Re: [Qemu-devel] [PATCH 5/5] pseries: Move XICS initialization before cpu initialization

[Alexander Graf]

Am 16.03.2013 um 06:41 schrieb Benjamin Herrenschmidt 
:

> On Sat, 2013-03-16 at 06:33 +0100, Alexander Graf wrote:
 We're changing that notion in the in-kernel XICS discussions.  The
>> flow will look like this:
 
 * create vcpus
 * create XICS
 * foreach (vcpu)
 * enable_cap(vcpu, CAP_XICS_SERVER, xics_handle)
>>> 
>>> This is stupid. Why have the VCPU initialize itself for non-kernel
>>> interrupts and *then* switch it over ?
>> 
>> Because non-kernel initialization is a nop.
> 
> And ?

Compared to the previous aproach of a vm wide irq type, we win:

  - less vm global state
  - possibility of defining the 'cpu nr' from the pic's point of view
  - the same mechanism and code paths for hotplug and non-hotplug
  - possibility of supporting multiple pics
  - less implicit assumptions

While the code changes required to make this work should be minimal over the 
"set irq architecture" approach. It really makes life easier for everyone.


Alex

Re: [Qemu-devel] [PATCH 5/5] pseries: Move XICS initialization before cpu initialization

[Benjamin Herrenschmidt]

On Sat, 2013-03-16 at 06:33 +0100, Alexander Graf wrote:
> >> We're changing that notion in the in-kernel XICS discussions.  The
> flow will look like this:
> >> 
> >>  * create vcpus
> >>  * create XICS
> >>  * foreach (vcpu)
> >>  * enable_cap(vcpu, CAP_XICS_SERVER, xics_handle)
> > 
> > This is stupid. Why have the VCPU initialize itself for non-kernel
> > interrupts and *then* switch it over ?
> 
> Because non-kernel initialization is a nop.

And ?

Ben.

Re: [Qemu-devel] [PATCH 5/5] pseries: Move XICS initialization before cpu initialization

[Alexander Graf]

Am 16.03.2013 um 04:14 schrieb Benjamin Herrenschmidt 
:

> On Fri, 2013-03-15 at 13:33 +0100, Alexander Graf wrote:
>> On 14.03.2013, at 02:53, David Gibson wrote:
>> 
>>> Currently, the pseries machine initializes the cpus, then the XICS
>>> interrupt controller.  However, to support the upcoming in-kernel XICS
>>> implementation we will need to initialize the irq controller before the
>>> vcpus.  This patch makes the necesssary rearrangement.  This means the
>> 
>> We're changing that notion in the in-kernel XICS discussions.  The flow will 
>> look like this:
>> 
>>  * create vcpus
>>  * create XICS
>>  * foreach (vcpu)
>>  * enable_cap(vcpu, CAP_XICS_SERVER, xics_handle)
> 
> This is stupid. Why have the VCPU initialize itself for non-kernel
> interrupts and *then* switch it over ?

Because non-kernel initialization is a nop.

Alex

> You guys are tiring me of needing about 2 years to iron out a simple
> API just to end up with the worst possible crap in the end.
> 
> Ben.
> 
>> However, that means we still need to know the maximum number of supported 
>> vcpus during the create phase. That number can be bigger than smp_cpus 
>> though, since you probably want to support hotplug add of CPUs later on.
>> 
>> Can't we just make the number of supported "interrupt servers" a constant?
>> 
>> 
>> Alex
>> 
>>> xics init code can no longer auto-detect the number of cpus ("interrupt
>>> servers" in XICS terminology) and so we must pass that in explicitly from
>>> the platform code.
>>> 
>>> Signed-off-by: Michael Ellerman 
>>> Signed-off-by: Ben Herrenschmidt 
>>> Signed-off-by: David Gibson 
>>> ---
>>> hw/ppc/spapr.c |   12 +++-
>>> hw/ppc/xics.c  |   57 
>>> +---
>>> hw/xics.h  |3 ++-
>>> 3 files changed, 34 insertions(+), 38 deletions(-)
>>> 
>>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>>> index 7293082..b2c9b42 100644
>>> --- a/hw/ppc/spapr.c
>>> +++ b/hw/ppc/spapr.c
>>> @@ -791,6 +791,11 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
>>>spapr->htab_shift++;
>>>}
>>> 
>>> +/* Set up Interrupt Controller before we create the VCPUs */
>>> +spapr->icp = xics_system_init(smp_cpus * kvmppc_smt_threads() / 
>>> smp_threads,
>>> +  XICS_IRQS);
>>> +spapr->next_irq = XICS_IRQ_BASE;
>>> +
>>>/* init CPUs */
>>>if (cpu_model == NULL) {
>>>cpu_model = kvm_enabled() ? "host" : "POWER7";
>>> @@ -803,6 +808,8 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
>>>}
>>>env = &cpu->env;
>>> 
>>> +xics_cpu_setup(spapr->icp, cpu);
>>> +
>>>/* Set time-base frequency to 512 MHz */
>>>cpu_ppc_tb_init(env, TIMEBASE_FREQ);
>>> 
>>> @@ -842,11 +849,6 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
>>>}
>>>g_free(filename);
>>> 
>>> -
>>> -/* Set up Interrupt Controller */
>>> -spapr->icp = xics_system_init(XICS_IRQS);
>>> -spapr->next_irq = XICS_IRQ_BASE;
>>> -
>>>/* Set up EPOW events infrastructure */
>>>spapr_events_init(spapr);
>>> 
>>> diff --git a/hw/ppc/xics.c b/hw/ppc/xics.c
>>> index c3ef12f..374da5b 100644
>>> --- a/hw/ppc/xics.c
>>> +++ b/hw/ppc/xics.c
>>> @@ -521,45 +521,38 @@ static void xics_reset(void *opaque)
>>>}
>>> }
>>> 
>>> -struct icp_state *xics_system_init(int nr_irqs)
>>> +void xics_cpu_setup(struct icp_state *icp, PowerPCCPU *cpu)
>>> {
>>> -CPUPPCState *env;
>>> -CPUState *cpu;
>>> -int max_server_num;
>>> -struct icp_state *icp;
>>> -struct ics_state *ics;
>>> +CPUState *cs = CPU(cpu);
>>> +CPUPPCState *env = &cpu->env;
>>> +struct icp_server_state *ss = &icp->ss[cs->cpu_index];
>>> 
>>> -max_server_num = -1;
>>> -for (env = first_cpu; env != NULL; env = env->next_cpu) {
>>> -cpu = CPU(ppc_env_get_cpu(env));
>>> -if (cpu->cpu_index > max_server_num) {
>>> -max_server_num = cpu->cpu_index;
>>> -}
>>> -}
>>> +assert(cs->cpu_index < icp->nr_servers);
>>> 
>>> -icp = g_malloc0(sizeof(*icp));
>>> -icp->nr_servers = max_server_num + 1;
>>> -icp->ss = g_malloc0(icp->nr_servers*sizeof(struct icp_server_state));
>>> +switch (PPC_INPUT(env)) {
>>> +case PPC_FLAGS_INPUT_POWER7:
>>> +ss->output = env->irq_inputs[POWER7_INPUT_INT];
>>> +break;
>>> 
>>> -for (env = first_cpu; env != NULL; env = env->next_cpu) {
>>> -cpu = CPU(ppc_env_get_cpu(env));
>>> -struct icp_server_state *ss = &icp->ss[cpu->cpu_index];
>>> +case PPC_FLAGS_INPUT_970:
>>> +ss->output = env->irq_inputs[PPC970_INPUT_INT];
>>> +break;
>>> 
>>> -switch (PPC_INPUT(env)) {
>>> -case PPC_FLAGS_INPUT_POWER7:
>>> -ss->output = env->irq_inputs[POWER7_INPUT_INT];
>>> -break;
>>> +default:
>>> +fprintf(stderr, "XICS interrupt controller does not support this 
>>> CPU "
>>> +"bus model\n")

Re: [Qemu-devel] [PATCH v8 13/24] hw/arm: add FTI2C010 I2C controller support

[Peter Crosthwaite]

On Fri, Mar 15, 2013 at 11:15 PM, Kuo-Jung Su  wrote:
> From: Kuo-Jung Su 
>
> The FTI2C010 is a simple I2C master controller.
>
> Signed-off-by: Kuo-Jung Su 
> ---
>  hw/arm/Makefile.objs  |1 +
>  hw/arm/faraday_a369_soc.c |6 ++
>  hw/arm/fti2c010.c |  212 
> +
>  hw/arm/fti2c010.h |   71 +++
>  4 files changed, 290 insertions(+)
>  create mode 100644 hw/arm/fti2c010.c
>  create mode 100644 hw/arm/fti2c010.h
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 2622f3f..63ba519 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -46,3 +46,4 @@ obj-y += ftrtc011.o
>  obj-y += ftdmac020.o
>  obj-y += ftapbbrg020.o
>  obj-y += ftnandc021.o
> +obj-y += fti2c010.o
> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
> index 0088915..89610d9 100644
> --- a/hw/arm/faraday_a369_soc.c
> +++ b/hw/arm/faraday_a369_soc.c
> @@ -241,6 +241,12 @@ a369soc_device_init(FaradaySoCState *s)
>  req = qdev_get_gpio_in(s->hdma[0], 15);
>  qdev_connect_gpio_out(s->hdma[0], 15, ack);
>  qdev_connect_gpio_out(ds, 0, req);
> +
> +/* fti2c010 */
> +ds = sysbus_create_simple("fti2c010", 0x9290, s->pic[51]);
> +s->i2c[0] = ds;
> +ds = sysbus_create_simple("fti2c010", 0x92A0, s->pic[52]);
> +s->i2c[1] = ds;
>  }
>
>  static void a369soc_realize(DeviceState *dev, Error **errp)
> diff --git a/hw/arm/fti2c010.c b/hw/arm/fti2c010.c
> new file mode 100644
> index 000..95f6a9d
> --- /dev/null
> +++ b/hw/arm/fti2c010.c
> @@ -0,0 +1,212 @@
> +/*
> + * QEMU model of the FTI2C010 Controller
> + *
> + * Copyright (C) 2012 Faraday Technology
> + * Written by Dante Su 
> + *
> + * This file is licensed under GNU GPL v2+.
> + */
> +
> +#include "hw/sysbus.h"
> +#include "hw/i2c.h"
> +#include "sysemu/sysemu.h"
> +
> +#include "fti2c010.h"
> +
> +#define I2C_RD  1
> +#define I2C_WR  0
> +
> +#define TYPE_FTI2C010   "fti2c010"
> +
> +typedef struct Fti2c010State {
> +SysBusDevice busdev;
> +MemoryRegion mmio;
> +
> +qemu_irq irq;
> +i2c_bus *bus;
> +
> +uint8_t  recv;/* I2C RD = 1; I2C WR = 0 */
> +uint8_t  addr;/* 7-bits device address */
> +
> +/* HW register cache */
> +uint32_t cr;
> +uint32_t sr;
> +uint32_t cdr;
> +uint32_t dr;
> +uint32_t tgsr;
> +} Fti2c010State;
> +
> +#define FTI2C010(obj) \
> +OBJECT_CHECK(Fti2c010State, obj, TYPE_FTI2C010)
> +
> +static void
> +fti2c010_update_irq(Fti2c010State *s)
> +{
> +uint32_t sr = extract32(s->sr, 4, 8);
> +uint32_t cr = extract32(s->cr, 8, 8);
> +qemu_set_irq(s->irq, (sr & cr) ? 1 : 0);
> +}
> +
> +static uint64_t
> +fti2c010_mem_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +Fti2c010State *s = FTI2C010(opaque);
> +uint32_t ret = 0;
> +
> +switch (addr) {
> +case REG_CR:
> +return s->cr;
> +case REG_SR:
> +ret = s->sr | (i2c_bus_busy(s->bus) ? SR_BB : 0);
> +s->sr &= 0xf00f;/* clear RC status bits */
> +fti2c010_update_irq(s);
> +break;
> +case REG_CDR:
> +return s->cdr;
> +case REG_DR:
> +return s->dr;
> +case REG_TGSR:
> +return s->tgsr;
> +case REG_BMR:
> +return 0x0003;  /* Slave mode: SCL=1, SDA=1 */
> +case REG_REVR:
> +return 0x00011000;  /* REV. 1.10.0 */
> +default:
> +qemu_log_mask(LOG_GUEST_ERROR,
> +"fti2c010: undefined memory access@%#" HWADDR_PRIx "\n", addr);
> +break;
> +}
> +
> +return ret;
> +}
> +
> +static void
> +fti2c010_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> +{
> +Fti2c010State *s = FTI2C010(opaque);
> +
> +switch (addr) {
> +case REG_CR:
> +s->cr = (uint32_t)val;
> +if (s->cr & CR_I2CRST) {
> +s->dr = 0;
> +s->sr = 0;
> +} else if ((s->cr & CR_MASTER_EN) && (s->cr & CR_TBEN)) {
> +s->sr &= ~SR_ACK;
> +if (s->cr & CR_START) {
> +s->recv = (s->dr & I2C_RD) ? 1 : 0;
> +s->addr = extract32(s->dr, 1, 7);
> +if (!i2c_start_transfer(s->bus, s->addr, s->recv)) {

This is the one and only use or s->addr AFAICT, and its used
immediately after unconditional assignment. You should drop addr
completely and just inline to save on redundant device state (the
desired infomation is in s->dr(8:1).

> +s->sr |= SR_DT | SR_ACK;
> +} else {
> +s->sr &= ~SR_DT;
> +}
> +} else {
> +if (s->recv) {
> +s->dr = i2c_recv(s->bus);
> +s->sr |= SR_DR;
> +} else {
> +i2c_send(s->bus, (uint8_t)s->dr);
> +s->sr |= SR_DT;
> +}
> +if (s->cr & CR_NACK) {
> +i2c_nack(s->bus);
> +

Re: [Qemu-devel] [PATCH v8 05/24] hw/arm: add FTDDRII030 DDRII controller support

[Peter Crosthwaite]

Hi Kuo-Jung,

On Fri, Mar 15, 2013 at 11:13 PM, Kuo-Jung Su  wrote:
> From: Kuo-Jung Su 
>
> The FTDDRII030 is a DDRII SDRAM controller which is responsible for
> SDRAM initialization.
> In QEMU we emulate only the SDRAM enable function.
>
> Signed-off-by: Kuo-Jung Su 
> ---
>  hw/arm/Makefile.objs  |1 +
>  hw/arm/faraday_a369_soc.c |9 +++
>  hw/arm/ftddrii030.c   |  183 
> +
>  3 files changed, 193 insertions(+)
>  create mode 100644 hw/arm/ftddrii030.c
>
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index af36b01..0bbf838 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -39,3 +39,4 @@ obj-y += faraday_a369.o faraday_a369_soc.o 
> faraday_a369_scu.o \
>  faraday_a369_kpd.o
>  obj-y += ftintc020.o
>  obj-y += ftahbc020.o
> +obj-y += ftddrii030.o
> diff --git a/hw/arm/faraday_a369_soc.c b/hw/arm/faraday_a369_soc.c
> index 01b4395..e8a63bb 100644
> --- a/hw/arm/faraday_a369_soc.c
> +++ b/hw/arm/faraday_a369_soc.c
> @@ -158,6 +158,15 @@ a369soc_device_init(FaradaySoCState *s)
>  fprintf(stderr, "a369soc: Unable to set soc link for FTAHBC020\n");
>  abort();
>  }
> +
> +/* ftddrii030 */
> +ds = sysbus_create_simple("ftddrii030", 0x9310, NULL);
> +s->ddrc = ds;
> +object_property_set_link(OBJECT(ds), OBJECT(s), "soc", &local_errp);
> +if (local_errp) {
> +fprintf(stderr, "a369soc: Unable to set soc link for FTDDRII030\n");
> +abort();
> +}
>  }
>
>  static void a369soc_realize(DeviceState *dev, Error **errp)
> diff --git a/hw/arm/ftddrii030.c b/hw/arm/ftddrii030.c
> new file mode 100644
> index 000..90a5842
> --- /dev/null
> +++ b/hw/arm/ftddrii030.c
> @@ -0,0 +1,183 @@
> +/*
> + * Faraday DDRII controller
> + *
> + * Copyright (c) 2012 Faraday Technology
> + * Written by Dante Su 
> + *
> + * This code is licensed under GNU GPL v2+
> + */
> +
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/devices.h"
> +#include "sysemu/sysemu.h"
> +
> +#include "faraday.h"
> +
> +#define REG_MCR 0x00/* memory configuration register */
> +#define REG_MSR 0x04/* memory status register */
> +#define REG_REVR0x50/* revision register */
> +
> +#define MSR_INIT_OK BIT(8)  /* DDR2 initial is completed */
> +#define MSR_CMD_MRS BIT(0)  /* start MRS command */
> +
> +#define CFG_REGSIZE (0x50 / 4)
> +
> +#define TYPE_FTDDRII030 "ftddrii030"
> +
> +typedef struct Ftddrii030State {
> +SysBusDevice busdev;
> +MemoryRegion iomem;
> +
> +FaradaySoCState *soc;
> +/* HW register cache */
> +uint32_t regs[CFG_REGSIZE];
> +} Ftddrii030State;
> +
> +#define FTDDRII030(obj) \
> +OBJECT_CHECK(Ftddrii030State, obj, TYPE_FTDDRII030)
> +
> +#define DDR_REG32(s, off) \
> +((s)->regs[(off) / 4])
> +
> +static uint64_t
> +ftddrii030_mem_read(void *opaque, hwaddr addr, unsigned size)
> +{
> +Ftddrii030State *s = FTDDRII030(opaque);
> +uint64_t ret = 0;
> +
> +if (s->soc->ddr_inited) {
> +DDR_REG32(s, REG_MSR) |= MSR_INIT_OK;
> +}
> +
> +switch (addr) {
> +case REG_MCR ... (CFG_REGSIZE - 1) * 4:
> +ret = s->regs[addr / 4];
> +break;
> +case REG_REVR:
> +ret = 0x100;/* rev. = 0.1.0 */
> +break;
> +default:
> +qemu_log_mask(LOG_GUEST_ERROR,
> +"ftddrii030: undefined memory access@%#" HWADDR_PRIx "\n", addr);
> +break;
> +}
> +
> +return ret;
> +}
> +
> +static void
> +ftddrii030_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> +{
> +Ftddrii030State *s = FTDDRII030(opaque);
> +
> +switch (addr) {
> +case REG_MCR:
> +DDR_REG32(s, REG_MCR) = (uint32_t)val & 0x;
> +break;
> +case REG_MSR:
> +val = (val & 0x3f) | (DDR_REG32(s, REG_MSR) & MSR_INIT_OK);
> +if (!s->soc->ddr_inited && (val & MSR_CMD_MRS)) {
> +val &= ~MSR_CMD_MRS;
> +val |= MSR_INIT_OK;
> +memory_region_add_subregion(s->soc->as,
> +s->soc->ram_base,
> +s->soc->ram);

I feel like this is overstepping the bounds of the device. Its
modifying the internals of the parent device (the SoC itself). AFAICT,
this device does not need awareness of where the RAM is to live in the
address map, thats the responsibility of the machine model. It might
be cleaner to model the actual RAM as a second sysbus memory region
then leave it up the machine model to decide where in the address map
it should live. This device just adds/removes the ram from the second
region without knowing where it lives and the machine model maps the
RAM to its actual location. Keeps .as .ram_base and .ram private to
the SoC device.

> +s->soc->ddr_inited = true;

I'm still trying to figure out the physical analogue of this. Is there
a genuine ha

Re: [Qemu-devel] [PATCH 5/5] pseries: Move XICS initialization before cpu initialization

[Benjamin Herrenschmidt]

On Fri, 2013-03-15 at 13:33 +0100, Alexander Graf wrote:
> On 14.03.2013, at 02:53, David Gibson wrote:
> 
> > Currently, the pseries machine initializes the cpus, then the XICS
> > interrupt controller.  However, to support the upcoming in-kernel XICS
> > implementation we will need to initialize the irq controller before the
> > vcpus.  This patch makes the necesssary rearrangement.  This means the
> 
> We're changing that notion in the in-kernel XICS discussions.  The flow will 
> look like this:
> 
>   * create vcpus
>   * create XICS
>   * foreach (vcpu)
>   * enable_cap(vcpu, CAP_XICS_SERVER, xics_handle)

This is stupid. Why have the VCPU initialize itself for non-kernel
interrupts and *then* switch it over ?

You guys are tiring me of needing about 2 years to iron out a simple
API just to end up with the worst possible crap in the end.

Ben.

> However, that means we still need to know the maximum number of supported 
> vcpus during the create phase. That number can be bigger than smp_cpus 
> though, since you probably want to support hotplug add of CPUs later on.
> 
> Can't we just make the number of supported "interrupt servers" a constant?
> 
> 
> Alex
> 
> > xics init code can no longer auto-detect the number of cpus ("interrupt
> > servers" in XICS terminology) and so we must pass that in explicitly from
> > the platform code.
> > 
> > Signed-off-by: Michael Ellerman 
> > Signed-off-by: Ben Herrenschmidt 
> > Signed-off-by: David Gibson 
> > ---
> > hw/ppc/spapr.c |   12 +++-
> > hw/ppc/xics.c  |   57 
> > +---
> > hw/xics.h  |3 ++-
> > 3 files changed, 34 insertions(+), 38 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 7293082..b2c9b42 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -791,6 +791,11 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
> > spapr->htab_shift++;
> > }
> > 
> > +/* Set up Interrupt Controller before we create the VCPUs */
> > +spapr->icp = xics_system_init(smp_cpus * kvmppc_smt_threads() / 
> > smp_threads,
> > +  XICS_IRQS);
> > +spapr->next_irq = XICS_IRQ_BASE;
> > +
> > /* init CPUs */
> > if (cpu_model == NULL) {
> > cpu_model = kvm_enabled() ? "host" : "POWER7";
> > @@ -803,6 +808,8 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
> > }
> > env = &cpu->env;
> > 
> > +xics_cpu_setup(spapr->icp, cpu);
> > +
> > /* Set time-base frequency to 512 MHz */
> > cpu_ppc_tb_init(env, TIMEBASE_FREQ);
> > 
> > @@ -842,11 +849,6 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
> > }
> > g_free(filename);
> > 
> > -
> > -/* Set up Interrupt Controller */
> > -spapr->icp = xics_system_init(XICS_IRQS);
> > -spapr->next_irq = XICS_IRQ_BASE;
> > -
> > /* Set up EPOW events infrastructure */
> > spapr_events_init(spapr);
> > 
> > diff --git a/hw/ppc/xics.c b/hw/ppc/xics.c
> > index c3ef12f..374da5b 100644
> > --- a/hw/ppc/xics.c
> > +++ b/hw/ppc/xics.c
> > @@ -521,45 +521,38 @@ static void xics_reset(void *opaque)
> > }
> > }
> > 
> > -struct icp_state *xics_system_init(int nr_irqs)
> > +void xics_cpu_setup(struct icp_state *icp, PowerPCCPU *cpu)
> > {
> > -CPUPPCState *env;
> > -CPUState *cpu;
> > -int max_server_num;
> > -struct icp_state *icp;
> > -struct ics_state *ics;
> > +CPUState *cs = CPU(cpu);
> > +CPUPPCState *env = &cpu->env;
> > +struct icp_server_state *ss = &icp->ss[cs->cpu_index];
> > 
> > -max_server_num = -1;
> > -for (env = first_cpu; env != NULL; env = env->next_cpu) {
> > -cpu = CPU(ppc_env_get_cpu(env));
> > -if (cpu->cpu_index > max_server_num) {
> > -max_server_num = cpu->cpu_index;
> > -}
> > -}
> > +assert(cs->cpu_index < icp->nr_servers);
> > 
> > -icp = g_malloc0(sizeof(*icp));
> > -icp->nr_servers = max_server_num + 1;
> > -icp->ss = g_malloc0(icp->nr_servers*sizeof(struct icp_server_state));
> > +switch (PPC_INPUT(env)) {
> > +case PPC_FLAGS_INPUT_POWER7:
> > +ss->output = env->irq_inputs[POWER7_INPUT_INT];
> > +break;
> > 
> > -for (env = first_cpu; env != NULL; env = env->next_cpu) {
> > -cpu = CPU(ppc_env_get_cpu(env));
> > -struct icp_server_state *ss = &icp->ss[cpu->cpu_index];
> > +case PPC_FLAGS_INPUT_970:
> > +ss->output = env->irq_inputs[PPC970_INPUT_INT];
> > +break;
> > 
> > -switch (PPC_INPUT(env)) {
> > -case PPC_FLAGS_INPUT_POWER7:
> > -ss->output = env->irq_inputs[POWER7_INPUT_INT];
> > -break;
> > +default:
> > +fprintf(stderr, "XICS interrupt controller does not support this 
> > CPU "
> > +"bus model\n");
> > +abort();
> > +}
> > +}
> > 
> > -case PPC_FLAGS_INPUT_970:
> > -ss->output = env->irq_input

[Qemu-devel] [Bug 1155403] Re: virtio cdrom detected as hard disk

[Serge Hallyn]

I see, misunderstood.

Reproduced with latest git://git.qemu.org/qemu.git as well, so marked as
affecting upstream QEMU project.

** Also affects: qemu
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1155403

Title:
  virtio cdrom detected as hard disk

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  Trying to install Ubuntu or Debian using virtio to emulate the cdrom
  fails.  This appears to be due to the drive appearing to be a hard
  disk, rather than a cdrom, despite the media=cdrom argument to qemu.

  I'm not sure if this is a bug in qemu, or the kernel virtio driver?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1155403/+subscriptions

Re: [Qemu-devel] [PATCH v2] Add option to mlock qemu and guest memory

[Marcelo Tosatti]

On Thu, Feb 14, 2013 at 08:21:51PM +, Satoru Moriya wrote:
> We have some plans to migrate legacy enterprise systems which require
> low latency (10 msec order) to kvm virtualized environment. In our
> usecase, the system runs with other untrusted guests and so locking
> memory which is used by the system is needed to avoid latency
> impacts from other guests' memory activity.
> 
> ChangeLog:
> v2
>  - Change the option name from -mlock to -realtime mlock=on|off
>  - Rebase qemu version 1.3.91
>  - Update patch description
> 
> ---
> In certain scenario, latency induced by paging is significant and
> memory locking is needed. Also, in the scenario with untrusted
> guests, latency improvement due to mlock is desired.
> 
> This patch introduces a following new option to mlock guest and
> qemu memory:
> 
> -realtime mlock=on|off
> 
> Signed-off-by: Satoru Moriya 
> ---
>  include/sysemu/os-posix.h |  1 +
>  include/sysemu/os-win32.h |  1 +
>  os-posix.c|  8 
>  qemu-options.hx   | 13 +
>  vl.c  | 31 +++
>  5 files changed, 54 insertions(+)
> 
> diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h
> index 7f198e4..2f2ead6 100644
> --- a/include/sysemu/os-posix.h
> +++ b/include/sysemu/os-posix.h
> @@ -31,6 +31,7 @@ void os_set_proc_name(const char *s);
>  void os_setup_signal_handling(void);
>  void os_daemonize(void);
>  void os_setup_post(void);
> +void os_mlock(void);
>  
>  typedef struct timeval qemu_timeval;
>  #define qemu_gettimeofday(tp) gettimeofday(tp, NULL)
> diff --git a/include/sysemu/os-win32.h b/include/sysemu/os-win32.h
> index bf9edeb..a74ca13 100644
> --- a/include/sysemu/os-win32.h
> +++ b/include/sysemu/os-win32.h
> @@ -80,6 +80,7 @@ static inline void os_daemonize(void) {}
>  static inline void os_setup_post(void) {}
>  void os_set_line_buffering(void);
>  static inline void os_set_proc_name(const char *dummy) {}
> +static inline void os_mlock(void) {}
>  
>  #if !defined(EPROTONOSUPPORT)
>  # define EPROTONOSUPPORT EINVAL
> diff --git a/os-posix.c b/os-posix.c
> index 5c64518..1304b0e 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -363,3 +363,11 @@ bool is_daemonized(void)
>  {
>  return daemonize;
>  }
> +
> +void os_mlock(void)
> +{
> +if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
> +perror("mlockall");
> +exit(1);
> +}
> +}
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9d7131a..843fcb4 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -2464,6 +2464,19 @@ STEXI
>  Do not start CPU at startup (you must type 'c' in the monitor).
>  ETEXI
>  
> +DEF("realtime", HAS_ARG, QEMU_OPTION_realtime,
> +"-realtime [mlock=on|off]\n"
> +"run qemu with realtime features\n"
> +"mlock=on|off controls mlock support (default: on)\n",
> +QEMU_ARCH_ALL)
> +STEXI
> +@item -realtime mlock=on|off
> +@findex -realtime
> +Run qemu with realtime features.
> +mlocking qemu and guest memory can be enabled via @option{mlock=on}
> +(enabled by default).
> +ETEXI
> +
>  DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \
>  "-gdb devwait for gdb connection on 'dev'\n", QEMU_ARCH_ALL)
>  STEXI
> diff --git a/vl.c b/vl.c
> index 1355f69..c16c8ad 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -491,6 +491,18 @@ static QemuOptsList qemu_object_opts = {
>  },
>  };
>  
> +static QemuOptsList qemu_realtime_opts = {
> +.name = "realtime",
> +.head = QTAILQ_HEAD_INITIALIZER(qemu_realtime_opts.head),
> +.desc = {
> +{
> +.name = "mlock",
> +.type = QEMU_OPT_BOOL,
> +},
> +{ /* end of list */ }
> +},
> +};
> +
>  const char *qemu_get_vm_name(void)
>  {
>  return qemu_name;
> @@ -1384,6 +1396,17 @@ static void smp_parse(const char *optarg)
>  max_cpus = smp_cpus;
>  }
>  
> +static void configure_realtime(QemuOpts *opts)
> +{
> +bool is_mlock;
> +
> +is_mlock = qemu_opt_get_bool(opts, "mlock", true);
> +
> +if (is_mlock) {
> +os_mlock();
> +}
> +}
> +
>  /***/
>  /* USB devices */
>  
> @@ -2860,6 +2883,7 @@ int main(int argc, char **argv, char **envp)
>  qemu_add_opts(&qemu_sandbox_opts);
>  qemu_add_opts(&qemu_add_fd_opts);
>  qemu_add_opts(&qemu_object_opts);
> +qemu_add_opts(&qemu_realtime_opts);
>  
>  runstate_init();
>  
> @@ -3806,6 +3830,13 @@ int main(int argc, char **argv, char **envp)
>  exit(1);
>  }
>  break;
> +case QEMU_OPTION_realtime:
> +opts = qemu_opts_parse(qemu_find_opts("realtime"), optarg, 
> 0);
> +if (!opts) {
> +exit(1);
> +}
> +configure_realtime(opts);
> +break;
>  default:
>  os_parse_cmd_args(popt->index, optarg);
>  }
> -- 
> 1.

Re: [Qemu-devel] [PATCH v11 0/3] Xilinx Zynq PL330 support

[Peter Crosthwaite]

Hi Peter,

On Sat, Mar 16, 2013 at 1:00 AM, Peter Maydell  wrote:
> On 27 February 2013 05:17, Peter Crosthwaite
>  wrote:
>> These patches add support for the Primcell PL330 DMA controller and add it to
>> the Xilinx Zynq machine model. Patch 2 is the device model. Patch 3 is the
>> machine model update. Patch 1 is a helper function for debug mode.
>
> Thanks, applied to arm-devs.next.
>
> (Patch 3 had a trivial conflict with the addition of the sdhci device
> to the xilinx board model but I just fixed it up to save you doing
> another round of patches.)
>

Thanks for the help,
Greatly appreciated.

Regards,
Peter

> -- PMM
>

[Qemu-devel] [PATCH] net: increase buffer size to accommodate Jumbo frame pkts over netdev UDP socket

[sfeldma]

From: Scott Feldman 

Socket buffer sizes were hard-coded to 4K.  Bump this up to 12K to handle 
typical
MTU=9000 Jumbo frame pkt.  Ran into this limitation when using -netdev UDP 
sockets
to connect VM-to-VM, where VM interface is configure with MTU=9000.  Using
virtio_net NIC model.  Test is simple: ping -M do -s 8500 .  This test
will attempt to ping with unfragmented packet of given size.  Without patch,
size is limited to < 4K (minus protocol hdrs).  With patch, ping test works
with pkt size up to 9000 (again, minus protocol hdrs).

