[Qemu-devel] [question] How is the progress of optimizing qcow2_check_metadata_overlap() with reagard to cpu overhead?

[Zhang Haoyu]

Hi, Max

How is the progress of optimizing qcow2_check_metadata_overlap?
http://thread.gmane.org/gmane.comp.emulators.kvm.devel/127037/focus=127364

Thanks,
Zhang Haoyu

Re: [Qemu-devel] [PATCH] net/slirp: specify logbase for smbd

[Jan Kiszka]

On 2014-10-24 22:37, Michael Tokarev wrote:
> It looks like smbd always logs to /var/log/samba/log.$progname
> even if config file specifies different logfile -- when it needs
> to log something before completing reading the config file.  But
> if it can't open it for writing, it fails and exits.  Tell smbd
> to use our temp dir as logbase (-l option) to avoid that.
> 
> The same option is used by samba3 and samba4, so there should
> be no incompatible changes.
> 
> Signed-off-by: Michael Tokarev 
> ---
>  net/slirp.c |4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/net/slirp.c b/net/slirp.c
> index c171119..920af30 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -549,8 +549,8 @@ static int slirp_smb(SlirpState* s, const char 
> *exported_dir,
>  );
>  fclose(f);
>  
> -snprintf(smb_cmdline, sizeof(smb_cmdline), "%s -s %s",
> - CONFIG_SMBD_COMMAND, smb_conf);
> +snprintf(smb_cmdline, sizeof(smb_cmdline), "%s -l %s -s %s",
> + CONFIG_SMBD_COMMAND, s->smb_dir, smb_conf);
>  
>  if (slirp_add_exec(s->slirp, 0, smb_cmdline, &vserver_addr, 139) < 0 ||
>  slirp_add_exec(s->slirp, 0, smb_cmdline, &vserver_addr, 445) < 0) {
> 

Cool, works for me as well!

Reviewed-and-tested-by: Jan Kiszka 

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] slirp-smb broken with Samba 4.1

[Jan Kiszka]

On 2014-10-24 22:43, Michael Tokarev wrote:
> But I really wonder if we should run a helper script to set things
> up instead of hardcoding it all into qemu binary...  It is so much
> easier to modify and debug the script.

Yes, seems reasonable. I would review and test a patch if you like to
look into this.

Jan




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [RFC PATCH 2/2] Assign a new irq handler while irqfd enabled

[john.liuli]

From: Li Liu 

This irq handler will get the interrupt reason from a
shared memory. And will be assigned only while irqfd
enabled.

Signed-off-by: Li Liu 
---
 drivers/virtio/virtio_mmio.c |   34 --
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
index 28ddb55..7229605 100644
--- a/drivers/virtio/virtio_mmio.c
+++ b/drivers/virtio/virtio_mmio.c
@@ -259,7 +259,31 @@ static irqreturn_t vm_interrupt(int irq, void *opaque)
return ret;
 }
 
+/* Notify all virtqueues on an interrupt. */
+static irqreturn_t vm_interrupt_irqfd(int irq, void *opaque)
+{
+   struct virtio_mmio_device *vm_dev = opaque;
+   struct virtio_mmio_vq_info *info;
+   unsigned long status;
+   unsigned long flags;
+   irqreturn_t ret = IRQ_NONE;
 
+   /* Read the interrupt reason and reset it */
+   status = *vm_dev->isr_mem;
+   *vm_dev->isr_mem = 0x0;
+
+   if (unlikely(status & VIRTIO_MMIO_INT_CONFIG)) {
+   virtio_config_changed(&vm_dev->vdev);
+   ret = IRQ_HANDLED;
+   }
+
+   spin_lock_irqsave(&vm_dev->lock, flags);
+   list_for_each_entry(info, &vm_dev->virtqueues, node)
+   ret |= vring_interrupt(irq, info->vq);
+   spin_unlock_irqrestore(&vm_dev->lock, flags);
+
+   return ret;
+}
 
 static void vm_del_vq(struct virtqueue *vq)
 {
@@ -391,6 +415,7 @@ error_available:
return ERR_PTR(err);
 }
 
+#define VIRTIO_MMIO_F_IRQFD(1 << 7)
 static int vm_find_vqs(struct virtio_device *vdev, unsigned nvqs,
   struct virtqueue *vqs[],
   vq_callback_t *callbacks[],
@@ -400,8 +425,13 @@ static int vm_find_vqs(struct virtio_device *vdev, 
unsigned nvqs,
unsigned int irq = platform_get_irq(vm_dev->pdev, 0);
int i, err;
 
-   err = request_irq(irq, vm_interrupt, IRQF_SHARED,
-   dev_name(&vdev->dev), vm_dev);
+   if (*vm_dev->isr_mem & VIRTIO_MMIO_F_IRQFD) {
+   err = request_irq(irq, vm_interrupt_irqfd, IRQF_SHARED,
+ dev_name(&vdev->dev), vm_dev);
+   } else {
+   err = request_irq(irq, vm_interrupt, IRQF_SHARED,
+ dev_name(&vdev->dev), vm_dev);
+   }
if (err)
return err;
 
-- 
1.7.9.5

[Qemu-devel] [RFC PATCH 0/2] virtio-mmio: add irqfd support for vhost-net based on virtio-mmio

[john.liuli]

From: Li Liu 

This set of patches try to implemet irqfd support of vhost-net 
based on virtio-mmio.

I had posted a mail to talking about the status of vhost-net 
on kvm-arm refer to http://www.spinics.net/lists/kvm-arm/msg10804.html.
Some dependent patches are listed in the mail too. Basically the 
vhost-net brings great performance improvements, almost 50%+.

It's easy to implement irqfd support with PCI MSI-X. But till 
now arm32 do not provide equivalent mechanism to let a device 
allocate multiple interrupts. And even the aarch64 provid LPI
but also not available in a short time.

As Gauguey Remy said "Vhost does not emulate a complete virtio 
adapter but only manage virtqueue operations". Vhost module
don't update the ISR register, so if with only one irq then it's 
no way to get the interrupt reason even we can inject the 
irq correctly.  

To get the interrupt reason to support such VIRTIO_NET_F_STATUS 
features I add a new register offset VIRTIO_MMIO_ISRMEM which 
will help to establish a shared memory region between qemu and 
virtio-mmio device. Then the interrupt reason can be accessed by
guest driver through this region. At the same time, the virtio-mmio 
dirver check this region to see irqfd is supported or not during 
the irq handler registration, and different handler will be assigned.

I want to know it's the right direction? Does it comply with the 
virtio-mmio spec.? Or anyone have more good ideas to emulate mis-x 
based on virtio-mmio? I hope to get feedback and guidance.
Thx for any help.

Li Liu (2):
  Add a new register offset let interrupt reason available
  Assign a new irq handler while irqfd enabled

 drivers/virtio/virtio_mmio.c |   55 +++---
 include/linux/virtio_mmio.h  |3 +++
 2 files changed, 55 insertions(+), 3 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [RFC PATCH 1/2] Add a new register offset let interrupt reason available

[john.liuli]

From: Li Liu 

Add a new register offset VIRTIO_MMIO_ISRMEM which help to
estblish a shared memory region between virtio-mmio driver
and qemu with two purposes:

1.Guest virtio-mmio driver can get the interrupt reason.
2.Check irqfd enabled or not to register different irq handler.

Signed-off-by: Li Liu 
---
 drivers/virtio/virtio_mmio.c |   21 -
 include/linux/virtio_mmio.h  |3 +++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
index ef9a165..28ddb55 100644
--- a/drivers/virtio/virtio_mmio.c
+++ b/drivers/virtio/virtio_mmio.c
@@ -122,6 +122,8 @@ struct virtio_mmio_device {
/* a list of queues so we can dispatch IRQs */
spinlock_t lock;
struct list_head virtqueues;
+
+   uint8_t *isr_mem;
 };
 
 struct virtio_mmio_vq_info {
@@ -443,6 +445,7 @@ static int virtio_mmio_probe(struct platform_device *pdev)
struct virtio_mmio_device *vm_dev;
struct resource *mem;
unsigned long magic;
+   int err;
 
mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
if (!mem)
@@ -481,6 +484,15 @@ static int virtio_mmio_probe(struct platform_device *pdev)
return -ENXIO;
}
 
+   vm_dev->isr_mem = alloc_pages_exact(PAGE_SIZE, GFP_KERNEL|__GFP_ZERO);
+   if (vm_dev->isr_mem == NULL) {
+   dev_err(&pdev->dev, "Allocate isr memory failed!\n");
+   return -ENOMEM;
+   }
+
+   writel(virt_to_phys(vm_dev->isr_mem),
+  vm_dev->base + VIRTIO_MMIO_ISRMEM);
+
vm_dev->vdev.id.device = readl(vm_dev->base + VIRTIO_MMIO_DEVICE_ID);
vm_dev->vdev.id.vendor = readl(vm_dev->base + VIRTIO_MMIO_VENDOR_ID);
 
@@ -488,13 +500,20 @@ static int virtio_mmio_probe(struct platform_device *pdev)
 
platform_set_drvdata(pdev, vm_dev);
 
-   return register_virtio_device(&vm_dev->vdev);
+   err = register_virtio_device(&vm_dev->vdev);
+   if (err) {
+   free_pages_exact(vm_dev->isr_mem, PAGE_SIZE);
+   vm_dev->isr_mem = NULL;
+   }
+
+   return err;
 }
 
 static int virtio_mmio_remove(struct platform_device *pdev)
 {
struct virtio_mmio_device *vm_dev = platform_get_drvdata(pdev);
 
+   free_pages_exact(vm_dev->isr_mem, PAGE_SIZE);
unregister_virtio_device(&vm_dev->vdev);
 
return 0;
diff --git a/include/linux/virtio_mmio.h b/include/linux/virtio_mmio.h
index 5c7b6f0..b1e3ec7 100644
--- a/include/linux/virtio_mmio.h
+++ b/include/linux/virtio_mmio.h
@@ -95,6 +95,9 @@
 /* Device status register - Read Write */
 #define VIRTIO_MMIO_STATUS 0x070
 
+/* Allocate ISRMEM for interrupt reason - Write Only */
+#define VIRTIO_MMIO_ISRMEM 0x080
+
 /* The config space is defined by each driver as
  * the per-driver configuration space - Read Write */
 #define VIRTIO_MMIO_CONFIG 0x100
-- 
1.7.9.5

Re: [Qemu-devel] [Nbd] spec, RFC: TLS support for NBDµ

[Wouter Verhelst]

Hi all,

I haven't seen a reply to this anymore. Do people still have comments?
I'm planning on doing a release of nbd later this weekend, and would
like to include this (not the TLS implementation yet, but at least the
spec)

