Re: [Qemu-devel] Boot order problem and disable iPXE/gPXE

[Gerd Hoffmann]

On 01/04/12 19:02, Gerhard Wiesinger wrote:
> Hello,
> 
> I'm having the following boot order problem using an SCSI option ROM:
> 

> Still boots the cdrom instead of harddisk. So it is impossible to have a
> bootable CDROM in the VM without booting from it.

-option-rom romfile=/root/roms/8xx_64.rom,bootindex=1

> 2.) -device rtl8139,romfile=/dev/null

Better use a empty string as romfile argument, that will make the ROM
pci bar go away instead of creating one with an invalid rom.

HTH,
  Gerd

Re: [Qemu-devel] Boot order problem and disable iPXE/gPXE

[Gleb Natapov]

On Wed, Jan 04, 2012 at 07:02:34PM +0100, Gerhard Wiesinger wrote:
> Hello,
> 
> I'm having the following boot order problem using an SCSI option ROM:
> 
> Command line:
> /root/download/qemu/git/qemu-kvm/x86_64-softmmu/qemu-system-x86_64
> -drive file=1.img,media=disk,if=scsi,bus=0,unit=0
> -drive file=2.img,media=disk,if=scsi,bus=0,unit=1
> -drive file=3.img,media=disk,if=scsi,bus=0,unit=2
> -drive file=4.img,media=disk,if=scsi,bus=0,unit=3
> -cdrom KNOPPIX_V6.2CD-2009-11-18-DE.iso
> -boot order=c -m 256 -k de -vga vmware -vnc :0
> -bios /root/download/seabios/git/seabios/out/bios.bin -option-rom
> BIOS/8xx_64.rom
> -net nic,model=rtl8139,macaddr=1a:46:0b:ca:bc:7c
> -net tap,ifname=tap0,script=no,downscript=no
> 
Try changing option-rom flags like this: -option-rom BIOS/8xx_64.rom,bootindex=1

--
Gleb.

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Paolo Bonzini]

On 01/04/2012 11:40 PM, Stefan Hajnoczi wrote:

What you want sounds almost like an NBD server that can be
launched/stopped while qemu is already running a VM.  This could be a
QEMU monitor command like:
nbd-start tcp::1234 virtio-disk0 --snapshot 20120104

It would be possible to stop the server using the same  tuple.  Note the server needs to provide read-only access,
allowing writes probably has little use and people will hose their
data.


That makes sense, just like most qemu-img commands have an equivalent in 
the monitor for online usage.



Paolo: I haven't looked at the new and improved NBD server yet.  Does
this sound doable?


Yes, indeed.  It should not be hard.  The NBD server is now entirely 
asynchronous, and by using the main loop the integration is very much 
simplified.


Briefly, nbd.c now has a simple server API:

typedef struct NBDExport NBDExport;
typedef struct NBDClient NBDClient;

NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset,
  off_t size, uint32_t nbdflags);
void nbd_export_close(NBDExport *exp);
NBDClient *nbd_client_new(NBDExport *exp, int csock,
  void (*close)(NBDClient *));

... that takes care of everything except creating the server socket and 
accepting clients from it.  Which is actually even better, because 
instead of having a generic NBD server you could start one on a file 
descriptor that you pass via SCM_RIGHTS (aka getfd).



Kevin: I think we need something like qcow2_snapshot_load_tmp() but it
returns a full new BlockDriverState.  The hard thing is that duping a
read-only snapshot qcow2 state leads to sharing and lifecycle problems
- what if we want to close the original BlockDriverState, will the
read-only snapshot state prevent this?


We can prevent closing the parent BDS until all its children are gone.

Paolo

Re: [Qemu-devel] Boot order problem and disable iPXE/gPXE

[Gerhard Wiesinger]

On Wed, 4 Jan 2012, Kevin O'Connor wrote:


On Wed, Jan 04, 2012 at 07:02:34PM +0100, Gerhard Wiesinger wrote:
There is a "bootindex" option that can be passed to the "-device"
parameter of QEMU.  This option give more fine grained control of boot
order.

However, the default should have been to boot from a harddrive first,
so I'm not sure why you see the cdrom first.  You could add the
following to the QEMU command line to see the seabios debugging info:
-chardev stdio,id=seabios -device isa-debugcon,iobase=0x402,chardev=seabios


|0ffdf000| Searching bootorder for: /pci@i0cf8/*@1,1/drive@1/disk@0
|0ffdf000| Registering bootable: DVD/CD [ata1-0: QEMU DVD-ROM ATAPI-4 DVD/CD] 
(type:3 prio: data:fd940)
Searching bootorder for: /pci@i0cf8/*@3
Registering bootable: iPXE (PCI 00:03.0) (type:128 prio: data:ca000372)
Searching bootorder for: /rom@genroms/8xx_64.rom
Registering bootable: #28 ID00 LUN0 QEMU QEMU HARDDISK(type:129 
prio: data:cb003d4e)
Searching bootorder for: /rom@genroms/8xx_64.rom:rom1
Registering bootable: #28 ID01 LUN0 QEMU QEMU HARDDISK(type:129 
prio: data:cb003da2)
Searching bootorder for: /rom@genroms/8xx_64.rom:rom2
Registering bootable: #28 ID02 LUN0 QEMU QEMU HARDDISK(type:129 
prio: data:cb003df6)
Searching bootorder for: /rom@genroms/8xx_64.rom:rom3
Registering bootable: #28 ID03 LUN0 QEMU QEMU HARDDISK(type:129 
prio: data:cb003e4a)
Searching bootorder for: /rom@genroms/vapic.bin
Registering bootable: Legacy option rom (type:129 prio: data:cf03)
Searching bootorder for: /rom@genroms/pxe-pcnet.rom
Registering bootable: iPXE (PCI 00:00.0) (type:128 prio: data:d1800372)
Booting from DVD/CD...
Booting from :7c00

BTW: I didn't get any answer to the following thread:
https://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00602.html

Thnx.

Ciao,
Gerhard

Full relevant trace:
cat boot_cdrom.log | grep -v a= | grep -v si= | grep -v "enter handle" | grep -v "invalid handle" | grep -v "handle_" | grep -v 
"pmm_malloc" | grep -v "pmm_free" | grep -v "Read sector" | grep -v "ata_pio_transfer" | grep -v 
"send_atapi_cmd"
Start bios (version pre-1.6.4-20111228_082807-host)
enabling shadow ram
qemu_cfg_present=1
Find memory size
Add to e820 map:  1000 1
Add to e820 map:   1
Add to e820 map: fffc 0004 2
Add to e820 map: 000a 0005 -1
Add to e820 map: 000f 0001 2
Add to e820 map: feffc000 4000 2
Ram Size=0x1000 (0x high)
malloc setup
Add to e820 map: 0fff 0001 2
Relocating init from 0x000e31f0 to 0x0ffe1e60 (size 57468)
malloc fixup reloc
init ivt
init bda
Add to e820 map: 0009fc00 0400 2
init pic
init timer
tsc calibrate start=136992957 end=142144437 diff=5151480
CPU Mhz=3001
math cp init
init mtrr
pci setup
=== PCI bus & bridge init ===
PCI: pci_bios_init_bus_rec bus = 0x0
=== PCI device probing ===
PCI probe
PCI device 00:00.0 (vd=8086:1237 c=0600)
PCI device 00:01.0 (vd=8086:7000 c=0601)
PCI device 00:01.1 (vd=8086:7010 c=0101)
PCI device 00:01.3 (vd=8086:7113 c=0680)
PCI device 00:02.0 (vd=15ad:0405 c=0300)
PCI device 00:03.0 (vd=10ec:8139 c=0200)
PCI device 00:04.0 (vd=1022:2000 c=0200)
PCI device 00:05.0 (vd=1000:0012 c=0100)
Found 8 PCI devices (max PCI bus is 00)
=== PCI new allocation pass #1 ===
PCI: check devices
=== PCI new allocation pass #2 ===
PCI: init bases bus 0 (primary)
  type io max 100 sum 240 base c000
size  100: 2 bar(s), c000 -> c1ff
size   20: 1 bar(s), c200 -> c21f
size   10: 2 bar(s), c220 -> c23f
  type mem max 1 sum 25000 base febd
size1: 2 bar(s), febd -> febe
size 2000: 1 bar(s), febf -> febf1fff
size 1000: 3 bar(s), febf2000 -> febf4fff
  type prefmem max 100 sum 101 base fd00
size  100: 1 bar(s), fd00 -> fdff
size1: 1 bar(s), fe00 -> fe00
PCI: map device bdf=00:00.0
PCI: map device bdf=00:01.0
PCI: map device bdf=00:01.1
  bar 4, addr c220, size 10 [io]
PCI: map device bdf=00:01.3
PCI: map device bdf=00:02.0
  bar 0, addr c230, size 10 [io]
  bar 1, addr fd00, size 100 [prefmem]
  bar 2, addr fe00, size 1 [prefmem]
  bar 6, addr febd, size 1 [mem]
PCI: map device bdf=00:03.0
  bar 0, addr c000, size 100 [io]
  bar 1, addr febf2000, size 100 [mem]
  bar 6, addr febe, size 1 [mem]
PCI: map device bdf=00:04.0
  bar 0, addr c200, size 20 [io]
  bar 1, addr febf3000, size 20 [mem]
PCI: map device bdf=00:05.0
  bar 0, addr c100, size 100 [io]
  bar 1, addr febf4000, size 400 [mem]
  bar 2, addr febf, size 2000 [mem]
PCI: init bdf=00:00.0 id=8086:1237
PCI: init bdf=00:01.0 id=8086:7000
PCI: init bdf=00:01.1 id=8086:7010
PCI: init bdf=00:01.3 id=8086:7113
PCI: init bdf=00:02.0 id=15ad:0405
PCI: init bdf=00:03.0 id=10ec:8139
PCI: init bdf=00:04.0 id=1022:2000
PCI: init bdf=00:05.0 id=1000:0012
PIIX3/PIIX4 init: elcr=00 0c
init smm
Found 1

Re: [Qemu-devel] Boot order problem and disable iPXE/gPXE

[Kevin O'Connor]

On Wed, Jan 04, 2012 at 07:02:34PM +0100, Gerhard Wiesinger wrote:
> Hello,
> 
> I'm having the following boot order problem using an SCSI option ROM:
> 
> Command line:
> /root/download/qemu/git/qemu-kvm/x86_64-softmmu/qemu-system-x86_64
> -drive file=1.img,media=disk,if=scsi,bus=0,unit=0
> -drive file=2.img,media=disk,if=scsi,bus=0,unit=1
> -drive file=3.img,media=disk,if=scsi,bus=0,unit=2
> -drive file=4.img,media=disk,if=scsi,bus=0,unit=3
> -cdrom KNOPPIX_V6.2CD-2009-11-18-DE.iso
> -boot order=c -m 256 -k de -vga vmware -vnc :0
> -bios /root/download/seabios/git/seabios/out/bios.bin -option-rom
> BIOS/8xx_64.rom
> -net nic,model=rtl8139,macaddr=1a:46:0b:ca:bc:7c
> -net tap,ifname=tap0,script=no,downscript=no
> 
> Still boots the cdrom instead of harddisk. So it is impossible to
> have a bootable CDROM in the VM without booting from it.
> 
> Going into boot menu (-boot order=c,menu=on)and selecting HD works well.
> Any ideas to fix it?

There is a "bootindex" option that can be passed to the "-device"
parameter of QEMU.  This option give more fine grained control of boot
order.

However, the default should have been to boot from a harddrive first,
so I'm not sure why you see the cdrom first.  You could add the
following to the QEMU command line to see the seabios debugging info:
-chardev stdio,id=seabios -device isa-debugcon,iobase=0x402,chardev=seabios

-Kevin

[Qemu-devel] [Bug 893208] Re: qemu on ARM hosts can't boot i386 image

[Michael Hope]

** Changed in: qemu-linaro
 Assignee: Dr. David Alan Gilbert (davidgil-uk) => (unassigned)

** Changed in: qemu-linaro
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/893208

Title:
  qemu on ARM hosts can't boot i386 image

Status in QEMU:
  New
Status in Linaro QEMU:
  New

Bug description:
  If you apply some workarounds for bug 870990, bug 883133 and bug
  883136 QEMU still cannot boot the i386
  debian_squeeze_i386_standard.qcow2 image from
  http://people.debian.org/~aurel32/qemu/i386/ -- grub starts to boot
  but something causes the system to reset just before display of the
  blue-background grub menu, so we go round in a loop forever. This
  image boots OK on i386 hosted qemu so this indicates some kind of ARM-
  host specific bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/893208/+subscriptions

[Qemu-devel] [Bug 883136] Re: qemu on ARM hosts aborts on startup because makecontext() always fails

[Michael Hope]

Removing Dave as he's done most of the work but can't complete it.

** Changed in: qemu-linaro
   Importance: Undecided => Medium

** Changed in: qemu-linaro
 Assignee: Dr. David Alan Gilbert (davidgil-uk) => (unassigned)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/883136

Title:
  qemu on ARM hosts aborts on startup because makecontext() always fails

Status in QEMU:
  New
Status in Linaro QEMU:
  In Progress

Bug description:
  qemu has recently grown a coroutines implementation. There are two
  versions, one using the makecontext/setcontext/swapcontext functions
  from ucontext.h, and one falling back to implementing coroutines as
  separate glib threads. configure chooses the former if the platform
  has a makecontext().

  Unfortunately ARM eglibc provides a makecontext() which always fails
  ENOSYS, which means the configure check passes but when qemu starts it
  abort()s.

  The best fix for this is probably going to involve making the
  coroutine implementation runtime-selectable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/883136/+subscriptions

[Qemu-devel] [Bug 883133] Re: qemu on ARM hosts asserts due to code buffer/libc heap conflict

[Michael Hope]

** Changed in: qemu-linaro
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/883133

Title:
  qemu on ARM hosts asserts due to code buffer/libc heap conflict

Status in QEMU:
  Fix Committed
Status in Linaro QEMU:
  Fix Committed

Bug description:
  On ARM hosts qemu (about half the time) asserts on startup:

  qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top == 
(((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) -
  __builtin_offsetof (struct malloc_chunk, fd && old_size == 0) || 
((unsigned long) (old_size) >= (unsigned long)__builtin_offsetof (struct 
malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * 
(sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end 
& pagemask) == 0)' failed.

  This turns out to be because code_gen_alloc() is using mmap(MAP_FIXED)
  to map the code buffer at address 0x0100UL, which is in the area
  glibc happens to be using for its heap. This tends to make the next
  malloc() abort, although occasionally the stars align and we pass that
  and fail weirdly later on.

  I suspect we need to drop the MAP_FIXED requirement and fix the TCG code to 
cope with emitting code for longer-range
  branches for calls to host fns etc (calls/branches within the generated code 
should be ok to keep using the short-range
  branch insn I think). There is already no guarantee that the generated code 
and the host C code are within short
  branch range of each other...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/883133/+subscriptions

[Qemu-devel] [Bug 883136] Re: qemu on ARM hosts aborts on startup because makecontext() always fails

[Michael Hope]

** Changed in: qemu-linaro
   Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/883136

Title:
  qemu on ARM hosts aborts on startup because makecontext() always fails

Status in QEMU:
  New
Status in Linaro QEMU:
  In Progress

Bug description:
  qemu has recently grown a coroutines implementation. There are two
  versions, one using the makecontext/setcontext/swapcontext functions
  from ucontext.h, and one falling back to implementing coroutines as
  separate glib threads. configure chooses the former if the platform
  has a makecontext().

  Unfortunately ARM eglibc provides a makecontext() which always fails
  ENOSYS, which means the configure check passes but when qemu starts it
  abort()s.

  The best fix for this is probably going to involve making the
  coroutine implementation runtime-selectable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/883136/+subscriptions

Re: [Qemu-devel] [PATCH v8] arm: add dummy v7 cp15 registers

[Mark Langsdorf]

On 01/04/2012 06:22 PM, Peter Maydell wrote:
> On 5 January 2012 00:14, Mark Langsdorf  wrote:
>> Add dummy register support for the cp15, CRn=c15 registers and
>> for c1 SCR.
> 
> Can you drop the SCR code, please? This needs to be done properly
> as part of trustzone support, which is a different and rather larger
> kettle of fish.

I found out that the Highbank SoC model depends on the scr code
through four days of tedious debugging. Would it possible to keep
it in as a stub?

I'm still waiting on Kevin Wolf's review of the AHCI changes and
review of the last two patches from this series. I suppose I can
resubmit without scr and delay the SoC model for another while.

--Mark Langsdorf
Calxeda, Inc.

Re: [Qemu-devel] buildbot failure in qemu on default_ppc

[Alexander Graf]

On 05.01.2012, at 01:31, q...@buildbot.b1-systems.de wrote:

> The Buildbot has detected a new failure on builder default_ppc while building 
> qemu.
> Full details are available at:
> http://buildbot.b1-systems.de/qemu/builders/default_ppc/builds/265
> 
> Buildbot URL: http://buildbot.b1-systems.de/qemu/
> 
> Buildslave for this Build: qemu-ppc.opensuse.org
> 
> Build Reason: The Nightly scheduler named 'nightly_default' triggered this 
> build
> Build Source Stamp: [branch master] HEAD
> Blamelist: 
> 
> BUILD FAILED: failed compile

cc1: warnings being treated as errors
/home/build/qemu/default_ppc/build/target-ppc/kvm.c: In function 
'kvmppc_alloc_rma':
/home/build/qemu/default_ppc/build/target-ppc/kvm.c:825: error: passing 
argument 3 of 'memory_region_init_ram_ptr' makes integer from pointer without a 
cast
/home/build/qemu/default_ppc/build/target-ppc/kvm.c:825: error: passing 
argument 4 of 'memory_region_init_ram_ptr' makes pointer from integer without a 
cast
/home/build/qemu/default_ppc/build/target-ppc/kvm.c:825: error: too many 
arguments to function 'memory_region_init_ram_ptr'

824 rma_region = g_new(MemoryRegion, 1);
825 memory_region_init_ram_ptr(rma_region, NULL, name, size, rma);
826 memory_region_add_subregion(sysmem, 0, rma_region);


commit c5705a7728b4a6bc9e4f2d35911adbaf28042b25
Author: Avi Kivity 
Date:   Tue Dec 20 15:59:12 2011 +0200

vmstate, memory: decouple vmstate from memory API

Currently creating a memory region automatically registers it for
live migration.  This differs from other state (which is enumerated
in a VMStateDescription structure) and ties the live migration code
into the memory core.

Decouple the two by introducing a separate API, vmstate_register_ram(),
for registering a RAM block for migration.  Currently the same
implementation is reused, but later it can be moved into a separate list,
and registrations can be moved to VMStateDescription blocks.

Signed-off-by: Avi Kivity 

[...]
@@ -241,15 +237,11 @@ void memory_region_init_ram(MemoryRegion *mr,
  *  memory directly.
  *
  * @mr: the #MemoryRegion to be initialized.
- * @dev: a device associated with the region; may be %NULL.
- * @name: the name of the region; the pair (@dev, @name) must be globally
- *unique.  The name is part of the save/restore ABI and so cannot be
- *changed.
+ * @name: the name of the region.
  * @size: size of the region.
  * @ptr: memory to be mapped; must contain at least @size bytes.
  */
 void memory_region_init_ram_ptr(MemoryRegion *mr,
-DeviceState *dev, /* FIXME: layering violation 
*/
 const char *name,
 uint64_t size,
 void *ptr);

Avi, could you please grep through the code for potential users again and 
change all of them when you see them?

Alex 

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Peter Maydell]

On 5 January 2012 00:16, Anthony Liguori  wrote:
> On 01/04/2012 05:33 PM, Peter Maydell wrote:
>> A lot of the usage of target_phys_addr_t in hw/ is actually not
>> handling addresses at all, but merely offsets into device IO regions
>> (ie as parameters to device read/write functions)...
>
> Exactly, which is why using target_phys_addr_t (and subsequently building
> the device twice) doesn't make a lot of sense.

So should we have a hw_offset type for this? That would cut out a lot
of the noise and let us find out how much code in hw/ is actually
using physaddrs...

-- PMM

Re: [Qemu-devel] [PATCH v8] arm: add dummy v7 cp15 registers

[Peter Maydell]

On 5 January 2012 00:14, Mark Langsdorf  wrote:
> Add dummy register support for the cp15, CRn=c15 registers and
> for c1 SCR.

Can you drop the SCR code, please? This needs to be done properly
as part of trustzone support, which is a different and rather larger
kettle of fish.

-- PMM

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Anthony Liguori]

On 01/04/2012 05:33 PM, Peter Maydell wrote:

On 4 January 2012 22:09, Anthony Liguori  wrote:

target_phys_addr_t should exist IMHO in the device model code.


(I assume "should not" ?)


Yes, sorry.




  I think it
would be more useful to introduce a hw_addr, fix it at u64, make the device
model and memory API use that, and then make it so we didn't do the
silliness around libhw32/libhw64.


A lot of the usage of target_phys_addr_t in hw/ is actually not
handling addresses at all, but merely offsets into device IO regions
(ie as parameters to device read/write functions)...


Exactly, which is why using target_phys_addr_t (and subsequently building the 
device twice) doesn't make a lot of sense.


Regards,

Anthony Liguori



-- PMM

[Qemu-devel] [PATCH v8] arm: add dummy v7 cp15 registers

[Mark Langsdorf]

Add dummy register support for the cp15, CRn=c15 registers and
for c1 SCR.

config_base_register and power_control_register currently
default to 0, but may have improved support after the QOM
CPU patches are finished.

Signed-off-by: Mark Langsdorf 
---
Changes from v7
Formatted improved
c1_scr added
CPU_SAVE_VERSION increased
Changes from v6
Added the diagnostic registers
Added save/load support
Changes from v5
Added handling for all c15 registers
Changes from v3, v4
None
Changes from v2
Added test against op2 
Changes from v1
renamed the register
added comments about how it will change when QOM CPUs are added

 target-arm/cpu.h |7 +-
 target-arm/helper.c  |   57 ++
 target-arm/machine.c |8 +++
 3 files changed, 71 insertions(+), 1 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c4d742f..cfc2063 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -116,6 +116,7 @@ typedef struct CPUARMState {
 uint32_t c1_sys; /* System control register.  */
 uint32_t c1_coproc; /* Coprocessor access register.  */
 uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
+uint32_t c1_scr; /* secure config register.  */
 uint32_t c2_base0; /* MMU translation table base 0.  */
 uint32_t c2_base1; /* MMU translation table base 1.  */
 uint32_t c2_control; /* MMU translation table base control.  */
@@ -149,6 +150,10 @@ typedef struct CPUARMState {
 uint32_t c15_i_max; /* Maximum D-cache dirty line index.  */
 uint32_t c15_i_min; /* Minimum D-cache dirty line index.  */
 uint32_t c15_threadid; /* TI debugger thread-ID.  */
+uint32_t c15_config_base_address; /* SCU base address.  */
+uint32_t c15_diagnostic; /* diagnostic register */
+uint32_t c15_power_diagnostic;
+uint32_t c15_power_control; /* power control */
 } cp15;
 
 struct {
@@ -448,7 +453,7 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
 #define cpu_signal_handler cpu_arm_signal_handler
 #define cpu_list arm_cpu_list
 
-#define CPU_SAVE_VERSION 4
+#define CPU_SAVE_VERSION 5
 
 /* MMU modes definitions */
 #define MMU_MODE0_SUFFIX _kernel
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 65f4fbf..acefd37 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1412,6 +1412,11 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, 
uint32_t val)
 }
 goto bad_reg;
 case 1: /* System configuration.  */
+if (arm_feature(env, ARM_FEATURE_V7)
+&& op1 == 0 && crm == 1 && op2 == 0) {
+env->cp15.c1_scr = val;
+break;
+}
 if (arm_feature(env, ARM_FEATURE_OMAPCP))
 op2 = 0;
 switch (op2) {
@@ -1768,6 +1773,20 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, 
uint32_t val)
 goto bad_reg;
 }
 }
+if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+switch (crm) {
+case 0:
+if ((op1 == 0) && (op2 == 0)) {
+env->cp15.c15_power_control = val;
+} else if ((op1 == 0) && (op2 == 1)) {
+env->cp15.c15_diagnostic = val;
+} else if ((op1 == 0) && (op2 == 2)) {
+env->cp15.c15_power_diagnostic = val;
+}
+default:
+break;
+}
+}
 break;
 }
 return;
@@ -1866,6 +1885,10 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
 goto bad_reg;
 }
 case 1: /* System configuration.  */
+if (arm_feature(env, ARM_FEATURE_V7)
+&& op1 == 0 && crm == 1 && op2 == 0) {
+return env->cp15.c1_scr;
+}
 if (arm_feature(env, ARM_FEATURE_OMAPCP))
 op2 = 0;
 switch (op2) {
@@ -2111,6 +2134,40 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
  * 0x200 << ($rn & 0xfff), when MMU is off.  */
 goto bad_reg;
 }
+if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+switch (crm) {
+case 0:
+if ((op1 == 4) && (op2 == 0)) {
+/* The config_base_address should hold the value of
+ * the peripheral base. ARM should get this from a CPU
+ * object property, but that support isn't available in
+ * December 2011. Default to 0 for now and board models
+ * that care can set it by a private hook */
+return env->cp15.c15_config_base_address;
+} else if ((op1 == 0) && (op2 == 0)) {
+/* power_control should be set to maximum latency. Again,
+   default to 0 and set by private hook */
+return env->cp15.c1

[Qemu-devel] buildbot failure in qemu on default_ppc

[qemu]

The Buildbot has detected a new failure on builder default_ppc while building 
qemu.
Full details are available at:
 http://buildbot.b1-systems.de/qemu/builders/default_ppc/builds/265

Buildbot URL: http://buildbot.b1-systems.de/qemu/

Buildslave for this Build: qemu-ppc.opensuse.org

Build Reason: The Nightly scheduler named 'nightly_default' triggered this build
Build Source Stamp: [branch master] HEAD
Blamelist: 

BUILD FAILED: failed compile

sincerely,
 -The Buildbot

Re: [Qemu-devel] [PATCH v7] arm: add dummy v7 cp15 registers

[Peter Maydell]

On 4 January 2012 19:07, Mark Langsdorf  wrote:
> Add dummy register support for the cp15, CRn=c15 registers.
> config_base_register and power_control_register currently
> default to 0, but may have improved support after the QOM
> CPU patches are finished.
>
> Signed-off-by: Mark Langsdorf 
> ---
> Changes from v6
>        Added the diagnostic registers
>        Added save/load support
> Changes from v5
>        Added handling for all c15 registers
> Changes from v3, v4
>        None
> Changes from v2
>        Added test against op2
> Changes from v1
>        renamed the config_base_register
>        added comments about how it will change when QOM CPUs are added
>
>  target-arm/cpu.h     |    4 
>  target-arm/helper.c  |   48 
>  target-arm/machine.c |    7 +++
>  3 files changed, 59 insertions(+), 0 deletions(-)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index c4d742f..3bc90e6 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -149,6 +149,10 @@ typedef struct CPUARMState {
>         uint32_t c15_i_max; /* Maximum D-cache dirty line index.  */
>         uint32_t c15_i_min; /* Minimum D-cache dirty line index.  */
>         uint32_t c15_threadid; /* TI debugger thread-ID.  */
> +        uint32_t c15_config_base_address; /* SCU base address.  */
> +        uint32_t c15_diagnostic; /* diagnostic register */
> +        uint32_t c15_power_diagnostic;
> +        uint32_t c15_power_control; /* power control */
>     } cp15;
>
>     struct {
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 65f4fbf..62028e5 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -1768,6 +1768,20 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, 
> uint32_t val)
>                 goto bad_reg;
>             }
>         }
> +        if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
> +            switch (crm) {
> +            case 0:
> +                if ((op1 == 0) && (op2 == 0)) {
> +                    env->cp15.c15_power_control = val;
> +                } else if ((op1 == 0) && (op2 == 1)) {
> +                    env->cp15.c15_diagnostic = val;
> +                } else if ((op1 == 0) && (op2 == 2)) {
> +                    env->cp15.c15_power_diagnostic = val;
> +                }
> +            default:
> +                break;
> +            }
> +        }
>         break;
>     }
>     return;
> @@ -2111,6 +2125,40 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
>              * 0x200 << ($rn & 0xfff), when MMU is off.  */
>             goto bad_reg;
>         }
> +        if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
> +            switch (crm) {
> +            case 0:
> +                if ((op1 == 4) && (op2 == 0)) {
> +                /* The config_base_address should hold the value of

The indentation's wrong here and below (checkpatch complains).

