Re: [Qemu-devel] [PATCH v2 04/10] block: keep bitmap if incremental backup job is cancelled

[Fam Zheng]

On Mon, 07/06 15:24, Stefan Hajnoczi wrote:
> Reclaim the dirty bitmap if an incremental backup block job is
> cancelled.  The ret variable may be 0 when the job is cancelled so it's
> not enough to check ret < 0.
> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  block/backup.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/block/backup.c b/block/backup.c
> index d3c7d9f..965654d 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -431,7 +431,7 @@ static void coroutine_fn backup_run(void *opaque)
>  
>  if (job->sync_bitmap) {
>  BdrvDirtyBitmap *bm;
> -if (ret < 0) {
> +if (ret < 0 || block_job_is_cancelled(&job->common)) {
>  /* Merge the successor back into the parent, delete nothing. */
>  bm = bdrv_reclaim_dirty_bitmap(bs, job->sync_bitmap, NULL);
>  assert(bm);
> -- 
> 2.4.3
> 

Reviewed-by: Fam Zheng 

[Qemu-devel] [PATCH V3] block/nfs: add support for setting debug level

[Peter Lieven]

upcoming libnfs versions will support logging debug messages. Add
support for it in qemu through a per-drive option.

Examples:
 qemu -drive if=virtio,file=nfs://...,file.debug=2
 qemu-img create -o debug=2 nfs://... 10G

Signed-off-by: Peter Lieven 
---
v2->v3: use a per-drive option instead of a global one. [Stefan]
v1->v2: reworked patch to accept the debug level as a cmdline
parameter instead of an URI parameter [Stefan]

 block/nfs.c  | 28 
 qapi/block-core.json | 20 
 2 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/block/nfs.c b/block/nfs.c
index c026ff6..72a4247 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -233,6 +233,11 @@ static QemuOptsList runtime_opts = {
 .type = QEMU_OPT_STRING,
 .help = "URL to the NFS file",
 },
+{
+.name = "debug",
+.type = QEMU_OPT_NUMBER,
+.help = "Set libnfs debug level (default 0 = no debug)",
+},
 { /* end of list */ }
 },
 };
@@ -277,9 +282,9 @@ static void nfs_file_close(BlockDriverState *bs)
 }
 
 static int64_t nfs_client_open(NFSClient *client, const char *filename,
-   int flags, Error **errp)
+   int flags, QemuOpts *opts, Error **errp)
 {
-int ret = -EINVAL, i;
+int ret = -EINVAL, i, debug;
 struct stat st;
 URI *uri;
 QueryParams *qp = NULL;
@@ -343,6 +348,16 @@ static int64_t nfs_client_open(NFSClient *client, const 
char *filename,
 }
 }
 
+debug = qemu_opt_get_number(opts, "debug", 0);
+if (debug) {
+#ifdef LIBNFS_FEATURE_DEBUG
+nfs_set_debug(client->context, debug);
+#else
+error_report("NFS Warning: The linked version of libnfs does"
+ " not support setting debug levels");
+#endif
+}
+
 ret = nfs_mount(client->context, uri->server, uri->path);
 if (ret < 0) {
 error_setg(errp, "Failed to mount nfs share: %s",
@@ -405,7 +420,7 @@ static int nfs_file_open(BlockDriverState *bs, QDict 
*options, int flags,
 }
 ret = nfs_client_open(client, qemu_opt_get(opts, "filename"),
   (flags & BDRV_O_RDWR) ? O_RDWR : O_RDONLY,
-  errp);
+  opts, errp);
 if (ret < 0) {
 goto out;
 }
@@ -425,6 +440,11 @@ static QemuOptsList nfs_create_opts = {
 .type = QEMU_OPT_SIZE,
 .help = "Virtual disk size"
 },
+{
+.name = "debug",
+.type = QEMU_OPT_NUMBER,
+.help = "Set libnfs debug level (default 0 = no debug)",
+},
 { /* end of list */ }
 }
 };
@@ -441,7 +461,7 @@ static int nfs_file_create(const char *url, QemuOpts *opts, 
Error **errp)
 total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
   BDRV_SECTOR_SIZE);
 
-ret = nfs_client_open(client, url, O_CREAT, errp);
+ret = nfs_client_open(client, url, O_CREAT, opts, errp);
 if (ret < 0) {
 goto out;
 }
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7b2efb8..f43a1b1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1381,9 +1381,9 @@
 { 'enum': 'BlockdevDriver',
   'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop',
 'dmg', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
-'host_floppy', 'http', 'https', 'null-aio', 'null-co', 'parallels',
-'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp', 'vdi', 'vhdx',
-'vmdk', 'vpc', 'vvfat' ] }
+'host_floppy', 'http', 'https', 'nfs', 'null-aio', 'null-co',
+'parallels', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp',
+'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
 
 ##
 # @BlockdevOptionsBase
@@ -1635,6 +1635,18 @@
 '*vport': 'int',
 '*segment': 'str' } }
 
+##
+# @BlockdevOptionsNFS
+#
+# Driver specific block device options for NFS.
+#
+# @debug:   #optional set libnfs debug level (default: 0 = disabled)
+#
+# Since: 2.4
+##
+{ 'struct': 'BlockdevOptionsNFS',
+  'base': 'BlockdevOptionsFile',
+  'data': { '*debug': 'int' } }
 
 ##
 # @BlkdebugEvent
@@ -1816,7 +1828,7 @@
   'https':  'BlockdevOptionsFile',
 # TODO iscsi: Wait for structured options
 # TODO nbd: Should take InetSocketAddress for 'host'?
-# TODO nfs: Wait for structured options
+  'nfs':'BlockdevOptionsNFS',
   'null-aio':   'BlockdevOptionsNull',
   'null-co':'BlockdevOptionsNull',
   'parallels':  'BlockdevOptionsGenericFormat',
-- 
1.9.1

Re: [Qemu-devel] [PATCH v2 03/10] block: rename BlkTransactionState and BdrvActionOps

[Fam Zheng]

On Mon, 07/06 15:24, Stefan Hajnoczi wrote:
> From: John Snow 
> 
> These structures are misnomers, somewhat.
> 
> (1) BlockTransactionState is not state for a transaction,
> but is rather state for a single transaction action.
> Rename it "BlkActionState" to be more accurate.
> 
> (2) The BdrvActionOps describes operations for the BlkActionState,
> above. This name might imply a 'BdrvAction' or a 'BdrvActionState',
> which there isn't.
> Rename this to 'BlkActionOps' to match 'BlkActionState'.
> 
> Lastly, update the surrounding in-line documentation and comments
> to reflect the current nature of how Transactions operate.
> 
> This patch changes only comments and names, and should not affect
> behavior in any way.
> 
> Signed-off-by: John Snow 
> Reviewed-by: Max Reitz 
> Reviewed-by: Stefan Hajnoczi 
> Signed-off-by: Stefan Hajnoczi 

Reviewed-by: Fam Zheng 

> ---
>  blockdev.c | 116 
> ++---
>  1 file changed, 65 insertions(+), 51 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index a4d8f65..0ab8ad9 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1240,43 +1240,57 @@ static BdrvDirtyBitmap 
> *block_dirty_bitmap_lookup(const char *node,
>  
>  /* New and old BlockDriverState structs for atomic group operations */
>  
> -typedef struct BlkTransactionState BlkTransactionState;
> +typedef struct BlkActionState BlkActionState;
>  
> -/* Only prepare() may fail. In a single transaction, only one of commit() or
> -   abort() will be called, clean() will always be called if it present. */
> -typedef struct BdrvActionOps {
> -/* Size of state struct, in bytes. */
> +/**
> + * BlkActionOps:
> + * Table of operations that define an Action.
> + *
> + * @instance_size: Size of state struct, in bytes.
> + * @prepare: Prepare the work, must NOT be NULL.
> + * @commit: Commit the changes, can be NULL.
> + * @abort: Abort the changes on fail, can be NULL.
> + * @clean: Clean up resources after all transaction actions have called
> + * commit() or abort(). Can be NULL.
> + *
> + * Only prepare() may fail. In a single transaction, only one of commit() or
> + * abort() will be called. clean() will always be called if it is present.
> + */
> +typedef struct BlkActionOps {
>  size_t instance_size;
> -/* Prepare the work, must NOT be NULL. */
> -void (*prepare)(BlkTransactionState *common, Error **errp);
> -/* Commit the changes, can be NULL. */
> -void (*commit)(BlkTransactionState *common);
> -/* Abort the changes on fail, can be NULL. */
> -void (*abort)(BlkTransactionState *common);
> -/* Clean up resource in the end, can be NULL. */
> -void (*clean)(BlkTransactionState *common);
> -} BdrvActionOps;
> +void (*prepare)(BlkActionState *common, Error **errp);
> +void (*commit)(BlkActionState *common);
> +void (*abort)(BlkActionState *common);
> +void (*clean)(BlkActionState *common);
> +} BlkActionOps;
>  
> -/*
> - * This structure must be arranged as first member in child type, assuming
> - * that compiler will also arrange it to the same address with parent 
> instance.
> - * Later it will be used in free().
> +/**
> + * BlkActionState:
> + * Describes one Action's state within a Transaction.
> + *
> + * @action: QAPI-defined enum identifying which Action to perform.
> + * @ops: Table of ActionOps this Action can perform.
> + * @entry: List membership for all Actions in this Transaction.
> + *
> + * This structure must be arranged as first member in a subclassed type,
> + * assuming that the compiler will also arrange it to the same offsets as the
> + * base class.
>   */
> -struct BlkTransactionState {
> +struct BlkActionState {
>  TransactionAction *action;
> -const BdrvActionOps *ops;
> -QSIMPLEQ_ENTRY(BlkTransactionState) entry;
> +const BlkActionOps *ops;
> +QSIMPLEQ_ENTRY(BlkActionState) entry;
>  };
>  
>  /* internal snapshot private data */
>  typedef struct InternalSnapshotState {
> -BlkTransactionState common;
> +BlkActionState common;
>  BlockDriverState *bs;
>  AioContext *aio_context;
>  QEMUSnapshotInfo sn;
>  } InternalSnapshotState;
>  
> -static void internal_snapshot_prepare(BlkTransactionState *common,
> +static void internal_snapshot_prepare(BlkActionState *common,
>Error **errp)
>  {
>  Error *local_err = NULL;
> @@ -1372,7 +1386,7 @@ static void 
> internal_snapshot_prepare(BlkTransactionState *common,
>  state->bs = bs;
>  }
>  
> -static void internal_snapshot_abort(BlkTransactionState *common)
> +static void internal_snapshot_abort(BlkActionState *common)
>  {
>  InternalSnapshotState *state =
>   DO_UPCAST(InternalSnapshotState, common, 
> common);
> @@ -1395,7 +1409,7 @@ static void internal_snapshot_abort(BlkTransactionState 
> *common)
>  }
>  }
>  
> -static void internal_snapshot_clean(BlkTransactionState *common)
> 

Re: [Qemu-devel] [PATCH v2 02/10] iotests: add transactional incremental backup test

[Fam Zheng]

On Mon, 07/06 15:24, Stefan Hajnoczi wrote:
> From: John Snow 
> 
> Test simple usage cases for using transactions to create
> and synchronize incremental backups.
> 
> Signed-off-by: John Snow 
> Reviewed-by: Max Reitz 
> Reviewed-by: Stefan Hajnoczi 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  tests/qemu-iotests/124 | 54 
> ++
>  tests/qemu-iotests/124.out |  4 ++--
>  2 files changed, 56 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/qemu-iotests/124 b/tests/qemu-iotests/124
> index 9ccd118..9c1977e 100644
> --- a/tests/qemu-iotests/124
> +++ b/tests/qemu-iotests/124
> @@ -36,6 +36,23 @@ def try_remove(img):
>  pass
>  
>  
> +def transaction_action(action, **kwargs):
> +return {
> +'type': action,
> +'data': kwargs
> +}
> +
> +
> +def transaction_bitmap_clear(node, name, **kwargs):
> +return transaction_action('block-dirty-bitmap-clear',
> +  node=node, name=name, **kwargs)
> +
> +
> +def transaction_drive_backup(device, target, **kwargs):
> +return transaction_action('drive-backup', device=device, target=target,
> +  **kwargs)
> +
> +
>  class Bitmap:
>  def __init__(self, name, drive):
>  self.name = name
> @@ -264,6 +281,43 @@ class TestIncrementalBackup(iotests.QMPTestCase):
>  return self.do_incremental_simple(granularity=131072)
>  
>  
> +def test_incremental_transaction(self):
> +'''Test: Verify backups made from transactionally created bitmaps.
> +
> +Create a bitmap "before" VM execution begins, then create a second
> +bitmap AFTER writes have already occurred. Use transactions to create
> +a full backup and synchronize both bitmaps to this backup.
> +Create an incremental backup through both bitmaps and verify that
> +both backups match the current drive0 image.
> +'''
> +
> +drive0 = self.drives[0]
> +bitmap0 = self.add_bitmap('bitmap0', drive0)
> +self.hmp_io_writes(drive0['id'], (('0xab', 0, 512),
> +  ('0xfe', '16M', '256k'),
> +  ('0x64', '32736k', '64k')))
> +bitmap1 = self.add_bitmap('bitmap1', drive0)
> +
> +result = self.vm.qmp('transaction', actions=[
> +transaction_bitmap_clear(bitmap0.drive['id'], bitmap0.name),
> +transaction_bitmap_clear(bitmap1.drive['id'], bitmap1.name),
> +transaction_drive_backup(drive0['id'], drive0['backup'],
> + sync='full', format=drive0['fmt'])
> +])
> +self.assert_qmp(result, 'return', {})
> +self.wait_until_completed(drive0['id'])
> +self.files.append(drive0['backup'])
> +
> +self.hmp_io_writes(drive0['id'], (('0x9a', 0, 512),
> +  ('0x55', '8M', '352k'),
> +  ('0x78', '15872k', '1M')))
> +# Both bitmaps should be correctly in sync.
> +self.create_incremental(bitmap0)
> +self.create_incremental(bitmap1)
> +self.vm.shutdown()
> +self.check_backups()
> +
> +
>  def test_incremental_failure(self):
>  '''Test: Verify backups made after a failure are correct.
>  
> diff --git a/tests/qemu-iotests/124.out b/tests/qemu-iotests/124.out
> index 2f7d390..594c16f 100644
> --- a/tests/qemu-iotests/124.out
> +++ b/tests/qemu-iotests/124.out
> @@ -1,5 +1,5 @@
> -...
> +
>  --
> -Ran 7 tests
> +Ran 8 tests
>  
>  OK
> -- 
> 2.4.3
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] vpc size reporting problem

[Peter Lieven]

Am 07.07.2015 um 08:34 schrieb Chun Yan Liu:



On 7/7/2015 at 02:19 PM, in message <559B6F79.237 : 102 : 21807>, Chun Yan Liu

wrote:
  

On 7/7/2015 at 02:03 PM, in message <559b6bbe.3050...@kamp.de>, Peter Lieven

 wrote:

Am 07.07.2015 um 07:59 schrieb Chun Yan Liu:
  

On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter Lieven

 wrote:

Am 07.07.2015 um 03:50 schrieb Chun Yan Liu:

On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter Lieven

 wrote:

Am 06.07.2015 um 11:44 schrieb Chun Yan Liu:

While testing with a 1GB VHD file created on win7, found that the VHD file
size reported on Windows is different from that is reported by qemu-img
info or within a Linux KVM guest.
  
Created a dynamic VHD file on win7, on Windows, it is reported 1024MB

(2097152 sectors). But with qemu-img info or within a Linux KVM guest,
it is reported 1023MB (2096640 sectors).
  
The values in the footer_buf are as follows:

creator_app: "win "
cylinders: 0x820 (2080)
heads: 0x10 (16)
cyl/sec: 0x3f (63)
current_size: 0x4000 (1G)
  
So, if using current_size, it's correct; but using CHS will get a smaller

size.

Should we add a check in this case and use "current_size" instead of
CHS?
   
As far as I remember the issue was and still is that there is no official

spec that says
use current_size in case A and CHS in case B.

Understand.
  
   
If currrent_size is greater than CHS and Windows would use CHS (we don't

know that) we might run into issues if Qemu uses current_size. In this
cas we would write data beyond the end of the container (from Windows
perspective).

That's right. The fact is in our testing we found Windows does not use CHS
but current_size (from testing result), we create and get the VHD parted on
Windows, then take the VHD file into Linux KVM guest, it fails to show

partition

table (since the reported disk size is shrinking, some of the partitions

extend

beyond the end of the disk).
 
Which version of Windows are you referring to?

Tested with WS2012R2 and Win7.
   
Which storage driver?

And imported to a Win7 guest on KVM as IDE device, it's also reported as
1024MB (not CHS value, CHS is 1023MB).


And what storage driver reports 1023MB under Qemu?

Peter

Re: [Qemu-devel] vpc size reporting problem

[Chun Yan Liu]

>>> On 7/7/2015 at 02:19 PM, in message <559B6F79.237 : 102 : 21807>, Chun Yan 
>>> Liu
wrote: 
> 
>  
 On 7/7/2015 at 02:03 PM, in message <559b6bbe.3050...@kamp.de>, Peter 
 Lieven 
>  wrote:  
> > Am 07.07.2015 um 07:59 schrieb Chun Yan Liu:  
>> >  
>>  On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter 
>>  Lieven  
>> >  wrote:  
>> >> Am 07.07.2015 um 03:50 schrieb Chun Yan Liu:  
>> >> On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter 
>> >> Lieven  
>> >>>  wrote:  
>>  Am 06.07.2015 um 11:44 schrieb Chun Yan Liu:  
>> > While testing with a 1GB VHD file created on win7, found that the VHD 
>> > file  
>> > size reported on Windows is different from that is reported by 
>> > qemu-img  
>> > info or within a Linux KVM guest.  
>> >  
>> > Created a dynamic VHD file on win7, on Windows, it is reported 1024MB  
>> > (2097152 sectors). But with qemu-img info or within a Linux KVM guest, 
>> >  
>> > it is reported 1023MB (2096640 sectors).  
>> >  
>> > The values in the footer_buf are as follows:  
>> > creator_app: "win "  
>> > cylinders: 0x820 (2080)  
>> > heads: 0x10 (16)  
>> > cyl/sec: 0x3f (63)  
>> > current_size: 0x4000 (1G)  
>> >  
>> > So, if using current_size, it's correct; but using CHS will get a 
>> > smaller  
>>  size.  
>> > Should we add a check in this case and use "current_size" instead of  
>> > CHS?  
>>    
>>  As far as I remember the issue was and still is that there is no 
>>  official  
>>  spec that says  
>>  use current_size in case A and CHS in case B.  
>> >>> Understand.  
>> >>>  
>>    
>>  If currrent_size is greater than CHS and Windows would use CHS (we 
>>  don't  
>>  know that) we might run into issues if Qemu uses current_size. In this  
>>  cas we would write data beyond the end of the container (from Windows  
>>  perspective).  
>> >>> That's right. The fact is in our testing we found Windows does not use 
>> >>> CHS  
>> >>> but current_size (from testing result), we create and get the VHD parted 
>> >>> on  
>> >>> Windows, then take the VHD file into Linux KVM guest, it fails to show  
>> >> partition  
>> >>> table (since the reported disk size is shrinking, some of the partitions 
>> >>>  
>> >> extend  
>> >>> beyond the end of the disk).  
>> >> 
>> >> Which version of Windows are you referring to?  
>> > Tested with WS2012R2 and Win7.  
>>   
>> Which storage driver?  

And imported to a Win7 guest on KVM as IDE device, it's also reported as
1024MB (not CHS value, CHS is 1023MB).

>  
> I'm not sure. See from "device management" -> "disk drive", it's named as  
> "Msft 
> virtual disk SCSI disk device", and from "storage controller", it has a  
> separate 
> controller named as "Microsoft VHD HBA". Anyway, seems not controlled by 
> ATA/ATAPI. 
>  
>>   
>> I had a look at the specs and in fact they more or less say: Use   
>> current_size  
>> and if you have an ATA controller derive the disk size from CHS.  
>>   
>> Peter  
>>   
>>   
>>   
>  

Re: [Qemu-devel] vpc size reporting problem

[Peter Lieven]

Am 07.07.2015 um 08:19 schrieb Chun Yan Liu:



On 7/7/2015 at 02:03 PM, in message <559b6bbe.3050...@kamp.de>, Peter Lieven

 wrote:

Am 07.07.2015 um 07:59 schrieb Chun Yan Liu:

On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter Lieven

 wrote:

Am 07.07.2015 um 03:50 schrieb Chun Yan Liu:

On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter Lieven

 wrote:

Am 06.07.2015 um 11:44 schrieb Chun Yan Liu:

While testing with a 1GB VHD file created on win7, found that the VHD file
size reported on Windows is different from that is reported by qemu-img
info or within a Linux KVM guest.

Created a dynamic VHD file on win7, on Windows, it is reported 1024MB
(2097152 sectors). But with qemu-img info or within a Linux KVM guest,
it is reported 1023MB (2096640 sectors).

The values in the footer_buf are as follows:
creator_app: "win "
cylinders: 0x820 (2080)
heads: 0x10 (16)
cyl/sec: 0x3f (63)
current_size: 0x4000 (1G)

So, if using current_size, it's correct; but using CHS will get a smaller

size.

Should we add a check in this case and use "current_size" instead of
CHS?
  
As far as I remember the issue was and still is that there is no official

spec that says
use current_size in case A and CHS in case B.

Understand.

  
If currrent_size is greater than CHS and Windows would use CHS (we don't

know that) we might run into issues if Qemu uses current_size. In this
cas we would write data beyond the end of the container (from Windows
perspective).

That's right. The fact is in our testing we found Windows does not use CHS
but current_size (from testing result), we create and get the VHD parted on
Windows, then take the VHD file into Linux KVM guest, it fails to show

partition

table (since the reported disk size is shrinking, some of the partitions

extend

beyond the end of the disk).

Which version of Windows are you referring to?

Tested with WS2012R2 and Win7.
  
Which storage driver?

I'm not sure. See from "device management" -> "disk drive", it's named as "Msft
virtual disk SCSI disk device", and from "storage controller", it has a separate
controller named as "Microsoft VHD HBA". Anyway, seems not controlled by
ATA/ATAPI.


Can you change that to IDE or ATA and check which size windows reports then?

Thanks,
Peter

[Qemu-devel] [PATCH v2] net-hub: Drop can_receive

[Fam Zheng]

This moves the semantics from net_hub_port_can_receive to receive
functions, by returning 0 if all receiving ports return 0. Also,
remember to flush the source port's queue in that case.

Signed-off-by: Fam Zheng 
---
 net/hub.c | 54 +-
 1 file changed, 29 insertions(+), 25 deletions(-)

diff --git a/net/hub.c b/net/hub.c
index 3047f12..5697fad 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -31,6 +31,7 @@ typedef struct NetHubPort {
 QLIST_ENTRY(NetHubPort) next;
 NetHub *hub;
 int id;
+bool needs_flush;
 } NetHubPort;
 
 struct NetHub {
@@ -42,35 +43,58 @@ struct NetHub {
 
 static QLIST_HEAD(, NetHub) hubs = QLIST_HEAD_INITIALIZER(&hubs);
 
+static void net_hub_port_send_cb(NetClientState *nc, ssize_t ret)
+{
+NetHubPort *port = DO_UPCAST(NetHubPort, nc, nc);
+NetHub *hub = port->hub;
+
+QLIST_FOREACH(port, &hub->ports, next) {
+if (port->needs_flush) {
+port->needs_flush = false;
+qemu_flush_queued_packets(&port->nc);
+}
+}
+}
+
 static ssize_t net_hub_receive(NetHub *hub, NetHubPort *source_port,
const uint8_t *buf, size_t len)
 {
 NetHubPort *port;
+ssize_t ret = -1;
 
 QLIST_FOREACH(port, &hub->ports, next) {
+ssize_t r;
 if (port == source_port) {
 continue;
 }
 
-qemu_send_packet(&port->nc, buf, len);
+r = qemu_send_packet_async(&port->nc, buf, len,
+   net_hub_port_send_cb);
+ret = MAX(r, ret);
 }
-return len;
+source_port->needs_flush = ret == 0;
+
+return ret;
 }
 
 static ssize_t net_hub_receive_iov(NetHub *hub, NetHubPort *source_port,
const struct iovec *iov, int iovcnt)
 {
 NetHubPort *port;
-ssize_t len = iov_size(iov, iovcnt);
+ssize_t ret = -1;
 
 QLIST_FOREACH(port, &hub->ports, next) {
+ssize_t r;
 if (port == source_port) {
 continue;
 }
 
-qemu_sendv_packet(&port->nc, iov, iovcnt);
+r = qemu_sendv_packet_async(&port->nc, iov,
+iovcnt, net_hub_port_send_cb);
+ret = MAX(r, ret);
 }
-return len;
+source_port->needs_flush = ret == 0;
+return ret;
 }
 
 static NetHub *net_hub_new(int id)
@@ -87,25 +111,6 @@ static NetHub *net_hub_new(int id)
 return hub;
 }
 
-static int net_hub_port_can_receive(NetClientState *nc)
-{
-NetHubPort *port;
-NetHubPort *src_port = DO_UPCAST(NetHubPort, nc, nc);
-NetHub *hub = src_port->hub;
-
-QLIST_FOREACH(port, &hub->ports, next) {
-if (port == src_port) {
-continue;
-}
-
-if (qemu_can_send_packet(&port->nc)) {
-return 1;
-}
-}
-
-return 0;
-}
-
 static ssize_t net_hub_port_receive(NetClientState *nc,
 const uint8_t *buf, size_t len)
 {
@@ -132,7 +137,6 @@ static void net_hub_port_cleanup(NetClientState *nc)
 static NetClientInfo net_hub_port_info = {
 .type = NET_CLIENT_OPTIONS_KIND_HUBPORT,
 .size = sizeof(NetHubPort),
-.can_receive = net_hub_port_can_receive,
 .receive = net_hub_port_receive,
 .receive_iov = net_hub_port_receive_iov,
 .cleanup = net_hub_port_cleanup,
-- 
2.4.3

Re: [Qemu-devel] vpc size reporting problem

[Chun Yan Liu]

>>> On 7/7/2015 at 02:03 PM, in message <559b6bbe.3050...@kamp.de>, Peter Lieven
 wrote: 
> Am 07.07.2015 um 07:59 schrieb Chun Yan Liu: 
> > 
>  On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter 
>  Lieven 
> >  wrote: 
> >> Am 07.07.2015 um 03:50 schrieb Chun Yan Liu: 
> >> On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter 
> >> Lieven 
> >>>  wrote: 
>  Am 06.07.2015 um 11:44 schrieb Chun Yan Liu: 
> > While testing with a 1GB VHD file created on win7, found that the VHD 
> > file 
> > size reported on Windows is different from that is reported by qemu-img 
> > info or within a Linux KVM guest. 
> > 
> > Created a dynamic VHD file on win7, on Windows, it is reported 1024MB 
> > (2097152 sectors). But with qemu-img info or within a Linux KVM guest, 
> > it is reported 1023MB (2096640 sectors). 
> > 
> > The values in the footer_buf are as follows: 
> > creator_app: "win " 
> > cylinders: 0x820 (2080) 
> > heads: 0x10 (16) 
> > cyl/sec: 0x3f (63) 
> > current_size: 0x4000 (1G) 
> > 
> > So, if using current_size, it's correct; but using CHS will get a 
> > smaller 
>  size. 
> > Should we add a check in this case and use "current_size" instead of 
> > CHS? 
>   
>  As far as I remember the issue was and still is that there is no 
>  official 
>  spec that says 
>  use current_size in case A and CHS in case B. 
> >>> Understand. 
> >>> 
>   
>  If currrent_size is greater than CHS and Windows would use CHS (we don't 
>  know that) we might run into issues if Qemu uses current_size. In this 
>  cas we would write data beyond the end of the container (from Windows 
>  perspective). 
> >>> That's right. The fact is in our testing we found Windows does not use 
> >>> CHS 
> >>> but current_size (from testing result), we create and get the VHD parted 
> >>> on 
> >>> Windows, then take the VHD file into Linux KVM guest, it fails to show 
> >> partition 
> >>> table (since the reported disk size is shrinking, some of the partitions 
> >> extend 
> >>> beyond the end of the disk). 
> >>
> >> Which version of Windows are you referring to? 
> > Tested with WS2012R2 and Win7. 
>  
> Which storage driver? 

I'm not sure. See from "device management" -> "disk drive", it's named as "Msft
virtual disk SCSI disk device", and from "storage controller", it has a separate
controller named as "Microsoft VHD HBA". Anyway, seems not controlled by
ATA/ATAPI.

>  
> I had a look at the specs and in fact they more or less say: Use  
> current_size 
> and if you have an ATA controller derive the disk size from CHS. 
>  
> Peter 
>  
>  
>  

Re: [Qemu-devel] vpc size reporting problem

[Peter Lieven]

Am 07.07.2015 um 07:59 schrieb Chun Yan Liu:



On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter Lieven

 wrote:

Am 07.07.2015 um 03:50 schrieb Chun Yan Liu:

On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter Lieven

 wrote:

Am 06.07.2015 um 11:44 schrieb Chun Yan Liu:

While testing with a 1GB VHD file created on win7, found that the VHD file
size reported on Windows is different from that is reported by qemu-img
info or within a Linux KVM guest.

Created a dynamic VHD file on win7, on Windows, it is reported 1024MB
(2097152 sectors). But with qemu-img info or within a Linux KVM guest,
it is reported 1023MB (2096640 sectors).

The values in the footer_buf are as follows:
creator_app: "win "
cylinders: 0x820 (2080)
heads: 0x10 (16)
cyl/sec: 0x3f (63)
current_size: 0x4000 (1G)

So, if using current_size, it's correct; but using CHS will get a smaller

size.

Should we add a check in this case and use "current_size" instead of
CHS?

As far as I remember the issue was and still is that there is no official

spec that says
use current_size in case A and CHS in case B.

Understand.


If currrent_size is greater than CHS and Windows would use CHS (we don't

know that) we might run into issues if Qemu uses current_size. In this
cas we would write data beyond the end of the container (from Windows
perspective).

That's right. The fact is in our testing we found Windows does not use CHS
but current_size (from testing result), we create and get the VHD parted on
Windows, then take the VHD file into Linux KVM guest, it fails to show

partition

table (since the reported disk size is shrinking, some of the partitions

extend

beyond the end of the disk).
  
Which version of Windows are you referring to?

Tested with WS2012R2 and Win7.


Which storage driver?

I had a look at the specs and in fact they more or less say: Use current_size
and if you have an ATA controller derive the disk size from CHS.

Peter

Re: [Qemu-devel] vpc size reporting problem

[Chun Yan Liu]

>>> On 7/7/2015 at 01:50 PM, in message <559b68b2.5060...@kamp.de>, Peter Lieven
 wrote: 
> Am 07.07.2015 um 03:50 schrieb Chun Yan Liu: 
> > 
>  On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter 
>  Lieven 
> >  wrote: 
> >> Am 06.07.2015 um 11:44 schrieb Chun Yan Liu: 
> >>> While testing with a 1GB VHD file created on win7, found that the VHD 
> >>> file 
> >>> size reported on Windows is different from that is reported by qemu-img 
> >>> info or within a Linux KVM guest. 
> >>> 
> >>> Created a dynamic VHD file on win7, on Windows, it is reported 1024MB 
> >>> (2097152 sectors). But with qemu-img info or within a Linux KVM guest, 
> >>> it is reported 1023MB (2096640 sectors). 
> >>> 
> >>> The values in the footer_buf are as follows: 
> >>> creator_app: "win " 
> >>> cylinders: 0x820 (2080) 
> >>> heads: 0x10 (16) 
> >>> cyl/sec: 0x3f (63) 
> >>> current_size: 0x4000 (1G) 
> >>> 
> >>> So, if using current_size, it's correct; but using CHS will get a smaller 
> >> size. 
> >>> Should we add a check in this case and use "current_size" instead of 
> >>> CHS? 
> >>
> >> As far as I remember the issue was and still is that there is no official 
> >> spec that says 
> >> use current_size in case A and CHS in case B. 
> > Understand. 
> > 
> >>
> >> If currrent_size is greater than CHS and Windows would use CHS (we don't 
> >> know that) we might run into issues if Qemu uses current_size. In this 
> >> cas we would write data beyond the end of the container (from Windows 
> >> perspective). 
> > That's right. The fact is in our testing we found Windows does not use CHS 
> > but current_size (from testing result), we create and get the VHD parted on 
> > Windows, then take the VHD file into Linux KVM guest, it fails to show  
> partition 
> > table (since the reported disk size is shrinking, some of the partitions  
> extend 
> > beyond the end of the disk). 
>  
> Which version of Windows are you referring to? 

Tested with WS2012R2 and Win7.

>  
> I personally think that it might be ok to use current_size if its greater 
> than the size derived from CHS. Our current implementation when 
> creating an image assumes we have to choose CHS to be equal 
> or greater to current_size. This can cause the same issue in the 
> other direction. 
>  
> Peter 
>  
>  

Re: [Qemu-devel] vpc size reporting problem

[Peter Lieven]

Am 07.07.2015 um 03:50 schrieb Chun Yan Liu:



On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter Lieven

 wrote:

Am 06.07.2015 um 11:44 schrieb Chun Yan Liu:

While testing with a 1GB VHD file created on win7, found that the VHD file
size reported on Windows is different from that is reported by qemu-img
info or within a Linux KVM guest.

Created a dynamic VHD file on win7, on Windows, it is reported 1024MB
(2097152 sectors). But with qemu-img info or within a Linux KVM guest,
it is reported 1023MB (2096640 sectors).

The values in the footer_buf are as follows:
creator_app: "win "
cylinders: 0x820 (2080)
heads: 0x10 (16)
cyl/sec: 0x3f (63)
current_size: 0x4000 (1G)

So, if using current_size, it's correct; but using CHS will get a smaller

size.

Should we add a check in this case and use "current_size" instead of
CHS?
  
As far as I remember the issue was and still is that there is no official

spec that says
use current_size in case A and CHS in case B.

Understand.

  
If currrent_size is greater than CHS and Windows would use CHS (we don't

know that) we might run into issues if Qemu uses current_size. In this
cas we would write data beyond the end of the container (from Windows
perspective).

That's right. The fact is in our testing we found Windows does not use CHS
but current_size (from testing result), we create and get the VHD parted on
Windows, then take the VHD file into Linux KVM guest, it fails to show partition
table (since the reported disk size is shrinking, some of the partitions extend
beyond the end of the disk).


Which version of Windows are you referring to?

I personally think that it might be ok to use current_size if its greater
than the size derived from CHS. Our current implementation when
creating an image assumes we have to choose CHS to be equal
or greater to current_size. This can cause the same issue in the
other direction.

Peter

[Qemu-devel] [Bug 1472083] [NEW] Qemu 2.1.2 hang when stop command

[changlimin]

Public bug reported:

Qemu 2.1.2, Linux kernel 3.13.6, this is the stack.

#0  in ppoll () from /lib/x86_64-linux-gnu/libc.so.6
#1  in qemu_poll_ns (fds=0x7fa82a8de380, nfds=1, timeout=-1) at qemu-timer.c:314
#2  in aio_poll (ctx=0x7fa82a8b5000, blocking=true) at aio-posix.c:250
#3  in bdrv_drain_all () at block.c:1924
#4  in do_vm_stop (state=RUN_STATE_PAUSED) at /qemu-2.1.2/cpus.c:544
#5  in vm_stop (state=RUN_STATE_PAUSED) at /qemu-2.1.2/cpus.c:1227
#6  in qmp_stop (errp=0x7b6dcaf8) at qmp.c:98
#7  in qmp_marshal_input_stop (mon=0x7fa82a8e0970, qdict=0x7fa830295020, 
ret=0x7b6dcb48) at qmp-marshal.c:2806
#8  in qmp_call_cmd (mon=0x7fa82a8e0970, cmd=0x7fa8290558a0, 
params=0x7fa830295020)  at /qemu-2.1.2/monitor.c:5038
#9  in handle_qmp_command (parser=0x7fa82a8e0a28, tokens=0x7fa82a8d9b50) at 
/qemu-2.1.2/monitor.c:5104
#10 in json_message_process_token (lexer=0x7fa82a8e0a30, token=0x7fa830122b60, 
type=JSON_OPERATOR, x=39, y=17865) at qobject/json-streamer.c:87
#11 in json_lexer_feed_char (lexer=0x7fa82a8e0a30, ch=125 '}', flush=false) at 
qobject/json-lexer.c:303
#12 in json_lexer_feed (lexer=0x7fa82a8e0a30, buffer=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at qobject/json-lexer.c:356
#13 in json_message_parser_feed (parser=0x7fa82a8e0a28, buffer=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at qobject/json-streamer.c:111
#14 in monitor_control_read (opaque=0x7fa82a8e0970, buf=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at /qemu-2.1.2/monitor.c:5125
#15 in qemu_chr_be_write (s=0x7fa82a8c2020, buf=0x7b6dcdb0 
"}\315m\373\377\177", len=1) at qemu-char.c:213
#16 in tcp_chr_read (chan=0x7fa82a8c4ba0, cond=G_IO_IN, opaque=0x7fa82a8c2020) 
at qemu-char.c:2729
#17 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 in glib_pollfds_poll () at main-loop.c:190
#19 in os_host_main_loop_wait (timeout=2400) at main-loop.c:235
#20 in main_loop_wait (nonblocking=0) at main-loop.c:484
#21 in main_loop () at vl.c:2034
#22 in main (argc=55, argv=0x7b6de338, envp=0x7b6de4f8) at vl.c:4583

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1472083

Title:
  Qemu 2.1.2 hang when stop command

Status in QEMU:
  New

Bug description:
  Qemu 2.1.2, Linux kernel 3.13.6, this is the stack.

