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -259,6 +259,7 @@ static void ppc4xx_pob_init(CPUState *env)
 /* OPB arbitrer */
 typedef struct ppc4xx_opba_t ppc4xx_opba_t;
 struct ppc4xx_opba_t {
+MemoryRegion io;
 uint8_t cr;
 uint8_t pr;
 };
@@ -357,16 +358,12 @@ static void opba_writel (void *opaque,
 opba_writeb(opaque, addr + 1, value >> 16);
 }
 
-static CPUReadMemoryFunc * const opba_read[] = {
-&opba_readb,
-&opba_readw,
-&opba_readl,
-};
-
-static CPUWriteMemoryFunc * const opba_write[] = {
-&opba_writeb,
-&opba_writew,
-&opba_writel,
+static const MemoryRegionOps opba_ops = {
+.old_mmio = {
+.read = { opba_readb, opba_readw, opba_readl, },
+.write = { opba_writeb, opba_writew, opba_writel, },
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void ppc4xx_opba_reset (void *opaque)
@@ -378,18 +375,18 @@ static void ppc4xx_opba_reset (void *opaque)
 opba->pr = 0x11;
 }
 
+#include "exec-memory.h"
+
 static void ppc4xx_opba_init(target_phys_addr_t base)
 {
 ppc4xx_opba_t *opba;
-int io;
 
 opba = qemu_mallocz(sizeof(ppc4xx_opba_t));
 #ifdef DEBUG_OPBA
 printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
 #endif
-io = cpu_register_io_memory(opba_read, opba_write, opba,
-DEVICE_NATIVE_ENDIAN);
-cpu_register_physical_memory(base, 0x002, io);
+memory_region_init_io(&opba->io, &opba_ops, opba, "opba", 0x002);
+memory_region_add_subregion(get_system_memory(), base, &opba->io);
 qemu_register_reset(ppc4xx_opba_reset, opba);
 }
 
@@ -722,6 +719,7 @@ static void ppc405_dma_init(CPUState *env, qemu_irq irqs[4])
 /* GPIO */
 typedef struct ppc405_gpio_t ppc405_gpio_t;
 struct ppc405_gpio_t {
+MemoryRegion io;
 uint32_t or;
 uint32_t tcr;
 uint32_t osrh;
@@ -789,16 +787,12 @@ static void ppc405_gpio_writel (void *opaque,
 #endif
 }
 
-static CPUReadMemoryFunc * const ppc405_gpio_read[] = {
-&ppc405_gpio_readb,
-&ppc405_gpio_readw,
-&ppc405_gpio_readl,
-};
-
-static CPUWriteMemoryFunc * const ppc405_gpio_write[] = {
-&ppc405_gpio_writeb,
-&ppc405_gpio_writew,
-&ppc405_gpio_writel,
+static const MemoryRegionOps ppc405_gpio_ops = {
+.old_mmio = {
+.read = { ppc405_gpio_readb, ppc405_gpio_readw, ppc405_gpio_readl, },
+.write = { ppc405_gpio_writeb, ppc405_gpio_writew, ppc405_gpio_writel, 
},
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void ppc405_gpio_reset (void *opaque)
@@ -808,15 +802,13 @@ static void ppc405_gpio_reset (void *opaque)
 static void ppc405_gpio_init(target_phys_addr_t base)
 {
 ppc405_gpio_t *gpio;
-int io;
 
 gpio = qemu_mallocz(sizeof(ppc405_gpio_t));
 #ifdef DEBUG_GPIO
 printf("%s: offset " TARGET_FMT_plx "\n", __func__, base);
 #endif
-io = cpu_register_io_memory(ppc405_gpio_read, ppc405_gpio_write, gpio,
-DEVICE_NATIVE_ENDIAN);
-cpu_register_physical_memory(base, 0x038, io);
+memory_region_init_io(&gpio->io, &ppc405_gpio_ops, gpio, "pgio", 0x038);
+memory_region_add_subregion(get_system_memory(), base, &gpio->io);
 qemu_register_reset(&ppc405_gpio_reset, gpio);
 }
 
@@ -831,7 +823,9 @@ enum {
 
 typedef struct ppc405_ocm_t ppc405_ocm_t;
 struct ppc405_ocm_t {
-target_ulong offset;
+MemoryRegion ram;
+MemoryRegion isarc_ram;
+MemoryRegion dsarc_ram;
 uint32_t isarc;
 uint32_t isacntl;
 uint32_t dsarc;
@@ -854,16 +848,15 @@ static void ocm_update_mappings (ppc405_ocm_t *ocm,
 if (ocm->isacntl & 0x8000) {
 /* Unmap previously assigned memory region */
 printf("OCM unmap ISA %08" PRIx32 "\n", ocm->isarc);
-cpu_register_physical_memory(ocm->isarc, 0x0400,
- IO_MEM_UNASSIGNED);
+memory_region_del_subregion(get_system_memory(), &ocm->isarc_ram);
 }
 if (isacntl & 0x8000) {
 /* Map new instruction memory region */
 #ifdef DEBUG_OCM
 printf("OCM map ISA %08" PRIx32 "\n", isarc);
 #endif
-cpu_register_physical_memory(isarc, 0x0400,
- ocm->offset | IO_MEM_RAM);
+memory_region_add_subregion(get_system_memory(), isarc,
+&ocm->isarc_ram);
 }
 }
 if (ocm->dsarc != dsarc ||
@@ -875,8 +868,8 @@ static void ocm_update_mappings (ppc405_ocm_t *ocm,
 #ifdef DEBUG_OCM
 printf("OCM unmap DSA %08" PRIx32 "\n", ocm->dsarc);
 #endif
-cpu_register_physical_memory(ocm->dsarc, 0x0400,
- IO_MEM_UNASSIGNED);
+m

[Qemu-devel] [RFC v5 35/86] rtl8139: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/rtl8139.c |   72 ++---
 1 files changed, 38 insertions(+), 34 deletions(-)

diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 5214b8c..dfbab90 100644
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -474,7 +474,6 @@ typedef struct RTL8139State {
 
 NICState *nic;
 NICConf conf;
-int rtl8139_mmio_io_addr;
 
 /* C ring mode */
 uint32_t   currTxDesc;
@@ -506,6 +505,9 @@ typedef struct RTL8139State {
 QEMUTimer *timer;
 int64_t TimerExpire;
 
+MemoryRegion bar_io;
+MemoryRegion bar_mem;
+
 /* Support migration to/from old versions */
 int rtl8139_mmio_io_addr_dummy;
 } RTL8139State;
@@ -3283,7 +3285,7 @@ static void rtl8139_pre_save(void *opaque)
 rtl8139_set_next_tctr_time(s, current_time);
 s->TCTR = muldiv64(current_time - s->TCTR_base, PCI_FREQUENCY,
get_ticks_per_sec());
-s->rtl8139_mmio_io_addr_dummy = s->rtl8139_mmio_io_addr;
+s->rtl8139_mmio_io_addr_dummy = 0;
 }
 
 static const VMStateDescription vmstate_rtl8139 = {
@@ -3379,31 +3381,35 @@ static const VMStateDescription vmstate_rtl8139 = {
 /***/
 /* PCI RTL8139 definitions */
 
-static void rtl8139_ioport_map(PCIDevice *pci_dev, int region_num,
-   pcibus_t addr, pcibus_t size, int type)
-{
-RTL8139State *s = DO_UPCAST(RTL8139State, dev, pci_dev);
-
-register_ioport_write(addr, 0x100, 1, rtl8139_ioport_writeb, s);
-register_ioport_read( addr, 0x100, 1, rtl8139_ioport_readb,  s);
-
-register_ioport_write(addr, 0x100, 2, rtl8139_ioport_writew, s);
-register_ioport_read( addr, 0x100, 2, rtl8139_ioport_readw,  s);
-
-register_ioport_write(addr, 0x100, 4, rtl8139_ioport_writel, s);
-register_ioport_read( addr, 0x100, 4, rtl8139_ioport_readl,  s);
-}
+static const MemoryRegionPortio rtl8139_portio[] = {
+{ 0, 0x100, 1, .read = rtl8139_ioport_readb, },
+{ 0, 0x100, 1, .write = rtl8139_ioport_writeb, },
+{ 0, 0x100, 2, .read = rtl8139_ioport_readw, },
+{ 0, 0x100, 2, .write = rtl8139_ioport_writew, },
+{ 0, 0x100, 4, .read = rtl8139_ioport_readl, },
+{ 0, 0x100, 4, .write = rtl8139_ioport_writel, },
+PORTIO_END
+};
 
-static CPUReadMemoryFunc * const rtl8139_mmio_read[3] = {
-rtl8139_mmio_readb,
-rtl8139_mmio_readw,
-rtl8139_mmio_readl,
+static const MemoryRegionOps rtl8139_io_ops = {
+.old_portio = rtl8139_portio,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const rtl8139_mmio_write[3] = {
-rtl8139_mmio_writeb,
-rtl8139_mmio_writew,
-rtl8139_mmio_writel,
+static const MemoryRegionOps rtl8139_mmio_ops = {
+.old_mmio = {
+.read = {
+rtl8139_mmio_readb,
+rtl8139_mmio_readw,
+rtl8139_mmio_readl,
+},
+.write = {
+rtl8139_mmio_writeb,
+rtl8139_mmio_writew,
+rtl8139_mmio_writel,
+},
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void rtl8139_timer(void *opaque)
@@ -3432,7 +3438,8 @@ static int pci_rtl8139_uninit(PCIDevice *dev)
 {
 RTL8139State *s = DO_UPCAST(RTL8139State, dev, dev);
 
-cpu_unregister_io_memory(s->rtl8139_mmio_io_addr);
+memory_region_destroy(&s->bar_io);
+memory_region_destroy(&s->bar_mem);
 if (s->cplus_txbuffer) {
 qemu_free(s->cplus_txbuffer);
 s->cplus_txbuffer = NULL;
@@ -3462,15 +3469,12 @@ static int pci_rtl8139_init(PCIDevice *dev)
  * list bit in status register, and offset 0xdc seems unused. */
 pci_conf[PCI_CAPABILITY_LIST] = 0xdc;
 
-/* I/O handler for memory-mapped I/O */
-s->rtl8139_mmio_io_addr =
-cpu_register_io_memory(rtl8139_mmio_read, rtl8139_mmio_write, s,
-   DEVICE_LITTLE_ENDIAN);
-
-pci_register_bar(&s->dev, 0, 0x100,
-   PCI_BASE_ADDRESS_SPACE_IO,  rtl8139_ioport_map);
-
-pci_register_bar_simple(&s->dev, 1, 0x100, 0, s->rtl8139_mmio_io_addr);
+memory_region_init_io(&s->bar_io, &rtl8139_io_ops, s, "rtl8139", 0x100);
+memory_region_init_io(&s->bar_mem, &rtl8139_mmio_ops, s, "rtl8139", 0x100);
+pci_register_bar_region(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO,
+&s->bar_io);
+pci_register_bar_region(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
+&s->bar_mem);
 
 qemu_macaddr_default_if_unset(&s->conf.macaddr);
 
-- 
1.7.5.3

Re: [Qemu-devel] [PATCH] do not call monitor_resume() from migrate_fd_put_buffer() error path

[Marcelo Tosatti]

On Tue, Jul 19, 2011 at 11:48:22PM +0200, Jan Kiszka wrote:
> On 2011-07-19 13:46, Michael Tokarev wrote:
> > If we do, it results in double monitor_resume() (second being called
> > from migrate_fd_cleanup() anyway) and monitor suspend count becoming
> > negative.
> > 
> > Cc'ing people from `git blame' list for the lines in question: the
> > change fixes the problem but I'm not sure what the original intention
> > of this code was in this place.  Unfortunately noone replied to two
> > my attempts to raise this issue.
> > 
> > Signed-Off-By: Michael Tokarev 
> > ---
> >  migration.c |3 ---
> >  1 files changed, 0 insertions(+), 3 deletions(-)
> > 
> > diff --git a/migration.c b/migration.c
> > index af3a1f2..115588c 100644
> > --- a/migration.c
> > +++ b/migration.c
> > @@ -330,9 +330,6 @@ ssize_t migrate_fd_put_buffer(void *opaque, const void 
> > *data, size_t size)
> >  if (ret == -EAGAIN) {
> >  qemu_set_fd_handler2(s->fd, NULL, NULL, migrate_fd_put_notify, s);
> >  } else if (ret < 0) {
> > -if (s->mon) {
> > -monitor_resume(s->mon);
> > -}
> >  s->state = MIG_STATE_ERROR;
> >  notifier_list_notify(&migration_state_notifiers);
> >  }
> 
> Looks reasonable to me, but Marcelo should comment on this, specifically
> which scenario once required the resume.
> 
> Jan

If the monitor was suspended (migrate without -d), then this path must
resume. Should record that somewhere and check here.

[Qemu-devel] [PATCH 40/55] block: Leave tracking media change to device models

[Markus Armbruster]

hw/fdc.c is the only one that cares.

Signed-off-by: Markus Armbruster 
---
 block.c |   20 ++--
 block_int.h |1 -
 hw/fdc.c|   40 ++--
 3 files changed, 24 insertions(+), 37 deletions(-)

diff --git a/block.c b/block.c
index c12f037..2225be5 100644
--- a/block.c
+++ b/block.c
@@ -637,7 +637,6 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
int flags,
 }
 
 if (!bdrv_key_required(bs)) {
-bs->media_changed = 1;
 bdrv_dev_change_media_cb(bs);
 }
 
@@ -674,7 +673,6 @@ void bdrv_close(BlockDriverState *bs)
 bdrv_close(bs->file);
 }
 
-bs->media_changed = 1;
 bdrv_dev_change_media_cb(bs);
 }
 }
@@ -1542,7 +1540,6 @@ int bdrv_set_key(BlockDriverState *bs, const char *key)
 } else if (!bs->valid_key) {
 bs->valid_key = 1;
 /* call the change callback now, we skipped it on open */
-bs->media_changed = 1;
 bdrv_dev_change_media_cb(bs);
 }
 return ret;
@@ -2765,22 +2762,17 @@ int bdrv_is_inserted(BlockDriverState *bs)
 }
 
 /**
- * Return TRUE if the media changed since the last call to this
- * function. It is currently only used for floppy disks
+ * Return whether the media changed since the last call to this
+ * function, or -ENOTSUP if we don't know.  Most drivers don't know.
  */
 int bdrv_media_changed(BlockDriverState *bs)
 {
 BlockDriver *drv = bs->drv;
-int ret;
 
-if (!drv || !drv->bdrv_media_changed)
-ret = -ENOTSUP;
-else
-ret = drv->bdrv_media_changed(bs);
-if (ret == -ENOTSUP)
-ret = bs->media_changed;
-bs->media_changed = 0;
-return ret;
+if (drv && drv->bdrv_media_changed) {
+return drv->bdrv_media_changed(bs);
+}
+return -ENOTSUP;
 }
 
 /**
diff --git a/block_int.h b/block_int.h
index 7d49a6e..d8688b8 100644
--- a/block_int.h
+++ b/block_int.h
@@ -164,7 +164,6 @@ struct BlockDriverState {
 this file image */
 char backing_format[16]; /* if non-zero and backing_file exists */
 int is_temporary;
-int media_changed;
 
 BlockDriverState *backing_hd;
 BlockDriverState *file;
diff --git a/hw/fdc.c b/hw/fdc.c
index edf0360..a2d8aae 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -535,30 +535,11 @@ static CPUWriteMemoryFunc * const 
fdctrl_mem_write_strict[3] = {
 NULL,
 };
 
-static void fdrive_media_changed_pre_save(void *opaque)
-{
-FDrive *drive = opaque;
-
-drive->media_changed = drive->bs->media_changed;
-}
-
-static int fdrive_media_changed_post_load(void *opaque, int version_id)
-{
-FDrive *drive = opaque;
-
-if (drive->bs != NULL) {
-drive->bs->media_changed = drive->media_changed;
-}
-
-/* User ejected the floppy when drive->bs == NULL */
-return 0;
-}
-
 static bool fdrive_media_changed_needed(void *opaque)
 {
 FDrive *drive = opaque;
 
-return (drive->bs != NULL && drive->bs->media_changed != 1);
+return (drive->bs != NULL && drive->media_changed != 1);
 }
 
 static const VMStateDescription vmstate_fdrive_media_changed = {
@@ -566,8 +547,6 @@ static const VMStateDescription 
vmstate_fdrive_media_changed = {
 .version_id = 1,
 .minimum_version_id = 1,
 .minimum_version_id_old = 1,
-.pre_save = fdrive_media_changed_pre_save,
-.post_load = fdrive_media_changed_post_load,
 .fields  = (VMStateField[]) {
 VMSTATE_UINT8(media_changed, FDrive),
 VMSTATE_END_OF_LIST()
@@ -920,6 +899,10 @@ static int fdctrl_media_changed(FDrive *drv)
 if (!drv->bs)
 return 0;
 ret = bdrv_media_changed(drv->bs);
+if (ret < 0) {
+ret = drv->media_changed;
+}
+drv->media_changed = 0;
 if (ret) {
 fd_revalidate(drv);
 }
@@ -1791,6 +1774,17 @@ static void fdctrl_result_timer(void *opaque)
 fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
 }
 
+static void fdctrl_change_cb(void *opaque)
+{
+FDrive *drive = opaque;
+
+drive->media_changed = 1;
+}
+
+static const BlockDevOps fdctrl_block_ops = {
+.change_media_cb = fdctrl_change_cb,
+};
+
 /* Init functions */
 static int fdctrl_connect_drives(FDCtrl *fdctrl)
 {
@@ -1814,7 +1808,9 @@ static int fdctrl_connect_drives(FDCtrl *fdctrl)
 fd_init(drive);
 fd_revalidate(drive);
 if (drive->bs) {
+drive->media_changed = 1;
 bdrv_set_removable(drive->bs, 1);
+bdrv_set_dev_ops(drive->bs, &fdctrl_block_ops, drive);
 }
 }
 return 0;
-- 
1.7.2.3

[Qemu-devel] [RFC v5 59/86] pci: fold BAR mapping function into its caller

[Avi Kivity]

There is only one function, so no need for a function pointer.

Signed-off-by: Avi Kivity 
---
 hw/pci.c |   25 +
 hw/pci.h |1 -
 2 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index e9e4874..e6a759a 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -881,18 +881,6 @@ static int pci_unregister_device(DeviceState *dev)
 return 0;
 }
 
-static void pci_simple_bar_mapfunc_region(PCIDevice *pci_dev, int region_num,
-  pcibus_t addr, pcibus_t size,
-  int type)
-{
-PCIIORegion *r = &pci_dev->io_regions[region_num];
-
-memory_region_add_subregion_overlap(r->address_space,
-addr,
-r->memory,
-1);
-}
-
 void pci_register_bar_region(PCIDevice *pci_dev, int region_num,
  uint8_t type, MemoryRegion *memory)
 {
@@ -914,7 +902,6 @@ void pci_register_bar_region(PCIDevice *pci_dev, int 
region_num,
 r->size = size;
 r->filtered_size = size;
 r->type = type;
-r->map_func = pci_simple_bar_mapfunc_region;
 r->memory = NULL;
 
 wmask = ~(size - 1);
@@ -1102,10 +1089,16 @@ static void pci_update_mappings(PCIDevice *d)
  * addr & (size - 1) != 0.
  */
 if (r->type & PCI_BASE_ADDRESS_SPACE_IO) {
-r->map_func(d, i, r->addr, r->filtered_size, r->type);
+memory_region_add_subregion_overlap(r->address_space,
+r->addr,
+r->memory,
+1);
 } else {
-r->map_func(d, i, pci_to_cpu_addr(d->bus, r->addr),
-r->filtered_size, r->type);
+memory_region_add_subregion_overlap(r->address_space,
+pci_to_cpu_addr(d->bus,
+r->addr),
+r->memory,
+1);
 }
 }
 }
diff --git a/hw/pci.h b/hw/pci.h
index 8028176..8d1662a 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -92,7 +92,6 @@ typedef struct PCIIORegion {
 pcibus_t size;
 pcibus_t filtered_size;
 uint8_t type;
-PCIMapIORegionFunc *map_func;
 MemoryRegion *memory;
 MemoryRegion *address_space;
 } PCIIORegion;
-- 
1.7.5.3

[Qemu-devel] [PATCH 14/23] PPC: KVM: Add generic function to read host clockfreq

[Alexander Graf]

We need to find out the host's clock-frequency when running on KVM, so
let's export a respective function.

Signed-off-by: Alexander Graf 
---
 target-ppc/kvm.c |   65 ++
 target-ppc/kvm_ppc.h |1 +
 2 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 21f35af..13aa9ae 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -14,6 +14,7 @@
  *
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -38,6 +39,8 @@
 do { } while (0)
 #endif
 
+#define PROC_DEVTREE_CPU  "/proc/device-tree/cpus/"
+
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
@@ -509,6 +512,68 @@ uint32_t kvmppc_get_tbfreq(void)
 return retval;
 }
 
+/* Try to find a device tree node for a CPU with clock-frequency property */
+static int kvmppc_find_cpu_dt(char *buf, int buf_len)
+{
+struct dirent *dirp;
+DIR *dp;
+
+if ((dp = opendir(PROC_DEVTREE_CPU)) == NULL) {
+printf("Can't open directory " PROC_DEVTREE_CPU "\n");
+return -1;
+}
+
+buf[0] = '\0';
+while ((dirp = readdir(dp)) != NULL) {
+FILE *f;
+snprintf(buf, buf_len, "%s%s/clock-frequency", PROC_DEVTREE_CPU,
+ dirp->d_name);
+f = fopen(buf, "r");
+if (f) {
+snprintf(buf, buf_len, "%scpus/%s", PROC_DEVTREE_CPU, 
dirp->d_name);
+fclose(f);
+break;
+}
+buf[0] = '\0';
+}
+closedir(dp);
+if (buf[0] == '\0') {
+printf("Unknown host!\n");
+return -1;
+}
+
+return 0;
+}
+
+uint32_t kvmppc_get_clockfreq(void)
+{
+char buf[512];
+uint32_t tb;
+FILE *f;
+int len;
+
+if (kvmppc_find_cpu_dt(buf, sizeof(buf))) {
+return 0;
+}
+
+snprintf(buf, sizeof(buf), "%s/clock-frequency", buf);
+
+f = fopen(buf, "rb");
+if (!f) {
+return -1;
+}
+
+len = fread(&tb, sizeof(tb), 1, f);
+if (len != 1) {
+goto err;
+}
+
+return tb;
+err:
+fclose(f);
+return 0;
+}
+
 int kvmppc_get_hypercall(CPUState *env, uint8_t *buf, int buf_len)
 {
 uint32_t *hc = (uint32_t*)buf;
diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h
index 2f32249..1827a13 100644
--- a/target-ppc/kvm_ppc.h
+++ b/target-ppc/kvm_ppc.h
@@ -23,6 +23,7 @@ int kvmppc_read_host_property(const char *node_path, const 
char *prop,
 #endif
 
 uint32_t kvmppc_get_tbfreq(void);
+uint32_t kvmppc_get_clockfreq(void);
 int kvmppc_get_hypercall(CPUState *env, uint8_t *buf, int buf_len);
 int kvmppc_set_interrupt(CPUState *env, int irq, int level);
 
-- 
1.6.0.2

[Qemu-devel] [RFC v5 21/86] sysbus: add MemoryRegion based memory management API

[Avi Kivity]

Allow registering sysbus device memory using a MemoryRegion.  Once all users
are converted, sysbus_init_mmio() and sysbus_init_mmio_cb() will be removed.

Signed-off-by: Avi Kivity 
---
 hw/sysbus.c |   27 ---
 hw/sysbus.h |3 +++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/hw/sysbus.c b/hw/sysbus.c
index 2e22be7..ea442ac 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -19,6 +19,7 @@
 
 #include "sysbus.h"
 #include "monitor.h"
+#include "exec-memory.h"
 
 static void sysbus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *sysbus_get_fw_dev_path(DeviceState *dev);
@@ -49,11 +50,20 @@ void sysbus_mmio_map(SysBusDevice *dev, int n, 
target_phys_addr_t addr)
 }
 if (dev->mmio[n].addr != (target_phys_addr_t)-1) {
 /* Unregister previous mapping.  */
-cpu_register_physical_memory(dev->mmio[n].addr, dev->mmio[n].size,
- IO_MEM_UNASSIGNED);
+if (dev->mmio[n].memory) {
+memory_region_del_subregion(get_system_memory(),
+dev->mmio[n].memory);
+} else {
+cpu_register_physical_memory(dev->mmio[n].addr, dev->mmio[n].size,
+ IO_MEM_UNASSIGNED);
+}
 }
 dev->mmio[n].addr = addr;
-if (dev->mmio[n].cb) {
+if (dev->mmio[n].memory) {
+memory_region_add_subregion(get_system_memory(),
+addr,
+dev->mmio[n].memory);
+} else if (dev->mmio[n].cb) {
 dev->mmio[n].cb(dev, addr);
 } else {
 cpu_register_physical_memory(addr, dev->mmio[n].size,
@@ -107,6 +117,17 @@ void sysbus_init_mmio_cb(SysBusDevice *dev, 
target_phys_addr_t size,
 dev->mmio[n].cb = cb;
 }
 
+void sysbus_init_mmio_region(SysBusDevice *dev, MemoryRegion *memory)
+{
+int n;
+
+assert(dev->num_mmio < QDEV_MAX_MMIO);
+n = dev->num_mmio++;
+dev->mmio[n].addr = -1;
+dev->mmio[n].size = memory_region_size(memory);
+dev->mmio[n].memory = memory;
+}
+
 void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size)
 {
 pio_addr_t i;
diff --git a/hw/sysbus.h b/hw/sysbus.h
index 4e8cb16..5f62e2d 100644
--- a/hw/sysbus.h
+++ b/hw/sysbus.h
@@ -4,6 +4,7 @@
 /* Devices attached directly to the main system bus.  */
 
 #include "qdev.h"
+#include "memory.h"
 
 #define QDEV_MAX_MMIO 32
 #define QDEV_MAX_PIO 32
@@ -23,6 +24,7 @@ struct SysBusDevice {
 target_phys_addr_t size;
 mmio_mapfunc cb;
 ram_addr_t iofunc;
+MemoryRegion *memory;
 } mmio[QDEV_MAX_MMIO];
 int num_pio;
 pio_addr_t pio[QDEV_MAX_PIO];
@@ -46,6 +48,7 @@ void sysbus_init_mmio(SysBusDevice *dev, target_phys_addr_t 
size,
   ram_addr_t iofunc);
 void sysbus_init_mmio_cb(SysBusDevice *dev, target_phys_addr_t size,
 mmio_mapfunc cb);
+void sysbus_init_mmio_region(SysBusDevice *dev, MemoryRegion *memory);
 void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p);
 void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target);
 void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t 
size);
-- 
1.7.5.3

[Qemu-devel] [RFC v5 41/86] ivshmem: convert to memory API

[Avi Kivity]

excluding msix.

Signed-off-by: Avi Kivity 
---
 hw/ivshmem.c |  148 --
 1 files changed, 50 insertions(+), 98 deletions(-)

diff --git a/hw/ivshmem.c b/hw/ivshmem.c
index 3055dd2..f80e7b6 100644
--- a/hw/ivshmem.c
+++ b/hw/ivshmem.c
@@ -56,11 +56,15 @@ typedef struct IVShmemState {
 
 CharDriverState **eventfd_chr;
 CharDriverState *server_chr;
-int ivshmem_mmio_io_addr;
+MemoryRegion ivshmem_mmio;
 
 pcibus_t mmio_addr;
-pcibus_t shm_pci_addr;
-uint64_t ivshmem_offset;
+/* We might need to register the BAR before we actually have the memory.
+ * So prepare a container MemoryRegion for the BAR immediately and
+ * add a subregion when we have the memory.
+ */
+MemoryRegion bar;
+MemoryRegion ivshmem;
 uint64_t ivshmem_size; /* size of shared memory region */
 int shm_fd; /* shared memory file descriptor */
 
@@ -96,23 +100,6 @@ static inline bool is_power_of_two(uint64_t x) {
 return (x & (x - 1)) == 0;
 }
 
-static void ivshmem_map(PCIDevice *pci_dev, int region_num,
-pcibus_t addr, pcibus_t size, int type)
-{
-IVShmemState *s = DO_UPCAST(IVShmemState, dev, pci_dev);
-
-s->shm_pci_addr = addr;
-
-if (s->ivshmem_offset > 0) {
-cpu_register_physical_memory(s->shm_pci_addr, s->ivshmem_size,
-s->ivshmem_offset);
-}
-
-IVSHMEM_DPRINTF("guest pci addr = %" FMT_PCIBUS ", guest h/w addr = %"
-PRIu64 ", size = %" FMT_PCIBUS "\n", addr, s->ivshmem_offset, size);
-
-}
-
 /* accessing registers - based on rtl8139 */
 static void ivshmem_update_irq(IVShmemState *s, int val)
 {
@@ -168,15 +155,8 @@ static uint32_t ivshmem_IntrStatus_read(IVShmemState *s)
 return ret;
 }
 
-static void ivshmem_io_writew(void *opaque, target_phys_addr_t addr,
-uint32_t val)
-{
-
-IVSHMEM_DPRINTF("We shouldn't be writing words\n");
-}
-
-static void ivshmem_io_writel(void *opaque, target_phys_addr_t addr,
-uint32_t val)
+static void ivshmem_io_write(void *opaque, target_phys_addr_t addr,
+ uint64_t val, unsigned size)
 {
 IVShmemState *s = opaque;
 
@@ -219,20 +199,8 @@ static void ivshmem_io_writel(void *opaque, 
target_phys_addr_t addr,
 }
 }
 
-static void ivshmem_io_writeb(void *opaque, target_phys_addr_t addr,
-uint32_t val)
-{
-IVSHMEM_DPRINTF("We shouldn't be writing bytes\n");
-}
-
-static uint32_t ivshmem_io_readw(void *opaque, target_phys_addr_t addr)
-{
-
-IVSHMEM_DPRINTF("We shouldn't be reading words\n");
-return 0;
-}
-
-static uint32_t ivshmem_io_readl(void *opaque, target_phys_addr_t addr)
+static uint64_t ivshmem_io_read(void *opaque, target_phys_addr_t addr,
+unsigned size)
 {
 
 IVShmemState *s = opaque;
@@ -265,23 +233,14 @@ static uint32_t ivshmem_io_readl(void *opaque, 
target_phys_addr_t addr)
 return ret;
 }
 
-static uint32_t ivshmem_io_readb(void *opaque, target_phys_addr_t addr)
-{
-IVSHMEM_DPRINTF("We shouldn't be reading bytes\n");
-
-return 0;
-}
-
-static CPUReadMemoryFunc * const ivshmem_mmio_read[3] = {
-ivshmem_io_readb,
-ivshmem_io_readw,
-ivshmem_io_readl,
-};
-
-static CPUWriteMemoryFunc * const ivshmem_mmio_write[3] = {
-ivshmem_io_writeb,
-ivshmem_io_writew,
-ivshmem_io_writel,
+static const MemoryRegionOps ivshmem_mmio_ops = {
+.read = ivshmem_io_read,
+.write = ivshmem_io_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
 };
 
 static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
@@ -371,12 +330,12 @@ static void create_shared_memory_BAR(IVShmemState *s, int 
fd) {
 
 ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
 
-s->ivshmem_offset = qemu_ram_alloc_from_ptr(&s->dev.qdev, "ivshmem.bar2",
-s->ivshmem_size, ptr);
+memory_region_init_ram_ptr(&s->ivshmem, &s->dev.qdev, "ivshmem.bar2",
+   s->ivshmem_size, ptr);
+memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
 
 /* region for shared memory */
-pci_register_bar(&s->dev, 2, s->ivshmem_size,
-PCI_BASE_ADDRESS_SPACE_MEMORY, ivshmem_map);
+pci_register_bar_region(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, 
&s->bar);
 }
 
 static void close_guest_eventfds(IVShmemState *s, int posn)
@@ -401,8 +360,12 @@ static void setup_ioeventfds(IVShmemState *s) {
 
 for (i = 0; i <= s->max_peer; i++) {
 for (j = 0; j < s->peers[i].nb_eventfds; j++) {
-kvm_set_ioeventfd_mmio_long(s->peers[i].eventfds[j],
-s->m

[Qemu-devel] [PATCH 25/55] ide/atapi: Switch from BlockDriverState's locked to own tray_locked

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 hw/ide/atapi.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 8634e6b..237657f 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -777,8 +777,9 @@ static void cmd_mode_sense(IDEState *s, uint8_t *buf)
 buf[12] = 0x71;
 buf[13] = 3 << 5;
 buf[14] = (1 << 0) | (1 << 3) | (1 << 5);
-if (bdrv_is_locked(s->bs))
+if (s->tray_locked) {
 buf[6] |= 1 << 1;
+}
 buf[15] = 0x00;
 cpu_to_ube16(&buf[16], 706);
 buf[18] = 0;
-- 
1.7.2.3

[Qemu-devel] [RFC v5 66/86] arm_sysctl: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/arm_sysctl.c |   27 ++-
 1 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index 9225b58..ee90aff 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -17,6 +17,7 @@
 
 typedef struct {
 SysBusDevice busdev;
+MemoryRegion iomem;
 uint32_t sys_id;
 uint32_t leds;
 uint16_t lockval;
@@ -80,7 +81,8 @@ static void arm_sysctl_reset(DeviceState *d)
 s->resetlevel = 0;
 }
 
-static uint32_t arm_sysctl_read(void *opaque, target_phys_addr_t offset)
+static uint64_t arm_sysctl_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
 {
 arm_sysctl_state *s = (arm_sysctl_state *)opaque;
 
@@ -177,7 +179,7 @@ static uint32_t arm_sysctl_read(void *opaque, 
target_phys_addr_t offset)
 }
 
 static void arm_sysctl_write(void *opaque, target_phys_addr_t offset,
-  uint32_t val)
+ uint64_t val, unsigned size)
 {
 arm_sysctl_state *s = (arm_sysctl_state *)opaque;
 
@@ -284,16 +286,10 @@ static void arm_sysctl_write(void *opaque, 
target_phys_addr_t offset,
 }
 }
 
-static CPUReadMemoryFunc * const arm_sysctl_readfn[] = {
-   arm_sysctl_read,
-   arm_sysctl_read,
-   arm_sysctl_read
-};
-
-static CPUWriteMemoryFunc * const arm_sysctl_writefn[] = {
-   arm_sysctl_write,
-   arm_sysctl_write,
-   arm_sysctl_write
+static const MemoryRegionOps arm_sysctl_ops = {
+.read = arm_sysctl_read,
+.write = arm_sysctl_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static void arm_sysctl_gpio_set(void *opaque, int line, int level)
@@ -327,12 +323,9 @@ static void arm_sysctl_gpio_set(void *opaque, int line, 
int level)
 static int arm_sysctl_init1(SysBusDevice *dev)
 {
 arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, dev);
-int iomemtype;
 
-iomemtype = cpu_register_io_memory(arm_sysctl_readfn,
-   arm_sysctl_writefn, s,
-   DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x1000, iomemtype);
+memory_region_init_io(&s->iomem, &arm_sysctl_ops, s, "arm-sysctl", 0x1000);
+sysbus_init_mmio_region(dev, &s->iomem);
 qdev_init_gpio_in(&s->busdev.qdev, arm_sysctl_gpio_set, 2);
 /* ??? Save/restore.  */
 return 0;
-- 
1.7.5.3

[Qemu-devel] [RFC v5 30/86] cirrus: simplify linear framebuffer access functions

[Avi Kivity]

Make use of the memory API's ability to satisfy multi-byte accesses via
multiple single-byte accesses.