> +                 * the peripheral base. ARM should get this from a CPU
> +                 * object property, but that support isn't available in
> +                 * December 2011. Default to 0 for now and board models
> +                 * that care can set it by a private hook */
> +                    return env->cp15.c15_config_base_address;
> +                } else if ((op1 == 0) && (op2 == 0)) {
> +                /* power_control should be set to maximum latency. Again,
> +                   default to 0 and set by private hook */
> +                    return env->cp15.c15_power_control;
> +                } else if ((op1 == 0) && (op2 == 1)) {
> +                    return env->cp15.c15_diagnostic;
> +                } else if ((op1 == 0) && (op2 == 2)) {
> +                    return env->cp15.c15_power_diagnostic;
> +                }
> +                break;
> +            case 1: /* NEON Busy */
> +                return 0;
> +            case 5: /* tlb lockdown */
> +            case 6:
> +            case 7:
> +                if ((op1 == 5) && (op2 == 2)) {
> +                    return 0;
> +                }
> +                break;
> +            default:
> +                break;
> +            }
> +            goto bad_reg;
> +        }
>         return 0;
>     }
>  bad_reg:
> diff --git a/target-arm/machine.c b/target-arm/machine.c
> index aaee9b9..7f25b0f 100644
> --- a/target-arm/machine.c
> +++ b/target-arm/machine.c
> @@ -56,6 +56,9 @@ void cpu_save(QEMUFile *f, void *opaque)
>     qemu_put_be32(f, env->cp15.c13_tls2);
>     qemu_put_be32(f, env->cp15.c13_tls3);
>     qemu_put_be32(f, env->cp15.c15_cpar);
> +    qemu_put_be32(f, env->cp15.c15_power_control);
> +    qemu_put_be32(f, env->cp15.c15_diagnostic);
> +    qemu_put_be32(f, env->cp15.c15_power_diagnostic);
>
>     qemu_put_be32(f, env->features);
>
> @@ -170,6 +173,10 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
>     env->cp15.c13_tls2 = qemu_get_be32(f);
>     env->cp15.c13_tls3 = qemu_get_be32(f);
>     env->cp15.c15_cpar = qemu_get_be32(f);
> +    

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Peter Maydell]

On 4 January 2012 22:09, Anthony Liguori  wrote:
> target_phys_addr_t should exist IMHO in the device model code.

(I assume "should not" ?)

> I think it
> would be more useful to introduce a hw_addr, fix it at u64, make the device
> model and memory API use that, and then make it so we didn't do the
> silliness around libhw32/libhw64.

A lot of the usage of target_phys_addr_t in hw/ is actually not
handling addresses at all, but merely offsets into device IO regions
(ie as parameters to device read/write functions)...

-- PMM

Re: [Qemu-devel] bad USB tablet update rate on qemu-1.0

[Erik Rull]

Erik Rull wrote:

Anthony Liguori wrote:

On 12/19/2011 03:33 PM, Erik Rull wrote:

Hi all,

coming from qemu 0.14 the usbdevice tablet update rate gets really bad in
qemu-1.0 with the same guest.


What's the specific guest?

Regards,

Anthony Liguori



It's a Windows XP guest. It was fine in 0.14

Thanks.

Best regards,

Erik



Any progress here? I tested it on another CPU board there it was worse - 
only 1-2 cursor updates per second :-(

I tried to use the wacom-tablet but didn't find a driver that works.

Best regards,

Erik

Re: [Qemu-devel] [PATCH v5 9/9] Add XBRLE statistics information

[Michael Roth]

On 01/03/2012 09:34 AM, Orit Wasserman wrote:

Signed-off-by: Orit Wasserman
---
  arch_init.c |   67 +++
  migration.c |   11 +
  migration.h |9 
  3 files changed, 87 insertions(+), 0 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 6b839a1..037d8ba 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -149,6 +149,65 @@ void arch_set_params(int blk_enable, int shared_base, int 
use_xbrle,
  }

  /***/
+/* accounting */
+typedef struct AccountingInfo {
+uint64_t dup_pages;
+uint64_t norm_pages;
+uint64_t xbrle_bytes;
+uint64_t xbrle_pages;
+uint64_t xbrle_overflow;
+uint64_t xbrle_cache_miss;
+uint64_t iterations;
+} AccountingInfo;
+
+static AccountingInfo acct_info;
+
+static void acct_clear(void)
+{
+bzero(&acct_info, sizeof(acct_info));
+}
+
+uint64_t dup_mig_bytes_transferred(void)
+{
+return acct_info.dup_pages;


* TARGET_PAGE_SIZE ?


+}
+
+uint64_t dup_mig_pages_transferred(void)
+{
+return acct_info.dup_pages;
+}
+
+uint64_t norm_mig_bytes_transferred(void)
+{
+return acct_info.norm_pages * TARGET_PAGE_SIZE;
+}
+
+uint64_t norm_mig_pages_transferred(void)
+{
+return acct_info.norm_pages;
+}
+
+uint64_t xbrle_mig_bytes_transferred(void)
+{
+return acct_info.xbrle_bytes;
+}
+
+uint64_t xbrle_mig_pages_transferred(void)
+{
+return acct_info.xbrle_pages;
+}
+
+uint64_t xbrle_mig_pages_overflow(void)
+{
+return acct_info.xbrle_overflow;
+}
+
+uint64_t xbrle_mig_pages_cache_miss(void)
+{
+return acct_info.xbrle_cache_miss;
+}
+
+/***/
  /* XBRLE (Xor Based Run-Length Encoding) */
  typedef struct XBRLEHeader {
  uint8_t xh_flags;
@@ -376,6 +435,7 @@ static int save_xbrle_page(QEMUFile *f, uint8_t 
*current_data,
  /* get location */
  slot = cache_is_cached(current_addr);
  if (slot == -1) {
+acct_info.xbrle_cache_miss++;
  goto done;
  }
  cache_location = cache_get_cache_pos(current_addr);
@@ -394,6 +454,7 @@ static int save_xbrle_page(QEMUFile *f, uint8_t 
*current_data,

  if (encoded_len<  0) {
  DPRINTF("XBRLE encoding oeverflow - sending uncompressed\n");


*overflow


+acct_info.xbrle_overflow++;
  goto done;
  }

@@ -404,7 +465,9 @@ static int save_xbrle_page(QEMUFile *f, uint8_t 
*current_data,
  save_block_hdr(f, block, offset, cont, RAM_SAVE_FLAG_XBRLE);
  qemu_put_buffer(f, (uint8_t *)&hdr, sizeof(hdr));
  qemu_put_buffer(f, xbrle_buf, encoded_len);
+acct_info.xbrle_pages++;
  bytes_sent = encoded_len + sizeof(hdr);
+acct_info.xbrle_bytes += bytes_sent;

  done:
  g_free(xor_buf);
@@ -457,6 +520,7 @@ static int ram_save_block(QEMUFile *f, int stage)
  save_block_hdr(f, block, offset, cont, 
RAM_SAVE_FLAG_COMPRESS);
  qemu_put_byte(f, *p);
  bytes_sent = 1;
+acct_info.dup_pages++;
  } else if (stage == 2&&  arch_mig_state.use_xbrle) {
  bytes_sent = save_xbrle_page(f, p, current_addr, block,
  offset, cont);
@@ -465,6 +529,7 @@ static int ram_save_block(QEMUFile *f, int stage)
  save_block_hdr(f, block, offset, cont, RAM_SAVE_FLAG_PAGE);
   qemu_put_buffer(f, p, TARGET_PAGE_SIZE);
   bytes_sent = TARGET_PAGE_SIZE;
+ acct_info.norm_pages++;
  }
  if (arch_mig_state.use_xbrle) {
  cache_insert(current_addr, p);
@@ -596,6 +661,7 @@ int ram_save_live(Monitor *mon, QEMUFile *f, int stage, 
void *opaque)

  if (arch_mig_state.use_xbrle) {
  cache_init(arch_mig_state.xbrle_cache_size);
+acct_clear();
  }

  /* Make sure all dirty bits are set */
@@ -629,6 +695,7 @@ int ram_save_live(Monitor *mon, QEMUFile *f, int stage, 
void *opaque)

  bytes_sent = ram_save_block(f, stage);
  bytes_transferred += bytes_sent;
+acct_info.iterations++;
  if (bytes_sent == 0) { /* no more blocks */
  break;
  }
diff --git a/migration.c b/migration.c
index 3d88cdd..383ceef 100644
--- a/migration.c
+++ b/migration.c
@@ -141,6 +141,17 @@ MigrationInfo *qmp_query_migrate(Error **errp)
  info->disk->remaining = blk_mig_bytes_remaining();
  info->disk->total = blk_mig_bytes_total();
  }
+
+   if (s->use_xbrle) {
+info->has_xbrle = true;
+info->cache = g_malloc0(sizeof(*info->cache));
+info->cache->dup_pages = dup_mig_pages_transferred();
+info->cache->norm_pages = norm_mig_pages_transferred();
+info->cache->xbrle_bytes  = xbrle_mig_bytes_transferred();
+info->cache->xbrle_pages  = xbrle_mig_pages_transferred();
+info->cache->xbrle_overflow = xbr

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Stefan Hajnoczi]

On Wed, Jan 4, 2012 at 6:03 PM, Eric Blake  wrote:
> On 01/04/2012 10:47 AM, Marcelo Tosatti wrote:
>>>> +/*
>>>> + * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
>>>> + *
>>>
>>> How hard would it be to go one step further, and provide a monitor
>>> command where qemu could dump the state of BASE, INTER1, or INTER2
>>> without removing it from the image chain?  Libvirt would really like to
>>> be able to have a command where the user can request to inspect to see
>>> the contents of (a portion of) the disk at the time the snapshot was
>>> created, all while qemu continues to run and the TOP file continues to
>>> be adding deltas to that portion of the disk.
>>
>> What exactly do you mean "dump the state of"? You want access to
>> the contents of INTER2, INTER1, BASE, via libguestfs?
>
> I want access via the qemu monitor (which can then be used by libvirt,
> libguestfs, and others, to do whatever further management operations on
> that snapshot as desired).
>
>>
>>> For that matter, I'm still missing out on the ability to extract the
>>> contents of a qcow2 internal snapshot from an image that is in use by
>>> qemu - we have the ability to delete internal snapshots but not to probe
>>> their contents.
>>
>> Same question (although i am not familiar with internal snapshots).
>
> With external snapshots, I know that once the external snapshot TOP is
> created, then qemu is treating INTER2 as read-only; therefore, I can
> then use qemu-img in parallel on INTER2 to probe the contents of the
> snapshot; therefore, in libvirt, it would be possible for me to create a
> raw image corresponding to the qcow2 contents of INTER2, or to create a
> cloned qcow2 image corresponding to the raw contents of BASE, all while
> TOP continues to be modified.
>
> But with internal snapshots, both the snapshot and the current disk
> state reside in the same qcow2 file, which is under current use by qemu,
> and therefore, qemu-img cannot be safely used on that file.  The only
> way I know of to extract the contents of that internal snapshot is via
> qemu itself, but qemu does not currently expose that.  I envision
> something similar to the memsave and pmemsave monitor commands, which
> copy a (portion) of the guest's memory into a file (although copying
> into an already-open fd passed via SCM_RIGHTS would be nicer than
> requiring a file name, as is the current case with memsave).
>
> And once we get qemu to expose the contents of an internal snapshot,
> that same monitor command seems like it would be useful for exposing the
> contents of an external snapshot such as INTER2 or BASE, rather than
> having to use qemu-img in parallel on the external file.

The qcow2 implementation never accesses snapshots directly.  Instead
there's the concept of the current L1 table, which means there is a
single global state of the disk.  Snapshots are immutable and are
never accessed directly, only copied into the current L1 table.  The
single global state makes it a little tricky to access a snapshot
while the VM is running.

That said, the file format itself doesn't prevent an implementation
from supporting read-only access to snapshots.  In theory we can
extend the qcow2 implementation to support this behavior.

What you want sounds almost like an NBD server that can be
launched/stopped while qemu is already running a VM.  This could be a
QEMU monitor command like:
nbd-start tcp::1234 virtio-disk0 --snapshot 20120104

It would be possible to stop the server using the same  tuple.  Note the server needs to provide read-only access,
allowing writes probably has little use and people will hose their
data.

Paolo: I haven't looked at the new and improved NBD server yet.  Does
this sound doable?

Kevin: I think we need something like qcow2_snapshot_load_tmp() but it
returns a full new BlockDriverState.  The hard thing is that duping a
read-only snapshot qcow2 state leads to sharing and lifecycle problems
- what if we want to close the original BlockDriverState, will the
read-only snapshot state prevent this?

Stefan

[Qemu-devel] [PATCH v2 1/3] qerror: add check-qerror.sh to verify alphabetical order

[Stefan Hajnoczi]

We're supposed to keep qerror definitions and table entries in
alphabetical order.  In practice this is not checked.

I haven't found a nice way to integrate this into the makefile yet but
we can at least have this script which verifies that qerrors are in
alphabetical order.

Signed-off-by: Stefan Hajnoczi 
---
 qerror.c|3 +--
 qerror.h|2 +-
 scripts/check-qerror.sh |   22 ++
 3 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100755 scripts/check-qerror.sh

diff --git a/qerror.c b/qerror.c
index 9a75d06..62c0c707 100644
--- a/qerror.c
+++ b/qerror.c
@@ -40,8 +40,7 @@ static const QType qerror_type = {
  * "running out of foo: %(foo)%%"
  *
  * Please keep the entries in alphabetical order.
- * Use "sed -n '/^static.*qerror_table\[\]/,/^};/s/QERR_/&/gp' qerror.c | sort 
-c"
- * to check.
+ * Use scripts/check-qerror.sh to check.
  */
 static const QErrorStringTable qerror_table[] = {
 {
diff --git a/qerror.h b/qerror.h
index efda232..36e0343 100644
--- a/qerror.h
+++ b/qerror.h
@@ -49,7 +49,7 @@ QError *qobject_to_qerror(const QObject *obj);
 /*
  * QError class list
  * Please keep the definitions in alphabetical order.
- * Use "grep '^#define QERR_' qerror.h | sort -c" to check.
+ * Use scripts/check-qerror.sh to check.
  */
 #define QERR_BAD_BUS_FOR_DEVICE \
 "{ 'class': 'BadBusForDevice', 'data': { 'device': %s, 'bad_bus_type': %s 
} }"
diff --git a/scripts/check-qerror.sh b/scripts/check-qerror.sh
new file mode 100755
index 000..af7fbd5
--- /dev/null
+++ b/scripts/check-qerror.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# This script verifies that qerror definitions and table entries are
+# alphabetically ordered.
+
+check_order() {
+  errmsg=$1
+  shift
+
+  # sort -C verifies order but does not print a message.  sort -c does print a
+  # message.  These options are both in POSIX.
+  if ! "$@" | sort -C; then
+echo "$errmsg"
+"$@" | sort -c
+exit 1
+  fi
+  return 0
+}
+
+check_order 'Definitions in qerror.h must be in alphabetical order:' \
+grep '^#define QERR_' qerror.h
+check_order 'Entries in qerror.c:qerror_table must be in alphabetical order:' \
+sed -n '/^static.*qerror_table\[\]/,/^};/s/QERR_/&/gp' qerror.c
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 3/3] block: use proper qerrors in qmp_block_resize

[Stefan Hajnoczi]

Let's report specific errors so that management tools and users can
identify the problem.

Two new qerrors are needed:
 * QERR_DEVICE_HAS_NO_MEDIUM for ENOMEDIUM
 * QERR_DEVICE_IS_READ_ONLY for EACCES

Signed-off-by: Stefan Hajnoczi 
---
 blockdev.c   |   26 ++
 qapi-schema.json |7 +--
 qerror.c |8 
 qerror.h |6 ++
 4 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index c832782..8c2c8cc 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -841,11 +841,6 @@ int do_drive_del(Monitor *mon, const QDict *qdict, QObject 
**ret_data)
 return 0;
 }
 
-/*
- * XXX: replace the QERR_UNDEFINED_ERROR errors with real values once the
- * existing QERR_ macro mess is cleaned up.  A good example for better
- * error reports can be found in the qemu-img resize code.
- */
 void qmp_block_resize(const char *device, int64_t size, Error **errp)
 {
 BlockDriverState *bs;
@@ -857,12 +852,27 @@ void qmp_block_resize(const char *device, int64_t size, 
Error **errp)
 }
 
 if (size < 0) {
-error_set(errp, QERR_UNDEFINED_ERROR);
+error_set(errp, QERR_INVALID_PARAMETER_VALUE, "size", "a >0 size");
 return;
 }
 
-if (bdrv_truncate(bs, size)) {
+switch (bdrv_truncate(bs, size)) {
+case 0:
+break;
+case -ENOMEDIUM:
+error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
+break;
+case -ENOTSUP:
+error_set(errp, QERR_UNSUPPORTED);
+break;
+case -EACCES:
+error_set(errp, QERR_DEVICE_IS_READ_ONLY, device);
+break;
+case -EBUSY:
+error_set(errp, QERR_DEVICE_IN_USE, device);
+break;
+default:
 error_set(errp, QERR_UNDEFINED_ERROR);
-return;
+break;
 }
 }
diff --git a/qapi-schema.json b/qapi-schema.json
index 44cf764..a8b1232 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1064,8 +1064,11 @@
 #
 # Returns: nothing on success
 #  If @device is not a valid block device, DeviceNotFound
-#
-# Notes: This command returns UndefinedError in a number of error conditions.
+#  If @size is negative, InvalidParameterValue
+#  If the block device has no medium inserted, DeviceHasNoMedium
+#  If the block device does not support resize, Unsupported
+#  If the block device is read-only, DeviceIsReadOnly
+#  If a long-running operation is using the device, DeviceInUse
 #
 # Since: 0.14.0
 ##
diff --git a/qerror.c b/qerror.c
index 2979b3e..3d95383 100644
--- a/qerror.c
+++ b/qerror.c
@@ -80,6 +80,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Migration is disabled when using feature '%(feature)' in 
device '%(device)'",
 },
 {
+.error_fmt = QERR_DEVICE_HAS_NO_MEDIUM,
+.desc  = "Device '%(device)' has no medium",
+},
+{
 .error_fmt = QERR_DEVICE_INIT_FAILED,
 .desc  = "Device '%(device)' could not be initialized",
 },
@@ -88,6 +92,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Device '%(device)' is in use",
 },
 {
+.error_fmt = QERR_DEVICE_IS_READ_ONLY,
+.desc  = "Device '%(device)' is read only",
+},
+{
 .error_fmt = QERR_DEVICE_LOCKED,
 .desc  = "Device '%(device)' is locked",
 },
diff --git a/qerror.h b/qerror.h
index c34674e..947dadc 100644
--- a/qerror.h
+++ b/qerror.h
@@ -81,12 +81,18 @@ QError *qobject_to_qerror(const QObject *obj);
 #define QERR_DEVICE_FEATURE_BLOCKS_MIGRATION \
 "{ 'class': 'DeviceFeatureBlocksMigration', 'data': { 'device': %s, 
'feature': %s } }"
 
+#define QERR_DEVICE_HAS_NO_MEDIUM \
+"{ 'class': 'DeviceHasNoMedium', 'data': { 'device': %s } }"
+
 #define QERR_DEVICE_INIT_FAILED \
 "{ 'class': 'DeviceInitFailed', 'data': { 'device': %s } }"
 
 #define QERR_DEVICE_IN_USE \
 "{ 'class': 'DeviceInUse', 'data': { 'device': %s } }"
 
+#define QERR_DEVICE_IS_READ_ONLY \
+"{ 'class': 'DeviceIsReadOnly', 'data': { 'device': %s } }"
+
 #define QERR_DEVICE_LOCKED \
 "{ 'class': 'DeviceLocked', 'data': { 'device': %s } }"
 
-- 
1.7.7.3

Re: [Qemu-devel] [PATCH 3/3] block: use proper qerrors in qmp_block_resize

[Stefan Hajnoczi]

On Wed, Jan 4, 2012 at 7:59 PM, Luiz Capitulino  wrote:
> On Wed,  4 Jan 2012 17:38:23 +
> Stefan Hajnoczi  wrote:
>
>> Let's report specific errors so that management tools and users can
>> identify the problem.
>>
>> Two new qerrors are needed:
>>  * QERR_DEVICE_HAS_NO_MEDIUM for ENOMEDIUM
>>  * QERR_DEVICE_IS_READ_ONLY for EACCES
>
> Great series, the number of complaints about generic errors have increased
> lately. It's to fix this.
>
> There's a missing bit though, would you mind to update the block_resize's
> command documentation in the schema?

Sure, fixed in v2.

Re: [Qemu-devel] [PATCH v5 1/9] Add cache handling functions

[Michael Roth]

On 01/04/2012 03:29 AM, Orit Wasserman wrote:

On 01/03/2012 09:54 PM, Anthony Liguori wrote:

On 01/03/2012 09:34 AM, Orit Wasserman wrote:

Add page caching mechanism.
The pages are stored in the cache ordered by their address.

Signed-off-by: Orit Wasserman
---
   arch_init.c |  183 
+++
   1 files changed, 183 insertions(+), 0 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index d4c92b0..fdda277 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -28,6 +28,7 @@
   #include
   #include
   #endif
+#include
   #include "config.h"
   #include "monitor.h"
   #include "sysemu.h"
@@ -42,6 +43,14 @@
   #include "gdbstub.h"
   #include "hw/smbios.h"

+#ifdef DEBUG_ARCH_INIT
+#define DPRINTF(fmt, ...) \
+do { fprintf(stdout, "arch_init: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+do { } while (0)
+#endif
+
   #ifdef TARGET_SPARC
   int graphic_width = 1024;
   int graphic_height = 768;
@@ -94,6 +103,180 @@ const uint32_t arch_type = QEMU_ARCH;
   #define RAM_SAVE_FLAG_EOS  0x10
   #define RAM_SAVE_FLAG_CONTINUE 0x20

+/***/
+/* Page cache for storing previous pages as basis for XBRLE compression */
+#define CACHE_N_WAY 2 /* 2-way assossiative cache */


Is there any reason we can't just use a GCache for this?

http://developer.gnome.org/glib/stable/glib-Caches.html

I'm not familiar with I will check.
Is it 2-way associative cache ?


Not quite...it's a very loose wrapper around GHashTable, which appears 
to be fully associative in nature. It also doesn't seem to allow you to 
do a lookup without destroying the table entry =\ (unless you do 
something hacky like an extra insert beforehand to jack up the 
refcount). If you go this route you're probably better off looking at 
GHashTable directly.




Orit


Regards,

Anthony Liguori

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Anthony Liguori]

On 01/04/2012 01:50 PM, Peter Maydell wrote:

On 4 January 2012 19:32, Avi Kivity  wrote:

The name 'Phys' conveys exactly the same information as 'target_phys_addr_t':

  - it has to be a physical address (no such thing as physical data)
  - it has to be a target address (qemu doesn't do host physical addresses)
  - the fact that it's a type is implied by the naming convention

As it's 4 characters vs. 18, and C standard compliant to boot, Phys is a
clear winner.  Rename all instances of target_phys_addr_t to the new name.
All hail Phys!

  323 files changed, 1959 insertions(+), 1959 deletions(-)


Seems like gratuitous churn to me...


Agreed.  I don't really like using CamelCase for scalar values either.

target_phys_addr_t should exist IMHO in the device model code.  I think it would 
be more useful to introduce a hw_addr, fix it at u64, make the device model and 
memory API use that, and then make it so we didn't do the silliness around 
libhw32/libhw64.


I think the only reason we don't fix target_phys_addr_t at u64 is because of 
sensitivity around the TLB softmmu, right?  A hw_addr for hw/*.c should be a 
reasonable compromise.


Making the build faster (by killing libhw32/libhw64) would be a good 
justification for this type of change IMHO.


Regards,

Anthony Liguori



-- PMM

Re: [Qemu-devel] [PATCH 0/3] qerror: proper errors for qmp_block_resize()

[Stefan Hajnoczi]

On Wed, Jan 4, 2012 at 8:01 PM, Luiz Capitulino  wrote:
> On Wed,  4 Jan 2012 17:38:20 +
> Stefan Hajnoczi  wrote:
>
>> The block resize command returns undefined errors if things go wrong.  This 
>> is
>> bad since users will have no chance to understand what failed.
>
> Oops, this introduces a segfault try "block_resize ide1-cd0 100" in the 
> monitor
> and you'll see it.

Typo in the QERR_DEVICE_HAS_NO_MEDIUM JSON string format broke this.
Will fix in v2.

Thanks for discovering it!

Stefan

Re: [Qemu-devel] [PATCH v5 6/9] Add xbrle parameters to MigrationState

[Michael Roth]

On 01/03/2012 09:34 AM, Orit Wasserman wrote:

Signed-off-by: Orit Wasserman
---
  block-migration.c |4 +++-
  hw/hw.h   |4 +++-
  migration.c   |   15 +--
  migration.h   |3 +++
  savevm.c  |   11 +++
  sysemu.h  |4 +++-
  6 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/block-migration.c b/block-migration.c
index 2b7edbc..60f2d62 100644
--- a/block-migration.c
+++ b/block-migration.c
@@ -706,7 +706,9 @@ static int block_load(QEMUFile *f, void *opaque, int 
version_id)
  return 0;
  }

-static void block_set_params(int blk_enable, int shared_base, void *opaque)
+static void block_set_params(int blk_enable, int shared_base,
+ int use_xbrle, int64_t xbrle_cache_size,
+ void *opaque)
  {
  block_mig_state.blk_enable = blk_enable;
  block_mig_state.shared_base = shared_base;
diff --git a/hw/hw.h b/hw/hw.h
index efa04d1..ab0b92c 100644
--- a/hw/hw.h
+++ b/hw/hw.h
@@ -245,7 +245,9 @@ static inline void qemu_get_sbe64s(QEMUFile *f, int64_t *pv)
  int64_t qemu_ftell(QEMUFile *f);
  int64_t qemu_fseek(QEMUFile *f, int64_t pos, int whence);

-typedef void SaveSetParamsHandler(int blk_enable, int shared, void * opaque);
+typedef void SaveSetParamsHandler(int blk_enable, int shared,
+  int use_xbrle, int64_t xbrle_cache_size,
+  void *opaque);


This is probably gonna keep changing...xbrle, post-copy, alternative 
migration protocols...


Maybe you could just pull in 15/21 from Isaku's postcopy series and add 
the fields there?



  typedef void SaveStateHandler(QEMUFile *f, void *opaque);
  typedef int SaveLiveStateHandler(Monitor *mon, QEMUFile *f, int stage,
   void *opaque);
diff --git a/migration.c b/migration.c
index 412fdfe..ed47958 100644
--- a/migration.c
+++ b/migration.c
@@ -41,6 +41,11 @@ enum {

  #define MAX_THROTTLE  (32<<  20)  /* Migration speed throttling */

+/* Migration XBRLE cache size */
+#define DEFAULT_MIGRATE_CACHE_SIZE (64 * 1024 * 1024)
+
+static int64_t migrate_cache_size = DEFAULT_MIGRATE_CACHE_SIZE;
+
  static NotifierList migration_state_notifiers =
  NOTIFIER_LIST_INITIALIZER(migration_state_notifiers);

@@ -365,7 +370,8 @@ void migrate_fd_connect(MigrationState *s)
migrate_fd_close);

  DPRINTF("beginning savevm\n");
-ret = qemu_savevm_state_begin(s->mon, s->file, s->blk, s->shared);
+ret = qemu_savevm_state_begin(s->mon, s->file, s->blk, s->shared,
+  s->use_xbrle, s->xbrle_cache_size);
  if (ret<  0) {
  DPRINTF("failed, %d\n", ret);
  migrate_fd_error(s);
@@ -375,6 +381,8 @@ void migrate_fd_connect(MigrationState *s)
  }

  static MigrationState *migrate_init(Monitor *mon, int detach, int blk, int 
inc)
+static MigrationState *migrate_init(Monitor *mon, int detach, int blk, int inc,
+int use_xbrle, int64_t xbrle_cache_size)
  {
  MigrationState *s = migrate_get_current();
  int64_t bandwidth_limit = s->bandwidth_limit;
@@ -383,6 +391,8 @@ static MigrationState *migrate_init(Monitor *mon, int 
detach, int blk, int inc)
  s->bandwidth_limit = bandwidth_limit;
  s->blk = blk;
  s->shared = inc;
+s->use_xbrle = use_xbrle;
+s->xbrle_cache_size = xbrle_cache_size;

  /* s->mon is used for two things:
 - pass fd in fd migration
@@ -418,6 +428,7 @@ int do_migrate(Monitor *mon, const QDict *qdict, QObject 
**ret_data)
  int detach = qdict_get_try_bool(qdict, "detach", 0);
  int blk = qdict_get_try_bool(qdict, "blk", 0);
  int inc = qdict_get_try_bool(qdict, "inc", 0);
+int use_xbrle = qdict_get_try_bool(qdict, "xbrle", 0);
  const char *uri = qdict_get_str(qdict, "uri");
  int ret;

@@ -436,7 +447,7 @@ int do_migrate(Monitor *mon, const QDict *qdict, QObject 
**ret_data)
  return -1;
  }

-s = migrate_init(mon, detach, blk, inc);
+s = migrate_init(mon, detach, blk, inc, use_xbrle, migrate_cache_size);

  if (strstart(uri, "tcp:",&p)) {
  ret = tcp_start_outgoing_migration(s, p);
diff --git a/migration.h b/migration.h
index 372b066..592af6a 100644
--- a/migration.h
+++ b/migration.h
@@ -34,6 +34,9 @@ struct MigrationState
  void *opaque;
  int blk;
  int shared;
+int use_xbrle;
+int64_t xbrle_cache_size;
+
  };

  void process_incoming_migration(QEMUFile *f);
diff --git a/savevm.c b/savevm.c
index f153c25..3650f56 100644
--- a/savevm.c
+++ b/savevm.c
@@ -1277,7 +1277,8 @@ int register_savevm(DeviceState *dev,
  void *opaque)
  {
  return register_savevm_live(dev, idstr, instance_id, version_id,
-NULL, NULL, save_state, load_state, opaque);
+arch_set_params, NULL, save_state,
+  

Re: [Qemu-devel] [PATCH v5 4/9] Add host_from_stream_offset_versioned function

[Michael Roth]

On 01/04/2012 06:00 AM, Stefan Hajnoczi wrote:

On Tue, Jan 3, 2012 at 3:34 PM, Orit Wasserman  wrote:

+static inline void *host_from_stream_offset_versioned(int version_id,
+QEMUFile *f, ram_addr_t offset, int flags)
+{
+void *host;
+if (version_id == 3) {
+host = qemu_get_ram_ptr(offset);
+} else {
+host = host_from_stream_offset(f, offset, flags);
+}
+if (!host) {
+fprintf(stderr, "Failed to convert RAM address to host"
+" for offset 0x%lX!\n", offset);
+abort();
+}


Please use RAM_ADDR_FMT instead of %lX.

