Re: [Qemu-devel] [ARM SMBIOS V4 PATCH 0/2] SMBIOS Support for ARM

[Peter Maydell]

On 13 August 2015 at 18:09, Wei Huang  wrote:
> SMBIOS tables present userful system hardware info to management
> applications, such as DMI tools. Even though SMBIOS was originally
> developed for Intel x86, it has been extended to both Itanium and
> ARM (32bit & 64bit). More and more ARM server releases, such as
> RHEL Server for ARM, start to integrate support for SMBIOS.
>
> This patchset is intendted to provid SMBIOS tables for ARM mach-virt
> machine. The SMBIOS tables are created and stored in fw_cfg, relying on
> OVMF (AAVMF) to parse/present SMBIOS entry.
>
> Given that refractoring patches have been accepted by mst. This new
> version (V4) integrates SMBIOS 3.0 support for ARM mach-virt. I have
> tested this version using a customized AAVMF created by Laszlo, who
> has submitted his patches to OVMF mailing list.

Applied to target-arm.next, thanks.

(It seemed to me like this should go through the ARM tree since
it's adding ARM support; let me know if anybody would rather
it go through a different tree or has a reason to hold off
applying it just now.)

-- PMM

Re: [Qemu-devel] [PATCH v5 3/4] sPAPR: Support RTAS call ibm, {open, close}-errinjct

[Gavin Shan]

On Wed, Aug 19, 2015 at 09:15:26AM -0700, Thomas Huth wrote:
>On 18/08/15 18:15, David Gibson wrote:
>> On Wed, Aug 19, 2015 at 09:52:00AM +1000, Gavin Shan wrote:
>>> On Tue, Aug 18, 2015 at 10:32:13AM -0700, Thomas Huth wrote:
 On 17/08/15 18:47, Gavin Shan wrote:
> The patch supports RTAS calls "ibm,{open,close}-errinjct" to
> manupliate the token, which is passed to RTAS call "ibm,errinjct"
> to indicate the valid context for error injection. Each VM is
> permitted to have only one token at once and we simply have one
> random number for that.

 Looking at the code, you're using a sequence number now instead of a
 random number?

>>>
>>> Yes, it's what Alexey suggested.
>
>Then please update the commit message accordingly.
>

Yes, I'll update changelog accordingly.

> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index e99e25f..8405056 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -604,6 +604,68 @@ out:
>  rtas_st(rets, 0, rc);
>  }
>  
> +static void rtas_ibm_open_errinjct(PowerPCCPU *cpu,
> +   sPAPRMachineState *spapr,
> +   uint32_t token, uint32_t nargs,
> +   target_ulong args, uint32_t nret,
> +   target_ulong rets)
> +{
> +int32_t ret;
> +
> +/* Sanity check on number of arguments */
> +if ((nargs != 0) || (nret != 2)) {

 Uh, did Alexey infect you with paranthesitis?

>>>
>>> hehe~, nope. I'll drop those unnecessary paranthesitis :-)
>> 
>> I'd prefer you didn't.  Unlike Thomas, I also don't remember C order
>> of ops that well and would prefer the clarity.
>
>You can always look it up if you're unsure, e.g.:
>
>http://en.cppreference.com/w/c/language/operator_precedence
>
>And once you've learnt it, the additional paranthesis just look
>cumbersome. So please remove them!
>

Ok. I'll check the code and remove unnecessary paranthesis in next revision.

Thanks,
Gavin

[Qemu-devel] [Bug 685096] Re: USB Passthrough not working for Windows 7 guest

[Nehal J Wani]

Comment No. 23 by Manuel Baesler worked for me in Windows 10.
lsusb gave me:
Bus 001 Device 040: ID 8564:1000 Transcend Information, Inc. JetFlash
Qemu Flags used:
-device usb-ehci,id=usb,bus=pci.0,addr=0x4 -device 
usb-host,vendorid=0x8564,productid=0x1000,id=hostdev0,bus=usb.0

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/685096

Title:
  USB Passthrough not working for Windows 7 guest

Status in QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu package in Debian:
  New

Bug description:
  USB Passthrough from host to guest is not working for a 32-bit Windows
  7 guest, while it works perfectly for a 32-bit Windows XP guest.

  The device appears in the device manager of Windows 7, but with "Error
  code 10: device cannot start". I have tried this with numerous USB
  thumbdrives and a USB wireless NIC, all with the same result. The
  device name and functionality is recognized, so at least some USB
  negotiation is taking place.

  I am trying this with the latest git-pull of QEMU-KVM.

  The command line to launch qemu-kvm for win7 is:
  sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024 
-smp 2 -vga std -hda ./disk_images/win7.qcow -vnc :1 -boot c -usb -usbdevice 
tablet -usbdevice host:0781:5150

  The command line to launch qemu-kvm for winxp is:
  sudo /home/user/local_install/bin/qemu-system-x86_64 -cpu core2duo -m 1024 
-smp 2 -usb -vga std -hda ./winxpsp3.qcow -vnc :0 -boot c -usbdevice tablet 
-usbdevice host:0781:5150

  Any help is appreciated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/685096/+subscriptions

Re: [Qemu-devel] [PATCH 11/25] audio: reduce glob_audio_state usage

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Signed-off-by: Kővágó, Zoltán 

Fill a bit the commit message, to say simply use AudioState instead.
Also explain why you add AudioState *s in struct although it's not
used in that commit, saying simply it's going to be used in later
commit is enough imho (I guess it is).

> ---
>  audio/audio.c  | 41 -
>  audio/audio_int.h  |  4 
>  audio/audio_template.h | 46 ++
>  3 files changed, 46 insertions(+), 45 deletions(-)
>
> diff --git a/audio/audio.c b/audio/audio.c
> index 08ac15e..05b24dc 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -367,12 +367,10 @@ static void noop_conv (struct st_sample *dst, const 
> void *src, int samples)
>  (void) samples;
>  }
>
> -static CaptureVoiceOut *audio_pcm_capture_find_specific (
> -struct audsettings *as
> -)
> +static CaptureVoiceOut *audio_pcm_capture_find_specific(AudioState *s,
> +struct audsettings 
> *as)
>  {
>  CaptureVoiceOut *cap;
> -AudioState *s = &glob_audio_state;
>
>  for (cap = s->cap_head.lh_first; cap; cap = cap->entries.le_next) {
>  if (audio_pcm_info_eq (&cap->hw.info, as)) {
> @@ -449,7 +447,7 @@ static void audio_detach_capture (HWVoiceOut *hw)
>
>  static int audio_attach_capture (HWVoiceOut *hw)
>  {
> -AudioState *s = &glob_audio_state;
> +AudioState *s = hw->s;
>  CaptureVoiceOut *cap;
>
>  audio_detach_capture (hw);
> @@ -762,15 +760,15 @@ static void audio_pcm_print_info (const char *cap, 
> struct audio_pcm_info *info)
>  /*
>   * Timer
>   */
> -static int audio_is_timer_needed (void)
> +static int audio_is_timer_needed(AudioState *s)
>  {
>  HWVoiceIn *hwi = NULL;
>  HWVoiceOut *hwo = NULL;
>
> -while ((hwo = audio_pcm_hw_find_any_enabled_out (hwo))) {
> +while ((hwo = audio_pcm_hw_find_any_enabled_out(s, hwo))) {
>  if (!hwo->poll_mode) return 1;
>  }
> -while ((hwi = audio_pcm_hw_find_any_enabled_in (hwi))) {
> +while ((hwi = audio_pcm_hw_find_any_enabled_in(s, hwi))) {
>  if (!hwi->poll_mode) return 1;
>  }
>  return 0;
> @@ -778,7 +776,7 @@ static int audio_is_timer_needed (void)
>
>  static void audio_reset_timer (AudioState *s)
>  {
> -if (audio_is_timer_needed ()) {
> +if (audio_is_timer_needed(s)) {
>  timer_mod (s->ts,
>  qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + s->period_ticks);
>  }
> @@ -847,7 +845,7 @@ void AUD_set_active_out (SWVoiceOut *sw, int on)
>
>  hw = sw->hw;
>  if (sw->active != on) {
> -AudioState *s = &glob_audio_state;
> +AudioState *s = sw->s;
>  SWVoiceOut *temp_sw;
>  SWVoiceCap *sc;
>
> @@ -894,7 +892,7 @@ void AUD_set_active_in (SWVoiceIn *sw, int on)
>
>  hw = sw->hw;
>  if (sw->active != on) {
> -AudioState *s = &glob_audio_state;
> +AudioState *s = sw->s;
>  SWVoiceIn *temp_sw;
>
>  if (on) {
> @@ -1017,7 +1015,7 @@ static void audio_run_out (AudioState *s)
>  HWVoiceOut *hw = NULL;
>  SWVoiceOut *sw;
>
> -while ((hw = audio_pcm_hw_find_any_enabled_out (hw))) {
> +while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) {
>  int played;
>  int live, free, nb_live, cleanup_required, prev_rpos;
>
> @@ -1121,7 +1119,7 @@ static void audio_run_in (AudioState *s)
>  {
>  HWVoiceIn *hw = NULL;
>
> -while ((hw = audio_pcm_hw_find_any_enabled_in (hw))) {
> +while ((hw = audio_pcm_hw_find_any_enabled_in(s, hw))) {
>  SWVoiceIn *sw;
>  int captured, min;
>
> @@ -1224,8 +1222,8 @@ static int audio_driver_init(AudioState *s, struct 
> audio_driver *drv,
>  s->drv_opaque = drv->init(dev);
>
>  if (s->drv_opaque) {
> -audio_init_nb_voices_out (drv);
> -audio_init_nb_voices_in (drv);
> +audio_init_nb_voices_out(s, drv);
> +audio_init_nb_voices_in(s, drv);
>  s->drv = drv;
>  return 0;
>  }
> @@ -1244,11 +1242,11 @@ static void audio_vm_change_state_handler (void 
> *opaque, int running,
>  int op = running ? VOICE_ENABLE : VOICE_DISABLE;
>
>  s->vm_running = running;
> -while ((hwo = audio_pcm_hw_find_any_enabled_out (hwo))) {
> +while ((hwo = audio_pcm_hw_find_any_enabled_out(s, hwo))) {
>  hwo->pcm_ops->ctl_out (hwo, op);
>  }
>
> -while ((hwi = audio_pcm_hw_find_any_enabled_in (hwi))) {
> +while ((hwi = audio_pcm_hw_find_any_enabled_in(s, hwi))) {
>  hwi->pcm_ops->ctl_in (hwi, op);
>  }
>  audio_reset_timer (s);
> @@ -1260,7 +1258,7 @@ static void audio_atexit (void)
>  HWVoiceOut *hwo = NULL;
>  HWVoiceIn *hwi = NULL;
>
> -while ((hwo = audio_pcm_hw_find_any_out (hwo))) {
> +while ((hwo = audio_pcm_hw_find_any_out(s, hwo))) {
>  SWVoiceCap *sc;
>
>  if (hwo->enabled) {
> @@ -1278,7 +1276,

Re: [Qemu-devel] [PATCH 9/9] target-arm: Wire up HLT 0xf000 as the A64 semihosting instruction

[Christopher Covington]

On Aug 13, 2015 9:35 AM, "Peter Maydell"  wrote:
>
> For the A64 instruction set, the semihosting call instruction
> is 'HLT 0xf000'. Wire this up to call do_arm_semihosting()
> if semihosting is enabled.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Christopher Covington 

Re: [Qemu-devel] [PATCH v2 0/3] SysFS driver for QEMU fw_cfg device

[Ard Biesheuvel]

On 19 August 2015 at 22:49, Gabriel L. Somlo  wrote:
> Hi Ard,
>
> On Wed, Aug 19, 2015 at 11:42:02AM +0200, Ard Biesheuvel wrote:
>> (missed some cc's)
>>
>> On 19 August 2015 at 11:38, Ard Biesheuvel  wrote:
>> > From: "Gabriel L. Somlo" 
>> >> Several different architectures supported by QEMU are set up with a
>> >> "firmware configuration" (fw_cfg) device, used to pass configuration
>> >> "blobs" into the guest by the host running QEMU.
>> >>
>> >> Historically, these config blobs were mostly of interest to the guest
>> >> BIOS, but since QEMU v2.4 it is possible to insert arbitrary blobs via
>> >> the command line, which makes them potentially interesting to userspace
>> >> (e.g. for passing early boot environment variables, etc.).
>> >>
>> >
>> > Does 'potentially interesting' mean you have a use case? Could you 
>> > elaborate?
>
> My personal one would be something like:
>
> cat > guestinfo.txt << EOT
>   KEY1="val1"
>   KEY2="val2"
>   ...
> EOT
>
> qemu-system-x86_64 ... -fw-cfg name="opt/guestinfo",file=./guestinfo.txt ...
>
> Then, from inside the guest:
>
>   . /sys/firmware/qemu_fw_cfg/by_name/opt/guestinfo/raw
>
>   do_something_with $KEY1 $KEY2
>   ...
>
> But I'm thinking this is only one of the many positive things one
> could do with the ability to access random host-supplied blobs from
> guest userspace :)
>

'random host-supplied blobs' sounds awfully like files in a file
system to me, and that is already supported by QEMU and works with any
guest OS unmodified. If you are in control of the command line, surely
you can add a -drive xxx,fat:path/to/blobs -device xxx pair that
simply turns up as a volume.

>> >>   1/3 - probes for the qemu fw_cfg device in locations known to work on
>> >>   the supported architectures, in decreasing order of "likelihood".
>> >>
>> >>   While it *may* be possible to detect the presence of fw_cfg via
>> >>   acpi or dtb (on x86 and arm, respectively), there's no way I know
>> >>   of attempting that on sun4 and ppc/mac, so I've stuck with simply
>> >>   probing (the fw_cfg_modes[] structure and fw_cfg_io_probe() 
>> >> function)
>> >>   in fw_cfg.c. I could use some advice on how else that could be
>> >>   done more elegantly, if needed.
>> >>
>> >
>> > Sorry, but this is really out of the question, at least on ARM, but surely 
>> > on
>> > other architectures as well. You can't just go around and probe random 
>> > memory
>> > addresses. Perhaps QEMU tolerates it, but on anything that resembles a real
>> > system, this will immediately blow up. Also, what happens if the QEMU 
>> > memory
>> > map changes? Add more probes addresses?
>> >
>> > It is not /that/ difficult to simply wire it up to the DT and ACPI
>> > infrastructures, there are plenty of examples in the kernel tree how to
>> > accomplish that. As a bonus, it removes all the arch specific knowledge
>> > from your code, which means that if QEMU grows support for another DT or
>> > ACPI based architecture, it will just work.
>
> I was *hoping* a successful call to request_[mem_]region() will be
> enough in the way of asking for permission before probing for the
> fw_cfg registers, but I realize that might still not be polite enough :)
>

No, all request_mem_region() does is check whether the region in
question is not occupied yet by another driver. So your probing could
access unpopulated memory space, or MMIO space owned by a peripheral
whose driver is not loaded. Neither are allowable, I'm afraid.

> DT on ARM is fine, and I'm certainly happy to learn how to do it (even
> though my main focus is, for now, x86). The unfortunate thing though
> is that on x86, fw_cfg is *not* AFAICT in ACPI, so I'd have to detour into
> first adding it in on the host side, before I can rewrite the guest side
> driver to look it up in there :)
>
>> > I am not sure how relevant sun4 and ppc/mac are for what you are trying to
>> > accomplish, but perhaps it would be best to focus on x86 and ARM for now
>> > and do it correctly. If the probing is actually needed, you can always add
>> > it later.
>
> I guess that's the direction things seem to be headed, although it would
> make me a bit sad to leave out sun and ppc right from the very beginning :)
>

Sorry to be blunt, but I am not convinced there is a need for this
driver anyway.

> PS. If you have one .c file in the kernel which does any of the DT-on-arm
> boilerplate I'm supposed to immitate, I'd appreciate the shortcut :)
>

Check out drivers/tty/serial/amba-pl011.c

> PS2. Do you happen to be in Seattle right now ? :)

Nope :-)

[Qemu-devel] [PATCH 09/16] target-tilegx: Generate tcg instructions to finish "Hello world"

[gchen gchen]

Generate related tcg instructions, and qemu tilegx can finish running
"Hello world". The elf64 binary can be static or shared.

Signed-off-by: Chen Gang 
---
target-tilegx/translate.c | 2966 +
1 file changed, 2966 insertions(+)
create mode 100644 target-tilegx/translate.c

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
new file mode 100644
index 000..1dd3a43
--- /dev/null
+++ b/target-tilegx/translate.c
@@ -0,0 +1,2966 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu/log.h"
+#include "disas/disas.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "opcode_tilegx.h"
+#include "spr_def_64.h"
+
+#define FMT64X "%016" PRIx64
+#define TILEGX_TMP_REGS (TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE + 1)
+
+static TCGv_ptr cpu_env;
+static TCGv cpu_pc;
+static TCGv cpu_regs[TILEGX_R_COUNT];
+static TCGv cpu_spregs[TILEGX_SPR_COUNT];
+#if defined(CONFIG_USER_ONLY)
+static TCGv_i32 cpu_excparam;
+#endif
+
+static const char * const reg_names[] = {
+ "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
+ "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
+ "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+ "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+ "r32", "r33", "r34", "r35", "r36", "r37", "r38", "r39",
+ "r40", "r41", "r42", "r43", "r44", "r45", "r46", "r47",
+ "r48", "r49", "r50", "r51", "bp", "tp", "sp", "lr"
+};
+
+static const char * const spreg_names[] = {
+ "cmpexch", "criticalsec", "simcontrol"
+};
+
+/* It is for temporary registers */
+typedef struct DisasContextTemp {
+ uint8_t idx; /* index */
+ TCGv val; /* value */
+} DisasContextTemp;
+
+/* This is the state at translation time. */
+typedef struct DisasContext {
+ uint64_t pc; /* Current pc */
+ int exception; /* Current exception */
+
+ TCGv zero; /* For zero register */
+
+ DisasContextTemp *tmp_regcur; /* Current temporary registers */
+ DisasContextTemp tmp_regs[TILEGX_TMP_REGS]; /* All temporary registers */
+ struct {
+ TCGCond cond; /* Branch condition */
+ TCGv dest; /* pc jump destination, if will jump */
+ TCGv val1; /* Firt value for condition comparing */
+ TCGv val2; /* Second value for condition comparing */
+ } jmp; /* Jump object, only once in each TB block */
+} DisasContext;
+
+#include "exec/gen-icount.h"
+
+static void gen_exception(DisasContext *dc, int num)
+{
+ TCGv_i32 tmp = tcg_const_i32(num);
+
+ gen_helper_exception(cpu_env, tmp);
+ tcg_temp_free_i32(tmp);
+}
+
+/*
+ * All exceptions which can still let working flow continue are all in pipe x1,
+ * which is the last pipe of a bundle. So it is OK to only process the first
+ * exception within a bundle.
+ */
+static void set_exception(DisasContext *dc, int num)
+{
+ if (dc->exception == TILEGX_EXCP_NONE) {
+ dc->exception = num;
+ }
+}
+
+static bool check_gr(DisasContext *dc, uint8_t reg)
+{
+ if (likely(reg < TILEGX_R_COUNT)) {
+ return true;
+ }
+
+ switch (reg) {
+ case TILEGX_R_SN:
+ case TILEGX_R_ZERO:
+ break;
+ case TILEGX_R_IDN0:
+ case TILEGX_R_IDN1:
+ set_exception(dc, TILEGX_EXCP_REG_IDN_ACCESS);
+ break;
+ case TILEGX_R_UDN0:
+ case TILEGX_R_UDN1:
+ case TILEGX_R_UDN2:
+ case TILEGX_R_UDN3:
+ set_exception(dc, TILEGX_EXCP_REG_UDN_ACCESS);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ return false;
+}
+
+static TCGv load_zero(DisasContext *dc)
+{
+ if (TCGV_IS_UNUSED_I64(dc->zero)) {
+ dc->zero = tcg_const_i64(0);
+ }
+ return dc->zero;
+}
+
+static TCGv load_gr(DisasContext *dc, uint8_t reg)
+{
+ if (check_gr(dc, reg)) {
+ return cpu_regs[reg];
+ }
+ return load_zero(dc);
+}
+
+static TCGv dest_gr(DisasContext *dc, uint8_t rdst)
+{
+ DisasContextTemp *tmp = dc->tmp_regcur++;
+
+ /* Skip the result, mark the exception if necessary, and continue */
+ check_gr(dc, rdst);
+ assert((dc->tmp_regcur - dc->tmp_regs) < TILEGX_TMP_REGS);
+ tmp->idx = rdst;
+ tmp->val = tcg_temp_new_i64();
+ return tmp->val;
+}
+
+static void gen_atomic_excp(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, uint8_t rsrcb,
+ int excp, const char *code)
+{
+ qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s r%d, r%d, r%d\n",
+ code, rdst, rsrc, rsrcb);
+#if defined(CONFIG_USER_ONLY)
+ tcg_gen_movi_i32(cpu_excparam, (rdst << 16) | (rsrc << 8) | rsrcb);
+ tcg_gen_movi_i64

[Qemu-devel] [PATCH RFC 3/5] qapi: Merge generation of per-member visits

[Eric Blake]

Consolidate the code between visit and command marshalling that
iterates over the members of a struct.  It reduces code duplication
in the generator, with no change to generated marshal code, and
slightly more verbose (but no semantic change) in the generated
visit code:

| visit_optional(v, &(*obj)->has_device, "device", &err);
|-if (!err && (*obj)->has_device) {
|-visit_type_str(v, &(*obj)->device, "device", &err);
|-}
| if (err) {
| goto out;
| }
|+if ((*obj)->has_device) {
|+visit_type_str(v, &(*obj)->device, "device", &err);
|+if (err) {
|+goto out;
|+}
|+}

Signed-off-by: Eric Blake 
---
 scripts/qapi-commands.py | 35 +--
 scripts/qapi-visit.py| 26 +-
 scripts/qapi.py  | 45 +
 3 files changed, 47 insertions(+), 59 deletions(-)

diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index a30f79a..3eb3704 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -23,16 +23,6 @@ def gen_command_decl(name, arg_type, box, ret_type):
  c_name=c_name(name),
  params=gen_params(arg_type, box, 'Error **errp'))

-def gen_err_check(err):
-if not err:
-return ''
-return mcgen('''
-if (%(err)s) {
-goto out;
-}
-''',
- err=err)
-
 def gen_call(name, arg_type, box, ret_type):
 ret = ''

@@ -145,30 +135,7 @@ visit_type_%(c_name)s(v, &arg, NULL, %(errp)s);
  c_name=arg_type.c_name(), errp=errparg)
 ret += gen_err_check(errarg)
 else:
-for memb in arg_type.members:
-if memb.optional:
-ret += mcgen('''
-visit_optional(v, &has_%(c_name)s, "%(name)s", %(errp)s);
-''',
- c_name=c_name(memb.name), name=memb.name,
- errp=errparg)
-ret += gen_err_check(errarg)
-ret += mcgen('''
-if (has_%(c_name)s) {
-''',
- c_name=c_name(memb.name))
-push_indent()
-ret += mcgen('''
-visit_type_%(c_type)s(v, &%(c_name)s, "%(name)s", %(errp)s);
-''',
- c_name=c_name(memb.name), name=memb.name,
- c_type=memb.type.c_name(), errp=errparg)
-ret += gen_err_check(errarg)
-if memb.optional:
-pop_indent()
-ret += mcgen('''
-}
-''')
+ret += gen_visit_fields(arg_type.members, '', errarg)

 if dealloc:
 ret += mcgen('''
diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index 1fe6c64..edf97cb 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -95,31 +95,7 @@ if (err) {
 ''',
  c_type=base.c_name())

-for memb in members:
-if memb.optional:
-ret += mcgen('''
-visit_optional(v, &(*obj)->has_%(c_name)s, "%(name)s", &err);
-if (!err && (*obj)->has_%(c_name)s) {
-''',
- c_name=c_name(memb.name), name=memb.name)
-push_indent()
-
-ret += mcgen('''
-visit_type_%(c_type)s(v, &(*obj)->%(c_name)s, "%(name)s", &err);
-''',
- c_type=memb.type.c_name(), c_name=c_name(memb.name),
- name=memb.name)
-
-if memb.optional:
-pop_indent()
-ret += mcgen('''
-}
-''')
-ret += mcgen('''
-if (err) {
-goto out;
-}
-''')
+ret += gen_visit_fields(members, '(*obj)->', 'err')

 pop_indent()
 if base or members:
diff --git a/scripts/qapi.py b/scripts/qapi.py
index ac6d7f6..063d299 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -1456,6 +1456,51 @@ def gen_params(arg_type, box, extra):
 ret += sep + extra
 return ret

+def gen_err_check(err):
+if not err:
+return ''
+return mcgen('''
+if (%(err)s) {
+goto out;
+}
+''',
+ err=err)
+
+def gen_visit_fields(members, prefix, errarg):
+ret = ''
+if errarg:
+errparg = '&' + errarg
+else:
+errparg = 'NULL';
+for memb in members:
+if memb.optional:
+ret += mcgen('''
+visit_optional(v, &%(prefix)shas_%(c_name)s, "%(name)s", %(errp)s);
+''',
+ prefix=prefix, c_name=c_name(memb.name),
+ name=memb.name, errp=errparg)
+ret += gen_err_check(errarg)
+ret += mcgen('''
+if (%(prefix)shas_%(c_name)s) {
+''',
+ prefix=prefix, c_name=c_name(memb.name))
+push_indent()
+
+ret += mcgen('''
+visit_type_%(c_type)s(v, &%(prefix)s%(c_name)s, "%(name)s", %(errp)s);
+''',
+ c_type=memb.type.c_name(), prefix=prefix,
+ c_name=c_name(memb.name), name=memb.name,
+ errp=errparg)
+ret += gen_err_check(errarg)
+
+if memb.optional:
+pop_indent()
+   

[Qemu-devel] [PATCH v5 1/1] s390x: pci infrastructure modeling

[Yi Min Zhao]

From: Yi Min Zhao 

This patch introduce a new facility(and bus)
to hold devices representing information actually
provided by s390 firmware and I/O configuration.
usage example:
-device s390-pcihost,index=1
-device zpci,fid=2,uid=5,pci_id=vpci1,id=zpci1
-device vfio-pci,host=:00:00.0,id=vpci1

The first line will create a s390 pci host bridge
and init the root bus. And user must assign a
unique value to index which is a new property of
s390-pcihost device.
The second line will create a s390 pci device to
store s390 specific information, and references
the corresponding vfio pci device via device id.
We create a s390 pci facility bus to hold all the
zpci devices.
The third line will create a standard vfio pci
device, and attach it to the root bus. These are
similiar to the standard process to define a pci
device on other platform.

Signed-off-by: Yi Min Zhao 
---
 hw/s390x/s390-pci-bus.c|  379 ++--
 hw/s390x/s390-pci-bus.h|   54 ++-
 hw/s390x/s390-pci-inst.c   |   80 ++
 hw/s390x/s390-virtio-ccw.c |5 +-
 4 files changed, 392 insertions(+), 126 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 560b66a..524dd79 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -32,16 +32,16 @@ int chsc_sei_nt2_get_event(void *res)
 PciCcdfErr *eccdf;
 int rc = 1;
 SeiContainer *sei_cont;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *f = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
-if (!s) {
+if (!f) {
 return rc;
 }
 
-sei_cont = QTAILQ_FIRST(&s->pending_sei);
+sei_cont = QTAILQ_FIRST(&f->pending_sei);
 if (sei_cont) {
-QTAILQ_REMOVE(&s->pending_sei, sei_cont, link);
+QTAILQ_REMOVE(&f->pending_sei, sei_cont, link);
 nt2_res->nt = 2;
 nt2_res->cc = sei_cont->cc;
 nt2_res->length = cpu_to_be16(sizeof(ChscSeiNt2Res));
@@ -72,30 +72,41 @@ int chsc_sei_nt2_get_event(void *res)
 
 int chsc_sei_nt2_have_event(void)
 {
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *f = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
-if (!s) {
+if (!f) {
 return 0;
 }
 
-return !QTAILQ_EMPTY(&s->pending_sei);
+return !QTAILQ_EMPTY(&f->pending_sei);
+}
+
+void s390_pci_device_enable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh | 1 << ENABLE_BIT_OFFSET;
+}
+
+void s390_pci_device_disable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh & ~(1 << ENABLE_BIT_OFFSET);
+if (zpci->is_unplugged) {
+object_unparent(OBJECT(zpci));
+}
 }
 
 S390PCIBusDevice *s390_pci_find_dev_by_fid(uint32_t fid)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *f = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
-if (!s) {
+if (!f) {
 return NULL;
 }
 
-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-if ((pbdev->fh != 0) && (pbdev->fid == fid)) {
+QTAILQ_FOREACH(pbdev, &f->zpci_list, next) {
+if (pbdev->fid == fid) {
 return pbdev;
 }
 }
@@ -126,39 +137,20 @@ void s390_pci_sclp_configure(int configure, SCCB *sccb)
 return;
 }
 
-static uint32_t s390_pci_get_pfid(PCIDevice *pdev)
-{
-return PCI_SLOT(pdev->devfn);
-}
-
-static uint32_t s390_pci_get_pfh(PCIDevice *pdev)
+S390PCIBusDevice *s390_pci_find_dev_by_idx(uint64_t idx)
 {
-return PCI_SLOT(pdev->devfn) | FH_VIRT;
-}
-
-S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
-{
-S390PCIBusDevice *pbdev;
-int i;
-int j = 0;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIBusDevice *tmp;
+S390PCIFacility *fac = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
-if (!s) {
+if (!fac) {
 return NULL;
 }
 
-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-
-if (pbdev->fh == 0) {
-continue;
-}
-
-if (j == idx) {
-return pbdev;
+QTAILQ_FOREACH(tmp, &fac->zpci_list, next) {
+if (idx == tmp->idx && tmp->available) {
+return tmp;
 }
-j++;
 }
 
 return NULL;
@@ -167,16 +159,14 @@ S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
 S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *f = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACI

Re: [Qemu-devel] [PATCH 00/19] multi-arch+linux-user: Cleanup ELF_MACHINE

[Riku Voipio]

On Sat, Aug 15, 2015 at 04:28:10PM -0700, Peter Crosthwaite wrote:
> Peter Crosthwaite (19):
>   linux_user: elfload: Default ELF_MACHINE to ELF_ARCH
>   linux-user: elfload: Provide default for elf_check_arch
>   arm: Remove ELF_MACHINE from cpu.h
>   mb: Remove ELF_MACHINE from cpu.h
>   m68k: Remove ELF_MACHINE from cpu.h
>   cris: Remove ELF_MACHINE from cpu.h
>   moxie: Remove ELF_MACHINE from cpu.h
>   unicore: Remove ELF_MACHINE from cpu.h
>   lm32: Remove ELF_MACHINE from cpu.h
>   or32: Remove ELF_MACHINE from cpu.h
>   tricore: Remove ELF_MACHINE from cpu.h
>   xtensa: Remove ELF_MACHINE from cpu.h
>   sh4: Remove ELF_MACHINE from cpu.h
>   s390: Remove ELF_MACHINE from cpu.h
>   sparc: Remove ELF_MACHINE from cpu.h
>   mips: Remove ELF_MACHINE from cpu.h
>   alpha: Remove ELF_MACHINE from cpu.h
>   i386: Rename ELF_MACHINE to be x86 specific
>   ppc: Rename ELF_MACHINE to be PPC specific
> 
>  hw/arm/armv7m.c|  2 +-
>  hw/cris/boot.c |  2 +-
>  hw/i386/multiboot.c|  2 +-
>  hw/lm32/lm32_boards.c  |  4 ++--
>  hw/lm32/milkymist.c|  2 +-
>  hw/m68k/an5206.c   |  2 +-
>  hw/m68k/dummy_m68k.c   |  2 +-
>  hw/m68k/mcf5208.c  |  2 +-
>  hw/microblaze/boot.c   |  4 ++--
>  hw/mips/mips_fulong2e.c|  2 +-
>  hw/mips/mips_malta.c   |  2 +-
>  hw/mips/mips_mipssim.c |  2 +-
>  hw/mips/mips_r4k.c |  2 +-
>  hw/moxie/moxiesim.c|  2 +-
>  hw/openrisc/openrisc_sim.c |  2 +-
>  hw/ppc/e500.c  |  2 +-
>  hw/ppc/mac_newworld.c  |  4 ++--
>  hw/ppc/mac_oldworld.c  |  4 ++--
>  hw/ppc/ppc440_bamboo.c |  2 +-
>  hw/ppc/prep.c  |  2 +-
>  hw/ppc/spapr.c |  4 ++--
>  hw/ppc/virtex_ml507.c  |  2 +-
>  hw/s390x/ipl.c |  4 ++--
>  hw/sparc/leon3.c   |  2 +-
>  hw/sparc/sun4m.c   |  4 ++--
>  hw/sparc64/sun4u.c |  4 ++--
>  hw/tricore/tricore_testboard.c |  2 +-
>  hw/xtensa/sim.c|  4 ++--
>  hw/xtensa/xtfpga.c |  2 +-
>  linux-user/elfload.c   | 37 +++--
>  target-alpha/cpu.h |  2 --
>  target-arm/cpu.h   |  2 --
>  target-cris/cpu.h  |  2 --
>  target-i386/cpu.h  |  4 ++--
>  target-lm32/cpu.h  |  2 --
>  target-m68k/cpu.h  |  2 --
>  target-microblaze/cpu.h|  2 --
>  target-mips/cpu.h  |  2 --
>  target-moxie/cpu.h |  2 --
>  target-openrisc/cpu.h  |  1 -
>  target-ppc/cpu.h   |  4 ++--
>  target-s390x/cpu.h |  1 -
>  target-sh4/cpu.h   |  2 --
>  target-sparc/cpu.h |  6 --
>  target-tricore/cpu.h   |  2 --
>  target-unicore32/cpu.h |  2 --
>  target-xtensa/cpu.h|  1 -
>  47 files changed, 53 insertions(+), 99 deletions(-)

Acked-By: Riku Voipio 

Re: [Qemu-devel] [PATCH 16/25] paaudio: properly disconnect streams in fini_*

[Marc-André Lureau]

Reviewed-by: Marc-André Lureau 

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Currently this needs a workaround due to bug #74624 in pulseaudio.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/paaudio.c | 23 +--
>  1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/audio/paaudio.c b/audio/paaudio.c
> index e3b8207..2aee22f 100644
> --- a/audio/paaudio.c
> +++ b/audio/paaudio.c
> @@ -678,6 +678,25 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings 
> *as, void *drv_opaque)
>  return -1;
>  }
>
> +static void qpa_simple_disconnect(PAConnection *c, pa_stream *stream)
> +{
> +int err;
> +
> +pa_threaded_mainloop_lock(c->mainloop);
> +/* wait until actually connects. workaround pa bug #74624
> + * https://bugs.freedesktop.org/show_bug.cgi?id=74624 */
> +while (pa_stream_get_state(stream) == PA_STREAM_CREATING) {
> +pa_threaded_mainloop_wait(c->mainloop);
> +}
> +
> +err = pa_stream_disconnect(stream);
> +if (err != 0) {
> +dolog("Failed to dissconnect! err=%d\n", err);
> +}
> +pa_stream_unref(stream);
> +pa_threaded_mainloop_unlock(c->mainloop);
> +}
> +
>  static void qpa_fini_out (HWVoiceOut *hw)
>  {
>  void *ret;
> @@ -689,7 +708,7 @@ static void qpa_fini_out (HWVoiceOut *hw)
>  audio_pt_join (&pa->pt, &ret, AUDIO_FUNC);
>
>  if (pa->stream) {
> -pa_stream_unref (pa->stream);
> +qpa_simple_disconnect(pa->g->conn, pa->stream);
>  pa->stream = NULL;
>  }
>
> @@ -709,7 +728,7 @@ static void qpa_fini_in (HWVoiceIn *hw)
>  audio_pt_join (&pa->pt, &ret, AUDIO_FUNC);
>
>  if (pa->stream) {
> -pa_stream_unref (pa->stream);
> +qpa_simple_disconnect(pa->g->conn, pa->stream);
>  pa->stream = NULL;
>  }
>
> --
> 2.4.5
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] quorum: validate vote threshold against num_children even if read-pattern is fifo

[Kevin Wolf]

Am 19.08.2015 um 04:53 hat Wen Congyang geschrieben:
> Ping...