Signed-off-by: Scott Feldman 
---
 net/net.c|2 +-
 net/socket.c |4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/net.c b/net/net.c
index f3d67f8..bab9ced 100644
--- a/net/net.c
+++ b/net/net.c
@@ -497,7 +497,7 @@ ssize_t qemu_send_packet_raw(NetClientState *nc, const 
uint8_t *buf, int size)
 static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
int iovcnt)
 {
-uint8_t buffer[4096];
+uint8_t buffer[12*1024];
 size_t offset;
 
 offset = iov_to_buf(iov, iovcnt, 0, buffer, sizeof(buffer));
diff --git a/net/socket.c b/net/socket.c
index 396dc8c..74e0057 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -40,7 +40,7 @@ typedef struct NetSocketState {
 unsigned int index;
 unsigned int packet_len;
 unsigned int send_index;  /* number of bytes sent (only SOCK_STREAM) */
-uint8_t buf[4096];
+uint8_t buf[12*1024];
 struct sockaddr_in dgram_dst; /* contains inet host and port destination 
iff connectionless (SOCK_DGRAM) */
 IOHandler *send_fn;   /* differs between SOCK_STREAM/SOCK_DGRAM */
 bool read_poll;   /* waiting to receive data? */
@@ -146,7 +146,7 @@ static void net_socket_send(void *opaque)
 NetSocketState *s = opaque;
 int size, err;
 unsigned l;
-uint8_t buf1[4096];
+uint8_t buf1[12*1024];
 const uint8_t *buf;
 
 size = qemu_recv(s->fd, buf1, sizeof(buf1), 0);
-- 
1.7.2.5

[Qemu-devel] large memory requirements for translate.c a barrier

[Todd T. Fries]

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
28818 todd  640 1142M   53M onproc/0  - 2:01 17.24% cc1

For systems with lower limits on user process memory, this prevents things
from building.

For systems with less physical ram, this presents lots of swapping just to
build the source files.

Is there any hints or hope of breaking translate.c up into a smaller file?

Thanks,
-- 
Todd Fries .. t...@fries.net

 
|\  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\  1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113  \  sip:freedae...@ekiga.net
| "..in support of free software solutions." \  sip:4052279...@ekiga.net
 \
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

Re: [Qemu-devel] [PATCH] pvevent: pvevent device driver

[Matthew Garrett]

On Thu, 2013-03-14 at 16:51 +0800, Hu Tao wrote:

> + { "MSFT0001", 0},

This seems wrong, and it looks like qemu agrees. Can you resubmit when
there's agreement on the name?

> + acpi_evaluate_object(handle, "WRPT", &arg_list, NULL);

Is there a spec for this?

Is the only reason for this to allow guests to notify the host that
they've panicked? It seems like making use of pstore to push the crash
dump to the host as well would be a useful thing to do.

-- 
Matthew Garrett | mj...@srcf.ucam.org

[Qemu-devel] [PATCHv2 2/9] cutils: add a function to find non-zero content in a buffer

[Peter Lieven]

Signed-off-by: Peter Lieven 
---
 include/qemu-common.h |2 ++
 util/cutils.c |   40 
 2 files changed, 42 insertions(+)

diff --git a/include/qemu-common.h b/include/qemu-common.h
index b59328f..51a7677 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -362,6 +362,8 @@ size_t qemu_iovec_from_buf(QEMUIOVector *qiov, size_t 
offset,
 size_t qemu_iovec_memset(QEMUIOVector *qiov, size_t offset,
  int fillc, size_t bytes);
 
+#define BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR 8
+size_t buffer_find_nonzero_offset(const void *buf, size_t len);
 bool buffer_is_zero(const void *buf, size_t len);
 
 void qemu_progress_init(int enabled, float min_skip);
diff --git a/util/cutils.c b/util/cutils.c
index 1439da4..857dd7d 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -143,6 +143,46 @@ int qemu_fdatasync(int fd)
 }
 
 /*
+ * Searches for an area with non-zero content in a buffer
+ *
+ * Attention! The len must be a multiple of 8 * sizeof(VECTYPE) 
+ * and addr must be a multiple of sizeof(VECTYPE) due to 
+ * restriction of optimizations in this function.
+ * 
+ * The return value is the offset of the non-zero area rounded
+ * down to 8 * sizeof(VECTYPE). If the buffer is all zero 
+ * the return value is equal to len.
+ */
+
+size_t buffer_find_nonzero_offset(const void *buf, size_t len)
+{
+VECTYPE *p = (VECTYPE *)buf;
+VECTYPE zero = ZERO_SPLAT;
+size_t i;
+
+assert(len % (BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR 
+* sizeof(VECTYPE)) == 0);
+assert(((uintptr_t) buf) % sizeof(VECTYPE) == 0);
+
+if (*((const long *) buf)) {
+return 0;
+}
+
+for (i = 0; i < len / sizeof(VECTYPE); i += 8) {
+   VECTYPE tmp0 = p[i+0] | p[i+1];
+   VECTYPE tmp1 = p[i+2] | p[i+3];
+   VECTYPE tmp2 = p[i+4] | p[i+5];
+   VECTYPE tmp3 = p[i+6] | p[i+7];
+   VECTYPE tmp01 = tmp0 | tmp1;
+   VECTYPE tmp23 = tmp2 | tmp3;
+   if (!ALL_EQ(tmp01 | tmp23, zero)) {
+   break;
+   }
+}
+return i * sizeof(VECTYPE);
+}
+
+/*
  * Checks if a buffer is all zeroes
  *
  * Attention! The len must be a multiple of 4 * sizeof(long) due to
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 0/9] buffer_is_zero / migration optimizations

[Peter Lieven]

this is v2 of my patch series with various optimizations in
zero buffer checking and migration tweaks.

hopefully properly threaded this time.

thanks especially to Eric Blake and Paolo Bonzini for their comments.

the patches can also be fetched from:
git://github.com/plieven/qemu.git [branch migration_optimizations_v2]

v2:
 - fix description, add trivial zero check and add asserts 
   to buffer_find_nonzero_offset.
 - add a constant for the unroll factor of buffer_find_nonzero_offset
 - replace is_dup_page() by buffer_is_zero()
 - added test results to xbzrle patch
 - optimize descriptions

Have a nice weekend,
Peter

Peter Lieven (9):
  move vector definitions to qemu-common.h
  cutils: add a function to find non-zero content in a buffer
  buffer_is_zero: use vector optimizations if possible
  bitops: use vector algorithm to optimize find_next_bit()
  migration: search for zero instead of dup pages
  migration: add an indicator for bulk state of ram migration
  migration: do not sent zero pages in bulk stage
  migration: do not search dirty pages in bulk stage
  migration: use XBZRLE only after bulk stage

 arch_init.c   |   62 +++--
 include/qemu-common.h |   26 +
 util/bitops.c |   26 ++---
 util/cutils.c |   47 +
 4 files changed, 115 insertions(+), 46 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCHv2 3/9] buffer_is_zero: use vector optimizations if possible

[Peter Lieven]

performance gain on SSE2 is approx. 20-25%. altivec
is not tested. performance for unsigned long arithmetic
is unchanged.

Signed-off-by: Peter Lieven 
---
 util/cutils.c |7 +++
 1 file changed, 7 insertions(+)

diff --git a/util/cutils.c b/util/cutils.c
index 857dd7d..00d98fb 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -190,6 +190,13 @@ size_t buffer_find_nonzero_offset(const void *buf, size_t 
len)
  */
 bool buffer_is_zero(const void *buf, size_t len)
 {
+/* use vector optimized zero check if possible */
+if (((uintptr_t) buf) % sizeof(VECTYPE) == 0 
+  && len % (BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR
+ * sizeof(VECTYPE)) == 0) {
+return buffer_find_nonzero_offset(buf, len)==len;
+}
+
 /*
  * Use long as the biggest available internal data type that fits into the
  * CPU register and unroll the loop to smooth out the effect of memory
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 1/9] move vector definitions to qemu-common.h

[Peter Lieven]

vector optimizations will now be used at various places
not just in is_dup_page() in arch_init.c

this patch also adds a zero splat vector.

Signed-off-by: Peter Lieven 
---
 arch_init.c   |   20 
 include/qemu-common.h |   24 
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 98e2bc6..1b71912 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -114,26 +114,6 @@ const uint32_t arch_type = QEMU_ARCH;
 #define RAM_SAVE_FLAG_CONTINUE 0x20
 #define RAM_SAVE_FLAG_XBZRLE   0x40
 
-#ifdef __ALTIVEC__
-#include 
-#define VECTYPEvector unsigned char
-#define SPLAT(p)   vec_splat(vec_ld(0, p), 0)
-#define ALL_EQ(v1, v2) vec_all_eq(v1, v2)
-/* altivec.h may redefine the bool macro as vector type.
- * Reset it to POSIX semantics. */
-#undef bool
-#define bool _Bool
-#elif defined __SSE2__
-#include 
-#define VECTYPE__m128i
-#define SPLAT(p)   _mm_set1_epi8(*(p))
-#define ALL_EQ(v1, v2) (_mm_movemask_epi8(_mm_cmpeq_epi8(v1, v2)) == 0x)
-#else
-#define VECTYPEunsigned long
-#define SPLAT(p)   (*(p) * (~0UL / 255))
-#define ALL_EQ(v1, v2) ((v1) == (v2))
-#endif
-
 
 static struct defconfig_file {
 const char *filename;
diff --git a/include/qemu-common.h b/include/qemu-common.h
index 5e13708..b59328f 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -442,4 +442,28 @@ int64_t pow2floor(int64_t value);
 int uleb128_encode_small(uint8_t *out, uint32_t n);
 int uleb128_decode_small(const uint8_t *in, uint32_t *n);
 
+/* vector definitions */
+#ifdef __ALTIVEC__
+#include 
+#define VECTYPEvector unsigned char
+#define SPLAT(p)   vec_splat(vec_ld(0, p), 0)
+#define ZERO_SPLAT vec_splat(vec_ld(0, 0), 0)
+#define ALL_EQ(v1, v2) vec_all_eq(v1, v2)
+/* altivec.h may redefine the bool macro as vector type.
+ * Reset it to POSIX semantics. */
+#undef bool
+#define bool _Bool
+#elif defined __SSE2__
+#include 
+#define VECTYPE__m128i
+#define SPLAT(p)   _mm_set1_epi8(*(p))
+#define ZERO_SPLAT _mm_setzero_si128()
+#define ALL_EQ(v1, v2) (_mm_movemask_epi8(_mm_cmpeq_epi8(v1, v2)) == 0x)
+#else
+#define VECTYPEunsigned long
+#define SPLAT(p)   (*(p) * (~0UL / 255))
+#define ZERO_SPLAT 0x0UL
+#define ALL_EQ(v1, v2) ((v1) == (v2))
+#endif
+
 #endif
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 6/9] migration: add an indicator for bulk state of ram migration

[Peter Lieven]

the first round of ram transfer is special since all pages
are dirty and thus all memory pages are transferred to
the target. this patch adds a boolean variable to track
this stage.

Signed-off-by: Peter Lieven 
---
 arch_init.c |3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch_init.c b/arch_init.c
index 87c16fc..e5531e8 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -311,6 +311,7 @@ static ram_addr_t last_offset;
 static unsigned long *migration_bitmap;
 static uint64_t migration_dirty_pages;
 static uint32_t last_version;
+static bool ram_bulk_stage;
 
 static inline
 ram_addr_t migration_bitmap_find_and_reset_dirty(MemoryRegion *mr,
@@ -418,6 +419,7 @@ static int ram_save_block(QEMUFile *f, bool last_stage)
 if (!block) {
 block = QTAILQ_FIRST(&ram_list.blocks);
 complete_round = true;
+ram_bulk_stage = false;
 }
 } else {
 uint8_t *p;
@@ -521,6 +523,7 @@ static void reset_ram_globals(void)
 last_sent_block = NULL;
 last_offset = 0;
 last_version = ram_list.version;
+ram_bulk_stage = true;
 }
 
 #define MAX_WAIT 50 /* ms, half buffered_file limit */
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 4/9] bitops: use vector algorithm to optimize find_next_bit()

[Peter Lieven]

this patch adds the usage of buffer_find_nonzero_offset()
to skip large areas of zeroes.

compared to loop unrolling presented in an earlier
patch this adds another 50% performance benefit for
skipping large areas of zeroes. loop unrolling alone
added close to 100% speedup.

Signed-off-by: Peter Lieven 
---
 util/bitops.c |   26 +++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/util/bitops.c b/util/bitops.c
index e72237a..3c301fa 100644
--- a/util/bitops.c
+++ b/util/bitops.c
@@ -42,10 +42,30 @@ unsigned long find_next_bit(const unsigned long *addr, 
unsigned long size,
 size -= BITS_PER_LONG;
 result += BITS_PER_LONG;
 }
-while (size & ~(BITS_PER_LONG-1)) {
-if ((tmp = *(p++))) {
-goto found_middle;
+while (size >= BITS_PER_LONG) {
+if ((tmp = *p)) {
+ goto found_middle;
+}
+if (((uintptr_t) p) % sizeof(VECTYPE) == 0 
+&& size >= BITS_PER_BYTE * sizeof(VECTYPE)
+   * BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR) {
+unsigned long tmp2 =
+buffer_find_nonzero_offset(p, ((size / BITS_PER_BYTE) & 
+   ~(BUFFER_FIND_NONZERO_OFFSET_UNROLL_FACTOR * 
+ sizeof(VECTYPE) - 1)));
+result += tmp2 * BITS_PER_BYTE;
+size -= tmp2 * BITS_PER_BYTE;
+p += tmp2 / sizeof(unsigned long);
+if (!size) {
+return result;
+}
+if (tmp2) {
+if ((tmp = *p)) {
+goto found_middle;
+}
+}
 }
+p++;
 result += BITS_PER_LONG;
 size -= BITS_PER_LONG;
 }
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 7/9] migration: do not sent zero pages in bulk stage

[Peter Lieven]

during bulk stage of ram migration if a page is a
zero page do not send it at all.
the memory at the destination reads as zero anyway.

even if there is an madvise with QEMU_MADV_DONTNEED
at the target upon receival of a zero page I have observed
that the target starts swapping if the memory is overcommitted.
it seems that the pages are dropped asynchronously.

Signed-off-by: Peter Lieven 
---
 arch_init.c |8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index e5531e8..a3dc20d 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -432,9 +432,11 @@ static int ram_save_block(QEMUFile *f, bool last_stage)
 bytes_sent = -1;
 if (buffer_is_zero(p, TARGET_PAGE_SIZE)) {
 acct_info.dup_pages++;
-bytes_sent = save_block_hdr(f, block, offset, cont,
-RAM_SAVE_FLAG_COMPRESS);
-qemu_put_byte(f, *p);
+if (!ram_bulk_stage) {
+bytes_sent = save_block_hdr(f, block, offset, cont,
+RAM_SAVE_FLAG_COMPRESS);
+qemu_put_byte(f, *p);
+}
 bytes_sent += 1;
 } else if (migrate_use_xbzrle()) {
 current_addr = block->offset + offset;
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 5/9] migration: search for zero instead of dup pages

[Peter Lieven]

virtually all dup pages are zero pages. remove
the speical is_dup_page() function and use the
optimized buffer_is_zero() function instead.

Signed-off-by: Peter Lieven 
---
 arch_init.c |   17 +
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 1b71912..87c16fc 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -144,21 +144,6 @@ int qemu_read_default_config_files(bool userconfig)
 return 0;
 }
 
-static int is_dup_page(uint8_t *page)
-{
-VECTYPE *p = (VECTYPE *)page;
-VECTYPE val = SPLAT(page);
-int i;
-
-for (i = 0; i < TARGET_PAGE_SIZE / sizeof(VECTYPE); i++) {
-if (!ALL_EQ(val, p[i])) {
-return 0;
-}
-}
-
-return 1;
-}
-
 /* struct contains XBZRLE cache and a static page
used by the compression */
 static struct {
@@ -443,7 +428,7 @@ static int ram_save_block(QEMUFile *f, bool last_stage)
 
 /* In doubt sent page as normal */
 bytes_sent = -1;
-if (is_dup_page(p)) {
+if (buffer_is_zero(p, TARGET_PAGE_SIZE)) {
 acct_info.dup_pages++;
 bytes_sent = save_block_hdr(f, block, offset, cont,
 RAM_SAVE_FLAG_COMPRESS);
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 9/9] migration: use XBZRLE only after bulk stage

[Peter Lieven]

at the beginning of migration all pages are marked dirty and
in the first round a bulk migration of all pages is performed.

currently all these pages are copied to the page cache regardless
if there are frequently updated or not. this doesn't make sense
since most of these pages are never transferred again.

this patch changes the XBZRLE transfer to only be used after
the bulk stage has been completed. that means a page is added
to the page cache the second time it is transferred and XBZRLE
can benefit from the third time of transfer.

since the page cache is likely smaller than the number of pages
its also likely that in the second round the page is missing in the
cache due to collisions in the bulk phase.

on the other hand a lot of unneccssary mallocs, memdups and frees
are saved.

the following results have been taken earlier while executing
the test program from docs/xbzrle.txt. (+) with the patch and (-)
without. (thanks to Eric Blake for reformatting and comments)

+ total time: 22185 milliseconds
- total time: 22410 milliseconds

Shaved 0.3 seconds, better than 1%!

+ downtime: 29 milliseconds
- downtime: 21 milliseconds

Not sure why downtime seemed worse, but probably not the end of the world.

+ transferred ram: 706034 kbytes
- transferred ram: 721318 kbytes

Fewer bytes sent - good.

+ remaining ram: 0 kbytes
- remaining ram: 0 kbytes
+ total ram: 1057216 kbytes
- total ram: 1057216 kbytes
+ duplicate: 108556 pages
- duplicate: 105553 pages
+ normal: 175146 pages
- normal: 179589 pages
+ normal bytes: 700584 kbytes
- normal bytes: 718356 kbytes

Fewer normal bytes...

+ cache size: 67108864 bytes
- cache size: 67108864 bytes
+ xbzrle transferred: 3127 kbytes
- xbzrle transferred: 630 kbytes

...and more compressed pages sent - good.

+ xbzrle pages: 117811 pages
- xbzrle pages: 21527 pages
+ xbzrle cache miss: 18750
- xbzrle cache miss: 179589

And very good improvement on the cache miss rate.

+ xbzrle overflow : 0
- xbzrle overflow : 0

Signed-off-by: Peter Lieven 
---
 arch_init.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch_init.c b/arch_init.c
index ca281ad..08e2744 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -444,7 +444,7 @@ static int ram_save_block(QEMUFile *f, bool last_stage)
 qemu_put_byte(f, *p);
 }
 bytes_sent += 1;
-} else if (migrate_use_xbzrle()) {
+} else if (!ram_bulk_stage && migrate_use_xbzrle()) {
 current_addr = block->offset + offset;
 bytes_sent = save_xbzrle_page(f, p, current_addr, block,
   offset, cont, last_stage);
-- 
1.7.9.5

[Qemu-devel] [PATCHv2 8/9] migration: do not search dirty pages in bulk stage

[Peter Lieven]

avoid searching for dirty pages just increment the
page offset. all pages are dirty anyway.

Signed-off-by: Peter Lieven 
---
 arch_init.c |   12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index a3dc20d..ca281ad 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -321,8 +321,14 @@ ram_addr_t 
migration_bitmap_find_and_reset_dirty(MemoryRegion *mr,
 unsigned long nr = base + (start >> TARGET_PAGE_BITS);
 unsigned long size = base + (int128_get64(mr->size) >> TARGET_PAGE_BITS);
 
-unsigned long next = find_next_bit(migration_bitmap, size, nr);
-
+unsigned long next;
+
+if (ram_bulk_stage) {
+next = nr + 1;
+} else {
+next = find_next_bit(migration_bitmap, size, nr);
+}
+
 if (next < size) {
 clear_bit(next, migration_bitmap);
 migration_dirty_pages--;
@@ -523,7 +529,7 @@ static void reset_ram_globals(void)
 {
 last_seen_block = NULL;
 last_sent_block = NULL;
-last_offset = 0;
+last_offset = -1;
 last_version = ram_list.version;
 ram_bulk_stage = true;
 }
-- 
1.7.9.5

[Qemu-devel] Trouble with adding TCG branch instructions

[Soumyadeep Ghosh]

Hi,

I am trying to modify the translate.c file for ARM target to add some extra 
operations for every add/subtract instruction in the target code. Following are 
the main modifications I need to make:

1. Added new registers to CPUArmState and added corresponding TCG registers 
(already done)
2. For every add/subtract, compare the values of the operands, and store the 
greater operand in one of the newly added registers.

For 2, I have added the following sequence of code (with my interpretation of 
the code I have written as comments):

int label_rn = gen_new_label();
int label_done = gen_new_label();
tcg_gen_brcond_tl (TCG_cond_LT, tmp2, tmp, label_rn);  // If tmp2 < 
 tmp, branch to label_rn
store_reg (s, 20, tmp2);
// Store tmp2 in one of the newly added registers
tcg_gen_br (label_done);
// Branch to end
gen_set_label (label_rn);   
// Set label_rn to the current code location
store_reg (s, 20, tmp); 
// Store tmp in one of the newly added registers
gen_set_label (label_done); 
// Set label_done to the current code location
// Rest of the program

When I try to emulate my ARM program using the compiled version of the modified 
emulator, I get an error (Uncaught signal 11). Debugging with gdb tells me that 
the following assertion on line 1885 of tcg/tcg.c (the function 
tcg_reg_alloc_op) raises the signal:

assert (ts->val_type == TEMP_VAL_REG);

Does anyone have any insight into what is causing the problem? 

Thanks in advance for any inputs,

Deep

Re: [Qemu-devel] [PATCH] hw/arm/nseries: don't print to stdout or stderr

[Andreas Färber]

Am 15.03.2013 18:29, schrieb Peter Maydell:
> Remove various bits of printing to stdout or stderr from the
> nseries code, replacing it with a qemu log message where there's
> an appropriate log category, and just dropping the output for
> some of the more debug-like printing.
> 
> In particular, this will get rid of the 'mipid_reset' message
> you currently get from 'make check'.
> 
> Signed-off-by: Peter Maydell 
> ---
> None of the printing I deleted seemed important enough to be worth
> trying to retain as a trace event. I'm open to argument if anybody
> genuinely uses it, though.

Reviewed-by: Andreas Färber 

Was too deep down my TODO list.

Thanks,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH v9 08/10] virtio-blk: cleanup: init and exit functions.

[fred . konrad]

From: KONRAD Frederic 

As all virtio-blk-* are switched to the new API, we can remove the separate
init/exit for the old API.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-blk.c | 85 ++---
 hw/virtio.h |  2 --
 2 files changed, 21 insertions(+), 66 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 3622bb9..9e7cd1f 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -630,102 +630,59 @@ void virtio_blk_set_conf(DeviceState *dev, VirtIOBlkConf 
*blk)
 memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
 }
 
-static VirtIODevice *virtio_blk_common_init(DeviceState *dev,
-  VirtIOBlkConf *blk, VirtIOBlock **ps)
+static int virtio_blk_device_init(VirtIODevice *vdev)
 {
-VirtIOBlock *s = *ps;
+DeviceState *qdev = DEVICE(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
+VirtIOBlkConf *blk = &(s->blk);
 static int virtio_blk_id;
 
 if (!blk->conf.bs) {
 error_report("drive property not set");
-return NULL;
+return -1;
 }
 if (!bdrv_is_inserted(blk->conf.bs)) {
 error_report("Device needs media, but drive is empty");
-return NULL;
+return -1;
 }
 
 blkconf_serial(&blk->conf, &blk->serial);
 if (blkconf_geometry(&blk->conf, NULL, 65535, 255, 255) < 0) {
-return NULL;
+return -1;
 }
 
-/*
- * We have two cases here: the old virtio-blk-pci device, and the
- * refactored virtio-blk.
- */
-if (s == NULL) {
-/* virtio-blk-pci */
-s = (VirtIOBlock *)virtio_common_init("virtio-blk", VIRTIO_ID_BLOCK,
-  sizeof(struct virtio_blk_config),
-  sizeof(VirtIOBlock));
-} else {
-/* virtio-blk */
-virtio_init(VIRTIO_DEVICE(s), "virtio-blk", VIRTIO_ID_BLOCK,
-sizeof(struct virtio_blk_config));
-}
+virtio_init(vdev, "virtio-blk", VIRTIO_ID_BLOCK,
+sizeof(struct virtio_blk_config));
 
-s->vdev.get_config = virtio_blk_update_config;
-s->vdev.set_config = virtio_blk_set_config;
-s->vdev.get_features = virtio_blk_get_features;
-s->vdev.set_status = virtio_blk_set_status;
-s->vdev.reset = virtio_blk_reset;
+vdev->get_config = virtio_blk_update_config;
+vdev->set_config = virtio_blk_set_config;
+vdev->get_features = virtio_blk_get_features;
+vdev->set_status = virtio_blk_set_status;
+vdev->reset = virtio_blk_reset;
 s->bs = blk->conf.bs;
 s->conf = &blk->conf;
 memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
 s->rq = NULL;
 s->sector_mask = (s->conf->logical_block_size / BDRV_SECTOR_SIZE) - 1;
 
-s->vq = virtio_add_queue(&s->vdev, 128, virtio_blk_handle_output);
+s->vq = virtio_add_queue(vdev, 128, virtio_blk_handle_output);
 #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-if (!virtio_blk_data_plane_create(&s->vdev, blk, &s->dataplane)) {
-virtio_cleanup(&s->vdev);
-return NULL;
+if (!virtio_blk_data_plane_create(vdev, blk, &s->dataplane)) {
+virtio_cleanup(vdev);
+return -1;
 }
 #endif
 
 s->change = qemu_add_vm_change_state_handler(virtio_blk_dma_restart_cb, s);
-s->qdev = dev;
-register_savevm(dev, "virtio-blk", virtio_blk_id++, 2,
+s->qdev = qdev;
+register_savevm(qdev, "virtio-blk", virtio_blk_id++, 2,
 virtio_blk_save, virtio_blk_load, s);
 bdrv_set_dev_ops(s->bs, &virtio_block_ops, s);
 bdrv_set_buffer_alignment(s->bs, s->conf->logical_block_size);
 
 bdrv_iostatus_enable(s->bs);
-add_boot_device_path(s->conf->bootindex, dev, "/disk@0,0");
 
-return &s->vdev;
-}
-
-VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk)
-{
-VirtIOBlock *s = NULL;
-return virtio_blk_common_init(dev, blk, &s);
-}
-
-void virtio_blk_exit(VirtIODevice *vdev)
-{
-VirtIOBlock *s = to_virtio_blk(vdev);
-
-#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-virtio_blk_data_plane_destroy(s->dataplane);
-s->dataplane = NULL;
-#endif
-qemu_del_vm_change_state_handler(s->change);
-unregister_savevm(s->qdev, "virtio-blk", s);
-blockdev_mark_auto_del(s->bs);
-virtio_cleanup(vdev);
-}
-
-
-static int virtio_blk_device_init(VirtIODevice *vdev)
-{
-DeviceState *qdev = DEVICE(vdev);
-VirtIOBlock *s = VIRTIO_BLK(vdev);
-VirtIOBlkConf *blk = &(s->blk);
-if (virtio_blk_common_init(qdev, blk, &s) == NULL) {
-return -1;
-}
+add_boot_device_path(s->conf->bootindex, qdev, "/disk@0,0");
 return 0;
 }
 
diff --git a/hw/virtio.h b/hw/virtio.h
index ca43fd7..fdbe931 100644
--- a/hw/virtio.h
+++ b/hw/virtio.h
@@ -240,7 +240,6 @@ void virtio_bind_device(VirtIODevice *vdev, const 
VirtIOBindings *binding,
 
 /* Base devices.  */
 typedef struct VirtIOBlkConf VirtIOBlkConf;
-VirtIODevice *virtio_blk_init(DeviceSta

[Qemu-devel] [PATCH v9 10/10] virtio-blk: cleanup: remove qdev field.

[fred . konrad]

From: KONRAD Frederic 

The qdev field is no longer needed, just drop it.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-blk.c | 3 +--
 hw/virtio-blk.h | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 663edcd..e6f8875 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -669,7 +669,6 @@ static int virtio_blk_device_init(VirtIODevice *vdev)
 #endif
 
 s->change = qemu_add_vm_change_state_handler(virtio_blk_dma_restart_cb, s);
-s->qdev = qdev;
 register_savevm(qdev, "virtio-blk", virtio_blk_id++, 2,
 virtio_blk_save, virtio_blk_load, s);
 bdrv_set_dev_ops(s->bs, &virtio_block_ops, s);
@@ -690,7 +689,7 @@ static int virtio_blk_device_exit(DeviceState *dev)
 s->dataplane = NULL;
 #endif
 qemu_del_vm_change_state_handler(s->change);
-unregister_savevm(s->qdev, "virtio-blk", s);
+unregister_savevm(dev, "virtio-blk", s);
 blockdev_mark_auto_del(s->bs);
 virtio_common_cleanup(vdev);
 return 0;
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
index 51ac010..8c6c78b 100644
--- a/hw/virtio-blk.h
+++ b/hw/virtio-blk.h
@@ -124,7 +124,6 @@ typedef struct VirtIOBlock {
 BlockConf *conf;
 VirtIOBlkConf blk;
 unsigned short sector_mask;
-DeviceState *qdev;
 VMChangeStateEntry *change;
 #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
 VirtIOBlockDataPlane *dataplane;
-- 
1.7.11.7

[Qemu-devel] [PATCH v9 06/10] virtio-blk-s390: switch to the new API.

[fred . konrad]

From: KONRAD Frederic 

Here the virtio-blk-s390 is modified for the new API. The device
virtio-blk-s390 extends virtio-s390-device as before. It creates and
connects a virtio-blk during the init. The properties are not modified.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/s390x/s390-virtio-bus.c | 30 +++---
 hw/s390x/s390-virtio-bus.h | 13 -
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/hw/s390x/s390-virtio-bus.c b/hw/s390x/s390-virtio-bus.c
index 8d4fd72..76bc99a 100644
--- a/hw/s390x/s390-virtio-bus.c
+++ b/hw/s390x/s390-virtio-bus.c
@@ -162,16 +162,23 @@ static int s390_virtio_net_init(VirtIOS390Device *dev)
 return s390_virtio_device_init(dev, vdev);
 }
 
-static int s390_virtio_blk_init(VirtIOS390Device *dev)
+static int s390_virtio_blk_init(VirtIOS390Device *s390_dev)
 {
-VirtIODevice *vdev;
-
-vdev = virtio_blk_init((DeviceState *)dev, &dev->blk);
-if (!vdev) {
+VirtIOBlkS390 *dev = VIRTIO_BLK_S390(s390_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+virtio_blk_set_conf(vdev, &(dev->blk));
+qdev_set_parent_bus(vdev, BUS(&s390_dev->bus));
+if (qdev_init(vdev) < 0) {
 return -1;
 }
+return s390_virtio_device_init(s390_dev, VIRTIO_DEVICE(vdev));
+}
 
-return s390_virtio_device_init(dev, vdev);
+static void s390_virtio_blk_instance_init(Object *obj)
+{
+VirtIOBlkS390 *dev = VIRTIO_BLK_S390(obj);
+object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BLK);
+object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
 }
 
 static int s390_virtio_serial_init(VirtIOS390Device *dev)
@@ -428,11 +435,11 @@ static const TypeInfo s390_virtio_net = {
 };
 
 static Property s390_virtio_blk_properties[] = {
-DEFINE_BLOCK_PROPERTIES(VirtIOS390Device, blk.conf),
-DEFINE_BLOCK_CHS_PROPERTIES(VirtIOS390Device, blk.conf),
-DEFINE_PROP_STRING("serial", VirtIOS390Device, blk.serial),
+DEFINE_BLOCK_PROPERTIES(VirtIOBlkS390, blk.conf),
+DEFINE_BLOCK_CHS_PROPERTIES(VirtIOBlkS390, blk.conf),
+DEFINE_PROP_STRING("serial", VirtIOBlkS390, blk.serial),
 #ifdef __linux__
-DEFINE_PROP_BIT("scsi", VirtIOS390Device, blk.scsi, 0, true),
+DEFINE_PROP_BIT("scsi", VirtIOBlkS390, blk.scsi, 0, true),
 #endif
 DEFINE_PROP_END_OF_LIST(),
 };
@@ -449,7 +456,8 @@ static void s390_virtio_blk_class_init(ObjectClass *klass, 
void *data)
 static const TypeInfo s390_virtio_blk = {
 .name  = "virtio-blk-s390",
 .parent= TYPE_VIRTIO_S390_DEVICE,
-.instance_size = sizeof(VirtIOS390Device),
+.instance_size = sizeof(VirtIOBlkS390),
+.instance_init = s390_virtio_blk_instance_init,
 .class_init= s390_virtio_blk_class_init,
 };
 
diff --git a/hw/s390x/s390-virtio-bus.h b/hw/s390x/s390-virtio-bus.h
index 4aacf83..1a63411 100644
--- a/hw/s390x/s390-virtio-bus.h
+++ b/hw/s390x/s390-virtio-bus.h
@@ -89,7 +89,6 @@ struct VirtIOS390Device {
 ram_addr_t feat_offs;
 uint8_t feat_len;
 VirtIODevice *vdev;
-VirtIOBlkConf blk;
 NICConf nic;
 uint32_t host_features;
 virtio_serial_conf serial;
@@ -120,5 +119,17 @@ VirtIOS390Device *s390_virtio_bus_find_mem(VirtIOS390Bus 
*bus, ram_addr_t mem);
 void s390_virtio_device_sync(VirtIOS390Device *dev);
 void s390_virtio_reset_idx(VirtIOS390Device *dev);
 
+/* virtio-blk-s390 */
+
+#define TYPE_VIRTIO_BLK_S390 "virtio-blk-s390"
+#define VIRTIO_BLK_S390(obj) \
+OBJECT_CHECK(VirtIOBlkS390, (obj), TYPE_VIRTIO_BLK_S390)
+
+typedef struct VirtIOBlkS390 {
+VirtIOS390Device parent_obj;
+VirtIOBlock vdev;
+VirtIOBlkConf blk;
+} VirtIOBlkS390;
+
 
 #endif
-- 
1.7.11.7

[Qemu-devel] [PATCH v9 05/10] virtio-blk-pci: switch to new API.