Aborting isn't ideal but I guess there is nothing else we can do at this point.



Currently we we return -EINVAL to qemu_loadvm_state() when !host, which 
prints potentially useful warnings and exits gracefully for migration, 
and for savevm we print the warnings and fire up the main_loop with 
vcpus paused...


Not sure what the rationale is for the latter, but it may have some 
utility (debugging maybe?).


In any case, since the error paths are covered in some fashion I don't 
think we should resort to aborting here, maybe just print the warnings 
and check for NULL return in the callers as before.



Stefan

Re: [Qemu-devel] [PATCH 2/2] qemu-ga: Add the guest-suspend command

[Eric Blake]

On 01/04/2012 12:45 PM, Luiz Capitulino wrote:
> +if (pid == 0) {
> +/* child */
> +int fd;
> +
> +setsid();
> +fclose(stdin);
> +fclose(stdout);
> +fclose(stderr);
> +
> +execlp(pmutils_bin, pmutils_bin, NULL);

It's generally a bad idea to exec a child process without fd 0, 1, and 2
open on something, even if that something is /dev/null.  POSIX says that
the system may, but not must, reopen fds on your behalf, and that the
child without open std descriptors is then executing in a non-conforming
environment and may misbehave in unexpected manners.

> +
> +/* 
> + * The exec call should not return, if it does something went wrong.
> + * In this case we try to suspend manually if 'mode' is 'hibernate'
> + */
> +slog("could not execute %s: %s\n", pmutils_bin, strerror(errno));
> +slog("trying to suspend using the manual method...\n");
> +
> +fd = open(LINUX_SYS_STATE_FILE, O_WRONLY);

Worse, since you _just_ closed stdin above, fd here will most likely be
0, but a O_WRONLY stdin is asking for problems.

> +if (fd < 0) {
> +slog("can't open file %s: %s\n", LINUX_SYS_STATE_FILE,
> +strerror(errno));

Also, I have no idea where slog() writes to, but since you closed
stderr, if slog() is trying to use stderr, your error messages would be
invisible.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 502107] Re: qemu-kvm 0.12.1.2 crashes booting Ubuntu 9.10 with "-vga std"

[Michael Tokarev]

see also http://bugs.debian.org/616487 and http://bugs.debian.org/653068
- it appears this prob happens with grub with qxl (spice) and vmware
"adaptors"

** Bug watch added: Debian Bug tracker #616487
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616487

** Bug watch added: Debian Bug tracker #653068
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653068

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/502107

Title:
  qemu-kvm 0.12.1.2 crashes booting Ubuntu 9.10 with "-vga std"

Status in QEMU:
  Confirmed

Bug description:
  I have an Ubuntu VM that works fine without "-vga std" but crashes if
  I add "-vga std".  This is the full command line:

  qemu-system-x86_64 -vga std -drive
  cache=writeback,index=0,media=disk,file=ubuntu.img -k en-us -m 2048 -smp 2 
-vnc
  :3102 -usbdevice tablet -enable-kvm &

  I get this error:

   KVM internal error. Suberror: 1
  rax 7f789177e000 rbx  rcx  rdx
  
  rsi  rdi 7f789177e000 rsp 7fff361775e8 rbp
  7fff36177600
  r8  ff80 r9  0020 r10  r11
  7f789100a3f0
  r12 004017c0 r13 7fff36178cf0 r14  r15
  
  rip 7f789100aa7b rflags 00013206
  cs 0033 (/ p 1 dpl 3 db 0 s 1 type b l 1 g 1 avl 0)
  ds  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  es  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  ss 002b (/ p 1 dpl 3 db 1 s 1 type 3 l 0 g 1 avl 0)
  fs  (7f78917906f0/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gs  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  tr 0040 (880001a09440/2087 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
  ldt  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gdt 8800019fa000/7f
  idt 818fd000/fff
  cr0 80050033 cr2 2408000 cr3 379d4000 cr4 6f0 cr8 0 efer d01
  emulation failure, check dmesg for details

  I'm running kernel 2.6.32, and I have the kvm stuff compiled directly into the
  kernel.  There's nothing in dmesg about kvm at all.

  Note that in the VM grub comes up, but the VM dies when I boot the
  kernel.

  This command line works:

  qemu-system-x86_64 -drive cache=writeback,index=0,media=disk,file=ubuntu.img 
-k
  en-us -m 2048 -smp 2 -vnc :3102 -usbdevice tablet -enable-kvm &

  That is, removing "-vga std" fixes the problem.

  I recently added this option to both my Ubuntu and Windows XP VMs.
  The Windows VM still works fine.  If Windows can detect that the
  graphics card has changed, then Ubuntu should also have no problem.
  That being said, I added the std option when using 0.12.1.1, so there
  may be a qemu regression.

  I have reported this bug elsewhere:
  http://bugs.gentoo.org/show_bug.cgi?id=299211

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/502107/+subscriptions

[Qemu-devel] [Bug 502107] Re: qemu-kvm 0.12.1.2 crashes booting Ubuntu 9.10 with "-vga std"

[Michael Tokarev]

and it still happens even in version 1.0

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/502107

Title:
  qemu-kvm 0.12.1.2 crashes booting Ubuntu 9.10 with "-vga std"

Status in QEMU:
  Confirmed

Bug description:
  I have an Ubuntu VM that works fine without "-vga std" but crashes if
  I add "-vga std".  This is the full command line:

  qemu-system-x86_64 -vga std -drive
  cache=writeback,index=0,media=disk,file=ubuntu.img -k en-us -m 2048 -smp 2 
-vnc
  :3102 -usbdevice tablet -enable-kvm &

  I get this error:

   KVM internal error. Suberror: 1
  rax 7f789177e000 rbx  rcx  rdx
  
  rsi  rdi 7f789177e000 rsp 7fff361775e8 rbp
  7fff36177600
  r8  ff80 r9  0020 r10  r11
  7f789100a3f0
  r12 004017c0 r13 7fff36178cf0 r14  r15
  
  rip 7f789100aa7b rflags 00013206
  cs 0033 (/ p 1 dpl 3 db 0 s 1 type b l 1 g 1 avl 0)
  ds  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  es  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  ss 002b (/ p 1 dpl 3 db 1 s 1 type 3 l 0 g 1 avl 0)
  fs  (7f78917906f0/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gs  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  tr 0040 (880001a09440/2087 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
  ldt  (/ p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0)
  gdt 8800019fa000/7f
  idt 818fd000/fff
  cr0 80050033 cr2 2408000 cr3 379d4000 cr4 6f0 cr8 0 efer d01
  emulation failure, check dmesg for details

  I'm running kernel 2.6.32, and I have the kvm stuff compiled directly into the
  kernel.  There's nothing in dmesg about kvm at all.

  Note that in the VM grub comes up, but the VM dies when I boot the
  kernel.

  This command line works:

  qemu-system-x86_64 -drive cache=writeback,index=0,media=disk,file=ubuntu.img 
-k
  en-us -m 2048 -smp 2 -vnc :3102 -usbdevice tablet -enable-kvm &

  That is, removing "-vga std" fixes the problem.

  I recently added this option to both my Ubuntu and Windows XP VMs.
  The Windows VM still works fine.  If Windows can detect that the
  graphics card has changed, then Ubuntu should also have no problem.
  That being said, I added the std option when using 0.12.1.1, so there
  may be a qemu regression.

  I have reported this bug elsewhere:
  http://bugs.gentoo.org/show_bug.cgi?id=299211

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/502107/+subscriptions

Re: [Qemu-devel] [PATCH 0/3] qerror: proper errors for qmp_block_resize()

[Luiz Capitulino]

On Wed,  4 Jan 2012 17:38:20 +
Stefan Hajnoczi  wrote:

> The block resize command returns undefined errors if things go wrong.  This is
> bad since users will have no chance to understand what failed.

Oops, this introduces a segfault try "block_resize ide1-cd0 100" in the monitor
and you'll see it.

> 
> Patch 3 makes qmp_block_resize() use meaningful errors.  We introduce new
> qerrors for ENOMEDIUM and EACCES since nothing exists yet.
> 
> When doing this I noticed that qerror definitions and table entries are not in
> alphabetical order as required by the comments in qerror.h and qerror.c.
> That's not a surprise since there is no automated way to enforce this.  I'm 
> not
> sure whether this requirement is useful or not in the first place, but felt
> guilty creating more mess.  So I've restored alphabetical order and added a
> script to verify that the requirement is met in Patches 1 and 2.
> 
> Stefan Hajnoczi (3):
>   qerror: add check-qerror.sh to verify alphabetical order
>   qerror: restore alphabetical order over qerrors
>   block: use proper qerrors in qmp_block_resize
> 
>  blockdev.c  |   26 +
>  qerror.c|   91 +-
>  qerror.h|   78 +--
>  scripts/check-qerror.sh |   22 +++
>  4 files changed, 131 insertions(+), 86 deletions(-)
>  create mode 100755 scripts/check-qerror.sh
> 

Re: [Qemu-devel] [PATCH 2/2] qemu-ga: Add the guest-suspend command

[Michael Roth]

On 01/04/2012 01:45 PM, Luiz Capitulino wrote:

For now it only supports the "hibernate" mode, which suspends the
guest to disk.

This command will try to execute the scripts provided by the pm-utils
package. If that fails, it will try to suspend manually by writing
to the "/sys/power/state" file.

To reap terminated children, a new signal handler is installed to
catch SIGCHLD signals and a non-blocking call to waitpid() is done to
collect their exit statuses.

Signed-off-by: Luiz Capitulino


Looks good.

Reviewed-by: Michael Roth 


---
  qapi-schema-guest.json |   23 ++
  qemu-ga.c  |   17 -
  qga/guest-agent-commands.c |   55 
  3 files changed, 94 insertions(+), 1 deletions(-)

diff --git a/qapi-schema-guest.json b/qapi-schema-guest.json
index 5f8a18d..b151670 100644
--- a/qapi-schema-guest.json
+++ b/qapi-schema-guest.json
@@ -219,3 +219,26 @@
  ##
  { 'command': 'guest-fsfreeze-thaw',
'returns': 'int' }
+
+##
+# @guest-suspend
+#
+# Suspend guest execution by changing the guest's ACPI power state.
+#
+# This command tries to execute the scripts provided by the pm-utils
+# package. If they are not available, it will perform the suspend
+# operation by manually writing to a sysfs file.
+#
+# For the best results it's strongly recommended to have the pm-utils
+# package installed in the guest.
+#
+# @mode: 'hibernate' RAM content is saved to the disk and the guest is
+#powered off (this corresponds to ACPI S4)
+#
+# Notes: This is an asynchronous request. There's no guarantee a response
+# will be sent. Errors will be logged to guest's syslog. More modes are
+# expected in the future.
+#
+# Since: 1.1
+##
+{ 'command': 'guest-suspend', 'data': { 'mode': 'str' } }
diff --git a/qemu-ga.c b/qemu-ga.c
index 98e4dfe..5b7a7a5 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -17,6 +17,7 @@
  #include
  #include
  #include
+#include
  #include "qemu_socket.h"
  #include "json-streamer.h"
  #include "json-parser.h"
@@ -59,9 +60,15 @@ static void quit_handler(int sig)
  }
  }

+static void child_handler(int sig)
+{
+int status;
+waitpid(-1,&status, WNOHANG);
+}
+
  static void register_signal_handlers(void)
  {
-struct sigaction sigact;
+struct sigaction sigact, sigact_chld;
  int ret;

  memset(&sigact, 0, sizeof(struct sigaction));
@@ -76,6 +83,14 @@ static void register_signal_handlers(void)
  if (ret == -1) {
  g_error("error configuring signal handler: %s", strerror(errno));
  }
+
+memset(&sigact_chld, 0, sizeof(struct sigaction));
+sigact_chld.sa_handler = child_handler;
+sigact_chld.sa_flags = SA_NOCLDSTOP;
+ret = sigaction(SIGCHLD,&sigact_chld, NULL);
+if (ret == -1) {
+g_error("error configuring signal handler: %s", strerror(errno));
+}
  }

  static void usage(const char *cmd)
diff --git a/qga/guest-agent-commands.c b/qga/guest-agent-commands.c
index a09c8ca..19f29c6 100644
--- a/qga/guest-agent-commands.c
+++ b/qga/guest-agent-commands.c
@@ -574,6 +574,61 @@ int64_t qmp_guest_fsfreeze_thaw(Error **err)
  }
  #endif

+#define LINUX_SYS_STATE_FILE "/sys/power/state"
+
+void qmp_guest_suspend(const char *mode, Error **err)
+{
+pid_t pid;
+const char *pmutils_bin;
+
+/* TODO implement 'sleep' and 'hybrid' modes once qemu is fixed to
+   support them */
+if (strcmp(mode, "hibernate") == 0) {
+pmutils_bin = "pm-hibernate";
+} else {
+error_set(err, QERR_INVALID_PARAMETER, "mode");
+return;
+}
+
+pid = fork();
+if (pid == 0) {
+/* child */
+int fd;
+
+setsid();
+fclose(stdin);
+fclose(stdout);
+fclose(stderr);
+
+execlp(pmutils_bin, pmutils_bin, NULL);
+
+/*
+ * The exec call should not return, if it does something went wrong.
+ * In this case we try to suspend manually if 'mode' is 'hibernate'
+ */
+slog("could not execute %s: %s\n", pmutils_bin, strerror(errno));
+slog("trying to suspend using the manual method...\n");
+
+fd = open(LINUX_SYS_STATE_FILE, O_WRONLY);
+if (fd<  0) {
+slog("can't open file %s: %s\n", LINUX_SYS_STATE_FILE,
+strerror(errno));
+exit(1);
+}
+
+if (write(fd, "disk", 4)<  0) {
+slog("can't write to %s: %s\n", LINUX_SYS_STATE_FILE,
+strerror(errno));
+exit(1);
+}
+
+exit(0);
+} else if (pid<  0) {
+error_set(err, QERR_UNDEFINED_ERROR);
+return;
+}
+}
+
  /* register init/cleanup routines for stateful command groups */
  void ga_command_state_init(GAState *s, GACommandState *cs)
  {

Re: [Qemu-devel] [PATCH 3/3] block: use proper qerrors in qmp_block_resize

[Luiz Capitulino]

On Wed,  4 Jan 2012 17:38:23 +
Stefan Hajnoczi  wrote:

> Let's report specific errors so that management tools and users can
> identify the problem.
> 
> Two new qerrors are needed:
>  * QERR_DEVICE_HAS_NO_MEDIUM for ENOMEDIUM
>  * QERR_DEVICE_IS_READ_ONLY for EACCES

Great series, the number of complaints about generic errors have increased
lately. It's to fix this.

There's a missing bit though, would you mind to update the block_resize's
command documentation in the schema?

Thanks!

> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  blockdev.c |   26 ++
>  qerror.c   |8 
>  qerror.h   |6 ++
>  3 files changed, 32 insertions(+), 8 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index c832782..8c2c8cc 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -841,11 +841,6 @@ int do_drive_del(Monitor *mon, const QDict *qdict, 
> QObject **ret_data)
>  return 0;
>  }
>  
> -/*
> - * XXX: replace the QERR_UNDEFINED_ERROR errors with real values once the
> - * existing QERR_ macro mess is cleaned up.  A good example for better
> - * error reports can be found in the qemu-img resize code.
> - */
>  void qmp_block_resize(const char *device, int64_t size, Error **errp)
>  {
>  BlockDriverState *bs;
> @@ -857,12 +852,27 @@ void qmp_block_resize(const char *device, int64_t size, 
> Error **errp)
>  }
>  
>  if (size < 0) {
> -error_set(errp, QERR_UNDEFINED_ERROR);
> +error_set(errp, QERR_INVALID_PARAMETER_VALUE, "size", "a >0 size");
>  return;
>  }
>  
> -if (bdrv_truncate(bs, size)) {
> +switch (bdrv_truncate(bs, size)) {
> +case 0:
> +break;
> +case -ENOMEDIUM:
> +error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
> +break;
> +case -ENOTSUP:
> +error_set(errp, QERR_UNSUPPORTED);
> +break;
> +case -EACCES:
> +error_set(errp, QERR_DEVICE_IS_READ_ONLY, device);
> +break;
> +case -EBUSY:
> +error_set(errp, QERR_DEVICE_IN_USE, device);
> +break;
> +default:
>  error_set(errp, QERR_UNDEFINED_ERROR);
> -return;
> +break;
>  }
>  }
> diff --git a/qerror.c b/qerror.c
> index 2979b3e..3d95383 100644
> --- a/qerror.c
> +++ b/qerror.c
> @@ -80,6 +80,10 @@ static const QErrorStringTable qerror_table[] = {
>  .desc  = "Migration is disabled when using feature '%(feature)' 
> in device '%(device)'",
>  },
>  {
> +.error_fmt = QERR_DEVICE_HAS_NO_MEDIUM,
> +.desc  = "Device '%(device)' has no medium",
> +},
> +{
>  .error_fmt = QERR_DEVICE_INIT_FAILED,
>  .desc  = "Device '%(device)' could not be initialized",
>  },
> @@ -88,6 +92,10 @@ static const QErrorStringTable qerror_table[] = {
>  .desc  = "Device '%(device)' is in use",
>  },
>  {
> +.error_fmt = QERR_DEVICE_IS_READ_ONLY,
> +.desc  = "Device '%(device)' is read only",
> +},
> +{
>  .error_fmt = QERR_DEVICE_LOCKED,
>  .desc  = "Device '%(device)' is locked",
>  },
> diff --git a/qerror.h b/qerror.h
> index c34674e..a693d49 100644
> --- a/qerror.h
> +++ b/qerror.h
> @@ -81,12 +81,18 @@ QError *qobject_to_qerror(const QObject *obj);
>  #define QERR_DEVICE_FEATURE_BLOCKS_MIGRATION \
>  "{ 'class': 'DeviceFeatureBlocksMigration', 'data': { 'device': %s, 
> 'feature': %s } }"
>  
> +#define QERR_DEVICE_HAS_NO_MEDIUM \
> +"{ 'class': 'DeviceHasNoMedium', 'data', { 'name': %s } }"
> +
>  #define QERR_DEVICE_INIT_FAILED \
>  "{ 'class': 'DeviceInitFailed', 'data': { 'device': %s } }"
>  
>  #define QERR_DEVICE_IN_USE \
>  "{ 'class': 'DeviceInUse', 'data': { 'device': %s } }"
>  
> +#define QERR_DEVICE_IS_READ_ONLY \
> +"{ 'class': 'DeviceIsReadOnly', 'data': { 'device': %s } }"
> +
>  #define QERR_DEVICE_LOCKED \
>  "{ 'class': 'DeviceLocked', 'data': { 'device': %s } }"
>  

[Qemu-devel] [PATCH 1/2] qemu-ga: set O_NONBLOCK for serial channels

[Luiz Capitulino]

This fixes a bug when using -m isa-serial where qemu-ga will
hang on a read()'s when communicating to the host via isa-serial.

Original fix by Michael Roth.

Signed-off-by: Luiz Capitulino 
---
 qemu-ga.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/qemu-ga.c b/qemu-ga.c
index 200bb15..98e4dfe 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -504,7 +504,7 @@ static void init_guest_agent(GAState *s)
 exit(EXIT_FAILURE);
 }
 } else if (strcmp(s->method, "isa-serial") == 0) {
-fd = qemu_open(s->path, O_RDWR | O_NOCTTY);
+fd = qemu_open(s->path, O_RDWR | O_NOCTTY | O_NONBLOCK);
 if (fd == -1) {
 g_critical("error opening channel: %s", strerror(errno));
 exit(EXIT_FAILURE);
-- 
1.7.8.2.321.g4570a.dirty

Re: [Qemu-devel] [PATCH 1/2] qemu-ga: set O_NONBLOCK for serial channels

[Michael Roth]

On 01/04/2012 01:45 PM, Luiz Capitulino wrote:

This fixes a bug when using -m isa-serial where qemu-ga will
hang on a read()'s when communicating to the host via isa-serial.

Original fix by Michael Roth.

Signed-off-by: Luiz Capitulino
---
  qemu-ga.c |2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/qemu-ga.c b/qemu-ga.c
index 200bb15..98e4dfe 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -504,7 +504,7 @@ static void init_guest_agent(GAState *s)
  exit(EXIT_FAILURE);
  }
  } else if (strcmp(s->method, "isa-serial") == 0) {
-fd = qemu_open(s->path, O_RDWR | O_NOCTTY);
+fd = qemu_open(s->path, O_RDWR | O_NOCTTY | O_NONBLOCK);
  if (fd == -1) {
  g_critical("error opening channel: %s", strerror(errno));
  exit(EXIT_FAILURE);


Thanks for sending this.

Reviewed-by: Michael Roth 

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Avi Kivity]

On 01/04/2012 09:50 PM, Peter Maydell wrote:
> On 4 January 2012 19:32, Avi Kivity  wrote:
> > The name 'Phys' conveys exactly the same information as 
> > 'target_phys_addr_t':
> >
> >  - it has to be a physical address (no such thing as physical data)
> >  - it has to be a target address (qemu doesn't do host physical addresses)
> >  - the fact that it's a type is implied by the naming convention
> >
> > As it's 4 characters vs. 18, and C standard compliant to boot, Phys is a
> > clear winner.  Rename all instances of target_phys_addr_t to the new name.
> > All hail Phys!
> >
> >  323 files changed, 1959 insertions(+), 1959 deletions(-)
>
> Seems like gratuitous churn to me...
>

It will generate noise, but improve readability by a little bit.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

Re: [Qemu-devel] [PATCH] Rename target_phys_addr_t to Phys

[Peter Maydell]

On 4 January 2012 19:32, Avi Kivity  wrote:
> The name 'Phys' conveys exactly the same information as 'target_phys_addr_t':
>
>  - it has to be a physical address (no such thing as physical data)
>  - it has to be a target address (qemu doesn't do host physical addresses)
>  - the fact that it's a type is implied by the naming convention
>
> As it's 4 characters vs. 18, and C standard compliant to boot, Phys is a
> clear winner.  Rename all instances of target_phys_addr_t to the new name.
> All hail Phys!
>
>  323 files changed, 1959 insertions(+), 1959 deletions(-)

Seems like gratuitous churn to me...

-- PMM

[Qemu-devel] [PATCH 2/2] qemu-ga: Add the guest-suspend command

[Luiz Capitulino]

For now it only supports the "hibernate" mode, which suspends the
guest to disk.

This command will try to execute the scripts provided by the pm-utils
package. If that fails, it will try to suspend manually by writing
to the "/sys/power/state" file.

To reap terminated children, a new signal handler is installed to
catch SIGCHLD signals and a non-blocking call to waitpid() is done to
collect their exit statuses.

Signed-off-by: Luiz Capitulino 
---
 qapi-schema-guest.json |   23 ++
 qemu-ga.c  |   17 -
 qga/guest-agent-commands.c |   55 
 3 files changed, 94 insertions(+), 1 deletions(-)

diff --git a/qapi-schema-guest.json b/qapi-schema-guest.json
index 5f8a18d..b151670 100644
--- a/qapi-schema-guest.json
+++ b/qapi-schema-guest.json
@@ -219,3 +219,26 @@
 ##
 { 'command': 'guest-fsfreeze-thaw',
   'returns': 'int' }
+
+##
+# @guest-suspend
+#
+# Suspend guest execution by changing the guest's ACPI power state.
+#
+# This command tries to execute the scripts provided by the pm-utils
+# package. If they are not available, it will perform the suspend
+# operation by manually writing to a sysfs file.
+#
+# For the best results it's strongly recommended to have the pm-utils
+# package installed in the guest.
+#
+# @mode: 'hibernate' RAM content is saved to the disk and the guest is
+#powered off (this corresponds to ACPI S4)
+#
+# Notes: This is an asynchronous request. There's no guarantee a response
+# will be sent. Errors will be logged to guest's syslog. More modes are
+# expected in the future.
+#
+# Since: 1.1
+##
+{ 'command': 'guest-suspend', 'data': { 'mode': 'str' } }
diff --git a/qemu-ga.c b/qemu-ga.c
index 98e4dfe..5b7a7a5 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "qemu_socket.h"
 #include "json-streamer.h"
 #include "json-parser.h"
@@ -59,9 +60,15 @@ static void quit_handler(int sig)
 }
 }
 
+static void child_handler(int sig)
+{
+int status;
+waitpid(-1, &status, WNOHANG);
+}
+
 static void register_signal_handlers(void)
 {
-struct sigaction sigact;
+struct sigaction sigact, sigact_chld;
 int ret;
 
 memset(&sigact, 0, sizeof(struct sigaction));
@@ -76,6 +83,14 @@ static void register_signal_handlers(void)
 if (ret == -1) {
 g_error("error configuring signal handler: %s", strerror(errno));
 }
+
+memset(&sigact_chld, 0, sizeof(struct sigaction));
+sigact_chld.sa_handler = child_handler;
+sigact_chld.sa_flags = SA_NOCLDSTOP;
+ret = sigaction(SIGCHLD, &sigact_chld, NULL);
+if (ret == -1) {
+g_error("error configuring signal handler: %s", strerror(errno));
+}
 }
 
 static void usage(const char *cmd)
diff --git a/qga/guest-agent-commands.c b/qga/guest-agent-commands.c
index a09c8ca..19f29c6 100644
--- a/qga/guest-agent-commands.c
+++ b/qga/guest-agent-commands.c
@@ -574,6 +574,61 @@ int64_t qmp_guest_fsfreeze_thaw(Error **err)
 }
 #endif
 
+#define LINUX_SYS_STATE_FILE "/sys/power/state"
+
+void qmp_guest_suspend(const char *mode, Error **err)
+{
+pid_t pid;
+const char *pmutils_bin;
+
+/* TODO implement 'sleep' and 'hybrid' modes once qemu is fixed to
+   support them */
+if (strcmp(mode, "hibernate") == 0) {
+pmutils_bin = "pm-hibernate";
+} else {
+error_set(err, QERR_INVALID_PARAMETER, "mode");
+return;
+}
+
+pid = fork();
+if (pid == 0) {
+/* child */
+int fd;
+
+setsid();
+fclose(stdin);
+fclose(stdout);
+fclose(stderr);
+
+execlp(pmutils_bin, pmutils_bin, NULL);
+
+/* 
+ * The exec call should not return, if it does something went wrong.
+ * In this case we try to suspend manually if 'mode' is 'hibernate'
+ */
+slog("could not execute %s: %s\n", pmutils_bin, strerror(errno));
+slog("trying to suspend using the manual method...\n");
+
+fd = open(LINUX_SYS_STATE_FILE, O_WRONLY);
+if (fd < 0) {
+slog("can't open file %s: %s\n", LINUX_SYS_STATE_FILE,
+strerror(errno));
+exit(1);
+}
+
+if (write(fd, "disk", 4) < 0) {
+slog("can't write to %s: %s\n", LINUX_SYS_STATE_FILE,
+strerror(errno));
+exit(1);
+}
+
+exit(0);
+} else if (pid < 0) {
+error_set(err, QERR_UNDEFINED_ERROR);
+return;
+}
+}
+
 /* register init/cleanup routines for stateful command groups */
 void ga_command_state_init(GAState *s, GACommandState *cs)
 {
-- 
1.7.8.2.321.g4570a.dirty

[Qemu-devel] [PATCH v4 0/2]: qemu-ga: Add the guest-suspend command

[Luiz Capitulino]

This version drops modes 'sleep' and 'hybrid' because they don't work
properly due to issues in qemu. Only the 'hibernate' mode is supported
for now.