It might have helped to...

a) CC the qemu-block mailing list
b) CC the subsystem maintainer that should apply the patch (according to
   scripts/get_maintainer.pl that's me with Berto's Acked-by)
c) include the "PATCH" keyword in the subject line.

I'm copying qemu-block now and will consider the patch once I'm back
from KVM Forum.

Kevin


> On 07/03/2015 02:45 PM, Wen Congyang wrote:
> > We need to use threshold to check if too many write operation fails.
> > If threshold is larger than num children, we always get write error
> > event even if all write operations success.
> > 
> > Signed-off-by: Wen Congyang 
> > ---
> >  block/quorum.c | 12 ++--
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> > 
> > diff --git a/block/quorum.c b/block/quorum.c
> > index a7df17c..b0eead0 100644
> > --- a/block/quorum.c
> > +++ b/block/quorum.c
> > @@ -894,6 +894,12 @@ static int quorum_open(BlockDriverState *bs, QDict 
> > *options, int flags,
> >  }
> >  
> >  s->threshold = qemu_opt_get_number(opts, QUORUM_OPT_VOTE_THRESHOLD, 0);
> > +/* and validate it against s->num_children */
> > +ret = quorum_valid_threshold(s->threshold, s->num_children, 
> > &local_err);
> > +if (ret < 0) {
> > +goto exit;
> > +}
> > +
> >  ret = parse_read_pattern(qemu_opt_get(opts, QUORUM_OPT_READ_PATTERN));
> >  if (ret < 0) {
> >  error_setg(&local_err, "Please set read-pattern as fifo or 
> > quorum");
> > @@ -902,12 +908,6 @@ static int quorum_open(BlockDriverState *bs, QDict 
> > *options, int flags,
> >  s->read_pattern = ret;
> >  
> >  if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) {
> > -/* and validate it against s->num_children */
> > -ret = quorum_valid_threshold(s->threshold, s->num_children, 
> > &local_err);
> > -if (ret < 0) {
> > -goto exit;
> > -}
> > -
> >  /* is the driver in blkverify mode */
> >  if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false) &&
> >  s->num_children == 2 && s->threshold == 2) {
> > 
> 
> 

Re: [Qemu-devel] [PATCH 17/25] audio: remove gcc specific audio_MIN, audio_MAX

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Currently the gcc specific version only evaluates the arguments once,
> while the generic version evaluates one argument twice, which can cause
> debugging headaches when an argument has a side effect.  This patch at
> least provides consistent behavior between compilers.
>

Going this way, you could simply replace audio_MIN/MAX with MIN/MAX
(from osdep.h and glib headers)

Reviewed-by: Marc-André Lureau 


> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/audio.h | 14 --
>  1 file changed, 14 deletions(-)
>
> diff --git a/audio/audio.h b/audio/audio.h
> index 68545b6..3a54e17 100644
> --- a/audio/audio.h
> +++ b/audio/audio.h
> @@ -150,22 +150,8 @@ static inline void *advance (void *p, int incr)
>  return (d + incr);
>  }
>
> -#ifdef __GNUC__
> -#define audio_MIN(a, b) ( __extension__ ({  \
> -__typeof (a) ta = a;\
> -__typeof (b) tb = b;\
> -((ta)>(tb)?(tb):(ta));  \
> -}))
> -
> -#define audio_MAX(a, b) ( __extension__ ({  \
> -__typeof (a) ta = a;\
> -__typeof (b) tb = b;\
> -((ta)<(tb)?(tb):(ta));  \
> -}))
> -#else
>  #define audio_MIN(a, b) ((a)>(b)?(b):(a))
>  #define audio_MAX(a, b) ((a)<(b)?(b):(a))
> -#endif
>
>  int wav_start_capture(AudioState *state, CaptureState *s, const char *path,
>int freq, int bits, int nchannels);
> --
> 2.4.5
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH] qemu-img: Fix crash in amend invocation

[Eric Blake]

On 08/18/2015 05:03 PM, Max Reitz wrote:
> Example:
> $ ./qemu-img create -f qcow2 /tmp/t.qcow2 64M
> $ ./qemu-img amend -f qcow2 -o backing_file=/tmp/t.qcow2, -o help \
> /tmp/t.qcow2
> 
> This should not crash. This actually is tested by iotest 082, but not
> caught due to the segmentation fault being silent (which is something
> that needs to be fixed, too).

As long as we don't forget to do that, I'm okay with having this patch
separate from the testsuite enhancement.  However...

> 
> Reported-by: Dr. David Alan Gilbert 
> Cc: qemu-stable 
> Signed-off-by: Max Reitz 
> ---
>  qemu-img.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/qemu-img.c b/qemu-img.c
> index 75f4ee4..3ddb391 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -2930,8 +2930,7 @@ static int img_amend(int argc, char **argv)
>  case 'o':
>  if (!is_valid_option_list(optarg)) {
>  error_report("Invalid option list: %s", optarg);
> -ret = -1;
> -goto out;
> +return 1;
>  }
>  if (!options) {
>  options = g_strdup(optarg);

This leaks memory if I call 'qemu-img amend -f qcow2 -o help -o
backing_file=/tmp/t.qcow2, -o help /tmp/t.qcow2', because it allocates
'options' on the first pass, and only cleans up the allocation in the
out label.  I think you HAVE to goto out, but fix THAT part of the
function to not crash when in this inconsistent state.

Looking forward to v2.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 18/25] audio: do not run each backend in audio_run

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> audio_run is called manually by alsa and oss backends when polling.
> In this case only the requesting backend should be run, not all of them.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/alsaaudio.c |  7 +--
>  audio/audio.c | 17 +++--
>  audio/audio_int.h |  2 +-
>  audio/ossaudio.c  | 12 ++--
>  4 files changed, 19 insertions(+), 19 deletions(-)
>
> diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
> index cfe4aec..0750d0d 100644
> --- a/audio/alsaaudio.c
> +++ b/audio/alsaaudio.c
> @@ -40,6 +40,7 @@ struct pollhlp {
>  struct pollfd *pfds;
>  int count;
>  int mask;
> +AudioState *s;

Instead of adding that pointer, you could lookup the hw->s using container_of()

>  };
>
>  typedef struct ALSAVoiceOut {
> @@ -200,11 +201,11 @@ static void alsa_poll_handler (void *opaque)
>  break;
>
>  case SND_PCM_STATE_PREPARED:
> -audio_run ("alsa run (prepared)");
> +audio_run(hlp->s, "alsa run (prepared)");
>  break;
>
>  case SND_PCM_STATE_RUNNING:
> -audio_run ("alsa run (running)");
> +audio_run (hlp->s, "alsa run (running)");
>  break;
>
>  default:
> @@ -758,6 +759,7 @@ static int alsa_init_out(HWVoiceOut *hw, struct 
> audsettings *as,
>  return -1;
>  }
>
> +alsa->pollhlp.s = hw->s;
>  alsa->handle = handle;
>  alsa->dev = dev;
>  return 0;
> @@ -859,6 +861,7 @@ static int alsa_init_in(HWVoiceIn *hw, struct audsettings 
> *as, void *drv_opaque)
>  return -1;
>  }
>
> +alsa->pollhlp.s = hw->s;
>  alsa->handle = handle;
>  alsa->dev = dev;
>  return 0;
> diff --git a/audio/audio.c b/audio/audio.c
> index 7468b94..e213deb 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -790,8 +790,9 @@ static void audio_reset_timer (AudioState *s)
>
>  static void audio_timer (void *opaque)
>  {
> -audio_run ("timer");
> -audio_reset_timer (opaque);
> +AudioState *s = opaque;
> +audio_run(s, "timer");
> +audio_reset_timer(s);
>  }
>
>  /*
> @@ -1194,15 +1195,11 @@ static void audio_run_capture (AudioState *s)
>  }
>  }
>
> -void audio_run (const char *msg)
> +void audio_run(AudioState *s, const char *msg)
>  {
> -AudioState *s;
> -
> -QTAILQ_FOREACH(s, &audio_states, list) {
> -audio_run_out (s);
> -audio_run_in (s);
> -audio_run_capture (s);
> -}
> +audio_run_out(s);
> +audio_run_in(s);
> +audio_run_capture(s);
>
>  #ifdef DEBUG_POLL
>  {
> diff --git a/audio/audio_int.h b/audio/audio_int.h
> index 1d81658..c52c656 100644
> --- a/audio/audio_int.h
> +++ b/audio/audio_int.h
> @@ -220,7 +220,7 @@ int audio_pcm_hw_clip_out (HWVoiceOut *hw, void *pcm_buf,
>  int audio_bug (const char *funcname, int cond);
>  void *audio_calloc (const char *funcname, int nmemb, size_t size);
>
> -void audio_run (const char *msg);
> +void audio_run(AudioState *s, const char *msg);
>
>  #define VOICE_ENABLE 1
>  #define VOICE_DISABLE 2
> diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> index a5e7f7c..9eae769 100644
> --- a/audio/ossaudio.c
> +++ b/audio/ossaudio.c
> @@ -112,28 +112,28 @@ static void oss_anal_close (int *fdp)
>
>  static void oss_helper_poll_out (void *opaque)
>  {
> -(void) opaque;
> -audio_run ("oss_poll_out");
> +AudioState *s = opaque;
> +audio_run(s, "oss_poll_out");
>  }
>
>  static void oss_helper_poll_in (void *opaque)
>  {
> -(void) opaque;
> -audio_run ("oss_poll_in");
> +AudioState *s = opaque;
> +audio_run(s, "oss_poll_in");
>  }
>
>  static void oss_poll_out (HWVoiceOut *hw)
>  {
>  OSSVoiceOut *oss = (OSSVoiceOut *) hw;
>
> -qemu_set_fd_handler (oss->fd, NULL, oss_helper_poll_out, NULL);
> +qemu_set_fd_handler(oss->fd, NULL, oss_helper_poll_out, hw->s);
>  }
>
>  static void oss_poll_in (HWVoiceIn *hw)
>  {
>  OSSVoiceIn *oss = (OSSVoiceIn *) hw;
>
> -qemu_set_fd_handler (oss->fd, oss_helper_poll_in, NULL, NULL);
> +qemu_set_fd_handler(oss->fd, oss_helper_poll_in, NULL, hw->s);
>  }
>
>  static int oss_write (SWVoiceOut *sw, void *buf, int len)
> --
> 2.4.5
>
>

other than that,
Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH 07/25] qapi: qapi for audio backends

[Marc-André Lureau]

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> This patch adds structures into qapi to replace the existing
> configuration structures used by audio backends currently. This qapi
> will be the base of the -audiodev command line parameter (that replaces
> the old environment variables based config).
>
> This is not a 1:1 translation of the old options, I've tried to make
> them much more consistent (e.g. almost every backend had an option to
> specify buffer size, but the name was different for every backend, and
> some backends required usecs, while some other required frames, samples
> or bytes). Also tried to reduce the number of abbreviations used by the
> config keys.
>
> Some of the more important changes:
> * use `in` and `out` instead of `ADC` and `DAC`, as the former is more
>   user friendly imho
> * moved buffer settings into the global setting area (so it's the same
>   for all backends that support it. Backends that can't change buffer
>   size will simply ignore them). Also using usecs, as it's probably more
>   user friendly than samples or bytes.
> * try-poll is now an alsa backend specific option (as all other backends
>   currently ignore it)
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  Makefile |   4 +-
>  qapi-schema.json |   3 +
>  qapi/audio.json  | 263 
> +++
>  3 files changed, 268 insertions(+), 2 deletions(-)
>  create mode 100644 qapi/audio.json
>
> diff --git a/Makefile b/Makefile
> index 340d9c8..bdd0bc6 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -262,8 +262,8 @@ $(SRC_PATH)/qga/qapi-schema.json 
> $(SRC_PATH)/scripts/qapi-commands.py $(qapi-py)
> "  GEN   $@")
>
>  qapi-modules = $(SRC_PATH)/qapi-schema.json $(SRC_PATH)/qapi/common.json \
> -   $(SRC_PATH)/qapi/block.json $(SRC_PATH)/qapi/block-core.json \
> -   $(SRC_PATH)/qapi/event.json
> +   $(SRC_PATH)/qapi/audio.json  $(SRC_PATH)/qapi/block.json \
> +   $(SRC_PATH)/qapi/block-core.json $(SRC_PATH)/qapi/event.json
>
>  qapi-types.c qapi-types.h :\
>  $(qapi-modules) $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
> diff --git a/qapi-schema.json b/qapi-schema.json
> index c9d9263..e9cbe15 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -5,6 +5,9 @@
>  # QAPI common definitions
>  { 'include': 'qapi/common.json' }
>
> +# QAPI audio definitions
> +{ 'include': 'qapi/audio.json' }
> +
>  # QAPI block definitions
>  { 'include': 'qapi/block.json' }
>
> diff --git a/qapi/audio.json b/qapi/audio.json
> new file mode 100644
> index 000..b57b215
> --- /dev/null
> +++ b/qapi/audio.json
> @@ -0,0 +1,263 @@
> +# -*- mode: python -*-
> +#
> +# Copyright (C) 2015 Zoltán Kővágó 
> +#
> +# This work is licensed under the terms of the GNU GPL, version 2 or later.
> +# See the COPYING file in the top-level directory.
> +
> +##
> +# @AudiodevNoOptions
> +#
> +# The none, coreaudio, sdl and spice audio backend have no options.
> +#
> +# Since: 2.5
> +##
> +{ 'struct': 'AudiodevNoOptions',
> +  'data': { } }
> +
> +##
> +# @AudiodevAlsaPerDirectionOptions
> +#
> +# Options of the alsa backend that are used for both playback and recording.
> +#
> +# @dev: #optional the name of the alsa device to use (default 'default')
> +#
> +# @try-poll: #optional attempt to use poll mode, falling back to non polling
> +#access on failure (default on)
> +#
> +# Since: 2.5
> +##
> +{ 'struct': 'AudiodevAlsaPerDirectionOptions',
> +  'data': {
> +'*dev':  'str',
> +'*try-poll': 'bool' } }
> +
> +##
> +# @AudiodevAlsaOptions
> +#
> +# Options of the alsa audio backend.
> +#
> +# @alsa-in: options of the capture stream
> +#
> +# @alsa-out: options of the playback stream
> +#
> +# @threshold: #optional set the threshold (in microsecods) when playback 
> starts

microseconds.

> +#
> +# Since: 2.5
> +##
> +{ 'struct': 'AudiodevAlsaOptions',
> +  'data': {
> +'alsa-in':'AudiodevAlsaPerDirectionOptions',
> +'alsa-out':   'AudiodevAlsaPerDirectionOptions',
> +'*threshold': 'int' } }
> +
> +##
> +# @AudiodevDsoundOptions
> +#
> +# Options of the dsound audio backend.
> +#
> +# @latency: #optional add extra latency to playback in microseconds (default
> +#   1)
> +#
> +# Since: 2.5
> +##
> +{ 'struct': 'AudiodevDsoundOptions',
> +  'data': {
> +'*latency': 'int' } }
> +
> +##
> +# @AudiodevOssPerDirectionOptions
> +#
> +# Options of the oss backend that are used for both playback and recording.
> +#
> +# @dev: #optional file name of the oss device (default '/dev/dsp')
> +#
> +# @try-poll: #optional attempt to use poll mode, falling back to non polling
> +#access on failure (default on)
> +#
> +# Since: 2.5
> +##
> +{ 'struct': 'AudiodevOssPerDirectionOptions',
> +  'data': {
> +'*dev':  'str',
> +'*try-poll': 'bool' } }
> +
> +##
> +# @AudiodevOssOptions
> +#
> +# Options of the oss audio backend.
> +#
> +# @oss-in: options of the capture stre

[Qemu-devel] [PATCH v3] hmp: Allow for error message hints on HMP

[Eric Blake]

Commits 7216ae3d and d2828429 disabled some error message hints,
all because a change to use modern error reporting meant that the
hint would be output prior to the actual error.  Fix this by making
hints a first-class member of Error.

For example, we are now back to the pleasant:

 $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
 qemu-system-x86_64: --chardev null,id=,: Parameter 'id' expects an identifier
 Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.

Signed-off-by: Eric Blake 
---

v3: don't crash when freeing error without hint [Eric]
v2: use GString instead of rolling our own O(n^2) string concast [Paolo]

 include/qapi/error.h |  7 +++
 qdev-monitor.c   | 42 ++
 util/error.c | 32 
 util/qemu-option.c   | 11 ---
 4 files changed, 57 insertions(+), 35 deletions(-)

diff --git a/include/qapi/error.h b/include/qapi/error.h
index f44c451..00daea3 100644
--- a/include/qapi/error.h
+++ b/include/qapi/error.h
@@ -67,6 +67,13 @@ void error_set_win32(Error **errp, int win32_err, ErrorClass 
err_class,
  */
 void error_setg_file_open(Error **errp, int os_errno, const char *filename);

+/**
+ * Append a printf-style human-readable explanation to an existing error.
+ * May be called multiple times, and safe if @errp is NULL.
+ */
+void error_append_hint(Error **errp, const char *fmt, ...)
+GCC_FMT_ATTR(2, 3);
+
 /*
  * Get the error class of an error object.
  */
diff --git a/qdev-monitor.c b/qdev-monitor.c
index f9e2d62..0bf7f83 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -289,37 +289,35 @@ static Object *qdev_get_peripheral_anon(void)
 return dev;
 }

-#if 0 /* conversion from qerror_report() to error_set() broke their use */
-static void qbus_list_bus(DeviceState *dev)
+static void qbus_list_bus(DeviceState *dev, Error **errp)
 {
 BusState *child;
 const char *sep = " ";

-error_printf("child buses at \"%s\":",
- dev->id ? dev->id : object_get_typename(OBJECT(dev)));
+error_append_hint(errp, "child buses at \"%s\":",
+  dev->id ? dev->id : object_get_typename(OBJECT(dev)));
 QLIST_FOREACH(child, &dev->child_bus, sibling) {
-error_printf("%s\"%s\"", sep, child->name);
+error_append_hint(errp, "%s\"%s\"", sep, child->name);
 sep = ", ";
 }
-error_printf("\n");
 }

-static void qbus_list_dev(BusState *bus)
+static void qbus_list_dev(BusState *bus, Error **errp)
 {
 BusChild *kid;
 const char *sep = " ";

-error_printf("devices at \"%s\":", bus->name);
+error_append_hint(errp, "devices at \"%s\":", bus->name);
 QTAILQ_FOREACH(kid, &bus->children, sibling) {
 DeviceState *dev = kid->child;
-error_printf("%s\"%s\"", sep, object_get_typename(OBJECT(dev)));
-if (dev->id)
-error_printf("/\"%s\"", dev->id);
+error_append_hint(errp, "%s\"%s\"", sep,
+  object_get_typename(OBJECT(dev)));
+if (dev->id) {
+error_append_hint(errp, "/\"%s\"", dev->id);
+}
 sep = ", ";
 }
-error_printf("\n");
 }
-#endif

 static BusState *qbus_find_bus(DeviceState *dev, char *elem)
 {
@@ -461,11 +459,7 @@ static BusState *qbus_find(const char *path, Error **errp)
 if (!dev) {
 error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
   "Device '%s' not found", elem);
-#if 0 /* conversion from qerror_report() to error_set() broke this: */
-if (!monitor_cur_is_qmp()) {
-qbus_list_dev(bus);
-}
-#endif
+qbus_list_dev(bus, errp);
 return NULL;
 }

@@ -483,11 +477,7 @@ static BusState *qbus_find(const char *path, Error **errp)
 if (dev->num_child_bus) {
 error_setg(errp, "Device '%s' has multiple child buses",
elem);
-#if 0 /* conversion from qerror_report() to error_set() broke this: */
-if (!monitor_cur_is_qmp()) {
-qbus_list_bus(dev);
-}
-#endif
+qbus_list_bus(dev, errp);
 } else {
 error_setg(errp, "Device '%s' has no child bus", elem);
 }
@@ -503,11 +493,7 @@ static BusState *qbus_find(const char *path, Error **errp)
 bus = qbus_find_bus(dev, elem);
 if (!bus) {
 error_setg(errp, "Bus '%s' not found", elem);
-#if 0 /* conversion from qerror_report() to error_set() broke this: */
-if (!monitor_cur_is_qmp()) {
-qbus_list_bus(dev);
-}
-#endif
+qbus_list_bus(dev, errp);
 return NULL;
 }
 }
diff --git a/util/error.c b/util/error.c
index 14f4351..df5d640 100644
--- a/util/error.c
+++ b/util/error.c
@@ -18,6 +18,7 @@ struct Error
 {
 char *msg;
 ErrorClass err_class;
+GString *hint;
 };

 Error *erro

Re: [Qemu-devel] [kvm-s390] qemu-system-s390x: cannot use stdio by multiple character devices

[tu bo]

Hi Alex:

Ping you again just in case you did not get my mail  :-)

On 08/13/2015 03:52 PM, tu bo wrote:

Hi Alex:

I added one disk device for test case 068(qemu/tests/qemu-iotests/068, 
which is for for loading a saved VM state from a qcow2 image ),

and got the same problem for s390-virtio-ccw.  Below is my steps:
1. qemu-img create -f qcow2 scratch/t.qcow2 64M
2. [root@r17lp42 qemu-iotests]# ../../s390x-softmmu/qemu-system-s390x 
-nodefaults -nographic -monitor stdio -serial none  -hda scratch/t.qcow2

QEMU 2.3.94 monitor - type 'help' for more information
(qemu) [root@r17lp42 qemu-iotests]#

For s390-virtio,  test result is as expected
1. qemu-img create -f qcow2 scratch/t.qcow2 64M
2. [root@r17lp42 qemu-iotests]# qemu-system-s390x -nodefaults 
-nographic -monitor stdio -serial none  -hda scratch/t.qcow2

QEMU 2.3.50 monitor - type 'help' for more information
(qemu) info roms
addr=9000 size=0x000ce8 mem=ram 
name="/usr/share/qemu/s390-zipl.rom"

(qemu) savevm 0
(qemu)
(qemu) quit
3.[root@r17lp42 qemu-iotests]# qemu-system-s390x -nodefaults 
-nographic -monitor stdio -serial none  -hda scratch/t.qcow2 -loadvm 0

QEMU 2.3.50 monitor - type 'help' for more information
(qemu)

For x86-64, test result is as expected,
1. [gavin@oc646435 qemu-iotests]$ qemu-img create -f qcow2 
scratch/t.qcow2 64M
2. [gavin@oc646435 qemu-iotests]$ 
../../x86_64-softmmu/qemu-system-x86_64 -nodefaults -nographic 
-monitor stdio -serial none  -hda scratch/t.qcow2

QEMU 2.3.94 monitor - type 'help' for more information
(qemu) info roms
fw=genroms/kvmvapic.bin size=0x002400 name="kvmvapic.bin"
addr=fffc size=0x04 mem=rom name="bios-256k.bin"
/rom@etc/acpi/tables size=0x20 name="etc/acpi/tables"
/rom@etc/table-loader size=0x001000 name="etc/table-loader"
/rom@etc/acpi/rsdp size=0x24 name="etc/acpi/rsdp"
(qemu) savevm 0
(qemu)
3. [gavin@oc646435 qemu-iotests]$ 
../../x86_64-softmmu/qemu-system-x86_64 -nodefaults -nographic 
-monitor stdio -serial none  -hda scratch/t.qcow2 -loadvm 0

QEMU 2.3.94 monitor - type 'help' for more information
(qemu)

Could you share me why s390-virtio-ccw has different behavior with 
s390-virtio & x86_64 for this scenario?  thanks



On 08/10/2015 03:51 PM, Alexander Graf wrote:



Am 10.08.2015 um 09:15 schrieb tu bo >:



Dear  Alexander,  Mimu:

Failure of test case 068 for s390x is caused by the commit of 
"/1f68f1d36c3af09ed31a529ad69c3d09880d10fd//"

//Author: Alexander Graf //
//Date:   Tue Jun 16 23:06:33 2015 +0200//
//
//s390x: Switch to s390-ccw machine as default//

@@ -216,6 +216,7 @@ static void ccw_machine_class_init(ObjectClass 
*oc, void *data)

 mc->no_sdcard = 1;
 mc->use_sclp = 1;
 mc->max_cpus = 255;
*+mc->is_default = 1;*
 nc->nmi_monitor_handler = s390_nmi;
 }

@@ -345,7 +345,6 @@ static void s390_machine_class_init(ObjectClass 
*oc, void *data)

 mc->no_floppy = 1;
 mc->no_cdrom = 1;
 mc->no_sdcard = 1;
*-mc->is_default = 1;*
 nc->nmi_monitor_handler = s390_nmi;
 }

/Without this commit,   s390-virtio is default machine and default 
ipl device is *s390-zipl.rom*
[root@r17lp42 qemu]#  s390x-softmmu/qemu-system-s390x -nodefaults 
-nographic -monitor stdio -serial none

QEMU 2.3.94 monitor - type 'help' for more information
(qemu) info cpus
* CPU #0: thread_id=39761
(qemu) info roms
addr=9000 size=0x000ce8 mem=ram name="pc-bios/s390-zipl.rom"

With this commit,  s390-virtio-ccw is default machine and default 
ipl device is *s390-ccw.img*, When running
"s390x-softmmu/qemu-system-s390x -nodefaults -nographic -monitor 
stdio -serial none -machine accel=kvm" ,  the cpu status is

*halted* which causes the failure of test case 068.
[root@r17lp42 qemu]# s390x-softmmu/qemu-system-s390x -nodefaults 
-nographic -monitor stdio -serial none -machine accel=kvm

QEMU 2.3.94 monitor - type 'help' for more information
(qemu) info cpus
* CPU #0: *(halted)* thread_id=39746
(qemu) info roms
addr=07e0 size=0x002dd0 mem=ram name="phdr #2: 
/disks/bo.home/vs1403/qemu/pc-bios/s390-ccw.img"
addr=07e03f00 size=0x01d100 mem=ram name="phdr #3: 
/disks/bo.home/vs1403/qemu/pc-bios/s390-ccw.img"


With this commit,  when running "s390x-softmmu/qemu-system-s390x 
-nodefaults -nographic -monitor stdio -serial none", then qemu will 
exit as below,
[root@r17lp42 qemu]#  s390x-softmmu/qemu-system-s390x -nodefaults 
-nographic -monitor stdio -serial none

QEMU 2.3.94 monitor - type 'help' for more information
(qemu) [root@r17lp42 qemu]#

Is this the expected behavior of s390-virtio-ccw and s390-ccw.img?  
thanks


Yes, the ccw machine finds no device to load from and errors out, 
exiting thr vm. The s390-virtio boot loader wasn't smart enough for 
that and just hung iirc.



Alex

Re: [Qemu-devel] [PATCH 08/25] qapi: support nested structs in OptsVisitor

[Kővágó Zoltán]

Hi,

2015-08-20 17:55 keltezéssel, Marc-André Lureau írta:
[snip]

+static void
+sum_strlen(gpointer data, gpointer user_data)
+{
+const char *str = data;
+size_t *sum_len = user_data;
+
+if (str) { /* skip NULLs */
+*sum_len += strlen(str) + 1;
+}
+}
+
+static void
+append_str(gpointer data, gpointer user_data)
+{
+const char *str = data;
+char *concat_str = user_data;
+
+if (str) {
+strcat(concat_str, str);
+strcat(concat_str, ".");
+}
+}
+
+/* lookup a name, using a fully qualified version */
  static GQueue *
-lookup_distinct(const OptsVisitor *ov, const char *name, Error **errp)
+lookup_distinct(const OptsVisitor *ov, const char *name, char **out_key,
+Error **errp)
  {
-GQueue *list;
+GQueue *list = NULL;
+char *key;
+size_t sum_len = strlen(name);
+
+g_queue_foreach(ov->nested_names, sum_strlen, &sum_len);
+key = g_malloc(sum_len+1);
+key[0] = 0;
+g_queue_foreach(ov->nested_names, append_str, key);
+strcat(key, name);


Instead of using a GQueue, I think you could use a GArray, and use
g_strjoin() here.


Unfortunately g_strjoinv won't skip NULL pointers in the array (as it 
expects a NULL terminated array), but we will get structs with NULL name 
(the top level struct will be such one).  And one can't simply say if 
(name) { g_array_append_val(...); } in opts_start_struct because we need 
to know somehow in opts_end_struct if we need to pop or not.


One way is to use NULL pointers because in that case we must pop, but 
g_strjoinv won't work.  An alternate is to only push non-NULL elements 
into the array and have another bool array where we store if we need to 
pop or not.  Not sure which one is cleaner.


Or maybe if it's guaranteed that only the top-level struct will have a 
NULL name, we can hack around by only pushing non-NULL elements and 
ignore empty array when popping.


Zoltan

Re: [Qemu-devel] [PATCH] net/vmxnet3: Flush packets when device gets activated

[Fam Zheng]

On Tue, 08/18 14:25, Shmulik Ladkani wrote:
> As of a90a7425cf592a3afeff3eaf32f543b83050ee5c 'tap: Drop tap_can_send'
> vmxnet3 (with tap networking) can no longer receive once device is
> deactivated.
> Alas, as the device is initially "inactive", this brakes vmxnet3
> receive functionality.
> 
> vmxnet3_can_receive() checks its internal 'device_active' flag (among
> other tests).
> However, as of a90a7425cf, if 'device_active' is false, packets will be
> queued by tap_send (at qemu_net_queue_send).
> 
> However, vmxnet3 never flushes the queue, even if the device is later
> activated.
> 
> Fix by calling 'qemu_flush_queued_packets()' when vmxnet3 device gets
> active.
> 
> Signed-off-by: Shmulik Ladkani 

Looks like the previous patch to fix this fell between the cracks and never
made it to qemu.git?

http://patchwork.ozlabs.org/patch/489847/

Stefan, any idea?

Fam

[Qemu-devel] [PATCH 00/16 v1] tilegx: Firstly add tilegx target for linux-user

[Chen Gang]

After the implementation, it can let normal tilegx program working (e.g.
sh, vi, cp, mv ...). And the known left issues are:

 - At present, it can not pass gcc testsuite (it causes some programs
   pending).

 - The floating point implementation is not included, since at present,
   it is only the temporary implementation.

 - There are still some instructions which are not implemented.

Chen Gang (16):
  linux-user: tilegx: Firstly add architecture related features
  linux-user: Support tilegx architecture in linux-user
  linux-user/syscall.c: conditionalize syscalls which are not defined in
tilegx
  target-tilegx: Add opcode basic implementation from Tilera Corporation
  target-tilegx/opcode_tilegx.h: Modify it to fit QEMU usage
  target-tilegx: Add special register information from Tilera
Corporation
  target-tilegx: Add cpu basic features for linux-user
  target-tilegx: Add several helpers for instructions translation
  target-tilegx: Generate tcg instructions to finish "Hello world"
  target-tilegx: Add TILE-Gx building files
  target-tilegx: Add related feature to support iret instruction
  target-tilegx: Implement decode_rrr_8_opcode_y0
  target-tilegx: Use int8_t instead of uint8_t for imm8 in gen_st_add()
  linux-user: main: Use negative qemu errno for syscall return errno
  tilegx: Match with the latest qemu master tree
  target-tilegx: Implement additional instructions in normal working
flow

 configure |2 +
 default-configs/tilegx-linux-user.mak |1 +
 include/elf.h |2 +
 linux-user/elfload.c  |   23 +
 linux-user/main.c |  295 +++
 linux-user/syscall.c  |   50 +-
 linux-user/syscall_defs.h |   14 +-
 linux-user/tilegx/syscall.h   |   40 +
 linux-user/tilegx/syscall_nr.h|  324 
 linux-user/tilegx/target_cpu.h|   35 +
 linux-user/tilegx/target_signal.h |   28 +
 linux-user/tilegx/target_structs.h|   46 +
 linux-user/tilegx/termbits.h  |  274 +++
 target-tilegx/Makefile.objs   |1 +
 target-tilegx/cpu.c   |  143 ++
 target-tilegx/cpu.h   |  177 ++
 target-tilegx/helper.c|   93 +
 target-tilegx/helper.h|7 +
 target-tilegx/opcode_tilegx.h | 1406 ++
 target-tilegx/spr_def_64.h|  216 +++
 target-tilegx/translate.c | 3282 +
 21 files changed, 6453 insertions(+), 6 deletions(-)
 create mode 100644 default-configs/tilegx-linux-user.mak
 create mode 100644 linux-user/tilegx/syscall.h
 create mode 100644 linux-user/tilegx/syscall_nr.h
 create mode 100644 linux-user/tilegx/target_cpu.h
 create mode 100644 linux-user/tilegx/target_signal.h
 create mode 100644 linux-user/tilegx/target_structs.h
 create mode 100644 linux-user/tilegx/termbits.h
 create mode 100644 target-tilegx/Makefile.objs
 create mode 100644 target-tilegx/cpu.c
 create mode 100644 target-tilegx/cpu.h
 create mode 100644 target-tilegx/helper.c
 create mode 100644 target-tilegx/helper.h
 create mode 100644 target-tilegx/opcode_tilegx.h
 create mode 100644 target-tilegx/spr_def_64.h
 create mode 100644 target-tilegx/translate.c

-- 
1.9.3

[Qemu-devel] [PATCH 04/16 v1] target-tilegx: Add opcode basic implementation from Tilera Corporation

[Chen Gang]

It is copied from Linux kernel "arch/tile/include/uapi/arch/
opcode_tilegx.h".

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
 target-tilegx/opcode_tilegx.h | 1406 +
 1 file changed, 1406 insertions(+)
 create mode 100644 target-tilegx/opcode_tilegx.h

diff --git a/target-tilegx/opcode_tilegx.h b/target-tilegx/opcode_tilegx.h
new file mode 100644
index 000..d76ff2d
--- /dev/null
+++ b/target-tilegx/opcode_tilegx.h
@@ -0,0 +1,1406 @@
+/* TILE-Gx opcode information.
+ *
+ * Copyright 2011 Tilera Corporation. All Rights Reserved.
+ *
+ *   This program is free software; you can redistribute it and/or
+ *   modify it under the terms of the GNU General Public License
+ *   as published by the Free Software Foundation, version 2.
+ *
+ *   This program is distributed in the hope that it will be useful, but
+ *   WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ *   NON INFRINGEMENT.  See the GNU General Public License for
+ *   more details.
+ *
+ *
+ *
+ *
+ *
+ */
+
+#ifndef __ARCH_OPCODE_H__
+#define __ARCH_OPCODE_H__
+
+#ifndef __ASSEMBLER__
+
+typedef unsigned long long tilegx_bundle_bits;
+
+/* These are the bits that determine if a bundle is in the X encoding. */
+#define TILEGX_BUNDLE_MODE_MASK ((tilegx_bundle_bits)3 << 62)
+
+enum
+{
+  /* Maximum number of instructions in a bundle (2 for X, 3 for Y). */
+  TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE = 3,
+
+  /* How many different pipeline encodings are there? X0, X1, Y0, Y1, Y2. */
+  TILEGX_NUM_PIPELINE_ENCODINGS = 5,
+
+  /* Log base 2 of TILEGX_BUNDLE_SIZE_IN_BYTES. */
+  TILEGX_LOG2_BUNDLE_SIZE_IN_BYTES = 3,
+
+  /* Instructions take this many bytes. */
+  TILEGX_BUNDLE_SIZE_IN_BYTES = 1 << TILEGX_LOG2_BUNDLE_SIZE_IN_BYTES,
+
+  /* Log base 2 of TILEGX_BUNDLE_ALIGNMENT_IN_BYTES. */
+  TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES = 3,
+
+  /* Bundles should be aligned modulo this number of bytes. */
+  TILEGX_BUNDLE_ALIGNMENT_IN_BYTES =
+(1 << TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES),
+
+  /* Number of registers (some are magic, such as network I/O). */
+  TILEGX_NUM_REGISTERS = 64,
+};
+
+/* Make a few "tile_" variables to simplify common code between
+   architectures.  */
+
+typedef tilegx_bundle_bits tile_bundle_bits;
+#define TILE_BUNDLE_SIZE_IN_BYTES TILEGX_BUNDLE_SIZE_IN_BYTES
+#define TILE_BUNDLE_ALIGNMENT_IN_BYTES TILEGX_BUNDLE_ALIGNMENT_IN_BYTES
+#define TILE_LOG2_BUNDLE_ALIGNMENT_IN_BYTES \
+  TILEGX_LOG2_BUNDLE_ALIGNMENT_IN_BYTES
+#define TILE_BPT_BUNDLE TILEGX_BPT_BUNDLE
+
+/* 64-bit pattern for a { bpt ; nop } bundle. */
+#define TILEGX_BPT_BUNDLE 0x286a44ae51485000ULL
+
+static __inline unsigned int
+get_BFEnd_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0x3f);
+}
+
+static __inline unsigned int
+get_BFOpcodeExtension_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 24)) & 0xf);
+}
+
+static __inline unsigned int
+get_BFStart_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 18)) & 0x3f);
+}
+
+static __inline unsigned int
+get_BrOff_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x003f) |
+ (((unsigned int)(n >> 37)) & 0x0001ffc0);
+}
+
+static __inline unsigned int
+get_BrType_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 54)) & 0x1f);
+}
+
+static __inline unsigned int
+get_Dest_Imm8_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x003f) |
+ (((unsigned int)(n >> 43)) & 0x00c0);
+}
+
+static __inline unsigned int
+get_Dest_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 0)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_Y0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 0)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Dest_Y1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 31)) & 0x3f);
+}
+
+static __inline unsigned int
+get_Imm16_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0x);
+}
+
+static __inline unsigned int
+get_Imm16_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 43)) & 0x);
+}
+
+static __inline unsigned int
+get_Imm8OpcodeExtension_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 20)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8OpcodeExtension_X1(tilegx_bundle_bits n)
+{
+  return (((unsigned int)(n >> 51)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8_X0(tilegx_bundle_bits num)
+{
+  const unsigned int n = (unsigned int)num;
+  return (((n >> 12)) & 0xff);
+}
+
+static __inline unsigned int
+get_Imm8_X1(tilegx_bundle_bi

[Qemu-devel] [PATCH 09/16 v1] target-tilegx: Generate tcg instructions to finish "Hello world"

[Chen Gang]

Generate related tcg instructions, and qemu tilegx can finish running
"Hello world". The elf64 binary can be static or shared.

