[Qemu-devel] [PATCH 0/4] qom: add helpers for integer properties

2013-09-22 Thread Michael S. Tsirkin
Add helper functions for adding read-only properties, that work in the
case where the value is in memory.

Michael S. Tsirkin (4):
  qemu: add Error to typedefs
  qom: pull in qemu/typedefs
  qom: cleanup struct Error references
  qom: add pointer to int property helpers

 include/qemu/typedefs.h |  1 +
 include/qom/object.h| 73 +++--
 qom/object.c| 56 +
 3 files changed, 104 insertions(+), 26 deletions(-)

-- 
MST




[Qemu-devel] [PATCH 2/4] qom: pull in qemu/typedefs

2013-09-22 Thread Michael S. Tsirkin
As usual so we can use typedefs without header dependencies.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qom/object.h b/include/qom/object.h
index 1a7b71a..5b3b743 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include "qemu/typedefs.h"
 #include "qemu/queue.h"
 
 struct Visitor;
-- 
MST




[Qemu-devel] [PATCH 1/4] qemu: add Error to typedefs

2013-09-22 Thread Michael S. Tsirkin
This is so qom headers can use it without pulling in
extra headers.

Signed-off-by: Michael S. Tsirkin 
---
 include/qemu/typedefs.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index c5c6e36..bb5acf9 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -9,6 +9,7 @@ typedef struct QEMUFile QEMUFile;
 typedef struct QEMUBH QEMUBH;
 typedef struct QInt QInt;
 typedef struct QObject QObject;
+typedef struct Error Error;
 
 typedef struct AioContext AioContext;
 
-- 
MST




[Qemu-devel] [PATCH 4/4] qom: add pointer to int property helpers

2013-09-22 Thread Michael S. Tsirkin
Make it easy to add read-only helpers for simple
integer properties in memory.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 21 
 qom/object.c | 56 
 2 files changed, 77 insertions(+)

diff --git a/include/qom/object.h b/include/qom/object.h
index e3a16e4..3b75f5a 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -795,6 +795,27 @@ void object_property_add(Object *obj, const char *name, 
const char *type,
 void object_property_del(Object *obj, const char *name, Error **errp);
 
 /**
+ * object_property_add_uint8_ptr:
+ * object_property_add_uint16_ptr:
+ * object_property_add_uint32_ptr:
+ * object_property_add_uint64_ptr:
+ * @obj: the object to add a property to
+ * @name: the name of the property
+ * @v: pointer to value
+ *
+ * Add an integer property in memory.  This function will add a
+ * property of the appropriate type.
+ */
+void object_property_add_uint8_ptr(Object *obj, const char *name,
+   const uint8_t *v, Error **errp);
+void object_property_add_uint16_ptr(Object *obj, const char *name,
+const uint16_t *v, Error **errp);
+void object_property_add_uint32_ptr(Object *obj, const char *name,
+const uint32_t *v, Error **errp);
+void object_property_add_uint64_ptr(Object *obj, const char *name,
+const uint64_t *v, Error **Errp);
+
+/**
  * object_property_find:
  * @obj: the object
  * @name: the name of the property
diff --git a/qom/object.c b/qom/object.c
index e90e382..b929dc6 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1344,6 +1344,62 @@ static char *qdev_get_type(Object *obj, Error **errp)
 return g_strdup(object_get_typename(obj));
 }
 
+static void property_get_uint8_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint8(v, opaque, name, errp);
+}
+
+static void property_get_uint16_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint16(v, opaque, name, errp);
+}
+
+static void property_get_uint32_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint32(v, opaque, name, errp);
+}
+
+static void property_get_uint64_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint64(v, opaque, name, errp);
+}
+
+void object_property_add_uint8_ptr(Object *obj, const char *name,
+   const uint8_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint8", property_get_uint8_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint16_ptr(Object *obj, const char *name,
+const uint16_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint16", property_get_uint16_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint32_ptr(Object *obj, const char *name,
+const uint32_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint32", property_get_uint32_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint64_ptr(Object *obj, const char *name,
+const uint64_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint64", property_get_uint64_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
 static void object_instance_init(Object *obj)
 {
 object_property_add_str(obj, "type", qdev_get_type, NULL, NULL);
-- 
MST




[Qemu-devel] [PATCH 3/4] qom: cleanup struct Error references

2013-09-22 Thread Michael S. Tsirkin
now that a typedef for struct Error is available,
use it in qom/object.h to match coding style rules.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 51 +--
 1 file changed, 25 insertions(+), 26 deletions(-)

diff --git a/include/qom/object.h b/include/qom/object.h
index 5b3b743..e3a16e4 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -21,7 +21,6 @@
 #include "qemu/queue.h"
 
 struct Visitor;
-struct Error;
 
 struct TypeImpl;
 typedef struct TypeImpl *Type;
@@ -302,7 +301,7 @@ typedef void (ObjectPropertyAccessor)(Object *obj,
   struct Visitor *v,
   void *opaque,
   const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * ObjectPropertyRelease:
@@ -791,9 +790,9 @@ void object_property_add(Object *obj, const char *name, 
const char *type,
  ObjectPropertyAccessor *get,
  ObjectPropertyAccessor *set,
  ObjectPropertyRelease *release,
- void *opaque, struct Error **errp);
+ void *opaque, Error **errp);
 
-void object_property_del(Object *obj, const char *name, struct Error **errp);
+void object_property_del(Object *obj, const char *name, Error **errp);
 
 /**
  * object_property_find:
@@ -804,7 +803,7 @@ void object_property_del(Object *obj, const char *name, 
struct Error **errp);
  * Look up a property for an object and return its #ObjectProperty if found.
  */
 ObjectProperty *object_property_find(Object *obj, const char *name,
- struct Error **errp);
+ Error **errp);
 
 void object_unparent(Object *obj);
 
@@ -819,7 +818,7 @@ void object_unparent(Object *obj);
  * Reads a property from a object.
  */
 void object_property_get(Object *obj, struct Visitor *v, const char *name,
- struct Error **errp);
+ Error **errp);
 
 /**
  * object_property_set_str:
@@ -830,7 +829,7 @@ void object_property_get(Object *obj, struct Visitor *v, 
const char *name,
  * Writes a string value to a property.
  */
 void object_property_set_str(Object *obj, const char *value,
- const char *name, struct Error **errp);
+ const char *name, Error **errp);
 
 /**
  * object_property_get_str:
@@ -843,7 +842,7 @@ void object_property_set_str(Object *obj, const char *value,
  * The caller should free the string.
  */
 char *object_property_get_str(Object *obj, const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * object_property_set_link:
@@ -854,7 +853,7 @@ char *object_property_get_str(Object *obj, const char *name,
  * Writes an object's canonical path to a property.
  */
 void object_property_set_link(Object *obj, Object *value,
-  const char *name, struct Error **errp);
+  const char *name, Error **errp);
 
 /**
  * object_property_get_link:
@@ -867,7 +866,7 @@ void object_property_set_link(Object *obj, Object *value,
  * string or not a valid object path).
  */
 Object *object_property_get_link(Object *obj, const char *name,
- struct Error **errp);
+ Error **errp);
 
 /**
  * object_property_set_bool:
@@ -878,7 +877,7 @@ Object *object_property_get_link(Object *obj, const char 
*name,
  * Writes a bool value to a property.
  */
 void object_property_set_bool(Object *obj, bool value,
-  const char *name, struct Error **errp);
+  const char *name, Error **errp);
 
 /**
  * object_property_get_bool:
@@ -890,7 +889,7 @@ void object_property_set_bool(Object *obj, bool value,
  * an error occurs (including when the property value is not a bool).
  */
 bool object_property_get_bool(Object *obj, const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * object_property_set_int:
@@ -901,7 +900,7 @@ bool object_property_get_bool(Object *obj, const char *name,
  * Writes an integer value to a property.
  */
 void object_property_set_int(Object *obj, int64_t value,
- const char *name, struct Error **errp);
+ const char *name, Error **errp);
 
 /**
  * object_property_get_int:
@@ -913,7 +912,7 @@ void object_property_set_int(Object *obj, int64_t value,
  * an error occurs (including when the property value is not an integer).
  */
 int64_t object_property_get_int(Object *obj, const char *name,
-struct Error **errp);
+Error **errp);
 
 /**
  * object_pr

Re: [Qemu-devel] [PATCH v3 0/4] timers thread-safe stuff

2013-09-22 Thread liu ping fan
On Wed, Sep 18, 2013 at 9:54 PM, Stefan Hajnoczi  wrote:
> On Tue, Aug 27, 2013 at 11:20:59AM +0800, Liu Ping Fan wrote:
>> Saw the Alex's patches has been merged, rebase mine onto his.
>>
>> v3:
>>   1. rename seqlock_read_check as seqlock_read_retry
>>   2. Document timerlist were protected by BQL, and discard private lock 
>> around "qemu_event_wait(tl->ev)".
>>
>> v2:
>>   1. fix comment in commit and code
>>   2. fix race issue for qemu_clock_enable(foo,disable)
>>
>>
>> Liu Ping Fan (2):
>>   timer: protect timers_state's clock with seqlock
>>   timer: make qemu_clock_enable sync between disable and timer's cb
>>
>> Paolo Bonzini (2):
>>   seqlock: introduce read-write seqlock
>>   qemu-thread: add QemuEvent
>>
>>  cpus.c  |  36 +++---
>>  include/qemu/seqlock.h  |  72 +++
>>  include/qemu/thread-posix.h |   8 +++
>>  include/qemu/thread-win32.h |   4 ++
>>  include/qemu/thread.h   |   7 +++
>>  include/qemu/timer.h|   4 ++
>>  qemu-timer.c|  20 +++-
>>  util/qemu-thread-posix.c| 116 
>> 
>>  util/qemu-thread-win32.c|  26 ++
>>  9 files changed, 286 insertions(+), 7 deletions(-)
>>  create mode 100644 include/qemu/seqlock.h
>
> Ping Fan: Can you send a final version that addresses Alex's request for
> documentation?
>
> Otherwise we're ready to go.
>
Sorry, miss this letter, will update it immediately.

Thx,
Pingfan



Re: [Qemu-devel] in_asm substitute for accel=kvm:tcg

2013-09-22 Thread Andriy Gapon
on 22/09/2013 09:31 Gleb Natapov said the following:
> Which kernel version is this? What BSD version?

$ uname -a
Linux kvm 3.8.0-27-generic #40-Ubuntu SMP Tue Jul 9 00:17:05 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux

FreeBSD is 9.x.

-- 
Andriy Gapon



Re: [Qemu-devel] [PATCH 00/11] virtio: cleanup and fix hot-unplug

2013-09-22 Thread Paolo Bonzini
Il 21/09/2013 21:17, Michael S. Tsirkin ha scritto:
> On Fri, Sep 20, 2013 at 04:57:49PM +0200, Paolo Bonzini wrote:
>> This series fixes hot-unplug of virtio devices, which can crash due to
>> dangling pointer accesses.
> 
> Could you please describe the sequence of steps that makes
> qemu crash?

See patch 11.  I didn't find out why it fails with PCIe but not PCI,
probably a difference in how malloc reuses freed blocks.

Paolo




[Qemu-devel] [PATCH v4 0/4] timers thread-safe stuff

2013-09-22 Thread Liu Ping Fan
v4:
  fix commit log for "protect timers_state's clock with seqlock"  (Thanks for 
Alex)

v3:
  1. rename seqlock_read_check as seqlock_read_retry
  2. Document timerlist were protected by BQL, and discard private lock around 
"qemu_event_wait(tl->ev)".

v2:
  1. fix comment in commit and code
  2. fix race issue for qemu_clock_enable(foo,disable)



Liu Ping Fan (2):
  timer: protect timers_state's clock with seqlock
  timer: make qemu_clock_enable sync between disable and timer's cb

Paolo Bonzini (2):
  seqlock: introduce read-write seqlock
  qemu-thread: add QemuEvent

 cpus.c  |  36 +++---
 include/qemu/seqlock.h  |  72 +++
 include/qemu/thread-posix.h |   8 +++
 include/qemu/thread-win32.h |   4 ++
 include/qemu/thread.h   |   7 +++
 include/qemu/timer.h|   4 ++
 qemu-timer.c|  20 +++-
 util/qemu-thread-posix.c| 116 
 util/qemu-thread-win32.c|  26 ++
 9 files changed, 286 insertions(+), 7 deletions(-)
 create mode 100644 include/qemu/seqlock.h

-- 
1.8.1.4




[Qemu-devel] [PATCH v4 1/4] seqlock: introduce read-write seqlock

2013-09-22 Thread Liu Ping Fan
This lets the read-side access run outside the BQL.

Signed-off-by: Paolo Bonzini 
---
 include/qemu/seqlock.h | 72 ++
 1 file changed, 72 insertions(+)
 create mode 100644 include/qemu/seqlock.h

diff --git a/include/qemu/seqlock.h b/include/qemu/seqlock.h
new file mode 100644
index 000..3ff118a
--- /dev/null
+++ b/include/qemu/seqlock.h
@@ -0,0 +1,72 @@
+/*
+ * Seqlock implementation for QEMU
+ *
+ * Copyright Red Hat, Inc. 2013
+ *
+ * Author:
+ *  Paolo Bonzini 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_SEQLOCK_H
+#define QEMU_SEQLOCK_H 1
+
+#include 
+#include 
+
+typedef struct QemuSeqLock QemuSeqLock;
+
+struct QemuSeqLock {
+QemuMutex *mutex;
+unsigned sequence;
+};
+
+static inline void seqlock_init(QemuSeqLock *sl, QemuMutex *mutex)
+{
+sl->mutex = mutex;
+sl->sequence = 0;
+}
+
+/* Lock out other writers and update the count.  */
+static inline void seqlock_write_lock(QemuSeqLock *sl)
+{
+if (sl->mutex) {
+qemu_mutex_lock(sl->mutex);
+}
+++sl->sequence;
+
+/* Write sequence before updating other fields.  */
+smp_wmb();
+}
+
+static inline void seqlock_write_unlock(QemuSeqLock *sl)
+{
+/* Write other fields before finalizing sequence.  */
+smp_wmb();
+
+++sl->sequence;
+if (sl->mutex) {
+qemu_mutex_unlock(sl->mutex);
+}
+}
+
+static inline unsigned seqlock_read_begin(QemuSeqLock *sl)
+{
+/* Always fail if a write is in progress.  */
+unsigned ret = sl->sequence & ~1;
+
+/* Read sequence before reading other fields.  */
+smp_rmb();
+return ret;
+}
+
+static int seqlock_read_retry(const QemuSeqLock *sl, unsigned start)
+{
+/* Read other fields before reading final sequence.  */
+smp_rmb();
+return unlikely(sl->sequence != start);
+}
+
+#endif
-- 
1.8.1.4




[Qemu-devel] [PATCH v4 2/4] timer: protect timers_state's clock with seqlock

2013-09-22 Thread Liu Ping Fan
QEMU_CLOCK_VIRTUAL may be read outside BQL. This will make its
foundation, i.e. timers_state exposed to race condition.
Using private lock to protect it.

After this patch, reading QEMU_CLOCK_VIRTUAL is thread safe
unless use_icount is true, in which case the existing callers
still rely on the BQL

Lock rule: private lock innermost, ie BQL->"this lock"

Signed-off-by: Liu Ping Fan 
---
 cpus.c | 36 ++--
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/cpus.c b/cpus.c
index e566297..870a832 100644
--- a/cpus.c
+++ b/cpus.c
@@ -37,6 +37,7 @@
 #include "sysemu/qtest.h"
 #include "qemu/main-loop.h"
 #include "qemu/bitmap.h"
+#include "qemu/seqlock.h"
 
 #ifndef _WIN32
 #include "qemu/compatfd.h"
@@ -112,6 +113,13 @@ static int64_t qemu_icount;
 typedef struct TimersState {
 int64_t cpu_ticks_prev;
 int64_t cpu_ticks_offset;
+/* cpu_clock_offset will be read out of BQL, so protect it with private
+ * lock. As for cpu_ticks_*, no requirement to read it outside BQL yet.
+ * Lock rule: innermost
+ */
+QemuSeqLock clock_seqlock;
+/* mutex for seqlock */
+QemuMutex mutex;
 int64_t cpu_clock_offset;
 int32_t cpu_ticks_enabled;
 int64_t dummy;
@@ -137,6 +145,7 @@ int64_t cpu_get_icount(void)
 }
 
 /* return the host CPU cycle counter and handle stop/restart */
+/* cpu_ticks is safely if holding BQL */
 int64_t cpu_get_ticks(void)
 {
 if (use_icount) {
@@ -161,33 +170,46 @@ int64_t cpu_get_ticks(void)
 int64_t cpu_get_clock(void)
 {
 int64_t ti;
-if (!timers_state.cpu_ticks_enabled) {
-return timers_state.cpu_clock_offset;
-} else {
-ti = get_clock();
-return ti + timers_state.cpu_clock_offset;
-}
+unsigned start;
+
+do {
+start = seqlock_read_begin(&timers_state.clock_seqlock);
+if (!timers_state.cpu_ticks_enabled) {
+ti = timers_state.cpu_clock_offset;
+} else {
+ti = get_clock();
+ti += timers_state.cpu_clock_offset;
+}
+} while (seqlock_read_retry(&timers_state.clock_seqlock, start));
+
+return ti;
 }
 
 /* enable cpu_get_ticks() */
 void cpu_enable_ticks(void)
 {
+/* Here, the really thing protected by seqlock is cpu_clock_offset. */
+seqlock_write_lock(&timers_state.clock_seqlock);
 if (!timers_state.cpu_ticks_enabled) {
 timers_state.cpu_ticks_offset -= cpu_get_real_ticks();
 timers_state.cpu_clock_offset -= get_clock();
 timers_state.cpu_ticks_enabled = 1;
 }
+seqlock_write_unlock(&timers_state.clock_seqlock);
 }
 
 /* disable cpu_get_ticks() : the clock is stopped. You must not call
cpu_get_ticks() after that.  */
 void cpu_disable_ticks(void)
 {
+/* Here, the really thing protected by seqlock is cpu_clock_offset. */
+seqlock_write_lock(&timers_state.clock_seqlock);
 if (timers_state.cpu_ticks_enabled) {
 timers_state.cpu_ticks_offset = cpu_get_ticks();
 timers_state.cpu_clock_offset = cpu_get_clock();
 timers_state.cpu_ticks_enabled = 0;
 }
+seqlock_write_unlock(&timers_state.clock_seqlock);
 }
 
 /* Correlation between real and virtual time is always going to be
@@ -371,6 +393,8 @@ static const VMStateDescription vmstate_timers = {
 
 void configure_icount(const char *option)
 {
+qemu_mutex_init(&timers_state.mutex);
+seqlock_init(&timers_state.clock_seqlock, &timers_state.mutex);
 vmstate_register(NULL, 0, &vmstate_timers, &timers_state);
 if (!option) {
 return;
-- 
1.8.1.4




[Qemu-devel] [PATCH v4 1/4] seqlock: introduce read-write seqlock

2013-09-22 Thread Liu Ping Fan
This lets the read-side access run outside the BQL.

Signed-off-by: Paolo Bonzini 
---
 include/qemu/seqlock.h | 72 ++
 1 file changed, 72 insertions(+)
 create mode 100644 include/qemu/seqlock.h

diff --git a/include/qemu/seqlock.h b/include/qemu/seqlock.h
new file mode 100644
index 000..3ff118a
--- /dev/null
+++ b/include/qemu/seqlock.h
@@ -0,0 +1,72 @@
+/*
+ * Seqlock implementation for QEMU
+ *
+ * Copyright Red Hat, Inc. 2013
+ *
+ * Author:
+ *  Paolo Bonzini 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+#ifndef QEMU_SEQLOCK_H
+#define QEMU_SEQLOCK_H 1
+
+#include 
+#include 
+
+typedef struct QemuSeqLock QemuSeqLock;
+
+struct QemuSeqLock {
+QemuMutex *mutex;
+unsigned sequence;
+};
+
+static inline void seqlock_init(QemuSeqLock *sl, QemuMutex *mutex)
+{
+sl->mutex = mutex;
+sl->sequence = 0;
+}
+
+/* Lock out other writers and update the count.  */
+static inline void seqlock_write_lock(QemuSeqLock *sl)
+{
+if (sl->mutex) {
+qemu_mutex_lock(sl->mutex);
+}
+++sl->sequence;
+
+/* Write sequence before updating other fields.  */
+smp_wmb();
+}
+
+static inline void seqlock_write_unlock(QemuSeqLock *sl)
+{
+/* Write other fields before finalizing sequence.  */
+smp_wmb();
+
+++sl->sequence;
+if (sl->mutex) {
+qemu_mutex_unlock(sl->mutex);
+}
+}
+
+static inline unsigned seqlock_read_begin(QemuSeqLock *sl)
+{
+/* Always fail if a write is in progress.  */
+unsigned ret = sl->sequence & ~1;
+
+/* Read sequence before reading other fields.  */
+smp_rmb();
+return ret;
+}
+
+static int seqlock_read_retry(const QemuSeqLock *sl, unsigned start)
+{
+/* Read other fields before reading final sequence.  */
+smp_rmb();
+return unlikely(sl->sequence != start);
+}
+
+#endif
-- 
1.8.1.4




[Qemu-devel] [PATCH v4 4/4] timer: make qemu_clock_enable sync between disable and timer's cb

2013-09-22 Thread Liu Ping Fan
After disabling the QemuClock, we should make sure that no QemuTimers
are still in flight. To implement that with light overhead, we resort
to QemuEvent. The caller of disabling will wait on QemuEvent of each
timerlist.

Note, qemu_clock_enable(foo,false) can _not_ be called from timer's cb.
And the callers of qemu_clock_enable() should be sync by themselves,
not protected by this patch.

