Re: [Qemu-devel] [PATCH] spapr-pci: enable adding PHB via -device

[Markus Armbruster]

Alexey Kardashevskiy  writes:

> On 01/21/2014 02:27 AM, Markus Armbruster wrote:
>> Alexey Kardashevskiy  writes:
>> 
>>> Recent changes introduced cannot_instantiate_with_device_add_yet
>>> and removed capability of adding yet another PCI host bridge via
>>> command line for SPAPR platform (POWERPC64 server).
>> 
>> Specifically:
>> 
>> commit 837d37167dc446af8a91189108b363c04609e296
>> Author: Markus Armbruster 
>> Date:   Thu Nov 28 17:26:55 2013 +0100
>> 
>> sysbus: Set cannot_instantiate_with_device_add_yet
>> 
>> device_add plugs devices into suitable bus.  For "real" buses, that
>> actually connects the device.  For sysbus, the connections need to be
>> made separately, and device_add can't do that.  The device would be
>> left unconnected, and could not possibly work.
>> 
>> Quite a few, but not all sysbus devices already set
>> cannot_instantiate_with_device_add_yet in their class init function.
>> 
>> Set it in their abstract base's class init function
>> sysbus_device_class_init(), and remove the now redundant assignments
>> from device class init functions.
>> 
>> Signed-off-by: Markus Armbruster 
>> Reviewed-by: Marcel Apfelbaum 
>> Signed-off-by: Andreas Färber 
>> 
>> Always good to point to specific commits in commit messages instead of
>> hand-waving "recent changes".
>
>
> My bad, I'll do this next time. Just lost myself in that patch series.
>
>
>>> This brings the capability back and puts SPAPR PHB into "bridge"
>>> category.
>> 
>> Look, a sysbus device that grabs the resources it needs from its init()
>> callback instead of getting connected to them by the code that creates
>> it!  I'm not sure that's proper, but if it works...  Maybe Andreas
>> (cc'ed) can advise.
>
> Sorry, I am not following you. SPAPR PHB allocates resources (memory
> regions...) as (for example) E1000 ethernet device does.

"Resources" was a poor choice of word.

I'm talking about connections to other devices.  An ordinary device on a
proper bus like PCI or USB gets all its connections via its bus.  The
"sysbus" doesn't provide any connection opportunities for its devices.
Instead, the connections are made by the code creating the device.

You tell me "-device spapr-pci-host-bridge" works (with your patch).
That either means it doesn't need any such connections, or it sets them
up itself somehow, or I'm missing something.  The first two would be
unusual, the latter not so much :)

>>> This is not much use for emulated PHB but it is absolutely required
>>> for VFIO as we put an IOMMU group onto a separate PHB on SPAPR.
>>>
>>> Cc: Markus Armbruster 
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>>
>>> Are -device and device_add considered synonims? SPAPR PHB can be added
>>> via the command line just fine but cannot from device_add as
>>> "Bus 'main-system-bus' does not support hotplugging".
>> 
>> -device is cold plug, device_add is hot plug.  device_add could be
>> improved to do cold plug when used before the machine starts.
>
>
> S? We figured that out on IRC :) At the moment it is regression -
> -device used to work for PHB and now it does not.

IRC is ephemeral, the list is not.

> Alex Graf applied to his ppc-next, just to be clear - are you ack'ing or
> nack'ing this patch?

I'm certainly not vetoing anything here!

> In any cace, what do you think I should change in what I do in spapr_pci.c?
> I most probably will, just need some directions.

Nothing, unless further discussion leads to action items.

Re: [Qemu-devel] [PATCH v2] x86: gigabyte alignment for ram

[Gerd Hoffmann]

> > > My laptop has it reserved in a \_SB\PCI0\LPC\SIO device instead:
> > > 
> > > Device (LPC)
> > > {
> > > Name (_ADR, 0x001F)  // _ADR: Address
> > > Name (_S3D, 0x03)  // _S3D: S3 Device State
> > > Name (RID, 0x00)
> > > Device (SIO)
> > > {
> > > Name (_HID, EisaId ("PNP0C0P2"))
> > > Name (_UID, 0x00)  // _UID: Unique ID
> > > Name (SCRS, ResourceTemplate ()
> > > {
> > > [ ... ]
> > > Memory32Fixed (ReadWrite,
> > > 0xF800, // Address Base
> > > 0x0400, // Address Length
> > > )
> > > [ ... ]
> > > 
> > > cheers,
> > >   Gerd
> > > 
> > 
> > We can try, but Igor tried to do something like this recently (
> > for IO resources) and windows guests kept crashing
> > unless he made holes in _CRS.
> I've tried to consume ranges under piix_pm/lpc device,
> there were no any indication that ranges were ever consumed.

I see this in dmesg:

[0.128636] PCI: MMCONFIG at [mem 0xf800-0xfbff] reserved in
ACPI motherboard resources

cheers,
  Gerd

Re: [Qemu-devel] Exposing and calculating CPU APIC IDs (was Re: [RFC 1/3] target-i386: moving registers of vmstate from cpu_exec_init() to x86_cpu_realizefn())

[Chen Fan]

On Mon, 2014-01-20 at 13:29 +0100, Igor Mammedov wrote:
> On Fri, 17 Jan 2014 17:13:55 -0200
> Eduardo Habkost  wrote:
> 
> > On Wed, Jan 15, 2014 at 03:37:04PM +0100, Igor Mammedov wrote:
> > > On Wed, 15 Jan 2014 20:24:01 +0800
> > > Chen Fan  wrote:
> > > > On Tue, 2014-01-14 at 11:40 +0100, Igor Mammedov wrote:
> > > > > On Tue, 14 Jan 2014 17:27:20 +0800
> > > > > Chen Fan  wrote:
> > > > > 
> > > > > > the intend of this patch is to register cpu vmstates with apic id 
> > > > > > instead of cpu
> > > > > > index, due to the property setting of apic_id is behind the cpu 
> > > > > > initialization. so
> > > > > > we move the registers of cpu vmstate from cpu_exec_init() to 
> > > > > > x86_cpu_realizefn() to
> > > > > > let the set apicid as the parameter.
> > > > > > 
> > > > > > Signed-off-by: Chen Fan 
> > > > > > ---
> > > > > >  exec.c| 5 +
> > > > > >  target-i386/cpu.c | 9 +
> > > > > >  2 files changed, 14 insertions(+)
> > > > > > 
> > > > > > diff --git a/exec.c b/exec.c
> > > > > > index 7e49e8e..9be5855 100644
> > > > > > --- a/exec.c
> > > > > > +++ b/exec.c
> > > > > > @@ -438,7 +438,9 @@ CPUState *qemu_get_cpu(int index)
> > > > > >  void cpu_exec_init(CPUArchState *env)
> > > > > >  {
> > > > > >  CPUState *cpu = ENV_GET_CPU(env);
> > > > > > +#if !defined(TARGET_I386)
> > > > > >  CPUClass *cc = CPU_GET_CLASS(cpu);
> > > > > > +#endif
> > > > > >  CPUState *some_cpu;
> > > > > >  int cpu_index;
> > > > > >  
> > > > > > @@ -460,6 +462,8 @@ void cpu_exec_init(CPUArchState *env)
> > > > > >  #if defined(CONFIG_USER_ONLY)
> > > > > >  cpu_list_unlock();
> > > > > >  #endif
> > > > > > +
> > > > > > +#if !defined(TARGET_I386)
> > > > > >  if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
> > > > > >  vmstate_register(NULL, cpu_index, &vmstate_cpu_common, 
> > > > > > cpu);
> > > > > >  }
> > > > > > @@ -472,6 +476,7 @@ void cpu_exec_init(CPUArchState *env)
> > > > > >  if (cc->vmsd != NULL) {
> > > > > >  vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
> > > > > >  }
> > > > > > +#endif /* !TARGET_I386 */
> > > > > >  }
> > > > > >  
> > > > > >  #if defined(TARGET_HAS_ICE)
> > > > > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > > > > > index 967529a..dada6f6 100644
> > > > > > --- a/target-i386/cpu.c
> > > > > > +++ b/target-i386/cpu.c
> > > > > > @@ -2552,6 +2552,7 @@ static void x86_cpu_apic_realize(X86CPU *cpu, 
> > > > > > Error **errp)
> > > > > >  static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
> > > > > >  {
> > > > > >  CPUState *cs = CPU(dev);
> > > > > > +CPUClass *cc = CPU_GET_CLASS(cs);
> > > > > >  X86CPU *cpu = X86_CPU(dev);
> > > > > >  X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
> > > > > >  CPUX86State *env = &cpu->env;
> > > > > > @@ -2615,6 +2616,14 @@ static void x86_cpu_realizefn(DeviceState 
> > > > > > *dev, Error **errp)
> > > > > >  cpu_reset(cs);
> > > > > >  
> > > > > >  xcc->parent_realize(dev, &local_err);
> > > > > > +
> > > > > > +if (qdev_get_vmsd(DEVICE(cs)) == NULL) {
> > > > > > +vmstate_register(NULL, env->cpuid_apic_id, 
> > > > > > &vmstate_cpu_common, cs);
> > > > > > +}
> > > > > > +
> > > > > > +if (cc->vmsd != NULL) {
> > > > > > +vmstate_register(NULL, env->cpuid_apic_id, cc->vmsd, cs);
> > > > > > +}
> > > > > how about doing it in common CPUclass.realize()
> > > > > you can use get_arch_id() for getting CPU id, it returns cpu_index by 
> > > > > default
> > > > > and apic_id for target-i386.
> > > > 
> > > > Thanks for your kind suggestion, does this mean we can directly move
> > > > vmstate_register to cpu_common_realizefn()? 
> > > yep, that is a gist of it.
> > > 
> > > There is more to the issue with discontinuous CPUs, a lot of code still
> > > use cpu_index and the way it's allocated is not compatible with 
> > > discontinuous
> > > CPUs, so this issue should be fixed as well.
> > > 
> > > Also you propose to use a raw apic id with CLI/user interface.
> > > I recall there were objections to it since APIC ID contains topology
> > > information and it's not trivial for user to get it right.
> > > The last idea that was discussed to fix it was not expose APIC ID to
> > > user but rather introduce QOM hierarchy like:
> > >   /machine/node/N/socket/X/core/Y/thread/Z
> > > and use it in user interface as a means to specify an arbitrary CPU
> > > and let QEMU calculate APIC ID based on this path.
> > > 
> > > But nobody took on implementing it yet.
> > 
> > We're taking so long to get a decent interface implemented, that part of
> > me is considering exposing the APIC ID directly like suggested before,
> > and requiring libvirt to calculate topology-aware APIC IDs[1] to
> > properly implement CPU hotplug (and possibly for other tasks).
> If you are speaking about 
> 'qemu will core dump with "-smp 254, sockets=2, cores=3, threads=2"'
> http://patchwork.ozlabs.org/patch/301272/
> bug then it's

[Qemu-devel] [PATCH] vmdk: Check for overhead when opening

[Fam Zheng]

Report an error if file size is even smaller than metadata.

Signed-off-by: Fam Zheng 
---
 block/vmdk.c   | 7 +++
 tests/qemu-iotests/059 | 6 ++
 tests/qemu-iotests/059.out | 5 +
 3 files changed, 18 insertions(+)

diff --git a/block/vmdk.c b/block/vmdk.c
index c6b60b4..7b53d41 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -640,6 +640,13 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
 if (le32_to_cpu(header.flags) & VMDK4_FLAG_RGD) {
 l1_backup_offset = le64_to_cpu(header.rgd_offset) << 9;
 }
+if (bdrv_getlength(file) <
+le64_to_cpu(header.grain_offset) * BDRV_SECTOR_SIZE) {
+error_report("File truncated, expecting at least %lld bytes",
+le64_to_cpu(header.grain_offset) * BDRV_SECTOR_SIZE);
+return -EINVAL;
+}
+
 ret = vmdk_add_extent(bs, file, false,
   le64_to_cpu(header.capacity),
   le64_to_cpu(header.gd_offset) << 9,
diff --git a/tests/qemu-iotests/059 b/tests/qemu-iotests/059
index 65bea1d..30671c0 100755
--- a/tests/qemu-iotests/059
+++ b/tests/qemu-iotests/059
@@ -95,6 +95,12 @@ EOF
 _img_info
 
 echo
+echo "=== Testing truncated sparse ==="
+IMGOPTS="subformat=monolithicSparse" _make_test_img 100G
+truncate -s 10M $TEST_IMG
+_img_info
+
+echo
 echo "=== Testing version 3 ==="
 _use_sample_img iotest-version3.vmdk.bz2
 _img_info
diff --git a/tests/qemu-iotests/059.out b/tests/qemu-iotests/059.out
index 16ab7c6..7cc0e11 100644
--- a/tests/qemu-iotests/059.out
+++ b/tests/qemu-iotests/059.out
@@ -2043,6 +2043,11 @@ qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Invalid 
extent lines:
 RW 12582912 VMFS "dummy.IMGFMT" 1
 
 
+=== Testing truncated sparse ===
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=107374182400
+qemu-img: File truncated, expecting at least 13172736 bytes
+qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Could not open 
'TEST_DIR/t.IMGFMT': Wrong medium type
+
 === Testing version 3 ===
 image: TEST_DIR/iotest-version3.IMGFMT
 file format: IMGFMT
-- 
1.8.5.3

Re: [Qemu-devel] [PATCH v1 3/3] qcow2: check for NULL l2meta

[Hu Tao]

On Tue, Jan 21, 2014 at 11:33:18AM +0800, Hu Tao wrote:
> On Mon, Jan 20, 2014 at 04:17:16PM +0100, Kevin Wolf wrote:
> > Am 20.01.2014 um 04:04 hat Hu Tao geschrieben:
> > > On Sun, Jan 19, 2014 at 05:18:05PM +0100, Max Reitz wrote:
> > > > On 30.12.2013 06:29, Hu Tao wrote:
> > > > >In case of do preallocating metadata with a large cluster size,
> > > > >qcow2_alloc_cluster_offset() can allocate nothing and returns
> > > > >a NULL l2meta. This patch checks for it and link2 l2 with only
> > > > >valid l2meta.
> > > > >
> > > > >Signed-off-by: Hu Tao 
> > > > >---
> > > > >  block/qcow2.c | 14 --
> > > > >  1 file changed, 8 insertions(+), 6 deletions(-)
> > > > >
> > > > >diff --git a/block/qcow2.c b/block/qcow2.c
> > > > >index 46860d5..380c240 100644
> > > > >--- a/block/qcow2.c
> > > > >+++ b/block/qcow2.c
> > > > >@@ -1399,18 +1399,20 @@ static int preallocate(BlockDriverState *bs)
> > > > >  offset = 0;
> > > > >  while (nb_sectors) {
> > > > >-num = MIN(nb_sectors, INT_MAX >> 9);
> > > > >+num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
> > > > 
> > > > Well, if you're already adjusting this here, you could also replace
> > > > the other occurrences of 9 and 512 in this function. ;-)
> > > > 
> > > > >  ret = qcow2_alloc_cluster_offset(bs, offset, &num,
> > > > >   &host_offset, &meta);
> > > > >  if (ret < 0) {
> > > > >  return ret;
> > > > >  }
> > > > >-ret = qcow2_alloc_cluster_link_l2(bs, meta);
> > > > >-if (ret < 0) {
> > > > >-qcow2_free_any_clusters(bs, meta->alloc_offset, 
> > > > >meta->nb_clusters,
> > > > >-QCOW2_DISCARD_NEVER);
> > > > >-return ret;
> > > > >+if (meta) {
> > > > >+ret = qcow2_alloc_cluster_link_l2(bs, meta);
> > > > >+if (ret < 0) {
> > > > >+qcow2_free_any_clusters(bs, meta->alloc_offset,
> > > > >+meta->nb_clusters, 
> > > > >QCOW2_DISCARD_NEVER);
> > > > >+return ret;
> > > > >+}
> > > > >  }
> > > > >  /* There are no dependent requests, but we need to remove 
> > > > > our request
> > > > 
> > > > But this doesn't make this patch wrong, so:
> > > > 
> > > > Reviewed-by: Max Reitz 
> > > 
> > > Max,
> > > 
> > > Thanks for all of you comments!
> > 
> > The series looks good in general, but I think the comments are worth
> > addressing before we merge it. I would also love to see an qemu-iotests
> > case that tests the cases that would previously crash.

Should I add the test case into an existing file or create a new file?

[Qemu-devel] [PATCH v4 1/1] qtest: Fix "make check" failing for "--disable-vnc"

[Kewei Yu]

When we disable vnc from "./configure", QEMU can't use the vnc option.
So qtest can't use the "vnc -none ", otherwise "make check" fails.
If QEMU uses "-display none", "-vnc none" is excrescent, So we just need to 
drop it.

Signed-off-by: Kewei Yu 
Reviewed-by: Paolo Bonzini 
Signed-off-by: Kevin Wolf 
---
 v2: Consolidate VNC macro's #ifdef'ery to one central point (tests/libqtest.c).
 v3: Fix the spelling and terminology error: "s/disabling/disable; s/the\ 
qemu/QEMU; s/hangs/fails;"
 v4: Modify the subject according to the suggestion of Andreas.
---

 tests/fdc-test.c |5 +
 tests/ide-test.c |3 ---
 2 files changed, 1 insertions(+), 7 deletions(-)

diff --git a/tests/fdc-test.c b/tests/fdc-test.c
index 38b5b17..37096dc 100644
--- a/tests/fdc-test.c
+++ b/tests/fdc-test.c
@@ -518,7 +518,6 @@ static void fuzz_registers(void)
 int main(int argc, char **argv)
 {
 const char *arch = qtest_get_arch();
-char *cmdline;
 int fd;
 int ret;
 
@@ -538,9 +537,7 @@ int main(int argc, char **argv)
 /* Run the tests */
 g_test_init(&argc, &argv, NULL);
 
-cmdline = g_strdup_printf("-vnc none ");
-
-qtest_start(cmdline);
+qtest_start(NULL);
 qtest_irq_intercept_in(global_qtest, "ioapic");
 qtest_add_func("/fdc/cmos", test_cmos);
 qtest_add_func("/fdc/no_media_on_start", test_no_media_on_start);
diff --git a/tests/ide-test.c b/tests/ide-test.c
index d5cec5a..4a0d97f 100644
--- a/tests/ide-test.c
+++ b/tests/ide-test.c
@@ -380,7 +380,6 @@ static void test_bmdma_no_busmaster(void)
 static void test_bmdma_setup(void)
 {
 ide_test_start(
-"-vnc none "
 "-drive file=%s,if=ide,serial=%s,cache=writeback "
 "-global ide-hd.ver=%s",
 tmp_path, "testdisk", "version");
@@ -410,7 +409,6 @@ static void test_identify(void)
 int ret;
 
 ide_test_start(
-"-vnc none "
 "-drive file=%s,if=ide,serial=%s,cache=writeback "
 "-global ide-hd.ver=%s",
 tmp_path, "testdisk", "version");
@@ -455,7 +453,6 @@ static void test_flush(void)
 uint8_t data;
 
 ide_test_start(
-"-vnc none "
 "-drive file=blkdebug::%s,if=ide,cache=writeback",
 tmp_path);
 
-- 
1.7.1

Re: [Qemu-devel] [RFC PATCH] elf loader: exit if incompatible architecture is detected

[Alexey Kardashevskiy]

On 01/21/2014 02:11 AM, Alexander Graf wrote:
> 
> On 07.01.2014, at 05:35, Alexey Kardashevskiy  wrote:
> 
>> If we know for sure that the image in "-kernel" is an ELF and we know its
>> architecture and it is not supported by the current QEMU, there is no
>> point to continue trying booting this image so let's exit once we deteced
>> this fact.
>>
>> Signed-off-by: Alexey Kardashevskiy 
> 
> How about we just remove non-ELF loading from -kernel on -M pseries?


We are fine with that, never tried non-elf anyway, I'll cook another patch
for that. I suppose I do exit(), just one level up, in
spapr_machine:init(), correct?


> 
> 
> Alex
> 
>> ---
>>
>>
>> One of our users tried an X86 image with qemu-system-ppc64. Instead of
>> printing some reasonable message (which is possible in this case as the image
>> is ELF), QEMU (spapr.c) simply copied the image in RAM as a raw image and
>> SLOF failed to boot from it.
>>
>> The patch fixes the issue but there are still questions.
>>
>> 1. Do we need more sophisticated error checking here? Return -2 instead of 
>> exit(1)
>> and do exit(1) few levels up?
>>
>> 2. The patch does not handle x86's vmlinuz case - these images are not ELFs
>> but "Linux kernel x86 boot executable bzImage" and QEMU does not parse them.
>> As a result, SLOF crashes with the registers dump. Do we really care to 
>> handle this?
>>
>>
>> ---
>> include/hw/elf_ops.h | 13 +
>> 1 file changed, 9 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
>> index acc701e..6bcc61f 100644
>> --- a/include/hw/elf_ops.h
>> +++ b/include/hw/elf_ops.h
>> @@ -212,21 +212,21 @@ static int glue(load_elf, SZ)(const char *name, int fd,
>> case EM_PPC64:
>> if (EM_PPC64 != ehdr.e_machine)
>> if (EM_PPC != ehdr.e_machine)
>> -goto fail;
>> +goto arch_fail;
>> break;
>> case EM_X86_64:
>> if (EM_X86_64 != ehdr.e_machine)
>> if (EM_386 != ehdr.e_machine)
>> -goto fail;
>> +goto arch_fail;
>> break;
>> case EM_MICROBLAZE:
>> if (EM_MICROBLAZE != ehdr.e_machine)
>> if (EM_MICROBLAZE_OLD != ehdr.e_machine)
>> -goto fail;
>> +goto arch_fail;
>> break;
>> default:
>> if (elf_machine != ehdr.e_machine)
>> -goto fail;
>> +goto arch_fail;
>> }
>>
>> if (pentry)
>> @@ -306,4 +306,9 @@ static int glue(load_elf, SZ)(const char *name, int fd,
>> g_free(data);
>> g_free(phdr);
>> return -1;
>> +
>> +arch_fail:
>> +fprintf(stderr, "qemu: could not load arch-incompatible kernel '%s'\n",
>> +name);
>> +exit(1);
>> }
>> -- 
>> 1.8.4.rc4
>>
> 


-- 
Alexey

Re: [Qemu-devel] [PATCH V5 0/7] Giving names to BlockDriverState graph nodes

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> v5:
> block empty node names [Kevin]
> factorize setting of node-name option [Kevin]
> NULL terminate node_name on removal [Kevin]
> make query-named-block-nodes return BlockDeviceInfo structure [Eric]
> Change some doc in query-named-block-nodes [Eric]
> Document the choice of the QMP API for node name [Eric]
> Use the same authorization as snapshot on block resize [Kevin]
> Rebase the series [Kevin]

Looks mostly good to me. But the external snapshot permission protection
interface looks a bit obsecuer to me. Let's wait for other reviewers' comments.

Thanks,
Fam

> 
> Benoît Canet (7):
>   block: Add bs->node_name to hold the name of a bs node of the bs
> graph.
>   block: Allow the user to define "node-name" option.
>   qmp: Add a command to list the named BlockDriverState nodes.
>   qmp: Allow to change password on named block driver states.
>   block: Create authorizations mechanism for external snapshot and
> resize.
>   qmp: Allow block_resize to manipulate bs graph nodes.
>   qmp: Allow to take external snapshots on bs graphs node.
> 
>  block.c   | 210 
> +-
>  block/blkverify.c |   2 +-
>  block/qapi.c  | 109 
>  blockdev.c|  93 
>  hmp.c |   8 +-
>  include/block/block.h |  23 +++--
>  include/block/block_int.h |  21 -
>  include/block/qapi.h  |   1 +
>  qapi-schema.json  |  48 +--
>  qmp-commands.hx   |  78 -
>  10 files changed, 471 insertions(+), 122 deletions(-)
> 
> -- 
> 1.8.3.2
> 

Re: [Qemu-devel] [PATCH V5 7/7] qmp: Allow to take external snapshots on bs graphs node.

[Fam Zheng]

On Thu, 12/12 16:34, Benoît Canet wrote:
> Signed-off-by: Benoit Canet 
> ---
>  blockdev.c   | 55 ---
>  hmp.c|  4 +++-
>  qapi-schema.json | 13 ++---
>  qmp-commands.hx  | 11 ++-
>  4 files changed, 71 insertions(+), 12 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index 374d03d..1246544 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -940,14 +940,22 @@ static void blockdev_do_action(int kind, void *data, 
> Error **errp)
>  qmp_transaction(&list, errp);
>  }
>  
> -void qmp_blockdev_snapshot_sync(const char *device, const char 
> *snapshot_file,
> +void qmp_blockdev_snapshot_sync(bool has_device, const char *device,
> +bool has_node_name, const char *node_name,
> +const char *snapshot_file,
> +bool has_snapshot_node_name,
> +const char *snapshot_node_name,
>  bool has_format, const char *format,
> -bool has_mode, enum NewImageMode mode,
> -Error **errp)
> +bool has_mode, NewImageMode mode, Error 
> **errp)
>  {
>  BlockdevSnapshot snapshot = {
> +.has_device = has_device,
>  .device = (char *) device,
> +.has_node_name = has_node_name,
> +.node_name = (char *) node_name,
>  .snapshot_file = (char *) snapshot_file,
> +.has_snapshot_node_name = has_snapshot_node_name,
> +.snapshot_node_name = (char *) snapshot_node_name,
>  .has_format = has_format,
>  .format = (char *) format,
>  .has_mode = has_mode,
> @@ -1185,8 +1193,14 @@ static void 
> external_snapshot_prepare(BlkTransactionState *common,
>  {
>  BlockDriver *drv;
>  int flags, ret;
> +QDict *options = NULL;
>  Error *local_err = NULL;
> +bool has_device = false;
>  const char *device;
> +bool has_node_name = false;
> +const char *node_name;
> +bool has_snapshot_node_name = false;
> +const char *snapshot_node_name;
>  const char *new_image_file;
>  const char *format = "qcow2";
>  enum NewImageMode mode = NEW_IMAGE_MODE_ABSOLUTE_PATHS;
> @@ -1197,7 +1211,14 @@ static void 
> external_snapshot_prepare(BlkTransactionState *common,
>  /* get parameters */
>  g_assert(action->kind == TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_SYNC);
>  
> +has_device = action->blockdev_snapshot_sync->has_device;
>  device = action->blockdev_snapshot_sync->device;
> +has_node_name = action->blockdev_snapshot_sync->has_node_name;
> +node_name = action->blockdev_snapshot_sync->node_name;
> +has_snapshot_node_name =
> +action->blockdev_snapshot_sync->has_snapshot_node_name;
> +snapshot_node_name = action->blockdev_snapshot_sync->snapshot_node_name;
> +
>  new_image_file = action->blockdev_snapshot_sync->snapshot_file;
>  if (action->blockdev_snapshot_sync->has_format) {
>  format = action->blockdev_snapshot_sync->format;
> @@ -1213,9 +1234,21 @@ static void 
> external_snapshot_prepare(BlkTransactionState *common,
>  return;
>  }
>  
> -state->old_bs = bdrv_find(device);
> -if (!state->old_bs) {
> -error_set(errp, QERR_DEVICE_NOT_FOUND, device);
> +state->old_bs = bdrv_lookup_bs(has_device, device,
> +   has_node_name, node_name,
> +   &local_err);
> +if (error_is_set(&local_err)) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +if (has_node_name && !has_snapshot_node_name) {
> +error_setg(errp, "New snapshot node name missing");
> +return;
> +}
> +
> +if (has_snapshot_node_name && bdrv_find_node(snapshot_node_name)) {
> +error_setg(errp, "New snapshot node name already existing");
>  return;
>  }
>  
> @@ -1255,15 +1288,23 @@ static void 
> external_snapshot_prepare(BlkTransactionState *common,
>  }
>  }
>  
> +if (has_snapshot_node_name) {
> +options = qdict_new();
> +qdict_put(options, "node-name",
> +  qstring_from_str(snapshot_node_name));
> +}
> +
>  /* We will manually add the backing_hd field to the bs later */
>  state->new_bs = bdrv_new("");
>  /* TODO Inherit bs->options or only take explicit options with an
>   * extended QMP command? */
> -ret = bdrv_open(state->new_bs, new_image_file, NULL,
> +ret = bdrv_open(state->new_bs, new_image_file, options,
>  flags | BDRV_O_NO_BACKING, drv, &local_err);
>  if (ret != 0) {
>  error_propagate(errp, local_err);
>  }
> +
> +QDECREF(options);
>  }
>  
>  static void external_snapshot_commit(BlkTransactionState *common)
> diff --git a/hmp.c b/hmp.c
> index 906ddb7..47dcf0c 100644
> --- a/hmp.c

Re: [Qemu-devel] [PATCH V5 6/7] qmp: Allow block_resize to manipulate bs graph nodes.

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> Signed-off-by: Benoit Canet 
> ---
>  blockdev.c   | 18 ++
>  hmp.c|  2 +-
>  qapi-schema.json | 10 --
>  qmp-commands.hx  |  3 ++-
>  4 files changed, 25 insertions(+), 8 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index ebb8f48..374d03d 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1676,14 +1676,24 @@ int do_drive_del(Monitor *mon, const QDict *qdict, 
> QObject **ret_data)
>  return 0;
>  }
>  
> -void qmp_block_resize(const char *device, int64_t size, Error **errp)
> +void qmp_block_resize(bool has_device, const char *device,
> +  bool has_node_name, const char *node_name,
> +  int64_t size, Error **errp)
>  {
> +Error *local_err = NULL;
>  BlockDriverState *bs;
>  int ret;
>  
> -bs = bdrv_find(device);
> -if (!bs) {
> -error_set(errp, QERR_DEVICE_NOT_FOUND, device);
> +bs = bdrv_lookup_bs(has_device, device,
> +has_node_name, node_name,
> +&local_err);
> +if (error_is_set(&local_err)) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +if (!bdrv_is_first_non_filter(bs)) {
> +error_set(errp, QERR_FEATURE_DISABLED, "resize");
>  return;
>  }
>  
> diff --git a/hmp.c b/hmp.c
> index 3820fbe..906ddb7 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -892,7 +892,7 @@ void hmp_block_resize(Monitor *mon, const QDict *qdict)
>  int64_t size = qdict_get_int(qdict, "size");
>  Error *errp = NULL;
>  
> -qmp_block_resize(device, size, &errp);
> +qmp_block_resize(true, device, false, NULL, size, &errp);
>  hmp_handle_error(mon, &errp);
>  }
>  
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 903fcb6..3977619 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -1722,7 +1722,11 @@
>  #
>  # Resize a block image while a guest is running.
>  #
> -# @device:  the name of the device to get the image resized
> +# Either @device or @node-name must be set but not both.
> +#
> +# @device: #optional the name of the device to get the image resized
> +#
> +# @node-name: #optional graph node name to get the image resized (Since 2.0)
>  #
>  # @size:  new image size in bytes
>  #
> @@ -1731,7 +1735,9 @@
>  #
>  # Since: 0.14.0
>  ##
> -{ 'command': 'block_resize', 'data': { 'device': 'str', 'size': 'int' }}
> +{ 'command': 'block_resize', 'data': { '*device': 'str',
> +   '*node-name': 'str',
> +   'size': 'int' }}
>  
>  ##
>  # @NewImageMode
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index 1451c1a..5696b08 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -880,7 +880,7 @@ EQMP
>  
>  {
>  .name   = "block_resize",
> -.args_type  = "device:B,size:o",
> +.args_type  = "device:s?,node-name:s?,size:o",
>  .mhandler.cmd_new = qmp_marshal_input_block_resize,
>  },
>  
> @@ -893,6 +893,7 @@ Resize a block image while a guest is running.
>  Arguments:
>  
>  - "device": the device's ID, must be unique (json-string)
> +- "node-name": the node name in the block driver state graph (json-string)
>  - "size": new size
>  
>  Example:
> -- 
> 1.8.3.2
> 
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH V5 5/7] block: Create authorizations mechanism for external snapshot and resize.

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> Signed-off-by: Benoit Canet 
> ---
>  block.c   | 65 
> ---
>  block/blkverify.c |  2 +-
>  blockdev.c|  2 +-
>  include/block/block.h | 20 +++
>  include/block/block_int.h | 12 ++---
>  5 files changed, 77 insertions(+), 24 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 22190a4..57946b7 100644
> --- a/block.c
> +++ b/block.c
> @@ -4992,21 +4992,68 @@ int bdrv_amend_options(BlockDriverState *bs, 
> QEMUOptionParameter *options)
>  return bs->drv->bdrv_amend_options(bs, options);
>  }
>  
> -ExtSnapshotPerm bdrv_check_ext_snapshot(BlockDriverState *bs)
> +/* Used to recurse on single child block filters.
> + * Single child block filter will store their child in bs->file.
> + */
> +bool bdrv_generic_is_first_non_filter(BlockDriverState *bs,
> +  BlockDriverState *candidate)
>  {
> -if (bs->drv->bdrv_check_ext_snapshot) {
> -return bs->drv->bdrv_check_ext_snapshot(bs);
> +if (!bs->drv) {
> +return false;
> +}
> +
> +if (!bs->drv->authorizations[BS_IS_A_FILTER]) {
> +if (bs == candidate) {
> +return true;
> +} else {
> +return false;
> +}
> +}
> +
> +if (!bs->drv->authorizations[BS_FILTER_PASS_DOWN]) {
> +return false;
>  }
>  
> -if (bs->file && bs->file->drv && bs->file->drv->bdrv_check_ext_snapshot) 
> {
> -return bs->file->drv->bdrv_check_ext_snapshot(bs);
> +if (!bs->file) {
> +return false;
> +}
> +
> +return bdrv_recurse_is_first_non_filter(bs->file, candidate);
> +}
> +
> +bool bdrv_recurse_is_first_non_filter(BlockDriverState *bs,
> +  BlockDriverState *candidate)
> +{
> +if (bs->drv && bs->drv->bdrv_recurse_is_first_non_filter) {
> +return bs->drv->bdrv_recurse_is_first_non_filter(bs, candidate);
>  }
>  
> -/* external snapshots are allowed by default */
> -return EXT_SNAPSHOT_ALLOWED;
> +return bdrv_generic_is_first_non_filter(bs, candidate);
>  }
>  
> -ExtSnapshotPerm bdrv_check_ext_snapshot_forbidden(BlockDriverState *bs)
> +/* This function check if the candidate is the first non filter bs down it's

s/check/checks/

> + * bs chain. Since we don't have pointers to parents it explore all bs chains
> + * from the top. Some filters can choose not to pass down the recursion.
> + */
> +bool bdrv_is_first_non_filter(BlockDriverState *candidate)
>  {
> -return EXT_SNAPSHOT_FORBIDDEN;
> +BlockDriverState *bs;
> +
> +/* walk down the bs forest recursively */
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
> +bool perm;
> +
> +if (!bs->file) {
> +continue;
> +}
> +
> +perm = bdrv_recurse_is_first_non_filter(bs->file, candidate);
> +
> +/* candidate is the first non filter */
> +if (perm) {
> +return true;
> +}
> +}
> +
> +return false;
>  }
> diff --git a/block/blkverify.c b/block/blkverify.c
> index 3c63528..853afa9 100644
> --- a/block/blkverify.c
> +++ b/block/blkverify.c
> @@ -417,7 +417,7 @@ static BlockDriver bdrv_blkverify = {
>  .bdrv_aio_writev= blkverify_aio_writev,
>  .bdrv_aio_flush = blkverify_aio_flush,
>  
> -.bdrv_check_ext_snapshot = bdrv_check_ext_snapshot_forbidden,
> +.authorizations = { true, false },
>  };
>  
>  static void bdrv_blkverify_init(void)
> diff --git a/blockdev.c b/blockdev.c
> index 838df50..ebb8f48 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1236,7 +1236,7 @@ static void 
> external_snapshot_prepare(BlkTransactionState *common,
>  }
>  }
>  
> -if (bdrv_check_ext_snapshot(state->old_bs) != EXT_SNAPSHOT_ALLOWED) {
> +if (!bdrv_is_first_non_filter(state->old_bs)) {
>  error_set(errp, QERR_FEATURE_DISABLED, "snapshot");
>  return;
>  }
> diff --git a/include/block/block.h b/include/block/block.h
> index f7d8017..16812b0 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -283,16 +283,16 @@ int bdrv_amend_options(BlockDriverState *bs_new, 
> QEMUOptionParameter *options);
>  /* external snapshots */
>  
>  typedef enum {
> -EXT_SNAPSHOT_ALLOWED,
> -EXT_SNAPSHOT_FORBIDDEN,
> -} ExtSnapshotPerm;
> -
> -/* return EXT_SNAPSHOT_ALLOWED if external snapshot is allowed
> - * return EXT_SNAPSHOT_FORBIDDEN if external snapshot is forbidden
> - */
> -ExtSnapshotPerm bdrv_check_ext_snapshot(BlockDriverState *bs);
> -/* helper used to forbid external snapshots like in blkverify */
> -ExtSnapshotPerm bdrv_check_ext_snapshot_forbidden(BlockDriverState *bs);
> +BS_IS_A_FILTER,
> +BS_FILTER_PASS_DOWN,
> +BS_AUTHORIZATION_COUNT,
> +} BsAuthorization;
> +
> +bool bdrv_generic_is_first_non_filter(BlockDriverState *bs,
> +  BlockDriverState 

Re: [Qemu-devel] [PATCH v1 3/3] qcow2: check for NULL l2meta

[Hu Tao]

On Mon, Jan 20, 2014 at 04:17:16PM +0100, Kevin Wolf wrote:
> Am 20.01.2014 um 04:04 hat Hu Tao geschrieben:
> > On Sun, Jan 19, 2014 at 05:18:05PM +0100, Max Reitz wrote:
> > > On 30.12.2013 06:29, Hu Tao wrote:
> > > >In case of do preallocating metadata with a large cluster size,
> > > >qcow2_alloc_cluster_offset() can allocate nothing and returns
> > > >a NULL l2meta. This patch checks for it and link2 l2 with only
> > > >valid l2meta.
> > > >
> > > >Signed-off-by: Hu Tao 
> > > >---
> > > >  block/qcow2.c | 14 --
> > > >  1 file changed, 8 insertions(+), 6 deletions(-)
> > > >
> > > >diff --git a/block/qcow2.c b/block/qcow2.c
> > > >index 46860d5..380c240 100644
> > > >--- a/block/qcow2.c
> > > >+++ b/block/qcow2.c
> > > >@@ -1399,18 +1399,20 @@ static int preallocate(BlockDriverState *bs)
> > > >  offset = 0;
> > > >  while (nb_sectors) {
> > > >-num = MIN(nb_sectors, INT_MAX >> 9);
> > > >+num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
> > > 
> > > Well, if you're already adjusting this here, you could also replace
> > > the other occurrences of 9 and 512 in this function. ;-)
> > > 
> > > >  ret = qcow2_alloc_cluster_offset(bs, offset, &num,
> > > >   &host_offset, &meta);
> > > >  if (ret < 0) {
> > > >  return ret;
> > > >  }
> > > >-ret = qcow2_alloc_cluster_link_l2(bs, meta);
> > > >-if (ret < 0) {
> > > >-qcow2_free_any_clusters(bs, meta->alloc_offset, 
> > > >meta->nb_clusters,
> > > >-QCOW2_DISCARD_NEVER);
> > > >-return ret;
> > > >+if (meta) {
> > > >+ret = qcow2_alloc_cluster_link_l2(bs, meta);
> > > >+if (ret < 0) {
> > > >+qcow2_free_any_clusters(bs, meta->alloc_offset,
> > > >+meta->nb_clusters, 
> > > >QCOW2_DISCARD_NEVER);
> > > >+return ret;
> > > >+}
> > > >  }
> > > >  /* There are no dependent requests, but we need to remove our 
> > > > request
> > > 
> > > But this doesn't make this patch wrong, so:
> > > 
> > > Reviewed-by: Max Reitz 
> > 
> > Max,
> > 
> > Thanks for all of you comments!
> 
> The series looks good in general, but I think the comments are worth
> addressing before we merge it. I would also love to see an qemu-iotests
> case that tests the cases that would previously crash.