Signed-off-by: Chen Gang 
---
 target-tilegx/translate.c | 2966 +
 1 file changed, 2966 insertions(+)
 create mode 100644 target-tilegx/translate.c

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
new file mode 100644
index 000..1dd3a43
--- /dev/null
+++ b/target-tilegx/translate.c
@@ -0,0 +1,2966 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu/log.h"
+#include "disas/disas.h"
+#include "tcg-op.h"
+#include "exec/cpu_ldst.h"
+#include "opcode_tilegx.h"
+#include "spr_def_64.h"
+
+#define FMT64X "%016" PRIx64
+#define TILEGX_TMP_REGS(TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE + 1)
+
+static TCGv_ptr cpu_env;
+static TCGv cpu_pc;
+static TCGv cpu_regs[TILEGX_R_COUNT];
+static TCGv cpu_spregs[TILEGX_SPR_COUNT];
+#if defined(CONFIG_USER_ONLY)
+static TCGv_i32 cpu_excparam;
+#endif
+
+static const char * const reg_names[] = {
+ "r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
+ "r8",  "r9", "r10", "r11", "r12", "r13", "r14", "r15",
+"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
+"r32", "r33", "r34", "r35", "r36", "r37", "r38", "r39",
+"r40", "r41", "r42", "r43", "r44", "r45", "r46", "r47",
+"r48", "r49", "r50", "r51",  "bp",  "tp",  "sp",  "lr"
+};
+
+static const char * const spreg_names[] = {
+"cmpexch", "criticalsec", "simcontrol"
+};
+
+/* It is for temporary registers */
+typedef struct DisasContextTemp {
+uint8_t idx;   /* index */
+TCGv val;  /* value */
+} DisasContextTemp;
+
+/* This is the state at translation time.  */
+typedef struct DisasContext {
+uint64_t pc;   /* Current pc */
+int exception; /* Current exception */
+
+TCGv zero; /* For zero register */
+
+DisasContextTemp *tmp_regcur;  /* Current temporary registers */
+DisasContextTemp tmp_regs[TILEGX_TMP_REGS]; /* All temporary registers */
+struct {
+TCGCond cond;  /* Branch condition */
+TCGv dest; /* pc jump destination, if will jump */
+TCGv val1; /* Firt value for condition comparing */
+TCGv val2; /* Second value for condition comparing */
+} jmp; /* Jump object, only once in each TB block 
*/
+} DisasContext;
+
+#include "exec/gen-icount.h"
+
+static void gen_exception(DisasContext *dc, int num)
+{
+TCGv_i32 tmp = tcg_const_i32(num);
+
+gen_helper_exception(cpu_env, tmp);
+tcg_temp_free_i32(tmp);
+}
+
+/*
+ * All exceptions which can still let working flow continue are all in pipe x1,
+ * which is the last pipe of a bundle. So it is OK to only process the first
+ * exception within a bundle.
+ */
+static void set_exception(DisasContext *dc, int num)
+{
+if (dc->exception == TILEGX_EXCP_NONE) {
+dc->exception = num;
+}
+}
+
+static bool check_gr(DisasContext *dc, uint8_t reg)
+{
+if (likely(reg < TILEGX_R_COUNT)) {
+return true;
+}
+
+switch (reg) {
+case TILEGX_R_SN:
+case TILEGX_R_ZERO:
+break;
+case TILEGX_R_IDN0:
+case TILEGX_R_IDN1:
+set_exception(dc, TILEGX_EXCP_REG_IDN_ACCESS);
+break;
+case TILEGX_R_UDN0:
+case TILEGX_R_UDN1:
+case TILEGX_R_UDN2:
+case TILEGX_R_UDN3:
+set_exception(dc, TILEGX_EXCP_REG_UDN_ACCESS);
+break;
+default:
+g_assert_not_reached();
+}
+return false;
+}
+
+static TCGv load_zero(DisasContext *dc)
+{
+if (TCGV_IS_UNUSED_I64(dc->zero)) {
+dc->zero = tcg_const_i64(0);
+}
+return dc->zero;
+}
+
+static TCGv load_gr(DisasContext *dc, uint8_t reg)
+{
+if (check_gr(dc, reg)) {
+return cpu_regs[reg];
+}
+return load_zero(dc);
+}
+
+static TCGv dest_gr(DisasContext *dc, uint8_t rdst)
+{
+DisasContextTemp *tmp = dc->tmp_regcur++;
+
+/* Skip the result, mark the exception if necessary, and continue */
+check_gr(dc, rdst);
+asse

[Qemu-devel] [PATCH 15/16 v1] tilegx: Match with the latest qemu master tree

[Chen Gang]

The interface of cpu_exec and cpu_exec_init are changed, so qemu tilegx
should match with them.

Signed-off-by: Chen Gang 
---
 linux-user/main.c   | 2 +-
 target-tilegx/cpu.c | 2 +-
 target-tilegx/cpu.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index f0bda09..2d4b0b4 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3644,7 +3644,7 @@ void cpu_loop(CPUTLGState *env)
 
 while (1) {
 cpu_exec_start(cs);
-trapnr = cpu_tilegx_exec(env);
+trapnr = cpu_tilegx_exec(cs);
 cpu_exec_end(cs);
 switch (trapnr) {
 case TILEGX_EXCP_SYSCALL:
diff --git a/target-tilegx/cpu.c b/target-tilegx/cpu.c
index 663fcb6..4793909 100644
--- a/target-tilegx/cpu.c
+++ b/target-tilegx/cpu.c
@@ -77,7 +77,7 @@ static void tilegx_cpu_initfn(Object *obj)
 static bool tcg_initialized;
 
 cs->env_ptr = env;
-cpu_exec_init(env);
+cpu_exec_init(cs, &error_abort);
 
 if (tcg_enabled() && !tcg_initialized) {
 tcg_initialized = true;
diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
index 808f4e5..a7c812b 100644
--- a/target-tilegx/cpu.h
+++ b/target-tilegx/cpu.h
@@ -153,7 +153,7 @@ static inline TileGXCPU *tilegx_env_get_cpu(CPUTLGState 
*env)
 #include "exec/cpu-all.h"
 
 void tilegx_tcg_init(void);
-int cpu_tilegx_exec(CPUTLGState *s);
+int cpu_tilegx_exec(CPUState *s);
 int cpu_tilegx_signal_handler(int host_signum, void *pinfo, void *puc);
 
 TileGXCPU *cpu_tilegx_init(const char *cpu_model);
-- 
1.9.3

[Qemu-devel] [PATCH 08/16] target-tilegx: Add several helpers for instructions translation

[gchen gchen]

The related instructions are exception, cntlz, cnttz, shufflebytes, and
add_saturate.

Signed-off-by: Chen Gang 
---
target-tilegx/helper.c | 83 ++
target-tilegx/helper.h | 5 +++
2 files changed, 88 insertions(+)
create mode 100644 target-tilegx/helper.c
create mode 100644 target-tilegx/helper.h

diff --git a/target-tilegx/helper.c b/target-tilegx/helper.c
new file mode 100644
index 000..5ab41cd
--- /dev/null
+++ b/target-tilegx/helper.c
@@ -0,0 +1,83 @@
+/*
+ * QEMU TILE-Gx helpers
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "exec/helper-proto.h"
+
+#define SIGNBIT32 0x8000
+
+int64_t helper_add_saturate(CPUTLGState *env, uint64_t rsrc, uint64_t rsrcb)
+{
+ uint32_t rdst = rsrc + rsrcb;
+
+ if (((rdst ^ rsrc) & SIGNBIT32) && !((rsrc ^ rsrcb) & SIGNBIT32)) {
+ rdst = ~(((int32_t)rsrc>> 31) ^ SIGNBIT32);
+ }
+
+ return (int64_t)rdst;
+}
+
+void helper_exception(CPUTLGState *env, uint32_t excp)
+{
+ CPUState *cs = CPU(tilegx_env_get_cpu(env));
+
+ cs->exception_index = excp;
+ cpu_loop_exit(cs);
+}
+
+uint64_t helper_cntlz(uint64_t arg)
+{
+ return clz64(arg);
+}
+
+uint64_t helper_cnttz(uint64_t arg)
+{
+ return ctz64(arg);
+}
+
+/*
+ * Functional Description
+ * uint64_t a = rf[SrcA];
+ * uint64_t b = rf[SrcB];
+ * uint64_t d = rf[Dest];
+ * uint64_t output = 0;
+ * unsigned int counter;
+ * for (counter = 0; counter < (WORD_SIZE / BYTE_SIZE); counter++)
+ * {
+ * int sel = getByte (b, counter) & 0xf;
+ * uint8_t byte = (sel < 8) ? getByte (d, sel) : getByte (a, (sel - 8));
+ * output = setByte (output, counter, byte);
+ * }
+ * rf[Dest] = output;
+ */
+uint64_t helper_shufflebytes(uint64_t rdst, uint64_t rsrc, uint64_t rsrcb)
+{
+ uint64_t vdst = 0;
+ int count;
+
+ for (count = 0; count < 64; count += 8) {
+ uint64_t sel = rsrcb>> count;
+ uint64_t src = (sel & 8) ? rsrc : rdst;
+ vdst |= ((src>> ((sel & 7) * 8)) & 0xff) << count;
+ }
+
+ return vdst;
+}
diff --git a/target-tilegx/helper.h b/target-tilegx/helper.h
new file mode 100644
index 000..1411c19
--- /dev/null
+++ b/target-tilegx/helper.h
@@ -0,0 +1,5 @@
+DEF_HELPER_2(exception, noreturn, env, i32)
+DEF_HELPER_FLAGS_1(cntlz, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(cnttz, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_3(shufflebytes, TCG_CALL_NO_RWG_SE, i64, i64, i64, i64)
+DEF_HELPER_3(add_saturate, s64, env, i64, i64)
--
1.9.3
  

[Qemu-devel] [PATCH 02/10] vexpress: Don't set name on abstract class

[Eduardo Habkost]

The MachineClass::name field won't be ever be used on TYPE_VEXPRESS, as
it is an abstract class and the machine class lookup code explicitly
skips abstract classes. We can remove it to make the code simpler.

Cc: Peter Maydell 
Signed-off-by: Eduardo Habkost 
---
 hw/arm/vexpress.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index da21788..15e4ae9 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -747,7 +747,6 @@ static void vexpress_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = TYPE_VEXPRESS_MACHINE;
 mc->desc = "ARM Versatile Express";
 mc->init = vexpress_common_init;
 mc->block_default_type = IF_SCSI;
-- 
2.1.0

[Qemu-devel] [PATCH 00/10] Fix machine class names to use the "-machine" suffix

[Eduardo Habkost]

The machine class names in QEMU are not consistent today. Some of them use the
"-machine" suffix, but some use completely different naming conventions. This
makes it difficult to implement machine class lookup without iterating through
the whole list of machine classes.

This series changes all machines to use "-machine" as the class
name, so we can simply use object_class_by_name() in the future to lookup
machine classes. (This was not done yet because it will also require some
changes in the way aliases are handled.)

Cc: Alexander Graf 
Cc: Christian Borntraeger 
Cc: Cornelia Huck 
Cc: Peter Maydell 
Cc: qemu-...@nongnu.org
Cc: Richard Henderson 

Eduardo Habkost (10):
  machine: MACHINE_TYPE_NAME macro
  vexpress: Don't set name on abstract class
  vexpress: Rename machine classes to use MACHINE_TYPE_NAME
  arm: Rename virt machine class to use MACHINE_TYPE_NAME
  pseries: Rename machine class names to use MACHINE_TYPE_NAME
  s390-virtio: Rename machine class name to use MACHINE_TYPE_NAME
  s390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAME
  mac99: Use MACHINE_TYPE_NAME to encode class name
  machine: Ensure all TYPE_MACHINE subclasses have the right suffix
  machine: Set MachineClass::name automatically

 hw/arm/vexpress.c  |  7 ++-
 hw/arm/virt.c  |  4 ++--
 hw/core/machine.c  | 12 
 hw/ppc/mac_newworld.c  |  3 +--
 hw/ppc/spapr.c | 12 
 hw/s390x/s390-virtio-ccw.c |  2 +-
 hw/s390x/s390-virtio.c |  4 ++--
 include/hw/boards.h|  6 ++
 vl.c   |  3 +--
 9 files changed, 31 insertions(+), 22 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH 05/10] pseries: Rename machine class names to use MACHINE_TYPE_NAME

[Eduardo Habkost]

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the the pseries
machine classes using the MACHINE_TYPE_NAME macro.

Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Eduardo Habkost 
---
 hw/ppc/spapr.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index bf0c64f..012b6ed 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1925,7 +1925,7 @@ static void spapr_machine_2_1_class_init(ObjectClass *oc, 
void *data)
 }
 
 static const TypeInfo spapr_machine_2_1_info = {
-.name  = TYPE_SPAPR_MACHINE "2.1",
+.name  = MACHINE_TYPE_NAME("pseries-2.1"),
 .parent= TYPE_SPAPR_MACHINE,
 .class_init= spapr_machine_2_1_class_init,
 .instance_init = spapr_machine_2_1_instance_init,
@@ -1945,7 +1945,7 @@ static void spapr_machine_2_2_class_init(ObjectClass *oc, 
void *data)
 }
 
 static const TypeInfo spapr_machine_2_2_info = {
-.name  = TYPE_SPAPR_MACHINE "2.2",
+.name  = MACHINE_TYPE_NAME("pseries-2.2"),
 .parent= TYPE_SPAPR_MACHINE,
 .class_init= spapr_machine_2_2_class_init,
 .instance_init = spapr_machine_2_2_instance_init,
@@ -1965,7 +1965,7 @@ static void spapr_machine_2_3_class_init(ObjectClass *oc, 
void *data)
 }
 
 static const TypeInfo spapr_machine_2_3_info = {
-.name  = TYPE_SPAPR_MACHINE "2.3",
+.name  = MACHINE_TYPE_NAME("pseries-2.3"),
 .parent= TYPE_SPAPR_MACHINE,
 .class_init= spapr_machine_2_3_class_init,
 .instance_init = spapr_machine_2_3_instance_init,
@@ -1982,7 +1982,7 @@ static void spapr_machine_2_4_class_init(ObjectClass *oc, 
void *data)
 }
 
 static const TypeInfo spapr_machine_2_4_info = {
-.name  = TYPE_SPAPR_MACHINE "2.4",
+.name  = MACHINE_TYPE_NAME("pseries-2.4"),
 .parent= TYPE_SPAPR_MACHINE,
 .class_init= spapr_machine_2_4_class_init,
 };
-- 
2.1.0

[Qemu-devel] [PATCH 01/10] machine: MACHINE_TYPE_NAME macro

[Eduardo Habkost]

The macro will be useful to ensure the machine class names follow the
right format to make machine class lookup by class name work correctly.

Signed-off-by: Eduardo Habkost 
---
 include/hw/boards.h | 6 ++
 vl.c| 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 3f84afd..178517c 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -40,6 +40,12 @@ void memory_region_allocate_system_memory(MemoryRegion *mr, 
Object *owner,
 int qemu_register_machine(QEMUMachine *m);
 
 #define TYPE_MACHINE_SUFFIX "-machine"
+
+/* Machine class name that needs to be used for class-name-based machine
+ * type lookup to work.
+ */
+#define MACHINE_TYPE_NAME(machinename) (machinename TYPE_MACHINE_SUFFIX)
+
 #define TYPE_MACHINE "machine"
 #undef MACHINE  /* BSD defines it and QEMU does not use it */
 #define MACHINE(obj) \
diff --git a/vl.c b/vl.c
index 584ca88..b7ddfeb 100644
--- a/vl.c
+++ b/vl.c
@@ -1447,7 +1447,7 @@ static void qemu_machine_class_init(ObjectClass *oc, void 
*data)
 
 int qemu_register_machine(QEMUMachine *m)
 {
-char *name = g_strconcat(m->name, TYPE_MACHINE_SUFFIX, NULL);
+char *name = g_strdup_printf(MACHINE_TYPE_NAME("%s"), m->name);
 TypeInfo ti = {
 .name   = name,
 .parent = TYPE_MACHINE,
-- 
2.1.0

[Qemu-devel] [PATCH 09/10] machine: Ensure all TYPE_MACHINE subclasses have the right suffix

[Eduardo Habkost]

Now that all non-abstract TYPE_MACHINE subclasses have the -machine
suffix, add an assert to ensure this will be always true.

Signed-off-by: Eduardo Habkost 
---
 hw/core/machine.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index ac4654e..e50c4b7 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -302,6 +302,14 @@ static void machine_class_init(ObjectClass *oc, void *data)
 mc->default_ram_size = 128 * M_BYTE;
 }
 
+static void machine_class_base_init(ObjectClass *oc, void *data)
+{
+if (!object_class_is_abstract(oc)) {
+const char *cname = object_class_get_name(oc);
+assert(g_str_has_suffix(cname, TYPE_MACHINE_SUFFIX));
+}
+}
+
 static void machine_initfn(Object *obj)
 {
 MachineState *ms = MACHINE(obj);
@@ -472,6 +480,7 @@ static const TypeInfo machine_info = {
 .abstract = true,
 .class_size = sizeof(MachineClass),
 .class_init= machine_class_init,
+.class_base_init = machine_class_base_init,
 .instance_size = sizeof(MachineState),
 .instance_init = machine_initfn,
 .instance_finalize = machine_finalize,
-- 
2.1.0

[Qemu-devel] [PATCH 08/10] mac99: Use MACHINE_TYPE_NAME to encode class name

[Eduardo Habkost]

It will result in exactly the same class name, but it will make the code
consistent with the other classes.

Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Eduardo Habkost 
---
 hw/ppc/mac_newworld.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 77d5c81..a6b8209 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -517,7 +517,7 @@ static void core99_machine_class_init(ObjectClass *oc, void 
*data)
 }
 
 static const TypeInfo core99_machine_info = {
-.name  = "mac99-machine",
+.name  = MACHINE_TYPE_NAME("mac99"),
 .parent= TYPE_MACHINE,
 .class_init= core99_machine_class_init,
 };
-- 
2.1.0

[Qemu-devel] [PATCH 07/10] s390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAME

[Eduardo Habkost]

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the
s390-ccw-virtio-2.4 machine class using the MACHINE_TYPE_NAME macro.

Cc: Alexander Graf 
Cc: Cornelia Huck 
Cc: Christian Borntraeger 
Cc: Richard Henderson 
Signed-off-by: Eduardo Habkost 
---
 hw/s390x/s390-virtio-ccw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 4c51d1a..66e1478 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -293,7 +293,7 @@ static void ccw_machine_2_4_class_init(ObjectClass *oc, 
void *data)
 }
 
 static const TypeInfo ccw_machine_2_4_info = {
-.name  = TYPE_S390_CCW_MACHINE "2.4",
+.name  = MACHINE_TYPE_NAME("s390-ccw-virtio-2.4"),
 .parent= TYPE_S390_CCW_MACHINE,
 .class_init= ccw_machine_2_4_class_init,
 };
-- 
2.1.0

Re: [Qemu-devel] [PATCH 19/25] paaudio: fix playback glitches

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Pulseaudio normally assumes that when the server wants it, the client
> can generate the audio samples and send it right away.  Unfortunately
> this is not the case with QEMU -- it's up to the emulated system when
> does it generate the samples.  Buffering the samples and sending them
> from a background thread is just a workaround, that doesn't work too
> well.  Instead enable pa's compatibility support and let pa worry about
> the details.

Afaik, it's not a problem if the audio data is not available right
away (live sources): PulseAudio should deal with that. I think it will
simply silence and wait (but it could actually be smarter than that?)

PA_STREAM_EARLY_REQUESTS is going to make PA request data more
frequently (every minreq). I don't get why that would help here. It's
meant for bad behaving applications using usleep and such that aren't
fixable, not a solution for audio glitches.

If qemu produces too much data than what PA can consume, it should
drop the old data, and only play current audio (unfortunately, that
doesn't seem to be the case looking at audio_pcm_sw_write). If qemu
produces too little, it can still write whatever it has when it has
it.

Could you provide a way to reproduce the glitch you experience or
explain more clearly how this flag helps?


thanks

>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/paaudio.c | 6 ++
>  1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/audio/paaudio.c b/audio/paaudio.c
> index 2aee22f..3990a80 100644
> --- a/audio/paaudio.c
> +++ b/audio/paaudio.c
> @@ -510,10 +510,8 @@ static pa_stream *qpa_simple_new (
>
>  flags =
>  PA_STREAM_INTERPOLATE_TIMING
> -#ifdef PA_STREAM_ADJUST_LATENCY
> -|PA_STREAM_ADJUST_LATENCY
> -#endif
> -|PA_STREAM_AUTO_TIMING_UPDATE;
> +|PA_STREAM_AUTO_TIMING_UPDATE
> +|PA_STREAM_EARLY_REQUESTS;
>  if (dev) {
>  /* don't move the stream if the user specified a sink/source */
>  flags |= PA_STREAM_DONT_MOVE;
> --
> 2.4.5
>
>



-- 
Marc-André Lureau

[Qemu-devel] [PATCH 10/10] machine: Set MachineClass::name automatically

[Eduardo Habkost]

Now all TYPE_MACHINE subclasses use MACHINE_TYPE_NAME to generate the
class name. So instead of requiring each subclass to set
MachineClass::name manually, we can now set it automatically at the
TYPE_MACHINE class_base_init() function.

Signed-off-by: Eduardo Habkost 
---
 hw/arm/vexpress.c  | 2 --
 hw/arm/virt.c  | 1 -
 hw/core/machine.c  | 3 +++
 hw/ppc/mac_newworld.c  | 1 -
 hw/ppc/spapr.c | 4 
 hw/s390x/s390-virtio.c | 1 -
 vl.c   | 1 -
 7 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index a86979d..55aed2b 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -758,7 +758,6 @@ static void vexpress_a9_class_init(ObjectClass *oc, void 
*data)
 MachineClass *mc = MACHINE_CLASS(oc);
 VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
 
-mc->name = TYPE_VEXPRESS_A9_MACHINE;
 mc->desc = "ARM Versatile Express for Cortex-A9";
 
 vmc->daughterboard = &a9_daughterboard;;
@@ -769,7 +768,6 @@ static void vexpress_a15_class_init(ObjectClass *oc, void 
*data)
 MachineClass *mc = MACHINE_CLASS(oc);
 VexpressMachineClass *vmc = VEXPRESS_MACHINE_CLASS(oc);
 
-mc->name = TYPE_VEXPRESS_A15_MACHINE;
 mc->desc = "ARM Versatile Express for Cortex-A15";
 
 vmc->daughterboard = &a15_daughterboard;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 5ba4b80..af985f6 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -960,7 +960,6 @@ static void virt_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = VIRT_MACHINE_NAME;
 mc->desc = "ARM Virtual Machine",
 mc->init = machvirt_init;
 mc->max_cpus = 8;
diff --git a/hw/core/machine.c b/hw/core/machine.c
index e50c4b7..a889d7a 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -305,8 +305,11 @@ static void machine_class_init(ObjectClass *oc, void *data)
 static void machine_class_base_init(ObjectClass *oc, void *data)
 {
 if (!object_class_is_abstract(oc)) {
+MachineClass *mc = MACHINE_CLASS(oc);
 const char *cname = object_class_get_name(oc);
 assert(g_str_has_suffix(cname, TYPE_MACHINE_SUFFIX));
+mc->name = g_strndup(cname,
+strlen(cname) - strlen(TYPE_MACHINE_SUFFIX));
 }
 }
 
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index a6b8209..70e7431 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -508,7 +508,6 @@ static void core99_machine_class_init(ObjectClass *oc, void 
*data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = "mac99";
 mc->desc = "Mac99 based PowerMAC";
 mc->init = ppc_core99_init;
 mc->max_cpus = MAX_CPUS;
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 012b6ed..05926a3 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1919,7 +1919,6 @@ static void spapr_machine_2_1_class_init(ObjectClass *oc, 
void *data)
 { /* end of list */ }
 };
 
-mc->name = "pseries-2.1";
 mc->desc = "pSeries Logical Partition (PAPR compliant) v2.1";
 mc->compat_props = compat_props;
 }
@@ -1939,7 +1938,6 @@ static void spapr_machine_2_2_class_init(ObjectClass *oc, 
void *data)
 };
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = "pseries-2.2";
 mc->desc = "pSeries Logical Partition (PAPR compliant) v2.2";
 mc->compat_props = compat_props;
 }
@@ -1959,7 +1957,6 @@ static void spapr_machine_2_3_class_init(ObjectClass *oc, 
void *data)
 };
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = "pseries-2.3";
 mc->desc = "pSeries Logical Partition (PAPR compliant) v2.3";
 mc->compat_props = compat_props;
 }
@@ -1975,7 +1972,6 @@ static void spapr_machine_2_4_class_init(ObjectClass *oc, 
void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = "pseries-2.4";
 mc->desc = "pSeries Logical Partition (PAPR compliant) v2.4";
 mc->alias = "pseries";
 mc->is_default = 1;
diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 43d6ccb..35c0ce2 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -334,7 +334,6 @@ static void s390_machine_class_init(ObjectClass *oc, void 
*data)
 MachineClass *mc = MACHINE_CLASS(oc);
 NMIClass *nc = NMI_CLASS(oc);
 
-mc->name = S390_MACHINE;
 mc->alias = "s390";
 mc->desc = "VirtIO based S390 machine";
 mc->init = s390_init;
diff --git a/vl.c b/vl.c
index b7ddfeb..870ee48 100644
--- a/vl.c
+++ b/vl.c
@@ -1432,7 +1432,6 @@ static void qemu_machine_class_init(ObjectClass *oc, void 
*data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 QEMUMachine *qm = data;
-mc->name = qm->name;
 mc->desc = qm->desc;
 mc->init = qm->init;
 mc->kvm_type = qm->kvm_type;
-- 
2.1.0

Re: [Qemu-devel] [PATCH 20/25] audio: remove mixeng specific code from backends

[Marc-André Lureau]

Hi

This commit fails to compile with errors such as:

audio/audio.c: In function ‘audio_pcm_hw_run_in’:
audio/audio.c:1143:41: error: ‘struct audio_pcm_info’ has no member
named ‘bytes_per_frame’
 size_t size = samples * hw->info.bytes_per_frame;

Re: [Qemu-devel] [PATCH 21/25] audio: common rate control code for timer based outputs

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
>
> -decr = rate_get_samples(&hw->info, &out->rate);
> -decr = audio_MIN(out->fsize - out->fpos, decr);
> -
> -*size = decr << 2;
> +*size = audio_rate_get_bytes(&hw->info, &out->rate,
> + (out->fsize - out->fpos) << 2);
>  return out->frame + out->fpos;
>  }

I am not familiar with this "rate" thing, but you are changing the way
it works for Spice without explaining why, and that worries me a
little.

The rate->bytes_sent is not updated the same way, the result is not
always << 2..

I really don't get what this is really doing tbh, some kind of clever
buffer limit :)



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH 05/25] qapi: change Netdev into a flat union

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Except qapi-schema.json, this patch was geenrated by:

generated

> +# Captures the commopn configuration of a network device.

common

-- 
Marc-André Lureau

Re: [Qemu-devel] Debian 7.8.0 SPARC64 on qemu - anything i can do to speedup the emulation?

[Artyom Tarasenko]

On Thu, Aug 20, 2015 at 7:22 AM, Dennis Luehring  wrote:
> Am 19.08.2015 um 16:41 schrieb Artyom Tarasenko:
>>
>> And if I completely disable optimizer (// #define
>> USE_TCG_OPTIMIZATIONS in tcg.c), it's still quite faster:
>>
>> real14m17.668s
>> user14m10.241s
>> sys 0m6.060s
>
>
> my tests also without USE_TCG_OPTIMIZATIONS
>
> qemu 2.4.50, netbsd 6.1.5 SPARC64
>
> without-optimization
> //#define USE_TCG_OPTIMIZATIONS
>
> pugixml compile: (without-optimization is faster)
> with-optimization: ~2:51.2
> without-optimization: ~2:14.1
>
> prime.c runtime: (without-optimization is faster)
> with-optimization: ~11 sec
> without-optimization: ~9.9 sec
>
> stream results (with-optimization gives better results)

Ok, this makes sense. Optimized code performs better but requires more
time for the translation.
The question is whether TCG can translate less while running a g++.
Maybe just increase the TB cache?

I see that it always uses the default TB buffer (sizetcg_init in
accel.c is called with an uninitialized variable).
And the default is 25 % of the machine memory (size_code_gen_buffer in
translate-all.c). I tried increasing this to 50%, and observe that
tb_flushes don't happen during the g++ run. Nevertheless QEMU is still
busy translating the code.

Why does it happen? I'd expect the TBs would mostly be re-used at some
point of running the same process.
Aurelien, Richard?

Artyom

Re: [Qemu-devel] [PATCH 17/25] audio: remove gcc specific audio_MIN, audio_MAX

[Peter Maydell]

On 19 August 2015 at 19:17, Gerd Hoffmann  wrote:
> On Do, 2015-08-06 at 20:28 +0200, Kővágó, Zoltán wrote:
>> Currently the gcc specific version only evaluates the arguments once,
>> while the generic version evaluates one argument twice, which can cause
>> debugging headaches when an argument has a side effect.
>
> The answer to that is "don't do that".  Do we have macro calls with side
> effects in the tree?
>
>> This patch at least provides consistent behavior between compilers.
>
> Makes sense.
>
>> -#else
>>  #define audio_MIN(a, b) ((a)>(b)?(b):(a))
>>  #define audio_MAX(a, b) ((a)<(b)?(b):(a))
>> -#endif
>
> include/qemu/osdep.h already provides MIN/MAX macros.
>
> I think we should either define audio_MIN (and audio_MAX) to those, or
> simply do s/audio_MIN/MIN/ in audio/*.c

My vote is for the latter. Incidentally we already assume both
typeof and statement expr support in our compilers, so we could
upgrade our local MIN/MAX implementations to use them if we
really needed. (We'd have to rename them though, since the
system implementation likely does the eval-twice thing.)

A quick grep doesn't show any audio_MIN/MAX which need to
avoid multiple-evaluation, though.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 22/25] audio: add mixeng option (documentation)

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> This will allow us to disable mixeng when we use a decent backend.
>
> Disabling mixeng have a few advantages:
> * we no longer convert the audio output from one format to another, when
>   the underlying audio system would just convert it to a third format.
>   We no longer convert, only the underlying system, when needed.
> * the underlying system probably has better resampling and sample format
>   converting methods anyway...
> * we may support formats that the mixeng currently does not support (S24
>   or float samples, more than two channels)
> * when using an audio server (like pulseaudio) different sound card
>   outputs will show up as separate streams, even if we use only one
>   backend
>
> Disadvantages:
> * audio capturing no longer works (wavcapture, and vnc audio extension)
> * some backends only support a single playback stream or very picky
>   about the audio format.  In this case we can't disable mixeng.
>

Since the setting is so complicated, shouldn't it be a OnOffAuto? and
let the backend decide what's best for the user?

> However mixeng is not removed, only made optional, so this shouldn't be
> a big concern.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  qapi/audio.json | 5 +
>  qemu-options.hx | 6 ++
>  2 files changed, 11 insertions(+)
>
> diff --git a/qapi/audio.json b/qapi/audio.json
> index b57b215..0216a10 100644
> --- a/qapi/audio.json
> +++ b/qapi/audio.json
> @@ -184,6 +184,10 @@
>  #
>  # General audio backend options that are used for both playback and 
> recording.
>  #
> +# @mixeng: #optional use QEMU's mixing engine to mix all streams inside QEMU.
> +#  When set to off, fixed-settings must be also off.  Not every 
> backend
> +#  compatible with the off setting (default on)
> +#
>  # @fixed-settings: #optional use fixed settings for host input/output.  When
>  #  off, frequency, channels and format must not be specified
>  #  (default on)
> @@ -207,6 +211,7 @@
>  ##
>  { 'struct': 'AudiodevPerDirectionOptions',
>'data': {
> +'*mixeng': 'bool',
>  '*fixed-settings': 'bool',
>  '*frequency':  'int',
>  '*channels':   'int',
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 60a3563..bd922bf 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -329,6 +329,7 @@ DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev,
>  "specifies the audio backend to use\n"
>  "id= identifier of the backend\n"
>  "timer-period= timer period in microseconds\n"
> +"in|out.mixeng= use mixeng to mix streams inside QEMU\n"
>  "in|out.fixed-settings= use fixed settings for host 
> audio\n"
>  "in|out.frequency= frequency to use with fixed 
> settings\n"
>  "in|out.channels= number of channels to use with fixed 
> settings\n"
> @@ -397,6 +398,11 @@ Identifies the audio backend.
>  Sets the timer @var{period} used by the audio subsystem in microseconds.
>  Default is 1 (10 ms).
>
> +@item in|out.mixeng=on|off
> +Use QEMU's mixing engine to mix all streams inside QEMU.  When off,
> +@var{fixed-settings} must be off too.  Not every backend is fully
> +compatible with the off setting.  Default is on.
> +
>  @item in|out.fixed-settings=on|off
>  Use fixed settings for host audio.  When off, it will change based on
>  how the guest opens the sound card.  In this case you must not specify
> --
> 2.4.5
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] Debian 7.8.0 SPARC64 on qemu - anything i can do to speedup the emulation?

[Richard Henderson]

On 08/19/2015 07:41 AM, Artyom Tarasenko wrote:

Without the patch:

  time g++ -DHAVE_CONFIG_H -I. -I../binutils-gdb/gold
-I../binutils-gdb/gold -I../binutils-gdb/gold/../include
-I../binutils-gdb/gold/../elfcpp
-DLOCALEDIR="\"/usr/local/share/locale\""
-DBINDIR="\"/usr/local/bin\"" -DTOOLBINDIR="\"/usr/local//bin\""
-DTOOLLIBDIR="\"/usr/local//lib\""   -W -Wall-Werror
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -frandom-seed=tilegx.o
-I../binutils-gdb/gold/../zlib -g -O2 -MT tilegx.o -MD -MP -MF
.deps/tilegx.Tpo -c -o tilegx.o ../binutils-gdb/gold/tilegx.cc

real18m31.407s
user18m23.661s
sys 0m6.784s

The patch surely improves the situation, tcg_optimize in the perf top
takes ~7% (instead of~12%), and the only function marked red by
perf-top is init_temp_info(). So with the patch:

real17m46.380s
user17m37.522s
sys 0m7.120s


And if I completely disable optimizer (// #define
USE_TCG_OPTIMIZATIONS in tcg.c), it's still quite faster:

real14m17.668s
user14m10.241s
sys 0m6.060s


This isn't surprising, because at the moment tcg optimizations are almost 
completely ineffective for sparc.  The way the register windows are implemented 
means that there are very few proper tcg temporaries to optimize.