  #0  in ppoll () from /lib/x86_64-linux-gnu/libc.so.6
  #1  in qemu_poll_ns (fds=0x7fa82a8de380, nfds=1, timeout=-1) at 
qemu-timer.c:314
  #2  in aio_poll (ctx=0x7fa82a8b5000, blocking=true) at aio-posix.c:250
  #3  in bdrv_drain_all () at block.c:1924
  #4  in do_vm_stop (state=RUN_STATE_PAUSED) at /qemu-2.1.2/cpus.c:544
  #5  in vm_stop (state=RUN_STATE_PAUSED) at /qemu-2.1.2/cpus.c:1227
  #6  in qmp_stop (errp=0x7b6dcaf8) at qmp.c:98
  #7  in qmp_marshal_input_stop (mon=0x7fa82a8e0970, qdict=0x7fa830295020, 
ret=0x7b6dcb48) at qmp-marshal.c:2806
  #8  in qmp_call_cmd (mon=0x7fa82a8e0970, cmd=0x7fa8290558a0, 
params=0x7fa830295020)  at /qemu-2.1.2/monitor.c:5038
  #9  in handle_qmp_command (parser=0x7fa82a8e0a28, tokens=0x7fa82a8d9b50) at 
/qemu-2.1.2/monitor.c:5104
  #10 in json_message_process_token (lexer=0x7fa82a8e0a30, 
token=0x7fa830122b60, type=JSON_OPERATOR, x=39, y=17865) at 
qobject/json-streamer.c:87
  #11 in json_lexer_feed_char (lexer=0x7fa82a8e0a30, ch=125 '}', flush=false) 
at qobject/json-lexer.c:303
  #12 in json_lexer_feed (lexer=0x7fa82a8e0a30, buffer=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at qobject/json-lexer.c:356
  #13 in json_message_parser_feed (parser=0x7fa82a8e0a28, buffer=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at qobject/json-streamer.c:111
  #14 in monitor_control_read (opaque=0x7fa82a8e0970, buf=0x7b6dcdb0 
"}\315m\373\377\177", size=1) at /qemu-2.1.2/monitor.c:5125
  #15 in qemu_chr_be_write (s=0x7fa82a8c2020, buf=0x7b6dcdb0 
"}\315m\373\377\177", len=1) at qemu-char.c:213
  #16 in tcp_chr_read (chan=0x7fa82a8c4ba0, cond=G_IO_IN, 
opaque=0x7fa82a8c2020) at qemu-char.c:2729
  #17 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
  #18 in glib_pollfds_poll () at main-loop.c:190
  #19 in os_host_main_loop_wait (timeout=2400) at main-loop.c:235
  #20 in main_loop_wait (nonblocking=0) at main-loop.c:484
  #21 in main_loop () at vl.c:2034
  #22 in main (argc=55, argv=0x7b6de338, envp=0x7b6de4f8) at vl.c:4583

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1472083/+subscriptions

[Qemu-devel] [v9][PATCH 08/10] xen, gfx passthrough: register a isa bridge

[Tiejun Chen]

Currently we just register this isa bridge when we use IGD
passthrough in Xen side.

Signed-off-by: Tiejun Chen 
Acked-by: Stefano Stabellini 
---
v9:

* Move is_igd_vga_passthrough(dev)) from xen_igd_passthrough_isa_bridge_create()
  into xen_pt_initfn().

 hw/xen/xen_pt.c  | 21 +
 include/hw/xen/xen.h |  1 +
 2 files changed, 22 insertions(+)

diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 15b02cb..f764131 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -684,6 +684,17 @@ static const MemoryListener xen_pt_io_listener = {
 .priority = 10,
 };
 
+static void
+xen_igd_passthrough_isa_bridge_create(XenPCIPassthroughState *s,
+  XenHostPCIDevice *dev)
+{
+uint16_t gpu_dev_id;
+PCIDevice *d = &s->dev;
+
+gpu_dev_id = dev->device_id;
+igd_passthrough_isa_bridge_create(d->bus, gpu_dev_id);
+}
+
 /* init */
 
 static int xen_pt_initfn(PCIDevice *d)
@@ -728,11 +739,21 @@ static int xen_pt_initfn(PCIDevice *d)
 /* Setup VGA bios for passthrough GFX */
 if ((s->real_device.domain == 0) && (s->real_device.bus == 0) &&
 (s->real_device.dev == 2) && (s->real_device.func == 0)) {
+if (!is_igd_vga_passthrough(&s->real_device)) {
+XEN_PT_ERR(d, "Need to enable igd-passthru if you're trying"
+   " to passthrough IGD GFX.\n");
+xen_host_pci_device_put(&s->real_device);
+return -1;
+}
+
 if (xen_pt_setup_vga(s, &s->real_device) < 0) {
 XEN_PT_ERR(d, "Setup VGA BIOS of passthrough GFX failed!\n");
 xen_host_pci_device_put(&s->real_device);
 return -1;
 }
+
+/* Register ISA bridge for passthrough GFX. */
+xen_igd_passthrough_isa_bridge_create(s, &s->real_device);
 }
 
 /* Handle real device's MMIO/PIO BARs */
diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h
index 4356af4..703148e 100644
--- a/include/hw/xen/xen.h
+++ b/include/hw/xen/xen.h
@@ -51,4 +51,5 @@ void xen_register_framebuffer(struct MemoryRegion *mr);
 #  define HVM_MAX_VCPUS 32
 #endif
 
+extern void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t 
gpu_dev_id);
 #endif /* QEMU_HW_XEN_H */
-- 
1.9.1

[Qemu-devel] [v9][PATCH 09/10] xen, gfx passthrough: register host bridge specific to passthrough

[Tiejun Chen]

Just register that pci host bridge specific to passthrough.

Signed-off-by: Tiejun Chen 
Acked-by: Stefano Stabellini 
---
v9:

* Simplify pc_xen_hvm_init_pci()

 hw/i386/pc_piix.c | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index b4daefa..67358f6 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -50,7 +50,8 @@
 #include "cpu.h"
 #include "qemu/error-report.h"
 #ifdef CONFIG_XEN
-#  include 
+#include 
+#include "hw/xen/xen_pt.h"
 #endif
 #include "migration/migration.h"
 
@@ -442,11 +443,21 @@ static void pc_init_isa(MachineState *machine)
 }
 
 #ifdef CONFIG_XEN
+static void pc_xen_hvm_init_pci(MachineState *machine)
+{
+const char *pci_type = has_igd_gfx_passthru ?
+TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE : 
TYPE_I440FX_PCI_DEVICE;
+
+pc_init1(machine,
+ TYPE_I440FX_PCI_HOST_BRIDGE,
+ pci_type);
+}
+
 static void pc_xen_hvm_init(MachineState *machine)
 {
 PCIBus *bus;
 
-pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, TYPE_I440FX_PCI_DEVICE);
+pc_xen_hvm_init_pci(machine);
 
 bus = pci_find_primary_bus();
 if (bus != NULL) {
-- 
1.9.1

[Qemu-devel] [v9][PATCH 04/10] hw/pci-assign: split pci-assign.c

[Tiejun Chen]

We will try to reuse assign_dev_load_option_rom in xen side, and
especially its a good beginning to unify pci assign codes both on
kvm and xen in the future.

Signed-off-by: Tiejun Chen 
Acked-by: Michael S. Tsirkin 
---
v9:
 
* Just rebase on the latest.

 hw/i386/Makefile.objs |  1 +
 hw/i386/kvm/pci-assign.c  | 82 --
 hw/i386/pci-assign-load-rom.c | 93 +++
 include/hw/pci/pci-assign.h   | 27 +
 4 files changed, 128 insertions(+), 75 deletions(-)
 create mode 100644 hw/i386/pci-assign-load-rom.c
 create mode 100644 include/hw/pci/pci-assign.h

diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index bd4f147..cebad90 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -7,6 +7,7 @@ obj-$(CONFIG_XEN) += ../xenpv/ xen/
 
 obj-y += kvmvapic.o
 obj-y += acpi-build.o
+obj-y += pci-assign-load-rom.o
 hw/i386/acpi-build.o: hw/i386/acpi-build.c \
hw/i386/acpi-dsdt.hex hw/i386/q35-acpi-dsdt.hex
 
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 74d22f4..b1beaa6 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -37,6 +37,7 @@
 #include "hw/pci/pci.h"
 #include "hw/pci/msi.h"
 #include "kvm_i386.h"
+#include "hw/pci/pci-assign.h"
 
 #define MSIX_PAGE_SIZE 0x1000
 
@@ -48,17 +49,6 @@
 #define IORESOURCE_PREFETCH 0x2000  /* No side effects */
 #define IORESOURCE_MEM_64   0x0010
 
-//#define DEVICE_ASSIGNMENT_DEBUG
-
-#ifdef DEVICE_ASSIGNMENT_DEBUG
-#define DEBUG(fmt, ...)   \
-do {  \
-fprintf(stderr, "%s: " fmt, __func__ , __VA_ARGS__);  \
-} while (0)
-#else
-#define DEBUG(fmt, ...)
-#endif
-
 typedef struct PCIRegion {
 int type;   /* Memory or port I/O */
 int valid;
@@ -1896,73 +1886,15 @@ static void assign_register_types(void)
 
 type_init(assign_register_types)
 
-/*
- * Scan the assigned devices for the devices that have an option ROM, and then
- * load the corresponding ROM data to RAM. If an error occurs while loading an
- * option ROM, we just ignore that option ROM and continue with the next one.
- */
 static void assigned_dev_load_option_rom(AssignedDevice *dev)
 {
-char name[32], rom_file[64];
-FILE *fp;
-uint8_t val;
-struct stat st;
-void *ptr;
-
-/* If loading ROM from file, pci handles it */
-if (dev->dev.romfile || !dev->dev.rom_bar) {
-return;
-}
+int size = 0;
 
-snprintf(rom_file, sizeof(rom_file),
- "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/rom",
- dev->host.domain, dev->host.bus, dev->host.slot,
- dev->host.function);
+pci_assign_dev_load_option_rom(&dev->dev, OBJECT(dev), &size,
+   dev->host.domain, dev->host.bus,
+   dev->host.slot, dev->host.function);
 
-if (stat(rom_file, &st)) {
-return;
-}
-
-if (access(rom_file, F_OK)) {
-error_report("pci-assign: Insufficient privileges for %s", rom_file);
-return;
-}
-
-/* Write "1" to the ROM file to enable it */
-fp = fopen(rom_file, "r+");
-if (fp == NULL) {
-return;
+if (!size) {
+error_report("pci-assign: Invalid ROM.");
 }
-val = 1;
-if (fwrite(&val, 1, 1, fp) != 1) {
-goto close_rom;
-}
-fseek(fp, 0, SEEK_SET);
-
-snprintf(name, sizeof(name), "%s.rom",
-object_get_typename(OBJECT(dev)));
-memory_region_init_ram(&dev->dev.rom, OBJECT(dev), name, st.st_size,
-   &error_abort);
-vmstate_register_ram(&dev->dev.rom, &dev->dev.qdev);
-ptr = memory_region_get_ram_ptr(&dev->dev.rom);
-memset(ptr, 0xff, st.st_size);
-
-if (!fread(ptr, 1, st.st_size, fp)) {
-error_report("pci-assign: Cannot read from host %s", rom_file);
-error_printf("Device option ROM contents are probably invalid "
- "(check dmesg).\nSkip option ROM probe with rombar=0, "
- "or load from file with romfile=\n");
-goto close_rom;
-}
-
-pci_register_bar(&dev->dev, PCI_ROM_SLOT, 0, &dev->dev.rom);
-dev->dev.has_rom = true;
-close_rom:
-/* Write "0" to disable ROM */
-fseek(fp, 0, SEEK_SET);
-val = 0;
-if (!fwrite(&val, 1, 1, fp)) {
-DEBUG("%s\n", "Failed to disable pci-sysfs rom file");
-}
-fclose(fp);
 }
diff --git a/hw/i386/pci-assign-load-rom.c b/hw/i386/pci-assign-load-rom.c
new file mode 100644
index 000..bad53b7
--- /dev/null
+++ b/hw/i386/pci-assign-load-rom.c
@@ -0,0 +1,93 @@
+/*
+ * This is splited from hw/i386/kvm/pci-assign.c
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "qemu/error-report.h"
+#include "ui/console.h"
+#include "hw/loader.h"
+#include "monitor/monitor.h"
+#include "qemu/

[Qemu-devel] [v9][PATCH 10/10] xen, gfx passthrough: add opregion mapping

[Tiejun Chen]

The OpRegion shouldn't be mapped 1:1 because the address in the host
can't be used in the guest directly.

This patch traps read and write access to the opregion of the Intel
GPU config space (offset 0xfc).

The original patch is from Jean Guyader 

Signed-off-by: Tiejun Chen 
Signed-off-by: Yang Zhang 
Acked-by: Stefano Stabellini 
---
v9:
 
* Just rebase on the latest.

 hw/xen/xen_pt.h |  6 +++-
 hw/xen/xen_pt_config_init.c | 51 ++--
 hw/xen/xen_pt_graphics.c| 82 +
 3 files changed, 136 insertions(+), 3 deletions(-)

diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index a33e95c..e89d231 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -40,6 +40,9 @@ typedef struct XenPCIPassthroughState XenPCIPassthroughState;
 #define XEN_PT_DEVICE(obj) \
 OBJECT_CHECK(XenPCIPassthroughState, (obj), TYPE_XEN_PT_DEVICE)
 
+uint32_t igd_read_opregion(XenPCIPassthroughState *s);
+void igd_write_opregion(XenPCIPassthroughState *s, uint32_t val);
+
 /* function type for config reg */
 typedef int (*xen_pt_conf_reg_init)
 (XenPCIPassthroughState *, XenPTRegInfo *, uint32_t real_offset,
@@ -66,8 +69,9 @@ typedef int (*xen_pt_conf_byte_read)
 #define XEN_PT_BAR_ALLF 0x
 #define XEN_PT_BAR_UNMAPPED (-1)
 
-#define PCI_CAP_MAX 48
+#define XEN_PCI_CAP_MAX 48
 
+#define XEN_PCI_INTEL_OPREGION 0xfc
 
 typedef enum {
 XEN_PT_GRP_TYPE_HARDWIRED = 0,  /* 0 Hardwired reg group */
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index dd37be3..9fb3670 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -552,6 +552,22 @@ static int 
xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
 return 0;
 }
 
+static int xen_pt_intel_opregion_read(XenPCIPassthroughState *s,
+  XenPTReg *cfg_entry,
+  uint32_t *value, uint32_t valid_mask)
+{
+*value = igd_read_opregion(s);
+return 0;
+}
+
+static int xen_pt_intel_opregion_write(XenPCIPassthroughState *s,
+   XenPTReg *cfg_entry, uint32_t *value,
+   uint32_t dev_value, uint32_t valid_mask)
+{
+igd_write_opregion(s, *value);
+return 0;
+}
+
 /* Header Type0 reg static information table */
 static XenPTRegInfo xen_pt_emu_reg_header0[] = {
 /* Vendor ID reg */
@@ -1492,6 +1508,19 @@ static XenPTRegInfo xen_pt_emu_reg_msix[] = {
 },
 };
 
+static XenPTRegInfo xen_pt_emu_reg_igd_opregion[] = {
+/* Intel IGFX OpRegion reg */
+{
+.offset = 0x0,
+.size   = 4,
+.init_val   = 0,
+.u.dw.read   = xen_pt_intel_opregion_read,
+.u.dw.write  = xen_pt_intel_opregion_write,
+},
+{
+.size = 0,
+},
+};
 
 /
  * Capabilities
@@ -1729,6 +1758,14 @@ static const XenPTRegGroupInfo xen_pt_emu_reg_grps[] = {
 .size_init   = xen_pt_msix_size_init,
 .emu_regs = xen_pt_emu_reg_msix,
 },
+/* Intel IGD Opregion group */
+{
+.grp_id  = XEN_PCI_INTEL_OPREGION,
+.grp_type= XEN_PT_GRP_TYPE_EMU,
+.grp_size= 0x4,
+.size_init   = xen_pt_reg_grp_size_init,
+.emu_regs= xen_pt_emu_reg_igd_opregion,
+},
 {
 .grp_size = 0,
 },
@@ -1779,7 +1816,7 @@ out:
 static uint8_t find_cap_offset(XenPCIPassthroughState *s, uint8_t cap)
 {
 uint8_t id;
-unsigned max_cap = PCI_CAP_MAX;
+unsigned max_cap = XEN_PCI_CAP_MAX;
 uint8_t pos = PCI_CAPABILITY_LIST;
 uint8_t status = 0;
 
@@ -1858,7 +1895,8 @@ int xen_pt_config_init(XenPCIPassthroughState *s)
 uint32_t reg_grp_offset = 0;
 XenPTRegGroup *reg_grp_entry = NULL;
 
-if (xen_pt_emu_reg_grps[i].grp_id != 0xFF) {
+if (xen_pt_emu_reg_grps[i].grp_id != 0xFF
+&& xen_pt_emu_reg_grps[i].grp_id != XEN_PCI_INTEL_OPREGION) {
 if (xen_pt_hide_dev_cap(&s->real_device,
 xen_pt_emu_reg_grps[i].grp_id)) {
 continue;
@@ -1871,6 +1909,15 @@ int xen_pt_config_init(XenPCIPassthroughState *s)
 }
 }
 
+/*
+ * By default we will trap up to 0x40 in the cfg space.
+ * If an intel device is pass through we need to trap 0xfc,
+ * therefore the size should be 0xff.
+ */
+if (xen_pt_emu_reg_grps[i].grp_id == XEN_PCI_INTEL_OPREGION) {
+reg_grp_offset = XEN_PCI_INTEL_OPREGION;
+}
+
 reg_grp_entry = g_new0(XenPTRegGroup, 1);
 QLIST_INIT(®_grp_entry->reg_tbl_list);
 QLIST_INSERT_HEAD(&s->reg_grps, reg_grp_entry, entries);
diff --git a/hw/xen/xen_pt_graphics.c b/hw/xen/xen_pt_graphics.c
index 3232296..df6069b 100644
--- a/hw/xen/xen_pt_graphics.c
+++ b/hw/xen/xen_pt_graphics.c
@@ -5,6 +5,11 @@
 #include "xen-host-pci-device.h"
 #include "hw/xen/xen_backend.h"
 
+static

[Qemu-devel] [v9][PATCH 01/10] i440fx: make types configurable at run-time

[Tiejun Chen]

From: "Michael S. Tsirkin" 

IGD passthrough wants to supply a different pci and
host devices, inheriting i440fx devices. Make types
configurable.

Signed-off-by: Michael S. Tsirkin 
Signed-off-by: Tiejun Chen 
---
v9:

* Just rebase on the latest.

 hw/i386/pc_piix.c| 4 +++-
 hw/pci-host/piix.c   | 9 -
 include/hw/i386/pc.h | 6 +-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index e142f75..dda58ad 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -201,7 +201,9 @@ static void pc_init1(MachineState *machine)
 }
 
 if (pci_enabled) {
-pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi,
+pci_bus = i440fx_init(TYPE_I440FX_PCI_HOST_BRIDGE,
+  TYPE_I440FX_PCI_DEVICE,
+  &i440fx_state, &piix3_devfn, &isa_bus, gsi,
   system_memory, system_io, machine->ram_size,
   below_4g_mem_size,
   above_4g_mem_size,
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index ad55f99..a203d93 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -40,7 +40,6 @@
  * http://download.intel.com/design/chipsets/datashts/29054901.pdf
  */
 
-#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
 #define I440FX_PCI_HOST_BRIDGE(obj) \
 OBJECT_CHECK(I440FXState, (obj), TYPE_I440FX_PCI_HOST_BRIDGE)
 
@@ -95,7 +94,6 @@ typedef struct PIIX3State {
 #define PIIX3_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX3State, (obj), TYPE_PIIX3_PCI_DEVICE)
 
-#define TYPE_I440FX_PCI_DEVICE "i440FX"
 #define I440FX_PCI_DEVICE(obj) \
 OBJECT_CHECK(PCII440FXState, (obj), TYPE_I440FX_PCI_DEVICE)
 
@@ -300,7 +298,8 @@ static void i440fx_realize(PCIDevice *dev, Error **errp)
 dev->config[I440FX_SMRAM] = 0x02;
 }
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
+PCIBus *i440fx_init(const char *host_type, const char *pci_type,
+PCII440FXState **pi440fx_state,
 int *piix3_devfn,
 ISABus **isa_bus, qemu_irq *pic,
 MemoryRegion *address_space_mem,
@@ -320,7 +319,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
 unsigned i;
 I440FXState *i440fx;
 
-dev = qdev_create(NULL, TYPE_I440FX_PCI_HOST_BRIDGE);
+dev = qdev_create(NULL, host_type);
 s = PCI_HOST_BRIDGE(dev);
 b = pci_bus_new(dev, NULL, pci_address_space,
 address_space_io, 0, TYPE_PCI_BUS);
@@ -328,7 +327,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
 object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL);
 qdev_init_nofail(dev);
 
-d = pci_create_simple(b, 0, TYPE_I440FX_PCI_DEVICE);
+d = pci_create_simple(b, 0, pci_type);
 *pi440fx_state = I440FX_PCI_DEVICE(d);
 f = *pi440fx_state;
 f->system_memory = address_space_mem;
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 328c8f7..566659a 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -224,7 +224,11 @@ extern int no_hpet;
 struct PCII440FXState;
 typedef struct PCII440FXState PCII440FXState;
 
-PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn,
+#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
+#define TYPE_I440FX_PCI_DEVICE "i440FX"
+
+PCIBus *i440fx_init(const char *host_type, const char *pci_type,
+PCII440FXState **pi440fx_state, int *piix_devfn,
 ISABus **isa_bus, qemu_irq *pic,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
-- 
1.9.1

[Qemu-devel] [v9][PATCH 06/10] xen, gfx passthrough: retrieve VGA BIOS to work

[Tiejun Chen]

Now we retrieve VGA bios like kvm stuff in qemu but we need to
fix Device Identification in case if its not matched with the
real IGD device since Seabios is always trying to compare this
ID to work out VGA BIOS.

Signed-off-by: Tiejun Chen 
Acked-by: Stefano Stabellini 
---
v9:
 
* Just rebase on the latest.

 hw/xen/xen_pt.c  | 10 ++
 hw/xen/xen_pt.h  |  5 +++
 hw/xen/xen_pt_graphics.c | 79 
 3 files changed, 94 insertions(+)

diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 42380c3..15b02cb 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -725,6 +725,16 @@ static int xen_pt_initfn(PCIDevice *d)
 s->memory_listener = xen_pt_memory_listener;
 s->io_listener = xen_pt_io_listener;
 
+/* Setup VGA bios for passthrough GFX */
+if ((s->real_device.domain == 0) && (s->real_device.bus == 0) &&
+(s->real_device.dev == 2) && (s->real_device.func == 0)) {
+if (xen_pt_setup_vga(s, &s->real_device) < 0) {
+XEN_PT_ERR(d, "Setup VGA BIOS of passthrough GFX failed!\n");
+xen_host_pci_device_put(&s->real_device);
+return -1;
+}
+}
+
 /* Handle real device's MMIO/PIO BARs */
 xen_pt_register_regions(s, &cmd);
 
diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index 5eb3c52..a33e95c 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -305,6 +305,11 @@ static inline bool 
xen_pt_has_msix_mapping(XenPCIPassthroughState *s, int bar)
 return s->msix && s->msix->bar_index == bar;
 }
 
+extern void *pci_assign_dev_load_option_rom(PCIDevice *dev,
+struct Object *owner, int *size,
+unsigned int domain,
+unsigned int bus, unsigned int 
slot,
+unsigned int function);
 extern bool has_igd_gfx_passthru;
 static inline bool is_igd_vga_passthrough(XenHostPCIDevice *dev)
 {
diff --git a/hw/xen/xen_pt_graphics.c b/hw/xen/xen_pt_graphics.c
index 9b3df81..3232296 100644
--- a/hw/xen/xen_pt_graphics.c
+++ b/hw/xen/xen_pt_graphics.c
@@ -109,3 +109,82 @@ int xen_pt_unregister_vga_regions(XenHostPCIDevice *dev)
 
 return 0;
 }
+
+static void *get_vgabios(XenPCIPassthroughState *s, int *size,
+   XenHostPCIDevice *dev)
+{
+return pci_assign_dev_load_option_rom(&s->dev, OBJECT(&s->dev), size,
+  dev->domain, dev->bus,
+  dev->dev, dev->func);
+}
+
+/* Refer to Seabios. */
+struct rom_header {
+uint16_t signature;
+uint8_t size;
+uint8_t initVector[4];
+uint8_t reserved[17];
+uint16_t pcioffset;
+uint16_t pnpoffset;
+} __attribute__((packed));
+
+struct pci_data {
+uint32_t signature;
+uint16_t vendor;
+uint16_t device;
+uint16_t vitaldata;
+uint16_t dlen;
+uint8_t drevision;
+uint8_t class_lo;
+uint16_t class_hi;
+uint16_t ilen;
+uint16_t irevision;
+uint8_t type;
+uint8_t indicator;
+uint16_t reserved;
+} __attribute__((packed));
+
+int xen_pt_setup_vga(XenPCIPassthroughState *s, XenHostPCIDevice *dev)
+{
+unsigned char *bios = NULL;
+struct rom_header *rom;
+int bios_size;
+char *c = NULL;
+char checksum = 0;
+uint32_t len = 0;
+struct pci_data *pd = NULL;
+
+if (!is_igd_vga_passthrough(dev)) {
+return -1;
+}
+
+bios = get_vgabios(s, &bios_size, dev);
+if (!bios) {
+XEN_PT_ERR(&s->dev, "VGA: Can't getting VBIOS!\n");
+return -1;
+}
+
+/* Currently we fixed this address as a primary. */
+rom = (struct rom_header *)bios;
+pd = (void *)(bios + (unsigned char)rom->pcioffset);
+
+/* We may need to fixup Device Identification. */
+if (pd->device != s->real_device.device_id) {
+pd->device = s->real_device.device_id;
+
+len = rom->size * 512;
+/* Then adjust the bios checksum */
+for (c = (char *)bios; c < ((char *)bios + len); c++) {
+checksum += *c;
+}
+if (checksum) {
+bios[len - 1] -= checksum;
+XEN_PT_LOG(&s->dev, "vga bios checksum is adjusted %x!\n",
+   checksum);
+}
+}
+
+/* Currently we fixed this address as a primary for legacy BIOS. */
+cpu_physical_memory_rw(0xc, bios, bios_size, 1);
+return 0;
+}
-- 
1.9.1

[Qemu-devel] [v9][PATCH 07/10] igd gfx passthrough: create a isa bridge

[Tiejun Chen]

Currently IGD drivers always need to access PCH by 1f.0. But we
don't want to poke that directly to get ID, and although in real
world different GPU should have different PCH. But actually the
different PCH DIDs likely map to different PCH SKUs. We do the
same thing for the GPU. For PCH, the different SKUs are going to
be all the same silicon design and implementation, just different
features turn on and off with fuses. The SW interfaces should be
consistent across all SKUs in a given family (eg LPT). But just
same features may not be supported.

Most of these different PCH features probably don't matter to the
Gfx driver, but obviously any difference in display port connections
will so it should be fine with any PCH in case of passthrough.

So currently use one PCH version, 0x8c4e, to cover all HSW(Haswell)
scenarios, 0x9cc3 for BDW(Broadwell).

Signed-off-by: Tiejun Chen 
Acked-by: Michael S. Tsirkin 
---
v9:
 
* Just rebase on the latest.

 hw/i386/pc_piix.c | 112 ++
 1 file changed, 112 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 6810ca2..b4daefa 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -904,6 +904,118 @@ static void pc_i440fx_0_10_machine_options(MachineClass 
*m)
 DEFINE_I440FX_MACHINE(v0_10, "pc-0.10", pc_compat_0_13,
   pc_i440fx_0_10_machine_options);
 
+typedef struct {
+uint16_t gpu_device_id;
+uint16_t pch_device_id;
+uint8_t pch_revision_id;
+} IGDDeviceIDInfo;
+
+/* In real world different GPU should have different PCH. But actually
+ * the different PCH DIDs likely map to different PCH SKUs. We do the
+ * same thing for the GPU. For PCH, the different SKUs are going to be
+ * all the same silicon design and implementation, just different
+ * features turn on and off with fuses. The SW interfaces should be
+ * consistent across all SKUs in a given family (eg LPT). But just same
+ * features may not be supported.
+ *
+ * Most of these different PCH features probably don't matter to the
+ * Gfx driver, but obviously any difference in display port connections
+ * will so it should be fine with any PCH in case of passthrough.
+ *
+ * So currently use one PCH version, 0x8c4e, to cover all HSW(Haswell)
+ * scenarios, 0x9cc3 for BDW(Broadwell).
+ */
+static const IGDDeviceIDInfo igd_combo_id_infos[] = {
+/* HSW Classic */
+{0x0402, 0x8c4e, 0x04}, /* HSWGT1D, HSWD_w7 */
+{0x0406, 0x8c4e, 0x04}, /* HSWGT1M, HSWM_w7 */
+{0x0412, 0x8c4e, 0x04}, /* HSWGT2D, HSWD_w7 */
+{0x0416, 0x8c4e, 0x04}, /* HSWGT2M, HSWM_w7 */
+{0x041E, 0x8c4e, 0x04}, /* HSWGT15D, HSWD_w7 */
+/* HSW ULT */
+{0x0A06, 0x8c4e, 0x04}, /* HSWGT1UT, HSWM_w7 */
+{0x0A16, 0x8c4e, 0x04}, /* HSWGT2UT, HSWM_w7 */
+{0x0A26, 0x8c4e, 0x06}, /* HSWGT3UT, HSWM_w7 */
+{0x0A2E, 0x8c4e, 0x04}, /* HSWGT3UT28W, HSWM_w7 */
+{0x0A1E, 0x8c4e, 0x04}, /* HSWGT2UX, HSWM_w7 */
+{0x0A0E, 0x8c4e, 0x04}, /* HSWGT1ULX, HSWM_w7 */
+/* HSW CRW */
+{0x0D26, 0x8c4e, 0x04}, /* HSWGT3CW, HSWM_w7 */
+{0x0D22, 0x8c4e, 0x04}, /* HSWGT3CWDT, HSWD_w7 */
+/* HSW Server */
+{0x041A, 0x8c4e, 0x04}, /* HSWSVGT2, HSWD_w7 */
+/* HSW SRVR */
+{0x040A, 0x8c4e, 0x04}, /* HSWSVGT1, HSWD_w7 */
+/* BSW */
+{0x1606, 0x9cc3, 0x03}, /* BDWULTGT1, BDWM_w7 */
+{0x1616, 0x9cc3, 0x03}, /* BDWULTGT2, BDWM_w7 */
+{0x1626, 0x9cc3, 0x03}, /* BDWULTGT3, BDWM_w7 */
+{0x160E, 0x9cc3, 0x03}, /* BDWULXGT1, BDWM_w7 */
+{0x161E, 0x9cc3, 0x03}, /* BDWULXGT2, BDWM_w7 */
+{0x1602, 0x9cc3, 0x03}, /* BDWHALOGT1, BDWM_w7 */
+{0x1612, 0x9cc3, 0x03}, /* BDWHALOGT2, BDWM_w7 */
+{0x1622, 0x9cc3, 0x03}, /* BDWHALOGT3, BDWM_w7 */
+{0x162B, 0x9cc3, 0x03}, /* BDWHALO28W, BDWM_w7 */
+{0x162A, 0x9cc3, 0x03}, /* BDWGT3WRKS, BDWM_w7 */
+{0x162D, 0x9cc3, 0x03}, /* BDWGT3SRVR, BDWM_w7 */
+};
+
+static void isa_bridge_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+dc->desc= "ISA bridge faked to support IGD PT";
+k->vendor_id= PCI_VENDOR_ID_INTEL;
+k->class_id = PCI_CLASS_BRIDGE_ISA;
+};
+
+static TypeInfo isa_bridge_info = {
+.name  = "igd-passthrough-isa-bridge",
+.parent= TYPE_PCI_DEVICE,
+.instance_size = sizeof(PCIDevice),
+.class_init = isa_bridge_class_init,
+};
+
+static void pt_graphics_register_types(void)
+{
+type_register_static(&isa_bridge_info);
+}
+type_init(pt_graphics_register_types)
+
+void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t gpu_dev_id)
+{
+struct PCIDevice *bridge_dev;
+int i, num;
+uint16_t pch_dev_id = 0x;
+uint8_t pch_rev_id;
+
+num = ARRAY_SIZE(igd_combo_id_infos);
+for (i = 0; i < num; i++) {
+if (gpu_dev_id == igd_combo_id_infos[i].gpu_device_id) {
+pch_dev_id = igd_combo_id_infos[i].pch_device_id;
+pch_rev_id = 

[Qemu-devel] [v9][PATCH 03/10] piix: create host bridge to passthrough

[Tiejun Chen]

Implement a pci host bridge specific to passthrough. Actually
this just inherits the standard one. And we also just expose
a minimal real host bridge pci configuration subset.