Also note that virtio doesn't currently support ACPI S4. There are
patches flying on lkml to fix that though.

Please refer to patch 2/2 for more details on the implementation.

v4

o Drop 'sleep' and 'hybrid' modes
o pull in a fix from Michael Roth (patch 1/2)

 qapi-schema-guest.json |   23 ++
 qemu-ga.c  |   19 +-
 qga/guest-agent-commands.c |   55 
 3 files changed, 95 insertions(+), 2 deletions(-)

Re: [Qemu-devel] [PATCH 17/23] xen: convert to MemoryListener API

[Avi Kivity]

On 01/04/2012 08:06 PM, Stefano Stabellini wrote:
> On Mon, 19 Dec 2011, Avi Kivity wrote:
> > -static int xen_log_start(CPUPhysMemoryClient *client, target_phys_addr_t 
> > phys_addr, ram_addr_t size)
> > +static void xen_log_start(MemoryListener *listener,
> > +  MemoryRegionSection *section)
> >  {
> > -XenIOState *state = container_of(client, XenIOState, client);
> > +XenIOState *state = container_of(listener, XenIOState, 
> > memory_listener);
> > +int r;
> >  
> > -return xen_sync_dirty_bitmap(state, phys_addr, size);
> > +r = xen_sync_dirty_bitmap(state, section->offset_within_address_space,
> > +  section->size);
> > +assert(r >= 0);
> >  }
>
> I really feel I should thank you for your work because you did a very
> good job porting xen to the new api. In fact apart from the dirty bitmap
> (Anthony is about to send a patch to fix the issue:
> xen_sync_dirty_bitmap can actually fail sometimes), everything else
> is done right and works correctly.

Thanks.

> However I would have appreciated if you could have given us more time to
> review the four patches you wrote: considering the time of the year both
> Anthony and I were on vacation and didn't have a chance to read them
> until today.

I realize that I bypassed the normal protocol here, but I had to choose
one of several bad choices:

- continue developing without merging, and risk large rebases in case
the patches (or something else in qemu) had to be changed
- stop developing until you returned from your (undoubtedly well
deserved) vacations
- merge and look away while whistling innocently

I chose the third, since I still have quite a lot of work with the
memory API.  Of course I will help with fixing the fallout if needed,
and since you're back online, we can go back to the normal way of
reviewing and testing patches before merging.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Marcelo Tosatti]

On Wed, Jan 04, 2012 at 11:03:14AM -0700, Eric Blake wrote:
> On 01/04/2012 10:47 AM, Marcelo Tosatti wrote:
> >>> +/*
> >>> + * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
> >>> + *
> >>
> >> How hard would it be to go one step further, and provide a monitor
> >> command where qemu could dump the state of BASE, INTER1, or INTER2
> >> without removing it from the image chain?  Libvirt would really like to
> >> be able to have a command where the user can request to inspect to see
> >> the contents of (a portion of) the disk at the time the snapshot was
> >> created, all while qemu continues to run and the TOP file continues to
> >> be adding deltas to that portion of the disk.
> > 
> > What exactly do you mean "dump the state of"? You want access to
> > the contents of INTER2, INTER1, BASE, via libguestfs?
> 
> I want access via the qemu monitor (which can then be used by libvirt,
> libguestfs, and others, to do whatever further management operations on
> that snapshot as desired).
> 
> > 
> >> For that matter, I'm still missing out on the ability to extract the
> >> contents of a qcow2 internal snapshot from an image that is in use by
> >> qemu - we have the ability to delete internal snapshots but not to probe
> >> their contents.
> > 
> > Same question (although i am not familiar with internal snapshots).
> 
> With external snapshots, I know that once the external snapshot TOP is
> created, then qemu is treating INTER2 as read-only; therefore, I can
> then use qemu-img in parallel on INTER2 to probe the contents of the
> snapshot; therefore, in libvirt, it would be possible for me to create a
> raw image corresponding to the qcow2 contents of INTER2, or to create a
> cloned qcow2 image corresponding to the raw contents of BASE, all while
> TOP continues to be modified.

Correct.

> But with internal snapshots, both the snapshot and the current disk
> state reside in the same qcow2 file, which is under current use by qemu,
> and therefore, qemu-img cannot be safely used on that file.  The only
> way I know of to extract the contents of that internal snapshot is via
> qemu itself, but qemu does not currently expose that.  I envision
> something similar to the memsave and pmemsave monitor commands, which
> copy a (portion) of the guest's memory into a file (although copying
> into an already-open fd passed via SCM_RIGHTS would be nicer than
> requiring a file name, as is the current case with memsave).
> 
> And once we get qemu to expose the contents of an internal snapshot,
> that same monitor command seems like it would be useful for exposing the
> contents of an external snapshot such as INTER2 or BASE, rather than
> having to use qemu-img in parallel on the external file.

I'll defer to Kevin or Stefan.

[Qemu-devel] [PATCH] xen: Fix after recent change in dirty bitmap tracking.

[Anthony PERARD]

A recent patch set from Avi break the dirty bitmap support of Xen. But this is
because the internal function will return an error for an unhandled memory
region (a - b). But this is not an error. So the patch clarify the
function from this point of view.

There is now an error print when the Xen call failed.

Signed-off-by: Anthony PERARD 

---
 xen-all.c |   38 ++
 1 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/xen-all.c b/xen-all.c
index dc23265..2aa8c03 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -403,9 +403,9 @@ static void xen_region_del(MemoryListener *listener,
 xen_set_memory(listener, section, false);
 }
 
-static int xen_sync_dirty_bitmap(XenIOState *state,
- target_phys_addr_t start_addr,
- ram_addr_t size)
+static void xen_sync_dirty_bitmap(XenIOState *state,
+  target_phys_addr_t start_addr,
+  ram_addr_t size)
 {
 target_phys_addr_t npages = size >> TARGET_PAGE_BITS;
 target_phys_addr_t vram_offset = 0;
@@ -417,21 +417,27 @@ static int xen_sync_dirty_bitmap(XenIOState *state,
 physmap = get_physmapping(state, start_addr, size);
 if (physmap == NULL) {
 /* not handled */
-return -1;
+return;
 }
 
 if (state->log_for_dirtybit == NULL) {
 state->log_for_dirtybit = physmap;
 } else if (state->log_for_dirtybit != physmap) {
-return -1;
+/* Only one range for dirty bitmap can be tracked. */
+return;
 }
 vram_offset = physmap->phys_offset;
 
 rc = xc_hvm_track_dirty_vram(xen_xc, xen_domid,
  start_addr >> TARGET_PAGE_BITS, npages,
  bitmap);
-if (rc) {
-return rc;
+if (rc < 0) {
+if (rc != -ENODATA) {
+fprintf(stderr, "xen: track_dirty_vram failed (0x" TARGET_FMT_plx
+", 0x" TARGET_FMT_plx "): %s\n",
+start_addr, start_addr + size, strerror(-rc));
+}
+return;
 }
 
 for (i = 0; i < ARRAY_SIZE(bitmap); i++) {
@@ -442,40 +448,32 @@ static int xen_sync_dirty_bitmap(XenIOState *state,
 cpu_physical_memory_set_dirty(vram_offset + (i * width + j) * 
TARGET_PAGE_SIZE);
 };
 }
-
-return 0;
 }
 
 static void xen_log_start(MemoryListener *listener,
   MemoryRegionSection *section)
 {
 XenIOState *state = container_of(listener, XenIOState, memory_listener);
-int r;
 
-r = xen_sync_dirty_bitmap(state, section->offset_within_address_space,
-  section->size);
-assert(r >= 0);
+xen_sync_dirty_bitmap(state, section->offset_within_address_space,
+  section->size);
 }
 
 static void xen_log_stop(MemoryListener *listener, MemoryRegionSection 
*section)
 {
 XenIOState *state = container_of(listener, XenIOState, memory_listener);
-int r;
 
 state->log_for_dirtybit = NULL;
 /* Disable dirty bit tracking */
-r = xc_hvm_track_dirty_vram(xen_xc, xen_domid, 0, 0, NULL);
-assert(r >= 0);
+xc_hvm_track_dirty_vram(xen_xc, xen_domid, 0, 0, NULL);
 }
 
 static void xen_log_sync(MemoryListener *listener, MemoryRegionSection 
*section)
 {
 XenIOState *state = container_of(listener, XenIOState, memory_listener);
-int r;
 
-r = xen_sync_dirty_bitmap(state, section->offset_within_address_space,
-  section->size);
-assert(r >= 0);
+xen_sync_dirty_bitmap(state, section->offset_within_address_space,
+  section->size);
 }
 
 static void xen_log_global_start(MemoryListener *listener)
-- 
tg: (61ec004..) fix/sync-dirty-bitmap (depends on: master)

[Qemu-devel] [PATCH v7] arm: add dummy v7 cp15 registers

[Mark Langsdorf]

Add dummy register support for the cp15, CRn=c15 registers.
config_base_register and power_control_register currently
default to 0, but may have improved support after the QOM
CPU patches are finished.

Signed-off-by: Mark Langsdorf 
---
Changes from v6
Added the diagnostic registers
Added save/load support
Changes from v5
Added handling for all c15 registers
Changes from v3, v4
None
Changes from v2
Added test against op2 
Changes from v1
renamed the config_base_register
added comments about how it will change when QOM CPUs are added

 target-arm/cpu.h |4 
 target-arm/helper.c  |   48 
 target-arm/machine.c |7 +++
 3 files changed, 59 insertions(+), 0 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c4d742f..3bc90e6 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -149,6 +149,10 @@ typedef struct CPUARMState {
 uint32_t c15_i_max; /* Maximum D-cache dirty line index.  */
 uint32_t c15_i_min; /* Minimum D-cache dirty line index.  */
 uint32_t c15_threadid; /* TI debugger thread-ID.  */
+uint32_t c15_config_base_address; /* SCU base address.  */
+uint32_t c15_diagnostic; /* diagnostic register */
+uint32_t c15_power_diagnostic;
+uint32_t c15_power_control; /* power control */
 } cp15;
 
 struct {
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 65f4fbf..62028e5 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1768,6 +1768,20 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, 
uint32_t val)
 goto bad_reg;
 }
 }
+if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+switch (crm) {
+case 0:
+if ((op1 == 0) && (op2 == 0)) {
+env->cp15.c15_power_control = val;
+} else if ((op1 == 0) && (op2 == 1)) {
+env->cp15.c15_diagnostic = val;
+} else if ((op1 == 0) && (op2 == 2)) {
+env->cp15.c15_power_diagnostic = val;
+}
+default:
+break;
+}
+}
 break;
 }
 return;
@@ -2111,6 +2125,40 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
  * 0x200 << ($rn & 0xfff), when MMU is off.  */
 goto bad_reg;
 }
+if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+switch (crm) {
+case 0:
+if ((op1 == 4) && (op2 == 0)) {
+/* The config_base_address should hold the value of
+ * the peripheral base. ARM should get this from a CPU
+ * object property, but that support isn't available in
+ * December 2011. Default to 0 for now and board models
+ * that care can set it by a private hook */
+return env->cp15.c15_config_base_address;
+} else if ((op1 == 0) && (op2 == 0)) {
+/* power_control should be set to maximum latency. Again,
+   default to 0 and set by private hook */
+return env->cp15.c15_power_control;
+} else if ((op1 == 0) && (op2 == 1)) {
+return env->cp15.c15_diagnostic;
+} else if ((op1 == 0) && (op2 == 2)) {
+return env->cp15.c15_power_diagnostic;
+}
+break;
+case 1: /* NEON Busy */
+return 0;
+case 5: /* tlb lockdown */
+case 6:
+case 7:
+if ((op1 == 5) && (op2 == 2)) {
+return 0;
+}
+break;
+default:
+break;
+}
+goto bad_reg;
+}
 return 0;
 }
 bad_reg:
diff --git a/target-arm/machine.c b/target-arm/machine.c
index aaee9b9..7f25b0f 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -56,6 +56,9 @@ void cpu_save(QEMUFile *f, void *opaque)
 qemu_put_be32(f, env->cp15.c13_tls2);
 qemu_put_be32(f, env->cp15.c13_tls3);
 qemu_put_be32(f, env->cp15.c15_cpar);
+qemu_put_be32(f, env->cp15.c15_power_control);
+qemu_put_be32(f, env->cp15.c15_diagnostic);
+qemu_put_be32(f, env->cp15.c15_power_diagnostic);
 
 qemu_put_be32(f, env->features);
 
@@ -170,6 +173,10 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
 env->cp15.c13_tls2 = qemu_get_be32(f);
 env->cp15.c13_tls3 = qemu_get_be32(f);
 env->cp15.c15_cpar = qemu_get_be32(f);
+env->cp15.c15_power_control = qemu_get_be32(f);
+env->cp15.c15_diagnostic = qemu_get_be32(f);
+env->cp15.c15_power_diagnostic = qemu_get_be32(f);
+
 
 env->features = qemu_get_be32(f);
 
-- 
1.7.5.4

Re: [Qemu-devel] Xen: qemu dies with xen-all.c:478: xen_log_sync: Assertion `r >= 0' failed.

[Stefano Stabellini]

On Wed, 4 Jan 2012, Julian Pidancet wrote:
> When testing the latest master branch, qemu dies with the above error
> message. The issue seems to have been introduced by the following
> recent patch:
> 
> xen: convert to MemoryListener API (20581d207853fe4b1af88b116f077516dfa888cd)
> 
> Commenting the assert() prevents qemu from dying, but there may be
> another underlying problem with framebuffer dirty page tracking
> because the display is really slow on my setup (It wasn't the last
> time I tried).

Yes, we know, see http://marc.info/?l=qemu-devel&m=132570052310367&w=2.
Anthony is brewing a patch to fix it properly.
Thank you for testing,

Stefano

Re: [Qemu-devel] [PATCH v6 1/1] arm: add dummy v7 cp15 registers

[Mark Langsdorf]

On 01/04/2012 11:50 AM, Peter Maydell wrote:
> On 4 January 2012 16:53, Mark Langsdorf  wrote:
>> +} else if ((op1 == 0) && (op2 == 0)) {
>> +/* power_control should be set to maximum latency. Again,
>> +   default to 0 and set by private hook */
>> +return env->cp15.c15_power_control;
>> +}
> 
> This one's read-write, which means it needs (a) support in set_cp15
> (b) save/load support.

Okay.

> You also need to implement the diagnostic register c15,c0,0,1
> otherwise Linux won't boot when it tries to run this code:
>  http://lxr.linux.no/#linux+v3.1.7/arch/arm/mm/proc-v7.S#L345
> I suggest that should be implemented as reads-as-written. (Again, will
> need save/load
> support.) Ditto for the power diagnostic control register c15,c0,0,2, as used 
> in
> this patch: http://www.spinics.net/lists/arm-kernel/msg115817.html

I'm handling all the c15 registers listed on p 4-11 of the Cortex-A9
r3p0 TRM. Would you please give me a reference for these other two
registers? I'm not seeing them. Thanks.

--Mark

[Qemu-devel] Xen: qemu dies with xen-all.c:478: xen_log_sync: Assertion `r >= 0' failed.

[Julian Pidancet]

When testing the latest master branch, qemu dies with the above error
message. The issue seems to have been introduced by the following
recent patch:

xen: convert to MemoryListener API (20581d207853fe4b1af88b116f077516dfa888cd)

Commenting the assert() prevents qemu from dying, but there may be
another underlying problem with framebuffer dirty page tracking
because the display is really slow on my setup (It wasn't the last
time I tried).

-- 
Julian

Re: [Qemu-devel] [PATCH 17/23] xen: convert to MemoryListener API

[Stefano Stabellini]

On Mon, 19 Dec 2011, Avi Kivity wrote:
> -static int xen_log_start(CPUPhysMemoryClient *client, target_phys_addr_t 
> phys_addr, ram_addr_t size)
> +static void xen_log_start(MemoryListener *listener,
> +  MemoryRegionSection *section)
>  {
> -XenIOState *state = container_of(client, XenIOState, client);
> +XenIOState *state = container_of(listener, XenIOState, memory_listener);
> +int r;
>  
> -return xen_sync_dirty_bitmap(state, phys_addr, size);
> +r = xen_sync_dirty_bitmap(state, section->offset_within_address_space,
> +  section->size);
> +assert(r >= 0);
>  }

I really feel I should thank you for your work because you did a very
good job porting xen to the new api. In fact apart from the dirty bitmap
(Anthony is about to send a patch to fix the issue:
xen_sync_dirty_bitmap can actually fail sometimes), everything else
is done right and works correctly.

However I would have appreciated if you could have given us more time to
review the four patches you wrote: considering the time of the year both
Anthony and I were on vacation and didn't have a chance to read them
until today.

Re: [Qemu-devel] [PULL 00/12] arm-devs queue

[Anthony Liguori]

On 01/04/2012 07:56 AM, Peter Maydell wrote:

This is a pullreq for accumulated arm-devs patches; please pull.

NB: over the Christmas break my usual workflow got a bit disrupted so
I might have missed some patches; if there's anything that you were
expecting to be in here but isn't, please ping, resubmit the patch, etc.

-- PMM


Pulled.  Thanks.

Regards,

Anthony Liguori




The following changes since commit f3c6a169a39d188e98c17a0a0ebfa7f85e5aafdd:

   Merge remote-tracking branch 'qemu-kvm/memory/page_desc' into staging 
(2012-01-03 14:39:05 -0600)

are available in the git repository at:

   git://git.linaro.org/people/pmaydell/qemu-arm.git arm-devs.for-upstream

Juha Riihimäki (3):
   hw/omap1.c: Separate PWL from omap_mpu_state
   hw/omap1.c: Separate PWT from omap_mpu_state
   hw/omap1.c: Separate dpll_ctl from omap_mpu_state

Mark Langsdorf (1):
   arm: Set frequencies for arm_timer

Peter Maydell (5):
   hw/pl181.c: Add save/load support
   hw/pl110.c: Add post-load hook to invalidate display
   hw/omap1.c: omap_mpuio_init() need not be public
   hw/omap1.c: Drop unused includes
   hw/omap_gpmc: Fix region map/unmap when configuring prefetch engine

Rob Herring (3):
   arm: add missing scu registers
   arm: add dummy gic security registers
   add L2x0/PL310 cache controller device

  Makefile.target |1 +
  hw/a9mpcore.c   |   36 ++-
  hw/arm_gic.c|6 ++
  hw/arm_l2x0.c   |  181 +++
  hw/arm_timer.c  |   24 ++--
  hw/omap.h   |   28 +
  hw/omap1.c  |  151 +++---
  hw/omap_gpmc.c  |   30 +++---
  hw/pl110.c  |   11 
  hw/pl181.c  |   49 ---
  10 files changed, 404 insertions(+), 113 deletions(-)
  create mode 100644 hw/arm_l2x0.c

[Qemu-devel] Boot order problem and disable iPXE/gPXE

[Gerhard Wiesinger]

Hello,

I'm having the following boot order problem using an SCSI option ROM:

Command line:
/root/download/qemu/git/qemu-kvm/x86_64-softmmu/qemu-system-x86_64
-drive file=1.img,media=disk,if=scsi,bus=0,unit=0
-drive file=2.img,media=disk,if=scsi,bus=0,unit=1
-drive file=3.img,media=disk,if=scsi,bus=0,unit=2
-drive file=4.img,media=disk,if=scsi,bus=0,unit=3
-cdrom KNOPPIX_V6.2CD-2009-11-18-DE.iso
-boot order=c -m 256 -k de -vga vmware -vnc :0
-bios /root/download/seabios/git/seabios/out/bios.bin 
-option-rom BIOS/8xx_64.rom

-net nic,model=rtl8139,macaddr=1a:46:0b:ca:bc:7c
-net tap,ifname=tap0,script=no,downscript=no

Still boots the cdrom instead of harddisk. So it is impossible to have a 
bootable CDROM in the VM without booting from it.


Going into boot menu (-boot order=c,menu=on)and selecting HD works well.
Any ideas to fix it?

I also want to disable iPXE/gPXE on boot. I found several "workarounds" 
specifying rom files on different command lines:

1.) -net nic,model=rtl8139,macaddr=1a:46:0b:ca:bc:7c,rom=/dev/null
(https://lists.gnu.org/archive/html/qemu-devel/2010-03/msg00546.html)
2.) -device rtl8139,romfile=/dev/null
3.) remove ROM files.

I think best way would be:
-net nic,model=rtl8139,macaddr=1a:46:0b:ca:bc:7c,rom=/dev/null
or by SEABIOS boot option.

Removing rom files isn't an option because I want it by command line 
switch and need them for other VMs.


Any thoughts?

Thnx.

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Eric Blake]

On 01/04/2012 10:47 AM, Marcelo Tosatti wrote:
>>> +/*
>>> + * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
>>> + *
>>
>> How hard would it be to go one step further, and provide a monitor
>> command where qemu could dump the state of BASE, INTER1, or INTER2
>> without removing it from the image chain?  Libvirt would really like to
>> be able to have a command where the user can request to inspect to see
>> the contents of (a portion of) the disk at the time the snapshot was
>> created, all while qemu continues to run and the TOP file continues to
>> be adding deltas to that portion of the disk.
> 
> What exactly do you mean "dump the state of"? You want access to
> the contents of INTER2, INTER1, BASE, via libguestfs?

I want access via the qemu monitor (which can then be used by libvirt,
libguestfs, and others, to do whatever further management operations on
that snapshot as desired).

> 
>> For that matter, I'm still missing out on the ability to extract the
>> contents of a qcow2 internal snapshot from an image that is in use by
>> qemu - we have the ability to delete internal snapshots but not to probe
>> their contents.
> 
> Same question (although i am not familiar with internal snapshots).

With external snapshots, I know that once the external snapshot TOP is
created, then qemu is treating INTER2 as read-only; therefore, I can
then use qemu-img in parallel on INTER2 to probe the contents of the
snapshot; therefore, in libvirt, it would be possible for me to create a
raw image corresponding to the qcow2 contents of INTER2, or to create a
cloned qcow2 image corresponding to the raw contents of BASE, all while
TOP continues to be modified.

But with internal snapshots, both the snapshot and the current disk
state reside in the same qcow2 file, which is under current use by qemu,
and therefore, qemu-img cannot be safely used on that file.  The only
way I know of to extract the contents of that internal snapshot is via
qemu itself, but qemu does not currently expose that.  I envision
something similar to the memsave and pmemsave monitor commands, which
copy a (portion) of the guest's memory into a file (although copying
into an already-open fd passed via SCM_RIGHTS would be nicer than
requiring a file name, as is the current case with memsave).

And once we get qemu to expose the contents of an internal snapshot,
that same monitor command seems like it would be useful for exposing the
contents of an external snapshot such as INTER2 or BASE, rather than
having to use qemu-img in parallel on the external file.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL] Memory API: live migration and dispatch

[Anthony Liguori]

On 01/04/2012 05:52 AM, Avi Kivity wrote:

Please pull from

   git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git memory/batch

to receive the conversion of live migration to the memory API, along
with conversion of memory access dispatch to MemoryRegions instead of
CPU{Read,Write}Func.  These have been previously posted and viewed as
separate patchsets.


Pulled.  Thanks.

Regards,

Anthony Liguori



Avi Kivity (26):
   memory: introduce memory_region_name()
   vmstate, memory: decouple vmstate from memory API
   Store MemoryRegion in RAMBlock
   Switch ram_save to the memory API
   Sort RAMBlocks by ID for migration, not by ram_addr
   Remove support for version 3 ram_load
   Convert ram_load() to the memory API
   memory: obsolete cpu_physical_memory_[gs]et_dirty_tracking()
   xen: convert framebuffer dirty tracking to memory API
   memory: obsolete more dirty memory related functions
   memory: move endianness compensation to memory core
   exec: make phys_page_find() return a temporary
   memory: move mmio access to functions
   memory: remove MemoryRegion::backend_registered
   Fix wrong region_offset when overlaying a page with another
   Avoid range comparisons on io index types
   Uninline get_page_addr_code()
   Convert IO_MEM_{RAM,ROM,UNASSIGNED,NOTDIRTY} to MemoryRegions
   Switch cpu_register_physical_memory_log() to use MemoryRegions
   Convert the subpage wrapper to be a MemoryRegion
   Convert IO_MEM_SUBPAGE_RAM to be a MemoryRegion
   Convert io_mem_watch to be a MemoryRegion
   Direct dispatch through MemoryRegion
   Remove IO_MEM_SUBPAGE
   Drop IO_MEM_ROMD
   Remove IO_MEM_SHIFT

  Makefile.objs |2 +-
  Makefile.target   |2 +-
  arch_init.c   |   71 ++--
  cpu-all.h |   56 +---
  cpu-common.h  |   16 +-
  exec-all.h|   33 +--
  exec-obsolete.h   |   78 +++-
  exec.c|  931
+++--
  hw/alpha_typhoon.c|3 +-
  hw/an5206.c   |6 +-
  hw/armv7m.c   |9 +-
  hw/axis_dev88.c   |6 +-
  hw/dummy_m68k.c   |3 +-
  hw/g364fb.c   |3 +-
  hw/hw.h   |5 +
  hw/integratorcp.c |6 +-
  hw/ivshmem.c  |7 +-
  hw/leon3.c|6 +-
  hw/lm32_boards.c  |6 +-
  hw/mainstone.c|3 +-
  hw/mcf5208.c  |6 +-
  hw/milkymist-minimac2.c   |3 +-
  hw/milkymist-softusb.c|6 +-
  hw/milkymist.c|3 +-
  hw/mips_fulong2e.c|6 +-
  hw/mips_jazz.c|9 +-
  hw/mips_malta.c   |9 +-
  hw/mips_mipssim.c |6 +-
  hw/mips_r4k.c |6 +-
  hw/musicpal.c |6 +-
  hw/omap1.c|6 +-
  hw/omap2.c|6 +-
  hw/omap_sx1.c |6 +-
  hw/onenand.c  |3 +-
  hw/palm.c |3 +-
  hw/pc.c   |9 +-
  hw/pci.c  |4 +-
  hw/petalogix_ml605_mmu.c  |6 +-
  hw/petalogix_s3adsp1800_mmu.c |7 +-
  hw/pflash_cfi01.c |4 +-
  hw/pflash_cfi02.c |3 +-
  hw/ppc405_boards.c|   18 +-
  hw/ppc405_uc.c|3 +-
  hw/ppc4xx_devs.c  |3 +-
  hw/ppc_newworld.c |6 +-
  hw/ppc_oldworld.c |6 +-
  hw/ppc_prep.c |6 +-
  hw/ppce500_mpc8544ds.c|3 +-
  hw/pxa2xx.c   |   12 +-
  hw/qxl.c  |   12 +-
  hw/r2d.c  |3 +-
  hw/realview.c |9 +-
  hw/s390-virtio.c  |3 +-
  hw/shix.c |9 +-
  hw/sm501.c|3 +-
  hw/spapr.c|3 +-
  hw/spitz.c|3 +-
  hw/strongarm.c|3 +-
  hw/sun4m.c|   12 +-
  hw/sun4u.c|6 +-
  hw/tc6393xb.c |3 +-
  hw/tcx.c  |3 +-
  hw/tosa.c |3 +-
  hw/versatilepb.c  |3 +-
  hw/vexpress.c |   12 +-
  hw/vga.c  |3 +-
  hw/virtex_ml507.c |3 +-
  hw/vmware_vga.c   |3 +-
  hw/xtensa_lx60.c  |9 +-
  hw/xtensa_sim.c   |6 +-
  memory.c  |  204 -
  memory.h  |   30 +-
  savevm.c  |   17 +
  softmmu_template.h|   33 +-
  xen-all.c |8 +-
  75 files changed, 796 insertions(+), 1036 deletions(-)

Re: [Qemu-devel] [PATCH v6 1/1] arm: add dummy v7 cp15 registers

[Peter Maydell]

On 4 January 2012 16:53, Mark Langsdorf  wrote:
> +        if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
> +            switch (crm) {
> +            case 0:
> +                if ((op1 == 4) && (op2 == 0)) {
> +                /* The config_base_address should hold the value of
> +                 * the peripheral base. ARM should get this from a CPU
> +                 * object property, but that support isn't available in
> +                 * December 2011. Default to 0 for now and board models
> +                 * that care can set it by a private hook */
> +                    return env->cp15.c15_config_base_address;
> +                } else if ((op1 == 0) && (op2 == 0)) {
> +                /* power_control should be set to maximum latency. Again,
> +                   default to 0 and set by private hook */
> +                    return env->cp15.c15_power_control;
> +                }

This one's read-write, which means it needs (a) support in set_cp15
(b) save/load
support.