I've just updated an old branch that attempts to cure this.  It creates proper 
tcg temporaries for the windowed registers, and uses a bit of recursion to find 
the place at which they should be stored.


  git://github.com/rth7680/qemu.git tcg-indirect

With a few quick unscientific tests, it appears to help.  It would be nice to 
put that branch side-by-side with your tests above.



r~

[Qemu-devel] [PATCH 06/10] s390-virtio: Rename machine class name to use MACHINE_TYPE_NAME

[Eduardo Habkost]

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the s390-virtio
machine class using the MACHINE_TYPE_NAME macro.

Cc: Alexander Graf 
Cc: Richard Henderson 
Signed-off-by: Eduardo Habkost 
---
 hw/s390x/s390-virtio.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 1284e77..43d6ccb 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -52,7 +52,8 @@
 
 #define MAX_BLK_DEVS10
 #define ZIPL_FILENAME   "s390-zipl.rom"
-#define TYPE_S390_MACHINE   "s390-machine"
+#define S390_MACHINE"s390-virtio"
+#define TYPE_S390_MACHINE   MACHINE_TYPE_NAME(S390_MACHINE)
 
 #define S390_TOD_CLOCK_VALUE_MISSING0x00
 #define S390_TOD_CLOCK_VALUE_PRESENT0x01
@@ -333,7 +334,7 @@ static void s390_machine_class_init(ObjectClass *oc, void 
*data)
 MachineClass *mc = MACHINE_CLASS(oc);
 NMIClass *nc = NMI_CLASS(oc);
 
-mc->name = "s390-virtio";
+mc->name = S390_MACHINE;
 mc->alias = "s390";
 mc->desc = "VirtIO based S390 machine";
 mc->init = s390_init;
-- 
2.1.0

Re: [Qemu-devel] [PATCH 12/25] audio: basic support for multi backend audio

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Audio functions no longer access glob_audio_state, instead they get an
> AudioState as a parameter.  This is required in order to support
> multiple backends.
>
> glob_audio_state is also gone, and replaced with a tailq so we can store
> more than one states.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/audio.c  | 95 
> +-
>  audio/audio.h  | 12 +--
>  audio/audio_int.h  |  2 ++
>  audio/audio_template.h |  2 +-
>  audio/wavcapture.c |  6 ++--
>  hmp-commands.hx| 11 +++---
>  monitor.c  | 12 ++-
>  qemu-options.hx|  5 +++
>  ui/vnc.c   | 15 +++-
>  ui/vnc.h   |  2 ++
>  vl.c   |  3 +-
>  11 files changed, 126 insertions(+), 39 deletions(-)
>
> diff --git a/audio/audio.c b/audio/audio.c
> index 05b24dc..10b9871 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -55,7 +55,8 @@ struct audio_driver *drvtab[] = {
>  NULL
>  };
>
> -static AudioState glob_audio_state;
> +static QTAILQ_HEAD(AudioStateHead, AudioState) audio_states =
> +QTAILQ_HEAD_INITIALIZER(audio_states);
>
>  const struct mixeng_volume nominal_volume = {
>  .mute = 0,
> @@ -1193,11 +1194,14 @@ static void audio_run_capture (AudioState *s)
>
>  void audio_run (const char *msg)
>  {
> -AudioState *s = &glob_audio_state;
> +AudioState *s;
> +
> +QTAILQ_FOREACH(s, &audio_states, list) {
> +audio_run_out (s);
> +audio_run_in (s);
> +audio_run_capture (s);
> +}
>
> -audio_run_out (s);
> -audio_run_in (s);
> -audio_run_capture (s);
>  #ifdef DEBUG_POLL
>  {
>  static double prevtime;
> @@ -1252,9 +1256,8 @@ static void audio_vm_change_state_handler (void 
> *opaque, int running,
>  audio_reset_timer (s);
>  }
>
> -static void audio_atexit (void)
> +static void free_audio_state(AudioState *s)
>  {
> -AudioState *s = &glob_audio_state;
>  HWVoiceOut *hwo = NULL;
>  HWVoiceIn *hwi = NULL;
>
> @@ -1288,6 +1291,16 @@ static void audio_atexit (void)
>  }
>
>  qapi_free_Audiodev(s->dev);
> +g_free(s);
> +}
> +
> +static void audio_atexit(void)
> +{
> +while (!QTAILQ_EMPTY(&audio_states)) {
> +AudioState *s = QTAILQ_FIRST(&audio_states);
> +QTAILQ_REMOVE(&audio_states, s, list);
> +free_audio_state(s);
> +}
>  }
>
>  static const VMStateDescription vmstate_audio = {
> @@ -1300,26 +1313,25 @@ static const VMStateDescription vmstate_audio = {
>  };
>
>  static Audiodev *parse_option(QemuOpts *opts, Error **errp);
> -static int audio_init(Audiodev *dev)
> +static AudioState *audio_init(Audiodev *dev)
>  {
> +static bool atexit_registered;
>  size_t i;
>  int done = 0;
>  const char *drvname = NULL;
>  VMChangeStateEntry *e;
> -AudioState *s = &glob_audio_state;
> +AudioState *s;
>  QemuOptsList *list = NULL; /* silence gcc warning about uninitialized
>  * variable */
>
> -if (s->drv) {
> -if (dev) {
> -dolog("Cannot create more than one audio backend, sorry\n");
> -qapi_free_Audiodev(dev);
> -}
> -return -1;
> -}
> -
> +/* if we have dev, this function was called because of an -audiodev
> + * argument => initialize a new state with it
> + * if dev == NULL => legacy implicit initialization, return the already
> + * created state or create a new one */

I think you could place this comment above the function.

>  if (dev) {
>  drvname = AudiodevDriver_lookup[dev->kind];
> +} else if (!QTAILQ_EMPTY(&audio_states)) {
> +return QTAILQ_FIRST(&audio_states);
>  } else {
>  audio_handle_legacy_opts();
>  list = qemu_find_opts("audiodev");
> @@ -1328,12 +1340,18 @@ static int audio_init(Audiodev *dev)
>  exit(1);
>  }
>  }
> +
> +s = g_malloc0(sizeof(AudioState));
>  s->dev = dev;
>
>  QLIST_INIT (&s->hw_head_out);
>  QLIST_INIT (&s->hw_head_in);
>  QLIST_INIT (&s->cap_head);
> -atexit (audio_atexit);
> +if (!atexit_registered) {
> +atexit(audio_atexit);
> +atexit_registered = true;
> +}
> +QTAILQ_INSERT_TAIL(&audio_states, s, list);
>
>  s->ts = timer_new_ns(QEMU_CLOCK_VIRTUAL, audio_timer, s);
>  if (!s->ts) {
> @@ -1414,15 +1432,18 @@ static int audio_init(Audiodev *dev)
>
>  QLIST_INIT (&s->card_head);
>  vmstate_register (NULL, 0, &vmstate_audio, s);
> -return 0;
> +return s;
>  }
>
>  void AUD_register_card (const char *name, QEMUSoundCard *card)
>  {
> -audio_init(NULL);
> +if (!card->state) {
> +card->state = audio_init(NULL);
> +}
> +
>  card->name = g_strdup (name);
>  memset (&card->entries, 0, sizeof (card->entries));
> -QLIST_INSERT_HEAD (&glob_audio_state.card_head, card, entries);
> +QLIST_INS

Re: [Qemu-devel] [PATCH 23/25] audio: make mixeng optional

[Marc-André Lureau]

Fails to compile:

audio/audio.c: In function ‘audio_run_out’:
audio/audio.c:1058:32: error: ‘struct audio_pcm_ops’ has no member
named ‘enable_out’
 if (hw->pcm_ops->enable_out) {

[Qemu-devel] [PATCH v2] qemu-img: Fix crash in amend invocation

[Max Reitz]

Example:
$ ./qemu-img create -f qcow2 /tmp/t.qcow2 64M
$ ./qemu-img amend -f qcow2 -o backing_file=/tmp/t.qcow2, -o help \
/tmp/t.qcow2

This should not crash. This actually is tested by iotest 082, but not
caught due to the segmentation fault being silent (which is something
that needs to be fixed, too).

Reported-by: Dr. David Alan Gilbert 
Cc: qemu-stable 
Signed-off-by: Max Reitz 
---
v2:
- Fix leak introduced by trying to be clever [Eric]
  (thank you for catching this!)
---
 qemu-img.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-img.c b/qemu-img.c
index 75f4ee4..6ff4e85 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2931,7 +2931,7 @@ static int img_amend(int argc, char **argv)
 if (!is_valid_option_list(optarg)) {
 error_report("Invalid option list: %s", optarg);
 ret = -1;
-goto out;
+goto out_no_progress;
 }
 if (!options) {
 options = g_strdup(optarg);
@@ -3031,6 +3031,7 @@ static int img_amend(int argc, char **argv)
 out:
 qemu_progress_end();
 
+out_no_progress:
 blk_unref(blk);
 qemu_opts_del(opts);
 qemu_opts_free(create_opts);
-- 
2.4.3

Re: [Qemu-devel] Debian 7.8.0 SPARC64 on qemu - anything i can do to speedup the emulation?

[Dennis Luehring]

Am 19.08.2015 um 16:41 schrieb Artyom Tarasenko:

And if I completely disable optimizer (// #define
USE_TCG_OPTIMIZATIONS in tcg.c), it's still quite faster:

real14m17.668s
user14m10.241s
sys 0m6.060s


my tests also without USE_TCG_OPTIMIZATIONS

qemu 2.4.50, netbsd 6.1.5 SPARC64

without-optimization
//#define USE_TCG_OPTIMIZATIONS

pugixml compile: (without-optimization is faster)
with-optimization: ~2:51.2
without-optimization: ~2:14.1

prime.c runtime: (without-optimization is faster)
with-optimization: ~11 sec
without-optimization: ~9.9 sec

stream results (with-optimization gives better results)

with-optimization:

Your clock granularity/precision appears to be 42 microseconds.
Each test below will take on the order of 330428 microseconds.
(= 7867 clock ticks)
FunctionBest Rate MB/s  Avg time Min time Max time
Copy: 771.5 0.214717 0.207377 0.244214
Scale:288.1 0.573320 0.555401 0.660161
Add:  423.5 0.633523 0.51 1.092067
Triad:242.9 1.053032 0.987970 1.499563

without-optimization:

Your clock granularity/precision appears to be 41 microseconds.
Each test below will take on the order of 745254 microseconds.
   (= 18176 clock ticks)
FunctionBest Rate MB/s  Avg time Min time Max time
Copy: 316.6 0.524065 0.505313 0.580103
Scale:200.5 0.813356 0.798024 0.840986
Add:  243.9 1.010247 0.984025 1.119149
Triad:182.9 1.345601 1.312236 1.427459

Re: [Qemu-devel] [PATCH 25/25] audio: split ctl_* functions into enable_* and volume_*

[Marc-André Lureau]

nice! :)

Looks good, I'll check more thoroughly when you will have an updated series.

[Qemu-devel] [PATCH] vhost: remove unnecessary code

[Yuanhan Liu]

We won't reference var 'i' anymore; there is no need to assign a value
to it.

cc: Michael S. Tsirkin 
Signed-off-by: Yuanhan Liu 
---
 hw/virtio/vhost.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 2712c6f..86ea26f 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1158,7 +1158,6 @@ fail_vq:
  hdev->vqs + i,
  hdev->vq_index + i);
 }
-i = hdev->nvqs;
 fail_mem:
 fail_features:
 
-- 
1.9.0

Re: [Qemu-devel] [PATCH v2] hmp: Allow for error message hints on HMP

[Paolo Bonzini]

On 18/08/2015 14:48, Eric Blake wrote:
> Commits 7216ae3d and d2828429 disabled some error message hints,
> all because a change to use modern error reporting meant that the
> hint would be output prior to the actual error.  Fix this by making
> hints a first-class member of Error.
> 
> For example, we are now back to the pleasant:
> 
>  $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
>  qemu-system-x86_64: --chardev null,id=,: Parameter 'id' expects an identifier
>  Identifiers consist of letters, digits, '-', '.', '_', starting with a 
> letter.
> 
> Signed-off-by: Eric Blake 
> ---

Reviewed-by: Paolo Bonzini 

[Qemu-devel] [PATCH v5 0/1] s390 pci infrastructure modeling

[Yi Min Zhao]

From: Yi Min Zhao 

This patch extends the current s390 pci implementation to provide more 
flexibility in configuration of s390 specific device handling.

For each vfio pci device, I create a zpci device to store s390 specific
informations. And attach all of these special zpci devices to the s390 
facility bus. A zpci device references the corresponding PCI device via
device id. 

The new design allows to define multiple host bridges, each host bridge
could hold 32 zpci devices at most. Add a new property named index to 
s390-pcihost device and must assign a unique value to it in qemu command
line.

The topology for this implementation could be:

  dev: s390-pcihost, id ""
index=1
bus: pci.0
  type PCI
  dev: vfio-pci, id "vpci1"
host = ":00:00.0"
..
  dev: vfio-pci, id "vpci2"
host = "0001:00:00.0"
..
  dev: s390-pci-facility, id ""
bus: s390-pci-fac-bus.0
  type s390-pci-fac-bus
  dev: zpci, id "zpci1"
fid = 1 (0x1)
uid = 2 (0x2)
pci_id = "vpci1"
  dev: zpci, id "zpci2"
fid = 6 (0x6)
uid = 7 (0x7)
pci_id = "vpci2"

To make the review easier, I keep all of the old names, such as 
S390PCIBusDevice to name a zpci device. I will make a cleanup 
patch later to change these names to a more suitable name.

Comparing to v4, this patch does the following change:
1.Add index property to s390-pcihost device.
2.Add index to s390PCIBusDevice. Its value is assigned by logical
  OR s390-pcihost device's index and pci slot.
3.Add three usable macros to get zpci index and s390pcihost index.
4.Add a bool member to s390PCIBustDevice named "available" to judge
  whether the relationship of zpci and vfio pci is established. 
  This change fixed a bug generated by previous code in case that
  only define zpci device and then hot unplug it will fail.
5.Rework s390_pci_find_dev_by_idx function.
6.Rework s390_pci_device_hot_unplug_request function to be more
  stable.
7.Rework s390_pci_device_unrealize function to make the process of
  pci device unplug more logical and stable. 

Comparing to v3, this patch does the following change:
1.Exchange vfio-pci and zpci definitions. Define zpci device firstly
  then define vfio-pci device.
2.Unplug either vfio-pci device or zpci device can remove both of them.

Yi Min Zhao (1):
  s390x: pci infrastructure modeling

 hw/s390x/s390-pci-bus.c|  379 ++--
 hw/s390x/s390-pci-bus.h|   54 ++-
 hw/s390x/s390-pci-inst.c   |   80 ++
 hw/s390x/s390-virtio-ccw.c |5 +-
 4 files changed, 392 insertions(+), 126 deletions(-)

-- 
1.7.9

[Qemu-devel] [PATCH 07/16] target-tilegx: Add cpu basic features for linux-user

[gchen gchen]

It implements minimized cpu features for linux-user.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
target-tilegx/cpu.c | 143 ++
target-tilegx/cpu.h | 175 
2 files changed, 318 insertions(+)
create mode 100644 target-tilegx/cpu.c
create mode 100644 target-tilegx/cpu.h

diff --git a/target-tilegx/cpu.c b/target-tilegx/cpu.c
new file mode 100644
index 000..663fcb6
--- /dev/null
+++ b/target-tilegx/cpu.c
@@ -0,0 +1,143 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+
+TileGXCPU *cpu_tilegx_init(const char *cpu_model)
+{
+ TileGXCPU *cpu;
+
+ cpu = TILEGX_CPU(object_new(TYPE_TILEGX_CPU));
+
+ object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
+
+ return cpu;
+}
+
+static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
+{
+ TileGXCPU *cpu = TILEGX_CPU(cs);
+
+ cpu->env.pc = value;
+}
+
+static bool tilegx_cpu_has_work(CPUState *cs)
+{
+ return true;
+}
+
+static void tilegx_cpu_reset(CPUState *s)
+{
+ TileGXCPU *cpu = TILEGX_CPU(s);
+ TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(cpu);
+ CPUTLGState *env = &cpu->env;
+
+ tcc->parent_reset(s);
+
+ memset(env, 0, sizeof(CPUTLGState));
+ tlb_flush(s, 1);
+}
+
+static void tilegx_cpu_realizefn(DeviceState *dev, Error **errp)
+{
+ CPUState *cs = CPU(dev);
+ TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(dev);
+
+ cpu_reset(cs);
+ qemu_init_vcpu(cs);
+
+ tcc->parent_realize(dev, errp);
+}
+
+static void tilegx_cpu_initfn(Object *obj)
+{
+ CPUState *cs = CPU(obj);
+ TileGXCPU *cpu = TILEGX_CPU(obj);
+ CPUTLGState *env = &cpu->env;
+ static bool tcg_initialized;
+
+ cs->env_ptr = env;
+ cpu_exec_init(env);
+
+ if (tcg_enabled() && !tcg_initialized) {
+ tcg_initialized = true;
+ tilegx_tcg_init();
+ }
+}
+
+static void tilegx_cpu_do_interrupt(CPUState *cs)
+{
+ cs->exception_index = -1;
+}
+
+static int tilegx_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw,
+ int mmu_idx)
+{
+ cpu_dump_state(cs, stderr, fprintf, 0);
+ return 1;
+}
+
+static bool tilegx_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+{
+ if (interrupt_request & CPU_INTERRUPT_HARD) {
+ tilegx_cpu_do_interrupt(cs);
+ return true;
+ }
+ return false;
+}
+
+static void tilegx_cpu_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ CPUClass *cc = CPU_CLASS(oc);
+ TileGXCPUClass *tcc = TILEGX_CPU_CLASS(oc);
+
+ tcc->parent_realize = dc->realize;
+ dc->realize = tilegx_cpu_realizefn;
+
+ tcc->parent_reset = cc->reset;
+ cc->reset = tilegx_cpu_reset;
+
+ cc->has_work = tilegx_cpu_has_work;
+ cc->do_interrupt = tilegx_cpu_do_interrupt;
+ cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt;
+ cc->set_pc = tilegx_cpu_set_pc;
+ cc->handle_mmu_fault = tilegx_cpu_handle_mmu_fault;
+ cc->gdb_num_core_regs = 0;
+}
+
+static const TypeInfo tilegx_cpu_type_info = {
+ .name = TYPE_TILEGX_CPU,
+ .parent = TYPE_CPU,
+ .instance_size = sizeof(TileGXCPU),
+ .instance_init = tilegx_cpu_initfn,
+ .class_size = sizeof(TileGXCPUClass),
+ .class_init = tilegx_cpu_class_init,
+};
+
+static void tilegx_cpu_register_types(void)
+{
+ type_register_static(&tilegx_cpu_type_info);
+}
+
+type_init(tilegx_cpu_register_types)
diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
new file mode 100644
index 000..e404025
--- /dev/null
+++ b/target-tilegx/cpu.h
@@ -0,0 +1,175 @@
+/*
+ * TILE-Gx virtual CPU header
+ *
+ * Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+#ifndef CPU_TILEGX_H
+#define CPU_TILEGX_H
+
+#

Re: [Qemu-devel] [PATCH] hw/arm/virt-acpi-build: drop _ADR entry from SPCR

[Shannon Zhao]

On 2015/8/20 8:24, Peter Maydell wrote:
> On 6 August 2015 at 14:25, Andrew Jones  wrote:
>> On Thu, Aug 06, 2015 at 01:55:14PM +0100, Leif Lindholm wrote:
>>> On Thu, Aug 06, 2015 at 02:28:03PM +0200, Andrew Jones wrote:
 In the least I wouldn't want to get burned twice, so I'd prefer to
 see the SPCR code actually get into Linux first this time. That
 would also allow us to point at something when we start breaking
 guests.
>>>
>>> So, if that's the way it has to be, that's the way it has to be.
>>> I'd just prefer not having different pieces of firmware validating
>>> different software behaviours for the same thing.
>>
>> Yeah, now it's messy. I'm actually OK with this QEMU patch, with regard
>> to the downstream stuff that I'm involved with, but other downstreams
>> may not be so flexible... We need Peter to chime in with his opinion,
>> CCed.
> 
> Could somebody who understands ACPI and the ramifications
> here let me know if I should apply this patch, please?
> (since we're now post-2.4)
> 

I think we should hold back this patch until the kernel patch goes to
upstream kernel. And without this patch I think it doesn't break anything.

Thanks,
-- 
Shannon

[Qemu-devel] [PATCH RFC 1/5] qapi: Reuse code for flat union base validation

[Eric Blake]

Rather than open-code the check for a valid base type, we
should reuse the common functionality. This allows for
consistent error messages, and also makes it easier for a
later patch to turn on support for inline anonymous base
structures.

Test flat-union-inline is updated to test only one feature
(anonymous branch dictionaries), which can be implemented
independently (test flat-union-bad-base already covers the
idea of an anonymous base dictionary).

Signed-off-by: Eric Blake 
---
 scripts/qapi.py | 11 +--
 tests/qapi-schema/flat-union-bad-base.err   |  2 +-
 tests/qapi-schema/flat-union-base-any.err   |  2 +-
 tests/qapi-schema/flat-union-base-union.err |  2 +-
 tests/qapi-schema/flat-union-inline.err |  2 +-
 tests/qapi-schema/flat-union-inline.json|  4 ++--
 tests/qapi-schema/flat-union-no-base.err|  2 +-
 tests/qapi-schema/union-invalid-base.err|  2 +-
 8 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 1e73500..ac6d7f6 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -554,15 +554,14 @@ def check_union(expr, expr_info):
 # Else, it's a flat union.
 else:
 # The object must have a string member 'base'.
-if not isinstance(base, str):
+check_type(expr_info, "'base' for union '%s'" % name,
+   base, allow_metas=['struct'])
+if not base:
 raise QAPIExprError(expr_info,
-"Flat union '%s' must have a string base field"
+"Flat union '%s' must have a valid base"
 % name)
 base_fields = find_base_fields(base)
-if not base_fields:
-raise QAPIExprError(expr_info,
-"Base '%s' is not a valid struct"
-% base)
+assert base_fields

 # The value of member 'discriminator' must name a non-optional
 # member of the base struct.
diff --git a/tests/qapi-schema/flat-union-bad-base.err 
b/tests/qapi-schema/flat-union-bad-base.err
index f9c31b2..79b8a71 100644
--- a/tests/qapi-schema/flat-union-bad-base.err
+++ b/tests/qapi-schema/flat-union-bad-base.err
@@ -1 +1 @@
-tests/qapi-schema/flat-union-bad-base.json:9: Flat union 'TestUnion' must have 
a string base field
+tests/qapi-schema/flat-union-bad-base.json:9: 'base' for union 'TestUnion' 
should be a type name
diff --git a/tests/qapi-schema/flat-union-base-any.err 
b/tests/qapi-schema/flat-union-base-any.err
index ad4d629..646f1c9 100644
--- a/tests/qapi-schema/flat-union-base-any.err
+++ b/tests/qapi-schema/flat-union-base-any.err
@@ -1 +1 @@
-tests/qapi-schema/flat-union-base-any.json:8: Base 'any' is not a valid struct
+tests/qapi-schema/flat-union-base-any.json:8: 'base' for union 'TestUnion' 
cannot use built-in type 'any'
diff --git a/tests/qapi-schema/flat-union-base-union.err 
b/tests/qapi-schema/flat-union-base-union.err
index ede9859..d50e687 100644
--- a/tests/qapi-schema/flat-union-base-union.err
+++ b/tests/qapi-schema/flat-union-base-union.err
@@ -1 +1 @@
-tests/qapi-schema/flat-union-base-union.json:11: Base 'UnionBase' is not a 
valid struct
+tests/qapi-schema/flat-union-base-union.json:11: 'base' for union 'TestUnion' 
cannot use union type 'UnionBase'
diff --git a/tests/qapi-schema/flat-union-inline.err 
b/tests/qapi-schema/flat-union-inline.err
index ec58627..258 100644
--- a/tests/qapi-schema/flat-union-inline.err
+++ b/tests/qapi-schema/flat-union-inline.err
@@ -1 +1 @@
-tests/qapi-schema/flat-union-inline.json:7: Flat union 'TestUnion' must have a 
string base field
+tests/qapi-schema/flat-union-inline.json:7: Member 'value1' of union 
'TestUnion' should be a type name
diff --git a/tests/qapi-schema/flat-union-inline.json 
b/tests/qapi-schema/flat-union-inline.json
index 6bfdd65..62c7cda 100644
--- a/tests/qapi-schema/flat-union-inline.json
+++ b/tests/qapi-schema/flat-union-inline.json
@@ -1,11 +1,11 @@
 # we require branches to be a struct name
-# TODO: should we allow anonymous inline types?
+# TODO: should we allow anonymous inline branch types?
 { 'enum': 'TestEnum',
   'data': [ 'value1', 'value2' ] }
 { 'struct': 'Base',
   'data': { 'enum1': 'TestEnum', 'kind': 'str' } }
 { 'union': 'TestUnion',
-  'base': { 'enum1': 'TestEnum', 'kind': 'str' },
+  'base': 'Base',
   'discriminator': 'enum1',
   'data': { 'value1': { 'string': 'str' },
 'value2': { 'integer': 'int' } } }
diff --git a/tests/qapi-schema/flat-union-no-base.err 
b/tests/qapi-schema/flat-union-no-base.err
index bb3f708..253e251 100644
--- a/tests/qapi-schema/flat-union-no-base.err
+++ b/tests/qapi-schema/flat-union-no-base.err
@@ -1 +1 @@
-tests/qapi-schema/flat-union-no-base.json:9: Flat union 'TestUnion' must have 
a string base field
+tests/qapi-schema/flat-union-no-base.json:9: Flat union 'TestUnion' must have 
a valid base
diff --git a/tests/qapi-schema/union-invalid-base.err 
b

Re: [Qemu-devel] [PATCH v2] virtio: avoid leading underscores for helpers

[Thomas Huth]

On 17/08/15 02:48, Cornelia Huck wrote:
> Commit ef546f1275f6563e8934dd5e338d29d9f9909ca6 ("virtio: add
> feature checking helpers") introduced a helper __virtio_has_feature.
> We don't want to use reserved identifiers, though, so let's
> rename __virtio_has_feature to virtio_has_feature and virtio_has_feature
> to virtio_vdev_has_feature.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  hw/block/virtio-blk.c |  7 ---
>  hw/char/virtio-serial-bus.c   |  2 +-
>  hw/net/vhost_net.c|  2 +-
>  hw/net/virtio-net.c   | 31 ---
>  hw/scsi/virtio-scsi.c |  8 
>  hw/virtio/dataplane/vring.c   | 10 +-
>  hw/virtio/vhost.c |  4 ++--
>  hw/virtio/virtio-balloon.c|  2 +-
>  hw/virtio/virtio.c| 14 +++---
>  include/hw/virtio/virtio-access.h |  2 +-
>  include/hw/virtio/virtio.h| 11 ++-
>  11 files changed, 48 insertions(+), 45 deletions(-)
...
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 8d28e45..f72eebf 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -86,8 +86,8 @@ static void virtio_net_set_config(VirtIODevice *vdev, const 
> uint8_t *config)
>  
>  memcpy(&netcfg, config, n->config_size);
>  
> -if (!virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
> -!virtio_has_feature(vdev, VIRTIO_F_VERSION_1) &&
> +if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
> +!virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1) &&
>  memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
>  memcpy(n->mac, netcfg.mac, ETH_ALEN);
>  qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
> @@ -304,7 +304,7 @@ static RxFilterInfo 
> *virtio_net_query_rxfilter(NetClientState *nc)
>  info->multicast_table = str_list;
>  info->vlan_table = get_vlan_table(n);
>  
> -if (!virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
> +if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
>  info->vlan = RX_STATE_ALL;
>  } else if (!info->vlan_table) {
>  info->vlan = RX_STATE_NONE;
> @@ -529,13 +529,13 @@ static void virtio_net_set_features(VirtIODevice *vdev, 
> uint64_t features)
>  int i;
>  
>  virtio_net_set_multiqueue(n,
> -  __virtio_has_feature(features, 
> VIRTIO_NET_F_MQ));
> +  virtio_has_feature(features, VIRTIO_NET_F_MQ));

Could this fit now into one line?

Anyway, patch still looks fine to me, so:

Reviewed-by: Thomas Huth 

[Qemu-devel] [PATCH] imx_serial: Generate interrupt on tx empty if enabled

[Guenter Roeck]

Generate an interrupt if the tx buffer is empty and the tx empty interrupt
is enabled. This fixes a problem seen when running a Linux image since
Linux commit 55c3cb1358e ("serial: imx: remove unneeded imx_transmit_buffer()
from imx_start_tx()"). Linux now waits for the tx empty interrupt before
starting to send data, causing transmit stalls until there is an interrupt
for another reason.

Signed-off-by: Guenter Roeck 
---
 hw/char/imx_serial.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
index f3fbc77..8dc791d 100644
--- a/hw/char/imx_serial.c
+++ b/hw/char/imx_serial.c
@@ -145,7 +145,9 @@ static void imx_update(IMXSerialState *s)
 uint32_t flags;
 
 flags = (s->usr1 & s->ucr1) & (USR1_TRDY|USR1_RRDY);
-if (!(s->ucr1 & UCR1_TXMPTYEN)) {
+if (s->ucr1 & UCR1_TXMPTYEN) {
+flags |= (s->uts1 & UTS1_TXEMPTY);
+} else {
 flags &= ~USR1_TRDY;
 }
 
-- 
2.1.4

[Qemu-devel] [PATCH 16/16 v1] target-tilegx: Implement additional instructions in normal working flow

[Chen Gang]

They are vectors, pcnt, revbytes, icoh, and drain.

Signed-off-by: Chen Gang 
---
 target-tilegx/helper.c|  12 +-
 target-tilegx/helper.h|   4 +-
 target-tilegx/translate.c | 431 ++
 3 files changed, 331 insertions(+), 116 deletions(-)

diff --git a/target-tilegx/helper.c b/target-tilegx/helper.c
index 5ab41cd..98dd805 100644
--- a/target-tilegx/helper.c
+++ b/target-tilegx/helper.c
@@ -24,7 +24,7 @@
 
 #define SIGNBIT32 0x8000
 
-int64_t helper_add_saturate(CPUTLGState *env, uint64_t rsrc, uint64_t rsrcb)
+int64_t helper_add_saturate(uint64_t rsrc, uint64_t rsrcb)
 {
 uint32_t rdst = rsrc + rsrcb;
 
@@ -53,6 +53,16 @@ uint64_t helper_cnttz(uint64_t arg)
 return ctz64(arg);
 }
 
+uint64_t helper_pcnt(uint64_t arg)
+{
+return ctpop64(arg);
+}
+
+uint64_t helper_revbytes(uint64_t arg)
+{
+return bswap64(arg);
+}
+
 /*
  * Functional Description
  * uint64_t a = rf[SrcA];
diff --git a/target-tilegx/helper.h b/target-tilegx/helper.h
index 1411c19..fbd995a 100644
--- a/target-tilegx/helper.h
+++ b/target-tilegx/helper.h
@@ -1,5 +1,7 @@
 DEF_HELPER_2(exception, noreturn, env, i32)
 DEF_HELPER_FLAGS_1(cntlz, TCG_CALL_NO_RWG_SE, i64, i64)
 DEF_HELPER_FLAGS_1(cnttz, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(pcnt, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(revbytes, TCG_CALL_NO_RWG_SE, i64, i64)
 DEF_HELPER_FLAGS_3(shufflebytes, TCG_CALL_NO_RWG_SE, i64, i64, i64, i64)
-DEF_HELPER_3(add_saturate, s64, env, i64, i64)
+DEF_HELPER_FLAGS_2(add_saturate, TCG_CALL_NO_RWG_SE, s64, i64, i64)
diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 9ae1c6d..6d993b4 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -302,20 +302,104 @@ static void gen_mtspr(struct DisasContext *dc, uint8_t 
rsrc, uint16_t imm14)
 set_exception(dc, TILEGX_EXCP_OPCODE_UNIMPLEMENTED);
 }
 
-static void extract_v1(TCGv out, TCGv in, unsigned byte)
+static void extract_v(TCGv out, TCGv in, int count, int v)
 {
-tcg_gen_shri_i64(out, in, byte * 8);
-tcg_gen_ext8u_i64(out, out);
+tcg_gen_shri_i64(out, in, count * v * 8);
+switch (v) {
+case 1:
+tcg_gen_ext8u_i64(out, out);
+break;
+case 2:
+tcg_gen_ext16u_i64(out, out);
+break;
+case 4:
+tcg_gen_ext32u_i64(out, out);
+break;
+default:
+g_assert_not_reached();
+}
 }
 
-static void insert_v1(TCGv out, TCGv in, unsigned byte)
+static void insert_v(TCGv out, TCGv in, int count, int v)
 {
-tcg_gen_deposit_i64(out, out, in, byte * 8, 8);
+tcg_gen_deposit_i64(out, out, in, count * v * 8, v * 8);
 }
 
-static void gen_v1cmpi(struct DisasContext *dc,
-   uint8_t rdst, uint8_t rsrc, int8_t imm8,
-   TCGCond cond, const char *code)
+static void gen_vadd(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, uint8_t rsrcb, int v)
+{
+int count;
+TCGv vdst = dest_gr(dc, rdst);
+TCGv vsrc = load_gr(dc, rsrc);
+TCGv vsrcb = load_gr(dc, rsrcb);
+TCGv tmp = tcg_temp_new_i64();
+TCGv tmpb = tcg_temp_new_i64();
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "v%dadd r%d, r%d, r%d\n",
+  v, rdst, rsrc, rsrcb);
+
+tcg_gen_movi_i64(vdst, 0);
+
+for (count = 0; count < sizeof(uint64_t) / v; count++) {
+extract_v(tmp, vsrc, count, v);
+extract_v(tmpb, vsrcb, count, v);
+tcg_gen_add_i64(tmp, tmp, tmpb);
+insert_v(vdst, tmp, count, v);
+}
+
+tcg_temp_free_i64(tmpb);
+tcg_temp_free_i64(tmp);
+}
+
+static void gen_vsub(struct DisasContext *dc,
+ uint8_t rdst, uint8_t rsrc, uint8_t rsrcb, int v)
+{
+int count;
+TCGv vdst = dest_gr(dc, rdst);
+TCGv vsrc = load_gr(dc, rsrc);
+TCGv vsrcb = load_gr(dc, rsrcb);
+TCGv tmp = tcg_temp_new_i64();
+TCGv tmpb = tcg_temp_new_i64();
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "v%dsub r%d, r%d, r%d\n",
+  v, rdst, rsrc, rsrcb);
+
+tcg_gen_movi_i64(vdst, 0);
+
+for (count = 0; count < sizeof(uint64_t) / v; count++) {
+extract_v(tmp, vsrc, count, v);
+extract_v(tmpb, vsrcb, count, v);
+tcg_gen_sub_i64(tmp, tmp, tmpb);
+insert_v(vdst, tmp, count, v);
+}
+
+tcg_temp_free_i64(tmpb);
+tcg_temp_free_i64(tmp);
+}
+
+static void gen_vaddi(struct DisasContext *dc,
+  uint8_t rdst, uint8_t rsrc, int8_t imm8, int v)
+{
+int count;
+TCGv vdst = dest_gr(dc, rdst);
+TCGv vsrc = load_gr(dc, rsrc);
+TCGv tmp = tcg_temp_new_i64();
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "v%daddi r%d, r%d, %d\n",
+  v, rdst, rsrc, imm8);
+
+tcg_gen_movi_i64(vdst, 0);
+for (count = 0; count < sizeof(uint64_t) / v; count++) {
+extract_v(tmp, vsrc, count, v);
+tcg_gen_addi_i64(tmp, tmp, imm8);
+insert_v(vdst, tmp, count, v);
+}
+tcg_temp_free_i64(tmp);
+}
+
+stati

[Qemu-devel] [PATCH 11/16 v1] target-tilegx: Add related feature to support iret instruction

[Chen Gang]

In fact, iret itself needs nothing, but the related previous and next
instructions need to be implemented.