Signed-off-by: Tiejun Chen 
Acked-by: Michael S. Tsirkin 
---
v9:
 
* Just rebase on the latest.

 hw/pci-host/piix.c   | 82 
 include/hw/i386/pc.h |  2 ++
 2 files changed, 84 insertions(+)

diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index a203d93..7adf645 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -734,6 +734,87 @@ static const TypeInfo i440fx_info = {
 .class_init= i440fx_class_init,
 };
 
+/* IGD Passthrough Host Bridge. */
+typedef struct {
+uint8_t offset;
+uint8_t len;
+} IGDHostInfo;
+
+/* Here we just expose minimal host bridge offset subset. */
+static const IGDHostInfo igd_host_bridge_infos[] = {
+{0x08, 2},  /* revision id */
+{0x2c, 2},  /* sybsystem vendor id */
+{0x2e, 2},  /* sybsystem id */
+{0x50, 2},  /* SNB: processor graphics control register */
+{0x52, 2},  /* processor graphics control register */
+{0xa4, 4},  /* SNB: graphics base of stolen memory */
+{0xa8, 4},  /* SNB: base of GTT stolen memory */
+};
+
+static int host_pci_config_read(int pos, int len, uint32_t val)
+{
+char path[PATH_MAX];
+int config_fd;
+ssize_t size = sizeof(path);
+/* Access real host bridge. */
+int rc = snprintf(path, size, "/sys/bus/pci/devices/%04x:%02x:%02x.%d/%s",
+  0, 0, 0, 0, "config");
+
+if (rc >= size || rc < 0) {
+return -ENODEV;
+}
+
+config_fd = open(path, O_RDWR);
+if (config_fd < 0) {
+return -ENODEV;
+}
+
+do {
+rc = pread(config_fd, (uint8_t *)&val, len, pos);
+} while (rc < 0 && (errno == EINTR || errno == EAGAIN));
+if (rc != len) {
+return -errno;
+}
+
+return 0;
+}
+
+static int igd_pt_i440fx_initfn(struct PCIDevice *pci_dev)
+{
+uint32_t val = 0;
+int rc, i, num;
+int pos, len;
+
+num = ARRAY_SIZE(igd_host_bridge_infos);
+for (i = 0; i < num; i++) {
+pos = igd_host_bridge_infos[i].offset;
+len = igd_host_bridge_infos[i].len;
+rc = host_pci_config_read(pos, len, val);
+if (rc) {
+return -ENODEV;
+}
+pci_default_write_config(pci_dev, pos, val, len);
+}
+
+return 0;
+}
+
+static void igd_passthrough_i440fx_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+k->init = igd_pt_i440fx_initfn;
+dc->desc = "IGD Passthrough Host bridge";
+}
+
+static const TypeInfo igd_passthrough_i440fx_info = {
+.name  = TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE,
+.parent= TYPE_I440FX_PCI_DEVICE,
+.instance_size = sizeof(PCII440FXState),
+.class_init= igd_passthrough_i440fx_class_init,
+};
+
 static const char *i440fx_pcihost_root_bus_path(PCIHostState *host_bridge,
 PCIBus *rootbus)
 {
@@ -775,6 +856,7 @@ static const TypeInfo i440fx_pcihost_info = {
 static void i440fx_register_types(void)
 {
 type_register_static(&i440fx_info);
+type_register_static(&igd_passthrough_i440fx_info);
 type_register_static(&piix3_pci_type_info);
 type_register_static(&piix3_info);
 type_register_static(&piix3_xen_info);
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 566659a..b2d3cf3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -227,6 +227,8 @@ typedef struct PCII440FXState PCII440FXState;
 #define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
 #define TYPE_I440FX_PCI_DEVICE "i440FX"
 
+#define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
+
 PCIBus *i440fx_init(const char *host_type, const char *pci_type,
 PCII440FXState **pi440fx_state, int *piix_devfn,
 ISABus **isa_bus, qemu_irq *pic,
-- 
1.9.1

[Qemu-devel] [v9][PATCH 05/10] xen, gfx passthrough: basic graphics passthrough support

[Tiejun Chen]

basic gfx passthrough support:
- add a vga type for gfx passthrough
- register/unregister legacy VGA I/O ports and MMIOs for passthrough GFX

Signed-off-by: Tiejun Chen 
Signed-off-by: Yang Zhang 
Acked-by: Stefano Stabellini 
---
v9:
 
* Just rebase on the latest.

 hw/core/machine.c|  20 
 hw/xen/Makefile.objs |   1 +
 hw/xen/xen-host-pci-device.c |   5 ++
 hw/xen/xen-host-pci-device.h |   1 +
 hw/xen/xen_pt.c  |   4 ++
 hw/xen/xen_pt.h  |  10 +++-
 hw/xen/xen_pt_graphics.c | 111 +++
 include/hw/boards.h  |   1 +
 qemu-options.hx  |   3 ++
 vl.c |  10 
 10 files changed, 165 insertions(+), 1 deletion(-)
 create mode 100644 hw/xen/xen_pt_graphics.c

diff --git a/hw/core/machine.c b/hw/core/machine.c
index ac4654e..51ed6b2 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -226,6 +226,20 @@ static void machine_set_usb(Object *obj, bool value, Error 
**errp)
 ms->usb_disabled = !value;
 }
 
+static bool machine_get_igd_gfx_passthru(Object *obj, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+return ms->igd_gfx_passthru;
+}
+
+static void machine_set_igd_gfx_passthru(Object *obj, bool value, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+ms->igd_gfx_passthru = value;
+}
+
 static char *machine_get_firmware(Object *obj, Error **errp)
 {
 MachineState *ms = MACHINE(obj);
@@ -388,6 +402,12 @@ static void machine_initfn(Object *obj)
 object_property_set_description(obj, "usb",
 "Set on/off to enable/disable usb",
 NULL);
+object_property_add_bool(obj, "igd-passthru",
+ machine_get_igd_gfx_passthru,
+ machine_set_igd_gfx_passthru, NULL);
+object_property_set_description(obj, "igd-passthru",
+"Set on/off to enable/disable igd 
passthrou",
+NULL);
 object_property_add_str(obj, "firmware",
 machine_get_firmware,
 machine_set_firmware, NULL);
diff --git a/hw/xen/Makefile.objs b/hw/xen/Makefile.objs
index a0ca0aa..a9ad7e7 100644
--- a/hw/xen/Makefile.objs
+++ b/hw/xen/Makefile.objs
@@ -3,3 +3,4 @@ common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o 
xen_devconfig.o
 
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen-host-pci-device.o
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o xen_pt_msi.o
+obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o 
xen_pt_msi.o xen_pt_graphics.o
diff --git a/hw/xen/xen-host-pci-device.c b/hw/xen/xen-host-pci-device.c
index 743b37b..a54b7de 100644
--- a/hw/xen/xen-host-pci-device.c
+++ b/hw/xen/xen-host-pci-device.c
@@ -376,6 +376,11 @@ int xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t 
domain,
 goto error;
 }
 d->irq = v;
+rc = xen_host_pci_get_hex_value(d, "class", &v);
+if (rc) {
+goto error;
+}
+d->class_code = v;
 d->is_virtfn = xen_host_pci_dev_is_virtfn(d);
 
 return 0;
diff --git a/hw/xen/xen-host-pci-device.h b/hw/xen/xen-host-pci-device.h
index c2486f0..f1e1c30 100644
--- a/hw/xen/xen-host-pci-device.h
+++ b/hw/xen/xen-host-pci-device.h
@@ -25,6 +25,7 @@ typedef struct XenHostPCIDevice {
 
 uint16_t vendor_id;
 uint16_t device_id;
+uint32_t class_code;
 int irq;
 
 XenHostPCIIORegion io_regions[PCI_NUM_REGIONS - 1];
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index ed5fcae..42380c3 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -502,6 +502,7 @@ static int xen_pt_register_regions(XenPCIPassthroughState 
*s, uint16_t *cmd)
d->rom.size, d->rom.base_addr);
 }
 
+xen_pt_register_vga_regions(d);
 return 0;
 }
 
@@ -801,6 +802,7 @@ out:
 static void xen_pt_unregister_device(PCIDevice *d)
 {
 XenPCIPassthroughState *s = XEN_PT_DEVICE(d);
+XenHostPCIDevice *host_dev = &s->real_device;
 uint8_t machine_irq = s->machine_irq;
 uint8_t intx = xen_pt_pci_intx(s);
 int rc;
@@ -844,6 +846,8 @@ static void xen_pt_unregister_device(PCIDevice *d)
 /* delete all emulated config registers */
 xen_pt_config_delete(s);
 
+xen_pt_unregister_vga_regions(host_dev);
+
 memory_listener_unregister(&s->memory_listener);
 memory_listener_unregister(&s->io_listener);
 
diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
index 393f36c..5eb3c52 100644
--- a/hw/xen/xen_pt.h
+++ b/hw/xen/xen_pt.h
@@ -305,5 +305,13 @@ static inline bool 
xen_pt_has_msix_mapping(XenPCIPassthroughState *s, int bar)
 return s->msix && s->msix->bar_index == bar;
 }
 
-
+extern bool has_igd_gfx_passthru;
+static inline bool is_igd_vga_passthrough(XenHostPCIDevice *dev)
+{
+return (has_igd_gfx_passthru
+&& ((dev->class_code >> 0x8) == PCI_CLASS_DISPLAY_VGA));
+}
+int xen_pt_register_vga_regi

[Qemu-devel] [v9][PATCH 00/10] xen: add Intel IGD passthrough

[Tiejun Chen]

v9:

* Rebase on the latest
* Inside patch #8, move is_igd_vga_passthrough(dev)) from
  xen_igd_passthrough_isa_bridge_create() into xen_pt_initfn().
* Inside patch #9, simplify pc_xen_hvm_init_pci()
* Michael acked them on pc side
* Stefano ackes then on xen side

v8:

* Rebase on the latest qemu tree
* Cleanup one xen leftover in patch #3

v7:

* Instead of "-gfx_passthru" we'd like to make that a machine
  option, "-machine xxx,igd-passthru=on"" 
* try to make something as common shared by others like KvmGT in
  the future
* Just read those real value from host bridge pci
  configuration space when create host bridge then put in dev->config.

v6:

* Drop introducing a new machine specific to IGD passthrough
* Try to share some codes from KVM stuff in qemu to retrive VGA BIOS
* Currently IGD drivers always need to access PCH by 1f.0. But we
  don't want to poke that directly to get ID, and although in real
  world different GPU should have different PCH. But actually the
  different PCH DIDs likely map to different PCH SKUs. We do the
  same thing for the GPU. For PCH, the different SKUs are going to
  be all the same silicon design and implementation, just different
  features turn on and off with fuses. The SW interfaces should be
  consistent across all SKUs in a given family (eg LPT). But just
  same features may not be supported.
 
  Most of these different PCH features probably don't matter to the
  Gfx driver, but obviously any difference in display port connections
  will so it should be fine with any PCH in case of passthrough.
 
  So currently use one PCH version, 0x8c4e, to cover all HSW(Haswell)
  scenarios, 0x9cc3 for BDW(Broadwell).
* Drop igd write ops since its fine to emulate that, and we also shrink
  those igd read ops as necessary.
* Rebase and cleanup all patches.

v5:

* Simplify to make sure its really inherited from the standard one in patch #3
* Then drop the original patch #3

v4:

* Rebase on latest tree
* Drop patch #2
* Regenerate patches after Michael introduce patch #1
* We need to use this pci_type as a index to reuse I440FX_PCI_DEVICE()
* Test: boot with a preinstalled winxp
  ./i386-softmmu/qemu-system-i386 -hda winxp-32.img -m 2560 -boot c -machine pc

v3:

* Drop patch #4
* Add one patch #1 from Michael
* Rebase
* In./i386-softmmu/qemu-system-i386 -hda test.img -m 2560 -boot c -machine pc

v2:

* Fix some coding style
* New patch to separate i440fx_init
* Just add prefix with XEN_IGD_PASSTHROUGH/xen_igd_passthrough
* Based on patch #2 to regenerate
* Unify prefix with XEN_IGD_PASSTHROUGH/xen_igd_passthrough like patch #3
* Test: boot with a preinstalled ubuntu 14.04
  ./i386-softmmu/qemu-system-i386 -hda test.img -m 2560 -boot c -machine pc

As we discussed we need to create a separate machine to support current
IGD passthrough.


Michael S. Tsirkin (1):
  i440fx: make types configurable at run-time

Tiejun Chen (9):
  pc_init1: pass parameters just with types
  piix: create host bridge to passthrough
  hw/pci-assign: split pci-assign.c
  xen, gfx passthrough: basic graphics passthrough support
  xen, gfx passthrough: retrieve VGA BIOS to work
  igd gfx passthrough: create a isa bridge
  xen, gfx passthrough: register a isa bridge
  xen, gfx passthrough: register host bridge specific to passthrough
  xen, gfx passthrough: add opregion mapping

 hw/core/machine.c |  20 +++
 hw/i386/Makefile.objs |   1 +
 hw/i386/kvm/pci-assign.c  |  82 +-
 hw/i386/pc_piix.c | 139 -
 hw/i386/pci-assign-load-rom.c |  93 
 hw/pci-host/piix.c|  91 +++-
 hw/xen/Makefile.objs  |   1 +
 hw/xen/xen-host-pci-device.c  |   5 +
 hw/xen/xen-host-pci-device.h  |   1 +
 hw/xen/xen_pt.c   |  35 +
 hw/xen/xen_pt.h   |  21 ++-
 hw/xen/xen_pt_config_init.c   |  51 ++-
 hw/xen/xen_pt_graphics.c  | 272 ++
 include/hw/boards.h   |   1 +
 include/hw/i386/pc.h  |   8 +-
 include/hw/pci/pci-assign.h   |  27 
 include/hw/xen/xen.h  |   1 +
 qemu-options.hx   |   3 +
 vl.c  |  10 ++
 19 files changed, 771 insertions(+), 91 deletions(-)
 create mode 100644 hw/i386/pci-assign-load-rom.c
 create mode 100644 hw/xen/xen_pt_graphics.c
 create mode 100644 include/hw/pci/pci-assign.h

Thanks
Tiejun

[Qemu-devel] [v9][PATCH 02/10] pc_init1: pass parameters just with types

[Tiejun Chen]

Pass types to configure pc_init1().

Signed-off-by: Tiejun Chen 
Acked-by: Michael S. Tsirkin 
---
v9:
 
* Just rebase on the latest.

 hw/i386/pc_piix.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index dda58ad..6810ca2 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -76,7 +76,8 @@ static bool has_reserved_memory = true;
 static bool kvmclock_enabled = true;
 
 /* PC hardware initialisation */
-static void pc_init1(MachineState *machine)
+static void pc_init1(MachineState *machine,
+ const char *host_type, const char *pci_type)
 {
 PCMachineState *pc_machine = PC_MACHINE(machine);
 MemoryRegion *system_memory = get_system_memory();
@@ -201,8 +202,8 @@ static void pc_init1(MachineState *machine)
 }
 
 if (pci_enabled) {
-pci_bus = i440fx_init(TYPE_I440FX_PCI_HOST_BRIDGE,
-  TYPE_I440FX_PCI_DEVICE,
+pci_bus = i440fx_init(host_type,
+  pci_type,
   &i440fx_state, &piix3_devfn, &isa_bus, gsi,
   system_memory, system_io, machine->ram_size,
   below_4g_mem_size,
@@ -437,7 +438,7 @@ static void pc_init_isa(MachineState *machine)
 }
 x86_cpu_compat_kvm_no_autoenable(FEAT_KVM, 1 << KVM_FEATURE_PV_EOI);
 enable_compat_apic_id_mode();
-pc_init1(machine);
+pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, TYPE_I440FX_PCI_DEVICE);
 }
 
 #ifdef CONFIG_XEN
@@ -445,7 +446,7 @@ static void pc_xen_hvm_init(MachineState *machine)
 {
 PCIBus *bus;
 
-pc_init1(machine);
+pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, TYPE_I440FX_PCI_DEVICE);
 
 bus = pci_find_primary_bus();
 if (bus != NULL) {
@@ -461,7 +462,8 @@ static void pc_xen_hvm_init(MachineState *machine)
 if (compat) { \
 compat(machine); \
 } \
-pc_init1(machine); \
+pc_init1(machine, TYPE_I440FX_PCI_HOST_BRIDGE, \
+ TYPE_I440FX_PCI_DEVICE); \
 } \
 DEFINE_PC_MACHINE(suffix, name, pc_init_##suffix, optionfn)
 
-- 
1.9.1

[Qemu-devel] [PATCH 04/10] qga: add win32 library iphlpapi

[Michael Roth]

From: Kirk Allan 

Add the iphlpapi library to use APIs such as GetAdaptersInfo and
GetAdaptersAddresses.

Signed-off-by: Kirk Allan 
Signed-off-by: Michael Roth 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 3063739..3bb5e55 100755
--- a/configure
+++ b/configure
@@ -732,7 +732,7 @@ if test "$mingw32" = "yes" ; then
   sysconfdir="\${prefix}"
   local_statedir=
   confsuffix=""
-  libs_qga="-lws2_32 -lwinmm -lpowrprof $libs_qga"
+  libs_qga="-lws2_32 -lwinmm -lpowrprof -liphlpapi $libs_qga"
 fi
 
 werror=""
-- 
1.9.1

[Qemu-devel] [PATCH 07/10] qga: added empty qmp_quest_get_fsinfo functionality.

[Michael Roth]

From: Olga Krishtal 

We need qmp_quest_get_fsinfo togather with vss-provider, which works with
volumes. The call to this function is implemented via
FindFirst/NextVolumes. Moreover, volumes in Windows OS are filesystem unit,
so it will be more effective to work with them rather with devices.

Signed-off-by: Olga Krishtal 
Signed-off-by: Denis V. Lunev 
CC: Eric Blake 
CC: Michael Roth 
Signed-off-by: Michael Roth 
---
 qga/commands-win32.c | 27 ---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index e8769bb..3f3a144 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -390,8 +390,29 @@ static void guest_file_init(void)
 
 GuestFilesystemInfoList *qmp_guest_get_fsinfo(Error **errp)
 {
-error_setg(errp, QERR_UNSUPPORTED);
-return NULL;
+HANDLE vol_h;
+GuestFilesystemInfoList *new, *ret = NULL;
+char guid[256];
+
+vol_h = FindFirstVolume(guid, sizeof(guid));
+if (vol_h == INVALID_HANDLE_VALUE) {
+error_setg_win32(errp, GetLastError(), "failed to find any volume");
+return NULL;
+}
+
+do {
+new = g_malloc(sizeof(*ret));
+new->value = build_guest_fsinfo(guid, errp);
+new->next = ret;
+ret = new;
+} while (FindNextVolume(vol_h, guid, sizeof(guid)));
+
+if (GetLastError() != ERROR_NO_MORE_FILES) {
+error_setg_win32(errp, GetLastError(), "failed to find next volume");
+}
+
+FindVolumeClose(vol_h);
+return ret;
 }
 
 /*
@@ -928,7 +949,7 @@ GList *ga_command_blacklist_init(GList *blacklist)
 "guest-set-user-password",
 "guest-get-memory-blocks", "guest-set-memory-blocks",
 "guest-get-memory-block-size",
-"guest-fsfreeze-freeze-list", "guest-get-fsinfo",
+"guest-fsfreeze-freeze-list",
 "guest-fstrim", NULL};
 char **p = (char **)list_unsupported;
 
-- 
1.9.1

[Qemu-devel] [PATCH 01/10] qga/commands-posix: Fix bug in guest-fstrim

[Michael Roth]

From: Justin Ossevoort 

The FITRIM ioctl updates the fstrim_range structure it receives. This
way the caller can determine how many bytes were trimmed. The
guest-fstrim logic reuses the same fstrim_range for each filesystem,
effectively limiting each filesystem to trim at most as much as the
previous was able to trim.

If a previous filesystem would have trimmed 0 bytes, than the next
filesystem would report an error 'Invalid argument' because a FITRIM
request with length 0 is not valid.

This change resets the fstrim_range structure for each filesystem.

Signed-off-by: Justin Ossevoort 
Reviewed-by: Thomas Huth 
Signed-off-by: Michael Roth 
---
 qga/commands-posix.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index befd00b..9ff33ec 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1332,11 +1332,7 @@ void qmp_guest_fstrim(bool has_minimum, int64_t minimum, 
Error **errp)
 struct FsMount *mount;
 int fd;
 Error *local_err = NULL;
-struct fstrim_range r = {
-.start = 0,
-.len = -1,
-.minlen = has_minimum ? minimum : 0,
-};
+struct fstrim_range r;
 
 slog("guest-fstrim called");
 
@@ -1360,6 +1356,9 @@ void qmp_guest_fstrim(bool has_minimum, int64_t minimum, 
Error **errp)
  * error means an unexpected error, so return it in those cases.  In
  * some other cases ENOTTY will be reported (e.g. CD-ROMs).
  */
+r.start = 0;
+r.len = -1;
+r.minlen = has_minimum ? minimum : 0;
 ret = ioctl(fd, FITRIM, &r);
 if (ret == -1) {
 if (errno != ENOTTY && errno != EOPNOTSUPP) {
-- 
1.9.1

Re: [Qemu-devel] [PATCH qemu v10 14/14] spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)

[David Gibson]

On Mon, Jul 06, 2015 at 12:11:10PM +1000, Alexey Kardashevskiy wrote:
> This adds support for Dynamic DMA Windows (DDW) option defined by
> the SPAPR specification which allows to have additional DMA window(s)
> 
> This implements DDW for emulated and VFIO devices. As all TCE root regions
> are mapped at 0 and 64bit long (and actual tables are child regions),
> this replaces memory_region_add_subregion() with _overlap() to make
> QEMU memory API happy.
> 
> This reserves RTAS token numbers for DDW calls.
> 
> This implements helpers to interact with VFIO kernel interface.
> 
> This changes the TCE table migration descriptor to support dynamic
> tables as from now on, PHB will create as many stub TCE table objects
> as PHB can possibly support but not all of them might be initialized at
> the time of migration because DDW might or might not be requested by
> the guest.
> 
> The "ddw" property is enabled by default on a PHB but for compatibility
> the pseries-2.3 machine and older disable it.
> 
> This implements DDW for VFIO. The host kernel support is required.
> This adds a "levels" property to PHB to control the number of levels
> in the actual TCE table allocated by the host kernel, 0 is the default
> value to tell QEMU to calculate the correct value. Current hardware
> supports up to 5 levels.
> 
> The existing linux guests try creating one additional huge DMA window
> with 64K or 16MB pages and map the entire guest RAM to. If succeeded,
> the guest switches to dma_direct_ops and never calls TCE hypercalls
> (H_PUT_TCE,...) again. This enables VFIO devices to use the entire RAM
> and not waste time on map/unmap later. This adds a "dma64_win_addr"
> property which is a bus address for the 64bit window and by default
> set to 0x800... as this is what the modern POWER8 hardware
> uses and this allows having emulated and VFIO devices on the same bus.
> 
> This adds 4 RTAS handlers:
> * ibm,query-pe-dma-window
> * ibm,create-pe-dma-window
> * ibm,remove-pe-dma-window
> * ibm,reset-pe-dma-window
> These are registered from type_init() callback.
> 
> These RTAS handlers are implemented in a separate file to avoid polluting
> spapr_iommu.c with PCI.


> diff --git a/trace-events b/trace-events
> index b300e94..a1234dd 100644
> --- a/trace-events
> +++ b/trace-events
> @@ -1302,6 +1302,8 @@ spapr_pci_lsi_set(const char *busname, int pin, 
> uint32_t irq) "%s PIN%d IRQ %u"
>  spapr_pci_msi_retry(unsigned config_addr, unsigned req_num, unsigned 
> max_irqs) "Guest device at %x asked %u, have only %u"
>  spapr_pci_dma_update(uint64_t liobn, long ret) "liobn=%"PRIx64" ret=%ld"
>  spapr_pci_dma_realloc_update(uint64_t liobn, long ret) "liobn=%"PRIx64" 
> tcet=%ld"
> +spapr_pci_vfio_init_window(int ps, uint64_t ws, uint64_t off) 
> "pageshift=0x%x winsize=0x%"PRIx64" offset=0x%"PRIx64
> +spapr_pci_vfio_remove_window(uint64_t off) "offset=%"PRIx64
>  
>  # hw/pci/pci.c
>  pci_update_mappings_del(void *d, uint32_t bus, uint32_t func, uint32_t slot, 
> int bar, uint64_t addr, uint64_t size) "d=%p %02x:%02x.%x 
> %d,%#"PRIx64"+%#"PRIx64
> @@ -1365,6 +1367,10 @@ spapr_iommu_pci_indirect(uint64_t liobn, uint64_t 
> ioba, uint64_t tce, uint64_t i
>  spapr_iommu_pci_stuff(uint64_t liobn, uint64_t ioba, uint64_t tce_value, 
> uint64_t npages, uint64_t ret) "liobn=%"PRIx64" ioba=0x%"PRIx64" 
> tcevalue=0x%"PRIx64" npages=%"PRId64" ret=%"PRId64
>  spapr_iommu_xlate(uint64_t liobn, uint64_t ioba, uint64_t tce, unsigned 
> perm, unsigned pgsize) "liobn=%"PRIx64" 0x%"PRIx64" -> 0x%"PRIx64" perm=%u 
> mask=%x"
>  spapr_iommu_alloc_table(uint64_t liobn, void *table, int fd) 
> "liobn=%"PRIx64" table=%p fd=%d"
> +spapr_iommu_ddw_query(uint64_t buid, uint32_t cfgaddr, unsigned wa, uint64_t 
> win_size, uint32_t pgmask) "buid=%"PRIx64" addr=%"PRIx32", %u windows 
> available, max window size=%"PRIx64", mask=%"PRIx32

Turns out the dtrace trace backend barfs on the "long long" here :(

$ ./configure --target-list=ppc64-softmmu --enable-trace-backends=dtrace
[...]
$ make
  GEN   config-host.h
  GEN   trace/generated-tracers.h
  GEN   trace/generated-tracers-dtrace.dtrace
  GEN   trace/generated-tracers-dtrace.h
Warning: /bin/dtrace:trace/generated-tracers-dtrace.dtrace:2212: syntax error 
near:
probe spapr_iommu_ddw_query

Warning: Proceeding as if --no-pyparsing was given.

  GEN   trace/generated-tcg-tracers.h
  GEN   trace/generated-helpers-wrappers.h
  GEN   trace/generated-helpers.h
  CCtrace/generated-events.o
  GEN   trace/generated-tracers-dtrace.o
Warning: /bin/dtrace:trace/generated-tracers-dtrace.dtrace:2212: syntax error 
near:
probe spapr_iommu_ddw_query

Warning: Proceeding as if --no-pyparsing was given.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpViS7FxhasU.pgp
Description: PGP signature

[Qemu-devel] [PATCH 08/10] qga: added mountpoint and filesystem type for single volume

[Michael Roth]

From: Olga Krishtal 

We should use GetVolumeXXX api to work with volumes. This will help us to
resolve the situation with volumes without drive letter, i.e. when the
volume is mounted as a folder. Such volume is called mounted folder.
This volume is a regular mounted volume from all other points of view.
The information about non mounted volume is reported as System Reserved.
This volume is not mounted and thus it is not writable.

GuestDiskAddressList API is not used because operations are performed with
volumes but no with disks. This means that spanned disk will
be counted and handled as a single volume. It is worth mentioning
that the information about every disk in the volume can be queried
via IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS.

Signed-off-by: Olga Krishtal 
Signed-off-by: Denis V. Lunev 
CC: Eric Blake 
CC: Michael Roth 
Signed-off-by: Michael Roth 
---
 qga/commands-win32.c | 54 +++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 3f3a144..60d9770 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -388,6 +388,54 @@ static void guest_file_init(void)
 QTAILQ_INIT(&guest_file_state.filehandles);
 }
 
+static GuestFilesystemInfo *build_guest_fsinfo(char *guid, Error **errp)
+{
+DWORD info_size;
+char mnt, *mnt_point;
+char fs_name[32];
+char vol_info[MAX_PATH+1];
+size_t len;
+GuestFilesystemInfo *fs = NULL;
+
+GetVolumePathNamesForVolumeName(guid, (LPCH)&mnt, 0, &info_size);
+if (GetLastError() != ERROR_MORE_DATA) {
+error_setg_win32(errp, GetLastError(), "failed to get volume name");
+return NULL;
+}
+
+mnt_point = g_malloc(info_size + 1);
+if (!GetVolumePathNamesForVolumeName(guid, mnt_point, info_size,
+ &info_size)) {
+error_setg_win32(errp, GetLastError(), "failed to get volume name");
+goto free;
+}
+
+len = strlen(mnt_point);
+mnt_point[len] = '\\';
+mnt_point[len+1] = 0;
+if (!GetVolumeInformation(mnt_point, vol_info, sizeof(vol_info), NULL, 
NULL,
+  NULL, (LPSTR)&fs_name, sizeof(fs_name))) {
+if (GetLastError() != ERROR_NOT_READY) {
+error_setg_win32(errp, GetLastError(), "failed to get volume 
info");
+}
+goto free;
+}
+
+fs_name[sizeof(fs_name) - 1] = 0;
+fs = g_malloc(sizeof(*fs));
+fs->name = g_strdup(guid);
+if (len == 0) {
+fs->mountpoint = g_strdup("System Reserved");
+} else {
+fs->mountpoint = g_strndup(mnt_point, len);
+}
+fs->type = g_strdup(fs_name);
+fs->disk = NULL;
+free:
+g_free(mnt_point);
+return fs;
+}
+
 GuestFilesystemInfoList *qmp_guest_get_fsinfo(Error **errp)
 {
 HANDLE vol_h;
@@ -401,8 +449,12 @@ GuestFilesystemInfoList *qmp_guest_get_fsinfo(Error **errp)
 }
 
 do {
+GuestFilesystemInfo *info = build_guest_fsinfo(guid, errp);
+if (info == NULL) {
+continue;
+}
 new = g_malloc(sizeof(*ret));
-new->value = build_guest_fsinfo(guid, errp);
+new->value = info;
 new->next = ret;
 ret = new;
 } while (FindNextVolume(vol_h, guid, sizeof(guid)));
-- 
1.9.1

[Qemu-devel] [PATCH 06/10] qga: fail early for invalid time

[Michael Roth]

From: Marc-André Lureau 

It's possible to set system time with dates after 2070, however, it's
not possible to set the RTC. It has limitation to up to year
2070 (1970+100). In order to keep both clock in sync and before the
kernel complains on invalid values, bail out early.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Michael Roth 
---
 qga/commands-posix.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index c349d4b..675f4b4 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -154,6 +154,8 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
Error **errp)
 
 /* If user has passed a time, validate and set it. */
 if (has_time) {
+GDate date = { 0, };
+
 /* year-2038 will overflow in case time_t is 32bit */
 if (time_ns / 10 != (time_t)(time_ns / 10)) {
 error_setg(errp, "Time %" PRId64 " is too large", time_ns);
@@ -162,6 +164,11 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
Error **errp)
 
 tv.tv_sec = time_ns / 10;
 tv.tv_usec = (time_ns % 10) / 1000;
+g_date_set_time_t(&date, tv.tv_sec);
+if (date.year < 1970 || date.year >= 2070) {
+error_setg_errno(errp, errno, "Invalid time");
+return;
+}
 
 ret = settimeofday(&tv, NULL);
 if (ret < 0) {
-- 
1.9.1

[Qemu-devel] [PATCH 05/10] qga: win32 qmp_guest_network_get_interfaces implementation

[Michael Roth]

From: Kirk Allan 

By default, IPv4 prefixes will be derived by matching the address
to those returned by GetAdaptersInfo.  IPv6 prefixes can not be
matched this way due to the unpredictable order of entries.

In Windows Vista/2008 guests and newer, both IPv4 and IPv6 prefixes
can be retrieved from OnLinkPrefixLength.  Setting --extra-cflags
in the build configuration to "-D_WIN32_WINNT=0x600"
or greater makes OnLinkPrefixLength available.  Setting --extra-cflags
is not required and if not set, the default approach to get the prefix
will be taken.

Signed-off-by: Kirk Allan 
Signed-off-by: Michael Roth 
---
 qga/commands-win32.c | 220 ++-
 1 file changed, 217 insertions(+), 3 deletions(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 13679a1..e8769bb 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -16,11 +16,17 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 #include "qga/guest-agent-core.h"
 #include "qga/vss-win32.h"
 #include "qga-qmp-commands.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/queue.h"
+#include "qemu/host-utils.h"
 
 #ifndef SHTDN_REASON_FLAG_PLANNED
 #define SHTDN_REASON_FLAG_PLANNED 0x8000
@@ -591,12 +597,220 @@ void qmp_guest_suspend_hybrid(Error **errp)
 error_setg(errp, QERR_UNSUPPORTED);
 }
 
-GuestNetworkInterfaceList *qmp_guest_network_get_interfaces(Error **errp)
+static IP_ADAPTER_ADDRESSES *guest_get_adapters_addresses(Error **errp)
 {
-error_setg(errp, QERR_UNSUPPORTED);
+IP_ADAPTER_ADDRESSES *adptr_addrs = NULL;
+ULONG adptr_addrs_len = 0;
+DWORD ret;
+
+/* Call the first time to get the adptr_addrs_len. */
+GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX,
+ NULL, adptr_addrs, &adptr_addrs_len);
+
+adptr_addrs = g_malloc(adptr_addrs_len);
+ret = GetAdaptersAddresses(AF_UNSPEC, GAA_FLAG_INCLUDE_PREFIX,
+   NULL, adptr_addrs, &adptr_addrs_len);
+if (ret != ERROR_SUCCESS) {
+error_setg_win32(errp, ret, "failed to get adapters addresses");
+g_free(adptr_addrs);
+adptr_addrs = NULL;
+}
+return adptr_addrs;
+}
+
+static char *guest_wctomb_dup(WCHAR *wstr)
+{
+char *str;
+size_t i;
+
+i = wcslen(wstr) + 1;
+str = g_malloc(i);
+WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,
+wstr, -1, str, i, NULL, NULL);
+return str;
+}
+
+static char *guest_addr_to_str(IP_ADAPTER_UNICAST_ADDRESS *ip_addr,
+   Error **errp)
+{
+char addr_str[INET6_ADDRSTRLEN + INET_ADDRSTRLEN];
+DWORD len;
+int ret;
+
+if (ip_addr->Address.lpSockaddr->sa_family == AF_INET ||
+ip_addr->Address.lpSockaddr->sa_family == AF_INET6) {
+len = sizeof(addr_str);
+ret = WSAAddressToString(ip_addr->Address.lpSockaddr,
+ ip_addr->Address.iSockaddrLength,
+ NULL,
+ addr_str,
+ &len);
+if (ret != 0) {
+error_setg_win32(errp, WSAGetLastError(),
+"failed address presentation form conversion");
+return NULL;
+}
+return g_strdup(addr_str);
+}
 return NULL;
 }
 
+#if (_WIN32_WINNT >= 0x0600)
+static int64_t guest_ip_prefix(IP_ADAPTER_UNICAST_ADDRESS *ip_addr)
+{
+/* For Windows Vista/2008 and newer, use the OnLinkPrefixLength
+ * field to obtain the prefix.
+ */
+return ip_addr->OnLinkPrefixLength;
+}
+#else
+/* When using the Windows XP and 2003 build environment, do the best we can to
+ * figure out the prefix.
+ */
+static IP_ADAPTER_INFO *guest_get_adapters_info(void)
+{
+IP_ADAPTER_INFO *adptr_info = NULL;
+ULONG adptr_info_len = 0;
+DWORD ret;
+
+/* Call the first time to get the adptr_info_len. */
+GetAdaptersInfo(adptr_info, &adptr_info_len);
+
+adptr_info = g_malloc(adptr_info_len);
+ret = GetAdaptersInfo(adptr_info, &adptr_info_len);
+if (ret != ERROR_SUCCESS) {
+g_free(adptr_info);
+adptr_info = NULL;
+}
+return adptr_info;
+}
+
+static int64_t guest_ip_prefix(IP_ADAPTER_UNICAST_ADDRESS *ip_addr)
+{
+int64_t prefix = -1; /* Use for AF_INET6 and unknown/undetermined values. 
*/
+IP_ADAPTER_INFO *adptr_info, *info;
+IP_ADDR_STRING *ip;
+struct in_addr *p;
+
+if (ip_addr->Address.lpSockaddr->sa_family != AF_INET) {
+return prefix;
+}
+adptr_info = guest_get_adapters_info();
+if (adptr_info == NULL) {
+return prefix;
+}
+
+/* Match up the passed in ip_addr with one found in adaptr_info.
+ * The matching one in adptr_info will have the netmask.
+ */
+p = &((struct sockaddr_in *)ip_addr->Address.lpSockaddr)->sin_addr;
+for (info = adptr_info; info; info = info->Next) {
+for (ip = &info->IpAddressList; ip; ip 

[Qemu-devel] [PATCH 02/10] qga/qmp_guest_fstrim: Return per path fstrim result

[Michael Roth]

From: Justin Ossevoort 

The current guest-fstrim support only returns an error if some
mountpoint was unable to be trimmed, skipping any possible additional
mountpoints. The result of the TRIM operation itself is also discarded.

This change returns a per mountpoint result of the TRIM operation. If an
error occurs on some mountpoints that error is returned and the
guest-fstrim continue with any additional mountpoints.

The returned values for errors, minimum and trimmed are dependant on the
filesystem, storage stacks and kernel version.

Signed-off-by: Justin Ossevoort 
* s/type/struct/ in schema type definitions
* moved version annotation for new guest-fstrim return field to
  the field itself rather than applying to the entire command
Signed-off-by: Michael Roth 
---
 qga/commands-posix.c | 54 ++--
 qga/commands-win32.c |  4 +++-
 qga/qapi-schema.json | 30 +++--
 3 files changed, 71 insertions(+), 17 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 9ff33ec..c349d4b 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1325,8 +1325,12 @@ static void guest_fsfreeze_cleanup(void)
 /*
  * Walk list of mounted file systems in the guest, and trim them.
  */
-void qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
+GuestFilesystemTrimResponse *
+qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
 {
+GuestFilesystemTrimResponse *response;
+GuestFilesystemTrimResultList *list;
+GuestFilesystemTrimResult *result;
 int ret = 0;
 FsMountList mounts;
 struct FsMount *mount;
@@ -1340,39 +1344,59 @@ void qmp_guest_fstrim(bool has_minimum, int64_t 
minimum, Error **errp)
 build_fs_mount_list(&mounts, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
-return;
+return NULL;
 }
 
+response = g_malloc0(sizeof(*response));
+
 QTAILQ_FOREACH(mount, &mounts, next) {
+result = g_malloc0(sizeof(*result));
+result->path = g_strdup(mount->dirname);
+
+list = g_malloc0(sizeof(*list));
+list->value = result;
+list->next = response->paths;
+response->paths = list;
+
 fd = qemu_open(mount->dirname, O_RDONLY);
 if (fd == -1) {
-error_setg_errno(errp, errno, "failed to open %s", mount->dirname);
-goto error;
+result->error = g_strdup_printf("failed to open: %s",
+strerror(errno));
+result->has_error = true;
+continue;
 }
 
 /* We try to cull filesytems we know won't work in advance, but other
  * filesytems may not implement fstrim for less obvious reasons.  These
- * will report EOPNOTSUPP; we simply ignore these errors.  Any other
- * error means an unexpected error, so return it in those cases.  In
- * some other cases ENOTTY will be reported (e.g. CD-ROMs).
+ * will report EOPNOTSUPP; while in some other cases ENOTTY will be
+ * reported (e.g. CD-ROMs).
+ * Any other error means an unexpected error.
  */
 r.start = 0;
 r.len = -1;
 r.minlen = has_minimum ? minimum : 0;
 ret = ioctl(fd, FITRIM, &r);
 if (ret == -1) {
-if (errno != ENOTTY && errno != EOPNOTSUPP) {
-error_setg_errno(errp, errno, "failed to trim %s",
- mount->dirname);
-close(fd);
-goto error;
+result->has_error = true;
+if (errno == ENOTTY || errno == EOPNOTSUPP) {
+result->error = g_strdup("trim not supported");
+} else {
+result->error = g_strdup_printf("failed to trim: %s",
+strerror(errno));
 }
+close(fd);
+continue;
 }
+
+result->has_minimum = true;
+result->minimum = r.minlen;
+result->has_trimmed = true;
+result->trimmed = r.len;
 close(fd);
 }
 
-error:
 free_fs_mount_list(&mounts);
+return response;
 }
 #endif /* CONFIG_FSTRIM */
 
@@ -2401,9 +2425,11 @@ int64_t qmp_guest_fsfreeze_thaw(Error **errp)
 #endif /* CONFIG_FSFREEZE */
 
 #if !defined(CONFIG_FSTRIM)
-void qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
+GuestFilesystemTrimResponse *
+qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
 {
 error_setg(errp, QERR_UNSUPPORTED);
+return NULL;
 }
 #endif
 
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index fbddc8b..13679a1 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -493,9 +493,11 @@ static void guest_fsfreeze_cleanup(void)
  * Walk list of mounted file systems in the guest, and discard unused
  * areas.
  */
-void qmp_guest_fstrim(bool has_minimum, int64_t minimum, Error **errp)
+Gu

[Qemu-devel] [PATCH 10/10] qga: added GuestPCIAddress information

[Michael Roth]

From: Olga Krishtal 

PCIAddress inforfation is obtained via SetupApi, which provides the
information about address, bus, etc. We look throught entire device tree
in the system and try to find device object for given volume. For this PDO
SetupDiGetDeviceRegistryProperty is called, which reads PCI configuration
for a given devicei if it is possible.