Sure.  Thanks for review!

[Qemu-devel] [PATCH] qcow2: fix wrong value of L1E_OFFSET_MASK, L2E_OFFSET_MASK and REFT_OFFSET_MASK

[Hu Tao]

Accoring to qcow spec, the offset fields in l1e, l2e and ref table entry
start at bit 9. The offset is cluster offset, and the smallest possible
cluster size is 512 bytes.

Signed-off-by: Hu Tao 
---
 block/qcow2.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/block/qcow2.h b/block/qcow2.h
index 303eb26..b5b7d13 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -340,11 +340,11 @@ typedef enum QCow2MetadataOverlap {
 #define QCOW2_OL_ALL \
 (QCOW2_OL_CACHED | QCOW2_OL_INACTIVE_L2)
 
-#define L1E_OFFSET_MASK 0x0000ULL
-#define L2E_OFFSET_MASK 0x0000ULL
+#define L1E_OFFSET_MASK 0x00fffe00ULL
+#define L2E_OFFSET_MASK 0x00fffe00ULL
 #define L2E_COMPRESSED_OFFSET_SIZE_MASK 0x3fffULL
 
-#define REFT_OFFSET_MASK 0xff00ULL
+#define REFT_OFFSET_MASK 0xfe00ULL
 
 static inline int64_t start_of_cluster(BDRVQcowState *s, int64_t offset)
 {
-- 
1.8.5.2.229.g4448466

Re: [Qemu-devel] [PATCH V5 4/7] qmp: Allow to change password on named block driver states.

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> There was two candidate ways to implement named node manipulation:
> 
> 1)
> { 'command': 'block_passwd', 'data': {'*device': 'str',
>   '*node-name': 'str', 'password': 'str'}
> }
> 
> 2)
> 
> { 'command': 'block_passwd', 'data': {'device': 'str',
>   '*device-is-node': 'bool',
>   'password': 'str'} }
> 
> Luiz proposed 1 and says 2 was an abuse of the QMP interface and proposed to
> rewrite the QMP block interface for 2.0.
> 
> Luiz does not like in 1 the fact that 2 fields are optional but one of them 
> must
> be specified leading to an abuse of the QMP semantic.
> 
> Kevin argumented that 2 what a clear abuse of the device field and would not 
> be
> practical when reading fast some log file because the user would read "device"
> and think that a device is manipulated when it's in fact a node name.
> Documentation of 1 make it pretty clear what to do for the user.
> 
> Kevin argued that all bs are node including devices ones so 2 does not make
> sense.
> 
> Kevin also argued that rewriting the QMP block interface would not make 
> disapear
> the current one.
> 
> Kevin pushed the argument that making the QAPI generator compatible with the
> semantic of the operation would need a rewrite that no one has done yet.
> 
> A vote has been done on the list to elect the version to use and 1 won.
> 
> For reference the complete thread is:
> "[Qemu-devel] [PATCH V4 4/7] qmp: Allow to change password on names block 
> driver
> states."
> 
> Signed-off-by: Benoit Canet 
> ---
>  block.c   | 32 
>  blockdev.c| 13 +
>  hmp.c |  2 +-
>  include/block/block.h |  3 +++
>  qapi-schema.json  |  9 +++--
>  qmp-commands.hx   |  3 ++-
>  6 files changed, 54 insertions(+), 8 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 78d13e5..22190a4 100644
> --- a/block.c
> +++ b/block.c
> @@ -3207,6 +3207,38 @@ BlockDeviceInfoList *bdrv_named_nodes_list(void)
>  return list;
>  }
>  
> +BlockDriverState *bdrv_lookup_bs(bool has_device, const char *device,
> + bool has_node_name, const char *node_name,
> + Error **errp)
> +{
> +BlockDriverState *bs = NULL;
> +
> +if (has_device == has_node_name) {
> +error_setg(errp, "Use either device or node-name but not both");
> +return NULL;
> +}
> +
> +if (has_device) {
> +bs = bdrv_find(device);
> +
> +if (!bs) {
> +error_set(errp, QERR_DEVICE_NOT_FOUND, device);
> +return NULL;
> +}
> +
> +return bs;
> +}
> +
> +bs = bdrv_find_node(node_name);
> +
> +if (!bs) {
> +error_set(errp, QERR_DEVICE_NOT_FOUND, node_name);
> +return NULL;
> +}
> +
> +return bs;
> +}
> +
>  BlockDriverState *bdrv_next(BlockDriverState *bs)
>  {
>  if (!bs) {
> diff --git a/blockdev.c b/blockdev.c
> index 204ab40..838df50 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1474,14 +1474,19 @@ void qmp_eject(const char *device, bool has_force, 
> bool force, Error **errp)
>  eject_device(bs, force, errp);
>  }
>  
> -void qmp_block_passwd(const char *device, const char *password, Error **errp)
> +void qmp_block_passwd(bool has_device, const char *device,
> +  bool has_node_name, const char *node_name,
> +  const char *password, Error **errp)
>  {
> +Error *local_err = NULL;
>  BlockDriverState *bs;
>  int err;
>  
> -bs = bdrv_find(device);
> -if (!bs) {
> -error_set(errp, QERR_DEVICE_NOT_FOUND, device);
> +bs = bdrv_lookup_bs(has_device, device,
> +has_node_name, node_name,
> +&local_err);
> +if (error_is_set(&local_err)) {
> +error_propagate(errp, local_err);
>  return;
>  }
>  
> diff --git a/hmp.c b/hmp.c
> index 32ee285..3820fbe 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -870,7 +870,7 @@ void hmp_block_passwd(Monitor *mon, const QDict *qdict)
>  const char *password = qdict_get_str(qdict, "password");
>  Error *errp = NULL;
>  
> -qmp_block_passwd(device, password, &errp);
> +qmp_block_passwd(true, device, false, NULL, password, &errp);
>  hmp_handle_error(mon, &errp);
>  }
>  
> diff --git a/include/block/block.h b/include/block/block.h
> index 8c10123..f7d8017 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -376,6 +376,9 @@ const char *bdrv_get_format_name(BlockDriverState *bs);
>  BlockDriverState *bdrv_find(const char *name);
>  BlockDriverState *bdrv_find_node(const char *node_name);
>  BlockDeviceInfoList *bdrv_named_nodes_list(void);
> +BlockDriverState *bdrv_lookup_bs(bool has_device, const char *device,
> + bool has_node_name, const char *node_name

Re: [Qemu-devel] [PATCH V5 3/7] qmp: Add a command to list the named BlockDriverState nodes.

[Fam Zheng]

I think it's worth to at least mention the name of the command in the commit
message.

On Thu, 12/12 16:33, Benoît Canet wrote:
> Signed-off-by: Benoit Canet 
> ---
>  block.c   |  18 +
>  block/qapi.c  | 109 
> +-
>  blockdev.c|   5 +++
>  include/block/block.h |   1 +
>  include/block/qapi.h  |   1 +
>  qapi-schema.json  |  16 +++-
>  qmp-commands.hx   |  61 
>  7 files changed, 155 insertions(+), 56 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 1c57f0d..78d13e5 100644
> --- a/block.c
> +++ b/block.c
> @@ -32,6 +32,7 @@
>  #include "sysemu/sysemu.h"
>  #include "qemu/notify.h"
>  #include "block/coroutine.h"
> +#include "block/qapi.h"
>  #include "qmp-commands.h"
>  #include "qemu/timer.h"
>  
> @@ -3189,6 +3190,23 @@ BlockDriverState *bdrv_find_node(const char *node_name)
>  return NULL;
>  }
>  
> +/* Put this QMP function here so it can access the static graph_bdrv_states. 
> */
> +BlockDeviceInfoList *bdrv_named_nodes_list(void)
> +{
> +BlockDeviceInfoList *list, *entry;
> +BlockDriverState *bs;
> +
> +list = NULL;
> +QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
> +entry = g_malloc0(sizeof(*entry));
> +entry->value = bdrv_block_device_info(bs);
> +entry->next = list;
> +list = entry;
> +}
> +
> +return list;
> +}
> +
>  BlockDriverState *bdrv_next(BlockDriverState *bs)
>  {
>  if (!bs) {
> diff --git a/block/qapi.c b/block/qapi.c
> index a32cb79..556f7fb 100644
> --- a/block/qapi.c
> +++ b/block/qapi.c
> @@ -29,6 +29,60 @@
>  #include "qapi/qmp-output-visitor.h"
>  #include "qapi/qmp/types.h"
>  
> +BlockDeviceInfo *bdrv_block_device_info(BlockDriverState *bs)
> +{
> +BlockDeviceInfo *info = g_malloc0(sizeof(*info));
> +
> +info->file   = g_strdup(bs->filename);
> +info->ro = bs->read_only;
> +info->drv= g_strdup(bs->drv->format_name);
> +info->encrypted  = bs->encrypted;
> +info->encryption_key_missing = bdrv_key_required(bs);
> +
> +if (bs->node_name[0]) {
> +info->has_node_name = true;
> +info->node_name = g_strdup(bs->node_name);
> +}
> +
> +if (bs->backing_file[0]) {
> +info->has_backing_file = true;
> +info->backing_file = g_strdup(bs->backing_file);
> +}
> +
> +info->backing_file_depth = bdrv_get_backing_file_depth(bs);
> +
> +if (bs->io_limits_enabled) {
> +ThrottleConfig cfg;
> +throttle_get_config(&bs->throttle_state, &cfg);
> +info->bps = cfg.buckets[THROTTLE_BPS_TOTAL].avg;
> +info->bps_rd  = cfg.buckets[THROTTLE_BPS_READ].avg;
> +info->bps_wr  = cfg.buckets[THROTTLE_BPS_WRITE].avg;
> +
> +info->iops= cfg.buckets[THROTTLE_OPS_TOTAL].avg;
> +info->iops_rd = cfg.buckets[THROTTLE_OPS_READ].avg;
> +info->iops_wr = cfg.buckets[THROTTLE_OPS_WRITE].avg;
> +
> +info->has_bps_max = cfg.buckets[THROTTLE_BPS_TOTAL].max;
> +info->bps_max = cfg.buckets[THROTTLE_BPS_TOTAL].max;
> +info->has_bps_rd_max  = cfg.buckets[THROTTLE_BPS_READ].max;
> +info->bps_rd_max  = cfg.buckets[THROTTLE_BPS_READ].max;
> +info->has_bps_wr_max  = cfg.buckets[THROTTLE_BPS_WRITE].max;
> +info->bps_wr_max  = cfg.buckets[THROTTLE_BPS_WRITE].max;
> +
> +info->has_iops_max= cfg.buckets[THROTTLE_OPS_TOTAL].max;
> +info->iops_max= cfg.buckets[THROTTLE_OPS_TOTAL].max;
> +info->has_iops_rd_max = cfg.buckets[THROTTLE_OPS_READ].max;
> +info->iops_rd_max = cfg.buckets[THROTTLE_OPS_READ].max;
> +info->has_iops_wr_max = cfg.buckets[THROTTLE_OPS_WRITE].max;
> +info->iops_wr_max = cfg.buckets[THROTTLE_OPS_WRITE].max;
> +
> +info->has_iops_size = cfg.op_size;
> +info->iops_size = cfg.op_size;
> +}
> +
> +return info;
> +}
> +
>  /*
>   * Returns 0 on success, with *p_list either set to describe snapshot
>   * information, or NULL because there are no snapshots.  Returns -errno on
> @@ -211,60 +265,7 @@ void bdrv_query_info(BlockDriverState *bs,
>  
>  if (bs->drv) {
>  info->has_inserted = true;
> -info->inserted = g_malloc0(sizeof(*info->inserted));
> -info->inserted->file = g_strdup(bs->filename);
> -info->inserted->ro = bs->read_only;
> -info->inserted->drv = g_strdup(bs->drv->format_name);
> -info->inserted->encrypted = bs->encrypted;
> -info->inserted->encryption_key_missing = bdrv_key_required(bs);
> -
> -if (bs->backing_file[0]) {
> -info->inserted->has_backing_file = true;
> -info->inserted->backing_file = g_strdup(bs->backing_file);
> -}
> -
> -info->inserted->backing_file_depth = bdrv_get_backing_file_depth(bs);
> -
> -if (bs->io_limits_ena

Re: [Qemu-devel] [PATCH V5 2/7] block: Allow the user to define "node-name" option.

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> Signed-off-by: Benoit Canet 
> ---
>  block.c | 38 ++
>  1 file changed, 38 insertions(+)
> 
> diff --git a/block.c b/block.c
> index 481d566..1c57f0d 100644
> --- a/block.c
> +++ b/block.c
> @@ -735,6 +735,39 @@ static int bdrv_open_flags(BlockDriverState *bs, int 
> flags)
>  return open_flags;
>  }
>  
> +static int bdrv_get_node_name(BlockDriverState *bs,
> +  QDict *options,
> +  Error **errp)

This function actually assigns the node-name to bs, could you call it
"bdrv_set_node_name" or "bdrv_assign_node_name", and only pass in the node-name
and move the parsing of options to the caller?

Fam

> +{
> +const char *node_name = NULL;
> +
> +node_name = qdict_get_try_str(options, "node-name");
> +
> +if (!node_name) {
> +return 0;
> +}
> +
> +/* empty string node name is invalid */
> +if (node_name[0] == '\0') {
> +error_setg(errp, "Empty node name");
> +return -EINVAL;
> +}
> +
> +/* takes care of avoiding duplicates node names */
> +if (bdrv_find_node(node_name)) {
> +error_setg(errp, "Duplicate node name");
> +return -EINVAL;
> +}
> +
> +/* copy node name into the bs and insert it into the graph list */
> +pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
> +QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
> +
> +qdict_del(options, "node-name");
> +
> +return 0;
> +}
> +
>  /*
>   * Common part for opening disk images and files
>   *
> @@ -759,6 +792,11 @@ static int bdrv_open_common(BlockDriverState *bs, 
> BlockDriverState *file,
>  
>  trace_bdrv_open_common(bs, filename ?: "", flags, drv->format_name);
>  
> +ret = bdrv_get_node_name(bs, options, errp);
> +if (ret < 0) {
> +return ret;
> +}
> +
>  /* bdrv_open() with directly using a protocol as drv. This layer is 
> already
>   * opened, so assign it to bs (while file becomes a closed 
> BlockDriverState)
>   * and return immediately. */
> -- 
> 1.8.3.2
> 
> 

Re: [Qemu-devel] [PATCH V5 1/7] block: Add bs->node_name to hold the name of a bs node of the bs graph.

[Fam Zheng]

On Thu, 12/12 16:33, Benoît Canet wrote:
> Add the minimum of code to prepare for the following patches.
> 
> Signed-off-by: Benoit Canet 
> ---
>  block.c   | 57 
> +++
>  include/block/block.h |  1 +
>  include/block/block_int.h |  9 +++-
>  3 files changed, 52 insertions(+), 15 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 64e7d22..481d566 100644
> --- a/block.c
> +++ b/block.c
> @@ -90,6 +90,9 @@ static int coroutine_fn 
> bdrv_co_do_write_zeroes(BlockDriverState *bs,
>  static QTAILQ_HEAD(, BlockDriverState) bdrv_states =
>  QTAILQ_HEAD_INITIALIZER(bdrv_states);
>  
> +static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
> +QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
> +
>  static QLIST_HEAD(, BlockDriver) bdrv_drivers =
>  QLIST_HEAD_INITIALIZER(bdrv_drivers);
>  
> @@ -327,7 +330,7 @@ BlockDriverState *bdrv_new(const char *device_name)
>  QLIST_INIT(&bs->dirty_bitmaps);
>  pstrcpy(bs->device_name, sizeof(bs->device_name), device_name);
>  if (device_name[0] != '\0') {
> -QTAILQ_INSERT_TAIL(&bdrv_states, bs, list);
> +QTAILQ_INSERT_TAIL(&bdrv_states, bs, device_list);
>  }
>  bdrv_iostatus_disable(bs);
>  notifier_list_init(&bs->close_notifiers);
> @@ -1501,7 +1504,7 @@ void bdrv_close_all(void)
>  {
>  BlockDriverState *bs;
>  
> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>  bdrv_close(bs);
>  }
>  }
> @@ -1530,7 +1533,7 @@ static bool bdrv_requests_pending(BlockDriverState *bs)
>  static bool bdrv_requests_pending_all(void)
>  {
>  BlockDriverState *bs;
> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>  if (bdrv_requests_pending(bs)) {
>  return true;
>  }
> @@ -1557,7 +1560,7 @@ void bdrv_drain_all(void)
>  BlockDriverState *bs;
>  
>  while (busy) {
> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>  bdrv_start_throttled_reqs(bs);
>  }
>  
> @@ -1566,14 +1569,19 @@ void bdrv_drain_all(void)
>  }
>  }
>  
> -/* make a BlockDriverState anonymous by removing from bdrv_state list.
> +/* make a BlockDriverState anonymous by removing from bdrv_state and
> + * graph_bdrv_state list.
> Also, NULL terminate the device_name to prevent double remove */
>  void bdrv_make_anon(BlockDriverState *bs)
>  {
>  if (bs->device_name[0] != '\0') {
> -QTAILQ_REMOVE(&bdrv_states, bs, list);
> +QTAILQ_REMOVE(&bdrv_states, bs, device_list);
>  }
>  bs->device_name[0] = '\0';
> +if (bs->node_name[0] != '\0') {
> +QTAILQ_REMOVE(&graph_bdrv_states, bs, node_list);
> +}
> +bs->node_name[0] = '\0';
>  }
>  
>  static void bdrv_rebind(BlockDriverState *bs)
> @@ -1627,7 +1635,12 @@ static void bdrv_move_feature_fields(BlockDriverState 
> *bs_dest,
>  /* keep the same entry in bdrv_states */
>  pstrcpy(bs_dest->device_name, sizeof(bs_dest->device_name),
>  bs_src->device_name);
> -bs_dest->list = bs_src->list;
> +bs_dest->device_list = bs_src->device_list;
> +
> +/* keep the same entry in graph_bdrv_states
> + * We do want to swap name but don't want to swap linked list entries
> + */
> +bs_dest->node_list   = bs_src->node_list;
>  }
>  
>  /*
> @@ -1952,7 +1965,7 @@ int bdrv_commit_all(void)
>  {
>  BlockDriverState *bs;
>  
> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>  if (bs->drv && bs->backing_hd) {
>  int ret = bdrv_commit(bs);
>  if (ret < 0) {
> @@ -3110,11 +3123,12 @@ void bdrv_iterate_format(void (*it)(void *opaque, 
> const char *name),
>  }
>  }
>  
> +/* This function is to find block backend bs */
>  BlockDriverState *bdrv_find(const char *name)
>  {
>  BlockDriverState *bs;
>  
> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> +QTAILQ_FOREACH(bs, &bdrv_states, device_list) {
>  if (!strcmp(name, bs->device_name)) {
>  return bs;
>  }
> @@ -3122,19 +3136,34 @@ BlockDriverState *bdrv_find(const char *name)
>  return NULL;
>  }
>  
> +/* This function is to find a node in the bs graph */
> +BlockDriverState *bdrv_find_node(const char *node_name)
> +{
> +BlockDriverState *bs;
> +
> +assert(node_name);
> +
> +QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
> +if (!strcmp(node_name, bs->node_name)) {
> +return bs;
> +}
> +}
> +return NULL;
> +}
> +
>  BlockDriverState *bdrv_next(BlockDriverState *bs)
>  {
>  if (!bs) {
>  return QTAILQ_FIRST(&bdrv_states);
>  }
> -return QTAILQ_NEXT(bs, list);
> +return QTAILQ_NEXT(bs, device_list);
>  }
>  
>  void bdrv_iterate(void (*it)(void *opaque, BlockDriverState *bs), void 
> *opaque)
>  {

Re: [Qemu-devel] [PATCH v2] docs/specs/qcow2.txt: fix incorrect bits of offsets in entries

[Hu Tao]

On Mon, Jan 20, 2014 at 10:10:22AM +0100, Kevin Wolf wrote:
> Am 17.01.2014 um 08:40 hat Stefan Hajnoczi geschrieben:
> > On Mon, Dec 30, 2013 at 04:00:17PM +0800, Hu Tao wrote:
> > > Fix incorrect bits of offsets in refcount table entry, l1 table
> > > entry and l2 table entry. See REFT_OFFSET_MASK, L1E_OFFSET_MASK
> > > and L2E_OFFSET_MASK.
> > > 
> > > Fix a typo while at the file.
> > > 
> > > Signed-off-by: Hu Tao 
> > > ---
> > > 
> > > v2: update comments as well.
> > > 
> > >  docs/specs/qcow2.txt | 14 +++---
> > >  1 file changed, 7 insertions(+), 7 deletions(-)
> > 
> > Thanks, applied to my block tree:
> > https://github.com/stefanha/qemu/commits/block
> 
> This patch is wrong. It's the qcow2.h #defines that need to be fixed,
> not the spec. The smallest possible cluster size is 512 bytes, i.e.
> nine zero bits at the end, not just eight.

You're right. Thanks to bit 8 in these entries are reserved as zero,
we're not running into problem with wrong masks.

Re: [Qemu-devel] [PATCH] spapr-pci: enable adding PHB via -device

[Alexey Kardashevskiy]

On 01/21/2014 02:27 AM, Markus Armbruster wrote:
> Alexey Kardashevskiy  writes:
> 
>> Recent changes introduced cannot_instantiate_with_device_add_yet
>> and removed capability of adding yet another PCI host bridge via
>> command line for SPAPR platform (POWERPC64 server).
> 
> Specifically:
> 
> commit 837d37167dc446af8a91189108b363c04609e296
> Author: Markus Armbruster 
> Date:   Thu Nov 28 17:26:55 2013 +0100
> 
> sysbus: Set cannot_instantiate_with_device_add_yet
> 
> device_add plugs devices into suitable bus.  For "real" buses, that
> actually connects the device.  For sysbus, the connections need to be
> made separately, and device_add can't do that.  The device would be
> left unconnected, and could not possibly work.
> 
> Quite a few, but not all sysbus devices already set
> cannot_instantiate_with_device_add_yet in their class init function.
> 
> Set it in their abstract base's class init function
> sysbus_device_class_init(), and remove the now redundant assignments
> from device class init functions.
> 
> Signed-off-by: Markus Armbruster 
> Reviewed-by: Marcel Apfelbaum 
> Signed-off-by: Andreas Färber 
> 
> Always good to point to specific commits in commit messages instead of
> hand-waving "recent changes".


My bad, I'll do this next time. Just lost myself in that patch series.


>> This brings the capability back and puts SPAPR PHB into "bridge"
>> category.
> 
> Look, a sysbus device that grabs the resources it needs from its init()
> callback instead of getting connected to them by the code that creates
> it!  I'm not sure that's proper, but if it works...  Maybe Andreas
> (cc'ed) can advise.

Sorry, I am not following you. SPAPR PHB allocates resources (memory
regions...) as (for example) E1000 ethernet device does.


>> This is not much use for emulated PHB but it is absolutely required
>> for VFIO as we put an IOMMU group onto a separate PHB on SPAPR.
>>
>> Cc: Markus Armbruster 
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>
>> Are -device and device_add considered synonims? SPAPR PHB can be added
>> via the command line just fine but cannot from device_add as
>> "Bus 'main-system-bus' does not support hotplugging".
> 
> -device is cold plug, device_add is hot plug.  device_add could be
> improved to do cold plug when used before the machine starts.


S? We figured that out on IRC :) At the moment it is regression -
-device used to work for PHB and now it does not.

Alex Graf applied to his ppc-next, just to be clear - are you ack'ing or
nack'ing this patch?

In any cace, what do you think I should change in what I do in spapr_pci.c?
I most probably will, just need some directions.


-- 
Alexey

Re: [Qemu-devel] [PATCH 0/7 RESEND] target-i386: Simplify kvm_cpu_fill_host() and kvm_check_features_against_host()

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 10:07:47PM +0100, Andreas Färber wrote:
> Am 20.01.2014 21:39, schrieb Michael S. Tsirkin:
> > On Mon, Jan 20, 2014 at 04:36:56PM -0200, Eduardo Habkost wrote:
> >> On Mon, Jan 20, 2014 at 02:41:07PM -0200, Eduardo Habkost wrote:
> >>> Resend of series submitted on 24 November 2013, that didn't get any 
> >>> reply. Only
> >>> change is a trivial conflict on patch 7/7.
> >>
> >> Question: which tree is the most appropriate to get this in? qom-cpu?
> >> kvm?
> > 
> > Either kvm or my pc tree.
> > Seems unrelated to qom.
> 
> Seems unrelated to PC. ;) I've been maintaining target-i386/cpu.c as
> part of my QOM CPU tree according to MAINTAINERS.

Ah, right. Cool, the less work for me the better.

> I don't mind whether this goes through Paolo's or my tree, but for me to
> take KVM related changes, I expect review from the KVM side.
> 
> > Paolo - want to review and take this?
> 
> Regards,
> Andreas
> 
> >>>  target-i386/cpu.c | 89 
> >>> +--
> >>>  1 file changed, 20 insertions(+), 69 deletions(-)
> 
> -- 
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] target-i386: enable x2apic by default on more recent CPU models

[Andreas Färber]

Am 20.01.2014 17:50, schrieb Eduardo Habkost:
> On Mon, Jan 20, 2014 at 05:27:18PM +0100, Andreas Färber wrote:
>> Am 20.01.2014 15:36, schrieb Eduardo Habkost:
>>> v1 was sent in September 2013:
>>>   Message-Id: <1379704517-19177-1-git-send-email-ehabk...@redhat.com>
>>>   http://article.gmane.org/gmane.comp.emulators.qemu/234541
>>>
>>> It got an Acked-by from Gleb but it was ignored by all maintainers.
>>
>> Sorry, was still unread in my inbox. What changed between this version
>> and said v1? Just moving to _1_7? I.e. should I add back Gleb's Acked-by
>> before your Sob when applying?
> 
> Yes, the only change from v1 was on the compat code. I didn't think I
> should have included Gleb's Acked-by because he didn't review the compat
> code changes (and I could have made mistakes when rebasing), but if you
> think it is appropriate, you can pull Gleb's Acked-by.

I've inserted it, staging it on qom-cpu-next for now. It is a matter of
ordering the *-by before your Sob rather than after it and, if changes
were more than stylistic, adding a [you: ...] line.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] target-i386: enable x2apic by default on more recent CPU models

[Andreas Färber]

Am 20.01.2014 15:36, schrieb Eduardo Habkost:
> This enables x2apic on the following CPU models: Conroe, Penryn,
> Nehalem, Westmere, Opteron_G[12345].
> 
> Normally we try to keep the CPU model definitions as close as the real
> CPUs as possible, but x2apic can be emulated by KVM without host CPU
> support for x2apic, and it improves performance by reducing APIC access
> overhead. x2apic emulation is available on KVM since 2009 (Linux
> 2.6.32-rc1), there's no reason for not enabling x2apic by default when
> running KVM.
> 
> About testing: Conroe, Penryn, Nehalem, Westemere and Opteron_G[123]
> have x2apic enabled on RHEL-6 since RHEL-6.0, so the presence of x2apic
> on those CPU models got lots of testing in the last few years. I want to
> eventually enable x2apic on all other CPU models as well, but it will
> require some testing to ensure it won't confuse guests.
> 
> This shouldn't affect TCG at all because features not supported by TCG
> are automatically and silently disabled by QEMU when initializing the
> CPU.
> 
> Signed-off-by: Eduardo Habkost 
> ---
> v1 was sent in September 2013:
>   Message-Id: <1379704517-19177-1-git-send-email-ehabk...@redhat.com>
>   http://article.gmane.org/gmane.comp.emulators.qemu/234541
> 
> It got an Acked-by from Gleb but it was ignored by all maintainers.
> ---
>  hw/i386/pc_piix.c |  9 +
>  hw/i386/pc_q35.c  |  9 +
>  target-i386/cpu.c | 37 +++--
>  3 files changed, 37 insertions(+), 18 deletions(-)
[...]
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 0eea8c7..8f4dcfd 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -798,7 +798,7 @@ static x86_def_t builtin_x86_defs[] = {
>   CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
>   CPUID_DE | CPUID_FP87,
>  .features[FEAT_1_ECX] =
> -CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
> +CPUID_EXT_X2APIC | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
>  .features[FEAT_8000_0001_EDX] =
>  CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
>  .features[FEAT_8000_0001_ECX] =
[snip]

I remember discussing about this before, but don't see an email reply,
so maybe it was on IRC?

I don't like the argument that we can put arbitrary stuff in our model
definitions and rely on TCG not having implemented it to make it
correct. Is x2apic something that TCG can never implement for some
reason? Then that needs a better explanation. Otherwise, is there no
criteria we can add this flag for when kvm_enabled()?

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] ifname=xxx for -netdev bridge

[Alexandre Kandalintsev]

Hi William,

I was worried that the amount of changes would
turn the maintainers away from the patch.

Another problem is that I think there is little demand
for this patch.

But let's try to push it once again. Give me a week or
two and I'll submit a new version.

--
best regards,
Alexandre


> Hi Alexandre,
> 
> On Mon, Mar 25, 2013 at 10:28 PM, Alexandre Kandalintsev
>  wrote:
> > Ok, lets go this way. We will define patterns in bridge.conf like
> > ~~~
> > allowifname vm*
> > ~~~
> 
> Do you have any news about this patch?
> 
> Regards,

Re: [Qemu-devel] RFC: ACPI, HPET._CRS, MacOSX vs. WinXP

[Gabriel L. Somlo]

On Mon, Jan 20, 2014 at 10:31:56PM +0200, Michael S. Tsirkin wrote:
> > And later:
> > 
> > Device (HPET) {
> > ...
> > Method (_STA, 0, NotSerialized) {
> > If (LGreaterEqual (OSYS, 0x07D1)) {
> > If (HPAE) {
> > Return (0x0F)
> > }
> > } Else {
> > If (HPAE) {
> 
> and where does HPAE come from?

e.g, on the MBP2,2:

OperationRegion (RCRB, SystemMemory, 0xFED1C000, 0x4000)
Field (RCRB, DWordAcc, Lock, Preserve)
{
Offset (0x1000),
Offset (0x3000),
Offset (0x3404),
HPAS,   2,
,   5,
HPAE,   1,
...
}

i.e., I think it's something similar to how VEND and PRD are
checked in HPET._STA on qemu and seabios to decide whether to
return 0x00 or 0x0F.

> For example, this msdn article at microsoft.com:
> http://msdn.microsoft.com/en-us/library/windows/hardware/gg463275.aspx
> "How to Identify the Windows Version in ACPI by Using _OSI"
> 
> at the end it states:
>   the operating system makes features available based on the
>   string argument to the _OSI method.

The full text of that goes:

 "Implementation Note
  Place the routine that identifies the operating system in an _INI method
  under the \_SB scope so that _OSI can run as early as possible. This
  placement is important because the operating system makes features
  available based on the string argument to the _OSI method."

It all depends on what the document's author meant by "the operating
system" which "makes features available". Because somewhere earlier in
the document they say:

 "Recent versions of the ACPI spec have extended the use cases of
  the _OSI method beyond host operating system version identification.
  However, Windows supports _OSI only for the use of identifying the host
  version of Windows that is running on the system."

So my interpretation would be "call _OSI early during some _INI method
under the \_SB scope, so you know how to tweak the various other ACPI
nodes and methods". Kinda like the Apple OSYS example.

So I got curious, and looked through the DSDT.dsl on my other machines.
Both Dells also have \_SB._INI methods which liberally check _OSI, like
e.g. from my Dell R410 server:

Name (TOOS, 0x00)
Method (INIC, 0, NotSerialized) {
If (CondRefOf (_OSI, Local0)) {
If (\_OSI ("Windows 2001")) {
Store (0x05, TOOS)
}

...

If (\_OSI ("Linux")) {
Store (0x01, TOOS)
}
} Else {
Store (\_OS, Local0)
Store (SCMP (Local0, "Microsoft Windows NT"), Local1)
If (Not (Local1)) {
Store (0x04, TOOS)
} Else {
Store (SCMP (Local0, "Microsoft Windows"), Local2)
If (Not (Local2)) {
Store (0x02, TOOS)
} Else {
Store (SCMP (Local0, "Microsoft WindowsME:Millennium
Edition"), Local3)
If (Not (Local3)) {
Store (0x03, TOOS)
}
}
}
}
}

My Dell D630 laptop also does it. I'm wondering if there is any
non-apple, non-dell hardware that does NOT do this. This feels to
me like "circumstantial evidence" in favor of my interpretation
above, but see below...

> I'm not sure why it's a problem to refer to SMC._STA
> but if it is, we can just patch in another variable
> in the HPET scope instead of _OSI.

Not a problem per se; just that, being relatively new to ACPI, I wasn't
strongly in favor or against either of the two possible ways to do this.

I didn't even know about _OSI until Paolo mentioned it somewhere earlier
in the conversation, so my only hammer used to be:

  If (CondRefOf(\_SB.PCI0.ISA.SMC))

to determine whether to include IRQNoFlags in HPET._CRS or not. Now that
I know about _OSI, tying the HPET to the SMC feels a bit hacky. Of
course, if you're right and it's bad voodoo to call _OSI, then it may
yet be the lesser of two evils.

It's just that all DSDTs I have access to (apple and dell) already do
call _OSI with impunity, so I'm not sure just how bad the voodoo is...

> > Not sure we want to "complicate" the rest of the HPET (e.g. return
> > different values for bit2, "show device in acpi u/i" depending on
> > _OSI, the way Apple machines do).
> 
> They seem to clear this bit for linux?
> No idea why they do this - want to try looking into
> linux source to figure out?

According to the ACPI docs, the bit is labeled "show device in the u/i",
and at least on XP, the only side effect is listing the HPET in the
device tree or not, sort-of like a "hidden bit". I'll check th

Re: [Qemu-devel] [PATCH 4/7] target-i386: kvm_cpu_fill_host(): No need to check xlevel2

[Andreas Färber]

Am 20.01.2014 17:41, schrieb Eduardo Habkost:
> There's no need to check CPU xlevel2 before calling
> kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX), because:
> 
>  * The kernel won't return any entry for 0xC000 if host CPU vendor
>is not Centaur (See kvm_dev_ioctl_get_supported_cpuid() on the kernel
>code)
>  * Similarly, the kernel won't return any entry for 0xC001 if
>CPUID[0xC000].EAX is < 0xC001
>  * kvm_arch_get_supported_cpuid() will return 0 if no entry is returned
>by the kernel for the requested leaf
> 
> For similar reasons, we can simply set x86_cpu_def->xlevel2 directly
> instead of making it conditional, because it will be set to 0 CPU vendor
> is not Centaur.