Signed-off-by: Avi Kivity 
---
 hw/cirrus_vga.c |   74 ++-
 1 files changed, 8 insertions(+), 66 deletions(-)

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index 472f153..703708c 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -2249,7 +2249,8 @@ static void cirrus_cursor_draw_line(VGACommonState *s1, 
uint8_t *d1, int scr_y)
  *
  ***/
 
-static uint32_t cirrus_linear_readb(void *opaque, target_phys_addr_t addr)
+static uint64_t cirrus_linear_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 CirrusVGAState *s = opaque;
 uint32_t ret;
@@ -2277,28 +2278,8 @@ static uint32_t cirrus_linear_readb(void *opaque, 
target_phys_addr_t addr)
 return ret;
 }
 
-static uint32_t cirrus_linear_readw(void *opaque, target_phys_addr_t addr)
-{
-uint32_t v;
-
-v = cirrus_linear_readb(opaque, addr);
-v |= cirrus_linear_readb(opaque, addr + 1) << 8;
-return v;
-}
-
-static uint32_t cirrus_linear_readl(void *opaque, target_phys_addr_t addr)
-{
-uint32_t v;
-
-v = cirrus_linear_readb(opaque, addr);
-v |= cirrus_linear_readb(opaque, addr + 1) << 8;
-v |= cirrus_linear_readb(opaque, addr + 2) << 16;
-v |= cirrus_linear_readb(opaque, addr + 3) << 24;
-return v;
-}
-
-static void cirrus_linear_writeb(void *opaque, target_phys_addr_t addr,
-uint32_t val)
+static void cirrus_linear_write(void *opaque, target_phys_addr_t addr,
+uint64_t val, unsigned size)
 {
 CirrusVGAState *s = opaque;
 unsigned mode;
@@ -2338,49 +2319,6 @@ static void cirrus_linear_writeb(void *opaque, 
target_phys_addr_t addr,
 }
 }
 
-static void cirrus_linear_writew(void *opaque, target_phys_addr_t addr,
-uint32_t val)
-{
-cirrus_linear_writeb(opaque, addr, val & 0xff);
-cirrus_linear_writeb(opaque, addr + 1, (val >> 8) & 0xff);
-}
-
-static void cirrus_linear_writel(void *opaque, target_phys_addr_t addr,
-uint32_t val)
-{
-cirrus_linear_writeb(opaque, addr, val & 0xff);
-cirrus_linear_writeb(opaque, addr + 1, (val >> 8) & 0xff);
-cirrus_linear_writeb(opaque, addr + 2, (val >> 16) & 0xff);
-cirrus_linear_writeb(opaque, addr + 3, (val >> 24) & 0xff);
-}
-
-
-static uint64_t cirrus_linear_read(void *opaque, target_phys_addr_t addr,
-   unsigned size)
-{
-CirrusVGAState *s = opaque;
-
-switch (size) {
-case 1: return cirrus_linear_readb(s, addr);
-case 2: return cirrus_linear_readw(s, addr);
-case 4: return cirrus_linear_readl(s, addr);
-default: abort();
-}
-}
-
-static void cirrus_linear_write(void *opaque, target_phys_addr_t addr,
-uint64_t data, unsigned size)
-{
-CirrusVGAState *s = opaque;
-
-switch (size) {
-case 1: return cirrus_linear_writeb(s, addr, data);
-case 2: return cirrus_linear_writew(s, addr, data);
-case 4: return cirrus_linear_writel(s, addr, data);
-default: abort();
-}
-}
-
 /***
  *
  *  system to screen memory access
@@ -2860,6 +2798,10 @@ static const MemoryRegionOps cirrus_linear_io_ops = {
 .read = cirrus_linear_read,
 .write = cirrus_linear_write,
 .endianness = DEVICE_LITTLE_ENDIAN,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
 };
 
 static void cirrus_init_common(CirrusVGAState * s, int device_id, int is_pci)
-- 
1.7.5.3

[Qemu-devel] [PATCH 02/23] PPC: Move openpic to target specific code compilation

[Alexander Graf]

The MPIC has some funny feature where it maps different registers to an MMIO
region depending which CPU accesses them.

To be able to reflect that, we need to make OpenPIC be compiled in the target
code, so it can access cpu_single_env.

Signed-off-by: Alexander Graf 
---
 Makefile.objs   |1 -
 Makefile.target |2 ++
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index c43ed05..6ab8247 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -207,7 +207,6 @@ hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o 
ccid-card-passthru.o
 hw-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
 
 # PPC devices
-hw-obj-$(CONFIG_OPENPIC) += openpic.o
 hw-obj-$(CONFIG_PREP_PCI) += prep_pci.o
 # Mac shared devices
 hw-obj-$(CONFIG_MACIO) += macio.o
diff --git a/Makefile.target b/Makefile.target
index e20a313..0568d05 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -255,6 +255,8 @@ obj-ppc-y += ppce500_mpc8544ds.o mpc8544_guts.o
 obj-ppc-y += virtex_ml507.o
 obj-ppc-$(CONFIG_KVM) += kvm_ppc.o
 obj-ppc-$(CONFIG_FDT) += device_tree.o
+# PowerPC OpenPIC
+obj-ppc-y += openpic.o
 
 # Xilinx PPC peripherals
 obj-ppc-y += xilinx_intc.o
-- 
1.6.0.2

[Qemu-devel] [PATCH 53/55] nbd: Clean up use of block_int.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 block/nbd.c |1 +
 nbd.c   |1 +
 nbd.h   |2 --
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/nbd.c b/block/nbd.c
index 7a52f62..2e365ac 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -28,6 +28,7 @@
 
 #include "qemu-common.h"
 #include "nbd.h"
+#include "block_int.h"
 #include "module.h"
 #include "qemu_socket.h"
 
diff --git a/nbd.c b/nbd.c
index 0dcd86b..c40100d 100644
--- a/nbd.c
+++ b/nbd.c
@@ -17,6 +17,7 @@
  */
 
 #include "nbd.h"
+#include "block.h"
 
 #include 
 #include 
diff --git a/nbd.h b/nbd.h
index b38d0d0..5f87a7d 100644
--- a/nbd.h
+++ b/nbd.h
@@ -23,8 +23,6 @@
 
 #include 
 
-#include "block_int.h"
-
 struct nbd_request {
 uint32_t magic;
 uint32_t type;
-- 
1.7.2.3

Re: [Qemu-devel] [PATCH] Remove debugging messages.

[Richard W.M. Jones]

On Wed, Jul 20, 2011 at 07:51:29AM -0500, Anthony Liguori wrote:
> Given the large number of reports we've gotten in the past where
> poor performance was caused by the expectation that a user had KVM
> enabled and really didn't, I think it's more important to
> overcommunicate to the user here.
> 
> If in the case of libguestfs, you think this isn't something a user
> should worry about, you can just filter out the message before it
> hits stderr.

That's what we're now doing.

But what's the rationale here?  For instance, qemu 0.15 is also
printing:

  qemu: terminating on signal 15 from pid 9617

which I guess is interesting, but unlikely to be useful for users.

Is qemu now noisy by default?  Is any old debug message that a user
might find interesting fair game?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top

[Qemu-devel] [RFC v5 05/86] Internal interfaces for memory API

[Avi Kivity]

get_system_memory() provides the root of the memory hierarchy.

This interface is intended to be private between memory.c and exec.c.
If this file is included elsewhere, it should be regarded as a bug (or
TODO item).  However, it will be temporarily needed for the conversion
to hierarchical memory routing.

Signed-off-by: Avi Kivity 
---
 exec-memory.h |   23 +++
 memory.c  |7 +++
 2 files changed, 30 insertions(+), 0 deletions(-)
 create mode 100644 exec-memory.h

diff --git a/exec-memory.h b/exec-memory.h
new file mode 100644
index 000..7eb9085
--- /dev/null
+++ b/exec-memory.h
@@ -0,0 +1,23 @@
+#ifndef EXEC_MEMORY_H
+#define EXEC_MEMORY_H
+
+/*
+ * Internal interfaces between memory.c/exec.c/vl.c.  Do not #include unless
+ * you're one of them.
+ */
+
+#include "memory.h"
+
+#ifndef CONFIG_USER_ONLY
+
+/* Get the root memory region.  This interface should only be used temporarily
+ * until a proper bus interface is available.
+ */
+MemoryRegion *get_system_memory(void);
+
+/* Set the root memory region.  This region is the system memory map. */
+void set_system_memory_map(MemoryRegion *mr);
+
+#endif
+
+#endif
diff --git a/memory.c b/memory.c
index 339bea3..48470d2 100644
--- a/memory.c
+++ b/memory.c
@@ -12,6 +12,7 @@
  */
 
 #include "memory.h"
+#include "exec-memory.h"
 #include 
 
 typedef struct AddrRange AddrRange;
@@ -698,3 +699,9 @@ void memory_region_del_subregion(MemoryRegion *mr,
 QTAILQ_REMOVE(&mr->subregions, subregion, subregions_link);
 memory_region_update_topology();
 }
+
+void set_system_memory_map(MemoryRegion *mr)
+{
+root_memory_region = mr;
+memory_region_update_topology();
+}
-- 
1.7.5.3

Re: [Qemu-devel] [RFC v4 11/58] memory: add ioeventfd support

[Blue Swirl]

On Sun, Jul 17, 2011 at 2:13 PM, Avi Kivity  wrote:
> As with the rest of the memory API, the caller associates an eventfd
> with an address, and the memory API takes care of registering or
> unregistering when the address is made visible or invisible to the
> guest.
>
> Signed-off-by: Avi Kivity 
> ---
>  memory.c |  218 
> ++
>  memory.h |   20 ++
>  2 files changed, 238 insertions(+), 0 deletions(-)
>
> diff --git a/memory.c b/memory.c
> index e4446a0..cc5a0a4 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -15,6 +15,7 @@
>  #include "exec-memory.h"
>  #include "ioport.h"
>  #include "bitops.h"
> +#include "kvm.h"
>  #include 
>
>  typedef struct AddrRange AddrRange;
> @@ -64,6 +65,38 @@ struct CoalescedMemoryRange {
>     QTAILQ_ENTRY(CoalescedMemoryRange) link;
>  };
>
> +struct MemoryRegionIoeventfd {
> +    AddrRange addr;
> +    bool match_data;
> +    uint64_t data;
> +    int fd;
> +};
> +
> +static bool memory_region_ioeventfd_before(MemoryRegionIoeventfd a,
> +                                           MemoryRegionIoeventfd b)
> +{
> +    if (a.addr.start < b.addr.start) return true;
> +    if (a.addr.start > b.addr.start) return false;
> +    if (a.addr.size < b.addr.size) return true;
> +    if (a.addr.size > b.addr.size) return false;
> +    if (a.match_data < b.match_data) return true;
> +    if (a.match_data > b.match_data) return false;
> +    if (a.match_data) {
> +        if (a.data < b.data) return true;
> +        if (a.data > b.data) return false;
> +    }
> +    if (a.fd < b.fd) return true;
> +    if (a.fd > b.fd) return false;

NACK for CODING_STYLE.

> +    return false;
> +}
> +
> +static bool memory_region_ioeventfd_equal(MemoryRegionIoeventfd a,
> +                                          MemoryRegionIoeventfd b)
> +{
> +    return !memory_region_ioeventfd_before(a, b)
> +        && !memory_region_ioeventfd_before(b, a);
> +}
> +
>  typedef struct FlatRange FlatRange;
>  typedef struct FlatView FlatView;
>
> @@ -92,6 +125,8 @@ struct AddressSpace {
>     const AddressSpaceOps *ops;
>     MemoryRegion *root;
>     FlatView current_map;
> +    int ioeventfd_nb;
> +    MemoryRegionIoeventfd *ioeventfds;
>  };
>
>  struct AddressSpaceOps {
> @@ -99,6 +134,8 @@ struct AddressSpaceOps {
>     void (*range_del)(AddressSpace *as, FlatRange *fr);
>     void (*log_start)(AddressSpace *as, FlatRange *fr);
>     void (*log_stop)(AddressSpace *as, FlatRange *fr);
> +    void (*ioeventfd_add)(AddressSpace *as, MemoryRegionIoeventfd *fd);
> +    void (*ioeventfd_del)(AddressSpace *as, MemoryRegionIoeventfd *fd);
>  };
>
>  #define FOR_EACH_FLAT_RANGE(var, view)          \
> @@ -201,11 +238,37 @@ static void as_memory_log_stop(AddressSpace *as, 
> FlatRange *fr)
>     cpu_physical_log_stop(fr->addr.start, fr->addr.size);
>  }
>
> +static void as_memory_ioeventfd_add(AddressSpace *as, MemoryRegionIoeventfd 
> *fd)
> +{
> +    int r;
> +
> +    if (!fd->match_data || fd->addr.size != 4) {
> +        abort();
> +    }
> +
> +    r = kvm_set_ioeventfd_mmio_long(fd->fd, fd->addr.start, fd->data, true);
> +    if (r < 0) {
> +        abort();
> +    }
> +}
> +
> +static void as_memory_ioeventfd_del(AddressSpace *as, MemoryRegionIoeventfd 
> *fd)
> +{
> +    int r;
> +
> +    r = kvm_set_ioeventfd_mmio_long(fd->fd, fd->addr.start, fd->data, false);
> +    if (r < 0) {
> +        abort();
> +    }
> +}
> +
>  static const AddressSpaceOps address_space_ops_memory = {
>     .range_add = as_memory_range_add,
>     .range_del = as_memory_range_del,
>     .log_start = as_memory_log_start,
>     .log_stop = as_memory_log_stop,
> +    .ioeventfd_add = as_memory_ioeventfd_add,
> +    .ioeventfd_del = as_memory_ioeventfd_del,
>  };
>
>  static AddressSpace address_space_memory = {
> @@ -281,9 +344,35 @@ static void as_io_range_del(AddressSpace *as, FlatRange 
> *fr)
>     isa_unassign_ioport(fr->addr.start, fr->addr.size);
>  }
>
> +static void as_io_ioeventfd_add(AddressSpace *as, MemoryRegionIoeventfd *fd)
> +{
> +    int r;
> +
> +    if (!fd->match_data || fd->addr.size != 2) {
> +        abort();
> +    }
> +
> +    r = kvm_set_ioeventfd_pio_word(fd->fd, fd->addr.start, fd->data, true);
> +    if (r < 0) {
> +        abort();
> +    }
> +}
> +
> +static void as_io_ioeventfd_del(AddressSpace *as, MemoryRegionIoeventfd *fd)
> +{
> +    int r;
> +
> +    r = kvm_set_ioeventfd_pio_word(fd->fd, fd->addr.start, fd->data, false);
> +    if (r < 0) {
> +        abort();
> +    }
> +}
> +
>  static const AddressSpaceOps address_space_ops_io = {
>     .range_add = as_io_range_add,
>     .range_del = as_io_range_del,
> +    .ioeventfd_add = as_io_ioeventfd_add,
> +    .ioeventfd_del = as_io_ioeventfd_del,
>  };
>
>  static AddressSpace address_space_io = {
> @@ -382,6 +471,69 @@ static FlatView generate_memory_topology(MemoryRegion 
> *mr)
>     return view;
>  }
>
> +static void address_space_add_del_ioeventfds(AddressSpace *as,
> +                    

[Qemu-devel] [RFC v5 52/86] ehci: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/usb-ehci.c |   36 +---
 1 files changed, 9 insertions(+), 27 deletions(-)

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index a4758f9..95d12e0 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -368,8 +368,7 @@ struct EHCIState {
 PCIDevice dev;
 USBBus bus;
 qemu_irq irq;
-target_phys_addr_t mem_base;
-int mem;
+MemoryRegion mem;
 int companion_count;
 
 /* properties */
@@ -2207,29 +2206,15 @@ static void ehci_frame_timer(void *opaque)
 qemu_mod_timer(ehci->frame_timer, expire_time);
 }
 
-static CPUReadMemoryFunc *ehci_readfn[3]={
-ehci_mem_readb,
-ehci_mem_readw,
-ehci_mem_readl
-};
 
-static CPUWriteMemoryFunc *ehci_writefn[3]={
-ehci_mem_writeb,
-ehci_mem_writew,
-ehci_mem_writel
+static const MemoryRegionOps ehci_mem_ops = {
+.old_mmio = {
+.read = { ehci_mem_readb, ehci_mem_readw, ehci_mem_readl },
+.write = { ehci_mem_writeb, ehci_mem_writew, ehci_mem_writel },
+},
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
-static void ehci_map(PCIDevice *pci_dev, int region_num,
- pcibus_t addr, pcibus_t size, int type)
-{
-EHCIState *s =(EHCIState *)pci_dev;
-
-DPRINTF("ehci_map: region %d, addr %08" PRIx64 ", size %" PRId64 ", s->mem 
%08X\n",
-region_num, addr, size, s->mem);
-s->mem_base = addr;
-cpu_register_physical_memory(addr, size, s->mem);
-}
-
 static int usb_ehci_initfn(PCIDevice *dev);
 
 static USBPortOps ehci_port_ops = {
@@ -2337,11 +2322,8 @@ static int usb_ehci_initfn(PCIDevice *dev)
 
 qemu_register_reset(ehci_reset, s);
 
-s->mem = cpu_register_io_memory(ehci_readfn, ehci_writefn, s,
-DEVICE_LITTLE_ENDIAN);
-
-pci_register_bar(&s->dev, 0, MMIO_SIZE, PCI_BASE_ADDRESS_SPACE_MEMORY,
-ehci_map);
+memory_region_init_io(&s->mem, &ehci_mem_ops, s, "ehci", MMIO_SIZE);
+pci_register_bar_region(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, 
&s->mem);
 
 fprintf(stderr, "*** EHCI support is under development ***\n");
 
-- 
1.7.5.3

[Qemu-devel] [RFC v5 13/86] memory: separate building the final memory map into two steps

[Avi Kivity]

Instead of adding and deleting regions in one pass, do a delete
pass followed by an add pass.  This fixes the following case:

from:
  0x-0x0fff ram  (a1)
  0x1000-0x1fff mmio (a2)
  0x2000-0x2fff ram  (a3)

to:
  0x-0x2fff ram  (b1)

The single pass algorithm removed a1, added b2, then removed a2 and a2,
which caused the wrong memory map to be built.  The two pass algorithm
removes a1, a2, and a3, then adds b1.

Signed-off-by: Avi Kivity 
---
 memory.c |   38 +-
 1 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/memory.c b/memory.c
index cc5a0a4..a8d4295 100644
--- a/memory.c
+++ b/memory.c
@@ -534,10 +534,11 @@ static void address_space_update_ioeventfds(AddressSpace 
*as)
 as->ioeventfd_nb = ioeventfd_nb;
 }
 
-static void address_space_update_topology(AddressSpace *as)
+static void address_space_update_topology_pass(AddressSpace *as,
+   FlatView old_view,
+   FlatView new_view,
+   bool adding)
 {
-FlatView old_view = as->current_map;
-FlatView new_view = generate_memory_topology(as->root);
 unsigned iold, inew;
 FlatRange *frold, *frnew;
 
@@ -564,15 +565,20 @@ static void address_space_update_topology(AddressSpace 
*as)
 && !flatrange_equal(frold, frnew {
 /* In old, but (not in new, or in new but attributes changed). */
 
-as->ops->range_del(as, frold);
+if (!adding) {
+as->ops->range_del(as, frold);
+}
+
 ++iold;
 } else if (frold && frnew && flatrange_equal(frold, frnew)) {
 /* In both (logging may have changed) */
 
-if (frold->dirty_log_mask && !frnew->dirty_log_mask) {
-as->ops->log_stop(as, frnew);
-} else if (frnew->dirty_log_mask && !frold->dirty_log_mask) {
-as->ops->log_start(as, frnew);
+if (adding) {
+if (frold->dirty_log_mask && !frnew->dirty_log_mask) {
+as->ops->log_stop(as, frnew);
+} else if (frnew->dirty_log_mask && !frold->dirty_log_mask) {
+as->ops->log_start(as, frnew);
+}
 }
 
 ++iold;
@@ -580,10 +586,24 @@ static void address_space_update_topology(AddressSpace 
*as)
 } else {
 /* In new */
 
-as->ops->range_add(as, frnew);
+if (adding) {
+as->ops->range_add(as, frnew);
+}
+
 ++inew;
 }
 }
+}
+
+
+static void address_space_update_topology(AddressSpace *as)
+{
+FlatView old_view = as->current_map;
+FlatView new_view = generate_memory_topology(as->root);
+
+address_space_update_topology_pass(as, old_view, new_view, false);
+address_space_update_topology_pass(as, old_view, new_view, true);
+
 as->current_map = new_view;
 flatview_destroy(&old_view);
 address_space_update_ioeventfds(as);
-- 
1.7.5.3

[Qemu-devel] [RFC v5 32/86] exec.c: fix initialization of system I/O memory region

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 exec.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/exec.c b/exec.c
index 81fd6f4..d1c27b2 100644
--- a/exec.c
+++ b/exec.c
@@ -3822,7 +3822,7 @@ static void memory_map_init(void)
 set_system_memory_map(system_memory);
 
 system_io = qemu_malloc(sizeof(*system_io));
-memory_region_init(system_memory, "io", 65536);
+memory_region_init(system_io, "io", 65536);
 set_system_io_map(system_io);
 }
 
-- 
1.7.5.3

[Qemu-devel] [PATCH 04/23] PPC: Add CPU local MMIO regions to MPIC

[Alexander Graf]

The MPIC exports a register set for each CPU connected to it. They can all
be accessed through specific registers or using a shadow page that is mapped
differently depending on which CPU accesses it.

This patch implements the shadow map, making it possible for guests to access
the CPU local registers using the same address on each CPU.

Signed-off-by: Alexander Graf 
---
 hw/openpic.c |  110 ++
 1 files changed, 72 insertions(+), 38 deletions(-)

diff --git a/hw/openpic.c b/hw/openpic.c
index 6d2cf99..491bfee 100644
--- a/hw/openpic.c
+++ b/hw/openpic.c
@@ -2,6 +2,7 @@
  * OpenPIC emulation
  *
  * Copyright (c) 2004 Jocelyn Mayer
+ *   2011 Alexander Graf
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to 
deal
@@ -161,6 +162,16 @@ static inline int test_bit (uint32_t *field, int bit)
 return (field[bit >> 5] & 1 << (bit & 0x1F)) != 0;
 }
 
+static int get_current_cpu(void)
+{
+  return cpu_single_env->cpu_index;
+}
+
+static uint32_t openpic_cpu_read_internal(void *opaque, target_phys_addr_t 
addr,
+  int idx);
+static void openpic_cpu_write_internal(void *opaque, target_phys_addr_t addr,
+   uint32_t val, int idx);
+
 enum {
 IRQ_EXTERNAL = 0x01,
 IRQ_INTERNAL = 0x02,
@@ -590,18 +601,27 @@ static void openpic_gbl_write (void *opaque, 
target_phys_addr_t addr, uint32_t v
 DPRINTF("%s: addr " TARGET_FMT_plx " <= %08x\n", __func__, addr, val);
 if (addr & 0xF)
 return;
-addr &= 0xFF;
 switch (addr) {
-case 0x00: /* FREP */
+case 0x40:
+case 0x50:
+case 0x60:
+case 0x70:
+case 0x80:
+case 0x90:
+case 0xA0:
+case 0xB0:
+openpic_cpu_write_internal(opp, addr, val, get_current_cpu());
+break;
+case 0x1000: /* FREP */
 break;
-case 0x20: /* GLBC */
+case 0x1020: /* GLBC */
 if (val & 0x8000 && opp->reset)
 opp->reset(opp);
 opp->glbc = val & ~0x8000;
 break;
-case 0x80: /* VENI */
+case 0x1080: /* VENI */
 break;
-case 0x90: /* PINT */
+case 0x1090: /* PINT */
 for (idx = 0; idx < opp->nb_cpus; idx++) {
 if ((val & (1 << idx)) && !(opp->pint & (1 << idx))) {
 DPRINTF("Raise OpenPIC RESET output for CPU %d\n", idx);
@@ -615,22 +635,20 @@ static void openpic_gbl_write (void *opaque, 
target_phys_addr_t addr, uint32_t v
 }
 opp->pint = val;
 break;
-#if MAX_IPI > 0
-case 0xA0: /* IPI_IPVP */
-case 0xB0:
-case 0xC0:
-case 0xD0:
+case 0x10A0: /* IPI_IPVP */
+case 0x10B0:
+case 0x10C0:
+case 0x10D0:
 {
 int idx;
-idx = (addr - 0xA0) >> 4;
+idx = (addr - 0x10A0) >> 4;
 write_IRQreg(opp, opp->irq_ipi0 + idx, IRQ_IPVP, val);
 }
 break;
-#endif
-case 0xE0: /* SPVE */
+case 0x10E0: /* SPVE */
 opp->spve = val & 0x00FF;
 break;
-case 0xF0: /* TIFR */
+case 0x10F0: /* TIFR */
 opp->tifr = val;
 break;
 default:
@@ -647,36 +665,43 @@ static uint32_t openpic_gbl_read (void *opaque, 
target_phys_addr_t addr)
 retval = 0x;
 if (addr & 0xF)
 return retval;
-addr &= 0xFF;
 switch (addr) {
-case 0x00: /* FREP */
+case 0x1000: /* FREP */
 retval = opp->frep;
 break;
-case 0x20: /* GLBC */
+case 0x1020: /* GLBC */
 retval = opp->glbc;
 break;
-case 0x80: /* VENI */
+case 0x1080: /* VENI */
 retval = opp->veni;
 break;
-case 0x90: /* PINT */
+case 0x1090: /* PINT */
 retval = 0x;
 break;
-#if MAX_IPI > 0
-case 0xA0: /* IPI_IPVP */
+case 0x40:
+case 0x50:
+case 0x60:
+case 0x70:
+case 0x80:
+case 0x90:
+case 0xA0:
 case 0xB0:
-case 0xC0:
-case 0xD0:
+retval = openpic_cpu_read_internal(opp, addr, get_current_cpu());
+break;
+case 0x10A0: /* IPI_IPVP */
+case 0x10B0:
+case 0x10C0:
+case 0x10D0:
 {
 int idx;
-idx = (addr - 0xA0) >> 4;
+idx = (addr - 0x10A0) >> 4;
 retval = read_IRQreg(opp, opp->irq_ipi0 + idx, IRQ_IPVP);
 }
 break;
-#endif
-case 0xE0: /* SPVE */
+case 0x10E0: /* SPVE */
 retval = opp->spve;
 break;
-case 0xF0: /* TIFR */
+case 0x10F0: /* TIFR */
 retval = opp->tifr;
 break;
 default:
@@ -794,23 +819,23 @@ static uint32_t openpic_src_read (void *opaque, uint32_t 
addr)
 return retval;
 }
 
-static void openpic_cpu_write (void *opaque, target_phys_addr_t addr, uint32_t 
val)
+static void openpic_cpu_write_internal(void *opaque, target_phys_addr_t addr

[Qemu-devel] [RFC v5 77/86] sysbus: add a variant of sysbus_init_mmio_cb with an unmap callback

[Avi Kivity]

sysbus_init_mmio_cb() uses the destructive IO_MEM_UNASSIGNED to remove a
region.  Provide an alternative that calls an unmap callback, so the removal
may be done non-destructively.

Signed-off-by: Avi Kivity 
---
 hw/sysbus.c |   15 +++
 hw/sysbus.h |3 +++
 2 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/hw/sysbus.c b/hw/sysbus.c
index ea442ac..64749e0 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -53,6 +53,8 @@ void sysbus_mmio_map(SysBusDevice *dev, int n, 
target_phys_addr_t addr)
 if (dev->mmio[n].memory) {
 memory_region_del_subregion(get_system_memory(),
 dev->mmio[n].memory);
+} else if (dev->mmio[n].unmap) {
+dev->mmio[n].unmap(dev, dev->mmio[n].addr);
 } else {
 cpu_register_physical_memory(dev->mmio[n].addr, dev->mmio[n].size,
  IO_MEM_UNASSIGNED);
@@ -117,6 +119,19 @@ void sysbus_init_mmio_cb(SysBusDevice *dev, 
target_phys_addr_t size,
 dev->mmio[n].cb = cb;
 }
 
+void sysbus_init_mmio_cb2(SysBusDevice *dev,
+  mmio_mapfunc cb, mmio_mapfunc unmap)
+{
+int n;
+
+assert(dev->num_mmio < QDEV_MAX_MMIO);
+n = dev->num_mmio++;
+dev->mmio[n].addr = -1;
+dev->mmio[n].size = 0;
+dev->mmio[n].cb = cb;
+dev->mmio[n].unmap = unmap;
+}
+
 void sysbus_init_mmio_region(SysBusDevice *dev, MemoryRegion *memory)
 {
 int n;
diff --git a/hw/sysbus.h b/hw/sysbus.h
index 5f62e2d..16fd969 100644
--- a/hw/sysbus.h
+++ b/hw/sysbus.h
@@ -23,6 +23,7 @@ struct SysBusDevice {
 target_phys_addr_t addr;
 target_phys_addr_t size;
 mmio_mapfunc cb;
+mmio_mapfunc unmap;
 ram_addr_t iofunc;
 MemoryRegion *memory;
 } mmio[QDEV_MAX_MMIO];
@@ -48,6 +49,8 @@ void sysbus_init_mmio(SysBusDevice *dev, target_phys_addr_t 
size,
   ram_addr_t iofunc);
 void sysbus_init_mmio_cb(SysBusDevice *dev, target_phys_addr_t size,
 mmio_mapfunc cb);
+void sysbus_init_mmio_cb2(SysBusDevice *dev,
+  mmio_mapfunc cb, mmio_mapfunc unmap);
 void sysbus_init_mmio_region(SysBusDevice *dev, MemoryRegion *memory);
 void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p);
 void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target);
-- 
1.7.5.3

[Qemu-devel] [PATCH 22/55] block: Drop tray status tracking, no longer used

[Markus Armbruster]

Commit 4be9762a is now completely redone.

Signed-off-by: Markus Armbruster 
---
 block.c |1 -
 block_int.h |1 -
 2 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index 2b1eb4d..ba24bf1 100644
--- a/block.c
+++ b/block.c
@@ -2775,7 +2775,6 @@ int bdrv_eject(BlockDriverState *bs, int eject_flag)
 if (drv && drv->bdrv_eject) {
 drv->bdrv_eject(bs, eject_flag);
 }
-bs->tray_open = eject_flag;
 return 0;
 }
 
diff --git a/block_int.h b/block_int.h
index 2d9edcf..b142dee 100644
--- a/block_int.h
+++ b/block_int.h
@@ -148,7 +148,6 @@ struct BlockDriverState {
 int open_flags; /* flags used to open the file, re-used for re-open */
 int removable; /* if true, the media can be removed */
 int locked;/* if true, the media cannot temporarily be ejected */
-int tray_open; /* if true, the virtual tray is open */
 int encrypted; /* if true, the media is encrypted */
 int valid_key; /* if true, a valid encryption key has been set */
 int sg;/* if true, the device is a /dev/sg* */
-- 
1.7.2.3

[Qemu-devel] [PATCH] m68k: Add uc5282 machine

[Joel Sherrill]

From: Till Straumann 

Add m68k machine support for Arcturus Networks
Inc. uC5282 board.  Also include

a fix for the FEC ethernet controller.