Signed-off-by: Liu Ping Fan 
---
 include/qemu/timer.h |  4 
 qemu-timer.c | 20 +++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index e4934dd..b26909a 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -185,6 +185,10 @@ void qemu_clock_notify(QEMUClockType type);
  * @enabled: true to enable, false to disable
  *
  * Enable or disable a clock
+ * Disabling the clock will wait for related timerlists to stop
+ * executing qemu_run_timers.  Thus, this functions should not
+ * be used from the callback of a timer that is based on @clock.
+ * Doing so would cause a deadlock.
  */
 void qemu_clock_enable(QEMUClockType type, bool enabled);
 
diff --git a/qemu-timer.c b/qemu-timer.c
index 95ff47f..c500a76 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -45,6 +45,7 @@
 /* timers */
 
 typedef struct QEMUClock {
+ /* We rely on BQL to protect the timerlists */
 QLIST_HEAD(, QEMUTimerList) timerlists;
 
 NotifierList reset_notifiers;
@@ -70,6 +71,8 @@ struct QEMUTimerList {
 QLIST_ENTRY(QEMUTimerList) list;
 QEMUTimerListNotifyCB *notify_cb;
 void *notify_opaque;
+/* light weight method to mark the end of timerlist's running */
+QemuEvent ev;
 };
 
 /**
@@ -98,6 +101,7 @@ QEMUTimerList *timerlist_new(QEMUClockType type,
 QEMUClock *clock = qemu_clock_ptr(type);
 
 timer_list = g_malloc0(sizeof(QEMUTimerList));
+qemu_event_init(&timer_list->ev, false);
 timer_list->clock = clock;
 timer_list->notify_cb = cb;
 timer_list->notify_opaque = opaque;
@@ -140,13 +144,24 @@ void qemu_clock_notify(QEMUClockType type)
 }
 }
 
+/* Disabling the clock will wait for related timerlists to stop
+ * executing qemu_run_timers.  Thus, this functions should not
+ * be used from the callback of a timer that is based on @clock.
+ * Doing so would cause a deadlock.
+ */
 void qemu_clock_enable(QEMUClockType type, bool enabled)
 {
 QEMUClock *clock = qemu_clock_ptr(type);
+QEMUTimerList *tl;
 bool old = clock->enabled;
 clock->enabled = enabled;
 if (enabled && !old) {
 qemu_clock_notify(type);
+} else if (!enabled && old) {
+/* We rely on BQL to protect the timerlists */
+QLIST_FOREACH(tl, &clock->timerlists, list) {
+qemu_event_wait(&tl->ev);
+}
 }
 }
 
@@ -373,8 +388,10 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
 QEMUTimer *ts;
 int64_t current_time;
 bool progress = false;
-   
+
+qemu_event_reset(&timer_list->ev);
 if (!timer_list->clock->enabled) {
+qemu_event_set(&timer_list->ev);
 return progress;
 }
 
@@ -392,6 +409,7 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
 ts->cb(ts->opaque);
 progress = true;
 }
+qemu_event_set(&timer_list->ev);
 return progress;
 }
 
-- 
1.8.1.4




[Qemu-devel] [PATCH v4 3/4] qemu-thread: add QemuEvent

2013-09-22 Thread Liu Ping Fan
This emulates Win32 manual-reset events using futexes or conditional
variables.  Typical ways to use them are with multi-producer,
single-consumer data structures, to test for a complex condition whose
elements come from different threads:

for (;;) {
qemu_event_reset(ev);
... test complex condition ...
if (condition is true) {
break;
}
qemu_event_wait(ev);
}

Or more efficiently (but with some duplication):

... evaluate condition ...
while (!condition) {
qemu_event_reset(ev);
... evaluate condition ...
if (!condition) {
qemu_event_wait(ev);
... evaluate condition ...
}
}

QemuEvent provides a very fast userspace path in the common case when
no other thread is waiting, or the event is not changing state.  It
is used to report RCU quiescent states to the thread calling
synchronize_rcu (the latter being the single consumer), and to report
call_rcu invocations to the thread that receives them.

Signed-off-by: Paolo Bonzini 
---
 include/qemu/thread-posix.h |   8 +++
 include/qemu/thread-win32.h |   4 ++
 include/qemu/thread.h   |   7 +++
 util/qemu-thread-posix.c| 116 
 util/qemu-thread-win32.c|  26 ++
 5 files changed, 161 insertions(+)

diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
index 361566a..eb5c7a1 100644
--- a/include/qemu/thread-posix.h
+++ b/include/qemu/thread-posix.h
@@ -21,6 +21,14 @@ struct QemuSemaphore {
 #endif
 };
 
+struct QemuEvent {
+#ifndef __linux__
+pthread_mutex_t lock;
+pthread_cond_t cond;
+#endif
+unsigned value;
+};
+
 struct QemuThread {
 pthread_t thread;
 };
diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
index 13adb95..3d58081 100644
--- a/include/qemu/thread-win32.h
+++ b/include/qemu/thread-win32.h
@@ -17,6 +17,10 @@ struct QemuSemaphore {
 HANDLE sema;
 };
 
+struct QemuEvent {
+HANDLE event;
+};
+
 typedef struct QemuThreadData QemuThreadData;
 struct QemuThread {
 QemuThreadData *data;
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index c02404b..3e32c65 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -7,6 +7,7 @@
 typedef struct QemuMutex QemuMutex;
 typedef struct QemuCond QemuCond;
 typedef struct QemuSemaphore QemuSemaphore;
+typedef struct QemuEvent QemuEvent;
 typedef struct QemuThread QemuThread;
 
 #ifdef _WIN32
@@ -45,6 +46,12 @@ void qemu_sem_wait(QemuSemaphore *sem);
 int qemu_sem_timedwait(QemuSemaphore *sem, int ms);
 void qemu_sem_destroy(QemuSemaphore *sem);
 
+void qemu_event_init(QemuEvent *ev, bool init);
+void qemu_event_set(QemuEvent *ev);
+void qemu_event_reset(QemuEvent *ev);
+void qemu_event_wait(QemuEvent *ev);
+void qemu_event_destroy(QemuEvent *ev);
+
 void qemu_thread_create(QemuThread *thread,
 void *(*start_routine)(void *),
 void *arg, int mode);
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 4de133e..37dd298 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -20,7 +20,12 @@
 #include 
 #include 
 #include 
+#ifdef __linux__
+#include 
+#include 
+#endif
 #include "qemu/thread.h"
+#include "qemu/atomic.h"
 
 static void error_exit(int err, const char *msg)
 {
@@ -272,6 +277,117 @@ void qemu_sem_wait(QemuSemaphore *sem)
 #endif
 }
 
+#ifdef __linux__
+#define futex(...)  syscall(__NR_futex, __VA_ARGS__)
+
+static inline void futex_wake(QemuEvent *ev, int n)
+{
+futex(ev, FUTEX_WAKE, n, NULL, NULL, 0);
+}
+
+static inline void futex_wait(QemuEvent *ev, unsigned val)
+{
+futex(ev, FUTEX_WAIT, (int) val, NULL, NULL, 0);
+}
+#else
+static inline void futex_wake(QemuEvent *ev, int n)
+{
+if (n == 1) {
+pthread_cond_signal(&ev->cond);
+} else {
+pthread_cond_broadcast(&ev->cond);
+}
+}
+
+static inline void futex_wait(QemuEvent *ev, unsigned val)
+{
+pthread_mutex_lock(&ev->lock);
+if (ev->value == val) {
+pthread_cond_wait(&ev->cond, &ev->lock);
+}
+pthread_mutex_unlock(&ev->lock);
+}
+#endif
+
+/* Valid transitions:
+ * - free->set, when setting the event
+ * - busy->set, when setting the event, followed by futex_wake
+ * - set->free, when resetting the event
+ * - free->busy, when waiting
+ *
+ * set->busy does not happen (it can be observed from the outside but
+ * it really is set->free->busy).
+ *
+ * busy->free provably cannot happen; to enforce it, the set->free transition
+ * is done with an OR, which becomes a no-op if the event has concurrently
+ * transitioned to free or busy.
+ */
+
+#define EV_SET 0
+#define EV_FREE1
+#define EV_BUSY   -1
+
+void qemu_event_init(QemuEvent *ev, bool init)
+{
+#ifndef __linux__
+pthread_mutex_init(&ev->lock, NULL);
+pthread_cond_init(&ev->cond, NULL);
+#endif
+
+ev->value = (init ? EV_SET : EV_FREE);
+}
+
+void qemu_

Re: [Qemu-devel] in_asm substitute for accel=kvm:tcg

2013-09-22 Thread Gleb Natapov
On Sun, Sep 22, 2013 at 11:05:37AM +0300, Andriy Gapon wrote:
> on 22/09/2013 09:31 Gleb Natapov said the following:
> > Which kernel version is this? What BSD version?
> 
> $ uname -a
> Linux kvm 3.8.0-27-generic #40-Ubuntu SMP Tue Jul 9 00:17:05 UTC 2013 x86_64
> x86_64 x86_64 GNU/Linux
> 
That's pretty old kernel and there were a lot fixes in emulation since.
Before we spend more time tracking this can you verify that the bug is
reproducible with 3.11?

--
Gleb.



[Qemu-devel] [PATCH 1/2] tests: build the helper program in main build process

2013-09-22 Thread Wenchao Xia
This is a quick way to update helper program when qemu main code
is changed or built, instead of adding new Makefile under test/qemu-iotest.

Signed-off-by: Wenchao Xia 
---
 tests/Makefile |8 +++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 994fef1..5f2894f 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -252,8 +252,10 @@ check-report.html: check-report.xml
 
 # Other tests
 
+QEMU_IOTESTS_HELPERS-$(CONFIG_LINUX) = 
tests/qemu-iotests/socket_scm_helper$(EXESUF)
+
 .PHONY: check-tests/qemu-iotests-quick.sh
-check-tests/qemu-iotests-quick.sh: tests/qemu-iotests-quick.sh 
qemu-img$(EXESUF) qemu-io$(EXESUF) tests/qemu-iotests/socket_scm_helper$(EXESUF)
+check-tests/qemu-iotests-quick.sh: tests/qemu-iotests-quick.sh 
qemu-img$(EXESUF) qemu-io$(EXESUF) $(QEMU_IOTESTS_HELPERS-y)
$<
 
 .PHONY: check-tests/test-qapi.py
@@ -275,5 +277,9 @@ check-unit: $(patsubst %,check-%, $(check-unit-y))
 check-block: $(patsubst %,check-%, $(check-block-y))
 check: check-qapi-schema check-unit check-qtest
 
+# Build the help program automatically
+
+all: $(QEMU_IOTESTS_HELPERS-y)
+
 -include $(wildcard tests/*.d)
 -include $(wildcard tests/libqos/*.d)
-- 
1.7.1




[Qemu-devel] [PATCH 0/2] build: trivial patches for test

2013-09-22 Thread Wenchao Xia

Wenchao Xia (2):
  tests: build the helper program in main build process
  build: add command check-clean

 Makefile   |1 -
 tests/Makefile |   16 ++--
 2 files changed, 14 insertions(+), 3 deletions(-)




[Qemu-devel] [PATCH 2/2] build: add command check-clean

2013-09-22 Thread Wenchao Xia
This command will package the clean operations in tests. Now root Makefile
simply calls the command and do not care the details of it any more. Original
the built binaries for test will not be removed, now they will be deleted
in clean operation.

Signed-off-by: Wenchao Xia 
---
 Makefile   |1 -
 tests/Makefile |8 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 362fe3e..befc23a 100644
--- a/Makefile
+++ b/Makefile
@@ -245,7 +245,6 @@ clean:
rm -f $(foreach f,$(GENERATED_SOURCES),$(f) $(f)-timestamp)
rm -rf qapi-generated
rm -rf qga/qapi-generated
-   $(MAKE) -C tests/tcg clean
for d in $(ALL_SUBDIRS); do \
if test -d $$d; then $(MAKE) -C $$d $@ || exit 1; fi; \
rm -f $$d/qemu-options.def; \
diff --git a/tests/Makefile b/tests/Makefile
index 5f2894f..643c89c 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -196,6 +196,7 @@ check-help:
@echo " make check-qapi-schemaRun QAPI schema tests"
@echo " make check-block  Run block tests"
@echo " make check-report.htmlGenerates an HTML test report"
+   @echo " make check-clean  Clean the tests"
@echo
@echo "Please note that HTML reports do not regenerate if the unit 
tests"
@echo "has not changed."
@@ -270,12 +271,17 @@ $(patsubst %, check-%, $(check-qapi-schema-y)): 
check-%.json: $(SRC_PATH)/%.json
 
 # Consolidated targets
 
-.PHONY: check-qapi-schema check-qtest check-unit check
+.PHONY: check-qapi-schema check-qtest check-unit check check-clean
 check-qapi-schema: $(patsubst %,check-%, $(check-qapi-schema-y))
 check-qtest: $(patsubst %,check-qtest-%, $(QTEST_TARGETS))
 check-unit: $(patsubst %,check-%, $(check-unit-y))
 check-block: $(patsubst %,check-%, $(check-block-y))
 check: check-qapi-schema check-unit check-qtest
+check-clean:
+   $(MAKE) -C tests/tcg clean
+   rm -rf $(check-unit-y) $(check-qtest-i386-y) $(check-qtest-x86_64-y) 
$(check-qtest-sparc64-y) $(check-qtest-sparc-y) tests/*.o 
$(QEMU_IOTESTS_HELPERS-y)
+
+clean: check-clean
 
 # Build the help program automatically
 
-- 
1.7.1




[Qemu-devel] [RFC] sync NIC's MAC maintained in NICConf as soon as emualted NIC's MAC changed in guest

2013-09-22 Thread Zhanghaoyu (A)
Hi, all

Do live migration if emulated NIC's MAC has been changed, RARP with wrong MAC 
address will broadcast via qemu_announce_self in destination,
so, long time network disconnection probably happen.

I want to do below works to resolve this problem,
1. change NICConf's MAC as soon as emulated NIC's MAC changed in guest
2. sync NIC's (more precisely, queue) MAC to corresponding NICConf in NIC's 
migration load handler

Any better ideas?

Thanks,
Zhang Haoyu



Re: [Qemu-devel] [RFC] sync NIC's MAC maintained in NICConf as soon as emualted NIC's MAC changed in guest

2013-09-22 Thread Michael S. Tsirkin
On Sun, Sep 22, 2013 at 08:35:29AM +, Zhanghaoyu (A) wrote:
> Hi, all
> 
> Do live migration if emulated NIC's MAC has been changed, RARP with wrong MAC 
> address will broadcast via qemu_announce_self in destination,
> so, long time network disconnection probably happen.

Good catch.

> I want to do below works to resolve this problem,
> 1. change NICConf's MAC as soon as emulated NIC's MAC changed in guest

This will make it impossible to revert it correctly on reset, won't it?

> 2. sync NIC's (more precisely, queue) MAC to corresponding NICConf in NIC's 
> migration load handler
> 
> Any better ideas?
> 
> Thanks,
> Zhang Haoyu

I think announce needs to poke at the current MAC instead of
the default one in NICConf.
We can make it respect link down state while we are at it.

Happily recent linux guests aren't affected since
they do announcements from guest.

-- 
MST



[Qemu-devel] [PATCH V2 0/4] export internal snapshot by qemu-nbd

2013-09-22 Thread Wenchao Xia
This series allow user to read internal snapshot's contents without qemu-img
convert.

V2:
  Address Stefan's comments:
  02: add 'fall through' comments in the case statement.
  03: add doc about the difference of internal snapshot and backing chain
snapshot, which is used in previous '--snapshot' parameter.
  Other:
  01,04: rebased on upstream with conflict resolved.

Wenchao Xia (4):
  1 snapshot: distinguish id and name in load_tmp
  2 qemu-nbd: support internal snapshot export
  3 qemu-nbd: add doc for internal snapshot export
  4 qemu-iotests: add 058 internal snapshot export with qemu-nbd case

 block/qcow2-snapshot.c |   16 +++-
 block/qcow2.h  |5 ++-
 block/snapshot.c   |   37 ++-
 include/block/block_int.h  |4 ++-
 include/block/snapshot.h   |4 ++-
 qemu-img.c |   14 ++-
 qemu-nbd.c |   62 ++-
 qemu-nbd.texi  |8 -
 tests/qemu-iotests/058 |   87 
 tests/qemu-iotests/058.out |   26 +
 tests/qemu-iotests/group   |1 +
 11 files changed, 252 insertions(+), 12 deletions(-)
 create mode 100755 tests/qemu-iotests/058
 create mode 100644 tests/qemu-iotests/058.out




[Qemu-devel] [PATCH V2 4/4] qemu-iotests: add 058 internal snapshot export with qemu-nbd case

2013-09-22 Thread Wenchao Xia
Signed-off-by: Wenchao Xia 
---
 tests/qemu-iotests/058 |   87 
 tests/qemu-iotests/058.out |   26 +
 tests/qemu-iotests/group   |1 +
 3 files changed, 114 insertions(+), 0 deletions(-)
 create mode 100755 tests/qemu-iotests/058
 create mode 100644 tests/qemu-iotests/058.out

diff --git a/tests/qemu-iotests/058 b/tests/qemu-iotests/058
new file mode 100755
index 000..301ef1f
--- /dev/null
+++ b/tests/qemu-iotests/058
@@ -0,0 +1,87 @@
+#!/bin/bash
+#
+# Test export internal snapshot by qemu-nbd.
+#
+# Copyright (C) 2013 IBM, Inc.
+#
+# Based on 029.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=xiaw...@linux.vnet.ibm.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+nbd_snapshot_port=10850
+nbd_snapshot_img="nbd:127.0.0.1:$nbd_snapshot_port"
+
+_export_nbd_snapshot()
+{
+eval "$QEMU_NBD -v -t -b 127.0.0.1 -p $nbd_snapshot_port $TEST_IMG -l 
name=$1 &"
+NBD_SNAPSHOT_PID=$!
+sleep 1
+}
+
+_cleanup()
+{
+if [ -n "$NBD_SNAPSHOT_PID" ]; then
+kill $NBD_SNAPSHOT_PID
+fi
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.pattern
+
+# Any format supporting intenal snapshots
+_supported_fmt qcow2
+_supported_proto generic
+_supported_os Linux
+
+echo
+echo "== preparing image =="
+_make_test_img 64M
+$QEMU_IO -c 'write -P 0xa 0x1000 0x1000' $TEST_IMG | _filter_qemu_io
+$QEMU_IO -c 'write -P 0xb 0x2000 0x1000' $TEST_IMG | _filter_qemu_io
+$QEMU_IMG snapshot -c foo $TEST_IMG
+$QEMU_IO -c 'write -P 0xc 0x1000 0x1000' $TEST_IMG | _filter_qemu_io
+$QEMU_IO -c 'write -P 0xd 0x2000 0x1000' $TEST_IMG | _filter_qemu_io
+_check_test_img
+
+echo
+echo "== verifying the image file with patterns =="
+$QEMU_IO -c 'read -P 0xc 0x1000 0x1000' $TEST_IMG | _filter_qemu_io
+$QEMU_IO -c 'read -P 0xd 0x2000 0x1000' $TEST_IMG | _filter_qemu_io
+
+_export_nbd_snapshot foo
+
+echo
+echo "== verifying the exported snapshot with patterns =="
+$QEMU_IO -c 'read -P 0xa 0x1000 0x1000' $nbd_snapshot_img | _filter_qemu_io
+$QEMU_IO -c 'read -P 0xb 0x2000 0x1000' $nbd_snapshot_img | _filter_qemu_io
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/058.out b/tests/qemu-iotests/058.out
new file mode 100644
index 000..b174f3b
--- /dev/null
+++ b/tests/qemu-iotests/058.out
@@ -0,0 +1,26 @@
+QA output created by 058
+
+== preparing image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
+wrote 4096/4096 bytes at offset 4096
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 4096/4096 bytes at offset 8192
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 4096/4096 bytes at offset 4096
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 4096/4096 bytes at offset 8192
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+No errors were found on the image.
+
+== verifying the image file with patterns ==
+read 4096/4096 bytes at offset 4096
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 4096/4096 bytes at offset 8192
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== verifying the exported snapshot with patterns ==
+read 4096/4096 bytes at offset 4096
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 4096/4096 bytes at offset 8192
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 1ad02e5..2793e1d 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -64,6 +64,7 @@
 055 rw auto
 056 rw auto backing
 057 rw auto
+058 rw auto
 059 rw auto
 060 rw auto
 061 rw auto
-- 
1.7.1




[Qemu-devel] [PATCH V2 1/4] snapshot: distinguish id and name in load_tmp

2013-09-22 Thread Wenchao Xia
Since later this function will be used so improve it. The only caller of it
now is qemu-img, and it is not impacted by call the function twice to keep
old search logic.