Thanks,

On Tue, Oct 21, 2014 at 08:30:05PM +0200, Wouter Verhelst wrote:
> Hi Markus,
> 
> On Tue, Oct 21, 2014 at 10:17:17AM +0200, Markus Armbruster wrote:
> > Wouter Verhelst  writes:
> > > On Mon, Oct 20, 2014 at 01:51:43PM +0200, Markus Armbruster wrote:
> [...]
> > >> Furthermore, STARTTLS is vulnerable to active attacks: if you can get
> > >> between the peers, you can make them fall back to unencrypted silently.
> > >> How do you plan to guard against that?
> > >
> > > As I've said before in this discussion, encryption downgrade attacks are
> > > not specific to STARTTLS; as soon as you have have an "encrypted" and an
> > > "unencrypted" variant of a protocol, that becomes a problem. After all,
> > > if an attacker can modify the communication so that STARTTLS is filtered
> > > out of the communication, they can most likely also redirect all traffic
> > > to a decrypting/encrypting proxy.
> > >
> > > The only way to fix that is through userspace; make "opportunistic" TLS
> > > (i.e., use it if available, but move on if not) difficult to achieve.
> > >
> > >> See also https://www.agwa.name/blog/post/starttls_considered_harmful
> > >
> > > A random blog post by an author who is speaking about STARTTLS in
> > > general terms is not a good technical argument for why STARTTLS is a bad
> > > idea in *this* specific case.
> > 
> > Misunderstanding.  I didn't mean to claim "STARTTLS is bad".  If I
> > wanted to say that, I would've said it directly.  I was merely asking
> > how you plan to guard against downgrade attacks.  I gather your advice
> > is to make the client (QEMU) insist on TLS, and check the server's
> > certificate.  Correct?
> 
> My advice is to give both client and server the ability to have TLS
> switched on or off, and possibly (but not necessarily so, and certainly
> not by default) also the _ability_ to negotiate TLS if the other side
> supports it, while not aborting if it doesn't.
> 
> > > If I was defining a new protocol from scratch, I might dump the whole
> > > thing in TLS to begin with. But that's just not the case, so I have to
> > > deal with what exists already.
> > 
> > Yes.  You can still start over on a separate port.  However:
> 
> No, I can't, at least not if I want to continue to use an assigned port
> without breaking backwards compatibility. When 10809 was assigned to
> NBD, IANA made it perfectly clear that I wouldn't get a new port number
> for a "secure" variant.
> 
> > > In addition, with the current state of affairs, it is *not possible* to
> > > swap to an NBD device if you need to pipe its data through a separate
> > > socket than the one you're handing to the kernel. The result of that is
> > > that you can't do TLS on a device you want to swap to. This means we
> > > need to continue to support a protocol that can do TLS for some exports,
> > > and plain (unencrypted) traffic for other exports, *in the same running
> > > nbd-server instance*.
> > 
> > I don't understand enough about NBD to challenge this argument.  The sad
> > consequence is more complexity and a larger attack surface.
> > 
> > Out of curiosity: is this "merely" an implementation restriction, or is
> > it more fundamental?
> 
> Well, to some extent, every software issue is merely an implementation
> restriction...
> 
> The problem is that in order to clear memory when your swap device is on
> the other side of a network connection, you need to write to said swap
> device, which causes TCP traffic, which means the kernel needs to read
> TCP ACK packets (or in the case of NBD, the reply packet to the
> NBD_CMD_WRITE request that you sent out) to ensure that the traffic has
> in fact reached its destination. Unfortunately, you can't impose
> ordering on incoming network traffic, so that means you may need to read
> through a whole lot of youtube MPEG traffic or some such in order to
> find your one TCP ACK that tells you your swapout has been processed
> correctly and you can now clear the memory which you wrote out to swap.
> 
> It's fairly obvious how that could lead to a deadlock if you don't know
> that this one data stream is not related to swapspace while this other
> one here is.
> 
> That's why a PF_MEMALLOC kernel-space socket option was created; sockets
> marked with that option are related to a swapdevice, so when the kernel
> is low on memory, it will throw away all incoming network traffic
> _except_ for packets destined for a socket marked with that option, in
> the hope that this will allow us to clear up some memory.
> 
> Since it's a kernel-space only thing, that means you can't mark sockets
> as such from userspace; so if the NBD traffic is wrapped in some other
> traffic from which it needs to be unwrapped in userspace, then the
> userspace component wou

[Qemu-devel] [PATCH v6 1/7] stm32f2xx_timer: Add the stm32f2xx Timer

[Alistair Francis]

This patch adds the stm32f2xx timers: TIM2, TIM3, TIM4 and TIM5
to QEMU.

Signed-off-by: Alistair Francis 
---
V6:
 - Rename to STM32F2XX
 - Change the timer calculations to use ns
 - Update the value to timer_mod to ensure it is in ns
 - Account for reloadable/resetable timer
- Thanks to Peter C for pointing this out
V4:
 - Update timer units again
- Thanks to Peter C
V3:
 - Update debug statements
 - Correct the units for timer_mod
 - Correctly set timer_offset from resets
V2:
 - Reorder the Makefile config
 - Fix up the debug printing
 - Correct the timer event trigger

 default-configs/arm-softmmu.mak|   1 +
 hw/timer/Makefile.objs |   2 +
 hw/timer/stm32f2xx_timer.c | 331 +
 include/hw/timer/stm32f2xx_timer.h | 101 +++
 4 files changed, 435 insertions(+)
 create mode 100644 hw/timer/stm32f2xx_timer.c
 create mode 100644 include/hw/timer/stm32f2xx_timer.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index f3513fa..faea100 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -78,6 +78,7 @@ CONFIG_NSERIES=y
 CONFIG_REALVIEW=y
 CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
+CONFIG_STM32F2XX_TIMER=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 2c86c3d..133bd0d 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -31,3 +31,5 @@ obj-$(CONFIG_DIGIC) += digic-timer.o
 obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
 
 obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o
+
+common-obj-$(CONFIG_STM32F2XX_TIMER) += stm32f2xx_timer.o
diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c
new file mode 100644
index 000..df27540
--- /dev/null
+++ b/hw/timer/stm32f2xx_timer.c
@@ -0,0 +1,331 @@
+/*
+ * STM32F2XX Timer
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/timer/stm32f2xx_timer.h"
+
+#ifndef STM_TIMER_ERR_DEBUG
+#define STM_TIMER_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_TIMER_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f2xx_timer_set_alarm(STM32F2XXTimerState *s);
+
+static void stm32f2xx_timer_interrupt(void *opaque)
+{
+STM32F2XXTimerState *s = opaque;
+
+DB_PRINT("Interrupt\n");
+
+if (s->tim_dier & TIM_DIER_UIE && s->tim_cr1 & TIM_CR1_CEN) {
+s->tim_sr |= 1;
+qemu_irq_pulse(s->irq);
+stm32f2xx_timer_set_alarm(s);
+}
+}
+
+static void stm32f2xx_timer_set_alarm(STM32F2XXTimerState *s)
+{
+uint32_t ticks;
+int64_t now;
+
+DB_PRINT("Alarm set at: 0x%x\n", s->tim_cr1);
+
+now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+ticks = s->tim_arr -
+((muldiv64(s->freq_hz, now, 10ULL) - s->tick_offset) /
+(s->tim_psc + 1));
+
+DB_PRINT("Alarm set in %d ticks\n", ticks);
+
+if (ticks == 0) {
+timer_del(s->timer);
+stm32f2xx_timer_interrupt(s);
+} else {
+timer_mod(s->timer, now +
+  muldiv64(ticks, 10ULL, get_ticks_per_sec()));
+
+DB_PRINT("Wait Time: %" PRId64 " ticks\n",
+ now + muldiv64(ticks, 10ULL, get_ticks_per_sec()));
+}
+}
+
+static void stm32f2xx_timer_reset(DeviceState *dev)
+{
+STM32F2XXTimerState *s = STM32F2XXTIMER(dev);
+
+s->tim_cr1 = 0;
+s->tim_cr2 = 0;
+s->tim_smcr = 0;
+s->tim_dier = 0;
+s->tim_sr = 0;
+s->tim_egr = 0;
+s->tim_ccmr1 = 0;
+s->tim_ccmr2 = 0;
+s->tim_ccer = 0;
+s->tim_cnt = 0;
+s->tim_psc = 0;
+s->tim_arr = 0;
+s->tim_ccr1 = 0;
+s->tim_ccr2 = 0;
+s->tim_ccr3 = 0;
+s->tim_ccr4 = 0;
+s->tim_dcr = 0;
+s->tim_dmar = 0;
+s->tim_or = 0;
+
+

[Qemu-devel] [PATCH v6 3/7] stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFG

[Alistair Francis]

This patch adds the stm32f2xx System Configuration
Controller. This is used to configure what memory is mapped
at address 0 (although that is not supported) as well
as configure how the EXTI interrupts work (also not
supported at the moment).

This device is not required for basic examples, but more
complex systems will require it (as well as the EXTI device)

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---
V6:
 - Rename to STM32F2XX
 - Remove all casts from debug printing
V5:
 - Correct the masks used for writing
V3:
 - Update debug printing

 default-configs/arm-softmmu.mak|   1 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f2xx_syscfg.c | 160 +
 include/hw/misc/stm32f2xx_syscfg.h |  61 ++
 4 files changed, 223 insertions(+)
 create mode 100644 hw/misc/stm32f2xx_syscfg.c
 create mode 100644 include/hw/misc/stm32f2xx_syscfg.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 1348104..a5aab7f 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -80,6 +80,7 @@ CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
 CONFIG_STM32F2XX_TIMER=y
 CONFIG_STM32F2XX_USART=y
+CONFIG_STM32F2XX_SYSCFG=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 979e532..f2c0082 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -39,5 +39,6 @@ obj-$(CONFIG_OMAP) += omap_sdrc.o
 obj-$(CONFIG_OMAP) += omap_tap.o
 obj-$(CONFIG_SLAVIO) += slavio_misc.o
 obj-$(CONFIG_ZYNQ) += zynq_slcr.o
+obj-$(CONFIG_STM32F2XX_SYSCFG) += stm32f2xx_syscfg.o
 
 obj-$(CONFIG_PVPANIC) += pvpanic.o
diff --git a/hw/misc/stm32f2xx_syscfg.c b/hw/misc/stm32f2xx_syscfg.c
new file mode 100644
index 000..4ae4042
--- /dev/null
+++ b/hw/misc/stm32f2xx_syscfg.c
@@ -0,0 +1,160 @@
+/*
+ * STM32F2XX SYSCFG
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/misc/stm32f2xx_syscfg.h"
+
+#ifndef STM_SYSCFG_ERR_DEBUG
+#define STM_SYSCFG_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_SYSCFG_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f2xx_syscfg_reset(DeviceState *dev)
+{
+STM32F2XXSyscfgState *s = STM32F2XX_SYSCFG(dev);
+
+s->syscfg_memrmp = 0x;
+s->syscfg_pmc = 0x;
+s->syscfg_exticr1 = 0x;
+s->syscfg_exticr2 = 0x;
+s->syscfg_exticr3 = 0x;
+s->syscfg_exticr4 = 0x;
+s->syscfg_cmpcr = 0x;
+}
+
+static uint64_t stm32f2xx_syscfg_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F2XXSyscfgState *s = opaque;
+
+DB_PRINT("0x%"HWADDR_PRIx"\n", addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+return s->syscfg_memrmp;
+case SYSCFG_PMC:
+return s->syscfg_pmc;
+case SYSCFG_EXTICR1:
+return s->syscfg_exticr1;
+case SYSCFG_EXTICR2:
+return s->syscfg_exticr2;
+case SYSCFG_EXTICR3:
+return s->syscfg_exticr3;
+case SYSCFG_EXTICR4:
+return s->syscfg_exticr4;
+case SYSCFG_CMPCR:
+return s->syscfg_cmpcr;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Bad offset 0x%"HWADDR_PRIx"\n", __func__, addr);
+return 0;
+}
+
+return 0;
+}
+
+static void stm32f2xx_syscfg_write(void *opaque, hwaddr addr,
+   uint64_t val64, unsigned int size)
+{
+STM32F2XXSyscfgState *s = opaque;
+uint32_t value = val64;
+
+DB_PRINT("0x%x, 0x%"HWADDR_PRIx"\n", value, addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+qemu_log_mask(LOG_UNIMP,
+  "%s: Changeing the memory mapping isn't supported " \
+

[Qemu-devel] [PATCH v6 0/7] Netduino 2 Machine Model

[Alistair Francis]

This patch series adds the Netduino 2 Machine to QEMU

Information on the board is avalible at:
http://www.netduino.com/netduino2/specs.htm

The git tree can be found at:
https://github.com/alistair23/qemu/tree/netduino2.6

This patch series makes some changes to the armv7m_init function
that allows the code to be reused with the Netduino 2 and the
Stellaris machines.