Signed-off-by: Joel Sherrill 
---

This patch has been previously submitted and ignored.
The RTEMS Project has been using this patch since at
least 2009 with various qemu versions back to 0.11.x
This patch has been previously submitted and ignored.

http://lists.nongnu.org/archive/html/qemu-devel/2009-09/msg00811.html
http://lists.nongnu.org/archive/html/qemu-devel/2009-09/msg00353.html

We would greatly appreciate this getting merged.


diff --git a/hw/mcf.h b/hw/mcf.h
index 91f2821..e464734 100644
--- a/hw/mcf.h
+++ b/hw/mcf.h
@@ -10,7 +10,7 @@ void mcf_uart_mm_init(target_phys_addr_t base, 
qemu_irq irq,

   CharDriverState *chr);

 /* mcf_intc.c */
-qemu_irq *mcf_intc_init(target_phys_addr_t base, CPUState *env);
+qemu_irq *mcf_intc_init(target_phys_addr_t base, CPUState *env, int 
is_uc5282);


 /* mcf_fec.c */
 void mcf_fec_init(NICInfo *nd, target_phys_addr_t base, qemu_irq *irq);
diff --git a/hw/mcf5208.c b/hw/mcf5208.c
index 17a692d..ad52dff 100644
--- a/hw/mcf5208.c
+++ b/hw/mcf5208.c
@@ -197,6 +197,60 @@ static void mcf5208_sys_init(qemu_irq *pic)
 }
 }

+static uint32_t m5208_resetc_read(void *opaque, target_phys_addr_t addr)
+{
+switch (addr) {
+case 0x0: /* RCR */
+case 0x1: /* RSR */
+return 0;
+
+default:
+hw_error("m5208_resetc_read: Bad offset 0x%x\n", (int)addr);
+return 0;
+}
+}
+
+static void m5208_resetc_write(void *opaque, target_phys_addr_t addr,
+uint32_t value)
+{
+switch (addr) {
+case 0x0: /* RCR */
+if ( value & 0x80 ) {
+qemu_system_shutdown_request();
+}
+break;
+case 0x1: /* RSR */
+break;
+
+default:
+hw_error("m5208_resetc_write: Bad offset 0x%x\n", (int)addr);
+break;
+}
+}
+
+static CPUReadMemoryFunc *m5208_resetc_readfn[] = {
+   m5208_resetc_read,
+   m5208_resetc_read,
+   m5208_resetc_read
+};
+
+static CPUWriteMemoryFunc *m5208_resetc_writefn[] = {
+   m5208_resetc_write,
+   m5208_resetc_write,
+   m5208_resetc_write
+};
+
+static void mcf5208_resetc_init(target_phys_addr_t offset)
+{
+int iomemtype;
+
+iomemtype = cpu_register_io_memory(m5208_resetc_readfn,
+   m5208_resetc_writefn, NULL,
+   DEVICE_NATIVE_ENDIAN);
+cpu_register_physical_memory(offset, 0x4, iomemtype);
+}
+
+
 static void mcf5208evb_init(ram_addr_t ram_size,
  const char *boot_device,
  const char *kernel_filename, const char 
*kernel_cmdline,

@@ -229,12 +283,14 @@ static void mcf5208evb_init(ram_addr_t ram_size,
 qemu_ram_alloc(NULL, "mcf5208.sram", 16384) | IO_MEM_RAM);

 /* Internal peripherals.  */
-pic = mcf_intc_init(0xfc048000, env);
+pic = mcf_intc_init(0xfc048000, env, 0);

 mcf_uart_mm_init(0xfc06, pic[26], serial_hds[0]);
 mcf_uart_mm_init(0xfc064000, pic[27], serial_hds[1]);
 mcf_uart_mm_init(0xfc068000, pic[28], serial_hds[2]);

+mcf5208_resetc_init(0xfc0a);
+
 mcf5208_sys_init(pic);

 if (nb_nics > 1) {
@@ -293,14 +349,139 @@ static void mcf5208evb_init(ram_addr_t ram_size,

 static QEMUMachine mcf5208evb_machine = {
 .name = "mcf5208evb",
-.desc = "MCF5206EVB",
+.desc = "MCF5208EVB",
 .init = mcf5208evb_init,
 .is_default = 1,
 };

+static void mcf5282_sys_init(qemu_irq *pic)
+{
+int iomemtype;
+m5208_timer_state *s;
+QEMUBH *bh;
+int i;
+
+/* Timers.  */
+for (i = 0; i < 4; i++) {
+s = (m5208_timer_state *)qemu_mallocz(sizeof(m5208_timer_state));
+bh = qemu_bh_new(m5208_timer_trigger, s);
+s->timer = ptimer_init(bh);
+iomemtype = cpu_register_io_memory(m5208_timer_readfn,
+   m5208_timer_writefn, s,
+   DEVICE_NATIVE_ENDIAN);
+cpu_register_physical_memory(0x4015 + 0x1 * i, 0x0008,
+ iomemtype);
+s->irq = pic[55 + i];
+}
+}
+
+static void uc5282_init(ram_addr_t ram_size,
+ const char *boot_device,
+ const char *kernel_filename, const char 
*kernel_cmdline,

+ const char *initrd_filename, const char *cpu_model)
+{
+CPUState *env;
+int kernel_size;
+uint64_t elf_entry;
+target_ulong entry;
+qemu_irq *pic;
+
+if (!cpu_model)
+cpu_model = "m5208";
+env = cpu_init(cpu_model);
+if (!env) {
+fprintf(stderr, "Unable to find m68k CPU definition\n");
+exit(1);
+}
+
+/* Initialize CPU registers.  */
+env->vbr = 0;
+/* TODO: Configure BARs.  */
+
+/* DRAM at 0x */
+cpu_register_physical_memory(0x, ram_size,
+qemu_ram_alloc(NU

[Qemu-devel] [PATCH] guest agent: qemu-ga daemon

[Michael Roth]

This is the actual guest daemon, it listens for requests over a
virtio-serial/isa-serial/unix socket channel and routes them through
to dispatch routines, and writes the results back to the channel in
a manner similar to QMP.

A shorthand invocation:

  qemu-ga -d

Is equivalent to:

  qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
  -f /var/run/qemu-ga.pid -d

Signed-off-by: Michael Roth 
---
 Makefile   |8 +-
 configure  |1 +
 qemu-ga.c  |  650 
 qga/guest-agent-core.h |4 +
 4 files changed, 660 insertions(+), 3 deletions(-)
 create mode 100644 qemu-ga.c

diff --git a/Makefile b/Makefile
index b8cdf0e..0d2e33d 100644
--- a/Makefile
+++ b/Makefile
@@ -140,7 +140,7 @@ endif
 ##
 
 qemu-img.o: qemu-img-cmds.h
-qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o: $(GENERATED_HEADERS)
+qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o qemu-ga.o: 
$(GENERATED_HEADERS)
 
 qemu-img$(EXESUF): qemu-img.o qemu-tool.o qemu-error.o $(oslib-obj-y) 
$(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
qemu-timer-common.o
 
@@ -184,13 +184,15 @@ test-qmp-commands: test-qmp-commands.o qfloat.o qint.o 
qdict.o qstring.o qlist.o
 
 QGALIB=qga/guest-agent-command-state.o
 
+qemu-ga$(EXESUF): qemu-ga.o $(QGALIB) qemu-tool.o qemu-error.o error.o 
$(oslib-obj-y) $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
$(qapi-obj-y) qemu-timer-common.o qemu-sockets.o module.o qapi/qmp-dispatch.o 
qapi/qmp-registry.o
+
 QEMULIBS=libhw32 libhw64 libuser libdis libdis-user
 
 clean:
 # avoid old build problems by removing potentially incorrect old files
rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
gen-op-arm.h
rm -f qemu-options.def
-   rm -f *.o *.d *.a *.lo $(TOOLS) TAGS cscope.* *.pod *~ */*~
+   rm -f *.o *.d *.a *.lo $(TOOLS) qemu-ga TAGS cscope.* *.pod *~ */*~
rm -Rf .libs
rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
qga/*.d
rm -f qemu-img-cmds.h
@@ -386,4 +388,4 @@ tarbin:
$(mandir)/man8/qemu-nbd.8
 
 # Include automatically generated dependency files
--include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d qapi/*.d)
+-include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d qapi/*.d 
qga/*.d)
diff --git a/configure b/configure
index 6a03002..445f674 100755
--- a/configure
+++ b/configure
@@ -2532,6 +2532,7 @@ if test "$softmmu" = yes ; then
   tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
   if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
   tools="qemu-nbd\$(EXESUF) $tools"
+  tools="qemu-ga\$(EXESUF) $tools"
 if [ "$check_utests" = "yes" ]; then
   tools="check-qint check-qstring check-qdict check-qlist $tools"
   tools="check-qfloat check-qjson $tools"
diff --git a/qemu-ga.c b/qemu-ga.c
new file mode 100644
index 000..1f3585c
--- /dev/null
+++ b/qemu-ga.c
@@ -0,0 +1,650 @@
+/*
+ * QEMU Guest Agent
+ *
+ * Copyright IBM Corp. 2011
+ *
+ * Authors:
+ *  Adam Litke
+ *  Michael Roth  
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "qemu_socket.h"
+#include "json-streamer.h"
+#include "json-parser.h"
+#include "qint.h"
+#include "qjson.h"
+#include "qga/guest-agent-core.h"
+#include "module.h"
+#include "signal.h"
+#include "qerror.h"
+#include "error_int.h"
+
+#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
+#define QGA_PIDFILE_DEFAULT "/var/run/qemu-ga.pid"
+#define QGA_BAUDRATE_DEFAULT B38400 /* for isa-serial channels */
+#define QGA_TIMEOUT_DEFAULT 30*1000 /* ms */
+
+struct GAState {
+JSONMessageParser parser;
+GMainLoop *main_loop;
+GSocket *conn_sock;
+GIOChannel *conn_channel;
+GSocket *listen_sock;
+GIOChannel *listen_channel;
+const char *path;
+const char *method;
+bool virtio; /* fastpath to check for virtio to deal with poll() quirks */
+GACommandState *command_state;
+GLogLevelFlags log_level;
+FILE *log_file;
+bool logging_enabled;
+};
+
+static struct GAState *ga_state;
+
+static void quit_handler(int sig)
+{
+g_debug("recieved signal num %d, quitting", sig);
+
+if (g_main_loop_is_running(ga_state->main_loop)) {
+g_main_loop_quit(ga_state->main_loop);
+}
+}
+
+static void register_signal_handlers(void)
+{
+struct sigaction sigact;
+int ret;
+
+memset(&sigact, 0, sizeof(struct sigaction));
+sigact.sa_handler = quit_handler;
+
+ret = sigaction(SIGINT, &sigact, NULL);
+if (ret == -1) {
+g_error("error configuring signa

[Qemu-devel] [RFC v5 62/86] Introduce QEMU_NEW()

[Avi Kivity]

qemu_malloc() is type-unsafe as it returns a void pointer.  Introduce
QEMU_NEW() (and QEMU_NEWZ()), which return the correct type.

Signed-off-by: Avi Kivity 
---
 qemu-common.h |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/qemu-common.h b/qemu-common.h
index c2b79bd..e5a70d5 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -209,6 +209,9 @@ void qemu_free(void *ptr);
 char *qemu_strdup(const char *str);
 char *qemu_strndup(const char *str, size_t size);
 
+#define QEMU_NEW(type) ((type *)(qemu_malloc(sizeof(type
+#define QEMU_NEWZ(type) ((type *)(qemu_mallocz(sizeof(type
+
 void qemu_mutex_lock_iothread(void);
 void qemu_mutex_unlock_iothread(void);
 
-- 
1.7.5.3

[Qemu-devel] [RFC v5 76/86] stellaris_enet: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/stellaris_enet.c |   29 -
 1 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/hw/stellaris_enet.c b/hw/stellaris_enet.c
index 6a0583a..b33bcd9 100644
--- a/hw/stellaris_enet.c
+++ b/hw/stellaris_enet.c
@@ -69,7 +69,7 @@ typedef struct {
 NICState *nic;
 NICConf conf;
 qemu_irq irq;
-int mmio_index;
+MemoryRegion mmio;
 } stellaris_enet_state;
 
 static void stellaris_enet_update(stellaris_enet_state *s)
@@ -130,7 +130,8 @@ static int stellaris_enet_can_receive(VLANClientState *nc)
 return (s->np < 31);
 }
 
-static uint32_t stellaris_enet_read(void *opaque, target_phys_addr_t offset)
+static uint64_t stellaris_enet_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
 {
 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
 uint32_t val;
@@ -198,7 +199,7 @@ static uint32_t stellaris_enet_read(void *opaque, 
target_phys_addr_t offset)
 }
 
 static void stellaris_enet_write(void *opaque, target_phys_addr_t offset,
-uint32_t value)
+ uint64_t value, unsigned size)
 {
 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
 
@@ -303,17 +304,12 @@ static void stellaris_enet_write(void *opaque, 
target_phys_addr_t offset,
 }
 }
 
-static CPUReadMemoryFunc * const stellaris_enet_readfn[] = {
-   stellaris_enet_read,
-   stellaris_enet_read,
-   stellaris_enet_read
+static const MemoryRegionOps stellaris_enet_ops = {
+.read = stellaris_enet_read,
+.write = stellaris_enet_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const stellaris_enet_writefn[] = {
-   stellaris_enet_write,
-   stellaris_enet_write,
-   stellaris_enet_write
-};
 static void stellaris_enet_reset(stellaris_enet_state *s)
 {
 s->mdv = 0x80;
@@ -391,7 +387,7 @@ static void stellaris_enet_cleanup(VLANClientState *nc)
 
 unregister_savevm(&s->busdev.qdev, "stellaris_enet", s);
 
-cpu_unregister_io_memory(s->mmio_index);
+memory_region_destroy(&s->mmio);
 
 qemu_free(s);
 }
@@ -408,10 +404,9 @@ static int stellaris_enet_init(SysBusDevice *dev)
 {
 stellaris_enet_state *s = FROM_SYSBUS(stellaris_enet_state, dev);
 
-s->mmio_index = cpu_register_io_memory(stellaris_enet_readfn,
-   stellaris_enet_writefn, s,
-   DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x1000, s->mmio_index);
+memory_region_init_io(&s->mmio, &stellaris_enet_ops, s, "stellaris_enet",
+  0x1000);
+sysbus_init_mmio_region(dev, &s->mmio);
 sysbus_init_irq(dev, &s->irq);
 qemu_macaddr_default_if_unset(&s->conf.macaddr);
 
-- 
1.7.5.3

[Qemu-devel] [RFC v5 15/86] ioport: register ranges by byte aligned addresses always

[Avi Kivity]

The I/O port space is byte addressable, even for word and long accesses.

An example is the VMware svga card, which has long ports on offsets 0,
1, and 2.

Signed-off-by: Avi Kivity 
---
 ioport.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ioport.c b/ioport.c
index 2e971fa..9800223 100644
--- a/ioport.c
+++ b/ioport.c
@@ -146,7 +146,7 @@ int register_ioport_read(pio_addr_t start, int length, int 
size,
 hw_error("register_ioport_read: invalid size");
 return -1;
 }
-for(i = start; i < start + length; i += size) {
+for(i = start; i < start + length; ++i) {
 ioport_read_table[bsize][i] = func;
 if (ioport_opaque[i] != NULL && ioport_opaque[i] != opaque)
 hw_error("register_ioport_read: invalid opaque for address 0x%x",
@@ -166,7 +166,7 @@ int register_ioport_write(pio_addr_t start, int length, int 
size,
 hw_error("register_ioport_write: invalid size");
 return -1;
 }
-for(i = start; i < start + length; i += size) {
+for(i = start; i < start + length; ++i) {
 ioport_write_table[bsize][i] = func;
 if (ioport_opaque[i] != NULL && ioport_opaque[i] != opaque)
 hw_error("register_ioport_write: invalid opaque for address 0x%x",
-- 
1.7.5.3

[Qemu-devel] [PATCH 13/55] ide: Use a table to declare which drive kinds accept each command

[Markus Armbruster]

No functional change.

It would be nice to have handler functions in the table, like commit
e1a064f9 did for ATAPI.  Left for another day.

Signed-off-by: Markus Armbruster 
---
 hw/ide/core.c |  104 +++--
 1 files changed, 79 insertions(+), 25 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index f96ebf2..d1f7489 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -876,6 +876,77 @@ void ide_ioport_write(void *opaque, uint32_t addr, 
uint32_t val)
 }
 }
 
+#define HD_OK (1u << IDE_HD)
+#define CD_OK (1u << IDE_CD)
+#define CFA_OK (1u << IDE_CFATA)
+#define HD_CFA_OK (HD_OK | CFA_OK)
+#define ALL_OK (HD_OK | CD_OK | CFA_OK)
+
+/* See ACS-2 T13/2015-D Table B.2 Command codes */
+uint8_t ide_cmd_table[0x100] = {
+/* NOP not implemented, mandatory for CD */
+[CFA_REQ_EXT_ERROR_CODE]= CFA_OK,
+[WIN_DSM]   = ALL_OK,
+[WIN_DEVICE_RESET]  = CD_OK,
+[WIN_RECAL] = ALL_OK,
+[WIN_READ]  = ALL_OK,
+[WIN_READ_ONCE] = ALL_OK,
+[WIN_READ_EXT]  = ALL_OK,
+[WIN_READDMA_EXT]   = ALL_OK,
+[WIN_READ_NATIVE_MAX_EXT]   = ALL_OK,
+[WIN_MULTREAD_EXT]  = ALL_OK,
+[WIN_WRITE] = ALL_OK,
+[WIN_WRITE_ONCE]= ALL_OK,
+[WIN_WRITE_EXT] = ALL_OK,
+[WIN_WRITEDMA_EXT]  = ALL_OK,
+[CFA_WRITE_SECT_WO_ERASE]   = ALL_OK,
+[WIN_MULTWRITE_EXT] = ALL_OK,
+[WIN_WRITE_VERIFY]  = ALL_OK,
+[WIN_VERIFY]= ALL_OK,
+[WIN_VERIFY_ONCE]   = ALL_OK,
+[WIN_VERIFY_EXT]= ALL_OK,
+[WIN_SEEK]  = HD_CFA_OK,
+[CFA_TRANSLATE_SECTOR]  = CFA_OK,
+[WIN_DIAGNOSE]  = ALL_OK,
+[WIN_SPECIFY]   = ALL_OK,
+[WIN_STANDBYNOW2]   = ALL_OK,
+[WIN_IDLEIMMEDIATE2]= ALL_OK,
+[WIN_STANDBY2]  = ALL_OK,
+[WIN_SETIDLE2]  = ALL_OK,
+[WIN_CHECKPOWERMODE2]   = ALL_OK,
+[WIN_SLEEPNOW2] = ALL_OK,
+[WIN_PACKETCMD] = CD_OK,
+[WIN_PIDENTIFY] = CD_OK,
+[WIN_SMART] = HD_CFA_OK,
+[CFA_ACCESS_METADATA_STORAGE]   = CFA_OK,
+[CFA_ERASE_SECTORS] = CFA_OK,
+[WIN_MULTREAD]  = ALL_OK,
+[WIN_MULTWRITE] = ALL_OK,
+[WIN_SETMULT]   = ALL_OK,
+[WIN_READDMA]   = ALL_OK,
+[WIN_READDMA_ONCE]  = ALL_OK,
+[WIN_WRITEDMA]  = ALL_OK,
+[WIN_WRITEDMA_ONCE] = ALL_OK,
+[CFA_WRITE_MULTI_WO_ERASE]  = ALL_OK,
+[WIN_STANDBYNOW1]   = ALL_OK,
+[WIN_IDLEIMMEDIATE] = ALL_OK,
+[WIN_STANDBY]   = ALL_OK,
+[WIN_SETIDLE1]  = ALL_OK,
+[WIN_CHECKPOWERMODE1]   = ALL_OK,
+[WIN_SLEEPNOW1] = ALL_OK,
+[WIN_FLUSH_CACHE]   = ALL_OK,
+[WIN_FLUSH_CACHE_EXT]   = ALL_OK,
+[WIN_IDENTIFY]  = ALL_OK,
+[WIN_SETFEATURES]   = ALL_OK,
+[IBM_SENSE_CONDITION]   = CFA_OK,
+[CFA_WEAR_LEVEL]= CFA_OK,
+[WIN_READ_NATIVE_MAX]   = ALL_OK,
+};
+
+static bool ide_cmd_permitted(IDEState *s, uint32_t cmd)
+{
+return cmd <= 0xff && (ide_cmd_table[cmd] & (1u << s->drive_kind));
+}
 
 void ide_exec_cmd(IDEBus *bus, uint32_t val)
 {
@@ -895,6 +966,10 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
 return;
 
+if (!ide_cmd_permitted(s, val)) {
+goto abort_cmd;
+}
+
 switch(val) {
 case WIN_DSM:
 switch (s->feature) {
@@ -1115,21 +1190,15 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 ide_set_irq(s->bus);
 break;
 case WIN_SEEK:
-if(s->drive_kind == IDE_CD)
-goto abort_cmd;
 /* XXX: Check that seek is within bounds */
 s->status = READY_STAT | SEEK_STAT;
 ide_set_irq(s->bus);
 break;
 /* ATAPI commands */
 case WIN_PIDENTIFY:
-if (s->drive_kind == IDE_CD) {
-ide_atapi_identify(s);
-s->status = READY_STAT | SEEK_STAT;
-ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
-} else {
-ide_abort_command(s);
-}
+ide_atapi_identify(s);
+s->status = READY_STAT | SEEK_STAT;
+ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
  

Re: [Qemu-devel] live snapshot wiki updated

[Eric Blake]

On 07/20/2011 12:00 PM, Blue Swirl wrote:

Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just trickery by a devious guest to
corrupt storage?


The fix for CVE-2010-2238 already deals with this: if primary image C refers
to backing file CA of raw format, but does not state what file format CA
contains, then a malicious guest can modify the contents of CA to appear to
be yet another qcow2 image.  At which point, if libvirt follows the backing
file specified in CA, then yes, the malicious guest really can cause libvirt
to expose arbitrary file CB for manipulation by the guest.  But that
security hole was already plugged - by default, libvirt refuses to probe
backing files parsed from qcow2 headers for file format, but instead
requires the outer qcow2 header to also include the a file format
designation for the backing file.  At which point, you then have a safe
chain: if C refers to CA, then libvirt knows that both C and CA are
essential to the storage presented by giving qemu the file name C, and the
guest will already be modifying CA, but there is no storage corruption
involved.


But what if CA is accessed even if C is not? For example, QEMU opens C
(to determine CA and write new information about the path), closes it
and then requests CA?


Why is qemu trying to access CA?

Either because CA was mentioned as a backing file for C (in which case 
libvirt already knows about it, because either libvirt handed C to qemu 
at startup time after already parsing C's headers to learn that CA is a 
backing file, or because libvirt called the snapshot_blkdev command with 
the intent of having qemu populate CA with C as its backing file), or 
because qemu has a bug (in which case, libvirt should refuse the access 
to CA).


Libvirt is already perfectly capable of tracking all files that qemu 
might need to access, and whether it is qemu or libvirt that does the 
open() of those files, we can still have libvirt validate whether each 
request for a file makes sense given the context of all previous files 
in use from the time the qemu command line was invoked and across all 
monitor commands in the meantime.


On non-NFS solutions, where every file can have a SELinux label, then 
the security is then present by merely having libvirt relabel all such 
files to a unique label for that particular qemu process, and SELinux 
merely enforces that qemu cannot open() anything but what libvirt has 
already labeled.  And since libvirt already knows which files to label 
in the non-NFS scenario, it already knows which fds to pass in the NFS 
scenario, at which point the ability to prevent qemu from open()ing an 
NFS file is a security enhancement.


Your question about qemu wanting to use CA is thus answered 
independently of whether the fd management solution is solved by libvirt 
handing an fd for CA to qemu prior to any monitor command where qemu 
will then need to use CA, or whether qemu is taught to asynchronously 
ask libvirt to open an fd for CA on qemu's behalf.  The answer is that 
libvirt already tracks whether qemu should access CA, and just needs a 
way to enforce that knowledge.  The enforcement already exists for 
non-NFS via SELinux labels, and the proposal to add fd handling will 
expand that enforcement to also cover NFS.


--
Eric Blake   ebl...@redhat.com+1-801-349-2682
Libvirt virtualization library http://libvirt.org

[Qemu-devel] [PATCH 35/55] scsi-disk: Avoid physical/virtual tray state mismatch

[Markus Armbruster]

When scsi-cd is backed by a physical drive, we want the physical tray
match the virtual one.  To that end, we call bdrv_eject() on guest's
load/eject, and bdrv_lock_medium() on guest's prevent/allow removal.
But we don't set the initial state on device model init.  Fix that.

While there, also unlock on device model exit.

Signed-off-by: Markus Armbruster 
---
 hw/scsi-disk.c |7 +++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index b9de4df..553d8c6 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1270,6 +1270,9 @@ static void scsi_destroy(SCSIDevice *dev)
 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
 
 scsi_device_purge_requests(&s->qdev);
+if (s->drive_kind == SCSI_CD) {
+bdrv_lock_medium(s->qdev.conf.bs, 0);
+}
 blockdev_mark_auto_del(s->qdev.conf.bs);
 }
 
@@ -1332,6 +1335,10 @@ static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind 
kind)
 s->qdev.type = TYPE_DISK;
 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
 bdrv_set_removable(s->bs, kind == SCSI_CD);
+if (kind == SCSI_CD) {
+bdrv_lock_medium(s->bs, s->tray_locked);
+bdrv_eject(s->bs, s->tray_open);
+}
 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
 return 0;
 }
-- 
1.7.2.3

[Qemu-devel] [RFC v5 69/86] gt64xxx.c: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/gt64xxx.c |   36 +++-
 1 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/hw/gt64xxx.c b/hw/gt64xxx.c
index d541558..6af9782 100644
--- a/hw/gt64xxx.c
+++ b/hw/gt64xxx.c
@@ -227,7 +227,7 @@
 #define PCI_MAPPING_ENTRY(regname)\
 target_phys_addr_t regname ##_start;  \
 target_phys_addr_t regname ##_length; \
-int regname ##_handle
+MemoryRegion regname ##_mem
 
 typedef struct GT64120State {
 SysBusDevice busdev;
@@ -269,9 +269,9 @@ static void gt64120_isd_mapping(GT64120State *s)
 target_phys_addr_t start = s->regs[GT_ISD] << 21;
 target_phys_addr_t length = 0x1000;
 
-if (s->ISD_length)
-cpu_register_physical_memory(s->ISD_start, s->ISD_length,
- IO_MEM_UNASSIGNED);
+if (s->ISD_length) {
+memory_region_del_subregion(get_system_memory(), &s->ISD_mem);
+}
 check_reserved_space(&start, &length);
 length = 0x1000;
 /* Map new address */
@@ -279,7 +279,7 @@ static void gt64120_isd_mapping(GT64120State *s)
 length, start, s->ISD_handle);
 s->ISD_start = start;
 s->ISD_length = length;
-cpu_register_physical_memory(s->ISD_start, s->ISD_length, s->ISD_handle);
+memory_region_add_subregion(get_system_memory(), s->ISD_start, 
&s->ISD_mem);
 }
 
 static void gt64120_pci_mapping(GT64120State *s)
@@ -290,7 +290,8 @@ static void gt64120_pci_mapping(GT64120State *s)
   /* Unmap old IO address */
   if (s->PCI0IO_length)
   {
-cpu_register_physical_memory(s->PCI0IO_start, s->PCI0IO_length, 
IO_MEM_UNASSIGNED);
+  memory_region_del_subregion(get_system_memory(), &s->PCI0IO_mem);
+  memory_region_destroy(&s->PCI0IO_mem);
   }
   /* Map new IO address */
   s->PCI0IO_start = s->regs[GT_PCI0IOLD] << 21;
@@ -301,7 +302,7 @@ static void gt64120_pci_mapping(GT64120State *s)
 }
 
 static void gt64120_writel (void *opaque, target_phys_addr_t addr,
-uint32_t val)
+uint64_t val, unsigned size)
 {
 GT64120State *s = opaque;
 uint32_t saddr;
@@ -579,8 +580,8 @@ static void gt64120_writel (void *opaque, 
target_phys_addr_t addr,
 }
 }
 
-static uint32_t gt64120_readl (void *opaque,
-   target_phys_addr_t addr)
+static uint64_t gt64120_readl (void *opaque,
+   target_phys_addr_t addr, unsigned size)
 {
 GT64120State *s = opaque;
 uint32_t val;
@@ -851,16 +852,10 @@ static uint32_t gt64120_readl (void *opaque,
 return val;
 }
 
-static CPUWriteMemoryFunc * const gt64120_write[] = {
->64120_writel,
->64120_writel,
->64120_writel,
-};
-
-static CPUReadMemoryFunc * const gt64120_read[] = {
->64120_readl,
->64120_readl,
->64120_readl,
+static const MemoryRegionOps isd_mem_ops = {
+.read = gt64120_readl,
+.write = gt64120_writel,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static int gt64120_pci_map_irq(PCIDevice *pci_dev, int irq_num)
@@ -1097,8 +1092,7 @@ PCIBus *gt64120_register(qemu_irq *pic)
   get_system_memory(),
   get_system_io(),
   PCI_DEVFN(18, 0), 4);
-d->ISD_handle = cpu_register_io_memory(gt64120_read, gt64120_write, d,
-   DEVICE_NATIVE_ENDIAN);
+memory_region_init_io(&d->ISD_mem, &isd_mem_ops, d, "isd-mem", 0x1000);
 
 pci_create_simple(d->pci.bus, PCI_DEVFN(0, 0), "gt64120_pci");
 return d->pci.bus;
-- 
1.7.5.3

[Qemu-devel] [RFC v5 80/86] versatile_pci: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/versatile_pci.c |   94 ---
 1 files changed, 44 insertions(+), 50 deletions(-)

diff --git a/hw/versatile_pci.c b/hw/versatile_pci.c
index bf7fadd..14cfb48 100644
--- a/hw/versatile_pci.c
+++ b/hw/versatile_pci.c
@@ -16,7 +16,9 @@ typedef struct {
 SysBusDevice busdev;
 qemu_irq irq[4];
 int realview;
-int mem_config;
+MemoryRegion mem_config;
+MemoryRegion mem_config2;
+MemoryRegion isa;
 } PCIVPBState;
 
 static inline uint32_t vpb_pci_config_addr(target_phys_addr_t addr)
@@ -24,55 +26,24 @@ static inline uint32_t 
vpb_pci_config_addr(target_phys_addr_t addr)
 return addr & 0xff;
 }
 
-static void pci_vpb_config_writeb (void *opaque, target_phys_addr_t addr,
-   uint32_t val)
+static void pci_vpb_config_write(void *opaque, target_phys_addr_t addr,
+ uint64_t val, unsigned size)
 {
-pci_data_write(opaque, vpb_pci_config_addr (addr), val, 1);
+pci_data_write(opaque, vpb_pci_config_addr(addr), val, size);
 }
 
-static void pci_vpb_config_writew (void *opaque, target_phys_addr_t addr,
-   uint32_t val)
-{
-pci_data_write(opaque, vpb_pci_config_addr (addr), val, 2);
-}
-
-static void pci_vpb_config_writel (void *opaque, target_phys_addr_t addr,
-   uint32_t val)
-{
-pci_data_write(opaque, vpb_pci_config_addr (addr), val, 4);
-}
-
-static uint32_t pci_vpb_config_readb (void *opaque, target_phys_addr_t addr)
+static uint64_t pci_vpb_config_read(void *opaque, target_phys_addr_t addr,
+unsigned size)
 {
 uint32_t val;
-val = pci_data_read(opaque, vpb_pci_config_addr (addr), 1);
-return val;
+val = pci_data_read(opaque, vpb_pci_config_addr(addr), size);
+return size;
 }
 
-static uint32_t pci_vpb_config_readw (void *opaque, target_phys_addr_t addr)
-{
-uint32_t val;
-val = pci_data_read(opaque, vpb_pci_config_addr (addr), 2);
-return val;
-}
-
-static uint32_t pci_vpb_config_readl (void *opaque, target_phys_addr_t addr)
-{
-uint32_t val;
-val = pci_data_read(opaque, vpb_pci_config_addr (addr), 4);
-return val;
-}
-
-static CPUWriteMemoryFunc * const pci_vpb_config_write[] = {
-&pci_vpb_config_writeb,
-&pci_vpb_config_writew,
-&pci_vpb_config_writel,
-};
-
-static CPUReadMemoryFunc * const pci_vpb_config_read[] = {
-&pci_vpb_config_readb,
-&pci_vpb_config_readw,
-&pci_vpb_config_readl,
+static const MemoryRegionOps pci_vpb_config_ops = {
+.read = pci_vpb_config_read,
+.write = pci_vpb_config_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static int pci_vpb_map_irq(PCIDevice *d, int irq_num)
@@ -87,17 +58,35 @@ static void pci_vpb_set_irq(void *opaque, int irq_num, int 
level)
 qemu_set_irq(pic[irq_num], level);
 }
 
+
 static void pci_vpb_map(SysBusDevice *dev, target_phys_addr_t base)
 {
 PCIVPBState *s = (PCIVPBState *)dev;
 /* Selfconfig area.  */
-cpu_register_physical_memory(base + 0x0100, 0x100, s->mem_config);
+memory_region_add_subregion(get_system_memory(), base + 0x0100,
+&s->mem_config);
 /* Normal config area.  */
-cpu_register_physical_memory(base + 0x0200, 0x100, s->mem_config);
+memory_region_add_subregion(get_system_memory(), base + 0x0200,
+&s->mem_config2);
 
 if (s->realview) {
 /* IO memory area.  */
-isa_mmio_init(base + 0x0300, 0x0010);
+memory_region_add_subregion(get_system_memory(), base + 0x0300,
+&s->isa);
+}
+}
+
+static void pci_vpb_unmap(SysBusDevice *dev, target_phys_addr_t base)
+{
+PCIVPBState *s = (PCIVPBState *)dev;
+/* Selfconfig area.  */
+memory_region_del_subregion(get_system_memory(), &s->mem_config);
+/* Normal config area.  */
+memory_region_del_subregion(get_system_memory(), &s->mem_config2);
+
+if (s->realview) {
+/* IO memory area.  */
+memory_region_del_subregion(get_system_memory(), &s->isa);
 }
 }
 
@@ -117,10 +106,15 @@ static int pci_vpb_init(SysBusDevice *dev)
 
 /* ??? Register memory space.  */
 
-s->mem_config = cpu_register_io_memory(pci_vpb_config_read,
-   pci_vpb_config_write, bus,
-   DEVICE_LITTLE_ENDIAN);
-sysbus_init_mmio_cb(dev, 0x0400, pci_vpb_map);
+memory_region_init_io(&s->mem_config, &pci_vpb_config_ops, bus,
+  "pci-vpb-selfconfig", 0x100);
+memory_region_init_io(&s->mem_config2, &pci_vpb_config_ops, bus,
+  "pci-vpb-config", 0x100);
+if (s->realview) {
+isa_mmio_setup(&s->isa, 0x010);
+}
+
+sysbus_init_mmio_cb2(dev, pci_vpb_map, pci_vpb_unmap);
 

[Qemu-devel] [PATCH 51/55] block: Reset buffer alignment on detach

[Markus Armbruster]

BlockDriverState member buffer_alignment is initially 512.  The device
model may set them, with bdrv_set_buffer_alignment().  If the device
model gets detached (hot unplug), the device's alignment is left
behind.  Only okay because device hot unplug automatically destroys
the BlockDriverState.  But that's a questionable feature, best not to
rely on it.

Signed-off-by: Markus Armbruster 
---
 block.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/block.c b/block.c
index e9b911b..b94864c 100644
--- a/block.c
+++ b/block.c
@@ -736,6 +736,7 @@ void bdrv_detach_dev(BlockDriverState *bs, void *dev)
 bs->dev = NULL;
 bs->dev_ops = NULL;
 bs->dev_opaque = NULL;
+bs->buffer_alignment = 512;
 }
 
 /* TODO change to return DeviceState * when all users are qdevified */
-- 
1.7.2.3

[Qemu-devel] [RFC v5 31/86] Integrate I/O memory regions into qemu

[Avi Kivity]

get_system_io() returns the root I/O memory region.

Signed-off-by: Avi Kivity 
---
 exec-memory.h |2 ++
 exec.c|   10 ++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/exec-memory.h b/exec-memory.h
index aad21b5..3acb15f 100644
--- a/exec-memory.h
+++ b/exec-memory.h
@@ -15,6 +15,8 @@
  */
 MemoryRegion *get_system_memory(void);
 
+MemoryRegion *get_system_io(void);
+
 /* Set the root memory region.  This region is the system memory map. */
 void set_system_memory_map(MemoryRegion *mr);
 
diff --git a/exec.c b/exec.c
index 2bbd14c..81fd6f4 100644
--- a/exec.c
+++ b/exec.c
@@ -113,6 +113,7 @@ static int in_migration;
 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
 
 static MemoryRegion *system_memory;
+static MemoryRegion *system_io;
 
 #endif
 
@@ -3819,6 +3820,10 @@ static void memory_map_init(void)
 system_memory = qemu_malloc(sizeof(*system_memory));
 memory_region_init(system_memory, "system", UINT64_MAX);
 set_system_memory_map(system_memory);
+
+system_io = qemu_malloc(sizeof(*system_io));
+memory_region_init(system_memory, "io", 65536);
+set_system_io_map(system_io);
 }
 
 MemoryRegion *get_system_memory(void)
@@ -3826,6 +3831,11 @@ MemoryRegion *get_system_memory(void)
 return system_memory;
 }
 
+MemoryRegion *get_system_io(void)
+{
+return system_io;
+}
+
 #endif /* !defined(CONFIG_USER_ONLY) */
 
 /* physical memory access (slow version, mainly for debug) */
-- 
1.7.5.3

Re: [Qemu-devel] Wiki spam

[Stefan Weil]

Am 15.07.2011 23:06, schrieb Anthony Liguori:

On 07/15/2011 12:24 PM, Stefan Weil wrote:


Wiki spammers are still very active on qemu.org (see
http://wiki.qemu.org/Special:RecentChanges).