> +                break;
> +            case 1: /* NEON Busy */
> +                return 0;
> +            case 5: /* tlb lockdown */
> +            case 6:
> +            case 7:
> +                if ((op1 == 5) && (op2 == 2)) {
> +                    return 0;
> +                }
> +                break;
> +            default:
> +                break;
> +            }
> +            goto bad_reg;
> +        }

You also need to implement the diagnostic register c15,c0,0,1
otherwise Linux won't boot when it tries to run this code:
 http://lxr.linux.no/#linux+v3.1.7/arch/arm/mm/proc-v7.S#L345
I suggest that should be implemented as reads-as-written. (Again, will
need save/load
support.) Ditto for the power diagnostic control register c15,c0,0,2, as used in
this patch: http://www.spinics.net/lists/arm-kernel/msg115817.html

-- PMM

Re: [Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for qemu

[Lutz Vieweg]

On 01/04/2012 06:18 PM, Corey Bryant wrote:

With qemu it is possible to run a guest from an unprivileged user but if
we wanted to communicate with the outside world we had to switch
to root.

We address this problem by introducing a new network backend and a new
network option for -net tap.


I appreciate the effort you've invested to implement this
work-around.

But I wonder if there isn't a much simpler, and straight-forward method:
tap devices, theoretically, already have a "group" assigned to them
(as well as a "user"). Currently it seems, though, that the "group"
is basically ignored and has no actual influence on who may access
a tap device and how. (If "tunctl -p -u username -g groupname -t tapX"
was used to create a tap device, the "username" can access it, but
not members of "groupname" - for no obvious reasons.)

If that was changed, and the "group" was actually honored, the problem
would collapse into root needing to create at boot time a useful amount
of tap devices attached to whatever bridge appropriate, and assigning
the group such that users who should be entitled to use those devices
are members of those groups.

Then qemu (started as a user) would just need to iterate through the available 
tap-devices
to find one that is unused (if not specified by name) and belongs a
group the user is member of.

Isn't that much more the "unix"-way, not requiring additional ACLs,
not requiring any additional tools being run, not requiring any
exploit-prone suid executables?

Regards,

Lutz Vieweg

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Marcelo Tosatti]

On Wed, Jan 04, 2012 at 09:02:06AM -0700, Eric Blake wrote:
> On 01/04/2012 07:08 AM, Marcelo Tosatti wrote:
> > Add support for streaming data from an intermediate section of the 
> > image chain (see patch and documentation for details).
> > 
> > Signed-off-by: Marcelo Tosatti 
> > 
> > Index: stefanha/block.c
> > ===
> > --- stefanha.orig/block.c
> > +++ stefanha/block.c
> > @@ -2229,6 +2229,70 @@ int bdrv_is_allocated(BlockDriverState *
> >  return data.ret;
> >  }
> >  
> > +/*
> > + * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
> > + *
> > + * Return true if the given sector is allocated in top or base.
> > + * Return false if the given sector is allocated in intermediate images.
> > + *
> > + * 'pnum' is set to the number of sectors (including and immediately 
> > following
> > + *  the specified sector) that are known to be in the same
> > + *  allocated/unallocated state.
> 
> Not a problem with this patch, per say, so much as a question about the
> next steps:
> 
> How hard would it be to go one step further, and provide a monitor
> command where qemu could dump the state of BASE, INTER1, or INTER2
> without removing it from the image chain?  Libvirt would really like to
> be able to have a command where the user can request to inspect to see
> the contents of (a portion of) the disk at the time the snapshot was
> created, all while qemu continues to run and the TOP file continues to
> be adding deltas to that portion of the disk.

What exactly do you mean "dump the state of"? You want access to
the contents of INTER2, INTER1, BASE, via libguestfs?

> For that matter, I'm still missing out on the ability to extract the
> contents of a qcow2 internal snapshot from an image that is in use by
> qemu - we have the ability to delete internal snapshots but not to probe
> their contents.

Same question (although i am not familiar with internal snapshots).

[Qemu-devel] [PATCH 2/3] qerror: restore alphabetical order over qerrors

[Stefan Hajnoczi]

Over time these must have gotten out of order.  Put everything back in
alphabetical order.

This is purely a clean up.  In practice nothing depends on the order.

Signed-off-by: Stefan Hajnoczi 
---
 qerror.c |   84 +++---
 qerror.h |   72 ++--
 2 files changed, 78 insertions(+), 78 deletions(-)

diff --git a/qerror.c b/qerror.c
index 62c0c707..2979b3e 100644
--- a/qerror.c
+++ b/qerror.c
@@ -44,6 +44,10 @@ static const QType qerror_type = {
  */
 static const QErrorStringTable qerror_table[] = {
 {
+.error_fmt = QERR_ADD_CLIENT_FAILED,
+.desc  = "Could not add client",
+},
+{
 .error_fmt = QERR_BAD_BUS_FOR_DEVICE,
 .desc  = "Device '%(device)' can't go on a %(bad_bus_type) bus",
 },
@@ -52,26 +56,30 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Block format '%(format)' used by device '%(name)' does 
not support feature '%(feature)'",
 },
 {
-.error_fmt = QERR_BUS_NOT_FOUND,
-.desc  = "Bus '%(bus)' not found",
-},
-{
 .error_fmt = QERR_BUS_NO_HOTPLUG,
 .desc  = "Bus '%(bus)' does not support hotplugging",
 },
 {
-.error_fmt = QERR_COMMAND_NOT_FOUND,
-.desc  = "The command %(name) has not been found",
+.error_fmt = QERR_BUS_NOT_FOUND,
+.desc  = "Bus '%(bus)' not found",
 },
 {
 .error_fmt = QERR_COMMAND_DISABLED,
 .desc  = "The command %(name) has been disabled for this instance",
 },
 {
+.error_fmt = QERR_COMMAND_NOT_FOUND,
+.desc  = "The command %(name) has not been found",
+},
+{
 .error_fmt = QERR_DEVICE_ENCRYPTED,
 .desc  = "Device '%(device)' is encrypted",
 },
 {
+.error_fmt = QERR_DEVICE_FEATURE_BLOCKS_MIGRATION,
+.desc  = "Migration is disabled when using feature '%(feature)' in 
device '%(device)'",
+},
+{
 .error_fmt = QERR_DEVICE_INIT_FAILED,
 .desc  = "Device '%(device)' could not be initialized",
 },
@@ -80,10 +88,6 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Device '%(device)' is in use",
 },
 {
-.error_fmt = QERR_DEVICE_FEATURE_BLOCKS_MIGRATION,
-.desc  = "Migration is disabled when using feature '%(feature)' in 
device '%(device)'",
-},
-{
 .error_fmt = QERR_DEVICE_LOCKED,
 .desc  = "Device '%(device)' is locked",
 },
@@ -92,6 +96,14 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Device '%(device)' has multiple child busses",
 },
 {
+.error_fmt = QERR_DEVICE_NO_BUS,
+.desc  = "Device '%(device)' has no child bus",
+},
+{
+.error_fmt = QERR_DEVICE_NO_HOTPLUG,
+.desc  = "Device '%(device)' does not support hotplugging",
+},
+{
 .error_fmt = QERR_DEVICE_NOT_ACTIVE,
 .desc  = "Device '%(device)' has not been activated",
 },
@@ -108,14 +120,6 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Device '%(device)' is not removable",
 },
 {
-.error_fmt = QERR_DEVICE_NO_BUS,
-.desc  = "Device '%(device)' has no child bus",
-},
-{
-.error_fmt = QERR_DEVICE_NO_HOTPLUG,
-.desc  = "Device '%(device)' does not support hotplugging",
-},
-{
 .error_fmt = QERR_DUPLICATE_ID,
 .desc  = "Duplicate ID '%(id)' for %(object)",
 },
@@ -140,6 +144,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Invalid parameter '%(name)'",
 },
 {
+.error_fmt = QERR_INVALID_PARAMETER_COMBINATION,
+.desc  = "Invalid parameter combination",
+},
+{
 .error_fmt = QERR_INVALID_PARAMETER_TYPE,
 .desc  = "Invalid parameter type, expected: %(expected)",
 },
@@ -156,15 +164,15 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "An IO error has occurred",
 },
 {
-.error_fmt = QERR_JSON_PARSING,
-.desc  = "Invalid JSON syntax",
-},
-{
 .error_fmt = QERR_JSON_PARSE_ERROR,
 .desc  = "JSON parse error, %(message)",
 
 },
 {
+.error_fmt = QERR_JSON_PARSING,
+.desc  = "Invalid JSON syntax",
+},
+{
 .error_fmt = QERR_KVM_MISSING_CAP,
 .desc  = "Using KVM without %(capability), %(feature) unavailable",
 },
@@ -210,6 +218,14 @@ static const QErrorStringTable qerror_table[] = {
  "value %(value) (minimum: %(min), maximum: %(max)'",
 },
 {
+.error_fmt = QERR_QGA_COMMAND_FAILED,
+.desc  = "Guest agent command failed, error was '%(message)'",
+},
+{
+.error_fmt = QERR_QGA_LOGGING_FAILED,
+.desc  = "Guest agen

[Qemu-devel] [PATCH 3/3] block: use proper qerrors in qmp_block_resize

[Stefan Hajnoczi]

Let's report specific errors so that management tools and users can
identify the problem.

Two new qerrors are needed:
 * QERR_DEVICE_HAS_NO_MEDIUM for ENOMEDIUM
 * QERR_DEVICE_IS_READ_ONLY for EACCES

Signed-off-by: Stefan Hajnoczi 
---
 blockdev.c |   26 ++
 qerror.c   |8 
 qerror.h   |6 ++
 3 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index c832782..8c2c8cc 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -841,11 +841,6 @@ int do_drive_del(Monitor *mon, const QDict *qdict, QObject 
**ret_data)
 return 0;
 }
 
-/*
- * XXX: replace the QERR_UNDEFINED_ERROR errors with real values once the
- * existing QERR_ macro mess is cleaned up.  A good example for better
- * error reports can be found in the qemu-img resize code.
- */
 void qmp_block_resize(const char *device, int64_t size, Error **errp)
 {
 BlockDriverState *bs;
@@ -857,12 +852,27 @@ void qmp_block_resize(const char *device, int64_t size, 
Error **errp)
 }
 
 if (size < 0) {
-error_set(errp, QERR_UNDEFINED_ERROR);
+error_set(errp, QERR_INVALID_PARAMETER_VALUE, "size", "a >0 size");
 return;
 }
 
-if (bdrv_truncate(bs, size)) {
+switch (bdrv_truncate(bs, size)) {
+case 0:
+break;
+case -ENOMEDIUM:
+error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
+break;
+case -ENOTSUP:
+error_set(errp, QERR_UNSUPPORTED);
+break;
+case -EACCES:
+error_set(errp, QERR_DEVICE_IS_READ_ONLY, device);
+break;
+case -EBUSY:
+error_set(errp, QERR_DEVICE_IN_USE, device);
+break;
+default:
 error_set(errp, QERR_UNDEFINED_ERROR);
-return;
+break;
 }
 }
diff --git a/qerror.c b/qerror.c
index 2979b3e..3d95383 100644
--- a/qerror.c
+++ b/qerror.c
@@ -80,6 +80,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Migration is disabled when using feature '%(feature)' in 
device '%(device)'",
 },
 {
+.error_fmt = QERR_DEVICE_HAS_NO_MEDIUM,
+.desc  = "Device '%(device)' has no medium",
+},
+{
 .error_fmt = QERR_DEVICE_INIT_FAILED,
 .desc  = "Device '%(device)' could not be initialized",
 },
@@ -88,6 +92,10 @@ static const QErrorStringTable qerror_table[] = {
 .desc  = "Device '%(device)' is in use",
 },
 {
+.error_fmt = QERR_DEVICE_IS_READ_ONLY,
+.desc  = "Device '%(device)' is read only",
+},
+{
 .error_fmt = QERR_DEVICE_LOCKED,
 .desc  = "Device '%(device)' is locked",
 },
diff --git a/qerror.h b/qerror.h
index c34674e..a693d49 100644
--- a/qerror.h
+++ b/qerror.h
@@ -81,12 +81,18 @@ QError *qobject_to_qerror(const QObject *obj);
 #define QERR_DEVICE_FEATURE_BLOCKS_MIGRATION \
 "{ 'class': 'DeviceFeatureBlocksMigration', 'data': { 'device': %s, 
'feature': %s } }"
 
+#define QERR_DEVICE_HAS_NO_MEDIUM \
+"{ 'class': 'DeviceHasNoMedium', 'data', { 'name': %s } }"
+
 #define QERR_DEVICE_INIT_FAILED \
 "{ 'class': 'DeviceInitFailed', 'data': { 'device': %s } }"
 
 #define QERR_DEVICE_IN_USE \
 "{ 'class': 'DeviceInUse', 'data': { 'device': %s } }"
 
+#define QERR_DEVICE_IS_READ_ONLY \
+"{ 'class': 'DeviceIsReadOnly', 'data': { 'device': %s } }"
+
 #define QERR_DEVICE_LOCKED \
 "{ 'class': 'DeviceLocked', 'data': { 'device': %s } }"
 
-- 
1.7.7.3

[Qemu-devel] [PATCH 1/3] qerror: add check-qerror.sh to verify alphabetical order

[Stefan Hajnoczi]

We're supposed to keep qerror definitions and table entries in
alphabetical order.  In practice this is not checked.

I haven't found a nice way to integrate this into the makefile yet but
we can at least have this script which verifies that qerrors are in
alphabetical order.

Signed-off-by: Stefan Hajnoczi 
---
 qerror.c|3 +--
 qerror.h|2 +-
 scripts/check-qerror.sh |   22 ++
 3 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100755 scripts/check-qerror.sh

diff --git a/qerror.c b/qerror.c
index 9a75d06..62c0c707 100644
--- a/qerror.c
+++ b/qerror.c
@@ -40,8 +40,7 @@ static const QType qerror_type = {
  * "running out of foo: %(foo)%%"
  *
  * Please keep the entries in alphabetical order.
- * Use "sed -n '/^static.*qerror_table\[\]/,/^};/s/QERR_/&/gp' qerror.c | sort 
-c"
- * to check.
+ * Use scripts/check-qerror.sh to check.
  */
 static const QErrorStringTable qerror_table[] = {
 {
diff --git a/qerror.h b/qerror.h
index efda232..36e0343 100644
--- a/qerror.h
+++ b/qerror.h
@@ -49,7 +49,7 @@ QError *qobject_to_qerror(const QObject *obj);
 /*
  * QError class list
  * Please keep the definitions in alphabetical order.
- * Use "grep '^#define QERR_' qerror.h | sort -c" to check.
+ * Use scripts/check-qerror.sh to check.
  */
 #define QERR_BAD_BUS_FOR_DEVICE \
 "{ 'class': 'BadBusForDevice', 'data': { 'device': %s, 'bad_bus_type': %s 
} }"
diff --git a/scripts/check-qerror.sh b/scripts/check-qerror.sh
new file mode 100755
index 000..af7fbd5
--- /dev/null
+++ b/scripts/check-qerror.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# This script verifies that qerror definitions and table entries are
+# alphabetically ordered.
+
+check_order() {
+  errmsg=$1
+  shift
+
+  # sort -C verifies order but does not print a message.  sort -c does print a
+  # message.  These options are both in POSIX.
+  if ! "$@" | sort -C; then
+echo "$errmsg"
+"$@" | sort -c
+exit 1
+  fi
+  return 0
+}
+
+check_order 'Definitions in qerror.h must be in alphabetical order:' \
+grep '^#define QERR_' qerror.h
+check_order 'Entries in qerror.c:qerror_table must be in alphabetical order:' \
+sed -n '/^static.*qerror_table\[\]/,/^};/s/QERR_/&/gp' qerror.c
-- 
1.7.7.3

[Qemu-devel] [PATCH 0/3] qerror: proper errors for qmp_block_resize()

[Stefan Hajnoczi]

The block resize command returns undefined errors if things go wrong.  This is
bad since users will have no chance to understand what failed.

Patch 3 makes qmp_block_resize() use meaningful errors.  We introduce new
qerrors for ENOMEDIUM and EACCES since nothing exists yet.

When doing this I noticed that qerror definitions and table entries are not in
alphabetical order as required by the comments in qerror.h and qerror.c.
That's not a surprise since there is no automated way to enforce this.  I'm not
sure whether this requirement is useful or not in the first place, but felt
guilty creating more mess.  So I've restored alphabetical order and added a
script to verify that the requirement is met in Patches 1 and 2.

Stefan Hajnoczi (3):
  qerror: add check-qerror.sh to verify alphabetical order
  qerror: restore alphabetical order over qerrors
  block: use proper qerrors in qmp_block_resize

 blockdev.c  |   26 +
 qerror.c|   91 +-
 qerror.h|   78 +--
 scripts/check-qerror.sh |   22 +++
 4 files changed, 131 insertions(+), 86 deletions(-)
 create mode 100755 scripts/check-qerror.sh

-- 
1.7.7.3

Re: [Qemu-devel] [PATCH] hw/vmmouse.c: Fix to disable vmmouse after reboot

[Gerhard Wiesinger]

Testscenario:
1.) Boot e.g. OS with VMMouse support (e.g. Windows)
2.) reboot
3.) Boot e.g. OS without VMMouse support (e.g. DOS) => PS/2 mouse doesn't 
work any more. Fixes that issue.


Reason is that VMMouse has priority and disables all other mouse 
entities and therefore must be disabled on reset.


Ciao,
Gerhard

--
http://www.wiesinger.com/


On Wed, 4 Jan 2012, Andreas Färber wrote:


Am 04.01.2012 17:54, schrieb Gerhard Wiesinger:

Bugfix after reboot when vmmouse was enabled and another OS which uses
e.g. PS/2
mouse.


Could you please be a bit more verbose on what symptoms that fixes?

Thanks,
Andreas



Signed-off-by: Gerhard Wiesinger 
---
 hw/vmmouse.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/hw/vmmouse.c b/hw/vmmouse.c
index 1113f33..f9f5b53 100644
--- a/hw/vmmouse.c
+++ b/hw/vmmouse.c
@@ -254,6 +254,8 @@ static void vmmouse_reset(DeviceState *d)

 s->status = 0x;
 s->queue_size = VMMOUSE_QUEUE_SIZE;
+
+vmmouse_disable(s);
 }

 static int vmmouse_initfn(ISADevice *dev)


--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH V2 5/5] vga-cirrus: Workaround during restore when using Xen.

[Avi Kivity]

On 01/04/2012 06:38 PM, Stefano Stabellini wrote:
>
> > I suggest doing the following:
> > 
> > 1. keep cirrus code unchanged
> > 2. when the framebuffer is first mapped into physical memory (as known
> > by your CPUPhysMemoryClient), copy it into a temporary buffer, map the
> > guest memory into memory_region_get_ram_ptr(), and copy the temporary
> > buffer into memory_region_get_ram_ptr()
> > 3. when the framebuffer is unmapped, do the reverse: copy the
> > framebuffer out, mmap() some anonymous memory into
> > memory_region_get_ram_ptr(), and copy the temporary buffer into
> > memory_region_get_ram_ptr()
>
> I cannot see how this is going to fix the save/restore issue we are
> trying to solve.
> The problem, unfortunately very complex, is that at restore time the
> videoram is already allocated at the physical address it was mapped
> before the save operation. If it was not mapped, it is at the end of the
> physical memory of the guest (where qemu_ram_alloc_from_ptr decides to
> allocate it).

Sorry, I don't follow, please be specific as to which type of address
you're referring to:

ram_addr?
physical address (as seen by guest - but if it is not mapped, what does
your last sentence mean?)
something else?

> So the issue is that the videoram appears to qemu as part of the
> physical memory of the guest at an unknown address.
>
> The proposal of introducing early_savevm would easily solve this last
> problem: letting us know where the videoram is. The other problem, the
> fact that under Xen the videoram would be already allocated while under
> native it would not, remains unsolved. 
> We cannot simply allocate the videoram twice because the operation
> would fail (Xen would realize that we are trying to allocate more memory
> than it we are supposed to, returning an error).
> However, once we know where the videoram is, we could probably figure out
> a smart (see hacky) way to avoid allocating it twice without changes to
> the cirrus code.

I'm missing some context.  Can you please explain in more detail?

Note that with the memory API changes, ram addresses are going away. 
There will not be a linear space for guest RAM.  We'll have
(MemoryRegion *, offset) pairs that will be mapped into discontiguous
guest physical address ranges (perhaps with overlaps).

-- 
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH v7 4/4] Add support for net bridge

[Corey Bryant]

The most common use of -net tap is to connect a tap device to a bridge.  This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.

This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root.  The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu.  The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.

By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users.  We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.

Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.

A typical invocation would be similar to one of the following:

  qemu linux.img -net bridge -net nic,model=virtio

  qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
 -net nic,model=virtio

  qemu linux.img -netdev bridge,id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

  qemu linux.img -netdev 
tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

The default bridge that we attach to is br0.  The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.

Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:

  qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio

  qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper 
--br=qemubr0"
 -net nic,model=virtio

  qemu linux.img -netdev bridge,br=qemubr0,id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

  qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper 
--br=qemubr0",id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

Signed-off-by: Anthony Liguori 
Signed-off-by: Richa Marwaha 
Signed-off-by: Corey Bryant 
---
 configure   |2 +
 net.c   |   25 +++-
 net.h   |3 +
 net/tap.c   |  204 ++-
 net/tap.h   |3 +
 qemu-options.hx |   73 
 6 files changed, 293 insertions(+), 17 deletions(-)

diff --git a/configure b/configure
index 3357fa6..bca27d0 100755
--- a/configure
+++ b/configure
@@ -2934,6 +2934,8 @@ echo "sysconfdir=$sysconfdir" >> $config_host_mak
 echo "docdir=$docdir" >> $config_host_mak
 echo "confdir=$confdir" >> $config_host_mak
 echo "libexecdir=\${prefix}/libexec" >> $config_host_mak
+echo "CONFIG_QEMU_SHAREDIR=\"$prefix$datasuffix\"" >> $config_host_mak
+echo "CONFIG_QEMU_HELPERDIR=\"$prefix/libexec\"" >> $config_host_mak
 
 case "$cpu" in
   
i386|x86_64|alpha|arm|cris|hppa|ia64|lm32|m68k|microblaze|mips|mips64|ppc|ppc64|s390|s390x|sparc|sparc64|unicore32)
diff --git a/net.c b/net.c
index f7bebf8..b42d405 100644
--- a/net.c
+++ b/net.c
@@ -952,6 +952,10 @@ static const struct {
 .type = QEMU_OPT_STRING,
 .help = "script to shut down the interface",
 }, {
+.name = "helper",
+.type = QEMU_OPT_STRING,
+.help = "command to execute to configure bridge",
+}, {
 .name = "sndbuf",
 .type = QEMU_OPT_SIZE,
 .help = "send buffer limit"
@@ -1049,6 +1053,23 @@ static const struct {
 { /* end of list */ }
 },
 },
+[NET_CLIENT_TYPE_BRIDGE] = {
+.type = "bridge",
+.init = net_init_bridge,
+.desc = {
+NET_COMMON_PARAMS_DESC,
+{
+.name = "br",
+.type = QEMU_OPT_STRING,
+.help = "bridge name",
+}, {
+.name = "helper",
+.type = QEMU_OPT_STRING,
+.help = "command to execute to configure bridge",
+},
+{ /* end of list */ }
+},
+},
 };
 
 int net_client_init(Monitor *mon, QemuOpts *opts, int is_netdev)
@@ -1071,7 +1092,8 @@ int net_client_init(Monitor *mon, QemuOpts *opts, int 
is_netdev)
 #ifdef CONFIG_VDE
 strcmp(type, "vde") != 0 &&
 #endif
-strcmp(type, "socket") != 0) {
+strcmp(type, "socket") != 0 &&
+strcmp(type, "bridge") != 0) {
 qerror_report(QERR_INVALID_PARAMETER_VALUE, "type",
   "a netdev backend type");
 return -1;
@@ -1141,6 +1163,7 @@ static int net_host_check_device(const char *device)
 #ifdef CONFIG_VDE
,"vde"
 #endif
+   

[Qemu-devel] [PATCH v7 1/4] Add basic version of bridge helper

[Corey Bryant]

This patch adds a helper that can be used to create a tap device attached to
a bridge device.  Since this helper is minimal in what it does, it can be
given CAP_NET_ADMIN which allows qemu to avoid running as root while still
satisfying the majority of what users tend to want to do with tap devices.

The way this all works is that qemu launches this helper passing a bridge
name and the name of an inherited file descriptor.  The descriptor is one
end of a socketpair() of domain sockets.  This domain socket is used to
transmit a file descriptor of the opened tap device from the helper to qemu.

The helper can then exit and let qemu use the tap device.

Signed-off-by: Anthony Liguori 
Signed-off-by: Richa Marwaha 
Signed-off-by: Corey Bryant 
---
 Makefile |   12 +++-
 configure|1 +
 qemu-bridge-helper.c |  221 ++
 3 files changed, 232 insertions(+), 2 deletions(-)
 create mode 100644 qemu-bridge-helper.c

diff --git a/Makefile b/Makefile
index 0838bc4..78824f9 100644
--- a/Makefile
+++ b/Makefile
@@ -36,6 +36,8 @@ $(call set-vpath, $(SRC_PATH):$(SRC_PATH)/hw)
 
 LIBS+=-lz $(LIBS_TOOLS)
 
+HELPERS-$(CONFIG_LINUX) = qemu-bridge-helper$(EXESUF)
+
 ifdef BUILD_DOCS
 DOCS=qemu-doc.html qemu-tech.html qemu.1 qemu-img.1 qemu-nbd.8 
QMP/qmp-commands.txt
 else
@@ -76,7 +78,7 @@ defconfig:
 
 -include config-all-devices.mak
 
-build-all: $(DOCS) $(TOOLS) $(CHECKS) recurse-all
+build-all: $(DOCS) $(TOOLS) $(CHECKS) $(HELPERS-y) recurse-all
 
 config-host.h: config-host.h-timestamp
 config-host.h-timestamp: config-host.mak
@@ -155,6 +157,8 @@ qemu-img$(EXESUF): qemu-img.o $(tools-obj-y) $(block-obj-y)
 qemu-nbd$(EXESUF): qemu-nbd.o $(tools-obj-y) $(block-obj-y)
 qemu-io$(EXESUF): qemu-io.o cmd.o $(tools-obj-y) $(block-obj-y)
 
+qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o
+
 qemu-img-cmds.h: $(SRC_PATH)/qemu-img-cmds.hx
$(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -h < $< > $@,"  GEN  
 $@")
 
@@ -227,7 +231,7 @@ clean:
 # avoid old build problems by removing potentially incorrect old files
rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
gen-op-arm.h
rm -f qemu-options.def
-   rm -f *.o *.d *.a *.lo $(TOOLS) $(CHECKS) qemu-ga TAGS cscope.* *.pod 
*~ */*~
+   rm -f *.o *.d *.a *.lo $(TOOLS) $(CHECKS) $(HELPERS-y) qemu-ga TAGS 
cscope.* *.pod *~ */*~
rm -Rf .libs
rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
qga/*.d
rm -f qemu-img-cmds.h
@@ -296,6 +300,10 @@ install: all $(if $(BUILD_DOCS),install-doc) 
install-sysconfig
 ifneq ($(TOOLS),)
$(INSTALL_PROG) $(STRIP_OPT) $(TOOLS) "$(DESTDIR)$(bindir)"
 endif
+ifneq ($(HELPERS-y),)
+   $(INSTALL_DIR) "$(DESTDIR)$(libexecdir)"
+   $(INSTALL_PROG) $(STRIP_OPT) $(HELPERS-y) "$(DESTDIR)$(libexecdir)"
+endif
 ifneq ($(BLOBS),)
$(INSTALL_DIR) "$(DESTDIR)$(datadir)"
set -e; for x in $(BLOBS); do \
diff --git a/configure b/configure
index 640e815..71774f4 100755
--- a/configure
+++ b/configure
@@ -2902,6 +2902,7 @@ echo "datadir=$datadir" >> $config_host_mak
 echo "sysconfdir=$sysconfdir" >> $config_host_mak
 echo "docdir=$docdir" >> $config_host_mak
 echo "confdir=$confdir" >> $config_host_mak
+echo "libexecdir=\${prefix}/libexec" >> $config_host_mak
 
 case "$cpu" in
   
i386|x86_64|alpha|arm|cris|hppa|ia64|lm32|m68k|microblaze|mips|mips64|ppc|ppc64|s390|s390x|sparc|sparc64|unicore32)
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
new file mode 100644
index 000..48c5e22
--- /dev/null
+++ b/qemu-bridge-helper.c
@@ -0,0 +1,221 @@
+/*
+ * QEMU Bridge Helper
+ *
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ * Anthony Liguori   
+ * Richa Marwaha 
+ * Corey Bryant  
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "config-host.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+
+#include "net/tap-linux.h"
+
+static void usage(void)
+{
+fprintf(stderr,
+"Usage: qemu-bridge-helper [--use-vnet] --br=bridge 
--fd=unixfd\n");
+}
+
+static bool has_vnet_hdr(int fd)
+{
+unsigned int features = 0;
+
+if (ioctl(fd, TUNGETFEATURES, &features) == -1) {
+return false;
+}
+
+if (!(features & IFF_VNET_HDR)) {
+return false;
+}
+
+return true;
+}
+
+static void prep_ifreq(struct ifreq *ifr, const char *ifname)
+{
+memset(ifr, 0, sizeof(*ifr));
+snprintf(ifr->ifr_name, IFNAMSIZ, "%s", ifname);
+}
+
+static int send_fd(int c, int fd)
+{
+char msgbuf[CMSG_SPACE(sizeof(fd))];
+struct msghdr msg = {
+.msg_control = msgbuf,
+.msg_controllen = sizeof(msgbuf),
+};
+struct cmsghd

[Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for qemu

[Corey Bryant]

With qemu it is possible to run a guest from an unprivileged user but if
we wanted to communicate with the outside world we had to switch
to root.

