Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Gerd Hoffmann]

  Hi,

> And please remember to update the changelog.  It's already a pretty
> featureful release, but I have no idea about what's happening in VNC
> land (LED extension and WebSockets?)

Yea, those two, I'm not aware of anything else.

> and what are the visible effects of
> Gerd's console refactorings.

Not much, for the most part it's internal cleanups, 1.6 will most likely
bring some user-visible changes building on top of the cleanups.

Most visible effect is probably that all the hops screendumping used to
go through are gone.  So taking a screendump doesn't switch consoles any
more (you'll see that when typing the screendump command into a vc
terminal with sdl).  Also screendumpimg doesn't need special support
from the gfx card emulation any more (which wasn't implemented by all
gfx emulation).  So screendumping works with all display hardware now.
Also the screendump commands now properly throws an error in case there
is no gfx hardware installed instead of silently doing nothing.

Oh, and the threaded vnc server should finally be rock solid.  display
resize used to race with the vnc threads, leading to qemu crashing on
mode switches now and then.  The refactoring fixed that one too.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH] virtio-net: properly check the vhost status during status set

[Jason Wang]

On 04/28/2013 04:25 PM, Michael S. Tsirkin wrote:
> On Sun, Apr 28, 2013 at 03:51:32PM +0800, Jason Wang wrote:
>> On 04/28/2013 03:32 AM, Michael S. Tsirkin wrote:
>>> On Sat, Apr 27, 2013 at 01:11:16PM +0800, Jason Wang wrote:
 On 04/26/2013 08:26 PM, Michael S. Tsirkin wrote:
> On Fri, Apr 26, 2013 at 06:27:40PM +0800, Jason Wang wrote:
>> Commit 32993698 (vhost: disable on tap link down) tries to disable the 
>> vhost
>> also when the peer's link is down. But the check was not done properly, 
>> the
>> vhost were only started when:
>>
>> 1) peer's link is not down
>> 2) virtio-net has already been started.
>>
>> Since == have a higher precedence than &&, place a brace to make sure 
>> both the
>> conditions were met then does the check. This fixes the crash when doing 
>> a savem
>> after set the link off which let qemu crash and complains:
>>
>> virtio_net_save: Assertion `!n->vhost_started' failed.
>>
>> Cc: Michael S. Tsirkin 
>> Signed-off-by: Jason Wang 
> Hmm okay, but now that I think about this,
> e.g. if link is up later, vhost will not be started.
 If vm has been stopeed, and the link is up later, vhost won't be
 started. this is expected.
 If vm has been started, and the link is up later, since n->vhost_started
 is false but both virtio_net_started() and !nc->peer->link_down is true,
 so the vhost will be started.

 Looks ok?
>>> Let me clarify: virtio link is up but peer link is down.
>>> So guest will send packets. Will they never be
>>> completed?
>> qemu_deliver_packet_iov() will assume the packet were sent when peer
>> link is down. So we are still ok?
> Right so I think userspace will start dropping packets.
> I think this is unnecessarily fragile, I think it's best
> to make sure vhost=on means userspace does not
> process tx/rx rings.

It may make sense, but let's do it in the future. So ack or apply this
patch to fix the bug first?

Thanks
>>>
> So the correct thing is maybe to start vhost but use
> some backend that will drop all packets.
> And add a callback so we know peer state changed.
> Hmm do we need a kernel change for this?
>
>> ---
>>  hw/net/virtio-net.c |4 ++--
>>  1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
>> index 4d2cdd2..6222039 100644
>> --- a/hw/net/virtio-net.c
>> +++ b/hw/net/virtio-net.c
>> @@ -114,8 +114,8 @@ static void virtio_net_vhost_status(VirtIONet *n, 
>> uint8_t status)
>>  return;
>>  }
>>  
>> -if (!!n->vhost_started == virtio_net_started(n, status) &&
>> -  !nc->peer->link_down) {
>> +if (!!n->vhost_started ==
>> +(virtio_net_started(n, status) && !nc->peer->link_down)) {
>>  return;
>>  }
>>  if (!n->vhost_started) {
>> -- 
>> 1.7.1

[Qemu-devel] [PATCH V2] virtio: properly validate address before accessing config

[Jason Wang]

There are several several issues in the current checking:

- The check was based on the minus of unsigned values which can overflow
- It was done after .{set|get}_config() which can lead crash when config_len
  is zero since vdev->config is NULL

Fix this by:

- Validate the address in virtio_pci_config_{read|write}() before
  .{set|get}_config
- Use addition instead minus to do the validation

Cc: Michael S. Tsirkin 
Cc: Petr Matousek 
Signed-off-by: Jason Wang 

---
Changes from V1:
- Doing check in virtio.c instead of virtio-pci.c
- Drop the patch of virtio-ccw and s390-virtio-bus
---
 hw/virtio/virtio.c |   30 ++
 1 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 53a0d90..8176c14 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -568,10 +568,11 @@ uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t 
addr)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint8_t val;
 
-k->get_config(vdev, vdev->config);
-
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return (uint32_t)-1;
+}
+
+k->get_config(vdev, vdev->config);
 
 val = ldub_p(vdev->config + addr);
 return val;
@@ -582,10 +583,11 @@ uint32_t virtio_config_readw(VirtIODevice *vdev, uint32_t 
addr)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint16_t val;
 
-k->get_config(vdev, vdev->config);
-
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return (uint32_t)-1;
+}
+
+k->get_config(vdev, vdev->config);
 
 val = lduw_p(vdev->config + addr);
 return val;
@@ -596,10 +598,11 @@ uint32_t virtio_config_readl(VirtIODevice *vdev, uint32_t 
addr)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint32_t val;
 
-k->get_config(vdev, vdev->config);
-
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return (uint32_t)-1;
+}
+
+k->get_config(vdev, vdev->config);
 
 val = ldl_p(vdev->config + addr);
 return val;
@@ -610,8 +613,9 @@ void virtio_config_writeb(VirtIODevice *vdev, uint32_t 
addr, uint32_t data)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint8_t val = data;
 
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return;
+}
 
 stb_p(vdev->config + addr, val);
 
@@ -625,8 +629,9 @@ void virtio_config_writew(VirtIODevice *vdev, uint32_t 
addr, uint32_t data)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint16_t val = data;
 
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return;
+}
 
 stw_p(vdev->config + addr, val);
 
@@ -640,8 +645,9 @@ void virtio_config_writel(VirtIODevice *vdev, uint32_t 
addr, uint32_t data)
 VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
 uint32_t val = data;
 
-if (addr > (vdev->config_len - sizeof(val)))
+if (addr + sizeof(val) > vdev->config_len) {
 return;
+}
 
 stl_p(vdev->config + addr, val);
 
-- 
1.7.1

[Qemu-devel] [PATCH v1 13/14] slirp: handle race condition

[Liu Ping Fan]

From: Liu Ping Fan 

Slirp and its peer can run on different context at the same time.
Using lock to protect. Lock rule: no extra lock can be hold after
slirp->lock. This will protect us from deadlock when calling to peer.

As to coding style, they accord to the nearby code's style.

Signed-off-by: Liu Ping Fan 
---
 slirp/if.c|   57 
 slirp/main.h  |3 +-
 slirp/mbuf.h  |2 +
 slirp/slirp.c |   81 ++---
 slirp/slirp.h |6 +++-
 5 files changed, 115 insertions(+), 34 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index dcd5faf..b6a30a8 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -132,12 +132,21 @@ diddit:
}
}
 
-#ifndef FULL_BOLT
-   /*
-* This prevents us from malloc()ing too many mbufs
-*/
-   if_start(ifm->slirp);
-#endif
+}
+
+static void mbuf_free(gpointer data, gpointer user_data)
+{
+struct mbuf *ifm = data;
+m_free(ifm);
+}
+
+static void if_send_free(gpointer data, gpointer user_data)
+{
+struct mbuf *ifm = data;
+Slirp *slirp = user_data;
+
+if_encap(slirp, ifm);
+m_free(ifm);
 }
 
 /*
@@ -156,7 +165,10 @@ void if_start(Slirp *slirp)
 {
 uint64_t now = qemu_get_clock_ns(rt_clock);
 bool from_batchq, next_from_batchq;
-struct mbuf *ifm, *ifm_next, *ifqt;
+struct mbuf *ifm, *ifm_next, *ifqt, *mclone;
+GList *drop_list, *send_list;
+drop_list = send_list = NULL;
+int ret;
 
 DEBUG_CALL("if_start");
 
@@ -192,9 +204,27 @@ void if_start(Slirp *slirp)
 }
 
 /* Try to send packet unless it already expired */
-if (ifm->expiration_date >= now && !if_encap(slirp, ifm)) {
-/* Packet is delayed due to pending ARP resolution */
-continue;
+if (ifm->expiration_date < now) {
+drop_list = g_list_append(drop_list, ifm);
+} else {
+ret = if_query(slirp, ifm);
+switch (ret) {
+case 2:
+send_list = g_list_append(send_list, ifm);
+break;
+case 1:
+mclone = m_get(slirp);
+m_copy(mclone, ifm, 0, ifm->m_len);
+mclone->arp_requested = true;
+send_list = g_list_append(send_list, mclone);
+/* Packet is delayed due to pending ARP resolution */
+continue;
+case 0:
+continue;
+case -1:
+drop_list = g_list_append(drop_list, ifm);
+break;
+}
 }
 
 if (ifm == slirp->next_m) {
@@ -230,8 +260,13 @@ void if_start(Slirp *slirp)
 ifm->ifq_so->so_nqueued = 0;
 }
 
-m_free(ifm);
 }
 
 slirp->if_start_busy = false;
+qemu_mutex_unlock(&slirp->lock);
+
+g_list_foreach(drop_list, mbuf_free, NULL);
+g_list_free(drop_list);
+g_list_foreach(send_list, if_send_free, slirp);
+g_list_free(send_list);
 }
diff --git a/slirp/main.h b/slirp/main.h
index f2e58cf..c0b7881 100644
--- a/slirp/main.h
+++ b/slirp/main.h
@@ -44,7 +44,8 @@ extern int tcp_keepintvl;
 #define PROTO_PPP 0x2
 #endif
 
-int if_encap(Slirp *slirp, struct mbuf *ifm);
+int if_query(Slirp *slirp, struct mbuf *ifm);
+void if_encap(Slirp *slirp, struct mbuf *ifm);
 ssize_t slirp_send(struct socket *so, const void *buf, size_t len, int flags);
 
 #endif
diff --git a/slirp/mbuf.h b/slirp/mbuf.h
index 3f3ab09..a61ab94 100644
--- a/slirp/mbuf.h
+++ b/slirp/mbuf.h
@@ -34,6 +34,7 @@
 #define _MBUF_H_
 
 #define MINCSIZE 4096  /* Amount to increase mbuf if too small */
+#define ETH_ALEN 6
 
 /*
  * Macros for type conversion
@@ -82,6 +83,7 @@ struct m_hdr {
 struct mbuf {
struct  m_hdr m_hdr;
Slirp *slirp;
+   uint8_t ethaddr[ETH_ALEN];
boolarp_requested;
uint64_t expiration_date;
/* start of dynamic buffer area, must be last element */
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 691f82f..8f5cbe0 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -206,6 +206,7 @@ Slirp *slirp_init(int restricted, struct in_addr vnetwork,
 
 slirp_init_once();
 
+qemu_mutex_init(&slirp->lock);
 slirp->restricted = restricted;
 
 if_init(slirp);
@@ -248,6 +249,7 @@ void slirp_cleanup(Slirp *slirp)
 
 ip_cleanup(slirp);
 m_cleanup(slirp);
+qemu_mutex_destroy(&slirp->lock);
 
 g_free(slirp->vdnssearch);
 g_free(slirp->tftp_prefix);
@@ -410,6 +412,7 @@ gboolean slirp_handler(gpointer data)
 struct socket *so, *so_next;
 int ret;
 
+qemu_mutex_lock(&slirp->lock);
 /*
  * See if anything has timed out
  */
@@ -593,6 +596,7 @@ gboolean slirp_handler(gpointer data)
 }
 }
 
+/* drop the slirp->lock inside it */
 if_start(slirp);
 return true;
 }
@@ -612,6 +616,7 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int 
pkt_len)
 if (ah->ar_tip == ah->ar_sip) {
 

[Qemu-devel] [PATCH v1 14/14] slirp: use lock to protect the slirp_instances

[Liu Ping Fan]

From: Liu Ping Fan 

slirps will run on dedicated thread, and dynamically join or disjoin
this list, so need lock to protect the global list.

Signed-off-by: Liu Ping Fan 
---
 include/qemu/module.h |2 ++
 slirp/slirp.c |   20 
 2 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/include/qemu/module.h b/include/qemu/module.h
index c4ccd57..2720943 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -22,6 +22,7 @@ static void __attribute__((constructor)) do_qemu_init_ ## 
function(void) {  \
 
 typedef enum {
 MODULE_INIT_BLOCK,
+MODULE_INIT_SLIRP,
 MODULE_INIT_MACHINE,
 MODULE_INIT_QAPI,
 MODULE_INIT_QOM,
@@ -29,6 +30,7 @@ typedef enum {
 } module_init_type;
 
 #define block_init(function) module_init(function, MODULE_INIT_BLOCK)
+#define slirplayer_init(function) module_init(function, MODULE_INIT_SLIRP)
 #define machine_init(function) module_init(function, MODULE_INIT_MACHINE)
 #define qapi_init(function) module_init(function, MODULE_INIT_QAPI)
 #define type_init(function) module_init(function, MODULE_INIT_QOM)
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 8f5cbe0..3008c7b 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -42,6 +42,7 @@ static const uint8_t zero_ethaddr[ETH_ALEN] = { 0, 0, 0, 0, 
0, 0 };
 
 u_int curtime;
 
+static QemuMutex slirp_instances_lock;
 static QTAILQ_HEAD(slirp_instances, Slirp) slirp_instances =
 QTAILQ_HEAD_INITIALIZER(slirp_instances);
 
@@ -236,14 +237,18 @@ Slirp *slirp_init(int restricted, struct in_addr vnetwork,
 register_savevm(NULL, "slirp", 0, 3,
 slirp_state_save, slirp_state_load, slirp);
 
+qemu_mutex_lock(&slirp_instances_lock);
 QTAILQ_INSERT_TAIL(&slirp_instances, slirp, entry);
+qemu_mutex_unlock(&slirp_instances_lock);
 
 return slirp;
 }
 
 void slirp_cleanup(Slirp *slirp)
 {
+qemu_mutex_lock(&slirp_instances_lock);
 QTAILQ_REMOVE(&slirp_instances, slirp, entry);
+qemu_mutex_unlock(&slirp_instances_lock);
 
 unregister_savevm(NULL, "slirp", slirp);
 
@@ -262,9 +267,12 @@ void slirp_cleanup(Slirp *slirp)
 
 void slirp_update_timeout(uint32_t *timeout)
 {
+qemu_mutex_lock(&slirp_instances_lock);
 if (!QTAILQ_EMPTY(&slirp_instances)) {
 *timeout = MIN(1000, *timeout);
 }
+qemu_mutex_unlock(&slirp_instances_lock);
+
 curtime = qemu_get_clock_ms(rt_clock);
 }
 
@@ -1167,3 +1175,15 @@ static int slirp_state_load(QEMUFile *f, void *opaque, 
int version_id)
 
 return 0;
 }
+
+static void slirplayer_cleanup(void)
+{
+qemu_mutex_destroy(&slirp_instances_lock);
+}
+
+static void slirplayer_bootup(void)
+{
+qemu_mutex_init(&slirp_instances_lock);
+atexit(&slirplayer_cleanup);
+}
+slirplayer_init(slirplayer_bootup)
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 11/14] slirp: make timeout local

[Liu Ping Fan]

From: Liu Ping Fan 

Each slirp has its own time to caculate timeout.

Signed-off-by: Liu Ping Fan 
---
 slirp/slirp.c |   22 ++
 slirp/slirp.h |3 +++
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/slirp/slirp.c b/slirp/slirp.c
index bd9b7cb..08c6b26 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -40,8 +40,6 @@ static const uint8_t special_ethaddr[ETH_ALEN] = {
 static const uint8_t zero_ethaddr[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
 
 u_int curtime;
-static u_int time_fasttimo, last_slowtimo;
-static int do_slowtimo;
 
 static QTAILQ_HEAD(slirp_instances, Slirp) slirp_instances =
 QTAILQ_HEAD_INITIALIZER(slirp_instances);
@@ -278,14 +276,13 @@ void slirp_pollfds_fill(GArray *pollfds)
 /*
  * First, TCP sockets
  */
-do_slowtimo = 0;
 
 QTAILQ_FOREACH(slirp, &slirp_instances, entry) {
 /*
  * *_slowtimo needs calling if there are IP fragments
  * in the fragment queue, or there are TCP connections active
  */
-do_slowtimo |= ((slirp->tcb.so_next != &slirp->tcb) ||
+slirp->do_slowtimo = ((slirp->tcb.so_next != &slirp->tcb) ||
 (&slirp->ipq.ip_link != slirp->ipq.ip_link.next));
 
 for (so = slirp->tcb.so_next; so != &slirp->tcb;
@@ -299,8 +296,9 @@ void slirp_pollfds_fill(GArray *pollfds)
 /*
  * See if we need a tcp_fasttimo
  */
-if (time_fasttimo == 0 && so->so_tcpcb->t_flags & TF_DELACK) {
-time_fasttimo = curtime; /* Flag when we want a fasttimo */
+if (slirp->time_fasttimo == 0 &&
+so->so_tcpcb->t_flags & TF_DELACK) {
+slirp->time_fasttimo = curtime; /* Flag when want a fasttimo */
 }
 
 /*
@@ -381,7 +379,7 @@ void slirp_pollfds_fill(GArray *pollfds)
 udp_detach(so);
 continue;
 } else {
-do_slowtimo = 1; /* Let socket expire */
+slirp->do_slowtimo = 1; /* Let socket expire */
 }
 }
 
@@ -422,7 +420,7 @@ void slirp_pollfds_fill(GArray *pollfds)
 icmp_detach(so);
 continue;
 } else {
-do_slowtimo = 1; /* Let socket expire */
+slirp->do_slowtimo = 1; /* Let socket expire */
 }
 }
 
@@ -454,14 +452,14 @@ void slirp_pollfds_poll(GArray *pollfds, int select_error)
 /*
  * See if anything has timed out
  */
-if (time_fasttimo && ((curtime - time_fasttimo) >= 2)) {
+if (slirp->time_fasttimo && ((curtime - slirp->time_fasttimo) >= 2)) {
 tcp_fasttimo(slirp);
-time_fasttimo = 0;
+slirp->time_fasttimo = 0;
 }
-if (do_slowtimo && ((curtime - last_slowtimo) >= 499)) {
+if (slirp->do_slowtimo && ((curtime - slirp->last_slowtimo) >= 499)) {
 ip_slowtimo(slirp);
 tcp_slowtimo(slirp);
-last_slowtimo = curtime;
+slirp->last_slowtimo = curtime;
 }
 
 /*
diff --git a/slirp/slirp.h b/slirp/slirp.h
index fe0e65d..008360e 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -203,6 +203,9 @@ bool arp_table_search(Slirp *slirp, uint32_t ip_addr,
 
 struct Slirp {
 QTAILQ_ENTRY(Slirp) entry;
+u_int time_fasttimo;
+u_int last_slowtimo;
+int do_slowtimo;
 
 /* virtual network configuration */
 struct in_addr vnetwork_addr;
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 10/14] net: make netclient re-entrant with refcnt

[Liu Ping Fan]

From: Liu Ping Fan 

With refcnt, NetClientState's user can run agaist deleter.

Signed-off-by: Liu Ping Fan 
---
 hw/qdev-properties-system.c |   14 +
 include/net/net.h   |3 ++
 net/hub.c   |3 ++
 net/net.c   |   46 --
 net/slirp.c |3 +-
 5 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c
index ce3af22..14c6d49 100644
--- a/hw/qdev-properties-system.c
+++ b/hw/qdev-properties-system.c
@@ -301,6 +301,7 @@ static void set_vlan(Object *obj, Visitor *v, void *opaque,
 return;
 }
 
+/* inc ref, released when unset property */
 hubport = net_hub_port_find(id);
 if (!hubport) {
 error_set(errp, QERR_INVALID_PARAMETER_VALUE,
@@ -310,11 +311,24 @@ static void set_vlan(Object *obj, Visitor *v, void 
*opaque,
 *ptr = hubport;
 }
 
+static void release_vlan(Object *obj, const char *name, void *opaque)
+{
+DeviceState *dev = DEVICE(obj);
+Property *prop = opaque;
+NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop);
+NetClientState **ptr = &peers_ptr->ncs[0];
+
+if (*ptr) {
+netclient_unref(*ptr);
+}
+}
+
 PropertyInfo qdev_prop_vlan = {
 .name  = "vlan",
 .print = print_vlan,
 .get   = get_vlan,
 .set   = set_vlan,
+.release = release_vlan,
 };
 
 int qdev_prop_set_drive(DeviceState *dev, const char *name,
diff --git a/include/net/net.h b/include/net/net.h
index 54f91ea..ef4137d 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -61,6 +61,7 @@ typedef struct NetClientInfo {
 } NetClientInfo;
 
 struct NetClientState {
+int ref;
 NetClientInfo *info;
 int link_down;
 QTAILQ_ENTRY(NetClientState) next;
@@ -89,6 +90,8 @@ typedef struct NICState {
 NetClientState *qemu_find_netdev(const char *id);
 int qemu_find_net_clients_except(const char *id, NetClientState **ncs,
  NetClientOptionsKind type, int max);
+void netclient_ref(NetClientState *nc);
+void netclient_unref(NetClientState *nc);
 NetClientState *qemu_new_net_client(NetClientInfo *info,
 NetClientState *peer,
 const char *model,
diff --git a/net/hub.c b/net/hub.c
index 812a6dc..2970f8e 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -212,6 +212,7 @@ NetClientState *net_hub_find_client_by_name(int hub_id, 
const char *name)
 peer = port->nc.peer;
 
 if (peer && strcmp(peer->name, name) == 0) {
+netclient_ref(peer);
 qemu_mutex_unlock(&hub->ports_lock);
 return peer;
 }
@@ -237,6 +238,7 @@ NetClientState *net_hub_port_find(int hub_id)
 QLIST_FOREACH(port, &hub->ports, next) {
 nc = port->nc.peer;
 if (!nc) {
+netclient_ref(&port->nc);
 qemu_mutex_unlock(&hub->ports_lock);
 return &(port->nc);
 }
@@ -247,6 +249,7 @@ NetClientState *net_hub_port_find(int hub_id)
 }
 
 nc = net_hub_add_port(hub_id, NULL);
+netclient_ref(nc);
 return nc;
 }
 
diff --git a/net/net.c b/net/net.c
index 7619762..ac859ff 100644
--- a/net/net.c
+++ b/net/net.c
@@ -45,6 +45,7 @@
 # define CONFIG_NET_BRIDGE
 #endif
 
+static QemuMutex net_clients_lock;
 static QTAILQ_HEAD(, NetClientState) net_clients;
 
 int default_net = 1;
@@ -166,6 +167,7 @@ static char *assign_name(NetClientState *nc1, const char 
*model)
 char buf[256];
 int id = 0;
 
+qemu_mutex_lock(&net_clients_lock);
 QTAILQ_FOREACH(nc, &net_clients, next) {
 if (nc == nc1) {
 continue;
@@ -176,6 +178,7 @@ static char *assign_name(NetClientState *nc1, const char 
*model)
 id++;
 }
 }
+qemu_mutex_unlock(&net_clients_lock);
 
 snprintf(buf, sizeof(buf), "%s.%d", model, id);
 
@@ -206,9 +209,13 @@ static void qemu_net_client_setup(NetClientState *nc,
 assert(!peer->peer);
 nc->peer = peer;
 peer->peer = nc;
+netclient_ref(peer);
+netclient_ref(nc);
 }
 qemu_mutex_init(&nc->peer_lock);
+qemu_mutex_lock(&net_clients_lock);
 QTAILQ_INSERT_TAIL(&net_clients, nc, next);
+qemu_mutex_unlock(&net_clients_lock);
 
 nc->send_queue = qemu_new_net_queue(nc);
 nc->destructor = destructor;
@@ -224,6 +231,7 @@ NetClientState *qemu_new_net_client(NetClientInfo *info,
 assert(info->size >= sizeof(NetClientState));
 
 nc = g_malloc0(info->size);
+netclient_ref(nc);
 qemu_net_client_setup(nc, info, peer, model, name,
   qemu_net_client_destructor);
 
@@ -284,7 +292,9 @@ void *qemu_get_nic_opaque(NetClientState *nc)
 
 static void qemu_cleanup_net_client(NetClientState *nc)
 {
+qemu_mutex_lock(&net_clients_lock);
 QTAILQ_REMOVE(&net_clients, n

[Qemu-devel] [PATCH v1 07/14] net: hub use lock to protect ports list

[Liu Ping Fan]

From: Liu Ping Fan 

Hub ports will run on multi-threads, so use lock to protect them.

Signed-off-by: Liu Ping Fan 
---
 net/hub.c |   25 -
 1 files changed, 24 insertions(+), 1 deletions(-)

diff --git a/net/hub.c b/net/hub.c
index df32074..812a6dc 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -37,6 +37,7 @@ struct NetHub {
 int id;
 QLIST_ENTRY(NetHub) next;
 int num_ports;
+QemuMutex ports_lock;
 QLIST_HEAD(, NetHubPort) ports;
 };
 
@@ -47,6 +48,7 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 {
 NetHubPort *port;
 
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == source_port) {
 continue;
@@ -54,6 +56,7 @@ static ssize_t net_hub_receive(NetHub *hub, NetHubPort 
*source_port,
 
 qemu_send_packet(&port->nc, buf, len);
 }
+qemu_mutex_unlock(&hub->ports_lock);
 return len;
 }
 
@@ -63,6 +66,7 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 NetHubPort *port;
 ssize_t len = iov_size(iov, iovcnt);
 
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == source_port) {
 continue;
@@ -70,6 +74,7 @@ static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort 
*source_port,
 
 qemu_sendv_packet(&port->nc, iov, iovcnt);
 }
+qemu_mutex_unlock(&hub->ports_lock);
 return len;
 }
 
@@ -80,6 +85,7 @@ static NetHub *net_hub_new(int id)
 hub = g_malloc(sizeof(*hub));
 hub->id = id;
 hub->num_ports = 0;
+qemu_mutex_init(&hub->ports_lock);
 QLIST_INIT(&hub->ports);
 
 QLIST_INSERT_HEAD(&hubs, hub, next);
@@ -93,16 +99,19 @@ static int net_hub_port_can_receive(NetClientState *nc)
 NetHubPort *src_port = DO_UPCAST(NetHubPort, nc, nc);
 NetHub *hub = src_port->hub;
 
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port == src_port) {
 continue;
 }
 
 if (qemu_can_send_packet(&port->nc)) {
+qemu_mutex_unlock(&hub->ports_lock);
 return 1;
 }
 }
 
+qemu_mutex_unlock(&hub->ports_lock);
 return 0;
 }
 
@@ -155,8 +164,9 @@ static NetHubPort *net_hub_port_new(NetHub *hub, const char 
*name)
 port = DO_UPCAST(NetHubPort, nc, nc);
 port->id = id;
 port->hub = hub;
-
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_INSERT_HEAD(&hub->ports, port, next);
+qemu_mutex_unlock(&hub->ports_lock);
 
 return port;
 }
@@ -197,13 +207,16 @@ NetClientState *net_hub_find_client_by_name(int hub_id, 
const char *name)
 
 QLIST_FOREACH(hub, &hubs, next) {
 if (hub->id == hub_id) {
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 peer = port->nc.peer;
 
 if (peer && strcmp(peer->name, name) == 0) {
+qemu_mutex_unlock(&hub->ports_lock);
 return peer;
 }
 }
+qemu_mutex_unlock(&hub->ports_lock);
 }
 }
 return NULL;
@@ -220,12 +233,15 @@ NetClientState *net_hub_port_find(int hub_id)
 
 QLIST_FOREACH(hub, &hubs, next) {
 if (hub->id == hub_id) {
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 nc = port->nc.peer;
 if (!nc) {
+qemu_mutex_unlock(&hub->ports_lock);
 return &(port->nc);
 }
 }
+qemu_mutex_unlock(&hub->ports_lock);
 break;
 }
 }
@@ -244,12 +260,14 @@ void net_hub_info(Monitor *mon)
 
 QLIST_FOREACH(hub, &hubs, next) {
 monitor_printf(mon, "hub %d\n", hub->id);
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 if (port->nc.peer) {
 monitor_printf(mon, " \\ ");
 print_net_client(mon, port->nc.peer);
 }
 }
+qemu_mutex_unlock(&hub->ports_lock);
 }
 }
 
@@ -306,6 +324,7 @@ void net_hub_check_clients(void)
 QLIST_FOREACH(hub, &hubs, next) {
 int has_nic = 0, has_host_dev = 0;
 
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &hub->ports, next) {
 peer = port->nc.peer;
 if (!peer) {
@@ -328,6 +347,7 @@ void net_hub_check_clients(void)
 break;
 }
 }
+qemu_mutex_unlock(&hub->ports_lock);
 if (has_host_dev && !has_nic) {
 fprintf(stderr, "Warning: vlan %d with no nics\n", hub->id);
 }
@@ -343,12 +363,15 @@ bool net_hub_flush(NetClientState *nc)
 {
 NetHubPort *port;
 NetHubPort *source_port = DO_UPCAST(NetHubPort, nc, nc);
+NetHub *hub = source_port->hub;
 int ret = 0;
 
+qemu_mutex_lock(&hub->ports_lock);
 QLIST_FOREACH(port, &sou

[Qemu-devel] [PATCH v1 12/14] slirp: make slirp event dispatch based on slirp instance, not global

[Liu Ping Fan]

From: Liu Ping Fan 

Split slirp_pollfds_fill/_poll actions into each slirp, so that SlirpState
can run on dedicated context. Each slirp socket will corresponds to a GPollFD,
and its SlirpState stands for a GSource(EventsGSource). Finally different
SlirpState can run on different context.

The logic in slirp_pollfds_fill/_poll is not changed, but due to drop of
the functions, rearrange the code to obey the coding style. For other minor
changes, they accord to the nearby style.