The QEMU wiki needs more technical protection against spam
and also more administrators who can remove spam pages
(I can't, so I simply emptied the pages I just found).


There's no simple solution to spam.  Even captcha's are limited as 
many spammers are just using mechanical turks plus OCR to defeat 
captchas.


recaptcha had some problems recently so I had to disable it on the 
wiki which led to an influx of spam.  It seems to be working fine 
again so I've reenabled it.  Hopefully the spam activity will 
dramatically drop again.


Regards,

Anthony Liguori


I just spent again 15 minutes removing spam from the wiki. That's not 
really fun.


Adding a new user account should require confirmation by mail. This 
extension
can also help a little bit: 
http://www.mediawiki.org/wiki/Extension:AntiSpoof.
Even more restrictive would be 
http://www.mediawiki.org/wiki/Extension:ConfirmAccount.


And the wiki still needs administrators who are allowed to really remove
spam pages (try http://wiki.qemu.org/Special:ShortPages to get the page 
titles).


Regards,

Stefan Weil

[Qemu-devel] [RFC v5 67/86] arm_timer: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/arm_timer.c |   55 ---
 1 files changed, 20 insertions(+), 35 deletions(-)

diff --git a/hw/arm_timer.c b/hw/arm_timer.c
index dac9e70..ee15ca5 100644
--- a/hw/arm_timer.c
+++ b/hw/arm_timer.c
@@ -176,6 +176,7 @@ static arm_timer_state *arm_timer_init(uint32_t freq)
 
 typedef struct {
 SysBusDevice busdev;
+MemoryRegion iomem;
 arm_timer_state *timer[2];
 int level[2];
 qemu_irq irq;
@@ -190,7 +191,8 @@ static void sp804_set_irq(void *opaque, int irq, int level)
 qemu_set_irq(s->irq, s->level[0] || s->level[1]);
 }
 
-static uint32_t sp804_read(void *opaque, target_phys_addr_t offset)
+static uint64_t sp804_read(void *opaque, target_phys_addr_t offset,
+   unsigned size)
 {
 sp804_state *s = (sp804_state *)opaque;
 
@@ -203,7 +205,7 @@ static uint32_t sp804_read(void *opaque, target_phys_addr_t 
offset)
 }
 
 static void sp804_write(void *opaque, target_phys_addr_t offset,
-uint32_t value)
+uint64_t value, unsigned size)
 {
 sp804_state *s = (sp804_state *)opaque;
 
@@ -214,19 +216,12 @@ static void sp804_write(void *opaque, target_phys_addr_t 
offset,
 }
 }
 
-static CPUReadMemoryFunc * const sp804_readfn[] = {
-   sp804_read,
-   sp804_read,
-   sp804_read
+static const MemoryRegionOps sp804_ops = {
+.read = sp804_read,
+.write = sp804_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static CPUWriteMemoryFunc * const sp804_writefn[] = {
-   sp804_write,
-   sp804_write,
-   sp804_write
-};
-
-
 static const VMStateDescription vmstate_sp804 = {
 .name = "sp804",
 .version_id = 1,
@@ -240,7 +235,6 @@ static const VMStateDescription vmstate_sp804 = {
 
 static int sp804_init(SysBusDevice *dev)
 {
-int iomemtype;
 sp804_state *s = FROM_SYSBUS(sp804_state, dev);
 qemu_irq *qi;
 
@@ -252,9 +246,8 @@ static int sp804_init(SysBusDevice *dev)
 s->timer[1] = arm_timer_init(100);
 s->timer[0]->irq = qi[0];
 s->timer[1]->irq = qi[1];
-iomemtype = cpu_register_io_memory(sp804_readfn,
-   sp804_writefn, s, DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x1000, iomemtype);
+memory_region_init_io(&s->iomem, &sp804_ops, s, "sp804", 0x1000);
+sysbus_init_mmio_region(dev, &s->iomem);
 vmstate_register(&dev->qdev, -1, &vmstate_sp804, s);
 return 0;
 }
@@ -264,10 +257,12 @@ static int sp804_init(SysBusDevice *dev)
 
 typedef struct {
 SysBusDevice busdev;
+MemoryRegion iomem;
 arm_timer_state *timer[3];
 } icp_pit_state;
 
-static uint32_t icp_pit_read(void *opaque, target_phys_addr_t offset)
+static uint64_t icp_pit_read(void *opaque, target_phys_addr_t offset,
+ unsigned size)
 {
 icp_pit_state *s = (icp_pit_state *)opaque;
 int n;
@@ -282,7 +277,7 @@ static uint32_t icp_pit_read(void *opaque, 
target_phys_addr_t offset)
 }
 
 static void icp_pit_write(void *opaque, target_phys_addr_t offset,
-  uint32_t value)
+  uint64_t value, unsigned size)
 {
 icp_pit_state *s = (icp_pit_state *)opaque;
 int n;
@@ -295,22 +290,14 @@ static void icp_pit_write(void *opaque, 
target_phys_addr_t offset,
 arm_timer_write(s->timer[n], offset & 0xff, value);
 }
 
-
-static CPUReadMemoryFunc * const icp_pit_readfn[] = {
-   icp_pit_read,
-   icp_pit_read,
-   icp_pit_read
-};
-
-static CPUWriteMemoryFunc * const icp_pit_writefn[] = {
-   icp_pit_write,
-   icp_pit_write,
-   icp_pit_write
+static const MemoryRegionOps icp_pit_ops = {
+.read = icp_pit_read,
+.write = icp_pit_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 static int icp_pit_init(SysBusDevice *dev)
 {
-int iomemtype;
 icp_pit_state *s = FROM_SYSBUS(icp_pit_state, dev);
 
 /* Timer 0 runs at the system clock speed (40MHz).  */
@@ -323,10 +310,8 @@ static int icp_pit_init(SysBusDevice *dev)
 sysbus_init_irq(dev, &s->timer[1]->irq);
 sysbus_init_irq(dev, &s->timer[2]->irq);
 
-iomemtype = cpu_register_io_memory(icp_pit_readfn,
-   icp_pit_writefn, s,
-   DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x1000, iomemtype);
+memory_region_init_io(&s->iomem, &icp_pit_ops, s, "icp_pit", 0x1000);
+sysbus_init_mmio_region(dev, &s->iomem);
 /* This device has no state to save/restore.  The component timers will
save themselves.  */
 return 0;
-- 
1.7.5.3

[Qemu-devel] [PATCH 07/23] PPC: Remove cINT code from MPIC

[Alexander Graf]

The current code treats some bits in IDE as special for critical interrupts.
While there is logic to route interrupts as critical, that happens through
a different register. So for now I'm just removing the check to enable up to 32
virtual CPUs.

Signed-off-by: Alexander Graf 
---
 hw/openpic.c |9 +
 1 files changed, 1 insertions(+), 8 deletions(-)

diff --git a/hw/openpic.c b/hw/openpic.c
index 08a3a65..6630206 100644
--- a/hw/openpic.c
+++ b/hw/openpic.c
@@ -1278,14 +1278,7 @@ qemu_irq *openpic_init (PCIBus *bus, int *pmem_index, 
int nb_cpus,
 
 static void mpic_irq_raise(openpic_t *mpp, int n_CPU, IRQ_src_t *src)
 {
-int n_ci = IDR_CI0 - n_CPU;
-
-if(test_bit(&src->ide, n_ci)) {
-qemu_irq_raise(mpp->dst[n_CPU].irqs[OPENPIC_OUTPUT_CINT]);
-}
-else {
-qemu_irq_raise(mpp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
-}
+qemu_irq_raise(mpp->dst[n_CPU].irqs[OPENPIC_OUTPUT_INT]);
 }
 
 static void mpic_reset (void *opaque)
-- 
1.6.0.2

[Qemu-devel] [PATCH 21/23] PPC: E500: Remove unneeded CPU nodes

[Alexander Graf]

We should only keep CPU nodes in the device tree around that we really have
virtual CPUs for. So remove all superfluous entries that we just keep there
in case someone wants to create a lot of vCPUs.

Signed-off-by: Alexander Graf 
---
 hw/ppce500_mpc8544ds.c |6 ++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 85d8da1..cccf79b 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -129,6 +129,12 @@ static int mpc8544_load_device_tree(CPUState *env,
 qemu_devtree_setprop_cell(fdt, cpu_name, "timebase-frequency", 
tb_freq);
 }
 
+for (i = smp_cpus; i < 32; i++) {
+char cpu_name[128];
+snprintf(cpu_name, sizeof(cpu_name), "/cpus/PowerPC,8544@%x", i);
+qemu_devtree_nop_node(fdt, cpu_name);
+}
+
 ret = rom_add_blob_fixed(BINARY_DEVICE_TREE_FILE, fdt, fdt_size, addr);
 qemu_free(fdt);
 
-- 
1.6.0.2

[Qemu-devel] [RFC v5 29/86] vga: simplify vga window mmio access functions

[Avi Kivity]

Make use of the memory API's ability to satisfy multi-byte accesses via
multiple single-byte accesses.

We have to keep vga_mem_{read,write}b() since they're used by cirrus.

Signed-off-by: Avi Kivity 
---
 hw/cirrus_vga.c |4 +-
 hw/vga.c|   56 +++---
 hw/vga_int.h|4 +-
 3 files changed, 12 insertions(+), 52 deletions(-)

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index d236aee..472f153 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -1965,7 +1965,7 @@ static uint64_t cirrus_vga_mem_read(void *opaque,
 uint32_t val;
 
 if ((s->vga.sr[0x07] & 0x01) == 0) {
-   return vga_mem_readb(s, addr);
+return vga_mem_readb(&s->vga, addr);
 }
 
 if (addr < 0x1) {
@@ -2010,7 +2010,7 @@ static void cirrus_vga_mem_write(void *opaque,
 unsigned mode;
 
 if ((s->vga.sr[0x07] & 0x01) == 0) {
-   vga_mem_writeb(s, addr, mem_value);
+vga_mem_writeb(&s->vga, addr, mem_value);
 return;
 }
 
diff --git a/hw/vga.c b/hw/vga.c
index 3d47845..df47a05 100644
--- a/hw/vga.c
+++ b/hw/vga.c
@@ -707,9 +707,8 @@ static void vbe_ioport_write_data(void *opaque, uint32_t 
addr, uint32_t val)
 #endif
 
 /* called for accesses between 0xa and 0xc */
-uint32_t vga_mem_readb(void *opaque, target_phys_addr_t addr)
+uint32_t vga_mem_readb(VGACommonState *s, target_phys_addr_t addr)
 {
-VGACommonState *s = opaque;
 int memory_map_mode, plane;
 uint32_t ret;
 
@@ -763,28 +762,9 @@ uint32_t vga_mem_readb(void *opaque, target_phys_addr_t 
addr)
 return ret;
 }
 
-static uint32_t vga_mem_readw(void *opaque, target_phys_addr_t addr)
-{
-uint32_t v;
-v = vga_mem_readb(opaque, addr);
-v |= vga_mem_readb(opaque, addr + 1) << 8;
-return v;
-}
-
-static uint32_t vga_mem_readl(void *opaque, target_phys_addr_t addr)
-{
-uint32_t v;
-v = vga_mem_readb(opaque, addr);
-v |= vga_mem_readb(opaque, addr + 1) << 8;
-v |= vga_mem_readb(opaque, addr + 2) << 16;
-v |= vga_mem_readb(opaque, addr + 3) << 24;
-return v;
-}
-
 /* called for accesses between 0xa and 0xc */
-void vga_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+void vga_mem_writeb(VGACommonState *s, target_phys_addr_t addr, uint32_t val)
 {
-VGACommonState *s = opaque;
 int memory_map_mode, plane, write_mode, b, func_select, mask;
 uint32_t write_mask, bit_mask, set_mask;
 
@@ -916,20 +896,6 @@ void vga_mem_writeb(void *opaque, target_phys_addr_t addr, 
uint32_t val)
 }
 }
 
-static void vga_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
-{
-vga_mem_writeb(opaque, addr, val & 0xff);
-vga_mem_writeb(opaque, addr + 1, (val >> 8) & 0xff);
-}
-
-static void vga_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
-{
-vga_mem_writeb(opaque, addr, val & 0xff);
-vga_mem_writeb(opaque, addr + 1, (val >> 8) & 0xff);
-vga_mem_writeb(opaque, addr + 2, (val >> 16) & 0xff);
-vga_mem_writeb(opaque, addr + 3, (val >> 24) & 0xff);
-}
-
 typedef void vga_draw_glyph8_func(uint8_t *d, int linesize,
  const uint8_t *font_ptr, int h,
  uint32_t fgcol, uint32_t bgcol);
@@ -2104,12 +2070,7 @@ static uint64_t vga_mem_read(void *opaque, 
target_phys_addr_t addr,
 {
 VGACommonState *s = opaque;
 
-switch (size) {
-case 1: return vga_mem_readb(s, addr);
-case 2: return vga_mem_readw(s, addr);
-case 4: return vga_mem_readl(s, addr);
-default: abort();
-}
+return vga_mem_readb(s, addr);
 }
 
 static void vga_mem_write(void *opaque, target_phys_addr_t addr,
@@ -2117,18 +2078,17 @@ static void vga_mem_write(void *opaque, 
target_phys_addr_t addr,
 {
 VGACommonState *s = opaque;
 
-switch (size) {
-case 1: return vga_mem_writeb(s, addr, data);
-case 2: return vga_mem_writew(s, addr, data);
-case 4: return vga_mem_writel(s, addr, data);
-default: abort();
-}
+return vga_mem_writeb(s, addr, data);
 }
 
 const MemoryRegionOps vga_mem_ops = {
 .read = vga_mem_read,
 .write = vga_mem_write,
 .endianness = DEVICE_LITTLE_ENDIAN,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
 };
 
 static int vga_common_post_load(void *opaque, int version_id)
diff --git a/hw/vga_int.h b/hw/vga_int.h
index 51aff8e..aba2e98 100644
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -197,8 +197,8 @@ void vga_dirty_log_restart(VGACommonState *s);
 extern const VMStateDescription vmstate_vga_common;
 uint32_t vga_ioport_read(void *opaque, uint32_t addr);
 void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val);
-uint32_t vga_mem_readb(void *opaque, target_phys_addr_t addr);
-void vga_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val);
+uint32_t vga_mem_readb(VGACommonState *s, target_phys_addr_t addr);
+void vga_mem_writeb(VGACommonState *s, target_phys_addr_t addr, uint32_t val);
 void vga_inval

[Qemu-devel] [RFC v5 56/86] pci: remove pci_register_bar_simple()

[Avi Kivity]

Superceded by pci_register_bar_region().
---
 hw/pci.c |   17 -
 hw/pci.h |3 ---
 2 files changed, 0 insertions(+), 20 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 980840f..6aca1af 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -903,7 +903,6 @@ void pci_register_bar(PCIDevice *pci_dev, int region_num,
 r->filtered_size = size;
 r->type = type;
 r->map_func = map_func;
-r->ram_addr = IO_MEM_UNASSIGNED;
 r->memory = NULL;
 
 wmask = ~(size - 1);
@@ -923,13 +922,6 @@ void pci_register_bar(PCIDevice *pci_dev, int region_num,
 }
 }
 
-static void pci_simple_bar_mapfunc(PCIDevice *pci_dev, int region_num,
-   pcibus_t addr, pcibus_t size, int type)
-{
-cpu_register_physical_memory(addr, size,
- pci_dev->io_regions[region_num].ram_addr);
-}
-
 static void pci_simple_bar_mapfunc_region(PCIDevice *pci_dev, int region_num,
   pcibus_t addr, pcibus_t size,
   int type)
@@ -942,15 +934,6 @@ static void pci_simple_bar_mapfunc_region(PCIDevice 
*pci_dev, int region_num,
 1);
 }
 
-void pci_register_bar_simple(PCIDevice *pci_dev, int region_num,
- pcibus_t size,  uint8_t attr, ram_addr_t ram_addr)
-{
-pci_register_bar(pci_dev, region_num, size,
- PCI_BASE_ADDRESS_SPACE_MEMORY | attr,
- pci_simple_bar_mapfunc);
-pci_dev->io_regions[region_num].ram_addr = ram_addr;
-}
-
 void pci_register_bar_region(PCIDevice *pci_dev, int region_num,
  uint8_t attr, MemoryRegion *memory)
 {
diff --git a/hw/pci.h b/hw/pci.h
index a95e2ad..25e28b1 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -93,7 +93,6 @@ typedef struct PCIIORegion {
 pcibus_t filtered_size;
 uint8_t type;
 PCIMapIORegionFunc *map_func;
-ram_addr_t ram_addr;
 MemoryRegion *memory;
 MemoryRegion *address_space;
 } PCIIORegion;
@@ -204,8 +203,6 @@ PCIDevice *pci_register_device(PCIBus *bus, const char 
*name,
 void pci_register_bar(PCIDevice *pci_dev, int region_num,
 pcibus_t size, uint8_t type,
 PCIMapIORegionFunc *map_func);
-void pci_register_bar_simple(PCIDevice *pci_dev, int region_num,
- pcibus_t size, uint8_t attr, ram_addr_t ram_addr);
 void pci_register_bar_region(PCIDevice *pci_dev, int region_num,
  uint8_t attr, MemoryRegion *memory);
 pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num);
-- 
1.7.5.3

Re: [Qemu-devel] live snapshot wiki updated

[Eric Blake]

On 07/20/2011 02:01 PM, Blue Swirl wrote:

Either because CA was mentioned as a backing file for C (in which case
libvirt already knows about it, because either libvirt handed C to qemu at
startup time after already parsing C's headers to learn that CA is a backing
file, or because libvirt called the snapshot_blkdev command with the intent
of having qemu populate CA with C as its backing file), or because qemu has
a bug (in which case, libvirt should refuse the access to CA).


So no new backing files can be introduced by QEMU after it has started
without libvirt knowing it?


No, you missed my point.  A new backing file can only be introduced by 
qemu after it has started by libvirt using a finite set of monitor 
commands.  These include disk hotplug (libvirt adds to the list of files 
known to be accessed by qemu, by reading the image headers of the new 
disk to be hot-plugged prior to issuing the monitor command), by disk 
hot-unplug (libvirt revokes the access to the files making up that disk, 
which it remembers from before the disk was added), and snapshot_blkdev 
(libvirt is explicitly requesting a new qcow2 file with the old file as 
the backing image, so it knows the new relationship of files to be 
accessed by that block device).  Since libvirt issued the monitor 
commands, libvirt always knows which files qemu should be trying to 
access when servicing those block devices to the guest.




OK. I think fds would be useful internally in a privilege separation
mode in plain QEMU too.


Yes, there's more than one reason to add fd support to all possible 
situations where qemu is currently resorting to open().


--
Eric Blake   ebl...@redhat.com+1-801-349-2682
Libvirt virtualization library http://libvirt.org

[Qemu-devel] [PATCH 06/23] PPC: Fix IPI support in MPIC

[Alexander Graf]

The current IPI support in the MPIC code is incomplete and doesn't work. This
code adds proper support for IPIs in MPIC by using the IDE register to remember
which CPUs IPIs are still outstanding to. New triggers through the IPI trigger
register only add to the list of CPUs we want to IPI.

Signed-off-by: Alexander Graf 
---
 hw/openpic.c |   17 +++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/hw/openpic.c b/hw/openpic.c
index ad45331..08a3a65 100644
--- a/hw/openpic.c
+++ b/hw/openpic.c
@@ -57,7 +57,7 @@
 #define MAX_MBX 4
 #define MAX_TMR 4
 #define VECTOR_BITS 8
-#define MAX_IPI 0
+#define MAX_IPI 4
 
 #define VID (0x)
 
@@ -840,7 +840,9 @@ static void openpic_cpu_write_internal(void *opaque, 
target_phys_addr_t addr,
 case 0x60:
 case 0x70:
 idx = (addr - 0x40) >> 4;
-write_IRQreg(opp, opp->irq_ipi0 + idx, IRQ_IDE, val);
+/* we use IDE as mask which CPUs to deliver the IPI to still. */
+write_IRQreg(opp, opp->irq_ipi0 + idx, IRQ_IDE,
+ opp->src[opp->irq_ipi0 + idx].ide | val);
 openpic_set_irq(opp, opp->irq_ipi0 + idx, 1);
 openpic_set_irq(opp, opp->irq_ipi0 + idx, 0);
 break;
@@ -934,6 +936,17 @@ static uint32_t openpic_cpu_read_internal(void *opaque, 
target_phys_addr_t addr,
 reset_bit(&src->ipvp, IPVP_ACTIVITY);
 src->pending = 0;
 }
+
+if ((n_IRQ >= opp->irq_ipi0) &&  (n_IRQ < (opp->irq_ipi0 + 4))) {
+src->ide &= ~(1 << idx);
+if (src->ide && !test_bit(&src->ipvp, IPVP_SENSE)) {
+/* trigger on CPUs that didn't know about it yet */
+openpic_set_irq(opp, n_IRQ, 1);
+openpic_set_irq(opp, n_IRQ, 0);
+/* if all CPUs knew about it, set active bit again */
+set_bit(&src->ipvp, IPVP_ACTIVITY);
+}
+}
 }
 break;
 case 0xB0: /* PEOI */
-- 
1.6.0.2

[Qemu-devel] [RFC v5 83/86] isa: add isa_address_space()

[Avi Kivity]

A helper that returns the address space used by ISA devices.  Useful
for getting rid of isa_mem_base, multiple ISA buses, or ISA buses behind
bridges.

Signed-off-by: Avi Kivity 
---
 hw/isa-bus.c |7 +++
 hw/isa.h |1 +
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index 2765543..d770df9 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -202,4 +202,11 @@ static char *isabus_get_fw_dev_path(DeviceState *dev)
 return strdup(path);
 }
 
+#include "exec-memory.h"
+
+MemoryRegion *isa_address_space(ISADevice *dev)
+{
+return get_system_memory();
+}
+
 device_init(isabus_register_devices)
diff --git a/hw/isa.h b/hw/isa.h
index f1f2181..f344699 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -32,6 +32,7 @@ void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
 void isa_init_ioport(ISADevice *dev, uint16_t ioport);
 void isa_init_ioport_range(ISADevice *dev, uint16_t start, uint16_t length);
 void isa_qdev_register(ISADeviceInfo *info);
+MemoryRegion *isa_address_space(ISADevice *dev);
 ISADevice *isa_create(const char *name);
 ISADevice *isa_try_create(const char *name);
 ISADevice *isa_create_simple(const char *name);
-- 
1.7.5.3

[Qemu-devel] [PATCH 18/23] PPC: KVM: Remove kvmppc_read_host_property

[Alexander Graf]

We just got rid of the last user of kvmppc_read_host_property, so we
can now safely remove it.

Signed-off-by: Alexander Graf 
---
 target-ppc/kvm_ppc.c |   35 ---
 target-ppc/kvm_ppc.h |   11 ---
 2 files changed, 0 insertions(+), 46 deletions(-)

diff --git a/target-ppc/kvm_ppc.c b/target-ppc/kvm_ppc.c
index 7cc522a..0c9b530 100644
--- a/target-ppc/kvm_ppc.c
+++ b/target-ppc/kvm_ppc.c
@@ -21,41 +21,6 @@
 static QEMUTimer *kvmppc_timer;
 static unsigned int kvmppc_timer_rate;
 
-#ifdef CONFIG_FDT
-int kvmppc_read_host_property(const char *node_path, const char *prop,
- void *val, size_t len)
-{
-char *path;
-FILE *f;
-int ret = 0;
-int pathlen;
-
-pathlen = snprintf(NULL, 0, "%s/%s/%s", PROC_DEVTREE_PATH, node_path, prop)
-  + 1;
-path = qemu_malloc(pathlen);
-
-snprintf(path, pathlen, "%s/%s/%s", PROC_DEVTREE_PATH, node_path, prop);
-
-f = fopen(path, "rb");
-if (f == NULL) {
-ret = errno;
-goto free;
-}
-
-len = fread(val, len, 1, f);
-if (len != 1) {
-ret = ferror(f);
-goto close;
-}
-
-close:
-fclose(f);
-free:
-free(path);
-return ret;
-}
-#endif
-
 static void kvmppc_timer_hack(void *opaque)
 {
 qemu_service_io();
diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h
index 1827a13..523825d 100644
--- a/target-ppc/kvm_ppc.h
+++ b/target-ppc/kvm_ppc.h
@@ -10,17 +10,6 @@
 #define __KVM_PPC_H__
 
 void kvmppc_init(void);
-#ifndef CONFIG_KVM
-static inline int kvmppc_read_host_property(const char *node_path, const char 
*prop,
-void *val, size_t len)
-{
-assert(0);
-return -ENOSYS;
-}
-#else
-int kvmppc_read_host_property(const char *node_path, const char *prop,
- void *val, size_t len);
-#endif
 
 uint32_t kvmppc_get_tbfreq(void);
 uint32_t kvmppc_get_clockfreq(void);
-- 
1.6.0.2

Re: [Qemu-devel] [RFC 3/4] A separate thread for the VM migration

[Marcelo Tosatti]

On Wed, Jul 20, 2011 at 12:00:44AM -0400, Umesh Deshpande wrote:
> This patch creates a separate thread for the guest migration on the source 
> side. The migration routine is called from the migration clock.
> 
> Signed-off-by: Umesh Deshpande 
> ---
>  arch_init.c  |8 +++
>  buffered_file.c  |   10 -
>  migration-tcp.c  |   18 -
>  migration-unix.c |7 ++
>  migration.c  |   56 
> +--
>  migration.h  |4 +--
>  6 files changed, 57 insertions(+), 46 deletions(-)
> 
> diff --git a/arch_init.c b/arch_init.c
> index f81a729..6d44b72 100644
> --- a/arch_init.c
> +++ b/arch_init.c
> @@ -260,6 +260,10 @@ int ram_save_live(Monitor *mon, QEMUFile *f, int stage, 
> void *opaque)
>  return 0;
>  }
>  
> +if (stage != 3) {
> +qemu_mutex_lock_iothread();
> +}
> +
>  if (cpu_physical_sync_dirty_bitmap(0, TARGET_PHYS_ADDR_MAX) != 0) {
>  qemu_file_set_error(f);
>  return 0;
> @@ -267,6 +271,10 @@ int ram_save_live(Monitor *mon, QEMUFile *f, int stage, 
> void *opaque)
>  
>  sync_migration_bitmap(0, TARGET_PHYS_ADDR_MAX);
>  
> +if (stage != 3) {
> +qemu_mutex_unlock_iothread();
> +}
> +

Many data structures shared by vcpus/iothread and migration thread are
accessed simultaneously without protection. Instead of simply moving
the entire migration routines to a thread, i'd suggest moving only the
time consuming work in ram_save_block (dup_page and put_buffer), after
properly audit for shared access. And send more than one page a time, of
course.

A separate lock for ram_list is probably necessary, so that it can
be accessed from the migration thread.

Re: [Qemu-devel] [PATCH] pci: Length-align config space accesses

[Jan Kiszka]

On 2011-07-20 18:45, Michael S. Tsirkin wrote:
> On Wed, Jul 20, 2011 at 06:18:43PM +0200, Jan Kiszka wrote:
>> On 2011-07-20 18:17, Isaku Yamahata wrote:
>>> On Wed, Jul 20, 2011 at 04:27:08PM +0200, Jan Kiszka wrote:
 On 2011-07-20 14:15, Jan Kiszka wrote:
> On 2011-07-20 14:00, Isaku Yamahata wrote:
>> Hi. This clean up looks good basically.
>
> Oops, forgot to cc you. Sorry.
>
>> But when conventional pci device is accessed via MMCONFIG area,
>> addr &= addr_mask doesn't work as expected.
>> The config area of [256, 4K) of conventional pci should have no effect.
>
> Mmh, I see. Looks like we need to split accesses at this boundary and
> executed them separately.

 Nope, no such issue: we already automatically split up accesses that
 span the legacy/extended boundary. Just like so far, legacy config space
 handlers have to filter out requests that address regions >= 256.
>>>
>>> For example, when accessing to offset 257 of conventional pci device,
>>> the access is routed to offset 1 due to the masking.
>>> Such overwrapping isn't correct.
>>
>> No, it isn't routed like that. The mask used via mmio is 0xfff.
>>
>> Jan
> 
> I thought about this some more, I'd like to see how devices
> are going to benefit. Any examples?

No in-tree device currently gets beyond the "write default, check range"
pattern.

> If not, is it easier to simply make this logic
> part of dev assignment?

That's a question of clean interfaces. Not checking at the core means
exposing invalid accesses to the callbacks.

The logic is required anyway, so better put it in a central place. E.g.
if the Xen people push their device assignment as well, we will suddenly
have more than one user.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

[Qemu-devel] [RFC v5 36/86] ac97: convert to memory API

[Avi Kivity]

fixes BAR sizing as well.

Signed-off-by: Avi Kivity 
---
 hw/ac97.c |   88 +++-
 1 files changed, 51 insertions(+), 37 deletions(-)

diff --git a/hw/ac97.c b/hw/ac97.c
index 0b59896..bcddaa6 100644
--- a/hw/ac97.c
+++ b/hw/ac97.c
@@ -160,8 +160,9 @@ typedef struct AC97LinkState {
 SWVoiceIn *voice_mc;
 int invalid_freq[3];
 uint8_t silence[128];
-uint32_t base[2];
 int bup_flag;
+MemoryRegion io_nam;
+MemoryRegion io_nabm;
 } AC97LinkState;
 
 enum {
@@ -583,7 +584,7 @@ static uint32_t nam_readw (void *opaque, uint32_t addr)
 {
 AC97LinkState *s = opaque;
 uint32_t val = ~0U;
-uint32_t index = addr - s->base[0];
+uint32_t index = addr;
 s->cas = 0;
 val = mixer_load (s, index);
 return val;
@@ -611,7 +612,7 @@ static void nam_writeb (void *opaque, uint32_t addr, 
uint32_t val)
 static void nam_writew (void *opaque, uint32_t addr, uint32_t val)
 {
 AC97LinkState *s = opaque;
-uint32_t index = addr - s->base[0];
+uint32_t index = addr;
 s->cas = 0;
 switch (index) {
 case AC97_Reset:
@@ -714,7 +715,7 @@ static uint32_t nabm_readb (void *opaque, uint32_t addr)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 uint32_t val = ~0U;
 
 switch (index) {
@@ -769,7 +770,7 @@ static uint32_t nabm_readw (void *opaque, uint32_t addr)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 uint32_t val = ~0U;
 
 switch (index) {
@@ -798,7 +799,7 @@ static uint32_t nabm_readl (void *opaque, uint32_t addr)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 uint32_t val = ~0U;
 
 switch (index) {
@@ -848,7 +849,7 @@ static void nabm_writeb (void *opaque, uint32_t addr, 
uint32_t val)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 switch (index) {
 case PI_LVI:
 case PO_LVI:
@@ -904,7 +905,7 @@ static void nabm_writew (void *opaque, uint32_t addr, 
uint32_t val)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 switch (index) {
 case PI_SR:
 case PO_SR:
@@ -924,7 +925,7 @@ static void nabm_writel (void *opaque, uint32_t addr, 
uint32_t val)
 {
 AC97LinkState *s = opaque;
 AC97BusMasterRegs *r = NULL;
-uint32_t index = addr - s->base[1];
+uint32_t index = addr;
 switch (index) {
 case PI_BDBAR:
 case PO_BDBAR:
@@ -1230,31 +1231,33 @@ static const VMStateDescription vmstate_ac97 = {
 }
 };
 
-static void ac97_map (PCIDevice *pci_dev, int region_num,
-  pcibus_t addr, pcibus_t size, int type)
-{
-AC97LinkState *s = DO_UPCAST (AC97LinkState, dev, pci_dev);
-PCIDevice *d = &s->dev;
-
-if (!region_num) {
-s->base[0] = addr;
-register_ioport_read (addr, 256 * 1, 1, nam_readb, d);
-register_ioport_read (addr, 256 * 2, 2, nam_readw, d);
-register_ioport_read (addr, 256 * 4, 4, nam_readl, d);
-register_ioport_write (addr, 256 * 1, 1, nam_writeb, d);
-register_ioport_write (addr, 256 * 2, 2, nam_writew, d);
-register_ioport_write (addr, 256 * 4, 4, nam_writel, d);
-}
-else {
-s->base[1] = addr;
-register_ioport_read (addr, 64 * 1, 1, nabm_readb, d);
-register_ioport_read (addr, 64 * 2, 2, nabm_readw, d);
-register_ioport_read (addr, 64 * 4, 4, nabm_readl, d);
-register_ioport_write (addr, 64 * 1, 1, nabm_writeb, d);
-register_ioport_write (addr, 64 * 2, 2, nabm_writew, d);
-register_ioport_write (addr, 64 * 4, 4, nabm_writel, d);
-}
-}
+static const MemoryRegionPortio nam_portio[] = {
+{ 0, 256 * 1, 1, .read = nam_readb, },
+{ 0, 256 * 2, 2, .read = nam_readw, },
+{ 0, 256 * 4, 4, .read = nam_readl, },
+{ 0, 256 * 1, 1, .write = nam_writeb, },
+{ 0, 256 * 2, 2, .write = nam_writew, },
+{ 0, 256 * 4, 4, .write = nam_writel, },
+PORTIO_END,
+};
+
+static const MemoryRegionOps ac97_io_nam_ops = {
+.old_portio = nam_portio,
+};
+
+static const MemoryRegionPortio nabm_portio[] = {
+{ 0, 64 * 1, 1, .read = nabm_readb, },
+{ 0, 64 * 2, 2, .read = nabm_readw, },
+{ 0, 64 * 4, 4, .read = nabm_readl, },
+{ 0, 64 * 1, 1, .write = nabm_writeb, },
+{ 0, 64 * 2, 2, .write = nabm_writew, },
+{ 0, 64 * 4, 4, .write = nabm_writel, },
+PORTIO_END
+};
+
+static const MemoryRegionOps ac97_io_nabm_ops = {
+.old_portio = nabm_portio,
+};
 
 static void ac97_on_reset (void *opaque)
 {
@@ -1311,15 +1314,25 @@ static int ac97_initfn (PCIDevice *dev)
 /* TODO: RST# value should be 0. */
 c[P

[Qemu-devel] [PATCH 00/23] SMP support for MPC8544DS

[Alexander Graf]

Due to popular demand, I got involved in the dirty arts of SMP
programming :). This patch set adds support for the MPC8544DS board
(e500v2) to run with up to 32 virtual CPUs.

This works fine with emulation and Linux guests. It also works with
KVM when disabling the DEC trick in ppc_spin.c - something seems to
be broken in KVM there.