[fred . konrad]

From: KONRAD Frederic 

Here the virtio-blk-pci is modified for the new API. The device
virtio-blk-pci extends virtio-pci. It creates and connects a virtio-blk
during the init. The properties are not changed.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-pci.c | 121 ++--
 hw/virtio-pci.h |  15 ++-
 2 files changed, 71 insertions(+), 65 deletions(-)

diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index 2160cb8..0095a32 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -924,26 +924,6 @@ void virtio_init_pci(VirtIOPCIProxy *proxy, VirtIODevice 
*vdev)
 proxy->host_features = vdev->get_features(vdev, proxy->host_features);
 }
 
-static int virtio_blk_init_pci(PCIDevice *pci_dev)
-{
-VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-VirtIODevice *vdev;
-
-if (proxy->class_code != PCI_CLASS_STORAGE_SCSI &&
-proxy->class_code != PCI_CLASS_STORAGE_OTHER)
-proxy->class_code = PCI_CLASS_STORAGE_SCSI;
-
-vdev = virtio_blk_init(&pci_dev->qdev, &proxy->blk);
-if (!vdev) {
-return -1;
-}
-vdev->nvectors = proxy->nvectors;
-virtio_init_pci(proxy, vdev);
-/* make the actual value visible */
-proxy->nvectors = vdev->nvectors;
-return 0;
-}
-
 static void virtio_exit_pci(PCIDevice *pci_dev)
 {
 VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
@@ -952,15 +932,6 @@ static void virtio_exit_pci(PCIDevice *pci_dev)
 msix_uninit_exclusive_bar(pci_dev);
 }
 
-static void virtio_blk_exit_pci(PCIDevice *pci_dev)
-{
-VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-
-virtio_pci_stop_ioeventfd(proxy);
-virtio_blk_exit(proxy->vdev);
-virtio_exit_pci(pci_dev);
-}
-
 static int virtio_serial_init_pci(PCIDevice *pci_dev)
 {
 VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
@@ -1082,40 +1053,6 @@ static void virtio_rng_exit_pci(PCIDevice *pci_dev)
 virtio_exit_pci(pci_dev);
 }
 
-static Property virtio_blk_properties[] = {
-DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
-DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, 
VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
-#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-DEFINE_PROP_BIT("x-data-plane", VirtIOPCIProxy, blk.data_plane, 0, false),
-#endif
-DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
-DEFINE_VIRTIO_BLK_FEATURES(VirtIOPCIProxy, host_features),
-DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOPCIProxy, blk),
-DEFINE_PROP_END_OF_LIST(),
-};
-
-static void virtio_blk_class_init(ObjectClass *klass, void *data)
-{
-DeviceClass *dc = DEVICE_CLASS(klass);
-PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
-
-k->init = virtio_blk_init_pci;
-k->exit = virtio_blk_exit_pci;
-k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
-k->device_id = PCI_DEVICE_ID_VIRTIO_BLOCK;
-k->revision = VIRTIO_PCI_ABI_VERSION;
-k->class_id = PCI_CLASS_STORAGE_SCSI;
-dc->reset = virtio_pci_reset;
-dc->props = virtio_blk_properties;
-}
-
-static const TypeInfo virtio_blk_info = {
-.name  = "virtio-blk-pci",
-.parent= TYPE_PCI_DEVICE,
-.instance_size = sizeof(VirtIOPCIProxy),
-.class_init= virtio_blk_class_init,
-};
-
 static Property virtio_net_properties[] = {
 DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags, 
VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, false),
 DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 3),
@@ -1470,6 +1407,62 @@ static const TypeInfo virtio_pci_info = {
 .abstract  = true,
 };
 
+/* virtio-blk-pci */
+
+static Property virtio_blk_pci_properties[] = {
+DEFINE_PROP_HEX32("class", VirtIOPCIProxy, class_code, 0),
+DEFINE_PROP_BIT("ioeventfd", VirtIOPCIProxy, flags,
+VIRTIO_PCI_FLAG_USE_IOEVENTFD_BIT, true),
+DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2),
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+DEFINE_PROP_BIT("x-data-plane", VirtIOBlkPCI, blk.data_plane, 0, false),
+#endif
+DEFINE_VIRTIO_BLK_FEATURES(VirtIOPCIProxy, host_features),
+DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlkPCI, blk),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static int virtio_blk_pci_init(VirtIOPCIProxy *vpci_dev)
+{
+VirtIOBlkPCI *dev = VIRTIO_BLK_PCI(vpci_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+virtio_blk_set_conf(vdev, &(dev->blk));
+qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
+if (qdev_init(vdev) < 0) {
+return -1;
+}
+return 0;
+}
+
+static void virtio_blk_pci_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
+PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
+
+dc->props = virtio_blk_pci_properties;
+k->init = virtio_blk_pci_init;
+pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
+pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_BLOCK;
+   

[Qemu-devel] [PATCH v9 07/10] virtio-blk-ccw switch to new API.

[fred . konrad]

From: KONRAD Frederic 

Here the virtio-ccw-s390 is modified for the new API. The device
virtio-ccw-s390 extends virtio-ccw-device as before. It creates and
connects a virtio-ccw during the init. The properties are not modified.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/s390x/virtio-ccw.c | 33 ++---
 hw/s390x/virtio-ccw.h | 14 +-
 2 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d80de67..9688835 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -570,22 +570,24 @@ static int virtio_ccw_net_exit(VirtioCcwDevice *dev)
 return virtio_ccw_exit(dev);
 }
 
-static int virtio_ccw_blk_init(VirtioCcwDevice *dev)
+static int virtio_ccw_blk_init(VirtioCcwDevice *ccw_dev)
 {
-VirtIODevice *vdev;
-
-vdev = virtio_blk_init((DeviceState *)dev, &dev->blk);
-if (!vdev) {
+VirtIOBlkCcw *dev = VIRTIO_BLK_CCW(ccw_dev);
+DeviceState *vdev = DEVICE(&dev->vdev);
+virtio_blk_set_conf(vdev, &(dev->blk));
+qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));
+if (qdev_init(vdev) < 0) {
 return -1;
 }
 
-return virtio_ccw_device_init(dev, vdev);
+return virtio_ccw_device_init(ccw_dev, VIRTIO_DEVICE(vdev));
 }
 
-static int virtio_ccw_blk_exit(VirtioCcwDevice *dev)
+static void virtio_ccw_blk_instance_init(Object *obj)
 {
-virtio_blk_exit(dev->vdev);
-return virtio_ccw_exit(dev);
+VirtIOBlkCcw *dev = VIRTIO_BLK_CCW(obj);
+object_initialize(OBJECT(&dev->vdev), TYPE_VIRTIO_BLK);
+object_property_add_child(obj, "virtio-backend", OBJECT(&dev->vdev), NULL);
 }
 
 static int virtio_ccw_serial_init(VirtioCcwDevice *dev)
@@ -754,10 +756,10 @@ static const TypeInfo virtio_ccw_net = {
 
 static Property virtio_ccw_blk_properties[] = {
 DEFINE_PROP_STRING("devno", VirtioCcwDevice, bus_id),
-DEFINE_BLOCK_PROPERTIES(VirtioCcwDevice, blk.conf),
-DEFINE_PROP_STRING("serial", VirtioCcwDevice, blk.serial),
+DEFINE_BLOCK_PROPERTIES(VirtIOBlkCcw, blk.conf),
+DEFINE_PROP_STRING("serial", VirtIOBlkCcw, blk.serial),
 #ifdef __linux__
-DEFINE_PROP_BIT("scsi", VirtioCcwDevice, blk.scsi, 0, true),
+DEFINE_PROP_BIT("scsi", VirtIOBlkCcw, blk.scsi, 0, true),
 #endif
 DEFINE_VIRTIO_BLK_FEATURES(VirtioCcwDevice, host_features[0]),
 DEFINE_PROP_END_OF_LIST(),
@@ -769,15 +771,16 @@ static void virtio_ccw_blk_class_init(ObjectClass *klass, 
void *data)
 VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
 
 k->init = virtio_ccw_blk_init;
-k->exit = virtio_ccw_blk_exit;
+k->exit = virtio_ccw_exit;
 dc->reset = virtio_ccw_reset;
 dc->props = virtio_ccw_blk_properties;
 }
 
 static const TypeInfo virtio_ccw_blk = {
-.name  = "virtio-blk-ccw",
+.name  = TYPE_VIRTIO_BLK_CCW,
 .parent= TYPE_VIRTIO_CCW_DEVICE,
-.instance_size = sizeof(VirtioCcwDevice),
+.instance_size = sizeof(VirtIOBlkCcw),
+.instance_init = virtio_ccw_blk_instance_init,
 .class_init= virtio_ccw_blk_class_init,
 };
 
diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
index 88c46c0..3993bc5 100644
--- a/hw/s390x/virtio-ccw.h
+++ b/hw/s390x/virtio-ccw.h
@@ -72,7 +72,6 @@ struct VirtioCcwDevice {
 SubchDev *sch;
 VirtIODevice *vdev;
 char *bus_id;
-VirtIOBlkConf blk;
 NICConf nic;
 uint32_t host_features[VIRTIO_CCW_FEATURE_SIZE];
 virtio_serial_conf serial;
@@ -94,6 +93,19 @@ typedef struct VirtualCssBus {
 #define VIRTUAL_CSS_BUS(obj) \
  OBJECT_CHECK(VirtualCssBus, (obj), TYPE_VIRTUAL_CSS_BUS)
 
+/* virtio-blk-ccw */
+
+#define TYPE_VIRTIO_BLK_CCW "virtio-blk-ccw"
+#define VIRTIO_BLK_CCW(obj) \
+OBJECT_CHECK(VirtIOBlkCcw, (obj), TYPE_VIRTIO_BLK_CCW)
+
+typedef struct VirtIOBlkCcw {
+VirtioCcwDevice parent_obj;
+VirtIOBlock vdev;
+VirtIOBlkConf blk;
+} VirtIOBlkCcw;
+
+
 VirtualCssBus *virtual_css_bus_init(void);
 void virtio_ccw_device_update_status(SubchDev *sch);
 VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch);
-- 
1.7.11.7

[Qemu-devel] [PATCH v9 04/10] virtio-blk: add the virtio-blk device.

[fred . konrad]

From: KONRAD Frederic 

Create virtio-blk which extends virtio-device, so it can be connected on
virtio-bus.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-blk.c | 98 ++---
 hw/virtio-blk.h | 21 +
 hw/virtio-pci.c |  8 +
 3 files changed, 115 insertions(+), 12 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 908c316..3622bb9 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -21,7 +21,11 @@
 #ifdef __linux__
 # include 
 #endif
+#include "hw/virtio-bus.h"
 
+/*
+ * Moving to QOM later in this series.
+ */
 static VirtIOBlock *to_virtio_blk(VirtIODevice *vdev)
 {
 return (VirtIOBlock *)vdev;
@@ -620,9 +624,16 @@ static const BlockDevOps virtio_block_ops = {
 .resize_cb = virtio_blk_resize,
 };
 
-VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk)
+void virtio_blk_set_conf(DeviceState *dev, VirtIOBlkConf *blk)
 {
-VirtIOBlock *s;
+VirtIOBlock *s = VIRTIO_BLK(dev);
+memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
+}
+
+static VirtIODevice *virtio_blk_common_init(DeviceState *dev,
+  VirtIOBlkConf *blk, VirtIOBlock **ps)
+{
+VirtIOBlock *s = *ps;
 static int virtio_blk_id;
 
 if (!blk->conf.bs) {
@@ -639,9 +650,20 @@ VirtIODevice *virtio_blk_init(DeviceState *dev, 
VirtIOBlkConf *blk)
 return NULL;
 }
 
-s = (VirtIOBlock *)virtio_common_init("virtio-blk", VIRTIO_ID_BLOCK,
-  sizeof(struct virtio_blk_config),
-  sizeof(VirtIOBlock));
+/*
+ * We have two cases here: the old virtio-blk-pci device, and the
+ * refactored virtio-blk.
+ */
+if (s == NULL) {
+/* virtio-blk-pci */
+s = (VirtIOBlock *)virtio_common_init("virtio-blk", VIRTIO_ID_BLOCK,
+  sizeof(struct virtio_blk_config),
+  sizeof(VirtIOBlock));
+} else {
+/* virtio-blk */
+virtio_init(VIRTIO_DEVICE(s), "virtio-blk", VIRTIO_ID_BLOCK,
+sizeof(struct virtio_blk_config));
+}
 
 s->vdev.get_config = virtio_blk_update_config;
 s->vdev.set_config = virtio_blk_set_config;
@@ -675,6 +697,12 @@ VirtIODevice *virtio_blk_init(DeviceState *dev, 
VirtIOBlkConf *blk)
 return &s->vdev;
 }
 
+VirtIODevice *virtio_blk_init(DeviceState *dev, VirtIOBlkConf *blk)
+{
+VirtIOBlock *s = NULL;
+return virtio_blk_common_init(dev, blk, &s);
+}
+
 void virtio_blk_exit(VirtIODevice *vdev)
 {
 VirtIOBlock *s = to_virtio_blk(vdev);
@@ -688,3 +716,63 @@ void virtio_blk_exit(VirtIODevice *vdev)
 blockdev_mark_auto_del(s->bs);
 virtio_cleanup(vdev);
 }
+
+
+static int virtio_blk_device_init(VirtIODevice *vdev)
+{
+DeviceState *qdev = DEVICE(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
+VirtIOBlkConf *blk = &(s->blk);
+if (virtio_blk_common_init(qdev, blk, &s) == NULL) {
+return -1;
+}
+return 0;
+}
+
+static int virtio_blk_device_exit(DeviceState *dev)
+{
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VirtIOBlock *s = VIRTIO_BLK(dev);
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+virtio_blk_data_plane_destroy(s->dataplane);
+s->dataplane = NULL;
+#endif
+qemu_del_vm_change_state_handler(s->change);
+unregister_savevm(s->qdev, "virtio-blk", s);
+blockdev_mark_auto_del(s->bs);
+virtio_common_cleanup(vdev);
+return 0;
+}
+
+static Property virtio_blk_properties[] = {
+DEFINE_VIRTIO_BLK_PROPERTIES(VirtIOBlock, blk),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void virtio_blk_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+dc->exit = virtio_blk_device_exit;
+dc->props = virtio_blk_properties;
+vdc->init = virtio_blk_device_init;
+vdc->get_config = virtio_blk_update_config;
+vdc->set_config = virtio_blk_set_config;
+vdc->get_features = virtio_blk_get_features;
+vdc->set_status = virtio_blk_set_status;
+vdc->reset = virtio_blk_reset;
+}
+
+static const TypeInfo virtio_device_info = {
+.name = TYPE_VIRTIO_BLK,
+.parent = TYPE_VIRTIO_DEVICE,
+.instance_size = sizeof(VirtIOBlock),
+.class_init = virtio_blk_class_init,
+};
+
+static void virtio_register_types(void)
+{
+type_register_static(&virtio_device_info);
+}
+
+type_init(virtio_register_types)
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
index b704d50..a040c01 100644
--- a/hw/virtio-blk.h
+++ b/hw/virtio-blk.h
@@ -20,6 +20,10 @@
 #include "dataplane/virtio-blk.h"
 #endif
 
+#define TYPE_VIRTIO_BLK "virtio-blk"
+#define VIRTIO_BLK(obj) \
+OBJECT_CHECK(VirtIOBlock, (obj), TYPE_VIRTIO_BLK)
+
 /* from Linux's linux/virtio_blk.h */
 
 /* The ID for virtio_block */
@@ -130,4 +134,21 @@ typedef struct VirtIOBlock {
 #define DEFIN

[Qemu-devel] [PATCH v9 03/10] virtio-blk: don't use pointer for configuration.

[fred . konrad]

From: KONRAD Frederic 

The configuration field must not be a pointer as it will be used for virtio-blk
properties. So *blk is replaced by blk in VirtIOBlock structure.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-blk.c | 8 
 hw/virtio-blk.h | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 6714b01..908c316 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -151,7 +151,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
  */
 req->scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
 
-if (!req->dev->blk->scsi) {
+if (!req->dev->blk.scsi) {
 status = VIRTIO_BLK_S_UNSUPP;
 goto fail;
 }
@@ -371,7 +371,7 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req,
  * terminated by '\0' only when shorter than buffer.
  */
 strncpy(req->elem.in_sg[0].iov_base,
-s->blk->serial ? s->blk->serial : "",
+s->blk.serial ? s->blk.serial : "",
 MIN(req->elem.in_sg[0].iov_len, VIRTIO_BLK_ID_BYTES));
 virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
 g_free(req);
@@ -534,7 +534,7 @@ static uint32_t virtio_blk_get_features(VirtIODevice *vdev, 
uint32_t features)
 features |= (1 << VIRTIO_BLK_F_BLK_SIZE);
 features |= (1 << VIRTIO_BLK_F_SCSI);
 
-if (s->blk->config_wce) {
+if (s->blk.config_wce) {
 features |= (1 << VIRTIO_BLK_F_CONFIG_WCE);
 }
 if (bdrv_enable_write_cache(s->bs))
@@ -650,7 +650,7 @@ VirtIODevice *virtio_blk_init(DeviceState *dev, 
VirtIOBlkConf *blk)
 s->vdev.reset = virtio_blk_reset;
 s->bs = blk->conf.bs;
 s->conf = &blk->conf;
-s->blk = blk;
+memcpy(&(s->blk), blk, sizeof(struct VirtIOBlkConf));
 s->rq = NULL;
 s->sector_mask = (s->conf->logical_block_size / BDRV_SECTOR_SIZE) - 1;
 
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
index 19ec569..b704d50 100644
--- a/hw/virtio-blk.h
+++ b/hw/virtio-blk.h
@@ -118,7 +118,7 @@ typedef struct VirtIOBlock {
 void *rq;
 QEMUBH *bh;
 BlockConf *conf;
-VirtIOBlkConf *blk;
+VirtIOBlkConf blk;
 unsigned short sector_mask;
 DeviceState *qdev;
 VMChangeStateEntry *change;
-- 
1.7.11.7

[Qemu-devel] [PATCH v9 09/10] virtio-blk: cleanup: QOM cast

[fred . konrad]

From: KONRAD Frederic 

Use QOM casts inside virtio-blk.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Peter Maydell 
---
 hw/virtio-blk.c | 33 ++---
 hw/virtio-blk.h |  2 +-
 2 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 9e7cd1f..663edcd 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -23,14 +23,6 @@
 #endif
 #include "hw/virtio-bus.h"
 
-/*
- * Moving to QOM later in this series.
- */
-static VirtIOBlock *to_virtio_blk(VirtIODevice *vdev)
-{
-return (VirtIOBlock *)vdev;
-}
-
 typedef struct VirtIOBlockReq
 {
 VirtIOBlock *dev;
@@ -46,12 +38,13 @@ typedef struct VirtIOBlockReq
 static void virtio_blk_req_complete(VirtIOBlockReq *req, int status)
 {
 VirtIOBlock *s = req->dev;
+VirtIODevice *vdev = VIRTIO_DEVICE(s);
 
 trace_virtio_blk_req_complete(req, status);
 
 stb_p(&req->in->status, status);
 virtqueue_push(s->vq, &req->elem, req->qiov.size + sizeof(*req->in));
-virtio_notify(&s->vdev, s->vq);
+virtio_notify(vdev, s->vq);
 }
 
 static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
@@ -396,7 +389,7 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req,
 
 static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
 {
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 VirtIOBlockReq *req;
 MultiReqBuffer mrb = {
 .num_writes = 0,
@@ -464,7 +457,7 @@ static void virtio_blk_dma_restart_cb(void *opaque, int 
running,
 static void virtio_blk_reset(VirtIODevice *vdev)
 {
 #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 
 if (s->dataplane) {
 virtio_blk_data_plane_stop(s->dataplane);
@@ -482,7 +475,7 @@ static void virtio_blk_reset(VirtIODevice *vdev)
  */
 static void virtio_blk_update_config(VirtIODevice *vdev, uint8_t *config)
 {
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 struct virtio_blk_config blkcfg;
 uint64_t capacity;
 int blk_size = s->conf->logical_block_size;
@@ -521,7 +514,7 @@ static void virtio_blk_update_config(VirtIODevice *vdev, 
uint8_t *config)
 
 static void virtio_blk_set_config(VirtIODevice *vdev, const uint8_t *config)
 {
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 struct virtio_blk_config blkcfg;
 
 memcpy(&blkcfg, config, sizeof(blkcfg));
@@ -530,7 +523,7 @@ static void virtio_blk_set_config(VirtIODevice *vdev, const 
uint8_t *config)
 
 static uint32_t virtio_blk_get_features(VirtIODevice *vdev, uint32_t features)
 {
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 
 features |= (1 << VIRTIO_BLK_F_SEG_MAX);
 features |= (1 << VIRTIO_BLK_F_GEOMETRY);
@@ -552,7 +545,7 @@ static uint32_t virtio_blk_get_features(VirtIODevice *vdev, 
uint32_t features)
 
 static void virtio_blk_set_status(VirtIODevice *vdev, uint8_t status)
 {
-VirtIOBlock *s = to_virtio_blk(vdev);
+VirtIOBlock *s = VIRTIO_BLK(vdev);
 uint32_t features;
 
 #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
@@ -573,9 +566,10 @@ static void virtio_blk_set_status(VirtIODevice *vdev, 
uint8_t status)
 static void virtio_blk_save(QEMUFile *f, void *opaque)
 {
 VirtIOBlock *s = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(s);
 VirtIOBlockReq *req = s->rq;
 
-virtio_save(&s->vdev, f);
+virtio_save(vdev, f);
 
 while (req) {
 qemu_put_sbyte(f, 1);
@@ -588,12 +582,13 @@ static void virtio_blk_save(QEMUFile *f, void *opaque)
 static int virtio_blk_load(QEMUFile *f, void *opaque, int version_id)
 {
 VirtIOBlock *s = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(s);
 int ret;
 
 if (version_id != 2)
 return -EINVAL;
 
-ret = virtio_load(&s->vdev, f);
+ret = virtio_load(vdev, f);
 if (ret) {
 return ret;
 }
@@ -615,9 +610,9 @@ static int virtio_blk_load(QEMUFile *f, void *opaque, int 
version_id)
 
 static void virtio_blk_resize(void *opaque)
 {
-VirtIOBlock *s = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
 
-virtio_notify_config(&s->vdev);
+virtio_notify_config(vdev);
 }
 
 static const BlockDevOps virtio_block_ops = {
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
index a040c01..51ac010 100644
--- a/hw/virtio-blk.h
+++ b/hw/virtio-blk.h
@@ -116,7 +116,7 @@ struct VirtIOBlkConf
 };
 
 typedef struct VirtIOBlock {
-VirtIODevice vdev;
+VirtIODevice parent_obj;
 BlockDriverState *bs;
 VirtQueue *vq;
 void *rq;
-- 
1.7.11.7

[Qemu-devel] [PATCH v9 01/10] virtio: make virtio device's structures public.

[fred . konrad]

From: KONRAD Frederic 

These structures must be made public to avoid two memory allocations for
refactored virtio devices.

Signed-off-by: KONRAD Frederic 
Reviewed-by: Andreas Färber 
Reviewed-by: Peter Maydell 

Changes V4 <- V3:
   * Rebased on current git.

Changes V3 <- V2:
* Style correction spotted by Andreas (virtio-scsi.h).
* Style correction for virtio-net.h.

Changes V2 <- V1:
* Move the dataplane include into the header (virtio-blk).
---
 hw/virtio-balloon.c| 15 ---
 hw/virtio-balloon.h| 14 ++
 hw/virtio-blk.c| 20 
 hw/virtio-blk.h| 19 +++
 hw/virtio-net.c| 50 --
 hw/virtio-net.h| 50 ++
 hw/virtio-rng.c| 19 ---
 hw/virtio-rng.h| 19 +++
 hw/virtio-scsi.c   | 15 ---
 hw/virtio-scsi.h   | 16 
 hw/virtio-serial-bus.c | 41 -
 hw/virtio-serial.h | 41 +
 12 files changed, 159 insertions(+), 160 deletions(-)

diff --git a/hw/virtio-balloon.c b/hw/virtio-balloon.c
index 6bfcddc..54a4372 100644
--- a/hw/virtio-balloon.c
+++ b/hw/virtio-balloon.c
@@ -29,21 +29,6 @@
 #include 
 #endif
 
-typedef struct VirtIOBalloon
-{
-VirtIODevice vdev;
-VirtQueue *ivq, *dvq, *svq;
-uint32_t num_pages;
-uint32_t actual;
-uint64_t stats[VIRTIO_BALLOON_S_NR];
-VirtQueueElement stats_vq_elem;
-size_t stats_vq_offset;
-QEMUTimer *stats_timer;
-int64_t stats_last_update;
-int64_t stats_poll_interval;
-DeviceState *qdev;
-} VirtIOBalloon;
-
 static VirtIOBalloon *to_virtio_balloon(VirtIODevice *vdev)
 {
 return (VirtIOBalloon *)vdev;
diff --git a/hw/virtio-balloon.h b/hw/virtio-balloon.h
index f37f31b..b007042 100644
--- a/hw/virtio-balloon.h
+++ b/hw/virtio-balloon.h
@@ -52,4 +52,18 @@ typedef struct VirtIOBalloonStat {
 uint64_t val;
 } QEMU_PACKED VirtIOBalloonStat;
 
+typedef struct VirtIOBalloon {
+VirtIODevice vdev;
+VirtQueue *ivq, *dvq, *svq;
+uint32_t num_pages;
+uint32_t actual;
+uint64_t stats[VIRTIO_BALLOON_S_NR];
+VirtQueueElement stats_vq_elem;
+size_t stats_vq_offset;
+QEMUTimer *stats_timer;
+int64_t stats_last_update;
+int64_t stats_poll_interval;
+DeviceState *qdev;
+} VirtIOBalloon;
+
 #endif
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 6b69236..6714b01 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -17,31 +17,11 @@
 #include "hw/block-common.h"
 #include "sysemu/blockdev.h"
 #include "hw/virtio-blk.h"
-#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-#include "dataplane/virtio-blk.h"
-#endif
 #include "hw/scsi-defs.h"
 #ifdef __linux__
 # include 
 #endif
 
-typedef struct VirtIOBlock
-{
-VirtIODevice vdev;
-BlockDriverState *bs;
-VirtQueue *vq;
-void *rq;
-QEMUBH *bh;
-BlockConf *conf;
-VirtIOBlkConf *blk;
-unsigned short sector_mask;
-DeviceState *qdev;
-VMChangeStateEntry *change;
-#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
-VirtIOBlockDataPlane *dataplane;
-#endif
-} VirtIOBlock;
-
 static VirtIOBlock *to_virtio_blk(VirtIODevice *vdev)
 {
 return (VirtIOBlock *)vdev;
diff --git a/hw/virtio-blk.h b/hw/virtio-blk.h
index 7ef2f35..19ec569 100644
--- a/hw/virtio-blk.h
+++ b/hw/virtio-blk.h
@@ -16,6 +16,9 @@
 
 #include "hw/virtio.h"
 #include "hw/block-common.h"
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+#include "dataplane/virtio-blk.h"
+#endif
 
 /* from Linux's linux/virtio_blk.h */
 
@@ -108,6 +111,22 @@ struct VirtIOBlkConf
 uint32_t data_plane;
 };
 
+typedef struct VirtIOBlock {
+VirtIODevice vdev;
+BlockDriverState *bs;
+VirtQueue *vq;
+void *rq;
+QEMUBH *bh;
+BlockConf *conf;
+VirtIOBlkConf *blk;
+unsigned short sector_mask;
+DeviceState *qdev;
+VMChangeStateEntry *change;
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+VirtIOBlockDataPlane *dataplane;
+#endif
+} VirtIOBlock;
+
 #define DEFINE_VIRTIO_BLK_FEATURES(_state, _field) \
 DEFINE_VIRTIO_COMMON_FEATURES(_state, _field)
 
diff --git a/hw/virtio-net.c b/hw/virtio-net.c
index 8c9d871..4bb49eb 100644
--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
@@ -26,56 +26,6 @@
 #define MAC_TABLE_ENTRIES64
 #define MAX_VLAN(1 << 12)   /* Per 802.1Q definition */
 
-typedef struct VirtIONetQueue {
-VirtQueue *rx_vq;
-VirtQueue *tx_vq;
-QEMUTimer *tx_timer;
-QEMUBH *tx_bh;
-int tx_waiting;
-struct {
-VirtQueueElement elem;
-ssize_t len;
-} async_tx;
-struct VirtIONet *n;
-} VirtIONetQueue;
-
-typedef struct VirtIONet
-{
-VirtIODevice vdev;
-uint8_t mac[ETH_ALEN];
-uint16_t status;
-VirtIONetQueue *vqs;
-VirtQueue *ctrl_vq;
-NICState *nic;
-uint32_t tx_timeout;
-int32_t tx_burst;
-uint32_t has_vnet_hdr;
-size_t host_hdr_l

[Qemu-devel] [PATCH v9 00/10] virtio-blk refactoring.

[fred . konrad]

From: KONRAD Frederic 

This is the next part of virtio-refactoring.

Basically it creates virtio-blk device which extends virtio-device.
Then a virtio-blk can be connected on a virtio-bus.
virtio-blk-pci, virtio-blk-s390x, virtio-blk-ccw are created too, they extend
respectively virtio-pci, virtio-s390-device, virtio-ccw-device and have a
virtio-blk.

You can checkout my branch here:

git://project.greensocs.com/qemu-virtio.git virtio-blk-v9

I made basic tests (with linux guests) on:
 * qemu-system-i386
 * qemu-system-s390x

Cornelia made virtio-ccw test, and Stefan tried dataplane.

Changes v8 -> v9:
* Fix the hot unplug issue spotted by Cornelia.
Changes v7 -> v8:
* Fix the allow_hotplug assertion spotted by Anthony.
* Attached the make virtio device's structures public (v4).
Changes v6 -> v7:
* Fix the DEFINE_VIRTIO_BLK_PROPERTIES macro issue spotted by Peter.

Thanks,

Fred

KONRAD Frederic (10):
  virtio: make virtio device's structures public.
  virtio-x-bus: fix allow_hotplug assertion.
  virtio-blk: don't use pointer for configuration.
  virtio-blk: add the virtio-blk device.
  virtio-blk-pci: switch to new API.
  virtio-blk-s390: switch to the new API.
  virtio-blk-ccw switch to new API.
  virtio-blk: cleanup: init and exit functions.
  virtio-blk: cleanup: QOM cast
  virtio-blk: cleanup: remove qdev field.

 hw/s390x/s390-virtio-bus.c |  32 ++
 hw/s390x/s390-virtio-bus.h |  13 +++-
 hw/s390x/virtio-ccw.c  |  35 ++-
 hw/s390x/virtio-ccw.h  |  14 -
 hw/virtio-balloon.c|  15 -
 hw/virtio-balloon.h|  14 +
 hw/virtio-blk.c| 151 +
 hw/virtio-blk.h|  39 
 hw/virtio-net.c|  50 ---
 hw/virtio-net.h|  50 +++
 hw/virtio-pci.c| 129 +-
 hw/virtio-pci.h|  15 -
 hw/virtio-rng.c|  19 --
 hw/virtio-rng.h|  19 ++
 hw/virtio-scsi.c   |  15 -
 hw/virtio-scsi.h   |  16 +
 hw/virtio-serial-bus.c |  41 
 hw/virtio-serial.h |  41 
 hw/virtio.h|   2 -
 19 files changed, 400 insertions(+), 310 deletions(-)

-- 
1.7.11.7

[Qemu-devel] [PATCH v9 02/10] virtio-x-bus: fix allow_hotplug assertion.

