[Qemu-devel] [PATCH 2/2] Add QEMU_NORETURN to function cpu_io_recompile

[Stefan Weil]

cpu_io_recompile terminates by calling either cpu_abort or
cpu_resume_from_signal which both never return.

Signed-off-by: Stefan Weil 
---
 exec-all.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/exec-all.h b/exec-all.h
index cd283dd..526e65c 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -87,7 +87,7 @@ int cpu_gen_code(CPUArchState *env, struct TranslationBlock 
*tb,
 int cpu_restore_state(struct TranslationBlock *tb,
   CPUArchState *env, unsigned long searched_pc);
 void QEMU_NORETURN cpu_resume_from_signal(CPUArchState *env1, void *puc);
-void cpu_io_recompile(CPUArchState *env, void *retaddr);
+void QEMU_NORETURN cpu_io_recompile(CPUArchState *env, void *retaddr);
 TranslationBlock *tb_gen_code(CPUArchState *env, 
   target_ulong pc, target_ulong cs_base, int flags,
   int cflags);
-- 
1.7.9

[Qemu-devel] [PATCH 1/2] Add QEMU_NORETURN to function cpu_resume_from_signal

[Stefan Weil]

cpu_resume_from_signal terminates by calling longjmp.

Signed-off-by: Stefan Weil 
---
 exec-all.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/exec-all.h b/exec-all.h
index 93a5b22..cd283dd 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -86,7 +86,7 @@ int cpu_gen_code(CPUArchState *env, struct TranslationBlock 
*tb,
  int *gen_code_size_ptr);
 int cpu_restore_state(struct TranslationBlock *tb,
   CPUArchState *env, unsigned long searched_pc);
-void cpu_resume_from_signal(CPUArchState *env1, void *puc);
+void QEMU_NORETURN cpu_resume_from_signal(CPUArchState *env1, void *puc);
 void cpu_io_recompile(CPUArchState *env, void *retaddr);
 TranslationBlock *tb_gen_code(CPUArchState *env, 
   target_ulong pc, target_ulong cs_base, int flags,
-- 
1.7.9

Re: [Qemu-devel] [RFC PATCH v1 1/4] SPI: initial support

[Peter Crosthwaite]

On Thu, Apr 5, 2012 at 5:18 PM, Peter Maydell  wrote:
>
> I'm not sure what you intend the tristate masks to be used for?
> If the sending device puts the line into high-impedance presumably
> the receiving device is just going to read something random which
> it's supposed to ignore, so the sender could just send whatever
> it likes. We're not modelling multiple devices sending at once,
> which is the only case I can think of where you'd need to care
> which bits each device was tristating for.
>
> -- PMM

Hi Peter,

I managed to get all the tristate behaviours out of my controller and
device models so we can drop this as you have suggested, so we can
drop that change to ssi.

Happy Easter,
Peter

[Qemu-devel] [PATCH V9 1/1] Guest stop notification

[Raghavendra K T]

From: Eric B Munson 

Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume.  There are kernel patches being discussed that
will give the host the ability to tell the guest that it is being stopped and
should ignore the soft lockup warning that generates.  This patch uses the qemu
Notifier system to tell the guest it is about to be stopped.

Signed-off-by: Eric B Munson  
Signed-off-by: Raghavendra K T 

Cc: Eric B Munson 
Cc: Avi Kivity  
Cc: Marcelo Tosatti 
Cc: Anthony Liguori 
Cc: Jan Kiszka 
Cc: Andreas Färber 
---
Changes from V8:
 incorporated Andrea's comments: 
  use __func__ in place of actual function name 
  change ret variable order
  no whitespace before %s in fprintf   

Changes from V7:
 capabilty changed to KVM_CAP_KVMCLOCK_CTRL
 KVM_GUEST_PAUSED is pervcpu again
 CPUState renamed to CPUArchState
 KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL

Changes from V6:
 Remove unnecessary include

Changes from V5:
 KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu

Changes from V4:
 Test if the guest paused capability is available before use

Changes from V3:
 Collapse new state change notification function into existsing function.
 Correct whitespace issues
 Change ioctl name to KVMCLOCK_GUEST_PAUSED
 Use for loop to iterate vpcu's

Changes from V2:
 Move ioctl into hw/kvmclock.c so as other arches can use it as it is
implemented

Changes from V1:
 Remove unnecessary encapsulating function
---
not included Andreas's Reviewed by since used __func__ instead of __FUNCTION__
V8 of the patch was Reviewed-by: Andreas Färber 

diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
index 446bd62..824b978 100644
--- a/hw/kvm/clock.c
+++ b/hw/kvm/clock.c
@@ -65,9 +65,25 @@ static void kvmclock_vm_state_change(void *opaque, int 
running,
  RunState state)
 {
 KVMClockState *s = opaque;
+CPUArchState *penv = first_cpu;
+int cap_clock_ctrl = kvm_check_extension(kvm_state, KVM_CAP_KVMCLOCK_CTRL);
+int ret;
 
 if (running) {
 s->clock_valid = false;
+
+if (!cap_clock_ctrl) {
+return;
+}
+for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
+ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr, "%s: %s\n", __func__, strerror(-ret));
+}
+return;
+}
+}
 }
 }
 

Re: [Qemu-devel] [PATCH V8 1/1] Guest stop notificationorry for rduplicate mail ndreas

[Raghavendra K T]

On 04/07/2012 02:39 AM, Andreas Färber wrote:

Am 06.04.2012 15:01, schrieb Raghavendra K T:

On 04/06/2012 03:19 PM, Raghavendra K T wrote:

On 04/06/2012 02:29 PM, Andreas Färber wrote:

Am 06.04.2012 09:21, schrieb Raghavendra K T:

From: Eric B Munson

Often when a guest is stopped from the qemu console, it will report
spurious
soft lockup warnings on resume. There are kernel patches being
discussed that
will give the host the ability to tell the guest that it is being
stopped and
should ignore the soft lockup warning that generates. This patch uses
the qemu
Notifier system to tell the guest it is about to be stopped.

Signed-off-by: Eric B Munson
Signed-off-by: Raghavendra K T

Cc: Eric B Munson
Cc: Avi Kivity
Cc: Marcelo Tosatti
Cc: Anthony Liguori
Cc: Jan Kiszka
Cc: "Andreas FÀrber"
---
Changes from V7:
capabilty changed to KVM_CAP_KVMCLOCK_CTRL
KVM_GUEST_PAUSED is pervcpu again
CPUState renamed to CPUArchState


Thanks, change looks right to me.


I think I should have added Acked-by and resent full patch. So here is
it. sorry for duplicate mail.


No, it was not intended as such since I can't ack the ioctl. Resends are
best done with git-send-email, i.e. a v9 with change log (whether as
reply or not, opinions are divided) to make sure the right version gets
applied in the end.


Ok. Thanks Andreas. sending V9 shortly




[...]

+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr,
+" %s: %s\n", __FUNCTION__,


Is the whitespace before %s intentional? Wasn't there in v8.

The GCC manual recommends __func__, like I suggested, saying it's C99.
http://gcc.gnu.org/onlinedocs/gcc-4.7.0/gcc/Function-Names.html#Function-Names
__FUNCTION__ usage is currently 432 vs. __func__ 579, so not wrong.



will correct them.


If you want to leave it that way you can add my

Reviewed-by: Andreas Färber

Andreas


+strerror(-ret));
+}
+return;
+}
+}
  }
  }

Re: [Qemu-devel] [PATCH V8 1/1] Guest stop notificationorry for rduplicate mail

[Andreas Färber]

Am 06.04.2012 15:01, schrieb Raghavendra K T:
> On 04/06/2012 03:19 PM, Raghavendra K T wrote:
>> On 04/06/2012 02:29 PM, Andreas Färber wrote:
>>> Am 06.04.2012 09:21, schrieb Raghavendra K T:
 From: Eric B Munson

 Often when a guest is stopped from the qemu console, it will report
 spurious
 soft lockup warnings on resume. There are kernel patches being
 discussed that
 will give the host the ability to tell the guest that it is being
 stopped and
 should ignore the soft lockup warning that generates. This patch uses
 the qemu
 Notifier system to tell the guest it is about to be stopped.

 Signed-off-by: Eric B Munson
 Signed-off-by: Raghavendra K T

 Cc: Eric B Munson
 Cc: Avi Kivity
 Cc: Marcelo Tosatti
 Cc: Anthony Liguori
 Cc: Jan Kiszka
 Cc: "Andreas FÀrber"
 ---
 Changes from V7:
 capabilty changed to KVM_CAP_KVMCLOCK_CTRL
 KVM_GUEST_PAUSED is pervcpu again
 CPUState renamed to CPUArchState
>>>
>>> Thanks, change looks right to me.
> 
> I think I should have added Acked-by and resent full patch. So here is
> it. sorry for duplicate mail.

No, it was not intended as such since I can't ack the ioctl. Resends are
best done with git-send-email, i.e. a v9 with change log (whether as
reply or not, opinions are divided) to make sure the right version gets
applied in the end.

> ---
> From: Eric B Munson 
> 
> Often when a guest is stopped from the qemu console, it will report
> spurious
> soft lockup warnings on resume.  There are kernel patches being
> discussed that
> will give the host the ability to tell the guest that it is being
> stopped and
> should ignore the soft lockup warning that generates.  This patch uses
> the qemu
> Notifier system to tell the guest it is about to be stopped.
> 
> Acked-by: "Andreas Färber" 
> Signed-off-by: Eric B Munson 
> Signed-off-by: Raghavendra K T 

*-bys should be added in chronological order, i.e. at the bottom.

> 
> Cc: Eric B Munson 
> Cc: Avi Kivity 
> Cc: Marcelo Tosatti 
> Cc: Anthony Liguori 
> Cc: Jan Kiszka 
> Cc: "Andreas Färber" 
> ---
> Changes from V7:
>  capabilty changed to KVM_CAP_KVMCLOCK_CTRL
>  KVM_GUEST_PAUSED is pervcpu again
>  CPUState renamed to CPUArchState
>  KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL
>  incorporated Andrea's comments (__FUNCTION__) etc
> 
> Changes from V6:
>  Remove unnecessary include
> 
> Changes from V5:
>  KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu
> 
> Changes from V4:
>  Test if the guest paused capability is available before use
> 
> Changes from V3:
>  Collapse new state change notification function into existsing function.
>  Correct whitespace issues
>  Change ioctl name to KVMCLOCK_GUEST_PAUSED
>  Use for loop to iterate vpcu's
> 
> Changes from V2:
>  Move ioctl into hw/kvmclock.c so as other arches can use it as it is
> implemented
> 
> Changes from V1:
>  Remove unnecessary encapsulating function
> ---
> 
> diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
> index 446bd62..a6aa6e4 100644
> --- a/hw/kvm/clock.c
> +++ b/hw/kvm/clock.c
> @@ -65,9 +65,27 @@ static void kvmclock_vm_state_change(void *opaque,
> int running,
>   RunState state)
>  {
>  KVMClockState *s = opaque;
> +CPUArchState *penv = first_cpu;
> +int cap_clock_ctrl = kvm_check_extension(kvm_state,
> KVM_CAP_KVMCLOCK_CTRL);
> +int ret;
> 
>  if (running) {
>  s->clock_valid = false;
> +
> +if (!cap_clock_ctrl) {
> +return;
> +}
> +for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
> +ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
> +if (ret) {
> +if (ret != -EINVAL) {
> +fprintf(stderr,
> +" %s: %s\n", __FUNCTION__,

Is the whitespace before %s intentional? Wasn't there in v8.

The GCC manual recommends __func__, like I suggested, saying it's C99.
http://gcc.gnu.org/onlinedocs/gcc-4.7.0/gcc/Function-Names.html#Function-Names
__FUNCTION__ usage is currently 432 vs. __func__ 579, so not wrong.

If you want to leave it that way you can add my

Reviewed-by: Andreas Färber 

Andreas

> +strerror(-ret));
> +}
> +return;
> +}
> +}
>  }
>  }
> 

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH 15/17] arm-linux-user: fix elfload.c's AT_HWCAP to reflect cpu features.

[riku . voipio]

From: Benoit Canet 

The cpu capabilities passed by the elf loader in AT_HWCAP where
a constant.
Make AT_HWCAP reflect the emulated cpu features in order to give
correct clues to eglibc.

Riku Voipio: fixed to apply to current head

Fix :  [Bug 887516] [NEW] VFP support reported for the PXA270

Signed-off-by: Benoit Canet 
Signed-off-by: Riku Voipio 
---
 linux-user/elfload.c |   31 +++
 1 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index e502b39..4ce9743 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -375,10 +375,33 @@ bool guest_validate_base(unsigned long guest_base)
 return 1; /* All good */
 }
 
-#define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF   \
-   | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT  \
-   | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP  \
-   | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 )
+
+#define ELF_HWCAP get_elf_hwcap()
+
+static uint32_t get_elf_hwcap(void)
+{
+CPUARMState *e = thread_env;
+uint32_t hwcaps = 0;
+
+hwcaps |= ARM_HWCAP_ARM_SWP;
+hwcaps |= ARM_HWCAP_ARM_HALF;
+hwcaps |= ARM_HWCAP_ARM_THUMB;
+hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
+hwcaps |= ARM_HWCAP_ARM_FPA;
+
+/* probe for the extra features */
+#define GET_FEATURE(feat, hwcap) \
+do {if (arm_feature(e, feat)) { hwcaps |= hwcap; } } while (0)
+GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
+GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
+GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
+GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
+GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
+GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16);
+#undef GET_FEATURE
+
+return hwcaps;
+}
 
 #endif
 
-- 
1.7.5.4

[Qemu-devel] [PATCH 02/17] linux-user: target_argv is placed on ts->bprm->argv and can't be freed()

[riku . voipio]

From: Fabio Erculiani 

TaskState contains linux_bprm struct which encapsulates argv among
other things.
argv might be used around the code and is expected to contain valid
data. Before this patch, ts->bprm->argv was NULL due to it being
freed right after loader_exec().

Signed-off-by: Fabio Erculiani 
Acked-by: Alexander Graf 
Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/main.c |5 -
 1 files changed, 0 insertions(+), 5 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 962677e..2570140 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3486,11 +3486,6 @@ int main(int argc, char **argv, char **envp)
 _exit(1);
 }
 
-for (i = 0; i < target_argc; i++) {
-free(target_argv[i]);
-}
-free(target_argv);
-
 for (wrk = target_environ; *wrk; wrk++) {
 free(*wrk);
 }
-- 
1.7.5.4

[Qemu-devel] [PATCH 05/17] linux-user: fix BLK ioctl arguments

[riku . voipio]

From: Alexander Graf 

Some BLK ioctls passed sizeof(x) into a macro that already did sizeof() on
the passed in argument, rendering the size information inside the ioctl be
the size of the host default integer type.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall_defs.h |8 +---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index f8f3af3..a79b67d 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -832,9 +832,11 @@ struct target_pollfd {
 #define TARGET_BLKSECTGET TARGET_IO(0x12,103)/* get max sectors per request 
(ll_rw_blk.c) */
 #define TARGET_BLKSSZGET  TARGET_IO(0x12,104)/* get block device sector size */
 /* A jump here: 108-111 have been used for various private purposes. */
-#define TARGET_BLKBSZGET  TARGET_IOR(0x12,112,sizeof(int))
-#define TARGET_BLKBSZSET  TARGET_IOW(0x12,113,sizeof(int))
-#define TARGET_BLKGETSIZE64 TARGET_IOR(0x12,114,sizeof(uint64_t)) /* return 
device size in bytes (u64 *arg) */
+#define TARGET_BLKBSZGET  TARGET_IOR(0x12,112,int)
+#define TARGET_BLKBSZSET  TARGET_IOW(0x12,113,int)
+#define TARGET_BLKGETSIZE64 TARGET_IOR(0x12,114,abi_ulong)
+ /* return device size in bytes
+(u64 *arg) */
 #define TARGET_FIBMAP TARGET_IO(0x00,1)  /* bmap access */
 #define TARGET_FIGETBSZ   TARGET_IO(0x00,2)  /* get the block size used for 
bmap */
 #define TARGET_FS_IOC_FIEMAP TARGET_IOWR('f',11,struct fiemap)
-- 
1.7.5.4

[Qemu-devel] [PATCH 03/17] linux-user: implement device mapper ioctls

[riku . voipio]

From: Alexander Graf 

This patch implements all ioctls currently implemented by device mapper,
enabling us to run dmsetup and kpartx inside of linux-user.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/ioctls.h|   32 ++
 linux-user/syscall.c   |  226 
 linux-user/syscall_defs.h  |   18 
 linux-user/syscall_types.h |   36 +++
 4 files changed, 312 insertions(+), 0 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 6514502..fd8b7bb 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -345,3 +345,35 @@
   IOCTL(VT_SETMODE, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_vt_mode)))
   IOCTL(VT_RELDISP, 0, TYPE_INT)
   IOCTL(VT_DISALLOCATE, 0, TYPE_INT)
+
+  IOCTL(DM_VERSION, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_REMOVE_ALL,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_LIST_DEVICES, IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_CREATE,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_REMOVE,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_RENAME,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_SUSPEND,  IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_STATUS,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_WAIT, IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_TABLE_LOAD,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_TABLE_CLEAR,  IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_TABLE_DEPS,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_TABLE_STATUS, IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_LIST_VERSIONS,IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_TARGET_MSG,   IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
+  IOCTL_SPECIAL(DM_DEV_SET_GEOMETRY, IOC_RW, do_ioctl_dm,
+MK_PTR(MK_STRUCT(STRUCT_dm_ioctl)))
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 0e74ee0..9d1c8b2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -95,6 +95,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #endif
 #include 
 #include 
+#include 
 #include "linux_loop.h"
 #include "cpu-uname.h"
 
@@ -3354,6 +3355,231 @@ static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, 
uint8_t *buf_temp,
 return ret;
 }
 
+static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
+abi_long cmd, abi_long arg)
+{
+void *argptr;
+struct dm_ioctl *host_dm;
+abi_long guest_data;
+uint32_t guest_data_size;
+int target_size;
+const argtype *arg_type = ie->arg_type;
+abi_long ret;
+void *big_buf = NULL;
+char *host_data;
+
+arg_type++;
+target_size = thunk_type_size(arg_type, 0);
+argptr = lock_user(VERIFY_READ, arg, target_size, 1);
+if (!argptr) {
+ret = -TARGET_EFAULT;
+goto out;
+}
+thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
+unlock_user(argptr, arg, 0);
+
+/* buf_temp is too small, so fetch things into a bigger buffer */
+big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
+memcpy(big_buf, buf_temp, target_size);
+buf_temp = big_buf;
+host_dm = big_buf;
+
+guest_data = arg + host_dm->data_start;
+if ((guest_data - arg) < 0) {
+ret = -EINVAL;
+goto out;
+}
+guest_data_size = host_dm->data_size - host_dm->data_start;
+host_data = (char*)host_dm + host_dm->data_start;
+
+argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
+switch (ie->host_cmd) {
+case DM_REMOVE_ALL:
+case DM_LIST_DEVICES:
+case DM_DEV_CREATE:
+case DM_DEV_REMOVE:
+case DM_DEV_SUSPEND:
+case DM_DEV_STATUS:
+case DM_DEV_WAIT:
+case DM_TABLE_STATUS:
+case DM_TABLE_CLEAR:
+case DM_TABLE_DEPS:
+case DM_LIST_VERSIONS:
+/* no input data */
+break;
+case DM_DEV_RENAME:
+case DM_DEV_SET_GEOMETRY:
+/* data contains only strings */
+memcpy(host_data, argptr, guest_data_size);
+break;
+case DM_TARGET_MSG:
+memcpy(host_data, argptr, guest_data_size);
+*(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
+break;
+case DM_TABLE_LOAD:
+{
+void *gspec = argptr;
+void *cur_data = host_data;
+const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
+int spe

[Qemu-devel] [PATCH 08/17] linux-user: fix fallocate

[riku . voipio]

From: Alexander Graf 

Fallocate gets off_t parameters passed in, so we should also read them out
accordingly.

Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - unbreak 64-bit guests

Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9d1c8b2..fdd49b1 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8485,7 +8485,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #endif /* CONFIG_EVENTFD  */
 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
 case TARGET_NR_fallocate:
+#if TARGET_ABI_BITS == 32
+ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
+  target_offset64(arg5, arg6)));
+#else
 ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
+#endif
 break;
 #endif
 #if defined(CONFIG_SYNC_FILE_RANGE)
-- 
1.7.5.4

[Qemu-devel] [PATCH 12/17] linux-user/syscall.c: Fix indentation in prctl handling

[riku . voipio]

From: Peter Maydell 

Clean up the odd indentation of this switch statement before
we double its size by adding new cases to it.

Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |   29 +++--
 1 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index fdd49b1..ea44f99 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7242,21 +7242,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 goto unimplemented;
 #endif
 case TARGET_NR_prctl:
-switch (arg1)
-{
-case PR_GET_PDEATHSIG:
-{
-int deathsig;
-ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
-if (!is_error(ret) && arg2
-&& put_user_ual(deathsig, arg2))
-goto efault;
-}
-break;
-default:
-ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
-break;
+switch (arg1) {
+case PR_GET_PDEATHSIG:
+{
+int deathsig;
+ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
+if (!is_error(ret) && arg2
+&& put_user_ual(deathsig, arg2)) {
+goto efault;
 }
+break;
+}
+default:
+/* Most prctl options have no pointer arguments */
+ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
+break;
+}
 break;
 #ifdef TARGET_NR_arch_prctl
 case TARGET_NR_arch_prctl:
-- 
1.7.5.4

[Qemu-devel] [PATCH 16/17] elf.h: Update EF_ARM_ constants to newer ABI versions

[riku . voipio]

From: Peter Maydell 

Update the EF_ARM_* constants (for the ELF header e_flags field)
to include the newer flags specified for later versions of the ABI.
(This set of constants is from include/elf/arm.h from binutils-2.17
and so licensed under GPL-v2-or-later.)

Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 elf.h |   21 +
 1 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/elf.h b/elf.h
index 36bcac4..e1422b8 100644
--- a/elf.h
+++ b/elf.h
@@ -538,6 +538,27 @@ typedef struct {
 #define EF_ALIGN8  0x40/* 8-bit structure alignment is 
in use */
 #define EF_NEW_ABI 0x80
 #define EF_OLD_ABI 0x100
+#define EF_ARM_SOFT_FLOAT  0x200
+#define EF_ARM_VFP_FLOAT   0x400
+#define EF_ARM_MAVERICK_FLOAT 0x800
+
+/* Other constants defined in the ARM ELF spec. version B-01.  */
+#define EF_ARM_SYMSARESORTED 0x04   /* NB conflicts with EF_INTERWORK */
+#define EF_ARM_DYNSYMSUSESEGIDX 0x08/* NB conflicts with EF_APCS26 */
+#define EF_ARM_MAPSYMSFIRST 0x10/* NB conflicts with EF_APCS_FLOAT */
+#define EF_ARM_EABIMASK  0xFF00
+
+/* Constants defined in AAELF.  */
+#define EF_ARM_BE8  0x0080
+#define EF_ARM_LE8  0x0040
+
+#define EF_ARM_EABI_VERSION(flags) ((flags) & EF_ARM_EABIMASK)
+#define EF_ARM_EABI_UNKNOWN  0x
+#define EF_ARM_EABI_VER1 0x0100
+#define EF_ARM_EABI_VER2 0x0200
+#define EF_ARM_EABI_VER3 0x0300
+#define EF_ARM_EABI_VER4 0x0400
+#define EF_ARM_EABI_VER5 0x0500
 
 /* Additional symbol types for Thumb */
 #define STT_ARM_TFUNC  0xd
-- 
1.7.5.4

[Qemu-devel] [PATCH 10/17] linux-user: resolve reserved_va vma downwards

[riku . voipio]

From: Peter Maydell 

After consulting with Paul Brook, we concluded that it's best to search
the VMA space downwards, so that we don't even get the chance to conflict
with the brk range.

This patch resolves a bunch of allocation conflicts when using -R.

Signed-off-by: Alexander Graf 
[minor changes to get it to apply -- PMM]

Signed-off-by: Riku Voipio 
---
 linux-user/main.c |1 +
 linux-user/mmap.c |   35 ---
 linux-user/qemu.h |1 +
 3 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 2570140..aa95db3 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3420,6 +3420,7 @@ int main(int argc, char **argv, char **envp)
 guest_base = HOST_PAGE_ALIGN((unsigned long)p);
 }
 qemu_log("Reserved 0x%lx bytes of guest address space\n", reserved_va);
+mmap_next_start = reserved_va;
 }
 
 if (reserved_va || have_guest_base) {
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 994c02b..7125d1c 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -212,7 +212,7 @@ static int mmap_frag(abi_ulong real_start,
 #else
 # define TASK_UNMAPPED_BASE  0x4000
 #endif
-static abi_ulong mmap_next_start = TASK_UNMAPPED_BASE;
+abi_ulong mmap_next_start = TASK_UNMAPPED_BASE;
 
 unsigned long last_brk;
 
@@ -222,7 +222,7 @@ unsigned long last_brk;
 static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size)
 {
 abi_ulong addr;
-abi_ulong last_addr;
+abi_ulong end_addr;
 int prot;
 int looped = 0;
 
@@ -230,25 +230,38 @@ static abi_ulong mmap_find_vma_reserved(abi_ulong start, 
abi_ulong size)
 return (abi_ulong)-1;
 }
 
-last_addr = start;
-for (addr = start; last_addr + size != addr; addr += qemu_host_page_size) {
-if (last_addr + size >= RESERVED_VA
-|| (abi_ulong)(last_addr + size) < last_addr) {
+size = HOST_PAGE_ALIGN(size);
+end_addr = start + size;
+if (end_addr > RESERVED_VA) {
+end_addr = RESERVED_VA;
+}
+addr = end_addr - qemu_host_page_size;
+
+while (1) {
+if (addr > end_addr) {
 if (looped) {
 return (abi_ulong)-1;
 }
-last_addr = qemu_host_page_size;
-addr = 0;
+end_addr = RESERVED_VA;
+addr = end_addr - qemu_host_page_size;
 looped = 1;
 continue;
 }
 prot = page_get_flags(addr);
 if (prot) {
-last_addr = addr + qemu_host_page_size;
+end_addr = addr;
+}
+if (addr + size == end_addr) {
+break;
 }
+addr -= qemu_host_page_size;
+}
+
+if (start == mmap_next_start) {
+mmap_next_start = addr;
 }
-mmap_next_start = addr;
-return last_addr;
+
+return addr;
 }
 #endif
 
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 6889567..dd74cc0 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -251,6 +251,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
abi_ulong new_addr);
 int target_msync(abi_ulong start, abi_ulong len, int flags);
 extern unsigned long last_brk;
+extern abi_ulong mmap_next_start;
 void mmap_lock(void);
 void mmap_unlock(void);
 abi_ulong mmap_find_vma(abi_ulong, abi_ulong);
-- 
1.7.5.4

[Qemu-devel] [PATCH v3 1/2] w64: Fix data type of tb_next and other variables used for host addresses

[Stefan Weil]

QEMU host addresses must use uintptr_t to be portable for hosts with
an unusual size of long (w64).

tb_jmp_offset is an uint16_t value, therefore the local variable offset
in function tb_set_jmp_target was changed from unsigned long to uint16_t.

