Re: [Qemu-devel] [PATCH v6 for 2.1 04/10] block: make 'top' argument to block-commit optional

[Stefan Hajnoczi]

On Tue, Jun 17, 2014 at 05:53:52PM -0400, Jeff Cody wrote:
> Now that active layer block-commit is supported, the 'top' argument
> no longer needs to be mandatory.
> 
> Change it to optional, with the default being the active layer in the
> device chain.
> 
> Reviewed-by: Eric Blake 
> Reviewed-by: Benoit Canet 
> Signed-off-by: Jeff Cody 
> ---
>  blockdev.c | 16 ++--
>  qapi/block-core.json   |  7 ---
>  qmp-commands.hx|  5 +++--
>  tests/qemu-iotests/040 | 28 ++--
>  4 files changed, 39 insertions(+), 17 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgptjUt8vuNGo.pgp
Description: PGP signature

[Qemu-devel] [Bug 1331932] [NEW] qemu crash in x86 reload

[janaki-lappy]

Public bug reported:

Hi all,


I am running qemu on an x86 host and when the host reloaded we do see a
core on Qemu and the gdb dump shows as follows.

Can any one please let me know if any one has come across such failures.

rning: Can't read pathname for load map: Input/output error.

Core was generated by `/usr/bin/qemu-system-x86_64 -name default-sdr--2
-S -M pc_q35 -enable-kvm -m 61'.

Program terminated with signal 11, Segmentation fault.

#0  0x0049c976 in qemu_bh_delete (bh=0x31) at /auto/thirdparty-
sdk/release/235/thirdparty/opensource/qemu-kvm/contents/async.c:193

193 bh->scheduled = 0;

(gdb) bt

#0  0x0049c976 in qemu_bh_delete (bh=0x31)

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/async.c:193

#1  0x004c50a3 in qemu_chr_generic_open_bh (opaque=0xdc1f670)

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/qemu-char.c:130

#2  0x0049c7e4 in qemu_bh_poll ()

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/async.c:150

#3  0x0042017d in main_loop_wait (nonblocking=0)

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/vl.c:1384

#4  0x0043bae5 in kvm_main_loop ()

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/qemu-kvm.c:1710

#5  0x00420237 in main_loop ()

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/vl.c:1408

#6  0x00423bf4 in main (argc=67, argv=0x7fffc1ec48a8,
envp=0x7fffc1ec4ac8)

at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
kvm/contents/vl.c:3159


Regards,

sistla.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1331932

Title:
  qemu crash in x86 reload

Status in QEMU:
  New

Bug description:
  Hi all,


  I am running qemu on an x86 host and when the host reloaded we do see
  a core on Qemu and the gdb dump shows as follows.

  Can any one please let me know if any one has come across such
  failures.

  rning: Can't read pathname for load map: Input/output error.

  Core was generated by `/usr/bin/qemu-system-x86_64 -name default-sdr--
  2 -S -M pc_q35 -enable-kvm -m 61'.

  Program terminated with signal 11, Segmentation fault.

  #0  0x0049c976 in qemu_bh_delete (bh=0x31) at /auto
  /thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/async.c:193

  193 bh->scheduled = 0;

  (gdb) bt

  #0  0x0049c976 in qemu_bh_delete (bh=0x31)

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/async.c:193

  #1  0x004c50a3 in qemu_chr_generic_open_bh (opaque=0xdc1f670)

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/qemu-char.c:130

  #2  0x0049c7e4 in qemu_bh_poll ()

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/async.c:150

  #3  0x0042017d in main_loop_wait (nonblocking=0)

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/vl.c:1384

  #4  0x0043bae5 in kvm_main_loop ()

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/qemu-kvm.c:1710

  #5  0x00420237 in main_loop ()

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/vl.c:1408

  #6  0x00423bf4 in main (argc=67, argv=0x7fffc1ec48a8,
  envp=0x7fffc1ec4ac8)

  at /auto/thirdparty-sdk/release/235/thirdparty/opensource/qemu-
  kvm/contents/vl.c:3159



  Regards,

  sistla.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1331932/+subscriptions

Re: [Qemu-devel] [PATCH v6 for 2.1 03/10] block: simplify bdrv_find_base() and bdrv_find_overlay()

[Stefan Hajnoczi]

On Tue, Jun 17, 2014 at 05:53:51PM -0400, Jeff Cody wrote:
> This simplifies the function bdrv_find_overlay().  With this change,
> bdrv_find_base() is just a subset of usage of bdrv_find_overlay(),
> so this also takes advantage of that.
> 
> Reviewed-by: Eric Blake 
> Reviewed-by: Benoit Canet 
> Signed-off-by: Jeff Cody 
> ---
>  block.c | 45 ++---
>  1 file changed, 10 insertions(+), 35 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpQ7fOK9jTmA.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 for 2.1 02/10] block: add helper function to determine if a BDS is in a chain

[Stefan Hajnoczi]

On Tue, Jun 17, 2014 at 05:53:50PM -0400, Jeff Cody wrote:
> This is a small helper function, to determine if 'base' is in the
> chain of BlockDriverState 'top'.  It returns true if it is in the chain,
> and false otherwise.
> 
> If either argument is NULL, it will also return false.
> 
> Reviewed-by: Benoit Canet 
> Reviewed-by: Eric Blake 
> Signed-off-by: Jeff Cody 
> ---
>  block.c   | 11 +++
>  include/block/block.h |  1 +
>  2 files changed, 12 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpUKZeeUSF47.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/2] block: Fix unset "filename" for certain drivers

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 12:14:08AM +0200, Max Reitz wrote:
> For some protocol block drivers, the "filename" attribute in their BDSs
> is unset due to bdrv_file_open() removing it from the options QDict
> before bdrv_open_common() is able to copy it into the BDS. Fix this by
> not removing it until until bdrv_open_common() has indeed copied it.
> 
> 
> Max Reitz (2):
>   block: Do not prematurely remove "filename"
>   iotests: Add test for set "filename" for NBD
> 
>  block.c| 12 ++--
>  tests/qemu-iotests/097 | 72 
> ++
>  tests/qemu-iotests/097.out | 13 +
>  tests/qemu-iotests/group   |  1 +
>  4 files changed, 95 insertions(+), 3 deletions(-)
>  create mode 100755 tests/qemu-iotests/097
>  create mode 100644 tests/qemu-iotests/097.out

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpiMvruL0p_R.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH qom v2 4/4] irq: Slim conversion of qemu_irq to QOM

[Paolo Bonzini]

Il 19/06/2014 06:57, Peter Crosthwaite ha scritto:

>
> If the next step is to add an "owner" like the one in MemoryRegion, and
> change occurrences of qemu_free_irq to object_unparent,

Sure, I guess its a tree wide much like the one for Memory API though.
Can we do it as follow up though and sneak this through for 2.1?


Sure.

Paolo

Re: [Qemu-devel] [PATCH v3 07/32] target-arm: add non-secure Translation Block flag

[Edgar E. Iglesias]

On Tue, Jun 17, 2014 at 02:07:11PM +0400, Sergey Fedorov wrote:
> On 17.06.2014 13:15, Edgar E. Iglesias wrote:
> > Hi, I think the patch looks OK but I'm unsure if it brings any benefits
> > unless we add separate TLBs for S and NS.
> >
> > I noticed that TTBR0 gets banked in the series, but are changes to
> > SCR.NS flushing the TLBs? I might have missed that from the patches.
> > You'll need it unless we add separate S/NS TLBs.
> >
> > Considering that changes to SCR.NS will flush the TLBs, the
> > use of a per TB ns flag is limited, unless I am missing something...
> 
> Hi Edgar,
> 
> This seems to be used in patch 19/32.

Yes, I actually meant limited use as in having the NS flag in translation
time brings limited performance win or none.

But looking more carefuly, the way we handle cp regs requires the ns bit
at translation time to support direct loads of cpregs (without calling
out to tcg helpers). That is probably enough to motivate the tb flag.

Cheers,
Edgar

> 
> // Sergey
> 
> >
> > Cheers,
> > Edgar
> 

Re: [Qemu-devel] [PATCH qom v2 4/4] irq: Slim conversion of qemu_irq to QOM

[Peter Crosthwaite]

On Thu, Jun 19, 2014 at 12:40 AM, Paolo Bonzini  wrote:
> Il 18/06/2014 09:57, Peter Crosthwaite ha scritto:
>
>> @@ -63,7 +68,7 @@ qemu_irq qemu_allocate_irq(qemu_irq_handler handler,
>> void *opaque, int n)
>>  {
>>  struct IRQState *irq;
>>
>> -irq = g_new(struct IRQState, 1);
>> +irq = IRQ(object_new(TYPE_IRQ));
>>  irq->handler = handler;
>>  irq->opaque = opaque;
>>  irq->n = n;
>> @@ -82,7 +87,7 @@ void qemu_free_irqs(qemu_irq *s, int n)
>>
>>  void qemu_free_irq(qemu_irq irq)
>>  {
>> -g_free(irq);
>> +object_unref(OBJECT(irq));
>>  }
>>
>>  static void qemu_notirq(void *opaque, int line, int level)
>
>
> If the next step is to add an "owner" like the one in MemoryRegion, and
> change occurrences of qemu_free_irq to object_unparent,

Sure, I guess its a tree wide much like the one for Memory API though.
Can we do it as follow up though and sneak this through for 2.1?

Regards,
Peter

> then
>
> Acked-by: Paolo Bonzini 
>
> Paolo
>

[Qemu-devel] [PATCH net v1 1/1] net: cadence_gem: Convert to realize()

[Peter Crosthwaite]

SysBusDevice::init is deprecated. Convert to Object::init and
Device::realize as prescribed by QOM conventions.

Signed-off-by: Peter Crosthwaite 
---

 hw/net/cadence_gem.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index de26609..dff6f21 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1232,24 +1232,24 @@ static NetClientInfo net_gem_info = {
 .link_status_changed = gem_set_link,
 };
 
-static int gem_init(SysBusDevice *sbd)
+static void gem_realize(DeviceState *dev, Error **errp)
 {
-DeviceState *dev = DEVICE(sbd);
 GemState *s = GEM(dev);
 
-DB_PRINT("\n");
-
-gem_init_register_masks(s);
-memory_region_init_io(&s->iomem, OBJECT(s), &gem_ops, s,
-  "enet", sizeof(s->regs));
-sysbus_init_mmio(sbd, &s->iomem);
-sysbus_init_irq(sbd, &s->irq);
 qemu_macaddr_default_if_unset(&s->conf.macaddr);
 
 s->nic = qemu_new_nic(&net_gem_info, &s->conf,
 object_get_typename(OBJECT(dev)), dev->id, s);
+}
 
-return 0;
+static void gem_init(Object *obj)
+{
+GemState *s = GEM(obj);
+
+gem_init_register_masks(s);
+memory_region_init_io(&s->iomem, obj, &gem_ops, s, "enet", 
sizeof(s->regs));
+sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem);
+sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
 }
 
 static const VMStateDescription vmstate_cadence_gem = {
@@ -1275,9 +1275,8 @@ static Property gem_properties[] = {
 static void gem_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass);
 
-sdc->init = gem_init;
+dc->realize = gem_realize;
 dc->props = gem_properties;
 dc->vmsd = &vmstate_cadence_gem;
 dc->reset = gem_reset;
@@ -1287,6 +1286,7 @@ static const TypeInfo gem_info = {
 .name  = TYPE_CADENCE_GEM,
 .parent = TYPE_SYS_BUS_DEVICE,
 .instance_size  = sizeof(GemState),
+.instance_init  = gem_init,
 .class_init = gem_class_init,
 };
 
-- 
2.0.0

Re: [Qemu-devel] [PATCH v10 0/4] Quorum maintainance operations

[Stefan Hajnoczi]

On Mon, Jun 16, 2014 at 12:00:53PM +0200, Benoît Canet wrote:
> in v10:
> address max comments
> 
> Benoît Canet (4):
>   quorum: Add the rewrite-corrupted parameter to quorum
>   block: Add node-name argument to drive-mirror
>   block: Add replaces argument to drive-mirror
>   qemu-iotests: Add TestRepairQuorum to 041 to test drive-mirror
> node-name mode.
> 
>  block.c|  17 
>  block/mirror.c |  60 +++---
>  block/quorum.c |  97 --
>  blockdev.c |  41 +-
>  hmp.c  |   1 +
>  include/block/block.h  |   4 +
>  include/block/block_int.h  |   3 +
>  qapi/block-core.json   |  13 ++-
>  qmp-commands.hx|   5 ++
>  tests/qemu-iotests/041 | 196 
> -
>  tests/qemu-iotests/041.out |   4 +-
>  tests/qemu-iotests/081 |  15 +++-
>  tests/qemu-iotests/081.out |  10 +++
>  13 files changed, 436 insertions(+), 30 deletions(-)

I'm happy with this but need to review Jeff's series first.  Your series
assumes that nodes are protected by op blockers, which they currently
aren't (only the root node has op blockers).  So we need a solution to
that before it's safe to allow operations on nodes - I think Jeff's
series tackles that.

Reviewed-by: Stefan Hajnoczi 


pgp7SP_1_YMBI.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 3/4] virtio-blk-test.c: change pci_nop() to virtblk_init()

[Amos Kong]

On Wed, Jun 18, 2014 at 06:43:49PM +0200, Andreas Färber wrote:
> Am 18.06.2014 18:24, schrieb Amos Kong:
> > I want to add a new subtest in virtio-blk-test.c, it will start
> > guest without network. The original pci_init() did nothing, but
> > it's good to reserve a very simple initialization testing.
> > 
> > Signed-off-by: Amos Kong 
> > Reviewed-by: Stefan Hajnoczi 
> > ---
> >  tests/virtio-blk-test.c | 13 ++---
> >  1 file changed, 6 insertions(+), 7 deletions(-)
> > 
> > diff --git a/tests/virtio-blk-test.c b/tests/virtio-blk-test.c
> > index d53f875..0fdec01 100644
> > --- a/tests/virtio-blk-test.c
> > +++ b/tests/virtio-blk-test.c
> > @@ -12,9 +12,12 @@
> >  #include "libqtest.h"
> >  #include "qemu/osdep.h"
> >  
> > -/* Tests only initialization so far. TODO: Replace with functional tests */
> 
> One thing of note here is that this TODO is neither resolved here nor
> later in this series. Stefan had originally asked me to add it.


We don't treated pci_nop() as test in the past, but in this patch we
rename and split it as a single initialization testing.

We also added another functional test by next patchset.

So we can remove the 'TODO'
 
> Andreas
> 
> > -static void pci_nop(void)
> > +/* Tests only initialization */
> > +static void virtblk_init(void)
> >  {
> > +qtest_start("-drive id=drv0,if=none,file=/dev/null "
> > +"-device virtio-blk-pci,drive=drv0");
> > +qtest_end();
> >  }
> >  
> >  int main(int argc, char **argv)
> [snip]
> 
> -- 
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

-- 
Amos.

Re: [Qemu-devel] [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest

[Amos Kong]

On Thu, Jun 19, 2014 at 04:03:28AM +, Gonglei (Arei) wrote:
> Hi,
> 
> > -Original Message-
> > From: Amos Kong [mailto:ak...@redhat.com]
> > Sent: Thursday, June 19, 2014 11:58 AM
> > To: Stefan Hajnoczi
> > Cc: qemu-devel@nongnu.org; Gonglei (Arei); afaer...@suse.de;
> > pbonz...@redhat.com; kw...@redhat.com
> > Subject: Re: [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest
> > 
> > On Thu, Jun 19, 2014 at 11:49:08AM +0800, Stefan Hajnoczi wrote:
> > > On Thu, Jun 19, 2014 at 12:24:13AM +0800, Amos Kong wrote:
> > > > +for (i = MIN_PCI_SLOT; i <= MAX_PCI_SLOT; i++) {
> > > > +for (j = MAX_PCI_FUNC; j >= 0; j--) {
> > > > +if (j == MAX_PCI_FUNC) {
> > > > +qmp_exec_hmp_cmd("", "drive_del drv-%x.%x", i, 0);
> > > > +}
> > >
> > > Why is only drv-%x.0 deleted?  Previous revisions of this patch series
> > > deleted all drives.
> > 
> > Hot-unplug any single function, all functions in the slot will be
> > removed. So once is enough.
> > 
> IMHO, the below devices as the same as the drive about multifunction 
> hot-unplug, right?

I'm wrong. drive should be hot-unplugged one by one, device will be removed by
slot. PCI device has multifunction feature, not drive.
 
> Best regards,
> -Gonglei

-- 
Amos.

Re: [Qemu-devel] [PATCH 2.1 30/36] qapi event: clean up

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---
>  include/monitor/monitor.h  |  40 -
>  monitor.c  | 220 
> +
>  stubs/Makefile.objs|   1 -
>  stubs/mon-protocol-event.c |   6 --
>  4 files changed, 4 insertions(+), 263 deletions(-)
>  delete mode 100644 stubs/mon-protocol-event.c

For patches 1-30:

Reviewed-by: Eric Blake 

I'll resume my review tomorrow on Paolo's thread-safety patches, but if
Luiz is ready to pull these into his staging tree, then other patches
that are pending on the qapi events (such as Igor's proposal to add
ACPI_DEVICE_OST) will have something to rebase on.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 29/36] qapi event: convert QUORUM events

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---

> +++ b/monitor.c
> @@ -617,6 +617,9 @@ static void monitor_qapi_event_init(void)
>  monitor_qapi_event_throttle(QAPI_EVENT_RTC_CHANGE, 1000);
>  monitor_qapi_event_throttle(QAPI_EVENT_WATCHDOG, 1000);
>  monitor_qapi_event_throttle(QAPI_EVENT_BALLOON_CHANGE, 1000);
> +/* limit the rate of quorum events to avoid hammering the management */
> +monitor_qapi_event_throttle(QAPI_EVENT_QUORUM_REPORT_BAD, 1000);

You could drop this comment; the one several lines earlier states pretty
much the same thing.  But saving it for a followup is okay with me.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 23/36] qapi event: convert other BLOCK_JOB events

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> Since BLOCK_JOB_COMPLETED, BLOCK_JOB_CANCELLED, BLOCK_JOB_READY are
> related, convert them in one patch. The block_job_event_* functions
> are used to keep encapsulation of BlockJob structure.
> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---

> +++ b/include/block/blockjob.h
> @@ -217,12 +217,21 @@ void block_job_pause(BlockJob *job);
>  void block_job_resume(BlockJob *job);
>  
>  /**
> - * qobject_from_block_job:
> + * block_job_event_cancle:

s/cancle/cancel/

At this point, if you need to clean it up in a followup patch instead of
delaying the series, I can live with it.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 22/36] qapi event: convert BLOCK_IMAGE_CORRUPTED

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---

> +# @BLOCK_IMAGE_CORRUPTED
> +#
> +# Emitted when a disk image is being marked corrupt
> +#
> +# @device: device name
> +#
> +# @msg: informative message for human consumption, such as the kind of
> +#   corruption being detected

Not quite as strong as wording in other locations about not parsing the
value because it is allowed to change; but you could change that in a
followup if desired. I'm okay with this commit going in as written.


-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 17/36] qapi event: convert RTC_CHANGE

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> This patch also eliminates build time warning caused by no caller
> of monitor_qapi_event_throttle().

Stale comment, given that earlier in the series we added a workaround to
avoid the warning in the first place.

> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 08/36] qapi: add new schema file qapi-event.json

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---
>  Makefile | 3 ++-
>  qapi-event.json  | 0
>  qapi-schema.json | 2 ++
>  3 files changed, 4 insertions(+), 1 deletion(-)
>  create mode 100644 qapi-event.json
> 
> diff --git a/Makefile b/Makefile
> index f473cf5..7d0c8ec 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -247,7 +247,8 @@ $(SRC_PATH)/qga/qapi-schema.json 
> $(SRC_PATH)/scripts/qapi-commands.py $(qapi-py)
>   "  GEN   $@")
>  
>  qapi-modules = $(SRC_PATH)/qapi-schema.json $(SRC_PATH)/qapi/common.json \
> -   $(SRC_PATH)/qapi/block.json $(SRC_PATH)/qapi/block-core.json
> +   $(SRC_PATH)/qapi/block.json $(SRC_PATH)/qapi/block-core.json \
> +   $(SRC_PATH)/qapi-event.json
>  
>  qapi-types.c qapi-types.h :\
>  $(qapi-modules) $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
> diff --git a/qapi-event.json b/qapi-event.json
> new file mode 100644
> index 000..e69de29
> diff --git a/qapi-schema.json b/qapi-schema.json

Still didn't pick up on my suggestion of at least having a comment in
the new file; but I can live with it.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2.1 07/36] monitor: add an implemention of qapi event emit method

[Eric Blake]

On 06/18/2014 12:43 AM, Paolo Bonzini wrote:
> From: Wenchao Xia 
> 
> The monitor is now hooked on the new event mechanism, so that later
> patches can convert event callers one by one. Most code are copied from
> old monitor_protocol_* functions with some modification.
> 
> Note that two build time warnings will be raised after this patch. One is
> caused by no caller of monitor_qapi_event_throttle(), the other one is
> caused by QAPI_EVENT_MAX = 0. They will be fixed automatically after
> full event conversion later.

This comment is now stale, given...

> 
> Signed-off-by: Wenchao Xia 
> Signed-off-by: Paolo Bonzini 
> ---
>  monitor.c | 128 
> +-
>  1 file changed, 127 insertions(+), 1 deletion(-)

> + * milliseconds
> + */
> +static void __attribute__((__unused__))
> +monitor_qapi_event_throttle(QAPIEvent event, int64_t rate)

>   */
> -static void
> +static void __attribute__((__unused__))
>  monitor_protocol_event_throttle(MonitorEvent event,
>  int64_t rate)

...these workarounds.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest

[Gonglei (Arei)]

Hi,

> -Original Message-
> From: Amos Kong [mailto:ak...@redhat.com]
> Sent: Thursday, June 19, 2014 11:58 AM
> To: Stefan Hajnoczi
> Cc: qemu-devel@nongnu.org; Gonglei (Arei); afaer...@suse.de;
> pbonz...@redhat.com; kw...@redhat.com
> Subject: Re: [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest
> 
> On Thu, Jun 19, 2014 at 11:49:08AM +0800, Stefan Hajnoczi wrote:
> > On Thu, Jun 19, 2014 at 12:24:13AM +0800, Amos Kong wrote:
> > > +for (i = MIN_PCI_SLOT; i <= MAX_PCI_SLOT; i++) {
> > > +for (j = MAX_PCI_FUNC; j >= 0; j--) {
> > > +if (j == MAX_PCI_FUNC) {
> > > +qmp_exec_hmp_cmd("", "drive_del drv-%x.%x", i, 0);
> > > +}
> >
> > Why is only drv-%x.0 deleted?  Previous revisions of this patch series
> > deleted all drives.
> 
> Hot-unplug any single function, all functions in the slot will be
> removed. So once is enough.
> 
IMHO, the below devices as the same as the drive about multifunction 
hot-unplug, right?


Best regards,
-Gonglei

Re: [Qemu-devel] [PATCH v2 3/3] nbd: Follow the BDS' AIO context

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 09:06:43PM +0200, Max Reitz wrote:
> Keep the NBD server always in the same AIO context as the exported BDS
> by calling bdrv_add_aio_context_notifier() and implementing the required
> callbacks.
> 
> Signed-off-by: Max Reitz 
> ---
>  nbd.c | 31 +++
>  1 file changed, 31 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpFGPIZW8S_e.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 2/3] block: Add AIO context notifiers

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 09:06:42PM +0200, Max Reitz wrote:
> If a long-running operation on a BDS wants to always remain in the same
> AIO context, it somehow needs to keep track of the BDS changing its
> context. This adds a function for registering callbacks on a BDS which
> are called whenever the BDS is attached or detached from an AIO context.
> 
> Signed-off-by: Max Reitz 
> ---
>  block.c   | 56 
> +++
>  include/block/block_int.h | 41 ++
>  2 files changed, 97 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgp2td8FH2rNA.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 1/3] nbd: Drop nbd_can_read()

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 09:06:41PM +0200, Max Reitz wrote:
> +static void nbd_update_can_read(NBDClient *client)
> +{
> +bool can_read = client->recv_coroutine ||
> +client->nb_requests < MAX_NBD_REQUESTS;
> +
> +if (can_read != client->can_read) {
> +client->can_read = can_read;
> +nbd_set_handlers(client);
> +
> +/* If we got here, nb_requests had to be MAX_NBD_REQUESTS before */
> +if (client->nb_requests < MAX_NBD_REQUESTS) {
> +aio_notify(client->exp->ctx);
> +}

nbd_set_handlers() indirectly invokes aio_notify(client->exp->ctx) via
aio_set_fd_handler().  This if statement is redundant.


pgpfMBpmKGkmf.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest

[Amos Kong]

On Thu, Jun 19, 2014 at 11:49:08AM +0800, Stefan Hajnoczi wrote:
> On Thu, Jun 19, 2014 at 12:24:13AM +0800, Amos Kong wrote:
> > +for (i = MIN_PCI_SLOT; i <= MAX_PCI_SLOT; i++) {
> > +for (j = MAX_PCI_FUNC; j >= 0; j--) {
> > +if (j == MAX_PCI_FUNC) {
> > +qmp_exec_hmp_cmd("", "drive_del drv-%x.%x", i, 0);
> > +}
> 
> Why is only drv-%x.0 deleted?  Previous revisions of this patch series
> deleted all drives.

Hot-unplug any single function, all functions in the slot will be
removed. So once is enough.
 
> Stefan


-- 
Amos.


pgpNzez1ha03U.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 4/4] virtio-blk-test.c: add hotplug subtest

[Stefan Hajnoczi]

On Thu, Jun 19, 2014 at 12:24:13AM +0800, Amos Kong wrote:
> +for (i = MIN_PCI_SLOT; i <= MAX_PCI_SLOT; i++) {
> +for (j = MAX_PCI_FUNC; j >= 0; j--) {
> +if (j == MAX_PCI_FUNC) {
> +qmp_exec_hmp_cmd("", "drive_del drv-%x.%x", i, 0);
> +}

Why is only drv-%x.0 deleted?  Previous revisions of this patch series
deleted all drives.

Stefan


pgplHNmRvvs9g.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] check NULL opts in qemu_opt_get functions

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 10:47:26AM +0800, Chunyan Liu wrote:
> Some places will call bdrv_create_file(filename, NULL, &local_err), where
> opts is NULL. Check NULL in qemu_opt_get and qemu_opt_get_*_del functions,
> to avoid extra effort of checking opts before calling them every time.
> 
> Signed-off-by: Chunyan Liu 
> ---
> Fix reported bugs:
>  http://lists.gnu.org/archive/html/qemu-devel/2014-06/msg03866.html
> 
> ---
>  util/qemu-option.c | 28 
>  1 file changed, 24 insertions(+), 4 deletions(-)

A subset of QemuOpts functions access NULL opts while others do not, but
that was already the case before this patch.  So this patch looks good
to me.

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpFCy5X6KiYP.pgp
Description: PGP signature

Re: [Qemu-devel] qemu vs. spice-server-devel build failure

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 12:08 AM, Gabriel L. Somlo  wrote:
> On up-to-date F20, once I updated spice-server-devel from
> 0.12.4-3.fc20.x86_64 to 0.12.5-2.fc20.x86_64, I started
> getting the following error during build:

Should be fixed soon.  Please see:
http://lists.freedesktop.org/archives/spice-devel/2014-June/016986.html

Stefan

Re: [Qemu-devel] [PATCH block v1 1/2] block: m25p80: sync_page(): Deindent function body.

[Stefan Hajnoczi]

On Wed, Jun 18, 2014 at 06:36:03PM -0700, Peter Crosthwaite wrote:
> sync_page() was conditionalizing it's whole fn body on the bdrv being
> non-null. Just return for the function immediately on NULL brdv and
> get rid of the big if.
> 
> Makes implementation consistent with flash_zynq_area().
> 
> Signed-off-by: Peter Crosthwaite 
> ---
> 
>  hw/block/m25p80.c | 24 +---
>  1 file changed, 13 insertions(+), 11 deletions(-)

I don't know the hardware in question but from a block layer standpoint,
this series is fine.