[fred . konrad]

From: KONRAD Frederic 

This set allow_hotplug for each existing virtio-x-bus, allowing the
refactored devices to be hot pluggable.

Signed-off-by: KONRAD Frederic 
---
 hw/s390x/s390-virtio-bus.c | 2 +-
 hw/s390x/virtio-ccw.c  | 2 +-
 hw/virtio-pci.c| 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio-bus.c b/hw/s390x/s390-virtio-bus.c
index d9b7f83..8d4fd72 100644
--- a/hw/s390x/s390-virtio-bus.c
+++ b/hw/s390x/s390-virtio-bus.c
@@ -588,7 +588,7 @@ void virtio_s390_bus_new(VirtioBusState *bus, 
VirtIOS390Device *dev)
 BusState *qbus;
 qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_S390_BUS, qdev, NULL);
 qbus = BUS(bus);
-qbus->allow_hotplug = 0;
+qbus->allow_hotplug = 1;
 }
 
 static void virtio_s390_bus_class_init(ObjectClass *klass, void *data)
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d4361f6..d80de67 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -982,7 +982,7 @@ void virtio_ccw_bus_new(VirtioBusState *bus, 
VirtioCcwDevice *dev)
 
 qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_CCW_BUS, qdev, NULL);
 qbus = BUS(bus);
-qbus->allow_hotplug = 0;
+qbus->allow_hotplug = 1;
 }
 
 static void virtio_ccw_bus_class_init(ObjectClass *klass, void *data)
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index 39c1966..c795cc6 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -1484,7 +1484,7 @@ void virtio_pci_bus_new(VirtioBusState *bus, 
VirtIOPCIProxy *dev)
 BusState *qbus;
 qbus_create_inplace((BusState *)bus, TYPE_VIRTIO_PCI_BUS, qdev, NULL);
 qbus = BUS(bus);
-qbus->allow_hotplug = 0;
+qbus->allow_hotplug = 1;
 }
 
 static void virtio_pci_bus_class_init(ObjectClass *klass, void *data)
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH 2/2] qga schema: document generic QERR_UNSUPPORTED

[mdroth]

On Fri, Mar 15, 2013 at 07:07:51PM +0100, Laszlo Ersek wrote:
> Part of the wording was shamelessly stolen from Michael Roth's email.

:)

series:

Reviewed-by: Michael Roth 

> 
> Suggested-by: Michael Roth 
> Signed-off-by: Laszlo Ersek 
> ---
>  qga/qapi-schema.json |   11 +++
>  1 files changed, 11 insertions(+), 0 deletions(-)
> 
> diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
> index 2af3515..7155b7a 100644
> --- a/qga/qapi-schema.json
> +++ b/qga/qapi-schema.json
> @@ -2,6 +2,17 @@
> 
>  ##
>  #
> +# General note concerning the use of guest agent interfaces:
> +#
> +# "unsupported" is a higher-level error than the errors that individual
> +# commands might document. The caller should always be prepared to receive
> +# QERR_UNSUPPORTED, even if the given command doesn't specify it, or doesn't
> +# document any failure mode at all.
> +#
> +##
> +
> +##
> +#
>  # Echo back a unique integer value, and prepend to response a
>  # leading sentinel byte (0xFF) the client can check scan for.
>  #
> -- 
> 1.7.1
> 

Re: [Qemu-devel] [RFC PATCH] qemu-socket: Use local error variable

[Laszlo Ersek]

On 03/15/13 18:55, Kevin Wolf wrote:

> However this won't be the last time that I have to deal with an Error
> object, so I thought I'd check what is good practice. Seems no such
> thing has established yet, which is an answer, even though not the one I
> was hoping for.

What I've gathered from discussions with Luiz and Markus, there is
indeed no official Error*-handling-style.

FWIW personally I think that my suggestion was quite close to a good
(I'd even hazard "elegant") approach. I did notice that it would look
terrible in the function at hand if applied directly (I actually started
to code it up as an "illustrative patch"). For the emergent fugliness I
blamed inet_connect_opts()'s current structure (several exit points,
transfer of ownership without documentation, etc).

So for the illustration I would have had to restructure the function.
That in turn would have depended on me understanding the non-trivial
life cycle (ownership) of "connect_state" / "res" under the different
return conditions. (That is, when we bail out due to "in progress", the
"connect_state" and the rest of the addrinfo list is:
- either referenced elsewhere,
- or freed,
- or leaked currently.)

I didn't (don't) have time/energy for that -- my bad.

In general, murky ownership transfers seem to be characteristic of qemu.
When a function allocates dynamic memory, it should:
(1) either free it unconditionally (temp working space),
(2) free it on error, return it on success (constructor),
(3) transfer the ownership by function call (huge comment or telling
function name). This includes any refcount increments by the callee.

... The function name "inet_connect_addr" tells us nothing about
qemu_set_fd_handler2() transferring the ownership of "connect_state"
(and the off-hanging addrinfo list) to the global "io_handlers".

inet_connect_opts
  inet_connect_addr
qemu_set_fd_handler2
  ownership transfer in one case
  release stuff in two other cases

Thanks,
Laszlo

[Qemu-devel] [RFC PATCH] vga: Start supporting resolution not multiple of 16 correctly.

[Frediano Ziglio]

Modern notebook support 136x768 resolution. The resolution width is
not multiple of 16 causing some problems.

Qemu VGA emulation require width resolution to be multiple of 8.

VNC implementation require width resolution to be multiple of 16.

This patch remove these limits. Was tested with a Windows machine with
standard vga and 1366x768 as resolution. I had to update vgabios as
version in qemu (pc-bios/vgabios-stdvga.bin) is quite old. I also had
to add some patches on top of VGABIOS 0.7a to add some new
resolutions.

I have some doubt about this patch
- are other UI (sdl, cocoa, qxl) happy if resolution is not multiple of 16 ?
- scanline is computed exactly without any alignment (so 1366 8 bit is
1366 bytes) while getting vesa information from a laptop it seems to
use some kind of alignment (if became 0x580 which is 1408 bytes).
Perhaps should I change either VGABIOS and Qemu to make this
alignment?

Signed-off-by: Frediano Ziglio 

---
 hw/vga.c |2 +-
 ui/vnc.c |   27 +--
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/hw/vga.c b/hw/vga.c
index 1caf23d..d229f06 100644
--- a/hw/vga.c
+++ b/hw/vga.c
@@ -651,7 +651,7 @@ void vbe_ioport_write_data(void *opaque, uint32_t
addr, uint32_t val)
 }
 break;
 case VBE_DISPI_INDEX_XRES:
-if ((val <= VBE_DISPI_MAX_XRES) && ((val & 7) == 0)) {
+if ((val <= VBE_DISPI_MAX_XRES) && ((val & 1) == 0)) {
 s->vbe_regs[s->vbe_index] = val;
 }
 break;
diff --git a/ui/vnc.c b/ui/vnc.c
index ff4e2ae..328d14d 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -907,26 +907,27 @@ static int vnc_update_client(VncState *vs, int has_dirty)
 for (y = 0; y < height; y++) {
 int x;
 int last_x = -1;
-for (x = 0; x < width / 16; x++) {
-if (test_and_clear_bit(x, vs->dirty[y])) {
+for (x = 0; x < width; x += 16) {
+if (test_and_clear_bit(x/16, vs->dirty[y])) {
 if (last_x == -1) {
 last_x = x;
 }
 } else {
 if (last_x != -1) {
-int h = find_and_clear_dirty_height(vs, y, last_x, x,
+int h = find_and_clear_dirty_height(vs, y,
last_x/16, x/16,
 height);

-n += vnc_job_add_rect(job, last_x * 16, y,
-  (x - last_x) * 16, h);
+n += vnc_job_add_rect(job, last_x, y,
+  (x - last_x), h);
 }
 last_x = -1;
 }
 }
 if (last_x != -1) {
-int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
-n += vnc_job_add_rect(job, last_x * 16, y,
-  (x - last_x) * 16, h);
+int h = find_and_clear_dirty_height(vs, y, last_x/16,
x/16, height);
+if (x > width) x = width;
+n += vnc_job_add_rect(job, last_x, y,
+  (x - last_x), h);
 }
 }

@@ -1771,7 +1772,7 @@ static void framebuffer_update_request(VncState
*vs, int incremental,
int w, int h)
 {
 int i;
-const size_t width = ds_get_width(vs->ds) / 16;
+const size_t width = (ds_get_width(vs->ds)+15) / 16;

 if (y_position > ds_get_height(vs->ds))
 y_position = ds_get_height(vs->ds);
@@ -2595,10 +2596,6 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
  * Check and copy modified bits from guest to server surface.
  * Update server dirty map.
  */
-cmp_bytes = 64;
-if (cmp_bytes > vnc_server_fb_stride(vd)) {
-cmp_bytes = vnc_server_fb_stride(vd);
-}
 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
 int width = pixman_image_get_width(vd->server);
 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
@@ -2619,8 +2616,10 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
 }
 server_ptr = server_row;

-for (x = 0; x + 15 < width;
+cmp_bytes = 64;
+for (x = 0; x < width;
 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
+if (width - x < 16) cmp_bytes = 4 * (width - x);
 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
 continue;
 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH 0/2] documentation fixups for the qga schema

[Eric Blake]

On 03/15/2013 12:07 PM, Laszlo Ersek wrote:
> Laszlo Ersek (2):
>   qga schema: mark optional GuestLogicalProcessor.can-offline with
> #optional
>   qga schema: document generic QERR_UNSUPPORTED
> 
>  qga/qapi-schema.json |   18 +++---
>  1 files changed, 15 insertions(+), 3 deletions(-)

Series: Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 1/2] qga schema: mark optional GuestLogicalProcessor.can-offline with #optional

[Laszlo Ersek]

Suggested-by: Eric Blake 
Signed-off-by: Laszlo Ersek 
---
 qga/qapi-schema.json |7 ---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index dac4e6f..2af3515 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -562,9 +562,10 @@
 #
 # @online: Whether the VCPU is enabled.
 #
-# @can-offline: Whether offlining the VCPU is possible. This member is always
-#   filled in by the guest agent when the structure is returned,
-#   and always ignored on input (hence it can be omitted then).
+# @can-offline: #optional Whether offlining the VCPU is possible. This member
+#   is always filled in by the guest agent when the structure is
+#   returned, and always ignored on input (hence it can be omitted
+#   then).
 #
 # Since: 1.5
 ##
-- 
1.7.1

[Qemu-devel] [PATCH 15/17] xilinx_spips: Fix bus setup conditional check

[Peter Maydell]

From: Nathan Rossi 

The R_LQPSI_CFG register has the LQSPI_CFG_SEP_BUS and LQSPI_CFG_TWO_MEM bits.

Signed-off-by: Nathan Rossi 
Signed-off-by: Peter Crosthwaite 
Message-id: 
d76c8e364c80a42352ae4f0661aff2cd17ad32a4.1362373359.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/xilinx_spips.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 853f4e0..efa1449 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -143,8 +143,8 @@ typedef struct {
 
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
-return (s->regs[R_LQSPI_STS] & LQSPI_CFG_SEP_BUS &&
-s->regs[R_LQSPI_STS] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
+return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
+s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
 }
 
 static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
-- 
1.7.9.5

[Qemu-devel] [PATCH 2/2] qga schema: document generic QERR_UNSUPPORTED

[Laszlo Ersek]

Part of the wording was shamelessly stolen from Michael Roth's email.

Suggested-by: Michael Roth 
Signed-off-by: Laszlo Ersek 
---
 qga/qapi-schema.json |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 2af3515..7155b7a 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -2,6 +2,17 @@
 
 ##
 #
+# General note concerning the use of guest agent interfaces:
+#
+# "unsupported" is a higher-level error than the errors that individual
+# commands might document. The caller should always be prepared to receive
+# QERR_UNSUPPORTED, even if the given command doesn't specify it, or doesn't
+# document any failure mode at all.
+#
+##
+
+##
+#
 # Echo back a unique integer value, and prepend to response a
 # leading sentinel byte (0xFF) the client can check scan for.
 #
-- 
1.7.1

[Qemu-devel] [PATCH 0/2] documentation fixups for the qga schema

[Laszlo Ersek]

Laszlo Ersek (2):
  qga schema: mark optional GuestLogicalProcessor.can-offline with
#optional
  qga schema: document generic QERR_UNSUPPORTED

 qga/qapi-schema.json |   18 +++---
 1 files changed, 15 insertions(+), 3 deletions(-)

[Qemu-devel] [PATCH] target-mips: fix rndrashift_short_acc and code for EXTR_ instructions

[Petar Jovanovic]

From: Petar Jovanovic 

Fix for rndrashift_short_acc to set correct value to higher 64 bits.
This change also corrects conditions when bit 23 of the DSPControl register
is set.

The existing test files have been extended with several examples that
trigger the issues. One bug/example in the test file for EXTR_RS_W has been
found and reported by Klaus Peichl.

Signed-off-by: Petar Jovanovic 
---
 target-mips/dsp_helper.c  |   23 +++--
 tests/tcg/mips/mips32-dsp/extr_r_w.c  |   23 +
 tests/tcg/mips/mips32-dsp/extr_rs_w.c |   46 +
 tests/tcg/mips/mips32-dsp/extr_w.c|   23 +
 4 files changed, 101 insertions(+), 14 deletions(-)

diff --git a/target-mips/dsp_helper.c b/target-mips/dsp_helper.c
index 472be35..c7df595 100644
--- a/target-mips/dsp_helper.c
+++ b/target-mips/dsp_helper.c
@@ -517,13 +517,8 @@ static inline void mipsdsp_rndrashift_short_acc(int64_t *p,
 
 acc = ((int64_t)env->active_tc.HI[ac] << 32) |
   ((int64_t)env->active_tc.LO[ac] & 0x);
-if (shift == 0) {
-p[0] = acc << 1;
-p[1] = (acc >> 63) & 0x01;
-} else {
-p[0] = acc >> (shift - 1);
-p[1] = 0;
-}
+p[0] = (shift == 0) ? (acc << 1) : (acc >> (shift - 1));
+p[1] = (acc >> 63) & 0x01;
 }
 
 /* 128 bits long. p[0] is LO, p[1] is HI */
@@ -3161,8 +3156,8 @@ target_ulong helper_extr_w(target_ulong ac, target_ulong 
shift,
 tempDL[1] += 1;
 }
 
-if ((!(tempDL[1] == 0 && (tempDL[0] & MIPSDSP_LHI) == 0x00)) &&
-(!(tempDL[1] == 1 && (tempDL[0] & MIPSDSP_LHI) == MIPSDSP_LHI))) {
+if (((tempDL[1] & 0x01) != 0 || (tempDL[0] & MIPSDSP_LHI) != 0) &&
+((tempDL[1] & 0x01) != 1 || (tempDL[0] & MIPSDSP_LHI) != MIPSDSP_LHI)) 
{
 set_DSPControl_overflow_flag(1, 23, env);
 }
 
@@ -3187,8 +3182,8 @@ target_ulong helper_extr_r_w(target_ulong ac, 
target_ulong shift,
 tempDL[1] += 1;
 }
 
-if ((tempDL[1] != 0 || (tempDL[0] & MIPSDSP_LHI) != 0) &&
-(tempDL[1] != 1 && (tempDL[0] & MIPSDSP_LHI) != MIPSDSP_LHI)) {
+if (((tempDL[1] & 0x01) != 0 || (tempDL[0] & MIPSDSP_LHI) != 0) &&
+((tempDL[1] & 0x01) != 1 || (tempDL[0] & MIPSDSP_LHI) != MIPSDSP_LHI)) 
{
 set_DSPControl_overflow_flag(1, 23, env);
 }
 
@@ -3214,9 +3209,9 @@ target_ulong helper_extr_rs_w(target_ulong ac, 
target_ulong shift,
 }
 tempI = tempDL[0] >> 1;
 
-if ((tempDL[1] != 0 || (tempDL[0] & MIPSDSP_LHI) != 0) &&
-(tempDL[1] != 1 || (tempDL[0] & MIPSDSP_LHI) != MIPSDSP_LHI)) {
-temp64 = tempDL[1];
+if (((tempDL[1] & 0x01) != 0 || (tempDL[0] & MIPSDSP_LHI) != 0) &&
+((tempDL[1] & 0x01) != 1 || (tempDL[0] & MIPSDSP_LHI) != MIPSDSP_LHI)) 
{
+temp64 = tempDL[1] & 0x01;
 if (temp64 == 0) {
 tempI = 0x7FFF;
 } else {
diff --git a/tests/tcg/mips/mips32-dsp/extr_r_w.c 
b/tests/tcg/mips/mips32-dsp/extr_r_w.c
index 02e0224..489c193 100644
--- a/tests/tcg/mips/mips32-dsp/extr_r_w.c
+++ b/tests/tcg/mips/mips32-dsp/extr_r_w.c
@@ -67,5 +67,28 @@ int main()
 assert(dsp == 0);
 assert(result == rt);
 
+/* Clear dspcontrol */
+dsp = 0;
+__asm
+("wrdsp %0\n\t"
+ :
+ : "r"(dsp)
+);
+
+ach = 0x;
+acl = 0x;
+result = 0;
+__asm
+("mthi %2, $ac1\n\t"
+ "mtlo %3, $ac1\n\t"
+ "extr_r.w %0, $ac1, 0x1F\n\t"
+ "rddsp %1\n\t"
+ : "=r"(rt), "=r"(dsp)
+ : "r"(ach), "r"(acl)
+ );
+dsp = (dsp >> 23) & 0x01;
+assert(dsp == 0);
+assert(result == rt);
+
 return 0;
 }
diff --git a/tests/tcg/mips/mips32-dsp/extr_rs_w.c 
b/tests/tcg/mips/mips32-dsp/extr_rs_w.c
index c3a22ee..f9d2ed6 100644
--- a/tests/tcg/mips/mips32-dsp/extr_rs_w.c
+++ b/tests/tcg/mips/mips32-dsp/extr_rs_w.c
@@ -67,5 +67,51 @@ int main()
 assert(dsp == 0);
 assert(result == rt);
 
+/* Clear dspcontrol */
+dsp = 0;
+__asm
+("wrdsp %0\n\t"
+ :
+ : "r"(dsp)
+);
+
+ach = 0x8000;
+acl = 0x;
+result = 0x8000;
+__asm
+("mthi %2, $ac1\n\t"
+ "mtlo %3, $ac1\n\t"
+ "extr_rs.w %0, $ac1, 0x1F\n\t"
+ "rddsp %1\n\t"
+ : "=r"(rt), "=r"(dsp)
+ : "r"(ach), "r"(acl)
+);
+dsp = (dsp >> 23) & 0x01;
+assert(dsp == 1);
+assert(result == rt);
+
+/* Clear dspcontrol */
+dsp = 0;
+__asm
+("wrdsp %0\n\t"
+ :
+ : "r"(dsp)
+);
+
+ach = 0x;
+acl = 0x;
+result = 0;
+__asm
+("mthi %2, $ac1\n\t"
+ "mtlo %3, $ac1\n\t"
+ "extr_rs.w %0, $ac1, 0x1F\n\t"
+ "rddsp %1\n\t"
+ : "=r"(rt), "=r"(dsp)
+ : "r"(ach), "r"(acl)
+ );
+dsp = (dsp >> 23) & 0x01;
+assert(dsp == 0);
+assert(result == rt);
+
 return 0;
 }
diff --git a/tests/tcg/mips/

Re: [Qemu-devel] [RFC PATCH] qemu-socket: Use local error variable

[Kevin Wolf]

Am 15.03.2013 um 17:55 hat Laszlo Ersek geschrieben:
> On 03/15/13 09:37, Kevin Wolf wrote:
> > Am 14.03.2013 um 16:52 hat Laszlo Ersek geschrieben:
> >> On 03/14/13 15:57, Kevin Wolf wrote:
> >>> Signed-off-by: Kevin Wolf 
> >>> ---
> >>> After rebasing this I saw that Anthony already committed a fix that is
> >>> very close to my v1. I don't intend to actually change that code, but as
> >>> I've already done this, just for comparison what it would look like with
> >>> error propagation. Is this what you meant? I find the result more
> >>> confusing, to be honest.
> >>
> >> I think what I had in mind was:
> >> - I was okay with the logic change you suggested in your v1, just
> >> - turn *errp accesses into local_err accesses,
> >> - when returning, propagate the latter to the former.
> >>
> >> The logic seemed OK, I just suggested to keep the massage internal to
> >> the function, only try to propagate it outwards at return time. IOW,
> >> never read *errp.
> > 
> > So you would have used my local_err, but not ret_err?
> 
> Something like that, yes.
> 
> > I don't think that
> > would make it much better,
> 
> Not contesting that ;)
> 
> > ret_err is actually the nice part.
> 
> Anyway I'm not feeling strongly about this and I don't want to waste
> your time with it. It was just a note in passing. (... Which I should
> probably refrain from, lest I waste people's time.)

I'm not going to change this instance anyway now that Anthony pushed his
own fix instead of mine.

However this won't be the last time that I have to deal with an Error
object, so I thought I'd check what is good practice. Seems no such
thing has established yet, which is an answer, even though not the one I
was hoping for.

Kevin

Re: [Qemu-devel] [PATCH] QMP: TPM QMP and man page documentation updates

[Eric Blake]

On 03/15/2013 11:17 AM, Corey Bryant wrote:
> Signed-off-by: Corey Bryant 
> ---
>  qemu-options.hx |  3 ++-
>  qmp-commands.hx | 59 
> +
>  2 files changed, 61 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH build-breaker] qga/main.c: Don't use g_key_file_get/set_int64

[Anthony Liguori]

Applied.  Thanks.

Regards,

Anthony Liguori

[Qemu-devel] [PATCH 03/17] hw/arm_sysctl: Implement SYS_CFG_MUXFPGA writes as a no-op

[Peter Maydell]

SYS_CFG_MUXFPGA allows the guest to select whether the
video output should come from the motherboard's LCD
controller or the daughterboard's one. Since QEMU doesn't
currently support selecting the video output like this,
implement as a no-op, so Linux doesn't complain about
the register not being implemented.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |   11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index 05a3200..a6e5ed4 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -272,6 +272,17 @@ static bool vexpress_cfgctrl_write(arm_sysctl_state *s, 
unsigned int dcc,
 }
 
 switch (function) {
+case SYS_CFG_MUXFPGA:
+if (site == SYS_CFG_SITE_MB && device == 0) {
+/* Select whether video output comes from motherboard
+ * or daughterboard: log and ignore as QEMU doesn't
+ * support this.
+ */
+qemu_log_mask(LOG_UNIMP, "arm_sysctl: selection of video output "
+  "not supported, ignoring\n");
+return true;
+}
+break;
 case SYS_CFG_SHUTDOWN:
 if (site == SYS_CFG_SITE_MB && device == 0) {
 qemu_system_shutdown_request();
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 08/28] qcow2: Allow lazy refcounts to be enabled on the command line

[Anthony Liguori]

Paolo Bonzini  writes:

> Il 15/03/2013 16:14, Stefan Hajnoczi ha scritto:
>> From: Kevin Wolf 
>> 
>> qcow2 images now accept a boolean lazy_refcounts options. Use it like
>> this:
>> 
>>   -drive file=test.qcow2,lazy_refcounts=on
>> 
>> If the option is specified on the command line, it overrides the default
>> specified by the qcow2 header flags that were set when creating the
>> image.
>> 
>> Signed-off-by: Kevin Wolf 
>> Reviewed-by: Eric Blake 
>> Reviewed-by: Stefan Hajnoczi 
>> Signed-off-by: Stefan Hajnoczi 
>> ---
>>  block/qcow2-cluster.c |  2 +-
>>  block/qcow2.c | 37 +
>>  block/qcow2.h |  1 +
>>  3 files changed, 39 insertions(+), 1 deletion(-)
>> 
>> diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
>> index 56fccf9..ff9ae18 100644
>> --- a/block/qcow2-cluster.c
>> +++ b/block/qcow2-cluster.c
>> @@ -668,7 +668,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, 
>> QCowL2Meta *m)
>>  }
>>  
>>  /* Update L2 table. */
>> -if (s->compatible_features & QCOW2_COMPAT_LAZY_REFCOUNTS) {
>> +if (s->use_lazy_refcounts) {
>>  qcow2_mark_dirty(bs);
>>  }
>>  if (qcow2_need_accurate_refcounts(s)) {
>> diff --git a/block/qcow2.c b/block/qcow2.c
>> index f5e4269..ad43a13 100644
>> --- a/block/qcow2.c
>> +++ b/block/qcow2.c
>> @@ -285,11 +285,26 @@ static int qcow2_check(BlockDriverState *bs, 
>> BdrvCheckResult *result,
>>  return ret;
>>  }
>>  
>> +static QemuOptsList qcow2_runtime_opts = {
>> +.name = "qcow2",
>> +.head = QTAILQ_HEAD_INITIALIZER(qcow2_runtime_opts.head),
>> +.desc = {
>> +{
>> +.name = "lazy_refcounts",
>> +.type = QEMU_OPT_BOOL,
>> +.help = "Postpone refcount updates",
>> +},
>> +{ /* end of list */ }
>> +},
>> +};
>> +
>>  static int qcow2_open(BlockDriverState *bs, QDict *options, int flags)
>>  {
>>  BDRVQcowState *s = bs->opaque;
>>  int len, i, ret = 0;
>>  QCowHeader header;
>> +QemuOpts *opts;
>> +Error *local_err = NULL;
>>  uint64_t ext_end;
>>  
>>  ret = bdrv_pread(bs->file, 0, &header, sizeof(header));
>> @@ -495,6 +510,28 @@ static int qcow2_open(BlockDriverState *bs, QDict 
>> *options, int flags)
>>  }
>>  }
>>  
>> +/* Enable lazy_refcounts according to image and command line options */
>> +opts = qemu_opts_create_nofail(&qcow2_runtime_opts);
>> +qemu_opts_absorb_qdict(opts, options, &local_err);
>
> This breaks migration with qcow2 images:

I already processed the pull unfortunately.  I'm going to be offline for
most of the weekend but if there's a patch in the next hour to revert or
fix I can apply it.

Regards,

Anthony Liguori

>
> Program received signal SIGSEGV, Segmentation fault.
> qdict_next_entry (first_bucket=0, qdict=0x0) at 
> /home/pbonzini/work/upstream/qemu/qobject/qdict.c:371
> 371   if (!QLIST_EMPTY(&qdict->table[i])) {
> (gdb) up
> #1  qdict_first (qdict=qdict@entry=0x0) at 
> /home/pbonzini/work/upstream/qemu/qobject/qdict.c:384
> 384   return qdict_next_entry(qdict, 0);
> (gdb) 
> #2  0x7fb8edf75ae6 in qemu_opts_absorb_qdict 
> (opts=opts@entry=0x7fb8f0651740, qdict=qdict@entry=0x0, 
> errp=errp@entry=0x7fb8edc36e80)
> at /home/pbonzini/work/upstream/qemu/util/qemu-option.c:1078
> 1078  entry = qdict_first(qdict);
> (gdb) 
> #3  0x7fb8edd15074 in qcow2_open (bs=0x7fb8f041b800, options=0x0, 
> flags=) at /home/pbonzini/work/upstream/qemu/block/qcow2.c:515
> 515   qemu_opts_absorb_qdict(opts, options, &local_err);
> (gdb) 
> #4  0x7fb8edd00352 in bdrv_invalidate_cache (bs=0x7fb8f041b800) at 
> /home/pbonzini/work/upstream/qemu/block.c:4192
> 4192  bs->drv->bdrv_invalidate_cache(bs);
>
> Paolo
>
>> +if (error_is_set(&local_err)) {
>> +qerror_report_err(local_err);
>> +error_free(local_err);
>> +ret = -EINVAL;
>> +goto fail;
>> +}
>> +
>> +s->use_lazy_refcounts = qemu_opt_get_bool(opts, "lazy_refcounts",
>> +(s->compatible_features & QCOW2_COMPAT_LAZY_REFCOUNTS));
>> +
>> +qemu_opts_del(opts);
>> +
>> +if (s->use_lazy_refcounts && s->qcow_version < 3) {
>> +qerror_report(ERROR_CLASS_GENERIC_ERROR, "Lazy refcounts require "
>> +"a qcow2 image with at least qemu 1.1 compatibility level");
>> +ret = -EINVAL;
>> +goto fail;
>> +}
>> +
>>  #ifdef DEBUG_ALLOC
>>  {
>>  BdrvCheckResult result = {0};
>> diff --git a/block/qcow2.h b/block/qcow2.h
>> index 718b52b..103abdb 100644
>> --- a/block/qcow2.h
>> +++ b/block/qcow2.h
>> @@ -173,6 +173,7 @@ typedef struct BDRVQcowState {
>>  
>>  int flags;
>>  int qcow_version;
>> +bool use_lazy_refcounts;
>>  
>>  uint64_t incompatible_features;
>>  uint64_t compatible_features;
>> 

Re: [Qemu-devel] [PATCH] pseries: Fix breakage in CPU QOM conversion

[Andreas Färber]

Am 15.03.2013 04:59, schrieb David Gibson:
> Commit 259186a7d2f7184efc96ae99bc5658e6159f53ad "cpu: Move halted and
> interrupt_request fields to CPUState" broke the pseries machine.  That's
> because it uses CPU() instead of ENV_GET_CPU() to convert from the global
> first_cpu pointer (still a CPUArchState) to a CPUState.  This patch fixes
> the breakage.
> 
> Cc: Andreas Färber 
> Signed-off-by: David Gibson 
> ---
>  hw/ppc/spapr.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0c51d04..b776d34 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -645,7 +645,7 @@ static void ppc_spapr_reset(void)
> spapr->rtas_size);
>  
>  /* Set up the entry state */
> -first_cpu_cpu = CPU(first_cpu);
> +first_cpu_cpu = ENV_GET_CPU(first_cpu);
>  first_cpu->gpr[3] = spapr->fdt_addr;
>  first_cpu->gpr[5] = 0;
>  first_cpu_cpu->halted = 0;

Oops,

Acked-by: Andreas Färber 

Did you check the commit if there's more instances of that bug?

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH] hw/arm/nseries: don't print to stdout or stderr

[Peter Maydell]

Remove various bits of printing to stdout or stderr from the
nseries code, replacing it with a qemu log message where there's
an appropriate log category, and just dropping the output for
some of the more debug-like printing.

In particular, this will get rid of the 'mipid_reset' message
you currently get from 'make check'.