For non-Linux guests, TLB invalidation broadcasting is still missing,
but for now this is enough to get Linux up and running.

I've used the chance while touching the code to also clean up ugly
code that just diverged over time between the 3 KVM capable PPC
targets (frequency device-tree entries). They're intertwined with
this series, but I hope not too hard to understand, so they don't
hurt being there.

Alexander Graf (23):
  PPC: Add secondary CPU spinning code
  PPC: Move openpic to target specific code compilation
  PPC: Add CPU definitions for up to 32 guest CPUs
  PPC: Add CPU local MMIO regions to MPIC
  PPC: Extend MPIC MMIO range
  PPC: Fix IPI support in MPIC
  PPC: Remove cINT code from MPIC
  PPC: Bump MPIC up to 32 supported CPUs
  PPC: E500: create multiple envs
  PPC: E500: Generate IRQ lines for many CPUs
  PPC: E500: Use spin code for secondary CPUs
  device tree: add nop_node
  PPC: bamboo: Move host fdt copy to target
  PPC: KVM: Add generic function to read host clockfreq
  PPC: E500: Use generic kvm function for freq
  PPC: E500: Remove mpc8544_copy_soc_cell
  PPC: bamboo: Use kvm api for freq and clock frequencies
  PPC: KVM: Remove kvmppc_read_host_property
  PPC: KVM: Add stubs for kvm helper functions
  PPC: E500: Update freqs for all CPUs
  PPC: E500: Remove unneeded CPU nodes
  PPC: E500: Update cpu-release-addr property in cpu nodes
  PPC: E500: Bump CPU count to 32

 Makefile.objs  |1 -
 Makefile.target|2 +
 device_tree.c  |   11 ++
 device_tree.h  |1 +
 hw/openpic.c   |  148 ++--
 hw/ppc440_bamboo.c |   16 ++-
 hw/ppce500_mpc8544ds.c |  159 +-
 pc-bios/mpc8544ds.dtb  |  Bin 2277 -> 9699 bytes
 pc-bios/mpc8544ds.dts  |  437 
 pc-bios/ppc_spin.c |   97 +++
 pc-bios/ppc_spin.elf   |  Bin 0 -> 66553 bytes
 target-ppc/kvm.c   |   65 +++
 target-ppc/kvm_ppc.c   |   65 ---
 target-ppc/kvm_ppc.h   |   39 +++--
 14 files changed, 823 insertions(+), 218 deletions(-)
 create mode 100644 pc-bios/ppc_spin.c
 create mode 100755 pc-bios/ppc_spin.elf

[Qemu-devel] [RFC v5 16/86] pc: grab system_memory

[Avi Kivity]

While eventually this should come from the machine initialization function,
take a short cut to avoid converting all machines now.

Signed-off-by: Avi Kivity 
---
 hw/pc.c  |3 ++-
 hw/pc.h  |4 +++-
 hw/pc_piix.c |8 +++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/hw/pc.c b/hw/pc.c
index a3e8539..369566a 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -957,7 +957,8 @@ void pc_cpus_init(const char *cpu_model)
 }
 }
 
-void pc_memory_init(const char *kernel_filename,
+void pc_memory_init(MemoryRegion *system_memory,
+const char *kernel_filename,
 const char *kernel_cmdline,
 const char *initrd_filename,
 ram_addr_t below_4g_mem_size,
diff --git a/hw/pc.h b/hw/pc.h
index 6d5730b..fa57583 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -6,6 +6,7 @@
 #include "isa.h"
 #include "fdc.h"
 #include "net.h"
+#include "memory.h"
 
 /* PC-style peripherals (also used by other machines).  */
 
@@ -129,7 +130,8 @@ void pc_cmos_set_s3_resume(void *opaque, int irq, int 
level);
 void pc_acpi_smi_interrupt(void *opaque, int irq, int level);
 
 void pc_cpus_init(const char *cpu_model);
-void pc_memory_init(const char *kernel_filename,
+void pc_memory_init(MemoryRegion *system_memory,
+const char *kernel_filename,
 const char *kernel_cmdline,
 const char *initrd_filename,
 ram_addr_t below_4g_mem_size,
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index c5c16b4..d83854c 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -39,6 +39,8 @@
 #include "blockdev.h"
 #include "smbus.h"
 #include "xen.h"
+#include "memory.h"
+#include "exec-memory.h"
 #ifdef CONFIG_XEN
 #  include 
 #endif
@@ -89,6 +91,9 @@ static void pc_init1(ram_addr_t ram_size,
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 BusState *idebus[MAX_IDE_BUS];
 ISADevice *rtc_state;
+MemoryRegion *system_memory;
+
+system_memory = get_system_memory();
 
 pc_cpus_init(cpu_model);
 
@@ -106,7 +111,8 @@ static void pc_init1(ram_addr_t ram_size,
 
 /* allocate ram and load rom/bios */
 if (!xen_enabled()) {
-pc_memory_init(kernel_filename, kernel_cmdline, initrd_filename,
+pc_memory_init(system_memory,
+   kernel_filename, kernel_cmdline, initrd_filename,
below_4g_mem_size, above_4g_mem_size);
 }
 
-- 
1.7.5.3

[Qemu-devel] [RFC v5 75/86] ppc4xx_sdram: convert to memory API

[Avi Kivity]

Clumsy due to the lack of clipping support, needed for
changing exposed ram size.

Signed-off-by: Avi Kivity 
---
 hw/ppc405.h|9 ++---
 hw/ppc405_boards.c |   18 +-
 hw/ppc405_uc.c |   12 
 hw/ppc440.c|7 +--
 hw/ppc4xx.h|2 ++
 hw/ppc4xx_devs.c   |   51 ---
 6 files changed, 70 insertions(+), 29 deletions(-)

diff --git a/hw/ppc405.h b/hw/ppc405.h
index e042a05..f0e81a6 100644
--- a/hw/ppc405.h
+++ b/hw/ppc405.h
@@ -59,16 +59,19 @@ struct ppc4xx_bd_info_t {
 ram_addr_t ppc405_set_bootinfo (CPUState *env, ppc4xx_bd_info_t *bd,
 uint32_t flags);
 
-CPUState *ppc405cr_init (target_phys_addr_t ram_bases[4],
+CPUState *ppc405cr_init (MemoryRegion ram_memories[4],
+ target_phys_addr_t ram_bases[4],
  target_phys_addr_t ram_sizes[4],
  uint32_t sysclk, qemu_irq **picp,
  int do_init);
-CPUState *ppc405ep_init (target_phys_addr_t ram_bases[2],
+CPUState *ppc405ep_init (MemoryRegion ram_memories[2],
+ target_phys_addr_t ram_bases[2],
  target_phys_addr_t ram_sizes[2],
  uint32_t sysclk, qemu_irq **picp,
  int do_init);
 /* IBM STBxxx microcontrollers */
-CPUState *ppc_stb025_init (target_phys_addr_t ram_bases[2],
+CPUState *ppc_stb025_init (MemoryRegion ram_memories[2],
+   target_phys_addr_t ram_bases[2],
target_phys_addr_t ram_sizes[2],
uint32_t sysclk, qemu_irq **picp,
ram_addr_t *offsetp);
diff --git a/hw/ppc405_boards.c b/hw/ppc405_boards.c
index ad27181..c9fe9a2 100644
--- a/hw/ppc405_boards.c
+++ b/hw/ppc405_boards.c
@@ -182,6 +182,7 @@ static void ref405ep_init (ram_addr_t ram_size,
 CPUPPCState *env;
 qemu_irq *pic;
 ram_addr_t sram_offset, bios_offset, bdloc;
+MemoryRegion *ram_memories = qemu_malloc(2 * sizeof(*ram_memories));
 target_phys_addr_t ram_bases[2], ram_sizes[2];
 target_ulong sram_size;
 long bios_size;
@@ -194,15 +195,17 @@ static void ref405ep_init (ram_addr_t ram_size,
 DriveInfo *dinfo;
 
 /* XXX: fix this */
-ram_bases[0] = qemu_ram_alloc(NULL, "ef405ep.ram", 0x0800);
+memory_region_init_ram(&ram_memories[0], NULL, "ef405ep.ram", 0x0800);
+ram_bases[0] = 0;
 ram_sizes[0] = 0x0800;
+memory_region_init(&ram_memories[1], "ef405ep.ram1", 0);
 ram_bases[1] = 0x;
 ram_sizes[1] = 0x;
 ram_size = 128 * 1024 * 1024;
 #ifdef DEBUG_BOARD_INIT
 printf("%s: register cpu\n", __func__);
 #endif
-env = ppc405ep_init(ram_bases, ram_sizes, , &pic,
+env = ppc405ep_init(ram_memories, ram_bases, ram_sizes, , &pic,
 kernel_filename == NULL ? 0 : 1);
 /* allocate SRAM */
 sram_size = 512 * 1024;
@@ -505,6 +508,7 @@ static void taihu_405ep_init(ram_addr_t ram_size,
 char *filename;
 qemu_irq *pic;
 ram_addr_t bios_offset;
+MemoryRegion *ram_memories = qemu_malloc(2 * sizeof(*ram_memories));
 target_phys_addr_t ram_bases[2], ram_sizes[2];
 long bios_size;
 target_ulong kernel_base, initrd_base;
@@ -514,15 +518,19 @@ static void taihu_405ep_init(ram_addr_t ram_size,
 DriveInfo *dinfo;
 
 /* RAM is soldered to the board so the size cannot be changed */
-ram_bases[0] = qemu_ram_alloc(NULL, "taihu_405ep.ram-0", 0x0400);
+memory_region_init_ram(&ram_memories[0], NULL,
+   "taihu_405ep.ram-0", 0x0400);
+ram_bases[0] = 0;
 ram_sizes[0] = 0x0400;
-ram_bases[1] = qemu_ram_alloc(NULL, "taihu_405ep.ram-1", 0x0400);
+memory_region_init_ram(&ram_memories[1], NULL,
+   "taihu_405ep.ram-1", 0x0400);
+ram_bases[1] = 0x0400;
 ram_sizes[1] = 0x0400;
 ram_size = 0x0800;
 #ifdef DEBUG_BOARD_INIT
 printf("%s: register cpu\n", __func__);
 #endif
-ppc405ep_init(ram_bases, ram_sizes, , &pic,
+ppc405ep_init(ram_memories, ram_bases, ram_sizes, , &pic,
   kernel_filename == NULL ? 0 : 1);
 /* allocate and load BIOS */
 #ifdef DEBUG_BOARD_INIT
diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index e5b18fe..47e00e7 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -2108,7 +2108,8 @@ static void ppc405cr_cpc_init (CPUState *env, clk_setup_t 
clk_setup[7],
 qemu_register_reset(ppc405cr_cpc_reset, cpc);
 }
 
-CPUState *ppc405cr_init (target_phys_addr_t ram_bases[4],
+CPUState *ppc405cr_init (MemoryRegion ram_memories[4],
+ target_phys_addr_t ram_bases[4],
  target_phys_addr_t ram_sizes[4],
  uint32_t sysclk, qemu_irq **picp,
  int do_init)
@@ -2137,7 +

Re: [Qemu-devel] live snapshot wiki updated

[Blue Swirl]

On Wed, Jul 20, 2011 at 9:17 PM, Eric Blake  wrote:
> On 07/20/2011 12:00 PM, Blue Swirl wrote:

 Let's have files A, B, C etc. with backing files AA etc. How would
 libvirt know that when QEMU wants to write to file CA, this is because
 it's needed to access C, or is it just trickery by a devious guest to
 corrupt storage?
>>>
>>> The fix for CVE-2010-2238 already deals with this: if primary image C
>>> refers
>>> to backing file CA of raw format, but does not state what file format CA
>>> contains, then a malicious guest can modify the contents of CA to appear
>>> to
>>> be yet another qcow2 image.  At which point, if libvirt follows the
>>> backing
>>> file specified in CA, then yes, the malicious guest really can cause
>>> libvirt
>>> to expose arbitrary file CB for manipulation by the guest.  But that
>>> security hole was already plugged - by default, libvirt refuses to probe
>>> backing files parsed from qcow2 headers for file format, but instead
>>> requires the outer qcow2 header to also include the a file format
>>> designation for the backing file.  At which point, you then have a safe
>>> chain: if C refers to CA, then libvirt knows that both C and CA are
>>> essential to the storage presented by giving qemu the file name C, and
>>> the
>>> guest will already be modifying CA, but there is no storage corruption
>>> involved.
>>
>> But what if CA is accessed even if C is not? For example, QEMU opens C
>> (to determine CA and write new information about the path), closes it
>> and then requests CA?
>
> Why is qemu trying to access CA?
>
> Either because CA was mentioned as a backing file for C (in which case
> libvirt already knows about it, because either libvirt handed C to qemu at
> startup time after already parsing C's headers to learn that CA is a backing
> file, or because libvirt called the snapshot_blkdev command with the intent
> of having qemu populate CA with C as its backing file), or because qemu has
> a bug (in which case, libvirt should refuse the access to CA).

So no new backing files can be introduced by QEMU after it has started
without libvirt knowing it?

> Libvirt is already perfectly capable of tracking all files that qemu might
> need to access, and whether it is qemu or libvirt that does the open() of
> those files, we can still have libvirt validate whether each request for a
> file makes sense given the context of all previous files in use from the
> time the qemu command line was invoked and across all monitor commands in
> the meantime.
>
> On non-NFS solutions, where every file can have a SELinux label, then the
> security is then present by merely having libvirt relabel all such files to
> a unique label for that particular qemu process, and SELinux merely enforces
> that qemu cannot open() anything but what libvirt has already labeled.  And
> since libvirt already knows which files to label in the non-NFS scenario, it
> already knows which fds to pass in the NFS scenario, at which point the
> ability to prevent qemu from open()ing an NFS file is a security
> enhancement.
>
> Your question about qemu wanting to use CA is thus answered independently of
> whether the fd management solution is solved by libvirt handing an fd for CA
> to qemu prior to any monitor command where qemu will then need to use CA, or
> whether qemu is taught to asynchronously ask libvirt to open an fd for CA on
> qemu's behalf.  The answer is that libvirt already tracks whether qemu
> should access CA, and just needs a way to enforce that knowledge.  The
> enforcement already exists for non-NFS via SELinux labels, and the proposal
> to add fd handling will expand that enforcement to also cover NFS.

OK. I think fds would be useful internally in a privilege separation
mode in plain QEMU too.

[Qemu-devel] [RFC v5 08/86] memory: late initialization of ram_addr

[Avi Kivity]

For non-RAM memory regions, we cannot tell whether this is an I/O region
or an MMIO region.  Since the qemu backing registration is different for
the two, we have to defer initialization until we know which address
space we are in.

These shenanigans will be removed once the backing registration is unified
with the memory API.

Signed-off-by: Avi Kivity 
---
 memory.c |   24 
 memory.h |1 +
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/memory.c b/memory.c
index 5fda4a0..bc8bfa2 100644
--- a/memory.c
+++ b/memory.c
@@ -158,10 +158,14 @@ static void flatview_simplify(FlatView *view)
 }
 }
 
+static void memory_region_prepare_ram_addr(MemoryRegion *mr);
+
 static void as_memory_range_add(AddressSpace *as, FlatRange *fr)
 {
 ram_addr_t phys_offset, region_offset;
 
+memory_region_prepare_ram_addr(fr->mr);
+
 phys_offset = fr->mr->ram_addr;
 region_offset = fr->offset_in_region;
 /* cpu_register_physical_memory_log() wants region_offset for
@@ -512,6 +516,19 @@ static CPUWriteMemoryFunc * const 
memory_region_write_thunk[] = {
 memory_region_write_thunk_l,
 };
 
+static void memory_region_prepare_ram_addr(MemoryRegion *mr)
+{
+if (mr->backend_registered) {
+return;
+}
+
+mr->ram_addr = cpu_register_io_memory(memory_region_read_thunk,
+  memory_region_write_thunk,
+  mr,
+  mr->ops->endianness);
+mr->backend_registered = true;
+}
+
 void memory_region_init_io(MemoryRegion *mr,
const MemoryRegionOps *ops,
void *opaque,
@@ -522,10 +539,7 @@ void memory_region_init_io(MemoryRegion *mr,
 mr->ops = ops;
 mr->opaque = opaque;
 mr->terminates = true;
-mr->ram_addr = cpu_register_io_memory(memory_region_read_thunk,
-  memory_region_write_thunk,
-  mr,
-  mr->ops->endianness);
+mr->backend_registered = false;
 }
 
 void memory_region_init_ram(MemoryRegion *mr,
@@ -536,6 +550,7 @@ void memory_region_init_ram(MemoryRegion *mr,
 memory_region_init(mr, name, size);
 mr->terminates = true;
 mr->ram_addr = qemu_ram_alloc(dev, name, size);
+mr->backend_registered = true;
 }
 
 void memory_region_init_ram_ptr(MemoryRegion *mr,
@@ -547,6 +562,7 @@ void memory_region_init_ram_ptr(MemoryRegion *mr,
 memory_region_init(mr, name, size);
 mr->terminates = true;
 mr->ram_addr = qemu_ram_alloc_from_ptr(dev, name, size, ptr);
+mr->backend_registered = true;
 }
 
 void memory_region_init_alias(MemoryRegion *mr,
diff --git a/memory.h b/memory.h
index 2ad7202..0994b18 100644
--- a/memory.h
+++ b/memory.h
@@ -76,6 +76,7 @@ struct MemoryRegion {
 uint64_t size;
 target_phys_addr_t addr;
 target_phys_addr_t offset;
+bool backend_registered;
 ram_addr_t ram_addr;
 bool terminates;
 MemoryRegion *alias;
-- 
1.7.5.3

[Qemu-devel] [RFC v5 54/86] xen-platform: convert to memory API

[Avi Kivity]

Since this device bypasses PCI and registers I/O ports directly with
the system bus, it needs further attention.

Signed-off-by: Avi Kivity 
---
 hw/xen_platform.c |   83 
 1 files changed, 51 insertions(+), 32 deletions(-)

diff --git a/hw/xen_platform.c b/hw/xen_platform.c
index f43e175..42efd6f 100644
--- a/hw/xen_platform.c
+++ b/hw/xen_platform.c
@@ -51,6 +51,9 @@
 
 typedef struct PCIXenPlatformState {
 PCIDevice  pci_dev;
+MemoryRegion fixed_io;
+MemoryRegion bar;
+MemoryRegion mmio_bar;
 uint8_t flags; /* used only for version_id == 2 */
 int drivers_blacklisted;
 uint16_t driver_product_version;
@@ -180,21 +183,34 @@ static void platform_fixed_ioport_reset(void *opaque)
 platform_fixed_ioport_writeb(s, XEN_PLATFORM_IOPORT, 0);
 }
 
+const MemoryRegionPortio xen_platform_ioport[] = {
+{ 0, 16, 4, .write = platform_fixed_ioport_writel, },
+{ 0, 16, 2, .write = platform_fixed_ioport_writew, },
+{ 0, 16, 1, .write = platform_fixed_ioport_writeb, },
+{ 0, 16, 2, .read = platform_fixed_ioport_readw, },
+{ 0, 16, 1, .read = platform_fixed_ioport_readb, },
+PORTIO_END
+};
+
+static const MemoryRegionOps platform_fixed_io_ops = {
+.old_portio = xen_platform_ioport,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+#include "exec-memory.h"
+
 static void platform_fixed_ioport_init(PCIXenPlatformState* s)
 {
-register_ioport_write(XEN_PLATFORM_IOPORT, 16, 4, 
platform_fixed_ioport_writel, s);
-register_ioport_write(XEN_PLATFORM_IOPORT, 16, 2, 
platform_fixed_ioport_writew, s);
-register_ioport_write(XEN_PLATFORM_IOPORT, 16, 1, 
platform_fixed_ioport_writeb, s);
-register_ioport_read(XEN_PLATFORM_IOPORT, 16, 2, 
platform_fixed_ioport_readw, s);
-register_ioport_read(XEN_PLATFORM_IOPORT, 16, 1, 
platform_fixed_ioport_readb, s);
+memory_region_init_io(&s->fixed_io, &platform_fixed_io_ops, s,
+  "xen-fixed", 16);
+memory_region_add_subregion(get_system_io(), XEN_PLATFORM_IOPORT,
+&s->fixed_io);
 }
 
 /* Xen Platform PCI Device */
 
 static uint32_t xen_platform_ioport_readb(void *opaque, uint32_t addr)
 {
-addr &= 0xff;
-
 if (addr == 0) {
 return platform_fixed_ioport_readb(opaque, XEN_PLATFORM_IOPORT);
 } else {
@@ -206,9 +222,6 @@ static void xen_platform_ioport_writeb(void *opaque, 
uint32_t addr, uint32_t val
 {
 PCIXenPlatformState *s = opaque;
 
-addr &= 0xff;
-val  &= 0xff;
-
 switch (addr) {
 case 0: /* Platform flags */
 platform_fixed_ioport_writeb(opaque, XEN_PLATFORM_IOPORT, val);
@@ -221,15 +234,23 @@ static void xen_platform_ioport_writeb(void *opaque, 
uint32_t addr, uint32_t val
 }
 }
 
-static void platform_ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t 
addr, pcibus_t size, int type)
-{
-PCIXenPlatformState *d = DO_UPCAST(PCIXenPlatformState, pci_dev, pci_dev);
+static MemoryRegionPortio xen_pci_portio[] = {
+{ 0, 0x100, 1, .read = xen_platform_ioport_readb, },
+{ 0, 0x100, 1, .write = xen_platform_ioport_writeb, },
+PORTIO_END
+};
+
+static const MemoryRegionOps xen_pci_io_ops = {
+.old_portio = xen_pci_portio,
+};
 
-register_ioport_write(addr, size, 1, xen_platform_ioport_writeb, d);
-register_ioport_read(addr, size, 1, xen_platform_ioport_readb, d);
+static void platform_ioport_bar_setup(PCIXenPlatformState *d)
+{
+memory_region_init_io(&d->bar, &xen_pci_io_ops, d, "xen-pci", 0x100);
 }
 
-static uint32_t platform_mmio_read(ReadWriteHandler *handler, pcibus_t addr, 
int len)
+static uint64_t platform_mmio_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 DPRINTF("Warning: attempted read from physical address "
 "0x" TARGET_FMT_plx " in xen platform mmio space\n", addr);
@@ -237,28 +258,24 @@ static uint32_t platform_mmio_read(ReadWriteHandler 
*handler, pcibus_t addr, int
 return 0;
 }
 
-static void platform_mmio_write(ReadWriteHandler *handler, pcibus_t addr,
-uint32_t val, int len)
+static void platform_mmio_write(void *opaque, target_phys_addr_t addr,
+uint64_t val, unsigned size)
 {
-DPRINTF("Warning: attempted write of 0x%x to physical "
+DPRINTF("Warning: attempted write of 0x%"PRIx64" to physical "
 "address 0x" TARGET_FMT_plx " in xen platform mmio space\n",
 val, addr);
 }
 
-static ReadWriteHandler platform_mmio_handler = {
+static const MemoryRegionOps platform_mmio_handler = {
 .read = &platform_mmio_read,
 .write = &platform_mmio_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void platform_mmio_map(PCIDevice *d, int region_num,
-  pcibus_t addr, pcibus_t size, int type)
+static void platform_mmio_setup(PCIXenPlatformState *d)
 {
-int mmio_io_addr;
-
-mmio_io_addr = cpu_regis

[Qemu-devel] [RFC v5 23/86] pci: add API to get a BAR's mapped address

[Avi Kivity]

This is a hack, for devices that have a back-channel to read this
address back outside the normal configuration mechanisms, such
as VMware svga.

Signed-off-by: Avi Kivity 
---
 hw/pci.c |5 +
 hw/pci.h |1 +
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 36db58b..912f849 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -952,6 +952,11 @@ void pci_register_bar_region(PCIDevice *pci_dev, int 
region_num,
 pci_dev->io_regions[region_num].memory = memory;
 }
 
+pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num)
+{
+return pci_dev->io_regions[region_num].addr;
+}
+
 static void pci_bridge_filter(PCIDevice *d, pcibus_t *addr, pcibus_t *size,
   uint8_t type)
 {
diff --git a/hw/pci.h b/hw/pci.h
index c51156d..64282ad 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -207,6 +207,7 @@ void pci_register_bar_simple(PCIDevice *pci_dev, int 
region_num,
  pcibus_t size, uint8_t attr, ram_addr_t ram_addr);
 void pci_register_bar_region(PCIDevice *pci_dev, int region_num,
  uint8_t attr, MemoryRegion *memory);
+pcibus_t pci_get_bar_addr(PCIDevice *pci_dev, int region_num);
 
 int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
uint8_t offset, uint8_t size);
-- 
1.7.5.3

[Qemu-devel] [PATCH 37/55] ide/atapi: Preserve tray state on migration

[Markus Armbruster]

Use a subsection, so that migration to older version still works,
provided the tray is closed and unlocked.

Signed-off-by: Markus Armbruster 
---
 hw/ide/core.c |   32 
 1 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 709645e..90ad497 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2042,6 +2042,22 @@ static bool ide_drive_pio_state_needed(void *opaque)
 || (s->bus->error_status & BM_STATUS_PIO_RETRY);
 }
 
+static int ide_tray_state_post_load(void *opaque, int version_id)
+{
+IDEState *s = opaque;
+
+bdrv_eject(s->bs, s->tray_open);
+bdrv_lock_medium(s->bs, s->tray_locked);
+return 0;
+}
+
+static bool ide_tray_state_needed(void *opaque)
+{
+IDEState *s = opaque;
+
+return s->tray_open || s->tray_locked;
+}
+
 static bool ide_atapi_gesn_needed(void *opaque)
 {
 IDEState *s = opaque;
@@ -2069,6 +2085,19 @@ static const VMStateDescription 
vmstate_ide_atapi_gesn_state = {
 }
 };
 
+static const VMStateDescription vmstate_ide_tray_state = {
+.name = "ide_drive/tray_state",
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.post_load = ide_tray_state_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(tray_open, IDEState),
+VMSTATE_BOOL(tray_locked, IDEState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_ide_drive_pio_state = {
 .name = "ide_drive/pio_state",
 .version_id = 1,
@@ -2123,6 +2152,9 @@ const VMStateDescription vmstate_ide_drive = {
 .vmsd = &vmstate_ide_drive_pio_state,
 .needed = ide_drive_pio_state_needed,
 }, {
+.vmsd = &vmstate_ide_tray_state,
+.needed = ide_tray_state_needed,
+}, {
 .vmsd = &vmstate_ide_atapi_gesn_state,
 .needed = ide_atapi_gesn_needed,
 }, {
-- 
1.7.2.3

[Qemu-devel] [RFC v5 46/86] ppc: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/cuda.c |6 ++-
 hw/escc.c |   42 +--
 hw/escc.h |2 +-
 hw/heathrow_pic.c |   29 --
 hw/ide.h  |2 +-
 hw/ide/macio.c|   36 ---
 hw/mac_dbdma.c|   32 ++--
 hw/mac_dbdma.h|4 ++-
 hw/mac_nvram.c|   39 ++---
 hw/macio.c|   74 +++-
 hw/openpic.c  |   81 +
 hw/openpic.h  |2 +-
 hw/ppc_mac.h  |   16 ++
 hw/ppc_newworld.c |   30 +--
 hw/ppc_oldworld.c |   23 +++
 15 files changed, 201 insertions(+), 217 deletions(-)

diff --git a/hw/cuda.c b/hw/cuda.c
index 065c362..5c92d81 100644
--- a/hw/cuda.c
+++ b/hw/cuda.c
@@ -117,6 +117,7 @@ typedef struct CUDATimer {
 } CUDATimer;
 
 typedef struct CUDAState {
+MemoryRegion mem;
 /* cuda registers */
 uint8_t b;  /* B-side data */
 uint8_t a;  /* A-side data */
@@ -722,7 +723,7 @@ static void cuda_reset(void *opaque)
 set_counter(s, &s->timers[1], 0x);
 }
 
-void cuda_init (int *cuda_mem_index, qemu_irq irq)
+void cuda_init (MemoryRegion **cuda_mem, qemu_irq irq)
 {
 struct tm tm;
 CUDAState *s = &cuda_state;
@@ -738,8 +739,9 @@ void cuda_init (int *cuda_mem_index, qemu_irq irq)
 s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
 
 s->adb_poll_timer = qemu_new_timer_ns(vm_clock, cuda_adb_poll, s);
-*cuda_mem_index = cpu_register_io_memory(cuda_read, cuda_write, s,
+cpu_register_io_memory(cuda_read, cuda_write, s,
  DEVICE_NATIVE_ENDIAN);
+*cuda_mem = &s->mem;
 vmstate_register(NULL, -1, &vmstate_cuda, s);
 qemu_register_reset(cuda_reset, s);
 }
diff --git a/hw/escc.c b/hw/escc.c
index f6fd919..bea5873 100644
--- a/hw/escc.c
+++ b/hw/escc.c
@@ -126,7 +126,7 @@ struct SerialState {
 SysBusDevice busdev;
 struct ChannelState chn[2];
 uint32_t it_shift;
-int mmio_index;
+MemoryRegion mmio;
 uint32_t disabled;
 uint32_t frequency;
 };
@@ -490,7 +490,8 @@ static void escc_update_parameters(ChannelState *s)
 qemu_chr_ioctl(s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
 }
 
-static void escc_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t 
val)
+static void escc_mem_write(void *opaque, target_phys_addr_t addr,
+   uint64_t val, unsigned size)
 {
 SerialState *serial = opaque;
 ChannelState *s;
@@ -592,7 +593,8 @@ static void escc_mem_writeb(void *opaque, 
target_phys_addr_t addr, uint32_t val)
 }
 }
 
-static uint32_t escc_mem_readb(void *opaque, target_phys_addr_t addr)
+static uint64_t escc_mem_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 SerialState *serial = opaque;
 ChannelState *s;
@@ -627,6 +629,16 @@ static uint32_t escc_mem_readb(void *opaque, 
target_phys_addr_t addr)
 return 0;
 }
 
+static const MemoryRegionOps escc_mem_ops = {
+.read = escc_mem_read,
+.write = escc_mem_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.valid = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+};
+
 static int serial_can_receive(void *opaque)
 {
 ChannelState *s = opaque;
@@ -668,18 +680,6 @@ static void serial_event(void *opaque, int event)
 serial_receive_break(s);
 }
 
-static CPUReadMemoryFunc * const escc_mem_read[3] = {
-escc_mem_readb,
-NULL,
-NULL,
-};
-
-static CPUWriteMemoryFunc * const escc_mem_write[3] = {
-escc_mem_writeb,
-NULL,
-NULL,
-};
-
 static const VMStateDescription vmstate_escc_chn = {
 .name ="escc_chn",
 .version_id = 2,
@@ -712,7 +712,7 @@ static const VMStateDescription vmstate_escc = {
 }
 };
 
-int escc_init(target_phys_addr_t base, qemu_irq irqA, qemu_irq irqB,
+MemoryRegion *escc_init(target_phys_addr_t base, qemu_irq irqA, qemu_irq irqB,
   CharDriverState *chrA, CharDriverState *chrB,
   int clock, int it_shift)
 {
@@ -737,7 +737,7 @@ int escc_init(target_phys_addr_t base, qemu_irq irqA, 
qemu_irq irqB,
 }
 
 d = FROM_SYSBUS(SerialState, s);
-return d->mmio_index;
+return &d->mmio;
 }
 
 static const uint8_t keycodes[128] = {
@@ -901,7 +901,6 @@ void slavio_serial_ms_kbd_init(target_phys_addr_t base, 
qemu_irq irq,
 static int escc_init1(SysBusDevice *dev)
 {
 SerialState *s = FROM_SYSBUS(SerialState, dev);
-int io;
 unsigned int i;
 
 s->chn[0].disabled = s->disabled;
@@ -918,10 +917,9 @@ static int escc_init1(SysBusDevice *dev)
 s->chn[0].otherchn = &s->chn[1];
 s->chn[1].otherchn = &s->chn[0];
 
-io = cpu_register_io_memory(escc_mem_read, escc_mem_write, s,
-DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, ESCC_SIZE << s->it_shift, io);
-s->mmio_index = io;
+memory_regio

Re: [Qemu-devel] [RFC v5 00/86] Memory API

[Jan Kiszka]

On 2011-07-20 18:49, Avi Kivity wrote:
> New in this version:
>   - more mindless conversions; I believe there are no longer any destructive
> operations in the tree (IO_MEM_UNASSIGNED)
>   - fix memory map generation bug (patch 13)
>   - proper 440FX PAM/SMRAM and PCI holes
> 

This on top fixes standard VGA dirty logging:

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index e367052..8e8b24c 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -2944,8 +2944,6 @@ static int pci_cirrus_vga_initfn(PCIDevice *dev)
 memory_region_add_subregion(&s->pci_bar, 0x100,
 &s->cirrus_linear_bitblt_io);
 
-vga_dirty_log_start(&s->vga);
-
  /* setup memory space */
  /* memory #0 LFB */
  /* memory #1 memory-mapped I/O */
diff --git a/hw/vga.c b/hw/vga.c
index 5a78b71..8acc545 100644
--- a/hw/vga.c
+++ b/hw/vga.c
@@ -2195,6 +2195,7 @@ void vga_common_init(VGACommonState *s, int vga_ram_size)
 s->update_retrace_info = vga_precise_update_retrace_info;
 break;
 }
+vga_dirty_log_start(s);
 }
 
 /* used by both ISA and PCI */

Cirrus is still broken (test case: grub), debugging ATM.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

[Qemu-devel] [RFC v5 43/86] ahci: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/ide/ahci.c |   31 +--
 hw/ide/ahci.h |2 +-
 hw/ide/ich.c  |3 +--
 3 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 1f008a3..e207ca0 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -276,12 +276,12 @@ static void  ahci_port_write(AHCIState *s, int port, int 
offset, uint32_t val)
 }
 }
 
-static uint32_t ahci_mem_readl(void *ptr, target_phys_addr_t addr)
+static uint64_t ahci_mem_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
-AHCIState *s = ptr;
+AHCIState *s = opaque;
 uint32_t val = 0;
 
-addr = addr & 0xfff;
 if (addr < AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR) {
 switch (addr) {
 case HOST_CAP:
@@ -314,10 +314,10 @@ static uint32_t ahci_mem_readl(void *ptr, 
target_phys_addr_t addr)
 
 
 
-static void ahci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val)
+static void ahci_mem_write(void *opaque, target_phys_addr_t addr,
+   uint64_t val, unsigned size)
 {
-AHCIState *s = ptr;
-addr = addr & 0xfff;
+AHCIState *s = opaque;
 
 /* Only aligned reads are allowed on AHCI */
 if (addr & 3) {
@@ -364,16 +364,10 @@ static void ahci_mem_writel(void *ptr, target_phys_addr_t 
addr, uint32_t val)
 
 }
 
-static CPUReadMemoryFunc * const ahci_readfn[3]={
-ahci_mem_readl,
-ahci_mem_readl,
-ahci_mem_readl
-};
-
-static CPUWriteMemoryFunc * const ahci_writefn[3]={
-ahci_mem_writel,
-ahci_mem_writel,
-ahci_mem_writel
+static MemoryRegionOps ahci_mem_ops = {
+.read = ahci_mem_read,
+.write = ahci_mem_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static void ahci_reg_init(AHCIState *s)
@@ -1131,8 +1125,8 @@ void ahci_init(AHCIState *s, DeviceState *qdev, int ports)
 s->ports = ports;
 s->dev = qemu_mallocz(sizeof(AHCIDevice) * ports);
 ahci_reg_init(s);
-s->mem = cpu_register_io_memory(ahci_readfn, ahci_writefn, s,
-DEVICE_LITTLE_ENDIAN);
+/* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
+memory_region_init_io(&s->mem, &ahci_mem_ops, s, "ahci", 0x1000);
 irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
 
 for (i = 0; i < s->ports; i++) {
@@ -1151,6 +1145,7 @@ void ahci_init(AHCIState *s, DeviceState *qdev, int ports)
 
 void ahci_uninit(AHCIState *s)
 {
+memory_region_destroy(&s->mem);
 qemu_free(s->dev);
 }
 
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index dc86951..e456193 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -289,7 +289,7 @@ struct AHCIDevice {
 typedef struct AHCIState {
 AHCIDevice *dev;
 AHCIControlRegs control_regs;
-int mem;
+MemoryRegion mem;
 int ports;
 qemu_irq irq;
 } AHCIState;
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index 054e073..7e497c3 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -93,8 +93,7 @@ static int pci_ich9_ahci_init(PCIDevice *dev)
 msi_init(dev, 0x50, 1, true, false);
 d->ahci.irq = d->card.irq[0];
 
-/* XXX BAR size should be 1k, but that breaks, so bump it to 4k for now */
-pci_register_bar_simple(&d->card, 5, 0x1000, 0, d->ahci.mem);
+pci_register_bar_region(&d->card, 5, 0, &d->ahci.mem);
 
 return 0;
 }
-- 
1.7.5.3

[Qemu-devel] [PATCH 2/2] target-arm: Mark 1136r1 as a v6K core

[Peter Maydell]

The 1136r1 is actually a v6K core (unlike the 1136r0); mark it as such,
thus enabling the TLS registers, NOP hints, CLREX, half and byte wide
exclusive load/stores, etc.