Commented on the wrong version:

"... if CPU vendor is not ..." I guess. :)

> 
> This will simplify the kvm_cpu_fill_host() code a little.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  target-i386/cpu.c | 12 +---
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 1a86bcf..8bc72c2 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1173,13 +1173,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
>  cpu_x86_fill_model_id(x86_cpu_def->model_id);
>  
>  /* Call Centaur's CPUID instruction. */
> -eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
> -if (eax >= 0xC001) {
> -/* Support VIA max extended level */
> -x86_cpu_def->xlevel2 = eax;
> -x86_cpu_def->features[FEAT_C000_0001_EDX] =
> -kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
> -}
> +x86_cpu_def->xlevel2 =
> +kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
> +/* Support VIA max extended level */
> +x86_cpu_def->features[FEAT_C000_0001_EDX] =
> +kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
>  
>  /* Other KVM-specific feature fields: */
>  x86_cpu_def->features[FEAT_SVM] =

Otherwise looks okay to me.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 4/8] target-i386: kvm_cpu_fill_host(): No need to check xlevel2

[Andreas Färber]

Am 24.11.2013 20:55, schrieb Eduardo Habkost:
> There's no need to check CPU xlevel2 before calling
> kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX), because:
> 
>  * The kernel won't return any entry for 0xC000 if host CPU vendor
>is not Centaur (See kvm_dev_ioctl_get_supported_cpuid() on the kernel
>code)
>  * Similarly, the kernel won't return any entry for 0xC001 if
>CPUID[0xC000].EAX is < 0xC001
>  * kvm_arch_get_supported_cpuid() will return 0 if no entry is returned
>by the kernel for the requested leaf
> 
> For similar reasons, we can simply set x86_cpu_def->xlevel2 directly
> instead of making it conditional, because it will be set to 0 CPU vendor
> is not Centaur.

"... if CPU vendor is not ..." I guess. :)

> 
> This will simplify the kvm_cpu_fill_host() code a little.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  target-i386/cpu.c | 12 +---
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 41726f8..9731493 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1176,13 +1176,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
>  cpu_x86_fill_model_id(x86_cpu_def->model_id);
>  
>  /* Call Centaur's CPUID instruction. */
> -eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
> -if (eax >= 0xC001) {
> -/* Support VIA max extended level */
> -x86_cpu_def->xlevel2 = eax;
> -x86_cpu_def->features[FEAT_C000_0001_EDX] =
> -kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
> -}
> +x86_cpu_def->xlevel2 =
> +kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
> +/* Support VIA max extended level */
> +x86_cpu_def->features[FEAT_C000_0001_EDX] =
> +kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
>  
>  /* Other KVM-specific feature fields: */
>  x86_cpu_def->features[FEAT_SVM] =

Sounds okay otherwise.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 0/7 RESEND] target-i386: Simplify kvm_cpu_fill_host() and kvm_check_features_against_host()

[Andreas Färber]

Am 20.01.2014 21:39, schrieb Michael S. Tsirkin:
> On Mon, Jan 20, 2014 at 04:36:56PM -0200, Eduardo Habkost wrote:
>> On Mon, Jan 20, 2014 at 02:41:07PM -0200, Eduardo Habkost wrote:
>>> Resend of series submitted on 24 November 2013, that didn't get any reply. 
>>> Only
>>> change is a trivial conflict on patch 7/7.
>>
>> Question: which tree is the most appropriate to get this in? qom-cpu?
>> kvm?
> 
> Either kvm or my pc tree.
> Seems unrelated to qom.

Seems unrelated to PC. ;) I've been maintaining target-i386/cpu.c as
part of my QOM CPU tree according to MAINTAINERS.
I don't mind whether this goes through Paolo's or my tree, but for me to
take KVM related changes, I expect review from the KVM side.

> Paolo - want to review and take this?

Regards,
Andreas

>>>  target-i386/cpu.c | 89 
>>> +--
>>>  1 file changed, 20 insertions(+), 69 deletions(-)

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 0/7 RESEND] target-i386: Simplify kvm_cpu_fill_host() and kvm_check_features_against_host()

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 04:36:56PM -0200, Eduardo Habkost wrote:
> On Mon, Jan 20, 2014 at 02:41:07PM -0200, Eduardo Habkost wrote:
> > Resend of series submitted on 24 November 2013, that didn't get any reply. 
> > Only
> > change is a trivial conflict on patch 7/7.
> 
> Question: which tree is the most appropriate to get this in? qom-cpu?
> kvm?

Either kvm or my pc tree.
Seems unrelated to qom.
Paolo - want to review and take this?

> 
> > 
> > This series simplifies kvm_cpu_fill_host() and
> > kvm_check_features_against_host() to simply use FeatureWord & 
> > feature_word_info
> > loops to fill/check feature words.
> > 
> > The initial motivation for this was to avoid hacks involving the "host" CPU
> > class on the forthcoming conversion of CPU models to be X86CPU subclasses.
> > Instead of requiring the kvm_arch_get_supported_cpuid() results to be 
> > stored in
> > the class struct for "host" (thus requiring KVM initialization hacks).
> > 
> > Eduardo Habkost (7):
> >   target-i386: kvm_cpu_fill_host(): Kill unused code
> >   target-i386: kvm_cpu_fill_host(): No need to check level
> >   target-i386: kvm_cpu_fill_host(): No need to check CPU vendor
> >   target-i386: kvm_cpu_fill_host(): No need to check xlevel2
> >   target-i386: kvm_cpu_fill_host(): Set all feature words at end of
> > function
> >   target-i386: kvm_cpu_fill_host(): Fill feature words in a loop
> >   target-i386: kvm_check_features_against_host(): Kill feature word
> > array
> > 
> >  target-i386/cpu.c | 89 
> > +--
> >  1 file changed, 20 insertions(+), 69 deletions(-)
> > 
> > -- 
> > 1.8.4.2
> > 
> > 
> 
> -- 
> Eduardo

Re: [Qemu-devel] [PULL 14/28] exec: make address spaces 64-bit wide

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 10:16:01AM -0700, Alex Williamson wrote:
> On Mon, 2014-01-20 at 19:04 +0200, Michael S. Tsirkin wrote:
> > On Mon, Jan 20, 2014 at 09:45:25AM -0700, Alex Williamson wrote:
> > > On Mon, 2014-01-20 at 11:20 -0500, Mike Day wrote:
> > > > Do you know which device is writing to the BAR below? From the trace
> > > > it appears it should be restoring the memory address to the BAR after
> > > > writing all 1s to the BAR and reading back the contents. (the protocol
> > > > for finding the length of the bar memory.)
> > > 
> > > The guest itself is writing the the BARs.  This is a standard sizing
> > > operation by the guest.
> > 
> > Question is maybe device memory should be disabled?
> > Does windows do this too (sizing when memory enabled)?
> 
> Per the spec I would have expected memory & I/O to be disabled on the
> device during a sizing operation, but that's not the case here.  I
> thought you were the one that said Linux doesn't do this because some
> devices don't properly re-enable.

Yes. But maybe we can white-list devices or something.
I'm guessing modern express devices are all sane
and let you disable/enable memory any number
of times.

> I'm not sure how it would change our
> approach to this to know whether Windows behaves the same since sizing
> while disabled is not an issue and we apparently need to support sizing
> while enabled regardless.  Thanks,
> 
> Alex

I'm talking about changing Linux here.
If windows is already doing this - this gives us more
hope that this will actually work.
Yes we need the work-around in qemu regardless.


> > > > On Thu, Jan 9, 2014 at 12:24 PM, Alex Williamson
> > > >  wrote:
> > > > > On Wed, 2013-12-11 at 20:30 +0200, Michael S. Tsirkin wrote:
> > > > >> From: Paolo Bonzini 
> > > > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) febe0004
> > > > > (save lower 32bits of BAR)
> > > > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0x, len=0x4)
> > > > > (write mask to BAR)
> > > > 
> > > > Here the device should restore the memory address (original contents)
> > > > to the BAR.
> > > 
> > > Sorry if it's not clear, the trace here is what the vfio-pci driver
> > > sees.  We're just observing the sizing operation of the guest, therefore
> > > we see:
> > > 
> > > 1) orig = read()
> > > 2) write(0x)
> > > 3) size_mask = read()
> > > 4) write(orig)
> > > 
> > > We're only at step 2)
> > > 
> > > > > vfio: region_del febe - febe3fff
> > > > > (memory region gets unmapped)
> > > > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) c004
> > > > > (read size mask)
> > > 
> > > step 3)
> > > 
> > > > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0xfebe0004, len=0x4)
> > > > > (restore BAR)
> > > 
> > > step 4)
> > > 
> > > > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > > > (memory region re-mapped)
> > > > > vfio: vfio_pci_read_config(:01:10.0, @0x14, len=0x4) 0
> > > > > (save upper 32bits of BAR)
> > > > > vfio: vfio_pci_write_config(:01:10.0, @0x14, 0x, len=0x4)
> > > > > (write mask to BAR)
> > > > 
> > > > and here ...
> > > 
> > > This is the same as above to the next BAR, which is the upper 32bits of
> > > the 64bit BAR.
> > > 
> > > > > vfio: region_del febe - febe3fff
> > > > > (memory region gets unmapped)
> > > > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > > > (memory region gets re-mapped with new address)
> > > > > qemu-system-x86_64: vfio_dma_map(0x7fcf38861710, 0xfebe, 
> > > > > 0x4000, 0x7fcf3654d000) = -14 (Bad address)
> > > > > (iommu barfs because it can only handle 48bit physical addresses)
> > > > 
> > > > I looked around some but I couldn't find an obvious culprit. Could it
> > > > be that the BAR is getting unmapped automatically due to
> > > > x-intx-mmap-timeout-ms before the device has a chance to finish
> > > > restoring the correct value to the BAR?
> > > 
> > > No, this is simply the guest sizing the BAR, this is not an internally
> > > generated operation.  The INTx emulation isn't used here as KVM
> > > acceleration is enabled.  That also only toggles the enable setting on
> > > the mmap'd MemoryRegion, it doesn't change the address it's mapped to.
> > > Thanks,
> > > 
> > > Alex
> 
> 

Re: [Qemu-devel] RFC: ACPI, HPET._CRS, MacOSX vs. WinXP

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 01:54:15PM -0500, Gabriel L. Somlo wrote:
> On Mon, Jan 20, 2014 at 01:16:02PM +0100, Paolo Bonzini wrote:
> > Il 20/01/2014 13:08, Michael S. Tsirkin ha scritto:
> > >>> > > I think the hack looking for the SMC device is safer than _OSI: 
> > >>> > > OSPMs
> > >>> > > are known to do crazy things when they see _OSI, such as assuming 
> > >>> > > they
> > >>> > > need to try and emulate the OS probed.
> > 
> > Source for "OSPMs do crazy things when they see _OSI".
> 
> After a bit more digging, I believe this has to do with the fact that
> OSPM is responsible for define _OSI, and referencing it from e.g. the
> HPET._CRS method when it's NOT defined (e.g. by a misbehaving OSPM)
> results in all sorts of unpleasantness.

No, that's not what I meant.
Responded to the original question with what my
real concern was.

> In fact, looking on the MacBookPro, we see the following:
> 
> DefinitionBlock ("dsdt.aml", "DSDT", 1, "APPLE ", "MacBookP", 0x00090001)
> {
> ...
> Field (GNVS, AnyAcc, Lock, Preserve) {
> OSYS,   16,
> ...
> }
> ...
> Scope (\_SB) {
> Method (_INI, 0, NotSerialized) {
> Store (0x07DC, OSYS)
> If (CondRefOf (\_OSI, Local0)) {
> If (_OSI ("Darwin")) {
> Store (0x2710, OSYS)
> }
> If (\_OSI ("Linux")) {
> Store (0x03E8, OSYS)
> }
> If (\_OSI ("Windows 2009")) {
> Store (0x07D9, OSYS)
> }
> If (\_OSI ("Windows 2012")) {
> Store (0x07DC, OSYS)
> }
> }
> }
> ...
> }
> ...
> 
> So, basically, they give OSYS a default value, then *if* _OSI is
> defined by a well-behaved OSPM, they use it to give OSYS a more
> useful, specific value. CondRefOf is used to avoid a fatal error
> in case _OSI does not exist.

Good to know, thanks for the info.

> And later:
> 
> Device (HPET) {
> Name (_HID, EisaId ("PNP0103"))
> Name (_CID, EisaId ("PNP0C01"))
> Name (BUF0, ResourceTemplate () {
> IRQNoFlags () {0}
> IRQNoFlags () {8}
> Memory32Fixed (ReadWrite,
> 0xFED0, // Address Base
> 0x0400, // Address Length
> _Y16)
> })
> Method (_STA, 0, NotSerialized) {
> If (LGreaterEqual (OSYS, 0x07D1)) {
> If (HPAE) {
> Return (0x0F)
> }
> } Else {
> If (HPAE) {

and where does HPAE come from?

> Return (0x0B)
> }
> }
> Return (0x00)
> }
> ...
> }
> 
> Which begins to explain why, on the MBP2,2 I didn't see the HPET show
> up in the XP device tree at all ! :)
> 
> I.e., I wonder if XP actually defines _OSI (my inner gambling addict
> says it probably does not).

This document says it does:
http://msdn.microsoft.com/library/windows/hardware/gg463275

> Long story short, we could use CondRefOf as an intermediary wrapper
> around _OSI to avoid referencing SMC._STA from within HPET.CRS...

I'm not sure why it's a problem to refer to SMC._STA
but if it is, we can just patch in another variable
in the HPET scope instead of _OSI.

> Not sure we want to "complicate" the rest of the HPET (e.g. return
> different values for bit2, "show device in acpi u/i" depending on
> _OSI, the way Apple machines do).
> 
> Thanks,
> --Gabriel

They seem to clear this bit for linux?
No idea why they do this - want to try looking into
linux source to figure out?

-- 
MST

Re: [Qemu-devel] RFC: ACPI, HPET._CRS, MacOSX vs. WinXP

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 01:16:02PM +0100, Paolo Bonzini wrote:
> Il 20/01/2014 13:08, Michael S. Tsirkin ha scritto:
> >>> > > 
> >>> > > I think the hack looking for the SMC device is safer than _OSI: OSPMs
> >>> > > are known to do crazy things when they see _OSI, such as assuming they
> >>> > > need to try and emulate the OS probed.
> >> > 
> >> > Source?
> >> > 
> >> > Paolo
> > For example, this one
> > http://article.gmane.org/gmane.comp.bios.coreboot.seabios/7235
> 
> No, not source code.
> 
> Source for "OSPMs do crazy things when they see _OSI".
> 
> Paolo

Ah, that one.

For example, this msdn article at microsoft.com:
http://msdn.microsoft.com/en-us/library/windows/hardware/gg463275.aspx
"How to Identify the Windows Version in ACPI by Using _OSI"

at the end it states:
the operating system makes features available based on the
string argument to the _OSI method.


The ACPI spec states this in a more verbose form:
5.7.2 _OSI (Operating System Interfaces)

 OSPM can choose to expose new functionality
based on the _OSI argument string. That is, OSPM can use the strings
passed into _OSI to ensure
compatibility between older platforms and newer operating systems by
maintaining known
compatible behavior for a platform.


The concern therefore is that if bios only queries
OSI for Darwin and not other OSes, some OSPM will assume
it's a macbook hardware and do something stupid.

-- 
MST

[Qemu-devel] [PATCH v3] target-ppc: gdbstub allow byte swapping for reading/writing registers

[Thomas Falcon]

This patch allows registers to be properly read from and written to
when using the gdbstub to debug a ppc guest running in little
endian mode.  It accomplishes this goal by byte swapping the values of
any registers if the MSR:LE value is set.

Signed-off-by: Thomas Falcon 
---
Differences from v2:

Fixed formatting issues
Added logic to ensure only FP registers have a guaranteed size of 8 bytes
---
 target-ppc/cpu-qom.h|  2 ++
 target-ppc/gdbstub.c| 46 +
 target-ppc/translate_init.c |  4 ++--
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index 72b2232..992963f 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -109,7 +109,9 @@ void ppc_cpu_dump_statistics(CPUState *cpu, FILE *f,
  fprintf_function cpu_fprintf, int flags);
 hwaddr ppc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 int ppc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int ppc_cpu_gdb_read_register_wrap(CPUState *cpu, uint8_t *buf, int reg);
 int ppc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+int ppc_cpu_gdb_write_register_wrap(CPUState *cpu, uint8_t *buf, int reg);
 int ppc64_cpu_write_elf64_qemunote(WriteCoreDumpFunction f,
CPUState *cpu, void *opaque);
 int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
diff --git a/target-ppc/gdbstub.c b/target-ppc/gdbstub.c
index 1c91090..18db8a2 100644
--- a/target-ppc/gdbstub.c
+++ b/target-ppc/gdbstub.c
@@ -21,6 +21,52 @@
 #include "qemu-common.h"
 #include "exec/gdbstub.h"
 
+/* The following functions are used to ensure the correct
+ * transfer of registers between a little endian ppc target
+ * and a big endian host by checking the LE bit in the Machine State Register
+ */
+
+int ppc_cpu_gdb_read_register_wrap(CPUState *cs, uint8_t *mem_buf, int n)
+{
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+CPUPPCState *env = &cpu->env;
+
+int len = ppc_cpu_gdb_read_register(cs, mem_buf, n), i;
+if (msr_le) {
+uint8_t tmp;
+for (i = 0; i < len/2 ; i++) {
+tmp = *(mem_buf + i);
+*(mem_buf + i) = *(mem_buf + len - 1 - i);
+*(mem_buf + len - 1 - i) = tmp;
+}
+}
+return len;
+}
+
+int ppc_cpu_gdb_write_register_wrap(CPUState *cs, uint8_t *mem_buf, int n)
+{
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+CPUPPCState *env = &cpu->env;
+   
+ if (msr_le) {
+int len = 0, i = 0;
+if (n > 31 && n < 64) {
+len = 8;
+} else if (n == 66) {
+len = 4;
+} else {
+len = sizeof(target_ulong);
+}
+uint8_t tmp;
+for (i = 0; i < len/2; i++) {
+tmp = *(mem_buf + i);
+*(mem_buf+i) = *(mem_buf + len - 1 - i);
+*(mem_buf + len - 1 - i) = tmp;
+}
+}
+return ppc_cpu_gdb_write_register(cs, mem_buf, n);
+}
+
 /* Old gdb always expects FP registers.  Newer (xml-aware) gdb only
  * expects whatever the target description contains.  Due to a
  * historical mishap the FP registers appear in between core integer
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index c030a20..41ea4b7 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -8655,8 +8655,8 @@ static void ppc_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->dump_state = ppc_cpu_dump_state;
 cc->dump_statistics = ppc_cpu_dump_statistics;
 cc->set_pc = ppc_cpu_set_pc;
-cc->gdb_read_register = ppc_cpu_gdb_read_register;
-cc->gdb_write_register = ppc_cpu_gdb_write_register;
+cc->gdb_read_register = ppc_cpu_gdb_read_register_wrap;
+cc->gdb_write_register = ppc_cpu_gdb_write_register_wrap;
 #ifndef CONFIG_USER_ONLY
 cc->get_phys_page_debug = ppc_cpu_get_phys_page_debug;
 cc->vmsd = &vmstate_ppc_cpu;
-- 
1.8.3.1

[Qemu-devel] [PULL v4 06/12] target-lm32: kill cpu_abort() calls

[Michael Walle]

Instead of killing QEMU, translate instructions which are not available on
the CPU model as a noop and issue a log message at translation time.

On the real hardware CPU unknown opcodes results in undefined behaviour.

These changes prepare the removal of CPULM32State from DisasContext.

Signed-off-by: Michael Walle 
Reviewed-by: Andreas Färber 
---
 target-lm32/translate.c |   72 ++-
 1 file changed, 40 insertions(+), 32 deletions(-)

diff --git a/target-lm32/translate.c b/target-lm32/translate.c
index 6ea0ecd..e292e1c 100644
--- a/target-lm32/translate.c
+++ b/target-lm32/translate.c
@@ -80,7 +80,6 @@ typedef struct DisasContext {
 unsigned int tb_flags, synced_flags; /* tb dependent flags.  */
 int is_jmp;
 
-int nr_nops;
 struct TranslationBlock *tb;
 int singlestep_enabled;
 } DisasContext;
@@ -422,7 +421,8 @@ static void dec_divu(DisasContext *dc)
 LOG_DIS("divu r%d, r%d, r%d\n", dc->r2, dc->r0, dc->r1);
 
 if (!(dc->env->features & LM32_FEATURE_DIVIDE)) {
-cpu_abort(dc->env, "hardware divider is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR, "hardware divider is not available\n");
+return;
 }
 
 l1 = gen_new_label();
@@ -500,7 +500,8 @@ static void dec_modu(DisasContext *dc)
 LOG_DIS("modu r%d, r%d, %d\n", dc->r2, dc->r0, dc->r1);
 
 if (!(dc->env->features & LM32_FEATURE_DIVIDE)) {
-cpu_abort(dc->env, "hardware divider is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR, "hardware divider is not available\n");
+return;
 }
 
 l1 = gen_new_label();
@@ -521,7 +522,9 @@ static void dec_mul(DisasContext *dc)
 }
 
 if (!(dc->env->features & LM32_FEATURE_MULTIPLY)) {
-cpu_abort(dc->env, "hardware multiplier is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "hardware multiplier is not available\n");
+return;
 }
 
 if (dc->format == OP_FMT_RI) {
@@ -590,7 +593,8 @@ static void dec_scall(DisasContext *dc)
 } else if (dc->imm5 == 2) {
 LOG_DIS("break\n");
 } else {
-cpu_abort(dc->env, "invalid opcode\n");
+qemu_log_mask(LOG_GUEST_ERROR, "invalid opcode @0x%x", dc->pc);
+return;
 }
 
 if (dc->imm5 == 7) {
@@ -647,10 +651,10 @@ static void dec_rcsr(DisasContext *dc)
 case CSR_WP1:
 case CSR_WP2:
 case CSR_WP3:
-cpu_abort(dc->env, "invalid read access csr=%x\n", dc->csr);
+qemu_log_mask(LOG_GUEST_ERROR, "invalid read access csr=%x\n", 
dc->csr);
 break;
 default:
-cpu_abort(dc->env, "read_csr: unknown csr=%x\n", dc->csr);
+qemu_log_mask(LOG_GUEST_ERROR, "read_csr: unknown csr=%x\n", dc->csr);
 break;
 }
 }
@@ -672,7 +676,9 @@ static void dec_sextb(DisasContext *dc)
 LOG_DIS("sextb r%d, r%d\n", dc->r2, dc->r0);
 
 if (!(dc->env->features & LM32_FEATURE_SIGN_EXTEND)) {
-cpu_abort(dc->env, "hardware sign extender is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "hardware sign extender is not available\n");
+return;
 }
 
 tcg_gen_ext8s_tl(cpu_R[dc->r2], cpu_R[dc->r0]);
@@ -683,7 +689,9 @@ static void dec_sexth(DisasContext *dc)
 LOG_DIS("sexth r%d, r%d\n", dc->r2, dc->r0);
 
 if (!(dc->env->features & LM32_FEATURE_SIGN_EXTEND)) {
-cpu_abort(dc->env, "hardware sign extender is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "hardware sign extender is not available\n");
+return;
 }
 
 tcg_gen_ext16s_tl(cpu_R[dc->r2], cpu_R[dc->r0]);
@@ -710,7 +718,8 @@ static void dec_sl(DisasContext *dc)
 }
 
 if (!(dc->env->features & LM32_FEATURE_SHIFT)) {
-cpu_abort(dc->env, "hardware shifter is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR, "hardware shifter is not available\n");
+return;
 }
 
 if (dc->format == OP_FMT_RI) {
@@ -736,7 +745,9 @@ static void dec_sr(DisasContext *dc)
 /* TODO: check r1 == 1 during runtime */
 } else {
 if (dc->imm5 != 1) {
-cpu_abort(dc->env, "hardware shifter is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "hardware shifter is not available\n");
+return;
 }
 }
 }
@@ -764,7 +775,9 @@ static void dec_sru(DisasContext *dc)
 /* TODO: check r1 == 1 during runtime */
 } else {
 if (dc->imm5 != 1) {
-cpu_abort(dc->env, "hardware shifter is not available\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "hardware shifter is not available\n");
+return;
 }
 }
 }
@@ -802,7 +815,7 @@ static void dec_user(DisasContext *dc)
 {
 LOG_DIS("user");
 
-cpu_abort(dc->env, "user insn undefined\n");
+qemu_log_mask(LOG_GUEST_ERROR, "user instruction u

[Qemu-devel] [PULL v4 05/12] milkymist-vgafb: swap pixel data in source buffer

[Michael Walle]

In commit fc97bb5ba3e7239c0b6d24095df6784868dfebbf the lduw_raw() call was
eliminated. But we are reading from the target buffer a 16-bit value, which
is in big-endian format. Therefore, swap the bytes if we are building for a
little-endian host.

Cc: Paolo Bonzini 
Signed-off-by: Michael Walle 
---
 hw/display/milkymist-vgafb_template.h |1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/display/milkymist-vgafb_template.h 
b/hw/display/milkymist-vgafb_template.h
index e0036e1..3f25484 100644
--- a/hw/display/milkymist-vgafb_template.h
+++ b/hw/display/milkymist-vgafb_template.h
@@ -62,6 +62,7 @@ static void glue(draw_line_, BITS)(void *opaque, uint8_t *d, 
const uint8_t *s,
 
 while (width--) {
 memcpy(&rgb565, s, sizeof(rgb565));
+rgb565 = be16_to_cpu(rgb565);
 r = ((rgb565 >> 11) & 0x1f) << 3;
 g = ((rgb565 >>  5) & 0x3f) << 2;
 b = ((rgb565 >>  0) & 0x1f) << 3;
-- 
1.7.10.4

[Qemu-devel] [PULL v4 07/12] target-lm32: move model features to LM32CPU

[Michael Walle]

This allows us to completely remove CPULM32State from DisasContext.
Instead, copy the fields we need to DisasContext.

Reviewed-by: Andreas Färber 
Signed-off-by: Michael Walle 
---
 target-lm32/cpu-qom.h   |6 ++
 target-lm32/cpu.c   |  187 ++-
 target-lm32/cpu.h   |7 +-
 target-lm32/helper.c|  128 +---
 target-lm32/translate.c |   29 +---
 5 files changed, 215 insertions(+), 142 deletions(-)

diff --git a/target-lm32/cpu-qom.h b/target-lm32/cpu-qom.h
index 723f604..9f15093 100644
--- a/target-lm32/cpu-qom.h
+++ b/target-lm32/cpu-qom.h
@@ -60,6 +60,12 @@ typedef struct LM32CPU {
 /*< public >*/
 
 CPULM32State env;
+
+uint32_t revision;
+uint8_t num_interrupts;
+uint8_t num_breakpoints;
+uint8_t num_watchpoints;
+uint32_t features;
 } LM32CPU;
 
 static inline LM32CPU *lm32_env_get_cpu(CPULM32State *env)
diff --git a/target-lm32/cpu.c b/target-lm32/cpu.c
index 869878c..2b207ad 100644
--- a/target-lm32/cpu.c
+++ b/target-lm32/cpu.c
@@ -29,6 +29,87 @@ static void lm32_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.pc = value;
 }
 
+/* Sort alphabetically by type name. */
+static gint lm32_cpu_list_compare(gconstpointer a, gconstpointer b)
+{
+ObjectClass *class_a = (ObjectClass *)a;
+ObjectClass *class_b = (ObjectClass *)b;
+const char *name_a, *name_b;
+
+name_a = object_class_get_name(class_a);
+name_b = object_class_get_name(class_b);
+return strcmp(name_a, name_b);
+}
+
+static void lm32_cpu_list_entry(gpointer data, gpointer user_data)
+{
+ObjectClass *oc = data;
+CPUListState *s = user_data;
+const char *typename = object_class_get_name(oc);
+char *name;
+
+name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_LM32_CPU));
+(*s->cpu_fprintf)(s->file, "  %s\n", name);
+g_free(name);
+}
+
+
+void lm32_cpu_list(FILE *f, fprintf_function cpu_fprintf)
+{
+CPUListState s = {
+.file = f,
+.cpu_fprintf = cpu_fprintf,
+};
+GSList *list;
+
+list = object_class_get_list(TYPE_LM32_CPU, false);
+list = g_slist_sort(list, lm32_cpu_list_compare);
+(*cpu_fprintf)(f, "Available CPUs:\n");
+g_slist_foreach(list, lm32_cpu_list_entry, &s);
+g_slist_free(list);
+}
+
+static void lm32_cpu_init_cfg_reg(LM32CPU *cpu)
+{
+CPULM32State *env = &cpu->env;
+uint32_t cfg = 0;
+
+if (cpu->features & LM32_FEATURE_MULTIPLY) {
+cfg |= CFG_M;
+}
+
+if (cpu->features & LM32_FEATURE_DIVIDE) {
+cfg |= CFG_D;
+}
+
+if (cpu->features & LM32_FEATURE_SHIFT) {
+cfg |= CFG_S;
+}
+
+if (cpu->features & LM32_FEATURE_SIGN_EXTEND) {
+cfg |= CFG_X;
+}
+
+if (cpu->features & LM32_FEATURE_I_CACHE) {
+cfg |= CFG_IC;
+}
+
+if (cpu->features & LM32_FEATURE_D_CACHE) {
+cfg |= CFG_DC;
+}
+
+if (cpu->features & LM32_FEATURE_CYCLE_COUNT) {
+cfg |= CFG_CC;
+}
+
+cfg |= (cpu->num_interrupts << CFG_INT_SHIFT);
+cfg |= (cpu->num_breakpoints << CFG_BP_SHIFT);
+cfg |= (cpu->num_watchpoints << CFG_WP_SHIFT);
+cfg |= (cpu->revision << CFG_REV_SHIFT);
+
+env->cfg = cfg;
+}
+
 /* CPUClass::reset() */
 static void lm32_cpu_reset(CPUState *s)
 {
@@ -41,6 +122,7 @@ static void lm32_cpu_reset(CPUState *s)
 /* reset cpu state */
 memset(env, 0, offsetof(CPULM32State, breakpoints));
 
+lm32_cpu_init_cfg_reg(cpu);
 tlb_flush(env, 1);
 }
 
@@ -74,6 +156,91 @@ static void lm32_cpu_initfn(Object *obj)
 }
 }
 
+static void lm32_basic_cpu_initfn(Object *obj)
+{
+LM32CPU *cpu = LM32_CPU(obj);
+
+cpu->revision = 3;
+cpu->num_interrupts = 32;
+cpu->num_breakpoints = 4;
+cpu->num_watchpoints = 4;
+cpu->features = LM32_FEATURE_SHIFT
+  | LM32_FEATURE_SIGN_EXTEND
+  | LM32_FEATURE_CYCLE_COUNT;
+}
+
+static void lm32_standard_cpu_initfn(Object *obj)
+{
+LM32CPU *cpu = LM32_CPU(obj);
+
+cpu->revision = 3;
+cpu->num_interrupts = 32;
+cpu->num_breakpoints = 4;
+cpu->num_watchpoints = 4;
+cpu->features = LM32_FEATURE_MULTIPLY
+  | LM32_FEATURE_DIVIDE
+  | LM32_FEATURE_SHIFT
+  | LM32_FEATURE_SIGN_EXTEND
+  | LM32_FEATURE_I_CACHE
+  | LM32_FEATURE_CYCLE_COUNT;
+}
+
+static void lm32_full_cpu_initfn(Object *obj)
+{
+LM32CPU *cpu = LM32_CPU(obj);
+
+cpu->revision = 3;
+cpu->num_interrupts = 32;
+cpu->num_breakpoints = 4;
+cpu->num_watchpoints = 4;
+cpu->features = LM32_FEATURE_MULTIPLY
+  | LM32_FEATURE_DIVIDE
+  | LM32_FEATURE_SHIFT
+  | LM32_FEATURE_SIGN_EXTEND
+  | LM32_FEATURE_I_CACHE
+  | LM32_FEATURE_D_CACHE
+  | LM32_FEATURE_CYCLE_COUNT;
+}
+
+typedef struct LM32CPUInfo {
+const char *name;
+void (*initfn)(Object *ob

[Qemu-devel] [PATCH 1/3 v2] s390-sclp: Define New SCLP Codes

[Jason J. Herne]

From: "Jason J. Herne" 

Define new SCLP codes to improve code readability.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/sclp.c | 2 +-
 include/hw/s390x/sclp.h | 8 
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 86d6ae0..cb035e9 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -45,7 +45,7 @@ static void sclp_execute(SCCB *sccb, uint64_t code)
 {
 S390SCLPDevice *sdev = get_event_facility();
 
-switch (code) {
+switch (code & SCLP_CMD_CODE_MASK) {
 case SCLP_CMDW_READ_SCP_INFO:
 case SCLP_CMDW_READ_SCP_INFO_FORCED:
 read_SCP_info(sccb);
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index 231a38a..74e8d94 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -17,6 +17,8 @@
 #include 
 #include 
 
+#define SCLP_CMD_CODE_MASK  0x00ff
+
 /* SCLP command codes */
 #define SCLP_CMDW_READ_SCP_INFO 0x00020001
 #define SCLP_CMDW_READ_SCP_INFO_FORCED  0x00120001
@@ -26,6 +28,12 @@
 #define SCLP_CMD_WRITE_EVENT_DATA   0x00760005
 #define SCLP_CMD_WRITE_EVENT_MASK   0x00780005
 
+/* CPU hotplug SCLP codes */
+#define SCLP_HAS_CPU_INFO   0x0C00ULL
+#define SCLP_CMDW_READ_CPU_INFO 0x00010001
+#define SCLP_CMDW_CONFIGURE_CPU 0x00110001
+#define SCLP_CMDW_DECONFIGURE_CPU   0x0011
+
 /* SCLP response codes */
 #define SCLP_RC_NORMAL_READ_COMPLETION  0x0010
 #define SCLP_RC_NORMAL_COMPLETION   0x0020
-- 
1.8.3.2

[Qemu-devel] [PATCH 3/3 v2] s390-sclp: SCLP Event integration

[Jason J. Herne]

From: "Jason J. Herne" 

Add an sclp event for "cpu was hot plugged".  This allows Qemu to deliver an
SCLP interrupt to the guest stating that the requested cpu hotplug was
completed.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c |   6 ++
 hw/s390x/sclpcpu.c| 112 ++
 include/hw/s390x/event-facility.h |   5 ++
 include/hw/s390x/sclp.h   |   1 +
 5 files changed, 125 insertions(+)
 create mode 100644 hw/s390x/sclpcpu.c

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 77e1218..1ba6c3a 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -3,6 +3,7 @@ obj-y += s390-virtio-hcall.o
 obj-y += sclp.o
 obj-y += event-facility.o
 obj-y += sclpquiesce.o
+obj-y += sclpcpu.o
 obj-y += ipl.o
 obj-y += css.o
 obj-y += s390-virtio-ccw.o
diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 25951a0..a73c0b9 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -32,6 +32,8 @@ struct SCLPEventFacility {
 unsigned int receive_mask;
 };
 
+SCLPEvent cpu_hotplug;
+
 /* return true if any child has event pending set */
 static bool event_pending(SCLPEventFacility *ef)
 {
@@ -335,6 +337,10 @@ static int init_event_facility(S390SCLPDevice *sdev)
 }
 qdev_init_nofail(quiesce);
 
+object_initialize(&cpu_hotplug, sizeof(cpu_hotplug), 
TYPE_SCLP_CPU_HOTPLUG);
+qdev_set_parent_bus(DEVICE(&cpu_hotplug), BUS(&event_facility->sbus));
+object_property_set_bool(OBJECT(&cpu_hotplug), true, "realized", NULL);
+
 return 0;
 }
 
diff --git a/hw/s390x/sclpcpu.c b/hw/s390x/sclpcpu.c
new file mode 100644
index 000..b9c238a
--- /dev/null
+++ b/hw/s390x/sclpcpu.c
@@ -0,0 +1,112 @@
+/*
+ * SCLP event type
+ *Signal CPU - Trigger SCLP interrupt for system CPU configure or
+ *de-configure
+ *
+ * Copyright IBM, Corp. 2013
+ *
+ * Authors:
+ *  Thang Pham 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+#include "sysemu/sysemu.h"
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
+#include "cpu.h"
+#include "sysemu/cpus.h"
+#include "sysemu/kvm.h"
+
+typedef struct ConfigMgtData {
+EventBufferHeader ebh;
+uint8_t reserved;
+uint8_t event_qualifier;
+} QEMU_PACKED ConfigMgtData;
+
+static qemu_irq irq_cpu_hotplug; /* Only used in this file */
+
+#define EVENT_QUAL_CPU_CHANGE  1
+
+void raise_irq_cpu_hotplug(void)
+{
+qemu_irq_raise(irq_cpu_hotplug);
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_CONFIG_MGT_DATA;
+}
+
+static unsigned int receive_mask(void)
+{
+return 0;
+}
+
+static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
+   int *slen)
+{
+ConfigMgtData *cdata = (ConfigMgtData *) evt_buf_hdr;
+if (*slen < sizeof(ConfigMgtData)) {
+return 0;
+}
+
+/* Event is no longer pending */
+if (!event->event_pending) {
+return 0;
+}
+event->event_pending = false;
+
+/* Event header data */
+cdata->ebh.length = cpu_to_be16(sizeof(ConfigMgtData));
+cdata->ebh.type = SCLP_EVENT_CONFIG_MGT_DATA;
+cdata->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+
+/* Trigger a rescan of CPUs by setting event qualifier */
+cdata->event_qualifier = EVENT_QUAL_CPU_CHANGE;
+*slen -= sizeof(ConfigMgtData);
+
+return 1;
+}
+
+static void trigger_signal(void *opaque, int n, int level)
+{
+SCLPEvent *event = opaque;
+event->event_pending = true;
+
+/* Trigger SCLP read operation */
+sclp_service_interrupt(0);
+}
+
+static int irq_cpu_hotplug_init(SCLPEvent *event)
+{
+irq_cpu_hotplug = *qemu_allocate_irqs(trigger_signal, event, 1);
+return 0;
+}
+
+static void cpu_class_init(ObjectClass *oc, void *data)
+{
+SCLPEventClass *k = SCLP_EVENT_CLASS(oc);
+
+k->init = irq_cpu_hotplug_init;
+k->get_send_mask = send_mask;
+k->get_receive_mask = receive_mask;
+k->read_event_data = read_event_data;
+k->write_event_data = NULL;
+}
+
+static const TypeInfo sclp_cpu_info = {
+.name  = "sclp-cpu-hotplug",
+.parent= TYPE_SCLP_EVENT,
+.instance_size = sizeof(SCLPEvent),
+.class_init= cpu_class_init,
+.class_size= sizeof(SCLPEventClass),
+};
+
+static void sclp_cpu_register_types(void)
+{
+type_register_static(&sclp_cpu_info);
+}
+
+type_init(sclp_cpu_register_types)
diff --git a/include/hw/s390x/event-facility.h 
b/include/hw/s390x/event-facility.h
index 7ce7079..870edd4 100644
--- a/include/hw/s390x/event-facility.h
+++ b/include/hw/s390x/event-facility.h
@@ -17,10 +17,12 @@
 