Signed-off-by: Peter Maydell 
---
None of the printing I deleted seemed important enough to be worth
trying to retain as a trace event. I'm open to argument if anybody
genuinely uses it, though.

 hw/arm/nseries.c |   18 +-
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index c5bf9f9..25458d8 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -129,8 +129,6 @@ static void n800_mmc_cs_cb(void *opaque, int line, int 
level)
 /* TODO: this seems to actually be connected to the menelaus, to
  * which also both MMC slots connect.  */
 omap_mmc_enable((struct omap_mmc_s *) opaque, !level);
-
-printf("%s: MMC slot %i active\n", __FUNCTION__, level + 1);
 }
 
 static void n8x0_gpio_setup(struct n800_s *s)
@@ -428,9 +426,6 @@ struct mipid_s {
 
 static void mipid_reset(struct mipid_s *s)
 {
-if (!s->sleep)
-fprintf(stderr, "%s: Display off\n", __FUNCTION__);
-
 s->pm = 0;
 s->cmd = 0;
 
@@ -578,11 +573,9 @@ static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int 
len)
 
 case 0x28: /* DISPOFF */
 s->onoff = 0;
-fprintf(stderr, "%s: Display off\n", __FUNCTION__);
 break;
 case 0x29: /* DISPON */
 s->onoff = 1;
-fprintf(stderr, "%s: Display on\n", __FUNCTION__);
 break;
 
 case 0x2a: /* CASET */
@@ -669,7 +662,8 @@ static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int 
len)
 
 default:
 bad_cmd:
-fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, s->cmd);
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: unknown command %02x\n", __func__, s->cmd);
 break;
 }
 
@@ -1348,7 +1342,6 @@ static void n8x0_init(QEMUMachineInitArgs *args,
 
 if (option_rom[0].name &&
 (args->boot_device[0] == 'n' || !args->kernel_filename)) {
-int rom_size;
 uint8_t nolo_tags[0x1];
 /* No, wait, better start at the ROM.  */
 s->mpu->cpu->env.regs[15] = OMAP2_Q2_BASE + 0x40;
@@ -1362,10 +1355,9 @@ static void n8x0_init(QEMUMachineInitArgs *args,
  *
  * The code above is for loading the `zImage' file from Nokia
  * images.  */
-rom_size = load_image_targphys(option_rom[0].name,
-   OMAP2_Q2_BASE + 0x40,
-   sdram_size - 0x40);
-printf("%i bytes of image loaded\n", rom_size);
+load_image_targphys(option_rom[0].name,
+OMAP2_Q2_BASE + 0x40,
+sdram_size - 0x40);
 
 n800_setup_nolo_tags(nolo_tags);
 cpu_physical_memory_write(OMAP2_SRAM_BASE, nolo_tags, 0x1);
-- 
1.7.9.5

[Qemu-devel] [PATCH 09/17] hw/arm_sysctl: Implement SYS_CFG_OSC function

[Peter Maydell]

Implement the SYS_CFG_OSC function. Since the idea of
programmable clock rates doesn't make much sense for QEMU,
we simply allow the clock rate to be read back as written.
The number and value of the daughterboard oscillators varies
between daughterboards, so we provide an array property to
allow their reset values to be configured.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |   57 ++-
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index e2f00d3..25fc6ea 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -35,13 +35,17 @@ typedef struct {
 uint32_t sys_cfgctrl;
 uint32_t sys_cfgstat;
 uint32_t sys_clcd;
+uint32_t mb_clock[6];
+uint32_t *db_clock;
 uint32_t db_num_vsensors;
 uint32_t *db_voltage;
+uint32_t db_num_clocks;
+uint32_t *db_clock_reset;
 } arm_sysctl_state;
 
 static const VMStateDescription vmstate_arm_sysctl = {
 .name = "realview_sysctl",
-.version_id = 3,
+.version_id = 4,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(leds, arm_sysctl_state),
@@ -56,6 +60,9 @@ static const VMStateDescription vmstate_arm_sysctl = {
 VMSTATE_UINT32_V(sys_cfgctrl, arm_sysctl_state, 2),
 VMSTATE_UINT32_V(sys_cfgstat, arm_sysctl_state, 2),
 VMSTATE_UINT32_V(sys_clcd, arm_sysctl_state, 3),
+VMSTATE_UINT32_ARRAY_V(mb_clock, arm_sysctl_state, 6, 4),
+VMSTATE_VARRAY_UINT32(db_clock, arm_sysctl_state, db_num_clocks,
+  4, vmstate_info_uint32, uint32_t),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -79,6 +86,7 @@ static int board_id(arm_sysctl_state *s)
 static void arm_sysctl_reset(DeviceState *d)
 {
 arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, SYS_BUS_DEVICE(d));
+int i;
 
 s->leds = 0;
 s->lockval = 0;
@@ -86,6 +94,17 @@ static void arm_sysctl_reset(DeviceState *d)
 s->cfgdata2 = 0;
 s->flags = 0;
 s->resetlevel = 0;
+/* Motherboard oscillators (in Hz) */
+s->mb_clock[0] = 5000; /* Static memory clock: 50MHz */
+s->mb_clock[1] = 2375; /* motherboard CLCD clock: 23.75MHz */
+s->mb_clock[2] = 2400; /* IO FPGA peripheral clock: 24MHz */
+s->mb_clock[3] = 2400; /* IO FPGA reserved clock: 24MHz */
+s->mb_clock[4] = 2400; /* System bus global clock: 24MHz */
+s->mb_clock[5] = 2400; /* IO FPGA reserved clock: 24MHz */
+/* Daughterboard oscillators: reset from property values */
+for (i = 0; i < s->db_num_clocks; i++) {
+s->db_clock[i] = s->db_clock_reset[i];
+}
 if (board_id(s) == BOARD_ID_VEXPRESS) {
 /* On VExpress this register will RAZ/WI */
 s->sys_clcd = 0;
@@ -251,6 +270,18 @@ static bool vexpress_cfgctrl_read(arm_sysctl_state *s, 
unsigned int dcc,
 return true;
 }
 break;
+case SYS_CFG_OSC:
+if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+/* motherboard clock */
+*val = s->mb_clock[device];
+return true;
+}
+if (site == SYS_CFG_SITE_DB1 && device < s->db_num_clocks) {
+/* daughterboard clock */
+*val = s->db_clock[device];
+return true;
+}
+break;
 default:
 break;
 }
@@ -287,6 +318,18 @@ static bool vexpress_cfgctrl_write(arm_sysctl_state *s, 
unsigned int dcc,
 }
 
 switch (function) {
+case SYS_CFG_OSC:
+if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+/* motherboard clock */
+s->mb_clock[device] = val;
+return true;
+}
+if (site == SYS_CFG_SITE_DB1 && device < s->db_num_clocks) {
+/* daughterboard clock */
+s->db_clock[device] = val;
+return true;
+}
+break;
 case SYS_CFG_MUXFPGA:
 if (site == SYS_CFG_SITE_MB && device == 0) {
 /* Select whether video output comes from motherboard
@@ -552,11 +595,19 @@ static void arm_sysctl_init(Object *obj)
 qdev_init_gpio_out(dev, &s->pl110_mux_ctrl, 1);
 }
 
+static void arm_sysctl_realize(DeviceState *d, Error **errp)
+{
+arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, SYS_BUS_DEVICE(d));
+s->db_clock = g_new0(uint32_t, s->db_num_clocks);
+}
+
 static void arm_sysctl_finalize(Object *obj)
 {
 SysBusDevice *dev = SYS_BUS_DEVICE(obj);
 arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, dev);
 g_free(s->db_voltage);
+g_free(s->db_clock);
+g_free(s->db_clock_reset);
 }
 
 static Property arm_sysctl_properties[] = {
@@ -565,6 +616,9 @@ static Property arm_sysctl_properties[] = {
 /* Daughterboard power supply voltages (as reported via SYS_CFG) */
 DEFINE_PROP_ARRAY("db-voltage", arm_sysctl_state, db_num_vsensors,
   db_voltage, qdev_prop_uint32, uint32_t),
+/* Daughterboard clock reset 

Re: [Qemu-devel] [PATCH] s390: Fix cpu refactoring fallout.

[Andreas Färber]

Am 15.03.2013 10:57, schrieb Cornelia Huck:
> Commit 259186a7 "cpu: Move halted and interrupt_request fields to CPUState"
> seems to have missed one instance in target-s390x/kvm.c:
> 
> /home/cohuck/git/qemu/target-s390x/kvm.c: In function 
> ‘kvm_arch_process_async_events’:
> /home/cohuck/git/qemu/target-s390x/kvm.c:319: error: ‘CPUS390XState’ has no 
> member named ‘halted’
> /home/cohuck/git/qemu/target-s390x/kvm.c:320: warning: control reaches end of 
> non-void function
> make[1]: *** [target-s390x/kvm.o] Error 1
> 
> Let's just switch to cs->halted.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  target-s390x/kvm.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

I definitely compile-tested qom-cpu on s390x before submitting my pull,
so this looks like a merge conflict to me...

Acked-by: Andreas Färber 

Andreas

> 
> diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
> index 8f111ae..644f484 100644
> --- a/target-s390x/kvm.c
> +++ b/target-s390x/kvm.c
> @@ -315,8 +315,7 @@ void kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
>  
>  int kvm_arch_process_async_events(CPUState *cs)
>  {
> -S390CPU *cpu = S390_CPU(cs);
> -return cpu->env.halted;
> +return cs->halted;
>  }
>  
>  void kvm_s390_interrupt_internal(S390CPU *cpu, int type, uint32_t parm,
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 0/3] Fix VMSTATE_BUFFER_UNSAFE macro usage

[Igor Mitsyanko]

> On 03/15/2013 09:12 PM, Peter Maydell wrote:
>
>> On 10 March 2013 13:47, Igor Mitsyanko  wrote:
>>
>>> hw/sd.c and hw/onenand.c were wrongly using VMSTATE_BUFFER_UNSAFE for
>>> dynamically
>>> allocated buffer migration, this was causing memory corruption.
>>> Use VMSTATE_BUFFER_POINTER_UNSAFE (wich has an additional VMS_POINTER
>>> flag set) instead.
>>>
>>> Not sure what to do with vmstate version for his devices, should I bump
>>> it? Migration
>>> was never working for them anyway.
>>>
>>> Only tested hw/sd.c, by saving/loading a snapshot of VM while it was
>>> playing videofile
>>> from SD card.
>>>
>> Cc'ing Juan in case he wants to comment on the vmstate changes.
>>
>> -- PMM
>>
>
Thanks, Peter. Also cc'ing Andrzej Zaborowski using a (correct) address
from MAINTAINERS, because the one in hw/onenand.c is not working.

Re: [Qemu-devel] [PATCH v2] Add option to mlock qemu and guest memory

[Satoru Moriya]

Ping.

Can anyone else review this patch?

Regards,
Satoru

On 03/12/2013 05:40 AM, Paolo Bonzini wrote:
> Il 14/02/2013 21:21, Satoru Moriya ha scritto:
>> We have some plans to migrate legacy enterprise systems which require 
>> low latency (10 msec order) to kvm virtualized environment. In our 
>> usecase, the system runs with other untrusted guests and so locking 
>> memory which is used by the system is needed to avoid latency impacts 
>> from other guests' memory activity.
>>
>> ChangeLog:
>> v2
>>  - Change the option name from -mlock to -realtime mlock=on|off
>>  - Rebase qemu version 1.3.91
>>  - Update patch description
>>
>> ---
>> In certain scenario, latency induced by paging is significant and 
>> memory locking is needed. Also, in the scenario with untrusted 
>> guests, latency improvement due to mlock is desired.
>>
>> This patch introduces a following new option to mlock guest and qemu 
>> memory:
>>
>> -realtime mlock=on|off
>>
>> Signed-off-by: Satoru Moriya 
> 
> Reviewed-by: Paolo Bonzini 
> 
> As a follow up it would be nice to move -mem-prealloc/-mem-path under 
> -realtime as well.
> 
> Paolo
> 
>> ---
>>  include/sysemu/os-posix.h |  1 +
>>  include/sysemu/os-win32.h |  1 +
>>  os-posix.c|  8 
>>  qemu-options.hx   | 13 +
>>  vl.c  | 31 +++
>>  5 files changed, 54 insertions(+)
>>
>> diff --git a/include/sysemu/os-posix.h b/include/sysemu/os-posix.h 
>> index 7f198e4..2f2ead6 100644
>> --- a/include/sysemu/os-posix.h
>> +++ b/include/sysemu/os-posix.h
>> @@ -31,6 +31,7 @@ void os_set_proc_name(const char *s);  void 
>> os_setup_signal_handling(void);  void os_daemonize(void);  void 
>> os_setup_post(void);
>> +void os_mlock(void);
>>  
>>  typedef struct timeval qemu_timeval;  #define qemu_gettimeofday(tp) 
>> gettimeofday(tp, NULL) diff --git a/include/sysemu/os-win32.h 
>> b/include/sysemu/os-win32.h index bf9edeb..a74ca13 100644
>> --- a/include/sysemu/os-win32.h
>> +++ b/include/sysemu/os-win32.h
>> @@ -80,6 +80,7 @@ static inline void os_daemonize(void) {}  static 
>> inline void os_setup_post(void) {}  void os_set_line_buffering(void);  
>> static inline void os_set_proc_name(const char *dummy) {}
>> +static inline void os_mlock(void) {}
>>  
>>  #if !defined(EPROTONOSUPPORT)
>>  # define EPROTONOSUPPORT EINVAL
>> diff --git a/os-posix.c b/os-posix.c
>> index 5c64518..1304b0e 100644
>> --- a/os-posix.c
>> +++ b/os-posix.c
>> @@ -363,3 +363,11 @@ bool is_daemonized(void)  {
>>  return daemonize;
>>  }
>> +
>> +void os_mlock(void)
>> +{
>> +if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
>> +perror("mlockall");
>> +exit(1);
>> +}
>> +}
>> diff --git a/qemu-options.hx b/qemu-options.hx index 9d7131a..843fcb4 
>> 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -2464,6 +2464,19 @@ STEXI
>>  Do not start CPU at startup (you must type 'c' in the monitor).
>>  ETEXI
>>  
>> +DEF("realtime", HAS_ARG, QEMU_OPTION_realtime,
>> +"-realtime [mlock=on|off]\n"
>> +"run qemu with realtime features\n"
>> +"mlock=on|off controls mlock support (default: on)\n",
>> +QEMU_ARCH_ALL)
>> +STEXI
>> +@item -realtime mlock=on|off
>> +@findex -realtime
>> +Run qemu with realtime features.
>> +mlocking qemu and guest memory can be enabled via @option{mlock=on} 
>> +(enabled by default).
>> +ETEXI
>> +
>>  DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \
>>  "-gdb devwait for gdb connection on 'dev'\n", QEMU_ARCH_ALL)
>>  STEXI
>> diff --git a/vl.c b/vl.c
>> index 1355f69..c16c8ad 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -491,6 +491,18 @@ static QemuOptsList qemu_object_opts = {
>>  },
>>  };
>>  
>> +static QemuOptsList qemu_realtime_opts = {
>> +.name = "realtime",
>> +.head = QTAILQ_HEAD_INITIALIZER(qemu_realtime_opts.head),
>> +.desc = {
>> +{
>> +.name = "mlock",
>> +.type = QEMU_OPT_BOOL,
>> +},
>> +{ /* end of list */ }
>> +},
>> +};
>> +
>>  const char *qemu_get_vm_name(void)
>>  {
>>  return qemu_name;
>> @@ -1384,6 +1396,17 @@ static void smp_parse(const char *optarg)
>>  max_cpus = smp_cpus;
>>  }
>>  
>> +static void configure_realtime(QemuOpts *opts) {
>> +bool is_mlock;
>> +
>> +is_mlock = qemu_opt_get_bool(opts, "mlock", true);
>> +
>> +if (is_mlock) {
>> +os_mlock();
>> +}
>> +}
>> +
>>  /***/
>>  /* USB devices */
>>  
>> @@ -2860,6 +2883,7 @@ int main(int argc, char **argv, char **envp)
>>  qemu_add_opts(&qemu_sandbox_opts);
>>  qemu_add_opts(&qemu_add_fd_opts);
>>  qemu_add_opts(&qemu_object_opts);
>> +qemu_add_opts(&qemu_realtime_opts);
>>  
>>  runstate_init();
>>  
>> @@ -3806,6 +3830,13 @@ int main(int argc, char **argv, char **envp)
>>  exit(1);
>>  }
>>  break;
>> +

[Qemu-devel] [PATCH 06/17] qdev: Implement (variable length) array properties

[Peter Maydell]

Add support for declaring array properties for qdev devices.
These work by defining an initial static property 'len-arrayname'
which the user of the device should set to the desired size
of the array. When this property is set, memory is allocated
for the array elements, and dynamic properties "arrayname[0]",
"arrayname[1]"... are created so the user of the device can
then set the values of the individual array elements.

Signed-off-by: Peter Maydell 
---
 hw/qdev-core.h   |3 ++
 hw/qdev-properties.c |  104 ++
 hw/qdev-properties.h |   39 +++
 3 files changed, 146 insertions(+)

diff --git a/hw/qdev-core.h b/hw/qdev-core.h
index 2486f36..547fbc7 100644
--- a/hw/qdev-core.h
+++ b/hw/qdev-core.h
@@ -175,6 +175,9 @@ struct Property {
 uint8_t  bitnr;
 uint8_t  qtype;
 int64_t  defval;
+int  arrayoffset;
+PropertyInfo *arrayinfo;
+int  arrayfieldsize;
 };
 
 struct PropertyInfo {
diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 0307a78..247ca6c 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -779,6 +779,110 @@ PropertyInfo qdev_prop_pci_host_devaddr = {
 .set = set_pci_host_devaddr,
 };
 
+/* --- support for array properties --- */
+
+/* Used as an opaque for the object properties we add for each
+ * array element. Note that the struct Property must be first
+ * in the struct so that a pointer to this works as the opaque
+ * for the underlying element's property hooks as well as for
+ * our own release callback.
+ */
+typedef struct {
+struct Property prop;
+char *propname;
+ObjectPropertyRelease *release;
+} ArrayElementProperty;
+
+/* object property release callback for array element properties:
+ * we call the underlying element's property release hook, and
+ * then free the memory we allocated when we added the property.
+ */
+static void array_element_release(Object *obj, const char *name, void *opaque)
+{
+ArrayElementProperty *p = opaque;
+if (p->release) {
+p->release(obj, name, opaque);
+}
+g_free(p->propname);
+g_free(p);
+}
+
+static void set_prop_arraylen(Object *obj, Visitor *v, void *opaque,
+  const char *name, Error **errp)
+{
+/* Setter for the property which defines the length of a
+ * variable-sized property array. As well as actually setting the
+ * array-length field in the device struct, we have to create the
+ * array itself and dynamically add the corresponding properties.
+ */
+DeviceState *dev = DEVICE(obj);
+Property *prop = opaque;
+uint32_t *alenptr = qdev_get_prop_ptr(dev, prop);
+void **arrayptr = (void *)dev + prop->arrayoffset;
+void *eltptr;
+const char *arrayname;
+int i;
+
+if (dev->realized) {
+error_set(errp, QERR_PERMISSION_DENIED);
+return;
+}
+if (*alenptr) {
+error_setg(errp, "array size property %s may not be set more than 
once",
+   name);
+return;
+}
+visit_type_uint32(v, alenptr, name, errp);
+if (error_is_set(errp)) {
+return;
+}
+if (!*alenptr) {
+return;
+}
+
+/* DEFINE_PROP_ARRAY guarantees that name should start with this prefix;
+ * strip it off so we can get the name of the array itself.
+ */
+assert(strncmp(name, PROP_ARRAY_LEN_PREFIX,
+   strlen(PROP_ARRAY_LEN_PREFIX)) == 0);
+arrayname = name + strlen(PROP_ARRAY_LEN_PREFIX);
+
+/* Note that it is the responsibility of the individual device's deinit
+ * to free the array proper.
+ */
+*arrayptr = eltptr = g_malloc0(*alenptr * prop->arrayfieldsize);
+for (i = 0; i < *alenptr; i++, eltptr += prop->arrayfieldsize) {
+char *propname = g_strdup_printf("%s[%d]", arrayname, i);
+ArrayElementProperty *arrayprop = g_new0(ArrayElementProperty, 1);
+arrayprop->release = prop->arrayinfo->release;
+arrayprop->propname = propname;
+arrayprop->prop.info = prop->arrayinfo;
+arrayprop->prop.name = propname;
+/* This ugly piece of pointer arithmetic sets up the offset so
+ * that when the underlying get/set hooks call qdev_get_prop_ptr
+ * they get the right answer despite the array element not actually
+ * being inside the device struct.
+ */
+arrayprop->prop.offset = eltptr - (void *)dev;
+assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr);
+object_property_add(obj, propname,
+arrayprop->prop.info->name,
+arrayprop->prop.info->get,
+arrayprop->prop.info->set,
+array_element_release,
+arrayprop, errp);
+if (error_is_set(errp)) {
+return;
+}
+}
+}
+
+PropertyInfo qdev_prop_arraylen = {
+.name = "uint32",
+

[Qemu-devel] [PATCH 16/17] xilinx_spips: Add missing dual-bus snoop commands

[Peter Maydell]

From: Nathan Rossi 

Added additional commands to the switch to check for when snooping commands in
dual bus mode setups. Cleaned up code to use an enum.

Signed-off-by: Nathan Rossi 
Signed-off-by: Peter Crosthwaite 
Message-id: 
848c116c711dab0af10729a487968384aadd9faf.1362373359.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/xilinx_spips.c |   29 +++--
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index efa1449..3183f7a 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -115,6 +115,19 @@
 #define SNOOP_NONE 0xFE
 #define SNOOP_STRIPING 0
 
+typedef enum {
+READ = 0x3,
+FAST_READ = 0xb,
+DOR = 0x3b,
+QOR = 0x6b,
+DIOR = 0xbb,
+QIOR = 0xeb,
+
+PP = 0x2,
+DPP = 0xa2,
+QPP = 0x32,
+} FlashCMD;
+
 typedef struct {
 SysBusDevice busdev;
 MemoryRegion iomem;
@@ -251,15 +264,19 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
 switch (s->snoop_state) {
 case (SNOOP_CHECKING):
 switch (tx) { /* new instruction code */
-case 0x0b: /* dual/quad output read DOR/QOR */
-case 0x6b:
-s->snoop_state = 4;
+case READ: /* 3 address bytes, no dummy bytes/cycles */
+case PP:
+case DPP:
+case QPP:
+s->snoop_state = 3;
 break;
-/* FIXME: these vary between vendor - set to spansion */
-case 0xbb: /* high performance dual read DIOR */
+case FAST_READ: /* 3 address bytes, 1 dummy byte */
+case DOR:
+case QOR:
+case DIOR: /* FIXME: these vary between vendor - set to spansion */
 s->snoop_state = 4;
 break;
-case 0xeb: /* high performance quad read QIOR */
+case QIOR: /* 3 address bytes, 2 dummy bytes */
 s->snoop_state = 6;
 break;
 default:
-- 
1.7.9.5

[Qemu-devel] [PATCH 01/17] hw/vexpress: Pass proc_id via VEDBoardInfo

[Peter Maydell]

Pass the daughterboard-specific proc_id property to the code that
creates the sysctl device via the VEDBoardInfo struct, rather than
by having the daughterboard init function write to a uint32_t*
argument. This is a cleaner way to pass the info around, and
is in line with the way we are going to handle voltage and
oscillator initialization.

Signed-off-by: Peter Maydell 
---
 hw/arm/vexpress.c |   19 ---
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 02922c3..47a844f 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -147,19 +147,20 @@ typedef struct VEDBoardInfo VEDBoardInfo;
 typedef void DBoardInitFn(const VEDBoardInfo *daughterboard,
   ram_addr_t ram_size,
   const char *cpu_model,
-  qemu_irq *pic, uint32_t *proc_id);
+  qemu_irq *pic);
 
 struct VEDBoardInfo {
 const hwaddr *motherboard_map;
 hwaddr loader_start;
 const hwaddr gic_cpu_if_addr;
+uint32_t proc_id;
 DBoardInitFn *init;
 };
 
 static void a9_daughterboard_init(const VEDBoardInfo *daughterboard,
   ram_addr_t ram_size,
   const char *cpu_model,
-  qemu_irq *pic, uint32_t *proc_id)
+  qemu_irq *pic)
 {
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -175,8 +176,6 @@ static void a9_daughterboard_init(const VEDBoardInfo 
*daughterboard,
 cpu_model = "cortex-a9";
 }
 
-*proc_id = 0x0c000191;
-
 for (n = 0; n < smp_cpus; n++) {
 ARMCPU *cpu = cpu_arm_init(cpu_model);
 if (!cpu) {
@@ -251,13 +250,14 @@ static const VEDBoardInfo a9_daughterboard = {
 .motherboard_map = motherboard_legacy_map,
 .loader_start = 0x6000,
 .gic_cpu_if_addr = 0x1e000100,
+.proc_id = 0x0c000191,
 .init = a9_daughterboard_init,
 };
 
 static void a15_daughterboard_init(const VEDBoardInfo *daughterboard,
ram_addr_t ram_size,
const char *cpu_model,
-   qemu_irq *pic, uint32_t *proc_id)
+   qemu_irq *pic)
 {
 int n;
 MemoryRegion *sysmem = get_system_memory();
@@ -271,8 +271,6 @@ static void a15_daughterboard_init(const VEDBoardInfo 
*daughterboard,
 cpu_model = "cortex-a15";
 }
 
-*proc_id = 0x14000237;
-
 for (n = 0; n < smp_cpus; n++) {
 ARMCPU *cpu;
 qemu_irq *irqp;
@@ -344,6 +342,7 @@ static const VEDBoardInfo a15_daughterboard = {
 .motherboard_map = motherboard_aseries_map,
 .loader_start = 0x8000,
 .gic_cpu_if_addr = 0x2c002000,
+.proc_id = 0x14000237,
 .init = a15_daughterboard_init,
 };
 
@@ -352,7 +351,6 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 {
 DeviceState *dev, *sysctl, *pl041;
 qemu_irq pic[64];
-uint32_t proc_id;
 uint32_t sys_id;
 DriveInfo *dinfo;
 ram_addr_t vram_size, sram_size;
@@ -361,8 +359,7 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 MemoryRegion *sram = g_new(MemoryRegion, 1);
 const hwaddr *map = daughterboard->motherboard_map;
 
-daughterboard->init(daughterboard, args->ram_size, args->cpu_model,
-pic, &proc_id);
+daughterboard->init(daughterboard, args->ram_size, args->cpu_model, pic);
 
 /* Motherboard peripherals: the wiring is the same but the
  * addresses vary between the legacy and A-Series memory maps.
@@ -372,7 +369,7 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 
 sysctl = qdev_create(NULL, "realview_sysctl");
 qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
-qdev_prop_set_uint32(sysctl, "proc_id", proc_id);
+qdev_prop_set_uint32(sysctl, "proc_id", daughterboard->proc_id);
 qdev_init_nofail(sysctl);
 sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, map[VE_SYSREGS]);
 
-- 
1.7.9.5

[Qemu-devel] [PATCH] QMP: TPM QMP and man page documentation updates

[Corey Bryant]

Signed-off-by: Corey Bryant 
---
 qemu-options.hx |  3 ++-
 qmp-commands.hx | 59 +
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 30fb85d..3b3cd0f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2237,7 +2237,8 @@ Backend type must be:
 @option{passthrough}.
 
 The specific backend type will determine the applicable options.
-The @code{-tpmdev} option requires a @code{-device} option.
+The @code{-tpmdev} option creates the TPM backend and requires a
+@code{-device} option that specifies the TPM frontend interface model.
 
 Options to each backend are described below.
 
diff --git a/qmp-commands.hx b/qmp-commands.hx
index b370060..4eda5ea 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -2721,18 +2721,77 @@ EQMP
 .mhandler.cmd_new = qmp_marshal_input_query_tpm,
 },
 
+SQMP
+query-tpm
+-
+
+Return information about the TPM device.
+
+Arguments: None
+
+Example:
+
+-> { "execute": "query-tpm" }
+<- { "return":
+ [
+   { "model": "tpm-tis",
+ "tpm-options":
+   { "type": "tpm-passthrough-options",
+ "data":
+   { "cancel-path": "/sys/class/misc/tpm0/device/cancel",
+ "path": "/dev/tpm0"
+   }
+   },
+ "type": "passthrough",
+ "id": "tpm0"
+   }
+ ]
+   }
+
+EQMP
+
 {
 .name   = "query-tpm-models",
 .args_type  = "",
 .mhandler.cmd_new = qmp_marshal_input_query_tpm_models,
 },
 
+SQMP
+query-tpm-models
+
+
+Return a list of supported TPM models.
+
+Arguments: None
+
+Example:
+
+-> { "execute": "query-tpm-models" }
+<- { "return": [ "tpm-tis" ] }
+
+EQMP
+
 {
 .name   = "query-tpm-types",
 .args_type  = "",
 .mhandler.cmd_new = qmp_marshal_input_query_tpm_types,
 },
 
+SQMP
+query-tpm-types
+---
+
+Return a list of supported TPM types.
+
+Arguments: None
+
+Example:
+
+-> { "execute": "query-tpm-types" }
+<- { "return": [ "passthrough" ] }
+
+EQMP
+
 {
 .name   = "chardev-add",
 .args_type  = "id:s,backend:q",
-- 
1.8.1.4

[Qemu-devel] [PATCH 12/17] pl330: Initial version

[Peter Maydell]

From: Peter Crosthwaite 

Device model for Primecell PL330 DMA controller.

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Kirill Batuzov 
Tested-by: Igor Mitsyanko 
Reviewed-by: Igor Mitsyanko 
Reviewed-by: Peter Maydell 
Message-id: 
098aac26233d7334bed2bca4f06f539638ca6d24.1361853677.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 default-configs/arm-softmmu.mak |1 +
 hw/Makefile.objs|1 +
 hw/pl330.c  | 1654 +++
 3 files changed, 1656 insertions(+)
 create mode 100644 hw/pl330.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 68b2045..ab87035 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -42,6 +42,7 @@ CONFIG_PL110=y
 CONFIG_PL181=y
 CONFIG_PL190=y
 CONFIG_PL310=y
+CONFIG_PL330=y
 CONFIG_CADENCE=y
 CONFIG_XGMAC=y
 
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index eb7eb31..11812c6 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -98,6 +98,7 @@ common-obj-$(CONFIG_PL110) += pl110.o
 common-obj-$(CONFIG_PL181) += pl181.o
 common-obj-$(CONFIG_PL190) += pl190.o
 common-obj-$(CONFIG_PL310) += arm_l2x0.o
+common-obj-$(CONFIG_PL330) += pl330.o
 common-obj-$(CONFIG_VERSATILE_PCI) += versatile_pci.o
 common-obj-$(CONFIG_VERSATILE_I2C) += versatile_i2c.o
 common-obj-$(CONFIG_CADENCE) += cadence_uart.o
diff --git a/hw/pl330.c b/hw/pl330.c
new file mode 100644
index 000..1a04773
--- /dev/null
+++ b/hw/pl330.c
@@ -0,0 +1,1654 @@
+/*
+ * ARM PrimeCell PL330 DMA Controller
+ *
+ * Copyright (c) 2009 Samsung Electronics.
+ * Contributed by Kirill Batuzov 
+ * Copyright (c) 2012 Peter A.G. Crosthwaite (peter.crosthwa...@petalogix.com)
+ * Copyright (c) 2012 PetaLogix Pty Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2 or later.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "sysbus.h"
+#include "qemu/timer.h"
+#include "sysemu/dma.h"
+
+#ifndef PL330_ERR_DEBUG
+#define PL330_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do {\
+if (PL330_ERR_DEBUG >= lvl) {\
+fprintf(stderr, "PL330: %s:" fmt, __func__, ## args);\
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+#define PL330_PERIPH_NUM32
+#define PL330_MAX_BURST_LEN 128
+#define PL330_INSN_MAXSIZE  6
+
+#define PL330_FIFO_OK   0
+#define PL330_FIFO_STALL1
+#define PL330_FIFO_ERR  (-1)
+
+#define PL330_FAULT_UNDEF_INSTR (1 <<  0)
+#define PL330_FAULT_OPERAND_INVALID (1 <<  1)
+#define PL330_FAULT_DMAGO_ERR   (1 <<  4)
+#define PL330_FAULT_EVENT_ERR   (1 <<  5)
+#define PL330_FAULT_CH_PERIPH_ERR   (1 <<  6)
+#define PL330_FAULT_CH_RDWR_ERR (1 <<  7)
+#define PL330_FAULT_ST_DATA_UNAVAILABLE (1 << 12)
+#define PL330_FAULT_FIFOEMPTY_ERR   (1 << 13)
+#define PL330_FAULT_INSTR_FETCH_ERR (1 << 16)
+#define PL330_FAULT_DATA_WRITE_ERR  (1 << 17)
+#define PL330_FAULT_DATA_READ_ERR   (1 << 18)
+#define PL330_FAULT_DBG_INSTR   (1 << 30)
+#define PL330_FAULT_LOCKUP_ERR  (1 << 31)
+
+#define PL330_UNTAGGED  0xff
+
+#define PL330_SINGLE0x0
+#define PL330_BURST 0x1
+
+#define PL330_WATCHDOG_LIMIT1024
+
+/* IOMEM mapped registers */
+#define PL330_REG_DSR   0x000
+#define PL330_REG_DPC   0x004
+#define PL330_REG_INTEN 0x020
+#define PL330_REG_INT_EVENT_RIS 0x024
+#define PL330_REG_INTMIS0x028
+#define PL330_REG_INTCLR0x02C
+#define PL330_REG_FSRD  0x030
+#define PL330_REG_FSRC  0x034
+#define PL330_REG_FTRD  0x038
+#define PL330_REG_FTR_BASE  0x040
+#define PL330_REG_CSR_BASE  0x100
+#define PL330_REG_CPC_BASE  0x104
+#define PL330_REG_CHANCTRL  0x400
+#define PL330_REG_DBGSTATUS 0xD00
+#define PL330_REG_DBGCMD0xD04
+#define PL330_REG_DBGINST0  0xD08
+#define PL330_REG_DBGINST1  0xD0C
+#define PL330_REG_CR0_BASE  0xE00
+#define PL330_REG_PERIPH_ID 0xFE0
+
+#define PL330_IOMEM_SIZE0x1000
+
+#define CFG_BOOT_ADDR 2
+#define CFG_INS 3
+#define CFG_PNS 4
+#define CFG_CRD 5
+
+static const uint32_t pl330_id[] = {
+0x30, 0x13, 0x24, 0x00, 0x0D, 0xF0, 0x05, 0xB1
+};
+
+/* DMA channel states as they are described in PL330 Technical Reference Manual
+ * Most of them will not be used in emulation.
+ */
+typedef enum  {
+pl330_chan_stopped = 0,
+pl330_chan_executing = 1,
+pl330_chan_cache_miss = 2,
+pl330_chan_updating_pc = 3,
+pl330_ch

[Qemu-devel] [PATCH 04/17] hw/arm_sysctl: Implement SYS_CFG_DVIMODE as a no-op

[Peter Maydell]

SYS_CFG_DVIMODE allows the guest to select whether the
output DVI signal is VGA, SVGA, XGA, SGA or UXGA. Since
this makes no difference to QEMU, implement writes as a
no-op so Linux doesn't complain.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |8 
 1 file changed, 8 insertions(+)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index a6e5ed4..840bfad 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -295,6 +295,14 @@ static bool vexpress_cfgctrl_write(arm_sysctl_state *s, 
unsigned int dcc,
 return true;
 }
 break;
+case SYS_CFG_DVIMODE:
+if (site == SYS_CFG_SITE_MB && device == 0) {
+/* Selecting DVI mode is meaningless for QEMU: we will
+ * always display the output correctly according to the
+ * pixel height/width programmed into the CLCD controller.
+ */
+return true;
+}
 default:
 break;
 }
-- 
1.7.9.5

[Qemu-devel] [PATCH 10/17] hw/vexpress: Set reset values for daughterboard oscillators

[Peter Maydell]

Set the reset values for the VExpress daughterboard oscillators
via the new sysctl properties.

Signed-off-by: Peter Maydell 
---
 hw/arm/vexpress.c |   32 
 1 file changed, 32 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index a2dc759..2e1a5d0 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -156,6 +156,8 @@ struct VEDBoardInfo {
 uint32_t proc_id;
 uint32_t num_voltage_sensors;
 const uint32_t *voltages;
+uint32_t num_clocks;
+const uint32_t *clocks;
 DBoardInitFn *init;
 };
 
@@ -260,6 +262,13 @@ static const uint32_t a9_voltages[] = {
 330, /* VCC3V3 : 3.3V : local board supply for misc external logic */
 };
 
+/* Reset values for daughterboard oscillators (in Hz) */
+static const uint32_t a9_clocks[] = {
+4500, /* AMBA AXI ACLK: 45MHz */
+2375, /* daughterboard CLCD clock: 23.75MHz */
+6667, /* Test chip reference clock: 66.67MHz */
+};
+
 static const VEDBoardInfo a9_daughterboard = {
 .motherboard_map = motherboard_legacy_map,
 .loader_start = 0x6000,
@@ -267,6 +276,8 @@ static const VEDBoardInfo a9_daughterboard = {
 .proc_id = 0x0c000191,
 .num_voltage_sensors = ARRAY_SIZE(a9_voltages),
 .voltages = a9_voltages,
+.num_clocks = ARRAY_SIZE(a9_clocks),
+.clocks = a9_clocks,
 .init = a9_daughterboard_init,
 };
 
@@ -358,6 +369,18 @@ static const uint32_t a15_voltages[] = {
 90, /* Vcore: 0.9V : CPU core voltage */
 };
 
+static const uint32_t a15_clocks[] = {
+6000, /* OSCCLK0: 60MHz : CPU_CLK reference */
+0, /* OSCCLK1: reserved */
+0, /* OSCCLK2: reserved */
+0, /* OSCCLK3: reserved */
+4000, /* OSCCLK4: 40MHz : external AXI master clock */
+2375, /* OSCCLK5: 23.75MHz : HDLCD PLL reference */
+5000, /* OSCCLK6: 50MHz : static memory controller clock */
+6000, /* OSCCLK7: 60MHz : SYSCLK reference */
+4000, /* OSCCLK8: 40MHz : DDR2 PLL reference */
+};
+
 static const VEDBoardInfo a15_daughterboard = {
 .motherboard_map = motherboard_aseries_map,
 .loader_start = 0x8000,
@@ -365,6 +388,8 @@ static const VEDBoardInfo a15_daughterboard = {
 .proc_id = 0x14000237,
 .num_voltage_sensors = ARRAY_SIZE(a15_voltages),
 .voltages = a15_voltages,
+.num_clocks = ARRAY_SIZE(a15_clocks),
+.clocks = a15_clocks,
 .init = a15_daughterboard_init,
 };
 
@@ -400,6 +425,13 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 qdev_prop_set_uint32(sysctl, propname, daughterboard->voltages[i]);
 g_free(propname);
 }
+qdev_prop_set_uint32(sysctl, "len-db-clock",
+ daughterboard->num_clocks);
+for (i = 0; i < daughterboard->num_clocks; i++) {
+char *propname = g_strdup_printf("db-clock[%d]", i);
+qdev_prop_set_uint32(sysctl, propname, daughterboard->clocks[i]);
+g_free(propname);
+}
 qdev_init_nofail(sysctl);
 sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, map[VE_SYSREGS]);
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 13/17] xilinx_zynq: added pl330 to machine model

[Peter Maydell]

From: Peter Crosthwaite 

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Peter Maydell 
Message-id: 
5bc295bd2aa50dfe573f428574dbd7d8add7b3f8.1361853677.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/arm/xilinx_zynq.c |   24 
 1 file changed, 24 insertions(+)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index f78c47e..6f36286 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -35,6 +35,10 @@
 
 #define IRQ_OFFSET 32 /* pic interrupts start from index 32 */
 
+static const int dma_irqs[8] = {
+46, 47, 48, 49, 72, 73, 74, 75
+};
+
 static struct arm_boot_info zynq_binfo = {};
 
 static void gem_init(NICInfo *nd, uint32_t base, qemu_irq irq)
@@ -196,6 +200,26 @@ static void zynq_init(QEMUMachineInitArgs *args)
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xE0101000);
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic[79-IRQ_OFFSET]);
 
+dev = qdev_create(NULL, "pl330");
+qdev_prop_set_uint8(dev, "num_chnls",  8);
+qdev_prop_set_uint8(dev, "num_periph_req",  4);
+qdev_prop_set_uint8(dev, "num_events",  16);
+
+qdev_prop_set_uint8(dev, "data_width",  64);
+qdev_prop_set_uint8(dev, "wr_cap",  8);
+qdev_prop_set_uint8(dev, "wr_q_dep",  16);
+qdev_prop_set_uint8(dev, "rd_cap",  8);
+qdev_prop_set_uint8(dev, "rd_q_dep",  16);
+qdev_prop_set_uint16(dev, "data_buffer_dep",  256);
+
+qdev_init_nofail(dev);
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, 0xF8003000);
+sysbus_connect_irq(busdev, 0, pic[45-IRQ_OFFSET]); /* abort irq line */
+for (n = 0; n < 8; ++n) { /* event irqs */
+sysbus_connect_irq(busdev, n + 1, pic[dma_irqs[n] - IRQ_OFFSET]);
+}
+
 zynq_binfo.ram_size = ram_size;
 zynq_binfo.kernel_filename = kernel_filename;
 zynq_binfo.kernel_cmdline = kernel_cmdline;
-- 
1.7.9.5

[Qemu-devel] [PATCH 08/17] hw/vexpress: Pass voltage sensor properties to sysctl device

[Peter Maydell]

Pass voltage sensor properties to the sysctl device. Since
these are daughterboard specific, we specify them via the
VEDBoardInfo structure.

Signed-off-by: Peter Maydell 
Message-id: 1359985476-29380-9-git-send-email-peter.mayd...@linaro.org
---
 hw/arm/vexpress.c |   30 ++
 1 file changed, 30 insertions(+)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 47a844f..a2dc759 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -154,6 +154,8 @@ struct VEDBoardInfo {
 hwaddr loader_start;
 const hwaddr gic_cpu_if_addr;
 uint32_t proc_id;
+uint32_t num_voltage_sensors;
+const uint32_t *voltages;
 DBoardInitFn *init;
 };
 
@@ -246,11 +248,25 @@ static void a9_daughterboard_init(const VEDBoardInfo 
*daughterboard,
 sysbus_create_varargs("l2x0", 0x1e00a000, NULL);
 }
 
+/* Voltage values for SYS_CFG_VOLT daughterboard registers;
+ * values are in microvolts.
+ */
+static const uint32_t a9_voltages[] = {
+100, /* VD10 : 1.0V : SoC internal logic voltage */
+100, /* VD10_S2 : 1.0V : PL310, L2 cache, RAM, non-PL310 logic */
+100, /* VD10_S3 : 1.0V : Cortex-A9, cores, MPEs, SCU, PL310 logic */
+180, /* VCC1V8 : 1.8V : DDR2 SDRAM, test chip DDR2 I/O supply */
+90, /* DDR2VTT : 0.9V : DDR2 SDRAM VTT termination voltage */
+330, /* VCC3V3 : 3.3V : local board supply for misc external logic */
+};
+
 static const VEDBoardInfo a9_daughterboard = {
 .motherboard_map = motherboard_legacy_map,
 .loader_start = 0x6000,
 .gic_cpu_if_addr = 0x1e000100,
 .proc_id = 0x0c000191,
+.num_voltage_sensors = ARRAY_SIZE(a9_voltages),
+.voltages = a9_voltages,
 .init = a9_daughterboard_init,
 };
 
@@ -338,11 +354,17 @@ static void a15_daughterboard_init(const VEDBoardInfo 
*daughterboard,
 /* 0x7ffd: PL354 static memory controller: not modelled */
 }
 
+static const uint32_t a15_voltages[] = {
+90, /* Vcore: 0.9V : CPU core voltage */
+};
+
 static const VEDBoardInfo a15_daughterboard = {
 .motherboard_map = motherboard_aseries_map,
 .loader_start = 0x8000,
 .gic_cpu_if_addr = 0x2c002000,
 .proc_id = 0x14000237,
+.num_voltage_sensors = ARRAY_SIZE(a15_voltages),
+.voltages = a15_voltages,
 .init = a15_daughterboard_init,
 };
 
@@ -358,6 +380,7 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 MemoryRegion *vram = g_new(MemoryRegion, 1);
 MemoryRegion *sram = g_new(MemoryRegion, 1);
 const hwaddr *map = daughterboard->motherboard_map;
+int i;
 
 daughterboard->init(daughterboard, args->ram_size, args->cpu_model, pic);
 
@@ -370,6 +393,13 @@ static void vexpress_common_init(const VEDBoardInfo 
*daughterboard,
 sysctl = qdev_create(NULL, "realview_sysctl");
 qdev_prop_set_uint32(sysctl, "sys_id", sys_id);
 qdev_prop_set_uint32(sysctl, "proc_id", daughterboard->proc_id);
+qdev_prop_set_uint32(sysctl, "len-db-voltage",
+ daughterboard->num_voltage_sensors);
+for (i = 0; i < daughterboard->num_voltage_sensors; i++) {
+char *propname = g_strdup_printf("db-voltage[%d]", i);
+qdev_prop_set_uint32(sysctl, propname, daughterboard->voltages[i]);
+g_free(propname);
+}
 qdev_init_nofail(sysctl);
 sysbus_mmio_map(SYS_BUS_DEVICE(sysctl), 0, map[VE_SYSREGS]);
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 05/17] hw/arm_sysctl: Convert from qdev init to instance_init

[Peter Maydell]

Convert this device from old-style qdev init to an instance_init
function. We don't need a realize function yet, though.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |   16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index 840bfad..7c94b78 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -525,15 +525,16 @@ static void arm_sysctl_gpio_set(void *opaque, int line, 
int level)
 }
 }
 
-static int arm_sysctl_init(SysBusDevice *dev)
+static void arm_sysctl_init(Object *obj)
 {
-arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, dev);
+DeviceState *dev = DEVICE(obj);
+SysBusDevice *sd = SYS_BUS_DEVICE(obj);
+arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, sd);
 
 memory_region_init_io(&s->iomem, &arm_sysctl_ops, s, "arm-sysctl", 0x1000);
-sysbus_init_mmio(dev, &s->iomem);
-qdev_init_gpio_in(&s->busdev.qdev, arm_sysctl_gpio_set, 2);
-qdev_init_gpio_out(&s->busdev.qdev, &s->pl110_mux_ctrl, 1);
-return 0;
+sysbus_init_mmio(sd, &s->iomem);
+qdev_init_gpio_in(dev, arm_sysctl_gpio_set, 2);
+qdev_init_gpio_out(dev, &s->pl110_mux_ctrl, 1);
 }
 
 static Property arm_sysctl_properties[] = {
@@ -545,9 +546,7 @@ static Property arm_sysctl_properties[] = {
 static void arm_sysctl_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = arm_sysctl_init;
 dc->reset = arm_sysctl_reset;
 dc->vmsd = &vmstate_arm_sysctl;
 dc->props = arm_sysctl_properties;
@@ -557,6 +556,7 @@ static const TypeInfo arm_sysctl_info = {
 .name  = "realview_sysctl",
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(arm_sysctl_state),
+.instance_init = arm_sysctl_init,
 .class_init= arm_sysctl_class_init,
 };
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 02/17] hw/arm_sysctl: Handle SYS_CFGCTRL in a more structured way

[Peter Maydell]

The SYS_CFGCTRL register consists of separate fields
for DCC, function, site, position and device, as well
as a read/write bit. Refactor the code handling SYS_CFGCTRL
writes to make it easier to add support for functions
like SYS_CFG_OSC which support multiple device fields.
We also pull the handling out into its own function for
clarity, as there are potentially a lot of implementable
subfunctions.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |  143 ++-
 1 file changed, 132 insertions(+), 11 deletions(-)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index a46f8d4..05a3200 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -9,6 +9,7 @@
 
 #include "hw/hw.h"
 #include "qemu/timer.h"
+#include "qemu/bitops.h"
 #include "hw/sysbus.h"
 #include "hw/primecell.h"
 #include "sysemu/sysemu.h"
@@ -191,6 +192,110 @@ static uint64_t arm_sysctl_read(void *opaque, hwaddr 
offset,
 }
 }
 
+/* SYS_CFGCTRL functions */
+#define SYS_CFG_OSC 1
+#define SYS_CFG_VOLT 2
+#define SYS_CFG_AMP 3
+#define SYS_CFG_TEMP 4
+#define SYS_CFG_RESET 5
+#define SYS_CFG_SCC 6
+#define SYS_CFG_MUXFPGA 7
+#define SYS_CFG_SHUTDOWN 8
+#define SYS_CFG_REBOOT 9
+#define SYS_CFG_DVIMODE 11
+#define SYS_CFG_POWER 12
+#define SYS_CFG_ENERGY 13
+
+/* SYS_CFGCTRL site field values */
+#define SYS_CFG_SITE_MB 0
+#define SYS_CFG_SITE_DB1 1
+#define SYS_CFG_SITE_DB2 2
+
+/**
+ * vexpress_cfgctrl_read:
+ * @s: arm_sysctl_state pointer
+ * @dcc, @function, @site, @position, @device: split out values from
+ * SYS_CFGCTRL register
+ * @val: pointer to where to put the read data on success
+ *
+ * Handle a VExpress SYS_CFGCTRL register read. On success, return true and
+ * write the read value to *val. On failure, return false (and val may
+ * or may not be written to).
+ */
+static bool vexpress_cfgctrl_read(arm_sysctl_state *s, unsigned int dcc,
+  unsigned int function, unsigned int site,
+  unsigned int position, unsigned int device,
+  uint32_t *val)
+{
+/* We don't support anything other than DCC 0, board stack position 0
+ * or sites other than motherboard/daughterboard:
+ */
+if (dcc != 0 || position != 0 ||
+(site != SYS_CFG_SITE_MB && site != SYS_CFG_SITE_DB1)) {
+goto cfgctrl_unimp;
+}
+
+switch (function) {
+default:
+break;
+}
+
+cfgctrl_unimp:
+qemu_log_mask(LOG_UNIMP,
+  "arm_sysctl: Unimplemented SYS_CFGCTRL read of function "
+  "0x%x DCC 0x%x site 0x%x position 0x%x device 0x%x\n",
+  function, dcc, site, position, device);
+return false;
+}
+
+/**
+ * vexpress_cfgctrl_write:
+ * @s: arm_sysctl_state pointer
+ * @dcc, @function, @site, @position, @device: split out values from
+ * SYS_CFGCTRL register
+ * @val: data to write
+ *
+ * Handle a VExpress SYS_CFGCTRL register write. On success, return true.
+ * On failure, return false.
+ */
+static bool vexpress_cfgctrl_write(arm_sysctl_state *s, unsigned int dcc,
+   unsigned int function, unsigned int site,
+   unsigned int position, unsigned int device,
+   uint32_t val)
+{
+/* We don't support anything other than DCC 0, board stack position 0
+ * or sites other than motherboard/daughterboard:
+ */
+if (dcc != 0 || position != 0 ||
+(site != SYS_CFG_SITE_MB && site != SYS_CFG_SITE_DB1)) {
+goto cfgctrl_unimp;
+}
+
+switch (function) {
+case SYS_CFG_SHUTDOWN:
+if (site == SYS_CFG_SITE_MB && device == 0) {
+qemu_system_shutdown_request();
+return true;
+}
+break;
+case SYS_CFG_REBOOT:
+if (site == SYS_CFG_SITE_MB && device == 0) {
+qemu_system_reset_request();
+return true;
+}
+break;
+default:
+break;
+}
+
+cfgctrl_unimp:
+qemu_log_mask(LOG_UNIMP,
+  "arm_sysctl: Unimplemented SYS_CFGCTRL write of function "
+  "0x%x DCC 0x%x site 0x%x position 0x%x device 0x%x\n",
+  function, dcc, site, position, device);
+return false;
+}
+
 static void arm_sysctl_write(void *opaque, hwaddr offset,
  uint64_t val, unsigned size)
 {
@@ -322,17 +427,33 @@ static void arm_sysctl_write(void *opaque, hwaddr offset,
 if (board_id(s) != BOARD_ID_VEXPRESS) {
 goto bad_reg;
 }
-s->sys_cfgctrl = val & ~(3 << 18);
-s->sys_cfgstat = 1;/* complete */
-switch (s->sys_cfgctrl) {
-case 0xc080:/* SYS_CFG_SHUTDOWN to motherboard */
-qemu_system_shutdown_request();
-break;
-case 0xc090:/* SYS_CFG_REBOOT to motherboard */
-qemu_system_reset_request();
-break;
-

[Qemu-devel] [PATCH 07/17] hw/arm_sysctl: Implement SYS_CFG_VOLT

[Peter Maydell]

Implement the SYS_CFG_VOLT registers which return the voltage
of various supplies on motherboard and daughterboard. Since
QEMU implements a perfectly stable power supply these registers
always return a constant value. The number and value of the
daughterboard voltages is dependent on the specific daughterboard,
so we use a property array to allow the board to configure them
appropriately.

Signed-off-by: Peter Maydell 
---
 hw/arm_sysctl.c |   26 ++
 1 file changed, 26 insertions(+)

diff --git a/hw/arm_sysctl.c b/hw/arm_sysctl.c
index 7c94b78..e2f00d3 100644
--- a/hw/arm_sysctl.c
+++ b/hw/arm_sysctl.c
@@ -35,6 +35,8 @@ typedef struct {
 uint32_t sys_cfgctrl;
 uint32_t sys_cfgstat;
 uint32_t sys_clcd;
+uint32_t db_num_vsensors;
+uint32_t *db_voltage;
 } arm_sysctl_state;
 
 static const VMStateDescription vmstate_arm_sysctl = {
@@ -236,6 +238,19 @@ static bool vexpress_cfgctrl_read(arm_sysctl_state *s, 
unsigned int dcc,
 }
 
 switch (function) {
+case SYS_CFG_VOLT:
+if (site == SYS_CFG_SITE_DB1 && device < s->db_num_vsensors) {
+*val = s->db_voltage[device];
+return true;
+}
+if (site == SYS_CFG_SITE_MB && device == 0) {
+/* There is only one motherboard voltage sensor:
+ * VIO : 3.3V : bus voltage between mother and daughterboard
+ */
+*val = 330;
+return true;
+}
+break;
 default:
 break;
 }
@@ -537,9 +552,19 @@ static void arm_sysctl_init(Object *obj)
 qdev_init_gpio_out(dev, &s->pl110_mux_ctrl, 1);
 }
 
+static void arm_sysctl_finalize(Object *obj)
+{
+SysBusDevice *dev = SYS_BUS_DEVICE(obj);
+arm_sysctl_state *s = FROM_SYSBUS(arm_sysctl_state, dev);
+g_free(s->db_voltage);
+}
+
 static Property arm_sysctl_properties[] = {
 DEFINE_PROP_UINT32("sys_id", arm_sysctl_state, sys_id, 0),
 DEFINE_PROP_UINT32("proc_id", arm_sysctl_state, proc_id, 0),
+/* Daughterboard power supply voltages (as reported via SYS_CFG) */
+DEFINE_PROP_ARRAY("db-voltage", arm_sysctl_state, db_num_vsensors,
+  db_voltage, qdev_prop_uint32, uint32_t),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -557,6 +582,7 @@ static const TypeInfo arm_sysctl_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(arm_sysctl_state),
 .instance_init = arm_sysctl_init,
+.instance_finalize = arm_sysctl_finalize,
 .class_init= arm_sysctl_class_init,
 };
 
-- 
1.7.9.5

[Qemu-devel] [PULL 00/17] arm-devs queue

[Peter Maydell]

Another arm-devs pullreq: xilinx fixes from Peter C, the pl330
model, and my vexpress fixes for the system control regs.
Please pull.

thanks
-- PMM


The following changes since commit dc0b0616f726956001be09e9a65a6e0b0bd939db:

  Merge remote-tracking branch 'stefanha/block' into staging (2013-03-15 
10:47:21 -0500)

are available in the git repository at:


  git://git.linaro.org/people/pmaydell/qemu-arm.git arm-devs.next

for you to fetch changes up to f8b9fe249a706bfed61e0bb66c73394553696382:

  xilinx_spips: QOM styling fixes (2013-03-15 16:41:59 +)


Nathan Rossi (2):
  xilinx_spips: Fix bus setup conditional check
  xilinx_spips: Add missing dual-bus snoop commands

Peter Crosthwaite (5):
  iov: Factor out hexdumper
  pl330: Initial version
  xilinx_zynq: added pl330 to machine model
  xilinx_spips: Set unused IRQs to NULL
  xilinx_spips: QOM styling fixes

Peter Maydell (10):
  hw/vexpress: Pass proc_id via VEDBoardInfo
  hw/arm_sysctl: Handle SYS_CFGCTRL in a more structured way
  hw/arm_sysctl: Implement SYS_CFG_MUXFPGA writes as a no-op
  hw/arm_sysctl: Implement SYS_CFG_DVIMODE as a no-op
  hw/arm_sysctl: Convert from qdev init to instance_init
  qdev: Implement (variable length) array properties
  hw/arm_sysctl: Implement SYS_CFG_VOLT
  hw/vexpress: Pass voltage sensor properties to sysctl device
  hw/arm_sysctl: Implement SYS_CFG_OSC function
  hw/vexpress: Set reset values for daughterboard oscillators

 default-configs/arm-softmmu.mak |1 +
 hw/Makefile.objs|1 +
 hw/arm/vexpress.c   |   81 +-
 hw/arm/xilinx_zynq.c|   24 +
 hw/arm_sysctl.c |  261 +-
 hw/pl330.c  | 1654 +++
 hw/qdev-core.h  |3 +
 hw/qdev-properties.c|  104 +++
 hw/qdev-properties.h|   39 +
 hw/xilinx_spips.c   |   64 +-
 include/qemu-common.h   |6 +
 util/Makefile.objs  |1 +
 util/hexdump.c  |   37 +
 util/iov.c  |   36 +-
 14 files changed, 2234 insertions(+), 78 deletions(-)
 create mode 100644 hw/pl330.c
 create mode 100644 util/hexdump.c

[Qemu-devel] [PATCH 17/17] xilinx_spips: QOM styling fixes

[Peter Maydell]

From: Peter Crosthwaite 

Few fixes for the latest QOM styling guides.

Signed-off-by: Peter Crosthwaite 
Message-id: 
de9daeee6c142e8b57ad042fd680cedcdc94d2fc.1362373359.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/xilinx_spips.c |   29 -
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 3183f7a..b2397f4 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -154,6 +154,11 @@ typedef struct {
 hwaddr lqspi_cached_addr;
 } XilinxSPIPS;
 
+#define TYPE_XILINX_SPIPS "xilinx,spips"
+
+#define XILINX_SPIPS(obj) \
+ OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
+
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
 return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
@@ -210,7 +215,7 @@ static void xilinx_spips_update_ixr(XilinxSPIPS *s)
 
 static void xilinx_spips_reset(DeviceState *d)
 {
-XilinxSPIPS *s = DO_UPCAST(XilinxSPIPS, busdev.qdev, d);
+XilinxSPIPS *s = XILINX_SPIPS(d);
 
 int i;
 for (i = 0; i < R_MAX; i++) {
@@ -500,9 +505,10 @@ static const MemoryRegionOps lqspi_ops = {
 }
 };
 
-static int xilinx_spips_init(SysBusDevice *dev)
+static void xilinx_spips_realize(DeviceState *dev, Error **errp)
 {
-XilinxSPIPS *s = FROM_SYSBUS(typeof(*s), dev);
+XilinxSPIPS *s = XILINX_SPIPS(dev);
+SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 int i;
 
 DB_PRINT("inited device model\n");
@@ -511,31 +517,29 @@ static int xilinx_spips_init(SysBusDevice *dev)
 for (i = 0; i < s->num_busses; ++i) {
 char bus_name[16];
 snprintf(bus_name, 16, "spi%d", i);
-s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
+s->spi[i] = ssi_create_bus(dev, bus_name);
 }
 
 s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
-sysbus_init_irq(dev, &s->irq);
+sysbus_init_irq(sbd, &s->irq);
 for (i = 0; i < s->num_cs * s->num_busses; ++i) {
-sysbus_init_irq(dev, &s->cs_lines[i]);
+sysbus_init_irq(sbd, &s->cs_lines[i]);
 }
 
 memory_region_init_io(&s->iomem, &spips_ops, s, "spi", R_MAX*4);
-sysbus_init_mmio(dev, &s->iomem);
+sysbus_init_mmio(sbd, &s->iomem);
 
 memory_region_init_io(&s->mmlqspi, &lqspi_ops, s, "lqspi",
   (1 << LQSPI_ADDRESS_BITS) * 2);
-sysbus_init_mmio(dev, &s->mmlqspi);
+sysbus_init_mmio(sbd, &s->mmlqspi);
 
 s->irqline = -1;
 s->lqspi_cached_addr = ~0ULL;
 
 fifo8_create(&s->rx_fifo, RXFF_A);
 fifo8_create(&s->tx_fifo, TXFF_A);
-
-return 0;
 }
 
 static int xilinx_spips_post_load(void *opaque, int version_id)
@@ -569,16 +573,15 @@ static Property xilinx_spips_properties[] = {
 static void xilinx_spips_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
 
-sdc->init = xilinx_spips_init;
+dc->realize = xilinx_spips_realize;
 dc->reset = xilinx_spips_reset;
 dc->props = xilinx_spips_properties;
 dc->vmsd = &vmstate_xilinx_spips;
 }
 
 static const TypeInfo xilinx_spips_info = {
-.name  = "xilinx,spips",
+.name  = TYPE_XILINX_SPIPS,
 .parent = TYPE_SYS_BUS_DEVICE,
 .instance_size  = sizeof(XilinxSPIPS),
 .class_init = xilinx_spips_class_init,
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 0/3] Fix VMSTATE_BUFFER_UNSAFE macro usage

[Peter Maydell]

On 10 March 2013 13:47, Igor Mitsyanko  wrote:
> hw/sd.c and hw/onenand.c were wrongly using VMSTATE_BUFFER_UNSAFE for 
> dynamically
> allocated buffer migration, this was causing memory corruption.
> Use VMSTATE_BUFFER_POINTER_UNSAFE (wich has an additional VMS_POINTER flag 
> set) instead.
>
> Not sure what to do with vmstate version for his devices, should I bump it? 
> Migration
> was never working for them anyway.
>
> Only tested hw/sd.c, by saving/loading a snapshot of VM while it was playing 
> videofile
> from SD card.

Cc'ing Juan in case he wants to comment on the vmstate changes.

-- PMM

[Qemu-devel] [PATCH 11/17] iov: Factor out hexdumper

[Peter Maydell]

From: Peter Crosthwaite 

Factor out the hexdumper functionality from iov for all to use. Useful for
creating verbose debug printfery that dumps packet data.

Signed-off-by: Peter Crosthwaite 
Message-id: 
faaac219c55ea586d3f748befaf5a2788fd271b8.1361853677.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 include/qemu-common.h |6 ++
 util/Makefile.objs|1 +
 util/hexdump.c|   37 +
 util/iov.c|   36 +++-
 4 files changed, 55 insertions(+), 25 deletions(-)
 create mode 100644 util/hexdump.c

diff --git a/include/qemu-common.h b/include/qemu-common.h
index 5e13708..7754ee2 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -442,4 +442,10 @@ int64_t pow2floor(int64_t value);
 int uleb128_encode_small(uint8_t *out, uint32_t n);
 int uleb128_decode_small(const uint8_t *in, uint32_t *n);
 
+/*
+ * Hexdump a buffer to a file. An optional string prefix is added to every line
+ */
+
+void hexdump(const char *buf, FILE *fp, const char *prefix, size_t size);
+
 #endif
diff --git a/util/Makefile.objs b/util/Makefile.objs
index cad5ce8..557bda7 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -9,3 +9,4 @@ util-obj-y += error.o qemu-error.o
 util-obj-$(CONFIG_POSIX) += compatfd.o
 util-obj-y += iov.o aes.o qemu-config.o qemu-sockets.o uri.o notify.o
 util-obj-y += qemu-option.o qemu-progress.o
+util-obj-y += hexdump.o
diff --git a/util/hexdump.c b/util/hexdump.c
new file mode 100644
index 000..0d0efc8
--- /dev/null
+++ b/util/hexdump.c
@@ -0,0 +1,37 @@
+/*
+ * Helper to hexdump a buffer
+ *
+ * Copyright (c) 2013 Red Hat, Inc.
+ * Copyright (c) 2013 Gerd Hoffmann 
+ * Copyright (c) 2013 Peter Crosthwaite 
+ * Copyright (c) 2013 Xilinx, Inc
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu-common.h"
+
+void hexdump(const char *buf, FILE *fp, const char *prefix, size_t size)
+{
+unsigned int b;
+
+for (b = 0; b < size; b++) {
+if ((b % 16) == 0) {
+fprintf(fp, "%s: %04x:", prefix, b);
+}
+if ((b % 4) == 0) {
+fprintf(fp, " ");
+}
+fprintf(fp, " %02x", (unsigned char)buf[b]);
+if ((b % 16) == 15) {
+fprintf(fp, "\n");
+}
+}
+if ((b % 16) != 0) {
+fprintf(fp, "\n");
+}
+}
diff --git a/util/iov.c b/util/iov.c
index fbe675d..9dae318 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -201,32 +201,18 @@ ssize_t iov_send_recv(int sockfd, struct iovec *iov, 
unsigned iov_cnt,
 void iov_hexdump(const struct iovec *iov, const unsigned int iov_cnt,
  FILE *fp, const char *prefix, size_t limit)
 {
-unsigned int i, v, b;
-uint8_t *c;
-
-c = iov[0].iov_base;
-for (i = 0, v = 0, b = 0; b < limit; i++, b++) {
-if (i == iov[v].iov_len) {
-i = 0; v++;
-if (v == iov_cnt) {
-break;
-}
-c = iov[v].iov_base;
-}
-if ((b % 16) == 0) {
-fprintf(fp, "%s: %04x:", prefix, b);
-}
-if ((b % 4) == 0) {
-fprintf(fp, " ");
-}
-fprintf(fp, " %02x", c[i]);
-if ((b % 16) == 15) {
-fprintf(fp, "\n");
-}
-}
-if ((b % 16) != 0) {
-fprintf(fp, "\n");
+int v;
+size_t size = 0;
+char *buf;
+
+for (v = 0; v < iov_cnt; v++) {
+size += iov[v].iov_len;
 }
+size = size > limit ? limit : size;
+buf = g_malloc(size);
+iov_to_buf(iov, iov_cnt, 0, buf, size);
+hexdump(buf, fp, prefix, size);
+g_free(buf);
 }
 
 unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt,
-- 
1.7.9.5

[Qemu-devel] [PATCH 14/17] xilinx_spips: Set unused IRQs to NULL

[Peter Maydell]

From: Peter Crosthwaite 

Unused CS lines should init to 0 to avoid segfaulting when accessing an
unattached QSPI controller.