Some example code that runs on QEMU is avaliable at:
at: https://github.com/alistair23/CSSE3010-QEMU-Examples

There are more devices in the works, I figured I would just start
with these three

V6:
 - Rename the three devices to STM32FXX*
 - Correct the timer to use ns
 - Correct the number of devices that are inited
 - Rename memory regions
V5:
 - Remove the reset changes based on the ELF entry
V4:
 - Rebase
 - Correct timer units
V3:
 - Correct the timer interrupts
 - Update debug printing
 - Remove the sram_size argument from armv7m_init


Alistair Francis (7):
  stm32f2xx_timer: Add the stm32f2xx Timer
  stm32f2xx_USART: Add the stm32f2xx USART Controller
  stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFG
  target_arm: Remove memory region init from armv7m_init
  target_arm: Parameterise the irq lines for armv7m_init
  stm32f205: Add the stm32f205 SoC
  netduino2: Add the Netduino 2 Machine

 default-configs/arm-softmmu.mak|   4 +
 hw/arm/Makefile.objs   |   2 +
 hw/arm/armv7m.c|  38 +
 hw/arm/netduino2.c |  54 ++
 hw/arm/stellaris.c |  27 ++-
 hw/arm/stm32f205_soc.c | 157 ++
 hw/char/Makefile.objs  |   1 +
 hw/char/stm32f2xx_usart.c  | 219 
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f2xx_syscfg.c | 160 ++
 hw/timer/Makefile.objs |   2 +
 hw/timer/stm32f2xx_timer.c | 331 +
 include/hw/arm/arm.h   |   3 +-
 include/hw/arm/stm32f205_soc.h |  69 
 include/hw/char/stm32f2xx_usart.h  |  69 
 include/hw/misc/stm32f2xx_syscfg.h |  61 +++
 include/hw/timer/stm32f2xx_timer.h | 101 +++
 17 files changed, 1261 insertions(+), 38 deletions(-)
 create mode 100644 hw/arm/netduino2.c
 create mode 100644 hw/arm/stm32f205_soc.c
 create mode 100644 hw/char/stm32f2xx_usart.c
 create mode 100644 hw/misc/stm32f2xx_syscfg.c
 create mode 100644 hw/timer/stm32f2xx_timer.c
 create mode 100644 include/hw/arm/stm32f205_soc.h
 create mode 100644 include/hw/char/stm32f2xx_usart.h
 create mode 100644 include/hw/misc/stm32f2xx_syscfg.h
 create mode 100644 include/hw/timer/stm32f2xx_timer.h

-- 
1.9.1

[Qemu-devel] [PATCH v6 4/7] target_arm: Remove memory region init from armv7m_init

[Alistair Francis]

This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---
V3:
 - Rename the flash_size argument to mem_size
 - Remove the sram_size and related code
- Thanks to Peter C
V2:
 - Change the memory region names to match the machine

 hw/arm/armv7m.c  | 33 +++--
 hw/arm/stellaris.c   | 24 
 include/hw/arm/arm.h |  3 +--
 3 files changed, 24 insertions(+), 36 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index ef24ca4..50281f7 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -163,11 +163,10 @@ static void armv7m_reset(void *opaque)
 }
 
 /* Init CPU and memory for a v7-M based board.
-   flash_size and sram_size are in kb.
+   mem_size is in bytes.
Returns the NVIC array.  */
 
-qemu_irq *armv7m_init(MemoryRegion *system_memory,
-  int flash_size, int sram_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
   const char *kernel_filename, const char *cpu_model)
 {
 ARMCPU *cpu;
@@ -180,13 +179,8 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 uint64_t lowaddr;
 int i;
 int big_endian;
-MemoryRegion *sram = g_new(MemoryRegion, 1);
-MemoryRegion *flash = g_new(MemoryRegion, 1);
 MemoryRegion *hack = g_new(MemoryRegion, 1);
 
-flash_size *= 1024;
-sram_size *= 1024;
-
 if (cpu_model == NULL) {
cpu_model = "cortex-m3";
 }
@@ -197,27 +191,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 }
 env = &cpu->env;
 
-#if 0
-/* > 32Mb SRAM gets complicated because it overlaps the bitband area.
-   We don't have proper commandline options, so allocate half of memory
-   as SRAM, up to a maximum of 32Mb, and the rest as code.  */
-if (ram_size > (512 + 32) * 1024 * 1024)
-ram_size = (512 + 32) * 1024 * 1024;
-sram_size = (ram_size / 2) & TARGET_PAGE_MASK;
-if (sram_size > 32 * 1024 * 1024)
-sram_size = 32 * 1024 * 1024;
-code_size = ram_size - sram_size;
-#endif
-
-/* Flash programming is done via the SCU, so pretend it is ROM.  */
-memory_region_init_ram(flash, NULL, "armv7m.flash", flash_size,
-   &error_abort);
-vmstate_register_ram_global(flash);
-memory_region_set_readonly(flash, true);
-memory_region_add_subregion(system_memory, 0, flash);
-memory_region_init_ram(sram, NULL, "armv7m.sram", sram_size, &error_abort);
-vmstate_register_ram_global(sram);
-memory_region_add_subregion(system_memory, 0x2000, sram);
 armv7m_bitband_init();
 
 nvic = qdev_create(NULL, "armv7m_nvic");
@@ -244,7 +217,7 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 image_size = load_elf(kernel_filename, NULL, NULL, &entry, &lowaddr,
   NULL, big_endian, ELF_MACHINE, 1);
 if (image_size < 0) {
-image_size = load_image_targphys(kernel_filename, 0, flash_size);
+image_size = load_image_targphys(kernel_filename, 0, mem_size);
 lowaddr = 0;
 }
 if (image_size < 0) {
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 64bd4b4..d0c61c5 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -1220,10 +1220,26 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 int i;
 int j;
 
-flash_size = ((board->dc0 & 0x) + 1) << 1;
-sram_size = (board->dc0 >> 18) + 1;
-pic = armv7m_init(get_system_memory(),
-  flash_size, sram_size, kernel_filename, cpu_model);
+MemoryRegion *sram = g_new(MemoryRegion, 1);
+MemoryRegion *flash = g_new(MemoryRegion, 1);
+MemoryRegion *system_memory = get_system_memory();
+
+flash_size = (((board->dc0 & 0x) + 1) << 1) * 1024;
+sram_size = ((board->dc0 >> 18) + 1) * 1024;
+
+/* Flash programming is done via the SCU, so pretend it is ROM.  */
+memory_region_init_ram(flash, NULL, "stellaris.flash", flash_size,
+   &error_abort);
+vmstate_register_ram_global(flash);
+memory_region_set_readonly(flash, true);
+memory_region_add_subregion(system_memory, 0, flash);
+
+memory_region_init_ram(sram, NULL, "stellaris.sram", sram_size,
+   &error_abort);
+vmstate_register_ram_global(sram);
+memory_region_add_subregion(system_memory, 0x2000, sram);
+
+pic = armv7m_init(system_memory, flash_size, kernel_filename, cpu_model);
 
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..a112930 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -15,8 +15,7 @@
 #include "hw/irq.h"
 
 /* armv7m.c */
-qemu_irq *armv7m_init(MemoryRegion *system_memory,
-  int flash_size, in

[Qemu-devel] [PATCH v6 2/7] stm32f2xx_USART: Add the stm32f2xx USART Controller

[Alistair Francis]

This patch adds the stm32f2xx USART controller
(UART also uses the same controller).

Signed-off-by: Alistair Francis 
---
V6:
 - Rename to STM32F2XX
 - Fix up unimplemented printing
 - Add a qemu_chr_accept()
V3:
 - Update debug printing
V2:
 - Drop charecters if the device is not enabled
- Thanks to Peter C

 default-configs/arm-softmmu.mak   |   1 +
 hw/char/Makefile.objs |   1 +
 hw/char/stm32f2xx_usart.c | 219 ++
 include/hw/char/stm32f2xx_usart.h |  69 
 4 files changed, 290 insertions(+)
 create mode 100644 hw/char/stm32f2xx_usart.c
 create mode 100644 include/hw/char/stm32f2xx_usart.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index faea100..1348104 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -79,6 +79,7 @@ CONFIG_REALVIEW=y
 CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
 CONFIG_STM32F2XX_TIMER=y
+CONFIG_STM32F2XX_USART=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index 317385d..5931cc8 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -15,6 +15,7 @@ obj-$(CONFIG_OMAP) += omap_uart.o
 obj-$(CONFIG_SH4) += sh_serial.o
 obj-$(CONFIG_PSERIES) += spapr_vty.o
 obj-$(CONFIG_DIGIC) += digic-uart.o
+obj-$(CONFIG_STM32F2XX_USART) += stm32f2xx_usart.o
 
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o
 common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o
diff --git a/hw/char/stm32f2xx_usart.c b/hw/char/stm32f2xx_usart.c
new file mode 100644
index 000..843ff4a
--- /dev/null
+++ b/hw/char/stm32f2xx_usart.c
@@ -0,0 +1,219 @@
+/*
+ * STM32F2XX USART
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/char/stm32f2xx_usart.h"
+
+#ifndef STM_USART_ERR_DEBUG
+#define STM_USART_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_USART_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static int stm32f2xx_usart_can_receive(void *opaque)
+{
+STM32F2XXUsartState *s = opaque;
+
+if (!(s->usart_sr & USART_SR_RXNE)) {
+return 1;
+}
+
+return 0;
+}
+
+static void stm32f2xx_usart_receive(void *opaque, const uint8_t *buf, int size)
+{
+STM32F2XXUsartState *s = opaque;
+
+s->usart_dr = *buf;
+
+if (!(s->usart_cr1 & USART_CR1_UE && s->usart_cr1 & USART_CR1_RE)) {
+/* USART not enabled - drop the chars */
+DB_PRINT("Dropping the chars\n");
+return;
+}
+
+s->usart_sr |= USART_SR_RXNE;
+
+if (s->usart_cr1 & USART_CR1_RXNEIE) {
+qemu_set_irq(s->irq, 1);
+}
+
+DB_PRINT("Receiving: %c\n", s->usart_dr);
+}
+
+static void stm32f2xx_usart_reset(DeviceState *dev)
+{
+STM32F2XXUsartState *s = STM32F2XX_USART(dev);
+
+s->usart_sr = USART_SR_RESET;
+s->usart_dr = 0x;
+s->usart_brr = 0x;
+s->usart_cr1 = 0x;
+s->usart_cr2 = 0x;
+s->usart_cr3 = 0x;
+s->usart_gtpr = 0x;
+}
+
+static uint64_t stm32f2xx_usart_read(void *opaque, hwaddr addr,
+   unsigned int size)
+{
+STM32F2XXUsartState *s = opaque;
+uint64_t retvalue;
+
+DB_PRINT("Read 0x%"HWADDR_PRIx"\n", addr);
+
+switch (addr) {
+case USART_SR:
+retvalue = s->usart_sr;
+s->usart_sr &= ~USART_SR_TC;
+if (s->chr) {
+qemu_chr_accept_input(s->chr);
+}
+return retvalue;
+case USART_DR:
+DB_PRINT("Value: 0x%" PRIx32 ", %c\n", s->usart_dr, (char) 
s->usart_dr);
+s->usart_sr |= USART_SR_TXE;
+s->usart_sr &= ~USART_SR_RXNE;
+if (s->chr) {
+qemu_chr_accept_input(s->chr);
+}
+return s->usart_dr & 0x3FF;
+case USART_BRR:
+ret

[Qemu-devel] [PATCH v6 6/7] stm32f205: Add the stm32f205 SoC

[Alistair Francis]

This patch adds the stm32f205 SoC. This will be used by the
Netduino 2 to create a machine.

Signed-off-by: Alistair Francis 
---
V6:
 - Correct the number of USART/UART devices
 - Use macros to define how many devices are inited
 - Update the memory regions name from netduino.* to
   STM32F205.*

 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/stm32f205_soc.c  | 157 
 include/hw/arm/stm32f205_soc.h  |  69 ++
 4 files changed, 228 insertions(+)
 create mode 100644 hw/arm/stm32f205_soc.c
 create mode 100644 include/hw/arm/stm32f205_soc.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index a5aab7f..9ac755e 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -81,6 +81,7 @@ CONFIG_ZYNQ=y
 CONFIG_STM32F2XX_TIMER=y
 CONFIG_STM32F2XX_USART=y
 CONFIG_STM32F2XX_SYSCFG=y
+CONFIG_STM32F205_SOC=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 6088e53..9769317 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -8,3 +8,4 @@ obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o 
pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
 obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
+obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
new file mode 100644
index 000..186e15d
--- /dev/null
+++ b/hw/arm/stm32f205_soc.c
@@ -0,0 +1,157 @@
+/*
+ * STM32F205 SoC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/arm/stm32f205_soc.h"
+
+/* At the moment only Timer 2 to 5 are modelled */
+static const uint32_t timer_addr[STM_NUM_TIMERS] = { 0x4000, 0x4400,
+0x4800, 0x4C00 };
+static const uint32_t usart_addr[STM_NUM_USARTS] = { 0x40011000, 0x40004400,
+0x40004800, 0x40004C00, 0x40005000, 0x40011400 };
+
+static const int timer_irq[STM_NUM_TIMERS] = {28, 29, 30, 50};
+static const int usart_irq[STM_NUM_USARTS] = {37, 38, 39, 52, 53, 71};
+
+static void stm32f205_soc_initfn(Object *obj)
+{
+STM32F205State *s = STM32F205_SOC(obj);
+int i;
+
+object_initialize(&s->syscfg, sizeof(s->syscfg), TYPE_STM32F2XX_SYSCFG);
+qdev_set_parent_bus(DEVICE(&s->syscfg), sysbus_get_default());
+
+for (i = 0; i < STM_NUM_USARTS; i++) {
+object_initialize(&s->usart[i], sizeof(s->usart[i]),
+  TYPE_STM32F2XX_USART);
+qdev_set_parent_bus(DEVICE(&s->usart[i]), sysbus_get_default());
+}
+
+for (i = 0; i < STM_NUM_TIMERS; i++) {
+object_initialize(&s->timer[i], sizeof(s->timer[i]),
+  TYPE_STM32F2XX_TIMER);
+qdev_set_parent_bus(DEVICE(&s->timer[i]), sysbus_get_default());
+}
+}
+
+static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)
+{
+STM32F205State *s = STM32F205_SOC(dev_soc);
+DeviceState *syscfgdev, *usartdev, *timerdev;
+SysBusDevice *syscfgbusdev, *usartbusdev, *timerbusdev;
+qemu_irq *pic;
+Error *err = NULL;
+int i;
+
+MemoryRegion *system_memory = get_system_memory();
+MemoryRegion *sram = g_new(MemoryRegion, 1);
+MemoryRegion *flash = g_new(MemoryRegion, 1);
+MemoryRegion *flash_alias = g_new(MemoryRegion, 1);
+
+memory_region_init_ram(flash, NULL, "STM32F205.flash", FLASH_SIZE,
+   &error_abort);
+memory_region_init_alias(flash_alias, NULL, "STM32F205.flash.alias",
+ flash, 0, FLASH_SIZE);
+
+vmstate_register_ram_global(flash);
+
+memory_region_set_readonly(flash, true);
+memory_region_set_readonly(flash_alias, true);
+
+memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, flash);
+memory_region_add_subregion(system_memory, 0, flash_al

[Qemu-devel] [PATCH v6 5/7] target_arm: Parameterise the irq lines for armv7m_init

[Alistair Francis]

This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---

 hw/arm/armv7m.c  | 7 ---
 hw/arm/stellaris.c   | 5 -
 include/hw/arm/arm.h | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index 50281f7..7169027 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -166,14 +166,14 @@ static void armv7m_reset(void *opaque)
mem_size is in bytes.
Returns the NVIC array.  */
 
-qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
   const char *kernel_filename, const char *cpu_model)
 {
 ARMCPU *cpu;
 CPUARMState *env;
 DeviceState *nvic;
 /* FIXME: make this local state.  */
-static qemu_irq pic[64];
+qemu_irq *pic = g_new(qemu_irq, num_irq);
 int image_size;
 uint64_t entry;
 uint64_t lowaddr;
@@ -194,11 +194,12 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
mem_size,
 armv7m_bitband_init();
 
 nvic = qdev_create(NULL, "armv7m_nvic");
+qdev_prop_set_uint32(nvic, "num-irq", num_irq);
 env->nvic = nvic;
 qdev_init_nofail(nvic);
 sysbus_connect_irq(SYS_BUS_DEVICE(nvic), 0,
qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
-for (i = 0; i < 64; i++) {
+for (i = 0; i < num_irq; i++) {
 pic[i] = qdev_get_gpio_in(nvic, i);
 }
 
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index d0c61c5..6fad10f 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -29,6 +29,8 @@
 #define BP_OLED_SSI  0x02
 #define BP_GAMEPAD   0x04
 
+#define NUM_IRQ_LINES 64
+
 typedef const struct {
 const char *name;
 uint32_t did0;
@@ -1239,7 +1241,8 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 vmstate_register_ram_global(sram);
 memory_region_add_subregion(system_memory, 0x2000, sram);
 
-pic = armv7m_init(system_memory, flash_size, kernel_filename, cpu_model);
+pic = armv7m_init(system_memory, flash_size, NUM_IRQ_LINES,
+  kernel_filename, cpu_model);
 
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index a112930..94e55a4 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -15,7 +15,7 @@
 #include "hw/irq.h"
 
 /* armv7m.c */
-qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
   const char *kernel_filename, const char *cpu_model);
 
 /* arm_boot.c */
-- 
1.9.1

[Qemu-devel] [PATCH v6 7/7] netduino2: Add the Netduino 2 Machine

[Alistair Francis]

This patch adds the Netduino 2 Machine.

This is a Cortex-M3 based machine. Information can be found at:
http://www.netduino.com/netduino2/specs.htm

Signed-off-by: Alistair Francis 
---

 hw/arm/Makefile.objs |  1 +
 hw/arm/netduino2.c   | 54 
 2 files changed, 55 insertions(+)
 create mode 100644 hw/arm/netduino2.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 9769317..2577f68 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_DIGIC) += digic_boards.o
 obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-y += netduino2.o
 
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
diff --git a/hw/arm/netduino2.c b/hw/arm/netduino2.c
new file mode 100644
index 000..305983f
--- /dev/null
+++ b/hw/arm/netduino2.c
@@ -0,0 +1,54 @@
+/*
+ * Netduino 2 Machine Model
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/arm/stm32f205_soc.h"
+
+static void netduino2_init(MachineState *machine)
+{
+DeviceState *dev;
+Error *err = NULL;
+
+dev = qdev_create(NULL, TYPE_STM32F205_SOC);
+if (machine->kernel_filename) {
+qdev_prop_set_string(dev, "kernel-filename", machine->kernel_filename);
+}
+object_property_set_bool(OBJECT(dev), true, "realized", &err);
+if (err != NULL) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
+}
+
+static QEMUMachine netduino2_machine = {
+.name = "netduino2",
+.desc = "Netduino 2 Machine",
+.init = netduino2_init,
+};
+
+static void netduino2_machine_init(void)
+{
+qemu_register_machine(&netduino2_machine);
+}
+
+machine_init(netduino2_machine_init);
-- 
1.9.1

Re: [Qemu-devel] [PATCH] main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously

[Gonglei]

Hi,

> Subject: [Qemu-devel] [PATCH] main-loop.c: Handle SIGINT, SIGHUP and
> SIGTERM synchronously
> 
> Add the termination signals SIGINT, SIGHUP and SIGTERM to the
> list of signals which we handle synchronously via a signalfd.
> This avoids a race condition where if we took the SIGTERM
> in the middle of qemu_shutdown_requested:
> int r = shutdown_requested;
> [SIGTERM here...]
> shutdown_requested = 0;
> 
> then the setting of the shutdown_requested flag by
> termsig_handler() would be lost and QEMU would fail to
> shut down. This was causing 'make check' to hang occasionally.
> 
> Signed-off-by: Peter Maydell 

I met a really upset thing after this patch, which I can't using gdb debug
Qemu process well. I use gdb attaching a Qemu process, and press 'c' to continue
executing. When I want to set a breakpoint for debugging, then press 'ctrl + c',
the Qemu will exit, because the SIGINT signal is captured by Qemu now. :(

What's your opinion? Thanks.

Best regards,
-Gonglei

> Cc: qemu-sta...@nongnu.org
> ---
>  main-loop.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/main-loop.c b/main-loop.c
> index 3cc79f8..8746abc 100644
> --- a/main-loop.c
> +++ b/main-loop.c
> @@ -84,6 +84,9 @@ static int qemu_signal_init(void)
>  sigaddset(&set, SIGIO);
>  sigaddset(&set, SIGALRM);
>  sigaddset(&set, SIGBUS);
> +sigaddset(&set, SIGINT);
> +sigaddset(&set, SIGHUP);
> +sigaddset(&set, SIGTERM);
>  pthread_sigmask(SIG_BLOCK, &set, NULL);
> 
>  sigdelset(&set, SIG_IPI);
> --
> 1.9.1
> 

Re: [Qemu-devel] [PATCH 2/2] intel_iommu: Add support for translation for devices behind bridges.

[Jan Kiszka]

On 2014-10-21 00:34, Knut Omang wrote:
> diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
> index 40c97b1..e6832c4 100644
> --- a/hw/pci/pci_bridge.c
> +++ b/hw/pci/pci_bridge.c
> @@ -376,8 +376,14 @@ int pci_bridge_initfn(PCIDevice *dev, const char 
> *typename)
>  sec_bus->address_space_io = &br->address_space_io;
>  memory_region_init(&br->address_space_io, OBJECT(br), "pci_bridge_io", 
> 65536);
>  br->windows = pci_bridge_region_init(br);
> +
>  QLIST_INIT(&sec_bus->child);
>  QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
> +
> +if (dev->bus->iommu_opaque) {
> +pci_setup_iommu(sec_bus, dev->bus->iommu_fn, dev->bus->iommu_opaque);
> +}
> +

So, if I followed the discussion in the cover-letter thread correctly,
this should rather move into the bridge device init functions because
the PCI[e]-PCI bridge ("pci-bridge") would not call it, right?

Jan




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously

[Jan Kiszka]

On 2014-10-25 13:34, Gonglei wrote:
> Hi,
> 
>> Subject: [Qemu-devel] [PATCH] main-loop.c: Handle SIGINT, SIGHUP and
>> SIGTERM synchronously
>>
>> Add the termination signals SIGINT, SIGHUP and SIGTERM to the
>> list of signals which we handle synchronously via a signalfd.
>> This avoids a race condition where if we took the SIGTERM
>> in the middle of qemu_shutdown_requested:
>> int r = shutdown_requested;
>> [SIGTERM here...]
>> shutdown_requested = 0;
>>
>> then the setting of the shutdown_requested flag by
>> termsig_handler() would be lost and QEMU would fail to
>> shut down. This was causing 'make check' to hang occasionally.
>>
>> Signed-off-by: Peter Maydell 
> 
> I met a really upset thing after this patch, which I can't using gdb debug
> Qemu process well. I use gdb attaching a Qemu process, and press 'c' to 
> continue
> executing. When I want to set a breakpoint for debugging, then press 'ctrl + 
> c',
> the Qemu will exit, because the SIGINT signal is captured by Qemu now. :(
> 
> What's your opinion? Thanks.

Confirmed, you cannot interrupt a running qemu from gdb anymore.

I think this patch has to be reverted and the original issue fixed by
making qemu_shutdown_requested signal-safe. Should be simple, just
convert shutdown_requested into a counter. Need not be atomic, all
happens over the main thread anyway.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/2] intel_iommu: Add support for translation for devices behind bridges.

[Jan Kiszka]

On 2014-10-25 13:36, Jan Kiszka wrote:
> On 2014-10-21 00:34, Knut Omang wrote:
>> diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
>> index 40c97b1..e6832c4 100644
>> --- a/hw/pci/pci_bridge.c
>> +++ b/hw/pci/pci_bridge.c
>> @@ -376,8 +376,14 @@ int pci_bridge_initfn(PCIDevice *dev, const char 
>> *typename)
>>  sec_bus->address_space_io = &br->address_space_io;
>>  memory_region_init(&br->address_space_io, OBJECT(br), "pci_bridge_io", 
>> 65536);
>>  br->windows = pci_bridge_region_init(br);
>> +
>>  QLIST_INIT(&sec_bus->child);
>>  QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
>> +
>> +if (dev->bus->iommu_opaque) {
>> +pci_setup_iommu(sec_bus, dev->bus->iommu_fn, 
>> dev->bus->iommu_opaque);
>> +}
>> +
> 
> So, if I followed the discussion in the cover-letter thread correctly,
> this should rather move into the bridge device init functions because
> the PCI[e]-PCI bridge ("pci-bridge") would not call it, right?

Not right. We need the setup in any case (except for the virtio bridges
I'm currently thinking of for encapsulating non-translatable virtio
devices). But something still has to change to reflect the requester ID
aliasing of the PCIe-PCI bridge, no?

Jan




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/2] intel_iommu: Add support for translation for devices behind bridges.

[Jan Kiszka]

On 2014-10-21 00:34, Knut Omang wrote:
> @@ -1801,8 +1792,7 @@ static IOMMUTLBEntry vtd_iommu_translate(MemoryRegion 
> *iommu, hwaddr addr,
>  return ret;
>  }
>  
> -vtd_do_iommu_translate(vtd_as, vtd_as->bus_num, vtd_as->devfn, addr,
> -   is_write, &ret);
> +vtd_do_iommu_translate(vtd_as, addr, is_write, &ret);
>  VTD_DPRINTF(MMU,
>  "bus %"PRIu8 " slot %"PRIu8 " func %"PRIu8 " devfn %"PRIu8
>  " gpa 0x%"PRIx64 " hpa 0x%"PRIx64, vtd_as->bus_num,

You need to update the VTD_DPRINTF as well when removing bus_num from
VTDAddressSpace.