SPR_EX_CONTEXT_0_0 and SPR_EX_CONTEXT_0_1 are related with iret, so let
them in a patch.

Signed-off-by: Chen Gang 
---
 target-tilegx/cpu.h   |  2 ++
 target-tilegx/translate.c | 86 +--
 2 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
index e404025..808f4e5 100644
--- a/target-tilegx/cpu.h
+++ b/target-tilegx/cpu.h
@@ -53,6 +53,8 @@ enum {
 TILEGX_SPR_CMPEXCH = 0,
 TILEGX_SPR_CRITICAL_SEC = 1,
 TILEGX_SPR_SIM_CONTROL = 2,
+TILEGX_SPR_EX_CONTEXT_0_0 = 3,
+TILEGX_SPR_EX_CONTEXT_0_1 = 4,
 TILEGX_SPR_COUNT
 };
 
diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 1dd3a43..541d603 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -48,7 +48,7 @@ static const char * const reg_names[] = {
 };
 
 static const char * const spreg_names[] = {
-"cmpexch", "criticalsec", "simcontrol"
+"cmpexch", "criticalsec", "simcontrol", "excontext00", "excontext01"
 };
 
 /* It is for temporary registers */
@@ -174,6 +174,71 @@ static void gen_swint1(struct DisasContext *dc)
 }
 
 /*
+ * Description
+ *
+ * Returns from an interrupt. Transfers control flow to the program counter
+ * location and protection level contained in the current PL ’s EX_CONTEXT
+ * registers, and restores the interrupt critical section bit to the value
+ * contained in those registers.
+ *
+ * Functional Description
+ *
+ * setNextPC(sprf [EX_CONTEXT_SPRF_OFFSET +
+ * (getCurrentProtectionLevel() * EX_CONTEXT_SIZE) +
+ *  PC_EX_CONTEXT_OFFSET]);
+ * branchPredictedIncorrect();
+ * setProtectionLevel(sprf [EX_CONTEXT_SPRF_OFFSET +
+ *  (getCurrentProtectionLevel() * EX_CONTEXT_SIZE) +
+ *   PROTECTION_LEVEL_EX_CONTEXT_OFFSET]);
+ * setInterruptCriticalSection(
+ *   sprf [EX_CONTEXT_SPRF_OFFSET +
+ * (getCurrentProtectionLevel() * EX_CONTEXT_SIZE) +
+ *  INTERRUPT_CRITICAL_SECTION_EX_CONTEXT_OFFSET]);
+ *
+ * besides the PC we need to set our new protection level, and set the 
interrupt
+ * critical section bit atomically inside of this instruction
+ */
+static void gen_iret(struct DisasContext *dc)
+{
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "iret\n");
+/*
+ * In user mode, all related things are already done by previous and next
+ * instructions, so just skip it. Can reference __longjmp code for it.
+ *
+ * ENTRY (__longjmp)
+ * FEEDBACK_ENTER(__longjmp)
+ *
+ * #define RESTORE(r) { LD r, r0 ; ADDI_PTR r0, r0, REGSIZE }
+ * FOR_EACH_CALLEE_SAVED_REG(RESTORE)
+ *
+ * {
+ *  LD r2, r0   ; retrieve ICS bit from jmp_buf
+ *  movei r3, 1
+ *  CMPEQI r0, r1, 0
+ * }
+ *
+ * {
+ *  mtspr INTERRUPT_CRITICAL_SECTION, r3
+ *  shli r2, r2, SPR_EX_CONTEXT_0_1__ICS_SHIFT
+ * }
+ *
+ * {
+ *  mtspr EX_CONTEXT_0_0, lr
+ *  ori r2, r2, RETURN_PL
+ * }
+ *
+ * {
+ *  or r0, r1, r0
+ *  mtspr EX_CONTEXT_0_1, r2
+ * }
+ *
+ * iret
+ *
+ * jrp lr
+ */
+}
+
+/*
  * Many SPR reads/writes have side effects and cannot be buffered. However, 
they
  * are all in the X1 pipe, which we are excuting last, therefore we need not do
  * additional buffering.
@@ -197,6 +262,12 @@ static void gen_mfspr(struct DisasContext *dc, uint8_t 
rdst, uint16_t imm14)
 case SPR_SIM_CONTROL:
 tcg_gen_mov_i64(cpu_regs[rdst], cpu_spregs[TILEGX_SPR_SIM_CONTROL]);
 return;
+case SPR_EX_CONTEXT_0_0:
+tcg_gen_mov_i64(cpu_regs[rdst], cpu_spregs[TILEGX_SPR_EX_CONTEXT_0_0]);
+return;
+case SPR_EX_CONTEXT_0_1:
+tcg_gen_mov_i64(cpu_regs[rdst], cpu_spregs[TILEGX_SPR_EX_CONTEXT_0_1]);
+return;
 default:
 qemu_log_mask(LOG_UNIMP, "UNIMP mfspr 0x%x.\n", imm14);
 }
@@ -218,6 +289,12 @@ static void gen_mtspr(struct DisasContext *dc, uint8_t 
rsrc, uint16_t imm14)
 case SPR_SIM_CONTROL:
 tcg_gen_mov_i64(cpu_spregs[TILEGX_SPR_SIM_CONTROL], load_gr(dc, rsrc));
 return;
+case SPR_EX_CONTEXT_0_0:
+tcg_gen_mov_i64(cpu_spregs[TILEGX_SPR_EX_CONTEXT_0_0], load_gr(dc, 
rsrc));
+return;
+case SPR_EX_CONTEXT_0_1:
+tcg_gen_mov_i64(cpu_spregs[TILEGX_SPR_EX_CONTEXT_0_1], load_gr(dc, 
rsrc));
+return;
 default:
 qemu_log_mask(LOG_UNIMP, "UNIMP mtspr 0x%x.\n", imm14);
 }
@@ -2257,6 +2334,12 @@ static void decode_u_opcode_ex_x1(struct DisasContext 
*dc,
 return;
 }
 break;
+case IRET_UNARY_OPCODE_X1:
+if (!rdst && !rsrc) {
+

Re: [Qemu-devel] [PATCH v3] opts: produce valid command line in qemu_opts_print

[Marc-André Lureau]

On Tue, Jul 7, 2015 at 4:42 PM, Kővágó, Zoltán  wrote:
> This will let us print options in a format that the user would actually
> write it on the command line (foo=bar,baz=asd,etc=def), without
> prepending a spurious comma at the beginning of the list, or quoting
> values unnecessarily.  This patch provides the following changes:
> * write and id=, if the option has an id

you can remove the first "and" here

> * do not print separator before the first element
> * do not quote string arguments
> * properly escape commas (,) for QEMU

Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

[Qemu-devel] [Bug 1329956] Re: multi-core FreeBSD guest hangs after warm reboot

[Venkateswara Rao Dokku]

Can you please tell me whether the issue is fixed with the latest
kernel? If so, what version has the fix?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1329956

Title:
  multi-core FreeBSD guest hangs after warm reboot

Status in QEMU:
  Incomplete

Bug description:
  On some Linux KVM hosts in our environment, FreeBSD guests fail to
  reboot properly if they have more than one CPU (socket, core, and/or
  thread). They will boot fine the first time, but after issuing a
  "reboot" command via the OS the guest starts to boot but hangs during
  SMP initialization. Fully shutting down and restarting the guest works
  in all cases.

  The only meaningful difference between hosts with the problem and those 
without is the CPU. Hosts with Xeon E5-26xx v2 processors have the problem, 
including at least the "Intel(R) Xeon(R) CPU E5-2667 v2" and the "Intel(R) 
Xeon(R) CPU E5-2650 v2".
  Hosts with any other CPU, including "Intel(R) Xeon(R) CPU E5-2650 0", 
"Intel(R) Xeon(R) CPU E5-2620 0", or "AMD Opteron(TM) Processor 6274" do not 
have the problem. Note the "v2" in the names of the problematic CPUs.

  On hosts with a "v2" Xeon, I can reproduce the problem under Linux
  kernel 3.10 or 3.12 and Qemu 1.7.0 or 2.0.0.

  The problem occurs with all currently-supported versions of FreeBSD,
  including 8.4, 9.2, 10.0 and 11-CURRENT.

  On a Linux KVM host with a "v2" Xeon, this command line is adequate to
  reproduce the problem:

  /usr/bin/qemu-system-x86_64 -machine accel=kvm -name bsdtest -m 512
  -smp 2,sockets=1,cores=1,threads=2 -drive
  file=./20140613_FreeBSD_9.2-RELEASE_ufs.qcow2,if=none,id=drive0,format=qcow2
  -device virtio-blk-pci,scsi=off,drive=drive0 -vnc 0.0.0.0:0 -net none

  I have tried many variations including different models of -machine
  and -cpu for the guest with no visible difference.

  A native FreeBSD installation on a host with a "v2" Xeon does not have
  the problem, nor do a paravirtualized FreeBSD guests under bhyve (the
  BSD legacy-free hypervisor) using the same FreeBSD disk images as on
  the Linux hosts. So it seems unlikely the cause is on the FreeBSD side
  of things.

  I would greatly appreciate any feedback or developer attention to
  this. I am happy to provide additional details, test patches, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1329956/+subscriptions

[Qemu-devel] [PATCH 03/10] vexpress: Rename machine classes to use MACHINE_TYPE_NAME

[Eduardo Habkost]

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the vexpress
machine classes using the MACHINE_TYPE_NAME macro.

Cc: Peter Maydell 
Signed-off-by: Eduardo Habkost 
---
 hw/arm/vexpress.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
index 15e4ae9..a86979d 100644
--- a/hw/arm/vexpress.c
+++ b/hw/arm/vexpress.c
@@ -168,8 +168,8 @@ typedef struct {
 } VexpressMachineState;
 
 #define TYPE_VEXPRESS_MACHINE   "vexpress"
-#define TYPE_VEXPRESS_A9_MACHINE   "vexpress-a9"
-#define TYPE_VEXPRESS_A15_MACHINE   "vexpress-a15"
+#define TYPE_VEXPRESS_A9_MACHINE   MACHINE_TYPE_NAME("vexpress-a9")
+#define TYPE_VEXPRESS_A15_MACHINE   MACHINE_TYPE_NAME("vexpress-a15")
 #define VEXPRESS_MACHINE(obj) \
 OBJECT_CHECK(VexpressMachineState, (obj), TYPE_VEXPRESS_MACHINE)
 #define VEXPRESS_MACHINE_GET_CLASS(obj) \
-- 
2.1.0

[Qemu-devel] [PATCH 02/16] linux-user: Support tilegx architecture in linux-user

[gchen gchen]

Add main working flow feature, system call processing feature, and elf64
tilegx binary loading feature, based on Linux kernel tilegx 64-bit
implementation.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
include/elf.h | 2 +
linux-user/elfload.c | 23 
linux-user/main.c | 295 ++
linux-user/syscall_defs.h | 14 ++-
4 files changed, 329 insertions(+), 5 deletions(-)

diff --git a/include/elf.h b/include/elf.h
index 4afd474..79859f0 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -133,6 +133,8 @@ typedef int64_t Elf64_Sxword;

#define EM_AARCH64 183

+#define EM_TILEGX 191 /* TILE-Gx */
+
/* This is the info that is needed to parse the dynamic section of the file */
#define DT_NULL 0
#define DT_NEEDED 1
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 1788368..bfb8d1f 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1218,6 +1218,29 @@ static inline void init_thread(struct target_pt_regs 
*regs, struct image_info *i

#endif /* TARGET_S390X */

+#ifdef TARGET_TILEGX
+
+/* 42 bits real used address, a half for user mode */
+#define ELF_START_MMAP (0x00200ULL)
+
+#define elf_check_arch(x) ((x) == EM_TILEGX)
+
+#define ELF_CLASS ELFCLASS64
+#define ELF_DATA ELFDATA2LSB
+#define ELF_ARCH EM_TILEGX
+
+static inline void init_thread(struct target_pt_regs *regs,
+ struct image_info *infop)
+{
+ regs->pc = infop->entry;
+ regs->sp = infop->start_stack;
+
+}
+
+#define ELF_EXEC_PAGESIZE 65536 /* TILE-Gx page size is 64KB */
+
+#endif /* TARGET_TILEGX */
+
#ifndef ELF_PLATFORM
#define ELF_PLATFORM (NULL)
#endif
diff --git a/linux-user/main.c b/linux-user/main.c
index fdee981..253aade 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3411,6 +3411,290 @@ void cpu_loop(CPUS390XState *env)

#endif /* TARGET_S390X */

+#ifdef TARGET_TILEGX
+
+static void gen_sigsegv_mapper(CPUTLGState *env, target_ulong addr)
+{
+ target_siginfo_t info;
+
+ info.si_signo = TARGET_SIGSEGV;
+ info.si_errno = 0;
+ info.si_code = TARGET_SEGV_MAPERR;
+ info._sifields._sigfault._addr = addr;
+ queue_signal(env, info.si_signo, &info);
+}
+
+static void gen_sigill_reg(CPUTLGState *env)
+{
+ target_siginfo_t info;
+
+ info.si_signo = TARGET_SIGILL;
+ info.si_errno = 0;
+ info.si_code = TARGET_ILL_PRVREG;
+ info._sifields._sigfault._addr = env->pc;
+ queue_signal(env, info.si_signo, &info);
+}
+
+static int get_regval(CPUTLGState *env, uint8_t reg, target_ulong *val)
+{
+ if (likely(reg < TILEGX_R_COUNT)) {
+ *val = env->regs[reg];
+ return 0;
+ }
+
+ switch (reg) {
+ case TILEGX_R_SN:
+ case TILEGX_R_ZERO:
+ *val = 0;
+ return 0;
+ case TILEGX_R_IDN0:
+ case TILEGX_R_IDN1:
+ case TILEGX_R_UDN0:
+ case TILEGX_R_UDN1:
+ case TILEGX_R_UDN2:
+ case TILEGX_R_UDN3:
+ return -1;
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static int set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
+{
+ if (unlikely(reg>= TILEGX_R_COUNT)) {
+ switch (reg) {
+ case TILEGX_R_SN:
+ case TILEGX_R_ZERO:
+ return 0;
+ case TILEGX_R_IDN0:
+ case TILEGX_R_IDN1:
+ case TILEGX_R_UDN0:
+ case TILEGX_R_UDN1:
+ case TILEGX_R_UDN2:
+ case TILEGX_R_UDN3:
+ return -1;
+ default:
+ g_assert_not_reached();
+ }
+ }
+
+ env->regs[reg] = val;
+ return 0;
+}
+
+/*
+ * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
+ * memory at the address held in the first source register. If the values are
+ * not equal, then no memory operation is performed. If the values are equal,
+ * the 8-byte quantity from the second source register is written into memory
+ * at the address held in the first source register. In either case, the result
+ * of the instruction is the value read from memory. The compare and write to
+ * memory are atomic and thus can be used for synchronization purposes. This
+ * instruction only operates for addresses aligned to a 8-byte boundary.
+ * Unaligned memory access causes an Unaligned Data Reference interrupt.
+ *
+ * Functional Description (64-bit)
+ * uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
+ * rf[Dest] = memVal;
+ * if (memVal == SPR[CmpValueSPR])
+ * memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
+ *
+ * Functional Description (32-bit)
+ * uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
+ * rf[Dest] = memVal;
+ * if (memVal == signExtend32 (SPR[CmpValueSPR]))
+ * memoryWriteWord (rf[SrcA], rf[SrcB]);
+ *
+ *
+ * This function also processes exch and exch4 which need not process SPR.
+ */
+static void do_exch(CPUTLGState *env, bool quad, bool cmp)
+{
+ uint8_t rdst, rsrc, rsrcb;
+ target_ulong addr;
+ target_long val, sprval;
+
+ start_exclusive();
+
+ rdst = extract32(env->excparam, 16, 8);
+ rsrc = extract32(env->excparam, 8, 8);
+ rsrcb = extract32(env->excparam, 0, 8);
+
+ if (get_regval(env, rsrc, &addr)) {
+ goto sigill_reg;
+ }
+ if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
+ goto sigsegv_mapper;
+ }
+
+ if (cmp) {
+ if (quad) {
+ sprval = env->spregs[TILEGX_SPR_CMPEXCH];
+ } else {
+ sprval 

Re: [Qemu-devel] [PATCH 09/25] audio: use qapi AudioFormat instead of audfmt_e

[Marc-André Lureau]

looks good,

Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH] hw/arm/virt-acpi-build: drop _ADR entry from SPCR

[Shannon Zhao]

On 2015/8/20 18:48, G Gregory wrote:

On 20 August 2015 at 11:18, Leif Lindholm  wrote:

On Thu, Aug 20, 2015 at 01:24:39AM +0100, Peter Maydell wrote:

On 6 August 2015 at 14:25, Andrew Jones  wrote:

On Thu, Aug 06, 2015 at 01:55:14PM +0100, Leif Lindholm wrote:

On Thu, Aug 06, 2015 at 02:28:03PM +0200, Andrew Jones wrote:

In the least I wouldn't want to get burned twice, so I'd prefer to
see the SPCR code actually get into Linux first this time. That
would also allow us to point at something when we start breaking
guests.


So, if that's the way it has to be, that's the way it has to be.
I'd just prefer not having different pieces of firmware validating
different software behaviours for the same thing.


Yeah, now it's messy. I'm actually OK with this QEMU patch, with regard
to the downstream stuff that I'm involved with, but other downstreams
may not be so flexible... We need Peter to chime in with his opinion,
CCed.


Could somebody who understands ACPI and the ramifications
here let me know if I should apply this patch, please?
(since we're now post-2.4)


I presume my opinion is clear, but I'm cc:ing some of the Linaro ACPI
team.

Graeme, Al - the patch in question is:
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg314356.html


Using _ADR for a non enumerable bus is undefined behaviour in the ACPI
specification.

How it is used in Redhats SPCR patch is IMO wrong becuase there is no
guarantee that _ADR will be defined for any MMIO device in DSDT.

I believe QEMU should not follow this just to make a non upstreamed
Redhat patch work.

Yeah, but when will the right kernel patch be upstreamed? Do you have a 
plan for upstreaming it? Or it's on the list already?


As said before, we can apply this patch after the kernel patch upstreamed.

Thanks,
--
Shannon

[Qemu-devel] Subject: [PATCH 01/16] linux-user: tilegx: Firstly add architecture related features

[gchen gchen]

They are based on Linux kernel tilegx architecture for 64 bit binary,
and also based on tilegx ABI reference document, and also reference from
other targets implementations.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
linux-user/tilegx/syscall.h | 40 +
linux-user/tilegx/syscall_nr.h | 324 +
linux-user/tilegx/target_cpu.h | 35 
linux-user/tilegx/target_signal.h | 28 
linux-user/tilegx/target_structs.h | 46 ++
linux-user/tilegx/termbits.h | 274 +++
6 files changed, 747 insertions(+)
create mode 100644 linux-user/tilegx/syscall.h
create mode 100644 linux-user/tilegx/syscall_nr.h
create mode 100644 linux-user/tilegx/target_cpu.h
create mode 100644 linux-user/tilegx/target_signal.h
create mode 100644 linux-user/tilegx/target_structs.h
create mode 100644 linux-user/tilegx/termbits.h

diff --git a/linux-user/tilegx/syscall.h b/linux-user/tilegx/syscall.h
new file mode 100644
index 000..653ece1
--- /dev/null
+++ b/linux-user/tilegx/syscall.h
@@ -0,0 +1,40 @@
+#ifndef TILEGX_SYSCALLS_H
+#define TILEGX_SYSCALLS_H
+
+#define UNAME_MACHINE "tilegx"
+#define UNAME_MINIMUM_RELEASE "3.19"
+
+#define MMAP_SHIFT TARGET_PAGE_BITS
+
+#define TILEGX_IS_ERRNO(ret) \
+ ((ret)> 0xf000ULL) /* errno is 0 -- 4096 */
+
+typedef uint64_t tilegx_reg_t;
+
+struct target_pt_regs {
+
+ union {
+ /* Saved main processor registers; 56..63 are special. */
+ tilegx_reg_t regs[56];
+ struct {
+ tilegx_reg_t __regs[53];
+ tilegx_reg_t tp; /* aliases regs[TREG_TP] */
+ tilegx_reg_t sp; /* aliases regs[TREG_SP] */
+ tilegx_reg_t lr; /* aliases regs[TREG_LR] */
+ };
+ };
+
+ /* Saved special registers. */
+ tilegx_reg_t pc; /* stored in EX_CONTEXT_K_0 */
+ tilegx_reg_t ex1; /* stored in EX_CONTEXT_K_1 (PL and ICS bit) */
+ tilegx_reg_t faultnum; /* fault number (INT_SWINT_1 for syscall) */
+ tilegx_reg_t orig_r0; /* r0 at syscall entry, else zero */
+ tilegx_reg_t flags; /* flags (see below) */
+ tilegx_reg_t cmpexch; /* value of CMPEXCH_VALUE SPR at interrupt */
+ tilegx_reg_t pad[2];
+};
+
+#define TARGET_MLOCKALL_MCL_CURRENT 1
+#define TARGET_MLOCKALL_MCL_FUTURE 2
+
+#endif
diff --git a/linux-user/tilegx/syscall_nr.h b/linux-user/tilegx/syscall_nr.h
new file mode 100644
index 000..1dca348
--- /dev/null
+++ b/linux-user/tilegx/syscall_nr.h
@@ -0,0 +1,324 @@
+#ifndef TILEGX_SYSCALL_NR
+#define TILEGX_SYSCALL_NR
+
+/*
+ * Copy from linux kernel asm-generic/unistd.h, which tilegx uses.
+ */
+#define TARGET_NR_io_setup 0
+#define TARGET_NR_io_destroy 1
+#define TARGET_NR_io_submit 2
+#define TARGET_NR_io_cancel 3
+#define TARGET_NR_io_getevents 4
+#define TARGET_NR_setxattr 5
+#define TARGET_NR_lsetxattr 6
+#define TARGET_NR_fsetxattr 7
+#define TARGET_NR_getxattr 8
+#define TARGET_NR_lgetxattr 9
+#define TARGET_NR_fgetxattr 10
+#define TARGET_NR_listxattr 11
+#define TARGET_NR_llistxattr 12
+#define TARGET_NR_flistxattr 13
+#define TARGET_NR_removexattr 14
+#define TARGET_NR_lremovexattr 15
+#define TARGET_NR_fremovexattr 16
+#define TARGET_NR_getcwd 17
+#define TARGET_NR_lookup_dcookie 18
+#define TARGET_NR_eventfd2 19
+#define TARGET_NR_epoll_create1 20
+#define TARGET_NR_epoll_ctl 21
+#define TARGET_NR_epoll_pwait 22
+#define TARGET_NR_dup 23
+#define TARGET_NR_dup3 24
+#define TARGET_NR_fcntl 25
+#define TARGET_NR_inotify_init1 26
+#define TARGET_NR_inotify_add_watch 27
+#define TARGET_NR_inotify_rm_watch 28
+#define TARGET_NR_ioctl 29
+#define TARGET_NR_ioprio_set 30
+#define TARGET_NR_ioprio_get 31
+#define TARGET_NR_flock 32
+#define TARGET_NR_mknodat 33
+#define TARGET_NR_mkdirat 34
+#define TARGET_NR_unlinkat 35
+#define TARGET_NR_symlinkat 36
+#define TARGET_NR_linkat 37
+#define TARGET_NR_renameat 38
+#define TARGET_NR_umount2 39
+#define TARGET_NR_mount 40
+#define TARGET_NR_pivot_root 41
+#define TARGET_NR_nfsservctl 42
+#define TARGET_NR_statfs 43
+#define TARGET_NR_fstatfs 44
+#define TARGET_NR_truncate 45
+#define TARGET_NR_ftruncate 46
+#define TARGET_NR_fallocate 47
+#define TARGET_NR_faccessat 48
+#define TARGET_NR_chdir 49
+#define TARGET_NR_fchdir 50
+#define TARGET_NR_chroot 51
+#define TARGET_NR_fchmod 52
+#define TARGET_NR_fchmodat 53
+#define TARGET_NR_fchownat 54
+#define TARGET_NR_fchown 55
+#define TARGET_NR_openat 56
+#define TARGET_NR_close 57
+#define TARGET_NR_vhangup 58
+#define TARGET_NR_pipe2 59
+#define TARGET_NR_quotactl 60
+#define TARGET_NR_getdents64 61
+#define TARGET_NR_lseek 62
+#define TARGET_NR_read 63
+#define TARGET_NR_write 64
+#define TARGET_NR_readv 65
+#define TARGET_NR_writev 66
+#define TARGET_NR_pread64 67
+#define TARGET_NR_pwrite64 68
+#define TARGET_NR_preadv 69
+#define TARGET_NR_pwritev 70
+#define TARGET_NR_sendfile 71
+#define TARGET_NR_pselect6 72
+#define TARGET_NR_ppoll 73
+#define TARGET_NR_signalfd4 74
+#define TARGET_NR_vmsplice 75
+#define TARGET_NR_splice 76
+#define TARGET_NR_tee 77
+#define TARGET_NR_readlinkat 78
+#define TARGET_NR_fstatat64 79 /* let syscall.c kn

[Qemu-devel] [PATCH 14/16 v1] linux-user: main: Use negative qemu errno for syscall return errno

[Chen Gang]

The qemu errno is negative of normal errno, so revert it before return
from syscall, or the related user mode checking will fail, e.g. cp/mv
will call stat64 and check errno ENOENT (not -ENOENT).

Signed-of-by Chen Gang 
---
 linux-user/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 253aade..f0bda09 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3654,7 +3654,7 @@ void cpu_loop(CPUTLGState *env)
 env->regs[4], env->regs[5],
 env->regs[6], env->regs[7]);
 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(env->regs[TILEGX_R_RE])
-  ? env->regs[TILEGX_R_RE]
+  ? - 
env->regs[TILEGX_R_RE]
   : 0;
 break;
 case TILEGX_EXCP_OPCODE_EXCH:
-- 
1.9.3

Re: [Qemu-devel] [PATCH 10/25] audio: -audiodev command line option

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> This patch adds an -audiodev command line option, and deprecates the
> QEMU_* environment variables for audio backend configuration.  It's

"its" or simply "the"

> syntax is similar to existing options (-netdev, -device, etc): -audiodev
> driver_name,property=value,...
>
> Audio drivers now get an Audiodev * as config paramters, instead of the
> global audio_option structs.  There is some code in audio/audio_legacy.c
> that converts the old environment variables to audiodev options (this
> way backends do not have to worry about legacy options).  It also
> contains a replacement of -audio-help, which prints out the equivalent
> -audiodev based config of the currently specified environment variables.

I guess the option should be deprecated though, perhaps not even
visible in -help.

>
> Although now it's possible to specify multiple -audiodev options on
> command line, multiple audio backends are not supported yet.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/Makefile.objs |   2 +-
>  audio/alsaaudio.c   | 311 ++--
>  audio/audio.c   | 760 
> ++--
>  audio/audio.h   |  23 +-
>  audio/audio_int.h   |  23 +-
>  audio/audio_legacy.c| 328 +
>  audio/audio_template.h  |  13 +-
>  audio/coreaudio.c   |  49 +---
>  audio/dsound_template.h |   6 +-
>  audio/dsoundaudio.c |  60 ++--
>  audio/noaudio.c |   3 +-
>  audio/ossaudio.c| 155 +++---
>  audio/paaudio.c |  82 ++
>  audio/sdlaudio.c|  24 +-
>  audio/spiceaudio.c  |   7 +-
>  audio/wavaudio.c|  60 +---
>  qemu-options.hx | 226 +-
>  vl.c|  10 +-
>  18 files changed, 1015 insertions(+), 1127 deletions(-)
>  create mode 100644 audio/audio_legacy.c
>

Quite a large patch, perhaps it could be splitted?

> diff --git a/audio/Makefile.objs b/audio/Makefile.objs
> index 481d1aa..9d8f579 100644
> --- a/audio/Makefile.objs
> +++ b/audio/Makefile.objs
> @@ -1,4 +1,4 @@
> -common-obj-y = audio.o noaudio.o wavaudio.o mixeng.o
> +common-obj-y = audio.o audio_legacy.o noaudio.o wavaudio.o mixeng.o
>  common-obj-$(CONFIG_SDL) += sdlaudio.o
>  common-obj-$(CONFIG_OSS) += ossaudio.o
>  common-obj-$(CONFIG_SPICE) += spiceaudio.o
> diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
> index 2b28b99..cfe4aec 100644
> --- a/audio/alsaaudio.c
> +++ b/audio/alsaaudio.c
> @@ -22,6 +22,7 @@
>   * THE SOFTWARE.
>   */
>  #include 
> +#include "qapi-visit.h"
>  #include "qemu-common.h"
>  #include "qemu/main-loop.h"
>  #include "audio.h"
> @@ -34,28 +35,9 @@
>  #define AUDIO_CAP "alsa"
>  #include "audio_int.h"
>
> -typedef struct ALSAConf {
> -int size_in_usec_in;
> -int size_in_usec_out;
> -const char *pcm_name_in;
> -const char *pcm_name_out;
> -unsigned int buffer_size_in;
> -unsigned int period_size_in;
> -unsigned int buffer_size_out;
> -unsigned int period_size_out;
> -unsigned int threshold;
> -
> -int buffer_size_in_overridden;
> -int period_size_in_overridden;
> -
> -int buffer_size_out_overridden;
> -int period_size_out_overridden;
> -} ALSAConf;
> -
>  struct pollhlp {
>  snd_pcm_t *handle;
>  struct pollfd *pfds;
> -ALSAConf *conf;
>  int count;
>  int mask;
>  };
> @@ -67,6 +49,7 @@ typedef struct ALSAVoiceOut {
>  void *pcm_buf;
>  snd_pcm_t *handle;
>  struct pollhlp pollhlp;
> +Audiodev *dev;
>  } ALSAVoiceOut;
>
>  typedef struct ALSAVoiceIn {
> @@ -74,16 +57,13 @@ typedef struct ALSAVoiceIn {
>  snd_pcm_t *handle;
>  void *pcm_buf;
>  struct pollhlp pollhlp;
> +Audiodev *dev;
>  } ALSAVoiceIn;
>
>  struct alsa_params_req {
>  int freq;
>  snd_pcm_format_t fmt;
>  int nchannels;
> -int size_in_usec;
> -int override_mask;
> -unsigned int buffer_size;
> -unsigned int period_size;
>  };
>
>  struct alsa_params_obt {
> @@ -409,7 +389,8 @@ static int alsa_to_audfmt (snd_pcm_format_t alsafmt, 
> AudioFormat *fmt,
>
>  static void alsa_dump_info (struct alsa_params_req *req,
>  struct alsa_params_obt *obt,
> -snd_pcm_format_t obtfmt)
> +snd_pcm_format_t obtfmt,
> +AudiodevPerDirectionOptions *pdo)
>  {
>  dolog ("parameter | requested value | obtained value\n");
>  dolog ("format|  %10d | %10d\n", req->fmt, obtfmt);
> @@ -417,8 +398,9 @@ static void alsa_dump_info (struct alsa_params_req *req,
> req->nchannels, obt->nchannels);
>  dolog ("frequency |  %10d | %10d\n", req->freq, obt->freq);
>  dolog ("\n");
> -dolog ("requested: buffer size %d period size %d\n",
> -   req->buffer_size, req->period_size);
> +dolog ("requested: buffer size %" PRId64 " buffer co

Re: [Qemu-devel] [PATCH v2 1/6] cputlb: Add functions for flushing TLB for a single MMU index

[Edgar E. Iglesias]

On Fri, Aug 14, 2015 at 11:41:14AM +0100, Peter Maydell wrote:
> Guest CPU TLB maintenance operations may be sufficiently
> specialized to only need to flush TLB entries corresponding
> to a particular MMU index. Implement cputlb functions for
> this, to avoid the inefficiency of flushing TLB entries
> which we don't need to.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Edgar E. Iglesias 




> ---
>  cputlb.c| 97 
> +
>  include/exec/exec-all.h | 47 
>  2 files changed, 144 insertions(+)
> 
> diff --git a/cputlb.c b/cputlb.c
> index a506086..4bc6c24 100644
> --- a/cputlb.c
> +++ b/cputlb.c
> @@ -69,6 +69,47 @@ void tlb_flush(CPUState *cpu, int flush_global)
>  tlb_flush_count++;
>  }
>  
> +static inline void v_tlb_flush_by_mmuidx(CPUState *cpu, va_list argp)
> +{
> +CPUArchState *env = cpu->env_ptr;
> +
> +#if defined(DEBUG_TLB)
> +printf("tlb_flush_by_mmuidx:");
> +#endif
> +/* must reset current TB so that interrupts cannot modify the
> +   links while we are modifying them */
> +cpu->current_tb = NULL;
> +
> +for (;;) {
> +int mmu_idx = va_arg(argp, int);
> +
> +if (mmu_idx < 0) {
> +break;
> +}
> +
> +#if defined(DEBUG_TLB)
> +printf(" %d", mmu_idx);
> +#endif
> +
> +memset(env->tlb_table[mmu_idx], -1, sizeof(env->tlb_table[0]));
> +memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
> +}
> +
> +#if defined(DEBUG_TLB)
> +printf("\n");
> +#endif
> +
> +memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
> +}
> +
> +void tlb_flush_by_mmuidx(CPUState *cpu, ...)
> +{
> +va_list argp;
> +va_start(argp, cpu);
> +v_tlb_flush_by_mmuidx(cpu, argp);
> +va_end(argp);
> +}
> +
>  static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
>  {
>  if (addr == (tlb_entry->addr_read &
> @@ -121,6 +162,62 @@ void tlb_flush_page(CPUState *cpu, target_ulong addr)
>  tb_flush_jmp_cache(cpu, addr);
>  }
>  
> +void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, ...)
> +{
> +CPUArchState *env = cpu->env_ptr;
> +int i, k;
> +va_list argp;
> +
> +va_start(argp, addr);
> +
> +#if defined(DEBUG_TLB)
> +printf("tlb_flush_page_by_mmu_idx: " TARGET_FMT_lx, addr);
> +#endif
> +/* Check if we need to flush due to large pages.  */
> +if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
> +#if defined(DEBUG_TLB)
> +printf(" forced full flush ("
> +   TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
> +   env->tlb_flush_addr, env->tlb_flush_mask);
> +#endif
> +v_tlb_flush_by_mmuidx(cpu, argp);
> +va_end(argp);
> +return;
> +}
> +/* must reset current TB so that interrupts cannot modify the
> +   links while we are modifying them */
> +cpu->current_tb = NULL;
> +
> +addr &= TARGET_PAGE_MASK;
> +i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
> +
> +for (;;) {
> +int mmu_idx = va_arg(argp, int);
> +
> +if (mmu_idx < 0) {
> +break;
> +}
> +
> +#if defined(DEBUG_TLB)
> +printf(" %d", mmu_idx);
> +#endif
> +
> +tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
> +
> +/* check whether there are vltb entries that need to be flushed */
> +for (k = 0; k < CPU_VTLB_SIZE; k++) {
> +tlb_flush_entry(&env->tlb_v_table[mmu_idx][k], addr);
> +}
> +}
> +va_end(argp);
> +
> +#if defined(DEBUG_TLB)
> +printf("\n");
> +#endif
> +
> +tb_flush_jmp_cache(cpu, addr);
> +}
> +
>  /* update the TLBs so that writes to code in the virtual page 'addr'
> can be detected */
>  void tlb_protect_code(ram_addr_t ram_addr)
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index a6fce04..4933683 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -96,8 +96,46 @@ bool qemu_in_vcpu_thread(void);
>  void cpu_reload_memory_map(CPUState *cpu);
>  void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as);
>  /* cputlb.c */
> +/**
> + * tlb_flush_page:
> + * @cpu: CPU whose TLB should be flushed
> + * @addr: virtual address of page to be flushed
> + *
> + * Flush one page from the TLB of the specified CPU, for all
> + * MMU indexes.
> + */
>  void tlb_flush_page(CPUState *cpu, target_ulong addr);
> +/**
> + * tlb_flush:
> + * @cpu: CPU whose TLB should be flushed
> + * @flush_global: ignored
> + *
> + * Flush the entire TLB for the specified CPU.
> + * The flush_global flag is in theory an indicator of whether the whole
> + * TLB should be flushed, or only those entries not marked global.
> + * In practice QEMU does not implement any global/not global flag for
> + * TLB entries, and the argument is ignored.
> + */
>  void tlb_flush(CPUState *cpu, int flush_global);
> +/**
> + * tlb_flush_page_by_mmuidx:
> + * @cpu: CPU whose TLB should be flushed

Re: [Qemu-devel] [PATCH] hw/arm/virt-acpi-build: drop _ADR entry from SPCR

[Leif Lindholm]

On Thu, Aug 20, 2015 at 01:24:39AM +0100, Peter Maydell wrote:
> On 6 August 2015 at 14:25, Andrew Jones  wrote:
> > On Thu, Aug 06, 2015 at 01:55:14PM +0100, Leif Lindholm wrote:
> >> On Thu, Aug 06, 2015 at 02:28:03PM +0200, Andrew Jones wrote:
> >> > In the least I wouldn't want to get burned twice, so I'd prefer to
> >> > see the SPCR code actually get into Linux first this time. That
> >> > would also allow us to point at something when we start breaking
> >> > guests.
> >>
> >> So, if that's the way it has to be, that's the way it has to be.
> >> I'd just prefer not having different pieces of firmware validating
> >> different software behaviours for the same thing.
> >
> > Yeah, now it's messy. I'm actually OK with this QEMU patch, with regard
> > to the downstream stuff that I'm involved with, but other downstreams
> > may not be so flexible... We need Peter to chime in with his opinion,
> > CCed.
> 
> Could somebody who understands ACPI and the ramifications
> here let me know if I should apply this patch, please?
> (since we're now post-2.4)

I presume my opinion is clear, but I'm cc:ing some of the Linaro ACPI
team.