 #include 
 #include "qemu/thread.h"
+#include "hw/s390x/sclp.h"
 
 /* SCLP event types */
 #define SCLP_EVENT_OPRTNS_COMMAND   0x01
 #define SCLP_EVENT_MESSAGE  

[Qemu-devel] [PATCH 2/3 v2] s390-sclp: SCLP CPU Info

[Jason J. Herne]

From: "Jason J. Herne" 

Implement the CPU data in SCLP "Read SCP Info".  And implement "Read CPU Info"
SCLP command. This data will be used by the guest to get information about hot
plugged cpus.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/sclp.c | 51 +
 include/hw/s390x/sclp.h | 32 +++
 2 files changed, 83 insertions(+)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index cb035e9..4e0c564 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -15,6 +15,7 @@
 #include "cpu.h"
 #include "sysemu/kvm.h"
 #include "exec/memory.h"
+#include "sysemu/sysemu.h"
 
 #include "hw/s390x/sclp.h"
 
@@ -31,7 +32,26 @@ static inline S390SCLPDevice *get_event_facility(void)
 static void read_SCP_info(SCCB *sccb)
 {
 ReadInfo *read_info = (ReadInfo *) sccb;
+CPUState *cpu;
 int shift = 0;
+int cpu_count = 0;
+int i = 0;
+
+CPU_FOREACH(cpu) {
+cpu_count++;
+}
+
+/* CPU information */
+read_info->entries_cpu = cpu_to_be16(cpu_count);
+read_info->offset_cpu = cpu_to_be16(offsetof(ReadInfo, entries));
+read_info->highest_cpu = cpu_to_be16(max_cpus);
+
+for (i = 0; i < cpu_count; i++) {
+read_info->entries[i].address = i;
+read_info->entries[i].type = 0;
+}
+
+read_info->facilities = cpu_to_be64(SCLP_HAS_CPU_INFO);
 
 while ((ram_size >> (20 + shift)) > 65535) {
 shift++;
@@ -41,6 +61,34 @@ static void read_SCP_info(SCCB *sccb)
 sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
 }
 
+/* Provide information about the CPU */
+static void sclp_read_cpu_info(SCCB *sccb)
+{
+ReadCpuInfo *cpu_info = (ReadCpuInfo *) sccb;
+CPUState *cpu;
+int cpu_count = 0;
+int i = 0;
+
+CPU_FOREACH(cpu) {
+cpu_count++;
+}
+
+cpu_info->nr_configured = cpu_to_be16(cpu_count);
+cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
+cpu_info->nr_standby = cpu_to_be16(0);
+
+/* The standby offset is 16-byte for each CPU */
+cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
++ cpu_info->nr_configured*sizeof(CPUEntry));
+
+for (i = 0; i < cpu_count; i++) {
+cpu_info->entries[i].address = i;
+cpu_info->entries[i].type = 0;
+}
+
+sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
+}
+
 static void sclp_execute(SCCB *sccb, uint64_t code)
 {
 S390SCLPDevice *sdev = get_event_facility();
@@ -50,6 +98,9 @@ static void sclp_execute(SCCB *sccb, uint64_t code)
 case SCLP_CMDW_READ_SCP_INFO_FORCED:
 read_SCP_info(sccb);
 break;
+case SCLP_CMDW_READ_CPU_INFO:
+sclp_read_cpu_info(sccb);
+break;
 default:
 sdev->sclp_command_handler(sdev->ef, sccb, code);
 break;
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index 74e8d94..a625098 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -79,12 +79,44 @@ typedef struct SCCBHeader {
 
 #define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
 
+/* CPU information */
+typedef struct CPUEntry {
+uint8_t address;
+uint8_t reserved0[13];
+uint8_t type;
+uint8_t reserved1;
+} QEMU_PACKED CPUEntry;
+
 typedef struct ReadInfo {
 SCCBHeader h;
 uint16_t rnmax;
 uint8_t rnsize;
+uint8_t  _reserved1[16 - 11];   /* 11-15 */
+uint16_t entries_cpu;   /* 16-17 */
+uint16_t offset_cpu;/* 18-19 */
+uint8_t  _reserved2[24 - 20];   /* 20-23 */
+uint8_t  loadparm[8];   /* 24-31 */
+uint8_t  _reserved3[48 - 32];   /* 32-47 */
+uint64_t facilities;/* 48-55 */
+uint8_t  _reserved0[100 - 56];
+uint32_t rnsize2;
+uint64_t rnmax2;
+uint8_t  _reserved4[120-112];   /* 112-119 */
+uint16_t highest_cpu;
+uint8_t  _reserved5[128 - 122]; /* 122-127 */
+struct CPUEntry entries[0];
 } QEMU_PACKED ReadInfo;
 
+typedef struct ReadCpuInfo {
+SCCBHeader h;
+uint16_t nr_configured; /* 8-9 */
+uint16_t offset_configured; /* 10-11 */
+uint16_t nr_standby;/* 12-13 */
+uint16_t offset_standby;/* 14-15 */
+uint8_t reserved0[24-16];   /* 16-23 */
+struct CPUEntry entries[0];
+} QEMU_PACKED ReadCpuInfo;
+
 typedef struct SCCB {
 SCCBHeader h;
 char data[SCCB_DATA_LEN];
-- 
1.8.3.2

[Qemu-devel] [PATCH 0/3 v2] S390 SCLP improvements for CPU Hotplug

[Jason J. Herne]

From: "Jason J. Herne" 

Improvements to SCLP, mainly the Read SCP/CPU Info subcommands, to support
future cpu hotplug operations on the s390 target.

Jason J. Herne (3):
  s390-sclp: Define New SCLP Codes
  s390-sclp: SCLP CPU Info
  s390-sclp: SCLP Event integration

 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c |   6 ++
 hw/s390x/sclp.c   |  53 +-
 hw/s390x/sclpcpu.c| 112 ++
 include/hw/s390x/event-facility.h |   5 ++
 include/hw/s390x/sclp.h   |  41 ++
 6 files changed, 217 insertions(+), 1 deletion(-)
 create mode 100644 hw/s390x/sclpcpu.c

-- 
1.8.3.2

[Qemu-devel] [PULL 1/1] gtk: Support keyboard translation for hosts running Windows

[Stefan Weil]

GTK uses different hardware keycodes on Windows hosts, so some special
handling is needed to get the QEMU keycode.

Signed-off-by: Stefan Weil 
---
 ui/gtk.c |   18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index 6316f5b..a633d89 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -34,6 +34,10 @@
 #define GETTEXT_PACKAGE "qemu"
 #define LOCALEDIR "po"
 
+#ifdef _WIN32
+# define _WIN32_WINNT 0x0601 /* needed to get definition of MAPVK_VK_TO_VSC */
+#endif
+
 #include "qemu-common.h"
 
 #ifdef CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE
@@ -704,11 +708,18 @@ static gboolean gd_button_event(GtkWidget *widget, 
GdkEventButton *button,
 static gboolean gd_key_event(GtkWidget *widget, GdkEventKey *key, void *opaque)
 {
 GtkDisplayState *s = opaque;
-int gdk_keycode;
-int qemu_keycode;
+int gdk_keycode = key->hardware_keycode;
 int i;
 
-gdk_keycode = key->hardware_keycode;
+#ifdef _WIN32
+UINT qemu_keycode = MapVirtualKey(gdk_keycode, MAPVK_VK_TO_VSC);
+switch (qemu_keycode) {
+case 103:   /* alt gr */
+qemu_keycode = 56 | SCANCODE_GREY;
+break;
+}
+#else
+int qemu_keycode;
 
 if (gdk_keycode < 9) {
 qemu_keycode = 0;
@@ -723,6 +734,7 @@ static gboolean gd_key_event(GtkWidget *widget, GdkEventKey 
*key, void *opaque)
 } else {
 qemu_keycode = 0;
 }
+#endif
 
 trace_gd_key_event(gdk_keycode, qemu_keycode,
(key->type == GDK_KEY_PRESS) ? "down" : "up");
-- 
1.7.10.4

[Qemu-devel] [PULL 0/1] MinGW patch

[Stefan Weil]

The following changes since commit 1cf892ca2689c84960b4ce4d2723b6bee453711c:

  SPARC: Fix LEON3 power down instruction (2014-01-15 15:37:33 +1000)

are available in the git repository at:

  git://qemu.weilnetz.de/qemu.git tags/for_anthony

for you to fetch changes up to 2777ccc55bfe90bfa813b01faf36fa6ea16fbea8:

  gtk: Support keyboard translation for hosts running Windows (2014-01-20 
19:30:28 +0100)


Initial patch for QEMU GTK support on Windows


Stefan Weil (1):
  gtk: Support keyboard translation for hosts running Windows

 ui/gtk.c |   18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

[Qemu-devel] [PULL v4 01/12] lm32_sys: increase test case name length limit

[Michael Walle]

The new MMU tests use longer names.

Signed-off-by: Michael Walle 
---
 hw/misc/lm32_sys.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c
index 9bdb781..8176cdb 100644
--- a/hw/misc/lm32_sys.c
+++ b/hw/misc/lm32_sys.c
@@ -42,7 +42,7 @@ enum {
 R_MAX
 };
 
-#define MAX_TESTNAME_LEN 16
+#define MAX_TESTNAME_LEN 32
 
 #define TYPE_LM32_SYS "lm32-sys"
 #define LM32_SYS(obj) OBJECT_CHECK(LM32SysState, (obj), TYPE_LM32_SYS)
@@ -80,7 +80,7 @@ static void sys_write(void *opaque, hwaddr addr,
 case R_PASSFAIL:
 s->regs[addr] = value;
 testname = (char *)s->testname;
-qemu_log("TC  %-16s %s\n", testname, (value) ? "FAILED" : "OK");
+qemu_log("TC  %-32s %s\n", testname, (value) ? "FAILED" : "OK");
 break;
 case R_TESTNAME:
 s->regs[addr] = value;
-- 
1.7.10.4

[Qemu-devel] [PULL v4 09/12] lm32_sys: print test result on stderr

[Michael Walle]

Do not use qemu_log().

Signed-off-by: Michael Walle 
---
 hw/misc/lm32_sys.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c
index 8176cdb..6af0cca 100644
--- a/hw/misc/lm32_sys.c
+++ b/hw/misc/lm32_sys.c
@@ -80,7 +80,7 @@ static void sys_write(void *opaque, hwaddr addr,
 case R_PASSFAIL:
 s->regs[addr] = value;
 testname = (char *)s->testname;
-qemu_log("TC  %-32s %s\n", testname, (value) ? "FAILED" : "OK");
+fprintf(stderr, "TC  %-32s %s\n", testname, (value) ? "FAILED" : "OK");
 break;
 case R_TESTNAME:
 s->regs[addr] = value;
-- 
1.7.10.4

[Qemu-devel] [PULL v4 11/12] target-lm32: stop VM on illegal or unknown instruction

[Michael Walle]

Instead of translating the instruction to a no-op, pause the VM and display
a message to the user.

As a side effect, this also works for instructions where the operands are
only known at runtime.

Signed-off-by: Michael Walle 
---
 target-lm32/helper.h|1 +
 target-lm32/op_helper.c |   17 +
 target-lm32/translate.c |   91 +++
 3 files changed, 79 insertions(+), 30 deletions(-)

diff --git a/target-lm32/helper.h b/target-lm32/helper.h
index ad44fdf..f4442e0 100644
--- a/target-lm32/helper.h
+++ b/target-lm32/helper.h
@@ -13,5 +13,6 @@ DEF_HELPER_1(rcsr_im, i32, env)
 DEF_HELPER_1(rcsr_ip, i32, env)
 DEF_HELPER_1(rcsr_jtx, i32, env)
 DEF_HELPER_1(rcsr_jrx, i32, env)
+DEF_HELPER_1(ill, void, env)
 
 #include "exec/def-helper.h"
diff --git a/target-lm32/op_helper.c b/target-lm32/op_helper.c
index 71f21d1..7189cb5 100644
--- a/target-lm32/op_helper.c
+++ b/target-lm32/op_helper.c
@@ -8,6 +8,10 @@
 
 #include "exec/softmmu_exec.h"
 
+#ifndef CONFIG_USER_ONLY
+#include "sysemu/sysemu.h"
+#endif
+
 #if !defined(CONFIG_USER_ONLY)
 #define MMUSUFFIX _mmu
 #define SHIFT 0
@@ -39,6 +43,19 @@ void HELPER(hlt)(CPULM32State *env)
 cpu_loop_exit(env);
 }
 
+void HELPER(ill)(CPULM32State *env)
+{
+#ifndef CONFIG_USER_ONLY
+CPUState *cs = CPU(lm32_env_get_cpu(env));
+fprintf(stderr, "VM paused due to illegal instruction. "
+"Connect a debugger or switch to the monitor console "
+"to find out more.\n");
+qemu_system_vmstop_request(RUN_STATE_PAUSED);
+cs->halted = 1;
+raise_exception(env, EXCP_HALTED);
+#endif
+}
+
 void HELPER(wcsr_bp)(CPULM32State *env, uint32_t bp, uint32_t idx)
 {
 uint32_t addr = bp & ~1;
diff --git a/target-lm32/translate.c b/target-lm32/translate.c
index f20460a..43ea4e6 100644
--- a/target-lm32/translate.c
+++ b/target-lm32/translate.c
@@ -122,6 +122,12 @@ static inline void t_gen_raise_exception(DisasContext *dc, 
uint32_t index)
 tcg_temp_free_i32(tmp);
 }
 
+static inline void t_gen_illegal_insn(DisasContext *dc)
+{
+tcg_gen_movi_tl(cpu_pc, dc->pc);
+gen_helper_ill(cpu_env);
+}
+
 static void gen_goto_tb(DisasContext *dc, int n, target_ulong dest)
 {
 TranslationBlock *tb;
@@ -425,6 +431,7 @@ static void dec_divu(DisasContext *dc)
 
 if (!(dc->features & LM32_FEATURE_DIVIDE)) {
 qemu_log_mask(LOG_GUEST_ERROR, "hardware divider is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -504,6 +511,7 @@ static void dec_modu(DisasContext *dc)
 
 if (!(dc->features & LM32_FEATURE_DIVIDE)) {
 qemu_log_mask(LOG_GUEST_ERROR, "hardware divider is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -527,6 +535,7 @@ static void dec_mul(DisasContext *dc)
 if (!(dc->features & LM32_FEATURE_MULTIPLY)) {
 qemu_log_mask(LOG_GUEST_ERROR,
   "hardware multiplier is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -595,17 +604,18 @@ static void dec_scall(DisasContext *dc)
 LOG_DIS("scall\n");
 } else if (dc->imm5 == 2) {
 LOG_DIS("break\n");
-} else {
-qemu_log_mask(LOG_GUEST_ERROR, "invalid opcode @0x%x", dc->pc);
-return;
 }
 
 if (dc->imm5 == 7) {
 tcg_gen_movi_tl(cpu_pc, dc->pc);
 t_gen_raise_exception(dc, EXCP_SYSTEMCALL);
-} else {
+} else if (dc->imm5 == 2) {
 tcg_gen_movi_tl(cpu_pc, dc->pc);
 t_gen_raise_exception(dc, EXCP_BREAKPOINT);
+} else {
+qemu_log_mask(LOG_GUEST_ERROR, "invalid opcode @0x%x", dc->pc);
+t_gen_illegal_insn(dc);
+return;
 }
 }
 
@@ -681,6 +691,7 @@ static void dec_sextb(DisasContext *dc)
 if (!(dc->features & LM32_FEATURE_SIGN_EXTEND)) {
 qemu_log_mask(LOG_GUEST_ERROR,
   "hardware sign extender is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -694,6 +705,7 @@ static void dec_sexth(DisasContext *dc)
 if (!(dc->features & LM32_FEATURE_SIGN_EXTEND)) {
 qemu_log_mask(LOG_GUEST_ERROR,
   "hardware sign extender is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -722,6 +734,7 @@ static void dec_sl(DisasContext *dc)
 
 if (!(dc->features & LM32_FEATURE_SHIFT)) {
 qemu_log_mask(LOG_GUEST_ERROR, "hardware shifter is not available\n");
+t_gen_illegal_insn(dc);
 return;
 }
 
@@ -743,24 +756,32 @@ static void dec_sr(DisasContext *dc)
 LOG_DIS("sr r%d, r%d, r%d\n", dc->r2, dc->r0, dc->r1);
 }
 
-if (!(dc->features & LM32_FEATURE_SHIFT)) {
-if (dc->format == OP_FMT_RI) {
-/* TODO: check r1 == 1 during runtime */
-} else {
-if (dc->imm5 != 1) {
-qemu_log_mask(LOG_GUEST_ERROR,
-  "hardware shifter is not available\n");
-return;
-}
-

[Qemu-devel] [PULL v4 10/12] lm32_sys: dump cpu state if test case fails

[Michael Walle]

This will ease debugging the test cases.

Signed-off-by: Michael Walle 
---
 hw/misc/lm32_sys.c |3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/misc/lm32_sys.c b/hw/misc/lm32_sys.c
index 6af0cca..1fd69ff 100644
--- a/hw/misc/lm32_sys.c
+++ b/hw/misc/lm32_sys.c
@@ -81,6 +81,9 @@ static void sys_write(void *opaque, hwaddr addr,
 s->regs[addr] = value;
 testname = (char *)s->testname;
 fprintf(stderr, "TC  %-32s %s\n", testname, (value) ? "FAILED" : "OK");
+if (value) {
+cpu_dump_state(qemu_get_cpu(0), stderr, fprintf, 0);
+}
 break;
 case R_TESTNAME:
 s->regs[addr] = value;
-- 
1.7.10.4

[Qemu-devel] [PULL v4 08/12] target-lm32: add breakpoint/watchpoint support

[Michael Walle]

This patch adds in-target breakpoint and watchpoint support.

Signed-off-by: Michael Walle 
---
 target-lm32/TODO|2 --
 target-lm32/cpu.c   |1 +
 target-lm32/cpu.h   |   27 --
 target-lm32/helper.c|   89 +++
 target-lm32/helper.h|3 ++
 target-lm32/op_helper.c |   58 +-
 target-lm32/translate.c |6 ++--
 7 files changed, 178 insertions(+), 8 deletions(-)

diff --git a/target-lm32/TODO b/target-lm32/TODO
index b9ea0c8..e163c42 100644
--- a/target-lm32/TODO
+++ b/target-lm32/TODO
@@ -1,3 +1 @@
-* disassembler (lm32-dis.c)
 * linux-user emulation
-* native bp/wp emulation (?)
diff --git a/target-lm32/cpu.c b/target-lm32/cpu.c
index 2b207ad..7e716fb 100644
--- a/target-lm32/cpu.c
+++ b/target-lm32/cpu.c
@@ -153,6 +153,7 @@ static void lm32_cpu_initfn(Object *obj)
 if (tcg_enabled() && !tcg_initialized) {
 tcg_initialized = true;
 lm32_translate_init();
+cpu_set_debug_excp_handler(lm32_debug_excp_handler);
 }
 }
 
diff --git a/target-lm32/cpu.h b/target-lm32/cpu.h
index 101df80..18cf348 100644
--- a/target-lm32/cpu.h
+++ b/target-lm32/cpu.h
@@ -163,8 +163,11 @@ struct CPULM32State {
 
 /* debug registers */
 uint32_t dc;/* debug control */
-uint32_t bp[4]; /* breakpoint addresses */
-uint32_t wp[4]; /* watchpoint addresses */
+uint32_t bp[4]; /* breakpoints */
+uint32_t wp[4]; /* watchpoints */
+
+CPUBreakpoint * cpu_breakpoint[4];
+CPUWatchpoint * cpu_watchpoint[4];
 
 CPU_COMMON
 
@@ -181,6 +184,19 @@ struct CPULM32State {
 
 };
 
+typedef enum {
+LM32_WP_DISABLED = 0,
+LM32_WP_READ,
+LM32_WP_WRITE,
+LM32_WP_READ_WRITE,
+} lm32_wp_t;
+
+static inline lm32_wp_t lm32_wp_type(uint32_t dc, int idx)
+{
+assert(idx < 4);
+return (dc >> (idx+1)*2) & 0x3;
+}
+
 #include "cpu-qom.h"
 
 LM32CPU *cpu_lm32_init(const char *cpu_model);
@@ -193,6 +209,13 @@ int cpu_lm32_signal_handler(int host_signum, void *pinfo,
 void lm32_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 void lm32_translate_init(void);
 void cpu_lm32_set_phys_msb_ignore(CPULM32State *env, int value);
+void QEMU_NORETURN raise_exception(CPULM32State *env, int index);
+void lm32_debug_excp_handler(CPULM32State *env);
+void lm32_breakpoint_insert(CPULM32State *env, int index, target_ulong 
address);
+void lm32_breakpoint_remove(CPULM32State *env, int index);
+void lm32_watchpoint_insert(CPULM32State *env, int index, target_ulong address,
+lm32_wp_t wp_type);
+void lm32_watchpoint_remove(CPULM32State *env, int index);
 
 static inline CPULM32State *cpu_init(const char *cpu_model)
 {
diff --git a/target-lm32/helper.c b/target-lm32/helper.c
index f85ff2e..cec8e11 100644
--- a/target-lm32/helper.c
+++ b/target-lm32/helper.c
@@ -49,6 +49,95 @@ hwaddr lm32_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 }
 }
 
+void lm32_breakpoint_insert(CPULM32State *env, int idx, target_ulong address)
+{
+cpu_breakpoint_insert(env, address, BP_CPU, &env->cpu_breakpoint[idx]);
+}
+
+void lm32_breakpoint_remove(CPULM32State *env, int idx)
+{
+if (!env->cpu_breakpoint[idx]) {
+return;
+}
+
+cpu_breakpoint_remove_by_ref(env, env->cpu_breakpoint[idx]);
+env->cpu_breakpoint[idx] = NULL;
+}
+
+void lm32_watchpoint_insert(CPULM32State *env, int idx, target_ulong address,
+lm32_wp_t wp_type)
+{
+int flags = 0;
+
+switch (wp_type) {
+case LM32_WP_DISABLED:
+/* nothing to to */
+break;
+case LM32_WP_READ:
+flags = BP_CPU | BP_STOP_BEFORE_ACCESS | BP_MEM_READ;
+break;
+case LM32_WP_WRITE:
+flags = BP_CPU | BP_STOP_BEFORE_ACCESS | BP_MEM_WRITE;
+break;
+case LM32_WP_READ_WRITE:
+flags = BP_CPU | BP_STOP_BEFORE_ACCESS | BP_MEM_ACCESS;
+break;
+}
+
+if (flags != 0) {
+cpu_watchpoint_insert(env, address, 1, flags,
+&env->cpu_watchpoint[idx]);
+}
+}
+
+void lm32_watchpoint_remove(CPULM32State *env, int idx)
+{
+if (!env->cpu_watchpoint[idx]) {
+return;
+}
+
+cpu_watchpoint_remove_by_ref(env, env->cpu_watchpoint[idx]);
+env->cpu_watchpoint[idx] = NULL;
+}
+
+static bool check_watchpoints(CPULM32State *env)
+{
+LM32CPU *cpu = lm32_env_get_cpu(env);
+int i;
+
+for (i = 0; i < cpu->num_watchpoints; i++) {
+if (env->cpu_watchpoint[i] &&
+env->cpu_watchpoint[i]->flags & BP_WATCHPOINT_HIT) {
+return true;
+}
+}
+return false;
+}
+
+void lm32_debug_excp_handler(CPULM32State *env)
+{
+CPUBreakpoint *bp;
+
+if (env->watchpoint_hit) {
+if (env->watchpoint_hit->flags & BP_CPU) {
+env->watchpoint_hit = NULL;
+if (check_watchpoints(env)) {
+raise_exception(env, EXCP_WATCHPOINT);
+} else {
+cpu_resume_from_signal(

[Qemu-devel] [PULL v4 04/12] lm32_uart/lm32_juart: use qemu_chr_fe_write_all()

[Michael Walle]

qemu_chr_fe_write() may return EAGAIN. Therefore, use
qemu_chr_fe_write_all().

Signed-off-by: Michael Walle 
---
 hw/char/lm32_juart.c |2 +-
 hw/char/lm32_uart.c  |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/char/lm32_juart.c b/hw/char/lm32_juart.c
index 252fe46..380cb5d 100644
--- a/hw/char/lm32_juart.c
+++ b/hw/char/lm32_juart.c
@@ -75,7 +75,7 @@ void lm32_juart_set_jtx(DeviceState *d, uint32_t jtx)
 
 s->jtx = jtx;
 if (s->chr) {
-qemu_chr_fe_write(s->chr, &ch, 1);
+qemu_chr_fe_write_all(s->chr, &ch, 1);
 }
 }
 
diff --git a/hw/char/lm32_uart.c b/hw/char/lm32_uart.c
index 85d7265..84c2549 100644
--- a/hw/char/lm32_uart.c
+++ b/hw/char/lm32_uart.c
@@ -177,7 +177,7 @@ static void uart_write(void *opaque, hwaddr addr,
 switch (addr) {
 case R_RXTX:
 if (s->chr) {
-qemu_chr_fe_write(s->chr, &ch, 1);
+qemu_chr_fe_write_all(s->chr, &ch, 1);
 }
 break;
 case R_IER:
-- 
1.7.10.4

[Qemu-devel] [PULL v4 00/12] target-lm32 updates

[Michael Walle]

Hi Anthony,

this is a pull request for various updates and fixes for the LatticeMico32
target.

Please pull.

changes since v3:
 - rebased
 - signed pull request

changes since v2:
 - rebased
 - replaced ifdef HOST_WORDS_BIGENDIAN with be16_to_cpu() in
   "milkymist-vgafb: swap pixel data in source buffer"
 - bumped "target-lm32: move model features to LM32CPU" to v2 patch
   with minor fixes found by Andreas Faerber
 - new patch "hw/lm32: print error if cpu model is not found"

changes since v1:
 - rebased
 - dropped patch "target-lm32: register helper functions". This is
   no longer needed.
 - added patch "target-lm32: stop VM on illegal or unknown instruction".
   Was posted as request for comments before. But since there were no
   comments, include it here.

Thanks,
michael


The following changes since commit 1cf892ca2689c84960b4ce4d2723b6bee453711c:

  SPARC: Fix LEON3 power down instruction (2014-01-15 15:37:33 +1000)

are available in the git repository at:

  git://github.com/mwalle/qemu tags/lm32-fixes/20140120

for you to fetch changes up to b77202ef2d93722a2c0f6ee467f3664515e2cc21:

  hw/lm32: print error if cpu model is not found (2014-01-20 19:49:13 +0100)


Antony Pavlov (1):
  milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()

Michael Walle (11):
  lm32_sys: increase test case name length limit
  tests: lm32: new rule for single test cases
  lm32_uart/lm32_juart: use qemu_chr_fe_write_all()
  milkymist-vgafb: swap pixel data in source buffer
  target-lm32: kill cpu_abort() calls
  target-lm32: move model features to LM32CPU
  target-lm32: add breakpoint/watchpoint support
  lm32_sys: print test result on stderr
  lm32_sys: dump cpu state if test case fails
  target-lm32: stop VM on illegal or unknown instruction
  hw/lm32: print error if cpu model is not found

 hw/char/lm32_juart.c  |2 +-
 hw/char/lm32_uart.c   |2 +-
 hw/char/milkymist-uart.c  |2 +-
 hw/display/milkymist-vgafb_template.h |1 +
 hw/lm32/lm32_boards.c |   10 ++
 hw/lm32/milkymist.c   |5 +
 hw/misc/lm32_sys.c|7 +-
 target-lm32/TODO  |2 -
 target-lm32/cpu-qom.h |6 +
 target-lm32/cpu.c |  188 +++-
 target-lm32/cpu.h |   34 --
 target-lm32/helper.c  |  217 ++---
 target-lm32/helper.h  |4 +
 target-lm32/op_helper.c   |   75 +++-
 target-lm32/translate.c   |  178 +--
 tests/tcg/lm32/Makefile   |3 +
 16 files changed, 529 insertions(+), 207 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PULL v4 12/12] hw/lm32: print error if cpu model is not found

[Michael Walle]

QEMU crashed if a the given cpu_model is not found.

Signed-off-by: Michael Walle 
---
 hw/lm32/lm32_boards.c |   10 ++
 hw/lm32/milkymist.c   |5 +
 2 files changed, 15 insertions(+)

diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
index c032bb8..5e22e9b 100644
--- a/hw/lm32/lm32_boards.c
+++ b/hw/lm32/lm32_boards.c
@@ -101,6 +101,11 @@ static void lm32_evr_init(QEMUMachineInitArgs *args)
 cpu_model = "lm32-full";
 }
 cpu = cpu_lm32_init(cpu_model);
+if (cpu == NULL) {
+fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
+exit(1);
+}
+
 env = &cpu->env;
 reset_info->cpu = cpu;
 
@@ -198,6 +203,11 @@ static void lm32_uclinux_init(QEMUMachineInitArgs *args)
 cpu_model = "lm32-full";
 }
 cpu = cpu_lm32_init(cpu_model);
+if (cpu == NULL) {
+fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
+exit(1);
+}
+
 env = &cpu->env;
 reset_info->cpu = cpu;
 
diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
index 15053c4..baf234c 100644
--- a/hw/lm32/milkymist.c
+++ b/hw/lm32/milkymist.c
@@ -108,6 +108,11 @@ milkymist_init(QEMUMachineInitArgs *args)
 cpu_model = "lm32-full";
 }
 cpu = cpu_lm32_init(cpu_model);
+if (cpu == NULL) {
+fprintf(stderr, "qemu: unable to find CPU '%s'\n", cpu_model);
+exit(1);
+}
+
 env = &cpu->env;
 reset_info->cpu = cpu;
 
-- 
1.7.10.4

[Qemu-devel] [PULL v4 03/12] milkymist-uart: use qemu_chr_fe_write_all() instead of qemu_chr_fe_write()

[Michael Walle]

From: Antony Pavlov 

qemu_chr_fe_write() is capable of returning 0
to indicate EAGAIN (and friends) and we don't
handle this.

Just change it to qemu_chr_fe_write_all() to fix.

Reported-by: Peter Crosthwaite 
Acked-by: Peter Crosthwaite 
Signed-off-by: Antony Pavlov 
Signed-off-by: Michael Walle 
---
 hw/char/milkymist-uart.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/milkymist-uart.c b/hw/char/milkymist-uart.c
index 2c52a0f..da51f82 100644
--- a/hw/char/milkymist-uart.c
+++ b/hw/char/milkymist-uart.c
@@ -124,7 +124,7 @@ static void uart_write(void *opaque, hwaddr addr, uint64_t 
value,
 switch (addr) {
 case R_RXTX:
 if (s->chr) {
-qemu_chr_fe_write(s->chr, &ch, 1);
+qemu_chr_fe_write_all(s->chr, &ch, 1);
 }
 s->regs[R_STAT] |= STAT_TX_EVT;
 break;
-- 
1.7.10.4

[Qemu-devel] [PULL v4 02/12] tests: lm32: new rule for single test cases

[Michael Walle]

Introduce new target "check_%" to run indiviudal test caes, eg.
  make check_mmu

Signed-off-by: Michael Walle 
---
 tests/tcg/lm32/Makefile |3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/tcg/lm32/Makefile b/tests/tcg/lm32/Makefile
index 9a00ef7..19e0664 100644
--- a/tests/tcg/lm32/Makefile
+++ b/tests/tcg/lm32/Makefile
@@ -101,5 +101,8 @@ check: $(CRT) $(SYS) $(TESTCASES)
$(SIM) $(SIMFLAGS) ./$$case; \
done
 
+check_%: test_%.tst $(CRT) $(SYS)
+   $(SIM) $(SIMFLAGS) $<
+
 clean:
$(RM) -fr $(TESTCASES) $(CRT)
-- 
1.7.10.4

Re: [Qemu-devel] KVM and variable-endianness guest CPUs

[Christoffer Dall]

On Mon, Jan 20, 2014 at 03:22:11PM +0100, Alexander Graf wrote:
> 
> On 17.01.2014, at 19:52, Peter Maydell  wrote:
> 
> > On 17 January 2014 17:53, Peter Maydell  wrote:
> >> Specifically, the KVM API says "here's a uint8_t[] byte
> >> array and a length", and the current QEMU code treats that
> >> as "this is a byte array written as if the guest CPU
> >> (a) were in TARGET_WORDS_BIGENDIAN order and (b) wrote its
> >> I/O access to this buffer rather than to the device".
> >> 
> >> The KVM API docs don't actually specify the endianness
> >> semantics of the byte array, but I think that that really
> >> needs to be nailed down. I can think of a couple of options:
> >> * always LE
> >> * always BE
> >>   [these first two are non-starters because they would
> >>   break either x86 or PPC existing code]
> >> * always the endianness the guest is at the time
> >> * always some arbitrary endianness based purely on the
> >>   endianness the KVM implementation used historically
> >> * always the endianness of the host QEMU binary
> >> * something else?
> >> 
> >> Any preferences? Current QEMU code basically assumes
> >> "always the endianness of TARGET_WORDS_BIGENDIAN",
> >> which is pretty random.
> > 
> > Having thought a little more about this, my opinion is:
> > 
> > * we should specify that the byte order of the mmio.data
> >   array is host kernel endianness (ie same endianness
> >   as the QEMU process itself) [this is what it actually
> >   is, I think, for all the cases that work today]
> > * we should fix the code path in QEMU for handling
> >   mmio.data which currently has the implicit assumption
> >   that when using KVM TARGET_WORDS_BIGENDIAN is the same
> >   as the QEMU host process endianness (because it's using
> >   load/store functions which swap if TARGET_WORDS_BIGENDIAN
> >   is different from HOST_WORDS_BIGENDIAN)
> 
> Yes, I fully agree :).
> 
Great, I'll prepare a patch for the KVM API documentation.

-Christoffer

Re: [Qemu-devel] RFC: ACPI, HPET._CRS, MacOSX vs. WinXP

[Gabriel L. Somlo]

On Mon, Jan 20, 2014 at 01:16:02PM +0100, Paolo Bonzini wrote:
> Il 20/01/2014 13:08, Michael S. Tsirkin ha scritto:
> >>> > > I think the hack looking for the SMC device is safer than _OSI: OSPMs
> >>> > > are known to do crazy things when they see _OSI, such as assuming they
> >>> > > need to try and emulate the OS probed.
> 
> Source for "OSPMs do crazy things when they see _OSI".

After a bit more digging, I believe this has to do with the fact that
OSPM is responsible for define _OSI, and referencing it from e.g. the
HPET._CRS method when it's NOT defined (e.g. by a misbehaving OSPM)
results in all sorts of unpleasantness.

In fact, looking on the MacBookPro, we see the following:

DefinitionBlock ("dsdt.aml", "DSDT", 1, "APPLE ", "MacBookP", 0x00090001)
{
...
Field (GNVS, AnyAcc, Lock, Preserve) {
OSYS,   16,
...
}
...
Scope (\_SB) {
Method (_INI, 0, NotSerialized) {
Store (0x07DC, OSYS)
If (CondRefOf (\_OSI, Local0)) {
If (_OSI ("Darwin")) {
Store (0x2710, OSYS)
}
If (\_OSI ("Linux")) {
Store (0x03E8, OSYS)
}
If (\_OSI ("Windows 2009")) {
Store (0x07D9, OSYS)
}
If (\_OSI ("Windows 2012")) {
Store (0x07DC, OSYS)
}
}
}
...
}
...

So, basically, they give OSYS a default value, then *if* _OSI is
defined by a well-behaved OSPM, they use it to give OSYS a more
useful, specific value. CondRefOf is used to avoid a fatal error
in case _OSI does not exist.

And later:

Device (HPET) {
Name (_HID, EisaId ("PNP0103"))
Name (_CID, EisaId ("PNP0C01"))
Name (BUF0, ResourceTemplate () {
IRQNoFlags () {0}
IRQNoFlags () {8}
Memory32Fixed (ReadWrite,
0xFED0, // Address Base
0x0400, // Address Length
_Y16)
})
Method (_STA, 0, NotSerialized) {
If (LGreaterEqual (OSYS, 0x07D1)) {
If (HPAE) {
Return (0x0F)
}
} Else {
If (HPAE) {
Return (0x0B)
}
}
Return (0x00)
}
...
}

Which begins to explain why, on the MBP2,2 I didn't see the HPET show
up in the XP device tree at all ! :)

I.e., I wonder if XP actually defines _OSI (my inner gambling addict
says it probably does not).

Long story short, we could use CondRefOf as an intermediary wrapper
around _OSI to avoid referencing SMC._STA from within HPET.CRS...

Not sure we want to "complicate" the rest of the HPET (e.g. return
different values for bit2, "show device in acpi u/i" depending on
_OSI, the way Apple machines do).

Thanks,
--Gabriel

Re: [Qemu-devel] [PATCH v2 01/14] spapr: populate DRC entries for root dt node

[Michael Roth]

Quoting Mike Day (2014-01-20 11:59:28)
> On Mon, Jan 20, 2014 at 12:24 PM, Michael Roth
>  wrote:
> > Quoting Alexey Kardashevskiy (2014-01-19 20:58:20)
> >
> > Would need to look at it a bit more closely to say for certain, but after
> > discussing it a bit Tyrel/Mike, I think the main considerations would be:
> >
> > 1) PHB hotplug/unplug would need to signal a different event type in it's
> >check-exception/epow message, we have stubs in place for a PHB event 
> > type,
> >so that's mostly a matter of adding special-casing in the hotplug 
> > callback
> >for spapr-pci-host-bridge devices
> > 2) The required properties for the OF node corresponding PHB will be 
> > different.
> >Currently these are generated as part of the hotplug callback, and 
> > attached
> >to the corresponding ConfigureConnectorState node to be fed to the guest
> >via subsequent ibm,configure-connector RTAS calls, so we'd just hook the
> >PHB's OF node generation code in there as.
> > 3) The sysctl/kernel interface for handling PHB hotplug would be different,
> >we'd be relying on the rpadlar kernel module
> >(/sys/bus/pci/slots/control/add_slot) rather than rpaphp
> >(/sys/bus/pci/slots//power) or the PCI rescan fallback.
> >This is mostly a matter of modifying the handling in the guest tools, 
> > namely
> >in rtas_errd, to handle the event accordingly.
> >
> > We also haven't done anything extensive using rpadlpar operations within 
> > qemu
> > guests, so there may be various odds/ends and possibly kernel changes 
> > needed to
> > get that working properly (as was the case for rpaphp, though thanks to the 
> > PCI
> > rescan workaround a new kernel isn't required for existing guests... a 
> > similar
> > fallback likely won't be available for rpadlpar)
> >
> > But from a high-level view at least it seems fairly straight-forward. I'll 
> > see
> > if we can get a prototype working.
> 
> The fact that it "just works" now by rescanning the pci filesystem is
> a significant benefit. I don't think we want to lose it. There can be
> many PHBs on one of these systems. Maybe we could make the PHB
> hot-pluggable and also always have one PHB plugged in at startup. Then
> the guest will see the bus when it starts and it will build the pci
> file system.

I'm not sure I understand the proposal, but to be clear this doesn't entail a
change to the existing behavior, just one of the constraints specific to
supporting PHB hotplug in the future, PCI devices can still be hotplugged via
rpaphp or rescan either way.

As far alternatives to PHB hotplug, there's options like introducing a 
compatible
pci-bridge device (or perhaps the standard pci-bridge code will work) that can 
be
hotplugged using rpaphp/rescan to add child busses, but I think that's a 
separate
issue (unless the only goal we care about here is increasing the pci device 
limit
while the guest is running (maybe it is?))

> 
> Mike

Re: [Qemu-devel] [PATCH v3] target-ppc: gdbstub allow byte swapping for, reading/writing registers

[Alexander Graf]

On 20.01.2014, at 18:49, Thomas Falcon  wrote:

> On 01/20/2014 08:33 AM, Alexander Graf wrote:
>> On 17.01.2014, at 22:02, Thomas Falcon  wrote:
>> 
>>> This patch allows registers to be properly read from and written to
>>> when using the gdbstub to debug a ppc guest running in little
>>> endian mode.  It accomplishes this goal by byte swapping the values of
>>> any registers if the MSR:LE value is set.
>>> 
>>> Signed-off-by: Thomas Falcon 
>>> ---
>>> Differences from v2:
>>> 
>>> Fixed formatting issues
>>> Added logic to ensure only FP registers have a guaranteed size of 8 bytes
>> 
>> I don't really like how the write case has to know about the size of a 
>> register (maybe we could factor this out into a single function for all 
>> reads and writes?), but this is good enough for now :). However, I can't 
>> apply the patch as your email client seems to have broken the patch 
>> formatting.
>> 
>> 
>> Alex
>> 
>> 
> I'm not sure of a way to swap the value without knowing its size.  In both 
> read and write, the size needs to be known and is hardcoded in some  cases.  
> The write case cannot know the size without a conditional since we need to 
> swap in mem_buf before we call ppc_cpu_gdb_write_register.  Maybe we could 
> get around this by hanging ppc_cpu_gdb_write_register so that it returns a 
> pointer to the register being overwritten, and then we could swap that 
> instead of mem_buf?  But even then I guess we would still need to check the 
> size of the register before we called bswap32/64.

Well, the easiest way would be to factor out the size from the content reads 
and writes. Something like this:

diff --git a/target-ppc/gdbstub.c b/target-ppc/gdbstub.c
index 1c91090..17243cb 100644
--- a/target-ppc/gdbstub.c
+++ b/target-ppc/gdbstub.c
@@ -28,27 +28,67 @@
  * FP regs zero size when talking to a newer gdb.
  */

+static int ppc_cpu_gdb_register_len(int n)
+{
+switch (n) {
+case 0 ... 31:
+/* gprs */
+return sizeof(target_ulong);
+case 32 ... 63:
+/* fprs */
+if (gdb_has_xml) {
+return 0;
+}
+return 8;
+case 66:
+/* cr */
+return 4;
+case 64:
+/* nip */
+case 65:
+/* msr */
+case 67:
+/* lr */
+case 68:
+/* ctr */
+case 69:
+/* xer */
+return sizeof(target_ulong);
+case 70:
+/* fpscr */
+if (gdb_has_xml) {
+return 0;
+}
+return sizeof(target_ulong);
+default:
+return 0;
+}
+}
+
 int ppc_cpu_gdb_read_register(CPUState *cs, uint8_t *mem_buf, int n)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 CPUPPCState *env = &cpu->env;
+int r = ppc_cpu_gdb_register_len(n);
+
+if (!r) {
+return r;
+}

 if (n < 32) {
 /* gprs */
-return gdb_get_regl(mem_buf, env->gpr[n]);
+gdb_get_regl(mem_buf, env->gpr[n]);
 } else if (n < 64) {
 /* fprs */
-if (gdb_has_xml) {
-return 0;
-}
 stfq_p(mem_buf, env->fpr[n-32]);
-return 8;
 } else {
 switch (n) {
 case 64:
-return gdb_get_regl(mem_buf, env->nip);
+gdb_get_regl(mem_buf, env->nip);
+break;
 case 65:
-return gdb_get_regl(mem_buf, env->msr);
+gdb_get_regl(mem_buf, env->msr);
+break;
 case 66:
 {
 uint32_t cr = 0;
@@ -56,50 +96,51 @@ int ppc_cpu_gdb_read_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 for (i = 0; i < 8; i++) {
 cr |= env->crf[i] << (32 - ((i + 1) * 4));
 }
-return gdb_get_reg32(mem_buf, cr);
+gdb_get_reg32(mem_buf, cr);
+break;
 }
 case 67:
-return gdb_get_regl(mem_buf, env->lr);
+gdb_get_regl(mem_buf, env->lr);
+break;
 case 68:
-return gdb_get_regl(mem_buf, env->ctr);
+gdb_get_regl(mem_buf, env->ctr);
+break;
 case 69:
-return gdb_get_regl(mem_buf, env->xer);
+gdb_get_regl(mem_buf, env->xer);
+break;
 case 70:
-{
-if (gdb_has_xml) {
-return 0;
-}
-return gdb_get_reg32(mem_buf, env->fpscr);
-}
+gdb_get_reg32(mem_buf, env->fpscr);
+break;
 }
 }
-return 0;
+
+return r;
 }

 int ppc_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 CPUPPCState *env = &cpu->env;
+int r = ppc_cpu_gdb_register_len(n);
+
+if (!r) {
+return r;
+}

 if (n < 32) {
 /* gprs */
 env->gpr[n] = ldtul_p(mem_buf);
-return sizeof(target_ulong);
 } else if (n < 64) {
 /* fprs */
-if (gdb_has_xml) {
-ret

Re: [Qemu-devel] [PATCH 0/7 RESEND] target-i386: Simplify kvm_cpu_fill_host() and kvm_check_features_against_host()

[Eduardo Habkost]

On Mon, Jan 20, 2014 at 02:41:07PM -0200, Eduardo Habkost wrote:
> Resend of series submitted on 24 November 2013, that didn't get any reply. 
> Only
> change is a trivial conflict on patch 7/7.

Question: which tree is the most appropriate to get this in? qom-cpu?
kvm?


> 
> This series simplifies kvm_cpu_fill_host() and
> kvm_check_features_against_host() to simply use FeatureWord & 
> feature_word_info
> loops to fill/check feature words.
> 
> The initial motivation for this was to avoid hacks involving the "host" CPU
> class on the forthcoming conversion of CPU models to be X86CPU subclasses.
> Instead of requiring the kvm_arch_get_supported_cpuid() results to be stored 
> in
> the class struct for "host" (thus requiring KVM initialization hacks).
> 
> Eduardo Habkost (7):
>   target-i386: kvm_cpu_fill_host(): Kill unused code
>   target-i386: kvm_cpu_fill_host(): No need to check level
>   target-i386: kvm_cpu_fill_host(): No need to check CPU vendor
>   target-i386: kvm_cpu_fill_host(): No need to check xlevel2
>   target-i386: kvm_cpu_fill_host(): Set all feature words at end of
> function
>   target-i386: kvm_cpu_fill_host(): Fill feature words in a loop
>   target-i386: kvm_check_features_against_host(): Kill feature word
> array
> 
>  target-i386/cpu.c | 89 
> +--
>  1 file changed, 20 insertions(+), 69 deletions(-)
> 
> -- 
> 1.8.4.2
> 
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v2 01/14] spapr: populate DRC entries for root dt node

[Mike Day]

On Mon, Jan 20, 2014 at 12:24 PM, Michael Roth
 wrote:
> Quoting Alexey Kardashevskiy (2014-01-19 20:58:20)
>
> Would need to look at it a bit more closely to say for certain, but after
> discussing it a bit Tyrel/Mike, I think the main considerations would be:
>
> 1) PHB hotplug/unplug would need to signal a different event type in it's
>check-exception/epow message, we have stubs in place for a PHB event type,
>so that's mostly a matter of adding special-casing in the hotplug callback
>for spapr-pci-host-bridge devices
> 2) The required properties for the OF node corresponding PHB will be 
> different.
>Currently these are generated as part of the hotplug callback, and attached
>to the corresponding ConfigureConnectorState node to be fed to the guest
>via subsequent ibm,configure-connector RTAS calls, so we'd just hook the
>PHB's OF node generation code in there as.
> 3) The sysctl/kernel interface for handling PHB hotplug would be different,
>we'd be relying on the rpadlar kernel module
>(/sys/bus/pci/slots/control/add_slot) rather than rpaphp
>(/sys/bus/pci/slots//power) or the PCI rescan fallback.
>This is mostly a matter of modifying the handling in the guest tools, 
> namely
>in rtas_errd, to handle the event accordingly.
>
> We also haven't done anything extensive using rpadlpar operations within qemu
> guests, so there may be various odds/ends and possibly kernel changes needed 
> to
> get that working properly (as was the case for rpaphp, though thanks to the 
> PCI
> rescan workaround a new kernel isn't required for existing guests... a similar
> fallback likely won't be available for rpadlpar)
>
> But from a high-level view at least it seems fairly straight-forward. I'll see
> if we can get a prototype working.

The fact that it "just works" now by rescanning the pci filesystem is
a significant benefit. I don't think we want to lose it. There can be
many PHBs on one of these systems. Maybe we could make the PHB
hot-pluggable and also always have one PHB plugged in at startup. Then
the guest will see the bus when it starts and it will build the pci
file system.

Mike

Re: [Qemu-devel] [PATCH v3] target-ppc: gdbstub allow byte swapping for, reading/writing registers

[Thomas Falcon]

On 01/20/2014 08:33 AM, Alexander Graf wrote:

On 17.01.2014, at 22:02, Thomas Falcon  wrote:


This patch allows registers to be properly read from and written to
when using the gdbstub to debug a ppc guest running in little
endian mode.  It accomplishes this goal by byte swapping the values of
any registers if the MSR:LE value is set.

Signed-off-by: Thomas Falcon 
---
Differences from v2:

Fixed formatting issues
Added logic to ensure only FP registers have a guaranteed size of 8 bytes


I don't really like how the write case has to know about the size of a register 
(maybe we could factor this out into a single function for all reads and 
writes?), but this is good enough for now :). However, I can't apply the patch 
as your email client seems to have broken the patch formatting.


Alex



I'm not sure of a way to swap the value without knowing its size.  In both read 
and write, the size needs to be known and is hardcoded in some  cases.  The 
write case cannot know the size without a conditional since we need to swap in 
mem_buf before we call ppc_cpu_gdb_write_register.  Maybe we could get around 
this by hanging ppc_cpu_gdb_write_register so that it returns a pointer to the 
register being overwritten, and then we could swap that instead of mem_buf?  
But even then I guess we would still need to check the size of the register 
before we called bswap32/64.

Anyway, sorry about the formatting issues again.  Should I just resubmit the 
patch as is?


Thanks,

Tom

Re: [Qemu-devel] [PULL 14/28] exec: make address spaces 64-bit wide

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 09:45:25AM -0700, Alex Williamson wrote:
> On Mon, 2014-01-20 at 11:20 -0500, Mike Day wrote:
> > Do you know which device is writing to the BAR below? From the trace
> > it appears it should be restoring the memory address to the BAR after
> > writing all 1s to the BAR and reading back the contents. (the protocol
> > for finding the length of the bar memory.)
> 
> The guest itself is writing the the BARs.  This is a standard sizing
> operation by the guest.

Question is maybe device memory should be disabled?
Does windows do this too (sizing when memory enabled)?


> > On Thu, Jan 9, 2014 at 12:24 PM, Alex Williamson
> >  wrote:
> > > On Wed, 2013-12-11 at 20:30 +0200, Michael S. Tsirkin wrote:
> > >> From: Paolo Bonzini 
> > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) febe0004
> > > (save lower 32bits of BAR)
> > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0x, len=0x4)
> > > (write mask to BAR)
> > 
> > Here the device should restore the memory address (original contents)
> > to the BAR.
> 
> Sorry if it's not clear, the trace here is what the vfio-pci driver
> sees.  We're just observing the sizing operation of the guest, therefore
> we see:
> 
> 1) orig = read()
> 2) write(0x)
> 3) size_mask = read()
> 4) write(orig)
> 
> We're only at step 2)
> 
> > > vfio: region_del febe - febe3fff
> > > (memory region gets unmapped)
> > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) c004
> > > (read size mask)
> 
> step 3)
> 
> > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0xfebe0004, len=0x4)
> > > (restore BAR)
> 
> step 4)
> 
> > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > (memory region re-mapped)
> > > vfio: vfio_pci_read_config(:01:10.0, @0x14, len=0x4) 0
> > > (save upper 32bits of BAR)
> > > vfio: vfio_pci_write_config(:01:10.0, @0x14, 0x, len=0x4)
> > > (write mask to BAR)
> > 
> > and here ...
> 
> This is the same as above to the next BAR, which is the upper 32bits of
> the 64bit BAR.
> 
> > > vfio: region_del febe - febe3fff
> > > (memory region gets unmapped)
> > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > (memory region gets re-mapped with new address)
> > > qemu-system-x86_64: vfio_dma_map(0x7fcf38861710, 0xfebe, 
> > > 0x4000, 0x7fcf3654d000) = -14 (Bad address)
> > > (iommu barfs because it can only handle 48bit physical addresses)
> > 
> > I looked around some but I couldn't find an obvious culprit. Could it
> > be that the BAR is getting unmapped automatically due to
> > x-intx-mmap-timeout-ms before the device has a chance to finish
> > restoring the correct value to the BAR?
> 
> No, this is simply the guest sizing the BAR, this is not an internally
> generated operation.  The INTx emulation isn't used here as KVM
> acceleration is enabled.  That also only toggles the enable setting on
> the mmap'd MemoryRegion, it doesn't change the address it's mapped to.
> Thanks,
> 
> Alex

Re: [Qemu-devel] [PATCH v2 01/14] spapr: populate DRC entries for root dt node

[Michael Roth]

Quoting Alexey Kardashevskiy (2014-01-19 20:58:20)
> On 01/17/2014 07:51 AM, Michael Roth wrote:
> > Quoting Alexey Kardashevskiy (2013-12-15 22:54:42)
> >> On 12/16/2013 01:59 PM, Alexey Kardashevskiy wrote:
> >>> On 12/06/2013 09:32 AM, Michael Roth wrote:
>  From: Nathan Fontenot 
> 
>  This add entries to the root OF node to advertise our PHBs as being
>  DR-capable in according with PAPR specification.
> 
>  Each PHB is given a name of PHB, advertised as a PHB type,
>  and associated with a power domain of -1 (indicating to guests that
>  power management is handled automatically by hardware).
> 
>  We currently allocate entries for up to 32 DR-capable PHBs, though
>  this limit can be increased later.
> 
>  DrcEntry objects to track the state of the DR-connector associated
>  with each PHB are stored in a 32-entry array, and each DrcEntry has
>  in turn have a dynamically-sized number of child DR-connectors,
>  which we will use later to track the state of DR-connectors
>  associated with a PHB's physical slots.
> 
>  Signed-off-by: Nathan Fontenot 
>  Signed-off-by: Michael Roth 
>  ---
>   hw/ppc/spapr.c |  132 
>  
>   include/hw/ppc/spapr.h |   33 
>   2 files changed, 165 insertions(+)
> 
>  diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>  index 7e53a5f..ec3ba43 100644
>  --- a/hw/ppc/spapr.c
>  +++ b/hw/ppc/spapr.c
>  @@ -81,6 +81,7 @@
>   #define HTAB_SIZE(spapr)(1ULL << ((spapr)->htab_shift))
>   
>   sPAPREnvironment *spapr;
>  +DrcEntry drc_table[SPAPR_DRC_TABLE_SIZE];
>   
>   int spapr_allocate_irq(int hint, bool lsi)
>   {
>  @@ -276,6 +277,130 @@ static size_t create_page_sizes_prop(CPUPPCState 
>  *env, uint32_t *prop,
>   return (p - prop) * sizeof(uint32_t);
>   }
>   
>  +static void spapr_init_drc_table(void)
>  +{
>  +int i;
>  +
>  +memset(drc_table, 0, sizeof(drc_table));
>  +
>  +/* For now we only care about PHB entries */
>  +for (i = 0; i < SPAPR_DRC_TABLE_SIZE; i++) {
>  +drc_table[i].drc_index = 0x201 + i;
>  +}
>  +}
>  +
>  +DrcEntry *spapr_add_phb_to_drc_table(uint64_t buid, uint32_t state)
>  +{
>  +DrcEntry *empty_drc = NULL;
>  +DrcEntry *found_drc = NULL;
>  +int i, phb_index;
>  +
>  +for (i = 0; i < SPAPR_DRC_TABLE_SIZE; i++) {
>  +if (drc_table[i].phb_buid == 0) {
>  +empty_drc = &drc_table[i];
>  +}
>  +
>  +if (drc_table[i].phb_buid == buid) {
>  +found_drc = &drc_table[i];
>  +break;
>  +}
>  +}
>  +
>  +if (found_drc) {
>  +return found_drc;
>  +}
>  +
>  +if (empty_drc) {
>  +empty_drc->phb_buid = buid;
>  +empty_drc->state = state;
>  +empty_drc->cc_state.fdt = NULL;
>  +empty_drc->cc_state.offset = 0;
>  +empty_drc->cc_state.depth = 0;
>  +empty_drc->cc_state.state = CC_STATE_IDLE;
>  +empty_drc->child_entries =
>  +g_malloc0(sizeof(DrcEntry) * SPAPR_DRC_PHB_SLOT_MAX);
>  +phb_index = buid - SPAPR_PCI_BASE_BUID;
>  +for (i = 0; i < SPAPR_DRC_PHB_SLOT_MAX; i++) {
>  +empty_drc->child_entries[i].drc_index =
>  +SPAPR_DRC_DEV_ID_BASE + (phb_index << 8) + (i << 3);
>  +}
>  +return empty_drc;
>  +}
>  +
>  +return NULL;
>  +}
>  +
>  +static void spapr_create_drc_dt_entries(void *fdt)
>  +{
>  +char char_buf[1024];
>  +uint32_t int_buf[SPAPR_DRC_TABLE_SIZE + 1];
>  +uint32_t *entries;
>  +int offset, fdt_offset;
>  +int i, ret;
>  +
>  +fdt_offset = fdt_path_offset(fdt, "/");
>  +
>  +/* ibm,drc-indexes */
>  +memset(int_buf, 0, sizeof(int_buf));
>  +int_buf[0] = SPAPR_DRC_TABLE_SIZE;
>  +
>  +for (i = 1; i <= SPAPR_DRC_TABLE_SIZE; i++) {
>  +int_buf[i] = drc_table[i-1].drc_index;
>  +}
>  +
>  +ret = fdt_setprop(fdt, fdt_offset, "ibm,drc-indexes", int_buf,
>  +  sizeof(int_buf));
>  +if (ret) {
>  +fprintf(stderr, "Couldn't finalize ibm,drc-indexes property\n");
>  +}
>  +
>  +/* ibm,drc-power-domains */
>  +memset(int_buf, 0, sizeof(int_buf));
>  +int_buf[0] = SPAPR_DRC_TABLE_SIZE;
>  +
>  +for (i = 1; i <= SPAPR_DRC_TABLE_SIZE; i++) {
>  +int_buf[i] = 0x;
>  +}
>  +
>  +ret = fdt_setprop(fdt, fdt_offset, "ibm,drc-power-domains", int_buf,
>  +  sizeof

Re: [Qemu-devel] [PATCH] target-i386: enable x2apic by default on more recent CPU models

[Eduardo Habkost]

On Mon, Jan 20, 2014 at 05:27:18PM +0100, Andreas Färber wrote:
> Am 20.01.2014 15:36, schrieb Eduardo Habkost:
> > This enables x2apic on the following CPU models: Conroe, Penryn,
> > Nehalem, Westmere, Opteron_G[12345].
> > 
> > Normally we try to keep the CPU model definitions as close as the real
> > CPUs as possible, but x2apic can be emulated by KVM without host CPU
> > support for x2apic, and it improves performance by reducing APIC access
> > overhead. x2apic emulation is available on KVM since 2009 (Linux
> > 2.6.32-rc1), there's no reason for not enabling x2apic by default when
> > running KVM.
> > 
> > About testing: Conroe, Penryn, Nehalem, Westemere and Opteron_G[123]
> > have x2apic enabled on RHEL-6 since RHEL-6.0, so the presence of x2apic
> > on those CPU models got lots of testing in the last few years. I want to
> > eventually enable x2apic on all other CPU models as well, but it will
> > require some testing to ensure it won't confuse guests.
> > 
> > This shouldn't affect TCG at all because features not supported by TCG
> > are automatically and silently disabled by QEMU when initializing the
> > CPU.
> > 
> > Signed-off-by: Eduardo Habkost 
> > ---
> > v1 was sent in September 2013:
> >   Message-Id: <1379704517-19177-1-git-send-email-ehabk...@redhat.com>
> >   http://article.gmane.org/gmane.comp.emulators.qemu/234541
> > 
> > It got an Acked-by from Gleb but it was ignored by all maintainers.
> 
> Sorry, was still unread in my inbox. What changed between this version
> and said v1? Just moving to _1_7? I.e. should I add back Gleb's Acked-by
> before your Sob when applying?

Yes, the only change from v1 was on the compat code. I didn't think I
should have included Gleb's Acked-by because he didn't review the compat
code changes (and I could have made mistakes when rebasing), but if you
think it is appropriate, you can pull Gleb's Acked-by.

-- 
Eduardo

Re: [Qemu-devel] [PULL 14/28] exec: make address spaces 64-bit wide

[Alex Williamson]

On Mon, 2014-01-20 at 19:04 +0200, Michael S. Tsirkin wrote:
> On Mon, Jan 20, 2014 at 09:45:25AM -0700, Alex Williamson wrote:
> > On Mon, 2014-01-20 at 11:20 -0500, Mike Day wrote:
> > > Do you know which device is writing to the BAR below? From the trace
> > > it appears it should be restoring the memory address to the BAR after
> > > writing all 1s to the BAR and reading back the contents. (the protocol
> > > for finding the length of the bar memory.)
> > 
> > The guest itself is writing the the BARs.  This is a standard sizing
> > operation by the guest.
> 
> Question is maybe device memory should be disabled?
> Does windows do this too (sizing when memory enabled)?

Per the spec I would have expected memory & I/O to be disabled on the
device during a sizing operation, but that's not the case here.  I
thought you were the one that said Linux doesn't do this because some
devices don't properly re-enable.  I'm not sure how it would change our
approach to this to know whether Windows behaves the same since sizing
while disabled is not an issue and we apparently need to support sizing
while enabled regardless.  Thanks,

Alex

> > > On Thu, Jan 9, 2014 at 12:24 PM, Alex Williamson
> > >  wrote:
> > > > On Wed, 2013-12-11 at 20:30 +0200, Michael S. Tsirkin wrote:
> > > >> From: Paolo Bonzini 
> > > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) febe0004
> > > > (save lower 32bits of BAR)
> > > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0x, len=0x4)
> > > > (write mask to BAR)
> > > 
> > > Here the device should restore the memory address (original contents)
> > > to the BAR.
> > 
> > Sorry if it's not clear, the trace here is what the vfio-pci driver
> > sees.  We're just observing the sizing operation of the guest, therefore
> > we see:
> > 
> > 1) orig = read()
> > 2) write(0x)
> > 3) size_mask = read()
> > 4) write(orig)
> > 
> > We're only at step 2)
> > 
> > > > vfio: region_del febe - febe3fff
> > > > (memory region gets unmapped)
> > > > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) c004
> > > > (read size mask)
> > 
> > step 3)
> > 
> > > > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0xfebe0004, len=0x4)
> > > > (restore BAR)
> > 
> > step 4)
> > 
> > > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > > (memory region re-mapped)
> > > > vfio: vfio_pci_read_config(:01:10.0, @0x14, len=0x4) 0
> > > > (save upper 32bits of BAR)
> > > > vfio: vfio_pci_write_config(:01:10.0, @0x14, 0x, len=0x4)
> > > > (write mask to BAR)
> > > 
> > > and here ...
> > 
> > This is the same as above to the next BAR, which is the upper 32bits of
> > the 64bit BAR.
> > 
> > > > vfio: region_del febe - febe3fff
> > > > (memory region gets unmapped)
> > > > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > > > (memory region gets re-mapped with new address)
> > > > qemu-system-x86_64: vfio_dma_map(0x7fcf38861710, 0xfebe, 
> > > > 0x4000, 0x7fcf3654d000) = -14 (Bad address)
> > > > (iommu barfs because it can only handle 48bit physical addresses)
> > > 
> > > I looked around some but I couldn't find an obvious culprit. Could it
> > > be that the BAR is getting unmapped automatically due to
> > > x-intx-mmap-timeout-ms before the device has a chance to finish
> > > restoring the correct value to the BAR?
> > 
> > No, this is simply the guest sizing the BAR, this is not an internally
> > generated operation.  The INTx emulation isn't used here as KVM
> > acceleration is enabled.  That also only toggles the enable setting on
> > the mmap'd MemoryRegion, it doesn't change the address it's mapped to.
> > Thanks,
> > 
> > Alex

Re: [Qemu-devel] [PATCH 3/3] s390-sclp: SCLP Event integration

[Andreas Färber]

Hi,

Thanks for splitting these off.

Am 20.01.2014 17:56, schrieb Jason J. Herne:
> From: "Jason J. Herne" 
> 
> Add an sclp event for "cpu was hot plugged".  This allows Qemu to deliver an
> SCLP interrupt to the guest stating that the requested cpu hotplug was
> completed.
> 
> Signed-off-by: Jason J. Herne 
> ---
>  hw/s390x/Makefile.objs|   1 +
>  hw/s390x/event-facility.c |   6 ++
>  hw/s390x/sclpcpu.c| 113 
> ++
>  include/hw/s390x/event-facility.h |   3 +
>  include/hw/s390x/sclp.h   |   1 +
>  5 files changed, 124 insertions(+)
>  create mode 100644 hw/s390x/sclpcpu.c
[...]
> diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
> index 25951a0..575d407 100644
> --- a/hw/s390x/event-facility.c
> +++ b/hw/s390x/event-facility.c
> @@ -32,6 +32,8 @@ struct SCLPEventFacility {
>  unsigned int receive_mask;
>  };
>  
> +SCLPEvent cpu_hotplug;
> +
>  /* return true if any child has event pending set */
>  static bool event_pending(SCLPEventFacility *ef)
>  {
> @@ -335,6 +337,10 @@ static int init_event_facility(S390SCLPDevice *sdev)
>  }
>  qdev_init_nofail(quiesce);
>  
> +object_initialize(&cpu_hotplug, sizeof(cpu_hotplug), "sclp-cpu-hotplug");

Any chance we can use a TYPE_* define in event-facility.h?

> +qdev_set_parent_bus(DEVICE(&cpu_hotplug), BUS(&event_facility->sbus));
> +object_property_set_bool(OBJECT(&cpu_hotplug), true, "realized", NULL);

Otherwise looks okay to me, except for two minor nits below.

> +
>  return 0;
>  }
>  
> diff --git a/hw/s390x/sclpcpu.c b/hw/s390x/sclpcpu.c
> new file mode 100644
> index 000..7fd1f9e
> --- /dev/null
> +++ b/hw/s390x/sclpcpu.c
[...]
> +static void cpu_class_init(ObjectClass *klass, void *data)

Please use oc to avoid the deliberately misspelled klass.

> +{
> +SCLPEventClass *k = SCLP_EVENT_CLASS(klass);
> +
> +k->init = irq_cpu_hotplug_init;
> +k->get_send_mask = send_mask;
> +k->get_receive_mask = receive_mask;
> +k->read_event_data = read_event_data;
> +k->write_event_data = NULL;
> +}
> +
> +static const TypeInfo sclp_cpu_info = {
> +.name  = "sclp-cpu-hotplug",
> +.parent= TYPE_SCLP_EVENT,
> +.instance_size = sizeof(SCLPEvent),
> +.class_init= cpu_class_init,
> +.class_size= sizeof(SCLPEventClass),
> +};
> +
> +static void register_types(void)

Please use your unique prefix: sclp_cpu_register_types

> +{
> +type_register_static(&sclp_cpu_info);
> +}
> +
> +type_init(register_types)
> +

Trailing white line.

> diff --git a/include/hw/s390x/event-facility.h 
> b/include/hw/s390x/event-facility.h
> index 7ce7079..4347f06 100644
> --- a/include/hw/s390x/event-facility.h
> +++ b/include/hw/s390x/event-facility.h
> @@ -17,10 +17,12 @@
>  
>  #include 
>  #include "qemu/thread.h"
> +#include "hw/s390x/sclp.h"
>  
>  /* SCLP event types */
>  #define SCLP_EVENT_OPRTNS_COMMAND   0x01
>  #define SCLP_EVENT_MESSAGE  0x02
> +#define SCLP_EVENT_CONFIG_MGT_DATA  0x04
>  #define SCLP_EVENT_PMSGCMD  0x09
>  #define SCLP_EVENT_ASCII_CONSOLE_DATA   0x1a
>  #define SCLP_EVENT_SIGNAL_QUIESCE   0x1d
> @@ -28,6 +30,7 @@
>  /* SCLP event masks */
>  #define SCLP_EVENT_MASK_SIGNAL_QUIESCE  0x0008
>  #define SCLP_EVENT_MASK_MSG_ASCII   0x0040
> +#define SCLP_EVENT_MASK_CONFIG_MGT_DATA 0x1000
>  #define SCLP_EVENT_MASK_OP_CMD  0x8000
>  #define SCLP_EVENT_MASK_MSG 0x4000
>  #define SCLP_EVENT_MASK_PMSGCMD 0x0080
[snip]

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v2] x86: gigabyte alignment for ram

[Igor Mammedov]

On Mon, 20 Jan 2014 17:51:47 +0200
"Michael S. Tsirkin"  wrote:

> On Mon, Jan 20, 2014 at 04:36:57PM +0100, Gerd Hoffmann wrote:
> > > 4.1.2.
> > >  MCFG Table Description
> > > 
> > > 
> > > ...
> > > 
> > > If the operating system does not natively comprehend reserving the MMCFG
> > > region, the MMCFG region must be reserved by firmware. The address range
> > > reported in the MCFG table or by _CBA method (see Section 4.1.3) must be
> > > reserved by declaring a motherboard resource.
> > 
> > We don't do this today.
> > 
> > > For most systems, the
> > > motherboard resource would appear at the root of the ACPI namespace
> > > (under \_SB) in a node with a _HID of EISAID (PNP0C02), and the
> > > resources in this case should not be claimed in the root PCI bus’s _CRS.
> > 
> > Which I read as _in case it is at the root of the apci namespace_ it
> > should not be claimed in PCI0._CRS.  Which makes sense.
> > 
> > My laptop has it reserved in a \_SB\PCI0\LPC\SIO device instead:
> > 
> > Device (LPC)
> > {
> > Name (_ADR, 0x001F)  // _ADR: Address
> > Name (_S3D, 0x03)  // _S3D: S3 Device State
> > Name (RID, 0x00)
> > Device (SIO)
> > {
> > Name (_HID, EisaId ("PNP0C0P2"))
> > Name (_UID, 0x00)  // _UID: Unique ID
> > Name (SCRS, ResourceTemplate ()
> > {
> > [ ... ]
> > Memory32Fixed (ReadWrite,
> > 0xF800, // Address Base
> > 0x0400, // Address Length
> > )
> > [ ... ]
> > 
> > cheers,
> >   Gerd
> > 
> 
> We can try, but Igor tried to do something like this recently (
> for IO resources) and windows guests kept crashing
> unless he made holes in _CRS.
I've tried to consume ranges under piix_pm/lpc device,
there were no any indication that ranges were ever consumed.

I haven't tried to put PNP0C0P2 on PCI bus though. It might work
I just found similar code in coreboot
https://www.mail-archive.com/coreboot@coreboot.org/msg27723.html

[Qemu-devel] [PATCH v3 5/5] net: add offloading support to netmap backend

[Vincenzo Maffione]

Whit this patch, the netmap backend supports TSO/UFO/CSUM
offloadings, and accepts the virtio-net header, similarly to what
happens with TAP. The offloading callbacks in the NetClientInfo
interface have been implemented.

Signed-off-by: Vincenzo Maffione 
---
 net/netmap.c | 68 +++-
 1 file changed, 67 insertions(+), 1 deletion(-)

diff --git a/net/netmap.c b/net/netmap.c
index 0ccc497..73f6d7a 100644
--- a/net/netmap.c
+++ b/net/netmap.c
@@ -31,6 +31,7 @@
 #include 
 
 #include "net/net.h"
+#include "net/tap.h"
 #include "clients.h"
 #include "sysemu/sysemu.h"
 #include "qemu/error-report.h"
@@ -54,6 +55,7 @@ typedef struct NetmapState {
 boolread_poll;
 boolwrite_poll;
 struct ioveciov[IOV_MAX];
+int vnet_hdr_len;  /* Current virtio-net header length. */
 } NetmapState;
 
 #define D(format, ...)  \
@@ -274,7 +276,7 @@ static ssize_t netmap_receive_iov(NetClientState *nc,
 return iov_size(iov, iovcnt);
 }
 
-i = ring->cur;
+last = i = ring->cur;
 avail = ring->avail;
 
 if (avail < iovcnt) {
@@ -394,6 +396,63 @@ static void netmap_cleanup(NetClientState *nc)
 s->me.fd = -1;
 }
 
+/* Offloading manipulation support callbacks. */
+static bool netmap_has_ufo(NetClientState *nc)
+{
+return true;
+}
+
+static bool netmap_has_vnet_hdr(NetClientState *nc)
+{
+return true;
+}
+
+static bool netmap_has_vnet_hdr_len(NetClientState *nc, int len)
+{
+return len == 0 || len == sizeof(struct virtio_net_hdr) ||
+len == sizeof(struct virtio_net_hdr_mrg_rxbuf);
+}
+
+static void netmap_using_vnet_hdr(NetClientState *nc, bool enable)
+{
+}
+
+static void netmap_set_vnet_hdr_len(NetClientState *nc, int len)
+{
+NetmapState *s = DO_UPCAST(NetmapState, nc, nc);
+int err;
+struct nmreq req;
+
+/* Issue a NETMAP_BDG_VNET_HDR command to change the virtio-net header
+ * length for the netmap adapter associated to 'me->ifname'.
+ */
+memset(&req, 0, sizeof(req));
+pstrcpy(req.nr_name, sizeof(req.nr_name), s->me.ifname);
+req.nr_version = NETMAP_API;
+req.nr_cmd = NETMAP_BDG_VNET_HDR;
+req.nr_arg1 = len;
+err = ioctl(s->me.fd, NIOCREGIF, &req);
+if (err) {
+error_report("Unable to execute NETMAP_BDG_VNET_HDR on %s: %s",
+ s->me.ifname, strerror(errno));
+} else {
+/* Keep track of the current length. */
+s->vnet_hdr_len = len;
+}
+}
+
+static void netmap_set_offload(NetClientState *nc, int csum, int tso4, int 
tso6,
+   int ecn, int ufo)
+{
+NetmapState *s = DO_UPCAST(NetmapState, nc, nc);
+
+/* Setting a virtio-net header length greater than zero automatically
+ * enables the offloadings.
+ */
+if (!s->vnet_hdr_len) {
+netmap_set_vnet_hdr_len(nc, sizeof(struct virtio_net_hdr));
+}
+}
 
 /* NetClientInfo methods */
 static NetClientInfo net_netmap_info = {
@@ -403,6 +462,12 @@ static NetClientInfo net_netmap_info = {
 .receive_iov = netmap_receive_iov,
 .poll = netmap_poll,
 .cleanup = netmap_cleanup,
+.has_ufo = netmap_has_ufo,
+.has_vnet_hdr = netmap_has_vnet_hdr,
+.has_vnet_hdr_len = netmap_has_vnet_hdr_len,
+.using_vnet_hdr = netmap_using_vnet_hdr,
+.set_offload = netmap_set_offload,
+.set_vnet_hdr_len = netmap_set_vnet_hdr_len,
 };
 
 /* The exported init function
@@ -428,6 +493,7 @@ int net_init_netmap(const NetClientOptions *opts,
 nc = qemu_new_net_client(&net_netmap_info, peer, "netmap", name);
 s = DO_UPCAST(NetmapState, nc, nc);
 s->me = me;
+s->vnet_hdr_len = 0;
 netmap_read_poll(s, true); /* Initially only poll for reads. */
 
 return 0;
-- 
1.8.5.2

[Qemu-devel] [PATCH v3 3/5] net: TAP uses NetClientInfo offloading callbacks

[Vincenzo Maffione]

The TAP NetClientInfo structure is inizialized with the TAP-specific
functions that manipulates offloading features.

Signed-off-by: Vincenzo Maffione 
---
 net/tap.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/net/tap.c b/net/tap.c
index c805f3c..d34ec88 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -314,6 +314,12 @@ static NetClientInfo net_tap_info = {
 .receive_iov = tap_receive_iov,
 .poll = tap_poll,
 .cleanup = tap_cleanup,
+.has_ufo = tap_has_ufo,
+.has_vnet_hdr = tap_has_vnet_hdr,
+.has_vnet_hdr_len = tap_has_vnet_hdr_len,
+.using_vnet_hdr = tap_using_vnet_hdr,
+.set_offload = tap_set_offload,
+.set_vnet_hdr_len = tap_set_vnet_hdr_len,
 };
 
 static TAPState *net_tap_fd_init(NetClientState *peer,
-- 
1.8.5.2

[Qemu-devel] [PATCH v3 2/5] net: extend NetClientInfo for offloading

[Vincenzo Maffione]

Some new callbacks have been added to generalize the operations done
by virtio-net and vmxnet3 frontends to manipulate TAP offloadings.

Signed-off-by: Vincenzo Maffione 
---
 include/net/net.h | 19 +++
 net/net.c | 55 +++
 2 files changed, 74 insertions(+)

diff --git a/include/net/net.h b/include/net/net.h
index 11e1468..7b25394 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -50,6 +50,12 @@ typedef void (NetCleanup) (NetClientState *);
 typedef void (LinkStatusChanged)(NetClientState *);
 typedef void (NetClientDestructor)(NetClientState *);
 typedef RxFilterInfo *(QueryRxFilter)(NetClientState *);
+typedef bool (HasUfo)(NetClientState *);
+typedef bool (HasVnetHdr)(NetClientState *);
+typedef bool (HasVnetHdrLen)(NetClientState *, int);
+typedef void (UsingVnetHdr)(NetClientState *, bool);
+typedef void (SetOffload)(NetClientState *, int, int, int, int, int);
+typedef void (SetVnetHdrLen)(NetClientState *, int);
 
 typedef struct NetClientInfo {
 NetClientOptionsKind type;
@@ -62,6 +68,12 @@ typedef struct NetClientInfo {
 LinkStatusChanged *link_status_changed;
 QueryRxFilter *query_rx_filter;
 NetPoll *poll;
+HasUfo *has_ufo;
+HasVnetHdr *has_vnet_hdr;
+HasVnetHdrLen *has_vnet_hdr_len;
+UsingVnetHdr *using_vnet_hdr;
+SetOffload *set_offload;
+SetVnetHdrLen *set_vnet_hdr_len;
 } NetClientInfo;
 
 struct NetClientState {
@@ -120,6 +132,13 @@ ssize_t qemu_send_packet_async(NetClientState *nc, const 
uint8_t *buf,
 void qemu_purge_queued_packets(NetClientState *nc);
 void qemu_flush_queued_packets(NetClientState *nc);
 void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6]);
+bool qemu_peer_has_ufo(NetClientState *nc);
+bool qemu_peer_has_vnet_hdr(NetClientState *nc);
+bool qemu_peer_has_vnet_hdr_len(NetClientState *nc, int len);
+void qemu_peer_using_vnet_hdr(NetClientState *nc, bool enable);
+void qemu_peer_set_offload(NetClientState *nc, int csum, int tso4, int tso6,
+   int ecn, int ufo);
+void qemu_peer_set_vnet_hdr_len(NetClientState *nc, int len);
 void qemu_macaddr_default_if_unset(MACAddr *macaddr);
 int qemu_show_nic_models(const char *arg, const char *const *models);
 void qemu_check_nic_model(NICInfo *nd, const char *model);
diff --git a/net/net.c b/net/net.c
index f8db85f..0a31c95 100644
--- a/net/net.c
+++ b/net/net.c
@@ -381,6 +381,61 @@ void qemu_foreach_nic(qemu_nic_foreach func, void *opaque)
 }
 }
 
+bool qemu_peer_has_ufo(NetClientState *nc)
+{
+if (!nc->peer || !nc->peer->info->has_ufo) {
+return false;
+}
+
+return nc->peer->info->has_ufo(nc->peer);
+}
+
+bool qemu_peer_has_vnet_hdr(NetClientState *nc)
+{
+if (!nc->peer || !nc->peer->info->has_vnet_hdr) {
+return false;
+}
+
+return nc->peer->info->has_vnet_hdr(nc->peer);
+}
+
+bool qemu_peer_has_vnet_hdr_len(NetClientState *nc, int len)
+{
+if (!nc->peer || !nc->peer->info->has_vnet_hdr_len) {
+return false;
+}
+
+return nc->peer->info->has_vnet_hdr_len(nc->peer, len);
+}
+
+void qemu_peer_using_vnet_hdr(NetClientState *nc, bool enable)
+{
+if (!nc->peer || !nc->peer->info->using_vnet_hdr) {
+return;
+}
+
+nc->peer->info->using_vnet_hdr(nc->peer, enable);
+}
+
+void qemu_peer_set_offload(NetClientState *nc, int csum, int tso4, int tso6,
+  int ecn, int ufo)
+{
+if (!nc->peer || !nc->peer->info->set_offload) {
+return;
+}
+
+nc->peer->info->set_offload(nc->peer, csum, tso4, tso6, ecn, ufo);
+}
+
+void qemu_peer_set_vnet_hdr_len(NetClientState *nc, int len)
+{
+if (!nc->peer || !nc->peer->info->set_vnet_hdr_len) {
+return;
+}
+
+nc->peer->info->set_vnet_hdr_len(nc->peer, len);
+}
+
 int qemu_can_send_packet(NetClientState *sender)
 {
 if (!sender->peer) {
-- 
1.8.5.2

[Qemu-devel] [PATCH v3 1/5] net: change vnet-hdr TAP prototypes

[Vincenzo Maffione]

The tap_has_vnet_hdr() and tap_has_vnet_hdr_len() functions used
to return int, even though they only return true/false values.
This patch changes the prototypes to return bool.

Signed-off-by: Vincenzo Maffione 
---
 include/net/tap.h | 4 ++--
 net/tap-win32.c   | 8 
 net/tap.c | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/net/tap.h b/include/net/tap.h
index a994f20..a3490a9 100644
--- a/include/net/tap.h
+++ b/include/net/tap.h
@@ -30,8 +30,8 @@
 #include "qapi-types.h"
 
 bool tap_has_ufo(NetClientState *nc);
-int tap_has_vnet_hdr(NetClientState *nc);
-int tap_has_vnet_hdr_len(NetClientState *nc, int len);
+bool tap_has_vnet_hdr(NetClientState *nc);
+bool tap_has_vnet_hdr_len(NetClientState *nc, int len);
 void tap_using_vnet_hdr(NetClientState *nc, bool using_vnet_hdr);
 void tap_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int 
ecn, int ufo);
 void tap_set_vnet_hdr_len(NetClientState *nc, int len);
diff --git a/net/tap-win32.c b/net/tap-win32.c
index 91e9e84..edf26c4 100644
--- a/net/tap-win32.c
+++ b/net/tap-win32.c
@@ -727,9 +727,9 @@ bool tap_has_ufo(NetClientState *nc)
 return false;
 }
 
-int tap_has_vnet_hdr(NetClientState *nc)
+bool tap_has_vnet_hdr(NetClientState *nc)
 {
-return 0;
+return false;
 }
 
 int tap_probe_vnet_hdr_len(int fd, int len)
@@ -755,9 +755,9 @@ struct vhost_net *tap_get_vhost_net(NetClientState *nc)
 return NULL;
 }
 
-int tap_has_vnet_hdr_len(NetClientState *nc, int len)
+bool tap_has_vnet_hdr_len(NetClientState *nc, int len)
 {
-return 0;
+return false;
 }
 
 void tap_set_vnet_hdr_len(NetClientState *nc, int len)
diff --git a/net/tap.c b/net/tap.c
index 39c1cda..c805f3c 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -219,7 +219,7 @@ bool tap_has_ufo(NetClientState *nc)
 return s->has_ufo;
 }
 
-int tap_has_vnet_hdr(NetClientState *nc)
+bool tap_has_vnet_hdr(NetClientState *nc)
 {
 TAPState *s = DO_UPCAST(TAPState, nc, nc);
 
@@ -228,13 +228,13 @@ int tap_has_vnet_hdr(NetClientState *nc)
 return !!s->host_vnet_hdr_len;
 }
 
-int tap_has_vnet_hdr_len(NetClientState *nc, int len)
+bool tap_has_vnet_hdr_len(NetClientState *nc, int len)
 {
 TAPState *s = DO_UPCAST(TAPState, nc, nc);
 
 assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
 
-return tap_probe_vnet_hdr_len(s->fd, len);
+return !!tap_probe_vnet_hdr_len(s->fd, len);
 }
 
 void tap_set_vnet_hdr_len(NetClientState *nc, int len)
-- 
1.8.5.2

[Qemu-devel] [PATCH v3 4/5] net: virtio-net and vmxnet3 use offloading API

[Vincenzo Maffione]

With this patch, virtio-net and vmxnet3 frontends make
use of the qemu_peer_* API for backend offloadings manipulations,
instead of calling TAP-specific functions directly.
We also remove the existing checks which prevent those frontends
from using offloadings with backends different from TAP (e.g. netmap).

Signed-off-by: Vincenzo Maffione 
---
 hw/net/virtio-net.c | 16 ++--
 hw/net/vmxnet3.c| 12 +---
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 3626608..00c149b 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -325,11 +325,7 @@ static void peer_test_vnet_hdr(VirtIONet *n)
 return;
 }
 
-if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
-return;
-}
-
-n->has_vnet_hdr = tap_has_vnet_hdr(nc->peer);
+n->has_vnet_hdr = qemu_peer_has_vnet_hdr(nc);
 }
 
 static int peer_has_vnet_hdr(VirtIONet *n)
@@ -342,7 +338,7 @@ static int peer_has_ufo(VirtIONet *n)
 if (!peer_has_vnet_hdr(n))
 return 0;
 
-n->has_ufo = tap_has_ufo(qemu_get_queue(n->nic)->peer);
+n->has_ufo = qemu_peer_has_ufo(qemu_get_queue(n->nic));
 
 return n->has_ufo;
 }
@@ -361,8 +357,8 @@ static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int 
mergeable_rx_bufs)
 nc = qemu_get_subqueue(n->nic, i);
 
 if (peer_has_vnet_hdr(n) &&
-tap_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
-tap_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
+qemu_peer_has_vnet_hdr_len(nc, n->guest_hdr_len)) {
+qemu_peer_set_vnet_hdr_len(nc, n->guest_hdr_len);
 n->host_hdr_len = n->guest_hdr_len;
 }
 }
@@ -463,7 +459,7 @@ static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
 
 static void virtio_net_apply_guest_offloads(VirtIONet *n)
 {
-tap_set_offload(qemu_get_subqueue(n->nic, 0)->peer,
+qemu_peer_set_offload(qemu_get_subqueue(n->nic, 0),
 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
@@ -1544,7 +1540,7 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 peer_test_vnet_hdr(n);
 if (peer_has_vnet_hdr(n)) {
 for (i = 0; i < n->max_queues; i++) {
-tap_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
+qemu_peer_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
 }
 n->host_hdr_len = sizeof(struct virtio_net_hdr);
 } else {
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 19687aa..4ad3bf0 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1290,7 +1290,7 @@ static void vmxnet3_update_features(VMXNET3State *s)
   s->lro_supported, rxcso_supported,
   s->rx_vlan_stripping);
 if (s->peer_has_vhdr) {
-tap_set_offload(qemu_get_queue(s->nic)->peer,
+qemu_peer_set_offload(qemu_get_queue(s->nic),
 rxcso_supported,
 s->lro_supported,
 s->lro_supported,
@@ -1883,11 +1883,9 @@ static NetClientInfo net_vmxnet3_info = {
 
 static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
 {
-NetClientState *peer = qemu_get_queue(s->nic)->peer;
+NetClientState *nc = qemu_get_queue(s->nic);
 
-if ((NULL != peer)  &&
-(peer->info->type == NET_CLIENT_OPTIONS_KIND_TAP)   &&
-tap_has_vnet_hdr(peer)) {
+if (qemu_peer_has_vnet_hdr(nc)) {
 return true;
 }
 
@@ -1935,10 +1933,10 @@ static void vmxnet3_net_init(VMXNET3State *s)
 s->lro_supported = false;
 
 if (s->peer_has_vhdr) {
-tap_set_vnet_hdr_len(qemu_get_queue(s->nic)->peer,
+qemu_peer_set_vnet_hdr_len(qemu_get_queue(s->nic),
 sizeof(struct virtio_net_hdr));
 
-tap_using_vnet_hdr(qemu_get_queue(s->nic)->peer, 1);
+qemu_peer_using_vnet_hdr(qemu_get_queue(s->nic)->peer, 1);
 }
 
 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
-- 
1.8.5.2

[Qemu-devel] [PATCH v3 0/5] Add netmap backend offloadings support

[Vincenzo Maffione]

The purpose of this patch series is to add offloadings support
(TSO/UFO/CSUM) to the netmap network backend, and make it possible
for the paravirtual network frontends (virtio-net and vmxnet3) to
use it.
In order to achieve this, these patches extend the existing
net.h interface to add abstract operations through which a network
frontend can manipulate backend offloading features, instead of
directly calling TAP-specific functions.

Guest-to-guest performance before this patches for virtio-net + netmap:

TCP_STREAM  5.0 Gbps
TCP_RR  12.7 Gbps
UDP_STREAM (64-bytes)   790 Kpps

Guest-to-guest performance after this patches for virtio-net + netmap:

TCP_STREAM  21.4 Gbps
TCP_RR  12.7 Gbps
UDP_STREAM (64-bytes)   790 Kpps

Experiment details:
- Processor: Intel i7-3770K CPU @ 3.50GHz (8 cores)
- Memory @ 1333 MHz
- Host O.S.: Archlinux with Linux 3.11
- Guest O.S.: Archlinux with Linux 3.11

- QEMU command line:
qemu-system-x86_64 archdisk.qcow -snapshot -enable-kvm -device 
virtio-net-pci,ioeventfd=on,mac=00:AA:BB:CC:DD:01,netdev=mynet -netdev 
netmap,ifname=vale0:01,id=mynet -smp 2 -vga std -m 3G


 Changes against the previous version ***
NOTE: Now the VALE switch supports the offloadings, meaning that TCP/UDP will 
work
  even between a virtio-net guest with offloadings enabled and another
  guest with offloadings disabled. This has been achieved without 
performance loss
  on the "fast" case (e.g. two virtio-net-guest communicating with 
offloadings on).

(1) removed the second commit of the previous version, which was
intended to remove tap_using_vnet_hdr()
(2) the last commit has been revised: NETMAP_BDG_OFFSET becomes
NETMAP_BDG_VNET_HDR, netmap_set_offload() implemented and
netmap_has_vnet_hdr_len() rewritten.


Vincenzo Maffione (5):
  net: change vnet-hdr TAP prototypes
  net: extend NetClientInfo for offloading
  net: TAP uses NetClientInfo offloading callbacks
  net: virtio-net and vmxnet3 use offloading API
  net: add offloading support to netmap backend

 hw/net/virtio-net.c | 16 +
 hw/net/vmxnet3.c| 12 --
 include/net/net.h   | 19 +++
 include/net/tap.h   |  4 ++--
 net/net.c   | 55 +++
 net/netmap.c| 68 -
 net/tap-win32.c |  8 +++
 net/tap.c   | 12 +++---
 8 files changed, 167 insertions(+), 27 deletions(-)

-- 
1.8.5.2

[Qemu-devel] [PATCH 2/3] s390-sclp: SCLP CPU Info

[Jason J. Herne]

From: "Jason J. Herne" 

Implement the CPU data in SCLP "Read SCP Info".  And implement "Read CPU Info"
SCLP command. This data will be used by the guest to get information about hot
plugged cpus.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/sclp.c | 51 +
 include/hw/s390x/sclp.h | 32 +++
 2 files changed, 83 insertions(+)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index cb035e9..4e0c564 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -15,6 +15,7 @@
 #include "cpu.h"
 #include "sysemu/kvm.h"
 #include "exec/memory.h"
+#include "sysemu/sysemu.h"
 
 #include "hw/s390x/sclp.h"
 
@@ -31,7 +32,26 @@ static inline S390SCLPDevice *get_event_facility(void)
 static void read_SCP_info(SCCB *sccb)
 {
 ReadInfo *read_info = (ReadInfo *) sccb;
+CPUState *cpu;
 int shift = 0;
+int cpu_count = 0;
+int i = 0;
+
+CPU_FOREACH(cpu) {
+cpu_count++;
+}
+
+/* CPU information */
+read_info->entries_cpu = cpu_to_be16(cpu_count);
+read_info->offset_cpu = cpu_to_be16(offsetof(ReadInfo, entries));
+read_info->highest_cpu = cpu_to_be16(max_cpus);
+
+for (i = 0; i < cpu_count; i++) {
+read_info->entries[i].address = i;
+read_info->entries[i].type = 0;
+}
+
+read_info->facilities = cpu_to_be64(SCLP_HAS_CPU_INFO);
 
 while ((ram_size >> (20 + shift)) > 65535) {
 shift++;
@@ -41,6 +61,34 @@ static void read_SCP_info(SCCB *sccb)
 sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
 }
 
+/* Provide information about the CPU */
+static void sclp_read_cpu_info(SCCB *sccb)
+{
+ReadCpuInfo *cpu_info = (ReadCpuInfo *) sccb;
+CPUState *cpu;
+int cpu_count = 0;
+int i = 0;
+
+CPU_FOREACH(cpu) {
+cpu_count++;
+}
+
+cpu_info->nr_configured = cpu_to_be16(cpu_count);
+cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
+cpu_info->nr_standby = cpu_to_be16(0);
+
+/* The standby offset is 16-byte for each CPU */
+cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
++ cpu_info->nr_configured*sizeof(CPUEntry));
+
+for (i = 0; i < cpu_count; i++) {
+cpu_info->entries[i].address = i;
+cpu_info->entries[i].type = 0;
+}
+
+sccb->h.response_code = cpu_to_be16(SCLP_RC_NORMAL_READ_COMPLETION);
+}
+
 static void sclp_execute(SCCB *sccb, uint64_t code)
 {
 S390SCLPDevice *sdev = get_event_facility();
@@ -50,6 +98,9 @@ static void sclp_execute(SCCB *sccb, uint64_t code)
 case SCLP_CMDW_READ_SCP_INFO_FORCED:
 read_SCP_info(sccb);
 break;
+case SCLP_CMDW_READ_CPU_INFO:
+sclp_read_cpu_info(sccb);
+break;
 default:
 sdev->sclp_command_handler(sdev->ef, sccb, code);
 break;
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index 74e8d94..a625098 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -79,12 +79,44 @@ typedef struct SCCBHeader {
 
 #define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader))
 
+/* CPU information */
+typedef struct CPUEntry {
+uint8_t address;
+uint8_t reserved0[13];
+uint8_t type;
+uint8_t reserved1;
+} QEMU_PACKED CPUEntry;
+
 typedef struct ReadInfo {
 SCCBHeader h;
 uint16_t rnmax;
 uint8_t rnsize;
+uint8_t  _reserved1[16 - 11];   /* 11-15 */
+uint16_t entries_cpu;   /* 16-17 */
+uint16_t offset_cpu;/* 18-19 */
+uint8_t  _reserved2[24 - 20];   /* 20-23 */
+uint8_t  loadparm[8];   /* 24-31 */
+uint8_t  _reserved3[48 - 32];   /* 32-47 */
+uint64_t facilities;/* 48-55 */
+uint8_t  _reserved0[100 - 56];
+uint32_t rnsize2;
+uint64_t rnmax2;
+uint8_t  _reserved4[120-112];   /* 112-119 */
+uint16_t highest_cpu;
+uint8_t  _reserved5[128 - 122]; /* 122-127 */
+struct CPUEntry entries[0];
 } QEMU_PACKED ReadInfo;
 
+typedef struct ReadCpuInfo {
+SCCBHeader h;
+uint16_t nr_configured; /* 8-9 */
+uint16_t offset_configured; /* 10-11 */
+uint16_t nr_standby;/* 12-13 */
+uint16_t offset_standby;/* 14-15 */
+uint8_t reserved0[24-16];   /* 16-23 */
+struct CPUEntry entries[0];
+} QEMU_PACKED ReadCpuInfo;
+
 typedef struct SCCB {
 SCCBHeader h;
 char data[SCCB_DATA_LEN];
-- 
1.8.3.2

[Qemu-devel] [PATCH v4] hw/display/qxl: fix signed to unsigned comparison

[Alon Levy]

Several small signedness / overflow corrections to qxl_create_guest_primary:
1. use 64 bit unsigned for size to avoid overflow possible from two 32
bit multiplicants.
2. correct sign for requested_height
3. add a more verbose error message when setting guest bug state (which
causes a complete guess blackout until reset, so it helps if it is
verbose).

Signed-off-by: Alon Levy 
---
 hw/display/qxl.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index e4f172e..ceae1d9 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -19,6 +19,7 @@
  */
 
 #include 
+#include 
 
 #include "qemu-common.h"
 #include "qemu/timer.h"
@@ -1360,14 +1361,16 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, 
int loadvm,
 {
 QXLDevSurfaceCreate surface;
 QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
-int size;
-int requested_height = le32_to_cpu(sc->height);
+uint32_t requested_height = le32_to_cpu(sc->height);
 int requested_stride = le32_to_cpu(sc->stride);
 
-size = abs(requested_stride) * requested_height;
-if (size > qxl->vgamem_size) {
-qxl_set_guest_bug(qxl, "%s: requested primary larger then framebuffer"
-   " size", __func__);
+if (requested_stride == INT32_MIN ||
+abs(requested_stride) * (uint64_t)requested_height
+> qxl->vgamem_size) {
+qxl_set_guest_bug(qxl, "%s: requested primary larger than framebuffer"
+   " stride %d x height %" PRIu32 " > %" PRIu32,
+   __func__, requested_stride, requested_height,
+   qxl->vgamem_size);
 return;
 }
 
-- 
1.8.4.2

[Qemu-devel] [PATCH 0/3] S390 SCLP improvements for CPU Hotplug

[Jason J. Herne]

From: "Jason J. Herne" 

Improvements to SCLP, mainly the Read SCP/CPU Info subcommands, to support
future cpu hotplug operations on the s390 target.

Jason J. Herne (3):
  s390-sclp: Define New SCLP Codes
  s390-sclp: SCLP CPU Info
  s390-sclp: SCLP Event integration

 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c |   6 ++
 hw/s390x/sclp.c   |  53 +-
 hw/s390x/sclpcpu.c| 113 ++
 include/hw/s390x/event-facility.h |   3 +
 include/hw/s390x/sclp.h   |  41 ++
 6 files changed, 216 insertions(+), 1 deletion(-)
 create mode 100644 hw/s390x/sclpcpu.c

-- 
1.8.3.2

[Qemu-devel] [PATCH 1/3] s390-sclp: Define New SCLP Codes

[Jason J. Herne]

From: "Jason J. Herne" 

Define new SCLP codes to improve code readability.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/sclp.c | 2 +-
 include/hw/s390x/sclp.h | 8 
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 86d6ae0..cb035e9 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -45,7 +45,7 @@ static void sclp_execute(SCCB *sccb, uint64_t code)
 {
 S390SCLPDevice *sdev = get_event_facility();
 
-switch (code) {
+switch (code & SCLP_CMD_CODE_MASK) {
 case SCLP_CMDW_READ_SCP_INFO:
 case SCLP_CMDW_READ_SCP_INFO_FORCED:
 read_SCP_info(sccb);
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index 231a38a..74e8d94 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -17,6 +17,8 @@
 #include 
 #include 
 
+#define SCLP_CMD_CODE_MASK  0x00ff
+
 /* SCLP command codes */
 #define SCLP_CMDW_READ_SCP_INFO 0x00020001
 #define SCLP_CMDW_READ_SCP_INFO_FORCED  0x00120001
@@ -26,6 +28,12 @@
 #define SCLP_CMD_WRITE_EVENT_DATA   0x00760005
 #define SCLP_CMD_WRITE_EVENT_MASK   0x00780005
 
+/* CPU hotplug SCLP codes */
+#define SCLP_HAS_CPU_INFO   0x0C00ULL
+#define SCLP_CMDW_READ_CPU_INFO 0x00010001
+#define SCLP_CMDW_CONFIGURE_CPU 0x00110001
+#define SCLP_CMDW_DECONFIGURE_CPU   0x0011
+
 /* SCLP response codes */
 #define SCLP_RC_NORMAL_READ_COMPLETION  0x0010
 #define SCLP_RC_NORMAL_COMPLETION   0x0020
-- 
1.8.3.2

[Qemu-devel] [PATCH 3/3] s390-sclp: SCLP Event integration

[Jason J. Herne]

From: "Jason J. Herne" 

Add an sclp event for "cpu was hot plugged".  This allows Qemu to deliver an
SCLP interrupt to the guest stating that the requested cpu hotplug was
completed.

Signed-off-by: Jason J. Herne 
---
 hw/s390x/Makefile.objs|   1 +
 hw/s390x/event-facility.c |   6 ++
 hw/s390x/sclpcpu.c| 113 ++
 include/hw/s390x/event-facility.h |   3 +
 include/hw/s390x/sclp.h   |   1 +
 5 files changed, 124 insertions(+)
 create mode 100644 hw/s390x/sclpcpu.c

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index 77e1218..1ba6c3a 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -3,6 +3,7 @@ obj-y += s390-virtio-hcall.o
 obj-y += sclp.o
 obj-y += event-facility.o
 obj-y += sclpquiesce.o
+obj-y += sclpcpu.o
 obj-y += ipl.o
 obj-y += css.o
 obj-y += s390-virtio-ccw.o
diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 25951a0..575d407 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -32,6 +32,8 @@ struct SCLPEventFacility {
 unsigned int receive_mask;
 };
 
+SCLPEvent cpu_hotplug;
+
 /* return true if any child has event pending set */
 static bool event_pending(SCLPEventFacility *ef)
 {
@@ -335,6 +337,10 @@ static int init_event_facility(S390SCLPDevice *sdev)
 }
 qdev_init_nofail(quiesce);
 
+object_initialize(&cpu_hotplug, sizeof(cpu_hotplug), "sclp-cpu-hotplug");
+qdev_set_parent_bus(DEVICE(&cpu_hotplug), BUS(&event_facility->sbus));
+object_property_set_bool(OBJECT(&cpu_hotplug), true, "realized", NULL);
+
 return 0;
 }
 
diff --git a/hw/s390x/sclpcpu.c b/hw/s390x/sclpcpu.c
new file mode 100644
index 000..7fd1f9e
--- /dev/null
+++ b/hw/s390x/sclpcpu.c
@@ -0,0 +1,113 @@
+/*
+ * SCLP event type
+ *Signal CPU - Trigger SCLP interrupt for system CPU configure or
+ *de-configure
+ *
+ * Copyright IBM, Corp. 2013
+ *
+ * Authors:
+ *  Thang Pham 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at your
+ * option) any later version.  See the COPYING file in the top-level directory.
+ *
+ */
+#include "sysemu/sysemu.h"
+#include "hw/s390x/sclp.h"
+#include "hw/s390x/event-facility.h"
+#include "cpu.h"
+#include "sysemu/cpus.h"
+#include "sysemu/kvm.h"
+
+typedef struct ConfigMgtData {
+EventBufferHeader ebh;
+uint8_t reserved;
+uint8_t event_qualifier;
+} QEMU_PACKED ConfigMgtData;
+
+static qemu_irq irq_cpu_hotplug; /* Only used in this file */
+
+#define EVENT_QUAL_CPU_CHANGE  1
+
+void raise_irq_cpu_hotplug(void)
+{
+qemu_irq_raise(irq_cpu_hotplug);
+}
+
+static unsigned int send_mask(void)
+{
+return SCLP_EVENT_MASK_CONFIG_MGT_DATA;
+}
+
+static unsigned int receive_mask(void)
+{
+return 0;
+}
+
+static int read_event_data(SCLPEvent *event, EventBufferHeader *evt_buf_hdr,
+   int *slen)
+{
+ConfigMgtData *cdata = (ConfigMgtData *) evt_buf_hdr;
+if (*slen < sizeof(ConfigMgtData)) {
+return 0;
+}
+
+/* Event is no longer pending */
+if (!event->event_pending) {
+return 0;
+}
+event->event_pending = false;
+
+/* Event header data */
+cdata->ebh.length = cpu_to_be16(sizeof(ConfigMgtData));
+cdata->ebh.type = SCLP_EVENT_CONFIG_MGT_DATA;
+cdata->ebh.flags |= SCLP_EVENT_BUFFER_ACCEPTED;
+
+/* Trigger a rescan of CPUs by setting event qualifier */
+cdata->event_qualifier = EVENT_QUAL_CPU_CHANGE;
+*slen -= sizeof(ConfigMgtData);
+
+return 1;
+}
+
+static void trigger_signal(void *opaque, int n, int level)
+{
+SCLPEvent *event = opaque;
+event->event_pending = true;
+
+/* Trigger SCLP read operation */
+sclp_service_interrupt(0);
+}
+
+static int irq_cpu_hotplug_init(SCLPEvent *event)
+{
+irq_cpu_hotplug = *qemu_allocate_irqs(trigger_signal, event, 1);
+return 0;
+}
+
+static void cpu_class_init(ObjectClass *klass, void *data)
+{
+SCLPEventClass *k = SCLP_EVENT_CLASS(klass);
+
+k->init = irq_cpu_hotplug_init;
+k->get_send_mask = send_mask;
+k->get_receive_mask = receive_mask;
+k->read_event_data = read_event_data;
+k->write_event_data = NULL;
+}
+
+static const TypeInfo sclp_cpu_info = {
+.name  = "sclp-cpu-hotplug",
+.parent= TYPE_SCLP_EVENT,
+.instance_size = sizeof(SCLPEvent),
+.class_init= cpu_class_init,
+.class_size= sizeof(SCLPEventClass),
+};
+
+static void register_types(void)
+{
+type_register_static(&sclp_cpu_info);
+}
+
+type_init(register_types)
+
diff --git a/include/hw/s390x/event-facility.h 
b/include/hw/s390x/event-facility.h
index 7ce7079..4347f06 100644
--- a/include/hw/s390x/event-facility.h
+++ b/include/hw/s390x/event-facility.h
@@ -17,10 +17,12 @@
 
 #include 
 #include "qemu/thread.h"
+#include "hw/s390x/sclp.h"
 
 /* SCLP event types */
 #define SCLP_EVENT_OPRTNS_COMMAND   0x01
 #define SCLP_EVENT_MESSAGE  0x02
+#define S

Re: [Qemu-devel] [PATCH] piix4: disable bridge acpi hotplug for 1.7 and older

[Igor Mammedov]

On Mon, 20 Jan 2014 18:35:17 +0200
"Michael S. Tsirkin"  wrote:

> Patch was written before 1.7 was out, forgot to update.
> 
> Signed-off-by: Michael S. Tsirkin 
> ---
> 
> I moved for_anthony tag to include this patch
> as well, no reason to make people suffer until
> next pull request.
Reviewed-By: Igor Mammedov 

> 
>  hw/i386/pc_piix.c|  4 
>  include/hw/i386/pc.h | 13 -
>  2 files changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 2766414..a327d71 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -393,6 +393,10 @@ static QEMUMachine pc_i440fx_machine_v1_7 = {
>  PC_I440FX_1_7_MACHINE_OPTIONS,
>  .name = "pc-i440fx-1.7",
>  .init = pc_init_pci_1_7,
> +.compat_props = (GlobalProperty[]) {
> +PC_COMPAT_1_7,
> +{ /* end of list */ }
> +},
>  };
>  
>  #define PC_I440FX_1_6_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 71653e8..fd9f369 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -240,7 +240,15 @@ uint16_t pvpanic_port(void);
>  
>  int e820_add_entry(uint64_t, uint64_t, uint32_t);
>  
> +#define PC_COMPAT_1_7 \
> +{\
> +.driver   = "PIIX4_PM",\
> +.property = "acpi-pci-hotplug-with-bridge-support",\
> +.value= "off",\
> +}
> +
>  #define PC_Q35_COMPAT_1_7 \
> +PC_COMPAT_1_7, \
>  {\
>  .driver   = "hpet",\
>  .property = HPET_INTCAP,\
> @@ -261,11 +269,6 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
>  
>  #define PC_COMPAT_1_6 \
>  {\
> -.driver   = "PIIX4_PM",\
> -.property = "acpi-pci-hotplug-with-bridge-support",\
> -.value= "off",\
> -}, \
> -{\
>  .driver   = "e1000",\
>  .property = "mitigation",\
>  .value= "off",\

Re: [Qemu-devel] [PULL 14/28] exec: make address spaces 64-bit wide

[Alex Williamson]

On Mon, 2014-01-20 at 11:20 -0500, Mike Day wrote:
> Do you know which device is writing to the BAR below? From the trace
> it appears it should be restoring the memory address to the BAR after
> writing all 1s to the BAR and reading back the contents. (the protocol
> for finding the length of the bar memory.)

The guest itself is writing the the BARs.  This is a standard sizing
operation by the guest.

> On Thu, Jan 9, 2014 at 12:24 PM, Alex Williamson
>  wrote:
> > On Wed, 2013-12-11 at 20:30 +0200, Michael S. Tsirkin wrote:
> >> From: Paolo Bonzini 
> > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) febe0004
> > (save lower 32bits of BAR)
> > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0x, len=0x4)
> > (write mask to BAR)
> 
> Here the device should restore the memory address (original contents)
> to the BAR.

Sorry if it's not clear, the trace here is what the vfio-pci driver
sees.  We're just observing the sizing operation of the guest, therefore
we see:

1) orig = read()
2) write(0x)
3) size_mask = read()
4) write(orig)

We're only at step 2)

> > vfio: region_del febe - febe3fff
> > (memory region gets unmapped)
> > vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) c004
> > (read size mask)

step 3)

> > vfio: vfio_pci_write_config(:01:10.0, @0x10, 0xfebe0004, len=0x4)
> > (restore BAR)

step 4)

> > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > (memory region re-mapped)
> > vfio: vfio_pci_read_config(:01:10.0, @0x14, len=0x4) 0
> > (save upper 32bits of BAR)
> > vfio: vfio_pci_write_config(:01:10.0, @0x14, 0x, len=0x4)
> > (write mask to BAR)
> 
> and here ...

This is the same as above to the next BAR, which is the upper 32bits of
the 64bit BAR.

> > vfio: region_del febe - febe3fff
> > (memory region gets unmapped)
> > vfio: region_add febe - febe3fff [0x7fcf3654d000]
> > (memory region gets re-mapped with new address)
> > qemu-system-x86_64: vfio_dma_map(0x7fcf38861710, 0xfebe, 
> > 0x4000, 0x7fcf3654d000) = -14 (Bad address)
> > (iommu barfs because it can only handle 48bit physical addresses)
> 
> I looked around some but I couldn't find an obvious culprit. Could it
> be that the BAR is getting unmapped automatically due to
> x-intx-mmap-timeout-ms before the device has a chance to finish
> restoring the correct value to the BAR?

No, this is simply the guest sizing the BAR, this is not an internally
generated operation.  The INTx emulation isn't used here as KVM
acceleration is enabled.  That also only toggles the enable setting on
the mmap'd MemoryRegion, it doesn't change the address it's mapped to.
Thanks,

Alex

[Qemu-devel] [PATCH 6/7] target-i386: kvm_cpu_fill_host(): Fill feature words in a loop

[Eduardo Habkost]

Now that the kvm_cpu_fill_host() code is simplified, we can simply set
the feature word array using a simple loop.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 23 +++
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8183be0..e76ed1e 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1162,22 +1162,13 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 
 cpu_x86_fill_model_id(x86_cpu_def->model_id);
 
-x86_cpu_def->features[FEAT_1_EDX] =
-kvm_arch_get_supported_cpuid(s, 0x1, 0, R_EDX);
-x86_cpu_def->features[FEAT_1_ECX] =
-kvm_arch_get_supported_cpuid(s, 0x1, 0, R_ECX);
-x86_cpu_def->features[FEAT_7_0_EBX] =
-kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX);
-x86_cpu_def->features[FEAT_8000_0001_EDX] =
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_EDX);
-x86_cpu_def->features[FEAT_8000_0001_ECX] =
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_ECX);
-x86_cpu_def->features[FEAT_C000_0001_EDX] =
-kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
-x86_cpu_def->features[FEAT_SVM] =
-kvm_arch_get_supported_cpuid(s, 0x800A, 0, R_EDX);
-x86_cpu_def->features[FEAT_KVM] =
-kvm_arch_get_supported_cpuid(s, KVM_CPUID_FEATURES, 0, R_EAX);
+FeatureWord w;
+for (w = 0; w < FEATURE_WORDS; w++) {
+FeatureWordInfo *wi = &feature_word_info[w];
+x86_cpu_def->features[w] =
+kvm_arch_get_supported_cpuid(s, wi->cpuid_eax, wi->cpuid_ecx,
+ wi->cpuid_reg);
+}
 
 #endif /* CONFIG_KVM */
 }
-- 
1.8.4.2

[Qemu-devel] [PATCH 7/7 v2] target-i386: kvm_check_features_against_host(): Kill feature word array

[Eduardo Habkost]

We don't need the ft[] array on kvm_check_features_against_host()
anymore, as we can simply use the feature_word_info[] array, that has
everything we need.

Signed-off-by: Eduardo Habkost 
---
Change v2:
 * Rebase and solve simple conflict with recent changes in the check/enforce 
code
---
 target-i386/cpu.c | 48 
 1 file changed, 12 insertions(+), 36 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e76ed1e..583adfe 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1197,48 +1197,23 @@ static int unavailable_host_feature(FeatureWordInfo *f, 
uint32_t mask)
  *
  * This function may be called only if KVM is enabled.
  */
-static int kvm_check_features_against_host(X86CPU *cpu)
+static int kvm_check_features_against_host(KVMState *s, X86CPU *cpu)
 {
 CPUX86State *env = &cpu->env;
-x86_def_t host_def;
-uint32_t mask;
-int rv, i;
-struct model_features_t ft[] = {
-{&env->features[FEAT_1_EDX],
-&host_def.features[FEAT_1_EDX],
-FEAT_1_EDX },
-{&env->features[FEAT_1_ECX],
-&host_def.features[FEAT_1_ECX],
-FEAT_1_ECX },
-{&env->features[FEAT_8000_0001_EDX],
-&host_def.features[FEAT_8000_0001_EDX],
-FEAT_8000_0001_EDX },
-{&env->features[FEAT_8000_0001_ECX],
-&host_def.features[FEAT_8000_0001_ECX],
-FEAT_8000_0001_ECX },
-{&env->features[FEAT_C000_0001_EDX],
-&host_def.features[FEAT_C000_0001_EDX],
-FEAT_C000_0001_EDX },
-{&env->features[FEAT_7_0_EBX],
-&host_def.features[FEAT_7_0_EBX],
-FEAT_7_0_EBX },
-{&env->features[FEAT_SVM],
-&host_def.features[FEAT_SVM],
-FEAT_SVM },
-{&env->features[FEAT_KVM],
-&host_def.features[FEAT_KVM],
-FEAT_KVM },
-};
+int rv = 0;
+FeatureWord w;
 
 assert(kvm_enabled());
 
-kvm_cpu_fill_host(&host_def);
-for (rv = 0, i = 0; i < ARRAY_SIZE(ft); ++i) {
-FeatureWord w = ft[i].feat_word;
+for (w = 0; w < FEATURE_WORDS; w++) {
 FeatureWordInfo *wi = &feature_word_info[w];
+uint32_t guest_feat = env->features[w];
+uint32_t host_feat = kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
+ wi->cpuid_ecx,
+ wi->cpuid_reg);
+uint32_t mask;
 for (mask = 1; mask; mask <<= 1) {
-if (*ft[i].guest_feat & mask &&
-!(*ft[i].host_feat & mask)) {
+if (guest_feat & mask && !(host_feat & mask)) {
 unavailable_host_feature(wi, mask);
 rv = 1;
 }
@@ -2556,8 +2531,9 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 env->features[FEAT_8000_0001_ECX] &= TCG_EXT3_FEATURES;
 env->features[FEAT_SVM] &= TCG_SVM_FEATURES;
 } else {
+KVMState *s = kvm_state;
 if ((cpu->check_cpuid || cpu->enforce_cpuid)
-&& kvm_check_features_against_host(cpu) && cpu->enforce_cpuid) {
+&& kvm_check_features_against_host(s, cpu) && cpu->enforce_cpuid) {
 error_setg(&local_err,
"Host's CPU doesn't support requested features");
 goto out;
-- 
1.8.4.2

[Qemu-devel] [PATCH 3/7] target-i386: kvm_cpu_fill_host(): No need to check CPU vendor

[Eduardo Habkost]

There's no need to check CPU vendor before calling
kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX), because:

 * The kernel won't return any entry for 0xC000 if host CPU vendor
   is not Centaur (See kvm_dev_ioctl_get_supported_cpuid() on the kernel
   code);
 * kvm_arch_get_supported_cpuid() will return 0 if no entry is returned
   by the kernel for the requested leaf.

This will simplify the kvm_cpu_fill_host() code a little.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index aec0107..1a86bcf 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1173,14 +1173,12 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 cpu_x86_fill_model_id(x86_cpu_def->model_id);
 
 /* Call Centaur's CPUID instruction. */
-if (!strcmp(x86_cpu_def->vendor, CPUID_VENDOR_VIA)) {
-eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
-if (eax >= 0xC001) {
-/* Support VIA max extended level */
-x86_cpu_def->xlevel2 = eax;
-x86_cpu_def->features[FEAT_C000_0001_EDX] =
-kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
-}
+eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
+if (eax >= 0xC001) {
+/* Support VIA max extended level */
+x86_cpu_def->xlevel2 = eax;
+x86_cpu_def->features[FEAT_C000_0001_EDX] =
+kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
 }
 
 /* Other KVM-specific feature fields: */
-- 
1.8.4.2

[Qemu-devel] [PATCH 4/7] target-i386: kvm_cpu_fill_host(): No need to check xlevel2

[Eduardo Habkost]

There's no need to check CPU xlevel2 before calling
kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX), because:

 * The kernel won't return any entry for 0xC000 if host CPU vendor
   is not Centaur (See kvm_dev_ioctl_get_supported_cpuid() on the kernel
   code)
 * Similarly, the kernel won't return any entry for 0xC001 if
   CPUID[0xC000].EAX is < 0xC001
 * kvm_arch_get_supported_cpuid() will return 0 if no entry is returned
   by the kernel for the requested leaf

For similar reasons, we can simply set x86_cpu_def->xlevel2 directly
instead of making it conditional, because it will be set to 0 CPU vendor
is not Centaur.

This will simplify the kvm_cpu_fill_host() code a little.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 1a86bcf..8bc72c2 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1173,13 +1173,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 cpu_x86_fill_model_id(x86_cpu_def->model_id);
 
 /* Call Centaur's CPUID instruction. */
-eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
-if (eax >= 0xC001) {
-/* Support VIA max extended level */
-x86_cpu_def->xlevel2 = eax;
-x86_cpu_def->features[FEAT_C000_0001_EDX] =
-kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
-}
+x86_cpu_def->xlevel2 =
+kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
+/* Support VIA max extended level */
+x86_cpu_def->features[FEAT_C000_0001_EDX] =
+kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
 
 /* Other KVM-specific feature fields: */
 x86_cpu_def->features[FEAT_SVM] =
-- 
1.8.4.2

[Qemu-devel] [PATCH 5/7] target-i386: kvm_cpu_fill_host(): Set all feature words at end of function

[Eduardo Habkost]

Reorder the code so all the code that sets x86_cpu_def->features is at
the end of the function.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 24 +---
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8bc72c2..8183be0 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1156,30 +1156,24 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 x86_cpu_def->stepping = eax & 0x0F;
 
 x86_cpu_def->level = kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX);
+x86_cpu_def->xlevel = kvm_arch_get_supported_cpuid(s, 0x8000, 0, 
R_EAX);
+x86_cpu_def->xlevel2 =
+kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
+
+cpu_x86_fill_model_id(x86_cpu_def->model_id);
+
 x86_cpu_def->features[FEAT_1_EDX] =
 kvm_arch_get_supported_cpuid(s, 0x1, 0, R_EDX);
 x86_cpu_def->features[FEAT_1_ECX] =
 kvm_arch_get_supported_cpuid(s, 0x1, 0, R_ECX);
-
 x86_cpu_def->features[FEAT_7_0_EBX] =
-kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX);
-
-x86_cpu_def->xlevel = kvm_arch_get_supported_cpuid(s, 0x8000, 0, 
R_EAX);
+kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX);
 x86_cpu_def->features[FEAT_8000_0001_EDX] =
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_EDX);
+kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_EDX);
 x86_cpu_def->features[FEAT_8000_0001_ECX] =
-kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_ECX);
-
-cpu_x86_fill_model_id(x86_cpu_def->model_id);
-
-/* Call Centaur's CPUID instruction. */
-x86_cpu_def->xlevel2 =
-kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
-/* Support VIA max extended level */
+kvm_arch_get_supported_cpuid(s, 0x8001, 0, R_ECX);
 x86_cpu_def->features[FEAT_C000_0001_EDX] =
 kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
-
-/* Other KVM-specific feature fields: */
 x86_cpu_def->features[FEAT_SVM] =
 kvm_arch_get_supported_cpuid(s, 0x800A, 0, R_EDX);
 x86_cpu_def->features[FEAT_KVM] =
-- 
1.8.4.2

[Qemu-devel] [PATCH 1/7] target-i386: kvm_cpu_fill_host(): Kill unused code

[Eduardo Habkost]

Those host_cpuid() calls are useless. They are leftovers from when the
old code using host_cpuid() was removed.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 0eea8c7..6f27273 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1178,12 +1178,10 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 
 /* Call Centaur's CPUID instruction. */
 if (!strcmp(x86_cpu_def->vendor, CPUID_VENDOR_VIA)) {
-host_cpuid(0xC000, 0, &eax, &ebx, &ecx, &edx);
 eax = kvm_arch_get_supported_cpuid(s, 0xC000, 0, R_EAX);
 if (eax >= 0xC001) {
 /* Support VIA max extended level */
 x86_cpu_def->xlevel2 = eax;
-host_cpuid(0xC001, 0, &eax, &ebx, &ecx, &edx);
 x86_cpu_def->features[FEAT_C000_0001_EDX] =
 kvm_arch_get_supported_cpuid(s, 0xC001, 0, R_EDX);
 }
-- 
1.8.4.2

[Qemu-devel] [PATCH 0/7 RESEND] target-i386: Simplify kvm_cpu_fill_host() and kvm_check_features_against_host()

[Eduardo Habkost]

Resend of series submitted on 24 November 2013, that didn't get any reply. Only
change is a trivial conflict on patch 7/7.

This series simplifies kvm_cpu_fill_host() and
kvm_check_features_against_host() to simply use FeatureWord & feature_word_info
loops to fill/check feature words.

The initial motivation for this was to avoid hacks involving the "host" CPU
class on the forthcoming conversion of CPU models to be X86CPU subclasses.
Instead of requiring the kvm_arch_get_supported_cpuid() results to be stored in
the class struct for "host" (thus requiring KVM initialization hacks).

Eduardo Habkost (7):
  target-i386: kvm_cpu_fill_host(): Kill unused code
  target-i386: kvm_cpu_fill_host(): No need to check level
  target-i386: kvm_cpu_fill_host(): No need to check CPU vendor
  target-i386: kvm_cpu_fill_host(): No need to check xlevel2
  target-i386: kvm_cpu_fill_host(): Set all feature words at end of
function
  target-i386: kvm_cpu_fill_host(): Fill feature words in a loop
  target-i386: kvm_check_features_against_host(): Kill feature word
array

 target-i386/cpu.c | 89 +--
 1 file changed, 20 insertions(+), 69 deletions(-)

-- 
1.8.4.2

[Qemu-devel] [PATCH 2/7] target-i386: kvm_cpu_fill_host(): No need to check level

[Eduardo Habkost]

There's no need to check level (CPUID[0].EAX) before calling
kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX), because:

 * The kernel won't return any entry for CPUID 7 if CPUID[0].EAX is < 7
   (See kvm_dev_ioctl_get_supported_cpuid() on the kernel code);
 * kvm_arch_get_supported_cpuid() will return 0 if no entry is returned
   by the kernel for the requested leaf.

This will simplify the kvm_cpu_fill_host() code a little.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 6f27273..aec0107 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1161,12 +1161,8 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
 x86_cpu_def->features[FEAT_1_ECX] =
 kvm_arch_get_supported_cpuid(s, 0x1, 0, R_ECX);
 
-if (x86_cpu_def->level >= 7) {
-x86_cpu_def->features[FEAT_7_0_EBX] =
-kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX);
-} else {
-x86_cpu_def->features[FEAT_7_0_EBX] = 0;
-}
+x86_cpu_def->features[FEAT_7_0_EBX] =
+kvm_arch_get_supported_cpuid(s, 0x7, 0, R_EBX);
 
 x86_cpu_def->xlevel = kvm_arch_get_supported_cpuid(s, 0x8000, 0, 
R_EAX);
 x86_cpu_def->features[FEAT_8000_0001_EDX] =
-- 
1.8.4.2

[Qemu-devel] [PATCH] piix4: disable bridge acpi hotplug for 1.7 and older

[Michael S. Tsirkin]

Patch was written before 1.7 was out, forgot to update.

Signed-off-by: Michael S. Tsirkin 
---

I moved for_anthony tag to include this patch
as well, no reason to make people suffer until
next pull request.

 hw/i386/pc_piix.c|  4 
 include/hw/i386/pc.h | 13 -
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 2766414..a327d71 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -393,6 +393,10 @@ static QEMUMachine pc_i440fx_machine_v1_7 = {
 PC_I440FX_1_7_MACHINE_OPTIONS,
 .name = "pc-i440fx-1.7",
 .init = pc_init_pci_1_7,
+.compat_props = (GlobalProperty[]) {
+PC_COMPAT_1_7,
+{ /* end of list */ }
+},
 };
 
 #define PC_I440FX_1_6_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 71653e8..fd9f369 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -240,7 +240,15 @@ uint16_t pvpanic_port(void);
 
 int e820_add_entry(uint64_t, uint64_t, uint32_t);
 
+#define PC_COMPAT_1_7 \
+{\
+.driver   = "PIIX4_PM",\
+.property = "acpi-pci-hotplug-with-bridge-support",\
+.value= "off",\
+}
+
 #define PC_Q35_COMPAT_1_7 \
+PC_COMPAT_1_7, \
 {\
 .driver   = "hpet",\
 .property = HPET_INTCAP,\
@@ -261,11 +269,6 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
 
 #define PC_COMPAT_1_6 \
 {\
-.driver   = "PIIX4_PM",\
-.property = "acpi-pci-hotplug-with-bridge-support",\
-.value= "off",\
-}, \
-{\
 .driver   = "e1000",\
 .property = "mitigation",\
 .value= "off",\
-- 
MST

Re: [Qemu-devel] [PATCH] target-i386: enable x2apic by default on more recent CPU models

[Andreas Färber]

Am 20.01.2014 15:36, schrieb Eduardo Habkost:
> This enables x2apic on the following CPU models: Conroe, Penryn,
> Nehalem, Westmere, Opteron_G[12345].
> 
> Normally we try to keep the CPU model definitions as close as the real
> CPUs as possible, but x2apic can be emulated by KVM without host CPU
> support for x2apic, and it improves performance by reducing APIC access
> overhead. x2apic emulation is available on KVM since 2009 (Linux
> 2.6.32-rc1), there's no reason for not enabling x2apic by default when
> running KVM.
> 
> About testing: Conroe, Penryn, Nehalem, Westemere and Opteron_G[123]
> have x2apic enabled on RHEL-6 since RHEL-6.0, so the presence of x2apic
> on those CPU models got lots of testing in the last few years. I want to
> eventually enable x2apic on all other CPU models as well, but it will
> require some testing to ensure it won't confuse guests.
> 
> This shouldn't affect TCG at all because features not supported by TCG
> are automatically and silently disabled by QEMU when initializing the
> CPU.
> 
> Signed-off-by: Eduardo Habkost 
> ---
> v1 was sent in September 2013:
>   Message-Id: <1379704517-19177-1-git-send-email-ehabk...@redhat.com>
>   http://article.gmane.org/gmane.comp.emulators.qemu/234541
> 
> It got an Acked-by from Gleb but it was ignored by all maintainers.

Sorry, was still unread in my inbox. What changed between this version
and said v1? Just moving to _1_7? I.e. should I add back Gleb's Acked-by
before your Sob when applying?

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PULL 19/29] piix4: add acpi pci hotplug support

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 06:16:59PM +0200, Michael S. Tsirkin wrote:
> On Mon, Jan 20, 2014 at 04:10:25PM +0200, Michael S. Tsirkin wrote:
> > Add support for acpi pci hotplug using the
> > new infrastructure.
> > PIIX4 legacy interface is maintained as is for
> > machine types 1.6 and older.
> 
> Actually that's wrong of course, should be off for 1.7
> and older.
> I'll send v2.

Actually seems like it's too painful to do now that
everything has been pushed to a public branch.
:(
I'll just apply a fix on top.

> > 
> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >  include/hw/i386/pc.h |  5 
> >  hw/acpi/piix4.c  | 75 
> > +---
> >  2 files changed, 70 insertions(+), 10 deletions(-)
> > 
> > diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> > index eb3da96..71653e8 100644
> > --- a/include/hw/i386/pc.h
> > +++ b/include/hw/i386/pc.h
> > @@ -261,6 +261,11 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
> >  
> >  #define PC_COMPAT_1_6 \
> >  {\
> > +.driver   = "PIIX4_PM",\
> > +.property = "acpi-pci-hotplug-with-bridge-support",\
> > +.value= "off",\
> > +}, \
> > +{\
> >  .driver   = "e1000",\
> >  .property = "mitigation",\
> >  .value= "off",\
> > diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> > index 20353b9..1aa35bc 100644
> > --- a/hw/acpi/piix4.c
> > +++ b/hw/acpi/piix4.c
> > @@ -30,6 +30,7 @@
> >  #include "hw/nvram/fw_cfg.h"
> >  #include "exec/address-spaces.h"
> >  #include "hw/acpi/piix4.h"
> > +#include "hw/acpi/pcihp.h"
> >  
> >  //#define DEBUG
> >  
> > @@ -73,7 +74,6 @@ typedef struct PIIX4PMState {
> >  uint32_t io_base;
> >  
> >  MemoryRegion io_gpe;
> > -MemoryRegion io_pci;
> >  MemoryRegion io_cpu;
> >  ACPIREGS ar;
> >  
> > @@ -88,11 +88,16 @@ typedef struct PIIX4PMState {
> >  Notifier machine_ready;
> >  Notifier powerdown_notifier;
> >  
> > -/* for pci hotplug */
> > +/* for legacy pci hotplug (compatible with qemu 1.6 and older) */
> > +MemoryRegion io_pci;
> >  struct pci_status pci0_status;
> >  uint32_t pci0_hotplug_enable;
> >  uint32_t pci0_slot_device_present;
> >  
> > +/* for new pci hotplug (with PCI2PCI bridge support) */
> > +AcpiPciHpState acpi_pci_hotplug;
> > +bool use_acpi_pci_hotplug;
> > +
> >  uint8_t disable_s3;
> >  uint8_t disable_s4;
> >  uint8_t s4_val;
> > @@ -263,6 +268,18 @@ static int acpi_load_old(QEMUFile *f, void *opaque, 
> > int version_id)
> >  return ret;
> >  }
> >  
> > +static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int version_id)
> > +{
> > +PIIX4PMState *s = opaque;
> > +return s->use_acpi_pci_hotplug;
> > +}
> > +
> > +static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int 
> > version_id)
> > +{
> > +PIIX4PMState *s = opaque;
> > +return !s->use_acpi_pci_hotplug;
> > +}
> > +
> >  /* qemu-kvm 1.2 uses version 3 but advertised as 2
> >   * To support incoming qemu-kvm 1.2 migration, change version_id
> >   * and minimum_version_id to 2 below (which breaks migration from
> > @@ -285,8 +302,12 @@ static const VMStateDescription vmstate_acpi = {
> >  VMSTATE_TIMER(ar.tmr.timer, PIIX4PMState),
> >  VMSTATE_INT64(ar.tmr.overflow_time, PIIX4PMState),
> >  VMSTATE_STRUCT(ar.gpe, PIIX4PMState, 2, vmstate_gpe, ACPIGPE),
> > -VMSTATE_STRUCT(pci0_status, PIIX4PMState, 2, vmstate_pci_status,
> > -   struct pci_status),
> > +VMSTATE_STRUCT_TEST(pci0_status, PIIX4PMState,
> > +vmstate_test_no_use_acpi_pci_hotplug,
> > +2, vmstate_pci_status,
> > +struct pci_status),
> > +VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> > +vmstate_test_use_acpi_pci_hotplug),
> >  VMSTATE_END_OF_LIST()
> >  }
> >  };
> > @@ -364,7 +385,11 @@ static void piix4_reset(void *opaque)
> >  pci_conf[0x5B] = 0x02;
> >  }
> >  pm_io_space_update(s);
> > -piix4_update_hotplug(s);
> > +if (s->use_acpi_pci_hotplug) {
> > +acpi_pcihp_reset(&s->acpi_pci_hotplug);
> > +} else {
> > +piix4_update_hotplug(s);
> > +}
> >  }
> >  
> >  static void piix4_pm_powerdown_req(Notifier *n, void *opaque)
> > @@ -375,6 +400,26 @@ static void piix4_pm_powerdown_req(Notifier *n, void 
> > *opaque)
> >  acpi_pm1_evt_power_down(&s->ar);
> >  }
> >  
> > +static int piix4_acpi_pci_hotplug(DeviceState *qdev, PCIDevice *dev,
> > +  PCIHotplugState state)
> > +{
> > +PIIX4PMState *s = PIIX4_PM(qdev);
> > +int ret = acpi_pcihp_device_hotplug(&s->acpi_pci_hotplug, dev, state);
> > +if (ret < 0) {
> > +return ret;
> > +}
> > +s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
> > +
> > +acpi_update_sci(&s->ar, s

Re: [Qemu-devel] [PATCH] spapr: reset @kvm_vcpu_dirty before starting CPU

[Andreas Färber]

Am 15.01.2014 05:57, schrieb Alexey Kardashevskiy:
> Normally QEMU kvm_arch_get_registers() reads registers and sets a dirty
> flag which prevents further registers reading from KVM till
> kvm_arch_put_registers() executes and resets the flag.
> 
> However if we run QEMU with "-S" ("suspended"), then execute "info cpus"
> from the QEMU monitor, we end up with not reading registers in
> rtas_start_cpu() as qmp_query_cpus() calls kvm_cpu_synchronize_state()
> which leaves @kvm_vcpu_dirty=true what prevents kvm_cpu_synchronize_state()
> from synchronizing registers and we loose the values.
> 
> This resets @kvm_vcpu_dirty flag as we do not have content which we really 
> want to
> keep at this point as the CPU is halted.
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
> 
> We could also reset @kvm_vcpu_dirty in qmp_query_cpus() but that would be
> racy.
> ---
>  hw/ppc/spapr_rtas.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 1cb276d..3dade5e 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -185,6 +185,8 @@ static void rtas_start_cpu(PowerPCCPU *cpu_, 
> sPAPREnvironment *spapr,
>  /* This will make sure qemu state is up to date with kvm, and
>   * mark it dirty so our changes get flushed back before the
>   * new cpu enters */
> +
> +cs->kvm_vcpu_dirty = false;
>  kvm_cpu_synchronize_state(cs);

While I am not familiar with whether or not the dirty flag should be
changed, I've noticed in the past that sPAPR is the only user of
kvm_cpu_synchronize_state() outside of KVM code IIUC. Would be nice if
you could replace that with cpu_synchronize_state() in its own patch
when you find some time.

Regards,
Andreas

>  
>  env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PULL 14/28] exec: make address spaces 64-bit wide

[Mike Day]

Do you know which device is writing to the BAR below? From the trace
it appears it should be restoring the memory address to the BAR after
writing all 1s to the BAR and reading back the contents. (the protocol
for finding the length of the bar memory.)

On Thu, Jan 9, 2014 at 12:24 PM, Alex Williamson
 wrote:
> On Wed, 2013-12-11 at 20:30 +0200, Michael S. Tsirkin wrote:
>> From: Paolo Bonzini 
> vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) febe0004
> (save lower 32bits of BAR)
> vfio: vfio_pci_write_config(:01:10.0, @0x10, 0x, len=0x4)
> (write mask to BAR)

Here the device should restore the memory address (original contents)
to the BAR.

> vfio: region_del febe - febe3fff
> (memory region gets unmapped)
> vfio: vfio_pci_read_config(:01:10.0, @0x10, len=0x4) c004
> (read size mask)
> vfio: vfio_pci_write_config(:01:10.0, @0x10, 0xfebe0004, len=0x4)
> (restore BAR)
> vfio: region_add febe - febe3fff [0x7fcf3654d000]
> (memory region re-mapped)
> vfio: vfio_pci_read_config(:01:10.0, @0x14, len=0x4) 0
> (save upper 32bits of BAR)
> vfio: vfio_pci_write_config(:01:10.0, @0x14, 0x, len=0x4)
> (write mask to BAR)

and here ...

> vfio: region_del febe - febe3fff
> (memory region gets unmapped)
> vfio: region_add febe - febe3fff [0x7fcf3654d000]
> (memory region gets re-mapped with new address)
> qemu-system-x86_64: vfio_dma_map(0x7fcf38861710, 0xfebe, 0x4000, 
> 0x7fcf3654d000) = -14 (Bad address)
> (iommu barfs because it can only handle 48bit physical addresses)

I looked around some but I couldn't find an obvious culprit. Could it
be that the BAR is getting unmapped automatically due to
x-intx-mmap-timeout-ms before the device has a chance to finish
restoring the correct value to the BAR?

Mike

Re: [Qemu-devel] [PULL 19/29] piix4: add acpi pci hotplug support

[Michael S. Tsirkin]

On Mon, Jan 20, 2014 at 04:10:25PM +0200, Michael S. Tsirkin wrote:
> Add support for acpi pci hotplug using the
> new infrastructure.
> PIIX4 legacy interface is maintained as is for
> machine types 1.6 and older.

Actually that's wrong of course, should be off for 1.7
and older.
I'll send v2.

> 
> Signed-off-by: Michael S. Tsirkin 
> ---
>  include/hw/i386/pc.h |  5 
>  hw/acpi/piix4.c  | 75 
> +---
>  2 files changed, 70 insertions(+), 10 deletions(-)
> 
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index eb3da96..71653e8 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -261,6 +261,11 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
>  
>  #define PC_COMPAT_1_6 \
>  {\
> +.driver   = "PIIX4_PM",\
> +.property = "acpi-pci-hotplug-with-bridge-support",\
> +.value= "off",\
> +}, \
> +{\
>  .driver   = "e1000",\
>  .property = "mitigation",\
>  .value= "off",\
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 20353b9..1aa35bc 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -30,6 +30,7 @@
>  #include "hw/nvram/fw_cfg.h"
>  #include "exec/address-spaces.h"
>  #include "hw/acpi/piix4.h"
> +#include "hw/acpi/pcihp.h"
>  
>  //#define DEBUG
>  
> @@ -73,7 +74,6 @@ typedef struct PIIX4PMState {
>  uint32_t io_base;
>  
>  MemoryRegion io_gpe;
> -MemoryRegion io_pci;
>  MemoryRegion io_cpu;
>  ACPIREGS ar;
>  
> @@ -88,11 +88,16 @@ typedef struct PIIX4PMState {
>  Notifier machine_ready;
>  Notifier powerdown_notifier;
>  
> -/* for pci hotplug */
> +/* for legacy pci hotplug (compatible with qemu 1.6 and older) */
> +MemoryRegion io_pci;
>  struct pci_status pci0_status;
>  uint32_t pci0_hotplug_enable;
>  uint32_t pci0_slot_device_present;
>  
> +/* for new pci hotplug (with PCI2PCI bridge support) */
> +AcpiPciHpState acpi_pci_hotplug;
> +bool use_acpi_pci_hotplug;
> +
>  uint8_t disable_s3;
>  uint8_t disable_s4;
>  uint8_t s4_val;
> @@ -263,6 +268,18 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int 
> version_id)
>  return ret;
>  }
>  
> +static bool vmstate_test_use_acpi_pci_hotplug(void *opaque, int version_id)
> +{
> +PIIX4PMState *s = opaque;
> +return s->use_acpi_pci_hotplug;
> +}
> +
> +static bool vmstate_test_no_use_acpi_pci_hotplug(void *opaque, int 
> version_id)
> +{
> +PIIX4PMState *s = opaque;
> +return !s->use_acpi_pci_hotplug;
> +}
> +
>  /* qemu-kvm 1.2 uses version 3 but advertised as 2
>   * To support incoming qemu-kvm 1.2 migration, change version_id
>   * and minimum_version_id to 2 below (which breaks migration from
> @@ -285,8 +302,12 @@ static const VMStateDescription vmstate_acpi = {
>  VMSTATE_TIMER(ar.tmr.timer, PIIX4PMState),
>  VMSTATE_INT64(ar.tmr.overflow_time, PIIX4PMState),
>  VMSTATE_STRUCT(ar.gpe, PIIX4PMState, 2, vmstate_gpe, ACPIGPE),
> -VMSTATE_STRUCT(pci0_status, PIIX4PMState, 2, vmstate_pci_status,
> -   struct pci_status),
> +VMSTATE_STRUCT_TEST(pci0_status, PIIX4PMState,
> +vmstate_test_no_use_acpi_pci_hotplug,
> +2, vmstate_pci_status,
> +struct pci_status),
> +VMSTATE_PCI_HOTPLUG(acpi_pci_hotplug, PIIX4PMState,
> +vmstate_test_use_acpi_pci_hotplug),
>  VMSTATE_END_OF_LIST()
>  }
>  };
> @@ -364,7 +385,11 @@ static void piix4_reset(void *opaque)
>  pci_conf[0x5B] = 0x02;
>  }
>  pm_io_space_update(s);
> -piix4_update_hotplug(s);
> +if (s->use_acpi_pci_hotplug) {
> +acpi_pcihp_reset(&s->acpi_pci_hotplug);
> +} else {
> +piix4_update_hotplug(s);
> +}
>  }
>  
>  static void piix4_pm_powerdown_req(Notifier *n, void *opaque)
> @@ -375,6 +400,26 @@ static void piix4_pm_powerdown_req(Notifier *n, void 
> *opaque)
>  acpi_pm1_evt_power_down(&s->ar);
>  }
>  
> +static int piix4_acpi_pci_hotplug(DeviceState *qdev, PCIDevice *dev,
> +  PCIHotplugState state)
> +{
> +PIIX4PMState *s = PIIX4_PM(qdev);
> +int ret = acpi_pcihp_device_hotplug(&s->acpi_pci_hotplug, dev, state);
> +if (ret < 0) {
> +return ret;
> +}
> +s->ar.gpe.sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
> +
> +acpi_update_sci(&s->ar, s->irq);
> +return 0;
> +}
> +
> +static void piix4_update_bus_hotplug(PCIBus *bus, void *opaque)
> +{
> +PIIX4PMState *s = opaque;
> +pci_bus_hotplug(bus, piix4_acpi_pci_hotplug, DEVICE(s));
> +}
> +
>  static void piix4_pm_machine_ready(Notifier *n, void *opaque)
>  {
>  PIIX4PMState *s = container_of(n, PIIX4PMState, machine_ready);
> @@ -388,6 +433,10 @@ static void piix4_pm_machine_ready(Notifier *n, void 
> *opaque)
>  pci_conf[0x63] = 0x60;
> 

[Qemu-devel] [PULL 02/29] Add DSDT node for AppleSMC

[Michael S. Tsirkin]

From: "Gabriel L. Somlo" 

AppleSMC (-device isa-applesmc) is required to boot OS X guests.
OS X expects a SMC node to be present in the ACPI DSDT. This patch
adds a SMC node to the DSDT, and dynamically patches the return value
of SMC._STA to either 0x0B if the chip is present, or otherwise to 0x00,
before booting the guest.

Signed-off-by: Gabriel Somlo 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/isa/isa.h  |  7 +++
 hw/i386/acpi-build.c  |  9 +
 hw/misc/applesmc.c|  1 -
 hw/i386/acpi-dsdt-isa.dsl | 11 +++
 hw/i386/acpi-dsdt.dsl |  1 +
 hw/i386/q35-acpi-dsdt.dsl |  1 +
 6 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index fa45a5b..e0c749f 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -20,6 +20,13 @@
 #define TYPE_ISA_BUS "ISA"
 #define ISA_BUS(obj) OBJECT_CHECK(ISABus, (obj), TYPE_ISA_BUS)
 
+#define TYPE_APPLE_SMC "isa-applesmc"
+
+static inline bool applesmc_find(void)
+{
+return object_resolve_path_type("", TYPE_APPLE_SMC, NULL);
+}
+
 typedef struct ISADeviceClass {
 DeviceClass parent_class;
 } ISADeviceClass;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 48312f5..30bfcd2 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -36,6 +36,7 @@
 #include "hw/nvram/fw_cfg.h"
 #include "bios-linker-loader.h"
 #include "hw/loader.h"
+#include "hw/isa/isa.h"
 
 /* Supported chipsets: */
 #include "hw/acpi/piix4.h"
@@ -80,6 +81,7 @@ typedef struct AcpiMiscInfo {
 
 static void acpi_get_dsdt(AcpiMiscInfo *info)
 {
+unsigned short applesmc_sta_val, *applesmc_sta_off;
 Object *piix = piix4_pm_find();
 Object *lpc = ich9_lpc_find();
 assert(!!piix != !!lpc);
@@ -87,11 +89,18 @@ static void acpi_get_dsdt(AcpiMiscInfo *info)
 if (piix) {
 info->dsdt_code = AcpiDsdtAmlCode;
 info->dsdt_size = sizeof AcpiDsdtAmlCode;
+applesmc_sta_off = piix_dsdt_applesmc_sta;
 }
 if (lpc) {
 info->dsdt_code = Q35AcpiDsdtAmlCode;
 info->dsdt_size = sizeof Q35AcpiDsdtAmlCode;
+applesmc_sta_off = q35_dsdt_applesmc_sta;
 }
+
+/* Patch in appropriate value for AppleSMC _STA */
+applesmc_sta_val = applesmc_find() ? 0x0b : 0x00;
+*(uint16_t *)(info->dsdt_code + *applesmc_sta_off) =
+cpu_to_le16(applesmc_sta_val);
 }
 
 static
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
index 1e8d183..627adb9 100644
--- a/hw/misc/applesmc.c
+++ b/hw/misc/applesmc.c
@@ -66,7 +66,6 @@ struct AppleSMCData {
 QLIST_ENTRY(AppleSMCData) node;
 };
 
-#define TYPE_APPLE_SMC "isa-applesmc"
 #define APPLE_SMC(obj) OBJECT_CHECK(AppleSMCState, (obj), TYPE_APPLE_SMC)
 
 typedef struct AppleSMCState AppleSMCState;
diff --git a/hw/i386/acpi-dsdt-isa.dsl b/hw/i386/acpi-dsdt-isa.dsl
index 89caa16..46942c1 100644
--- a/hw/i386/acpi-dsdt-isa.dsl
+++ b/hw/i386/acpi-dsdt-isa.dsl
@@ -16,6 +16,17 @@
 /* Common legacy ISA style devices. */
 Scope(\_SB.PCI0.ISA) {
 
+Device (SMC) {
+Name(_HID, EisaId("APP0001"))
+/* _STA will be patched to 0x0B if AppleSMC is present */
+ACPI_EXTRACT_NAME_WORD_CONST DSDT_APPLESMC_STA
+Name(_STA, 0xFF00)
+Name(_CRS, ResourceTemplate () {
+IO (Decode16, 0x0300, 0x0300, 0x01, 0x20)
+IRQNoFlags() { 6 }
+})
+}
+
 Device(RTC) {
 Name(_HID, EisaId("PNP0B00"))
 Name(_CRS, ResourceTemplate() {
diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
index a377424..b87c6e0 100644
--- a/hw/i386/acpi-dsdt.dsl
+++ b/hw/i386/acpi-dsdt.dsl
@@ -114,6 +114,7 @@ DefinitionBlock (
 }
 }
 
+#define DSDT_APPLESMC_STA piix_dsdt_applesmc_sta
 #include "acpi-dsdt-isa.dsl"
 
 
diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
index 7934a9d..ee38fd6 100644
--- a/hw/i386/q35-acpi-dsdt.dsl
+++ b/hw/i386/q35-acpi-dsdt.dsl
@@ -171,6 +171,7 @@ DefinitionBlock (
 }
 }
 
+#define DSDT_APPLESMC_STA q35_dsdt_applesmc_sta
 #include "acpi-dsdt-isa.dsl"
 
 
-- 
MST

[Qemu-devel] [v19 16/25] sheepdog.c: replace QEMUOptionParameter with QemuOpts

[Chunyan Liu]

sheepdog.c: replace QEMUOptionParameter with QemuOpts

Signed-off-by: Dong Xu Wang 
Signed-off-by: Chunyan Liu 
---
 block/sheepdog.c |  101 +-
 1 files changed, 47 insertions(+), 54 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index b94ab6e..13ac0d0 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1625,12 +1625,13 @@ static int parse_redundancy(BDRVSheepdogState *s, const 
char *opt)
 return 0;
 }
 
-static int sd_create(const char *filename, QEMUOptionParameter *options,
+static int sd_create(const char *filename, QemuOpts *opts,
  Error **errp)
 {
 int ret = 0;
 uint32_t vid = 0;
-char *backing_file = NULL;
+const char *backing_file = NULL;
+const char *buf = NULL;
 BDRVSheepdogState *s;
 char tag[SD_MAX_VDI_TAG_LEN];
 uint32_t snapid;
@@ -1649,31 +1650,26 @@ static int sd_create(const char *filename, 
QEMUOptionParameter *options,
 goto out;
 }
 
-while (options && options->name) {
-if (!strcmp(options->name, BLOCK_OPT_SIZE)) {
-s->inode.vdi_size = options->value.n;
-} else if (!strcmp(options->name, BLOCK_OPT_BACKING_FILE)) {
-backing_file = options->value.s;
-} else if (!strcmp(options->name, BLOCK_OPT_PREALLOC)) {
-if (!options->value.s || !strcmp(options->value.s, "off")) {
-prealloc = false;
-} else if (!strcmp(options->value.s, "full")) {
-prealloc = true;
-} else {
-error_report("Invalid preallocation mode: '%s'",
- options->value.s);
-ret = -EINVAL;
-goto out;
-}
-} else if (!strcmp(options->name, BLOCK_OPT_REDUNDANCY)) {
-if (options->value.s) {
-ret = parse_redundancy(s, options->value.s);
-if (ret < 0) {
-goto out;
-}
-}
+s->inode.vdi_size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
+backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
+buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
+if (!buf || !strcmp(buf, "off")) {
+prealloc = false;
+} else if (!strcmp(buf, "full")) {
+prealloc = true;
+} else {
+error_report("Invalid preallocation mode: '%s'", buf);
+ret = -EINVAL;
+goto out;
+}
+
+buf = NULL;
+buf = qemu_opt_get_del(opts, BLOCK_OPT_REDUNDANCY);
+if (buf) {
+ret = parse_redundancy(s, buf);
+if (ret < 0) {
+goto out;
 }
-options++;
 }
 
 if (s->inode.vdi_size > SD_MAX_VDI_SIZE) {
@@ -2486,28 +2482,27 @@ static int64_t 
sd_get_allocated_file_size(BlockDriverState *bs)
 return size;
 }
 
-static QEMUOptionParameter sd_create_options[] = {
-{
-.name = BLOCK_OPT_SIZE,
-.type = OPT_SIZE,
-.help = "Virtual disk size"
-},
-{
-.name = BLOCK_OPT_BACKING_FILE,
-.type = OPT_STRING,
-.help = "File name of a base image"
-},
-{
-.name = BLOCK_OPT_PREALLOC,
-.type = OPT_STRING,
-.help = "Preallocation mode (allowed values: off, full)"
-},
-{
-.name = BLOCK_OPT_REDUNDANCY,
-.type = OPT_STRING,
-.help = "Redundancy of the image"
-},
-{ NULL }
+static QemuOptsList sd_create_opts = {
+.name = "sheepdog-create-opts",
+.head = QTAILQ_HEAD_INITIALIZER(sd_create_opts.head),
+.desc = {
+{
+.name = BLOCK_OPT_SIZE,
+.type = QEMU_OPT_SIZE,
+.help = "Virtual disk size"
+},
+{
+.name = BLOCK_OPT_BACKING_FILE,
+.type = QEMU_OPT_STRING,
+.help = "File name of a base image"
+},
+{
+.name = BLOCK_OPT_PREALLOC,
+.type = QEMU_OPT_STRING,
+.help = "Preallocation mode (allowed values: off, full)"
+},
+{ /* end of list */ }
+}
 };
 
 static BlockDriver bdrv_sheepdog = {
@@ -2517,7 +2512,7 @@ static BlockDriver bdrv_sheepdog = {
 .bdrv_needs_filename = true,
 .bdrv_file_open = sd_open,
 .bdrv_close = sd_close,
-.bdrv_create= sd_create,
+.bdrv_create2   = sd_create,
 .bdrv_has_zero_init = bdrv_has_zero_init_1,
 .bdrv_getlength = sd_getlength,
 .bdrv_get_allocated_file_size = sd_get_allocated_file_size,
@@ -2537,7 +2532,7 @@ static BlockDriver bdrv_sheepdog = {
 .bdrv_save_vmstate  = sd_save_vmstate,
 .bdrv_load_vmstate  = sd_load_vmstate,
 
-.create_options = sd_create_options,
+.create_opts   = &sd_create_opts,
 };
 
 static BlockDriver bdrv_sheepdog_tcp = {
@@ -2547,7 +2542,7 @@ static BlockDriver bdrv_sheepdog_tcp = {
 .bdrv_needs_filename = true,
 .bdrv_file_open = sd_open,
 .bdrv_close = sd_close,
-.bdrv_create= sd_create,
+.bdrv_cr

[Qemu-devel] [PULL 15/29] acpi unit-test: do not fail on asl mismatch

[Michael S. Tsirkin]

From: Marcel Apfelbaum 

The asl comparison will break every time the ACPI
tables are updated. This may break the git bisect.
Instead of failing print a warning on stderr
including the retained asl files, so they can be
compared offline.

Signed-off-by: Marcel Apfelbaum 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-test.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tests/acpi-test.c b/tests/acpi-test.c
index 6095d07..31f5359 100644
--- a/tests/acpi-test.c
+++ b/tests/acpi-test.c
@@ -34,6 +34,7 @@ typedef struct {
 gchar *asl;/* asl code generated from aml */
 gsize asl_len;
 gchar *asl_file;
+bool asl_file_retain;   /* do not delete the temp asl */
 } QEMU_PACKED AcpiSdtTable;
 
 typedef struct {
@@ -161,7 +162,7 @@ static void free_test_data(test_data *data)
 g_free(temp->asl);
 }
 if (temp->asl_file) {
-if (g_strstr_len(temp->asl_file, -1, "asl-")) {
+if (!temp->asl_file_retain) {
 unlink(temp->asl_file);
 }
 g_free(temp->asl_file);
@@ -532,7 +533,15 @@ static void test_acpi_asl(test_data *data)
 load_asl(exp_data.tables, exp_sdt);
 exp_asl = normalize_asl(exp_sdt->asl);
 
-g_assert(!g_strcmp0(asl->str, exp_asl->str));
+if (g_strcmp0(asl->str, exp_asl->str)) {
+sdt->asl_file_retain = true;
+exp_sdt->asl_file_retain = true;
+fprintf(stderr,
+"acpi-test: Warning! %.4s mismatch. "
+"Orig asl: %s, expected asl %s.\n",
+(gchar *)&exp_sdt->header.signature,
+sdt->asl_file, exp_sdt->asl_file);
+}
 g_string_free(asl, true);
 g_string_free(exp_asl, true);
 }
-- 
MST

[Qemu-devel] [PULL 29/29] acpi-test: update expected AML since recent changes

[Michael S. Tsirkin]

Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-test-data/pc/DSDT  | Bin 4407 -> 4582 bytes
 tests/acpi-test-data/pc/SSDT  | Bin 2104 -> 2200 bytes
 tests/acpi-test-data/q35/DSDT | Bin 7344 -> 7438 bytes
 tests/acpi-test-data/q35/SSDT | Bin 2104 -> 475 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/tests/acpi-test-data/pc/DSDT b/tests/acpi-test-data/pc/DSDT
index 
b12e5eb85bb22f27fe10ce0fcf1d9a71f38360eb..fbf1c3e6e8f791f8e7bae95ad43ea11d0be64c72
 100644
GIT binary patch
delta 402
zcmdn4^h}w{CDqg!-?lb>%8Be%dhE|%y3z*>J_aH5?;cvc_}L|7o*_h&HPV|qnq>s
zfUX9+h1bzJz|+9Mzy#_NUM?=6OV$ISLM2cL=zQPjwAq5G5NGW4gkajYjFSo

delta 249
zcmaE+yj_XQCD<+m8_1QB7yrC>N5zxIhRb
z;(`$2V&25Y%f-kynNQ%Uv49_EynBEvN4$rp3$LSdfTw|hff<7cTfC2f0fUHWysLpB
PLkz-6AnPVq3FZI*Bg{dn

diff --git a/tests/acpi-test-data/pc/SSDT b/tests/acpi-test-data/pc/SSDT
index 
5ab1b96af004737738f3386e73e4dc1d425ab77e..a51c68e21b7f1556009331966c56eb7a563dd51e
 100644
GIT binary patch
literal 2200
zcmZ{lNl)8A7>38$Fm^(mVD>FnPIbzDi#Li9ai$rEQUz&p4C)1`r;1BTRW3bp>5)qL
zAN^;g-{<%Xq3Yz4dHp_m#^YryM3DT{8Pkrvj(;W^-WB%+9Mc$MIL3d=D_%35J3^Kr
z=`adq`T6c^|fWj^i}pEJBf(jP*x6>~u9uTK}t=
z1)k{ksuYRKZm}6Wl^zFd%zhQdM%7;E20X!nCxh|8E`R9qM7teg)}`MSwTfZ9!z;lw
z?F;*Xhm2g*X~&ac0ftv#kK$-z$10r$3+wx5hNs{E<`sSJIH-XoMuEgjm#)F}c?4@X
zVs=%w-Gq&O-gXgyjHe7)Bv}s69nI(AImV$~kCW4nxhL~+Xs`#g-{?N?#PtBq)VlbD
zmrVCWc)|MjyP|n4;X3zXBd<$0=)%p+GrKO)$o=pfIjj+V>ttww(1H>rYmv~R3f&`X
ziO`Y~CF>lab1HP7tU95(5+&q?ZY8-#AC(2%T~gl;NPvThN&r9w~1
zx=rY|5+&;np*#OW?bb$c87H}?^4$==Ll3yu-K4>S0K3^FG%!%pf&e?xq#0qrrgAql
znFa~Al`Q2jO}hdl*c`GB=Q@~nI2pX+S%06lLF{XZ$=9fNQDLjzWGhC}b)8lI4(VF(S-e9K36~jX^
n?Hib9`W9rk-P3-A8G3t%`!RfTnHTrkcwHDs@$dJG(lzDW**_#D-D@X|kyVi%M*}qf}+Xk{6&-
z-lK0;dL}vlf_AdWcV<2v|DK#onnu}yErext2jOx0s(T^Bl-4XEgl7Hic8iz7mVT-#
zRNWHAs`C8&`;RR<=gOh2PO2JZhuX|Ov=INh@bSfh`-VEIbXzq`1&f|RyrY_S!O1zf
zX|=0&bT{{1QDN{?eP5x)u(r|#8;k<9dl%*KiGv{7}O
z_xdF0n7)Yzz2xMQL9ai<0^tR9Px{HMyWW~UMsK)3zX~0H^rKr0rSI!D^omKO^wCY<
zAqZtc@31ety6Od)n1r$yXn|@Snd&s-IzI8OP{t>^yz)Y;pB;V9J(VA?9C5GPU)!M^
z^qUbybsxS6eQ2Y**Qwu8bjD|W$Ffxr4e5up=xNkUSrZw?Cwgz{ZLybwmot0Y?B(I*
zb$XrdWxpNv3h)YMZBR{+jTb
zW)JhX0B^zUVg5XLp4r3vEy7zgdzil^cuQsv^VfpcGJBZ6HoUgk!~8A7TQ+-`zZG~Z
zW)JhX3UAfyVgA^cZjQk74$nOy&{~|H+FA*buix~Oa#K^x)jQlIa$iGUA{AzfO$&
M8^p-JNlf|w0)H3)9{>OV

diff --git a/tests/acpi-test-data/q35/DSDT b/tests/acpi-test-data/q35/DSDT
index 
59243b952d78c465298e0a2ec05a52f480dd92fb..5086b839a6e11ee819af91e72f71efb3e8d97fe2
 100644
GIT binary patch
delta 192
zcmdmB*=NP&66_MfC(FRV=)aL`8YAm<9tMURo0l@CGTC{_=`+U%JH-b$dm4BKJH|&h
z=>+>a$8*Gcc)IYg2{15n#0Q5saxrkkI|l^|3UKkdGcqtUFf%GBIWSZ*Y?fkC5N8ye
zY%QI^bc1K|Qt4`g=q9~@AlG290lbdR0iFg11}0GLyj)!Fj5m00@GvM;0);>Zb5B-~
fkrQW&_c1VJ5D|!XH85g`(E~duDA;*&s7y2f2gWRa

delta 97
zcmeCP+F;4$66_MPL56{Wv2Y{TG)C6%JPZs!HZNsNWfJg_)@P0nc8U*h_B8Mec8uTb
y!J;6}$TvAtI)jN}{p8Ei)syRFNe?}6%s3)-n+xGUFt%TY3!DwRGMs%+67X#?4XEly6g)S
zDenOrUW;-jIsXEfZ1SC%PshI}CzGa8c3=x({pt?F-#*-kI(8)2ctPEhelqK>x2BKL8}7G{LdPF{?G{7n`??LiViGBR
zbklbTLYdGz>8q3i`(pjtUR{K>RI2hY!yU9`XMcP8Z}eaM27K+-kW+`?B(F)%-%M8
zd3brVx5HimUcv0`vR8yxG<$pOmEe`k-adPC@aD|k0edz)+w2{(HxF;#>;>#O@Eo((
zWv>jcZ1zI-D)1_1FJi9>uWI&U_G<8IX77l-I=s5k>-g-s@LaQp`D?&ym_5v26JFEo
zVg452Etoybp9jw~dzimPc#CEa^S1o4G)|!(1fZWiAo#G0ze2Guy-m%=5&D%notDTqf=^SBOLADsjYIBaWHt#7E5T
zT}uC-S>^^Y@;8Z*e}NeJJ!0fvBu4%vV&rcTBY&G1`Im{2e}x$NSBa5-jTrgYiIIPU
K82LAeDgPgv$^jn$

-- 
MST

[Qemu-devel] [PULL 21/29] acpi: factor out common cpu hotplug code for PIIX4/Q35

[Michael S. Tsirkin]

From: Igor Mammedov 

.. so it could be used for adding CPU hotplug to Q35 machine

Add an additional header with that will be shared between
C and ASL code: include/hw/acpi/cpu_hotplug_defs.h

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/cpu_hotplug.h  | 27 +
 include/hw/acpi/cpu_hotplug_defs.h | 22 +++
 hw/acpi/cpu_hotplug.c  | 64 +++
 hw/acpi/piix4.c| 77 +++---
 hw/acpi/Makefile.objs  |  2 +-
 5 files changed, 120 insertions(+), 72 deletions(-)
 create mode 100644 include/hw/acpi/cpu_hotplug.h
 create mode 100644 include/hw/acpi/cpu_hotplug_defs.h
 create mode 100644 hw/acpi/cpu_hotplug.c

diff --git a/include/hw/acpi/cpu_hotplug.h b/include/hw/acpi/cpu_hotplug.h
new file mode 100644
index 000..4576400
--- /dev/null
+++ b/include/hw/acpi/cpu_hotplug.h
@@ -0,0 +1,27 @@
+/*
+ * QEMU ACPI hotplug utilities
+ *
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Authors:
+ *   Igor Mammedov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef ACPI_HOTPLUG_H
+#define ACPI_HOTPLUG_H
+
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/cpu_hotplug_defs.h"
+
+typedef struct AcpiCpuHotplug {
+MemoryRegion io;
+uint8_t sts[ACPI_GPE_PROC_LEN];
+} AcpiCpuHotplug;
+
+void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu);
+
+void AcpiCpuHotplug_init(MemoryRegion *parent, Object *owner,
+ AcpiCpuHotplug *gpe_cpu, uint16_t base);
+#endif
diff --git a/include/hw/acpi/cpu_hotplug_defs.h 
b/include/hw/acpi/cpu_hotplug_defs.h
new file mode 100644
index 000..c6c4f78
--- /dev/null
+++ b/include/hw/acpi/cpu_hotplug_defs.h
@@ -0,0 +1,22 @@
+/*
+ * QEMU ACPI hotplug utilities shared defines
+ *
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Authors:
+ *   Igor Mammedov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef ACPI_HOTPLUG_DEFS_H
+#define ACPI_HOTPLUG_DEFS_H
+
+/*
+ * ONLY DEFINEs are permited in this file since it's shared
+ * between C and ASL code.
+ */
+#define ACPI_CPU_HOTPLUG_STATUS 4
+#define ACPI_GPE_PROC_LEN 32
+
+#endif
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
new file mode 100644
index 000..48928dc
--- /dev/null
+++ b/hw/acpi/cpu_hotplug.c
@@ -0,0 +1,64 @@
+/*
+ * QEMU ACPI hotplug utilities
+ *
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Authors:
+ *   Igor Mammedov 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "hw/hw.h"
+#include "hw/acpi/cpu_hotplug.h"
+
+static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
+{
+AcpiCpuHotplug *cpus = opaque;
+uint64_t val = cpus->sts[addr];
+
+return val;
+}
+
+static void cpu_status_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned int size)
+{
+/* TODO: implement VCPU removal on guest signal that CPU can be removed */
+}
+
+static const MemoryRegionOps AcpiCpuHotplug_ops = {
+.read = cpu_status_read,
+.write = cpu_status_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+.valid = {
+.min_access_size = 1,
+.max_access_size = 1,
+},
+};
+
+void AcpiCpuHotplug_add(ACPIGPE *gpe, AcpiCpuHotplug *g, CPUState *cpu)
+{
+CPUClass *k = CPU_GET_CLASS(cpu);
+int64_t cpu_id;
+
+*gpe->sts = *gpe->sts | ACPI_CPU_HOTPLUG_STATUS;
+cpu_id = k->get_arch_id(CPU(cpu));
+g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+}
+
+void AcpiCpuHotplug_init(MemoryRegion *parent, Object *owner,
+ AcpiCpuHotplug *gpe_cpu, uint16_t base)
+{
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+CPUClass *cc = CPU_GET_CLASS(cpu);
+int64_t id = cc->get_arch_id(cpu);
+
+g_assert((id / 8) < ACPI_GPE_PROC_LEN);
+gpe_cpu->sts[id / 8] |= (1 << (id % 8));
+}
+memory_region_init_io(&gpe_cpu->io, owner, &AcpiCpuHotplug_ops,
+  gpe_cpu, "acpi-cpu-hotplug", ACPI_GPE_PROC_LEN);
+memory_region_add_subregion(parent, base, &gpe_cpu->io);
+}
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 1aa35bc..12f8dde 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -31,6 +31,7 @@
 #include "exec/address-spaces.h"
 #include "hw/acpi/piix4.h"
 #include "hw/acpi/pcihp.h"
+#include "hw/acpi/cpu_hotplug.h"
 
 //#define DEBUG
 
@@ -51,20 +52,14 @@
 #define PCI_RMV_BASE 0xae0c
 
 #define PIIX4_PROC_BASE 0xaf00
-#define PIIX4_PROC_LEN 32
 
 #define PIIX4_PCI_HOTPLUG_STATUS 2
-#define PIIX4_CPU_HOTPLUG_STATUS 4
 
 struct pci_status {
 uint32_t up; /* deprecated, maintained for migration compatibility */
 uint32_t down;
 };
 
-typedef struct CPUStatus {
-uint8_t s

[Qemu-devel] [v19 17/25] ssh.c: replace QEMUOptionParameter with QemuOpts

[Chunyan Liu]

ssh.c: replace QEMUOptionParameter with QemuOpts

Signed-off-by: Dong Xu Wang 
Signed-off-by: Chunyan Liu 
---
 block/ssh.c |   31 +++
 1 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/block/ssh.c b/block/ssh.c
index aa63c9d..8fd2175 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -642,16 +642,20 @@ static int ssh_file_open(BlockDriverState *bs, QDict 
*options, int bdrv_flags,
 return ret;
 }
 
-static QEMUOptionParameter ssh_create_options[] = {
-{
-.name = BLOCK_OPT_SIZE,
-.type = OPT_SIZE,
-.help = "Virtual disk size"
-},
-{ NULL }
+static QemuOptsList ssh_create_opts = {
+.name = "ssh-create-opts",
+.head = QTAILQ_HEAD_INITIALIZER(ssh_create_opts.head),
+.desc = {
+{
+.name = BLOCK_OPT_SIZE,
+.type = QEMU_OPT_SIZE,
+.help = "Virtual disk size"
+},
+{ /* end of list */ }
+}
 };
 
-static int ssh_create(const char *filename, QEMUOptionParameter *options,
+static int ssh_create(const char *filename, QemuOpts *opts,
   Error **errp)
 {
 int r, ret;
@@ -665,12 +669,7 @@ static int ssh_create(const char *filename, 
QEMUOptionParameter *options,
 ssh_state_init(&s);
 
 /* Get desired file size. */
-while (options && options->name) {
-if (!strcmp(options->name, BLOCK_OPT_SIZE)) {
-total_size = options->value.n;
-}
-options++;
-}
+total_size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
 DPRINTF("total_size=%" PRIi64, total_size);
 
 uri_options = qdict_new();
@@ -1044,14 +1043,14 @@ static BlockDriver bdrv_ssh = {
 .instance_size= sizeof(BDRVSSHState),
 .bdrv_parse_filename  = ssh_parse_filename,
 .bdrv_file_open   = ssh_file_open,
-.bdrv_create  = ssh_create,
+.bdrv_create2 = ssh_create,
 .bdrv_close   = ssh_close,
 .bdrv_has_zero_init   = ssh_has_zero_init,
 .bdrv_co_readv= ssh_co_readv,
 .bdrv_co_writev   = ssh_co_writev,
 .bdrv_getlength   = ssh_getlength,
 .bdrv_co_flush_to_disk= ssh_co_flush,
-.create_options   = ssh_create_options,
+.create_opts  = &ssh_create_opts,
 };
 
 static void bdrv_ssh_init(void)
-- 
1.6.0.2

Re: [Qemu-devel] [v19 02/25] qapi: output def_value_str when query command line options

[Eric Blake]

On 01/20/2014 07:19 AM, Chunyan Liu wrote:
> Change qapi interfaces to output the newly added def_value_str when query
> command line options.
> 
> Signed-off-by: Dong Xu Wang 
> Signed-off-by: Chunyan Liu 
> ---

> +++ b/qapi-schema.json
> @@ -3891,12 +3891,16 @@
>  #
>  # @help: #optional human readable text string, not suitable for parsing.
>  #
> -# Since 1.5
> +# @default: #optional string representation of the default used
> +#   if the option is omitted.
> +#
> +# Since 1.6

Not quite right.  The overall type was still since 1.5, and only the new
member is since 2.0 (not 1.6).  It should look more like:

# @default: #optional string representation of the default used if
#   the option is omitted (since 2.0)
#
# Since 1.5

But I like the idea.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 28/29] pc: ACPI: update acpi-dsdt.hex.generated q35-acpi-dsdt.hex.generated

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-dsdt.hex.generated | 217 +---
 hw/i386/q35-acpi-dsdt.hex.generated |  74 ++--
 hw/i386/ssdt-pcihp.hex.generated|  20 ++--
 hw/i386/ssdt-proc.hex.generated |   6 +-
 4 files changed, 225 insertions(+), 92 deletions(-)

diff --git a/hw/i386/acpi-dsdt.hex.generated b/hw/i386/acpi-dsdt.hex.generated
index f8bd4ea..1e58801 100644
--- a/hw/i386/acpi-dsdt.hex.generated
+++ b/hw/i386/acpi-dsdt.hex.generated
@@ -3,12 +3,12 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x53,
 0x44,
 0x54,
-0x37,
+0x87,
 0x11,
 0x0,
 0x0,
 0x1,
-0xd8,
+0xb8,
 0x42,
 0x58,
 0x50,
@@ -860,8 +860,8 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x4e,
 0x1,
 0x10,
-0x4c,
-0x1b,
+0x4b,
+0x1e,
 0x2f,
 0x3,
 0x5f,
@@ -879,6 +879,53 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x5b,
 0x82,
 0x2d,
+0x53,
+0x4d,
+0x43,
+0x5f,
+0x8,
+0x5f,
+0x48,
+0x49,
+0x44,
+0xc,
+0x6,
+0x10,
+0x0,
+0x1,
+0x8,
+0x5f,
+0x53,
+0x54,
+0x41,
+0xb,
+0x0,
+0xff,
+0x8,
+0x5f,
+0x43,
+0x52,
+0x53,
+0x11,
+0x10,
+0xa,
+0xd,
+0x47,
+0x1,
+0x0,
+0x3,
+0x0,
+0x3,
+0x1,
+0x20,
+0x22,
+0x40,
+0x0,
+0x79,
+0x0,
+0x5b,
+0x82,
+0x2d,
 0x52,
 0x54,
 0x43,
@@ -1305,7 +1352,7 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x79,
 0x0,
 0x10,
-0x4b,
+0x48,
 0x8,
 0x2e,
 0x5f,
@@ -1371,79 +1418,76 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x45,
 0x4a,
 0x20,
+0x5b,
+0x80,
+0x42,
+0x4e,
+0x4d,
+0x52,
+0x1,
+0xb,
+0x10,
+0xae,
+0xa,
+0x4,
+0x5b,
+0x81,
+0xb,
+0x42,
+0x4e,
+0x4d,
+0x52,
+0x43,
+0x42,
+0x4e,
+0x55,
+0x4d,
+0x20,
+0x5b,
+0x1,
+0x42,
+0x4c,
+0x43,
+0x4b,
+0x0,
 0x14,
-0x11,
+0x25,
 0x50,
 0x43,
 0x45,
 0x4a,
-0x1,
+0x2,
+0x5b,
+0x23,
+0x42,
+0x4c,
+0x43,
+0x4b,
+0xff,
+0xff,
 0x70,
-0x79,
-0x1,
 0x68,
-0x0,
 0x42,
-0x30,
-0x45,
-0x4a,
-0xa4,
-0x0,
-0x14,
-0x36,
-0x50,
-0x43,
 0x4e,
-0x46,
-0x0,
-0x70,
-0x0,
-0x60,
-0xa2,
-0x2c,
-0x95,
-0x60,
-0xa,
-0x1f,
-0x75,
-0x60,
-0xa0,
-0x11,
-0x7b,
-0x50,
-0x43,
-0x49,
 0x55,
+0x4d,
+0x70,
 0x79,
 0x1,
-0x60,
+0x69,
 0x0,
-0x0,
-0x50,
-0x43,
-0x4e,
-0x54,
-0x60,
-0x1,
-0xa0,
-0x12,
-0x7b,
-0x50,
+0x42,
+0x30,
+0x45,
+0x4a,
+0x5b,
+0x27,
+0x42,
+0x4c,
 0x43,
-0x49,
-0x44,
-0x79,
-0x1,
-0x60,
-0x0,
+0x4b,
+0xa4,
 0x0,
-0x50,
-0x43,
-0x4e,
-0x54,
-0x60,
-0xa,
-0x3,
 0x10,
 0x4a,
 0xa0,
@@ -4248,8 +4292,8 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x75,
 0x60,
 0x10,
-0x4e,
-0x9,
+0x42,
+0xc,
 0x5f,
 0x47,
 0x50,
@@ -4277,12 +4321,31 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x30,
 0x0,
 0x14,
-0x15,
+0x39,
 0x5f,
 0x45,
 0x30,
 0x31,
 0x0,
+0x5b,
+0x23,
+0x5c,
+0x2f,
+0x3,
+0x5f,
+0x53,
+0x42,
+0x5f,
+0x50,
+0x43,
+0x49,
+0x30,
+0x42,
+0x4c,
+0x43,
+0x4b,
+0xff,
+0xff,
 0x5c,
 0x2f,
 0x3,
@@ -4297,7 +4360,24 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x50,
 0x43,
 0x4e,
-0x46,
+0x54,
+0x5b,
+0x27,
+0x5c,
+0x2f,
+0x3,
+0x5f,
+0x53,
+0x42,
+0x5f,
+0x50,
+0x43,
+0x49,
+0x30,
+0x42,
+0x4c,
+0x43,
+0x4b,
 0x14,
 0x10,
 0x5f,
@@ -4407,3 +4487,6 @@ static unsigned char AcpiDsdtAmlCode[] = {
 0x46,
 0x0
 };
+static unsigned short piix_dsdt_applesmc_sta[] = {
+0x384
+};
diff --git a/hw/i386/q35-acpi-dsdt.hex.generated 
b/hw/i386/q35-acpi-dsdt.hex.generated
index 111ad3e..6d885a9 100644
--- a/hw/i386/q35-acpi-dsdt.hex.generated
+++ b/hw/i386/q35-acpi-dsdt.hex.generated
@@ -3,12 +3,12 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x53,
 0x44,
 0x54,
-0xb0,
+0xdf,
 0x1c,
 0x0,
 0x0,
 0x1,
-0xfe,
+0xff,
 0x42,
 0x58,
 0x50,
@@ -1033,8 +1033,8 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x4e,
 0x1,
 0x10,
-0x4c,
-0x1b,
+0x4b,
+0x1e,
 0x2f,
 0x3,
 0x5f,
@@ -1052,6 +1052,53 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x5b,
 0x82,
 0x2d,
+0x53,
+0x4d,
+0x43,
+0x5f,
+0x8,
+0x5f,
+0x48,
+0x49,
+0x44,
+0xc,
+0x6,
+0x10,
+0x0,
+0x1,
+0x8,
+0x5f,
+0x53,
+0x54,
+0x41,
+0xb,
+0x0,
+0xff,
+0x8,
+0x5f,
+0x43,
+0x52,
+0x53,
+0x11,
+0x10,
+0xa,
+0xd,
+0x47,
+0x1,
+0x0,
+0x3,
+0x0,
+0x3,
+0x1,
+0x20,
+0x22,
+0x40,
+0x0,
+0x79,
+0x0,
+0x5b,
+0x82,
+0x2d,
 0x52,
 0x54,
 0x43,
@@ -7229,12 +7276,19 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x30,
 0x0,
 0x14,
-0x10,
+0x6,
 0x5f,
 0x4c,
 0x30,
 0x31,
 0x0,
+0x14,
+0x10,
+0x5f,
+0x45,
+0x30,
+0x32,
+0x0,
 0x5c,
 0x2e,
 0x5f,
@@ -7250,13 +7304,6 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x5f,
 0x4c,
 0x30,
-0x32,
-0x0,
-0x14,
-0x6,
-0x5f,
-0x4c,
-0x30,
 0x33,
 0x0,
 0x14,
@@ -7344,3 +7391,6 @@ static unsigned char Q35AcpiDsdtAmlCode[] = {
 0x46,
 0x0
 };
+static unsigned short q35_dsdt_applesmc_sta[] = {
+0x431
+};
diff --git a/hw/i386/ssdt-pcihp.hex.generated b/hw/i386/ssdt-pcihp.hex.generated
index b3c2cd5..610a631 100644
--- a/hw/i386/ssdt-pcihp.hex.generated
+++ b/hw/i386/ssdt-pcihp.hex.generated
@@ -5,19 +5,19 @@ static unsigned char ssdt_pcihp_adr[] = {
 0x44
 };
 static unsigned char ssdt_pcihp_end[] = {
-0x58
+0x5b
 };
 static unsigned char ssdp_pcihp_aml[] = {
 0x53,
 0x5

[Qemu-devel] [v19 24/25] cleanup QEMUOptionParameter

[Chunyan Liu]

Now all places using QEMUOptionParameter could use QemuOpts too, remove
QEMUOptionParameter related code.

Signed-off-by: Dong Xu Wang 
Signed-off-by: Chunyan Liu 
---
 block.c   |  147 ++-
 block/cow.c   |2 +-
 block/qcow.c  |2 +-
 block/qcow2.c |2 +-
 block/qed.c   |2 +-
 block/raw_bsd.c   |2 +-
 block/vhdx.c  |2 +-
 block/vmdk.c  |4 +-
 block/vvfat.c |2 +-
 include/block/block.h |4 +-
 include/block/block_int.h |3 -
 include/qemu/option.h |   35 --
 qemu-img.c|   93 ++-
 util/qemu-option.c|  294 -
 14 files changed, 30 insertions(+), 564 deletions(-)

diff --git a/block.c b/block.c
index 8c490c6..b33d095 100644
--- a/block.c
+++ b/block.c
@@ -394,7 +394,6 @@ BlockDriver *bdrv_find_whitelisted_format(const char 
*format_name,
 typedef struct CreateCo {
 BlockDriver *drv;
 char *filename;
-QEMUOptionParameter *options;
 QemuOpts *opts;
 int ret;
 Error *err;
@@ -403,15 +402,13 @@ typedef struct CreateCo {
 static void coroutine_fn bdrv_create_co_entry(void *opaque)
 {
 Error *local_err = NULL;
-int ret;
+int ret = -1;
 
 CreateCo *cco = opaque;
 assert(cco->drv);
 
 if (cco->drv->bdrv_create2)
 ret = cco->drv->bdrv_create2(cco->filename, cco->opts, &local_err);
-else
-ret = cco->drv->bdrv_create(cco->filename, cco->options, &local_err);
 if (error_is_set(&local_err)) {
 error_propagate(&cco->err, local_err);
 }
@@ -419,7 +416,7 @@ static void coroutine_fn bdrv_create_co_entry(void *opaque)
 }
 
 int bdrv_create(BlockDriver *drv, const char* filename,
-QEMUOptionParameter *options, QemuOpts *opts, Error **errp)
+QemuOpts *opts, Error **errp)
 {
 int ret;
 
@@ -427,13 +424,12 @@ int bdrv_create(BlockDriver *drv, const char* filename,
 CreateCo cco = {
 .drv = drv,
 .filename = g_strdup(filename),
-.options = options,
 .opts = opts,
 .ret = NOT_DONE,
 .err = NULL,
 };
 
-if (!drv->bdrv_create && !drv->bdrv_create2) {
+if (!drv->bdrv_create2) {
 error_setg(errp, "Driver '%s' does not support image creation", 
drv->format_name);
 ret = -ENOTSUP;
 goto out;
@@ -464,7 +460,7 @@ out:
 return ret;
 }
 
-int bdrv_create_file(const char* filename, QEMUOptionParameter *options,
+int bdrv_create_file(const char* filename,
  QemuOpts *opts, Error **errp)
 {
 BlockDriver *drv;
@@ -477,7 +473,7 @@ int bdrv_create_file(const char* filename, 
QEMUOptionParameter *options,
 return -ENOENT;
 }
 
-ret = bdrv_create(drv, filename, options, opts, &local_err);
+ret = bdrv_create(drv, filename, opts, &local_err);
 if (error_is_set(&local_err)) {
 error_propagate(errp, local_err);
 }
@@ -1058,7 +1054,6 @@ int bdrv_open(BlockDriverState *bs, const char *filename, 
QDict *options,
 BlockDriverState *bs1;
 int64_t total_size;
 BlockDriver *bdrv_qcow2;
-QEMUOptionParameter *create_options = NULL;
 QemuOpts *opts = NULL; 
 QDict *snapshot_options;
 
@@ -1089,14 +1084,9 @@ int bdrv_open(BlockDriverState *bs, const char 
*filename, QDict *options,
 if (bdrv_qcow2->bdrv_create2) {
 opts = qemu_opts_create(bdrv_qcow2->create_opts, NULL, 0, 
&error_abort);
 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size);
-} else {
-create_options = 
-parse_option_parameters("", bdrv_qcow2->create_options, NULL);
-set_option_parameter_int(create_options, BLOCK_OPT_SIZE, 
total_size);
 }
 
-ret = bdrv_create(bdrv_qcow2, tmp_filename, create_options, opts, 
&local_err);
-free_option_parameters(create_options);
+ret = bdrv_create(bdrv_qcow2, tmp_filename, opts, &local_err);
 qemu_opts_del(opts);
 if (ret < 0) {
 error_setg_errno(errp, -ret, "Could not create temporary overlay "
@@ -4722,7 +4712,6 @@ void bdrv_img_create(const char *filename, const char 
*fmt,
  char *options, uint64_t img_size, int flags,
  Error **errp, bool quiet)
 {
-QEMUOptionParameter *param = NULL, *create_options = NULL;
 QemuOptsList *create_opts = NULL;
 QemuOpts *opts = NULL;
 BlockDriver *drv, *proto_drv;
@@ -4843,7 +4832,7 @@ void bdrv_img_create(const char *filename, const char 
*fmt,
 puts("");
 }
 
-ret = bdrv_create(drv, filename, NULL, opts, &local_err);
+ret = bdrv_create(drv, filename, opts, &local_err);
 if (ret == -EFBIG) {
 /* This is generally a better message than whatever the driver 
would
  * deliver (especially because of the cluster_size_hint),