Jan




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] dynamic sysbus instantiation and load_dtb implementation

[David Gibson]

On Thu, Oct 23, 2014 at 01:26:08PM +0200, Alexander Graf wrote:
> 
> 
> On 23.10.14 13:24, Peter Maydell wrote:
> > On 23 October 2014 12:23, Alexander Graf  wrote:
> >> On 23.10.14 12:19, Ard Biesheuvel wrote:
> >>> The reason for this change was that, before, the DTB would only be
> >>> generated once, and after a reset, the machine would go through the
> >>> kernel boot protocol as before but the DTB pointer would point to
> >>> garbage. Any idea how ppc deals with this? Do they recreate the device
> >>> tree after each reset?
> >>
> >> Yes, we regenerate the device tree on each reset.
> > 
> > Any particular reason? Surely it's always the same...
> 
> We have the code in place anyway, it's not a performance critical code
> path and putting it into a rom would be a waste of RAM, as it'd keep yet
> another copy of something we can easily regenerate.
> 
> It's a matter of personal preference I guess.

The "pseries" machine actually uses an odd hybrid.  We create a
"template" device tree with the common portions during early init.
That's stored permanently, but is not guest visible.

At reset time we augment the template with information which could
very from one boot to another, then copy it into RAM for the SLOF
firmware to read.

It's not particularly efficient, but really, who cares.  It's once per
resent, and we're generally talking at most a few dozen kiB of device
tree.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgprvJucb50GO.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] block: qemu-iotests change _supported_proto to file once more.

[Peter Lieven]

Am 22.10.2014 um 14:03 schrieb Kevin Wolf:
> Am 20.10.2014 um 13:47 hat Peter Lieven geschrieben:
>> In preparation to possible automatic regression and performance
>> testing for the block layer I found that the iotests don't work
>> for all protocols anymore.
>>
>> In commit 1f7bf7d0 I started to change supported protocols from
>> generic to file for various tests. Unfortunately, some tests
>> added in the meantime again carry generic protocol altough they
>> can only work with file because they require local file access.
>>
>> The other way around for some tests that only support file I added
>> NFS protocol after confirming they work.
>>
>> Signed-off-by: Peter Lieven 
> Thanks, applied to the block branch.
>
> I suspect the test cases where you added nfs are actually generic. Did
> you check this?

Thinking about this again. Generic is probably wrong because
not all protocols support bdrv_create.

Peter

[Qemu-devel] [PATCH] block: qemu-iotest 107 supports NFS

[Peter Lieven]

As discussed during review a follow up for Max's fix.

Signed-off-by: Peter Lieven 
---
 tests/qemu-iotests/107 |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/107 b/tests/qemu-iotests/107
index cad1cf9..9862030 100755
--- a/tests/qemu-iotests/107
+++ b/tests/qemu-iotests/107
@@ -39,7 +39,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15
 . ./common.filter
 
 _supported_fmt qcow2
-_supported_proto file
+_supported_proto file nfs
 _supported_os Linux
 
 
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 19/18] Introduce "xen-load-devices-state"

[Stefano Stabellini]

On Fri, 24 Oct 2014, Wen Congyang wrote:
> Introduce a "xen-load-devices-state" QAPI command that can be used to load
> the state of all devices, but not the RAM or the block devices of the
> VM.
> 
> We only have hmp commands savevm/loadvm, and qmp commands
> xen-save-devices-state.
> 
> We use this new command for COLO:
> 1. suspend both primay vm and secondary vm
> 2. sync the state
> 3. resume both primary vm and secondary vm
> 
> In such case, we need to update all devices's state in any time.
> 
> Signed-off-by: Wen Congyang 
> Cc: qemu-devl 
> Cc: Stefano Stabellini 
> Cc: Paolo Bonzini 

The patch looks OK to me, far better than the previous version, but I am
no QMP expert.


>  qapi-schema.json | 18 ++
>  qmp-commands.hx  | 27 +++
>  savevm.c | 36 
>  3 files changed, 81 insertions(+)
> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 391356f..c569856 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -4689,3 +4689,21 @@
>'btn' : 'InputBtnEvent',
>'rel' : 'InputMoveEvent',
>'abs' : 'InputMoveEvent' } }
> +
> +##
> +# @xen-load-devices-state:
> +#
> +# Load the state of all devices from file. The RAM and the block devices
> +# of the VM are not loaded by this command.
> +#
> +# @filename: the file to load the state of the devices from as binary
> +# data. See xen-save-devices-state.txt for a description of the binary
> +# format.
> +#
> +# Returns: Nothing on success
> +#  If @filename cannot be opened, OpenFileFailed
> +#  If an I/O error occurs while reading the file, IOError
> +#
> +# Since: 2.0
> +##
> +{ 'command': 'xen-load-devices-state', 'data': {'filename': 'str'} }
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index ed3ab92..b796be5 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -586,6 +586,33 @@ Example:
>  EQMP
>  
>  {
> +.name   = "xen-load-devices-state",
> +.args_type  = "filename:F",
> +.mhandler.cmd_new = qmp_marshal_input_xen_load_devices_state,
> +},
> +
> +SQMP
> +xen-load-devices-state
> +---
> +
> +Load the state of all devices from file. The RAM and the block devices
> +of the VM are not loaded by this command.
> +
> +Arguments:
> +
> +- "filename": the file to load the state of the devices from as binary
> +data. See xen-save-devices-state.txt for a description of the binary
> +format.
> +
> +Example:
> +
> +-> { "execute": "xen-load-devices-state",
> + "arguments": { "filename": "/tmp/resume" } }
> +<- { "return": {} }
> +
> +EQMP
> +
> +{
>  .name   = "xen-set-global-dirty-log",
>  .args_type  = "enable:b",
>  .mhandler.cmd_new = qmp_marshal_input_xen_set_global_dirty_log,
> diff --git a/savevm.c b/savevm.c
> index 22123be..3ebc01f 100644
> --- a/savevm.c
> +++ b/savevm.c
> @@ -41,6 +41,7 @@
>  #include "qemu/iov.h"
>  #include "block/snapshot.h"
>  #include "block/qapi.h"
> +#include "hw/xen/xen.h"
>  
>  #define SELF_ANNOUNCE_ROUNDS 5
>  
> @@ -802,6 +803,14 @@ int qemu_loadvm_state(QEMUFile *f)
>  goto out;
>  }
>  
> +/* Validate if it is a device's state */
> +if (xen_enabled() && se->is_ram) {
> +fprintf(stderr, "loadvm: %s RAM loading not allowed on 
> Xen\n",
> +idstr);
> +ret = -EINVAL;
> +goto out;
> +}
> +
>  /* Add entry */
>  le = g_malloc0(sizeof(*le));
>  
> @@ -1027,6 +1036,33 @@ void qmp_xen_save_devices_state(const char *filename, 
> Error **errp)
>  }
>  }
>  
> +void qmp_xen_load_devices_state(const char *filename, Error **errp)
> +{
> +QEMUFile *f;
> +int saved_vm_running;
> +int ret;
> +
> +saved_vm_running = runstate_is_running();
> +vm_stop(RUN_STATE_RESTORE_VM);
> +
> +f = qemu_fopen(filename, "rb");
> +if (!f) {
> +error_setg_file_open(errp, errno, filename);
> +goto out;
> +}
> +
> +ret = qemu_loadvm_state(f);
> +qemu_fclose(f);
> +if (ret < 0) {
> +error_set(errp, QERR_IO_ERROR);
> +}
> +
> +out:
> +if (saved_vm_running) {
> +vm_start();
> +}
> +}
> +
>  int load_vmstate(const char *name)
>  {
>  BlockDriverState *bs, *bs_vm_state;
> -- 
> 1.9.3
> 
> 

Re: [Qemu-devel] [PATCHv4 3/4] block/iscsi: set max_transfer_length

[Peter Lieven]

Am 23.10.2014 um 13:18 schrieb Max Reitz:
> On 2014-10-16 at 09:54, Peter Lieven wrote:
>> the limit of 0xff for 16 byte CDBs is intentional to
>> avoid overflows on 32-bit architectures.
>
> How is it related to 32 bit? I somehow feel like it has to do something with 
> the result of sector_lun2qemu() which involves block_size...

iscsilun->bl.max_xfer_len is 32-bit unsigned while nb_sectors is usually 
signed. Furthermore as you suspected nb_sectors is always 512Byte sectors
while iscsilun->block_size can be 4k or even more.

I will change the code to set max_xfer_len to 0x and limit the output 
of sector_lun2qemu() to INT_MAX in the bs->bl.max_transfer_length case.

However, in real life you will never want to have a transfer of 0x3fff 
blocks, won't you?

Peter


>
>> Signed-off-by: Peter Lieven 
>> Reviewed-by: Ronnie Sahlberg 
>> ---
>>   block/iscsi.c |   12 ++--
>>   1 file changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/block/iscsi.c b/block/iscsi.c
>> index 3a01de0..c873d13 100644
>> --- a/block/iscsi.c
>> +++ b/block/iscsi.c
>> @@ -1449,10 +1449,18 @@ static void iscsi_close(BlockDriverState *bs)
>> static void iscsi_refresh_limits(BlockDriverState *bs, Error **errp)
>>   {
>> -IscsiLun *iscsilun = bs->opaque;
>> -
>>   /* We don't actually refresh here, but just return data queried in
>>* iscsi_open(): iscsi targets don't change their limits. */
>> +
>> +IscsiLun *iscsilun = bs->opaque;
>> +uint32_t max_xfer_len = iscsilun->use_16_for_rw ? 0xff : 0x;
>> +
>> +if (iscsilun->bl.max_xfer_len) {
>> +max_xfer_len = MIN(max_xfer_len, iscsilun->bl.max_xfer_len);
>> +}
>> +
>> +bs->bl.max_transfer_length = sector_lun2qemu(max_xfer_len, iscsilun);
>> +
>>   if (iscsilun->lbp.lbpu) {
>>   if (iscsilun->bl.max_unmap < 0x) {
>>   bs->bl.max_discard = sector_lun2qemu(iscsilun->bl.max_unmap,
>

Re: [Qemu-devel] [PATCHv4 4/4] block: avoid creating oversized writes in multiwrite_merge

[Peter Lieven]

Am 23.10.2014 um 13:23 schrieb Max Reitz:
> On 2014-10-16 at 09:54, Peter Lieven wrote:
>> Signed-off-by: Peter Lieven 
>> Reviewed-by: Ronnie Sahlberg 
>> ---
>>   block.c |5 +
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/block.c b/block.c
>> index 0fbf916..9ad2287 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -4554,6 +4554,11 @@ static int multiwrite_merge(BlockDriverState *bs, 
>> BlockRequest *reqs,
>>   merge = 0;
>>   }
>>   +if (bs->bl.max_transfer_length && reqs[outidx].nb_sectors +
>> +reqs[i].nb_sectors > bs->bl.max_transfer_length) {
>> +merge = 0;
>> +}
>> +
>>   if (merge) {
>>   size_t size;
>>   QEMUIOVector *qiov = g_malloc0(sizeof(*qiov));
>
> Reviewed-by: Max Reitz 
>
> I feel like we should respect max_transfer_length in more than just this 
> function, though. Every block device (or block driver) that sets a maximum 
> transfer length should check requests against it as well, so we don't need to 
> duplicate the same tests in the block layer functions, but maybe if at some 
> point there are no things left to be done on the block layer, we could do 
> that.

I have on my todo to add a splitting logic to block.c to 

bdrv_co_do_preadv() and bdrv_co_do_pwritev(), but I agreed with Kevin to 
introduce this
*after* 2.2.

Peter

[Qemu-devel] [PATCHv5 4/6] block: avoid creating oversized writes in multiwrite_merge

[Peter Lieven]

Signed-off-by: Peter Lieven 
Reviewed-by: Ronnie Sahlberg 
Reviewed-by: Max Reitz 
---
 block.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/block.c b/block.c
index 76fcc1d..4179341 100644
--- a/block.c
+++ b/block.c
@@ -4446,6 +4446,11 @@ static int multiwrite_merge(BlockDriverState *bs, 
BlockRequest *reqs,
 merge = 0;
 }
 
+if (bs->bl.max_transfer_length && reqs[outidx].nb_sectors +
+reqs[i].nb_sectors > bs->bl.max_transfer_length) {
+merge = 0;
+}
+
 if (merge) {
 size_t size;
 QEMUIOVector *qiov = g_malloc0(sizeof(*qiov));
-- 
1.7.9.5

[Qemu-devel] [PATCHv5 0/6] introduce max_transfer_length

[Peter Lieven]

This series adds the basics for introducing a maximum transfer length
to the block layer. Its main purpose is currently avoiding that
a multiwrite_merge exceeds the max_xfer_len of an attached iSCSI LUN.
This is a required bug fix.