We address this problem by introducing a new network backend and a new
network option for -net tap.  This is less flexible when compared to
existing -net tap options because it relies on a helper with elevated
privileges to do the heavy lifting of allocating and attaching a tap
device to a bridge.  We use a special purpose helper because we don't
want to elevate the privileges of more generic tools like brctl.

Qemu can be run with the default network helper as follows (in these cases
attaching the tap device to the default br0 bridge):

  qemu linux.img -net bridge -net nic,model=virtio

  qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
 -net nic,model=virtio

  qemu linux.img -netdev bridge,id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

  qemu linux.img -netdev 
tap,"helper=/usr/local/libexec/qemu-bridge-helper",id=hn0
 -device virtio-net-pci,netdev=hn0,id=nic1

The default helper uses it's own ACL mechanism for access control, but
future network helpers could be developed, for example, to support PolicyKit
for access control.

More details are included in individual patches.  The helper is broken into
a series of patches to improve reviewabilty.

v2:
 - Updated signed-off-by's
 - Updated author's email
 - Set default bridge to br0
 - Added -net bridge
 - Updated ACL example
 - Moved from libcap to libcap-ng
 - Fail helper when libcap-ng not configured

v3:
 - Use simple queue to store ACLs
 - Added goto cleanup to helper's main
 - Allow helper execution if libcap-ng not configured
 - Completed static analysis and memory analysis on helper

v4:
 - Update has_vnet_hdr() to return bool
 - Update helper's main() to prevent errno clobbering
 - Let Kernel cleanup helper's file descriptors

v5:
 - Removed if statement with TUNGETIFF ioctl() from has_vnet_hdr()
 - Added -netdev examples and udpated qemu -help netdev documentation
 - Disallow vnet_hdr option with -net tap,helper

v6:
 - Fixed uninitialized variable (TAPState *s) in net_tap_init()

v7:
 - Added options --br= and --fd= to default network helper
 - Updated -netdev tap,helper= to accept a command
 - Removed br option from -netdev tap

Corey Bryant (4):
  Add basic version of bridge helper
  Add access control support to qemu bridge helper
  Add cap reduction support to enable use as SUID
  Add support for net bridge

 Makefile |   12 ++-
 configure|   37 +
 net.c|   25 +++-
 net.h|3 +
 net/tap.c|  204 -
 net/tap.h|3 +
 qemu-bridge-helper.c |  410 ++
 qemu-options.hx  |   73 --
 8 files changed, 748 insertions(+), 19 deletions(-)
 create mode 100644 qemu-bridge-helper.c

-- 
1.7.3.4

[Qemu-devel] [PATCH v7 3/4] Add cap reduction support to enable use as SUID

[Corey Bryant]

The ideal way to use qemu-bridge-helper is to give it an fscap of using:

 setcap cap_net_admin=ep qemu-bridge-helper

Unfortunately, most distros still do not have a mechanism to package files
with fscaps applied.  This means they'll have to SUID the qemu-bridge-helper
binary.

To improve security, use libcap to reduce our capability set to just
cap_net_admin, then reduce privileges down to the calling user.  This is
hopefully close to equivalent to fscap support from a security perspective.

Signed-off-by: Anthony Liguori 
Signed-off-by: Richa Marwaha 
Signed-off-by: Corey Bryant 
---
 configure|   34 ++
 qemu-bridge-helper.c |   36 
 2 files changed, 70 insertions(+), 0 deletions(-)

diff --git a/configure b/configure
index 71774f4..3357fa6 100755
--- a/configure
+++ b/configure
@@ -133,6 +133,7 @@ vnc_thread="no"
 xen=""
 xen_ctrl_version=""
 linux_aio=""
+cap=""
 attr=""
 libattr=""
 xfs=""
@@ -668,6 +669,10 @@ for opt do
   ;;
   --enable-tcg-interpreter) tcg_interpreter="yes"
   ;;
+  --disable-cap)  cap="no"
+  ;;
+  --enable-cap) cap="yes"
+  ;;
   --disable-spice) spice="no"
   ;;
   --enable-spice) spice="yes"
@@ -1051,6 +1056,8 @@ echo "  --disable-vdedisable support for vde 
network"
 echo "  --enable-vde enable support for vde network"
 echo "  --disable-linux-aio  disable Linux AIO support"
 echo "  --enable-linux-aio   enable Linux AIO support"
+echo "  --disable-capdisable libcap-ng support"
+echo "  --enable-cap enable libcap-ng support"
 echo "  --disable-attr   disables attr and xattr support"
 echo "  --enable-attrenable attr and xattr support"
 echo "  --disable-blobs  disable installing provided firmware blobs"
@@ -1735,6 +1742,29 @@ EOF
 fi
 
 ##
+# libcap-ng library probe
+if test "$cap" != "no" ; then
+  cap_libs="-lcap-ng"
+  cat > $TMPC << EOF
+#include 
+int main(void)
+{
+capng_capability_to_name(CAPNG_EFFECTIVE);
+return 0;
+}
+EOF
+  if compile_prog "" "$cap_libs" ; then
+cap=yes
+libs_tools="$cap_libs $libs_tools"
+  else
+if test "$cap" = "yes" ; then
+  feature_not_found "cap"
+fi
+cap=no
+  fi
+fi
+
+##
 # Sound support libraries probe
 
 audio_drv_probe()
@@ -2868,6 +2898,7 @@ echo "fdatasync $fdatasync"
 echo "madvise   $madvise"
 echo "posix_madvise $posix_madvise"
 echo "uuid support  $uuid"
+echo "libcap-ng support $cap"
 echo "vhost-net support $vhost_net"
 echo "Trace backend $trace_backend"
 echo "Trace output file $trace_file-"
@@ -2986,6 +3017,9 @@ fi
 if test "$vde" = "yes" ; then
   echo "CONFIG_VDE=y" >> $config_host_mak
 fi
+if test "$cap" = "yes" ; then
+  echo "CONFIG_LIBCAP=y" >> $config_host_mak
+fi
 for card in $audio_card_list; do
 def=CONFIG_`echo $card | tr '[:lower:]' '[:upper:]'`
 echo "$def=y" >> $config_host_mak
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index 01eeb38..aec5008 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -39,6 +39,10 @@
 
 #include "net/tap-linux.h"
 
+#ifdef CONFIG_LIBCAP
+#include 
+#endif
+
 #define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
 
 enum {
@@ -193,6 +197,27 @@ static int send_fd(int c, int fd)
 return sendmsg(c, &msg, 0);
 }
 
+#ifdef CONFIG_LIBCAP
+static int drop_privileges(void)
+{
+/* clear all capabilities */
+capng_clear(CAPNG_SELECT_BOTH);
+
+if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+ CAP_NET_ADMIN) < 0) {
+return -1;
+}
+
+/* change to calling user's real uid and gid, retaining supplemental
+ * groups and CAP_NET_ADMIN */
+if (capng_change_id(getuid(), getgid(), CAPNG_CLEAR_BOUNDING)) {
+return -1;
+}
+
+return 0;
+}
+#endif
+
 int main(int argc, char **argv)
 {
 struct ifreq ifr;
@@ -207,6 +232,17 @@ int main(int argc, char **argv)
 int access_allowed, access_denied;
 int ret = EXIT_SUCCESS;
 
+#ifdef CONFIG_LIBCAP
+/* if we're run from an suid binary, immediately drop privileges preserving
+ * cap_net_admin */
+if (geteuid() == 0 && getuid() != geteuid()) {
+if (drop_privileges() == -1) {
+fprintf(stderr, "failed to drop privileges\n");
+return 1;
+}
+}
+#endif
+
 /* parse arguments */
 for (index = 1; index < argc; index++) {
 if (strcmp(argv[index], "--use-vnet") == 0) {
-- 
1.7.3.4

[Qemu-devel] [PATCH v7 2/4] Add access control support to qemu bridge helper

[Corey Bryant]

We go to great lengths to restrict ourselves to just cap_net_admin as an OS
enforced security mechanism.  However, we further restrict what we allow users
to do to simply adding a tap device to a bridge interface by virtue of the fact
that this is the only functionality we expose.

This is not good enough though.  An administrator is likely to want to restrict
the bridges that an unprivileged user can access, in particular, to restrict
an unprivileged user from putting a guest on what should be isolated networks.

This patch implements an ACL mechanism that is enforced by qemu-bridge-helper.
The ACLs are fairly simple whitelist/blacklist mechanisms with a wildcard of
'all'.  All users are blacklisted by default, and deny takes precedence over
allow.

An interesting feature of this ACL mechanism is that you can include external
ACL files.  The main reason to support this is so that you can set different
file system permissions on those external ACL files.  This allows an
administrator to implement rather sophisticated ACL policies based on
user/group policies via the file system.

As an example:

/etc/qemu/bridge.conf root:qemu 0640

 allow br0
 include /etc/qemu/alice.conf
 include /etc/qemu/bob.conf
 include /etc/qemu/charlie.conf

/etc/qemu/alice.conf root:alice 0640
 allow br1

/etc/qemu/bob.conf root:bob 0640
 allow br2

/etc/qemu/charlie.conf root:charlie 0640
 deny all

This ACL pattern allows any user in the qemu group to get a tap device
connected to br0 (which is bridged to the physical network).

Users in the alice group can additionally get a tap device connected to br1.
This allows br1 to act as a private bridge for the alice group.

Users in the bob group can additionally get a tap device connected to br2.
This allows br2 to act as a private bridge for the bob group.

Users in the charlie group cannot get a tap device connected to any bridge.

Under no circumstance can the bob group get access to br1 or can the alice
group get access to br2.  And under no cicumstance can the charlie group
get access to any bridge.

Signed-off-by: Anthony Liguori 
Signed-off-by: Richa Marwaha 
Signed-off-by: Corey Bryant 
---
 qemu-bridge-helper.c |  153 ++
 1 files changed, 153 insertions(+), 0 deletions(-)

diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index 48c5e22..01eeb38 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -23,6 +23,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -34,14 +35,116 @@
 
 #include 
 
+#include "qemu-queue.h"
+
 #include "net/tap-linux.h"
 
+#define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR "/bridge.conf"
+
+enum {
+ACL_ALLOW = 0,
+ACL_ALLOW_ALL,
+ACL_DENY,
+ACL_DENY_ALL,
+};
+
+typedef struct ACLRule {
+int type;
+char iface[IFNAMSIZ];
+QSIMPLEQ_ENTRY(ACLRule) entry;
+} ACLRule;
+
+typedef QSIMPLEQ_HEAD(ACLList, ACLRule) ACLList;
+
 static void usage(void)
 {
 fprintf(stderr,
 "Usage: qemu-bridge-helper [--use-vnet] --br=bridge 
--fd=unixfd\n");
 }
 
+static int parse_acl_file(const char *filename, ACLList *acl_list)
+{
+FILE *f;
+char line[4096];
+ACLRule *acl_rule;
+
+f = fopen(filename, "r");
+if (f == NULL) {
+return -1;
+}
+
+while (fgets(line, sizeof(line), f) != NULL) {
+char *ptr = line;
+char *cmd, *arg, *argend;
+
+while (isspace(*ptr)) {
+ptr++;
+}
+
+/* skip comments and empty lines */
+if (*ptr == '#' || *ptr == 0) {
+continue;
+}
+
+cmd = ptr;
+arg = strchr(cmd, ' ');
+if (arg == NULL) {
+arg = strchr(cmd, '\t');
+}
+
+if (arg == NULL) {
+fprintf(stderr, "Invalid config line:\n  %s\n", line);
+fclose(f);
+errno = EINVAL;
+return -1;
+}
+
+*arg = 0;
+arg++;
+while (isspace(*arg)) {
+arg++;
+}
+
+argend = arg + strlen(arg);
+while (arg != argend && isspace(*(argend - 1))) {
+argend--;
+}
+*argend = 0;
+
+if (strcmp(cmd, "deny") == 0) {
+acl_rule = g_malloc(sizeof(*acl_rule));
+if (strcmp(arg, "all") == 0) {
+acl_rule->type = ACL_DENY_ALL;
+} else {
+acl_rule->type = ACL_DENY;
+snprintf(acl_rule->iface, IFNAMSIZ, "%s", arg);
+}
+QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
+} else if (strcmp(cmd, "allow") == 0) {
+acl_rule = g_malloc(sizeof(*acl_rule));
+if (strcmp(arg, "all") == 0) {
+acl_rule->type = ACL_ALLOW_ALL;
+} else {
+acl_rule->type = ACL_ALLOW;
+snprintf(acl_rule->iface, IFNAMSIZ, "%s", arg);
+}
+QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
+} else if (strcmp(cmd, "includ

Re: [Qemu-devel] [PATCH] hw/vmmouse.c: Fix to disable vmmouse after reboot

[Andreas Färber]

Am 04.01.2012 17:54, schrieb Gerhard Wiesinger:
> Bugfix after reboot when vmmouse was enabled and another OS which uses
> e.g. PS/2
> mouse.

Could you please be a bit more verbose on what symptoms that fixes?

Thanks,
Andreas

> 
> Signed-off-by: Gerhard Wiesinger 
> ---
>  hw/vmmouse.c |2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/hw/vmmouse.c b/hw/vmmouse.c
> index 1113f33..f9f5b53 100644
> --- a/hw/vmmouse.c
> +++ b/hw/vmmouse.c
> @@ -254,6 +254,8 @@ static void vmmouse_reset(DeviceState *d)
> 
>  s->status = 0x;
>  s->queue_size = VMMOUSE_QUEUE_SIZE;
> +
> +vmmouse_disable(s);
>  }
> 
>  static int vmmouse_initfn(ISADevice *dev)

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH] vexpress, realview: Add (dummy) L2 cache controller

[Peter Maydell]

Instantiate the L2 cache controller on the ARM devboards which have one,
since we have a dummy model of it now. Note that the only non-MP board
with an L2x0 is the PB1176, which we don't model.

Signed-off-by: Peter Maydell 
---
This is intended to be applied after the l2x0 implementation patch,
obviously.

 hw/realview.c |2 ++
 hw/vexpress.c |1 +
 2 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/hw/realview.c b/hw/realview.c
index 750a279..fe75b03 100644
--- a/hw/realview.c
+++ b/hw/realview.c
@@ -223,6 +223,8 @@ static void realview_init(ram_addr_t ram_size,
 for (n = 0; n < smp_cpus; n++) {
 sysbus_connect_irq(busdev, n, cpu_irq[n]);
 }
+sysbus_create_varargs("l2x0", realview_binfo.smp_priv_base + 0x2000,
+  NULL);
 } else {
 uint32_t gic_addr = is_pb ? 0x1e00 : 0x1004;
 /* For now just create the nIRQ GIC, and ignore the others.  */
diff --git a/hw/vexpress.c b/hw/vexpress.c
index 08c93d5..b8d69bb 100644
--- a/hw/vexpress.c
+++ b/hw/vexpress.c
@@ -176,6 +176,7 @@ static void vexpress_a9_init(ram_addr_t ram_size,
 /* 0x100ec000 TrustZone Address Space Controller */
 /* 0x1020 CoreSight debug APB */
 /* 0x1e00a000 PL310 L2 Cache Controller */
+sysbus_create_varargs("l2x0", 0x1e00a000, NULL);
 
 /* CS0: NOR0 flash  : 0x4000 .. 0x4400 */
 /* CS4: NOR1 flash  : 0x4400 .. 0x4800 */
-- 
1.7.1

Re: [Qemu-devel] [PATCH 11/11] configure: Improve Xen autodetection for hosts without Xen

[Stefano Stabellini]

On Sat, 17 Dec 2011, Stefan Weil wrote:
> With this patch, it only takes one test (instead of four)
> to detect that there is no Xen support at all.
> 
> For most build hosts, this will reduce the time configure needs.
> It will also reduce noisy output in config.log.
> 
> Build hosts with Xen now need up to five (instead of up to four)
> tests. They get improved diagnostics when Xen support fails.

good idea, thanks for the patch

[Qemu-devel] [PATCH] hw/vmmouse.c: Fix to disable vmmouse after reboot

[Gerhard Wiesinger]

Bugfix after reboot when vmmouse was enabled and another OS which uses e.g. PS/2
mouse.

Signed-off-by: Gerhard Wiesinger 
---
 hw/vmmouse.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/hw/vmmouse.c b/hw/vmmouse.c
index 1113f33..f9f5b53 100644
--- a/hw/vmmouse.c
+++ b/hw/vmmouse.c
@@ -254,6 +254,8 @@ static void vmmouse_reset(DeviceState *d)

 s->status = 0x;
 s->queue_size = VMMOUSE_QUEUE_SIZE;
+
+vmmouse_disable(s);
 }

 static int vmmouse_initfn(ISADevice *dev)
--
1.7.6.5

[Qemu-devel] [PATCH v6 1/1] arm: add dummy v7 cp15 registers

[Mark Langsdorf]

Add dummy register support for the cp15, CRn=c15 registers.
config_base_register and power_control_register currently
default to 0, but may have improved support after the QOM
CPU patches are finished.

Signed-off-by: Mark Langsdorf 
---
Changes from v5
Added handling for all c15 registers
Changes from v3, v4
None
Changes from v2
Added test against op2 
Changes from v1
renamed the register
added comments about how it will change when QOM CPUs are added

 target-arm/cpu.h|2 ++
 target-arm/helper.c |   30 ++
 2 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c4d742f..f8fb558 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -149,6 +149,8 @@ typedef struct CPUARMState {
 uint32_t c15_i_max; /* Maximum D-cache dirty line index.  */
 uint32_t c15_i_min; /* Minimum D-cache dirty line index.  */
 uint32_t c15_threadid; /* TI debugger thread-ID.  */
+uint32_t c15_config_base_address; /* SCU base address.  */
+uint32_t c15_power_control; /* power control */
 } cp15;
 
 struct {
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 65f4fbf..f39bcf3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2111,6 +2111,36 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
  * 0x200 << ($rn & 0xfff), when MMU is off.  */
 goto bad_reg;
 }
+if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+switch (crm) {
+case 0:
+if ((op1 == 4) && (op2 == 0)) {
+/* The config_base_address should hold the value of
+ * the peripheral base. ARM should get this from a CPU
+ * object property, but that support isn't available in
+ * December 2011. Default to 0 for now and board models
+ * that care can set it by a private hook */
+return env->cp15.c15_config_base_address;
+} else if ((op1 == 0) && (op2 == 0)) {
+/* power_control should be set to maximum latency. Again,
+   default to 0 and set by private hook */
+return env->cp15.c15_power_control;
+}
+break;
+case 1: /* NEON Busy */
+return 0;
+case 5: /* tlb lockdown */
+case 6:
+case 7:
+if ((op1 == 5) && (op2 == 2)) {
+return 0;
+}
+break;
+default:
+break;
+}
+goto bad_reg;
+}
 return 0;
 }
 bad_reg:
-- 
1.7.5.4

Re: [Qemu-devel] Mixed USB 1.1 and USB 2.0 on the same port

[Erik Rull]

erik.r...@rdsoftware.de wrote:

On 12/31/11 13:11, Erik Rull wrote:

Hi all,

how can I use a USB 1.1 device on the USB 2.0 bus? Currently the EHCI
implementation complains that the device is mismatches the USB version.


-readconfig docs/ich9-ehci-uhci.cfg

cheers,
   Gerd


Thanks for the hint.

It looks better now. But some things are still a bit strange.

Sequence:
device_add usb-host,bus=ehci.0,hostbus=2,hostport=1.4
Plug in a USB 2.0 printer
(gets detected by the guest, printing is possible, no bluescreen, it just
works)
Remove the USB 2.0 printer
Plug in a USB 1.1 dongle
Gets detected, etc., fine
Remove the USB 1.1 dongle
Plug in the USB 2.0 printer again
Guest complains now, that a USB 2.0 device was plugged into a USB 1.1 port
=>  printer is now 1.1 and does not work as if EHCI is missing now
=>  reboot guest, everything is fine again??

Any idea what could have happened here?
Same behavior when using a 2.0 USB key and the USB 1.1 dongle - also on
other ports - the transfer rate is horrible after having removed the USB
1.1 device and reconnected the 2.0 device.
Exchanging the two USB 2.0 devices on the same port without having the 1.1
device plugged in is fine!

Any hint what is wrong here would be great.

Best regards,

Erik



Additional Information:
This behavior is present on a Linux guest as well! After having removed the 
1.1 Dongle and plugged in the printer, the Linux guest detects the hardware 
via the UHCI kernel drivers and tells me to use a faster hub for max. 
performance.
It looks as if the speed downgrade by the 1.1 device cannot be reversed at 
runtime.


Best regards,

Erik

Re: [Qemu-devel] [PATCH v5 2/9] Add rle_encode and rle_decode functions Implement Run Length Encoding compression

[Paolo Bonzini]

On 01/04/2012 10:31 AM, Orit Wasserman wrote:

>  I don't think any of these need to be in arch_init.c.  It would be nicer to 
make a xbzrle.c file for this stuff.
>

I will fix it.



Or just move everything migration-related from arch_init.c to saveram.c.

Paolo

Re: [Qemu-devel] [PATCH 2/2] Expose tsc deadline timer cpuid to guest

[Jan Kiszka]

On 2011-12-28 19:55, Liu, Jinsong wrote:
>>From 3a78adf8006ec6189bfe2f55f7ae213e75bf3815 Mon Sep 17 00:00:00 2001
> From: Liu Jinsong 
> Date: Thu, 29 Dec 2011 05:28:12 +0800
> Subject: [PATCH 2/2] Expose tsc deadline timer cpuid to guest
> 
> Depend on several factors:
> 1. Considering live migration, user enable/disable tsc deadline timer;
> 2. If guest use kvm apic and kvm emulate tsc deadline timer, expose it;
> 3. If in the future qemu support tsc deadline timer emulation,
>and guest use qemu apic, add cpuid exposing case then.

This requires some logic change and then rewording:

- enable TSC deadline timer support by default if in-kernel irqchip is
  used
- disable it on user request via a cpu feature flag
- disable it for older machine types (see below) by default

TSC deadline timer emulation in user space is a different story to be
told once we have a patch for it.

> 
> Signed-off-by: Liu, Jinsong 
> ---
>  target-i386/cpu.h   |2 ++
>  target-i386/cpuid.c |7 ++-
>  target-i386/kvm.c   |   13 +
>  3 files changed, 21 insertions(+), 1 deletions(-)
> 
> diff --git a/target-i386/cpu.h b/target-i386/cpu.h
> index 177d8aa..f2d0ad5 100644
> --- a/target-i386/cpu.h
> +++ b/target-i386/cpu.h
> @@ -399,6 +399,7 @@
>  #define CPUID_EXT_X2APIC   (1 << 21)
>  #define CPUID_EXT_MOVBE(1 << 22)
>  #define CPUID_EXT_POPCNT   (1 << 23)
> +#define CPUID_EXT_TSC_DEADLINE_TIMER (1 << 24)
>  #define CPUID_EXT_XSAVE(1 << 26)
>  #define CPUID_EXT_OSXSAVE  (1 << 27)
>  #define CPUID_EXT_HYPERVISOR  (1 << 31)
> @@ -693,6 +694,7 @@ typedef struct CPUX86State {
>  
>  uint64_t tsc;
>  uint64_t tsc_deadline;
> +bool tsc_deadline_timer_enabled;
>  
>  uint64_t mcg_status;
>  uint64_t msr_ia32_misc_enable;
> diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
> index 0b3af90..fe749e0 100644
> --- a/target-i386/cpuid.c
> +++ b/target-i386/cpuid.c
> @@ -48,7 +48,7 @@ static const char *ext_feature_name[] = {
>  "fma", "cx16", "xtpr", "pdcm",
>  NULL, NULL, "dca", "sse4.1|sse4_1",
>  "sse4.2|sse4_2", "x2apic", "movbe", "popcnt",
> -NULL, "aes", "xsave", "osxsave",
> +"tsc_deadline", "aes", "xsave", "osxsave",
>  "avx", NULL, NULL, "hypervisor",
>  };
>  static const char *ext2_feature_name[] = {
> @@ -225,6 +225,7 @@ typedef struct x86_def_t {
>  int model;
>  int stepping;
>  int tsc_khz;
> +bool tsc_deadline_timer_enabled;
>  uint32_t features, ext_features, ext2_features, ext3_features;
>  uint32_t kvm_features, svm_features;
>  uint32_t xlevel;
> @@ -742,6 +743,9 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, 
> const char *cpu_model)
>  x86_cpu_def->ext3_features &= ~minus_ext3_features;
>  x86_cpu_def->kvm_features &= ~minus_kvm_features;
>  x86_cpu_def->svm_features &= ~minus_svm_features;
> +/* Defaultly user don't against tsc_deadline_timer */
> +x86_cpu_def->tsc_deadline_timer_enabled =
> +!(minus_ext_features & CPUID_EXT_TSC_DEADLINE_TIMER);
>  if (check_cpuid) {
>  if (check_features_against_host(x86_cpu_def) && enforce_cpuid)
>  goto error;
> @@ -885,6 +889,7 @@ int cpu_x86_register (CPUX86State *env, const char 
> *cpu_model)
>  env->cpuid_ext4_features = def->ext4_features;
>  env->cpuid_xlevel2 = def->xlevel2;
>  env->tsc_khz = def->tsc_khz;
> +env->tsc_deadline_timer_enabled = def->tsc_deadline_timer_enabled;
>  if (!kvm_enabled()) {
>  env->cpuid_features &= TCG_FEATURES;
>  env->cpuid_ext_features &= TCG_EXT_FEATURES;
> diff --git a/target-i386/kvm.c b/target-i386/kvm.c
> index d50de90..79baf0b 100644
> --- a/target-i386/kvm.c
> +++ b/target-i386/kvm.c
> @@ -370,6 +370,19 @@ int kvm_arch_init_vcpu(CPUState *env)
>  i = env->cpuid_ext_features & CPUID_EXT_HYPERVISOR;
>  env->cpuid_ext_features &= kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX);
>  env->cpuid_ext_features |= i;
> +/*
> + * 1. Considering live migration, user enable/disable tsc deadline timer;
> + * 2. If guest use kvm apic and kvm emulate tsc deadline timer, expose 
> it;
> + * 3. If in the future qemu support tsc deadline timer emulation,
> + *and guest use qemu apic, add cpuid exposing case then.
> + */

See above. Also, I don't think this comment applies very well to this
function.

> +env->cpuid_ext_features &= ~CPUID_EXT_TSC_DEADLINE_TIMER;

Can that feature possibly be set in cpuid_ext_features? I thought the
kernel now refrains from this.

> +if (env->tsc_deadline_timer_enabled) {
> +if (kvm_irqchip_in_kernel() &&
> +kvm_check_extension(s, KVM_CAP_TSC_DEADLINE_TIMER)) {
> +env->cpuid_ext_features |= CPUID_EXT_TSC_DEADLINE_TIMER;
> +}
> +}
>  
>  env->cpuid_ext2_features &= kvm_arch_get_supported_cpuid(s, 0x8001,
>   0, R_EDX);

Sorry, it remains bogus to expose the tsc deadline

Re: [Qemu-devel] [PATCH v5 3/7] arm: add dummy v7 cp15 config_base_register

[Peter Maydell]

On 4 January 2012 16:32, Mark Langsdorf  wrote:
> On 01/04/2012 08:32 AM, Peter Maydell wrote:
>> On 29 December 2011 16:19, Mark Langsdorf  wrote:
>>> Add a cp15 config_base_register that currently defaults to 0.
>>> After the QOM CPU support is added, the value will be properly
>>> set to the periphal base value.
>>>
>>> Signed-off-by: Mark Langsdorf 
>>> Reviewed-by: Peter Maydell 
>>
>> I need to revoke this Reviewed-by: because...
>>
>>> @@ -2111,6 +2111,20 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t 
>>> insn)
>>>              * 0x200 << ($rn & 0xfff), when MMU is off.  */
>>>             goto bad_reg;
>>>         }
>>> +        if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
>>> +            switch (crm) {
>>> +            case 0:
>>> +                /* The config_base_address should hold the value of
>>> +                 * the peripheral base. ARM should get this from a CPU
>>> +                 * object property, but that support isn't available in
>>> +                 * December 2011. Default to 0 for now and board models
>>> +                 * that care can set it by a private hook */
>>> +                if ((op1 == 4) && (op2 == 0)) {
>>> +                    return env->cp15.c15_config_base_address;
>>> +                }
>>> +            }
>>> +            goto bad_reg;
>>> +        }
>>>         return 0;
>>
>> this breaks booting on vexpress, which complains
>> qemu: fatal: Unimplemented cp15 register read (c15, c0, {0, 1})
>> because we're now barfing on all the other c15 registers which we
>> used to read as zero.
>
> Fair enough. Can I just resubmit this one patch or do you want
> the entire series?