Signed-off-by: Wenchao Xia 
---
 block/qcow2-snapshot.c|   16 ++--
 block/qcow2.h |5 -
 block/snapshot.c  |   37 +++--
 include/block/block_int.h |4 +++-
 include/block/snapshot.h  |4 +++-
 qemu-img.c|   14 --
 6 files changed, 71 insertions(+), 9 deletions(-)

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 7d14420..fe8f0eb 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -669,7 +669,10 @@ int qcow2_snapshot_list(BlockDriverState *bs, 
QEMUSnapshotInfo **psn_tab)
 return s->nb_snapshots;
 }
 
-int qcow2_snapshot_load_tmp(BlockDriverState *bs, const char *snapshot_name)
+int qcow2_snapshot_load_tmp(BlockDriverState *bs,
+const char *snapshot_id,
+const char *name,
+Error **errp)
 {
 int i, snapshot_index;
 BDRVQcowState *s = bs->opaque;
@@ -677,12 +680,17 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs, const 
char *snapshot_name)
 uint64_t *new_l1_table;
 int new_l1_bytes;
 int ret;
+const char *device = bdrv_get_device_name(bs);
 
 assert(bs->read_only);
 
 /* Search the snapshot */
-snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_name);
+snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name);
 if (snapshot_index < 0) {
+error_setg(errp,
+   "Can't find a snapshot with ID '%s' and name '%s' "
+   "on device '%s'",
+   STR_OR_NULL(snapshot_id), STR_OR_NULL(name), device);
 return -ENOENT;
 }
 sn = &s->snapshots[snapshot_index];
@@ -693,6 +701,10 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs, const 
char *snapshot_name)
 
 ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_table, 
new_l1_bytes);
 if (ret < 0) {
+error_setg(errp,
+   "Failed to read l1 table for snapshot with ID '%s' and name 
"
+   "'%s' on device '%s'",
+   sn->id_str, sn->name, device);
 g_free(new_l1_table);
 return ret;
 }
diff --git a/block/qcow2.h b/block/qcow2.h
index c90e5d6..12cfeaf 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -472,7 +472,10 @@ int qcow2_snapshot_delete(BlockDriverState *bs,
   const char *name,
   Error **errp);
 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab);
-int qcow2_snapshot_load_tmp(BlockDriverState *bs, const char *snapshot_name);
+int qcow2_snapshot_load_tmp(BlockDriverState *bs,
+const char *snapshot_id,
+const char *name,
+Error **errp);
 
 void qcow2_free_snapshots(BlockDriverState *bs);
 int qcow2_read_snapshots(BlockDriverState *bs);
diff --git a/block/snapshot.c b/block/snapshot.c
index a05c0c0..0dab05d 100644
--- a/block/snapshot.c
+++ b/block/snapshot.c
@@ -265,18 +265,51 @@ int bdrv_snapshot_list(BlockDriverState *bs,
 return -ENOTSUP;
 }
 
+/**
+ * Temporarily load an internal snapshot by @snapshot_id and @name.
+ * @bs: block device used in the operation
+ * @snapshot_id: unique snapshot ID, or NULL
+ * @name: snapshot name, or NULL
+ * @errp: location to store error
+ *
+ * If both @snapshot_id and @name are specified, load the first one with
+ * id @snapshot_id and name @name.
+ * If only @snapshot_id is specified, load the first one with id
+ * @snapshot_id.
+ * If only @name is specified, load the first one with name @name.
+ * if none is specified, return -ENINVAL.
+ *
+ * Returns: 0 on success, -errno on fail. If @bs is not inserted, return
+ * -ENOMEDIUM. If @bs is not readonly, return -EINVAL. If @bs did not support
+ * internal snapshot, return -ENOTSUP. If qemu can't find one matching @id and
+ * @name, return -ENOENT. If @bs do not support parameter @snapshot_id or
+ * @name, return -EINVAL. If @errp != NULL, it will always be filled on
+ * failure.
+ */
 int bdrv_snapshot_load_tmp(BlockDriverState *bs,
-const char *snapshot_name)
+   const char *snapshot_id,
+   const char *name,
+   Error **errp)
 {
 BlockDriver *drv = bs->drv;
+const char *device = bdrv_get_device_name(bs);
 if (!drv) {
+error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
 return -ENOMEDIUM;
 }
+if (!snapshot_id && !name) {
+error_setg(errp, "snapshot_id and name are both NULL");
+return -EINVAL;
+}
 if (!bs->read_only) {
+error_setg(errp, "Device '%s' is not readonly", device);
 return -EINVAL;
 }
 if (drv->bdrv_snapshot_load_tmp) {
-return drv->

[Qemu-devel] [PATCH V2 3/4] qemu-nbd: add doc for internal snapshot export

2013-09-22 Thread Wenchao Xia
Signed-off-by: Wenchao Xia 
---
 qemu-nbd.c|8 +++-
 qemu-nbd.texi |8 +++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index e450d04..8cb4bf1 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -80,7 +80,13 @@ static void usage(const char *name)
 "\n"
 "Block device options:\n"
 "  -r, --read-only  export read-only\n"
-"  -s, --snapshot   use snapshot file\n"
+"  -s, --snapshot   use FILE as an external snapshot, create a temporary\n"
+"   file with backing_file=FILE, redirect the write to\n"
+"   the temporary one\n"
+"  -l, --snapshot-load=PARAM\n"
+"   load an internal snapshot inside FILE and export it\n"
+"   as an read-only device, PARAM format is\n"
+"   'id=[ID],name=[NAME]'\n"
 "  -n, --nocachedisable host cache\n"
 "  --cache=MODE set cache mode (none, writeback, ...)\n"
 #ifdef CONFIG_LINUX_AIO
diff --git a/qemu-nbd.texi b/qemu-nbd.texi
index 6055ec6..69e9e9a 100644
--- a/qemu-nbd.texi
+++ b/qemu-nbd.texi
@@ -27,7 +27,13 @@ Export QEMU disk image using NBD protocol.
 @item -P, --partition=@var{num}
   only expose partition @var{num}
 @item -s, --snapshot
-  use snapshot file
+  use @var{filename} as an external snapshot, create a temporary
+  file with backing_file=@var{filename}, redirect the write to
+  the temporary one
+@item -l, --snapshot-load=@var{param}
+  load an internal snapshot inside @var{filename} and export it
+  as an read-only device, @var{param} format is
+  'id=[ID],name=[NAME]'
 @item -n, --nocache
 @itemx --cache=@var{cache}
   set cache mode to be used with the file.  See the documentation of
-- 
1.7.1




[Qemu-devel] [PATCH V2 2/4] qemu-nbd: support internal snapshot export

2013-09-22 Thread Wenchao Xia
Now it is possible to directly export an internal snapshot, which
can be used to probe the snapshot's contents without qemu-img
convert.

Signed-off-by: Wenchao Xia 
---
 qemu-nbd.c |   54 +-
 1 files changed, 53 insertions(+), 1 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index c26c98e..e450d04 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -20,6 +20,7 @@
 #include "block/block.h"
 #include "block/nbd.h"
 #include "qemu/main-loop.h"
+#include "block/snapshot.h"
 
 #include 
 #include 
@@ -304,6 +305,23 @@ static void nbd_accept(void *opaque)
 }
 }
 
+#define SNAPSHOT_OPT_ID "id"
+#define SNAPSHOT_OPT_NAME   "name"
+
+static QEMUOptionParameter snapshot_options[] = {
+{
+.name = SNAPSHOT_OPT_ID,
+.type = OPT_STRING,
+.help = "snapshot id"
+},
+{
+.name = SNAPSHOT_OPT_NAME,
+.type = OPT_STRING,
+.help = "snapshot name"
+},
+{ NULL }
+};
+
 int main(int argc, char **argv)
 {
 BlockDriverState *bs;
@@ -315,7 +333,10 @@ int main(int argc, char **argv)
 char *device = NULL;
 int port = NBD_DEFAULT_PORT;
 off_t fd_size;
-const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t";
+QEMUOptionParameter *sn_param = NULL;
+const QEMUOptionParameter *sn_param_id, *sn_param_name;
+const char *sn_id = NULL, *sn_name = NULL;
+const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:tl:";
 struct option lopt[] = {
 { "help", 0, NULL, 'h' },
 { "version", 0, NULL, 'V' },
@@ -328,6 +349,7 @@ int main(int argc, char **argv)
 { "connect", 1, NULL, 'c' },
 { "disconnect", 0, NULL, 'd' },
 { "snapshot", 0, NULL, 's' },
+{ "snapshot-load", 1, NULL, 'l' },
 { "nocache", 0, NULL, 'n' },
 { "cache", 1, NULL, QEMU_NBD_OPT_CACHE },
 #ifdef CONFIG_LINUX_AIO
@@ -428,6 +450,14 @@ int main(int argc, char **argv)
 errx(EXIT_FAILURE, "Offset must be positive `%s'", optarg);
 }
 break;
+case 'l':
+sn_param = parse_option_parameters(optarg,
+   snapshot_options, sn_param);
+if (!sn_param) {
+errx(EXIT_FAILURE,
+ "Invalid snapshot-load options '%s'", optarg);
+}
+/* fall through */
 case 'r':
 nbdflags |= NBD_FLAG_READ_ONLY;
 flags &= ~BDRV_O_RDWR;
@@ -581,6 +611,24 @@ int main(int argc, char **argv)
 error_get_pretty(local_err));
 }
 
+if (sn_param) {
+sn_param_id = get_option_parameter(sn_param, SNAPSHOT_OPT_ID);
+sn_param_name = get_option_parameter(sn_param, SNAPSHOT_OPT_NAME);
+if (sn_param_id) {
+sn_id = sn_param_id->value.s;
+}
+if (sn_param_name) {
+sn_name = sn_param_name->value.s;
+}
+ret = bdrv_snapshot_load_tmp(bs, sn_id, sn_name, &local_err);
+if (ret < 0) {
+errno = -ret;
+err(EXIT_FAILURE,
+"Failed to load snapshot, reason:\n%s",
+error_get_pretty(local_err));
+}
+}
+
 fd_size = bdrv_getlength(bs);
 
 if (partition != -1) {
@@ -641,6 +689,10 @@ int main(int argc, char **argv)
 unlink(sockpath);
 }
 
+if (sn_param) {
+free_option_parameters(sn_param);
+}
+
 if (device) {
 void *ret;
 pthread_join(client_thread, &ret);
-- 
1.7.1




Re: [Qemu-devel] in_asm substitute for accel=kvm:tcg

2013-09-22 Thread Andriy Gapon
on 22/09/2013 11:17 Gleb Natapov said the following:
> On Sun, Sep 22, 2013 at 11:05:37AM +0300, Andriy Gapon wrote:
>> on 22/09/2013 09:31 Gleb Natapov said the following:
>>> Which kernel version is this? What BSD version?
>>
>> $ uname -a
>> Linux kvm 3.8.0-27-generic #40-Ubuntu SMP Tue Jul 9 00:17:05 UTC 2013 x86_64
>> x86_64 x86_64 GNU/Linux
>>
> That's pretty old kernel and there were a lot fixes in emulation since.
> Before we spend more time tracking this can you verify that the bug is
> reproducible with 3.11?

Gleb,

thank you very much -- right on the spot!
With 3.11 the boot proceeds past that point.

-- 
Andriy Gapon



Re: [Qemu-devel] [SeaBIOS] [PATCH v2 1/5] linker: utility to patch in-memory ROM files

2013-09-22 Thread Michael S. Tsirkin
On Thu, Jul 25, 2013 at 08:06:27PM -0400, Kevin O'Connor wrote:
> On Thu, Jul 25, 2013 at 03:55:56PM +0300, Michael S. Tsirkin wrote:
> > On Mon, Jul 15, 2013 at 11:01:02AM +0300, Michael S. Tsirkin wrote:
> > > On Sun, Jul 14, 2013 at 02:24:52PM -0400, Kevin O'Connor wrote:
> > > > I'd prefer to see this tracked within the "linker" code and not in the
> > > > generic romfile struct.
> > > 
> > > A way to associate a romfile instance with a value seems generally
> > > useful, no?  Still, that's not too hard - it would only mean an extra
> > > linked list of 
> > > 
> > > struct linker {
> > >   char name[56]
> > >   void *data;
> > >   struct hlist_node node;
> > > }
> > > 
> > > is this preferable?
> 
> Sure, but it's probably easier to do something like:
> 
> struct linkfiles { char *name; void *data; };
> 
> void linker_loader_execute(const char *name)
> {
> int size;
> struct linker_loader_entry_s *entries = romfile_loadfile(name, &size);
> int numentries = size/sizeof(entries[0]);
> if (! entries)
> return;
> struct linkfiles *files = malloc_tmp(sizeof(files[0]) * numentries);
> 
> and then just populate and use the array of filenames.

OK I'll do this but it's more code as I can't use plain romfile_find
anymore, and have to code up my own lookup.

> > > > Also, is there another name besides "linker" that could be used?
> > > > SeaBIOS has code to self-relocate and fixup code relocations.  I think
> > > > having code in the repo called "linker" could cause confusion.
> > > > 
> > > 
> > > romfile_loader?
> 
> Shrug.  How about "tabledeploy"?
> 
> -Kevin



Re: [Qemu-devel] [SeaBIOS] [PATCH v2 1/5] linker: utility to patch in-memory ROM files

2013-09-22 Thread Michael S. Tsirkin
On Sun, Sep 22, 2013 at 01:49:58PM +0300, Michael S. Tsirkin wrote:
> On Thu, Jul 25, 2013 at 08:06:27PM -0400, Kevin O'Connor wrote:
> > On Thu, Jul 25, 2013 at 03:55:56PM +0300, Michael S. Tsirkin wrote:
> > > On Mon, Jul 15, 2013 at 11:01:02AM +0300, Michael S. Tsirkin wrote:
> > > > On Sun, Jul 14, 2013 at 02:24:52PM -0400, Kevin O'Connor wrote:
> > > > > I'd prefer to see this tracked within the "linker" code and not in the
> > > > > generic romfile struct.
> > > > 
> > > > A way to associate a romfile instance with a value seems generally
> > > > useful, no?  Still, that's not too hard - it would only mean an extra
> > > > linked list of 
> > > > 
> > > > struct linker {
> > > > char name[56]
> > > > void *data;
> > > > struct hlist_node node;
> > > > }
> > > > 
> > > > is this preferable?
> > 
> > Sure, but it's probably easier to do something like:
> > 
> > struct linkfiles { char *name; void *data; };
> > 
> > void linker_loader_execute(const char *name)
> > {
> > int size;
> > struct linker_loader_entry_s *entries = romfile_loadfile(name, &size);
> > int numentries = size/sizeof(entries[0]);
> > if (! entries)
> > return;
> > struct linkfiles *files = malloc_tmp(sizeof(files[0]) * numentries);
> > 
> > and then just populate and use the array of filenames.
> 
> OK I'll do this but it's more code as I can't use plain romfile_find
> anymore, and have to code up my own lookup.
> 
> > > > > Also, is there another name besides "linker" that could be used?
> > > > > SeaBIOS has code to self-relocate and fixup code relocations.  I think
> > > > > having code in the repo called "linker" could cause confusion.
> > > > > 
> > > > 
> > > > romfile_loader?
> > 
> > Shrug.  How about "tabledeploy"?
> > 
> > -Kevin


So I tried this out, and I don't like this much:
see below.
Lots of code, a single data pointer in file struct seems much easier.

Further, without a pointer from file to data,
there's no way to find the tables in memory,
so I will have to make the loader interface ACPI-specific,
make it look into tables loaded for the RSDP signature
and return the address of RSDP.


diff --git a/src/util.h b/src/util.h
index 1e883f2..d777521 100644
--- a/src/util.h
+++ b/src/util.h
@@ -441,7 +441,6 @@ struct romfile_s {
 char name[128];
 u32 size;
 int (*copy)(struct romfile_s *file, void *dest, u32 maxlen);
-void *data;
 };
 void romfile_add(struct romfile_s *file);
 struct romfile_s *romfile_findprefix(const char *prefix, struct romfile_s 
*prev);
diff --git a/src/acpi.c b/src/acpi.c
index 24cb1fa..c3a3c16 100644
--- a/src/acpi.c
+++ b/src/acpi.c
@@ -611,14 +611,14 @@ acpi_find_rsdp_rom(void)
 if (!file)
 break;
 
-if (!file->data || !pmm_test_fseg(file->data) ||
+if (/*!file->data ||*/ !pmm_test_fseg(NULL /*file->data*/) ||
 file->size < sizeof(rsdp->signature))
 continue;
 
 void *data;
 
-for (data = file->data;
- data + sizeof(*rsdp) <= file->data + file->size;
+for (data = NULL /*file->data */;
+ data + sizeof(*rsdp) <= /* file->data */ NULL + file->size;
  data++) {
 rsdp = data;
 if (rsdp->signature == cpu_to_le64(RSDP_SIGNATURE))
diff --git a/src/romfile_loader.c b/src/romfile_loader.c
index 6ba03ed..5e98810 100644
--- a/src/romfile_loader.c
+++ b/src/romfile_loader.c
@@ -2,17 +2,33 @@
 #include "byteorder.h" // leXX_to_cpu/cpu_to_leXX
 #include "util.h" // checksum
 
-static struct romfile_s *romfile_loader_find(const char *name)
+struct romfile_loader_file {
+struct romfile_s *file;
+void *data;
+};
+struct romfile_loader_files {
+int nfiles;
+struct romfile_loader_file files[];
+};
+
+static struct romfile_loader_file *
+romfile_loader_find(const char *name,
+struct romfile_loader_files *files)
 {
+int i;
 if (name[ROMFILE_LOADER_FILESZ - 1])
 return NULL;
-return romfile_find(name);
+for (i = 0; i < files->nfiles; ++i)
+if (!strcmp(files->files[i].file->name, name))
+return &files->files[i];
+return NULL;
 }
 
-static void romfile_loader_allocate(struct romfile_loader_entry_s *entry)
+static void romfile_loader_allocate(struct romfile_loader_entry_s *entry,
+struct romfile_loader_files *files)
 {
 struct zone_s *zone;
-struct romfile_s *file;
+struct romfile_loader_file *file = &files->files[files->nfiles];
 void *data;
 int ret;
 unsigned alloc_align = le32_to_cpu(entry->alloc_align);
@@ -32,20 +48,21 @@ static void romfile_loader_allocate(struct 
romfile_loader_entry_s *entry)
 }
 if (alloc_align < MALLOC_MIN_ALIGN)
 alloc_align = MALLOC_MIN_ALIGN;
-file = romfile_loader_find(entry->alloc_file);
-if (!file || file->data)
+if (entry->alloc_file[ROMFILE_LOADER_FILESZ - 1])
 goto err;
-if (!file->size)
+file

[Qemu-devel] [PATCH] sPAPR: implement route_intx_to_irq to get gsi of pci device.

2013-09-22 Thread Liu Ping Fan
This is useful when pci assignment happens on sPAPR.

Signed-off-by: Liu Ping Fan 
---
This patch will apply on patches which enable xics in kernel.
---
 hw/intc/xics.c|  5 +
 hw/ppc/spapr_pci.c| 14 ++
 include/hw/ppc/xics.h |  1 +
 3 files changed, 20 insertions(+)

diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index bb018d1..02cdab8 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -442,6 +442,11 @@ void xics_set_irq_type(XICSState *icp, int irq, bool lsi)
 icp->ics->islsi[irq - icp->ics->offset] = lsi;
 }
 
+int xics_get_irq_offset(XICSState *icp)
+{
+return icp->ics->offset;
+}
+
 /*
  * Guest interfaces
  */
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 9b6ee32..6d3657a 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -432,6 +432,19 @@ static void pci_spapr_set_irq(void *opaque, int irq_num, 
int level)
 qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
 }
 
+static PCIINTxRoute spapr_phb_route_intx_to_irq(void *opaque, int pirq_pin)
+{
+int gsi;
+PCIINTxRoute route;
+sPAPRPHBState *phb = opaque;
+
+gsi = phb->lsi_table[pirq_pin].irq;
+gsi += xics_get_irq_offset(spapr->icp);
+route.mode = PCI_INTX_ENABLED;
+route.irq = gsi;
+return route;
+}
+
 /*
  * MSI/MSIX memory region implementation.
  * The handler handles both MSI and MSIX.
@@ -595,6 +608,7 @@ static int spapr_phb_init(SysBusDevice *s)
pci_spapr_set_irq, pci_spapr_map_irq, sphb,
&sphb->memspace, &sphb->iospace,
PCI_DEVFN(0, 0), PCI_NUM_PINS, TYPE_PCI_BUS);
+pci_bus_set_route_irq_fn(bus, spapr_phb_route_intx_to_irq);
 phb->bus = bus;
 
 sphb->dma_window_start = 0;
diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
index 66364c5..6ed1f4d 100644
--- a/include/hw/ppc/xics.h
+++ b/include/hw/ppc/xics.h
@@ -97,6 +97,7 @@ struct ICSIRQState {
 
 qemu_irq xics_get_qirq(XICSState *icp, int irq);
 void xics_set_irq_type(XICSState *icp, int irq, bool lsi);
+int xics_get_irq_offset(XICSState *icp);
 
 void xics_cpu_setup(XICSState *icp, PowerPCCPU *cpu);
 
-- 
1.8.1.4




[Qemu-devel] [PATCH 1/2] block: fix backing file overriding

2013-09-22 Thread Fam Zheng
Providing backing.file.filename doesn't override backing file as expected:

$ x86_64-softmmu/qemu-system-x86_64 -drive \
file=/tmp/child.qcow2,backing.file.filename=/tmp/fake.qcow2

qemu-system-x86_64: -drive \
file=/tmp/child.qcow2,backing.file.filename=/tmp/fake.qcow2: could not
open disk image /tmp/child.qcow2: Can't specify 'file' and 'filename'
options at the same time

With

$ qemu-img info /tmp/child.qcow2
image: /tmp/child.qcow2
file format: qcow2
virtual size: 1.0G (1073741824 bytes)
disk size: 196K
cluster_size: 65536
backing file: /tmp/fake.qcow2

This fixes it by calling bdrv_get_full_backing_filename only if
backing.file.filename is not provided. Also save the backing file name
to bs->backing_file so the information is correct with HMP "info block".

Signed-off-by: Fam Zheng 
---
 block.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index e176c6f..a2ea39a 100644
--- a/block.c
+++ b/block.c
@@ -978,11 +978,12 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict 
*options, Error **errp)
 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
 QDECREF(options);
 return 0;
+} else {
+bdrv_get_full_backing_filename(bs, backing_filename,
+   sizeof(backing_filename));
 }
 
 bs->backing_hd = bdrv_new("");
-bdrv_get_full_backing_filename(bs, backing_filename,
-   sizeof(backing_filename));
 
 if (bs->backing_format[0] != '\0') {
 back_drv = bdrv_find_format(bs->backing_format);
@@ -994,6 +995,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict 
*options, Error **errp)
 ret = bdrv_open(bs->backing_hd,
 *backing_filename ? backing_filename : NULL, options,
 back_flags, back_drv, &local_err);
+pstrcpy(bs->backing_file, sizeof(bs->backing_file),
+bs->backing_hd->file->filename);
 if (ret < 0) {
 bdrv_unref(bs->backing_hd);
 bs->backing_hd = NULL;
-- 
1.8.3.1




[Qemu-devel] [PATCH 2/2] qemu-iotests: add test for backing file overriding

2013-09-22 Thread Fam Zheng
Test that backing.file.filename option can be parsed and override the
backing file from image (backing file reflected with "info block").

Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/051 | 17 -
 tests/qemu-iotests/051.out | 11 +++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
index 1f39c6a..78e1182 100755
--- a/tests/qemu-iotests/051
+++ b/tests/qemu-iotests/051
@@ -45,7 +45,14 @@ _supported_os Linux
 function do_run_qemu()
 {
 echo Testing: "$@"
-echo quit | $QEMU -nographic -monitor stdio -serial none "$@"
+(
+if ! test -t 0; then
+while read cmd; do
+echo $cmd
+done
+fi
+echo quit
+) | $QEMU -nographic -monitor stdio -serial none "$@"
 echo
 }
 
@@ -57,6 +64,9 @@ function run_qemu()
 size=128M
 
 _make_test_img $size
+cp $TEST_IMG $TEST_IMG.orig
+mv $TEST_IMG $TEST_IMG.base
+_make_test_img -b $TEST_IMG.base $size
 
 echo
 echo === Unknown option ===
@@ -67,6 +77,11 @@ run_qemu -drive file=$TEST_IMG,format=qcow2,unknown_opt=on
 run_qemu -drive file=$TEST_IMG,format=qcow2,unknown_opt=1234
 run_qemu -drive file=$TEST_IMG,format=qcow2,unknown_opt=foo
 
+echo
+echo === Overriding backing file ===
+echo
+
+echo "info block" | run_qemu -drive 
file=$TEST_IMG,driver=qcow2,backing.file.filename=$TEST_IMG.orig -nodefaults
 
 echo
 echo === Enable and disable lazy refcounting on the command line, plus some 
invalid values ===
diff --git a/tests/qemu-iotests/051.out b/tests/qemu-iotests/051.out
index 88e8fa7..335fbe3 100644
--- a/tests/qemu-iotests/051.out
+++ b/tests/qemu-iotests/051.out
@@ -1,5 +1,6 @@
 QA output created by 051
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 
backing_file='TEST_DIR/t.IMGFMT.base' 
 
 === Unknown option ===
 
@@ -16,6 +17,16 @@ Testing: -drive 
file=TEST_DIR/t.qcow2,format=qcow2,unknown_opt=foo
 QEMU_PROG: -drive file=TEST_DIR/t.qcow2,format=qcow2,unknown_opt=foo: could 
not open disk image TEST_DIR/t.qcow2: Block format 'qcow2' used by device 
'ide0-hd0' doesn't support the option 'unknown_opt'
 
 
+=== Overriding backing file ===
+
+Testing: -drive 
file=TEST_DIR/t.qcow2,driver=qcow2,backing.file.filename=TEST_DIR/t.qcow2.orig 
-nodefaults
+QEMU X.Y.Z monitor - type 'help' for more information
+(qemu) iininfinfoinfo 
info binfo 
blinfo bloinfo 
blocinfo block
+ide0-hd0: TEST_DIR/t.qcow2 (qcow2)
+Backing file: TEST_DIR/t.qcow2.orig (chain depth: 1)
+ [not inserted](qemu) qququiquit
+
+
 === Enable and disable lazy refcounting on the command line, plus some invalid 
values ===
 
 Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,lazy-refcounts=on
-- 
1.8.3.1




[Qemu-devel] [PATCH 0/2] block: fix backing file overriding

2013-09-22 Thread Fam Zheng
The backing.file.filename option is not working as expected: if there's also a
backing file name from the format driver, adding this option fails bdrv_open;
if there's no backing file name info in the image, "info block" doesn't show
the overrided file name.