Signed-off-by: Liu Ping Fan 
---
 main-loop.c  |4 -
 net/slirp.c  |   32 +++
 slirp/libslirp.h |7 +-
 slirp/slirp.c|  567 +-
 slirp/socket.c   |2 +
 slirp/socket.h   |1 +
 stubs/slirp.c|8 -
 7 files changed, 299 insertions(+), 322 deletions(-)

diff --git a/main-loop.c b/main-loop.c
index 8c9b58c..970f25d 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -432,14 +432,10 @@ int main_loop_wait(int nonblocking)
 /* XXX: separate device handlers from system ones */
 #ifdef CONFIG_SLIRP
 slirp_update_timeout(&timeout);
-slirp_pollfds_fill(gpollfds);
 #endif
 qemu_iohandler_fill(gpollfds);
 ret = os_host_main_loop_wait(timeout);
 qemu_iohandler_poll(gpollfds, ret);
-#ifdef CONFIG_SLIRP
-slirp_pollfds_poll(gpollfds, (ret < 0));
-#endif
 
 qemu_run_all_timers();
 
diff --git a/net/slirp.c b/net/slirp.c
index a6116d5..6ff5ca8 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -36,6 +36,7 @@
 #include "qemu/sockets.h"
 #include "slirp/libslirp.h"
 #include "char/char.h"
+#include "util/event_gsource.h"
 
 static int get_str_sep(char *buf, int buf_size, const char **pp, int sep)
 {
@@ -76,6 +77,7 @@ typedef struct SlirpState {
 #ifndef _WIN32
 char smb_dir[128];
 #endif
+EventsGSource *slirp_src;
 } SlirpState;
 
 static struct slirp_config_str *slirp_configs;
@@ -120,17 +122,44 @@ static void net_slirp_cleanup(NetClientState *nc)
 SlirpState *s = DO_UPCAST(SlirpState, nc, nc);
 
 slirp_cleanup(s->slirp);
+events_source_release(s->slirp_src);
 slirp_smb_cleanup(s);
 QTAILQ_REMOVE(&slirp_stacks, s, entry);
 }
 
+static void net_slirp_bind_ctx(NetClientState *nc, GMainContext *ctx)
+{
+SlirpState *s = DO_UPCAST(SlirpState, nc, nc);
+
+g_source_attach(&s->slirp_src->source, ctx);
+}
+
 static NetClientInfo net_slirp_info = {
 .type = NET_CLIENT_OPTIONS_KIND_USER,
 .size = sizeof(SlirpState),
 .receive = net_slirp_receive,
 .cleanup = net_slirp_cleanup,
+.bind_ctx = net_slirp_bind_ctx,
 };
 
+GPollFD *slirp_gsource_get_gfd(void *opaque, int fd)
+{
+GPollFD *retfd;
+SlirpState *s = opaque;
+EventsGSource *src = s->slirp_src;
+retfd = events_source_add_gfd(src, fd);
+
+return retfd;
+}
+
+void slirp_gsource_close_gfd(void *opaque, GPollFD *pollfd)
+{
+SlirpState *s = opaque;
+EventsGSource *src = s->slirp_src;
+
+events_source_remove_gfd(src, pollfd);
+}
+
 static int net_slirp_init(NetClientState *peer, const char *model,
   const char *name, int restricted,
   const char *vnetwork, const char *vhost,
@@ -244,6 +273,8 @@ static int net_slirp_init(NetClientState *peer, const char 
*model,
 
 s->slirp = slirp_init(restricted, net, mask, host, vhostname,
   tftp_export, bootfile, dhcp, dns, dnssearch, s);
+s->slirp_src = events_source_new(slirp_prepare, slirp_handler, s->slirp);
+
 QTAILQ_INSERT_TAIL(&slirp_stacks, s, entry);
 
 for (config = slirp_configs; config; config = config->next) {
@@ -266,6 +297,7 @@ static int net_slirp_init(NetClientState *peer, const char 
*model,
 goto error;
 }
 #endif
+s->nc.info->bind_ctx(&s->nc, NULL);
 
 return 0;
 
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index ceabff8..1aad5a4 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -17,11 +17,10 @@ Slirp *slirp_init(int restricted, struct in_addr vnetwork,
 void slirp_cleanup(Slirp *slirp);
 
 void slirp_update_timeout(uint32_t *timeout);
-void slirp_pollfds_fill(GArray *pollfds);
-
-void slirp_pollfds_poll(GArray *pollfds, int select_error);
 
 void slirp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len);
+gboolean slirp_prepare(GSource *source, gint *time);
+gboolean slirp_handler(gpointer data);
 
 /* you must provide the following functions: */
 void slirp_output(void *opaque, const uint8_t *pkt, int pkt_len);
@@ -40,5 +39,7 @@ void slirp_socket_recv(Slirp *slirp, struct in_addr 
guest_addr,
int guest_port, const uint8_t *buf, int size);
 size_t slirp_socket_can_recv(Slirp *slirp, struct in_addr guest_addr,
  int guest_port);
+GPollFD *slirp_gsource_get_gfd(void *opaque, int fd);
+void slirp_gsource_close_gfd(void *opaque, GPollFD *pollfd);
 
 #endif
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 08c6b26..691f82f 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -26,6 +26,7 @@
 #include "char

[Qemu-devel] [PATCH v1 05/14] net: port tap onto GSource

[Liu Ping Fan]

From: Liu Ping Fan 

Signed-off-by: Liu Ping Fan 
---
 net/tap.c |   64 +++-
 1 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/net/tap.c b/net/tap.c
index daab350..5f4d59f 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -41,6 +41,7 @@
 #include "qemu/error-report.h"
 
 #include "net/tap.h"
+#include "util/event_gsource.h"
 
 #include "hw/vhost_net.h"
 
@@ -62,6 +63,7 @@ typedef struct TAPState {
 bool enabled;
 VHostNetState *vhost_net;
 unsigned host_vnet_hdr_len;
+EventGSource *nsrc;
 } TAPState;
 
 static int launch_script(const char *setup_script, const char *ifname, int fd);
@@ -70,25 +72,48 @@ static int tap_can_send(void *opaque);
 static void tap_send(void *opaque);
 static void tap_writable(void *opaque);
 
-static void tap_update_fd_handler(TAPState *s)
+static gushort readable(void *opaque)
 {
-qemu_set_fd_handler2(s->fd,
- s->read_poll && s->enabled ? tap_can_send : NULL,
- s->read_poll && s->enabled ? tap_send : NULL,
- s->write_poll && s->enabled ? tap_writable : NULL,
- s);
+TAPState *s = opaque;
+
+if (s->enabled && s->read_poll &&
+tap_can_send(s)) {
+return G_IO_IN;
+}
+return 0;
+}
+
+static gushort writable(void *opaque)
+{
+TAPState *s = opaque;
+
+if (s->enabled && s->write_poll) {
+return G_IO_OUT;
+}
+return 0;
+}
+
+static gboolean tap_handler(gpointer data)
+{
+EventGSource *nsrc = data;
+
+if (nsrc->gfd.revents & G_IO_IN) {
+tap_send(nsrc->opaque);
+}
+if (nsrc->gfd.revents & G_IO_OUT) {
+tap_writable(nsrc->opaque);
+}
+return true;
 }
 
 static void tap_read_poll(TAPState *s, bool enable)
 {
 s->read_poll = enable;
-tap_update_fd_handler(s);
 }
 
 static void tap_write_poll(TAPState *s, bool enable)
 {
 s->write_poll = enable;
-tap_update_fd_handler(s);
 }
 
 static void tap_writable(void *opaque)
@@ -291,6 +316,7 @@ static void tap_cleanup(NetClientState *nc)
 
 tap_read_poll(s, false);
 tap_write_poll(s, false);
+event_source_release(s->nsrc);
 close(s->fd);
 s->fd = -1;
 }
@@ -300,6 +326,12 @@ static void tap_poll(NetClientState *nc, bool enable)
 TAPState *s = DO_UPCAST(TAPState, nc, nc);
 tap_read_poll(s, enable);
 tap_write_poll(s, enable);
+
+if (!enable) {
+g_source_remove_poll(&s->nsrc->source, &s->nsrc->gfd);
+} else {
+g_source_add_poll(&s->nsrc->source, &s->nsrc->gfd);
+}
 }
 
 int tap_get_fd(NetClientState *nc)
@@ -309,6 +341,13 @@ int tap_get_fd(NetClientState *nc)
 return s->fd;
 }
 
+static void tap_bind_ctx(NetClientState *nc, GMainContext *ctx)
+{
+TAPState *s = DO_UPCAST(TAPState, nc, nc);
+
+g_source_attach(&s->nsrc->source, ctx);
+}
+
 /* fd support */
 
 static NetClientInfo net_tap_info = {
@@ -319,6 +358,7 @@ static NetClientInfo net_tap_info = {
 .receive_iov = tap_receive_iov,
 .poll = tap_poll,
 .cleanup = tap_cleanup,
+.bind_ctx = tap_bind_ctx,
 };
 
 static TAPState *net_tap_fd_init(NetClientState *peer,
@@ -596,6 +636,7 @@ static int net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
 int vnet_hdr, int fd)
 {
 TAPState *s;
+EventGSource *nsrc;
 
 s = net_tap_fd_init(peer, model, name, fd, vnet_hdr);
 if (!s) {
@@ -606,6 +647,11 @@ static int net_init_tap_one(const NetdevTapOptions *tap, 
NetClientState *peer,
 if (tap_set_sndbuf(s->fd, tap) < 0) {
 return -1;
 }
+nsrc = event_source_new(s->fd, tap_handler, s);
+nsrc->readable = readable;
+nsrc->writable = writable;
+s->nsrc = nsrc;
+s->nc.info->bind_ctx(&s->nc, NULL);
 
 if (tap->has_fd || tap->has_fds) {
 snprintf(s->nc.info_str, sizeof(s->nc.info_str), "fd=%d", fd);
@@ -844,7 +890,6 @@ int tap_enable(NetClientState *nc)
 ret = tap_fd_enable(s->fd);
 if (ret == 0) {
 s->enabled = true;
-tap_update_fd_handler(s);
 }
 return ret;
 }
@@ -862,7 +907,6 @@ int tap_disable(NetClientState *nc)
 if (ret == 0) {
 qemu_purge_queued_packets(nc);
 s->enabled = false;
-tap_update_fd_handler(s);
 }
 return ret;
 }
-- 
1.7.4.4

Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/7] pci: add MPC105 PCI host bridge emulation

[Hervé Poussineau]

Andreas Färber a écrit :

Am 06.05.2013 22:57, schrieb Hervé Poussineau:

Alexander Graf a écrit :

On 05/03/2013 07:57 AM, Hervé Poussineau wrote:

Alexander Graf a écrit :

Am 02.05.2013 um 22:08 schrieb Hervé Poussineau :


Non-contiguous I/O is not implemented.

There is also somewhere a bug in the memory controller, which means
that some real firmwares may not detect the correct amount of memory.
This can be bypassed by adding '-m 1G' on the command line.

Add x-auto-conf property, to automatically configure the memory
controller at startup. This will be required by OpenBIOS, which
doesn't know how to do it.

Why not teach it? I'd prefer to see that logic in firmware.

Me too, but I'm not confident enough in my capabilities to do it.

Huh? Why not? Most of the device initialization code in OpenBIOS
happens in C, so you don't even have to touch Forth code :).


Autoconfiguration is only in one place of the code, so I think it can
be removed easily once OpenBIOS has this logic.

I'd prefer if we could come up with a clean model from the start. It
really shouldn't be hard at all.


I thought that for all other usages of OpenBIOS in QEMU, RAM was
supposed to be available as soon as machine was powered on.

However, I checked OpenBIOS code:
One of the first things done in arch/ppc/qemu/start.S is to copy the
exception vectors. So, I should add code before it to detect memory
controller, detect ram size and configure memory controller?


No. Why? QEMU does not depend on the memory controller being
initialized, only the OS might expect some registers to be filled in. So
you should look at or add the MPC105 PHB initialization hook in
OpenBIOS' PCI code, long after the memory is set up.


OpenBIOS depends of memory being available (at least the first KB/MB) 
even at its very startup, in arch/ppc/qemu/start.S. PCI initialization 
code comes much later.
At boot, MPC105 datasheet says that memory controller is not configured, 
ie you have to not use RAM in OpenBIOS before PCI initialization.


For other PPC targets (mac99, g3beige) using OpenBIOS, RAM is accessible 
at startup, so that's not a problem for OpenBIOS.


So, no, QEMU does not depend of the memory controller being initialized, 
but OpenBIOS depends of the RAM being accessible ways before PCI 
initialization.
I don't speak of the OS which might (or might not) expect some registers 
to be filled in.
x-auto-conf property correctly sets some registers, so that memory is 
available at startup (like on mac99, g3beige emulations).


Hervé

[Qemu-devel] [PATCH v1 09/14] net: introduce lock to protect NetClientState's peer's access

[Liu Ping Fan]

From: Liu Ping Fan 

Introduce nc->peer_lock to shield off the race of nc->peer's reader and
deleter. With it, after deleter finish, no new qemu_send_packet_xx()
will append packet to peer->send_queue, therefore no new reference from
packet->sender to nc will exist in nc->peer->send_queue.

Signed-off-by: Liu Ping Fan 
---
 include/net/net.h |7 +
 net/net.c |   79 ++---
 net/queue.c   |4 +-
 3 files changed, 84 insertions(+), 6 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h
index 88332d2..54f91ea 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -5,6 +5,7 @@
 #include "qemu-common.h"
 #include "qapi/qmp/qdict.h"
 #include "qemu/option.h"
+#include "qemu/thread.h"
 #include "net/queue.h"
 #include "migration/vmstate.h"
 #include "qapi-types.h"
@@ -63,6 +64,10 @@ struct NetClientState {
 NetClientInfo *info;
 int link_down;
 QTAILQ_ENTRY(NetClientState) next;
+/* protect the race access of peer only between reader and writer.
+ * to resolve the writer's race condition, resort on biglock.
+ */
+QemuMutex peer_lock;
 NetClientState *peer;
 NetQueue *send_queue;
 char *model;
@@ -75,6 +80,7 @@ struct NetClientState {
 
 typedef struct NICState {
 NetClientState *ncs;
+NetClientState **pending_peer;
 NICConf *conf;
 void *opaque;
 bool peer_deleted;
@@ -102,6 +108,7 @@ NetClientState *qemu_find_vlan_client_by_name(Monitor *mon, 
int vlan_id,
   const char *client_str);
 typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque);
 void qemu_foreach_nic(qemu_nic_foreach func, void *opaque);
+int qemu_can_send_packet_nolock(NetClientState *sender);
 int qemu_can_send_packet(NetClientState *nc);
 ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov,
   int iovcnt);
diff --git a/net/net.c b/net/net.c
index f3d67f8..7619762 100644
--- a/net/net.c
+++ b/net/net.c
@@ -207,6 +207,7 @@ static void qemu_net_client_setup(NetClientState *nc,
 nc->peer = peer;
 peer->peer = nc;
 }
+qemu_mutex_init(&nc->peer_lock);
 QTAILQ_INSERT_TAIL(&net_clients, nc, next);
 
 nc->send_queue = qemu_new_net_queue(nc);
@@ -246,6 +247,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
 nic->ncs = (void *)nic + info->size;
 nic->conf = conf;
 nic->opaque = opaque;
+nic->pending_peer = g_malloc0(sizeof(NetClientState *) * queues);
 
 for (i = 0; i < queues; i++) {
 qemu_net_client_setup(&nic->ncs[i], info, peers[i], model, name,
@@ -304,6 +306,38 @@ static void qemu_free_net_client(NetClientState *nc)
 }
 }
 
+/* elimate the reference and sync with exit of rx/tx action.
+ * And flush out peer's queue.
+ */
+static void qemu_net_client_detach_flush(NetClientState *nc)
+{
+NetClientState *peer;
+
+/* reader of self's peer field , fixme? the deleters are not concurrent,
+ * so this pair lock can save.
+ */
+qemu_mutex_lock(&nc->peer_lock);
+peer = nc->peer;
+qemu_mutex_unlock(&nc->peer_lock);
+
+/* writer of peer's peer field*/
+if (peer) {
+/* exclude the race with tx to @nc */
+qemu_mutex_lock(&peer->peer_lock);
+peer->peer = NULL;
+qemu_mutex_unlock(&peer->peer_lock);
+}
+
+/* writer of self's peer field*/
+/*  exclude the race with tx from @nc */
+qemu_mutex_lock(&nc->peer_lock);
+nc->peer = NULL;
+if (peer) {
+qemu_net_queue_purge(peer->send_queue, nc);
+}
+qemu_mutex_unlock(&nc->peer_lock);
+}
+
 void qemu_del_net_client(NetClientState *nc)
 {
 NetClientState *ncs[MAX_QUEUE_NUM];
@@ -334,7 +368,9 @@ void qemu_del_net_client(NetClientState *nc)
 }
 
 for (i = 0; i < queues; i++) {
+qemu_net_client_detach_flush(ncs[i]);
 qemu_cleanup_net_client(ncs[i]);
+nic->pending_peer[i] = ncs[i];
 }
 
 return;
@@ -343,6 +379,7 @@ void qemu_del_net_client(NetClientState *nc)
 assert(nc->info->type != NET_CLIENT_OPTIONS_KIND_NIC);
 
 for (i = 0; i < queues; i++) {
+qemu_net_client_detach_flush(ncs[i]);
 qemu_cleanup_net_client(ncs[i]);
 qemu_free_net_client(ncs[i]);
 }
@@ -355,17 +392,19 @@ void qemu_del_nic(NICState *nic)
 /* If this is a peer NIC and peer has already been deleted, free it now. */
 if (nic->peer_deleted) {
 for (i = 0; i < queues; i++) {
-qemu_free_net_client(qemu_get_subqueue(nic, i)->peer);
+qemu_free_net_client(nic->pending_peer[i]);
 }
 }
 
 for (i = queues - 1; i >= 0; i--) {
 NetClientState *nc = qemu_get_subqueue(nic, i);
 
+qemu_net_client_detach_flush(nc);
 qemu_cleanup_net_client(nc);
 qemu_free_net_client(nc);
 }
 
+g_free(nic->pending_peer);
 g_free(nic);
 }
 
@@ -382,7 +421,7 @@ void qemu_foreach_nic(

[Qemu-devel] [PATCH v1 04/14] net: port socket to GSource

[Liu Ping Fan]

From: Liu Ping Fan 

Port NetSocketState onto NetClientSource. The only thing specail is that
owning to the socket's state machine changes, we need to change the handler.
We implement that by destroy the old NetClientSource and attach a new one
with NetSocketState.

Signed-off-by: Liu Ping Fan 
---
 net/socket.c |  194 --
 1 files changed, 161 insertions(+), 33 deletions(-)

diff --git a/net/socket.c b/net/socket.c
index 396dc8c..d52991d 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -31,6 +31,8 @@
 #include "qemu/option.h"
 #include "qemu/sockets.h"
 #include "qemu/iov.h"
+#include "util/event_gsource.h"
+
 
 typedef struct NetSocketState {
 NetClientState nc;
@@ -42,13 +44,15 @@ typedef struct NetSocketState {
 unsigned int send_index;  /* number of bytes sent (only SOCK_STREAM) */
 uint8_t buf[4096];
 struct sockaddr_in dgram_dst; /* contains inet host and port destination 
iff connectionless (SOCK_DGRAM) */
-IOHandler *send_fn;   /* differs between SOCK_STREAM/SOCK_DGRAM */
 bool read_poll;   /* waiting to receive data? */
 bool write_poll;  /* waiting to transmit data? */
+EventGSource *nsrc;
 } NetSocketState;
 
-static void net_socket_accept(void *opaque);
 static void net_socket_writable(void *opaque);
+static gboolean net_socket_listen_handler(gpointer data);
+static gboolean net_socket_establish_handler(gpointer data);
+
 
 /* Only read packets from socket when peer can receive them */
 static int net_socket_can_send(void *opaque)
@@ -58,25 +62,14 @@ static int net_socket_can_send(void *opaque)
 return qemu_can_send_packet(&s->nc);
 }
 
-static void net_socket_update_fd_handler(NetSocketState *s)
-{
-qemu_set_fd_handler2(s->fd,
- s->read_poll  ? net_socket_can_send : NULL,
- s->read_poll  ? s->send_fn : NULL,
- s->write_poll ? net_socket_writable : NULL,
- s);
-}
-
 static void net_socket_read_poll(NetSocketState *s, bool enable)
 {
 s->read_poll = enable;
-net_socket_update_fd_handler(s);
 }
 
 static void net_socket_write_poll(NetSocketState *s, bool enable)
 {
 s->write_poll = enable;
-net_socket_update_fd_handler(s);
 }
 
 static void net_socket_writable(void *opaque)
@@ -141,6 +134,59 @@ static ssize_t net_socket_receive_dgram(NetClientState 
*nc, const uint8_t *buf,
 return ret;
 }
 
+static gushort socket_connecting_writable(void *opaque)
+{
+return G_IO_OUT | G_IO_ERR;
+}
+
+static gushort socket_listen_readable(void *opaque)
+{
+return G_IO_IN | G_IO_HUP | G_IO_ERR;
+}
+
+static gushort socket_establish_readable(void *opaque)
+{
+NetSocketState *s = opaque;
+
+/* rely on net_socket_send to handle err */
+if (s->read_poll && net_socket_can_send(s)) {
+return G_IO_IN | G_IO_HUP | G_IO_ERR;
+}
+return 0;
+}
+
+static gushort socket_establish_writable(void *opaque)
+{
+NetSocketState *s = opaque;
+
+if (s->write_poll) {
+return G_IO_OUT | G_IO_HUP | G_IO_ERR;
+}
+return 0;
+}
+
+static gushort socket_dgram_readable(void *opaque)
+{
+NetSocketState *s = opaque;
+
+/* rely on net_socket_send_dgram to handle err */
+if (s->read_poll && net_socket_can_send(s)) {
+return G_IO_IN | G_IO_ERR;
+}
+return 0;
+}
+
+static gushort socket_dgram_writable(void *opaque)
+{
+NetSocketState *s = opaque;
+
+if (s->write_poll) {
+return G_IO_OUT | G_IO_ERR;
+}
+return 0;
+}
+
+/* common handler for accept-established or connecting case */
 static void net_socket_send(void *opaque)
 {
 NetSocketState *s = opaque;
@@ -159,8 +205,13 @@ static void net_socket_send(void *opaque)
 eoc:
 net_socket_read_poll(s, false);
 net_socket_write_poll(s, false);
+/* rely on this to tell the accept-established or connecting case */
 if (s->listen_fd != -1) {
-qemu_set_fd_handler(s->listen_fd, net_socket_accept, NULL, s);
+event_source_release(s->nsrc);
+s->nsrc = event_source_new(s->listen_fd, net_socket_listen_handler,
+s);
+s->nsrc->readable = socket_listen_readable;
+s->nc.info->bind_ctx(&s->nc, NULL);
 }
 closesocket(s->fd);
 
@@ -231,6 +282,8 @@ static void net_socket_send_dgram(void *opaque)
 /* end of connection */
 net_socket_read_poll(s, false);
 net_socket_write_poll(s, false);
+/* for dgram err, removing it */
+g_source_remove_poll(&s->nsrc->source, &s->nsrc->gfd);
 return;
 }
 qemu_send_packet(&s->nc, s->buf, size);
@@ -331,6 +384,14 @@ static void net_socket_cleanup(NetClientState *nc)
 closesocket(s->listen_fd);
 s->listen_fd = -1;
 }
+event_source_release(s->nsrc);
+}
+
+static void net_socket_bind_ctx(NetClientState *nc, GMainContext 

[Qemu-devel] [PATCH v1 06/14] net: port tap-win32 onto GSource

[Liu Ping Fan]

From: Liu Ping Fan 

Signed-off-by: Liu Ping Fan 
---
 net/tap-win32.c |   31 +--
 1 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/net/tap-win32.c b/net/tap-win32.c
index 91e9e84..7a84195 100644
--- a/net/tap-win32.c
+++ b/net/tap-win32.c
@@ -635,13 +635,14 @@ static int tap_win32_open(tap_win32_overlapped_t 
**phandle,
  typedef struct TAPState {
  NetClientState nc;
  tap_win32_overlapped_t *handle;
+ EventGSource *nsrc;
  } TAPState;
 
 static void tap_cleanup(NetClientState *nc)
 {
 TAPState *s = DO_UPCAST(TAPState, nc, nc);
 
-qemu_del_wait_object(s->handle->tap_semaphore, NULL, NULL);
+event_source_release(s->nsrc);
 
 /* FIXME: need to kill thread and close file handle:
tap_win32_close(s);
@@ -669,13 +670,37 @@ static void tap_win32_send(void *opaque)
 }
 }
 
+static void tap_bind_ctx(NetClientState *nc, GMainContext *ctx)
+{
+TAPState *s = DO_UPCAST(TAPState, nc, nc);
+
+g_source_attach(&s->nsrc->source, ctx);
+}
+
 static NetClientInfo net_tap_win32_info = {
 .type = NET_CLIENT_OPTIONS_KIND_TAP,
 .size = sizeof(TAPState),
 .receive = tap_receive,
 .cleanup = tap_cleanup,
+.bind_ctx = tap_bind_ctx,
 };
 
+static gboolean tap_win32_handler(gpointer data)
+{
+EventGSource *nsrc = data;
+TAPState *s = nsrc->opaque;
+
+if (nsrc->gfd.revents & G_IO_IN) {
+tap_win32_send(s);
+}
+return true;
+}
+
+static gushort readable(void *opaque)
+{
+return G_IO_IN;
+}
+
 static int tap_win32_init(NetClientState *peer, const char *model,
   const char *name, const char *ifname)
 {
@@ -697,7 +722,9 @@ static int tap_win32_init(NetClientState *peer, const char 
*model,
 
 s->handle = handle;
 
-qemu_add_wait_object(s->handle->tap_semaphore, tap_win32_send, s);
+s->nsrc = event_source_new(s->handle->tap_semaphore, tap_win32_handler, s);
+s->nsrc->readable = readable;
+nc->info->bind_ctx(&s->nc, NULL);
 
 return 0;
 }
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 08/14] net: introduce lock to protect NetQueue

[Liu Ping Fan]

From: Liu Ping Fan 

NetQueue will be accessed by nc and its peers at the same time,
need lock to protect it.

Signed-off-by: Liu Ping Fan 
---
 net/queue.c |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/net/queue.c b/net/queue.c
index 859d02a..2856c1d 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -53,6 +53,7 @@ struct NetQueue {
 uint32_t nq_maxlen;
 uint32_t nq_count;
 
+QemuMutex lock;
 QTAILQ_HEAD(packets, NetPacket) packets;
 
 unsigned delivering : 1;
@@ -68,6 +69,7 @@ NetQueue *qemu_new_net_queue(void *opaque)
 queue->nq_maxlen = 1;
 queue->nq_count = 0;
 
+qemu_mutex_init(&queue->lock);
 QTAILQ_INIT(&queue->packets);
 
 queue->delivering = 0;
@@ -107,7 +109,9 @@ static void qemu_net_queue_append(NetQueue *queue,
 memcpy(packet->data, buf, size);
 
 queue->nq_count++;
+qemu_mutex_lock(&queue->lock);
 QTAILQ_INSERT_TAIL(&queue->packets, packet, entry);
+qemu_mutex_unlock(&queue->lock);
 }
 
 static void qemu_net_queue_append_iov(NetQueue *queue,
@@ -142,7 +146,9 @@ static void qemu_net_queue_append_iov(NetQueue *queue,
 }
 
 queue->nq_count++;
+qemu_mutex_lock(&queue->lock);
 QTAILQ_INSERT_TAIL(&queue->packets, packet, entry);
+qemu_mutex_unlock(&queue->lock);
 }
 
 static ssize_t qemu_net_queue_deliver(NetQueue *queue,
@@ -229,6 +235,7 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState 
*from)
 {
 NetPacket *packet, *next;
 
+qemu_mutex_lock(&queue->lock);
 QTAILQ_FOREACH_SAFE(packet, &queue->packets, entry, next) {
 if (packet->sender == from) {
 QTAILQ_REMOVE(&queue->packets, packet, entry);
@@ -236,10 +243,12 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState 
*from)
 g_free(packet);
 }
 }
+qemu_mutex_unlock(&queue->lock);
 }
 
 bool qemu_net_queue_flush(NetQueue *queue)
 {
+qemu_mutex_lock(&queue->lock);
 while (!QTAILQ_EMPTY(&queue->packets)) {
 NetPacket *packet;
 int ret;
@@ -256,6 +265,7 @@ bool qemu_net_queue_flush(NetQueue *queue)
 if (ret == 0) {
 queue->nq_count++;
 QTAILQ_INSERT_HEAD(&queue->packets, packet, entry);
+qemu_mutex_unlock(&queue->lock);
 return false;
 }
 
@@ -265,5 +275,6 @@ bool qemu_net_queue_flush(NetQueue *queue)
 
 g_free(packet);
 }
+qemu_mutex_unlock(&queue->lock);
 return true;
 }
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 02/14] net: introduce bind_ctx to NetClientInfo

[Liu Ping Fan]

From: Liu Ping Fan 

Introduce bind_ctx interface for NetClientState. It will help to
bind NetClientState with a GSource. Currently, these GSource attached
with default context, but in future, after resolving all the race
condition in network layer, NetClientStates can run on different
threads

Signed-off-by: Liu Ping Fan 
---
 include/net/net.h |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h
index cb049a1..88332d2 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -44,6 +44,7 @@ typedef ssize_t (NetReceiveIOV)(NetClientState *, const 
struct iovec *, int);
 typedef void (NetCleanup) (NetClientState *);
 typedef void (LinkStatusChanged)(NetClientState *);
 typedef void (NetClientDestructor)(NetClientState *);
+typedef void (NetClientBindCtx)(NetClientState *, GMainContext *);
 
 typedef struct NetClientInfo {
 NetClientOptionsKind type;
@@ -55,6 +56,7 @@ typedef struct NetClientInfo {
 NetCleanup *cleanup;
 LinkStatusChanged *link_status_changed;
 NetPoll *poll;
+NetClientBindCtx *bind_ctx;
 } NetClientInfo;
 
 struct NetClientState {
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 03/14] net: port vde onto GSource

[Liu Ping Fan]

From: Liu Ping Fan 

Signed-off-by: Liu Ping Fan 
---
 net/vde.c |   31 +--
 1 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/net/vde.c b/net/vde.c
index 4dea32d..fe763dd 100644
--- a/net/vde.c
+++ b/net/vde.c
@@ -30,10 +30,12 @@
 #include "qemu-common.h"
 #include "qemu/option.h"
 #include "qemu/main-loop.h"
+#include "util/event_gsource.h"
 
 typedef struct VDEState {
 NetClientState nc;
 VDECONN *vde;
+EventGSource *nsrc;
 } VDEState;
 
 static void vde_to_qemu(void *opaque)
@@ -60,20 +62,43 @@ static ssize_t vde_receive(NetClientState *nc, const 
uint8_t *buf, size_t size)
 return ret;
 }
 
+static gboolean vde_handler(gpointer data)
+{
+EventGSource *nsrc = (EventGSource *)data;
+
+if (nsrc->gfd.revents & (G_IO_IN | G_IO_HUP | G_IO_ERR)) {
+vde_to_qemu(nsrc->opaque);
+}
+return true;
+}
+
 static void vde_cleanup(NetClientState *nc)
 {
 VDEState *s = DO_UPCAST(VDEState, nc, nc);
-qemu_set_fd_handler(vde_datafd(s->vde), NULL, NULL, NULL);
+event_source_release(s->nsrc);
 vde_close(s->vde);
 }
 
+static void vde_bind_ctx(NetClientState *nc, GMainContext *ctx)
+{
+VDEState *s = DO_UPCAST(VDEState, nc, nc);
+
+g_source_attach(&s->nsrc->source, ctx);
+}
+
 static NetClientInfo net_vde_info = {
 .type = NET_CLIENT_OPTIONS_KIND_VDE,
 .size = sizeof(VDEState),
 .receive = vde_receive,
 .cleanup = vde_cleanup,
+.bind_ctx = vde_bind_ctx,
 };
 
+static gushort readable(void *opaque)
+{
+return G_IO_IN | G_IO_HUP | G_IO_ERR;
+}
+
 static int net_vde_init(NetClientState *peer, const char *model,
 const char *name, const char *sock,
 int port, const char *group, int mode)
@@ -104,7 +129,9 @@ static int net_vde_init(NetClientState *peer, const char 
*model,
 
 s->vde = vde;
 
-qemu_set_fd_handler(vde_datafd(s->vde), vde_to_qemu, NULL, s);
+s->nsrc = event_source_new(vde_datafd(vde), vde_handler, s);
+s->nsrc->readable = readable;
+nc->info->bind_ctx(nc, NULL);
 
 return 0;
 }
-- 
1.7.4.4

[Qemu-devel] [PATCH v1 01/14] util: introduce gsource event abstraction

[Liu Ping Fan]

From: Liu Ping Fan 

Introduce two structs EventGSource, EventsGSource
EventGSource is used to abstract the event with single backend file.
EventsGSource is used to abstract the event with dynamically changed
backend file, ex, slirp.