The VA-to-PA translation registers are not present on 1136r1, so
introduce a new feature flag for them, which is enabled on 1176,
11MPCore and all v7 cores.

Signed-off-by: Peter Maydell 
---
 target-arm/cpu.h|1 +
 target-arm/helper.c |   22 --
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1e74eb8..961a489 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -368,6 +368,7 @@ enum arm_features {
 ARM_FEATURE_V4T,
 ARM_FEATURE_V5,
 ARM_FEATURE_STRONGARM,
+ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
 };
 
 static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index cff7c6f..755a60d 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -76,13 +76,24 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t 
id)
 env->cp15.c0_cachetype = 0x1dd20d2;
 env->cp15.c1_sys = 0x00090078;
 break;
-case ARM_CPUID_ARM1136_R2:
 case ARM_CPUID_ARM1136:
+/* This is the 1136 r1, which is a v6K core */
+set_feature(env, ARM_FEATURE_V6K);
+/* Fall through */
+case ARM_CPUID_ARM1136_R2:
+/* What qemu calls "arm1136_r2" is actually the 1136 r0p2, ie an
+ * older core than plain "arm1136". In particular this does not
+ * have the v6K features.
+ */
 set_feature(env, ARM_FEATURE_V4T);
 set_feature(env, ARM_FEATURE_V5);
 set_feature(env, ARM_FEATURE_V6);
 set_feature(env, ARM_FEATURE_VFP);
 set_feature(env, ARM_FEATURE_AUXCR);
+/* These ID register values are correct for 1136 but may be wrong
+ * for 1136_r2 (in particular r0p2 does not actually implement most
+ * of the ID registers).
+ */
 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
 env->vfp.xregs[ARM_VFP_MVFR0] = 0x;
 env->vfp.xregs[ARM_VFP_MVFR1] = 0x;
@@ -98,6 +109,7 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
 set_feature(env, ARM_FEATURE_V6K);
 set_feature(env, ARM_FEATURE_VFP);
 set_feature(env, ARM_FEATURE_AUXCR);
+set_feature(env, ARM_FEATURE_VAPA);
 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b5;
 env->vfp.xregs[ARM_VFP_MVFR0] = 0x;
 env->vfp.xregs[ARM_VFP_MVFR1] = 0x;
@@ -113,6 +125,7 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t 
id)
 set_feature(env, ARM_FEATURE_V6K);
 set_feature(env, ARM_FEATURE_VFP);
 set_feature(env, ARM_FEATURE_AUXCR);
+set_feature(env, ARM_FEATURE_VAPA);
 env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b4;
 env->vfp.xregs[ARM_VFP_MVFR0] = 0x;
 env->vfp.xregs[ARM_VFP_MVFR1] = 0x;
@@ -243,6 +256,11 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t 
id)
 cpu_abort(env, "Bad CPU ID: %x\n", id);
 break;
 }
+
+/* Some features automatically imply others: */
+if (arm_feature(env, ARM_FEATURE_V7)) {
+set_feature(env, ARM_FEATURE_VAPA);
+}
 }
 
 void cpu_reset(CPUARMState *env)
@@ -1520,7 +1538,7 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, 
uint32_t val)
 goto bad_reg;
 }
 /* No cache, so nothing to do except VA->PA translations. */
-if (arm_feature(env, ARM_FEATURE_V6K)) {
+if (arm_feature(env, ARM_FEATURE_VAPA)) {
 switch (crm) {
 case 4:
 if (arm_feature(env, ARM_FEATURE_V7)) {
-- 
1.7.4.1

Re: [Qemu-devel] [PATCH 2/6] xen: add mapcache stubs

[Alexander Graf]

On 20.07.2011, at 18:41, Stefan Weil wrote:

> Am 19.07.2011 04:53, schrieb Alexander Graf:
>> During the transition to get rid of CONFIG_XEN_MAPCACHE we lost the mapcache
>> stubs along the way. Nobody realized it because the commands were guarded by
>> if (xen_enabled()) clauses that made gcc optimize out the respective calls.
>> 
>> This patch adds the stubs again - this time in the generic xen-stubs.c
>> 
>> Signed-off-by: Alexander Graf 
>> ---
>> xen-stub.c | 26 ++
>> 1 files changed, 26 insertions(+), 0 deletions(-)
>> 
>> diff --git a/xen-stub.c b/xen-stub.c
>> index efe2ab5..76d80e9 100644
>> --- a/xen-stub.c
>> +++ b/xen-stub.c
>> @@ -8,6 +8,7 @@
>> 
>> #include "qemu-common.h"
>> #include "hw/xen.h"
>> +#include "xen-mapcache.h"
>> 
>> void xenstore_store_pv_console_info(int i, CharDriverState *chr)
>> {
>> @@ -43,3 +44,28 @@ int xen_init(void)
>> {
>> return -ENOSYS;
>> }
>> +
>> +/*** mapcache stubs ***/
>> +
>> +void xen_map_cache_init(void)
>> +{
>> +}
>> +
>> +uint8_t *xen_map_cache(target_phys_addr_t phys_addr, target_phys_addr_t 
>> size,
>> + uint8_t lock)
>> +{
>> + return qemu_get_ram_ptr(phys_addr);
>> +}
>> +
>> +ram_addr_t xen_ram_addr_from_mapcache(void *ptr)
>> +{
>> + return -1;
>> +}
>> +
>> +void xen_invalidate_map_cache(void)
>> +{
>> +}
>> +
>> +void xen_invalidate_map_cache_entry(uint8_t *buffer)
>> +{
>> +}
> 
> The patch fixes a build problem, and the sooner we fix it,
> the better it is.
> 
> Do we really need a return value other than NULL in xen_map_cache()?
> Do we need the stubs for xen_map_cache_init() and xen_invalidate_map_cache()?
> As discussed in another thread, static inline stub function might be better.

I'm fairly sure we don't, but I merely shoved everything that was in 
xen-mapcache-stubs.c into xen-stubs.c. We can concentrate on optimizing this 
out again when the build works. If we really care about it.


Alex

Re: [Qemu-devel] [PATCH v8 3/4] guest agent: qemu-ga daemon

[Luiz Capitulino]

On Wed, 20 Jul 2011 14:25:06 -0500
Michael Roth  wrote:

> On 07/20/2011 12:56 PM, Luiz Capitulino wrote:
> > On Tue, 19 Jul 2011 15:41:54 -0500
> > Michael Roth  wrote:
> >
> >> This is the actual guest daemon, it listens for requests over a
> >> virtio-serial/isa-serial/unix socket channel and routes them through
> >> to dispatch routines, and writes the results back to the channel in
> >> a manner similar to QMP.
> >>
> >> A shorthand invocation:
> >>
> >>qemu-ga -d
> >>
> >> Is equivalent to:
> >>
> >>qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
> >>-f /var/run/qemu-ga.pid -d
> >>
> >> Signed-off-by: Michael Roth
> >> ---
> >>   Makefile   |8 +-
> >>   configure  |1 +
> >>   qemu-ga.c  |  667 
> >> 
> >>   qga/guest-agent-core.h |4 +
> >>   4 files changed, 677 insertions(+), 3 deletions(-)
> >>   create mode 100644 qemu-ga.c
> >>
> >> diff --git a/Makefile b/Makefile
> >> index b8cdf0e..0d2e33d 100644
> >> --- a/Makefile
> >> +++ b/Makefile
> >> @@ -140,7 +140,7 @@ endif
> >>   ##
> >>
> >>   qemu-img.o: qemu-img-cmds.h
> >> -qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o: $(GENERATED_HEADERS)
> >> +qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o qemu-ga.o: 
> >> $(GENERATED_HEADERS)
> >>
> >>   qemu-img$(EXESUF): qemu-img.o qemu-tool.o qemu-error.o $(oslib-obj-y) 
> >> $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
> >> qemu-timer-common.o
> >>
> >> @@ -184,13 +184,15 @@ test-qmp-commands: test-qmp-commands.o qfloat.o 
> >> qint.o qdict.o qstring.o qlist.o
> >>
> >>   QGALIB=qga/guest-agent-command-state.o
> >>
> >> +qemu-ga$(EXESUF): qemu-ga.o $(QGALIB) qemu-tool.o qemu-error.o error.o 
> >> $(oslib-obj-y) $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) 
> >> $(version-obj-y) $(qapi-obj-y) qemu-timer-common.o qemu-sockets.o module.o 
> >> qapi/qmp-dispatch.o qapi/qmp-registry.o
> >> +
> >>   QEMULIBS=libhw32 libhw64 libuser libdis libdis-user
> >>
> >>   clean:
> >>   # avoid old build problems by removing potentially incorrect old files
> >>rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
> >> gen-op-arm.h
> >>rm -f qemu-options.def
> >> -  rm -f *.o *.d *.a *.lo $(TOOLS) TAGS cscope.* *.pod *~ */*~
> >> +  rm -f *.o *.d *.a *.lo $(TOOLS) qemu-ga TAGS cscope.* *.pod *~ */*~
> >>rm -Rf .libs
> >>rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
> >> net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d 
> >> qga/*.o qga/*.d
> >>rm -f qemu-img-cmds.h
> >> @@ -386,4 +388,4 @@ tarbin:
> >>$(mandir)/man8/qemu-nbd.8
> >>
> >>   # Include automatically generated dependency files
> >> --include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d 
> >> qapi/*.d)
> >> +-include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d 
> >> qapi/*.d qga/*.d)
> >> diff --git a/configure b/configure
> >> index 6a03002..445f674 100755
> >> --- a/configure
> >> +++ b/configure
> >> @@ -2532,6 +2532,7 @@ if test "$softmmu" = yes ; then
> >> tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
> >> if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
> >> tools="qemu-nbd\$(EXESUF) $tools"
> >> +  tools="qemu-ga\$(EXESUF) $tools"
> >>   if [ "$check_utests" = "yes" ]; then
> >> tools="check-qint check-qstring check-qdict check-qlist $tools"
> >> tools="check-qfloat check-qjson $tools"
> >> diff --git a/qemu-ga.c b/qemu-ga.c
> >> new file mode 100644
> >> index 000..eb09100
> >> --- /dev/null
> >> +++ b/qemu-ga.c
> >> @@ -0,0 +1,667 @@
> >> +/*
> >> + * QEMU Guest Agent
> >> + *
> >> + * Copyright IBM Corp. 2011
> >> + *
> >> + * Authors:
> >> + *  Adam Litke
> >> + *  Michael Roth
> >> + *
> >> + * This work is licensed under the terms of the GNU GPL, version 2 or 
> >> later.
> >> + * See the COPYING file in the top-level directory.
> >> + */
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include
> >> +#include "qemu_socket.h"
> >> +#include "json-streamer.h"
> >> +#include "json-parser.h"
> >> +#include "qint.h"
> >> +#include "qjson.h"
> >> +#include "qga/guest-agent-core.h"
> >> +#include "module.h"
> >> +#include "signal.h"
> >> +#include "qerror.h"
> >> +#include "error_int.h"
> >> +
> >> +#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
> >> +#define QGA_PIDFILE_DEFAULT "/var/run/qemu-ga.pid"
> >> +#define QGA_BAUDRATE_DEFAULT B38400 /* for isa-serial channels */
> >> +#define QGA_TIMEOUT_DEFAULT 30*1000 /* ms */
> >> +
> >> +struct GAState {
> >> +JSONMessageParser parser;
> >> +GMainLoop *main_loop;
> >> +guint conn_id;
> >> +GSocket *conn_sock;
> >> +GIOChannel *conn_channel;
> >> +guint listen_id;
> >> +GSocket *l

[Qemu-devel] [RFC v5 17/86] pc: convert pc_memory_init() to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/pc.c |   59 ---
 hw/pc.h |1 +
 2 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/hw/pc.c b/hw/pc.c
index 369566a..1c9d89a 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -41,6 +41,7 @@
 #include "sysemu.h"
 #include "blockdev.h"
 #include "ui/qemu-spice.h"
+#include "memory.h"
 
 /* output Bochs bios info messages */
 //#define DEBUG_BIOS
@@ -966,22 +967,30 @@ void pc_memory_init(MemoryRegion *system_memory,
 {
 char *filename;
 int ret, linux_boot, i;
-ram_addr_t ram_addr, bios_offset, option_rom_offset;
+MemoryRegion *ram, *bios, *isa_bios, *option_rom_mr;
+MemoryRegion *ram_below_4g, *ram_above_4g;
 int bios_size, isa_bios_size;
 void *fw_cfg;
 
 linux_boot = (kernel_filename != NULL);
 
-/* allocate RAM */
-ram_addr = qemu_ram_alloc(NULL, "pc.ram",
-  below_4g_mem_size + above_4g_mem_size);
-cpu_register_physical_memory(0, 0xa, ram_addr);
-cpu_register_physical_memory(0x10,
- below_4g_mem_size - 0x10,
- ram_addr + 0x10);
+/* Allocate RAM.  We allocate it as a single memory region and use
+ * aliases to address portions of it, mostly for backwards compatiblity
+ * with older qemus that used qemu_ram_alloc().
+ */
+ram = qemu_malloc(sizeof(*ram));
+memory_region_init_ram(ram, NULL, "pc.ram",
+   below_4g_mem_size + above_4g_mem_size);
+ram_below_4g = qemu_malloc(sizeof(*ram_below_4g));
+memory_region_init_alias(ram_below_4g, "ram-below-4g", ram,
+ 0, below_4g_mem_size);
+memory_region_add_subregion(system_memory, 0, ram_below_4g);
 if (above_4g_mem_size > 0) {
-cpu_register_physical_memory(0x1ULL, above_4g_mem_size,
- ram_addr + below_4g_mem_size);
+ram_above_4g = qemu_malloc(sizeof(*ram_above_4g));
+memory_region_init_alias(ram_above_4g, "ram-above-4g", ram,
+ below_4g_mem_size, above_4g_mem_size);
+memory_region_add_subregion(system_memory, 0x1ULL,
+ram_above_4g);
 }
 
 /* BIOS load */
@@ -997,7 +1006,9 @@ void pc_memory_init(MemoryRegion *system_memory,
 (bios_size % 65536) != 0) {
 goto bios_error;
 }
-bios_offset = qemu_ram_alloc(NULL, "pc.bios", bios_size);
+bios = qemu_malloc(sizeof(*bios));
+memory_region_init_ram(bios, NULL, "pc.bios", bios_size);
+memory_region_set_readonly(bios, true);
 ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1);
 if (ret != 0) {
 bios_error:
@@ -1011,16 +1022,26 @@ void pc_memory_init(MemoryRegion *system_memory,
 isa_bios_size = bios_size;
 if (isa_bios_size > (128 * 1024))
 isa_bios_size = 128 * 1024;
-cpu_register_physical_memory(0x10 - isa_bios_size,
- isa_bios_size,
- (bios_offset + bios_size - isa_bios_size) | 
IO_MEM_ROM);
-
-option_rom_offset = qemu_ram_alloc(NULL, "pc.rom", PC_ROM_SIZE);
-cpu_register_physical_memory(PC_ROM_MIN_VGA, PC_ROM_SIZE, 
option_rom_offset);
+isa_bios = qemu_malloc(sizeof(*isa_bios));
+memory_region_init_alias(isa_bios, "isa-bios", bios,
+ bios_size - isa_bios_size, isa_bios_size);
+memory_region_add_subregion_overlap(system_memory,
+0x10 - isa_bios_size,
+isa_bios,
+1);
+memory_region_set_readonly(isa_bios, true);
+
+option_rom_mr = qemu_malloc(sizeof(*option_rom_mr));
+memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE);
+memory_region_add_subregion_overlap(system_memory,
+PC_ROM_MIN_VGA,
+option_rom_mr,
+1);
 
 /* map all the bios at the top of memory */
-cpu_register_physical_memory((uint32_t)(-bios_size),
- bios_size, bios_offset | IO_MEM_ROM);
+memory_region_add_subregion(system_memory,
+(uint32_t)(-bios_size),
+bios);
 
 fw_cfg = bochs_bios_init();
 rom_set_fw(fw_cfg);
diff --git a/hw/pc.h b/hw/pc.h
index fa57583..40684f4 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -2,6 +2,7 @@
 #define HW_PC_H
 
 #include "qemu-common.h"
+#include "memory.h"
 #include "ioport.h"
 #include "isa.h"
 #include "fdc.h"
-- 
1.7.5.3

[Qemu-devel] [PATCH V2 0/3] Enable QEMU to handle more than 2GB with Xen.

[Anthony PERARD]

Hi all,

Update on this series:
  - Use a RAM address of 64bits only on 64bits targets when Xen is enable.
  - Add some comment on the memory registration done for Xen.


Xen is not limited by the QEMU's virtual address space for the allocation of
the guest RAM. So even with a QEMU 32bits, a Xen guest can have more than 4 GB
of RAM.

With this serie, we will be able to run a guest with more than 4GB. The main
point is to change ram_addr_t from ulong to uin64 when QEMU is configure with
Xen. The second point is better register the memory in QEMU.

Regards,

Anthony PERARD (3):
  cpu-common: Have a ram_addr_t of uint64 with Xen.
  xen: Fix the memory registration to reflect of what is done by Xen.
  vl.c: Check the asked ram_size later.

 cpu-common.h |8 
 exec.c   |9 +
 vl.c |   14 --
 xen-all.c|   29 +
 4 files changed, 42 insertions(+), 18 deletions(-)

-- 
Anthony PERARD

Re: [Qemu-devel] [PATCH v8 3/4] guest agent: qemu-ga daemon

[Michael Roth]

On 07/20/2011 12:56 PM, Luiz Capitulino wrote:

On Tue, 19 Jul 2011 15:41:54 -0500
Michael Roth  wrote:


This is the actual guest daemon, it listens for requests over a
virtio-serial/isa-serial/unix socket channel and routes them through
to dispatch routines, and writes the results back to the channel in
a manner similar to QMP.

A shorthand invocation:

   qemu-ga -d

Is equivalent to:

   qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 \
   -f /var/run/qemu-ga.pid -d

Signed-off-by: Michael Roth
---
  Makefile   |8 +-
  configure  |1 +
  qemu-ga.c  |  667 
  qga/guest-agent-core.h |4 +
  4 files changed, 677 insertions(+), 3 deletions(-)
  create mode 100644 qemu-ga.c

diff --git a/Makefile b/Makefile
index b8cdf0e..0d2e33d 100644
--- a/Makefile
+++ b/Makefile
@@ -140,7 +140,7 @@ endif
  ##

  qemu-img.o: qemu-img-cmds.h
-qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o: $(GENERATED_HEADERS)
+qemu-img.o qemu-tool.o qemu-nbd.o qemu-io.o cmd.o qemu-ga.o: 
$(GENERATED_HEADERS)

  qemu-img$(EXESUF): qemu-img.o qemu-tool.o qemu-error.o $(oslib-obj-y) 
$(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
qemu-timer-common.o

@@ -184,13 +184,15 @@ test-qmp-commands: test-qmp-commands.o qfloat.o qint.o 
qdict.o qstring.o qlist.o

  QGALIB=qga/guest-agent-command-state.o

+qemu-ga$(EXESUF): qemu-ga.o $(QGALIB) qemu-tool.o qemu-error.o error.o 
$(oslib-obj-y) $(trace-obj-y) $(block-obj-y) $(qobject-obj-y) $(version-obj-y) 
$(qapi-obj-y) qemu-timer-common.o qemu-sockets.o module.o qapi/qmp-dispatch.o 
qapi/qmp-registry.o
+
  QEMULIBS=libhw32 libhw64 libuser libdis libdis-user

  clean:
  # avoid old build problems by removing potentially incorrect old files
rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
gen-op-arm.h
rm -f qemu-options.def
-   rm -f *.o *.d *.a *.lo $(TOOLS) TAGS cscope.* *.pod *~ */*~
+   rm -f *.o *.d *.a *.lo $(TOOLS) qemu-ga TAGS cscope.* *.pod *~ */*~
rm -Rf .libs
rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
qga/*.d
rm -f qemu-img-cmds.h
@@ -386,4 +388,4 @@ tarbin:
$(mandir)/man8/qemu-nbd.8

  # Include automatically generated dependency files
--include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d qapi/*.d)
+-include $(wildcard *.d audio/*.d slirp/*.d block/*.d net/*.d ui/*.d qapi/*.d 
qga/*.d)
diff --git a/configure b/configure
index 6a03002..445f674 100755
--- a/configure
+++ b/configure
@@ -2532,6 +2532,7 @@ if test "$softmmu" = yes ; then
tools="qemu-img\$(EXESUF) qemu-io\$(EXESUF) $tools"
if [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" ] ; then
tools="qemu-nbd\$(EXESUF) $tools"
+  tools="qemu-ga\$(EXESUF) $tools"
  if [ "$check_utests" = "yes" ]; then
tools="check-qint check-qstring check-qdict check-qlist $tools"
tools="check-qfloat check-qjson $tools"
diff --git a/qemu-ga.c b/qemu-ga.c
new file mode 100644
index 000..eb09100
--- /dev/null
+++ b/qemu-ga.c
@@ -0,0 +1,667 @@
+/*
+ * QEMU Guest Agent
+ *
+ * Copyright IBM Corp. 2011
+ *
+ * Authors:
+ *  Adam Litke
+ *  Michael Roth
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "qemu_socket.h"
+#include "json-streamer.h"
+#include "json-parser.h"
+#include "qint.h"
+#include "qjson.h"
+#include "qga/guest-agent-core.h"
+#include "module.h"
+#include "signal.h"
+#include "qerror.h"
+#include "error_int.h"
+
+#define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
+#define QGA_PIDFILE_DEFAULT "/var/run/qemu-ga.pid"
+#define QGA_BAUDRATE_DEFAULT B38400 /* for isa-serial channels */
+#define QGA_TIMEOUT_DEFAULT 30*1000 /* ms */
+
+struct GAState {
+JSONMessageParser parser;
+GMainLoop *main_loop;
+guint conn_id;
+GSocket *conn_sock;
+GIOChannel *conn_channel;
+guint listen_id;
+GSocket *listen_sock;
+GIOChannel *listen_channel;
+const char *path;
+const char *method;
+bool virtio; /* fastpath to check for virtio to deal with poll() quirks */
+GACommandState *command_state;
+GLogLevelFlags log_level;
+FILE *log_file;
+bool logging_enabled;
+};
+
+static struct GAState *ga_state;
+
+static void quit_handler(int sig)
+{
+g_debug("recieved signal num %d, quitting", sig);
+
+if (g_main_loop_is_running(ga_state->main_loop)) {
+g_main_loop_quit(ga_state->main_loop);
+}
+}
+
+static void register_signal_handlers(void)
+{
+struct sigaction sigact;
+int ret;
+
+memset(&sigact, 0, sizeof(struct sigaction));
+si

Re: [Qemu-devel] [PATCH] exec.h cleanup

[Blue Swirl]

On Sun, Jul 17, 2011 at 6:31 PM, Peter Maydell  wrote:
> On 17 July 2011 13:31, Blue Swirl  wrote:
>> diff --git a/target-arm/iwmmxt_helper.c b/target-arm/iwmmxt_helper.c
>> index ebe6eb9..fbd3547 100644
>> --- a/target-arm/iwmmxt_helper.c
>> +++ b/target-arm/iwmmxt_helper.c
>> @@ -23,7 +23,7 @@
>>  #include 
>>
>>  #include "cpu.h"
>> -#include "exec.h"
>> +#include "dyngen-exec.h"
>>  #include "helper.h"
>>
>>  /* iwMMXt macros extracted from GNU gdb.  */
>
> I think this change and the neon one are superfluous once the changes 
> currently
> in my target-arm pull-request [http://patchwork.ozlabs.org/patch/101524/ from
> 2011-06-22] get applied; those revert the changes which gave iwmmxt_helper.c
> and neon_helper.c access to the implicit global env, so they don't include
> exec.h any more.

I pulled the patches, thanks.

[Qemu-devel] [RFC v5 22/86] usb-ohci: convert to MemoryRegion

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/usb-ohci.c |   42 +-
 1 files changed, 17 insertions(+), 25 deletions(-)

diff --git a/hw/usb-ohci.c b/hw/usb-ohci.c
index 8491d59..337b250 100644
--- a/hw/usb-ohci.c
+++ b/hw/usb-ohci.c
@@ -62,7 +62,7 @@ typedef struct OHCIPort {
 typedef struct {
 USBBus bus;
 qemu_irq irq;
-int mem;
+MemoryRegion mem;
 int num_ports;
 const char *name;
 
@@ -1440,13 +1440,13 @@ static void ohci_port_set_status(OHCIState *ohci, int 
portnum, uint32_t val)
 return;
 }
 
-static uint32_t ohci_mem_read(void *ptr, target_phys_addr_t addr)
+static uint64_t ohci_mem_read(void *opaque,
+  target_phys_addr_t addr,
+  unsigned size)
 {
-OHCIState *ohci = ptr;
+OHCIState *ohci = opaque;
 uint32_t retval;
 
-addr &= 0xff;
-
 /* Only aligned reads are allowed on OHCI */
 if (addr & 3) {
 fprintf(stderr, "usb-ohci: Mis-aligned read\n");
@@ -1563,11 +1563,12 @@ static uint32_t ohci_mem_read(void *ptr, 
target_phys_addr_t addr)
 return retval;
 }
 
-static void ohci_mem_write(void *ptr, target_phys_addr_t addr, uint32_t val)
+static void ohci_mem_write(void *opaque,
+   target_phys_addr_t addr,
+   uint64_t val,
+   unsigned size)
 {
-OHCIState *ohci = ptr;
-
-addr &= 0xff;
+OHCIState *ohci = opaque;
 
 /* Only aligned reads are allowed on OHCI */
 if (addr & 3) {
@@ -1697,18 +1698,10 @@ static void ohci_async_cancel_device(OHCIState *ohci, 
USBDevice *dev)
 }
 }
 
-/* Only dword reads are defined on OHCI register space */
-static CPUReadMemoryFunc * const ohci_readfn[3]={
-ohci_mem_read,
-ohci_mem_read,
-ohci_mem_read
-};
-
-/* Only dword writes are defined on OHCI register space */
-static CPUWriteMemoryFunc * const ohci_writefn[3]={
-ohci_mem_write,
-ohci_mem_write,
-ohci_mem_write
+static const MemoryRegionOps ohci_mem_ops = {
+.read = ohci_mem_read,
+.write = ohci_mem_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
 };
 
 static USBPortOps ohci_port_ops = {
@@ -1764,8 +1757,7 @@ static int usb_ohci_init(OHCIState *ohci, DeviceState 
*dev,
 }
 }
 
-ohci->mem = cpu_register_io_memory(ohci_readfn, ohci_writefn, ohci,
-   DEVICE_LITTLE_ENDIAN);
+memory_region_init_io(&ohci->mem, &ohci_mem_ops, ohci, "ohci", 256);
 ohci->localmem_base = localmem_base;
 
 ohci->name = dev->info->name;
@@ -1799,7 +1791,7 @@ static int usb_ohci_initfn_pci(struct PCIDevice *dev)
 ohci->state.irq = ohci->pci_dev.irq[0];
 
 /* TODO: avoid cast below by using dev */
-pci_register_bar_simple(&ohci->pci_dev, 0, 256, 0, ohci->state.mem);
+pci_register_bar_region(&ohci->pci_dev, 0, 0, &ohci->state.mem);
 return 0;
 }
 
@@ -1822,7 +1814,7 @@ static int ohci_init_pxa(SysBusDevice *dev)
 /* Cannot fail as we pass NULL for masterbus */
 usb_ohci_init(&s->ohci, &dev->qdev, s->num_ports, s->dma_offset, NULL, 0);
 sysbus_init_irq(dev, &s->ohci.irq);
-sysbus_init_mmio(dev, 0x1000, s->ohci.mem);
+sysbus_init_mmio_region(dev, &s->ohci.mem);
 
 return 0;
 }
-- 
1.7.5.3

[Qemu-devel] [PATCH 0/2] support 1176, 1136r1's v6k features

[Peter Maydell]

This patchset is Jamie's 1176 patch plus one which sits on top of it
and adds support for the v6k features in the 1136r1. (I've included
Jamie's patch (a) as a convenience to clean the commit comment up
and (b) because of this dependency.)

Specifically the 1136r1 is a v6K core and supports TLS registers,
CLREX and half and byte wide exclusives. TLS in particular is needed
for recent Linux kernels to boot.

(This patch is rowing back a bit from the position I took in earlier
discussion of ARM11 feature flags, following some further investigation
I did into what cores have what. I haven't bothered to make the WFI
instruction actually NOP for 1136r1/1176 as we don't seem to do anything
to make it NOP on any core, but we could always add that later if it
really seems necessary.)

The other point of note about the 1136r1 is that it doesn't have
the VA-to-PA registers, so I've added a new feature flag which
splits that out of v6K.

Ideally I'd like to sneak these patches into 0.15, given the "kernel
doesn't boot any more" effect of not supporting the 1136r1 TLS
registers...

Jamie Iles (1):
  target-arm: support for ARM1176JZF-s cores

Peter Maydell (1):
  target-arm: Mark 1136r1 as a v6K core

 target-arm/cpu.h|2 ++
 target-arm/helper.c |   45 +++--
 2 files changed, 45 insertions(+), 2 deletions(-)

-- 
1.7.4.1

Re: [Qemu-devel] [PATCH v5 00/10] trace-state: make the behaviour of "disable" consistent across all backends

[Lluís]

Stefan Hajnoczi writes:
> I did leave some comments, mainly #ifdef reduction.  But let's merge the
> next version.

I'm leaving on vacations until 13th august, so I'll fix it based on your
comments when I come back. Hope that's not a problem.

Bye, bye! :)


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth

[Qemu-devel] [Bug 504368] Re: sdl window intermittently scales instead of resizing

[Michal Suchanek]

My window manager maximizes all windows. I am running kvm 0.14.

Initially the VM is displayed 1:1 in the top left corner leaving large
portion of the window black.  Resizing the window or rebooting the VM
causes the output to be scaled which is horrendous.

There are three issues here: there is no way to force the window to be
the size of the VM output nor is there a way to display the VM output
1:1 regardless of window size nor  is there any possibility to make the
VM output scale proportionally.

Pressing Ctrl+Alt+u definitely does not disable scaling for me although
it causes the VM output to disappear momentarily causing the window to
flash.

I guess setting window size  can be achieved with some WM hint (and
should be a command line option and possibly a option configurable from
the monitor). Obviously, not all outputs can set the hint and not all
WMs will respect it. However, setting the hint *and* resizing to the
desired size should give the correct size in most cases.
http://standards.freedesktop.org/wm-spec/wm-spec-latest.html#NORESIZE

The other issue is that scaling does not respect aspect ratio leading to
horrendous VM output. I don't think there is any use case for non-
proportional scaling.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/504368

Title:
  sdl window intermittently scales instead of resizing

Status in QEMU:
  Triaged
Status in “qemu-kvm” package in Ubuntu:
  Incomplete

Bug description:
  Binary package hint: qemu-kvm

  Normally, the SDL output window for a VM resizes to match the VM's
  resolution.  However, intermittently the output is instead scaled
  within the window.  I can't seem to find any pattern to when the
  output is scaled versus when the window is resized.  I would prefer
  that the window be resized as needed to display the VM in a 1:1
  manner.