Graeme, Al - the patch in question is:
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg314356.html

/
Leif

[Qemu-devel] [PATCH 07/16 v1] target-tilegx: Add cpu basic features for linux-user

[Chen Gang]

It implements minimized cpu features for linux-user.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
 target-tilegx/cpu.c | 143 ++
 target-tilegx/cpu.h | 175 
 2 files changed, 318 insertions(+)
 create mode 100644 target-tilegx/cpu.c
 create mode 100644 target-tilegx/cpu.h

diff --git a/target-tilegx/cpu.c b/target-tilegx/cpu.c
new file mode 100644
index 000..663fcb6
--- /dev/null
+++ b/target-tilegx/cpu.c
@@ -0,0 +1,143 @@
+/*
+ * QEMU TILE-Gx CPU
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+
+TileGXCPU *cpu_tilegx_init(const char *cpu_model)
+{
+TileGXCPU *cpu;
+
+cpu = TILEGX_CPU(object_new(TYPE_TILEGX_CPU));
+
+object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
+
+return cpu;
+}
+
+static void tilegx_cpu_set_pc(CPUState *cs, vaddr value)
+{
+TileGXCPU *cpu = TILEGX_CPU(cs);
+
+cpu->env.pc = value;
+}
+
+static bool tilegx_cpu_has_work(CPUState *cs)
+{
+return true;
+}
+
+static void tilegx_cpu_reset(CPUState *s)
+{
+TileGXCPU *cpu = TILEGX_CPU(s);
+TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(cpu);
+CPUTLGState *env = &cpu->env;
+
+tcc->parent_reset(s);
+
+memset(env, 0, sizeof(CPUTLGState));
+tlb_flush(s, 1);
+}
+
+static void tilegx_cpu_realizefn(DeviceState *dev, Error **errp)
+{
+CPUState *cs = CPU(dev);
+TileGXCPUClass *tcc = TILEGX_CPU_GET_CLASS(dev);
+
+cpu_reset(cs);
+qemu_init_vcpu(cs);
+
+tcc->parent_realize(dev, errp);
+}
+
+static void tilegx_cpu_initfn(Object *obj)
+{
+CPUState *cs = CPU(obj);
+TileGXCPU *cpu = TILEGX_CPU(obj);
+CPUTLGState *env = &cpu->env;
+static bool tcg_initialized;
+
+cs->env_ptr = env;
+cpu_exec_init(env);
+
+if (tcg_enabled() && !tcg_initialized) {
+tcg_initialized = true;
+tilegx_tcg_init();
+}
+}
+
+static void tilegx_cpu_do_interrupt(CPUState *cs)
+{
+cs->exception_index = -1;
+}
+
+static int tilegx_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw,
+   int mmu_idx)
+{
+cpu_dump_state(cs, stderr, fprintf, 0);
+return 1;
+}
+
+static bool tilegx_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+{
+if (interrupt_request & CPU_INTERRUPT_HARD) {
+tilegx_cpu_do_interrupt(cs);
+return true;
+}
+return false;
+}
+
+static void tilegx_cpu_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+CPUClass *cc = CPU_CLASS(oc);
+TileGXCPUClass *tcc = TILEGX_CPU_CLASS(oc);
+
+tcc->parent_realize = dc->realize;
+dc->realize = tilegx_cpu_realizefn;
+
+tcc->parent_reset = cc->reset;
+cc->reset = tilegx_cpu_reset;
+
+cc->has_work = tilegx_cpu_has_work;
+cc->do_interrupt = tilegx_cpu_do_interrupt;
+cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt;
+cc->set_pc = tilegx_cpu_set_pc;
+cc->handle_mmu_fault = tilegx_cpu_handle_mmu_fault;
+cc->gdb_num_core_regs = 0;
+}
+
+static const TypeInfo tilegx_cpu_type_info = {
+.name = TYPE_TILEGX_CPU,
+.parent = TYPE_CPU,
+.instance_size = sizeof(TileGXCPU),
+.instance_init = tilegx_cpu_initfn,
+.class_size = sizeof(TileGXCPUClass),
+.class_init = tilegx_cpu_class_init,
+};
+
+static void tilegx_cpu_register_types(void)
+{
+type_register_static(&tilegx_cpu_type_info);
+}
+
+type_init(tilegx_cpu_register_types)
diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
new file mode 100644
index 000..e404025
--- /dev/null
+++ b/target-tilegx/cpu.h
@@ -0,0 +1,175 @@
+/*
+ *  TILE-Gx virtual CPU header
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public L

[Qemu-devel] [PATCH 02/16 v1] linux-user: Support tilegx architecture in linux-user

[Chen Gang]

Add main working flow feature, system call processing feature, and elf64
tilegx binary loading feature, based on Linux kernel tilegx 64-bit
implementation.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
 include/elf.h |   2 +
 linux-user/elfload.c  |  23 
 linux-user/main.c | 295 ++
 linux-user/syscall_defs.h |  14 ++-
 4 files changed, 329 insertions(+), 5 deletions(-)

diff --git a/include/elf.h b/include/elf.h
index 4afd474..79859f0 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -133,6 +133,8 @@ typedef int64_t  Elf64_Sxword;
 
 #define EM_AARCH64  183
 
+#define EM_TILEGX   191 /* TILE-Gx */
+
 /* This is the info that is needed to parse the dynamic section of the file */
 #define DT_NULL0
 #define DT_NEEDED  1
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 1788368..bfb8d1f 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1218,6 +1218,29 @@ static inline void init_thread(struct target_pt_regs 
*regs, struct image_info *i
 
 #endif /* TARGET_S390X */
 
+#ifdef TARGET_TILEGX
+
+/* 42 bits real used address, a half for user mode */
+#define ELF_START_MMAP (0x00200ULL)
+
+#define elf_check_arch(x) ((x) == EM_TILEGX)
+
+#define ELF_CLASS   ELFCLASS64
+#define ELF_DATAELFDATA2LSB
+#define ELF_ARCHEM_TILEGX
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->pc = infop->entry;
+regs->sp = infop->start_stack;
+
+}
+
+#define ELF_EXEC_PAGESIZE65536 /* TILE-Gx page size is 64KB */
+
+#endif /* TARGET_TILEGX */
+
 #ifndef ELF_PLATFORM
 #define ELF_PLATFORM (NULL)
 #endif
diff --git a/linux-user/main.c b/linux-user/main.c
index fdee981..253aade 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3411,6 +3411,290 @@ void cpu_loop(CPUS390XState *env)
 
 #endif /* TARGET_S390X */
 
+#ifdef TARGET_TILEGX
+
+static void gen_sigsegv_mapper(CPUTLGState *env, target_ulong addr)
+{
+target_siginfo_t info;
+
+info.si_signo = TARGET_SIGSEGV;
+info.si_errno = 0;
+info.si_code = TARGET_SEGV_MAPERR;
+info._sifields._sigfault._addr = addr;
+queue_signal(env, info.si_signo, &info);
+}
+
+static void gen_sigill_reg(CPUTLGState *env)
+{
+target_siginfo_t info;
+
+info.si_signo = TARGET_SIGILL;
+info.si_errno = 0;
+info.si_code = TARGET_ILL_PRVREG;
+info._sifields._sigfault._addr = env->pc;
+queue_signal(env, info.si_signo, &info);
+}
+
+static int get_regval(CPUTLGState *env, uint8_t reg, target_ulong *val)
+{
+if (likely(reg < TILEGX_R_COUNT)) {
+*val = env->regs[reg];
+return 0;
+}
+
+switch (reg) {
+case TILEGX_R_SN:
+case TILEGX_R_ZERO:
+*val = 0;
+return 0;
+case TILEGX_R_IDN0:
+case TILEGX_R_IDN1:
+case TILEGX_R_UDN0:
+case TILEGX_R_UDN1:
+case TILEGX_R_UDN2:
+case TILEGX_R_UDN3:
+return -1;
+default:
+g_assert_not_reached();
+}
+}
+
+static int set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
+{
+if (unlikely(reg >= TILEGX_R_COUNT)) {
+switch (reg) {
+case TILEGX_R_SN:
+case TILEGX_R_ZERO:
+return 0;
+case TILEGX_R_IDN0:
+case TILEGX_R_IDN1:
+case TILEGX_R_UDN0:
+case TILEGX_R_UDN1:
+case TILEGX_R_UDN2:
+case TILEGX_R_UDN3:
+return -1;
+default:
+g_assert_not_reached();
+}
+}
+
+env->regs[reg] = val;
+return 0;
+}
+
+/*
+ * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
+ * memory at the address held in the first source register. If the values are
+ * not equal, then no memory operation is performed. If the values are equal,
+ * the 8-byte quantity from the second source register is written into memory
+ * at the address held in the first source register. In either case, the result
+ * of the instruction is the value read from memory. The compare and write to
+ * memory are atomic and thus can be used for synchronization purposes. This
+ * instruction only operates for addresses aligned to a 8-byte boundary.
+ * Unaligned memory access causes an Unaligned Data Reference interrupt.
+ *
+ * Functional Description (64-bit)
+ *   uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
+ *   rf[Dest] = memVal;
+ *   if (memVal == SPR[CmpValueSPR])
+ *   memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
+ *
+ * Functional Description (32-bit)
+ *   uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
+ *   rf[Dest] = memVal;
+ *   if (memVal == signExtend32 (SPR[CmpValueSPR]))
+ *   memoryWriteWord (rf[SrcA], rf[SrcB]);
+ *
+ *
+ * This function also processes exch and exch4 which need not process SPR.
+ */
+static void do_exch(CPUTLGState *env, bool quad, bool cmp)
+{
+uint8_t rdst, rsrc, rsrcb;
+target_ulong addr;

Re: [Qemu-devel] [PATCH v6 02/10] init/cleanup of netfilter object

[Yang Hongyang]

On 08/10/2015 05:18 PM, Jason Wang wrote:



On 08/07/2015 10:46 AM, Yang Hongyang wrote:

QTAILQ_ENTRY global_list but used by filter layer, so that we can
manage all filters together.
QTAILQ_ENTRY next used by netdev, filter belongs to the specific netdev is
in this queue.
This is mostly the same with init/cleanup of netdev object.

Signed-off-by: Yang Hongyang 
---
v6: add multiqueue support (net_filter_init1)
v5: remove model from NetFilterState
 add a sent_cb param to receive_iov API
---
  include/net/filter.h|  42 +++
  include/net/net.h   |   1 +
  include/qemu/typedefs.h |   1 +
  net/filter.c| 141 
  net/net.c   |   1 +
  qapi-schema.json|  37 +
  6 files changed, 223 insertions(+)

diff --git a/include/net/filter.h b/include/net/filter.h
index 4242ded..7a858d8 100644
--- a/include/net/filter.h

[...]

+static
+NetFilterInit * const net_filter_init_fun[NET_FILTER_OPTIONS_KIND_MAX] = {
+};
+
+static int net_filter_init1(const NetFilter *netfilter, Error **errp)
+{
+NetClientState *ncs[MAX_QUEUE_NUM];
+const char *name = netfilter->id;
+const char *netdev_id = netfilter->netdev;
+const char *chain_str = NULL;
+const NetFilterOptions *opts = netfilter->opts;
+int chain, queues, i;
+
+if (!net_filter_init_fun[opts->kind]) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "type",
+   "a net filter type");
+return -1;
+}
+
+if (netfilter->has_chain) {
+chain_str = netfilter->chain;
+if (!strcmp(chain_str, "in")) {
+chain = NET_FILTER_IN;
+} else if (!strcmp(chain_str, "out")) {
+chain = NET_FILTER_OUT;
+} else if (!strcmp(chain_str, "all")) {
+chain = NET_FILTER_ALL;
+} else {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "chain",
+   "netfilter chain (in/out/all)");
+return -1;
+}
+} else {
+/* default */
+chain = NET_FILTER_ALL;
+}
+
+queues = qemu_find_net_clients_except(netdev_id, ncs,
+  NET_CLIENT_OPTIONS_KIND_NIC,
+  MAX_QUEUE_NUM);
+if (queues < 1) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "netdev",
+   "a network backend id");
+return -1;
+}


Let's fail when vhost is used here.


I think you mean vhost-user here?




+
+for (i = 0; i < queues; i++) {
+if (net_filter_init_fun[opts->kind](opts, name,
+chain, ncs[i], errp) < 0) {
+if (errp && !*errp) {
+error_setg(errp, QERR_DEVICE_INIT_FAILED,
+   NetFilterOptionsKind_lookup[opts->kind]);
+}
+return -1;
+}
+}
+
+return 0;
+}
+
+static int net_init_filter(void *dummy, QemuOpts *opts, Error **errp)
+{
+NetFilter *object = NULL;
+Error *err = NULL;
+int ret = -1;
+OptsVisitor *ov = opts_visitor_new(opts);
+
+visit_type_NetFilter(opts_get_visitor(ov), &object, NULL, &err);
+opts_visitor_cleanup(ov);
+
+if (!err) {
+ret = net_filter_init1(object, &err);
+}
+
+if (object) {
+QapiDeallocVisitor *dv = qapi_dealloc_visitor_new();
+
+visit_type_NetFilter(qapi_dealloc_get_visitor(dv), &object, NULL, 
NULL);
+qapi_dealloc_visitor_cleanup(dv);
+}
+
+error_propagate(errp, err);


should print out the error here instead of propagate it,otherwise the error msg
is lost.


+return ret;
+}

  int net_init_filters(void)
  {
+QTAILQ_INIT(&net_filters);
+
+if (qemu_opts_foreach(qemu_find_opts("netfilter"),
+  net_init_filter, NULL, NULL)) {
+return -1;
+}
+
  return 0;
  }


Then errors will be lost here?



Yes, good catch, thank you !


.



--
Thanks,
Yang.

[Qemu-devel] [PATCH RFC 5/5] qapi: Allow anonymous base for flat union

[Eric Blake]

Rather than requiring all flat unions to explicitly create
a separate base struct, we want to allow the qapi schema
to specify the common fields via an inline dictionary. This
is similar to how commands can specify inline types for the
arguments.

Now that the feature is legal, we can drop the former
flat-union-bad-base negative test, and instead change the
positive tests in qapi-schema-test to use it.

Signed-off-by: Eric Blake 
---
 scripts/qapi-commands.py   |  2 +-
 scripts/qapi-types.py  |  2 +-
 scripts/qapi-visit.py  | 13 +++---
 scripts/qapi.py| 39 ++
 tests/Makefile |  3 +--
 tests/qapi-schema/flat-union-bad-base.err  |  1 -
 tests/qapi-schema/flat-union-bad-base.exit |  1 -
 tests/qapi-schema/flat-union-bad-base.json | 13 --
 tests/qapi-schema/flat-union-bad-base.out  |  0
 tests/qapi-schema/qapi-schema-test.json|  2 +-
 tests/qapi-schema/qapi-schema-test.out |  5 +++-
 11 files changed, 41 insertions(+), 40 deletions(-)
 delete mode 100644 tests/qapi-schema/flat-union-bad-base.err
 delete mode 100644 tests/qapi-schema/flat-union-bad-base.exit
 delete mode 100644 tests/qapi-schema/flat-union-bad-base.json
 delete mode 100644 tests/qapi-schema/flat-union-bad-base.out

diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index 3eb3704..18fbedf 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -135,7 +135,7 @@ visit_type_%(c_name)s(v, &arg, NULL, %(errp)s);
  c_name=arg_type.c_name(), errp=errparg)
 ret += gen_err_check(errarg)
 else:
-ret += gen_visit_fields(arg_type.members, '', errarg)
+ret += gen_visit_fields(arg_type.members, '', errarg, 'out')

 if dealloc:
 ret += mcgen('''
diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index 8f92b38..8d22b5a 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -95,7 +95,7 @@ struct %(c_name)s {
 ''',
 c_name=c_name(name))
 if base:
-ret += gen_struct_fields([], base)
+ret += gen_struct_fields([], base, not base.info)
 elif not variants.tag_member:
 ret += mcgen('''
 qtype_code type;
diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index edf97cb..6e492f2 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -95,7 +95,7 @@ if (err) {
 ''',
  c_type=base.c_name())

-ret += gen_visit_fields(members, '(*obj)->', 'err')
+ret += gen_visit_fields(members, '(*obj)->', 'err', 'out')

 pop_indent()
 if base or members:
@@ -231,7 +231,7 @@ out:
 def gen_visit_union(name, base, variants):
 ret = ''

-if base:
+if base and base.info:
 ret += gen_visit_struct_fields(base.name, base.base,
base.local_members)

@@ -259,13 +259,18 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, 
const char *name, Error

 tag_key = variants.tag_member.name
 if base:
-ret += mcgen('''
+if base.info:
+ret += mcgen('''
 visit_type_%(c_name)s_fields(v, (%(c_name)s **)obj, &err);
 if (err) {
 goto out_obj;
 }
 ''',
- c_name=c_name(base.name))
+ c_name=c_name(base.name))
+else:
+push_indent()
+ret += gen_visit_fields(base.members, '(*obj)->', 'err', 'out_obj')
+pop_indent()
 else:
 ret += mcgen('''
 visit_type_%(c_type)s(v, &(*obj)->%(c_name)s, "%(name)s", &err);
diff --git a/scripts/qapi.py b/scripts/qapi.py
index 9af310f..7eef19d 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -308,6 +308,8 @@ class QAPISchemaParser(object):
 #

 def find_base_fields(base):
+if isinstance(base, OrderedDict):
+return base
 base_struct_define = find_struct(base)
 if not base_struct_define:
 return None
@@ -475,19 +477,23 @@ def check_type(expr_info, source, value, allow_array = 
False,
allow_metas=['built-in', 'union', 'alternate', 'struct',
 'enum'])

-def check_member_clash(expr_info, base_name, data, source = ""):
-base = find_struct(base_name)
-assert base
-base_members = base['data']
+def check_member_clash(expr_info, base, data, source = ""):
+base_obj = None
+base_name = ''
+if isinstance(base, str):
+base_name = " '%s'" % base
+base_obj = find_struct(base)
+assert base_obj
+base = base_obj['data']
 for key in data.keys():
 if key.startswith('*'):
 key = key[1:]
-if key in base_members or "*" + key in base_members:
+if key in base or "*" + key in base:
 raise QAPIExprError(expr_info,
-"Member name '%s'%s clashes with base '%s'"
+"Member name '%s'%s

Re: [Qemu-devel] [PATCH 14/25] audio: audiodev= parameters no longer optional when -audiodev present

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/audio.c | 13 -
>  1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/audio/audio.c b/audio/audio.c
> index 10b9871..7468b94 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -69,6 +69,8 @@ const struct mixeng_volume nominal_volume = {
>  #endif
>  };
>
> +static bool legacy_config;
> +
>  #ifdef AUDIO_IS_FLAWLESS_AND_NO_CHECKS_ARE_REQURIED
>  #error No its not
>  #else
> @@ -1331,8 +1333,13 @@ static AudioState *audio_init(Audiodev *dev)
>  if (dev) {
>  drvname = AudiodevDriver_lookup[dev->kind];
>  } else if (!QTAILQ_EMPTY(&audio_states)) {
> +if (!legacy_config) {
> +dolog("Must specify audiodev when using -audiodev\n");
> +exit(1);
> +}
>  return QTAILQ_FIRST(&audio_states);
>  } else {
> +legacy_config = true;
>  audio_handle_legacy_opts();
>  list = qemu_find_opts("audiodev");
>  dev = parse_option(QTAILQ_FIRST(&list->head), &error_abort);
> @@ -1463,7 +1470,11 @@ CaptureVoiceOut *AUD_add_capture(
>  CaptureVoiceOut *cap;
>  struct capture_callback *cb;
>
> -if (!s) { /* todo */
> +if (!s) {
> +if (!legacy_config) {
> +dolog("Must specify audiodev when using -audiodev\n");

This error message is a bit confusing. I think adding a bit of context
could help, you could pass the card name from the AUD_register_card
call, and use a sentence like: "You must specify an audiodev= for the
device %s".

> +goto err0;
> +}
>  s = QTAILQ_FIRST(&audio_states);
>  }
>
> --
> 2.4.5
>
>

looks good otherwise,

Reviewed-by: Marc-André Lureau 



-- 
Marc-André Lureau

[Qemu-devel] [PATCH RFC 2/5] qapi: Generate consistent variable names

[Eric Blake]

Code consolidation is easier if similar code uses the same variable
naming conventions.  Prefer 'err' over 'local_err' in the command
and event marshallers, and prefer 'v' over 'm' as the name of the
Visitor object in the visitor code.  The resulting changes have no
impact to compiled code behavior (only to debug symbols).

Signed-off-by: Eric Blake 
---
 scripts/qapi-commands.py | 22 
 scripts/qapi-event.py| 22 
 scripts/qapi-visit.py| 66 
 3 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index d75a399..a30f79a 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -53,14 +53,14 @@ def gen_call(name, arg_type, box, ret_type):
 push_indent()
 ret = mcgen('''

-%(lhs)sqmp_%(c_name)s(%(args)s&local_err);
+%(lhs)sqmp_%(c_name)s(%(args)s&err);
 ''',
 c_name=c_name(name), args=argstr, lhs=lhs)
 if ret_type:
-ret += gen_err_check('local_err')
+ret += gen_err_check('err')
 ret += mcgen('''

-qmp_marshal_output_%(c_name)s(retval, ret, &local_err);
+qmp_marshal_output_%(c_name)s(retval, ret, &err);
 ''',
  c_name=ret_type.c_name())
 pop_indent()
@@ -68,7 +68,7 @@ qmp_marshal_output_%(c_name)s(retval, ret, &local_err);

 def gen_marshal_vars(arg_type, box, ret_type):
 ret = mcgen('''
-Error *local_err = NULL;
+Error *err = NULL;
 ''')

 push_indent()
@@ -131,8 +131,8 @@ md = qapi_dealloc_visitor_new();
 v = qapi_dealloc_get_visitor(md);
 ''')
 else:
-errparg = '&local_err'
-errarg = 'local_err'
+errparg = '&err'
+errarg = 'err'
 ret += mcgen('''
 v = qmp_input_get_visitor(mi);
 ''')
@@ -182,20 +182,20 @@ def gen_marshal_output(ret_type):

 static void qmp_marshal_output_%(c_name)s(%(c_type)s ret_in, QObject 
**ret_out, Error **errp)
 {
-Error *local_err = NULL;
+Error *err = NULL;
 QmpOutputVisitor *mo = qmp_output_visitor_new();
 QapiDeallocVisitor *md;
 Visitor *v;

 v = qmp_output_get_visitor(mo);
-visit_type_%(c_name)s(v, &ret_in, "unused", &local_err);
-if (local_err) {
+visit_type_%(c_name)s(v, &ret_in, "unused", &err);
+if (err) {
 goto out;
 }
 *ret_out = qmp_output_get_qobject(mo);

 out:
-error_propagate(errp, local_err);
+error_propagate(errp, err);
 qmp_output_visitor_cleanup(mo);
 md = qapi_dealloc_visitor_new();
 v = qapi_dealloc_get_visitor(md);
@@ -235,7 +235,7 @@ def gen_marshal(name, arg_type, box, ret_type):
 out:
 ''')
 ret += mcgen('''
-error_propagate(errp, local_err);
+error_propagate(errp, err);
 ''')
 ret += gen_marshal_input_visit(arg_type, box, dealloc=True)
 ret += mcgen('''
diff --git a/scripts/qapi-event.py b/scripts/qapi-event.py
index 17f0c12..385 100644
--- a/scripts/qapi-event.py
+++ b/scripts/qapi-event.py
@@ -31,7 +31,7 @@ def gen_event_send(name, arg_type, box):
 %(proto)s
 {
 QDict *qmp;
-Error *local_err = NULL;
+Error *err = NULL;
 QMPEventFuncEmit emit;
 ''',
 proto=gen_event_send_proto(name, arg_type, box))
@@ -70,8 +70,8 @@ def gen_event_send(name, arg_type, box):

 if box:
 ret += mcgen('''
-visit_type_%(c_name)s(v, &arg, NULL, &local_err);
-if (local_err) {
+visit_type_%(c_name)s(v, &arg, NULL, &err);
+if (err) {
 goto clean;
 }
 ''',
@@ -79,8 +79,8 @@ def gen_event_send(name, arg_type, box):
 else:
 ret += mcgen('''
 /* Fake visit, as if all members are under a structure */
-visit_start_struct(v, NULL, "", "%(name)s", 0, &local_err);
-if (local_err) {
+visit_start_struct(v, NULL, "", "%(name)s", 0, &err);
+if (err) {
 goto clean;
 }
 ''',
@@ -101,8 +101,8 @@ def gen_event_send(name, arg_type, box):
 cast = ''

 ret += mcgen('''
-visit_type_%(c_type)s(v, %(cast)s&%(c_name)s, "%(name)s", &local_err);
-if (local_err) {
+visit_type_%(c_type)s(v, %(cast)s&%(c_name)s, "%(name)s", &err);
+if (err) {
 goto clean;
 }
 ''',
@@ -119,8 +119,8 @@ def gen_event_send(name, arg_type, box):

 ret += mcgen('''

-visit_end_struct(v, &local_err);
-if (local_err) {
+visit_end_struct(v, &err);
+if (err) {
 goto clean;
 }

@@ -131,7 +131,7 @@ def gen_event_send(name, arg_type, box):
 ''')

 ret += mcgen('''
-emit(%(c_enum)s, qmp, &local_err);
+emit(%(c_enum)s, qmp, &err);

 ''',
  c_enum=c_enum_const(event_enum_name, name))
@@ -142,7 +142,7 @@ def gen_event_send(name, arg_type, box):
 qmp_output_visitor_cleanup(qov);
 ''')
 ret += mcgen('''
-error_propagate(errp, local_err);
+error_propagate(errp, err);
 QDECREF(qmp);
 }
 ''')
diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index e4f7c89..1fe6c64 100644

Re: [Qemu-devel] [PATCH 00/16] tilegx: Firstly add tilegx target for linux-user

[gchen gchen]

Oh, sorry, my hotmail seems has issues, I shall try to send all patches
again after fix it tomorrow.


On 8/21/15 01:04, gchen gchen wrote:
> Hello All:
>
> After the implementation, it can let normal tilegx program working (e.g.
> sh, vi, cp, mv ...). And the known left issues are:
>
> - At present, it can not pass gcc testsuite (it causes some programs
> pending).
>
> - The floating point implementation is not included, since at present,
> it is only the temporary implementation.
>
> - There are still some instructions which are not implemented.
>
> Chen Gang (16):
> linux-user: tilegx: Firstly add architecture related features
> linux-user: Support tilegx architecture in linux-user
> linux-user/syscall.c: conditionalize syscalls which are not defined in
> tilegx
> target-tilegx: Add opcode basic implementation from Tilera Corporation
> target-tilegx/opcode_tilegx.h: Modify it to fit QEMU usage
> target-tilegx: Add special register information from Tilera
> Corporation
> target-tilegx: Add cpu basic features for linux-user
> target-tilegx: Add several helpers for instructions translation
> target-tilegx: Generate tcg instructions to finish "Hello world"
> target-tilegx: Add TILE-Gx building files
> target-tilegx: Add related feature to support iret instruction
> target-tilegx: Implement decode_rrr_8_opcode_y0
> target-tilegx: Use int8_t instead of uint8_t for imm8 in gen_st_add()
> linux-user: main: Use negative qemu errno for syscall return errno
> tilegx: Match with the latest qemu master tree
> target-tilegx: Implement additional instructions in normal working
> flow
>
> configure | 2 +
> default-configs/tilegx-linux-user.mak | 1 +
> include/elf.h | 2 +
> linux-user/elfload.c | 23 +
> linux-user/main.c | 295 +++
> linux-user/syscall.c | 50 +-
> linux-user/syscall_defs.h | 14 +-
> linux-user/tilegx/syscall.h | 40 +
> linux-user/tilegx/syscall_nr.h | 324 
> linux-user/tilegx/target_cpu.h | 35 +
> linux-user/tilegx/target_signal.h | 28 +
> linux-user/tilegx/target_structs.h | 46 +
> linux-user/tilegx/termbits.h | 274 +++
> target-tilegx/Makefile.objs | 1 +
> target-tilegx/cpu.c | 143 ++
> target-tilegx/cpu.h | 177 ++
> target-tilegx/helper.c | 93 +
> target-tilegx/helper.h | 7 +
> target-tilegx/opcode_tilegx.h | 1406 ++
> target-tilegx/spr_def_64.h | 216 +++
> target-tilegx/translate.c | 3282 +
> 21 files changed, 6453 insertions(+), 6 deletions(-)
> create mode 100644 default-configs/tilegx-linux-user.mak
> create mode 100644 linux-user/tilegx/syscall.h
> create mode 100644 linux-user/tilegx/syscall_nr.h
> create mode 100644 linux-user/tilegx/target_cpu.h
> create mode 100644 linux-user/tilegx/target_signal.h
> create mode 100644 linux-user/tilegx/target_structs.h
> create mode 100644 linux-user/tilegx/termbits.h
> create mode 100644 target-tilegx/Makefile.objs
> create mode 100644 target-tilegx/cpu.c
> create mode 100644 target-tilegx/cpu.h
> create mode 100644 target-tilegx/helper.c
> create mode 100644 target-tilegx/helper.h
> create mode 100644 target-tilegx/opcode_tilegx.h
> create mode 100644 target-tilegx/spr_def_64.h
> create mode 100644 target-tilegx/translate.c
>
> --
> 1.9.3
>
>

--
Chen Gang

Open, share, and attitude like air, water, and life which God blessed
  

[Qemu-devel] [PATCH 00/16] tilegx: Firstly add tilegx target for linux-user

[gchen gchen]

Hello All:

After the implementation, it can let normal tilegx program working (e.g.
sh, vi, cp, mv ...). And the known left issues are:

- At present, it can not pass gcc testsuite (it causes some programs
pending).

- The floating point implementation is not included, since at present,
it is only the temporary implementation.

- There are still some instructions which are not implemented.

Chen Gang (16):
linux-user: tilegx: Firstly add architecture related features
linux-user: Support tilegx architecture in linux-user
linux-user/syscall.c: conditionalize syscalls which are not defined in
tilegx
target-tilegx: Add opcode basic implementation from Tilera Corporation
target-tilegx/opcode_tilegx.h: Modify it to fit QEMU usage
target-tilegx: Add special register information from Tilera
Corporation
target-tilegx: Add cpu basic features for linux-user
target-tilegx: Add several helpers for instructions translation
target-tilegx: Generate tcg instructions to finish "Hello world"
target-tilegx: Add TILE-Gx building files
target-tilegx: Add related feature to support iret instruction
target-tilegx: Implement decode_rrr_8_opcode_y0
target-tilegx: Use int8_t instead of uint8_t for imm8 in gen_st_add()
linux-user: main: Use negative qemu errno for syscall return errno
tilegx: Match with the latest qemu master tree
target-tilegx: Implement additional instructions in normal working
flow

configure | 2 +
default-configs/tilegx-linux-user.mak | 1 +
include/elf.h | 2 +
linux-user/elfload.c | 23 +
linux-user/main.c | 295 +++
linux-user/syscall.c | 50 +-
linux-user/syscall_defs.h | 14 +-
linux-user/tilegx/syscall.h | 40 +
linux-user/tilegx/syscall_nr.h | 324 
linux-user/tilegx/target_cpu.h | 35 +
linux-user/tilegx/target_signal.h | 28 +
linux-user/tilegx/target_structs.h | 46 +
linux-user/tilegx/termbits.h | 274 +++
target-tilegx/Makefile.objs | 1 +
target-tilegx/cpu.c | 143 ++
target-tilegx/cpu.h | 177 ++
target-tilegx/helper.c | 93 +
target-tilegx/helper.h | 7 +
target-tilegx/opcode_tilegx.h | 1406 ++
target-tilegx/spr_def_64.h | 216 +++
target-tilegx/translate.c | 3282 +
21 files changed, 6453 insertions(+), 6 deletions(-)
create mode 100644 default-configs/tilegx-linux-user.mak
create mode 100644 linux-user/tilegx/syscall.h
create mode 100644 linux-user/tilegx/syscall_nr.h
create mode 100644 linux-user/tilegx/target_cpu.h
create mode 100644 linux-user/tilegx/target_signal.h
create mode 100644 linux-user/tilegx/target_structs.h
create mode 100644 linux-user/tilegx/termbits.h
create mode 100644 target-tilegx/Makefile.objs
create mode 100644 target-tilegx/cpu.c
create mode 100644 target-tilegx/cpu.h
create mode 100644 target-tilegx/helper.c
create mode 100644 target-tilegx/helper.h
create mode 100644 target-tilegx/opcode_tilegx.h
create mode 100644 target-tilegx/spr_def_64.h
create mode 100644 target-tilegx/translate.c

--
1.9.3
  

Re: [Qemu-devel] [Bug 1329956] Re: multi-core FreeBSD guest hangs after warm reboot

[John Nielsen]

Yes it is. Not sure what version first fixed it but I know 4.1 works.

> On Aug 20, 2015, at 2:30 AM, Venkateswara Rao Dokku  
> wrote:
> 
> Can you please tell me whether the issue is fixed with the latest
> kernel? If so, what version has the fix?
> 
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1329956
> 
> Title:
>  multi-core FreeBSD guest hangs after warm reboot
> 
> Status in QEMU:
>  Incomplete
> 
> Bug description:
>  On some Linux KVM hosts in our environment, FreeBSD guests fail to
>  reboot properly if they have more than one CPU (socket, core, and/or
>  thread). They will boot fine the first time, but after issuing a
>  "reboot" command via the OS the guest starts to boot but hangs during
>  SMP initialization. Fully shutting down and restarting the guest works
>  in all cases.
> 
>  The only meaningful difference between hosts with the problem and those 
> without is the CPU. Hosts with Xeon E5-26xx v2 processors have the problem, 
> including at least the "Intel(R) Xeon(R) CPU E5-2667 v2" and the "Intel(R) 
> Xeon(R) CPU E5-2650 v2".
>  Hosts with any other CPU, including "Intel(R) Xeon(R) CPU E5-2650 0", 
> "Intel(R) Xeon(R) CPU E5-2620 0", or "AMD Opteron(TM) Processor 6274" do not 
> have the problem. Note the "v2" in the names of the problematic CPUs.
> 
>  On hosts with a "v2" Xeon, I can reproduce the problem under Linux
>  kernel 3.10 or 3.12 and Qemu 1.7.0 or 2.0.0.
> 
>  The problem occurs with all currently-supported versions of FreeBSD,
>  including 8.4, 9.2, 10.0 and 11-CURRENT.
> 
>  On a Linux KVM host with a "v2" Xeon, this command line is adequate to
>  reproduce the problem:
> 
>  /usr/bin/qemu-system-x86_64 -machine accel=kvm -name bsdtest -m 512
>  -smp 2,sockets=1,cores=1,threads=2 -drive
>  file=./20140613_FreeBSD_9.2-RELEASE_ufs.qcow2,if=none,id=drive0,format=qcow2
>  -device virtio-blk-pci,scsi=off,drive=drive0 -vnc 0.0.0.0:0 -net none
> 
>  I have tried many variations including different models of -machine
>  and -cpu for the guest with no visible difference.
> 
>  A native FreeBSD installation on a host with a "v2" Xeon does not have
>  the problem, nor do a paravirtualized FreeBSD guests under bhyve (the
>  BSD legacy-free hypervisor) using the same FreeBSD disk images as on
>  the Linux hosts. So it seems unlikely the cause is on the FreeBSD side
>  of things.
> 
>  I would greatly appreciate any feedback or developer attention to
>  this. I am happy to provide additional details, test patches, etc.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1329956/+subscriptions
>

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1329956

Title:
  multi-core FreeBSD guest hangs after warm reboot

Status in QEMU:
  Incomplete

Bug description:
  On some Linux KVM hosts in our environment, FreeBSD guests fail to
  reboot properly if they have more than one CPU (socket, core, and/or
  thread). They will boot fine the first time, but after issuing a
  "reboot" command via the OS the guest starts to boot but hangs during
  SMP initialization. Fully shutting down and restarting the guest works
  in all cases.