Signed-off-by: Peter Crosthwaite 
Message-id: 
c1e45198032106e69e8fe9339fc2e6348d524fcd.1362373359.git.peter.crosthwa...@xilinx.com
Signed-off-by: Peter Maydell 
---
 hw/xilinx_spips.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xilinx_spips.c b/hw/xilinx_spips.c
index 6c21b96..853f4e0 100644
--- a/hw/xilinx_spips.c
+++ b/hw/xilinx_spips.c
@@ -497,7 +497,7 @@ static int xilinx_spips_init(SysBusDevice *dev)
 s->spi[i] = ssi_create_bus(&dev->qdev, bus_name);
 }
 
-s->cs_lines = g_new(qemu_irq, s->num_cs * s->num_busses);
+s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[0]);
 ssi_auto_connect_slaves(DEVICE(s), s->cs_lines, s->spi[1]);
 sysbus_init_irq(dev, &s->irq);
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 08/28] qcow2: Allow lazy refcounts to be enabled on the command line

[Paolo Bonzini]

Il 15/03/2013 16:14, Stefan Hajnoczi ha scritto:
> From: Kevin Wolf 
> 
> qcow2 images now accept a boolean lazy_refcounts options. Use it like
> this:
> 
>   -drive file=test.qcow2,lazy_refcounts=on
> 
> If the option is specified on the command line, it overrides the default
> specified by the qcow2 header flags that were set when creating the
> image.
> 
> Signed-off-by: Kevin Wolf 
> Reviewed-by: Eric Blake 
> Reviewed-by: Stefan Hajnoczi 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  block/qcow2-cluster.c |  2 +-
>  block/qcow2.c | 37 +
>  block/qcow2.h |  1 +
>  3 files changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
> index 56fccf9..ff9ae18 100644
> --- a/block/qcow2-cluster.c
> +++ b/block/qcow2-cluster.c
> @@ -668,7 +668,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, 
> QCowL2Meta *m)
>  }
>  
>  /* Update L2 table. */
> -if (s->compatible_features & QCOW2_COMPAT_LAZY_REFCOUNTS) {
> +if (s->use_lazy_refcounts) {
>  qcow2_mark_dirty(bs);
>  }
>  if (qcow2_need_accurate_refcounts(s)) {
> diff --git a/block/qcow2.c b/block/qcow2.c
> index f5e4269..ad43a13 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -285,11 +285,26 @@ static int qcow2_check(BlockDriverState *bs, 
> BdrvCheckResult *result,
>  return ret;
>  }
>  
> +static QemuOptsList qcow2_runtime_opts = {
> +.name = "qcow2",
> +.head = QTAILQ_HEAD_INITIALIZER(qcow2_runtime_opts.head),
> +.desc = {
> +{
> +.name = "lazy_refcounts",
> +.type = QEMU_OPT_BOOL,
> +.help = "Postpone refcount updates",
> +},
> +{ /* end of list */ }
> +},
> +};
> +
>  static int qcow2_open(BlockDriverState *bs, QDict *options, int flags)
>  {
>  BDRVQcowState *s = bs->opaque;
>  int len, i, ret = 0;
>  QCowHeader header;
> +QemuOpts *opts;
> +Error *local_err = NULL;
>  uint64_t ext_end;
>  
>  ret = bdrv_pread(bs->file, 0, &header, sizeof(header));
> @@ -495,6 +510,28 @@ static int qcow2_open(BlockDriverState *bs, QDict 
> *options, int flags)
>  }
>  }
>  
> +/* Enable lazy_refcounts according to image and command line options */
> +opts = qemu_opts_create_nofail(&qcow2_runtime_opts);
> +qemu_opts_absorb_qdict(opts, options, &local_err);

This breaks migration with qcow2 images:

Program received signal SIGSEGV, Segmentation fault.
qdict_next_entry (first_bucket=0, qdict=0x0) at 
/home/pbonzini/work/upstream/qemu/qobject/qdict.c:371
371 if (!QLIST_EMPTY(&qdict->table[i])) {
(gdb) up
#1  qdict_first (qdict=qdict@entry=0x0) at 
/home/pbonzini/work/upstream/qemu/qobject/qdict.c:384
384 return qdict_next_entry(qdict, 0);
(gdb) 
#2  0x7fb8edf75ae6 in qemu_opts_absorb_qdict 
(opts=opts@entry=0x7fb8f0651740, qdict=qdict@entry=0x0, 
errp=errp@entry=0x7fb8edc36e80)
at /home/pbonzini/work/upstream/qemu/util/qemu-option.c:1078
1078entry = qdict_first(qdict);
(gdb) 
#3  0x7fb8edd15074 in qcow2_open (bs=0x7fb8f041b800, options=0x0, 
flags=) at /home/pbonzini/work/upstream/qemu/block/qcow2.c:515
515 qemu_opts_absorb_qdict(opts, options, &local_err);
(gdb) 
#4  0x7fb8edd00352 in bdrv_invalidate_cache (bs=0x7fb8f041b800) at 
/home/pbonzini/work/upstream/qemu/block.c:4192
4192bs->drv->bdrv_invalidate_cache(bs);

Paolo

> +if (error_is_set(&local_err)) {
> +qerror_report_err(local_err);
> +error_free(local_err);
> +ret = -EINVAL;
> +goto fail;
> +}
> +
> +s->use_lazy_refcounts = qemu_opt_get_bool(opts, "lazy_refcounts",
> +(s->compatible_features & QCOW2_COMPAT_LAZY_REFCOUNTS));
> +
> +qemu_opts_del(opts);
> +
> +if (s->use_lazy_refcounts && s->qcow_version < 3) {
> +qerror_report(ERROR_CLASS_GENERIC_ERROR, "Lazy refcounts require "
> +"a qcow2 image with at least qemu 1.1 compatibility level");
> +ret = -EINVAL;
> +goto fail;
> +}
> +
>  #ifdef DEBUG_ALLOC
>  {
>  BdrvCheckResult result = {0};
> diff --git a/block/qcow2.h b/block/qcow2.h
> index 718b52b..103abdb 100644
> --- a/block/qcow2.h
> +++ b/block/qcow2.h
> @@ -173,6 +173,7 @@ typedef struct BDRVQcowState {
>  
>  int flags;
>  int qcow_version;
> +bool use_lazy_refcounts;
>  
>  uint64_t incompatible_features;
>  uint64_t compatible_features;
> 

Re: [Qemu-devel] [RFC PATCH] qemu-socket: Use local error variable

[Laszlo Ersek]

On 03/15/13 09:37, Kevin Wolf wrote:
> Am 14.03.2013 um 16:52 hat Laszlo Ersek geschrieben:
>> On 03/14/13 15:57, Kevin Wolf wrote:
>>> Signed-off-by: Kevin Wolf 
>>> ---
>>> After rebasing this I saw that Anthony already committed a fix that is
>>> very close to my v1. I don't intend to actually change that code, but as
>>> I've already done this, just for comparison what it would look like with
>>> error propagation. Is this what you meant? I find the result more
>>> confusing, to be honest.
>>
>> I think what I had in mind was:
>> - I was okay with the logic change you suggested in your v1, just
>> - turn *errp accesses into local_err accesses,
>> - when returning, propagate the latter to the former.
>>
>> The logic seemed OK, I just suggested to keep the massage internal to
>> the function, only try to propagate it outwards at return time. IOW,
>> never read *errp.
> 
> So you would have used my local_err, but not ret_err?

Something like that, yes.

> I don't think that
> would make it much better,

Not contesting that ;)

> ret_err is actually the nice part.

Anyway I'm not feeling strongly about this and I don't want to waste
your time with it. It was just a note in passing. (... Which I should
probably refrain from, lest I waste people's time.)

L.

Re: [Qemu-devel] [PATCH v3 0/5] Remove sysbus_add_memory and sysbus_del_memory

[Paolo Bonzini]

Il 15/03/2013 17:09, Peter Maydell ha scritto:
> On 15 March 2013 16:00, Paolo Bonzini  wrote:
>> Il 15/03/2013 15:34, Peter Maydell ha scritto:
>>> I rather suspect sysbus_add_io and sysbus_del_io should also be
>>> removed, but since their users are in PPC and x86 platforms I'll
>>> let somebody else do that part :-)
>>
>> sysbus_add_io and sysbus_del_io are actually a good match for the I/O
>> address space of x86, because the model was to have "well-known" port
>> numbers standardized across all platforms.  So all the boards would have
>> to know those port addresses if we used sysbus_init_mmio.
> 
> Maybe they should just call memory_region_add_subregion()
> directly then? There's nothing sysbus-device-specific about
> what these functions do, they just take a SysBusDevice* and
> totally ignore it...

It affects the OpenFirmware path, but perhaps we can move the
get_fw_dev_path from the Bus to the Device class.

Paolo

Re: [Qemu-devel] [PATCH 11/20] qemu-char: use a glib timeout instead of qemu-timer

[Laurent Desnogues]

On Fri, Mar 15, 2013 at 4:44 PM, Anthony Liguori  wrote:
> Laurent Desnogues  writes:
>
>> Hello,
>>
>> On Tue, Mar 5, 2013 at 6:51 PM, Amit Shah  wrote:
>>> From: Anthony Liguori 
>>>
>>> Signed-off-by: Anthony Liguori 
>>> Signed-off-by: Amit Shah 
>>> ---
>>>  qemu-char.c | 68 
>>> -
>>>  1 file changed, 45 insertions(+), 23 deletions(-)
>>>
>>> diff --git a/qemu-char.c b/qemu-char.c
>>> index eb0ac81..6dba943 100644
>>> --- a/qemu-char.c
>>> +++ b/qemu-char.c
>>> @@ -990,12 +990,50 @@ typedef struct {
>>>  int connected;
>>>  int polling;
>>>  int read_bytes;
>>> -QEMUTimer *timer;
>>> +guint timer_tag;
>>>  } PtyCharDriver;
>>>
>>>  static void pty_chr_update_read_handler(CharDriverState *chr);
>>>  static void pty_chr_state(CharDriverState *chr, int connected);
>>>
>>> +static gboolean pty_chr_timer(gpointer opaque)
>>> +{
>>> +struct CharDriverState *chr = opaque;
>>> +PtyCharDriver *s = chr->opaque;
>>> +
>>> +if (s->connected) {
>>> +goto out;
>>> +}
>>> +if (s->polling) {
>>> +/* If we arrive here without polling being cleared due
>>> + * read returning -EIO, then we are (re-)connected */
>>> +pty_chr_state(chr, 1);
>>> +goto out;
>>> +}
>>> +
>>> +/* Next poll ... */
>>> +pty_chr_update_read_handler(chr);
>>> +
>>> +out:
>>> +return FALSE;
>>> +}
>>> +
>>> +static void pty_chr_rearm_timer(CharDriverState *chr, int ms)
>>> +{
>>> +PtyCharDriver *s = chr->opaque;
>>> +
>>> +if (s->timer_tag) {
>>> +g_source_remove(s->timer_tag);
>>> +s->timer_tag = 0;
>>> +}
>>> +
>>> +if (ms == 1000) {
>>> +s->timer_tag = g_timeout_add_seconds(1, pty_chr_timer, chr);
>>
>> It looks like g_timeout_add_seconds isn't available for
>> poor people using some old distros (glib 2.12.3 here).
>
> Can you test adding:
>
> #if !GLIB_CHECK_VERSION(2, 14, 0)
> static guint g_timeout_add_seconds(guint interval, GSourceFunc function,
>gpointer data)
> {
> return g_timeout_add(interval * 1000, function, data);
> }
> #endif

That works fine, thanks for looking!

> We probably should introduce a glib-compat to centralize work arounds
> for older versions of glib...

Agreed.

Thanks again,

Laurent

> Regards,
>
> Anthony Liguori
>
>>
>> Thanks,
>>
>> Laurent
>>
>>> +} else {
>>> +s->timer_tag = g_timeout_add(ms, pty_chr_timer, chr);
>>> +}
>>> +}
>>> +
>>>  static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
>>>  {
>>>  PtyCharDriver *s = chr->opaque;
>>> @@ -1065,7 +1103,7 @@ static void 
>>> pty_chr_update_read_handler(CharDriverState *chr)
>>>   * timeout to the normal (much longer) poll interval before the
>>>   * timer triggers.
>>>   */
>>> -qemu_mod_timer(s->timer, qemu_get_clock_ms(rt_clock) + 10);
>>> +pty_chr_rearm_timer(chr, 10);
>>>  }
>>>
>>>  static void pty_chr_state(CharDriverState *chr, int connected)
>>> @@ -1080,7 +1118,7 @@ static void pty_chr_state(CharDriverState *chr, int 
>>> connected)
>>>  /* (re-)connect poll interval for idle guests: once per second.
>>>   * We check more frequently in case the guests sends data to
>>>   * the virtual device linked to our pty. */
>>> -qemu_mod_timer(s->timer, qemu_get_clock_ms(rt_clock) + 1000);
>>> +pty_chr_rearm_timer(chr, 1000);
>>>  } else {
>>>  if (!s->connected)
>>>  qemu_chr_generic_open(chr);
>>> @@ -1088,23 +1126,6 @@ static void pty_chr_state(CharDriverState *chr, int 
>>> connected)
>>>  }
>>>  }
>>>
>>> -static void pty_chr_timer(void *opaque)
>>> -{
>>> -struct CharDriverState *chr = opaque;
>>> -PtyCharDriver *s = chr->opaque;
>>> -
>>> -if (s->connected)
>>> -return;
>>> -if (s->polling) {
>>> -/* If we arrive here without polling being cleared due
>>> - * read returning -EIO, then we are (re-)connected */
>>> -pty_chr_state(chr, 1);
>>> -return;
>>> -}
>>> -
>>> -/* Next poll ... */
>>> -pty_chr_update_read_handler(chr);
>>> -}
>>>
>>>  static void pty_chr_close(struct CharDriverState *chr)
>>>  {
>>> @@ -1117,8 +1138,9 @@ static void pty_chr_close(struct CharDriverState *chr)
>>>  fd = g_io_channel_unix_get_fd(s->fd);
>>>  g_io_channel_unref(s->fd);
>>>  close(fd);
>>> -qemu_del_timer(s->timer);
>>> -qemu_free_timer(s->timer);
>>> +if (s->timer_tag) {
>>> +g_source_remove(s->timer_tag);
>>> +}
>>>  g_free(s);
>>>  qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
>>>  }
>>> @@ -1170,7 +1192,7 @@ static CharDriverState *qemu_chr_open_pty(QemuOpts 
>>> *opts)
>>>  chr->chr_add_watch = pty_chr_add_watch;
>>>
>>>  s->fd = io_channel_from_fd(master_fd);
>>> -s->timer = qemu_new_timer_ms(rt_clock, pty_chr_timer, chr);
>>> +s->timer_tag = 0;
>>>
>>>  return chr;
>>>  }
>>> --

Re: [Qemu-devel] [RFC] qmp interface for save vmstate to image

[Stefan Hajnoczi]

On Fri, Mar 15, 2013 at 03:24:38PM +0800, Wenchao Xia wrote:
>   I'd like to add a new way to save vmstate, which will based on the
> migration thread, but will write contents to block images, instead
> of fd as stream. Following is the method to add API:

Hi Wenchao,
What use cases are there besides saving vmstate to a raw image?

I'm curious if you're proposing this since there is no "file:" URI or
because you really want to do things like saving vmstate into a qcow2
file or over NBD.

Stefan

[Qemu-devel] [Bug 1155677] [NEW] snapshot=on fails with non file-based storage

[Richard Jones]

Public bug reported:

The snapshot=on option doesn't work with an nbd block device:

/usr/bin/qemu-system-x86_64 \
[...]
-device virtio-scsi-pci,id=scsi \
-drive file=nbd:localhost:61930,snapshot=on,format=raw,id=hd0,if=none \
-device scsi-hd,drive=hd0 \
[...]

gives the error:

qemu-system-x86_64: -drive
file=nbd:localhost:61930,snapshot=on,format=raw,id=hd0,if=none: could
not open disk image nbd:localhost:61930: No such file or directory

If you remove the snapshot=on flag, it works (although that of course
means that the block device is writable which we don't want).

Previously reported here:

  http://permalink.gmane.org/gmane.comp.emulators.qemu/148390

and I can confirm this still happens in qemu 1.4.0.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1155677

Title:
  snapshot=on fails with non file-based storage

Status in QEMU:
  New

Bug description:
  The snapshot=on option doesn't work with an nbd block device:

  /usr/bin/qemu-system-x86_64 \
  [...]
  -device virtio-scsi-pci,id=scsi \
  -drive file=nbd:localhost:61930,snapshot=on,format=raw,id=hd0,if=none \
  -device scsi-hd,drive=hd0 \
  [...]

  gives the error:

  qemu-system-x86_64: -drive
  file=nbd:localhost:61930,snapshot=on,format=raw,id=hd0,if=none: could
  not open disk image nbd:localhost:61930: No such file or directory

  If you remove the snapshot=on flag, it works (although that of course
  means that the block device is writable which we don't want).

  Previously reported here:

http://permalink.gmane.org/gmane.comp.emulators.qemu/148390

  and I can confirm this still happens in qemu 1.4.0.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1155677/+subscriptions

Re: [Qemu-devel] [PATCH v3 0/5] Remove sysbus_add_memory and sysbus_del_memory

[Peter Maydell]

On 15 March 2013 16:00, Paolo Bonzini  wrote:
> Il 15/03/2013 15:34, Peter Maydell ha scritto:
>> I rather suspect sysbus_add_io and sysbus_del_io should also be
>> removed, but since their users are in PPC and x86 platforms I'll
>> let somebody else do that part :-)
>
> sysbus_add_io and sysbus_del_io are actually a good match for the I/O
> address space of x86, because the model was to have "well-known" port
> numbers standardized across all platforms.  So all the boards would have
> to know those port addresses if we used sysbus_init_mmio.

Maybe they should just call memory_region_add_subregion()
directly then? There's nothing sysbus-device-specific about
what these functions do, they just take a SysBusDevice* and
totally ignore it...

-- PMM

[Qemu-devel] [PATCH 02/28] block: Add options QDict to bdrv_open() prototype

[Stefan Hajnoczi]

From: Kevin Wolf 

It doesn't do anything yet except storing the options QDict in the
BlockDriverState.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Stefan Hajnoczi 
---
 block.c   | 47 +++
 block/blkverify.c |  2 +-
 block/qcow2.c |  2 +-
 block/vmdk.c  |  2 +-
 block/vvfat.c |  2 +-
 blockdev.c| 10 ++
 hw/xen_disk.c |  2 +-
 include/block/block.h |  4 ++--
 include/block/block_int.h |  1 +
 qemu-img.c|  6 +++---
 qemu-io.c |  2 +-
 qemu-nbd.c|  2 +-
 12 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/block.c b/block.c
index 01cee87..761ea86 100644
--- a/block.c
+++ b/block.c
@@ -788,7 +788,8 @@ int bdrv_open_backing_file(BlockDriverState *bs)
 /* backing files always opened read-only */
 back_flags = bs->open_flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT);
 
-ret = bdrv_open(bs->backing_hd, backing_filename, back_flags, back_drv);
+ret = bdrv_open(bs->backing_hd, backing_filename, NULL,
+back_flags, back_drv);
 if (ret < 0) {
 bdrv_delete(bs->backing_hd);
 bs->backing_hd = NULL;
@@ -800,15 +801,28 @@ int bdrv_open_backing_file(BlockDriverState *bs)
 
 /*
  * Opens a disk image (raw, qcow2, vmdk, ...)
+ *
+ * options is a QDict of options to pass to the block drivers, or NULL for an
+ * empty set of options. The reference to the QDict belongs to the block layer
+ * after the call (even on failure), so if the caller intends to reuse the
+ * dictionary, it needs to use QINCREF() before calling bdrv_open.
  */
-int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
-  BlockDriver *drv)
+int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options,
+  int flags, BlockDriver *drv)
 {
 int ret;
 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
 char tmp_filename[PATH_MAX + 1];
 BlockDriverState *file = NULL;
 
+/* NULL means an empty set of options */
+if (options == NULL) {
+options = qdict_new();
+}
+
+bs->options = options;
+
+/* For snapshot=on, create a temporary qcow2 overlay */
 if (flags & BDRV_O_SNAPSHOT) {
 BlockDriverState *bs1;
 int64_t total_size;
@@ -822,10 +836,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
int flags,
 
 /* if there is a backing file, use it */
 bs1 = bdrv_new("");
-ret = bdrv_open(bs1, filename, 0, drv);
+ret = bdrv_open(bs1, filename, NULL, 0, drv);
 if (ret < 0) {
 bdrv_delete(bs1);
-return ret;
+goto fail;
 }
 total_size = bdrv_getlength(bs1) & BDRV_SECTOR_MASK;
 
@@ -836,15 +850,17 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
int flags,
 
 ret = get_tmp_filename(tmp_filename, sizeof(tmp_filename));
 if (ret < 0) {
-return ret;
+goto fail;
 }
 
 /* Real path is meaningless for protocols */
-if (is_protocol)
+if (is_protocol) {
 snprintf(backing_filename, sizeof(backing_filename),
  "%s", filename);
-else if (!realpath(filename, backing_filename))
-return -errno;
+} else if (!realpath(filename, backing_filename)) {
+ret = -errno;
+goto fail;
+}
 
 bdrv_qcow2 = bdrv_find_format("qcow2");
 options = parse_option_parameters("", bdrv_qcow2->create_options, 
NULL);
@@ -859,7 +875,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
int flags,
 ret = bdrv_create(bdrv_qcow2, tmp_filename, options);
 free_option_parameters(options);
 if (ret < 0) {
-return ret;
+goto fail;
 }
 
 filename = tmp_filename;
@@ -874,7 +890,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
int flags,
 
 ret = bdrv_file_open(&file, filename, bdrv_open_flags(bs, flags));
 if (ret < 0) {
-return ret;
+goto fail;
 }
 
 /* Find the right image format driver */
@@ -924,6 +940,10 @@ unlink_and_fail:
 if (bs->is_temporary) {
 unlink(filename);
 }
+fail:
+QDECREF(bs->options);
+bs->options = NULL;
+
 return ret;
 }
 
@@ -1193,6 +1213,8 @@ void bdrv_close(BlockDriverState *bs)
 bs->valid_key = 0;
 bs->sg = 0;
 bs->growable = 0;
+QDECREF(bs->options);
+bs->options = NULL;
 
 if (bs->file != NULL) {
 bdrv_delete(bs->file);
@@ -4594,7 +4616,8 @@ void bdrv_img_create(const char *filename, const char 
*fmt,
 
 bs = bdrv_new("");
 
-ret = bdrv_open(bs, backing_file->value.s, back_flags, 
backing_drv);
+ret = bdrv_open(bs, backing_file->value.s, 

[Qemu-devel] [PATCH 06/28] blockdev: Keep a copy of DriveInfo.serial

[Stefan Hajnoczi]

From: Kevin Wolf 

Pointing to a QemuOpts element is surprising and can lead to subtle
use-after-free errors when the QemuOpts is freed after all options are
parsed.

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 blockdev.c| 5 -
 include/sysemu/blockdev.h | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index d679174..acf1c32 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -191,6 +191,7 @@ static void drive_uninit(DriveInfo *dinfo)
 bdrv_delete(dinfo->bdrv);
 g_free(dinfo->id);
 QTAILQ_REMOVE(&drives, dinfo, next);
+g_free(dinfo->serial);
 g_free(dinfo);
 }
 
@@ -566,7 +567,9 @@ DriveInfo *drive_init(QemuOpts *opts, BlockInterfaceType 
block_default_type)
 dinfo->trans = translation;
 dinfo->opts = opts;
 dinfo->refcount = 1;
-dinfo->serial = serial;
+if (serial != NULL) {
+dinfo->serial = g_strdup(serial);
+}
 QTAILQ_INSERT_TAIL(&drives, dinfo, next);
 
 bdrv_set_on_error(dinfo->bdrv, on_read_error, on_write_error);
diff --git a/include/sysemu/blockdev.h b/include/sysemu/blockdev.h
index 1fe5332..804ec88 100644
--- a/include/sysemu/blockdev.h
+++ b/include/sysemu/blockdev.h
@@ -40,7 +40,7 @@ struct DriveInfo {
 int media_cd;
 int cyls, heads, secs, trans;
 QemuOpts *opts;
-const char *serial;
+char *serial;
 QTAILQ_ENTRY(DriveInfo) next;
 int refcount;
 };
-- 
1.8.1.4

[Qemu-devel] [PATCH 18/28] main-loop: add qemu_get_aio_context()

[Stefan Hajnoczi]

It is very useful to get the main loop AioContext, which is a static
variable in main-loop.c.

I'm not sure whether qemu_get_aio_context() will be necessary in the
future once devices focus on using their own AioContext instead of the
main loop AioContext, but for now it allows us to refactor code to
support multiple AioContext while actually passing the main loop
AioContext.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Paolo Bonzini 
---
 include/qemu/main-loop.h | 5 +
 main-loop.c  | 5 +
 2 files changed, 10 insertions(+)

diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index 0995288..6f0200a 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -82,6 +82,11 @@ int qemu_init_main_loop(void);
 int main_loop_wait(int nonblocking);
 
 /**
+ * qemu_get_aio_context: Return the main loop's AioContext
+ */
+AioContext *qemu_get_aio_context(void);
+
+/**
  * qemu_notify_event: Force processing of pending events.
  *
  * Similar to signaling a condition variable, qemu_notify_event forces
diff --git a/main-loop.c b/main-loop.c
index 8c9b58c..eb80ff3 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -109,6 +109,11 @@ static int qemu_signal_init(void)
 
 static AioContext *qemu_aio_context;
 
+AioContext *qemu_get_aio_context(void)
+{
+return qemu_aio_context;
+}
+
 void qemu_notify_event(void)
 {
 if (!qemu_aio_context) {
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH v3 0/5] Remove sysbus_add_memory and sysbus_del_memory

[Paolo Bonzini]

Il 15/03/2013 15:34, Peter Maydell ha scritto:
> I rather suspect sysbus_add_io and sysbus_del_io should also be
> removed, but since their users are in PPC and x86 platforms I'll
> let somebody else do that part :-)

sysbus_add_io and sysbus_del_io are actually a good match for the I/O
address space of x86, because the model was to have "well-known" port
numbers standardized across all platforms.  So all the boards would have
to know those port addresses if we used sysbus_init_mmio.

Paolo

[Qemu-devel] [PATCH 14/28] qcow2: drop unnecessary flush in qcow2_update_snapshot_refcount()

[Stefan Hajnoczi]

We already flush when the function completes.  There is no need to flush
after every compressed cluster.

Signed-off-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 block/qcow2-refcount.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 92519ea..9bfb390 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -790,10 +790,6 @@ int qcow2_update_snapshot_refcount(BlockDriverState *bs,
 if (ret < 0) {
 goto fail;
 }
-
-/* TODO Flushing once for the whole function should
- * be enough */
-bdrv_flush(bs->file);
 }
 /* compressed clusters are never modified */
 refcount = 2;
-- 
1.8.1.4

[Qemu-devel] [RFC V7 22/32] qcow2: Add qcow2_dedup_is_running to probe if dedup is running.

[Benoît Canet]

Signed-off-by: Benoit Canet 
---
 block/qcow2-dedup.c |6 ++
 block/qcow2.h   |1 +
 2 files changed, 7 insertions(+)

diff --git a/block/qcow2-dedup.c b/block/qcow2-dedup.c
index 68a09ff..cd47e2c 100644
--- a/block/qcow2-dedup.c
+++ b/block/qcow2-dedup.c
@@ -1070,3 +1070,9 @@ void qcow2_dedup_destroy_hash(BlockDriverState *bs,
 /* remove from ram if present so we won't dedup with it anymore */
 qcow2_remove_hash_node_by_sector(bs, physical_sect);
 }
+
+bool qcow2_dedup_is_running(BlockDriverState *bs)
+{
+BDRVQcowState *s = bs->opaque;
+return s->has_dedup && s->dedup_status == DEDUP_STATUS_STARTED;
+}
diff --git a/block/qcow2.h b/block/qcow2.h
index c1c0978..b858db9 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -498,5 +498,6 @@ int qcow2_dedup_store_new_hashes(BlockDriverState *bs,
  uint64_t physical_sect);
 void qcow2_dedup_destroy_hash(BlockDriverState *bs,
   uint64_t cluster_index);
+bool qcow2_dedup_is_running(BlockDriverState *bs);
 
 #endif
-- 
1.7.10.4

[Qemu-devel] [RFC V7 15/32] qcow2: Load and save deduplication table header extension.

[Benoît Canet]

Signed-off-by: Benoit Canet 
---
 block/qcow2.c |   49 +
 1 file changed, 49 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index ca38cc3..eaddcb6 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -53,9 +53,18 @@ typedef struct {
 uint32_t len;
 } QCowExtension;
 
+typedef struct {
+uint64_t offset;
+int32_t  size;
+uint8_t  hash_algo;
+uint8_t  strategies;
+char reserved[56];
+} QCowDedupTableExtension;
+
 #define  QCOW2_EXT_MAGIC_END 0
 #define  QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA
 #define  QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857
+#define  QCOW2_EXT_MAGIC_DEDUP_TABLE 0xCD8E819B
 
 static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
 {
@@ -84,6 +93,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, 
uint64_t start_offset,
 QCowExtension ext;
 uint64_t offset;
 int ret;
+QCowDedupTableExtension dedup_table_extension;
 
 #ifdef DEBUG_EXT
 printf("qcow2_read_extensions: start=%ld end=%ld\n", start_offset, 
end_offset);
@@ -148,6 +158,25 @@ static int qcow2_read_extensions(BlockDriverState *bs, 
uint64_t start_offset,
 }
 break;
 
+case QCOW2_EXT_MAGIC_DEDUP_TABLE:
+if (ext.len > sizeof(dedup_table_extension)) {
+fprintf(stderr, "ERROR: dedup_table_extension: len=%u too 
large"
+" (>=%zu)\n",
+ext.len, sizeof(dedup_table_extension));
+return 2;
+}
+ret = bdrv_pread(bs->file, offset,
+ &dedup_table_extension, ext.len);
+if (ret < 0) {
+return ret;
+}
+s->dedup_table_offset =
+be64_to_cpu(dedup_table_extension.offset);
+s->dedup_table_size =
+be32_to_cpu(dedup_table_extension.size);
+s->dedup_hash_algo = dedup_table_extension.hash_algo;
+break;
+
 default:
 /* unknown magic - save it in case we need to rewrite the header */
 {
@@ -959,6 +988,7 @@ int qcow2_update_header(BlockDriverState *bs)
 uint32_t refcount_table_clusters;
 size_t header_length;
 Qcow2UnknownHeaderExtension *uext;
+QCowDedupTableExtension dedup_table_extension;
 
 buf = qemu_blockalign(bs, buflen);
 
@@ -1062,6 +1092,25 @@ int qcow2_update_header(BlockDriverState *bs)
 buf += ret;
 buflen -= ret;
 
+if (s->has_dedup) {
+memset(&dedup_table_extension, 0, sizeof(dedup_table_extension));
+dedup_table_extension.offset = cpu_to_be64(s->dedup_table_offset);
+dedup_table_extension.size = cpu_to_be32(s->dedup_table_size);
+dedup_table_extension.hash_algo = s->dedup_hash_algo;
+dedup_table_extension.strategies |= QCOW_DEDUP_STRATEGY_RAM;
+dedup_table_extension.strategies |= QCOW_DEDUP_STRATEGY_RUNNING;
+ret = header_ext_add(buf,
+ QCOW2_EXT_MAGIC_DEDUP_TABLE,
+ &dedup_table_extension,
+ sizeof(dedup_table_extension),
+ buflen);
+if (ret < 0) {
+goto fail;
+}
+buf += ret;
+buflen -= ret;
+}
+
 /* Keep unknown header extensions */
 QLIST_FOREACH(uext, &s->unknown_header_ext, next) {
 ret = header_ext_add(buf, uext->magic, uext->data, uext->len, buflen);
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH V27 1/7] Support for TPM command line options

[Corey Bryant]

On 03/15/2013 03:36 AM, Markus Armbruster wrote:

I missed this one, because it wasn't cc'ed to QMP maintainers, the
subject mentions only command line, not QMP, and even the body talks
only about the human monitor command, not QMP.  Noticed it only when
git-pull touched qapi-schema.json.  Please try harder to help Luiz and
me keep track of QMP changes.