This is the most convinient way for a userspace service. The lookup is
performed for every volume available. However, this information is
not mandatory for vss-provider.

In order to use SetupApi we need to notify linker about it. We do not need
to install additional libs, so we do not make separate configuration
option to use libsetupapi.su

SetupApi gives as the same information as kernel driver
with IRP_MN_QUERY_INTERFACE.
https://support.microsoft.com/en-us/kb/253232

Signed-off-by: Olga Krishtal 
Signed-off-by: Denis V. Lunev 
CC: Eric Blake 
CC: Michael Roth 
Signed-off-by: Michael Roth 
---
 configure|  2 +-
 qga/commands-win32.c | 97 +++-
 2 files changed, 97 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 3bb5e55..5fb8919 100755
--- a/configure
+++ b/configure
@@ -732,7 +732,7 @@ if test "$mingw32" = "yes" ; then
   sysconfdir="\${prefix}"
   local_statedir=
   confsuffix=""
-  libs_qga="-lws2_32 -lwinmm -lpowrprof -liphlpapi $libs_qga"
+  libs_qga="-lsetupapi -lws2_32 -lwinmm -lpowrprof -liphlpapi $libs_qga"
 fi
 
 werror=""
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index bffa766..609f3c7 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -23,6 +23,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #include "qga/guest-agent-core.h"
 #include "qga/vss-win32.h"
 #include "qga-qmp-commands.h"
@@ -34,6 +36,10 @@
 #define SHTDN_REASON_FLAG_PLANNED 0x8000
 #endif
 
+DEFINE_GUID(GUID_DEVINTERFACE_VOLUME,
+0x53f5630dL, 0xb6bf, 0x11d0, 0x94, 0xf2,
+0x00, 0xa0, 0xc9, 0x1e, 0xfb, 0x8b);
+
 /* multiple of 100 nanoseconds elapsed between windows baseline
  *(1/1/1601) and Unix Epoch (1/1/1970), accounting for leap years */
 #define W32_FT_OFFSET (1000ULL * 60 * 60 * 24 * \
@@ -423,7 +429,96 @@ static void guest_file_init(void)
 
 static GuestPCIAddress *get_pci_info(char *guid, Error **errp)
 {
-return NULL;
+HDEVINFO dev_info;
+SP_DEVINFO_DATA dev_info_data;
+DWORD size = 0;
+int i;
+char dev_name[MAX_PATH];
+char *buffer = NULL;
+GuestPCIAddress *pci = NULL;
+char *name = g_strdup(&guid[4]);
+
+if (!QueryDosDevice(name, dev_name, ARRAY_SIZE(dev_name))) {
+error_setg_win32(errp, GetLastError(), "failed to get dos device 
name");
+goto out;
+}
+
+dev_info = SetupDiGetClassDevs(&GUID_DEVINTERFACE_VOLUME, 0, 0,
+   DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
+if (dev_info == INVALID_HANDLE_VALUE) {
+error_setg_win32(errp, GetLastError(), "failed to get devices tree");
+goto out;
+}
+
+dev_info_data.cbSize = sizeof(SP_DEVINFO_DATA);
+for (i = 0; SetupDiEnumDeviceInfo(dev_info, i, &dev_info_data); i++) {
+DWORD addr, bus, slot, func, dev, data, size2;
+while (!SetupDiGetDeviceRegistryProperty(dev_info, &dev_info_data,
+SPDRP_PHYSICAL_DEVICE_OBJECT_NAME,
+&data, (PBYTE)buffer, size,
+&size2)) {
+size = MAX(size, size2);
+if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
+g_free(buffer);
+/* Double the size to avoid problems on
+ * W2k MBCS systems per KB 888609.
+ * https://support.microsoft.com/en-us/kb/259695 */
+buffer = g_malloc(size * 2);
+} else {
+error_setg_win32(errp, GetLastError(),
+"failed to get device name");
+goto out;
+}
+}
+
+if (g_strcmp0(buffer, dev_name)) {
+continue;
+}
+
+/* There is no need to allocate buffer in the next functions. The size
+ * is known and ULONG according to
+ * https://support.microsoft.com/en-us/kb/253232
+ * 
https://msdn.microsoft.com/en-us/library/windows/hardware/ff543095(v=vs.85).aspx
+ */
+if (!SetupDiGetDeviceRegistryProperty(dev_info, &dev_info_data,
+   SPDRP_BUSNUMBER, &data, (PBYTE)&bus, size, NULL)) {
+break;
+}
+
+/* The function retrieves the device's address. This value will be
+ * transformed into device function and number */
+if (!SetupDiGetDeviceRegistryProperty(dev_info, &dev_info_data,
+   SPDRP_ADDRESS, &data, (PBYTE)&addr, size, NULL)) {
+break;
+}
+
+/* This call returns UINumber of DEVICE_CAPABILITIES structure.
+ 

[Qemu-devel] [PATCH 03/10] Revert "guest agent: remove g_strcmp0 usage"

[Michael Roth]

From: Markus Armbruster 

Since we now require GLib 2.22+ (commit f40685c), we don't have to
work around lack of g_strcmp0() anymore.

This reverts commit 8f4774789947bc4bc4c8d026a289fe980d3d2ee1.

Conflicts:
qemu-ga.c

Signed-off-by: Markus Armbruster 
Reviewed-by: John Snow 
Signed-off-by: Michael Roth 
---
 qga/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qga/main.c b/qga/main.c
index 23cde01..791982e 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -274,7 +274,7 @@ static void ga_log(const gchar *domain, GLogLevelFlags 
level,
 
 level &= G_LOG_LEVEL_MASK;
 #ifndef _WIN32
-if (domain && strcmp(domain, "syslog") == 0) {
+if (g_strcmp0(domain, "syslog") == 0) {
 syslog(LOG_INFO, "%s: %s", level_str, msg);
 } else if (level & s->log_level) {
 #else
-- 
1.9.1

[Qemu-devel] [PATCH 09/10] qga: added bus type and disk location path

[Michael Roth]

From: Olga Krishtal 

According to Microsoft disk location path can be obtained via
IOCTL_SCSI_GET_ADDRESS. Unfortunately this ioctl can not be used for all
devices. There are certain bus types which could be obtained with this
API. Please, refer to the following link for more details
https://technet.microsoft.com/en-us/library/ee851589(v=ws.10).aspx

Bus type could be obtained using IOCTL_STORAGE_QUERY_PROPERTY. Enum
STORAGE_BUS_TYPE describes all buses supported by OS.

Windows defines more bus types than Linux. Thus some values have been added
to GuestDiskBusType.

Signed-off-by: Olga Krishtal 
Signed-off-by: Denis V. Lunev 
CC: Eric Blake 
CC: Michael Roth 
* fixed warning in CreateFile due to use of NULL instead of 0
Signed-off-by: Michael Roth 
---
 qga/commands-win32.c | 122 ++-
 qga/qapi-schema.json |  14 +-
 2 files changed, 134 insertions(+), 2 deletions(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 60d9770..bffa766 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -21,6 +21,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #include "qga/guest-agent-core.h"
 #include "qga/vss-win32.h"
 #include "qga-qmp-commands.h"
@@ -90,6 +92,37 @@ static OpenFlags *find_open_flag(const char *mode_str)
 return NULL;
 }
 
+static STORAGE_BUS_TYPE win2qemu[] = {
+[BusTypeUnknown] = GUEST_DISK_BUS_TYPE_UNKNOWN,
+[BusTypeScsi] = GUEST_DISK_BUS_TYPE_SCSI,
+[BusTypeAtapi] = GUEST_DISK_BUS_TYPE_IDE,
+[BusTypeAta] = GUEST_DISK_BUS_TYPE_IDE,
+[BusType1394] = GUEST_DISK_BUS_TYPE_IEEE1394,
+[BusTypeSsa] = GUEST_DISK_BUS_TYPE_SSA,
+[BusTypeFibre] = GUEST_DISK_BUS_TYPE_SSA,
+[BusTypeUsb] = GUEST_DISK_BUS_TYPE_USB,
+[BusTypeRAID] = GUEST_DISK_BUS_TYPE_RAID,
+#if (_WIN32_WINNT >= 0x0600)
+[BusTypeiScsi] = GUEST_DISK_BUS_TYPE_ISCSI,
+[BusTypeSas] = GUEST_DISK_BUS_TYPE_SAS,
+[BusTypeSata] = GUEST_DISK_BUS_TYPE_SATA,
+[BusTypeSd] =  GUEST_DISK_BUS_TYPE_SD,
+[BusTypeMmc] = GUEST_DISK_BUS_TYPE_MMC,
+#endif
+#if (_WIN32_WINNT >= 0x0601)
+[BusTypeVirtual] = GUEST_DISK_BUS_TYPE_VIRTUAL,
+[BusTypeFileBackedVirtual] = GUEST_DISK_BUS_TYPE_FILE_BACKED_VIRTUAL,
+#endif
+};
+
+static GuestDiskBusType find_bus_type(STORAGE_BUS_TYPE bus)
+{
+if (bus > ARRAY_SIZE(win2qemu) || (int)bus < 0) {
+return GUEST_DISK_BUS_TYPE_UNKNOWN;
+}
+return win2qemu[(int)bus];
+}
+
 static int64_t guest_file_handle_add(HANDLE fh, Error **errp)
 {
 GuestFileHandle *gfh;
@@ -388,6 +421,93 @@ static void guest_file_init(void)
 QTAILQ_INIT(&guest_file_state.filehandles);
 }
 
+static GuestPCIAddress *get_pci_info(char *guid, Error **errp)
+{
+return NULL;
+}
+
+static int get_disk_bus_type(HANDLE vol_h, Error **errp)
+{
+STORAGE_PROPERTY_QUERY query;
+STORAGE_DEVICE_DESCRIPTOR *dev_desc, buf;
+DWORD received;
+
+dev_desc = &buf;
+dev_desc->Size = sizeof(buf);
+query.PropertyId = StorageDeviceProperty;
+query.QueryType = PropertyStandardQuery;
+
+if (!DeviceIoControl(vol_h, IOCTL_STORAGE_QUERY_PROPERTY, &query,
+ sizeof(STORAGE_PROPERTY_QUERY), dev_desc,
+ dev_desc->Size, &received, NULL)) {
+error_setg_win32(errp, GetLastError(), "failed to get bus type");
+return -1;
+}
+
+return dev_desc->BusType;
+}
+
+/* VSS provider works with volumes, thus there is no difference if
+ * the volume consist of spanned disks. Info about the first disk in the
+ * volume is returned for the spanned disk group (LVM) */
+static GuestDiskAddressList *build_guest_disk_info(char *guid, Error **errp)
+{
+GuestDiskAddressList *list = NULL;
+GuestDiskAddress *disk;
+SCSI_ADDRESS addr, *scsi_ad;
+DWORD len;
+int bus;
+HANDLE vol_h;
+
+scsi_ad = &addr;
+char *name = g_strndup(guid, strlen(guid)-1);
+
+vol_h = CreateFile(name, 0, FILE_SHARE_READ, NULL, OPEN_EXISTING,
+   0, NULL);
+if (vol_h == INVALID_HANDLE_VALUE) {
+error_setg_win32(errp, GetLastError(), "failed to open volume");
+goto out_free;
+}
+
+bus = get_disk_bus_type(vol_h, errp);
+if (bus < 0) {
+goto out_close;
+}
+
+disk = g_malloc0(sizeof(*disk));
+disk->bus_type = find_bus_type(bus);
+if (bus == BusTypeScsi || bus == BusTypeAta || bus == BusTypeRAID
+#if (_WIN32_WINNT >= 0x0600)
+/* This bus type is not supported before Windows Server 2003 SP1 */
+|| bus == BusTypeSas
+#endif
+) {
+/* We are able to use the same ioctls for different bus types
+ * according to Microsoft docs
+ * https://technet.microsoft.com/en-us/library/ee851589(v=ws.10).aspx 
*/
+if (DeviceIoControl(vol_h, IOCTL_SCSI_GET_ADDRESS, NULL, 0, scsi_ad,
+sizeof(SCSI_ADDRESS), &len, NULL)) {
+disk->unit = addr.Lun;
+disk->target = addr.TargetId;

[Qemu-devel] [PULL 00/10] qemu-ga patches for 2.4.0

[Michael Roth]

Hi Peter,

Sorry for the last minute pull. This is a round-up of all tested/reviewed
qemu-ga patches posted prior to soft-freeze, along with 1 bug fix that
came in last week.

This adds win32 implementations of:
  guest-get-fsinfo
  guest-network-get-interfaces

and modifies guest-fstrim to return per-mount results and continue on to other
mounts even when a failure is encountered.

There's also bug fixes for guest-fstrim and guest-set-time.

The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2015-07-06 14:03:44 +0100)

are available in the git repository at:


  git://github.com/mdroth/qemu.git tags/qga-pull-2015-07-06-tag

for you to fetch changes up to d1ad92aab4a9419538b7b1b7423a8a770c7a2859:

  qga: added GuestPCIAddress information (2015-07-06 23:06:12 -0500)


tag for qga-pull-2015-07-06


Justin Ossevoort (2):
  qga/commands-posix: Fix bug in guest-fstrim
  qga/qmp_guest_fstrim: Return per path fstrim result

Kirk Allan (2):
  qga: add win32 library iphlpapi
  qga: win32 qmp_guest_network_get_interfaces implementation

Marc-André Lureau (1):
  qga: fail early for invalid time

Markus Armbruster (1):
  Revert "guest agent: remove g_strcmp0 usage"

Olga Krishtal (4):
  qga: added empty qmp_quest_get_fsinfo functionality.
  qga: added mountpoint and filesystem type for single volume
  qga: added bus type and disk location path
  qga: added GuestPCIAddress information

 configure|   2 +-
 qga/commands-posix.c |  70 +--
 qga/commands-win32.c | 518 ++-
 qga/main.c   |   2 +-
 qga/qapi-schema.json |  44 -
 5 files changed, 605 insertions(+), 31 deletions(-)

Re: [Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 8:56 PM, Bharata B Rao  wrote:
> On Tue, Jul 7, 2015 at 7:55 AM, Peter Crosthwaite
>  wrote:
>> On Mon, Jul 6, 2015 at 5:24 PM, Andreas Färber  wrote:
>>> Am 07.07.2015 um 01:13 schrieb Andreas Färber:
 Hello Peter,

 This is my QOM CPU patch queue. Please pull.

 Note: For time reasons I did not give this queue as much testing as usual,
 in particular BSD and non-x86 KVM hosts were not covered.

 Regards,
 Andreas

 Cc: Peter Maydell 

 Cc: Eduardo Habkost 
 Cc: Peter Crosthwaite 

 The following changes since commit 
 7edd8e4660beb301d527257f8e04ebec0f841cb0:

   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
 staging (2015-07-06 14:03:44 +0100)

 are available in the git repository at:

   git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter

 for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:

   disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 
 +0200)

 
 QOM CPUState and X86CPU

 * Further QOM'ification of CPU initialization
 * Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
 * cpu_set_pc() abstraction
 * CPUClass::disas_set_info() hook

 
>>> [...]
>>>
>>> Self-nack, hurry is never good:
>>>
>>>   /aarch64/qom/xlnx-ep108:
>>> qemu-system-aarch64: Trying to use more CPUs than allowed max of 1
>>> Broken pipe
>>> FAIL
>>>
>>> Peter C., any ideas why this is regressing?
>>>
>>
>> This:
>>
>> +if (cpu >= max_cpus) {
>> +error_setg(errp, "Trying to use more CPUs than allowed max of %d\n",
>> +max_cpus);
>> +return -1;
>>
>> xlnx-ep108 doesn't care about the -smp argument, it creates all 6 CPUs
>> regardless of -smp. This is because the number of CPUs is not flexible
>> in reality. It is also a heterogeneous arch (with R5s abd A53s) so
>> trying to limit the grand total of CPUs is ambiguous (do you remove
>> a53s or r5s for -smp < 6?).
>>
>> Can this check be dropped or is this a bug in xlnx where we should
>> overcome by just forcing smp_cpus = 6 at machine level?
>
> That check is needed to fail CPU realization when an attempt is made
> to relialize (eg. via hotplug) more than allowed max number of CPUs.
>

What was the behaviour before this patch series for this case? I can't
see any check in original code.  had another read of your commit
messages. It seems the main purpose of your change is to ensure CPU
indicies are unique rather than within any limits so this new check is
secondary to what you were trying to do. Can we just drop it?

Regards,
Peter

> Regards,
> Bharata.
>

Re: [Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 7:25 PM, Peter Crosthwaite
 wrote:
> On Mon, Jul 6, 2015 at 5:24 PM, Andreas Färber  wrote:
>> Am 07.07.2015 um 01:13 schrieb Andreas Färber:
>>> Hello Peter,
>>>
>>> This is my QOM CPU patch queue. Please pull.
>>>
>>> Note: For time reasons I did not give this queue as much testing as usual,
>>> in particular BSD and non-x86 KVM hosts were not covered.
>>>
>>> Regards,
>>> Andreas
>>>
>>> Cc: Peter Maydell 
>>>
>>> Cc: Eduardo Habkost 
>>> Cc: Peter Crosthwaite 
>>>
>>> The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:
>>>
>>>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
>>> staging (2015-07-06 14:03:44 +0100)
>>>
>>> are available in the git repository at:
>>>
>>>   git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter
>>>
>>> for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:
>>>
>>>   disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 
>>> +0200)
>>>
>>> 
>>> QOM CPUState and X86CPU
>>>
>>> * Further QOM'ification of CPU initialization
>>> * Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
>>> * cpu_set_pc() abstraction
>>> * CPUClass::disas_set_info() hook
>>>
>>> 
>> [...]
>>
>> Self-nack, hurry is never good:
>>
>>   /aarch64/qom/xlnx-ep108:
>> qemu-system-aarch64: Trying to use more CPUs than allowed max of 1
>> Broken pipe
>> FAIL
>>
>> Peter C., any ideas why this is regressing?
>>
>
> This:
>
> +if (cpu >= max_cpus) {
> +error_setg(errp, "Trying to use more CPUs than allowed max of %d\n",
> +max_cpus);
> +return -1;
>
> xlnx-ep108 doesn't care about the -smp argument, it creates all 6 CPUs
> regardless of -smp. This is because the number of CPUs is not flexible
> in reality. It is also a heterogeneous arch (with R5s abd A53s) so
> trying to limit the grand total of CPUs is ambiguous (do you remove
> a53s or r5s for -smp < 6?).
>
> Can this check be dropped or is this a bug in xlnx where we should
> overcome by just forcing smp_cpus = 6 at machine level?
>
> Regards,
> Peter
>

This is the fix (patch 5):

@@ -531,11 +531,11 @@ static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);

 static int cpu_get_free_index(Error **errp)
 {
-int cpu = find_first_zero_bit(cpu_index_map, max_cpus);
+int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);

-if (cpu >= max_cpus) {
-error_setg(errp, "Trying to use more CPUs than allowed max of %d",
-   max_cpus);
+if (cpu >= MAX_CPUMASK_BITS) {
+error_setg(errp, "Trying to use more CPUs than max of %d",
+   MAX_CPUMASK_BITS);
 return -1;
 }

My thinking is, that the existing linear allocator for cpu-indicies
does not have max_cpus based maximum index enforcement and adding it
is not necessarily in the scope of Bharata's patch series. Given than
this extra feature regresses without being critical to PPC CPU hotplug
removal, we can just remove it from the patch and instead only enforce
that the indicies are within the hard limits of the bitmap itself.

We can follow-up with a more correct max check once we have the needed
fix to either ep108 or core code, but this edit is hopefully enough
for this PULL?

An amended version of the PULL with the fix squashed in is available at:

https://github.com/pcrost/qemu.git qom-cpu-for-peter

Regards,
Peter

>
>> Sorry,
>> Andreas
>>
>> --
>> SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
>> GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton; HRB
>> 21284 (AG Nürnberg)
>>

Re: [Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Bharata B Rao]

On Tue, Jul 7, 2015 at 7:55 AM, Peter Crosthwaite
 wrote:
> On Mon, Jul 6, 2015 at 5:24 PM, Andreas Färber  wrote:
>> Am 07.07.2015 um 01:13 schrieb Andreas Färber:
>>> Hello Peter,
>>>
>>> This is my QOM CPU patch queue. Please pull.
>>>
>>> Note: For time reasons I did not give this queue as much testing as usual,
>>> in particular BSD and non-x86 KVM hosts were not covered.
>>>
>>> Regards,
>>> Andreas
>>>
>>> Cc: Peter Maydell 
>>>
>>> Cc: Eduardo Habkost 
>>> Cc: Peter Crosthwaite 
>>>
>>> The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:
>>>
>>>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
>>> staging (2015-07-06 14:03:44 +0100)
>>>
>>> are available in the git repository at:
>>>
>>>   git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter
>>>
>>> for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:
>>>
>>>   disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 
>>> +0200)
>>>
>>> 
>>> QOM CPUState and X86CPU
>>>
>>> * Further QOM'ification of CPU initialization
>>> * Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
>>> * cpu_set_pc() abstraction
>>> * CPUClass::disas_set_info() hook
>>>
>>> 
>> [...]
>>
>> Self-nack, hurry is never good:
>>
>>   /aarch64/qom/xlnx-ep108:
>> qemu-system-aarch64: Trying to use more CPUs than allowed max of 1
>> Broken pipe
>> FAIL
>>
>> Peter C., any ideas why this is regressing?
>>
>
> This:
>
> +if (cpu >= max_cpus) {
> +error_setg(errp, "Trying to use more CPUs than allowed max of %d\n",
> +max_cpus);
> +return -1;
>
> xlnx-ep108 doesn't care about the -smp argument, it creates all 6 CPUs
> regardless of -smp. This is because the number of CPUs is not flexible
> in reality. It is also a heterogeneous arch (with R5s abd A53s) so
> trying to limit the grand total of CPUs is ambiguous (do you remove
> a53s or r5s for -smp < 6?).
>
> Can this check be dropped or is this a bug in xlnx where we should
> overcome by just forcing smp_cpus = 6 at machine level?

That check is needed to fail CPU realization when an attempt is made
to relialize (eg. via hotplug) more than allowed max number of CPUs.

Regards,
Bharata.

Re: [Qemu-devel] [PATCH v6 2/6] spapr: Add LMB DR connectors

[David Gibson]

On Mon, Jul 06, 2015 at 05:49:48PM +0200, Thomas Huth wrote:
> On Mon, 29 Jun 2015 14:14:28 +0530
> Bharata B Rao  wrote:
> 
> > Enable memory hotplug for pseries 2.4 and add LMB DR connectors.
> > With memory hotplug, enforce RAM size, NUMA node memory size and maxmem
> > to be a multiple of SPAPR_MEMORY_BLOCK_SIZE (256M) since that's the
> > granularity in which LMBs are represented and hot-added.
> > 
> > LMB DR connectors will be used by the memory hotplug code.
> > 
> > Signed-off-by: Bharata B Rao 
> > Signed-off-by: Michael Roth 
> >[spapr_drc_reset implementation]
> > ---
> >  hw/ppc/spapr.c | 88 
> > ++
> >  include/hw/ppc/spapr.h |  1 +
> >  2 files changed, 89 insertions(+)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 241ecad..bee868c 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> ...
> > +/*
> > + * If RAM size, maxmem size and individual node mem sizes aren't aligned
> > + * to SPAPR_MEMORY_BLOCK_SIZE(256MB), then refuse to start the guest
> > + * since we can't support such unaligned sizes with DRCONF_MEMORY.
> > + */
> > +static void spapr_validate_node_memory(MachineState *machine)
> > +{
> > +int i;
> > +
> > +if (machine->maxram_size % SPAPR_MEMORY_BLOCK_SIZE ||
> > +machine->ram_size % SPAPR_MEMORY_BLOCK_SIZE) {
> > +error_report("Can't support memory configuration where RAM size "
> > + "0x" RAM_ADDR_FMT " or maxmem size "
> > + "0x" RAM_ADDR_FMT " isn't aligned to %lld MB",
> > + machine->ram_size, machine->maxram_size,
> > + SPAPR_MEMORY_BLOCK_SIZE/M_BYTE);
> > +exit(EXIT_FAILURE);
> > +}
> > +
> > +for (i = 0; i < nb_numa_nodes; i++) {
> > +if (numa_info[i].node_mem &&
> > +numa_info[i].node_mem % SPAPR_MEMORY_BLOCK_SIZE) {
> > +error_report("Can't support memory configuration where memory "
> > + "size %lx of node %d isn't aligned to %lld MB",
> > + numa_info[i].node_mem, i,
> > + SPAPR_MEMORY_BLOCK_SIZE/M_BYTE);
> 
> FYI, this causes a compiler warning when compiling for a 32-bit host:
> 
> hw/ppc/spapr.c: In function 'spapr_validate_node_memory':
> hw/ppc/spapr.c:1638:26: warning: format '%lx' expects argument of type 'long 
> unsigned int', but argument 2 has type 'uint64_t' [-Wformat=]
> 
> I think you have to use PRIx64 or something similar here.

I've added a patch to correct this to spapr-next.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


pgpmUQuSMYhEi.pgp
Description: PGP signature

Re: [Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 5:24 PM, Andreas Färber  wrote:
> Am 07.07.2015 um 01:13 schrieb Andreas Färber:
>> Hello Peter,
>>
>> This is my QOM CPU patch queue. Please pull.
>>
>> Note: For time reasons I did not give this queue as much testing as usual,
>> in particular BSD and non-x86 KVM hosts were not covered.
>>
>> Regards,
>> Andreas
>>
>> Cc: Peter Maydell 
>>
>> Cc: Eduardo Habkost 
>> Cc: Peter Crosthwaite 
>>
>> The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:
>>
>>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
>> staging (2015-07-06 14:03:44 +0100)
>>
>> are available in the git repository at:
>>
>>   git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter
>>
>> for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:
>>
>>   disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 +0200)
>>
>> 
>> QOM CPUState and X86CPU
>>
>> * Further QOM'ification of CPU initialization
>> * Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
>> * cpu_set_pc() abstraction
>> * CPUClass::disas_set_info() hook
>>
>> 
> [...]
>
> Self-nack, hurry is never good:
>
>   /aarch64/qom/xlnx-ep108:
> qemu-system-aarch64: Trying to use more CPUs than allowed max of 1
> Broken pipe
> FAIL
>
> Peter C., any ideas why this is regressing?
>

This:

+if (cpu >= max_cpus) {
+error_setg(errp, "Trying to use more CPUs than allowed max of %d\n",
+max_cpus);
+return -1;

xlnx-ep108 doesn't care about the -smp argument, it creates all 6 CPUs
regardless of -smp. This is because the number of CPUs is not flexible
in reality. It is also a heterogeneous arch (with R5s abd A53s) so
trying to limit the grand total of CPUs is ambiguous (do you remove
a53s or r5s for -smp < 6?).

Can this check be dropped or is this a bug in xlnx where we should
overcome by just forcing smp_cpus = 6 at machine level?

Regards,
Peter


> Sorry,
> Andreas
>
> --
> SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton; HRB
> 21284 (AG Nürnberg)
>

[Qemu-devel] 回复: Re: Can the backing file of qcow2 points to a snapshot of base file?

[vt]

On 2015/7/6 20:09, Max Reitz wrote:
> On 06.07.2015 10:20, vt wrote:
>> Hi.
>> If a base qcow2 image snapshot chain like this:
>> base.qcow2: [A] -> [B] -> [C]
>> [C] is the current image where guest read/write to,usually we create a
>> new image base on the base.qcow2 like this
>> qemu-img create -f qcow2 -o backing_file=/path/base.qcow2 new.qcow2
>> so the data of new.qcow2 is from [C] of base.qcow2, assuming the
>> new.qcow2 has not been write to since created.
>> What I want is that the data of new.qcow2 is from [B] of base.qcow2,
>> like this:
>> qemu-img create -f qcow2 -o
>> backing_file=/path/base.qcow2,backing_snapshot=B  new.qcow2
>> Can the qemu support it now?
>> Thanks
>> 
>> vt 
>
> Hi vt,
>
> I don't think this is possible. For this to work, the snapshot would have to 
> be loaded temporarily, but the only place I can see in the qemu code base 
> where this is done is inside qemu-img and qemu-nbd, so qemu itself 
> appearently does not support this.
>
> What you can do is export the snapshot via qemu-nbd (-l) and then use that 
> NBD server as a backing file with qemu. This is not very nice, but I don't 
> suppose there are many people eager to implement the functionality you'd like 
> to have (although I don't think it would be too difficult, frankly…).
>
> Max

Thanks, Max!

It seems that I have to implement the functionality by myself...

Here is my plan:

1. Pass the snapshot name(id) by -drive
2. Get the snapshot name(id) in the bdrv_open_backing_file() -> qcow2_open() 
and load the snapshot header
3. Load BDRVQcowState.l1_table with the snapshot's l1 table

Does it look ok?

Thanks

vt

Re: [Qemu-devel] vpc size reporting problem

[Chun Yan Liu]

>>> On 7/6/2015 at 06:42 PM, in message <559a5b79.4010...@kamp.de>, Peter Lieven
 wrote: 
> Am 06.07.2015 um 11:44 schrieb Chun Yan Liu: 
> > While testing with a 1GB VHD file created on win7, found that the VHD file 
> > size reported on Windows is different from that is reported by qemu-img 
> > info or within a Linux KVM guest. 
> > 
> > Created a dynamic VHD file on win7, on Windows, it is reported 1024MB 
> > (2097152 sectors). But with qemu-img info or within a Linux KVM guest, 
> > it is reported 1023MB (2096640 sectors). 
> > 
> > The values in the footer_buf are as follows: 
> > creator_app: "win " 
> > cylinders: 0x820 (2080) 
> > heads: 0x10 (16) 
> > cyl/sec: 0x3f (63) 
> > current_size: 0x4000 (1G) 
> > 
> > So, if using current_size, it's correct; but using CHS will get a smaller  
> size. 
> > 
> > Should we add a check in this case and use "current_size" instead of 
> > CHS? 
>  
> As far as I remember the issue was and still is that there is no official  
> spec that says 
> use current_size in case A and CHS in case B. 

Understand.

>  
> If currrent_size is greater than CHS and Windows would use CHS (we don't 
> know that) we might run into issues if Qemu uses current_size. In this 
> cas we would write data beyond the end of the container (from Windows 
> perspective). 

That's right. The fact is in our testing we found Windows does not use CHS
but current_size (from testing result), we create and get the VHD parted on
Windows, then take the VHD file into Linux KVM guest, it fails to show partition
table (since the reported disk size is shrinking, some of the partitions extend
beyond the end of the disk).

>  
> > 
> > BTW, before commit 0444dceee, there is a similar check for 'd2v', 
> > if creator_app is 'd2v', using "size" instead of CHS. But in commit 
> > 0444dceee, this check is removed. To me, the new check and 'd2v' 
> > check seem to be two different cases, why removing 'd2v' check? 
>  
> d2v always writes a magic combination of 65535x16x255 for CHS. So commit 
> 0444dceee just changed the behaviour to always use current_size in 
> case CHS is 65535x16x255 (including d2v). 

Got it. Thanks!

- Chunyan

>  
> I personally wouldn't mind to always use current_size that is what e.g.  
> VirtualBox does. 
> Or use current_size if it is greater than the size derived from CHS. But  
> this might 
> break things. 
>  
> Peter 
>  
>  
>  

Re: [Qemu-devel] [PATCH] qga: fail early for invalid time

[Michael Roth]

Quoting Marc-André Lureau (2015-07-05 09:28:58)
> It's possible to set system time with dates after 2070, however, it's
> not possible to set the RTC. It has limitation to up to year
> 2070 (1970+100). In order to keep both clock in sync and before the
> kernel complains on invalid values, bail out early.
> 
> Signed-off-by: Marc-André Lureau 

Applied, thanks.

> ---
>  qga/commands-posix.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> index befd00b..d8847be 100644
> --- a/qga/commands-posix.c
> +++ b/qga/commands-posix.c
> @@ -154,6 +154,8 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
> Error **errp)
> 
>  /* If user has passed a time, validate and set it. */
>  if (has_time) {
> +GDate date = { 0, };
> +
>  /* year-2038 will overflow in case time_t is 32bit */
>  if (time_ns / 10 != (time_t)(time_ns / 10)) {
>  error_setg(errp, "Time %" PRId64 " is too large", time_ns);
> @@ -162,6 +164,11 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, 
> Error **errp)
> 
>  tv.tv_sec = time_ns / 10;
>  tv.tv_usec = (time_ns % 10) / 1000;
> +g_date_set_time_t(&date, tv.tv_sec);
> +if (date.year < 1970 || date.year >= 2070) {
> +error_setg_errno(errp, errno, "Invalid time");
> +return;
> +}
> 
>  ret = settimeofday(&tv, NULL);
>  if (ret < 0) {
> -- 
> 2.4.3
> 

Re: [Qemu-devel] [PATCH 06/10] qga: guest exec functionality for Windows guests

[Michael Roth]

Quoting Denis V. Lunev (2015-06-30 05:25:19)
> From: Olga Krishtal 
> 
> Child process' stdin/stdout/stderr can be associated
> with handles for communication via read/write interfaces.
> 
> The workflow should be something like this:
> * Open an anonymous pipe through guest-pipe-open
> * Execute a binary or a script in the guest. Arbitrary arguments and
>   environment to a new child process could be passed through options
> * Read/pass information from/to executed process using
>   guest-file-read/write
> * Collect the status of a child process

Have you seen anything like this in your testing?

{'execute':'guest-exec','arguments':{'path':'/Windows/System32/ipconfig.exe',
 'timeout':5000}}
{"return": {"pid": 588}}
{'execute':'guest-exec-status','arguments':{'pid':588}}
{"return": {"exit": 0, "handle-stdout": -1, "handle-stderr": -1,
 "handle-stdin": -1, "signal": -1}}
{'execute':'guest-exec-status','arguments':{'pid':588}}
{"error": {"class": "GenericError", "desc": "Invalid parameter 'pid'"}}

{'execute':'guest-exec','arguments':{'path':'/Windows/System32/ipconfig.exe',
 'timeout':5000}}
{"error": {"class": "GenericError", "desc": "CreateProcessW() failed:
 The parameter is incorrect. (error: 57)"}}
{'execute':'guest-exec','arguments':{'path':'/Windows/System32/ipconfig.exe',
 'timeout':5000}}
{"error": {"class": "GenericError", "desc": "CreateProcessW() failed:
 The parameter is incorrect. (error: 57)"}}

{'execute':'guest-exec','arguments':{'path':'/Windows/System32/ipconfig.exe',
 'timeout':5000}}
{"return": {"pid": 1836}}

The guest-exec-status failures are expected since the first call reaps
everything, but the CreateProcessW() failures are not. Will look into it
more this evening, but it doesn't look like I'll be able to apply this in
it's current state.

I have concerns over the schema as well. I think last time we discussed
it we both seemed to agree that guest-file-open was unwieldy and
unnecessary. We should just let guest-exec return a set of file handles
instead of having users do all the plumbing.

I'm really sorry for chiming in right before hard freeze, very poor
timing/planning on my part.

Will look at the fs/pci info patches tonight.

> 
> Signed-off-by: Olga Krishtal 
> Acked-by: Roman Kagan 
> Signed-off-by: Denis V. Lunev 
> CC: Eric Blake 
> CC: Michael Roth 
> ---
>  qga/commands-win32.c | 309 
> ++-
>  1 file changed, 303 insertions(+), 6 deletions(-)
> 
> diff --git a/qga/commands-win32.c b/qga/commands-win32.c
> index 435a049..ad445d9 100644
> --- a/qga/commands-win32.c
> +++ b/qga/commands-win32.c
> @@ -451,10 +451,231 @@ static void guest_file_init(void)
>  QTAILQ_INIT(&guest_file_state.filehandles);
>  }
> 
> +
> +typedef struct GuestExecInfo {
> +int pid;
> +HANDLE phandle;
> +GuestFileHandle *gfh_stdin;
> +GuestFileHandle *gfh_stdout;
> +GuestFileHandle *gfh_stderr;
> +QTAILQ_ENTRY(GuestExecInfo) next;
> +} GuestExecInfo;
> +
> +static struct {
> +QTAILQ_HEAD(, GuestExecInfo) processes;
> +} guest_exec_state;
> +
> +static void guest_exec_init(void)
> +{
> +QTAILQ_INIT(&guest_exec_state.processes);
> +}
> +
> +static void guest_exec_info_add(int pid, HANDLE phandle,
> +GuestFileHandle *in, GuestFileHandle *out,
> +GuestFileHandle *error)
> +{
> +GuestExecInfo *gei;
> +
> +gei = g_malloc0(sizeof(GuestExecInfo));
> +gei->pid = pid;
> +gei->phandle = phandle;
> +gei->gfh_stdin = in;
> +gei->gfh_stdout = out;
> +gei->gfh_stderr = error;
> +QTAILQ_INSERT_TAIL(&guest_exec_state.processes, gei, next);
> +}
> +
> +static GuestExecInfo *guest_exec_info_find(int64_t pid)
> +{
> +GuestExecInfo *gei;
> +
> +QTAILQ_FOREACH(gei, &guest_exec_state.processes, next) {
> +if (gei->pid == pid) {
> +return gei;
> +}
> +}
> +
> +return NULL;
> +}
> +
>  GuestExecStatus *qmp_guest_exec_status(int64_t pid, Error **errp)
>  {
> -error_setg(errp, QERR_UNSUPPORTED);
> -return 0;
> +GuestExecInfo *gei;
> +GuestExecStatus *ges;
> +int r;
> +DWORD exit_code;
> +
> +slog("guest-exec-status called, pid: %" PRId64, pid);
> +
> +gei = guest_exec_info_find(pid);
> +if (gei == NULL) {
> +error_setg(errp, QERR_INVALID_PARAMETER, "pid");
> +return NULL;
> +}
> +
> +r = WaitForSingleObject(gei->phandle, 0);
> +if (r != WAIT_OBJECT_0 && r != WAIT_TIMEOUT) {
> +error_setg_win32(errp, GetLastError(),
> + "WaitForSingleObject() failed, pid: %u", gei->pid);
> +return NULL;
> +}
> +
> +ges = g_malloc0(sizeof(GuestExecStatus));
> +ges->handle_stdin = (gei->gfh_stdin != NULL) ? gei->gfh_stdin->id : -1;
> +ges->handle_stdout = (gei->gfh_stdout != NULL) ? gei->gfh_stdout->id : 
> -1;
> +ges->handle_stderr = (gei->gfh_stderr != NULL) ? gei->gfh_stderr->id : 
> -1;
> +ges->exi

Re: [Qemu-devel] [PATCH] Revert "guest agent: remove g_strcmp0 usage"

[Michael Roth]

Quoting Markus Armbruster (2015-06-16 01:34:57)
> Ping?

Applied, thanks.

> 
> Markus Armbruster  writes:
> 
> > Since we now require GLib 2.22+ (commit f40685c), we don't have to
> > work around lack of g_strcmp0() anymore.
> >
> > This reverts commit 8f4774789947bc4bc4c8d026a289fe980d3d2ee1.
> >
> > Conflicts:
> >   qemu-ga.c
> >
> > Signed-off-by: Markus Armbruster 
> > ---
> >  qga/main.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/qga/main.c b/qga/main.c
> > index 9939a2b..0b788e1 100644
> > --- a/qga/main.c
> > +++ b/qga/main.c
> > @@ -274,7 +274,7 @@ static void ga_log(const gchar *domain, GLogLevelFlags 
> > level,
> >  
> >  level &= G_LOG_LEVEL_MASK;
> >  #ifndef _WIN32
> > -if (domain && strcmp(domain, "syslog") == 0) {
> > +if (g_strcmp0(domain, "syslog") == 0) {
> >  syslog(LOG_INFO, "%s: %s", level_str, msg);
> >  } else if (level & s->log_level) {
> >  #else
> 

Re: [Qemu-devel] [PATCH v4 0/2] Fix guest-fstrim behaviour

[Michael Roth]

Quoting Justin Ossevoort (2015-05-11 01:58:43)
> The qemu-ga 'guest-fstrim' command is currently not working properly.
> 
> There are 2 issues:
> - The current implementation reuses a struct between ioctl() calls without
>   reinitialising it's fields. This struct however is updated to reflect
>   the result of the trim operation.
>   Therefor only the first filesystem is thoroughly trimmed, the rest is only
>   trimmed up to the amount that was trimmed by the previous filesystem.
> - The current implementation will return an error if some filesystem returned
>   an unexpected error. The first issue consistently causes this issue when
>   the 'guest-fstrim' is performed multiple times in a row when multiple
>   filesystems are being trimmed, as this causes a trim request for at most
>   0 bytes, which is an error.

Applied, thanks.

> 
> The first patch fixes the first issue by explicitly resetting the struct used
> to perform the trim ioctl for each path. This is a pretty mundane change and
> fixes most use-cases.
> 
> The second patch fixes the second issue by changing the returned value to
> return a per-path result. This way all paths are always trimmed and 
> dependening
> on the outcome of the ioctl an error or some details about the trim are
> returned. The returned values for error, minimum and trimmed are filesystem,
> storage stack and kernel version dependant.
> 
> There was an earlier request to mirror the fields from the 'guest-fsinfo'
> operation. The trim operation however need not happen at the mountpoint level.
> A logical future improvement would be to allow the caller to supply an 
> optional
> list of paths they want to trim, without needing to have intimate details 
> about
> the filesystem layout of the guest.
> 
> [Changes since v3]
> - Patch 2: Change return type of qmp_guest_fstrim in qga/command-win32.c
> - Patch 2: Change commit message on patch 2 to indicate returned values are
>filesystem, storage stack and kernel version dependant
> 
> Justin Ossevoort (2):
>   qga/commands-posix: Fix bug in guest-fstrim
>   qga/commands-posix: Return per path fstrim result
> 
>  qga/commands-posix.c | 63 
> 
>  qga/commands-win32.c |  4 +++-
>  qga/qapi-schema.json | 32 +++---
>  3 files changed, 76 insertions(+), 23 deletions(-)
> 
> -- 
> 2.1.4
> 
> 

Re: [Qemu-devel] [PATCH v6 0/2] qga: qmp_guest_network_get_interfaces for win32

[Michael Roth]

Quoting Kirk Allan (2015-06-02 12:41:05)
> Changes from v5:
> - Patch 1/2 removed testing for WINVER in QEMU_CFLAGS.
> 
> Changes from v4:
> - Fixed up the commit messages to remove the utf-8 characters.
> 
> Changes from v3:
> - Patch 1/2 removed setting ARCH_$ARCH
> - Patch 2/2 implemented feedback from v3. Use WSAAddressToString for
> inet_ntop functionality.  WSAStringToAddress is available in all versions
> of Windows.
> 
> This patch set is to implement qmp_guest_network_get_interfaces for win32.
> 
> This patch set contains two patches: configuration and implementation.
> 
> The configuration patch adds the iphlpapi library.  The implementation
> patch for commands-win32.c takes advantage of _WIN32_WINNT if set to 0x600
> or greater for Windows Vista/2008 guests or newer to use OnLinkPrefixLength
> for prefixes.  WSAStringToAddress is used for inet_ntop functionality.

Applied, thanks.

> 
> Kirk Allan (2):
>   qga: add win32 library iphlpapi
>   qga: win32 qmp_guest_network_get_interfaces implementation
> 
>  configure|   2 +-
>  qga/commands-win32.c | 220 
> ++-
>  2 files changed, 218 insertions(+), 4 deletions(-)
> 
> -- 
> 1.8.5.6
> 

[Qemu-devel] [PATCH v2] net: Flush queued packets when guest resumes

[Fam Zheng]

Since commit 6e99c63 "net/socket: Drop net_socket_can_send" and friends,
net queues need to be explicitly flushed after qemu_can_send_packet()
returns false, because the netdev side will disable the polling of fd.

This fixes the case of "cont" after "stop" (or migration).

Signed-off-by: Fam Zheng 

---

v2: Unify with VM stop handler. (Stefan)
---
 net/net.c | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/net/net.c b/net/net.c
index 6ff7fec..28a5597 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1257,14 +1257,19 @@ void qmp_set_link(const char *name, bool up, Error 
**errp)
 static void net_vm_change_state_handler(void *opaque, int running,
 RunState state)
 {
-/* Complete all queued packets, to guarantee we don't modify
- * state later when VM is not running.
- */
-if (!running) {
-NetClientState *nc;
-NetClientState *tmp;
+NetClientState *nc;
+NetClientState *tmp;
 
-QTAILQ_FOREACH_SAFE(nc, &net_clients, next, tmp) {
+QTAILQ_FOREACH_SAFE(nc, &net_clients, next, tmp) {
+if (running) {
+/* Flush queued packets and wake up backends. */
+if (nc->peer && qemu_can_send_packet(nc)) {
+qemu_flush_queued_packets(nc->peer);
+}
+} else {
+/* Complete all queued packets, to guarantee we don't modify
+ * state later when VM is not running.
+ */
 qemu_flush_or_purge_queued_packets(nc, true);
 }
 }
-- 
2.4.3

Re: [Qemu-devel] [PATCH COLO-BLOCK v7 00/17] Block replication for continuous checkpoints

[Wen Congyang]

On 07/07/2015 08:25 AM, Michael R. Hines wrote:
> On 07/04/2015 07:46 AM, Wen Congyang wrote:
>> At 2015/7/3 23:30, Dr. David Alan Gilbert Wrote:
>>> * Wen Congyang (we...@cn.fujitsu.com) wrote:
 Block replication is a very important feature which is used for
 continuous checkpoints(for example: COLO).

 Usage:
 Please refer to docs/block-replication.txt

 You can get the patch here:
 https://github.com/wencongyang/qemu-colo/commits/block-replication-v7

 You can get ths patch with framework here:
 https://github.com/wencongyang/qemu-colo/commits/colo_framework_v7.2
>>>
>>> Hi,
>>>I seem to be having problems with the new listed syntax on the wiki;
>>> on the secondary I'm getting the error
>>>
>>>   Block format 'replication' used by device 'virtio0' doesn't support the 
>>> option 'export'
>>>
>>> ./try/bin/qemu-system-x86_64 -enable-kvm -nographic \
>>>   -boot c -m 4096 -smp 4 -S \
>>>   -name debug-threads=on -trace events=trace-file \
>>>   -netdev tap,id=hn0,script=$PWD/ifup-slave,\
>>> downscript=no,colo_script=$PWD/qemu/scripts/colo-proxy-script.sh,colo_nicname=em4
>>>  \
>>>   -device e1000,mac=9c:da:4d:1c:b5:89,id=net-pci0,netdev=hn0 \
>>>   -device virtio-rng-pci \
>>>   -drive 
>>> if=none,driver=raw,file=/home/localvms/bugzilla.raw,id=colo1,cache=none,aio=native
>>>  \
>>>   -drive 
>>> if=virtio,driver=replication,mode=secondary,export=colo1,throttling.bps-total-max=7000,\
>>> file.file.filename=$TMPDISKS/colo-active-disk.qcow2,\
>>> file.driver=qcow2,\
>>> file.backing.file.filename=$TMPDISKS/colo-hidden-disk.qcow2,\
>>> file.backing.driver=qcow2,\
>>> file.backing.backing.backing_reference=colo1,\
>>> file.backing.allow-write-backing-file=on \
>>>   -incoming tcp:0:
>>
>> Sorry, the option export is removed, because we use the qmp command 
>> nbd-server-add to let a BB be NBD server.
>>
> 
> Still doesn't work. The server says:
> 
> nbd.c:nbd_receive_options():L447: read failed

This log is very stange. The NBD client connects to NBD server, and NBD server 
wants to read data
from NBD client, but reading fails. It seems that the connection is closed 
unexpectedly. Can you
give me more log and how do you use it?

Thanks
Wen Congyang

> nbd.c:nbd_send_negotiate():L562: option negotiation failed
> 
> - Michael
> 
> .
> 

Re: [Qemu-devel] [PATCH] virtio-net: Drop net_virtio_info.can_receive

[Fam Zheng]

On Mon, 07/06 20:09, Michael S. Tsirkin wrote:
> On Mon, Jul 06, 2015 at 04:21:16PM +0100, Stefan Hajnoczi wrote:
> > On Mon, Jul 06, 2015 at 11:32:25AM +0800, Jason Wang wrote:
> > > 
> > > 
> > > On 07/02/2015 08:46 PM, Stefan Hajnoczi wrote:
> > > > On Tue, Jun 30, 2015 at 04:35:24PM +0800, Jason Wang wrote:
> > > >> On 06/30/2015 11:06 AM, Fam Zheng wrote:
> > > >>> virtio_net_receive still does the check by calling
> > > >>> virtio_net_can_receive, if the device or driver is not ready, the 
> > > >>> packet
> > > >>> is dropped.
> > > >>>
> > > >>> This is necessary because returning false from can_receive complicates
> > > >>> things: the peer would disable sending until we explicitly flush the
> > > >>> queue.
> > > >>>
> > > >>> Signed-off-by: Fam Zheng 
> > > >>> ---
> > > >>>  hw/net/virtio-net.c | 1 -
> > > >>>  1 file changed, 1 deletion(-)
> > > >>>
> > > >>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> > > >>> index d728233..dbef0d0 100644
> > > >>> --- a/hw/net/virtio-net.c
> > > >>> +++ b/hw/net/virtio-net.c
> > > >>> @@ -1503,7 +1503,6 @@ static int virtio_net_load_device(VirtIODevice 
> > > >>> *vdev, QEMUFile *f,
> > > >>>  static NetClientInfo net_virtio_info = {
> > > >>>  .type = NET_CLIENT_OPTIONS_KIND_NIC,
> > > >>>  .size = sizeof(NICState),
> > > >>> -.can_receive = virtio_net_can_receive,
> > > >>>  .receive = virtio_net_receive,
> > > >>>  .link_status_changed = virtio_net_set_link_status,
> > > >>>  .query_rx_filter = virtio_net_query_rxfilter,
> > > >> A side effect of this patch is it will read and then drop packet is
> > > >> guest driver is no ok.
> > > > I think that the semantics of .can_receive() and .receive() return
> > > > values are currently incorrect in many NICs.  They have .can_receive()
> > > > functions that return false for conditions where .receive() would
> > > > discard the packet.  So what happens is that packets get queued when
> > > > they should actually be discarded.
> > > 
> > > Yes, but they are bugs more or less.
> > > 
> > > >
> > > > The purpose of the flow control (queuing) mechanism is to tell the
> > > > sender to hold off until the receiver has more rx buffers available.
> > > > It's a short-term thing that doesn't included link down, rx disable, or
> > > > NIC reset states.
> > > >
> > > > Therefore, I think this patch will not introduce a regression.  It is
> > > > adjusting the code to stop queuing packets when they should actually be
> > > > dropped.
> > > >
> > > > Thoughts?
> > > 
> > > I agree there's no functional issue. But it cause wasting of cpu cycles
> > > (consider guest is being flooded). Sometime it maybe even dangerous. For
> > > tap, we're probably ok since we have 756ae78b but for other backend, we
> > > don't.
> > 
> > If the guest uses iptables rules or other mechanisms to drop bogus
> > packets the cost is even higher than discarding them at the QEMU layer.
> > 
> > What's more is that if you're using link down as a DoS mitigation
> > strategy then you might as well hot unplug the NIC.
> > 
> > Stefan
> 
> 
> 
> Frankly, I don't see the point of the patch.  Is this supposed to be a
> bugfix? If so, there's should be a description about how to trigger the
> bug.  Is this an optimization? If so there should be some numbers
> showing a gain.

It's a bug fix, we are not flushing the queue when DIRVER_OK is being set or
when buffer is becoming available (the virtio_net_can_receive conditions). Not
an issue before a90a7425cf but since that the semantics is enforced.

Fam

Re: [Qemu-devel] [PATCH qemu v10 13/14] vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering)

[Alexey Kardashevskiy]

On 07/07/2015 10:29 AM, David Gibson wrote:

On Mon, Jul 06, 2015 at 10:13:07AM -0600, Alex Williamson wrote:

On Tue, 2015-07-07 at 01:34 +1000, Alexey Kardashevskiy wrote:

On 07/06/2015 11:42 PM, Alex Williamson wrote:

On Mon, 2015-07-06 at 12:11 +1000, Alexey Kardashevskiy wrote:

This makes use of the new "memory registering" feature. The idea is
to provide the userspace ability to notify the host kernel about pages
which are going to be used for DMA. Having this information, the host
kernel can pin them all once per user process, do locked pages
accounting (once) and not spent time on doing that in real time with
possible failures which cannot be handled nicely in some cases.

This adds a guest RAM memory listener which notifies a VFIO container
about memory which needs to be pinned/unpinned. VFIO MMIO regions
(i.e. "skip dump" regions) are skipped.

The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
not call it when v2 is detected and enabled.

This does not change the guest visible interface.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v9:
* since there is no more SPAPR-specific data in container::iommu_data,
the memory preregistration fields are common and potentially can be used
by other architectures

v7:
* in vfio_spapr_ram_listener_region_del(), do unref() after ioctl()
* s'ramlistener'register_listener'

v6:
* fixed commit log (s/guest/userspace/), added note about no guest visible
change
* fixed error checking if ram registration failed
* added alignment check for section->offset_within_region

v5:
* simplified the patch
* added trace points
* added round_up() for the size
* SPAPR IOMMU v2 used
---
   hw/vfio/common.c  | 109 
++
   include/hw/vfio/vfio-common.h |   3 ++
   trace-events  |   1 +
   3 files changed, 104 insertions(+), 9 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 8eacfd7..0c7ba8c 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -488,6 +488,76 @@ static void vfio_listener_release(VFIOContainer *container)
   memory_listener_unregister(&container->iommu_data.type1.listener);
   }

+static void vfio_ram_do_region(VFIOContainer *container,
+  MemoryRegionSection *section, unsigned long req)
+{
+int ret;
+struct vfio_iommu_spapr_register_memory reg = { .argsz = sizeof(reg) };


This function is not as general as the name would imply, it's spapr
specific due to this.  How about vfio_spapr_register_memory() with a
bool parameter toggling register vs unregister so we're not passing an
arbitrary ioctl number?


Ok. Although I am quite often asked not to do such a thing and rather add 2
helpers (reg/unreg, do/undo, etc) instead and reuse common bits.


I'm not a fan of functions that do the reverse process based on a bool
arg either, but I dislike them less than passing an arbitrary ioctl
number for a parameter.  The former is ugly, but the latter is difficult
to use and difficult to maintain because it would be subtle later to
spot an unsupported ioctl being passed to the function.


+
+if (!memory_region_is_ram(section->mr) ||
+memory_region_is_skip_dump(section->mr)) {
+return;
+}
+
+if (unlikely((section->offset_within_region & (getpagesize() - 1 {


s/getpagesize()/qemu_real_host_page_size/?



Oh, right, I guess it reached upstream now.



+error_report("%s received unaligned region", __func__);
+return;
+}
+
+reg.vaddr = (__u64) memory_region_get_ram_ptr(section->mr) +
+section->offset_within_region;
+reg.size = ROUND_UP(int128_get64(section->size), TARGET_PAGE_SIZE);
+
+ret = ioctl(container->fd, req, ®);
+trace_vfio_ram_register(_IOC_NR(req) - VFIO_BASE, reg.vaddr, reg.size,
+ret ? -errno : 0);
+if (!ret) {
+return;
+}
+
+/*
+ * On the initfn path, store the first error in the container so we
+ * can gracefully fail.  Runtime, there's not much we can do other
+ * than throw a hardware error.
+ */
+if (!container->iommu_data.ram_reg_initialized) {
+if (!container->iommu_data.ram_reg_error) {
+container->iommu_data.ram_reg_error = -errno;
+}
+} else {
+hw_error("vfio: RAM registering failed, unable to continue");
+}


I'd rather see:

if (ret) {
if (!container...) {
  ...
} else {
  ...
}
}

Exiting early on success and otherwise falling into error handling is a
strange code flow.


Ok... vfio_dma_map() does not follow this rule so I thought it is not that
strict :)


It would be nice to clean it up there too.


+}
+
+static void vfio_ram_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+VFIOContainer *container = container_of(listener, VFIOContainer,

Re: [Qemu-devel] [PATCH qemu v10 13/14] vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering)

[David Gibson]

On Mon, Jul 06, 2015 at 10:13:07AM -0600, Alex Williamson wrote:
> On Tue, 2015-07-07 at 01:34 +1000, Alexey Kardashevskiy wrote:
> > On 07/06/2015 11:42 PM, Alex Williamson wrote:
> > > On Mon, 2015-07-06 at 12:11 +1000, Alexey Kardashevskiy wrote:
> > >> This makes use of the new "memory registering" feature. The idea is
> > >> to provide the userspace ability to notify the host kernel about pages
> > >> which are going to be used for DMA. Having this information, the host
> > >> kernel can pin them all once per user process, do locked pages
> > >> accounting (once) and not spent time on doing that in real time with
> > >> possible failures which cannot be handled nicely in some cases.
> > >>
> > >> This adds a guest RAM memory listener which notifies a VFIO container
> > >> about memory which needs to be pinned/unpinned. VFIO MMIO regions
> > >> (i.e. "skip dump" regions) are skipped.
> > >>
> > >> The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
> > >> are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
> > >> not call it when v2 is detected and enabled.
> > >>
> > >> This does not change the guest visible interface.
> > >>
> > >> Signed-off-by: Alexey Kardashevskiy 
> > >> Reviewed-by: David Gibson 
> > >> ---
> > >> Changes:
> > >> v9:
> > >> * since there is no more SPAPR-specific data in container::iommu_data,
> > >> the memory preregistration fields are common and potentially can be used
> > >> by other architectures
> > >>
> > >> v7:
> > >> * in vfio_spapr_ram_listener_region_del(), do unref() after ioctl()
> > >> * s'ramlistener'register_listener'
> > >>
> > >> v6:
> > >> * fixed commit log (s/guest/userspace/), added note about no guest 
> > >> visible
> > >> change
> > >> * fixed error checking if ram registration failed
> > >> * added alignment check for section->offset_within_region
> > >>
> > >> v5:
> > >> * simplified the patch
> > >> * added trace points
> > >> * added round_up() for the size
> > >> * SPAPR IOMMU v2 used
> > >> ---
> > >>   hw/vfio/common.c  | 109 
> > >> ++
> > >>   include/hw/vfio/vfio-common.h |   3 ++
> > >>   trace-events  |   1 +
> > >>   3 files changed, 104 insertions(+), 9 deletions(-)
> > >>
> > >> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> > >> index 8eacfd7..0c7ba8c 100644
> > >> --- a/hw/vfio/common.c
> > >> +++ b/hw/vfio/common.c
> > >> @@ -488,6 +488,76 @@ static void vfio_listener_release(VFIOContainer 
> > >> *container)
> > >>   memory_listener_unregister(&container->iommu_data.type1.listener);
> > >>   }
> > >>
> > >> +static void vfio_ram_do_region(VFIOContainer *container,
> > >> +  MemoryRegionSection *section, unsigned 
> > >> long req)
> > >> +{
> > >> +int ret;
> > >> +struct vfio_iommu_spapr_register_memory reg = { .argsz = 
> > >> sizeof(reg) };
> > >
> > > This function is not as general as the name would imply, it's spapr
> > > specific due to this.  How about vfio_spapr_register_memory() with a
> > > bool parameter toggling register vs unregister so we're not passing an
> > > arbitrary ioctl number?
> > 
> > Ok. Although I am quite often asked not to do such a thing and rather add 2 
> > helpers (reg/unreg, do/undo, etc) instead and reuse common bits.
> 
> I'm not a fan of functions that do the reverse process based on a bool
> arg either, but I dislike them less than passing an arbitrary ioctl
> number for a parameter.  The former is ugly, but the latter is difficult
> to use and difficult to maintain because it would be subtle later to
> spot an unsupported ioctl being passed to the function.
> 
> > >> +
> > >> +if (!memory_region_is_ram(section->mr) ||
> > >> +memory_region_is_skip_dump(section->mr)) {
> > >> +return;
> > >> +}
> > >> +
> > >> +if (unlikely((section->offset_within_region & (getpagesize() - 
> > >> 1 {
> > >
> > > s/getpagesize()/qemu_real_host_page_size/?
> > 
> > 
> > Oh, right, I guess it reached upstream now.
> > 
> > 
> > >> +error_report("%s received unaligned region", __func__);
> > >> +return;
> > >> +}
> > >> +
> > >> +reg.vaddr = (__u64) memory_region_get_ram_ptr(section->mr) +
> > >> +section->offset_within_region;
> > >> +reg.size = ROUND_UP(int128_get64(section->size), TARGET_PAGE_SIZE);
> > >> +
> > >> +ret = ioctl(container->fd, req, ®);
> > >> +trace_vfio_ram_register(_IOC_NR(req) - VFIO_BASE, reg.vaddr, 
> > >> reg.size,
> > >> +ret ? -errno : 0);
> > >> +if (!ret) {
> > >> +return;
> > >> +}
> > >> +
> > >> +/*
> > >> + * On the initfn path, store the first error in the container so we
> > >> + * can gracefully fail.  Runtime, there's not much we can do other
> > >> + * than throw a hardware error.
> > >> + */
> > >> +if (!container->iommu_data.ram_reg_initialized) {
> > >> +if (!container->iommu_data.ram_reg_error

Re: [Qemu-devel] [PATCH qemu v10 03/14] spapr_pci: Convert finish_realize() to dma_capabilities_update()+dma_init_window()

[Alexey Kardashevskiy]

On 07/07/2015 02:41 AM, Laurent Vivier wrote:



On 06/07/2015 04:10, Alexey Kardashevskiy wrote:

This reworks finish_realize() which used to finalize DMA setup with
an assumption that it will not change later.

New callbacks supports various window parameters such as page and
windows sizes. The new callback return error code rather than Error**.

This is a mechanical change so no change in behaviour is expected.
This is a part of getting rid of spapr-pci-vfio-host-bridge type.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
---
Changes:
v8:
* moved spapr_phb_dma_capabilities_update() higher to avoid forward
declaration in following patches and keep DMA code together (i.e. next
to spapr_pci_dma_iommu())
---
  hw/ppc/spapr_pci.c  | 59 ++---
  hw/ppc/spapr_pci_vfio.c | 53 
  include/hw/pci-host/spapr.h |  8 +-
  3 files changed, 62 insertions(+), 58 deletions(-)

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index a8f79d8..c1ca13d 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -808,6 +808,28 @@ static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, 
PCIDevice *pdev)
  return buf;
  }

+static int spapr_phb_dma_capabilities_update(sPAPRPHBState *sphb)
+{
+sphb->dma32_window_start = 0;
+sphb->dma32_window_size = SPAPR_PCI_DMA32_SIZE;
+
+return 0;
+}
+
+static int spapr_phb_dma_init_window(sPAPRPHBState *sphb,
+ uint32_t liobn, uint32_t page_shift,
+ uint64_t window_size)
+{
+uint64_t bus_offset = sphb->dma32_window_start;
+sPAPRTCETable *tcet;
+
+tcet = spapr_tce_new_table(DEVICE(sphb), liobn, bus_offset, page_shift,
+   window_size >> page_shift,
+   false);
+
+return tcet ? 0 : -1;
+}
+
  /* Macros to operate with address in OF binding to PCI */
  #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
  #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
@@ -1220,6 +1242,7 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
  int i;
  PCIBus *bus;
  uint64_t msi_window_size = 4096;
+sPAPRTCETable *tcet;

  if (sphb->index != (uint32_t)-1) {
  hwaddr windows_base;
@@ -1369,33 +1392,18 @@ static void spapr_phb_realize(DeviceState *dev, Error 
**errp)
  }
  }

-if (!info->finish_realize) {
-error_setg(errp, "finish_realize not defined");
-return;
-}
-
-info->finish_realize(sphb, errp);
-
-sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free);
-}
-
-static void spapr_phb_finish_realize(sPAPRPHBState *sphb, Error **errp)
-{
-sPAPRTCETable *tcet;
-uint32_t nb_table;
-
-nb_table = SPAPR_PCI_DMA32_SIZE >> SPAPR_TCE_PAGE_SHIFT;
-tcet = spapr_tce_new_table(DEVICE(sphb), sphb->dma_liobn,
-   0, SPAPR_TCE_PAGE_SHIFT, nb_table, false);
+info->dma_capabilities_update(sphb);
+info->dma_init_window(sphb, sphb->dma_liobn, SPAPR_TCE_PAGE_SHIFT,
+  sphb->dma32_window_size);
+tcet = spapr_tce_find_by_liobn(sphb->dma_liobn);
  if (!tcet) {
-error_setg(errp, "Unable to create TCE table for %s",
-   sphb->dtbusname);
-return ;
+error_setg(errp, "failed to create TCE table");
+return;
  }
-
-/* Register default 32bit DMA window */
-memory_region_add_subregion(&sphb->iommu_root, 0,
+memory_region_add_subregion(&sphb->iommu_root, tcet->bus_offset,
  spapr_tce_get_iommu(tcet));
+
+sphb->msi = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free);
  }

  static int spapr_phb_children_reset(Object *child, void *opaque)
@@ -1543,9 +1551,10 @@ static void spapr_phb_class_init(ObjectClass *klass, 
void *data)
  dc->vmsd = &vmstate_spapr_pci;
  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
  dc->cannot_instantiate_with_device_add_yet = false;
-spc->finish_realize = spapr_phb_finish_realize;
  hp->plug = spapr_phb_hot_plug_child;
  hp->unplug = spapr_phb_hot_unplug_child;
+spc->dma_capabilities_update = spapr_phb_dma_capabilities_update;
+spc->dma_init_window = spapr_phb_dma_init_window;
  }

  static const TypeInfo spapr_phb_info = {
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index cca45ed..6e3e17b 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -28,48 +28,36 @@ static Property spapr_phb_vfio_properties[] = {
  DEFINE_PROP_END_OF_LIST(),
  };

-static void spapr_phb_vfio_finish_realize(sPAPRPHBState *sphb, Error **errp)
+static int spapr_phb_vfio_dma_capabilities_update(sPAPRPHBState *sphb)
  {
  sPAPRPHBVFIOState *svphb = SPAPR_PCI_VFIO_HOST_BRIDGE(sphb);
  struct vfio_iommu_spapr_tce_info info = { .argsz = sizeof(info) };
  int ret;
-sPAPRTCETable 

Re: [Qemu-devel] [PATCH COLO-BLOCK v7 00/17] Block replication for continuous checkpoints

[Michael R. Hines]

On 07/04/2015 07:46 AM, Wen Congyang wrote:

At 2015/7/3 23:30, Dr. David Alan Gilbert Wrote:

* Wen Congyang (we...@cn.fujitsu.com) wrote:

Block replication is a very important feature which is used for
continuous checkpoints(for example: COLO).

Usage:
Please refer to docs/block-replication.txt

You can get the patch here:
https://github.com/wencongyang/qemu-colo/commits/block-replication-v7

You can get ths patch with framework here:
https://github.com/wencongyang/qemu-colo/commits/colo_framework_v7.2


Hi,
   I seem to be having problems with the new listed syntax on the wiki;
on the secondary I'm getting the error

  Block format 'replication' used by device 'virtio0' doesn't support 
the option 'export'


./try/bin/qemu-system-x86_64 -enable-kvm -nographic \
  -boot c -m 4096 -smp 4 -S \
  -name debug-threads=on -trace events=trace-file \
  -netdev tap,id=hn0,script=$PWD/ifup-slave,\
downscript=no,colo_script=$PWD/qemu/scripts/colo-proxy-script.sh,colo_nicname=em4 
\

  -device e1000,mac=9c:da:4d:1c:b5:89,id=net-pci0,netdev=hn0 \
  -device virtio-rng-pci \
  -drive 
if=none,driver=raw,file=/home/localvms/bugzilla.raw,id=colo1,cache=none,aio=native 
\
  -drive 
if=virtio,driver=replication,mode=secondary,export=colo1,throttling.bps-total-max=7000,\

file.file.filename=$TMPDISKS/colo-active-disk.qcow2,\
file.driver=qcow2,\
file.backing.file.filename=$TMPDISKS/colo-hidden-disk.qcow2,\
file.backing.driver=qcow2,\
file.backing.backing.backing_reference=colo1,\
file.backing.allow-write-backing-file=on \
  -incoming tcp:0:


Sorry, the option export is removed, because we use the qmp command 
nbd-server-add to let a BB be NBD server.




Still doesn't work. The server says:

nbd.c:nbd_receive_options():L447: read failed
nbd.c:nbd_send_negotiate():L562: option negotiation failed

- Michael

Re: [Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Andreas Färber]

Am 07.07.2015 um 01:13 schrieb Andreas Färber:
> Hello Peter,
> 
> This is my QOM CPU patch queue. Please pull.
> 
> Note: For time reasons I did not give this queue as much testing as usual,
> in particular BSD and non-x86 KVM hosts were not covered.
> 
> Regards,
> Andreas
> 
> Cc: Peter Maydell 
> 
> Cc: Eduardo Habkost 
> Cc: Peter Crosthwaite 
> 
> The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:
> 
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2015-07-06 14:03:44 +0100)
> 
> are available in the git repository at:
> 
>   git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter
> 
> for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:
> 
>   disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 +0200)
> 
> 
> QOM CPUState and X86CPU
> 
> * Further QOM'ification of CPU initialization
> * Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
> * cpu_set_pc() abstraction
> * CPUClass::disas_set_info() hook
> 
> 
[...]

Self-nack, hurry is never good:

  /aarch64/qom/xlnx-ep108:
qemu-system-aarch64: Trying to use more CPUs than allowed max of 1
Broken pipe
FAIL

Peter C., any ideas why this is regressing?

Sorry,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton; HRB
21284 (AG Nürnberg)

Re: [Qemu-devel] [PATCH 02/10 v11] linux-user: Support tilegx architecture in linux-user

[Chris Metcalf]

I will be posting more hardware documents on Wednesday when I'm back in the 
office.



> On Jun 4, 2015, at 5:33 AM, Chen Gang  wrote:
> 
>> On 06/03/2015 11:47 PM, Richard Henderson wrote:
>>> On 06/03/2015 05:34 AM, Peter Maydell wrote:
>>> You must do something. You can't allow guest code (even
>>> broken guest code) to make QEMU assert. You need to find
>>> out what the hardware does here, and do that.
>> 
>> These are I/O registers for IPC.
>> 
>> I believe that the best thing to do is assume protection
>> is enabled at the "kernel" level, and thus raise the
>> appropriate exception: SN_ACCESS, IDN_ACCESS, UDN_ACCESS.
>> 
> 
> OK, thanks
> 
>> That said, I don't have the system architecture manual
>> handy to check the full details.
> 
> Fortunately, Chris knows more about it, and provide more valuable
> details for it.
> 
> And welcome any members to provide related pdf documents, if possible.
> 
> 
> Thanks.
> -- 
> Chen Gang
> 
> Open, share, and attitude like air, water, and life which God blessed

[Qemu-devel] [PULL 21/22] disas: cris: Fix 0 buffer length case

[Andreas Färber]

From: Peter Crosthwaite 

Cris has the complication of variable length instructions and has
a check in place to clamp memory reads in case the disas request
doesn't have enough bytes for the instruction being disas'd. This
breaks down in the case where disassembling for the monitor where
the buffer length is defaulted to 0.

The buffer length should never be zero for a regular target_disas,
so we can safely assume the 0 case is for the monitor in which case
consider the buffer length to be the max for cris instructions.

Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas/cris.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/disas/cris.c b/disas/cris.c
index e6cff7a..1b76a09 100644
--- a/disas/cris.c
+++ b/disas/cris.c
@@ -2575,9 +2575,9 @@ print_insn_cris_generic (bfd_vma memaddr,
  If we can't get any data, or we do not get enough data, we print
  the error message.  */
 
-  nbytes = info->buffer_length;
-  if (nbytes > MAX_BYTES_PER_CRIS_INSN)
- nbytes = MAX_BYTES_PER_CRIS_INSN;
+  nbytes = info->buffer_length ? info->buffer_length
+   : MAX_BYTES_PER_CRIS_INSN;
+  nbytes = MIN(nbytes, MAX_BYTES_PER_CRIS_INSN);
   status = (*info->read_memory_func) (memaddr, buffer, nbytes, info);  
 
   /* If we did not get all we asked for, then clear the rest.
-- 
2.1.4

[Qemu-devel] [PULL 19/22] disas: arm: QOMify target specific disas setup

[Andreas Färber]

From: Peter Crosthwaite 

Move the target_disas() ARM specifics to the QOM disas_set_info hook
and delete the ARM specific code in disas.c.

This has the extra advantage of the more fully featured target_disas()
implementation now applying to monitor_disas().

Currently, target_disas() has multi-endian, thumb and AArch64
support whereas the existing monitor_disas() support only has vanilla
AA32 support.

E.G. Running an AA64 linux kernel the following -d in_asm disas happens
(taget_disas()):

IN:
0x4000:  58c0  ldr x0, pc+24 (addr 0x4018)
0x4004:  aa1f03e1  mov x1, xzr

However before this patch, disasing the same from the monitor:

(qemu) xp/i 0x4000
0x4000:  58c0  stmdapl  r0, {r6, r7}

After this patch:
(qemu) xp/i 0x4000
0x4000:  58c0  ldr x0, pc+24 (addr 0x4018)

Reviewed-by: Peter Maydell 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas.c  | 32 
 target-arm/cpu.c | 35 +++
 2 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/disas.c b/disas.c
index ff5425d..fde5029 100644
--- a/disas.c
+++ b/disas.c
@@ -151,14 +151,6 @@ bfd_vma bfd_getb16 (const bfd_byte *addr)
   return (bfd_vma) v;
 }
 
-#ifdef TARGET_ARM
-static int
-print_insn_thumb1(bfd_vma pc, disassemble_info *info)
-{
-  return print_insn_arm(pc | 1, info);
-}
-#endif
-
 static int print_insn_objdump(bfd_vma pc, disassemble_info *info,
   const char *prefix)
 {
@@ -191,7 +183,6 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 /* Disassemble this for me please... (debugging). 'flags' has the following
values:
 i386 - 1 means 16 bit code, 2 means 64 bit code
-arm  - bit 0 = thumb, bit 1 = reverse endian, bit 2 = A64
 ppc  - bits 0:15 specify (optionally) the machine instruction set;
bit 16 indicates little endian.
 other targets - unused
@@ -231,27 +222,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 s.info.mach = bfd_mach_i386_i386;
 }
 s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_ARM)
-if (flags & 4) {
-/* We might not be compiled with the A64 disassembler
- * because it needs a C++ compiler; in that case we will
- * fall through to the default print_insn_od case.
- */
-#if defined(CONFIG_ARM_A64_DIS)
-s.info.print_insn = print_insn_arm_a64;
-#endif
-} else if (flags & 1) {
-s.info.print_insn = print_insn_thumb1;
-} else {
-s.info.print_insn = print_insn_arm;
-}
-if (flags & 2) {
-#ifdef TARGET_WORDS_BIGENDIAN
-s.info.endian = BFD_ENDIAN_LITTLE;
-#else
-s.info.endian = BFD_ENDIAN_BIG;
-#endif
-}
 #elif defined(TARGET_SPARC)
 s.info.print_insn = print_insn_sparc;
 #ifdef TARGET_SPARC64
@@ -488,8 +458,6 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 s.info.mach = bfd_mach_i386_i386;
 }
 s.info.print_insn = print_insn_i386;
-#elif defined(TARGET_ARM)
-s.info.print_insn = print_insn_arm;
 #elif defined(TARGET_ALPHA)
 s.info.print_insn = print_insn_alpha;
 #elif defined(TARGET_SPARC)
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 5a8cdb5..8b4323d 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -382,6 +382,39 @@ static inline void unset_feature(CPUARMState *env, int 
feature)
 env->features &= ~(1ULL << feature);
 }
 
+static int
+print_insn_thumb1(bfd_vma pc, disassemble_info *info)
+{
+  return print_insn_arm(pc | 1, info);
+}
+
+static void arm_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+ARMCPU *ac = ARM_CPU(cpu);
+CPUARMState *env = &ac->env;
+
+if (is_a64(env)) {
+/* We might not be compiled with the A64 disassembler
+ * because it needs a C++ compiler. Leave print_insn
+ * unset in this case to use the caller default behaviour.
+ */
+#if defined(CONFIG_ARM_A64_DIS)
+info->print_insn = print_insn_arm_a64;
+#endif
+} else if (env->thumb) {
+info->print_insn = print_insn_thumb1;
+} else {
+info->print_insn = print_insn_arm;
+}
+if (env->bswap_code) {
+#ifdef TARGET_WORDS_BIGENDIAN
+info->endian = BFD_ENDIAN_LITTLE;
+#else
+info->endian = BFD_ENDIAN_BIG;
+#endif
+}
+}
+
 #define ARM_CPUS_PER_CLUSTER 8
 
 static void arm_cpu_initfn(Object *obj)
@@ -1368,6 +1401,8 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->gdb_core_xml_file = "arm-core.xml";
 cc->gdb_stop_before_watchpoint = true;
 cc->debug_excp_handler = arm_debug_excp_handler;
+
+cc->disas_set_info = arm_disas_set_info;
 }
 
 static void cpu_register(const ARMCPUInfo *info)
-- 
2.1.4

[Qemu-devel] [PULL 10/22] cpu: Change cpu_exec_init() arg to cpu, not env

[Andreas Färber]

From: Peter Crosthwaite 

The callers (most of them in target-foo/cpu.c) to this function all
have the cpu pointer handy. Just pass it to avoid an ENV_GET_CPU() from
core code (in exec.c).

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Peter Maydell 
Cc: "Edgar E. Iglesias" 
Cc: Eduardo Habkost 
Cc: Michael Walle 
Cc: Leon Alrae 
Cc: Anthony Green 
Cc: Jia Liu 
Cc: Alexander Graf 
Cc: Blue Swirl 
Cc: Mark Cave-Ayland 
Cc: Bastian Koppelmann 
Cc: Guan Xuetao 
Cc: Max Filippov 
Reviewed-by: Andreas Färber 
Reviewed-by: Aurelien Jarno 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 exec.c  | 5 ++---
 include/exec/exec-all.h | 2 +-
 target-alpha/cpu.c  | 2 +-
 target-arm/cpu.c| 2 +-
 target-cris/cpu.c   | 2 +-
 target-i386/cpu.c   | 2 +-
 target-lm32/cpu.c   | 2 +-
 target-m68k/cpu.c   | 2 +-
 target-microblaze/cpu.c | 2 +-
 target-mips/cpu.c   | 2 +-
 target-moxie/cpu.c  | 2 +-
 target-openrisc/cpu.c   | 2 +-
 target-ppc/translate_init.c | 2 +-
 target-s390x/cpu.c  | 2 +-
 target-sh4/cpu.c| 2 +-
 target-sparc/cpu.c  | 2 +-
 target-tricore/cpu.c| 2 +-
 target-unicore32/cpu.c  | 2 +-
 target-xtensa/cpu.c | 2 +-
 19 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/exec.c b/exec.c
index a33d9b2..7cc9f50 100644
--- a/exec.c
+++ b/exec.c
@@ -571,9 +571,8 @@ void cpu_exec_exit(CPUState *cpu)
 }
 #endif
 
-void cpu_exec_init(CPUArchState *env, Error **errp)
+void cpu_exec_init(CPUState *cpu, Error **errp)
 {
-CPUState *cpu = ENV_GET_CPU(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
 int cpu_index;
 Error *local_err = NULL;
@@ -601,7 +600,7 @@ void cpu_exec_init(CPUArchState *env, Error **errp)
 }
 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
-cpu_save, cpu_load, env);
+cpu_save, cpu_load, cpu->env_ptr);
 assert(cc->vmsd == NULL);
 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 5a73bcb..05c6185 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -88,7 +88,7 @@ void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t 
retaddr);
 TranslationBlock *tb_gen_code(CPUState *cpu,
   target_ulong pc, target_ulong cs_base, int flags,
   int cflags);
-void cpu_exec_init(CPUArchState *env, Error **errp);
+void cpu_exec_init(CPUState *cpu, Error **errp);
 void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
 
 #if !defined(CONFIG_USER_ONLY)
diff --git a/target-alpha/cpu.c b/target-alpha/cpu.c
index e865ba7..421d7e5 100644
--- a/target-alpha/cpu.c
+++ b/target-alpha/cpu.c
@@ -257,7 +257,7 @@ static void alpha_cpu_initfn(Object *obj)
 CPUAlphaState *env = &cpu->env;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
+cpu_exec_init(cs, &error_abort);
 tlb_flush(cs, 1);
 
 alpha_translate_init();
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 1c40cc0..5a8cdb5 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -392,7 +392,7 @@ static void arm_cpu_initfn(Object *obj)
 uint32_t Aff1, Aff0;
 
 cs->env_ptr = &cpu->env;
-cpu_exec_init(&cpu->env, &error_abort);
+cpu_exec_init(cs, &error_abort);
 cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
  g_free, g_free);
 
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index bb8e7ea..0db209b 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -170,7 +170,7 @@ static void cris_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
+cpu_exec_init(cs, &error_abort);
 
 env->pregs[PR_VR] = ccc->vr;
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 433f38b..a35b045 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -3007,7 +3007,7 @@ static void x86_cpu_initfn(Object *obj)
 static int inited;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
+cpu_exec_init(cs, &error_abort);
 
 object_property_add(obj, "family", "int",
 x86_cpuid_version_get_family,
diff --git a/target-lm32/cpu.c b/target-lm32/cpu.c
index da4fde1..c2b77c6 100644
--- a/target-lm32/cpu.c
+++ b/target-lm32/cpu.c
@@ -151,7 +151,7 @@ static void lm32_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
+cpu_exec_init(cs, &error_abort);
 
 env->flags = 0;
 
diff --git a/target-m68k/cpu.c b/target-m68k/cpu.c
index ae3d765..4f246da 100644
--- a/target-m68k/cpu.c
+++ b/target-m68k/cpu.c
@@ -168,7 +168,7 @@ static void m68k_cpu_initfn(Object *obj)
 static bool inited;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
+c

[Qemu-devel] [PULL 14/22] hw/arm/boot: Use cpu_set_pc()

[Andreas Färber]

From: Peter Crosthwaite 

Use cpu_set_pc() across the board for setting program counters. This
removes instances of system level code having to reach into the CPU
env.

Reviewed-by: Peter Maydell 
Reviewed-by: Andreas Färber 
Signed-off-by: Peter Crosthwaite 
[AF: Avoid repeated casts with local variables]
Signed-off-by: Andreas Färber 
---
 hw/arm/boot.c | 24 +++-
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 1e7fd28..f48ed2d 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -168,11 +168,11 @@ static void default_write_secondary(ARMCPU *cpu,
 static void default_reset_secondary(ARMCPU *cpu,
 const struct arm_boot_info *info)
 {
-CPUARMState *env = &cpu->env;
+CPUState *cs = CPU(cpu);
 
 address_space_stl_notdirty(&address_space_memory, info->smp_bootreg_addr,
0, MEMTXATTRS_UNSPECIFIED, NULL);
-env->regs[15] = info->smp_loader_start;
+cpu_set_pc(cs, info->smp_loader_start);
 }
 
 static inline bool have_dtb(const struct arm_boot_info *info)
@@ -445,19 +445,21 @@ fail:
 static void do_cpu_reset(void *opaque)
 {
 ARMCPU *cpu = opaque;
+CPUState *cs = CPU(cpu);
 CPUARMState *env = &cpu->env;
 const struct arm_boot_info *info = env->boot_info;
 
-cpu_reset(CPU(cpu));
+cpu_reset(cs);
 if (info) {
 if (!info->is_linux) {
 /* Jump to the entry point.  */
-if (env->aarch64) {
-env->pc = info->entry;
-} else {
-env->regs[15] = info->entry & 0xfffe;
+uint64_t entry = info->entry;
+
+if (!env->aarch64) {
 env->thumb = info->entry & 1;
+entry &= 0xfffe;
 }
+cpu_set_pc(cs, entry);
 } else {
 /* If we are booting Linux then we need to check whether we are
  * booting into secure or non-secure state and adjust the state
@@ -487,12 +489,8 @@ static void do_cpu_reset(void *opaque)
 }
 }
 
-if (CPU(cpu) == first_cpu) {
-if (env->aarch64) {
-env->pc = info->loader_start;
-} else {
-env->regs[15] = info->loader_start;
-}
+if (cs == first_cpu) {
+cpu_set_pc(cs, info->loader_start);
 
 if (!have_dtb(info)) {
 if (old_param) {
-- 
2.1.4

[Qemu-devel] [PULL 22/22] disas: cris: QOMify target specific disas setup

[Andreas Färber]

From: Peter Crosthwaite 

Move the target_disas() cris specifics to the QOM disas_set_info() hook
and delete the cris specific code in disas.c.

This also now adds support for monitor_disas() to cris.

E.g.
(qemu) xp 0x40004000
40004000: 0x1e6f25f0

And before this patch:
(qemu) xp/i 0x40004000
0x40004000: Asm output not supported on this arch

After:
(qemu) xp/i 0x40004000
0x40004000:  di
(qemu) xp/i 0x40004002
0x40004002:  move.d 0xb003c004,$r1

Note: second example is 6-byte misaligned instruction!

Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas.c   |  8 
 target-cris/cpu.c | 16 
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/disas.c b/disas.c
index 937e08b..69a6066 100644
--- a/disas.c
+++ b/disas.c
@@ -257,14 +257,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #elif defined(TARGET_ALPHA)
 s.info.mach = bfd_mach_alpha_ev6;
 s.info.print_insn = print_insn_alpha;
-#elif defined(TARGET_CRIS)
-if (flags != 32) {
-s.info.mach = bfd_mach_cris_v0_v10;
-s.info.print_insn = print_insn_crisv10;
-} else {
-s.info.mach = bfd_mach_cris_v32;
-s.info.print_insn = print_insn_crisv32;
-}
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
 s.info.print_insn = print_insn_s390;
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index 0db209b..b17e849 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -161,6 +161,20 @@ static void cris_cpu_set_irq(void *opaque, int irq, int 
level)
 }
 #endif
 
+static void cris_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+CRISCPU *cc = CRIS_CPU(cpu);
+CPUCRISState *env = &cc->env;
+
+if (env->pregs[PR_VR] != 32) {
+info->mach = bfd_mach_cris_v0_v10;
+info->print_insn = print_insn_crisv10;
+} else {
+info->mach = bfd_mach_cris_v32;
+info->print_insn = print_insn_crisv32;
+}
+}
+
 static void cris_cpu_initfn(Object *obj)
 {
 CPUState *cs = CPU(obj);
@@ -292,6 +306,8 @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
 
 cc->gdb_num_core_regs = 49;
 cc->gdb_stop_before_watchpoint = true;
+
+cc->disas_set_info = cris_disas_set_info;
 }
 
 static const TypeInfo cris_cpu_type_info = {
-- 
2.1.4

[Qemu-devel] [PULL 08/22] gdbstub: Change gdbserver_fork() to accept cpu instead of env

[Andreas Färber]

From: Peter Crosthwaite 

All callsites to this function navigate the cpu->env_ptr only for the
function to take the env ptr back to the original cpu ptr. Change the
function to just pass in the CPU pointer instead. Removes a core code
usage of ENV_GET_CPU() (in gdbstub.c).

Cc: Riku Voipio 
Reviewed-by: Andreas Färber 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 bsd-user/main.c| 2 +-
 gdbstub.c  | 3 +--
 include/exec/gdbstub.h | 2 +-
 linux-user/main.c  | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/bsd-user/main.c b/bsd-user/main.c
index ba0b998..45a1436 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -92,7 +92,7 @@ void fork_start(void)
 void fork_end(int child)
 {
 if (child) {
-gdbserver_fork((CPUArchState *)thread_cpu->env_ptr);
+gdbserver_fork(thread_cpu);
 }
 }
 
diff --git a/gdbstub.c b/gdbstub.c
index 0fa8dd8..aa5ba51 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1629,9 +1629,8 @@ int gdbserver_start(int port)
 }
 
 /* Disable gdb stub for child processes.  */
-void gdbserver_fork(CPUArchState *env)
+void gdbserver_fork(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env);
 GDBState *s = gdbserver_state;
 
 if (gdbserver_fd < 0 || s->fd < 0) {
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index a608a26..05f57c2 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -22,7 +22,7 @@ void gdb_exit(CPUArchState *, int);
 int gdb_queuesig (void);
 int gdb_handlesig(CPUState *, int);
 void gdb_signalled(CPUArchState *, int);
-void gdbserver_fork(CPUArchState *);
+void gdbserver_fork(CPUState *);
 #endif
 /* Get or set a register.  Returns the size of the register.  */
 typedef int (*gdb_reg_cb)(CPUArchState *env, uint8_t *buf, int reg);
diff --git a/linux-user/main.c b/linux-user/main.c
index c855bcc..12b18d0 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -130,7 +130,7 @@ void fork_end(int child)
 pthread_cond_init(&exclusive_cond, NULL);
 pthread_cond_init(&exclusive_resume, NULL);
 pthread_mutex_init(&tcg_ctx.tb_ctx.tb_lock, NULL);
-gdbserver_fork((CPUArchState *)thread_cpu->env_ptr);
+gdbserver_fork(thread_cpu);
 } else {
 pthread_mutex_unlock(&exclusive_lock);
 pthread_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
-- 
2.1.4

[Qemu-devel] [PULL 11/22] cpu-exec: Purge all uses of ENV_GET_CPU()

[Andreas Färber]

From: Peter Crosthwaite 

Remove un-needed usages of ENV_GET_CPU() by converting the APIs to use
CPUState pointers and retrieving the env_ptr as minimally needed.

Scripted conversion for target-* change:

for I in target-*/cpu.h; do
sed -i \
's/\(^int cpu_[^_]*_exec(\)[^ ][^ ]* \*s);$/\1CPUState *cpu);/' \
$I;
done

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 bsd-user/main.c |  4 +++-
 cpu-exec.c  | 28 +---
 cpus.c  |  3 +--
 linux-user/main.c   | 28 ++--
 target-alpha/cpu.h  |  2 +-
 target-arm/cpu.h|  2 +-
 target-cris/cpu.h   |  2 +-
 target-i386/cpu.h   |  2 +-
 target-lm32/cpu.h   |  2 +-
 target-m68k/cpu.h   |  2 +-
 target-microblaze/cpu.h |  2 +-
 target-mips/cpu.h   |  2 +-
 target-moxie/cpu.h  |  2 +-
 target-openrisc/cpu.h   |  2 +-
 target-ppc/cpu.h|  2 +-
 target-s390x/cpu.h  |  2 +-
 target-sh4/cpu.h|  2 +-
 target-sparc/cpu.h  |  2 +-
 target-tricore/cpu.h|  2 +-
 target-unicore32/cpu.h  |  3 ++-
 target-xtensa/cpu.h |  2 +-
 21 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/bsd-user/main.c b/bsd-user/main.c
index 45a1436..f46728b 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -166,6 +166,8 @@ static void set_idt(int n, unsigned int dpl)
 
 void cpu_loop(CPUX86State *env)
 {
+X86CPU *cpu = x86_env_get_cpu(env);
+CPUState *cs = CPU(cpu);
 int trapnr;
 abi_ulong pc;
 //target_siginfo_t info;
@@ -512,7 +514,7 @@ void cpu_loop(CPUSPARCState *env)
 //target_siginfo_t info;
 
 while (1) {
-trapnr = cpu_sparc_exec (env);
+trapnr = cpu_sparc_exec(cs);
 
 switch (trapnr) {
 #ifndef TARGET_SPARC64
diff --git a/cpu-exec.c b/cpu-exec.c
index b2724c1..75694f3 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -227,10 +227,9 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, 
uint8_t *tb_ptr)
 
 /* Execute the code without caching the generated code. An interpreter
could be used if available. */
-static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
+static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
  TranslationBlock *orig_tb)
 {
-CPUState *cpu = ENV_GET_CPU(env);
 TranslationBlock *tb;
 target_ulong pc = orig_tb->pc;
 target_ulong cs_base = orig_tb->cs_base;
@@ -254,12 +253,12 @@ static void cpu_exec_nocache(CPUArchState *env, int 
max_cycles,
 tb_free(tb);
 }
 
-static TranslationBlock *tb_find_slow(CPUArchState *env,
+static TranslationBlock *tb_find_slow(CPUState *cpu,
   target_ulong pc,
   target_ulong cs_base,
   uint64_t flags)
 {
-CPUState *cpu = ENV_GET_CPU(env);
+CPUArchState *env = (CPUArchState *)cpu->env_ptr;
 TranslationBlock *tb, **ptb1;
 unsigned int h;
 tb_page_addr_t phys_pc, phys_page1;
@@ -311,9 +310,9 @@ static TranslationBlock *tb_find_slow(CPUArchState *env,
 return tb;
 }
 
-static inline TranslationBlock *tb_find_fast(CPUArchState *env)
+static inline TranslationBlock *tb_find_fast(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env);
+CPUArchState *env = (CPUArchState *)cpu->env_ptr;
 TranslationBlock *tb;
 target_ulong cs_base, pc;
 int flags;
@@ -325,14 +324,13 @@ static inline TranslationBlock *tb_find_fast(CPUArchState 
*env)
 tb = cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
  tb->flags != flags)) {
-tb = tb_find_slow(env, pc, cs_base, flags);
+tb = tb_find_slow(cpu, pc, cs_base, flags);
 }
 return tb;
 }
 
-static void cpu_handle_debug_exception(CPUArchState *env)
+static void cpu_handle_debug_exception(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
 CPUWatchpoint *wp;
 
@@ -349,12 +347,12 @@ static void cpu_handle_debug_exception(CPUArchState *env)
 
 volatile sig_atomic_t exit_request;
 
-int cpu_exec(CPUArchState *env)
+int cpu_exec(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
 #ifdef TARGET_I386
 X86CPU *x86_cpu = X86_CPU(cpu);
+CPUArchState *env = &x86_cpu->env;
 #endif
 int ret, interrupt_request;
 TranslationBlock *tb;
@@ -407,7 +405,7 @@ int cpu_exec(CPUArchState *env)
 /* exit request from the cpu execution loop */
 ret = cpu->exception_index;
 if (ret == EXCP_DEBUG) {
-cpu_handle_debug_exception(env);
+cpu_handle_debug_exception(cpu);
 }
 cpu->exception_index = -1;
 break;
@@ -483,7 +481,7 @@ int cpu_exec(CPUArchState *env)
 }
 spin_lock(&tcg_ctx.tb

[Qemu-devel] [PULL 17/22] disas: QOMify target specific setup

[Andreas Färber]

From: Peter Crosthwaite 

Add a QOM function hook for target-specific disassembly setup. This
allows removal of the #ifdeffery currently implementing target specific
disas setup from disas.c.

Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas.c   | 22 ++
 include/qom/cpu.h |  4 
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/disas.c b/disas.c
index 363c3bf..ff5425d 100644
--- a/disas.c
+++ b/disas.c
@@ -1,5 +1,6 @@
 /* General "disassemble this chunk" code.  Used for debugging. */
 #include "config.h"
+#include "qemu-common.h"
 #include "disas/bfd.h"
 #include "elf.h"
 #include 
@@ -198,6 +199,7 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
   target_ulong size, int flags)
 {
+CPUClass *cc = CPU_GET_CLASS(cpu);
 target_ulong pc;
 int count;
 CPUDebug s;
@@ -215,6 +217,11 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #else
 s.info.endian = BFD_ENDIAN_LITTLE;
 #endif
+
+if (cc->disas_set_info) {
+cc->disas_set_info(cpu, &s.info);
+}
+
 #if defined(TARGET_I386)
 if (flags == 2) {
 s.info.mach = bfd_mach_x86_64;
@@ -449,6 +456,7 @@ monitor_fprintf(FILE *stream, const char *fmt, ...)
 void monitor_disas(Monitor *mon, CPUState *cpu,
target_ulong pc, int nb_insn, int is_physical, int flags)
 {
+CPUClass *cc = CPU_GET_CLASS(cpu);
 int count, i;
 CPUDebug s;
 
@@ -466,6 +474,11 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 #else
 s.info.endian = BFD_ENDIAN_LITTLE;
 #endif
+
+if (cc->disas_set_info) {
+cc->disas_set_info(cpu, &s.info);
+}
+
 #if defined(TARGET_I386)
 if (flags == 2) {
 s.info.mach = bfd_mach_x86_64;
@@ -519,11 +532,12 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
 s.info.print_insn = print_insn_lm32;
-#else
-monitor_printf(mon, "0x" TARGET_FMT_lx
-   ": Asm output not supported on this arch\n", pc);
-return;
 #endif
+if (!s.info.print_insn) {
+monitor_printf(mon, "0x" TARGET_FMT_lx
+   ": Asm output not supported on this arch\n", pc);
+return;
+}
 
 for(i = 0; i < nb_insn; i++) {
monitor_printf(mon, "0x" TARGET_FMT_lx ":  ", pc);
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 5db1ea3..8016724 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -23,6 +23,7 @@
 #include 
 #include 
 #include "hw/qdev-core.h"
+#include "disas/bfd.h"
 #include "exec/hwaddr.h"
 #include "exec/memattrs.h"
 #include "qemu/queue.h"
@@ -117,6 +118,7 @@ struct TranslationBlock;
  * @cpu_exec_enter: Callback for cpu_exec preparation.
  * @cpu_exec_exit: Callback for cpu_exec cleanup.
  * @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec.
+ * @disas_set_info: Setup architecture specific components of disassembly info
  *
  * Represents a CPU family or model.
  */
@@ -172,6 +174,8 @@ typedef struct CPUClass {
 void (*cpu_exec_enter)(CPUState *cpu);
 void (*cpu_exec_exit)(CPUState *cpu);
 bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
+
+void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
 } CPUClass;
 
 #ifdef HOST_WORDS_BIGENDIAN
-- 
2.1.4

[Qemu-devel] [PULL 09/22] cpu: Change tcg_cpu_exec() arg to cpu, not env

[Andreas Färber]

From: Peter Crosthwaite 

The sole caller of this function navigates the cpu->env_ptr only for
this function to take it back the cpu pointer straight away. Pass in
cpu pointer instead and grab the env pointer locally in the function.
Removes a core code usage of ENV_GET_CPU().

Reviewed-by: Andreas Färber 
Reviewed-by: Eduardo Habkost 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 cpus.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/cpus.c b/cpus.c
index f547aeb..24cac2e 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1357,9 +1357,9 @@ int vm_stop_force_state(RunState state)
 }
 }
 
-static int tcg_cpu_exec(CPUArchState *env)
+static int tcg_cpu_exec(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env);
+CPUArchState *env = cpu->env_ptr;
 int ret;
 #ifdef CONFIG_PROFILER
 int64_t ti;
@@ -1421,13 +1421,12 @@ static void tcg_exec_all(void)
 }
 for (; next_cpu != NULL && !exit_request; next_cpu = CPU_NEXT(next_cpu)) {
 CPUState *cpu = next_cpu;
-CPUArchState *env = cpu->env_ptr;
 
 qemu_clock_enable(QEMU_CLOCK_VIRTUAL,
   (cpu->singlestep_enabled & SSTEP_NOTIMER) == 0);
 
 if (cpu_can_run(cpu)) {
-r = tcg_cpu_exec(env);
+r = tcg_cpu_exec(cpu);
 if (r == EXCP_DEBUG) {
 cpu_handle_guest_debug(cpu);
 break;
-- 
2.1.4

[Qemu-devel] [PULL 16/22] disas: Add print_insn to disassemble info

[Andreas Färber]

From: Peter Crosthwaite 

Add the print_insn pointer to the disassemble info structure. This is
to prepare for QOMification support, where a QOM CPU hook function will
be responsible for setting the print_insn() function. Add this function
to the existing struct to consolidate such that only the one struct
needs to be passed to the new QOM API.

Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas.c | 68 ++---
 include/disas/bfd.h |  6 +
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/disas.c b/disas.c
index 576c6a4..363c3bf 100644
--- a/disas.c
+++ b/disas.c
@@ -201,7 +201,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 target_ulong pc;
 int count;
 CPUDebug s;
-int (*print_insn)(bfd_vma pc, disassemble_info *info) = NULL;
 
 INIT_DISASSEMBLE_INFO(s.info, out, fprintf);
 
@@ -224,7 +223,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 } else {
 s.info.mach = bfd_mach_i386_i386;
 }
-print_insn = print_insn_i386;
+s.info.print_insn = print_insn_i386;
 #elif defined(TARGET_ARM)
 if (flags & 4) {
 /* We might not be compiled with the A64 disassembler
@@ -232,12 +231,12 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
  * fall through to the default print_insn_od case.
  */
 #if defined(CONFIG_ARM_A64_DIS)
-print_insn = print_insn_arm_a64;
+s.info.print_insn = print_insn_arm_a64;
 #endif
 } else if (flags & 1) {
-print_insn = print_insn_thumb1;
+s.info.print_insn = print_insn_thumb1;
 } else {
-print_insn = print_insn_arm;
+s.info.print_insn = print_insn_arm;
 }
 if (flags & 2) {
 #ifdef TARGET_WORDS_BIGENDIAN
@@ -247,7 +246,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #endif
 }
 #elif defined(TARGET_SPARC)
-print_insn = print_insn_sparc;
+s.info.print_insn = print_insn_sparc;
 #ifdef TARGET_SPARC64
 s.info.mach = bfd_mach_sparc_v9b;
 #endif
@@ -266,49 +265,49 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #endif
 }
 s.info.disassembler_options = (char *)"any";
-print_insn = print_insn_ppc;
+s.info.print_insn = print_insn_ppc;
 #elif defined(TARGET_M68K)
-print_insn = print_insn_m68k;
+s.info.print_insn = print_insn_m68k;
 #elif defined(TARGET_MIPS)
 #ifdef TARGET_WORDS_BIGENDIAN
-print_insn = print_insn_big_mips;
+s.info.print_insn = print_insn_big_mips;
 #else
-print_insn = print_insn_little_mips;
+s.info.print_insn = print_insn_little_mips;
 #endif
 #elif defined(TARGET_SH4)
 s.info.mach = bfd_mach_sh4;
-print_insn = print_insn_sh;
+s.info.print_insn = print_insn_sh;
 #elif defined(TARGET_ALPHA)
 s.info.mach = bfd_mach_alpha_ev6;
-print_insn = print_insn_alpha;
+s.info.print_insn = print_insn_alpha;
 #elif defined(TARGET_CRIS)
 if (flags != 32) {
 s.info.mach = bfd_mach_cris_v0_v10;
-print_insn = print_insn_crisv10;
+s.info.print_insn = print_insn_crisv10;
 } else {
 s.info.mach = bfd_mach_cris_v32;
-print_insn = print_insn_crisv32;
+s.info.print_insn = print_insn_crisv32;
 }
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
-print_insn = print_insn_s390;
+s.info.print_insn = print_insn_s390;
 #elif defined(TARGET_MICROBLAZE)
 s.info.mach = bfd_arch_microblaze;
-print_insn = print_insn_microblaze;
+s.info.print_insn = print_insn_microblaze;
 #elif defined(TARGET_MOXIE)
 s.info.mach = bfd_arch_moxie;
-print_insn = print_insn_moxie;
+s.info.print_insn = print_insn_moxie;
 #elif defined(TARGET_LM32)
 s.info.mach = bfd_mach_lm32;
-print_insn = print_insn_lm32;
+s.info.print_insn = print_insn_lm32;
 #endif
-if (print_insn == NULL) {
-print_insn = print_insn_od_target;
+if (s.info.print_insn == NULL) {
+s.info.print_insn = print_insn_od_target;
 }
 
 for (pc = code; size > 0; pc += count, size -= count) {
fprintf(out, "0x" TARGET_FMT_lx ":  ", pc);
-   count = print_insn(pc, &s.info);
+   count = s.info.print_insn(pc, &s.info);
 #if 0
 {
 int i;
@@ -452,7 +451,6 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 {
 int count, i;
 CPUDebug s;
-int (*print_insn)(bfd_vma pc, disassemble_info *info);
 
 INIT_DISASSEMBLE_INFO(s.info, (FILE *)mon, monitor_fprintf);
 
@@ -476,13 +474,13 @@ void monitor_disas(Monitor *mon, CPUState *cpu,
 } else {
 s.info.mach = bfd_mach_i386_i386;
 }
-print_insn = print_insn_i386;
+s.info.print_insn = print_insn_i386;
 #elif defined(TARGET_ARM)
-print_insn = print_insn_arm;
+s.info.print_insn = print_insn_arm;
 #elif defined(TARGET_ALPHA)
-print_insn = print_insn_alpha;
+s.info.print_insn = prin

[Qemu-devel] [PULL 20/22] disas: microblaze: QOMify target specific disas setup

[Andreas Färber]

From: Peter Crosthwaite 

Move the target_disas() MB specifics to the QOM disas_set_info hook
and delete the MB specific code in disas.c.

This also now adds support for monitor_disas() to Microblaze.

E.g.
(qemu) xp 0x9000
9000: 0x94208001

And before this patch:
(qemu) xp/i 0x9000
0x9000: Asm output not supported on this arch

After:
(qemu) xp/i 0x9000
0x9000:  mfsr1, rmsr

Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas.c | 3 ---
 target-microblaze/cpu.c | 8 
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/disas.c b/disas.c
index fde5029..937e08b 100644
--- a/disas.c
+++ b/disas.c
@@ -268,9 +268,6 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 #elif defined(TARGET_S390X)
 s.info.mach = bfd_mach_s390_64;
 s.info.print_insn = print_insn_s390;
-#elif defined(TARGET_MICROBLAZE)
-s.info.mach = bfd_arch_microblaze;
-s.info.print_insn = print_insn_microblaze;
 #elif defined(TARGET_MOXIE)
 s.info.mach = bfd_arch_moxie;
 s.info.print_insn = print_insn_moxie;
diff --git a/target-microblaze/cpu.c b/target-microblaze/cpu.c
index 128d032..9ac509a 100644
--- a/target-microblaze/cpu.c
+++ b/target-microblaze/cpu.c
@@ -119,6 +119,12 @@ static void mb_cpu_reset(CPUState *s)
 #endif
 }
 
+static void mb_disas_set_info(CPUState *cpu, disassemble_info *info)
+{
+info->mach = bfd_arch_microblaze;
+info->print_insn = print_insn_microblaze;
+}
+
 static void mb_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -256,6 +262,8 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 dc->vmsd = &vmstate_mb_cpu;
 dc->props = mb_properties;
 cc->gdb_num_core_regs = 32 + 5;
+
+cc->disas_set_info = mb_disas_set_info;
 }
 
 static const TypeInfo mb_cpu_type_info = {
-- 
2.1.4

[Qemu-devel] [PULL 06/22] target-ppc: Move cpu_exec_init() call to realize function

[Andreas Färber]

From: Bharata B Rao 

Move cpu_exec_init() call from instance_init to realize. This allows
any failures from cpu_exec_init() to be handled appropriately.
Also add corresponding cpu_exec_exit() call from unrealize.

cpu_dt_id assignment from instance_init is no longer needed since
correct assignment for cpu_dt_id is already present in realizefn.

Signed-off-by: Bharata B Rao 
Reviewed-by: David Gibson 
Reviewed-by: Peter Crosthwaite 
Acked-by: Paolo Bonzini 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 target-ppc/translate_init.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 52d95ce..2b72f2d 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -8928,6 +8928,11 @@ static void ppc_cpu_realizefn(DeviceState *dev, Error 
**errp)
 return;
 }
 
+cpu_exec_init(&cpu->env, &local_err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
 cpu->cpu_dt_id = (cs->cpu_index / smp_threads) * max_smt
 + (cs->cpu_index % smp_threads);
 #endif
@@ -9141,6 +9146,8 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error 
**errp)
 opc_handler_t **table;
 int i, j;
 
+cpu_exec_exit(CPU(dev));
+
 for (i = 0; i < PPC_CPU_OPCODES_LEN; i++) {
 if (env->opcodes[i] == &invalid_handler) {
 continue;
@@ -9633,8 +9640,6 @@ static void ppc_cpu_initfn(Object *obj)
 CPUPPCState *env = &cpu->env;
 
 cs->env_ptr = env;
-cpu_exec_init(env, &error_abort);
-cpu->cpu_dt_id = cs->cpu_index;
 
 env->msr_mask = pcc->msr_mask;
 env->mmu_model = pcc->mmu_model;
-- 
2.1.4

[Qemu-devel] [PULL 18/22] disas: arm-a64: Make printfer and stream variable

[Andreas Färber]

From: Peter Crosthwaite 

In a normal disassembly flow, the printf() and stream being used varies
from disas job to job. In particular it varies if mixing monitor_disas
and target_disas.

Make both the printf() function and target stream settable in the
QEMUDisassmbler class.

Reviewed-by: Claudio Fontana 
Tested-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 disas/arm-a64.cc | 22 +-
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/disas/arm-a64.cc b/disas/arm-a64.cc
index e04f946..b0803f9 100644
--- a/disas/arm-a64.cc
+++ b/disas/arm-a64.cc
@@ -35,16 +35,25 @@ static Disassembler *vixl_disasm = NULL;
  */
 class QEMUDisassembler : public Disassembler {
 public:
-explicit QEMUDisassembler(FILE *stream) : stream_(stream) { }
+QEMUDisassembler() : printf_(NULL), stream_(NULL) { }
 ~QEMUDisassembler() { }
 
+void SetStream(FILE *stream) {
+stream_ = stream;
+}
+
+void SetPrintf(int (*printf_fn)(FILE *, const char *, ...)) {
+printf_ = printf_fn;
+}
+
 protected:
 virtual void ProcessOutput(const Instruction *instr) {
-fprintf(stream_, "%08" PRIx32 "  %s",
+printf_(stream_, "%08" PRIx32 "  %s",
 instr->InstructionBits(), GetOutput());
 }
 
 private:
+int (*printf_)(FILE *, const char *, ...);
 FILE *stream_;
 };
 
@@ -53,9 +62,9 @@ static int vixl_is_initialized(void)
 return vixl_decoder != NULL;
 }
 
-static void vixl_init(FILE *f) {
+static void vixl_init() {
 vixl_decoder = new Decoder();
-vixl_disasm = new QEMUDisassembler(f);
+vixl_disasm = new QEMUDisassembler();
 vixl_decoder->AppendVisitor(vixl_disasm);
 }
 
@@ -78,9 +87,12 @@ int print_insn_arm_a64(uint64_t addr, disassemble_info *info)
 }
 
 if (!vixl_is_initialized()) {
-vixl_init(info->stream);
+vixl_init();
 }
 
+((QEMUDisassembler *)vixl_disasm)->SetPrintf(info->fprintf_func);
+((QEMUDisassembler *)vixl_disasm)->SetStream(info->stream);
+
 instrval = bytes[0] | bytes[1] << 8 | bytes[2] << 16 | bytes[3] << 24;
 instr = reinterpret_cast(&instrval);
 vixl_disasm->MapCodeAddress(addr, instr);
-- 
2.1.4

[Qemu-devel] [PULL 15/22] microblaze: boot: Use cpu_set_pc()

[Andreas Färber]

From: Peter Crosthwaite 

Use cpu_set_pc() for setting program counters when bootloading. This
removes an instance of system level code having to reach into the CPU
env.

Reviewed-by: Andreas Färber 
Signed-off-by: Peter Crosthwaite 
[AF: Avoid duplicated CPU() casts through local variable]
Signed-off-by: Andreas Färber 
---
 hw/microblaze/boot.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/microblaze/boot.c b/hw/microblaze/boot.c
index 4c44317..3e8820f 100644
--- a/hw/microblaze/boot.c
+++ b/hw/microblaze/boot.c
@@ -48,13 +48,14 @@ static struct
 static void main_cpu_reset(void *opaque)
 {
 MicroBlazeCPU *cpu = opaque;
+CPUState *cs = CPU(cpu);
 CPUMBState *env = &cpu->env;
 
-cpu_reset(CPU(cpu));
+cpu_reset(cs);
 env->regs[5] = boot_info.cmdline;
 env->regs[6] = boot_info.initrd_start;
 env->regs[7] = boot_info.fdt;
-env->sregs[SR_PC] = boot_info.bootstrap_pc;
+cpu_set_pc(cs, boot_info.bootstrap_pc);
 if (boot_info.machine_cpu_reset) {
 boot_info.machine_cpu_reset(cpu);
 }
-- 
2.1.4

[Qemu-devel] [PULL 13/22] gdbstub: Use cpu_set_pc() helper

[Andreas Färber]

From: Peter Crosthwaite 

Use the cpu_set_pc() helper which will take care of CPUClass retrieval
for us.

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 gdbstub.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index aa5ba51..92b2f81 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -754,12 +754,9 @@ static void gdb_breakpoint_remove_all(void)
 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
 {
 CPUState *cpu = s->c_cpu;
-CPUClass *cc = CPU_GET_CLASS(cpu);
 
 cpu_synchronize_state(cpu);
-if (cc->set_pc) {
-cc->set_pc(cpu, pc);
-}
+cpu_set_pc(cpu, pc);
 }
 
 static CPUState *find_cpu(uint32_t thread_id)
-- 
2.1.4

[Qemu-devel] [PULL 04/22] cpu: Add Error argument to cpu_exec_init()

[Andreas Färber]

From: Bharata B Rao 

Add an Error argument to cpu_exec_init() to let users collect the
error. This is in preparation to change the CPU enumeration logic
in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
can fail if cpu_index values corresponding to max_cpus have already
been handed out.

Since all current callers of cpu_exec_init() are from instance_init,
use error_abort Error argument to abort in case of an error.

Signed-off-by: Bharata B Rao 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Igor Mammedov 
Reviewed-by: David Gibson 
Reviewed-by: Peter Crosthwaite 
Acked-by: Paolo Bonzini 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 exec.c  | 2 +-
 include/exec/exec-all.h | 2 +-
 target-alpha/cpu.c  | 2 +-
 target-arm/cpu.c| 2 +-
 target-cris/cpu.c   | 2 +-
 target-i386/cpu.c   | 2 +-
 target-lm32/cpu.c   | 2 +-
 target-m68k/cpu.c   | 2 +-
 target-microblaze/cpu.c | 2 +-
 target-mips/cpu.c   | 2 +-
 target-moxie/cpu.c  | 2 +-
 target-openrisc/cpu.c   | 2 +-
 target-ppc/translate_init.c | 2 +-
 target-s390x/cpu.c  | 2 +-
 target-sh4/cpu.c| 2 +-
 target-sparc/cpu.c  | 2 +-
 target-tricore/cpu.c| 2 +-
 target-unicore32/cpu.c  | 2 +-
 target-xtensa/cpu.c | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/exec.c b/exec.c
index 06f6cb4..8abac69 100644
--- a/exec.c
+++ b/exec.c
@@ -526,7 +526,7 @@ void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace 
*as)
 }
 #endif
 
-void cpu_exec_init(CPUArchState *env)
+void cpu_exec_init(CPUArchState *env, Error **errp)
 {
 CPUState *cpu = ENV_GET_CPU(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d678114..01d9996 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -88,7 +88,7 @@ void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t 
retaddr);
 TranslationBlock *tb_gen_code(CPUState *cpu,
   target_ulong pc, target_ulong cs_base, int flags,
   int cflags);
-void cpu_exec_init(CPUArchState *env);
+void cpu_exec_init(CPUArchState *env, Error **errp);
 void QEMU_NORETURN cpu_loop_exit(CPUState *cpu);
 
 #if !defined(CONFIG_USER_ONLY)
diff --git a/target-alpha/cpu.c b/target-alpha/cpu.c
index a98b7d8..e865ba7 100644
--- a/target-alpha/cpu.c
+++ b/target-alpha/cpu.c
@@ -257,7 +257,7 @@ static void alpha_cpu_initfn(Object *obj)
 CPUAlphaState *env = &cpu->env;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 tlb_flush(cs, 1);
 
 alpha_translate_init();
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 80669a6..1c40cc0 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -392,7 +392,7 @@ static void arm_cpu_initfn(Object *obj)
 uint32_t Aff1, Aff0;
 
 cs->env_ptr = &cpu->env;
-cpu_exec_init(&cpu->env);
+cpu_exec_init(&cpu->env, &error_abort);
 cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
  g_free, g_free);
 
diff --git a/target-cris/cpu.c b/target-cris/cpu.c
index 16cfba9..bb8e7ea 100644
--- a/target-cris/cpu.c
+++ b/target-cris/cpu.c
@@ -170,7 +170,7 @@ static void cris_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 
 env->pregs[PR_VR] = ccc->vr;
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 36b07f9..433f38b 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -3007,7 +3007,7 @@ static void x86_cpu_initfn(Object *obj)
 static int inited;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 
 object_property_add(obj, "family", "int",
 x86_cpuid_version_get_family,
diff --git a/target-lm32/cpu.c b/target-lm32/cpu.c
index f8081f5..da4fde1 100644
--- a/target-lm32/cpu.c
+++ b/target-lm32/cpu.c
@@ -151,7 +151,7 @@ static void lm32_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 
 env->flags = 0;
 
diff --git a/target-m68k/cpu.c b/target-m68k/cpu.c
index 4cfb725..ae3d765 100644
--- a/target-m68k/cpu.c
+++ b/target-m68k/cpu.c
@@ -168,7 +168,7 @@ static void m68k_cpu_initfn(Object *obj)
 static bool inited;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 
 if (tcg_enabled() && !inited) {
 inited = true;
diff --git a/target-microblaze/cpu.c b/target-microblaze/cpu.c
index c592bf7..967ea01 100644
--- a/target-microblaze/cpu.c
+++ b/target-microblaze/cpu.c
@@ -190,7 +190,7 @@ static void mb_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(env, &error_abort);
 
  

[Qemu-devel] [PULL 07/22] translate-all: Change tb_flush() env argument to cpu

[Andreas Färber]

From: Peter Crosthwaite 

All of the core-code usages of this API have the cpu pointer handy so
pass it in. There are only 3 architecture specific usages (2 of which
are commented out) which can just use ENV_GET_CPU() locally to get the
cpu pointer. The reduces core code usage of the CPU env, which brings
us closer to common-obj'ing these core files.

Cc: Riku Voipio 
Cc: Paolo Bonzini 
Reviewed-by: Eduardo Habkost 
Acked-by: Eduardo Habkost 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 exec.c| 3 +--
 gdbstub.c | 6 ++
 include/exec/exec-all.h   | 2 +-
 linux-user/signal.c   | 2 +-
 target-alpha/sys_helper.c | 2 +-
 target-i386/translate.c   | 2 +-
 translate-all.c   | 6 ++
 7 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/exec.c b/exec.c
index a64c3ae..a33d9b2 100644
--- a/exec.c
+++ b/exec.c
@@ -813,8 +813,7 @@ void cpu_single_step(CPUState *cpu, int enabled)
 } else {
 /* must flush all the translated code to avoid inconsistencies */
 /* XXX: only flush what is necessary */
-CPUArchState *env = cpu->env_ptr;
-tb_flush(env);
+tb_flush(cpu);
 }
 }
 }
diff --git a/gdbstub.c b/gdbstub.c
index cea2a84..0fa8dd8 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1226,7 +1226,6 @@ void gdb_set_stop_cpu(CPUState *cpu)
 static void gdb_vm_state_change(void *opaque, int running, RunState state)
 {
 GDBState *s = gdbserver_state;
-CPUArchState *env = s->c_cpu->env_ptr;
 CPUState *cpu = s->c_cpu;
 char buf[256];
 const char *type;
@@ -1261,7 +1260,7 @@ static void gdb_vm_state_change(void *opaque, int 
running, RunState state)
 cpu->watchpoint_hit = NULL;
 goto send_packet;
 }
-tb_flush(env);
+tb_flush(cpu);
 ret = GDB_SIGNAL_TRAP;
 break;
 case RUN_STATE_PAUSED:
@@ -1490,7 +1489,6 @@ gdb_queuesig (void)
 int
 gdb_handlesig(CPUState *cpu, int sig)
 {
-CPUArchState *env = cpu->env_ptr;
 GDBState *s;
 char buf[256];
 int n;
@@ -1502,7 +1500,7 @@ gdb_handlesig(CPUState *cpu, int sig)
 
 /* disable single step if it was enabled */
 cpu_single_step(cpu, 0);
-tb_flush(env);
+tb_flush(cpu);
 
 if (sig != 0) {
 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 01d9996..5a73bcb 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -196,7 +196,7 @@ struct TBContext {
 };
 
 void tb_free(TranslationBlock *tb);
-void tb_flush(CPUArchState *env);
+void tb_flush(CPUState *cpu);
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
 
 #if defined(USE_DIRECT_JUMP)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 1166f2f..9d4cef4 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -2348,7 +2348,7 @@ static void setup_frame(int sig, struct target_sigaction 
*ka,
 
/* Flush instruction space. */
//flush_sig_insns(current->mm, (unsigned long) &(sf->insns[0]));
-// tb_flush(env);
+// tb_flush(CPU(sparc_env_get_cpu(env)));
}
 unlock_user(sf, sf_addr, sizeof(struct target_signal_frame));
return;
diff --git a/target-alpha/sys_helper.c b/target-alpha/sys_helper.c
index ae2e174..1c59e10 100644
--- a/target-alpha/sys_helper.c
+++ b/target-alpha/sys_helper.c
@@ -74,7 +74,7 @@ void helper_tbis(CPUAlphaState *env, uint64_t p)
 
 void helper_tb_flush(CPUAlphaState *env)
 {
-tb_flush(env);
+tb_flush(CPU(alpha_env_get_cpu(env)));
 }
 
 void helper_halt(uint64_t restart)
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 7a1bdee..82e2245 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -6925,7 +6925,7 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 gen_debug(s, pc_start - s->cs_base);
 #else
 /* start debug */
-tb_flush(env);
+tb_flush(CPU(x86_env_get_cpu(env)));
 qemu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
 #endif
 break;
diff --git a/translate-all.c b/translate-all.c
index 412bc90..b27c056 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -770,10 +770,8 @@ static void page_flush_tb(void)
 
 /* flush all the translation blocks */
 /* XXX: tb_flush is currently not thread safe */
-void tb_flush(CPUArchState *env1)
+void tb_flush(CPUState *cpu)
 {
-CPUState *cpu = ENV_GET_CPU(env1);
-
 #if defined(DEBUG_FLUSH)
 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
(unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
@@ -1012,7 +1010,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
 tb = tb_alloc(pc);
 if (!tb) {
 /* flush must be done */
-tb_flush(env);
+tb_flush(cpu);
 /* cannot fail at this point */
   

[Qemu-devel] [PULL 05/22] cpu: Convert cpu_index into a bitmap

[Andreas Färber]

From: Bharata B Rao 

Currently CPUState::cpu_index is monotonically increasing and a newly
created CPU always gets the next higher index. The next available
index is calculated by counting the existing number of CPUs. This is
fine as long as we only add CPUs, but there are architectures which
are starting to support CPU removal, too. For an architecture like PowerPC
which derives its CPU identifier (device tree ID) from cpu_index, the
existing logic of generating cpu_index values causes problems.

With the currently proposed method of handling vCPU removal by parking
the vCPU fd in QEMU
(Ref: http://lists.gnu.org/archive/html/qemu-devel/2015-02/msg02604.html),
generating cpu_index this way will not work for PowerPC.

This patch changes the way cpu_index is handed out by maintaining
a bit map of the CPUs that tracks both addition and removal of CPUs.

The CPU bitmap allocation logic is part of cpu_exec_init(), which is
called by instance_init routines of various CPU targets. Newly added
cpu_exec_exit() API handles the deallocation part and this routine is
called from generic CPU instance_finalize.

Note: This new CPU enumeration is for !CONFIG_USER_ONLY only.
CONFIG_USER_ONLY continues to have the old enumeration logic.

Signed-off-by: Bharata B Rao 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Igor Mammedov 
Reviewed-by: David Gibson 
Reviewed-by: Peter Crosthwaite 
Acked-by: Paolo Bonzini 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 exec.c| 55 ++-
 include/qom/cpu.h |  1 +
 qom/cpu.c |  7 +++
 3 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index 8abac69..a64c3ae 100644
--- a/exec.c
+++ b/exec.c
@@ -526,12 +526,57 @@ void tcg_cpu_address_space_init(CPUState *cpu, 
AddressSpace *as)
 }
 #endif
 
+#ifndef CONFIG_USER_ONLY
+static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
+
+static int cpu_get_free_index(Error **errp)
+{
+int cpu = find_first_zero_bit(cpu_index_map, max_cpus);
+
+if (cpu >= max_cpus) {
+error_setg(errp, "Trying to use more CPUs than allowed max of %d",
+   max_cpus);
+return -1;
+}
+
+bitmap_set(cpu_index_map, cpu, 1);
+return cpu;
+}
+
+void cpu_exec_exit(CPUState *cpu)
+{
+if (cpu->cpu_index == -1) {
+/* cpu_index was never allocated by this @cpu or was already freed. */
+return;
+}
+
+bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
+cpu->cpu_index = -1;
+}
+#else
+
+static int cpu_get_free_index(Error **errp)
+{
+CPUState *some_cpu;
+int cpu_index = 0;
+
+CPU_FOREACH(some_cpu) {
+cpu_index++;
+}
+return cpu_index;
+}
+
+void cpu_exec_exit(CPUState *cpu)
+{
+}
+#endif
+
 void cpu_exec_init(CPUArchState *env, Error **errp)
 {
 CPUState *cpu = ENV_GET_CPU(env);
 CPUClass *cc = CPU_GET_CLASS(cpu);
-CPUState *some_cpu;
 int cpu_index;
+Error *local_err = NULL;
 
 #ifndef CONFIG_USER_ONLY
 cpu->as = &address_space_memory;
@@ -542,11 +587,11 @@ void cpu_exec_init(CPUArchState *env, Error **errp)
 #if defined(CONFIG_USER_ONLY)
 cpu_list_lock();
 #endif
-cpu_index = 0;
-CPU_FOREACH(some_cpu) {
-cpu_index++;
+cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
 }
-cpu->cpu_index = cpu_index;
 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
 #if defined(CONFIG_USER_ONLY)
 cpu_list_unlock();
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 39f0f19..7db310e 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -672,6 +672,7 @@ void cpu_watchpoint_remove_all(CPUState *cpu, int mask);
 
 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
 GCC_FMT_ATTR(2, 3);
+void cpu_exec_exit(CPUState *cpu);
 
 #ifdef CONFIG_SOFTMMU
 extern const struct VMStateDescription vmstate_cpu_common;
diff --git a/qom/cpu.c b/qom/cpu.c
index 56c53a8..eb9cfec 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -312,11 +312,17 @@ static void cpu_common_initfn(Object *obj)
 CPUState *cpu = CPU(obj);
 CPUClass *cc = CPU_GET_CLASS(obj);
 
+cpu->cpu_index = -1;
 cpu->gdb_num_regs = cpu->gdb_num_g_regs = cc->gdb_num_core_regs;
 QTAILQ_INIT(&cpu->breakpoints);
 QTAILQ_INIT(&cpu->watchpoints);
 }
 
+static void cpu_common_finalize(Object *obj)
+{
+cpu_exec_exit(CPU(obj));
+}
+
 static int64_t cpu_common_get_arch_id(CPUState *cpu)
 {
 return cpu->cpu_index;
@@ -358,6 +364,7 @@ static const TypeInfo cpu_type_info = {
 .parent = TYPE_DEVICE,
 .instance_size = sizeof(CPUState),
 .instance_init = cpu_common_initfn,
+.instance_finalize = cpu_common_finalize,
 .abstract = true,
 .class_size = sizeof(CPUClass),
 .class_init = cpu_class_init,
-- 
2.1.4

[Qemu-devel] [PULL 03/22] cpu: Reorder cpu->as, cpu->thread_id, cpu->memory_dispatch init

[Andreas Färber]

From: Eduardo Habkost 

Instead of initializing cpu->as, cpu->thread_id, and reloading memory
map while holding cpu_list_lock(), do it earlier, before locking the CPU
list and initializing cpu_index.

This allows the code handling cpu_index and global CPU list to be
isolated from the rest.

Cc: Paolo Bonzini 
Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 exec.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index b5ff469..06f6cb4 100644
--- a/exec.c
+++ b/exec.c
@@ -533,6 +533,12 @@ void cpu_exec_init(CPUArchState *env)
 CPUState *some_cpu;
 int cpu_index;
 
+#ifndef CONFIG_USER_ONLY
+cpu->as = &address_space_memory;
+cpu->thread_id = qemu_get_thread_id();
+cpu_reload_memory_map(cpu);
+#endif
+
 #if defined(CONFIG_USER_ONLY)
 cpu_list_lock();
 #endif
@@ -541,11 +547,6 @@ void cpu_exec_init(CPUArchState *env)
 cpu_index++;
 }
 cpu->cpu_index = cpu_index;
-#ifndef CONFIG_USER_ONLY
-cpu->as = &address_space_memory;
-cpu->thread_id = qemu_get_thread_id();
-cpu_reload_memory_map(cpu);
-#endif
 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
 #if defined(CONFIG_USER_ONLY)
 cpu_list_unlock();
-- 
2.1.4

[Qemu-devel] [PULL 12/22] cpu: Add wrapper for the set_pc() hook

[Andreas Färber]

From: Peter Crosthwaite 

Add a wrapper around the CPUClass::set_pc() hook.

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Andreas Färber 
---
 include/qom/cpu.h | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 7db310e..5db1ea3 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -600,6 +600,20 @@ static inline void cpu_unaligned_access(CPUState *cpu, 
vaddr addr,
 #endif
 
 /**
+ * cpu_set_pc:
+ * @cpu: The CPU to set the program counter for.
+ * @addr: Program counter value.
+ *
+ * Sets the program counter for a CPU.
+ */
+static inline void cpu_set_pc(CPUState *cpu, vaddr addr)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+cc->set_pc(cpu, addr);
+}
+
+/**
  * cpu_reset_interrupt:
  * @cpu: The CPU to clear the interrupt on.
  * @mask: The interrupt mask to clear.
-- 
2.1.4

[Qemu-devel] [PULL 01/22] cpu: No need to zero-initialize CPUState::numa_node

[Andreas Färber]

From: Eduardo Habkost 

QOM objects are already zero-filled when instantiated, there's no need
to explicitly set numa_node to 0.

Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 exec.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/exec.c b/exec.c
index 251dc79..e63f748 100644
--- a/exec.c
+++ b/exec.c
@@ -541,7 +541,6 @@ void cpu_exec_init(CPUArchState *env)
 cpu_index++;
 }
 cpu->cpu_index = cpu_index;
-cpu->numa_node = 0;
 QTAILQ_INIT(&cpu->breakpoints);
 QTAILQ_INIT(&cpu->watchpoints);
 #ifndef CONFIG_USER_ONLY
-- 
2.1.4

[Qemu-devel] [PULL 02/22] cpu: Initialize breakpoint/watchpoint lists in cpu_common_initfn()

[Andreas Färber]

From: Eduardo Habkost 

One small step in the simplification of cpu_exec_init().

Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
Signed-off-by: Andreas Färber 
---
 exec.c| 2 --
 qom/cpu.c | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index e63f748..b5ff469 100644
--- a/exec.c
+++ b/exec.c
@@ -541,8 +541,6 @@ void cpu_exec_init(CPUArchState *env)
 cpu_index++;
 }
 cpu->cpu_index = cpu_index;
-QTAILQ_INIT(&cpu->breakpoints);
-QTAILQ_INIT(&cpu->watchpoints);
 #ifndef CONFIG_USER_ONLY
 cpu->as = &address_space_memory;
 cpu->thread_id = qemu_get_thread_id();
diff --git a/qom/cpu.c b/qom/cpu.c
index 108bfa2..56c53a8 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -313,6 +313,8 @@ static void cpu_common_initfn(Object *obj)
 CPUClass *cc = CPU_GET_CLASS(obj);
 
 cpu->gdb_num_regs = cpu->gdb_num_g_regs = cc->gdb_num_core_regs;
+QTAILQ_INIT(&cpu->breakpoints);
+QTAILQ_INIT(&cpu->watchpoints);
 }
 
 static int64_t cpu_common_get_arch_id(CPUState *cpu)
-- 
2.1.4

[Qemu-devel] [PULL 00/22] QOM CPUState patch queue 2015-07-06

[Andreas Färber]

Hello Peter,

This is my QOM CPU patch queue. Please pull.

Note: For time reasons I did not give this queue as much testing as usual,
in particular BSD and non-x86 KVM hosts were not covered.

Regards,
Andreas

Cc: Peter Maydell 

Cc: Eduardo Habkost 
Cc: Peter Crosthwaite 

The following changes since commit 7edd8e4660beb301d527257f8e04ebec0f841cb0:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2015-07-06 14:03:44 +0100)

are available in the git repository at:

  git://github.com/afaerber/qemu-cpu.git tags/qom-cpu-for-peter

for you to fetch changes up to 116382f1504d655a1afdf3eac18d276a200428b7:

  disas: cris: QOMify target specific disas setup (2015-07-06 22:36:17 +0200)


QOM CPUState and X86CPU

* Further QOM'ification of CPU initialization
* Propagation of CPUState arguments and elimination of ENV_GET_CPU() usage
* cpu_set_pc() abstraction
* CPUClass::disas_set_info() hook


Bharata B Rao (3):
  cpu: Add Error argument to cpu_exec_init()
  cpu: Convert cpu_index into a bitmap
  target-ppc: Move cpu_exec_init() call to realize function

Eduardo Habkost (3):
  cpu: No need to zero-initialize CPUState::numa_node
  cpu: Initialize breakpoint/watchpoint lists in cpu_common_initfn()
  cpu: Reorder cpu->as, cpu->thread_id, cpu->memory_dispatch init

Peter Crosthwaite (16):
  translate-all: Change tb_flush() env argument to cpu
  gdbstub: Change gdbserver_fork() to accept cpu instead of env
  cpu: Change tcg_cpu_exec() arg to cpu, not env
  cpu: Change cpu_exec_init() arg to cpu, not env
  cpu-exec: Purge all uses of ENV_GET_CPU()
  cpu: Add wrapper for the set_pc() hook
  gdbstub: Use cpu_set_pc() helper
  hw/arm/boot: Use cpu_set_pc()
  microblaze: boot: Use cpu_set_pc()
  disas: Add print_insn to disassemble info
  disas: QOMify target specific setup
  disas: arm-a64: Make printfer and stream variable
  disas: arm: QOMify target specific disas setup
  disas: microblaze: QOMify target specific disas setup
  disas: cris: Fix 0 buffer length case
  disas: cris: QOMify target specific disas setup

 bsd-user/main.c |   6 ++-
 cpu-exec.c  |  28 +--
 cpus.c  |   8 ++-
 disas.c | 119 
 disas/arm-a64.cc|  22 ++--
 disas/cris.c|   6 +--
 exec.c  |  71 --
 gdbstub.c   |  14 ++
 hw/arm/boot.c   |  24 -
 hw/microblaze/boot.c|   5 +-
 include/disas/bfd.h |   6 +++
 include/exec/exec-all.h |   4 +-
 include/exec/gdbstub.h  |   2 +-
 include/qom/cpu.h   |  19 +++
 linux-user/main.c   |  30 +--
 linux-user/signal.c |   2 +-
 qom/cpu.c   |   9 
 target-alpha/cpu.c  |   2 +-
 target-alpha/cpu.h  |   2 +-
 target-alpha/sys_helper.c   |   2 +-
 target-arm/cpu.c|  37 +-
 target-arm/cpu.h|   2 +-
 target-cris/cpu.c   |  18 ++-
 target-cris/cpu.h   |   2 +-
 target-i386/cpu.c   |   2 +-
 target-i386/cpu.h   |   2 +-
 target-i386/translate.c |   2 +-
 target-lm32/cpu.c   |   2 +-
 target-lm32/cpu.h   |   2 +-
 target-m68k/cpu.c   |   2 +-
 target-m68k/cpu.h   |   2 +-
 target-microblaze/cpu.c |  10 +++-
 target-microblaze/cpu.h |   2 +-
 target-mips/cpu.c   |   2 +-
 target-mips/cpu.h   |   2 +-
 target-moxie/cpu.c  |   2 +-
 target-moxie/cpu.h  |   2 +-
 target-openrisc/cpu.c   |   2 +-
 target-openrisc/cpu.h   |   2 +-
 target-ppc/cpu.h|   2 +-
 target-ppc/translate_init.c |   9 +++-
 target-s390x/cpu.c  |   2 +-
 target-s390x/cpu.h  |   2 +-
 target-sh4/cpu.c|   2 +-
 target-sh4/cpu.h|   2 +-
 target-sparc/cpu.c  |   2 +-
 target-sparc/cpu.h  |   2 +-
 target-tricore/cpu.c|   2 +-
 target-tricore/cpu.h|   2 +-
 target-unicore32/cpu.c  |   2 +-
 target-unicore32/cpu.h  |   3 +-
 target-xtensa/cpu.c |   2 +-
 target-xtensa/cpu.h |   2 +-
 translate-all.c |   6 +--
 54 files changed, 315 insertions(+), 205 deletions(-)

Re: [Qemu-devel] [PATCH 0/2] target-arm: "any" CPUs for system-mode

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 3:49 PM, Peter Maydell  wrote:
> On 6 July 2015 at 23:42, Peter Crosthwaite  
> wrote:
>> On Mon, Jul 6, 2015 at 3:29 PM, Peter Maydell  
>> wrote:
>>> On 6 July 2015 at 19:53,   wrote:
 From: Meador Inge 

 This patch series opens up the "any" CPU for system-mode and
 adds a new "any" variant named "anyvfp" that initializes the
 FP coprocessors as well.
>>>
>>> We deliberately removed cpu "any" for system mode in
>>> commit f5f6d38b7458b8a back in 2013; I think the rationale
>>> for its removal still holds. If you're emulating a system
>>> you're emulating a specific system and you get a real
>>> CPU. A CPU with no impdef sysregs or initialized feature
>>> and ID registers is broken...
>>
>> You can still have a CPU+RAM only machine model, load elfs and get
>> meaningful result on a debugger.
>
> Yeah, but what does "any" get you over just going ahead
> and specifying your CPU type? What interrupt controller
> should the "any" CPU type have? Generic timers? Etc.
>

None and none. You are only interested in CPU internal state with no IO at all.

> There isn't zero utility there, but I don't really think
> there's enough to justify cluttering up QEMU with when
> "-cpu cortex-a15" is not very much more to type, and
> has the advantage of being something that actually
> exists in reality.

There is a clean definition of an ARM CPU without any IO however which
has utility in compiler testing.

Regards,
Peter

>
> -- PMM
>

Re: [Qemu-devel] [PATCH 0/2] target-arm: "any" CPUs for system-mode

[Peter Maydell]

On 6 July 2015 at 23:42, Peter Crosthwaite  wrote:
> On Mon, Jul 6, 2015 at 3:29 PM, Peter Maydell  
> wrote:
>> On 6 July 2015 at 19:53,   wrote:
>>> From: Meador Inge 
>>>
>>> This patch series opens up the "any" CPU for system-mode and
>>> adds a new "any" variant named "anyvfp" that initializes the
>>> FP coprocessors as well.
>>
>> We deliberately removed cpu "any" for system mode in
>> commit f5f6d38b7458b8a back in 2013; I think the rationale
>> for its removal still holds. If you're emulating a system
>> you're emulating a specific system and you get a real
>> CPU. A CPU with no impdef sysregs or initialized feature
>> and ID registers is broken...
>
> You can still have a CPU+RAM only machine model, load elfs and get
> meaningful result on a debugger.

Yeah, but what does "any" get you over just going ahead
and specifying your CPU type? What interrupt controller
should the "any" CPU type have? Generic timers? Etc.

There isn't zero utility there, but I don't really think
there's enough to justify cluttering up QEMU with when
"-cpu cortex-a15" is not very much more to type, and
has the advantage of being something that actually
exists in reality.

-- PMM

Re: [Qemu-devel] [PATCH 0/2] target-arm: "any" CPUs for system-mode

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 3:29 PM, Peter Maydell  wrote:
> On 6 July 2015 at 19:53,   wrote:
>> From: Meador Inge 
>>
>> This patch series opens up the "any" CPU for system-mode and
>> adds a new "any" variant named "anyvfp" that initializes the
>> FP coprocessors as well.
>
> We deliberately removed cpu "any" for system mode in
> commit f5f6d38b7458b8a back in 2013; I think the rationale
> for its removal still holds. If you're emulating a system
> you're emulating a specific system and you get a real
> CPU. A CPU with no impdef sysregs or initialized feature
> and ID registers is broken...

You can still have a CPU+RAM only machine model, load elfs and get
meaningful result on a debugger. I wonder though if linux-user can be
re-purposed for this?

Regards,
Peter

>
> thanks
> -- PMM
>

Re: [Qemu-devel] [PATCH 2/2] target-arm: Add "anyvfp" CPU

[Peter Maydell]

On 6 July 2015 at 19:53,   wrote:
> From: Meador Inge 
>
> This patch adds support for `-cpu anyvfp`, which is just
> like `-cpu any`, but enables the coprocessors by default.
> This is useful for working with a wide range of bare-metal
> C/C++ applications that have been compiled in different
> ways and assume the coprocessor has been enabled already.

I'm not convinced. System mode gives you a bare metal
system -- it's the bare metal app's job to enable
VFP if it wants to use it. If your bare metal app
doesn't do that then it is broken.

Alternatively you can use a firmware blob which
does enough setup for whatever environment your
code is expecting.

I really don't want to get QEMU into the business of
providing random ad-hoc execution environments for
things. It's hard enough maintaining the Linux boot
loader code...

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/2] target-arm: "any" CPUs for system-mode

[Peter Maydell]

On 6 July 2015 at 19:53,   wrote:
> From: Meador Inge 
>
> This patch series opens up the "any" CPU for system-mode and
> adds a new "any" variant named "anyvfp" that initializes the
> FP coprocessors as well.

We deliberately removed cpu "any" for system mode in
commit f5f6d38b7458b8a back in 2013; I think the rationale
for its removal still holds. If you're emulating a system
you're emulating a specific system and you get a real
CPU. A CPU with no impdef sysregs or initialized feature
and ID registers is broken...

thanks
-- PMM

Re: [Qemu-devel] [PATCH] arm: Ensure LSB of BLX is set

[Peter Maydell]

On 6 July 2015 at 19:09,   wrote:
> From: Meador Inge 
>
> This small patch adds a sanity check when disassembling
> the BLX instruction.  The use case came to light when
> doing toolchain development and a similar check was
> upstreamed for Binutils:
>
>   * https://sourceware.org/ml/binutils/2011-01/msg00077.html
>
> Patch by Nathan Sidwell.
>
> Signed-off-by: Meador Inge 
> ---
>  target-arm/translate.c | 6 ++
>  1 file changed, 6 insertions(+)
>
> diff --git a/target-arm/translate.c b/target-arm/translate.c
> index 69ac18c..fedc8f3 100644
> --- a/target-arm/translate.c
> +++ b/target-arm/translate.c
> @@ -9912,6 +9912,12 @@ static int disas_thumb2_insn(CPUARMState *env, 
> DisasContext *s, uint16_t insn_hw
>  gen_jmp(s, offset);
>  } else {
>  /* blx */
> +/* The instruction must have bit zero unset, even
> +   though it is part of the offset.  Real hardware
> +   will abort, so we do too.  */

This comment isn't really correct -- bit zero in this encoding
(BLX T2) isn't part of the immediate, it's described
as a one bit field H which causes UNDEFINED if it's 1.
This is architecturally mandated, not just somewhere
we're following h/w on an IMPDEF or UNPREDICTABLE case.

> +if (insn & 1) {
> +goto illegal_op;
> +}

This check is happening too late -- we've already
done the write to R14. We need to UNDEF before that.

>  offset &= ~(uint32_t)2;

The new check makes this masking unnecessary now, right?

>  /* thumb2 bx, no need to check */
>  gen_bx_im(s, offset);
> --

thanks
-- PMM

Re: [Qemu-devel] [PATCH 2/2] target-arm: Add "anyvfp" CPU

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 11:53 AM,   wrote:
> From: Meador Inge 
>
> This patch adds support for `-cpu anyvfp`, which is just
> like `-cpu any`, but enables the coprocessors by default.

So a better way to do this is via QOM properties. You can propertyify
VFP support on the QOM type ARMCPU then users can use -global to set
in on the command line. You could do this for any number of ARM CPU
features you care about to create the combos you want on the command
line rather than having an in tree CPU def for special cases.

Have a look at the way the has_el3 feature is handled as a CPU property.

> This is useful for working with a wide range of bare-metal
> C/C++ applications that have been compiled in different
> ways and assume the coprocessor has been enabled already.
>
> Original patch by Daniel Jacobowitz.

Do you have originals in a git with the author SOBs that you can just
amend with your own editor notes?

>
> Signed-off-by: Meador Inge 
> ---
>  target-arm/cpu.c | 17 -
>  1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/target-arm/cpu.c b/target-arm/cpu.c
> index 3665f6b..2a00e73 100644
> --- a/target-arm/cpu.c
> +++ b/target-arm/cpu.c
> @@ -181,7 +181,14 @@ static void arm_cpu_reset(CPUState *s)
>  env->regs[15] = 0x;
>  }
>
> -env->vfp.xregs[ARM_VFP_FPEXC] = 0;
> +/* For -cpu anyvfp, enable coprocessors by default.  Useful for
> +   testing code that expects something else to turn on the
> +   coprocessor.  */

Comment style should be this:

/* multi line comment style
 * needs *'s on each line.
 */

> +if (cpu->midr == 0xfffe) {
> +env->vfp.xregs[ARM_VFP_FPEXC] = 1 << 30;
> +} else {
> +env->vfp.xregs[ARM_VFP_FPEXC] = 0;
> +}
>  #endif
>  set_flush_to_zero(1, &env->vfp.standard_fp_status);
>  set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
> @@ -1258,6 +1265,13 @@ static void arm_any_initfn(Object *obj)
>  cpu->midr = 0x;
>  }
>
> +static void arm_anyvfp_initfn(Object *obj)
> +{
> +ARMCPU *cpu = ARM_CPU(obj);
> +arm_any_initfn(obj);
> +cpu->midr = 0xfffe;


Do you need to set the MIDR like this or is it just a means to
communicate feature support?