Splitting up requests according to the max_transfer_length will follow
in a later series.

v4->v5: - Added check for (a != 0 instead of !!a) [Max] and some comments
  [Eric]
- Correctly limited max_transfer_length to INT_MAX in Patch 3 [Max]
- Added Patch 5 and Patch 6.

v3->v4: introduce MIN_NON_ZERO to correctly calculate minimum of 2 limits.
v2->v3: remove Patch 2 completely [Paolo]
v1->v2: do not throw errors but generate trace events in Patch 2 [Paolo]

Peter Lieven (6):
  util: introduce MIN_NON_ZERO
  BlockLimits: introduce max_transfer_length
  block/iscsi: set max_transfer_length
  block: avoid creating oversized writes in multiwrite_merge
  block/iscsi: limit to INT_MAX throughout iscsi_refresh_limits
  block/iscsi: check for oversized requests

 block.c   |9 +
 block/iscsi.c |   49 ++---
 include/block/block_int.h |3 +++
 include/qemu/osdep.h  |6 ++
 4 files changed, 55 insertions(+), 12 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCHv5 6/6] block/iscsi: check for oversized requests

[Peter Lieven]

Cancel oversized requests early. They would generate
an iSCSI protocol error anyway; after having transferred
possibly a lot of data over the wire.

Suggested-By: Max Reitz 
Signed-off-by: Peter Lieven 
---
 block/iscsi.c |   12 
 1 file changed, 12 insertions(+)

diff --git a/block/iscsi.c b/block/iscsi.c
index 85131b7..8747fc3 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -367,6 +367,12 @@ static int coroutine_fn iscsi_co_writev(BlockDriverState 
*bs,
 return -EINVAL;
 }
 
+if (bs->bl.max_transfer_length && nb_sectors > bs->bl.max_transfer_length) 
{
+error_report("iSCSI Error: Write of %d sectors exceeds max_xfer_len "
+ "of %d sectors.", nb_sectors, bs->bl.max_transfer_length);
+return -EINVAL;
+}
+
 lba = sector_qemu2lun(sector_num, iscsilun);
 num_sectors = sector_qemu2lun(nb_sectors, iscsilun);
 iscsi_co_init_iscsitask(iscsilun, &iTask);
@@ -534,6 +540,12 @@ static int coroutine_fn iscsi_co_readv(BlockDriverState 
*bs,
 return -EINVAL;
 }
 
+if (bs->bl.max_transfer_length && nb_sectors > bs->bl.max_transfer_length) 
{
+error_report("iSCSI Error: Read of %d sectors exceeds max_xfer_len "
+ "of %d sectors.", nb_sectors, bs->bl.max_transfer_length);
+return -EINVAL;
+}
+
 if (iscsilun->lbprz && nb_sectors >= ISCSI_CHECKALLOC_THRES &&
 !iscsi_allocationmap_is_allocated(iscsilun, sector_num, nb_sectors)) {
 int64_t ret;
-- 
1.7.9.5

[Qemu-devel] [PATCHv5 5/6] block/iscsi: limit to INT_MAX throughout iscsi_refresh_limits

[Peter Lieven]

As Max pointed out there is a hidden cast from int64_t to int.
So use the newly introduced nb_sectors_lun2qemu for all
limits.

Signed-off-by: Peter Lieven 
---
 block/iscsi.c |   20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 1ae4add..85131b7 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1468,23 +1468,23 @@ static void iscsi_refresh_limits(BlockDriverState *bs, 
Error **errp)
 
 if (iscsilun->lbp.lbpu) {
 if (iscsilun->bl.max_unmap < 0x) {
-bs->bl.max_discard = sector_lun2qemu(iscsilun->bl.max_unmap,
- iscsilun);
+bs->bl.max_discard = nb_sectors_lun2qemu(iscsilun->bl.max_unmap,
+ iscsilun);
 }
-bs->bl.discard_alignment = sector_lun2qemu(iscsilun->bl.opt_unmap_gran,
-   iscsilun);
+bs->bl.discard_alignment = 
nb_sectors_lun2qemu(iscsilun->bl.opt_unmap_gran,
+   iscsilun);
 }
 
 if (iscsilun->bl.max_ws_len < 0x) {
-bs->bl.max_write_zeroes = sector_lun2qemu(iscsilun->bl.max_ws_len,
-  iscsilun);
+bs->bl.max_write_zeroes = nb_sectors_lun2qemu(iscsilun->bl.max_ws_len,
+  iscsilun);
 }
 if (iscsilun->lbp.lbpws) {
-bs->bl.write_zeroes_alignment = 
sector_lun2qemu(iscsilun->bl.opt_unmap_gran,
-iscsilun);
+bs->bl.write_zeroes_alignment = 
nb_sectors_lun2qemu(iscsilun->bl.opt_unmap_gran,
+iscsilun);
 }
-bs->bl.opt_transfer_length = sector_lun2qemu(iscsilun->bl.opt_xfer_len,
- iscsilun);
+bs->bl.opt_transfer_length = nb_sectors_lun2qemu(iscsilun->bl.opt_xfer_len,
+ iscsilun);
 }
 
 /* Since iscsi_open() ignores bdrv_flags, there is nothing to do here in
-- 
1.7.9.5

[Qemu-devel] [PATCHv5 1/6] util: introduce MIN_NON_ZERO

[Peter Lieven]

at least in block layer we have the case of limits being defined for a
BlockDriverState. However, in this context often zero (0) has the special
meanining of undefined which means no limit. If two of those limits are
combined and the minimum is needed the minimum function should only return
zero if both parameters are zero.

Signed-off-by: Peter Lieven 
---
 include/qemu/osdep.h |6 ++
 1 file changed, 6 insertions(+)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 1565404..bcdf088 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -68,6 +68,12 @@ typedef signed int  int_fast16_t;
 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
 #endif
 
+/* Minimum function that returns zero only iff both values are zero.
+ * Intended for use with unsigned values only. */
+#ifndef MIN_NON_ZERO
+#define MIN_NON_ZERO(a, b) (((a != 0) && (a) < (b)) ? (a) : (b))
+#endif
+
 #ifndef ROUND_UP
 #define ROUND_UP(n,d) (((n) + (d) - 1) & -(d))
 #endif
-- 
1.7.9.5

[Qemu-devel] [PATCHv5 2/6] BlockLimits: introduce max_transfer_length

[Peter Lieven]

Signed-off-by: Peter Lieven 
Reviewed-by: Max Reitz 
---
 block.c   |4 
 include/block/block_int.h |3 +++
 2 files changed, 7 insertions(+)

diff --git a/block.c b/block.c
index 88f6d9b..76fcc1d 100644
--- a/block.c
+++ b/block.c
@@ -519,6 +519,7 @@ void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
 return;
 }
 bs->bl.opt_transfer_length = bs->file->bl.opt_transfer_length;
+bs->bl.max_transfer_length = bs->file->bl.max_transfer_length;
 bs->bl.opt_mem_alignment = bs->file->bl.opt_mem_alignment;
 } else {
 bs->bl.opt_mem_alignment = 512;
@@ -533,6 +534,9 @@ void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
 bs->bl.opt_transfer_length =
 MAX(bs->bl.opt_transfer_length,
 bs->backing_hd->bl.opt_transfer_length);
+bs->bl.max_transfer_length =
+MIN_NON_ZERO(bs->bl.max_transfer_length,
+ bs->backing_hd->bl.max_transfer_length);
 bs->bl.opt_mem_alignment =
 MAX(bs->bl.opt_mem_alignment,
 bs->backing_hd->bl.opt_mem_alignment);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 8898c6c..a293e92 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -289,6 +289,9 @@ typedef struct BlockLimits {
 /* optimal transfer length in sectors */
 int opt_transfer_length;
 
+/* maximal transfer length in sectors */
+int max_transfer_length;
+
 /* memory alignment so that no bounce buffer is needed */
 size_t opt_mem_alignment;
 } BlockLimits;
-- 
1.7.9.5

[Qemu-devel] [PATCHv5 3/6] block/iscsi: set max_transfer_length

[Peter Lieven]

Copy the max_xfer_len from the BlockLimits VPD or use the
maximum value fitting in the CDB.

Signed-off-by: Peter Lieven 
---
 block/iscsi.c |   17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 233f462..1ae4add 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -297,6 +297,11 @@ static int64_t sector_lun2qemu(int64_t sector, IscsiLun 
*iscsilun)
 return sector * iscsilun->block_size / BDRV_SECTOR_SIZE;
 }
 
+static int nb_sectors_lun2qemu(int64_t sector, IscsiLun *iscsilun)
+{
+return MIN(sector_lun2qemu(sector, iscsilun), INT_MAX);
+}
+
 static int64_t sector_qemu2lun(int64_t sector, IscsiLun *iscsilun)
 {
 return sector * BDRV_SECTOR_SIZE / iscsilun->block_size;
@@ -1449,10 +1454,18 @@ static void iscsi_close(BlockDriverState *bs)
 
 static void iscsi_refresh_limits(BlockDriverState *bs, Error **errp)
 {
-IscsiLun *iscsilun = bs->opaque;
-
 /* We don't actually refresh here, but just return data queried in
  * iscsi_open(): iscsi targets don't change their limits. */
+
+IscsiLun *iscsilun = bs->opaque;
+uint32_t max_xfer_len = iscsilun->use_16_for_rw ? 0x : 0x;
+
+if (iscsilun->bl.max_xfer_len) {
+max_xfer_len = MIN(max_xfer_len, iscsilun->bl.max_xfer_len);
+}
+
+bs->bl.max_transfer_length = nb_sectors_lun2qemu(max_xfer_len, iscsilun);
+
 if (iscsilun->lbp.lbpu) {
 if (iscsilun->bl.max_unmap < 0x) {
 bs->bl.max_discard = sector_lun2qemu(iscsilun->bl.max_unmap,
-- 
1.7.9.5

[Qemu-devel] [PATCHv3 1/6] block: add accounting for merged requests

[Peter Lieven]

Signed-off-by: Peter Lieven 
---
 block.c|2 ++
 block/accounting.c |7 +++
 block/qapi.c   |1 +
 hmp.c  |4 +++-
 include/block/accounting.h |3 +++
 qapi/block-core.json   |7 ++-
 6 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index 88f6d9b..d13b87e 100644
--- a/block.c
+++ b/block.c
@@ -4477,6 +4477,8 @@ static int multiwrite_merge(BlockDriverState *bs, 
BlockRequest *reqs,
 }
 }
 
+block_merge_done(&bs->stats, BLOCK_ACCT_WRITE, num_reqs - outidx - 1);
+
 return outidx + 1;
 }
 
diff --git a/block/accounting.c b/block/accounting.c
index edbb1cc..f3162d1 100644
--- a/block/accounting.c
+++ b/block/accounting.c
@@ -52,3 +52,10 @@ void block_acct_highest_sector(BlockAcctStats *stats, 
int64_t sector_num,
 stats->wr_highest_sector = sector_num + nb_sectors - 1;
 }
 }
+
+void block_merge_done(BlockAcctStats *stats, enum BlockAcctType type,
+  int num_requests)
+{
+assert(type < BLOCK_MAX_IOTYPE);
+stats->merged[type] += num_requests;
+}
diff --git a/block/qapi.c b/block/qapi.c
index 1301144..28ea4db 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -338,6 +338,7 @@ static BlockStats *bdrv_query_stats(const BlockDriverState 
*bs)
 s->stats->wr_bytes = bs->stats.nr_bytes[BLOCK_ACCT_WRITE];
 s->stats->rd_operations = bs->stats.nr_ops[BLOCK_ACCT_READ];
 s->stats->wr_operations = bs->stats.nr_ops[BLOCK_ACCT_WRITE];
+s->stats->wr_merged = bs->stats.merged[BLOCK_ACCT_WRITE];
 s->stats->wr_highest_offset =
 bs->stats.wr_highest_sector * BDRV_SECTOR_SIZE;
 s->stats->flush_operations = bs->stats.nr_ops[BLOCK_ACCT_FLUSH];
diff --git a/hmp.c b/hmp.c
index 63d7686..5741dfd 100644
--- a/hmp.c
+++ b/hmp.c
@@ -419,6 +419,7 @@ void hmp_info_blockstats(Monitor *mon, const QDict *qdict)
" wr_total_time_ns=%" PRId64
" rd_total_time_ns=%" PRId64
" flush_total_time_ns=%" PRId64
+   " wr_merged=%" PRId64
"\n",
stats->value->stats->rd_bytes,
stats->value->stats->wr_bytes,
@@ -427,7 +428,8 @@ void hmp_info_blockstats(Monitor *mon, const QDict *qdict)
stats->value->stats->flush_operations,
stats->value->stats->wr_total_time_ns,
stats->value->stats->rd_total_time_ns,
-   stats->value->stats->flush_total_time_ns);
+   stats->value->stats->flush_total_time_ns,
+   stats->value->stats->wr_merged);
 }
 
 qapi_free_BlockStatsList(stats_list);
diff --git a/include/block/accounting.h b/include/block/accounting.h
index 50b42b3..07394f7 100644
--- a/include/block/accounting.h
+++ b/include/block/accounting.h
@@ -39,6 +39,7 @@ typedef struct BlockAcctStats {
 uint64_t nr_bytes[BLOCK_MAX_IOTYPE];
 uint64_t nr_ops[BLOCK_MAX_IOTYPE];
 uint64_t total_time_ns[BLOCK_MAX_IOTYPE];
+uint64_t merged[BLOCK_MAX_IOTYPE];
 uint64_t wr_highest_sector;
 } BlockAcctStats;
 