A test case is updated to catch these issues.

Fam Zheng (2):
  block: fix backing file overriding
  qemu-iotests: add test for backing file overriding

 block.c|  7 +--
 tests/qemu-iotests/051 | 17 -
 tests/qemu-iotests/051.out | 11 +++
 3 files changed, 32 insertions(+), 3 deletions(-)

-- 
1.8.3.1




[Qemu-devel] [PATCH] .gitignore: ignore tests/qemu-iotests/socket_scm_helper

2013-09-22 Thread Fam Zheng
Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/.gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/.gitignore b/tests/qemu-iotests/.gitignore
index 62b4002..0541f80 100644
--- a/tests/qemu-iotests/.gitignore
+++ b/tests/qemu-iotests/.gitignore
@@ -2,6 +2,7 @@ check.log
 check.time
 *.out.bad
 *.notrun
+socket_scm_helper
 
 # ignore everything in the scratch directory
 scratch/
-- 
1.8.3.1




[Qemu-devel] [PATCH v4 05/23] fw_cfg: interface to trigger callback on read

2013-09-22 Thread Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/nvram/fw_cfg.h |  4 
 hw/nvram/fw_cfg.c | 33 -
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index f60dd67..2ab0fc2 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -60,6 +60,7 @@ typedef struct FWCfgFiles {
 } FWCfgFiles;
 
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);
+typedef void (*FWCfgReadCallback)(void *opaque, uint32_t offset);
 
 void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len);
 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value);
@@ -70,6 +71,9 @@ void fw_cfg_add_callback(FWCfgState *s, uint16_t key, 
FWCfgCallback callback,
  void *callback_opaque, void *data, size_t len);
 void fw_cfg_add_file(FWCfgState *s, const char *filename, void *data,
  size_t len);
+void fw_cfg_add_file_callback(FWCfgState *s, const char *filename,
+  FWCfgReadCallback callback, void 
*callback_opaque,
+  void *data, size_t len);
 FWCfgState *fw_cfg_init(uint32_t ctl_port, uint32_t data_port,
 hwaddr crl_addr, hwaddr data_addr);
 
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index d0820e5..f5dc3ea 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -42,6 +42,7 @@ typedef struct FWCfgEntry {
 uint8_t *data;
 void *callback_opaque;
 FWCfgCallback callback;
+FWCfgReadCallback read_callback;
 } FWCfgEntry;
 
 struct FWCfgState {
@@ -249,8 +250,12 @@ static uint8_t fw_cfg_read(FWCfgState *s)
 
 if (s->cur_entry == FW_CFG_INVALID || !e->data || s->cur_offset >= e->len)
 ret = 0;
-else
+else {
+if (e->read_callback) {
+e->read_callback(e->callback_opaque, s->cur_offset);
+}
 ret = e->data[s->cur_offset++];
+}
 
 trace_fw_cfg_read(s, ret);
 return ret;
@@ -381,7 +386,10 @@ static const VMStateDescription vmstate_fw_cfg = {
 }
 };
 
-void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len)
+static void fw_cfg_add_bytes_read_callback(FWCfgState *s, uint16_t key,
+   FWCfgReadCallback callback,
+   void *callback_opaque,
+   void *data, size_t len)
 {
 int arch = !!(key & FW_CFG_ARCH_LOCAL);
 
@@ -391,6 +399,13 @@ void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void 
*data, size_t len)
 
 s->entries[arch][key].data = data;
 s->entries[arch][key].len = (uint32_t)len;
+s->entries[arch][key].read_callback = callback;
+s->entries[arch][key].callback_opaque = callback_opaque;
+}
+
+void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len)
+{
+fw_cfg_add_bytes_read_callback(s, key, NULL, NULL, data, len);
 }
 
 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value)
@@ -444,8 +459,9 @@ void fw_cfg_add_callback(FWCfgState *s, uint16_t key, 
FWCfgCallback callback,
 s->entries[arch][key].callback = callback;
 }
 
-void fw_cfg_add_file(FWCfgState *s,  const char *filename,
- void *data, size_t len)
+void fw_cfg_add_file_callback(FWCfgState *s,  const char *filename,
+  FWCfgReadCallback callback, void 
*callback_opaque,
+  void *data, size_t len)
 {
 int i, index;
 size_t dsize;
@@ -459,7 +475,8 @@ void fw_cfg_add_file(FWCfgState *s,  const char *filename,
 index = be32_to_cpu(s->files->count);
 assert(index < FW_CFG_FILE_SLOTS);
 
-fw_cfg_add_bytes(s, FW_CFG_FILE_FIRST + index, data, len);
+fw_cfg_add_bytes_read_callback(s, FW_CFG_FILE_FIRST + index,
+   callback, callback_opaque, data, len);
 
 pstrcpy(s->files->f[index].name, sizeof(s->files->f[index].name),
 filename);
@@ -477,6 +494,12 @@ void fw_cfg_add_file(FWCfgState *s,  const char *filename,
 s->files->count = cpu_to_be32(index+1);
 }
 
+void fw_cfg_add_file(FWCfgState *s,  const char *filename,
+ void *data, size_t len)
+{
+fw_cfg_add_file_callback(s, filename, NULL, NULL, data, len);
+}
+
 static void fw_cfg_machine_ready(struct Notifier *n, void *data)
 {
 size_t len;
-- 
MST




[Qemu-devel] [PATCH v4 00/23] qemu: generate acpi tables for the guest

2013-09-22 Thread Michael S. Tsirkin
This code can also be found here:
git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git acpi

While this patch still uses info not available in QOM, I think it's reasonable
to merge it and then refactor as QOM properties cover more ground.

In particular, merging this patchset blocks other projects so
I think its preferable to merge now and not wait
for all required QOM properties to materialize.

I added QOM properties in ich/piix where I knew how to
do this.

If everything's in order, I intend to merge this through my tree.

Please review, and comment.

Changes from v3:
- reworked code to use QOM properties
  some info isn't yet available in QOM,
  use old-style APIs and lookups by type
- address comments by Gerd: tables are now updated
  on guest access after pci configuration

Changes from v2 repost:
- address comment by Anthony - convert to use APIs implemented
  using QOM
- address comment by Anthony - avoid tricky pointer path,
  use GArray from glib instead
- Address lots of comments by Hu Tao and Laszlo Ersek

Changes from v2:
- added missing patches to make it actually build
Changes from v1 RFC:
- added code to address cross version compatibility
- rebased to latest bits
- updated seabios code to latest bits (added pvpanic device)

This patchset moves all generation of ACPI tables
from guest BIOS to the hypervisor.

Although ACPI tables come from a system BIOS on real hw,
it makes sense that the ACPI tables are coupled with the
virtual machine, since they have to abstract the x86 machine to
the OS's.

This is widely desired as a way to avoid the churn
and proliferation of QEMU-specific interfaces
associated with ACPI tables in bios code.

There's a bit of code duplication where we
already declare similar acpi structures in qemu.

I think it's best to do it in this order: port
code directly, and apply cleanups and reduce duplication
that results, on top.
This way it's much easier to see that we don't introduce
regressions.

In particular, I booted a guest on qemu with and without the
change, and verified that ACPI tables are
unchanged except for trivial pointer address changes.

Such binary compatibility makes it easier to be
confident that this change won't break things.

Michael S. Tsirkin (23):
  qemu: add Error to typedefs
  qom: pull in qemu/typedefs
  qom: cleanup struct Error references
  qom: add pointer to int property helpers
  fw_cfg: interface to trigger callback on read
  loader: support for unmapped ROM blobs
  pcie_host: expose UNMAPPED macro
  pcie_host: expose address format
  q35: use macro for MCFG property name
  q35: expose mmcfg size as a property
  i386: add ACPI table files from seabios
  acpi: add rules to compile ASL source
  acpi: pre-compiled ASL files
  loader: use file path size from fw_cfg.h
  i386: add bios linker/loader
  loader: allow adding ROMs in done callbacks
  i386: define pc guest info
  acpi/piix: add macros for acpi property names
  piix: APIs for pc guest info
  ich9: APIs for pc guest info
  pvpanic: add API to access io port
  hpet: add API to find it
  i386: ACPI table generation code from seabios

 configure|9 +-
 hw/i386/acpi-defs.h  |  331 ++
 hw/lm32/lm32_hwsetup.h   |2 +-
 include/hw/acpi/ich9.h   |2 +
 include/hw/acpi/piix4.h  |8 +
 include/hw/i386/acpi-build.h |9 +
 include/hw/i386/bios-linker-loader.h |   26 +
 include/hw/i386/ich9.h   |2 +
 include/hw/i386/pc.h |   23 +
 include/hw/loader.h  |8 +-
 include/hw/nvram/fw_cfg.h|8 +-
 include/hw/pci-host/q35.h|2 +
 include/hw/pci/pcie_host.h   |   27 +
 include/hw/timer/hpet.h  |2 +
 include/qemu/typedefs.h  |1 +
 include/qom/object.h |   73 +-
 hw/acpi/ich9.c   |   24 +
 hw/acpi/piix4.c  |   50 +-
 hw/core/loader.c |   31 +-
 hw/i386/acpi-build.c | 1190 ++
 hw/i386/bios-linker-loader.c |  156 +
 hw/i386/pc.c |   37 +
 hw/i386/pc_piix.c|5 +
 hw/i386/pc_q35.c |3 +
 hw/isa/lpc_ich9.c|   40 +
 hw/misc/pvpanic.c|   13 +-
 hw/nvram/fw_cfg.c|   33 +-
 hw/pci-host/piix.c   |8 +
 hw/pci-host/q35.c|   26 +-
 hw/pci/pcie_host.c   |   24 -
 hw/timer/hpet.c  |5 +
 qom/object.c |   56 +
 vl.c |3 +
 hw/i386/Makefile.objs|   27 +
 hw/i386/acpi-dsdt-cpu-hotplug.dsl|   93 +
 hw/i386/acpi-dsdt-dbug.dsl   |   41 +
 hw/i386/acpi-dsdt-hpet.dsl   |   51 +
 hw/i386/acpi-dsdt-isa.dsl|  117 +
 hw/i386/acpi-dsdt-pci-crs.dsl|  105 +
 hw/i386/acpi-dsdt.dsl|  34

[Qemu-devel] [PATCH v4 01/23] qemu: add Error to typedefs

2013-09-22 Thread Michael S. Tsirkin
This is so qom headers can use it without pulling in
extra headers.

Signed-off-by: Michael S. Tsirkin 
---
 include/qemu/typedefs.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index a4c1b84..46c3599 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -7,6 +7,7 @@ typedef struct QEMUTimer QEMUTimer;
 typedef struct QEMUTimerListGroup QEMUTimerListGroup;
 typedef struct QEMUFile QEMUFile;
 typedef struct QEMUBH QEMUBH;
+typedef struct Error Error;
 
 typedef struct AioContext AioContext;
 
-- 
MST




[Qemu-devel] [PATCH v4 12/23] acpi: add rules to compile ASL source

2013-09-22 Thread Michael S. Tsirkin
Detect presence of IASL compiler and use it
to process ASL source. If not there, use pre-compiled
files in-tree. Add script to update the in-tree files.

Note: distros are known to silently update iasl
so detect correct iasl flags for the installed version on each run as
opposed to at configure time.

Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Laszlo Ersek 
---
 configure  |  9 -
 hw/i386/Makefile.objs  | 22 ++
 scripts/update-acpi.sh |  4 
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 scripts/update-acpi.sh

diff --git a/configure b/configure
index 2b83936..15405e1 100755
--- a/configure
+++ b/configure
@@ -119,6 +119,7 @@ path_of() {
 # default parameters
 source_path=`dirname "$0"`
 cpu=""
+iasl="iasl"
 interp_prefix="/usr/gnemul/qemu-%M"
 static="no"
 cross_prefix=""
@@ -257,6 +258,8 @@ for opt do
   ;;
   --cxx=*) CXX="$optarg"
   ;;
+  --iasl=*) iasl="$optarg"
+  ;;
   --source-path=*) source_path="$optarg"
   ;;
   --cpu=*) cpu="$optarg"
@@ -1055,6 +1058,7 @@ echo "Advanced options (experts only):"
 echo "  --source-path=PATH   path of source code [$source_path]"
 echo "  --cross-prefix=PREFIXuse PREFIX for compile tools [$cross_prefix]"
 echo "  --cc=CC  use C compiler CC [$cc]"
+echo "  --iasl=IASL  use ACPI compiler IASL [$iasl]"
 echo "  --host-cc=CC use C compiler CC [$host_cc] for code run at"
 echo "   build time"
 echo "  --cxx=CXXuse C++ compiler CXX [$cxx]"
@@ -4239,6 +4243,9 @@ else
 fi
 echo "PYTHON=$python" >> $config_host_mak
 echo "CC=$cc" >> $config_host_mak
+if $iasl -h > /dev/null 2>&1; then
+  echo "IASL=$iasl" >> $config_host_mak
+fi
 echo "CC_I386=$cc_i386" >> $config_host_mak
 echo "HOST_CC=$host_cc" >> $config_host_mak
 echo "CXX=$cxx" >> $config_host_mak
@@ -4691,7 +4698,7 @@ for rom in seabios vgabios ; do
 echo "BCC=bcc" >> $config_mak
 echo "CPP=$cpp" >> $config_mak
 echo "OBJCOPY=objcopy" >> $config_mak
-echo "IASL=iasl" >> $config_mak
+echo "IASL=$iasl" >> $config_mak
 echo "LD=$ld" >> $config_mak
 done
 
diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index 45e6165..f950707 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -5,3 +5,25 @@ obj-y += pc_sysfw.o
 obj-$(CONFIG_XEN) += xen_domainbuild.o xen_machine_pv.o
 
 obj-y += kvmvapic.o
+
+iasl-option=$(shell if test -z "`$(1) $(2) 2>&1 > /dev/null`" \
+; then echo "$(2)"; else echo "$(3)"; fi ;)
+
+ifdef IASL
+#IASL Present. Generate hex files from .dsl
+hw/i386/%.hex: $(SRC_PATH)/hw/i386/%.dsl 
$(SRC_PATH)/scripts/acpi_extract_preprocess.py 
$(SRC_PATH)/scripts/acpi_extract.py
+   $(call quiet-command, cpp -P $< -o $*.dsl.i.orig, "  CPP 
$(TARGET_DIR)$*.dsl.i.orig")
+   $(call quiet-command, $(PYTHON) 
$(SRC_PATH)/scripts/acpi_extract_preprocess.py $*.dsl.i.orig > $*.dsl.i, "  
ACPI_PREPROCESS $(TARGET_DIR)$*.dsl.i")
+   $(call quiet-command, $(IASL) $(call iasl-option,$(IASL),-Pn,) -vs -l 
-tc -p $* $*.dsl.i $(if $(V), , > /dev/null) 2>&1 ,"  IASL 
$(TARGET_DIR)$*.dsl.i")
+   $(call quiet-command, $(SRC_PATH)/scripts/acpi_extract.py $*.lst > 
$*.off, "  ACPI_EXTRACT $(TARGET_DIR)$*.off")
+   $(call quiet-command, cat $*.off > $@, "  CAT $(TARGET_DIR)$@")
+else
+#IASL Not present. Restore pre-generated hex files.
+hw/i386/%.hex: $(SRC_PATH)/hw/i386/%.hex.generated
+   $(call quiet-command, cp -f $< $@, "  CP $(TARGET_DIR)$@")
+endif
+
+.PHONY: cleanhex
+cleanhex:
+   rm -f hw/i386/*hex
+clean: cleanhex
diff --git a/scripts/update-acpi.sh b/scripts/update-acpi.sh
new file mode 100644
index 000..b5f05ff
--- /dev/null
+++ b/scripts/update-acpi.sh
@@ -0,0 +1,4 @@
+cd x86_64-softmmu
+for file in hw/i386/*.hex; do
+cp -f $file ../$file.generated
+done
-- 
MST




[Qemu-devel] [PATCH v4 06/23] loader: support for unmapped ROM blobs

2013-09-22 Thread Michael S. Tsirkin
Support ROM blobs not mapped into guest memory:
same as ROM files really but use caller's buffer.

Support incoking callback on access and
return memory pointer making it easier
for caller to update memory if necessary.

Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Laszlo Ersek 
---
 hw/lm32/lm32_hwsetup.h |  2 +-
 include/hw/loader.h|  7 ---
 hw/core/loader.c   | 23 ---
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/hw/lm32/lm32_hwsetup.h b/hw/lm32/lm32_hwsetup.h
index 3449bd8..9fd5e69 100644
--- a/hw/lm32/lm32_hwsetup.h
+++ b/hw/lm32/lm32_hwsetup.h
@@ -73,7 +73,7 @@ static inline void hwsetup_free(HWSetup *hw)
 static inline void hwsetup_create_rom(HWSetup *hw,
 hwaddr base)
 {
-rom_add_blob("hwsetup", hw->data, TARGET_PAGE_SIZE, base);
+rom_add_blob("hwsetup", hw->data, TARGET_PAGE_SIZE, base, NULL, NULL, 
NULL);
 }
 
 static inline void hwsetup_add_u8(HWSetup *hw, uint8_t u)
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 6145736..e0c576b 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -40,8 +40,9 @@ extern bool rom_file_in_ram;
 
 int rom_add_file(const char *file, const char *fw_dir,
  hwaddr addr, int32_t bootindex);
-int rom_add_blob(const char *name, const void *blob, size_t len,
- hwaddr addr);
+void *rom_add_blob(const char *name, const void *blob, size_t len,
+   hwaddr addr, const char *fw_file_name,
+   FWCfgReadCallback fw_callback, void *callback_opaque);
 int rom_add_elf_program(const char *name, void *data, size_t datasize,
 size_t romsize, hwaddr addr);
 int rom_load_all(void);
@@ -53,7 +54,7 @@ void do_info_roms(Monitor *mon, const QDict *qdict);
 #define rom_add_file_fixed(_f, _a, _i)  \
 rom_add_file(_f, NULL, _a, _i)
 #define rom_add_blob_fixed(_f, _b, _l, _a)  \
-rom_add_blob(_f, _b, _l, _a)
+(rom_add_blob(_f, _b, _l, _a, NULL, NULL, NULL) ? 0 : -1)
 
 #define PC_ROM_MIN_VGA 0xc
 #define PC_ROM_MIN_OPTION  0xc8000
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 7b3d3ee..449bd4c 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -700,10 +700,12 @@ err:
 return -1;
 }
 
-int rom_add_blob(const char *name, const void *blob, size_t len,
- hwaddr addr)
+void *rom_add_blob(const char *name, const void *blob, size_t len,
+   hwaddr addr, const char *fw_file_name,
+   FWCfgReadCallback fw_callback, void *callback_opaque)
 {
 Rom *rom;
+void *data = NULL;
 
 rom   = g_malloc0(sizeof(*rom));
 rom->name = g_strdup(name);
@@ -713,7 +715,22 @@ int rom_add_blob(const char *name, const void *blob, 
size_t len,
 rom->data = g_malloc0(rom->datasize);
 memcpy(rom->data, blob, len);
 rom_insert(rom);
-return 0;
+if (fw_file_name && fw_cfg) {
+char devpath[100];
+
+snprintf(devpath, sizeof(devpath), "/rom@%s", fw_file_name);
+
+if (rom_file_in_ram) {
+data = rom_set_mr(rom, OBJECT(fw_cfg), devpath);
+} else {
+data = rom->data;
+}
+
+fw_cfg_add_file_callback(fw_cfg, fw_file_name,
+ fw_callback, callback_opaque,
+ data, rom->romsize);
+}
+return data;
 }
 
 /* This function is specific for elf program because we don't need to allocate
-- 
MST




[Qemu-devel] [PATCH v4 08/23] pcie_host: expose address format

2013-09-22 Thread Michael S. Tsirkin
Callers pass in the address so it's helpful for
them to be able to decode it.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_host.h | 21 +
 hw/pci/pcie_host.c | 21 -
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/include/hw/pci/pcie_host.h b/include/hw/pci/pcie_host.h
index bac3c67..da0f275 100644
--- a/include/hw/pci/pcie_host.h
+++ b/include/hw/pci/pcie_host.h
@@ -54,4 +54,25 @@ void pcie_host_mmcfg_update(PCIExpressHost *e,
 hwaddr addr,
 uint32_t size);
 
+/*
+ * PCI express ECAM (Enhanced Configuration Address Mapping) format.
+ * AKA mmcfg address
+ * bit 20 - 28: bus number
+ * bit 15 - 19: device number
+ * bit 12 - 14: function number
+ * bit  0 - 11: offset in configuration space of a given device
+ */
+#define PCIE_MMCFG_SIZE_MAX (1ULL << 28)
+#define PCIE_MMCFG_SIZE_MIN (1ULL << 20)
+#define PCIE_MMCFG_BUS_BIT  20
+#define PCIE_MMCFG_BUS_MASK 0x1ff
+#define PCIE_MMCFG_DEVFN_BIT12
+#define PCIE_MMCFG_DEVFN_MASK   0xff
+#define PCIE_MMCFG_CONFOFFSET_MASK  0xfff
+#define PCIE_MMCFG_BUS(addr)(((addr) >> PCIE_MMCFG_BUS_BIT) & \
+ PCIE_MMCFG_BUS_MASK)
+#define PCIE_MMCFG_DEVFN(addr)  (((addr) >> PCIE_MMCFG_DEVFN_BIT) & \
+ PCIE_MMCFG_DEVFN_MASK)
+#define PCIE_MMCFG_CONFOFFSET(addr) ((addr) & PCIE_MMCFG_CONFOFFSET_MASK)
+
 #endif /* PCIE_HOST_H */
diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c
index 410ac08..c6e1b57 100644
--- a/hw/pci/pcie_host.c
+++ b/hw/pci/pcie_host.c
@@ -24,27 +24,6 @@
 #include "hw/pci/pcie_host.h"
 #include "exec/address-spaces.h"
 