Signed-off-by: Liu Ping Fan 
---
 util/Makefile.objs   |1 +
 util/event_gsource.c |  157 ++
 util/event_gsource.h |   49 
 3 files changed, 207 insertions(+), 0 deletions(-)
 create mode 100644 util/event_gsource.c
 create mode 100644 util/event_gsource.h

diff --git a/util/Makefile.objs b/util/Makefile.objs
index 495a178..a676d7d 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -8,3 +8,4 @@ util-obj-y += error.o qemu-error.o
 util-obj-$(CONFIG_POSIX) += compatfd.o
 util-obj-y += iov.o aes.o qemu-config.o qemu-sockets.o uri.o notify.o
 util-obj-y += qemu-option.o qemu-progress.o
+util-obj-y += event_gsource.o
diff --git a/util/event_gsource.c b/util/event_gsource.c
new file mode 100644
index 000..12b5967
--- /dev/null
+++ b/util/event_gsource.c
@@ -0,0 +1,157 @@
+/*
+ *  Copyright (C) 2013 IBM
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; under version 2 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "event_gsource.h"
+#include "qemu/bitops.h"
+
+static gboolean prepare(GSource *src, gint *time)
+{
+EventGSource *nsrc = (EventGSource *)src;
+int events = 0;
+
+if (!nsrc->readable && !nsrc->writable) {
+return false;
+}
+if (nsrc->readable) {
+events = nsrc->readable(nsrc->opaque);
+}
+if ((nsrc->writable)) {
+events |= nsrc->writable(nsrc->opaque);
+}
+nsrc->gfd.events = events;
+
+return false;
+}
+
+static gboolean check(GSource *src)
+{
+EventGSource *nsrc = (EventGSource *)src;
+
+if (nsrc->gfd.revents & nsrc->gfd.events) {
+return true;
+}
+return false;
+}
+
+static gboolean dispatch(GSource *src, GSourceFunc cb, gpointer data)
+{
+gboolean ret = false;
+
+if (cb) {
+ret = cb(data);
+}
+return ret;
+}
+
+static GSourceFuncs net_gsource_funcs = {
+prepare,
+check,
+dispatch,
+NULL
+};
+
+EventGSource *event_source_new(int fd, GSourceFunc dispatch_cb, void *opaque)
+{
+EventGSource *nsrc = (EventGSource *)g_source_new(&net_gsource_funcs,
+sizeof(EventGSource));
+nsrc->gfd.fd = fd;
+nsrc->opaque = opaque;
+g_source_set_callback(&nsrc->source, dispatch_cb, nsrc, NULL);
+g_source_add_poll(&nsrc->source, &nsrc->gfd);
+
+return nsrc;
+}
+
+void event_source_release(EventGSource *src)
+{
+g_source_destroy(&src->source);
+}
+
+GPollFD *events_source_add_gfd(EventsGSource *src, int fd)
+{
+GPollFD *retfd;
+
+retfd = g_slice_alloc(sizeof(GPollFD));
+retfd->events = 0;
+retfd->fd = fd;
+src->pollfds_list = g_list_append(src->pollfds_list, retfd);
+if (fd >= 0) {
+g_source_add_poll(&src->source, retfd);
+}
+
+return retfd;
+}
+
+void events_source_remove_gfd(EventsGSource *src, GPollFD *pollfd)
+{
+g_source_remove_poll(&src->source, pollfd);
+src->pollfds_list = g_list_remove(src->pollfds_list, pollfd);
+g_slice_free(GPollFD, pollfd);
+}
+
+static gboolean events_source_check(GSource *src)
+{
+EventsGSource *nsrc = (EventsGSource *)src;
+GList *cur;
+GPollFD *gfd;
+
+cur = nsrc->pollfds_list;
+while (cur) {
+gfd = cur->data;
+if (gfd->fd >= 0 && (gfd->revents & gfd->events)) {
+return true;
+}
+cur = g_list_next(cur);
+}
+
+return false;
+}
+
+static gboolean events_source_dispatch(GSource *src, GSourceFunc cb,
+gpointer data)
+{
+gboolean ret = false;
+
+if (cb) {
+ret = cb(data);
+}
+return ret;
+}
+
+EventsGSource *events_source_new(GPrepare prepare, GSourceFunc dispatch_cb,
+void *opaque)
+{
+EventsGSource *src;
+GSourceFuncs *gfuncs = g_new0(GSourceFuncs, 1);
+gfuncs->prepare = prepare;
+gfuncs->check = events_source_check,
+gfuncs->dispatch = events_source_dispatch,
+
+src = (EventsGSource *)g_source_new(gfuncs, sizeof(EventsGSource));
+src->gfuncs = gfuncs;
+src->pollfds_list = NULL;
+src->opaque = opaque;
+g_source_set_callback(&src->source, dispatch_cb, src, NULL);
+
+return src;
+}
+
+void events_source_release(EventsGSource *src)
+{
+assert(!src->pollfds_list);
+

[Qemu-devel] [PATCH v1 00/14] port network layer onto glib

[Liu Ping Fan]

summary:
  patch1: GSource event abstraction
  patch2~6: port network backend to glib
  patch7~10: make network core re-entrant
  patch11~14:  port the slirp backend onto glib

The slirp->lock's deadlock problem has been eliminated and works fine.
And other components seems more stable, so I change from RFCv- to v-




rfcv5->v1:
  1. re-arrange logic for net/socket.c

rfcv4->rfcv5:
  1.use GList to reimplement EventsGSource
  2.make readable()/writable() return events which the backend is interested in
  3.fix the slirp->lock's potential deadlock issue

rfcv3->rfcv4:
  1.separate GSource event to dedicated file
  2.integrated with net core re-entrant
  3.make slirp/  re-entrant

rfcv2->rfcv3:
  1.drop hub and the frontend(virtio net)
  2.split the patch for NetClientSource

rfcv1->rfcv2:
  1.NetClientState can associate with up to 2 GSource, for virtio net, one for 
tx, one for rx,
so vq can run on different threads.
  2.make network front-end onto glib, currently virtio net dataplane



Liu Ping Fan (14):
  util: introduce gsource event abstraction
  net: introduce bind_ctx to NetClientInfo
  net: port vde onto GSource
  net: port socket to GSource
  net: port tap onto GSource
  net: port tap-win32 onto GSource
  net: hub use lock to protect ports list
  net: introduce lock to protect NetQueue
  net: introduce lock to protect NetClientState's peer's access
  net: make netclient re-entrant with refcnt
  slirp: make timeout local
  slirp: make slirp event dispatch based on slirp instance, not global
  slirp: handle race condition
  slirp: use lock to protect the slirp_instances

 hw/qdev-properties-system.c |   14 +
 include/net/net.h   |   12 +
 include/qemu/module.h   |2 +
 main-loop.c |4 -
 net/hub.c   |   28 ++-
 net/net.c   |  123 -
 net/queue.c |   15 +-
 net/slirp.c |   35 +++-
 net/socket.c|  194 +++---
 net/tap-win32.c |   31 ++-
 net/tap.c   |   64 -
 net/vde.c   |   31 ++-
 slirp/if.c  |   57 +++-
 slirp/libslirp.h|7 +-
 slirp/main.h|3 +-
 slirp/mbuf.h|2 +
 slirp/slirp.c   |  670 ++-
 slirp/slirp.h   |   11 +-
 slirp/socket.c  |2 +
 slirp/socket.h  |1 +
 stubs/slirp.c   |8 -
 util/Makefile.objs  |1 +
 util/event_gsource.c|  157 ++
 util/event_gsource.h|   49 
 24 files changed, 1105 insertions(+), 416 deletions(-)
 create mode 100644 util/event_gsource.c
 create mode 100644 util/event_gsource.h

-- 
1.7.4.4

Re: [Qemu-devel] [PATCH 2/3] virtio-ccw: check config length before accessing it

[Jason Wang]

On 04/28/2013 04:40 PM, Jason Wang wrote:
> On 04/28/2013 04:32 PM, Michael S. Tsirkin wrote:
>> On Fri, Apr 26, 2013 at 04:34:03PM +0800, Jason Wang wrote:
>>> virtio-rng-ccw has zero config length, so we need validate the config length
>>> before trying to access it. Otherwise we may crash since vdev->config is 
>>> NULL.
>>>
>>> Cc: Cornelia Huck 
>>> Cc: Richard Henderson 
>>> Cc: Alexander Graf 
>>> Signed-off-by: Jason Wang 
>> The real problem is dev->vdev->get_config being NULL,
>> isn't it? So why not validate it and be done with it?
> Ok, this looks more clear. Will do it in V2.

Recheck the code, looks like {get|set}_config() has been validated in
virtio_bus_get_vdev_config(). So the codes were ok here, will drop this
patch also.
 
>>> ---
>>>  hw/s390x/virtio-ccw.c |4 ++--
>>>  1 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
>>> index 56539d3..8d0dff5 100644
>>> --- a/hw/s390x/virtio-ccw.c
>>> +++ b/hw/s390x/virtio-ccw.c
>>> @@ -260,7 +260,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
>>>  }
>>>  }
>>>  len = MIN(ccw.count, dev->vdev->config_len);
>>> -if (!ccw.cda) {
>>> +if (!ccw.cda || !len) {
>>>  ret = -EFAULT;
>>>  } else {
>>>  dev->vdev->get_config(dev->vdev, dev->vdev->config);
>>> @@ -279,7 +279,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
>>>  }
>>>  len = MIN(ccw.count, dev->vdev->config_len);
>>>  hw_len = len;
>>> -if (!ccw.cda) {
>>> +if (!ccw.cda || !len) {
>>>  ret = -EFAULT;
>>>  } else {
>>>  config = cpu_physical_memory_map(ccw.cda, &hw_len, 0);
>>> -- 
>>> 1.7.1
>

Re: [Qemu-devel] [PATCH V13 4/6] create some QemuOpts functons

[Dong Xu Wang]

On 2013/5/6 20:20, Markus Armbruster wrote:

Dong Xu Wang  writes:


These functions will be used in next commit. qemu_opt_get_(*)_del functions
are used to make sure we have the same behaviors as before: after get an
option value, options++.


I don't understand the last sentence.


Signed-off-by: Dong Xu Wang 
---
  include/qemu/option.h |  11 +-
  util/qemu-option.c| 103 ++
  2 files changed, 105 insertions(+), 9 deletions(-)

diff --git a/include/qemu/option.h b/include/qemu/option.h
index c7a5c14..d63e447 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -108,6 +108,7 @@ struct QemuOptsList {
  };

  const char *qemu_opt_get(QemuOpts *opts, const char *name);
+const char *qemu_opt_get_del(QemuOpts *opts, const char *name);
  /**
   * qemu_opt_has_help_opt:
   * @opts: options to search for a help request
@@ -121,13 +122,18 @@ const char *qemu_opt_get(QemuOpts *opts, const char 
*name);
   */
  bool qemu_opt_has_help_opt(QemuOpts *opts);
  bool qemu_opt_get_bool(QemuOpts *opts, const char *name, bool defval);
+bool qemu_opt_get_bool_del(QemuOpts *opts, const char *name, bool defval);
  uint64_t qemu_opt_get_number(QemuOpts *opts, const char *name, uint64_t 
defval);
  uint64_t qemu_opt_get_size(QemuOpts *opts, const char *name, uint64_t defval);
+uint64_t qemu_opt_get_size_del(QemuOpts *opts, const char *name,
+   uint64_t defval);
  int qemu_opt_set(QemuOpts *opts, const char *name, const char *value);
+int qemu_opt_replace_set(QemuOpts *opts, const char *name, const char *value);
  void qemu_opt_set_err(QemuOpts *opts, const char *name, const char *value,
Error **errp);
  int qemu_opt_set_bool(QemuOpts *opts, const char *name, bool val);
  int qemu_opt_set_number(QemuOpts *opts, const char *name, int64_t val);
+int qemu_opt_replace_set_number(QemuOpts *opts, const char *name, int64_t val);
  typedef int (*qemu_opt_loopfunc)(const char *name, const char *value, void 
*opaque);
  int qemu_opt_foreach(QemuOpts *opts, qemu_opt_loopfunc func, void *opaque,
   int abort_on_failure);
@@ -144,7 +150,10 @@ const char *qemu_opts_id(QemuOpts *opts);
  void qemu_opts_del(QemuOpts *opts);
  void qemu_opts_validate(QemuOpts *opts, const QemuOptDesc *desc, Error 
**errp);
  int qemu_opts_do_parse(QemuOpts *opts, const char *params, const char 
*firstname);
-QemuOpts *qemu_opts_parse(QemuOptsList *list, const char *params, int 
permit_abbrev);
+int qemu_opts_do_parse_replace(QemuOpts *opts, const char *params,
+   const char *firstname);
+QemuOpts *qemu_opts_parse(QemuOptsList *list, const char *params,
+  int permit_abbrev);
  void qemu_opts_set_defaults(QemuOptsList *list, const char *params,
  int permit_abbrev);
  QemuOpts *qemu_opts_from_qdict(QemuOptsList *list, const QDict *qdict,
diff --git a/util/qemu-option.c b/util/qemu-option.c
index 0488c27..5db6d76 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -33,6 +33,8 @@
  #include "qapi/qmp/qerror.h"
  #include "qemu/option_int.h"

+static void qemu_opt_del(QemuOpt *opt);
+
  /*
   * Extracts the name of an option from the parameter string (p points at the
   * first byte of the option name)
@@ -549,6 +551,16 @@ const char *qemu_opt_get(QemuOpts *opts, const char *name)

const char *qemu_opt_get(QemuOpts *opts, const char *name)
{
QemuOpt *opt = qemu_opt_find(opts, name);
const QemuOptDesc *desc;
desc = find_desc_by_name(opts->list->desc, name);

return opt ? opt->str :

  (desc && desc->def_value_str ? desc->def_value_str : NULL);
  }

+const char *qemu_opt_get_del(QemuOpts *opts, const char *name)
+{
+QemuOpt *opt = qemu_opt_find(opts, name);
+const char *str = opt ? g_strdup(opt->str) : NULL;
+if (opt) {
+qemu_opt_del(opt);
+}
+return str;
+}
+


Unlike qemu_opt_del(), this one doesn't use def_value_str.  Why?  Isn't
that a trap for users of this function?

Same question for the qemu_opt_get_FOO_del() that follow.


  bool qemu_opt_has_help_opt(QemuOpts *opts)
  {
  QemuOpt *opt;
@@ -577,6 +589,22 @@ bool qemu_opt_get_bool(QemuOpts *opts, const char *name, 
bool defval)
  return opt->value.boolean;
  }

+bool qemu_opt_get_bool_del(QemuOpts *opts, const char *name, bool defval)
+{
+QemuOpt *opt = qemu_opt_find(opts, name);
+bool ret;
+
+if (opt == NULL) {
+return defval;
+}
+ret = opt->value.boolean;
+assert(opt->desc && opt->desc->type == QEMU_OPT_BOOL);
+if (opt) {
+qemu_opt_del(opt);
+}
+return ret;
+}
+
  uint64_t qemu_opt_get_number(QemuOpts *opts, const char *name, uint64_t 
defval)
  {
  QemuOpt *opt = qemu_opt_find(opts, name);
@@ -609,6 +637,23 @@ uint64_t qemu_opt_get_size(QemuOpts *opts, const char 
*name, uint64_t defval)
  return opt->value.uint;
  }

+uint64_t qemu_opt_get

[Qemu-devel] [RFC PATCH v4] Throttle-down guest when live migration does not converge.

[Chegu Vinod]

Busy enterprise workloads hosted on large sized VM's tend to dirty
memory faster than the transfer rate achieved via live guest migration.
Despite some good recent improvements (& using dedicated 10Gig NICs
between hosts) the live migration does NOT converge.

If a user chooses to force convergence of their migration via a new
migration capability "auto-converge" then this change will auto-detect
lack of convergence scenario and trigger a slow down of the workload
by explicitly disallowing the VCPUs from spending much time in the VM
context.

The migration thread tries to catchup and this eventually leads
to convergence in some "deterministic" amount of time. Yes it does
impact the performance of all the VCPUs but in my observation that
lasts only for a short duration of time. i.e. we end up entering
stage 3 (downtime phase) soon after that. No external trigger is
required.

Thanks to Juan and Paolo for their useful suggestions.

Verified the convergence using the following :
- SpecJbb2005 workload running on a 20VCPU/256G guest(~80% busy)
- OLTP like workload running on a 80VCPU/512G guest (~80% busy)

Sample results with SpecJbb2005 workload : (migrate speed set to 20Gb and
migrate downtime set to 4seconds).

(qemu) info migrate
capabilities: xbzrle: off auto-converge: off  <
Migration status: active
total time: 1487503 milliseconds
expected downtime: 519 milliseconds
transferred ram: 383749347 kbytes
remaining ram: 2753372 kbytes
total ram: 268444224 kbytes
duplicate: 65461532 pages
skipped: 64901568 pages
normal: 95750218 pages
normal bytes: 383000872 kbytes
dirty pages rate: 67551 pages

---

(qemu) info migrate
capabilities: xbzrle: off auto-converge: on   <
Migration status: completed
total time: 241161 milliseconds
downtime: 6373 milliseconds
transferred ram: 28235307 kbytes
remaining ram: 0 kbytes
total ram: 268444224 kbytes
duplicate: 64946416 pages
skipped: 64903523 pages
normal: 7044971 pages
normal bytes: 28179884 kbytes

---

Changes from v3:
- incorporated feedback from Paolo and Eric
- rebased to latest qemu.git

Changes from v2:
- incorporated feedback from Orit, Juan and Eric
- stop the throttling thread at the start of stage 3
- rebased to latest qemu.git

Changes from v1:
- rebased to latest qemu.git
- added auto-converge capability(default off) - suggested by Anthony Liguori &
Eric Blake.

Signed-off-by: Chegu Vinod 
---
 arch_init.c   |   61 -
 cpus.c|   41 +++
 include/migration/migration.h |7 +
 include/qemu-common.h |1 +
 include/qemu/main-loop.h  |3 ++
 include/qom/cpu.h |   10 +++
 kvm-all.c |   46 +++
 migration.c   |   18 
 qapi-schema.json  |5 +++-
 9 files changed, 190 insertions(+), 2 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 49c5dc2..2f703cf 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -104,6 +104,7 @@ int graphic_depth = 15;
 #endif
 
 const uint32_t arch_type = QEMU_ARCH;
+static bool mig_throttle_on;
 
 /***/
 /* ram save/restore */
@@ -379,7 +380,14 @@ static void migration_bitmap_sync(void)
 MigrationState *s = migrate_get_current();
 static int64_t start_time;
 static int64_t num_dirty_pages_period;
+static int64_t bytes_xfer_prev;
 int64_t end_time;
+int64_t bytes_xfer_now;
+static int dirty_rate_high_cnt;
+
+if (!bytes_xfer_prev) {
+bytes_xfer_prev = ram_bytes_transferred();
+}
 
 if (!start_time) {
 start_time = qemu_get_clock_ms(rt_clock);
@@ -404,6 +412,27 @@ static void migration_bitmap_sync(void)
 
 /* more than 1 second = 1000 millisecons */
 if (end_time > start_time + 1000) {
+if (migrate_auto_converge()) {
+/* The following detection logic can be refined later. For now:
+   Check to see if the dirtied bytes is 50% more than the approx.
+   amount of bytes that just got transferred since the last time we
+   were in this routine. If that happens N times (for now N==5)
+   we turn on the throttle down logic */
+bytes_xfer_now = ram_bytes_transferred();
+if (s->dirty_pages_rate &&
+((num_dirty_pages_period*TARGET_PAGE_SIZE) >
+((bytes_xfer_now - bytes_xfer_prev)/2))) {
+if (dirty_rate_high_cnt++ > 5) {
+DPRINTF("Unable to converge. Throtting down guest\n");
+qemu_mutex_lock_mig_throttle();
+if (!mig_throttle_on) {
+mig_throttle_on = true;
+}
+qemu_mutex_unlock_mig_throttle();
+}
+ }
+ bytes_xfer_prev = bytes_xfer_now;
+}
   

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Paolo Bonzini]

Il 06/05/2013 23:07, Jordan Justen ha scritto:
> On Mon, May 6, 2013 at 1:41 PM, Paolo Bonzini  wrote:
>> Il 06/05/2013 22:31, Anthony Liguori ha scritto:
>>> Jordan Justen  writes:
>>>
 On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  
 wrote:
> I believe I have processed all of the outstanding pull requests and
> patches tagged for 1.5.  If there are any other patches or pull requests
> you would like to be considered, please respond to this note with a
> pointer to the patch or make sure you send it out tagged with 'for-1.5'
> no later than 5pm US/Eastern.

 Is there a chance of including the KVM PC flash series in 1.5?
 Unfortunately, I'm assuming no given the timing.
>>>
>>> I think we're going to need to delay it.  Did we ever come to a
>>> consensus about what to do on older kernels?
>>
>> Yes, the patches only use the new feature is -pflash is given on the
>> command line.  memory_region_set_readonly is only used in a few places,
>> so I think this series could go in; it is a fix for a TCG-mode regression.
>>
>> I'm curious however if it causes -M isapc to regress, because in 1.4 it
>> works only in KVM mode, not in TCG mode.
> 
> It looks like isapc has always set rom_only to 1, meaning it never
> should have supported PC flash. So, I hope isapc didn't ever have any
> noticeable behavior change due to the PC flash feature.

The change would be because you now implement
memory_region_set_readonly.  That's the "dangerous" part of the series.

Paolo

Re: [Qemu-devel] [Qemu-ppc] [PATCH 7/8] pseries: savevm support for PAPR virtual SCSI

[David Gibson]

On Mon, May 06, 2013 at 09:37:11AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 03:38, David Gibson ha scritto:
> > This patch adds the necessary support for saving the state of the PAPR VIO
> > virtual SCSI device.  This turns out to be trivial, because the generiC
> > SCSI code already quiesces the attached virtual SCSI bus.
> > 
> > Signed-off-by: David Gibson 
> > ---
> >  hw/scsi/spapr_vscsi.c |   28 
> >  1 file changed, 28 insertions(+)
> > 
> > diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
> > index 3d322d5..f416871 100644
> > --- a/hw/scsi/spapr_vscsi.c
> > +++ b/hw/scsi/spapr_vscsi.c
> > @@ -954,6 +954,33 @@ static Property spapr_vscsi_properties[] = {
> >  DEFINE_PROP_END_OF_LIST(),
> >  };
> >  
> > +static void spapr_vscsi_pre_save(void *opaque)
> > +{
> > +VSCSIState *s = opaque;
> > +int i;
> > +
> > +/* Can't save active requests, apparently the general SCSI code
> > + * quiesces the queue for us on vmsave */
> > +for (i = 0; i < VSCSI_REQ_LIMIT; i++) {
> > +assert(!s->reqs[i].active);
> > +}
> > +}
> 
> This is only true when the rerror and werror options have the values
> "ignore" or "report".  See virtio-scsi for an example of how to save the
> requests using the save_request and load_request callbacks in
> SCSIBusInfo.

Ah, bother.  Unfortunately the save request is quite a lot more
complicated for vscsi, since we have a lot more private data, and I'm
not sure which bits can be reconstructed from other information.  I'll
see what I can come up with.

What guarantees _does_ the scsi layer give about the lifecycle state
of the requests when we savevm?

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH] [KVM] Needless to update msi route when only msi-x entry "control" section changed

[Zhanghaoyu (A)]

>> >> With regard to old version linux guest(e.g., rhel-5.5), in ISR 
>> >> processing, mask and unmask msi-x vector every time, which result in 
>> >> VMEXIT, then QEMU will invoke kvm_irqchip_update_msi_route() to ask KVM 
>> >> hypervisor to update the VM irq routing table. In KVM hypervisor, 
>> >> synchronizing RCU needed after updating routing table, so much time 
>> >> consumed for waiting in wait_rcu_gp(). So CPU usage in VM is so high, 
>> >> while from the view of host, VM's total CPU usage is so low. 
>> >> Masking/unmasking msi-x vector only set msi-x entry "control" section, 
>> >> needless to update VM irq routing table.
>> >> 
>> >> Signed-off-by: Zhang Haoyu 
>> >> Signed-off-by: Huang Weidong 
>> >> Signed-off-by: Qin Chuanyu 
>> >> ---
>> >> hw/i386/kvm/pci-assign.c | 3 +++
>> >> 1 files changed, 3 insertions(+)
>> >> 
>> >> --- a/hw/i386/kvm/pci-assign.c  2013-05-04 15:53:18.0 +0800
>> >> +++ b/hw/i386/kvm/pci-assign.c  2013-05-04 15:50:46.0 +0800
>> >> @@ -1576,6 +1576,8 @@ static void assigned_dev_msix_mmio_write
>> >>  MSIMessage msg;
>> >>  int ret;
>> >> 
>> >> +/* Needless to update msi route when only msi-x entry 
>> >> "control" section changed */
>> >> +if ((addr & (PCI_MSIX_ENTRY_SIZE - 1)) != 
>> >> + PCI_MSIX_ENTRY_VECTOR_CTRL){
>> >>  msg.address = entry->addr_lo |
>> >>  ((uint64_t)entry->addr_hi << 32);
>> >>  msg.data = entry->data; @@ -1585,6 +1587,7 @@ 
>> >> static void assigned_dev_msix_mmio_write
>> >>  if (ret) {
>> >>  error_report("Error updating irq routing entry 
>> >> (%d)", ret);
>> >>  }
>> >> +}
>> >>  }
>> >>  }
>> >>  }
>> >> 
>> >> Thanks,
>> >> Zhang Haoyu
>> >
>> >
>> >If guest wants to update the vector, it does it like this:
>> >mask
>> >update
>> >unmask
>> >and it looks like the only point where we update the vector is on unmask, 
>> >so this patch will mean we don't update the vector ever.
>> >
>> >I'm not sure this combination (old guest + legacy device assignment
>> >framework) is worth optimizing. Can you try VFIO instead?
>> >
>> >But if it is, the right way to do this is probably along the lines of the 
>> >below patch. Want to try it out?
>> >
>> >diff --git a/kvm-all.c b/kvm-all.c
>> >index 2d92721..afe2327 100644
>> >--- a/kvm-all.c
>> >+++ b/kvm-all.c
>> >@@ -1006,6 +1006,11 @@ static int kvm_update_routing_entry(KVMState *s,
>> > continue;
>> > }
>> > 
>> >+if (entry->type == new_entry->type &&
>> >+entry->flags == new_entry->flags &&
>> >+entry->u == new_entry->u) {
>> >+return 0;
>> >+}
>> > entry->type = new_entry->type;
>> > entry->flags = new_entry->flags;
>> > entry->u = new_entry->u;
>> >
>> 
>> union type cannot be directly compared, I tried out below patch 
>> instead,
>> --- a/kvm-all.c 2013-05-06 09:56:38.0 +0800
>> +++ b/kvm-all.c 2013-05-06 09:56:45.0 +0800
>> @@ -1008,6 +1008,12 @@ static int kvm_update_routing_entry(KVMS
>>  continue;
>>  }
>> 
>> +if (entry->type == new_entry->type &&
>> +entry->flags == new_entry->flags &&
>> +!memcmp(&entry->u, &new_entry->u, sizeof(entry->u))) {
>> +return 0;
>> +}
>> +
>>  entry->type = new_entry->type;
>>  entry->flags = new_entry->flags;
>>  entry->u = new_entry->u;
>> 
>> MST's patch is more universal than my first patch fixed in 
>> assigned_dev_msix_mmio_write().
>> On the case that the msix entry's other section but "control" section is set 
>> to the identical value with old entry's, MST's patch also works.
>> MST's patch also works on the non-passthrough scenario.
>
>Any numbers for either case?
>
I'm not sure what you said exactly means. 
Do you want me to make a further statement for comparison between above two 
patches?
If yes, no other comments.

>> And, after MST's patch applied, the below check in 
>> virtio_pci_vq_vector_unmask() can be removed.
>> --- a/hw/virtio/virtio-pci.c2013-05-04 15:53:20.0 +0800
>> +++ b/hw/virtio/virtio-pci.c2013-05-06 10:25:58.0 +0800
>> @@ -619,12 +619,10 @@ static int virtio_pci_vq_vector_unmask(V
>> 
>>  if (proxy->vector_irqfd) {
>>  irqfd = &proxy->vector_irqfd[vector];
>> -if (irqfd->msg.data != msg.data || irqfd->msg.address != 
>> msg.address) {
>>  ret = kvm_irqchip_update_msi_route(kvm_state, irqfd->virq, msg);
>>  if (ret < 0) {
>>  return ret;
>>  }
>> -}
>>  }
>> 
>>  /* If guest supports masking, irqfd is already setup, unmask it.
>> 
>> Thanks,
>> Zhang Haoyu

Re: [Qemu-devel] [PATCH v2 1/4] Add i.MX FEC Ethernet driver

[Peter Crosthwaite]

Hi Peter, Michael,

On Mon, May 6, 2013 at 10:01 PM, Peter Maydell  wrote:
> On 6 May 2013 10:24, Michael S. Tsirkin  wrote:
>> On Mon, May 06, 2013 at 10:08:42AM +0100, Peter Maydell wrote:
>>> On 6 May 2013 09:51, Michael S. Tsirkin  wrote:
>>> > On Sun, May 05, 2013 at 11:00:24PM +0100, Peter Maydell wrote:
>>> >> On 5 May 2013 22:15, Michael S. Tsirkin  wrote:
>>> >> > On Sun, May 05, 2013 at 07:01:34PM +0100, Peter Maydell wrote:
>
>>> > Can't board code look for instanciated controllers
>>> > and wire them up?
>>>
>>> I don't think this will work, because -device does both
>>> 'instance_init' and 'realize', and some of the things the
>>> board needs to set and wire up must be done before 'realize'.
>>
>> Well let's add a flag that tells QM to delay realize then?
>> It's not "abstract" but maybe "embedded" type?
>

This seems fundamentally flawed to me. -device should create a new
device to the users specification, whereas this flow will create a new
device to user specification but then let a machine model modify as it
sees fit.

> This still requires users to know what their board's NIC
> happens to be,

Which is ugly detail the user should not have to care about.

> and how do you match up the half-finished
> thing created with -device to the device that the board
> creates later?
>

There may also be cases where machine model want to create a NIC
regardless of whether its used or not. Relevant for sysbus NICs as we
don't have the luxury of a PCI probe process so a generic guest (e.g.
a kernel and its pre-canned dtb) may assume a NIC exists and crash if
the sysbus device is not there. I'm half tempted to pull out the
nb_nics conditionals on Zynqs NIC creation for this very reason.
Bottom line is we shouldn't have to rely on a -device or -net arg at
all to get a NIC.

>>> >> There's probably a nasty workaround involving '-global', but:
>>> >>  * that requires the user to know the device name for the
>>> >>onboard NIC for the board, which is a regression from
>>> >>the -net situation
>>> >>  * it's not clear how it works if the board has two NICs
>>> >>of the same type
>>> >
>>> > How does it work now?
>>> > I am guessing each -net nic gets mapped to a random device.
>>> > At some level that's worse than documenting about internal names,
>>> > we are teaching users to learn order of initialization
>>> > by trial and error and then rely on this.
>>>
>>> Well, it gets mapped to a specific device (hopefully we pick
>>> the same order as the kernel so first nic is eth0, second
>>> is eth1, and so on). This isn't a question of initialization
>>> order, because you can happily initialize the NIC corresponding
>>> to nd_table[1] before the one for nd_table[0] if you like.
>>> It's just a matter of picking which bit of hardware we call
>>> the "first" ethernet device, in the same way that we pick
>>> one of two serial ports to call the "first" serial port.
>
>> In other words, it's an undocumented hack :(
>> Scary as it sounds, for this case I like documenting
>> internal names better.

+1 and give machine-model created NICs a reasonable naming scheme.
Could we also expose the names to the monitor somehow so they can be
looked up easily?

>
> How does that work when both internal NICs are the same kind
> of device?
>

Sanitize the naming scheme:

candence_gem.0 and cadence_gem.1 or something for Zynqs two NICs.

Regards,
Peter

> -- PMM
>

Re: [Qemu-devel] Incorrect handling of PPC64 rldcl insn

[Aurelien Jarno]

On Tue, May 07, 2013 at 12:14:47AM +0200, Alexander Graf wrote:
> 
> On 06.05.2013, at 20:13, Torbjorn Granlund wrote:
> 
> > Alexander Graf  writes:
> > 
> >  Thanks a lot for the bug report and test case! Please CC qemu-ppc
> >  whenever you find issues or have patches for PPC. That makes filtering
> >  for important mails a lot easier.
> > 
> > Would that make my complaints be considered more or less important?  :-)
> > 
> >  Does the patch below fix the issue for you?
> > 
> > It indeed does.  (I actually tried that already, but I cannot follow the
> > data flow into these functions, so cannot tell if that patch is
> > sufficient.  
> 
> Yes, it is. It's a leftover bug from converting the code to TCG I assume.

Yes, looks like I am the culprit here.

> > This bug indicates complete non-testing status of these
> > insns, which are mainstream enough to be generated by gcc.  I suppose
> > there will likely be more such fundamental errors if more instructions
> > are also completely untested.)
> 
> There's a certain chance that happens, yes. We don't have instruction test 
> suites for the PPC target.
> 

We have the Gwenole Beauschene testsuite for the PPC32 target, even if
it doesn't work when compiled on a recent distribution, one has to use
the old binary. It currently passes, so the PPC32 and Altivec
instructions should be fine.

On the contrary, the PPC64 instructions are untested, and there are
likely a few bugs like this one left, especially on complex
instructions.

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/7] pci: add MPC105 PCI host bridge emulation

[Andreas Färber]

Am 06.05.2013 22:57, schrieb Hervé Poussineau:
> Alexander Graf a écrit :
>> On 05/03/2013 07:57 AM, Hervé Poussineau wrote:
>>> Alexander Graf a écrit :

 Am 02.05.2013 um 22:08 schrieb Hervé Poussineau :

> Non-contiguous I/O is not implemented.
>
> There is also somewhere a bug in the memory controller, which means
> that some real firmwares may not detect the correct amount of memory.
> This can be bypassed by adding '-m 1G' on the command line.
>
> Add x-auto-conf property, to automatically configure the memory
> controller at startup. This will be required by OpenBIOS, which
> doesn't know how to do it.

 Why not teach it? I'd prefer to see that logic in firmware.
>>>
>>> Me too, but I'm not confident enough in my capabilities to do it.
>>
>> Huh? Why not? Most of the device initialization code in OpenBIOS
>> happens in C, so you don't even have to touch Forth code :).
>>
>>> Autoconfiguration is only in one place of the code, so I think it can
>>> be removed easily once OpenBIOS has this logic.
>>
>> I'd prefer if we could come up with a clean model from the start. It
>> really shouldn't be hard at all.
>>
> 
> I thought that for all other usages of OpenBIOS in QEMU, RAM was
> supposed to be available as soon as machine was powered on.
> 
> However, I checked OpenBIOS code:
> One of the first things done in arch/ppc/qemu/start.S is to copy the
> exception vectors. So, I should add code before it to detect memory
> controller, detect ram size and configure memory controller?

No. Why? QEMU does not depend on the memory controller being
initialized, only the OS might expect some registers to be filled in. So
you should look at or add the MPC105 PHB initialization hook in
OpenBIOS' PCI code, long after the memory is set up.

> It seems quite a bit of code.
> Do you have an example of how to do it for another memory controller, so
> I can adapt the code?

Not sure if there's a memory controller specifically, but the Mac PHBs
are being initialized and on my PReP OpenBIOS branch I may have touched
that code...