  ProblemType: Bug
  Architecture: amd64
  Date: Thu Jan  7 10:30:10 2010
  DistroRelease: Ubuntu 9.10
  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
  KvmCmdLine:
   UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
   root 27618 1 38 241752 804668 1 10:05 ?00:09:39 /usr/bin/kvm 
-S -M pc-0.11 -cpu qemu32 -m 768 -smp 1 -name win2k3 -uuid 
da414aa0-f18a-7a02-3d1b-1dbf13137bc9 -monitor 
unix:/var/run/libvirt/qemu/win2k3.monitor,server,nowait -localtime -boot c 
-drive file=/media/qpc-devel/testing/win2k3/testing.ovl,if=ide,index=0,boot=on 
-drive 
file=/media/qpc-devel/testing/win2k3/../../isos/en_win_srv_2003_r2_standard_cd1.iso,if=ide,media=cdrom,index=2
 -net nic,macaddr=00:16:3e:d6:f5:60,vlan=0,model=ne2k_pci,name=ne2k_pci.0 -net 
tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -usbdevice tablet 
-vga cirrus
   root 28306 1 54 177732 545520 1 10:28 ?00:00:49 /usr/bin/kvm 
-S -M pc-0.11 -cpu qemu32 -m 512 -smp 1 -name win2k -uuid 
153d6125-acb5-70bc-c7d2-bcbf87c5be86 -monitor 
unix:/var/run/libvirt/qemu/win2k.monitor,server,nowait -localtime -boot c 
-drive file=/media/qpc-devel/testing/win2k/testing.ovl,if=ide,index=0,boot=on 
-drive 
file=/media/qpc-devel/testing/win2k/../../isos/windows_2000.iso,if=ide,media=cdrom,index=2
 -net nic,macaddr=68:29:6b:13:50:c6,vlan=0,model=ne2k_pci,name=ne2k_pci.0 -net 
tap,fd=19,vlan=0,name=tap.0 -serial pty -parallel none -usb -usbdevice tablet 
-vga cirrus
  NonfreeKernelModules: nvidia
  Package: kvm 1:84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3
  PccardctlIdent:
   Socket 0:
 no product info available
  PccardctlStatus:
   Socket 0:
 no card
  ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.31-16-generic 
root=UUID=30218f9a-6f90-4eab-9ba5-f54897e842cb ro quiet splash
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcVersionSignature: Ubuntu 2.6.31-16.53-generic
  SourcePackage: qemu-kvm
  Uname: Linux 2.6.31-16-generic x86_64
  dmi.bios.date: 02/20/2008
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 7LETB2WW (2.12 )
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: 
dmi:bvnLENOVO:bvr7LETB2WW(2.12):bd02/20/2008:svnLENOVO:pn:pvrThinkPadT61p:rvnLENOVO:rn:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.version: ThinkPad T61p
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/504368/+subscriptions

Re: [Qemu-devel] live snapshot wiki updated

[Blue Swirl]

On Wed, Jul 20, 2011 at 8:47 PM, Eric Blake  wrote:
> On 07/20/2011 11:27 AM, Blue Swirl wrote:
>>>
>>> We've already told you - qemu must have a way to be passed fds which are
>>> associated with names, and when a file refers to another backing file by
>>> name, then qemu falls back on its fd/name mapping to use the
>>> already-passed
>>> fd instead.  Which implies that someone else, either libvirt or a
>>> qemu-maintained libblockformat.so, needs to have a stable interface for
>>> parsing the backing file name out of an arbitrary qcow2 file, and that
>>> this
>>> interface must work no matter how many other extensions are added to
>>> qcow2.
>>
>> I'd avoid any name based access in this case. If QEMU has write access
>> to main file, it could forge the backing file name in main file to
>> point to for example /etc/shadow and then request libvirt to perform
>> the opening.
>
> Won't work.  Well, it might work within the context of a single qemu
> process.  But when that process ends, then libvirt would have to touch up
> the qcow2 headers of that file to replace the /etc/shadow name with the real
> backing file name, otherwise, the next time you restart qemu-img or a new
> qemu guest using the same image, the information has been lost, since the fd
> has been closed in the meantime.

How would libvirt know to do this touch up?

> We really _do_ need a way to give qemu both an fd and the name of the file
> that the fd is tied to.  On Linux, qemu could use /proc/self/fd to
> reconstruct the name from fd, but that's not portable to other OS.  And
> we've already discussed how in the libvirt model, that libvirt is deemed
> more secure than qemu.  Therefore, I think it is reasonable for qemu to make
> the assumptions that if it exposes a monitor command where the supervisor
> (libvirt or otherwise) can pass in both an fd and a file name, that either
> the supervisor is passing in correct information, or that the bug is in the
> supervisor and not in qemu if the supervisor passes in wrong information and
> things blow up.

Yes, I'm not worried about QEMU getting confused by libvirt.

> And the snapshot_blkdev monitor command is a case where qemu needs to create
> a new qcow2 image on the fly, while referencing the name of an existing
> file.  What backing name do you put in the new qcow2 file unless you already
> have a name association for all fds already open for the existing backing
> file?

For backing file with original name of "/path/in/storage", QEMU could
present the fd and the backin path by requesting something like
"fd:12,/path/in/storage". The next file in chain "/path2/file" would
be "fd:12,fd:34,/path2/file". Or if possible, -fd 12 -backing
/path/in/storage with spaces and funny characters escaped etc.

Re: [Qemu-devel] [PATCH 2/6] xen: add mapcache stubs

[Avi Kivity]

On 07/19/2011 05:53 AM, Alexander Graf wrote:

During the transition to get rid of CONFIG_XEN_MAPCACHE we lost the mapcache
stubs along the way. Nobody realized it because the commands were guarded by
if (xen_enabled()) clauses that made gcc optimize out the respective calls.



Except those building with --enable-debug.

--
error compiling committee.c: too many arguments to function

[Qemu-devel] [RFC v5 39/86] es1370: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/es1370.c |   43 +--
 1 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/hw/es1370.c b/hw/es1370.c
index 1ed62b7..6a01797 100644
--- a/hw/es1370.c
+++ b/hw/es1370.c
@@ -268,6 +268,7 @@ struct chan {
 typedef struct ES1370State {
 PCIDevice dev;
 QEMUSoundCard card;
+MemoryRegion io;
 struct chan chan[NB_CHANNELS];
 SWVoiceOut *dac_voice[2];
 SWVoiceIn *adc_voice;
@@ -775,7 +776,6 @@ IO_READ_PROTO (es1370_readl)
 return val;
 }
 
-
 static void es1370_transfer_audio (ES1370State *s, struct chan *d, int 
loop_sel,
int max, int *irq)
 {
@@ -906,23 +906,20 @@ static void es1370_adc_callback (void *opaque, int avail)
 es1370_run_channel (s, ADC_CHANNEL, avail);
 }
 
-static void es1370_map (PCIDevice *pci_dev, int region_num,
-pcibus_t addr, pcibus_t size, int type)
-{
-ES1370State *s = DO_UPCAST (ES1370State, dev, pci_dev);
-
-(void) region_num;
-(void) size;
-(void) type;
-
-register_ioport_write (addr, 0x40 * 4, 1, es1370_writeb, s);
-register_ioport_write (addr, 0x40 * 2, 2, es1370_writew, s);
-register_ioport_write (addr, 0x40, 4, es1370_writel, s);
+static const MemoryRegionPortio es1370_portio[] = {
+{ 0, 0x40 * 4, 1, .write = es1370_writeb, },
+{ 0, 0x40 * 2, 2, .write = es1370_writew, },
+{ 0, 0x40, 4, .write = es1370_writel, },
+{ 0, 0x40 * 4, 1, .read = es1370_readb, },
+{ 0, 0x40 * 2, 2, .read = es1370_readw, },
+{ 0, 0x40, 4, .read = es1370_readl, },
+PORTIO_END
+};
 
-register_ioport_read (addr, 0x40 * 4, 1, es1370_readb, s);
-register_ioport_read (addr, 0x40 * 2, 2, es1370_readw, s);
-register_ioport_read (addr, 0x40, 4, es1370_readl, s);
-}
+static const MemoryRegionOps es1370_io_ops = {
+.old_portio = es1370_portio,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
 
 static const VMStateDescription vmstate_es1370_channel = {
 .name = "es1370_channel",
@@ -1011,7 +1008,8 @@ static int es1370_initfn (PCIDevice *dev)
 c[PCI_MIN_GNT] = 0x0c;
 c[PCI_MAX_LAT] = 0x80;
 
-pci_register_bar (&s->dev, 0, 256, PCI_BASE_ADDRESS_SPACE_IO, es1370_map);
+memory_region_init_io(&s->io, &es1370_io_ops, s, "es1370", 256);
+pci_register_bar_region(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
 qemu_register_reset (es1370_on_reset, s);
 
 AUD_register_card ("es1370", &s->card);
@@ -1019,6 +1017,14 @@ static int es1370_initfn (PCIDevice *dev)
 return 0;
 }
 
+static int es1370_exitfn(PCIDevice *dev)
+{
+ES1370State *s = DO_UPCAST (ES1370State, dev, dev);
+
+memory_region_destroy(&s->io);
+return 0;
+}
+
 int es1370_init (PCIBus *bus)
 {
 pci_create_simple (bus, -1, "ES1370");
@@ -1031,6 +1037,7 @@ static PCIDeviceInfo es1370_info = {
 .qdev.size= sizeof (ES1370State),
 .qdev.vmsd= &vmstate_es1370,
 .init = es1370_initfn,
+.exit = es1370_exitfn,
 .vendor_id= PCI_VENDOR_ID_ENSONIQ,
 .device_id= PCI_DEVICE_ID_ENSONIQ_ES1370,
 .class_id = PCI_CLASS_MULTIMEDIA_AUDIO,
-- 
1.7.5.3

[Qemu-devel] [RFC v5 82/86] sysbus: remove sysbus_init_mmio_cb()

[Avi Kivity]

This problem with this function is that it is not reversible - it is
impossible to know where things are registered and unregister them
exactly.  As there are no more users, we can remove it.

Signed-off-by: Avi Kivity 
---
 hw/sysbus.c |   12 
 hw/sysbus.h |2 --
 2 files changed, 0 insertions(+), 14 deletions(-)

diff --git a/hw/sysbus.c b/hw/sysbus.c
index 64749e0..87221df 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -107,18 +107,6 @@ void sysbus_init_mmio(SysBusDevice *dev, 
target_phys_addr_t size,
 dev->mmio[n].iofunc = iofunc;
 }
 
-void sysbus_init_mmio_cb(SysBusDevice *dev, target_phys_addr_t size,
- mmio_mapfunc cb)
-{
-int n;
-
-assert(dev->num_mmio < QDEV_MAX_MMIO);
-n = dev->num_mmio++;
-dev->mmio[n].addr = -1;
-dev->mmio[n].size = size;
-dev->mmio[n].cb = cb;
-}
-
 void sysbus_init_mmio_cb2(SysBusDevice *dev,
   mmio_mapfunc cb, mmio_mapfunc unmap)
 {
diff --git a/hw/sysbus.h b/hw/sysbus.h
index 16fd969..b87c6c5 100644
--- a/hw/sysbus.h
+++ b/hw/sysbus.h
@@ -47,8 +47,6 @@ void sysbus_register_withprop(SysBusDeviceInfo *info);
 void *sysbus_new(void);
 void sysbus_init_mmio(SysBusDevice *dev, target_phys_addr_t size,
   ram_addr_t iofunc);
-void sysbus_init_mmio_cb(SysBusDevice *dev, target_phys_addr_t size,
-mmio_mapfunc cb);
 void sysbus_init_mmio_cb2(SysBusDevice *dev,
   mmio_mapfunc cb, mmio_mapfunc unmap);
 void sysbus_init_mmio_region(SysBusDevice *dev, MemoryRegion *memory);
-- 
1.7.5.3

[Qemu-devel] [PATCH 17/55] ide/atapi: Switch from BlockDriverState's tray_open to own

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 hw/ide/atapi.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index fee567b..96f7c31 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -510,7 +510,7 @@ static unsigned int event_status_media(IDEState *s,
 uint8_t event_code, media_status;
 
 media_status = 0;
-if (s->bs->tray_open) {
+if (s->tray_open) {
 media_status = MS_TRAY_OPEN;
 } else if (bdrv_is_inserted(s->bs)) {
 media_status = MS_MEDIA_PRESENT;
-- 
1.7.2.3

[Qemu-devel] [RFC v5 68/86] armv7m: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/armv7m.c |   24 ++--
 1 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/hw/armv7m.c b/hw/armv7m.c
index 83f3393..a932f16 100644
--- a/hw/armv7m.c
+++ b/hw/armv7m.c
@@ -106,31 +106,27 @@ static void bitband_writel(void *opaque, 
target_phys_addr_t offset,
 cpu_physical_memory_write(addr, (uint8_t *)&v, 4);
 }
 
-static CPUReadMemoryFunc * const bitband_readfn[] = {
-   bitband_readb,
-   bitband_readw,
-   bitband_readl
-};
-
-static CPUWriteMemoryFunc * const bitband_writefn[] = {
-   bitband_writeb,
-   bitband_writew,
-   bitband_writel
+static const MemoryRegionOps bitband_ops = {
+.old_mmio = {
+.read = { bitband_readb, bitband_readw, bitband_readl, },
+.write = { bitband_writeb, bitband_writew, bitband_writel, },
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
 };
 
 typedef struct {
 SysBusDevice busdev;
+MemoryRegion iomem;
 uint32_t base;
 } BitBandState;
 
 static int bitband_init(SysBusDevice *dev)
 {
 BitBandState *s = FROM_SYSBUS(BitBandState, dev);
-int iomemtype;
 
-iomemtype = cpu_register_io_memory(bitband_readfn, bitband_writefn,
-   &s->base, DEVICE_NATIVE_ENDIAN);
-sysbus_init_mmio(dev, 0x0200, iomemtype);
+memory_region_init_io(&s->iomem, &bitband_ops, &s->base, "bitband",
+  0x0200);
+sysbus_init_mmio_region(dev, &s->iomem);
 return 0;
 }
 
-- 
1.7.5.3

[Qemu-devel] [PATCH 1/2] target-arm: support for ARM1176JZF-s cores

[Peter Maydell]

From: Jamie Iles 

Add support for v6K ARM1176JZF-S.  This core includes the VA<->PA
translation capability and security extensions.

Signed-off-by: Jamie Iles 
Reviewed-by: Peter Maydell 
---
 target-arm/cpu.h|1 +
 target-arm/helper.c |   23 +++
 2 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 1022a03..1e74eb8 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -414,6 +414,7 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
 #define ARM_CPUID_PXA270_C5   0x69054117
 #define ARM_CPUID_ARM1136 0x4117b363
 #define ARM_CPUID_ARM1136_R2  0x4107b362
+#define ARM_CPUID_ARM1176 0x410fb767
 #define ARM_CPUID_ARM11MPCORE 0x410fb022
 #define ARM_CPUID_CORTEXA80x410fc080
 #define ARM_CPUID_CORTEXA90x410fc090
diff --git a/target-arm/helper.c b/target-arm/helper.c
index f4d12aa..cff7c6f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -35,6 +35,12 @@ static uint32_t arm1136_cp15_c0_c1[8] =
 static uint32_t arm1136_cp15_c0_c2[8] =
 { 0x00140011, 0x12002111, 0x1123, 0x01102131, 0x141, 0, 0, 0 };
 
+static uint32_t arm1176_cp15_c0_c1[8] =
+{ 0x111, 0x11, 0x33, 0, 0x01130003, 0x10030302, 0x01222100, 0 };
+
+static uint32_t arm1176_cp15_c0_c2[8] =
+{ 0x0140011, 0x12002111, 0x11231121, 0x01102131, 0x01141, 0, 0, 0 };
+
 static uint32_t cpu_arm_find_by_name(const char *name);
 
 static inline void set_feature(CPUARMState *env, int feature)
@@ -85,6 +91,21 @@ static void cpu_reset_model_id(CPUARMState *env, uint32_t id)
 env->cp15.c0_cachetype = 0x1dd20d2;
 env->cp15.c1_sys = 0x00050078;
 break;
+case ARM_CPUID_ARM1176:
+set_feature(env, ARM_FEATURE_V4T);
+set_feature(env, ARM_FEATURE_V5);
+set_feature(env, ARM_FEATURE_V6);
+set_feature(env, ARM_FEATURE_V6K);
+set_feature(env, ARM_FEATURE_VFP);
+set_feature(env, ARM_FEATURE_AUXCR);
+env->vfp.xregs[ARM_VFP_FPSID] = 0x410120b5;
+env->vfp.xregs[ARM_VFP_MVFR0] = 0x;
+env->vfp.xregs[ARM_VFP_MVFR1] = 0x;
+memcpy(env->cp15.c0_c1, arm1176_cp15_c0_c1, 8 * sizeof(uint32_t));
+memcpy(env->cp15.c0_c2, arm1176_cp15_c0_c2, 8 * sizeof(uint32_t));
+env->cp15.c0_cachetype = 0x1dd20d2;
+env->cp15.c1_sys = 0x00050078;
+break;
 case ARM_CPUID_ARM11MPCORE:
 set_feature(env, ARM_FEATURE_V4T);
 set_feature(env, ARM_FEATURE_V5);
@@ -376,6 +397,7 @@ static const struct arm_cpu_t arm_cpu_names[] = {
 { ARM_CPUID_ARM1026, "arm1026"},
 { ARM_CPUID_ARM1136, "arm1136"},
 { ARM_CPUID_ARM1136_R2, "arm1136-r2"},
+{ ARM_CPUID_ARM1176, "arm1176"},
 { ARM_CPUID_ARM11MPCORE, "arm11mpcore"},
 { ARM_CPUID_CORTEXM3, "cortex-m3"},
 { ARM_CPUID_CORTEXA8, "cortex-a8"},
@@ -1769,6 +1791,7 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
 return 1;
 case ARM_CPUID_ARM1136:
 case ARM_CPUID_ARM1136_R2:
+case ARM_CPUID_ARM1176:
 return 7;
 case ARM_CPUID_ARM11MPCORE:
 return 1;
-- 
1.7.4.1

[Qemu-devel] [PATCH 47/55] block: Move BlockConf & friends from block_int.h to block.h

[Markus Armbruster]

It's convenience stuff for block device models, so block.h isn't the
ideal home either, but better than block_int.h.

Permits moving some #include "block_int.h" from device model .h into
.c.

Signed-off-by: Markus Armbruster 
---
 block.h   |   38 ++
 block_int.h   |   35 ---
 hw/ide/core.c |1 +
 hw/ide/internal.h |1 -
 hw/scsi-disk.c|1 +
 hw/scsi.h |1 -
 hw/virtio-blk.c   |1 +
 hw/virtio.h   |2 +-
 8 files changed, 42 insertions(+), 38 deletions(-)

diff --git a/block.h b/block.h
index b56dae6..b6eaaba 100644
--- a/block.h
+++ b/block.h
@@ -326,4 +326,42 @@ typedef enum {
 #define BLKDBG_EVENT(bs, evt) bdrv_debug_event(bs, evt)
 void bdrv_debug_event(BlockDriverState *bs, BlkDebugEvent event);
 
+
+/* Convenience for block device models */
+
+typedef struct BlockConf {
+BlockDriverState *bs;
+uint16_t physical_block_size;
+uint16_t logical_block_size;
+uint16_t min_io_size;
+uint32_t opt_io_size;
+int32_t bootindex;
+uint32_t discard_granularity;
+} BlockConf;
+
+static inline unsigned int get_physical_block_exp(BlockConf *conf)
+{
+unsigned int exp = 0, size;
+
+for (size = conf->physical_block_size;
+size > conf->logical_block_size;
+size >>= 1) {
+exp++;
+}
+
+return exp;
+}
+
+#define DEFINE_BLOCK_PROPERTIES(_state, _conf)  \
+DEFINE_PROP_DRIVE("drive", _state, _conf.bs),   \
+DEFINE_PROP_UINT16("logical_block_size", _state,\
+   _conf.logical_block_size, 512),  \
+DEFINE_PROP_UINT16("physical_block_size", _state,   \
+   _conf.physical_block_size, 512), \
+DEFINE_PROP_UINT16("min_io_size", _state, _conf.min_io_size, 0),  \
+DEFINE_PROP_UINT32("opt_io_size", _state, _conf.opt_io_size, 0),\
+DEFINE_PROP_INT32("bootindex", _state, _conf.bootindex, -1),\
+DEFINE_PROP_UINT32("discard_granularity", _state, \
+   _conf.discard_granularity, 0)
+
 #endif
diff --git a/block_int.h b/block_int.h
index 4bc91cb..7e74d01 100644
--- a/block_int.h
+++ b/block_int.h
@@ -219,39 +219,4 @@ void *qemu_blockalign(BlockDriverState *bs, size_t size);
 int is_windows_drive(const char *filename);
 #endif
 
-typedef struct BlockConf {
-BlockDriverState *bs;
-uint16_t physical_block_size;
-uint16_t logical_block_size;
-uint16_t min_io_size;
-uint32_t opt_io_size;
-int32_t bootindex;
-uint32_t discard_granularity;
-} BlockConf;
-
-static inline unsigned int get_physical_block_exp(BlockConf *conf)
-{
-unsigned int exp = 0, size;
-
-for (size = conf->physical_block_size;
-size > conf->logical_block_size;
-size >>= 1) {
-exp++;
-}
-
-return exp;
-}
-
-#define DEFINE_BLOCK_PROPERTIES(_state, _conf)  \
-DEFINE_PROP_DRIVE("drive", _state, _conf.bs),   \
-DEFINE_PROP_UINT16("logical_block_size", _state,\
-   _conf.logical_block_size, 512),  \
-DEFINE_PROP_UINT16("physical_block_size", _state,   \
-   _conf.physical_block_size, 512), \
-DEFINE_PROP_UINT16("min_io_size", _state, _conf.min_io_size, 0),  \
-DEFINE_PROP_UINT32("opt_io_size", _state, _conf.opt_io_size, 0),\
-DEFINE_PROP_INT32("bootindex", _state, _conf.bootindex, -1),\
-DEFINE_PROP_UINT32("discard_granularity", _state, \
-   _conf.discard_granularity, 0)
-
 #endif /* BLOCK_INT_H */
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 2bde2b8..7301108 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -30,6 +30,7 @@
 #include "sysemu.h"
 #include "dma.h"
 #include "blockdev.h"
+#include "block_int.h"
 
 #include 
 
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index df8887a..d467b04 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -7,7 +7,6 @@
  * non-internal declarations are in hw/ide.h
  */
 #include 
-#include "block_int.h"
 #include "iorange.h"
 #include "dma.h"
 
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index f36f529..9d6968c 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -37,6 +37,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } 
while (0)
 #include "scsi-defs.h"
 #include "sysemu.h"
 #include "blockdev.h"
+#include "block_int.h"
 
 #define SCSI_DMA_BUF_SIZE131072
 #define SCSI_MAX_INQUIRY_LEN 256
diff --git a/hw/scsi.h b/hw/scsi.h
index f6b6bc1..aa3aeff 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -3,7 +3,6 @@
 
 #include "qdev.h"
 #include "block.h"
-#include "block_int.h"
 
 #define MAX_SCSI_DEVS  255
 
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 4ed1975..a517150 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -15,6 +15,7 @@
 #include "qemu-error.

[Qemu-devel] [RFC v5 18/86] pc: move global memory map out of pc_init1() and into its callers

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/pc_piix.c |   15 ---
 1 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index d83854c..f2d0476 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -68,7 +68,8 @@ static void ioapic_init(IsaIrqState *isa_irq_state)
 }
 
 /* PC hardware initialisation */
-static void pc_init1(ram_addr_t ram_size,
+static void pc_init1(MemoryRegion *system_memory,
+ ram_addr_t ram_size,
  const char *boot_device,
  const char *kernel_filename,
  const char *kernel_cmdline,
@@ -91,9 +92,6 @@ static void pc_init1(ram_addr_t ram_size,
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 BusState *idebus[MAX_IDE_BUS];
 ISADevice *rtc_state;
-MemoryRegion *system_memory;
-
-system_memory = get_system_memory();
 
 pc_cpus_init(cpu_model);
 
@@ -214,7 +212,8 @@ static void pc_init_pci(ram_addr_t ram_size,
 const char *initrd_filename,
 const char *cpu_model)
 {
-pc_init1(ram_size, boot_device,
+pc_init1(get_system_memory(),
+ ram_size, boot_device,
  kernel_filename, kernel_cmdline,
  initrd_filename, cpu_model, 1, 1);
 }
@@ -226,7 +225,8 @@ static void pc_init_pci_no_kvmclock(ram_addr_t ram_size,
 const char *initrd_filename,
 const char *cpu_model)
 {
-pc_init1(ram_size, boot_device,
+pc_init1(get_system_memory(),
+ ram_size, boot_device,
  kernel_filename, kernel_cmdline,
  initrd_filename, cpu_model, 1, 0);
 }
@@ -240,7 +240,8 @@ static void pc_init_isa(ram_addr_t ram_size,
 {
 if (cpu_model == NULL)
 cpu_model = "486";
-pc_init1(ram_size, boot_device,
+pc_init1(get_system_memory(),
+ ram_size, boot_device,
  kernel_filename, kernel_cmdline,
  initrd_filename, cpu_model, 0, 1);
 }
-- 
1.7.5.3

[Qemu-devel] [RFC v5 71/86] omap_gpmc/nseries/tusb6010: convert to memory API

[Avi Kivity]

Somewhat clumsy since it needs a variable sized region.

Signed-off-by: Avi Kivity 
---
 hw/omap.h  |3 ++-
 hw/omap_gpmc.c |   54 ++
 hw/tusb6010.c  |   30 +-
 hw/tusb6010.h  |7 +--
 4 files changed, 50 insertions(+), 44 deletions(-)

diff --git a/hw/omap.h b/hw/omap.h
index c227a82..68cfd5f 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -17,6 +17,7 @@
  * with this program; if not, see .
  */
 #ifndef hw_omap_h
+#include "memory.h"
 # define hw_omap_h "omap.h"
 
 # define OMAP_EMIFS_BASE   0x
@@ -117,7 +118,7 @@ void omap_sdrc_reset(struct omap_sdrc_s *s);
 struct omap_gpmc_s;
 struct omap_gpmc_s *omap_gpmc_init(target_phys_addr_t base, qemu_irq irq);
 void omap_gpmc_reset(struct omap_gpmc_s *s);
-void omap_gpmc_attach(struct omap_gpmc_s *s, int cs, int iomemtype,
+void omap_gpmc_attach(struct omap_gpmc_s *s, int cs, MemoryRegion *iomem,
 void (*base_upd)(void *opaque, target_phys_addr_t new),
 void (*unmap)(void *opaque), void *opaque);
 
diff --git a/hw/omap_gpmc.c b/hw/omap_gpmc.c
index 8bf3343..a3f3048 100644
--- a/hw/omap_gpmc.c
+++ b/hw/omap_gpmc.c
@@ -21,10 +21,12 @@
 #include "hw.h"
 #include "flash.h"
 #include "omap.h"
+#include "memory.h"
 
 /* General-Purpose Memory Controller */
 struct omap_gpmc_s {
 qemu_irq irq;
+MemoryRegion iomem;
 
 uint8_t sysconfig;
 uint16_t irqst;
@@ -39,7 +41,8 @@ struct omap_gpmc_s {
 uint32_t config[7];
 target_phys_addr_t base;
 size_t size;
-int iomemtype;
+MemoryRegion *iomem;
+MemoryRegion container;
 void (*base_update)(void *opaque, target_phys_addr_t new);
 void (*unmap)(void *opaque);
 void *opaque;
@@ -55,6 +58,8 @@ static void omap_gpmc_int_update(struct omap_gpmc_s *s)
 qemu_set_irq(s->irq, s->irqen & s->irqst);
 }
 
+#include "exec-memory.h"
+
 static void omap_gpmc_cs_map(struct omap_gpmc_cs_file_s *f, int base, int mask)
 {
 /* TODO: check for overlapping regions and report access errors */
@@ -75,8 +80,12 @@ static void omap_gpmc_cs_map(struct omap_gpmc_cs_file_s *f, 
int base, int mask)
  * constant), the mask should cause wrapping of the address space, so
  * that the same memory becomes accessible at every size bytes
  * starting from base.  */
-if (f->iomemtype)
-cpu_register_physical_memory(f->base, f->size, f->iomemtype);
+if (f->iomem) {
+memory_region_init(&f->container, "omap-gpmc-file", f->size);
+memory_region_add_subregion(&f->container, 0, f->iomem);
+memory_region_add_subregion(get_system_memory(), f->base,
+&f->container);
+}
 
 if (f->base_update)
 f->base_update(f->opaque, f->base);
@@ -87,8 +96,11 @@ static void omap_gpmc_cs_unmap(struct omap_gpmc_cs_file_s *f)
 if (f->size) {
 if (f->unmap)
 f->unmap(f->opaque);
-if (f->iomemtype)
-cpu_register_physical_memory(f->base, f->size, IO_MEM_UNASSIGNED);
+if (f->iomem) {
+memory_region_del_subregion(get_system_memory(), &f->container);
+memory_region_del_subregion(&f->container, f->iomem);
+memory_region_destroy(&f->container);
+}
 f->base = 0;
 f->size = 0;
 }
@@ -132,7 +144,8 @@ void omap_gpmc_reset(struct omap_gpmc_s *s)
 ecc_reset(&s->ecc[i]);
 }
 
-static uint32_t omap_gpmc_read(void *opaque, target_phys_addr_t addr)
+static uint64_t omap_gpmc_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
 int cs;
@@ -230,7 +243,7 @@ static uint32_t omap_gpmc_read(void *opaque, 
target_phys_addr_t addr)
 }
 
 static void omap_gpmc_write(void *opaque, target_phys_addr_t addr,
-uint32_t value)
+uint64_t value, unsigned size)
 {
 struct omap_gpmc_s *s = (struct omap_gpmc_s *) opaque;
 int cs;
@@ -249,7 +262,7 @@ static void omap_gpmc_write(void *opaque, 
target_phys_addr_t addr,
 
 case 0x010:/* GPMC_SYSCONFIG */
 if ((value >> 3) == 0x3)
-fprintf(stderr, "%s: bad SDRAM idle mode %i\n",
+fprintf(stderr, "%s: bad SDRAM idle mode %"PRIi64"\n",
 __FUNCTION__, value >> 3);
 if (value & 2)
 omap_gpmc_reset(s);
@@ -369,34 +382,27 @@ static void omap_gpmc_write(void *opaque, 
target_phys_addr_t addr,
 }
 }
 
-static CPUReadMemoryFunc * const omap_gpmc_readfn[] = {
-omap_badwidth_read32,  /* TODO */
-omap_badwidth_read32,  /* TODO */
-omap_gpmc_read,
-};
-
-static CPUWriteMemoryFunc * const omap_gpmc_writefn[] = {
-omap_badwidth_write32, /* TODO */
-omap_badwidth_write32, /* TODO */
-omap_gpmc_write,
+static const MemoryReg

[Qemu-devel] [RFC v5 24/86] vmsvga: don't remember pci BAR address in callback any more

[Avi Kivity]

We're going to remove the callback, so we can't use it to save the
address.  Use the pci API instead.

Signed-off-by: Avi Kivity 
---
 hw/vmware_vga.c |   12 ++--
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/vmware_vga.c b/hw/vmware_vga.c
index 354c221..190b005 100644
--- a/hw/vmware_vga.c
+++ b/hw/vmware_vga.c
@@ -52,8 +52,6 @@ struct vmsvga_state_s {
 int on;
 } cursor;
 
-target_phys_addr_t vram_base;
-
 int index;
 int scratch_size;
 uint32_t *scratch;
@@ -761,8 +759,11 @@ static uint32_t vmsvga_value_read(void *opaque, uint32_t 
address)
 case SVGA_REG_BYTES_PER_LINE:
 return ((s->depth + 7) >> 3) * s->new_width;
 
-case SVGA_REG_FB_START:
-return s->vram_base;
+case SVGA_REG_FB_START: {
+struct pci_vmsvga_state_s *pci_vmsvga
+= container_of(s, struct pci_vmsvga_state_s, chip);
+return pci_get_bar_addr(&pci_vmsvga->card, 1);
+}
 
 case SVGA_REG_FB_OFFSET:
 return 0x0;
@@ -1247,14 +1248,13 @@ static void pci_vmsvga_map_mem(PCIDevice *pci_dev, int 
region_num,
 struct vmsvga_state_s *s = &d->chip;
 ram_addr_t iomemtype;
 
-s->vram_base = addr;
 #ifdef DIRECT_VRAM
 iomemtype = cpu_register_io_memory(vmsvga_vram_read,
 vmsvga_vram_write, s, DEVICE_NATIVE_ENDIAN);
 #else
 iomemtype = s->vga.vram_offset | IO_MEM_RAM;
 #endif
-cpu_register_physical_memory(s->vram_base, s->vga.vram_size,
+cpu_register_physical_memory(addr, s->vga.vram_size,
 iomemtype);
 
 s->vga.map_addr = addr;
-- 
1.7.5.3

[Qemu-devel] [PATCH 50/55] block: New bdrv_set_buffer_alignment()

[Markus Armbruster]

Device models should be able to set it without an unclean include of
block_int.h.

Signed-off-by: Markus Armbruster 
---
 block.c |6 --
 block.h |1 +
 hw/ide/core.c   |2 +-
 hw/scsi-disk.c  |3 +--
 hw/virtio-blk.c |3 +--
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/block.c b/block.c
index 925861f..e9b911b 100644
--- a/block.c
+++ b/block.c
@@ -428,7 +428,6 @@ static int bdrv_open_common(BlockDriverState *bs, const 
char *filename,
 bs->encrypted = 0;
 bs->valid_key = 0;
 bs->open_flags = flags;
-/* buffer_alignment defaulted to 512, drivers can change this value */
 bs->buffer_alignment = 512;
 
 pstrcpy(bs->filename, sizeof(bs->filename), filename);
@@ -2819,7 +2818,10 @@ BlockDriverAIOCB *bdrv_aio_ioctl(BlockDriverState *bs,
 return NULL;
 }
 
-
+void bdrv_set_buffer_alignment(BlockDriverState *bs, int align)
+{
+bs->buffer_alignment = align;
+}
 
 void *qemu_blockalign(BlockDriverState *bs, size_t size)
 {
diff --git a/block.h b/block.h
index 8f52abb..c596b4c 100644
--- a/block.h
+++ b/block.h
@@ -264,6 +264,7 @@ int bdrv_img_create(const char *filename, const char *fmt,
 const char *base_filename, const char *base_fmt,
 char *options, uint64_t img_size, int flags);
 
+void bdrv_set_buffer_alignment(BlockDriverState *bs, int align);
 void *qemu_blockalign(BlockDriverState *bs, size_t size);
 
 #define BDRV_SECTORS_PER_DIRTY_CHUNK 2048
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 7301108..bfa1162 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1821,7 +1821,7 @@ int ide_init_drive(IDEState *s, BlockDriverState *bs, 
IDEDriveKind kind,
 s->smart_selftest_count = 0;
 if (kind == IDE_CD) {
 bdrv_set_dev_ops(bs, &ide_cd_block_ops, s);
-bs->buffer_alignment = 2048;
+bdrv_set_buffer_alignment(bs, 2048);
 } else {
 if (!bdrv_is_inserted(s->bs)) {
 error_report("Device needs media, but drive is empty");
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 9d6968c..1bfdfdd 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -37,7 +37,6 @@ do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } 
while (0)
 #include "scsi-defs.h"
 #include "sysemu.h"
 #include "blockdev.h"
-#include "block_int.h"
 
 #define SCSI_DMA_BUF_SIZE131072
 #define SCSI_MAX_INQUIRY_LEN 256
@@ -1336,7 +1335,7 @@ static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind 
kind)
 s->qdev.blocksize = s->qdev.conf.logical_block_size;
 }
 s->cluster_size = s->qdev.blocksize / 512;
-s->bs->buffer_alignment = s->qdev.blocksize;
+bdrv_set_buffer_alignment(s->bs, s->qdev.blocksize);
 
 s->qdev.type = TYPE_DISK;
 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index a517150..811d709 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -15,7 +15,6 @@
 #include "qemu-error.h"
 #include "trace.h"
 #include "blockdev.h"
-#include "block_int.h"
 #include "virtio-blk.h"
 #ifdef __linux__
 # include 
@@ -585,7 +584,7 @@ VirtIODevice *virtio_blk_init(DeviceState *dev, BlockConf 
*conf,
 register_savevm(dev, "virtio-blk", virtio_blk_id++, 2,
 virtio_blk_save, virtio_blk_load, s);
 bdrv_set_dev_ops(s->bs, &virtio_block_ops, s);
-s->bs->buffer_alignment = conf->logical_block_size;
+bdrv_set_buffer_alignment(s->bs, conf->logical_block_size);
 
 add_boot_device_path(conf->bootindex, dev, "/disk@0,0");
 
-- 
1.7.2.3

[Qemu-devel] [RFC v5 07/86] memory: rename MemoryRegion::has_ram_addr to ::terminates

[Avi Kivity]

I/O regions will not have ram_addrs, so this is a better name.