  The only meaningful difference between hosts with the problem and those 
without is the CPU. Hosts with Xeon E5-26xx v2 processors have the problem, 
including at least the "Intel(R) Xeon(R) CPU E5-2667 v2" and the "Intel(R) 
Xeon(R) CPU E5-2650 v2".
  Hosts with any other CPU, including "Intel(R) Xeon(R) CPU E5-2650 0", 
"Intel(R) Xeon(R) CPU E5-2620 0", or "AMD Opteron(TM) Processor 6274" do not 
have the problem. Note the "v2" in the names of the problematic CPUs.

  On hosts with a "v2" Xeon, I can reproduce the problem under Linux
  kernel 3.10 or 3.12 and Qemu 1.7.0 or 2.0.0.

  The problem occurs with all currently-supported versions of FreeBSD,
  including 8.4, 9.2, 10.0 and 11-CURRENT.

  On a Linux KVM host with a "v2" Xeon, this command line is adequate to
  reproduce the problem:

  /usr/bin/qemu-system-x86_64 -machine accel=kvm -name bsdtest -m 512
  -smp 2,sockets=1,cores=1,threads=2 -drive
  file=./20140613_FreeBSD_9.2-RELEASE_ufs.qcow2,if=none,id=drive0,format=qcow2
  -device virtio-blk-pci,scsi=off,drive=drive0 -vnc 0.0.0.0:0 -net none

  I have tried many variations including different models of -machine
  and -cpu for the guest with no visible difference.

  A native FreeBSD installation on a host with a "v2" Xeon does not have
  the problem, nor do a paravirtualized FreeBSD guests under bhyve (the
  BSD legacy-free hypervisor) using the same FreeBSD disk images as on
  the Linux hosts. So it seems unlikely the cause is on the FreeBSD side
  of things.

  I would greatly appreciate any feedback or developer attention to
  this. I am happy to provide additional details, test patches, etc.

To manage notifications about this bug go to:
https:/

[Qemu-devel] [PATCH 06/16 v1] target-tilegx: Add special register information from Tilera Corporation

[Chen Gang]

The related copy is from Linux kernel "arch/tile/include/uapi/arch/
spr_def_64.h".

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
 target-tilegx/spr_def_64.h | 216 +
 1 file changed, 216 insertions(+)
 create mode 100644 target-tilegx/spr_def_64.h

diff --git a/target-tilegx/spr_def_64.h b/target-tilegx/spr_def_64.h
new file mode 100644
index 000..67a6c17
--- /dev/null
+++ b/target-tilegx/spr_def_64.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2011 Tilera Corporation. All Rights Reserved.
+ *
+ *   This program is free software; you can redistribute it and/or
+ *   modify it under the terms of the GNU General Public License
+ *   as published by the Free Software Foundation, version 2.
+ *
+ *   This program is distributed in the hope that it will be useful, but
+ *   WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ *   NON INFRINGEMENT.  See the GNU General Public License for
+ *   more details.
+ */
+
+#ifndef __DOXYGEN__
+
+#ifndef __ARCH_SPR_DEF_64_H__
+#define __ARCH_SPR_DEF_64_H__
+
+#define SPR_AUX_PERF_COUNT_0 0x2105
+#define SPR_AUX_PERF_COUNT_1 0x2106
+#define SPR_AUX_PERF_COUNT_CTL 0x2107
+#define SPR_AUX_PERF_COUNT_STS 0x2108
+#define SPR_CMPEXCH_VALUE 0x2780
+#define SPR_CYCLE 0x2781
+#define SPR_DONE 0x2705
+#define SPR_DSTREAM_PF 0x2706
+#define SPR_EVENT_BEGIN 0x2782
+#define SPR_EVENT_END 0x2783
+#define SPR_EX_CONTEXT_0_0 0x2580
+#define SPR_EX_CONTEXT_0_1 0x2581
+#define SPR_EX_CONTEXT_0_1__PL_SHIFT 0
+#define SPR_EX_CONTEXT_0_1__PL_RMASK 0x3
+#define SPR_EX_CONTEXT_0_1__PL_MASK  0x3
+#define SPR_EX_CONTEXT_0_1__ICS_SHIFT 2
+#define SPR_EX_CONTEXT_0_1__ICS_RMASK 0x1
+#define SPR_EX_CONTEXT_0_1__ICS_MASK  0x4
+#define SPR_EX_CONTEXT_1_0 0x2480
+#define SPR_EX_CONTEXT_1_1 0x2481
+#define SPR_EX_CONTEXT_1_1__PL_SHIFT 0
+#define SPR_EX_CONTEXT_1_1__PL_RMASK 0x3
+#define SPR_EX_CONTEXT_1_1__PL_MASK  0x3
+#define SPR_EX_CONTEXT_1_1__ICS_SHIFT 2
+#define SPR_EX_CONTEXT_1_1__ICS_RMASK 0x1
+#define SPR_EX_CONTEXT_1_1__ICS_MASK  0x4
+#define SPR_EX_CONTEXT_2_0 0x2380
+#define SPR_EX_CONTEXT_2_1 0x2381
+#define SPR_EX_CONTEXT_2_1__PL_SHIFT 0
+#define SPR_EX_CONTEXT_2_1__PL_RMASK 0x3
+#define SPR_EX_CONTEXT_2_1__PL_MASK  0x3
+#define SPR_EX_CONTEXT_2_1__ICS_SHIFT 2
+#define SPR_EX_CONTEXT_2_1__ICS_RMASK 0x1
+#define SPR_EX_CONTEXT_2_1__ICS_MASK  0x4
+#define SPR_FAIL 0x2707
+#define SPR_IDN_AVAIL_EN 0x1a05
+#define SPR_IDN_DATA_AVAIL 0x0a80
+#define SPR_IDN_DEADLOCK_TIMEOUT 0x1806
+#define SPR_IDN_DEMUX_COUNT_0 0x0a05
+#define SPR_IDN_DEMUX_COUNT_1 0x0a06
+#define SPR_IDN_DIRECTION_PROTECT 0x1405
+#define SPR_IDN_PENDING 0x0a08
+#define SPR_ILL_TRANS_REASON__I_STREAM_VA_RMASK 0x1
+#define SPR_INTCTRL_0_STATUS 0x2505
+#define SPR_INTCTRL_1_STATUS 0x2405
+#define SPR_INTCTRL_2_STATUS 0x2305
+#define SPR_INTERRUPT_CRITICAL_SECTION 0x2708
+#define SPR_INTERRUPT_MASK_0 0x2506
+#define SPR_INTERRUPT_MASK_1 0x2406
+#define SPR_INTERRUPT_MASK_2 0x2306
+#define SPR_INTERRUPT_MASK_RESET_0 0x2507
+#define SPR_INTERRUPT_MASK_RESET_1 0x2407
+#define SPR_INTERRUPT_MASK_RESET_2 0x2307
+#define SPR_INTERRUPT_MASK_SET_0 0x2508
+#define SPR_INTERRUPT_MASK_SET_1 0x2408
+#define SPR_INTERRUPT_MASK_SET_2 0x2308
+#define SPR_INTERRUPT_VECTOR_BASE_0 0x2509
+#define SPR_INTERRUPT_VECTOR_BASE_1 0x2409
+#define SPR_INTERRUPT_VECTOR_BASE_2 0x2309
+#define SPR_INTERRUPT_VECTOR_BASE_3 0x2209
+#define SPR_IPI_EVENT_0 0x1f05
+#define SPR_IPI_EVENT_1 0x1e05
+#define SPR_IPI_EVENT_2 0x1d05
+#define SPR_IPI_EVENT_RESET_0 0x1f06
+#define SPR_IPI_EVENT_RESET_1 0x1e06
+#define SPR_IPI_EVENT_RESET_2 0x1d06
+#define SPR_IPI_EVENT_SET_0 0x1f07
+#define SPR_IPI_EVENT_SET_1 0x1e07
+#define SPR_IPI_EVENT_SET_2 0x1d07
+#define SPR_IPI_MASK_0 0x1f08
+#define SPR_IPI_MASK_1 0x1e08
+#define SPR_IPI_MASK_2 0x1d08
+#define SPR_IPI_MASK_RESET_0 0x1f09
+#define SPR_IPI_MASK_RESET_1 0x1e09
+#define SPR_IPI_MASK_RESET_2 0x1d09
+#define SPR_IPI_MASK_SET_0 0x1f0a
+#define SPR_IPI_MASK_SET_1 0x1e0a
+#define SPR_IPI_MASK_SET_2 0x1d0a
+#define SPR_MPL_AUX_PERF_COUNT_SET_0 0x2100
+#define SPR_MPL_AUX_PERF_COUNT_SET_1 0x2101
+#define SPR_MPL_AUX_PERF_COUNT_SET_2 0x2102
+#define SPR_MPL_AUX_TILE_TIMER_SET_0 0x1700
+#define SPR_MPL_AUX_TILE_TIMER_SET_1 0x1701
+#define SPR_MPL_AUX_TILE_TIMER_SET_2 0x1702
+#define SPR_MPL_IDN_ACCESS_SET_0 0x0a00
+#define SPR_MPL_IDN_ACCESS_SET_1 0x0a01
+#define SPR_MPL_IDN_ACCESS_SET_2 0x0a02
+#define SPR_MPL_IDN_AVAIL_SET_0 0x1a00
+#define SPR_MPL_IDN_AVAIL_SET_1 0x1a01
+#define SPR_MPL_IDN_AVAIL_SET_2 0x1a02
+#define SPR_MPL_IDN_COMPLETE_SET_0 0x0500
+#define SPR_MPL_IDN_COMPLETE_SET_1 0x0501
+#define SPR_MPL_IDN_COMPLETE_SET_2 0x0502
+#define SPR_MPL_IDN_FIREWALL_SET_0 0x1400
+#define SPR_MPL_IDN_FIREWALL_SET_1 0x1401
+#define SPR_MPL_IDN_FIREWALL_SET_2 0x1402
+#define SPR_MPL_IDN_TIMER_SET_0 0x1800
+#define SPR_MPL_IDN_TIMER_SET_1 0x1801
+#define SPR_MPL_IDN_TIMER_SET_2 0x1802
+#define SPR

Re: [Qemu-devel] [PATCH v2 0/3] SysFS driver for QEMU fw_cfg device

[Gabriel L. Somlo]

Hi Ard,

On Wed, Aug 19, 2015 at 11:42:02AM +0200, Ard Biesheuvel wrote:
> (missed some cc's)
> 
> On 19 August 2015 at 11:38, Ard Biesheuvel  wrote:
> > From: "Gabriel L. Somlo" 
> >> Several different architectures supported by QEMU are set up with a
> >> "firmware configuration" (fw_cfg) device, used to pass configuration
> >> "blobs" into the guest by the host running QEMU.
> >>
> >> Historically, these config blobs were mostly of interest to the guest
> >> BIOS, but since QEMU v2.4 it is possible to insert arbitrary blobs via
> >> the command line, which makes them potentially interesting to userspace
> >> (e.g. for passing early boot environment variables, etc.).
> >>
> >
> > Does 'potentially interesting' mean you have a use case? Could you 
> > elaborate?

My personal one would be something like:

cat > guestinfo.txt << EOT
  KEY1="val1"
  KEY2="val2"
  ...
EOT

qemu-system-x86_64 ... -fw-cfg name="opt/guestinfo",file=./guestinfo.txt ...

Then, from inside the guest:

  . /sys/firmware/qemu_fw_cfg/by_name/opt/guestinfo/raw

  do_something_with $KEY1 $KEY2
  ...

But I'm thinking this is only one of the many positive things one
could do with the ability to access random host-supplied blobs from
guest userspace :)

> >>   1/3 - probes for the qemu fw_cfg device in locations known to work on
> >>   the supported architectures, in decreasing order of "likelihood".
> >>
> >>   While it *may* be possible to detect the presence of fw_cfg via
> >>   acpi or dtb (on x86 and arm, respectively), there's no way I know
> >>   of attempting that on sun4 and ppc/mac, so I've stuck with simply
> >>   probing (the fw_cfg_modes[] structure and fw_cfg_io_probe() function)
> >>   in fw_cfg.c. I could use some advice on how else that could be
> >>   done more elegantly, if needed.
> >>
> >
> > Sorry, but this is really out of the question, at least on ARM, but surely 
> > on
> > other architectures as well. You can't just go around and probe random 
> > memory
> > addresses. Perhaps QEMU tolerates it, but on anything that resembles a real
> > system, this will immediately blow up. Also, what happens if the QEMU memory
> > map changes? Add more probes addresses?
> >
> > It is not /that/ difficult to simply wire it up to the DT and ACPI
> > infrastructures, there are plenty of examples in the kernel tree how to
> > accomplish that. As a bonus, it removes all the arch specific knowledge
> > from your code, which means that if QEMU grows support for another DT or
> > ACPI based architecture, it will just work.

I was *hoping* a successful call to request_[mem_]region() will be
enough in the way of asking for permission before probing for the
fw_cfg registers, but I realize that might still not be polite enough :)

DT on ARM is fine, and I'm certainly happy to learn how to do it (even
though my main focus is, for now, x86). The unfortunate thing though
is that on x86, fw_cfg is *not* AFAICT in ACPI, so I'd have to detour into
first adding it in on the host side, before I can rewrite the guest side
driver to look it up in there :)

> > I am not sure how relevant sun4 and ppc/mac are for what you are trying to
> > accomplish, but perhaps it would be best to focus on x86 and ARM for now
> > and do it correctly. If the probing is actually needed, you can always add
> > it later.

I guess that's the direction things seem to be headed, although it would
make me a bit sad to leave out sun and ppc right from the very beginning :) 


Thanks,
--Gabriel

PS. If you have one .c file in the kernel which does any of the DT-on-arm
boilerplate I'm supposed to immitate, I'd appreciate the shortcut :)

PS2. Do you happen to be in Seattle right now ? :)

[Qemu-devel] [PATCH 01/16 v1] linux-user: tilegx: Firstly add architecture related features

[Chen Gang]

They are based on Linux kernel tilegx architecture for 64 bit binary,
and also based on tilegx ABI reference document, and also reference from
other targets implementations.

Signed-off-by: Chen Gang 
Reviewed-by: Peter Maydell 
---
 linux-user/tilegx/syscall.h|  40 +
 linux-user/tilegx/syscall_nr.h | 324 +
 linux-user/tilegx/target_cpu.h |  35 
 linux-user/tilegx/target_signal.h  |  28 
 linux-user/tilegx/target_structs.h |  46 ++
 linux-user/tilegx/termbits.h   | 274 +++
 6 files changed, 747 insertions(+)
 create mode 100644 linux-user/tilegx/syscall.h
 create mode 100644 linux-user/tilegx/syscall_nr.h
 create mode 100644 linux-user/tilegx/target_cpu.h
 create mode 100644 linux-user/tilegx/target_signal.h
 create mode 100644 linux-user/tilegx/target_structs.h
 create mode 100644 linux-user/tilegx/termbits.h

diff --git a/linux-user/tilegx/syscall.h b/linux-user/tilegx/syscall.h
new file mode 100644
index 000..653ece1
--- /dev/null
+++ b/linux-user/tilegx/syscall.h
@@ -0,0 +1,40 @@
+#ifndef TILEGX_SYSCALLS_H
+#define TILEGX_SYSCALLS_H
+
+#define UNAME_MACHINE "tilegx"
+#define UNAME_MINIMUM_RELEASE "3.19"
+
+#define MMAP_SHIFT TARGET_PAGE_BITS
+
+#define TILEGX_IS_ERRNO(ret) \
+   ((ret) > 0xf000ULL) /* errno is 0 -- 4096 */
+
+typedef uint64_t tilegx_reg_t;
+
+struct target_pt_regs {
+
+union {
+/* Saved main processor registers; 56..63 are special. */
+tilegx_reg_t regs[56];
+struct {
+tilegx_reg_t __regs[53];
+tilegx_reg_t tp;/* aliases regs[TREG_TP] */
+tilegx_reg_t sp;/* aliases regs[TREG_SP] */
+tilegx_reg_t lr;/* aliases regs[TREG_LR] */
+};
+};
+
+/* Saved special registers. */
+tilegx_reg_t pc;/* stored in EX_CONTEXT_K_0 */
+tilegx_reg_t ex1;   /* stored in EX_CONTEXT_K_1 (PL and ICS bit) */
+tilegx_reg_t faultnum;  /* fault number (INT_SWINT_1 for syscall) */
+tilegx_reg_t orig_r0;   /* r0 at syscall entry, else zero */
+tilegx_reg_t flags; /* flags (see below) */
+tilegx_reg_t cmpexch;   /* value of CMPEXCH_VALUE SPR at interrupt */
+tilegx_reg_t pad[2];
+};
+
+#define TARGET_MLOCKALL_MCL_CURRENT 1
+#define TARGET_MLOCKALL_MCL_FUTURE  2
+
+#endif
diff --git a/linux-user/tilegx/syscall_nr.h b/linux-user/tilegx/syscall_nr.h
new file mode 100644
index 000..1dca348
--- /dev/null
+++ b/linux-user/tilegx/syscall_nr.h
@@ -0,0 +1,324 @@
+#ifndef TILEGX_SYSCALL_NR
+#define TILEGX_SYSCALL_NR
+
+/*
+ * Copy from linux kernel asm-generic/unistd.h, which tilegx uses.
+ */
+#define TARGET_NR_io_setup  0
+#define TARGET_NR_io_destroy1
+#define TARGET_NR_io_submit 2
+#define TARGET_NR_io_cancel 3
+#define TARGET_NR_io_getevents  4
+#define TARGET_NR_setxattr  5
+#define TARGET_NR_lsetxattr 6
+#define TARGET_NR_fsetxattr 7
+#define TARGET_NR_getxattr  8
+#define TARGET_NR_lgetxattr 9
+#define TARGET_NR_fgetxattr 10
+#define TARGET_NR_listxattr 11
+#define TARGET_NR_llistxattr12
+#define TARGET_NR_flistxattr13
+#define TARGET_NR_removexattr   14
+#define TARGET_NR_lremovexattr  15
+#define TARGET_NR_fremovexattr  16
+#define TARGET_NR_getcwd17
+#define TARGET_NR_lookup_dcookie18
+#define TARGET_NR_eventfd2  19
+#define TARGET_NR_epoll_create1 20
+#define TARGET_NR_epoll_ctl 21
+#define TARGET_NR_epoll_pwait   22
+#define TARGET_NR_dup   23
+#define TARGET_NR_dup3  24
+#define TARGET_NR_fcntl 25
+#define TARGET_NR_inotify_init1 26
+#define TARGET_NR_inotify_add_watch 27
+#define TARGET_NR_inotify_rm_watch  28
+#define TARGET_NR_ioctl 29
+#define TARGET_NR_ioprio_set30
+#define TARGET_NR_ioprio_get31
+#define TARGET_NR_flock 32
+#define TARGET_NR_mknodat   33
+#define TARGET_NR_mkdirat   34
+#define TARGET_NR_unlinkat  35
+#define TARGET_NR_symlinkat 36
+#define TARGET_NR_linkat37
+#define TARGET_NR_renameat  38
+#define TARGET_NR_umount2   39
+#define TARGET_NR_mount 40
+#define TARGET_NR_pivot_root41
+#define TARGET_NR_nfsservctl42
+#define TARGET_NR_statfs 

[Qemu-devel] [PATCH RFC 4/5] qapi: Simplify visits of optional fields

[Eric Blake]

None of the visitor callbacks would set an error when testing
if an optional field was present; make this part of the interface
contract by eliminating the errp argument.  Then, for less code,
reflect the determined boolean value back to the caller instead
of making the caller read the boolean after the fact.

The resulting generated code has a nice diff:

|-visit_optional(v, &has_fdset_id, "fdset-id", &err);
|-if (err) {
|-goto out;
|-}
|-if (has_fdset_id) {
|+if (visit_optional(v, &has_fdset_id, "fdset-id")) {
| visit_type_int(v, &fdset_id, "fdset-id", &err);
| if (err) {
| goto out;
| }
| }

Signed-off-by: Eric Blake 
---
 include/qapi/visitor-impl.h | 3 +--
 include/qapi/visitor.h  | 5 ++---
 qapi/opts-visitor.c | 2 +-
 qapi/qapi-visit-core.c  | 6 +++---
 qapi/qmp-input-visitor.c| 3 +--
 qapi/string-input-visitor.c | 3 +--
 scripts/qapi.py | 9 ++---
 7 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 7e8f728..6feb654 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -69,8 +69,7 @@ struct Visitor
  Error **errp);

 /* May be NULL; most useful for input visitors. */
-void (*optional)(Visitor *v, bool *present, const char *name,
- Error **errp);
+void (*optional)(Visitor *v, bool *present, const char *name);

 /* Only required to visit uint64 differently than (*type_int)().  */
 void (*type_uint64)(Visitor *v, uint64_t *obj, const char *name,
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index cd1431a..ef1105b 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -118,10 +118,9 @@ void visit_end_list(Visitor *v, Error **errp);
  * Check if an optional member @name of a QDict needs visiting.
  * For input visitors, set *@present according to whether the
  * corresponding visit_type_*() needs calling; for other visitors,
- * leave *@present unchanged.
+ * leave *@present unchanged.  Return *@present for convenience.
  */
-void visit_optional(Visitor *v, bool *present, const char *name,
-Error **errp);
+bool visit_optional(Visitor *v, bool *present, const char *name);

 /**
  * Determine the qtype of the item @name in the current QDict visit.
diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
index 7ae33b3..b2cd5b3 100644
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -488,7 +488,7 @@ opts_type_size(Visitor *v, uint64_t *obj, const char *name, 
Error **errp)


 static void
-opts_optional(Visitor *v, bool *present, const char *name, Error **errp)
+opts_optional(Visitor *v, bool *present, const char *name)
 {
 OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);

diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index 9cd17f8..d885347 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -62,12 +62,12 @@ void visit_end_list(Visitor *v, Error **errp)
 v->end_list(v, errp);
 }

-void visit_optional(Visitor *v, bool *present, const char *name,
-Error **errp)
+bool visit_optional(Visitor *v, bool *present, const char *name)
 {
 if (v->optional) {
-v->optional(v, present, name, errp);
+v->optional(v, present, name);
 }
+return *present;
 }

 void visit_get_next_type(Visitor *v, qtype_code *type, bool promote_int,
diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index 5310db5..f714dfc 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -300,8 +300,7 @@ static void qmp_input_type_any(Visitor *v, QObject **obj, 
const char *name,
 *obj = qobj;
 }

-static void qmp_input_optional(Visitor *v, bool *present, const char *name,
-   Error **errp)
+static void qmp_input_optional(Visitor *v, bool *present, const char *name)
 {
 QmpInputVisitor *qiv = to_qiv(v);
 QObject *qobj = qmp_input_get_object(qiv, name, true);
diff --git a/qapi/string-input-visitor.c b/qapi/string-input-visitor.c
index bbd6a54..dee780a 100644
--- a/qapi/string-input-visitor.c
+++ b/qapi/string-input-visitor.c
@@ -299,8 +299,7 @@ static void parse_type_number(Visitor *v, double *obj, 
const char *name,
 *obj = val;
 }

-static void parse_optional(Visitor *v, bool *present, const char *name,
-   Error **errp)
+static void parse_optional(Visitor *v, bool *present, const char *name)
 {
 StringInputVisitor *siv = DO_UPCAST(StringInputVisitor, visitor, v);

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 063d299..9af310f 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -1475,15 +1475,10 @@ def gen_visit_fields(members, prefix, errarg):
 for memb in members:
 if memb.optional:
 ret += mcgen('''
-visit_optional(v, &%(prefix)shas_%(c_name)s, "%(name)s", %(errp)s);
+if (visit_optional(v, &%(prefix)shas_%(c_name)s, "%(n

Re: [Qemu-devel] [PATCH v5 4/4] sPAPR: Support RTAS call ibm, errinjct

[Gavin Shan]

On Wed, Aug 19, 2015 at 08:48:20AM -0700, Thomas Huth wrote:
>On 18/08/15 17:26, Gavin Shan wrote:
>> On Tue, Aug 18, 2015 at 11:04:59AM -0700, Thomas Huth wrote:
>>> On 17/08/15 18:47, Gavin Shan wrote:
 The patch supports RTAS call "ibm,errinjct" to allow injecting
 EEH errors to VFIO PCI devices. The implementation is similiar
 to EEH support for VFIO PCI devices: The RTAS request is captured
 by QEMU and routed to sPAPRPHBClass::eeh_inject_error() where the
 request is translated to VFIO container IOCTL command to be handled
 by the host.

 Signed-off-by: Gavin Shan 
 ---
  hw/ppc/spapr_pci.c  | 36 +
  hw/ppc/spapr_pci_vfio.c | 56 +
  hw/ppc/spapr_rtas.c | 77 
 +
  include/hw/pci-host/spapr.h |  2 ++
  include/hw/ppc/spapr.h  |  9 +-
  5 files changed, 179 insertions(+), 1 deletion(-)

 diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
 index 9d41060..f6223ce 100644
 --- a/hw/ppc/spapr_pci.c
 +++ b/hw/ppc/spapr_pci.c
 @@ -682,6 +682,42 @@ param_error_exit:
  rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
  }
  
 +int spapr_rtas_errinjct_ioa(sPAPRMachineState *spapr,
 +target_ulong param_buf,
 +bool is_64bits)
 +{
 +sPAPRPHBState *sphb;
 +sPAPRPHBClass *spc;
 +uint64_t buid, addr, mask;
 +uint32_t func;
 +
 +if (is_64bits) {
 +addr = ((uint64_t)rtas_ld(param_buf, 0) << 32) | 
 rtas_ld(param_buf, 1);
 +mask = ((uint64_t)rtas_ld(param_buf, 2) << 32) | 
 rtas_ld(param_buf, 3);
 +buid = ((uint64_t)rtas_ld(param_buf, 5) << 32) | 
 rtas_ld(param_buf, 6);
>>>
>>> You might want to consider to introduce a helper function (e.g
>>> "ras_ld64"?) that loads the two 32 bit values and combines them.
>>>
>> 
>> In v1, I had rtas_ldq() for 64-bits values. David suggested to drop that and
>> use rtas_ld() directly. I agree with David that we don't have to maintain
>> another function, which is rarely used.
>
>There are also other spots in the code that load a 64-bit value that
>way, so they could be reworked, too...
>Anyway, if you and David don't like this idea, simply never mind, it's
>not that important.
>

Ok. I'll pick rtas_ldq() that was dropped in v2 in separate patch and try
to replace rtas_ld() with the new function.

 +func = rtas_ld(param_buf, 7);
 +} else {
 +addr = rtas_ld(param_buf, 0);
 +mask = rtas_ld(param_buf, 1);
 +buid = ((uint64_t)rtas_ld(param_buf, 3) << 32) | 
 rtas_ld(param_buf, 4);
 +func = rtas_ld(param_buf, 5);
 +}
 +
 +/* Find PHB */
 +sphb = spapr_pci_find_phb(spapr, buid);
 +if (!sphb) {
 +return RTAS_OUT_PARAM_ERROR;
 +}
 +
 +spc = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
 +if (!spc->eeh_inject_error) {
 +return RTAS_OUT_PARAM_ERROR;
 +}
 +
 +/* Handle the request */
 +return spc->eeh_inject_error(sphb, func, addr, mask, is_64bits);
 +}
 +
  static int pci_spapr_swizzle(int slot, int pin)
  {
  return (slot + pin) % PCI_NUM_PINS;
 diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
 index cca45ed..a3674ee 100644
 --- a/hw/ppc/spapr_pci_vfio.c
 +++ b/hw/ppc/spapr_pci_vfio.c
 @@ -17,6 +17,8 @@
   *  along with this program; if not, see .
   */
  
 +#include 
>>>
>>> This does not work when building on non-powerpc systems. I think you
>>> have to use something like this instead:
>>>
>>> #include "asm-powerpc/eeh.h"
>>>
>> 
>> The question is how hw/ppc/spapr_pci_vfio.c is built on non-powerpc systems? 
>> If
>> some one tries to build this source file for non-powerpc systems, it will 
>> throw
>> error and force users to check, which isn't bad actually.
>
>Simply try to compile qemu-softmmu-pp64 on your x86 laptop (with TCG)!
>The spapr_pci_vfio.c file is also compiled there, and if you use
>"", you break the build!
>

Yes, Thanks for the details!

  #include "hw/ppc/spapr.h"
  #include "hw/pci-host/spapr.h"
  #include "hw/pci/msix.h"
 @@ -250,6 +252,59 @@ static int spapr_phb_vfio_eeh_configure(sPAPRPHBState 
 *sphb)
  return RTAS_OUT_SUCCESS;
  }
  
 +static int spapr_phb_vfio_eeh_inject_error(sPAPRPHBState *sphb,
 +   uint32_t func, uint64_t addr,
 +   uint64_t mask, bool is_64bits)
 +{
 +sPAPRPHBVFIOState *svphb = SPAPR_PCI_VFIO_HOST_BRIDGE(sphb);
 +struct vfio_eeh_pe_op op = {
 +.op = VFIO_EEH_PE_INJECT_ERR,
 +.argsz = sizeof(op)
 +};
 +int 

Re: [Qemu-devel] [PATCH 13/25] audio: add audiodev properties to frontends

[Marc-André Lureau]

looks good,

Reviewed-by: Marc-André Lureau 


On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> Finally add audiodev= options to audio frontends so users can specify
> which backend to use when multiple backends exist.  Not specifying an
> audiodev= option currently causes the first audiodev to be used, this is
> fixed in the next commit.
>
> Example usage: -audiodev pa,id=foo -device AC97,audiodev=foo
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  audio/audio.h|  3 +++
>  hw/audio/ac97.c  |  1 +
>  hw/audio/adlib.c |  1 +
>  hw/audio/cs4231a.c   |  1 +
>  hw/audio/es1370.c|  7 -
>  hw/audio/gus.c   |  1 +
>  hw/audio/hda-codec.c |  1 +
>  hw/audio/milkymist-ac97.c|  6 +
>  hw/audio/pcspk.c |  1 +
>  hw/audio/pl041.c |  1 +
>  hw/audio/sb16.c  |  1 +
>  hw/audio/wm8750.c|  6 +
>  hw/core/qdev-properties-system.c | 57 
> 
>  hw/usb/dev-audio.c   |  1 +
>  include/hw/qdev-properties.h |  3 +++
>  15 files changed, 90 insertions(+), 1 deletion(-)
>
> diff --git a/audio/audio.h b/audio/audio.h
> index 0085a07..68545b6 100644
> --- a/audio/audio.h
> +++ b/audio/audio.h
> @@ -177,4 +177,7 @@ void audio_legacy_help(void);
>  AudioState *audio_state_by_name(const char *name);
>  const char *audio_get_id(QEMUSoundCard *card);
>
> +#define DEFINE_AUDIO_PROPERTIES(_s, _f) \
> +DEFINE_PROP_AUDIODEV("audiodev", _s, _f)
> +
>  #endif  /* audio.h */
> diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
> index fa75f33..a835cb6 100644
> --- a/hw/audio/ac97.c
> +++ b/hw/audio/ac97.c
> @@ -1393,6 +1393,7 @@ static int ac97_init (PCIBus *bus)
>  }
>
>  static Property ac97_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(AC97LinkState, card),
>  DEFINE_PROP_UINT32 ("use_broken_id", AC97LinkState, use_broken_id, 0),
>  DEFINE_PROP_END_OF_LIST (),
>  };
> diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
> index f8f0f55..58de8b0 100644
> --- a/hw/audio/adlib.c
> +++ b/hw/audio/adlib.c
> @@ -352,6 +352,7 @@ static void adlib_realizefn (DeviceState *dev, Error 
> **errp)
>  }
>
>  static Property adlib_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(AdlibState, card),
>  DEFINE_PROP_UINT32 ("iobase",  AdlibState, port, 0x220),
>  DEFINE_PROP_UINT32 ("freq",AdlibState, freq,  44100),
>  DEFINE_PROP_END_OF_LIST (),
> diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
> index 626a173..43a1a39 100644
> --- a/hw/audio/cs4231a.c
> +++ b/hw/audio/cs4231a.c
> @@ -672,6 +672,7 @@ static int cs4231a_init (ISABus *bus)
>  }
>
>  static Property cs4231a_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(CSState, card),
>  DEFINE_PROP_UINT32 ("iobase",  CSState, port, 0x534),
>  DEFINE_PROP_UINT32 ("irq", CSState, irq,  9),
>  DEFINE_PROP_UINT32 ("dma", CSState, dma,  3),
> diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
> index f6e74cb..fe6110d 100644
> --- a/hw/audio/es1370.c
> +++ b/hw/audio/es1370.c
> @@ -1047,6 +1047,11 @@ static int es1370_init (PCIBus *bus)
>  return 0;
>  }
>
> +static Property es1370_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(ES1370State, card),
> +DEFINE_PROP_END_OF_LIST(),
> +};
> +
>  static void es1370_class_init (ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS (klass);
> @@ -1061,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void 
> *data)
>  set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
>  dc->desc = "ENSONIQ AudioPCI ES1370";
>  dc->vmsd = &vmstate_es1370;
> +dc->props = es1370_properties;
>  }
>
>  static const TypeInfo es1370_info = {
> @@ -1077,4 +1083,3 @@ static void es1370_register_types (void)
>  }
>
>  type_init (es1370_register_types)
> -
> diff --git a/hw/audio/gus.c b/hw/audio/gus.c
> index 6107824..ee08d50 100644
> --- a/hw/audio/gus.c
> +++ b/hw/audio/gus.c
> @@ -284,6 +284,7 @@ static int GUS_init (ISABus *bus)
>  }
>
>  static Property gus_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(GUSState, card),
>  DEFINE_PROP_UINT32 ("freq",GUSState, freq,44100),
>  DEFINE_PROP_UINT32 ("iobase",  GUSState, port,0x240),
>  DEFINE_PROP_UINT32 ("irq", GUSState, emu.gusirq,  7),
> diff --git a/hw/audio/hda-codec.c b/hw/audio/hda-codec.c
> index 8693b7a..dba3331 100644
> --- a/hw/audio/hda-codec.c
> +++ b/hw/audio/hda-codec.c
> @@ -613,6 +613,7 @@ static const VMStateDescription vmstate_hda_audio = {
>  };
>
>  static Property hda_audio_properties[] = {
> +DEFINE_AUDIO_PROPERTIES(HDAAudioState, card),
>  DEFINE_PROP_UINT32("debug", HDAAudioState, debug,   0),
>  DEFINE_PROP_BOOL("mixer", HDAAudioState, mixer,  true),
>  DEFINE_PROP_END_OF_LIST(),
> diff --git a/hw/audio/milkymist-ac97.c b/hw/audio/milkymist-ac97.c
> index 15169e2..b63fd6f 100644
> --- a/hw/audio/milkymist-ac97.c
> ++

Re: [Qemu-devel] [PATCH] target-s390x: Mask the SIGP order_code to 8bit.

[Thomas Huth]

On 18/08/15 04:50, Philipp Kern wrote:
> According to "CPU Signaling and Response", "Signal-Processor Orders",
> the order field is bit position 56-63. Without this, the Linux
> guest kernel is sometimes unable to stop emulation and enters
> an infinite loop of "XXX unknown sigp: 0x0005".
> 
> Signed-off-by: Philipp Kern 
> ---
>  target-s390x/misc_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
> index 8eac0e1..0f0907c 100644
> --- a/target-s390x/misc_helper.c
> +++ b/target-s390x/misc_helper.c
> @@ -500,7 +500,7 @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t 
> order_code, uint32_t r1,
>  /* Remember: Use "R1 or R1 + 1, whichever is the odd-numbered register"
> as parameter (input). Status (output) is always R1. */
>  
> -switch (order_code) {
> +switch (order_code & 0xff) {
>  case SIGP_SET_ARCH:
>  /* switch arch */
>  break;

Reviewed-by: Thomas Huth 

(by the way, please make sure to copy the maintainers on CC: or your
patch might get lost in the high traffic of qemu-devel mailing list)

Re: [Qemu-devel] [PATCH] hw/arm/virt-acpi-build: drop _ADR entry from SPCR

[Andrew Jones]

On Thu, Aug 20, 2015 at 12:21:31PM +0100, Leif Lindholm wrote:
> On Thu, Aug 20, 2015 at 07:09:57PM +0800, Shannon Zhao wrote:
> > >>>Could somebody who understands ACPI and the ramifications
> > >>>here let me know if I should apply this patch, please?
> > >>>(since we're now post-2.4)
> > >>
> > >>I presume my opinion is clear, but I'm cc:ing some of the Linaro ACPI
> > >>team.
> > >>
> > >>Graeme, Al - the patch in question is:
> > >>https://www.mail-archive.com/qemu-devel%40nongnu.org/msg314356.html
> > >>
> > >Using _ADR for a non enumerable bus is undefined behaviour in the ACPI
> > >specification.
> > >
> > >How it is used in Redhats SPCR patch is IMO wrong becuase there is no
> > >guarantee that _ADR will be defined for any MMIO device in DSDT.
> > >
> > >I believe QEMU should not follow this just to make a non upstreamed
> > >Redhat patch work.

Well, it's a shame that the kernel patch that used ADR was committed to
Red Hat's and Linaro's trees before it had been thought through
completely, but it was. 

> > >
> > Yeah, but when will the right kernel patch be upstreamed? Do you
> > have a plan for upstreaming it? Or it's on the list already?
> 
> It's on my way too long to-do list, but I'll need to send it out in
> whatever state as an RFC this week anyway.
> 
> > As said before, we can apply this patch after the kernel patch upstreamed.
> 
> Meanwhile, it would be very bad if this becomes a de-facto standard,
> using QEMU as a vector to (needlessly) change specifications through
> the back door.

If I understand correctly, then the concern is that vendors, ones which
use QEMU code as their specification, will start building ACPI tables
with ADR unnecessarily populated in the console uart's device table.
Actually, some vendors must have already been doing that, otherwise the
out-of-tree patches in RH's and Linaro's trees wouldn't have worked on
bare-metal. So, what is the problem with them doing it? Just wrong
because it's pointless?

If I'm right about the concerns, then I don't see why we should rush
this QEMU change. Also, it would be much easier to apologize to the guest
kernels that the change will break, if we can point at an upstream patch
that they need to backport. I.e. I still vote that we wait for the kernel
patch to get upstream first.

I'll also reiterate the obvious fact that the kernel can switch to CRS
whenever it likes. That'll work just fine with or without QEMU taking
this change.

Thanks,
drew

[Qemu-devel] [PATCH 08/16 v1] target-tilegx: Add several helpers for instructions translation

[Chen Gang]

The related instructions are exception, cntlz, cnttz, shufflebytes, and
add_saturate.

Signed-off-by: Chen Gang 
---
 target-tilegx/helper.c | 83 ++
 target-tilegx/helper.h |  5 +++
 2 files changed, 88 insertions(+)
 create mode 100644 target-tilegx/helper.c
 create mode 100644 target-tilegx/helper.h

diff --git a/target-tilegx/helper.c b/target-tilegx/helper.c
new file mode 100644
index 000..5ab41cd
--- /dev/null
+++ b/target-tilegx/helper.c
@@ -0,0 +1,83 @@
+/*
+ * QEMU TILE-Gx helpers
+ *
+ *  Copyright (c) 2015 Chen Gang
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "cpu.h"
+#include "qemu-common.h"
+#include "exec/helper-proto.h"
+
+#define SIGNBIT32 0x8000
+
+int64_t helper_add_saturate(CPUTLGState *env, uint64_t rsrc, uint64_t rsrcb)
+{
+uint32_t rdst = rsrc + rsrcb;
+
+if (((rdst ^ rsrc) & SIGNBIT32) && !((rsrc ^ rsrcb) & SIGNBIT32)) {
+rdst = ~(((int32_t)rsrc >> 31) ^ SIGNBIT32);
+}
+
+return (int64_t)rdst;
+}
+
+void helper_exception(CPUTLGState *env, uint32_t excp)
+{
+CPUState *cs = CPU(tilegx_env_get_cpu(env));
+
+cs->exception_index = excp;
+cpu_loop_exit(cs);
+}
+
+uint64_t helper_cntlz(uint64_t arg)
+{
+return clz64(arg);
+}
+
+uint64_t helper_cnttz(uint64_t arg)
+{
+return ctz64(arg);
+}
+
+/*
+ * Functional Description
+ * uint64_t a = rf[SrcA];
+ * uint64_t b = rf[SrcB];
+ * uint64_t d = rf[Dest];
+ * uint64_t output = 0;
+ * unsigned int counter;
+ * for (counter = 0; counter < (WORD_SIZE / BYTE_SIZE); counter++)
+ * {
+ * int sel = getByte (b, counter) & 0xf;
+ * uint8_t byte = (sel < 8) ? getByte (d, sel) : getByte (a, (sel - 
8));
+ * output = setByte (output, counter, byte);
+ * }
+ * rf[Dest] = output;
+ */
+uint64_t helper_shufflebytes(uint64_t rdst, uint64_t rsrc, uint64_t rsrcb)
+{
+uint64_t vdst = 0;
+int count;
+
+for (count = 0; count < 64; count += 8) {
+uint64_t sel = rsrcb >> count;
+uint64_t src = (sel & 8) ? rsrc : rdst;
+vdst |= ((src >> ((sel & 7) * 8)) & 0xff) << count;
+}
+
+return vdst;
+}
diff --git a/target-tilegx/helper.h b/target-tilegx/helper.h
new file mode 100644
index 000..1411c19
--- /dev/null
+++ b/target-tilegx/helper.h
@@ -0,0 +1,5 @@
+DEF_HELPER_2(exception, noreturn, env, i32)
+DEF_HELPER_FLAGS_1(cntlz, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_1(cnttz, TCG_CALL_NO_RWG_SE, i64, i64)
+DEF_HELPER_FLAGS_3(shufflebytes, TCG_CALL_NO_RWG_SE, i64, i64, i64, i64)
+DEF_HELPER_3(add_saturate, s64, env, i64, i64)
-- 
1.9.3

Re: [Qemu-devel] [PATCH 0/5] audio: multi channel audio support

[Gerd Hoffmann]

  Hi,

> Currently you have to specify the number of channels you want to use
> when creating the usb-audio device, see the last commit for details.
> To do this I currently dynamically allocate the whole USBDesc structure,
> which looks ugly.  If there's a better way, please let me know!

You can have multiple USBDesc stuctures defined and pick one at device
initialization time (see hw/usb/dev-hid.c, there are usb 1.1 and usb 2.0
versions of all hid devices).

For usb-audio I think we need two: the current one (stereo) and a new
one with stereo + 5.1 and 7.1 support.  Then for the new one have 4
alternative interface configurations (off, stereo, 5.1, 7.1) instead of
only two (off, stereo).  Or possibly we need 3 interfaces (stereo, 5.1,
7.1) with on and off alternatives for each of them.  Didn't check
usb-audio spec.

cheers,
  Gerd

Re: [Qemu-devel] [kvm-s390] qemu-system-s390x: cannot use stdio by multiple character devices

[Alexander Graf]

On 20.08.15 01:20, tu bo wrote:
> Hi Alex:
> 
> Ping you again just in case you did not get my mail  :-)
> 
> On 08/13/2015 03:52 PM, tu bo wrote:
>> Hi Alex:
>>
>> I added one disk device for test case 068(qemu/tests/qemu-iotests/068,
>> which is for for loading a saved VM state from a qcow2 image ),
>> and got the same problem for s390-virtio-ccw.  Below is my steps:
>> 1. qemu-img create -f qcow2 scratch/t.qcow2 64M
>> 2. [root@r17lp42 qemu-iotests]# ../../s390x-softmmu/qemu-system-s390x
>> -nodefaults -nographic -monitor stdio -serial none  -hda scratch/t.qcow2
>> QEMU 2.3.94 monitor - type 'help' for more information
>> (qemu) [root@r17lp42 qemu-iotests]#
>>
>> For s390-virtio,  test result is as expected
>> 1. qemu-img create -f qcow2 scratch/t.qcow2 64M
>> 2. [root@r17lp42 qemu-iotests]# qemu-system-s390x -nodefaults
>> -nographic -monitor stdio -serial none  -hda scratch/t.qcow2
>> QEMU 2.3.50 monitor - type 'help' for more information
>> (qemu) info roms
>> addr=9000 size=0x000ce8 mem=ram
>> name="/usr/share/qemu/s390-zipl.rom"
>> (qemu) savevm 0
>> (qemu)
>> (qemu) quit
>> 3.[root@r17lp42 qemu-iotests]# qemu-system-s390x -nodefaults
>> -nographic -monitor stdio -serial none  -hda scratch/t.qcow2 -loadvm 0
>> QEMU 2.3.50 monitor - type 'help' for more information
>> (qemu)
>>
>> For x86-64, test result is as expected,
>> 1. [gavin@oc646435 qemu-iotests]$ qemu-img create -f qcow2
>> scratch/t.qcow2 64M
>> 2. [gavin@oc646435 qemu-iotests]$
>> ../../x86_64-softmmu/qemu-system-x86_64 -nodefaults -nographic
>> -monitor stdio -serial none  -hda scratch/t.qcow2
>> QEMU 2.3.94 monitor - type 'help' for more information
>> (qemu) info roms
>> fw=genroms/kvmvapic.bin size=0x002400 name="kvmvapic.bin"
>> addr=fffc size=0x04 mem=rom name="bios-256k.bin"
>> /rom@etc/acpi/tables size=0x20 name="etc/acpi/tables"
>> /rom@etc/table-loader size=0x001000 name="etc/table-loader"
>> /rom@etc/acpi/rsdp size=0x24 name="etc/acpi/rsdp"
>> (qemu) savevm 0
>> (qemu)
>> 3. [gavin@oc646435 qemu-iotests]$
>> ../../x86_64-softmmu/qemu-system-x86_64 -nodefaults -nographic
>> -monitor stdio -serial none  -hda scratch/t.qcow2 -loadvm 0
>> QEMU 2.3.94 monitor - type 'help' for more information
>> (qemu)
>>
>> Could you share me why s390-virtio-ccw has different behavior with
>> s390-virtio & x86_64 for this scenario?  thanks

Because the s390 folks at IBM thought it'd be cool to emit a panic
(read: shut down) in the ccw bootloader when there is a problem? ;)

If this breaks test cases for you, please coordinate with Christian
Borntraeger and Eugene Dvurechenski whether it makes sense to change it.


Alex

Re: [Qemu-devel] [PATCH] hw/arm/virt-acpi-build: drop _ADR entry from SPCR

[Peter Maydell]

On 6 August 2015 at 14:25, Andrew Jones  wrote:
> On Thu, Aug 06, 2015 at 01:55:14PM +0100, Leif Lindholm wrote:
>> On Thu, Aug 06, 2015 at 02:28:03PM +0200, Andrew Jones wrote:
>> > In the least I wouldn't want to get burned twice, so I'd prefer to
>> > see the SPCR code actually get into Linux first this time. That
>> > would also allow us to point at something when we start breaking
>> > guests.
>>
>> So, if that's the way it has to be, that's the way it has to be.
>> I'd just prefer not having different pieces of firmware validating
>> different software behaviours for the same thing.
>
> Yeah, now it's messy. I'm actually OK with this QEMU patch, with regard
> to the downstream stuff that I'm involved with, but other downstreams
> may not be so flexible... We need Peter to chime in with his opinion,
> CCed.

Could somebody who understands ACPI and the ramifications
here let me know if I should apply this patch, please?
(since we're now post-2.4)

thanks
-- PMM

[Qemu-devel] [PATCH 1/2] block/io: allow AIOCB without callback

[Peter Lieven]

If the backend storage is unresponsive and we cancel a request due to
a timeout we cannot immediately destroy the AIOCB because the storage
might complete the original request laster if it is responsive again.
For this purpose allow to set the callback to NULL and ignore it in
this case.

Signed-off-by: Peter Lieven 
---
 block/io.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/io.c b/block/io.c
index d4bc83b..e628581 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2007,7 +2007,9 @@ static void bdrv_aio_bh_cb(void *opaque)
 qemu_iovec_from_buf(acb->qiov, 0, acb->bounce, acb->qiov->size);
 }
 qemu_vfree(acb->bounce);
-acb->common.cb(acb->common.opaque, acb->ret);
+if (acb->common.cb) {
+acb->common.cb(acb->common.opaque, acb->ret);
+}
 qemu_bh_delete(acb->bh);
 acb->bh = NULL;
 qemu_aio_unref(acb);
@@ -2075,7 +2077,9 @@ static const AIOCBInfo bdrv_em_co_aiocb_info = {
 static void bdrv_co_complete(BlockAIOCBCoroutine *acb)
 {
 if (!acb->need_bh) {
-acb->common.cb(acb->common.opaque, acb->req.error);
+if (acb->common.cb) {
+acb->common.cb(acb->common.opaque, acb->req.error);
+}
 qemu_aio_unref(acb);
 }
 }
-- 
1.9.1

Re: [Qemu-devel] [PATCH 08/25] qapi: support nested structs in OptsVisitor

[Marc-André Lureau]

Hi

On Thu, Aug 6, 2015 at 8:28 PM, Kővágó, Zoltán  wrote:
> The current OptsVisitor flattens the whole structure, if there are same
> named fields under different paths (like `in' and `out' in `Audiodev'),
> the current visitor can't cope with them (for example setting
> `frequency=44100' will set the in's frequency to 44100 and leave out's
> frequency unspecified).
>
> This patch fixes it, by always requiring a complete path in case of
> nested structs.  Fields in the path are separated by dots, similar to C
> structs (without pointers), like `in.frequency' or`out.frequency'.
>
> You must provide a full path even in non-ambigous cases.  The qapi
> flattening commits hopefully ensures that this change doesn't create
> backward compatibility problems.
>
> Signed-off-by: Kővágó, Zoltán 
> ---
>  qapi/opts-visitor.c | 114 
> ++--
>  tests/qapi-schema/qapi-schema-test.json |   9 ++-
>  tests/test-opts-visitor.c   |  34 ++
>  3 files changed, 135 insertions(+), 22 deletions(-)
>
> diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
> index aa68814..ff61d42 100644
> --- a/qapi/opts-visitor.c
> +++ b/qapi/opts-visitor.c
> @@ -71,6 +71,7 @@ struct OptsVisitor
>   * schema, with a single mandatory scalar member. */
>  ListMode list_mode;
>  GQueue *repeated_opts;
> +char *repeated_name;
>
>  /* When parsing a list of repeating options as integers, values of the 
> form
>   * "a-b", representing a closed interval, are allowed. Elements in the
> @@ -86,6 +87,9 @@ struct OptsVisitor
>   * not survive or escape the OptsVisitor object.
>   */
>  QemuOpt *fake_id_opt;
> +
> +/* List of field names leading to the current structure. */
> +GQueue *nested_names;
>  };
>
>
> @@ -100,6 +104,7 @@ static void
>  opts_visitor_insert(GHashTable *unprocessed_opts, const QemuOpt *opt)
>  {
>  GQueue *list;
> +assert(opt);
>
>  list = g_hash_table_lookup(unprocessed_opts, opt->name);
>  if (list == NULL) {
> @@ -127,6 +132,9 @@ opts_start_struct(Visitor *v, void **obj, const char 
> *kind,
>  if (obj) {
>  *obj = g_malloc0(size > 0 ? size : 1);
>  }
> +
> +g_queue_push_tail(ov->nested_names, (gpointer) name);
> +
>  if (ov->depth++ > 0) {
>  return;
>  }
> @@ -169,6 +177,8 @@ opts_end_struct(Visitor *v, Error **errp)
>  OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);
>  GQueue *any;
>
> +g_queue_pop_tail(ov->nested_names);
> +
>  if (--ov->depth > 0) {
>  return;
>  }
> @@ -198,15 +208,54 @@ opts_end_implicit_struct(Visitor *v, Error **errp)
>  }
>
>
> +static void
> +sum_strlen(gpointer data, gpointer user_data)
> +{
> +const char *str = data;
> +size_t *sum_len = user_data;
> +
> +if (str) { /* skip NULLs */
> +*sum_len += strlen(str) + 1;
> +}
> +}
> +
> +static void
> +append_str(gpointer data, gpointer user_data)
> +{
> +const char *str = data;
> +char *concat_str = user_data;
> +
> +if (str) {
> +strcat(concat_str, str);
> +strcat(concat_str, ".");
> +}
> +}
> +
> +/* lookup a name, using a fully qualified version */
>  static GQueue *
> -lookup_distinct(const OptsVisitor *ov, const char *name, Error **errp)
> +lookup_distinct(const OptsVisitor *ov, const char *name, char **out_key,
> +Error **errp)
>  {
> -GQueue *list;
> +GQueue *list = NULL;
> +char *key;
> +size_t sum_len = strlen(name);
> +
> +g_queue_foreach(ov->nested_names, sum_strlen, &sum_len);
> +key = g_malloc(sum_len+1);
> +key[0] = 0;
> +g_queue_foreach(ov->nested_names, append_str, key);
> +strcat(key, name);

Instead of using a GQueue, I think you could use a GArray, and use
g_strjoin() here.

> +
> +list = g_hash_table_lookup(ov->unprocessed_opts, key);
> +if (list && out_key) {
> +*out_key = g_strdup(key);

or just *out_key = key; key = NULL; (g_free accepts NULL)

> +}
>
> -list = g_hash_table_lookup(ov->unprocessed_opts, name);
>  if (!list) {
>  error_setg(errp, QERR_MISSING_PARAMETER, name);
>  }
> +
> +g_free(key);
>  return list;
>  }
>
> @@ -218,7 +267,7 @@ opts_start_list(Visitor *v, const char *name, Error 
> **errp)
>
>  /* we can't traverse a list in a list */
>  assert(ov->list_mode == LM_NONE);
> -ov->repeated_opts = lookup_distinct(ov, name, errp);

It would make sense to add an assert(ov->repeated_name == NULL) imho,
this could catch potential leaks.

> +ov->repeated_opts = lookup_distinct(ov, name, &ov->repeated_name, errp);
>  if (ov->repeated_opts != NULL) {
>  ov->list_mode = LM_STARTED;
>  }
> @@ -254,11 +303,9 @@ opts_next_list(Visitor *v, GenericList **list, Error 
> **errp)
>  /* range has been completed, fall through in order to pop option */
>
>  case LM_IN_PROGRESS: {
> -const QemuOpt *opt;
> -
> -opt = g_queue_pop_head(ov->

Re: [Qemu-devel] [PATCH 4/7] machine: DEFINE_MACHINE macro

[Eduardo Habkost]

On Tue, Aug 18, 2015 at 12:08:51PM -0700, Eduardo Habkost wrote:
> The macro will allow easy registration of a TYPE_MACHINE subclass, using
> only the machine name and a MachineClass initialization function as
> parameter.
> 
> Signed-off-by: Eduardo Habkost 

I will need to redo this patch after some other fixes I will submit
soon, so patches 4-7/7 can be dropped, by now.

-- 
Eduardo

Re: [Qemu-devel] [PATCH] configure: Don't permit SDL or GTK on OSX

[Peter Maydell]

On 14 August 2015 at 16:10, Peter Maydell  wrote:
> The cocoa GUI frontend assumes it is the only GUI (it redefines
> main() so it always gets control before the rest of QEMU), so
> it does not play well with other UIs like SDL or GTK. (Mostly
> people building QEMU on OSX don't have the necessary dependencies
> available for configure to build those other front ends, so
> mostly this problem goes unnoticed.)
>
> Make configure automatically disable the SDL and GTK front ends
> if the cocoa front end is enabled. (We were sort of attempting
> to do this for SDL before, but not in a way that worked very well.)
>
> Signed-off-by: Peter Maydell 

Applied to master, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 6/9] target-arm/arm-semi.c: Support widening APIs to 64 bits

[Christopher Covington]

On Thu, Aug 13, 2015 at 9:35 AM, Peter Maydell  wrote:
> The 64-bit A64 semihosting API has some pervasive changes from
> the 32-bit version:
>  * all parameter blocks are arrays of 64-bit values, not 32-bit
>  * the semihosting call number is passed in W0
>  * the return value is a 64-bit value in X0
>
> Implement the necessary handling for this widening.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Christopher Covington 

[Qemu-devel] [PATCH 2/2] ide/atapi: partially avoid deadlock if the storage backend is dead

[Peter Lieven]

the blk_drain_all() that is executed if the guest issues a DMA cancel
leads to a stuck main loop if the storage backend (e.g. a NFS share)
is unresponsive.

This scenario is a common case for CDROM images mounted from an
NFS share. In this case a broken NFS server can take down the
whole VM even if the mounted CDROM is not used and was just not
unmounted after usage.

This approach avoids the blk_drain_all for read-only media and
cancelles the AIO locally and makes the callback a NOP if the
original request is completed after the NFS share is responsive
again.

Signed-off-by: Peter Lieven 
---
 hw/ide/pci.c | 32 ++--
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/hw/ide/pci.c b/hw/ide/pci.c
index d31ff88..a8b4175 100644
--- a/hw/ide/pci.c
+++ b/hw/ide/pci.c
@@ -240,21 +240,25 @@ void bmdma_cmd_writeb(BMDMAState *bm, uint32_t val)
 /* Ignore writes to SSBM if it keeps the old value */
 if ((val & BM_CMD_START) != (bm->cmd & BM_CMD_START)) {
 if (!(val & BM_CMD_START)) {
-/*
- * We can't cancel Scatter Gather DMA in the middle of the
- * operation or a partial (not full) DMA transfer would reach
- * the storage so we wait for completion instead (we beahve
- * like if the DMA was completed by the time the guest trying
- * to cancel dma with bmdma_cmd_writeb with BM_CMD_START not
- * set).
- *
- * In the future we'll be able to safely cancel the I/O if the
- * whole DMA operation will be submitted to disk with a single
- * aio operation with preadv/pwritev.
- */
 if (bm->bus->dma->aiocb) {
-blk_drain_all();
-assert(bm->bus->dma->aiocb == NULL);
+if (!bdrv_is_read_only(bm->bus->dma->aiocb->bs)) {
+/* We can't cancel Scatter Gather DMA in the middle of the
+ * operation or a partial (not full) DMA transfer would
+ * reach the storage so we wait for completion instead
+ * (we beahve like if the DMA was completed by the time the
+ * guest trying to cancel dma with bmdma_cmd_writeb with
+ * BM_CMD_START not set). */
+blk_drain_all();
+assert(bm->bus->dma->aiocb == NULL);
+} else {
+/* On a read-only device (e.g. CDROM) we can't cause incon-
+ * sistencies and thus cancel the AIOCB locally and avoid
+ * to be called back later if the original request is
+ * completed. */
+BlockAIOCB *aiocb = bm->bus->dma->aiocb;
+aiocb->cb(aiocb->opaque, -ECANCELED);
+aiocb->cb = NULL;
+}
 }
 bm->status &= ~BM_STATUS_DMAING;
 } else {
-- 
1.9.1

[Qemu-devel] [PATCH 0/2] ide/atapi: partially avoid deadlock if the storage backend is dead

[Peter Lieven]

the blk_drain_all() that is executed if the guest issues a DMA cancel
leads to a stuck main loop if the storage backend (e.g. a NFS share)
is unresponsive.

This scenario is a common case for CDROM images mounted from an
NFS share. In this case a broken NFS server can take down the
whole VM even if the mounted CDROM is not used and was just not
unmounted after usage.

This approach avoids the blk_drain_all for read-only media and
cancelles the AIO locally and makes the callback a NOP if the
original request is completed after the NFS share is responsive
again.

Peter Lieven (2):
  block/io: allow AIOCB without callback
  ide/atapi: partially avoid deadlock if the storage backend is dead

 block/io.c   |  8 ++--
 hw/ide/pci.c | 32 ++--
 2 files changed, 24 insertions(+), 16 deletions(-)

-- 
1.9.1

Re: [Qemu-devel] [PATCH] Block: don't do copy-on-read in before_write_notifier

[Wen Congyang]

On 08/20/2015 01:02 AM, Jeff Cody wrote:
> On Wed, Aug 19, 2015 at 01:43:41PM +0800, Wen Congyang wrote:
>> On 08/19/2015 01:41 PM, Paolo Bonzini wrote:
>>> On 18/08/2015 19:54, Wen Congyang wrote:
 We will copy data in before_write_notifier to do backup.
 It is a nested I/O request, so we cannot do copy-on-read.
>>>
>>> Can you explain why?  What is the bug that this is fixing?
>>
>> (gdb) bt
>> #0  0x7fd53a6cdb55 in raise () from /lib64/libc.so.6
>> #1  0x7fd53a6cf131 in abort () from /lib64/libc.so.6
>> #2  0x7fd53a6c6a10 in __assert_fail () from /lib64/libc.so.6
>> #3  0x7fd53dffe5ad in wait_serialising_requests (self=0x7fd50cdb6ae0) at 
>> block/io.c:452
>> #4  0x7fd53dfff351 in bdrv_aligned_preadv (bs=0x7fd53ea33130, 
>> req=0x7fd50cdb6ae0, offset=26347307008, bytes=65536, align=512, 
>> qiov=0x7fd50cdb6c90, flags=
>> 1) at block/io.c:847
>> #5  0x7fd53dfff897 in bdrv_co_do_preadv (bs=0x7fd53ea33130, 
>> offset=26347307008, bytes=65536, qiov=0x7fd50cdb6c90, 
>> flags=BDRV_REQ_COPY_ON_READ)
>> at block/io.c:970
>> #6  0x7fd53dfff962 in bdrv_co_do_readv (bs=0x7fd53ea33130, 
>> sector_num=51459584, nb_sectors=128, qiov=0x7fd50cdb6c90, flags=0) at 
>> block/io.c:992
>> #7  0x7fd53dfff9cf in bdrv_co_readv (bs=0x7fd53ea33130, 
>> sector_num=51459584, nb_sectors=128, qiov=0x7fd50cdb6c90) at block/io.c:1001
>> #8  0x7fd53ddb077a in backup_do_cow (bs=0x7fd53ea33130, 
>> sector_num=51459648, nb_sectors=16, error_is_read=0x0) at block/backup.c:132
>> #9  0x7fd53ddb0f07 in backup_before_write_notify 
>> (notifier=0x7fd5118c9f30, opaque=0x7fd50cdb6e40) at block/backup.c:193
>> #10 0x7fd53e063193 in notifier_with_return_list_notify 
>> (list=0x7fd53ea361b8, data=0x7fd50cdb6e40) at util/notify.c:65
>> #11 0x7fd53e79 in bdrv_aligned_pwritev (bs=0x7fd53ea33130, 
>> req=0x7fd50cdb6e40, offset=26347339776, bytes=8192, qiov=0x7fd54001c848, 
>> flags=0)
>> at block/io.c:1116
>> #12 0x7fd53e000b4f in bdrv_co_do_pwritev (bs=0x7fd53ea33130, 
>> offset=26347339776, bytes=8192, qiov=0x7fd54001c848, flags=0) at 
>> block/io.c:1354
>> #13 0x7fd53e000c18 in bdrv_co_do_writev (bs=0x7fd53ea33130, 
>> sector_num=51459648, nb_sectors=16, qiov=0x7fd54001c848, flags=0) at 
>> block/io.c:1378
>> #14 0x7fd53e002dba in bdrv_co_do_rw (opaque=0x7fd53fb76830) at 
>> block/io.c:2113
>> #15 0x7fd53dfafde9 in coroutine_trampoline (i0=1073594560, i1=32725) at 
>> coroutine-ucontext.c:80
>> #16 0x7fd53a6debe0 in __correctly_grouped_prefixwc () from 
>> /lib64/libc.so.6
>> #17 0x in ?? ()
>>
> 
> Can you give the steps used to reproduce this?  I ask because I am
> wondering if it would be worth adding an iotest for this or similar
> scenarios.

It is very easy to reproduce it:
1. -drive copy-on-read=on,...  // qemu option
2. drive_backup -f disk0 /path_to_backup.img // monitor command

Thanks
Wen Congyang

> 
> Thanks,
> Jeff
> .
> 

Re: [Qemu-devel] [PATCH v2] hmp: Allow for error message hints on HMP

[Eric Blake]

On 08/18/2015 02:48 PM, Eric Blake wrote:
> Commits 7216ae3d and d2828429 disabled some error message hints,
> all because a change to use modern error reporting meant that the
> hint would be output prior to the actual error.  Fix this by making
> hints a first-class member of Error.
> 
> For example, we are now back to the pleasant:
> 
>  $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
>  qemu-system-x86_64: --chardev null,id=,: Parameter 'id' expects an identifier
>  Identifiers consist of letters, digits, '-', '.', '_', starting with a 
> letter.
> 
> Signed-off-by: Eric Blake 
> ---
> 
> v2: use GString instead of rolling our own O(n^2) string concat [Paolo]
> 

> @@ -162,6 +191,7 @@ void error_free(Error *err)
>  {
>  if (err) {
>  g_free(err->msg);
> +g_string_free(err->hint, true);

self-NAK; v3 coming up. g_string_free(NULL) doesn't work (I hate "free"
functions that aren't free-like).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 04/10] arm: Rename virt machine class to use MACHINE_TYPE_NAME

[Eduardo Habkost]

Machine class names should use the "-machine" suffix to allow
class-name-based machine class lookup to work. Rename the arm virt
machine class using the MACHINE_TYPE_NAME macro.

Cc: Peter Maydell 
Signed-off-by: Eduardo Habkost 
---
 hw/arm/virt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d5a8417..5ba4b80 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -81,7 +81,8 @@ typedef struct {
 bool secure;
 } VirtMachineState;
 
-#define TYPE_VIRT_MACHINE   "virt"
+#define VIRT_MACHINE_NAME   "virt"
+#define TYPE_VIRT_MACHINE   MACHINE_TYPE_NAME(VIRT_MACHINE_NAME)
 #define VIRT_MACHINE(obj) \
 OBJECT_CHECK(VirtMachineState, (obj), TYPE_VIRT_MACHINE)
 #define VIRT_MACHINE_GET_CLASS(obj) \
@@ -959,7 +960,7 @@ static void virt_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->name = TYPE_VIRT_MACHINE;
+mc->name = VIRT_MACHINE_NAME;
 mc->desc = "ARM Virtual Machine",
 mc->init = machvirt_init;
 mc->max_cpus = 8;
-- 
2.1.0

Re: [Qemu-devel] [PATCH 01/12] hbitmap: serialization

[Stefan Hajnoczi]

On Fri, Aug 07, 2015 at 12:32:33PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> +/**
> + * hbitmap_serialize_part
> + * @hb: HBitmap to oprate on.

s/oprate/operate/

> + * @buf: Buffer to store serialized bitmap.
> + * @start: First bit to store.
> + * @count: Number of bits to store.
> + *
> + * Stores HBitmap data corresponding to given region. The format of saved 
> data
> + * is linear sequence of bits, so it can be used by hbitmap_deserialize_part
> + * independently of endianness and size of HBitmap level array elements

These functions *are* dependent of HBitmap level array element size.

They always assign full array elements (unsigned long).  If count <
BITS_PER_LONG at some point before the end, the bitmap will be corrupt
because leading bits will be zeroed when the next
hbitmap_deserialize_part() call is made!

> + */
> +void hbitmap_serialize_part(const HBitmap *hb, uint8_t *buf,
> +uint64_t start, uint64_t count);
> +
> +/**
> + * hbitmap_deserialize_part
> + * @hb: HBitmap to operate on.
> + * @buf: Buffer to restore bitmap data from.
> + * @start: First bit to restore.
> + * @count: Number of bits to restore.
> + *
> + * Retores HBitmap data corresponding to given region. The format is the same

s/Retores/Restores/

> + * as for hbitmap_serialize_part.
> + *
> + * ! The bitmap becomes inconsistent after this operation.
> + * hbitmap_serialize_finish should be called before using the bitmap after
> + * data restoring.
> + */
> +void hbitmap_deserialize_part(HBitmap *hb, uint8_t *buf,
> +  uint64_t start, uint64_t count);
> +
> +/**
> + * hbitmap_deserialize_zeroes
> + * @hb: HBitmap to operate on.
> + * @start: First bit to restore.
> + * @count: Number of bits to restore.
> + *
> + * Same as hbitmap_serialize_part, but fills the bitmap with zeroes.
> + */
> +void hbitmap_deserialize_zeroes(HBitmap *hb, uint64_t start, uint64_t count);
> +
> +/**
> + * hbitmap_deserialize_finish
> + * @hb: HBitmap to operate on.
> + *
> + * Repair HBitmap after calling hbitmap_deserialize_data. Actually, all 
> HBitmap
> + * layers are restored here.
> + */
> +void hbitmap_deserialize_finish(HBitmap *hb);
> +
> +/**
>   * hbitmap_free:
>   * @hb: HBitmap to operate on.
>   *
> diff --git a/util/hbitmap.c b/util/hbitmap.c
> index 50b888f..c7c21fe 100644
> --- a/util/hbitmap.c
> +++ b/util/hbitmap.c
> @@ -378,6 +378,104 @@ bool hbitmap_get(const HBitmap *hb, uint64_t item)
>  return (hb->levels[HBITMAP_LEVELS - 1][pos >> BITS_PER_LEVEL] & bit) != 
> 0;
>  }
>  
> +uint64_t hbitmap_data_size(const HBitmap *hb, uint64_t count)
> +{
> +uint64_t size, gran;
> +
> +if (count == 0) {
> +return 0;
> +}
> +
> +gran = 1ll << hb->granularity;
> +size = (((gran + count - 2) >> hb->granularity) >> BITS_PER_LEVEL) + 1;
> +
> +return size * sizeof(unsigned long);
> +}
> +
> +void hbitmap_serialize_part(const HBitmap *hb, uint8_t *buf,
> +uint64_t start, uint64_t count)
> +{
> +uint64_t i;
> +uint64_t last = start + count - 1;
> +unsigned long *out = (unsigned long *)buf;

I'm not sure if we care but this can lead to unaligned stores if buf
isn't aligned to sizeof(unsigned long).  Unaligned stores are best
avoided:
https://www.linux-mips.org/wiki/Alignment

If you replace out[i - start] = ... with a memcpy() call then the
alignment problem is solved.  If you are worried that all these memcpy()
calls are slow, check the compiler output since gcc probably optimizes
away the memcpy().

> +
> +if (count == 0) {
> +return;
> +}
> +
> +start = (start >> hb->granularity) >> BITS_PER_LEVEL;
> +last = (last >> hb->granularity) >> BITS_PER_LEVEL;
> +count = last - start + 1;
> +
> +for (i = start; i <= last; ++i) {
> +unsigned long el = hb->levels[HBITMAP_LEVELS - 1][i];
> +out[i - start] =
> +(BITS_PER_LONG == 32 ? cpu_to_le32(el) : cpu_to_le64(el));
> +}
> +}
> +
> +void hbitmap_deserialize_part(HBitmap *hb, uint8_t *buf,
> +  uint64_t start, uint64_t count)
> +{
> +uint64_t i;
> +uint64_t last = start + count - 1;
> +unsigned long *in = (unsigned long *)buf;

Same here.


pgpFdkHpfSsm7.pgp
Description: PGP signature