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/7] pci: add MPC105 PCI host bridge emulation

[Alexander Graf]

On 06.05.2013, at 22:57, Hervé Poussineau wrote:

> Alexander Graf a écrit :
>> On 05/03/2013 07:57 AM, Hervé Poussineau wrote:
>>> Alexander Graf a écrit :
 
 Am 02.05.2013 um 22:08 schrieb Hervé Poussineau :
 
> Non-contiguous I/O is not implemented.
> 
> There is also somewhere a bug in the memory controller, which means
> that some real firmwares may not detect the correct amount of memory.
> This can be bypassed by adding '-m 1G' on the command line.
> 
> Add x-auto-conf property, to automatically configure the memory
> controller at startup. This will be required by OpenBIOS, which
> doesn't know how to do it.
 
 Why not teach it? I'd prefer to see that logic in firmware.
>>> 
>>> Me too, but I'm not confident enough in my capabilities to do it.
>> Huh? Why not? Most of the device initialization code in OpenBIOS happens in 
>> C, so you don't even have to touch Forth code :).
>>> Autoconfiguration is only in one place of the code, so I think it can be 
>>> removed easily once OpenBIOS has this logic.
>> I'd prefer if we could come up with a clean model from the start. It really 
>> shouldn't be hard at all.
> 
> I thought that for all other usages of OpenBIOS in QEMU, RAM was supposed to 
> be available as soon as machine was powered on.
> 
> However, I checked OpenBIOS code:
> One of the first things done in arch/ppc/qemu/start.S is to copy the 
> exception vectors. So, I should add code before it to detect memory 
> controller, detect ram size and configure memory controller?

You could just try to poke fw_cfg and ask it for the machine model. Based on 
that you can do all the initialization hardcoded.

> It seems quite a bit of code.
> Do you have an example of how to do it for another memory controller, so I 
> can adapt the code?

Unfortunately not, no.


Alex

Re: [Qemu-devel] Incorrect handling of PPC64 rldcl insn

[Alexander Graf]

On 06.05.2013, at 20:13, Torbjorn Granlund wrote:

> Alexander Graf  writes:
> 
>  Thanks a lot for the bug report and test case! Please CC qemu-ppc
>  whenever you find issues or have patches for PPC. That makes filtering
>  for important mails a lot easier.
> 
> Would that make my complaints be considered more or less important?  :-)
> 
>  Does the patch below fix the issue for you?
> 
> It indeed does.  (I actually tried that already, but I cannot follow the
> data flow into these functions, so cannot tell if that patch is
> sufficient.  

Yes, it is. It's a leftover bug from converting the code to TCG I assume.

> This bug indicates complete non-testing status of these
> insns, which are mainstream enough to be generated by gcc.  I suppose
> there will likely be more such fundamental errors if more instructions
> are also completely untested.)

There's a certain chance that happens, yes. We don't have instruction test 
suites for the PPC target.


Alex

Re: [Qemu-devel] Query regarding IO paths in QEMU

[aayush gupta]

Thanks for the reply. I am trying to use the tracing with qemu-io as
suggested in docs/tracing.txt. I did the following steps:

1. Configure and make with simple backend
2. Create a set of events I am interested in (/tmp/events)
3. Now I am running the qemu-iotests by adding T= /tmp/events to  test 001
testcase (file read path only).
It runs and generates a trace-x file. However, the file just has a
couple of lines in it in binary.
4. When I pass it through simpletrace.py nothing happens.

Can you tell me if I missed some step or something else needs to be done.

Thanks for your help.

Aayush


On Wed, May 1, 2013 at 2:30 AM, Stefan Hajnoczi  wrote:

> On Mon, Apr 29, 2013 at 10:02:34AM -0700, aayush gupta wrote:
> > I am trying to understand the IO paths in QEMU (which I understand
> emulates
> > IO for KVM) to have a better idea of how it works and get a clear picture
> > of how I can trap all read/write requests being issued by the VM in the
> > QEMU block layer for a project that I am working on.
> >
> > For example, lets say that we use QCOW2 image format for VMs. Looking
> into
> > the code, I was able to track the requests as follows:
> >
> > bdrv_read() -> bdrv_rw_co() -> bdrv_rw_co_entry() -> bdrv_co_do_readv()
> ->
> > this calls into driver specific functions
>
> Emulated devices typically use bdrv_aio_readv() instead of the
> synchronous bdrv_read() function.  bdrv_read() would block the guest
> until the disk operation completes.
>
> The model is:
>
> Storage controllers (IDE, SCSI, virtio, etc) are emulated by QEMU in
> hw/.  The storage controller has a pointer to a BlockDriverState, which
> is the block device.
>
> BlockDriverStates can form a tree.  For example, a qcow2 file actually
> involves a raw file BlockDriverState and the qcow2 format
> BlockDriverState.  The storage controller has a pointer to the qcow2
> format BlockDriverState.  The qcow2 code invokes I/O operations on its
> bs->file field, which will be the raw file BlockDriverState.
>
> This abstraction makes it possible to use qcow2 on top of a Sheepdog
> volume, for example.
>
> Also, take a look at docs/tracing.txt.  There are pre-defined trace
> events for block I/O operations.  This may be enough to instrument what
> you need.
>
> Stefan
>

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Jordan Justen]

On Mon, May 6, 2013 at 1:31 PM, Anthony Liguori  wrote:
> Jordan Justen  writes:
>
>> On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  wrote:
>>> I believe I have processed all of the outstanding pull requests and
>>> patches tagged for 1.5.  If there are any other patches or pull requests
>>> you would like to be considered, please respond to this note with a
>>> pointer to the patch or make sure you send it out tagged with 'for-1.5'
>>> no later than 5pm US/Eastern.
>>
>> Is there a chance of including the KVM PC flash series in 1.5?
>> Unfortunately, I'm assuming no given the timing.
>
> I think we're going to need to delay it.  Did we ever come to a
> consensus about what to do on older kernels?

The feedback was to only use flash mode only when -pflash is used, and
to bail if pflash+kvm is used with an old kernel. If -pflash is not
specified, then rom-mode is used, and qemu will behave as in <=
pc-1.1.

This was implemented in v2 and carried forward to the current v3:
git://github.com/jljusten/qemu.git kvm-flash-v3

-Jordan

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Jordan Justen]

On Mon, May 6, 2013 at 1:41 PM, Paolo Bonzini  wrote:
> Il 06/05/2013 22:31, Anthony Liguori ha scritto:
>> Jordan Justen  writes:
>>
>>> On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  wrote:
 I believe I have processed all of the outstanding pull requests and
 patches tagged for 1.5.  If there are any other patches or pull requests
 you would like to be considered, please respond to this note with a
 pointer to the patch or make sure you send it out tagged with 'for-1.5'
 no later than 5pm US/Eastern.
>>>
>>> Is there a chance of including the KVM PC flash series in 1.5?
>>> Unfortunately, I'm assuming no given the timing.
>>
>> I think we're going to need to delay it.  Did we ever come to a
>> consensus about what to do on older kernels?
>
> Yes, the patches only use the new feature is -pflash is given on the
> command line.  memory_region_set_readonly is only used in a few places,
> so I think this series could go in; it is a fix for a TCG-mode regression.
>
> I'm curious however if it causes -M isapc to regress, because in 1.4 it
> works only in KVM mode, not in TCG mode.

It looks like isapc has always set rom_only to 1, meaning it never
should have supported PC flash. So, I hope isapc didn't ever have any
noticeable behavior change due to the PC flash feature.

-Jordan

[Qemu-devel] [PULL 04/11] target-i386: Introduce X86CPU::filtered_features field

[Andreas Färber]

From: Eduardo Habkost 

This field will contain the feature bits that were filtered out because
of missing host support.

Signed-off-by: Eduardo Habkost 
Reviewed-by: Eric Blake 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu-qom.h | 3 +++
 target-i386/cpu.c | 9 ++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index f890f1c..849cedf 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -65,6 +65,9 @@ typedef struct X86CPU {
 /*< public >*/
 
 CPUX86State env;
+
+/* Features that were filtered out because of missing host capabilities */
+uint32_t filtered_features[FEATURE_WORDS];
 } X86CPU;
 
 static inline X86CPU *x86_env_get_cpu(CPUX86State *env)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 3857514..38793bc 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1698,9 +1698,12 @@ static void filter_features_for_kvm(X86CPU *cpu)
 
 for (w = 0; w < FEATURE_WORDS; w++) {
 FeatureWordInfo *wi = &feature_word_info[w];
-env->features[w] &= kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
-wi->cpuid_ecx,
-wi->cpuid_reg);
+uint32_t host_feat = kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
+ wi->cpuid_ecx,
+ wi->cpuid_reg);
+uint32_t requested_features = env->features[w];
+env->features[w] &= host_feat;
+cpu->filtered_features[w] = requested_features & ~env->features[w];
 }
 }
 #endif
-- 
1.8.1.4

Re: [Qemu-devel] [RFC][PATCH 10/15] memory: Rework sub-page handling

[Peter Maydell]

On 6 May 2013 15:26, Jan Kiszka  wrote:
> Simplify the sub-page handling by implementing it directly in the
> dispatcher instead of using a redirection memory region. We extend the
> phys_sections entries to optionally hold a pointer to the sub-section
> table that used to reside in the subpage_t structure. IOW, we add one
> optional dispatch level below the existing radix tree.
>
> address_space_lookup_region is extended to take this additional level
> into account. This direct dispatching to that target memory region will
> also be helpful when we want to add per-region locking control.

This patch seems to break vexpress-a9. Test case if you want it:
http://staging.people.linaro.org/~peter.maydell/vexpress-3.8.tar.gz
(125MB) Edit the 'runme' script to fix up the paths to kernel/initrd/dtb
and then run it; before this patch it boots, afterwards it doesn't
even manage to start the kernel.

My guess is you've broken subregion-sized mmio regions somehow
(and/or regions which are larger than a page in size but start
or finish at a non-page-aligned address), and probably in particular
the arm_gic regions that a9mpcore maps...

thanks
-- PMM

[Qemu-devel] [PULL 09/11] target-i386: Change CPUID model of 486 to 8

[Andreas Färber]

This changes the model number of 486 to 8 (DX4) which matches the
feature set presented, and actually has the CPUID instruction.

This adds a compatibility property, to keep model=0 on pc-*-1.4 and older.

Signed-off-by: H. Peter Anvin 
[AF: Add compat_props entry]
Tested-by: Eduardo Habkost 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 include/hw/i386/pc.h | 4 
 target-i386/cpu.c| 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 41869e5..417afe4 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -242,6 +242,10 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
 .driver   = "pc-sysfw",\
 .property = "rom_only",\
 .value= stringify(0),\
+},{\
+.driver   = "486-" TYPE_X86_CPU,\
+.property = "model",\
+.value= stringify(0),\
 }
 
 #endif
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index b438478..8e21c94 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -588,7 +588,7 @@ static x86_def_t builtin_x86_defs[] = {
 .level = 1,
 .vendor = CPUID_VENDOR_INTEL,
 .family = 4,
-.model = 0,
+.model = 8,
 .stepping = 0,
 .features[FEAT_1_EDX] =
 I486_FEATURES,
-- 
1.8.1.4

Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/7] pci: add MPC105 PCI host bridge emulation

[Hervé Poussineau]

Alexander Graf a écrit :

On 05/03/2013 07:57 AM, Hervé Poussineau wrote:

Alexander Graf a écrit :


Am 02.05.2013 um 22:08 schrieb Hervé Poussineau :


Non-contiguous I/O is not implemented.

There is also somewhere a bug in the memory controller, which means
that some real firmwares may not detect the correct amount of memory.
This can be bypassed by adding '-m 1G' on the command line.

Add x-auto-conf property, to automatically configure the memory
controller at startup. This will be required by OpenBIOS, which
doesn't know how to do it.


Why not teach it? I'd prefer to see that logic in firmware.


Me too, but I'm not confident enough in my capabilities to do it.


Huh? Why not? Most of the device initialization code in OpenBIOS happens 
in C, so you don't even have to touch Forth code :).


Autoconfiguration is only in one place of the code, so I think it can 
be removed easily once OpenBIOS has this logic.


I'd prefer if we could come up with a clean model from the start. It 
really shouldn't be hard at all.




I thought that for all other usages of OpenBIOS in QEMU, RAM was 
supposed to be available as soon as machine was powered on.


However, I checked OpenBIOS code:
One of the first things done in arch/ppc/qemu/start.S is to copy the 
exception vectors. So, I should add code before it to detect memory 
controller, detect ram size and configure memory controller?

It seems quite a bit of code.
Do you have an example of how to do it for another memory controller, so 
I can adapt the code?


Regards,

Hervé

Re: [Qemu-devel] [PATCH for-1.5] virtio-pci: bugfix

[Anthony Liguori]

"Michael S. Tsirkin"  writes:

> mask notifiers are never called without msix,
> so devices with backend masking like vhost don't work.
> Call mask notifiers explicitly at
> startup/cleanup to make it work.
>
> Signed-off-by: Michael S. Tsirkin 
> Tested-by: Alexander Graf 

/home/aliguori/git/qemu/hw/virtio/virtio-pci.c: In function 
‘virtio_pci_set_guest_notifier’:
/home/aliguori/git/qemu/hw/virtio/virtio-pci.c:761:54: error: ‘VirtIODevice’ 
has no member named ‘guest_notifier_mask’
/home/aliguori/git/qemu/hw/virtio/virtio-pci.c:762:20: error: ‘VirtIODevice’ 
has no member named ‘guest_notifier_mask’
  CChw/virtio/dataplane/hostmem.o
make: *** [hw/virtio/virtio-pci.o] Error 1

Regards,

Anthony Liguori

>
> ---
>  hw/virtio/virtio-pci.c | 4 
>  1 file changed, 4 insertions(+)
>
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 8bba0f3..d0fcc6c 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -758,6 +758,10 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, 
> int n, bool assign,
>  event_notifier_cleanup(notifier);
>  }
>  
> +if (!msix_enabled(&proxy->pci_dev) && proxy->vdev->guest_notifier_mask) {
> +proxy->vdev->guest_notifier_mask(proxy->vdev, n, !assign);
> +}
> +
>  return 0;
>  }
>  
> -- 
> MST

Re: [Qemu-devel] [PATCH v2] po/hu.po: Hungarian translation for the GTK+ interface

[Andreas Färber]

Am 06.05.2013 19:14, schrieb akoskov...@gmx.com:
> From: Ákos Kovács 
> 
> Cc: Laszlo Ersek 
> Signed-off-by: Ákos Kovács 
> ---
>  Changes in v2: 
> * Fixed input release/grab translations
> * Fixed inconsistency with the "leállítva"/"megállítva" words
> 
>  po/hu.po |   63 
> ++
>  1 files changed, 63 insertions(+), 0 deletions(-)
>  create mode 100644 po/hu.po
> 
> diff --git a/po/hu.po b/po/hu.po
> new file mode 100644
> index 000..340709f
> --- /dev/null
> +++ b/po/hu.po
> @@ -0,0 +1,63 @@
> +# Hungarian translation for QEMU.
> +# This file is put in the public domain.

Same issue as with the recent Turkish translation here FWIW.

Andreas

> +# Ákos Kovács , 2013.
> +#
> +msgid ""
> +msgstr ""
> +"Project-Id-Version: QEMU 1.4.50\n"
> +"Report-Msgid-Bugs-To: qemu-devel@nongnu.org\n"
> +"POT-Creation-Date: 2013-05-06 20:42+0200\n"
> +"PO-Revision-Date: 2013-05-06 20:42+0200\n"
> +"Last-Translator: Ákos Kovács \n"
> +"Language-Team: Hungarian \n"
> +"Language: \n"
> +"MIME-Version: 1.0\n"
> +"Content-Type: text/plain; charset=UTF-8\n"
> +"Content-Transfer-Encoding: 8bit\n"
> +
> +#: ../ui/gtk.c:213
> +msgid " - Press Ctrl+Alt+G to release grab"
> +msgstr " - Nyomj Ctrl+Alt+G-t a bemeneti eszközök elengedéséhez"
> +
> +#: ../ui/gtk.c:217
> +msgid " [Paused]"
> +msgstr " [Megállítva]"
> +
> +#: ../ui/gtk.c:1250
> +msgid "_Machine"
> +msgstr "_Gép"
> +
> +#: ../ui/gtk.c:1252
> +msgid "_Pause"
> +msgstr "_Megállítás"
> +
> +#: ../ui/gtk.c:1258
> +msgid "_Reset"
> +msgstr "Új_raindítás"
> +
> +#: ../ui/gtk.c:1261
> +msgid "Power _Down"
> +msgstr "_Leállítás"
> +
> +#: ../ui/gtk.c:1276
> +msgid "_View"
> +msgstr "_Nézet"
> +
> +#: ../ui/gtk.c:1306
> +msgid "Zoom To _Fit"
> +msgstr "Ablakmérethez _igazítás"
> +
> +#: ../ui/gtk.c:1312
> +msgid "Grab On _Hover"
> +msgstr "Automatikus _elfogás"
> +
> +#: ../ui/gtk.c:1315
> +msgid "_Grab Input"
> +msgstr "_Bemeneti eszközök megragadása"
> +
> +#: ../ui/gtk.c:1341
> +msgid "Show _Tabs"
> +msgstr "_Fülek megjelenítése"
> +
> +#~ msgid "_File"
> +#~ msgstr "_File"
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PULL 11/11] target-i386: n270 can MOVBE

[Andreas Färber]

From: Borislav Petkov 

The Atom core (cpu name "n270" in QEMU speak) supports MOVBE. This is
needed when booting 3.8 and later linux kernels built with the MATOM
target because we require MOVBE in order to boot properly now.

Signed-off-by: Borislav Petkov 
[ehabkost: added compat code to disable MOVBE on pc-*-1.4 and older]
Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 hw/i386/pc_piix.c | 1 +
 hw/i386/pc_q35.c  | 1 +
 target-i386/cpu.c | 3 ++-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index fe52e5f..f7c80ad 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -250,6 +250,7 @@ static void pc_init_pci_1_4(QEMUMachineInitArgs *args)
 {
 pc_sysfw_flash_vs_rom_bug_compatible = true;
 has_pvpanic = false;
+x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
 pc_init_pci(args);
 }
 
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 52511e2..4160e2b 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -212,6 +212,7 @@ static void pc_q35_init_1_4(QEMUMachineInitArgs *args)
 {
 pc_sysfw_flash_vs_rom_bug_compatible = true;
 has_pvpanic = false;
+x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
 pc_q35_init(args);
 }
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8198a1b..1a501d9 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -657,7 +657,8 @@ static x86_def_t builtin_x86_defs[] = {
 /* Some CPUs got no CPUID_SEP */
 .features[FEAT_1_ECX] =
 CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
-CPUID_EXT_DSCPL | CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR,
+CPUID_EXT_DSCPL | CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR |
+CPUID_EXT_MOVBE,
 .features[FEAT_8000_0001_EDX] =
 (PPRO_FEATURES & CPUID_EXT2_AMD_ALIASES) |
 CPUID_EXT2_NX,
-- 
1.8.1.4

[Qemu-devel] [PULL 10/11] target-i386: Introduce generic CPUID feature compat function

[Andreas Färber]

From: Eduardo Habkost 

Introduce x86_cpu_compat_set_features(), that can be used to set/unset
feature bits on specific CPU models for machine-type compatibility.

Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu.c | 26 ++
 target-i386/cpu.h |  4 
 2 files changed, 30 insertions(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8e21c94..8198a1b 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -971,6 +971,32 @@ static x86_def_t builtin_x86_defs[] = {
 },
 };
 
+/**
+ * x86_cpu_compat_set_features:
+ * @cpu_model: CPU model name to be changed. If NULL, all CPU models are 
changed
+ * @w: Identifies the feature word to be changed.
+ * @feat_add: Feature bits to be added to feature word
+ * @feat_remove: Feature bits to be removed from feature word
+ *
+ * Change CPU model feature bits for compatibility.
+ *
+ * This function may be used by machine-type compatibility functions
+ * to enable or disable feature bits on specific CPU models.
+ */
+void x86_cpu_compat_set_features(const char *cpu_model, FeatureWord w,
+ uint32_t feat_add, uint32_t feat_remove)
+{
+x86_def_t *def;
+int i;
+for (i = 0; i < ARRAY_SIZE(builtin_x86_defs); i++) {
+def = &builtin_x86_defs[i];
+if (!cpu_model || !strcmp(cpu_model, def->name)) {
+def->features[w] |= feat_add;
+def->features[w] &= ~feat_remove;
+}
+}
+}
+
 #ifdef CONFIG_KVM
 static int cpu_x86_fill_model_id(char *str)
 {
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 3e2e9f6..058c57f 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1255,6 +1255,10 @@ void cpu_report_tpr_access(CPUX86State *env, TPRAccess 
access);
 
 void disable_kvm_pv_eoi(void);
 
+void x86_cpu_compat_set_features(const char *cpu_model, FeatureWord w,
+ uint32_t feat_add, uint32_t feat_remove);
+
+
 /* Return name of 32-bit register, from a R_* constant */
 const char *get_register_name_32(unsigned int reg);
 
-- 
1.8.1.4

[Qemu-devel] [PULL 06/11] qdev: Let qdev_prop_parse() pass through Error

[Andreas Färber]

Move error reporting to callers.

Reviewed-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 hw/core/qdev-properties.c| 25 +++--
 hw/core/qdev.c   |  7 ++-
 include/hw/qdev-properties.h |  5 +++--
 qdev-monitor.c   |  6 +-
 4 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index ca1739e..716ba19 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -986,25 +986,18 @@ void error_set_from_qdev_prop_error(Error **errp, int 
ret, DeviceState *dev,
 }
 }
 
-int qdev_prop_parse(DeviceState *dev, const char *name, const char *value)
+void qdev_prop_parse(DeviceState *dev, const char *name, const char *value,
+ Error **errp)
 {
 char *legacy_name;
-Error *err = NULL;
 
 legacy_name = g_strdup_printf("legacy-%s", name);
 if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
-object_property_parse(OBJECT(dev), value, legacy_name, &err);
+object_property_parse(OBJECT(dev), value, legacy_name, errp);
 } else {
-object_property_parse(OBJECT(dev), value, name, &err);
+object_property_parse(OBJECT(dev), value, name, errp);
 }
 g_free(legacy_name);
-
-if (err) {
-qerror_report_err(err);
-error_free(err);
-return -1;
-}
-return 0;
 }
 
 void qdev_prop_set_bit(DeviceState *dev, const char *name, bool value)
@@ -1106,18 +1099,22 @@ void qdev_prop_register_global_list(GlobalProperty 
*props)
 }
 }
 
-void qdev_prop_set_globals(DeviceState *dev)
+void qdev_prop_set_globals(DeviceState *dev, Error **errp)
 {
 ObjectClass *class = object_get_class(OBJECT(dev));
 
 do {
 GlobalProperty *prop;
 QTAILQ_FOREACH(prop, &global_props, next) {
+Error *err = NULL;
+
 if (strcmp(object_class_get_name(class), prop->driver) != 0) {
 continue;
 }
-if (qdev_prop_parse(dev, prop->property, prop->value) != 0) {
-exit(1);
+qdev_prop_parse(dev, prop->property, prop->value, &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
 }
 }
 class = object_class_get_parent(class);
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 069ac90..6985ad8 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -752,7 +752,12 @@ static void device_initfn(Object *obj)
 }
 class = object_class_get_parent(class);
 } while (class != object_class_by_name(TYPE_DEVICE));
-qdev_prop_set_globals(dev);
+qdev_prop_set_globals(dev, &err);
+if (err != NULL) {
+qerror_report_err(err);
+error_free(err);
+exit(1);
+}
 
 object_property_add_link(OBJECT(dev), "parent_bus", TYPE_BUS,
  (Object **)&dev->parent_bus, &err);
diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
index 25dd1bb..38469d4 100644
--- a/include/hw/qdev-properties.h
+++ b/include/hw/qdev-properties.h
@@ -148,7 +148,8 @@ extern PropertyInfo qdev_prop_arraylen;
 
 /* Set properties between creation and init.  */
 void *qdev_get_prop_ptr(DeviceState *dev, Property *prop);
-int qdev_prop_parse(DeviceState *dev, const char *name, const char *value);
+void qdev_prop_parse(DeviceState *dev, const char *name, const char *value,
+ Error **errp);
 void qdev_prop_set_bit(DeviceState *dev, const char *name, bool value);
 void qdev_prop_set_uint8(DeviceState *dev, const char *name, uint8_t value);
 void qdev_prop_set_uint16(DeviceState *dev, const char *name, uint16_t value);
@@ -167,7 +168,7 @@ void qdev_prop_set_ptr(DeviceState *dev, const char *name, 
void *value);
 
 void qdev_prop_register_global(GlobalProperty *prop);
 void qdev_prop_register_global_list(GlobalProperty *props);
-void qdev_prop_set_globals(DeviceState *dev);
+void qdev_prop_set_globals(DeviceState *dev, Error **errp);
 void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
 Property *prop, const char *value);
 
diff --git a/qdev-monitor.c b/qdev-monitor.c
index 2cb5600..e54dbc2 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -105,13 +105,17 @@ static void qdev_print_devinfo(ObjectClass *klass, void 
*opaque)
 static int set_property(const char *name, const char *value, void *opaque)
 {
 DeviceState *dev = opaque;
+Error *err = NULL;
 
 if (strcmp(name, "driver") == 0)
 return 0;
 if (strcmp(name, "bus") == 0)
 return 0;
 
-if (qdev_prop_parse(dev, name, value) == -1) {
+qdev_prop_parse(dev, name, value, &err);
+if (err != NULL) {
+qerror_report_err(err);
+error_free(err);
 return -1;
 }
 return 0;
-- 
1.8.1.4

[Qemu-devel] [PULL 03/11] target-i386: Add "feature-words" property to X86CPU

[Andreas Färber]

From: Eduardo Habkost 

This property will be useful for libvirt, as libvirt already has logic
based on low-level feature bits (not feature names), so it will be
really easy to convert the current libvirt logic to something using the
"feature-words" property.

The property will have two main use cases:
 - Checking host capabilities, by checking the features of the "host"
   CPU model
 - Checking which features are enabled on each CPU model

Example output:

  $ ./QMP/qmp --path=/tmp/m \
qom-get --path=/machine/icc-bridge/icc/child[0] \
--property=feature-words
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 101
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 563346425
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 0
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 2155880449
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 126614521

Signed-off-by: Eduardo Habkost 
Reviewed-by: Eric Blake 
Signed-off-by: Andreas Färber 
---
 Makefile.objs |  7 +-
 qapi-schema.json  | 32 +
 target-i386/cpu.c | 70 +--
 3 files changed, 96 insertions(+), 13 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index fcb303a..286ce06 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -79,10 +79,15 @@ common-obj-$(CONFIG_SMARTCARD_NSS) += $(libcacard-y)
 ##
 # qapi
 
-common-obj-y += qmp-marshal.o qapi-visit.o qapi-types.o
+common-obj-y += qmp-marshal.o
 common-obj-y += qmp.o hmp.o
 endif
 
+##
+# some qapi visitors are used by both system and user emulation:
+
+common-obj-y += qapi-visit.o qapi-types.o
+
 ###
 # Target-independent parts used in system and user emulation
 common-obj-y += qemu-log.o
diff --git a/qapi-schema.json b/qapi-schema.json
index 7797400..199744a 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3587,3 +3587,35 @@
 ##
 {'command': 'query-command-line-options', 'data': { '*option': 'str' },
  'returns': ['CommandLineOptionInfo'] }
+
+##
+# @X86CPURegister32
+#
+# A X86 32-bit register
+#
+# Since: 1.5
+##
+{ 'enum': 'X86CPURegister32',
+  'data': [ 'EAX', 'EBX', 'ECX', 'EDX', 'ESP', 'EBP', 'ESI', 'EDI' ] }
+
+##
+# @X86CPUFeatureWordInfo
+#
+# Information about a X86 CPU feature word
+#
+# @cpuid-input-eax: Input EAX value for CPUID instruction for that feature word
+#
+# @cpuid-input-ecx: #optional Input ECX value for CPUID instruction for that
+#   feature word
+#
+# @cpuid-register: Output register containing the feature bits
+#
+# @features: value of output register, containing the feature bits
+#
+# Since: 1.5
+##
+{ 'type': 'X86CPUFeatureWordInfo',
+  'data': { 'cpuid-input-eax': 'int',
+'*cpuid-input-ecx': 'int',
+'cpuid-register': 'X86CPURegister32',
+'features': 'int' } }
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index a39b364..3857514 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -30,6 +30,8 @@
 #include "qemu/config-file.h"
 #include "qapi/qmp/qerror.h"
 
+#include "qapi-types.h"
+#include "qapi-visit.h"
 #include "qapi/visitor.h"
 #include "sysemu/arch_init.h"
 
@@ -195,23 +197,34 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = 
{
 },
 };
 
+typedef struct X86RegisterInfo32 {
+/* Name of register */
+const char *name;
+/* QAPI enum value register */
+X86CPURegister32 qapi_enum;
+} X86RegisterInfo32;
+
+#define REGISTER(reg) \
+[R_##reg] = { .name = #reg, .qapi_enum = X86_C_P_U_REGISTER32_##reg }
+X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
+REGISTER(EAX),
+REGISTER(ECX),
+REGISTER(EDX),
+REGISTER(EBX),
+REGISTER(ESP),
+REGISTER(EBP),
+REGISTER(ESI),
+REGISTER(EDI),
+};
+#undef REGISTER
+
+
 const char *get_register_name_32(unsigned int reg)
 {
-static const char *reg_names[CPU_NB_REGS32] = {
-[R_EAX] = "EAX",
-[R_ECX] = "ECX",
-[R_EDX] = "EDX",
-[R_EBX] = "EBX",
-[R_ESP] = "ESP",
-[R_EBP] = "EBP",
-[R_ESI] = "ESI",
-[R_EDI] = "EDI",
-};
-
 if (reg > CPU_NB_REGS32) {
 return NULL;
 }
-return reg_names[reg];
+return x86_reg_info_32[reg].name;
 }
 
 /* collects per-function cpuid data
@@ -1405,6 +1418,36 @@ static void x86_cpuid_set_apic_id(Object *obj, Visitor 
*v, void *opaque,
 c

[Qemu-devel] [PULL 05/11] target-i386: Add "filtered-features" property to X86CPU

[Andreas Färber]

From: Eduardo Habkost 

This property will contain all the features that were removed from the
CPU because they are not supported by the host.

This way, libvirt or other management tools can emulate the
check/enforce behavior by checking if filtered-properties is all zeroes,
before starting the guest.

Example output where some features were missing:

  $ qemu-system-x86_64 -enable-kvm -cpu Haswell,check -S \
-qmp unix:/tmp/m,server,nowait
  warning: host doesn't support requested feature: CPUID.01H:ECX.fma [bit 12]
  warning: host doesn't support requested feature: CPUID.01H:ECX.movbe [bit 22]
  warning: host doesn't support requested feature: CPUID.01H:ECX.tsc-deadline 
[bit 24]
  warning: host doesn't support requested feature: CPUID.01H:ECX.xsave [bit 26]
  warning: host doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
  warning: host doesn't support requested feature: CPUID.07H:EBX.fsgsbase [bit 
0]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi1 [bit 3]
  warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
  warning: host doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5]
  warning: host doesn't support requested feature: CPUID.07H:EBX.smep [bit 7]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi2 [bit 8]
  warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
  warning: host doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 
10]
  warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
  [...]
  $ ./QMP/qmp --path=/tmp/m \
qom-get --path=/machine/icc-bridge/icc/child[0] \
--property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 4025
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 356519936
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Example output when no feature is missing:

  $ qemu-system-x86_64 -enable-kvm -cpu Nehalem,enforce -S \
-qmp unix:/tmp/m,server,nowait
  [...]
  $ ./QMP/qmp --path=/tmp/m \
qom-get --path=/machine/icc-bridge/icc/child[0] \
--property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 0
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 0
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Signed-off-by: Eduardo Habkost 
Reviewed-by: Eric Blake 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 38793bc..eb1825b 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1418,11 +1418,11 @@ static void x86_cpuid_set_apic_id(Object *obj, Visitor 
*v, void *opaque,
 cpu->env.cpuid_apic_id = value;
 }
 
+/* Generic getter for "feature-words" and "filtered-features" properties */
 static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque,
   const char *name, Error **errp)
 {
-X86CPU *cpu = X86_CPU(obj);
-CPUX86State *env = &cpu->env;
+uint32_t *array = (uint32_t *)opaque;
 FeatureWord w;
 Error *err = NULL;
 X86CPUFeatureWordInfo word_infos[FEATURE_WORDS] = { };
@@ -1436,7 +1436,7 @@ static void x86_cpu_get_feature_words(Object *obj, 
Visitor *v, void *opaque,
 qwi->has_cpuid_input_ecx = wi->cpuid_needs_ecx;
 qwi->cpuid_input_ecx = wi->cpuid_ecx;
 qwi->cpuid_register = x86_reg_info_32[wi->cpuid_reg].qapi_enum;
-qwi->features = env->features[w];
+qwi->features = array[w];
 
 /* List will be in reverse order, but order shouldn't matter */
 list_entries[w].next = list;
@@ -2444,7 +2444,10 @@ static void x86_cpu_initfn(Object *obj)
 x86_cpuid_set_apic_id, NULL, NULL, NULL);
 object_property_add(obj, "feature-words", "X86CPUFeatureWordInfo",
   

[Qemu-devel] [PULL 08/11] target-i386: Emulate X86CPU subclasses for global properties

[Andreas Färber]

After initializing the object from its x86_def_t and before setting any
additional -cpu arguments, set any global properties for the designated
subclass -{i386,x86_64}-cpu.