Signed-off-by: Avi Kivity 
---
 memory.c |   18 +-
 memory.h |2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/memory.c b/memory.c
index 7187223..5fda4a0 100644
--- a/memory.c
+++ b/memory.c
@@ -244,7 +244,7 @@ static void render_memory_region(FlatView *view,
 render_memory_region(view, subregion, base, clip);
 }
 
-if (!mr->has_ram_addr) {
+if (!mr->terminates) {
 return;
 }
 
@@ -366,7 +366,7 @@ void memory_region_init(MemoryRegion *mr,
 mr->size = size;
 mr->addr = 0;
 mr->offset = 0;
-mr->has_ram_addr = false;
+mr->terminates = false;
 mr->priority = 0;
 mr->may_overlap = false;
 mr->alias = NULL;
@@ -521,7 +521,7 @@ void memory_region_init_io(MemoryRegion *mr,
 memory_region_init(mr, name, size);
 mr->ops = ops;
 mr->opaque = opaque;
-mr->has_ram_addr = true;
+mr->terminates = true;
 mr->ram_addr = cpu_register_io_memory(memory_region_read_thunk,
   memory_region_write_thunk,
   mr,
@@ -534,7 +534,7 @@ void memory_region_init_ram(MemoryRegion *mr,
 uint64_t size)
 {
 memory_region_init(mr, name, size);
-mr->has_ram_addr = true;
+mr->terminates = true;
 mr->ram_addr = qemu_ram_alloc(dev, name, size);
 }
 
@@ -545,7 +545,7 @@ void memory_region_init_ram_ptr(MemoryRegion *mr,
 void *ptr)
 {
 memory_region_init(mr, name, size);
-mr->has_ram_addr = true;
+mr->terminates = true;
 mr->ram_addr = qemu_ram_alloc_from_ptr(dev, name, size, ptr);
 }
 
@@ -588,13 +588,13 @@ void memory_region_set_log(MemoryRegion *mr, bool log, 
unsigned client)
 bool memory_region_get_dirty(MemoryRegion *mr, target_phys_addr_t addr,
  unsigned client)
 {
-assert(mr->has_ram_addr);
+assert(mr->terminates);
 return cpu_physical_memory_get_dirty(mr->ram_addr + addr, 1 << client);
 }
 
 void memory_region_set_dirty(MemoryRegion *mr, target_phys_addr_t addr)
 {
-assert(mr->has_ram_addr);
+assert(mr->terminates);
 return cpu_physical_memory_set_dirty(mr->ram_addr + addr);
 }
 
@@ -618,7 +618,7 @@ void memory_region_set_readonly(MemoryRegion *mr, bool 
readonly)
 void memory_region_reset_dirty(MemoryRegion *mr, target_phys_addr_t addr,
target_phys_addr_t size, unsigned client)
 {
-assert(mr->has_ram_addr);
+assert(mr->terminates);
 cpu_physical_memory_reset_dirty(mr->ram_addr + addr,
 mr->ram_addr + addr + size,
 1 << client);
@@ -630,7 +630,7 @@ void *memory_region_get_ram_ptr(MemoryRegion *mr)
 return memory_region_get_ram_ptr(mr->alias) + mr->alias_offset;
 }
 
-if (!mr->has_ram_addr) {
+if (!mr->terminates) {
 abort();
 }
 
diff --git a/memory.h b/memory.h
index 8873f75..2ad7202 100644
--- a/memory.h
+++ b/memory.h
@@ -77,7 +77,7 @@ struct MemoryRegion {
 target_phys_addr_t addr;
 target_phys_addr_t offset;
 ram_addr_t ram_addr;
-bool has_ram_addr;
+bool terminates;
 MemoryRegion *alias;
 target_phys_addr_t alias_offset;
 unsigned priority;
-- 
1.7.5.3

[Qemu-devel] [PATCH 48/55] hw: Trim superfluous #include "block_int.h"

[Markus Armbruster]

Including it in device models is unclean, including it without a
reason adds insult to injury.

Signed-off-by: Markus Armbruster 
---
 hw/fdc.c|1 -
 hw/ide/cmd646.c |1 -
 hw/ide/ich.c|1 -
 hw/ide/isa.c|1 -
 hw/ide/macio.c  |1 -
 hw/ide/microdrive.c |1 -
 hw/ide/mmio.c   |1 -
 hw/ide/pci.c|1 -
 hw/ide/piix.c   |1 -
 hw/ide/via.c|1 -
 hw/lsi53c895a.c |1 -
 11 files changed, 0 insertions(+), 11 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index debcd89..e8da6a9 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -36,7 +36,6 @@
 #include "qdev-addr.h"
 #include "blockdev.h"
 #include "sysemu.h"
-#include "block_int.h"
 
 //
 /* debug Floppy devices */
diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 56302b5..79ceca0 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "sysemu.h"
 #include "dma.h"
 
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index 054e073..6f8c175 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -66,7 +66,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 4ac7453..28b69d2 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -26,7 +26,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 7daeb31..e92c330 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -26,7 +26,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 9fbbf0e..61a6034 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -26,7 +26,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/mmio.c b/hw/ide/mmio.c
index 10f6f40..d6bb5e3 100644
--- a/hw/ide/mmio.c
+++ b/hw/ide/mmio.c
@@ -24,7 +24,6 @@
  */
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index 9f3050a..a5371f4 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "dma.h"
 
 #include 
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 84f72b0..a0bef42 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "sysemu.h"
 #include "dma.h"
 
diff --git a/hw/ide/via.c b/hw/ide/via.c
index 3474c37..3c131f6 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -28,7 +28,6 @@
 #include 
 #include 
 #include "block.h"
-#include "block_int.h"
 #include "sysemu.h"
 #include "dma.h"
 
diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index 940b43a..0930519 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -15,7 +15,6 @@
 #include "hw.h"
 #include "pci.h"
 #include "scsi.h"
-#include "block_int.h"
 
 //#define DEBUG_LSI
 //#define DEBUG_LSI_REG
-- 
1.7.2.3

Re: [Qemu-devel] live snapshot wiki updated

[Eric Blake]

On 07/20/2011 11:20 AM, Blue Swirl wrote:

There could still be some issues:
Let's have files A, B, C etc. with backing files AA etc. How would
libvirt know that when QEMU wants to write to file CA, this is because
it's needed to access C, or is it just trickery by a devious guest to
corrupt storage?


The fix for CVE-2010-2238 already deals with this: if primary image C 
refers to backing file CA of raw format, but does not state what file 
format CA contains, then a malicious guest can modify the contents of CA 
to appear to be yet another qcow2 image.  At which point, if libvirt 
follows the backing file specified in CA, then yes, the malicious guest 
really can cause libvirt to expose arbitrary file CB for manipulation by 
the guest.  But that security hole was already plugged - by default, 
libvirt refuses to probe backing files parsed from qcow2 headers for 
file format, but instead requires the outer qcow2 header to also include 
the a file format designation for the backing file.  At which point, you 
then have a safe chain: if C refers to CA, then libvirt knows that both 
C and CA are essential to the storage presented by giving qemu the file 
name C, and the guest will already be modifying CA, but there is no 
storage corruption involved.


That is, as long as libvirt can already accurately read the chain of 
backing files from any starting point, then it can hand that entire 
chain of backing files (whether by the topmost file name as it does now, 
or whether by a series of fds as is being proposed) to qemu.




This could be handled so that instead of naming the backing file, QEMU
asks for a descriptor for the backing file by presenting the
descriptor to main file C, but I think the real solution is that
libvirt should handle the storage formats completely and it should
present QEMU with only a raw file like interface (read/write/seek) for
the data. Then any backing files would be handled within libvirt.
Performance could suffer, though.


The monitor interface was not designed to throw the 
read()/write()/seek() burden back on libvirt, and indeed that would kill 
performance so it is a non-starter idea.  All we need for security is 
the open() burden to be shifted out of qemu and into libvirt.


--
Eric Blake   ebl...@redhat.com+1-801-349-2682
Libvirt virtualization library http://libvirt.org

[Qemu-devel] [RFC v5 53/86] uhci: convert to memory API

[Avi Kivity]

Signed-off-by: Avi Kivity 
---
 hw/usb-uhci.c |   42 --
 1 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/hw/usb-uhci.c b/hw/usb-uhci.c
index 2ef4c5b..6d1dd54 100644
--- a/hw/usb-uhci.c
+++ b/hw/usb-uhci.c
@@ -132,6 +132,7 @@ typedef struct UHCIPort {
 
 struct UHCIState {
 PCIDevice dev;
+MemoryRegion io_bar;
 USBBus bus; /* Note unused when we're a companion controller */
 uint16_t cmd; /* cmd register */
 uint16_t status;
@@ -1095,18 +1096,19 @@ static void uhci_frame_timer(void *opaque)
 qemu_mod_timer(s->frame_timer, s->expire_time);
 }
 
-static void uhci_map(PCIDevice *pci_dev, int region_num,
-pcibus_t addr, pcibus_t size, int type)
-{
-UHCIState *s = (UHCIState *)pci_dev;
-
-register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
-register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
-register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
-register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
-register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
-register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
-}
+static const MemoryRegionPortio uhci_portio[] = {
+{ 0, 32, 2, .write = uhci_ioport_writew, },
+{ 0, 32, 2, .read = uhci_ioport_readw, },
+{ 0, 32, 4, .write = uhci_ioport_writel, },
+{ 0, 32, 4, .read = uhci_ioport_readl, },
+{ 0, 32, 1, .write = uhci_ioport_writeb, },
+{ 0, 32, 1, .read = uhci_ioport_readb, },
+PORTIO_END
+};
+
+static const MemoryRegionOps uhci_ioport_ops = {
+.old_portio = uhci_portio,
+};
 
 static USBPortOps uhci_port_ops = {
 .attach = uhci_attach,
@@ -1153,10 +1155,11 @@ static int usb_uhci_common_initfn(PCIDevice *dev)
 
 qemu_register_reset(uhci_reset, s);
 
+memory_region_init_io(&s->io_bar, &uhci_ioport_ops, s, "uhci", 0x20);
 /* Use region 4 for consistency with real hardware.  BSD guests seem
to rely on this.  */
-pci_register_bar(&s->dev, 4, 0x20,
-   PCI_BASE_ADDRESS_SPACE_IO, uhci_map);
+pci_register_bar_region(&s->dev, 4,
+PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
 
 return 0;
 }
@@ -1176,6 +1179,14 @@ static int usb_uhci_vt82c686b_initfn(PCIDevice *dev)
 return usb_uhci_common_initfn(dev);
 }
 
+static int usb_uhci_exit(PCIDevice *dev)
+{
+UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
+
+memory_region_destroy(&s->io_bar);
+return 0;
+}
+
 static Property uhci_properties[] = {
 DEFINE_PROP_STRING("masterbus", UHCIState, masterbus),
 DEFINE_PROP_UINT32("firstport", UHCIState, firstport, 0),
@@ -1188,6 +1199,7 @@ static PCIDeviceInfo uhci_info[] = {
 .qdev.size= sizeof(UHCIState),
 .qdev.vmsd= &vmstate_uhci,
 .init = usb_uhci_common_initfn,
+.exit = usb_uhci_exit,
 .vendor_id= PCI_VENDOR_ID_INTEL,
 .device_id= PCI_DEVICE_ID_INTEL_82371SB_2,
 .revision = 0x01,
@@ -1198,6 +1210,7 @@ static PCIDeviceInfo uhci_info[] = {
 .qdev.size= sizeof(UHCIState),
 .qdev.vmsd= &vmstate_uhci,
 .init = usb_uhci_common_initfn,
+.exit = usb_uhci_exit,
 .vendor_id= PCI_VENDOR_ID_INTEL,
 .device_id= PCI_DEVICE_ID_INTEL_82371AB_2,
 .revision = 0x01,
@@ -1208,6 +1221,7 @@ static PCIDeviceInfo uhci_info[] = {
 .qdev.size= sizeof(UHCIState),
 .qdev.vmsd= &vmstate_uhci,
 .init = usb_uhci_vt82c686b_initfn,
+.exit = usb_uhci_exit,
 .vendor_id= PCI_VENDOR_ID_VIA,
 .device_id= PCI_DEVICE_ID_VIA_UHCI,
 .revision = 0x01,
-- 
1.7.5.3

[Qemu-devel] [RFC v5 49/86] i6300esb: convert to memory API

[Avi Kivity]

Also add missing destructor.

Signed-off-by: Avi Kivity 
---
 hw/wdt_i6300esb.c |   43 +--
 1 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/hw/wdt_i6300esb.c b/hw/wdt_i6300esb.c
index 53786ce..abc2e17 100644
--- a/hw/wdt_i6300esb.c
+++ b/hw/wdt_i6300esb.c
@@ -66,6 +66,7 @@
 /* Device state. */
 struct I6300State {
 PCIDevice dev;
+MemoryRegion io_mem;
 
 int reboot_enabled; /* "Reboot" on timer expiry.  The real action
  * performed depends on the -watchdog-action
@@ -355,6 +356,22 @@ static void i6300esb_mem_writel(void *vp, 
target_phys_addr_t addr, uint32_t val)
 }
 }
 
+static const MemoryRegionOps i6300esb_ops = {
+.old_mmio = {
+.read = {
+i6300esb_mem_readb,
+i6300esb_mem_readw,
+i6300esb_mem_readl,
+},
+.write = {
+i6300esb_mem_writeb,
+i6300esb_mem_writew,
+i6300esb_mem_writel,
+},
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
 static const VMStateDescription vmstate_i6300esb = {
 .name = "i6300esb_wdt",
 .version_id = sizeof(I6300State),
@@ -381,31 +398,28 @@ static const VMStateDescription vmstate_i6300esb = {
 static int i6300esb_init(PCIDevice *dev)
 {
 I6300State *d = DO_UPCAST(I6300State, dev, dev);
-int io_mem;
-static CPUReadMemoryFunc * const mem_read[3] = {
-i6300esb_mem_readb,
-i6300esb_mem_readw,
-i6300esb_mem_readl,
-};
-static CPUWriteMemoryFunc * const mem_write[3] = {
-i6300esb_mem_writeb,
-i6300esb_mem_writew,
-i6300esb_mem_writel,
-};
 
 i6300esb_debug("I6300State = %p\n", d);
 
 d->timer = qemu_new_timer_ns(vm_clock, i6300esb_timer_expired, d);
 d->previous_reboot_flag = 0;
 
-io_mem = cpu_register_io_memory(mem_read, mem_write, d,
-DEVICE_NATIVE_ENDIAN);
-pci_register_bar_simple(&d->dev, 0, 0x10, 0, io_mem);
+memory_region_init_io(&d->io_mem, &i6300esb_ops, d, "i6300esb", 0x10);
+pci_register_bar_region(&d->dev, 0, 0, &d->io_mem);
 /* qemu_register_coalesced_mmio (addr, 0x10); ? */
 
 return 0;
 }
 
+static int i6300esb_exit(PCIDevice *dev)
+{
+I6300State *d = DO_UPCAST(I6300State, dev, dev);
+
+memory_region_destroy(&d->io_mem);
+
+return 0;
+}
+
 static WatchdogTimerModel model = {
 .wdt_name = "i6300esb",
 .wdt_description = "Intel 6300ESB",
@@ -419,6 +433,7 @@ static PCIDeviceInfo i6300esb_info = {
 .config_read  = i6300esb_config_read,
 .config_write = i6300esb_config_write,
 .init = i6300esb_init,
+.exit = i6300esb_exit,
 .vendor_id= PCI_VENDOR_ID_INTEL,
 .device_id= PCI_DEVICE_ID_INTEL_ESB_9,
 .class_id = PCI_CLASS_SYSTEM_OTHER,
-- 
1.7.5.3

Re: [Qemu-devel] [PATCH 2/6] xen: add mapcache stubs

[Alexander Graf]

On 20.07.2011, at 17:12, Avi Kivity wrote:

> On 07/19/2011 05:53 AM, Alexander Graf wrote:
>> During the transition to get rid of CONFIG_XEN_MAPCACHE we lost the mapcache
>> stubs along the way. Nobody realized it because the commands were guarded by
>> if (xen_enabled()) clauses that made gcc optimize out the respective calls.
>> 
> 
> Except those building with --enable-debug.

Ah, that's how you caught it. I was wondering already :). Right, --enable-debug 
also catches it.


Alex

[Qemu-devel] [PATCH] sh4: Fix potential crash in debug code

[Stefan Weil]

cppcheck reports this error:

qemu/hw/sh_intc.c:390: error: Possible null pointer dereference:
 s - otherwise it is redundant to check if s is null at line 385

If s were NULL, the printf() statement would crash.
Setting braces fixes this bug.

Signed-off-by: Stefan Weil 
---
 hw/sh_intc.c |9 +
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/sh_intc.c b/hw/sh_intc.c
index 0734da9..f73a4b0 100644
--- a/hw/sh_intc.c
+++ b/hw/sh_intc.c
@@ -382,13 +382,14 @@ void sh_intc_register_sources(struct intc_desc *desc,
 
sh_intc_register_source(desc, vect->enum_id, groups, nr_groups);
s = sh_intc_source(desc, vect->enum_id);
-   if (s)
-   s->vect = vect->vect;
+if (s) {
+s->vect = vect->vect;
 
 #ifdef DEBUG_INTC_SOURCES
-   printf("sh_intc: registered source %d -> 0x%04x (%d/%d)\n",
-  vect->enum_id, s->vect, s->enable_count, s->enable_max);
+printf("sh_intc: registered source %d -> 0x%04x (%d/%d)\n",
+   vect->enum_id, s->vect, s->enable_count, s->enable_max);
 #endif
+}
 }
 
 if (groups) {
-- 
1.7.2.5

Re: [Qemu-devel] [PATCH 2/6] xen: add mapcache stubs

[Stefan Weil]

Am 19.07.2011 04:53, schrieb Alexander Graf:
During the transition to get rid of CONFIG_XEN_MAPCACHE we lost the 
mapcache
stubs along the way. Nobody realized it because the commands were 
guarded by
if (xen_enabled()) clauses that made gcc optimize out the respective 
calls.


This patch adds the stubs again - this time in the generic xen-stubs.c

Signed-off-by: Alexander Graf 
---
xen-stub.c | 26 ++
1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/xen-stub.c b/xen-stub.c
index efe2ab5..76d80e9 100644
--- a/xen-stub.c
+++ b/xen-stub.c
@@ -8,6 +8,7 @@

#include "qemu-common.h"
#include "hw/xen.h"
+#include "xen-mapcache.h"

void xenstore_store_pv_console_info(int i, CharDriverState *chr)
{
@@ -43,3 +44,28 @@ int xen_init(void)
{
return -ENOSYS;
}
+
+/*** mapcache stubs ***/
+
+void xen_map_cache_init(void)
+{
+}
+
+uint8_t *xen_map_cache(target_phys_addr_t phys_addr, 
target_phys_addr_t size,

+ uint8_t lock)
+{
+ return qemu_get_ram_ptr(phys_addr);
+}
+
+ram_addr_t xen_ram_addr_from_mapcache(void *ptr)
+{
+ return -1;
+}
+
+void xen_invalidate_map_cache(void)
+{
+}
+
+void xen_invalidate_map_cache_entry(uint8_t *buffer)
+{
+}


The patch fixes a build problem, and the sooner we fix it,
the better it is.

Do we really need a return value other than NULL in xen_map_cache()?
Do we need the stubs for xen_map_cache_init() and 
xen_invalidate_map_cache()?

As discussed in another thread, static inline stub function might be better.

Regards,
Stefan W.

[Qemu-devel] [RFC v5 48/86] pcnet: convert to memory API

[Avi Kivity]

Also related chips.

Signed-off-by: Avi Kivity 
---
 hw/lance.c |   31 ++-
 hw/pcnet-pci.c |   74 +--
 hw/pcnet.h |4 ++-
 3 files changed, 61 insertions(+), 48 deletions(-)

diff --git a/hw/lance.c b/hw/lance.c
index ddb1cbb..8e20360 100644
--- a/hw/lance.c
+++ b/hw/lance.c
@@ -55,8 +55,8 @@ static void parent_lance_reset(void *opaque, int irq, int 
level)
 pcnet_h_reset(&d->state);
 }
 
-static void lance_mem_writew(void *opaque, target_phys_addr_t addr,
- uint32_t val)
+static void lance_mem_write(void *opaque, target_phys_addr_t addr,
+uint64_t val, unsigned size)
 {
 SysBusPCNetState *d = opaque;
 
@@ -64,7 +64,8 @@ static void lance_mem_writew(void *opaque, target_phys_addr_t 
addr,
 pcnet_ioport_writew(&d->state, addr, val & 0x);
 }
 
-static uint32_t lance_mem_readw(void *opaque, target_phys_addr_t addr)
+static uint64_t lance_mem_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 SysBusPCNetState *d = opaque;
 uint32_t val;
@@ -74,16 +75,14 @@ static uint32_t lance_mem_readw(void *opaque, 
target_phys_addr_t addr)
 return val & 0x;
 }
 
-static CPUReadMemoryFunc * const lance_mem_read[3] = {
-NULL,
-lance_mem_readw,
-NULL,
-};
-
-static CPUWriteMemoryFunc * const lance_mem_write[3] = {
-NULL,
-lance_mem_writew,
-NULL,
+static const MemoryRegionOps lance_mem_ops = {
+.read = lance_mem_read,
+.write = lance_mem_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.valid = {
+.min_access_size = 2,
+.max_access_size = 2,
+},
 };
 
 static void lance_cleanup(VLANClientState *nc)
@@ -117,13 +116,11 @@ static int lance_init(SysBusDevice *dev)
 SysBusPCNetState *d = FROM_SYSBUS(SysBusPCNetState, dev);
 PCNetState *s = &d->state;
 
-s->mmio_index =
-cpu_register_io_memory(lance_mem_read, lance_mem_write, d,
-   DEVICE_NATIVE_ENDIAN);
+memory_region_init_io(&s->mmio, &lance_mem_ops, s, "lance-mmio", 4);
 
 qdev_init_gpio_in(&dev->qdev, parent_lance_reset, 1);
 
-sysbus_init_mmio(dev, 4, s->mmio_index);
+sysbus_init_mmio_region(dev, &s->mmio);
 
 sysbus_init_irq(dev, &s->irq);
 
diff --git a/hw/pcnet-pci.c b/hw/pcnet-pci.c
index 216cf81..a25f565 100644
--- a/hw/pcnet-pci.c
+++ b/hw/pcnet-pci.c
@@ -46,6 +46,7 @@
 typedef struct {
 PCIDevice pci_dev;
 PCNetState state;
+MemoryRegion io_bar;
 } PCIPCNetState;
 
 static void pcnet_aprom_writeb(void *opaque, uint32_t addr, uint32_t val)
@@ -69,25 +70,41 @@ static uint32_t pcnet_aprom_readb(void *opaque, uint32_t 
addr)
 return val;
 }
 
-static void pcnet_ioport_map(PCIDevice *pci_dev, int region_num,
- pcibus_t addr, pcibus_t size, int type)
+static uint64_t pcnet_ioport_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
-PCNetState *d = &DO_UPCAST(PCIPCNetState, pci_dev, pci_dev)->state;
+PCNetState *d = opaque;
 
-#ifdef PCNET_DEBUG_IO
-printf("pcnet_ioport_map addr=0x%04"FMT_PCIBUS" size=0x%04"FMT_PCIBUS"\n",
-   addr, size);
-#endif
+if (addr < 16 && size == 1) {
+return pcnet_aprom_readb(d, addr);
+} else if (addr >= 0x10 && addr < 0x20 && size == 2) {
+return pcnet_ioport_readw(d, addr);
+} else if (addr >= 0x10 && addr < 0x20 && size == 4) {
+return pcnet_ioport_readl(d, addr);
+}
+return ((uint64_t)1 << (size * 8)) - 1;
+}
 
-register_ioport_write(addr, 16, 1, pcnet_aprom_writeb, d);
-register_ioport_read(addr, 16, 1, pcnet_aprom_readb, d);
+static void pcnet_ioport_write(void *opaque, target_phys_addr_t addr,
+   uint64_t data, unsigned size)
+{
+PCNetState *d = opaque;
 
-register_ioport_write(addr + 0x10, 0x10, 2, pcnet_ioport_writew, d);
-register_ioport_read(addr + 0x10, 0x10, 2, pcnet_ioport_readw, d);
-register_ioport_write(addr + 0x10, 0x10, 4, pcnet_ioport_writel, d);
-register_ioport_read(addr + 0x10, 0x10, 4, pcnet_ioport_readl, d);
+if (addr < 16 && size == 1) {
+return pcnet_aprom_writeb(d, addr, data);
+} else if (addr >= 0x10 && addr < 0x20 && size == 2) {
+return pcnet_ioport_writew(d, addr, data);
+} else if (addr >= 0x10 && addr < 0x20 && size == 4) {
+return pcnet_ioport_writel(d, addr, data);
+}
 }
 
+static const MemoryRegionOps pcnet_io_ops = {
+.read = pcnet_ioport_read,
+.write = pcnet_ioport_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
 static void pcnet_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t 
val)
 {
 PCNetState *d = opaque;
@@ -202,16 +219,12 @@ static const VMStateDescription vmstate_pci_pcnet = {
 
 /* PCI interface */
 
-static CPUWriteMemoryFunc * const pcnet_mmio_write[] = {
-&pcnet_mmio_writeb,
-   

[Qemu-devel] [RFC v5 42/86] virtio-pci: convert to memory API

[Avi Kivity]

except msix.

[jan: fix build]

Signed-off-by: Avi Kivity 
---
 hw/virtio-pci.c |   74 ++
 hw/virtio-pci.h |2 +-
 2 files changed, 31 insertions(+), 45 deletions(-)

diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index d685243..c114e1a 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -161,7 +161,8 @@ static int 
virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
 {
 VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
 EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
-int r;
+int r = 0;
+
 if (assign) {
 r = event_notifier_init(notifier, 1);
 if (r < 0) {
@@ -169,24 +170,11 @@ static int 
virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
  __func__, r);
 return r;
 }
-r = kvm_set_ioeventfd_pio_word(event_notifier_get_fd(notifier),
-   proxy->addr + VIRTIO_PCI_QUEUE_NOTIFY,
-   n, assign);
-if (r < 0) {
-error_report("%s: unable to map ioeventfd: %d",
- __func__, r);
-event_notifier_cleanup(notifier);
-}
+memory_region_add_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
+  true, n, event_notifier_get_fd(notifier));
 } else {
-r = kvm_set_ioeventfd_pio_word(event_notifier_get_fd(notifier),
-   proxy->addr + VIRTIO_PCI_QUEUE_NOTIFY,
-   n, assign);
-if (r < 0) {
-error_report("%s: unable to unmap ioeventfd: %d",
- __func__, r);
-return r;
-}
-
+memory_region_del_eventfd(&proxy->bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
+  true, n, event_notifier_get_fd(notifier));
 /* Handle the race condition where the guest kicked and we deassigned
  * before we got around to handling the kick.
  */
@@ -423,7 +411,6 @@ static uint32_t virtio_pci_config_readb(void *opaque, 
uint32_t addr)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config)
 return virtio_ioport_read(proxy, addr);
 addr -= config;
@@ -434,7 +421,6 @@ static uint32_t virtio_pci_config_readw(void *opaque, 
uint32_t addr)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config)
 return virtio_ioport_read(proxy, addr);
 addr -= config;
@@ -445,7 +431,6 @@ static uint32_t virtio_pci_config_readl(void *opaque, 
uint32_t addr)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config)
 return virtio_ioport_read(proxy, addr);
 addr -= config;
@@ -456,7 +441,6 @@ static void virtio_pci_config_writeb(void *opaque, uint32_t 
addr, uint32_t val)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config) {
 virtio_ioport_write(proxy, addr, val);
 return;
@@ -469,7 +453,6 @@ static void virtio_pci_config_writew(void *opaque, uint32_t 
addr, uint32_t val)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config) {
 virtio_ioport_write(proxy, addr, val);
 return;
@@ -482,7 +465,6 @@ static void virtio_pci_config_writel(void *opaque, uint32_t 
addr, uint32_t val)
 {
 VirtIOPCIProxy *proxy = opaque;
 uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-addr -= proxy->addr;
 if (addr < config) {
 virtio_ioport_write(proxy, addr, val);
 return;
@@ -491,30 +473,26 @@ static void virtio_pci_config_writel(void *opaque, 
uint32_t addr, uint32_t val)
 virtio_config_writel(proxy->vdev, addr, val);
 }
 
-static void virtio_map(PCIDevice *pci_dev, int region_num,
-   pcibus_t addr, pcibus_t size, int type)
-{
-VirtIOPCIProxy *proxy = container_of(pci_dev, VirtIOPCIProxy, pci_dev);
-VirtIODevice *vdev = proxy->vdev;
-unsigned config_len = VIRTIO_PCI_REGION_SIZE(pci_dev) + vdev->config_len;
-
-proxy->addr = addr;
-
-register_ioport_write(addr, config_len, 1, virtio_pci_config_writeb, 
proxy);
-register_ioport_write(addr, config_len, 2, virtio_pci_config_writew, 
proxy);
-register_ioport_write(addr, config_len, 4, virtio_pci_config_writel, 
proxy);
-register_ioport_read(addr, config_len, 1, virtio_pci_config_readb, proxy);
-register_ioport_read(addr, config_len, 2, virtio_pci_config_readw, proxy);
-register_ioport_read(addr, config_len, 4, virtio_pci_config_readl, proxy);
+const MemoryRegionPortio virtio_portio[] = {
+{ 0,

[Qemu-devel] [RFC v5 45/86] lsi53c895a: convert to memory API

[Avi Kivity]

An optimization that fast-pathed DMA reads from the SCRIPTS memory
was removed int the process.  Likely it breaks with iommus anyway.

Signed-off-by: Avi Kivity 
---
 hw/lsi53c895a.c |  258 ---
 1 files changed, 56 insertions(+), 202 deletions(-)

diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index 940b43a..626f681 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -185,9 +185,9 @@ typedef struct lsi_request {
 
 typedef struct {
 PCIDevice dev;
-int mmio_io_addr;
-int ram_io_addr;
-uint32_t script_ram_base;
+MemoryRegion mmio_io;
+MemoryRegion ram_io;
+MemoryRegion io_io;
 
 int carry; /* ??? Should this be an a visible register somewhere?  */
 int status;
@@ -391,10 +391,9 @@ static inline uint32_t read_dword(LSIState *s, uint32_t 
addr)
 {
 uint32_t buf;
 
-/* Optimize reading from SCRIPTS RAM.  */
-if ((addr & 0xe000) == s->script_ram_base) {
-return s->script_ram[(addr & 0x1fff) >> 2];
-}
+/* XXX: an optimization here used to fast-path the read from scripts
+ * memory.  But that bypasses any iommu.
+ */
 cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
 return cpu_to_le32(buf);
 }
@@ -1905,232 +1904,90 @@ static void lsi_reg_writeb(LSIState *s, int offset, 
uint8_t val)
 #undef CASE_SET_REG32
 }
 
-static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t 
val)
+static void lsi_mmio_write(void *opaque, target_phys_addr_t addr,
+   uint64_t val, unsigned size)
 {
 LSIState *s = opaque;
 
 lsi_reg_writeb(s, addr & 0xff, val);
 }
 
-static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t 
val)
-{
-LSIState *s = opaque;
-
-addr &= 0xff;
-lsi_reg_writeb(s, addr, val & 0xff);
-lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
-}
-
-static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t 
val)
-{
-LSIState *s = opaque;
-
-addr &= 0xff;
-lsi_reg_writeb(s, addr, val & 0xff);
-lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
-lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
-lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
-}
-
-static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
+static uint64_t lsi_mmio_read(void *opaque, target_phys_addr_t addr,
+  unsigned size)
 {
 LSIState *s = opaque;
 
 return lsi_reg_readb(s, addr & 0xff);
 }
 
-static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
-{
-LSIState *s = opaque;
-uint32_t val;
-
-addr &= 0xff;
-val = lsi_reg_readb(s, addr);
-val |= lsi_reg_readb(s, addr + 1) << 8;
-return val;
-}
-
-static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
-{
-LSIState *s = opaque;
-uint32_t val;
-addr &= 0xff;
-val = lsi_reg_readb(s, addr);
-val |= lsi_reg_readb(s, addr + 1) << 8;
-val |= lsi_reg_readb(s, addr + 2) << 16;
-val |= lsi_reg_readb(s, addr + 3) << 24;
-return val;
-}
-
-static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
-lsi_mmio_readb,
-lsi_mmio_readw,
-lsi_mmio_readl,
-};
-
-static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
-lsi_mmio_writeb,
-lsi_mmio_writew,
-lsi_mmio_writel,
+static const MemoryRegionOps lsi_mmio_ops = {
+.read = lsi_mmio_read,
+.write = lsi_mmio_write,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
 };
 
-static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
+static void lsi_ram_write(void *opaque, target_phys_addr_t addr,
+  uint64_t val, unsigned size)
 {
 LSIState *s = opaque;
 uint32_t newval;
+uint32_t mask;
 int shift;
 
-addr &= 0x1fff;
 newval = s->script_ram[addr >> 2];
 shift = (addr & 3) * 8;
-newval &= ~(0xff << shift);
+mask = ((uint64_t)1 << (size * 8)) - 1;
+newval &= ~(mask << shift);
 newval |= val << shift;
 s->script_ram[addr >> 2] = newval;
 }
 
-static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
-{
-LSIState *s = opaque;
-uint32_t newval;
-
-addr &= 0x1fff;
-newval = s->script_ram[addr >> 2];
-if (addr & 2) {
-newval = (newval & 0x) | (val << 16);
-} else {
-newval = (newval & 0x) | val;
-}
-s->script_ram[addr >> 2] = newval;
-}
-
-
-static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
-{
-LSIState *s = opaque;
-
-addr &= 0x1fff;
-s->script_ram[addr >> 2] = val;
-}
-
-static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
+static uint64_t lsi_ram_read(void *opaque, target_phys_addr_t addr,
+ unsigned size)
 {
 LSIState *s = opaque;
 uint32_t val;
+uint32_t mask;
 
-addr &= 0x1fff;
 val = s->script_ram[addr >> 2];
+