-/*
- * PCI express mmcfig address
- * bit 20 - 28: bus number
- * bit 15 - 19: device number
- * bit 12 - 14: function number
- * bit  0 - 11: offset in configuration space of a given device
- */
-#define PCIE_MMCFG_SIZE_MAX (1ULL << 28)
-#define PCIE_MMCFG_SIZE_MIN (1ULL << 20)
-#define PCIE_MMCFG_BUS_BIT  20
-#define PCIE_MMCFG_BUS_MASK 0x1ff
-#define PCIE_MMCFG_DEVFN_BIT12
-#define PCIE_MMCFG_DEVFN_MASK   0xff
-#define PCIE_MMCFG_CONFOFFSET_MASK  0xfff
-#define PCIE_MMCFG_BUS(addr)(((addr) >> PCIE_MMCFG_BUS_BIT) & \
- PCIE_MMCFG_BUS_MASK)
-#define PCIE_MMCFG_DEVFN(addr)  (((addr) >> PCIE_MMCFG_DEVFN_BIT) & \
- PCIE_MMCFG_DEVFN_MASK)
-#define PCIE_MMCFG_CONFOFFSET(addr) ((addr) & PCIE_MMCFG_CONFOFFSET_MASK)
-
-
 /* a helper function to get a PCIDevice for a given mmconfig address */
 static inline PCIDevice *pcie_dev_find_by_mmcfg_addr(PCIBus *s,
  uint32_t mmcfg_addr)
-- 
MST




[Qemu-devel] [PATCH v4 15/23] i386: add bios linker/loader

2013-09-22 Thread Michael S. Tsirkin
This adds a dynamic bios linker/loader.
This will be used by acpi table generation
code to:
- load each table in the appropriate memory segment
- link tables to each other
- fix up checksums after said linking

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/bios-linker-loader.h |  26 ++
 hw/i386/bios-linker-loader.c | 156 +++
 hw/i386/Makefile.objs|   1 +
 3 files changed, 183 insertions(+)
 create mode 100644 include/hw/i386/bios-linker-loader.h
 create mode 100644 hw/i386/bios-linker-loader.c

diff --git a/include/hw/i386/bios-linker-loader.h 
b/include/hw/i386/bios-linker-loader.h
new file mode 100644
index 000..18c3868
--- /dev/null
+++ b/include/hw/i386/bios-linker-loader.h
@@ -0,0 +1,26 @@
+#ifndef BIOS_LINKER_LOADER_H
+#define BIOS_LINKER_LOADER_H
+
+#include 
+#include 
+#include 
+
+GArray *bios_linker_init(void);
+
+void bios_linker_alloc(GArray *linker,
+   const char *file,
+   uint32_t alloc_align,
+   bool alloc_fseg);
+
+void bios_linker_add_checksum(GArray *linker, const char *file, void *table,
+  void *start, unsigned size, uint8_t *checksum);
+
+
+void bios_linker_add_pointer(GArray *linker,
+ const char *dest_file,
+ const char *src_file,
+ GArray *table, void *pointer,
+ uint8_t pointer_size);
+
+void *bios_linker_cleanup(GArray *linker);
+#endif
diff --git a/hw/i386/bios-linker-loader.c b/hw/i386/bios-linker-loader.c
new file mode 100644
index 000..644016b
--- /dev/null
+++ b/hw/i386/bios-linker-loader.c
@@ -0,0 +1,156 @@
+/* Dynamic linker/loader of ACPI tables
+ *
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "hw/i386/bios-linker-loader.h"
+#include "hw/nvram/fw_cfg.h"
+
+#include 
+#include 
+#include "qemu/bswap.h"
+
+#define BIOS_LINKER_LOADER_FILESZ FW_CFG_MAX_FILE_PATH
+
+struct BiosLinkerLoaderEntry {
+uint32_t command;
+union {
+/*
+ * COMMAND_ALLOCATE - allocate a table from @alloc_file
+ * subject to @alloc_align alignment (must be power of 2)
+ * and @alloc_zone (can be HIGH or FSEG) requirements.
+ *
+ * Must appear exactly once for each file, and before
+ * this file is referenced by any other command.
+ */
+struct {
+char alloc_file[BIOS_LINKER_LOADER_FILESZ];
+uint32_t alloc_align;
+uint8_t alloc_zone;
+};
+
+/*
+ * COMMAND_ADD_POINTER - patch the table (originating from
+ * @dest_file) at @pointer_offset, by adding a pointer to the table
+ * originating from @src_file. 1,2,4 or 8 byte unsigned
+ * addition is used depending on @pointer_size.
+ */
+struct {
+char pointer_dest_file[BIOS_LINKER_LOADER_FILESZ];
+char pointer_src_file[BIOS_LINKER_LOADER_FILESZ];
+uint32_t pointer_offset;
+uint8_t pointer_size;
+};
+
+/*
+ * COMMAND_ADD_CHECKSUM - calculate checksum of the range specified by
+ * @cksum_start and @cksum_length fields,
+ * and then add the value at @cksum_offset.
+ * Checksum simply sums -X for each byte X in the range
+ * using 8-bit math.
+ */
+struct {
+char cksum_file[BIOS_LINKER_LOADER_FILESZ];
+uint32_t cksum_offset;
+uint32_t cksum_start;
+uint32_t cksum_length;
+};
+
+/* padding */
+char pad[124];
+};
+} QEMU_PACKED;
+typedef struct BiosLinkerLoaderEntry BiosLinkerLoaderEntry;
+
+enum {
+BIOS_LINKER_LOADER_COMMAND_ALLOCATE = 0x1,
+BIOS_LINKER_LOADER_COMMAND_ADD_POINTER  = 0x2,
+BIOS_LINKER_LOADER_COMMAND_ADD_CHECKSUM = 0x3,
+};
+
+enum {
+BIOS_LINKER_LOADER_ALLOC_ZONE_HIGH = 0x1,
+BIOS_LINKER_LOADER_ALLOC_ZONE_FSEG = 0x2,
+};
+
+GArray *bios_linker_init(void)
+{
+return g_array_new(false, true /* clear */, sizeof(BiosLinkerLoaderEntry));
+}
+
+/* Free linker wrapper and return the linker array. */
+void *bios_linker_cleanup(GArray *linker)
+{
+return g_array_free(linker, false);
+}

[Qemu-devel] [PATCH v4 22/23] hpet: add API to find it

2013-09-22 Thread Michael S. Tsirkin
Add API to find HPET using QOM.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/timer/hpet.h | 2 ++
 hw/timer/hpet.c | 5 +
 2 files changed, 7 insertions(+)

diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h
index 757f79f..ab44bd3 100644
--- a/include/hw/timer/hpet.h
+++ b/include/hw/timer/hpet.h
@@ -71,4 +71,6 @@ struct hpet_fw_config
 } QEMU_PACKED;
 
 extern struct hpet_fw_config hpet_cfg;
+
+bool hpet_find(void);
 #endif
diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
index fcd22ae..676bd7d 100644
--- a/hw/timer/hpet.c
+++ b/hw/timer/hpet.c
@@ -757,6 +757,11 @@ static void hpet_device_class_init(ObjectClass *klass, 
void *data)
 dc->props = hpet_device_properties;
 }
 
+bool hpet_find(void)
+{
+return object_resolve_path_type("", "hpet", NULL);
+}
+
 static const TypeInfo hpet_device_info = {
 .name  = TYPE_HPET,
 .parent= TYPE_SYS_BUS_DEVICE,
-- 
MST




[Qemu-devel] [PATCH v4 09/23] q35: use macro for MCFG property name

2013-09-22 Thread Michael S. Tsirkin
Useful to make it accessible through QOM.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_host.h | 2 ++
 hw/pci-host/q35.c  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/hw/pci/pcie_host.h b/include/hw/pci/pcie_host.h
index da0f275..33d75bd 100644
--- a/include/hw/pci/pcie_host.h
+++ b/include/hw/pci/pcie_host.h
@@ -28,6 +28,8 @@
 #define PCIE_HOST_BRIDGE(obj) \
 OBJECT_CHECK(PCIExpressHost, (obj), TYPE_PCIE_HOST_BRIDGE)
 
+#define PCIE_HOST_MCFG_BASE "MCFG"
+
 /* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
 #define PCIE_BASE_ADDR_UNMAPPED  ((hwaddr)-1ULL)
 
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 23dbeea..e46f286 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -110,7 +110,7 @@ static void q35_host_get_pci_hole64_end(Object *obj, 
Visitor *v,
 }
 
 static Property mch_props[] = {
-DEFINE_PROP_UINT64("MCFG", Q35PCIHost, parent_obj.base_addr,
+DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
 DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
  mch.pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
-- 
MST




[Qemu-devel] [PATCH v4 07/23] pcie_host: expose UNMAPPED macro

2013-09-22 Thread Michael S. Tsirkin
Make it possible to test unmapped status through QMP.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_host.h | 3 +++
 hw/pci/pcie_host.c | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/hw/pci/pcie_host.h b/include/hw/pci/pcie_host.h
index 1228e36..bac3c67 100644
--- a/include/hw/pci/pcie_host.h
+++ b/include/hw/pci/pcie_host.h
@@ -28,6 +28,9 @@
 #define PCIE_HOST_BRIDGE(obj) \
 OBJECT_CHECK(PCIExpressHost, (obj), TYPE_PCIE_HOST_BRIDGE)
 
+/* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
+#define PCIE_BASE_ADDR_UNMAPPED  ((hwaddr)-1ULL)
+
 struct PCIExpressHost {
 PCIHostState pci;
 
diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c
index b70e5ad..410ac08 100644
--- a/hw/pci/pcie_host.c
+++ b/hw/pci/pcie_host.c
@@ -104,9 +104,6 @@ static const MemoryRegionOps pcie_mmcfg_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-/* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
-#define PCIE_BASE_ADDR_UNMAPPED  ((hwaddr)-1ULL)
-
 int pcie_host_init(PCIExpressHost *e)
 {
 e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
-- 
MST




[Qemu-devel] [PATCH v4 16/23] loader: allow adding ROMs in done callbacks

2013-09-22 Thread Michael S. Tsirkin
Don't abort if machine done callbacks add ROMs.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/loader.h | 1 +
 hw/core/loader.c| 6 +-
 vl.c| 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/hw/loader.h b/include/hw/loader.h
index e0c576b..58eca98 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -46,6 +46,7 @@ void *rom_add_blob(const char *name, const void *blob, size_t 
len,
 int rom_add_elf_program(const char *name, void *data, size_t datasize,
 size_t romsize, hwaddr addr);
 int rom_load_all(void);
+void rom_load_done(void);
 void rom_set_fw(FWCfgState *f);
 int rom_copy(uint8_t *dest, hwaddr addr, size_t size);
 void *rom_ptr(hwaddr addr);
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 060729f..60d2ebd 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -812,10 +812,14 @@ int rom_load_all(void)
 memory_region_unref(section.mr);
 }
 qemu_register_reset(rom_reset, NULL);
-roms_loaded = 1;
 return 0;
 }
 
+void rom_load_done(void)
+{
+roms_loaded = 1;
+}
+
 void rom_set_fw(FWCfgState *f)
 {
 fw_cfg = f;
diff --git a/vl.c b/vl.c
index 4e709d5..7469145 100644
--- a/vl.c
+++ b/vl.c
@@ -4336,6 +4336,9 @@ int main(int argc, char **argv, char **envp)
 qemu_register_reset(qbus_reset_all_fn, sysbus_get_default());
 qemu_run_machine_init_done_notifiers();
 
+/* Done notifiers can load ROMs */
+rom_load_done();
+
 qemu_system_reset(VMRESET_SILENT);
 if (loadvm) {
 if (load_vmstate(loadvm) < 0) {
-- 
MST




[Qemu-devel] [PATCH v4 10/23] q35: expose mmcfg size as a property

2013-09-22 Thread Michael S. Tsirkin
Address is already exposed, expose size for symmetry.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_host.h |  1 +
 hw/pci-host/q35.c  | 14 ++
 2 files changed, 15 insertions(+)

diff --git a/include/hw/pci/pcie_host.h b/include/hw/pci/pcie_host.h
index 33d75bd..acca45e 100644
--- a/include/hw/pci/pcie_host.h
+++ b/include/hw/pci/pcie_host.h
@@ -29,6 +29,7 @@
 OBJECT_CHECK(PCIExpressHost, (obj), TYPE_PCIE_HOST_BRIDGE)
 
 #define PCIE_HOST_MCFG_BASE "MCFG"
+#define PCIE_HOST_MCFG_SIZE "mcfg_size"
 
 /* pcie_host::base_addr == PCIE_BASE_ADDR_UNMAPPED when it isn't mapped. */
 #define PCIE_BASE_ADDR_UNMAPPED  ((hwaddr)-1ULL)
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index e46f286..a051b58 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -109,6 +109,16 @@ static void q35_host_get_pci_hole64_end(Object *obj, 
Visitor *v,
 visit_type_uint64(v, &w64.end, name, errp);
 }
 
+static void q35_host_get_mmcfg_size(Object *obj, Visitor *v,
+void *opaque, const char *name,
+Error **errp)
+{
+PCIExpressHost *e = PCIE_HOST_BRIDGE(obj);
+uint32_t value = e->size;
+
+visit_type_uint32(v, &value, name, errp);
+}
+
 static Property mch_props[] = {
 DEFINE_PROP_UINT64(PCIE_HOST_MCFG_BASE, Q35PCIHost, parent_obj.base_addr,
 MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
@@ -160,6 +170,10 @@ static void q35_host_initfn(Object *obj)
 q35_host_get_pci_hole64_end,
 NULL, NULL, NULL, NULL);
 
+object_property_add(obj, PCIE_HOST_MCFG_SIZE, "int",
+q35_host_get_mmcfg_size,
+NULL, NULL, NULL, NULL);
+
 /* Leave enough space for the biggest MCFG BAR */
 /* TODO: this matches current bios behaviour, but
  * it's not a power of two, which means an MTRR
-- 
MST




[Qemu-devel] [PATCH v4 17/23] i386: define pc guest info

2013-09-22 Thread Michael S. Tsirkin
This defines a structure that will be used to fill in acpi tables
where relevant properties are not yet available using QOM.

Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Laszlo Ersek 
---
 include/hw/i386/pc.h | 10 ++
 hw/i386/pc.c | 35 +++
 2 files changed, 45 insertions(+)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 9b2ddc4..7a343f8 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -9,6 +9,9 @@
 #include "hw/i386/ioapic.h"
 
 #include "qemu/range.h"
+#include "qemu/bitmap.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci/pci.h"
 
 /* PC-style peripherals (also used by other machines).  */
 
@@ -20,6 +23,13 @@ typedef struct PcPciInfo {
 struct PcGuestInfo {
 bool has_pci_info;
 bool isapc_ram_fw;
+hwaddr ram_size;
+unsigned apic_id_limit;
+bool apic_xrupt_override;
+uint64_t numa_nodes;
+uint64_t *node_mem;
+uint64_t *node_cpu;
+DECLARE_BITMAP(found_cpus, MAX_CPUMASK_BITS + 1);
 FWCfgState *fw_cfg;
 };
 
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 0c313fe..3aa4088 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1028,6 +1028,26 @@ static void pc_fw_cfg_guest_info(PcGuestInfo *guest_info)
 fw_cfg_add_file(guest_info->fw_cfg, "etc/pci-info", info, sizeof *info);
 }
 
+static void pc_set_cpu_guest_info(CPUState *cpu, PcGuestInfo *guest_info)
+{
+CPUClass *klass = CPU_GET_CLASS(cpu);
+uint64_t apic_id = klass->get_arch_id(cpu);
+int j;
+
+assert(apic_id <= MAX_CPUMASK_BITS);
+assert(apic_id < guest_info->apic_id_limit);
+
+set_bit(apic_id, guest_info->found_cpus);
+
+for (j = 0; j < guest_info->numa_nodes; j++) {
+assert(cpu->cpu_index < max_cpus);
+if (test_bit(cpu->cpu_index, node_cpumask[j])) {
+guest_info->node_cpu[apic_id] = cpu_to_le64(j);
+break;
+}
+}
+}
+
 typedef struct PcGuestInfoState {
 PcGuestInfo info;
 Notifier machine_done;
@@ -1047,6 +1067,21 @@ PcGuestInfo *pc_guest_info_init(ram_addr_t 
below_4g_mem_size,
 {
 PcGuestInfoState *guest_info_state = g_malloc0(sizeof *guest_info_state);
 PcGuestInfo *guest_info = &guest_info_state->info;
+CPUState *cpu;
+
+guest_info->ram_size = below_4g_mem_size + above_4g_mem_size;
+guest_info->apic_id_limit = pc_apic_id_limit(max_cpus);
+guest_info->apic_xrupt_override = kvm_allows_irq0_override();
+guest_info->numa_nodes = nb_numa_nodes;
+guest_info->node_mem = g_memdup(node_mem, guest_info->numa_nodes *
+sizeof *guest_info->node_mem);
+guest_info->node_cpu = g_malloc0(guest_info->apic_id_limit *
+ sizeof *guest_info->node_cpu);
+
+memset(&guest_info->found_cpus, 0, sizeof guest_info->found_cpus);
+CPU_FOREACH(cpu) {
+pc_set_cpu_guest_info(cpu, guest_info);
+}
 
 guest_info_state->machine_done.notify = pc_guest_info_machine_done;
 qemu_add_machine_init_done_notifier(&guest_info_state->machine_done);
-- 
MST




[Qemu-devel] [PATCH v4 21/23] pvpanic: add API to access io port

2013-09-22 Thread Michael S. Tsirkin
Add API to find pvpanic device and get its io port.
Will be used to fill in guest info structure.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h |  1 +
 hw/misc/pvpanic.c| 13 -
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 2a5d996..61d1ee7 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -236,6 +236,7 @@ void pc_system_firmware_init(MemoryRegion *rom_memory,
 
 /* pvpanic.c */
 void pvpanic_init(ISABus *bus);
+uint16_t pvpanic_port(void);
 
 /* e820 types */
 #define E820_RAM1
diff --git a/hw/misc/pvpanic.c b/hw/misc/pvpanic.c
index b64e3bb..226e298 100644
--- a/hw/misc/pvpanic.c
+++ b/hw/misc/pvpanic.c
@@ -117,8 +117,19 @@ void pvpanic_init(ISABus *bus)
 isa_create_simple(bus, TYPE_ISA_PVPANIC_DEVICE);
 }
 
+#define PVPANIC_IOPORT_PROP "ioport"
+
+uint16_t pvpanic_port(void)
+{
+Object *o = object_resolve_path_type("", TYPE_ISA_PVPANIC_DEVICE, NULL);
+if (!o) {
+return 0;
+}
+return object_property_get_int(o, PVPANIC_IOPORT_PROP, NULL);
+}
+
 static Property pvpanic_isa_properties[] = {
-DEFINE_PROP_UINT16("ioport", PVPanicState, ioport, 0x505),
+DEFINE_PROP_UINT16(PVPANIC_IOPORT_PROP, PVPanicState, ioport, 0x505),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
MST




[Qemu-devel] [PATCH v4 14/23] loader: use file path size from fw_cfg.h

2013-09-22 Thread Michael S. Tsirkin
Avoid a bit of code duplication, make
max file path constant reusable.

Suggested-by: Laszlo Ersek 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/nvram/fw_cfg.h | 4 +++-
 hw/core/loader.c  | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 2ab0fc2..72b1549 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -46,12 +46,14 @@
 
 #define FW_CFG_INVALID  0x
 
+#define FW_CFG_MAX_FILE_PATH56
+
 #ifndef NO_QEMU_PROTOS
 typedef struct FWCfgFile {
 uint32_t  size;/* file size */
 uint16_t  select;  /* write this to 0x510 to read it */
 uint16_t  reserved;
-char  name[56];
+char  name[FW_CFG_MAX_FILE_PATH];
 } FWCfgFile;
 
 typedef struct FWCfgFiles {
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 449bd4c..060729f 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -663,7 +663,7 @@ int rom_add_file(const char *file, const char *fw_dir,
 rom_insert(rom);
 if (rom->fw_file && fw_cfg) {
 const char *basename;
-char fw_file_name[56];
+char fw_file_name[FW_CFG_MAX_FILE_PATH];
 void *data;
 
 basename = strrchr(rom->fw_file, '/');
-- 
MST




[Qemu-devel] [PATCH v4 18/23] acpi/piix: add macros for acpi property names

2013-09-22 Thread Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h | 10 ++
 hw/acpi/piix4.c  |  6 +++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 7a343f8..f966cef 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -20,6 +20,16 @@ typedef struct PcPciInfo {
 Range w64;
 } PcPciInfo;
 
+#define ACPI_PM_PROP_S3_DISABLED "disable_s3"
+#define ACPI_PM_PROP_S4_DISABLED "disable_s4"
+#define ACPI_PM_PROP_S4_VAL "s4_val"
+#define ACPI_PM_PROP_SCI_INT "sci_int"
+#define ACPI_PM_PROP_ACPI_ENABLE_CMD "acpi_enable_cmd"
+#define ACPI_PM_PROP_ACPI_DISABLE_CMD "acpi_disable_cmd"
+#define ACPI_PM_PROP_PM_IO_BASE "pm_io_base"
+#define ACPI_PM_PROP_GPE0_BLK "gpe0_blk"
+#define ACPI_PM_PROP_GPE0_BLK_LEN "gpe0_blk_len"
+
 struct PcGuestInfo {
 bool has_pci_info;
 bool isapc_ram_fw;
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index b46bd5e..4b8c1da 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -489,9 +489,9 @@ i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t 
smb_io_base,
 
 static Property piix4_pm_properties[] = {
 DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
-DEFINE_PROP_UINT8("disable_s3", PIIX4PMState, disable_s3, 0),
-DEFINE_PROP_UINT8("disable_s4", PIIX4PMState, disable_s4, 0),
-DEFINE_PROP_UINT8("s4_val", PIIX4PMState, s4_val, 2),
+DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 0),
+DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_DISABLED, PIIX4PMState, disable_s4, 0),
+DEFINE_PROP_UINT8(ACPI_PM_PROP_S4_VAL, PIIX4PMState, s4_val, 2),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
MST




Re: [Qemu-devel] [SeaBIOS] [PATCH v2 1/5] linker: utility to patch in-memory ROM files

2013-09-22 Thread Michael S. Tsirkin
On Sun, Sep 22, 2013 at 02:18:45PM +0300, Michael S. Tsirkin wrote:
> On Sun, Sep 22, 2013 at 01:49:58PM +0300, Michael S. Tsirkin wrote:
> > On Thu, Jul 25, 2013 at 08:06:27PM -0400, Kevin O'Connor wrote:
> > > On Thu, Jul 25, 2013 at 03:55:56PM +0300, Michael S. Tsirkin wrote:
> > > > On Mon, Jul 15, 2013 at 11:01:02AM +0300, Michael S. Tsirkin wrote:
> > > > > On Sun, Jul 14, 2013 at 02:24:52PM -0400, Kevin O'Connor wrote:
> > > > > > I'd prefer to see this tracked within the "linker" code and not in 
> > > > > > the
> > > > > > generic romfile struct.
> > > > > 
> > > > > A way to associate a romfile instance with a value seems generally
> > > > > useful, no?  Still, that's not too hard - it would only mean an extra
> > > > > linked list of 
> > > > > 
> > > > > struct linker {
> > > > >   char name[56]
> > > > >   void *data;
> > > > >   struct hlist_node node;
> > > > > }
> > > > > 
> > > > > is this preferable?
> > > 
> > > Sure, but it's probably easier to do something like:
> > > 
> > > struct linkfiles { char *name; void *data; };
> > > 
> > > void linker_loader_execute(const char *name)
> > > {
> > > int size;
> > > struct linker_loader_entry_s *entries = romfile_loadfile(name, &size);
> > > int numentries = size/sizeof(entries[0]);
> > > if (! entries)
> > > return;
> > > struct linkfiles *files = malloc_tmp(sizeof(files[0]) * numentries);
> > > 
> > > and then just populate and use the array of filenames.
> > 
> > OK I'll do this but it's more code as I can't use plain romfile_find
> > anymore, and have to code up my own lookup.
> > 
> > > > > > Also, is there another name besides "linker" that could be used?
> > > > > > SeaBIOS has code to self-relocate and fixup code relocations.  I 
> > > > > > think
> > > > > > having code in the repo called "linker" could cause confusion.
> > > > > > 
> > > > > 
> > > > > romfile_loader?
> > > 
> > > Shrug.  How about "tabledeploy"?
> > > 
> > > -Kevin
> 
> 
> So I tried this out


Latest version that I posted uses the approach suggested by Kevin here.
It adds about 200 bytes to code size.
If we want to cut that out and go back to data pointer,
we can do this as a patch on top.