Reviewed-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index eb1825b..b438478 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1751,6 +1751,7 @@ X86CPU *cpu_x86_create(const char *cpu_model, DeviceState 
*icc_bridge,
 CPUX86State *env;
 gchar **model_pieces;
 char *name, *features;
+char *typename;
 Error *error = NULL;
 
 model_pieces = g_strsplit(cpu_model, ",", 2);
@@ -1778,6 +1779,14 @@ X86CPU *cpu_x86_create(const char *cpu_model, 
DeviceState *icc_bridge,
 goto out;
 }
 
+/* Emulate per-model subclasses for global properties */
+typename = g_strdup_printf("%s-" TYPE_X86_CPU, name);
+qdev_prop_set_globals_for_type(DEVICE(cpu), typename, &error);
+g_free(typename);
+if (error) {
+goto out;
+}
+
 cpu_x86_parse_featurestr(cpu, features, &error);
 if (error) {
 goto out;
-- 
1.8.1.4

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Andreas Färber]

Hi,

Am 06.05.2013 16:42, schrieb Anthony Liguori:
> 
> I believe I have processed all of the outstanding pull requests and
> patches tagged for 1.5.  If there are any other patches or pull requests
> you would like to be considered, please respond to this note with a
> pointer to the patch or make sure you send it out tagged with 'for-1.5'
> no later than 5pm US/Eastern.

Final qom-cpu pull for-1.5 is on the list.

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PULL 07/11] qdev: Introduce qdev_prop_set_globals_for_type()

[Andreas Färber]

Reuse it in qdev_prop_set_globals().

Reviewed-by: Eduardo Habkost 
[AF: Renamed from qdev_prop_set_custom_globals()]
Signed-off-by: Andreas Färber 
---
 hw/core/qdev-properties.c| 36 +---
 include/hw/qdev-properties.h |  2 ++
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index 716ba19..3a324fb 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -1099,23 +1099,37 @@ void qdev_prop_register_global_list(GlobalProperty 
*props)
 }
 }
 
+void qdev_prop_set_globals_for_type(DeviceState *dev, const char *typename,
+Error **errp)
+{
+GlobalProperty *prop;
+
+QTAILQ_FOREACH(prop, &global_props, next) {
+Error *err = NULL;
+
+if (strcmp(typename, prop->driver) != 0) {
+continue;
+}
+qdev_prop_parse(dev, prop->property, prop->value, &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
+}
+}
+}
+
 void qdev_prop_set_globals(DeviceState *dev, Error **errp)
 {
 ObjectClass *class = object_get_class(OBJECT(dev));
 
 do {
-GlobalProperty *prop;
-QTAILQ_FOREACH(prop, &global_props, next) {
-Error *err = NULL;
+Error *err = NULL;
 
-if (strcmp(object_class_get_name(class), prop->driver) != 0) {
-continue;
-}
-qdev_prop_parse(dev, prop->property, prop->value, &err);
-if (err != NULL) {
-error_propagate(errp, err);
-return;
-}
+qdev_prop_set_globals_for_type(dev, object_class_get_name(class),
+   &err);
+if (err != NULL) {
+error_propagate(errp, err);
+return;
 }
 class = object_class_get_parent(class);
 } while (class);
diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
index 38469d4..39448b7 100644
--- a/include/hw/qdev-properties.h
+++ b/include/hw/qdev-properties.h
@@ -169,6 +169,8 @@ void qdev_prop_set_ptr(DeviceState *dev, const char *name, 
void *value);
 void qdev_prop_register_global(GlobalProperty *prop);
 void qdev_prop_register_global_list(GlobalProperty *props);
 void qdev_prop_set_globals(DeviceState *dev, Error **errp);
+void qdev_prop_set_globals_for_type(DeviceState *dev, const char *typename,
+Error **errp);
 void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState *dev,
 Property *prop, const char *value);
 
-- 
1.8.1.4

[Qemu-devel] [PULL 02/11] target-i386: Use FeatureWord loop on filter_features_for_kvm()

[Andreas Färber]

From: Eduardo Habkost 

Instead of open-coding the filtering code for each feature word, change
the existing code to use the feature_word_info array, that has exactly
the same CPUID eax/ecx/register values for each feature word.

Signed-off-by: Eduardo Habkost 
Reviewed-by: Eric Blake 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu.c | 24 +++-
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 0f92469..a39b364 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1651,24 +1651,14 @@ static void filter_features_for_kvm(X86CPU *cpu)
 {
 CPUX86State *env = &cpu->env;
 KVMState *s = kvm_state;
+FeatureWord w;
 
-env->features[FEAT_1_EDX] &=
-kvm_arch_get_supported_cpuid(s, 1, 0, R_EDX);
-env->features[FEAT_1_ECX] &=
-kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX);
-env->features[FEAT_8000_0001_EDX] &=
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_EDX);
-env->features[FEAT_8000_0001_ECX] &=
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_ECX);
-env->features[FEAT_SVM]  &=
-kvm_arch_get_supported_cpuid(s, 0x800A, 0, R_EDX);
-env->features[FEAT_7_0_EBX] &=
-kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX);
-env->features[FEAT_KVM] &=
-kvm_arch_get_supported_cpuid(s, KVM_CPUID_FEATURES, 0, R_EAX);
-env->features[FEAT_C000_0001_EDX] &=
-kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
-
+for (w = 0; w < FEATURE_WORDS; w++) {
+FeatureWordInfo *wi = &feature_word_info[w];
+env->features[w] &= kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
+wi->cpuid_ecx,
+wi->cpuid_reg);
+}
 }
 #endif
 
-- 
1.8.1.4

[Qemu-devel] [PULL for-1.5 00/11] QOM CPUState patch queue 2013-05-06

[Andreas Färber]

Hello,

This is my current QOM CPU patch queue. Please pull.

It includes:
* x86 CPU feature-words and filtered-features properties for libvirt,
* x86 CPU fixes and backwards compatibility support.

Regards,
Andreas

Cc: Anthony Liguori 

Cc: Eduardo Habkost 
Cc: Igor Mammedov 


The following changes since commit 8e515b125d5f7849167dbee6cbe6ef61636607d4:

  configure: Check that "libtool" is not the MacOSX one (2013-05-06 06:52:03 
-0500)

are available in the git repository at:

  git://github.com/afaerber/qemu-cpu.git qom-cpu

for you to fetch changes up to 4458c23672904fa131e69897007eeb7c953be7e5:

  target-i386: n270 can MOVBE (2013-05-06 22:27:49 +0200)


Andreas Färber (4):
  qdev: Let qdev_prop_parse() pass through Error
  qdev: Introduce qdev_prop_set_globals_for_type()
  target-i386: Emulate X86CPU subclasses for global properties
  target-i386: Change CPUID model of 486 to 8

Borislav Petkov (1):
  target-i386: n270 can MOVBE

Eduardo Habkost (6):
  target-i386: Add ECX information to FeatureWordInfo
  target-i386: Use FeatureWord loop on filter_features_for_kvm()
  target-i386: Add "feature-words" property to X86CPU
  target-i386: Introduce X86CPU::filtered_features field
  target-i386: Add "filtered-features" property to X86CPU
  target-i386: Introduce generic CPUID feature compat function

 Makefile.objs|   7 +-
 hw/core/qdev-properties.c|  51 +--
 hw/core/qdev.c   |   7 +-
 hw/i386/pc_piix.c|   1 +
 hw/i386/pc_q35.c |   1 +
 include/hw/i386/pc.h |   4 ++
 include/hw/qdev-properties.h |   7 +-
 qapi-schema.json |  32 +
 qdev-monitor.c   |   6 +-
 target-i386/cpu-qom.h|   3 +
 target-i386/cpu.c| 150 +--
 target-i386/cpu.h|   4 ++
 12 files changed, 214 insertions(+), 59 deletions(-)

[Qemu-devel] [PULL 01/11] target-i386: Add ECX information to FeatureWordInfo

[Andreas Färber]

From: Eduardo Habkost 

FEAT_7_0_EBX uses ECX as input, so we have to take that into account
when reporting feature word values.

Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 target-i386/cpu.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 9f2adad..0f92469 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -152,8 +152,10 @@ static const char *cpuid_7_0_ebx_feature_name[] = {
 
 typedef struct FeatureWordInfo {
 const char **feat_names;
-uint32_t cpuid_eax; /* Input EAX for CPUID */
-int cpuid_reg;  /* R_* register constant */
+uint32_t cpuid_eax;   /* Input EAX for CPUID */
+bool cpuid_needs_ecx; /* CPUID instruction uses ECX as input */
+uint32_t cpuid_ecx;   /* Input ECX value for CPUID */
+int cpuid_reg;/* output register (R_* constant) */
 } FeatureWordInfo;
 
 static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
@@ -187,7 +189,9 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 },
 [FEAT_7_0_EBX] = {
 .feat_names = cpuid_7_0_ebx_feature_name,
-.cpuid_eax = 7, .cpuid_reg = R_EBX,
+.cpuid_eax = 7,
+.cpuid_needs_ecx = true, .cpuid_ecx = 0,
+.cpuid_reg = R_EBX,
 },
 };
 
-- 
1.8.1.4

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Paolo Bonzini]

Il 06/05/2013 22:31, Anthony Liguori ha scritto:
> Jordan Justen  writes:
> 
>> On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  wrote:
>>> I believe I have processed all of the outstanding pull requests and
>>> patches tagged for 1.5.  If there are any other patches or pull requests
>>> you would like to be considered, please respond to this note with a
>>> pointer to the patch or make sure you send it out tagged with 'for-1.5'
>>> no later than 5pm US/Eastern.
>>
>> Is there a chance of including the KVM PC flash series in 1.5?
>> Unfortunately, I'm assuming no given the timing.
> 
> I think we're going to need to delay it.  Did we ever come to a
> consensus about what to do on older kernels?

Yes, the patches only use the new feature is -pflash is given on the
command line.  memory_region_set_readonly is only used in a few places,
so I think this series could go in; it is a fix for a TCG-mode regression.

I'm curious however if it causes -M isapc to regress, because in 1.4 it
works only in KVM mode, not in TCG mode.

Paolo

[Qemu-devel] Compilation error with --enable-sparse

[Eduardo Otubo]

Hello all again,

Same environment as the previous email (Ubuntu Server 13.04 on a x86_64 
machine)


root@vinagrete ~ # uname -a
Linux vinagrete 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 
2013 x86_64 x86_64 x86_64 GNU/Linux


Compilation problem (log too big for email)
http://pastebin.com/sXN8TYew

Thanks,
--
Eduardo Otubo
IBM Linux Technology Center

Re: [Qemu-devel] [RFC 5/7] target-i386: n270 can MOVBE

[Andreas Färber]

Am 25.04.2013 20:43, schrieb Eduardo Habkost:
> From: Borislav Petkov 
> 
> The Atom core (cpu name "n270" in QEMU speak) supports MOVBE. This is
> needed when booting 3.8 and later linux kernels built with the MATOM
> target because we require MOVBE in order to boot properly now.
> 
> Cc: "H. Peter Anvin" 
> Cc: Richard Henderson 
> Signed-off-by: Borislav Petkov 
> [ehabkost: added compat code to disable MOVBE on pc-*-1.4 and older]
> Signed-off-by: Eduardo Habkost 
> ---
>  hw/i386/pc_piix.c | 1 +
>  hw/i386/pc_q35.c  | 1 +
>  target-i386/cpu.c | 3 ++-
>  3 files changed, 4 insertions(+), 1 deletion(-)

Thanks, rebased and applied to qom-cpu:
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

Andreas

> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 20708dc..615d8f4 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -237,6 +237,7 @@ static void pc_init_pci(QEMUMachineInitArgs *args)
>  
>  static void pc_init_pci_1_4(QEMUMachineInitArgs *args)
>  {
> +x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
>  pc_init_pci(args);
>  }
>  
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index 7eb4a75..3240203 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -211,6 +211,7 @@ static void pc_q35_init(QEMUMachineInitArgs *args)
>  
>  static void pc_q35_init_1_4(QEMUMachineInitArgs *args)
>  {
> +x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE);
>  pc_q35_init(args);
>  }
>  
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 8ce088e..592fed8 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -656,7 +656,8 @@ static x86_def_t builtin_x86_defs[] = {
>  /* Some CPUs got no CPUID_SEP */
>  .features[FEAT_1_ECX] =
>  CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
> -CPUID_EXT_DSCPL | CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR,
> +CPUID_EXT_DSCPL | CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR 
> |
> +CPUID_EXT_MOVBE,
>  .features[FEAT_8000_0001_EDX] =
>  (PPRO_FEATURES & CPUID_EXT2_AMD_ALIASES) |
>  CPUID_EXT2_NX,
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [RFC 1/7] target-i386: Introduce generic CPUID feature compat function

[Andreas Färber]

Am 25.04.2013 20:43, schrieb Eduardo Habkost:
> Introduce x86_cpu_compat_set_features(), that can be used to set/unset
> feature bits on specific CPU models for machine-type compatibility.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  target-i386/cpu.c | 26 ++
>  target-i386/cpu.h |  4 
>  2 files changed, 30 insertions(+)

Thanks, applied to qom-cpu:
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Anthony Liguori]

Jordan Justen  writes:

> On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  wrote:
>> I believe I have processed all of the outstanding pull requests and
>> patches tagged for 1.5.  If there are any other patches or pull requests
>> you would like to be considered, please respond to this note with a
>> pointer to the patch or make sure you send it out tagged with 'for-1.5'
>> no later than 5pm US/Eastern.
>
> Is there a chance of including the KVM PC flash series in 1.5?
> Unfortunately, I'm assuming no given the timing.

I think we're going to need to delay it.  Did we ever come to a
consensus about what to do on older kernels?

Regards,

Anthony Liguori

>
> It does seem less than ideal to have -pflash go from working on qemu
> 1.2-1.4, to silently being ignored in 1.5, and then working again in
> 1.6...
>
> -Jordan

Re: [Qemu-devel] Compilation error with --enable-cocoa

[Peter Maydell]

On 6 May 2013 21:23, Eduardo Otubo  wrote:
> I'm running an Ubuntu Server 13.04 on a x86_64 machine. Details follows:
>
> root@vinagrete ~ # uname -a
> Linux vinagrete 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 2013
> x86_64 x86_64 x86_64 GNU/Linux
>
> root@vinagrete ~/develop/qemu master # ./configure --enable-debug-tcg
> --enable-debug-info --enable-debug --enable-sdl --enable-virtfs --enable-vnc
> --enable-cocoa --target-list=x86_64-softmmu && make

Why are you trying to enable Cocoa (which is MacOSX specific)
on an Ubuntu system?

thanks
-- PMM

Re: [Qemu-devel] [PATCH] PPC: Fix rldcl

[Aurelien Jarno]

On Mon, May 06, 2013 at 07:53:07PM +0200, Alexander Graf wrote:
> The implementation for rldcl tried to always fetch its
> parameters from the opcode, even though the opcode was
> already passed in in decoded and different forms.
> 
> Use the parameters instead, fixing rldcl.
> 
> Reported-by: Torbjorn Granlund 
> Signed-off-by: Alexander Graf 
> ---
>  target-ppc/translate.c |2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index 0886f4d..a018616 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -1733,8 +1733,6 @@ static inline void gen_rldnm(DisasContext *ctx, 
> uint32_t mb, uint32_t me)
>  {
>  TCGv t0;
>  
> -mb = MB(ctx->opcode);
> -me = ME(ctx->opcode);
>  t0 = tcg_temp_new();
>  tcg_gen_andi_tl(t0, cpu_gpr[rB(ctx->opcode)], 0x3f);
>  tcg_gen_rotl_tl(t0, cpu_gpr[rS(ctx->opcode)], t0);

Reviewed-by: Aurelien Jarno 


-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] Compilation error with --enable-cocoa

[Eduardo Otubo]

Hello all,

I'm running an Ubuntu Server 13.04 on a x86_64 machine. Details follows:

root@vinagrete ~ # uname -a
Linux vinagrete 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 
2013 x86_64 x86_64 x86_64 GNU/Linux


root@vinagrete ~/develop/qemu master # ./configure --enable-debug-tcg 
--enable-debug-info --enable-debug --enable-sdl --enable-virtfs 
--enable-vnc --enable-cocoa --target-list=x86_64-softmmu && make

make  make
install   install
pythonpython
smbd  /usr/sbin/smbd
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu
tcg debug enabled yes
gprof enabled no
sparse enabledno
strip binariesno
profiler  no
static build  no
-Werror enabled   yes
pixmansystem
SDL support   no
GTK support   yes
curses supportyes
curl support  yes
mingw32 support   no
Audio drivers coreaudio oss
Block whitelist
Mixer emulation   no
VirtFS supportyes
VNC support   yes
VNC TLS support   yes
VNC SASL support  yes
VNC JPEG support  yes
VNC PNG support   yes
VNC WS supportyes
xen support   yes
brlapi supportyes
bluez  supportyes
Documentation no
NPTL support  yes
GUEST_BASEyes
PIE   yes
vde support   yes
Linux AIO support yes
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
sigev_thread_id   yes
uuid support  yes
libcap-ng support yes
vhost-net support yes
vhost-scsi support yes
Trace backend nop
Trace output file trace-
spice support yes (0.12.3/0.12.2)
rbd support   yes
xfsctl supportno
nss used  yes
libusbno
usb net redir yes
GLX support   yes
libiscsi support  yes
build guest agent yes
seccomp support   yes
coroutine backend ucontext
GlusterFS support no
virtio-blk-data-plane yes
gcov  gcov
gcov enabled  no
TPM support   no
libssh2 support   yes
TPM passthrough   no
  GEN   x86_64-softmmu/config-devices.mak
  GEN   config-all-devices.mak
  GEN   config-host.h
 DEP tests/dumptrees.c
 DEP tests/trees.S
 DEP tests/testutils.c
 DEP tests/value-labels.c
 DEP tests/asm_tree_dump.c
 DEP tests/truncated_property.c
 DEP tests/path_offset_aliases.c
 DEP tests/add_subnode_with_nops.c
 DEP tests/dtbs_equal_unordered.c
 DEP tests/dtb_reverse.c
 DEP tests/dtbs_equal_ordered.c
 DEP tests/extra-terminating-null.c
 DEP tests/incbin.c
 DEP tests/boot-cpuid.c
 DEP tests/phandle_format.c
 DEP tests/path-references.c
 DEP tests/references.c
 DEP tests/string_escapes.c
 DEP tests/del_node.c
 DEP tests/del_property.c
 DEP tests/setprop.c
 DEP tests/set_name.c
 DEP tests/rw_tree1.c
 DEP tests/open_pack.c
 DEP tests/nopulate.c
 DEP tests/mangle-layout.c
 DEP tests/move_and_save.c
 DEP tests/sw_tree1.c
 DEP tests/nop_node.c
 DEP tests/nop_property.c
 DEP tests/setprop_inplace.c
 DEP tests/notfound.c
 DEP tests/get_alias.c
 DEP tests/node_offset_by_compatible.c
 DEP tests/node_check_compatible.c
 DEP tests/node_offset_by_phandle.c
 DEP tests/node_offset_by_prop_value.c
 DEP tests/parent_offset.c
 DEP tests/supernode_atdepth_offset.c
 DEP tests/get_path.c
 DEP tests/get_phandle.c
 DEP tests/getprop.c
 DEP tests/get_name.c
 DEP tests/path_offset.c
 DEP tests/subnode_offset.c
 DEP tests/find_property.c
 DEP tests/root_node.c
 DEP tests/get_mem_rsv.c
 DEP libfdt/fdt_strerror.c
 DEP libfdt/fdt_rw.c
 DEP libfdt/fdt_sw.c
 DEP libfdt/fdt_wip.c
 DEP libfdt/fdt_ro.c
 DEP libfdt/fdt.c
 DEP ftdump.c
 LEX convert-dtsv0-lexer.lex.c
 DEP convert-dtsv0-lexer.lex.c
 DEP util.c
 DEP srcpos.c
 BISON dtc-parser.tab.c
 DEP dtc-parser.tab.c
 LEX dtc-lexer.lex.c
 DEP dtc-lexer.lex.c
 DEP treesource.c
 DEP livetree.c
 DEP fstree.c
 DEP flattree.c
 DEP dtc.c
 DEP data.c
 DEP checks.c
CHK version_gen.h
UPD version_gen.h
 DEP dtc.c
CHK version_gen.h
 CC libfdt/fdt.o
 CC libfdt/fdt_ro.o
 CC libfdt/fdt_wip.o
 CC libfdt/fdt_sw.o
 CC libfdt/fdt_rw.o
 CC libfdt/fdt_strerror.o
 AR libfdt/libfdt.a
ar: creating libfdt/libfdt.a
a - libfdt/fdt.o
a - libfdt/fdt_ro.o
a - libfdt/fdt_wip.o
a - libfdt/fdt_sw.o
a - libfdt/fdt_rw.o
a - libfdt/fdt_strerror.o
  GEN   qemu-options.def
  GEN   qmp-commands.h
  GEN   qapi-types.h
  GEN   qapi-visit.h
  GEN   t

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Jordan Justen]

On Mon, May 6, 2013 at 7:42 AM, Anthony Liguori  wrote:
> I believe I have processed all of the outstanding pull requests and
> patches tagged for 1.5.  If there are any other patches or pull requests
> you would like to be considered, please respond to this note with a
> pointer to the patch or make sure you send it out tagged with 'for-1.5'
> no later than 5pm US/Eastern.

Is there a chance of including the KVM PC flash series in 1.5?
Unfortunately, I'm assuming no given the timing.

It does seem less than ideal to have -pflash go from working on qemu
1.2-1.4, to silently being ignored in 1.5, and then working again in
1.6...

-Jordan

[Qemu-devel] [Bug 1175513] Re: Qemu 1.5-git gpu clock control doesn`t work after guest reboot

[Alex Williamson]

So the result is:

HD6850 - works fully, host hang on guest poweroff
GT210 - works fully, no host issues

Is that correct?  Are you attempting to rebind the HD6850 to host
drivers after qemu is shutdown, or does the host hang happen prior to
where that would be possible?  What about killing qemu with a ^C, does
it hang the host the same way?  If you could run the host in text mode
or with a serial or net console so we can see if there are any messages
prior to the hang, that would be extremely useful.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1175513

Title:
  Qemu 1.5-git gpu clock control doesn`t work after guest reboot

Status in The Linux Kernel:
  New
Status in QEMU:
  New

Bug description:
  I run qemu from git with such command:

  qemu-system-x86_64 -nodefaults -m 4096 -smp 8,cores=4,threads=2,sockets=1 
-cpu 'kvm64' -device usb-mouse -M q35 -vga qxl -no-hpet -boot once=c,menu=on 
-device vfio-pci,host=02:00.0,x-vga=on \
  -enable-kvm -monitor stdio -chardev 
socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtio-serial -device 
virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 -net 
nic,vlan=0,model=e1000 -net tap,ifname=tap0,script=/etc/guest-ifup -usb -device 
intel-hda -device hda-duplex \
  -drive 
file='/home//qemu/win7',if=none,id=drive-virtio-disk0,cache=writeback,aio=native,format=qed,discard=on
 -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-disk \
  -drive 
file='/dev/sr0',if=none,id=drive-ide1-0-0,media=cdrom,snapshot=off,format=raw 
-device ide-drive,bus=ide.1,unit=0,drive=drive-ide1-0-0,id=ide1-0-0 \
  -spice port=5930,disable-ticketing

  Before guest (Windows 7) reboot, videocard works in 3D mode with full
  frequency. But after reboot videocard works in 3D only with powersafe
  frequency. Then I must reboot host for recover gpu clock control.

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1175513/+subscriptions

Re: [Qemu-devel] [RFC][PATCH 10/15] memory: Rework sub-page handling

[Paolo Bonzini]

Il 06/05/2013 16:26, Jan Kiszka ha scritto:
> Simplify the sub-page handling by implementing it directly in the
> dispatcher instead of using a redirection memory region. We extend the
> phys_sections entries to optionally hold a pointer to the sub-section
> table that used to reside in the subpage_t structure. IOW, we add one
> optional dispatch level below the existing radix tree.
> 
> address_space_lookup_region is extended to take this additional level
> into account. This direct dispatching to that target memory region will
> also be helpful when we want to add per-region locking control.
> 
> Signed-off-by: Jan Kiszka 

I wonder if subpage_ram is needed at all now.  Should be a separate
patch anyway, so

Reviewed-by: Paolo Bonzini 

Re: [Qemu-devel] [RFC 0/9] QContext: QOM class to support multiple event loops

[Paolo Bonzini]

Il 06/05/2013 20:35, mdroth ha scritto:
> In the case of the former, I think a wrapper around GLib that we can
> instantiate from the command-line line and query properties like TIDs
> from is necessary for robust control over event loops and CPU resources.
> We get this essentially for free with QOM, so I think it makes sense to
> use it.
> 
> In the case of the latter I'm not too sure. Without the QSource
> abstraction there isn't much reason not to use the native GLib
> interfaces on the underlying GSources/GMainContexts directly. In which
> case GlibQContext would only need to be a container of sorts with some
> minor additions like spawning an event thread for itself.
> 
> If we ever did need to switch it out in favor of a non-GLib
> implementation, it should be a mostly mechanical conversion of
> GSource->QSource and adding some wrappers around
> g_main_context_prepare/check/etc.

I'm not sure it is that easy, but I agree entirely with everything else.

> Also along that line, if we're taking the approach of not adding
> infrastructure/cruft until we actually have a plan to use it, it probably
> makes sense to make QContext a concrete class implemented via GLib, and we
> can move the GLib stuff to a sub-class later if we ever end up with another
> QContext implementation.
> 
> Does this seem reasonable?

Yes, very much.

Paolo

Re: [Qemu-devel] [PATCH 4/4] mm: sys_remap_anon_pages

[Andrea Arcangeli]

On Mon, May 06, 2013 at 09:57:01PM +0200, Andrea Arcangeli wrote:
> ===
> 
> static unsigned char *c, *tmp;
> 
> void userfault_sighandler(int signum, siginfo_t *info, void *ctx)

oops, the hash of the test program got cut... so I append it below
which is nicer without leading whitespaces.

===
#define _GNU_SOURCE
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define USE_USERFAULT
#define THP

#define MADV_USERFAULT  18

#define SIZE (1024*1024*1024)

#define SYS_remap_anon_pages 314

static unsigned char *c, *tmp;

void userfault_sighandler(int signum, siginfo_t *info, void *ctx)
{
unsigned char *addr = info->si_addr;
int len = 4096;
int ret;

#ifdef THP
addr = (unsigned char *) ((unsigned long) addr & ~((2*1024*1024)-1));
len = 2*1024*1024;
#endif
if (addr >= c && addr < c + SIZE) {
unsigned long offset = addr - c;
ret = syscall(SYS_remap_anon_pages, c+offset, tmp+offset, len);
if (ret)
perror("sigbus remap_anon_pages"), exit(1);
//printf("sigbus offset %lu\n", offset);
return;
}

printf("sigbus error addr %p c %p tmp %p\n", addr, c, tmp), exit(1);
}

int main()
{
struct sigaction sa;
int ret;
unsigned long i;
#ifndef THP
/*
 * Fails with THP due lack of alignment because of memset
 * pre-filling the destination
 */
c = mmap(0, SIZE, PROT_READ|PROT_WRITE,
 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
if (c == MAP_FAILED)
perror("mmap"), exit(1);
tmp = mmap(0, SIZE, PROT_READ|PROT_WRITE,
   MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
if (tmp == MAP_FAILED)
perror("mmap"), exit(1);
#else
ret = posix_memalign((void **)&c, 2*1024*1024, SIZE);
if (ret)
perror("posix_memalign"), exit(1);
ret = posix_memalign((void **)&tmp, 2*1024*1024, SIZE);
if (ret)
perror("posix_memalign"), exit(1);
#endif
/*
 * MADV_USERFAULT must run before memset, to avoid THP 2m
 * faults to map memory into "tmp", if "tmp" isn't allocated
 * with hugepage alignment.
 */
if (madvise(c, SIZE, MADV_USERFAULT))
perror("madvise"), exit(1);
memset(tmp, 0xaa, SIZE);

sa.sa_sigaction = userfault_sighandler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_SIGINFO;
sigaction(SIGBUS, &sa, NULL);

#ifndef USE_USERFAULT
ret = syscall(SYS_remap_anon_pages, c, tmp, SIZE);
if (ret)
perror("remap_anon_pages"), exit(1);
#endif

for (i = 0; i < SIZE; i += 4096) {
if ((i/4096) % 2) {
/* exercise read and write MADV_USERFAULT */
c[i+1] = 0xbb;
}
if (c[i] != 0xaa)
printf("error %x offset %lu\n", c[i], i), exit(1);
}

return 0;
}

[Qemu-devel] [PATCH 4/4] mm: sys_remap_anon_pages

[Andrea Arcangeli]

This new syscall will move anon pages across vmas, atomically and
without touching the vmas.

It only works on non shared anonymous pages because those can be
relocated without generating non linear anon_vmas in the rmap code.

It is the ideal mechanism to handle userspace page faults. Normally
the destination vma will have VM_USERFAULT set with
madvise(MADV_USERFAULT) while the source vma will normally have
VM_DONTCOPY set with madvise(MADV_DONTFORK).

MADV_DONTFORK set in the source vma avoids remap_anon_pages to fail if
the process forks during the userland page fault.

The thread triggering the sigbus signal handler by touching an
unmapped hole in the MADV_USERFAULT region, should take care to
receive the data belonging in the faulting virtual address in the
source vma. The data can come from the network, storage or any other
I/O device. After the data has been safely received in the private
area in the source vma, it will call remap_anon_pages to map the page
in the faulting address in the destination vma atomically. And finally
it will return from the signal handler.

It is an alternative to mremap.

It only works if the vma protection bits are identical from the source
and destination vma.

It can remap non shared anonymous pages within the same vma too.

If the source virtual memory range has any unmapped holes, or if the
destination virtual memory range is not a whole unmapped hole,
remap_anon_pages will fail with -EFAULT. This provides a very strict
behavior to avoid any chance of memory corruption going unnoticed if
there are userland race conditions. Only one thread should resolve the
userland page fault at any given time for any given faulting
address. This means that if two threads try to both call
remap_anon_pages on the same destination address at the same time, the
second thread will get an explicit -EFAULT retval from this syscall.

The destination range with VM_USERFAULT set should be completely empty
or remap_anon_pages will fail with -EFAULT. It's recommended to call
madvise(MADV_USERFAULT) immediately after the destination range has
been allocated with malloc() or posix_memalign(), so that the
VM_USERFAULT vma will be splitted before a tranparent hugepage fault
could fill the VM_USERFAULT region if it doesn't start hugepage
aligned. That will ensure the VM_USERFAULT area remains empty after
allocation, regardless of its alignment.

The main difference with mremap is that if used to fill holes in
unmapped anonymous memory vmas (if used in combination with
MADV_USERFAULT) remap_anon_pages won't create lots of unmergeable
vmas. mremap instead would create lots of vmas (because of non linear
vma->vm_pgoff) leading to -ENOMEM failures (the number of vmas is
limited).

MADV_USERFAULT and remap_anon_pages() can be tested with a program
like below:

===

static unsigned char *c, *tmp;

void userfault_sighandler(int signum, siginfo_t *info, void *ctx)
{
unsigned char *addr = info->si_addr;
int len = 4096;
int ret;

addr = (unsigned char *) ((unsigned long) addr & ~((2*1024*1024)-1));
len = 2*1024*1024;
if (addr >= c && addr < c + SIZE) {
unsigned long offset = addr - c;
ret = syscall(SYS_remap_anon_pages, c+offset, tmp+offset, len);
if (ret)
perror("sigbus remap_anon_pages"), exit(1);
//printf("sigbus offset %lu\n", offset);
return;
}

printf("sigbus error addr %p c %p tmp %p\n", addr, c, tmp), exit(1);
}

int main()
{
struct sigaction sa;
int ret;
unsigned long i;
/*
 * Fails with THP due lack of alignment because of memset
 * pre-filling the destination
 */
c = mmap(0, SIZE, PROT_READ|PROT_WRITE,
 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
if (c == MAP_FAILED)
perror("mmap"), exit(1);
tmp = mmap(0, SIZE, PROT_READ|PROT_WRITE,
   MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
if (tmp == MAP_FAILED)
perror("mmap"), exit(1);
ret = posix_memalign((void **)&c, 2*1024*1024, SIZE);
if (ret)
perror("posix_memalign"), exit(1);
ret = posix_memalign((void **)&tmp, 2*1024*1024, SIZE);
if (ret)
perror("posix_memalign"), exit(1);
/*
 * MADV_USERFAULT must run before memset, to avoid THP 2m
 * faults to map memory into "tmp", if "tmp" isn't allocated
 * with hugepage alignment.
 */
if (madvise(c, SIZE, MADV_USERFAULT))
perror("madvise"), exit(1);
memset(tmp, 0xaa, SIZE);

sa.sa_sigaction = userfault_sighandler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_SIGINFO;
sigaction(SIGBUS, &sa, NULL);

ret = syscall(SYS_remap_anon_pages, c, tmp, SIZE);
if (ret)
perror("remap_anon_pages"), exit(1);

for (i = 0; i < SIZ

[Qemu-devel] [PATCH 0/4] madvise(MADV_USERFAULT) & sys_remap_anon_pages()

[Andrea Arcangeli]

Hello everyone,

this is a patchset to implement two new kernel features:
MADV_USERFAULT and remap_anon_pages.