I gave the QMP interface and its documentation a look-over now.  It's
just a look-over, because passthrough requires a box with TPM enabled,
which I don't have handy, so I can't test anything.

A few comments inline.

Stefan Berger  writes:


This patch adds support for TPM command line options.
The command line options supported here are

./qemu-... -tpmdev passthrough,path=,id=
-device tpm-tis,tpmdev=,id=

and

./qemu-... -tpmdev help

where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').

Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.

Monitor support for 'info tpm' has been added. It for example prints the
following:

(qemu) info tpm
TPM devices:
  tpm0: model=tpm-tis
   \ tpm0: 
type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel

Signed-off-by: Stefan Berger 
Reviewed-by: Corey Bryant 
---
  Makefile.objs |   1 +
  hmp-commands.hx   |   2 +
  hmp.c |  44 +++
  hmp.h |   1 +
  include/tpm/tpm.h |  21 
  monitor.c |   8 ++
  qapi-schema.json  | 104 +
  qemu-options.hx   |  33 ++
  qmp-commands.hx   |  18 +++
  tpm/Makefile.objs |   1 +
  tpm/tpm.c | 343 ++
  tpm/tpm_int.h |  83 +
  tpm/tpm_tis.h |  80 +
  vl.c  |  37 ++
  14 files changed, 776 insertions(+)
  create mode 100644 include/tpm/tpm.h
  create mode 100644 tpm/Makefile.objs
  create mode 100644 tpm/tpm.c
  create mode 100644 tpm/tpm_int.h
  create mode 100644 tpm/tpm_tis.h

diff --git a/Makefile.objs b/Makefile.objs
index a68cdac..047f9c1 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -73,6 +73,7 @@ common-obj-y += bt-host.o bt-vhci.o

  common-obj-y += dma-helpers.o
  common-obj-y += vl.o
+common-obj-y += tpm/

  common-obj-$(CONFIG_SLIRP) += slirp/

diff --git a/hmp-commands.hx b/hmp-commands.hx
index cef7708..9f2c093 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1642,6 +1642,8 @@ show device tree
  show qdev device model list
  @item info roms
  show roms
+@item info tpm
+show the TPM device
  @end table
  ETEXI

diff --git a/hmp.c b/hmp.c
index 2f47a8a..b0a861c 100644
--- a/hmp.c
+++ b/hmp.c
@@ -607,6 +607,50 @@ void hmp_info_block_jobs(Monitor *mon, const QDict *qdict)
  }
  }

+void hmp_info_tpm(Monitor *mon, const QDict *qdict)
+{
+TPMInfoList *info_list, *info;
+Error *err = NULL;
+unsigned int c = 0;
+TPMPassthroughOptions *tpo;
+
+info_list = qmp_query_tpm(&err);
+if (err) {
+monitor_printf(mon, "TPM device not supported\n");
+error_free(err);
+return;
+}
+
+if (info_list) {
+monitor_printf(mon, "TPM device:\n");
+}
+
+for (info = info_list; info; info = info->next) {
+TPMInfo *ti = info->value;
+monitor_printf(mon, " tpm%d: model=%s\n",
+   c, TpmModel_lookup[ti->model]);
+
+monitor_printf(mon, "  \\ %s: type=%s",
+   ti->id, TpmType_lookup[ti->type]);
+
+switch (ti->tpm_options->kind) {
+case TPM_TYPE_OPTIONS_KIND_TPM_PASSTHROUGH_OPTIONS:
+tpo = ti->tpm_options->tpm_passthrough_options;
+monitor_printf(mon, "%s%s%s%s",
+   tpo->has_path ? ",path=" : "",
+   tpo->has_path ? tpo->path : "",
+   tpo->has_cancel_path ? ",cancel-path=" : "",
+   tpo->has_cancel_path ? tpo->cancel_path : "");
+break;
+case TPM_TYPE_OPTIONS_KIND_MAX:
+break;
+}
+monitor_printf(mon, "\n");
+c++;
+}
+qapi_free_TPMInfoList(info_list);
+}
+
  void hmp_quit(Monitor *mon, const QDict *qdict)
  {
  monitor_suspend(mon);
diff --git a/hmp.h b/hmp.h
index 30b3c20..95fe76e 100644
--- a/hmp.h
+++ b/hmp.h
@@ -36,6 +36,7 @@ void hmp_info_spice(Monitor *mon, const QDict *qdict);
  void hmp_info_balloon(Monitor *mon, const QDict *qdict);
  void hmp_info_pci(Monitor *mon, const QDict *qdict);
  void hmp_info_block_jobs(Monitor *mon, const QDict *qdict);
+void hmp_info_tpm(Monitor *mon, const QDict *qdict);
  void hmp_quit(Monitor *mon, const

[Qemu-devel] [PATCH 26/28] qemu-iotests: add tests for rebasing zero clusters

[Stefan Hajnoczi]

From: Paolo Bonzini 

If zero clusters are erroneously treated as unallocated, "qemu-img rebase"
will copy the backing file's contents onto the cluster.

The bug existed also in image streaming, but since the root cause was in
qcow2's is_allocated implementation it is enough to test it with qemu-img.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Stefan Hajnoczi 
---
 tests/qemu-iotests/050 | 75 ++
 tests/qemu-iotests/050.out | 17 +++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 93 insertions(+)
 create mode 100755 tests/qemu-iotests/050
 create mode 100644 tests/qemu-iotests/050.out

diff --git a/tests/qemu-iotests/050 b/tests/qemu-iotests/050
new file mode 100755
index 000..05793e2
--- /dev/null
+++ b/tests/qemu-iotests/050
@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# Test qemu-img rebase with zero clusters
+#
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=pbonz...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f $TEST_IMG.old
+rm -f $TEST_IMG.new
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2 qed
+_supported_proto file
+_supported_os Linux
+
+if test "$IMGFMT" = qcow2 && test $IMGOPTS = ""; then
+  IMGOPTS=compat=1.1
+fi
+
+echo
+echo "== Creating images =="
+
+size=10M
+_make_test_img $size
+$QEMU_IO -c "write -P 0x40 0 1048576" $TEST_IMG | _filter_qemu_io
+mv $TEST_IMG $TEST_IMG.old
+
+_make_test_img $size
+$QEMU_IO -c "write -P 0x5a 0 1048576" $TEST_IMG | _filter_qemu_io
+mv $TEST_IMG $TEST_IMG.new
+
+_make_test_img -b $TEST_IMG.old $size
+$QEMU_IO -c "write -z 0 1048576" $TEST_IMG | _filter_qemu_io
+
+echo
+echo "== Rebasing the image =="
+
+$QEMU_IMG rebase -b $TEST_IMG.new $TEST_IMG
+$QEMU_IO -c "read -P 0x00 0 1048576" $TEST_IMG | _filter_qemu_io
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/050.out b/tests/qemu-iotests/050.out
new file mode 100644
index 000..3f5f7e1
--- /dev/null
+++ b/tests/qemu-iotests/050.out
@@ -0,0 +1,17 @@
+QA output created by 050
+
+== Creating images ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=10485760 
+wrote 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=10485760 
+wrote 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=10485760 
backing_file='TEST_DIR/t.IMGFMT.old' 
+wrote 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== Rebasing the image ==
+read 1048576/1048576 bytes at offset 0
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index fcf57e0..1d7e4f3 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -56,3 +56,4 @@
 047 rw auto
 048 img auto quick
 049 rw auto
+050 rw auto backing quick
-- 
1.8.1.4

Re: [Qemu-devel] [PULL 00/28] Block patches

[Anthony Liguori]

Stefan Hajnoczi  writes:

> The last block pull request from March 12 broke the virtio-blk serial property
> and was not applied.
>
> This pull request includes the patches from March 12, Kevin's fixed "[PATCH v2
>  0/8] block: Add driver specific options", and patches from this week that I
> have applied.

When this happens, please add a 'v2' to the pull request.  That makes it
clear that the previous pull request does not need to be processed and
that this one obsoletes it.

Will not impact processing this pull, just a future request.

Regards,

Anthony Liguori

>
> The following changes since commit 4f306496183d81aed4b43762cf3bfd6e054de767:
>
>   qga/main.c: Don't use g_key_file_get/set_int64 (2013-03-15 08:23:54 -0500)
>
> are available in the git repository at:
>
>   git://github.com/stefanha/qemu.git block
>
> for you to fetch changes up to 3618a094022e984d4e045c6db21aed961b7c6fc9:
>
>   blockdev: Fix up copyright and permission notice (2013-03-15 16:07:51 +0100)
>
> 
> Kevin Wolf (8):
>   block: Add options QDict to .bdrv_open()
>   block: Add options QDict to bdrv_open() prototype
>   Add qdict_clone_shallow()
>   block: Add options QDict to bdrv_open_common()
>   qemu-option: Add qemu_opts_absorb_qdict()
>   blockdev: Keep a copy of DriveInfo.serial
>   block: Support driver specific options in drive_init()
>   qcow2: Allow lazy refcounts to be enabled on the command line
>
> MORITA Kazutaka (2):
>   sheepdog: use non-blocking fd in coroutine context
>   sheepdog: set io_flush handler in do_co_req
>
> Markus Armbruster (1):
>   blockdev: Fix up copyright and permission notice
>
> Paolo Bonzini (3):
>   qcow2: make is_allocated return true for zero clusters
>   dataplane: fix hang introduced by AioContext transition
>   qemu-iotests: add tests for rebasing zero clusters
>
> Stefan Hajnoczi (14):
>   qcow2: flush refcount cache correctly in alloc_refcount_block()
>   qcow2: flush refcount cache correctly in qcow2_write_snapshots()
>   qcow2: set L2 cache dependency in qcow2_alloc_bytes()
>   qcow2: flush in qcow2_update_snapshot_refcount()
>   qcow2: drop flush in update_cluster_refcount()
>   qcow2: drop unnecessary flush in qcow2_update_snapshot_refcount()
>   main-loop: add qemu_get_aio_context()
>   threadpool: move globals into struct ThreadPool
>   threadpool: add thread_pool_new() and thread_pool_free()
>   aio: add a ThreadPool instance to AioContext
>   block: add bdrv_get_aio_context()
>   threadpool: drop global thread pool
>   coroutine: use AioContext for CoQueue BH
>   qemu-iotests: use -nographic in test case 007
>
>  async.c |  11 ++
>  block.c |  87 
>  block/blkverify.c   |   2 +-
>  block/bochs.c   |   2 +-
>  block/cloop.c   |   2 +-
>  block/cow.c |   2 +-
>  block/dmg.c |   2 +-
>  block/parallels.c   |   2 +-
>  block/qcow.c|   2 +-
>  block/qcow2-cluster.c   |   5 +-
>  block/qcow2-refcount.c  |  24 +++--
>  block/qcow2-snapshot.c  |  10 +-
>  block/qcow2.c   |  49 +++--
>  block/qcow2.h   |   1 +
>  block/qed.c |   4 +-
>  block/raw-posix.c   |   8 +-
>  block/raw-win32.c   |   4 +-
>  block/raw.c |   2 +-
>  block/sheepdog.c|  19 ++--
>  block/vdi.c |   2 +-
>  block/vmdk.c|   4 +-
>  block/vpc.c |   2 +-
>  block/vvfat.c   |   2 +-
>  blockdev.c  | 105 ---
>  hw/dataplane/virtio-blk.c   |  17 +++-
>  hw/xen_disk.c   |   2 +-
>  include/block/aio.h |   6 ++
>  include/block/block.h   |   4 +-
>  include/block/block_int.h   |  10 +-
>  include/block/coroutine.h   |   1 +
>  include/block/thread-pool.h |  15 ++-
>  include/qapi/qmp/qdict.h|   2 +
>  include/qemu/main-loop.h|   5 +
>  include/qemu/option.h   |   1 +
>  include/sysemu/blockdev.h   |   2 +-
>  main-loop.c |   5 +
>  qemu-coroutine-lock.c   |  55 ++
>  qemu-img.c  |   6 +-
>  qemu-io.c   |   2 +-
>  qemu-nbd.c  |   2 +-
>  qobject/qdict.c |  22 
>  tests/qemu-iotests/007  |   7 +-
>  tests/qemu-iotests/050  |  75 ++
>  tests/qemu-iotests/050.out  |  17 
>  tests/qemu-iotests/group|   1 +
>  tests/test-thread-pool.c|  44 
>  thread-pool.c   | 243 
> 
>  trace-events|   4 +-
>  util/qemu-option.c  |  34 +++
>  49 files changed, 702 insertions(+), 233 deletions(-)
>  create mode 100755 tests/qemu-iotests/050
>  create mode 100644 tests/qemu-iotests/050.out
>
> -- 
> 

Re: [Qemu-devel] [PATCH] hw/vexpress: set default block type to SD

[Peter Maydell]

On 15 March 2013 15:42, Aurelien Jarno  wrote:
> On Fri, Mar 15, 2013 at 03:35:48PM +, Peter Maydell wrote:
>> I'm not convinced this is a good thing -- I think you should have
>> to know that you're attaching an SD card and not a hard disk,
>> because the performance is much worse. In particular if you
>> don't specify 'cache=writeback' your performance will be
>> dreadful, so you need to do something different from hard
>> disks anyhow.

> Being a good thing or not, the current code is wrong: the default
> interface type is set to SCSI (I guess it has been copied from
> versatilepb.c), while the vexpress machine has no SCSI
> interface.

I agree we shouldn't be claiming to have a scsi interface, yes.

-- PMM

Re: [Qemu-devel] [PATCH 11/20] qemu-char: use a glib timeout instead of qemu-timer

[Anthony Liguori]

Laurent Desnogues  writes:

> Hello,
>
> On Tue, Mar 5, 2013 at 6:51 PM, Amit Shah  wrote:
>> From: Anthony Liguori 
>>
>> Signed-off-by: Anthony Liguori 
>> Signed-off-by: Amit Shah 
>> ---
>>  qemu-char.c | 68 
>> -
>>  1 file changed, 45 insertions(+), 23 deletions(-)
>>
>> diff --git a/qemu-char.c b/qemu-char.c
>> index eb0ac81..6dba943 100644
>> --- a/qemu-char.c
>> +++ b/qemu-char.c
>> @@ -990,12 +990,50 @@ typedef struct {
>>  int connected;
>>  int polling;
>>  int read_bytes;
>> -QEMUTimer *timer;
>> +guint timer_tag;
>>  } PtyCharDriver;
>>
>>  static void pty_chr_update_read_handler(CharDriverState *chr);
>>  static void pty_chr_state(CharDriverState *chr, int connected);
>>
>> +static gboolean pty_chr_timer(gpointer opaque)
>> +{
>> +struct CharDriverState *chr = opaque;
>> +PtyCharDriver *s = chr->opaque;
>> +
>> +if (s->connected) {
>> +goto out;
>> +}
>> +if (s->polling) {
>> +/* If we arrive here without polling being cleared due
>> + * read returning -EIO, then we are (re-)connected */
>> +pty_chr_state(chr, 1);
>> +goto out;
>> +}
>> +
>> +/* Next poll ... */
>> +pty_chr_update_read_handler(chr);
>> +
>> +out:
>> +return FALSE;
>> +}
>> +
>> +static void pty_chr_rearm_timer(CharDriverState *chr, int ms)
>> +{
>> +PtyCharDriver *s = chr->opaque;
>> +
>> +if (s->timer_tag) {
>> +g_source_remove(s->timer_tag);
>> +s->timer_tag = 0;
>> +}
>> +
>> +if (ms == 1000) {
>> +s->timer_tag = g_timeout_add_seconds(1, pty_chr_timer, chr);
>
> It looks like g_timeout_add_seconds isn't available for
> poor people using some old distros (glib 2.12.3 here).

Can you test adding:

#if !GLIB_CHECK_VERSION(2, 14, 0)
static guint g_timeout_add_seconds(guint interval, GSourceFunc function,
   gpointer data)
{
return g_timeout_add(interval * 1000, function, data);
}
#endif

We probably should introduce a glib-compat to centralize work arounds
for older versions of glib...

Regards,

Anthony Liguori

>
> Thanks,
>
> Laurent
>
>> +} else {
>> +s->timer_tag = g_timeout_add(ms, pty_chr_timer, chr);
>> +}
>> +}
>> +
>>  static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
>>  {
>>  PtyCharDriver *s = chr->opaque;
>> @@ -1065,7 +1103,7 @@ static void 
>> pty_chr_update_read_handler(CharDriverState *chr)
>>   * timeout to the normal (much longer) poll interval before the
>>   * timer triggers.
>>   */
>> -qemu_mod_timer(s->timer, qemu_get_clock_ms(rt_clock) + 10);
>> +pty_chr_rearm_timer(chr, 10);
>>  }
>>
>>  static void pty_chr_state(CharDriverState *chr, int connected)
>> @@ -1080,7 +1118,7 @@ static void pty_chr_state(CharDriverState *chr, int 
>> connected)
>>  /* (re-)connect poll interval for idle guests: once per second.
>>   * We check more frequently in case the guests sends data to
>>   * the virtual device linked to our pty. */
>> -qemu_mod_timer(s->timer, qemu_get_clock_ms(rt_clock) + 1000);
>> +pty_chr_rearm_timer(chr, 1000);
>>  } else {
>>  if (!s->connected)
>>  qemu_chr_generic_open(chr);
>> @@ -1088,23 +1126,6 @@ static void pty_chr_state(CharDriverState *chr, int 
>> connected)
>>  }
>>  }
>>
>> -static void pty_chr_timer(void *opaque)
>> -{
>> -struct CharDriverState *chr = opaque;
>> -PtyCharDriver *s = chr->opaque;
>> -
>> -if (s->connected)
>> -return;
>> -if (s->polling) {
>> -/* If we arrive here without polling being cleared due
>> - * read returning -EIO, then we are (re-)connected */
>> -pty_chr_state(chr, 1);
>> -return;
>> -}
>> -
>> -/* Next poll ... */
>> -pty_chr_update_read_handler(chr);
>> -}
>>
>>  static void pty_chr_close(struct CharDriverState *chr)
>>  {
>> @@ -1117,8 +1138,9 @@ static void pty_chr_close(struct CharDriverState *chr)
>>  fd = g_io_channel_unix_get_fd(s->fd);
>>  g_io_channel_unref(s->fd);
>>  close(fd);
>> -qemu_del_timer(s->timer);
>> -qemu_free_timer(s->timer);
>> +if (s->timer_tag) {
>> +g_source_remove(s->timer_tag);
>> +}
>>  g_free(s);
>>  qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
>>  }
>> @@ -1170,7 +1192,7 @@ static CharDriverState *qemu_chr_open_pty(QemuOpts 
>> *opts)
>>  chr->chr_add_watch = pty_chr_add_watch;
>>
>>  s->fd = io_channel_from_fd(master_fd);
>> -s->timer = qemu_new_timer_ms(rt_clock, pty_chr_timer, chr);
>> +s->timer_tag = 0;
>>
>>  return chr;
>>  }
>> --
>> 1.8.1.2
>>
>>

Re: [Qemu-devel] [PATCH] hw/vexpress: set default block type to SD

[Aurelien Jarno]

On Fri, Mar 15, 2013 at 03:35:48PM +, Peter Maydell wrote:
> On 5 March 2013 00:44, Aurelien Jarno  wrote:
> > On Tue, Mar 05, 2013 at 08:22:57AM +0800, Peter Maydell wrote:
> >> What effect does this actually have on the user experience?
> >
> > The effect is that the user don't has to specify the interface type.
> > Basically:
> >
> >   -drive file=/path/to/file,if=sd
> > can be replaced by
> >   -drive file=/path/to/file
> >
> > It means the user doesn't have to know the details of the machine to
> > know how to attach a disk. Note that the user here can also be a script,
> > which then becomes a bit simpler.
> 
> I'm not convinced this is a good thing -- I think you should have
> to know that you're attaching an SD card and not a hard disk,
> because the performance is much worse. In particular if you
> don't specify 'cache=writeback' your performance will be
> dreadful, so you need to do something different from hard
> disks anyhow.
> 

Being a good thing or not, the current code is wrong: the default
interface type is set to SCSI (I guess it has been copied from
versatilepb.c), while the vexpress machine has no SCSI 
interface.

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH] hw/vexpress: set default block type to SD

[Peter Maydell]

On 5 March 2013 00:44, Aurelien Jarno  wrote:
> On Tue, Mar 05, 2013 at 08:22:57AM +0800, Peter Maydell wrote:
>> What effect does this actually have on the user experience?
>
> The effect is that the user don't has to specify the interface type.
> Basically:
>
>   -drive file=/path/to/file,if=sd
> can be replaced by
>   -drive file=/path/to/file
>
> It means the user doesn't have to know the details of the machine to
> know how to attach a disk. Note that the user here can also be a script,
> which then becomes a bit simpler.

I'm not convinced this is a good thing -- I think you should have
to know that you're attaching an SD card and not a hard disk,
because the performance is much worse. In particular if you
don't specify 'cache=writeback' your performance will be
dreadful, so you need to do something different from hard
disks anyhow.

-- PMM

[Qemu-devel] [PATCH 15/28] qcow2: make is_allocated return true for zero clusters

[Stefan Hajnoczi]

From: Paolo Bonzini 

Otherwise, live migration of the top layer will miss zero clusters and
let the backing file show through.  This also matches what is done in qed.

QCOW2_CLUSTER_ZERO clusters are invalid in v2 image files.  Check this
directly in qcow2_get_cluster_offset instead of replicating the test
everywhere.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini 
Signed-off-by: Stefan Hajnoczi 
---
 block/qcow2-cluster.c | 3 +++
 block/qcow2.c | 6 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index ff9ae18..d72d063 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -454,6 +454,9 @@ int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t 
offset,
 *cluster_offset &= L2E_COMPRESSED_OFFSET_SIZE_MASK;
 break;
 case QCOW2_CLUSTER_ZERO:
+if (s->qcow_version < 3) {
+return -EIO;
+}
 c = count_contiguous_clusters(nb_clusters, s->cluster_size,
 &l2_table[l2_index], 0,
 QCOW_OFLAG_COMPRESSED | QCOW_OFLAG_ZERO);
diff --git a/block/qcow2.c b/block/qcow2.c
index ad43a13..1f99866 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -621,7 +621,7 @@ static int coroutine_fn 
qcow2_co_is_allocated(BlockDriverState *bs,
 *pnum = 0;
 }
 
-return (cluster_offset != 0);
+return (cluster_offset != 0) || (ret == QCOW2_CLUSTER_ZERO);
 }
 
 /* handle reading after the end of the backing file */
@@ -702,10 +702,6 @@ static coroutine_fn int qcow2_co_readv(BlockDriverState 
*bs, int64_t sector_num,
 break;
 
 case QCOW2_CLUSTER_ZERO:
-if (s->qcow_version < 3) {
-ret = -EIO;
-goto fail;
-}
 qemu_iovec_memset(&hd_qiov, 0, 0, 512 * cur_nr_sectors);
 break;
 
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH v2 5/5] xilinx_spips: seperate SPI and QSPI as two classes

[Peter Maydell]

On 4 March 2013 05:04, Peter Crosthwaite  wrote:
> Make SPI and QSPI different classes. QSPIPS is setup as a child of SPIPS.
> Only QSPI has the LQSPI functionality, so move all that to the child class.
>
> Signed-off-by: Peter Crosthwaite 
> +typedef struct {
> +XilinxSPIPS parent;

The QOM conventions doc says this field should be named 'parent_obj'.
Otherwise looks OK I think.

Patches 1-4 look good so I've just stuck them into arm-devs.next
(which I think I'll do a pullreq for later today) to save you
having to retransmit them.

thanks
-- PMM

[Qemu-devel] [PATCH 27/28] qemu-iotests: use -nographic in test case 007

[Stefan Hajnoczi]

A comment explains that -nographic hangs test case 007.  This is no
longer the case so add -nographic.  This makes the test suite faster and
more pleasant to run since no windows pop up.

I am not sure exactly when -nographic starting working for this case but
there is no fundamental reason why graphics are needed here.  Make sure
the serial port is not on stdio, it would conflict with the monitor.

Also remove unnecessary trailing whitespace on these lines.

Signed-off-by: Stefan Hajnoczi 
Tested-by: Kevin Wolf 
---
 tests/qemu-iotests/007 | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/007 b/tests/qemu-iotests/007
index 0139264..c454f2c 100755
--- a/tests/qemu-iotests/007
+++ b/tests/qemu-iotests/007
@@ -50,10 +50,9 @@ _make_test_img 1M
 
 for i in `seq 1 10`; do
 echo "savevm $i"
-# XXX(hch): adding -nographic would be good, but hangs the test
-$QEMU -hda $TEST_IMG -monitor stdio >/dev/null 2>&1 &1 <

[Qemu-devel] [PATCH 28/28] blockdev: Fix up copyright and permission notice

[Stefan Hajnoczi]

From: Markus Armbruster 

Screwed up in commit 666daa68.  Thanks to Kevin Wolf for reminding me
to fix this.

Signed-off-by: Markus Armbruster 
Signed-off-by: Stefan Hajnoczi 
---
 blockdev.c | 23 +++
 1 file changed, 23 insertions(+)

diff --git a/blockdev.c b/blockdev.c
index 7ae6198..09f76b7 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -5,6 +5,29 @@
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or
  * later.  See the COPYING file in the top-level directory.
+ *
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
  */
 
 #include "sysemu/blockdev.h"
-- 
1.8.1.4

[Qemu-devel] [PATCH 05/28] qemu-option: Add qemu_opts_absorb_qdict()

[Stefan Hajnoczi]

From: Kevin Wolf 

This adds a function that adds all entries of a QDict to a QemuOpts if
the keys are known, and leaves only the rest in the QDict.

This way a single QDict of -drive options can be processed in multiple
places (generic block layer, block driver, backing file block driver,
etc.), where each part picks the options it knows. If at the end of the
process the QDict isn't empty, the user specified an invalid option.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Stefan Hajnoczi 
---
 include/qemu/option.h |  1 +
 util/qemu-option.c| 34 ++
 2 files changed, 35 insertions(+)

diff --git a/include/qemu/option.h b/include/qemu/option.h
index ba197cd..bdb6d21 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -149,6 +149,7 @@ void qemu_opts_set_defaults(QemuOptsList *list, const char 
*params,
 QemuOpts *qemu_opts_from_qdict(QemuOptsList *list, const QDict *qdict,
Error **errp);
 QDict *qemu_opts_to_qdict(QemuOpts *opts, QDict *qdict);
+void qemu_opts_absorb_qdict(QemuOpts *opts, QDict *qdict, Error **errp);
 
 typedef int (*qemu_opts_loopfunc)(QemuOpts *opts, void *opaque);
 int qemu_opts_print(QemuOpts *opts, void *dummy);
diff --git a/util/qemu-option.c b/util/qemu-option.c
index 5a1d03c..8b74bf1 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -1067,6 +1067,40 @@ QemuOpts *qemu_opts_from_qdict(QemuOptsList *list, const 
QDict *qdict,
 }
 
 /*
+ * Adds all QDict entries to the QemuOpts that can be added and removes them
+ * from the QDict. When this function returns, the QDict contains only those
+ * entries that couldn't be added to the QemuOpts.
+ */
+void qemu_opts_absorb_qdict(QemuOpts *opts, QDict *qdict, Error **errp)
+{
+const QDictEntry *entry, *next;
+
+entry = qdict_first(qdict);
+
+while (entry != NULL) {
+Error *local_err = NULL;
+OptsFromQDictState state = {
+.errp = &local_err,
+.opts = opts,
+};
+
+next = qdict_next(qdict, entry);
+
+if (find_desc_by_name(opts->list->desc, entry->key)) {
+qemu_opts_from_qdict_1(entry->key, entry->value, &state);
+if (error_is_set(&local_err)) {
+error_propagate(errp, local_err);
+return;
+} else {
+qdict_del(qdict, entry->key);
+}
+}
+
+entry = next;
+}
+}
+
+/*
  * Convert from QemuOpts to QDict.
  * The QDict values are of type QString.
  * TODO We'll want to use types appropriate for opt->desc->type, but
-- 
1.8.1.4

[Qemu-devel] [PATCH 21/28] aio: add a ThreadPool instance to AioContext

[Stefan Hajnoczi]

This patch adds a ThreadPool to AioContext.  It's possible that some
AioContext instances will never use the ThreadPool, so defer creation
until aio_get_thread_pool().

The reason why AioContext should have the ThreadPool is because the
ThreadPool is bound to a AioContext instance where the work item's
callback function is invoked.  It doesn't make sense to keep the
ThreadPool pointer anywhere other than AioContext.  For example,
block/raw-posix.c can get its AioContext's ThreadPool and submit work.

Special note about headers: I used struct ThreadPool in aio.h because
there is a circular dependency if aio.h includes thread-pool.h.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Paolo Bonzini 
---
 async.c | 11 +++
 include/block/aio.h |  6 ++
 2 files changed, 17 insertions(+)

diff --git a/async.c b/async.c
index f2d47ba..90fe906 100644
--- a/async.c
+++ b/async.c
@@ -24,6 +24,7 @@
 
 #include "qemu-common.h"
 #include "block/aio.h"
+#include "block/thread-pool.h"
 #include "qemu/main-loop.h"
 
 /***/
@@ -172,6 +173,7 @@ aio_ctx_finalize(GSource *source)
 {
 AioContext *ctx = (AioContext *) source;
 
+thread_pool_free(ctx->thread_pool);
 aio_set_event_notifier(ctx, &ctx->notifier, NULL, NULL);
 event_notifier_cleanup(&ctx->notifier);
 g_array_free(ctx->pollfds, TRUE);
@@ -190,6 +192,14 @@ GSource *aio_get_g_source(AioContext *ctx)
 return &ctx->source;
 }
 
+ThreadPool *aio_get_thread_pool(AioContext *ctx)
+{
+if (!ctx->thread_pool) {
+ctx->thread_pool = thread_pool_new(ctx);
+}
+return ctx->thread_pool;
+}
+
 void aio_notify(AioContext *ctx)
 {
 event_notifier_set(&ctx->notifier);
@@ -200,6 +210,7 @@ AioContext *aio_context_new(void)
 AioContext *ctx;
 ctx = (AioContext *) g_source_new(&aio_source_funcs, sizeof(AioContext));
 ctx->pollfds = g_array_new(FALSE, FALSE, sizeof(GPollFD));
+ctx->thread_pool = NULL;
 event_notifier_init(&ctx->notifier, false);
 aio_set_event_notifier(ctx, &ctx->notifier, 
(EventNotifierHandler *)
diff --git a/include/block/aio.h b/include/block/aio.h
index 5b54d38..1836793 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -66,6 +66,9 @@ typedef struct AioContext {
 
 /* GPollFDs for aio_poll() */
 GArray *pollfds;
+
+/* Thread pool for performing work and receiving completion callbacks */
+struct ThreadPool *thread_pool;
 } AioContext;
 
 /* Returns 1 if there are still outstanding AIO requests; 0 otherwise */
@@ -223,6 +226,9 @@ void aio_set_event_notifier(AioContext *ctx,
  */
 GSource *aio_get_g_source(AioContext *ctx);
 
+/* Return the ThreadPool bound to this AioContext */
+struct ThreadPool *aio_get_thread_pool(AioContext *ctx);
+
 /* Functions to operate on the main QEMU AioContext.  */
 
 bool qemu_aio_wait(void);
-- 
1.8.1.4

[Qemu-devel] [PATCH 22/28] block: add bdrv_get_aio_context()

[Stefan Hajnoczi]

For now bdrv_get_aio_context() is just a stub that calls
qemu_aio_get_context() since the block layer is currently tied to the
main loop AioContext.

Add the stub now so that the block layer can begin accessing its
AioContext.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Paolo Bonzini 
---
 block.c   | 6 ++
 include/block/block_int.h | 7 +++
 2 files changed, 13 insertions(+)

diff --git a/block.c b/block.c
index 0ab164d..037e15e 100644
--- a/block.c
+++ b/block.c
@@ -4681,3 +4681,9 @@ out:
 bdrv_delete(bs);
 }
 }
+
+AioContext *bdrv_get_aio_context(BlockDriverState *bs)
+{
+/* Currently BlockDriverState always uses the main loop AioContext */
+return qemu_get_aio_context();
+}
diff --git a/include/block/block_int.h b/include/block/block_int.h
index baf80e3..ce0aa26 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -294,6 +294,13 @@ int get_tmp_filename(char *filename, int size);
 void bdrv_set_io_limits(BlockDriverState *bs,
 BlockIOLimit *io_limits);
 
+/**
+ * bdrv_get_aio_context:
+ *
+ * Returns: the currently bound #AioContext
+ */
+AioContext *bdrv_get_aio_context(BlockDriverState *bs);
+
 #ifdef _WIN32
 int is_windows_drive(const char *filename);
 #endif
-- 
1.8.1.4