Pls let me know.

-- 
MST




[Qemu-devel] [PATCH v4 19/23] piix: APIs for pc guest info

2013-09-22 Thread Michael S. Tsirkin
This adds APIs that will be used to fill in guest acpi tables.
Some required information is still lacking in QOM, so we
fall back on lookups by type and returning explicit types.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/piix4.h |  8 
 include/hw/i386/pc.h|  1 +
 hw/acpi/piix4.c | 44 
 hw/pci-host/piix.c  |  8 
 4 files changed, 57 insertions(+), 4 deletions(-)
 create mode 100644 include/hw/acpi/piix4.h

diff --git a/include/hw/acpi/piix4.h b/include/hw/acpi/piix4.h
new file mode 100644
index 000..65e6fd7
--- /dev/null
+++ b/include/hw/acpi/piix4.h
@@ -0,0 +1,8 @@
+#ifndef HW_ACPI_PIIX4_H
+#define HW_ACPI_PIIX4_H
+
+#include "qemu/typedefs.h"
+
+Object *piix4_pm_find(void);
+
+#endif
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f966cef..2a5d996 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -193,6 +193,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int 
*piix_devfn,
 MemoryRegion *pci_memory,
 MemoryRegion *ram_memory);
 
+PCIBus *find_i440fx(void);
 /* piix4.c */
 extern PCIDevice *piix4_dev;
 int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn);
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 4b8c1da..3bcd890 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -29,6 +29,7 @@
 #include "exec/ioport.h"
 #include "hw/nvram/fw_cfg.h"
 #include "exec/address-spaces.h"
+#include "hw/acpi/piix4.h"
 
 //#define DEBUG
 
@@ -69,6 +70,8 @@ typedef struct PIIX4PMState {
 /*< public >*/
 
 MemoryRegion io;
+uint32_t io_base;
+
 MemoryRegion io_gpe;
 MemoryRegion io_pci;
 MemoryRegion io_cpu;
@@ -152,14 +155,13 @@ static void apm_ctrl_changed(uint32_t val, void *arg)
 static void pm_io_space_update(PIIX4PMState *s)
 {
 PCIDevice *d = PCI_DEVICE(s);
-uint32_t pm_io_base;
 
-pm_io_base = le32_to_cpu(*(uint32_t *)(d->config + 0x40));
-pm_io_base &= 0xffc0;
+s->io_base = le32_to_cpu(*(uint32_t *)(d->config + 0x40));
+s->io_base &= 0xffc0;
 
 memory_region_transaction_begin();
 memory_region_set_enabled(&s->io, d->config[0x80] & 1);
-memory_region_set_address(&s->io, pm_io_base);
+memory_region_set_address(&s->io, s->io_base);
 memory_region_transaction_commit();
 }
 
@@ -407,6 +409,28 @@ static void piix4_pm_machine_ready(Notifier *n, void 
*opaque)
 (memory_region_present(io_as, 0x2f8) ? 0x90 : 0);
 }
 
+static void piix4_pm_add_propeties(PIIX4PMState *s)
+{
+static const uint8_t acpi_enable_cmd = ACPI_ENABLE;
+static const uint8_t acpi_disable_cmd = ACPI_DISABLE;
+static const uint32_t gpe0_blk = GPE_BASE;
+static const uint32_t gpe0_blk_len = GPE_LEN;
+static const uint16_t sci_int = 9;
+
+object_property_add_uint8_ptr(OBJECT(s), ACPI_PM_PROP_ACPI_ENABLE_CMD,
+  &acpi_enable_cmd, NULL);
+object_property_add_uint8_ptr(OBJECT(s), ACPI_PM_PROP_ACPI_DISABLE_CMD,
+  &acpi_disable_cmd, NULL);
+object_property_add_uint32_ptr(OBJECT(s), ACPI_PM_PROP_GPE0_BLK,
+  &gpe0_blk, NULL);
+object_property_add_uint32_ptr(OBJECT(s), ACPI_PM_PROP_GPE0_BLK_LEN,
+  &gpe0_blk_len, NULL);
+object_property_add_uint16_ptr(OBJECT(s), ACPI_PM_PROP_SCI_INT,
+  &sci_int, NULL);
+object_property_add_uint32_ptr(OBJECT(s), ACPI_PM_PROP_PM_IO_BASE,
+  &s->io_base, NULL);
+}
+
 static int piix4_pm_initfn(PCIDevice *dev)
 {
 PIIX4PMState *s = PIIX4_PM(dev);
@@ -456,9 +480,21 @@ static int piix4_pm_initfn(PCIDevice *dev)
 
 piix4_acpi_system_hot_add_init(pci_address_space_io(dev), dev->bus, s);
 
+piix4_pm_add_propeties(s);
 return 0;
 }
 
+Object *piix4_pm_find(void)
+{
+bool ambig;
+Object *o = object_resolve_path_type("", TYPE_PIIX4_PM, &ambig);
+
+if (ambig || !o) {
+return NULL;
+}
+return o;
+}
+
 i2c_bus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
qemu_irq sci_irq, qemu_irq smi_irq,
int kvm_enabled, FWCfgState *fw_cfg)
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index c041149..bad3953 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -416,6 +416,14 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
 return b;
 }
 
+PCIBus *find_i440fx(void)
+{
+PCIHostState *s = OBJECT_CHECK(PCIHostState,
+   object_resolve_path("/machine/i440fx", 
NULL),
+   TYPE_PCI_HOST_BRIDGE);
+return s ? s->bus : NULL;
+}
+
 /* PIIX3 PCI to ISA bridge */
 static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
 {
-- 
MST




[Qemu-devel] [PATCH v4 20/23] ich9: APIs for pc guest info

2013-09-22 Thread Michael S. Tsirkin
This adds APIs that will be used to fill in
acpi tables, implemented using QOM,
to various ich9 components.
Some information is still missing in QOM,
so we fall back on lookups by type instead.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/ich9.h|  2 ++
 include/hw/i386/ich9.h|  2 ++
 include/hw/pci-host/q35.h |  2 ++
 hw/acpi/ich9.c| 24 
 hw/isa/lpc_ich9.c | 40 
 hw/pci-host/q35.c | 10 ++
 6 files changed, 80 insertions(+)

diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index b1fe71f..82fcf9f 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -49,4 +49,6 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
 void ich9_pm_iospace_update(ICH9LPCPMRegs *pm, uint32_t pm_io_base);
 extern const VMStateDescription vmstate_ich9_pm;
 
+void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm, Error **errp);
+
 #endif /* HW_ACPI_ICH9_H */
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index c5f637b..4a68b35 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -66,6 +66,8 @@ typedef struct ICH9LPCState {
 qemu_irq *ioapic;
 } ICH9LPCState;
 
+Object *ich9_lpc_find(void);
+
 #define Q35_MASK(bit, ms_bit, ls_bit) \
 ((uint##bit##_t)(((1ULL << ((ms_bit) + 1)) - 1) & ~((1ULL << ls_bit) - 1)))
 
diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h
index 6eb7ab6..f9db770 100644
--- a/include/hw/pci-host/q35.h
+++ b/include/hw/pci-host/q35.h
@@ -156,4 +156,6 @@ typedef struct Q35PCIHost {
 #define MCH_PCIE_DEV   1
 #define MCH_PCIE_FUNC  0
 
+uint64_t mch_mcfg_base(void);
+
 #endif /* HW_Q35_H */
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 3fb443d..7e0429e 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -24,6 +24,7 @@
  * GNU GPL, version 2 or (at your option) any later version.
  */
 #include "hw/hw.h"
+#include "qapi/visitor.h"
 #include "hw/i386/pc.h"
 #include "hw/pci/pci.h"
 #include "qemu/timer.h"
@@ -228,3 +229,26 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
 pm->powerdown_notifier.notify = pm_powerdown_req;
 qemu_register_powerdown_notifier(&pm->powerdown_notifier);
 }
+
+static void ich9_pm_get_gpe0_blk(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ICH9LPCPMRegs *pm = opaque;
+uint32_t value = pm->pm_io_base + ICH9_PMIO_GPE0_STS;
+
+visit_type_uint32(v, &value, name, errp);
+}
+
+void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm, Error **errp)
+{
+static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
+
+object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE,
+   &pm->pm_io_base, errp);
+object_property_add(obj, ACPI_PM_PROP_GPE0_BLK, "uint32",
+ich9_pm_get_gpe0_blk,
+NULL, NULL, pm, NULL);
+object_property_add_uint32_ptr(obj, ACPI_PM_PROP_GPE0_BLK_LEN,
+   &gpe0_len, errp);
+}
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 5633d08..19b2198 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -29,6 +29,7 @@
  */
 #include "qemu-common.h"
 #include "hw/hw.h"
+#include "qapi/visitor.h"
 #include "qemu/range.h"
 #include "hw/isa/isa.h"
 #include "hw/sysbus.h"
@@ -525,6 +526,43 @@ static const MemoryRegionOps ich9_rst_cnt_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN
 };
 
+Object *ich9_lpc_find(void)
+{
+bool ambig;
+Object *o = object_resolve_path_type("", TYPE_ICH9_LPC_DEVICE, &ambig);
+
+if (ambig) {
+return NULL;
+}
+return o;
+}
+
+static void ich9_lpc_get_sci_int(Object *obj, Visitor *v,
+ void *opaque, const char *name,
+ Error **errp)
+{
+ICH9LPCState *lpc = ICH9_LPC_DEVICE(obj);
+uint32_t value = ich9_lpc_sci_irq(lpc);
+
+visit_type_uint32(v, &value, name, errp);
+}
+
+static void ich9_lpc_add_properties(ICH9LPCState *lpc)
+{
+static const uint8_t acpi_enable_cmd = ICH9_APM_ACPI_ENABLE;
+static const uint8_t acpi_disable_cmd = ICH9_APM_ACPI_DISABLE;
+
+object_property_add(OBJECT(lpc), ACPI_PM_PROP_SCI_INT, "uint32",
+ich9_lpc_get_sci_int,
+NULL, NULL, NULL, NULL);
+object_property_add_uint8_ptr(OBJECT(lpc), ACPI_PM_PROP_ACPI_ENABLE_CMD,
+  &acpi_enable_cmd, NULL);
+object_property_add_uint8_ptr(OBJECT(lpc), ACPI_PM_PROP_ACPI_DISABLE_CMD,
+  &acpi_disable_cmd, NULL);
+
+ich9_pm_add_properties(OBJECT(lpc), &lpc->pm, NULL);
+}
+
 static int ich9_lpc_initfn(PCIDevice *d)
 {
 ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
@@ -552,6 +590,8 @@ static int ich9_lpc_initfn(PCIDevice *d)
 ICH9_RST_CNT_IO

[Qemu-devel] [PATCH v4 03/23] qom: cleanup struct Error references

2013-09-22 Thread Michael S. Tsirkin
now that a typedef for struct Error is available,
use it in qom/object.h to match coding style rules.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 51 +--
 1 file changed, 25 insertions(+), 26 deletions(-)

diff --git a/include/qom/object.h b/include/qom/object.h
index 5b3b743..e3a16e4 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -21,7 +21,6 @@
 #include "qemu/queue.h"
 
 struct Visitor;
-struct Error;
 
 struct TypeImpl;
 typedef struct TypeImpl *Type;
@@ -302,7 +301,7 @@ typedef void (ObjectPropertyAccessor)(Object *obj,
   struct Visitor *v,
   void *opaque,
   const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * ObjectPropertyRelease:
@@ -791,9 +790,9 @@ void object_property_add(Object *obj, const char *name, 
const char *type,
  ObjectPropertyAccessor *get,
  ObjectPropertyAccessor *set,
  ObjectPropertyRelease *release,
- void *opaque, struct Error **errp);
+ void *opaque, Error **errp);
 
-void object_property_del(Object *obj, const char *name, struct Error **errp);
+void object_property_del(Object *obj, const char *name, Error **errp);
 
 /**
  * object_property_find:
@@ -804,7 +803,7 @@ void object_property_del(Object *obj, const char *name, 
struct Error **errp);
  * Look up a property for an object and return its #ObjectProperty if found.
  */
 ObjectProperty *object_property_find(Object *obj, const char *name,
- struct Error **errp);
+ Error **errp);
 
 void object_unparent(Object *obj);
 
@@ -819,7 +818,7 @@ void object_unparent(Object *obj);
  * Reads a property from a object.
  */
 void object_property_get(Object *obj, struct Visitor *v, const char *name,
- struct Error **errp);
+ Error **errp);
 
 /**
  * object_property_set_str:
@@ -830,7 +829,7 @@ void object_property_get(Object *obj, struct Visitor *v, 
const char *name,
  * Writes a string value to a property.
  */
 void object_property_set_str(Object *obj, const char *value,
- const char *name, struct Error **errp);
+ const char *name, Error **errp);
 
 /**
  * object_property_get_str:
@@ -843,7 +842,7 @@ void object_property_set_str(Object *obj, const char *value,
  * The caller should free the string.
  */
 char *object_property_get_str(Object *obj, const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * object_property_set_link:
@@ -854,7 +853,7 @@ char *object_property_get_str(Object *obj, const char *name,
  * Writes an object's canonical path to a property.
  */
 void object_property_set_link(Object *obj, Object *value,
-  const char *name, struct Error **errp);
+  const char *name, Error **errp);
 
 /**
  * object_property_get_link:
@@ -867,7 +866,7 @@ void object_property_set_link(Object *obj, Object *value,
  * string or not a valid object path).
  */
 Object *object_property_get_link(Object *obj, const char *name,
- struct Error **errp);
+ Error **errp);
 
 /**
  * object_property_set_bool:
@@ -878,7 +877,7 @@ Object *object_property_get_link(Object *obj, const char 
*name,
  * Writes a bool value to a property.
  */
 void object_property_set_bool(Object *obj, bool value,
-  const char *name, struct Error **errp);
+  const char *name, Error **errp);
 
 /**
  * object_property_get_bool:
@@ -890,7 +889,7 @@ void object_property_set_bool(Object *obj, bool value,
  * an error occurs (including when the property value is not a bool).
  */
 bool object_property_get_bool(Object *obj, const char *name,
-  struct Error **errp);
+  Error **errp);
 
 /**
  * object_property_set_int:
@@ -901,7 +900,7 @@ bool object_property_get_bool(Object *obj, const char *name,
  * Writes an integer value to a property.
  */
 void object_property_set_int(Object *obj, int64_t value,
- const char *name, struct Error **errp);
+ const char *name, Error **errp);
 
 /**
  * object_property_get_int:
@@ -913,7 +912,7 @@ void object_property_set_int(Object *obj, int64_t value,
  * an error occurs (including when the property value is not an integer).
  */
 int64_t object_property_get_int(Object *obj, const char *name,
-struct Error **errp);
+Error **errp);
 
 /**
  * object_pr

[Qemu-devel] [PATCH v4 02/23] qom: pull in qemu/typedefs

2013-09-22 Thread Michael S. Tsirkin
As usual so we can use typedefs without header dependencies.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qom/object.h b/include/qom/object.h
index 1a7b71a..5b3b743 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -17,6 +17,7 @@
 #include 
 #include 
 #include 
+#include "qemu/typedefs.h"
 #include "qemu/queue.h"
 
 struct Visitor;
-- 
MST




[Qemu-devel] [PATCH v4 04/23] qom: add pointer to int property helpers

2013-09-22 Thread Michael S. Tsirkin
Make it easy to add read-only helpers for simple
integer properties in memory.

Signed-off-by: Michael S. Tsirkin 
---
 include/qom/object.h | 21 
 qom/object.c | 56 
 2 files changed, 77 insertions(+)

diff --git a/include/qom/object.h b/include/qom/object.h
index e3a16e4..3b75f5a 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -795,6 +795,27 @@ void object_property_add(Object *obj, const char *name, 
const char *type,
 void object_property_del(Object *obj, const char *name, Error **errp);
 
 /**
+ * object_property_add_uint8_ptr:
+ * object_property_add_uint16_ptr:
+ * object_property_add_uint32_ptr:
+ * object_property_add_uint64_ptr:
+ * @obj: the object to add a property to
+ * @name: the name of the property
+ * @v: pointer to value
+ *
+ * Add an integer property in memory.  This function will add a
+ * property of the appropriate type.
+ */
+void object_property_add_uint8_ptr(Object *obj, const char *name,
+   const uint8_t *v, Error **errp);
+void object_property_add_uint16_ptr(Object *obj, const char *name,
+const uint16_t *v, Error **errp);
+void object_property_add_uint32_ptr(Object *obj, const char *name,
+const uint32_t *v, Error **errp);
+void object_property_add_uint64_ptr(Object *obj, const char *name,
+const uint64_t *v, Error **Errp);
+
+/**
  * object_property_find:
  * @obj: the object
  * @name: the name of the property
diff --git a/qom/object.c b/qom/object.c
index e90e382..b929dc6 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1344,6 +1344,62 @@ static char *qdev_get_type(Object *obj, Error **errp)
 return g_strdup(object_get_typename(obj));
 }
 
+static void property_get_uint8_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint8(v, opaque, name, errp);
+}
+
+static void property_get_uint16_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint16(v, opaque, name, errp);
+}
+
+static void property_get_uint32_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint32(v, opaque, name, errp);
+}
+
+static void property_get_uint64_ptr(Object *obj, Visitor *v,
+   void *opaque, const char *name,
+   Error **errp)
+{
+visit_type_uint64(v, opaque, name, errp);
+}
+
+void object_property_add_uint8_ptr(Object *obj, const char *name,
+   const uint8_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint8", property_get_uint8_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint16_ptr(Object *obj, const char *name,
+const uint16_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint16", property_get_uint16_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint32_ptr(Object *obj, const char *name,
+const uint32_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint32", property_get_uint32_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
+void object_property_add_uint64_ptr(Object *obj, const char *name,
+const uint64_t *v, Error **errp)
+{
+object_property_add(obj, name, "uint64", property_get_uint64_ptr,
+NULL, NULL, (void *)v, errp);
+}
+
 static void object_instance_init(Object *obj)
 {
 object_property_add_str(obj, "type", qdev_get_type, NULL, NULL);
-- 
MST




[Qemu-devel] [PATCH] virtio-net: broken RX filtering logic fixed

2013-09-22 Thread Dmitry Fleytman
From: Dmitry Fleytman 

Upon processing of VIRTIO_NET_CTRL_MAC_TABLE_SET command
multicast list overwrites unicast list in mac_table.
This leads to broken logic for both unicast and multicast RX filtering.