The type cast to long in function tb_add_jump now also uses uintptr_t.
For the bit operation used here, the signedness of the type cast does
not matter.

Some remaining unsigned long values are either only used for ARM assembler
code or will be fixed in a later patch for PPC.

v2:
Fix signature of tb_find_pc in exec.c, too (hint from Blue Swirl, thanks).
There remain lots of other long / unsigned long in exec.c which must be
replaced by uintptr_t. This will be done in a separate patch. Here
only one of these type casts is fixed.

v3:
Also fix signature of page_unprotect.

Signed-off-by: Stefan Weil 
---
 exec-all.h  |   33 -
 exec.c  |6 +++---
 translate-all.c |6 +++---
 3 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/exec-all.h b/exec-all.h
index 93a5b22..a6d6519 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -85,7 +85,7 @@ void cpu_gen_init(void);
 int cpu_gen_code(CPUArchState *env, struct TranslationBlock *tb,
  int *gen_code_size_ptr);
 int cpu_restore_state(struct TranslationBlock *tb,
-  CPUArchState *env, unsigned long searched_pc);
+  CPUArchState *env, uintptr_t searched_pc);
 void cpu_resume_from_signal(CPUArchState *env1, void *puc);
 void cpu_io_recompile(CPUArchState *env, void *retaddr);
 TranslationBlock *tb_gen_code(CPUArchState *env, 
@@ -93,7 +93,7 @@ TranslationBlock *tb_gen_code(CPUArchState *env,
   int cflags);
 void cpu_exec_init(CPUArchState *env);
 void QEMU_NORETURN cpu_loop_exit(CPUArchState *env1);
-int page_unprotect(target_ulong address, unsigned long pc, void *puc);
+int page_unprotect(target_ulong address, uintptr_t pc, void *puc);
 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
int is_cpu_write_access);
 void tlb_flush_page(CPUArchState *env, target_ulong addr);
@@ -150,7 +150,7 @@ struct TranslationBlock {
 #ifdef USE_DIRECT_JUMP
 uint16_t tb_jmp_offset[2]; /* offset of jump instruction */
 #else
-unsigned long tb_next[2]; /* address of jump generated code */
+uintptr_t tb_next[2]; /* address of jump generated code */
 #endif
 /* list of TBs jumping to this one. This is a circular list using
the two least significant bits of the pointers to tell what is
@@ -202,14 +202,14 @@ static inline void tb_set_jmp_target1(uintptr_t jmp_addr, 
uintptr_t addr)
 void ppc_tb_set_jmp_target(unsigned long jmp_addr, unsigned long addr);
 #define tb_set_jmp_target1 ppc_tb_set_jmp_target
 #elif defined(__i386__) || defined(__x86_64__)
-static inline void tb_set_jmp_target1(unsigned long jmp_addr, unsigned long 
addr)
+static inline void tb_set_jmp_target1(uintptr_t jmp_addr, uintptr_t addr)
 {
 /* patch the branch destination */
 *(uint32_t *)jmp_addr = addr - (jmp_addr + 4);
 /* no need to flush icache explicitly */
 }
 #elif defined(__arm__)
-static inline void tb_set_jmp_target1(unsigned long jmp_addr, unsigned long 
addr)
+static inline void tb_set_jmp_target1(uintptr_t jmp_addr, uintptr_t addr)
 {
 #if !QEMU_GNUC_PREREQ(4, 1)
 register unsigned long _beg __asm ("a1");
@@ -237,19 +237,17 @@ static inline void tb_set_jmp_target1(unsigned long 
jmp_addr, unsigned long addr
 #endif
 
 static inline void tb_set_jmp_target(TranslationBlock *tb,
- int n, unsigned long addr)
+ int n, uintptr_t addr)
 {
-unsigned long offset;
-
-offset = tb->tb_jmp_offset[n];
-tb_set_jmp_target1((unsigned long)(tb->tc_ptr + offset), addr);
+uint16_t offset = tb->tb_jmp_offset[n];
+tb_set_jmp_target1((uintptr_t)(tb->tc_ptr + offset), addr);
 }
 
 #else
 
 /* set the jump target */
 static inline void tb_set_jmp_target(TranslationBlock *tb,
- int n, unsigned long addr)
+ int n, uintptr_t addr)
 {
 tb->tb_next[n] = addr;
 }
@@ -262,15 +260,15 @@ static inline void tb_add_jump(TranslationBlock *tb, int 
n,
 /* NOTE: this test is only needed for thread safety */
 if (!tb->jmp_next[n]) {
 /* patch the native jump address */
-tb_set_jmp_target(tb, n, (unsigned long)tb_next->tc_ptr);
+tb_set_jmp_target(tb, n, (uintptr_t)tb_next->tc_ptr);
 
 /* add in TB jmp circular list */
 tb->jmp_next[n] = tb_next->jmp_first;
-tb_next->jmp_first = (TranslationBlock *)((long)(tb) | (n));
+tb_next->jmp_first = (TranslationBlock *)((uintptr_t)(tb) | (n));
 }
 }
 
-TranslationBlock *tb_find_pc(unsigned long pc_ptr);
+TranslationBlock *tb_find_pc(uintptr_t pc_ptr);
 
 #include "qemu-lock.h"
 
@@ -288,13 +286,14 

Re: [Qemu-devel] [PATCH v2 1/2] w64: Fix data type of tb_next and other variables used for host addresses

[Stefan Weil]

Am 29.03.2012 22:27, schrieb Blue Swirl:

On Sat, Mar 24, 2012 at 21:25, Stefan Weil  wrote:

QEMU host addresses must use uintptr_t to be portable for hosts with
an unusual size of long (w64).

tb_jmp_offset is an uint16_t value, therefore the local variable offset
in function tb_set_jmp_target was changed from unsigned long to uint16_t.

The type cast to long in function tb_add_jump now also uses uintptr_t.
For the bit operation used here, the signedness of the type cast does
not matter.

Some remaining unsigned long values are either only used for ARM 
assembler

code or will be fixed in a later patch for PPC.

v2:
Fix signature of tb_find_pc in exec.c, too (hint from Blue Swirl, 
thanks).

There remain lots of other long / unsigned long in exec.c which must be
replaced by uintptr_t. This will be done in a separate patch. Here
only one of these type casts is fixed.

Signed-off-by: Stefan Weil 
---
 exec-all.h  |   33 -
 exec.c  |4 ++--
 translate-all.c |6 +++---
 3 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/exec-all.h b/exec-all.h
index 93a5b22..a6d6519 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -85,7 +85,7 @@ void cpu_gen_init(void);
 int cpu_gen_code(CPUArchState *env, struct TranslationBlock *tb,
 int *gen_code_size_ptr);
 int cpu_restore_state(struct TranslationBlock *tb,
-  CPUArchState *env, unsigned long searched_pc);
+  CPUArchState *env, uintptr_t searched_pc);
 void cpu_resume_from_signal(CPUArchState *env1, void *puc);
 void cpu_io_recompile(CPUArchState *env, void *retaddr);
 TranslationBlock *tb_gen_code(CPUArchState *env,
@@ -93,7 +93,7 @@ TranslationBlock *tb_gen_code(CPUArchState *env,
  int cflags);
 void cpu_exec_init(CPUArchState *env);
 void QEMU_NORETURN cpu_loop_exit(CPUArchState *env1);
-int page_unprotect(target_ulong address, unsigned long pc, void *puc);
+int page_unprotect(target_ulong address, uintptr_t pc, void *puc);


Now I get this error on i386:
/src/qemu/exec.c:2505: error: conflicting types for 'page_unprotect'
/src/qemu/exec-all.h:96: note: previous declaration of 
'page_unprotect' was here


I'm really sorry that I missed that declaration. My compilers don't
complain - no matter whether I compile for 32 or 64 bits, Linux or Windows,
but of course the declaration was wrong.

Which compiler do you use?

I'll send patch v3.

Regards,

Stefan W.

[Qemu-devel] [PATCH 01/17] linux-user: improve fake /proc/self/stat making `ps` not segfault.

[riku . voipio]

From: Fabio Erculiani 

With the current fake /proc/self/stat implementation `ps` is
segfaulting because it expects to read PID and argv[0] as first and
second field respectively, with the latter being enclosed between
backets.

Reproducing is as easy as running: `ps` inside qemu-user chroot
with /proc mounted.

Signed-off-by: Fabio Erculiani 
Acked-by: Alexander Graf 
Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |   19 +++
 1 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9f5e53a..0e74ee0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4662,11 +4662,22 @@ static int open_self_stat(void *cpu_env, int fd)
   int len;
   uint64_t val = 0;
 
-  if (i == 27) {
-  /* stack bottom */
-  val = start_stack;
+  if (i == 0) {
+/* pid */
+val = getpid();
+snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
+  } else if (i == 1) {
+/* app name */
+snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
+  } else if (i == 27) {
+/* stack bottom */
+val = start_stack;
+snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
+  } else {
+/* for the rest, there is MasterCard */
+snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
   }
-  snprintf(buf, sizeof(buf), "%"PRId64 "%c", val, i == 43 ? '\n' : ' ');
+
   len = strlen(buf);
   if (write(fd, buf, len) != len) {
   return -1;
-- 
1.7.5.4

[Qemu-devel] [PATCH 00/17] linux-user: pending patches

[riku . voipio]

From: Riku Voipio 

The following patches are to sent in the pull request for linux-user.
As usual, the are also available in the git repository at:

  git://git.linaro.org/people/rikuvoipio/qemu.git linux-user-for-upstream

Riku

Alexander Graf (8):
  linux-user: implement device mapper ioctls
  linux-user: add struct old_dev_t compat
  linux-user: fix BLK ioctl arguments
  linux-user: add BLKSSZGET ioctl wrapper
  linux-user: Add ioctl for BLKBSZGET
  linux-user: fix fallocate
  linux-user: take RESERVED_VA into account for g2h_valid()
  linux-user: reserve 4GB of vmem for 32-on-64

Benoit Canet (1):
  arm-linux-user: fix elfload.c's AT_HWCAP to reflect cpu features.

Fabio Erculiani (2):
  linux-user: improve fake /proc/self/stat making `ps` not segfault.
  linux-user: target_argv is placed on ts->bprm->argv and can't be
freed()

Paul Brook (1):
  Userspace ARM BE8 support

Peter Maydell (5):
  linux-user: resolve reserved_va vma downwards
  linux-user/syscall.c: Fix indentation in prctl handling
  linux-user: Add support for prctl PR_GET_NAME and PR_SET_NAME
  linux-user/arm/syscall_nr.h: Add syscall number for ppoll
  elf.h: Update EF_ARM_ constants to newer ABI versions

 cpu-all.h   |3 +-
 disas.c |   18 ++-
 elf.h   |   21 +++
 linux-user/arm/syscall_nr.h |2 +-
 linux-user/elfload.c|   32 -
 linux-user/ioctls.h |   34 +
 linux-user/main.c   |   51 ++--
 linux-user/mmap.c   |   35 --
 linux-user/qemu.h   |2 +
 linux-user/syscall.c|  303 ---
 linux-user/syscall_defs.h   |   26 -
 linux-user/syscall_types.h  |   40 ++-
 target-arm/cpu.h|   32 +-
 target-arm/helper.c |9 +-
 target-arm/translate.c  |   11 +-
 thunk.c |   28 
 thunk.h |   28 
 17 files changed, 610 insertions(+), 65 deletions(-)

-- 
1.7.5.4

[Qemu-devel] [PATCH 06/17] linux-user: add BLKSSZGET ioctl wrapper

[riku . voipio]

From: Alexander Graf 

This patch adds an ioctl definition for BLKSSZGET.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/ioctls.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index fd8b7bb..5b70f92 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -74,6 +74,7 @@
  IOCTL(BLKFLSBUF, 0, TYPE_NULL)
  IOCTL(BLKRASET, 0, TYPE_INT)
  IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
+ IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_LONG))
 #ifdef FIBMAP
  IOCTL(FIBMAP, IOC_W | IOC_R, MK_PTR(TYPE_LONG))
 #endif
-- 
1.7.5.4

[Qemu-devel] [PATCHv3] PPC: Fix interrupt MSR value for classic exception models.

[Mark Cave-Ayland]

Commit 41557447d30eeb944e42069513df13585f5e6c7f introduced a new method of
calculating the MSR for the interrupt context. However this doesn't quite
agree with the PowerISA 2.06B specification (pp. 811-814) since too many
bits were being cleared.

This patch corrects the calculation of the interrupt MSR for classic exception
models whilst including additional comments to clarify which bits are being
changed within both the MSR and the interrupt MSR.

Signed-off-by: Mark Cave-Ayland 
Signed-off-by: Martin Sucha 
---
 target-ppc/cpu.h|2 ++
 target-ppc/helper.c |   31 ---
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index ca6f1cb..9a1c493 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -428,6 +428,8 @@ struct ppc_slb_t {
 
 /*/
 /* Machine state register bits definition*/
+#define MSR_BIT(x) ((target_ulong)1 << MSR_##x)
+
 #define MSR_SF   63 /* Sixty-four-bit modehflags */
 #define MSR_TAG  62 /* Tag-active mode (POWERx ?)*/
 #define MSR_ISF  61 /* Sixty-four-bit interrupt mode on 630  */
diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index 63a0dec..99beace 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -2478,11 +2478,36 @@ static inline void powerpc_excp(CPUPPCState *env, int 
excp_model, int excp)
 qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx
   " => %08x (%02x)\n", env->nip, excp, env->error_code);
 
-/* new srr1 value excluding must-be-zero bits */
+/* new srr1 value with interrupt-specific bits defaulting to zero */
 msr = env->msr & ~0x783fULL;
 
-/* new interrupt handler msr */
-new_msr = env->msr & ((target_ulong)1 << MSR_ME);
+switch (excp_model) {
+case POWERPC_EXCP_STD:
+case POWERPC_EXCP_601:
+case POWERPC_EXCP_602:
+case POWERPC_EXCP_603:
+case POWERPC_EXCP_603E:
+case POWERPC_EXCP_604:
+case POWERPC_EXCP_7x0:
+case POWERPC_EXCP_7x5:
+case POWERPC_EXCP_74xx:
+case POWERPC_EXCP_G2: 
+/* new classic interrupt handler msr (as per PowerISA 2.06B p.811 and 
+   p.814): 
+   1) force the following bits to zero
+  IR, DR, FE0, FE1, EE, BE, FP, PMM, PR, SE
+   2) default the following bits to zero (can be overidden later on)
+  POW, RI */
+new_msr = env->msr & ~(MSR_BIT(IR) | MSR_BIT(DR) | MSR_BIT(FE0)
+  | MSR_BIT(FE1) | MSR_BIT(EE) | MSR_BIT(BE) | MSR_BIT(FP)
+  | MSR_BIT(PMM) | MSR_BIT(PR) | MSR_BIT(SE) | MSR_BIT(POW)
+  | MSR_BIT(RI));
+break;
+default:
+/* new interrupt handler msr */
+new_msr = env->msr & ((target_ulong)1 << MSR_ME);
+break;
+   }
 
 /* target registers */
 srr0 = SPR_SRR0;
-- 
1.7.2.5

[Qemu-devel] [PATCH 07/17] linux-user: Add ioctl for BLKBSZGET

[riku . voipio]

From: Alexander Graf 

This patch adds the ioctl wrapper definition for BLKBSZGET.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/ioctls.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 5b70f92..eb96a08 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -75,6 +75,7 @@
  IOCTL(BLKRASET, 0, TYPE_INT)
  IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
  IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_LONG))
+ IOCTL(BLKBSZGET, IOC_R, MK_PTR(TYPE_INT))
 #ifdef FIBMAP
  IOCTL(FIBMAP, IOC_W | IOC_R, MK_PTR(TYPE_LONG))
 #endif
-- 
1.7.5.4

[Qemu-devel] [PATCH 09/17] linux-user: take RESERVED_VA into account for g2h_valid()

[riku . voipio]

From: Alexander Graf 

When running with -R (RESERVED_VA > 0) all guest virtual addresses
are within the [0..RESERVED_VA] range. Reflect this with g2h_valid()
too so we can safely check for boundaries of our guest address space.

This is required to have the /proc/self/maps code not show maps that
aren't accessible from the guest process's point of view.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 cpu-all.h |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/cpu-all.h b/cpu-all.h
index 9621c3c..4512518 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -204,7 +204,8 @@ extern unsigned long reserved_va;
 #else
 #define h2g_valid(x) ({ \
 unsigned long __guest = (unsigned long)(x) - GUEST_BASE; \
-__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS); \
+(__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
+(!RESERVED_VA || (__guest < RESERVED_VA)); \
 })
 #endif
 
-- 
1.7.5.4

[Qemu-devel] [PATCH 13/17] linux-user: Add support for prctl PR_GET_NAME and PR_SET_NAME

[riku . voipio]

From: Peter Maydell 

Add support for the prctl options PR_GET_NAME and PR_SET_NAME,
which take or return a name in a 16 byte buffer pointed to by arg2.

Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |   24 
 1 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ea44f99..8a92162 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7253,6 +7253,30 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 }
+#ifdef PR_GET_NAME
+case PR_GET_NAME:
+{
+void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
+if (!name) {
+goto efault;
+}
+ret = get_errno(prctl(arg1, (unsigned long)name,
+  arg3, arg4, arg5));
+unlock_user(name, arg2, 16);
+break;
+}
+case PR_SET_NAME:
+{
+void *name = lock_user(VERIFY_READ, arg2, 16, 1);
+if (!name) {
+goto efault;
+}
+ret = get_errno(prctl(arg1, (unsigned long)name,
+  arg3, arg4, arg5));
+unlock_user(name, arg2, 0);
+break;
+}
+#endif
 default:
 /* Most prctl options have no pointer arguments */
 ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
-- 
1.7.5.4

[Qemu-devel] [PATCH 14/17] linux-user/arm/syscall_nr.h: Add syscall number for ppoll

[riku . voipio]

From: Peter Maydell 

The list of ARM syscall numbers was missing the entry for ppoll,
which meant we were accidentally not providing it. (This wasn't
causing any practical issues beyond warnings about unimplemented
syscalls, because glibc will fall back to another code path if the
syscall isn't present.)

Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 linux-user/arm/syscall_nr.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/linux-user/arm/syscall_nr.h b/linux-user/arm/syscall_nr.h
index 7f05879..5356395 100644
--- a/linux-user/arm/syscall_nr.h
+++ b/linux-user/arm/syscall_nr.h
@@ -339,7 +339,7 @@
 #define TARGET_NR_fchmodat (333)
 #define TARGET_NR_faccessat(334)
 #define TARGET_NR_pselect6 (335)
-   /* 336 for ppoll */
+#define TARGET_NR_ppoll (336)
 #define TARGET_NR_unshare  (337)
 #define TARGET_NR_set_robust_list  (338)
 #define TARGET_NR_get_robust_list  (339)
-- 
1.7.5.4

[Qemu-devel] [PATCH 04/17] linux-user: add struct old_dev_t compat

[riku . voipio]

From: Alexander Graf 

The compat LOOP_SET_STATUS ioctl uses struct old_dev_t in its passed
struct. That variable type is vastly different between different
architectures. Implement wrapping around it so we can use it.

This fixes running arm kpartx on an x86_64 host for me.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall_types.h |4 ++--
 thunk.c|   28 
 thunk.h|   28 
 3 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
index fb8c9c9..601618d 100644
--- a/linux-user/syscall_types.h
+++ b/linux-user/syscall_types.h
@@ -83,9 +83,9 @@ STRUCT(mixer_info,
 /* loop device ioctls */
 STRUCT(loop_info,
TYPE_INT, /* lo_number */
-   TYPE_SHORT,   /* lo_device */
+   TYPE_OLDDEVT, /* lo_device */
TYPE_ULONG,   /* lo_inode */
-   TYPE_SHORT,   /* lo_rdevice */
+   TYPE_OLDDEVT, /* lo_rdevice */
TYPE_INT, /* lo_offset */
TYPE_INT, /* lo_encrypt_type */
TYPE_INT, /* lo_encrypt_key_size */
diff --git a/thunk.c b/thunk.c
index 0657188..8e4 100644
--- a/thunk.c
+++ b/thunk.c
@@ -46,6 +46,7 @@ static inline const argtype *thunk_type_next(const argtype 
*type_ptr)
 case TYPE_LONG:
 case TYPE_ULONG:
 case TYPE_PTRVOID:
+case TYPE_OLDDEVT:
 return type_ptr;
 case TYPE_PTR:
 return thunk_type_next_ptr(type_ptr);
@@ -188,6 +189,33 @@ const argtype *thunk_convert(void *dst, const void *src,
 #else
 #warning unsupported conversion
 #endif
+case TYPE_OLDDEVT:
+{
+uint64_t val = 0;
+switch (thunk_type_size(type_ptr - 1, !to_host)) {
+case 2:
+val = *(uint16_t *)src;
+break;
+case 4:
+val = *(uint32_t *)src;
+break;
+case 8:
+val = *(uint64_t *)src;
+break;
+}
+switch (thunk_type_size(type_ptr - 1, to_host)) {
+case 2:
+*(uint16_t *)dst = tswap16(val);
+break;
+case 4:
+*(uint32_t *)dst = tswap32(val);
+break;
+case 8:
+*(uint64_t *)dst = tswap64(val);
+break;
+}
+break;
+}
 case TYPE_ARRAY:
 {
 int array_length, i, dst_size, src_size;
diff --git a/thunk.h b/thunk.h
index 9810743..5be8f91 100644
--- a/thunk.h
+++ b/thunk.h
@@ -37,6 +37,7 @@ typedef enum argtype {
 TYPE_PTR,
 TYPE_ARRAY,
 TYPE_STRUCT,
+TYPE_OLDDEVT,
 } argtype;
 
 #define MK_PTR(type) TYPE_PTR, type
@@ -104,6 +105,31 @@ static inline int thunk_type_size(const argtype *type_ptr, 
int is_host)
 return TARGET_ABI_BITS / 8;
 }
 break;
+case TYPE_OLDDEVT:
+if (is_host) {
+#if defined(HOST_X86_64)
+return 8;
+#elif defined(HOST_ALPHA) || defined(HOST_IA64) || defined(HOST_MIPS) || \
+  defined(HOST_PARISC) || defined(HOST_SPARC64)
+return 4;
+#elif defined(HOST_PPC)
+return HOST_LONG_SIZE;
+#else
+return 2;
+#endif
+} else {
+#if defined(TARGET_X86_64)
+return 8;
+#elif defined(TARGET_ALPHA) || defined(TARGET_IA64) || defined(TARGET_MIPS) || 
\
+  defined(TARGET_PARISC) || defined(TARGET_SPARC64)
+return 4;
+#elif defined(TARGET_PPC)
+return TARGET_ABI_BITS / 8;
+#else
+return 2;
+#endif
+}
+break;
 case TYPE_ARRAY:
 size = type_ptr[1];
 return size * thunk_type_size_array(type_ptr + 2, is_host);
@@ -141,6 +167,8 @@ static inline int thunk_type_align(const argtype *type_ptr, 
int is_host)
 return TARGET_ABI_BITS / 8;
 }
 break;
+case TYPE_OLDDEVT:
+return thunk_type_size(type_ptr, is_host);
 case TYPE_ARRAY:
 return thunk_type_align_array(type_ptr + 2, is_host);
 case TYPE_STRUCT:
-- 
1.7.5.4

[Qemu-devel] [PATCH] configure: Fix wrong preprocessor statement

[Stefan Weil]

#abort is not a preprocessor statement. It aborts, but the preprocessor
statement #error is more common to abort a compilation.

Signed-off-by: Stefan Weil 
---
 configure |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/configure b/configure
index 4b3adc9..5d5b854 100755
--- a/configure
+++ b/configure
@@ -2616,7 +2616,7 @@ int main(void) {
 #if defined(_POSIX_SYNCHRONIZED_IO) && _POSIX_SYNCHRONIZED_IO > 0
 return fdatasync(0);
 #else
-#abort Not supported
+#error Not supported
 #endif
 }
 EOF
-- 
1.7.9

[Qemu-devel] [PATCH 17/17] Userspace ARM BE8 support

[riku . voipio]

From: Paul Brook 

Add support for ARM BE8 userspace binaries.
i.e. big-endian data and little-endian code.
In principle LE8 mode is also possible, but AFAIK has never actually
been implemented/used.

System emulation doesn't have any useable big-endian board models,
but should in principle work once you fix that.
Dynamic endianness switching requires messing with data accesses,
preferably with TCG cooperation, and is orthogonal to BE8 support.

Signed-off-by: Paul Brook 
[PMM: various changes, mostly as per my suggestions in code review:
 * rebase
 * use EF_ defines rather than hardcoded constants
 * make bswap_code a bool for future VMSTATE macro compatibility
 * update comment in cpu.h about TB flags bit field usage
 * factor out load-code-and-swap into arm_ld*_code functions and
   get_user_code* macros
 * fix stray trailing space at end of line
 * added braces in disas.c to satisfy checkpatch
]
Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 disas.c|   18 +-
 linux-user/elfload.c   |1 +
 linux-user/main.c  |   34 +-
 linux-user/qemu.h  |1 +
 target-arm/cpu.h   |   32 ++--
 target-arm/helper.c|9 +
 target-arm/translate.c |   11 +++
 7 files changed, 86 insertions(+), 20 deletions(-)

diff --git a/disas.c b/disas.c
index 9485824..4f2c4e4 100644
--- a/disas.c
+++ b/disas.c
@@ -138,7 +138,7 @@ print_insn_thumb1(bfd_vma pc, disassemble_info *info)
 /* Disassemble this for me please... (debugging). 'flags' has the following
values:
 i386 - 1 means 16 bit code, 2 means 64 bit code
-arm  - nonzero means thumb code
+arm  - bit 0 = thumb, bit 1 = reverse endian
 ppc  - nonzero means little endian
 other targets - unused
  */
@@ -169,10 +169,18 @@ void target_disas(FILE *out, target_ulong code, 
target_ulong size, int flags)
 disasm_info.mach = bfd_mach_i386_i386;
 print_insn = print_insn_i386;
 #elif defined(TARGET_ARM)
-if (flags)
-   print_insn = print_insn_thumb1;
-else
-   print_insn = print_insn_arm;
+if (flags & 1) {
+print_insn = print_insn_thumb1;
+} else {
+print_insn = print_insn_arm;
+}
+if (flags & 2) {
+#ifdef TARGET_WORDS_BIGENDIAN
+disasm_info.endian = BFD_ENDIAN_LITTLE;
+#else
+disasm_info.endian = BFD_ENDIAN_BIG;
+#endif
+}
 #elif defined(TARGET_SPARC)
 print_insn = print_insn_sparc;
 #ifdef TARGET_SPARC64
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 4ce9743..f3b1552 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1576,6 +1576,7 @@ static void load_elf_image(const char *image_name, int 
image_fd,
 info->start_data = -1;
 info->end_data = 0;
 info->brk = 0;
+info->elf_flags = ehdr->e_flags;
 
 for (i = 0; i < ehdr->e_phnum; i++) {
 struct elf_phdr *eppnt = phdr + i;
diff --git a/linux-user/main.c b/linux-user/main.c
index 23ad357..191b750 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -33,6 +33,7 @@
 #include "tcg.h"
 #include "qemu-timer.h"
 #include "envlist.h"
+#include "elf.h"
 
 #define DEBUG_LOGFILE "/tmp/qemu.log"
 
@@ -474,6 +475,22 @@ void cpu_loop(CPUX86State *env)
 
 #ifdef TARGET_ARM
 
+#define get_user_code_u32(x, gaddr, doswap) \
+({ abi_long __r = get_user_u32((x), (gaddr));   \
+if (!__r && (doswap)) { \
+(x) = bswap32(x);   \
+}   \
+__r;\
+})
+
+#define get_user_code_u16(x, gaddr, doswap) \
+({ abi_long __r = get_user_u16((x), (gaddr));   \
+if (!__r && (doswap)) { \
+(x) = bswap16(x);   \
+}   \
+__r;\
+})
+
 /*
  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
  * Input:
@@ -707,7 +724,7 @@ void cpu_loop(CPUARMState *env)
 /* we handle the FPU emulation here, as Linux */
 /* we get the opcode */
 /* FIXME - what to do if get_user() fails? */
-get_user_u32(opcode, env->regs[15]);
+get_user_code_u32(opcode, env->regs[15], env->bswap_code);
 
 rc = EmulateAll(opcode, &ts->fpa, env);
 if (rc == 0) { /* illegal instruction */
@@ -777,23 +794,25 @@ void cpu_loop(CPUARMState *env)
 if (trapnr == EXCP_BKPT) {
 if (env->thumb) {
 /* FIXME - what to do if get_user() fails? */
-get_user_u16(insn, env->regs[15]);
+get_user_code_u16(insn, env->regs[15], 
env->bswap_code);
 n = insn & 0xff;
 env->

[Qemu-devel] [PATCH 11/17] linux-user: reserve 4GB of vmem for 32-on-64

[riku . voipio]

From: Alexander Graf 

When running 32-on-64 bit guests, we should always reserve as much
virtual memory as we possibly can for the guest process, so it can
never overlap with QEMU address space.