The combination of the two features are what I would propose to
implement postcopy live migration, and in general demand paging of
remote memory, hosted in different cloud nodes with KSM. It might also
be used without virt to offload parts of memory to different nodes
using some userland library and a network memory manager.

Postcopy live migration is currently implemented using a chardevice,
which remains open for the whole VM lifetime and all virtual memory
then becomes owned by the chardevice and it's not anonymous anymore.

http://lists.gnu.org/archive/html/qemu-devel/2012-10/msg05274.html

The main cons of the chardevice design is that all nice Linux MM
features (like swapping/THP/KSM/automatic-NUMA-balancing) are disabled
if the guest physical memory doesn't remain in anonymous memory. This
is entirely solved by this alternative kernel solution. In fact
remap_anon_pages will move THP pages natively by just updating two pmd
pointers if alignment and length permits without any THP split.

The other bonus is that MADV_USERFAULT and remap_anon_pages are
implemented in the MM core and remap_anon_pages furthermore provides a
functionality similar to what is already available for filebacked
pages with remap_file_pages. That is usually more maintainable than
having MM parts in a chardevice.

In addition to asking review of the internals, this also need review
the user APIs, as both those features are userland visible changes.

MADV_USERFAULT is only enabled for anonymous mappings so far but it
could be extended. To be strict, -EINVAL is returned if run on non
anonymous mappings (where it would currently be a noop).

The remap_anon_pages syscall API is not vectored, as I expect it used
for demand paging only (where there can be just one faulting range per
fault) or for large ranges where vectoring isn't going to provide
performance advantages.

The current behavior of remap_anon_pages is very strict to avoid any
chance of memory corruption going unnoticed, and it will return
-EFAULT at the first sign of something unexpected (like a page already
mapped in the destination pmd/pte, potentially signaling an userland
thread race condition with two threads userfaulting on the same
destination address). mremap is not strict like that: it would drop
the destination range silently and it would succeed in such a
condition. So on the API side, I wonder if I should add a flag to
remap_anon_pages to provide non-strict behavior more similar to
mremap. OTOH not providing the permissive mremap behavior may actually
be better to force userland to be strict and be sure it knows what it
is doing (otherwise it should use mremap in the first place?).

Comments welcome, thanks!
Andrea

Andrea Arcangeli (4):
  mm: madvise MADV_USERFAULT
  mm: rmap preparation for remap_anon_pages
  mm: swp_entry_swapcount
  mm: sys_remap_anon_pages

 arch/alpha/include/uapi/asm/mman.h |   3 +
 arch/mips/include/uapi/asm/mman.h  |   3 +
 arch/parisc/include/uapi/asm/mman.h|   3 +
 arch/x86/syscalls/syscall_32.tbl   |   1 +
 arch/x86/syscalls/syscall_64.tbl   |   1 +
 arch/xtensa/include/uapi/asm/mman.h|   3 +
 include/linux/huge_mm.h|   6 +
 include/linux/mm.h |   1 +
 include/linux/mm_types.h   |   2 +-
 include/linux/swap.h   |   6 +
 include/linux/syscalls.h   |   3 +
 include/uapi/asm-generic/mman-common.h |   3 +
 kernel/sys_ni.c|   1 +
 mm/fremap.c| 440 +
 mm/huge_memory.c   | 158 ++--
 mm/madvise.c   |  16 ++
 mm/memory.c|  10 +
 mm/rmap.c  |   9 +
 mm/swapfile.c  |  13 +
 19 files changed, 667 insertions(+), 15 deletions(-)

[Qemu-devel] [PATCH 1/4] mm: madvise MADV_USERFAULT

[Andrea Arcangeli]

MADV_USERFAULT is a new madvise flag that will set VM_USERFAULT in the
vma flags. Whenever VM_USERFAULT is set in an anonymous vma, if
userland touches a still unmapped virtual address, a sigbus signal is
sent instead of allocating a new page. The sigbus signal handler will
then resolve the page fault in userland by calling the remap_anon_pages
syscall.

This functionality is needed to reliably implement postcopy live
migration in KVM (without having to use a special chardevice that
would disable all advanced Linux VM features, like swapping, KSM, THP,
automatic NUMA balancing, etc...).

MADV_USERFAULT could also be used to offload parts of anonymous memory
regions to remote nodes or to implement network distributed shared
memory.

Here I enlarged the vm_flags to 64bit as we run out of bits (noop on
64bit kernels). An alternative is to find some combination of flags
that are mutually exclusive if set.

Signed-off-by: Andrea Arcangeli 
---
 arch/alpha/include/uapi/asm/mman.h |  3 +++
 arch/mips/include/uapi/asm/mman.h  |  3 +++
 arch/parisc/include/uapi/asm/mman.h|  3 +++
 arch/xtensa/include/uapi/asm/mman.h|  3 +++
 include/linux/mm.h |  1 +
 include/linux/mm_types.h   |  2 +-
 include/uapi/asm-generic/mman-common.h |  3 +++
 mm/huge_memory.c   | 34 --
 mm/madvise.c   | 16 
 mm/memory.c| 10 ++
 10 files changed, 67 insertions(+), 11 deletions(-)

diff --git a/arch/alpha/include/uapi/asm/mman.h 
b/arch/alpha/include/uapi/asm/mman.h
index 0086b47..a10313c 100644
--- a/arch/alpha/include/uapi/asm/mman.h
+++ b/arch/alpha/include/uapi/asm/mman.h
@@ -60,6 +60,9 @@
   overrides the coredump filter bits */
 #define MADV_DODUMP17  /* Clear the MADV_NODUMP flag */
 
+#define MADV_USERFAULT 18  /* Trigger user faults if not mapped */
+#define MADV_NOUSERFAULT 19/* Don't trigger user faults */
+
 /* compatibility flags */
 #define MAP_FILE   0
 
diff --git a/arch/mips/include/uapi/asm/mman.h 
b/arch/mips/include/uapi/asm/mman.h
index cfcb876..d9d11a4 100644
--- a/arch/mips/include/uapi/asm/mman.h
+++ b/arch/mips/include/uapi/asm/mman.h
@@ -84,6 +84,9 @@
   overrides the coredump filter bits */
 #define MADV_DODUMP17  /* Clear the MADV_NODUMP flag */
 
+#define MADV_USERFAULT 18  /* Trigger user faults if not mapped */
+#define MADV_NOUSERFAULT 19/* Don't trigger user faults */
+
 /* compatibility flags */
 #define MAP_FILE   0
 
diff --git a/arch/parisc/include/uapi/asm/mman.h 
b/arch/parisc/include/uapi/asm/mman.h
index 294d251..7bc7b7b 100644
--- a/arch/parisc/include/uapi/asm/mman.h
+++ b/arch/parisc/include/uapi/asm/mman.h
@@ -66,6 +66,9 @@
   overrides the coredump filter bits */
 #define MADV_DODUMP70  /* Clear the MADV_NODUMP flag */
 
+#define MADV_USERFAULT 71  /* Trigger user faults if not mapped */
+#define MADV_NOUSERFAULT 72/* Don't trigger user faults */
+
 /* compatibility flags */
 #define MAP_FILE   0
 #define MAP_VARIABLE   0
diff --git a/arch/xtensa/include/uapi/asm/mman.h 
b/arch/xtensa/include/uapi/asm/mman.h
index 00eed67..5448d88 100644
--- a/arch/xtensa/include/uapi/asm/mman.h
+++ b/arch/xtensa/include/uapi/asm/mman.h
@@ -90,6 +90,9 @@
   overrides the coredump filter bits */
 #define MADV_DODUMP17  /* Clear the MADV_NODUMP flag */
 
+#define MADV_USERFAULT 18  /* Trigger user faults if not mapped */
+#define MADV_NOUSERFAULT 19/* Don't trigger user faults */
+
 /* compatibility flags */
 #define MAP_FILE   0
 
diff --git a/include/linux/mm.h b/include/linux/mm.h
index c05d7cf..f5a410e 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -110,6 +110,7 @@ extern unsigned int kobjsize(const void *objp);
 #define VM_HUGEPAGE0x2000  /* MADV_HUGEPAGE marked this vma */
 #define VM_NOHUGEPAGE  0x4000  /* MADV_NOHUGEPAGE marked this vma */
 #define VM_MERGEABLE   0x8000  /* KSM may merge identical pages */
+#define VM_USERFAULT   0x1 /* Trigger user faults if not mapped */
 
 #if defined(CONFIG_X86)
 # define VM_PATVM_ARCH_1   /* PAT reserves whole VMA at 
once (x86) */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index ace9a5f..bed1c7c 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -198,7 +198,7 @@ struct page_frag {
 #endif
 };
 
-typedef unsigned long __nocast vm_flags_t;
+typedef unsigned long long __nocast vm_flags_t;
 
 /*
  * A region containing a mapping of a non-memory backed file under NOMMU
diff --git a/include/uapi/asm-generic/mman-common.h 
b/include/uapi/asm-generic/mman-comm

[Qemu-devel] [PATCH 3/4] mm: swp_entry_swapcount

[Andrea Arcangeli]

Provide a new swapfile method for remap_anon_pages to verify the swap
entry is mapped only in one vma before relocating the swap entry in a
different virtual address. Otherwise if the swap entry is mapped
in multiple vmas, when the page is swapped back in, it could get
mapped in a non linear way in some anon_vma.

Signed-off-by: Andrea Arcangeli 
---
 include/linux/swap.h |  6 ++
 mm/swapfile.c| 13 +
 2 files changed, 19 insertions(+)

diff --git a/include/linux/swap.h b/include/linux/swap.h
index 1701ce4..0ea2a56 100644
--- a/include/linux/swap.h
+++ b/include/linux/swap.h
@@ -389,6 +389,7 @@ extern unsigned int count_swap_pages(int, int);
 extern sector_t map_swap_page(struct page *, struct block_device **);
 extern sector_t swapdev_block(int, pgoff_t);
 extern int page_swapcount(struct page *);
+extern int swp_entry_swapcount(swp_entry_t entry);
 extern struct swap_info_struct *page_swap_info(struct page *);
 extern int reuse_swap_page(struct page *);
 extern int try_to_free_swap(struct page *);
@@ -489,6 +490,11 @@ static inline int page_swapcount(struct page *page)
return 0;
 }
 
+static inline int swp_entry_swapcount(swp_entry_t entry)
+{
+   return 0;
+}
+
 #define reuse_swap_page(page)  (page_mapcount(page) == 1)
 
 static inline int try_to_free_swap(struct page *page)
diff --git a/mm/swapfile.c b/mm/swapfile.c
index d417efd..2772382 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -671,6 +671,19 @@ int page_swapcount(struct page *page)
return count;
 }
 
+int swp_entry_swapcount(swp_entry_t entry)
+{
+   int count = 0;
+   struct swap_info_struct *p;
+
+   p = swap_info_get(entry);
+   if (p) {
+   count = swap_count(p->swap_map[swp_offset(entry)]);
+   spin_unlock(&p->lock);
+   }
+   return count;
+}
+
 /*
  * We can write to an anon page without COW if there are no other references
  * to it.  And as a side-effect, free up its swap: because the old content

[Qemu-devel] [PATCH 2/4] mm: rmap preparation for remap_anon_pages

[Andrea Arcangeli]

remap_anon_pages (unlike remap_file_pages) tries to be non intrusive
in the rmap code.

As far as the rmap code is concerned, rmap_anon_pages only alters the
page->mapping and page->index. It does it while holding the page
lock. However there are a few places that in presence of anon pages
are allowed to do rmap walks without the page lock (split_huge_page
and page_referenced_anon). Those places that are doing rmap walks
without taking the page lock first, must be updated to re-check that
the page->mapping didn't change after they obtained the anon_vma
lock. remap_anon_pages takes the anon_vma lock for writing before
altering the page->mapping, so if the page->mapping is still the same
after obtaining the anon_vma lock (without the page lock), the rmap
walks can go ahead safely (and remap_anon_pages will wait them to
complete before proceeding).

remap_anon_pages serializes against itself with the page lock.

All other places taking the anon_vma lock while holding the mmap_sem
for writing, don't need to check if the page->mapping has changed
after taking the anon_vma lock, regardless of the page lock, because
remap_anon_pages holds the mmap_sem for reading.

Overall this looks a fairly small change to the rmap code, notably
less intrusive than the nonlinear vmas created by remap_file_pages.

There's one constraint enforced to allow this simplification: the
source pages passed to remap_anon_pages must be mapped only in one
vma, but this is not a limitation when used to handle userland page
faults with MADV_USERFAULT. The source addresses passed to
remap_anon_pages should be set as VM_DONTCOPY with MADV_DONTFORK to
avoid any risk of the mapcount of the pages increasing, if fork runs
in parallel in another thread, before or while remap_anon_pages runs.

Signed-off-by: Andrea Arcangeli 
---
 mm/huge_memory.c | 24 
 mm/rmap.c|  9 +
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index f46aad1..9a2e235 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1824,6 +1824,7 @@ int split_huge_page_to_list(struct page *page, struct 
list_head *list)
 {
struct anon_vma *anon_vma;
int ret = 1;
+   struct address_space *mapping;
 
BUG_ON(is_huge_zero_page(page));
BUG_ON(!PageAnon(page));
@@ -1835,10 +1836,24 @@ int split_huge_page_to_list(struct page *page, struct 
list_head *list)
 * page_lock_anon_vma_read except the write lock is taken to serialise
 * against parallel split or collapse operations.
 */
-   anon_vma = page_get_anon_vma(page);
-   if (!anon_vma)
-   goto out;
-   anon_vma_lock_write(anon_vma);
+   for (;;) {
+   mapping = ACCESS_ONCE(page->mapping);
+   anon_vma = page_get_anon_vma(page);
+   if (!anon_vma)
+   goto out;
+   anon_vma_lock_write(anon_vma);
+   /*
+* We don't hold the page lock here so
+* remap_anon_pages_huge_pmd can change the anon_vma
+* from under us until we obtain the anon_vma
+* lock. Verify that we obtained the anon_vma lock
+* before remap_anon_pages did.
+*/
+   if (likely(mapping == ACCESS_ONCE(page->mapping)))
+   break;
+   anon_vma_unlock_write(anon_vma);
+   put_anon_vma(anon_vma);
+   }
 
ret = 0;
if (!PageCompound(page))
@@ -2294,6 +2309,7 @@ static void collapse_huge_page(struct mm_struct *mm,
 * Prevent all access to pagetables with the exception of
 * gup_fast later hanlded by the ptep_clear_flush and the VM
 * handled by the anon_vma lock + PG_lock.
+* remap_anon_pages is prevented to race as well by the mmap_sem.
 */
down_write(&mm->mmap_sem);
if (unlikely(khugepaged_test_exit(mm)))
diff --git a/mm/rmap.c b/mm/rmap.c
index 6280da8..86d007d 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -448,6 +448,7 @@ struct anon_vma *page_lock_anon_vma_read(struct page *page)
struct anon_vma *root_anon_vma;
unsigned long anon_mapping;
 
+repeat:
rcu_read_lock();
anon_mapping = (unsigned long) ACCESS_ONCE(page->mapping);
if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON)
@@ -486,6 +487,14 @@ struct anon_vma *page_lock_anon_vma_read(struct page *page)
rcu_read_unlock();
anon_vma_lock_read(anon_vma);
 
+   /* check if remap_anon_pages changed the anon_vma */
+   if (unlikely((unsigned long) ACCESS_ONCE(page->mapping) != 
anon_mapping)) {
+   anon_vma_unlock_read(anon_vma);
+   put_anon_vma(anon_vma);
+   anon_vma = NULL;
+   goto repeat;
+   }
+
if (atomic_dec_and_test(&anon_vma->refcount)) {
/*
 * Oops, we held the last refcount, release the l

Re: [Qemu-devel] [PATCH v2] po/hu.po: Hungarian translation for the GTK+ interface

[BALATON Zoltan]

On Mon, 6 May 2013, akoskov...@gmx.com wrote:

+#: ../ui/gtk.c:1312
+msgid "Grab On _Hover"
+msgstr "Automatikus _elfogás"
+
+#: ../ui/gtk.c:1315
+msgid "_Grab Input"
+msgstr "_Bemeneti eszközök megragadása"


Sorry for nitpicking but for consistency your should use the same term for 
grab everywhere so "Grab On Hover" should probably better be
translated as "Bemenet automatikus megragadása". However it's fine with me 
either way.


Regards,
BALATON Zoltan

Re: [Qemu-devel] [PATCH 9/9] dataplane: use a QContext event loop in place of custom thread

[mdroth]

On Mon, May 06, 2013 at 09:54:03AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 18:03, Michael Roth ha scritto:
> > virtio-blk dataplane currently creates/manages it's own thread to
> > offload work to a separate event loop.
> > 
> > This patch insteads allows us to specify a QContext-based event loop by
> > adding a "context" property for virtio-blk we can use like so:
> > 
> >   qemu ... \
> > -object glib-qcontext,id=ctx0,threaded=yes
> > -drive file=file.raw,id=drive0,aio=native,cache=none \
> > -device virtio-blk,drive=drive0,scsi=off,x-data-plane=on,context=ctx0
> > 
> > virtio-blk dataplane then simply attachs/detaches it's AioContext to the
> > ctx0 event loop on start/stop.
> > 
> > This also makes available the option to drive a virtio-blk dataplane via
> > the default main loop:
> > 
> >   qemu ... \
> > -drive file=file.raw,id=drive0,aio=native,cache=none \
> > -device virtio-blk,drive=drive0,scsi=off,x-data-plane=on,context=main
> > 
> > This doesn't do much in and of itself, but helps to demonstrate how we
> > might model a general mechanism to offload device workloads to separate
> > threads.
> > 
> > Signed-off-by: Michael Roth 
> > ---
> >  hw/block/dataplane/virtio-blk.c |   46 
> > ---
> >  include/hw/virtio/virtio-blk.h  |7 --
> >  2 files changed, 19 insertions(+), 34 deletions(-)
> > 
> > diff --git a/hw/block/dataplane/virtio-blk.c 
> > b/hw/block/dataplane/virtio-blk.c
> > index 0356665..08ea10f 100644
> > --- a/hw/block/dataplane/virtio-blk.c
> > +++ b/hw/block/dataplane/virtio-blk.c
> > @@ -24,6 +24,8 @@
> >  #include "virtio-blk.h"
> >  #include "block/aio.h"
> >  #include "hw/virtio/virtio-bus.h"
> > +#include "qcontext/qcontext.h"
> > +#include "qcontext/glib-qcontext.h"
> >  
> >  enum {
> >  SEG_MAX = 126,  /* maximum number of I/O segments */
> > @@ -60,6 +62,7 @@ struct VirtIOBlockDataPlane {
> >   * use it).
> >   */
> >  AioContext *ctx;
> > +QContext *qctx;
> >  EventNotifier io_notifier;  /* Linux AIO completion */
> >  EventNotifier host_notifier;/* doorbell */
> >  
> > @@ -375,26 +378,6 @@ static void handle_io(EventNotifier *e)
> >  }
> >  }
> >  
> > -static void *data_plane_thread(void *opaque)
> > -{
> > -VirtIOBlockDataPlane *s = opaque;
> > -
> > -do {
> > -aio_poll(s->ctx, true);
> > -} while (!s->stopping || s->num_reqs > 0);
> > -return NULL;
> > -}
> > -
> > -static void start_data_plane_bh(void *opaque)
> > -{
> > -VirtIOBlockDataPlane *s = opaque;
> > -
> > -qemu_bh_delete(s->start_bh);
> > -s->start_bh = NULL;
> > -qemu_thread_create(&s->thread, data_plane_thread,
> > -   s, QEMU_THREAD_JOINABLE);
> > -}
> > -
> >  bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *blk,
> >VirtIOBlockDataPlane **dataplane)
> >  {
> > @@ -460,6 +443,7 @@ void virtio_blk_data_plane_start(VirtIOBlockDataPlane 
> > *s)
> >  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
> >  VirtQueue *vq;
> >  int i;
> > +Error *err = NULL;
> >  
> >  if (s->started) {
> >  return;
> > @@ -502,9 +486,16 @@ void virtio_blk_data_plane_start(VirtIOBlockDataPlane 
> > *s)
> >  /* Kick right away to begin processing requests already in vring */
> >  event_notifier_set(virtio_queue_get_host_notifier(vq));
> >  
> > -/* Spawn thread in BH so it inherits iothread cpusets */
> > -s->start_bh = qemu_bh_new(start_data_plane_bh, s);
> > -qemu_bh_schedule(s->start_bh);
> > +/* use QEMU main loop/context by default */
> > +if (!s->blk->context) {
> > +s->blk->context = g_strdup("main");
> > +}
> 
> Or rather create a device-specific context by default?

Yup, definitely.

I think I did it this way to to give an idea of how a "normal" threaded device
might look (i.e. reworked or written from the start to always be capable of
being driven by a separate event loop)

But x-data-plane=on should imply a new context be used so we don't break
things, and I'll do it that way on the next pass.

> 
> Paolo
> 
> > +s->qctx = qcontext_find_by_name(s->blk->context, &err);
> > +if (err) {
> > +fprintf(stderr, "virtio-blk failed to start: %s", 
> > error_get_pretty(err));
> > +exit(1);
> > +}
> > +aio_context_attach(s->ctx, s->qctx);
> >  }
> >  
> >  void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
> > @@ -517,15 +508,6 @@ void virtio_blk_data_plane_stop(VirtIOBlockDataPlane 
> > *s)
> >  s->stopping = true;
> >  trace_virtio_blk_data_plane_stop(s);
> >  
> > -/* Stop thread or cancel pending thread creation BH */
> > -if (s->start_bh) {
> > -qemu_bh_delete(s->start_bh);
> > -s->start_bh = NULL;
> > -} else {
> > -aio_notify(s->ctx);
> > -qemu_thread_join(&s->thread);
> > -}
> > -
> >  aio_set_event_notifier(s->ctx, &s->io_no

[Qemu-devel] QEMU linking error with --enable-gprof

[João Corrêa]

Hi Everyone,

I've been trying to compile QEMU with --enable-gprof on ubuntu, but I'm
getting a linking error.

/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/gcrt1.o:
relocation R_X86_64_32S against `__libc_csu_fini' can not be used when
making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/gcrt1.o: could not read
symbols: Bad value
collect2: ld returned 1 exit status
make[1]: *** [qemu-system-x86_64] Error 1
make: *** [subdir-x86_64-softmmu] Error 2

Have anyone been through this before? I've searched on the internet for a
solution, but couldn't find it. Any help is welcome.

Thank you.

Re: [Qemu-devel] [PATCH 7/9] iohandler: associate with main event loop via a QSource

[mdroth]

On Mon, May 06, 2013 at 09:53:12AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 18:03, Michael Roth ha scritto:
> > This introduces a GlibQContext wrapper around the main GMainContext
> > event loop, and associates iohandlers with it via a QSource (which
> > GlibQContext creates a GSource from so that it can be driven via
> > GLib. A subsequent patch will drive the GlibQContext directly)
> > 
> > We also add "QContext-aware" functionality to iohandler interfaces
> > so that they can be bound to other QContext event loops, and add
> > non-global set_fd_handler() interfaces to facilitate this. This is made
> > possible by simply searching a given QContext for a QSource by the name
> > of "iohandler" so that we can attach event handlers to the associated
> > IOHandlerState.
> > 
> > Signed-off-by: Michael Roth 
> 
> This patch is why I think that this is a bit overengineered.  The main
> loop is always glib-based, there should be no need to go through the
> QSource abstraction.
> 
> BTW, this is broken for Win32.  The right thing to do here is to first
> convert iohandler to a GSource in such a way that it works for both
> POSIX and Win32, and then (if needed) we can later convert GSource to
> QSource.

Yup, forgot to note that Win32 was broken and on my TODO. I'll work on
that and stick to using GSources for now.

> 
> Paolo
> 
> > ---
> >  include/qemu/main-loop.h |   31 +-
> >  iohandler.c  |  238 
> > --
> >  main-loop.c  |   21 +++-
> >  3 files changed, 213 insertions(+), 77 deletions(-)
> > 
> > diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
> > index 6f0200a..dbadf9f 100644
> > --- a/include/qemu/main-loop.h
> > +++ b/include/qemu/main-loop.h
> > @@ -26,6 +26,7 @@
> >  #define QEMU_MAIN_LOOP_H 1
> >  
> >  #include "block/aio.h"
> > +#include "qcontext/qcontext.h"
> >  
> >  #define SIG_IPI SIGUSR1
> >  
> > @@ -168,9 +169,24 @@ void qemu_del_wait_object(HANDLE handle, 
> > WaitObjectFunc *func, void *opaque);
> >  
> >  /* async I/O support */
> >  
> > +#define QSOURCE_IOHANDLER "iohandler"
> > +
> >  typedef void IOReadHandler(void *opaque, const uint8_t *buf, int size);
> >  typedef int IOCanReadHandler(void *opaque);
> >  
> > +QContext *qemu_get_qcontext(void);
> > +/**
> > + * iohandler_attach: Attach a QSource to a QContext
> > + *
> > + * This enables the use of IOHandler interfaces such as
> > + * set_fd_handler() on the given QContext. IOHandler lists will be
> > + * tracked/handled/dispatched based on a named QSource that is added to
> > + * the QContext
> > + *
> > + * @ctx: A QContext to add an IOHandler QSource to
> > + */
> > +void iohandler_attach(QContext *ctx);
> > +
> >  /**
> >   * qemu_set_fd_handler2: Register a file descriptor with the main loop
> >   *
> > @@ -217,6 +233,13 @@ int qemu_set_fd_handler2(int fd,
> >   IOHandler *fd_write,
> >   void *opaque);
> >  
> > +int set_fd_handler2(QContext *ctx,
> > +int fd,
> > +IOCanReadHandler *fd_read_poll,
> > +IOHandler *fd_read,
> > +IOHandler *fd_write,
> > +void *opaque);
> > +
> >  /**
> >   * qemu_set_fd_handler: Register a file descriptor with the main loop
> >   *
> > @@ -250,6 +273,12 @@ int qemu_set_fd_handler(int fd,
> >  IOHandler *fd_write,
> >  void *opaque);
> >  
> > +int set_fd_handler(QContext *ctx,
> > +   int fd,
> > +   IOHandler *fd_read,
> > +   IOHandler *fd_write,
> > +   void *opaque);
> > +
> >  #ifdef CONFIG_POSIX
> >  /**
> >   * qemu_add_child_watch: Register a child process for reaping.
> > @@ -302,8 +331,6 @@ void qemu_mutex_unlock_iothread(void);
> >  /* internal interfaces */
> >  
> >  void qemu_fd_register(int fd);
> > -void qemu_iohandler_fill(GArray *pollfds);
> > -void qemu_iohandler_poll(GArray *pollfds, int rc);
> >  
> >  QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque);
> >  void qemu_bh_schedule_idle(QEMUBH *bh);
> > diff --git a/iohandler.c b/iohandler.c
> > index ae2ef8f..8625272 100644
> > --- a/iohandler.c
> > +++ b/iohandler.c
> > @@ -41,38 +41,170 @@ typedef struct IOHandlerRecord {
> >  int fd;
> >  int pollfds_idx;
> >  bool deleted;
> > +GPollFD pfd;
> > +bool pfd_added;
> >  } IOHandlerRecord;
> >  
> > -static QLIST_HEAD(, IOHandlerRecord) io_handlers =
> > -QLIST_HEAD_INITIALIZER(io_handlers);
> > +typedef struct IOHandlerState {
> > +QLIST_HEAD(, IOHandlerRecord) io_handlers;
> > +} IOHandlerState;
> >  
> > +static bool iohandler_prepare(QSource *qsource, int *timeout)
> > +{
> > +QSourceClass *qsourcek = QSOURCE_GET_CLASS(qsource);
> > +IOHandlerState *s = qsourcek->get_user_data(qsource);
> > +IOHandlerRecord *ioh;
> >  
> > -/* XXX: fd_read_poll should be suppressed, but an API change is
> 

Re: [Qemu-devel] [PATCH 1/9] qom: add qom_init_completion

[mdroth]

On Mon, May 06, 2013 at 09:45:22AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 18:03, Michael Roth ha scritto:
> > This is similar in concept to "realize", though semantics are a
> > bit more open-ended:
> > 
> > And object might in some cases need a number of properties to be
> > specified before it can be "used"/"started"/etc. This can't always
> > be done via an open-ended new() function, the main example being objects
> > that around created via the command-line by -object.
> > 
> > To support these cases we allow a function, ->instance_init_completion,
> > to be registered that will be called by the -object constructor, or can
> > be called at the end of new() constructors and such.
> 
> This seems a lot like a realize property that cannot be set back to false...

I seem to recall some other conditions like properties not being
modifiable after being realized? In this case though I think event loops
should be startable/stoppable via properties (post-migration, for
instance, or maybe testing/debugging) with simple qom-set commands.

Not too sure honestly, mainly I just recalled realize() being pushed
down into DeviceState for specific reasons, and didn't want to confuse
this with being the same thing (even though it does seem very similar).
I'm not sure what the best approach is here.