Signed-off-by: Dmitry Fleytman 
---
 hw/net/virtio-net.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index dd41008..e822ab1 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -656,7 +656,8 @@ static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
 }
 
 if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
-s = iov_to_buf(iov, iov_cnt, 0, n->mac_table.macs,
+s = iov_to_buf(iov, iov_cnt, 0,
+   &n->mac_table.macs[n->mac_table.in_use * ETH_ALEN],
mac_data.entries * ETH_ALEN);
 if (s != mac_data.entries * ETH_ALEN) {
 goto error;
-- 
1.8.3.1




[Qemu-devel] the way i read the registers may wrong

2013-09-22 Thread Peter Cheung
Hi all   I am using the following code to read registers, i can read the value 
of EIP, but when i dump the value pointed by EIP, all are zero, byte code 
should not be zero, so i think my code is wrong. Please point me out thanks?

static void gkd_read_registers(CPUState *cpu, char *buffer) {
printf("gkd_read_registers()\n");
CPUArchState *env = cpu->env_ptr;
sprintf(buffer,

"cs=%x,eip=%x,ds=%x,es=%x,fs=%x,gs=%x,ss=%x,eflags=%x,eax=%x,ebx=%x,ecx=%x,edx=%x,esi=%x,edi=%x,ebp=%x,esp=%x,cr0=%x,cr2=%x,cr3=%x,cr4=%x",
env->segs[R_CS].base, env->eip, env->segs[R_DS].base, 
env->segs[R_ES].base,
env->segs[R_FS].base, env->segs[R_GS].base, 
env->segs[R_SS].base,
env->eflags, env->regs[R_EAX], env->regs[R_EBX],
env->regs[R_ECX], env->regs[R_EDX], env->regs[R_ESI],
env->regs[R_EDI], env->regs[R_EBP], env->regs[R_ESP], 
env->cr[0],
env->cr[2], env->cr[3], env->cr[4]);
sprintf(buffer + strlen(buffer),
",dr0=%x,dr1=%x,dr2=%x,dr3=%x,dr6=%x,dr7=%x", 
env->dr[0],
env->dr[1], env->dr[2], env->dr[3], env->dr[6], 
env->dr[7]);


sprintf(buffer + strlen(buffer), ",gdtr=%x,gdtr_limit=%x", 
env->gdt.base,
env->gdt.limit);
sprintf(buffer + strlen(buffer), ",ldtr=%x,ldtr_limit=%x", 
env->ldt.base,
env->ldt.limit);
sprintf(buffer + strlen(buffer), ",idtr=%x,idtr_limit=%x", 
env->idt.base,
env->idt.limit);
sprintf(buffer + strlen(buffer), ",tr=%x", env->tr);
}
Thanksfrom Peter  

Re: [Qemu-devel] [Xen-devel] RESEND [Xen-unstable][Qemu-xen] HVM Guest reading of Expansion ROM from passthroughed PCI device returns data from emulated VGA rom

2013-09-22 Thread Pasi Kärkkäinen
On Sun, Sep 22, 2013 at 05:00:58PM +0200, Sander Eikelenboom wrote:
> 
> >> I'm trying to get secondary vga-passthrough on a HVM guest to work with a 
> >> AMD HD6570 and the native kernel radeon driver and kernel modesetting.
> >> So the guest still gets the emulated stdvga or cirrus device(used in my 
> >> case here) as primary/boot vga adapter.
> >> 
> >> - When i don't passthrough the radeon card, the linux native radeon driver 
> >> loads fine.
> >> - When i do passtrough the device to a HVM with the same kernel:
> >>   The driver in the guest tries to read the pci expansion rom from the 
> >> passthroughed device to get the vbios.
> >>   The driver reports a successful read, but fails because it can't find 
> >> the right string at the right offset.
> >> 
> 
> > Did you try with qemu-dm-traditional aswell? Does it have the same problem? 
> 
> Hi Pasi,
> 
> Yes i did and yes the same problem.
> From what i recall i used to have succes with vga passthrough with a 
> secondary vga card, but that was some time ago.
> I don't know which of the components (xen, dom0 kernel, domU kernel, radeon 
> driver, qemu has changed in such a way that it fails to work now ...
> 
> 
> But in the mean time i tried to debug it further and from what i can see:
> - Only the io port en mem of the pci device are mapped through the hypervisor.
> - The rom is not, (a hypercall to do the memory mapping is never made) i 
> tried several things to get it to do the mapping, but so far failt to do so.
> - It seems to be a 64bit capable device, some code comments and git commit 
> messages seem to suggest that there were/are some problems with that (in the 
> way the involved components interact)
> 

Yeah, there has been some patches related to that, and I think still some open 
bugs..

Btw did you try with Xen 4.3? Or 4.2? 

-- Pasi




Re: [Qemu-devel] [RFC 00/16] TCG indirect registers

2013-09-22 Thread Max Filippov
On Fri, Sep 20, 2013 at 1:24 AM, Richard Henderson  wrote:
> This is an attempt to improve performance of target-sparc
> by exposing the windowed registers as TCG globals, and all
> the optimization that we can do there.
>
> This is done via allowing tcg_global_mem_new to be used
> with any base pointer, not just off of a fixed register.
> Thus the sparc windowed registers are globals off cpu_regwptr.
>
> In the process of working through this, I attempt to remove
> as many uses of "int" as I can throughout the TCG code gen
> paths, replacing them with TCGReg when we're talking about
> hard registers, and TCGTemp pointers when we're talking about
> temporaries.  This, IMO, reduces confusion as to what kind of
> "int" we mean at any given time.
>
> By the time we get to patch 14, actually implementing the
> indirect temps, it's fairly easy to recurse in order to
> load the base pointer when we need to load or store an
> indirect temp.
>
> I've not yet tried to measure the performance.  As far as
> testing, linux-user-0.3 and sparc-test-0.2 works.  I've
> scanned some of the dumps from those.  In the cases where
> no real optimization was possible, we generate practically
> the same code -- usually with different registers selected.
> In the cases where we can optimize, I've seen some TB's
> cut in half.
>
> Anyway, I wanted some feedback before I take this any further.

Hi Richard,

I've reimplemented xtensa windowed registers in the same
way as done for sparc on top of this series. Haven't got any
measurable performance change. From op,out_asm output most
TBs got longer by 1-4 instructions and all temp indices got
doubled.

--->8---
>From 73300be7dd6b3d31cbfa45225714d5e43c52f077 Mon Sep 17 00:00:00 2001
From: Max Filippov 
Date: Sun, 22 Sep 2013 18:54:53 +0400
Subject: [PATCH] target-xtensa: reimplement windowed registers

Signed-off-by: Max Filippov 
---
 target-xtensa/cpu.c   |  1 +
 target-xtensa/cpu.h   |  5 +++--
 target-xtensa/op_helper.c | 46 ++
 target-xtensa/translate.c |  7 +--
 4 files changed, 19 insertions(+), 40 deletions(-)

diff --git a/target-xtensa/cpu.c b/target-xtensa/cpu.c
index c19d17a..a30511d 100644
--- a/target-xtensa/cpu.c
+++ b/target-xtensa/cpu.c
@@ -59,6 +59,7 @@ static void xtensa_cpu_reset(CPUState *s)
 env->sregs[CACHEATTR] = 0x;
 env->sregs[ATOMCTL] = xtensa_option_enabled(env->config,
 XTENSA_OPTION_ATOMCTL) ? 0x28 : 0x15;
+rotate_window_abs(env, env->sregs[WINDOW_BASE]);
  env->pending_irq_level = 0;
 reset_mmu(env);
diff --git a/target-xtensa/cpu.h b/target-xtensa/cpu.h
index 95103e9..8100f18 100644
--- a/target-xtensa/cpu.h
+++ b/target-xtensa/cpu.h
@@ -334,11 +334,11 @@ typedef struct XtensaConfigList {
  typedef struct CPUXtensaState {
 const XtensaConfig *config;
-uint32_t regs[16];
+uint32_t *regs;
 uint32_t pc;
 uint32_t sregs[256];
 uint32_t uregs[256];
-uint32_t phys_regs[MAX_NAREG];
+uint32_t phys_regs[MAX_NAREG + 12];
 float32 fregs[16];
 float_status fp_status;
 @@ -396,6 +396,7 @@ void xtensa_timer_irq(CPUXtensaState *env, uint32_t id, 
uint32_t active);
 void xtensa_rearm_ccompare_timer(CPUXtensaState *env);
 int cpu_xtensa_signal_handler(int host_signum, void *pinfo, void *puc);
 void xtensa_cpu_list(FILE *f, fprintf_function cpu_fprintf);
+void rotate_window_abs(CPUXtensaState *env, uint32_t position);
 void xtensa_sync_window_from_phys(CPUXtensaState *env);
 void xtensa_sync_phys_from_window(CPUXtensaState *env);
 uint32_t xtensa_tlb_get_addr_mask(const CPUXtensaState *env, bool dtlb, 
uint32_t way);
diff --git a/target-xtensa/op_helper.c b/target-xtensa/op_helper.c
index cf97025..ee21550 100644
--- a/target-xtensa/op_helper.c
+++ b/target-xtensa/op_helper.c
@@ -166,39 +166,6 @@ uint32_t HELPER(nsau)(uint32_t v)
 return v ? clz32(v) : 32;
 }
 -static void copy_window_from_phys(CPUXtensaState *env,
-uint32_t window, uint32_t phys, uint32_t n)
-{
-assert(phys < env->config->nareg);
-if (phys + n <= env->config->nareg) {
-memcpy(env->regs + window, env->phys_regs + phys,
-n * sizeof(uint32_t));
-} else {
-uint32_t n1 = env->config->nareg - phys;
-memcpy(env->regs + window, env->phys_regs + phys,
-n1 * sizeof(uint32_t));
-memcpy(env->regs + window + n1, env->phys_regs,
-(n - n1) * sizeof(uint32_t));
-}
-}
-
-static void copy_phys_from_window(CPUXtensaState *env,
-uint32_t phys, uint32_t window, uint32_t n)
-{
-assert(phys < env->config->nareg);
-if (phys + n <= env->config->nareg) {
-memcpy(env->phys_regs + phys, env->regs + window,
-n * sizeof(uint32_t));
-} else {
-uint32_t n1 = env->config->nareg - phys;
-memcpy(env->phys_regs + phys, env->regs + window,
-n1 * sizeof(uint32_t));
-memcpy(env->phys_regs, env->regs + window + n1,
-  

Re: [Qemu-devel] [PATCH v4 22/23] hpet: add API to find it

2013-09-22 Thread Paolo Bonzini
Il 22/09/2013 15:38, Michael S. Tsirkin ha scritto:
> Add API to find HPET using QOM.
> 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  include/hw/timer/hpet.h | 2 ++
>  hw/timer/hpet.c | 5 +
>  2 files changed, 7 insertions(+)
> 
> diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h
> index 757f79f..ab44bd3 100644
> --- a/include/hw/timer/hpet.h
> +++ b/include/hw/timer/hpet.h
> @@ -71,4 +71,6 @@ struct hpet_fw_config
>  } QEMU_PACKED;
>  
>  extern struct hpet_fw_config hpet_cfg;
> +
> +bool hpet_find(void);
>  #endif
> diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
> index fcd22ae..676bd7d 100644
> --- a/hw/timer/hpet.c
> +++ b/hw/timer/hpet.c
> @@ -757,6 +757,11 @@ static void hpet_device_class_init(ObjectClass *klass, 
> void *data)
>  dc->props = hpet_device_properties;
>  }
>  
> +bool hpet_find(void)
> +{
> +return object_resolve_path_type("", "hpet", NULL);

s/"hpet"/TYPE_HPET/

Paolo

> +}
> +
>  static const TypeInfo hpet_device_info = {
>  .name  = TYPE_HPET,
>  .parent= TYPE_SYS_BUS_DEVICE,
> 




Re: [Qemu-devel] [PATCH v4 22/23] hpet: add API to find it

2013-09-22 Thread Michael S. Tsirkin
On Sun, Sep 22, 2013 at 09:22:09PM +0200, Paolo Bonzini wrote:
> Il 22/09/2013 15:38, Michael S. Tsirkin ha scritto:
> > Add API to find HPET using QOM.
> > 
> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >  include/hw/timer/hpet.h | 2 ++
> >  hw/timer/hpet.c | 5 +
> >  2 files changed, 7 insertions(+)
> > 
> > diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h
> > index 757f79f..ab44bd3 100644
> > --- a/include/hw/timer/hpet.h
> > +++ b/include/hw/timer/hpet.h
> > @@ -71,4 +71,6 @@ struct hpet_fw_config
> >  } QEMU_PACKED;
> >  
> >  extern struct hpet_fw_config hpet_cfg;
> > +
> > +bool hpet_find(void);
> >  #endif
> > diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
> > index fcd22ae..676bd7d 100644
> > --- a/hw/timer/hpet.c
> > +++ b/hw/timer/hpet.c
> > @@ -757,6 +757,11 @@ static void hpet_device_class_init(ObjectClass *klass, 
> > void *data)
> >  dc->props = hpet_device_properties;
> >  }
> >  
> > +bool hpet_find(void)
> > +{
> > +return object_resolve_path_type("", "hpet", NULL);
> 
> s/"hpet"/TYPE_HPET/
> 
> Paolo

Right. I'll fix it in my tree, won't repost just for this.
Thanks!

> > +}
> > +
> >  static const TypeInfo hpet_device_info = {
> >  .name  = TYPE_HPET,
> >  .parent= TYPE_SYS_BUS_DEVICE,
> > 



Re: [Qemu-devel] [PATCH] sPAPR: implement route_intx_to_irq to get gsi of pci device.

2013-09-22 Thread Alexander Graf

Am 22.09.2013 um 13:47 schrieb Liu Ping Fan :

> This is useful when pci assignment happens on sPAPR.

This patch doesn't sound useful on its own to me, thus probably belongs in a 
greater patch set.

And without even a clear commit message that explains why exactly this is going 
to be "useful" eventually I don't see any reason to apply this patch.


Alex




Re: [Qemu-devel] [PATCH 1/2] tests: build the helper program in main build process

2013-09-22 Thread Michael Tokarev

22.09.2013 12:30, Wenchao Xia пишет:

This is a quick way to update helper program when qemu main code
is changed or built, instead of adding new Makefile under test/qemu-iotest.


Why?

[]

+# Build the help program automatically
+
+all: $(QEMU_IOTESTS_HELPERS-y)



This appears to be somewhat awkward way (to do something which I
clearly don't see).

First, it is not clear why this iotest helper should be built
by default when we hasn't been asked to perform the tests.

Second, it apparently does not achieve the (unknown) goal
anyway.  At least the patch does not do what the commit
coment says.  Commit says that the helper gets updated when
qemu main code is changed or built (which is main code?).
But when I build, say, subdir-x86_64-softmmu, which is
definitely some "main" code, the helper isn't being built...

Count me confused...  :)

/mjt



Re: [Qemu-devel] [PATCH] .gitignore: ignore tests/qemu-iotests/socket_scm_helper

2013-09-22 Thread Wenchao Xia

Reviewed-by: Wenchao Xia


Signed-off-by: Fam Zheng
---
  tests/qemu-iotests/.gitignore | 1 +
  1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/.gitignore b/tests/qemu-iotests/.gitignore
index 62b4002..0541f80 100644
--- a/tests/qemu-iotests/.gitignore
+++ b/tests/qemu-iotests/.gitignore
@@ -2,6 +2,7 @@ check.log
  check.time
  *.out.bad
  *.notrun
+socket_scm_helper

  # ignore everything in the scratch directory
  scratch/





Re: [Qemu-devel] [PATCH 1/2] tests: build the helper program in main build process

2013-09-22 Thread Wenchao Xia

On 09/23/2013 04:36 AM, Michael Tokarev wrote:

22.09.2013 12:30, Wenchao Xia пишет:

This is a quick way to update helper program when qemu main code
is changed or built, instead of adding new Makefile under 
test/qemu-iotest.


Why?

[]
   I think it is a bit overkill to have a new Makefile for one single 
.c file. If more

file comes, we can write Makefile at that time.



+# Build the help program automatically
+
+all: $(QEMU_IOTESTS_HELPERS-y)



This appears to be somewhat awkward way (to do something which I
clearly don't see).

First, it is not clear why this iotest helper should be built
by default when we hasn't been asked to perform the tests.

  Usually we may:
1 configure and make.
2 goto tests/qemu-iotests, ./check.

  It may encounter an error since build of the helper was not triggered.



Second, it apparently does not achieve the (unknown) goal
anyway.  At least the patch does not do what the commit
coment says.  Commit says that the helper gets updated when
qemu main code is changed or built (which is main code?).
But when I build, say, subdir-x86_64-softmmu, which is
definitely some "main" code, the helper isn't being built...


  Main code may refer to the codes other than ./tests, the commit
message is not accurate, I think it should be "build the helper by
default".


Count me confused...  :)

/mjt






Re: [Qemu-devel] [PATCH] sPAPR: implement route_intx_to_irq to get gsi of pci device.

2013-09-22 Thread liu ping fan
On Mon, Sep 23, 2013 at 4:02 AM, Alexander Graf  wrote:
>
> Am 22.09.2013 um 13:47 schrieb Liu Ping Fan :
>
>> This is useful when pci assignment happens on sPAPR.
>
> This patch doesn't sound useful on its own to me, thus probably belongs in a 
> greater patch set.
>
Yes, I think, it will be applied after Alexey Kardashevskiy's
patch-set, "[PATCH v4 00/12] xics: reworks and in-kernel support"
CCing Alexey Kardashevskiy

> And without even a clear commit message that explains why exactly this is 
> going to be "useful" eventually I don't see any reason to apply this patch.
>
Pci assignment adopts irqfd in kernel, which need gsi as input param, right?

Thanks,
Pingfan



Re: [Qemu-devel] [PATCH] sPAPR: implement route_intx_to_irq to get gsi of pci device.

2013-09-22 Thread Alexey Kardashevskiy
On 09/22/2013 09:47 PM, Liu Ping Fan wrote:
> This is useful when pci assignment happens on sPAPR.


I have almost the same patch in my queue already, it will enable irqfd for
both INTX and MSI, I am just waiting till in-kernel XICS patchset gets in
upstream and then I'll post it.


> Signed-off-by: Liu Ping Fan 
> ---
> This patch will apply on patches which enable xics in kernel.
> ---
>  hw/intc/xics.c|  5 +
>  hw/ppc/spapr_pci.c| 14 ++
>  include/hw/ppc/xics.h |  1 +
>  3 files changed, 20 insertions(+)
> 
> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
> index bb018d1..02cdab8 100644
> --- a/hw/intc/xics.c
> +++ b/hw/intc/xics.c
> @@ -442,6 +442,11 @@ void xics_set_irq_type(XICSState *icp, int irq, bool lsi)
>  icp->ics->islsi[irq - icp->ics->offset] = lsi;
>  }
>  
> +int xics_get_irq_offset(XICSState *icp)
> +{
> +return icp->ics->offset;
> +}
> +
>  /*
>   * Guest interfaces
>   */
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 9b6ee32..6d3657a 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -432,6 +432,19 @@ static void pci_spapr_set_irq(void *opaque, int irq_num, 
> int level)
>  qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
>  }
>  
> +static PCIINTxRoute spapr_phb_route_intx_to_irq(void *opaque, int pirq_pin)
> +{
> +int gsi;
> +PCIINTxRoute route;
> +sPAPRPHBState *phb = opaque;
> +
> +gsi = phb->lsi_table[pirq_pin].irq;
> +gsi += xics_get_irq_offset(spapr->icp);


Why do you need this? lsi_table[].irq is received from spapr_allocate_lsi()
which already adds this offset.



> +route.mode = PCI_INTX_ENABLED;
> +route.irq = gsi;
> +return route;
> +}
> +
>  /*
>   * MSI/MSIX memory region implementation.
>   * The handler handles both MSI and MSIX.
> @@ -595,6 +608,7 @@ static int spapr_phb_init(SysBusDevice *s)
> pci_spapr_set_irq, pci_spapr_map_irq, sphb,
> &sphb->memspace, &sphb->iospace,
> PCI_DEVFN(0, 0), PCI_NUM_PINS, TYPE_PCI_BUS);
> +pci_bus_set_route_irq_fn(bus, spapr_phb_route_intx_to_irq);
>  phb->bus = bus;
>  
>  sphb->dma_window_start = 0;
> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> index 66364c5..6ed1f4d 100644
> --- a/include/hw/ppc/xics.h
> +++ b/include/hw/ppc/xics.h
> @@ -97,6 +97,7 @@ struct ICSIRQState {
>  
>  qemu_irq xics_get_qirq(XICSState *icp, int irq);
>  void xics_set_irq_type(XICSState *icp, int irq, bool lsi);
> +int xics_get_irq_offset(XICSState *icp);
>  
>  void xics_cpu_setup(XICSState *icp, PowerPCCPU *cpu);
>  
> 


-- 
Alexey



Re: [Qemu-devel] [PATCH v4 00/12] xics: reworks and in-kernel support

2013-09-22 Thread Alexey Kardashevskiy
On 09/16/2013 02:10 PM, Alexey Kardashevskiy wrote:
> On 09/10/2013 02:26 PM, Alexey Kardashevskiy wrote:
>> On 09/04/2013 12:56 PM, Alexey Kardashevskiy wrote:
>>> On 08/30/2013 03:28 PM, Alexey Kardashevskiy wrote:
 Yet another try with XICS and XICS-KVM.

 v3->v4:
 Addressed multiple comments from Alex;
 Split out many tiny patches to make them easier to review;
 Fixed xics_cpu_setup not to call the parent;
 And many, many small changes.

 v2->v3:
 Addressed multiple comments from Andreas;
 Added 2 patches for XICS from Ben - I included them into the series as they
 are about XICS and they won't rebase automatically if moved before XICS 
 rework
 so it seemed to me that it would be better to carry them toghether. If it 
 is
 wrong, please let me know, I'll repost them separately.

 v1->v2:
 The main change is this adds "xics-common" parent for emulated XICS and 
 XICS-KVM.
 And many, many small changes, mostly to address Andreas comments.

 Migration from XICS to XICS-KVM and vice versa still works.


 Alexey Kardashevskiy (8):
   xics: move reset and cpu_setup
   spapr: move cpu_setup after kvmppc_set_papr
   xics: replace fprintf with error_report
   xics: add pre_save/post_load dispatchers
   xics: convert init() to realize()
   xics: add missing const specifiers to TypeInfo
   xics: split to xics and xics-common
   xics: add cpu_setup callback

 Benjamin Herrenschmidt (2):
   xics: Implement H_IPOLL
   xics: Implement H_XIRR_X

 David Gibson (2):
   target-ppc: Add helper for KVM_PPC_RTAS_DEFINE_TOKEN
   xics-kvm: Support for in-kernel XICS interrupt controller

  default-configs/ppc64-softmmu.mak |   1 +
  hw/intc/Makefile.objs |   1 +
  hw/intc/xics.c| 331 +-
  hw/intc/xics_kvm.c| 488 
 ++
  hw/ppc/spapr.c|  27 ++-
  include/hw/ppc/spapr.h|   1 +
  include/hw/ppc/xics.h |  57 +
  target-ppc/kvm.c  |  14 ++
  target-ppc/kvm_ppc.h  |   7 +
  9 files changed, 865 insertions(+), 62 deletions(-)
  create mode 100644 hw/intc/xics_kvm.c
>>>
>>>
>>> Alex, ping?
>>
>>
>> Anyone, ping?
>>
>>
> 
> Anyone, ping?
> 
> 

*sigh*. ping.


-- 
Alexey



Re: [Qemu-devel] [PATCH 5/5] hw: arm_gic_kvm: Add KVM VGIC save/restore logic

2013-09-22 Thread Christoffer Dall
On Sat, Sep 21, 2013 at 06:38:19PM +0900, Peter Maydell wrote:
> On 21 September 2013 06:46, Christoffer Dall
>  wrote:
> > On Sat, Sep 21, 2013 at 06:22:23AM +0900, Peter Maydell wrote:
> >>  *) for getting TCG<->KVM and KVM-with-non-host-CPU cases
> >> right we need to do translation anyway, or at least think about it.
> >
> > Why? Wouldn't we always only support the case where QEMU emulates the
> > same model as KVM in the first case, and the kernel should behave the
> > same and export the same state if you ask for a specific target no
> > matter what the underlying hardware is, no?
> 
> If the kernel has to be able to do translation of the state, why
> not make its life easier by having it only need to do one thing
> (host h/w format -> whatever standard format we pick)
> rather than lots and lots of things
> (host CPU X h/w format -> format for supported guest CPU A,
>  host CPU X h/w format -> format for supported guest CPU B,
>  host CPU Y h/w format -> format for guest CPU A,
>  host CPU Y h/w format -> format for guest CPU B,
>  etc etc etc)
> 
> ? That's basically a cross product over every CPU we
> support.
> 
Good point.