Fortunately we already have the infrastructure for that. All that's
missing is some sane default value to also make use of it!

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/main.c |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index aa95db3..23ad357 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -48,8 +48,19 @@ unsigned long mmap_min_addr;
 #if defined(CONFIG_USE_GUEST_BASE)
 unsigned long guest_base;
 int have_guest_base;
+#if (TARGET_LONG_BITS == 32) && (HOST_LONG_BITS == 64)
+/*
+ * When running 32-on-64 we should make sure we can fit all of the possible
+ * guest address space into a contiguous chunk of virtual host memory.
+ *
+ * This way we will never overlap with our own libraries or binaries or stack
+ * or anything else that QEMU maps.
+ */
+unsigned long reserved_va = 0xf700;
+#else
 unsigned long reserved_va;
 #endif
+#endif
 
 static void usage(void);
 
-- 
1.7.5.4

Re: [Qemu-devel] [PATCH v4 08/10] add mirroring to transaction

[Paolo Bonzini]

> have either a mandatory 'full':'bool' or an optional '*base':'str'
> for choosing how much of the backing chain to be mirrored

I think '*base': 'str' is too complicated to implement at this
stage.

Paolo

Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/2] PPC: Fix interrupt MSR value within the PPC interrupt handler.

[Mark Cave-Ayland]

On 29/03/12 20:06, Scott Wood wrote:


Hrm, yeah.  I think what you ought to do is to use the new logic just
for the "classic" exception models.  Have the default branch remain
the one that just masks ME.  That's wrong, but it's the same wrong as
we have already, and we can fix it later once we've verified what the
right thing to do is for 40x and BookE.


Agreed. I've just reworked the patch based on yours/David's comments so 
that it should minimise the effect of any changes.



I'm actually coming at this from a fixing what was potentially an
OpenBIOS bug rather than a PPC angle, so I have to admit I have no I
idea which ones are the "classic" exception models. Would you consider
this to be just EXCP_STD, EXCP_6* and EXCP_7*?


Also POWERPC_EXCP_G2, and maybe POWERPC_EXCP_970?  Even on server
there's a question of whether it's a 2.06 chip or previous version of
the architecture.

One thing that sticks out for classic chips that is missing here is
MSR[POW], which should be cleared on exceptions.


I'm not sure about _970 given that it's 64-bit, so I've left this on the 
old behaviour for the time being and altered the patch so that MSR_POW 
is now cleared in the classic exception path too.


I see that Andreas has already applied the second patch in the series to 
ppc-next, so I'll just resubmit a revised version of the first patch 
shortly.



ATB,

Mark.

[Qemu-devel] [PATCH V3 2/8] hw/acpi_piix4.c: replace register_ioport*

[Julien Grall]

This patch replaces all register_ioport* with the new memory API. It permits
to use the new Memory stuff like listener.

Signed-off-by: Julien Grall 
---
 hw/acpi_piix4.c |  112 +-
 1 files changed, 93 insertions(+), 19 deletions(-)

diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 797ed24..d9e4bd9 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -61,6 +61,13 @@ typedef struct PIIX4PMState {
 PMSMBus smb;
 uint32_t smb_io_base;
 
+MemoryRegion smb_io;
+MemoryRegion acpi_io;
+MemoryRegion acpi_hot_io;
+MemoryRegion pci_hot_io;
+MemoryRegion pciej_hot_io;
+MemoryRegion pcirmv_hot_io;
+
 qemu_irq irq;
 qemu_irq smi_irq;
 int kvm_enabled;
@@ -176,7 +183,8 @@ static void apm_ctrl_changed(uint32_t val, void *arg)
 }
 }
 
-static void acpi_dbg_writel(void *opaque, uint32_t addr, uint32_t val)
+static void acpi_dbg_writel(void *opaque, target_phys_addr_t addr,
+uint64_t val, unsigned size)
 {
 PIIX4_DPRINTF("ACPI: DBG: 0x%08x\n", val);
 }
@@ -325,6 +333,15 @@ static void piix4_pm_machine_ready(Notifier *n, void 
*opaque)
 
 }
 
+static const MemoryRegionOps acpi_io_ops = {
+.write = acpi_dbg_writel,
+.endianness = DEVICE_NATIVE_ENDIAN,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+};
+
 static int piix4_pm_initfn(PCIDevice *dev)
 {
 PIIX4PMState *s = DO_UPCAST(PIIX4PMState, dev, dev);
@@ -341,7 +358,9 @@ static int piix4_pm_initfn(PCIDevice *dev)
 /* APM */
 apm_init(&s->apm, apm_ctrl_changed, s);
 
-register_ioport_write(ACPI_DBG_IO_ADDR, 4, 4, acpi_dbg_writel, s);
+memory_region_init_io(&s->acpi_io, &acpi_io_ops, s, "piix4-acpi", 4);
+memory_region_add_subregion(pci_address_space_io(dev), ACPI_DBG_IO_ADDR,
+&s->acpi_io);
 
 if (s->kvm_enabled) {
 /* Mark SMM as already inited to prevent SMM from running.  KVM does 
not
@@ -429,16 +448,17 @@ static void piix4_pm_register_types(void)
 
 type_init(piix4_pm_register_types)
 
-static uint32_t gpe_readb(void *opaque, uint32_t addr)
+static uint64_t gpe_readb(void *opaque, target_phys_addr_t addr, unsigned size)
 {
 PIIX4PMState *s = opaque;
-uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
+uint64_t val = acpi_gpe_ioport_readb(&s->ar, addr);
 
 PIIX4_DPRINTF("gpe read %x == %x\n", addr, val);
 return val;
 }
 
-static void gpe_writeb(void *opaque, uint32_t addr, uint32_t val)
+static void gpe_writeb(void *opaque, target_phys_addr_t addr, uint64_t val,
+   unsigned size)
 {
 PIIX4PMState *s = opaque;
 
@@ -448,7 +468,8 @@ static void gpe_writeb(void *opaque, uint32_t addr, 
uint32_t val)
 PIIX4_DPRINTF("gpe write %x <== %d\n", addr, val);
 }
 
-static uint32_t pcihotplug_read(void *opaque, uint32_t addr)
+static uint64_t pcihotplug_read(void *opaque, target_phys_addr_t addr,
+unsigned size)
 {
 uint32_t val = 0;
 struct pci_status *g = opaque;
@@ -467,7 +488,8 @@ static uint32_t pcihotplug_read(void *opaque, uint32_t addr)
 return val;
 }
 
-static void pcihotplug_write(void *opaque, uint32_t addr, uint32_t val)
+static void pcihotplug_write(void *opaque, target_phys_addr_t addr,
+ uint64_t val, unsigned size)
 {
 struct pci_status *g = opaque;
 switch (addr) {
@@ -482,13 +504,15 @@ static void pcihotplug_write(void *opaque, uint32_t addr, 
uint32_t val)
 PIIX4_DPRINTF("pcihotplug write %x <== %d\n", addr, val);
 }
 
-static uint32_t pciej_read(void *opaque, uint32_t addr)
+static uint64_t pciej_read(void *opaque, target_phys_addr_t addr,
+   unsigned size)
 {
 PIIX4_DPRINTF("pciej read %x\n", addr);
 return 0;
 }
 
-static void pciej_write(void *opaque, uint32_t addr, uint32_t val)
+static void pciej_write(void *opaque, target_phys_addr_t addr, uint64_t val,
+unsigned size)
 {
 BusState *bus = opaque;
 DeviceState *qdev, *next;
@@ -506,14 +530,16 @@ static void pciej_write(void *opaque, uint32_t addr, 
uint32_t val)
 PIIX4_DPRINTF("pciej write %x <== %d\n", addr, val);
 }
 
-static uint32_t pcirmv_read(void *opaque, uint32_t addr)
+static uint64_t pcirmv_read(void *opaque, target_phys_addr_t addr,
+unsigned size)
 {
 PIIX4PMState *s = opaque;
 
 return s->pci0_hotplug_enable;
 }
 
-static void pcirmv_write(void *opaque, uint32_t addr, uint32_t val)
+static void pcirmv_write(void *opaque, target_phys_addr_t addr, uint64_t val,
+ unsigned size)
 {
 return;
 }
@@ -521,22 +547,70 @@ static void pcirmv_write(void *opaque, uint32_t addr, 
uint32_t val)
 static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
 PCIHotplugState state);
 
+static const MemoryRegionOps acpi_hot_io_ops = {
+.read = gpe_readb,
+.writ

[Qemu-devel] [PATCH 28/46] qemu-img: add image fragmentation statistics

[Kevin Wolf]

From: Dong Xu Wang 

Discussion can be found at:
http://patchwork.ozlabs.org/patch/128730/

This patch add image fragmentation statistics while using qemu-img check.

Signed-off-by: Dong Xu Wang 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block.h|7 +++
 qemu-img.c |9 -
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/block.h b/block.h
index c51ab16..ea12f5d 100644
--- a/block.h
+++ b/block.h
@@ -17,6 +17,12 @@ typedef struct BlockDriverInfo {
 int64_t vm_state_offset;
 } BlockDriverInfo;
 
+typedef struct BlockFragInfo {
+uint64_t allocated_clusters;
+uint64_t total_clusters;
+uint64_t fragmented_clusters;
+} BlockFragInfo;
+
 typedef struct QEMUSnapshotInfo {
 char id_str[128]; /* unique snapshot id */
 /* the following fields are informative. They are not needed for
@@ -175,6 +181,7 @@ typedef struct BdrvCheckResult {
 int corruptions;
 int leaks;
 int check_errors;
+BlockFragInfo bfi;
 } BdrvCheckResult;
 
 int bdrv_check(BlockDriverState *bs, BdrvCheckResult *res);
diff --git a/qemu-img.c b/qemu-img.c
index 0e48b35..4de48ba 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -428,6 +428,13 @@ static int img_check(int argc, char **argv)
 }
 }
 
+if (result.bfi.total_clusters != 0 && result.bfi.allocated_clusters != 0) {
+printf("%" PRId64 "/%" PRId64 "= %0.2f%% allocated, %0.2f%% 
fragmented\n",
+result.bfi.allocated_clusters, result.bfi.total_clusters,
+result.bfi.allocated_clusters * 100.0 / result.bfi.total_clusters,
+result.bfi.fragmented_clusters * 100.0 / 
result.bfi.allocated_clusters);
+}
+
 bdrv_delete(bs);
 
 if (ret < 0 || result.check_errors) {
@@ -716,7 +723,7 @@ static int img_convert(int argc, char **argv)
 ret = -1;
 goto out;
 }
-
+
 qemu_progress_init(progress, 2.0);
 qemu_progress_print(0, 100);
 
-- 
1.7.6.5

[Qemu-devel] [PATCH V2 09/10] SD card: make SD card a child of host controller

[Igor Mitsyanko]

Only for host controllers implemented as QOM object.

Signed-off-by: Igor Mitsyanko 
---
 hw/milkymist-memcard.c |1 +
 hw/pl181.c |1 +
 hw/ssi-sd.c|1 +
 3 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/hw/milkymist-memcard.c b/hw/milkymist-memcard.c
index 80cac20..c8a6bae 100644
--- a/hw/milkymist-memcard.c
+++ b/hw/milkymist-memcard.c
@@ -259,6 +259,7 @@ static int milkymist_memcard_init(SysBusDevice *dev)
 object_property_set_int(OBJECT(s->card), dinfo->unit, "if-idx", &errp);
 }
 object_property_set_bool(OBJECT(s->card), false, "spi-mode", &errp);
+object_property_add_child(OBJECT(s), "card", OBJECT(s->card), &errp);
 assert_no_error(errp);
 SD_INIT(s->card);
 s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
diff --git a/hw/pl181.c b/hw/pl181.c
index 48720ae..5f81531 100644
--- a/hw/pl181.c
+++ b/hw/pl181.c
@@ -490,6 +490,7 @@ static int pl181_init(SysBusDevice *dev)
 object_property_set_int(OBJECT(s->card), dinfo->unit, "if-idx", &errp);
 }
 object_property_set_bool(OBJECT(s->card), false, "spi-mode", &errp);
+object_property_add_child(OBJECT(s), "card", OBJECT(s->card), &errp);
 assert_no_error(errp);
 SD_INIT(s->card);
 return 0;
diff --git a/hw/ssi-sd.c b/hw/ssi-sd.c
index 9f4510d..f30a553 100644
--- a/hw/ssi-sd.c
+++ b/hw/ssi-sd.c
@@ -245,6 +245,7 @@ static int ssi_sd_init(SSISlave *dev)
 object_property_set_int(OBJECT(s->sd), dinfo->unit, "if-idx", &errp);
 }
 object_property_set_bool(OBJECT(s->sd), true, "spi-mode", &errp);
+object_property_add_child(OBJECT(s), "card", OBJECT(s->sd), &errp);
 assert_no_error(errp);
 SD_INIT(s->sd);
 register_savevm(&dev->qdev, "ssi_sd", -1, 1, ssi_sd_save, ssi_sd_load, s);
-- 
1.7.4.1

Re: [Qemu-devel] [PATCH 0/5] Spread the use of QEMU threading & locking API

[Paolo Bonzini]

Il 05/04/2012 15:00, Jan Kiszka ha scritto:
>> > But QemuEvent takes away the best name for a useful concept (a
>> > cross-platform implementation of Win32 events; you can see that in the
> The concept is not lost, it perfectly fit this incarnation. Just the
> special futex version for Linux is not feasible.

It's not just about the futex version.  Can you implement a
userspace-only fast path?  Perhaps with EFD_SEMAPHORE you can:

  x = state of the event
bit 0 = set/reset
bit 1..31 = waiters

  set
y = xchg(&x, 1)
if y > 1
  write y >> 1 to eventfd

  wait
do {
  y = x
  if (y & 1) return;
} while (fail to cmpxchg x from y to y + 2)
read from eventfd

  reset
cmpxchg x from 1 to 0

but what if you are falling back to pipes?

2) It's much more heavyweight since (like Windows primitives) you need
to set aside OS resources for each QemuEvent.  With mutexes and condvars
the kernel-side waitqueues come and go as they are used.

>> > RCU patches which were even posted on the list).  We already have a
>> > perfectly good name for EventNotifiers, and there's no reason to break
>> > the history of event-notifier.c.
> Have you measured if the futex optimization is actually worth the
> effort, specifically compared to the fast path of mutex/cond loop?

A futex is 30% faster than the mutex/cond combination.  It's called on
fast paths (call_rcu and, depending on how you implement RCU,
rcu_read_unlock) so it's important.

Paolo

[Qemu-devel] [Bug 886621] Re: Mac OS X Lion: segmentation fault

[Alan]

Having exactly the same problem here...

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/886621

Title:
  Mac OS X Lion: segmentation fault

Status in QEMU:
  New

Bug description:
  /usr/local/xeos-build/qemu/bin/qemu -boot order=a -M pc -cpu 486 -vga
  std -smp 1 -m 16 -soundhw sb16 -d
  out_asm,in_asm,op,op_opt,int,exec,cpu,pcall,cpu_reset -fda
  ./build/release/xeos.flp

  Process: qemu [5680]
  Path:/usr/local/xeos-build/qemu/bin/qemu
  Identifier:  qemu
  Version: ??? (???)
  Code Type:   X86-64 (Native)
  Parent Process:  make [5677]

  Date/Time:   2011-11-05 18:53:25.574 +0100
  OS Version:  Mac OS X 10.7.2 (11C74)
  Report Version:  9
  Sleep/Wake UUID: 3C81B8F7-0321-4621-923C-AB655F2CC701

  Interval Since Last Report:  503994 sec
  Crashes Since Last Report:   35
  Per-App Crashes Since Last Report:   9
  Anonymous UUID:  28E7367A-4697-43A4-8D12-005F1917DFD3

  Crashed Thread:  0  Dispatch queue: com.apple.main-thread

  Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
  Exception Codes: KERN_INVALID_ADDRESS at 0x003a

  VM Regions Near 0x3a:
  -->
  __TEXT 000107c75000-000107ebc000 [ 2332K] r-x/rwx 
SM=COW  /usr/local/xeos-build/qemu/bin/qemu

  Application Specific Information:
  objc[5680]: garbage collection is OFF

  Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
  0   qemu  0x000107d9d0ed 0x107c75000 + 1212653
  1   qemu  0x000107dabc39 0x107c75000 + 1272889
  2   ???   0x00010c3b007c 0 + 4500160636

  Thread 1:: Dispatch queue: com.apple.libdispatch-manager
  0   libsystem_kernel.dylib0x7fff85abb7e6 kevent + 10
  1   libdispatch.dylib 0x7fff8e7b15be _dispatch_mgr_invoke 
+ 923
  2   libdispatch.dylib 0x7fff8e7b014e _dispatch_mgr_thread 
+ 54

  Thread 2:
  0   libsystem_kernel.dylib0x7fff85abb192 __workq_kernreturn + 
10
  1   libsystem_c.dylib 0x7fff85886594 _pthread_wqthread + 
758
  2   libsystem_c.dylib 0x7fff85887b85 start_wqthread + 13

  Thread 3:
  0   libsystem_kernel.dylib0x7fff85abb192 __workq_kernreturn + 
10
  1   libsystem_c.dylib 0x7fff85886594 _pthread_wqthread + 
758
  2   libsystem_c.dylib 0x7fff85887b85 start_wqthread + 13

  Thread 4:
  0   libsystem_kernel.dylib0x7fff85abb192 __workq_kernreturn + 
10
  1   libsystem_c.dylib 0x7fff85886594 _pthread_wqthread + 
758
  2   libsystem_c.dylib 0x7fff85887b85 start_wqthread + 13

  Thread 5:
  0   libsystem_kernel.dylib0x7fff85abb036 __sigwait + 10
  1   libsystem_c.dylib 0x7fff8583aaab sigwait + 68
  2   qemu  0x000107d221ef 0x107c75000 + 709103
  3   libsystem_c.dylib 0x7fff858848bf _pthread_start + 335
  4   libsystem_c.dylib 0x7fff85887b75 thread_start + 13

  Thread 0 crashed with X86 Thread State (64-bit):
    rax: 0x5433ade07f7c29e7  rbx: 0x0010  rcx: 0x  
rdx: 0x2000
    rdi: 0x0010  rsi: 0x  rbp: 0x7fff678714a0  
rsp: 0x7fff67871470
     r8: 0x000109fe8000   r9: 0x0fff  r10: 0x7fa7c185c01d  
r11: 0x0246
    r12: 0x0001087ae368  r13: 0x  r14: 0x  
r15: 0x1f80
    rip: 0x000107d9d0ed  rfl: 0x00010202  cr2: 0x003a
  Logical CPU: 6

  Binary Images:
     0x107c75000 -0x107ebbff7 +qemu (??? - ???) 
 /usr/local/xeos-build/qemu/bin/qemu
     0x1087cb000 -0x1088b5fe7 +libglib-2.0.0.dylib (2704.0.0 - 
compatibility 2704.0.0) <5E6151CC-61F8-3335-A6FA-EFDD71474FA6> 
/usr/local/macmade/sw/glib/lib/libglib-2.0.0.dylib
     0x108917000 -0x10891 +libintl.8.dylib (9.1.0 - 
compatibility 9.0.0) <7D75E177-3172-2F78-1E08-1118A3D2D2A9> 
/usr/local/webstart/sw/gettext/lib/libintl.8.dylib
     0x108928000 -0x108949fff +libpng12.0.dylib (23.0.0 - 
compatibility 23.0.0)  
/usr/local/webstart/sw/lib-png/lib/libpng12.0.dylib
     0x10895a000 -0x10897aff7 +libjpeg.62.dylib (63.0.0 - 
compatibility 63.0.0)  
/usr/local/webstart/sw/lib-jpeg/lib/libjpeg.62.dylib
     0x108987000 -0x108a67ff7 +libiconv.2.dylib (8.0.0 - 
compatibility 8.0.0) <54A03BBE-E505-9FF1-79AA-D4D5139BBF9C> 
/usr/local/webstart/sw/lib-iconv/lib/libiconv.2.dylib
  0x7fff67875000 - 0x7fff678a9ac7  dyld (195.5 - ???) 
<4A6E2B28-C7A2-3528-ADB7-4076B9836041> /usr/lib/dyld
  0x7fff8547d000 - 0x7fff8547efff  libDiagnosticMessagesClient.dylib 
(??? - ???) <3DCF577B-F126-302B-BCE2-4

[Qemu-devel] [PATCH v2 2/2] softfloat: roundAndPackInt{32, 64}: Don't assume int32 is 32 bits

[Peter Maydell]

Fix code in roundAndPackInt32 that assumed that int32 was only
32 bits, by simply using int32_t instead. Fix the parallel bug
in roundAndPackInt64 as well, although that one is only theoretical
since it's unlikely that int64 will ever be more than 64 bits.

Signed-off-by: Peter Maydell 
---
 fpu/softfloat.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index 074fbc3..d37090a 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -117,7 +117,7 @@ static int32 roundAndPackInt32( flag zSign, uint64_t absZ 
STATUS_PARAM)
 int8 roundingMode;
 flag roundNearestEven;
 int8 roundIncrement, roundBits;
-int32 z;
+int32_t z;
 
 roundingMode = STATUS(float_rounding_mode);
 roundNearestEven = ( roundingMode == float_round_nearest_even );
@@ -166,7 +166,7 @@ static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, 
uint64_t absZ1 STATU
 {
 int8 roundingMode;
 flag roundNearestEven, increment;
-int64 z;
+int64_t z;
 
 roundingMode = STATUS(float_rounding_mode);
 roundNearestEven = ( roundingMode == float_round_nearest_even );
-- 
1.7.1

Re: [Qemu-devel] [PATCH] Support system reset in Exynos4210

[Dmitry Solodkiy]

Hi Dmitry,

  Suggest you first get internal specifications via official routes (I have no 
authority to distribute it) and then propose patches which wouldn't break 
existing exynos4210 model.

Thanks,
 Dmitry Solodkiy,
 Emulator/Kernel PL, Mobile Group,
 Moscow R&D center, Samsung Electronics

-Original Message-
From: Dmitry Zhurikhin [mailto:z...@ispras.ru] 
Sent: Wednesday, April 04, 2012 9:38 PM
To: Maksim Kozlov
Cc: Kyungmin Park; Igor Mitsyanko; qemu-devel@nongnu.org; Evgeny Voevodin; 
Dmitry Solodkiy
Subject: Re: [PATCH] Support system reset in Exynos4210

On 2012-04-04 20:16, Maksim Kozlov wrote:
> 04.04.2012 16:35, Dmitry Zhurikhin пишет:
>> On 2012-04-04 15:55, Maksim Kozlov wrote:
>>> 04.04.2012 14:08, Dmitry Zhurikhin пишет:
 Reset the system when 1 is written to SWRESET register

 Signed-off-by: Dmitry Zhurikhin
 ---
hw/exynos4210_pmu.c |   11 +++
1 files changed, 11 insertions(+), 0 deletions(-)

 diff --git a/hw/exynos4210_pmu.c b/hw/exynos4210_pmu.c index 
 c12d750..edf6e34 100644
 --- a/hw/exynos4210_pmu.c
 +++ b/hw/exynos4210_pmu.c
 @@ -25,6 +25,7 @@
 */

#include "sysbus.h"
 +#include "sysemu.h"

#ifndef DEBUG_PMU
#define DEBUG_PMU   0
 @@ -422,6 +423,16 @@ static void exynos4210_pmu_write(void *opaque, 
 target_phys_addr_t offset,
if (reg_p->offset == offset) {
PRINT_DEBUG_EXTEND("%s<0x%04x>   <- 0x%04x\n",
 reg_p->name,
(uint32_t)offset, (uint32_t)val);
 +switch (offset) {
 +case SWRESET:
 +if (val&   1) {
 +qemu_system_reset_request();
 +}
 +break;
 +default:
 +/* Nothing */
 +break;
 +}
s->reg[i] = val;
return;
}
>>> It's not quite well. At first, when you do reset, appropriate status 
>>> must be set in RST_STAT register. At second, not all registers in 
>>> PMU should be set in default value after reset, so you should change 
>>> PMU reset function for handling different resets (see spec) So, this 
>>> functionality should be wrote more carefully
>> Well, this is the case when there is a need to modify booting 
>> procedure depending on the values of these registers.  I haven't 
>> found any such code in the current kernel.  As I now remember saving 
>> their values was indeed important when we were trying to use an 
>> U-Boot bootloader.  But as long as we are sticking with QEMU bootloader it 
>> doesn't matter.
>
> 3.4-rc1 and 2.6.36 kernels use INFORM5 register which should keep his 
> value during sw reset. And U-Boot (which can be used instead of kernel 
> for some purposes) uses INFORM[456] registers which should be saved as 
> well.
>
> My opinion is we should not add code which describe incorrect behavior 
> of the device regardless of whether kernel uses some registers or no.
OK, this is a righteous position.  Again, I think in this case implementing 
what you propose won't be neither bad nor good.  But since you've asked, I'll 
try to do it.
>
>> Anyway this information is unfortunately absent in Exynos4210 public 
>> documentation.
> Hm... Really, I've just found out that public specification doesn't 
> contain information about PMU
I can make the changes according to Exynos3210 specification since they are 
pretty close.  But of course I'd prefer that you send me full specifications.  
Dmitry, what you say?
>>>
>>> And use #define for registers and fields of the registers. It's more 
>>> clearly, as for me.
>> As you say.
> :)
>>>
>>> Regards,
>>> MK
>>
>>  Regards,
>>  Dmitry
>>
>>
>
Regards,
Dmitry

Re: [Qemu-devel] [PATCH v4 08/10] add mirroring to transaction

[Eric Blake]

On 03/06/2012 10:56 AM, Paolo Bonzini wrote:
> With it comes a new image creation mode, "no-backing-file", that can
> be used to stream an image so that the destination does not need the
> original image's backing file(s).
> 
> Both bdrv_append and blkmirror will set the backing_hd on the target,
> even if the image is created without one, so that both streaming and
> copy-on-write work properly (at least with qcow2 or qed, not raw).
> 
> Streaming mode works with the following gotchas:
> 
> - streaming will rewrite every bit of the source image;
> 
> - zero writes are not supported by the blkmirror driver, hence both
>   the source and the destination image will grow to full size.
> 

> +++ b/qapi-schema.json
> @@ -1133,10 +1133,12 @@
>  # @absolute-paths: QEMU should create a new image with absolute paths
>  # for the backing file.
>  #
> +# @no-backing-file: QEMU should create a new image with no backing file.
> +#
>  # Since: 1.1
>  ##
>  { 'enum': 'NewImageMode'
> -  'data': [ 'existing', 'absolute-paths' ] }
> +  'data': [ 'existing', 'absolute-paths', 'no-backing-file' ] }

Offline, Paolo and I were discussing this.  It may make more sense to
_not_ expose a 'no-backing-file' mode, but instead...