Just resubmit this one as a single patch -- it has to go through my target-arm
tree rather than arm-devs anyway so if you resent the series I'd just have
to break it apart. (As you may have noticed I've put some of the other
patches into an arm-devs pullreq.)

-- PMM

Re: [Qemu-devel] [PATCH V2 5/5] vga-cirrus: Workaround during restore when using Xen.

[Stefano Stabellini]

On Sun, 18 Dec 2011, Avi Kivity wrote:
> On 12/12/2011 05:32 PM, Stefano Stabellini wrote:
> > > Really, I think this is something inherently incompatible with the
> > > current memory API. If Xen has this unfixable special "requirement"
> > > (it's rather a design issue IMHO), adjust the API and adapt all devices.
> > > Hot-fixing only a single one this way is no good idea long term.
> >
> > Fair enough.
> > What about introducing a type of savevm state that is going to be
> > restored before machine->init?
> > This way we could save and restore our physmap and we could handle
> > memory maps and allocations transparently.
> 
> There is no guarantee there is a physical mapping for the framebuffer. 
> A guest could unmap the framebuffer, and its display should still be
> valid.  It can even update it by using the cirrus bitblt functions.

That is not an issue, the current code supports this case.


> I suggest doing the following:
> 
> 1. keep cirrus code unchanged
> 2. when the framebuffer is first mapped into physical memory (as known
> by your CPUPhysMemoryClient), copy it into a temporary buffer, map the
> guest memory into memory_region_get_ram_ptr(), and copy the temporary
> buffer into memory_region_get_ram_ptr()
> 3. when the framebuffer is unmapped, do the reverse: copy the
> framebuffer out, mmap() some anonymous memory into
> memory_region_get_ram_ptr(), and copy the temporary buffer into
> memory_region_get_ram_ptr()

I cannot see how this is going to fix the save/restore issue we are
trying to solve.
The problem, unfortunately very complex, is that at restore time the
videoram is already allocated at the physical address it was mapped
before the save operation. If it was not mapped, it is at the end of the
physical memory of the guest (where qemu_ram_alloc_from_ptr decides to
allocate it).

So the issue is that the videoram appears to qemu as part of the
physical memory of the guest at an unknown address.

The proposal of introducing early_savevm would easily solve this last
problem: letting us know where the videoram is. The other problem, the
fact that under Xen the videoram would be already allocated while under
native it would not, remains unsolved. 
We cannot simply allocate the videoram twice because the operation
would fail (Xen would realize that we are trying to allocate more memory
than it we are supposed to, returning an error).
However, once we know where the videoram is, we could probably figure out
a smart (see hacky) way to avoid allocating it twice without changes to
the cirrus code.



> We can later add optimizations to avoid the copy, but correctness before
> performance.  I think currently a guest moving its cirrus BAR will
> break, no?

Nope, a guest moving the cirrus BAR should work correctly even now.

Re: [Qemu-devel] [PATCH v5 3/7] arm: add dummy v7 cp15 config_base_register

[Mark Langsdorf]

On 01/04/2012 08:32 AM, Peter Maydell wrote:
> On 29 December 2011 16:19, Mark Langsdorf  wrote:
>> Add a cp15 config_base_register that currently defaults to 0.
>> After the QOM CPU support is added, the value will be properly
>> set to the periphal base value.
>>
>> Signed-off-by: Mark Langsdorf 
>> Reviewed-by: Peter Maydell 
> 
> I need to revoke this Reviewed-by: because...
> 
>> @@ -2111,6 +2111,20 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t 
>> insn)
>>  * 0x200 << ($rn & 0xfff), when MMU is off.  */
>> goto bad_reg;
>> }
>> +if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
>> +switch (crm) {
>> +case 0:
>> +/* The config_base_address should hold the value of
>> + * the peripheral base. ARM should get this from a CPU
>> + * object property, but that support isn't available in
>> + * December 2011. Default to 0 for now and board models
>> + * that care can set it by a private hook */
>> +if ((op1 == 4) && (op2 == 0)) {
>> +return env->cp15.c15_config_base_address;
>> +}
>> +}
>> +goto bad_reg;
>> +}
>> return 0;
> 
> this breaks booting on vexpress, which complains
> qemu: fatal: Unimplemented cp15 register read (c15, c0, {0, 1})
> because we're now barfing on all the other c15 registers which we
> used to read as zero.

Fair enough. Can I just resubmit this one patch or do you want
the entire series?

--Mark Langsdorf
Calxeda, Inc.

[Qemu-devel] [PULL] VirtFS Proxy FS driver changes

[Aneesh Kumar K.V]

The following changes since commit f3c6a169a39d188e98c17a0a0ebfa7f85e5aafdd:

  Merge remote-tracking branch 'qemu-kvm/memory/page_desc' into staging 
(2012-01-03 14:39:05 -0600)

are available in the git repository at:


  git://github.com/kvaneesh/QEMU.git for-upstream

Also available at signed tag  virtfs-proxy-support


for you to fetch changes up to 84a87cc4cc77f9e6829e20726f00646afe12deed:

  hw/9pfs: Add support to use named socket for proxy FS (2012-01-04 21:23:55 
+0530)


Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid).  There are two
issues in pass-through security model

1) TOCTTOU vulnerability: Following symbolic links in the server could
provide access to files beyond 9p export path.

2) Running QEMU with root privilege could be a security issue.

To overcome above issues, following approach is used: A new filesytem
type 'proxy' is introduced. Proxy FS uses chroot + socket combination
for securing the vulnerability known with following symbolic links.
Intention of adding a new filesystem type is to allow qemu to run
in non-root mode, but doing privileged operations using socket IO.

Proxy helper(a stand alone binary part of qemu) is invoked with
root privileges. Proxy helper chroots into 9p export path and creates
a socket pair or a named socket based on the command line parameter.
Qemu and proxy helper communicate using this socket. QEMU proxy fs
driver sends filesystem request to proxy helper and receives the
response from it.

Proxy helper is designed so that it can drop the root privilege but
retaining capbilities that are needed for doing filesystem operations
(like CAP_DAC_OVERRIDE, CAP_FOWNER etc)


Aneesh Kumar K.V (1):
  hw/9pfs: Move opt validation to FsDriver callback

M. Mohan Kumar (13):
  hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file
  hw/9pfs: Add validation to {un}marshal code
  hw/9pfs: Add new proxy filesystem driver
  hw/9pfs: File system helper process for qemu 9p proxy FS
  hw/9pfs: Open and create files
  hw/9pfs: Create other filesystem objects
  hw/9pfs: Add stat/readlink/statfs for proxy FS
  hw/9pfs: File ownership and others
  hw/9pfs: xattr interfaces in proxy filesystem driver
  hw/9pfs: Proxy getversion
  hw/9pfs: Documentation changes related to proxy fs
  hw/9pfs: man page for proxy helper
  hw/9pfs: Add support to use named socket for proxy FS

 Makefile   |   15 +-
 Makefile.objs  |3 +-
 configure  |   19 +
 fsdev/file-op-9p.h |   17 +-
 fsdev/qemu-fsdev.c |   45 +--
 fsdev/qemu-fsdev.h |   11 +-
 fsdev/virtfs-proxy-helper.c| 1120 +
 fsdev/virtfs-proxy-helper.texi |   63 +++
 fsdev/virtio-9p-marshal.c  |  323 +++
 fsdev/virtio-9p-marshal.h  |   90 +++
 hw/9pfs/virtio-9p-device.c |   13 +-
 hw/9pfs/virtio-9p-handle.c |   20 +
 hw/9pfs/virtio-9p-local.c  |   34 ++
 hw/9pfs/virtio-9p-proxy.c  | 1210 
 hw/9pfs/virtio-9p-proxy.h  |   95 
 hw/9pfs/virtio-9p.c|  704 +++
 hw/9pfs/virtio-9p.h|   83 +---
 qemu-config.c  |   13 +
 qemu-options.hx|   32 +-
 vl.c   |   18 +-
 20 files changed, 3414 insertions(+), 514 deletions(-)
 create mode 100644 fsdev/virtfs-proxy-helper.c
 create mode 100644 fsdev/virtfs-proxy-helper.texi
 create mode 100644 fsdev/virtio-9p-marshal.c
 create mode 100644 fsdev/virtio-9p-marshal.h
 create mode 100644 hw/9pfs/virtio-9p-proxy.c
 create mode 100644 hw/9pfs/virtio-9p-proxy.h

[Qemu-devel] [Bug 902306] Re: qemu-user -static variants require shared libraries

[Peter Maydell]

> This seems to cause adduser, addgroup, etc. to fail in cross-architecture 
> chroots that use statically built qemu-user
> binaries to emulate the foreign architecture.

I just tried adduser in a chroot, and it worked OK. This is what I'd
expect, because the glib function g_get_any_init_do is only called if we
call any of the glib functions which want to know the user's
username/fullname/home directory, and in fact we don't use those
functions. So we don't end up calling the forbidden libc routines and
the only issue is the ugly linker warnings.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/902306

Title:
  qemu-user -static variants require shared libraries

Status in QEMU:
  New
Status in “qemu” package in Debian:
  New

Bug description:
  somehwere in the qemu 1.0 series, the qemu-user static  variants
  started issuing build warnings like so:


/usr/lib/gcc/i486-linux-gnu/4.6/../../../i386-linux-gnu/libglib-2.0.a(gutils.o):
 In function `g_get_any_init_do':
(.text+0xe37): warning: Using 'getpwuid' in statically linked applications 
requires at runtime the shared libraries from the gli
bc version used for linking

/usr/lib/gcc/i486-linux-gnu/4.6/../../../i386-linux-gnu/libglib-2.0.a(gutils.o):
 In function `g_get_any_init_do':
(.text+0xe2a): warning: Using 'setpwent' in statically linked applications 
requires at runtime the shared libraries from the gli
bc version used for linking

/usr/lib/gcc/i486-linux-gnu/4.6/../../../i386-linux-gnu/libglib-2.0.a(gutils.o):
 In function `g_get_any_init_do':
(.text+0xe40): warning: Using 'endpwent' in statically linked applications 
requires at runtime the shared libraries from the gli
bc version used for linking

/usr/lib/gcc/i486-linux-gnu/4.6/../../../i386-linux-gnu/libglib-2.0.a(gutils.o):
 In function `g_get_any_init_do':
(.text+0xb7a): warning: Using 'getpwnam_r' in statically linked 
applications requires at runtime the shared libraries from the g
libc version used for linking

/usr/lib/gcc/i486-linux-gnu/4.6/../../../i386-linux-gnu/libglib-2.0.a(gutils.o):
 In function `g_get_any_init_do':
(.text+0xbbb): warning: Using 'getpwuid_r' in statically linked 
applications requires at runtime the shared libraries from the g
libc version used for linking

  for a full log, see:

  
https://buildd.debian.org/status/fetch.php?pkg=qemu&arch=amd64&ver=1.0~rc4%2Bdfsg-1&stamp=1322591568

  i've also tested with qemu/master from today (commit
  217bfb445b54db618a30f3a39170bebd9fd9dbf2), and it has the same issue.

  This seems to cause adduser, addgroup, etc. to fail in cross-
  architecture chroots that use statically built qemu-user binaries to
  emulate the foreign architecture.

  Older versions (0.12-0.15, at least) didn't seem to have this issue.

  live well,
vagrant

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/902306/+subscriptions

Re: [Qemu-devel] [PATCH v5 0/9] XBZRLE delta for live migration of large memory apps

[Orit Wasserman]

On 01/04/2012 03:02 PM, Avi Kivity wrote:
> On 01/03/2012 05:34 PM, Orit Wasserman wrote:
>> Signed-off-by: Benoit Hudzia 
>> Signed-off-by: Petter Svard 
>> Signed-off-by: Aidan Shribman 
>>
> 
> Looks like the original authorship (From: ) and signoffs were lost in
> the actual patches.
> 
I will fix it in next patch.

Re: [Qemu-devel] [patch 3/4] block stream: add support for partial streaming

[Eric Blake]

On 01/04/2012 07:08 AM, Marcelo Tosatti wrote:
> Add support for streaming data from an intermediate section of the 
> image chain (see patch and documentation for details).
> 
> Signed-off-by: Marcelo Tosatti 
> 
> Index: stefanha/block.c
> ===
> --- stefanha.orig/block.c
> +++ stefanha/block.c
> @@ -2229,6 +2229,70 @@ int bdrv_is_allocated(BlockDriverState *
>  return data.ret;
>  }
>  
> +/*
> + * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
> + *
> + * Return true if the given sector is allocated in top or base.
> + * Return false if the given sector is allocated in intermediate images.
> + *
> + * 'pnum' is set to the number of sectors (including and immediately 
> following
> + *  the specified sector) that are known to be in the same
> + *  allocated/unallocated state.

Not a problem with this patch, per say, so much as a question about the
next steps:

How hard would it be to go one step further, and provide a monitor
command where qemu could dump the state of BASE, INTER1, or INTER2
without removing it from the image chain?  Libvirt would really like to
be able to have a command where the user can request to inspect to see
the contents of (a portion of) the disk at the time the snapshot was
created, all while qemu continues to run and the TOP file continues to
be adding deltas to that portion of the disk.

For that matter, I'm still missing out on the ability to extract the
contents of a qcow2 internal snapshot from an image that is in use by
qemu - we have the ability to delete internal snapshots but not to probe
their contents.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] coroutine bug?, was Re: [PATCH] sheepdog: use coroutines

[Christoph Hellwig]

On Tue, Jan 03, 2012 at 08:16:55AM +, Stefan Hajnoczi wrote:
> On Mon, Jan 02, 2012 at 04:39:59PM +0100, Christoph Hellwig wrote:
> > I've tried to understand how the recursive calling happens, but 
> > unfortunately
> > the whole coroutine code lacks any sort of documentation how it should
> > behave or what it asserts about the callers.
> 
> There is documentation on the public coroutine functions, see
> qemu-coroutine.h.

Ok, I was looking in the source files and the documentation directory only
as that is where I expected the documentation to sit.

Btw, what is the plan forward for the block I/O interface?  Only
qcow2, sheepdog and nbd implement the coroutine interfaces, and none of the
hardware emulations calls them directly.  Also at least for interfaces
like the librbd callbacks coroutines don't even seem to be that useful.

[Qemu-devel] [Bug 870990] Re: compile failure on ARMv7 hosts when compiled for thumb if --enable-debug

[Peter Maydell]

** Changed in: qemu-linaro
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/870990

Title:
  compile failure on ARMv7 hosts when compiled for thumb if --enable-
  debug

Status in QEMU:
  New
Status in Linaro QEMU:
  Fix Committed

Bug description:
  QEMU won't compile if you configure --enable-debug and gcc is building
  in Thumb2.

  This is because we have picked r7 as the TCG_AREG0 (fixed register for
  holding the CPU environment pointer), which clashes with its use as
  the frame pointer in Thumb. (ARM compilation is fine because the frame
  pointer is a different register there.)

  We could fix this by forcing -fomit-frame-pointer when compiling the
  relevant source files (which is what we do on x86 where register
  pressure forces us to use EBP for AREG0) but it would be much better
  to just move AREG0 to something else. We can use r6 if we want to
  stick with a low-reg, or move up to r8 if we think a high-reg likely
  to be a better choice.

  TODO:
   * compile with both r6 and r8, and do a trivial benchmarking run
   * submit patch (before the upstream 1.0 freeze!)

  NB: AREG0 is set in two places that need to stay in sync: dyngen-
  exec.h and tcg/arm/tcg-target.h

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/870990/+subscriptions

Re: [Qemu-devel] [PATCH master/stable-1.0] pci: fix corrupted pci conf index register by unaligned write

[Alexander Graf]

On 04.01.2012, at 15:47, Michael S. Tsirkin wrote:

> On Wed, Jan 04, 2012 at 04:28:42PM +0200, Avi Kivity wrote:
>> Commit d0ed8076cbdc261 converted the PCI config access to the memory
>> API, but also inadvertantly changed it to accept unaligned writes,
>> and corrupt the index register in the process.  This causes a regression
>> booting NetBSD.
>> 
>> Fix by ignoring unaligned or non-dword writes.
>> 
>> https://bugs.launchpad.net/qemu/+bug/897771
>> 
>> Reported-by: Andreas Gustafsson 
>> Signed-off-by: Avi Kivity 
> 
> Acked-by: Michael S. Tsirkin 

CC'ing qemu-stable.


Alex

> 
>> ---
>> 
>> hw/pci_host.c |3 +++
>> 1 files changed, 3 insertions(+), 0 deletions(-)
>> 
>> diff --git a/hw/pci_host.c b/hw/pci_host.c
>> index 44c6c20..8041778 100644
>> --- a/hw/pci_host.c
>> +++ b/hw/pci_host.c
>> @@ -101,6 +101,9 @@ static void pci_host_config_write(void *opaque, 
>> target_phys_addr_t addr,
>> 
>> PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx64"\n",
>> __func__, addr, len, val);
>> +if (addr != 0 || len != 4) {
>> +return;
>> +}
>> s->config_reg = val;
>> }
>> 
>> -- 
>> 1.7.7.1
> 

[Qemu-devel] [Bug 883133] Re: qemu on ARM hosts asserts due to code buffer/libc heap conflict

[Peter Maydell]

** Changed in: qemu-linaro
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/883133

Title:
  qemu on ARM hosts asserts due to code buffer/libc heap conflict

Status in QEMU:
  Fix Committed
Status in Linaro QEMU:
  Fix Committed

Bug description:
  On ARM hosts qemu (about half the time) asserts on startup:

  qemu-system-i386: malloc.c:3096: sYSMALLOc: Assertion `(old_top == 
(((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) -
  __builtin_offsetof (struct malloc_chunk, fd && old_size == 0) || 
((unsigned long) (old_size) >= (unsigned long)__builtin_offsetof (struct 
malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * 
(sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end 
& pagemask) == 0)' failed.

  This turns out to be because code_gen_alloc() is using mmap(MAP_FIXED)
  to map the code buffer at address 0x0100UL, which is in the area
  glibc happens to be using for its heap. This tends to make the next
  malloc() abort, although occasionally the stars align and we pass that
  and fail weirdly later on.

  I suspect we need to drop the MAP_FIXED requirement and fix the TCG code to 
cope with emitting code for longer-range
  branches for calls to host fns etc (calls/branches within the generated code 
should be ok to keep using the short-range
  branch insn I think). There is already no guarantee that the generated code 
and the host C code are within short
  branch range of each other...

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/883133/+subscriptions

[Qemu-devel] [PATCH 03/12] hw/omap1.c: omap_mpuio_init() need not be public

[Peter Maydell]

omap_mpuio_init() is only used and defined in omap1.c, so make it static.

Signed-off-by: Peter Maydell 
---
 hw/omap.h  |4 
 hw/omap1.c |2 +-
 2 files changed, 1 insertions(+), 5 deletions(-)

diff --git a/hw/omap.h b/hw/omap.h
index 42eb361..5fe33db 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -672,10 +672,6 @@ void omap_uart_reset(struct omap_uart_s *s);
 void omap_uart_attach(struct omap_uart_s *s, CharDriverState *chr);
 
 struct omap_mpuio_s;
-struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *system_memory,
-target_phys_addr_t base,
-qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
-omap_clk clk);
 qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s);
 void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler);
 void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down);
diff --git a/hw/omap1.c b/hw/omap1.c
index 53cde76..dddac92 100644
--- a/hw/omap1.c
+++ b/hw/omap1.c
@@ -2066,7 +2066,7 @@ static void omap_mpuio_onoff(void *opaque, int line, int 
on)
 omap_mpuio_kbd_update(s);
 }
 
-struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
+static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory,
 target_phys_addr_t base,
 qemu_irq kbd_int, qemu_irq gpio_int, qemu_irq wakeup,
 omap_clk clk)
-- 
1.7.1

[Qemu-devel] [PULL 00/12] arm-devs queue

[Peter Maydell]

This is a pullreq for accumulated arm-devs patches; please pull.

NB: over the Christmas break my usual workflow got a bit disrupted so
I might have missed some patches; if there's anything that you were
expecting to be in here but isn't, please ping, resubmit the patch, etc.

-- PMM


The following changes since commit f3c6a169a39d188e98c17a0a0ebfa7f85e5aafdd:

  Merge remote-tracking branch 'qemu-kvm/memory/page_desc' into staging 
(2012-01-03 14:39:05 -0600)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git arm-devs.for-upstream

Juha Riihimäki (3):
  hw/omap1.c: Separate PWL from omap_mpu_state
  hw/omap1.c: Separate PWT from omap_mpu_state
  hw/omap1.c: Separate dpll_ctl from omap_mpu_state

Mark Langsdorf (1):
  arm: Set frequencies for arm_timer

Peter Maydell (5):
  hw/pl181.c: Add save/load support
  hw/pl110.c: Add post-load hook to invalidate display
  hw/omap1.c: omap_mpuio_init() need not be public
  hw/omap1.c: Drop unused includes
  hw/omap_gpmc: Fix region map/unmap when configuring prefetch engine

Rob Herring (3):
  arm: add missing scu registers
  arm: add dummy gic security registers
  add L2x0/PL310 cache controller device

 Makefile.target |1 +
 hw/a9mpcore.c   |   36 ++-
 hw/arm_gic.c|6 ++
 hw/arm_l2x0.c   |  181 +++
 hw/arm_timer.c  |   24 ++--
 hw/omap.h   |   28 +
 hw/omap1.c  |  151 +++---
 hw/omap_gpmc.c  |   30 +++---
 hw/pl110.c  |   11 
 hw/pl181.c  |   49 ---
 10 files changed, 404 insertions(+), 113 deletions(-)
 create mode 100644 hw/arm_l2x0.c

[Qemu-devel] [PATCH 10/12] arm: Set frequencies for arm_timer

[Peter Maydell]

From: Mark Langsdorf 

Use qdev properties to allow board modelers to set the frequencies
for the sp804 timer. Each of the sp804's timers can have an
individual frequency. The timers default to 1MHz.

Signed-off-by: Mark Langsdorf 
Reviewed-by: Andreas Färber 
Signed-off-by: Peter Maydell 
---
 hw/arm_timer.c |   24 +++-
 1 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/hw/arm_timer.c b/hw/arm_timer.c
index 0a5b9d2..60e1c63 100644
--- a/hw/arm_timer.c
+++ b/hw/arm_timer.c
@@ -9,6 +9,8 @@
 
 #include "sysbus.h"
 #include "qemu-timer.h"
+#include "qemu-common.h"
+#include "qdev.h"
 
 /* Common timer implementation.  */
 
@@ -178,6 +180,7 @@ typedef struct {
 SysBusDevice busdev;
 MemoryRegion iomem;
 arm_timer_state *timer[2];
+uint32_t freq0, freq1;
 int level[2];
 qemu_irq irq;
 } sp804_state;
@@ -269,10 +272,11 @@ static int sp804_init(SysBusDevice *dev)
 
 qi = qemu_allocate_irqs(sp804_set_irq, s, 2);
 sysbus_init_irq(dev, &s->irq);
-/* ??? The timers are actually configurable between 32kHz and 1MHz, but
-   we don't implement that.  */
-s->timer[0] = arm_timer_init(100);
-s->timer[1] = arm_timer_init(100);
+/* The timers are configurable between 32kHz and 1MHz
+ * defaulting to 1MHz but overrideable as individual properties */
+s->timer[0] = arm_timer_init(s->freq0);
+s->timer[1] = arm_timer_init(s->freq1);
+
 s->timer[0]->irq = qi[0];
 s->timer[1]->irq = qi[1];
 memory_region_init_io(&s->iomem, &sp804_ops, s, "sp804", 0x1000);
@@ -281,6 +285,16 @@ static int sp804_init(SysBusDevice *dev)
 return 0;
 }
 
+static SysBusDeviceInfo sp804_info = {
+.init = sp804_init,
+.qdev.name = "sp804",
+.qdev.size = sizeof(sp804_state),
+.qdev.props = (Property[]) {
+DEFINE_PROP_UINT32("freq0", sp804_state, freq0, 100),
+DEFINE_PROP_UINT32("freq1", sp804_state, freq1, 100),
+DEFINE_PROP_END_OF_LIST(),
+}
+};
 
 /* Integrator/CP timer module.  */
 
@@ -349,7 +363,7 @@ static int icp_pit_init(SysBusDevice *dev)
 static void arm_timer_register_devices(void)
 {
 sysbus_register_dev("integrator_pit", sizeof(icp_pit_state), icp_pit_init);
-sysbus_register_dev("sp804", sizeof(sp804_state), sp804_init);
+sysbus_register_withprop(&sp804_info);
 }
 
 device_init(arm_timer_register_devices)
-- 
1.7.1

[Qemu-devel] [PATCH 07/12] hw/omap1.c: Drop unused includes

[Peter Maydell]

Drop includes of qemu-timer.h, qemu-char.h and pc.h as they are no
longer needed.

Signed-off-by: Peter Maydell 
---
 hw/omap1.c |4 
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/hw/omap1.c b/hw/omap1.c
index 6ab9192..976ef71 100644
--- a/hw/omap1.c
+++ b/hw/omap1.c
@@ -20,11 +20,7 @@
 #include "arm-misc.h"
 #include "omap.h"
 #include "sysemu.h"
-#include "qemu-timer.h"
-#include "qemu-char.h"
 #include "soc_dma.h"
-/* We use pc-style serial ports.  */
-#include "pc.h"
 #include "blockdev.h"
 #include "range.h"
 #include "sysbus.h"
-- 
1.7.1

[Qemu-devel] [PATCH 04/12] hw/omap1.c: Separate PWL from omap_mpu_state

[Peter Maydell]

From: Juha Riihimäki 

Signed-off-by: Juha Riihimäki 
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio 
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell 
---
 hw/omap.h  |8 +---
 hw/omap1.c |   60 
 2 files changed, 37 insertions(+), 31 deletions(-)

diff --git a/hw/omap.h b/hw/omap.h
index 5fe33db..851ad46 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -829,7 +829,6 @@ struct omap_mpu_state_s {
 MemoryRegion tcmi_iomem;
 MemoryRegion clkm_iomem;
 MemoryRegion clkdsp_iomem;
-MemoryRegion pwl_iomem;
 MemoryRegion pwt_iomem;
 MemoryRegion mpui_io_iomem;
 MemoryRegion tap_iomem;
@@ -867,12 +866,7 @@ struct omap_mpu_state_s {
 
 struct omap_uwire_s *microwire;
 
-struct {
-uint8_t output;
-uint8_t level;
-uint8_t enable;
-int clk;
-} pwl;
+struct omap_pwl_s *pwl;
 
 struct {
 uint8_t frc;
diff --git a/hw/omap1.c b/hw/omap1.c
index dddac92..ccc6ecf 100644
--- a/hw/omap1.c
+++ b/hw/omap1.c
@@ -2289,12 +2289,20 @@ void omap_uwire_attach(struct omap_uwire_s *s,
 }
 
 /* Pseudonoise Pulse-Width Light Modulator */
-static void omap_pwl_update(struct omap_mpu_state_s *s)
+struct omap_pwl_s {
+MemoryRegion iomem;
+uint8_t output;
+uint8_t level;
+uint8_t enable;
+int clk;
+};
+
+static void omap_pwl_update(struct omap_pwl_s *s)
 {
-int output = (s->pwl.clk && s->pwl.enable) ? s->pwl.level : 0;
+int output = (s->clk && s->enable) ? s->level : 0;
 
-if (output != s->pwl.output) {
-s->pwl.output = output;
+if (output != s->output) {
+s->output = output;
 printf("%s: Backlight now at %i/256\n", __FUNCTION__, output);
 }
 }
@@ -2302,7 +2310,7 @@ static void omap_pwl_update(struct omap_mpu_state_s *s)
 static uint64_t omap_pwl_read(void *opaque, target_phys_addr_t addr,
   unsigned size)
 {
-struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
 int offset = addr & OMAP_MPUI_REG_MASK;
 
 if (size != 1) {
@@ -2311,9 +2319,9 @@ static uint64_t omap_pwl_read(void *opaque, 
target_phys_addr_t addr,
 
 switch (offset) {
 case 0x00: /* PWL_LEVEL */
-return s->pwl.level;
+return s->level;
 case 0x04: /* PWL_CTRL */
-return s->pwl.enable;
+return s->enable;
 }
 OMAP_BAD_REG(addr);
 return 0;
@@ -2322,7 +2330,7 @@ static uint64_t omap_pwl_read(void *opaque, 
target_phys_addr_t addr,
 static void omap_pwl_write(void *opaque, target_phys_addr_t addr,
uint64_t value, unsigned size)
 {
-struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
 int offset = addr & OMAP_MPUI_REG_MASK;
 
 if (size != 1) {
@@ -2331,11 +2339,11 @@ static void omap_pwl_write(void *opaque, 
target_phys_addr_t addr,
 
 switch (offset) {
 case 0x00: /* PWL_LEVEL */
-s->pwl.level = value;
+s->level = value;
 omap_pwl_update(s);
 break;
 case 0x04: /* PWL_CTRL */
-s->pwl.enable = value & 1;
+s->enable = value & 1;
 omap_pwl_update(s);
 break;
 default:
@@ -2350,34 +2358,37 @@ static const MemoryRegionOps omap_pwl_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void omap_pwl_reset(struct omap_mpu_state_s *s)
+static void omap_pwl_reset(struct omap_pwl_s *s)
 {
-s->pwl.output = 0;
-s->pwl.level = 0;
-s->pwl.enable = 0;
-s->pwl.clk = 1;
+s->output = 0;
+s->level = 0;
+s->enable = 0;
+s->clk = 1;
 omap_pwl_update(s);
 }
 
 static void omap_pwl_clk_update(void *opaque, int line, int on)
 {
-struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+struct omap_pwl_s *s = (struct omap_pwl_s *) opaque;
 
-s->pwl.clk = on;
+s->clk = on;
 omap_pwl_update(s);
 }
 
-static void omap_pwl_init(MemoryRegion *system_memory,
-target_phys_addr_t base, struct omap_mpu_state_s *s,
-omap_clk clk)
+static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory,
+target_phys_addr_t base,
+omap_clk clk)
 {
+struct omap_pwl_s *s = g_malloc0(sizeof(*s));
+
 omap_pwl_reset(s);
 
-memory_region_init_io(&s->pwl_iomem, &omap_pwl_ops, s,
+memory_region_init_io(&s->iomem, &omap_pwl_ops, s,
   "omap-pwl", 0x800);
-memory_region_add_subregion(system_memory, base, &s->pwl_iomem);
+memory_region_add_subregion(system_memory, base, &s->iomem);
 
 omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]);
+return s;
 }
 
 /* Pulse-Width Tone module */
@@ -3667,7 +3678,7 @@ static void omap1_mpu_reset(void *opaque)
  

Re: [Qemu-devel] [PATCH master/stable-1.0] pci: fix corrupted pci conf index register by unaligned write

[Michael S. Tsirkin]

On Wed, Jan 04, 2012 at 04:28:42PM +0200, Avi Kivity wrote:
> Commit d0ed8076cbdc261 converted the PCI config access to the memory
> API, but also inadvertantly changed it to accept unaligned writes,
> and corrupt the index register in the process.  This causes a regression
> booting NetBSD.
> 
> Fix by ignoring unaligned or non-dword writes.
> 
> https://bugs.launchpad.net/qemu/+bug/897771
> 
> Reported-by: Andreas Gustafsson 
> Signed-off-by: Avi Kivity 

Acked-by: Michael S. Tsirkin 

> ---
> 
>  hw/pci_host.c |3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/hw/pci_host.c b/hw/pci_host.c
> index 44c6c20..8041778 100644
> --- a/hw/pci_host.c
> +++ b/hw/pci_host.c
> @@ -101,6 +101,9 @@ static void pci_host_config_write(void *opaque, 
> target_phys_addr_t addr,
>  
>  PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx64"\n",
>  __func__, addr, len, val);
> +if (addr != 0 || len != 4) {
> +return;
> +}
>  s->config_reg = val;
>  }
>  
> -- 
> 1.7.7.1

[Qemu-devel] [PATCH 08/12] hw/omap_gpmc: Fix region map/unmap when configuring prefetch engine

[Peter Maydell]

When configuring the prefetch engine (and also when resetting from
a state where the prefetch engine was enabled) be careful to adhere
to the "unmap/change config fields/map" ordering, to avoid trying
to delete the wrong MemoryRegions. This fixes an assertion failure
in some cases.

Signed-off-by: Peter Maydell 
Reported-by: Alexander Graf 
Tested-by: Alexander Graf 
---
 hw/omap_gpmc.c |   30 +-
 1 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/hw/omap_gpmc.c b/hw/omap_gpmc.c
index 414f9f5..2fc4137 100644
--- a/hw/omap_gpmc.c
+++ b/hw/omap_gpmc.c
@@ -443,6 +443,12 @@ void omap_gpmc_reset(struct omap_gpmc_s *s)
 s->irqst = 0;
 s->irqen = 0;
 omap_gpmc_int_update(s);
+for (i = 0; i < 8; i++) {
+/* This has to happen before we change any of the config
+ * used to determine which memory regions are mapped or unmapped.
+ */
+omap_gpmc_cs_unmap(s, i);
+}
 s->timeout = 0;
 s->config = 0xa00;
 s->prefetch.config1 = 0x4000;
@@ -451,7 +457,6 @@ void omap_gpmc_reset(struct omap_gpmc_s *s)
 s->prefetch.fifopointer = 0;
 s->prefetch.count = 0;
 for (i = 0; i < 8; i ++) {
-omap_gpmc_cs_unmap(s, i);
 s->cs_file[i].config[1] = 0x101001;
 s->cs_file[i].config[2] = 0x020201;
 s->cs_file[i].config[3] = 0x10031003;
@@ -716,24 +721,31 @@ static void omap_gpmc_write(void *opaque, 
target_phys_addr_t addr,
 
 case 0x1e0:/* GPMC_PREFETCH_CONFIG1 */
 if (!s->prefetch.startengine) {
-uint32_t oldconfig1 = s->prefetch.config1;
+uint32_t newconfig1 = value & 0x7f8f7fbf;
 uint32_t changed;
-s->prefetch.config1 = value & 0x7f8f7fbf;
-changed = oldconfig1 ^ s->prefetch.config1;
+changed = newconfig1 ^ s->prefetch.config1;
 if (changed & (0x80 | 0x700)) {
 /* Turning the engine on or off, or mapping it somewhere else.
  * cs_map() and cs_unmap() check the prefetch config and
  * overall CSVALID bits, so it is sufficient to unmap-and-map
- * both the old cs and the new one.
+ * both the old cs and the new one. Note that we adhere to
+ * the "unmap/change config/map" order (and not unmap twice
+ * if newcs == oldcs), otherwise we'll try to delete the wrong
+ * memory region.
  */
-int oldcs = prefetch_cs(oldconfig1);
-int newcs = prefetch_cs(s->prefetch.config1);
+int oldcs = prefetch_cs(s->prefetch.config1);
+int newcs = prefetch_cs(newconfig1);
 omap_gpmc_cs_unmap(s, oldcs);
-omap_gpmc_cs_map(s, oldcs);
-if (newcs != oldcs) {
+if (oldcs != newcs) {
 omap_gpmc_cs_unmap(s, newcs);
+}
+s->prefetch.config1 = newconfig1;
+omap_gpmc_cs_map(s, oldcs);
+if (oldcs != newcs) {
 omap_gpmc_cs_map(s, newcs);
 }
+} else {
+s->prefetch.config1 = newconfig1;
 }
 }
 break;
-- 
1.7.1

Re: [Qemu-devel] [PATCH v5 3/7] arm: add dummy v7 cp15 config_base_register

[Peter Maydell]

On 29 December 2011 16:19, Mark Langsdorf  wrote:
> Add a cp15 config_base_register that currently defaults to 0.
> After the QOM CPU support is added, the value will be properly
> set to the periphal base value.
>
> Signed-off-by: Mark Langsdorf 
> Reviewed-by: Peter Maydell 

I need to revoke this Reviewed-by: because...

> @@ -2111,6 +2111,20 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
>              * 0x200 << ($rn & 0xfff), when MMU is off.  */
>             goto bad_reg;
>         }
> +        if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
> +            switch (crm) {
> +            case 0:
> +                /* The config_base_address should hold the value of
> +                 * the peripheral base. ARM should get this from a CPU
> +                 * object property, but that support isn't available in
> +                 * December 2011. Default to 0 for now and board models
> +                 * that care can set it by a private hook */
> +                if ((op1 == 4) && (op2 == 0)) {
> +                    return env->cp15.c15_config_base_address;
> +                }
> +            }
> +            goto bad_reg;
> +        }
>         return 0;

this breaks booting on vexpress, which complains
qemu: fatal: Unimplemented cp15 register read (c15, c0, {0, 1})
because we're now barfing on all the other c15 registers which we
used to read as zero.

The simplest fix is to drop that 'goto bad_reg;'.
More complicatedly we could decode the c15 range properly for A9
(as per the TRM).

-- PMM

[Qemu-devel] [PATCH master/stable-1.0] pci: fix corrupted pci conf index register by unaligned write

[Avi Kivity]

Commit d0ed8076cbdc261 converted the PCI config access to the memory
API, but also inadvertantly changed it to accept unaligned writes,
and corrupt the index register in the process.  This causes a regression
booting NetBSD.

Fix by ignoring unaligned or non-dword writes.

https://bugs.launchpad.net/qemu/+bug/897771

Reported-by: Andreas Gustafsson 
Signed-off-by: Avi Kivity 
---

 hw/pci_host.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/hw/pci_host.c b/hw/pci_host.c
index 44c6c20..8041778 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -101,6 +101,9 @@ static void pci_host_config_write(void *opaque, 
target_phys_addr_t addr,
 
 PCI_DPRINTF("%s addr " TARGET_FMT_plx " len %d val %"PRIx64"\n",
 __func__, addr, len, val);
+if (addr != 0 || len != 4) {
+return;
+}
 s->config_reg = val;
 }
 
-- 
1.7.7.1

[Qemu-devel] [PATCH 01/12] hw/pl181.c: Add save/load support

[Peter Maydell]

Add save/load support to the PL181.

Signed-off-by: Peter Maydell 
---
 hw/pl181.c |   49 -
 1 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/hw/pl181.c b/hw/pl181.c
index d05bc19..b79aa41 100644
--- a/hw/pl181.c
+++ b/hw/pl181.c
@@ -38,20 +38,45 @@ typedef struct {
 uint32_t datacnt;
 uint32_t status;
 uint32_t mask[2];
-int fifo_pos;
-int fifo_len;
+int32_t fifo_pos;
+int32_t fifo_len;
 /* The linux 2.6.21 driver is buggy, and misbehaves if new data arrives
while it is reading the FIFO.  We hack around this be defering
subsequent transfers until after the driver polls the status word.
http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4446/1
  */
-int linux_hack;
+int32_t linux_hack;
 uint32_t fifo[PL181_FIFO_LEN];
 qemu_irq irq[2];
 /* GPIO outputs for 'card is readonly' and 'card inserted' */
 qemu_irq cardstatus[2];
 } pl181_state;
 
+static const VMStateDescription vmstate_pl181 = {
+.name = "pl181",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(clock, pl181_state),
+VMSTATE_UINT32(power, pl181_state),
+VMSTATE_UINT32(cmdarg, pl181_state),
+VMSTATE_UINT32(cmd, pl181_state),
+VMSTATE_UINT32(datatimer, pl181_state),
+VMSTATE_UINT32(datalength, pl181_state),
+VMSTATE_UINT32(respcmd, pl181_state),
+VMSTATE_UINT32_ARRAY(response, pl181_state, 4),
+VMSTATE_UINT32(datactrl, pl181_state),
+VMSTATE_UINT32(datacnt, pl181_state),
+VMSTATE_UINT32(status, pl181_state),
+VMSTATE_UINT32_ARRAY(mask, pl181_state, 2),
+VMSTATE_INT32(fifo_pos, pl181_state),
+VMSTATE_INT32(fifo_len, pl181_state),
+VMSTATE_INT32(linux_hack, pl181_state),
+VMSTATE_UINT32_ARRAY(fifo, pl181_state, PL181_FIFO_LEN),
+VMSTATE_END_OF_LIST()
+}
+};
+
 #define PL181_CMD_INDEX 0x3f
 #define PL181_CMD_RESPONSE  (1 << 6)
 #define PL181_CMD_LONGRESP  (1 << 7)
@@ -420,9 +445,9 @@ static const MemoryRegionOps pl181_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void pl181_reset(void *opaque)
+static void pl181_reset(DeviceState *d)
 {
-pl181_state *s = (pl181_state *)opaque;
+pl181_state *s = DO_UPCAST(pl181_state, busdev.qdev, d);
 
 s->power = 0;
 s->cmdarg = 0;
@@ -459,15 +484,21 @@ static int pl181_init(SysBusDevice *dev)
 qdev_init_gpio_out(&s->busdev.qdev, s->cardstatus, 2);
 dinfo = drive_get_next(IF_SD);
 s->card = sd_init(dinfo ? dinfo->bdrv : NULL, 0);
-qemu_register_reset(pl181_reset, s);
-pl181_reset(s);
-/* ??? Save/restore.  */
 return 0;
 }
 
+static SysBusDeviceInfo pl181_info = {
+.init = pl181_init,
+.qdev.name = "pl181",
+.qdev.size = sizeof(pl181_state),
+.qdev.vmsd = &vmstate_pl181,
+.qdev.reset = pl181_reset,
+.qdev.no_user = 1,
+};
+
 static void pl181_register_devices(void)
 {
-sysbus_register_dev("pl181", sizeof(pl181_state), pl181_init);
+sysbus_register_withprop(&pl181_info);
 }
 
 device_init(pl181_register_devices)
-- 
1.7.1

[Qemu-devel] [PATCH 05/12] hw/omap1.c: Separate PWT from omap_mpu_state

[Peter Maydell]

From: Juha Riihimäki 

Signed-off-by: Juha Riihimäki 
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio 
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell 
---
 hw/omap.h  |   10 +-
 hw/omap1.c |   57 ++---
 2 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/hw/omap.h b/hw/omap.h
index 851ad46..2e227b5 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -829,7 +829,6 @@ struct omap_mpu_state_s {
 MemoryRegion tcmi_iomem;
 MemoryRegion clkm_iomem;
 MemoryRegion clkdsp_iomem;
-MemoryRegion pwt_iomem;
 MemoryRegion mpui_io_iomem;
 MemoryRegion tap_iomem;
 MemoryRegion imif_ram;
@@ -867,14 +866,7 @@ struct omap_mpu_state_s {
 struct omap_uwire_s *microwire;
 
 struct omap_pwl_s *pwl;
-
-struct {
-uint8_t frc;
-uint8_t vrc;
-uint8_t gcr;
-omap_clk clk;
-} pwt;
-
+struct omap_pwt_s *pwt;
 struct omap_i2c_s *i2c[2];
 
 struct omap_rtc_s *rtc;
diff --git a/hw/omap1.c b/hw/omap1.c
index ccc6ecf..4635938 100644
--- a/hw/omap1.c
+++ b/hw/omap1.c
@@ -2392,10 +2392,18 @@ static struct omap_pwl_s *omap_pwl_init(MemoryRegion 
*system_memory,
 }
 
 /* Pulse-Width Tone module */
+struct omap_pwt_s {
+MemoryRegion iomem;
+uint8_t frc;
+uint8_t vrc;
+uint8_t gcr;
+omap_clk clk;
+};
+
 static uint64_t omap_pwt_read(void *opaque, target_phys_addr_t addr,
   unsigned size)
 {
-struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
 int offset = addr & OMAP_MPUI_REG_MASK;
 
 if (size != 1) {
@@ -2404,11 +2412,11 @@ static uint64_t omap_pwt_read(void *opaque, 
target_phys_addr_t addr,
 
 switch (offset) {
 case 0x00: /* FRC */
-return s->pwt.frc;
+return s->frc;
 case 0x04: /* VCR */
-return s->pwt.vrc;
+return s->vrc;
 case 0x08: /* GCR */
-return s->pwt.gcr;
+return s->gcr;
 }
 OMAP_BAD_REG(addr);
 return 0;
@@ -2417,7 +2425,7 @@ static uint64_t omap_pwt_read(void *opaque, 
target_phys_addr_t addr,
 static void omap_pwt_write(void *opaque, target_phys_addr_t addr,
uint64_t value, unsigned size)
 {
-struct omap_mpu_state_s *s = (struct omap_mpu_state_s *) opaque;
+struct omap_pwt_s *s = (struct omap_pwt_s *) opaque;
 int offset = addr & OMAP_MPUI_REG_MASK;
 
 if (size != 1) {
@@ -2426,16 +2434,16 @@ static void omap_pwt_write(void *opaque, 
target_phys_addr_t addr,
 
 switch (offset) {
 case 0x00: /* FRC */
-s->pwt.frc = value & 0x3f;
+s->frc = value & 0x3f;
 break;
 case 0x04: /* VRC */
-if ((value ^ s->pwt.vrc) & 1) {
+if ((value ^ s->vrc) & 1) {
 if (value & 1)
 printf("%s: %iHz buzz on\n", __FUNCTION__, (int)
 /* 1.5 MHz from a 12-MHz or 13-MHz PWT_CLK */
-((omap_clk_getrate(s->pwt.clk) >> 3) /
+((omap_clk_getrate(s->clk) >> 3) /
  /* Pre-multiplexer divider */
- ((s->pwt.gcr & 2) ? 1 : 154) /
+ ((s->gcr & 2) ? 1 : 154) /
  /* Octave multiplexer */
  (2 << (value & 3)) *
  /* 101/107 divider */
@@ -2450,10 +2458,10 @@ static void omap_pwt_write(void *opaque, 
target_phys_addr_t addr,
 else
 printf("%s: silence!\n", __FUNCTION__);
 }
-s->pwt.vrc = value & 0x7f;
+s->vrc = value & 0x7f;
 break;
 case 0x08: /* GCR */
-s->pwt.gcr = value & 3;
+s->gcr = value & 3;
 break;
 default:
 OMAP_BAD_REG(addr);
@@ -2467,23 +2475,25 @@ static const MemoryRegionOps omap_pwt_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void omap_pwt_reset(struct omap_mpu_state_s *s)
+static void omap_pwt_reset(struct omap_pwt_s *s)
 {
-s->pwt.frc = 0;
-s->pwt.vrc = 0;
-s->pwt.gcr = 0;
+s->frc = 0;
+s->vrc = 0;
+s->gcr = 0;
 }
 
-static void omap_pwt_init(MemoryRegion *system_memory,
-target_phys_addr_t base, struct omap_mpu_state_s *s,
-omap_clk clk)
+static struct omap_pwt_s *omap_pwt_init(MemoryRegion *system_memory,
+target_phys_addr_t base,
+omap_clk clk)
 {
-s->pwt.clk = clk;
+struct omap_pwt_s *s = g_malloc0(sizeof(*s));
+s->clk = clk;
 omap_pwt_reset(s);
 
-memory_region_init_io(&s->pwt_iomem, &omap_pwt_ops, s,
+memory_region_init_io(&s->iomem, &omap_pwt_ops, s,
   "omap-pwt", 0x800);
-memory_region_add_subregion(system_memory, bas

[Qemu-devel] [PATCH 02/12] hw/pl110.c: Add post-load hook to invalidate display

[Peter Maydell]

Add a post-load hook which invalidates the display. In particular, if we
don't do this and the display size we've just reloaded is larger than
the default then we will segfault trying to read off the end of the buffer.

Signed-off-by: Peter Maydell 
---
 hw/pl110.c |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/hw/pl110.c b/hw/pl110.c
index 303a9bc..0e1f415 100644
--- a/hw/pl110.c
+++ b/hw/pl110.c
@@ -60,10 +60,13 @@ typedef struct {
 qemu_irq irq;
 } pl110_state;
 
+static int vmstate_pl110_post_load(void *opaque, int version_id);
+
 static const VMStateDescription vmstate_pl110 = {
 .name = "pl110",
 .version_id = 2,
 .minimum_version_id = 1,
+.post_load = vmstate_pl110_post_load,
 .fields = (VMStateField[]) {
 VMSTATE_INT32(version, pl110_state),
 VMSTATE_UINT32_ARRAY(timing, pl110_state, 4),
@@ -430,6 +433,14 @@ static void pl110_mux_ctrl_set(void *opaque, int line, int 
level)
 s->mux_ctrl = level;
 }
 
+static int vmstate_pl110_post_load(void *opaque, int version_id)
+{
+pl110_state *s = opaque;
+/* Make sure we redraw, and at the right size */
+pl110_invalidate_display(s);
+return 0;
+}
+
 static int pl110_init(SysBusDevice *dev)
 {
 pl110_state *s = FROM_SYSBUS(pl110_state, dev);
-- 
1.7.1

[Qemu-devel] [PATCH 09/12] arm: add missing scu registers

[Peter Maydell]

From: Rob Herring 

Add power control register to a9mpcore

Signed-off-by: Rob Herring 
Signed-off-by: Mark Langsdorf 
Signed-off-by: Peter Maydell 
---
 hw/a9mpcore.c |   36 +---
 1 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/hw/a9mpcore.c b/hw/a9mpcore.c
index cd2985f..3ef0e13 100644
--- a/hw/a9mpcore.c
+++ b/hw/a9mpcore.c
@@ -29,6 +29,7 @@ gic_get_current_cpu(void)
 typedef struct a9mp_priv_state {
 gic_state gic;
 uint32_t scu_control;
+uint32_t scu_status;
 uint32_t old_timer_status[8];
 uint32_t num_cpu;
 qemu_irq *timer_irq;
@@ -48,7 +49,13 @@ static uint64_t a9_scu_read(void *opaque, target_phys_addr_t 
offset,
 case 0x04: /* Configuration */
 return (((1 << s->num_cpu) - 1) << 4) | (s->num_cpu - 1);
 case 0x08: /* CPU Power Status */
-return 0;
+return s->scu_status;
+case 0x09: /* CPU status.  */
+return s->scu_status >> 8;
+case 0x0a: /* CPU status.  */
+return s->scu_status >> 16;
+case 0x0b: /* CPU status.  */
+return s->scu_status >> 24;
 case 0x0c: /* Invalidate All Registers In Secure State */
 return 0;
 case 0x40: /* Filtering Start Address Register */
@@ -67,12 +74,35 @@ static void a9_scu_write(void *opaque, target_phys_addr_t 
offset,
  uint64_t value, unsigned size)
 {
 a9mp_priv_state *s = (a9mp_priv_state *)opaque;
+uint32_t mask;
+uint32_t shift;
+switch (size) {
+case 1:
+mask = 0xff;
+break;
+case 2:
+mask = 0x;
+break;
+case 4:
+mask = 0x;
+break;
+default:
+fprintf(stderr, "Invalid size %u in write to a9 scu register %x\n",
+size, offset);
+return;
+}
+
 switch (offset) {
 case 0x00: /* Control */
 s->scu_control = value & 1;
 break;
 case 0x4: /* Configuration: RO */
 break;
+case 0x08: case 0x09: case 0x0A: case 0x0B: /* Power Control */
+shift = (offset - 0x8) * 8;
+s->scu_status &= ~(mask << shift);
+s->scu_status |= ((value & mask) << shift);
+break;
 case 0x0c: /* Invalidate All Registers In Secure State */
 /* no-op as we do not implement caches */
 break;
@@ -80,7 +110,6 @@ static void a9_scu_write(void *opaque, target_phys_addr_t 
offset,
 case 0x44: /* Filtering End Address Register */
 /* RAZ/WI, like an implementation with only one AXI master */
 break;
-case 0x8: /* CPU Power Status */
 case 0x50: /* SCU Access Control Register */
 case 0x54: /* SCU Non-secure Access Control Register */
 /* unimplemented, fall through */
@@ -169,11 +198,12 @@ static int a9mp_priv_init(SysBusDevice *dev)
 
 static const VMStateDescription vmstate_a9mp_priv = {
 .name = "a9mpcore_priv",
-.version_id = 1,
+.version_id = 2,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(scu_control, a9mp_priv_state),
 VMSTATE_UINT32_ARRAY(old_timer_status, a9mp_priv_state, 8),
+VMSTATE_UINT32_V(scu_status, a9mp_priv_state, 2),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
1.7.1

[Qemu-devel] [PATCH 12/12] add L2x0/PL310 cache controller device

[Peter Maydell]

From: Rob Herring 

This is just a dummy device for ARM L2 cache controllers, based on the
pl310. The cache type parameter can be defined by a property value
and has a meaningful default.

Signed-off-by: Rob Herring 
Signed-off-by: Mark Langsdorf 
[Peter Maydell: removed stray blank line at end]
Signed-off-by: Peter Maydell 
---
 Makefile.target |1 +
 hw/arm_l2x0.c   |  181 +++
 2 files changed, 182 insertions(+), 0 deletions(-)
 create mode 100644 hw/arm_l2x0.c

diff --git a/Makefile.target b/Makefile.target
index 3261383..db5e44c 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -336,6 +336,7 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
+obj-arm-y += arm_l2x0.o
 obj-arm-y += arm_mptimer.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
 obj-arm-y += pl061.o
diff --git a/hw/arm_l2x0.c b/hw/arm_l2x0.c
new file mode 100644
index 000..2faed39
--- /dev/null
+++ b/hw/arm_l2x0.c
@@ -0,0 +1,181 @@
+/*
+ * ARM dummy L210, L220, PL310 cache controller.
+ *
+ * Copyright (c) 2010-2012 Calxeda
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or any later version, as published by the Free Software
+ * Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ *
+ */
+
+#include "sysbus.h"
+
+/* L2C-310 r3p2 */
+#define CACHE_ID 0x41c8
+
+typedef struct l2x0_state {
+SysBusDevice busdev;
+MemoryRegion iomem;
+uint32_t cache_type;
+uint32_t ctrl;
+uint32_t aux_ctrl;
+uint32_t data_ctrl;
+uint32_t tag_ctrl;
+uint32_t filter_start;
+uint32_t filter_end;
+} l2x0_state;
+
+static const VMStateDescription vmstate_l2x0 = {
+.name = "l2x0",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(ctrl, l2x0_state),
+VMSTATE_UINT32(aux_ctrl, l2x0_state),
+VMSTATE_UINT32(data_ctrl, l2x0_state),
+VMSTATE_UINT32(tag_ctrl, l2x0_state),
+VMSTATE_UINT32(filter_start, l2x0_state),
+VMSTATE_UINT32(filter_end, l2x0_state),
+VMSTATE_END_OF_LIST()
+}
+};
+
+
+static uint64_t l2x0_priv_read(void *opaque, target_phys_addr_t offset,
+   unsigned size)
+{
+uint32_t cache_data;
+l2x0_state *s = (l2x0_state *)opaque;
+offset &= 0xfff;
+if (offset >= 0x730 && offset < 0x800) {
+return 0; /* cache ops complete */
+}
+switch (offset) {
+case 0:
+return CACHE_ID;
+case 0x4:
+/* aux_ctrl values affect cache_type values */
+cache_data = (s->aux_ctrl & (7 << 17)) >> 15;
+cache_data |= (s->aux_ctrl & (1 << 16)) >> 16;
+return s->cache_type |= (cache_data << 18) | (cache_data << 6);
+case 0x100:
+return s->ctrl;
+case 0x104:
+return s->aux_ctrl;
+case 0x108:
+return s->tag_ctrl;
+case 0x10C:
+return s->data_ctrl;
+case 0xC00:
+return s->filter_start;
+case 0xC04:
+return s->filter_end;
+case 0xF40:
+return 0;
+case 0xF60:
+return 0;
+case 0xF80:
+return 0;
+default:
+fprintf(stderr, "l2x0_priv_read: Bad offset %x\n", (int)offset);
+break;
+}
+return 0;
+}
+
+static void l2x0_priv_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+l2x0_state *s = (l2x0_state *)opaque;
+offset &= 0xfff;
+if (offset >= 0x730 && offset < 0x800) {
+/* ignore */
+return;
+}
+switch (offset) {
+case 0x100:
+s->ctrl = value & 1;
+break;
+case 0x104:
+s->aux_ctrl = value;
+break;
+case 0x108:
+s->tag_ctrl = value;
+break;
+case 0x10C:
+s->data_ctrl = value;
+break;
+case 0xC00:
+s->filter_start = value;
+break;
+case 0xC04:
+s->filter_end = value;
+break;
+case 0xF40:
+return;
+case 0xF60:
+return;
+case 0xF80:
+return;
+default:
+fprintf(stderr, "l2x0_priv_write: Bad offset %x\n", (int)offset);
+break;
+}
+}
+
+static void l2x0_priv_reset(DeviceState *dev)
+{
+l2x0_state *s = DO_UPCAST(l2x0_state, busdev.qdev, dev);
+
+s->ctrl = 0;
+s->aux_ctrl = 0x0202000