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpwaHg78hYAR.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] vfio: Make BARs native endian

[Alexey Kardashevskiy]

On 06/19/2014 10:42 AM, Alexey Kardashevskiy wrote:
> On 06/19/2014 04:57 AM, Alex Williamson wrote:
>> On Wed, 2014-06-18 at 21:35 +1000, Alexey Kardashevskiy wrote:
>>> Slow BAR access path is used when VFIO fails to mmap() BAR or TCG is used.
>>
>> TCG can use the mmap too
> 
> Oh, right.

I'll remove "tcg" and what else is missing here? I thought the original
commit log already had all answers on the questions you askes (or clarified
:) )
Thanks!

> 
> 
>>
>>> Since this is just a transport between the guest and a device, there is
>>> no need to do endianness swapping.
>>>
>>> This changes BARs to use native endianness. Since non-ROM BARs were
>>> doing byte swapping, we need to remove it so does the patch. No change
>>> in behavior is expected though.
>>>
>>> ROM BARs were declared little endian but byte swapping was not
>>> implemented for them so they never actually worked on big endian systems.
>>> This fixes endiannes for ROM BARs: this declares them native endian and
>>> fixes access sizes.
>>
>> So the only actual behavior change we expect from this is to fix ROM
>> access on big endian where we had an unbalanced set of byte swaps.  BAR
>> access worked because the byte swapping in the read/write handler
>> canceled the byte swapping in QEMU because we declared the BARs as
>> little endian.  Otherwise we're just removing canceling byte swaps for
>> big endian.  Is that correct?
> 
> Yes.
> 
>>
>> Also, as the kernel patch appears to not produce any behavioral change,
>> only eliminates canceling swaps, there's no dependency between patches,
>> right?  Thanks,
> 
> That is right.






> 
>>
>> Alex
>>
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>>  hw/misc/vfio.c | 41 +++--
>>>  1 file changed, 31 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
>>> index 7437c2e..3eb3c71 100644
>>> --- a/hw/misc/vfio.c
>>> +++ b/hw/misc/vfio.c
>>> @@ -1052,10 +1052,10 @@ static void vfio_bar_write(void *opaque, hwaddr 
>>> addr,
>>>  buf.byte = data;
>>>  break;
>>>  case 2:
>>> -buf.word = cpu_to_le16(data);
>>> +buf.word = data;
>>>  break;
>>>  case 4:
>>> -buf.dword = cpu_to_le32(data);
>>> +buf.dword = data;
>>>  break;
>>>  default:
>>>  hw_error("vfio: unsupported write size, %d bytes", size);
>>> @@ -1112,10 +1112,10 @@ static uint64_t vfio_bar_read(void *opaque,
>>>  data = buf.byte;
>>>  break;
>>>  case 2:
>>> -data = le16_to_cpu(buf.word);
>>> +data = buf.word;
>>>  break;
>>>  case 4:
>>> -data = le32_to_cpu(buf.dword);
>>> +data = buf.dword;
>>>  break;
>>>  default:
>>>  hw_error("vfio: unsupported read size, %d bytes", size);
>>> @@ -1142,7 +1142,7 @@ static uint64_t vfio_bar_read(void *opaque,
>>>  static const MemoryRegionOps vfio_bar_ops = {
>>>  .read = vfio_bar_read,
>>>  .write = vfio_bar_write,
>>> -.endianness = DEVICE_LITTLE_ENDIAN,
>>> +.endianness = DEVICE_NATIVE_ENDIAN,
>>>  };
>>>  
>>>  static void vfio_pci_load_rom(VFIODevice *vdev)
>>> @@ -1204,21 +1204,42 @@ static void vfio_pci_load_rom(VFIODevice *vdev)
>>>  static uint64_t vfio_rom_read(void *opaque, hwaddr addr, unsigned size)
>>>  {
>>>  VFIODevice *vdev = opaque;
>>> -uint64_t val = ((uint64_t)1 << (size * 8)) - 1;
>>> +union {
>>> +uint8_t byte;
>>> +uint16_t word;
>>> +uint32_t dword;
>>> +uint64_t qword;
>>> +} buf;
>>> +uint64_t data = 0;
>>>  
>>>  /* Load the ROM lazily when the guest tries to read it */
>>>  if (unlikely(!vdev->rom && !vdev->rom_read_failed)) {
>>>  vfio_pci_load_rom(vdev);
>>>  }
>>>  
>>> -memcpy(&val, vdev->rom + addr,
>>> +memcpy(&buf, vdev->rom + addr,
>>> (addr < vdev->rom_size) ? MIN(size, vdev->rom_size - addr) : 0);
>>>  
>>> +switch (size) {
>>> +case 1:
>>> +data = buf.byte;
>>> +break;
>>> +case 2:
>>> +data = buf.word;
>>> +break;
>>> +case 4:
>>> +data = buf.dword;
>>> +break;
>>> +default:
>>> +hw_error("vfio: unsupported read size, %d bytes", size);
>>> +break;
>>> +}
>>> +
>>>  DPRINTF("%s(%04x:%02x:%02x.%x, 0x%"HWADDR_PRIx", 0x%x) = 
>>> 0x%"PRIx64"\n",
>>>  __func__, vdev->host.domain, vdev->host.bus, vdev->host.slot,
>>> -vdev->host.function, addr, size, val);
>>> +vdev->host.function, addr, size, data);
>>>  
>>> -return val;
>>> +return data;
>>>  }
>>>  
>>>  static void vfio_rom_write(void *opaque, hwaddr addr,
>>> @@ -1229,7 +1250,7 @@ static void vfio_rom_write(void *opaque, hwaddr addr,
>>>  static const MemoryRegionOps vfio_rom_ops = {
>>>  .read = vfio_rom_read,
>>>  .write = vfio_rom_write,
>>> -.endianness = DEVICE_LITTLE_ENDIAN,
>>> +.endianness = DEVICE_NATIVE_ENDIAN,
>>>

[Qemu-devel] monitor/mwait support for X86_64

[yan cui]

Hi all,

We want to use QEMU to test some OS features on x86_64 systems. This
feature requires the monitor and mwait instructions on x86, but we do not
know whether QEMU currently support this. I got a QEMU copy from
http://git.qemu.org/qemu.git, and grep "monitor" in the source code tree,
only found results are in the directory target-i386. Does that mean all
supports are limited on i386 systems? Any feedbacks are welcome!


Thanks, Yan


-- 
Think big; Dream impossible; Make it happen.

[Qemu-devel] [PATCH block v1 1/2] block: m25p80: sync_page(): Deindent function body.

[Peter Crosthwaite]

sync_page() was conditionalizing it's whole fn body on the bdrv being
non-null. Just return for the function immediately on NULL brdv and
get rid of the big if.

Makes implementation consistent with flash_zynq_area().

Signed-off-by: Peter Crosthwaite 
---

 hw/block/m25p80.c | 24 +---
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 4076114..e4ef733 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -288,18 +288,20 @@ static void bdrv_sync_complete(void *opaque, int ret)
 
 static void flash_sync_page(Flash *s, int page)
 {
-if (s->bdrv) {
-int bdrv_sector, nb_sectors;
-QEMUIOVector iov;
-
-bdrv_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
-nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
-qemu_iovec_init(&iov, 1);
-qemu_iovec_add(&iov, s->storage + bdrv_sector * BDRV_SECTOR_SIZE,
-nb_sectors * BDRV_SECTOR_SIZE);
-bdrv_aio_writev(s->bdrv, bdrv_sector, &iov, nb_sectors,
-bdrv_sync_complete, NULL);
+int bdrv_sector, nb_sectors;
+QEMUIOVector iov;
+
+if (!s->bdrv) {
+return;
 }
+
+bdrv_sector = (page * s->pi->page_size) / BDRV_SECTOR_SIZE;
+nb_sectors = DIV_ROUND_UP(s->pi->page_size, BDRV_SECTOR_SIZE);
+qemu_iovec_init(&iov, 1);
+qemu_iovec_add(&iov, s->storage + bdrv_sector * BDRV_SECTOR_SIZE,
+   nb_sectors * BDRV_SECTOR_SIZE);
+bdrv_aio_writev(s->bdrv, bdrv_sector, &iov, nb_sectors, bdrv_sync_complete,
+NULL);
 }
 
 static inline void flash_sync_area(Flash *s, int64_t off, int64_t len)
-- 
2.0.0

[Qemu-devel] [PATCH block v1 2/2] block: m25p80: Support read only bdrvs.

[Peter Crosthwaite]

By just never doing write-backs. This is completely invisible to the
guest, as the entire storage area is implemented as device state (at
realize time the entire drive is read in).

Signed-off-by: Peter Crosthwaite 
---

 hw/block/m25p80.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index e4ef733..5893773 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -291,7 +291,7 @@ static void flash_sync_page(Flash *s, int page)
 int bdrv_sector, nb_sectors;
 QEMUIOVector iov;
 
-if (!s->bdrv) {
+if (!s->bdrv || bdrv_is_read_only(s->bdrv)) {
 return;
 }
 
@@ -309,7 +309,7 @@ static inline void flash_sync_area(Flash *s, int64_t off, 
int64_t len)
 int64_t start, end, nb_sectors;
 QEMUIOVector iov;
 
-if (!s->bdrv) {
+if (!s->bdrv || bdrv_is_read_only(s->bdrv)) {
 return;
 }
 
@@ -627,10 +627,6 @@ static int m25p80_init(SSISlave *ss)
 if (dinfo && dinfo->bdrv) {
 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
 s->bdrv = dinfo->bdrv;
-if (bdrv_is_read_only(s->bdrv)) {
-fprintf(stderr, "Can't use a read-only drive");
-return 1;
-}
 
 /* FIXME: Move to late init */
 if (bdrv_read(s->bdrv, 0, s->storage, DIV_ROUND_UP(s->size,
-- 
2.0.0

Re: [Qemu-devel] [PULL 092/103] qapi: make string output visitor parse int list

[Hu Tao]

On Wed, Jun 18, 2014 at 06:02:09PM +0300, Michael S. Tsirkin wrote:
> On Tue, Jun 17, 2014 at 03:45:29PM -0600, Eric Blake wrote:
> > On 06/17/2014 11:41 AM, Michael S. Tsirkin wrote:
> > > From: Hu Tao 
> > > 
> > > Signed-off-by: Hu Tao 
> > > Acked-by: Michael S. Tsirkin 
> > > Tested-by: Michael S. Tsirkin 
> > > Signed-off-by: Michael S. Tsirkin 
> > > 
> > > MST: split up patch
> > > ---
> > >  qapi/string-output-visitor.c   | 229 
> > > +++--
> > >  tests/test-string-output-visitor.c |  38 +-
> > >  2 files changed, 255 insertions(+), 12 deletions(-)
> > > 
> > 
> > > +
> > > +l = sov->ranges;
> > > +while (l) {
> > > +Range *r = l->data;
> > > +format_string(sov, r, l->next != NULL, false);
> > > +l = l->next;
> > > +}
> > >  
> > >  if (sov->human) {
> > > -out = g_strdup_printf("%lld (%#llx)", (long long) *obj, (long 
> > > long) *obj);
> > > -} else {
> > > -out = g_strdup_printf("%lld", (long long) *obj);
> > > +l = sov->ranges;
> > > +g_string_append(sov->string, " (");
> > > +while (l) {
> > > +Range *r = l->data;
> > > +format_string(sov, r, l->next != NULL, false);
> > 
> > Am I reading this correctly that in human mode, you are creating the string:
> > 
> > 16-31 (16-31)
> > 
> > instead of
> > 
> > 16-17 (10-1f)
> > 
> > because you forgot to pass 'true' as the human parameter on one of the
> > two calls to format_string?  Also, this is a worsening of quality; the
> > old code would produce
> > 
> > 16 (0x10)
> > 
> > to make it obvious which number was hex.
> > 
> > > +static void test_visitor_out_intList(TestOutputVisitorData *data,
> > > + const void *unused)
> > > +{
> > > +int64_t value[] = {0, 1, 9, 10, 16, 15, 14,
> > > +3, 4, 5, 6, 11, 12, 13, 21, 22, INT64_MAX - 1, INT64_MAX};
> > 
> > No test of negative numbers?
> > 
> > > +str = string_output_get_string(data->sov);
> > > +g_assert(str != NULL);
> > > +g_assert_cmpstr(str, ==,
> > > +"0-1,3-6,9-16,21-22,9223372036854775806-9223372036854775807");
> > 
> > Shouldn't you also test the human output?
> > 
> > Probably worth a followup patch.
> 
> Hu Tao, could you add tests please?
> I have fixed up other issues.

Sure.

Hu

Re: [Qemu-devel] [PATCH v4 16/29] memory: move preallocation code out of exec.c

[Hu Tao]

On Wed, Jun 18, 2014 at 10:14:23PM +0300, Michael S. Tsirkin wrote:
> On Mon, Jun 09, 2014 at 06:25:21PM +0800, Hu Tao wrote:
> > From: Paolo Bonzini 
> > 
> > So that backends can use it.
> > 
> > Signed-off-by: Paolo Bonzini 
> > Signed-off-by: Hu Tao 
> 
> OK this breaks mingw build because you are moving
> code to posix file and use it unconditionally on all platforms.
> Pls setup mingw build and fix pci branch up, send me fix.

Sure.

Hu

Re: [Qemu-devel] [PATCH] vfio: Make BARs native endian

[Alexey Kardashevskiy]

On 06/19/2014 04:57 AM, Alex Williamson wrote:
> On Wed, 2014-06-18 at 21:35 +1000, Alexey Kardashevskiy wrote:
>> Slow BAR access path is used when VFIO fails to mmap() BAR or TCG is used.
> 
> TCG can use the mmap too

Oh, right.


> 
>> Since this is just a transport between the guest and a device, there is
>> no need to do endianness swapping.
>>
>> This changes BARs to use native endianness. Since non-ROM BARs were
>> doing byte swapping, we need to remove it so does the patch. No change
>> in behavior is expected though.
>>
>> ROM BARs were declared little endian but byte swapping was not
>> implemented for them so they never actually worked on big endian systems.
>> This fixes endiannes for ROM BARs: this declares them native endian and
>> fixes access sizes.
> 
> So the only actual behavior change we expect from this is to fix ROM
> access on big endian where we had an unbalanced set of byte swaps.  BAR
> access worked because the byte swapping in the read/write handler
> canceled the byte swapping in QEMU because we declared the BARs as
> little endian.  Otherwise we're just removing canceling byte swaps for
> big endian.  Is that correct?

Yes.

> 
> Also, as the kernel patch appears to not produce any behavioral change,
> only eliminates canceling swaps, there's no dependency between patches,
> right?  Thanks,

That is right.

> 
> Alex
> 
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>  hw/misc/vfio.c | 41 +++--
>>  1 file changed, 31 insertions(+), 10 deletions(-)
>>
>> diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
>> index 7437c2e..3eb3c71 100644
>> --- a/hw/misc/vfio.c
>> +++ b/hw/misc/vfio.c
>> @@ -1052,10 +1052,10 @@ static void vfio_bar_write(void *opaque, hwaddr addr,
>>  buf.byte = data;
>>  break;
>>  case 2:
>> -buf.word = cpu_to_le16(data);
>> +buf.word = data;
>>  break;
>>  case 4:
>> -buf.dword = cpu_to_le32(data);
>> +buf.dword = data;
>>  break;
>>  default:
>>  hw_error("vfio: unsupported write size, %d bytes", size);
>> @@ -1112,10 +1112,10 @@ static uint64_t vfio_bar_read(void *opaque,
>>  data = buf.byte;
>>  break;
>>  case 2:
>> -data = le16_to_cpu(buf.word);
>> +data = buf.word;
>>  break;
>>  case 4:
>> -data = le32_to_cpu(buf.dword);
>> +data = buf.dword;
>>  break;
>>  default:
>>  hw_error("vfio: unsupported read size, %d bytes", size);
>> @@ -1142,7 +1142,7 @@ static uint64_t vfio_bar_read(void *opaque,
>>  static const MemoryRegionOps vfio_bar_ops = {
>>  .read = vfio_bar_read,
>>  .write = vfio_bar_write,
>> -.endianness = DEVICE_LITTLE_ENDIAN,
>> +.endianness = DEVICE_NATIVE_ENDIAN,
>>  };
>>  
>>  static void vfio_pci_load_rom(VFIODevice *vdev)
>> @@ -1204,21 +1204,42 @@ static void vfio_pci_load_rom(VFIODevice *vdev)
>>  static uint64_t vfio_rom_read(void *opaque, hwaddr addr, unsigned size)
>>  {
>>  VFIODevice *vdev = opaque;
>> -uint64_t val = ((uint64_t)1 << (size * 8)) - 1;
>> +union {
>> +uint8_t byte;
>> +uint16_t word;
>> +uint32_t dword;
>> +uint64_t qword;
>> +} buf;
>> +uint64_t data = 0;
>>  
>>  /* Load the ROM lazily when the guest tries to read it */
>>  if (unlikely(!vdev->rom && !vdev->rom_read_failed)) {
>>  vfio_pci_load_rom(vdev);
>>  }
>>  
>> -memcpy(&val, vdev->rom + addr,
>> +memcpy(&buf, vdev->rom + addr,
>> (addr < vdev->rom_size) ? MIN(size, vdev->rom_size - addr) : 0);
>>  
>> +switch (size) {
>> +case 1:
>> +data = buf.byte;
>> +break;
>> +case 2:
>> +data = buf.word;
>> +break;
>> +case 4:
>> +data = buf.dword;
>> +break;
>> +default:
>> +hw_error("vfio: unsupported read size, %d bytes", size);
>> +break;
>> +}
>> +
>>  DPRINTF("%s(%04x:%02x:%02x.%x, 0x%"HWADDR_PRIx", 0x%x) = 0x%"PRIx64"\n",
>>  __func__, vdev->host.domain, vdev->host.bus, vdev->host.slot,
>> -vdev->host.function, addr, size, val);
>> +vdev->host.function, addr, size, data);
>>  
>> -return val;
>> +return data;
>>  }
>>  
>>  static void vfio_rom_write(void *opaque, hwaddr addr,
>> @@ -1229,7 +1250,7 @@ static void vfio_rom_write(void *opaque, hwaddr addr,
>>  static const MemoryRegionOps vfio_rom_ops = {
>>  .read = vfio_rom_read,
>>  .write = vfio_rom_write,
>> -.endianness = DEVICE_LITTLE_ENDIAN,
>> +.endianness = DEVICE_NATIVE_ENDIAN,
>>  };
>>  
>>  static bool vfio_blacklist_opt_rom(VFIODevice *vdev)
> 
> 
> 


-- 
Alexey

Re: [Qemu-devel] [PATCH] raw: Fix segfault in raw_create when opts is NULL

[Eric Blake]

On 06/18/2014 05:31 PM, Fam Zheng wrote:
> Reported-by: Milos Vyletel 
> Signed-off-by: Fam Zheng 
> ---
>  block/raw-posix.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 

Chunyan's solution looks better:
https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg04104.html


-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/7] spapr: rework memory nodes

[Nishanth Aravamudan]

On 18.06.2014 [16:33:55 -0300], Eduardo Habkost wrote:
> On Wed, Jun 18, 2014 at 11:28:53AM -0700, Nishanth Aravamudan wrote:
> > On 17.06.2014 [16:22:33 -0300], Eduardo Habkost wrote:
> > > On Tue, Jun 17, 2014 at 11:38:16AM -0700, Nishanth Aravamudan wrote:
> > > > On 17.06.2014 [11:07:00 -0300], Eduardo Habkost wrote:
> > > > 
> > > > > > If it is canonical and kosher way of using NUMA in QEMU, ok, we can 
> > > > > > use it.
> > > > > > I just fail to see why we need a requirement for nodes to go 
> > > > > > consequently
> > > > > > here. And it confuses me as a user a bit if I can add "-numa
> > > > > > node,nodeid=22" (no memory, no cpus) but do not get to see it in 
> > > > > > the guest.
> > > > > 
> > > > > I agree with you it is confusing. But before we support that use case,
> > > > > we need to make sure auto-allocation is handled properly, because it
> > > > > would be hard to fix it later without breaking compatibility.
> > > > > 
> > > > > We probably just need a "present" field on struct NodeInfo, so
> > > > > machine-specific code and auto-allocation code can differentiate nodes
> > > > > that are not present on the command-line from empty nodes that were
> > > > > specified in the command-line.
> > > > 
> > > > What/where is struct NodeInfo?
> > > 
> > > It was introduced very recently. See the pull request at:
> > > 
> > >   From: "Michael S. Tsirkin" 
> > >   Message-ID: <1403021756-15960-1-git-send-email-...@redhat.com>
> > >   Subject: [Qemu-devel] [PULL 000/103] pc, pci, virtio, hotplug fixes, 
> > > enhancements for 2.1
> > > 
> > >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> > 
> > Ah thank you very much!
> > 
> > Before I get cracking on some patches, wanted to clarify some things:
> > 
> > 1) We need something like a "present" field to deal with
> > auto-allocation, which indicates a user-specified NUMA node.
> > 
> > 2) We need something like a "defined" field to indicate which entries
> > are actually valid and which aren't just 0 because they weren't ever set
> > in order to support sparse node numbering.
> > 2a) We could add a defined field to indicate the defined
> > entries, iterate over the entire array and skip those not
> > defined [keeps index:nodeid mapping, changes all loops]
> > 2b) We could add a nodeid field to indicate the defined entries,
> > iterate over only nb_numa_nodes [breaks index:nodeid, keeps
> > loops the same, but requires using the nodeid member in the
> > loops, not guaranteed for the array to be sorted on nodeid]
> > 
> > I'm currently in favor of 2b, with perhaps a call to qsort on the array
> > after parsing to sort by node id? I'd have to audit the users of the
> > array to make sure they use the nodeid member and not the index, but
> > that should be straightforward.
> 
> As the holes in the node ID space don't seem to be frequently large, and
> the ID space is currently very small (we support 8-bit IDs only), 2a
> looks much simpler to implement and review. We can always change the
> code to use 2b if we decide to support larger node IDs in the future.

Ah, I didn't even check to see that MAX_NODES is so small, will do.

> (And we don't even need to iterate over the entire array. We just need
> to iterate up to the highest ID seen on the commend-line.)

Yep, that's a good shortcut, will add it to my changes. That is
equivalent, fwiw, to tracking how many valid nodes you've seen in any
given loop and only checking up to the number known).

Thanks,
Nish

[Qemu-devel] [Bug 1331859] [NEW] QEMU kernel panic on Windows with arithmetic syntax error

[Greg Bellows]

Public bug reported:

During attempts to bring-up QEMU 64-bit ARM support I discovered a
kernel panics that only occur on Windows but work properly on Linux.

The issue can be reproduced by running the following command line:

$ ./arm-softmmu/qemu-system-arm -M versatilepb -kernel
$IMAGES/vmlinuz-3.2.0-4-versatile -initrd
$IMAGES/initrd.img-3.2.0-4-versatile -hda
$IMAGES/debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1"

where $IMAGES is the location where the images are downloaded from
http://people.debian.org/~aurel32/qemu/armel/.

This was reproduced with both a custom built QEMU as well as the QEMU
image installed by
http://qemu.weilnetz.de/w32/qemu_w32-setup-20140617.exe.

The same command line runs properly on Linux using a custom built QEMU.

The Windows versions of QEMU do appear to work properly using the arm-
test images available on qemu.org.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1331859

Title:
  QEMU kernel panic on Windows with arithmetic syntax error

Status in QEMU:
  New

Bug description:
  During attempts to bring-up QEMU 64-bit ARM support I discovered a
  kernel panics that only occur on Windows but work properly on Linux.

  The issue can be reproduced by running the following command line:

  $ ./arm-softmmu/qemu-system-arm -M versatilepb -kernel
  $IMAGES/vmlinuz-3.2.0-4-versatile -initrd
  $IMAGES/initrd.img-3.2.0-4-versatile -hda
  $IMAGES/debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1"

  where $IMAGES is the location where the images are downloaded from
  http://people.debian.org/~aurel32/qemu/armel/.

  This was reproduced with both a custom built QEMU as well as the QEMU
  image installed by
  http://qemu.weilnetz.de/w32/qemu_w32-setup-20140617.exe.

  The same command line runs properly on Linux using a custom built
  QEMU.

  The Windows versions of QEMU do appear to work properly using the arm-
  test images available on qemu.org.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1331859/+subscriptions

[Qemu-devel] [PULL] tcg patch queue

[Richard Henderson]

Just one patch queued up this last couple of weeks.


r~


The following changes since commit d279279e2b5cd40dbcc863fb66a695990f304077:

  target-mips: implement UserLocal Register (2014-06-18 18:10:47 +0200)

are available in the git repository at:

  git://github.com/rth7680/qemu.git tcg-next

for you to fetch changes up to bc8d688ff3c164fa717a0411e77621d590c87e3f:

  tcg/optimize: Don't special case TCG_OPF_CALL_CLOBBER (2014-06-18 11:39:02 
-0700)


Richard Henderson (1):
  tcg/optimize: Don't special case TCG_OPF_CALL_CLOBBER

 tcg/optimize.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

[Qemu-devel] [PULL] tcg/optimize: Don't special case TCG_OPF_CALL_CLOBBER

[Richard Henderson]

With the "old" ldst ops we didn't know the real width of the
result of the load, but with the "new" ldst ops we do.

Signed-off-by: Richard Henderson 
---
 tcg/optimize.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/tcg/optimize.c b/tcg/optimize.c
index 16cebbe..34ae3c2 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -911,12 +911,11 @@ static TCGArg *tcg_constant_folding(TCGContext *s, 
uint16_t *tcg_opc_ptr,
 break;
 }
 
-/* 32-bit ops (non 64-bit ops and non load/store ops) generate
-   32-bit results.  For the result is zero test below, we can
-   ignore high bits, but for further optimizations we need to
-   record that the high bits contain garbage.  */
+/* 32-bit ops generate 32-bit results.  For the result is zero test
+   below, we can ignore high bits, but for further optimizations we
+   need to record that the high bits contain garbage.  */
 partmask = mask;
-if (!(def->flags & (TCG_OPF_CALL_CLOBBER | TCG_OPF_64BIT))) {
+if (!(def->flags & TCG_OPF_64BIT)) {
 mask |= ~(tcg_target_ulong)0xu;
 partmask &= 0xu;
 affected &= 0xu;
-- 
1.9.3

[Qemu-devel] [PATCH] raw: Fix segfault in raw_create when opts is NULL

[Fam Zheng]

Reported-by: Milos Vyletel 
Signed-off-by: Fam Zheng 
---
 block/raw-posix.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index dacf4fb..1f45fd8 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -1282,8 +1282,10 @@ static int raw_create(const char *filename, QemuOpts 
*opts, Error **errp)
 strstart(filename, "file:", &filename);
 
 /* Read out options */
-total_size =
-qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0) / BDRV_SECTOR_SIZE;
+if (opts) {
+total_size =
+qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0) / BDRV_SECTOR_SIZE;
+}
 
 fd = qemu_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
0644);
-- 
2.0.0

Re: [Qemu-devel] qemu-img segfault on latest git

[Fam Zheng]

On Wed, 06/18 18:02, Stefan Hajnoczi wrote:
> On Tue, Jun 17, 2014 at 11:08:48AM -0400, Milos Vyletel wrote:
> > I hope this is the right place to report this. I've noticed that I
> > can't run qemu-img convert on latest git version because it segfaults.
> > I've bisected the code and identified that this was caused by
> 
> Thanks for the bug report!

Thanks,

Pointer used withoug checking. I will post a patch and Cc you all.