> +# @BlockdevMirror
> +#
> +# @device:  the name of the device to start mirroring.
> +#
> +# @target: the image that will start receiving writes for @device. A new
> +#  file will be created unless @mode is "existing".
> +#
> +# @format: #optional the format of the target image, default is 'qcow2'.
> +#
> +# @mode: #optional whether and how QEMU should create a new image, default is
> +# 'absolute-paths'.
> +##
> +{ 'type': 'BlockdevMirror',
> +  'data': { 'device': 'str', 'target': 'str', '*format': 'str',
> +'*mode': 'NewImageMode' } }

have either a mandatory 'full':'bool' or an optional '*base':'str' for
choosing how much of the backing chain to be mirrored, as is the case
with the block_stream command.  That is, the ability to supply an
external file ('mode':'existing') should not imply a shallow copy.
Having an optional base (where omitting the base gives a full copy) is
the most flexible, because then I can start with:

base <- snap1 <- snap2 <- snap3

as well as use qemu-img to create an empty file backed by snap1, then issue:

{ 'execute': 'drive-mirror', 'arguments':
  { 'device': 'ide0-hd0', 'target': 'copy', 'base': 'snap1', 'mode':
'existing' } }

and get the following setup after a drive-reopen:

base <- snap1 <- copy

without having to do an extra block_stream.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 35/46] qemu-iotests: qcow2.py

[Kevin Wolf]

This adds a tool that is meant to inspect and edit qcow2 files in a
low-level way, that wouldn't be possible with qemu-img/io, for example
by adding yet unknown extensions or flags. This way we can test whether
qemu deals properly with future backwards compatible extensions.

For now, let's start with the image header and header extensions.

Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/qcow2.py |  207 +++
 1 files changed, 207 insertions(+), 0 deletions(-)
 create mode 100755 tests/qemu-iotests/qcow2.py

diff --git a/tests/qemu-iotests/qcow2.py b/tests/qemu-iotests/qcow2.py
new file mode 100755
index 000..bfb47e8
--- /dev/null
+++ b/tests/qemu-iotests/qcow2.py
@@ -0,0 +1,207 @@
+#!/usr/bin/env python
+
+import sys
+import struct
+import string
+
+class QcowHeaderExtension:
+
+def __init__(self, magic, length, data):
+self.magic  = magic
+self.length = length
+self.data   = data
+
+@classmethod
+def create(cls, magic, data):
+return QcowHeaderExtension(magic, len(data), data)
+
+class QcowHeader:
+
+uint32_t = 'I'
+uint64_t = 'Q'
+
+fields = [
+# Version 2 header fields
+[ uint32_t, '%#x',  'magic' ],
+[ uint32_t, '%d',   'version' ],
+[ uint64_t, '%#x',  'backing_file_offset' ],
+[ uint32_t, '%#x',  'backing_file_size' ],
+[ uint32_t, '%d',   'cluster_bits' ],
+[ uint64_t, '%d',   'size' ],
+[ uint32_t, '%d',   'crypt_method' ],
+[ uint32_t, '%d',   'l1_size' ],
+[ uint64_t, '%#x',  'l1_table_offset' ],
+[ uint64_t, '%#x',  'refcount_table_offset' ],
+[ uint32_t, '%d',   'refcount_table_clusters' ],
+[ uint32_t, '%d',   'nb_snapshots' ],
+[ uint64_t, '%#x',  'snapshot_offset' ],
+];
+
+fmt = '>' + ''.join(field[0] for field in fields)
+
+def __init__(self, fd):
+
+buf_size = struct.calcsize(QcowHeader.fmt)
+
+fd.seek(0)
+buf = fd.read(buf_size)
+
+header = struct.unpack(QcowHeader.fmt, buf)
+self.__dict__ = dict((field[2], header[i])
+for i, field in enumerate(QcowHeader.fields))
+
+self.cluster_size = 1 << self.cluster_bits
+
+fd.seek(self.get_header_length())
+self.load_extensions(fd)
+
+if self.backing_file_offset:
+fd.seek(self.backing_file_offset)
+self.backing_file = fd.read(self.backing_file_size)
+else:
+self.backing_file = None
+
+def get_header_length(self):
+if self.version == 2:
+return 72
+else:
+raise Exception("version != 2 not supported")
+
+def load_extensions(self, fd):
+self.extensions = []
+
+if self.backing_file_offset != 0:
+end = min(self.cluster_size, self.backing_file_offset)
+else:
+end = self.cluster_size
+
+while fd.tell() < end:
+(magic, length) = struct.unpack('>II', fd.read(8))
+if magic == 0:
+break
+else:
+padded = (length + 7) & ~7
+data = fd.read(padded)
+self.extensions.append(QcowHeaderExtension(magic, length, 
data))
+
+def update_extensions(self, fd):
+
+fd.seek(self.get_header_length())
+extensions = self.extensions
+extensions.append(QcowHeaderExtension(0, 0, ""))
+for ex in extensions:
+buf = struct.pack('>II', ex.magic, ex.length)
+fd.write(buf)
+fd.write(ex.data)
+
+if self.backing_file != None:
+self.backing_file_offset = fd.tell()
+fd.write(self.backing_file)
+
+if fd.tell() > self.cluster_size:
+raise Exception("I think I just broke the image...")
+
+
+def update(self, fd):
+header_bytes = self.get_header_length()
+
+self.update_extensions(fd)
+
+fd.seek(0)
+header = tuple(self.__dict__[f] for t, p, f in QcowHeader.fields)
+buf = struct.pack(QcowHeader.fmt, *header)
+buf = buf[0:header_bytes-1]
+fd.write(buf)
+
+def dump(self):
+for f in QcowHeader.fields:
+print "%-25s" % f[2], f[1] % self.__dict__[f[2]]
+print ""
+
+def dump_extensions(self):
+for ex in self.extensions:
+
+data = ex.data[:ex.length]
+if all(c in string.printable for c in data):
+data = "'%s'" % data
+else:
+data = ""
+
+print "Header extension:"
+print "%-25s %#x" % ("magic", ex.magic)
+print "%-25s %d" % ("length", ex.length)
+print "%-25s %s" % ("data", data)
+print ""
+
+
+def cmd_dump_header(fd):
+h = QcowHeader(fd)
+h.dump()
+h.dump_extensions()
+
+def cmd_add_header_ext(fd, magic, data):
+try:
+magic = int(magic, 0)
+except:
+print "'%s' is not a val

[Qemu-devel] [PATCH V3 3/8] hw/cirrus_vga.c: replace register_ioport*

[Julien Grall]

This patch replaces all register_ioport* with portio_*. It permits to
use the new Memory stuff like listener.

Signed-off-by: Julien Grall 
---
 hw/cirrus_vga.c |   38 ++
 1 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index afedaa4..43731ac 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -198,6 +198,7 @@ typedef void (*cirrus_fill_t)(struct CirrusVGAState *s,
 typedef struct CirrusVGAState {
 VGACommonState vga;
 
+PortioList cirrus_port_list;
 MemoryRegion cirrus_linear_io;
 MemoryRegion cirrus_linear_bitblt_io;
 MemoryRegion cirrus_mmio_io;
@@ -2781,8 +2782,23 @@ static const MemoryRegionOps cirrus_linear_io_ops = {
 },
 };
 
+static const MemoryRegionPortio cirrus_portio_list[] = {
+{ 0x04, 2, 1, .write = cirrus_vga_ioport_write,
+.read = cirrus_vga_ioport_read, }, /* 0x3b4 */
+{ 0x0a, 1, 1, .write = cirrus_vga_ioport_write,
+.read = cirrus_vga_ioport_read, }, /* 0x3ba */
+{ 0x10, 16, 1, .write = cirrus_vga_ioport_write,
+.read = cirrus_vga_ioport_read, }, /* 0x3c0 */
+{ 0x24, 2, 1, .write = cirrus_vga_ioport_write,
+.read = cirrus_vga_ioport_read, }, /* 0x3d4 */
+{ 0x2a, 1, 1, .write = cirrus_vga_ioport_write,
+.read = cirrus_vga_ioport_read, }, /* 0x3da */
+PORTIO_END_OF_LIST(),
+};
+
 static void cirrus_init_common(CirrusVGAState * s, int device_id, int is_pci,
-   MemoryRegion *system_memory)
+   MemoryRegion *system_memory,
+   MemoryRegion *system_io)
 {
 int i;
 static int inited;
@@ -2814,19 +2830,8 @@ static void cirrus_init_common(CirrusVGAState * s, int 
device_id, int is_pci,
 s->bustype = CIRRUS_BUSTYPE_ISA;
 }
 
-register_ioport_write(0x3c0, 16, 1, cirrus_vga_ioport_write, s);
-
-register_ioport_write(0x3b4, 2, 1, cirrus_vga_ioport_write, s);
-register_ioport_write(0x3d4, 2, 1, cirrus_vga_ioport_write, s);
-register_ioport_write(0x3ba, 1, 1, cirrus_vga_ioport_write, s);
-register_ioport_write(0x3da, 1, 1, cirrus_vga_ioport_write, s);
-
-register_ioport_read(0x3c0, 16, 1, cirrus_vga_ioport_read, s);
-
-register_ioport_read(0x3b4, 2, 1, cirrus_vga_ioport_read, s);
-register_ioport_read(0x3d4, 2, 1, cirrus_vga_ioport_read, s);
-register_ioport_read(0x3ba, 1, 1, cirrus_vga_ioport_read, s);
-register_ioport_read(0x3da, 1, 1, cirrus_vga_ioport_read, s);
+portio_list_init(&s->cirrus_port_list, cirrus_portio_list, s, "cirrus-io");
+portio_list_add(&s->cirrus_port_list, system_io, 0x3b0);
 
 memory_region_init(&s->low_mem_container,
"cirrus-lowmem-container",
@@ -2893,7 +2898,7 @@ static int vga_initfn(ISADevice *dev)
 
 vga_common_init(s, VGA_RAM_SIZE);
 cirrus_init_common(&d->cirrus_vga, CIRRUS_ID_CLGD5430, 0,
-   isa_address_space(dev));
+   isa_address_space(dev), isa_address_space_io(dev));
 s->ds = graphic_console_init(s->update, s->invalidate,
  s->screen_dump, s->text_update,
  s);
@@ -2934,7 +2939,8 @@ static int pci_cirrus_vga_initfn(PCIDevice *dev)
 
  /* setup VGA */
  vga_common_init(&s->vga, VGA_RAM_SIZE);
- cirrus_init_common(s, device_id, 1, pci_address_space(dev));
+ cirrus_init_common(s, device_id, 1, pci_address_space(dev),
+pci_address_space_io(dev));
  s->vga.ds = graphic_console_init(s->vga.update, s->vga.invalidate,
   s->vga.screen_dump, s->vga.text_update,
   &s->vga);
-- 
Julien Grall

[Qemu-devel] [PATCH 26/46] block: set job->speed in block_set_speed

[Kevin Wolf]

From: Paolo Bonzini 

There is no need to do this in every implementation of set_speed
(even though there is only one right now).

Signed-off-by: Paolo Bonzini 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block.c|8 +++-
 block/stream.c |1 -
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index 16e14fa..33630eb 100644
--- a/block.c
+++ b/block.c
@@ -4085,10 +4085,16 @@ void block_job_complete(BlockJob *job, int ret)
 
 int block_job_set_speed(BlockJob *job, int64_t value)
 {
+int rc;
+
 if (!job->job_type->set_speed) {
 return -ENOTSUP;
 }
-return job->job_type->set_speed(job, value);
+rc = job->job_type->set_speed(job, value);
+if (rc == 0) {
+job->speed = value;
+}
+return rc;
 }
 
 void block_job_cancel(BlockJob *job)
diff --git a/block/stream.c b/block/stream.c
index f186bfd..61ff7a2 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -236,7 +236,6 @@ static int stream_set_speed(BlockJob *job, int64_t value)
 if (value < 0) {
 return -EINVAL;
 }
-job->speed = value;
 ratelimit_set_speed(&s->limit, value / BDRV_SECTOR_SIZE);
 return 0;
 }
-- 
1.7.6.5

Re: [Qemu-devel] [PATCH] memory: check address space when a listener is registered

[Julien Grall]

On 04/05/2012 11:10 AM, Avi Kivity wrote:

On 04/04/2012 05:15 PM, Julien Grall wrote:
   

This patch resolves a bug in memory listener registration.
"range_add" callback  was called on each section of the both
address space (IO and memory space) even if it doesn't match
the address space filter.

 

Thanks, applied.

Did you find this bug by inspection, or did it bite you?  I thought all
listeners were registered before address spaces were materialized.

   

I added a listener on IO address space for Xen.
The listener is registered after Xen allocates ram.
Without this patch, the listener was called on Xen ram.

[Qemu-devel] [PATCH 08/46] ide: Add "model=s" qdev option

[Kevin Wolf]

From: Floris Bos 

Allow the user to override the default disk model name "QEMU HARDDISK".

Some Linux distributions use the /dev/disk/by-id/scsi-SATA_name-of-disk-
model_serial addressing scheme when refering to partitions in /etc/fstab
and elsewhere. This causes problems when starting a disk image taken from
an existing physical server under qemu, because when running under qemu
name-of-disk-model is always "QEMU HARDDISK".

This patch introduces a model=s option which in combination with the
existing serial=s option can be used to fake the disk the operating
system was previously on, allowing the OS to boot properly.

Cc: kw...@redhat.com
Signed-off-by: Floris Bos 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 hw/ide/core.c |   27 ++-
 hw/ide/internal.h |4 +++-
 hw/ide/qdev.c |6 --
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 771811c..e38cace 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -100,7 +100,7 @@ static void ide_identify(IDEState *s)
 put_le16(p + 21, 512); /* cache size in sectors */
 put_le16(p + 22, 4); /* ecc bytes */
 padstr((char *)(p + 23), s->version, 8); /* firmware version */
-padstr((char *)(p + 27), "QEMU HARDDISK", 40); /* model */
+padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
 #if MAX_MULT_SECTORS > 1
 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
 #endif
@@ -188,7 +188,7 @@ static void ide_atapi_identify(IDEState *s)
 put_le16(p + 21, 512); /* cache size in sectors */
 put_le16(p + 22, 4); /* ecc bytes */
 padstr((char *)(p + 23), s->version, 8); /* firmware version */
-padstr((char *)(p + 27), "QEMU DVD-ROM", 40); /* model */
+padstr((char *)(p + 27), s->drive_model_str, 40); /* model */
 put_le16(p + 48, 1); /* dword I/O (XXX: should not be set on CDROM) */
 #ifdef USE_DMA_CDROM
 put_le16(p + 49, 1 << 9 | 1 << 8); /* DMA and LBA supported */
@@ -245,7 +245,7 @@ static void ide_cfata_identify(IDEState *s)
 padstr((char *)(p + 10), s->drive_serial_str, 20); /* serial number */
 put_le16(p + 22, 0x0004);  /* ECC bytes */
 padstr((char *) (p + 23), s->version, 8);  /* Firmware Revision */
-padstr((char *) (p + 27), "QEMU MICRODRIVE", 40);/* Model number */
+padstr((char *) (p + 27), s->drive_model_str, 40);/* Model number */
 #if MAX_MULT_SECTORS > 1
 put_le16(p + 47, 0x8000 | MAX_MULT_SECTORS);
 #else
@@ -1833,7 +1833,7 @@ static const BlockDevOps ide_cd_block_ops = {
 };
 
 int ide_init_drive(IDEState *s, BlockDriverState *bs, IDEDriveKind kind,
-   const char *version, const char *serial)
+   const char *version, const char *serial, const char *model)
 {
 int cylinders, heads, secs;
 uint64_t nb_sectors;
@@ -1884,6 +1884,22 @@ int ide_init_drive(IDEState *s, BlockDriverState *bs, 
IDEDriveKind kind,
 snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
  "QM%05d", s->drive_serial);
 }
+if (model) {
+pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
+} else {
+switch (kind) {
+case IDE_CD:
+strcpy(s->drive_model_str, "QEMU DVD-ROM");
+break;
+case IDE_CFATA:
+strcpy(s->drive_model_str, "QEMU MICRODRIVE");
+break;
+default:
+strcpy(s->drive_model_str, "QEMU HARDDISK");
+break;
+}
+}
+
 if (version) {
 pstrcpy(s->version, sizeof(s->version), version);
 } else {
@@ -1976,7 +1992,8 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, 
DriveInfo *hd0,
 if (dinfo) {
 if (ide_init_drive(&bus->ifs[i], dinfo->bdrv,
dinfo->media_cd ? IDE_CD : IDE_HD, NULL,
-   *dinfo->serial ? dinfo->serial : NULL) < 0) {
+   *dinfo->serial ? dinfo->serial : NULL,
+   NULL) < 0) {
 error_report("Can't set up IDE drive %s", dinfo->id);
 exit(1);
 }
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index c808a0d..b1319dc 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -348,6 +348,7 @@ struct IDEState {
 uint8_t identify_data[512];
 int drive_serial;
 char drive_serial_str[21];
+char drive_model_str[41];
 /* ide regs */
 uint8_t feature;
 uint8_t error;
@@ -468,6 +469,7 @@ struct IDEDevice {
 BlockConf conf;
 char *version;
 char *serial;
+char *model;
 };
 
 #define BM_STATUS_DMAING 0x01
@@ -534,7 +536,7 @@ void ide_data_writel(void *opaque, uint32_t addr, uint32_t 
val);
 uint32_t ide_data_readl(void *opaque, uint32_t addr);
 
 int ide_init_drive(IDEState *s, BlockDriverState *bs, IDEDriveKind kind,
-   const char *version, const char *serial);
+   const char *version, const char *serial, con

[Qemu-devel] [Bug 974958] [NEW] It dumps when following this tutorial on hello world os

[Alan]

Public bug reported:

http://mikeos.berlios.de/write-your-own-os.html


Following the steps,

it works on ubuntu,

but on osx, it ALWAYS dumps.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/974958

Title:
  It dumps when following this tutorial on hello world os

Status in QEMU:
  New

Bug description:
  http://mikeos.berlios.de/write-your-own-os.html

  
  Following the steps,

  it works on ubuntu,

  but on osx, it ALWAYS dumps.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/974958/+subscriptions

[Qemu-devel] [PATCH 1/3] virtio-scsi: prepare migration format for multiqueue

[Paolo Bonzini]

In order to restore requests correctly from a multitude of virtqueues,
we need to store the id of the request queue that each request came
from.

Do this even for single-queue, by storing a hard-coded zero, to
simplify future implementation of multiqueue.

Signed-off-by: Paolo Bonzini 
---
 hw/virtio-scsi.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 45d54fa..0d90d9c 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -240,7 +240,9 @@ static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, 
VirtQueue *vq)
 static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq)
 {
 VirtIOSCSIReq *req = sreq->hba_private;
+uint32_t n = 0;
 
+qemu_put_be32s(f, &n);
 qemu_put_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
 }
 
@@ -249,8 +251,11 @@ static void *virtio_scsi_load_request(QEMUFile *f, 
SCSIRequest *sreq)
 SCSIBus *bus = sreq->bus;
 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
 VirtIOSCSIReq *req;
+uint32_t n;
 
 req = g_malloc(sizeof(*req));
+qemu_get_be32s(f, &n);
+assert(n == 0);
 qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
 virtio_scsi_parse_req(s, s->cmd_vq, req);
 
-- 
1.7.9.3

[Qemu-devel] [PATCH v2 1/5] target-ppc: Drop cpu_ppc_close()

[Andreas Färber]

It is unused, so avoid QOM'ifying it unneededly.

Signed-off-by: Andreas Färber 
---
 target-ppc/cpu.h|1 -
 target-ppc/helper.c |6 --
 2 files changed, 0 insertions(+), 7 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index ca6f1cb..fc70644 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1100,7 +1100,6 @@ struct mmu_ctx_t {
 CPUPPCState *cpu_ppc_init (const char *cpu_model);
 void ppc_translate_init(void);
 int cpu_ppc_exec (CPUPPCState *s);
-void cpu_ppc_close (CPUPPCState *s);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
is returned if the signal was handled by the virtual CPU.  */
diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index 39dcc27..4cd7b0f 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -3214,9 +3214,3 @@ CPUPPCState *cpu_ppc_init (const char *cpu_model)
 
 return env;
 }
-
-void cpu_ppc_close (CPUPPCState *env)
-{
-/* Should also remove all opcode tables... */
-g_free(env);
-}
-- 
1.7.7

[Qemu-devel] [PATCH 17/46] vdi: merge aio_read_cb and aio_write_cb into callers

[Kevin Wolf]

From: Paolo Bonzini 

Now inline the former AIO callbacks into vdi_co_readv and vdi_co_writev.
While many cleanups are possible, the code now really looks synchronous.

Acked-by: Stefan Weil 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Kevin Wolf 
---
 block/vdi.c |   40 
 1 files changed, 12 insertions(+), 28 deletions(-)

diff --git a/block/vdi.c b/block/vdi.c
index df0f431..407fccc 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -523,15 +523,19 @@ static VdiAIOCB *vdi_aio_setup(BlockDriverState *bs, 
int64_t sector_num,
 return acb;
 }
 
-static int vdi_aio_read_cb(void *opaque, int ret)
+static int vdi_co_readv(BlockDriverState *bs,
+int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
 {
-VdiAIOCB *acb = opaque;
-BlockDriverState *bs = acb->common.bs;
+VdiAIOCB *acb;
 BDRVVdiState *s = bs->opaque;
 uint32_t bmap_entry;
 uint32_t block_index;
 uint32_t sector_in_block;
 uint32_t n_sectors;
+int ret;
+
+logout("\n");
+acb = vdi_aio_setup(bs, sector_num, qiov, nb_sectors, 0);
 
 restart:
 block_index = acb->sector_num / s->block_sectors;
@@ -578,27 +582,19 @@ restart:
 return ret;
 }
 
-static int vdi_co_readv(BlockDriverState *bs,
+static int vdi_co_writev(BlockDriverState *bs,
 int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
 {
 VdiAIOCB *acb;
-int ret;
-
-logout("\n");
-acb = vdi_aio_setup(bs, sector_num, qiov, nb_sectors, 0);
-ret = vdi_aio_read_cb(acb, 0);
-return ret;
-}
-
-static int vdi_aio_write_cb(void *opaque, int ret)
-{
-VdiAIOCB *acb = opaque;
-BlockDriverState *bs = acb->common.bs;
 BDRVVdiState *s = bs->opaque;
 uint32_t bmap_entry;
 uint32_t block_index;
 uint32_t sector_in_block;
 uint32_t n_sectors;
+int ret;
+
+logout("\n");
+acb = vdi_aio_setup(bs, sector_num, qiov, nb_sectors, 1);
 
 restart:
 block_index = acb->sector_num / s->block_sectors;
@@ -710,18 +706,6 @@ restart:
 return ret;
 }
 
-static int vdi_co_writev(BlockDriverState *bs,
-int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
-{
-VdiAIOCB *acb;
-int ret;
-
-logout("\n");
-acb = vdi_aio_setup(bs, sector_num, qiov, nb_sectors, 1);
-ret = vdi_aio_write_cb(acb, 0);
-return ret;
-}
-
 static int vdi_create(const char *filename, QEMUOptionParameter *options)
 {
 int fd;
-- 
1.7.6.5

[Qemu-devel] [PATCH 36/46] qemu-iotests: Test unknown qcow2 header extensions

[Kevin Wolf]

The immportant thing here is that header extensions don't get silently
dropped when the header is rewritten, e.g. during a rebase.

Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/031 |   72 +
 tests/qemu-iotests/031.out |   76 
 tests/qemu-iotests/group   |1 +
 3 files changed, 149 insertions(+), 0 deletions(-)
 create mode 100755 tests/qemu-iotests/031
 create mode 100644 tests/qemu-iotests/031.out

diff --git a/tests/qemu-iotests/031 b/tests/qemu-iotests/031
new file mode 100755
index 000..6365f28
--- /dev/null
+++ b/tests/qemu-iotests/031
@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Test that all qcow2 header extensions survive a header rewrite
+#
+# Copyright (C) 2011 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=kw...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.pattern
+
+# This tests qcow2-specific low-level functionality
+_supported_fmt qcow2
+_supported_proto generic
+_supported_os Linux
+
+CLUSTER_SIZE=65536
+echo
+echo === Create image with unknown header extension ===
+echo
+_make_test_img 64M
+./qcow2.py $TEST_IMG add-header-ext 0x12345678 "This is a test header 
extension"
+./qcow2.py $TEST_IMG dump-header
+_check_test_img
+
+echo
+echo === Rewrite header with no backing file ===
+echo
+$QEMU_IMG rebase -u -b "" $TEST_IMG
+./qcow2.py $TEST_IMG dump-header
+_check_test_img
+
+echo
+echo === Add a backing file and format ===
+echo
+$QEMU_IMG rebase -u -b "/some/backing/file/path" -F host_device $TEST_IMG
+./qcow2.py $TEST_IMG dump-header
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/031.out b/tests/qemu-iotests/031.out
new file mode 100644
index 000..0f1bf68
--- /dev/null
+++ b/tests/qemu-iotests/031.out
@@ -0,0 +1,76 @@
+QA output created by 031
+
+=== Create image with unknown header extension ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 cluster_size=65536 
+magic 0x514649fb
+version   2
+backing_file_offset   0x0
+backing_file_size 0x0
+cluster_bits  16
+size  67108864
+crypt_method  0
+l1_size   1
+l1_table_offset   0x3
+refcount_table_offset 0x1
+refcount_table_clusters   1
+nb_snapshots  0
+snapshot_offset   0x0
+
+Header extension:
+magic 0x12345678
+length31
+data  'This is a test header extension'
+
+No errors were found on the image.
+
+=== Rewrite header with no backing file ===
+
+magic 0x514649fb
+version   2
+backing_file_offset   0x0
+backing_file_size 0x0
+cluster_bits  16
+size  67108864
+crypt_method  0
+l1_size   1
+l1_table_offset   0x3
+refcount_table_offset 0x1
+refcount_table_clusters   1
+nb_snapshots  0
+snapshot_offset   0x0
+
+Header extension:
+magic 0x12345678
+length31
+data  'This is a test header extension'
+
+No errors were found on the image.
+
+=== Add a backing file and format ===
+
+magic 0x514649fb
+version   2
+backing_file_offset   0x90
+backing_file_size 0x17
+cluster_bits  16
+size  67108864
+crypt_method  0
+l1_size   1
+l1_table_offset   0x3
+refcount_table_offset 0x1
+refcount_table_clusters   1
+nb_snapshots  0
+snapshot_offset   0x0
+
+Header extension:
+magic 0xe2792aca
+length11
+data  'host_device'
+
+Header extension:
+magic 0x12345678
+length31
+data  'This is a test header extension'
+
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index b549f10..1742ede 100644
--- a/tests/qemu-iotes

[Qemu-devel] [PULL 00/46] Block patches

[Kevin Wolf]

The following changes since commit 8f8d364f2447e58768132fc10f48a67af371ee38:

  Merge branch 's390-for-upstream' of git://repo.or.cz/qemu/agraf (2012-04-04 
20:45:03 +)

are available in the git repository at:

  git://repo.or.cz/qemu/kevin.git for-anthony

Benoît Canet (7):
  block: Add new BDRV_O_INCOMING flag to notice incoming live migration
  block: add a function to clear incoming live migration flags
  blockdev: open images with BDRV_O_INCOMING on incoming live migration
  qed: add bdrv_invalidate_cache to be called after incoming live migration
  migration: clear BDRV_O_INCOMING flags on end of incoming live migration
  qed: honor BDRV_O_INCOMING for incoming live migration
  qed: remove incoming live migration blocker

David Gibson (1):
  Use DMADirection type for dma_bdrv_io

Dong Xu Wang (4):
  qemu-img: add image fragmentation statistics
  qed: image fragmentation statistics
  qemu-img: add dirty flag status
  qed: track dirty flag status

Floris Bos (3):
  ide: Add "model=s" qdev option
  ide: Change serial number strncpy() to pstrcpy()
  ide: Adds wwn=hex qdev option

Jeff Cody (1):
  block: bdrv_append() fixes

Kevin Wolf (6):
  trace-events: Rename 'next' argument
  tracetool: Forbid argument name 'next'
  qcow2: Remove unused parameter in get_cluster_table()
  ide: IDENTIFY word 86 bit 14 is reserved
  qemu-iotests: qcow2.py
  qemu-iotests: Test unknown qcow2 header extensions

Liu Yuan (2):
  sheepdog: implement SD_OP_FLUSH_VDI operation
  sheepdog: fix send req helpers

Marcelo Tosatti (1):
  block stream: close unused files and update ->backing_hd

Paolo Bonzini (13):
  block: push recursive flushing up from drivers
  aio: move BlockDriverAIOCB to qemu-aio.h
  vdi: basic conversion to coroutines
  vdi: move end-of-I/O handling at the end
  vdi: merge aio_read_cb and aio_write_cb into callers
  vdi: move aiocb fields to locals
  vdi: leave bounce buffering to block layer
  vdi: do not create useless iovecs
  vdi: change goto to loop
  block: cancel jobs when a device is ready to go away
  block: fix streaming/closing race
  block: set job->speed in block_set_speed
  block: document job API

Stefan Hajnoczi (4):
  qemu-io: add option to enable tracing
  qerror: fix QERR_PROPERTY_VALUE_OUT_OF_RANGE description
  qdev: add blocksize property type
  block: enforce constraints on block size properties

Stefan Weil (2):
  qemu-iotests: Fix call syntax for qemu-img
  qemu-iotests: Fix call syntax for qemu-io

Zhang Shengju (1):
  block/vpc: write checksum back to footer after check

Zhi Yong Wu (1):
  block: disable I/O throttling on sync api

 block.c  |   88 -
 block.h  |   21 ++-
 block/blkdebug.c |7 -
 block/cow.c  |6 -
 block/qcow.c |6 -
 block/qcow2-cluster.c|   18 +-
 block/qcow2.c|6 -
 block/qed-check.c|9 +
 block/qed.c  |   33 ++--
 block/qed.h  |2 -
 block/raw.c  |6 -
 block/sheepdog.c |  144 +--
 block/stream.c   |   41 -
 block/vdi.c  |  429 +++---
 block/vmdk.c |4 +-
 block/vpc.c  |9 +-
 block_int.h  |  135 +++--
 blockdev.c   |   12 +-
 dma-helpers.c|   21 ++-
 dma.h|   12 +-
 hw/ide/core.c|   60 +--
 hw/ide/internal.h|7 +-
 hw/ide/macio.c   |3 +-
 hw/ide/qdev.c|7 +-
 hw/lsi53c895a.c  |1 -
 hw/qdev-properties.c |   46 +
 hw/qdev.h|3 +
 linux-aio.c  |1 -
 migration.c  |1 +
 qemu-aio.h   |   21 ++
 qemu-img.c   |   12 +-
 qemu-io.c|   10 +-
 qerror.c |7 +-
 qerror.h |4 +
 scripts/tracetool|4 +
 tests/qemu-iotests/009   |4 +-
 tests/qemu-iotests/010   |6 +-
 tests/qemu-iotests/011   |2 +-
 tests/qemu-iotests/031   |   72 +++
 tests/qemu-iotests/031.out   |   76 
 tests/qemu-iotests/common.rc |9 +-
 tests/qemu-iotests/group |1 +
 tests/qemu-iotests/qcow2.py  |  207 
 trace-events |2 +-
 44 files changed, 1081 insertions(+), 494 deletions(-)
 create mode 100755 tests/qemu-iotests/031
 create mode 100644 tests/qemu-iotests/031.out
 create mode 100755 tests/qemu-iotests/qcow2.py

[Qemu-devel] [PATCH 0/3] virtio-scsi multiqueue

[Paolo Bonzini]

This simple patch series enables multiqueue support in virtio-scsi.
Anthony, Michael, could you please ack patch 2?

Paolo Bonzini (3):
  virtio-scsi: prepare migration format for multiqueue
  virtio: add virtio_queue_get_id
  virtio-scsi: add multiqueue capability

 hw/virtio-scsi.c |   26 ++
 hw/virtio.c  |7 +++
 hw/virtio.h  |1 +
 3 files changed, 26 insertions(+), 8 deletions(-)

-- 
1.7.9.3

[Qemu-devel] Fiber switching and stack protection

[Pavel Dovgaluk]

Hello.

 

Recently I tried to build qemu-1.0 with MinGW and start it with qcow file 
created with previous
version of qemu.

But after starting guest Windows loading process qemu had closed because of an 
exception.

 

I figured out that this exception is "stack smashing" and it happened in 
qemu_coroutine_switch of
coroutine-win32.c file.

But when I remove -fstack-protector-all option from makefile nothing changes - 
an exception occurs
again.

 

Does anyone have an idea about such behavior?

 

Pavel Dovgaluk

 

[Qemu-devel] [PATCH v3 02/10] Switch POSIX compat AIO to QEMU abstractions

[Jan Kiszka]

Although there is nothing to wrap for non-POSIX here, redirecting thread
and synchronization services to our core simplifies managements jobs
like scheduling parameter adjustment. It also frees compat AIO from some
duplicate code (/wrt qemu-thread).

Signed-off-by: Jan Kiszka 
---
 posix-aio-compat.c |  118 +++
 1 files changed, 35 insertions(+), 83 deletions(-)

diff --git a/posix-aio-compat.c b/posix-aio-compat.c
index d311d13..c9b8ebf 100644
--- a/posix-aio-compat.c
+++ b/posix-aio-compat.c
@@ -15,7 +15,6 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -29,9 +28,12 @@
 #include "qemu-common.h"
 #include "trace.h"
 #include "block_int.h"
+#include "qemu-thread.h"
 
 #include "block/raw-posix-aio.h"
 
+#define AIO_THREAD_IDLE_TIMEOUT 1 /* 10 s */
+
 static void do_spawn_thread(void);
 
 struct qemu_paiocb {
@@ -59,10 +61,9 @@ typedef struct PosixAioState {
 } PosixAioState;
 
 
-static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
-static pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
-static pthread_t thread_id;
-static pthread_attr_t attr;
+static QemuMutex lock;
+static QemuCond cond;
+static QemuThread thread;
 static int max_threads = 64;
 static int cur_threads = 0;
 static int idle_threads = 0;
@@ -88,39 +89,6 @@ static void die(const char *what)
 die2(errno, what);
 }
 
-static void mutex_lock(pthread_mutex_t *mutex)
-{
-int ret = pthread_mutex_lock(mutex);
-if (ret) die2(ret, "pthread_mutex_lock");
-}
-
-static void mutex_unlock(pthread_mutex_t *mutex)
-{
-int ret = pthread_mutex_unlock(mutex);
-if (ret) die2(ret, "pthread_mutex_unlock");
-}
-
-static int cond_timedwait(pthread_cond_t *cond, pthread_mutex_t *mutex,
-   struct timespec *ts)
-{
-int ret = pthread_cond_timedwait(cond, mutex, ts);
-if (ret && ret != ETIMEDOUT) die2(ret, "pthread_cond_timedwait");
-return ret;
-}
-
-static void cond_signal(pthread_cond_t *cond)
-{
-int ret = pthread_cond_signal(cond);
-if (ret) die2(ret, "pthread_cond_signal");
-}
-
-static void thread_create(pthread_t *thread, pthread_attr_t *attr,
-  void *(*start_routine)(void*), void *arg)
-{
-int ret = pthread_create(thread, attr, start_routine, arg);
-if (ret) die2(ret, "pthread_create");
-}
-
 static ssize_t handle_aiocb_ioctl(struct qemu_paiocb *aiocb)
 {
 int ret;
@@ -313,28 +281,26 @@ static void posix_aio_notify_event(void);
 
 static void *aio_thread(void *unused)
 {
-mutex_lock(&lock);
+qemu_mutex_lock(&lock);
 pending_threads--;
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 do_spawn_thread();
 
 while (1) {
 struct qemu_paiocb *aiocb;
-ssize_t ret = 0;
-qemu_timeval tv;
-struct timespec ts;
-
-qemu_gettimeofday(&tv);
-ts.tv_sec = tv.tv_sec + 10;
-ts.tv_nsec = 0;
+bool timed_out;
+ssize_t ret;
 
-mutex_lock(&lock);
+qemu_mutex_lock(&lock);
 
-while (QTAILQ_EMPTY(&request_list) &&
-   !(ret == ETIMEDOUT)) {
+while (QTAILQ_EMPTY(&request_list)) {
 idle_threads++;
-ret = cond_timedwait(&cond, &lock, &ts);
+timed_out = !qemu_cond_timedwait(&cond, &lock,
+ AIO_THREAD_IDLE_TIMEOUT);
 idle_threads--;
+if (timed_out) {
+break;
+}
 }
 
 if (QTAILQ_EMPTY(&request_list))
@@ -343,7 +309,7 @@ static void *aio_thread(void *unused)
 aiocb = QTAILQ_FIRST(&request_list);
 QTAILQ_REMOVE(&request_list, aiocb, node);
 aiocb->active = 1;
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 
 switch (aiocb->aio_type & QEMU_AIO_TYPE_MASK) {
 case QEMU_AIO_READ:
@@ -375,41 +341,33 @@ static void *aio_thread(void *unused)
 break;
 }
 
-mutex_lock(&lock);
+qemu_mutex_lock(&lock);
 aiocb->ret = ret;
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 
 posix_aio_notify_event();
 }
 
 cur_threads--;
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 
 return NULL;
 }
 
 static void do_spawn_thread(void)
 {
-sigset_t set, oldset;
-
-mutex_lock(&lock);
+qemu_mutex_lock(&lock);
 if (!new_threads) {
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 return;
 }
 
 new_threads--;
 pending_threads++;
 
-mutex_unlock(&lock);
+qemu_mutex_unlock(&lock);
 
-/* block all signals */
-if (sigfillset(&set)) die("sigfillset");
-if (sigprocmask(SIG_SETMASK, &set, &oldset)) die("sigprocmask");
-
-thread_create(&thread_id, &attr, aio_thread, NULL);
-
-if (sigprocmask(SIG_SETMASK, &oldset, NULL)) die("sigprocmask restore");
+qemu_thread_create(&thread, aio_thread, NULL, QEMU_THREAD_DETACHED);
 }
 
 static void spawn

[Qemu-devel] [PATCH 07/46] ide: IDENTIFY word 86 bit 14 is reserved

[Kevin Wolf]

Reserved bits should be cleared to zero.

Signed-off-by: Kevin Wolf 
Reviewed-by: Stefan Hajnoczi 
---
 hw/ide/core.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 6f06d28..771811c 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -150,7 +150,7 @@ static void ide_identify(IDEState *s)
 else
  put_le16(p + 85, (1 << 14) | 1);
 /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
-put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
+put_le16(p + 86, (1 << 13) | (1 <<12) | (1 << 10));
 /* 14=set to 1, 1=smart self test, 0=smart error logging */
 put_le16(p + 87, (1 << 14) | 0);
 put_le16(p + 88, 0x3f | (1 << 13)); /* udma5 set and supported */
-- 
1.7.6.5

[Qemu-devel] [PATCH 23/46] block: disable I/O throttling on sync api

[Kevin Wolf]

From: Zhi Yong Wu 

Signed-off-by: Stefan Hajnoczi 
Signed-off-by: Zhi Yong Wu 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block.c |   20 
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/block.c b/block.c
index 8858be0..0344673 100644
--- a/block.c
+++ b/block.c
@@ -1463,6 +1463,17 @@ static int bdrv_rw_co(BlockDriverState *bs, int64_t 
sector_num, uint8_t *buf,
 
 qemu_iovec_init_external(&qiov, &iov, 1);
 
+/**
+ * In sync call context, when the vcpu is blocked, this throttling timer
+ * will not fire; so the I/O throttling function has to be disabled here
+ * if it has been enabled.
+ */
+if (bs->io_limits_enabled) {
+fprintf(stderr, "Disabling I/O throttling on '%s' due "
+"to synchronous I/O.\n", bdrv_get_device_name(bs));
+bdrv_io_limits_disable(bs);
+}
+
 if (qemu_in_coroutine()) {
 /* Fast-path if already in coroutine context */
 bdrv_rw_co_entry(&rwco);
@@ -1969,10 +1980,19 @@ static int guess_disk_lchs(BlockDriverState *bs,
 struct partition *p;
 uint32_t nr_sects;
 uint64_t nb_sectors;
+bool enabled;
 
 bdrv_get_geometry(bs, &nb_sectors);
 
+/**
+ * The function will be invoked during startup not only in sync I/O mode,
+ * but also in async I/O mode. So the I/O throttling function has to
+ * be disabled temporarily here, not permanently.
+ */
+enabled = bs->io_limits_enabled;
+bs->io_limits_enabled = false;
 ret = bdrv_read(bs, 0, buf, 1);
+bs->io_limits_enabled = enabled;
 if (ret < 0)
 return -1;
 /* test msdos magic */
-- 
1.7.6.5

[Qemu-devel] [PATCH V3 1/8] isa: add isa_address_space_io

[Julien Grall]

This function permits to retrieve ISA IO address space.
It will be usefull when we need to pass IO address space as argument.

Signed-off-by: Julien Grall 
---
 hw/isa-bus.c |5 +
 hw/isa.h |1 +
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/hw/isa-bus.c b/hw/isa-bus.c
index 5a43f03..043e1f7 100644
--- a/hw/isa-bus.c
+++ b/hw/isa-bus.c
@@ -235,4 +235,9 @@ MemoryRegion *isa_address_space(ISADevice *dev)
 return get_system_memory();
 }
 
+MemoryRegion *isa_address_space_io(ISADevice *dev)
+{
+return get_system_io();
+}
+
 type_init(isabus_register_types)
diff --git a/hw/isa.h b/hw/isa.h
index 40373fb..a9bf65a 100644
--- a/hw/isa.h
+++ b/hw/isa.h
@@ -42,6 +42,7 @@ void isa_bus_irqs(ISABus *bus, qemu_irq *irqs);
 qemu_irq isa_get_irq(ISADevice *dev, int isairq);
 void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
 MemoryRegion *isa_address_space(ISADevice *dev);
+MemoryRegion *isa_address_space_io(ISADevice *dev);
 ISADevice *isa_create(ISABus *bus, const char *name);
 ISADevice *isa_try_create(ISABus *bus, const char *name);
 ISADevice *isa_create_simple(ISABus *bus, const char *name);
-- 
Julien Grall

[Qemu-devel] [PATCH 19/46] vdi: leave bounce buffering to block layer

[Kevin Wolf]

From: Paolo Bonzini 

vdi.c really works as if it implemented bdrv_read and bdrv_write.  However,
because only vector I/O is supported by the asynchronous callbacks, it
went through extra pain to bounce-buffer the I/O.  This can be handled
by the block layer now that the format is coroutine-based.

Acked-by: Stefan Weil 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Kevin Wolf 
---
 block/vdi.c |   67 ++
 1 files changed, 12 insertions(+), 55 deletions(-)

diff --git a/block/vdi.c b/block/vdi.c
index 0c1cff6..790b61e 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -144,12 +144,6 @@ void uuid_unparse(const uuid_t uu, char *out)
 #endif
 
 typedef struct {
-BlockDriverAIOCB common;
-uint8_t *buf;
-void *orig_buf;
-} VdiAIOCB;
-
-typedef struct {
 char text[0x40];
 uint32_t signature;
 uint32_t version;
@@ -472,31 +466,9 @@ static int coroutine_fn 
vdi_co_is_allocated(BlockDriverState *bs,
 return VDI_IS_ALLOCATED(bmap_entry);
 }
 
-static AIOPool vdi_aio_pool = {
-.aiocb_size = sizeof(VdiAIOCB),
-};
-
-static VdiAIOCB *vdi_aio_setup(BlockDriverState *bs, QEMUIOVector *qiov)
+static int vdi_co_read(BlockDriverState *bs,
+int64_t sector_num, uint8_t *buf, int nb_sectors)
 {
-VdiAIOCB *acb;
-
-logout("%p, %p\n", bs, qiov);
-
-acb = qemu_aio_get(&vdi_aio_pool, bs, NULL, NULL);
-
-if (qiov->niov > 1) {
-acb->buf = qemu_blockalign(bs, qiov->size);
-acb->orig_buf = acb->buf;
-} else {
-acb->buf = (uint8_t *)qiov->iov->iov_base;
-}
-return acb;
-}
-
-static int vdi_co_readv(BlockDriverState *bs,
-int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
-{
-VdiAIOCB *acb;
 BDRVVdiState *s = bs->opaque;
 uint32_t bmap_entry;
 uint32_t block_index;
@@ -507,7 +479,6 @@ static int vdi_co_readv(BlockDriverState *bs,
 int ret;
 
 logout("\n");
-acb = vdi_aio_setup(bs, qiov);
 
 restart:
 block_index = sector_num / s->block_sectors;
@@ -524,13 +495,13 @@ restart:
 bmap_entry = le32_to_cpu(s->bmap[block_index]);
 if (!VDI_IS_ALLOCATED(bmap_entry)) {
 /* Block not allocated, return zeros, no need to wait. */
-memset(acb->buf, 0, n_sectors * SECTOR_SIZE);
+memset(buf, 0, n_sectors * SECTOR_SIZE);
 ret = 0;
 } else {
 uint64_t offset = s->header.offset_data / SECTOR_SIZE +
   (uint64_t)bmap_entry * s->block_sectors +
   sector_in_block;
-hd_iov.iov_base = (void *)acb->buf;
+hd_iov.iov_base = (void *)buf;
 hd_iov.iov_len = n_sectors * SECTOR_SIZE;
 qemu_iovec_init_external(&hd_qiov, &hd_iov, 1);
 ret = bdrv_co_readv(bs->file, offset, n_sectors, &hd_qiov);
@@ -539,24 +510,18 @@ restart:
 
 nb_sectors -= n_sectors;
 sector_num += n_sectors;
-acb->buf += n_sectors * SECTOR_SIZE;
+buf += n_sectors * SECTOR_SIZE;
 
 if (ret >= 0 && nb_sectors > 0) {
 goto restart;
 }
 
-if (acb->orig_buf) {
-qemu_iovec_from_buffer(qiov, acb->orig_buf, qiov->size);
-qemu_vfree(acb->orig_buf);
-}
-qemu_aio_release(acb);
 return ret;
 }
 
-static int vdi_co_writev(BlockDriverState *bs,
-int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
+static int vdi_co_write(BlockDriverState *bs,
+int64_t sector_num, const uint8_t *buf, int nb_sectors)
 {
-VdiAIOCB *acb;
 BDRVVdiState *s = bs->opaque;
 uint32_t bmap_entry;
 uint32_t block_index;
@@ -570,10 +535,6 @@ static int vdi_co_writev(BlockDriverState *bs,
 int ret;
 
 logout("\n");
-acb = vdi_aio_setup(bs, qiov);
-if (acb->orig_buf) {
-qemu_iovec_to_buffer(qiov, acb->buf);
-}
 
 restart:
 block_index = sector_num / s->block_sectors;
@@ -604,7 +565,7 @@ restart:
 /* Copy data to be written to new block and zero unused parts. */
 memset(block, 0, sector_in_block * SECTOR_SIZE);
 memcpy(block + sector_in_block * SECTOR_SIZE,
-   acb->buf, n_sectors * SECTOR_SIZE);
+   buf, n_sectors * SECTOR_SIZE);
 memset(block + (sector_in_block + n_sectors) * SECTOR_SIZE, 0,
(s->block_sectors - n_sectors - sector_in_block) * SECTOR_SIZE);
 hd_iov.iov_base = (void *)block;
@@ -615,7 +576,7 @@ restart:
 uint64_t offset = s->header.offset_data / SECTOR_SIZE +
   (uint64_t)bmap_entry * s->block_sectors +
   sector_in_block;
-hd_iov.iov_base = (void *)acb->buf;
+hd_iov.iov_base = (void *)buf;
 hd_iov.iov_len = n_sectors * SECTOR_SIZE;
 qemu_iovec_init_external(&hd_qiov, &hd_iov, 1);
 ret = bdrv_co_writev(bs->file, offset, n_sectors, &hd_qiov);
@@ -623,7 +584,7 @@ restart:
 
 nb_sectors -= n_sectors;
 sector_num += n_sectors;
-acb->buf += n_sectors * SECTOR_SIZE;
+buf += n_sectors * SECTOR_SIZE;

[Qemu-devel] [RFC PATCH v3 7/9] repagent: Fixes after remarks for Patch v2, mainly license and style

[Ori Mamluk]

Added qemu license to all files

Changed int to bool for flags

---

block/repagent/qemu-repagent.txt |   16 --

block/repagent/repagent.c|   39
++---

block/repagent/repagent.h|7 +++--

block/repagent/repagent_client.c |   35 -

block/repagent/repagent_drv.c|   23 ++

block/repagent/repcmd_listener.c |   38 ++--

block/repagent/rephub_defs.h |8 ---

7 files changed, 127 insertions(+), 39 deletions(-)



diff --git a/block/repagent/qemu-repagent.txt
b/block/repagent/qemu-repagent.txt

index f8def3f..0f9dc03 100644

--- a/block/repagent/qemu-repagent.txt

+++ b/block/repagent/qemu-repagent.txt

@@ -4,20 +4,22 @@ Introduction

 This document describes a feature in Qemu - a replication agent (named
Repagent).

 The Repagent is a new module that exposes an API to an external
replication system (AKA Rephub).

 This API allows a Rephub to communicate with a Qemu VM and
continuously replicate its volumes.

-The imlementation of a Rephub is outside of the scope of this
document. There may be several various Rephub

-implenetations using the same repagent in Qemu.

-The Repagent is storage driver that acts like a filter driver.

+The implementation of a Rephub is outside of the scope of this
document. There may be several various Rephub

+implementations using the same Repagent in Qemu.

+The Repagent acts like a filter driver.

 It can be regarded as a 'plugin' that is activated when the management
system enables replication.

 Main feature of Repagent

 Repagent has the following main features:

 * Report volumes - report a list of all volumes in a VM to the Rephub.

* Mirror writes - Report writes to a volume - send all writes made to a
protected volume to the Rephub.

-The reporting of an IO is asyncronuous - i.e. the IO is not
delayed by the Repagent to get any acknowledgement from the Rephub.

+The reporting of an IO is asynchronous - i.e. the IO is not
delayed by the Repagent to get any acknowledgement from the Rephub.

 It is only copied to the Rephub.

-* Remote IO - Read/write a  volume - allows the Rephub to read a
protected volume, to enable the protected hub to syncronize

+* Remote IO - Read/write a  volume - allows the Rephub to read a
protected volume, to enable the protected hub to synchronize

the content of a protected volume.

Also used to read/write to a recovery volume - the replica of a
protected volume.

+   Write operation is used to populate the recovery volume. Read is
needed for fail-over-test scenarios, and for sync-related

+   optimizations.

 Description of the Repagent module

@@ -48,7 +50,7 @@ General description of a Rephub  - a replication system
the repagent connects to

 Our Rephub is called SingleRephub - a Rephub protecting a single VM.

 Preparations

-1. The user chooses a host to rub SingleRephub - a different host than
PVM, call it Host2

+1. The user chooses a host to run SingleRephub - a different host than
PVM, call it Host2

 2. The user creates two volumes on Host2 - same sizes of V1 and V2,
call them V1R (V1 recovery) and V2R.

 3. The user runs SingleRephub process on Host2, and gives V1R and V2R
as command line arguments.

 From now on SingleRephub waits for the protected VM repagent to
connect.

@@ -64,7 +66,7 @@ General description of a Rephub  - a replication system
the repagent connects to

 and the Rephub performs the write on the matching recovery volume.

 * Note that during stage 3 writes to the protected volumes are not
ignored - they're kept in a bitmap,

-and will be read again when stage 3 ends, in an interative
convergin process.

+and will be read again when stage 3 ends, in an iterative
convergence process.

 This flow continuously maintains an updated recovery volume.

 If the protected system is damaged, the user can create a new VM on
Host2 with the replicated volumes attached to it.

diff --git a/block/repagent/repagent.c b/block/repagent/repagent.c

index bdc0117..2e70853 100644

--- a/block/repagent/repagent.c

+++ b/block/repagent/repagent.c

@@ -1,3 +1,26 @@

+/*

+ * QEMU System Emulator replication agent

+ *

+ * Copyright (c) 2003 Fabrice Bellard

+ *

+ * Permission is hereby granted, free of charge, to any person obtaining a
copy

+ * of this software and associated documentation files (the "Software"),
to deal

+ * in the Software without restriction, including without limitation the
rights

+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell

+ * copies of the Software, and to permit persons to whom the Software is

+ * furnished to do so, subject to the following conditions:

+ *

+ * The above copyright notice and this permission notice shall be included
in

+ * all copies

[Qemu-devel] [PATCH 3/3] virtio-scsi: add multiqueue capability

[Paolo Bonzini]

Adding multiqueue is as simple as creating more than one virtqueues,
and saving the queue number for each request.