> 
> Paolo
> 
> > Signed-off-by: Michael Roth 
> > ---
> >  include/qom/object.h |   19 +++
> >  qom/object.c |   21 +
> >  vl.c |2 ++
> >  3 files changed, 42 insertions(+)
> > 
> > diff --git a/include/qom/object.h b/include/qom/object.h
> > index d0f99c5..86f1e2e 100644
> > --- a/include/qom/object.h
> > +++ b/include/qom/object.h
> > @@ -394,6 +394,11 @@ struct Object
> >   * @instance_init: This function is called to initialize an object.  The 
> > parent
> >   *   class will have already been initialized so the type is only 
> > responsible
> >   *   for initializing its own members.
> > + * @instance_init_completion: This function is used mainly cases where an
> > + *   object has been instantiated via the command-line, and is called once 
> > all
> > + *   properties specified via command-line have been set for the object. 
> > This
> > + *   is not called automatically, but manually via @object_init_completion 
> > once
> > + *   the processing of said properties is completed.
> >   * @instance_finalize: This function is called during object destruction.  
> > This
> >   *   is called before the parent @instance_finalize function has been 
> > called.
> >   *   An object should only free the members that are unique to its type in 
> > this
> > @@ -429,6 +434,7 @@ struct TypeInfo
> >  
> >  size_t instance_size;
> >  void (*instance_init)(Object *obj);
> > +void (*instance_init_completion)(Object *obj);
> >  void (*instance_finalize)(Object *obj);
> >  
> >  bool abstract;
> > @@ -562,6 +568,19 @@ struct InterfaceClass
> >  Object *object_new(const char *typename);
> >  
> >  /**
> > + * object_init_completion:
> > + * @obj: The object to complete initialization of
> > + *
> > + * In cases where an object is instantiated from a command-line with a 
> > number
> > + * of properties specified as parameters (generally via -object), or for 
> > cases
> > + * where a new()/helper function is used to pass/set some minimal number of
> > + * properties that are required prior to completion of object 
> > initialization,
> > + * this function can be called to mark when that occurs to complete object
> > + * initialization.
> > + */
> > +void object_init_completion(Object *obj);
> > +
> > +/**
> >   * object_new_with_type:
> >   * @type: The type of the object to instantiate.
> >   *
> > diff --git a/qom/object.c b/qom/object.c
> > index 75e6aac..c932f64 100644
> > --- a/qom/object.c
> > +++ b/qom/object.c
> > @@ -50,6 +50,7 @@ struct TypeImpl
> >  void *class_data;
> >  
> >  void (*instance_init)(Object *obj);
> > +void (*instance_init_completion)(Object *obj);
> >  void (*instance_finalize)(Object *obj);
> >  
> >  bool abstract;
> > @@ -110,6 +111,7 @@ static TypeImpl *type_register_internal(const TypeInfo 
> > *info)
> >  ti->class_data = info->class_data;
> >  
> >  ti->instance_init = info->instance_init;
> > +ti->instance_init_completion = info->instance_init_completion;
> >  ti->instance_finalize = info->instance_finalize;
> >  
> >  ti->abstract = info->abstract;
> > @@ -422,6 +424,25 @@ Object *object_new(const char *typename)
> >  return object_new_with_type(ti);
> >  }
> >  
> > +
> > +static void object_init_completion_with_type(Object *obj, TypeImpl *ti)
> > +{
> > +if (type_has_parent(ti)) {
> > +object_init_completion_with_type(obj, type_get_parent(ti));
> > +}
> > +
> > +if (ti->instance_init_completion) {
> > +ti->instance_init_completion(obj);
> > +}
> > +}
> > +
> > +void object_init_completion(Object *obj)
> > +{
> > +TypeImpl *ti = type_ge

Re: [Qemu-devel] [PATCH 2/9] qom: add object_property_add_unnamed_child

[mdroth]

On Mon, May 06, 2013 at 09:44:13AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 18:03, Michael Roth ha scritto:
> > This interface allows us to add a child property without specifying a
> > name. Instead, a unique name is created and passed back after adding
> > the property.
> > 
> > Signed-off-by: Michael Roth 
> > ---
> >  include/qom/object.h |   16 
> >  qom/object.c |   25 +
> >  2 files changed, 41 insertions(+)
> > 
> > diff --git a/include/qom/object.h b/include/qom/object.h
> > index 86f1e2e..ca0fce8 100644
> > --- a/include/qom/object.h
> > +++ b/include/qom/object.h
> > @@ -1041,6 +1041,22 @@ void object_property_add_child(Object *obj, const 
> > char *name,
> > Object *child, struct Error **errp);
> >  
> >  /**
> > + * object_property_add_unnamed_child:
> > + *
> > + * @obj: the object to add a property to
> > + * @name: the name of the property
> > + * @child: the child object
> > + * @errp: if an error occurs, a pointer to an area to store the area
> > + *
> > + * Same as object_property_add_child, but will allocate a unique name to
> > + * identify the child property.
> > + *
> > + * Returns: The name assigned to the child property, or NULL on failure.
> > + */
> > +char *object_property_add_unnamed_child(Object *obj, Object *child,
> > +struct Error **errp);
> > +
> > +/**
> >   * object_property_add_link:
> >   * @obj: the object to add a property to
> >   * @name: the name of the property
> > diff --git a/qom/object.c b/qom/object.c
> > index c932f64..229a9a7 100644
> > --- a/qom/object.c
> > +++ b/qom/object.c
> > @@ -926,6 +926,31 @@ static void object_finalize_child_property(Object 
> > *obj, const char *name,
> >  object_unref(child);
> >  }
> >  
> > +char *object_property_add_unnamed_child(Object *obj, Object *child, Error 
> > **errp)
> > +{
> > +int idx = 0;
> > +bool next_idx_found = false;
> > +char name[64];
> > +ObjectProperty *prop;
> > +
> > +while (!next_idx_found) {
> > +sprintf(name, "unnamed[%d]", idx);
> > +QTAILQ_FOREACH(prop, &obj->properties, node) {
> > +if (strcmp(name, prop->name) == 0) {
> > +idx++;
> > +break;
> > +}
> > +}
> > +if (!prop) {
> > +next_idx_found = true;
> > +}
> > +}
> > +
> > +object_property_add_child(obj, name, child, errp);
> > +
> > +return error_is_set(errp) ? NULL : g_strdup(name);
> > +}
> 
> This is O(n^3) for adding N children.  O(n^2) would be not-that-great
> but fine; can you take the occasion to convert the properties list to a
> hashtable?

Sure, I'll look into it.

> 
> Paolo
> 
> > +
> >  void object_property_add_child(Object *obj, const char *name,
> > Object *child, Error **errp)
> >  {
> > 
> 

Re: [Qemu-devel] [RFC 0/9] QContext: QOM class to support multiple event loops

[mdroth]

On Mon, May 06, 2013 at 11:26:06AM +0800, liu ping fan wrote:
> On Sat, May 4, 2013 at 12:03 AM, Michael Roth  
> wrote:
> > These patches apply on top of qemu.git master, and can also be obtained 
> > from:
> > git://github.com/mdroth/qemu.git qcontext
> >
> > OVERVIEW
> >
> > This series introduces a set of QOM classes/interfaces for event
> > registration/handling: QContext and QSource, which are based closely on
> > their GMainContext/GSource GLib counterparts.
> >
> > QContexts can be created via the command-line via -object, and can also be
> > intructed (via -object params/properties) to automatically start a
> > thread/event-loop to handle QSources we attach to them.
> >
> > The reference implementation of QContext is GlibQContext, which uses
> > GMainContext/GSource interfaces underneath the covers, thus we can
> > also attach GSource (and as a result, AioContexts) to it.
> >
> > As part of this series we also port the QEMU main loop to using QContext
> > and drop virtio-blk's dataplane thread in favor of a GlibQContext thread,
> > which virtio-blk dataplane attaches to via it's AioContext's GSource.
> >
> > With these patches in place we can do virtio-blk dataplane assignment
> > like so:
> >
> >   qemu ... \
> > -object glib-qcontext,id=ctx0,threaded=yes
> > -drive file=file.raw,id=drive0,aio=native,cache=none \
> > -device virtio-blk,drive=drive0,scsi=off,x-data-plane=on,context=ctx0
> >
> > And also gain the ability to assign a virtio-blk dataplane to the default
> > QContext driven by the QEMU main iothread:
> >
> >   qemu ... \
> > -drive file=file.raw,id=drive0,aio=native,cache=none \
> > -device virtio-blk,drive=drive0,scsi=off,x-data-plane=on,context=main
> >
> > The latter likely isn't particularly desirable, and the series is in rough
> > shape in general, but the goal of this RFC to demonstrate the approach and
> > get some feedback on how we might handle thread assignments for things like
> > virtio-blk/virtio-net dataplane, and multi-threaded device models general.
> >
> > Input on this would be greatly appreciated.
> >
> > BACKGROUND
> >
> > There has been an outgoing discussion on qemu-devel about what event loop
> > interface to consolidate around for virtio-blk dataplane, threaded 
> > virtio-net,
> > and offloading device workloads to seperate threads in general.
> >
> > Currently the main candidates seem to be GLib GSources and AioContext, with
> > virtio-blk/virtio-net dataplane being the use-cases under consideration.
> >
> > virtio-blk:
> >
> > In the case of virtio-blk dataplane, we need to drive virtqueue and AIO 
> > events.
> > Since AioContext is used extensively throughout the block layer to drive 
> > AIO,
> > it makes sense to re-use it here as we look toward pushing dataplane
> > functionality deeper into the block layer to benefit from things like image
> > format support/snapshots/etc.
> >
> > virtio-net:
> >
> > In the case of Ping Fan's virtio-net dataplane patches
> > (http://thread.gmane.org/gmane.comp.emulators.qemu/196111/focus=196111), we
> > need to drive virtqueue and NetClient peer events (such as TAP devices, or
> > possibly things like slirp in the future). Currently NetClient events rely 
> > on
> > IOHandler interfaces such as qemu_set_fd_handler(). These interfaces are 
> > global
> > ones that rely on a single IOHandler list serviced by QEMU's main loop. An
> > effort is currently underway to port these to GSources so that can be more
> > easilly attached to other event loops (as opposed to the hooks used for the
> > virtio-net dataplane series).
> >
> > Theoretically, much of the latter (such as TAP devices) can also be done 
> > around
> > AioContext with some minor changes, but other NetClient backends such as 
> > slirp
> > lend themselves to more open-ended event loop interfaces like GSources. 
> > Other
> > devices might also find themselves needing something more open-ended (a 
> > somewhat
> > silly but present example being virtio-serial + GSource-driven chardev)
> >
> > QContext:
> >
> > Since the direction for the forseeable future will likely continue to be
> > GSources for some things, AioContext for others, a way to reconcile these
> > approaches would be the age-old approach of adding a layer of abstration on
> > top of the 2 so that we can handle device/backend thread assignments using
> > a general mechanism. Building around this abstration also leaves open the
> > ability to deal with things like locking considerations for real-time 
> > support
> > in the future.
> >
> > A reasonable start to modeling abstraction layer this would be the 
> > open-ended
> > GMainContext/GSource approach that QEMU relies on already, which is what
> > the QContext/QSource interfaces do (with some minor differences/additions
> > such as QSources storing and opaque instead of the GSource-subclassing 
> > approach
> > for GLib).
> >
> I think, custom-ed function for readable or not , ex, tap_can_send()
> should be passed into QSourc

Re: [Qemu-devel] [RFC 0/9] QContext: QOM class to support multiple event loops

[mdroth]

On Mon, May 06, 2013 at 07:25:24AM -0500, Anthony Liguori wrote:
> Paolo Bonzini  writes:
> 
> > Il 03/05/2013 18:03, Michael Roth ha scritto:
> >> These patches apply on top of qemu.git master, and can also be obtained 
> >> from:
> >> git://github.com/mdroth/qemu.git qcontext
> >> 
> >> OVERVIEW
> >> 
> >> This series introduces a set of QOM classes/interfaces for event
> >> registration/handling: QContext and QSource, which are based closely on
> >> their GMainContext/GSource GLib counterparts.
> >> 
> >> QContexts can be created via the command-line via -object, and can also be
> >> intructed (via -object params/properties) to automatically start a
> >> thread/event-loop to handle QSources we attach to them.
> >
> > This is an awesome idea.
> 
> Ack.
> 
> > However, it seems a bit overengineered.
> 
> Ack.
> 
> >  Why do we need QSource at all?
> >  In my opinion, we should first change dataplane to use AioContext as a
> > GSource, and benchmark it thoroughly.  If it is fast enough, we can
> > "just" introduce a glib-based QContext and be done with it.  Hopefully
> > that is the case...
> 
> Why even bother with QContext then?

The QContext/GlibQContext object in general, or the QContext base class?

In the case of the former, I think a wrapper around GLib that we can
instantiate from the command-line line and query properties like TIDs
from is necessary for robust control over event loops and CPU resources.
We get this essentially for free with QOM, so I think it makes sense to
use it.

In the case of the latter I'm not too sure. Without the QSource
abstraction there isn't much reason not to use the native GLib
interfaces on the underlying GSources/GMainContexts directly. In which
case GlibQContext would only need to be a container of sorts with some
minor additions like spawning an event thread for itself.

If we ever did need to switch it out in favor of a non-GLib
implementation, it should be a mostly mechanical conversion of
GSource->QSource and adding some wrappers around
g_main_context_prepare/check/etc.

Also along that line, if we're taking the approach of not adding
infrastructure/cruft until we actually have a plan to use it, it probably
makes sense to make QContext a concrete class implemented via GLib, and we
can move the GLib stuff to a sub-class later if we ever end up with another
QContext implementation.

Does this seem reasonable?

> 
> Regards,
> 
> Anthony Liguori
> 
> >
> > Paolo
> 

Re: [Qemu-devel] [PATCH v2] po/hu.po: Hungarian translation for the GTK+ interface

[Laszlo Ersek]

On 05/06/13 19:14, akoskov...@gmx.com wrote:
> From: Ákos Kovács 
> 
> Cc: Laszlo Ersek 
> Signed-off-by: Ákos Kovács 
> ---
>  Changes in v2: 
> * Fixed input release/grab translations
> * Fixed inconsistency with the "leállítva"/"megállítva" words
> 
>  po/hu.po |   63 
> ++
>  1 files changed, 63 insertions(+), 0 deletions(-)
>  create mode 100644 po/hu.po
> 
> diff --git a/po/hu.po b/po/hu.po
> new file mode 100644
> index 000..340709f
> --- /dev/null
> +++ b/po/hu.po
> @@ -0,0 +1,63 @@
> +# Hungarian translation for QEMU.
> +# This file is put in the public domain.
> +# Ákos Kovács , 2013.
> +#
> +msgid ""
> +msgstr ""
> +"Project-Id-Version: QEMU 1.4.50\n"
> +"Report-Msgid-Bugs-To: qemu-devel@nongnu.org\n"
> +"POT-Creation-Date: 2013-05-06 20:42+0200\n"
> +"PO-Revision-Date: 2013-05-06 20:42+0200\n"
> +"Last-Translator: Ákos Kovács \n"
> +"Language-Team: Hungarian \n"
> +"Language: \n"
> +"MIME-Version: 1.0\n"
> +"Content-Type: text/plain; charset=UTF-8\n"
> +"Content-Transfer-Encoding: 8bit\n"
> +
> +#: ../ui/gtk.c:213
> +msgid " - Press Ctrl+Alt+G to release grab"
> +msgstr " - Nyomj Ctrl+Alt+G-t a bemeneti eszközök elengedéséhez"
> +
> +#: ../ui/gtk.c:217
> +msgid " [Paused]"
> +msgstr " [Megállítva]"
> +
> +#: ../ui/gtk.c:1250
> +msgid "_Machine"
> +msgstr "_Gép"
> +
> +#: ../ui/gtk.c:1252
> +msgid "_Pause"
> +msgstr "_Megállítás"
> +
> +#: ../ui/gtk.c:1258
> +msgid "_Reset"
> +msgstr "Új_raindítás"
> +
> +#: ../ui/gtk.c:1261
> +msgid "Power _Down"
> +msgstr "_Leállítás"
> +
> +#: ../ui/gtk.c:1276
> +msgid "_View"
> +msgstr "_Nézet"
> +
> +#: ../ui/gtk.c:1306
> +msgid "Zoom To _Fit"
> +msgstr "Ablakmérethez _igazítás"
> +
> +#: ../ui/gtk.c:1312
> +msgid "Grab On _Hover"
> +msgstr "Automatikus _elfogás"
> +
> +#: ../ui/gtk.c:1315
> +msgid "_Grab Input"
> +msgstr "_Bemeneti eszközök megragadása"
> +
> +#: ../ui/gtk.c:1341
> +msgid "Show _Tabs"
> +msgstr "_Fülek megjelenítése"
> +
> +#~ msgid "_File"
> +#~ msgstr "_File"
> 

Reviewed-by: Laszlo Ersek 

Re: [Qemu-devel] [PULL 1.5 0/9] ppc patch queue 2013-05-06

[Aurelien Jarno]

On Mon, May 06, 2013 at 05:25:08PM +0200, Alexander Graf wrote:
> Hi Blue / Aurelien,
> 
> This is my current patch queue for ppc with last minute changes for 1.5.
> 
> Please pull.
> 
> 
> Alex
> 
> 
> The following changes since commit 8e515b125d5f7849167dbee6cbe6ef61636607d4:
>   Peter Maydell (1):
> configure: Check that "libtool" is not the MacOSX one
> 
> are available in the git repository at:
> 
>   git://github.com/agraf/qemu.git ppc-for-upstream
> 
> Alexander Graf (1):
>   PPC: Add MMU type for 2.06 with AMR but no TB pages
> 
> Alexey Kardashevskiy (2):
>   pseries: Update SLOF firmware image
>   spapr_llan: fix device reenabling
> 
> Anton Blanchard (2):
>   target-ppc: Fix invalid SPR read/write warnings
>   target-ppc: Add read and write of PPR SPR
> 
> Bharat Bhushan (1):
>   PPC: e500: initialize GPRs as per epapr
> 
> David Gibson (2):
>   pseries: Factor out check for out-of-bounds LIOBN
>   pseries: Fix debug message for out-of-bounds address in H_PUT_TCE
> 
> Tiejun Chen (1):
>   PPC: e500: correct params->ram_size with ram_size
> 
>  hw/net/spapr_llan.c |2 ++
>  hw/ppc/e500.c   |   31 ---
>  hw/ppc/spapr_iommu.c|   14 +++---
>  pc-bios/README  |4 ++--
>  pc-bios/slof.bin|  Bin 880832 -> 909720 bytes
>  roms/SLOF   |2 +-
>  target-ppc/cpu.h|3 +++
>  target-ppc/mmu_helper.c |4 
>  target-ppc/translate.c  |   32 
>  target-ppc/translate_init.c |4 
>  10 files changed, 67 insertions(+), 29 deletions(-)

Thanks, pulled.


-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH qom-cpu for-1.5 0/4] target-i386: X86CPU compatibility properties

[Andreas Färber]

Am 01.05.2013 18:07, schrieb Andreas Färber:
> Hello,
> 
> It's easier adapting the infrastructure to our needs than working around it:
> X86CPU already has QOM properties today. What's lacking is model subclasses,
> and with the one X86CPU type its global properties are overwritten by models.
> But we already know the designated naming scheme for the models!
> 
> So let's simply prepare compat_props for CPU models and make sure they are
> already picked up today.
> 
> This works just fine for changing the 486 CPUID model value and avoids to
> redo the PC part once we have X86CPU subclasses.
> Tested using: ./QMP/qom-get /machine/icc-bridge/icc/child[0].model
> 
> For changing n270 CPUID flags we'll still need to resort to Eduardo's proposed
> helper functions for now.
> 
> Regards,
> Andreas
> 
> Cc: Eduardo Habkost 
> Cc: Igor Mammedov 
> Cc: H. Peter Anvin 
> Cc: Borislav Petkov 
> Cc: Anthony Liguori 
> Cc: Paolo Bonzini 
> Cc: Michael S. Tsirkin 
> 
> Andreas Färber (4):
>   qdev: Let qdev_prop_parse() pass through Error
>   qdev: Introduce qdev_prop_set_custom_globals()
>   target-i386: Emulate X86CPU subclasses for global properties
>   target-i386: Change CPUID model of 486 to 8

Hearing no veto from Anthony on IRC, I have applied these to qom-cpu
(with helper function renamed):
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

Andreas

> 
>  hw/core/qdev-properties.c| 50 
> ++--
>  hw/core/qdev.c   |  7 ++-
>  include/hw/i386/pc.h |  4 
>  include/hw/qdev-properties.h |  7 +--
>  qdev-monitor.c   |  6 +-
>  target-i386/cpu.c| 11 +-
>  6 files changed, 60 insertions(+), 25 deletions(-)
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PULL 1.5 0/6] s390 patch queue 2013-05-06

[Aurelien Jarno]

On Mon, May 06, 2013 at 05:30:18PM +0200, Alexander Graf wrote:
> Hi Blue / Aurelien,
> 
> This is my current patch queue for s390.  Please pull.
> 
> Alex
> 
> 
> The following changes since commit 8e515b125d5f7849167dbee6cbe6ef61636607d4:
>   Peter Maydell (1):
> configure: Check that "libtool" is not the MacOSX one
> 
> are available in the git repository at:
> 
>   git://github.com/agraf/qemu.git s390-for-upstream
> 
> Alexander Graf (1):
>   s390: update s390-ccw.img
> 
> Dominik Dingel (5):
>   S390: BIOS check for file
>   S390: BIOS create link to src folder for .img file
>   S390: Merging s390_ipl_cpu and s390_ipl_reset
>   S390: Add virtio-blk boot
>   S390: BIOS boot from given device
> 
>  configure|1 +
>  hw/s390x/ipl.c   |   38 +++---
>  pc-bios/s390-ccw.img |  Bin 9432 -> 9432 bytes
>  pc-bios/s390-ccw/main.c  |   24 ++--
>  pc-bios/s390-ccw/start.S |2 ++
>  5 files changed, 48 insertions(+), 17 deletions(-)

Thanks, pulled.

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [RFC 0/9] QContext: QOM class to support multiple event loops

[mdroth]

On Mon, May 06, 2013 at 09:54:14AM +0200, Paolo Bonzini wrote:
> Il 03/05/2013 18:03, Michael Roth ha scritto:
> > These patches apply on top of qemu.git master, and can also be obtained 
> > from:
> > git://github.com/mdroth/qemu.git qcontext
> > 
> > OVERVIEW
> > 
> > This series introduces a set of QOM classes/interfaces for event
> > registration/handling: QContext and QSource, which are based closely on
> > their GMainContext/GSource GLib counterparts.
> > 
> > QContexts can be created via the command-line via -object, and can also be
> > intructed (via -object params/properties) to automatically start a
> > thread/event-loop to handle QSources we attach to them.
> 
> This is an awesome idea.
> 
> However, it seems a bit overengineered.  Why do we need QSource at all?
>  In my opinion, we should first change dataplane to use AioContext as a
> GSource, and benchmark it thoroughly.  If it is fast enough, we can

I think it would be great to just stick with GSources. I didn't want to
rely too heavily on GLib for the RFC since there seems to be some
reservations about relying too heavily on GLib for our
OneTrueEventLoop interface (mainly, lack of PI mutexes in the context of
real-time device threads, or other performance considerations that might
pop up and cause us to rethink our use of glib).

However, knowing that we *could* do something like porting to QSources and
using a different QContext implementation if the need ever became
evident is enough for me, and I'm happy to drop QSources until we
actually need them. The GSource->QSource conversions would be mostly
mechanical.

> GSource, and benchmark it thoroughly.  If it is fast enough, we can
> "just" introduce a glib-based QContext and be done with it.  Hopefully
> that is the case...

Sounds good to me. I'll look into that more, and talk to some of our
performance folks who were involved with the virtio-blk dataplane
testing.

> 
> Paolo
> 

[Qemu-devel] [PATCH 9/9] spapr_llan: fix device reenabling

[Alexander Graf]

From: Alexey Kardashevskiy 

Normally, the "tap" device is polled by QEMU if a guest NIC can
receive packets. If a guest NIC is stopped during transfer (rmmod or
ifdown), it may still have packets in a queue which have to be send
to the guest before QEMU enables polling of a "tap" interface via
tap_update_fd_handler().

However the spapr_llan device was missing the qemu_flush_queued_packets()
call so the tap_send_completed() callback was never called and therefore
"tap" interface polling was not enabled ever.

The patch fixes this problem.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Alexander Graf 
---
 hw/net/spapr_llan.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index 3150add..03a09f2 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -336,6 +336,8 @@ static target_ulong h_register_logical_lan(PowerPCCPU *cpu,
 spapr_vio_dma_set(sdev, VLAN_BD_ADDR(rec_queue), 0, 
VLAN_BD_LEN(rec_queue));
 
 dev->isopen = 1;
+qemu_flush_queued_packets(qemu_get_queue(dev->nic));
+
 return H_SUCCESS;
 }
 
-- 
1.6.0.2

Re: [Qemu-devel] Incorrect handling of PPC64 rldcl insn

[Torbjorn Granlund]

Alexander Graf  writes:

  Thanks a lot for the bug report and test case! Please CC qemu-ppc
  whenever you find issues or have patches for PPC. That makes filtering
  for important mails a lot easier.
  
Would that make my complaints be considered more or less important?  :-)

  Does the patch below fix the issue for you?
  
It indeed does.  (I actually tried that already, but I cannot follow the
data flow into these functions, so cannot tell if that patch is
sufficient.  This bug indicates complete non-testing status of these
insns, which are mainstream enough to be generated by gcc.  I suppose
there will likely be more such fundamental errors if more instructions
are also completely untested.)

-- 
Torbjörn

Re: [Qemu-devel] [PATCH v7 0/7] push mmio dispatch out of big lock

[Paolo Bonzini]

Il 06/05/2013 16:05, Jan Kiszka ha scritto:
>> Also, memory_region_find cannot know if it's returning a valid result,
>> and the callee cannot check it because the region may have disappeared
>> already when it is returned.
> 
> Again, we hold the address space lock while checking the conditions. If
> a region does not supports BQL-free mode and BQL is not held, we have an
> error and return NULL (or bail out with a runtime error).

I've now posted my patches (which are really complementary to Ping
Fan's), and there's no address space lock.  (here is a lock, but the
critical section is literally a handful of instructions and everything
is done with reference counting.

Paolo

[Qemu-devel] [PATCH 5/9] PPC: Add MMU type for 2.06 with AMR but no TB pages

[Alexander Graf]

When running -cpu on a POWER7 system with PR KVM, we mask out the 1TB
MMU capability from the MMU type mask, but not the AMR bit.

This leads to us having a new MMU type that we don't check for in our
MMU management functions.

Add the new type, so that we don't have to worry about breakage there.
We're not going to use the TCG MMU management in that case anyway.

The long term fix for this will be to move all these MMU management
functions to class callbacks.

Signed-off-by: Alexander Graf 
---
 target-ppc/cpu.h|3 +++
 target-ppc/mmu_helper.c |4 
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 7cacb56..aa1d013 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -119,6 +119,9 @@ enum powerpc_mmu_t {
 /* Architecture 2.06 variant   */
 POWERPC_MMU_2_06   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
  | POWERPC_MMU_AMR | 0x0003,
+/* Architecture 2.06 "degraded" (no 1T segments)   */
+POWERPC_MMU_2_06a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
+ | 0x0003,
 /* Architecture 2.06 "degraded" (no 1T segments or AMR)*/
 POWERPC_MMU_2_06d  = POWERPC_MMU_64 | 0x0003,
 #endif /* defined(TARGET_PPC64) */
diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index acf0133..68d5415 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -1188,6 +1188,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
CPUPPCState *env)
 #if defined(TARGET_PPC64)
 case POWERPC_MMU_64B:
 case POWERPC_MMU_2_06:
+case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_06d:
 dump_slb(f, cpu_fprintf, env);
 break;
@@ -1324,6 +1325,7 @@ hwaddr cpu_get_phys_page_debug(CPUPPCState *env, 
target_ulong addr)
 #if defined(TARGET_PPC64)
 case POWERPC_MMU_64B:
 case POWERPC_MMU_2_06:
+case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_06d:
 return ppc_hash64_get_phys_page_debug(env, addr);
 #endif
@@ -1815,6 +1817,7 @@ void ppc_tlb_invalidate_all(CPUPPCState *env)
 #if defined(TARGET_PPC64)
 case POWERPC_MMU_64B:
 case POWERPC_MMU_2_06:
+case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_06d:
 #endif /* defined(TARGET_PPC64) */
 tlb_flush(env, 1);
@@ -1884,6 +1887,7 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, 
target_ulong addr)
 #if defined(TARGET_PPC64)
 case POWERPC_MMU_64B:
 case POWERPC_MMU_2_06:
+case POWERPC_MMU_2_06a:
 case POWERPC_MMU_2_06d:
 /* tlbie invalidate TLBs for all segments */
 /* XXX: given the fact that there are too many segments to invalidate,
-- 
1.6.0.2

[Qemu-devel] [RFC PATCH 1/8] memory: add ref/unref calls

[Paolo Bonzini]

Add ref/unref calls at the following places:

- places where memory regions are stashed by a listener and
  used outside the BQL (including in Xen or KVM).

- memory_region_find callsites

Signed-off-by: Paolo Bonzini 
---
 exec.c|6 +-
 hw/core/loader.c  |1 +
 hw/display/exynos4210_fimd.c  |6 ++
 hw/display/framebuffer.c  |   10 ++
 hw/i386/kvm/ioapic.c  |2 ++
 hw/i386/kvmvapic.c|1 +
 hw/misc/vfio.c|2 ++
 hw/virtio/dataplane/hostmem.c |7 +++
 hw/virtio/vhost.c |2 ++
 hw/virtio/virtio-balloon.c|1 +
 hw/xen/xen_pt.c   |4 
 include/exec/memory.h |9 +
 include/hw/virtio/dataplane/hostmem.h |1 +
 kvm-all.c |2 ++
 memory.c  |   16 
 target-arm/kvm.c  |2 ++
 target-sparc/mmu_helper.c |1 +
 xen-all.c |2 ++
 18 files changed, 70 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index 91cd28f..9f324bb 100644
--- a/exec.c
+++ b/exec.c
@@ -753,12 +753,16 @@ static uint16_t phys_section_add(MemoryRegionSection 
*section)
 phys_sections_nb_alloc);
 }
 phys_sections[phys_sections_nb] = *section;
+memory_region_ref(section->mr);
 return phys_sections_nb++;
 }
 
 static void phys_sections_clear(void)
 {
-phys_sections_nb = 0;
+while (phys_sections_nb > 0) {
+MemoryRegionSection *section = &phys_sections[--phys_sections_nb];
+memory_region_unref(section->mr);
+}
 }
 
 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection 
*section)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 7507914..97e7ba2 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -727,6 +727,7 @@ int rom_load_all(void)
 addr += rom->romsize;
 section = memory_region_find(get_system_memory(), rom->addr, 1);
 rom->isrom = section.size && memory_region_is_rom(section.mr);
+memory_region_unref(section.mr);
 }
 qemu_register_reset(rom_reset, NULL);
 roms_loaded = 1;
diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index 6cb5016..afa2e54 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -1126,6 +1126,11 @@ static void 
fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
 /* Total number of bytes of virtual screen used by current window */
 w->fb_len = fb_mapped_len = (w->virtpage_width + w->virtpage_offsize) *
 (w->rightbot_y - w->lefttop_y + 1);
+
+/* TODO: add .exit and unref the region there.  Not needed yet since sysbus
+ * does not support hot-unplug.
+ */
+memory_region_unref(w->mem_section.mr);
 w->mem_section = memory_region_find(sysbus_address_space(&s->busdev),
 fb_start_addr, w->fb_len);
 assert(w->mem_section.mr);
@@ -1154,6 +1159,7 @@ static void 
fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
 return;
 
 error_return:
+memory_region_unref(w->mem_section.mr);
 w->mem_section.mr = NULL;
 w->mem_section.size = 0;
 w->host_fb_addr = NULL;
diff --git a/hw/display/framebuffer.c b/hw/display/framebuffer.c
index 6be31db..8288b93 100644
--- a/hw/display/framebuffer.c
+++ b/hw/display/framebuffer.c
@@ -54,10 +54,10 @@ void framebuffer_update_display(
 src_len = src_width * rows;
 
 mem_section = memory_region_find(address_space, base, src_len);
+mem = mem_section.mr;
 if (mem_section.size != src_len || !memory_region_is_ram(mem_section.mr)) {
-return;
+goto out;
 }
-mem = mem_section.mr;
 assert(mem);
 assert(mem_section.offset_within_address_space == base);
 
@@ -67,10 +67,10 @@ void framebuffer_update_display(
but it's not really worth it as dirty flag tracking will probably
already have failed above.  */
 if (!src_base)
-return;
+goto out;
 if (src_len != src_width * rows) {
 cpu_physical_memory_unmap(src_base, src_len, 0, 0);
-return;
+goto out;
 }
 src = src_base;
 dest = surface_data(ds);
@@ -107,4 +107,6 @@ void framebuffer_update_display(
   DIRTY_MEMORY_VGA);
 *first_row = first;
 *last_row = last;
+out:
+memory_region_unref(mem);
 }
diff --git a/hw/i386/kvm/ioapic.c b/hw/i386/kvm/ioapic.c
index 3ad951e..9192b39 100644
--- a/hw/i386/kvm/ioapic.c
+++ b/hw/i386/kvm/ioapic.c
@@ -114,6 +114,8 @@ static void kvm_ioapic_put(IOAPICCommonState *s)
 fprintf(stderr, "KVM_GET_IRQCHIP failed: %s\n", strerror(ret));
 abort();
 }
+
+memory_region_unref(mrs.mr);
 }
 
 static void kvm_ioapic_reset(DeviceState *dev)
diff --git a/hw/i386/kv

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Michael Tokarev]

06.05.2013 18:42, Anthony Liguori wrote:
> 
> Hi,
> 
> I believe I have processed all of the outstanding pull requests and
> patches tagged for 1.5.  If there are any other patches or pull requests
> you would like to be considered, please respond to this note with a
> pointer to the patch or make sure you send it out tagged with 'for-1.5'
> no later than 5pm US/Eastern.

There's one more trivial pull request (3 changes) pending for 1.5.