@@ -53,5 +54,7 @@ void block_acct_start(BlockAcctStats *stats, BlockAcctCookie 
*cookie,
 void block_acct_done(BlockAcctStats *stats, BlockAcctCookie *cookie);
 void block_acct_highest_sector(BlockAcctStats *stats, int64_t sector_num,
unsigned int nb_sectors);
+void block_merge_done(BlockAcctStats *stats, enum BlockAcctType type,
+  int num_requests);
 
 #endif
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 8f7089e..2095f9e 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -392,13 +392,18 @@
 # growable sparse files (like qcow2) that are used on top
 # of a physical device.
 #
+# @wr_merged: Number of requests that have been merged into another request
+# while performing a multiwrite_merge. (Since 2.2)
+#
+#
 # Since: 0.14.0
 ##
 { 'type': 'BlockDeviceStats',
   'data': {'rd_bytes': 'int', 'wr_bytes': 'int', 'rd_operations': 'int',
'wr_operations': 'int', 'flush_operations': 'int',
'flush_total_time_ns': 'int', 'wr_total_time_ns': 'int',
-   'rd_total_time_ns': 'int', 'wr_highest_offset': 'int' } }
+   'rd_total_time_ns': 'int', 'wr_highest_offset': 'int',
+   'wr_merged': 'int' } }
 
 ##
 # @BlockStats:
-- 
1.7.9.5

[Qemu-devel] [PATCHv3 2/6] block: introduce bdrv_runtime_opts

[Peter Lieven]

This patch (orginally by Kevin) adds a bdrv_runtime_opts QemuOptsList.
The list will absorb all options that belong to the BDS (and not the
BlockBackend) and will be parsed and handled in bdrv_open_common.

Signed-off-by: Kevin Wolf 
Signed-off-by: Peter Lieven 
Reviewed-by: Max Reitz 
---
 block.c |   38 +-
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index d13b87e..f05ea0c 100644
--- a/block.c
+++ b/block.c
@@ -27,6 +27,7 @@
 #include "block/block_int.h"
 #include "block/blockjob.h"
 #include "qemu/module.h"
+#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qjson.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/sysemu.h"
@@ -875,6 +876,19 @@ static void bdrv_assign_node_name(BlockDriverState *bs,
 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
 }
 
+static QemuOptsList bdrv_runtime_opts = {
+.name = "bdrv_common",
+.head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
+.desc = {
+{
+.name = "node-name",
+.type = QEMU_OPT_STRING,
+.help = "Node name of the block device node",
+},
+{ /* end of list */ }
+},
+};
+
 /*
  * Common part for opening disk images and files
  *
@@ -886,6 +900,7 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockDriverState *file,
 int ret, open_flags;
 const char *filename;
 const char *node_name = NULL;
+QemuOpts *opts;
 Error *local_err = NULL;
 
 assert(drv != NULL);
@@ -906,19 +921,28 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockDriverState *file,
 
 trace_bdrv_open_common(bs, filename ?: "", flags, drv->format_name);
 
-node_name = qdict_get_try_str(options, "node-name");
+opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
+qemu_opts_absorb_qdict(opts, options, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+ret = -EINVAL;
+goto fail_opts;
+}
+
+node_name = qemu_opt_get(opts, "node-name");
 bdrv_assign_node_name(bs, node_name, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
-return -EINVAL;
+ret = -EINVAL;
+goto fail_opts;
 }
-qdict_del(options, "node-name");
 
 /* bdrv_open() with directly using a protocol as drv. This layer is already
  * opened, so assign it to bs (while file becomes a closed 
BlockDriverState)
  * and return immediately. */
 if (file != NULL && drv->bdrv_file_open) {
 bdrv_swap(file, bs);
+qemu_opts_del(opts);
 return 0;
 }
 
@@ -936,7 +960,8 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockDriverState *file,
 ? "Driver '%s' can only be used for read-only devices"
 : "Driver '%s' is not whitelisted",
drv->format_name);
-return -ENOTSUP;
+ret = -ENOTSUP;
+goto fail_opts;
 }
 
 assert(bs->copy_on_read == 0); /* bdrv_new() and bdrv_close() make it so */
@@ -945,7 +970,8 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockDriverState *file,
 bdrv_enable_copy_on_read(bs);
 } else {
 error_setg(errp, "Can't use copy-on-read on read-only device");
-return -EINVAL;
+ret = -EINVAL;
+goto fail_opts;
 }
 }
 
@@ -1010,6 +1036,8 @@ free_and_fail:
 g_free(bs->opaque);
 bs->opaque = NULL;
 bs->drv = NULL;
+fail_opts:
+qemu_opts_del(opts);
 return ret;
 }
 
-- 
1.7.9.5

[Qemu-devel] [PATCHv3 4/6] hw/virtio-blk: add a constant for max number of merged requests

[Peter Lieven]

As it was not obvious (at least for me) where the 32 comes from;
add a constant for it.

Signed-off-by: Peter Lieven 
Reviewed-by: Max Reitz 
---
 hw/block/virtio-blk.c |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index b19b102..ee7789f 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -308,6 +308,8 @@ static bool virtio_blk_sect_range_ok(VirtIOBlock *dev,
 return true;
 }
 
+#define MAX_MERGE_REQS 32
+
 static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
 {
 BlockRequest *blkreq;
@@ -326,7 +328,7 @@ static void virtio_blk_handle_write(VirtIOBlockReq *req, 
MultiReqBuffer *mrb)
 block_acct_start(blk_get_stats(req->dev->blk), &req->acct, req->qiov.size,
  BLOCK_ACCT_WRITE);
 
-if (mrb->num_writes == 32) {
+if (mrb->num_writes == MAX_MERGE_REQS) {
 virtio_submit_multiwrite(req->dev->blk, mrb);
 }
 
-- 
1.7.9.5

[Qemu-devel] [PATCHv3 3/6] block: add a knob to disable multiwrite_merge

[Peter Lieven]

The block layer silently merges write requests since
commit 40b4f539. This patch adds a knob to disable
this feature as there has been some discussion lately
if multiwrite is a good idea at all and as it falsifies
benchmarks.

Signed-off-by: Peter Lieven 
Reviewed-by: Max Reitz 
---
 block.c   |9 +
 block/qapi.c  |1 +
 hmp.c |4 
 include/block/block_int.h |1 +
 qapi/block-core.json  |   10 +-
 qemu-options.hx   |1 +
 qmp-commands.hx   |2 ++
 7 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/block.c b/block.c
index f05ea0c..f3da5dd 100644
--- a/block.c
+++ b/block.c
@@ -884,6 +884,10 @@ static QemuOptsList bdrv_runtime_opts = {
 .name = "node-name",
 .type = QEMU_OPT_STRING,
 .help = "Node name of the block device node",
+},{
+.name = "write-merging",
+.type = QEMU_OPT_BOOL,
+.help = "enable write merging (default: true)",
 },
 { /* end of list */ }
 },
@@ -986,6 +990,7 @@ static int bdrv_open_common(BlockDriverState *bs, 
BlockDriverState *file,
 bs->opaque = g_malloc0(drv->instance_size);
 
 bs->enable_write_cache = !!(flags & BDRV_O_CACHE_WB);
+bs->write_merging = qemu_opt_get_bool(opts, "write-merging", true);
 
 /* Open the image, either directly or using a protocol */
 if (drv->bdrv_file_open) {
@@ -4451,6 +4456,10 @@ static int multiwrite_merge(BlockDriverState *bs, 
BlockRequest *reqs,
 {
 int i, outidx;
 
+if (!bs->write_merging) {
+return num_reqs;
+}
+
 // Sort requests by start sector
 qsort(reqs, num_reqs, sizeof(*reqs), &multiwrite_req_compare);
 
diff --git a/block/qapi.c b/block/qapi.c
index 28ea4db..9136705 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -59,6 +59,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockDriverState *bs)
 
 info->backing_file_depth = bdrv_get_backing_file_depth(bs);
 info->detect_zeroes = bs->detect_zeroes;
+info->write_merging = bs->write_merging;
 
 if (bs->io_limits_enabled) {
 ThrottleConfig cfg;
diff --git a/hmp.c b/hmp.c
index 5741dfd..48b85dd 100644
--- a/hmp.c
+++ b/hmp.c
@@ -348,6 +348,10 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)

BlockdevDetectZeroesOptions_lookup[info->value->inserted->detect_zeroes]);
 }
 
+if (!info->value->inserted->write_merging) {
+monitor_printf(mon, "Write Merging:off\n");
+}
+
 if (info->value->inserted->bps
 || info->value->inserted->bps_rd
 || info->value->inserted->bps_wr
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 8898c6c..e3d382f 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -402,6 +402,7 @@ struct BlockDriverState {
 
 QDict *options;
 BlockdevDetectZeroesOptions detect_zeroes;
+bool write_merging;
 
 /* The error object in use for blocking operations on backing_hd */
 Error *backing_blocker;
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 2095f9e..74d1960 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -214,6 +214,8 @@
 #
 # @detect_zeroes: detect and optimize zero writes (Since 2.1)
 #
+# @write_merging: true if write merging is enabled (Since 2.2)
+#
 # @bps: total throughput limit in bytes per second is specified
 #
 # @bps_rd: read throughput limit in bytes per second is specified
@@ -250,6 +252,7 @@
 '*backing_file': 'str', 'backing_file_depth': 'int',
 'encrypted': 'bool', 'encryption_key_missing': 'bool',
 'detect_zeroes': 'BlockdevDetectZeroesOptions',
+'write_merging': 'bool',
 'bps': 'int', 'bps_rd': 'int', 'bps_wr': 'int',
 'iops': 'int', 'iops_rd': 'int', 'iops_wr': 'int',
 'image': 'ImageInfo',
@@ -1185,6 +1188,10 @@
 # (default: false)
 # @detect-zeroes: #optional detect and optimize zero writes (Since 2.1)
 # (default: off)
+# @write-merging: #optional enable the merging of write requests
+# also known as multiwrite_merge (Since 2.2)
+# (default: true, but this might change in the future
+# depending on format/protocol/features used)
 #
 # Since: 1.7
 ##
@@ -1198,7 +1205,8 @@
 '*rerror': 'BlockdevOnError',
 '*werror': 'BlockdevOnError',
 '*read-only': 'bool',
-'*detect-zeroes': 'BlockdevDetectZeroesOptions' } }
+'*detect-zeroes': 'BlockdevDetectZeroesOptions',
+'*write-merging': 'bool' } }
 
 ##
 # @BlockdevOptionsFile
diff --git a/qemu-options.hx b/qemu-options.hx
index 22cf3b9..d2f756f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -432,6 +432,7 @@ DEF("drive", HAS_ARG, QEMU_OPTION_drive,
 "   
[,werror=ignore|stop|report|enospc][,id=name][,aio=t

[Qemu-devel] [PATCHv3 5/6] block: add qemu-iotest for write-merge parameter

[Peter Lieven]

Signed-off-by: Peter Lieven 
---
 tests/qemu-iotests/109 |  113 
 tests/qemu-iotests/109.out |   68 ++
 tests/qemu-iotests/group   |1 +
 3 files changed, 182 insertions(+)
 create mode 100755 tests/qemu-iotests/109
 create mode 100644 tests/qemu-iotests/109.out

diff --git a/tests/qemu-iotests/109 b/tests/qemu-iotests/109
new file mode 100755
index 000..5ee0383
--- /dev/null
+++ b/tests/qemu-iotests/109
@@ -0,0 +1,113 @@
+#!/bin/bash
+#
+# Test if write-merging parameter is applied correctly
+#
+# Copyright (C) 2014 Peter Lieven 
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=p...@kamp.de
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt raw
+_supported_proto file
+_supported_os Linux
+
+function do_run_qemu()
+{
+echo Testing: "$@"
+$QEMU -nographic -qmp stdio -serial none "$@"
+echo
+}
+
+function run_qemu()
+{
+do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp
+}
+
+size=128M
+
+_make_test_img $size
+
+echo
+echo === write-merging not specified ===
+echo
+
+run_qemu -drive file=$TEST_IMG,format=$IMGFMT,if=virtio,file.node-name=file 
<

[Qemu-devel] [PATCHv3 0/6] multiwrite patches for 2.2

[Peter Lieven]

This adds some preparing patches for upcoming multiwrite modifications.
I will leave the dangerous patches for after 2.2 release.

Due to oversized lines in the iotest output please pull from:
 g...@github.com:plieven/qemu.git -b multiwrite_22_v3

v2->v3: - Removed statistic output for merged read requests [Eric]
- Fixed double s-o-b line in Patch 3 [Eric]
- Fixed iotest in Patch 5 [Max]. Renamed from 108 to 109.

v1->v2: - incorporated Max's comments, but did not display the default
  value for write merging (Patch 3) in the HMP since we do not
  do it for other commands. I would change this when the default
  changes.
- added an iotest for the write-merging cmdline parameter [Max]
- fixed iotest 067 output

Peter Lieven (6):
  block: add accounting for merged requests
  block: introduce bdrv_runtime_opts
  block: add a knob to disable multiwrite_merge
  hw/virtio-blk: add a constant for max number of merged requests
  block: add qemu-iotest for write-merge parameter
  block: fix qemu-iotest reference output for test 067

 block.c|   49 +--
 block/accounting.c |7 +++
 block/qapi.c   |2 +
 hmp.c  |8 +++-
 hw/block/virtio-blk.c  |4 +-
 include/block/accounting.h |3 ++
 include/block/block_int.h  |1 +
 qapi/block-core.json   |   17 ++-
 qemu-options.hx|1 +
 qmp-commands.hx|2 +
 tests/qemu-iotests/067.out |   10 ++--
 tests/qemu-iotests/109 |  113 
 tests/qemu-iotests/109.out |   68 ++
 tests/qemu-iotests/group   |1 +
 14 files changed, 272 insertions(+), 14 deletions(-)
 create mode 100755 tests/qemu-iotests/109
 create mode 100644 tests/qemu-iotests/109.out

-- 
1.7.9.5

[Qemu-devel] [PATCHv3 6/6] block: fix qemu-iotest reference output for test 067

[Peter Lieven]

Output is changed by the addition of the write-merging parameter

Signed-off-by: Peter Lieven 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/067.out |   10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/qemu-iotests/067.out b/tests/qemu-iotests/067.out
index 0f72dcf..1944b9a 100644
--- a/tests/qemu-iotests/067.out
+++ b/tests/qemu-iotests/067.out
@@ -6,7 +6,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,if=none,id=disk -device 
virtio-blk-pci,drive=disk,id=virtio0
 QMP_VERSION
 {"return": {}}
-{"return": [{"io-status": "ok", "device": "disk", "locked": false, 
"removable": false, "inserted": {"iops_rd": 0, "detect_zeroes": "off", "image": 
{"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 
65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": 
"qcow2", "data": {"compat": "1.1", "lazy-refcounts": false, "corrupt": false}}, 
"dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, 
"drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 
0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "type": 
"unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, 
"removable": true, "tray_open": false, "type": "unknown"}, {"device": 
"floppy0", "locked": false, "removable": true, "tray_open": false, "type": 
"unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": 
false, "type": "unknown"}]}
+{"return": [{"io-status": "ok", "device": "disk", "locked": false, 
"removable": false, "inserted": {"iops_rd": 0, "detect_zeroes": "off", 
"write_merging": true, "image": {"virtual-size": 134217728, "filename": 
"TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 
SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", 
"lazy-refcounts": false, "corrupt": false}}, "dirty-flag": false}, "iops_wr": 
0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 
0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", 
"encryption_key_missing": false}, "type": "unknown"}, {"io-status": "ok", 
"device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, 
"type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, 
"tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, 
"removable": true, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"DEVICE_DELETED", "data": {"path": 
"/machine/peripheral/virtio0/virtio-backend"}}
@@ -24,7 +24,7 @@ QMP_VERSION
 Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,if=none,id=disk
 QMP_VERSION
 {"return": {}}
-{"return": [{"device": "disk", "locked": false, "removable": true, "inserted": 
{"iops_rd": 0, "detect_zeroes": "off", "image": {"virtual-size": 134217728, 
"filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", 
"actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": 
"1.1", "lazy-refcounts": false, "corrupt": false}}, "dirty-flag": false}, 
"iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, 
"bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": 
"TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, 
"type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, 
"removable": true, "tray_open": false, "type": "unknown"}, {"device": 
"floppy0", "locked": false, "removable": true, "tray_open": false, "type": 
"unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": 
false, "type": "unknown"}]}
+{"return": [{"device": "disk", "locked": false, "removable": true, "inserted": 
{"iops_rd": 0, "detect_zeroes": "off", "write_merging": true, "image": 
{"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 
65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": 
"qcow2", "data": {"compat": "1.1", "lazy-refcounts": false, "corrupt": false}}, 
"dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, 
"drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 
0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": 
false, "type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": 
false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": 
"floppy0", "locked": false, "removable": true, "tray_open": false, "type": 
"unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": 
false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"return": {}}
@@ -44,7 +44,7 @@ Testing:
 QMP_VERSION
 {"return": {}}
 {"return": "OK\r\n"}
-{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, 
"removable": true, "tray_open": false, "type": "unknown"}, {"device":

[Qemu-devel] Solaris 8 SPARC, Web Start Launcher Crashing

[P. Wilhelm]

In late May of 2011, Brian Vandenberg queried this group about failures 
he was having trying to install Solaris 8 SPARC 02/04 on a Qemu VM. The 
interaction seemed to have ended with Blue Swirl indicating that Brian 
should run with "-d in_ascm,int" and that the debug output would likely 
be useful near the end of the output. I did searches on the mailing list 
from Brian's name but did not find another thread where his original was 
followed up on.



Recently and without knowledge of the above, I began trying to to 
install Solaris 8 SPARC 10/01 into a Qemu VM using the git head (as of 
10/25/2014) and openBIOS r1321. After struggling for a while, I found 
that the installations were failing during install when java was called 
to create the sysidcfg file. The error I am seeing is much like some of 
those posted in May 2011 by Brian V.



I am running with the following command line options:

qemu-system-sparc \

-bios openbios-builtin-sparc32.elf \

-hda test.disk \

-cdrom Solaris8Install.iso \

-prom-env 'auto-boot?=false' -m 256 -nographic


The hard drive is a qcow2 image formatted using Solaris 8 install CD 
(booted Qemu in single user mode from CD) 'format' command to create a 
36G Solaris disk.



The initial format and software load appears to work without problem. 
Then after reboot using the hard disk to boot, "Web Start Solaris 
Command Line installation" comes up and says that it will ask about 
system identification information (Network, Name Service, Date and Time, 
etc.). It tells me to "Press Return to continue". I hit return and am 
greeted with:


/sbin/disk0_install[60]: 125 Abort(coredump)


Looking at the /tmp/disk0_install.log file shows that there was a fault 
during execution of "java sysid -nodisplay".



The message from java in the install log was:

signal fault in critical section

signal number: 11, signal code: 1, fault address: 0xeac3, pc: 
0xef2cd448, sp: 0xeb232c58


libthread panic: fault in libthread critical section : dumping core

stacktrace:

ef2cd43c

ef2cf0d4

ef2c8d98

0


I created a debug log as suggested by Blue Swirl in his response to 
Brian V. in May 2011. I am able to find in the file where there is a 
Data Access Fault when the pc is at the above noted location. However, I 
am uncertain what to do with this information. Is this something where I 
should take a couple of hundred lines of the logfile before the above pc 
and Data Access Fault and include it here? Is there is an RTFM I missed? 
If so, oops, sorry (maybe just point me where I should go?).



Respectfully,
Paul W.

Re: [Qemu-devel] [PATCH 0/6] AHCI Device Fixes

[Michael S. Tsirkin]

On Wed, Oct 01, 2014 at 06:55:45PM -0400, John Snow wrote:
> Based off of feedback from the RFC of the same name,
> this series batches together a group of fixes that
> improve the AHCI device to fix a number of bugs.
> 
> A number of fixes included in the RFC that provide more
> radical changes are omitted for now in favor of a smaller,
> more easily reviewable set for QEMU 2.2.

I've been running with this for a while now,
and this patchset seems to have solved the
problems that I observed with random hangs of
windows on AHCI.

Tested-by: Michael S. Tsirkin 

> In summary:
> 
> Patch #1 and #6 correct the format of FIS packet responses
> that are available to the guest operating system upon interrupt.
> 
> Patch #2 corrects an oversight where we do not inform the
> guest how many bytes we've transferred. This is relied upon
> for non-NCQ modes and in some early bootup and shutdown code.
> 
> Patch #5 corrects cases with malformed scatter-gather lists that
> may cause leaks, or cause QEMU to hang in an allocation loop.
> 
> Patch #4 attempts to continue minimizing the divergence of the
> multiple pathways through the AHCI device by re-using existing
> callbacks.
> 
> Taken together, these patches should allow non-ncq operation
> for Windows hosts, as well as enable hibernation for Windows 7.
> 
> Hibernation for Windows 8 and AHCI remains non-functional.
> 
> John Snow (6):
>   ahci: Correct PIO/D2H FIS responses
>   ahci: Update byte count after DMA completion
>   ide: repair PIO transfers for cases where nsector > 1
>   ahci: unify sglist preparation
>   ide: Correct handling of malformed/short PRDTs
>   ahci: Fix SDB FIS Construction
> 
>  dma-helpers.c |   3 ++
>  hw/ide/ahci.c | 113 
> --
>  hw/ide/ahci.h |   8 
>  hw/ide/core.c |  17 ++--
>  hw/ide/internal.h |   2 +
>  hw/ide/pci.c  |   5 ++-
>  6 files changed, 97 insertions(+), 51 deletions(-)
> 
> -- 
> 1.9.3

[Qemu-devel] network traffic throttling

[William Dauchy]

Hi,

I'm looking for a way to limit the number of PPS using vhost-net
interface in kvm.

I saw http://www.linux-kvm.org/page/NetworkingTodo
network traffic throttling 
block implemented "continuous leaky bucket" for throttling
we can use continuous leaky bucket to network
IOPS/BPS * RX/TX/TOTAL
Developer: Amos Kong

just wondering if someone started to work on it or if they were another
project working on it.

Thanks,
-- 
William


signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH 2/2] intel_iommu: Add support for translation for devices behind bridges.

[Knut Omang]

On Sat, 2014-10-25 at 14:24 +0200, Jan Kiszka wrote:
> On 2014-10-25 13:36, Jan Kiszka wrote:
> > On 2014-10-21 00:34, Knut Omang wrote:
> >> diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
> >> index 40c97b1..e6832c4 100644
> >> --- a/hw/pci/pci_bridge.c
> >> +++ b/hw/pci/pci_bridge.c
> >> @@ -376,8 +376,14 @@ int pci_bridge_initfn(PCIDevice *dev, const char 
> >> *typename)
> >>  sec_bus->address_space_io = &br->address_space_io;
> >>  memory_region_init(&br->address_space_io, OBJECT(br), 
> >> "pci_bridge_io", 65536);
> >>  br->windows = pci_bridge_region_init(br);
> >> +
> >>  QLIST_INIT(&sec_bus->child);
> >>  QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
> >> +
> >> +if (dev->bus->iommu_opaque) {
> >> +pci_setup_iommu(sec_bus, dev->bus->iommu_fn, 
> >> dev->bus->iommu_opaque);
> >> +}
> >> +
> > 
> > So, if I followed the discussion in the cover-letter thread correctly,
> > this should rather move into the bridge device init functions because
> > the PCI[e]-PCI bridge ("pci-bridge") would not call it, right?
> 
> Not right. We need the setup in any case (except for the virtio bridges
> I'm currently thinking of for encapsulating non-translatable virtio
> devices). But something still has to change to reflect the requester ID
> aliasing of the PCIe-PCI bridge, no?

Yes, that's my understanding too.

Knut