Signed-off-by: Paolo Bonzini 
---
 hw/virtio-scsi.c |   25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 0d90d9c..e8328f4 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -129,12 +129,12 @@ typedef struct {
 VirtIOSCSIConf *conf;
 
 SCSIBus bus;
-VirtQueue *ctrl_vq;
-VirtQueue *event_vq;
-VirtQueue *cmd_vq;
 uint32_t sense_size;
 uint32_t cdb_size;
 int resetting;
+VirtQueue *ctrl_vq;
+VirtQueue *event_vq;
+VirtQueue *cmd_vqs[0];
 } VirtIOSCSI;
 
 typedef struct VirtIOSCSIReq {
@@ -240,8 +240,9 @@ static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, 
VirtQueue *vq)
 static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq)
 {
 VirtIOSCSIReq *req = sreq->hba_private;
-uint32_t n = 0;
+uint32_t n = virtio_queue_get_id(req->vq) - 2;
 
+assert(n < req->dev->conf->num_queues);
 qemu_put_be32s(f, &n);
 qemu_put_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
 }
@@ -255,9 +256,9 @@ static void *virtio_scsi_load_request(QEMUFile *f, 
SCSIRequest *sreq)
 
 req = g_malloc(sizeof(*req));
 qemu_get_be32s(f, &n);
-assert(n == 0);
+assert(n < s->conf->num_queues);
 qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
-virtio_scsi_parse_req(s, s->cmd_vq, req);
+virtio_scsi_parse_req(s, s->cmd_vqs[n], req);
 
 scsi_req_ref(sreq);
 req->sreq = sreq;
@@ -584,10 +585,12 @@ VirtIODevice *virtio_scsi_init(DeviceState *dev, 
VirtIOSCSIConf *proxyconf)
 {
 VirtIOSCSI *s;
 static int virtio_scsi_id;
+size_t sz;
+int i;
 
+sz = sizeof(VirtIOSCSI) + proxyconf->num_queues * sizeof(VirtQueue *);
 s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI,
- sizeof(VirtIOSCSIConfig),
- sizeof(VirtIOSCSI));
+ sizeof(VirtIOSCSIConfig), sz);
 
 s->qdev = dev;
 s->conf = proxyconf;
@@ -602,8 +605,10 @@ VirtIODevice *virtio_scsi_init(DeviceState *dev, 
VirtIOSCSIConf *proxyconf)
virtio_scsi_handle_ctrl);
 s->event_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
NULL);
-s->cmd_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
-   virtio_scsi_handle_cmd);
+for (i = 0; i < s->conf->num_queues; i++) {
+s->cmd_vqs[i] = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
+ virtio_scsi_handle_cmd);
+}
 
 scsi_bus_new(&s->bus, dev, &virtio_scsi_scsi_info);
 if (!dev->hotplugged) {
-- 
1.7.9.3

[Qemu-devel] [PATCH v8 02/10] Add uleb encoding/decoding functions

[Orit Wasserman]

Implement Unsigned Little Endian Base 128.

Signed-off-by: Orit Wasserman 
---
 migration.h |4 
 savevm.c|   28 
 2 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/migration.h b/migration.h
index 691b367..d798fac 100644
--- a/migration.h
+++ b/migration.h
@@ -92,4 +92,8 @@ void migrate_add_blocker(Error *reason);
  */
 void migrate_del_blocker(Error *reason);
 
+/* ULEB128 */
+int uleb128_encode_small(uint8_t *out, uint32_t n);
+int uleb128_decode_small(const uint8 *in, uint32_t *n);
+
 #endif
diff --git a/savevm.c b/savevm.c
index 12fb209..0b2fe38 100644
--- a/savevm.c
+++ b/savevm.c
@@ -2368,3 +2368,31 @@ void vmstate_register_ram_global(MemoryRegion *mr)
 {
 vmstate_register_ram(mr, NULL);
 }
+
+/* ULEB128 */
+int uleb128_encode_small(uint8_t *out, uint32_t n)
+{
+assert(n <= 0x3fff);
+if (n < 0x80) {
+*out++ = n;
+return 1;
+} else {
+*out++ = (n & 0x7f) | 0x80;
+*out++ = n >> 7;
+return 2;
+}
+}
+
+int uleb128_decode_small(const uint8 *in, uint32_t *n)
+{
+if (!(*in & 0x80)) {
+*n = *in++;
+return 1;
+} else {
+*n = *in++ & 0x7f;
+assert(!(*in & 0x80));
+*n |= *in++ << 7;
+return 2;
+}
+}
+
-- 
1.7.7.6

[Qemu-devel] [PATCH v2 2/5] target-ppc: QOM'ify CPU

[Andreas Färber]

Embed CPUPPCState as first member of PowerPCCPU.
Distinguish between "powerpc-cpu", "powerpc64-cpu" and
"embedded-powerpc-cpu".

Let CPUClass::reset() call cpu_state_reset() for now.

Signed-off-by: Andreas Färber 
---
 target-ppc/cpu-qom.h|   77 +++
 target-ppc/cpu.h|2 +
 target-ppc/helper.c |4 ++-
 target-ppc/translate_init.c |   37 
 4 files changed, 119 insertions(+), 1 deletions(-)
 create mode 100644 target-ppc/cpu-qom.h

diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
new file mode 100644
index 000..fef6f95
--- /dev/null
+++ b/target-ppc/cpu-qom.h
@@ -0,0 +1,77 @@
+/*
+ * QEMU PowerPC CPU
+ *
+ * Copyright (c) 2012 SUSE LINUX Products GmbH
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+#ifndef QEMU_PPC_CPU_QOM_H
+#define QEMU_PPC_CPU_QOM_H
+
+#include "qemu/cpu.h"
+#include "cpu.h"
+
+#ifdef TARGET_PPC64
+#define TYPE_POWERPC_CPU "powerpc64-cpu"
+#elif defined(TARGET_PPCEMB)
+#define TYPE_POWERPC_CPU "embedded-powerpc-cpu"
+#else
+#define TYPE_POWERPC_CPU "powerpc-cpu"
+#endif
+
+#define POWERPC_CPU_CLASS(klass) \
+OBJECT_CLASS_CHECK(PowerPCCPUClass, (klass), TYPE_POWERPC_CPU)
+#define POWERPC_CPU(obj) \
+OBJECT_CHECK(PowerPCCPU, (obj), TYPE_POWERPC_CPU)
+#define POWERPC_CPU_GET_CLASS(obj) \
+OBJECT_GET_CLASS(PowerPCCPUClass, (obj), TYPE_POWERPC_CPU)
+
+/**
+ * PowerPCCPUClass:
+ * @parent_reset: The parent class' reset handler.
+ *
+ * A PowerPC CPU model.
+ */
+typedef struct PowerPCCPUClass {
+/*< private >*/
+CPUClass parent_class;
+/*< public >*/
+
+void (*parent_reset)(CPUState *cpu);
+} PowerPCCPUClass;
+
+/**
+ * PowerPCCPU:
+ * @env: #CPUPPCState
+ *
+ * A PowerPC CPU.
+ */
+typedef struct PowerPCCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUPPCState env;
+} PowerPCCPU;
+
+static inline PowerPCCPU *ppc_env_get_cpu(CPUPPCState *env)
+{
+return POWERPC_CPU(container_of(env, PowerPCCPU, env));
+}
+
+#define ENV_GET_CPU(e) CPU(ppc_env_get_cpu(e))
+
+
+#endif
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index fc70644..7e97b2c 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1096,6 +1096,8 @@ struct mmu_ctx_t {
 };
 #endif
 
+#include "cpu-qom.h"
+
 /*/
 CPUPPCState *cpu_ppc_init (const char *cpu_model);
 void ppc_translate_init(void);
diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index 4cd7b0f..fa9494b 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -3186,6 +3186,7 @@ void cpu_state_reset(CPUPPCState *env)
 
 CPUPPCState *cpu_ppc_init (const char *cpu_model)
 {
+PowerPCCPU *cpu;
 CPUPPCState *env;
 const ppc_def_t *def;
 
@@ -3193,7 +3194,8 @@ CPUPPCState *cpu_ppc_init (const char *cpu_model)
 if (!def)
 return NULL;
 
-env = g_malloc0(sizeof(CPUPPCState));
+cpu = POWERPC_CPU(object_new(TYPE_POWERPC_CPU));
+env = &cpu->env;
 cpu_exec_init(env);
 if (tcg_enabled()) {
 ppc_translate_init();
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 367eefa..24817ef 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -10185,3 +10185,40 @@ void ppc_cpu_list (FILE *f, fprintf_function 
cpu_fprintf)
ppc_defs[i].name, ppc_defs[i].pvr);
 }
 }
+
+/* CPUClass::reset() */
+static void ppc_cpu_reset(CPUState *s)
+{
+PowerPCCPU *cpu = POWERPC_CPU(s);
+PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
+CPUPPCState *env = &cpu->env;
+
+pcc->parent_reset(s);
+
+cpu_state_reset(env);
+}
+
+static void ppc_cpu_class_init(ObjectClass *oc, void *data)
+{
+PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
+CPUClass *cc = CPU_CLASS(oc);
+
+pcc->parent_reset = cc->reset;
+cc->reset = ppc_cpu_reset;
+}
+
+static const TypeInfo ppc_cpu_type_info = {
+.name = TYPE_POWERPC_CPU,
+.parent = TYPE_CPU,
+.instance_size = sizeof(PowerPCCPU),
+.abstract = false,
+.class_size = sizeof(PowerPCCPUClass),
+.class_init = ppc_cpu_class_init,
+};
+
+static void ppc_cpu_register_types(void)
+{
+type_register_static(&ppc_cpu_type_info);
+}
+
+type_init(ppc_cpu_register_types)
-- 
1.7.7

[Qemu-devel] [PATCH v2 5/5] target-ppc: Add CPU finalizer

[Andreas Färber]

free() opcode tables. They are being malloc()'ed in create_new_table().

Resolves Jocelyn's TODO in former cpu_ppc_close().

Signed-off-by: Andreas Färber 
---
 target-ppc/translate_init.c |   14 ++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index bb81bbc..5365229 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -10261,6 +10261,19 @@ static void ppc_cpu_initfn(Object *obj)
 #endif /* !CONFIG_USER_ONLY */
 }
 
+static void ppc_cpu_uninitfn(Object *obj)
+{
+PowerPCCPU *cpu = POWERPC_CPU(obj);
+CPUPPCState *env = &cpu->env;
+int i;
+
+for (i = 0; i < 0x40; i++) {
+if (env->opcodes[i] != &invalid_handler) {
+free(env->opcodes[i]);
+}
+}
+}
+
 static void ppc_cpu_class_init(ObjectClass *oc, void *data)
 {
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
@@ -10275,6 +10288,7 @@ static const TypeInfo ppc_cpu_type_info = {
 .parent = TYPE_CPU,
 .instance_size = sizeof(PowerPCCPU),
 .instance_init = ppc_cpu_initfn,
+.instance_finalize = ppc_cpu_uninitfn,
 .abstract = false,
 .class_size = sizeof(PowerPCCPUClass),
 .class_init = ppc_cpu_class_init,
-- 
1.7.7

[Qemu-devel] [PATCH v2 3/5] target-ppc: QOM'ify CPU init

[Andreas Färber]

Move code from cpu_ppc_init() into an initfn.

Signed-off-by: Andreas Färber 
---
 target-ppc/helper.c |   10 +-
 target-ppc/translate_init.c |   20 
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index fa9494b..f2994ca 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -3196,19 +3196,11 @@ CPUPPCState *cpu_ppc_init (const char *cpu_model)
 
 cpu = POWERPC_CPU(object_new(TYPE_POWERPC_CPU));
 env = &cpu->env;
-cpu_exec_init(env);
+
 if (tcg_enabled()) {
 ppc_translate_init();
 }
-/* Adjust cpu index for SMT */
-#if !defined(CONFIG_USER_ONLY)
-if (kvm_enabled()) {
-int smt = kvmppc_smt_threads();
 
-env->cpu_index = (env->cpu_index / smp_threads)*smt
-+ (env->cpu_index % smp_threads);
-}
-#endif /* !CONFIG_USER_ONLY */
 env->cpu_model_str = cpu_model;
 cpu_ppc_register_internal(env, def);
 
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 24817ef..860a226 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -25,6 +25,7 @@
 
 #include "dis-asm.h"
 #include "gdbstub.h"
+#include "cpus.h"
 #include 
 #include "kvm_ppc.h"
 
@@ -10198,6 +10199,24 @@ static void ppc_cpu_reset(CPUState *s)
 cpu_state_reset(env);
 }
 
+static void ppc_cpu_initfn(Object *obj)
+{
+PowerPCCPU *cpu = POWERPC_CPU(obj);
+CPUPPCState *env = &cpu->env;
+
+cpu_exec_init(env);
+
+/* Adjust cpu index for SMT */
+#if !defined(CONFIG_USER_ONLY)
+if (kvm_enabled()) {
+int smt = kvmppc_smt_threads();
+
+env->cpu_index = (env->cpu_index / smp_threads) * smt
++ (env->cpu_index % smp_threads);
+}
+#endif /* !CONFIG_USER_ONLY */
+}
+
 static void ppc_cpu_class_init(ObjectClass *oc, void *data)
 {
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
@@ -10211,6 +10230,7 @@ static const TypeInfo ppc_cpu_type_info = {
 .name = TYPE_POWERPC_CPU,
 .parent = TYPE_CPU,
 .instance_size = sizeof(PowerPCCPU),
+.instance_init = ppc_cpu_initfn,
 .abstract = false,
 .class_size = sizeof(PowerPCCPUClass),
 .class_init = ppc_cpu_class_init,
-- 
1.7.7

[Qemu-devel] [PATCH v2 4/5] target-ppc: QOM'ify CPU reset

[Andreas Färber]

Move code from cpu_state_reset() into ppc_cpu_reset().
Reorder #include of helper_regs.h to use it in translate_init.c.

Adjust whitespace and add braces.

Signed-off-by: Andreas Färber 
---
 target-ppc/helper.c |   45 +-
 target-ppc/translate.c  |2 +-
 target-ppc/translate_init.c |   46 ++-
 3 files changed, 47 insertions(+), 46 deletions(-)

diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index f2994ca..cd090f1 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -3138,50 +3138,7 @@ void cpu_dump_rfi (target_ulong RA, target_ulong msr)
 
 void cpu_state_reset(CPUPPCState *env)
 {
-target_ulong msr;
-
-if (qemu_loglevel_mask(CPU_LOG_RESET)) {
-qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
-log_cpu_state(env, 0);
-}
-
-msr = (target_ulong)0;
-if (0) {
-/* XXX: find a suitable condition to enable the hypervisor mode */
-msr |= (target_ulong)MSR_HVB;
-}
-msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
-msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
-msr |= (target_ulong)1 << MSR_EP;
-#if defined (DO_SINGLE_STEP) && 0
-/* Single step trace mode */
-msr |= (target_ulong)1 << MSR_SE;
-msr |= (target_ulong)1 << MSR_BE;
-#endif
-#if defined(CONFIG_USER_ONLY)
-msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
-msr |= (target_ulong)1 << MSR_VR; /* Allow altivec usage */
-msr |= (target_ulong)1 << MSR_SPE; /* Allow SPE usage */
-msr |= (target_ulong)1 << MSR_PR;
-#else
-env->excp_prefix = env->hreset_excp_prefix;
-env->nip = env->hreset_vector | env->excp_prefix;
-if (env->mmu_model != POWERPC_MMU_REAL)
-ppc_tlb_invalidate_all(env);
-#endif
-env->msr = msr & env->msr_mask;
-#if defined(TARGET_PPC64)
-if (env->mmu_model & POWERPC_MMU_64)
-env->msr |= (1ULL << MSR_SF);
-#endif
-hreg_compute_hflags(env);
-env->reserve_addr = (target_ulong)-1ULL;
-/* Be sure no exception or interrupt is pending */
-env->pending_interrupts = 0;
-env->exception_index = POWERPC_EXCP_NONE;
-env->error_code = 0;
-/* Flush all TLBs */
-tlb_flush(env, 1);
+cpu_reset(ENV_GET_CPU(env));
 }
 
 CPUPPCState *cpu_ppc_init (const char *cpu_model)
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index c9a503a..cf59765 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -9306,8 +9306,8 @@ GEN_SPEOP_LDST(evstwwe, 0x1C, 2),
 GEN_SPEOP_LDST(evstwwo, 0x1E, 2),
 };
 
-#include "translate_init.c"
 #include "helper_regs.h"
+#include "translate_init.c"
 
 /*/
 /* Misc PowerPC helpers */
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 860a226..bb81bbc 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -10193,10 +10193,54 @@ static void ppc_cpu_reset(CPUState *s)
 PowerPCCPU *cpu = POWERPC_CPU(s);
 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 CPUPPCState *env = &cpu->env;
+target_ulong msr;
+
+if (qemu_loglevel_mask(CPU_LOG_RESET)) {
+qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
+log_cpu_state(env, 0);
+}
 
 pcc->parent_reset(s);
 
-cpu_state_reset(env);
+msr = (target_ulong)0;
+if (0) {
+/* XXX: find a suitable condition to enable the hypervisor mode */
+msr |= (target_ulong)MSR_HVB;
+}
+msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
+msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
+msr |= (target_ulong)1 << MSR_EP;
+#if defined(DO_SINGLE_STEP) && 0
+/* Single step trace mode */
+msr |= (target_ulong)1 << MSR_SE;
+msr |= (target_ulong)1 << MSR_BE;
+#endif
+#if defined(CONFIG_USER_ONLY)
+msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
+msr |= (target_ulong)1 << MSR_VR; /* Allow altivec usage */
+msr |= (target_ulong)1 << MSR_SPE; /* Allow SPE usage */
+msr |= (target_ulong)1 << MSR_PR;
+#else
+env->excp_prefix = env->hreset_excp_prefix;
+env->nip = env->hreset_vector | env->excp_prefix;
+if (env->mmu_model != POWERPC_MMU_REAL) {
+ppc_tlb_invalidate_all(env);
+}
+#endif
+env->msr = msr & env->msr_mask;
+#if defined(TARGET_PPC64)
+if (env->mmu_model & POWERPC_MMU_64) {
+env->msr |= (1ULL << MSR_SF);
+}
+#endif
+hreg_compute_hflags(env);
+env->reserve_addr = (target_ulong)-1ULL;
+/* Be sure no exception or interrupt is pending */
+env->pending_interrupts = 0;
+env->exception_index = POWERPC_EXCP_NONE;
+env->error_code = 0;
+/* Flush all TLBs */
+tlb_flush(env, 1);
 }
 
 static void ppc_cpu_initfn(Object *obj)
-- 
1.7.7

[Qemu-devel] [PATCH v8 08/10] Add migration capabilites

[Orit Wasserman]

Add migration capabiltes that can be queried by the management.
The managment can query to source and the destination in order to
verify both support some maigration capability (currently only XBZRLE).

Signed-off-by: Orit Wasserman 
---
 hmp.c|   18 ++
 hmp.h|1 +
 migration.c  |   11 +++
 monitor.c|7 +++
 qapi-schema.json |   24 
 qmp-commands.hx  |   24 
 savevm.c |2 +-
 7 files changed, 86 insertions(+), 1 deletions(-)

diff --git a/hmp.c b/hmp.c
index c2f8c31..186a119 100644
--- a/hmp.c
+++ b/hmp.c
@@ -156,6 +156,24 @@ void hmp_info_migrate(Monitor *mon)
 qapi_free_MigrationInfo(info);
 }
 
+void hmp_info_migration_caps(Monitor *mon)
+{
+MigrationCapList *caps_list, *cap;
+
+caps_list = qmp_query_migration_caps(NULL);
+if (!caps_list) {
+monitor_printf(mon, "No migration capabilities found\n");
+return;
+}
+
+for (cap = caps_list; cap; cap = cap->next) {
+monitor_printf(mon, "%s\n", cap->value->name);
+}
+
+qapi_free_MigrationCapList(caps_list);
+
+}
+
 void hmp_info_cpus(Monitor *mon)
 {
 CpuInfoList *cpu_list, *cpu;
diff --git a/hmp.h b/hmp.h
index 8807853..1c53d35 100644
--- a/hmp.h
+++ b/hmp.h
@@ -25,6 +25,7 @@ void hmp_info_uuid(Monitor *mon);
 void hmp_info_chardev(Monitor *mon);
 void hmp_info_mice(Monitor *mon);
 void hmp_info_migrate(Monitor *mon);
+void hmp_info_migration_caps(Monitor *mon);
 void hmp_info_cpus(Monitor *mon);
 void hmp_info_block(Monitor *mon);
 void hmp_info_blockstats(Monitor *mon);
diff --git a/migration.c b/migration.c
index 66238de..db8c3d8 100644
--- a/migration.c
+++ b/migration.c
@@ -161,6 +161,17 @@ MigrationInfo *qmp_query_migrate(Error **errp)
 return info;
 }
 
+MigrationCapList *qmp_query_migration_caps(Error **errp)
+{
+MigrationCapList *caps_list = g_malloc0(sizeof(*caps_list));
+
+caps_list->value = g_malloc(sizeof(*caps_list->value));
+caps_list->value->name = g_strdup("uleb");
+caps_list->next = NULL;
+
+return caps_list;
+}
+
 /* shared migration helpers */
 
 static int migrate_fd_cleanup(MigrationState *s)
diff --git a/monitor.c b/monitor.c
index 8946a10..ff434e0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2558,6 +2558,13 @@ static mon_cmd_t info_cmds[] = {
 .mhandler.info = hmp_info_migrate,
 },
 {
+.name   = "migration_caps",
+.args_type  = "",
+.params = "",
+.help   = "show migration capabilties",
+.mhandler.info = hmp_info_migration_caps,
+},
+{
 .name   = "balloon",
 .args_type  = "",
 .params = "",
diff --git a/qapi-schema.json b/qapi-schema.json
index 8b1c78a..e49ec43 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -276,6 +276,30 @@
 { 'command': 'query-migrate', 'returns': 'MigrationInfo' }
 
 ##
+# @MigrationCap
+#
+# Information about current migration capabilites.
+#
+# @xbzrle: true if the current migration supports xbzrle
+#
+# Since: 1.1
+##
+{ 'type': 'MigrationCap',
+  'data': { 'name': 'str'} }
+
+##
+# @query-migration-caps
+#
+# Returns information about current migration process capabilties.
+#
+# Returns: @MigrationCap
+#
+# Since: 1.1
+##
+{ 'command': 'query-migration-caps', 'returns': ['MigrationCap'] }
+
+
+##
 # @MouseInfo:
 #
 # Information about a mouse device.
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 5d3714f..c21ec1c 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -2073,6 +2073,30 @@ EQMP
 },
 
 SQMP
+query-migration-caps
+---
+
+Query migration capabilties
+
+- "xbzrle": xbzrle support
+
+Arguments:
+
+Example:
+
+-> { "execute": "query-migration-caps"}
+<- { "return": { "xbzrle" : true } }
+
+EQMP
+
+{
+.name   = "query_migration_caps",
+.args_type  = "",
+   .mhandler.cmd_new = qmp_marshal_input_query_migration_caps,
+},
+
+
+SQMP
 query-balloon
 -
 
diff --git a/savevm.c b/savevm.c
index fbf1903..3c0b7cc 100644
--- a/savevm.c
+++ b/savevm.c
@@ -1573,7 +1573,7 @@ int qemu_savevm_state_begin(QEMUFile *f,
}
 se->set_params(params, se->opaque);
 }
-
+
 qemu_put_be32(f, QEMU_VM_FILE_MAGIC);
 qemu_put_be32(f, QEMU_VM_FILE_VERSION);
 
-- 
1.7.7.6

[Qemu-devel] [PATCH v2 0/5] QOM'ify Power Architecture CPU

[Andreas Färber]

Hello,

This series follows up on my PowerPC QOM'ification patches from the
qom-cpu-others.v1 RFC series and splits it into steps easier to review.
The finalizer is actually filled with life now. Subclasses are postponed.

David and Scott, please review and test.

Available from:
git://github.com/afaerber/qemu-cpu.git qom-cpu-ppc.v2
https://github.com/afaerber/qemu-cpu/commits/qom-cpu-ppc.v2

Regards,
Andreas

v1 -> v2:
* Split off from qom-cpu-others series.
* Update argument/variable naming to avoid "klass" and to use ..._type_info.
* Drop subclasses for now, leaving TYPE_POWERPC_CPU non-abstract.
* Rename TYPE_POWERPC_CPU to "powerpc64-cpu" for TARGET_PPC64 and to
  "embedded-powerpc-cpu" for TARGET_PPCEMB, based on a suggestion by Blue.
* Implement finalizer.

Andreas Färber (5):
  target-ppc: Drop cpu_ppc_close()
  target-ppc: QOM'ify CPU
  target-ppc: QOM'ify CPU init
  target-ppc: QOM'ify CPU reset
  target-ppc: Add CPU finalizer

 target-ppc/cpu-qom.h|   77 +
 target-ppc/cpu.h|3 +-
 target-ppc/helper.c |   65 ++--
 target-ppc/translate.c  |2 +-
 target-ppc/translate_init.c |  115 +++
 5 files changed, 200 insertions(+), 62 deletions(-)
 create mode 100644 target-ppc/cpu-qom.h

-- 
1.7.7

[Qemu-devel] [PATCH v2 0/5] QOM'ify Power Architecture CPU

[Andreas Färber]

Hello,

This series follows up on my PowerPC QOM'ification patches from the
qom-cpu-others.v1 RFC series and splits it into steps easier to review.
The finalizer is actually filled with life now. Subclasses are postponed.

David and Scott, please review and test.

Available from:
git://github.com/afaerber/qemu-cpu.git qom-cpu-ppc.v2
https://github.com/afaerber/qemu-cpu/commits/qom-cpu-ppc.v2

Regards,
Andreas

Cc: qemu-ppc 
Cc: David Gibson 
Cc: Scott Wood 

v1 -> v2:
* Split off from qom-cpu-others series.
* Update argument/variable naming to avoid "klass" and to use ..._type_info.
* Drop subclasses for now, leaving TYPE_POWERPC_CPU non-abstract.
* Rename TYPE_POWERPC_CPU to "powerpc64-cpu" for TARGET_PPC64 and to
  "embedded-powerpc-cpu" for TARGET_PPCEMB, based on a suggestion by Blue.
* Implement finalizer.

Andreas Färber (5):
  target-ppc: Drop cpu_ppc_close()
  target-ppc: QOM'ify CPU
  target-ppc: QOM'ify CPU init
  target-ppc: QOM'ify CPU reset
  target-ppc: Add CPU finalizer

 target-ppc/cpu-qom.h|   77 +
 target-ppc/cpu.h|3 +-
 target-ppc/helper.c |   65 ++--
 target-ppc/translate.c  |2 +-
 target-ppc/translate_init.c |  115 +++
 5 files changed, 200 insertions(+), 62 deletions(-)
 create mode 100644 target-ppc/cpu-qom.h

-- 
1.7.7

Re: [Qemu-devel] [PATCH] scsi: fix memory leak

[Zhi Yong Wu]

On Fri, Apr 6, 2012 at 9:48 PM, Paolo Bonzini  wrote:
> scsibus_get_dev_path is leaking id if it is not NULL.  Fix it.
>
> Reported-by: Laszlo Ersek 
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/scsi-bus.c |    7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index 8e76c5d..216b51f 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -1430,15 +1430,18 @@ static char *scsibus_get_dev_path(DeviceState *dev)
>     SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev);
>     DeviceState *hba = dev->parent_bus->parent;
>     char *id = NULL;
> +    char *path;
>
>     if (hba && hba->parent_bus && hba->parent_bus->info->get_dev_path) {
>         id = hba->parent_bus->info->get_dev_path(hba);
>     }
>     if (id) {
> -        return g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
> +        path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
>     } else {
> -        return g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
> +        path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
>     }
> +    free(id);
> +    return path;
good catch.
>  }
>
>  static char *scsibus_get_fw_dev_path(DeviceState *dev)
> --
> 1.7.9.3
>
>



-- 
Regards,

Zhi Yong Wu

[Qemu-devel] [PATCH 2/3] virtio: add virtio_queue_get_id

[Paolo Bonzini]

Serializing virtio-scsi requests needs a simple way to get from a
VirtQueue to the number of the queue.  The virtio_queue_get_id
provides this.

Cc: Anthony Liguori 
Cc: Michael S. Tsirkin 
Signed-off-by: Paolo Bonzini 
---
 hw/virtio.c |7 +++
 hw/virtio.h |1 +
 2 files changed, 8 insertions(+)

diff --git a/hw/virtio.c b/hw/virtio.c
index 064aecf..314abf8 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -624,6 +624,13 @@ int virtio_queue_get_num(VirtIODevice *vdev, int n)
 return vdev->vq[n].vring.num;
 }
 
+int virtio_queue_get_id(VirtQueue *vq)
+{
+VirtIODevice *vdev = vq->vdev;
+assert(vq >= &vdev->vq[0] && vq < &vdev->vq[VIRTIO_PCI_QUEUE_MAX]);
+return vq - &vdev->vq[0];
+}
+
 void virtio_queue_notify_vq(VirtQueue *vq)
 {
 if (vq->vring.desc) {
diff --git a/hw/virtio.h b/hw/virtio.h
index 400c092..0aef7d1 100644
--- a/hw/virtio.h
+++ b/hw/virtio.h
@@ -229,6 +229,7 @@ target_phys_addr_t virtio_queue_get_ring_size(VirtIODevice 
*vdev, int n);
 uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n);
 void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx);
 VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n);
+int virtio_queue_get_id(VirtQueue *vq);
 EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq);
 EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
 void virtio_queue_notify_vq(VirtQueue *vq);
-- 
1.7.9.3

[Qemu-devel] [PATCH] scsi: fix memory leak

[Paolo Bonzini]

scsibus_get_dev_path is leaking id if it is not NULL.  Fix it.

Reported-by: Laszlo Ersek 
Signed-off-by: Paolo Bonzini 
---
 hw/scsi-bus.c |7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 8e76c5d..216b51f 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -1430,15 +1430,18 @@ static char *scsibus_get_dev_path(DeviceState *dev)
 SCSIDevice *d = DO_UPCAST(SCSIDevice, qdev, dev);
 DeviceState *hba = dev->parent_bus->parent;
 char *id = NULL;
+char *path;
 
 if (hba && hba->parent_bus && hba->parent_bus->info->get_dev_path) {
 id = hba->parent_bus->info->get_dev_path(hba);
 }
 if (id) {
-return g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
+path = g_strdup_printf("%s/%d:%d:%d", id, d->channel, d->id, d->lun);
 } else {
-return g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
+path = g_strdup_printf("%d:%d:%d", d->channel, d->id, d->lun);
 }
+free(id);
+return path;
 }
 
 static char *scsibus_get_fw_dev_path(DeviceState *dev)
-- 
1.7.9.3

[Qemu-devel] Flash memory emulation on QEMU [on u-boot]

[jagan]

Hi,

I am new to this qemu setup.
I have builed & used qemu-system-arm for u-boot.
I was able to get the u-boot prompt, on versatilePB arch.

My questions are
-- Does Qemu already have flash memory emulation support?
-- I need to test my u-boot on QEMU with NOR, NAND, SERIAL & SD flash
memory emulations.

Request for pointers/suggestions.

Regards,
Jagan.

Re: [Qemu-devel] [PATCH V8 1/1] Guest stop notificationorry for rduplicate mail

[Raghavendra K T]

On 04/06/2012 03:19 PM, Raghavendra K T wrote:

On 04/06/2012 02:29 PM, Andreas Färber wrote:

Am 06.04.2012 09:21, schrieb Raghavendra K T:

From: Eric B Munson

Often when a guest is stopped from the qemu console, it will report
spurious
soft lockup warnings on resume. There are kernel patches being
discussed that
will give the host the ability to tell the guest that it is being
stopped and
should ignore the soft lockup warning that generates. This patch uses
the qemu
Notifier system to tell the guest it is about to be stopped.

Signed-off-by: Eric B Munson
Signed-off-by: Raghavendra K T

Cc: Eric B Munson
Cc: Avi Kivity
Cc: Marcelo Tosatti
Cc: Anthony Liguori
Cc: Jan Kiszka
Cc: "Andreas FÀrber"
---
Changes from V7:
capabilty changed to KVM_CAP_KVMCLOCK_CTRL
KVM_GUEST_PAUSED is pervcpu again
CPUState renamed to CPUArchState


Thanks, change looks right to me.


I think I should have added Acked-by and resent full patch. So here is 
it. sorry for duplicate mail.

---
From: Eric B Munson 

Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume.  There are kernel patches being 
discussed that
will give the host the ability to tell the guest that it is being 
stopped and
should ignore the soft lockup warning that generates.  This patch uses 
the qemu

Notifier system to tell the guest it is about to be stopped.

Acked-by: "Andreas Färber" 
Signed-off-by: Eric B Munson 
Signed-off-by: Raghavendra K T 

Cc: Eric B Munson 
Cc: Avi Kivity 
Cc: Marcelo Tosatti 
Cc: Anthony Liguori 
Cc: Jan Kiszka 
Cc: "Andreas Färber" 
---
Changes from V7:
 capabilty changed to KVM_CAP_KVMCLOCK_CTRL
 KVM_GUEST_PAUSED is pervcpu again
 CPUState renamed to CPUArchState
 KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL
 incorporated Andrea's comments (__FUNCTION__) etc

Changes from V6:
 Remove unnecessary include

Changes from V5:
 KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu

Changes from V4:
 Test if the guest paused capability is available before use

Changes from V3:
 Collapse new state change notification function into existsing function.
 Correct whitespace issues
 Change ioctl name to KVMCLOCK_GUEST_PAUSED
 Use for loop to iterate vpcu's

Changes from V2:
 Move ioctl into hw/kvmclock.c so as other arches can use it as it is
implemented

Changes from V1:
 Remove unnecessary encapsulating function
---

diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
index 446bd62..a6aa6e4 100644
--- a/hw/kvm/clock.c
+++ b/hw/kvm/clock.c
@@ -65,9 +65,27 @@ static void kvmclock_vm_state_change(void *opaque, 
int running,

  RunState state)
 {
 KVMClockState *s = opaque;
+CPUArchState *penv = first_cpu;
+int cap_clock_ctrl = kvm_check_extension(kvm_state, 
KVM_CAP_KVMCLOCK_CTRL);

+int ret;

 if (running) {
 s->clock_valid = false;
+
+if (!cap_clock_ctrl) {
+return;
+}
+for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
+ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr,
+" %s: %s\n", __FUNCTION__,
+strerror(-ret));
+}
+return;
+}
+}
 }
 }

[Qemu-devel] [PATCH] remove useless comments in dma

[Wanpeng Li]

This comment is useless, just removes it and makes the codes clear.

Signed-off-by: Wanpeng Li 
---
 dma.h |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/dma.h b/dma.h
index 20e86d2..5bd1fc8 100644
--- a/dma.h
+++ b/dma.h
@@ -11,7 +11,6 @@
 #define DMA_H
 
 #include 
-//#include "cpu.h"
 #include "hw/hw.h"
 #include "block.h"
 
-- 
1.7.5.4

[Qemu-devel] [PATCH 02/46] tracetool: Forbid argument name 'next'

[Kevin Wolf]

It has happened more than once that patches that look perfectly sane
and work with simpletrace broke systemtap because they use 'next' as an
argument name for a tracing function. However, 'next' is a keyword for
systemtap, so we shouldn't use it.

Signed-off-by: Kevin Wolf 
---
 scripts/tracetool |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/scripts/tracetool b/scripts/tracetool
index 47389b6..7b1c142 100755
--- a/scripts/tracetool
+++ b/scripts/tracetool
@@ -81,6 +81,10 @@ get_args()
 args=${1#*\(}
 args=${args%%\)*}
 echo "$args"
+
+if (echo "$args" | grep "[ *]next\($\|[, ]\)" > /dev/null 2>&1); then
+echo -e "\n#error 'next' is a bad argument name (clash with systemtap 
keyword)\n "
+fi
 }
 
 # Get the argument name list of a trace event
-- 
1.7.6.5

[Qemu-devel] [PATCH V2 10/10] hw/sd.c: introduce SD card "image" property and allow SD hot-insert

[Igor Mitsyanko]

New SD card "image" property can be used to:
- change image file attached to virtual SD card
- hot-insert new image file into newly initialized BlockDriverState (this was 
not
possible before).

Example usage:
./qom-set /machine/milkymist/milkymist-memcard/card.image /home/me/mynewcard.img
this will attach image file /home/me/mynewcard.img to virtual SD card connected 
to
milkymist-memcard host controller device. If virtual card was already attached 
to
some other image file, eject event is triggered before attaching new file.

Signed-off-by: Igor Mitsyanko 
---
 hw/sd.c |   44 
 1 files changed, 44 insertions(+), 0 deletions(-)

diff --git a/hw/sd.c b/hw/sd.c
index 8ffaa17..3e75405 100644
--- a/hw/sd.c
+++ b/hw/sd.c
@@ -1816,6 +1816,48 @@ static void sd_set_spimode(Object *obj, Visitor *v, void 
*opaque,
 }
 }
 
+static void sd_set_image_path(Object *obj, Visitor *v, void *opaque,
+ const char *name, Error **errp)
+{
+SDState *sd = SD_CARD(obj);
+char *new_image;
+
+visit_type_str(v, &new_image, "file", errp);
+
+if (error_is_set(errp)) {
+return;
+}
+
+if (sd->bdrv) {
+qmp_change_blockdev(bdrv_get_device_name(sd->bdrv), new_image,
+false, NULL, errp);
+} else {
+DriveInfo *di;
+QemuOpts *opts = drive_add(IF_SD, sd->if_idx, new_image, "");
+
+if (!opts) {
+error_set(errp, QERR_OPEN_FILE_FAILED, new_image);
+return;
+}
+
+di = drive_init(opts, 0);
+if (!di) {
+error_set(errp, QERR_OPEN_FILE_FAILED, new_image);
+return;
+}
+
+sd_reset(sd, di->bdrv);
+if (bdrv_attach_dev(sd->bdrv, sd) < 0) {
+drive_put_ref(di);
+error_set(errp, QERR_OPEN_FILE_FAILED, new_image);
+return;
+}
+bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
+qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
+qemu_set_irq(sd->readonly_cb, sd->wp_switch);
+}
+}
+
 static void sd_initfn(Object *obj)
 {
 SDState *sd = SD_CARD(obj);
@@ -1826,6 +1868,8 @@ static void sd_initfn(Object *obj)
 NULL, NULL, NULL);
 object_property_add(obj, "spi-mode", "boolean", sd_is_spi, sd_set_spimode,
 NULL, NULL, NULL);
+object_property_add(OBJECT(sd), "image", "string",
+NULL, sd_set_image_path, NULL, NULL, NULL);
 }
 
 static TypeInfo sd_type_info = {
-- 
1.7.4.1

Re: [Qemu-devel] [PATCH v3 01/10] Introduce qemu_cond_timedwait for POSIX

[Paolo Bonzini]

Il 05/04/2012 14:30, malc ha scritto:
>> > Would save that "* 1000". I just wondered why we do not use it elsewhere
>> > in QEMU and was reluctant to risk some BSD breakage.
>> > 
> It's probably worth mentioning that using anything other than 
> clock_gettime and CLOCK_MONOTONING (as well as setting proper pthread
> clock attr on the condition variable) is prone to the surprises (such
> as NTP corrections and daylight saving changes).

I was about to suggest the same, but how widespread is support for
pthread_condattr_setclock?

Paolo

[Qemu-devel] [PATCH v3 01/10] Introduce qemu_cond_timedwait for POSIX

[Jan Kiszka]

First user will be POSIX compat aio. Windows use cases aren't in sight,
so this remains a POSIX-only service for now.

Signed-off-by: Jan Kiszka 
---
 qemu-thread-posix.c |   23 +++
 qemu-thread-posix.h |5 +
 2 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/qemu-thread-posix.c b/qemu-thread-posix.c
index 9e1b5fb..cd65df2 100644
--- a/qemu-thread-posix.c
+++ b/qemu-thread-posix.c
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "qemu-thread.h"
 
 static void error_exit(int err, const char *msg)
@@ -115,6 +116,28 @@ void qemu_cond_wait(QemuCond *cond, QemuMutex *mutex)
 error_exit(err, __func__);
 }
 
+/* Returns true if condition was signals, false if timed out. */
+bool qemu_cond_timedwait(QemuCond *cond, QemuMutex *mutex,
+ unsigned int timeout_ms)
+{
+struct timespec ts;
+struct timeval tv;
+int err;
+
+gettimeofday(&tv, NULL);
+ts.tv_sec = tv.tv_sec + timeout_ms / 1000;
+ts.tv_nsec = tv.tv_usec * 1000 + timeout_ms % 1000;
+if (ts.tv_nsec > 10) {
+ts.tv_sec++;
+ts.tv_nsec -= 10;
+}
+err = pthread_cond_timedwait(&cond->cond, &mutex->lock, &ts);
+if (err && err != ETIMEDOUT) {
+error_exit(err, __func__);
+}
+return err == 0;
+}
+
 void qemu_thread_create(QemuThread *thread,
void *(*start_routine)(void*),
void *arg, int mode)
diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
index ee4618e..9f00524 100644
--- a/qemu-thread-posix.h
+++ b/qemu-thread-posix.h
@@ -1,5 +1,6 @@
 #ifndef __QEMU_THREAD_POSIX_H
 #define __QEMU_THREAD_POSIX_H 1
+#include 
 #include "pthread.h"
 
 struct QemuMutex {
@@ -14,4 +15,8 @@ struct QemuThread {
 pthread_t thread;
 };
 
+/* only provided for posix so far */
+bool qemu_cond_timedwait(QemuCond *cond, QemuMutex *mutex,
+ unsigned int timeout_ms);
+
 #endif
-- 
1.7.3.4

Re: [Qemu-devel] [PATCH 1/1] Allow machines to configure the QEMU_VERSION that's exposed via hardware

[Peter Maydell]

On 5 April 2012 15:26, Crístian Viana  wrote:
> diff --git a/vl.c b/vl.c
> index ae91a8a..7fea263 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1561,7 +1561,8 @@ static void main_loop(void)
>
>  static void version(void)
>  {
> -    printf("QEMU emulator version " QEMU_VERSION QEMU_PKGVERSION ", 
> Copyright (c) 2003-2008 Fabrice Bellard\n");
> +    printf("QEMU emulator version %s" QEMU_PKGVERSION ", "
> +           "Copyright (c) 2003-2008 Fabrice Bellard\n", qemu_get_version());
>  }

This kind of change is definitely wrong -- where we're reporting
the QEMU version to the *user* we definitely don't want to introduce
the possibility of lying about it.

(This is distinct from reporting the QEMU version to the *guest*
via device manufacturer/version strings.)

-- PMM

Re: [Qemu-devel] [PATCH 0/5] Spread the use of QEMU threading & locking API

[Jan Kiszka]

On 2012-04-05 14:48, Paolo Bonzini wrote:
> Il 05/04/2012 14:04, Jan Kiszka ha scritto:
>>> EventNotifier _is not_ yet another thread synchronization primitive.  It
>>> can be used across processes, across the user/kernel boundary, and the
>>> main loop can wait on multiple instances.  QemuThread synchronization
>>> primitives are only usable within a process, cannot be passed to the
>>> kernel, and cannot signal the main loop.
>>
>> Yes, QemuEvent can also be triggered externally - so could at least some
>> of the other synchronization primitives if we had a use case for that.
>>
>>> Besides, QemuEvent is no different from the existing EventNotifier, I
>>> don't think the churn introduced by the rename is justified.
>>
>> It is as EventNotifiers stood aside our synchronization infrastructure,
>> and were only designed around vhost-net. This moves the concept in the
>> center AND applies it broadly, including to the main loop. That "churn"
>> is adoption to our naming and code organization scheme for
>> synchronization primitives.
> 
> But QemuEvent takes away the best name for a useful concept (a
> cross-platform implementation of Win32 events; you can see that in the

The concept is not lost, it perfectly fit this incarnation. Just the
special futex version for Linux is not feasible.

> RCU patches which were even posted on the list).  We already have a
> perfectly good name for EventNotifiers, and there's no reason to break
> the history of event-notifier.c.

Have you measured if the futex optimization is actually worth the
effort, specifically compared to the fast path of mutex/cond loop?

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

[Qemu-devel] [PATCH V2 07/10] SD card: introduce "if-idx" property for SD card objects

[Igor Mitsyanko]

Rather then pass on a BlockDriverState pointer to SD init function, we now 
should set
"if-idx" property of SD card object to a value corresponding to index of 
DriveInfo
we want to attach to SD card.
All users were converted to use this new approach to SD card initialization. 
Omap and PXA
mmc initialization functions are modified to accept DriveInfo * instead of 
BlockDriverState *,
so these function may have easy access to block device coresponding index.
Host controllers should set "if-idx" property before initializing freshly 
instantiated
SD card. During initialization, card will be linked with block device of the 
same interface
index.

Signed-off-by: Igor Mitsyanko 
---
 hw/milkymist-memcard.c |7 ++-
 hw/omap.h  |4 ++--
 hw/omap1.c |2 +-
 hw/omap2.c |2 +-
 hw/omap_mmc.c  |   16 
 hw/pl181.c |7 ++-
 hw/pxa.h   |2 +-
 hw/pxa2xx.c|5 ++---
 hw/pxa2xx_mmci.c   |8 ++--
 hw/sd.c|   47 ---
 hw/sd.h|4 ++--
 hw/ssi-sd.c|7 ++-
 12 files changed, 89 insertions(+), 22 deletions(-)

diff --git a/hw/milkymist-memcard.c b/hw/milkymist-memcard.c
index 1d84d44..2fff47f 100644
--- a/hw/milkymist-memcard.c
+++ b/hw/milkymist-memcard.c
@@ -251,10 +251,15 @@ static int milkymist_memcard_init(SysBusDevice *dev)
 {
 MilkymistMemcardState *s = FROM_SYSBUS(typeof(*s), dev);
 DriveInfo *dinfo;
+Error *errp = NULL;
 
 s->card = SD_CARD(object_new(TYPE_SD_CARD));
 dinfo = drive_get_next(IF_SD);
-SD_INIT(s->card, dinfo ? dinfo->bdrv : NULL, false);
+if (dinfo) {
+object_property_set_int(OBJECT(s->card), dinfo->unit, "if-idx", &errp);
+}
+assert_no_error(errp);
+SD_INIT(s->card, false);
 s->enabled = dinfo ? bdrv_is_inserted(dinfo->bdrv) : 0;
 
 memory_region_init_io(&s->regs_region, &memcard_mmio_ops, s,
diff --git a/hw/omap.h b/hw/omap.h
index 6c3d004..969f9cd 100644
--- a/hw/omap.h
+++ b/hw/omap.h
@@ -754,10 +754,10 @@ void omap_rfbi_attach(struct omap_dss_s *s, int cs, 
struct rfbi_chip_s *chip);
 struct omap_mmc_s;
 struct omap_mmc_s *omap_mmc_init(target_phys_addr_t base,
 MemoryRegion *sysmem,
-BlockDriverState *bd,
+DriveInfo *di,
 qemu_irq irq, qemu_irq dma[], omap_clk clk);
 struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta,
-BlockDriverState *bd, qemu_irq irq, qemu_irq dma[],
+DriveInfo *di, qemu_irq irq, qemu_irq dma[],
 omap_clk fclk, omap_clk iclk);
 void omap_mmc_reset(struct omap_mmc_s *s);
 void omap_mmc_handlers(struct omap_mmc_s *s, qemu_irq ro, qemu_irq cover);
diff --git a/hw/omap1.c b/hw/omap1.c
index 80d47f0..fb722bc 100644
--- a/hw/omap1.c
+++ b/hw/omap1.c
@@ -3964,7 +3964,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion 
*system_memory,
 fprintf(stderr, "qemu: missing SecureDigital device\n");
 exit(1);
 }
-s->mmc = omap_mmc_init(0xfffb7800, system_memory, dinfo->bdrv,
+s->mmc = omap_mmc_init(0xfffb7800, system_memory, dinfo,
qdev_get_gpio_in(s->ih[1], OMAP_INT_OQN),
&s->drq[OMAP_DMA_MMC_TX],
 omap_findclk(s, "mmc_ck"));
diff --git a/hw/omap2.c b/hw/omap2.c
index 42fce5e..770389b 100644
--- a/hw/omap2.c
+++ b/hw/omap2.c
@@ -2459,7 +2459,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion 
*sysmem,
 fprintf(stderr, "qemu: missing SecureDigital device\n");
 exit(1);
 }
-s->mmc = omap2_mmc_init(omap_l4tao(s->l4, 9), dinfo->bdrv,
+s->mmc = omap2_mmc_init(omap_l4tao(s->l4, 9), dinfo,
 qdev_get_gpio_in(s->ih[0], OMAP_INT_24XX_MMC_IRQ),
 &s->drq[OMAP24XX_DMA_MMC1_TX],
 omap_findclk(s, "mmc_fclk"), omap_findclk(s, "mmc_iclk"));
diff --git a/hw/omap_mmc.c b/hw/omap_mmc.c
index 15bc1ae..3bf29c2 100644
--- a/hw/omap_mmc.c
+++ b/hw/omap_mmc.c
@@ -19,6 +19,8 @@
 #include "hw.h"
 #include "omap.h"
 #include "sd.h"
+#include "qerror.h"
+#include "blockdev.h"
 
 struct omap_mmc_s {
 qemu_irq irq;
@@ -575,9 +577,10 @@ static void omap_mmc_cover_cb(void *opaque, int line, int 
level)
 
 struct omap_mmc_s *omap_mmc_init(target_phys_addr_t base,
 MemoryRegion *sysmem,
-BlockDriverState *bd,
+DriveInfo *di,
 qemu_irq irq, qemu_irq dma[], omap_clk clk)
 {
+Error *errp = NULL;
 struct omap_mmc_s *s = (struct omap_mmc_s *)
 g_malloc0(sizeof(struct omap_mmc_s));
 
@@ -594,15 +597,18 @@ struct omap_mmc_s *omap_mmc_init(target_phys_addr_t base,
 
 /* Instantiate the storage */
 s->card = SD_CARD(object_new(TYPE_SD_CARD));
-SD_INIT(s->card, bd, false);
+object_property_set_int(OBJECT(s->card), di->unit,

Re: [Qemu-devel] [PATCH v2 2/4] target-i386: QOM'ify CPU

[Andreas Färber]

Am 03.04.2012 02:05, schrieb Andreas Färber:
> Embed CPUX86State as first member of X86CPU.
> Drop cpu_x86_close() in favor of calling object_delete() directly.
> 
> For now let CPUClass::reset() call cpu_state_reset().
> 
> Signed-off-by: Andreas Färber 
> ---
>  target-i386/cpu-qom.h |   71 
> +
>  target-i386/cpu.c |   37 +
>  target-i386/cpu.h |3 +-
>  target-i386/helper.c  |   11 +++-
>  4 files changed, 114 insertions(+), 8 deletions(-)
>  create mode 100644 target-i386/cpu-qom.h

Based on an idea by Blue I've prepared the following change, adjusting
the type name based on target:

diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index e6ebfb8..40635c4 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -23,7 +23,11 @@
 #include "qemu/cpu.h"
 #include "cpu.h"

-#define TYPE_X86_CPU "x86-cpu"
+#ifdef TARGET_X86_64
+#define TYPE_X86_CPU "x86_64-cpu"
+#else
+#define TYPE_X86_CPU "i386-cpu"
+#endif

 #define X86_CPU_CLASS(klass) \
 OBJECT_CLASS_CHECK(X86CPUClass, (klass), TYPE_X86_CPU)

/-F

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v2 0/4] QOM'ify x86 CPU, part 1

[Andreas Färber]

Am 03.04.2012 02:05, schrieb Andreas Färber:
> Hello,
> 
> This series strips down x86 CPU QOM'ification to the bare minimum,
> leaving out subclasses for builtin or external CPU models.
> It is ordered after the s390x conversion but is independent of it, again
> due to alphabetical ordering, so that it could be applied right away now.
> 
> While I haven't seen any follow-up patches for X86CPU hotplug yet,
> patch 2 is the one that allows to either use it as a child<> of a device
> or to put TYPE_CPU directly onto some qdev bus for CONFIG_SOFTMMU.

Ping! If no comments arrive, I'll send a PULL on Tuesday.

/-F

> 
> Available from:
> git://github.com/afaerber/qemu-cpu.git qom-cpu-x86.v2
> https://github.com/afaerber/qemu-cpu/commits/qom-cpu-x86.v2
> 
> Regards,
> Andreas
> 
> Cc: Anthony Liguori 
> Cc: Jan Kiszka 
> Cc: Igor Mammedov 
> Cc: Liu Jinsong 
> Cc: Lai Jiangshan 
> Cc: Vasilis Liaskovitis 
> Cc: Eduardo Habkost 
> 
> v1 -> v2:
> * Move file rename to its own patch.
> * Set diff.renames to true to force rename detection for cpu.c.
> * Postpone TYPE_X86_CPU subclasses and split off reset and initfn conversion.
> 
> Andreas Färber (4):
>   target-i386: Rename cpuid.c
>   target-i386: QOM'ify CPU
>   target-i386: QOM'ify CPU init
>   target-i386: QOM'ify CPU reset
> 
>  Makefile.target|2 +-
>  target-i386/cpu-qom.h  |   71 +
>  target-i386/{cpuid.c => cpu.c} |  134 
> 
>  target-i386/cpu.h  |3 +-
>  target-i386/helper.c   |  100 ++
>  5 files changed, 213 insertions(+), 97 deletions(-)
>  create mode 100644 target-i386/cpu-qom.h
>  rename target-i386/{cpuid.c => cpu.c} (92%)

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH 39/46] block stream: close unused files and update ->backing_hd

[Kevin Wolf]

From: Marcelo Tosatti 

Close the now unused images that were part of the previous backing file
chain and adjust ->backing_hd, backing_filename and backing_format
properly.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=801449

Signed-off-by: Marcelo Tosatti 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block/stream.c |   34 ++
 1 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/block/stream.c b/block/stream.c
index 61ff7a2..0efe1ad 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -76,6 +76,39 @@ static int coroutine_fn stream_populate(BlockDriverState *bs,
 return bdrv_co_copy_on_readv(bs, sector_num, nb_sectors, &qiov);
 }
 
+static void close_unused_images(BlockDriverState *top, BlockDriverState *base,
+const char *base_id)
+{
+BlockDriverState *intermediate;
+intermediate = top->backing_hd;
+
+while (intermediate) {
+BlockDriverState *unused;
+
+/* reached base */
+if (intermediate == base) {
+break;
+}
+
+unused = intermediate;
+intermediate = intermediate->backing_hd;
+unused->backing_hd = NULL;
+bdrv_delete(unused);
+}
+top->backing_hd = base;
+
+pstrcpy(top->backing_file, sizeof(top->backing_file), "");
+pstrcpy(top->backing_format, sizeof(top->backing_format), "");
+if (base_id) {
+pstrcpy(top->backing_file, sizeof(top->backing_file), base_id);
+if (base->drv) {
+pstrcpy(top->backing_format, sizeof(top->backing_format),
+base->drv->format_name);
+}
+}
+
+}
+
 /*
  * Given an image chain: [BASE] -> [INTER1] -> [INTER2] -> [TOP]
  *
@@ -223,6 +256,7 @@ retry:
 base_id = s->backing_file_id;
 }
 ret = bdrv_change_backing_file(bs, base_id, NULL);
+close_unused_images(bs, base, base_id);
 }
 
 qemu_vfree(buf);
-- 
1.7.6.5

[Qemu-devel] [PATCH v2 4/5] acpi_piix4: Re-define PCI hotplug eject register read

[Alex Williamson]

The PCI hotplug eject register has always returned 0, so let's redefine
it as a hotplug feature register.  The existing model of using separate
up & down read-only registers and an eject via write to this register
becomes the base implementation.  As we make use of new interfaces we'll
set bits here to allow the BIOS and AML implementation to optimize for
the platform implementation.

Signed-off-by: Alex Williamson 
---

 docs/specs/acpi_pci_hotplug.txt |   12 ++--
 hw/acpi_piix4.c |7 ---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/docs/specs/acpi_pci_hotplug.txt b/docs/specs/acpi_pci_hotplug.txt
index 1883d63..a839434 100644
--- a/docs/specs/acpi_pci_hotplug.txt
+++ b/docs/specs/acpi_pci_hotplug.txt
@@ -27,8 +27,16 @@ events.  Read-only.
 PCI device eject (IO port 0xae08-0xae0b, 4-byte access):
 
 
-Used by ACPI BIOS _EJ0 method to request device removal. One bit per slot.
-Reads return 0.
+Write: Used by ACPI BIOS _EJ0 method to request device removal.
+One bit per slot.
+
+Read: Hotplug features register.  Used by platform to identify features
+available.  Current base feature set (no bits set):
+ - Read-only "up" register @0xae00, 4-byte access, bit per slot
+ - Read-only "down" register @0xae04, 4-byte access, bit per slot
+ - Read/write "eject" register @0xae08, 4-byte access,
+   write: bit per slot eject, read: hotplug feature set
+ - Read-only hotplug capable register @0xae0c, 4-byte access, bit per slot
 
 PCI removability status (IO port 0xae0c-0xae0f, 4-byte access):
 ---
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 5d3b0ba..11c1f85 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -511,9 +511,10 @@ static uint32_t pci_down_read(void *opaque, uint32_t addr)
 return val;
 }
 
-static uint32_t pciej_read(void *opaque, uint32_t addr)
+static uint32_t pci_features_read(void *opaque, uint32_t addr)
 {
-PIIX4_DPRINTF("pciej read %x\n", addr);
+/* No feature defined yet */
+PIIX4_DPRINTF("pci_features_read %x\n", 0);
 return 0;
 }
 
@@ -545,7 +546,7 @@ static void piix4_acpi_system_hot_add_init(PCIBus *bus, 
PIIX4PMState *s)
 register_ioport_read(PCI_DOWN_BASE, 4, 4, pci_down_read, s);
 
 register_ioport_write(PCI_EJ_BASE, 4, 4, pciej_write, s);
-register_ioport_read(PCI_EJ_BASE, 4, 4,  pciej_read, s);
+register_ioport_read(PCI_EJ_BASE, 4, 4,  pci_features_read, s);
 
 register_ioport_read(PCI_RMV_BASE, 4, 4,  pcirmv_read, s);
 

Re: [Qemu-devel] [PATCH V8 1/1] Guest stop notification

[Raghavendra K T]

On 04/06/2012 02:29 PM, Andreas Färber wrote:

Am 06.04.2012 09:21, schrieb Raghavendra K T:

From: Eric B Munson

Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume.  There are kernel patches being discussed that
will give the host the ability to tell the guest that it is being stopped and
should ignore the soft lockup warning that generates.  This patch uses the qemu
Notifier system to tell the guest it is about to be stopped.

Signed-off-by: Eric B Munson
Signed-off-by: Raghavendra K T

Cc: Eric B Munson
Cc: Avi Kivity
Cc: Marcelo Tosatti
Cc: Anthony Liguori
Cc: Jan Kiszka
Cc: "Andreas FÀrber"
---
Changes from V7:
  capabilty changed to KVM_CAP_KVMCLOCK_CTRL
  KVM_GUEST_PAUSED is pervcpu again
  CPUState renamed to CPUArchState


Thanks, change looks right to me.

Long-term I should probably consider supplying some cpu_foreach() macro
to iterate over them, but that would still need manual declaration of a
properly typed variable for the CPUArchState ->  CPUState switch.


  KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL

Changes from V6:
  Remove unnecessary include

Changes from V5:
  KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu

Changes from V4:
  Test if the guest paused capability is available before use

Changes from V3:
  Collapse new state change notification function into existsing function.
  Correct whitespace issues
  Change ioctl name to KVMCLOCK_GUEST_PAUSED
  Use for loop to iterate vpcu's

Changes from V2:
  Move ioctl into hw/kvmclock.c so as other arches can use it as it is
implemented

Changes from V1:
  Remove unnecessary encapsulating function
---

diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
index 446bd62..c8a34a5 100644
--- a/hw/kvm/clock.c
+++ b/hw/kvm/clock.c
@@ -64,10 +64,28 @@ static int kvmclock_post_load(void *opaque, int version_id)
  static void kvmclock_vm_state_change(void *opaque, int running,
   RunState state)
  {
+int ret;


Minor nitpick: We usually assign opaque values first thing in the
function, so maybe order ret last if you resend?


  KVMClockState *s = opaque;
+CPUArchState *penv = first_cpu;
+int cap_clock_ctrl = kvm_check_extension(kvm_state, KVM_CAP_KVMCLOCK_CTRL);

  if (running) {
  s->clock_valid = false;
+
+if (!cap_clock_ctrl) {
+return;
+}
+for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
+ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr,
+"kvmclock_vm_state_change: %s\n",
+strerror(-ret));


I always recommend to use __func__. Otherwise looks okay to me.

Andreas


+}
+return;
+}
+}
  }
  }




Thanks for Review. Sending with comments incorporated.
---
diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
index 446bd62..a6aa6e4 100644
--- a/hw/kvm/clock.c
+++ b/hw/kvm/clock.c
@@ -65,9 +65,27 @@ static void kvmclock_vm_state_change(void *opaque, 
int running,

  RunState state)
 {
 KVMClockState *s = opaque;
+CPUArchState *penv = first_cpu;
+int cap_clock_ctrl = kvm_check_extension(kvm_state, 
KVM_CAP_KVMCLOCK_CTRL);

+int ret;

 if (running) {
 s->clock_valid = false;
+
+if (!cap_clock_ctrl) {
+return;
+}
+for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
+ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr,
+" %s: %s\n", __FUNCTION__,
+strerror(-ret));
+}
+return;
+}
+}
 }
 }

Re: [Qemu-devel] [PATCH V8 1/1] Guest stop notification

[Andreas Färber]

Am 06.04.2012 09:21, schrieb Raghavendra K T:
> From: Eric B Munson 
> 
> Often when a guest is stopped from the qemu console, it will report spurious
> soft lockup warnings on resume.  There are kernel patches being discussed that
> will give the host the ability to tell the guest that it is being stopped and
> should ignore the soft lockup warning that generates.  This patch uses the 
> qemu
> Notifier system to tell the guest it is about to be stopped.
> 
> Signed-off-by: Eric B Munson  
> Signed-off-by: Raghavendra K T 
> 
> Cc: Eric B Munson 
> Cc: Avi Kivity  
> Cc: Marcelo Tosatti 
> Cc: Anthony Liguori 
> Cc: Jan Kiszka 
> Cc: "Andreas FÀrber" 
> ---
> Changes from V7:
>  capabilty changed to KVM_CAP_KVMCLOCK_CTRL
>  KVM_GUEST_PAUSED is pervcpu again
>  CPUState renamed to CPUArchState

Thanks, change looks right to me.

Long-term I should probably consider supplying some cpu_foreach() macro
to iterate over them, but that would still need manual declaration of a
properly typed variable for the CPUArchState -> CPUState switch.

>  KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL
> 
> Changes from V6:
>  Remove unnecessary include
> 
> Changes from V5:
>  KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu
> 
> Changes from V4:
>  Test if the guest paused capability is available before use
> 
> Changes from V3:
>  Collapse new state change notification function into existsing function.
>  Correct whitespace issues
>  Change ioctl name to KVMCLOCK_GUEST_PAUSED
>  Use for loop to iterate vpcu's
> 
> Changes from V2:
>  Move ioctl into hw/kvmclock.c so as other arches can use it as it is
> implemented
> 
> Changes from V1:
>  Remove unnecessary encapsulating function
> ---
> 
> diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
> index 446bd62..c8a34a5 100644
> --- a/hw/kvm/clock.c
> +++ b/hw/kvm/clock.c
> @@ -64,10 +64,28 @@ static int kvmclock_post_load(void *opaque, int 
> version_id)
>  static void kvmclock_vm_state_change(void *opaque, int running,
>   RunState state)
>  {
> +int ret;

Minor nitpick: We usually assign opaque values first thing in the
function, so maybe order ret last if you resend?

>  KVMClockState *s = opaque;
> +CPUArchState *penv = first_cpu;
> +int cap_clock_ctrl = kvm_check_extension(kvm_state, 
> KVM_CAP_KVMCLOCK_CTRL);
>  
>  if (running) {
>  s->clock_valid = false;
> +
> +if (!cap_clock_ctrl) {
> +return;
> +}
> +for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
> +ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
> +if (ret) {
> +if (ret != -EINVAL) {
> +fprintf(stderr,
> +"kvmclock_vm_state_change: %s\n",
> +strerror(-ret));

I always recommend to use __func__. Otherwise looks okay to me.

Andreas

> +}
> +return;
> +}
> +}
>  }
>  }
>  

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 4/7] block: close unused image files at the end of streaming

[Federico Simoncelli]

- Original Message -
> From: "Paolo Bonzini" 
> To: qemu-devel@nongnu.org
> Cc: "Marcelo Tosatti" , "Federico Simoncelli" 
> 
> Sent: Thursday, April 5, 2012 5:42:58 PM
> Subject: [PATCH 4/7] block: close unused image files at the end of streaming
> 
> From: Marcelo Tosatti 
> 
> Close the now unused images that were part of the previous backing
> file
> chain and adjust ->backing_hd properly.
> 
> Note that this only works with relative paths.

s/relative/absolute/

> Given the images:
> 
>  /tmp/a/base.raw
>  /tmp/a/snap1.qcow2
>  /tmp/b/snap2.qcow2
> 
> chained as:
> 
>  base(bak:"") <- snap1(bak:"base.raw") <-
>  snap2(bak:"../a/snap1.qcow2")
> 
> merging snap1 and snap2 we will obtain:
> 
>  base(bak:"") <- snap2(bak:"base.raw")
> 
> However this should be maintained by the user/admin: one can also
> screw up relative paths using qemu-img manually.

The patch is fine but I disagree with this comment. The user/admin didn't make
any mistake and he shouldn't be in charge of additional maintenance (which is
also tricky since the VM is running).

-- 
Federico

[Qemu-devel] [PATCH 24/46] block: cancel jobs when a device is ready to go away

[Kevin Wolf]

From: Paolo Bonzini 

We do not want jobs to keep a device busy for a possibly very long
time, and management could become confused because they thought a
device was not even there anymore.  So, cancel long-running jobs
as soon as their device is going to disappear.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 blockdev.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index f5e7dba..4d17486 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -64,6 +64,9 @@ void blockdev_mark_auto_del(BlockDriverState *bs)
 {
 DriveInfo *dinfo = drive_get_by_blockdev(bs);
 
+if (bs->job) {
+block_job_cancel(bs->job);
+}
 if (dinfo) {
 dinfo->auto_del = 1;
 }
-- 
1.7.6.5

[Qemu-devel] [PATCH 2/2 V2] coroutine: add qemu_coroutine_run() wrapper

[Lai Jiangshan]

Wrapper for qemu_coroutine_create()+qemu_coroutine_enter()

Signed-off-by: Lai Jiangshan 
Reviewed-by: Paolo Bonzini 
---
 block.c |   28 +++-
 hw/9pfs/virtio-9p.c |4 +---
 nbd.c   |2 +-
 qemu-coroutine.h|   12 
 qemu-io.c   |4 +---
 5 files changed, 22 insertions(+), 28 deletions(-)

diff --git a/block.c b/block.c
index b88ee90..adf2010 100644
--- a/block.c
+++ b/block.c
@@ -1451,7 +1451,6 @@ static int bdrv_rw_co(BlockDriverState *bs, int64_t 
sector_num, uint8_t *buf,
 .iov_base = (void *)buf,
 .iov_len = nb_sectors * BDRV_SECTOR_SIZE,
 };
-Coroutine *co;
 RwCo rwco = {
 .bs = bs,
 .sector_num = sector_num,
@@ -1467,8 +1466,7 @@ static int bdrv_rw_co(BlockDriverState *bs, int64_t 
sector_num, uint8_t *buf,
 /* Fast-path if already in coroutine context */
 bdrv_rw_co_entry(&rwco);
 } else {
-co = qemu_coroutine_create(bdrv_rw_co_entry);
-qemu_coroutine_enter(co, &rwco);
+qemu_coroutine_run(bdrv_rw_co_entry, &rwco);
 while (rwco.ret == NOT_DONE) {
 qemu_aio_wait();
 }
@@ -2414,7 +2412,6 @@ static void coroutine_fn bdrv_is_allocated_co_entry(void 
*opaque)
 int bdrv_is_allocated(BlockDriverState *bs, int64_t sector_num, int nb_sectors,
   int *pnum)
 {
-Coroutine *co;
 BdrvCoIsAllocatedData data = {
 .bs = bs,
 .sector_num = sector_num,
@@ -2423,8 +2420,7 @@ int bdrv_is_allocated(BlockDriverState *bs, int64_t 
sector_num, int nb_sectors,
 .done = false,
 };
 
-co = qemu_coroutine_create(bdrv_is_allocated_co_entry);
-qemu_coroutine_enter(co, &data);
+qemu_coroutine_run(bdrv_is_allocated_co_entry, &data);
 while (!data.done) {
 qemu_aio_wait();
 }
@@ -3348,7 +3344,6 @@ static BlockDriverAIOCB 
*bdrv_co_aio_rw_vector(BlockDriverState *bs,
void *opaque,
bool is_write)
 {
-Coroutine *co;
 BlockDriverAIOCBCoroutine *acb;
 
 acb = qemu_aio_get(&bdrv_em_co_aio_pool, bs, cb, opaque);
@@ -3357,8 +3352,7 @@ static BlockDriverAIOCB 
*bdrv_co_aio_rw_vector(BlockDriverState *bs,
 acb->req.qiov = qiov;
 acb->is_write = is_write;
 
-co = qemu_coroutine_create(bdrv_co_do_rw);
-qemu_coroutine_enter(co, acb);
+qemu_coroutine_run(bdrv_co_do_rw, acb);
 
 return &acb->common;
 }
@@ -3378,12 +3372,10 @@ BlockDriverAIOCB *bdrv_aio_flush(BlockDriverState *bs,
 {
 trace_bdrv_aio_flush(bs, opaque);
 
-Coroutine *co;
 BlockDriverAIOCBCoroutine *acb;
 
 acb = qemu_aio_get(&bdrv_em_co_aio_pool, bs, cb, opaque);
-co = qemu_coroutine_create(bdrv_aio_flush_co_entry);
-qemu_coroutine_enter(co, acb);
+qemu_coroutine_run(bdrv_aio_flush_co_entry, acb);
 
 return &acb->common;
 }
@@ -3402,7 +3394,6 @@ BlockDriverAIOCB *bdrv_aio_discard(BlockDriverState *bs,
 int64_t sector_num, int nb_sectors,
 BlockDriverCompletionFunc *cb, void *opaque)
 {
-Coroutine *co;
 BlockDriverAIOCBCoroutine *acb;
 
 trace_bdrv_aio_discard(bs, sector_num, nb_sectors, opaque);
@@ -3410,8 +3401,7 @@ BlockDriverAIOCB *bdrv_aio_discard(BlockDriverState *bs,
 acb = qemu_aio_get(&bdrv_em_co_aio_pool, bs, cb, opaque);
 acb->req.sector = sector_num;
 acb->req.nb_sectors = nb_sectors;
-co = qemu_coroutine_create(bdrv_aio_discard_co_entry);
-qemu_coroutine_enter(co, acb);
+qemu_coroutine_run(bdrv_aio_discard_co_entry, acb);
 
 return &acb->common;
 }
@@ -3586,7 +3576,6 @@ void bdrv_invalidate_cache_all(void)
 
 int bdrv_flush(BlockDriverState *bs)
 {
-Coroutine *co;
 RwCo rwco = {
 .bs = bs,
 .ret = NOT_DONE,
@@ -3596,8 +3585,7 @@ int bdrv_flush(BlockDriverState *bs)
 /* Fast-path if already in coroutine context */
 bdrv_flush_co_entry(&rwco);
 } else {
-co = qemu_coroutine_create(bdrv_flush_co_entry);
-qemu_coroutine_enter(co, &rwco);
+qemu_coroutine_run(bdrv_flush_co_entry, &rwco);
 while (rwco.ret == NOT_DONE) {
 qemu_aio_wait();
 }
@@ -3645,7 +3633,6 @@ int coroutine_fn bdrv_co_discard(BlockDriverState *bs, 
int64_t sector_num,
 
 int bdrv_discard(BlockDriverState *bs, int64_t sector_num, int nb_sectors)
 {
-Coroutine *co;
 RwCo rwco = {
 .bs = bs,
 .sector_num = sector_num,
@@ -3657,8 +3644,7 @@ int bdrv_discard(BlockDriverState *bs, int64_t 
sector_num, int nb_sectors)
 /* Fast-path if already in coroutine context */
 bdrv_discard_co_entry(&rwco);
 } else {
-co = qemu_coroutine_create(bdrv_discard_co_entry);
-qemu_coroutine_enter(co, &rwco);
+qemu_coroutine_run(bdrv_discard_co_entry, &rwco);
 while (rwco.ret == NOT_DONE) {
 qemu_aio_wait();
 }
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/vir

[Qemu-devel] [PATCH 1/2 V2] coroutine: init unlock_bh during boot

[Lai Jiangshan]

use __attribute__((constructor)) to do the initialization.

Signed-off-by: Lai Jiangshan 
Reviewed-by: Paolo Bonzini 
---
 qemu-coroutine-lock.c |9 +
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/qemu-coroutine-lock.c b/qemu-coroutine-lock.c
index 26ad76b..03b999e 100644
--- a/qemu-coroutine-lock.c
+++ b/qemu-coroutine-lock.c
@@ -44,13 +44,14 @@ static void qemu_co_queue_next_bh(void *opaque)
 }
 }
 
+static void __attribute__((constructor)) unlock_bh_init(void)
+{
+unlock_bh = qemu_bh_new(qemu_co_queue_next_bh, NULL);
+}
+
 void qemu_co_queue_init(CoQueue *queue)
 {
 QTAILQ_INIT(&queue->entries);
-
-if (!unlock_bh) {
-unlock_bh = qemu_bh_new(qemu_co_queue_next_bh, NULL);
-}
 }
 
 void coroutine_fn qemu_co_queue_wait(CoQueue *queue)
-- 
1.7.4.4

[Qemu-devel] [PATCH 41/46] block: add a function to clear incoming live migration flags

[Kevin Wolf]

From: Benoît Canet 

This function will clear all BDRV_O_INCOMING flags.

Signed-off-by: Benoit Canet 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block.c |9 +
 block.h |2 ++
 2 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/block.c b/block.c
index b3117ef..c0c90f0 100644
--- a/block.c
+++ b/block.c
@@ -3624,6 +3624,15 @@ void bdrv_invalidate_cache_all(void)
 }
 }
 
+void bdrv_clear_incoming_migration_all(void)
+{
+BlockDriverState *bs;
+
+QTAILQ_FOREACH(bs, &bdrv_states, list) {
+bs->open_flags = bs->open_flags & ~(BDRV_O_INCOMING);
+}
+}
+
 int bdrv_flush(BlockDriverState *bs)
 {
 Coroutine *co;
diff --git a/block.h b/block.h
index 5151dea..f163e54 100644
--- a/block.h
+++ b/block.h
@@ -229,6 +229,8 @@ BlockDriverAIOCB *bdrv_aio_ioctl(BlockDriverState *bs,
 void bdrv_invalidate_cache(BlockDriverState *bs);
 void bdrv_invalidate_cache_all(void);
 
+void bdrv_clear_incoming_migration_all(void);
+
 /* Ensure contents are flushed to disk.  */
 int bdrv_flush(BlockDriverState *bs);
 int coroutine_fn bdrv_co_flush(BlockDriverState *bs);
-- 
1.7.6.5

Re: [Qemu-devel] [PATCH] Support system reset in Exynos4210

[Maksim Kozlov]

04.04.2012 21:37, Dmitry Zhurikhin пишет:

On 2012-04-04 20:16, Maksim Kozlov wrote:

04.04.2012 16:35, Dmitry Zhurikhin пишет:

On 2012-04-04 15:55, Maksim Kozlov wrote:

04.04.2012 14:08, Dmitry Zhurikhin пишет:

Reset the system when 1 is written to SWRESET register

Signed-off-by: Dmitry Zhurikhin
---
hw/exynos4210_pmu.c |   11 +++
1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/hw/exynos4210_pmu.c b/hw/exynos4210_pmu.c
index c12d750..edf6e34 100644
--- a/hw/exynos4210_pmu.c
+++ b/hw/exynos4210_pmu.c
@@ -25,6 +25,7 @@
 */

#include "sysbus.h"
+#include "sysemu.h"

#ifndef DEBUG_PMU
#define DEBUG_PMU   0
@@ -422,6 +423,16 @@ static void exynos4210_pmu_write(void *opaque,
target_phys_addr_t offset,
if (reg_p->offset == offset) {
PRINT_DEBUG_EXTEND("%s<0x%04x><- 0x%04x\n",
reg_p->name,
(uint32_t)offset, (uint32_t)val);
+switch (offset) {
+case SWRESET:
+if (val&1) {
+qemu_system_reset_request();
+}
+break;
+default:
+/* Nothing */
+break;
+}
s->reg[i] = val;
return;
}

It's not quite well. At first, when you do reset, appropriate status
must be set in RST_STAT register. At second, not all registers in PMU
should be set in default value after reset, so you should change PMU
reset function for handling different resets (see spec) So, this
functionality should be wrote more carefully

Well, this is the case when there is a need to modify booting procedure
depending on the values of these registers.  I haven't found any such
code in the current kernel.  As I now remember saving their values was
indeed important when we were trying to use an U-Boot bootloader.  But
as long as we are sticking with QEMU bootloader it doesn't matter.


3.4-rc1 and 2.6.36 kernels use INFORM5 register which should keep his
value during sw reset. And U-Boot (which can be used instead of kernel
for some purposes) uses INFORM[456] registers which should be saved as
well.

My opinion is we should not add code which describe incorrect behavior
of the device regardless of whether kernel uses some registers or no.

OK, this is a righteous position.  Again, I think in this case
implementing what you propose won't be neither bad nor good.  But since
you've asked, I'll try to do it.



Anyway this information is unfortunately absent in Exynos4210 public
documentation.

Hm... Really, I've just found out that public specification doesn't
contain information about PMU

I can make the changes according to Exynos3210 specification since they
are pretty close.  But of course I'd prefer that you send me full
specifications.  Dmitry, what you say?
PMUs in exynos4210 and in exynos3210 is not pretty close. They have 
significant differences.




And use #define for registers and fields of the registers. It's more
clearly, as for me.

As you say.

:)


Regards,
MK


  Regards,
  Dmitry





 Regards,
 Dmitry

[Qemu-devel] [PATCH V8 1/1] Guest stop notification

[Raghavendra K T]

From: Eric B Munson 

Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume.  There are kernel patches being discussed that
will give the host the ability to tell the guest that it is being stopped and
should ignore the soft lockup warning that generates.  This patch uses the qemu
Notifier system to tell the guest it is about to be stopped.

Signed-off-by: Eric B Munson  
Signed-off-by: Raghavendra K T 

Cc: Eric B Munson 
Cc: Avi Kivity  
Cc: Marcelo Tosatti 
Cc: Anthony Liguori 
Cc: Jan Kiszka 
Cc: "Andreas Färber" 
---
Changes from V7:
 capabilty changed to KVM_CAP_KVMCLOCK_CTRL
 KVM_GUEST_PAUSED is pervcpu again
 CPUState renamed to CPUArchState
 KVMCLOCK_GUEST_PAUSED changed to  KVM_KVMCLOCK_CTRL

Changes from V6:
 Remove unnecessary include

Changes from V5:
 KVM_GUEST_PAUSED is now a per vm ioctl instead of per vcpu

Changes from V4:
 Test if the guest paused capability is available before use

Changes from V3:
 Collapse new state change notification function into existsing function.
 Correct whitespace issues
 Change ioctl name to KVMCLOCK_GUEST_PAUSED
 Use for loop to iterate vpcu's

Changes from V2:
 Move ioctl into hw/kvmclock.c so as other arches can use it as it is
implemented

Changes from V1:
 Remove unnecessary encapsulating function
---

diff --git a/hw/kvm/clock.c b/hw/kvm/clock.c
index 446bd62..c8a34a5 100644
--- a/hw/kvm/clock.c
+++ b/hw/kvm/clock.c
@@ -64,10 +64,28 @@ static int kvmclock_post_load(void *opaque, int version_id)
 static void kvmclock_vm_state_change(void *opaque, int running,
  RunState state)
 {
+int ret;
 KVMClockState *s = opaque;
+CPUArchState *penv = first_cpu;
+int cap_clock_ctrl = kvm_check_extension(kvm_state, KVM_CAP_KVMCLOCK_CTRL);
 
 if (running) {
 s->clock_valid = false;
+
+if (!cap_clock_ctrl) {
+return;
+}
+for (penv = first_cpu; penv != NULL; penv = penv->next_cpu) {
+ret = kvm_vcpu_ioctl(penv, KVM_KVMCLOCK_CTRL, 0);
+if (ret) {
+if (ret != -EINVAL) {
+fprintf(stderr,
+"kvmclock_vm_state_change: %s\n",
+strerror(-ret));
+}
+return;
+}
+}
 }
 }