So after reading the GIC specs again, the way I understand it is that
the APR regs have a bit set, if that group priority (a.k.a. preemption
level) has an active interrupt.  Further, multiple set bits would would
only happen if software acknowledges an interrupt and before EOIing it,
the GIC gets preempted by an interrupt with a higher group priority
(lower number).  Correct?

Further, and again, I don't think the spec is particularly clear on this
point, but I think it suggests that if bit[0] is set, then there's an
interrupt from interrupt priority group 0 (the group with the highest
priority) in the active state, if bit[1] is set, one from group 1 is
active, and so on.

That would be a perfectly fine format for the APR in the GICstate
structure, and the only remaining questions would be:

 (1) How many preemption levels should be supported, which would be most
 easily solved by just defining GICC_APR0-GICC_APR3 for all cpu
 interfaces.
 (2) How does the arm_gic_kvm.c code detect the underlying host CPU that
 the kernel read the register from when it returned the value of the
 register to do the proper translation?  I don't even want to think
 about how this will work on Big.Little...

-Christoffer



Re: [Qemu-devel] [PATCH] sPAPR: implement route_intx_to_irq to get gsi of pci device.

2013-09-22 Thread liu ping fan
On Mon, Sep 23, 2013 at 9:59 AM, Alexey Kardashevskiy  wrote:
> On 09/22/2013 09:47 PM, Liu Ping Fan wrote:
>> This is useful when pci assignment happens on sPAPR.
>
>
> I have almost the same patch in my queue already, it will enable irqfd for
> both INTX and MSI, I am just waiting till in-kernel XICS patchset gets in
> upstream and then I'll post it.
>
Ok,
>
>> Signed-off-by: Liu Ping Fan 
>> ---
>> This patch will apply on patches which enable xics in kernel.
>> ---
>>  hw/intc/xics.c|  5 +
>>  hw/ppc/spapr_pci.c| 14 ++
>>  include/hw/ppc/xics.h |  1 +
>>  3 files changed, 20 insertions(+)
>>
>> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
>> index bb018d1..02cdab8 100644
>> --- a/hw/intc/xics.c
>> +++ b/hw/intc/xics.c
>> @@ -442,6 +442,11 @@ void xics_set_irq_type(XICSState *icp, int irq, bool 
>> lsi)
>>  icp->ics->islsi[irq - icp->ics->offset] = lsi;
>>  }
>>
>> +int xics_get_irq_offset(XICSState *icp)
>> +{
>> +return icp->ics->offset;
>> +}
>> +
>>  /*
>>   * Guest interfaces
>>   */
>> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
>> index 9b6ee32..6d3657a 100644
>> --- a/hw/ppc/spapr_pci.c
>> +++ b/hw/ppc/spapr_pci.c
>> @@ -432,6 +432,19 @@ static void pci_spapr_set_irq(void *opaque, int 
>> irq_num, int level)
>>  qemu_set_irq(spapr_phb_lsi_qirq(phb, irq_num), level);
>>  }
>>
>> +static PCIINTxRoute spapr_phb_route_intx_to_irq(void *opaque, int pirq_pin)
>> +{
>> +int gsi;
>> +PCIINTxRoute route;
>> +sPAPRPHBState *phb = opaque;
>> +
>> +gsi = phb->lsi_table[pirq_pin].irq;
>> +gsi += xics_get_irq_offset(spapr->icp);
>
>
> Why do you need this? lsi_table[].irq is received from spapr_allocate_lsi()
> which already adds this offset.
>
Oh, you are right, next_irq begin at XICS_IRQ_BASE

Thx,
Pingfan
>
>
>> +route.mode = PCI_INTX_ENABLED;
>> +route.irq = gsi;
>> +return route;
>> +}
>> +
>>  /*
>>   * MSI/MSIX memory region implementation.
>>   * The handler handles both MSI and MSIX.
>> @@ -595,6 +608,7 @@ static int spapr_phb_init(SysBusDevice *s)
>> pci_spapr_set_irq, pci_spapr_map_irq, sphb,
>> &sphb->memspace, &sphb->iospace,
>> PCI_DEVFN(0, 0), PCI_NUM_PINS, TYPE_PCI_BUS);
>> +pci_bus_set_route_irq_fn(bus, spapr_phb_route_intx_to_irq);
>>  phb->bus = bus;
>>
>>  sphb->dma_window_start = 0;
>> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
>> index 66364c5..6ed1f4d 100644
>> --- a/include/hw/ppc/xics.h
>> +++ b/include/hw/ppc/xics.h
>> @@ -97,6 +97,7 @@ struct ICSIRQState {
>>
>>  qemu_irq xics_get_qirq(XICSState *icp, int irq);
>>  void xics_set_irq_type(XICSState *icp, int irq, bool lsi);
>> +int xics_get_irq_offset(XICSState *icp);
>>
>>  void xics_cpu_setup(XICSState *icp, PowerPCCPU *cpu);
>>
>>
>
>
> --
> Alexey



Re: [Qemu-devel] [PATCH v4 1/4] seqlock: introduce read-write seqlock

2013-09-22 Thread Jan Kiszka
On 2013-09-22 10:11, Liu Ping Fan wrote:
> This lets the read-side access run outside the BQL.

In fact, not only BQL. Didn't the original commit provide a changlog
about the content of this patch? Otherwise, briefly describe use cases
and maybe the typical invocation pattern.

> 
> Signed-off-by: Paolo Bonzini 

>From says you, signed-off only Paolo - this is inconsistent.

Jan

> ---
>  include/qemu/seqlock.h | 72 
> ++
>  1 file changed, 72 insertions(+)
>  create mode 100644 include/qemu/seqlock.h
> 
> diff --git a/include/qemu/seqlock.h b/include/qemu/seqlock.h
> new file mode 100644
> index 000..3ff118a
> --- /dev/null
> +++ b/include/qemu/seqlock.h
> @@ -0,0 +1,72 @@
> +/*
> + * Seqlock implementation for QEMU
> + *
> + * Copyright Red Hat, Inc. 2013
> + *
> + * Author:
> + *  Paolo Bonzini 
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +#ifndef QEMU_SEQLOCK_H
> +#define QEMU_SEQLOCK_H 1
> +
> +#include 
> +#include 
> +
> +typedef struct QemuSeqLock QemuSeqLock;
> +
> +struct QemuSeqLock {
> +QemuMutex *mutex;
> +unsigned sequence;
> +};
> +
> +static inline void seqlock_init(QemuSeqLock *sl, QemuMutex *mutex)
> +{
> +sl->mutex = mutex;
> +sl->sequence = 0;
> +}
> +
> +/* Lock out other writers and update the count.  */
> +static inline void seqlock_write_lock(QemuSeqLock *sl)
> +{
> +if (sl->mutex) {
> +qemu_mutex_lock(sl->mutex);
> +}
> +++sl->sequence;
> +
> +/* Write sequence before updating other fields.  */
> +smp_wmb();
> +}
> +
> +static inline void seqlock_write_unlock(QemuSeqLock *sl)
> +{
> +/* Write other fields before finalizing sequence.  */
> +smp_wmb();
> +
> +++sl->sequence;
> +if (sl->mutex) {
> +qemu_mutex_unlock(sl->mutex);
> +}
> +}
> +
> +static inline unsigned seqlock_read_begin(QemuSeqLock *sl)
> +{
> +/* Always fail if a write is in progress.  */
> +unsigned ret = sl->sequence & ~1;
> +
> +/* Read sequence before reading other fields.  */
> +smp_rmb();
> +return ret;
> +}
> +
> +static int seqlock_read_retry(const QemuSeqLock *sl, unsigned start)
> +{
> +/* Read other fields before reading final sequence.  */
> +smp_rmb();
> +return unlikely(sl->sequence != start);
> +}
> +
> +#endif
> 

-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux



Re: [Qemu-devel] [PATCH v4 2/4] timer: protect timers_state's clock with seqlock

2013-09-22 Thread Jan Kiszka
On 2013-09-22 10:11, Liu Ping Fan wrote:
> QEMU_CLOCK_VIRTUAL may be read outside BQL. This will make its
> foundation, i.e. timers_state exposed to race condition.
> Using private lock to protect it.
> 
> After this patch, reading QEMU_CLOCK_VIRTUAL is thread safe
> unless use_icount is true, in which case the existing callers
> still rely on the BQL
> 
> Lock rule: private lock innermost, ie BQL->"this lock"
> 
> Signed-off-by: Liu Ping Fan 
> ---
>  cpus.c | 36 ++--
>  1 file changed, 30 insertions(+), 6 deletions(-)
> 
> diff --git a/cpus.c b/cpus.c
> index e566297..870a832 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -37,6 +37,7 @@
>  #include "sysemu/qtest.h"
>  #include "qemu/main-loop.h"
>  #include "qemu/bitmap.h"
> +#include "qemu/seqlock.h"
>  
>  #ifndef _WIN32
>  #include "qemu/compatfd.h"
> @@ -112,6 +113,13 @@ static int64_t qemu_icount;
>  typedef struct TimersState {
>  int64_t cpu_ticks_prev;
>  int64_t cpu_ticks_offset;
> +/* cpu_clock_offset will be read out of BQL, so protect it with private
> + * lock. As for cpu_ticks_*, no requirement to read it outside BQL yet.
> + * Lock rule: innermost
> + */
> +QemuSeqLock clock_seqlock;
> +/* mutex for seqlock */
> +QemuMutex mutex;

If these locks only protect cpu_clock_offset, name them accordingly
(cpu_clock_offset_seqlock, cpu_clock_offset_mutex). But I think they
also protect cpu_ticks_enabled, no? Then you should adjust the comment.

>  int64_t cpu_clock_offset;
>  int32_t cpu_ticks_enabled;
>  int64_t dummy;
> @@ -137,6 +145,7 @@ int64_t cpu_get_icount(void)
>  }
>  
>  /* return the host CPU cycle counter and handle stop/restart */
> +/* cpu_ticks is safely if holding BQL */

"Caller must hold the BQL."

>  int64_t cpu_get_ticks(void)
>  {
>  if (use_icount) {
> @@ -161,33 +170,46 @@ int64_t cpu_get_ticks(void)
>  int64_t cpu_get_clock(void)
>  {
>  int64_t ti;
> -if (!timers_state.cpu_ticks_enabled) {
> -return timers_state.cpu_clock_offset;
> -} else {
> -ti = get_clock();
> -return ti + timers_state.cpu_clock_offset;
> -}
> +unsigned start;
> +
> +do {
> +start = seqlock_read_begin(&timers_state.clock_seqlock);
> +if (!timers_state.cpu_ticks_enabled) {
> +ti = timers_state.cpu_clock_offset;
> +} else {
> +ti = get_clock();
> +ti += timers_state.cpu_clock_offset;
> +}
> +} while (seqlock_read_retry(&timers_state.clock_seqlock, start));
> +
> +return ti;
>  }
>  
>  /* enable cpu_get_ticks() */
>  void cpu_enable_ticks(void)
>  {
> +/* Here, the really thing protected by seqlock is cpu_clock_offset. */
> +seqlock_write_lock(&timers_state.clock_seqlock);
>  if (!timers_state.cpu_ticks_enabled) {
>  timers_state.cpu_ticks_offset -= cpu_get_real_ticks();
>  timers_state.cpu_clock_offset -= get_clock();
>  timers_state.cpu_ticks_enabled = 1;
>  }
> +seqlock_write_unlock(&timers_state.clock_seqlock);
>  }
>  
>  /* disable cpu_get_ticks() : the clock is stopped. You must not call
> cpu_get_ticks() after that.  */
>  void cpu_disable_ticks(void)
>  {
> +/* Here, the really thing protected by seqlock is cpu_clock_offset. */
> +seqlock_write_lock(&timers_state.clock_seqlock);
>  if (timers_state.cpu_ticks_enabled) {
>  timers_state.cpu_ticks_offset = cpu_get_ticks();
>  timers_state.cpu_clock_offset = cpu_get_clock();
>  timers_state.cpu_ticks_enabled = 0;
>  }
> +seqlock_write_unlock(&timers_state.clock_seqlock);
>  }
>  
>  /* Correlation between real and virtual time is always going to be
> @@ -371,6 +393,8 @@ static const VMStateDescription vmstate_timers = {
>  
>  void configure_icount(const char *option)
>  {
> +qemu_mutex_init(&timers_state.mutex);
> +seqlock_init(&timers_state.clock_seqlock, &timers_state.mutex);
>  vmstate_register(NULL, 0, &vmstate_timers, &timers_state);
>  if (!option) {
>  return;
> 

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux



Re: [Qemu-devel] [PATCH v4 3/4] qemu-thread: add QemuEvent

2013-09-22 Thread Jan Kiszka
On 2013-09-22 10:11, Liu Ping Fan wrote:
> This emulates Win32 manual-reset events using futexes or conditional
> variables.  Typical ways to use them are with multi-producer,
> single-consumer data structures, to test for a complex condition whose
> elements come from different threads:
> 
> for (;;) {
> qemu_event_reset(ev);
> ... test complex condition ...
> if (condition is true) {
> break;
> }
> qemu_event_wait(ev);
> }
> 
> Or more efficiently (but with some duplication):
> 
> ... evaluate condition ...
> while (!condition) {
> qemu_event_reset(ev);
> ... evaluate condition ...
> if (!condition) {
> qemu_event_wait(ev);
> ... evaluate condition ...
> }
> }
> 
> QemuEvent provides a very fast userspace path in the common case when
> no other thread is waiting, or the event is not changing state.  It
> is used to report RCU quiescent states to the thread calling
> synchronize_rcu (the latter being the single consumer), and to report
> call_rcu invocations to the thread that receives them.
> 
> Signed-off-by: Paolo Bonzini 

Again, from and signed-off mismatch.

BTW, above is a good template for a commit log of patch 1.

Jan

> ---
>  include/qemu/thread-posix.h |   8 +++
>  include/qemu/thread-win32.h |   4 ++
>  include/qemu/thread.h   |   7 +++
>  util/qemu-thread-posix.c| 116 
> 
>  util/qemu-thread-win32.c|  26 ++
>  5 files changed, 161 insertions(+)
> 
> diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
> index 361566a..eb5c7a1 100644
> --- a/include/qemu/thread-posix.h
> +++ b/include/qemu/thread-posix.h
> @@ -21,6 +21,14 @@ struct QemuSemaphore {
>  #endif
>  };
>  
> +struct QemuEvent {
> +#ifndef __linux__
> +pthread_mutex_t lock;
> +pthread_cond_t cond;
> +#endif
> +unsigned value;
> +};
> +
>  struct QemuThread {
>  pthread_t thread;
>  };
> diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
> index 13adb95..3d58081 100644
> --- a/include/qemu/thread-win32.h
> +++ b/include/qemu/thread-win32.h
> @@ -17,6 +17,10 @@ struct QemuSemaphore {
>  HANDLE sema;
>  };
>  
> +struct QemuEvent {
> +HANDLE event;
> +};
> +
>  typedef struct QemuThreadData QemuThreadData;
>  struct QemuThread {
>  QemuThreadData *data;
> diff --git a/include/qemu/thread.h b/include/qemu/thread.h
> index c02404b..3e32c65 100644
> --- a/include/qemu/thread.h
> +++ b/include/qemu/thread.h
> @@ -7,6 +7,7 @@
>  typedef struct QemuMutex QemuMutex;
>  typedef struct QemuCond QemuCond;
>  typedef struct QemuSemaphore QemuSemaphore;
> +typedef struct QemuEvent QemuEvent;
>  typedef struct QemuThread QemuThread;
>  
>  #ifdef _WIN32
> @@ -45,6 +46,12 @@ void qemu_sem_wait(QemuSemaphore *sem);
>  int qemu_sem_timedwait(QemuSemaphore *sem, int ms);
>  void qemu_sem_destroy(QemuSemaphore *sem);
>  
> +void qemu_event_init(QemuEvent *ev, bool init);
> +void qemu_event_set(QemuEvent *ev);
> +void qemu_event_reset(QemuEvent *ev);
> +void qemu_event_wait(QemuEvent *ev);
> +void qemu_event_destroy(QemuEvent *ev);
> +
>  void qemu_thread_create(QemuThread *thread,
>  void *(*start_routine)(void *),
>  void *arg, int mode);
> diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
> index 4de133e..37dd298 100644
> --- a/util/qemu-thread-posix.c
> +++ b/util/qemu-thread-posix.c
> @@ -20,7 +20,12 @@
>  #include 
>  #include 
>  #include 
> +#ifdef __linux__
> +#include 
> +#include 
> +#endif
>  #include "qemu/thread.h"
> +#include "qemu/atomic.h"
>  
>  static void error_exit(int err, const char *msg)
>  {
> @@ -272,6 +277,117 @@ void qemu_sem_wait(QemuSemaphore *sem)
>  #endif
>  }
>  
> +#ifdef __linux__
> +#define futex(...)  syscall(__NR_futex, __VA_ARGS__)
> +
> +static inline void futex_wake(QemuEvent *ev, int n)
> +{
> +futex(ev, FUTEX_WAKE, n, NULL, NULL, 0);
> +}
> +
> +static inline void futex_wait(QemuEvent *ev, unsigned val)
> +{
> +futex(ev, FUTEX_WAIT, (int) val, NULL, NULL, 0);
> +}
> +#else
> +static inline void futex_wake(QemuEvent *ev, int n)
> +{
> +if (n == 1) {
> +pthread_cond_signal(&ev->cond);
> +} else {
> +pthread_cond_broadcast(&ev->cond);
> +}
> +}
> +
> +static inline void futex_wait(QemuEvent *ev, unsigned val)
> +{
> +pthread_mutex_lock(&ev->lock);
> +if (ev->value == val) {
> +pthread_cond_wait(&ev->cond, &ev->lock);
> +}
> +pthread_mutex_unlock(&ev->lock);
> +}
> +#endif
> +
> +/* Valid transitions:
> + * - free->set, when setting the event
> + * - busy->set, when setting the event, followed by futex_wake
> + * - set->free, when resetting the event
> + * - free->busy, when waiting
> + *
> + * set->busy does not happen (it can be observed from the outside but
> + * it really is set->free->busy).
> + *
> + * busy->free provably c

Re: [Qemu-devel] [PATCH v4 4/4] timer: make qemu_clock_enable sync between disable and timer's cb

2013-09-22 Thread Jan Kiszka
On 2013-09-22 10:11, Liu Ping Fan wrote:
> After disabling the QemuClock, we should make sure that no QemuTimers
> are still in flight. To implement that with light overhead, we resort
> to QemuEvent. The caller of disabling will wait on QemuEvent of each
> timerlist.
> 
> Note, qemu_clock_enable(foo,false) can _not_ be called from timer's cb.
> And the callers of qemu_clock_enable() should be sync by themselves,
> not protected by this patch.
> 
> Signed-off-by: Liu Ping Fan 
> ---
>  include/qemu/timer.h |  4 
>  qemu-timer.c | 20 +++-
>  2 files changed, 23 insertions(+), 1 deletion(-)
> 
> diff --git a/include/qemu/timer.h b/include/qemu/timer.h
> index e4934dd..b26909a 100644
> --- a/include/qemu/timer.h
> +++ b/include/qemu/timer.h
> @@ -185,6 +185,10 @@ void qemu_clock_notify(QEMUClockType type);
>   * @enabled: true to enable, false to disable
>   *
>   * Enable or disable a clock
> + * Disabling the clock will wait for related timerlists to stop
> + * executing qemu_run_timers.  Thus, this functions should not
> + * be used from the callback of a timer that is based on @clock.
> + * Doing so would cause a deadlock.
>   */
>  void qemu_clock_enable(QEMUClockType type, bool enabled);
>  
> diff --git a/qemu-timer.c b/qemu-timer.c
> index 95ff47f..c500a76 100644
> --- a/qemu-timer.c
> +++ b/qemu-timer.c
> @@ -45,6 +45,7 @@
>  /* timers */
>  
>  typedef struct QEMUClock {
> + /* We rely on BQL to protect the timerlists */
>  QLIST_HEAD(, QEMUTimerList) timerlists;
>  
>  NotifierList reset_notifiers;
> @@ -70,6 +71,8 @@ struct QEMUTimerList {
>  QLIST_ENTRY(QEMUTimerList) list;
>  QEMUTimerListNotifyCB *notify_cb;
>  void *notify_opaque;
> +/* light weight method to mark the end of timerlist's running */
> +QemuEvent ev;

What about "timers_done_ev"?

>  };
>  
>  /**
> @@ -98,6 +101,7 @@ QEMUTimerList *timerlist_new(QEMUClockType type,
>  QEMUClock *clock = qemu_clock_ptr(type);
>  
>  timer_list = g_malloc0(sizeof(QEMUTimerList));
> +qemu_event_init(&timer_list->ev, false);
>  timer_list->clock = clock;
>  timer_list->notify_cb = cb;
>  timer_list->notify_opaque = opaque;
> @@ -140,13 +144,24 @@ void qemu_clock_notify(QEMUClockType type)
>  }
>  }
>  
> +/* Disabling the clock will wait for related timerlists to stop
> + * executing qemu_run_timers.  Thus, this functions should not
> + * be used from the callback of a timer that is based on @clock.
> + * Doing so would cause a deadlock.
> + */
>  void qemu_clock_enable(QEMUClockType type, bool enabled)
>  {
>  QEMUClock *clock = qemu_clock_ptr(type);
> +QEMUTimerList *tl;
>  bool old = clock->enabled;
>  clock->enabled = enabled;
>  if (enabled && !old) {
>  qemu_clock_notify(type);
> +} else if (!enabled && old) {
> +/* We rely on BQL to protect the timerlists */

So the caller of qemu_clock_enable has to hold the BQL? Then please add
that to the function description above instead.

Jan

> +QLIST_FOREACH(tl, &clock->timerlists, list) {
> +qemu_event_wait(&tl->ev);
> +}
>  }
>  }
>  
> @@ -373,8 +388,10 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
>  QEMUTimer *ts;
>  int64_t current_time;
>  bool progress = false;
> -   
> +
> +qemu_event_reset(&timer_list->ev);
>  if (!timer_list->clock->enabled) {
> +qemu_event_set(&timer_list->ev);
>  return progress;
>  }
>  
> @@ -392,6 +409,7 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
>  ts->cb(ts->opaque);
>  progress = true;
>  }
> +qemu_event_set(&timer_list->ev);
>  return progress;
>  }
>  
> 


-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux