Re: [Qemu-devel] QEMU VNC Audio - All audio data null

[agraham]

On 07/14/2012 03:17 AM, agraham wrote:

Hi Guys,

I've written a VNC client that implements the VNC QEMU Audio extensions.
Using QEMU 0.13 it works very very for remote sound, however after
upgrading to QEMU 1.1.0 the audio stream contains only bytes of zeros,
so this results in no sound on the client.

It is almost like the stream is muted by sending 0 bytes instead of the
actual data.

0: VNC: :SOUND: AudioOn
1: VNC: :SOUND: Received _QEMU_Audio_Server_Message: Operation: 1
2: VNC: :SOUND: Received _QEMU_Audio_Start
3: VNC: :SOUND: Received _QEMU_Audio_Server_Message: Operation: 2
4: VNC: :SOUND: Received _QEMU_Audio_Data 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Is there something new that needs to be done in order for the sound to
be pushed out, like some unmute mechanism?

I rebuilt QEMU 0.15.1 and sound worked but was very choppy, I think due
to some timer injection changes - but that's another issue.

Thanks in advance.

Albert


I've just rebuilt QEMU 1.0 (and all of its dependencies) and it has the 
same problem (zero bytes), so some incompatibility was introduced 
between 0.15.1 and 1.1.0.


Anyone got any clues ?

Thanks.

Albert

[Qemu-devel] In process NBD server

[Eknath Venkataramani]

Hello all,
Has the GSoC 2012 project "In process NBD server" completed?
If it hasn't, what would be a good way to pull out (only) files from a
windows guest to the host machine, when the guest is in a stopped
state?

-- 
Eknath Venkataramani

Re: [Qemu-devel] [PATCHv4 07/14] unicore32-softmmu: Add puv3 soc/board support

[guanxuetao]

> 2012/7/13 Guan Xuetao :
>> This patch only add puv3 soc/board support, which introduces puv3
>> machine description, and specifies console type.
>>
>> Signed-off-by: Guan Xuetao 
>> ---
>>  default-configs/unicore32-softmmu.mak |1 +
>>  hw/puv3.c |   93
>> +
>>  hw/puv3.h |   49 +
>>  hw/unicore32/Makefile.objs|5 ++
>>  4 files changed, 148 insertions(+), 0 deletions(-)
>>  create mode 100644 hw/puv3.c
>>  create mode 100644 hw/puv3.h
>>
>> diff --git a/default-configs/unicore32-softmmu.mak
>> b/default-configs/unicore32-softmmu.mak
>> index 5f04fe3..726a338 100644
>> --- a/default-configs/unicore32-softmmu.mak
>> +++ b/default-configs/unicore32-softmmu.mak
>> @@ -1 +1,2 @@
>>  # Default configuration for unicore32-softmmu
>> +CONFIG_PUV3=y
>> diff --git a/hw/puv3.c b/hw/puv3.c
>> new file mode 100644
>> index 000..0dc129d
>> --- /dev/null
>> +++ b/hw/puv3.c
>
>
>> +static QEMUMachine puv3_machine = {
>> +.name = "puv3",
>> +.desc = "PKUnity Version-3 based on UniCore32",
>> +.init = puv3_init,
>> +.use_scsi = 0,
> Since there is only one machine type for unicore32 architecture,
> is_default field should be set  to 1, so that find_default_machine()
> returns with non-null value.

Thanks for pointing it out. I'll add a patch on this one.

Regards,
Guan Xuetao


>> +};
>> +
>> +static void puv3_machine_init(void)
>> +{
>> +qemu_register_machine(&puv3_machine);
>> +}
>> +
>> +machine_init(puv3_machine_init)
>
> --
> Best Regards,
>
> Dunrong Huang
>

Re: [Qemu-devel] [PATCH] RFC: vfio-powerpc: added VFIO support (v3)

[Alexey Kardashevskiy]

On 14/07/12 01:07, Alex Williamson wrote:
> On Fri, 2012-07-13 at 17:26 +1000, Alexey Kardashevskiy wrote:
>> It literally does the following:
>>
>> 1. POWERPC IOMMU support (the kernel counterpart is required)
>>
>> 2. The patch assumes that IOAPIC calls are going to be replaced
>> with something generic.
>>
>> 3. vfio_group_iommu_ioctl() has been added to let sPAPR IOMMU
>> handler to call VFIO IOMMU driver.
>>
>> 4. Change sPAPR PHB to scan the PCI bus which is used for
>> the IOMMU-VFIO group. Now it is enough to add the following to
>> the QEMU command line to get VFIO up with all the devices from
>> IOMMU group with id=3:
>> -device spapr-pci-host-bridge,busname=E1000E,buid=0x3,iommu=3,\
>> mem_win_addr=0x2300,io_win_addr=0x2400,msi_win_addr=0x2500
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>  hw/ppc/Makefile.objs  |3 ++
>>  hw/spapr.h|4 ++
>>  hw/spapr_iommu.c  |   69 ++-
>>  hw/spapr_iommu_vfio.h |   49 ++
>>  hw/spapr_pci.c|  108 
>> ++---
>>  hw/spapr_pci.h|4 ++
>>  hw/vfio_pci.c |   30 ++
>>  hw/vfio_pci.h |2 +
>>  trace-events  |1 +
>>  9 files changed, 264 insertions(+), 6 deletions(-)
>>  create mode 100644 hw/spapr_iommu_vfio.h
>>
>> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
>> index f573a95..c46a049 100644
>> --- a/hw/ppc/Makefile.objs
>> +++ b/hw/ppc/Makefile.objs
>> @@ -25,4 +25,7 @@ obj-$(CONFIG_FDT) += ../device_tree.o
>>  # Xilinx PPC peripherals
>>  obj-y += xilinx_ethlite.o
>>  
>> +# VFIO PCI device assignment
>> +obj-$(CONFIG_VFIO_PCI) += vfio_pci.o
>> +
>>  obj-y := $(addprefix ../,$(obj-y))
>> diff --git a/hw/spapr.h b/hw/spapr.h
>> index b37f337..26e26f6 100644
>> --- a/hw/spapr.h
>> +++ b/hw/spapr.h
>> @@ -340,4 +340,8 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
>> *propname,
>>  int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
>>DMAContext *dma);
>>  
>> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
>> + uint64_t *dma32_window_start,
>> + uint64_t *dma32_window_size);
>> +
>>  #endif /* !defined (__HW_SPAPR_H__) */
>> diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
>> index 50c288d..e48ced1 100644
>> --- a/hw/spapr_iommu.c
>> +++ b/hw/spapr_iommu.c
>> @@ -23,6 +23,8 @@
>>  #include "dma.h"
>>  
>>  #include "hw/spapr.h"
>> +#include "hw/spapr_iommu_vfio.h"
>> +#include "hw/vfio_pci.h"
>>  
>>  #include 
>>  
>> @@ -183,6 +185,67 @@ static int put_tce_emu(target_ulong liobn, target_ulong 
>> ioba, target_ulong tce)
>>  return 0;
>>  }
>>  
>> +typedef struct sPAPRVFIOTable {
>> +int group_id;
>> +uint32_t liobn;
>> +QLIST_ENTRY(sPAPRVFIOTable) list;
>> +} sPAPRVFIOTable;
>> +
>> +QLIST_HEAD(vfio_tce_tables, sPAPRVFIOTable) vfio_tce_tables;
>> +
>> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
>> + uint64_t *dma32_window_start,
>> + uint64_t *dma32_window_size)
>> +{
>> +sPAPRVFIOTable *t;
>> +struct tce_iommu_info info = { .argsz = sizeof(info) };
>> +
>> +if (vfio_group_iommu_ioctl(group_id, SPAPR_TCE_IOMMU_GET_INFO, &info)) {
>> +perror("SPAPR_TCE_IOMMU_GET_INFO failed");
>> +return;
>> +}
>> +*dma32_window_start = info.dma32_window_start;
>> +*dma32_window_size = info.dma32_window_size;
>> +
>> +t = g_malloc0(sizeof(*t));
>> +t->group_id = group_id;
>> +t->liobn = liobn;
>> +
>> +QLIST_INSERT_HEAD(&vfio_tce_tables, t, list);
>> +}
>> +
>> +static int put_tce_vfio(uint32_t liobn, target_ulong ioba, target_ulong tce)
>> +{
>> +sPAPRVFIOTable *t;
>> +struct tce_iommu_dma_map map = {
>> +.argsz = sizeof(map),
>> +.va = 0,
>> +.dmaaddr = ioba,
>> +};
>> +
>> +QLIST_FOREACH(t, &vfio_tce_tables, list) {
>> +if (t->liobn != liobn) {
>> +continue;
>> +}
>> +if (tce) {
>> +map.va = (uintptr_t)qemu_get_ram_ptr(tce & 
>> ~SPAPR_TCE_PAGE_MASK);
>> +if (vfio_group_iommu_ioctl(t->group_id, SPAPR_TCE_IOMMU_MAP_DMA,
>> +   &map)) {
>> +perror("TCE_MAP_DMA");
>> +return H_PARAMETER;
>> +}
>> +} else {
>> +if (vfio_group_iommu_ioctl(t->group_id, 
>> SPAPR_TCE_IOMMU_UNMAP_DMA,
>> +   &map)) {
>> +perror("TCE_UNMAP_DMA");
>> +return H_PARAMETER;
>> +}
>> +}
>> +return H_SUCCESS;
>> +}
>> +return H_CONTINUE; /* positive non-zero value */
>> +}
>> +
>>  static target_ulong h_put_tce(CPUPPCState *env, sPAPREnvironment *spapr,
>>target_ulong opcode, target_ulong *args)
>>  {
>> @@ -200,7 +263,11 @@ static 

[Qemu-devel] QEMU VNC Audio - All audio data null

[agraham]

Hi Guys,

I've written a VNC client that implements the VNC QEMU Audio extensions. 
 Using QEMU 0.13 it works very very for remote sound, however after 
upgrading to QEMU 1.1.0 the audio stream contains only bytes of zeros, 
so this results in no sound on the client.


It is almost like the stream is muted by sending 0 bytes instead of the 
actual data.


0:   VNC: :SOUND: AudioOn
1:   VNC: :SOUND: Received _QEMU_Audio_Server_Message: Operation: 1
2:   VNC: :SOUND: Received _QEMU_Audio_Start
3:   VNC: :SOUND: Received _QEMU_Audio_Server_Message: Operation: 2
4:   VNC: :SOUND: Received _QEMU_Audio_Data 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0


Is there something new that needs to be done in order for the sound to 
be pushed out, like some unmute mechanism?


I rebuilt QEMU 0.15.1 and sound worked but was very choppy, I think due 
to some timer injection changes - but that's another issue.


Thanks in advance.

Albert

Re: [Qemu-devel] [PATCH v2 05/17] qapi: introduce OptsVisitor

[Laszlo Ersek]

On 07/14/12 00:48, Laszlo Ersek wrote:

> You're right. opts_do_parse() makes an exception with "id" and doesn't
> call opt_set() for any occurrence of it. Would you accept the attached
> fix, split up and squashed into previous parts appropriately?

Sigh. I haven't looked at this code in a month, I obviously forgot to
release memory symmetrically. Sorry.

Laszlo
>From 6ad7336a79f0187f4d0fba1f2f2eee64349cb137 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek 
Date: Sat, 14 Jul 2012 01:03:10 +0200
Subject: [PATCH 2/2] OptsVisitor: release "fake_id_opt" symmetrically


Signed-off-by: Laszlo Ersek 
---
 qapi/opts-visitor.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
index a261cf3..ee6cf2b 100644
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -130,6 +130,8 @@ opts_end_struct(Visitor *v, Error **errp)
 }
 g_hash_table_destroy(ov->unprocessed_opts);
 ov->unprocessed_opts = NULL;
+g_free(ov->fake_id_opt);
+ov->fake_id_opt = NULL;
 }
 
 
-- 
1.7.1

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Lluís Vilanova]

Paolo Bonzini writes:

> Il 13/07/2012 11:51, Paolo Bonzini ha scritto:
>> Il 13/07/2012 11:16, Stefan Hajnoczi ha scritto:
 "Working around the QEMU block layer license" is not a goal per se,
 especially because you haven't a) assessed _what_ is the GPL code that
 the library would use; b) told us why the library should not be under
 the GPL.
 
 Please design first according to the functionality you want to
 implement, then think about the implementation.
>>> 
>>> Licensing is one headache but the real challenge is that the QEMU block
>>> layer relies on the QEMU main loop and a bunch of other architecture.
>> 
>> It doesn't really, not on Windows which has no AIO for example.  That's
>> why I suggested:
>> 
>> - assessing what code is GPL and what are the dependencies on it

> So I tried trimming down the list of files needed to compile
> qemu tools, and here is a list:

> Easy to relicense to LGPLv2+:
> block/raw.c none (GPLv2+: Red Hat, IBM)
> error.c LGPLv2 (Red Hat, IBM, Stefan Weil)
> iov.c   GPLv2 (Red Hat, SuSE/Hannes Reinecke, Michael 
> Tokarev)
> module.cGPLv2 (Red Hat, IBM, Blue Swirl)
> qemu-error.cGPLv2+ (Red Hat, Blue Swirl, IBM)
> trace/control.c GPLv2 (Lluis Vilanova)
> trace/default.c GPLv2 (Lluis Vilanova)

> (I added some people to Cc.  Lluis and Michael, can you also look at
> http://wiki.qemu.org/Relicensing if you're willing to relicense
> your past contributions from GPLv2 to GPLv2+?.  Blue Swirl said 
> he'd accept any other GPLv2 or GPLv3 compatible license, which
> should include LGPLv2+).

I have no problems relicensing to "GPLv2 or later" or "GPLv3 or later".


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth

Re: [Qemu-devel] [PATCH v2 05/17] qapi: introduce OptsVisitor

[Laszlo Ersek]

On 07/13/12 18:51, Luiz Capitulino wrote:
> On Wed, 13 Jun 2012 10:22:36 +0200
> Laszlo Ersek  wrote:

>> Repeating an optarg is supported;
>
> I see that the current code supports this too, but why? Something
> like this should fail:
>
>  -netdev type=tap,vhost=on,vhost=off,id=guest1,script=qemu-ifup-switch

> Also, you're using a queue to support the repeating of optargs,
> right? I think this could be simplified if we just don't support
> that.

I hate repeated options with a passion, but SLIRP's hostfwd and guestfwd
depend on repetition.

When the outermost opts_start_struct() is invoked and I shovel the
optargs into the queues, I can't yet know what's going to be used in
repeated form and what not.

If you prefer I can change lookup_scalar() as follows. For reference:

>> +static GQueue *
>> +lookup_distinct(const OptsVisitor *ov, const char *name, Error **errp)
>> +{
>> +GQueue *list;
>> +
>> +list = g_hash_table_lookup(ov->unprocessed_opts, name);
>> +if (!list) {
>> +error_set(errp, QERR_MISSING_PARAMETER, name);
>> +}
>> +return list;
>> +}

>> +static void
>> +opts_start_optional(Visitor *v, bool *present, const char *name,
>> +   Error **errp)
>> +{
>> +OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);
>> +
>> +/* we only support a single mandatory scalar field in a list node */
>> +assert(ov->repeated_opts == NULL);
>> +*present = (lookup_distinct(ov, name, NULL) != NULL);
>> +}

>> +static const QemuOpt *
>> +lookup_scalar(const OptsVisitor *ov, const char *name, Error **errp)
>> +{
>> +if (ov->repeated_opts == NULL) {
>> +GQueue *list;
>> +
>> +/* the last occurrence of any QemuOpt takes effect when queried by 
>> name
>> + */
>> +list = lookup_distinct(ov, name, errp;
>> +return list ? g_queue_peek_tail(list) : NULL;

We're outside of list traversal in this branch, meaning the optarg is
allowed exactly once. (Optional optargs are first handled by
opts_start_optional().) If lookup_distinct() succeeds here, then rather
than returning the last occurrence, I could check the depth of the queue
(== 1 or > 1), and set an error for > 1.

However QemuOpts definitely supports repeated optargs now (otherwise
slirp hostfwd/guestfwd wouldn't work). qemu_opt_foreach() is used for
iteration (with QTAILQ_FOREACH()), while qemu_opt_find() -- and thus its
direct callers -- rely on QTAILQ_FOREACH_REVERSE() and the first match.
Optargs of an option are apparently chained like this:

  qemu_opts_parse() [qemu-option.c]
opts_parse(..., defaults=false)
  opts_do_parse(..., prepend=false)
opt_set(..., prepend=false, ...)
  QTAILQ_INSERT_TAIL()

"-option arg=val1,arg=val2,arg=val3" is therefore linked into the
corresponding QemuOpts instance in the same order, and qemu_opt_find()
will return "arg=val3". I also use g_queue_push_tail() and
g_queue_peek_tail(), so I think we're compatible.

>> +}
>> +return g_queue_peek_head(ov->repeated_opts);
>> +}


Continuing slightly out of order:

>> +/* mimics qemu-option.c::parse_option_bool() */
>> +static void
>> +opts_type_bool(Visitor *v, bool *obj, const char *name, Error **errp)
>> +{
>> +OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);
>> +const QemuOpt *opt;
>> +
>> +opt = lookup_scalar(ov, name, errp);
>> +if (!opt) {
>> +return;
>> +}
>> +
>> +if (opt->str) {
>> +if (strcmp(opt->str, "on") == 0 ||
>> +strcmp(opt->str, "yes") == 0 ||
>> +strcmp(opt->str, "y") == 0) {
>> +*obj = true;
>> +} else if (strcmp(opt->str, "off") == 0 ||
>> +strcmp(opt->str, "no") == 0 ||
>> +strcmp(opt->str, "n") == 0) {
>> +*obj = false;
>
> The current code only accepts 'on' or 'off', no reason to change that.
>
>> +} else {
>> +error_set(errp, QERR_INVALID_PARAMETER_VALUE, opt->name,
>> +"on|yes|y|off|no|n");
>> +return;
>> +}
>> +} else {
>> +*obj = true;
>> +}
>> +
>> +processed(ov, name);
>> +}

This function is used for "bool" generally. The following optargs were
all unified as "bool":

- slirp/restrict: originally QEMU_OPT_STRING, net_init_slirp() accepting
all of "on|yes|y|off|no|n"
- tap/vnet_hdr: originally QEMU_OPT_BOOL, parse_option_bool() accepting
"on|off".
- tap/vhost: ditto
- tap/vhostforce: ditto

So I took the union (nothing should break that used to work).

The leading comment rather means that the structure of
parse_option_bool() is followed:
- optarg values meaning "true": true
- optarg values meaning "false": false
- other optarg values: error
- no optarg value at all: true


>> +static void
>> +opts_start_struct(Visitor *v, void **obj, const char *kind,
>> +  const char *name, size_t size, Error **errp)
>> +{
>> +OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);
>> +const QemuOpt *opt;
>> +
>> +*ob

[Qemu-devel] [PATCH] SCSI: Fail medium writes with proper sense for readonly LUNs

[Ronnie Sahlberg]

Add sense code for DATA_PROTECT/WRITE_PROTECTED and return this error
for any WRITE*/WRITE_VERIFY* calls if the device is readonly=on,
i.e. write-protected

Signed-off-by: Ronnie Sahlberg 
---
 hw/scsi-bus.c  |5 +
 hw/scsi-disk.c |   16 +---
 hw/scsi.h  |2 ++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 5ad1013..6299094 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -1172,6 +1172,11 @@ const struct SCSISense sense_code_DEVICE_INTERNAL_RESET 
= {
 .key = UNIT_ATTENTION, .asc = 0x29, .ascq = 0x04
 };
 
+/* Data Protection, Write Protected */
+const struct SCSISense sense_code_WRITE_PROTECTED = {
+.key = DATA_PROTECT, .asc = 0x27, .ascq = 0x00
+};
+
 /*
  * scsi_build_sense
  *
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 2c2be33..0aca383 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1565,9 +1565,6 @@ static int32_t scsi_send_command(SCSIRequest *req, 
uint8_t *buf)
 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
 r->sector_count = len * (s->qdev.blocksize / 512);
 break;
-case VERIFY_10:
-case VERIFY_12:
-case VERIFY_16:
 case WRITE_6:
 case WRITE_10:
 case WRITE_12:
@@ -1575,6 +1572,13 @@ static int32_t scsi_send_command(SCSIRequest *req, 
uint8_t *buf)
 case WRITE_VERIFY_10:
 case WRITE_VERIFY_12:
 case WRITE_VERIFY_16:
+if (bdrv_is_read_only(s->qdev.conf.bs)) {
+goto write_protect;
+}
+/* fallthough */
+case VERIFY_10:
+case VERIFY_12:
+case VERIFY_16:
 len = r->req.cmd.xfer / s->qdev.blocksize;
 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
 (command & 0xe) == 0xe ? "And Verify " : "",
@@ -1621,6 +1625,9 @@ static int32_t scsi_send_command(SCSIRequest *req, 
uint8_t *buf)
 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
 r->req.cmd.lba, len);
 
+if (bdrv_is_read_only(s->qdev.conf.bs)) {
+goto write_protect;
+}
 if (r->req.cmd.lba > s->qdev.max_lba) {
 goto illegal_lba;
 }
@@ -1651,6 +1658,9 @@ static int32_t scsi_send_command(SCSIRequest *req, 
uint8_t *buf)
 illegal_lba:
 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
 return 0;
+write_protect:
+scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
+return 0;
 }
 if (r->sector_count == 0 && r->iov.iov_len == 0) {
 scsi_req_complete(&r->req, GOOD);
diff --git a/hw/scsi.h b/hw/scsi.h
index 76f06d4..94d2962 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -202,6 +202,8 @@ extern const struct SCSISense sense_code_MEDIUM_CHANGED;
 extern const struct SCSISense sense_code_REPORTED_LUNS_CHANGED;
 /* Unit attention, Device internal reset */
 extern const struct SCSISense sense_code_DEVICE_INTERNAL_RESET;
+/* Data Protection, Write Protected */
+extern const struct SCSISense sense_code_WRITE_PROTECTED;
 
 #define SENSE_CODE(x) sense_code_ ## x
 
-- 
1.7.3.1

[Qemu-devel] [PATCH] SCSI: Make write commands fail if the device is readonly

[Ronnie Sahlberg]

List, Paolo

Please find a patch that makes WRITE and WRITE_VERIFY fail with 
DATA_PROTECT/WRITE_PROTECTED sense code for devices that are write-protected 
via readonly=on


Tests have been berformed to verify the functionality using :

./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -m 128 -drive file=20mb.img 
-drive file=./scsi-disk.img,if=scsi,readonly=on -net nic -net 
user,hostfwd=tcp:127.0.0.1:32601-:3260 -vnc 0.0.0.0:0

iscsi-test --dataloss --test="*300_readonly*" 
iscsi://127.0.0.1:32601/iqn.qemu.scsi-test/3
0300_readonly:
==
WRITE10 to LUN 0 ... [OK]
WRITE12 to LUN 0 ... [OK]
WRITE16 to LUN 0 ... [OK]
WRITESAME10 to LUN 0 ... [OK]
WRITESAME16 to LUN 0 ... [OK]
WRITESAME10 to UNMAP LUN 0 ... LUN is not thin-provisioned. [SKIPPED]
WRITESAME16 to UNMAP LUN 0 ... LUN is not thin-provisioned. [SKIPPED]
UNMAP LUN 0 ... LUN is not thin-provisioned. [SKIPPED]
TEST T0300_readonly [OK]


regards
ronnie sahlberg

[Qemu-devel] [PATCH 4/8] qemu-option: add alias support

[Luiz Capitulino]

Allow for specifying an alias for each option name, see next commits
for examples.

Signed-off-by: Luiz Capitulino 
---
 qemu-option.c | 5 +++--
 qemu-option.h | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/qemu-option.c b/qemu-option.c
index 65ba1cf..b2f9e21 100644
--- a/qemu-option.c
+++ b/qemu-option.c
@@ -623,7 +623,8 @@ static const QemuOptDesc *find_desc_by_name(const 
QemuOptDesc *desc,
 int i;
 
 for (i = 0; desc[i].name != NULL; i++) {
-if (strcmp(desc[i].name, name) == 0) {
+if (strcmp(desc[i].name, name) == 0 ||
+(desc[i].alias && strcmp(desc[i].alias, name) == 0)) {
 return &desc[i];
 }
 }
@@ -645,7 +646,7 @@ static void opt_set(QemuOpts *opts, const char *name, const 
char *value,
 }
 
 opt = g_malloc0(sizeof(*opt));
-opt->name = g_strdup(name);
+opt->name = g_strdup(desc ? desc->name : name);
 opt->opts = opts;
 if (prepend) {
 QTAILQ_INSERT_HEAD(&opts->head, opt, next);
diff --git a/qemu-option.h b/qemu-option.h
index 951dec3..7106d2f 100644
--- a/qemu-option.h
+++ b/qemu-option.h
@@ -94,6 +94,7 @@ enum QemuOptType {
 
 typedef struct QemuOptDesc {
 const char *name;
+const char *alias;
 enum QemuOptType type;
 const char *help;
 } QemuOptDesc;
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 3/8] qemu-option: qemu_opts_validate(): fix duplicated code

[Luiz Capitulino]

Use opts_accepts_any() and find_desc_by_name().

Signed-off-by: Luiz Capitulino 
---
 qemu-option.c | 14 +++---
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/qemu-option.c b/qemu-option.c
index d67e10f..65ba1cf 100644
--- a/qemu-option.c
+++ b/qemu-option.c
@@ -1060,23 +1060,15 @@ void qemu_opts_validate(QemuOpts *opts, const 
QemuOptDesc *desc, Error **errp)
 QemuOpt *opt;
 Error *local_err = NULL;
 
-assert(opts->list->desc[0].name == NULL);
+assert(opts_accepts_any(opts));
 
 QTAILQ_FOREACH(opt, &opts->head, next) {
-int i;
-
-for (i = 0; desc[i].name != NULL; i++) {
-if (strcmp(desc[i].name, opt->name) == 0) {
-break;
-}
-}
-if (desc[i].name == NULL) {
+opt->desc = find_desc_by_name(desc, opt->name);
+if (!opt->desc) {
 error_set(errp, QERR_INVALID_PARAMETER, opt->name);
 return;
 }
 
-opt->desc = &desc[i];
-
 qemu_opt_parse(opt, &local_err);
 if (error_is_set(&local_err)) {
 error_propagate(errp, local_err);
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 1/8] qemu-option: qemu_opt_set_bool(): fix code duplication

[Luiz Capitulino]

Call qemu_opt_set() instead of duplicating opt_set().

Signed-off-by: Luiz Capitulino 
---
 qemu-option.c | 28 +---
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/qemu-option.c b/qemu-option.c
index bb3886c..2cb2835 100644
--- a/qemu-option.c
+++ b/qemu-option.c
@@ -677,33 +677,7 @@ void qemu_opt_set_err(QemuOpts *opts, const char *name, 
const char *value,
 
 int qemu_opt_set_bool(QemuOpts *opts, const char *name, bool val)
 {
-QemuOpt *opt;
-const QemuOptDesc *desc = opts->list->desc;
-int i;
-
-for (i = 0; desc[i].name != NULL; i++) {
-if (strcmp(desc[i].name, name) == 0) {
-break;
-}
-}
-if (desc[i].name == NULL) {
-if (i == 0) {
-/* empty list -> allow any */;
-} else {
-qerror_report(QERR_INVALID_PARAMETER, name);
-return -1;
-}
-}
-
-opt = g_malloc0(sizeof(*opt));
-opt->name = g_strdup(name);
-opt->opts = opts;
-QTAILQ_INSERT_TAIL(&opts->head, opt, next);
-if (desc[i].name != NULL) {
-opt->desc = desc+i;
-}
-opt->value.boolean = !!val;
-return 0;
+return qemu_opt_set(opts, name, val ? "on" : "off");
 }
 
 int qemu_opt_foreach(QemuOpts *opts, qemu_opt_loopfunc func, void *opaque,
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 2/8] qemu-option: opt_set(): split it up into more functions

[Luiz Capitulino]

The new functions are opts_accepts_any() and find_desc_by_name(), which
are also going to be used by qemu_opts_validate() (see next commit).

This also makes opt_set() slightly more readable.
---
 qemu-option.c | 40 
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/qemu-option.c b/qemu-option.c
index 2cb2835..d67e10f 100644
--- a/qemu-option.c
+++ b/qemu-option.c
@@ -612,26 +612,36 @@ static void qemu_opt_del(QemuOpt *opt)
 g_free(opt);
 }
 
-static void opt_set(QemuOpts *opts, const char *name, const char *value,
-bool prepend, Error **errp)
+static bool opts_accepts_any(const QemuOpts *opts)
+{
+return opts->list->desc[0].name == NULL;
+}
+
+static const QemuOptDesc *find_desc_by_name(const QemuOptDesc *desc,
+const char *name)
 {
-QemuOpt *opt;
-const QemuOptDesc *desc = opts->list->desc;
-Error *local_err = NULL;
 int i;
 
 for (i = 0; desc[i].name != NULL; i++) {
 if (strcmp(desc[i].name, name) == 0) {
-break;
+return &desc[i];
 }
 }
-if (desc[i].name == NULL) {
-if (i == 0) {
-/* empty list -> allow any */;
-} else {
-error_set(errp, QERR_INVALID_PARAMETER, name);
-return;
-}
+
+return NULL;
+}
+
+static void opt_set(QemuOpts *opts, const char *name, const char *value,
+bool prepend, Error **errp)
+{
+QemuOpt *opt;
+const QemuOptDesc *desc;
+Error *local_err = NULL;
+
+desc = find_desc_by_name(opts->list->desc, name);
+if (!desc && !opts_accepts_any(opts)) {
+error_set(errp, QERR_INVALID_PARAMETER, name);
+return;
 }
 
 opt = g_malloc0(sizeof(*opt));
@@ -642,9 +652,7 @@ static void opt_set(QemuOpts *opts, const char *name, const 
char *value,
 } else {
 QTAILQ_INSERT_TAIL(&opts->head, opt, next);
 }
-if (desc[i].name != NULL) {
-opt->desc = desc+i;
-}
+opt->desc = desc;
 if (value) {
 opt->str = g_strdup(value);
 }
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 8/8] machine: rename dt_compatible to dt-compatible

[Luiz Capitulino]

QOM conversion wants option names with dashes. This commit does the
change for the dt_compatible machine type option.

The old option name is still supported through an option alias for
backwards compatibility.

Signed-off-by: Luiz Capitulino 
---
 hw/ppce500_mpc8544ds.c | 2 +-
 qemu-config.c  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
index 8b9fd83..7b98011 100644
--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -148,7 +148,7 @@ static int mpc8544_load_device_tree(CPUPPCState *env,
 const char *tmp;
 dumpdtb = qemu_opt_get(machine_opts, "dumpdtb");
 dtb_file = qemu_opt_get(machine_opts, "dtb");
-tmp = qemu_opt_get(machine_opts, "dt_compatible");
+tmp = qemu_opt_get(machine_opts, "dt-compatible");
 if (tmp) {
 compatible = tmp;
 compatible_len = strlen(compatible) + 1;
diff --git a/qemu-config.c b/qemu-config.c
index d888b5b..9dac3be 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -595,7 +595,8 @@ static QemuOptsList qemu_machine_opts = {
 .type = QEMU_OPT_STRING,
 .help = "The first phandle ID we may generate dynamically",
 }, {
-.name = "dt_compatible",
+.name = "dt-compatible",
+.alias= "dt_compatible",
 .type = QEMU_OPT_STRING,
 .help = "Overrides the \"compatible\" property of the dt root 
node",
 },
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 5/8] machine: rename kernel_irqchip to kernel-irqchip

[Luiz Capitulino]

QOM conversion wants option names with dashes. This commit does the
change for the kernel_irqchip machine type option.

The old option name is still supported through an option alias for
backwards compatibility.

Signed-off-by: Luiz Capitulino 
---
 kvm-all.c   | 2 +-
 qemu-config.c   | 3 ++-
 qemu-options.hx | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index f8e4328..c988bb6 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1168,7 +1168,7 @@ static int kvm_irqchip_create(KVMState *s)
 
 if (QTAILQ_EMPTY(&list->head) ||
 !qemu_opt_get_bool(QTAILQ_FIRST(&list->head),
-   "kernel_irqchip", true) ||
+   "kernel-irqchip", true) ||
 !kvm_check_extension(s, KVM_CAP_IRQCHIP)) {
 return 0;
 }
diff --git a/qemu-config.c b/qemu-config.c
index 5c3296b..3fe91a8 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -560,7 +560,8 @@ static QemuOptsList qemu_machine_opts = {
 .type = QEMU_OPT_STRING,
 .help = "accelerator list",
 }, {
-.name = "kernel_irqchip",
+.name = "kernel-irqchip",
+.alias= "kernel_irqchip",
 .type = QEMU_OPT_BOOL,
 .help = "use KVM in-kernel irqchip",
 }, {
diff --git a/qemu-options.hx b/qemu-options.hx
index ecf7ca1..b149852 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -32,7 +32,7 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "selects emulated machine (-machine ? for list)\n"
 "property accel=accel1[:accel2[:...]] selects 
accelerator\n"
 "supported accelerators are kvm, xen, tcg (default: tcg)\n"
-"kernel_irqchip=on|off controls accelerated irqchip 
support\n"
+"kernel-irqchip=on|off controls accelerated irqchip 
support\n"
 "kvm_shadow_mem=size of KVM shadow MMU\n",
 QEMU_ARCH_ALL)
 STEXI
@@ -46,7 +46,7 @@ This is used to enable an accelerator. Depending on the 
target architecture,
 kvm, xen, or tcg can be available. By default, tcg is used. If there is more
 than one accelerator specified, the next one is used if the previous one fails
 to initialize.
-@item kernel_irqchip=on|off
+@item kernel-irqchip=on|off
 Enables in-kernel irqchip support for the chosen accelerator when available.
 @item kvm_shadow_mem=size
 Defines the size of the KVM shadow MMU.
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [Bug 1018530] Re: No write access in a 9p/virtfs shared folder

[Georg Poppe]

Okay, it is working now. I am using the mapped security model but I wanted to 
avoid it at first.
I hope proxy FS will be supported in quantal.

But I am still wondering why passthrough security is working smoothly
with NTFS-3G.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1018530

Title:
  No write access in a 9p/virtfs shared folder

Status in QEMU:
  New
Status in “qemu-kvm” package in Ubuntu:
  Fix Released

Bug description:
  Ubuntu version:  Ubuntu 12.04 LTS
  Kernel: 3.2.0-25-generic
  Version of qemu-kvm: 1.0+noroms-0ubuntu13

  I have created an shared folder for an virtual machine which is
  managed by libvirt.

  
  
  
  
  

  I mounted it in the virtual machine with this command:  mount -t 9p -o 
trans=virtio,version=9p2000.L data /data
  The filesystem permissions of all files an folders in the shared folder are 
set to 777. I expected that I have the full permissions also in the virtual 
machine.

  Regardless of the permissions on the filesystem I cannot write or create 
files and folders in the virtual machine. The original filesystem (/storage) is 
XFS.
  In another shared folder (similar config in libvirt) which is originally NTFS 
I have no problems.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: qemu-kvm 1.0+noroms-0ubuntu13
  ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
  Uname: Linux 3.2.0-25-generic x86_64
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Wed Jun 27 20:15:20 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 
(20120409)
  MachineType: To be filled by O.E.M. To be filled by O.E.M.
  ProcEnviron:
   TERM=xterm
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.2.0-25-generic 
root=/dev/mapper/system-root ro
  SourcePackage: qemu-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/18/2012
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 1208
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: M5A99X EVO
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: Rev 1.xx
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvr1208:bd04/18/2012:svnTobefilledbyO.E.M.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnASUSTeKCOMPUTERINC.:rnM5A99XEVO:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.name: To be filled by O.E.M.
  dmi.product.version: To be filled by O.E.M.
  dmi.sys.vendor: To be filled by O.E.M.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1018530/+subscriptions

[Qemu-devel] [PATCH v3] slirp: Handle whole 127.0.0.0/8 network as local addresses.

[Anders Waldenborg]

Changes so translation of remote address to the host's ip address in
the virtual network happens for all addresses in the 127.0.0.0/8
network, not just 127.0.0.1.

This fixes so that hostfwd bound to addresses such as 127.0.0.2 works.

Signed-off-by: Anders Waldenborg 
---

On Fri, Jul 13, 2012 at 03:01:14PM +, Blue Swirl wrote:
> > Notice that the surrounding code in tcp_subr.c uses tabs for
> > indentation. Should I still use space as the coding style mandates
> > (and which makes checkpatch happy)?
> 
> Yes, the goal is to get rid of tabs.

OK. Thanks for clarifacion and review!

Patch updated.

 slirp/main.h |1 +
 slirp/slirp.c|3 +++
 slirp/tcp_subr.c |7 +--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/slirp/main.h b/slirp/main.h
index 028df4b..bf601e2 100644
--- a/slirp/main.h
+++ b/slirp/main.h
@@ -31,6 +31,7 @@ extern char *exec_shell;
 extern u_int curtime;
 extern fd_set *global_readfds, *global_writefds, *global_xfds;
 extern struct in_addr loopback_addr;
+extern in_addr_t loopback_mask;
 extern char *username;
 extern char *socket_path;
 extern int towrite_max;
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 90473eb..9787104 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -29,6 +29,8 @@
 
 /* host loopback address */
 struct in_addr loopback_addr;
+/* host loopback network mask */
+in_addr_t loopback_mask;
 
 /* emulated hosts use the MAC addr 52:55:IP:IP:IP:IP */
 static const uint8_t special_ethaddr[ETH_ALEN] = {
@@ -191,6 +193,7 @@ static void slirp_init_once(void)
 #endif
 
 loopback_addr.s_addr = htonl(INADDR_LOOPBACK);
+loopback_mask = htonl(IN_CLASSA_NET);
 }
 
 static void slirp_state_save(QEMUFile *f, void *opaque);
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 0a545c4..6b01f74 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -435,8 +435,11 @@ tcp_connect(struct socket *inso)
so->so_fport = addr.sin_port;
so->so_faddr = addr.sin_addr;
/* Translate connections from localhost to the real hostname */
-   if (so->so_faddr.s_addr == 0 || so->so_faddr.s_addr == 
loopback_addr.s_addr)
-  so->so_faddr = slirp->vhost_addr;
+if (so->so_faddr.s_addr == 0 ||
+(so->so_faddr.s_addr & loopback_mask) ==
+(loopback_addr.s_addr & loopback_mask)) {
+so->so_faddr = slirp->vhost_addr;
+}
 
/* Close the accept() socket, set right state */
if (inso->so_state & SS_FACCEPTONCE) {
-- 
1.7.2.5

[Qemu-devel] [PATCH 7/8] machine: rename phandle_start to phandle-start

[Luiz Capitulino]

QOM conversion wants option names with dashes. This commit does the
change for the phandle_start machine type option.

The old option name is still supported through an option alias for
backwards compatibility.

Signed-off-by: Luiz Capitulino 
---
 device_tree.c | 2 +-
 qemu-config.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index b366fdd..fe59768 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -213,7 +213,7 @@ uint32_t qemu_devtree_alloc_phandle(void *fdt)
 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
 if (machine_opts) {
 const char *phandle_start;
-phandle_start = qemu_opt_get(machine_opts, "phandle_start");
+phandle_start = qemu_opt_get(machine_opts, "phandle-start");
 if (phandle_start) {
 phandle = strtoul(phandle_start, NULL, 0);
 }
diff --git a/qemu-config.c b/qemu-config.c
index 909fae9..d888b5b 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -590,7 +590,8 @@ static QemuOptsList qemu_machine_opts = {
 .type = QEMU_OPT_STRING,
 .help = "Dump current dtb to a file and quit",
 }, {
-.name = "phandle_start",
+.name = "phandle-start",
+.alias= "phandle_start",
 .type = QEMU_OPT_STRING,
 .help = "The first phandle ID we may generate dynamically",
 }, {
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 6/8] machine: rename kvm_shadow_mem to kvm-shadow-mem

[Luiz Capitulino]

QOM conversion wants option names with dashes. This commit does the
change for the kvm_shadow_mem machine type option.

The old option name is still supported through an option alias for
backwards compatibility.

Signed-off-by: Luiz Capitulino 
---
 qemu-config.c | 3 ++-
 qemu-options.hx   | 4 ++--
 target-i386/kvm.c | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/qemu-config.c b/qemu-config.c
index 3fe91a8..909fae9 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -565,7 +565,8 @@ static QemuOptsList qemu_machine_opts = {
 .type = QEMU_OPT_BOOL,
 .help = "use KVM in-kernel irqchip",
 }, {
-.name = "kvm_shadow_mem",
+.name = "kvm-shadow-mem",
+.alias= "kvm_shadow_mem",
 .type = QEMU_OPT_SIZE,
 .help = "KVM shadow MMU size",
 }, {
diff --git a/qemu-options.hx b/qemu-options.hx
index b149852..b95438f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -33,7 +33,7 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "property accel=accel1[:accel2[:...]] selects 
accelerator\n"
 "supported accelerators are kvm, xen, tcg (default: tcg)\n"
 "kernel-irqchip=on|off controls accelerated irqchip 
support\n"
-"kvm_shadow_mem=size of KVM shadow MMU\n",
+"kvm-shadow-mem=size of KVM shadow MMU\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -machine [type=]@var{name}[,prop=@var{value}[,...]]
@@ -48,7 +48,7 @@ than one accelerator specified, the next one is used if the 
previous one fails
 to initialize.
 @item kernel-irqchip=on|off
 Enables in-kernel irqchip support for the chosen accelerator when available.
-@item kvm_shadow_mem=size
+@item kvm-shadow-mem=size
 Defines the size of the KVM shadow MMU.
 @end table
 ETEXI
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 0d0d8f6..90bf4d4 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -698,7 +698,7 @@ int kvm_arch_init(KVMState *s)
 
 if (!QTAILQ_EMPTY(&list->head)) {
 shadow_mem = qemu_opt_get_size(QTAILQ_FIRST(&list->head),
-   "kvm_shadow_mem", -1);
+   "kvm-shadow-mem", -1);
 if (shadow_mem != -1) {
 shadow_mem /= 4096;
 ret = kvm_vm_ioctl(s, KVM_SET_NR_MMU_PAGES, shadow_mem);
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH v2 0/8]: rename machine options to use dashes

[Luiz Capitulino]

Today, machine options use underscores to separate words (eg. kernel_irqchip),
however upcoming QOM conversion wants to use dashes instead.

This series converts all machine type options to use dashes. Command-line
backwards compatibility is maintained by adding an alias for each changed
option.

The first half of the series add alias support to qemu-option. The second
half does the machine type options conversion.

v2

o fix code duplication in qemu_opt_set_bool() and qemu_opts_validate()
  (this automatically makes them support aliases) [Markus]
o re-work commit logs

 device_tree.c  |  2 +-
 hw/ppce500_mpc8544ds.c |  2 +-
 kvm-all.c  |  2 +-
 qemu-config.c  | 12 ---
 qemu-option.c  | 87 ++
 qemu-option.h  |  1 +
 qemu-options.hx|  8 ++---
 target-i386/kvm.c  |  2 +-
 8 files changed, 48 insertions(+), 68 deletions(-)

Re: [Qemu-devel] [PATCH v2 01/17] qapi: fix error propagation

[Laszlo Ersek]

On 07/13/12 21:11, Paolo Bonzini wrote:
> Il 13/07/2012 19:30, Laszlo Ersek ha scritto:
>> -if (errp == NULL) {
>> +if (errp == NULL || *errp != NULL) {

 I think we should use assert() here.

 If the error is already set, that most probably indicates a bug in the 
 caller, as
 it's the caller's responsibility to decide which error to return.
>> I believe we had a good argument against this, but I can't precisely
>> recall (or find) it now. Paolo, do you remember? Can you please both
>> search your respective mailboxen for Message-ID
>> <4fb21b71.7030...@redhat.com>? That's where we started to discuss this.
>>
>> I believe I saw some paths in the code that tripped on this leak, and
>> generally keeping the first error seemed like a good idea.
>> opts_end_struct() originally checked for any pre-existent error
>> explicitly, but then the check was moved to the common code.
> 
> The reason to do this for error_propagate was to allow this idiom:
> 
>   /* Always call end_struct if start_struct succeeded.  */
>   error_propagate(errp, err);
>   err = NULL;
>   visit_end_struct(v, &err);
>   error_propagate(errp, err);

Right!

> I think doing it for error_set was just for symmetry and to avoid
> introducing excessive complexity.

Correct again. IIRC it was even yours truly who humbly suggested that.

Thanks!
Laszlo

Re: [Qemu-devel] [PATCH v2 00/17] introduce OptsVisitor, rebase -net/-netdev parsing

[Laszlo Ersek]

On 07/13/12 18:46, Luiz Capitulino wrote:
> On Wed, 13 Jun 2012 10:22:31 +0200
> Laszlo Ersek  wrote:
> 
>> Inspired by [1], the first half of this series attempts to implement a new
>> visitor that should clean up defining and processing command line options.
>> For a more detailed description, please see "[PATCH 05/17] qapi: introduce
>> OptsVisitor".
>>
>> The second half converts -net/-netdev parsing to the new visitor.
> 
> The general approach looks fine to me, I've made comments to individual 
> patches
> and have two general comments:
> 
>  1. This doesn't build for me:
> 
> In file included from 
> /home/lcapitulino/work/src/qmp-unstable/net/slirp.c:24:0:
> /home/lcapitulino/work/src/qmp-unstable/net/slirp.h:41:28: error: unknown 
> type name ‘QemuOptsList’
> /home/lcapitulino/work/src/qmp-unstable/net/slirp.c:741:5: error: no previous 
> prototype for ‘net_slirp_parse_legacy’ [-Werror=missing-prototypes]
> cc1: all warnings being treated as errors
> make: *** [net/slirp.o] Error 1
> make: *** Waiting for unfinished jobs

Okay this took some time to track down. When I posted v2, it was based
on 7677e24f in my clone. I made a mistake in 17/17, in "net/slirp.h": I
removed "qemu-option.h" after conversion was finished, because I didn't
notice net_slirp_parse_legacy() continued to depend on QemuOptsList. The
error went unnoticed because @ 7677e24f this was the relevant #include
tree, rooted at net/slirp.h:

net/slirp.h
  qapi-types.h
qapi/qapi-types-core.h
  monitor.h
qemu-char.h
  qemu-option.h  <---
block.h
  qemu-aio.h
qemu-char.h
  qemu-option.h  <---
  qemu-option.h  <---

Then Paolo's patch was committed as ad608da5 ("qmp: do not include
monitor.h from qapi-types-core.h"). The above tree was cut at
"monitor.h", severing all three marked paths.

I must reinclude "qemu-option.h" and squash the change into 17/17.

> 
>  2. I don't think this should go in through qmp's branch because this is more
> about QemuOpts than about QMP. I suggest three alternatives:
> 
>   - If you're going to go forward and convert more users, then I think
> you should open your own branch, send pull requests etc
> 
>   - Go through some -net three
> 
>   - Ask Anthony to apply this directly
> 
> I'll, of course, review it though

I think I'll ask Anthony to apply v3 directly.

Thanks for the review!
Laszlo

Re: [Qemu-devel] [PATCH v2 01/17] qapi: fix error propagation

[Paolo Bonzini]

Il 13/07/2012 19:30, Laszlo Ersek ha scritto:
>>> >> -if (errp == NULL) {
>>> >> +if (errp == NULL || *errp != NULL) {
>> > 
>> > I think we should use assert() here.
>> > 
>> > If the error is already set, that most probably indicates a bug in the 
>> > caller, as
>> > it's the caller's responsibility to decide which error to return.
> I believe we had a good argument against this, but I can't precisely
> recall (or find) it now. Paolo, do you remember? Can you please both
> search your respective mailboxen for Message-ID
> <4fb21b71.7030...@redhat.com>? That's where we started to discuss this.
> 
> I believe I saw some paths in the code that tripped on this leak, and
> generally keeping the first error seemed like a good idea.
> opts_end_struct() originally checked for any pre-existent error
> explicitly, but then the check was moved to the common code.

The reason to do this for error_propagate was to allow this idiom:

  /* Always call end_struct if start_struct succeeded.  */
  error_propagate(errp, err);
  err = NULL;
  visit_end_struct(v, &err);
  error_propagate(errp, err);

I think doing it for error_set was just for symmetry and to avoid
introducing excessive complexity.

Paolo

Re: [Qemu-devel] [QEMU RFC PATCH 6/7] i386: topology & APIC ID utility functions

[Eduardo Habkost]

On Thu, Jul 12, 2012 at 07:37:26PM +, Blue Swirl wrote:
> On Tue, Jul 10, 2012 at 8:22 PM, Eduardo Habkost  wrote:
[...]
> > +#ifndef __QEMU_X86_TOPOLOGY_H__
> > +#define __QEMU_X86_TOPOLOGY_H__
> 
> Please remove the leading and trailing underscores. The name should
> match the path, so it should be TARGET_I386_TOPOLOGY_H.

Done. Will be fixed in the next version.

> 
> > +/* Bit offset of the Core_ID field
> > + */
> > +static inline unsigned apicid_core_offset(unsigned nr_cores,
> > +  unsigned nr_threads)
> > +{
> > +return apicid_smt_width(nr_cores, nr_threads);
> 
> The indentation seems to be off, please use checkpatch.pl to avoid these 
> issues.

Fixed for the next version.

(BTW, checkpatch.pl didn't detect any issues on this patch)

> 
> > +}
> > +
> > +/* Bit offset of the Pkg_ID (socket ID) field
> > + */
> > +static inline unsigned apicid_pkg_offset(unsigned nr_cores, unsigned 
> > nr_threads)
> > +{
> > +return apicid_core_offset(nr_cores, nr_threads) + \
> > +   apicid_core_width(nr_cores, nr_threads);
> > +}
> > +
> > +/* Make APIC ID for the CPU based on Pkg_ID, Core_ID, SMT_ID
> > + *
> > + * The caller must make sure core_id < nr_cores and smt_id < nr_threads.
> > + */
> > +static inline uint8_t __make_apicid(unsigned nr_cores, unsigned nr_threads,
> 
> Again, remove leading underscores.

Fixed for the next version.

> 
[...]
> > diff --git a/tests/Makefile b/tests/Makefile
> > index b605e14..89bd890 100644
> > --- a/tests/Makefile
> > +++ b/tests/Makefile
> > @@ -15,6 +15,7 @@ check-unit-y += tests/test-string-output-visitor$(EXESUF)
> >  check-unit-y += tests/test-coroutine$(EXESUF)
> >  check-unit-y += tests/test-visitor-serialization$(EXESUF)
> >  check-unit-y += tests/test-iov$(EXESUF)
> > +check-unit-y += tests/test-x86-cpuid$(EXESUF)
> 
> This probably tries to build the cpuid test also for non-x86 targets
> and break them all.

I don't think there's any concept of "targets" for the check-unit tests.
I had to do the following, to be able to make a test that uses the
target-i386 code:

> > +tests/test-x86-cpuid.o: QEMU_INCLUDES += -Itarget-i386

Any suggestions to avoid this hack would be welcome.


> 
[...]
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 0), ==, 0);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1), ==, 1);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 2), ==, 2);
> > +
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1*3 + 0), ==, (1<<2) | 0);
> 
> Spaces are needed around operators.
> 


Do you honestly believe that this:

 g_assert_cmpuint(topo_make_apicid(6, 3, 5 * 3 + 0), ==, (5 << 2) | 0);
 g_assert_cmpuint(topo_make_apicid(6, 3, 5 * 3 + 1), ==, (5 << 2) | 1);
 g_assert_cmpuint(topo_make_apicid(6, 3, 5 * 3 + 2), ==, (5 << 2) | 2);

is more readable than this:

 g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 0), ==, (5<<2) | 0);
 g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 1), ==, (5<<2) | 1);
 g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 2), ==, (5<<2) | 2);

?

(I don't).


> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1*3 + 1), ==, (1<<2) | 1);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1*3 + 2), ==, (1<<2) | 2);
> > +
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 2*3 + 0), ==, (2<<2) | 0);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 2*3 + 1), ==, (2<<2) | 1);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 2*3 + 2), ==, (2<<2) | 2);
> > +
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 0), ==, (5<<2) | 0);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 1), ==, (5<<2) | 1);
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 5*3 + 2), ==, (5<<2) | 2);
> > +
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1*6*3 + 0*3 + 0), ==, (1<<5));
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 1*6*3 + 1*3 + 1), ==,
> > +  (1<<5) | (1<<2) | 1);
> > +
> > +g_assert_cmpuint(topo_make_apicid(6, 3, 3*6*3 + 5*3 + 2), ==,
> > +  (3<<5) | (5<<2) | 2);
> > +
> > +
> > +/* Check the APIC ID -> {pkg,core,thread} ID functions */
> > +g_assert_cmpuint(apicid_pkg_id(6, 3, (3<<5) | (5<<2) | 2), ==, 3);
> > +g_assert_cmpuint(apicid_core_id(6, 3, (3<<5) | (5<<2) | 2), ==, 5);
> > +g_assert_cmpuint(apicid_smt_id(6, 3, (3<<5) | (5<<2) | 2), ==, 2);
> > +}
> > +
> > +int main(int argc, char **argv)
> > +{
> > +g_test_init(&argc, &argv, NULL);
> > +
> > +g_test_add_func("/cpuid/topology/basic", test_topo_bits);
> > +
> > +g_test_run();
> > +
> > +return 0;
> > +}
> > --
> > 1.7.10.4
> >
> >
> 

-- 
Eduardo

[Qemu-devel] VM crashed after migration.

[Ma, Stephen B.]

Hello,

Sometimes I am seeing my VM crash immediately after it has been migrated to a 
new host.  The VM is running RHEL6.2 with the following devices:

The VM has the following devices:
[root@vmdev51 ~]# lspci
00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II]
00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] 
(rev 01)
00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 03)
00:02.0 VGA compatible controller: Cirrus Logic GD 5446
00:03.0 Ethernet controller: Red Hat, Inc Virtio network device
00:04.0 Audio device: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) 
High Definition Audio Controller (rev 01)
00:05.0 SCSI storage controller: Red Hat, Inc Virtio block device
00:06.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon
00:07.0 SCSI storage controller: Red Hat, Inc Virtio block device
00:08.0 Ethernet controller: Red Hat, Inc Virtio network device


Here is the backtrace from crash:

This GDB was configured as "x86_64-unknown-linux-gnu"...

  KERNEL: /usr/lib/debug/lib/modules/2.6.32-220.el6.x86_64/vmlinux
DUMPFILE: vmcore  [PARTIAL DUMP]
CPUS: 8
DATE: Fri Jul 13 09:13:10 2012
  UPTIME: 00:02:41
LOAD AVERAGE: 2.25, 0.75, 0.27
   TASKS: 362
NODENAME: vmdev51.cup.hp.com
 RELEASE: 2.6.32-220.el6.x86_64
 VERSION: #1 SMP Wed Nov 9 08:03:13 EST 2011
 MACHINE: x86_64  (2266 Mhz)
  MEMORY: 32 GB
   PANIC: "kernel BUG at drivers/ata/libata-sff.c:1453!"
 PID: 73
 COMMAND: "ata/4"
TASK: 88080c2feb00  [THREAD_INFO: 88080c302000]
 CPU: 4
   STATE: TASK_RUNNING (PANIC)

crash> bt
PID: 73 TASK: 88080c2feb00  CPU: 4   COMMAND: "ata/4"
 #0 [88080c303a60] machine_kexec at 81031fcb
 #1 [88080c303ac0] crash_kexec at 810b8f72
 #2 [88080c303b90] oops_end at 814f04b0
 #3 [88080c303bc0] die at 8100f26b
 #4 [88080c303bf0] do_trap at 814efda4
 #5 [88080c303c50] do_invalid_op at 8100ce35
 #6 [88080c303cf0] invalid_op at 8100bedb
[exception RIP: ata_sff_hsm_move+317]
RIP: 8138009d  RSP: 88080c303da0  RFLAGS: 00010297
RAX:   RBX: 8808073c80d0  RCX: 
RDX: 8808073c8180  RSI: 0046  RDI: 0009
RBP: 88080c303e00   R8: 8d87   R9: 
R10: 000f  R11: 0007  R12: 8808073c8000
R13: 0004  R14: 0058  R15: 8808073c9d08
ORIG_RAX:   CS: 0010  SS: 0018
 #7 [88080c303e08] ata_pio_task at 81380a83
 #8 [88080c303e38] worker_thread at 8108b2b0
 #9 [88080c303ee8] kthread at 81090886
#10 [88080c303f48] kernel_thread at 8100c14a
crash>


The VM has an active-backup bond bond0 with a virtio device as the active port. 
 If the bonding interface hasn't been created, the migration of the VM succeeds 
with no panic afterwards.  Anyone know what the problem is?


Here is more information about the systems:

KVM and OS (on both src and target hosts): 3.4.0-rc4
OS on the VM: RHEL6.2
Qemu: qemu 1.1

Re: [Qemu-devel] [QEMU RFC PATCH 5/7] pc: write lapic info (apic IDs) to fw_cfg so seabios can use it

[Eduardo Habkost]

On Thu, Jul 12, 2012 at 07:29:02PM +, Blue Swirl wrote:
[...]
> CODING_STYLE requires CamelCase, also below.
> 
[...]
> > +struct lapic_info_table *lapic_table = g_malloc0(lapic_info_size);;
> 
> ;--
> 
> > +lapic_table->count = max_cpus;
> > +for (i = 0; i < max_cpus; i++) {
> > +lapic_table->entries[i].apic_id = apic_id_for_cpu(i);
> > +}
> > +fw_cfg_add_bytes(fw_cfg, FW_CFG_LAPIC_INFO, (uint8_t *)lapic_table,
> 
> You are passing a structure with host endianness. Please convert the
> fields with cpu_to_le32().

Thanks. I will fix the issues if I send a new version of this patch. But
I believe we'll find a way to make FW_CFG_LAPIC_INFO unnecessary.

-- 
Eduardo

Re: [Qemu-devel] [QEMU PATCH 2/7] hw/apic.c: rename bit functions to not conflict with bitops.h

[Eduardo Habkost]

On Thu, Jul 12, 2012 at 07:24:35PM +, Blue Swirl wrote:
> On Tue, Jul 10, 2012 at 8:22 PM, Eduardo Habkost  wrote:
> > Signed-off-by: Eduardo Habkost 
> 
> Maybe the bitops functions should be renamed instead, for example
> prefixed by 'qemu_'. That may be safer if one day the kernel find
> their way to system headers too.

Well, if there's any risk the kernel functions will conflict with the
QEMU function names, that would be an additional reason to rename the
apic.c functions too, so they don't conflict with the kernel functions
either.

Personally, I would never sent a patch to rename the bitops.h functions,
as the current names work perfectly to me.

> 
> > ---
> >  hw/apic.c |   34 +-
> >  1 file changed, 17 insertions(+), 17 deletions(-)
> >
> > diff --git a/hw/apic.c b/hw/apic.c
> > index 60552df..d322fe3 100644
> > --- a/hw/apic.c
> > +++ b/hw/apic.c
> > @@ -50,7 +50,7 @@ static int ffs_bit(uint32_t value)
> >  return ctz32(value);
> >  }
> >
> > -static inline void set_bit(uint32_t *tab, int index)
> > +static inline void apic_set_bit(uint32_t *tab, int index)
> >  {
> >  int i, mask;
> >  i = index >> 5;
> > @@ -58,7 +58,7 @@ static inline void set_bit(uint32_t *tab, int index)
> >  tab[i] |= mask;
> >  }
> >
> > -static inline void reset_bit(uint32_t *tab, int index)
> > +static inline void apic_reset_bit(uint32_t *tab, int index)
> >  {
> >  int i, mask;
> >  i = index >> 5;
> > @@ -66,7 +66,7 @@ static inline void reset_bit(uint32_t *tab, int index)
> >  tab[i] &= ~mask;
> >  }
> >
> > -static inline int get_bit(uint32_t *tab, int index)
> > +static inline int apic_get_bit(uint32_t *tab, int index)
> >  {
> >  int i, mask;
> >  i = index >> 5;
> > @@ -183,7 +183,7 @@ void apic_deliver_pic_intr(DeviceState *d, int level)
> >  case APIC_DM_FIXED:
> >  if (!(lvt & APIC_LVT_LEVEL_TRIGGER))
> >  break;
> > -reset_bit(s->irr, lvt & 0xff);
> > +apic_reset_bit(s->irr, lvt & 0xff);
> >  /* fall through */
> >  case APIC_DM_EXTINT:
> >  cpu_reset_interrupt(s->cpu_env, CPU_INTERRUPT_HARD);
> > @@ -379,13 +379,13 @@ void apic_poll_irq(DeviceState *d)
> >
> >  static void apic_set_irq(APICCommonState *s, int vector_num, int 
> > trigger_mode)
> >  {
> > -apic_report_irq_delivered(!get_bit(s->irr, vector_num));
> > +apic_report_irq_delivered(!apic_get_bit(s->irr, vector_num));
> >
> > -set_bit(s->irr, vector_num);
> > +apic_set_bit(s->irr, vector_num);
> >  if (trigger_mode)
> > -set_bit(s->tmr, vector_num);
> > +apic_set_bit(s->tmr, vector_num);
> >  else
> > -reset_bit(s->tmr, vector_num);
> > +apic_reset_bit(s->tmr, vector_num);
> >  if (s->vapic_paddr) {
> >  apic_sync_vapic(s, SYNC_ISR_IRR_TO_VAPIC);
> >  /*
> > @@ -405,8 +405,8 @@ static void apic_eoi(APICCommonState *s)
> >  isrv = get_highest_priority_int(s->isr);
> >  if (isrv < 0)
> >  return;
> > -reset_bit(s->isr, isrv);
> > -if (!(s->spurious_vec & APIC_SV_DIRECTED_IO) && get_bit(s->tmr, isrv)) 
> > {
> > +apic_reset_bit(s->isr, isrv);
> > +if (!(s->spurious_vec & APIC_SV_DIRECTED_IO) && apic_get_bit(s->tmr, 
> > isrv)) {
> >  ioapic_eoi_broadcast(isrv);
> >  }
> >  apic_sync_vapic(s, SYNC_FROM_VAPIC | SYNC_TO_VAPIC);
> > @@ -445,7 +445,7 @@ static void apic_get_delivery_bitmask(uint32_t 
> > *deliver_bitmask,
> >  int idx = apic_find_dest(dest);
> >  memset(deliver_bitmask, 0x00, MAX_APIC_WORDS * 
> > sizeof(uint32_t));
> >  if (idx >= 0)
> > -set_bit(deliver_bitmask, idx);
> > +apic_set_bit(deliver_bitmask, idx);
> >  }
> >  } else {
> >  /* XXX: cluster mode */
> > @@ -455,11 +455,11 @@ static void apic_get_delivery_bitmask(uint32_t 
> > *deliver_bitmask,
> >  if (apic_iter) {
> >  if (apic_iter->dest_mode == 0xf) {
> >  if (dest & apic_iter->log_dest)
> > -set_bit(deliver_bitmask, i);
> > +apic_set_bit(deliver_bitmask, i);
> >  } else if (apic_iter->dest_mode == 0x0) {
> >  if ((dest & 0xf0) == (apic_iter->log_dest & 0xf0) &&
> >  (dest & apic_iter->log_dest & 0x0f)) {
> > -set_bit(deliver_bitmask, i);
> > +apic_set_bit(deliver_bitmask, i);
> >  }
> >  }
> >  } else {
> > @@ -502,14 +502,14 @@ static void apic_deliver(DeviceState *d, uint8_t 
> > dest, uint8_t dest_mode,
> >  break;
> >  case 1:
> >  memset(deliver_bitmask, 0x00, sizeof(deliver_bitmask));
> > -set_bit(deliver_bitmask, s->idx);
> > +apic_set_bit(deliver_bitmask, s->idx);
> >  break;
> >  case 2:
> >  mem

Re: [Qemu-devel] [RFC PATCH v2 00/21] ACPI memory hotplug

[Vasilis Liaskovitis]

On Thu, Jul 12, 2012 at 08:04:56PM +, Blue Swirl wrote:
> On Wed, Jul 11, 2012 at 10:31 AM, Vasilis Liaskovitis
>  wrote:
> > This is v2 of the ACPI memory hotplug prototype for x86_64 target.
> 
> I think the concept of DIMMs (what about SIMMs? SODIMMs? I liked
> memslot) would be useful for most targets, but hotplugging may be
> limited to x86 only. It would be nice to keep these two separate or as
> loosely coupled as possible.

agreed.
what specific usecases besides hotplugging are you thinking about? 
Also are there non-acpi hotplug platforms?

I am trying to keep generic dimm manipulation functions (e.g. population /
depopulation and searching) in hw/dimm[.ch]. Currently the x86-acpi_piix4 
"backend"
registers a callback for hot-add / hot-remove. In theory other hotplug backends
can hook in. 

btw I don't mind using "-memslot" (I think someone during v1 mentioned -dimm), 
we just
need some consensus on the naming.

> 
> >
> > Changes v1->v2
> >
> > - memory map is automatically calculated for hotplug dimms. Dimms are added 
> > from
> > top-of-memory skipping the pci hole at [PCI_HOLE_START, 4G).
> > - Renamed from "-memslot" to "-dimm". Commands changed to "dimm_add", 
> > "dimm_del".
> > - Seabios ejection array reduced to a byte. Use extraction macros for dimm 
> > ssdt.
> > - additional SRAT paravirt info does not break previous SRAT fw_cfg layout.
> > - Documentation of new acpi_piix4 registers and paravirt data.
> > - add ACPI _OST support for _OST enabled guests. This allows qemu to receive
> > notification for success / failure of memory hot-add and hot-remove 
> > operations.
> > Guest needs to support _OST (https://lkml.org/lkml/2012/6/25/321)
> > - add monitor info command to report total guest memory (initial + 
> > hot-added)
> > - add command line options and monitor commands for batch dimm 
> > creation/population
> >
> > Overview:
> >
> > Dimm devices are modeled with a new qemu command line
> >
> > "-dimm id=name,size=sz,node=pxm,populated=on|off"
> >
> > As already mentioned, the starting physical address for all dimms is 
> > calculated
> > automatically from top of memory, skipping the pci hole at [PCI_HOLE_START, 
> > 4G).
> > Node is defining numa proximity for this dimm. When not defined it defaults
> > to zero.
> > "-dimm id=dimm0,size=512M,node=0,populated=off"
> > will define a 512M memory slot belonging to numa node 0.
> >
> > Dimms are added or removed with a new hmp command "dimm_add/dimm_del":
> > Hot-add syntax: "dimm_add id"
> > Hot-remove syntax: "dimm_del id"
> >
> > Issues:
> >
> > - Live migration works as long as populated field is changed to "on" for
> > hotplugged dimms at the destination qemu command line (patch 12/21 lifts
> > this requirement). The DimmState structure does not yet define a
> > VMStateDescription, but i assume this is the preferred way to pass state
> > for migration.
> >
> > - Dimms are abstracted as qdevices attached to the main system bus. However,
> > memory hotplugging has its own side channel ignoring main_system_bus's 
> > hotplug
> > incapability. A cleaner integration is still needed, probably attaching 
> > memory
> > devices as children-links of an acpi-capable device (in the pc case 
> > acpi_piix4)
> > instead of the system bus (TBD). Then device_add/device_del instead of new
> > commands can hopefully be used.
> >
> > Comments/review welcome.
> >
> > series is based on uq/master for qemu-kvm, and master for seabios. Can be 
> > found
> > also at:
> > http://github.com/vliaskov/qemu-kvm/commits/memhp-v2
> > http://github.com/vliaskov/seabios/commits/memhp-v2
> >
> > Vasilis Liaskovitis (14):
> >   dimm: Implement memory device abstraction
> >   acpi_piix4: Implement memory device hotplug registers
> >   pc: calculate dimm physical addresses and adjust memory map
> >   pc: Add dimm paravirt SRAT info
> >   Implement "-dimm" command line option
> >   Implement dimm_add and dimm_del commands for hmp and qmp
> >   fix live-migration when "populated=on" is missing
> >   Implement memory hotplug notification lists
> >   acpi_piix4: _OST dimm support
> >   acpi_piix4: Update dimm state on VM reboot
> >   acpi_piix4: Update dimm bitmap state on hot-remove fail
> >   Implement "info memtotal" and "query-memtotal"
> >   Implement -dimms, -dimmspop command line options
> >   Implement mem_increase, mem_decrease hmp/qmp commands
> >
> >  arch_init.c |   23 ++-
> >  docs/specs/acpi_hotplug.txt |   46 +
> >  docs/specs/fwcfg.txt|   28 +++
> >  hmp-commands.hx |   67 +++
> >  hmp.c   |   24 +++
> >  hmp.h   |2 +
> >  hw/Makefile.objs|2 +-
> >  hw/acpi_piix4.c |  131 -
> >  hw/dimm.c   |  449 
> > +++
> >  hw/dimm.h   |   72 +++
> >  hw/pc.c |   94 +-
> >  hw/pc.h |6 +
> >  hw/pc_piix.c 

Re: [Qemu-devel] [RFC PATCH v2 09/21] pc: Add dimm paravirt SRAT info

[Vasilis Liaskovitis]

On Thu, Jul 12, 2012 at 07:48:04PM +, Blue Swirl wrote:
> On Wed, Jul 11, 2012 at 10:31 AM, Vasilis Liaskovitis
>  wrote:
> > The numa_fw_cfg paravirt interface is extended to include SRAT information 
> > for
> > all hotplug-able dimms. There are 3 words for each hotplug-able memory slot,
> > denoting start address, size and node proximity. The new info is appended 
> > after
> > existing numa info, so that the fw_cfg layout does not break.  This 
> > information
> > is used by Seabios to build hotplug memory device objects at runtime.
> > nb_numa_nodes is set to 1 by default (not 0), so that we always pass srat 
> > info
> > to SeaBIOS.
> >
> > v1->v2:
> > Dimm SRAT info (#dimms) is appended at end of existing numa fw_cfg in order 
> > not
> > to break existing layout
> > Documentation of the new fwcfg layout is included in docs/specs/fwcfg.txt
> >
> > Signed-off-by: Vasilis Liaskovitis 
> > ---
> >  docs/specs/fwcfg.txt |   28 ++
> >  hw/pc.c  |   53 
> > -
> >  vl.c |2 +-
> >  3 files changed, 80 insertions(+), 3 deletions(-)
> >  create mode 100644 docs/specs/fwcfg.txt
> >
> > diff --git a/docs/specs/fwcfg.txt b/docs/specs/fwcfg.txt
> > new file mode 100644
> > index 000..e6fcd8f
> > --- /dev/null
> > +++ b/docs/specs/fwcfg.txt
> > @@ -0,0 +1,28 @@
> > +QEMU<->BIOS Paravirt Documentation
> > +--
> > +
> > +This document describes paravirt data structures passed from QEMU to BIOS.
> > +
> > +fw_cfg SRAT paravirt info
> > +
> > +The SRAT info passed from QEMU to BIOS has the following layout:
> > +
> > +---
> > +#nodes | cpu0_pxm | cpu1_pxm | ... | cpulast_pxm | node0_mem | node1_mem | 
> > ... | nodelast_mem
> > +
> > +---
> > +#dimms | dimm0_start | dimm0_sz | dimm0_pxm | ... | dimmlast_start | 
> > dimmlast_sz | dimmlast_pxm
> > +
> > +Entry 0 contains the number of numa nodes (nb_numa_nodes).
> > +
> > +Entries 1..max_cpus: The next max_cpus entries describe node proximity for 
> > each
> > +one of the vCPUs in the system.
> > +
> > +Entries max_cpus+1..max_cpus+nb_numa_nodes+1:  The next nb_numa_nodes 
> > entries
> > +describe the memory size for each one of the NUMA nodes in the system.
> > +
> > +Entry max_cpus+nb_numa_nodes+1 contains the number of memory dimms 
> > (nb_hp_dimms)
> > +
> > +The last 3 * nb_hp_dimms entries are organized in triplets: Each triplet 
> > contains
> > +the physical address offset, size (in bytes), and node proximity for the
> > +respective dimm.
> 
> The size and endianness are not specified, you are using LE 64 bit
> values for each item.

thanks, I 'll update.

> 
> > diff --git a/hw/pc.c b/hw/pc.c
> > index ef9901a..cf651d0 100644
> > --- a/hw/pc.c
> > +++ b/hw/pc.c
> > @@ -598,12 +598,15 @@ int e820_add_entry(uint64_t address, uint64_t length, 
> > uint32_t type)
> >  return index;
> >  }
> >
> > +static void setup_hp_dimms(uint64_t *fw_cfg_slots);
> > +
> >  static void *bochs_bios_init(void)
> >  {
> >  void *fw_cfg;
> >  uint8_t *smbios_table;
> >  size_t smbios_len;
> >  uint64_t *numa_fw_cfg;
> > +uint64_t *hp_dimms_fw_cfg;
> >  int i, j;
> >
> >  register_ioport_write(0x400, 1, 2, bochs_bios_write, NULL);
> > @@ -638,8 +641,10 @@ static void *bochs_bios_init(void)
> >  /* allocate memory for the NUMA channel: one (64bit) word for the 
> > number
> >   * of nodes, one word for each VCPU->node and one word for each node to
> >   * hold the amount of memory.
> > + * Finally one word for the number of hotplug memory slots and three 
> > words
> > + * for each hotplug memory slot (start address, size and node 
> > proximity).
> >   */
> > -numa_fw_cfg = g_malloc0((1 + max_cpus + nb_numa_nodes) * 8);
> > +numa_fw_cfg = g_malloc0((2 + max_cpus + nb_numa_nodes + 3 * 
> > nb_hp_dimms) * 8);
> >  numa_fw_cfg[0] = cpu_to_le64(nb_numa_nodes);
> >  for (i = 0; i < max_cpus; i++) {
> >  for (j = 0; j < nb_numa_nodes; j++) {
> > @@ -652,8 +657,15 @@ static void *bochs_bios_init(void)
> >  for (i = 0; i < nb_numa_nodes; i++) {
> >  numa_fw_cfg[max_cpus + 1 + i] = cpu_to_le64(node_mem[i]);
> >  }
> > +
> > +numa_fw_cfg[1 + max_cpus + nb_numa_nodes] = cpu_to_le64(nb_hp_dimms);
> > +
> > +hp_dimms_fw_cfg = numa_fw_cfg + 2 + max_cpus + nb_numa_nodes;
> > +if (nb_hp_dimms)
> > +setup_hp_dimms(hp_dimms_fw_cfg);
> 
> Braces.
> 
> > +
> >  fw_cfg_add_bytes(fw_cfg, FW_CFG_NUMA, (uint8_t *)numa_fw_cfg,
> > - (1 + max_cpus + nb_numa_nodes) * 8);
> > + (2 + max_cpus + nb_numa_nodes + 3 * nb_hp_dimms) * 8);
> >
> >  return fw_cfg;
> >  }
> > @@ -1223,3 +1235,40 @@ target_phys_ad

Re: [Qemu-devel] [RFC PATCH v2 06/21] dimm: Implement memory device abstraction

[Vasilis Liaskovitis]

Hi,

On Thu, Jul 12, 2012 at 07:55:42PM +, Blue Swirl wrote:
> On Wed, Jul 11, 2012 at 10:31 AM, Vasilis Liaskovitis
>  wrote:
> > Each hotplug-able memory slot is a SysBusDevice. A hot-add operation for a
> > particular dimm creates a new MemoryRegion of the given physical address
> > offset, size and node proximity, and attaches it to main system memory as a
> > sub_region. A hot-remove operation detaches and frees the MemoryRegion from
> > system memory.
> >
> > This prototype still lacks proper qdev integration: a separate
> > hotplug side-channel is used and main system bus hotplug capability is
> > ignored.
> >
> > Signed-off-by: Vasilis Liaskovitis 
> > ---
> >  hw/Makefile.objs |2 +-
> >  hw/dimm.c|  234 
> > ++
> >  hw/dimm.h|   58 +
> >  3 files changed, 293 insertions(+), 1 deletions(-)
> >  create mode 100644 hw/dimm.c
> >  create mode 100644 hw/dimm.h
> >
> > diff --git a/hw/Makefile.objs b/hw/Makefile.objs
> > index 3d77259..e2184bf 100644
> > --- a/hw/Makefile.objs
> > +++ b/hw/Makefile.objs
> > @@ -26,7 +26,7 @@ hw-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
> >  hw-obj-$(CONFIG_PCSPK) += pcspk.o
> >  hw-obj-$(CONFIG_PCKBD) += pckbd.o
> >  hw-obj-$(CONFIG_FDC) += fdc.o
> > -hw-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o
> > +hw-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o dimm.o
> >  hw-obj-$(CONFIG_APM) += pm_smbus.o apm.o
> >  hw-obj-$(CONFIG_DMA) += dma.o
> >  hw-obj-$(CONFIG_I82374) += i82374.o
> > diff --git a/hw/dimm.c b/hw/dimm.c
> > new file mode 100644
> > index 000..00c4623
> > --- /dev/null
> > +++ b/hw/dimm.c
> > @@ -0,0 +1,234 @@
> > +/*
> > + * Dimm device for Memory Hotplug
> > + *
> > + * Copyright ProfitBricks GmbH 2012
> > + * This library is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2 of the License, or (at your option) any later version.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with this library; if not, see 
> > 
> > + */
> > +
> > +#include "trace.h"
> > +#include "qdev.h"
> > +#include "dimm.h"
> > +#include 
> > +#include "../exec-memory.h"
> > +#include "qmp-commands.h"
> > +
> > +static DeviceState *dimm_hotplug_qdev;
> > +static dimm_hotplug_fn dimm_hotplug;
> > +static QTAILQ_HEAD(Dimmlist, DimmState)  dimmlist;
> 
> Using global state does not look right. It should always be possible
> to pass around structures to avoid it.

ok, I 'll try to remove the global state.

> 
> > +
> > +static Property dimm_properties[] = {
> > +DEFINE_PROP_END_OF_LIST()
> > +};
> > +
> > +void dimm_populate(DimmState *s)
> 
> All functions are global and exported but there does not seem to be
> users. Please make all static which you can.

will do

> 
> > +{
> > +DeviceState *dev= (DeviceState*)s;
> > +MemoryRegion *new = NULL;
> > +
> > +new = g_malloc(sizeof(MemoryRegion));
> > +memory_region_init_ram(new, dev->id, s->size);
> > +vmstate_register_ram_global(new);
> > +memory_region_add_subregion(get_system_memory(), s->start, new);
> > +s->mr = new;
> > +s->populated = true;
> > +}
> > +
> > +
> > +void dimm_depopulate(DimmState *s)
> > +{
> > +assert(s);
> > +if (s->populated) {
> > +vmstate_unregister_ram(s->mr, NULL);
> > +memory_region_del_subregion(get_system_memory(), s->mr);
> > +memory_region_destroy(s->mr);
> > +s->populated = false;
> > +s->mr = NULL;
> > +}
> > +}
> > +
> > +DimmState *dimm_create(char *id, uint64_t size, uint64_t node, uint32_t
> > +dimm_idx, bool populated)
> > +{
> > +DeviceState *dev;
> > +DimmState *mdev;
> > +
> > +dev = sysbus_create_simple("dimm", -1, NULL);
> > +dev->id = id;
> > +
> > +mdev = DIMM(dev);
> > +mdev->idx = dimm_idx;
> > +mdev->start = 0;
> > +mdev->size = size;
> > +mdev->node = node;
> > +mdev->populated = populated;
> > +QTAILQ_INSERT_TAIL(&dimmlist, mdev, nextdimm);
> > +return mdev;
> > +}
> > +
> > +void dimm_register_hotplug(dimm_hotplug_fn hotplug, DeviceState *qdev)
> > +{
> > +dimm_hotplug_qdev = qdev;
> > +dimm_hotplug = hotplug;
> > +dimm_scan_populated();
> > +}
> > +
> > +void dimm_activate(DimmState *slot)
> > +{
> > +dimm_populate(slot);
> > +if (dimm_hotplug)
> > +dimm_hotplug(dimm_hotplug_qdev, (SysBusDevice*)slot, 1);
> 
> Why the cast?

dimm_hotplug accepts SysBusDevice, not DimmState, though that can be changed.
> 
> Also braces, please

Re: [Qemu-devel] [PATCH v2 01/17] qapi: fix error propagation

[Laszlo Ersek]

On 07/13/12 18:38, Luiz Capitulino wrote:
> On Wed, 13 Jun 2012 10:22:32 +0200
> Laszlo Ersek  wrote:
> 
>> From: Paolo Bonzini 
>>
>> Don't overwrite / leak previously set errors.
> 
> Can you elaborate a bit more? It's not clear to me where the bug is.

Suppose you encounter the first error on the normal path, while a bunch
of objects is being constructed / composed. You set the error
accordingly and start to unwind the stack, tearing down objects
previously composed fully or partially. While doing this, you encounter
another error. If you call error_set() or error_propagate() now, the
first error is leaked. To avoid this, you have to check.

This change saves you the checks during stack unwinding, keeps the first
error stored (which is more important than any destructor errors, since
the latter could be the direct consequence of the first error and
aborting further processing). Second and later errors attempted to be
set via error_set() are simply not formatted, while second and later
errors attempted to be propagated with error_propagate() are released
(as there are two errors and we keep only one).

See "qapi: introduce OptsVisitor", function opts_end_struct(), comment
"we should have processed all (distinct) QemuOpt instances". If we abort
processing due to some error, there may be leftover options. We
shouldn't overwrite the first (real) error with this bogus one.

The stack is unwound in this case by the generated code -- if some
deeper part of OptsVisitor sets an error, the generated code will make
sure opts_end_struct() is called the right number of times.


> 
> More comments below.
> 
>> Don't try to end a container that could not be started.
>>
>> Signed-off-by: Paolo Bonzini 
>> Signed-off-by: Laszlo Ersek 
>> ---
>>  error.h|4 +-
>>  error.c|4 +-
>>  qapi/qapi-visit-core.c |   10 +--
>>  tests/test-qmp-input-visitor.c |   24 +---
>>  docs/qapi-code-gen.txt |2 +
>>  scripts/qapi-visit.py  |  129 
>> +++
>>  6 files changed, 102 insertions(+), 71 deletions(-)
>>
>> diff --git a/error.h b/error.h
>> index 45ff6c1..6898f84 100644
>> --- a/error.h
>> +++ b/error.h
>> @@ -24,7 +24,7 @@ typedef struct Error Error;
>>  /**
>>   * Set an indirect pointer to an error given a printf-style format 
>> parameter.
>>   * Currently, qerror.h defines these error formats.  This function is not
>> - * meant to be used outside of QEMU.
>> + * meant to be used outside of QEMU.  Errors after the first are discarded.
>>   */
>>  void error_set(Error **err, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
>>  
>> @@ -57,7 +57,7 @@ void error_set_field(Error *err, const char *field, const 
>> char *value);
>>  /**
>>   * Propagate an error to an indirect pointer to an error.  This function 
>> will
>>   * always transfer ownership of the error reference and handles the case 
>> where
>> - * dst_err is NULL correctly.
>> + * dst_err is NULL correctly.  Errors after the first are discarded.
>>   */
>>  void error_propagate(Error **dst_err, Error *local_err);
>>  
>> diff --git a/error.c b/error.c
>> index a52b771..0177972 100644
>> --- a/error.c
>> +++ b/error.c
>> @@ -29,7 +29,7 @@ void error_set(Error **errp, const char *fmt, ...)
>>  Error *err;
>>  va_list ap;
>>  
>> -if (errp == NULL) {
>> +if (errp == NULL || *errp != NULL) {
> 
> I think we should use assert() here.
> 
> If the error is already set, that most probably indicates a bug in the 
> caller, as
> it's the caller's responsibility to decide which error to return.

I believe we had a good argument against this, but I can't precisely
recall (or find) it now. Paolo, do you remember? Can you please both
search your respective mailboxen for Message-ID
<4fb21b71.7030...@redhat.com>? That's where we started to discuss this.

I believe I saw some paths in the code that tripped on this leak, and
generally keeping the first error seemed like a good idea.
opts_end_struct() originally checked for any pre-existent error
explicitly, but then the check was moved to the common code.


> 
>>  return;
>>  }
>>  
>> @@ -132,7 +132,7 @@ bool error_is_type(Error *err, const char *fmt)
>>  
>>  void error_propagate(Error **dst_err, Error *local_err)
>>  {
>> -if (dst_err) {
>> +if (dst_err && !*dst_err) {
>>  *dst_err = local_err;
>>  } else if (local_err) {
>>  error_free(local_err);
>> diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
>> index bf7..0a513d2 100644
>> --- a/qapi/qapi-visit-core.c
>> +++ b/qapi/qapi-visit-core.c
>> @@ -39,9 +39,8 @@ void visit_start_struct(Visitor *v, void **obj, const char 
>> *kind,
>>  
>>  void visit_end_struct(Visitor *v, Error **errp)
>>  {
>> -if (!error_is_set(errp)) {
>> -v->end_struct(v, errp);
>> -}
> 
> Is this the ending of a container that could not be started? But if it 
> couldn't
> be started, then errp be will be set and we

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Stefan Weil]

Am 13.07.2012 13:33, schrieb Paolo Bonzini:

Il 13/07/2012 11:51, Paolo Bonzini ha scritto:

Il 13/07/2012 11:16, Stefan Hajnoczi ha scritto:

"Working around the QEMU block layer license" is not a goal per se,
especially because you haven't a) assessed _what_ is the GPL code that
the library would use; b) told us why the library should not be under
the GPL.

Please design first according to the functionality you want to
implement, then think about the implementation.


Licensing is one headache but the real challenge is that the QEMU block
layer relies on the QEMU main loop and a bunch of other architecture.


It doesn't really, not on Windows which has no AIO for example.  That's
why I suggested:

- assessing what code is GPL and what are the dependencies on it


So I tried trimming down the list of files needed to compile
qemu tools, and here is a list:

Easy to relicense to LGPLv2+:
block/raw.c none (GPLv2+: Red Hat, IBM)
error.c LGPLv2 (Red Hat, IBM, Stefan Weil)


I only added an include statement and don't mind
changing the license for error.c to LGPLv2+.



iov.c   GPLv2 (Red Hat, SuSE/Hannes Reinecke, Michael 
Tokarev)
module.cGPLv2 (Red Hat, IBM, Blue Swirl)
qemu-error.cGPLv2+ (Red Hat, Blue Swirl, IBM)
trace/control.c GPLv2 (Lluis Vilanova)
trace/default.c GPLv2 (Lluis Vilanova)

(I added some people to Cc.  Lluis and Michael, can you also look at
http://wiki.qemu.org/Relicensing if you're willing to relicense
your past contributions from GPLv2 to GPLv2+?.  Blue Swirl said
he'd accept any other GPLv2 or GPLv3 compatible license, which
should include LGPLv2+).

Harder to relicense to LGPLv2+:
block/vdi.c GPLv2+


Indeed, that one is harder. Most of the code is from me,
and I need a good reason why the license should be changed.

Of course the dynamic library can also be compiled without
VDI support.

Regards,
Stefan W.

Re: [Qemu-devel] [PATCH v2 05/17] qapi: introduce OptsVisitor

[Luiz Capitulino]

On Wed, 13 Jun 2012 10:22:36 +0200
Laszlo Ersek  wrote:

> This visitor supports parsing
> 
>   -option [type=]discriminator[,optarg1=val1][,optarg2=val2][,...]
> 
> style QemuOpts objects into "native" C structures. After defining the type
> tree in the qapi schema (see below), a root type traversal with this
> visitor linked to the underlying QemuOpts object will build the "native" C
> representation of the option.
> 
> The type tree in the schema, corresponding to an option with a
> discriminator, must have the following structure:
> 
>   struct
> scalar member for non-discriminated optarg 1 [*]
> list for repeating non-discriminated optarg 2 [*]
>   wrapper struct
> single scalar member
> union
>   struct for discriminator case 1
> scalar member for optarg 3 [*]
> list for repeating optarg 4 [*]
>   wrapper struct
> single scalar member
> scalar member for optarg 5 [*]
>   struct for discriminator case 2
> ...
> 
> The "type" optarg name is fixed for the discriminator role. Its schema
> representation is "union of structures", and each discriminator value must
> correspond to a member name in the union.
> 
> If the option takes no "type" descriminator, then the type subtree rooted
> at the union must be absent from the schema (including the union itself).
> 
> Optarg values can be of scalar types str / bool / integers / size.
> 
> Members marked with [*] may be defined as optional in the schema,
> describing an optional optarg.
> 
> Repeating an optarg is supported; 

I see that the current code supports this too, but why? Something like this
should fail:

 -netdev type=tap,vhost=on,vhost=off,id=guest1,script=qemu-ifup-switch

More comments below.

> its schema representation must be "list
> of structure with single mandatory scalar member". If an optarg is not
> described as repeating in the schema (ie. it is defined as a scalar field
> instead of a list), its last occurrence will take effect. Ordering between
> differently named optargs is not preserved.
> 
> A mandatory list (or an optional one which is reported to be available),
> corresponding to a repeating optarg, has at least one element after
> successful parsing.
> 
> v1->v2:
> - Update opts_type_size() prototype to uint64_t.
> - Add opts_type_uint64() for options needing the full uint64_t range.
>   (Internals could be extracted to "cutils.c".)
> - Allow negative values in opts_type_int().
> - Rebase to nested Makefiles.
> 
> Signed-off-by: Laszlo Ersek 
> ---
>  qapi/opts-visitor.h |   31 
>  qapi/opts-visitor.c |  401 
> +++
>  qapi/Makefile.objs  |2 +-
>  3 files changed, 433 insertions(+), 1 deletions(-)
>  create mode 100644 qapi/opts-visitor.h
>  create mode 100644 qapi/opts-visitor.c
> 
> diff --git a/qapi/opts-visitor.h b/qapi/opts-visitor.h
> new file mode 100644
> index 000..ea1a395
> --- /dev/null
> +++ b/qapi/opts-visitor.h
> @@ -0,0 +1,31 @@
> +/*
> + * Options Visitor
> + *
> + * Copyright Red Hat, Inc. 2012
> + *
> + * Author: Laszlo Ersek 
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or 
> later.
> + * See the COPYING.LIB file in the top-level directory.
> + *
> + */
> +
> +#ifndef OPTS_VISITOR_H
> +#define OPTS_VISITOR_H
> +
> +#include "qapi-visit-core.h"
> +#include "qemu-option.h"
> +
> +typedef struct OptsVisitor OptsVisitor;
> +
> +/* Contrarily to qemu-option.c::parse_option_number(), OptsVisitor's "int"
> + * parser relies on strtoll() instead of strtoull(). Consequences:
> + * - string representations of negative numbers yield negative values,
> + * - values below INT64_MIN or LLONG_MIN are rejected,
> + * - values above INT64_MAX or LLONG_MAX are rejected.
> + */
> +OptsVisitor *opts_visitor_new(const QemuOpts *opts);
> +void opts_visitor_cleanup(OptsVisitor *nv);
> +Visitor *opts_get_visitor(OptsVisitor *nv);
> +
> +#endif
> diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
> new file mode 100644
> index 000..9187c86
> --- /dev/null
> +++ b/qapi/opts-visitor.c
> @@ -0,0 +1,401 @@
> +/*
> + * Options Visitor
> + *
> + * Copyright Red Hat, Inc. 2012
> + *
> + * Author: Laszlo Ersek 
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or 
> later.
> + * See the COPYING.LIB file in the top-level directory.
> + *
> + */
> +
> +#include "opts-visitor.h"
> +#include "qemu-queue.h"
> +#include "qemu-option-internal.h"
> +#include "qapi-visit-impl.h"
> +
> +
> +struct OptsVisitor
> +{
> +Visitor visitor;
> +
> +/* Ownership remains with opts_visitor_new()'s caller. */
> +const QemuOpts *opts_root;
> +
> +unsigned depth;
> +
> +/* Non-null iff depth is positive. Each key is a QemuOpt name. Each value
> + * is a non-empty GQueue, enumerating all QemuOpt occurrences with that
> + * name. */
> +GHashTable *unprocessed_opts;
> +
> +/* The list currently being traversed with opts_star

[Qemu-devel] [PATCH 3/3] qapi: Convert getfd and closefd

[Luiz Capitulino]

From: Corey Bryant 

Signed-off-by: Corey Bryant 
Signed-off-by: Luiz Capitulino 
---
 hmp-commands.hx  |  6 ++
 hmp.c| 18 ++
 hmp.h|  2 ++
 monitor.c| 32 ++--
 qapi-schema.json | 35 +++
 qmp-commands.hx  | 14 ++
 6 files changed, 81 insertions(+), 26 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index f5d9d91..eea8b32 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1236,8 +1236,7 @@ ETEXI
 .args_type  = "fdname:s",
 .params = "getfd name",
 .help   = "receive a file descriptor via SCM rights and assign it 
a name",
-.user_print = monitor_user_noop,
-.mhandler.cmd_new = do_getfd,
+.mhandler.cmd = hmp_getfd,
 },
 
 STEXI
@@ -1253,8 +1252,7 @@ ETEXI
 .args_type  = "fdname:s",
 .params = "closefd name",
 .help   = "close a file descriptor previously passed via SCM 
rights",
-.user_print = monitor_user_noop,
-.mhandler.cmd_new = do_closefd,
+.mhandler.cmd = hmp_closefd,
 },
 
 STEXI
diff --git a/hmp.c b/hmp.c
index 4c6d4ae..6b72a64 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1002,3 +1002,21 @@ void hmp_netdev_del(Monitor *mon, const QDict *qdict)
 qmp_netdev_del(id, &err);
 hmp_handle_error(mon, &err);
 }
+
+void hmp_getfd(Monitor *mon, const QDict *qdict)
+{
+const char *fdname = qdict_get_str(qdict, "fdname");
+Error *errp = NULL;
+
+qmp_getfd(fdname, &errp);
+hmp_handle_error(mon, &errp);
+}
+
+void hmp_closefd(Monitor *mon, const QDict *qdict)
+{
+const char *fdname = qdict_get_str(qdict, "fdname");
+Error *errp = NULL;
+
+qmp_closefd(fdname, &errp);
+hmp_handle_error(mon, &errp);
+}
diff --git a/hmp.h b/hmp.h
index 79d138d..8d2b0d7 100644
--- a/hmp.h
+++ b/hmp.h
@@ -64,5 +64,7 @@ void hmp_device_del(Monitor *mon, const QDict *qdict);
 void hmp_dump_guest_memory(Monitor *mon, const QDict *qdict);
 void hmp_netdev_add(Monitor *mon, const QDict *qdict);
 void hmp_netdev_del(Monitor *mon, const QDict *qdict);
+void hmp_getfd(Monitor *mon, const QDict *qdict);
+void hmp_closefd(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/monitor.c b/monitor.c
index f6107ba..522c88b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2328,48 +2328,45 @@ static void do_inject_mce(Monitor *mon, const QDict 
*qdict)
 }
 #endif
 
-static int do_getfd(Monitor *mon, const QDict *qdict, QObject **ret_data)
+void qmp_getfd(const char *fdname, Error **errp)
 {
-const char *fdname = qdict_get_str(qdict, "fdname");
 mon_fd_t *monfd;
 int fd;
 
-fd = qemu_chr_fe_get_msgfd(mon->chr);
+fd = qemu_chr_fe_get_msgfd(cur_mon->chr);
 if (fd == -1) {
-qerror_report(QERR_FD_NOT_SUPPLIED);
-return -1;
+error_set(errp, QERR_FD_NOT_SUPPLIED);
+return;
 }
 
 if (qemu_isdigit(fdname[0])) {
-qerror_report(QERR_INVALID_PARAMETER_VALUE, "fdname",
-  "a name not starting with a digit");
-return -1;
+error_set(errp, QERR_INVALID_PARAMETER_VALUE, "fdname",
+  "a name not starting with a digit");
+return;
 }
 
-QLIST_FOREACH(monfd, &mon->fds, next) {
+QLIST_FOREACH(monfd, &cur_mon->fds, next) {
 if (strcmp(monfd->name, fdname) != 0) {
 continue;
 }
 
 close(monfd->fd);
 monfd->fd = fd;
-return 0;
+return;
 }
 
 monfd = g_malloc0(sizeof(mon_fd_t));
 monfd->name = g_strdup(fdname);
 monfd->fd = fd;
 
-QLIST_INSERT_HEAD(&mon->fds, monfd, next);
-return 0;
+QLIST_INSERT_HEAD(&cur_mon->fds, monfd, next);
 }
 
-static int do_closefd(Monitor *mon, const QDict *qdict, QObject **ret_data)
+void qmp_closefd(const char *fdname, Error **errp)
 {
-const char *fdname = qdict_get_str(qdict, "fdname");
 mon_fd_t *monfd;
 
-QLIST_FOREACH(monfd, &mon->fds, next) {
+QLIST_FOREACH(monfd, &cur_mon->fds, next) {
 if (strcmp(monfd->name, fdname) != 0) {
 continue;
 }
@@ -2378,11 +2375,10 @@ static int do_closefd(Monitor *mon, const QDict *qdict, 
QObject **ret_data)
 close(monfd->fd);
 g_free(monfd->name);
 g_free(monfd);
-return 0;
+return;
 }
 
-qerror_report(QERR_FD_NOT_FOUND, fdname);
-return -1;
+error_set(errp, QERR_FD_NOT_FOUND, fdname);
 }
 
 static void do_loadvm(Monitor *mon, const QDict *qdict)
diff --git a/qapi-schema.json b/qapi-schema.json
index 5252452..a92adb1 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1870,3 +1870,38 @@
 # Since: 0.14.0
 ##
 { 'command': 'netdev_del', 'data': {'id': 'str'} }
+
+##
+# @getfd:
+#
+# Receive a file descriptor via SCM rights and assign it a name
+#
+# @fdname: file descriptor name
+#
+# Returns: Nothing on success
+#  If file descriptor was not received, FdNotSupplied
+#  If @fdname is 

[Qemu-devel] [PATCH 2/3] qapi: input_type_enum(): fix error message

[Luiz Capitulino]

The enum string is pointed to by 'enum_str' not 'name'. This bug
causes the error message to be:

{ "error": { "class": "InvalidParameter",
 "desc": "Invalid parameter 'null'",
 "data": { "name": "null" } } }

Signed-off-by: Luiz Capitulino 
Reviewed-by: Amos Kong 
---
 qapi/qapi-visit-core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index bf7..705eca9 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -298,7 +298,7 @@ void input_type_enum(Visitor *v, int *obj, const char 
*strings[],
 }
 
 if (strings[value] == NULL) {
-error_set(errp, QERR_INVALID_PARAMETER, name ? name : "null");
+error_set(errp, QERR_INVALID_PARAMETER, enum_str);
 g_free(enum_str);
 return;
 }
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PATCH 1/3] qmp: dump-guest-memory: improve schema doc

[Luiz Capitulino]

Clarify a few points and makes it looks more like the other commands'
documentation.

Signed-off-by: Luiz Capitulino 
---
 qapi-schema.json | 32 +---
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index 1ab5dbd..5252452 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1789,34 +1789,36 @@
 #
 # Dump guest's memory to vmcore. It is a synchronous operation that can take
 # very long depending on the amount of guest memory. This command is only
-# supported only on i386 and x86_64
-#
-# @paging: if true, do paging to get guest's memory mapping. The @paging's
-# default value of @paging is false, If you want to use gdb to process the
-# core, please set @paging to true. The reason why the @paging's value is
-# false:
-#   1. guest machine in a catastrophic state can have corrupted memory,
-#  which we cannot trust.
-#   2. The guest machine can be in read-mode even if paging is enabled.
-#  For example: the guest machine uses ACPI to sleep, and ACPI sleep
-#  state goes in real-mode
+# supported on i386 and x86_64.
+#
+# @paging: if true, do paging to get guest's memory mapping. This allows
+# using gdb to process the core file. However, setting @paging to false
+# may be desirable because of two reasons:
+#
+#   1. The guest may be in a catastrophic state or can have corrupted
+#  memory, which cannot be trusted
+#   2. The guest can be in real-mode even if paging is enabled. For example,
+#  the guest uses ACPI to sleep, and ACPI sleep state goes in real-mode
+#
 # @protocol: the filename or file descriptor of the vmcore. The supported
-# protocol can be file or fd:
+# protocols are:
+#
 #   1. file: the protocol starts with "file:", and the following string is
 #  the file's path.
 #   2. fd: the protocol starts with "fd:", and the following string is the
 #  fd's name.
+#
 # @begin: #optional if specified, the starting physical address.
+#
 # @length: #optional if specified, the memory size, in bytes. If you don't
-# want to dump all guest's memory, please specify the start @begin and
-# @length
+# want to dump all guest's memory, please specify the start @begin and @length
 #
 # Returns: nothing on success
 #  If @begin contains an invalid address, InvalidParameter
 #  If only one of @begin and @length is specified, MissingParameter
 #  If @protocol stats with "fd:", and the fd cannot be found, 
FdNotFound
 #  If @protocol starts with "file:", and the file cannot be
-#  opened, OpenFileFailed
+# opened, OpenFileFailed
 #  If @protocol does not start with "fd:" or "file:", InvalidParameter
 #  If an I/O error occurs while writing the file, IOError
 #  If the target does not support this command, Unsupported
-- 
1.7.11.1.116.g8228a23

[Qemu-devel] [PULL 0/3]: QMP queue

[Luiz Capitulino]

Three little patches. Two fixes from me and a qapi conversion form Corey.

The changes (since c0958559b1a589a0d189c45ea1adaa6b345f4256) are available
in the following repository:

git://repo.or.cz/qemu/qmp-unstable.git queue/qmp

Corey Bryant (1):
  qapi: Convert getfd and closefd

Luiz Capitulino (2):
  qmp: dump-guest-memory: improve schema doc
  qapi: input_type_enum(): fix error message

 hmp-commands.hx|  6 ++---
 hmp.c  | 18 ++
 hmp.h  |  2 ++
 monitor.c  | 32 +++-
 qapi-schema.json   | 67 +++---
 qapi/qapi-visit-core.c |  2 +-
 qmp-commands.hx| 14 ---
 7 files changed, 99 insertions(+), 42 deletions(-)

Re: [Qemu-devel] [PATCH v2 00/17] introduce OptsVisitor, rebase -net/-netdev parsing

[Luiz Capitulino]

On Wed, 13 Jun 2012 10:22:31 +0200
Laszlo Ersek  wrote:

> Inspired by [1], the first half of this series attempts to implement a new
> visitor that should clean up defining and processing command line options.
> For a more detailed description, please see "[PATCH 05/17] qapi: introduce
> OptsVisitor".
> 
> The second half converts -net/-netdev parsing to the new visitor.

The general approach looks fine to me, I've made comments to individual patches
and have two general comments:

 1. This doesn't build for me:

In file included from /home/lcapitulino/work/src/qmp-unstable/net/slirp.c:24:0:
/home/lcapitulino/work/src/qmp-unstable/net/slirp.h:41:28: error: unknown type 
name ‘QemuOptsList’
/home/lcapitulino/work/src/qmp-unstable/net/slirp.c:741:5: error: no previous 
prototype for ‘net_slirp_parse_legacy’ [-Werror=missing-prototypes]
cc1: all warnings being treated as errors
make: *** [net/slirp.o] Error 1
make: *** Waiting for unfinished jobs

 2. I don't think this should go in through qmp's branch because this is more
about QemuOpts than about QMP. I suggest three alternatives:

  - If you're going to go forward and convert more users, then I think
you should open your own branch, send pull requests etc

  - Go through some -net three

  - Ask Anthony to apply this directly

I'll, of course, review it though

Re: [Qemu-devel] [PATCH 2/6] s390: sclp base support

[Christian Borntraeger]

Thanks fpr the review,


On 13/07/12 17:08, Blue Swirl wrote:

>> + * Copyright IBM, Corp. 2007, 2012
> 
> 2007, really?

Well, yes and no. The first userspace for kvm on s390 was kuli and some of that
code was used for bringup. But it looks pretty different now, so we can
change that to be 2012 as the first release.

[...]
>> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> 
> Why GPLv2only, can't this be licensed under later versions?

Was simply copied from other qemu files. We can certainly change that to 2 and 
later.


[...]

>> +int do_sclp_service_call(uint32_t sccb, uint64_t code)
> 
> sccb could be target_phys_addr_t.

the architecture explicitely requires to have the 32 msbs to be 0. 
target_phys_addr_t
would certainly work as well, but 

[...]
>> +cpu_physical_memory_write(sccb, &work_sccb,
>> +  be16_to_cpu(work_sccb.h.length));
> 
> Perhaps the DMA helpers should be used instead.
> 

Is there any rule what to use under which circumstances.


[...]
>> +#ifndef _QEMU_S390_SCLP_H
>> +#define _QEMU_S390_SCLP_H
> 
> HW_S390_SCLP_H

Ok

[...]
>> +} __attribute__((packed)) SCCBHeader;
> 
> QEMU_PACKED

Ok

[...]
>> +extern SCLPS390Bus *sclp_bus;
> 
> Global state is suspicious, usually it can be avoided with parameter passing.
[...]

Will check if we can make that go away.

Re: [Qemu-devel] [PATCH v2 01/17] qapi: fix error propagation

[Luiz Capitulino]

On Wed, 13 Jun 2012 10:22:32 +0200
Laszlo Ersek  wrote:

> From: Paolo Bonzini 
> 
> Don't overwrite / leak previously set errors.

Can you elaborate a bit more? It's not clear to me where the bug is.

More comments below.

> Don't try to end a container that could not be started.
> 
> Signed-off-by: Paolo Bonzini 
> Signed-off-by: Laszlo Ersek 
> ---
>  error.h|4 +-
>  error.c|4 +-
>  qapi/qapi-visit-core.c |   10 +--
>  tests/test-qmp-input-visitor.c |   24 +---
>  docs/qapi-code-gen.txt |2 +
>  scripts/qapi-visit.py  |  129 +++
>  6 files changed, 102 insertions(+), 71 deletions(-)
> 
> diff --git a/error.h b/error.h
> index 45ff6c1..6898f84 100644
> --- a/error.h
> +++ b/error.h
> @@ -24,7 +24,7 @@ typedef struct Error Error;
>  /**
>   * Set an indirect pointer to an error given a printf-style format parameter.
>   * Currently, qerror.h defines these error formats.  This function is not
> - * meant to be used outside of QEMU.
> + * meant to be used outside of QEMU.  Errors after the first are discarded.
>   */
>  void error_set(Error **err, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
>  
> @@ -57,7 +57,7 @@ void error_set_field(Error *err, const char *field, const 
> char *value);
>  /**
>   * Propagate an error to an indirect pointer to an error.  This function will
>   * always transfer ownership of the error reference and handles the case 
> where
> - * dst_err is NULL correctly.
> + * dst_err is NULL correctly.  Errors after the first are discarded.
>   */
>  void error_propagate(Error **dst_err, Error *local_err);
>  
> diff --git a/error.c b/error.c
> index a52b771..0177972 100644
> --- a/error.c
> +++ b/error.c
> @@ -29,7 +29,7 @@ void error_set(Error **errp, const char *fmt, ...)
>  Error *err;
>  va_list ap;
>  
> -if (errp == NULL) {
> +if (errp == NULL || *errp != NULL) {

I think we should use assert() here.

If the error is already set, that most probably indicates a bug in the caller, 
as
it's the caller's responsibility to decide which error to return.

>  return;
>  }
>  
> @@ -132,7 +132,7 @@ bool error_is_type(Error *err, const char *fmt)
>  
>  void error_propagate(Error **dst_err, Error *local_err)
>  {
> -if (dst_err) {
> +if (dst_err && !*dst_err) {
>  *dst_err = local_err;
>  } else if (local_err) {
>  error_free(local_err);
> diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
> index bf7..0a513d2 100644
> --- a/qapi/qapi-visit-core.c
> +++ b/qapi/qapi-visit-core.c
> @@ -39,9 +39,8 @@ void visit_start_struct(Visitor *v, void **obj, const char 
> *kind,
>  
>  void visit_end_struct(Visitor *v, Error **errp)
>  {
> -if (!error_is_set(errp)) {
> -v->end_struct(v, errp);
> -}

Is this the ending of a container that could not be started? But if it couldn't
be started, then errp be will be set and we won't try to end it, no?

> +assert(!error_is_set(errp));
> +v->end_struct(v, errp);
>  }
>  
>  void visit_start_list(Visitor *v, const char *name, Error **errp)
> @@ -62,9 +61,8 @@ GenericList *visit_next_list(Visitor *v, GenericList 
> **list, Error **errp)
>  
>  void visit_end_list(Visitor *v, Error **errp)
>  {
> -if (!error_is_set(errp)) {
> -v->end_list(v, errp);
> -}
> +assert(!error_is_set(errp));
> +v->end_list(v, errp);
>  }
>  
>  void visit_start_optional(Visitor *v, bool *present, const char *name,
> diff --git a/tests/test-qmp-input-visitor.c b/tests/test-qmp-input-visitor.c
> index c30fdc4..8f5a509 100644
> --- a/tests/test-qmp-input-visitor.c
> +++ b/tests/test-qmp-input-visitor.c
> @@ -151,14 +151,22 @@ typedef struct TestStruct
>  static void visit_type_TestStruct(Visitor *v, TestStruct **obj,
>const char *name, Error **errp)
>  {
> -visit_start_struct(v, (void **)obj, "TestStruct", name, 
> sizeof(TestStruct),
> -   errp);
> -
> -visit_type_int(v, &(*obj)->integer, "integer", errp);
> -visit_type_bool(v, &(*obj)->boolean, "boolean", errp);
> -visit_type_str(v, &(*obj)->string, "string", errp);
> -
> -visit_end_struct(v, errp);
> +Error *err = NULL;
> +if (!error_is_set(errp)) {
> +visit_start_struct(v, (void **)obj, "TestStruct", name, 
> sizeof(TestStruct),
> +   &err);
> +if (!err) {
> +visit_type_int(v, &(*obj)->integer, "integer", &err);
> +visit_type_bool(v, &(*obj)->boolean, "boolean", &err);
> +visit_type_str(v, &(*obj)->string, "string", &err);
> +
> +/* Always call end_struct if start_struct succeeded.  */
> +error_propagate(errp, err);
> +err = NULL;
> +visit_end_struct(v, &err);
> +}
> +error_propagate(errp, err);
> +}
>  }
>  
>  static void test_visitor_in_struct(TestInputVisitorData *data,
> dif

Re: [Qemu-devel] [PATCH v2 1/2] coroutine-ucontext: Help valgrind understand coroutines

[Kevin Wolf]

Am 13.07.2012 18:13, schrieb Eric Blake:
> On 07/13/2012 10:06 AM, Kevin Wolf wrote:
>> Am 13.07.2012 17:37, schrieb Peter Maydell:
>>> On 13 July 2012 16:31, Kevin Wolf  wrote:
 +#ifdef CONFIG_VALGRIND_H
 +/* Work around an unused variable in the valgrind.h macro... */
 +#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
 +static inline void valgrind_stack_deregister(CoroutineUContext *co)
 +{
 +VALGRIND_STACK_DEREGISTER(co->valgrind_stack_id);
 +}
 +#pragma GCC diagnostic error "-Wunused-but-set-variable"
 +#endif
>>>
>>> '#pragma .. error' will defeat the configure code which makes warnings
>>> not fatal in release builds.
>>
>> I know. What's your suggestion? Switch only to warning? Then it would be
>> easy to miss warnings. Disabling the valgrind code for gcc < 4.6 is
>> better, but still not really nice.
> 
> But you're already disabling the valgrind code for gcc too old to honor
> 
> #pragma GCC diagnostic ignored "-Wunused-but-set-variable"
> 
> so what's the difference in making your configure check for
> CONFIG_VALGRIND_H _also_ check that gcc is new enough to honor push/pop
> of diagnostic?

The practical difference for me is that the RHEL 6 gcc knows
ignored/warning/error (since gcc 4.2), but not push/pop (since gcc 4.6),
so my test machine still wouldn't have valgrind support and I could drop
the patch wholesale.

Kevin

Re: [Qemu-devel] [PATCH v2 1/2] coroutine-ucontext: Help valgrind understand coroutines

[Eric Blake]

On 07/13/2012 10:06 AM, Kevin Wolf wrote:
> Am 13.07.2012 17:37, schrieb Peter Maydell:
>> On 13 July 2012 16:31, Kevin Wolf  wrote:
>>> +#ifdef CONFIG_VALGRIND_H
>>> +/* Work around an unused variable in the valgrind.h macro... */
>>> +#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
>>> +static inline void valgrind_stack_deregister(CoroutineUContext *co)
>>> +{
>>> +VALGRIND_STACK_DEREGISTER(co->valgrind_stack_id);
>>> +}
>>> +#pragma GCC diagnostic error "-Wunused-but-set-variable"
>>> +#endif
>>
>> '#pragma .. error' will defeat the configure code which makes warnings
>> not fatal in release builds.
> 
> I know. What's your suggestion? Switch only to warning? Then it would be
> easy to miss warnings. Disabling the valgrind code for gcc < 4.6 is
> better, but still not really nice.

But you're already disabling the valgrind code for gcc too old to honor

#pragma GCC diagnostic ignored "-Wunused-but-set-variable"

so what's the difference in making your configure check for
CONFIG_VALGRIND_H _also_ check that gcc is new enough to honor push/pop
of diagnostic?

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 1/2] coroutine-ucontext: Help valgrind understand coroutines

[Kevin Wolf]

Am 13.07.2012 17:37, schrieb Peter Maydell:
> On 13 July 2012 16:31, Kevin Wolf  wrote:
>> +#ifdef CONFIG_VALGRIND_H
>> +/* Work around an unused variable in the valgrind.h macro... */
>> +#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
>> +static inline void valgrind_stack_deregister(CoroutineUContext *co)
>> +{
>> +VALGRIND_STACK_DEREGISTER(co->valgrind_stack_id);
>> +}
>> +#pragma GCC diagnostic error "-Wunused-but-set-variable"
>> +#endif
> 
> '#pragma .. error' will defeat the configure code which makes warnings
> not fatal in release builds.

I know. What's your suggestion? Switch only to warning? Then it would be
easy to miss warnings. Disabling the valgrind code for gcc < 4.6 is
better, but still not really nice. I thought having part of one file
always use -Werror for this one warning is the best compromise, but I
won't insist on it.

Kevin

Re: [Qemu-devel] [PATCH v2 1/2] coroutine-ucontext: Help valgrind understand coroutines

[Peter Maydell]

On 13 July 2012 16:31, Kevin Wolf  wrote:
> +#ifdef CONFIG_VALGRIND_H
> +/* Work around an unused variable in the valgrind.h macro... */
> +#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
> +static inline void valgrind_stack_deregister(CoroutineUContext *co)
> +{
> +VALGRIND_STACK_DEREGISTER(co->valgrind_stack_id);
> +}
> +#pragma GCC diagnostic error "-Wunused-but-set-variable"
> +#endif

'#pragma .. error' will defeat the configure code which makes warnings
not fatal in release builds.

-- PMM

[Qemu-devel] [PATCH v2 1/2] coroutine-ucontext: Help valgrind understand coroutines

[Kevin Wolf]

valgrind tends to get confused and report false positives when you
switch stacks and don't tell it about it.

Signed-off-by: Kevin Wolf 
Reviewed-by: Paolo Bonzini 
---

v2:
- Use unsigned for the stack ID
- Older gccs don't know #pragma diagnostic push/pop, so replace them
  by explicitly switching back to error afterwards
- They also don't like it inside a function...
- Check in configure that the macro and the #pragma work

 configure|   20 
 coroutine-ucontext.c |   28 
 2 files changed, 48 insertions(+), 0 deletions(-)

diff --git a/configure b/configure
index 500fe24..aae73f4 100755
--- a/configure
+++ b/configure
@@ -2855,6 +2855,22 @@ if compile_prog "" "" ; then
 fi
 
 
+# check if we have valgrind/valgrind.h
+
+valgrind_h=no
+cat > $TMPC << EOF
+#include 
+#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
+int main(void) {
+  VALGRIND_STACK_DEREGISTER(0);
+  return 0;
+}
+EOF
+if compile_prog "" "" ; then
+valgrind_h=yes
+fi
+
+
 # check if environ is declared
 
 has_environ=no
@@ -3380,6 +3396,10 @@ if test "$linux_magic_h" = "yes" ; then
   echo "CONFIG_LINUX_MAGIC_H=y" >> $config_host_mak
 fi
 
+if test "$valgrind_h" = "yes" ; then
+  echo "CONFIG_VALGRIND_H=y" >> $config_host_mak
+fi
+
 if test "$has_environ" = "yes" ; then
   echo "CONFIG_HAS_ENVIRON=y" >> $config_host_mak
 fi
diff --git a/coroutine-ucontext.c b/coroutine-ucontext.c
index 5f43083..e3c450b 100644
--- a/coroutine-ucontext.c
+++ b/coroutine-ucontext.c
@@ -30,6 +30,10 @@
 #include "qemu-common.h"
 #include "qemu-coroutine-int.h"
 
+#ifdef CONFIG_VALGRIND_H
+#include 
+#endif
+
 enum {
 /* Maximum free pool size prevents holding too many freed coroutines */
 POOL_MAX_SIZE = 64,
@@ -43,6 +47,11 @@ typedef struct {
 Coroutine base;
 void *stack;
 jmp_buf env;
+
+#ifdef CONFIG_VALGRIND_H
+unsigned int valgrind_stack_id;
+#endif
+
 } CoroutineUContext;
 
 /**
@@ -159,6 +168,11 @@ static Coroutine *coroutine_new(void)
 uc.uc_stack.ss_size = stack_size;
 uc.uc_stack.ss_flags = 0;
 
+#ifdef CONFIG_VALGRIND_H
+co->valgrind_stack_id =
+VALGRIND_STACK_REGISTER(co->stack, co->stack + stack_size);
+#endif
+
 arg.p = co;
 
 makecontext(&uc, (void (*)(void))coroutine_trampoline,
@@ -185,6 +199,16 @@ Coroutine *qemu_coroutine_new(void)
 return co;
 }
 
+#ifdef CONFIG_VALGRIND_H
+/* Work around an unused variable in the valgrind.h macro... */
+#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
+static inline void valgrind_stack_deregister(CoroutineUContext *co)
+{
+VALGRIND_STACK_DEREGISTER(co->valgrind_stack_id);
+}
+#pragma GCC diagnostic error "-Wunused-but-set-variable"
+#endif
+
 void qemu_coroutine_delete(Coroutine *co_)
 {
 CoroutineUContext *co = DO_UPCAST(CoroutineUContext, base, co_);
@@ -196,6 +220,10 @@ void qemu_coroutine_delete(Coroutine *co_)
 return;
 }
 
+#ifdef CONFIG_VALGRIND_H
+valgrind_stack_deregister(co);
+#endif
+
 g_free(co->stack);
 g_free(co);
 }
-- 
1.7.6.5

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Blue Swirl]

On Fri, Jul 13, 2012 at 11:33 AM, Paolo Bonzini  wrote:
> Il 13/07/2012 11:51, Paolo Bonzini ha scritto:
>> Il 13/07/2012 11:16, Stefan Hajnoczi ha scritto:
 "Working around the QEMU block layer license" is not a goal per se,
 especially because you haven't a) assessed _what_ is the GPL code that
 the library would use; b) told us why the library should not be under
 the GPL.

 Please design first according to the functionality you want to
 implement, then think about the implementation.
>>>
>>> Licensing is one headache but the real challenge is that the QEMU block
>>> layer relies on the QEMU main loop and a bunch of other architecture.
>>
>> It doesn't really, not on Windows which has no AIO for example.  That's
>> why I suggested:
>>
>> - assessing what code is GPL and what are the dependencies on it
>
> So I tried trimming down the list of files needed to compile
> qemu tools, and here is a list:
>
> Easy to relicense to LGPLv2+:
> block/raw.c none (GPLv2+: Red Hat, IBM)
> error.c LGPLv2 (Red Hat, IBM, Stefan Weil)
> iov.c   GPLv2 (Red Hat, SuSE/Hannes Reinecke, Michael 
> Tokarev)
> module.cGPLv2 (Red Hat, IBM, Blue Swirl)
> qemu-error.cGPLv2+ (Red Hat, Blue Swirl, IBM)
> trace/control.c GPLv2 (Lluis Vilanova)
> trace/default.c GPLv2 (Lluis Vilanova)
>
> (I added some people to Cc.  Lluis and Michael, can you also look at
> http://wiki.qemu.org/Relicensing if you're willing to relicense
> your past contributions from GPLv2 to GPLv2+?.  Blue Swirl said
> he'd accept any other GPLv2 or GPLv3 compatible license, which
> should include LGPLv2+).

I'm fine with LGPLv2+ too.

I have some reservations to supporting a block device library API/ABI
by external users, but if this is OK with block maintainer and we
allow some decent API/ABI changes in the future if needed, this should
be OK.

>
> Harder to relicense to LGPLv2+:
> block/vdi.c GPLv2+
>
> "Good" license:
> aes.c   BSD
> async.c BSD
> block.c BSD
> block/bochs.c   BSD
> block/cloop.c   BSD
> block/cow.c BSD
> block/dmg.c BSD
> block/parallels.c   BSD
> block/qcow.cBSD
> block/qcow2-cache.c BSD
> block/qcow2-cluster.c   BSD
> block/qcow2-refcount.c  BSD
> block/qcow2-snapshot.c  BSD
> block/qcow2.c   BSD
> block/qed-check.c   BSD
> block/qed-cluster.c BSD
> block/qed-gencb.c   BSD
> block/qed-l2-cache.cBSD
> block/qed-table.c   BSD
> block/qed.c BSD
> block/vmdk.cBSD
> block/vpc.c BSD
> block/vvfat.c   BSD
> cutils.cBSD
> osdep.c BSD
> oslib-posix.c   BSD
> qemu-coroutine-io.c BSD
> qemu-coroutine-lock.c   BSD
> qemu-option.c   BSD
> qemu-progress.c BSD
> coroutine-ucontext.cLGPLv2+
> json-lexer.cLGPLv2+
> json-parser.c   LGPLv2+
> json-streamer.c LGPLv2+
> qbool.c LGPLv2+
> qdict.c LGPLv2+
> qemu-coroutine.cLGPLv2+
> qerror.cLGPLv2+
> qfloat.cLGPLv2+
> qint.c  LGPLv2+
> qjson.c LGPLv2+
> qlist.c LGPLv2+
> qstring.c   LGPLv2+
>
> Doesn't need to be included in a library:
> qemu-tool.c GPLv2
>
> Autogenerated:
> trace.c
>
> Remaining undefined symbols:
> qemu_aio_flush
> qemu_aio_wait
> qemu_free_timer
> qemu_new_timer
> qemu_mod_timer
> qemu_del_timer
> qemu_get_clock_ns
> vm_clock
> + those defined in qemu-tool.c
>
> Paolo

Re: [Qemu-devel] [PATCH] net: Add interface to bridge when SIOCBRADDIF isn't available

[Fabien Chouteau]

On 07/12/2012 03:24 PM, Corey Bryant wrote:
> The bridge helper uses the SIOCBRADDIF ioctl to add an inteface to
> a bridge.  SIOCBRADDIF is not available on old Linux versions.  This
> patch adds support to use the SIOCDEVPRIVATE ioctl with BRCTL_ADD_IF
> if SIOCBRADDIF is not available.
> 

I don't have time to test it, but the code looks good and in compiles.

Acked-by: Fabien Chouteau 

> Reported-by: Fabien Chouteau 
> Signed-off-by: Corey Bryant 
> ---
>  qemu-bridge-helper.c |   24 +---
>  1 file changed, 21 insertions(+), 3 deletions(-)
> 
> diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
> index aec5008..652eec9 100644
> --- a/qemu-bridge-helper.c
> +++ b/qemu-bridge-helper.c
> @@ -35,6 +35,10 @@
>  
>  #include 
>  
> +#ifndef SIOCBRADDIF
> +#include 
> +#endif
> +
>  #include "qemu-queue.h"
>  
>  #include "net/tap-linux.h"
> @@ -221,6 +225,10 @@ static int drop_privileges(void)
>  int main(int argc, char **argv)
>  {
>  struct ifreq ifr;
> +#ifndef SIOCBRADDIF
> +unsigned long ifargs[4];
> +#endif
> +int ifindex;
>  int fd, ctlfd, unixfd = -1;
>  int use_vnet = 0;
>  int mtu;
> @@ -361,9 +369,19 @@ int main(int argc, char **argv)
>  
>  /* add the interface to the bridge */
>  prep_ifreq(&ifr, bridge);
> -ifr.ifr_ifindex = if_nametoindex(iface);
> -
> -if (ioctl(ctlfd, SIOCBRADDIF, &ifr) == -1) {
> +ifindex = if_nametoindex(iface);
> +#ifndef SIOCBRADDIF
> +ifargs[0] = BRCTL_ADD_IF;
> +ifargs[1] = ifindex;
> +ifargs[2] = 0;
> +ifargs[3] = 0;
> +ifr.ifr_data = (void *)ifargs;
> +ret = ioctl(ctlfd, SIOCDEVPRIVATE, &ifr);
> +#else
> +ifr.ifr_ifindex = ifindex;
> +ret = ioctl(ctlfd, SIOCBRADDIF, &ifr);
> +#endif
> +if (ret == -1) {
>  fprintf(stderr, "failed to add interface `%s' to bridge `%s': %s\n",
>  iface, bridge, strerror(errno));
>  ret = EXIT_FAILURE;
> 


-- 
Fabien Chouteau

Re: [Qemu-devel] [PATCH 3/6] s390: sclp event support

[Blue Swirl]

On Fri, Jul 13, 2012 at 10:52 AM, Christian Borntraeger
 wrote:
> From: Heinz Graalfs 
>
> Several SCLP features are considered to be events. Those events don't
> provide SCLP commands on their own, instead they are all based on
> Read Event Data, Write Event Data, Write Event Mask and the service
> interrupt. Follow-on patches will provide SCLP's Signal Quiesce (via
> system_powerdown) and the ASCII console.
> Further down the road the sclp line mode console and configuration
> change events (e.g. cpu hotplug) can be implemented.
>
> Signed-off-by: Heinz Graalfs 
> Signed-off-by: Christian Borntraeger 
> ---
>  hw/s390-event-facility.c |  412 
> ++
>  hw/s390-event-facility.h |  107 
>  hw/s390-sclp.c   |   49 +-
>  hw/s390-sclp.h   |   43 +
>  hw/s390x/Makefile.objs   |2 +-
>  5 files changed, 606 insertions(+), 7 deletions(-)
>  create mode 100644 hw/s390-event-facility.c
>  create mode 100644 hw/s390-event-facility.h
>
> diff --git a/hw/s390-event-facility.c b/hw/s390-event-facility.c
> new file mode 100644
> index 000..42ac102
> --- /dev/null
> +++ b/hw/s390-event-facility.c
> @@ -0,0 +1,412 @@
> +/*
> + * SCLP
> + *Event Facility
> + *   handles SCLP event types
> + *  - Signal Quiesce - system power down
> + *  - ASCII Console Data - VT220 read and write
> + *
> + * Copyright IBM, Corp. 2007, 2012
> + *
> + * Authors:
> + *  Heinz Graalfs 
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See
> + * the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "monitor.h"
> +#include "sysemu.h"
> +
> +#include "s390-sclp.h"
> +#include "s390-event-facility.h"
> +
> +typedef struct EventTypes {
> +BusState qbus;
> +SCLPEventFacility *event_facility;
> +} EventTypes;
> +
> +struct SCLPEventFacility {
> +EventTypes sbus;
> +DeviceState *qdev;
> +/* guest' receive mask */
> +unsigned int receive_mask;
> +};
> +
> +/* return true if any child has event pending set */
> +static bool event_pending(void)
> +{
> +BusChild *kid;
> +SCLPEvent *event;
> +
> +SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
> +
> +QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
> +DeviceState *qdev = kid->child;
> +event = DO_UPCAST(SCLPEvent, qdev, qdev);
> +lock(event);
> +if (event->event_pending) {
> +unlock(event);
> +return true;
> +}
> +unlock(event);
> +}
> +return false;
> +}
> +
> +static unsigned int get_host_send_mask(void)
> +{
> +unsigned int mask;
> +BusChild *kid;
> +SCLPEventClass *child;
> +SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
> +
> +mask = 0;
> +
> +QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
> +DeviceState *qdev = kid->child;
> +child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
> +mask |= child->get_send_mask();
> +}
> +return mask;
> +}
> +
> +static unsigned int get_host_receive_mask(void)
> +{
> +unsigned int mask;
> +BusChild *kid;
> +SCLPEventClass *child;
> +SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
> +
> +mask = 0;
> +
> +QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
> +DeviceState *qdev = kid->child;
> +child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
> +mask |= child->get_receive_mask();
> +}
> +return mask;
> +}
> +
> +static inline void set_guest_receive_mask(unsigned int mask)
> +{
> +SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
> +
> +event_facility->receive_mask = mask;
> +}
> +
> +static inline unsigned int get_guest_receive_mask(void)
> +{
> +SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
> +
> +return event_facility->receive_mask;
> +}
> +
> +static int check_sccb_events(SCCB *sccb)

bool? This returns only 0 or 1.

> +{
> +int slen;
> +unsigned elen = 0;
> +EventBufferHeader *event;
> +WriteEventData *wed = (WriteEventData *) sccb;
> +
> +event = (EventBufferHeader *) &wed->ebh;
> +for (slen = be16_to_cpu(sccb->h.length) - sizeof(sccb->h);
> + slen > 0; slen -= elen) {
> +elen = be16_to_cpu(event->length);
> +if (elen < sizeof(*event) || elen > slen) {
> +sccb->h.response_code =
> +cpu_to_be16(SCLP_RC_EVENT_BUFFER_SYNTAX_ERROR);
> +return 1;
> +}
> +event = (void *) event + elen;
> +}
> +if (slen) {
> +sccb->h.response_code = cpu_to_be16(SCLP_RC_INCONSISTENT_LENGTHS);
> +return 1;
> +}
> +return 0;
> +}
> +
> +static void handle_sccb_write_events(SCCB *sccb)
> +{
> +int slen;
> +unsigned elen = 0;
> +EventBufferHeader *event_buf;
> +BusChild *k

Re: [Qemu-devel] [PATCH 2/6] s390: sclp base support

[Blue Swirl]

On Fri, Jul 13, 2012 at 10:52 AM, Christian Borntraeger
 wrote:
> From: Heinz Graalfs 
>
> This adds a more generic infrastructure for handling Service-Call
> requests on s390. Currently we only support a small subset of Read
> SCP Info directly in target-s390x. This patch provides the base
> infrastructure for supporting more commands and moves Read SCP
> Info.
> In the future we could add additional commands for hotplug, call
> home and event handling.
>
> Signed-off-by: Heinz Graalfs 
> Signed-off-by: Christian Borntraeger 
> ---
>  hw/s390-sclp.c   |  148 
> ++
>  hw/s390-sclp.h   |   80 +
>  hw/s390-virtio.c |3 +
>  hw/s390x/Makefile.objs   |1 +
>  target-s390x/cpu.c   |   17 ++
>  target-s390x/cpu.h   |   18 ++
>  target-s390x/kvm.c   |5 +-
>  target-s390x/op_helper.c |   45 ++
>  8 files changed, 261 insertions(+), 56 deletions(-)
>  create mode 100644 hw/s390-sclp.c
>  create mode 100644 hw/s390-sclp.h
>
> diff --git a/hw/s390-sclp.c b/hw/s390-sclp.c
> new file mode 100644
> index 000..74a3e66
> --- /dev/null
> +++ b/hw/s390-sclp.c
> @@ -0,0 +1,148 @@
> +/*
> + * SCLP Support
> + *
> + * Copyright IBM, Corp. 2007, 2012

2007, really?

> + *
> + * Authors:
> + *  Christian Borntraeger 
> + *  Heinz Graalfs 
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2.  See

Why GPLv2only, can't this be licensed under later versions?

> + * the COPYING file in the top-level directory.
> + *
> + */
> +
> +#include "cpu.h"
> +#include "kvm.h"
> +#include "sysbus.h"
> +
> +#include "s390-sclp.h"
> +
> +/* Provide information about the configuration, CPUs and storage */
> +static int read_SCP_info(SCCB *sccb)
> +{
> +ReadInfo *read_info = (ReadInfo *) sccb;
> +int shift = 0;
> +
> +while ((ram_size >> (20 + shift)) > 65535) {
> +shift++;
> +}
> +read_info->rnmax = cpu_to_be16(ram_size >> (20 + shift));
> +read_info->rnsize = 1 << shift;
> +sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
> +
> +return 0;
> +}
> +
> +static int sclp_execute(SCCB *sccb, uint64_t code)
> +{
> +int r = 0;
> +
> +switch (code) {
> +case SCLP_CMDW_READ_SCP_INFO:
> +case SCLP_CMDW_READ_SCP_INFO_FORCED:
> +r = read_SCP_info(sccb);
> +break;
> +default:
> +#ifdef DEBUG_HELPER
> +printf("KVM: invalid sclp call 0x%x / 0x%" PRIx64 "x\n", sccb, code);
> +#endif
> +sccb->h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND);
> +break;
> +}
> +return r;
> +}
> +
> +int do_sclp_service_call(uint32_t sccb, uint64_t code)

sccb could be target_phys_addr_t.

> +{
> +int r = 0;
> +SCCB work_sccb;
> +
> +target_phys_addr_t sccb_len = sizeof(SCCB);
> +
> +/*
> + * we want to work on a private copy of the sccb, to prevent guests
> + * from playing dirty tricks by modifying the memory content after
> + * the host has checked the values
> + */
> +cpu_physical_memory_read(sccb, &work_sccb, sccb_len);
> +
> +/* Valid sccb sizes */
> +if (be16_to_cpu(work_sccb.h.length) < 8 ||
> +be16_to_cpu(work_sccb.h.length) > 4096) {
> +r = -PGM_SPECIFICATION;
> +goto out;
> +}
> +
> +r = sclp_execute((SCCB *)&work_sccb, code);
> +
> +cpu_physical_memory_write(sccb, &work_sccb,
> +  be16_to_cpu(work_sccb.h.length));

Perhaps the DMA helpers should be used instead.

> +if (!r) {
> +sclp_service_interrupt(sccb);
> +}
> +
> +out:
> +return r;
> +}
> +
> +void sclp_service_interrupt(uint32_t sccb)
> +{
> +if (!sccb) {
> +return;
> +}
> +s390_sclp_extint(sccb & ~3);
> +}
> +
> +/* qemu object creation and initialization functions */
> +
> +#define S390_SCLP_BUS(obj) OBJECT_CHECK(SCLPS390Bus, (obj), 
> TYPE_S390_SCLP_BUS)
> +static const TypeInfo s390_sclp_bus_info = {
> +.name = TYPE_S390_SCLP_BUS,
> +.parent = TYPE_BUS,
> +.instance_size = sizeof(SCLPS390Bus),
> + };
> +
> +SCLPS390Bus *s390_sclp_bus_init(void)
> +{
> +SCLPS390Bus *bus;
> +BusState *bus_state;
> +DeviceState *dev;
> +
> +dev = qdev_create(NULL, "s390-sclp-bridge");
> +qdev_init_nofail(dev);
> +
> +bus_state = qbus_create(TYPE_S390_SCLP_BUS, dev, "s390-sclp-bus");
> +bus_state->allow_hotplug = 0;
> +
> +bus = DO_UPCAST(SCLPS390Bus, bus, bus_state);
> +return bus;
> +}
> +
> +static int s390_sclp_bridge_init(SysBusDevice *dev)
> +{
> +return 0;
> +}
> +
> +static void s390_sclp_bridge_class_init(ObjectClass *klass, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(klass);
> +SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
> +
> +k->init = s390_sclp_bridge_init;
> +dc->no_user = 1;
> +}
> +
> +static TypeInfo s390_sclp_bridge_info = {
> +.name  = "s390-sclp-bridge",
> +.parent=

Re: [Qemu-devel] [PATCH] RFC: vfio-powerpc: added VFIO support (v3)

[Alex Williamson]

On Fri, 2012-07-13 at 17:26 +1000, Alexey Kardashevskiy wrote:
> It literally does the following:
> 
> 1. POWERPC IOMMU support (the kernel counterpart is required)
> 
> 2. The patch assumes that IOAPIC calls are going to be replaced
> with something generic.
> 
> 3. vfio_group_iommu_ioctl() has been added to let sPAPR IOMMU
> handler to call VFIO IOMMU driver.
> 
> 4. Change sPAPR PHB to scan the PCI bus which is used for
> the IOMMU-VFIO group. Now it is enough to add the following to
> the QEMU command line to get VFIO up with all the devices from
> IOMMU group with id=3:
> -device spapr-pci-host-bridge,busname=E1000E,buid=0x3,iommu=3,\
> mem_win_addr=0x2300,io_win_addr=0x2400,msi_win_addr=0x2500
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
>  hw/ppc/Makefile.objs  |3 ++
>  hw/spapr.h|4 ++
>  hw/spapr_iommu.c  |   69 ++-
>  hw/spapr_iommu_vfio.h |   49 ++
>  hw/spapr_pci.c|  108 
> ++---
>  hw/spapr_pci.h|4 ++
>  hw/vfio_pci.c |   30 ++
>  hw/vfio_pci.h |2 +
>  trace-events  |1 +
>  9 files changed, 264 insertions(+), 6 deletions(-)
>  create mode 100644 hw/spapr_iommu_vfio.h
> 
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index f573a95..c46a049 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -25,4 +25,7 @@ obj-$(CONFIG_FDT) += ../device_tree.o
>  # Xilinx PPC peripherals
>  obj-y += xilinx_ethlite.o
>  
> +# VFIO PCI device assignment
> +obj-$(CONFIG_VFIO_PCI) += vfio_pci.o
> +
>  obj-y := $(addprefix ../,$(obj-y))
> diff --git a/hw/spapr.h b/hw/spapr.h
> index b37f337..26e26f6 100644
> --- a/hw/spapr.h
> +++ b/hw/spapr.h
> @@ -340,4 +340,8 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
> *propname,
>  int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
>DMAContext *dma);
>  
> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
> + uint64_t *dma32_window_start,
> + uint64_t *dma32_window_size);
> +
>  #endif /* !defined (__HW_SPAPR_H__) */
> diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
> index 50c288d..e48ced1 100644
> --- a/hw/spapr_iommu.c
> +++ b/hw/spapr_iommu.c
> @@ -23,6 +23,8 @@
>  #include "dma.h"
>  
>  #include "hw/spapr.h"
> +#include "hw/spapr_iommu_vfio.h"
> +#include "hw/vfio_pci.h"
>  
>  #include 
>  
> @@ -183,6 +185,67 @@ static int put_tce_emu(target_ulong liobn, target_ulong 
> ioba, target_ulong tce)
>  return 0;
>  }
>  
> +typedef struct sPAPRVFIOTable {
> +int group_id;
> +uint32_t liobn;
> +QLIST_ENTRY(sPAPRVFIOTable) list;
> +} sPAPRVFIOTable;
> +
> +QLIST_HEAD(vfio_tce_tables, sPAPRVFIOTable) vfio_tce_tables;
> +
> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
> + uint64_t *dma32_window_start,
> + uint64_t *dma32_window_size)
> +{
> +sPAPRVFIOTable *t;
> +struct tce_iommu_info info = { .argsz = sizeof(info) };
> +
> +if (vfio_group_iommu_ioctl(group_id, SPAPR_TCE_IOMMU_GET_INFO, &info)) {
> +perror("SPAPR_TCE_IOMMU_GET_INFO failed");
> +return;
> +}
> +*dma32_window_start = info.dma32_window_start;
> +*dma32_window_size = info.dma32_window_size;
> +
> +t = g_malloc0(sizeof(*t));
> +t->group_id = group_id;
> +t->liobn = liobn;
> +
> +QLIST_INSERT_HEAD(&vfio_tce_tables, t, list);
> +}
> +
> +static int put_tce_vfio(uint32_t liobn, target_ulong ioba, target_ulong tce)
> +{
> +sPAPRVFIOTable *t;
> +struct tce_iommu_dma_map map = {
> +.argsz = sizeof(map),
> +.va = 0,
> +.dmaaddr = ioba,
> +};
> +
> +QLIST_FOREACH(t, &vfio_tce_tables, list) {
> +if (t->liobn != liobn) {
> +continue;
> +}
> +if (tce) {
> +map.va = (uintptr_t)qemu_get_ram_ptr(tce & ~SPAPR_TCE_PAGE_MASK);
> +if (vfio_group_iommu_ioctl(t->group_id, SPAPR_TCE_IOMMU_MAP_DMA,
> +   &map)) {
> +perror("TCE_MAP_DMA");
> +return H_PARAMETER;
> +}
> +} else {
> +if (vfio_group_iommu_ioctl(t->group_id, 
> SPAPR_TCE_IOMMU_UNMAP_DMA,
> +   &map)) {
> +perror("TCE_UNMAP_DMA");
> +return H_PARAMETER;
> +}
> +}
> +return H_SUCCESS;
> +}
> +return H_CONTINUE; /* positive non-zero value */
> +}
> +
>  static target_ulong h_put_tce(CPUPPCState *env, sPAPREnvironment *spapr,
>target_ulong opcode, target_ulong *args)
>  {
> @@ -200,7 +263,11 @@ static target_ulong h_put_tce(CPUPPCState *env, 
> sPAPREnvironment *spapr,
>  ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
>  
>  ret = put_tce_emu(liobn, ioba, tce);
> -if (0 >= ret) {
>

[Qemu-devel] [Bug 882997] Re: 64-bit linux guests fail to start on oneiric running 3.0 kernel

[Serge Hallyn]

*** This bug is a duplicate of bug 997311 ***
https://bugs.launchpad.net/bugs/997311

** Changed in: qemu-kvm (Ubuntu)
   Status: Incomplete => Confirmed

** This bug has been marked a duplicate of bug 997311
   Problem when you run a SLES10 in QEMU/KVM

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/882997

Title:
  64-bit linux guests fail to start on oneiric running 3.0 kernel

Status in QEMU:
  New
Status in “qemu-kvm” package in Ubuntu:
  Confirmed

Bug description:
  Host: Ubuntu 11.10 kernel vmlinuz-3.0.0-12-generic or vmlinuz-3.0.0-12-server 
on AMD Athlon(tm) II P360 Dual-Core
  Guests: SLES 10 or 11, all 64 bit

  32 bit windows guest starts fine. All 64 bit linux guests loop during
  boot, when GRUB is starting. VMs are managed using libvirt
  0.9.2-4ubuntu15 and virt-manager 0.9.0.

  Log file shows:
   KVM internal error. Suberror: 1
   emulation failure

  repeated for each GRUB attempt.

  Starting the same host with vmlinuz-2.6.38-11-generic makes all VMs run OK.
  --- 
  ApportVersion: 1.23-0ubuntu4
  Architecture: amd64
  DistroRelease: Ubuntu 11.10
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
  KvmCmdLine:
   UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
   113   3739 1 15 573004 24800  1 16:51 ?00:00:06 /usr/bin/kvm 
-S -M pc-0.14 -cpu 
qemu64,+wdt,+skinit,+osvw,+3dnowprefetch,+sse4a,+abm,+cr8legacy,+extapic,+cmp_legacy,+lahf_lm,+rdtscp,+pdpe1gb,+popcnt,+cx16,+ht,+vme
 -enable-nesting -enable-kvm -m 2048 -smp 1,sockets=1,cores=1,threads=1 -name 
gasse -uuid 7cb0c88c-db14-b3f0-6696-4bd717165b9a -nodefconfig -nodefaults 
-chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/gasse.monitor,server,nowait 
-mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -no-acpi -boot 
order=c,menu=on -drive 
file=/var/lib/libvirt/images/gasse-0.img,if=none,id=drive-ide0-0-0,format=raw 
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive 
if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device 
ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev 
tap,fd=19,id=hostnet0 -device 
rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:c6:f5:b4,bus=pci.0,addr=0x3 
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 
-usb -vnc 127.0.0.1:0 -vga cirrus -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4
  MachineType: Hewlett-Packard HP 625
  NonfreeKernelModules: wl fglrx
  Package: qemu-kvm 0.14.1+noroms-0ubuntu6
  PackageArchitecture: amd64
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-13-server 
root=UUID=338f05b6-6307-4f1a-a8b6-9b12a0edc5ee ro quiet splash vt.handoff=7
  ProcVersionSignature: Ubuntu 3.0.0-13.22-server 3.0.6
  Tags:  oneiric running-unity
  Uname: Linux 3.0.0-13-server x86_64
  UpgradeStatus: Upgraded to oneiric on 2011-10-18 (35 days ago)
  UserGroups: adm admin cdrom dialout kvm libvirtd lpadmin plugdev sambashare
  dmi.bios.date: 12/07/2010
  dmi.bios.vendor: Hewlett-Packard
  dmi.bios.version: 68DVA Ver. F.06
  dmi.board.asset.tag: Base Board Asset Tag
  dmi.board.name: 1475
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: KBC Version 72.0E
  dmi.chassis.asset.tag: CNU1060YXZ
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.modalias: 
dmi:bvnHewlett-Packard:bvr68DVAVer.F.06:bd12/07/2010:svnHewlett-Packard:pnHP625:pvr:rvnHewlett-Packard:rn1475:rvrKBCVersion72.0E:cvnHewlett-Packard:ct10:cvr:
  dmi.product.name: HP 625
  dmi.sys.vendor: Hewlett-Packard
  --- 
  ApportVersion: 1.23-0ubuntu4
  Architecture: amd64
  DistroRelease: Ubuntu 11.10
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
  KvmCmdLine:
   UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
   113   3976 1 15 573004 25340  0 15:04 ?00:00:04 /usr/bin/kvm 
-S -M pc-0.14 -cpu 
qemu64,+wdt,+skinit,+osvw,+3dnowprefetch,+sse4a,+abm,+cr8legacy,+extapic,+cmp_legacy,+lahf_lm,+rdtscp,+pdpe1gb,+popcnt,+cx16,+ht,+vme
 -enable-nesting -enable-kvm -m 2048 -smp 1,sockets=1,cores=1,threads=1 -name 
gasse -uuid 7cb0c88c-db14-b3f0-6696-4bd717165b9a -nodefconfig -nodefaults 
-chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/gasse.monitor,server,nowait 
-mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -no-acpi -boot 
order=c,menu=on -drive 
file=/var/lib/libvirt/images/gasse-0.img,if=none,id=drive-ide0-0-0,format=raw 
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive 
if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device 
ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev 
tap,fd=19,id=hostnet0 -device 
rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:c6:f5:b4,bus=pci.0,addr=0x3 
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 
-usb -vnc 127.0

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Michael Tokarev]

On 13.07.2012 15:33, Paolo Bonzini wrote:
[]
> So I tried trimming down the list of files needed to compile
> qemu tools, and here is a list:
> 
> Easy to relicense to LGPLv2+:
> block/raw.c none (GPLv2+: Red Hat, IBM)
> error.c LGPLv2 (Red Hat, IBM, Stefan Weil)
> iov.c   GPLv2 (Red Hat, SuSE/Hannes Reinecke, Michael 
> Tokarev)
> module.cGPLv2 (Red Hat, IBM, Blue Swirl)
> qemu-error.cGPLv2+ (Red Hat, Blue Swirl, IBM)
> trace/control.c GPLv2 (Lluis Vilanova)
> trace/default.c GPLv2 (Lluis Vilanova)
> 
> (I added some people to Cc.  Lluis and Michael, can you also look at
> http://wiki.qemu.org/Relicensing if you're willing to relicense
> your past contributions from GPLv2 to GPLv2+?.  Blue Swirl said 
> he'd accept any other GPLv2 or GPLv3 compatible license, which
> should include LGPLv2+).

I'm fine with relicensing any my contributions to qemu project under
any version of GPL or LGPL, BSD, or any other open license, as the
project see fit.

Thank you!


/mjt

Re: [Qemu-devel] [PATCH v2] slirp: Handle whole 127.0.0.0/8 network as local addresses.

[Blue Swirl]

On Fri, Jul 13, 2012 at 10:37 AM, Anders Waldenborg  wrote:
> Changes so translation of remote address to the host's ip address in
> the virtual network happens for all addresses in the 127.0.0.0/8
> network, not just 127.0.0.1.
>
> This fixes so that hostfwd bound to addresses such as 127.0.0.2 works.
>
> Signed-off-by: Anders Waldenborg 
> ---
>
> Thanks for the review!
>
> Patch updated according to comments.
>
> Notice that the surrounding code in tcp_subr.c uses tabs for
> indentation. Should I still use space as the coding style mandates
> (and which makes checkpatch happy)?

Yes, the goal is to get rid of tabs.

>
>  slirp/main.h |1 +
>  slirp/slirp.c|3 +++
>  slirp/tcp_subr.c |6 --
>  3 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/slirp/main.h b/slirp/main.h
> index 028df4b..bf601e2 100644
> --- a/slirp/main.h
> +++ b/slirp/main.h
> @@ -31,6 +31,7 @@ extern char *exec_shell;
>  extern u_int curtime;
>  extern fd_set *global_readfds, *global_writefds, *global_xfds;
>  extern struct in_addr loopback_addr;
> +extern in_addr_t loopback_mask;
>  extern char *username;
>  extern char *socket_path;
>  extern int towrite_max;
> diff --git a/slirp/slirp.c b/slirp/slirp.c
> index 90473eb..9787104 100644
> --- a/slirp/slirp.c
> +++ b/slirp/slirp.c
> @@ -29,6 +29,8 @@
>
>  /* host loopback address */
>  struct in_addr loopback_addr;
> +/* host loopback network mask */
> +in_addr_t loopback_mask;
>
>  /* emulated hosts use the MAC addr 52:55:IP:IP:IP:IP */
>  static const uint8_t special_ethaddr[ETH_ALEN] = {
> @@ -191,6 +193,7 @@ static void slirp_init_once(void)
>  #endif
>
>  loopback_addr.s_addr = htonl(INADDR_LOOPBACK);
> +loopback_mask = htonl(IN_CLASSA_NET);
>  }
>
>  static void slirp_state_save(QEMUFile *f, void *opaque);
> diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
> index 0a545c4..064b5e8 100644
> --- a/slirp/tcp_subr.c
> +++ b/slirp/tcp_subr.c
> @@ -435,8 +435,10 @@ tcp_connect(struct socket *inso)
> so->so_fport = addr.sin_port;
> so->so_faddr = addr.sin_addr;
> /* Translate connections from localhost to the real hostname */
> -   if (so->so_faddr.s_addr == 0 || so->so_faddr.s_addr == 
> loopback_addr.s_addr)
> -  so->so_faddr = slirp->vhost_addr;
> +if (so->so_faddr.s_addr == 0 ||
> +(so->so_faddr.s_addr & loopback_mask) ==
> +(loopback_addr.s_addr & loopback_mask))

Please add braces.

> +so->so_faddr = slirp->vhost_addr;
>
> /* Close the accept() socket, set right state */
> if (inso->so_state & SS_FACCEPTONCE) {
> --
> 1.7.2.5
>
>

Re: [Qemu-devel] [PATCH 1/5] Avoid GCC extension ?:

[Blue Swirl]

On Fri, Jul 13, 2012 at 9:05 AM, Kevin Wolf  wrote:
> Am 12.07.2012 22:28, schrieb Blue Swirl:
>> On Wed, Jul 11, 2012 at 12:54 PM, Kevin Wolf  wrote:
>>> Am 08.07.2012 14:09, schrieb Andreas Schwab:
 blauwir...@gmail.com writes:

> +pstrcpy(bs->backing_format, sizeof(bs->backing_format),
> +backing_fmt ? backing_file : "");

 s/backing_file/backing_fmt/
>>>
>>> Which is why such changes are probably a bad idea. Even more so if they
>>> aren't scripted.
>>
>> Maybe your patches are perfect from day one, but all patches can be
>> buggy. Review should catch some of the bugs, others may be found
>> later. It's not possible to script this because expr1 may have side
>> effects.
>
> No, my patches aren't perfect, each patch is a risk. So all I'm saying
> is that if it ain't broke, don't fix it.

That way leads to stagnated code. If a change is useful and matches
overall architecture, it should be applied.

>
>>> Does this patch improve anything? Last time I checked, qemu only
>>> compiled on gcc anyway.
>>
>> It improves C99 compliance. GCC extensions should not be used unless
>> absolutely required. In the future, it should be possible to compile
>> QEMU with any C compiler, AREG0 patches remove the biggest obstacle.
>
> If this is our goal and we're really close, it might be worth these
> changes. Are you working towards getting a specific compiler to build
> qemu? Can we get a buildbot for this compiler once it works for the
> first time? Because otherwise I'm pretty sure that it will break frequently.

Is it so hard to avoid GCCisms? Perhaps checkpatch.pl (which seems to
be ignored by many people) could be improved to detect this.

I found these with GCC flag -std=c99. There were plenty of other
errors which may or may not be worth fixing. Setting up a buildbot
with this flag should be possible.

>
> Kevin

Re: [Qemu-devel] [PATCH 1/5] Avoid GCC extension ?:

[Blue Swirl]

On Thu, Jul 12, 2012 at 9:08 PM, Peter Maydell  wrote:
> On 12 July 2012 21:28, Blue Swirl  wrote:
>> On Wed, Jul 11, 2012 at 12:54 PM, Kevin Wolf  wrote:
>>> Am 08.07.2012 14:09, schrieb Andreas Schwab:
>>> Which is why such changes are probably a bad idea. Even more so if they
>>> aren't scripted.
>>
>> Maybe your patches are perfect from day one, but all patches can be
>> buggy.
>
> It's exactly *because* all patches can be buggy that changes need
> to demonstrate a clear benefit in order that the expected gain
> overall from applying the patch is positive rather than negative.

Fine:  there is the demonstrated clear benefit of improved standards compliance.

>
> -- PMM

Re: [Qemu-devel] [PATCH] RFC: vfio-powerpc: added VFIO support (v3)

[Blue Swirl]

On Fri, Jul 13, 2012 at 7:26 AM, Alexey Kardashevskiy  wrote:
> It literally does the following:
>
> 1. POWERPC IOMMU support (the kernel counterpart is required)
>
> 2. The patch assumes that IOAPIC calls are going to be replaced
> with something generic.
>
> 3. vfio_group_iommu_ioctl() has been added to let sPAPR IOMMU
> handler to call VFIO IOMMU driver.
>
> 4. Change sPAPR PHB to scan the PCI bus which is used for
> the IOMMU-VFIO group. Now it is enough to add the following to
> the QEMU command line to get VFIO up with all the devices from
> IOMMU group with id=3:
> -device spapr-pci-host-bridge,busname=E1000E,buid=0x3,iommu=3,\
> mem_win_addr=0x2300,io_win_addr=0x2400,msi_win_addr=0x2500
>
> Signed-off-by: Alexey Kardashevskiy 
> ---
>  hw/ppc/Makefile.objs  |3 ++
>  hw/spapr.h|4 ++
>  hw/spapr_iommu.c  |   69 ++-
>  hw/spapr_iommu_vfio.h |   49 ++
>  hw/spapr_pci.c|  108 
> ++---
>  hw/spapr_pci.h|4 ++
>  hw/vfio_pci.c |   30 ++
>  hw/vfio_pci.h |2 +
>  trace-events  |1 +
>  9 files changed, 264 insertions(+), 6 deletions(-)
>  create mode 100644 hw/spapr_iommu_vfio.h
>
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index f573a95..c46a049 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -25,4 +25,7 @@ obj-$(CONFIG_FDT) += ../device_tree.o
>  # Xilinx PPC peripherals
>  obj-y += xilinx_ethlite.o
>
> +# VFIO PCI device assignment
> +obj-$(CONFIG_VFIO_PCI) += vfio_pci.o
> +
>  obj-y := $(addprefix ../,$(obj-y))
> diff --git a/hw/spapr.h b/hw/spapr.h
> index b37f337..26e26f6 100644
> --- a/hw/spapr.h
> +++ b/hw/spapr.h
> @@ -340,4 +340,8 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
> *propname,
>  int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
>DMAContext *dma);
>
> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
> + uint64_t *dma32_window_start,
> + uint64_t *dma32_window_size);
> +
>  #endif /* !defined (__HW_SPAPR_H__) */
> diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
> index 50c288d..e48ced1 100644
> --- a/hw/spapr_iommu.c
> +++ b/hw/spapr_iommu.c
> @@ -23,6 +23,8 @@
>  #include "dma.h"
>
>  #include "hw/spapr.h"
> +#include "hw/spapr_iommu_vfio.h"
> +#include "hw/vfio_pci.h"
>
>  #include 
>
> @@ -183,6 +185,67 @@ static int put_tce_emu(target_ulong liobn, target_ulong 
> ioba, target_ulong tce)
>  return 0;
>  }
>
> +typedef struct sPAPRVFIOTable {
> +int group_id;
> +uint32_t liobn;
> +QLIST_ENTRY(sPAPRVFIOTable) list;
> +} sPAPRVFIOTable;
> +
> +QLIST_HEAD(vfio_tce_tables, sPAPRVFIOTable) vfio_tce_tables;
> +
> +void spapr_vfio_init_dma(int group_id, uint32_t liobn,
> + uint64_t *dma32_window_start,
> + uint64_t *dma32_window_size)
> +{
> +sPAPRVFIOTable *t;
> +struct tce_iommu_info info = { .argsz = sizeof(info) };
> +
> +if (vfio_group_iommu_ioctl(group_id, SPAPR_TCE_IOMMU_GET_INFO, &info)) {
> +perror("SPAPR_TCE_IOMMU_GET_INFO failed");
> +return;
> +}
> +*dma32_window_start = info.dma32_window_start;
> +*dma32_window_size = info.dma32_window_size;
> +
> +t = g_malloc0(sizeof(*t));

It looks like you initialize all fields, so plain g_malloc() can be used.

> +t->group_id = group_id;
> +t->liobn = liobn;
> +
> +QLIST_INSERT_HEAD(&vfio_tce_tables, t, list);
> +}
> +
> +static int put_tce_vfio(uint32_t liobn, target_ulong ioba, target_ulong tce)
> +{
> +sPAPRVFIOTable *t;
> +struct tce_iommu_dma_map map = {
> +.argsz = sizeof(map),
> +.va = 0,
> +.dmaaddr = ioba,
> +};
> +
> +QLIST_FOREACH(t, &vfio_tce_tables, list) {
> +if (t->liobn != liobn) {
> +continue;
> +}
> +if (tce) {
> +map.va = (uintptr_t)qemu_get_ram_ptr(tce & ~SPAPR_TCE_PAGE_MASK);
> +if (vfio_group_iommu_ioctl(t->group_id, SPAPR_TCE_IOMMU_MAP_DMA,
> +   &map)) {
> +perror("TCE_MAP_DMA");
> +return H_PARAMETER;
> +}
> +} else {
> +if (vfio_group_iommu_ioctl(t->group_id, 
> SPAPR_TCE_IOMMU_UNMAP_DMA,
> +   &map)) {
> +perror("TCE_UNMAP_DMA");
> +return H_PARAMETER;
> +}
> +}
> +return H_SUCCESS;
> +}
> +return H_CONTINUE; /* positive non-zero value */
> +}
> +
>  static target_ulong h_put_tce(CPUPPCState *env, sPAPREnvironment *spapr,
>target_ulong opcode, target_ulong *args)
>  {
> @@ -200,7 +263,11 @@ static target_ulong h_put_tce(CPUPPCState *env, 
> sPAPREnvironment *spapr,
>  ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
>
>  ret = 

Re: [Qemu-devel] [Qemu-ppc] [PATCH] RFC: vfio-powerpc: added VFIO support (v2)

[Blue Swirl]

On Fri, Jul 13, 2012 at 5:24 AM, Alexey Kardashevskiy  wrote:
> Two comments below.
>
> On 13/07/12 06:54, Blue Swirl wrote:
>> On Thu, Jul 12, 2012 at 8:52 AM, Alexey Kardashevskiy  wrote:
>>> It literally does the following:
>>>
>>> 1. POWERPC IOMMU support (the kernel counterpart is required)
>>>
>>> 2. The patch assumes that IOAPIC calls are going to be replaced
>>> with something generic. I have something in my local git but it's
>>> too early, we need to extend PCIINTxRoute first.
>>>
>>> 3. vfio_get_group() made public. I want to open IOMMU group from
>>> the sPAPR code to have everything I need for VFIO on sPAPR and
>>> avoid ugly workarounds with finilizing PHB setup on sPAPR.
>>>
>>> 4. Change sPAPR PHB to scan the PCI bus which is used for
>>> the IOMMU-VFIO group. Now it is enough to add the following to
>>> the QEMU command line to get VFIO up with all the devices from
>>> IOMMU group with id=3:
>>> -device spapr-pci-host-bridge,busname=E1000E,buid=0x3,iommu=3,\
>>> mem_win_addr=0x2300,io_win_addr=0x2400,msi_win_addr=0x2500
>>>
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>>  hw/ppc/Makefile.objs |3 ++
>>>  hw/spapr.h   |4 ++
>>>  hw/spapr_iommu.c |   87 ++
>>>  hw/spapr_pci.c   |  115 
>>> +++---
>>>  hw/spapr_pci.h   |5 +++
>>>  hw/vfio_pci.c|   28 +++-
>>>  hw/vfio_pci.h|2 +
>>>  7 files changed, 237 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
>>> index f573a95..c46a049 100644
>>> --- a/hw/ppc/Makefile.objs
>>> +++ b/hw/ppc/Makefile.objs
>>> @@ -25,4 +25,7 @@ obj-$(CONFIG_FDT) += ../device_tree.o
>>>  # Xilinx PPC peripherals
>>>  obj-y += xilinx_ethlite.o
>>>
>>> +# VFIO PCI device assignment
>>> +obj-$(CONFIG_VFIO_PCI) += vfio_pci.o
>>> +
>>>  obj-y := $(addprefix ../,$(obj-y))
>>> diff --git a/hw/spapr.h b/hw/spapr.h
>>> index b37f337..9dca704 100644
>>> --- a/hw/spapr.h
>>> +++ b/hw/spapr.h
>>> @@ -340,4 +340,8 @@ int spapr_dma_dt(void *fdt, int node_off, const char 
>>> *propname,
>>>  int spapr_tcet_dma_dt(void *fdt, int node_off, const char *propname,
>>>DMAContext *dma);
>>>
>>> +void spapr_vfio_init_dma(int fd, uint32_t liobn,
>>> + uint64_t *dma32_window_start,
>>> + uint64_t *dma32_window_size);
>>> +
>>>  #endif /* !defined (__HW_SPAPR_H__) */
>>> diff --git a/hw/spapr_iommu.c b/hw/spapr_iommu.c
>>> index 50c288d..0a194e8 100644
>>> --- a/hw/spapr_iommu.c
>>> +++ b/hw/spapr_iommu.c
>>> @@ -16,6 +16,8 @@
>>>   * You should have received a copy of the GNU Lesser General Public
>>>   * License along with this library; if not, see 
>>> .
>>>   */
>>> +#include 
>>> +
>>>  #include "hw.h"
>>>  #include "kvm.h"
>>>  #include "qdev.h"
>>> @@ -23,6 +25,7 @@
>>>  #include "dma.h"
>>>
>>>  #include "hw/spapr.h"
>>> +#include "hw/linux-vfio.h"
>>>
>>>  #include 
>>>
>>> @@ -183,6 +186,86 @@ static int put_tce_emu(target_ulong liobn, 
>>> target_ulong ioba, target_ulong tce)
>>>  return 0;
>>>  }
>>>
>>> +/*  API for POWERPC IOMMU  */
>>> +
>>> +#define POWERPC_IOMMU   2
>>> +
>>> +struct tce_iommu_info {
>>
>> CamelCase.
>>
>>> +__u32 argsz;
>>> +__u32 dma32_window_start;
>>> +__u32 dma32_window_size;
>>
>> Please use uint32_t.
>>
>>> +};
>>> +
>>> +#define POWERPC_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
>>> +
>>> +struct tce_iommu_dma_map {
>>> +__u32 argsz;
>>
>> The structure may or may not be padded here since there's no
>> QEMU_PACKED attribute. If possible, just rearrange the fields.
>>
>>> +__u64 va;
>>> +__u64 dmaaddr;
>>> +};
>>> +
>>> +#define POWERPC_IOMMU_MAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 13)
>>> +#define POWERPC_IOMMU_UNMAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 14)
>>> +
>>> +typedef struct sPAPRVFIOTable {
>>> +int fd;
>>> +uint32_t liobn;
>>> +QLIST_ENTRY(sPAPRVFIOTable) list;
>>> +} sPAPRVFIOTable;
>>> +
>>> +QLIST_HEAD(vfio_tce_tables, sPAPRVFIOTable) vfio_tce_tables;
>>> +
>>> +void spapr_vfio_init_dma(int fd, uint32_t liobn,
>>> + uint64_t *dma32_window_start,
>>> + uint64_t *dma32_window_size)
>>> +{
>>> +sPAPRVFIOTable *t;
>>> +struct tce_iommu_info info = { .argsz = sizeof(info) };
>>> +
>>> +if (ioctl(fd, POWERPC_IOMMU_GET_INFO, &info)) {
>>> +fprintf(stderr, "POWERPC_IOMMU_GET_INFO failed %d\n", errno);
>>> +return;
>>> +}
>>> +*dma32_window_start = info.dma32_window_start;
>>> +*dma32_window_size = info.dma32_window_size;
>>> +
>>> +t = g_malloc0(sizeof(*t));
>>> +t->fd = fd;
>>> +t->liobn = liobn;
>>> +
>>> +QLIST_INSERT_HEAD(&vfio_tce_tables, t, list);
>>> +}
>>> +
>>> +static int put_tce_vfio(uint32_t liobn, target_ulong ioba, target_ulong 
>>> tce)
>>> +{
>>> +sPAPRVFIOTable *

Re: [Qemu-devel] [PATCH 2/3] target-arm: kvm: use KVM_GET_MSRS/KVM_SET_MSRS for CP15 registers.

[Blue Swirl]

On Fri, Jul 13, 2012 at 3:43 AM, Rusty Russell  wrote:
> Recent kernels use this to set the CP15 registers, rather than putting
> them in 'struct kvm_regs'.  The changed size of that struct changes the
> ioctl number, so we have a temporary hack to try both.
>
> Signed-off-by: Rusty Russell 
>
> diff --git a/linux-headers/asm-arm/kvm.h b/linux-headers/asm-arm/kvm.h
> index 988890a..4842e85 100644
> --- a/linux-headers/asm-arm/kvm.h
> +++ b/linux-headers/asm-arm/kvm.h
> @@ -75,6 +75,37 @@ struct kvm_sregs {
> __u32 features[14];
>  };
>
> +/* Exactly like x86. */
> +struct kvm_msr_entry {
> +   __u32 index;
> +   __u32 reserved;
> +   __u64 data;
> +};
> +
> +/* for KVM_GET_MSRS and KVM_SET_MSRS */
> +struct kvm_msrs {
> +   __u32 nmsrs; /* number of msrs in entries */
> +   __u32 pad;
> +
> +   struct kvm_msr_entry entries[0];
> +};
> +
> +/* for KVM_GET_MSR_INDEX_LIST */
> +struct kvm_msr_list {
> +   __u32 nmsrs; /* number of msrs in entries */
> +   __u32 indices[0];
> +};
> +
> +/* If you need to interpret the index values, here's the key. */
> +#define KVM_ARM_MSR_COPROC_MASK0x
> +#define KVM_ARM_MSR_64_BIT_MASK0x8000
> +#define KVM_ARM_MSR_64_OPC1_MASK   0x00F0
> +#define KVM_ARM_MSR_64_CRM_MASK0x000F
> +#define KVM_ARM_MSR_32_CRM_MASK0x000F
> +#define KVM_ARM_MSR_32_OPC2_MASK   0x0070
> +#define KVM_ARM_MSR_32_CRN_MASK0x0780
> +#define KVM_ARM_MSR_32_OPC1_MASK   0x3800
> +
>  struct kvm_fpu {
>  };
>
> diff --git a/target-arm/kvm.c b/target-arm/kvm.c
> index 67d005f..2c149bd 100644
> --- a/target-arm/kvm.c
> +++ b/target-arm/kvm.c
> @@ -43,15 +43,28 @@ int kvm_arch_init_vcpu(CPUARMState *env)
>  return kvm_vcpu_ioctl(env, KVM_SET_SREGS, &sregs) ? 0 : 0;
>  }
>
> +#define MSR32_INDEX_OF(coproc, crn, opc1, crm, opc2) \
> +   (((coproc)<<16) | ((opc1)<<11) | ((crn)<<7) | ((opc2)<<4) | (crm))
> +
> +/* A modern kernel has a smaller struct kvm_regs, so ioctls differ: */
> +#define KVM_GET_REGS_MODERN 2157227649U
> +#define KVM_SET_REGS_MODERN 1083485826U
> +
>  int kvm_arch_put_registers(CPUARMState *env, int level)
>  {
>  struct kvm_regs regs;
>  int mode, bn;
> +struct cp15 {
> +   struct kvm_msrs hdr;
> +   struct kvm_msr_entry e[2];
> +} cp15;
>  int ret;
>
>  ret = kvm_vcpu_ioctl(env, KVM_GET_REGS, ®s);
>  if (ret < 0)
> -return ret;
> +   ret = kvm_vcpu_ioctl(env, KVM_GET_REGS_MODERN, ®s);
> +if (ret < 0)
> +   return ret;

Braces.

>
>  /* We make sure the banked regs are properly set */
>  mode = env->uncached_cpsr & CPSR_M;
> @@ -91,8 +104,18 @@ int kvm_arch_put_registers(CPUARMState *env, int level)
>  regs.cp15.c0_midr = env->cp15.c0_cpuid;
>  regs.cp15.c1_sys = env->cp15.c1_sys;
>
> -ret = kvm_vcpu_ioctl(env, KVM_SET_REGS, ®s);
> +cp15.hdr.nmsrs = ARRAY_SIZE(cp15.e);
> +cp15.e[0].index = MSR32_INDEX_OF(15, 0, 0, 0, 0); /* MIDR */
> +cp15.e[0].data = env->cp15.c0_cpuid;
> +cp15.e[1].index = MSR32_INDEX_OF(15, 1, 0, 0, 0); /* SCTLR */
> +cp15.e[1].data = env->cp15.c1_sys;
>
> +ret = kvm_vcpu_ioctl(env, KVM_SET_REGS, ®s);
> +if (ret < 0) {
> +   ret = kvm_vcpu_ioctl(env, KVM_SET_REGS_MODERN, ®s);
> +   if (ret == 0)
> +   ret = kvm_vcpu_ioctl(env, KVM_SET_MSRS, &cp15);

Again. Please use checkpatch.pl to avoid these issues.

> +}
>  return ret;
>  }
>
> @@ -101,11 +124,27 @@ int kvm_arch_get_registers(CPUARMState *env)
>  struct kvm_regs regs;
>  int mode, bn;
>  int32_t ret;
> +struct cp15 {
> +   struct kvm_msrs hdr;
> +   struct kvm_msr_entry e[6];
> +} cp15;
>
>  ret = kvm_vcpu_ioctl(env, KVM_GET_REGS, ®s);
>  if (ret < 0)
> +   ret = kvm_vcpu_ioctl(env, KVM_GET_REGS_MODERN, ®s);
> +if (ret < 0)

Ditto.

>  return ret;
>
> +cp15.hdr.nmsrs = ARRAY_SIZE(cp15.e);
> +cp15.e[0].index = MSR32_INDEX_OF(15, 0, 0, 0, 0); /* MIDR */
> +cp15.e[1].index = MSR32_INDEX_OF(15, 1, 0, 0, 0); /* SCTLR */
> +cp15.e[2].index = MSR32_INDEX_OF(15, 2, 0, 0, 0); /* TTBR0 */
> +cp15.e[3].index = MSR32_INDEX_OF(15, 2, 0, 0, 1); /* TTBR1 */
> +cp15.e[4].index = MSR32_INDEX_OF(15, 2, 0, 0, 2); /* TTBCR */
> +cp15.e[5].index = MSR32_INDEX_OF(15, 3, 0, 0, 0); /* DACR */
> +
> +ret = kvm_vcpu_ioctl(env, KVM_GET_MSRS, &cp15);
> +
>  /* First, let's transfer the banked state */
>  cpsr_write(env, regs.cpsr, 0x);
>  memcpy(env->regs, regs.regs0_7, sizeof(uint32_t) * 8);
> @@ -142,18 +181,33 @@ int kvm_arch_get_registers(CPUARMState *env)
>  env->regs[14] = env->banked_r14[bn];
>  env->spsr = env->banked_spsr[bn];
>
> -//env->cp15.c0_cpuid = regs.cp15.c0_midr;
> -env->cp15.c1_sys = regs.cp15.c1_sys;
> -env->cp15.c2_base0 = regs.cp15.c2_base0;
> -env->cp15.c2_base1 = regs.cp15.c2_base1;

Re: [Qemu-devel] [PATCHv4 07/14] unicore32-softmmu: Add puv3 soc/board support

[Dunrong Huang]

2012/7/13 Guan Xuetao :
> This patch only add puv3 soc/board support, which introduces puv3
> machine description, and specifies console type.
>
> Signed-off-by: Guan Xuetao 
> ---
>  default-configs/unicore32-softmmu.mak |1 +
>  hw/puv3.c |   93 
> +
>  hw/puv3.h |   49 +
>  hw/unicore32/Makefile.objs|5 ++
>  4 files changed, 148 insertions(+), 0 deletions(-)
>  create mode 100644 hw/puv3.c
>  create mode 100644 hw/puv3.h
>
> diff --git a/default-configs/unicore32-softmmu.mak 
> b/default-configs/unicore32-softmmu.mak
> index 5f04fe3..726a338 100644
> --- a/default-configs/unicore32-softmmu.mak
> +++ b/default-configs/unicore32-softmmu.mak
> @@ -1 +1,2 @@
>  # Default configuration for unicore32-softmmu
> +CONFIG_PUV3=y
> diff --git a/hw/puv3.c b/hw/puv3.c
> new file mode 100644
> index 000..0dc129d
> --- /dev/null
> +++ b/hw/puv3.c


> +static QEMUMachine puv3_machine = {
> +.name = "puv3",
> +.desc = "PKUnity Version-3 based on UniCore32",
> +.init = puv3_init,
> +.use_scsi = 0,
Since there is only one machine type for unicore32 architecture,
is_default field should be set  to 1, so that find_default_machine()
returns with non-null value.
> +};
> +
> +static void puv3_machine_init(void)
> +{
> +qemu_register_machine(&puv3_machine);
> +}
> +
> +machine_init(puv3_machine_init)

-- 
Best Regards,

Dunrong Huang

[Qemu-devel] [Bug 1024275] Re: bad iteraction between -daemonize and -nographic

[Bug Watch Updater]

** Changed in: qemu (Debian)
   Status: Unknown => New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1024275

Title:
  bad iteraction between -daemonize and -nographic

Status in QEMU:
  Confirmed
Status in “qemu” package in Debian:
  New

Bug description:
   $ qemu -daemonize -nographic
   $ _

  After this, the terminal is switched to some weird mode, not
  processing cr/lf, and not showing the characters being typed (it is
  fixable by using `stty sane').

  Something is seriously wrong here: When -daemonize is given, qemu not
  touch tty parameters at all.

  Thanks,

  /mjt

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1024275/+subscriptions

[Qemu-devel] [Bug 1024275] Re: bad iteraction between -daemonize and -nographic

[Michael Tokarev]

FWIW, it has been present at least since version 0.10 of qemu, and still
present in current 1.1 version.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1024275

Title:
  bad iteraction between -daemonize and -nographic

Status in QEMU:
  Confirmed
Status in “qemu” package in Debian:
  Unknown

Bug description:
   $ qemu -daemonize -nographic
   $ _

  After this, the terminal is switched to some weird mode, not
  processing cr/lf, and not showing the characters being typed (it is
  fixable by using `stty sane').

  Something is seriously wrong here: When -daemonize is given, qemu not
  touch tty parameters at all.

  Thanks,

  /mjt

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1024275/+subscriptions

[Qemu-devel] [Bug 1024275] [NEW] bad iteraction between -daemonize and -nographic

[Michael Tokarev]

Public bug reported:

 $ qemu -daemonize -nographic
 $ _

After this, the terminal is switched to some weird mode, not processing
cr/lf, and not showing the characters being typed (it is fixable by
using `stty sane').

Something is seriously wrong here: When -daemonize is given, qemu not
touch tty parameters at all.

Thanks,

/mjt

** Affects: qemu
 Importance: Undecided
 Status: Confirmed

** Affects: qemu (Debian)
 Importance: Unknown
 Status: Unknown

** Bug watch added: Debian Bug tracker #549195
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549195

** Also affects: qemu (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549195
   Importance: Unknown
   Status: Unknown

** Changed in: qemu
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1024275

Title:
  bad iteraction between -daemonize and -nographic

Status in QEMU:
  Confirmed
Status in “qemu” package in Debian:
  Unknown

Bug description:
   $ qemu -daemonize -nographic
   $ _

  After this, the terminal is switched to some weird mode, not
  processing cr/lf, and not showing the characters being typed (it is
  fixable by using `stty sane').

  Something is seriously wrong here: When -daemonize is given, qemu not
  touch tty parameters at all.

  Thanks,

  /mjt

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1024275/+subscriptions

Re: [Qemu-devel] invoking monitor command without Ctrl+Alt+2

[Eric Blake]

On 07/12/2012 10:14 PM, siddharth srivastava wrote:
> Hi
> 
> I also see that qemu 0.13 has live migration in inbuilt.Does it also
> uses libvirt behind the scenes to create live ram snapshot ?

No, you've got it backwards.  Qemu does not use libvirt.  Rather,
libvirt wraps qemu features to expose a programmatic interface into
migration and snapshot creations, but all libvirt is doing is using the
monitor, so you could do the same thing directly on qemu by using the
monitor yourself.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCHv4 00/14] unicore32: Add unicore32-softmmu support

[Guan Xuetao]

These patches implement softmmu support on unicore32 architecture.
Based on master branch of qemu, the patches can be fetched from:
git://github.com/gxt/QEMU.git unicore32

UniCore32 CPU is embedded in PKUnity-3 SoC, so we add necessary puv3
devices simulation codes together.
Only minimal system control modules are simulated, to make linux kernel
boot and busybox run in initramfs.

Thanks Andreas Farber, Blue Swirl and Chen Weiren for their priceless
advice, which is v4 based on.

Any advice is greatly appreciated.

Thanks,

Guan Xuetao

---
Andreas Färber (1):
  target-unicore32: Drop UC32_CPUID macros

Guan Xuetao (13):
  unicore32-softmmu: Add unicore32-softmmu build support
  unicore32-softmmu: Add coprocessor 0(sysctrl) and 1(ocd) instruction
support
  unicore32-softmmu: Make UniCore32 cpuid & exceptions correct and
runable
  unicore32-softmmu: Implement softmmu specific functions
  unicore32-softmmu: Make sure that kernel can access user space
  unicore32-softmmu: Add puv3 soc/board support
  unicore32-softmmu: Add puv3 interrupt support
  unicore32-softmmu: Add puv3 ostimer support
  unicore32-softmmu: Add puv3 gpio support
  unicore32-softmmu: Add puv3 pm support
  unicore32-softmmu: Add puv3 dma support
  unicore32-softmmu: Add ps2 support
  unicore32-softmmu: Add maintainer information for UniCore32 machine

 MAINTAINERS   |8 +
 arch_init.c   |2 +
 arch_init.h   |1 +
 configure |1 +
 cpu-exec.c|1 +
 default-configs/unicore32-softmmu.mak |4 +
 hw/Makefile.objs  |7 +
 hw/puv3.c |  130 
 hw/puv3.h |   49 ++
 hw/puv3_dma.c |  109 +
 hw/puv3_gpio.c|  141 +
 hw/puv3_intc.c|  135 +
 hw/puv3_ost.c |  151 +++
 hw/puv3_pm.c  |  149 ++
 hw/unicore32/Makefile.objs|6 +
 linux-user/main.c |3 +-
 target-unicore32/Makefile.objs|2 +-
 target-unicore32/cpu.c|   19 ++-
 target-unicore32/cpu.h|   18 +--
 target-unicore32/helper.c |  180 ++
 target-unicore32/helper.h |   17 +--
 target-unicore32/machine.c|   23 +++
 target-unicore32/op_helper.c  |   44 ++-
 target-unicore32/softmmu.c|  267 +
 target-unicore32/translate.c  |  116 +--
 25 files changed, 1509 insertions(+), 74 deletions(-)
 create mode 100644 default-configs/unicore32-softmmu.mak
 create mode 100644 hw/puv3.c
 create mode 100644 hw/puv3.h
 create mode 100644 hw/puv3_dma.c
 create mode 100644 hw/puv3_gpio.c
 create mode 100644 hw/puv3_intc.c
 create mode 100644 hw/puv3_ost.c
 create mode 100644 hw/puv3_pm.c
 create mode 100644 hw/unicore32/Makefile.objs
 create mode 100644 target-unicore32/machine.c
 create mode 100644 target-unicore32/softmmu.c

[Qemu-devel] [PATCHv4 02/14] unicore32-softmmu: Add coprocessor 0(sysctrl) and 1(ocd) instruction support

[Guan Xuetao]

Coprocessor 0 is system control coprocessor, and we need get/set its contents.
Also, all cache/tlb ops shoule be implemented here, but just ignored with no 
harm.

Coprocessor 1 is OCD (on-chip-debugger), which is used for faked console,
so we could output chars to this console without graphic card.
TODO: curses display should be added lator for screen output.

Signed-off-by: Guan Xuetao 
---
 target-unicore32/helper.c|  185 +-
 target-unicore32/helper.h|   17 ++---
 target-unicore32/translate.c |   80 ++-
 3 files changed, 233 insertions(+), 49 deletions(-)

diff --git a/target-unicore32/helper.c b/target-unicore32/helper.c
index 9b8ff06..f9f1960 100644
--- a/target-unicore32/helper.c
+++ b/target-unicore32/helper.c
@@ -14,6 +14,14 @@
 #include "helper.h"
 #include "host-utils.h"
 
+#undef DEBUG_UC32
+
+#ifdef DEBUG_UC32
+#define DPRINTF(fmt, ...) printf("%s: " fmt , __func__, ## __VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
 CPUUniCore32State *uc32_cpu_init(const char *cpu_model)
 {
 UniCore32CPU *cpu;
@@ -45,6 +53,146 @@ uint32_t HELPER(clz)(uint32_t x)
 return clz32(x);
 }
 
+#ifndef CONFIG_USER_ONLY
+void helper_cp0_set(CPUUniCore32State *env, uint32_t val, uint32_t creg,
+uint32_t cop)
+{
+/*
+ * movc pp.nn, rn, #imm9
+ *  rn: UCOP_REG_D
+ *  nn: UCOP_REG_N
+ *  1: sys control reg.
+ *  2: page table base reg.
+ *  3: data fault status reg.
+ *  4: insn fault status reg.
+ *  5: cache op. reg.
+ *  6: tlb op. reg.
+ *  imm9: split UCOP_IMM10 with bit5 is 0
+ */
+switch (creg) {
+case 1:
+if (cop != 0) {
+goto unrecognized;
+}
+env->cp0.c1_sys = val;
+break;
+case 2:
+if (cop != 0) {
+goto unrecognized;
+}
+env->cp0.c2_base = val;
+break;
+case 3:
+if (cop != 0) {
+goto unrecognized;
+}
+env->cp0.c3_faultstatus = val;
+break;
+case 4:
+if (cop != 0) {
+goto unrecognized;
+}
+env->cp0.c4_faultaddr = val;
+break;
+case 5:
+switch (cop) {
+case 28:
+DPRINTF("Invalidate Entire I&D cache\n");
+return;
+case 20:
+DPRINTF("Invalidate Entire Icache\n");
+return;
+case 12:
+DPRINTF("Invalidate Entire Dcache\n");
+return;
+case 10:
+DPRINTF("Clean Entire Dcache\n");
+return;
+case 14:
+DPRINTF("Flush Entire Dcache\n");
+return;
+case 13:
+DPRINTF("Invalidate Dcache line\n");
+return;
+case 11:
+DPRINTF("Clean Dcache line\n");
+return;
+case 15:
+DPRINTF("Flush Dcache line\n");
+return;
+}
+break;
+case 6:
+if ((cop <= 6) && (cop >= 2)) {
+/* invalid all tlb */
+tlb_flush(env, 1);
+return;
+}
+break;
+default:
+goto unrecognized;
+}
+return;
+unrecognized:
+DPRINTF("Wrong register (%d) or wrong operation (%d) in cp0_set!\n",
+creg, cop);
+}
+
+uint32_t helper_cp0_get(CPUUniCore32State *env, uint32_t creg, uint32_t cop)
+{
+/*
+ * movc rd, pp.nn, #imm9
+ *  rd: UCOP_REG_D
+ *  nn: UCOP_REG_N
+ *  0: cpuid and cachetype
+ *  1: sys control reg.
+ *  2: page table base reg.
+ *  3: data fault status reg.
+ *  4: insn fault status reg.
+ *  imm9: split UCOP_IMM10 with bit5 is 0
+ */
+switch (creg) {
+case 0:
+switch (cop) {
+case 0:
+return env->cp0.c0_cpuid;
+case 1:
+return env->cp0.c0_cachetype;
+}
+break;
+case 1:
+if (cop == 0) {
+return env->cp0.c1_sys;
+}
+break;
+case 2:
+if (cop == 0) {
+return env->cp0.c2_base;
+}
+break;
+case 3:
+if (cop == 0) {
+return env->cp0.c3_faultstatus;
+}
+break;
+case 4:
+if (cop == 0) {
+return env->cp0.c4_faultaddr;
+}
+break;
+}
+DPRINTF("Wrong register (%d) or wrong operation (%d) in cp0_set!\n",
+creg, cop);
+return 0;
+}
+
+void helper_cp1_putc(target_ulong x)
+{
+/* TODO: curses display should be added here for screen output. */
+DPRINTF("%c", x);
+}
+#endif
+
 #ifdef CONFIG_USER_ONLY
 void switch_mode(CPUUniCore32State *env, int mode)
 {
@@ -66,43 +214,6 @@ int uc32_cpu_handle_mmu_fault(CPUUniCore32State *env, 
target_ulong address,
 }
 #endif
 
-/* These should probably raise undefined insn exceptions.  */
-void HELPER(set_cp)(CPUUniCor

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Paolo Bonzini]

Il 13/07/2012 11:51, Paolo Bonzini ha scritto:
> Il 13/07/2012 11:16, Stefan Hajnoczi ha scritto:
>>> "Working around the QEMU block layer license" is not a goal per se,
>>> especially because you haven't a) assessed _what_ is the GPL code that
>>> the library would use; b) told us why the library should not be under
>>> the GPL.
>>>
>>> Please design first according to the functionality you want to
>>> implement, then think about the implementation.
>>
>> Licensing is one headache but the real challenge is that the QEMU block
>> layer relies on the QEMU main loop and a bunch of other architecture.
> 
> It doesn't really, not on Windows which has no AIO for example.  That's
> why I suggested:
> 
> - assessing what code is GPL and what are the dependencies on it

So I tried trimming down the list of files needed to compile
qemu tools, and here is a list:

Easy to relicense to LGPLv2+:
block/raw.c none (GPLv2+: Red Hat, IBM)
error.c LGPLv2 (Red Hat, IBM, Stefan Weil)
iov.c   GPLv2 (Red Hat, SuSE/Hannes Reinecke, Michael 
Tokarev)
module.cGPLv2 (Red Hat, IBM, Blue Swirl)
qemu-error.cGPLv2+ (Red Hat, Blue Swirl, IBM)
trace/control.c GPLv2 (Lluis Vilanova)
trace/default.c GPLv2 (Lluis Vilanova)

(I added some people to Cc.  Lluis and Michael, can you also look at
http://wiki.qemu.org/Relicensing if you're willing to relicense
your past contributions from GPLv2 to GPLv2+?.  Blue Swirl said 
he'd accept any other GPLv2 or GPLv3 compatible license, which
should include LGPLv2+).

Harder to relicense to LGPLv2+:
block/vdi.c GPLv2+

"Good" license:
aes.c   BSD
async.c BSD
block.c BSD
block/bochs.c   BSD
block/cloop.c   BSD
block/cow.c BSD
block/dmg.c BSD
block/parallels.c   BSD
block/qcow.cBSD
block/qcow2-cache.c BSD
block/qcow2-cluster.c   BSD
block/qcow2-refcount.c  BSD
block/qcow2-snapshot.c  BSD
block/qcow2.c   BSD
block/qed-check.c   BSD
block/qed-cluster.c BSD
block/qed-gencb.c   BSD
block/qed-l2-cache.cBSD
block/qed-table.c   BSD
block/qed.c BSD
block/vmdk.cBSD
block/vpc.c BSD
block/vvfat.c   BSD
cutils.cBSD
osdep.c BSD
oslib-posix.c   BSD
qemu-coroutine-io.c BSD
qemu-coroutine-lock.c   BSD
qemu-option.c   BSD
qemu-progress.c BSD
coroutine-ucontext.cLGPLv2+
json-lexer.cLGPLv2+
json-parser.c   LGPLv2+
json-streamer.c LGPLv2+
qbool.c LGPLv2+
qdict.c LGPLv2+
qemu-coroutine.cLGPLv2+
qerror.cLGPLv2+
qfloat.cLGPLv2+
qint.c  LGPLv2+
qjson.c LGPLv2+
qlist.c LGPLv2+
qstring.c   LGPLv2+

Doesn't need to be included in a library:
qemu-tool.c GPLv2

Autogenerated:
trace.c

Remaining undefined symbols:
qemu_aio_flush
qemu_aio_wait
qemu_free_timer
qemu_new_timer
qemu_mod_timer
qemu_del_timer
qemu_get_clock_ns
vm_clock
+ those defined in qemu-tool.c

Paolo

[Qemu-devel] [PATCHv4 08/14] unicore32-softmmu: Add puv3 interrupt support

[Guan Xuetao]

This patch adds puv3 interrupt support, include interrupt controler
device simulation and interrupt handler in puv3 machine.

Signed-off-by: Guan Xuetao 
---
 hw/Makefile.objs |3 +
 hw/puv3.c|   23 +-
 hw/puv3_intc.c   |  135 ++
 3 files changed, 160 insertions(+), 1 deletions(-)
 create mode 100644 hw/puv3_intc.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 9a350de..6d49ce8 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -66,6 +66,9 @@ hw-obj-$(CONFIG_XILINX) += xilinx_uartlite.o
 hw-obj-$(CONFIG_XILINX_AXI) += xilinx_axidma.o
 hw-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 
+# PKUnity SoC devices
+hw-obj-$(CONFIG_PUV3) += puv3_intc.o
+
 # PCI watchdog devices
 hw-obj-$(CONFIG_PCI) += wdt_i6300esb.o
 
diff --git a/hw/puv3.c b/hw/puv3.c
index 0dc129d..2870455 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -22,9 +22,30 @@
 #define KERNEL_LOAD_ADDR0x0300
 #define KERNEL_MAX_SIZE 0x0080 /* Just a guess */
 
+static void puv3_intc_cpu_handler(void *opaque, int irq, int level)
+{
+CPUUniCore32State *env = opaque;
+
+assert(irq == 0);
+if (level) {
+cpu_interrupt(env, CPU_INTERRUPT_HARD);
+} else {
+cpu_reset_interrupt(env, CPU_INTERRUPT_HARD);
+}
+}
+
 static void puv3_soc_init(CPUUniCore32State *env)
 {
-/* TODO */
+qemu_irq *cpu_intc, irqs[PUV3_IRQS_NR];
+DeviceState *dev;
+int i;
+
+/* Initialize interrupt controller */
+cpu_intc = qemu_allocate_irqs(puv3_intc_cpu_handler, env, 1);
+dev = sysbus_create_simple("puv3_intc", PUV3_INTC_BASE, *cpu_intc);
+for (i = 0; i < PUV3_IRQS_NR; i++) {
+irqs[i] = qdev_get_gpio_in(dev, i);
+}
 }
 
 static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
diff --git a/hw/puv3_intc.c b/hw/puv3_intc.c
new file mode 100644
index 000..9e0b975
--- /dev/null
+++ b/hw/puv3_intc.c
@@ -0,0 +1,135 @@
+/*
+ * INTC device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "sysbus.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+typedef struct {
+SysBusDevice busdev;
+MemoryRegion iomem;
+qemu_irq parent_irq;
+
+uint32_t reg_ICMR;
+uint32_t reg_ICPR;
+} PUV3INTCState;
+
+/* Update interrupt status after enabled or pending bits have been changed.  */
+static void puv3_intc_update(PUV3INTCState *s)
+{
+if (s->reg_ICMR & s->reg_ICPR) {
+qemu_irq_raise(s->parent_irq);
+} else {
+qemu_irq_lower(s->parent_irq);
+}
+}
+
+/* Process a change in an external INTC input. */
+static void puv3_intc_handler(void *opaque, int irq, int level)
+{
+PUV3INTCState *s = opaque;
+
+DPRINTF("irq 0x%x, level 0x%x\n", irq, level);
+if (level) {
+s->reg_ICPR |= (1 << irq);
+} else {
+s->reg_ICPR &= ~(1 << irq);
+}
+puv3_intc_update(s);
+}
+
+static uint64_t puv3_intc_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
+{
+PUV3INTCState *s = opaque;
+uint32_t ret = 0;
+
+switch (offset) {
+case 0x04: /* INTC_ICMR */
+ret = s->reg_ICMR;
+break;
+case 0x0c: /* INTC_ICIP */
+ret = s->reg_ICPR; /* the same value with ICPR */
+break;
+default:
+DPRINTF("Bad offset %x\n", (int)offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+return ret;
+}
+
+static void puv3_intc_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+PUV3INTCState *s = opaque;
+
+DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+switch (offset) {
+case 0x00: /* INTC_ICLR */
+case 0x14: /* INTC_ICCR */
+break;
+case 0x04: /* INTC_ICMR */
+s->reg_ICMR = value;
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", (int)offset);
+return;
+}
+puv3_intc_update(s);
+}
+
+static const MemoryRegionOps puv3_intc_ops = {
+.read = puv3_intc_read,
+.write = puv3_intc_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_intc_init(SysBusDevice *dev)
+{
+PUV3INTCState *s = FROM_SYSBUS(PUV3INTCState, dev);
+
+qdev_init_gpio_in(&s->busdev.qdev, puv3_intc_handler, PUV3_IRQS_NR);
+sysbus_init_irq(&s->busdev, &s->parent_irq);
+
+s->reg_ICMR = 0;
+s->reg_ICPR = 0;
+
+memory_region_init_io(&s->iomem, &puv3_intc_ops, s, "puv3_intc",
+PUV3_REGS_OFFSET);
+sysbus_init_mmio(dev, &s->iomem);
+
+return 0;
+}
+
+static void puv3_intc_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLAS

[Qemu-devel] [PATCHv4 14/14] unicore32-softmmu: Add maintainer information for UniCore32 machine

[Guan Xuetao]

Signed-off-by: Guan Xuetao 
---
 MAINTAINERS |8 
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 30ed56d..35dbbad 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -405,6 +405,14 @@ M: Alexander Graf 
 S: Maintained
 F: hw/s390-*.c
 
+UniCore32 Machines
+-
+PKUnity-3 SoC initramfs-with-busybox
+M: Guan Xuetao 
+S: Maintained
+F: hw/puv3*
+F: hw/unicore32/
+
 X86 Machines
 
 PC
-- 
1.7.0.4

[Qemu-devel] [PATCHv4 01/14] unicore32-softmmu: Add unicore32-softmmu build support

[Guan Xuetao]

This patch adds unicore32-softmmu build support, include configure,
makefile, arch_init, and all missing functions needed by softmmu.
Although all missing functions are empty, unicore32-softmmu could
be build successfully.

Signed-off-by: Guan Xuetao 
---
 arch_init.c   |2 +
 arch_init.h   |1 +
 configure |1 +
 default-configs/unicore32-softmmu.mak |1 +
 hw/unicore32/Makefile.objs|1 +
 target-unicore32/Makefile.objs|2 +-
 target-unicore32/helper.c |   27 +++---
 target-unicore32/machine.c|   23 +++
 target-unicore32/op_helper.c  |   24 +++-
 target-unicore32/softmmu.c|   39 +
 10 files changed, 106 insertions(+), 15 deletions(-)
 create mode 100644 default-configs/unicore32-softmmu.mak
 create mode 100644 hw/unicore32/Makefile.objs
 create mode 100644 target-unicore32/machine.c
 create mode 100644 target-unicore32/softmmu.c

diff --git a/arch_init.c b/arch_init.c
index 5b0f562..23f8be2 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -89,6 +89,8 @@ int graphic_depth = 15;
 #define QEMU_ARCH QEMU_ARCH_SPARC
 #elif defined(TARGET_XTENSA)
 #define QEMU_ARCH QEMU_ARCH_XTENSA
+#elif defined(TARGET_UNICORE32)
+#define QEMU_ARCH QEMU_ARCH_UNICORE32
 #endif
 
 const uint32_t arch_type = QEMU_ARCH;
diff --git a/arch_init.h b/arch_init.h
index c7cb94a..5298139 100644
--- a/arch_init.h
+++ b/arch_init.h
@@ -16,6 +16,7 @@ enum {
 QEMU_ARCH_SH4 = 1024,
 QEMU_ARCH_SPARC = 2048,
 QEMU_ARCH_XTENSA = 4096,
+QEMU_ARCH_UNICORE32 = 8192,
 };
 
 extern const uint32_t arch_type;
diff --git a/configure b/configure
index 500fe24..5d9987b 100755
--- a/configure
+++ b/configure
@@ -934,6 +934,7 @@ sparc64-softmmu \
 s390x-softmmu \
 xtensa-softmmu \
 xtensaeb-softmmu \
+unicore32-softmmu \
 "
 fi
 # the following are Linux specific
diff --git a/default-configs/unicore32-softmmu.mak 
b/default-configs/unicore32-softmmu.mak
new file mode 100644
index 000..5f04fe3
--- /dev/null
+++ b/default-configs/unicore32-softmmu.mak
@@ -0,0 +1 @@
+# Default configuration for unicore32-softmmu
diff --git a/hw/unicore32/Makefile.objs b/hw/unicore32/Makefile.objs
new file mode 100644
index 000..b6a3383
--- /dev/null
+++ b/hw/unicore32/Makefile.objs
@@ -0,0 +1 @@
+# For UniCore32 machines and boards
diff --git a/target-unicore32/Makefile.objs b/target-unicore32/Makefile.objs
index 2e0e093..6af1089 100644
--- a/target-unicore32/Makefile.objs
+++ b/target-unicore32/Makefile.objs
@@ -1,4 +1,4 @@
 obj-y += translate.o op_helper.o helper.o cpu.o
-obj-$(CONFIG_SOFTMMU) += machine.o
+obj-$(CONFIG_SOFTMMU) += machine.o softmmu.o
 
 $(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-unicore32/helper.c b/target-unicore32/helper.c
index 9fe4a37..9b8ff06 100644
--- a/target-unicore32/helper.c
+++ b/target-unicore32/helper.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2011 GUAN Xue-tao
+ * Copyright (C) 2010-2012 Guan Xuetao
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -45,18 +45,26 @@ uint32_t HELPER(clz)(uint32_t x)
 return clz32(x);
 }
 
+#ifdef CONFIG_USER_ONLY
+void switch_mode(CPUUniCore32State *env, int mode)
+{
+if (mode != ASR_MODE_USER) {
+cpu_abort(env, "Tried to switch out of user mode\n");
+}
+}
+
 void do_interrupt(CPUUniCore32State *env)
 {
-env->exception_index = -1;
+cpu_abort(env, "NO interrupt in user mode\n");
 }
 
-int uc32_cpu_handle_mmu_fault(CPUUniCore32State *env, target_ulong address, 
int rw,
-  int mmu_idx)
+int uc32_cpu_handle_mmu_fault(CPUUniCore32State *env, target_ulong address,
+  int access_type, int mmu_idx)
 {
-env->exception_index = UC32_EXCP_TRAP;
-env->cp0.c4_faultaddr = address;
+cpu_abort(env, "NO mmu fault in user mode\n");
 return 1;
 }
+#endif
 
 /* These should probably raise undefined insn exceptions.  */
 void HELPER(set_cp)(CPUUniCore32State *env, uint32_t insn, uint32_t val)
@@ -84,13 +92,6 @@ uint32_t HELPER(get_cp0)(CPUUniCore32State *env, uint32_t 
insn)
 return 0;
 }
 
-void switch_mode(CPUUniCore32State *env, int mode)
-{
-if (mode != ASR_MODE_USER) {
-cpu_abort(env, "Tried to switch out of user mode\n");
-}
-}
-
 void HELPER(set_r29_banked)(CPUUniCore32State *env, uint32_t mode, uint32_t 
val)
 {
 cpu_abort(env, "banked r29 write\n");
diff --git a/target-unicore32/machine.c b/target-unicore32/machine.c
new file mode 100644
index 000..60b2ec1
--- /dev/null
+++ b/target-unicore32/machine.c
@@ -0,0 +1,23 @@
+/*
+ * Generic machine functions for UniCore32 ISA
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of t

[Qemu-devel] [PATCHv4 12/14] unicore32-softmmu: Add puv3 dma support

[Guan Xuetao]

This patch adds puv3 dma (Direct Memory Access) support,
include dma device simulation for kernel booting.

Signed-off-by: Guan Xuetao 
---
 hw/Makefile.objs |1 +
 hw/puv3.c|1 +
 hw/puv3_dma.c|  109 ++
 3 files changed, 111 insertions(+), 0 deletions(-)
 create mode 100644 hw/puv3_dma.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index ee3b70c..1f4b549 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -71,6 +71,7 @@ hw-obj-$(CONFIG_PUV3) += puv3_intc.o
 hw-obj-$(CONFIG_PUV3) += puv3_ost.o
 hw-obj-$(CONFIG_PUV3) += puv3_gpio.o
 hw-obj-$(CONFIG_PUV3) += puv3_pm.o
+hw-obj-$(CONFIG_PUV3) += puv3_dma.o
 
 # PCI watchdog devices
 hw-obj-$(CONFIG_PCI) += wdt_i6300esb.o
diff --git a/hw/puv3.c b/hw/puv3.c
index 3a14b27..9acfc5a 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -49,6 +49,7 @@ static void puv3_soc_init(CPUUniCore32State *env)
 
 /* Initialize minimal necessary devices for kernel booting */
 sysbus_create_simple("puv3_pm", PUV3_PM_BASE, NULL);
+sysbus_create_simple("puv3_dma", PUV3_DMA_BASE, NULL);
 sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
 sysbus_create_varargs("puv3_gpio", PUV3_GPIO_BASE,
 irqs[PUV3_IRQS_GPIOLOW0], irqs[PUV3_IRQS_GPIOLOW1],
diff --git a/hw/puv3_dma.c b/hw/puv3_dma.c
new file mode 100644
index 000..bd1f43e
--- /dev/null
+++ b/hw/puv3_dma.c
@@ -0,0 +1,109 @@
+/*
+ * DMA device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw.h"
+#include "sysbus.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+#define PUV3_DMA_CH_NR  (6)
+#define PUV3_DMA_CH_MASK(0xff)
+#define PUV3_DMA_CH(offset) ((offset) >> 8)
+
+typedef struct {
+SysBusDevice busdev;
+MemoryRegion iomem;
+uint32_t reg_CFG[PUV3_DMA_CH_NR];
+} PUV3DMAState;
+
+static uint64_t puv3_dma_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
+{
+PUV3DMAState *s = opaque;
+uint32_t ret;
+
+assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
+
+switch (offset & PUV3_DMA_CH_MASK) {
+case 0x10:
+ret = s->reg_CFG[PUV3_DMA_CH(offset)];
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+return ret;
+}
+
+static void puv3_dma_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+PUV3DMAState *s = opaque;
+
+assert(PUV3_DMA_CH(offset) < PUV3_DMA_CH_NR);
+
+switch (offset & PUV3_DMA_CH_MASK) {
+case 0x10:
+s->reg_CFG[PUV3_DMA_CH(offset)] = value;
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+}
+
+static const MemoryRegionOps puv3_dma_ops = {
+.read = puv3_dma_read,
+.write = puv3_dma_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_dma_init(SysBusDevice *dev)
+{
+PUV3DMAState *s = FROM_SYSBUS(PUV3DMAState, dev);
+int i;
+
+for (i = 0; i < PUV3_DMA_CH_NR; i++) {
+s->reg_CFG[i] = 0x0;
+}
+
+memory_region_init_io(&s->iomem, &puv3_dma_ops, s, "puv3_dma",
+PUV3_REGS_OFFSET);
+sysbus_init_mmio(dev, &s->iomem);
+
+return 0;
+}
+
+static void puv3_dma_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+sdc->init = puv3_dma_init;
+}
+
+static const TypeInfo puv3_dma_info = {
+.name = "puv3_dma",
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(PUV3DMAState),
+.class_init = puv3_dma_class_init,
+};
+
+static void puv3_dma_register_type(void)
+{
+type_register_static(&puv3_dma_info);
+}
+
+type_init(puv3_dma_register_type)
-- 
1.7.0.4

[Qemu-devel] [PATCHv4 07/14] unicore32-softmmu: Add puv3 soc/board support

[Guan Xuetao]

This patch only add puv3 soc/board support, which introduces puv3
machine description, and specifies console type.

Signed-off-by: Guan Xuetao 
---
 default-configs/unicore32-softmmu.mak |1 +
 hw/puv3.c |   93 +
 hw/puv3.h |   49 +
 hw/unicore32/Makefile.objs|5 ++
 4 files changed, 148 insertions(+), 0 deletions(-)
 create mode 100644 hw/puv3.c
 create mode 100644 hw/puv3.h

diff --git a/default-configs/unicore32-softmmu.mak 
b/default-configs/unicore32-softmmu.mak
index 5f04fe3..726a338 100644
--- a/default-configs/unicore32-softmmu.mak
+++ b/default-configs/unicore32-softmmu.mak
@@ -1 +1,2 @@
 # Default configuration for unicore32-softmmu
+CONFIG_PUV3=y
diff --git a/hw/puv3.c b/hw/puv3.c
new file mode 100644
index 000..0dc129d
--- /dev/null
+++ b/hw/puv3.c
@@ -0,0 +1,93 @@
+/*
+ * Generic PKUnity SoC machine and board descriptor
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "console.h"
+#include "elf.h"
+#include "exec-memory.h"
+#include "sysbus.h"
+#include "boards.h"
+#include "loader.h"
+#include "pc.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+#define KERNEL_LOAD_ADDR0x0300
+#define KERNEL_MAX_SIZE 0x0080 /* Just a guess */
+
+static void puv3_soc_init(CPUUniCore32State *env)
+{
+/* TODO */
+}
+
+static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
+{
+MemoryRegion *ram_memory = g_new(MemoryRegion, 1);
+
+/* SDRAM at address zero.  */
+memory_region_init_ram(ram_memory, "puv3.ram", ram_size);
+vmstate_register_ram_global(ram_memory);
+memory_region_add_subregion(get_system_memory(), 0, ram_memory);
+}
+
+static void puv3_load_kernel(const char *kernel_filename)
+{
+int size;
+
+assert(kernel_filename != NULL);
+
+/* only zImage format supported */
+size = load_image_targphys(kernel_filename, KERNEL_LOAD_ADDR,
+KERNEL_MAX_SIZE);
+if (size < 0) {
+hw_error("Load kernel error: '%s'\n", kernel_filename);
+}
+
+/* cheat curses that we have a graphic console, only under ocd console */
+graphic_console_init(NULL, NULL, NULL, NULL, NULL);
+}
+
+static void puv3_init(ram_addr_t ram_size, const char *boot_device,
+ const char *kernel_filename, const char *kernel_cmdline,
+ const char *initrd_filename, const char *cpu_model)
+{
+CPUUniCore32State *env;
+
+if (initrd_filename) {
+hw_error("Please use kernel built-in initramdisk.\n");
+}
+
+if (!cpu_model) {
+cpu_model = "UniCore-II";
+}
+
+env = cpu_init(cpu_model);
+if (!env) {
+hw_error("Unable to find CPU definition\n");
+}
+
+puv3_soc_init(env);
+puv3_board_init(env, ram_size);
+puv3_load_kernel(kernel_filename);
+}
+
+static QEMUMachine puv3_machine = {
+.name = "puv3",
+.desc = "PKUnity Version-3 based on UniCore32",
+.init = puv3_init,
+.use_scsi = 0,
+};
+
+static void puv3_machine_init(void)
+{
+qemu_register_machine(&puv3_machine);
+}
+
+machine_init(puv3_machine_init)
diff --git a/hw/puv3.h b/hw/puv3.h
new file mode 100644
index 000..f37adcb
--- /dev/null
+++ b/hw/puv3.h
@@ -0,0 +1,49 @@
+/*
+ * Misc PKUnity SoC declarations
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_HW_PUV3_H
+#define QEMU_HW_PUV3_H
+
+#define PUV3_REGS_OFFSET(0x1000) /* 4K is reasonable */
+
+/* PKUnity System bus (AHB): 0xc000 - 0xedff (640MB) */
+#define PUV3_DMA_BASE   (0xc020) /* AHB-4 */
+
+/* PKUnity Peripheral bus (APB): 0xee00 - 0xefff (128MB) */
+#define PUV3_GPIO_BASE  (0xee50) /* APB-5 */
+#define PUV3_INTC_BASE  (0xee60) /* APB-6 */
+#define PUV3_OST_BASE   (0xee80) /* APB-8 */
+#define PUV3_PM_BASE(0xeea0) /* APB-10 */
+#define PUV3_PS2_BASE   (0xeeb0) /* APB-11 */
+
+/* Hardware interrupts */
+#define PUV3_IRQS_NR(32)
+
+#define PUV3_IRQS_GPIOLOW0  (0)
+#define PUV3_IRQS_GPIOLOW1  (1)
+#define PUV3_IRQS_GPIOLOW2  (2)
+#define PUV3_IRQS_GPIOLOW3  (3)
+#define PUV3_IRQS_GPIOLOW4  (4)
+#define PUV3_IRQS_GPIOLOW5  (5)
+#define PUV3_IRQS_GPIOLOW6  (6)
+#define PUV3_IRQS_GPIOLOW7  (7)
+#define PUV3_IRQS_GPIOHIGH  (8)
+#define PUV3_IRQS_PS2_KBD   (22)
+#define PUV3_IRQS_PS2_AUX   (23)
+#d

[Qemu-devel] [PATCHv4 06/14] unicore32-softmmu: Make sure that kernel can access user space

[Guan Xuetao]

As a matter of course, we need to access user space in kernel code,
so we need to correct load/store decoders to indicate correct memory
region.

Signed-off-by: Guan Xuetao 
---
 target-unicore32/translate.c |   36 ++--
 1 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/target-unicore32/translate.c b/target-unicore32/translate.c
index e37d5be..5ee3a59 100644
--- a/target-unicore32/translate.c
+++ b/target-unicore32/translate.c
@@ -33,9 +33,16 @@ typedef struct DisasContext {
 int condlabel;
 struct TranslationBlock *tb;
 int singlestep_enabled;
+#ifndef CONFIG_USER_ONLY
+int user;
+#endif
 } DisasContext;
 
-#define IS_USER(s) 1
+#ifndef CONFIG_USER_ONLY
+#define IS_USER(s)  (s->user)
+#else
+#define IS_USER(s)  1
+#endif
 
 /* These instructions trap after executing, so defer them until after the
conditional executions state has been updated.  */
@@ -1554,12 +1561,12 @@ static void do_misc(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 /* load/store I_offset and R_offset */
 static void do_ldst_ir(CPUUniCore32State *env, DisasContext *s, uint32_t insn)
 {
-unsigned int i;
+unsigned int mmu_idx;
 TCGv tmp;
 TCGv tmp2;
 
 tmp2 = load_reg(s, UCOP_REG_N);
-i = (IS_USER(s) || (!UCOP_SET_P && UCOP_SET_W));
+mmu_idx = (IS_USER(s) || (!UCOP_SET_P && UCOP_SET_W));
 
 /* immediate */
 if (UCOP_SET_P) {
@@ -1569,17 +1576,17 @@ static void do_ldst_ir(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 if (UCOP_SET_L) {
 /* load */
 if (UCOP_SET_B) {
-tmp = gen_ld8u(tmp2, i);
+tmp = gen_ld8u(tmp2, mmu_idx);
 } else {
-tmp = gen_ld32(tmp2, i);
+tmp = gen_ld32(tmp2, mmu_idx);
 }
 } else {
 /* store */
 tmp = load_reg(s, UCOP_REG_D);
 if (UCOP_SET_B) {
-gen_st8(tmp, tmp2, i);
+gen_st8(tmp, tmp2, mmu_idx);
 } else {
-gen_st32(tmp, tmp2, i);
+gen_st32(tmp, tmp2, mmu_idx);
 }
 }
 if (!UCOP_SET_P) {
@@ -1682,7 +1689,7 @@ static void do_ldst_hwsb(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 /* load/store multiple words */
 static void do_ldst_m(CPUUniCore32State *env, DisasContext *s, uint32_t insn)
 {
-unsigned int val, i;
+unsigned int val, i, mmu_idx;
 int j, n, reg, user, loaded_base;
 TCGv tmp;
 TCGv tmp2;
@@ -1703,6 +1710,7 @@ static void do_ldst_m(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 }
 }
 
+mmu_idx = (IS_USER(s) || (!UCOP_SET_P && UCOP_SET_W));
 addr = load_reg(s, UCOP_REG_N);
 
 /* compute total size */
@@ -1747,7 +1755,7 @@ static void do_ldst_m(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 }
 if (UCOP_SET(i)) {
 if (UCOP_SET_L) { /* load */
-tmp = gen_ld32(addr, IS_USER(s));
+tmp = gen_ld32(addr, mmu_idx);
 if (reg == 31) {
 gen_bx(s, tmp);
 } else if (user) {
@@ -1775,7 +1783,7 @@ static void do_ldst_m(CPUUniCore32State *env, 
DisasContext *s, uint32_t insn)
 } else {
 tmp = load_reg(s, reg);
 }
-gen_st32(tmp, addr, IS_USER(s));
+gen_st32(tmp, addr, mmu_idx);
 }
 j++;
 /* no need to add after the last transfer */
@@ -1964,6 +1972,14 @@ static inline void 
gen_intermediate_code_internal(CPUUniCore32State *env,
 max_insns = CF_COUNT_MASK;
 }
 
+#ifndef CONFIG_USER_ONLY
+if ((env->uncached_asr & ASR_M) == ASR_MODE_USER) {
+dc->user = 1;
+} else {
+dc->user = 0;
+}
+#endif
+
 gen_icount_start();
 do {
 if (unlikely(!QTAILQ_EMPTY(&env->breakpoints))) {
-- 
1.7.0.4

[Qemu-devel] [PATCHv4 03/14] unicore32-softmmu: Make UniCore32 cpuid & exceptions correct and runable

[Guan Xuetao]

This patch initializes the cpuid to exactly correct value because
linux kernel will check it.
In addition, the exception types are specified in proper situations.
Then it could make exceptions generated correctly and timely.

Signed-off-by: Guan Xuetao 
---
 cpu-exec.c |1 +
 linux-user/main.c  |3 ++-
 target-unicore32/cpu.c |   19 ++-
 target-unicore32/cpu.h |   14 --
 4 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index 08c35f7..500ff12 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -423,6 +423,7 @@ int cpu_exec(CPUArchState *env)
 #elif defined(TARGET_UNICORE32)
 if (interrupt_request & CPU_INTERRUPT_HARD
 && !(env->uncached_asr & ASR_I)) {
+env->exception_index = UC32_EXCP_INTR;
 do_interrupt(env);
 next_tb = 0;
 }
diff --git a/linux-user/main.c b/linux-user/main.c
index d0e0e4f..e751042 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -958,7 +958,8 @@ void cpu_loop(CPUUniCore32State *env)
 }
 }
 break;
-case UC32_EXCP_TRAP:
+case UC32_EXCP_DTRAP:
+case UC32_EXCP_ITRAP:
 info.si_signo = SIGSEGV;
 info.si_errno = 0;
 /* XXX: check env->error_code */
diff --git a/target-unicore32/cpu.c b/target-unicore32/cpu.c
index de63f58..3425bbe 100644
--- a/target-unicore32/cpu.c
+++ b/target-unicore32/cpu.c
@@ -1,7 +1,7 @@
 /*
  * QEMU UniCore32 CPU
  *
- * Copyright (c) 2010-2011 GUAN Xue-tao
+ * Copyright (c) 2010-2012 Guan Xuetao
  * Copyright (c) 2012 SUSE LINUX Products GmbH
  *
  * This program is free software; you can redistribute it and/or modify
@@ -32,13 +32,16 @@ static void unicore_ii_cpu_initfn(Object *obj)
 UniCore32CPU *cpu = UNICORE32_CPU(obj);
 CPUUniCore32State *env = &cpu->env;
 
-env->cp0.c0_cpuid = 0x40010863;
+env->cp0.c0_cpuid = 0x4d000863;
+env->cp0.c0_cachetype = 0x0d152152;
+env->cp0.c1_sys = 0x2000;
+env->cp0.c2_base = 0x0;
+env->cp0.c3_faultstatus = 0x0;
+env->cp0.c4_faultaddr = 0x0;
+env->ucf64.xregs[UC32_UCF64_FPSCR] = 0;
 
 set_feature(env, UC32_HWCAP_CMOV);
 set_feature(env, UC32_HWCAP_UCF64);
-env->ucf64.xregs[UC32_UCF64_FPSCR] = 0;
-env->cp0.c0_cachetype = 0x1dd20d2;
-env->cp0.c1_sys = 0x00090078;
 }
 
 static void uc32_any_cpu_initfn(Object *obj)
@@ -47,6 +50,7 @@ static void uc32_any_cpu_initfn(Object *obj)
 CPUUniCore32State *env = &cpu->env;
 
 env->cp0.c0_cpuid = 0x;
+env->ucf64.xregs[UC32_UCF64_FPSCR] = 0;
 
 set_feature(env, UC32_HWCAP_CMOV);
 set_feature(env, UC32_HWCAP_UCF64);
@@ -65,8 +69,13 @@ static void uc32_cpu_initfn(Object *obj)
 cpu_exec_init(env);
 env->cpu_model_str = object_get_typename(obj);
 
+#ifdef CONFIG_USER_ONLY
 env->uncached_asr = ASR_MODE_USER;
 env->regs[31] = 0;
+#else
+env->uncached_asr = ASR_MODE_PRIV;
+env->regs[31] = 0x0300;
+#endif
 
 tlb_flush(env, 1);
 }
diff --git a/target-unicore32/cpu.h b/target-unicore32/cpu.h
index 81c14ff..d14fde5 100644
--- a/target-unicore32/cpu.h
+++ b/target-unicore32/cpu.h
@@ -1,15 +1,15 @@
 /*
  * UniCore32 virtual CPU header
  *
- * Copyright (C) 2010-2011 GUAN Xue-tao
+ * Copyright (C) 2010-2012 Guan Xuetao
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
  * published by the Free Software Foundation, or (at your option) any
  * later version. See the COPYING file in the top-level directory.
  */
-#ifndef __CPU_UC32_H__
-#define __CPU_UC32_H__
+#ifndef QEMU_UNICORE32_CPU_H
+#define QEMU_UNICORE32_CPU_H
 
 #define TARGET_LONG_BITS32
 #define TARGET_PAGE_BITS12
@@ -89,8 +89,10 @@ typedef struct CPUUniCore32State {
 #define ASR_NZCV(ASR_N | ASR_Z | ASR_C | ASR_V)
 #define ASR_RESERVED(~(ASR_M | ASR_I | ASR_NZCV))
 
-#define UC32_EXCP_PRIV  (ASR_MODE_PRIV)
-#define UC32_EXCP_TRAP  (ASR_MODE_TRAP)
+#define UC32_EXCP_PRIV  (1)
+#define UC32_EXCP_ITRAP (2)
+#define UC32_EXCP_DTRAP (3)
+#define UC32_EXCP_INTR  (4)
 
 /* Return the current ASR value.  */
 target_ulong cpu_asr_read(CPUUniCore32State *env1);
@@ -189,4 +191,4 @@ static inline bool cpu_has_work(CPUUniCore32State *env)
 (CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB);
 }
 
-#endif /* __CPU_UC32_H__ */
+#endif /* QEMU_UNICORE32_CPU_H */
-- 
1.7.0.4

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Kevin Wolf]

Am 13.07.2012 12:55, schrieb Christoph Hellwig:
> On Fri, Jul 13, 2012 at 12:42:41PM +0200, Kevin Wolf wrote:
>> It still feels a bit more like qemu-io-style operations. Not sure what
>> your use case looks like exactly, but adding a qemu-io command that
>> reads data from a file and writes it at a given offset into the images
>> (or vice versa) should be easy. This would be more or less a qemu-dd.
> 
> We already have that if you read/write the whole image, it's called
> qemu-img convert.

Hm. Fair point, I guess. Though qemu-img tends to have commands that
deal with complete disks instead of just areas.

>> If you need to get data from stdin or output it to stdout, then it might
>> not be the right solution.
> 
> That is the use case.  We could appromite it by writing a temp file and
> using qemu-img convert, but that's not very efficient. 

Yeah, it's not what you want then.

So the question is whether to have it integrated in qemu-img or
standalone. I'm undecided: Having everything in one well-known tool has
its advantages. But then, a qemu-dd that feels like a real dd, just that
it opens image formats with the right driver instead of always using
raw, certainly sounds attractive, too.

Let's wait a bit for more opinions. If there aren't any - you write the
code, you decide.

Kevin

[Qemu-devel] [PATCHv4 10/14] unicore32-softmmu: Add puv3 gpio support

[Guan Xuetao]

This patch adds puv3 gpio (General Purpose Input/Output) support,
include gpio device simulation and its interrupt support.

Signed-off-by: Guan Xuetao 
---
 hw/Makefile.objs |1 +
 hw/puv3.c|6 ++
 hw/puv3_gpio.c   |  141 ++
 3 files changed, 148 insertions(+), 0 deletions(-)
 create mode 100644 hw/puv3_gpio.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index c835a49..093d5a9 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -69,6 +69,7 @@ hw-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 # PKUnity SoC devices
 hw-obj-$(CONFIG_PUV3) += puv3_intc.o
 hw-obj-$(CONFIG_PUV3) += puv3_ost.o
+hw-obj-$(CONFIG_PUV3) += puv3_gpio.o
 
 # PCI watchdog devices
 hw-obj-$(CONFIG_PCI) += wdt_i6300esb.o
diff --git a/hw/puv3.c b/hw/puv3.c
index 5a8a27c..0354cf6 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -49,6 +49,12 @@ static void puv3_soc_init(CPUUniCore32State *env)
 
 /* Initialize minimal necessary devices for kernel booting */
 sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
+sysbus_create_varargs("puv3_gpio", PUV3_GPIO_BASE,
+irqs[PUV3_IRQS_GPIOLOW0], irqs[PUV3_IRQS_GPIOLOW1],
+irqs[PUV3_IRQS_GPIOLOW2], irqs[PUV3_IRQS_GPIOLOW3],
+irqs[PUV3_IRQS_GPIOLOW4], irqs[PUV3_IRQS_GPIOLOW5],
+irqs[PUV3_IRQS_GPIOLOW6], irqs[PUV3_IRQS_GPIOLOW7],
+irqs[PUV3_IRQS_GPIOHIGH], NULL);
 }
 
 static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
diff --git a/hw/puv3_gpio.c b/hw/puv3_gpio.c
new file mode 100644
index 000..d78aac3
--- /dev/null
+++ b/hw/puv3_gpio.c
@@ -0,0 +1,141 @@
+/*
+ * GPIO device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw.h"
+#include "sysbus.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+typedef struct {
+SysBusDevice busdev;
+MemoryRegion iomem;
+qemu_irq irq[9];
+
+uint32_t reg_GPLR;
+uint32_t reg_GPDR;
+uint32_t reg_GPIR;
+} PUV3GPIOState;
+
+static uint64_t puv3_gpio_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
+{
+PUV3GPIOState *s = opaque;
+uint32_t ret;
+
+switch (offset) {
+case 0x00:
+ret = s->reg_GPLR;
+break;
+case 0x04:
+ret = s->reg_GPDR;
+break;
+case 0x20:
+ret = s->reg_GPIR;
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+return ret;
+}
+
+static void puv3_gpio_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+PUV3GPIOState *s = opaque;
+
+DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+switch (offset) {
+case 0x04:
+s->reg_GPDR = value;
+break;
+case 0x08:
+if (s->reg_GPDR & value) {
+s->reg_GPLR |= value;
+} else {
+DPRINTF("Write gpio input port error!");
+}
+break;
+case 0x0c:
+if (s->reg_GPDR & value) {
+s->reg_GPLR &= ~value;
+} else {
+DPRINTF("Write gpio input port error!");
+}
+break;
+case 0x10: /* GRER */
+case 0x14: /* GFER */
+case 0x18: /* GEDR */
+break;
+case 0x20: /* GPIR */
+s->reg_GPIR = value;
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+}
+
+static const MemoryRegionOps puv3_gpio_ops = {
+.read = puv3_gpio_read,
+.write = puv3_gpio_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_gpio_init(SysBusDevice *dev)
+{
+PUV3GPIOState *s = FROM_SYSBUS(PUV3GPIOState, dev);
+
+s->reg_GPLR = 0;
+s->reg_GPDR = 0;
+
+/* FIXME: these irqs not handled yet */
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW0]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW1]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW2]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW3]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW4]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW5]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW6]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW7]);
+sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOHIGH]);
+
+memory_region_init_io(&s->iomem, &puv3_gpio_ops, s, "puv3_gpio",
+PUV3_REGS_OFFSET);
+sysbus_init_mmio(dev, &s->iomem);
+
+return 0;
+}
+
+static void puv3_gpio_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+sdc->init = puv3_gpio_init;
+}
+
+static const Typ

[Qemu-devel] [PATCHv4 09/14] unicore32-softmmu: Add puv3 ostimer support

[Guan Xuetao]

This patch adds puv3 ostimer support, include os timer
device simulation and ptimer support in puv3 machine.

Signed-off-by: Guan Xuetao 
---
 default-configs/unicore32-softmmu.mak |1 +
 hw/Makefile.objs  |1 +
 hw/puv3.c |3 +
 hw/puv3_ost.c |  151 +
 4 files changed, 156 insertions(+), 0 deletions(-)
 create mode 100644 hw/puv3_ost.c

diff --git a/default-configs/unicore32-softmmu.mak 
b/default-configs/unicore32-softmmu.mak
index 726a338..4d4fbfc 100644
--- a/default-configs/unicore32-softmmu.mak
+++ b/default-configs/unicore32-softmmu.mak
@@ -1,2 +1,3 @@
 # Default configuration for unicore32-softmmu
 CONFIG_PUV3=y
+CONFIG_PTIMER=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 6d49ce8..c835a49 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -68,6 +68,7 @@ hw-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 
 # PKUnity SoC devices
 hw-obj-$(CONFIG_PUV3) += puv3_intc.o
+hw-obj-$(CONFIG_PUV3) += puv3_ost.o
 
 # PCI watchdog devices
 hw-obj-$(CONFIG_PCI) += wdt_i6300esb.o
diff --git a/hw/puv3.c b/hw/puv3.c
index 2870455..5a8a27c 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -46,6 +46,9 @@ static void puv3_soc_init(CPUUniCore32State *env)
 for (i = 0; i < PUV3_IRQS_NR; i++) {
 irqs[i] = qdev_get_gpio_in(dev, i);
 }
+
+/* Initialize minimal necessary devices for kernel booting */
+sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
 }
 
 static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
diff --git a/hw/puv3_ost.c b/hw/puv3_ost.c
new file mode 100644
index 000..dd30cad
--- /dev/null
+++ b/hw/puv3_ost.c
@@ -0,0 +1,151 @@
+/*
+ * OSTimer device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "sysbus.h"
+#include "ptimer.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+/* puv3 ostimer implementation. */
+typedef struct {
+SysBusDevice busdev;
+MemoryRegion iomem;
+QEMUBH *bh;
+qemu_irq irq;
+ptimer_state *ptimer;
+
+uint32_t reg_OSMR0;
+uint32_t reg_OSCR;
+uint32_t reg_OSSR;
+uint32_t reg_OIER;
+} PUV3OSTState;
+
+static uint64_t puv3_ost_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
+{
+PUV3OSTState *s = opaque;
+uint32_t ret = 0;
+
+switch (offset) {
+case 0x10: /* Counter Register */
+ret = s->reg_OSMR0 - (uint32_t)ptimer_get_count(s->ptimer);
+break;
+case 0x14: /* Status Register */
+ret = s->reg_OSSR;
+break;
+case 0x1c: /* Interrupt Enable Register */
+ret = s->reg_OIER;
+break;
+default:
+DPRINTF("Bad offset %x\n", (int)offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+return ret;
+}
+
+static void puv3_ost_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+PUV3OSTState *s = opaque;
+
+DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+switch (offset) {
+case 0x00: /* Match Register 0 */
+s->reg_OSMR0 = value;
+if (s->reg_OSMR0 > s->reg_OSCR) {
+ptimer_set_count(s->ptimer, s->reg_OSMR0 - s->reg_OSCR);
+} else {
+ptimer_set_count(s->ptimer, s->reg_OSMR0 +
+(0x - s->reg_OSCR));
+}
+ptimer_run(s->ptimer, 2);
+break;
+case 0x14: /* Status Register */
+assert(value == 0);
+if (s->reg_OSSR) {
+s->reg_OSSR = value;
+qemu_irq_lower(s->irq);
+}
+break;
+case 0x1c: /* Interrupt Enable Register */
+s->reg_OIER = value;
+break;
+default:
+DPRINTF("Bad offset %x\n", (int)offset);
+}
+}
+
+static const MemoryRegionOps puv3_ost_ops = {
+.read = puv3_ost_read,
+.write = puv3_ost_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void puv3_ost_tick(void *opaque)
+{
+PUV3OSTState *s = opaque;
+
+DPRINTF("ost hit when ptimer counter from 0x%x to 0x%x!\n",
+s->reg_OSCR, s->reg_OSMR0);
+
+s->reg_OSCR = s->reg_OSMR0;
+if (s->reg_OIER) {
+s->reg_OSSR = 1;
+qemu_irq_raise(s->irq);
+}
+}
+
+static int puv3_ost_init(SysBusDevice *dev)
+{
+PUV3OSTState *s = FROM_SYSBUS(PUV3OSTState, dev);
+
+s->reg_OIER = 0;
+s->reg_OSSR = 0;
+s->reg_OSMR0 = 0;
+s->reg_OSCR = 0;
+
+sysbus_init_irq(dev, &s->irq);
+
+s->bh = qemu_bh_new(puv3_ost_tick, s);
+s->ptimer = ptimer_init(s->bh);
+ptimer_set_freq(s->ptimer, 50 * 1000 * 1000);
+
+memory_region_init_

[Qemu-devel] [PATCHv4 13/14] unicore32-softmmu: Add ps2 support

[Guan Xuetao]

This patch adds ps2/keyboard support, and enables CONFIG_PCKBD.

Signed-off-by: Guan Xuetao 
---
 default-configs/unicore32-softmmu.mak |1 +
 hw/puv3.c |5 +
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/default-configs/unicore32-softmmu.mak 
b/default-configs/unicore32-softmmu.mak
index 4d4fbfc..de38577 100644
--- a/default-configs/unicore32-softmmu.mak
+++ b/default-configs/unicore32-softmmu.mak
@@ -1,3 +1,4 @@
 # Default configuration for unicore32-softmmu
 CONFIG_PUV3=y
 CONFIG_PTIMER=y
+CONFIG_PCKBD=y
diff --git a/hw/puv3.c b/hw/puv3.c
index 9acfc5a..271df97 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -38,6 +38,7 @@ static void puv3_soc_init(CPUUniCore32State *env)
 {
 qemu_irq *cpu_intc, irqs[PUV3_IRQS_NR];
 DeviceState *dev;
+MemoryRegion *i8042 = g_new(MemoryRegion, 1);
 int i;
 
 /* Initialize interrupt controller */
@@ -57,6 +58,10 @@ static void puv3_soc_init(CPUUniCore32State *env)
 irqs[PUV3_IRQS_GPIOLOW4], irqs[PUV3_IRQS_GPIOLOW5],
 irqs[PUV3_IRQS_GPIOLOW6], irqs[PUV3_IRQS_GPIOLOW7],
 irqs[PUV3_IRQS_GPIOHIGH], NULL);
+
+/* Keyboard (i8042), mouse disabled for nographic */
+i8042_mm_init(irqs[PUV3_IRQS_PS2_KBD], NULL, i8042, PUV3_REGS_OFFSET, 4);
+memory_region_add_subregion(get_system_memory(), PUV3_PS2_BASE, i8042);
 }
 
 static void puv3_board_init(CPUUniCore32State *env, ram_addr_t ram_size)
-- 
1.7.0.4

[Qemu-devel] [PATCHv4 05/14] unicore32-softmmu: Implement softmmu specific functions

[Guan Xuetao]

This patch implements softmmu specific functions, include tlb_fill,
switch_mode, do_interrupt and uc32_cpu_handle_mmu_fault.
So the full exception handlers and page table walking could work now.

Signed-off-by: Guan Xuetao 
---
 target-unicore32/op_helper.c |   22 -
 target-unicore32/softmmu.c   |  236 +-
 2 files changed, 253 insertions(+), 5 deletions(-)

diff --git a/target-unicore32/op_helper.c b/target-unicore32/op_helper.c
index 6df30db..c63789d 100644
--- a/target-unicore32/op_helper.c
+++ b/target-unicore32/op_helper.c
@@ -267,6 +267,26 @@ uint32_t HELPER(ror_cc)(uint32_t x, uint32_t i)
 void tlb_fill(CPUUniCore32State *env1, target_ulong addr, int is_write,
 int mmu_idx, uintptr_t retaddr)
 {
-cpu_abort(env, "%s not supported yet\n", __func__);
+TranslationBlock *tb;
+CPUUniCore32State *saved_env;
+unsigned long pc;
+int ret;
+
+saved_env = env;
+env = env1;
+ret = uc32_cpu_handle_mmu_fault(env, addr, is_write, mmu_idx);
+if (unlikely(ret)) {
+if (retaddr) {
+/* now we have a real cpu fault */
+pc = (unsigned long)retaddr;
+tb = tb_find_pc(pc);
+if (tb) {/* the PC is inside the translated code.
+It means that we have a virtual CPU fault */
+cpu_restore_state(tb, env, pc);
+}
+}
+cpu_loop_exit(env);
+}
+env = saved_env;
 }
 #endif
diff --git a/target-unicore32/softmmu.c b/target-unicore32/softmmu.c
index 6fec77e..373f94b 100644
--- a/target-unicore32/softmmu.c
+++ b/target-unicore32/softmmu.c
@@ -14,21 +14,249 @@
 
 #include 
 
+#undef DEBUG_UC32
+
+#ifdef DEBUG_UC32
+#define DPRINTF(fmt, ...) printf("%s: " fmt , __func__, ## __VA_ARGS__)
+#else
+#define DPRINTF(fmt, ...) do {} while (0)
+#endif
+
+#define SUPERPAGE_SIZE (1 << 22)
+#define UC32_PAGETABLE_READ(1 << 8)
+#define UC32_PAGETABLE_WRITE   (1 << 7)
+#define UC32_PAGETABLE_EXEC(1 << 6)
+#define UC32_PAGETABLE_EXIST   (1 << 2)
+#define PAGETABLE_TYPE(x)  ((x) & 3)
+
+
+/* Map CPU modes onto saved register banks.  */
+static inline int bank_number(int mode)
+{
+switch (mode) {
+case ASR_MODE_USER:
+case ASR_MODE_SUSR:
+return 0;
+case ASR_MODE_PRIV:
+return 1;
+case ASR_MODE_TRAP:
+return 2;
+case ASR_MODE_EXTN:
+return 3;
+case ASR_MODE_INTR:
+return 4;
+}
+cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
+return -1;
+}
+
 void switch_mode(CPUUniCore32State *env, int mode)
 {
-cpu_abort(env, "%s not supported yet\n", __func__);
+int old_mode;
+int i;
+
+old_mode = env->uncached_asr & ASR_M;
+if (mode == old_mode) {
+return;
+}
+
+i = bank_number(old_mode);
+env->banked_r29[i] = env->regs[29];
+env->banked_r30[i] = env->regs[30];
+env->banked_bsr[i] = env->bsr;
+
+i = bank_number(mode);
+env->regs[29] = env->banked_r29[i];
+env->regs[30] = env->banked_r30[i];
+env->bsr = env->banked_bsr[i];
 }
 
+/* Handle a CPU exception.  */
 void do_interrupt(CPUUniCore32State *env)
 {
-cpu_abort(env, "%s not supported yet\n", __func__);
+uint32_t addr;
+int new_mode;
+
+switch (env->exception_index) {
+case UC32_EXCP_PRIV:
+new_mode = ASR_MODE_PRIV;
+addr = 0x08;
+break;
+case UC32_EXCP_ITRAP:
+DPRINTF("itrap happened at %x\n", env->regs[31]);
+new_mode = ASR_MODE_TRAP;
+addr = 0x0c;
+break;
+case UC32_EXCP_DTRAP:
+DPRINTF("dtrap happened at %x\n", env->regs[31]);
+new_mode = ASR_MODE_TRAP;
+addr = 0x10;
+break;
+case UC32_EXCP_INTR:
+new_mode = ASR_MODE_INTR;
+addr = 0x18;
+break;
+default:
+cpu_abort(env, "Unhandled exception 0x%x\n", env->exception_index);
+return;
+}
+/* High vectors.  */
+if (env->cp0.c1_sys & (1 << 13)) {
+addr += 0x;
+}
+
+switch_mode(env, new_mode);
+env->bsr = cpu_asr_read(env);
+env->uncached_asr = (env->uncached_asr & ~ASR_M) | new_mode;
+env->uncached_asr |= ASR_I;
+/* The PC already points to the proper instruction.  */
+env->regs[30] = env->regs[31];
+env->regs[31] = addr;
+env->interrupt_request |= CPU_INTERRUPT_EXITTB;
+}
+
+static int get_phys_addr_ucv2(CPUUniCore32State *env, uint32_t address,
+int access_type, int is_user, uint32_t *phys_ptr, int *prot,
+target_ulong *page_size)
+{
+int code;
+uint32_t table;
+uint32_t desc;
+uint32_t phys_addr;
+
+/* Pagetable walk.  */
+/* Lookup l1 descriptor.  */
+table = env->cp0.c2_base & 0xf000;
+table |= (address >> 20) & 0xffc;
+desc = ldl_phys(table);
+code = 0;
+switch (PAGETABLE_TYPE(desc)) {
+case 3:
+/* Superpage  */
+if (!(desc & UC32_PAGETABLE_EXIST)) {
+ 

[Qemu-devel] [PATCHv4 11/14] unicore32-softmmu: Add puv3 pm support

[Guan Xuetao]

This patch adds puv3 pm (power management) support,
include pm device simulation for kernel booting.
Thank Blue Swirl for pointing out the missing "break".

Signed-off-by: Guan Xuetao 
---
 hw/Makefile.objs |1 +
 hw/puv3.c|1 +
 hw/puv3_pm.c |  149 ++
 3 files changed, 151 insertions(+), 0 deletions(-)
 create mode 100644 hw/puv3_pm.c

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 093d5a9..ee3b70c 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -70,6 +70,7 @@ hw-obj-$(CONFIG_XILINX_AXI) += xilinx_axienet.o
 hw-obj-$(CONFIG_PUV3) += puv3_intc.o
 hw-obj-$(CONFIG_PUV3) += puv3_ost.o
 hw-obj-$(CONFIG_PUV3) += puv3_gpio.o
+hw-obj-$(CONFIG_PUV3) += puv3_pm.o
 
 # PCI watchdog devices
 hw-obj-$(CONFIG_PCI) += wdt_i6300esb.o
diff --git a/hw/puv3.c b/hw/puv3.c
index 0354cf6..3a14b27 100644
--- a/hw/puv3.c
+++ b/hw/puv3.c
@@ -48,6 +48,7 @@ static void puv3_soc_init(CPUUniCore32State *env)
 }
 
 /* Initialize minimal necessary devices for kernel booting */
+sysbus_create_simple("puv3_pm", PUV3_PM_BASE, NULL);
 sysbus_create_simple("puv3_ost", PUV3_OST_BASE, irqs[PUV3_IRQS_OST0]);
 sysbus_create_varargs("puv3_gpio", PUV3_GPIO_BASE,
 irqs[PUV3_IRQS_GPIOLOW0], irqs[PUV3_IRQS_GPIOLOW1],
diff --git a/hw/puv3_pm.c b/hw/puv3_pm.c
new file mode 100644
index 000..b66fdbe
--- /dev/null
+++ b/hw/puv3_pm.c
@@ -0,0 +1,149 @@
+/*
+ * Power Management device simulation in PKUnity SoC
+ *
+ * Copyright (C) 2010-2012 Guan Xuetao
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or any later version.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw.h"
+#include "sysbus.h"
+
+#undef DEBUG_PUV3
+#include "puv3.h"
+
+typedef struct {
+SysBusDevice busdev;
+MemoryRegion iomem;
+
+uint32_t reg_PMCR;
+uint32_t reg_PCGR;
+uint32_t reg_PLL_SYS_CFG;
+uint32_t reg_PLL_DDR_CFG;
+uint32_t reg_PLL_VGA_CFG;
+uint32_t reg_DIVCFG;
+} PUV3PMState;
+
+static uint64_t puv3_pm_read(void *opaque, target_phys_addr_t offset,
+unsigned size)
+{
+PUV3PMState *s = opaque;
+uint32_t ret;
+
+switch (offset) {
+case 0x14:
+ret = s->reg_PCGR;
+break;
+case 0x18:
+ret = s->reg_PLL_SYS_CFG;
+break;
+case 0x1c:
+ret = s->reg_PLL_DDR_CFG;
+break;
+case 0x20:
+ret = s->reg_PLL_VGA_CFG;
+break;
+case 0x24:
+ret = s->reg_DIVCFG;
+break;
+case 0x28: /* PLL SYS STATUS */
+ret = 0x2401;
+break;
+case 0x2c: /* PLL DDR STATUS */
+ret = 0x00100c00;
+break;
+case 0x30: /* PLL VGA STATUS */
+ret = 0x3801;
+break;
+case 0x34: /* DIV STATUS */
+ret = 0x22f52015;
+break;
+case 0x38: /* SW RESET */
+ret = 0x0;
+break;
+case 0x44: /* PLL DFC DONE */
+ret = 0x7;
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, ret);
+
+return ret;
+}
+
+static void puv3_pm_write(void *opaque, target_phys_addr_t offset,
+uint64_t value, unsigned size)
+{
+PUV3PMState *s = opaque;
+
+switch (offset) {
+case 0x0:
+s->reg_PMCR = value;
+break;
+case 0x14:
+s->reg_PCGR = value;
+break;
+case 0x18:
+s->reg_PLL_SYS_CFG = value;
+break;
+case 0x1c:
+s->reg_PLL_DDR_CFG = value;
+break;
+case 0x20:
+s->reg_PLL_VGA_CFG = value;
+break;
+case 0x24:
+case 0x38:
+break;
+default:
+DPRINTF("Bad offset 0x%x\n", offset);
+}
+DPRINTF("offset 0x%x, value 0x%x\n", offset, value);
+}
+
+static const MemoryRegionOps puv3_pm_ops = {
+.read = puv3_pm_read,
+.write = puv3_pm_write,
+.impl = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int puv3_pm_init(SysBusDevice *dev)
+{
+PUV3PMState *s = FROM_SYSBUS(PUV3PMState, dev);
+
+s->reg_PCGR = 0x0;
+
+memory_region_init_io(&s->iomem, &puv3_pm_ops, s, "puv3_pm",
+PUV3_REGS_OFFSET);
+sysbus_init_mmio(dev, &s->iomem);
+
+return 0;
+}
+
+static void puv3_pm_class_init(ObjectClass *klass, void *data)
+{
+SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
+
+sdc->init = puv3_pm_init;
+}
+
+static const TypeInfo puv3_pm_info = {
+.name = "puv3_pm",
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(PUV3PMState),
+.class_init = puv3_pm_class_init,
+};
+
+static void puv3_pm_register_type(void)
+{
+type_register_static(&puv3_pm_info);
+}
+
+type_init(puv3_pm_register_type)
-- 
1.7.0.4

[Qemu-devel] [PATCHv4 04/14] target-unicore32: Drop UC32_CPUID macros

[Guan Xuetao]

From: Andreas Färber 

Any code that depends on a particular CPU type can now go through
callbacks on the QOM UniCore32CPUClass.

Signed-off-by: Andreas Färber 
---
 target-unicore32/cpu.h |4 
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/target-unicore32/cpu.h b/target-unicore32/cpu.h
index d14fde5..06508a1 100644
--- a/target-unicore32/cpu.h
+++ b/target-unicore32/cpu.h
@@ -122,10 +122,6 @@ void cpu_asr_write(CPUUniCore32State *env1, target_ulong 
val, target_ulong mask)
 #define UC32_HWCAP_CMOV 4 /* 1 << 2 */
 #define UC32_HWCAP_UCF648 /* 1 << 3 */
 
-#define UC32_CPUID(env) (env->cp0.c0_cpuid)
-#define UC32_CPUID_UCV2 0x40010863
-#define UC32_CPUID_ANY  0x
-
 #define cpu_inituc32_cpu_init
 #define cpu_execuc32_cpu_exec
 #define cpu_signal_handler  uc32_cpu_signal_handler
-- 
1.7.0.4

[Qemu-devel] [PULL 0/5] Trivial patches for July 3 to 13 2012

[Stefan Hajnoczi]

The following changes since commit c0958559b1a589a0d189c45ea1adaa6b345f4256:

  iov: Fix do_send_recv() for MinGW (also fixes a build breakage) (2012-07-11 
08:51:50 -0500)

are available in the git repository at:

  git://github.com/stefanha/qemu.git trivial-patches

for you to fetch changes up to 8f67aa8265b7aef104ffab6431048dec8d5656c7:

  make: Remove 'build-all' rule (2012-07-13 10:38:16 +0100)


Amos Kong (1):
  vnc: add a more descriptive error message

Hannes Reinecke (1):
  megasas: mark mfi_frame_desc as 'static'

Michael Tokarev (1):
  qemu-keymaps: Finnish keyboard mapping broken

Stefan Weil (2):
  bitops: Fix documentation
  make: Remove 'build-all' rule

 Makefile   |6 +++---
 bitops.h   |8 
 hw/megasas.c   |2 +-
 pc-bios/keymaps/fi |2 --
 vl.c   |5 -
 5 files changed, 12 insertions(+), 11 deletions(-)

-- 
1.7.10.4

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Christoph Hellwig]

On Fri, Jul 13, 2012 at 12:42:41PM +0200, Kevin Wolf wrote:
> It still feels a bit more like qemu-io-style operations. Not sure what
> your use case looks like exactly, but adding a qemu-io command that
> reads data from a file and writes it at a given offset into the images
> (or vice versa) should be easy. This would be more or less a qemu-dd.

We already have that if you read/write the whole image, it's called
qemu-img convert.

> If you need to get data from stdin or output it to stdout, then it might
> not be the right solution.

That is the use case.  We could appromite it by writing a temp file and
using qemu-img convert, but that's not very efficient.

[Qemu-devel] [PATCH 0/6v2] s390: several sclp patches

[Christian Borntraeger]

This patch-set improve the Service-Call Logical Processor support for s390.
We tried to implement most of the comments that we got from the first patch
review.

We still have code in hw/ since sclp supports features like console etc.
target-s390/op_helper.c now handles the basic checks for the instruction
itself and then passes control to the sclp code, which then parses the
commands.

Patch 1 is a bugfix for the current code, dealing with error and condition
code handling. Patch 2 adds/changes some base SCLP support. Patch 3 adds code
to support the SCLP commands Write Event Mask, Write Event Data, and
Read Event Data. Patch 4 and 5 add code to implement the commands for the
particular SCLP events Signal Quiesce (system_powerdown), and ASCII Console
data.
Patch 6 (s390: make sclp ascii console the default) is currently optional
as it requires a kernel fix in the guest
(http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=cd1834591fe9564720ac4b0193bf1c790fe89f0d
KVM: s390: Perform early event mask processing during boot)

Thanks

Christian Borntraeger (2):
  s390: Fix error handling and condition code of service call
  s390: make sclp ascii console the default

Heinz Graalfs (4):
  s390: sclp base support
  s390: sclp event support
  s390: sclp signal quiesce support
  s390: sclp ascii console support

 hw/s390-event-facility.c |  418 ++
 hw/s390-event-facility.h |  107 
 hw/s390-sclp.c   |  185 
 hw/s390-sclp.h   |  123 ++
 hw/s390-sclpconsole.c|  313 ++
 hw/s390-sclpquiesce.c|  113 +
 hw/s390-virtio.c |4 +-
 hw/s390x/Makefile.objs   |1 +
 target-s390x/cpu.c   |   17 ++
 target-s390x/cpu.h   |   18 +-
 target-s390x/kvm.c   |   10 +-
 target-s390x/op_helper.c |   68 +++-
 vl.c |   40 +
 13 files changed, 1351 insertions(+), 66 deletions(-)
 create mode 100644 hw/s390-event-facility.c
 create mode 100644 hw/s390-event-facility.h
 create mode 100644 hw/s390-sclp.c
 create mode 100644 hw/s390-sclp.h
 create mode 100644 hw/s390-sclpconsole.c
 create mode 100644 hw/s390-sclpquiesce.c

-- 
1.7.10.5

[Qemu-devel] [PATCH 2/6] s390: sclp base support

[Christian Borntraeger]

From: Heinz Graalfs 

This adds a more generic infrastructure for handling Service-Call
requests on s390. Currently we only support a small subset of Read
SCP Info directly in target-s390x. This patch provides the base
infrastructure for supporting more commands and moves Read SCP
Info.
In the future we could add additional commands for hotplug, call
home and event handling.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
---
 hw/s390-sclp.c   |  148 ++
 hw/s390-sclp.h   |   80 +
 hw/s390-virtio.c |3 +
 hw/s390x/Makefile.objs   |1 +
 target-s390x/cpu.c   |   17 ++
 target-s390x/cpu.h   |   18 ++
 target-s390x/kvm.c   |5 +-
 target-s390x/op_helper.c |   45 ++
 8 files changed, 261 insertions(+), 56 deletions(-)
 create mode 100644 hw/s390-sclp.c
 create mode 100644 hw/s390-sclp.h

diff --git a/hw/s390-sclp.c b/hw/s390-sclp.c
new file mode 100644
index 000..74a3e66
--- /dev/null
+++ b/hw/s390-sclp.c
@@ -0,0 +1,148 @@
+/*
+ * SCLP Support
+ *
+ * Copyright IBM, Corp. 2007, 2012
+ *
+ * Authors:
+ *  Christian Borntraeger 
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "cpu.h"
+#include "kvm.h"
+#include "sysbus.h"
+
+#include "s390-sclp.h"
+
+/* Provide information about the configuration, CPUs and storage */
+static int read_SCP_info(SCCB *sccb)
+{
+ReadInfo *read_info = (ReadInfo *) sccb;
+int shift = 0;
+
+while ((ram_size >> (20 + shift)) > 65535) {
+shift++;
+}
+read_info->rnmax = cpu_to_be16(ram_size >> (20 + shift));
+read_info->rnsize = 1 << shift;
+sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
+
+return 0;
+}
+
+static int sclp_execute(SCCB *sccb, uint64_t code)
+{
+int r = 0;
+
+switch (code) {
+case SCLP_CMDW_READ_SCP_INFO:
+case SCLP_CMDW_READ_SCP_INFO_FORCED:
+r = read_SCP_info(sccb);
+break;
+default:
+#ifdef DEBUG_HELPER
+printf("KVM: invalid sclp call 0x%x / 0x%" PRIx64 "x\n", sccb, code);
+#endif
+sccb->h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND);
+break;
+}
+return r;
+}
+
+int do_sclp_service_call(uint32_t sccb, uint64_t code)
+{
+int r = 0;
+SCCB work_sccb;
+
+target_phys_addr_t sccb_len = sizeof(SCCB);
+
+/*
+ * we want to work on a private copy of the sccb, to prevent guests
+ * from playing dirty tricks by modifying the memory content after
+ * the host has checked the values
+ */
+cpu_physical_memory_read(sccb, &work_sccb, sccb_len);
+
+/* Valid sccb sizes */
+if (be16_to_cpu(work_sccb.h.length) < 8 ||
+be16_to_cpu(work_sccb.h.length) > 4096) {
+r = -PGM_SPECIFICATION;
+goto out;
+}
+
+r = sclp_execute((SCCB *)&work_sccb, code);
+
+cpu_physical_memory_write(sccb, &work_sccb,
+  be16_to_cpu(work_sccb.h.length));
+if (!r) {
+sclp_service_interrupt(sccb);
+}
+
+out:
+return r;
+}
+
+void sclp_service_interrupt(uint32_t sccb)
+{
+if (!sccb) {
+return;
+}
+s390_sclp_extint(sccb & ~3);
+}
+
+/* qemu object creation and initialization functions */
+
+#define S390_SCLP_BUS(obj) OBJECT_CHECK(SCLPS390Bus, (obj), TYPE_S390_SCLP_BUS)
+static const TypeInfo s390_sclp_bus_info = {
+.name = TYPE_S390_SCLP_BUS,
+.parent = TYPE_BUS,
+.instance_size = sizeof(SCLPS390Bus),
+ };
+
+SCLPS390Bus *s390_sclp_bus_init(void)
+{
+SCLPS390Bus *bus;
+BusState *bus_state;
+DeviceState *dev;
+
+dev = qdev_create(NULL, "s390-sclp-bridge");
+qdev_init_nofail(dev);
+
+bus_state = qbus_create(TYPE_S390_SCLP_BUS, dev, "s390-sclp-bus");
+bus_state->allow_hotplug = 0;
+
+bus = DO_UPCAST(SCLPS390Bus, bus, bus_state);
+return bus;
+}
+
+static int s390_sclp_bridge_init(SysBusDevice *dev)
+{
+return 0;
+}
+
+static void s390_sclp_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
+
+k->init = s390_sclp_bridge_init;
+dc->no_user = 1;
+}
+
+static TypeInfo s390_sclp_bridge_info = {
+.name  = "s390-sclp-bridge",
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(SysBusDevice),
+.class_init= s390_sclp_bridge_class_init,
+};
+
+static void s390_sclp_register_types(void)
+{
+type_register_static(&s390_sclp_bridge_info);
+type_register_static(&s390_sclp_bus_info);
+}
+type_init(s390_sclp_register_types)
diff --git a/hw/s390-sclp.h b/hw/s390-sclp.h
new file mode 100644
index 000..f7bf140
--- /dev/null
+++ b/hw/s390-sclp.h
@@ -0,0 +1,80 @@
+/*
+ * SCLP Support
+ *
+ * Copyright IBM, Corp. 2007, 2012
+ *
+ * Authors:
+ *  Christian Borntraeger 
+ *
+ * This 

[Qemu-devel] [PATCH 4/6] s390: sclp signal quiesce support

[Christian Borntraeger]

From: Heinz Graalfs 

This implements the sclp signal quiesce event via the SCLP Event
Facility.
This allows to gracefully shutdown a guest by using system_powerdown.
It creates a service interrupt that will trigger a Read Event Data
command from the guest. This code will then add an event that is
interpreted by linux guests as ctrl-alt-del.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
---
 hw/s390-event-facility.c |6 +++
 hw/s390-sclpquiesce.c|  113 ++
 hw/s390x/Makefile.objs   |2 +-
 3 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 hw/s390-sclpquiesce.c

diff --git a/hw/s390-event-facility.c b/hw/s390-event-facility.c
index 42ac102..e3c9c56 100644
--- a/hw/s390-event-facility.c
+++ b/hw/s390-event-facility.c
@@ -335,6 +335,7 @@ static int command_handler(SCCB *sccb, uint64_t code)
 static int init_event_facility(S390SCLPDevice *sdev)
 {
 SCLPEventFacility *event_facility;
+DeviceState *quiesce;
 
 event_facility = g_malloc0(sizeof(SCLPEventFacility));
 sdev->instance = event_facility;
@@ -348,6 +349,11 @@ static int init_event_facility(S390SCLPDevice *sdev)
 event_facility->sbus.event_facility = event_facility;
 event_facility->qdev = (DeviceState *) sdev;
 
+quiesce = qdev_create(&event_facility->sbus.qbus, "sclpquiesce");
+if (!quiesce) {
+return -1;
+}
+qdev_init_nofail(quiesce);
 
 return 0;
 }
diff --git a/hw/s390-sclpquiesce.c b/hw/s390-sclpquiesce.c
new file mode 100644
index 000..405664a
--- /dev/null
+++ b/hw/s390-sclpquiesce.c
@@ -0,0 +1,113 @@
+/*
+ * SCLP event type
+ *Signal Quiesce - trigger system powerdown request
+ *
+ * Copyright IBM, Corp. 2007, 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+#include "qdev.h"
+#include "sysemu.h"
+
+#include "s390-sclp.h"
+#include "s390-event-facility.h"
+
+typedef struct SignalQuiesce {
+EventBufferHeader ebh;
+uint16_t timeout;
+uint8_t unit;
+} __attribute__((packed)) SignalQuiesce;
+
+static int event_type(void)
+{
+return SCLP_EVENT_SIGNAL_QUIESCE;
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_SIGNAL_QUIESCE;
+}
+
+static unsigned int receive_mask(void)
+{
+return 0;
+}
+
+static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
+   int *slen)
+{
+SignalQuiesce *sq = (SignalQuiesce *) evt_buf_hdr;
+
+if (*slen < sizeof(SignalQuiesce)) {
+return 0;
+}
+
+if (!event->event_pending) {
+return 0;
+}
+event->event_pending = false;
+
+sq->ebh.length = cpu_to_be16(sizeof(SignalQuiesce));
+sq->ebh.type = SCLP_EVENT_SIGNAL_QUIESCE;
+sq->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+/*
+ * system_powerdown does not have a timeout. Fortunately the
+ * timeout value is currently ignored by Linux, anyway
+ */
+sq->timeout = cpu_to_be16(0);
+sq->unit = cpu_to_be16(0);
+*slen -= sizeof(SignalQuiesce);
+
+return 1;
+}
+
+static void trigger_signal_quiesce(void *opaque, int n, int level)
+{
+SCLPEvent *event = opaque;
+
+event->event_pending = true;
+/* trigger SCLP read operation */
+sclp_service_interrupt(0);
+}
+
+static int quiesce_init(SCLPEvent *event)
+{
+event->event_type = SCLP_EVENT_SIGNAL_QUIESCE;
+qemu_system_powerdown = *qemu_allocate_irqs(trigger_signal_quiesce,
+event, 1);
+qemu_mutex_init(&event->lock);
+
+return 0;
+}
+
+static void quiesce_class_init(ObjectClass *klass, void *data)
+{
+SCLPEventClass *k = SCLP_EVENT_CLASS(klass);
+
+k->init = quiesce_init;
+
+k->get_send_mask = send_mask;
+k->get_receive_mask = receive_mask;
+k->event_type = event_type;
+k->read_event_data = read_event_data;
+k->write_event_data = NULL;
+}
+
+static TypeInfo sclp_quiesce_info = {
+.name  = "sclpquiesce",
+.parent= TYPE_SCLP_EVENT,
+.instance_size = sizeof(SCLPEvent),
+.class_init= quiesce_class_init,
+.class_size= sizeof(SCLPEventClass),
+};
+
+static void register_types(void)
+{
+type_register_static(&sclp_quiesce_info);
+}
+type_init(register_types)
diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 5ebde3b..a3ab189 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -1,4 +1,4 @@
 obj-y = s390-virtio-bus.o s390-virtio.o
-obj-y += s390-sclp.o s390-event-facility.o
+obj-y += s390-sclp.o s390-event-facility.o s390-sclpquiesce.o
 
 obj-y := $(addprefix ../,$(obj-y))
-- 
1.7.10.5

[Qemu-devel] [PATCH 3/6] s390: sclp event support

[Christian Borntraeger]

From: Heinz Graalfs 

Several SCLP features are considered to be events. Those events don't
provide SCLP commands on their own, instead they are all based on
Read Event Data, Write Event Data, Write Event Mask and the service
interrupt. Follow-on patches will provide SCLP's Signal Quiesce (via
system_powerdown) and the ASCII console.
Further down the road the sclp line mode console and configuration
change events (e.g. cpu hotplug) can be implemented.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
---
 hw/s390-event-facility.c |  412 ++
 hw/s390-event-facility.h |  107 
 hw/s390-sclp.c   |   49 +-
 hw/s390-sclp.h   |   43 +
 hw/s390x/Makefile.objs   |2 +-
 5 files changed, 606 insertions(+), 7 deletions(-)
 create mode 100644 hw/s390-event-facility.c
 create mode 100644 hw/s390-event-facility.h

diff --git a/hw/s390-event-facility.c b/hw/s390-event-facility.c
new file mode 100644
index 000..42ac102
--- /dev/null
+++ b/hw/s390-event-facility.c
@@ -0,0 +1,412 @@
+/*
+ * SCLP
+ *Event Facility
+ *   handles SCLP event types
+ *  - Signal Quiesce - system power down
+ *  - ASCII Console Data - VT220 read and write
+ *
+ * Copyright IBM, Corp. 2007, 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "monitor.h"
+#include "sysemu.h"
+
+#include "s390-sclp.h"
+#include "s390-event-facility.h"
+
+typedef struct EventTypes {
+BusState qbus;
+SCLPEventFacility *event_facility;
+} EventTypes;
+
+struct SCLPEventFacility {
+EventTypes sbus;
+DeviceState *qdev;
+/* guest' receive mask */
+unsigned int receive_mask;
+};
+
+/* return true if any child has event pending set */
+static bool event_pending(void)
+{
+BusChild *kid;
+SCLPEvent *event;
+
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+event = DO_UPCAST(SCLPEvent, qdev, qdev);
+lock(event);
+if (event->event_pending) {
+unlock(event);
+return true;
+}
+unlock(event);
+}
+return false;
+}
+
+static unsigned int get_host_send_mask(void)
+{
+unsigned int mask;
+BusChild *kid;
+SCLPEventClass *child;
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+mask = 0;
+
+QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
+mask |= child->get_send_mask();
+}
+return mask;
+}
+
+static unsigned int get_host_receive_mask(void)
+{
+unsigned int mask;
+BusChild *kid;
+SCLPEventClass *child;
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+mask = 0;
+
+QTAILQ_FOREACH(kid, &event_facility->sbus.qbus.children, sibling) {
+DeviceState *qdev = kid->child;
+child = SCLP_EVENT_GET_CLASS((SCLPEvent *) qdev);
+mask |= child->get_receive_mask();
+}
+return mask;
+}
+
+static inline void set_guest_receive_mask(unsigned int mask)
+{
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+event_facility->receive_mask = mask;
+}
+
+static inline unsigned int get_guest_receive_mask(void)
+{
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+return event_facility->receive_mask;
+}
+
+static int check_sccb_events(SCCB *sccb)
+{
+int slen;
+unsigned elen = 0;
+EventBufferHeader *event;
+WriteEventData *wed = (WriteEventData *) sccb;
+
+event = (EventBufferHeader *) &wed->ebh;
+for (slen = be16_to_cpu(sccb->h.length) - sizeof(sccb->h);
+ slen > 0; slen -= elen) {
+elen = be16_to_cpu(event->length);
+if (elen < sizeof(*event) || elen > slen) {
+sccb->h.response_code =
+cpu_to_be16(SCLP_RC_EVENT_BUFFER_SYNTAX_ERROR);
+return 1;
+}
+event = (void *) event + elen;
+}
+if (slen) {
+sccb->h.response_code = cpu_to_be16(SCLP_RC_INCONSISTENT_LENGTHS);
+return 1;
+}
+return 0;
+}
+
+static void handle_sccb_write_events(SCCB *sccb)
+{
+int slen;
+unsigned elen = 0;
+EventBufferHeader *event_buf;
+BusChild *kid;
+SCLPEvent *event;
+SCLPEventClass *ec;
+
+WriteEventData *wed = (WriteEventData *) sccb;
+
+SCLPEventFacility *event_facility = sclp_bus->event_facility->instance;
+
+event_buf = &wed->ebh;
+
+/* loop over all contained event buffers */
+for (slen = be16_to_cpu(sccb->h.length) - sizeof(sccb->h);
+ slen > 0; slen -= elen) {
+elen = be16_to_cpu(event_buf->length);
+
+   

[Qemu-devel] [PATCH 5/6] s390: sclp ascii console support

[Christian Borntraeger]

From: Heinz Graalfs 

This code adds console support  by implementing SCLP's ASCII Console
Data event.
This is the same console as LPARs ASCII console or z/VMs sysascii.

When data is received from the character layer it creates a service
interrupt to trigger a Read Event Data command from the guest that will
pick up the received character byte-stream.
When characters are echo'ed by the linux guest a Write Event Data occurs
which is forwarded by the Event Facility to the console that supports
a corresponding mask value.
Console resizing is not supported.
The character layer byte-stream is buffered using a fixed size iov
buffer.

Signed-off-by: Heinz Graalfs 
Signed-off-by: Christian Borntraeger 
---
 hw/s390-sclpconsole.c  |  313 
 hw/s390x/Makefile.objs |2 +-
 2 files changed, 314 insertions(+), 1 deletion(-)
 create mode 100644 hw/s390-sclpconsole.c

diff --git a/hw/s390-sclpconsole.c b/hw/s390-sclpconsole.c
new file mode 100644
index 000..db692d2
--- /dev/null
+++ b/hw/s390-sclpconsole.c
@@ -0,0 +1,313 @@
+/*
+ * SCLP event type
+ *Ascii Console Data (VT220 Console)
+ *
+ * Copyright IBM, Corp. 2007, 2012
+ *
+ * Authors:
+ *  Heinz Graalfs 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qdev.h"
+#include "qemu-thread.h"
+
+#include "s390-sclp.h"
+#include "s390-event-facility.h"
+
+typedef struct ASCIIConsoleData {
+EventBufferHeader ebh;
+char data[0];
+} __attribute__((packed)) ASCIIConsoleData;
+
+qemu_irq sclp_read_vt220;
+
+/* max size for ASCII data in 4K SCCB page */
+#define SIZE_BUFFER_VT220 4080
+
+typedef struct SCLPConsole {
+SCLPEvent event;
+CharDriverState *chr;
+/* io vector   */
+uint8_t *iov;   /* iov buffer pointer  */
+uint8_t *iov_sclp;  /* pointer to SCLP read offset */
+uint8_t *iov_bs;/* pointer byte stream read offset */
+uint32_t iov_data_len;  /* length of byte stream in buffer */
+uint32_t iov_sclp_rest; /* length of byte stream not read via SCLP */
+} SCLPConsole;
+
+/* character layer call-back functions */
+
+/* Return number of bytes that fit into iov buffer */
+static int chr_can_read(void *opaque)
+{
+int can_read;
+SCLPConsole *scon = opaque;
+
+qemu_mutex_lock(&scon->event.lock);
+can_read = SIZE_BUFFER_VT220 - scon->iov_data_len;
+qemu_mutex_unlock(&scon->event.lock);
+
+return can_read;
+}
+
+/* Receive n bytes from character layer, save in iov buffer,
+ * and set event pending */
+static void receive_from_chr_layer(void *opaque, const uint8_t *buf, int size)
+{
+SCLPConsole *scon = opaque;
+
+qemu_mutex_lock(&scon->event.lock);
+
+/* if new data do not fit into current buffer */
+if (scon->iov_data_len + size > SIZE_BUFFER_VT220) {
+/* character layer sent more than allowed */
+qemu_mutex_unlock(&scon->event.lock);
+return;
+}
+/* put byte-stream from character layer into buffer */
+memcpy(scon->iov_bs, buf, size);
+scon->iov_data_len += size;
+scon->iov_sclp_rest += size;
+scon->iov_bs += size;
+scon->event.event_pending = true;
+
+qemu_mutex_unlock(&scon->event.lock);
+}
+
+/* Send data from a char device over to the guest */
+static void chr_read(void *opaque, const uint8_t *buf, int size)
+{
+receive_from_chr_layer(opaque, buf, size);
+/* trigger SCLP read operation */
+qemu_irq_raise(sclp_read_vt220);
+}
+
+static void chr_event(void *opaque, int event)
+{
+SCLPConsole *scon = opaque;
+
+switch (event) {
+case CHR_EVENT_OPENED:
+if (!scon->iov) {
+scon->iov = g_malloc0(SIZE_BUFFER_VT220);
+scon->iov_sclp = scon->iov;
+scon->iov_bs = scon->iov;
+scon->iov_data_len = 0;
+scon->iov_sclp_rest = 0;
+}
+break;
+case CHR_EVENT_CLOSED:
+if (scon->iov) {
+g_free(scon->iov);
+scon->iov = NULL;
+}
+break;
+}
+}
+
+/* functions to be called by event facility */
+
+static int event_type(void)
+{
+return SCLP_EVENT_ASCII_CONSOLE_DATA;
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+static unsigned int receive_mask(void)
+{
+return SCLP_EVENT_MASK_MSG_ASCII;
+}
+
+/* triggered by SCLP's read_event_data -
+ * copy console data byte-stream into provided (SCLP) buffer
+ * returns -1 if no event data pending
+ * */
+static void get_console_data(SCLPEvent *event, uint8_t *buf, size_t *size,
+int avail)
+{
+SCLPConsole *cons = DO_UPCAST(SCLPConsole, event, event);
+
+/* first byte is hex 0 saying an ascii string follows */
+*buf++ = '\0';
+avail--;
+/* if all data fit into provided SCLP buffer */
+if (avail >

[Qemu-devel] [PATCH 1/6] s390: Fix error handling and condition code of service call

[Christian Borntraeger]

Invalid sccb addresses will cause specification or addressing exception.
Lets add those checks. Furthermore, the good case (cc=0) was incorrect
for KVM, we did not set the CC at all.

Signed-off-by: Christian Borntraeger 
---
 target-s390x/kvm.c   |5 +++--
 target-s390x/op_helper.c |   27 ++-
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index ec08dd0..654f87d 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -238,9 +238,10 @@ static int kvm_sclp_service_call(CPUS390XState *env, 
struct kvm_run *run,
 code = env->regs[(ipbh0 & 0xf0) >> 4];
 
 r = sclp_service_call(env, sccb, code);
-if (r) {
-setcc(env, 3);
+if (r < 0) {
+enter_pgmcheck(env, -r);
 }
+setcc(env, r);
 
 return 0;
 }
diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 7b72473..91dd8dc 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -19,6 +19,8 @@
  */
 
 #include "cpu.h"
+#include "memory.h"
+#include "cputlb.h"
 #include "dyngen-exec.h"
 #include "host-utils.h"
 #include "helper.h"
@@ -2366,6 +2368,9 @@ static void ext_interrupt(CPUS390XState *env, int type, 
uint32_t param,
 cpu_inject_ext(env, type, param, param64);
 }
 
+/*
+ * ret < 0 indicates program check, ret = 0,1,2,3 -> cc
+ */
 int sclp_service_call(CPUS390XState *env, uint32_t sccb, uint64_t code)
 {
 int r = 0;
@@ -2375,10 +2380,12 @@ int sclp_service_call(CPUS390XState *env, uint32_t 
sccb, uint64_t code)
 printf("sclp(0x%x, 0x%" PRIx64 ")\n", sccb, code);
 #endif
 
+/* basic checks */
+if (!memory_region_is_ram(phys_page_find(sccb >> TARGET_PAGE_BITS)->mr)) {
+return -PGM_ADDRESSING;
+}
 if (sccb & ~0x7ff8ul) {
-fprintf(stderr, "KVM: invalid sccb address 0x%x\n", sccb);
-r = -1;
-goto out;
+return -PGM_SPECIFICATION;
 }
 
 switch(code) {
@@ -2405,22 +2412,24 @@ int sclp_service_call(CPUS390XState *env, uint32_t 
sccb, uint64_t code)
 #ifdef DEBUG_HELPER
 printf("KVM: invalid sclp call 0x%x / 0x%" PRIx64 "x\n", sccb, 
code);
 #endif
-r = -1;
+r = 3;
 break;
 }
 
-out:
 return r;
 }
 
 /* SCLP service call */
 uint32_t HELPER(servc)(uint32_t r1, uint64_t r2)
 {
-if (sclp_service_call(env, r1, r2)) {
-return 3;
-}
+int r;
 
-return 0;
+r = sclp_service_call(env, r1, r2);
+if (r < 0) {
+program_interrupt(env, -r, 4);
+return 0;
+}
+return r;
 }
 
 /* DIAG */
-- 
1.7.10.5

[Qemu-devel] [PATCH 6/6] s390: make sclp ascii console the default

[Christian Borntraeger]

This patch makes the sclp ascii default for S390.

Signed-off-by: Christian Borntraeger 
---
 hw/s390-virtio.c |1 -
 vl.c |   40 
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/hw/s390-virtio.c b/hw/s390-virtio.c
index 577fcee..ae53da2 100644
--- a/hw/s390-virtio.c
+++ b/hw/s390-virtio.c
@@ -342,7 +342,6 @@ static QEMUMachine s390_machine = {
 .no_serial = 1,
 .no_parallel = 1,
 .no_sdcard = 1,
-.use_virtcon = 1,
 .max_cpus = 255,
 .is_default = 1,
 };
diff --git a/vl.c b/vl.c
index 1329c30..42741e9 100644
--- a/vl.c
+++ b/vl.c
@@ -168,6 +168,7 @@ int main(int argc, char **argv)
 #define DEFAULT_RAM_SIZE 128
 
 #define MAX_VIRTIO_CONSOLES 1
+#define MAX_SCLP_CONSOLES   1
 
 static const char *data_dir;
 const char *bios_name = NULL;
@@ -195,6 +196,7 @@ int no_quit = 0;
 CharDriverState *serial_hds[MAX_SERIAL_PORTS];
 CharDriverState *parallel_hds[MAX_PARALLEL_PORTS];
 CharDriverState *virtcon_hds[MAX_VIRTIO_CONSOLES];
+CharDriverState *sclpcon_hds[MAX_SCLP_CONSOLES];
 int win2k_install_hack = 0;
 int usb_enabled = 0;
 int singlestep = 0;
@@ -268,6 +270,7 @@ static int default_floppy = 1;
 static int default_cdrom = 1;
 static int default_sdcard = 1;
 static int default_vga = 1;
+static int default_sclpcon = 1;
 
 static struct {
 const char *driver;
@@ -289,6 +292,7 @@ static struct {
 { .driver = "isa-cirrus-vga",   .flag = &default_vga   },
 { .driver = "vmware-svga",  .flag = &default_vga   },
 { .driver = "qxl-vga",  .flag = &default_vga   },
+{ .driver = "s390-sclp",.flag = &default_sclpcon   },
 };
 
 static void res_free(void)
@@ -1936,6 +1940,7 @@ struct device_config {
 DEV_VIRTCON,   /* -virtioconsole */
 DEV_DEBUGCON,  /* -debugcon */
 DEV_GDB,   /* -gdb, -s */
+DEV_SCLPCON,   /* sclp console */
 } type;
 const char *cmdline;
 Location loc;
@@ -2015,6 +2020,36 @@ static int parallel_parse(const char *devname)
 return 0;
 }
 
+static int sclpcon_parse(const char *devname)
+{
+QemuOptsList *device = qemu_find_opts("device");
+static int index = 0;
+char label[32];
+QemuOpts *dev_opts;
+
+if (strcmp(devname, "none") == 0)
+return 0;
+if (index == MAX_SCLP_CONSOLES) {
+fprintf(stderr, "qemu: too many sclp consoles\n");
+exit(1);
+}
+
+dev_opts = qemu_opts_create(device, NULL, 0, NULL);
+qemu_opt_set(dev_opts, "driver", "sclpconsole");
+
+snprintf(label, sizeof(label), "sclpcon%d", index);
+sclpcon_hds[index] = qemu_chr_new(label, devname, NULL);
+if (!sclpcon_hds[index]) {
+fprintf(stderr, "qemu: could not open sclp console '%s': %s\n",
+devname, strerror(errno));
+return -1;
+}
+qemu_opt_set(dev_opts, "chardev", label);
+
+index++;
+return 0;
+}
+
 static int virtcon_parse(const char *devname)
 {
 QemuOptsList *device = qemu_find_opts("device");
@@ -3123,6 +3158,7 @@ int main(int argc, char **argv, char **envp)
 default_cdrom = 0;
 default_sdcard = 0;
 default_vga = 0;
+default_sclpcon = 0;
 break;
 case QEMU_OPTION_xen_domid:
 if (!(xen_available())) {
@@ -3304,6 +3340,8 @@ int main(int argc, char **argv, char **envp)
 add_device_config(DEV_PARALLEL, "null");
 if (default_serial && default_monitor) {
 add_device_config(DEV_SERIAL, "mon:stdio");
+} else if (default_sclpcon && default_monitor) {
+add_device_config(DEV_SCLPCON, "mon:stdio");
 } else if (default_virtcon && default_monitor) {
 add_device_config(DEV_VIRTCON, "mon:stdio");
 } else {
@@ -3491,6 +3529,8 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 if (foreach_device_config(DEV_PARALLEL, parallel_parse) < 0)
 exit(1);
+if (foreach_device_config(DEV_SCLPCON, sclpcon_parse) < 0)
+exit(1);
 if (foreach_device_config(DEV_VIRTCON, virtcon_parse) < 0)
 exit(1);
 if (foreach_device_config(DEV_DEBUGCON, debugcon_parse) < 0)
-- 
1.7.10.5

[Qemu-devel] [PATCH 2/5] bitops: Fix documentation

[Stefan Hajnoczi]

From: Stefan Weil 

Signed-off-by: Stefan Weil 
Reviewed-by: Peter Maydell 
Signed-off-by: Stefan Hajnoczi 
---
 bitops.h |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bitops.h b/bitops.h
index b967ef3..c456232 100644
--- a/bitops.h
+++ b/bitops.h
@@ -319,8 +319,8 @@ static inline uint64_t extract64(uint64_t value, int start, 
int length)
  * @value. Bits of @value outside the bit field are not modified.
  * Bits of @fieldval above the least significant @length bits are
  * ignored. The bit field must lie entirely within the 32 bit word.
- * It is valid to request that all 64 bits are modified (ie @length
- * 64 and @start 0).
+ * It is valid to request that all 32 bits are modified (ie @length
+ * 32 and @start 0).
  *
  * Returns: the modified @value.
  */
@@ -334,7 +334,7 @@ static inline uint32_t deposit32(uint32_t value, int start, 
int length,
 }
 
 /**
- * deposit32:
+ * deposit64:
  * @value: initial value to insert bit field into
  * @start: the lowest bit in the bit field (numbered from 0)
  * @length: the length of the bit field
@@ -344,7 +344,7 @@ static inline uint32_t deposit32(uint32_t value, int start, 
int length,
  * by the @start and @length parameters, and return the modified
  * @value. Bits of @value outside the bit field are not modified.
  * Bits of @fieldval above the least significant @length bits are
- * ignored. The bit field must lie entirely within the 32 bit word.
+ * ignored. The bit field must lie entirely within the 64 bit word.
  * It is valid to request that all 64 bits are modified (ie @length
  * 64 and @start 0).
  *
-- 
1.7.10.4

[Qemu-devel] [PATCH 5/5] make: Remove 'build-all' rule

[Stefan Hajnoczi]

From: Stefan Weil 

It is not needed, because the 'all' rule does the same.

Signed-off-by: Stefan Weil 
Signed-off-by: Stefan Hajnoczi 
---
 Makefile |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 34d6a9e..6eeabd0 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ BUILD_DIR=$(CURDIR)
 # All following code might depend on configuration variables
 ifneq ($(wildcard config-host.mak),)
 # Put the all: rule here so that config-host.mak can contain dependencies.
-all: build-all
+all:
 include config-host.mak
 include $(SRC_PATH)/rules.mak
 config-host.mak: $(SRC_PATH)/configure
@@ -31,7 +31,7 @@ Makefile: ;
 configure: ;
 
 .PHONY: all clean cscope distclean dvi html info install install-doc \
-   pdf recurse-all speed tar tarbin test build-all
+   pdf recurse-all speed tar tarbin test
 
 $(call set-vpath, $(SRC_PATH))
 
@@ -82,7 +82,7 @@ defconfig:
 
 -include config-all-devices.mak
 
-build-all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all
+all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all
 
 config-host.h: config-host.h-timestamp
 config-host.h-timestamp: config-host.mak
-- 
1.7.10.4

Re: [Qemu-devel] [RFC] introduce a dynamic library to expose qemu block API

[Kevin Wolf]

Am 13.07.2012 11:43, schrieb Stefan Hajnoczi:
> On Fri, Jul 13, 2012 at 11:27:55AM +0200, Christoph Hellwig wrote:
>> On Fri, Jul 13, 2012 at 10:13:15AM +0100, Stefan Hajnoczi wrote:
>>> How is that different from all the qemu-io commands?
>>
>> qemu-io has no modes to just dumb the output without additional
>> information / statistics or for the write case just take user input
>> instead of a pattern.  I actually tried to add raw arguments to
>> qemu-io, which still worked ou ok for reads but started to get
>> fairly ugly for the write.
>>
>> What I use in production right now is a trivial qemu-cat tool that
>> just does the raw reads and writes, but I think adding it as a new
>> sub command to qemu-img instead of another tool seems a bit cleaner.
>>
>> If you and Kevin or Anthony disagree and want the qemu-cat tool I can
>> submit a patch for that instead.
> 
> Okay, I see what you mean.  I have used the hex output mode (when you
> use the verbose option) but it's not raw.
> 
> Sounds like you want a qemu-dd :).  I think adding that to qemu-img is
> fine though since it's already the tool that users are familiar with for
> image file manipulation and that gets shipped.

It still feels a bit more like qemu-io-style operations. Not sure what
your use case looks like exactly, but adding a qemu-io command that
reads data from a file and writes it at a given offset into the images
(or vice versa) should be easy. This would be more or less a qemu-dd.

If you need to get data from stdin or output it to stdout, then it might
not be the right solution.

Kevin

[Qemu-devel] [PATCH 4/5] qemu-keymaps: Finnish keyboard mapping broken

[Stefan Hajnoczi]

From: Michael Tokarev 

As mentioned in http://bugs.debian.org/660154 , finnish keyboard mapping
is kind of broken.  Fix it as Timo Sirainen suggests in #660154.

Signed-off-by: Michael Tokarev 
Signed-off-by: Stefan Hajnoczi 
---
 pc-bios/keymaps/fi |2 --
 1 file changed, 2 deletions(-)

diff --git a/pc-bios/keymaps/fi b/pc-bios/keymaps/fi
index 2a4e0f0..4be7586 100644
--- a/pc-bios/keymaps/fi
+++ b/pc-bios/keymaps/fi
@@ -99,9 +99,7 @@ asterisk 0x2b shift
 acute 0x2b altgr
 multiply 0x2b shift altgr
 guillemotleft 0x2c altgr
-less 0x2c shift altgr
 guillemotright 0x2d altgr
-greater 0x2d shift altgr
 copyright 0x2e altgr
 leftdoublequotemark 0x2f altgr
 grave 0x2f shift altgr
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/5] megasas: mark mfi_frame_desc as 'static'

[Stefan Hajnoczi]

From: Hannes Reinecke 

Suggested by blue swirl. Patch is on top of Paolo's
scsi-next tree.

Signed-off-by: Hannes Reinecke 
Cc: Paolo Bonzini 
Cc: Blue Swirl 
Signed-off-by: Stefan Hajnoczi 
---
 hw/megasas.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/megasas.c b/hw/megasas.c
index b48836f..b99fa97 100644
--- a/hw/megasas.c
+++ b/hw/megasas.c
@@ -45,7 +45,7 @@
 #define MEGASAS_FLAG_USE_QUEUE64   2
 #define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
 
-const char *mfi_frame_desc[] = {
+static const char *mfi_frame_desc[] = {
 "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
 "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 3/5] vnc: add a more descriptive error message

[Stefan Hajnoczi]

From: Amos Kong 

Currently qemu outputs some low-level error in qemu-sockets.c
when failed to start vnc server.
eg. 'getaddrinfo(127.0.0.1,5902): Name or service not known'

Some libvirt users could not know what's happened with this
unclear error message. This patch added a more descriptive
error message.

Signed-off-by: Amos Kong 
Reviewed-by: Michael Tokarev 
Signed-off-by: Stefan Hajnoczi 
---
 vl.c |5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/vl.c b/vl.c
index 2e140f5..46248b9 100644
--- a/vl.c
+++ b/vl.c
@@ -3584,8 +3584,11 @@ int main(int argc, char **argv, char **envp)
 /* init remote displays */
 if (vnc_display) {
 vnc_display_init(ds);
-if (vnc_display_open(ds, vnc_display) < 0)
+if (vnc_display_open(ds, vnc_display) < 0) {
+fprintf(stderr, "Failed to start VNC server on `%s'\n",
+vnc_display);
 exit(1);
+}
 
 if (show_vnc_port) {
 printf("VNC server running on `%s'\n", vnc_display_local_addr(ds));
-- 
1.7.10.4

[Qemu-devel] [PATCH v2] slirp: Handle whole 127.0.0.0/8 network as local addresses.

[Anders Waldenborg]

Changes so translation of remote address to the host's ip address in
the virtual network happens for all addresses in the 127.0.0.0/8
network, not just 127.0.0.1.

This fixes so that hostfwd bound to addresses such as 127.0.0.2 works.

Signed-off-by: Anders Waldenborg 
---

Thanks for the review!

Patch updated according to comments.

Notice that the surrounding code in tcp_subr.c uses tabs for
indentation. Should I still use space as the coding style mandates
(and which makes checkpatch happy)?

 slirp/main.h |1 +
 slirp/slirp.c|3 +++
 slirp/tcp_subr.c |6 --
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/slirp/main.h b/slirp/main.h
index 028df4b..bf601e2 100644
--- a/slirp/main.h
+++ b/slirp/main.h
@@ -31,6 +31,7 @@ extern char *exec_shell;
 extern u_int curtime;
 extern fd_set *global_readfds, *global_writefds, *global_xfds;
 extern struct in_addr loopback_addr;
+extern in_addr_t loopback_mask;
 extern char *username;
 extern char *socket_path;
 extern int towrite_max;
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 90473eb..9787104 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -29,6 +29,8 @@
 
 /* host loopback address */
 struct in_addr loopback_addr;
+/* host loopback network mask */
+in_addr_t loopback_mask;
 
 /* emulated hosts use the MAC addr 52:55:IP:IP:IP:IP */
 static const uint8_t special_ethaddr[ETH_ALEN] = {
@@ -191,6 +193,7 @@ static void slirp_init_once(void)
 #endif
 
 loopback_addr.s_addr = htonl(INADDR_LOOPBACK);
+loopback_mask = htonl(IN_CLASSA_NET);
 }
 
 static void slirp_state_save(QEMUFile *f, void *opaque);
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 0a545c4..064b5e8 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -435,8 +435,10 @@ tcp_connect(struct socket *inso)
so->so_fport = addr.sin_port;
so->so_faddr = addr.sin_addr;
/* Translate connections from localhost to the real hostname */
-   if (so->so_faddr.s_addr == 0 || so->so_faddr.s_addr == 
loopback_addr.s_addr)
-  so->so_faddr = slirp->vhost_addr;
+if (so->so_faddr.s_addr == 0 ||
+(so->so_faddr.s_addr & loopback_mask) ==
+(loopback_addr.s_addr & loopback_mask))
+so->so_faddr = slirp->vhost_addr;
 
/* Close the accept() socket, set right state */
if (inso->so_state & SS_FACCEPTONCE) {
-- 
1.7.2.5

[Qemu-devel] [PATCH 2/2] usb-storage: fix SYNCHRONIZE_CACHE

[Gerd Hoffmann]

Commit 59310659073d85745854f2f10c4292555c5a1c51 is incomplete,
we'll arrive in the scsi command complete callback in CSW state
and must handle that case correctly.

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-storage.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index f1d8082..97059d3 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -247,6 +247,9 @@ static void usb_msd_command_complete(SCSIRequest *req, 
uint32_t status, size_t r
the status read packet.  */
 usb_msd_send_status(s, p);
 s->mode = USB_MSDM_CBW;
+} else if (s->mode == USB_MSDM_CSW) {
+usb_msd_send_status(s, p);
+s->mode = USB_MSDM_CBW;
 } else {
 if (s->data_len) {
 int len = (p->iov.size - p->result);
-- 
1.7.1

[Qemu-devel] [PATCH 1/2] usb-storage: improve debug logging

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-storage.c |8 ++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 251e7de..f1d8082 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -383,6 +383,9 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
 assert(le32_to_cpu(s->csw.residue) == 0);
 s->scsi_len = 0;
 s->req = scsi_req_new(s->scsi_dev, tag, 0, cbw.cmd, NULL);
+#ifdef DEBUG_MSD
+scsi_req_print(s->req);
+#endif
 scsi_req_enqueue(s->req);
 if (s->req && s->req->cmd.xfer != SCSI_XFER_NONE) {
 scsi_req_continue(s->req);
@@ -410,7 +413,7 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
 }
 }
 if (p->result < p->iov.size) {
-DPRINTF("Deferring packet %p\n", p);
+DPRINTF("Deferring packet %p [wait data-out]\n", p);
 s->packet = p;
 ret = USB_RET_ASYNC;
 } else {
@@ -445,6 +448,7 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
 
 if (s->req) {
 /* still in flight */
+DPRINTF("Deferring packet %p [wait status]\n", p);
 s->packet = p;
 ret = USB_RET_ASYNC;
 } else {
@@ -471,7 +475,7 @@ static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
 }
 }
 if (p->result < p->iov.size) {
-DPRINTF("Deferring packet %p\n", p);
+DPRINTF("Deferring packet %p [wait data-in]\n", p);
 s->packet = p;
 ret = USB_RET_ASYNC;
 } else {
-- 
1.7.1

Re: [Qemu-devel] Ask for help with estimate of disassembly speed

[Peter Maydell]

On 12 July 2012 16:30, Евгений Олегович  wrote:
> We will be very glad and grateful, if You can send to us pure DisAsm code
> (DLL with parse function or another files), which speed we can measure. If
> You have another materials(maybe any speed grafics, or a tests set that can
> help us) or thinking of this theme  - it would be very good.

(1) The QEMU disassembler is used for debug logging only so we don't
care much about its performance
(2) For most CPUs we have simply reused the disassembler from
GNU binutils. If you are looking for a comparison for benchmarking
you will find it much easier to use the binutils disassembler directly
(3) This is your project and I think it is very unlikely that you will
find anybody else willing to set up benchmarking infrastructure for
your benefit.

-- PMM