Fam

> 
> > commit 6f482f742dd841b45297fb0e5f3d2c81779253be
> > Author: Chunyan Liu 
> > Date:   Thu Jun 5 17:21:01 2014 +0800
> > 
> > raw-posix.c: replace QEMUOptionParameter with QemuOpts
> > 
> > Reviewed-by: Stefan Hajnoczi 
> > Signed-off-by: Dong Xu Wang 
> > Signed-off-by: Chunyan Liu 
> > Signed-off-by: Stefan Hajnoczi 
> > 
> > bisect log:
> > git bisect start
> > # bad: [af44da87e926ff64260b95f4350d338c4fc113ca] Merge
> > remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream'
> > into staging
> > git bisect bad af44da87e926ff64260b95f4350d338c4fc113ca
> > # good: [10f08a0a3435afea441db8d0981dbad49042c7cf] qemu-iotests: Test
> > converting to streamOptimized from small cluster size
> > git bisect good 10f08a0a3435afea441db8d0981dbad49042c7cf
> > # good: [1673e89e93e08cbfee7c9b552008e5b39469ad0e] Merge
> > remote-tracking branch 'remotes/kraxel/tags/pull-sdl-3' into staging
> > git bisect good 1673e89e93e08cbfee7c9b552008e5b39469ad0e
> > # good: [a491af471bf8f1188b2665f54d109065d4591e45] json-parser: drop
> > superfluous assignment for token variable
> > git bisect good a491af471bf8f1188b2665f54d109065d4591e45
> > # good: [10582ff832798813ba3a17f13f3ab46250388b47] spapr: Add ibm,
> > chip-id property in device tree
> > git bisect good 10582ff832798813ba3a17f13f3ab46250388b47
> > # good: [6a1eed3f49e0fc5ef94906c0eab5314bc32bc8ae] target-ppc: Make
> > use of gen_spr_book3s_altivec() for POWER7/8
> > git bisect good 6a1eed3f49e0fc5ef94906c0eab5314bc32bc8ae
> > # bad: [bd0cf596fd1200d162e5655adff9c06d40dbdd14] rbd.c: replace
> > QEMUOptionParameter with QemuOpts
> > git bisect bad bd0cf596fd1200d162e5655adff9c06d40dbdd14
> > # good: [8559e45e51edd22dd48d54cce8b0521e6339f3e9] QemuOpts: add
> > conversion between QEMUOptionParameter to QemuOpts
> > git bisect good 8559e45e51edd22dd48d54cce8b0521e6339f3e9
> > # good: [98c10b810a83a0f52b4b5a14a8a36ce0622cb01f] nfs.c: replace
> > QEMUOptionParameter with QemuOpts
> > git bisect good 98c10b810a83a0f52b4b5a14a8a36ce0622cb01f
> > # good: [7ab74849a5724452b35982a6e7d658c25839f5e5] qed.c: replace
> > QEMUOptionParameter with QemuOpts
> > git bisect good 7ab74849a5724452b35982a6e7d658c25839f5e5
> > # bad: [ddef76999396d93b2c7ddfc7e95d5c4bcdeac55a] raw-win32.c: replace
> > QEMUOptionParameter with QemuOpts
> > git bisect bad ddef76999396d93b2c7ddfc7e95d5c4bcdeac55a
> > # bad: [6f482f742dd841b45297fb0e5f3d2c81779253be] raw-posix.c: replace
> > QEMUOptionParameter with QemuOpts
> > git bisect bad 6f482f742dd841b45297fb0e5f3d2c81779253be
> > 
> > test script:
> > #!/bin/bash
> > 
> > make -j 24 clean
> > ./configure
> > make -j 24 qemu-img
> > 
> > ./qemu-img create -f raw ~/qemu-test.img 128M
> > 
> > ./qemu-img convert -p -f raw ~/qemu-test.img -O vmdk \
> > -o adapter_type=lsilogic,subformat=streamOptimized,compat6 \
> > ~/qemu-test.vmdk
> > 
> > [ -f ~/qemu-test.vmdk ] && ret=0 || ret=1
> > 
> > rm -f ~/qemu-test.{img,vmdk}
> > 
> > exit $ret
> > 
> > Milos
> > 

Re: [Qemu-devel] [PATCH 2.1 03/36] qapi: add event helper functions

[Wenchao Xia]

于 2014/6/18 14:43, Paolo Bonzini 写道:
> From: Wenchao Xia 
> 
> This file holds some functions that do not need to be generated.
> 
> Signed-off-by: Wenchao Xia 
> Reviewed-by: Eric Blake 
> Signed-off-by: Paolo Bonzini 
> ---
>   include/qapi/qmp-event.h | 27 ++
>   qapi/Makefile.objs   |  1 +
>   qapi/qmp-event.c | 74 
> 
>   3 files changed, 102 insertions(+)
>   create mode 100644 include/qapi/qmp-event.h
>   create mode 100644 qapi/qmp-event.c
> 
> diff --git a/include/qapi/qmp-event.h b/include/qapi/qmp-event.h
> new file mode 100644
> index 000..8a8ffb5
> --- /dev/null
> +++ b/include/qapi/qmp-event.h
> @@ -0,0 +1,27 @@
> +/*
> + * QMP Event related
> + *
> + * Copyright (c) 2014 Wenchao Xia
> + *
> + * Authors:
> + *  Wenchao Xia   
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or 
> later.
> + * See the COPYING.LIB file in the top-level directory.
> + *
> + */
> +
> +#ifndef QMP_EVENT_H
> +#define QMP_EVENT_H
> +
> +#include "qapi/error.h"
> +#include "qapi/qmp/qdict.h"
> +
> +typedef void (*QMPEventFuncEmit)(unsigned event, QDict *dict, Error **errp);
> +

  Using unsigned instead of QAPIEvent works around the include issue,
and also fix the type cast issue in implemention function that Eric
mentioned. It is nice to me, +1.

> +void qmp_event_set_func_emit(QMPEventFuncEmit emit);
> +
> +QMPEventFuncEmit qmp_event_get_func_emit(void);
> +
> +QDict *qmp_event_build_dict(const char *event_name);
> +#endif
> diff --git a/qapi/Makefile.objs b/qapi/Makefile.objs
> index 1f9c973..d14b769 100644
> --- a/qapi/Makefile.objs
> +++ b/qapi/Makefile.objs
> @@ -3,3 +3,4 @@ util-obj-y += qmp-output-visitor.o qmp-registry.o 
> qmp-dispatch.o
>   util-obj-y += string-input-visitor.o string-output-visitor.o
>   
>   util-obj-y += opts-visitor.o
> +util-obj-y += qmp-event.o
> diff --git a/qapi/qmp-event.c b/qapi/qmp-event.c
> new file mode 100644
> index 000..0d1ce0b
> --- /dev/null
> +++ b/qapi/qmp-event.c
> @@ -0,0 +1,74 @@
> +/*
> + * QMP Event related
> + *
> + * Copyright (c) 2014 Wenchao Xia
> + *
> + * Authors:
> + *  Wenchao Xia   
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.1 or 
> later.
> + * See the COPYING.LIB file in the top-level directory.
> + *
> + */
> +
> +#include 
> +
> +#include "qemu-common.h"
> +#include "qapi/qmp-event.h"
> +#include "qapi/qmp/qstring.h"
> +#include "qapi/qmp/qjson.h"
> +
> +#ifdef _WIN32
> +#include "sysemu/os-win32.h"
> +#endif
> +
> +#ifdef CONFIG_POSIX
> +#include "sysemu/os-posix.h"
> +#endif
> +
> +static QMPEventFuncEmit qmp_emit;
> +
> +void qmp_event_set_func_emit(QMPEventFuncEmit emit)
> +{
> +qmp_emit = emit;
> +}
> +
> +QMPEventFuncEmit qmp_event_get_func_emit(void)
> +{
> +return qmp_emit;
> +}
> +
> +static void timestamp_put(QDict *qdict)
> +{
> +int err;
> +QObject *obj;
> +qemu_timeval tv;
> +int64_t sec, usec;
> +
> +err = qemu_gettimeofday(&tv);
> +if (err < 0) {
> +/* Put -1 to indicate failure of getting host time */
> +sec = -1;
> +usec = -1;
> +} else {
> +sec = tv.tv_sec;
> +usec = tv.tv_usec;
> +}
> +
> +obj = qobject_from_jsonf("{ 'seconds': %" PRId64 ", "
> + "'microseconds': %" PRId64 " }",
> + sec, usec);
> +qdict_put_obj(qdict, "timestamp", obj);
> +}
> +
> +/*
> + * Build a QDict, then fill event name and time stamp, caller should free the
> + * QDict after usage.
> + */
> +QDict *qmp_event_build_dict(const char *event_name)
> +{
> +QDict *dict = qdict_new();
> +qdict_put(dict, "event", qstring_from_str(event_name));
> +timestamp_put(dict);
> +return dict;
> +}
> 

Re: [Qemu-devel] [PATCH V6 03/29] qapi script: add event support

[Wenchao Xia]

于 2014/6/18 14:06, Paolo Bonzini 写道:

Il 18/06/2014 05:33, Eric Blake ha scritto:

> +# This work is licensed under the terms of the GNU GPL, version 2.
> +# See the COPYING file in the top-level directory.

Any reason this can't be GPLv2+ instead of GPLv2-only?


I suppose because it copies parts of other qapi-* scripts. :(

Paolo


  Yes, feel free to change the license.

[Qemu-devel] [Bug 1308341] Re: Multiple CPUs causes blue screen on Windows guest (14.04 regression)

[Steve]

I was able to work around this by downgrading the kernel on a Ubuntu 14
box to 3.12.20-031220-generic #201405160935 (and of course wasn't seeing
this with Ubuntu 12).

I've periodically tried booting back to the standard Ubuntu 14 3.13
kernel to see if it's been fixed (and also tried 3.13-lowlatency) but I
get a W2k8R2 server hang with KVM within the first ~24 hours of boot
each time.

This is a dual-processor machine.  Also, with 3.13, I was getting these
messages on a semi-periodic basis (may be related):

May 30 20:23:53 kernel: [0.00] Linux version
3.13.0-27-lowlatency (buildd@akateko) (gcc version 4.8.2 (Ubuntu
4.8.2-19ubuntu1) ) #50-Ubuntu SMP PREEMPT Thu May 15 18:36:04 UTC 2014
(Ubuntu 3.13.0-27.50-lowlatency 3.13.11

May 31 14:15:40 kernel: [64348.760175] INFO: task qemu-system-x86:4151 blocked 
for more than 120 seconds.
May 31 14:15:40 kernel: [64348.767491]   Not tainted 3.13.0-27-lowlatency 
#50-Ubuntu
May 31 14:15:40 kernel: [64348.773291] "echo 0 > 
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
May 31 14:15:40 kernel: [64348.781205] qemu-system-x86 D 881fffc34600 0 
 4151  1 0x
May 31 14:15:40 kernel: [64348.781210]  881fcf5e3de8 0002 
881fbf14 881fcf5e3fd8
May 31 14:15:40 kernel: [64348.781215]  00014600 00014600 
881fbf14 881fbf14
May 31 14:15:40 kernel: [64348.781218]  883fcfac7060 883fcfac7068 
7f3809e0 881fbf14
May 31 14:15:40 kernel: [64348.781221] Call Trace:
May 31 14:15:40 kernel: [64348.781230]  [] schedule+0x29/0x70
May 31 14:15:40 kernel: [64348.781237]  [] 
rwsem_down_read_failed+0xcd/0x130
May 31 14:15:40 kernel: [64348.781243]  [] 
call_rwsem_down_read_failed+0x14/0x30
May 31 14:15:40 kernel: [64348.781247]  [] ? 
down_read+0x17/0x20
May 31 14:15:40 kernel: [64348.781252]  [] 
task_numa_work+0xd2/0x300
May 31 14:15:40 kernel: [64348.781254]  [] ? 
account_user_time+0x8b/0xa0
May 31 14:15:40 kernel: [64348.781259]  [] 
task_work_run+0xa7/0xe0
May 31 14:15:40 kernel: [64348.781264]  [] 
do_notify_resume+0x97/0xb0
May 31 14:15:40 kernel: [64348.781268]  [] 
int_signal+0x12/0x17

I'm not seeing any kernel errors with the 3.12 kernel.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1308341

Title:
  Multiple CPUs causes blue screen on Windows guest (14.04 regression)

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Confirmed
Status in “virt-manager” package in Ubuntu:
  Confirmed

Bug description:
  Configuring a Windows 7 guest using more than one CPU cases the guest to 
fail. This happens after a few hours after guest boot. This is the error on the 
blue screen:
  "A clock interrupt was not received on a secondary processor within the 
allocated time interval"

  After resetting, the guest will never boot and a new bluescreen with
  the error "STOP: 0x005c" appears. Shutting down the guest
  completely and restarting it will allow it to boot and run for a few
  hours again.

  The guest was created using virt-manager. The error happens with or
  without virtio devices and with both 32-bit and 64-bit Windows 7
  guests.

  I am using Ubuntu 14.04 release candidate.

  qemu-kvm version 2.0.0~rc1+dfsg-0ubuntu3

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1308341/+subscriptions

Re: [Qemu-devel] [qom-cpu PATCH 2/3] target-i386: Remove unsupported bits from all CPU models

[Eric Blake]

On 06/18/2014 01:55 PM, Eduardo Habkost wrote:
> The following CPU features were never supported by neither TCG or KVM,
> so they are useless on the CPU model definitions, today:
> 

The overall idea of this series makes sense to me (yes, I'd love to get
libvirt to the point that we can use enforce mode), but I decline to
review the actual contents (it's a bit over my head how all the models
work) and leave it to the experts.  But here's a trivial finding:

> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 8de1566..2f32d29 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -680,10 +680,11 @@ static X86CPUDefinition builtin_x86_defs[] = {
>  .family = 16,
>  .model = 2,
>  .stepping = 3,
> +/* MIssing: CPUID_HT */

s/MIssing/Missing/


-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] net: fix vhost-user mingw compilation

[Nikolay Nikolaev]

Make net.o linkage expect net_init_vhost_user only when
CONFIG_VHOST_NET is defined.

Signed-off-by: Nikolay Nikolaev 
---
 net/net.c |4 
 1 file changed, 4 insertions(+)

diff --git a/net/net.c b/net/net.c
index de76e30..0c30414 100644
--- a/net/net.c
+++ b/net/net.c
@@ -803,7 +803,9 @@ static int (* const 
net_client_init_fun[NET_CLIENT_OPTIONS_KIND_MAX])(
 [NET_CLIENT_OPTIONS_KIND_BRIDGE]= net_init_bridge,
 #endif
 [NET_CLIENT_OPTIONS_KIND_HUBPORT]   = net_init_hubport,
+#ifdef CONFIG_VHOST_NET
 [NET_CLIENT_OPTIONS_KIND_VHOST_USER] = net_init_vhost_user,
+#endif
 };
 
 
@@ -837,7 +839,9 @@ static int net_client_init1(const void *object, int 
is_netdev, Error **errp)
 case NET_CLIENT_OPTIONS_KIND_BRIDGE:
 #endif
 case NET_CLIENT_OPTIONS_KIND_HUBPORT:
+#ifdef CONFIG_VHOST_NET
 case NET_CLIENT_OPTIONS_KIND_VHOST_USER:
+#endif
 break;
 
 default:

[Qemu-devel] [qom-cpu PATCH 2/3] target-i386: Remove unsupported bits from all CPU models

[Eduardo Habkost]

The following CPU features were never supported by neither TCG or KVM,
so they are useless on the CPU model definitions, today:

 * CPUID_DTS (DS)
 * CPUID_HT
 * CPUID_TM
 * CPUID_PBE
 * CPUID_EXT_DTES64
 * CPUID_EXT_DSCPL
 * CPUID_EXT_EST
 * CPUID_EXT_TM2
 * CPUID_EXT_XTPR
 * CPUID_EXT_PDCM
 * CPUID_SVM_LBRV

As using "enforce" mode is the only way to ensure guest ABI doesn't
change when moving to a different host, we should make "enforce" mode
the default or at least encourage management software to always use it.

In turn, to make "enforce" usable, we need CPU models that work without
always requiring some features to be explicitly disabled. This patch
removes the above features from all CPU model definitions.

We won't need any machine-type compat code for those changes, because it
is impossible to have existing VMs with those features enabled.

Signed-off-by: Eduardo Habkost 
Cc: Aurelien Jarno 
---
 target-i386/cpu.c | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 8de1566..2f32d29 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -680,10 +680,11 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .family = 16,
 .model = 2,
 .stepping = 3,
+/* MIssing: CPUID_HT */
 .features[FEAT_1_EDX] =
 PPRO_FEATURES |
 CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
-CPUID_PSE36 | CPUID_VME | CPUID_HT,
+CPUID_PSE36 | CPUID_VME,
 .features[FEAT_1_ECX] =
 CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_CX16 |
 CPUID_EXT_POPCNT,
@@ -699,8 +700,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .features[FEAT_8000_0001_ECX] =
 CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM |
 CPUID_EXT3_ABM | CPUID_EXT3_SSE4A,
+/* Missing: CPUID_SVM_LBRV */
 .features[FEAT_SVM] =
-CPUID_SVM_NPT | CPUID_SVM_LBRV,
+CPUID_SVM_NPT,
 .xlevel = 0x801A,
 .model_id = "AMD Phenom(tm) 9550 Quad-Core Processor"
 },
@@ -711,15 +713,16 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .family = 6,
 .model = 15,
 .stepping = 11,
+/* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
 .features[FEAT_1_EDX] =
 PPRO_FEATURES |
 CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
-CPUID_PSE36 | CPUID_VME | CPUID_DTS | CPUID_ACPI | CPUID_SS |
-CPUID_HT | CPUID_TM | CPUID_PBE,
+CPUID_PSE36 | CPUID_VME | CPUID_ACPI | CPUID_SS,
+/* Missing: CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_EST,
+ * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM */
 .features[FEAT_1_ECX] =
 CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
-CPUID_EXT_DTES64 | CPUID_EXT_DSCPL | CPUID_EXT_VMX | CPUID_EXT_EST 
|
-CPUID_EXT_TM2 | CPUID_EXT_CX16 | CPUID_EXT_XTPR | CPUID_EXT_PDCM,
+CPUID_EXT_VMX | CPUID_EXT_CX16,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
 .features[FEAT_8000_0001_ECX] =
@@ -794,13 +797,15 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .family = 6,
 .model = 14,
 .stepping = 8,
+/* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
 .features[FEAT_1_EDX] =
 PPRO_FEATURES | CPUID_VME |
-CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_DTS | CPUID_ACPI |
-CPUID_SS | CPUID_HT | CPUID_TM | CPUID_PBE,
+CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_ACPI |
+CPUID_SS,
+/* Missing: CPUID_EXT_EST, CPUID_EXT_TM2 , CPUID_EXT_XTPR,
+ * CPUID_EXT_PDCM */
 .features[FEAT_1_ECX] =
-CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_VMX |
-CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR | CPUID_EXT_PDCM,
+CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_VMX,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_NX,
 .xlevel = 0x8008,
@@ -873,14 +878,16 @@ static X86CPUDefinition builtin_x86_defs[] = {
 .family = 6,
 .model = 28,
 .stepping = 2,
+/* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
 .features[FEAT_1_EDX] =
 PPRO_FEATURES |
-CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_VME | CPUID_DTS |
-CPUID_ACPI | CPUID_SS | CPUID_HT | CPUID_TM | CPUID_PBE,
+CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_VME |
+CPUID_ACPI | CPUID_SS,
 /* Some CPUs got no CPUID_SEP */
+/* Missing: CPUID_EXT_DSCPL, CPUID_EXT_EST, CPUID_EXT_TM2,
+ * CPUID_EXT_XTPR */
 .features[FEAT_1_ECX] =
 CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
-CPUID_EXT_DSCPL | CPUID_EXT_EST | CPUID_EXT_TM2 | CPUID_EXT_XTPR |
 CPU

[Qemu-devel] [qom-cpu PATCH 1/3] target-i386: Disable CPUID_ACPI by default on KVM mode

[Eduardo Habkost]

KVM never supported the CPUID_ACPI flag, so it doesn't make sense to
have it enabled by default when KVM is enabled.

The motivation here is exactly the same we had for the MONITOR flag.

And like on the MONITOR flag case, we don't need machine-type compat code
because it is currently impossible to run a KVM VM with the ACPI flag set.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index de09ca2..8de1566 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -461,6 +461,7 @@ static uint32_t kvm_default_features[FEATURE_WORDS] = {
 /* Features that are not added by default to any CPU model when KVM is enabled.
  */
 static uint32_t kvm_default_unset_features[FEATURE_WORDS] = {
+[FEAT_1_EDX] = CPUID_ACPI,
 [FEAT_1_ECX] = CPUID_EXT_MONITOR,
 };
 
-- 
1.9.3

[Qemu-devel] [qom-cpu PATCH 3/3] target-i386: Don't enable nested VMX by default

[Eduardo Habkost]

TCG doesn't support VMX, and nested VMX is not enabled by default on the
KVM kernel module.

So, there's no reason to have VMX enabled by default on the core2duo and
coreduo CPU models, today. Even the newer Intel CPU model definitions
don't have it enabled.

In this case, we need machine-type compat code, as people may be running
the older machine-types on hosts that had VMX nesting enabled.

Signed-off-by: Eduardo Habkost 
---
 hw/i386/pc_piix.c | 2 ++
 hw/i386/pc_q35.c  | 2 ++
 target-i386/cpu.c | 8 
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index a48e263..61882d5 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -267,6 +267,8 @@ static void pc_init_pci(MachineState *machine)
 static void pc_compat_2_0(MachineState *machine)
 {
 smbios_legacy_mode = true;
+x86_cpu_compat_set_features("coreduo", FEAT_1_ECX, CPUID_EXT_VMX, 0);
+x86_cpu_compat_set_features("core2duo", FEAT_1_ECX, CPUID_EXT_VMX, 0);
 }
 
 static void pc_compat_1_7(MachineState *machine)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index b3c02c1..3949267 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -245,6 +245,8 @@ static void pc_q35_init(MachineState *machine)
 static void pc_compat_2_0(MachineState *machine)
 {
 smbios_legacy_mode = true;
+x86_cpu_compat_set_features("coreduo", FEAT_1_ECX, CPUID_EXT_VMX, 0);
+x86_cpu_compat_set_features("core2duo", FEAT_1_ECX, CPUID_EXT_VMX, 0);
 }
 
 static void pc_compat_1_7(MachineState *machine)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 2f32d29..6bd44e1 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -719,10 +719,10 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
 CPUID_PSE36 | CPUID_VME | CPUID_ACPI | CPUID_SS,
 /* Missing: CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_EST,
- * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM */
+ * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_VMX */
 .features[FEAT_1_ECX] =
 CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
-CPUID_EXT_VMX | CPUID_EXT_CX16,
+CPUID_EXT_CX16,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
 .features[FEAT_8000_0001_ECX] =
@@ -803,9 +803,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_ACPI |
 CPUID_SS,
 /* Missing: CPUID_EXT_EST, CPUID_EXT_TM2 , CPUID_EXT_XTPR,
- * CPUID_EXT_PDCM */
+ * CPUID_EXT_PDCM, CPUID_EXT_VMX */
 .features[FEAT_1_ECX] =
-CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_VMX,
+CPUID_EXT_SSE3 | CPUID_EXT_MONITOR,
 .features[FEAT_8000_0001_EDX] =
 CPUID_EXT2_NX,
 .xlevel = 0x8008,
-- 
1.9.3

[Qemu-devel] [qom-cpu PATCH 0/3] target-i386: Make most CPU models work with "enforce" out of the box

[Eduardo Habkost]

Most of the bits that make "enforce" breaks were introduced in 2010 by commit
8560efed6a72a816c0115f41ddb9d79f7ce63f28. The intention behind that commit made
sense, the only problem is that we can't guarantee guest ABI stability across
hosts if we simply rely on trimming of CPU features based on host capabilities.

So, this series remove CPUID bits from the CPU model definitions so they become
defaults that: 1) won't unexpectly stop working when we start using the
"enforce" flag; 2) won't silently break the guest ABI when TCG or KVM start
supporting new features.

There's only one non-trivial case left: the qemu32/qemu64 models. The problem
with them is that we have conflicting expectations about it, from different
users:

TCG users expect the default CPU model to contain most TCG-supported features
(and it makes sense). See, for example, commit
f1e00a9cf326acc1f2386a72525af8859852e1df.

KVM users expect the default CPU model to be a conservative choice which will
work on most host CPUs (and will only contain features that are supported by
KVM).

We could solve the qemu32/qemu64 issue by having different defaults for TCG and
KVM. But we have existinting management code (libvirt) that already expects
qemu32 or qemu64 to be the default, and changing the default would break that
code. I will send an RFC to address that later.

Cc: Aurelien Jarno 
Cc: Paolo Bonzini 
Cc: k...@vger.kernel.org

Eduardo Habkost (3):
  target-i386: Disable CPUID_ACPI by default on KVM mode
  target-i386: Remove unsupported bits from all CPU models
  target-i386: Don't enable nested VMX by default

 hw/i386/pc_piix.c |  2 ++
 hw/i386/pc_q35.c  |  2 ++
 target-i386/cpu.c | 34 +-
 3 files changed, 25 insertions(+), 13 deletions(-)

-- 
1.9.3

[Qemu-devel] [Bug 1308341] Missing required logs.

[Brad Figg]

This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:

apport-collect 1308341

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

** Changed in: linux (Ubuntu)
   Status: New => Incomplete

** Tags added: trusty

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1308341

Title:
  Multiple CPUs causes blue screen on Windows guest (14.04 regression)

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  Incomplete
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  Configuring a Windows 7 guest using more than one CPU cases the guest to 
fail. This happens after a few hours after guest boot. This is the error on the 
blue screen:
  "A clock interrupt was not received on a secondary processor within the 
allocated time interval"

  After resetting, the guest will never boot and a new bluescreen with
  the error "STOP: 0x005c" appears. Shutting down the guest
  completely and restarting it will allow it to boot and run for a few
  hours again.

  The guest was created using virt-manager. The error happens with or
  without virtio devices and with both 32-bit and 64-bit Windows 7
  guests.

  I am using Ubuntu 14.04 release candidate.

  qemu-kvm version 2.0.0~rc1+dfsg-0ubuntu3

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1308341/+subscriptions

Re: [Qemu-devel] [PATCH 0/7] spapr: rework memory nodes

[Eduardo Habkost]

On Wed, Jun 18, 2014 at 11:28:53AM -0700, Nishanth Aravamudan wrote:
> On 17.06.2014 [16:22:33 -0300], Eduardo Habkost wrote:
> > On Tue, Jun 17, 2014 at 11:38:16AM -0700, Nishanth Aravamudan wrote:
> > > On 17.06.2014 [11:07:00 -0300], Eduardo Habkost wrote:
> > > 
> > > > > If it is canonical and kosher way of using NUMA in QEMU, ok, we can 
> > > > > use it.
> > > > > I just fail to see why we need a requirement for nodes to go 
> > > > > consequently
> > > > > here. And it confuses me as a user a bit if I can add "-numa
> > > > > node,nodeid=22" (no memory, no cpus) but do not get to see it in the 
> > > > > guest.
> > > > 
> > > > I agree with you it is confusing. But before we support that use case,
> > > > we need to make sure auto-allocation is handled properly, because it
> > > > would be hard to fix it later without breaking compatibility.
> > > > 
> > > > We probably just need a "present" field on struct NodeInfo, so
> > > > machine-specific code and auto-allocation code can differentiate nodes
> > > > that are not present on the command-line from empty nodes that were
> > > > specified in the command-line.
> > > 
> > > What/where is struct NodeInfo?
> > 
> > It was introduced very recently. See the pull request at:
> > 
> >   From: "Michael S. Tsirkin" 
> >   Message-ID: <1403021756-15960-1-git-send-email-...@redhat.com>
> >   Subject: [Qemu-devel] [PULL 000/103] pc, pci, virtio, hotplug fixes, 
> > enhancements for 2.1
> > 
> >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> 
> Ah thank you very much!
> 
> Before I get cracking on some patches, wanted to clarify some things:
> 
> 1) We need something like a "present" field to deal with
> auto-allocation, which indicates a user-specified NUMA node.
> 
> 2) We need something like a "defined" field to indicate which entries
> are actually valid and which aren't just 0 because they weren't ever set
> in order to support sparse node numbering.
>   2a) We could add a defined field to indicate the defined
>   entries, iterate over the entire array and skip those not
>   defined [keeps index:nodeid mapping, changes all loops]
>   2b) We could add a nodeid field to indicate the defined entries,
>   iterate over only nb_numa_nodes [breaks index:nodeid, keeps
>   loops the same, but requires using the nodeid member in the
>   loops, not guaranteed for the array to be sorted on nodeid]
> 
> I'm currently in favor of 2b, with perhaps a call to qsort on the array
> after parsing to sort by node id? I'd have to audit the users of the
> array to make sure they use the nodeid member and not the index, but
> that should be straightforward.

As the holes in the node ID space don't seem to be frequently large, and
the ID space is currently very small (we support 8-bit IDs only), 2a
looks much simpler to implement and review. We can always change the
code to use 2b if we decide to support larger node IDs in the future.

(And we don't even need to iterate over the entire array. We just need
to iterate up to the highest ID seen on the commend-line.)

-- 
Eduardo

Re: [Qemu-devel] [PATCH 0/3] Fixups for vhost-user

[Michael S. Tsirkin]

On Wed, Jun 18, 2014 at 10:15:11PM +0300, Michael S. Tsirkin wrote:
> On Fri, Jun 13, 2014 at 09:49:38AM +0300, Nikolay Nikolaev wrote:
> > This is a series of fixups that replace 'memory-file' with 
> > 'memory-backend-file'. This is the object type used in the newest (since v4)
> > NUMA series for the file based host memory backend.
> > 
> > The patches are against git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git 
> > branch 'vhost'. Tested after rebasing on same tree branch 'numa'.
> 
> mingw builds seem to be broken by these
> pls check out pci tree and fix vhost user related
> mingw breakage.
> 
> Thanks!

specifically link fails with
../net/net.o:net.c:(.rdata+0x4a8): undefined reference to `net_init_vhost_user'


> > ---
> > 
> > Nikolay Nikolaev (3):
> >   fixup! Add vhost-user as a vhost backend.
> >   fixup! Add the vhost-user netdev backend to the command line
> >   fixup! Add qtest for vhost-user
> > 
> > 
> >  docs/specs/vhost-user.txt |  266 ++
> >  hmp-commands.hx   |4 -
> >  hw/net/vhost_net.c|   39 ++
> >  hw/virtio/vhost-user.c|2 
> >  include/net/vhost-user.h  |   17 ++
> >  net/Makefile.objs |2 
> >  net/clients.h |3 
> >  net/hub.c |1 
> >  net/net.c |3 
> >  net/vhost-user.c  |  258 +
> >  qapi-schema.json  |   19 +++
> >  qemu-options.hx   |   18 +++
> >  stubs/Makefile.objs   |8 +
> >  stubs/bdrv-commit-all.c   |7 +
> >  stubs/chr-msmouse.c   |7 +
> >  stubs/get-next-serial.c   |3 
> >  stubs/is-daemonized.c |7 +
> >  stubs/machine-init-done.c |6 +
> >  stubs/monitor-init.c  |6 +
> >  stubs/notify-event.c  |6 +
> >  stubs/vc-init.c   |7 +
> >  tests/Makefile|4 +
> >  tests/vhost-user-test.c   |  312 
> > +
> >  23 files changed, 1000 insertions(+), 5 deletions(-)
> >  create mode 100644 docs/specs/vhost-user.txt
> >  create mode 100644 include/net/vhost-user.h
> >  create mode 100644 net/vhost-user.c
> >  create mode 100644 stubs/bdrv-commit-all.c
> >  create mode 100644 stubs/chr-msmouse.c
> >  create mode 100644 stubs/get-next-serial.c
> >  create mode 100644 stubs/is-daemonized.c
> >  create mode 100644 stubs/machine-init-done.c
> >  create mode 100644 stubs/monitor-init.c
> >  create mode 100644 stubs/notify-event.c
> >  create mode 100644 stubs/vc-init.c
> >  create mode 100644 tests/vhost-user-test.c
> > 
> > --
> > Signature

Re: [Qemu-devel] [PATCH 0/3] Fixups for vhost-user

[Michael S. Tsirkin]

On Fri, Jun 13, 2014 at 09:49:38AM +0300, Nikolay Nikolaev wrote:
> This is a series of fixups that replace 'memory-file' with 
> 'memory-backend-file'. This is the object type used in the newest (since v4)
> NUMA series for the file based host memory backend.
> 
> The patches are against git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git 
> branch 'vhost'. Tested after rebasing on same tree branch 'numa'.

mingw builds seem to be broken by these
pls check out pci tree and fix vhost user related
mingw breakage.

Thanks!

> ---
> 
> Nikolay Nikolaev (3):
>   fixup! Add vhost-user as a vhost backend.
>   fixup! Add the vhost-user netdev backend to the command line
>   fixup! Add qtest for vhost-user
> 
> 
>  docs/specs/vhost-user.txt |  266 ++
>  hmp-commands.hx   |4 -
>  hw/net/vhost_net.c|   39 ++
>  hw/virtio/vhost-user.c|2 
>  include/net/vhost-user.h  |   17 ++
>  net/Makefile.objs |2 
>  net/clients.h |3 
>  net/hub.c |1 
>  net/net.c |3 
>  net/vhost-user.c  |  258 +
>  qapi-schema.json  |   19 +++
>  qemu-options.hx   |   18 +++
>  stubs/Makefile.objs   |8 +
>  stubs/bdrv-commit-all.c   |7 +
>  stubs/chr-msmouse.c   |7 +
>  stubs/get-next-serial.c   |3 
>  stubs/is-daemonized.c |7 +
>  stubs/machine-init-done.c |6 +
>  stubs/monitor-init.c  |6 +
>  stubs/notify-event.c  |6 +
>  stubs/vc-init.c   |7 +
>  tests/Makefile|4 +
>  tests/vhost-user-test.c   |  312 
> +
>  23 files changed, 1000 insertions(+), 5 deletions(-)
>  create mode 100644 docs/specs/vhost-user.txt
>  create mode 100644 include/net/vhost-user.h
>  create mode 100644 net/vhost-user.c
>  create mode 100644 stubs/bdrv-commit-all.c
>  create mode 100644 stubs/chr-msmouse.c
>  create mode 100644 stubs/get-next-serial.c
>  create mode 100644 stubs/is-daemonized.c
>  create mode 100644 stubs/machine-init-done.c
>  create mode 100644 stubs/monitor-init.c
>  create mode 100644 stubs/notify-event.c
>  create mode 100644 stubs/vc-init.c
>  create mode 100644 tests/vhost-user-test.c
> 
> --
> Signature

Re: [Qemu-devel] [PATCH v4 16/29] memory: move preallocation code out of exec.c

[Michael S. Tsirkin]

On Mon, Jun 09, 2014 at 06:25:21PM +0800, Hu Tao wrote:
> From: Paolo Bonzini 
> 
> So that backends can use it.
> 
> Signed-off-by: Paolo Bonzini 
> Signed-off-by: Hu Tao 

OK this breaks mingw build because you are moving
code to posix file and use it unconditionally on all platforms.
Pls setup mingw build and fix pci branch up, send me fix.

> ---
>  exec.c   | 44 +--
>  include/qemu/osdep.h |  2 ++
>  util/oslib-posix.c   | 73 
> 
>  3 files changed, 76 insertions(+), 43 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index 36301e2..b640425 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1011,13 +1011,6 @@ static long gethugepagesize(const char *path)
>  return fs.f_bsize;
>  }
>  
> -static sigjmp_buf sigjump;
> -
> -static void sigbus_handler(int signal)
> -{
> -siglongjmp(sigjump, 1);
> -}
> -
>  static void *file_ram_alloc(RAMBlock *block,
>  ram_addr_t memory,
>  const char *path,
> @@ -1087,42 +1080,7 @@ static void *file_ram_alloc(RAMBlock *block,
>  }
>  
>  if (mem_prealloc) {
> -int ret, i;
> -struct sigaction act, oldact;
> -sigset_t set, oldset;
> -
> -memset(&act, 0, sizeof(act));
> -act.sa_handler = &sigbus_handler;
> -act.sa_flags = 0;
> -
> -ret = sigaction(SIGBUS, &act, &oldact);
> -if (ret) {
> -perror("file_ram_alloc: failed to install signal handler");
> -exit(1);
> -}
> -
> -/* unblock SIGBUS */
> -sigemptyset(&set);
> -sigaddset(&set, SIGBUS);
> -pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
> -
> -if (sigsetjmp(sigjump, 1)) {
> -fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
> -exit(1);
> -}
> -
> -/* MAP_POPULATE silently ignores failures */
> -for (i = 0; i < (memory/hpagesize); i++) {
> -memset(area + (hpagesize*i), 0, 1);
> -}
> -
> -ret = sigaction(SIGBUS, &oldact, NULL);
> -if (ret) {
> -perror("file_ram_alloc: failed to reinstall signal handler");
> -exit(1);
> -}
> -
> -pthread_sigmask(SIG_SETMASK, &oldset, NULL);
> +os_mem_prealloc(fd, area, memory);
>  }
>  
>  block->fd = fd;
> diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
> index ffb2966..9c1a119 100644
> --- a/include/qemu/osdep.h
> +++ b/include/qemu/osdep.h
> @@ -251,4 +251,6 @@ void qemu_init_auxval(char **envp);
>  
>  void qemu_set_tty_echo(int fd, bool echo);
>  
> +void os_mem_prealloc(int fd, char *area, size_t sz);
> +
>  #endif
> diff --git a/util/oslib-posix.c b/util/oslib-posix.c
> index 8e9c770..1524ead 100644
> --- a/util/oslib-posix.c
> +++ b/util/oslib-posix.c
> @@ -46,6 +46,7 @@ extern int daemon(int, int);
>  #else
>  #  define QEMU_VMALLOC_ALIGN getpagesize()
>  #endif
> +#define HUGETLBFS_MAGIC   0x958458f6
>  
>  #include 
>  #include 
> @@ -58,9 +59,12 @@ extern int daemon(int, int);
>  #include "qemu/sockets.h"
>  #include 
>  #include 
> +#include 
> +#include 
>  
>  #ifdef CONFIG_LINUX
>  #include 
> +#include 
>  #endif
>  
>  #ifdef __FreeBSD__
> @@ -332,3 +336,72 @@ char *qemu_get_exec_dir(void)
>  {
>  return g_strdup(exec_dir);
>  }
> +
> +static sigjmp_buf sigjump;
> +
> +static void sigbus_handler(int signal)
> +{
> +siglongjmp(sigjump, 1);
> +}
> +
> +static size_t fd_getpagesize(int fd)
> +{
> +#ifdef CONFIG_LINUX
> +struct statfs fs;
> +int ret;
> +
> +if (fd != -1) {
> +do {
> +ret = fstatfs(fd, &fs);
> +} while (ret != 0 && errno == EINTR);
> +
> +if (ret == 0 && fs.f_type == HUGETLBFS_MAGIC) {
> +return fs.f_bsize;
> +}
> +}
> +#endif
> +
> +return getpagesize();
> +}
> +
> +void os_mem_prealloc(int fd, char *area, size_t memory)
> +{
> +int ret, i;
> +struct sigaction act, oldact;
> +sigset_t set, oldset;
> +size_t hpagesize = fd_getpagesize(fd);
> +
> +memset(&act, 0, sizeof(act));
> +act.sa_handler = &sigbus_handler;
> +act.sa_flags = 0;
> +
> +ret = sigaction(SIGBUS, &act, &oldact);
> +if (ret) {
> +perror("os_mem_prealloc: failed to install signal handler");
> +exit(1);
> +}
> +
> +/* unblock SIGBUS */
> +sigemptyset(&set);
> +sigaddset(&set, SIGBUS);
> +pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
> +
> +if (sigsetjmp(sigjump, 1)) {
> +fprintf(stderr, "os_mem_prealloc: failed to preallocate pages\n");
> +exit(1);
> +}
> +
> +/* MAP_POPULATE silently ignores failures */
> +memory = (memory + hpagesize - 1) & -hpagesize;
> +for (i = 0; i < (memory/hpagesize); i++) {
> +memset(area + (hpagesize*i), 0, 1);
> +}
> +
> +ret = sigaction(SIGBUS, &oldact, NULL);
> +if (ret) {
> +perror("os_mem_prealloc: fa

[Qemu-devel] [PATCH v2 1/3] nbd: Drop nbd_can_read()

[Max Reitz]

There is no variant of aio_set_fd_handler() like qemu_set_fd_handler2(),
so we cannot give a can_read() callback function. Instead, unregister
the nbd_read() function whenever we cannot read and re-register it as
soon as we can read again.

All this is hidden behind the functions nbd_set_handlers() (which
registers all handlers for the AIO context and file descriptor belonging
to the given client), nbd_unset_handlers() (which unregisters them) and
nbd_update_can_read() (which checks whether NBD can read for the given
client and acts accordingly).

Signed-off-by: Max Reitz 
---
 nbd.c | 74 ++-
 1 file changed, 55 insertions(+), 19 deletions(-)

diff --git a/nbd.c b/nbd.c
index e0d032c..2715acc 100644
--- a/nbd.c
+++ b/nbd.c
@@ -18,6 +18,7 @@
 
 #include "block/nbd.h"
 #include "block/block.h"
+#include "block/block_int.h"
 
 #include "block/coroutine.h"
 
@@ -100,6 +101,8 @@ struct NBDExport {
 uint32_t nbdflags;
 QTAILQ_HEAD(, NBDClient) clients;
 QTAILQ_ENTRY(NBDExport) next;
+
+AioContext *ctx;
 };
 
 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
@@ -116,6 +119,8 @@ struct NBDClient {
 CoMutex send_lock;
 Coroutine *send_coroutine;
 
+bool can_read;
+
 QTAILQ_ENTRY(NBDClient) next;
 int nb_requests;
 bool closing;
@@ -123,6 +128,10 @@ struct NBDClient {
 
 /* That's all folks */
 
+static void nbd_set_handlers(NBDClient *client);
+static void nbd_unset_handlers(NBDClient *client);
+static void nbd_update_can_read(NBDClient *client);
+
 ssize_t nbd_wr_sync(int fd, void *buffer, size_t size, bool do_read)
 {
 size_t offset = 0;
@@ -744,7 +753,7 @@ void nbd_client_put(NBDClient *client)
  */
 assert(client->closing);
 
-qemu_set_fd_handler2(client->sock, NULL, NULL, NULL, NULL);
+nbd_unset_handlers(client);
 close(client->sock);
 client->sock = -1;
 if (client->exp) {
@@ -780,6 +789,7 @@ static NBDRequest *nbd_request_get(NBDClient *client)
 
 assert(client->nb_requests <= MAX_NBD_REQUESTS - 1);
 client->nb_requests++;
+nbd_update_can_read(client);
 
 req = g_slice_new0(NBDRequest);
 nbd_client_get(client);
@@ -796,9 +806,8 @@ static void nbd_request_put(NBDRequest *req)
 }
 g_slice_free(NBDRequest, req);
 
-if (client->nb_requests-- == MAX_NBD_REQUESTS) {
-qemu_notify_event();
-}
+client->nb_requests--;
+nbd_update_can_read(client);
 nbd_client_put(client);
 }
 
@@ -814,6 +823,7 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t 
dev_offset,
 exp->nbdflags = nbdflags;
 exp->size = size == -1 ? bdrv_getlength(bs) : size;
 exp->close = close;
+exp->ctx = bdrv_get_aio_context(bs);
 bdrv_ref(bs);
 return exp;
 }
@@ -905,10 +915,6 @@ void nbd_export_close_all(void)
 }
 }
 
-static int nbd_can_read(void *opaque);
-static void nbd_read(void *opaque);
-static void nbd_restart_write(void *opaque);
-
 static ssize_t nbd_co_send_reply(NBDRequest *req, struct nbd_reply *reply,
  int len)
 {
@@ -917,9 +923,8 @@ static ssize_t nbd_co_send_reply(NBDRequest *req, struct 
nbd_reply *reply,
 ssize_t rc, ret;
 
 qemu_co_mutex_lock(&client->send_lock);
-qemu_set_fd_handler2(csock, nbd_can_read, nbd_read,
- nbd_restart_write, client);
 client->send_coroutine = qemu_coroutine_self();
+nbd_set_handlers(client);
 
 if (!len) {
 rc = nbd_send_reply(csock, reply);
@@ -936,7 +941,7 @@ static ssize_t nbd_co_send_reply(NBDRequest *req, struct 
nbd_reply *reply,
 }
 
 client->send_coroutine = NULL;
-qemu_set_fd_handler2(csock, nbd_can_read, nbd_read, NULL, client);
+nbd_set_handlers(client);
 qemu_co_mutex_unlock(&client->send_lock);
 return rc;
 }
@@ -949,6 +954,8 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, 
struct nbd_request *reque
 ssize_t rc;
 
 client->recv_coroutine = qemu_coroutine_self();
+nbd_update_can_read(client);
+
 rc = nbd_receive_request(csock, request);
 if (rc < 0) {
 if (rc != -EAGAIN) {
@@ -990,6 +997,8 @@ static ssize_t nbd_co_receive_request(NBDRequest *req, 
struct nbd_request *reque
 
 out:
 client->recv_coroutine = NULL;
+nbd_update_can_read(client);
+
 return rc;
 }
 
@@ -1140,13 +1149,6 @@ out:
 nbd_client_close(client);
 }
 
-static int nbd_can_read(void *opaque)
-{
-NBDClient *client = opaque;
-
-return client->recv_coroutine || client->nb_requests < MAX_NBD_REQUESTS;
-}
-
 static void nbd_read(void *opaque)
 {
 NBDClient *client = opaque;
@@ -1165,6 +1167,39 @@ static void nbd_restart_write(void *opaque)
 qemu_coroutine_enter(client->send_coroutine, NULL);
 }
 
+static void nbd_set_handlers(NBDClient *client)
+{
+if (client->exp && client->exp->ctx) {
+aio_set_fd_handler(client->exp->ctx, client->sock,
+   cl

[Qemu-devel] [Bug 1308341] Re: Multiple CPUs causes blue screen on Windows guest (14.04 regression)

[Serge Hallyn]

(Removed the task against virt-manager since hyperv is apparently *not*
a safe workaround in all cases)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1308341

Title:
  Multiple CPUs causes blue screen on Windows guest (14.04 regression)

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  Configuring a Windows 7 guest using more than one CPU cases the guest to 
fail. This happens after a few hours after guest boot. This is the error on the 
blue screen:
  "A clock interrupt was not received on a secondary processor within the 
allocated time interval"

  After resetting, the guest will never boot and a new bluescreen with
  the error "STOP: 0x005c" appears. Shutting down the guest
  completely and restarting it will allow it to boot and run for a few
  hours again.

  The guest was created using virt-manager. The error happens with or
  without virtio devices and with both 32-bit and 64-bit Windows 7
  guests.

  I am using Ubuntu 14.04 release candidate.

  qemu-kvm version 2.0.0~rc1+dfsg-0ubuntu3

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1308341/+subscriptions

[Qemu-devel] [Bug 1308341] Re: Multiple CPUs causes blue screen on Windows guest (14.04 regression)

[Serge Hallyn]

Thanks, given that info it seems clear to be a kernel and not a qemu
bug.

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: virt-manager (Ubuntu)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1308341

Title:
  Multiple CPUs causes blue screen on Windows guest (14.04 regression)

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  New
Status in “qemu” package in Ubuntu:
  Confirmed

Bug description:
  Configuring a Windows 7 guest using more than one CPU cases the guest to 
fail. This happens after a few hours after guest boot. This is the error on the 
blue screen:
  "A clock interrupt was not received on a secondary processor within the 
allocated time interval"

  After resetting, the guest will never boot and a new bluescreen with
  the error "STOP: 0x005c" appears. Shutting down the guest
  completely and restarting it will allow it to boot and run for a few
  hours again.

  The guest was created using virt-manager. The error happens with or
  without virtio devices and with both 32-bit and 64-bit Windows 7
  guests.

  I am using Ubuntu 14.04 release candidate.

  qemu-kvm version 2.0.0~rc1+dfsg-0ubuntu3

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1308341/+subscriptions

[Qemu-devel] [PATCH v2 0/3] nbd: Adapt for dataplane

[Max Reitz]

For the NBD server to work with dataplane, it needs to correctly access
the exported BDS. It makes the most sense to run both in the same
AioContext, therefore this series implements methods for tracking a
BDS's AioContext and makes NBD make use of this for keeping the clients
connected to that BDS in the same AioContext.


v2:
 - Patch 1: Drop NBDClient::restart_write; checking whether
   NBDClient::send_coroutine is not NULL suffices [Paolo]


git-backport-diff against v1:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/3:[0005] [FC] 'nbd: Drop nbd_can_read()'
002/3:[] [--] 'block: Add AIO context notifiers'
003/3:[] [--] 'nbd: Follow the BDS' AIO context'


Max Reitz (3):
  nbd: Drop nbd_can_read()
  block: Add AIO context notifiers
  nbd: Follow the BDS' AIO context

 block.c   |  56 +
 include/block/block_int.h |  41 ++
 nbd.c | 105 +-
 3 files changed, 183 insertions(+), 19 deletions(-)

-- 
2.0.0

[Qemu-devel] [PULL v2 039/106] pc: q35: acpi: report error to user on unsupported unplug request

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/isa/lpc_ich9.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index fb2b82d..3fe2311 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -610,6 +610,8 @@ static void ich9_device_plug_cb(HotplugHandler *hotplug_dev,
 static void ich9_device_unplug_cb(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
+error_setg(errp, "acpi: device unplug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
 }
 
 static bool ich9_rst_cnt_needed(void *opaque)
-- 
MST

[Qemu-devel] [PATCH v2 2/3] block: Add AIO context notifiers

[Max Reitz]

If a long-running operation on a BDS wants to always remain in the same
AIO context, it somehow needs to keep track of the BDS changing its
context. This adds a function for registering callbacks on a BDS which
are called whenever the BDS is attached or detached from an AIO context.

Signed-off-by: Max Reitz 
---
 block.c   | 56 +++
 include/block/block_int.h | 41 ++
 2 files changed, 97 insertions(+)

diff --git a/block.c b/block.c
index 43abe96..a3d09fa 100644
--- a/block.c
+++ b/block.c
@@ -1806,6 +1806,8 @@ void bdrv_reopen_abort(BDRVReopenState *reopen_state)
 
 void bdrv_close(BlockDriverState *bs)
 {
+BdrvAioNotifier *ban, *ban_next;
+
 if (bs->job) {
 block_job_cancel_sync(bs->job);
 }
@@ -1848,6 +1850,11 @@ void bdrv_close(BlockDriverState *bs)
 if (bs->io_limits_enabled) {
 bdrv_io_limits_disable(bs);
 }
+
+QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
+g_free(ban);
+}
+QLIST_INIT(&bs->aio_notifiers);
 }
 
 void bdrv_close_all(void)
@@ -5663,10 +5670,16 @@ AioContext *bdrv_get_aio_context(BlockDriverState *bs)
 
 void bdrv_detach_aio_context(BlockDriverState *bs)
 {
+BdrvAioNotifier *baf;
+
 if (!bs->drv) {
 return;
 }
 
+QLIST_FOREACH(baf, &bs->aio_notifiers, list) {
+baf->detach_aio_context(baf->opaque);
+}
+
 if (bs->io_limits_enabled) {
 throttle_detach_aio_context(&bs->throttle_state);
 }
@@ -5686,6 +5699,8 @@ void bdrv_detach_aio_context(BlockDriverState *bs)
 void bdrv_attach_aio_context(BlockDriverState *bs,
  AioContext *new_context)
 {
+BdrvAioNotifier *ban;
+
 if (!bs->drv) {
 return;
 }
@@ -5704,6 +5719,10 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
 if (bs->io_limits_enabled) {
 throttle_attach_aio_context(&bs->throttle_state, new_context);
 }
+
+QLIST_FOREACH(ban, &bs->aio_notifiers, list) {
+ban->attached_aio_context(new_context, ban->opaque);
+}
 }
 
 void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context)
@@ -5720,6 +5739,43 @@ void bdrv_set_aio_context(BlockDriverState *bs, 
AioContext *new_context)
 aio_context_release(new_context);
 }
 
+void bdrv_add_aio_context_notifier(BlockDriverState *bs,
+void (*attached_aio_context)(AioContext *new_context, void *opaque),
+void (*detach_aio_context)(void *opaque), void *opaque)
+{
+BdrvAioNotifier *ban = g_new(BdrvAioNotifier, 1);
+*ban = (BdrvAioNotifier){
+.attached_aio_context = attached_aio_context,
+.detach_aio_context   = detach_aio_context,
+.opaque   = opaque
+};
+
+QLIST_INSERT_HEAD(&bs->aio_notifiers, ban, list);
+}
+
+void bdrv_remove_aio_context_notifier(BlockDriverState *bs,
+  void (*attached_aio_context)(AioContext 
*,
+   void *),
+  void (*detach_aio_context)(void *),
+  void *opaque)
+{
+BdrvAioNotifier *ban, *ban_next;
+
+QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
+if (ban->attached_aio_context == attached_aio_context &&
+ban->detach_aio_context   == detach_aio_context   &&
+ban->opaque   == opaque)
+{
+QLIST_REMOVE(ban, list);
+g_free(ban);
+
+return;
+}
+}
+
+abort();
+}
+
 void bdrv_add_before_write_notifier(BlockDriverState *bs,
 NotifierWithReturn *notifier)
 {
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 7aa2213..a1885d3 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -282,6 +282,15 @@ typedef struct BlockLimits {
 
 typedef struct BdrvOpBlocker BdrvOpBlocker;
 
+typedef struct BdrvAioNotifier {
+void (*attached_aio_context)(AioContext *new_context, void *opaque);
+void (*detach_aio_context)(void *opaque);
+
+void *opaque;
+
+QLIST_ENTRY(BdrvAioNotifier) list;
+} BdrvAioNotifier;
+
 /*
  * Note: the function bdrv_append() copies and swaps contents of
  * BlockDriverStates, so if you add new fields to this struct, please
@@ -308,6 +317,10 @@ struct BlockDriverState {
 void *dev_opaque;
 
 AioContext *aio_context; /* event loop used for fd handlers, timers, etc */
+/* long-running tasks intended to always use the same AioContext as this
+ * BDS may register themselves in this list to be notified of changes
+ * regarding this BDS's context */
+QLIST_HEAD(, BdrvAioNotifier) aio_notifiers;
 
 char filename[1024];
 char backing_file[1024]; /* if non zero, the image is a diff of
@@ -422,6 +435,34 @@ void bdrv_detach_aio_context(BlockDriverState *bs);
 void bdrv_attach_aio_context(BlockDriverState *b

[Qemu-devel] [PATCH v2 3/3] nbd: Follow the BDS' AIO context

[Max Reitz]

Keep the NBD server always in the same AIO context as the exported BDS
by calling bdrv_add_aio_context_notifier() and implementing the required
callbacks.

Signed-off-by: Max Reitz 
---
 nbd.c | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/nbd.c b/nbd.c
index 2715acc..cd92f88 100644
--- a/nbd.c
+++ b/nbd.c
@@ -811,6 +811,34 @@ static void nbd_request_put(NBDRequest *req)
 nbd_client_put(client);
 }
 
+static void bs_aio_attached(AioContext *ctx, void *opaque)
+{
+NBDExport *exp = opaque;
+NBDClient *client;
+
+TRACE("Export %s: Attaching clients to AIO context %p\n", exp->name, ctx);
+
+exp->ctx = ctx;
+
+QTAILQ_FOREACH(client, &exp->clients, next) {
+nbd_set_handlers(client);
+}
+}
+
+static void bs_aio_detach(void *opaque)
+{
+NBDExport *exp = opaque;
+NBDClient *client;
+
+TRACE("Export %s: Detaching clients from AIO context %p\n", exp->name, 
exp->ctx);
+
+QTAILQ_FOREACH(client, &exp->clients, next) {
+nbd_unset_handlers(client);
+}
+
+exp->ctx = NULL;
+}
+
 NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset,
   off_t size, uint32_t nbdflags,
   void (*close)(NBDExport *))
@@ -825,6 +853,7 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t 
dev_offset,
 exp->close = close;
 exp->ctx = bdrv_get_aio_context(bs);
 bdrv_ref(bs);
+bdrv_add_aio_context_notifier(bs, bs_aio_attached, bs_aio_detach, exp);
 return exp;
 }
 
@@ -872,6 +901,8 @@ void nbd_export_close(NBDExport *exp)
 nbd_export_set_name(exp, NULL);
 nbd_export_put(exp);
 if (exp->bs) {
+bdrv_remove_aio_context_notifier(exp->bs, bs_aio_attached,
+ bs_aio_detach, exp);
 bdrv_unref(exp->bs);
 exp->bs = NULL;
 }
-- 
2.0.0

[Qemu-devel] [PULL v2 083/106] hostmem: add merge and dump properties

[Michael S. Tsirkin]

From: Paolo Bonzini 

Signed-off-by: Paolo Bonzini 
Signed-off-by: Hu Tao 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/qemu/osdep.h | 10 ++
 include/sysemu/hostmem.h |  1 +
 backends/hostmem.c   | 84 +++-
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 9c1a119..820c5d0 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -116,6 +116,16 @@ void qemu_anon_ram_free(void *ptr, size_t size);
 #else
 #define QEMU_MADV_MERGEABLE QEMU_MADV_INVALID
 #endif
+#ifdef MADV_UNMERGEABLE
+#define QEMU_MADV_UNMERGEABLE MADV_UNMERGEABLE
+#else
+#define QEMU_MADV_UNMERGEABLE QEMU_MADV_INVALID
+#endif
+#ifdef MADV_DODUMP
+#define QEMU_MADV_DODUMP MADV_DODUMP
+#else
+#define QEMU_MADV_DODUMP QEMU_MADV_INVALID
+#endif
 #ifdef MADV_DONTDUMP
 #define QEMU_MADV_DONTDUMP MADV_DONTDUMP
 #else
diff --git a/include/sysemu/hostmem.h b/include/sysemu/hostmem.h
index 923f672..ede5ec9 100644
--- a/include/sysemu/hostmem.h
+++ b/include/sysemu/hostmem.h
@@ -52,6 +52,7 @@ struct HostMemoryBackend {
 
 /* protected */
 uint64_t size;
+bool merge, dump;
 
 MemoryRegion mr;
 };
diff --git a/backends/hostmem.c b/backends/hostmem.c
index 1738774..a2550fe 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -53,8 +53,73 @@ out:
 error_propagate(errp, local_err);
 }
 
+static bool host_memory_backend_get_merge(Object *obj, Error **errp)
+{
+HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+
+return backend->merge;
+}
+
+static void host_memory_backend_set_merge(Object *obj, bool value, Error 
**errp)
+{
+HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+
+if (!memory_region_size(&backend->mr)) {
+backend->merge = value;
+return;
+}
+
+if (value != backend->merge) {
+void *ptr = memory_region_get_ram_ptr(&backend->mr);
+uint64_t sz = memory_region_size(&backend->mr);
+
+qemu_madvise(ptr, sz,
+ value ? QEMU_MADV_MERGEABLE : QEMU_MADV_UNMERGEABLE);
+backend->merge = value;
+}
+}
+
+static bool host_memory_backend_get_dump(Object *obj, Error **errp)
+{
+HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+
+return backend->dump;
+}
+
+static void host_memory_backend_set_dump(Object *obj, bool value, Error **errp)
+{
+HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+
+if (!memory_region_size(&backend->mr)) {
+backend->dump = value;
+return;
+}
+
+if (value != backend->dump) {
+void *ptr = memory_region_get_ram_ptr(&backend->mr);
+uint64_t sz = memory_region_size(&backend->mr);
+
+qemu_madvise(ptr, sz,
+ value ? QEMU_MADV_DODUMP : QEMU_MADV_DONTDUMP);
+backend->dump = value;
+}
+}
+
 static void host_memory_backend_init(Object *obj)
 {
+HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+
+backend->merge = qemu_opt_get_bool(qemu_get_machine_opts(),
+   "mem-merge", true);
+backend->dump = qemu_opt_get_bool(qemu_get_machine_opts(),
+  "dump-guest-core", true);
+
+object_property_add_bool(obj, "merge",
+host_memory_backend_get_merge,
+host_memory_backend_set_merge, NULL);
+object_property_add_bool(obj, "dump",
+host_memory_backend_get_dump,
+host_memory_backend_set_dump, NULL);
 object_property_add(obj, "size", "int",
 host_memory_backend_get_size,
 host_memory_backend_set_size, NULL, NULL, NULL);
@@ -80,9 +145,26 @@ host_memory_backend_memory_complete(UserCreatable *uc, 
Error **errp)
 {
 HostMemoryBackend *backend = MEMORY_BACKEND(uc);
 HostMemoryBackendClass *bc = MEMORY_BACKEND_GET_CLASS(uc);
+Error *local_err = NULL;
+void *ptr;
+uint64_t sz;
 
 if (bc->alloc) {
-bc->alloc(backend, errp);
+bc->alloc(backend, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+ptr = memory_region_get_ram_ptr(&backend->mr);
+sz = memory_region_size(&backend->mr);
+
+if (backend->merge) {
+qemu_madvise(ptr, sz, QEMU_MADV_MERGEABLE);
+}
+if (!backend->dump) {
+qemu_madvise(ptr, sz, QEMU_MADV_DONTDUMP);
+}
 }
 }
 
-- 
MST

[Qemu-devel] [PULL v2 007/106] qdev: hotplug for bus-less devices

[Michael S. Tsirkin]

From: Igor Mammedov 

Add get_hotplug_handler() method to machine, and
make bus-less device use it during hotplug
as a means to discover a hotplug handler controller.
The returned controller is used to perform hotplug
actions.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/boards.h |  8 
 hw/core/qdev.c  | 13 +
 2 files changed, 21 insertions(+)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 184d245..429ac43 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -61,6 +61,11 @@ extern MachineState *current_machine;
 /**
  * MachineClass:
  * @qemu_machine: #QEMUMachine
+ * @get_hotplug_handler: this function is called during bus-less
+ *device hotplug. If defined it returns pointer to an instance
+ *of HotplugHandler object, which handles hotplug operation
+ *for a given @dev. It may return NULL if @dev doesn't require
+ *any actions to be performed by hotplug handler.
  */
 struct MachineClass {
 /*< private >*/
@@ -90,6 +95,9 @@ struct MachineClass {
 const char *default_boot_order;
 GlobalProperty *compat_props;
 const char *hw_version;
+
+HotplugHandler *(*get_hotplug_handler)(MachineState *machine,
+   DeviceState *dev);
 };
 
 /**
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index e65a5aa..fded645 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -34,6 +34,7 @@
 #include "qapi/qmp/qjson.h"
 #include "monitor/monitor.h"
 #include "hw/hotplug.h"
+#include "hw/boards.h"
 
 int qdev_hotplug = 0;
 static bool qdev_hot_added = false;
@@ -813,6 +814,18 @@ static void device_set_realized(Object *obj, bool value, 
Error **errp)
 local_err == NULL) {
 hotplug_handler_plug(dev->parent_bus->hotplug_handler,
  dev, &local_err);
+} else if (local_err == NULL &&
+   object_dynamic_cast(qdev_get_machine(), TYPE_MACHINE)) {
+HotplugHandler *hotplug_ctrl;
+MachineState *machine = MACHINE(qdev_get_machine());
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+
+if (mc->get_hotplug_handler) {
+hotplug_ctrl = mc->get_hotplug_handler(machine, dev);
+if (hotplug_ctrl) {
+hotplug_handler_plug(hotplug_ctrl, dev, &local_err);
+}
+}
 }
 
 if (qdev_get_vmsd(dev) && local_err == NULL) {
-- 
MST

Re: [Qemu-devel] [PATCH] vfio: Make BARs native endian

[Alex Williamson]

On Wed, 2014-06-18 at 21:35 +1000, Alexey Kardashevskiy wrote:
> Slow BAR access path is used when VFIO fails to mmap() BAR or TCG is used.

TCG can use the mmap too

> Since this is just a transport between the guest and a device, there is
> no need to do endianness swapping.
> 
> This changes BARs to use native endianness. Since non-ROM BARs were
> doing byte swapping, we need to remove it so does the patch. No change
> in behavior is expected though.
> 
> ROM BARs were declared little endian but byte swapping was not
> implemented for them so they never actually worked on big endian systems.
> This fixes endiannes for ROM BARs: this declares them native endian and
> fixes access sizes.

So the only actual behavior change we expect from this is to fix ROM
access on big endian where we had an unbalanced set of byte swaps.  BAR
access worked because the byte swapping in the read/write handler
canceled the byte swapping in QEMU because we declared the BARs as
little endian.  Otherwise we're just removing canceling byte swaps for
big endian.  Is that correct?

Also, as the kernel patch appears to not produce any behavioral change,
only eliminates canceling swaps, there's no dependency between patches,
right?  Thanks,

Alex

> Signed-off-by: Alexey Kardashevskiy 
> ---
>  hw/misc/vfio.c | 41 +++--
>  1 file changed, 31 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
> index 7437c2e..3eb3c71 100644
> --- a/hw/misc/vfio.c
> +++ b/hw/misc/vfio.c
> @@ -1052,10 +1052,10 @@ static void vfio_bar_write(void *opaque, hwaddr addr,
>  buf.byte = data;
>  break;
>  case 2:
> -buf.word = cpu_to_le16(data);
> +buf.word = data;
>  break;
>  case 4:
> -buf.dword = cpu_to_le32(data);
> +buf.dword = data;
>  break;
>  default:
>  hw_error("vfio: unsupported write size, %d bytes", size);
> @@ -1112,10 +1112,10 @@ static uint64_t vfio_bar_read(void *opaque,
>  data = buf.byte;
>  break;
>  case 2:
> -data = le16_to_cpu(buf.word);
> +data = buf.word;
>  break;
>  case 4:
> -data = le32_to_cpu(buf.dword);
> +data = buf.dword;
>  break;
>  default:
>  hw_error("vfio: unsupported read size, %d bytes", size);
> @@ -1142,7 +1142,7 @@ static uint64_t vfio_bar_read(void *opaque,
>  static const MemoryRegionOps vfio_bar_ops = {
>  .read = vfio_bar_read,
>  .write = vfio_bar_write,
> -.endianness = DEVICE_LITTLE_ENDIAN,
> +.endianness = DEVICE_NATIVE_ENDIAN,
>  };
>  
>  static void vfio_pci_load_rom(VFIODevice *vdev)
> @@ -1204,21 +1204,42 @@ static void vfio_pci_load_rom(VFIODevice *vdev)
>  static uint64_t vfio_rom_read(void *opaque, hwaddr addr, unsigned size)
>  {
>  VFIODevice *vdev = opaque;
> -uint64_t val = ((uint64_t)1 << (size * 8)) - 1;
> +union {
> +uint8_t byte;
> +uint16_t word;
> +uint32_t dword;
> +uint64_t qword;
> +} buf;
> +uint64_t data = 0;
>  
>  /* Load the ROM lazily when the guest tries to read it */
>  if (unlikely(!vdev->rom && !vdev->rom_read_failed)) {
>  vfio_pci_load_rom(vdev);
>  }
>  
> -memcpy(&val, vdev->rom + addr,
> +memcpy(&buf, vdev->rom + addr,
> (addr < vdev->rom_size) ? MIN(size, vdev->rom_size - addr) : 0);
>  
> +switch (size) {
> +case 1:
> +data = buf.byte;
> +break;
> +case 2:
> +data = buf.word;
> +break;
> +case 4:
> +data = buf.dword;
> +break;
> +default:
> +hw_error("vfio: unsupported read size, %d bytes", size);
> +break;
> +}
> +
>  DPRINTF("%s(%04x:%02x:%02x.%x, 0x%"HWADDR_PRIx", 0x%x) = 0x%"PRIx64"\n",
>  __func__, vdev->host.domain, vdev->host.bus, vdev->host.slot,
> -vdev->host.function, addr, size, val);
> +vdev->host.function, addr, size, data);
>  
> -return val;
> +return data;
>  }
>  
>  static void vfio_rom_write(void *opaque, hwaddr addr,
> @@ -1229,7 +1250,7 @@ static void vfio_rom_write(void *opaque, hwaddr addr,
>  static const MemoryRegionOps vfio_rom_ops = {
>  .read = vfio_rom_read,
>  .write = vfio_rom_write,
> -.endianness = DEVICE_LITTLE_ENDIAN,
> +.endianness = DEVICE_NATIVE_ENDIAN,
>  };
>  
>  static bool vfio_blacklist_opt_rom(VFIODevice *vdev)

[Qemu-devel] [PULL v2 091/106] qapi: make string output visitor parse int list

[Michael S. Tsirkin]

From: Hu Tao 

Signed-off-by: Hu Tao 
Acked-by: Michael S. Tsirkin 
Tested-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 

MST: split up patch
---
 qapi/string-output-visitor.c   | 229 +++--
 tests/test-string-output-visitor.c |  38 +-
 2 files changed, 255 insertions(+), 12 deletions(-)

diff --git a/qapi/string-output-visitor.c b/qapi/string-output-visitor.c
index fb1d2e8..1c0834a 100644
--- a/qapi/string-output-visitor.c
+++ b/qapi/string-output-visitor.c
@@ -16,32 +16,181 @@
 #include "qapi/qmp/qerror.h"
 #include "qemu/host-utils.h"
 #include 
+#include "qemu/range.h"
+
+enum ListMode {
+LM_NONE, /* not traversing a list of repeated options */
+LM_STARTED,  /* start_list() succeeded */
+
+LM_IN_PROGRESS,  /* next_list() has been called.
+  *
+  * Generating the next list link will consume the most
+  * recently parsed QemuOpt instance of the repeated
+  * option.
+  *
+  * Parsing a value into the list link will examine the
+  * next QemuOpt instance of the repeated option, and
+  * possibly enter LM_SIGNED_INTERVAL or
+  * LM_UNSIGNED_INTERVAL.
+  */
+
+LM_SIGNED_INTERVAL,  /* next_list() has been called.
+  *
+  * Generating the next list link will consume the most
+  * recently stored element from the signed interval,
+  * parsed from the most recent QemuOpt instance of the
+  * repeated option. This may consume QemuOpt itself
+  * and return to LM_IN_PROGRESS.
+  *
+  * Parsing a value into the list link will store the
+  * next element of the signed interval.
+  */
+
+LM_UNSIGNED_INTERVAL,/* Same as above, only for an unsigned interval. */
+
+LM_END
+};
+
+typedef enum ListMode ListMode;
 
 struct StringOutputVisitor
 {
 Visitor visitor;
 bool human;
-char *string;
+GString *string;
+bool head;
+ListMode list_mode;
+union {
+int64_t s;
+uint64_t u;
+} range_start, range_end;
+GList *ranges;
 };
 
 static void string_output_set(StringOutputVisitor *sov, char *string)
 {
-g_free(sov->string);
-sov->string = string;
+if (sov->string) {
+g_string_free(sov->string, true);
+}
+sov->string = g_string_new(string);
+g_free(string);
+}
+
+static void string_output_append(StringOutputVisitor *sov, int64_t a)
+{
+Range *r = g_malloc0(sizeof(*r));
+r->begin = a;
+r->end = a + 1;
+sov->ranges = g_list_insert_sorted_merged(sov->ranges, r, range_compare);
+}
+
+static void string_output_append_range(StringOutputVisitor *sov,
+   int64_t s, int64_t e)
+{
+Range *r = g_malloc0(sizeof(*r));
+r->begin = s;
+r->end = e + 1;
+sov->ranges = g_list_insert_sorted_merged(sov->ranges, r, range_compare);
+}
+
+static void format_string(StringOutputVisitor *sov, Range *r, bool next,
+  bool human)
+{
+if (r->end - r->begin > 1) {
+if (human) {
+g_string_append_printf(sov->string, "%" PRIx64 "-%" PRIx64,
+   r->begin, r->end - 1);
+
+} else {
+g_string_append_printf(sov->string, "%" PRId64 "-%" PRId64,
+   r->begin, r->end - 1);
+}
+} else {
+if (human) {
+g_string_append_printf(sov->string, "%" PRIx64, r->begin);
+} else {
+g_string_append_printf(sov->string, "%" PRId64, r->begin);
+}
+}
+if (next) {
+g_string_append(sov->string, ",");
+}
 }
 
 static void print_type_int(Visitor *v, int64_t *obj, const char *name,
Error **errp)
 {
 StringOutputVisitor *sov = DO_UPCAST(StringOutputVisitor, visitor, v);
-char *out;
+GList *l;
+
+switch (sov->list_mode) {
+case LM_NONE:
+string_output_append(sov, *obj);
+break;
+
+case LM_STARTED:
+sov->range_start.s = *obj;
+sov->range_end.s = *obj;
+sov->list_mode = LM_IN_PROGRESS;
+return;
+
+case LM_IN_PROGRESS:
+if (sov->range_end.s + 1 == *obj) {
+sov->range_end.s++;
+} else {
+if (sov->range_start.s == sov->range_end.s) {
+string_output_append(sov, sov->range_end.s);
+} else {
+assert(sov->range_start.s < sov->range_end.s);
+string_output_append_range(sov, sov->range_start.s,
+   sov->range_end.s);
+}
+
+  

[Qemu-devel] [PULL v2 019/106] acpi: rename cpu_hotplug_defs.h to pc-hotplug.h

[Michael S. Tsirkin]

From: Igor Mammedov 

to make it more generic, so it could be used for memory hotplug
as well.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/cpu_hotplug.h| 2 +-
 include/hw/acpi/{cpu_hotplug_defs.h => pc-hotplug.h} | 6 +++---
 hw/i386/acpi-dsdt.dsl| 2 +-
 hw/i386/q35-acpi-dsdt.dsl| 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)
 rename include/hw/acpi/{cpu_hotplug_defs.h => pc-hotplug.h} (88%)

diff --git a/include/hw/acpi/cpu_hotplug.h b/include/hw/acpi/cpu_hotplug.h
index 4576400..9e5d30c 100644
--- a/include/hw/acpi/cpu_hotplug.h
+++ b/include/hw/acpi/cpu_hotplug.h
@@ -13,7 +13,7 @@
 #define ACPI_HOTPLUG_H
 
 #include "hw/acpi/acpi.h"
-#include "hw/acpi/cpu_hotplug_defs.h"
+#include "hw/acpi/pc-hotplug.h"
 
 typedef struct AcpiCpuHotplug {
 MemoryRegion io;
diff --git a/include/hw/acpi/cpu_hotplug_defs.h b/include/hw/acpi/pc-hotplug.h
similarity index 88%
rename from include/hw/acpi/cpu_hotplug_defs.h
rename to include/hw/acpi/pc-hotplug.h
index 9f33663..cee479d 100644
--- a/include/hw/acpi/cpu_hotplug_defs.h
+++ b/include/hw/acpi/pc-hotplug.h
@@ -1,7 +1,7 @@
 /*
  * QEMU ACPI hotplug utilities shared defines
  *
- * Copyright (C) 2013 Red Hat Inc
+ * Copyright (C) 2014 Red Hat Inc
  *
  * Authors:
  *   Igor Mammedov 
@@ -9,8 +9,8 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
-#ifndef ACPI_HOTPLUG_DEFS_H
-#define ACPI_HOTPLUG_DEFS_H
+#ifndef PC_HOTPLUG_H
+#define PC_HOTPLUG_H
 
 /*
  * ONLY DEFINEs are permited in this file since it's shared
diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
index 0a1e252..8ae933b 100644
--- a/hw/i386/acpi-dsdt.dsl
+++ b/hw/i386/acpi-dsdt.dsl
@@ -306,7 +306,7 @@ DefinitionBlock (
 }
 }
 
-#include "hw/acpi/cpu_hotplug_defs.h"
+#include "hw/acpi/pc-hotplug.h"
 #define CPU_STATUS_BASE PIIX4_CPU_HOTPLUG_IO_BASE
 #include "acpi-dsdt-cpu-hotplug.dsl"
 
diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
index f4d2a2d..fddc3b2 100644
--- a/hw/i386/q35-acpi-dsdt.dsl
+++ b/hw/i386/q35-acpi-dsdt.dsl
@@ -402,7 +402,7 @@ DefinitionBlock (
 define_gsi_link(GSIH, 0, 0x17)
 }
 
-#include "hw/acpi/cpu_hotplug_defs.h"
+#include "hw/acpi/pc-hotplug.h"
 #define CPU_STATUS_BASE ICH9_CPU_HOTPLUG_IO_BASE
 #include "acpi-dsdt-cpu-hotplug.dsl"
 
-- 
MST

[Qemu-devel] [PULL v2 036/106] virtio: Drop superfluous conditionals around g_free()

[Michael S. Tsirkin]

From: Markus Armbruster 

Signed-off-by: Markus Armbruster 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Eric Blake 
---
 hw/9pfs/virtio-9p.c |  4 +---
 hw/net/virtio-net.c | 24 
 hw/virtio/vhost.c   |  8 ++--
 hw/virtio/virtio.c  | 12 
 4 files changed, 15 insertions(+), 33 deletions(-)

diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 9aa6725..5861a5b 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -299,9 +299,7 @@ static int v9fs_xattr_fid_clunk(V9fsPDU *pdu, V9fsFidState 
*fidp)
 free_out:
 v9fs_string_free(&fidp->fs.xattr.name);
 free_value:
-if (fidp->fs.xattr.value) {
-g_free(fidp->fs.xattr.value);
-}
+g_free(fidp->fs.xattr.value);
 return retval;
 }
 
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 940a7cf..dd28a5a 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1509,14 +1509,10 @@ void virtio_net_set_netclient_name(VirtIONet *n, const 
char *name,
  */
 assert(type != NULL);
 
-if (n->netclient_name) {
-g_free(n->netclient_name);
-n->netclient_name = NULL;
-}
-if (n->netclient_type) {
-g_free(n->netclient_type);
-n->netclient_type = NULL;
-}
+g_free(n->netclient_name);
+n->netclient_name = NULL;
+g_free(n->netclient_type);
+n->netclient_type = NULL;
 
 if (name != NULL) {
 n->netclient_name = g_strdup(name);
@@ -1616,14 +1612,10 @@ static void virtio_net_device_unrealize(DeviceState 
*dev, Error **errp)
 
 unregister_savevm(dev, "virtio-net", n);
 
-if (n->netclient_name) {
-g_free(n->netclient_name);
-n->netclient_name = NULL;
-}
-if (n->netclient_type) {
-g_free(n->netclient_type);
-n->netclient_type = NULL;
-}
+g_free(n->netclient_name);
+n->netclient_name = NULL;
+g_free(n->netclient_type);
+n->netclient_type = NULL;
 
 g_free(n->mac_table.macs);
 g_free(n->vlans);
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index f62cfaf..9e6023a 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -295,9 +295,7 @@ static inline void vhost_dev_log_resize(struct vhost_dev* 
dev, uint64_t size)
 if (dev->log_size) {
 vhost_log_sync_range(dev, 0, dev->log_size * VHOST_LOG_CHUNK - 1);
 }
-if (dev->log) {
-g_free(dev->log);
-}
+g_free(dev->log);
 dev->log = log;
 dev->log_size = size;
 }
@@ -601,9 +599,7 @@ static int vhost_migration_log(MemoryListener *listener, 
int enable)
 if (r < 0) {
 return r;
 }
-if (dev->log) {
-g_free(dev->log);
-}
+g_free(dev->log);
 dev->log = NULL;
 dev->log_size = 0;
 } else {
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index a07ae8a..3b938c8 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1164,10 +1164,8 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue 
*vq)
 
 void virtio_device_set_child_bus_name(VirtIODevice *vdev, char *bus_name)
 {
-if (vdev->bus_name) {
-g_free(vdev->bus_name);
-vdev->bus_name = NULL;
-}
+g_free(vdev->bus_name);
+vdev->bus_name = NULL;
 
 if (bus_name) {
 vdev->bus_name = g_strdup(bus_name);
@@ -1206,10 +1204,8 @@ static void virtio_device_unrealize(DeviceState *dev, 
Error **errp)
 }
 }
 
-if (vdev->bus_name) {
-g_free(vdev->bus_name);
-vdev->bus_name = NULL;
-}
+g_free(vdev->bus_name);
+vdev->bus_name = NULL;
 }
 
 static void virtio_device_class_init(ObjectClass *klass, void *data)
-- 
MST

[Qemu-devel] [PULL v2 011/106] pc-dimm: do not allow setting an in-use memdev

[Michael S. Tsirkin]

From: Igor Mammedov 

using the same memdev backend more than once will cause
assertion at MemoryRegion mapping time because it's already
mapped. Prevent it by checking that the associated MemoryRegion
is not mapped.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 

MST: tweak commit log
---
 hw/mem/pc-dimm.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index b4937fe..3cced63 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -43,6 +43,21 @@ static void pc_dimm_get_size(Object *obj, Visitor *v, void 
*opaque,
 visit_type_int(v, &value, name, errp);
 }
 
+static void pc_dimm_check_memdev_is_busy(Object *obj, const char *name,
+  Object *val, Error **errp)
+{
+MemoryRegion *mr;
+
+mr = host_memory_backend_get_memory(MEMORY_BACKEND(val), errp);
+if (memory_region_is_mapped(mr)) {
+char *path = object_get_canonical_path_component(val);
+error_setg(errp, "can't use already busy memdev: %s", path);
+g_free(path);
+} else {
+qdev_prop_allow_set_link_before_realize(obj, name, val, errp);
+}
+}
+
 static void pc_dimm_init(Object *obj)
 {
 PCDIMMDevice *dimm = PC_DIMM(obj);
@@ -51,7 +66,7 @@ static void pc_dimm_init(Object *obj)
 NULL, NULL, NULL, &error_abort);
 object_property_add_link(obj, PC_DIMM_MEMDEV_PROP, TYPE_MEMORY_BACKEND,
  (Object **)&dimm->hostmem,
- qdev_prop_allow_set_link_before_realize,
+ pc_dimm_check_memdev_is_busy,
  OBJ_PROP_LINK_UNREF_ON_RELEASE,
  &error_abort);
 }
-- 
MST

[Qemu-devel] [PULL v2 105/106] tests: simplify code

[Michael S. Tsirkin]

Use error_abort instead of open-coded assert.
Cleaner and shorter.

Reported-by: Eric Blake 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Eric Blake 
---
 tests/test-string-input-visitor.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests/test-string-input-visitor.c 
b/tests/test-string-input-visitor.c
index b01e2f2..8e3433e 100644
--- a/tests/test-string-input-visitor.c
+++ b/tests/test-string-input-visitor.c
@@ -69,14 +69,12 @@ static void test_visitor_in_intList(TestInputVisitorData 
*data,
 {
 int64_t value[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 20};
 int16List *res = NULL, *tmp;
-Error *errp = NULL;
 Visitor *v;
 int i = 0;
 
 v = visitor_input_test_init(data, "1,2,0,2-4,20,5-9,1-8");
 
-visit_type_int16List(v, &res, NULL, &errp);
-g_assert(errp == NULL);
+visit_type_int16List(v, &res, NULL, &error_abort);
 tmp = res;
 while (i < sizeof(value) / sizeof(value[0])) {
 g_assert(tmp);
-- 
MST

[Qemu-devel] [PULL v2 047/106] Add G_IO_HUP handler for socket chardev

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

This is used to detect that the remote end has disconnected. Just call
tcp_char_disconnect on receiving this event.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/sysemu/char.h |  1 +
 qemu-char.c   | 21 +
 2 files changed, 22 insertions(+)

diff --git a/include/sysemu/char.h b/include/sysemu/char.h
index 930aaf1..3b835f6 100644
--- a/include/sysemu/char.h
+++ b/include/sysemu/char.h
@@ -83,6 +83,7 @@ struct CharDriverState {
 int avail_connections;
 int is_mux;
 guint fd_in_tag;
+guint fd_hup_tag;
 QemuOpts *opts;
 QTAILQ_ENTRY(CharDriverState) next;
 };
diff --git a/qemu-char.c b/qemu-char.c
index b9bef44..b3bd3b5 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2680,6 +2680,25 @@ CharDriverState *qemu_chr_open_eventfd(int eventfd)
 }
 #endif
 
+static gboolean tcp_chr_chan_close(GIOChannel *channel, GIOCondition cond,
+   void *opaque)
+{
+CharDriverState *chr = opaque;
+
+if (cond != G_IO_HUP) {
+return FALSE;
+}
+
+/* connection closed */
+tcp_chr_disconnect(chr);
+if (chr->fd_hup_tag) {
+g_source_remove(chr->fd_hup_tag);
+chr->fd_hup_tag = 0;
+}
+
+return TRUE;
+}
+
 static void tcp_chr_connect(void *opaque)
 {
 CharDriverState *chr = opaque;
@@ -2689,6 +2708,8 @@ static void tcp_chr_connect(void *opaque)
 if (s->chan) {
 chr->fd_in_tag = io_add_watch_poll(s->chan, tcp_chr_read_poll,
tcp_chr_read, chr);
+chr->fd_hup_tag = g_io_add_watch(s->chan, G_IO_HUP, tcp_chr_chan_close,
+ chr);
 }
 qemu_chr_be_generic_open(chr);
 }
-- 
MST

[Qemu-devel] [PULL v2 101/106] qmp: add query-acpi-ospm-status command

[Michael S. Tsirkin]

From: Igor Mammedov 

... to get ACPI OSPM status reported by ACPI devices
via _OST method.

Signed-off-by: Igor Mammedov 
Reviewed-by: Eric Blake 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 qapi-schema.json | 10 ++
 qmp.c| 20 
 qmp-commands.hx  | 22 ++
 3 files changed, 52 insertions(+)

diff --git a/qapi-schema.json b/qapi-schema.json
index ff30ace..9835004 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3276,3 +3276,13 @@
   'slot-type': 'ACPISlotType',
   'source': 'int',
   'status': 'int' } }
+
+##
+# @query-acpi-ospm-status
+#
+# Lists ACPI OSPM status of ACPI device objects,
+# which might be reported via _OST method
+#
+# Since: 2.1
+##
+{ 'command': 'query-acpi-ospm-status', 'returns': ['ACPIOSTInfo'] }
diff --git a/qmp.c b/qmp.c
index 835fd78..dca6efb 100644
--- a/qmp.c
+++ b/qmp.c
@@ -29,6 +29,7 @@
 #include "hw/boards.h"
 #include "qom/object_interfaces.h"
 #include "hw/mem/pc-dimm.h"
+#include "hw/acpi/acpi_dev_interface.h"
 
 NameInfo *qmp_query_name(Error **errp)
 {
@@ -639,3 +640,22 @@ MemoryDeviceInfoList *qmp_query_memory_devices(Error 
**errp)
 
 return head;
 }
+
+ACPIOSTInfoList *qmp_query_acpi_ospm_status(Error **errp)
+{
+bool ambig;
+ACPIOSTInfoList *head = NULL;
+ACPIOSTInfoList **prev = &head;
+Object *obj = object_resolve_path_type("", TYPE_ACPI_DEVICE_IF, &ambig);
+
+if (obj) {
+AcpiDeviceIfClass *adevc = ACPI_DEVICE_IF_GET_CLASS(obj);
+AcpiDeviceIf *adev = ACPI_DEVICE_IF(obj);
+
+adevc->ospm_status(adev, &prev);
+} else {
+error_setg(errp, "command is not supported, missing ACPI device");
+}
+
+return head;
+}
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 81054d0..e4a1c80 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -3639,3 +3639,25 @@ Example:
"type": "dimm"
  } ] }
 EQMP
+
+{
+.name   = "query-acpi-ospm-status",
+.args_type  = "",
+.mhandler.cmd_new = qmp_marshal_input_query_acpi_ospm_status,
+},
+
+SQMP
+@query-acpi-ospm-status
+
+
+Return list of ACPIOSTInfo for devices that support status reporting
+via ACPI _OST method.
+
+Example:
+-> { "execute": "query-acpi-ospm-status" }
+<- { "return": [ { "device": "d1", "slot": "0", "slot-type": "DIMM", "source": 
1, "status": 0},
+ { "slot": "1", "slot-type": "DIMM", "source": 0, "status": 0},
+ { "slot": "2", "slot-type": "DIMM", "source": 0, "status": 0},
+ { "slot": "3", "slot-type": "DIMM", "source": 0, "status": 0}
+   ]}
+EQMP
-- 
MST

[Qemu-devel] [RFC 1/3] image-fuzzer: Added execution of multiple tests to the test runner

[Maria Kustova]

Apart from fixes this patch allows to run multiple tests in a row. If 'seed'
argument is not specified the runner generates and executes new tests one by
one till keyboard interruption. Specified seed forces the runner to execute
only one test with current seed and exit.

Signed-off-by: Maria Kustova 
---
 tests/image-fuzzer/runner/runner.py | 260 
 1 file changed, 260 insertions(+)
 create mode 100644 tests/image-fuzzer/runner/runner.py

diff --git a/tests/image-fuzzer/runner/runner.py 
b/tests/image-fuzzer/runner/runner.py
new file mode 100644
index 000..5d09b2e
--- /dev/null
+++ b/tests/image-fuzzer/runner/runner.py
@@ -0,0 +1,260 @@
+# Tool for running fuzz tests
+#
+# Copyright (C) 2014 Maria Kustova 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import sys, os, signal
+from time import time
+import subprocess
+import random
+from itertools import count
+from shutil import rmtree
+import getopt
+import resource
+resource.setrlimit(resource.RLIMIT_CORE, (-1, -1))
+
+
+def multilog(msg, *output):
+""" Write an object to all of specified file descriptors
+"""
+
+for fd in output:
+fd.write(msg)
+fd.flush()
+
+
+def str_signal(sig):
+""" Convert a numeric value of a system signal to the string one
+defined by the current operational system
+"""
+
+for k, v in signal.__dict__.items():
+if v == sig:
+return k
+
+
+class TestException(Exception):
+"""Exception for errors risen by TestEnv objects"""
+pass
+
+
+class TestEnv(object):
+""" Trivial test object
+
+The class sets up test environment, generates a test image and executes
+application under tests with specified arguments and a test image provided.
+All logs are collected.
+Summary log will contain short descriptions and statuses of tests in
+a run.
+Test log will include application (e.g. 'qemu-img') logs besides info sent
+to the summary log.
+"""
+
+def __init__(self, test_id, seed, work_dir, run_log, exec_bin=None,
+ cleanup=True, log_all=False):
+"""Set test environment in a specified work directory.
+
+Path to qemu_img will be retrieved from 'QEMU_IMG' environment
+variable, if a test binary is not specified.
+"""
+
+if seed is not None:
+self.seed = seed
+else:
+self.seed = hash(time())
+
+self.init_path = os.getcwd()
+self.work_dir = work_dir
+self.current_dir = os.path.join(work_dir, 'test-' + test_id)
+if exec_bin is not None:
+self.exec_bin = exec_bin.strip().split(' ')
+else:
+self.exec_bin = \
+os.environ.get('QEMU_IMG', 'qemu-img').strip().split(' ')
+
+try:
+os.makedirs(self.current_dir)
+except OSError:
+e = sys.exc_info()[1]
+print >>sys.stderr, \
+"Error: The working directory '%s' cannot be used. Reason: %s"\
+% (self.work_dir, e[1])
+raise TestException
+self.log = open(os.path.join(self.current_dir, "test.log"), "w")
+self.parent_log = open(run_log, "a")
+self.result = False
+self.cleanup = cleanup
+self.log_all = log_all
+
+def _test_app(self, q_args):
+""" Start application under test with specified arguments and return
+an exit code or a kill signal depending on result of an execution.
+"""
+devnull = open('/dev/null', 'r+')
+return subprocess.call(self.exec_bin + q_args + ['test_image'],
+   stdin=devnull, stdout=self.log, stderr=self.log)
+
+def execute(self, q_args):
+""" Execute a test.
+
+The method creates a test image, runs test app and analyzes its exit
+status. If the application was killed by a signal, the test is marked
+as failed.
+"""
+os.chdir(self.current_dir)
+# Seed initialization should be as close to image generation call
+# as posssible to avoid a corruption of random sequence
+random.seed(self.seed)
+image_generator.create_image('test_image')
+test_summary = "Seed: %s\nCommand: %s\nTest directory: %s\n" \
+   % (self.seed, " ".join(q_args), self.current_dir)
+try:
+ 

[Qemu-devel] [PULL v2 015/106] pc: exit QEMU if compat machine doesn't support memory hotlpug

[Michael S. Tsirkin]

From: Igor Mammedov 

... if user attempts to start it with memory hotplug enabled.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/pc.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 830aeee..4fad414 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1225,6 +1225,16 @@ FWCfgState *pc_memory_init(MemoryRegion *system_memory,
 e820_add_entry(0x1ULL, above_4g_mem_size, E820_RAM);
 }
 
+if (!guest_info->has_reserved_memory &&
+(machine->ram_slots ||
+ (machine->maxram_size > ram_size))) {
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+
+error_report("\"-memory 'slots|maxmem'\" is not supported by: %s",
+ mc->name);
+exit(EXIT_FAILURE);
+}
+
 /* initialize hotplug memory address space */
 if (guest_info->has_reserved_memory &&
 (ram_size < machine->maxram_size)) {
-- 
MST

[Qemu-devel] [PULL v2 010/106] memory: add memory_region_is_mapped() API

[Michael S. Tsirkin]

From: Igor Mammedov 

which allows to check if MemoryRegion is already mapped.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/exec/memory.h |  8 
 memory.c  | 10 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 1d55ad9..ab11c32 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -848,6 +848,14 @@ void memory_region_set_alias_offset(MemoryRegion *mr,
 bool memory_region_present(MemoryRegion *parent, hwaddr addr);
 
 /**
+ * memory_region_is_mapped: returns true if #MemoryRegion is mapped
+ * into any address space.
+ *
+ * @mr: a #MemoryRegion which should be checked if it's mapped
+ */
+bool memory_region_is_mapped(MemoryRegion *mr);
+
+/**
  * memory_region_find: translate an address/size relative to a
  * MemoryRegion into a #MemoryRegionSection.
  *
diff --git a/memory.c b/memory.c
index 678661e..93afea7 100644
--- a/memory.c
+++ b/memory.c
@@ -492,7 +492,7 @@ static AddressSpace 
*memory_region_to_address_space(MemoryRegion *mr)
 return as;
 }
 }
-abort();
+return NULL;
 }
 
 /* Render a memory region into the global view.  Ranges in @view obscure
@@ -1569,6 +1569,11 @@ bool memory_region_present(MemoryRegion *parent, hwaddr 
addr)
 return true;
 }
 
+bool memory_region_is_mapped(MemoryRegion *mr)
+{
+return mr->parent ? true : false;
+}
+
 MemoryRegionSection memory_region_find(MemoryRegion *mr,
hwaddr addr, uint64_t size)
 {
@@ -1586,6 +1591,9 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 }
 
 as = memory_region_to_address_space(root);
+if (!as) {
+return ret;
+}
 range = addrrange_make(int128_make64(addr), int128_make64(size));
 
 view = address_space_get_flatview(as);
-- 
MST

[Qemu-devel] [PULL v2 057/106] Add the vhost-user netdev backend to the command line

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

The supplied chardev id will be inspected for supported options. Only
a socket backend, with a set path (i.e. a Unix socket) and optionally
the server parameter set, will be allowed. Other options (nowait, telnet)
will make the chardev unusable and the netdev will not be initialised.

Additional checks for validity:
  - requires `-numa node,memdev=..`
  - requires `-device virtio-net-*`

The `vhostforce` option is used to force vhost-net when we deal with
non-MSIX guests.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Luiz Capitulino 
Reviewed-by: Eric Blake 
---
 qapi-schema.json   |  19 +-
 hw/net/vhost_net.c |   4 ++
 net/hub.c  |   1 +
 net/net.c  |   3 ++
 net/vhost-user.c   | 109 +++--
 hmp-commands.hx|   4 +-
 qemu-options.hx|  18 +
 7 files changed, 152 insertions(+), 6 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index dc2abe4..f5d89b0 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2069,6 +2069,22 @@
 '*devname':'str' } }
 
 ##
+# @NetdevVhostUserOptions
+#
+# Vhost-user network backend
+#
+# @chardev: name of a unix socket chardev
+#
+# @vhostforce: #optional vhost on for non-MSIX virtio guests (default: false).
+#
+# Since 2.1
+##
+{ 'type': 'NetdevVhostUserOptions',
+  'data': {
+'chardev':'str',
+'*vhostforce':'bool' } }
+
+##
 # @NetClientOptions
 #
 # A discriminated record of network device traits.
@@ -2086,7 +2102,8 @@
 'dump': 'NetdevDumpOptions',
 'bridge':   'NetdevBridgeOptions',
 'hubport':  'NetdevHubPortOptions',
-'netmap':   'NetdevNetmapOptions' } }
+'netmap':   'NetdevNetmapOptions',
+'vhost-user': 'NetdevVhostUserOptions' } }
 
 ##
 # @NetLegacy
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 5f06736..7ac7c21 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -15,6 +15,7 @@
 
 #include "net/net.h"
 #include "net/tap.h"
+#include "net/vhost-user.h"
 
 #include "hw/virtio/virtio-net.h"
 #include "net/vhost_net.h"
@@ -360,6 +361,9 @@ VHostNetState *get_vhost_net(NetClientState *nc)
 case NET_CLIENT_OPTIONS_KIND_TAP:
 vhost_net = tap_get_vhost_net(nc);
 break;
+case NET_CLIENT_OPTIONS_KIND_VHOST_USER:
+vhost_net = vhost_user_get_vhost_net(nc);
+break;
 default:
 break;
 }
diff --git a/net/hub.c b/net/hub.c
index 33a99c9..7e0f2d6 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -322,6 +322,7 @@ void net_hub_check_clients(void)
 case NET_CLIENT_OPTIONS_KIND_TAP:
 case NET_CLIENT_OPTIONS_KIND_SOCKET:
 case NET_CLIENT_OPTIONS_KIND_VDE:
+case NET_CLIENT_OPTIONS_KIND_VHOST_USER:
 has_host_dev = 1;
 break;
 default:
diff --git a/net/net.c b/net/net.c
index 6344160..de76e30 100644
--- a/net/net.c
+++ b/net/net.c
@@ -62,6 +62,7 @@ const char *host_net_devices[] = {
 #ifdef CONFIG_VDE
 "vde",
 #endif
+"vhost-user",
 NULL,
 };
 
@@ -802,6 +803,7 @@ static int (* const 
net_client_init_fun[NET_CLIENT_OPTIONS_KIND_MAX])(
 [NET_CLIENT_OPTIONS_KIND_BRIDGE]= net_init_bridge,
 #endif
 [NET_CLIENT_OPTIONS_KIND_HUBPORT]   = net_init_hubport,
+[NET_CLIENT_OPTIONS_KIND_VHOST_USER] = net_init_vhost_user,
 };
 
 
@@ -835,6 +837,7 @@ static int net_client_init1(const void *object, int 
is_netdev, Error **errp)
 case NET_CLIENT_OPTIONS_KIND_BRIDGE:
 #endif
 case NET_CLIENT_OPTIONS_KIND_HUBPORT:
+case NET_CLIENT_OPTIONS_KIND_VHOST_USER:
 break;
 
 default:
diff --git a/net/vhost-user.c b/net/vhost-user.c
index 4bdd19d..24e050c 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -12,6 +12,7 @@
 #include "net/vhost_net.h"
 #include "net/vhost-user.h"
 #include "sysemu/char.h"
+#include "qemu/config-file.h"
 #include "qemu/error-report.h"
 
 typedef struct VhostUserState {
@@ -21,9 +22,16 @@ typedef struct VhostUserState {
 VHostNetState *vhost_net;
 } VhostUserState;
 
+typedef struct VhostUserChardevProps {
+bool is_socket;
+bool is_unix;
+bool is_server;
+} VhostUserChardevProps;
+
 VHostNetState *vhost_user_get_vhost_net(NetClientState *nc)
 {
 VhostUserState *s = DO_UPCAST(VhostUserState, nc, nc);
+assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_VHOST_USER);
 return s->vhost_net;
 }
 
@@ -82,7 +90,7 @@ static bool vhost_user_has_ufo(NetClientState *nc)
 }
 
 static NetClientInfo net_vhost_user_info = {
-.type = 0,
+.type = NET_CLIENT_OPTIONS_KIND_VHOST_USER,
 .size = sizeof(VhostUserState),
 .cleanup = vhost_user_cleanup,
 .has_vnet_hdr = vhost_user_has_vnet_hdr,
@@ -148,8 +156,103 @@ static int net_vhost_user_init(NetClientState *peer, 
const char *device,
 return 0;
 }
 
+static int net_vhost_charde

[Qemu-devel] [PULL v2 060/106] Add qtest for vhost-user

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

This test creates a 'server' chardev to listen for vhost-user messages.
Once VHOST_USER_SET_MEM_TABLE is received it mmaps each received region,
and read 1k bytes from it. The read data is compared to data from readl.

The test requires hugetlbfs to be already mounted and writable. The mount
point defaults to '/hugetlbfs' and can be specified via the environment
variable QTEST_HUGETLBFS_PATH.

The rom pc-bios/pxe-virtio.rom is used to instantiate a virtio pcicontroller.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 

MST: fix up coding style
MST: disable vhost test temporarily

This test needs a bit more work: issues have been
found on legacy systems, disable it for now to
avoid false positives for people.
Will re-enable after issues are addressed.

Reported-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 312 
 tests/Makefile  |   4 +
 2 files changed, 316 insertions(+)
 create mode 100644 tests/vhost-user-test.c

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
new file mode 100644
index 000..7c826b4
--- /dev/null
+++ b/tests/vhost-user-test.c
@@ -0,0 +1,312 @@
+/*
+ * QTest testcase for the vhost-user
+ *
+ * Copyright (c) 2014 Virtual Open Systems Sarl.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "libqtest.h"
+#include "qemu/option.h"
+#include "sysemu/char.h"
+#include "sysemu/sysemu.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define QEMU_CMD_ACCEL  " -machine accel=tcg"
+#define QEMU_CMD_MEM" -m 512 -object 
memory-backend-file,id=mem,size=512M,"\
+"mem-path=%s,share=on -numa node,memdev=mem"
+#define QEMU_CMD_CHR" -chardev socket,id=chr0,path=%s"
+#define QEMU_CMD_NETDEV " -netdev vhost-user,id=net0,chardev=chr0,vhostforce"
+#define QEMU_CMD_NET" -device virtio-net-pci,netdev=net0 "
+#define QEMU_CMD_ROM" -option-rom ../pc-bios/pxe-virtio.rom"
+
+#define QEMU_CMDQEMU_CMD_ACCEL QEMU_CMD_MEM QEMU_CMD_CHR \
+QEMU_CMD_NETDEV QEMU_CMD_NET QEMU_CMD_ROM
+
+#define HUGETLBFS_MAGIC   0x958458f6
+
+/*** FROM hw/virtio/vhost-user.c */
+
+#define VHOST_MEMORY_MAX_NREGIONS8
+
+typedef enum VhostUserRequest {
+VHOST_USER_NONE = 0,
+VHOST_USER_GET_FEATURES = 1,
+VHOST_USER_SET_FEATURES = 2,
+VHOST_USER_SET_OWNER = 3,
+VHOST_USER_RESET_OWNER = 4,
+VHOST_USER_SET_MEM_TABLE = 5,
+VHOST_USER_SET_LOG_BASE = 6,
+VHOST_USER_SET_LOG_FD = 7,
+VHOST_USER_SET_VRING_NUM = 8,
+VHOST_USER_SET_VRING_ADDR = 9,
+VHOST_USER_SET_VRING_BASE = 10,
+VHOST_USER_GET_VRING_BASE = 11,
+VHOST_USER_SET_VRING_KICK = 12,
+VHOST_USER_SET_VRING_CALL = 13,
+VHOST_USER_SET_VRING_ERR = 14,
+VHOST_USER_MAX
+} VhostUserRequest;
+
+typedef struct VhostUserMemoryRegion {
+uint64_t guest_phys_addr;
+uint64_t memory_size;
+uint64_t userspace_addr;
+} VhostUserMemoryRegion;
+
+typedef struct VhostUserMemory {
+uint32_t nregions;
+uint32_t padding;
+VhostUserMemoryRegion regions[VHOST_MEMORY_MAX_NREGIONS];
+} VhostUserMemory;
+
+typedef struct VhostUserMsg {
+VhostUserRequest request;
+
+#define VHOST_USER_VERSION_MASK (0x3)
+#define VHOST_USER_REPLY_MASK   (0x1<<2)
+uint32_t flags;
+uint32_t size; /* the following payload size */
+union {
+uint64_t u64;
+struct vhost_vring_state state;
+struct vhost_vring_addr addr;
+VhostUserMemory memory;
+};
+} QEMU_PACKED VhostUserMsg;
+
+static VhostUserMsg m __attribute__ ((unused));
+#define VHOST_USER_HDR_SIZE (sizeof(m.request) \
++ sizeof(m.flags) \
++ sizeof(m.size))
+
+#define VHOST_USER_PAYLOAD_SIZE (sizeof(m) - VHOST_USER_HDR_SIZE)
+
+/* The version of the protocol we support */
+#define VHOST_USER_VERSION(0x1)
+/*/
+
+int fds_num = 0, fds[VHOST_MEMORY_MAX_NREGIONS];
+static VhostUserMemory memory;
+static GMutex data_mutex;
+static GCond data_cond;
+
+static void read_guest_mem(void)
+{
+uint32_t *guest_mem;
+gint64 end_time;
+int i, j;
+
+g_mutex_lock(&data_mutex);
+
+end_time = g_get_monotonic_time() + 5 * G_TIME_SPAN_SECOND;
+while (!fds_num) {
+if (!g_cond_wait_until(&data_cond, &data_mutex, end_time)) {
+/* timeout has passed */
+g_assert(fds_num);
+break;
+}
+}
+
+/* check for sanity */
+g_assert_cmpint(fds_num, >, 0);
+g_assert_cmpint(fds_num, ==, memory.nregions);
+
+/* iterate all regions */
+for (i = 0; i < fds_num; i++) {
+
+/* We'll check on

[Qemu-devel] [PULL 14/15] virtio-scsi: add support for the any_layout feature

[Paolo Bonzini]

Store the request and response headers by value, and let
virtio_scsi_parse_req check that there is only one of datain
and dataout.

Signed-off-by: Paolo Bonzini 
---
 hw/scsi/virtio-scsi.c   | 193 ++--
 include/hw/i386/pc.h|   4 +
 include/hw/virtio/virtio-scsi.h |   4 +-
 3 files changed, 109 insertions(+), 92 deletions(-)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 06fda89..3870c47 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -27,21 +27,27 @@ typedef struct VirtIOSCSIReq {
 QEMUSGList qsgl;
 SCSIRequest *sreq;
 size_t resp_size;
+enum SCSIXferMode mode;
+QEMUIOVector resp_iov;
 union {
-char  *buf;
-VirtIOSCSICmdResp *cmd;
-VirtIOSCSICtrlTMFResp *tmf;
-VirtIOSCSICtrlANResp  *an;
-VirtIOSCSIEvent   *event;
+VirtIOSCSICmdResp cmd;
+VirtIOSCSICtrlTMFResp tmf;
+VirtIOSCSICtrlANResp  an;
+VirtIOSCSIEvent   event;
 } resp;
 union {
-char  *buf;
-VirtIOSCSICmdReq  *cmd;
-VirtIOSCSICtrlTMFReq  *tmf;
-VirtIOSCSICtrlANReq   *an;
+struct {
+VirtIOSCSICmdReq  cmd;
+uint8_t   cdb[];
+} QEMU_PACKED;
+VirtIOSCSICtrlTMFReq  tmf;
+VirtIOSCSICtrlANReq   an;
 } req;
 } VirtIOSCSIReq;
 
+QEMU_BUILD_BUG_ON(offsetof(VirtIOSCSIReq, req.cdb) !=
+  offsetof(VirtIOSCSIReq, req.cmd) + sizeof(VirtIOSCSICmdReq));
+
 static inline int virtio_scsi_get_lun(uint8_t *lun)
 {
 return ((lun[2] << 8) | lun[3]) & 0x3FFF;
@@ -61,17 +67,21 @@ static inline SCSIDevice 
*virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
 static VirtIOSCSIReq *virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq)
 {
 VirtIOSCSIReq *req;
-req = g_malloc(sizeof(*req));
+VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
+
+req = g_malloc0(sizeof(*req) + vs->cdb_size);
 
 req->vq = vq;
 req->dev = s;
 req->sreq = NULL;
 qemu_sglist_init(&req->qsgl, DEVICE(s), 8, &address_space_memory);
+qemu_iovec_init(&req->resp_iov, 1);
 return req;
 }
 
 static void virtio_scsi_free_req(VirtIOSCSIReq *req)
 {
+qemu_iovec_destroy(&req->resp_iov);
 qemu_sglist_destroy(&req->qsgl);
 g_free(req);
 }
@@ -81,7 +91,9 @@ static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
 VirtIOSCSI *s = req->dev;
 VirtQueue *vq = req->vq;
 VirtIODevice *vdev = VIRTIO_DEVICE(s);
-virtqueue_push(vq, &req->elem, req->qsgl.size + 
req->elem.in_sg[0].iov_len);
+
+qemu_iovec_from_buf(&req->resp_iov, 0, &req->resp, req->resp_size);
+virtqueue_push(vq, &req->elem, req->qsgl.size + req->resp_iov.size);
 if (req->sreq) {
 req->sreq->hba_private = NULL;
 scsi_req_unref(req->sreq);
@@ -122,31 +134,35 @@ static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct 
iovec *iov,
 static int virtio_scsi_parse_req(VirtIOSCSIReq *req,
  unsigned req_size, unsigned resp_size)
 {
-if (req->elem.in_num == 0) {
-return -EINVAL;
-}
+size_t in_size, out_size;
 
-if (req->elem.out_sg[0].iov_len < req_size) {
+if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0,
+   &req->req, req_size) < req_size) {
 return -EINVAL;
 }
-if (req->elem.out_num) {
-req->req.buf = req->elem.out_sg[0].iov_base;
-}
 
-if (req->elem.in_sg[0].iov_len < resp_size) {
+if (qemu_iovec_concat_iov(&req->resp_iov,
+  req->elem.in_sg, req->elem.in_num, 0,
+  resp_size) < resp_size) {
 return -EINVAL;
 }
-req->resp.buf = req->elem.in_sg[0].iov_base;
 req->resp_size = resp_size;
 
-if (req->elem.out_num > 1) {
-qemu_sgl_concat(req, &req->elem.out_sg[1],
-&req->elem.out_addr[1],
-req->elem.out_num - 1, 0);
-} else {
-qemu_sgl_concat(req, &req->elem.in_sg[1],
-&req->elem.in_addr[1],
-req->elem.in_num - 1, 0);
+out_size = qemu_sgl_concat(req, req->elem.out_sg,
+   &req->elem.out_addr[0], req->elem.out_num,
+   req_size);
+in_size = qemu_sgl_concat(req, req->elem.in_sg,
+  &req->elem.in_addr[0], req->elem.in_num,
+  resp_size);
+
+if (out_size && in_size) {
+return -ENOTSUP;
+}
+
+if (out_size) {
+req->mode = SCSI_XFER_TO_DEV;
+} else if (in_size) {
+req->mode = SCSI_XFER_FROM_DEV;
 }
 
 return 0;
@@ -204,37 +220,34 @@ static void *virtio_scsi_load_request(QEMUFile *f, 
SCSIRequest *sreq)
 scsi_req_ref(sreq);
 req->sreq = sreq;
 if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
-int req_mode =
-(req->elem.in_num

[Qemu-devel] [PULL v2 051/106] vhost_net_init will use VhostNetOptions to get all its arguments

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

vhost_dev_init will replace devfd and devpath with a single opaque argument.
This is initialised with a file descriptor. When TAP is used (through
vhost_net), open /dev/vhost-net and pass the fd as an opaque parameter in
VhostNetOptions. The same applies to vhost-scsi - open /dev/vhost-scsi and
pass the fd.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/vhost.h |  2 +-
 include/net/vhost_net.h   |  8 +++-
 hw/net/vhost_net.c| 23 ---
 hw/scsi/vhost-scsi.c  | 10 +-
 hw/virtio/vhost.c | 12 +++-
 net/tap.c | 17 +
 6 files changed, 45 insertions(+), 27 deletions(-)

diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index df1f214..8afc6f9 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -51,7 +51,7 @@ struct vhost_dev {
 hwaddr mem_changed_end_addr;
 };
 
-int vhost_dev_init(struct vhost_dev *hdev, int devfd, const char *devpath,
+int vhost_dev_init(struct vhost_dev *hdev, void *opaque,
bool force);
 void vhost_dev_cleanup(struct vhost_dev *hdev);
 bool vhost_dev_query(struct vhost_dev *hdev, VirtIODevice *vdev);
diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index e2bd61c..2067ee2 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -6,7 +6,13 @@
 struct vhost_net;
 typedef struct vhost_net VHostNetState;
 
-VHostNetState *vhost_net_init(NetClientState *backend, int devfd, bool force);
+typedef struct VhostNetOptions {
+NetClientState *net_backend;
+void *opaque;
+bool force;
+} VhostNetOptions;
+
+struct vhost_net *vhost_net_init(VhostNetOptions *options);
 
 bool vhost_net_query(VHostNetState *net, VirtIODevice *dev);
 int vhost_net_start(VirtIODevice *dev, NetClientState *ncs, int total_queues);
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 0b45043..7a5523f 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -94,32 +94,34 @@ static int vhost_net_get_fd(NetClientState *backend)
 }
 }
 
-struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
- bool force)
+struct vhost_net *vhost_net_init(VhostNetOptions *options)
 {
 int r;
 struct vhost_net *net = g_malloc(sizeof *net);
-if (!backend) {
-fprintf(stderr, "vhost-net requires backend to be setup\n");
+
+if (!options->net_backend) {
+fprintf(stderr, "vhost-net requires net backend to be setup\n");
 goto fail;
 }
-r = vhost_net_get_fd(backend);
+
+r = vhost_net_get_fd(options->net_backend);
 if (r < 0) {
 goto fail;
 }
-net->nc = backend;
-net->dev.backend_features = qemu_has_vnet_hdr(backend) ? 0 :
+net->nc = options->net_backend;
+net->dev.backend_features = qemu_has_vnet_hdr(options->net_backend) ? 0 :
 (1 << VHOST_NET_F_VIRTIO_NET_HDR);
 net->backend = r;
 
 net->dev.nvqs = 2;
 net->dev.vqs = net->vqs;
 
-r = vhost_dev_init(&net->dev, devfd, "/dev/vhost-net", force);
+r = vhost_dev_init(&net->dev, options->opaque,
+   options->force);
 if (r < 0) {
 goto fail;
 }
-if (!qemu_has_vnet_hdr_len(backend,
+if (!qemu_has_vnet_hdr_len(options->net_backend,
sizeof(struct virtio_net_hdr_mrg_rxbuf))) {
 net->dev.features &= ~(1 << VIRTIO_NET_F_MRG_RXBUF);
 }
@@ -311,8 +313,7 @@ VHostNetState *get_vhost_net(NetClientState *nc)
 return vhost_net;
 }
 #else
-struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
- bool force)
+struct vhost_net *vhost_net_init(VhostNetOptions *options)
 {
 error_report("vhost-net support is not compiled in");
 return NULL;
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index a12d888..e4c98b4 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -210,6 +210,13 @@ static void vhost_scsi_realize(DeviceState *dev, Error 
**errp)
 error_setg(errp, "vhost-scsi: unable to parse vhostfd");
 return;
 }
+} else {
+vhostfd = open("/dev/vhost-scsi", O_RDWR);
+if (vhostfd < 0) {
+error_setg(errp, "vhost-scsi: open vhost char device failed: %s",
+   strerror(errno));
+return;
+}
 }
 
 virtio_scsi_common_realize(dev, &err);
@@ -222,7 +229,8 @@ static void vhost_scsi_realize(DeviceState *dev, Error 
**errp)
 s->dev.vqs = g_new(struct vhost_virtqueue, s->dev.nvqs);
 s->dev.vq_index = 0;
 
-ret = vhost_dev_init(&s->dev, vhostfd, "/dev/vhost-scsi", true);
+ret = vhost_dev_init(&s->dev, (void *)(uintptr_t)vhostfd,
+ true);
 if (ret < 0) {
 error_setg(errp, "vhost-scsi: vhost initialization failed: %s",
st

[Qemu-devel] [PULL v2 050/106] Refactor virtio-net to use generic get_vhost_net

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

This decouples virtio-net from the TAP netdev backend and allows support
for other backends to be implemented.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/net/vhost_net.h |  1 +
 hw/net/vhost_net.c  | 30 +++---
 hw/net/virtio-net.c | 29 -
 3 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index 2d936bb..e2bd61c 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -20,4 +20,5 @@ void vhost_net_ack_features(VHostNetState *net, unsigned 
features);
 bool vhost_net_virtqueue_pending(VHostNetState *net, int n);
 void vhost_net_virtqueue_mask(VHostNetState *net, VirtIODevice *dev,
   int idx, bool mask);
+VHostNetState *get_vhost_net(NetClientState *nc);
 #endif
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index dcec0f7..0b45043 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -233,7 +233,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 }
 
 for (i = 0; i < total_queues; i++) {
-r = vhost_net_start_one(tap_get_vhost_net(ncs[i].peer), dev, i * 2);
+r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev, i * 2);
 
 if (r < 0) {
 goto err;
@@ -250,7 +250,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 
 err:
 while (--i >= 0) {
-vhost_net_stop_one(tap_get_vhost_net(ncs[i].peer), dev);
+vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
 }
 return r;
 }
@@ -271,7 +271,7 @@ void vhost_net_stop(VirtIODevice *dev, NetClientState *ncs,
 assert(r >= 0);
 
 for (i = 0; i < total_queues; i++) {
-vhost_net_stop_one(tap_get_vhost_net(ncs[i].peer), dev);
+vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
 }
 }
 
@@ -291,6 +291,25 @@ void vhost_net_virtqueue_mask(VHostNetState *net, 
VirtIODevice *dev,
 {
 vhost_virtqueue_mask(&net->dev, dev, idx, mask);
 }
+
+VHostNetState *get_vhost_net(NetClientState *nc)
+{
+VHostNetState *vhost_net = 0;
+
+if (!nc) {
+return 0;
+}
+
+switch (nc->info->type) {
+case NET_CLIENT_OPTIONS_KIND_TAP:
+vhost_net = tap_get_vhost_net(nc);
+break;
+default:
+break;
+}
+
+return vhost_net;
+}
 #else
 struct vhost_net *vhost_net_init(NetClientState *backend, int devfd,
  bool force)
@@ -337,4 +356,9 @@ void vhost_net_virtqueue_mask(VHostNetState *net, 
VirtIODevice *dev,
   int idx, bool mask)
 {
 }
+
+VHostNetState *get_vhost_net(NetClientState *nc)
+{
+return 0;
+}
 #endif
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 318b033..d8588f3 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -115,14 +115,7 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t 
status)
 NetClientState *nc = qemu_get_queue(n->nic);
 int queues = n->multiqueue ? n->max_queues : 1;
 
-if (!nc->peer) {
-return;
-}
-if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
-return;
-}
-
-if (!tap_get_vhost_net(nc->peer)) {
+if (!get_vhost_net(nc->peer)) {
 return;
 }
 
@@ -132,7 +125,7 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t 
status)
 }
 if (!n->vhost_started) {
 int r;
-if (!vhost_net_query(tap_get_vhost_net(nc->peer), vdev)) {
+if (!vhost_net_query(get_vhost_net(nc->peer), vdev)) {
 return;
 }
 n->vhost_started = 1;
@@ -465,13 +458,10 @@ static uint32_t virtio_net_get_features(VirtIODevice 
*vdev, uint32_t features)
 features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
 }
 
-if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
-return features;
-}
-if (!tap_get_vhost_net(nc->peer)) {
+if (!get_vhost_net(nc->peer)) {
 return features;
 }
-return vhost_net_get_features(tap_get_vhost_net(nc->peer), features);
+return vhost_net_get_features(get_vhost_net(nc->peer), features);
 }
 
 static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
@@ -535,13 +525,10 @@ static void virtio_net_set_features(VirtIODevice *vdev, 
uint32_t features)
 for (i = 0;  i < n->max_queues; i++) {
 NetClientState *nc = qemu_get_subqueue(n->nic, i);
 
-if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
-continue;
-}
-if (!tap_get_vhost_net(nc->peer)) {
+if (!get_vhost_net(nc->peer)) {
 continue;
 }
-vhost_net_ack_features(tap_get_vhost_net(nc->peer), features);
+vhost_net_ack_features(get_vhost_net(nc->peer), features);
 }
 
 if ((1 << VIRTIO_NET_F_CTRL_VLAN) & features) {
@@ -1514,7 +1501,7 @@ static bool 
virtio_net

[Qemu-devel] [PULL v2 049/106] vhost_net should call the poll callback only when it is set

[Michael S. Tsirkin]

From: Nikolay Nikolaev 

The poll callback needs to be called when bringing up or down
the vhost_net instance. As it is not mandatory for an NetClient
to implement it, invoke it only when it is set.

Signed-off-by: Antonios Motakis 
Signed-off-by: Nikolay Nikolaev 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/net/vhost_net.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 6a9a32f..dcec0f7 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -168,7 +168,10 @@ static int vhost_net_start_one(struct vhost_net *net,
 goto fail_start;
 }
 
-net->nc->info->poll(net->nc, false);
+if (net->nc->info->poll) {
+net->nc->info->poll(net->nc, false);
+}
+
 qemu_set_fd_handler(net->backend, NULL, NULL, NULL);
 file.fd = net->backend;
 for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
@@ -185,7 +188,9 @@ fail:
 int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
 assert(r >= 0);
 }
-net->nc->info->poll(net->nc, true);
+if (net->nc->info->poll) {
+net->nc->info->poll(net->nc, true);
+}
 vhost_dev_stop(&net->dev, dev);
 fail_start:
 vhost_dev_disable_notifiers(&net->dev, dev);
@@ -206,7 +211,9 @@ static void vhost_net_stop_one(struct vhost_net *net,
 int r = ioctl(net->dev.control, VHOST_NET_SET_BACKEND, &file);
 assert(r >= 0);
 }
-net->nc->info->poll(net->nc, true);
+if (net->nc->info->poll) {
+net->nc->info->poll(net->nc, true);
+}
 vhost_dev_stop(&net->dev, dev);
 vhost_dev_disable_notifiers(&net->dev, dev);
 }
-- 
MST

[Qemu-devel] [PULL v2 026/106] acpi:ich9: add memory hotplug handling

[Michael S. Tsirkin]

From: Igor Mammedov 

Add memory hotplug initialization/handling to ICH9 LPC device
and enable it by default for post 2.0 machine types

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/ich9.h |  4 
 include/hw/i386/pc.h   |  7 ++-
 hw/acpi/ich9.c | 38 ++
 hw/isa/lpc_ich9.c  | 20 
 4 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index 104f419..1977f1b 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -23,6 +23,7 @@
 
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu_hotplug.h"
+#include "hw/acpi/memory_hotplug.h"
 
 typedef struct ICH9LPCPMRegs {
 /*
@@ -46,6 +47,8 @@ typedef struct ICH9LPCPMRegs {
 
 AcpiCpuHotplug gpe_cpu;
 Notifier cpu_added_notifier;
+
+MemHotplugState acpi_memory_hotplug;
 } ICH9LPCPMRegs;
 
 void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
@@ -55,4 +58,5 @@ extern const VMStateDescription vmstate_ich9_pm;
 
 void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm, Error **errp);
 
+void ich9_pm_device_plug_cb(ICH9LPCPMRegs *pm, DeviceState *dev, Error **errp);
 #endif /* HW_ACPI_ICH9_H */
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f6d4172..1635aed 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -286,7 +286,12 @@ int e820_get_num_entries(void);
 bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 #define PC_Q35_COMPAT_2_0 \
-PC_COMPAT_2_0
+PC_COMPAT_2_0, \
+{\
+.driver   = "ICH9 LPC",\
+.property = "memory-hotplug-support",\
+.value= "off",\
+}
 
 #define PC_Q35_COMPAT_1_7 \
 PC_COMPAT_1_7, \
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 407ae89..a818bed 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -34,6 +34,7 @@
 #include "exec/address-spaces.h"
 
 #include "hw/i386/ich9.h"
+#include "hw/mem/pc-dimm.h"
 
 //#define DEBUG
 
@@ -223,6 +224,11 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
 &pm->gpe_cpu, ICH9_CPU_HOTPLUG_IO_BASE);
 pm->cpu_added_notifier.notify = ich9_cpu_added_req;
 qemu_register_cpu_added_notifier(&pm->cpu_added_notifier);
+
+if (pm->acpi_memory_hotplug.is_enabled) {
+acpi_memory_hotplug_init(pci_address_space_io(lpc_pci), 
OBJECT(lpc_pci),
+ &pm->acpi_memory_hotplug);
+}
 }
 
 static void ich9_pm_get_gpe0_blk(Object *obj, Visitor *v,
@@ -235,9 +241,25 @@ static void ich9_pm_get_gpe0_blk(Object *obj, Visitor *v,
 visit_type_uint32(v, &value, name, errp);
 }
 
+static bool ich9_pm_get_memory_hotplug_support(Object *obj, Error **errp)
+{
+ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
+
+return s->pm.acpi_memory_hotplug.is_enabled;
+}
+
+static void ich9_pm_set_memory_hotplug_support(Object *obj, bool value,
+   Error **errp)
+{
+ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
+
+s->pm.acpi_memory_hotplug.is_enabled = value;
+}
+
 void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm, Error **errp)
 {
 static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
+pm->acpi_memory_hotplug.is_enabled = true;
 
 object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE,
&pm->pm_io_base, errp);
@@ -246,4 +268,20 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs 
*pm, Error **errp)
 NULL, NULL, pm, NULL);
 object_property_add_uint32_ptr(obj, ACPI_PM_PROP_GPE0_BLK_LEN,
&gpe0_len, errp);
+object_property_add_bool(obj, "memory-hotplug-support",
+ ich9_pm_get_memory_hotplug_support,
+ ich9_pm_set_memory_hotplug_support,
+ NULL);
+}
+
+void ich9_pm_device_plug_cb(ICH9LPCPMRegs *pm, DeviceState *dev, Error **errp)
+{
+if (pm->acpi_memory_hotplug.is_enabled &&
+object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+acpi_memory_plug_cb(&pm->acpi_regs, pm->irq, &pm->acpi_memory_hotplug,
+dev, errp);
+} else {
+error_setg(errp, "acpi: device plug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index ad43475..fb2b82d 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -599,6 +599,19 @@ static int ich9_lpc_init(PCIDevice *d)
 return 0;
 }
 
+static void ich9_device_plug_cb(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+ICH9LPCState *lpc = ICH9_LPC_DEVICE(hotplug_dev);
+
+ich9_pm_device_plug_cb(&lpc->pm, dev, errp);
+}
+
+static void ich9_device_unplug_cb(HotplugHandler *hotplug_dev,
+  DeviceS

[Qemu-devel] [PULL v2 031/106] pc: add "hotplug-memory-region-size" property to PC_MACHINE

[Michael S. Tsirkin]

From: Igor Mammedov 

... it will be used by acpi-build code and by unit tests

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h |  1 +
 hw/i386/pc.c | 19 +++
 2 files changed, 20 insertions(+)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 6050115..a2bf22c 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -35,6 +35,7 @@ struct PCMachineState {
 };
 
 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
+#define PC_MACHINE_MEMHP_REGION_SIZE "hotplug-memory-region-size"
 
 /**
  * PCMachineClass:
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 0bedd46..fec1e13 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -60,6 +60,7 @@
 #include "acpi-build.h"
 #include "hw/mem/pc-dimm.h"
 #include "trace.h"
+#include "qapi/visitor.h"
 
 /* debug PC/ISA interrupts */
 //#define DEBUG_IRQ
@@ -1629,6 +1630,23 @@ static HotplugHandler 
*pc_get_hotpug_handler(MachineState *machine,
 pcmc->get_hotplug_handler(machine, dev) : NULL;
 }
 
+static void
+pc_machine_get_hotplug_memory_region_size(Object *obj, Visitor *v, void 
*opaque,
+  const char *name, Error **errp)
+{
+PCMachineState *pcms = PC_MACHINE(obj);
+int64_t value = memory_region_size(&pcms->hotplug_memory);
+
+visit_type_int(v, &value, name, errp);
+}
+
+static void pc_machine_initfn(Object *obj)
+{
+object_property_add(obj, PC_MACHINE_MEMHP_REGION_SIZE, "int",
+pc_machine_get_hotplug_memory_region_size,
+NULL, NULL, NULL, NULL);
+}
+
 static void pc_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
@@ -1645,6 +1663,7 @@ static const TypeInfo pc_machine_info = {
 .parent = TYPE_MACHINE,
 .abstract = true,
 .instance_size = sizeof(PCMachineState),
+.instance_init = pc_machine_initfn,
 .class_size = sizeof(PCMachineClass),
 .class_init = pc_machine_class_init,
 .interfaces = (InterfaceInfo[]) {
-- 
MST

Re: [Qemu-devel] [PATCH v5 3/4] virtio-blk-test.c: change pci_nop() to virtblk_init()

[Andreas Färber]

Am 18.06.2014 18:24, schrieb Amos Kong:
> I want to add a new subtest in virtio-blk-test.c, it will start
> guest without network. The original pci_init() did nothing, but
> it's good to reserve a very simple initialization testing.
> 
> Signed-off-by: Amos Kong 
> Reviewed-by: Stefan Hajnoczi 
> ---
>  tests/virtio-blk-test.c | 13 ++---
>  1 file changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/tests/virtio-blk-test.c b/tests/virtio-blk-test.c
> index d53f875..0fdec01 100644
> --- a/tests/virtio-blk-test.c
> +++ b/tests/virtio-blk-test.c
> @@ -12,9 +12,12 @@
>  #include "libqtest.h"
>  #include "qemu/osdep.h"
>  
> -/* Tests only initialization so far. TODO: Replace with functional tests */

One thing of note here is that this TODO is neither resolved here nor
later in this series. Stefan had originally asked me to add it.

Andreas

> -static void pci_nop(void)
> +/* Tests only initialization */
> +static void virtblk_init(void)
>  {
> +qtest_start("-drive id=drv0,if=none,file=/dev/null "
> +"-device virtio-blk-pci,drive=drv0");
> +qtest_end();
>  }
>  
>  int main(int argc, char **argv)
[snip]

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PULL v2 071/106] memory: move RAM_PREALLOC_MASK to exec.c, rename

[Michael S. Tsirkin]

From: Paolo Bonzini 

Prepare for adding more flags.  The "_MASK" suffix is unique, kill it.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Hu Tao 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/exec/cpu-all.h | 3 ---
 exec.c | 9 ++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index eaddea6..f91581f 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -297,9 +297,6 @@ CPUArchState *cpu_copy(CPUArchState *env);
 
 /* memory API */
 
-/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
-#define RAM_PREALLOC_MASK   (1 << 0)
-
 typedef struct RAMBlock {
 struct MemoryRegion *mr;
 uint8_t *host;
diff --git a/exec.c b/exec.c
index f32e15d..98878a4 100644
--- a/exec.c
+++ b/exec.c
@@ -70,6 +70,9 @@ AddressSpace address_space_memory;
 MemoryRegion io_mem_rom, io_mem_notdirty;
 static MemoryRegion io_mem_unassigned;
 
+/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
+#define RAM_PREALLOC   (1 << 0)
+
 #endif
 
 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
@@ -1309,7 +1312,7 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void 
*host,
 new_block->fd = -1;
 new_block->host = host;
 if (host) {
-new_block->flags |= RAM_PREALLOC_MASK;
+new_block->flags |= RAM_PREALLOC;
 }
 return ram_block_add(new_block);
 }
@@ -1348,7 +1351,7 @@ void qemu_ram_free(ram_addr_t addr)
 QTAILQ_REMOVE(&ram_list.blocks, block, next);
 ram_list.mru_block = NULL;
 ram_list.version++;
-if (block->flags & RAM_PREALLOC_MASK) {
+if (block->flags & RAM_PREALLOC) {
 ;
 } else if (xen_enabled()) {
 xen_invalidate_map_cache_entry(block->host);
@@ -1380,7 +1383,7 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
 offset = addr - block->offset;
 if (offset < block->length) {
 vaddr = block->host + offset;
-if (block->flags & RAM_PREALLOC_MASK) {
+if (block->flags & RAM_PREALLOC) {
 ;
 } else if (xen_enabled()) {
 abort();
-- 
MST

[Qemu-devel] [PULL v2 064/106] NUMA: convert -numa option to use OptsVisitor

[Michael S. Tsirkin]

From: Wanlong Gao 

Signed-off-by: Wanlong Gao 
Signed-off-by: Igor Mammedov 
Tested-by: Eduardo Habkost 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Hu Tao 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 qapi-schema.json|  32 +++
 include/sysemu/sysemu.h |   3 +-
 numa.c  | 145 +++-
 vl.c|  11 +++-
 4 files changed, 114 insertions(+), 77 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index f5d89b0..e65b7b1 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3097,3 +3097,35 @@
   'btn' : 'InputBtnEvent',
   'rel' : 'InputMoveEvent',
   'abs' : 'InputMoveEvent' } }
+
+##
+# @NumaOptions
+#
+# A discriminated record of NUMA options. (for OptsVisitor)
+#
+# Since 2.1
+##
+{ 'union': 'NumaOptions',
+  'data': {
+'node': 'NumaNodeOptions' }}
+
+##
+# @NumaNodeOptions
+#
+# Create a guest NUMA node. (for OptsVisitor)
+#
+# @nodeid: #optional NUMA node ID (increase by 1 from 0 if omitted)
+#
+# @cpus: #optional VCPUs belonging to this node (assign VCPUS round-robin
+# if omitted)
+#
+# @mem: #optional memory size of this node (equally divide total memory among
+#nodes if omitted)
+#
+# Since: 2.1
+##
+{ 'type': 'NumaNodeOptions',
+  'data': {
+   '*nodeid': 'uint16',
+   '*cpus':   ['uint16'],
+   '*mem':'size' }}
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 3a9308b..4102be3 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -148,9 +148,10 @@ typedef struct node_info {
 DECLARE_BITMAP(node_cpu, MAX_CPUMASK_BITS);
 } NodeInfo;
 extern NodeInfo numa_info[MAX_NODES];
-void numa_add(const char *optarg);
 void set_numa_nodes(void);
 void set_numa_modes(void);
+extern QemuOptsList qemu_numa_opts;
+int numa_init_func(QemuOpts *opts, void *opaque);
 
 #define MAX_OPTION_ROMS 16
 typedef struct QEMUOptionRom {
diff --git a/numa.c b/numa.c
index f15c4c4..6fb0888 100644
--- a/numa.c
+++ b/numa.c
@@ -28,101 +28,96 @@
 #include "qom/cpu.h"
 #include "qemu/error-report.h"
 #include "include/exec/cpu-common.h" /* for RAM_ADDR_FMT */
-
-static void numa_node_parse_cpus(int nodenr, const char *cpus)
+#include "qapi-visit.h"
+#include "qapi/opts-visitor.h"
+#include "qapi/dealloc-visitor.h"
+#include "qapi/qmp/qerror.h"
+
+QemuOptsList qemu_numa_opts = {
+.name = "numa",
+.implied_opt_name = "type",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_numa_opts.head),
+.desc = { { 0 } } /* validated with OptsVisitor */
+};
+
+static void numa_node_parse(NumaNodeOptions *node, QemuOpts *opts, Error 
**errp)
 {
-char *endptr;
-unsigned long long value, endvalue;
+uint16_t nodenr;
+uint16List *cpus = NULL;
 
-/* Empty CPU range strings will be considered valid, they will simply
- * not set any bit in the CPU bitmap.
- */
-if (!*cpus) {
-return;
-}
-
-if (parse_uint(cpus, &value, &endptr, 10) < 0) {
-goto error;
-}
-if (*endptr == '-') {
-if (parse_uint_full(endptr + 1, &endvalue, 10) < 0) {
-goto error;
-}
-} else if (*endptr == '\0') {
-endvalue = value;
+if (node->has_nodeid) {
+nodenr = node->nodeid;
 } else {
-goto error;
+nodenr = nb_numa_nodes;
 }
 
-if (endvalue >= MAX_CPUMASK_BITS) {
-endvalue = MAX_CPUMASK_BITS - 1;
-fprintf(stderr,
-"qemu: NUMA: A max of %d VCPUs are supported\n",
- MAX_CPUMASK_BITS);
+if (nodenr >= MAX_NODES) {
+error_setg(errp, "Max number of NUMA nodes reached: %"
+   PRIu16 "\n", nodenr);
+return;
 }
 
-if (endvalue < value) {
-goto error;
+for (cpus = node->cpus; cpus; cpus = cpus->next) {
+if (cpus->value > MAX_CPUMASK_BITS) {
+error_setg(errp, "CPU number %" PRIu16 " is bigger than %d",
+   cpus->value, MAX_CPUMASK_BITS);
+return;
+}
+bitmap_set(numa_info[nodenr].node_cpu, cpus->value, 1);
 }
 
-bitmap_set(numa_info[nodenr].node_cpu, value, endvalue-value+1);
-return;
-
-error:
-fprintf(stderr, "qemu: Invalid NUMA CPU range: %s\n", cpus);
-exit(1);
+if (node->has_mem) {
+uint64_t mem_size = node->mem;
+const char *mem_str = qemu_opt_get(opts, "mem");
+/* Fix up legacy suffix-less format */
+if (g_ascii_isdigit(mem_str[strlen(mem_str) - 1])) {
+mem_size <<= 20;
+}
+numa_info[nodenr].node_mem = mem_size;
+}
 }
 
-void numa_add(const char *optarg)
+int numa_init_func(QemuOpts *opts, void *opaque)
 {
-char option[128];
-char *endptr;
-unsigned long long nodenr;
+NumaOptions *object = NULL;
+Error *err = NULL;
 
-optarg = get_opt_name(option, 128, optarg, ',');
-if (*optarg == ',') {
-optarg++;
+

[Qemu-devel] [PULL v2 028/106] pc: add acpi-device link to PCMachineState

[Michael S. Tsirkin]

From: Igor Mammedov 

the link will used later to access device implementing
ACPI functions instead of adhoc lookup in QOM tree.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h |  8 +++-
 hw/acpi/piix4.c  |  6 +-
 hw/i386/pc_piix.c| 12 +++-
 hw/i386/pc_q35.c | 10 ++
 hw/mips/mips_malta.c |  2 +-
 5 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 1635aed..6050115 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -21,6 +21,7 @@
  * @hotplug_memory_base: address in guest RAM address space where hotplug 
memory
  * address space begins.
  * @hotplug_memory: hotplug memory addess space container
+ * @acpi_dev: link to ACPI PM device that performs ACPI hotplug handling
  */
 struct PCMachineState {
 /*< private >*/
@@ -29,8 +30,12 @@ struct PCMachineState {
 /*  */
 ram_addr_t hotplug_memory_base;
 MemoryRegion hotplug_memory;
+
+HotplugHandler *acpi_dev;
 };
 
+#define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
+
 /**
  * PCMachineClass:
  * @get_hotplug_handler: pointer to parent class callback @get_hotplug_handler
@@ -210,7 +215,8 @@ void ioapic_init_gsi(GSIState *gsi_state, const char 
*parent_name);
 
 I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
   qemu_irq sci_irq, qemu_irq smi_irq,
-  int kvm_enabled, FWCfgState *fw_cfg);
+  int kvm_enabled, FWCfgState *fw_cfg,
+  DeviceState **piix4_pm);
 void piix4_smbus_register_device(SMBusDevice *dev, uint8_t addr);
 
 /* hpet.c */
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 17627ee..01b3b4c 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -483,13 +483,17 @@ Object *piix4_pm_find(void)
 
 I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
   qemu_irq sci_irq, qemu_irq smi_irq,
-  int kvm_enabled, FWCfgState *fw_cfg)
+  int kvm_enabled, FWCfgState *fw_cfg,
+  DeviceState **piix4_pm)
 {
 DeviceState *dev;
 PIIX4PMState *s;
 
 dev = DEVICE(pci_create(bus, devfn, TYPE_PIIX4_PM));
 qdev_prop_set_uint32(dev, "smb_io_base", smb_io_base);
+if (piix4_pm) {
+*piix4_pm = dev;
+}
 
 s = PIIX4_PM(dev);
 s->irq = sci_irq;
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index e133b6a..a13e8d6 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -74,6 +74,7 @@ static void pc_init1(MachineState *machine,
  int pci_enabled,
  int kvmclock_enabled)
 {
+PCMachineState *pc_machine = PC_MACHINE(machine);
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *system_io = get_system_io();
 int i;
@@ -246,14 +247,23 @@ static void pc_init1(MachineState *machine,
 }
 
 if (pci_enabled && acpi_enabled) {
+DeviceState *piix4_pm;
 I2CBus *smbus;
 
 smi_irq = qemu_allocate_irqs(pc_acpi_smi_interrupt, first_cpu, 1);
 /* TODO: Populate SPD eeprom data.  */
 smbus = piix4_pm_init(pci_bus, piix3_devfn + 3, 0xb100,
   gsi[9], *smi_irq,
-  kvm_enabled(), fw_cfg);
+  kvm_enabled(), fw_cfg, &piix4_pm);
 smbus_eeprom_init(smbus, 8, NULL, 0);
+
+object_property_add_link(OBJECT(machine), PC_MACHINE_ACPI_DEVICE_PROP,
+ TYPE_HOTPLUG_HANDLER,
+ (Object **)&pc_machine->acpi_dev,
+ object_property_allow_set_link,
+ OBJ_PROP_LINK_UNREF_ON_RELEASE, &error_abort);
+object_property_set_link(OBJECT(machine), OBJECT(piix4_pm),
+ PC_MACHINE_ACPI_DEVICE_PROP, &error_abort);
 }
 
 if (pci_enabled) {
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 0e77476..629eb2d 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -62,6 +62,7 @@ static bool has_reserved_memory = true;
 /* PC hardware initialisation */
 static void pc_q35_init(MachineState *machine)
 {
+PCMachineState *pc_machine = PC_MACHINE(machine);
 ram_addr_t below_4g_mem_size, above_4g_mem_size;
 Q35PCIHost *q35_host;
 PCIHostState *phb;
@@ -178,6 +179,15 @@ static void pc_q35_init(MachineState *machine)
 lpc = pci_create_simple_multifunction(host_bus, PCI_DEVFN(ICH9_LPC_DEV,
   ICH9_LPC_FUNC), true,
   TYPE_ICH9_LPC_DEVICE);
+
+object_property_add_link(OBJECT(machine), PC_MACHINE_ACPI_DEVICE_PROP,
+ TYPE_HOTPLUG_HANDLER,
+ (Object **)&pc_machine->acpi_dev,
+ object_property_allow_set_link,
+  

[Qemu-devel] [PULL v2 069/106] memory: reorganize file-based allocation

[Michael S. Tsirkin]

From: Paolo Bonzini 

Split the internal interface in exec.c to a separate function, and
push the check on mem_path up to memory_region_init_ram.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Hu Tao 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/exec/cpu-all.h  |   3 --
 include/exec/ram_addr.h |   2 +
 include/sysemu/sysemu.h |   2 +
 exec.c  | 105 +---
 memory.c|   7 +++-
 5 files changed, 73 insertions(+), 46 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index ed28f1e..eaddea6 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -325,9 +325,6 @@ typedef struct RAMList {
 } RAMList;
 extern RAMList ram_list;
 
-extern const char *mem_path;
-extern int mem_prealloc;
-
 /* Flags stored in the low bits of the TLB virtual address.  These are
defined so that fast path ram access is all zeros.  */
 /* Zero if TLB entry is valid.  */
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index b94de02..9b00638 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -22,6 +22,8 @@
 #ifndef CONFIG_USER_ONLY
 #include "hw/xen/xen.h"
 
+ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
+const char *mem_path);
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
MemoryRegion *mr);
 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index caf88dd..c4e1bbd 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -133,6 +133,8 @@ extern uint8_t *boot_splash_filedata;
 extern size_t boot_splash_filedata_size;
 extern uint8_t qemu_extra_params_fw[2];
 extern QEMUClockType rtc_clock;
+extern const char *mem_path;
+extern int mem_prealloc;
 
 #define MAX_NODES 128
 
diff --git a/exec.c b/exec.c
index 4e179a6..525fc04 100644
--- a/exec.c
+++ b/exec.c
@@ -1246,56 +1246,30 @@ static int memory_try_enable_merging(void *addr, size_t 
len)
 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
 }
 
-ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
-   MemoryRegion *mr)
+static ram_addr_t ram_block_add(RAMBlock *new_block)
 {
-RAMBlock *block, *new_block;
+RAMBlock *block;
 ram_addr_t old_ram_size, new_ram_size;
 
 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
 
-size = TARGET_PAGE_ALIGN(size);
-new_block = g_malloc0(sizeof(*new_block));
-new_block->fd = -1;
-
 /* This assumes the iothread lock is taken here too.  */
 qemu_mutex_lock_ramlist();
-new_block->mr = mr;
-new_block->offset = find_ram_offset(size);
-if (host) {
-new_block->host = host;
-new_block->flags |= RAM_PREALLOC_MASK;
-} else if (xen_enabled()) {
-if (mem_path) {
-fprintf(stderr, "-mem-path not supported with Xen\n");
-exit(1);
-}
-xen_ram_alloc(new_block->offset, size, mr);
-} else {
-if (mem_path) {
-if (phys_mem_alloc != qemu_anon_ram_alloc) {
-/*
- * file_ram_alloc() needs to allocate just like
- * phys_mem_alloc, but we haven't bothered to provide
- * a hook there.
- */
-fprintf(stderr,
-"-mem-path not supported with this accelerator\n");
-exit(1);
-}
-new_block->host = file_ram_alloc(new_block, size, mem_path);
-}
-if (!new_block->host) {
-new_block->host = phys_mem_alloc(size);
+new_block->offset = find_ram_offset(new_block->length);
+
+if (!new_block->host) {
+if (xen_enabled()) {
+xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
+} else {
+new_block->host = phys_mem_alloc(new_block->length);
 if (!new_block->host) {
 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
 new_block->mr->name, strerror(errno));
 exit(1);
 }
-memory_try_enable_merging(new_block->host, size);
+memory_try_enable_merging(new_block->host, new_block->length);
 }
 }
-new_block->length = size;
 
 /* Keep the list sorted from biggest to smallest block.  */
 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
@@ -1323,18 +1297,65 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, 
void *host,
old_ram_size, new_ram_size);
}
 }
-cpu_physical_memory_set_dirty_range(new_block->offset, size);
+cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
 
-qemu_ram_setup_dump(new_block->host, size);
-qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
-qemu_madvise(n

Re: [Qemu-devel] [PATCH 0/7] spapr: rework memory nodes

[Nishanth Aravamudan]

On 17.06.2014 [16:22:33 -0300], Eduardo Habkost wrote:
> On Tue, Jun 17, 2014 at 11:38:16AM -0700, Nishanth Aravamudan wrote:
> > On 17.06.2014 [11:07:00 -0300], Eduardo Habkost wrote:
> > 
> > > > If it is canonical and kosher way of using NUMA in QEMU, ok, we can use 
> > > > it.
> > > > I just fail to see why we need a requirement for nodes to go 
> > > > consequently
> > > > here. And it confuses me as a user a bit if I can add "-numa
> > > > node,nodeid=22" (no memory, no cpus) but do not get to see it in the 
> > > > guest.
> > > 
> > > I agree with you it is confusing. But before we support that use case,
> > > we need to make sure auto-allocation is handled properly, because it
> > > would be hard to fix it later without breaking compatibility.
> > > 
> > > We probably just need a "present" field on struct NodeInfo, so
> > > machine-specific code and auto-allocation code can differentiate nodes
> > > that are not present on the command-line from empty nodes that were
> > > specified in the command-line.
> > 
> > What/where is struct NodeInfo?
> 
> It was introduced very recently. See the pull request at:
> 
>   From: "Michael S. Tsirkin" 
>   Message-ID: <1403021756-15960-1-git-send-email-...@redhat.com>
>   Subject: [Qemu-devel] [PULL 000/103] pc, pci, virtio, hotplug fixes, 
> enhancements for 2.1
> 
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

Ah thank you very much!

Before I get cracking on some patches, wanted to clarify some things:

1) We need something like a "present" field to deal with
auto-allocation, which indicates a user-specified NUMA node.

2) We need something like a "defined" field to indicate which entries
are actually valid and which aren't just 0 because they weren't ever set
in order to support sparse node numbering.
2a) We could add a defined field to indicate the defined
entries, iterate over the entire array and skip those not
defined [keeps index:nodeid mapping, changes all loops]
2b) We could add a nodeid field to indicate the defined entries,
iterate over only nb_numa_nodes [breaks index:nodeid, keeps
loops the same, but requires using the nodeid member in the
loops, not guaranteed for the array to be sorted on nodeid]

I'm currently in favor of 2b, with perhaps a call to qsort on the array
after parsing to sort by node id? I'd have to audit the users of the
array to make sure they use the nodeid member and not the index, but
that should be straightforward.

These patches would probably need to go in before Alexey's series
(Alexey, I can rebase your patches on top, if you want).

Thanks,
Nish

[Qemu-devel] [PULL v2 038/106] ich: get rid of spaces in type name

[Michael S. Tsirkin]

Names with spaces in them are nasty, let's not go there.

Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/ich9.h | 2 +-
 include/hw/i386/pc.h   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index e191435..59ea25b 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -24,7 +24,7 @@ I2CBus *ich9_smb_init(PCIBus *bus, int devfn, uint32_t 
smb_io_base);
 
 #define ICH9_CC_SIZE(16 * 1024) /* 16KB */
 
-#define TYPE_ICH9_LPC_DEVICE "ICH9 LPC"
+#define TYPE_ICH9_LPC_DEVICE "ICH9-LPC"
 #define ICH9_LPC_DEVICE(obj) \
  OBJECT_CHECK(ICH9LPCState, (obj), TYPE_ICH9_LPC_DEVICE)
 
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index a2bf22c..2e6ac04 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -295,7 +295,7 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 #define PC_Q35_COMPAT_2_0 \
 PC_COMPAT_2_0, \
 {\
-.driver   = "ICH9 LPC",\
+.driver   = "ICH9-LPC",\
 .property = "memory-hotplug-support",\
 .value= "off",\
 }
-- 
MST

[Qemu-devel] [PULL v2 008/108] qdev: expose DeviceState.hotplugged field as a property

[Michael S. Tsirkin]

From: Igor Mammedov 

so that management could detect via QOM interface if device was
hotplugged

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/core/qdev.c | 17 +
 1 file changed, 17 insertions(+)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index fded645..3226a71 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -878,6 +878,20 @@ static bool device_get_hotpluggable(Object *obj, Error 
**errp)
 dev->parent_bus->allow_hotplug);
 }
 
+static bool device_get_hotplugged(Object *obj, Error **err)
+{
+DeviceState *dev = DEVICE(obj);
+
+return dev->hotplugged;
+}
+
+static void device_set_hotplugged(Object *obj, bool value, Error **err)
+{
+DeviceState *dev = DEVICE(obj);
+
+dev->hotplugged = value;
+}
+
 static void device_initfn(Object *obj)
 {
 DeviceState *dev = DEVICE(obj);
@@ -896,6 +910,9 @@ static void device_initfn(Object *obj)
  device_get_realized, device_set_realized, NULL);
 object_property_add_bool(obj, "hotpluggable",
  device_get_hotpluggable, NULL, NULL);
+object_property_add_bool(obj, "hotplugged",
+ device_get_hotplugged, device_set_hotplugged,
+ &error_abort);
 
 class = object_get_class(OBJECT(dev));
 do {
-- 
MST

[Qemu-devel] [PULL v2 041/106] migration: introduce self_announce_delay()

[Michael S. Tsirkin]

From: Jason Wang 

This patch introduces self_announce_delay() to calculate the delay for
the next announce round. This could be used by other device e.g
virtio-net who wants to do announcing by itself.

Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/migration/vmstate.h | 8 
 savevm.c| 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 6edce98..799d2d0 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -780,4 +780,12 @@ void vmstate_register_ram(struct MemoryRegion *memory, 
DeviceState *dev);
 void vmstate_unregister_ram(struct MemoryRegion *memory, DeviceState *dev);
 void vmstate_register_ram_global(struct MemoryRegion *memory);
 
+static inline
+int64_t self_announce_delay(int round)
+{
+assert(round < SELF_ANNOUNCE_ROUNDS && round > 0);
+/* delay 50ms, 150ms, 250ms, ... */
+return 50 + (SELF_ANNOUNCE_ROUNDS - round - 1) * 100;
+}
+
 #endif
diff --git a/savevm.c b/savevm.c
index f5273f3..e126023 100644
--- a/savevm.c
+++ b/savevm.c
@@ -97,7 +97,7 @@ static void qemu_announce_self_once(void *opaque)
 if (--count) {
 /* delay 50ms, 150ms, 250ms, ... */
 timer_mod(timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
-   50 + (SELF_ANNOUNCE_ROUNDS - count - 1) * 100);
+  self_announce_delay(count));
 } else {
 timer_del(timer);
 timer_free(timer);
-- 
MST

Re: [Qemu-devel] [v5 PATCH] target-mips: implement UserLocal Register

[Aurelien Jarno]

On Wed, Jun 18, 2014 at 05:48:20PM +0200, Petar Jovanovic wrote:
> From: Petar Jovanovic 
> 
> From MIPS documentation (Volume III):
> 
> UserLocal Register (CP0 Register 4, Select 2)
> Compliance Level: Recommended.
> 
> The UserLocal register is a read-write register that is not interpreted by
> the hardware and conditionally readable via the RDHWR instruction.
> 
> This register only exists if the Config3-ULRI register field is set.
> 
> Privileged software may write this register with arbitrary information and
> make it accessible to unprivileged software via register 29 (ULR) of the
> RDHWR instruction. To do so, bit 29 of the HWREna register must be set to a
> 1 to enable unprivileged access to the register.
> 
> Signed-off-by: Petar Jovanovic 

Thanks for this new version, I just applied it.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PULL 11/15] virtio-scsi: add extra argument and return type to qemu_sgl_concat

[Paolo Bonzini]

Will be used for anylayout support.

Signed-off-by: Paolo Bonzini 
---
 hw/scsi/virtio-scsi.c | 27 ---
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index ec9a536..0718626 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -95,14 +95,27 @@ static void virtio_scsi_bad_req(void)
 exit(1);
 }
 
-static void qemu_sgl_concat(VirtIOSCSIReq *req, struct iovec *sg,
-   hwaddr *addr, int num)
+static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct iovec *iov,
+  hwaddr *addr, int num, size_t skip)
 {
 QEMUSGList *qsgl = &req->qsgl;
-
-while (num--) {
-qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
+size_t copied = 0;
+
+while (num) {
+if (skip >= iov->iov_len) {
+skip -= iov->iov_len;
+} else {
+qemu_sglist_add(qsgl, *addr + skip, iov->iov_len - skip);
+copied += iov->iov_len - skip;
+skip = 0;
+}
+iov++;
+addr++;
+num--;
 }
+
+assert(skip == 0);
+return copied;
 }
 
 static int virtio_scsi_parse_req(VirtIOSCSIReq *req,
@@ -127,11 +140,11 @@ static int virtio_scsi_parse_req(VirtIOSCSIReq *req,
 if (req->elem.out_num > 1) {
 qemu_sgl_concat(req, &req->elem.out_sg[1],
 &req->elem.out_addr[1],
-req->elem.out_num - 1);
+req->elem.out_num - 1, 0);
 } else {
 qemu_sgl_concat(req, &req->elem.in_sg[1],
 &req->elem.in_addr[1],
-req->elem.in_num - 1);
+req->elem.in_num - 1, 0);
 }
 
 return 0;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2 0/7] virtio-scsi: do not rely on iov boundaries

[Paolo Bonzini]

Il 18/06/2014 18:17, Michael S. Tsirkin ha scritto:

Applied.
There was a trivial conflict in the last patch, please
verify the pci branch in my tree.


Hmm, I have sent it through Peter too. :)

Paolo

[Qemu-devel] [RFC 2/3] image-fuzzer: Initial generator of qcow2 fuzzed images

[Maria Kustova]

Qcow2 image generator is a python package providing create_image(img_path)
method required by the test runner.
It generates files containing fuzzed qcow2 image headers. Files are randomly
variable not only in fuzzed fields but in valid structure elements like image
and cluster size.

Signed-off-by: Maria Kustova 
---
 tests/image-fuzzer/qcow2/__init__.py |   1 +
 tests/image-fuzzer/qcow2/fuzz.py | 271 +++
 tests/image-fuzzer/qcow2/layout.py   | 125 
 3 files changed, 397 insertions(+)
 create mode 100644 tests/image-fuzzer/qcow2/__init__.py
 create mode 100644 tests/image-fuzzer/qcow2/fuzz.py
 create mode 100644 tests/image-fuzzer/qcow2/layout.py

diff --git a/tests/image-fuzzer/qcow2/__init__.py 
b/tests/image-fuzzer/qcow2/__init__.py
new file mode 100644
index 000..e2ebe19
--- /dev/null
+++ b/tests/image-fuzzer/qcow2/__init__.py
@@ -0,0 +1 @@
+from layout import create_image
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
new file mode 100644
index 000..6edf84b
--- /dev/null
+++ b/tests/image-fuzzer/qcow2/fuzz.py
@@ -0,0 +1,271 @@
+# Fuzzing functions for qcow2 fields
+#
+# Copyright (C) 2014 Maria Kustova 
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import random
+
+
+UINT32 = 2**32 - 1
+UINT64 = 2**64 - 1
+# Most significant bit orders
+UINT32_M = 31
+UINT64_M = 63
+
+
+def random_from_intervals(intervals):
+"""Select a random integer number from the list of specified intervals
+
+Each interval is a tuple of lower and upper limits of the interval. The
+limits are included. Intervals in a list should not overlap.
+"""
+total = reduce(lambda x, y: x + y[1] - y[0] + 1, intervals, 0)
+r = random.randint(0, total-1) + intervals[0][0]
+temp = zip(intervals, intervals[1:])
+for x in temp:
+r = r + (r > x[0][1])*(x[1][0] - x[0][1] - 1)
+return r
+
+
+def random_bits(bit_ranges):
+"""Generate random binary mask with ones in the specified bit ranges
+
+Each bit_ranges is a list of tuples of lower and upper limits of bit
+positions will be fuzzed. The limits are included. Random amount of bits
+in range limits will be set to ones. The mask is returned in decimal
+integer format.
+"""
+bit_numbers = []
+# Select random amount of random positions in bit_ranges
+for rng in bit_ranges:
+bit_numbers += random.sample(range(rng[0], rng[1] + 1),
+ random.randint(0, rng[1] - rng[0] + 1))
+val = 0
+# Set bits on selected possitions to ones
+for bit in bit_numbers:
+val |= 1 << bit
+return val
+
+
+def validator(current, intervals):
+"""Return a random value from intervals not equal to the current.
+
+This function is useful for selection from valid values except current one.
+"""
+val = random_from_intervals(intervals)
+if val == current:
+return validator(current, intervals)
+else:
+return val
+
+
+def bit_validator(current, bit_ranges):
+"""Return a random bit mask not equal to the current.
+
+This function is useful for selection from valid values except current one.
+"""
+
+val = random_bits(bit_ranges)
+if val == current:
+return bit_validator(current, bit_ranges)
+else:
+return val
+
+
+def selector(current, constraints, is_bitmask=None):
+"""Select one value from all defined by constraints
+
+Each constraint produces one random value satisfying to it. The function
+randomly selects one value satisfying at least one constraint (depending on
+constraints overlaps).
+"""
+if is_bitmask is None:
+validate = validator
+else:
+validate = bit_validator
+
+def iter_validate(c):
+"""Apply validate() only to constraints represented as lists
+
+This auxiliary function replaces short circuit conditions not supported
+in Python 2.4
+"""
+if type(c) == list:
+return validate(current, c)
+else:
+return c
+fuzz_values = [iter_validate(c) for c in constraints]
+# Remove current for cases it's implicitly specified in constraints
+# Duplicate validator functionality to prevent decreasing of probability
+# to get one of allowable values
+# TODO: remove validators after implementation 

[Qemu-devel] [PULL v2 023/106] acpi:piix4: allow plug/unlug callbacks handle not only PCI devices

[Michael S. Tsirkin]

From: Igor Mammedov 

... and report error if plugged in device is not supported.
Later these callbacks will be used by memory hotplug.

Signed-off-by: Igor Mammedov 
Acked-by: Peter Crosthwaite 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/acpi/piix4.c | 31 ++-
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 252bbf2..c9c6b8b 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -308,19 +308,32 @@ static void piix4_pm_powerdown_req(Notifier *n, void 
*opaque)
 acpi_pm1_evt_power_down(&s->ar);
 }
 
-static void piix4_pci_device_plug_cb(HotplugHandler *hotplug_dev,
- DeviceState *dev, Error **errp)
+static void piix4_device_plug_cb(HotplugHandler *hotplug_dev,
+ DeviceState *dev, Error **errp)
 {
 PIIX4PMState *s = PIIX4_PM(hotplug_dev);
-acpi_pcihp_device_plug_cb(&s->ar, s->irq, &s->acpi_pci_hotplug, dev, errp);
+
+if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
+acpi_pcihp_device_plug_cb(&s->ar, s->irq, &s->acpi_pci_hotplug, dev,
+  errp);
+} else {
+error_setg(errp, "acpi: device plug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
-static void piix4_pci_device_unplug_cb(HotplugHandler *hotplug_dev,
-   DeviceState *dev, Error **errp)
+static void piix4_device_unplug_cb(HotplugHandler *hotplug_dev,
+   DeviceState *dev, Error **errp)
 {
 PIIX4PMState *s = PIIX4_PM(hotplug_dev);
-acpi_pcihp_device_unplug_cb(&s->ar, s->irq, &s->acpi_pci_hotplug, dev,
-errp);
+
+if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
+acpi_pcihp_device_unplug_cb(&s->ar, s->irq, &s->acpi_pci_hotplug, dev,
+errp);
+} else {
+error_setg(errp, "acpi: device unplug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 static void piix4_update_bus_hotplug(PCIBus *pci_bus, void *opaque)
@@ -551,8 +564,8 @@ static void piix4_pm_class_init(ObjectClass *klass, void 
*data)
  */
 dc->cannot_instantiate_with_device_add_yet = true;
 dc->hotpluggable = false;
-hc->plug = piix4_pci_device_plug_cb;
-hc->unplug = piix4_pci_device_unplug_cb;
+hc->plug = piix4_device_plug_cb;
+hc->unplug = piix4_device_unplug_cb;
 }
 
 static const TypeInfo piix4_pm_info = {
-- 
MST

[Qemu-devel] [PULL v2 062/106] NUMA: check if the total numa memory size is equal to ram_size

[Michael S. Tsirkin]

From: Wanlong Gao 

If the total number of the assigned numa nodes memory is not
equal to the assigned ram size, it will write the wrong data
to ACPI table, then the guest will ignore the wrong ACPI table
and recognize all memory to one node. It's buggy, we should
check it to ensure that we write the right data to ACPI table.

Signed-off-by: Wanlong Gao 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Hu Tao 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Michael S. Tsirkin 

MST: error message reworded
---
 numa.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/numa.c b/numa.c
index bd0d2b7..e403399 100644
--- a/numa.c
+++ b/numa.c
@@ -26,6 +26,8 @@
 #include "exec/cpu-common.h"
 #include "qemu/bitmap.h"
 #include "qom/cpu.h"
+#include "qemu/error-report.h"
+#include "include/exec/cpu-common.h" /* for RAM_ADDR_FMT */
 
 static void numa_node_parse_cpus(int nodenr, const char *cpus)
 {
@@ -126,6 +128,7 @@ void numa_add(const char *optarg)
 void set_numa_nodes(void)
 {
 if (nb_numa_nodes > 0) {
+uint64_t numa_total;
 int i;
 
 if (nb_numa_nodes > MAX_NODES) {
@@ -153,6 +156,17 @@ void set_numa_nodes(void)
 node_mem[i] = ram_size - usedmem;
 }
 
+numa_total = 0;
+for (i = 0; i < nb_numa_nodes; i++) {
+numa_total += node_mem[i];
+}
+if (numa_total != ram_size) {
+error_report("total memory for NUMA nodes (%" PRIu64 ")"
+ " should equal RAM size (" RAM_ADDR_FMT ")",
+ numa_total, ram_size);
+exit(1);
+}
+
 for (i = 0; i < nb_numa_nodes; i++) {
 if (!bitmap_empty(node_cpumask[i], MAX_CPUMASK_BITS)) {
 break;
-- 
MST

[Qemu-devel] [PULL v2 022/106] trace: pc: add PC_DIMM slot & address allocation

[Michael S. Tsirkin]

From: Igor Mammedov 

Add mhp_pc_dimm_assigned_slot & mhp_pc_dimm_assigned_address
events to trace which address and slot where assigned to
plugged in PC_DIMM device on target-i386 machine.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/pc.c | 3 +++
 trace-events | 4 
 2 files changed, 7 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index be5e3bb..c9d888f 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -59,6 +59,7 @@
 #include "hw/pci/pci_host.h"
 #include "acpi-build.h"
 #include "hw/mem/pc-dimm.h"
+#include "trace.h"
 
 /* debug PC/ISA interrupts */
 //#define DEBUG_IRQ
@@ -1572,6 +1573,7 @@ static void pc_dimm_plug(HotplugHandler *hotplug_dev,
 if (local_err) {
 goto out;
 }
+trace_mhp_pc_dimm_assigned_address(addr);
 
 slot = object_property_get_int(OBJECT(dev), PC_DIMM_SLOT_PROP, &local_err);
 if (local_err) {
@@ -1587,6 +1589,7 @@ static void pc_dimm_plug(HotplugHandler *hotplug_dev,
 if (local_err) {
 goto out;
 }
+trace_mhp_pc_dimm_assigned_slot(slot);
 
 memory_region_add_subregion(&pcms->hotplug_memory,
 addr - pcms->hotplug_memory_base, mr);
diff --git a/trace-events b/trace-events
index d7d6a10..ba01ad5 100644
--- a/trace-events
+++ b/trace-events
@@ -1285,6 +1285,10 @@ mhp_acpi_write_ost_ev(uint32_t slot, uint32_t ev) 
"slot[0x%"PRIx32"] OST EVENT:
 mhp_acpi_write_ost_status(uint32_t slot, uint32_t st) "slot[0x%"PRIx32"] OST 
STATUS: 0x%"PRIx32
 mhp_acpi_clear_insert_evt(uint32_t slot) "slot[0x%"PRIx32"] clear insert event"
 
+#hw/i386/pc.c
+mhp_pc_dimm_assigned_slot(int slot) "0x%d"
+mhp_pc_dimm_assigned_address(uint64_t addr) "0x%"PRIx64
+
 # target-s390x/kvm.c
 kvm_enable_cmma(int rc) "CMMA: enabling with result code %d"
 kvm_clear_cmma(int rc) "CMMA: clearing with result code %d"
-- 
MST