Regards,
Peter

> +}
> +
>  #endif /* !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64) */
>
>  typedef struct ARMCPUInfo {
> @@ -1304,6 +1318,7 @@ static const ARMCPUInfo arm_cpus[] = {
>  { .name = "pxa270-c0",   .initfn = pxa270c0_initfn },
>  { .name = "pxa270-c5",   .initfn = pxa270c5_initfn },
>  { .name = "any", .initfn = arm_any_initfn },
> +{ .name = "anyvfp",  .initfn = arm_anyvfp_initfn },
>  #endif
>  { .name = NULL }
>  };
> --
> 1.8.1.1
>
>

Re: [Qemu-devel] [PATCH v2 2/3] hw/i386/pc: reflect any FDC @ ioport 0x3f0 in the CMOS

[Laszlo Ersek]

On 06/29/15 11:56, Michael S. Tsirkin wrote:
> On Mon, Jun 29, 2015 at 11:33:42AM +0200, Markus Armbruster wrote:
>> Eduardo Habkost  writes:
>>
>>> On Fri, Jun 26, 2015 at 02:50:04PM -0400, John Snow wrote:
 On 06/26/2015 08:25 AM, Laszlo Ersek wrote:
> On 06/26/15 11:31, Markus Armbruster wrote:
>> Laszlo Ersek  writes:
>>
>>> With the pc-q35-2.4 machine type, if the user creates an ISA FDC 
>>> manually:
>>>
>>>   -device isa-fdc,driveA=drive-fdc0-0-0 \
>>>   -drive file=...,if=none,id=drive-fdc0-0-0,format=raw
>>>
>>> then the board-default FDC will be skipped, and only the explicitly
>>> requested FDC will exist. qtree-wise, this is correct; however such an 
>>> FDC
>>> is currently not registered in the CMOS, because that code is only 
>>> reached
>>> for the board-default FDC.
>>>
>>> The pc_cmos_init_late() one-shot reset handler -- one-shot because the
>>> CMOS is not reprogrammed during warm reset -- should search for any ISA
>>> FDC devices, created implicitly (by board code) or explicitly, and set 
>>> the
>>> CMOS accordingly to the ISA FDC(s) with iobase=0x3f0:
>>>
>>> - if there is no such FDC, report both drives absent,
>>> - if there is exactly one such FDC, report its drives in the CMOS,
>>> - if there are more than one such FDCs, then pick one (it is not 
>>> specified
>>>   which one), and print a warning about the ambiguity.
>>>
>>> Cc: Jan Tomko 
>>> Cc: John Snow 
>>> Cc: Markus Armbruster 
>>> Cc: Paolo Bonzini 
>>> Reported-by: Jan Tomko 
>>> Suggested-by: Markus Armbruster 
>>> Signed-off-by: Laszlo Ersek 
>>> Reviewed-by: John Snow 
>>
>> Reviewed-by: Markus Armbruster 
>
> Thank you. Can you or John please send a PULL req for this? (Or include
> it in an upcoming PULL of yours.)
>
> I've been Cc'ing Paolo because the get-maintainer script reported him at
> the top for the patch set, but I believe he might not have time for this
> now.
>
> Thanks!
> Laszlo
>

 This is technically out-of-tree for me, because it's touching init
 instead of my device.

 Best guess is Eduardo Habkost, whom I have CC'd.
>>>
>>> Michael is the PC maintainer.
>>
>> Michael, we really needs this series in 2.4, because without it floppy
>> is broken for Q35.
> 
> Will review, thanks for the reminder.

Ping. :)

This should go into 2.4, preferably.

(Tomorrow ^W in two minutes in my timezone is the rc0 / hard freeze date
(according to ), but the series is a
bugfix.)

Thanks
Laszlo

[Qemu-devel] [PATCH 2/2] ahci: fix signature generation

[John Snow]

The initial register device-to-host FIS no longer needs to specially
set certain fields, as these can be handled generically by setting those
fields explicitly with the signatures we want at port reset time.

(1) Signatures are decomposed into their four component registers and
set upon (AHCI) port reset.
(2) the signature cache register is no longer set manually per-each
device type, but instead just once during ahci_init_d2h.

Signed-off-by: John Snow 
---
 hw/ide/ahci.c | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index bb6a92f..f352dd7 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -537,20 +537,31 @@ static void ahci_init_d2h(AHCIDevice *ad)
 {
 uint8_t init_fis[20];
 IDEState *ide_state = &ad->port.ifs[0];
+AHCIPortRegs *pr = &ad->port_regs;
 
 memset(init_fis, 0, sizeof(init_fis));
 
-init_fis[4] = 1;
-init_fis[12] = 1;
-
-if (ide_state->drive_kind == IDE_CD) {
-init_fis[5] = ide_state->lcyl;
-init_fis[6] = ide_state->hcyl;
-}
+/* We're emulating receiving the first Reg H2D Fis from the device;
+ * Update the SIG register, but otherwise procede as normal. */
+pr->sig = (ide_state->hcyl << 24) |
+(ide_state->lcyl << 16) |
+(ide_state->sector << 8) |
+(ide_state->nsector & 0xFF);
 
 ahci_write_fis_d2h(ad, init_fis);
 }
 
+static void ahci_set_signature(AHCIDevice *ad, uint32_t sig)
+{
+IDEState *s = &ad->port.ifs[0];
+s->hcyl = sig >> 24 & 0xFF;
+s->lcyl = sig >> 16 & 0xFF;
+s->sector = sig >> 8 & 0xFF;
+s->nsector = sig & 0xFF;
+
+DPRINTF(ad->port_no, "set hcyl:lcyl:sect:nsect = 0x%08x\n", sig);
+}
+
 static void ahci_reset_port(AHCIState *s, int port)
 {
 AHCIDevice *d = &s->dev[port];
@@ -600,16 +611,12 @@ static void ahci_reset_port(AHCIState *s, int port)
 
 s->dev[port].port_state = STATE_RUN;
 if (!ide_state->blk) {
-pr->sig = 0;
 ide_state->status = SEEK_STAT | WRERR_STAT;
 } else if (ide_state->drive_kind == IDE_CD) {
-pr->sig = SATA_SIGNATURE_CDROM;
-ide_state->lcyl = 0x14;
-ide_state->hcyl = 0xeb;
-DPRINTF(port, "set lcyl = %d\n", ide_state->lcyl);
+ahci_set_signature(d, SATA_SIGNATURE_CDROM);
 ide_state->status = SEEK_STAT | WRERR_STAT | READY_STAT;
 } else {
-pr->sig = SATA_SIGNATURE_DISK;
+ahci_set_signature(d, SATA_SIGNATURE_DISK);
 ide_state->status = SEEK_STAT | WRERR_STAT;
 }
 
-- 
2.1.0

[Qemu-devel] [PATCH 0/2] ahci: Fix CD-ROM signature

[John Snow]

As reported by Hannes Reinecke, the signature generation
in AHCI is a little goofy. Let's fix it up.

Patch 1 should be considered a bugfix for 2.4.
Patch 2 is mostly a tidying effort prompted by the first patch.



For convenience, this branch is available at:
https://github.com/jnsnow/qemu.git branch ahci-sig
https://github.com/jnsnow/qemu/tree/ahci-sig

This version is tagged ahci-sig-v1:
https://github.com/jnsnow/qemu/releases/tag/ahci-sig-v1

Hannes Reinecke (1):
  ahci: Fix CD-ROM signature

John Snow (1):
  ahci: fix signature generation

 hw/ide/ahci.c | 33 -
 hw/ide/ahci.h |  2 +-
 2 files changed, 21 insertions(+), 14 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH 1/2] ahci: Fix CD-ROM signature

[John Snow]

From: Hannes Reinecke 

The CD-ROM signature is 0xeb140101, not 0xeb14.
Without this change OVMF/Duet runs into a timeout trying
to detect a SATA cdrom.

Signed-off-by: Hannes Reinecke 
Signed-off-by: John Snow 
---
 hw/ide/ahci.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index 9f5b4d2..68d5074 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -166,7 +166,7 @@
 #define AHCI_CMD_HDR_CMD_FIS_LEN   0x1f
 #define AHCI_CMD_HDR_PRDT_LEN  16
 
-#define SATA_SIGNATURE_CDROM   0xeb14
+#define SATA_SIGNATURE_CDROM   0xeb140101
 #define SATA_SIGNATURE_DISK0x0101
 
 #define AHCI_GENERIC_HOST_CONTROL_REGS_MAX_ADDR 0x20
-- 
2.1.0

Re: [Qemu-devel] [PATCH 1/2] target-arm: Allow CPU "any" for system-mode emulation

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 11:53 AM,   wrote:
> From: Meador Inge 
>
> The "any" CPU is useful for cases where the system-mode
> emulator is being used to work with a wide array of
> bare-metal C/C++ applications that have been compiled
> in different ways.
>

What is the system being created in this case though? Are you using -M
virt and can it reliably create usable systems with CPU type
substitutions?

Regards,
Peter

> Signed-off-by: Meador Inge 
> ---
>  target-arm/cpu.c | 4 
>  1 file changed, 4 deletions(-)
>
> diff --git a/target-arm/cpu.c b/target-arm/cpu.c
> index 80669a6..3665f6b 100644
> --- a/target-arm/cpu.c
> +++ b/target-arm/cpu.c
> @@ -1243,7 +1243,6 @@ static void pxa270c5_initfn(Object *obj)
>  cpu->reset_sctlr = 0x0078;
>  }
>
> -#ifdef CONFIG_USER_ONLY
>  static void arm_any_initfn(Object *obj)
>  {
>  ARMCPU *cpu = ARM_CPU(obj);
> @@ -1258,7 +1257,6 @@ static void arm_any_initfn(Object *obj)
>  set_feature(&cpu->env, ARM_FEATURE_CRC);
>  cpu->midr = 0x;
>  }
> -#endif
>
>  #endif /* !defined(CONFIG_USER_ONLY) || !defined(TARGET_AARCH64) */
>
> @@ -1305,10 +1303,8 @@ static const ARMCPUInfo arm_cpus[] = {
>  { .name = "pxa270-b1",   .initfn = pxa270b1_initfn },
>  { .name = "pxa270-c0",   .initfn = pxa270c0_initfn },
>  { .name = "pxa270-c5",   .initfn = pxa270c5_initfn },
> -#ifdef CONFIG_USER_ONLY
>  { .name = "any", .initfn = arm_any_initfn },
>  #endif
> -#endif
>  { .name = NULL }
>  };
>
> --
> 1.8.1.1
>
>

Re: [Qemu-devel] [PATCH] cpu_defs: Simplify CPUTLB padding logic

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 4:52 AM, Paolo Bonzini  wrote:
>
>
> On 06/07/2015 13:42, Richard Henderson wrote:
>> On 07/06/2015 09:43 AM, Paolo Bonzini wrote:
>>>
>>>
>>> On 05/07/2015 23:08, Peter Crosthwaite wrote:
 There was a complicated subtractive arithmetic for determining the
 padding on the CPUTLBEntry structure. Simplify this with a union.

 Signed-off-by: Peter Crosthwaite 
 ---
   include/exec/cpu-defs.h | 23 ---
   1 file changed, 12 insertions(+), 11 deletions(-)

 diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
 index 98b9cff..5093be2 100644
 --- a/include/exec/cpu-defs.h
 +++ b/include/exec/cpu-defs.h
 @@ -105,17 +105,18 @@ typedef struct CPUTLBEntry {
  bit 3  : indicates that the entry is
 invalid
  bit 2..0   : zero
   */
 -target_ulong addr_read;
 -target_ulong addr_write;
 -target_ulong addr_code;
 -/* Addend to virtual address to get host address.  IO accesses
 -   use the corresponding iotlb value.  */
 -uintptr_t addend;
 -/* padding to get a power of two size */
 -uint8_t dummy[(1 << CPU_TLB_ENTRY_BITS) -
 -  (sizeof(target_ulong) * 3 +
 -   ((-sizeof(target_ulong) * 3) & (sizeof(uintptr_t)
 - 1)) +
 -   sizeof(uintptr_t))];
 +union {
>>>
>>> The struct CPUTLBEntry can be changed to union CPUTLBEntry directly,
>>> with no need for the anonymous struct.
>>
>> Um, no it can't.  That would put all of the members at the same address.
>
> Of course. :-(  With no need for the anonymous _union_.  *blush*.
>

Yeh this is what I assumed you meant. You still need one anonymous
struct, but it saves one level of indent and one less anonymous thing.

Regards,
Peter

>>> Which compiler version started implementing anonymous structs?
>>
>> A long long time ago -- gcc 2 era.
>
> Great.  I now remember that the recent feature is anonymous tagged
> structs, coming from the Plan 9 compiler.
>
> Paolo
>
>>> Or can we just add
>>>
>>>  __attribute__((__aligned__(1 << CPU_TLB_ENTRY_BITS)))
>>
>> The structure isn't currently aligned, and it needn't be.  We only need
>> the size to be a power of two for the addressing.
>>
>>
>>
>> r~
>

Re: [Qemu-devel] [PATCH pic32 v2 5/5] Two new machine platforms: pic32mz7 and pic32mz.

[Peter Crosthwaite]

On Mon, Jul 6, 2015 at 11:58 AM, Serge Vakulenko
 wrote:
> On Mon, Jul 6, 2015 at 12:33 AM, Antony Pavlov  
> wrote:
>> On Sun, 5 Jul 2015 21:18:11 -0700
>> Serge Vakulenko  wrote:
>>
>>> On Wed, Jul 1, 2015 at 6:41 AM, Aurelien Jarno  wrote:
>>> > On 2015-06-30 21:12, Serge Vakulenko wrote:
>>> >> Signed-off-by: Serge Vakulenko 
>>> >> ---
>>> >>  hw/mips/Makefile.objs   |3 +
>>> >>  hw/mips/mips_pic32mx7.c | 1652 +
>>> >>  hw/mips/mips_pic32mz.c  | 2840 
>>> >> +++
>>> >>  hw/mips/pic32_ethernet.c|  557 +
>>> >>  hw/mips/pic32_gpio.c|   39 +
>>> >>  hw/mips/pic32_load_hex.c|  238 
>>> >>  hw/mips/pic32_peripherals.h |  210 
>>> >>  hw/mips/pic32_sdcard.c  |  428 +++
>>> >>  hw/mips/pic32_spi.c |  121 ++
>>> >>  hw/mips/pic32_uart.c|  228 
>>> >>  hw/mips/pic32mx.h   | 1290 
>>> >>  hw/mips/pic32mz.h   | 2093 +++
>>> >>  12 files changed, 9699 insertions(+)
>>> >>  create mode 100644 hw/mips/mips_pic32mx7.c
>>> >>  create mode 100644 hw/mips/mips_pic32mz.c
>>> >>  create mode 100644 hw/mips/pic32_ethernet.c
>>> >>  create mode 100644 hw/mips/pic32_gpio.c
>>> >>  create mode 100644 hw/mips/pic32_load_hex.c
>>> >>  create mode 100644 hw/mips/pic32_peripherals.h
>>> >>  create mode 100644 hw/mips/pic32_sdcard.c
>>> >>  create mode 100644 hw/mips/pic32_spi.c
>>> >>  create mode 100644 hw/mips/pic32_uart.c
>>> >>  create mode 100644 hw/mips/pic32mx.h
>>> >>  create mode 100644 hw/mips/pic32mz.h
>>> >
>>> > This patch is huge, and needs to be splitted to ease the review.
>>>
>>> I'll prepare a new patch set, with every new file put into a separate
>>> message. Other issues fixed as well.
>>
>> Putting every new file into a separate message is a nonsense.
>> Please separate __logical changes__ into a single patch.
>
> Aurelien Jarno asked to split this patch to ease the review.
>

There are better ways to split the patch other than straight per-file
though. For example, header patches (e.g. for your structs) should go
with their accompanying C code changes.

git add -p is the interactive utility for selecting specific changes
to be included in a commit.

Regards,
Peter

>> --
>> Best regards,
>>   Antony Pavlov
>

Re: [Qemu-devel] [PATCH qemu v10 10/14] spapr_pci: Enable vfio-pci hotplug

[Thomas Huth]

On Mon,  6 Jul 2015 12:11:06 +1000
Alexey Kardashevskiy  wrote:

> sPAPR IOMMU is managing two copies of an TCE table:
> 1) a guest view of the table - this is what emulated devices use and
> this is where H_GET_TCE reads from;
> 2) a hardware TCE table - only present if there is at least one vfio-pci
> device on a PHB; it is updated via a memory listener on a PHB address
> space which forwards map/unmap requests to vfio-pci IOMMU host driver.
> 
> At the moment presence of vfio-pci devices on a bus affect the way
> the guest view table is allocated. If there is no vfio-pci on a PHB
> and the host kernel supports KVM acceleration of H_PUT_TCE, a table
> is allocated in KVM. However, if there is vfio-pci and we do yet not
> support KVM acceleration for these, the table has to be allocated
> by the userspace.
> 
> When vfio-pci device is hotplugged and there were no vfio-pci devices
> already, the guest view table could have been allocated by KVM which
> means that H_PUT_TCE is handled by the host kernel and since we
> do not support vfio-pci in KVM, the hardware table will not be updated.
> 
> This reallocates the guest view table in QEMU if the first vfio-pci
> device has just been plugged. spapr_tce_realloc_userspace() handles this.

I wonder whether it would help to improve the readability of the code
later if you put the description of the function into the code instead
of the commit message?

> This replays all the mappings to make sure that the tables are in sync.
> This will not have a visible effect though as for a new device
> the guest kernel will allocate-and-map new addresses and therefore
> existing mappings from emulated devices will not be used by vfio-pci
> devices.
> 
> This adds calls to spapr_phb_dma_capabilities_update() in PCI hotplug
> hooks.
> 
> Signed-off-by: Alexey Kardashevskiy 
> ---
...
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 76c988f..d1fa157 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -827,6 +827,43 @@ int spapr_phb_dma_reset(sPAPRPHBState *sphb)
>  return 0;
>  }
>  
> +static int spapr_phb_hotplug_dma_sync(sPAPRPHBState *sphb)
> +{
> +int ret = 0, i;
> +bool had_vfio = sphb->has_vfio;
> +sPAPRTCETable *tcet;
> +
> +spapr_phb_dma_capabilities_update(sphb);
> +
> +if (!had_vfio && sphb->has_vfio) {

if (had_vfio || !sphb->has_vfio) {
return 0;
}

... and then you can save one level of indentation for the following
for-loop.

> +for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
> +tcet = spapr_tce_find_by_liobn(SPAPR_PCI_LIOBN(sphb->index, i));
> +if (!tcet || !tcet->enabled) {
> +continue;
> +}
> +if (tcet->fd >= 0) {
> +/*
> + * We got first vfio-pci device on accelerated table.
> + * VFIO acceleration is not possible.
> + * Reallocate table in userspace and replay mappings.
> + */
> +ret = spapr_tce_realloc_userspace(tcet, true);
> +trace_spapr_pci_dma_realloc_update(tcet->liobn, ret);
> +} else {
> +/* There was no acceleration, so just replay mappings. */
> +ret = spapr_tce_replay(tcet);
> +trace_spapr_pci_dma_update(tcet->liobn, ret);
> +}
> +if (ret) {
> +break;
> +}
> +}
> +return ret;
> +}
> +
> +return 0;
> +}
> +
>  /* Macros to operate with address in OF binding to PCI */
>  #define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
>  #define b_n(x)  b_x((x), 31, 1) /* 0 if relocatable */
...
> @@ -1130,6 +1174,9 @@ static void spapr_phb_remove_pci_device_cb(DeviceState 
> *dev, void *opaque)
>   */
>  pci_device_reset(PCI_DEVICE(dev));
>  object_unparent(OBJECT(dev));
> +
> +/* Actual VFIO device release happens from RCU so postpone DMA update */
> +call_rcu1(&((sPAPRPHBState *)opaque)->rcu, spapr_phb_remove_sync_dma);

Too much brackets again for my taste ;-)

>  }
>  

 Thomas

Re: [Qemu-devel] [PATCH qemu v10 09/14] spapr_vfio_pci: Remove redundant spapr-pci-vfio-host-bridge

[Thomas Huth]

On Mon,  6 Jul 2015 12:11:05 +1000
Alexey Kardashevskiy  wrote:

> sPAPRTCETable is handling 2 TCE tables already:
> 
> 1) guest view of the TCE table - emulated devices use only this table;
> 
> 2) hardware IOMMU table - VFIO PCI devices use it for actual work but
> it does not replace 1) and it is not visible to the guest.
> The initialization of this table is driven by vfio-pci device,
> DMA map/unmap requests are handled via MemoryListener so there is very
> little to do in spapr-pci-vfio-host-bridge.
> 
> This moves VFIO bits to the generic spapr-pci-host-bridge which allows
> putting emulated and VFIO devices on the same PHB. It is still possible
> to create multiple PHBs and avoid sharing PHB resouces for emulated and
> VFIO devices.
> 
> If there is no VFIO-PCI device attaches, no special ioctls will be called.
> If there are some VFIO-PCI devices attached, PHB may refuse to attach
> another VFIO-PCI device if a VFIO container on the host kernel side
> does not support container sharing.
> 
> This changes spapr-pci-host-bridge to support properties of
> spapr-pci-vfio-host-bridge. This makes spapr-pci-vfio-host-bridge type
> equal to spapr-pci-host-bridge except it has an additional "iommu"
> property for backward compatibility reasons.
> 
> This moves PCI device lookup from spapr_phb_vfio_eeh_set_option() to
> rtas_ibm_set_eeh_option() as we need to know if the device is "vfio-pci"
> and decide whether to call spapr_phb_vfio_eeh_set_option() or not.
> 
> Signed-off-by: Alexey Kardashevskiy 
> Reviewed-by: David Gibson 
> ---
> Changes:
> v9:
> * s'iommugroupid shall not be used'iommugroupid is deprecated and will be 
> ignored'
> in error log
> 
> v8:
> * call spapr_phb_vfio_eeh_set_option() on vfio-pci devices only (reported by 
> Gavin)
> ---
>  hw/ppc/spapr_pci.c  | 82 +++
>  hw/ppc/spapr_pci_vfio.c | 85 
> +
>  include/hw/pci-host/spapr.h | 25 ++---
>  3 files changed, 55 insertions(+), 137 deletions(-)
> 
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 00816b3..76c988f 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
...
> @@ -841,9 +811,8 @@ int spapr_phb_dma_reset(sPAPRPHBState *sphb)
>  {
>  int i;
>  sPAPRTCETable *tcet;
> -sPAPRPHBClass *spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
>  
> -spc->dma_capabilities_update(sphb); /* Refresh @has_vfio status */
> +spapr_phb_dma_capabilities_update(sphb); /* Refresh @has_vfio status */
>  
>  for (i = 0; i < SPAPR_PCI_DMA_MAX_WINDOWS; ++i) {
>  tcet = spapr_tce_find_by_liobn(SPAPR_PCI_LIOBN(sphb->index, i));
> @@ -852,8 +821,8 @@ int spapr_phb_dma_reset(sPAPRPHBState *sphb)
>  }
>  }
>  
> -spc->dma_init_window(sphb, SPAPR_PCI_LIOBN(sphb->index, 0),
> - SPAPR_TCE_PAGE_SHIFT, sphb->dma32_window_size);
> +spapr_phb_dma_init_window(sphb, SPAPR_PCI_LIOBN(sphb->index, 0),
> +  SPAPR_TCE_PAGE_SHIFT, sphb->dma32_window_size);
>  
>  return 0;
>  }
> @@ -1271,6 +1240,11 @@ static void spapr_phb_realize(DeviceState *dev, Error 
> **errp)
>  uint64_t msi_window_size = 4096;
>  sPAPRTCETable *tcet;
>  
> +if ((sphb->iommugroupid != -1) &&

Too many brackets for my taste...
... but apart from that, the patch looks good to me.

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 0/7] error: On abort, report where the error was created

[Michael S. Tsirkin]

On Mon, Jun 22, 2015 at 09:26:33PM +0200, Markus Armbruster wrote:
> Applies on top of "[PULL 00/24] Monitor patches".

I've no objection to this, though I'd still like
to make it abort at the actuall error site too.
That one will need a bit more work though.

> Markus Armbruster (7):
>   error: De-duplicate code creating Error objects
>   error: Make error_setg() a function
>   qga: Clean up unnecessarily dirty casts
>   qga/vss-win32: Document the DLL requires non-null errp
>   error: error_set_errno() is unused, drop
>   error: Revamp interface documentation
>   error: On abort, report where the error was created
> 
>  include/qapi/error.h| 226 
> ++--
>  qga/vss-win32.c |   6 +-
>  qga/vss-win32/requester.cpp |   8 +-
>  qga/vss-win32/requester.h   |  12 ++-
>  util/error.c| 111 +++---
>  5 files changed, 228 insertions(+), 135 deletions(-)
> 
> -- 
> 1.9.3

Re: [Qemu-devel] [v11 01/15] vfio: extract vfio_get_hot_reset_info as a single function

[Alex Williamson]

On Wed, 2015-06-24 at 17:45 +0800, Chen Fan wrote:
> the function is used to get affected devices by bus reset.
> so here extract it, and can used for aer soon.
> 
> Signed-off-by: Chen Fan 
> ---
>  hw/vfio/pci.c | 66 
> +++
>  1 file changed, 48 insertions(+), 18 deletions(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index e0e339a..4a97ccc 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -2641,6 +2641,51 @@ static void vfio_check_af_flr(VFIOPCIDevice *vdev, 
> uint8_t pos)
>  }
>  }
>  
> +/*
> + * return negative with errno, return 0 on success.
> + * if success, the point of ret_info fill with the affected device reset 
> info.
> + *
> + */
> +static int vfio_get_hot_reset_info(VFIOPCIDevice *vdev,
> +   struct vfio_pci_hot_reset_info **ret_info)
> +{
> +struct vfio_pci_hot_reset_info *info;
> +int ret, count;
> +
> +*ret_info = NULL;
> +
> +info = g_malloc0(sizeof(*info));
> +info->argsz = sizeof(*info);
> +
> +ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
> +if (ret && errno != ENOSPC) {
> +ret = -errno;
> +goto error;
> +}
> +
> +count = info->count;
> +
> +info = g_realloc(info, sizeof(*info) +
> + (count * sizeof(struct vfio_pci_dependent_device)));
> +info->argsz = sizeof(*info) +
> +  (count * sizeof(struct vfio_pci_dependent_device));
> +
> +ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
> +if (ret) {
> +ret = -errno;
> +error_report("vfio: hot reset info failed: %m");
> +goto error;
> +}
> +
> +*ret_info = info;
> +info = NULL;
> +
> +return 0;

The only reason I can see to set @info to NULL is to remove this return
and let us fall through.  Isn't it pointless otherwise?

> +error:
> +g_free(info);
> +return ret;
> +}
> +
>  static int vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos)
>  {
>  PCIDevice *pdev = &vdev->pdev;
> @@ -2780,7 +2825,7 @@ static bool vfio_pci_host_match(PCIHostDeviceAddress 
> *host1,
>  static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool single)
>  {
>  VFIOGroup *group;
> -struct vfio_pci_hot_reset_info *info;
> +struct vfio_pci_hot_reset_info *info = NULL;
>  struct vfio_pci_dependent_device *devices;
>  struct vfio_pci_hot_reset *reset;
>  int32_t *fds;
> @@ -2792,12 +2837,8 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, 
> bool single)
>  vfio_pci_pre_reset(vdev);
>  vdev->vbasedev.needs_reset = false;
>  
> -info = g_malloc0(sizeof(*info));
> -info->argsz = sizeof(*info);
> -
> -ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
> -if (ret && errno != ENOSPC) {
> -ret = -errno;
> +ret = vfio_get_hot_reset_info(vdev, &info);
> +if (ret) {
>  if (!vdev->has_pm_reset) {
>  error_report("vfio: Cannot reset device %04x:%02x:%02x.%x, "
>   "no available reset mechanism.", vdev->host.domain,
> @@ -2806,18 +2847,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, 
> bool single)
>  goto out_single;
>  }
>  
> -count = info->count;
> -info = g_realloc(info, sizeof(*info) + (count * sizeof(*devices)));
> -info->argsz = sizeof(*info) + (count * sizeof(*devices));
>  devices = &info->devices[0];
> -
> -ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
> -if (ret) {
> -ret = -errno;
> -error_report("vfio: hot reset info failed: %m");
> -goto out_single;
> -}
> -
>  trace_vfio_pci_hot_reset_has_dep_devices(vdev->vbasedev.name);
>  
>  /* Verify that we have all the groups required */

Re: [Qemu-devel] [PATCH 7/7] error: On abort, report where the error was created

[Laszlo Ersek]

On 06/22/15 21:26, Markus Armbruster wrote:
> This is particularly useful when we abort in error_propagate(),
> because there the stack backtrace doesn't lead to where the error was
> created.  Looks like this:
> 
> Unexpected error at /work/armbru/qemu/blockdev.c:322:
> qemu-system-x86_64: -drive if=none,werror=foo: 'foo' invalid write error 
> action
> Aborted (core dumped)
> [Exit 134 (SIGABRT)]
> 
> Note: to get this example output, I monkey-patched drive_new() to pass
> &error_abort to blockdev_init().
> 
> To keep the error handling boiler plate from growing even more, all
> error_setFOO() become macros expanding into error_setFOO_internal()
> with additional __FILE__, __LINE__ arguments.  Not exactly pretty, but
> it works.

Please consider squeezing in __func__ too. The information given by
__FILE__:__LINE__ goes stale quite a bit faster than when __func__ is
included (in a triplet then).

In a poorly written bug report (eg. no exact version / git commit
identified), the function name could be the most helpful bit.

Just an idea, of course. :)

Thanks
Laszlo

> 
> The macro trickery breaks down when you take the address of an
> error_setFOO().  Fortunately, we do that in just one place: qemu-ga's
> Windows VSS provider and requester DLL wants to call
> error_setg_win32() through a function pointer "to avoid linking glib
> to the DLL".  Use error_setg_win32_internal() there.  The use of the
> function pointer is already wrapped in a macro, so the churn isn't
> bad.
> 
> Code size increases by some 14KiB for me (0.3%).  Tolerable.  Could be
> less if we passed relative rather than absolute source file names to
> the compiler.
> 
> Signed-off-by: Markus Armbruster 
> ---
>  include/qapi/error.h| 36 +-
>  qga/vss-win32.c |  2 +-
>  qga/vss-win32/requester.cpp |  5 +++--
>  qga/vss-win32/requester.h   |  5 +++--
>  util/error.c| 47 
> ++---
>  5 files changed, 65 insertions(+), 30 deletions(-)
> 
> diff --git a/include/qapi/error.h b/include/qapi/error.h
> index 9466b09..501e110 100644
> --- a/include/qapi/error.h
> +++ b/include/qapi/error.h
> @@ -104,16 +104,22 @@ ErrorClass error_get_class(const Error *err);
>   * The new error's class is ERROR_CLASS_GENERIC_ERROR, and its
>   * human-readable error message is made from printf-style @fmt, ...
>   */
> -void error_setg(Error **errp, const char *fmt, ...)
> -GCC_FMT_ATTR(2, 3);
> +#define error_setg(errp, fmt, ...) \
> +error_setg_internal((errp), __FILE__, __LINE__, (fmt), ## __VA_ARGS__)
> +void error_setg_internal(Error **errp, const char *src, int line,
> + const char *fmt, ...) GCC_FMT_ATTR(4, 5);
>  
>  /*
>   * Just like error_setg(), with @os_error info added to the message.
>   * If @os_error is non-zero, ": " + strerror(os_error) is appended to
>   * the human-readable error message.
>   */
> -void error_setg_errno(Error **errp, int os_error, const char *fmt, ...)
> -GCC_FMT_ATTR(3, 4);
> +#define error_setg_errno(errp, os_error, fmt, ...)  \
> +error_setg_errno_internal((errp), __FILE__, __LINE__, (os_error),   \
> +  (fmt), ## __VA_ARGS__)
> +void error_setg_errno_internal(Error **errp, const char *fname, int line,
> +   int os_error, const char *fmt, ...)
> +GCC_FMT_ATTR(5, 6);
>  
>  #ifdef _WIN32
>  /*
> @@ -121,8 +127,12 @@ void error_setg_errno(Error **errp, int os_error, const 
> char *fmt, ...)
>   * If @win32_error is non-zero, ": " + g_win32_error_message(win32_err)
>   * is appended to the human-readable error message.
>   */
> -void error_setg_win32(Error **errp, int win32_err, const char *fmt, ...)
> -GCC_FMT_ATTR(3, 4);
> +#define error_setg_win32(errp, win32_err, fmt, ...) \
> +error_setg_win32_internal((errp), __FILE__, __LINE__, (win32_err),  \
> +  (fmt), ## __VA_ARGS__)
> +void error_setg_win32_internal(Error **errp, const char *src, int line,
> +   int win32_err, const char *fmt, ...)
> +GCC_FMT_ATTR(5, 6);
>  #endif
>  
>  /*
> @@ -143,7 +153,11 @@ void error_propagate(Error **dst_errp, Error *local_err);
>  /*
>   * Convenience function to report open() failure.
>   */
> -void error_setg_file_open(Error **errp, int os_errno, const char *filename);
> +#define error_setg_file_open(errp, os_errno, filename)  \
> +error_setg_file_open_internal((errp), __FILE__, __LINE__,   \
> +  (os_errno), (filename))
> +void error_setg_file_open_internal(Error **errp, const char *src, int line,
> +   int os_errno, const char *filename);
>  
>  /*
>   * Return an exact copy of @err.
> @@ -165,8 +179,12 @@ void error_report_err(Error *);
>   * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is
>   * strongly discouraged.
> 

Re: [Qemu-devel] [v11 08/15] vfio: add check host bus reset is support or not

[Alex Williamson]

On Wed, 2015-06-24 at 17:46 +0800, Chen Fan wrote:
> when init vfio devices done, we should test all the devices supported
> aer whether conflict with others. For each one, get the hot reset
> info for the affected device list.  For each affected device, all
> should attach to the VM and on the same slot. also, we should test
> all of the non-AER supporting vfio-pci devices on or below the target
> bus to verify they have a reset mechanism.
> 
> Signed-off-by: Chen Fan 
> ---
>  hw/vfio/pci.c | 213 
> --
>  1 file changed, 206 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index e1bbd03..c2af8f1 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -32,6 +32,7 @@
>  #include "hw/pci/msi.h"
>  #include "hw/pci/msix.h"
>  #include "hw/pci/pci.h"
> +#include "hw/pci/pci_bus.h"
>  #include "hw/pci/pci_bridge.h"
>  #include "qemu-common.h"
>  #include "qemu/error-report.h"
> @@ -2822,6 +2823,184 @@ static int vfio_add_std_cap(VFIOPCIDevice *vdev, 
> uint8_t pos)
>  return 0;
>  }
>  
> +static bool vfio_pci_host_match(PCIHostDeviceAddress *host1,
> +PCIHostDeviceAddress *host2)
> +{
> +return (host1->domain == host2->domain && host1->bus == host2->bus &&
> +host1->slot == host2->slot && host1->function == 
> host2->function);
> +}
> +
> +struct VFIODeviceFind {
> +PCIDevice *pdev;
> +bool found;
> +};
> +
> +static void vfio_check_device_reset(PCIBus *bus, void *opaque)
> +{
> +int i;
> +PCIDevice *dev;
> +VFIOPCIDevice *vdev;
> +struct VFIODeviceFind *find = opaque;
> +
> +if (find->found) {
> +return;
> +}
> +
> +for (i = 0; i < ARRAY_SIZE(bus->devices); i++) {
> +if (!bus->devices[i]) {
> +continue;
> +}
> +dev = bus->devices[i];
> +if (!object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
> +continue;
> +}
> +vdev = DO_UPCAST(VFIOPCIDevice, pdev, dev);
> +if (!(vdev->features & VFIO_FEATURE_ENABLE_AER) &&
> +!vdev->vbasedev.reset_works) {
> +find->pdev = dev;
> +find->found = true;
> +break;
> +}
> +}
> +}
> +
> +static int vfio_check_host_bus_reset(VFIOPCIDevice *vdev)
> +{
> +PCIBus *bus = vdev->pdev.bus;
> +PCIDevice *pdev = &vdev->pdev;
> +struct vfio_pci_hot_reset_info *info = NULL;
> +struct vfio_pci_dependent_device *devices;
> +VFIOGroup *group;
> +struct VFIODeviceFind find;
> +bool hotplugged = DEVICE(vdev)->hotplugged;
> +int ret, i;
> +
> +ret = vfio_get_hot_reset_info(vdev, &info);
> +if (ret) {
> +error_report("vfio: Cannot get hot reset info");
> +goto out;

nit, we never need to free info if this errors, so we could simply
'return ret' here.  Maybe you're trying to consolidate the error path
since it's safe to free(NULL).

> +}
> +
> +/* we only support hotplug device is single function */
> +if (hotplugged && info->count > 1) {
> +error_report("vfio: Cannot enable AER for device %s, "
> + "hotplug device only support single function.",
> + vdev->vbasedev.name);

For nearly all practical purposes, this means we don't support hot-add
of vfio-pci for devices with aer=on; the majority of devices are
multi-function.  If we're willing to eliminate all hot-add except for
single function devices, I question the value of what we're doing here.
Hot-add of multi-function PCI devices is currently a deficiency in QEMU,
and it probably needs to be solved in order for this approach to be
viable.

> +ret = -1;
> +goto out;
> +}
> +
> +/* List all affected devices by bus reset */
> +devices = &info->devices[0];
> +
> +/* Verify that we have all the groups required */
> +for (i = 0; i < info->count; i++) {
> +PCIHostDeviceAddress host;
> +VFIOPCIDevice *tmp;
> +VFIODevice *vbasedev_iter;
> +bool found = false;
> +
> +host.domain = devices[i].segment;
> +host.bus = devices[i].bus;
> +host.slot = PCI_SLOT(devices[i].devfn);
> +host.function = PCI_FUNC(devices[i].devfn);
> +
> +/* Skip the current device */
> +if (vfio_pci_host_match(&host, &vdev->host)) {
> +continue;
> +}
> +
> +/* Ensure we own the group of the affected device */
> +QLIST_FOREACH(group, &vfio_group_list, next) {
> +if (group->groupid == devices[i].group_id) {
> +break;
> +}
> +}
> +
> +if (!group) {
> +error_report("vfio: Cannot enable AER for device %s, "
> + "depends on group %d which is not owned.",
> + vdev->vbasedev.name, devices[i].group_id);

Printing the device associated with that group would likely be helpful
as well.

> +ret =