Thanks,

/mjt

The following changes since commit 8e515b125d5f7849167dbee6cbe6ef61636607d4:

  configure: Check that "libtool" is not the MacOSX one (2013-05-06 06:52:03 
-0500)

are available in the git repository at:

  git://git.corpit.ru/qemu.git trivial-patches

for you to fetch changes up to ce08a537bdb758fa0583127e21bc9ae7842d0216:

  audio: update documentation after removing --audio-card-list option 
(2013-05-06 22:04:45 +0400)


Ed Maste (2):
  bsd-user: OS-agnostic 64-bit SYSCTL types
  m25p80.c: Sync Flash chip list with Linux

Hervé Poussineau (1):
  audio: update documentation after removing --audio-card-list option

 bsd-user/syscall.c |7 ---
 hw/block/m25p80.c  |   31 ++-
 qemu-doc.texi  |4 
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 69e3466..a4d1583 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -211,10 +211,11 @@ static int sysctl_oldcvt(void *holdp, size_t holdlen, 
uint32_t kind)
 *(uint64_t *)holdp = tswap64(*(unsigned long *)holdp);
 break;
 #endif
-#if !defined(__FreeBSD_version) || __FreeBSD_version < 900031
-case CTLTYPE_QUAD:
-#else
+#ifdef CTLTYPE_U64
+case CTLTYPE_S64:
 case CTLTYPE_U64:
+#else
+case CTLTYPE_QUAD:
 #endif
 *(uint64_t *)holdp = tswap64(*(uint64_t *)holdp);
 break;
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index b3ca19a..759c84d 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -91,18 +91,27 @@ static const FlashPartInfo known_devices[] = {
 { INFO("at26df161a",  0x1f4601,  0,  64 << 10,  32, ER_4K) },
 { INFO("at26df321",   0x1f4700,  0,  64 << 10,  64, ER_4K) },

+{ INFO("at45db081d",  0x1f2500,  0,  64 << 10,  16, ER_4K) },
+
 /* EON -- en25xxx */
 { INFO("en25f32", 0x1c3116,  0,  64 << 10,  64, ER_4K) },
 { INFO("en25p32", 0x1c2016,  0,  64 << 10,  64, 0) },
 { INFO("en25q32b",0x1c3016,  0,  64 << 10,  64, 0) },
 { INFO("en25p64", 0x1c2017,  0,  64 << 10, 128, 0) },
+{ INFO("en25q64", 0x1c3017,  0,  64 << 10, 128, ER_4K) },
+
+/* GigaDevice */
+{ INFO("gd25q32", 0xc84016,  0,  64 << 10,  64, ER_4K) },
+{ INFO("gd25q64", 0xc84017,  0,  64 << 10, 128, ER_4K) },

 /* Intel/Numonyx -- xxxs33b */
 { INFO("160s33b", 0x898911,  0,  64 << 10,  32, 0) },
 { INFO("320s33b", 0x898912,  0,  64 << 10,  64, 0) },
 { INFO("640s33b", 0x898913,  0,  64 << 10, 128, 0) },
+{ INFO("n25q064", 0x20ba17,  0,  64 << 10, 128, 0) },

 /* Macronix */
+{ INFO("mx25l2005a",  0xc22012,  0,  64 << 10,   4, ER_4K) },
 { INFO("mx25l4005a",  0xc22013,  0,  64 << 10,   8, ER_4K) },
 { INFO("mx25l8005",   0xc22014,  0,  64 << 10,  16, 0) },
 { INFO("mx25l1606e",  0xc22015,  0,  64 << 10,  32, ER_4K) },
@@ -113,15 +122,16 @@ static const FlashPartInfo known_devices[] = {
 { INFO("mx25l25635e", 0xc22019,  0,  64 << 10, 512, 0) },
 { INFO("mx25l25655e", 0xc22619,  0,  64 << 10, 512, 0) },

+/* Micron */
+{ INFO("n25q128a11",  0x20bb18,  0,  64 << 10, 256, 0) },
+{ INFO("n25q128a13",  0x20ba18,  0,  64 << 10, 256, 0) },
+{ INFO("n25q256a",0x20ba19,  0,  64 << 10, 512, ER_4K) },
+
 /* Spansion -- single (large) sector size only, at least
  * for the chips listed here (without boot sectors).
  */
-{ INFO("s25sl004a",   0x010212,  0,  64 << 10,   8, 0) },
-{ INFO("s25sl008a",   0x010213,  0,  64 << 10,  16, 0) },
-{ INFO("s25sl016a",   0x010214,  0,  64 << 10,  32, 0) },
-{ INFO("s25sl032a",   0x010215,  0,  64 << 10,  64, 0) },
 { INFO("s25sl032p",   0x010215, 0x4d00,  64 << 10,  64, ER_4K) },
-{ INFO("s25sl064a",   0x010216,  0,  64 << 10, 128, 0) },
+{ INFO("s25sl064p",   0x010216, 0x4d00,  64 << 10, 128, ER_4K) },
 { INFO("s25fl256s0",  0x010219, 0x4d00, 256 << 10, 128, 0) },
 { INFO("s25fl256s1",  0x010219, 0x4d01,  64 << 10, 512, 0) },
 { INFO("s25fl512s",   0x010220, 0x4d00, 256 << 10, 256, 0) },
@@ -130,6 +140,11 @@ static const FlashPartInfo known_devices[] = {
 { INFO("s25sl12801",  0x012018, 0x0301,  64 << 10, 256, 0) },
 { INFO("s25fl129p0",  0x012018, 0x4d00, 256 << 10,  64, 0) },
 { INFO("s25fl129p1",  0x012018, 0x4d01,  64 << 10, 256, 0) },
+{ INFO("s25s

Re: [Qemu-devel] Last Call for 1.5 before Hard Freeze

[Anthony Liguori]

Paolo Bonzini  writes:

> Il 06/05/2013 16:42, Anthony Liguori ha scritto:
>> 
>> Hi,
>> 
>> I believe I have processed all of the outstanding pull requests and
>> patches tagged for 1.5.  If there are any other patches or pull requests
>> you would like to be considered, please respond to this note with a
>> pointer to the patch or make sure you send it out tagged with 'for-1.5'
>> no later than 5pm US/Eastern.
>
> Thanks Anthony!
>
> And please remember to update the changelog.  It's already a pretty
> featureful release, but I have no idea about what's happening in VNC
> land (LED extension and WebSockets?) and what are the visible effects of
> Gerd's console refactorings.

Ack.

> BTW, so far we have 10% more commits than 1.3.0:
>
> $ git log --pretty=oneline v1.2.0..v1.3.0-rc0|wc
>1608   11447  141561
> $ git log --pretty=oneline v1.3.0..v1.4.0-rc0|wc
>12999086  114069
> $ git log --pretty=oneline v1.4.0..HEAD|wc
>1837   13002  161841

We are averaging 22.66 commits a day for this release.  The 1.4 release
was 18.86.  So we're looking at almost a 20% increase.

Here's a graph of QEMU's full history.  This is by far the most active
release.

http://www.codemonkey.ws/files/qemu-commits.svg

Regards,

Anthony Liguori

>
> Paolo

Re: [Qemu-devel] [RFC][PATCH 08/15] isa: implement isa_is_ioport_assigned via memory_region_find

[Paolo Bonzini]

Il 06/05/2013 16:55, Andreas Färber ha scritto:
> Am 06.05.2013 16:26, schrieb Jan Kiszka:
>> Move isa_is_ioport_assigned to the ISA core and implement it via a
>> memory region lookup. As all IO ports are now directly or indirectly
>> registered via the memory API, this becomes possible and will finally
>> allow us to drop the ioport tables.
>>
>> Signed-off-by: Jan Kiszka 
>> ---
>>  hw/acpi/piix4.c   |6 +++---
>>  hw/isa/isa-bus.c  |   11 +++
>>  hw/isa/lpc_ich9.c |8 
>>  include/exec/ioport.h |1 -
>>  include/hw/isa/isa.h  |2 ++
>>  ioport.c  |7 ---
>>  6 files changed, 20 insertions(+), 15 deletions(-)
>>
>> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
>> index c4af1cc..5955217 100644
>> --- a/hw/acpi/piix4.c
>> +++ b/hw/acpi/piix4.c
>> @@ -386,10 +386,10 @@ static void piix4_pm_machine_ready(Notifier *n, void 
>> *opaque)
>>  uint8_t *pci_conf;
>>  
>>  pci_conf = s->dev.config;
>> -pci_conf[0x5f] = (isa_is_ioport_assigned(0x378) ? 0x80 : 0) | 0x10;
>> +pci_conf[0x5f] = (isa_is_ioport_assigned(NULL, 0x378) ? 0x80 : 0) | 
>> 0x10;
>>  pci_conf[0x63] = 0x60;
>> -pci_conf[0x67] = (isa_is_ioport_assigned(0x3f8) ? 0x08 : 0) |
>> -(isa_is_ioport_assigned(0x2f8) ? 0x90 : 0);
>> +pci_conf[0x67] = (isa_is_ioport_assigned(NULL, 0x3f8) ? 0x08 : 0) |
>> +(isa_is_ioport_assigned(NULL, 0x2f8) ? 0x90 : 0);
>>  
>>  }
>>  
> 
> Is there really no way to access the ISABus from this device? Would be
> nice to get rid of global ISA variables and not introduce more
> dependencies. :)

There's always a way to find the ISABus via QOM:

ISABus *isa_bus = (ISABus *) object_resolve_path_type("", TYPE_ISA_BUS, 
NULL);

Paolo

[Qemu-devel] [PATCH qom-cpu-next 3/3] target-i386: Add "filtered-features" property to X86CPU

[Eduardo Habkost]

This property will contain all the features that were removed from the
CPU because they are not supported by the host.

This way, libvirt or other management tools can emulate the
check/enforce behavior by checking if filtered-properties is all zeroes,
before starting the guest.

Example output where some features were missing:

  $ ./install/bin/qemu-system-x86_64 -enable-kvm -cpu Haswell,check -S -qmp 
unix:/tmp/m,server,nowait
  warning: host doesn't support requested feature: CPUID.01H:ECX.fma [bit 12]
  warning: host doesn't support requested feature: CPUID.01H:ECX.movbe [bit 22]
  warning: host doesn't support requested feature: CPUID.01H:ECX.tsc-deadline 
[bit 24]
  warning: host doesn't support requested feature: CPUID.01H:ECX.xsave [bit 26]
  warning: host doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
  warning: host doesn't support requested feature: CPUID.07H:EBX.fsgsbase [bit 
0]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi1 [bit 3]
  warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
  warning: host doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5]
  warning: host doesn't support requested feature: CPUID.07H:EBX.smep [bit 7]
  warning: host doesn't support requested feature: CPUID.07H:EBX.bmi2 [bit 8]
  warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
  warning: host doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 
10]
  warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
  [...]
  $ ./QMP/qmp --path=/tmp/m qom-get --path=/machine/unattached/device[1] 
--property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 4025
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 356519936
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Example output when no feature is missing:

  $ ./install/bin/qemu-system-x86_64 -enable-kvm -cpu Nehalem,enforce -S -qmp 
unix:/tmp/m,server,nowait
  [...]
  $ ./QMP/qmp --path=/tmp/m qom-get --path=/machine/unattached/device[1]
  --property=filtered-features
  item[0].cpuid-register: EDX
  item[0].cpuid-input-eax: 2147483658
  item[0].features: 0
  item[1].cpuid-register: EAX
  item[1].cpuid-input-eax: 1073741825
  item[1].features: 0
  item[2].cpuid-register: EDX
  item[2].cpuid-input-eax: 3221225473
  item[2].features: 0
  item[3].cpuid-register: ECX
  item[3].cpuid-input-eax: 2147483649
  item[3].features: 0
  item[4].cpuid-register: EDX
  item[4].cpuid-input-eax: 2147483649
  item[4].features: 0
  item[5].cpuid-register: EBX
  item[5].cpuid-input-eax: 7
  item[5].features: 0
  item[5].cpuid-input-ecx: 0
  item[6].cpuid-register: ECX
  item[6].cpuid-input-eax: 1
  item[6].features: 0
  item[7].cpuid-register: EDX
  item[7].cpuid-input-eax: 1
  item[7].features: 0

Signed-off-by: Eduardo Habkost 
Reviewed-by: Eric Blake 
---
Changes v11 -> v12:
 * Rebase on top of qom-cpu-next
   (commit bd87d2a - target-i386: Use FeatureWord loop on 
filter_features_for_kvm())
---
 target-i386/cpu.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 38793bc..eb1825b 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1418,11 +1418,11 @@ static void x86_cpuid_set_apic_id(Object *obj, Visitor 
*v, void *opaque,
 cpu->env.cpuid_apic_id = value;
 }
 
+/* Generic getter for "feature-words" and "filtered-features" properties */
 static void x86_cpu_get_feature_words(Object *obj, Visitor *v, void *opaque,
   const char *name, Error **errp)
 {
-X86CPU *cpu = X86_CPU(obj);
-CPUX86State *env = &cpu->env;
+uint32_t *array = (uint32_t *)opaque;
 FeatureWord w;
 Error *err = NULL;
 X86CPUFeatureWordInfo word_infos[FEATURE_WORDS] = { };
@@ -1436,7 +1436,7 @@ static void x86_cpu_get_feature_words(Object *obj, 
Visitor *v, void *opaque,
 qwi->has_cpuid_input_ecx = wi->cpuid_needs_ecx;
 qwi->cpuid_input_ecx = wi->cpuid_ecx;
 qwi->cpuid_register = x86_reg_info_32[wi->cpuid_reg].qapi_enum;
-qwi->features = env->features[w];
+qwi->features = array[w];
 
 /* List will be in reverse order, but order shouldn't matter */
 list_entries[w].next = list;
@@ -2444,7 +2444,10 @@ static void x86_cpu_initfn(Object *obj)
 x86_cpuid_set_apic_id, NULL, NULL, NULL);
 object_property

[Qemu-devel] [PULL 1.5 0/6] s390 patch queue 2013-05-06

[Alexander Graf]

Hi Blue / Aurelien,

This is my current patch queue for s390.  Please pull.

Alex


The following changes since commit 8e515b125d5f7849167dbee6cbe6ef61636607d4:
  Peter Maydell (1):
configure: Check that "libtool" is not the MacOSX one

are available in the git repository at:

  git://github.com/agraf/qemu.git s390-for-upstream

Alexander Graf (1):
  s390: update s390-ccw.img

Dominik Dingel (5):
  S390: BIOS check for file
  S390: BIOS create link to src folder for .img file
  S390: Merging s390_ipl_cpu and s390_ipl_reset
  S390: Add virtio-blk boot
  S390: BIOS boot from given device

 configure|1 +
 hw/s390x/ipl.c   |   38 +++---
 pc-bios/s390-ccw.img |  Bin 9432 -> 9432 bytes
 pc-bios/s390-ccw/main.c  |   24 ++--
 pc-bios/s390-ccw/start.S |2 ++
 5 files changed, 48 insertions(+), 17 deletions(-)

[Qemu-devel] [PATCH] memory: Rename readable flag to romd_mode

[Jan Kiszka]

"Readable" is a very unfortunate name for this flag because even a
rom_device region will always be readable from the guest POV. What
differs is the mapping, just like the comments had to explain already.
Also, readable could currently be understood as being a generic region
flag, but it only applies to rom_device regions.

So name the flag and the function to modify it after the original term
"ROMD" which could also be interpreted as "ROM direct", i.e. ROM mode
with direct access. In any case, the scope if the flag is clearer now.

Signed-off-by: Jan Kiszka 
---

Depends on "memory: Replace open-coded memory_region_is_romd", but I
don't think this patch is "trivial" as well, though it is just renaming
things. Just in case, I'm CCing the trivial list as well.

Paolo, or would you open a memory branch so that related stuff can flow
through one queue?

 hw/block/pflash_cfi01.c |6 +++---
 hw/block/pflash_cfi02.c |2 +-
 include/exec/memory.h   |   22 +++---
 memory.c|   30 +++---
 4 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 3ff20e0..63d7c99 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -105,7 +105,7 @@ static void pflash_timer (void *opaque)
 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
 /* Reset flash */
 pfl->status ^= 0x80;
-memory_region_rom_device_set_readable(&pfl->mem, true);
+memory_region_rom_device_set_romd(&pfl->mem, true);
 pfl->wcycle = 0;
 pfl->cmd = 0;
 }
@@ -281,7 +281,7 @@ static void pflash_write(pflash_t *pfl, hwaddr offset,
 
 if (!pfl->wcycle) {
 /* Set the device in I/O access mode */
-memory_region_rom_device_set_readable(&pfl->mem, false);
+memory_region_rom_device_set_romd(&pfl->mem, false);
 }
 
 switch (pfl->wcycle) {
@@ -458,7 +458,7 @@ static void pflash_write(pflash_t *pfl, hwaddr offset,
   "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
 
  reset_flash:
-memory_region_rom_device_set_readable(&pfl->mem, true);
+memory_region_rom_device_set_romd(&pfl->mem, true);
 
 pfl->wcycle = 0;
 pfl->cmd = 0;
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 9a7fa70..5f25246 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -111,7 +111,7 @@ static void pflash_setup_mappings(pflash_t *pfl)
 
 static void pflash_register_memory(pflash_t *pfl, int rom_mode)
 {
-memory_region_rom_device_set_readable(&pfl->orig_mem, rom_mode);
+memory_region_rom_device_set_romd(&pfl->orig_mem, rom_mode);
 pfl->rom_mode = rom_mode;
 }
 
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 9e88320..ed8a7ee 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -126,7 +126,7 @@ struct MemoryRegion {
 ram_addr_t ram_addr;
 bool subpage;
 bool terminates;
-bool readable;
+bool romd_mode;
 bool ram;
 bool readonly; /* For RAM regions */
 bool enabled;
@@ -355,16 +355,16 @@ uint64_t memory_region_size(MemoryRegion *mr);
 bool memory_region_is_ram(MemoryRegion *mr);
 
 /**
- * memory_region_is_romd: check whether a memory region is ROMD
+ * memory_region_is_romd: check whether a memory region is in ROMD mode
  *
- * Returns %true is a memory region is ROMD and currently set to allow
+ * Returns %true is a memory region is a ROM device and currently set to allow
  * direct reads.
  *
  * @mr: the memory region being queried
  */
 static inline bool memory_region_is_romd(MemoryRegion *mr)
 {
-return mr->rom_device && mr->readable;
+return mr->rom_device && mr->romd_mode;
 }
 
 /**
@@ -502,18 +502,18 @@ void memory_region_reset_dirty(MemoryRegion *mr, hwaddr 
addr,
 void memory_region_set_readonly(MemoryRegion *mr, bool readonly);
 
 /**
- * memory_region_rom_device_set_readable: enable/disable ROM readability
+ * memory_region_rom_device_set_romd: enable/disable ROMD mode
  *
  * Allows a ROM device (initialized with memory_region_init_rom_device() to
- * to be marked as readable (default) or not readable.  When it is readable,
- * the device is mapped to guest memory.  When not readable, reads are
- * forwarded to the #MemoryRegion.read function.
+ * set to ROMD mode (default) or MMIO mode.  When it is in ROMD mode, the
+ * device is mapped to guest memory and satisfies read access directly.
+ * When in MMIO mode, reads are forwarded to the #MemoryRegion.read function.
+ * Writes are always handled by the #MemoryRegion.write function.
  *
  * @mr: the memory region to be updated
- * @readable: whether reads are satisified directly (%true) or via callbacks
- *(%false)
+ * @romd_mode: whether the region in in ROMD mode or not
  */
-void memory_region_rom_device_set_readable(MemoryRegion *mr, bool readable);
+void memory_region_rom_device_set_romd(MemoryRegion *mr, bool romd_mode);
 
 /**
  * memory_region_set_coalescing: Enable

[Qemu-devel] [PATCH] PPC: Fix rldcl

[Alexander Graf]

The implementation for rldcl tried to always fetch its
parameters from the opcode, even though the opcode was
already passed in in decoded and different forms.

Use the parameters instead, fixing rldcl.

Reported-by: Torbjorn Granlund 
Signed-off-by: Alexander Graf 
---
 target-ppc/translate.c |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 0886f4d..a018616 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1733,8 +1733,6 @@ static inline void gen_rldnm(DisasContext *ctx, uint32_t 
mb, uint32_t me)
 {
 TCGv t0;
 
-mb = MB(ctx->opcode);
-me = ME(ctx->opcode);
 t0 = tcg_temp_new();
 tcg_gen_andi_tl(t0, cpu_gpr[rB(ctx->opcode)], 0x3f);
 tcg_gen_rotl_tl(t0, cpu_gpr[rS(ctx->opcode)], t0);
-- 
1.6.0.2

[Qemu-devel] [RFC][PATCH 12/15] vmware-vga: Accept unaligned I/O accesses

[Jan Kiszka]

Before switching to the memory core dispatcher, we need to make sure
that this pv-device will continue to receive unaligned portio accesses.

Signed-off-by: Jan Kiszka 
---
 hw/display/vmware_vga.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index fd3569d..ec41681 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -1241,6 +1241,10 @@ static const MemoryRegionOps vmsvga_io_ops = {
 .valid = {
 .min_access_size = 4,
 .max_access_size = 4,
+.unaligned = true,
+},
+.impl = {
+.unaligned = true,
 },
 };
 
-- 
1.7.3.4

Re: [Qemu-devel] 1.4.1 won't build with --enable-debug-tcg (or --enable-debug)

[Aurelien Jarno]

Hi,

On Sat, May 04, 2013 at 03:23:28PM +0100, Richard Sandiford wrote:
> Juergen Lock  writes:
> > Hi!
> >
> >  The failure is in the mips64-softmmu target: (at least)
> >
> > [...]
> >   CCmips64-softmmu/target-mips/translate.o
> >  ..qemu-1.4.1/target-mips/translate.c::2780:35 : error: 
> >   passing 'int' to parameter of incompatible type 'TCGv_i32'
> > gen_helper_dmult(cpu_env, acc, t0, t1);
> >   ^~~
> > [...]
> >
> >  Looks like this line came in with this patch by Aurelien Jarno: (Cc'd)
> >
> > http://patchwork.ozlabs.org/patch/234926/
>
> Ouch.  I can see what Michael means about scary conflicts.  The code
> in the 1.4 branch looks different from both the code at the time the
> patch was submitted and the code at the time the patch was applied.

I made this mistake when fixing the conflict which appeared when
backporting the patch to stable. Maybe we should have live with the
bug in the stable version instead. That said, I haven't seen the
problem when booting various guests, it probably works correctly when
not using DSP extensions.

> Here's one fix, but maybe Aurelien has a better idea.
> 

The fix is correct. Thanks.

Aurelien

> From 61b79e34bc57df0aa0c8086bd86f4c8818618d0e Mon Sep 17 00:00:00 2001
> From: Richard Sandiford 
> Date: Sat, 4 May 2013 15:01:31 +0100
> Subject: [PATCH] target-mips: Fix accumulator arguments to gen_helper_dmult(u)
> 
> gen_muldiv was passing int accumulator arguments directly
> to gen_helper_dmult(u).  This patch fixes it to use TCGs,
> via the gen_helper_0e2i wrapper.
> 
> Fixes an --enable-debug-tcg build failure reported by Juergen Lock.
> 
> Signed-off-by: Richard Sandiford 
> ---
>  target-mips/helper.h| 4 ++--
>  target-mips/op_helper.c | 8 
>  target-mips/translate.c | 4 ++--
>  3 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/target-mips/helper.h b/target-mips/helper.h
> index cfe98f1..7aa5f79 100644
> --- a/target-mips/helper.h
> +++ b/target-mips/helper.h
> @@ -24,8 +24,8 @@ DEF_HELPER_FLAGS_1(clz, TCG_CALL_NO_RWG_SE, tl, tl)
>  #ifdef TARGET_MIPS64
>  DEF_HELPER_FLAGS_1(dclo, TCG_CALL_NO_RWG_SE, tl, tl)
>  DEF_HELPER_FLAGS_1(dclz, TCG_CALL_NO_RWG_SE, tl, tl)
> -DEF_HELPER_4(dmult, void, env, int, tl, tl)
> -DEF_HELPER_4(dmultu, void, env, int, tl, tl)
> +DEF_HELPER_4(dmult, void, env, tl, tl, int)
> +DEF_HELPER_4(dmultu, void, env, tl, tl, int)
>  #endif
>  
>  DEF_HELPER_3(muls, tl, env, tl, tl)
> diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
> index c054300..01df687 100644
> --- a/target-mips/op_helper.c
> +++ b/target-mips/op_helper.c
> @@ -268,14 +268,14 @@ target_ulong helper_mulshiu(CPUMIPSState *env, 
> target_ulong arg1,
>  }
>  
>  #ifdef TARGET_MIPS64
> -void helper_dmult(CPUMIPSState *env, int acc, target_ulong arg1,
> -  target_ulong arg2)
> +void helper_dmult(CPUMIPSState *env, target_ulong arg1,
> +  target_ulong arg2, int acc)
>  {
>  muls64(&(env->active_tc.LO[acc]), &(env->active_tc.HI[acc]), arg1, arg2);
>  }
>  
> -void helper_dmultu(CPUMIPSState *env, int acc, target_ulong arg1,
> -   target_ulong arg2)
> +void helper_dmultu(CPUMIPSState *env, target_ulong arg1,
> +   target_ulong arg2, int acc)
>  {
>  mulu64(&(env->active_tc.LO[acc]), &(env->active_tc.HI[acc]), arg1, arg2);
>  }
> diff --git a/target-mips/translate.c b/target-mips/translate.c
> index 9ed6477..8205456 100644
> --- a/target-mips/translate.c
> +++ b/target-mips/translate.c
> @@ -2777,11 +2777,11 @@ static void gen_muldiv(DisasContext *ctx, uint32_t 
> opc,
>  opn = "ddivu";
>  break;
>  case OPC_DMULT:
> -gen_helper_dmult(cpu_env, acc, t0, t1);
> +gen_helper_0e2i(dmult, t0, t1, acc);
>  opn = "dmult";
>  break;
>  case OPC_DMULTU:
> -gen_helper_dmultu(cpu_env, acc, t0, t1);
> +gen_helper_0e2i(dmultu, t0, t1, acc);
>  opn = "dmultu";
>  break;
>  #endif

Acked-by: Aurelien Jarno 



-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH qom-cpu for-1.5 2/4] qdev: Introduce qdev_prop_set_custom_globals()

[Andreas Färber]

Am 01.05.2013 18:07, schrieb Andreas Färber:
> Reuse it in qdev_prop_set_globals().
> 
> Signed-off-by: Andreas Färber 
> ---
>  hw/core/qdev-properties.c| 35 ---
>  include/hw/qdev-properties.h |  2 ++
>  2 files changed, 26 insertions(+), 11 deletions(-)

Igor suggested to avoid "custom", so renaming to
qdev_prop_set_globals_for_type():

diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index 68d1bff..3a324fb 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -1099,15 +1099,15 @@ void
qdev_prop_register_global_list(GlobalProperty *props)
 }
 }

-void qdev_prop_set_custom_globals(DeviceState *dev, const char *driver,
-  Error **errp)
+void qdev_prop_set_globals_for_type(DeviceState *dev, const char *typename,
+Error **errp)
 {
 GlobalProperty *prop;

 QTAILQ_FOREACH(prop, &global_props, next) {
 Error *err = NULL;

-if (strcmp(driver, prop->driver) != 0) {
+if (strcmp(typename, prop->driver) != 0) {
 continue;
 }
 qdev_prop_parse(dev, prop->property, prop->value, &err);
@@ -1125,7 +1125,8 @@ void qdev_prop_set_globals(DeviceState *dev, Error
**errp)
 do {
 Error *err = NULL;

-qdev_prop_set_custom_globals(dev, object_class_get_name(class),
&err);
+qdev_prop_set_globals_for_type(dev, object_class_get_name(class),
+   &err);
 if (err != NULL) {
 error_propagate(errp, err);
 return;
diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
index 833300c..39448b7 100644
--- a/include/hw/qdev-properties.h
+++ b/include/hw/qdev-properties.h
@@ -169,8 +169,8 @@ void qdev_prop_set_ptr(DeviceState *dev, const char
*name, void *value);
 void qdev_prop_register_global(GlobalProperty *prop);
 void qdev_prop_register_global_list(GlobalProperty *props);
 void qdev_prop_set_globals(DeviceState *dev, Error **errp);
-void qdev_prop_set_custom_globals(DeviceState *dev, const char *driver,
-  Error **errp);
+void qdev_prop_set_globals_for_type(DeviceState *dev, const char *typename,
+Error **errp);
 void error_set_from_qdev_prop_error(Error **errp, int ret, DeviceState
*dev,
 Property *prop, const char *value);


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] spapr_llan: fix device reenabling

[Alexander Graf]

On 05/03/2013 08:22 AM, Alexey Kardashevskiy wrote:

Normally, the "tap" device is polled by QEMU if a guest NIC can
receive packets. If a guest NIC is stopped during transfer (rmmod or
ifdown), it may still have packets in a queue which have to be send
to the guest before QEMU enables polling of a "tap" interface via
tap_update_fd_handler().

However the spapr_llan device was missing the qemu_flush_queued_packets()
call so the tap_send_completed() callback was never called and therefore
"tap" interface polling was not enabled ever.

The patch fixes this problem.

Signed-off-by: Alexey Kardashevskiy


Thanks, applied to ppc-next.

Alex


---
  hw/net/spapr_llan.c |2 ++
  1 file changed, 2 insertions(+)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index cca3d1a..46f7d5f 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -336,6 +336,8 @@ static target_ulong h_register_logical_lan(PowerPCCPU *cpu,
  spapr_vio_dma_set(sdev, VLAN_BD_ADDR(rec_queue), 0, 
VLAN_BD_LEN(rec_queue));

  dev->isopen = 1;
+qemu_flush_queued_packets(qemu_get_queue(dev->nic));
+
  return H_SUCCESS;
  }

[Qemu-devel] [PATCH 1/9] pseries: Factor out check for out-of-bounds LIOBN

[Alexander Graf]

From: David Gibson 

PAPR defines LIOBNs (Logical IO Bus Numbers) to be 32-bit, and we check for
values that aren't in the code for H_PUT_TCE.  This patch factors the check
into spapr_tce_find_by_liobn(), which already checks if a 32-bit LIOBN
actually exists.  This will become more important as future patches add
other hypercalls which need to look up a LIOBN.

At the same time we fix the typo in the message.

Signed-off-by: David Gibson 
Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Alexander Graf 
---
 hw/ppc/spapr_iommu.c |   12 ++--
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index d2782cf..c6aa4fe 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -55,6 +55,12 @@ static sPAPRTCETable *spapr_tce_find_by_liobn(uint32_t liobn)
 {
 sPAPRTCETable *tcet;
 
+if (liobn & 0xULL) {
+hcall_dprintf("Request for out-of-bounds LIOBN 0x" TARGET_FMT_lx "\n",
+  liobn);
+return NULL;
+}
+
 QLIST_FOREACH(tcet, &spapr_tce_tables, list) {
 if (tcet->liobn == liobn) {
 return tcet;
@@ -218,12 +224,6 @@ static target_ulong h_put_tce(PowerPCCPU *cpu, 
sPAPREnvironment *spapr,
 target_ulong tce = args[2];
 sPAPRTCETable *tcet = spapr_tce_find_by_liobn(liobn);
 
-if (liobn & 0xULL) {
-hcall_dprintf("spapr_vio_put_tce on out-of-boundsw LIOBN "
-  TARGET_FMT_lx "\n", liobn);
-return H_PARAMETER;
-}
-
 ioba &= ~(SPAPR_TCE_PAGE_SIZE - 1);
 
 if (tcet) {
-- 
1.6.0.2

Re: [Qemu-devel] Incorrect handling of PPC64 rldcl insn

[Alexander Graf]

On 05/06/2013 07:00 PM, Torbjorn Granlund wrote:

I could finally make Debian GNU/Linux install and run under
qemu-system-ppc64.  I used Debian 7.0.0 and qemu from the main git repo,
updated a few days ago.

While Debian runs well and not too slowly, GMP fails badly under all
ABIs, and in many different ways.  I have isolated the first problem.

Test case:

#include
int
main ()
{
   unsigned long r;
   asm ("rldcl\t%0, %1, %2, 0" : "=r" (r) : "r" (0xcafebabedeadbeeful), "r" 
(16));
   printf ("%lx\n", r);
   return 0;
}

Expected output:
babedeadbeefcafe

Output under qemu:
0

I have single stepped in gdb to determine that it is indeed rldcl that
misbehaves.


Thanks a lot for the bug report and test case! Please CC qemu-ppc 
whenever you find issues or have patches for PPC. That makes filtering 
for important mails a lot easier.


Does the patch below fix the issue for you?


Alex

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 0886f4d..a018616 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1733,8 +1733,6 @@ static inline void gen_rldnm(DisasContext *ctx, 
uint32_t mb, uint32_t me)

 {
 TCGv t0;

-mb = MB(ctx->opcode);
-me = ME(ctx->opcode);
 t0 = tcg_temp_new();
 tcg_gen_andi_tl(t0, cpu_gpr[rB(ctx->opcode)], 0x3f);
 tcg_gen_rotl_tl(t0, cpu_gpr[rS(ctx->opcode)], t0);

Re: [Qemu-devel] [PATCH qom-cpu-next 0/3] X86CPU: "feature-words"/"filtered-features" properties (v12)

[Andreas Färber]

Am 06.05.2013 18:20, schrieb Eduardo Habkost:
> Resubmitting after a rebase and a few trivial changes.
> 
> Changes v11 -> v12:
>  * Remove unnecessary entries from .gitignore
>  * Fix indentation of x86_cpu_get_feature_words() declaration
>  * Rebase on top of qom-cpu-next
>(commit bd87d2a - target-i386: Use FeatureWord loop on 
> filter_features_for_kvm())
> 
> Git tree for reference:
> 
> git://github.com/ehabkost/qemu-hacks.git work/cpu-raw-features.v12
> 
> Eduardo Habkost (3):
>   target-i386: Add "feature-words" property
>   target-i386: Introduce X86CPU.filtered_features field
>   target-i386: Add "filtered-features" property to X86CPU

Thanks, applied all to qom-cpu (tweaking some commit messages):
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

In particular I have edited the QOM paths to not rely on
/machine/unassigned (since those may change, e.g., with QOM realize) and
consistently line-broken commands within 76 chars.

Andreas

>  Makefile.objs |  7 -
>  qapi-schema.json  | 32 
>  target-i386/cpu-qom.h |  3 ++
>  target-i386/cpu.c | 82 
> +--
>  4 files changed, 108 insertions(+), 16 deletions(-)

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg