Re: [Qemu-devel] [PATCH RFC V5 6/9] hw/intc: arm_gicv3_spi_its

[Pavel Fedin]

 Hello!

> I just wanted to understand. I don't have any preferences.

 In other words, in short: spec says that ITS is optional, so we can implement 
it as a separate component, which gets attached to the GIC using some specified 
interface. It's not a problem to design such an interface. Actually, i believe 
real HW does the same thing.
 In my RFC i have implemented a part of this interface. My ITS class has 
gic-parent property, which is used to attach it to the GIC. KVM implementation 
fetches vGIC's fd from there, while software emulation can use it to call LPI 
methods on the GIC. The property is declared as implementation-specific only 
because it would have different object type, for additional fail-safety. 
Software-emulated ITS cannot be attached to KVM vGIC and vice versa, actually 
only because kernel guys don't want direct LPI injection.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [Qemu-devel] [PATCH RFC V5 6/9] hw/intc: arm_gicv3_spi_its

[Peter Maydell]

On 21 October 2015 at 15:41, Pavel Fedin  wrote:
>  Hello!
>
>> I just wanted to understand. I don't have any preferences.
>
>  In other words, in short: spec says that ITS is optional, so
> we can implement it as a separate component, which gets attached
> to the GIC using some specified interface. It's not a problem
> to design such an interface. Actually, i believe real HW does
> the same thing.

For hw it's a design choice: hardware can either have the ITS as
an extra component on the side that only talks to the
redistributors via (impdef) redistributor registers; or
it can be an integrated part of the GIC that's just directly
connected internally.

For QEMU we could in theory do either; I was leaning towards
direct connection just because on the KVM side the in-kernel
GIC isn't going to separate them out as two distinct things.
But even there we can as you say sensibly model the ITS
as its own QOM object with a fairly well-defined interface
to the rest of the GIC.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 5/5] vhost: send VHOST_USER_SET_VRING_ENABLE at start/stop

[Yuanhan Liu]

On Wed, Oct 21, 2015 at 01:39:11PM +0300, Michael S. Tsirkin wrote:
> On Wed, Oct 21, 2015 at 05:07:18PM +0800, Yuanhan Liu wrote:
> > Send VHOST_USER_SET_VRING_ENABLE at start/stop when multiple queue
> > is negotiated, to inform the backend that we are ready or not.
> 
> OK but that's only if MQ is set.

Maybe we could just call vhost_backend_set_vring_enable() unconditionally?
It's nil operation when MQ is not set.

> If now, we need to do
> RESET_OWNER followed by SET_OWNER.

Could you be more specific? Why sending RESET_OWNER followed by
SET_OWNER?

TBH, I'm a bit confused with RESET_OWNER now: what it does, and when is
supposed to send it :(

And, sending RESET_OWNER inside virtio_net_reset() also looks weird.
I made a quick try before sending this patchset, and the vhost-user
request dump doesn't look right to me: the message is sent after
vhost dev init (GET_FEATURES, GET_PROTOCOL_FEATURE, SET_OWNER, ...,
SET_VRING_CALL),  and before peer attach (SET_VRING_ENABLE) and
vhost_dev_start (SET_MEM_TABLE, ... SET_VRING_KICK ...):


# start of a VM

VHOST_CONFIG: new virtio connection is 28
VHOST_CONFIG: new device, handle is 0
VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
VHOST_CONFIG: read message VHOST_USER_SET_OWNER
VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:0 file:29
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:1 file:30
VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
...
...
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:6 file:35
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:7 file:36

==> VHOST_CONFIG: read message VHOST_USER_RESET_OWNER
VHOST_CONFIG: read message VHOST_USER_RESET_OWNER

VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
VHOST_CONFIG: set queue enable: 1 to qp idx: 0
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
VHOST_CONFIG: set queue enable: 0 to qp idx: 2
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
VHOST_CONFIG: set queue enable: 0 to qp idx: 4
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
VHOST_CONFIG: set queue enable: 0 to qp idx: 6
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:0 file:29
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:1 file:30
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:2 file:31
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:3 file:32
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:4 file:33
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:5 file:34
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:6 file:35
VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
VHOST_CONFIG: vring call idx:7 file:36
VHOST_CONFIG: read message VHOST_USER_SET_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_MEM_TABLE
VHOST_CONFIG: mapped region 0 fd:37 to 0x2aaac000 sz:0xa off:0x0
VHOST_CONFIG: mapped region 1 fd:38 to 0x2aab sz:0x8000 
off:0xc
VHOST_CONFIG: read message VHOST_USER_SET_VRING_NUM
VHOST_CONFIG: read message VHOST_USER_SET_VRING_BASE
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ADDR
VHOST_CONFIG: read message VHOST_USER_SET_VRING_KICK
VHOST_CONFIG: vring kick idx:0 file:39
VHOST_CONFIG: virtio is not ready for processing.
VHOST_CONFIG: read message VHOST_USER_SET_VRING_NUM
VHOST_CONFIG: read message VHOST_USER_SET_VRING_BASE
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ADDR
VHOST_CONFIG: read message VHOST_USER_SET_VRING_KICK
VHOST_CONFIG: vring kick idx:1 file:40
VHOST_CONFIG: virtio is not ready for processing.
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
VHOST_CONFIG: set queue enable: 1 to qp idx: 0
VHOST_CONFIG: read message VHOST_USER_SET_FEATURES
VHOST_CONFIG: read message VHOST_USER_SET_VRING_NUM
VHOST_CONFIG: read message VHOST_USER_SET_VRING_BASE
VHOST_CONFIG: read message VHOST_USER_SET_VRING_ADDR
VHOST_CONFIG: read message VHOST_USER_SET_VRING_KICK
VHOST_CONFIG: vring kick idx:2 file:41
VHOST_CONFIG: 

Re: [Qemu-devel] [PATCH v5 09/12] block: Add "drained begin/end" for internal snapshot

[Kevin Wolf]

Am 21.10.2015 um 04:06 hat Fam Zheng geschrieben:
> This ensures the atomicity of the transaction by avoiding processing of
> external requests such as those from ioeventfd.
> 
> state->bs is assigned right after bdrv_drained_begin. Because it was
> used as the flag for deletion or not in abort, now we need a separate
> flag - InternalSnapshotState.created.
> 
> Signed-off-by: Fam Zheng 
> ---
>  blockdev.c | 8 ++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index 52f44b2..92c2d0d 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1370,6 +1370,7 @@ typedef struct InternalSnapshotState {
>  BlockDriverState *bs;
>  AioContext *aio_context;
>  QEMUSnapshotInfo sn;
> +bool created;
>  } InternalSnapshotState;
>  
>  static void internal_snapshot_prepare(BlkTransactionState *common,
> @@ -1407,6 +1408,8 @@ static void 
> internal_snapshot_prepare(BlkTransactionState *common,
>  /* AioContext is released in .clean() */
>  state->aio_context = blk_get_aio_context(blk);
>  aio_context_acquire(state->aio_context);
> +state->bs = blk_bs(blk);
> +bdrv_drained_begin(state->bs);
>  
>  if (!blk_is_available(blk)) {
>  error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);

The blk_is_available() check must come first, otherwise we can call
bdrv_drained_begin(NULL) and bdrv_drained_begin() doesn't accept that.

Kevin

Re: [Qemu-devel] Coding style for errors

[Eric Blake]

On 10/21/2015 09:03 AM, Lluís Vilanova wrote:
> Hi,
> 
> I was wondering what is the proper way (or ways, depending on the subsystem) 
> of
> reporting and signalling errors in QEMU. The coding style file does not seem 
> to
> mention it, and the code uses all kinds of forms for that:
> 
> * printf + exit(1)
> * fprintf(stderr) + exit(1)

Existing code doesn't all have to be switched, but new code...

> * error_report + exit(1)

...should favor this approach, or even:

error_setg(..., _fatal)

as shorthand.

> * cpu_abort
> * Some other I probably forgot
> 
> So, is there any agreement on what should be used? If so, could that please be
> added to CODING_STYLE?

include/qapi/error.h has more documentation on how to best use struct
Error and the various error_* functions, but you're right that a blurb
in CODING_STYLE can't hurt. Would you care to try writing a first draft?

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 00/38] vhost, pc, virtio features, fixes, cleanups

[Peter Maydell]

On 21 October 2015 at 11:26, Michael S. Tsirkin  wrote:
> The following changes since commit 6d57410a79d51d92673c54f26624b44f27fa6214:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20151016' into staging (2015-10-17 
> 12:31:33 +0100)
>
> are available in the git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to 4f53cd7788185f437a4275df6456eb60b90d4837:
>
>   hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT 
> (2015-10-21 13:24:49 +0300)
>
> 
> vhost, pc, virtio features, fixes, cleanups
>
> New features:
> VT-d support for devices behind a bridge
> vhost-user migration support
>
> Signed-off-by: Michael S. Tsirkin 
>
> 

Test failure on 64-bit ARM and 32-bit ARM:

TEST: tests/vhost-user-test... (pid=28701)
Warning: path not on HugeTLBFS: /tmp/vhost-test-pLQQzA
qemu-system-i386: -netdev
vhost-user,id=net0,chardev=chr-test,vhostforce: vhost-net support is
not compiled in
qemu-system-i386: -netdev
vhost-user,id=net0,chardev=chr-test,vhostforce: failed to init
vhost_net for queue 0

Broken pipe
FAIL: tests/vhost-user-test

My clang build gives this:

Warning: path not on HugeTLBFS: /tmp/vhost-test-EFF6ul
/home/petmay01/linaro/qemu-for-merges/target-i386/translate.c:2421:26:
runtime error: left shift of negative value -8
Warning: path not on HugeTLBFS: /tmp/vhost-test-EFF6ul
/home/petmay01/linaro/qemu-for-merges/target-i386/translate.c:2421:26:
runtime error: left shift of negative value -8
Warning: path not on HugeTLBFS: /tmp/vhost-test-EFF6ul
/home/petmay01/linaro/qemu-for-merges/target-i386/translate.c:2421:26:
runtime error: left shift of negative value -8

The tests pass, but I'd prefer it if our tests
didn't print out random warnings in the non-verbose
case if possible; it makes it hard to sift out
"this is a problem" from "this test has always
been grumpy". (Alternatively, if "path not on HugeTLBFS"
is a problem then the test should fail.)

The negative-shift stuff is clang's undefined
sanitizer; the code in question has been doing a
"-8 << s->dflag" since at least 2013, so this is just
your test code exercising something it hadn't before.
Sanitizer issues aren't currently something I'm
requiring pull requests to deal with, so we can fix
this one later.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] QEMU patch for libvmi to introspect QEMU/kvm virtual machines. Usually this patch is distributed with libvmi, but, it might be more useful to have it in the QEMU source perman

[Valerio Aimale]

Eric,

thanks for your comments. I'm going to take the liberty to top posts 
some notes.


On grammar awkwardness, indentation, documentation, and coding style. I 
agree with you. Mea culpa. I take full responsibility. I was too eager 
to submit the patch. I'll be less eager in the future.
If and when we decide that this patch belongs in the QEMU source tree, I 
will clean up grammar, documentation and code. However, as per 
discussion with Markus, that is still up in the air. So I'll hold of on 
those for now.


Below discussions of two issues only, endianness and fprintf.

Valerio

On 10/19/15 3:33 PM, Eric Blake wrote:

On 10/15/2015 05:44 PM, vale...@aimale.com wrote:

From: Valerio Aimale 

Long subject line, and no message body.  Remember, you want the subject
line to be a one-line short summary of 'what', then the commit body
message for 'why', as in:

qmp: add command for libvmi memory introspection

In the past, libvmi was relying on an out-of-tree patch to qemu that
provides a new QMP command pmemaccess.  It is now time to make this
command part of qemu.

pmemaccess is used to create a side-channel communication path that can
more effectively be used to query lots of small memory chunks without
the overhead of one QMP command per chunk. ...


---

You are missing a Signed-off-by: tag.  Without that, we cannot take your
patch.  But at least we can still review it:


  Makefile.target  |   2 +-
  hmp-commands.hx  |  14 
  hmp.c|   9 +++
  hmp.h|   1 +
  memory-access.c  | 206 +++
  memory-access.h  |  21 ++
  qapi-schema.json |  28 
  qmp-commands.hx  |  23 +++
  8 files changed, 303 insertions(+), 1 deletion(-)
  create mode 100644 memory-access.c
  create mode 100644 memory-access.h

diff --git a/Makefile.target b/Makefile.target
index 962d004..940ab51 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -131,7 +131,7 @@ endif #CONFIG_BSD_USER
  #
  # System emulator target
  ifdef CONFIG_SOFTMMU
-obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o ioport.o numa.o
+obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o ioport.o numa.o 
memory-access.o

This line is now over 80 columns; please wrap.


  obj-y += qtest.o bootdevice.o

In fact, you could have just appended it into this line instead.


+++ b/hmp-commands.hx
@@ -807,6 +807,20 @@ save to disk physical memory dump starting at @var{addr} 
of size @var{size}.
  ETEXI
  
  {

+.name   = "pmemaccess",
+.args_type  = "path:s",
+.params = "file",
+.help   = "open A UNIX Socket access to physical memory at 'path'",

s/A/a/

Awkward grammar; better might be:

open a Unix socket at 'path' for use in accessing physical memory

Please also document where the user can find the protocol that will be
used across the side-channel socket thus opened.



+++ b/memory-access.c
@@ -0,0 +1,206 @@
+/*
+ * Access guest physical memory via a domain socket.
+ *
+ * Copyright (C) 2011 Sandia National Laboratories
+ * Original Author: Bryan D. Payne (bdpa...@acm.org)
+ *
+ * Refurbished for modern QEMU by Valerio Aimale (vale...@aimale.com), in 2015
+ */

I would expect at least something under docs/ in addition to this file
(the protocol spoken over the socket should be well-documented, and not
just by reading the source code).  Compare with docs/qmp-spec.txt.


+struct request{
+uint8_t type;  // 0 quit, 1 read, 2 write, ... rest reserved
+uint64_t address;  // address to read from OR write to
+uint64_t length;   // number of bytes to read OR write

Any particular endianness constraints to worry about?
That is a very interesting and insightful comment, that required some 
thinking. As I see it right now, the issue of endianness can be 
partitioned in 3 separate problems:


1) Endinanness concordance between libvmi and QEM host. As this patch 
uses a UNIX socket for inter-process communication, it implicitely 
assumes that libvmi and the QEMU host will run on the same machine, thus 
will have the same architecture, no need to endianness correction. If 
the patch were to use an inet socket, then hton and ntoh conversion 
would be required. It could be easily arranged by using this very useful 
header https://gist.github.com/panzi/6856583 , that provides 
architecture and platform independent implementation of htobe64() and 
be64toh() that are required to convert the two 64-bit members of the 
struct request. Of course there is the very interesting and intriguing 
scenario of somebody tunneling a UNIX socket from one host to another 
via inet socket with socat. However, as libvmi owns socket creation, 
that would be, not impossible , but not even that easy.


2) Endinanness concordance between QEM host and QEMU guest. As 
pmemaccess just calls cpu_physical_memory_map() and 
cpu_physical_memory_unmap(), no need for 

Re: [Qemu-devel] [PATCH v5 00/12] block: Protect nested event loop with bdrv_drained_begin and bdrv_drained_end

[Kevin Wolf]

Am 21.10.2015 um 04:06 hat Fam Zheng geschrieben:
> v5: Rebase onto Kevin's block tree.
> 
> v4: Rebase on to master so fix the "bdrv_move_feature_fields" issue.
> 
> v3: Call bdrv_drain unconditionally in bdrv_drained_begin.
> Document the internal I/O implications between bdrv_drain_begin and end.
> 
> The nested aio_poll()'s in block layer has a bug that new r/w requests from
> ioeventfds and nbd exports are processed, which might break the caller's
> semantics (qmp_transaction) or even pointers (bdrv_reopen).

Patches 1-8 and 10-12:
Reviewed-by: Kevin Wolf 

[Qemu-devel] [PULL v2 8/9] s390x: reset crypto only on clear reset and QEMU reset

[Cornelia Huck]

From: David Hildenbrand 

Initializing VM crypto in initial cpu reset has multiple problems

1. We call the exact same function #VCPU times, although one time is enough
2. On SIGP initial cpu reset, we exchange the wrapping key while
   other VCPUs are running. Bad!
3. It is simply wrong. According to the Pop, a reset happens only during a
   clear reset.

So, we have to reset the keys
- on modified clear reset
- on load clear (QEMU reset - via machine reset)
- on qemu start (via machine reset)

Reviewed-by: Christian Borntraeger 
Signed-off-by: David Hildenbrand 
Signed-off-by: Cornelia Huck 
---
 hw/s390x/s390-virtio.c |  1 +
 target-s390x/cpu.h | 11 +++
 target-s390x/kvm.c |  4 +---
 target-s390x/misc_helper.c |  1 +
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c
index 7b8f15b..9a7b7c2 100644
--- a/hw/s390x/s390-virtio.c
+++ b/hw/s390x/s390-virtio.c
@@ -320,6 +320,7 @@ void s390_machine_reset(void)
 S390CPU *ipl_cpu = S390_CPU(qemu_get_cpu(0));
 
 qemu_devices_reset();
+s390_crypto_reset();
 
 /* all cpus are stopped - configure and start the ipl cpu only */
 s390_ipl_prepare_cpu(ipl_cpu);
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 07ae16c..ca98e5a 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -1166,6 +1166,7 @@ void kvm_s390_reset_vcpu(S390CPU *cpu);
 int kvm_s390_set_mem_limit(KVMState *s, uint64_t new_limit, uint64_t 
*hw_limit);
 void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
 int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
+void kvm_s390_crypto_reset(void);
 #else
 static inline void kvm_s390_io_interrupt(uint16_t subchannel_id,
 uint16_t subchannel_nr,
@@ -1215,6 +1216,9 @@ static inline int 
kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
 {
 return 0;
 }
+static inline void kvm_s390_crypto_reset(void)
+{
+}
 #endif
 
 static inline int s390_set_memory_limit(uint64_t new_limit, uint64_t *hw_limit)
@@ -1261,6 +1265,13 @@ static inline int 
s390_assign_subch_ioeventfd(EventNotifier *notifier,
 return kvm_s390_assign_subch_ioeventfd(notifier, sch_id, vq, assign);
 }
 
+static inline void s390_crypto_reset(void)
+{
+if (kvm_enabled()) {
+kvm_s390_crypto_reset();
+}
+}
+
 #ifdef CONFIG_KVM
 static inline bool vregs_needed(void *opaque)
 {
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 6e488d4..84dffe9 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -249,7 +249,7 @@ static void kvm_s390_init_dea_kw(void)
 }
 }
 
-static void kvm_s390_init_crypto(void)
+void kvm_s390_crypto_reset(void)
 {
 kvm_s390_init_aes_kw();
 kvm_s390_init_dea_kw();
@@ -301,8 +301,6 @@ void kvm_s390_reset_vcpu(S390CPU *cpu)
 if (kvm_vcpu_ioctl(cs, KVM_S390_INITIAL_RESET, NULL)) {
 error_report("Initial CPU reset failed on CPU %i", cs->cpu_index);
 }
-
-kvm_s390_init_crypto();
 }
 
 static int can_sync_regs(CPUState *cs, int regs)
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index ddf2498..a692c44 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -129,6 +129,7 @@ static int modified_clear_reset(S390CPU *cpu)
 }
 cmma_reset(cpu);
 subsystem_reset();
+s390_crypto_reset();
 scc->load_normal(CPU(cpu));
 cpu_synchronize_all_post_reset();
 resume_all_vcpus();
-- 
2.6.2

[Qemu-devel] [Bug 1508405] [NEW] qemu 2.4.0 with --enable-kvm hangs, takes 100% CPU

[cptG]

Public bug reported:

When starting qemu-system-x86_64 from version 2.4.0 with --enable-kvm,
it hangs and takes 100% CPU. The graphical display (SeaBIOS output) is
not initialized.

There have been multiple reports of this issue in the following thread:
https://bbs.archlinux.org/viewtopic.php?pid=1572405

There is no need to load a certain image, it already hangs with the following 
command:
qemu-system-x86_64 --enable-kvm

There are three workarounds:
- Downgrading the kernel form 4.2.2 to 4.1.6 (according to the forum thread, 
have not tested this myself)
- Downgrading qemu to 2.3 (tested personally, works)
- passing -machine pc-i440fx-2.3 to qemu 2.4 (have not tested this myself, I 
will try that shortly)

modules kvm and kvm_intel are loaded and rmmod && modprobing them does
not change the situation

I have an nvidia card and switching from official binary drivers to
nouveau and back does not change the situation.


qemu is installed from Arch package. From the PKGBUILD you can see that is is 
built with the following configuration:

export ARFLAGS="rv"
  export CFLAGS+=' -fPIC'
  ./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='pa alsa sdl' \
  --python=/usr/bin/python2 --smbd=/usr/bin/smbd \
  --enable-docs --libexecdir=/usr/lib/qemu \
  --disable-gtk --enable-linux-aio --enable-seccomp \
  --enable-spice --localstatedir=/var \
  --enable-tpm \
  --enable-modules --enable-{rbd,glusterfs,libiscsi,curl}
  make V=99


cpuinfo on my machine (for the first core only):


processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 30
model name  : Intel(R) Core(TM) i7 CPU   Q 820  @ 1.73GHz
stepping: 5
microcode   : 0x7
cpu MHz : 1333.000
cache size  : 8192 KB
physical id : 0
siblings: 8
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm 
constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc 
aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm 
sse4_1 sse4_2 popcnt lahf_lm ida dtherm tpr_shadow vnmi flexpriority ept vpid
bugs:
bogomips: 3459.21
clflush size: 64
cache_alignment : 64
address sizes   : 36 bits physical, 48 bits virtual


Is there more information I can provide you with to help debug this
problem?

Thanks,

cptG

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1508405

Title:
  qemu 2.4.0 with --enable-kvm hangs, takes 100% CPU

Status in QEMU:
  New

Bug description:
  When starting qemu-system-x86_64 from version 2.4.0 with --enable-kvm,
  it hangs and takes 100% CPU. The graphical display (SeaBIOS output) is
  not initialized.

  There have been multiple reports of this issue in the following thread:
  https://bbs.archlinux.org/viewtopic.php?pid=1572405

  There is no need to load a certain image, it already hangs with the following 
command:
  qemu-system-x86_64 --enable-kvm

  There are three workarounds:
  - Downgrading the kernel form 4.2.2 to 4.1.6 (according to the forum thread, 
have not tested this myself)
  - Downgrading qemu to 2.3 (tested personally, works)
  - passing -machine pc-i440fx-2.3 to qemu 2.4 (have not tested this myself, I 
will try that shortly)

  modules kvm and kvm_intel are loaded and rmmod && modprobing them does
  not change the situation

  I have an nvidia card and switching from official binary drivers to
  nouveau and back does not change the situation.

  
  qemu is installed from Arch package. From the PKGBUILD you can see that is is 
built with the following configuration:
  
  export ARFLAGS="rv"
export CFLAGS+=' -fPIC'
./configure --prefix=/usr --sysconfdir=/etc --audio-drv-list='pa alsa sdl' \
--python=/usr/bin/python2 --smbd=/usr/bin/smbd \
--enable-docs --libexecdir=/usr/lib/qemu \
--disable-gtk --enable-linux-aio --enable-seccomp \
--enable-spice --localstatedir=/var \
--enable-tpm \
--enable-modules --enable-{rbd,glusterfs,libiscsi,curl}
make V=99
  

  cpuinfo on my machine (for the first core only):

  

Re: [Qemu-devel] [RFC PATCH V7 00/19] Multithread TCG.

[Claudio Fontana]

On 07.10.2015 16:52, Frederic Konrad wrote:
> Hi Claudio,
> 
> I'll rebase soon tomorrow with a bit of luck ;).
> 
> Thanks,
> Fred

a respectful ping on this one :-)

I am looking at http://git.greensocs.com/fkonrad/mttcg.git
branch multi_tcg_v7_bugfixed,
is there something new?

Ciao,

Claudio

> 
> On 07/10/2015 14:46, Claudio Fontana wrote:
>> Hello Frederic,
>>
>> On 11.08.2015 08:27, Frederic Konrad wrote:
>>> On 11/08/2015 08:15, Benjamin Herrenschmidt wrote:
 On Mon, 2015-08-10 at 17:26 +0200, fred.kon...@greensocs.com wrote:
> From: KONRAD Frederic 
>
> This is the 7th round of the MTTCG patch series.
>
>
> It can be cloned from:
> g...@git.greensocs.com:fkonrad/mttcg.git branch multi_tcg_v7.
>> would it be possible to rebase on latest qemu? I wonder if mttcg is 
>> diverging a bit too much from mainline,
>> which will make it more difficult to rebase later..(Or did I get confused 
>> about all these repos?)
>>
>> Thank you!
>>
>> Claudio
>>
> This patch-set try to address the different issues in the global picture 
> of
> MTTCG, presented on the wiki.
>
> == Needed patch for our work ==
>
> Some preliminaries are needed for our work:
>   * current_cpu doesn't make sense in mttcg so a tcg_executing flag is 
> added to
> the CPUState.
 Can't you just make it a TLS ?
>>> True that can be done as well. But the tcg_exec_flags has a second meaning 
>>> saying
>>> "you can't start executing code right now because I want to do a safe_work".
>   * We need to run some work safely when all VCPUs are outside their 
> execution
> loop. This is done with the async_run_safe_work_on_cpu function 
> introduced
> in this series.
>   * QemuSpin lock is introduced (on posix only yet) to allow a faster 
> handling of
> atomic instruction.
 How do you handle the memory model ? IE , ARM and PPC are OO while x86
 is (mostly) in order, so emulating ARM/PPC on x86 is fine but emulating
 x86 on ARM or PPC will lead to problems unless you generate memory
 barriers with every load/store ..
>>> For the moment we are trying to do the first case.
 At least on POWER7 and later on PPC we have the possibility of setting
 the attribute "Strong Access Ordering" with mremap/mprotect (I dont'
 remember which one) which gives us x86-like memory semantics...

 I don't know if ARM supports something similar. On the other hand, when
 emulating ARM on PPC or vice-versa, we can probably get away with no
 barriers.

 Do you expose some kind of guest memory model info to the TCG backend so
 it can decide how to handle these things ?

> == Code generation and cache ==
>
> As Qemu stands, there is no protection at all against two threads 
> attempting to
> generate code at the same time or modifying a TranslationBlock.
> The "protect TBContext with tb_lock" patch address the issue of code 
> generation
> and makes all the tb_* function thread safe (except tb_flush).
> This raised the question of one or multiple caches. We choosed to use one
> unified cache because it's easier as a first step and since the structure 
> of
> QEMU effectively has a ‘local’ cache per CPU in the form of the jump 
> cache, we
> don't see the benefit of having two pools of tbs.
>
> == Dirty tracking ==
>
> Protecting the IOs:
> To allows all VCPUs threads to run at the same time we need to drop the
> global_mutex as soon as possible. The io access need to take the mutex. 
> This is
> likely to change when 
> http://thread.gmane.org/gmane.comp.emulators.qemu/345258
> will be upstreamed.
>
> Invalidation of TranslationBlocks:
> We can have all VCPUs running during an invalidation. Each VCPU is able 
> to clean
> it's jump cache itself as it is in CPUState so that can be handled by a 
> simple
> call to async_run_on_cpu. However tb_invalidate also writes to the
> TranslationBlock which is shared as we have only one pool.
> Hence this part of invalidate requires all VCPUs to exit before it can be 
> done.
> Hence the async_run_safe_work_on_cpu is introduced to handle this case.
 What about the host MMU emulation ? Is that multithreaded ? It has
 potential issues when doing things like dirty bit updates into guest
 memory, those need to be done atomically. Also TLB invalidations on ARM
 and PPC are global, so they will need to invalidate the remote SW TLBs
 as well.

 Do you have a mechanism to synchronize with another thread ? IE, make it
 pop out of TCG if already in and prevent it from getting in ? That way
 you can "remotely" invalidate its TLB...
>>> Yes that's what the safe_work is doing. Ask everybody to exit prevent VCPUs 
>>> to
>>> resume (tcg_exec_flag) and do the work when 

[Qemu-devel] [PATCH QEMU-XEN v4 6/9] xen: Switch uses of xc_map_foreign_bulk to use libxenforeignmemory API.

[Ian Campbell]

In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenforeignmemory which provides access to
privileged foreign mappings and which will provide an interface
equivalent to xc_map_foreign_bulk.

In preparation for adding support for libxenforeignmemory add support
to the <=4.0 and <=4.6 compat code in xen_common.h to allow us to
switch to using the new API. These shims will disappear for versions
of Xen which include libxenforeignmemory.

Since libxenforeignmemory will have its own handle type but for <= 4.6
the functionality is provided by using a libxenctrl handle we
introduce a new global xen_fmem alongside the existing xen_xc. In fact
we make xen_fmem a pointer to the existing xen_xc, which then works
correctly with both <=4.0 (xc handle is an int) and <=4.6 (xc handle
is a pointer). In the latter case xen_fmem is actually a double
indirect pointer, but it all falls out in the wash.

Unlike libxenctrl libxenforeignmemory has an explicit unmap function,
rather than just specifying that munmap should be used, so the unmap
paths are updated to use xenforeignmemory_unmap, which is a shim for
munmap on these versions of xen. The mappings in xen-hvm.c do not
appear to be unmapped (which makes sense for a qemu-dm process)

In fb_disconnect this results in a change from simply mmap over the
existing mapping (with an implciit munmap) to expliclty unmapping with
xenforeignmemory_unmap and then mapping the required anonymous memory
in the same hole. I don't think this is a problem since any other
thread which was racily touching this region would already be running
the risk of hitting the mapping halfway through the call. If this is
thought to be a problem then we could consider adding an extra API to
the libxenforeignmemory interface to replace a foreign mapping with
anonymous shared memory, but I'd prefer not to.

Build tested with 4.0 and 4.5.

Signed-off-by: Ian Campbell 
---
I noticed in xen_console.c that the decision to use a foreign
privileged memory mapping vs a grant dev is made using different
variables in con_initialise vs con_disconnect. The former uses
xendev->dev while the latter uses xendev->gnttabdev. Is this a latent
bug?

v4: Rebase onto "xen_console: correctly cleanup primary console on
teardown."

xenforeignmemory_unmap takes pages not bytes

Compat wrapper for xenforeignmemory_open instead of ifdef in code.

Run check patch and fix most issues. I did not fix:

ERROR: do not initialise globals to 0 or NULL
+xenforeignmemory_handle *xen_fmem = NULL;

=> This is consistent with all of the existing declarations.

ERROR: need consistent spacing around '*' (ctx:WxV)
+typedef xc_interface *xenforeignmemory_handle;

=> I think this is a false +ve since this is a pointer "*" not a multiple "*".
---
 hw/char/xen_console.c|  8 
 hw/display/xenfb.c   | 15 ---
 hw/xen/xen_backend.c |  3 ++-
 include/hw/xen/xen_backend.h |  1 +
 include/hw/xen/xen_common.h  | 12 
 xen-common.c |  6 ++
 xen-hvm.c| 18 +-
 xen-mapcache.c   |  6 +++---
 8 files changed, 45 insertions(+), 24 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 11c6472..24f3a40 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -230,9 +230,9 @@ static int con_initialise(struct XenDevice *xendev)
 
 if (!xendev->dev) {
 xen_pfn_t mfn = con->ring_ref;
-con->sring = xc_map_foreign_bulk(xen_xc, con->xendev.dom,
- PROT_READ|PROT_WRITE,
- , , 1);
+con->sring = xenforeignmemory_map(xen_fmem, con->xendev.dom,
+  PROT_READ|PROT_WRITE,
+  , , 1);
 } else {
 con->sring = xengnttab_map_grant_ref(xendev->gnttabdev, 
con->xendev.dom,
  con->ring_ref,
@@ -274,7 +274,7 @@ static void con_disconnect(struct XenDevice *xendev)
 
 if (con->sring) {
 if (!xendev->dev) {
-munmap(con->sring, XC_PAGE_SIZE);
+xenforeignmemory_unmap(xen_fmem, con->sring, 1);
 } else {
 xengnttab_munmap(xendev->gnttabdev, con->sring, 1);
 }
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index b0ac1e6..a5ddb60 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -103,8 +103,8 @@ static int common_bind(struct common *c)
 if (xenstore_read_fe_int(>xendev, "event-channel", 
>xendev.remote_port) == -1)
return -1;
 
-c->page = xc_map_foreign_bulk(xen_xc, c->xendev.dom,
-  PROT_READ | PROT_WRITE, , , 1);
+c->page = xenforeignmemory_map(xen_fmem, c->xendev.dom,
+   

[Qemu-devel] [PATCH QEMU-XEN v4 7/9] xen: Use stable library interfaces when they are available.

[Ian Campbell]

In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

Specifically libxenevtchn, libxengnttab and libxenforeignmemory.

Previous patches have already laid the groundwork for using these by
switching the existing compatibility shims to reflect the intefaces to
these libraries.

So all which remains is to update configure to detect the libraries
and enable their use. Although they are notionally independent we take
an all or nothing approach to the three libraries since they were
added at the same time.

The only non-obvious bit is that we now open a proper xenforeignmemory
handle for xen_fmem instead of reusing the xen_xc handle.

Build tested with 4.0, 4.5 and the patches targetting 4.7 which adds
these libraries.

Signed-off-by: Ian Campbell 
---
v4: xenforeignmemory_open is now a compat wrapper, so no ifdef.

Simplify configury by asserting that interface version 470 will
always have the libraries (lack of them makes it 460).

Ran checkpatch and fixed everything except:

ERROR: need consistent spacing around '*' (ctx:WxV)
+typedef xc_interface *XenXC;

Which I think is a false +ve.

simplify configury
---
 configure   | 55 +
 include/hw/xen/xen_common.h | 38 +--
 2 files changed, 91 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 779623a..fe0a39d 100755
--- a/configure
+++ b/configure
@@ -1840,6 +1840,7 @@ fi
 
 if test "$xen" != "no" ; then
   xen_libs="-lxenstore -lxenctrl -lxenguest"
+  xen_stable_libs="-lxenforeignmemory -lxengnttab -lxenevtchn"
 
   # First we test whether Xen headers and libraries are available.
   # If no, we are done and there is no Xen support.
@@ -1862,6 +1863,57 @@ EOF
   # Xen unstable
   elif
   cat > $TMPC <
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#if !defined(HVM_MAX_VCPUS)
+# error HVM_MAX_VCPUS not defined
+#endif
+int main(void) {
+  xc_interface *xc;
+  xenforeignmemory_handle *xfmem;
+  xenevtchn_handle *xe;
+  xengnttab_handle *xg;
+
+  xs_daemon_open();
+
+  xc = xc_interface_open(0, 0, 0);
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
+  xc_hvm_inject_msi(xc, 0, 0xf000, 0x);
+  xc_hvm_create_ioreq_server(xc, 0, HVM_IOREQSRV_BUFIOREQ_ATOMIC, NULL);
+
+  xfmem = xenforeignmemory_open(0, 0);
+  xenforeignmemory_map(xfmem, 0, 0, 0, 0, 0);
+
+  xe = xenevtchn_open(0, 0);
+  xenevtchn_fd(xe);
+
+  xg = xengnttab_open(0, 0);
+  xengnttab_map_grant_ref(xg, 0, 0, 0);
+
+  return 0;
+}
+EOF
+  compile_prog "" "$xen_libs $xen_stable_libs"
+  then
+xen_ctrl_version=470
+xen=yes
+
+  # Xen 4.6
+  elif
+  cat > $TMPC <
 #include 
 #include 
@@ -2037,6 +2089,9 @@ EOF
   fi
 
   if test "$xen" = yes; then
+if test $xen_ctrl_version -ge 470  ; then
+   libs_softmmu="$xen_stable_libs $libs_softmmu"
+fi
 libs_softmmu="$xen_libs $libs_softmmu"
   fi
 fi
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
index 2a5f27a..38293b4 100644
--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@@ -6,6 +6,17 @@
 #include 
 #include 
 
+#if CONFIG_XEN_CTRL_INTERFACE_VERSION >= 470
+/*
+ * If we have new enough libxenctrl then we do not want/need these compat
+ * interfaces, despite what the user supplied cflags might say. They
+ * must be undefined before including xenctrl.h
+ */
+#undef XC_WANT_COMPAT_EVTCHN_API
+#undef XC_WANT_COMPAT_GNTTAB_API
+#undef XC_WANT_COMPAT_MAP_FOREIGN_API
+#endif
+
 #include 
 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 420
 #  include 
@@ -151,8 +162,8 @@ static inline void xs_close(struct xs_handle *xsh)
 }
 
 
-/* Xen 4.1 */
-#else
+/* Xen 4.1 thru 4.6 */
+#elif CONFIG_XEN_CTRL_INTERFACE_VERSION < 470
 
 typedef xc_interface *XenXC;
 typedef xc_interface *xenforeignmemory_handle;
@@ -195,6 +206,29 @@ static inline int xc_fd(xc_interface *xen_xc)
 {
 return -1;
 }
+#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 470 */
+
+typedef xc_interface *XenXC;
+
+#  define XC_INTERFACE_FMT "%p"
+#  define XC_HANDLER_INITIAL_VALUENULL
+
+#include 
+#include 
+#include 
+
+static inline XenXC xen_xc_interface_open(void *logger, void *dombuild_logger,
+  unsigned int open_flags)
+{
+return xc_interface_open(logger, dombuild_logger, open_flags);
+}
+
+/* FIXME There is now way to have the xen fd */
+static inline int xc_fd(xc_interface *xen_xc)
+{
+return -1;
+}
+
 #endif
 
 /* Xen before 4.2 */
-- 
2.1.4

Re: [Qemu-devel] [PATCH v7 31/39] blockdev: Add blockdev-insert-medium

[Max Reitz]

On 21.10.2015 13:49, Alberto Garcia wrote:
> On Mon 19 Oct 2015 05:53:37 PM CEST, Max Reitz wrote:
>> And a helper function for that, which directly takes a pointer to the
>> BDS to be inserted instead of its node-name (which will be used for
>> implementing 'change' using blockdev-insert-medium).
> 
> Shouldn't this update bdrv_states?

I hate bdrv_states.

Yes, it should. Thanks!

Max

> Consider this scenario:
> 
> 1) We add a drive and eject its BDS
>{ "execute": "blockdev-add", "arguments": {
>  "options": { "driver": "qcow2",
>   "file": { "driver": "file",
> "filename": "/tmp/hd0.img"},
>   "id": "drive0" }}}
> 
>{ "execute": "eject", "arguments": {"device": "drive0"}}
> 
> 2) We create a new BDS and insert it in drive0
>{ "execute": "blockdev-add", "arguments": {
>  "options": { "driver": "qcow2",
>   "file": { "driver": "file",
> "filename": "/tmp/hd0.img"},
>   "node-name": "hd0" }}}
> 
>{ "execute": "blockdev-insert-medium", "arguments": {
>  "device": "drive0",
>  "node-name": "hd0" }}
> 
> 3) Now we try to create a snapshot...
> 
>{ "execute": "blockdev-snapshot-sync", "arguments": {
>  "device": "drive0",
>  "snapshot-file": "/tmp/new.img",
>  "format": "qcow2" }}
> 
>{"error": {"class": "GenericError",
>   "desc": "The feature 'snapshot' is not enabled"}}
> 
>Ooops! It seems that this is because the new node hd0 is not in the
>bdrv_states list.
> 
> 4) Let's try to create a mirror instead
> 
>{ "execute": "drive-mirror", "arguments": {
>  "device": "drive0",
>  "target": "/tmp/new.img",
>  "sync": "top"}}
> 
>{"return": {}}
>{"timestamp": {"seconds": 1445427560,
>   "microseconds": 765993},
> "event": "BLOCK_JOB_READY",
> "data": {"device": "drive0",
>  "len": 0,
>  "offset": 0,
>  "speed": 0,
>  "type": "mirror"}}
> 
> 5) Ok, the block job is ready, so let's complete it:
> 
>{ "execute": "query-block-jobs" }
>{"return": []}
> 
>Ooops! Again, hd0 is not in bdrv_states so QEMU cannot find the block
>job.
> 
> 6) Anyway, we only need the backend name in order to complete a block
>job, so surely we can do it even if it's not in the list:
> 
>{ "execute": "block-job-complete", "arguments": {
>  "device": "drive0"}}
> 
>Segmentation fault
> 
>That's QTAILQ_INSERT_BEFORE() in change_parent_backing_link(). This
>code assumes that since the 'from' BDS is attached to a backend, it
>must also be in bdrv_states.
> 
> Berto
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH RFC V5 6/9] hw/intc: arm_gicv3_spi_its

[Pavel Fedin]

 Hello!

>> Or do you have some explicit reasons to have everything as a monolith?
> No I just didn't want to have 3 stub files spi, its and its_control.
> Do you suggest that I'll split it to 3 files?

 You didn't understand my question. It's not about internal structure of ITS 
implementation. It is about GIC and ITS connection.
 Please review my KVM ITS RFC: 
http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg04613.html. You'll 
see that ITS is a separate object of a separate class, which can even be 
omitted at all, if machine model doesn't need it for some reason. So, i suggest 
that all the ITS code should go there, and it would be a completely separate 
entity, and a separate patch set, after your GICv3 is accepted. I will help you 
with this.
 Peter, i know you can be very busy, but, could you at least take a glance at 
my vITS v2 RFC structure and judge us? Should ITS + GICv3 be a monolithic 
object, or is my suggestion better?
 By the way, gicv3_init_irqs_and_mmio() expects only two regions, so it will 
not even pay attention to your stubs. You could patch it, of course, but... I 
don't think it's the good thing to do.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [Qemu-devel] [PATCH v2 1/5] Revert "vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE"

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 09:04:17PM +0800, Yuanhan Liu wrote:
> On Wed, Oct 21, 2015 at 01:40:59PM +0300, Michael S. Tsirkin wrote:
> > On Wed, Oct 21, 2015 at 05:07:14PM +0800, Yuanhan Liu wrote:
> > > This reverts commit d1f8b30ec8dde0318fd1b98d24a64926feae9625.
> > > 
> > > It turned out that it breaks stuff, so revert it:
> > > 
> > > http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg00949.html
> > > 
> > > CC: "Michael S. Tsirkin" 
> > > Reported-by: Paolo Bonzini 
> > > Signed-off-by: Yuanhan Liu 
> > 
> > 
> > Are these patches dependent on each other? If yes pls send a cover letter.
> > If not pls don't send a series, post them separately.
> 
> Got it.
> 
> > And, pls Cc me on all vhost user patches.
> 
> Isn't I always doing that? :)
> 
>   --yliu

You didn't for 5/5.

> > 
> > > ---
> > >  docs/specs/vhost-user.txt   | 4 ++--
> > >  hw/net/vhost_net.c  | 2 +-
> > >  hw/virtio/vhost-user.c  | 8 
> > >  linux-headers/linux/vhost.h | 2 +-
> > >  tests/vhost-user-test.c | 2 +-
> > >  5 files changed, 9 insertions(+), 9 deletions(-)
> > > 
> > > diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
> > > index 4eadad1..4bcd17d 100644
> > > --- a/docs/specs/vhost-user.txt
> > > +++ b/docs/specs/vhost-user.txt
> > > @@ -211,10 +211,10 @@ Message types
> > >as an owner of the session. This can be used on the Slave as a
> > >"session start" flag.
> > >  
> > > - * VHOST_USER_RESET_DEVICE
> > > + * VHOST_USER_RESET_OWNER
> > >  
> > >Id: 4
> > > -  Equivalent ioctl: VHOST_RESET_DEVICE
> > > +  Equivalent ioctl: VHOST_RESET_OWNER
> > >Master payload: N/A
> > >  
> > >Issued when a new connection is about to be closed. The Master 
> > > will no
> > > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > > index 2bce891..804f5c9 100644
> > > --- a/hw/net/vhost_net.c
> > > +++ b/hw/net/vhost_net.c
> > > @@ -296,7 +296,7 @@ static void vhost_net_stop_one(struct vhost_net *net,
> > >  } else if (net->nc->info->type == 
> > > NET_CLIENT_OPTIONS_KIND_VHOST_USER) {
> > >  for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
> > >  const VhostOps *vhost_ops = net->dev.vhost_ops;
> > > -int r = vhost_ops->vhost_call(>dev, VHOST_RESET_DEVICE,
> > > +int r = vhost_ops->vhost_call(>dev, VHOST_RESET_OWNER,
> > >NULL);
> > >  assert(r >= 0);
> > >  }
> > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > index b11c0d2..12a9104 100644
> > > --- a/hw/virtio/vhost-user.c
> > > +++ b/hw/virtio/vhost-user.c
> > > @@ -34,7 +34,7 @@ typedef enum VhostUserRequest {
> > >  VHOST_USER_GET_FEATURES = 1,
> > >  VHOST_USER_SET_FEATURES = 2,
> > >  VHOST_USER_SET_OWNER = 3,
> > > -VHOST_USER_RESET_DEVICE = 4,
> > > +VHOST_USER_RESET_OWNER = 4,
> > >  VHOST_USER_SET_MEM_TABLE = 5,
> > >  VHOST_USER_SET_LOG_BASE = 6,
> > >  VHOST_USER_SET_LOG_FD = 7,
> > > @@ -102,7 +102,7 @@ static unsigned long int 
> > > ioctl_to_vhost_user_request[VHOST_USER_MAX] = {
> > >  VHOST_GET_FEATURES, /* VHOST_USER_GET_FEATURES */
> > >  VHOST_SET_FEATURES, /* VHOST_USER_SET_FEATURES */
> > >  VHOST_SET_OWNER,/* VHOST_USER_SET_OWNER */
> > > -VHOST_RESET_DEVICE,  /* VHOST_USER_RESET_DEVICE */
> > > +VHOST_RESET_OWNER,  /* VHOST_USER_RESET_OWNER */
> > >  VHOST_SET_MEM_TABLE,/* VHOST_USER_SET_MEM_TABLE */
> > >  VHOST_SET_LOG_BASE, /* VHOST_USER_SET_LOG_BASE */
> > >  VHOST_SET_LOG_FD,   /* VHOST_USER_SET_LOG_FD */
> > > @@ -192,7 +192,7 @@ static bool 
> > > vhost_user_one_time_request(VhostUserRequest request)
> > >  {
> > >  switch (request) {
> > >  case VHOST_USER_SET_OWNER:
> > > -case VHOST_USER_RESET_DEVICE:
> > > +case VHOST_USER_RESET_OWNER:
> > >  case VHOST_USER_SET_MEM_TABLE:
> > >  case VHOST_USER_GET_QUEUE_NUM:
> > >  return true;
> > > @@ -249,7 +249,7 @@ static int vhost_user_call(struct vhost_dev *dev, 
> > > unsigned long int request,
> > >  break;
> > >  
> > >  case VHOST_USER_SET_OWNER:
> > > -case VHOST_USER_RESET_DEVICE:
> > > +case VHOST_USER_RESET_OWNER:
> > >  break;
> > >  
> > >  case VHOST_USER_SET_MEM_TABLE:
> > > diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
> > > index 14a0160..ead86db 100644
> > > --- a/linux-headers/linux/vhost.h
> > > +++ b/linux-headers/linux/vhost.h
> > > @@ -78,7 +78,7 @@ struct vhost_memory {
> > >  #define VHOST_SET_OWNER _IO(VHOST_VIRTIO, 0x01)
> > >  /* Give up ownership, and reset the device to default values.
> > >   * Allows subsequent call to VHOST_OWNER_SET to succeed. */
> > > -#define VHOST_RESET_DEVICE _IO(VHOST_VIRTIO, 0x02)
> > > +#define VHOST_RESET_OWNER _IO(VHOST_VIRTIO, 0x02)
> > >  
> > >  /* 

[Qemu-devel] [PULL 35/38] piix: fix resource leak reported by Coverity

[Michael S. Tsirkin]

From: zhanghailiang 

config_fd should be closed before return, or there will
be a resource leak error.

Signed-off-by: zhanghailiang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Stefan Hajnoczi 
---
 hw/pci-host/piix.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 1fb71c8..7b2fbf9 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -764,6 +764,7 @@ static int host_pci_config_read(int pos, int len, uint32_t 
val)
 /* Access real host bridge. */
 int rc = snprintf(path, size, "/sys/bus/pci/devices/%04x:%02x:%02x.%d/%s",
   0, 0, 0, 0, "config");
+int ret = 0;
 
 if (rc >= size || rc < 0) {
 return -ENODEV;
@@ -775,16 +776,18 @@ static int host_pci_config_read(int pos, int len, 
uint32_t val)
 }
 
 if (lseek(config_fd, pos, SEEK_SET) != pos) {
-return -errno;
+ret = -errno;
+goto out;
 }
 do {
 rc = read(config_fd, (uint8_t *), len);
 } while (rc < 0 && (errno == EINTR || errno == EAGAIN));
 if (rc != len) {
-return -errno;
+ret = -errno;
 }
-
-return 0;
+out:
+close(config_fd);
+return ret;
 }
 
 static int igd_pt_i440fx_initfn(struct PCIDevice *pci_dev)
-- 
MST

[Qemu-devel] [PULL v2 4/9] s390x: flagify mcic values

[Cornelia Huck]

Instead of using magic values when building the machine check
interruption code, add some defines as by chapter 11-14 in the PoP.

This should make it easier to catch problems like the missing vector
register validity bit ("s390x/kvm: Fix vector validity bit in device
machine checks"), and less hassle should we want to generate machine
checks beyond the channel reports we currently support.

Acked-by: David Hildenbrand 
Signed-off-by: Cornelia Huck 
---
 target-s390x/cpu.h | 45 +
 target-s390x/kvm.c | 23 +++
 2 files changed, 64 insertions(+), 4 deletions(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index e4de863..07ae16c 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -1275,4 +1275,49 @@ static inline bool vregs_needed(void *opaque)
 return 0;
 }
 #endif
+
+/* machine check interruption code */
+
+/* subclasses */
+#define MCIC_SC_SD 0x8000ULL
+#define MCIC_SC_PD 0x4000ULL
+#define MCIC_SC_SR 0x2000ULL
+#define MCIC_SC_CD 0x0800ULL
+#define MCIC_SC_ED 0x0400ULL
+#define MCIC_SC_DG 0x0100ULL
+#define MCIC_SC_W  0x0080ULL
+#define MCIC_SC_CP 0x0040ULL
+#define MCIC_SC_SP 0x0020ULL
+#define MCIC_SC_CK 0x0010ULL
+
+/* subclass modifiers */
+#define MCIC_SCM_B  0x0002ULL
+#define MCIC_SCM_DA 0x2000ULL
+#define MCIC_SCM_AP 0x0008ULL
+
+/* storage errors */
+#define MCIC_SE_SE 0x8000ULL
+#define MCIC_SE_SC 0x4000ULL
+#define MCIC_SE_KE 0x2000ULL
+#define MCIC_SE_DS 0x1000ULL
+#define MCIC_SE_IE 0x8000ULL
+
+/* validity bits */
+#define MCIC_VB_WP 0x0800ULL
+#define MCIC_VB_MS 0x0400ULL
+#define MCIC_VB_PM 0x0200ULL
+#define MCIC_VB_IA 0x0100ULL
+#define MCIC_VB_FA 0x0080ULL
+#define MCIC_VB_VR 0x0040ULL
+#define MCIC_VB_EC 0x0020ULL
+#define MCIC_VB_FP 0x0010ULL
+#define MCIC_VB_GR 0x0008ULL
+#define MCIC_VB_CR 0x0004ULL
+#define MCIC_VB_ST 0x0001ULL
+#define MCIC_VB_AR 0x4000ULL
+#define MCIC_VB_PR 0x0020ULL
+#define MCIC_VB_FC 0x0010ULL
+#define MCIC_VB_CT 0x0002ULL
+#define MCIC_VB_CC 0x0001ULL
+
 #endif
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index e1acdac..6e488d4 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -2065,16 +2065,31 @@ void kvm_s390_io_interrupt(uint16_t subchannel_id,
 kvm_s390_floating_interrupt();
 }
 
+static uint64_t build_channel_report_mcic(void)
+{
+uint64_t mcic;
+
+/* subclass: indicate channel report pending */
+mcic = MCIC_SC_CP |
+/* subclass modifiers: none */
+/* storage errors: none */
+/* validity bits: no damage */
+MCIC_VB_WP | MCIC_VB_MS | MCIC_VB_PM | MCIC_VB_IA | MCIC_VB_FP |
+MCIC_VB_GR | MCIC_VB_CR | MCIC_VB_ST | MCIC_VB_AR | MCIC_VB_PR |
+MCIC_VB_FC | MCIC_VB_CT | MCIC_VB_CC;
+if (kvm_check_extension(kvm_state, KVM_CAP_S390_VECTOR_REGISTERS)) {
+mcic |= MCIC_VB_VR;
+}
+return mcic;
+}
+
 void kvm_s390_crw_mchk(void)
 {
 struct kvm_s390_irq irq = {
 .type = KVM_S390_MCHK,
 .u.mchk.cr14 = 1 << 28,
-.u.mchk.mcic = 0x00400f1d4033ULL,
+.u.mchk.mcic = build_channel_report_mcic(),
 };
-if (kvm_check_extension(kvm_state, KVM_CAP_S390_VECTOR_REGISTERS)) {
-irq.u.mchk.mcic |= 0x0040ULL;
-}
 kvm_s390_floating_interrupt();
 }
 
-- 
2.6.2

Re: [Qemu-devel] [PATCH RFC V5 9/9] hw/arm: Add virt-v3 machine that uses GIC-500

[Shlomo Pongratz]

On Wednesday, October 21, 2015, Peter Maydell 
wrote:

> On 21 October 2015 at 12:33, Shlomo Pongratz  > wrote:
> > I assume I can add the system registers to target-arm/cpu.c but I wonder
> if
> > someone really needs to simulate more than 8 AArch32 CPU(s)
>
> The system register implementation belongs in the gic code, not
> target-arm/. We already have support for devices that say
> "I have some system registers, please add them to this CPU".
>
>
I don't understand.
The system registers are defined in ARM Architecture reference Manual.
It is true that the real implementation is in arm_gicv3_interrupts.c
But the crn, crm, op0, and op1 of the instructions are in CPU domain.


> The mechanism is the same for system registers for both 32-bit
> and 64-bit, incidentally.
>
> I agree.


> thanks
> -- PMM
>

[Qemu-devel] [PATCH v2 1/3] block/gluster: rename [server, volname, image] -> [host, volume, path]

[Prasanna Kumar Kalever]

it will be quite messy to have colliding names for variables, so to maintain
better readability and make it consistent with other existing code as well as
the input keys/options which will be introduced by next couple of patches, this
patch renames the following variables
'server'  -> 'host'
'image'   -> 'path'
'volname' -> 'volume'

Signed-off-by: Prasanna Kumar Kalever 
---
 block/gluster.c | 54 +++---
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/block/gluster.c b/block/gluster.c
index 1eb3a8c..513a774 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -25,19 +25,19 @@ typedef struct BDRVGlusterState {
 } BDRVGlusterState;
 
 typedef struct GlusterConf {
-char *server;
+char *host;
 int port;
-char *volname;
-char *image;
+char *volume;
+char *path;
 char *transport;
 } GlusterConf;
 
 static void qemu_gluster_gconf_free(GlusterConf *gconf)
 {
 if (gconf) {
-g_free(gconf->server);
-g_free(gconf->volname);
-g_free(gconf->image);
+g_free(gconf->host);
+g_free(gconf->volume);
+g_free(gconf->path);
 g_free(gconf->transport);
 g_free(gconf);
 }
@@ -57,19 +57,19 @@ static int parse_volume_options(GlusterConf *gconf, char 
*path)
 if (*p == '\0') {
 return -EINVAL;
 }
-gconf->volname = g_strndup(q, p - q);
+gconf->volume = g_strndup(q, p - q);
 
-/* image */
+/* path */
 p += strspn(p, "/");
 if (*p == '\0') {
 return -EINVAL;
 }
-gconf->image = g_strdup(p);
+gconf->path = g_strdup(p);
 return 0;
 }
 
 /*
- * file=gluster[+transport]://[server[:port]]/volname/image[?socket=...]
+ * file=gluster[+transport]://[host[:port]]/volume/path[?socket=...]
  *
  * 'gluster' is the protocol.
  *
@@ -78,10 +78,10 @@ static int parse_volume_options(GlusterConf *gconf, char 
*path)
  * tcp, unix and rdma. If a transport type isn't specified, then tcp
  * type is assumed.
  *
- * 'server' specifies the server where the volume file specification for
+ * 'host' specifies the host where the volume file specification for
  * the given volume resides. This can be either hostname, ipv4 address
  * or ipv6 address. ipv6 address needs to be within square brackets [ ].
- * If transport type is 'unix', then 'server' field should not be specified.
+ * If transport type is 'unix', then 'host' field should not be specified.
  * The 'socket' field needs to be populated with the path to unix domain
  * socket.
  *
@@ -90,9 +90,9 @@ static int parse_volume_options(GlusterConf *gconf, char 
*path)
  * default port. If the transport type is unix, then 'port' should not be
  * specified.
  *
- * 'volname' is the name of the gluster volume which contains the VM image.
+ * 'volume' is the name of the gluster volume which contains the VM image.
  *
- * 'image' is the path to the actual VM image that resides on gluster volume.
+ * 'path' is the path to the actual VM image that resides on gluster volume.
  *
  * Examples:
  *
@@ -101,7 +101,7 @@ static int parse_volume_options(GlusterConf *gconf, char 
*path)
  * file=gluster+tcp://1.2.3.4:24007/testvol/dir/a.img
  * file=gluster+tcp://[1:2:3:4:5:6:7:8]/testvol/dir/a.img
  * file=gluster+tcp://[1:2:3:4:5:6:7:8]:24007/testvol/dir/a.img
- * file=gluster+tcp://server.domain.com:24007/testvol/dir/a.img
+ * file=gluster+tcp://host.domain.com:24007/testvol/dir/a.img
  * file=gluster+unix:///testvol/dir/a.img?socket=/tmp/glusterd.socket
  * file=gluster+rdma://1.2.3.4:24007/testvol/a.img
  */
@@ -152,9 +152,9 @@ static int qemu_gluster_parseuri(GlusterConf *gconf, const 
char *filename)
 ret = -EINVAL;
 goto out;
 }
-gconf->server = g_strdup(qp->p[0].value);
+gconf->host = g_strdup(qp->p[0].value);
 } else {
-gconf->server = g_strdup(uri->server ? uri->server : "localhost");
+gconf->host = g_strdup(uri->server ? uri->server : "localhost");
 gconf->port = uri->port;
 }
 
@@ -175,18 +175,18 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, 
const char *filename,
 
 ret = qemu_gluster_parseuri(gconf, filename);
 if (ret < 0) {
-error_setg(errp, "Usage: file=gluster[+transport]://[server[:port]]/"
-   "volname/image[?socket=...]");
+error_setg(errp, "Usage: file=gluster[+transport]://[host[:port]]/"
+   "volume/path[?socket=...]");
 errno = -ret;
 goto out;
 }
 
-glfs = glfs_new(gconf->volname);
+glfs = glfs_new(gconf->volume);
 if (!glfs) {
 goto out;
 }
 
-ret = glfs_set_volfile_server(glfs, gconf->transport, gconf->server,
+ret = glfs_set_volfile_server(glfs, gconf->transport, gconf->host,
 gconf->port);
 if (ret < 0) {
 goto out;
@@ -204,9 +204,9 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, 
const char 

Re: [Qemu-devel] [PATCH v7 27/39] block: Add blk_remove_bs()

[Max Reitz]

On 20.10.2015 10:33, Kevin Wolf wrote:
> Am 19.10.2015 um 17:53 hat Max Reitz geschrieben:
>> This function removes the BlockDriverState associated with the given
>> BlockBackend from that BB and sets the BDS pointer in the BB to NULL.
>>
>> Signed-off-by: Max Reitz 
>> ---
>>  block/block-backend.c  | 12 
>>  include/sysemu/block-backend.h |  1 +
>>  2 files changed, 13 insertions(+)
>>
>> diff --git a/block/block-backend.c b/block/block-backend.c
>> index 19fdaae..eb7409c 100644
>> --- a/block/block-backend.c
>> +++ b/block/block-backend.c
>> @@ -334,6 +334,18 @@ void blk_hide_on_behalf_of_hmp_drive_del(BlockBackend 
>> *blk)
>>  }
>>  
>>  /*
>> + * Disassociates the currently associated BlockDriverState from @blk.
>> + */
>> +void blk_remove_bs(BlockBackend *blk)
>> +{
>> +blk_update_root_state(blk);
>> +
>> +bdrv_unref(blk->bs);
>> +blk->bs->blk = NULL;
> 
> Use after free?

Yes, indeed, will fix.

Max

>> +blk->bs = NULL;
>> +}
> 
> Kevin
> 




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v2 2/3] block/gluster: code cleanup

[Prasanna Kumar Kalever]

unified coding styles of multiline function arguments and other error functions
moved random declarations of structures and other list variables

Signed-off-by: Prasanna Kumar Kalever 
---
 block/gluster.c | 113 ++--
 1 file changed, 60 insertions(+), 53 deletions(-)

diff --git a/block/gluster.c b/block/gluster.c
index 513a774..ededda2 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -24,6 +24,11 @@ typedef struct BDRVGlusterState {
 struct glfs_fd *fd;
 } BDRVGlusterState;
 
+typedef struct BDRVGlusterReopenState {
+struct glfs *glfs;
+struct glfs_fd *fd;
+} BDRVGlusterReopenState;
+
 typedef struct GlusterConf {
 char *host;
 int port;
@@ -32,6 +37,39 @@ typedef struct GlusterConf {
 char *transport;
 } GlusterConf;
 
+
+static QemuOptsList qemu_gluster_create_opts = {
+.name = "qemu-gluster-create-opts",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_gluster_create_opts.head),
+.desc = {
+{
+.name = BLOCK_OPT_SIZE,
+.type = QEMU_OPT_SIZE,
+.help = "Virtual disk size"
+},
+{
+.name = BLOCK_OPT_PREALLOC,
+.type = QEMU_OPT_STRING,
+.help = "Preallocation mode (allowed values: off, full)"
+},
+{ /* end of list */ }
+}
+};
+
+static QemuOptsList runtime_opts = {
+.name = "gluster",
+.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
+.desc = {
+{
+.name = "filename",
+.type = QEMU_OPT_STRING,
+.help = "URL to the gluster image",
+},
+{ /* end of list */ }
+},
+};
+
+
 static void qemu_gluster_gconf_free(GlusterConf *gconf)
 {
 if (gconf) {
@@ -176,7 +214,7 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, 
const char *filename,
 ret = qemu_gluster_parseuri(gconf, filename);
 if (ret < 0) {
 error_setg(errp, "Usage: file=gluster[+transport]://[host[:port]]/"
-   "volume/path[?socket=...]");
+ "volume/path[?socket=...]");
 errno = -ret;
 goto out;
 }
@@ -254,20 +292,6 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, 
ssize_t ret, void *arg)
 qemu_bh_schedule(acb->bh);
 }
 
-/* TODO Convert to fine grained options */
-static QemuOptsList runtime_opts = {
-.name = "gluster",
-.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
-.desc = {
-{
-.name = "filename",
-.type = QEMU_OPT_STRING,
-.help = "URL to the gluster image",
-},
-{ /* end of list */ }
-},
-};
-
 static void qemu_gluster_parse_flags(int bdrv_flags, int *open_flags)
 {
 assert(open_flags != NULL);
@@ -285,7 +309,7 @@ static void qemu_gluster_parse_flags(int bdrv_flags, int 
*open_flags)
 }
 }
 
-static int qemu_gluster_open(BlockDriverState *bs,  QDict *options,
+static int qemu_gluster_open(BlockDriverState *bs, QDict *options,
  int bdrv_flags, Error **errp)
 {
 BDRVGlusterState *s = bs->opaque;
@@ -334,12 +358,6 @@ out:
 return ret;
 }
 
-typedef struct BDRVGlusterReopenState {
-struct glfs *glfs;
-struct glfs_fd *fd;
-} BDRVGlusterReopenState;
-
-
 static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
BlockReopenQueue *queue, Error **errp)
 {
@@ -426,7 +444,9 @@ static void qemu_gluster_reopen_abort(BDRVReopenState 
*state)
 
 #ifdef CONFIG_GLUSTERFS_ZEROFILL
 static coroutine_fn int qemu_gluster_co_write_zeroes(BlockDriverState *bs,
-int64_t sector_num, int nb_sectors, BdrvRequestFlags flags)
+ int64_t sector_num,
+ int nb_sectors,
+ BdrvRequestFlags flags)
 {
 int ret;
 GlusterAIOCB *acb = g_slice_new(GlusterAIOCB);
@@ -459,7 +479,7 @@ static inline bool gluster_supports_zerofill(void)
 }
 
 static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
-int64_t size)
+int64_t size)
 {
 return glfs_zerofill(fd, offset, size);
 }
@@ -471,7 +491,7 @@ static inline bool gluster_supports_zerofill(void)
 }
 
 static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
-int64_t size)
+int64_t size)
 {
 return 0;
 }
@@ -500,19 +520,17 @@ static int qemu_gluster_create(const char *filename,
 tmp = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
 if (!tmp || !strcmp(tmp, "off")) {
 prealloc = 0;
-} else if (!strcmp(tmp, "full") &&
-   gluster_supports_zerofill()) {
+} else if (!strcmp(tmp, "full") && gluster_supports_zerofill()) {
 prealloc = 1;
 } else {
 error_setg(errp, "Invalid preallocation mode: '%s'"
-" or 

Re: [Qemu-devel] [PATCH v2 5/5] vhost: send VHOST_USER_SET_VRING_ENABLE at start/stop

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 10:55:39PM +0800, Yuanhan Liu wrote:
> On Wed, Oct 21, 2015 at 05:11:44PM +0300, Michael S. Tsirkin wrote:
> > On Wed, Oct 21, 2015 at 09:43:16PM +0800, Yuanhan Liu wrote:
> > > On Wed, Oct 21, 2015 at 01:39:11PM +0300, Michael S. Tsirkin wrote:
> > > > On Wed, Oct 21, 2015 at 05:07:18PM +0800, Yuanhan Liu wrote:
> > > > > Send VHOST_USER_SET_VRING_ENABLE at start/stop when multiple queue
> > > > > is negotiated, to inform the backend that we are ready or not.
> > > > 
> > > > OK but that's only if MQ is set.
> > > 
> > > Maybe we could just call vhost_backend_set_vring_enable() unconditionally?
> > > It's nil operation when MQ is not set.
> > > 
> > > > If now, we need to do
> > > > RESET_OWNER followed by SET_OWNER.
> > > 
> > > Could you be more specific? Why sending RESET_OWNER followed by
> > > SET_OWNER?
> > > 
> > > TBH, I'm a bit confused with RESET_OWNER now: what it does, and when is
> > > supposed to send it :(
> > 
> > It's not well specified, but it does say it's analogous to RESET_OWNER
> > in kernel. That one is well documented:
> > 
> > /* Set current process as the (exclusive) owner of this file descriptor.
> >  * This must be called before any other vhost command.  Further calls to
> >  * VHOST_OWNER_SET fail until VHOST_OWNER_RESET is called. */
> > #define VHOST_SET_OWNER _IO(VHOST_VIRTIO, 0x01)
> > /* Give up ownership, and reset the device to default values.
> >  * Allows subsequent call to VHOST_OWNER_SET to succeed. */
> > #define VHOST_RESET_OWNER _IO(VHOST_VIRTIO, 0x02)
> 
> Thanks, that helps (I think).
> 
> I recalled my old question, and rechecked your answer again:
> 
> Because we need to get the state from remote after stop.
> RESET_OWNER discards that, so we can't resume the VM.
> 
> So, if I understand it correctly this time, you want to keep the
> VM state at the backend side even after the VM is shut down, and
> then we can resume it with those saved state

Not shut down. That makes no sense. When VM is stopped.

> And why don't do that when MQ is enabled? I don't see it has anyting
> to do with MQ.

With MQ we have enable/disable vq so we can just stop them
cleanly.

> > 
> > So if we want just the reset part, we need to do VHOST_RESET_OWNER
> > then redo everything that we did previously: VHOST_SET_OWNER
> > SET_VRING_CALL etc etc.
> > 
> > > And, sending RESET_OWNER inside virtio_net_reset() also looks weird.
> > > I made a quick try before sending this patchset, and the vhost-user
> > > request dump doesn't look right to me: the message is sent after
> > > vhost dev init (GET_FEATURES, GET_PROTOCOL_FEATURE, SET_OWNER, ...,
> > > SET_VRING_CALL),  and before peer attach (SET_VRING_ENABLE) and
> > > vhost_dev_start (SET_MEM_TABLE, ... SET_VRING_KICK ...):
> > 
> > Food for thought.
> 
> Aha...
> 
> > 
> > > 
> > > # start of a VM
> > > 
> > > VHOST_CONFIG: new virtio connection is 28
> > > VHOST_CONFIG: new device, handle is 0
> > > VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
> > > VHOST_CONFIG: read message VHOST_USER_SET_OWNER
> > > VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > VHOST_CONFIG: vring call idx:0 file:29
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > VHOST_CONFIG: vring call idx:1 file:30
> > > VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
> > > VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > ...
> > > ...
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > VHOST_CONFIG: vring call idx:6 file:35
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > VHOST_CONFIG: vring call idx:7 file:36
> > > 
> > > ==> VHOST_CONFIG: read message VHOST_USER_RESET_OWNER
> > > VHOST_CONFIG: read message VHOST_USER_RESET_OWNER
> > > 
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> > > VHOST_CONFIG: set queue enable: 1 to qp idx: 0
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> > > VHOST_CONFIG: set queue enable: 0 to qp idx: 2
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> > > VHOST_CONFIG: set queue enable: 0 to qp idx: 4
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> > > VHOST_CONFIG: set queue enable: 0 to qp idx: 6
> > > VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> > > VHOST_CONFIG: vring call idx:0 file:29
> > > VHOST_CONFIG: read message 

[Qemu-devel] Coding style for errors

[Lluís Vilanova]

Hi,

I was wondering what is the proper way (or ways, depending on the subsystem) of
reporting and signalling errors in QEMU. The coding style file does not seem to
mention it, and the code uses all kinds of forms for that:

* printf + exit(1)
* fprintf(stderr) + exit(1)
* error_report + exit(1)
* cpu_abort
* Some other I probably forgot

So, is there any agreement on what should be used? If so, could that please be
added to CODING_STYLE?


Thanks,
  Lluis

-- 
"And it's much the same thing with knowledge, for whenever you learn
something new, the whole world becomes that much richer."
-- The Princess of Pure Reason, as told by Norton Juster in The Phantom
Tollbooth

Re: [Qemu-devel] [PATCH v2 2/3] block/gluster: code cleanup

[Eric Blake]

On 10/21/2015 07:34 AM, Prasanna Kumar Kalever wrote:
> unified coding styles of multiline function arguments and other error 
> functions
> moved random declarations of structures and other list variables
> 
> Signed-off-by: Prasanna Kumar Kalever 
> ---
>  block/gluster.c | 113 
> ++--
>  1 file changed, 60 insertions(+), 53 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH QEMU-XEN v4 3/9] xen: Switch to libxengnttab interface for compat shims.

[Ian Campbell]

In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxengnttab which provides access to grant
tables.

In preparation for this switch the compatibility layer in xen_common.h
(which support building with older versions of Xen) to use what will
be the new library API. This means that the gnttab shim will disappear
for versions of Xen which include libxengnttab.

To simplify things for the <= 4.0.0 support we wrap the int fd in a
malloc(sizeof int) such that the handle is always a pointer. This
leads to less typedef headaches and the need for
XC_HANDLER_INITIAL_VALUE etc for these interfaces.

Build tested with 4.0 and 4.5.

Note that this patch does not add any support for actually using
libxengnttab, it just adjusts the existing shims.

Signed-off-by: Ian Campbell 
---
v4: Ran checkpatch, fixed all errors
Allocate correct size for handle (i.e. not size of the ptr)
Rebase onto "xen_console: correctly cleanup primary console on
teardown."
---
 hw/block/xen_disk.c  | 38 --
 hw/char/xen_console.c|  4 ++--
 hw/net/xen_nic.c | 16 
 hw/xen/xen_backend.c | 10 +-
 include/hw/xen/xen_backend.h |  2 +-
 include/hw/xen/xen_common.h  | 42 --
 6 files changed, 68 insertions(+), 44 deletions(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 21842a0..15413f6 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -172,11 +172,11 @@ static gint int_cmp(gconstpointer a, gconstpointer b, 
gpointer user_data)
 static void destroy_grant(gpointer pgnt)
 {
 PersistentGrant *grant = pgnt;
-XenGnttab gnt = grant->blkdev->xendev.gnttabdev;
+xengnttab_handle *gnt = grant->blkdev->xendev.gnttabdev;
 
-if (xc_gnttab_munmap(gnt, grant->page, 1) != 0) {
+if (xengnttab_munmap(gnt, grant->page, 1) != 0) {
 xen_be_printf(>blkdev->xendev, 0,
-  "xc_gnttab_munmap failed: %s\n",
+  "xengnttab_munmap failed: %s\n",
   strerror(errno));
 }
 grant->blkdev->persistent_gnt_count--;
@@ -189,11 +189,11 @@ static void remove_persistent_region(gpointer data, 
gpointer dev)
 {
 PersistentRegion *region = data;
 struct XenBlkDev *blkdev = dev;
-XenGnttab gnt = blkdev->xendev.gnttabdev;
+xengnttab_handle *gnt = blkdev->xendev.gnttabdev;
 
-if (xc_gnttab_munmap(gnt, region->addr, region->num) != 0) {
+if (xengnttab_munmap(gnt, region->addr, region->num) != 0) {
 xen_be_printf(>xendev, 0,
-  "xc_gnttab_munmap region %p failed: %s\n",
+  "xengnttab_munmap region %p failed: %s\n",
   region->addr, strerror(errno));
 }
 xen_be_printf(>xendev, 3,
@@ -328,7 +328,7 @@ err:
 
 static void ioreq_unmap(struct ioreq *ioreq)
 {
-XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
+xengnttab_handle *gnt = ioreq->blkdev->xendev.gnttabdev;
 int i;
 
 if (ioreq->num_unmap == 0 || ioreq->mapped == 0) {
@@ -338,8 +338,9 @@ static void ioreq_unmap(struct ioreq *ioreq)
 if (!ioreq->pages) {
 return;
 }
-if (xc_gnttab_munmap(gnt, ioreq->pages, ioreq->num_unmap) != 0) {
-xen_be_printf(>blkdev->xendev, 0, "xc_gnttab_munmap failed: 
%s\n",
+if (xengnttab_munmap(gnt, ioreq->pages, ioreq->num_unmap) != 0) {
+xen_be_printf(>blkdev->xendev, 0,
+  "xengnttab_munmap failed: %s\n",
   strerror(errno));
 }
 ioreq->blkdev->cnt_map -= ioreq->num_unmap;
@@ -349,8 +350,9 @@ static void ioreq_unmap(struct ioreq *ioreq)
 if (!ioreq->page[i]) {
 continue;
 }
-if (xc_gnttab_munmap(gnt, ioreq->page[i], 1) != 0) {
-xen_be_printf(>blkdev->xendev, 0, "xc_gnttab_munmap 
failed: %s\n",
+if (xengnttab_munmap(gnt, ioreq->page[i], 1) != 0) {
+xen_be_printf(>blkdev->xendev, 0,
+  "xengnttab_munmap failed: %s\n",
   strerror(errno));
 }
 ioreq->blkdev->cnt_map--;
@@ -362,7 +364,7 @@ static void ioreq_unmap(struct ioreq *ioreq)
 
 static int ioreq_map(struct ioreq *ioreq)
 {
-XenGnttab gnt = ioreq->blkdev->xendev.gnttabdev;
+xengnttab_handle *gnt = ioreq->blkdev->xendev.gnttabdev;
 uint32_t domids[BLKIF_MAX_SEGMENTS_PER_REQUEST];
 uint32_t refs[BLKIF_MAX_SEGMENTS_PER_REQUEST];
 void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
@@ -413,7 +415,7 @@ static int ioreq_map(struct ioreq *ioreq)
 }
 
 if (batch_maps && new_maps) {
-ioreq->pages = xc_gnttab_map_grant_refs
+ioreq->pages = xengnttab_map_grant_refs
 (gnt, new_maps, domids, refs, 

Re: [Qemu-devel] [PATCH 00/40] Patch Round-up for stable 2.4.1, freeze on 2015-10-29

[Cole Robinson]

On 10/21/2015 01:51 PM, Michael Roth wrote:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.4.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.4-staging
> 
> The release is planned for 2015-11-03:
> 
>   http://wiki.qemu.org/Planning/2.4
> 
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
> 

The patches for CVE-2015-7295 seem to be missing, as referenced here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7295

commit ce317461573bac12b10d67699b4ddf1f97cf066c
Author: Jason Wang 
Date:   Fri Sep 25 13:21:28 2015 +0800

virtio: introduce virtqueue_unmap_sg()

commit 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade
Author: Jason Wang 
Date:   Fri Sep 25 13:21:29 2015 +0800

virtio: introduce virtqueue_discard()

commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3
Author: Jason Wang 
Date:   Fri Sep 25 13:21:30 2015 +0800

virtio-net: correctly drop truncated packets


Thanks,
Cole

[Qemu-devel] [PULL 02/10] tcg/ppc: Revise goto_tb implementation

[Richard Henderson]

Restrict the size of code_gen_buffer to 2GB on ppc64, which
lets us assert that everything is reachable with addis+addi
from tb_ret_addr.  This lets us use a max of 4 insns for goto_tb
instead of 7.

Emit the indirect branch portion of goto_tb up front, which
means we only have to update two insns to update any link.
With a 64-bit store, we can update the link atomically, which
may be required in future.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.c | 49 ++---
 translate-all.c  |  2 ++
 2 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/tcg/ppc/tcg-target.c b/tcg/ppc/tcg-target.c
index fd7a3e0..cee13e0 100644
--- a/tcg/ppc/tcg-target.c
+++ b/tcg/ppc/tcg-target.c
@@ -1239,11 +1239,36 @@ static void tcg_out_brcond2 (TCGContext *s, const 
TCGArg *args,
 
 void ppc_tb_set_jmp_target(uintptr_t jmp_addr, uintptr_t addr)
 {
-TCGContext s;
+tcg_insn_unit i1, i2;
+uint64_t pair;
+intptr_t diff = addr - jmp_addr;
 
-s.code_buf = s.code_ptr = (tcg_insn_unit *)jmp_addr;
-tcg_out_b(, 0, (tcg_insn_unit *)addr);
-flush_icache_range(jmp_addr, jmp_addr + tcg_current_code_size());
+if (in_range_b(diff)) {
+i1 = B | (diff & 0x3fc);
+i2 = NOP;
+} else if (USE_REG_RA) {
+intptr_t lo, hi;
+diff = addr - (uintptr_t)tb_ret_addr;
+lo = (int16_t)diff;
+hi = (int32_t)(diff - lo);
+assert(diff == hi + lo);
+i1 = ADDIS | TAI(TCG_REG_TMP1, TCG_REG_RA, hi >> 16);
+i2 = ADDI | TAI(TCG_REG_TMP1, TCG_REG_TMP1, lo);
+} else {
+assert(TCG_TARGET_REG_BITS == 32 || addr == (int32_t)addr);
+i1 = ADDIS | TAI(TCG_REG_TMP1, 0, addr >> 16);
+i2 = ORI | SAI(TCG_REG_TMP1, TCG_REG_TMP1, addr);
+}
+#ifdef HOST_WORDS_BIGENDIAN
+pair = (uint64_t)i1 << 32 | i2;
+#else
+pair = (uint64_t)i2 << 32 | i1;
+#endif
+
+/* ??? __atomic_store_8, presuming there's some way to do that
+   for 32-bit, otherwise this is good enough for 64-bit.  */
+*(uint64_t *)jmp_addr = pair;
+flush_icache_range(jmp_addr, jmp_addr + 8);
 }
 
 static void tcg_out_call(TCGContext *s, tcg_insn_unit *target)
@@ -1869,14 +1894,16 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, 
const TCGArg *args,
 tcg_out_b(s, 0, tb_ret_addr);
 break;
 case INDEX_op_goto_tb:
-if (s->tb_jmp_offset) {
-/* Direct jump method.  */
-s->tb_jmp_offset[args[0]] = tcg_current_code_size(s);
-s->code_ptr += 7;
-} else {
-/* Indirect jump method.  */
-tcg_abort();
+tcg_debug_assert(s->tb_jmp_offset);
+/* Direct jump.  Ensure the next insns are 8-byte aligned. */
+if ((uintptr_t)s->code_ptr & 7) {
+tcg_out32(s, NOP);
 }
+s->tb_jmp_offset[args[0]] = tcg_current_code_size(s);
+/* To be replaced by either a branch+nop or a load into TMP1.  */
+s->code_ptr += 2;
+tcg_out32(s, MTSPR | RS(TCG_REG_TMP1) | CTR);
+tcg_out32(s, BCCTR | BO_ALWAYS);
 s->tb_next_offset[args[0]] = tcg_current_code_size(s);
 break;
 case INDEX_op_br:
diff --git a/translate-all.c b/translate-all.c
index 333eba4..20ce40e 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -468,6 +468,8 @@ static inline PageDesc *page_find(tb_page_addr_t index)
 # define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)
 #elif defined(__sparc__)
 # define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)
+#elif defined(__powerpc64__)
+# define MAX_CODE_GEN_BUFFER_SIZE  (2ul * 1024 * 1024 * 1024)
 #elif defined(__aarch64__)
 # define MAX_CODE_GEN_BUFFER_SIZE  (128ul * 1024 * 1024)
 #elif defined(__arm__)
-- 
2.4.3

[Qemu-devel] [PATCH 04/40] block/iscsi: validate block size returned from target

[Michael Roth]

From: Peter Lieven 

It has been reported that at least tgtd returns a block size of 0
for LUN 0. To avoid running into divide by zero later on and protect
against other problematic block sizes validate the block size right
at connection time.

Cc: qemu-sta...@nongnu.org
Reported-by: Andrey Korolyov 
Signed-off-by: Peter Lieven 
Message-Id: <1439552016-8557-1-git-send-email...@kamp.de>
Signed-off-by: Paolo Bonzini 
(cherry picked from commit 6d1f252d8c1ba73bf6ed9af28731a9c9c3d473a2)
Signed-off-by: Michael Roth 
---
 block/iscsi.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/block/iscsi.c b/block/iscsi.c
index 5002916..93f1ee4 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1214,6 +1214,10 @@ static void iscsi_readcapacity_sync(IscsiLun *iscsilun, 
Error **errp)
 
 if (task == NULL || task->status != SCSI_STATUS_GOOD) {
 error_setg(errp, "iSCSI: failed to send readcapacity10 command.");
+} else if (!iscsilun->block_size ||
+   iscsilun->block_size % BDRV_SECTOR_SIZE) {
+error_setg(errp, "iSCSI: the target returned an invalid "
+   "block size of %d.", iscsilun->block_size);
 }
 if (task) {
 scsi_free_scsi_task(task);
-- 
1.9.1

[Qemu-devel] [PATCH v2 2/2] xen-platform: Replace assert() with appropriate error reporting

[Eduardo Habkost]

Commit dbb7405d8caad0814ceddd568cb49f163a847561 made it possible to
trigger an assert using "-device xen-platform". Replace it with
appropriate error reporting.

Before:

  $ qemu-system-x86_64 -device xen-platform
  qemu-system-x86_64: hw/i386/xen/xen_platform.c:391: xen_platform_initfn: 
Assertion `xen_enabled()' failed.
  Aborted (core dumped)
  $

After:

  $ qemu-system-x86_64 -device xen-platform
  qemu-system-x86_64: -device xen-platform: xen-platform device requires the 
Xen accelerator
  $

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:*
* Use error_setg() instead of error_report()
  * Suggested-by: Paolo Bonzini 
---
 hw/i386/xen/xen_platform.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c
index 3dc68cb..de83f4e 100644
--- a/hw/i386/xen/xen_platform.c
+++ b/hw/i386/xen/xen_platform.c
@@ -33,6 +33,7 @@
 #include "trace.h"
 #include "exec/address-spaces.h"
 #include "sysemu/block-backend.h"
+#include "qemu/error-report.h"
 
 #include 
 
@@ -388,7 +389,10 @@ static void xen_platform_realize(PCIDevice *dev, Error 
**errp)
 uint8_t *pci_conf;
 
 /* Device will crash on reset if xen is not initialized */
-assert(xen_enabled());
+if (!xen_enabled()) {
+error_setg(errp, "xen-platform device requires the Xen accelerator");
+return;
+}
 
 pci_conf = dev->config;
 
-- 
2.1.0

[Qemu-devel] [PULL 10/10] cpu-exec: Add "nochain" debug flag

[Richard Henderson]

Respect it to avoid linking TBs together.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 cpu-exec.c | 3 ++-
 include/qemu/log.h | 1 +
 qemu-log.c | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index 8fd56a6..7eef083 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -477,7 +477,8 @@ int cpu_exec(CPUState *cpu)
 /* see if we can patch the calling TB. When the TB
spans two pages, we cannot safely do a direct
jump. */
-if (next_tb != 0 && tb->page_addr[1] == -1) {
+if (next_tb != 0 && tb->page_addr[1] == -1
+&& !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
 tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK),
 next_tb & TB_EXIT_MASK, tb);
 }
diff --git a/include/qemu/log.h b/include/qemu/log.h
index f880e66..7de4500 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -41,6 +41,7 @@ static inline bool qemu_log_enabled(void)
 #define LOG_UNIMP  (1 << 10)
 #define LOG_GUEST_ERROR(1 << 11)
 #define CPU_LOG_MMU(1 << 12)
+#define CPU_LOG_TB_NOCHAIN (1 << 13)
 
 /* Returns true if a bit is set in the current loglevel mask
  */
diff --git a/qemu-log.c b/qemu-log.c
index 13f3813..efd07c8 100644
--- a/qemu-log.c
+++ b/qemu-log.c
@@ -119,6 +119,9 @@ const QEMULogItem qemu_log_items[] = {
 { LOG_GUEST_ERROR, "guest_errors",
   "log when the guest OS does something invalid (eg accessing a\n"
   "non-existent register)" },
+{ CPU_LOG_TB_NOCHAIN, "nochain",
+  "do not chain compiled TBs so that \"exec\" and \"cpu\" show\n"
+  "complete traces" },
 { 0, NULL, NULL },
 };
 
-- 
2.4.3

[Qemu-devel] [PATCH] throttle: Remove throttle_group_lock/unlock()

[Alberto Garcia]

The group throttling code was always meant to handle its locking
internally. However, bdrv_swap() was touching the ThrottleGroup
structure directly and therefore needed an API for that.

Now that bdrv_swap() no longer exists there's no need for the
throttle_group_lock() API anymore.

Signed-off-by: Alberto Garcia 
---
 block/throttle-groups.c | 31 +--
 include/block/throttle-groups.h |  3 ---
 2 files changed, 1 insertion(+), 33 deletions(-)

diff --git a/block/throttle-groups.c b/block/throttle-groups.c
index 1abc6fc..f70c31a 100644
--- a/block/throttle-groups.c
+++ b/block/throttle-groups.c
@@ -33,8 +33,7 @@
  * its own locking.
  *
  * This locking is however handled internally in this file, so it's
- * mostly transparent to outside users (but see the documentation in
- * throttle_groups_lock()).
+ * transparent to outside users.
  *
  * The whole ThrottleGroup structure is private and invisible to
  * outside users, that only use it through its ThrottleState.
@@ -465,34 +464,6 @@ void throttle_group_unregister_bs(BlockDriverState *bs)
 bs->throttle_state = NULL;
 }
 
-/* Acquire the lock of this throttling group.
- *
- * You won't normally need to use this. None of the functions from the
- * ThrottleGroup API require you to acquire the lock since all of them
- * deal with it internally.
- *
- * This should only be used in exceptional cases when you want to
- * access the protected fields of a BlockDriverState directly
- * (e.g. bdrv_swap()).
- *
- * @bs: a BlockDriverState that is member of the group
- */
-void throttle_group_lock(BlockDriverState *bs)
-{
-ThrottleGroup *tg = container_of(bs->throttle_state, ThrottleGroup, ts);
-qemu_mutex_lock(>lock);
-}
-
-/* Release the lock of this throttling group.
- *
- * See the comments in throttle_group_lock().
- */
-void throttle_group_unlock(BlockDriverState *bs)
-{
-ThrottleGroup *tg = container_of(bs->throttle_state, ThrottleGroup, ts);
-qemu_mutex_unlock(>lock);
-}
-
 static void throttle_groups_init(void)
 {
 qemu_mutex_init(_groups_lock);
diff --git a/include/block/throttle-groups.h b/include/block/throttle-groups.h
index fab113f..322139a 100644
--- a/include/block/throttle-groups.h
+++ b/include/block/throttle-groups.h
@@ -40,7 +40,4 @@ void coroutine_fn 
throttle_group_co_io_limits_intercept(BlockDriverState *bs,
 unsigned int bytes,
 bool is_write);
 
-void throttle_group_lock(BlockDriverState *bs);
-void throttle_group_unlock(BlockDriverState *bs);
-
 #endif
-- 
2.6.1

Re: [Qemu-devel] [PATCH v2 08/16] io: add abstract QIOChannel classes

[Eric Blake]

On 10/21/2015 11:32 AM, Daniel P. Berrange wrote:

> 
>>> +/**
>>> + * qio_channel_seek:
>>> + * @ioc: the channel object
>>> + * @offset: the position to seek to, relative to @whence
>>> + * @whence: one of the POSIX SEEK_* constants
>>
>> Including SEEK_HOLE/SEEK_DATA?
> 
> Are those actually POSIX, or Linux extensions ?  In any case,
> only SEEK_SET, SEEK_CUR and SEEK_END are intended for use.
> I'll clarify the docs.

SEEK_HOLE/DATA are not quite POSIX yet, although the next version of
POSIX (Issue 8) will have them [1].  But they are definitely more than
just Linux extensions (Solaris implemented them first, after all).

[1] http://austingroupbugs.net/view.php?id=415

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 40/40] virtio-input: ignore events until the guest driver is ready

[Michael Roth]

From: Gerd Hoffmann 

Cc: qemu-sta...@nongnu.org
Signed-off-by: Gerd Hoffmann 
(cherry picked from commit d9460a7557672af9c4d9d4f153200d1075ed5a78)
Signed-off-by: Michael Roth 
---
 hw/input/virtio-input.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/input/virtio-input.c b/hw/input/virtio-input.c
index 7b25d27..1f5a40d 100644
--- a/hw/input/virtio-input.c
+++ b/hw/input/virtio-input.c
@@ -20,6 +20,10 @@ void virtio_input_send(VirtIOInput *vinput, 
virtio_input_event *event)
 unsigned have, need;
 int i, len;
 
+if (!vinput->active) {
+return;
+}
+
 /* queue up events ... */
 if (vinput->qindex == vinput->qsize) {
 vinput->qsize++;
-- 
1.9.1

[Qemu-devel] [PATCH 07/40] qemu-img: Fix crash in amend invocation

[Michael Roth]

From: Max Reitz 

Example:
$ ./qemu-img create -f qcow2 /tmp/t.qcow2 64M
$ ./qemu-img amend -f qcow2 -o backing_file=/tmp/t.qcow2, -o help \
/tmp/t.qcow2

This should not crash. This actually is tested by iotest 082, but not
caught due to the segmentation fault being silent (which is something
that needs to be fixed, too).

Reported-by: Dr. David Alan Gilbert 
Cc: qemu-stable 
Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Kevin Wolf 
(cherry picked from commit e814dffcc9810ed77fe99081be9751b620a894c4)
Signed-off-by: Michael Roth 
---
 qemu-img.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-img.c b/qemu-img.c
index 75f4ee4..6ff4e85 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2931,7 +2931,7 @@ static int img_amend(int argc, char **argv)
 if (!is_valid_option_list(optarg)) {
 error_report("Invalid option list: %s", optarg);
 ret = -1;
-goto out;
+goto out_no_progress;
 }
 if (!options) {
 options = g_strdup(optarg);
@@ -3031,6 +3031,7 @@ static int img_amend(int argc, char **argv)
 out:
 qemu_progress_end();
 
+out_no_progress:
 blk_unref(blk);
 qemu_opts_del(opts);
 qemu_opts_free(create_opts);
-- 
1.9.1

[Qemu-devel] [PULL v2 6/9] s390x/ipl: we always have an ipl device

[Cornelia Huck]

From: David Hildenbrand 

Both s390 machines unconditionally create an ipl device, so no need to
handle the missing case.

Now we can also change s390_ipl_update_diag308() to return void.

Reviewed-by: Cornelia Huck 
Acked-by: Christian Borntraeger 
Signed-off-by: David Hildenbrand 
Signed-off-by: Cornelia Huck 
---
 hw/s390x/ipl.c | 26 --
 hw/s390x/ipl.h |  2 +-
 target-s390x/misc_helper.c |  7 ++-
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 31473e7..b8c6378 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -95,6 +95,11 @@ static const VMStateDescription vmstate_ipl = {
  }
 };
 
+static S390IPLState *get_ipl_device(void)
+{
+return S390_IPL(object_resolve_path_type("", TYPE_S390_IPL, NULL));
+}
+
 static uint64_t bios_translate_addr(void *opaque, uint64_t srcaddr)
 {
 uint64_t dstaddr = *(uint64_t *) opaque;
@@ -251,25 +256,19 @@ out:
 return (uint32_t) (ipl->cssid << 24 | ipl->ssid << 16 | ipl->devno);
 }
 
-int s390_ipl_update_diag308(IplParameterBlock *iplb)
+void s390_ipl_update_diag308(IplParameterBlock *iplb)
 {
-S390IPLState *ipl;
+S390IPLState *ipl = get_ipl_device();
 
-ipl = S390_IPL(object_resolve_path(TYPE_S390_IPL, NULL));
-if (ipl) {
-ipl->iplb = *iplb;
-ipl->iplb_valid = true;
-return 0;
-}
-return -1;
+ipl->iplb = *iplb;
+ipl->iplb_valid = true;
 }
 
 IplParameterBlock *s390_ipl_get_iplb(void)
 {
-S390IPLState *ipl;
+S390IPLState *ipl = get_ipl_device();
 
-ipl = S390_IPL(object_resolve_path(TYPE_S390_IPL, NULL));
-if (!ipl || !ipl->iplb_valid) {
+if (!ipl->iplb_valid) {
 return NULL;
 }
 return >iplb;
@@ -277,9 +276,8 @@ IplParameterBlock *s390_ipl_get_iplb(void)
 
 void s390_reipl_request(void)
 {
-S390IPLState *ipl;
+S390IPLState *ipl = get_ipl_device();
 
-ipl = S390_IPL(object_resolve_path(TYPE_S390_IPL, NULL));
 ipl->reipl_requested = true;
 qemu_system_reset_request();
 }
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 70497bc..6424e08 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -18,7 +18,7 @@ typedef struct IplParameterBlock {
   uint8_t  reserved2[88];
 } IplParameterBlock;
 
-int s390_ipl_update_diag308(IplParameterBlock *iplb);
+void s390_ipl_update_diag308(IplParameterBlock *iplb);
 IplParameterBlock *s390_ipl_get_iplb(void);
 void s390_reipl_request(void);
 
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index 3a19e32..ddf2498 100644
--- a/target-s390x/misc_helper.c
+++ b/target-s390x/misc_helper.c
@@ -233,11 +233,8 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, 
uint64_t r3)
 }
 iplb = g_malloc0(sizeof(struct IplParameterBlock));
 cpu_physical_memory_read(addr, iplb, sizeof(struct IplParameterBlock));
-if (!s390_ipl_update_diag308(iplb)) {
-env->regs[r1 + 1] = DIAG_308_RC_OK;
-} else {
-env->regs[r1 + 1] = DIAG_308_RC_INVALID;
-}
+s390_ipl_update_diag308(iplb);
+env->regs[r1 + 1] = DIAG_308_RC_OK;
 g_free(iplb);
 return;
 case 6:
-- 
2.6.2

[Qemu-devel] [PULL 07/10] tcg/mips: Support r6 JR encoding

[Richard Henderson]

From: James Hogan 

MIPSr6 encodes JR as JALR with zero as the link register, and the pre-r6
JR encoding is removed. Update TCG to use the new encoding when built
for r6.

We still use the old encoding for pre-r6, so as not to confuse return
prediction stack hardware which may detect only particular encodings of
the return instruction.

Reviewed-by: Aurelien Jarno 
Signed-off-by: James Hogan 
Signed-off-by: Richard Henderson 
Message-Id: <1443788657-14537-5-git-send-email-james.ho...@imgtec.com>
---
 tcg/mips/tcg-target.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tcg/mips/tcg-target.c b/tcg/mips/tcg-target.c
index 4305af9..c08418c 100644
--- a/tcg/mips/tcg-target.c
+++ b/tcg/mips/tcg-target.c
@@ -288,7 +288,7 @@ typedef enum {
 OPC_SRLV = OPC_SPECIAL | 0x06,
 OPC_ROTRV= OPC_SPECIAL | (0x01 <<  6) | 0x06,
 OPC_SRAV = OPC_SPECIAL | 0x07,
-OPC_JR   = OPC_SPECIAL | 0x08,
+OPC_JR_R5= OPC_SPECIAL | 0x08,
 OPC_JALR = OPC_SPECIAL | 0x09,
 OPC_MOVZ = OPC_SPECIAL | 0x0A,
 OPC_MOVN = OPC_SPECIAL | 0x0B,
@@ -320,6 +320,9 @@ typedef enum {
 OPC_WSBH = OPC_SPECIAL3 | 0x0a0,
 OPC_SEB  = OPC_SPECIAL3 | 0x420,
 OPC_SEH  = OPC_SPECIAL3 | 0x620,
+
+/* MIPS r6 doesn't have JR, JALR should be used instead */
+OPC_JR   = use_mips32r6_instructions ? OPC_JALR : OPC_JR_R5,
 } MIPSInsn;
 
 /*
-- 
2.4.3

Re: [Qemu-devel] Coding style for errors

[Peter Maydell]

On 21 October 2015 at 17:48, Markus Armbruster  wrote:
> Lluís Vilanova  writes:
>
>> Hi,
>>
>> I was wondering what is the proper way (or ways, depending on the subsystem) 
>> of
>> reporting and signalling errors in QEMU. The coding style file does not seem 
>> to
>> mention it, and the code uses all kinds of forms for that:
>>
>> * printf + exit(1)
>> * fprintf(stderr) + exit(1)
>> * error_report + exit(1)
>> * cpu_abort
>> * Some other I probably forgot
>
> cpu_abort() and hw_error() are fancy ways to abort().  Terminating with
> abort() on "this can't be happening" conditions is perfectly sensible,
> and doing it in fancy ways can be useful.  For other errors, it's
> inappropriate.

In particular, the fact that TCG will cpu_abort() if you try to
generate code out of something that's not RAM is a perpetual
source of confusion to users, because the usual reason it happens
is not a QEMU bug but buggy guest code jumping off to a random address...

-- PMM

Re: [Qemu-devel] [PATCH] hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 11:49:13AM +0200, Paolo Bonzini wrote:
> 
> 
> On 20/10/2015 20:14, Laszlo Ersek wrote:
> > Commit 4d00636e97b7 ("ich9: Add the lpc chip", Nov 14 2012) added the
> > ich9_apm_ctrl_changed() ioport write callback function such that it would
> > inject the SMI, in response to a write to the APM_CNT register, on the
> > first CPU, invariably.
> > 
> > Since this register is used by guest code to trigger an SMI synchronously,
> > the interrupt should be injected on the VCPU that is performing the write.
> > 
> > apm_ioport_writeb() is the .write callback of the "apm_ops"
> > MemoryRegionOps [hw/isa/apm.c]; it is parametrized to call
> > ich9_apm_ctrl_changed() by ich9_lpc_init() [hw/isa/lpc_ich9.c], via
> > apm_init(). Therefore this change affects no other board.
> > 
> > ich9_generate_smi() is an unrelated function that is called by the TCO
> > watchdog; a watchdog is likely in its right to (asynchronously) inject
> > interrupts on the first CPU only.
> > 
> > This patch allows the combined edk2/OVMF SMM driver stack to work with
> > multiple VCPUs on TCG, using both qemu-system-i386 and qemu-system-x86_64.
> > 
> > Cc: Paolo Bonzini 
> > Cc: Gerd Hoffmann 
> > Cc: Jordan Justen 
> > Cc: Michael Kinney 
> > Cc: "Michael S. Tsirkin" 
> > Signed-off-by: Laszlo Ersek 
> > ---
> >  hw/isa/lpc_ich9.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
> > index 360699f..1ffc803 100644
> > --- a/hw/isa/lpc_ich9.c
> > +++ b/hw/isa/lpc_ich9.c
> > @@ -394,7 +394,7 @@ static void ich9_apm_ctrl_changed(uint32_t val, void 
> > *arg)
> >  
> >  /* SMI_EN = PMBASE + 30. SMI control and enable register */
> >  if (lpc->pm.smi_en & ICH9_PMIO_SMI_EN_APMC_EN) {
> > -cpu_interrupt(first_cpu, CPU_INTERRUPT_SMI);
> > +cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> >  }
> >  }
> >  
> > 
> 
> Reviewed-by: Paolo Bonzini 

Sorry, only saw this now, and it's already on its way upstream.

> The same issue happens on PIIX4.  I can fix it as the change is a bit
> more involved (it goes through a qemu_irq).
> 
> Paolo

Thanks!

-- 
MST

[Qemu-devel] [RFC Patch 06/12] IXGBEVF: Add self emulation layer

[Lan Tianyu]

In order to restore VF function after migration, add self emulation layer
to record regs' values during accessing regs.

Signed-off-by: Lan Tianyu 
---
 drivers/net/ethernet/intel/ixgbevf/Makefile|  3 ++-
 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c  |  2 +-
 .../net/ethernet/intel/ixgbevf/self-emulation.c| 26 ++
 drivers/net/ethernet/intel/ixgbevf/vf.h|  5 -
 4 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 drivers/net/ethernet/intel/ixgbevf/self-emulation.c

diff --git a/drivers/net/ethernet/intel/ixgbevf/Makefile 
b/drivers/net/ethernet/intel/ixgbevf/Makefile
index 4ce4c97..841c884 100644
--- a/drivers/net/ethernet/intel/ixgbevf/Makefile
+++ b/drivers/net/ethernet/intel/ixgbevf/Makefile
@@ -31,7 +31,8 @@
 
 obj-$(CONFIG_IXGBEVF) += ixgbevf.o
 
-ixgbevf-objs := vf.o \
+ixgbevf-objs := self-emulation.o \
+   vf.o \
 mbx.o \
 ethtool.o \
 ixgbevf_main.o
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c 
b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index a16d267..4446916 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -156,7 +156,7 @@ u32 ixgbevf_read_reg(struct ixgbe_hw *hw, u32 reg)
 
if (IXGBE_REMOVED(reg_addr))
return IXGBE_FAILED_READ_REG;
-   value = readl(reg_addr + reg);
+   value = ixgbe_self_emul_readl(reg_addr, reg);
if (unlikely(value == IXGBE_FAILED_READ_REG))
ixgbevf_check_remove(hw, reg);
return value;
diff --git a/drivers/net/ethernet/intel/ixgbevf/self-emulation.c 
b/drivers/net/ethernet/intel/ixgbevf/self-emulation.c
new file mode 100644
index 000..d74b2da
--- /dev/null
+++ b/drivers/net/ethernet/intel/ixgbevf/self-emulation.c
@@ -0,0 +1,26 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "vf.h"
+#include "ixgbevf.h"
+
+static u32 hw_regs[0x4000];
+
+u32 ixgbe_self_emul_readl(volatile void __iomem *base, u32 addr)
+{
+   u32 tmp;
+
+   tmp = readl(base + addr);
+   hw_regs[(unsigned long)addr] = tmp;
+
+   return tmp;
+}
+
+void ixgbe_self_emul_writel(u32 val, volatile void __iomem *base, u32  addr)
+{
+   hw_regs[(unsigned long)addr] = val;
+   writel(val, (volatile void __iomem *)(base + addr));
+}
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h 
b/drivers/net/ethernet/intel/ixgbevf/vf.h
index d40f036..6a3f4eb 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h
@@ -39,6 +39,9 @@
 
 struct ixgbe_hw;
 
+u32 ixgbe_self_emul_readl(volatile void __iomem *base, u32 addr);
+void ixgbe_self_emul_writel(u32 val, volatile void __iomem *base, u32  addr);
+
 /* iterator type for walking multicast address lists */
 typedef u8* (*ixgbe_mc_addr_itr) (struct ixgbe_hw *hw, u8 **mc_addr_ptr,
  u32 *vmdq);
@@ -182,7 +185,7 @@ static inline void ixgbe_write_reg(struct ixgbe_hw *hw, u32 
reg, u32 value)
 
if (IXGBE_REMOVED(reg_addr))
return;
-   writel(value, reg_addr + reg);
+   ixgbe_self_emul_writel(value, reg_addr, reg);
 }
 
 #define IXGBE_WRITE_REG(h, r, v) ixgbe_write_reg(h, r, v)
-- 
1.8.4.rc0.1.g8f6a3e5.dirty

[Qemu-devel] [PATCH 08/40] mac_dbdma: always clear FLUSH bit once DBDMA channel flush is complete

[Michael Roth]

From: Mark Cave-Ayland 

The code to flush the DBDMA channel was effectively duplicated in
dbdma_control_write(), except for the fact that the copy executed outside of a
RUN bit transition was broken by not clearing the FLUSH bit once the flush was
complete.

Newer PPC Linux kernels would timeout waiting for the FLUSH bit to clear again
after submitting a FLUSH command. Fix this by always clearing the FLUSH bit
once the channel flush is complete and removing the repeated code.

Reported-by: Aurelien Jarno 
Signed-off-by: Mark Cave-Ayland 
Reviewed-by: Aurelien Jarno 
Signed-off-by: Alexander Graf 
(cherry picked from commit 1cde732d88af34849343dc1f0e68072eab0841b9)
Signed-off-by: Michael Roth 
---
 hw/misc/macio/mac_dbdma.c | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index b25e851..779683c 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -590,10 +590,11 @@ dbdma_control_write(DBDMA_channel *ch)
 if ((ch->regs[DBDMA_STATUS] & RUN) && !(status & RUN)) {
 /* RUN is cleared */
 status &= ~(ACTIVE|DEAD);
-if ((status & FLUSH) && ch->flush) {
-ch->flush(>io);
-status &= ~FLUSH;
-}
+}
+
+if ((status & FLUSH) && ch->flush) {
+ch->flush(>io);
+status &= ~FLUSH;
 }
 
 DBDMA_DPRINTF("status 0x%08x\n", status);
@@ -603,9 +604,6 @@ dbdma_control_write(DBDMA_channel *ch)
 if (status & ACTIVE) {
 DBDMA_kick(dbdma_from_ch(ch));
 }
-if ((status & FLUSH) && ch->flush) {
-ch->flush(>io);
-}
 }
 
 static void dbdma_write(void *opaque, hwaddr addr,
-- 
1.9.1

Re: [Qemu-devel] [PATCH v2 4/5] Revert "vhost-user: Send VHOST_RESET_OWNER on vhost stop"

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 05:07:17PM +0800, Yuanhan Liu wrote:
> Don't send VHOST_RESET_OWNER, for as Michael stated:
> 
> Because we need to get the state from remote after stop.
> RESET_OWNER discards that, so we can't resume the VM.
> 
> This reverts commit 294ce717e0f212ed0763307f3eab72b4a1bdf4d0.
> 
> Cc: Luke Gorrie 
> Cc: Michael S. Tsirkin 
> Signed-off-by: Yuanhan Liu 

OK but we still need to call it on device reset.
Otherwise device will corrupt memory.

> ---
>  hw/net/vhost_net.c | 7 ---
>  1 file changed, 7 deletions(-)
> 
> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> index 804f5c9..95da5f8 100644
> --- a/hw/net/vhost_net.c
> +++ b/hw/net/vhost_net.c
> @@ -293,13 +293,6 @@ static void vhost_net_stop_one(struct vhost_net *net,
>);
>  assert(r >= 0);
>  }
> -} else if (net->nc->info->type == NET_CLIENT_OPTIONS_KIND_VHOST_USER) {
> -for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
> -const VhostOps *vhost_ops = net->dev.vhost_ops;
> -int r = vhost_ops->vhost_call(>dev, VHOST_RESET_OWNER,
> -  NULL);
> -assert(r >= 0);
> -}
>  }
>  if (net->nc->info->poll) {
>  net->nc->info->poll(net->nc, true);
> -- 
> 1.9.0

Re: [Qemu-devel] [RFC Patch 09/12] IXGBEVF: Add live migration support for VF driver

[Alexander Duyck]

On 10/21/2015 09:37 AM, Lan Tianyu wrote:

To let VF driver in the guest to know migration status, Qemu will
fake PCI configure reg 0xF0 and 0xF1 to show migrate status and
get ack from VF driver.

When migration starts, Qemu will set reg "0xF0" to 1, notify
VF driver via triggering mail box msg and wait for VF driver to tell
it's ready for migration(set reg "0xF1" to 1). After migration, Qemu
will set reg "0xF0" to 0 and notify VF driver by mail box irq. VF
driver begins to restore tx/rx function after detecting sttatus change.

When VF receives mail box irq, it will check reg "0xF0" in the service
task function to get migration status and performs related operations
according its value.

Steps of restarting receive and transmit function
1) Restore VF status in the PF driver via sending mail event to PF driver
2) Write back reg values recorded by self emulation layer
3) Restart rx/tx ring
4) Recovery interrupt

Transmit/Receive descriptor head regs are read-only and can't
be restored via writing back recording reg value directly and they
are set to 0 during VF reset. To reuse original tx/rx rings, shift
desc ring in order to move the desc pointed by original head reg to
first entry of the ring and then enable tx/rx rings. VF restarts to
receive and transmit from original head desc.

Signed-off-by: Lan Tianyu 
---
  drivers/net/ethernet/intel/ixgbevf/defines.h   |   6 ++
  drivers/net/ethernet/intel/ixgbevf/ixgbevf.h   |   7 +-
  drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c  | 115 -
  .../net/ethernet/intel/ixgbevf/self-emulation.c| 107 +++
  4 files changed, 232 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/intel/ixgbevf/defines.h 
b/drivers/net/ethernet/intel/ixgbevf/defines.h
index 770e21a..113efd2 100644
--- a/drivers/net/ethernet/intel/ixgbevf/defines.h
+++ b/drivers/net/ethernet/intel/ixgbevf/defines.h
@@ -239,6 +239,12 @@ struct ixgbe_adv_tx_context_desc {
__le32 mss_l4len_idx;
  };

+union ixgbevf_desc {
+   union ixgbe_adv_tx_desc rx_desc;
+   union ixgbe_adv_rx_desc tx_desc;
+   struct ixgbe_adv_tx_context_desc tx_context_desc;
+};
+
  /* Adv Transmit Descriptor Config Masks */
  #define IXGBE_ADVTXD_DTYP_MASK0x00F0 /* DTYP mask */
  #define IXGBE_ADVTXD_DTYP_CTXT0x0020 /* Advanced Context Desc */
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h 
b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
index c823616..6eab402e 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
@@ -109,7 +109,7 @@ struct ixgbevf_ring {
struct ixgbevf_ring *next;
struct net_device *netdev;
struct device *dev;
-   void *desc; /* descriptor ring memory */
+   union ixgbevf_desc *desc;   /* descriptor ring memory */
dma_addr_t dma; /* phys. address of descriptor ring */
unsigned int size;  /* length in bytes */
u16 count;  /* amount of descriptors */
@@ -493,6 +493,11 @@ extern void ixgbevf_write_eitr(struct ixgbevf_q_vector 
*q_vector);

  void ixgbe_napi_add_all(struct ixgbevf_adapter *adapter);
  void ixgbe_napi_del_all(struct ixgbevf_adapter *adapter);
+int ixgbevf_tx_ring_shift(struct ixgbevf_ring *r, u32 head);
+int ixgbevf_rx_ring_shift(struct ixgbevf_ring *r, u32 head);
+void ixgbevf_restore_state(struct ixgbevf_adapter *adapter);
+inline void ixgbevf_irq_enable(struct ixgbevf_adapter *adapter);
+

  #ifdef DEBUG
  char *ixgbevf_get_hw_dev_name(struct ixgbe_hw *hw);
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c 
b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index 056841c..15ec361 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -91,6 +91,10 @@ MODULE_DESCRIPTION("Intel(R) 10 Gigabit Virtual Function Network 
Driver");
  MODULE_LICENSE("GPL");
  MODULE_VERSION(DRV_VERSION);

+
+#define MIGRATION_COMPLETED   0x00
+#define MIGRATION_IN_PROGRESS 0x01
+
  #define DEFAULT_MSG_ENABLE (NETIF_MSG_DRV|NETIF_MSG_PROBE|NETIF_MSG_LINK)
  static int debug = -1;
  module_param(debug, int, 0);
@@ -221,6 +225,78 @@ static u64 ixgbevf_get_tx_completed(struct ixgbevf_ring 
*ring)
return ring->stats.packets;
  }

+int ixgbevf_tx_ring_shift(struct ixgbevf_ring *r, u32 head)
+{
+   struct ixgbevf_tx_buffer *tx_buffer = NULL;
+   static union ixgbevf_desc *tx_desc = NULL;
+
+   tx_buffer = vmalloc(sizeof(struct ixgbevf_tx_buffer) * (r->count));
+   if (!tx_buffer)
+   return -ENOMEM;
+
+   tx_desc = vmalloc(sizeof(union ixgbevf_desc) * r->count);
+   if (!tx_desc)
+   return -ENOMEM;
+
+   memcpy(tx_desc, r->desc, sizeof(union ixgbevf_desc) * r->count);
+   memcpy(r->desc, _desc[head], sizeof(union ixgbevf_desc) * (r->count 
- head));
+   

[Qemu-devel] [RFC Patch 12/12] IXGBEVF: Track dma dirty pages

[Lan Tianyu]

Migration relies on tracking dirty page to migrate memory.
Hardware can't automatically mark a page as dirty after DMA
memory access. VF descriptor rings and data buffers are modified
by hardware when receive and transmit data. To track such dirty memory
manually, do dummy writes(read a byte and write it back) during receive
and transmit data.

Signed-off-by: Lan Tianyu 
---
 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c 
b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index d22160f..ce7bd7a 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -414,6 +414,9 @@ static bool ixgbevf_clean_tx_irq(struct ixgbevf_q_vector 
*q_vector,
if (!(eop_desc->wb.status & cpu_to_le32(IXGBE_TXD_STAT_DD)))
break;
 
+   /* write back status to mark page dirty */
+   eop_desc->wb.status = eop_desc->wb.status;
+
/* clear next_to_watch to prevent false hangs */
tx_buffer->next_to_watch = NULL;
tx_buffer->desc_num = 0;
@@ -946,15 +949,17 @@ static struct sk_buff *ixgbevf_fetch_rx_buffer(struct 
ixgbevf_ring *rx_ring,
 {
struct ixgbevf_rx_buffer *rx_buffer;
struct page *page;
+   u8 *page_addr;
 
rx_buffer = _ring->rx_buffer_info[rx_ring->next_to_clean];
page = rx_buffer->page;
prefetchw(page);
 
-   if (likely(!skb)) {
-   void *page_addr = page_address(page) +
- rx_buffer->page_offset;
+   /* Mark page dirty */
+   page_addr = page_address(page) + rx_buffer->page_offset;
+   *page_addr = *page_addr;
 
+   if (likely(!skb)) {
/* prefetch first cache line of first page */
prefetch(page_addr);
 #if L1_CACHE_BYTES < 128
@@ -1032,6 +1037,9 @@ static int ixgbevf_clean_rx_irq(struct ixgbevf_q_vector 
*q_vector,
if (!ixgbevf_test_staterr(rx_desc, IXGBE_RXD_STAT_DD))
break;
 
+   /* Write back status to mark page dirty */
+   rx_desc->wb.upper.status_error = rx_desc->wb.upper.status_error;
+
/* This memory barrier is needed to keep us from reading
 * any other fields out of the rx_desc until we know the
 * RXD_STAT_DD bit is set
-- 
1.8.4.rc0.1.g8f6a3e5.dirty

Re: [Qemu-devel] [Qemu-block] [PATCH v5 11/12] qed: Implement .bdrv_drain

[Fam Zheng]

On Wed, 10/21 22:20, Jeff Cody wrote:
> On Wed, Oct 21, 2015 at 10:06:48AM +0800, Fam Zheng wrote:
> > The "need_check_timer" is used to clear the "NEED_CHECK" flag in the
> > image header after a grace period once metadata update has finished. In
> > compliance to the bdrv_drain semantics we should make sure it remains
> > deleted once .bdrv_drain is called.
> > 
> > Call the qed_need_check_timer_cb manually to update the header
> > immediately.
> > 
> > Signed-off-by: Fam Zheng 
> > ---
> >  block/qed.c | 7 +++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/block/qed.c b/block/qed.c
> > index 5ea05d4..e9dcb4d 100644
> > --- a/block/qed.c
> > +++ b/block/qed.c
> > @@ -375,6 +375,12 @@ static void 
> > bdrv_qed_attach_aio_context(BlockDriverState *bs,
> >  }
> >  }
> >  
> > +static void bdrv_qed_drain(BlockDriverState *bs)
> > +{
> > +qed_cancel_need_check_timer(bs->opaque);
> > +qed_need_check_timer_cb(bs->opaque);
> > +}
> > +
> 
> Uh oh.
> 
> This causes a segfault sometimes, and other times an abort:
> 
> 
># ./qemu-img create -f qed test.qed 512M
>Formatting 'test.qed', fmt=qed size=536870912 cluster_size=65536
> 
># ./qemu-io -c "read 0 512M" test.qed
>read 536870912/536870912 bytes at offset 0
>512 MiB, 1 ops; 0.0556 sec (8.988 GiB/sec and 17.9759 ops/sec)
>Segmentation fault (core dumped)
> 
> 
> If I run the above qemu-io command with gdb, it will abort in
> qed_plug_allocating_write_reqs().
> 
> I'd hazard a guess (I have not verified) that it is due to the
> qed_header_write() call triggered by the aio flush callback function
> qed_clear_need_check().  The aio flush is done inside the
> qed_need_check_timer_cb() call.

Good catch, I think it's because of the second bdrv_drain in bdrv_close(),
when the first bdrv_aio_flush in qed_need_check_timer_cb hasn't finished.

We need a different bdrv_qed_drain implementation here.

Fam

> 
> 
> 
> >  static int bdrv_qed_open(BlockDriverState *bs, QDict *options, int flags,
> >   Error **errp)
> >  {
> > @@ -1676,6 +1682,7 @@ static BlockDriver bdrv_qed = {
> >  .bdrv_check   = bdrv_qed_check,
> >  .bdrv_detach_aio_context  = bdrv_qed_detach_aio_context,
> >  .bdrv_attach_aio_context  = bdrv_qed_attach_aio_context,
> > +.bdrv_drain   = bdrv_qed_drain,
> >  };
> >  
> >  static void bdrv_qed_init(void)
> > -- 
> > 2.4.3
> > 
> > 

[Qemu-devel] [PATCH 31/40] virtio-net: unbreak self announcement and guest offloads after migration

[Michael Roth]

From: Jason Wang 

After commit 019a3edbb25f1571e876f8af1ce4c55412939e5d ("virtio: make
features 64bit wide"). Device's guest_features was actually set after
vdc->load(). This breaks the assumption that device specific load()
function can check guest_features. For virtio-net, self announcement
and guest offloads won't work after migration.

Fixing this by defer them to virtio_net_load() where guest_features
were guaranteed to be set. Other virtio devices looks fine.

Fixes: 019a3edbb25f1571e876f8af1ce4c55412939e5d
   ("virtio: make features 64bit wide")
Cc: qemu-sta...@nongnu.org
Cc: Gerd Hoffmann 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 

(cherry picked from commit 1f8828ef573c83365b4a87a776daf8bcef1caa21)
Signed-off-by: Michael Roth 
---
 hw/net/virtio-net.c | 40 +++-
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 628074e..887a836 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1462,11 +1462,33 @@ static int virtio_net_load(QEMUFile *f, void *opaque, 
int version_id)
 {
 VirtIONet *n = opaque;
 VirtIODevice *vdev = VIRTIO_DEVICE(n);
+int ret;
 
 if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
 return -EINVAL;
 
-return virtio_load(vdev, f, version_id);
+ret = virtio_load(vdev, f, version_id);
+if (ret) {
+return ret;
+}
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
+n->curr_guest_offloads = qemu_get_be64(f);
+} else {
+n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
+}
+
+if (peer_has_vnet_hdr(n)) {
+virtio_net_apply_guest_offloads(n);
+}
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
+virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
+n->announce_counter = SELF_ANNOUNCE_ROUNDS;
+timer_mod(n->announce_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL));
+}
+
+return 0;
 }
 
 static int virtio_net_load_device(VirtIODevice *vdev, QEMUFile *f,
@@ -1563,16 +1585,6 @@ static int virtio_net_load_device(VirtIODevice *vdev, 
QEMUFile *f,
 }
 }
 
-if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
-n->curr_guest_offloads = qemu_get_be64(f);
-} else {
-n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
-}
-
-if (peer_has_vnet_hdr(n)) {
-virtio_net_apply_guest_offloads(n);
-}
-
 virtio_net_set_queues(n);
 
 /* Find the first multicast entry in the saved MAC filter */
@@ -1590,12 +1602,6 @@ static int virtio_net_load_device(VirtIODevice *vdev, 
QEMUFile *f,
 qemu_get_subqueue(n->nic, i)->link_down = link_down;
 }
 
-if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
-virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
-n->announce_counter = SELF_ANNOUNCE_ROUNDS;
-timer_mod(n->announce_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL));
-}
-
 return 0;
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH 39/40] Migration: Generate the completed event only when we complete

[Michael Roth]

From: "Dr. David Alan Gilbert" 

The current migration-completed event is generated a bit too early,
which means that an eager libvirt that's ready to go as soon
as it sees the event ends up racing with the actual end of migration.

This corresponds to RH bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1271145

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Juan Quintela 
Reviewed-by: Amit Shah 
xSigned-off-by: Juan Quintela 
(cherry picked from commit ed1f3e0090069dcb9458aa9e450df12bf8eba0b0)
Signed-off-by: Michael Roth 
---
 migration/migration.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/migration/migration.c b/migration/migration.c
index 662e77e..c4a7d0b 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -286,12 +286,12 @@ static void process_incoming_migration_co(void *opaque)
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
 }
-migrate_generate_event(MIGRATION_STATUS_COMPLETED);
 qemu_announce_self();
 
 /* Make sure all file formats flush their mutable metadata */
 bdrv_invalidate_cache_all(_err);
 if (local_err) {
+migrate_generate_event(MIGRATION_STATUS_FAILED);
 error_report_err(local_err);
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
@@ -312,6 +312,12 @@ static void process_incoming_migration_co(void *opaque)
 runstate_set(global_state_get_runstate());
 }
 migrate_decompress_threads_join();
+/*
+ * This must happen after any state changes since as soon as an external
+ * observer sees this event they might start to prod at the VM assuming
+ * it's ready to use.
+ */
+migrate_generate_event(MIGRATION_STATUS_COMPLETED);
 }
 
 void process_incoming_migration(QEMUFile *f)
-- 
1.9.1

Re: [Qemu-devel] [Qemu-block] [PATCH v5 04/12] aio: introduce aio_{disable, enable}_external

[Fam Zheng]

On Wed, 10/21 11:56, Jeff Cody wrote:
> > +static inline bool aio_node_check(AioContext *ctx, bool is_external)
> > +{
> > +return !is_external || !atomic_read(>external_disable_cnt);
> > +}
> > +
> 
> It seems a little odd to me to have this helper function take the
> is_external bool field from the node as the argument - any reason to
> do that, rather than pass in the AioHandler and have aio_node_check()
> parse whatever fields it deems necessary from it?

AioHandler is defined differently for posix and win32, but I didn't want to
duplicate this function in two files.

Fam

[Qemu-devel] [PATCH 36/40] misc: zynq_slcr: Fix MMIO writes

[Michael Roth]

From: Peter Crosthwaite 

The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.

While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.

Cc: qemu-sta...@nongnu.org
Cc: Guenter Roeck 
Signed-off-by: Peter Crosthwaite 
Reviewed-by: Alistair Francis 
Signed-off-by: Peter Maydell 
(cherry picked from commit c209b0537203c58a051e5d837320335cea23e494)
Signed-off-by: Michael Roth 
---
 hw/misc/zynq_slcr.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
index 964f253..3d78708 100644
--- a/hw/misc/zynq_slcr.c
+++ b/hw/misc/zynq_slcr.c
@@ -393,12 +393,12 @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
 return;
 }
 
-if (!s->regs[LOCKSTA]) {
-s->regs[offset / 4] = val;
-} else {
-DB_PRINT("SCLR registers are locked. Unlock them first\n");
+if (s->regs[LOCKSTA]) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "SCLR registers are locked. Unlock them first\n");
 return;
 }
+s->regs[offset] = val;
 
 switch (offset) {
 case PSS_RST_CTRL:
-- 
1.9.1

[Qemu-devel] [PATCH v1 1/5] sockets: remove use of QemuOpts from header file

[Daniel P. Berrange]

There are no callers of the sockets methods which accept
QemuOpts any more. Make all the QemuOpts related functions
static to avoid new callers being added, in preparation
for removal of all QemuOpts usage, in favour of QAPI
SocketAddress.

Signed-off-by: Daniel P. Berrange 
---
 include/qemu/sockets.h |  9 -
 util/qemu-sockets.c| 22 +++---
 2 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 5a183c5..2741b97 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -30,8 +30,6 @@ int inet_aton(const char *cp, struct in_addr *ia);
 #include "qapi/error.h"
 #include "qapi-types.h"
 
-extern QemuOptsList socket_optslist;
-
 /* misc helpers */
 int qemu_socket(int domain, int type, int protocol);
 int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
@@ -56,23 +54,16 @@ int recv_all(int fd, void *buf, int len1, bool single_read);
 typedef void NonBlockingConnectHandler(int fd, Error *errp, void *opaque);
 
 InetSocketAddress *inet_parse(const char *str, Error **errp);
-int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp);
 int inet_listen(const char *str, char *ostr, int olen,
 int socktype, int port_offset, Error **errp);
-int inet_connect_opts(QemuOpts *opts, Error **errp,
-  NonBlockingConnectHandler *callback, void *opaque);
 int inet_connect(const char *str, Error **errp);
 int inet_nonblocking_connect(const char *str,
  NonBlockingConnectHandler *callback,
  void *opaque, Error **errp);
 
-int inet_dgram_opts(QemuOpts *opts, Error **errp);
 NetworkAddressFamily inet_netfamily(int family);
 
-int unix_listen_opts(QemuOpts *opts, Error **errp);
 int unix_listen(const char *path, char *ostr, int olen, Error **errp);
-int unix_connect_opts(QemuOpts *opts, Error **errp,
-  NonBlockingConnectHandler *callback, void *opaque);
 int unix_connect(const char *path, Error **errp);
 int unix_nonblocking_connect(const char *str,
  NonBlockingConnectHandler *callback,
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 9142917..dae8a6d 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -37,7 +37,7 @@
 #endif
 
 /* used temporarily until all users are converted to QemuOpts */
-QemuOptsList socket_optslist = {
+static QemuOptsList socket_optslist = {
 .name = "socket",
 .head = QTAILQ_HEAD_INITIALIZER(socket_optslist.head),
 .desc = {
@@ -114,7 +114,7 @@ NetworkAddressFamily inet_netfamily(int family)
 return NETWORK_ADDRESS_FAMILY_UNKNOWN;
 }
 
-int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp)
+static int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp)
 {
 struct addrinfo ai,*res,*e;
 const char *addr;
@@ -392,8 +392,8 @@ static struct addrinfo *inet_parse_connect_opts(QemuOpts 
*opts, Error **errp)
  * function succeeds, callback will be called when the connection
  * completes, with the file descriptor on success, or -1 on error.
  */
-int inet_connect_opts(QemuOpts *opts, Error **errp,
-  NonBlockingConnectHandler *callback, void *opaque)
+static int inet_connect_opts(QemuOpts *opts, Error **errp,
+ NonBlockingConnectHandler *callback, void *opaque)
 {
 Error *local_err = NULL;
 struct addrinfo *res, *e;
@@ -440,7 +440,7 @@ int inet_connect_opts(QemuOpts *opts, Error **errp,
 return sock;
 }
 
-int inet_dgram_opts(QemuOpts *opts, Error **errp)
+static int inet_dgram_opts(QemuOpts *opts, Error **errp)
 {
 struct addrinfo ai, *peer = NULL, *local = NULL;
 const char *addr;
@@ -708,7 +708,7 @@ int inet_nonblocking_connect(const char *str,
 
 #ifndef _WIN32
 
-int unix_listen_opts(QemuOpts *opts, Error **errp)
+static int unix_listen_opts(QemuOpts *opts, Error **errp)
 {
 struct sockaddr_un un;
 const char *path = qemu_opt_get(opts, "path");
@@ -773,8 +773,8 @@ err:
 return -1;
 }
 
-int unix_connect_opts(QemuOpts *opts, Error **errp,
-  NonBlockingConnectHandler *callback, void *opaque)
+static int unix_connect_opts(QemuOpts *opts, Error **errp,
+ NonBlockingConnectHandler *callback, void *opaque)
 {
 struct sockaddr_un un;
 const char *path = qemu_opt_get(opts, "path");
@@ -833,15 +833,15 @@ int unix_connect_opts(QemuOpts *opts, Error **errp,
 
 #else
 
-int unix_listen_opts(QemuOpts *opts, Error **errp)
+static int unix_listen_opts(QemuOpts *opts, Error **errp)
 {
 error_setg(errp, "unix sockets are not available on windows");
 errno = ENOTSUP;
 return -1;
 }
 
-int unix_connect_opts(QemuOpts *opts, Error **errp,
-  NonBlockingConnectHandler *callback, void *opaque)
+static int unix_connect_opts(QemuOpts *opts, Error **errp,
+ NonBlockingConnectHandler 

Re: [Qemu-devel] [Qemu-block] [PATCH v5 04/12] aio: introduce aio_{disable, enable}_external

[Jeff Cody]

On Thu, Oct 22, 2015 at 10:11:16AM +0800, Fam Zheng wrote:
> On Wed, 10/21 11:56, Jeff Cody wrote:
> > > +static inline bool aio_node_check(AioContext *ctx, bool is_external)
> > > +{
> > > +return !is_external || !atomic_read(>external_disable_cnt);
> > > +}
> > > +
> > 
> > It seems a little odd to me to have this helper function take the
> > is_external bool field from the node as the argument - any reason to
> > do that, rather than pass in the AioHandler and have aio_node_check()
> > parse whatever fields it deems necessary from it?
> 
> AioHandler is defined differently for posix and win32, but I didn't want to
> duplicate this function in two files.
> 
> Fam

That makes sense, thanks.

Re: [Qemu-devel] [PATCH 1/3] Revert "vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE"

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 05:21:40PM +0800, Yuanhan Liu wrote:
> On Wed, Oct 21, 2015 at 12:15:52PM +0300, Michael S. Tsirkin wrote:
> > On Wed, Oct 21, 2015 at 04:55:16PM +0800, Yuanhan Liu wrote:
> > > On Fri, Oct 16, 2015 at 10:47:49AM +0300, Michael S. Tsirkin wrote:
> > > > On Fri, Oct 16, 2015 at 03:32:56PM +0800, Yuanhan Liu wrote:
> > > > > On Fri, Oct 16, 2015 at 10:21:40AM +0300, Michael S. Tsirkin wrote:
> > > > > > On Fri, Oct 16, 2015 at 03:18:59PM +0800, Yuanhan Liu wrote:
> > > > > > > This reverts commit d1f8b30ec8dde0318fd1b98d24a64926feae9625.
> > > > > > > 
> > > > > > > It turned out that it breaks stuff, so revert it:
> > > > > > > 
> > > > > > > 
> > > > > > > http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg00949.html
> > > > > > > 
> > > > > > > CC: "Michael S. Tsirkin" 
> > > > > > > Reported-by: Paolo Bonzini 
> > > > > > > Signed-off-by: Yuanhan Liu 
> > > > > > 
> > > > > > OK but that's not enough. We need to also
> > > > > > - drop patch sending this on stop
> > > > > 
> > > > > I could do that. But may I know why we have to drop it on stop?
> > > > 
> > > > Because we need to get the state from remote after stop.
> > > > RESET_OWNER discards that, so we can't resume the VM.
> > > > 
> > > > > If we don't send it on stop, when will we send it? The termination
> > > > > of QEMU?
> > > > 
> > > > If mq is negotiated, we don't need it.  If mq isn't negotiated, maybe we
> > > > should send it on reset/driver unload.
> > > 
> > > Sorry, what place do you mean exactly?
> > 
> > There's no such code - you'll have to add
> > a callback into vhost from virtio.
> 
> Say, at virtio_net_reset()?
> 
>   --yliu

Sounds good.

> > > 
> > > > It might be better than
> > > > corrupting guest memory. And if we do, maybe we should keep
> > > > the RESET_DEVICE name.

Re: [Qemu-devel] [PATCH v2 4/5] Revert "vhost-user: Send VHOST_RESET_OWNER on vhost stop"

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 05:07:17PM +0800, Yuanhan Liu wrote:
> Don't send VHOST_RESET_OWNER, for as Michael stated:
> 
> Because we need to get the state from remote after stop.
> RESET_OWNER discards that, so we can't resume the VM.
> 
> This reverts commit 294ce717e0f212ed0763307f3eab72b4a1bdf4d0.
> 
> Cc: Luke Gorrie 
> Cc: Michael S. Tsirkin 
> Signed-off-by: Yuanhan Liu 

Yes but poking at guest memory after driver is unloaded
is even worse.

> ---
>  hw/net/vhost_net.c | 7 ---
>  1 file changed, 7 deletions(-)
> 
> diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> index 804f5c9..95da5f8 100644
> --- a/hw/net/vhost_net.c
> +++ b/hw/net/vhost_net.c
> @@ -293,13 +293,6 @@ static void vhost_net_stop_one(struct vhost_net *net,
>);
>  assert(r >= 0);
>  }
> -} else if (net->nc->info->type == NET_CLIENT_OPTIONS_KIND_VHOST_USER) {
> -for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
> -const VhostOps *vhost_ops = net->dev.vhost_ops;
> -int r = vhost_ops->vhost_call(>dev, VHOST_RESET_OWNER,
> -  NULL);
> -assert(r >= 0);
> -}
>  }
>  if (net->nc->info->poll) {
>  net->nc->info->poll(net->nc, true);
> -- 
> 1.9.0
> 

[Qemu-devel] [PULL v2 1/9] util/qemu-config: fix missing machine command line options

[Cornelia Huck]

From: Tony Krowiak 

Commit 0a7cf217 ("util/qemu-config: fix regression of
qmp_query_command_line_options") aimed to restore parsing of global
machine options, but missed two: "aes-key-wrap" and
"dea-key-wrap" (which were present in the initial version of that
patch). Let's add them to the machine_opts again.

Fixes: 0a7cf217 ("util/qemu-config: fix regression of
  qmp_query_command_line_options")
CC: Marcel Apfelbaum 
CC: qemu-sta...@nongnu.org
Signed-off-by: Tony Krowiak 
Reviewed-by: Marcel Apfelbaum 
Tested-by: Christian Borntraeger 
Message-Id: <1444664181-28023-1-git-send-email-akrow...@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck 
---
 util/qemu-config.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/util/qemu-config.c b/util/qemu-config.c
index 5fcfd0e..687fd34 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -219,6 +219,14 @@ static QemuOptsList machine_opts = {
 .name = "suppress-vmdesc",
 .type = QEMU_OPT_BOOL,
 .help = "Set on to disable self-describing migration",
+},{
+.name = "aes-key-wrap",
+.type = QEMU_OPT_BOOL,
+.help = "enable/disable AES key wrapping using the CPACF wrapping 
key",
+},{
+.name = "dea-key-wrap",
+.type = QEMU_OPT_BOOL,
+.help = "enable/disable DEA key wrapping using the CPACF wrapping 
key",
 },
 { /* End of list */ }
 }
-- 
2.6.2

[Qemu-devel] [PATCH 18/40] qcow2: Make size_to_clusters() return uint64_t

[Michael Roth]

From: Max Reitz 

Sadly, some images may have more clusters than what can be represented
using a plain int. We should be prepared for that case (in
qcow2_check_refcounts() we actually were trying to catch that case, but
since size_to_clusters() truncated the returned value, that check never
did anything useful).

Cc: qemu-stable 
Signed-off-by: Max Reitz 
Signed-off-by: Kevin Wolf 
(cherry picked from commit b6d36def6d9e9fd187327182d0abafc9b7085d8f)

Conflicts:
block/qcow2-cluster.c
block/qcow2.h

* removed context dependency on ff99129a
Signed-off-by: Michael Roth 
---
 block/qcow2-cluster.c  | 28 ++--
 block/qcow2-refcount.c | 12 
 block/qcow2.h  |  6 +++---
 3 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index b43f186..7e94fe7 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -298,7 +298,7 @@ fail:
  * as contiguous. (This allows it, for example, to stop at the first compressed
  * cluster which may require a different handling)
  */
-static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size,
+static int count_contiguous_clusters(int nb_clusters, int cluster_size,
 uint64_t *l2_table, uint64_t stop_flags)
 {
 int i;
@@ -321,7 +321,7 @@ static int count_contiguous_clusters(uint64_t nb_clusters, 
int cluster_size,
return i;
 }
 
-static int count_contiguous_free_clusters(uint64_t nb_clusters, uint64_t 
*l2_table)
+static int count_contiguous_free_clusters(int nb_clusters, uint64_t *l2_table)
 {
 int i;
 
@@ -495,6 +495,7 @@ int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t 
offset,
 if (nb_needed > nb_available) {
 nb_needed = nb_available;
 }
+assert(nb_needed <= INT_MAX);
 
 *cluster_offset = 0;
 
@@ -530,6 +531,8 @@ int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t 
offset,
 
 l2_index = (offset >> s->cluster_bits) & (s->l2_size - 1);
 *cluster_offset = be64_to_cpu(l2_table[l2_index]);
+
+/* nb_needed <= INT_MAX, thus nb_clusters <= INT_MAX, too */
 nb_clusters = size_to_clusters(s, nb_needed << 9);
 
 ret = qcow2_get_cluster_type(*cluster_offset);
@@ -960,7 +963,7 @@ static int handle_copied(BlockDriverState *bs, uint64_t 
guest_offset,
 int l2_index;
 uint64_t cluster_offset;
 uint64_t *l2_table;
-unsigned int nb_clusters;
+uint64_t nb_clusters;
 unsigned int keep_clusters;
 int ret;
 
@@ -979,6 +982,7 @@ static int handle_copied(BlockDriverState *bs, uint64_t 
guest_offset,
 
 l2_index = offset_to_l2_index(s, guest_offset);
 nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+assert(nb_clusters <= INT_MAX);
 
 /* Find L2 entry for the first involved cluster */
 ret = get_cluster_table(bs, guest_offset, _table, _index);
@@ -1061,7 +1065,7 @@ out:
  * restarted, but the whole request should not be failed.
  */
 static int do_alloc_cluster_offset(BlockDriverState *bs, uint64_t guest_offset,
-uint64_t *host_offset, unsigned int *nb_clusters)
+   uint64_t *host_offset, uint64_t 
*nb_clusters)
 {
 BDRVQcowState *s = bs->opaque;
 
@@ -1079,7 +1083,7 @@ static int do_alloc_cluster_offset(BlockDriverState *bs, 
uint64_t guest_offset,
 *host_offset = cluster_offset;
 return 0;
 } else {
-int ret = qcow2_alloc_clusters_at(bs, *host_offset, *nb_clusters);
+int64_t ret = qcow2_alloc_clusters_at(bs, *host_offset, *nb_clusters);
 if (ret < 0) {
 return ret;
 }
@@ -1115,7 +1119,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t 
guest_offset,
 int l2_index;
 uint64_t *l2_table;
 uint64_t entry;
-unsigned int nb_clusters;
+uint64_t nb_clusters;
 int ret;
 
 uint64_t alloc_cluster_offset;
@@ -1133,6 +1137,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t 
guest_offset,
 
 l2_index = offset_to_l2_index(s, guest_offset);
 nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+assert(nb_clusters <= INT_MAX);
 
 /* Find L2 entry for the first involved cluster */
 ret = get_cluster_table(bs, guest_offset, _table, _index);
@@ -1426,7 +1431,8 @@ int qcow2_decompress_cluster(BlockDriverState *bs, 
uint64_t cluster_offset)
  * clusters.
  */
 static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
-unsigned int nb_clusters, enum qcow2_discard_type type, bool full_discard)
+ uint64_t nb_clusters, enum qcow2_discard_type 
type,
+ bool full_discard)
 {
 BDRVQcowState *s = bs->opaque;
 uint64_t *l2_table;
@@ -1441,6 +1447,7 @@ static int discard_single_l2(BlockDriverState *bs, 
uint64_t offset,
 
 /* Limit nb_clusters to one L2 table */
 nb_clusters = MIN(nb_clusters, 

[Qemu-devel] [PATCH v2 0/2] xen-platform: Replace assert() with appropriate error reporting

[Eduardo Habkost]

New version, now using PCIDeviceClass::realize.

Eduardo Habkost (1):
  xen-platform: Replace assert() with appropriate error reporting

Stefano Stabellini (1):
  xen_platform: switch to realize

 hw/i386/xen/xen_platform.c | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

-- 
2.1.0

Re: [Qemu-devel] [PATCH 4/4] mips: add gic support to malta

[Leon Alrae]

On 16/10/15 00:52, Yongbok Kim wrote:
>  /*
>   * We have a circular dependency problem: pci_bus depends on isa_irq,
>   * isa_irq is provided by i8259, i8259 depends on ISA, ISA depends
> @@ -1155,7 +1218,11 @@ void mips_malta_init(MachineState *machine)
>  
>  /* Interrupt controller */
>  /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */
> -s->i8259 = i8259_init(isa_bus, env->irq[2]);
> +if (env->gic_irqs) {
> +s->i8259 = i8259_init(isa_bus, env->gic_irqs[3]);

Probably s->gic.gic_irqs[3].irq should be used here.

BTW I think "gic_irqs" can be replaced with a better name, something
like "irq_state".

> +} else {
> +s->i8259 = i8259_init(isa_bus, env->irq[2]);
> +}
>  
>  isa_bus_irqs(isa_bus, s->i8259);
>  pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1);
> @@ -1209,7 +1276,7 @@ static void mips_malta_machine_init(MachineClass *mc)
>  {
>  mc->desc = "MIPS Malta Core LV";
>  mc->init = mips_malta_init;
> -mc->max_cpus = 16;
> +mc->max_cpus = 32;
>  mc->is_default = 1;
>  }
>  
> diff --git a/target-mips/cpu.h b/target-mips/cpu.h
> index 639ef37..fdd5643 100644
> --- a/target-mips/cpu.h
> +++ b/target-mips/cpu.h
> @@ -594,6 +594,7 @@ struct CPUMIPSState {
>  
>  const mips_def_t *cpu_model;
>  void *irq[8];
> +void **gic_irqs;

I don't think CPUMIPSState need any information about gic external
interrupts.

Leon

>  QEMUTimer *timer; /* Internal timer */
>  };
>  
> 

Re: [Qemu-devel] [PATCH v1 2/5] sockets: remove use of QemuOpts from socket_listen

[Paolo Bonzini]

On 21/10/2015 17:43, Daniel P. Berrange wrote:
> +}
> +if (addr->has_ipv6 && addr->ipv6) {
> +g_printerr("One\n");
> +return PF_INET6;
> +}
> +if (addr->has_ipv4 && addr->ipv4) {
> +g_printerr("Two\n");
> +return PF_INET;
> +}
> +if (addr->has_ipv6 && !addr->ipv6) {
> +g_printerr("Three\n");
> +return PF_INET;
> +}
> +if (addr->has_ipv4 && !addr->ipv4) {
> +g_printerr("Four\n");
> +return PF_INET6;
> +}
> +g_printerr("Five %d %d %d %d\n",
> +   addr->has_ipv4, addr->ipv4,
> +   addr->has_ipv6, addr->ipv6);
> +return PF_UNSPEC;
> +}
> +

Apart from the extra debugging output, I think you can merge as

if ((addr->has_ipv6 && addr->ipv6) || (addr->has_ipv4 && !addr->ipv4)) {
return PF_INET6;
}
if ((addr->has_ipv4 && addr->ipv4) || (addr->has_ipv6 && !addr->ipv6)) {
return PF_INET;
}
return PF_UNSPEC;

where the order of the first two is important.

Paolo

Re: [Qemu-devel] [PATCH RFC V5 6/9] hw/intc: arm_gicv3_spi_its

[Shlomo Pongratz]

Hi,

I just added a placeholder, I didn't add any functionality.

On Wednesday, October 21, 2015, Pavel Fedin  wrote:

>  Hello!
>
> > This patch includes a placeholder code for future spi and its
> > implementation.
>
>  Forgot to comment on this. I see that here you are building an ITS into
> GIC as a monolithic thing. This can be wrong because we
> could want to emulate platforms which have GICv3 but don't have ITS. I
> would suggest to implement ITS as a separate class, and i
> have actually done it in
> http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg04613.html.
>  So, i think we should not bother about ITS for now and suggest you to
> leave it out completely and focus on pure GICv3.
>  Even more, i have software-emulated ITS code in one of my abandoned
> branches, it lacks only GICv3's ability to receive LPIs (which
> is indeed GIC's functionality). After you're done with GIC, i could rebase
> it on top and post at least as an RFC. May be i'll
> complete it myself, may be you'll want to pick it up, i don't know.
> Actually, it works with Linux kernel and successfully translates
> an MSI event into LPI number, which is then injected into the GIC object.
> Just it's GIC missing the appropriate LPI hanlders. I
> wrote it when there was no in-kernel vITS implementation, but abandoned
> when vITS patch series was published.
>
> Kind regards,
> Pavel Fedin
> Expert Engineer
> Samsung Electronics Research center Russia
>
>
>

[Qemu-devel] [PATCH QEMU-XEN v4 8/9] xen: domainbuild: reopen libxenctrl interface after forking for domain watcher.

[Ian Campbell]

Using an existing libxenctrl handle after a fork was never
particularly safe (especially if foreign mappings existed at the time
of the fork) and the xc fd has been unavailable for many releases.

Reopen the handle after fork and therefore do away with xc_fd().

Signed-off-by: Ian Campbell 
Acked-by: Stefano Stabellini 
---
The fact that xc_fd hasn't been useful since at least Xen 4.1 makes me
question the utility of this domainbuild in QEMU. Perhaps we should
just nuke it?
---
 hw/xenpv/xen_domainbuild.c  |  9 ++---
 include/hw/xen/xen_common.h | 17 -
 2 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/hw/xenpv/xen_domainbuild.c b/hw/xenpv/xen_domainbuild.c
index c0ab753..3e8422f 100644
--- a/hw/xenpv/xen_domainbuild.c
+++ b/hw/xenpv/xen_domainbuild.c
@@ -174,12 +174,15 @@ static int xen_domain_watcher(void)
 for (i = 3; i < n; i++) {
 if (i == fd[0])
 continue;
-if (i == xc_fd(xen_xc)) {
-continue;
-}
 close(i);
 }
 
+/*
+ * Reopen xc interface, since the original is unsafe after fork
+ * and was closed above.
+ */
+xen_xc = xc_interface_open(0, 0, 0);
+
 /* ignore term signals */
 signal(SIGINT,  SIG_IGN);
 signal(SIGTERM, SIG_IGN);
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
index 38293b4..4b4b50d 100644
--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@@ -121,12 +121,6 @@ static inline XenXC xen_xc_interface_open(void *logger, 
void *dombuild_logger,
 xc_map_foreign_bulk(*h, d, p, a, e, n)
 #define xenforeignmemory_unmap(h, p, s) munmap(p, s * XC_PAGE_SIZE)
 
-static inline int xc_fd(int xen_xc)
-{
-return xen_xc;
-}
-
-
 static inline int xc_domain_populate_physmap_exact
 (XenXC xc_handle, uint32_t domid, unsigned long nr_extents,
  unsigned int extent_order, unsigned int mem_flags, xen_pfn_t 
*extent_start)
@@ -201,11 +195,6 @@ static inline XenXC xen_xc_interface_open(void *logger, 
void *dombuild_logger,
 xc_map_foreign_bulk(*h, d, p, a, e, n)
 #define xenforeignmemory_unmap(h, p, s) munmap(p, s * XC_PAGE_SIZE)
 
-/* FIXME There is now way to have the xen fd */
-static inline int xc_fd(xc_interface *xen_xc)
-{
-return -1;
-}
 #else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 470 */
 
 typedef xc_interface *XenXC;
@@ -223,12 +212,6 @@ static inline XenXC xen_xc_interface_open(void *logger, 
void *dombuild_logger,
 return xc_interface_open(logger, dombuild_logger, open_flags);
 }
 
-/* FIXME There is now way to have the xen fd */
-static inline int xc_fd(xc_interface *xen_xc)
-{
-return -1;
-}
-
 #endif
 
 /* Xen before 4.2 */
-- 
2.1.4

Re: [Qemu-devel] [PATCH 0/4] mips: add Global Interrupt Controller

[Yongbok Kim]

On 21/10/2015 17:01, Peter Maydell wrote:
> On 16 October 2015 at 00:52, Yongbok Kim  wrote:
>> Add support of MIPS GIC.
>>
>>  hw/mips/Makefile.objs|2 +-
>>  hw/mips/mips_gcr.c   |  120 
>>  hw/mips/mips_gcr.h   |   57 
>>  hw/mips/mips_gic.c   |  653 
>> ++
>>  hw/mips/mips_gic.h   |  298 +++
>>  hw/mips/mips_malta.c |   71 +-
>>  target-mips/cpu.h|4 +-
>>  target-mips/translate.c  |   17 ++
>>  target-mips/translate_init.c |3 +-
>>  9 files changed, 1220 insertions(+), 5 deletions(-)
>>  create mode 100644 hw/mips/mips_gcr.c
>>  create mode 100644 hw/mips/mips_gcr.h
>>  create mode 100644 hw/mips/mips_gic.c
>>  create mode 100644 hw/mips/mips_gic.h
> 
> Should this live in hw/intc/ if it is an interrupt controller?
> 
> thanks
> -- PMM
> 

Actually I have considered that but I just hesitated to put the files in
the hw/intc as all other MIPS related hw component files are in hw/mips. I
agree with your opinion. From the v2 the mips_gic.{c|h} files will be in
the directory. I think the mips_gcr.{c|h} is quite MIPS specific and it
doesn't fit into any other directory than hw/mips.

Regards,
Yongbok

Re: [Qemu-devel] [PATCH v1 2/5] sockets: remove use of QemuOpts from socket_listen

[Daniel P. Berrange]

On Wed, Oct 21, 2015 at 05:54:11PM +0200, Paolo Bonzini wrote:
> 
> 
> On 21/10/2015 17:43, Daniel P. Berrange wrote:
> > +}
> > +if (addr->has_ipv6 && addr->ipv6) {
> > +g_printerr("One\n");
> > +return PF_INET6;
> > +}
> > +if (addr->has_ipv4 && addr->ipv4) {
> > +g_printerr("Two\n");
> > +return PF_INET;
> > +}
> > +if (addr->has_ipv6 && !addr->ipv6) {
> > +g_printerr("Three\n");
> > +return PF_INET;
> > +}
> > +if (addr->has_ipv4 && !addr->ipv4) {
> > +g_printerr("Four\n");
> > +return PF_INET6;
> > +}
> > +g_printerr("Five %d %d %d %d\n",
> > +   addr->has_ipv4, addr->ipv4,
> > +   addr->has_ipv6, addr->ipv6);
> > +return PF_UNSPEC;
> > +}
> > +
> 
> Apart from the extra debugging output, I think you can merge as
> 
> if ((addr->has_ipv6 && addr->ipv6) || (addr->has_ipv4 && !addr->ipv4)) {
> return PF_INET6;
> }
> if ((addr->has_ipv4 && addr->ipv4) || (addr->has_ipv6 && !addr->ipv6)) {
> return PF_INET;
> }
> return PF_UNSPEC;
> 
> where the order of the first two is important.

Yes, and next time I'll remember to remove the debugging output before
posting :-)

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

[Qemu-devel] [PATCH v2 1/2] xen_platform: switch to realize

[Eduardo Habkost]

From: Stefano Stabellini 

Use realize to initialize the xen_platform device

Signed-off-by: Stefano Stabellini 
Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
* Remove useless return
  * Suggested-by: Paolo Bonzini 
* Rename xen_platform_initfn() to xen_platform_realize()
---
 hw/i386/xen/xen_platform.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c
index 8682c42..3dc68cb 100644
--- a/hw/i386/xen/xen_platform.c
+++ b/hw/i386/xen/xen_platform.c
@@ -382,7 +382,7 @@ static const VMStateDescription vmstate_xen_platform = {
 }
 };
 
-static int xen_platform_initfn(PCIDevice *dev)
+static void xen_platform_realize(PCIDevice *dev, Error **errp)
 {
 PCIXenPlatformState *d = XEN_PLATFORM(dev);
 uint8_t *pci_conf;
@@ -407,8 +407,6 @@ static int xen_platform_initfn(PCIDevice *dev)
  >mmio_bar);
 
 platform_fixed_ioport_init(d);
-
-return 0;
 }
 
 static void platform_reset(DeviceState *dev)
@@ -423,7 +421,7 @@ static void xen_platform_class_init(ObjectClass *klass, 
void *data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
-k->init = xen_platform_initfn;
+k->realize = xen_platform_realize;
 k->vendor_id = PCI_VENDOR_ID_XEN;
 k->device_id = PCI_DEVICE_ID_XEN_PLATFORM;
 k->class_id = PCI_CLASS_OTHERS << 8 | 0x80;
-- 
2.1.0

Re: [Qemu-devel] [PULL v2 0/9] Next set of s390x patches

[Peter Maydell]

On 21 October 2015 at 11:30, Cornelia Huck <cornelia.h...@de.ibm.com> wrote:
> Changes v1->v2:
> - Fix declaration of reset_dev_types[]
>
> The following changes since commit ee9dfed242610ecb91418270fd46b875ed56e201:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20151020-1' 
> into staging (2015-10-20 12:56:45 +0100)
>
> are available in the git repository at:
>
>   git://github.com/cohuck/qemu tags/s390x-20151021-v2
>
> for you to fetch changes up to 1cd4e0f6f0a6b1978a5868b41d4faae2071dc4ee:
>
>   s390x/cmma: clean up cmma reset (2015-10-21 12:21:30 +0200)
>
> 
> More s390x patches. The first ones are fixes: A regression, missed
> compat and a missed part of the SIMD support. The others contain
> optimizations and cleanup.

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH RFC V5 9/9] hw/arm: Add virt-v3 machine that uses GIC-500

[Shlomo Pongratz]

O.K.

On Wednesday, October 21, 2015, Pavel Fedin  wrote:

>  Hello!
>
> >> The system register implementation belongs in the gic code, not
> >> target-arm/. We already have support for devices that say
> >> "I have some system registers, please add them to this CPU".
>
> > I don't understand.
> > The system registers are defined in ARM Architecture reference Manual.
> > It is true that the real implementation is in arm_gicv3_interrupts.c
> > But the crn, crm, op0, and op1 of the instructions are in CPU domain.
>
>  Not really. If you take a closer look, you'll see that crn, crm, op1, op2
> are the same for both ARM64 and ARM32. The only difference is that ARM64
> uses op0 = 3, and ARM32 uses cp = 15. Both of these specifiers can coexist
> in the descriptor table.
>  I think Peter wants to tell that you should not insert your register
> table and registration function into target-arm/cpu64.c. This code should
> go to hw/intc/arm_gicv3_cpu_interface.c, add .cp = 15, and - voila - it
> magically works with both ARM32 and ARM64.
>
> Kind regards,
> Pavel Fedin
> Expert Engineer
> Samsung Electronics Research center Russia
>
>
>

[Qemu-devel] [PATCH QEMU-XEN v4 1/9] xen_console: correctly cleanup primary console on teardown.

[Ian Campbell]

All of the work in con_disconnect applies to the primary console case
(when xendev->dev is NULL). Therefore remove the early check and bail
and allow it to fall through. All of the existing code is correctly
conditional already.

The ->dev and ->gnttabdev handles are either both set or neither. For
consistency with con_initialise() with to the former here too.

With this con_initialise and con_disconnect now mirror each other.

Fix up a hard tab in the function while editing.

Signed-off-by: Ian Campbell 
---
v4: New patch based on feedback to "xen: Switch uses of
xc_map_foreign_bulk to use libxenforeignmemory API."
---
 hw/char/xen_console.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index eb7f450..63ade33 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -265,9 +265,6 @@ static void con_disconnect(struct XenDevice *xendev)
 {
 struct XenConsole *con = container_of(xendev, struct XenConsole, xendev);
 
-if (!xendev->dev) {
-return;
-}
 if (con->chr) {
 qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL);
 qemu_chr_fe_release(con->chr);
@@ -275,12 +272,12 @@ static void con_disconnect(struct XenDevice *xendev)
 xen_be_unbind_evtchn(>xendev);
 
 if (con->sring) {
-if (!xendev->gnttabdev) {
+if (!xendev->dev) {
 munmap(con->sring, XC_PAGE_SIZE);
 } else {
 xc_gnttab_munmap(xendev->gnttabdev, con->sring, 1);
 }
-   con->sring = NULL;
+con->sring = NULL;
 }
 }
 
-- 
2.1.4

Re: [Qemu-devel] Coding style for errors

[Markus Armbruster]

Lluís Vilanova  writes:

> Hi,
>
> I was wondering what is the proper way (or ways, depending on the subsystem) 
> of
> reporting and signalling errors in QEMU. The coding style file does not seem 
> to
> mention it, and the code uses all kinds of forms for that:
>
> * printf + exit(1)
> * fprintf(stderr) + exit(1)
> * error_report + exit(1)
> * cpu_abort
> * Some other I probably forgot

cpu_abort() and hw_error() are fancy ways to abort().  Terminating with
abort() on "this can't be happening" conditions is perfectly sensible,
and doing it in fancy ways can be useful.  For other errors, it's
inappropriate.

qemu/error-report.h is for reporting errors to the user.  Why not simply
fprintf(stderr, ...)?  Several reasons:

* error_report() & friends report errors in a uniform format.

* They do the right thing inside monitor commands: report the error to
  the monitor instead of stderr.

* They can add location information.

* They can add timestamps (-msg timestamp=on).

* If we ever do proper logging, they'll log the error.

There are many places left that fprintf().  Please don't add more.

qapi/error.h is for propagating errors up the call chain.  At some
point, you'll either recover and throw away the error, or you report it.
Convenience function error_report_err() makes that easy, but it's really
just a thin wrapper around error_report().

Another convenience feature makes reporting *fatal* errors easy:
_fatal.  Likewise, for programming errors: _abort.

When a simpler method for reporting success/failure to the caller
suffices, it's perfectly fine to use it.  E.g. returning a valid pointer
on success and null pointer on failure, or non-negative integer on
success and negative errno code on failure.

> So, is there any agreement on what should be used? If so, could that please be
> added to CODING_STYLE?

I think HACKING would be a better fit.

[Qemu-devel] [RFC Patch 03/12] IXGBE: Add sysfs interface for Qemu to migrate VF status in the PF driver

[Lan Tianyu]

This patch is to add sysfs interface state_in_pf under sysfs directory
of VF PCI device for Qemu to get and put VF status in the PF driver during
migration.

Signed-off-by: Lan Tianyu 
---
 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 156 -
 1 file changed, 155 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c 
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index ab2a2e2..89671eb 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -124,6 +124,157 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter 
*adapter)
return -ENOMEM;
 }
 
+#define IXGBE_PCI_VFCOMMAND   0x4
+#define IXGBE_PCI_VFMSIXMC0x72
+#define IXGBE_SRIOV_VF_OFFSET 0x180
+#define IXGBE_SRIOV_VF_STRIDE 0x2
+
+#define to_adapter(dev) ((struct ixgbe_adapter 
*)(pci_get_drvdata(to_pci_dev(dev)->physfn)))
+
+struct state_in_pf {
+   u16 command;
+   u16 msix_message_control;
+   struct vf_data_storage vf_data;
+};
+
+static struct pci_dev *ixgbe_get_virtfn_dev(struct pci_dev *pdev, int vfn)
+{
+   u16 rid = pdev->devfn + IXGBE_SRIOV_VF_OFFSET + IXGBE_SRIOV_VF_STRIDE * 
vfn;
+   return pci_get_bus_and_slot(pdev->bus->number + (rid >> 8), rid & 0xff);
+}
+
+static ssize_t ixgbe_show_state_in_pf(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+   struct ixgbe_adapter *adapter = to_adapter(dev);
+   struct pci_dev *pdev = adapter->pdev, *vdev;
+   struct pci_dev *vf_pdev = to_pci_dev(dev);
+   struct ixgbe_hw *hw = >hw;
+   struct state_in_pf *state = (struct state_in_pf *)buf;
+   int vfn = vf_pdev->virtfn_index;
+   u32 reg, reg_offset, vf_shift;
+
+   /* Clear VF mac and disable VF */
+   ixgbe_del_mac_filter(adapter, adapter->vfinfo[vfn].vf_mac_addresses, 
vfn);
+
+   /* Record PCI configurations */
+   vdev = ixgbe_get_virtfn_dev(pdev, vfn);
+   if (vdev) {
+   pci_read_config_word(vdev, IXGBE_PCI_VFCOMMAND, 
>command);
+   pci_read_config_word(vdev, IXGBE_PCI_VFMSIXMC, 
>msix_message_control);
+   }
+   else
+   printk(KERN_WARNING "Unable to find VF device.\n");
+
+   /* Record states hold by PF */
+   memcpy(>vf_data, >vfinfo[vfn], sizeof(struct 
vf_data_storage));
+
+   vf_shift = vfn % 32;
+   reg_offset = vfn / 32;
+
+   reg = IXGBE_READ_REG(hw, IXGBE_VFTE(reg_offset));
+   reg &= ~(1 << vf_shift);
+   IXGBE_WRITE_REG(hw, IXGBE_VFTE(reg_offset), reg);
+
+   reg = IXGBE_READ_REG(hw, IXGBE_VFRE(reg_offset));
+   reg &= ~(1 << vf_shift);
+   IXGBE_WRITE_REG(hw, IXGBE_VFRE(reg_offset), reg);
+
+   reg = IXGBE_READ_REG(hw, IXGBE_VMECM(reg_offset));
+   reg &= ~(1 << vf_shift);
+   IXGBE_WRITE_REG(hw, IXGBE_VMECM(reg_offset), reg);
+
+   return sizeof(struct state_in_pf);
+}
+
+static ssize_t ixgbe_store_state_in_pf(struct device *dev,
+  struct device_attribute *attr,
+  const char *buf, size_t count)
+{
+   struct ixgbe_adapter *adapter = to_adapter(dev);
+   struct pci_dev *pdev = adapter->pdev, *vdev;
+   struct pci_dev *vf_pdev = to_pci_dev(dev);
+   struct state_in_pf *state = (struct state_in_pf *)buf;
+   int vfn = vf_pdev->virtfn_index;
+
+   /* Check struct size */
+   if (count != sizeof(struct state_in_pf)) {
+   printk(KERN_ERR "State in PF size does not fit.\n");
+   goto out;
+   }
+
+   /* Restore PCI configurations */
+   vdev = ixgbe_get_virtfn_dev(pdev, vfn);
+   if (vdev) {
+   pci_write_config_word(vdev, IXGBE_PCI_VFCOMMAND, 
state->command);
+   pci_write_config_word(vdev, IXGBE_PCI_VFMSIXMC, 
state->msix_message_control);
+   }
+
+   /* Restore states hold by PF */
+   memcpy(>vfinfo[vfn], >vf_data, sizeof(struct 
vf_data_storage));
+
+  out:
+   return count;
+}
+
+static struct device_attribute ixgbe_per_state_in_pf_attribute =
+   __ATTR(state_in_pf, S_IRUGO | S_IWUSR,
+   ixgbe_show_state_in_pf, ixgbe_store_state_in_pf);
+
+void ixgbe_add_vf_attrib(struct ixgbe_adapter *adapter)
+{
+   struct pci_dev *pdev = adapter->pdev;
+   struct pci_dev *vfdev;
+   unsigned short vf_id;
+   int pos, ret;
+
+   pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_SRIOV);
+   if (!pos)
+   return;
+
+   /* get the device ID for the VF */
+   pci_read_config_word(pdev, pos + PCI_SRIOV_VF_DID, _id);
+
+   vfdev = pci_get_device(pdev->vendor, vf_id, NULL);
+
+   while (vfdev) {
+   if (vfdev->is_virtfn) {
+   ret = device_create_file(>dev,
+   _per_state_in_pf_attribute);
+   if (ret)
+   

[Qemu-devel] [PATCH v1 2/5] sockets: remove use of QemuOpts from socket_listen

[Daniel P. Berrange]

The socket_listen method accepts a QAPI SocketAddress object
which it then turns into QemuOpts before calling the
inet_listen_opts/unix_listen_opts helper methods. By
converting the latter to use QAPI SocketAddress directly,
the QemuOpts conversion step can be eliminated

Signed-off-by: Daniel P. Berrange 
---
 util/qemu-sockets.c | 158 +---
 1 file changed, 101 insertions(+), 57 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index dae8a6d..768ca52 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -114,36 +114,82 @@ NetworkAddressFamily inet_netfamily(int family)
 return NETWORK_ADDRESS_FAMILY_UNKNOWN;
 }
 
-static int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp)
+/*
+ * Matrix we're trying to apply
+ *
+ *  ipv4  ipv6   family
+ *   - -   PF_UNSPEC
+ *   - f   PF_INET
+ *   - t   PF_INET6
+ *   f -   PF_INET6
+ *   f f   
+ *   f t   PF_INET6
+ *   t -   PF_INET
+ *   t f   PF_INET
+ *   t t   PF_INET6
+ */
+static int inet_ai_family_from_address(InetSocketAddress *addr,
+   Error **errp)
+{
+if (addr->has_ipv6 && addr->has_ipv4 &&
+!addr->ipv6 && !addr->ipv4) {
+error_setg(errp, "Cannot disable IPv4 and IPv6 at same time");
+return PF_UNSPEC;
+}
+if (addr->has_ipv6 && addr->ipv6) {
+g_printerr("One\n");
+return PF_INET6;
+}
+if (addr->has_ipv4 && addr->ipv4) {
+g_printerr("Two\n");
+return PF_INET;
+}
+if (addr->has_ipv6 && !addr->ipv6) {
+g_printerr("Three\n");
+return PF_INET;
+}
+if (addr->has_ipv4 && !addr->ipv4) {
+g_printerr("Four\n");
+return PF_INET6;
+}
+g_printerr("Five %d %d %d %d\n",
+   addr->has_ipv4, addr->ipv4,
+   addr->has_ipv6, addr->ipv6);
+return PF_UNSPEC;
+}
+
+static int inet_listen_saddr(InetSocketAddress *saddr,
+ int port_offset,
+ bool update_addr,
+ Error **errp)
 {
 struct addrinfo ai,*res,*e;
-const char *addr;
 char port[33];
 char uaddr[INET6_ADDRSTRLEN+1];
 char uport[33];
-int slisten, rc, to, port_min, port_max, p;
+int slisten, rc, port_min, port_max, p;
+Error *err = NULL;
 
 memset(,0, sizeof(ai));
 ai.ai_flags = AI_PASSIVE;
-ai.ai_family = PF_UNSPEC;
+ai.ai_family = inet_ai_family_from_address(saddr, );
+g_printerr("Family %d\n", ai.ai_family);
 ai.ai_socktype = SOCK_STREAM;
 
-if ((qemu_opt_get(opts, "host") == NULL)) {
+if (err) {
+error_propagate(errp, err);
+return -1;
+}
+
+if (saddr->host == NULL) {
 error_setg(errp, "host not specified");
 return -1;
 }
-if (qemu_opt_get(opts, "port") != NULL) {
-pstrcpy(port, sizeof(port), qemu_opt_get(opts, "port"));
+if (saddr->port != NULL) {
+pstrcpy(port, sizeof(port), saddr->port);
 } else {
 port[0] = '\0';
 }
-addr = qemu_opt_get(opts, "host");
-
-to = qemu_opt_get_number(opts, "to", 0);
-if (qemu_opt_get_bool(opts, "ipv4", 0))
-ai.ai_family = PF_INET;
-if (qemu_opt_get_bool(opts, "ipv6", 0))
-ai.ai_family = PF_INET6;
 
 /* lookup */
 if (port_offset) {
@@ -163,11 +209,11 @@ static int inet_listen_opts(QemuOpts *opts, int 
port_offset, Error **errp)
 }
 snprintf(port, sizeof(port), "%d", (int)baseport + port_offset);
 }
-rc = getaddrinfo(strlen(addr) ? addr : NULL,
+rc = getaddrinfo(strlen(saddr->host) ? saddr->host : NULL,
  strlen(port) ? port : NULL, , );
 if (rc != 0) {
-error_setg(errp, "address resolution failed for %s:%s: %s", addr, port,
-   gai_strerror(rc));
+error_setg(errp, "address resolution failed for %s:%s: %s",
+   saddr->host, port, gai_strerror(rc));
 return -1;
 }
 
@@ -195,7 +241,7 @@ static int inet_listen_opts(QemuOpts *opts, int 
port_offset, Error **errp)
 #endif
 
 port_min = inet_getport(e);
-port_max = to ? to + port_offset : port_min;
+port_max = saddr->has_to ? saddr->to + port_offset : port_min;
 for (p = port_min; p <= port_max; p++) {
 inet_setport(e, p);
 if (bind(slisten, e->ai_addr, e->ai_addrlen) == 0) {
@@ -219,13 +265,15 @@ listen:
 freeaddrinfo(res);
 return -1;
 }
-qemu_opt_set(opts, "host", uaddr, _abort);
-qemu_opt_set_number(opts, "port", inet_getport(e) - port_offset,
-_abort);
-qemu_opt_set_bool(opts, "ipv6", e->ai_family == PF_INET6,
-  _abort);
-qemu_opt_set_bool(opts, "ipv4", e->ai_family != PF_INET6,
-  _abort);
+if (update_addr) {
+

[Qemu-devel] [PATCH v1 5/5] vnc: distiguish between ipv4/ipv6 omitted vs set to off

[Daniel P. Berrange]

The VNC code for interpreting QemuOpts does not currently
distinguish between ipv4/ipv6 being omitted, and being
set to 'off', because historically the 'ipv4' and 'ipv6'
options were just flags which did not accept a value.

The upshot is that if someone runs

  $QEMU -vnc localhost:1,ipv6=off

QEMU still uses PF_UNSPEC and thus may still bind to IPv6,
when it should use PF_INET.

This is another instance of the problem previously fixed
for chardevs in

  commit b77e7c8e99f9ac726c4eaa2fc3461fd886017dc0
  Author: Paolo Bonzini 
  Date:   Mon Oct 12 15:35:16 2015 +0200

qemu-sockets: fix conversion of ipv4/ipv6 JSON to QemuOpts

Signed-off-by: Daniel P. Berrange 
---
 ui/vnc.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index faff054..ff1d4c9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3498,8 +3498,10 @@ void vnc_display_open(const char *id, Error **errp)
 
 const char *websocket = qemu_opt_get(opts, "websocket");
 int to = qemu_opt_get_number(opts, "to", 0);
-bool has_ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
-bool has_ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
+bool has_ipv4 = qemu_opt_get(opts, "ipv4");
+bool has_ipv6 = qemu_opt_get(opts, "ipv6");
+bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
+bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
 
 saddr = g_new0(SocketAddress, 1);
 if (websocket) {
@@ -3547,8 +3549,10 @@ void vnc_display_open(const char *id, Error **errp)
 saddr->inet->has_to = true;
 saddr->inet->to = to;
 }
-saddr->inet->ipv4 = saddr->inet->has_ipv4 = has_ipv4;
-saddr->inet->ipv6 = saddr->inet->has_ipv6 = has_ipv6;
+saddr->inet->ipv4 = ipv4;
+saddr->inet->has_ipv4 = has_ipv4;
+saddr->inet->ipv6 = ipv6;
+saddr->inet->has_ipv6 = has_ipv6;
 
 if (vs->ws_enabled) {
 wsaddr->kind = SOCKET_ADDRESS_KIND_INET;
@@ -3560,8 +3564,10 @@ void vnc_display_open(const char *id, Error **errp)
 wsaddr->inet->has_to = true;
 wsaddr->inet->to = to;
 }
-wsaddr->inet->ipv4 = wsaddr->inet->has_ipv4 = has_ipv4;
-wsaddr->inet->ipv6 = wsaddr->inet->has_ipv6 = has_ipv6;
+wsaddr->inet->ipv4 = ipv4;
+wsaddr->inet->has_ipv4 = has_ipv4;
+wsaddr->inet->ipv6 = ipv6;
+wsaddr->inet->has_ipv6 = has_ipv6;
 }
 }
 } else {
-- 
2.4.3

Re: [Qemu-devel] [Qemu-block] [PATCH v5 04/12] aio: introduce aio_{disable, enable}_external

[Jeff Cody]

On Wed, Oct 21, 2015 at 10:06:41AM +0800, Fam Zheng wrote:
> Signed-off-by: Fam Zheng 
> ---
>  aio-posix.c |  3 ++-
>  aio-win32.c |  3 ++-
>  include/block/aio.h | 37 +
>  3 files changed, 41 insertions(+), 2 deletions(-)
> 
> diff --git a/aio-posix.c b/aio-posix.c
> index f0f9122..0467f23 100644
> --- a/aio-posix.c
> +++ b/aio-posix.c
> @@ -261,7 +261,8 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  
>  /* fill pollfds */
>  QLIST_FOREACH(node, >aio_handlers, node) {
> -if (!node->deleted && node->pfd.events) {
> +if (!node->deleted && node->pfd.events
> +&& aio_node_check(ctx, node->is_external)) {
>  add_pollfd(node);
>  }
>  }
> diff --git a/aio-win32.c b/aio-win32.c
> index 3110d85..43c4c79 100644
> --- a/aio-win32.c
> +++ b/aio-win32.c
> @@ -309,7 +309,8 @@ bool aio_poll(AioContext *ctx, bool blocking)
>  /* fill fd sets */
>  count = 0;
>  QLIST_FOREACH(node, >aio_handlers, node) {
> -if (!node->deleted && node->io_notify) {
> +if (!node->deleted && node->io_notify
> +&& aio_node_check(ctx, node->is_external)) {
>  events[count++] = event_notifier_get_handle(node->e);
>  }
>  }
> diff --git a/include/block/aio.h b/include/block/aio.h
> index 12f1141..80151d1 100644
> --- a/include/block/aio.h
> +++ b/include/block/aio.h
> @@ -122,6 +122,8 @@ struct AioContext {
>  
>  /* TimerLists for calling timers - one per clock type */
>  QEMUTimerListGroup tlg;
> +
> +int external_disable_cnt;
>  };
>  
>  /**
> @@ -375,4 +377,39 @@ static inline void aio_timer_init(AioContext *ctx,
>   */
>  int64_t aio_compute_timeout(AioContext *ctx);
>  
> +/**
> + * aio_disable_external:
> + * @ctx: the aio context
> + *
> + * Disable the furthur processing of clients.

s/furthur/further

The comment below specifically references external clients - I think
the comments for aio_disable_external / aio_enable_external should be
worded similarly, so there is no confusion.

> + */
> +static inline void aio_disable_external(AioContext *ctx)
> +{
> +atomic_inc(>external_disable_cnt);
> +}
> +
> +/**
> + * aio_enable_external:
> + * @ctx: the aio context
> + *
> + * Disable the processing of external clients.

Should this comment read "Enable" instead of "Disable"?

> + */
> +static inline void aio_enable_external(AioContext *ctx)
> +{
> +atomic_dec(>external_disable_cnt);

Should we assert(ctx->external_disable_cnt >= 0)?


Additional comment:  the function names aio_enable_external() and
aio_disable_external() may be a bit misleading (particularly
aio_enable_external()).  It doesn't do a blanket enable of external
aio (i.e., it does not just blindly do ctx->external_disable_cnt = 0).

Perhaps something like aio_external_disable_inc/dec()?  (I'm not real
fond of that, either).

Just something for thought.


> +}
> +
> +/**
> + * aio_node_check:
> + * @ctx: the aio context
> + * @is_external: Whether or not the checked node is an external event source.
> + *
> + * Check if the node's is_external flag is okey to be polled by the ctx at 
> this

s/okey/okay

> + * moment. True means green light.
> + */
> +static inline bool aio_node_check(AioContext *ctx, bool is_external)
> +{
> +return !is_external || !atomic_read(>external_disable_cnt);
> +}
> +

It seems a little odd to me to have this helper function take the
is_external bool field from the node as the argument - any reason to
do that, rather than pass in the AioHandler and have aio_node_check()
parse whatever fields it deems necessary from it?

>  #endif
> -- 
> 2.4.3
> 
> 

Re: [Qemu-devel] [Qemu-block] [PATCH v5 05/12] block: Introduce "drained begin/end" API

[Jeff Cody]

On Wed, Oct 21, 2015 at 10:06:42AM +0800, Fam Zheng wrote:
> The semantics is that after bdrv_drained_begin(bs), bs will not get new 
> external
> requests until the matching bdrv_drained_end(bs).
> 
> Signed-off-by: Fam Zheng 
> ---
>  block/io.c| 17 +
>  include/block/block.h | 21 +
>  include/block/block_int.h |  2 ++
>  3 files changed, 40 insertions(+)
> 
> diff --git a/block/io.c b/block/io.c
> index 2fd7a1d..5ac6256 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -2624,3 +2624,20 @@ void bdrv_flush_io_queue(BlockDriverState *bs)
>  }
>  bdrv_start_throttled_reqs(bs);
>  }
> +
> +void bdrv_drained_begin(BlockDriverState *bs)
> +{
> +if (!bs->quiesce_counter++) {
> +aio_disable_external(bdrv_get_aio_context(bs));
> +}
> +bdrv_drain(bs);
> +}
> +
> +void bdrv_drained_end(BlockDriverState *bs)
> +{
> +assert(bs->quiesce_counter > 0);
> +if (--bs->quiesce_counter > 0) {
> +return;
> +}
> +aio_enable_external(bdrv_get_aio_context(bs));
> +}

Why do we need a quiesce counter, given that
aio_{disable, enable}_external() increments / decrements a counter?



> diff --git a/include/block/block.h b/include/block/block.h
> index 28d903c..6d38b62 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -610,4 +610,25 @@ void bdrv_io_plug(BlockDriverState *bs);
>  void bdrv_io_unplug(BlockDriverState *bs);
>  void bdrv_flush_io_queue(BlockDriverState *bs);
>  
> +BlockAcctStats *bdrv_get_stats(BlockDriverState *bs);
> +

Is the above line from a bad rebase?


> +/**
> + * bdrv_drained_begin:
> + *
> + * Begin a quiesced section for exclusive access to the BDS, by disabling
> + * external request sources including NBD server and device model. Note that
> + * this doesn't block timers or coroutines from submitting more requests, 
> which
> + * means block_job_pause is still necessary.
> + *
> + * This function can be recursive.
> + */
> +void bdrv_drained_begin(BlockDriverState *bs);
> +
> +/**
> + * bdrv_drained_end:
> + *
> + * End a quiescent section started by bdrv_drained_begin().
> + */
> +void bdrv_drained_end(BlockDriverState *bs);
> +
>  #endif
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index e472a03..e317b14 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -448,6 +448,8 @@ struct BlockDriverState {
>  /* threshold limit for writes, in bytes. "High water mark". */
>  uint64_t write_threshold_offset;
>  NotifierWithReturn write_threshold_notifier;
> +
> +int quiesce_counter;
>  };
>  
>  struct BlockBackendRootState {
> -- 
> 2.4.3
> 
> 

Re: [Qemu-devel] [PATCH v2 1/5] Revert "vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE"

[Yuanhan Liu]

On Wed, Oct 21, 2015 at 05:13:49PM +0300, Michael S. Tsirkin wrote:
> On Wed, Oct 21, 2015 at 09:04:17PM +0800, Yuanhan Liu wrote:
> > On Wed, Oct 21, 2015 at 01:40:59PM +0300, Michael S. Tsirkin wrote:
> > > On Wed, Oct 21, 2015 at 05:07:14PM +0800, Yuanhan Liu wrote:
> > > > This reverts commit d1f8b30ec8dde0318fd1b98d24a64926feae9625.
> > > > 
> > > > It turned out that it breaks stuff, so revert it:
> > > > 
> > > > 
> > > > http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg00949.html
> > > > 
> > > > CC: "Michael S. Tsirkin" 
> > > > Reported-by: Paolo Bonzini 
> > > > Signed-off-by: Yuanhan Liu 
> > > 
> > > 
> > > Are these patches dependent on each other? If yes pls send a cover letter.
> > > If not pls don't send a series, post them separately.
> > 
> > Got it.
> > 
> > > And, pls Cc me on all vhost user patches.
> > 
> > Isn't I always doing that? :)
> > 
> > --yliu
> 
> You didn't for 5/5.

Oops, that obviously is a mistake. Sorry for that.

--yliu
> 
> > > 
> > > > ---
> > > >  docs/specs/vhost-user.txt   | 4 ++--
> > > >  hw/net/vhost_net.c  | 2 +-
> > > >  hw/virtio/vhost-user.c  | 8 
> > > >  linux-headers/linux/vhost.h | 2 +-
> > > >  tests/vhost-user-test.c | 2 +-
> > > >  5 files changed, 9 insertions(+), 9 deletions(-)
> > > > 
> > > > diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
> > > > index 4eadad1..4bcd17d 100644
> > > > --- a/docs/specs/vhost-user.txt
> > > > +++ b/docs/specs/vhost-user.txt
> > > > @@ -211,10 +211,10 @@ Message types
> > > >as an owner of the session. This can be used on the Slave as a
> > > >"session start" flag.
> > > >  
> > > > - * VHOST_USER_RESET_DEVICE
> > > > + * VHOST_USER_RESET_OWNER
> > > >  
> > > >Id: 4
> > > > -  Equivalent ioctl: VHOST_RESET_DEVICE
> > > > +  Equivalent ioctl: VHOST_RESET_OWNER
> > > >Master payload: N/A
> > > >  
> > > >Issued when a new connection is about to be closed. The Master 
> > > > will no
> > > > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > > > index 2bce891..804f5c9 100644
> > > > --- a/hw/net/vhost_net.c
> > > > +++ b/hw/net/vhost_net.c
> > > > @@ -296,7 +296,7 @@ static void vhost_net_stop_one(struct vhost_net 
> > > > *net,
> > > >  } else if (net->nc->info->type == 
> > > > NET_CLIENT_OPTIONS_KIND_VHOST_USER) {
> > > >  for (file.index = 0; file.index < net->dev.nvqs; ++file.index) 
> > > > {
> > > >  const VhostOps *vhost_ops = net->dev.vhost_ops;
> > > > -int r = vhost_ops->vhost_call(>dev, 
> > > > VHOST_RESET_DEVICE,
> > > > +int r = vhost_ops->vhost_call(>dev, VHOST_RESET_OWNER,
> > > >NULL);
> > > >  assert(r >= 0);
> > > >  }
> > > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > > index b11c0d2..12a9104 100644
> > > > --- a/hw/virtio/vhost-user.c
> > > > +++ b/hw/virtio/vhost-user.c
> > > > @@ -34,7 +34,7 @@ typedef enum VhostUserRequest {
> > > >  VHOST_USER_GET_FEATURES = 1,
> > > >  VHOST_USER_SET_FEATURES = 2,
> > > >  VHOST_USER_SET_OWNER = 3,
> > > > -VHOST_USER_RESET_DEVICE = 4,
> > > > +VHOST_USER_RESET_OWNER = 4,
> > > >  VHOST_USER_SET_MEM_TABLE = 5,
> > > >  VHOST_USER_SET_LOG_BASE = 6,
> > > >  VHOST_USER_SET_LOG_FD = 7,
> > > > @@ -102,7 +102,7 @@ static unsigned long int 
> > > > ioctl_to_vhost_user_request[VHOST_USER_MAX] = {
> > > >  VHOST_GET_FEATURES, /* VHOST_USER_GET_FEATURES */
> > > >  VHOST_SET_FEATURES, /* VHOST_USER_SET_FEATURES */
> > > >  VHOST_SET_OWNER,/* VHOST_USER_SET_OWNER */
> > > > -VHOST_RESET_DEVICE,  /* VHOST_USER_RESET_DEVICE */
> > > > +VHOST_RESET_OWNER,  /* VHOST_USER_RESET_OWNER */
> > > >  VHOST_SET_MEM_TABLE,/* VHOST_USER_SET_MEM_TABLE */
> > > >  VHOST_SET_LOG_BASE, /* VHOST_USER_SET_LOG_BASE */
> > > >  VHOST_SET_LOG_FD,   /* VHOST_USER_SET_LOG_FD */
> > > > @@ -192,7 +192,7 @@ static bool 
> > > > vhost_user_one_time_request(VhostUserRequest request)
> > > >  {
> > > >  switch (request) {
> > > >  case VHOST_USER_SET_OWNER:
> > > > -case VHOST_USER_RESET_DEVICE:
> > > > +case VHOST_USER_RESET_OWNER:
> > > >  case VHOST_USER_SET_MEM_TABLE:
> > > >  case VHOST_USER_GET_QUEUE_NUM:
> > > >  return true;
> > > > @@ -249,7 +249,7 @@ static int vhost_user_call(struct vhost_dev *dev, 
> > > > unsigned long int request,
> > > >  break;
> > > >  
> > > >  case VHOST_USER_SET_OWNER:
> > > > -case VHOST_USER_RESET_DEVICE:
> > > > +case VHOST_USER_RESET_OWNER:
> > > >  break;
> > > >  
> > > >  case VHOST_USER_SET_MEM_TABLE:
> > > > diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
> > > > index 14a0160..ead86db 100644
> > > > --- a/linux-headers/linux/vhost.h
> > > > +++ 

Re: [Qemu-devel] [Qemu-stable] [PATCH] util/qemu-config: fix missing machine command line options

[Michael Roth]

Quoting Tony Krowiak (2015-10-12 10:34:00)
> Commit 0a7cf217 ("util/qemu-config: fix regression of
> qmp_query_command_line_options") aimed to restore parsing of global
> machine options, but missed two: "aes-key-wrap" and
> "dea-key-wrap" (which were present in the initial version of that
> patch). Let's add them to the machine_opts again.
> 
> Fixes: 0a7cf217
> CC: Marcel Apfelbaum 
> CC: qemu-sta...@nongnu.org

Nevermind the noise, just saw that this had already been resent and Cornelia
has a PULL for it already.

> Signed-off-by: Tony Krowiak 
> ---
>  util/qemu-config.c |8 
>  1 files changed, 8 insertions(+), 0 deletions(-)
> 
> diff --git a/util/qemu-config.c b/util/qemu-config.c
> index 5fcfd0e..687fd34 100644
> --- a/util/qemu-config.c
> +++ b/util/qemu-config.c
> @@ -219,6 +219,14 @@ static QemuOptsList machine_opts = {
>  .name = "suppress-vmdesc",
>  .type = QEMU_OPT_BOOL,
>  .help = "Set on to disable self-describing migration",
> +},{
> +.name = "aes-key-wrap",
> +.type = QEMU_OPT_BOOL,
> +.help = "enable/disable AES key wrapping using the CPACF 
> wrapping key",
> +},{
> +.name = "dea-key-wrap",
> +.type = QEMU_OPT_BOOL,
> +.help = "enable/disable DEA key wrapping using the CPACF 
> wrapping key",
>  },
>  { /* End of list */ }
>  }
> -- 
> 1.7.1
> 
> 

Re: [Qemu-devel] [PATCH 0/4] mips: add Global Interrupt Controller

[Peter Crosthwaite]

On Thu, Oct 15, 2015 at 4:52 PM, Yongbok Kim  wrote:
> Add support of MIPS GIC.
> The patchset implements the Global Interrupt Controller.
>
> With the patchset Linux Kernel detects GIC and utilises it.
> # cat /proc/interrupts
>CPU0
>   0:  2XT-PIC   0  timer
>   2:  0XT-PIC   2  cascade
>   4:462XT-PIC   4  serial
>   8:  0XT-PIC   8  rtc0
>  11:  0XT-PIC  11  uhci_hcd:usb1
>  14:   1026XT-PIC  14  ide0
>  15:  0XT-PIC  15  ide1
>  21:  0  MIPS   5  CoreHi
>  23: 44  MIPS   7  timer
>  25:  12290  MIPS GIC Local   1  timer
>  34:   1490  MIPS GIC  10  XT-PIC cascade
>  98:   1490  MIPS GIC  74
> ERR:  0
>
> Limitation:
> Level triggering only
> No User-Mode Visible Section
> GIC CounterHi not implemented (Countbits = 32bits)
> DINT not implemented
> Local WatchDog, Fast Debug Channel, Perf Counter not implemented
>
> It is based on the earlier un-merged GIC implementation.
> https://lists.gnu.org/archive/html/qemu-devel/2013-03/msg00194.html
>
> For more information,
> http://imgtec.com/mips/warrior/p-class-p5600-multiprocessor-core/
> http://imgtec.com/mips/warrior/i-class-i6400-multiprocessor-core/
>
>
> Yongbok Kim (4):
>   target-mips: add CMGCRBase register
>   mips: add Global Config Register block (part)
>   mips: add Global Interrupt Controller
>   mips: add gic support to malta
>
>  hw/mips/Makefile.objs|2 +-
>  hw/mips/mips_gcr.c   |  120 
>  hw/mips/mips_gcr.h   |   57 
>  hw/mips/mips_gic.c   |  653 
> ++
>  hw/mips/mips_gic.h   |  298 +++

New interrupt controllers should go in the hw/intc directory. GCR
probably belongs in misc (there are similar concepts there for other
arches like arm_sysctl).

Regards,
Peter

>  hw/mips/mips_malta.c |   71 +-
>  target-mips/cpu.h|4 +-
>  target-mips/translate.c  |   17 ++
>  target-mips/translate_init.c |3 +-
>  9 files changed, 1220 insertions(+), 5 deletions(-)
>  create mode 100644 hw/mips/mips_gcr.c
>  create mode 100644 hw/mips/mips_gcr.h
>  create mode 100644 hw/mips/mips_gic.c
>  create mode 100644 hw/mips/mips_gic.h
>
>

[Qemu-devel] [PATCH QEMU-XEN v4 2/9] xen: Switch to libxenevtchn interface for compat shims.

[Ian Campbell]

In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenevtchn which provides access to event
channels.

In preparation for this switch the compatibility layer in xen_common.h
(which support building with older versions of Xen) to use what will
be the new library API. This means that the evtchn shim will disappear
for versions of Xen which include libxenevtchn.

To simplify things for the <= 4.0.0 support we wrap the int fd in a
malloc(sizeof int) such that the handle is always a pointer. This
leads to less typedef headaches and the need for
XC_HANDLER_INITIAL_VALUE etc for these interfaces.

Build tested with 4.0 and 4.5.

Note that this patch does not add any support for actually using
libxenevtchn, it just adjusts the existing shims.

Note that xc_evtchn_alloc_unbound functionality remains in libxenctrl,
since that functionality is not exposed by /dev/xen/evtchn.

Signed-off-by: Ian Campbell 
---
v4: Ran checkpatch, fixed all errors
Allocate correct size for handle (i.e. not size of the ptr)
---
 hw/xen/xen_backend.c | 31 ---
 include/hw/xen/xen_backend.h |  2 +-
 include/hw/xen/xen_common.h  | 44 ++--
 xen-hvm.c| 25 +
 4 files changed, 64 insertions(+), 38 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index b2cb22b..342ec9b 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -243,19 +243,19 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 xendev->debug  = debug;
 xendev->local_port = -1;
 
-xendev->evtchndev = xen_xc_evtchn_open(NULL, 0);
-if (xendev->evtchndev == XC_HANDLER_INITIAL_VALUE) {
+xendev->evtchndev = xenevtchn_open(NULL, 0);
+if (xendev->evtchndev == NULL) {
 xen_be_printf(NULL, 0, "can't open evtchn device\n");
 g_free(xendev);
 return NULL;
 }
-fcntl(xc_evtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
+fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
 
 if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
 xendev->gnttabdev = xen_xc_gnttab_open(NULL, 0);
 if (xendev->gnttabdev == XC_HANDLER_INITIAL_VALUE) {
 xen_be_printf(NULL, 0, "can't open gnttab device\n");
-xc_evtchn_close(xendev->evtchndev);
+xenevtchn_close(xendev->evtchndev);
 g_free(xendev);
 return NULL;
 }
@@ -306,8 +306,8 @@ static struct XenDevice *xen_be_del_xendev(int dom, int dev)
 g_free(xendev->fe);
 }
 
-if (xendev->evtchndev != XC_HANDLER_INITIAL_VALUE) {
-xc_evtchn_close(xendev->evtchndev);
+if (xendev->evtchndev != NULL) {
+xenevtchn_close(xendev->evtchndev);
 }
 if (xendev->gnttabdev != XC_HANDLER_INITIAL_VALUE) {
 xc_gnttab_close(xendev->gnttabdev);
@@ -691,13 +691,14 @@ static void xen_be_evtchn_event(void *opaque)
 struct XenDevice *xendev = opaque;
 evtchn_port_t port;
 
-port = xc_evtchn_pending(xendev->evtchndev);
+port = xenevtchn_pending(xendev->evtchndev);
 if (port != xendev->local_port) {
-xen_be_printf(xendev, 0, "xc_evtchn_pending returned %d (expected 
%d)\n",
+xen_be_printf(xendev, 0,
+  "xenevtchn_pending returned %d (expected %d)\n",
   port, xendev->local_port);
 return;
 }
-xc_evtchn_unmask(xendev->evtchndev, port);
+xenevtchn_unmask(xendev->evtchndev, port);
 
 if (xendev->ops->event) {
 xendev->ops->event(xendev);
@@ -742,14 +743,14 @@ int xen_be_bind_evtchn(struct XenDevice *xendev)
 if (xendev->local_port != -1) {
 return 0;
 }
-xendev->local_port = xc_evtchn_bind_interdomain
+xendev->local_port = xenevtchn_bind_interdomain
 (xendev->evtchndev, xendev->dom, xendev->remote_port);
 if (xendev->local_port == -1) {
-xen_be_printf(xendev, 0, "xc_evtchn_bind_interdomain failed\n");
+xen_be_printf(xendev, 0, "xenevtchn_bind_interdomain failed\n");
 return -1;
 }
 xen_be_printf(xendev, 2, "bind evtchn port %d\n", xendev->local_port);
-qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev),
+qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev),
 xen_be_evtchn_event, NULL, xendev);
 return 0;
 }
@@ -759,15 +760,15 @@ void xen_be_unbind_evtchn(struct XenDevice *xendev)
 if (xendev->local_port == -1) {
 return;
 }
-qemu_set_fd_handler(xc_evtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
-xc_evtchn_unbind(xendev->evtchndev, xendev->local_port);
+qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
+xenevtchn_unbind(xendev->evtchndev, xendev->local_port);
 

Re: [Qemu-devel] [PATCH 3/4] mips: add Global Interrupt Controller

[Leon Alrae]

On 16/10/15 00:52, Yongbok Kim wrote:
> The Global Interrupt Controller (GIC) is responsible for mapping each
> internal and external interrupt to the correct location for servicing.
> 
> Limitations:
> Level triggering only
> No User-Mode Visible Section
> GIC CounterHi not implemented (Countbits = 32bits)
> DINT not implemented
> Local WatchDog, Fast Debug Channel, Perf Counter not implemented
> 
> Signed-off-by: Yongbok Kim 
> ---
>  hw/mips/Makefile.objs |2 +-
>  hw/mips/mips_gic.c|  653 
> +
>  hw/mips/mips_gic.h|  298 ++

Files are in mips directory thus "mips_" prefix seems redundant.

>  3 files changed, 952 insertions(+), 1 deletions(-)
>  create mode 100644 hw/mips/mips_gic.c
>  create mode 100644 hw/mips/mips_gic.h
> 
> diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
> index d247d95..6cd9d67 100644
> --- a/hw/mips/Makefile.objs
> +++ b/hw/mips/Makefile.objs
> @@ -1,5 +1,5 @@
>  obj-y += mips_r4k.o mips_malta.o mips_mipssim.o
> -obj-y += addr.o cputimer.o mips_int.o mips_gcr.o
> +obj-y += addr.o cputimer.o mips_int.o mips_gcr.o mips_gic.o
>  obj-$(CONFIG_JAZZ) += mips_jazz.o
>  obj-$(CONFIG_FULONG) += mips_fulong2e.o
>  obj-y += gt64xxx_pci.o
> diff --git a/hw/mips/mips_gic.c b/hw/mips/mips_gic.c
> new file mode 100644
> index 000..27ae7ab
> --- /dev/null
> +++ b/hw/mips/mips_gic.c
> @@ -0,0 +1,653 @@
> +/*
> + * This file is subject to the terms and conditions of the GNU General Public
> + * License.  See the file "COPYING" in the main directory of this archive
> + * for more details.
> + *
> + * Copyright (C) 2012  MIPS Technologies, Inc.  All rights reserved.
> + * Authors: Sanjay Lal 
> + *
> + * Copyright (C) 2015 Imagination Technologies
> + */
> +
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "qemu/bitmap.h"
> +#include "exec/memory.h"
> +#include "sysemu/sysemu.h"
> +#include "qom/cpu.h"
> +#include "exec/address-spaces.h"
> +
> +#ifdef CONFIG_KVM
> +#include "sysemu/kvm.h"
> +#include "kvm_mips.h"
> +#endif
> +
> +#include "hw/mips/mips_gic.h"
> +
> +#define TIMER_PERIOD 10 /* 10 ns period for 100 Mhz frequency */
> +
> +static inline int gic_get_current_cpu(MIPSGICState *g)
> +{
> +if (g->num_cpu > 1) {
> +return current_cpu->cpu_index;
> +}
> +return 0;
> +}
> +
> +static void gic_set_vp_irq(MIPSGICState *gic, int vpe, int pin, int level)
> +{
> +int ored_level = level;
> +int i;
> +/* ORing pending registers sharing same pin */
> +if (!ored_level) {
> +for (i = 0; i < gic->num_irq; i++) {
> +if ((gic->gic_irqs[i].map_pin & GIC_MAP_MSK) == pin &&
> +gic->gic_irqs[i].map_vpe == vpe &&
> +gic->gic_irqs[i].enabled) {
> +ored_level |= gic->gic_irqs[i].pending;
> +}
> +if (ored_level) {
> +/* no need to iterate all interrupts */
> +break;
> +}
> +}

I think we should keep information which pins are shared, so we wouldn't
need to check all the gic pins every time.

> +if (((gic->vps[vpe].compare_map & GIC_MAP_MSK) == pin) &&
> +(gic->vps[vpe].mask & GIC_VPE_SMASK_CMP_MSK)) {
> +/* ORing with local pending register (count/compare) */
> +ored_level |= ((gic->vps[vpe].pend >> 1) & 1);
> +}
> +}
> +
> +#ifdef CONFIG_KVM
> +if (kvm_enabled())  {
> +kvm_mips_set_ipi_interrupt(gic->vps[vpe].env, pin + 
> GIC_CPU_PIN_OFFSET,
> +   ored_level);
> +}
> +#endif
> +qemu_set_irq(gic->vps[vpe].env->irq[pin + GIC_CPU_PIN_OFFSET], 
> ored_level);
> +}
> +
> +/* GIC VPE Local Timer */
> +static uint32_t gic_vpe_timer_update(MIPSGICState *gic, uint32_t vp_index)
> +{
> +uint64_t now, next;
> +uint32_t wait;
> +
> +now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
> +wait = gic->vps[vp_index].comparelo - gic->gic_sh_counterlo -
> +(uint32_t)(now / TIMER_PERIOD);
> +next = now + (uint64_t)wait * TIMER_PERIOD;
> +
> +timer_mod(gic->vps[vp_index].gic_timer->qtimer , next);
> +return wait;
> +}
> +
> +static void gic_vpe_timer_expire(MIPSGICState *gic, uint32_t vp_index)
> +{
> +uint32_t pin;
> +pin = (gic->vps[vp_index].compare_map & GIC_MAP_MSK);
> +gic_vpe_timer_update(gic, vp_index);
> +gic->vps[vp_index].pend |= (1 << 1);
> +
> +if (gic->vps[vp_index].pend &
> +(gic->vps[vp_index].mask & GIC_VPE_SMASK_CMP_MSK)) {
> +if (gic->vps[vp_index].compare_map & 0x8000) {
> +/* it is safe to set the irq high regardless of other GIC IRQs */
> +qemu_irq_raise(gic->vps[vp_index].env->irq
> +   [pin + GIC_CPU_PIN_OFFSET]);
> +}
> +}
> +}
> +
> +static uint32_t gic_get_sh_count(MIPSGICState *gic)
> +{
> +int i;
> +if 

Re: [Qemu-devel] [PATCH 0/4] mips: add Global Interrupt Controller

[Peter Maydell]

On 16 October 2015 at 00:52, Yongbok Kim  wrote:
> Add support of MIPS GIC.
> The patchset implements the Global Interrupt Controller.
>
> With the patchset Linux Kernel detects GIC and utilises it.
> # cat /proc/interrupts
>CPU0
>   0:  2XT-PIC   0  timer
>   2:  0XT-PIC   2  cascade
>   4:462XT-PIC   4  serial
>   8:  0XT-PIC   8  rtc0
>  11:  0XT-PIC  11  uhci_hcd:usb1
>  14:   1026XT-PIC  14  ide0
>  15:  0XT-PIC  15  ide1
>  21:  0  MIPS   5  CoreHi
>  23: 44  MIPS   7  timer
>  25:  12290  MIPS GIC Local   1  timer
>  34:   1490  MIPS GIC  10  XT-PIC cascade
>  98:   1490  MIPS GIC  74
> ERR:  0
>
> Limitation:
> Level triggering only
> No User-Mode Visible Section
> GIC CounterHi not implemented (Countbits = 32bits)
> DINT not implemented
> Local WatchDog, Fast Debug Channel, Perf Counter not implemented
>
> It is based on the earlier un-merged GIC implementation.
> https://lists.gnu.org/archive/html/qemu-devel/2013-03/msg00194.html
>
> For more information,
> http://imgtec.com/mips/warrior/p-class-p5600-multiprocessor-core/
> http://imgtec.com/mips/warrior/i-class-i6400-multiprocessor-core/
>
>
> Yongbok Kim (4):
>   target-mips: add CMGCRBase register
>   mips: add Global Config Register block (part)
>   mips: add Global Interrupt Controller
>   mips: add gic support to malta
>
>  hw/mips/Makefile.objs|2 +-
>  hw/mips/mips_gcr.c   |  120 
>  hw/mips/mips_gcr.h   |   57 
>  hw/mips/mips_gic.c   |  653 
> ++
>  hw/mips/mips_gic.h   |  298 +++
>  hw/mips/mips_malta.c |   71 +-
>  target-mips/cpu.h|4 +-
>  target-mips/translate.c  |   17 ++
>  target-mips/translate_init.c |3 +-
>  9 files changed, 1220 insertions(+), 5 deletions(-)
>  create mode 100644 hw/mips/mips_gcr.c
>  create mode 100644 hw/mips/mips_gcr.h
>  create mode 100644 hw/mips/mips_gic.c
>  create mode 100644 hw/mips/mips_gic.h

Should this live in hw/intc/ if it is an interrupt controller?

thanks
-- PMM

Re: [Qemu-devel] qemu-guest-agent question

[Michael Roth]

Quoting Vasiliy Tolstov (2015-10-19 08:41:35)
> I'm try to understand sources of qga and have a question-  does agent
> execute commands synchronous or if i'm send firstly long running
> command and after that send  short lived command, short lived command
> response can be sended before first command result?
> Thanks!

Yes, commands are executed asynchronously. guest-exec kicks them off and
returns a handle. guest-exec-status can be called later with that handle
to check on the status of the command. If the command has completed,
guest-exec-status will report the return status, along with stdout/stderr
if capture mode was enabled. Multiple commands can be issued/running at
any one time.

The documentation in qemu.git/qga/qapi-schema.json has more exact details.

> 
> -- 
> Vasiliy Tolstov,
> e-mail: v.tols...@selfip.ru
> 

[Qemu-devel] [Bug 1323758] Re: Mouse stops working when connected usb-storage-device

[Stefan Bader]

** Changed in: qemu (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1323758

Title:
  Mouse stops working when connected usb-storage-device

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  I'm running a guest that has Windows 8 Pro (x64) installed. Every time
  I pass through a usb storage device from the host to the guest, the
  mouse stops working in the vnc client. When I remove the usb-device
  the mouse works again.

  The mouse only stops working when I pass through a usb storage device
  and then make the vlc viewer (client) inactive by clicking on another
  program on the local computer (where I'm running the vnc viewer
  (client)). As long as I keep the vnc viewer active, the mouse works
  without any problems. But as soon as I make the vnc viewer inactive
  and then active again, the mouse will no longer work. I have to reboot
  the guest or remove the usb storage device.

  I can't find any related problems on the internet, so it may be just
  me?

  I hope someone can help me with this.

  EDIT: I posted the extra/new information in comments. But as I know
  see it might be wrong and maybe I should've posted them in this bug
  description container (by editing)? Please tell me if I did it wrong
  and I will change it. Sorry for this misunderstanding.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1323758/+subscriptions

[Qemu-devel] [RFC PATCH 3/3] Qemu: Introduce pci-sriov device type to support VF live migration

[Lan Tianyu]

This patch is to migrate VF status during migration between
source and target machine.

There are three kinds of VF status involved.
1) PCI configure space regs
2) MSIX configure
3) VF status in the PF driver

The PCI configure space regs and MSIX configure are originally
stored in Qemu.

VF status in the PF driver can be saved and restored via new sysfs
node state_in_pf under VF sysfs directory.

Fake PCI configure space regs "0xF0" to let VF driver to know migration
status. Qemu set reg "0xF0" to 1 when migration starts and set it to 0
when migration completes. VF driver tells Qemu it's ready for migration
via writing 1 to reg "0xF1".

Qemu notifies VF driver about migration status change via new sysfs
node notify_vf to send mailbox msg to VF driver.

Signed-off-by: Lan Tianyu 
---
 hw/i386/kvm/Makefile.objs |   2 +-
 hw/i386/kvm/pci-assign.c  |   2 +-
 hw/i386/kvm/sriov.c   | 213 ++
 3 files changed, 215 insertions(+), 2 deletions(-)
 create mode 100644 hw/i386/kvm/sriov.c

diff --git a/hw/i386/kvm/Makefile.objs b/hw/i386/kvm/Makefile.objs
index d8bce20..09324e9 100644
--- a/hw/i386/kvm/Makefile.objs
+++ b/hw/i386/kvm/Makefile.objs
@@ -1 +1 @@
-obj-y += clock.o apic.o i8259.o ioapic.o i8254.o pci-assign.o
+obj-y += clock.o apic.o i8259.o ioapic.o i8254.o pci-assign.o sriov.o
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 616532d..84c5ff5 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -1770,7 +1770,7 @@ static void assign_class_init(ObjectClass *klass, void 
*data)
 k->config_read  = assigned_dev_pci_read_config;
 k->config_write = assigned_dev_pci_write_config;
 dc->props   = assigned_dev_properties;
-dc->vmsd= _assigned_device;
+//dc->vmsd= _assigned_device;
 dc->reset   = reset_assigned_device;
 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
 dc->desc= "KVM-based PCI passthrough";
diff --git a/hw/i386/kvm/sriov.c b/hw/i386/kvm/sriov.c
new file mode 100644
index 000..ac37035
--- /dev/null
+++ b/hw/i386/kvm/sriov.c
@@ -0,0 +1,213 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "hw/hw.h"
+#include "hw/i386/pc.h"
+#include "pci-assign.h"
+
+
+#define TYPE_PCI_SRIOV "pci-sriov"
+
+#define SRIOV_LM_SETUP 0x01
+#define SRIOV_LM_COMPLETE 0x02
+
+static int pt_save_pf_buf(struct PCIDevice *pdev, unsigned char **buf,
+  int *len)
+{
+AssignedDevice *adev = PCI_ASSIGN(pdev);
+char file[128];
+FILE *f;
+
+*len = 0;
+
+snprintf(file, sizeof(file),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/state_in_pf",
+ adev->host.domain, adev->host.bus, adev->host.slot,
+ adev->host.function);
+
+if (!(f = fopen(file, "rb"))) {
+return -EEXIST;
+}
+*buf = g_malloc(4096);
+*len = fread(*buf, 1, 4096, f);
+fclose(f);
+
+return 0;
+}
+
+static void pt_restore_pf_buf(struct PCIDevice *pdev, unsigned char *buf, int 
len)
+{
+AssignedDevice *adev = PCI_ASSIGN(pdev);
+FILE *f;
+char file[128];
+
+snprintf(file, sizeof(file),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/state_in_pf",
+ adev->host.domain, adev->host.bus, adev->host.slot,
+ adev->host.function);
+
+printf("path: %s\n", file);
+if (!(f = fopen(file, "wb")))
+return;
+
+fwrite(buf, 1, len, f);
+fclose(f);
+
+}
+
+static void assign_dev_post_load(void *opaque)
+{
+struct PCIDevice *pdev = (struct PCIDevice *)opaque;
+AssignedDevice *adev = PCI_ASSIGN(pdev);
+char file[128];
+FILE *f;
+
+snprintf(file, sizeof(file),
+ "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/notify_vf",
+ adev->host.domain, adev->host.bus, adev->host.slot,
+ adev->host.function);
+
+printf("notify path %s\n", file);
+if (!(f = fopen(file, "wb")))
+return;
+
+fwrite("1", 1, 1, f);
+fclose(f);
+}
+
+static int assign_dev_load(QEMUFile *f, void *opaque, int version_id)
+{
+struct PCIDevice *pdev = (struct PCIDevice *)opaque;
+AssignedDevice *adev = PCI_ASSIGN(pdev);
+unsigned char *buf = NULL;
+int ret, len, num;
+
+if(qemu_get_byte(f)!= SRIOV_LM_COMPLETE)
+return 0;
+
+ret = pci_device_load(pdev, f);
+if (ret) {
+printf("pci config error %d\n", ret);
+return ret;
+}
+
+qemu_get_sbe32s(f, );
+qemu_get_buffer(f, (unsigned char *)adev->msix_table,
+   num * PCI_MSIX_ENTRY_SIZE);
+assigned_dev_update_msix(pdev);
+
+len = qemu_get_be32(f);
+if (len) {
+buf = g_malloc(len);
+qemu_get_buffer(f, buf, len);
+pt_restore_pf_buf(pdev, buf, len);
+g_free(buf);
+}
+
+
+pci_default_write_config(pdev, 0xf0, 0x00, 1);
+pci_default_write_config(pdev, 0xf1, 0x00, 1);
+return 0;
+}
+

[Qemu-devel] [RFC PATCH 2/3] Qemu: Add post_load_state() to run after restoring CPU state

[Lan Tianyu]

After migration, Qemu needs to trigger mailbox irq to notify VF driver
in the guest about status change. The irq delivery restarts to work after
restoring CPU state. This patch is to add new callback to run after
restoring CPU state and provide a way to trigger mailbox irq later.

Signed-off-by: Lan Tianyu 
---
 include/migration/vmstate.h |  2 ++
 migration/savevm.c  | 15 +++
 2 files changed, 17 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 0695d7c..dc681a6 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -56,6 +56,8 @@ typedef struct SaveVMHandlers {
 int (*save_live_setup)(QEMUFile *f, void *opaque);
 uint64_t (*save_live_pending)(QEMUFile *f, void *opaque, uint64_t 
max_size);
 
+/* This runs after restoring CPU related state */
+void (*post_load_state)(void *opaque);
 LoadStateHandler *load_state;
 } SaveVMHandlers;
 
diff --git a/migration/savevm.c b/migration/savevm.c
index 9e0e286..48b6223 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -702,6 +702,20 @@ bool qemu_savevm_state_blocked(Error **errp)
 return false;
 }
 
+void qemu_savevm_post_load(void)
+{
+SaveStateEntry *se;
+
+QTAILQ_FOREACH(se, _state.handlers, entry) {
+if (!se->ops || !se->ops->post_load_state) {
+continue;
+}
+
+se->ops->post_load_state(se->opaque);
+}
+}
+
+
 void qemu_savevm_state_header(QEMUFile *f)
 {
 trace_savevm_state_header();
@@ -1140,6 +1154,7 @@ int qemu_loadvm_state(QEMUFile *f)
 }
 
 cpu_synchronize_all_post_init();
+qemu_savevm_post_load();
 
 ret = 0;
 
-- 
1.9.3

[Qemu-devel] [PATCH QEMU-XEN v4 9/9] xen: make it possible to build without the Xen PV domain builder

[Ian Campbell]

Until the previous patch this relied on xc_fd(), which was only
implemented for Xen 4.0 and earlier.

Given this wasn't working since Xen 4.0 I have marked this as disabled
by default.

Removing this support drops the use of a bunch of symbols from
libxenctrl, specifically:

  - xc_domain_create
  - xc_domain_destroy
  - xc_domain_getinfo
  - xc_domain_max_vcpus
  - xc_domain_setmaxmem
  - xc_domain_unpause
  - xc_evtchn_alloc_unbound
  - xc_linux_build

This is another step towards only using Xen libraries which provide a
stable inteface.

Signed-off-by: Ian Campbell 
---
v4: Fixed all checkpatch errors.
Disabled by default.
---
 configure | 17 +
 hw/xenpv/Makefile.objs|  4 +++-
 hw/xenpv/xen_machine_pv.c | 14 ++
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index fe0a39d..9eab587 100755
--- a/configure
+++ b/configure
@@ -910,6 +910,10 @@ for opt do
   ;;
   --enable-xen-pci-passthrough) xen_pci_passthrough="yes"
   ;;
+  --disable-xen-pv-domain-build) xen_pv_domain_build="no"
+  ;;
+  --enable-xen-pv-domain-build) xen_pv_domain_build="yes"
+  ;;
   --disable-brlapi) brlapi="no"
   ;;
   --enable-brlapi) brlapi="yes"
@@ -2113,6 +2117,15 @@ if test "$xen_pci_passthrough" != "no"; then
   fi
 fi
 
+if test "$xen_pv_domain_build" != "no"; then
+  if test "$xen_pv_domain_build" = "yes" &&
+ test "$xen" != "yes"; then
+  error_exit "User requested Xen PV domain builder support" \
+"which requires Xen support."
+  fi
+  xen_pv_domain_build=no
+fi
+
 ##
 # libtool probe
 
@@ -4393,6 +4406,7 @@ fi
 echo "xen support   $xen"
 if test "$xen" = "yes" ; then
   echo "xen ctrl version  $xen_ctrl_version"
+  echo "pv dom build $xen_pv_domain_build"
 fi
 echo "brlapi support$brlapi"
 echo "bluez  support$bluez"
@@ -4725,6 +4739,9 @@ fi
 if test "$xen" = "yes" ; then
   echo "CONFIG_XEN_BACKEND=y" >> $config_host_mak
   echo "CONFIG_XEN_CTRL_INTERFACE_VERSION=$xen_ctrl_version" >> 
$config_host_mak
+  if test "$xen_pv_domain_build" = "yes" ; then
+echo "CONFIG_XEN_PV_DOMAIN_BUILD=y" >> $config_host_mak
+  fi
 fi
 if test "$linux_aio" = "yes" ; then
   echo "CONFIG_LINUX_AIO=y" >> $config_host_mak
diff --git a/hw/xenpv/Makefile.objs b/hw/xenpv/Makefile.objs
index 49f6e9e..bbf5873 100644
--- a/hw/xenpv/Makefile.objs
+++ b/hw/xenpv/Makefile.objs
@@ -1,2 +1,4 @@
 # Xen PV machine support
-obj-$(CONFIG_XEN) += xen_domainbuild.o xen_machine_pv.o
+obj-$(CONFIG_XEN) += xen_machine_pv.o
+# Xen PV machine builder support
+obj-$(CONFIG_XEN_PV_DOMAIN_BUILD) += xen_domainbuild.o
diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c
index 2e545d2..e5b3698 100644
--- a/hw/xenpv/xen_machine_pv.c
+++ b/hw/xenpv/xen_machine_pv.c
@@ -30,9 +30,6 @@
 
 static void xen_init_pv(MachineState *machine)
 {
-const char *kernel_filename = machine->kernel_filename;
-const char *kernel_cmdline = machine->kernel_cmdline;
-const char *initrd_filename = machine->initrd_filename;
 DriveInfo *dinfo;
 int i;
 
@@ -46,13 +43,22 @@ static void xen_init_pv(MachineState *machine)
 case XEN_ATTACH:
 /* nothing to do, xend handles everything */
 break;
-case XEN_CREATE:
+case XEN_CREATE: {
+#ifdef CONFIG_XEN_PV_DOMAIN_BUILD
+const char *kernel_filename = machine->kernel_filename;
+const char *kernel_cmdline = machine->kernel_cmdline;
+const char *initrd_filename = machine->initrd_filename;
 if (xen_domain_build_pv(kernel_filename, initrd_filename,
 kernel_cmdline) < 0) {
 fprintf(stderr, "xen pv domain creation failed\n");
 exit(1);
 }
+#else
+fprintf(stderr, "xen pv domain creation not supported\n");
+exit(1);
+#endif
 break;
+}
 case XEN_EMULATE:
 fprintf(stderr, "xen emulation not implemented (yet)\n");
 exit(1);
-- 
2.1.4

Re: [Qemu-devel] qemu-guest-agent question

[Michael Roth]

Quoting Michael Roth (2015-10-21 10:10:40)
> Quoting Vasiliy Tolstov (2015-10-19 08:41:35)
> > I'm try to understand sources of qga and have a question-  does agent
> > execute commands synchronous or if i'm send firstly long running
> > command and after that send  short lived command, short lived command
> > response can be sended before first command result?
> > Thanks!
> 
> Yes, commands are executed asynchronously. guest-exec kicks them off and
> returns a handle. guest-exec-status can be called later with that handle
> to check on the status of the command. If the command has completed,
> guest-exec-status will report the return status, along with stdout/stderr
> if capture mode was enabled. Multiple commands can be issued/running at
> any one time.
> 
> The documentation in qemu.git/qga/qapi-schema.json has more exact details.

I assumed you were referring to 'commands' via the recent
guest-exec command that was added, but in case that's not what you were
asking about:

The guest agent commands themselves are synchronous, and qga will
process and respond to requests as it recieves them, one at a time,
from start to finish.

> 
> > 
> > -- 
> > Vasiliy Tolstov,
> > e-mail: v.tols...@selfip.ru
> > 

[Qemu-devel] [PATCH QEMU-XEN v4 0/9] Begin to disentangle libxenctrl and provide some stable libraries

[Ian Campbell]

We intend to stabilise some parts of the libxenctrl interface by
splitting out some functionality into separate stable libraries.

This is the qemu-xen part of the first phase of that change.

This mail is (or is intended to be) a reply to a "0/"
super-intro mail covering all of the related patch series and which
contains more details.

Ian Campbell (9):
  xen_console: correctly cleanup primary console on teardown.
  xen: Switch to libxenevtchn interface for compat shims.
  xen: Switch to libxengnttab interface for compat shims.
  xen: Switch uses of xc_map_foreign_range into xc_map_foreign_bulk
  xen: Switch uses of xc_map_foreign_pages into xc_map_foreign_bulk
  xen: Switch uses of xc_map_foreign_bulk to use libxenforeignmemory
API.
  xen: Use stable library interfaces when they are available.
  xen: domainbuild: reopen libxenctrl interface after forking for domain
watcher.
  xen: make it possible to build without the Xen PV domain builder

 configure|  72 +++
 hw/block/xen_disk.c  |  38 ++--
 hw/char/xen_console.c|  20 +++
 hw/display/xenfb.c   |  22 ---
 hw/net/xen_nic.c |  16 ++---
 hw/xen/xen_backend.c |  44 +++---
 hw/xenpv/Makefile.objs   |   4 +-
 hw/xenpv/xen_domainbuild.c   |   9 ++-
 hw/xenpv/xen_machine_pv.c|  14 +++--
 include/hw/xen/xen_backend.h |   5 +-
 include/hw/xen/xen_common.h  | 135 +--
 xen-common.c |   6 ++
 xen-hvm.c|  53 +
 xen-mapcache.c   |   6 +-
 14 files changed, 309 insertions(+), 135 deletions(-)

-- 
2.1.4

[Qemu-devel] [PULL v2 2/9] s390x/virtio-ccw: fix 2.4 virtio compat

[Cornelia Huck]

Commit 542571d5 ("virtio-ccw: enable virtio-1") missed some virtio
devices for the 2.4 compat handling. Add them.

Fixes: 542571d5 ("virtio-ccw: enable virtio-1")
Signed-off-by: Cornelia Huck 
Reviewed-by: Christian Borntraeger 
---
 hw/s390x/s390-virtio-ccw.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 6195f13..b9033d4 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -262,6 +262,18 @@ static const TypeInfo ccw_machine_info = {
 .driver   = "virtio-rng-ccw",\
 .property = "max_revision",\
 .value= "0",\
+},{\
+.driver   = "virtio-net-ccw",\
+.property = "max_revision",\
+.value= "0",\
+},{\
+.driver   = "virtio-scsi-ccw",\
+.property = "max_revision",\
+.value= "0",\
+},{\
+.driver   = "vhost-scsi-ccw",\
+.property = "max_revision",\
+.value= "0",\
 },
 
 static void ccw_machine_2_4_class_init(ObjectClass *oc, void *data)
-- 
2.6.2

[Qemu-devel] [PATCH QEMU-XEN v4 5/9] xen: Switch uses of xc_map_foreign_pages into xc_map_foreign_bulk

[Ian Campbell]

In Xen 4.7 we are refactoring parts libxenctrl into a number of
separate libraries which will provide backward and forward API and ABI
compatiblity.

One such library will be libxenforeignmemory which provides access to
privileged foreign mappings and which will provide an interface
equivalent to xc_map_foreign_bulk.

In preparation for this switch both uses of xc_map_foreign_pages
(which both happen to be in xenfb_map_fb) to xc_map_foreign_bulk. This
simply requires allocating and passing a new err array (the same one
for both calls).

Build tested with 4.0 and 4.5.

Signed-off-by: Ian Campbell 
Acked-by: Stefano Stabellini 
---
v4: Fix indentation
---
 hw/display/xenfb.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 10cefed..b0ac1e6 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -428,6 +428,7 @@ static int xenfb_map_fb(struct XenFB *xenfb)
 int n_fbdirs;
 xen_pfn_t *pgmfns = NULL;
 xen_pfn_t *fbmfns = NULL;
+int *errs = NULL;
 void *map, *pd;
 int mode, ret = -1;
 
@@ -487,17 +488,18 @@ static int xenfb_map_fb(struct XenFB *xenfb)
 
 pgmfns = g_malloc0(sizeof(xen_pfn_t) * n_fbdirs);
 fbmfns = g_malloc0(sizeof(xen_pfn_t) * xenfb->fbpages);
+errs = g_malloc0(sizeof(int) * n_fbdirs);
 
 xenfb_copy_mfns(mode, n_fbdirs, pgmfns, pd);
-map = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
-  PROT_READ, pgmfns, n_fbdirs);
+map = xc_map_foreign_bulk(xen_xc, xenfb->c.xendev.dom,
+  PROT_READ, pgmfns, errs, n_fbdirs);
 if (map == NULL)
goto out;
 xenfb_copy_mfns(mode, xenfb->fbpages, fbmfns, map);
 munmap(map, n_fbdirs * XC_PAGE_SIZE);
 
-xenfb->pixels = xc_map_foreign_pages(xen_xc, xenfb->c.xendev.dom,
-PROT_READ, fbmfns, xenfb->fbpages);
+xenfb->pixels = xc_map_foreign_bulk(xen_xc, xenfb->c.xendev.dom,
+PROT_READ, fbmfns, errs, xenfb->fbpages);
 if (xenfb->pixels == NULL)
goto out;
 
@@ -506,6 +508,7 @@ static int xenfb_map_fb(struct XenFB *xenfb)
 out:
 g_free(pgmfns);
 g_free(fbmfns);
+g_free(errs);
 return ret;
 }
 
-- 
2.1.4

[Qemu-devel] [RFC PATCH 0/3] Qemu/IXGBE: Add live migration support for SRIOV NIC

[Lan Tianyu]

This patchset is Qemu part for live migration support for SRIOV NIC.
kernel part patch information is in the following link.
http://marc.info/?l=kvm=144544635330193=2


Lan Tianyu (3):
  Qemu: Add pci-assign.h to share functions and struct definition with
new file
  Qemu: Add post_load_state() to run after restoring CPU state
  Qemu: Introduce pci-sriov device type to support VF live migration

 hw/i386/kvm/Makefile.objs   |   2 +-
 hw/i386/kvm/pci-assign.c| 113 +--
 hw/i386/kvm/pci-assign.h| 109 +++
 hw/i386/kvm/sriov.c | 213 
 include/migration/vmstate.h |   2 +
 migration/savevm.c  |  15 
 6 files changed, 344 insertions(+), 110 deletions(-)
 create mode 100644 hw/i386/kvm/pci-assign.h
 create mode 100644 hw/i386/kvm/sriov.c

-- 
1.9.3

Re: [Qemu-devel] [Qemu-stable] [PATCH] util/qemu-config: fix missing machine command line options

[Michael Roth]

Quoting Tony Krowiak (2015-10-12 10:34:00)
> Commit 0a7cf217 ("util/qemu-config: fix regression of
> qmp_query_command_line_options") aimed to restore parsing of global
> machine options, but missed two: "aes-key-wrap" and
> "dea-key-wrap" (which were present in the initial version of that
> patch). Let's add them to the machine_opts again.
> 
> Fixes: 0a7cf217
> CC: Marcel Apfelbaum 
> CC: qemu-sta...@nongnu.org

Ping for upcoming 2.4.1 stable release

(and added qemu-devel@nongnu.org, which should be Cc'd on all patches)

> Signed-off-by: Tony Krowiak 
> ---
>  util/qemu-config.c |8 
>  1 files changed, 8 insertions(+), 0 deletions(-)
> 
> diff --git a/util/qemu-config.c b/util/qemu-config.c
> index 5fcfd0e..687fd34 100644
> --- a/util/qemu-config.c
> +++ b/util/qemu-config.c
> @@ -219,6 +219,14 @@ static QemuOptsList machine_opts = {
>  .name = "suppress-vmdesc",
>  .type = QEMU_OPT_BOOL,
>  .help = "Set on to disable self-describing migration",
> +},{
> +.name = "aes-key-wrap",
> +.type = QEMU_OPT_BOOL,
> +.help = "enable/disable AES key wrapping using the CPACF 
> wrapping key",
> +},{
> +.name = "dea-key-wrap",
> +.type = QEMU_OPT_BOOL,
> +.help = "enable/disable DEA key wrapping using the CPACF 
> wrapping key",
>  },
>  { /* End of list */ }
>  }
> -- 
> 1.7.1
> 
> 

[Qemu-devel] [RFC PATCH 1/3] Qemu: Add pci-assign.h to share functions and struct definition with new file

[Lan Tianyu]

Signed-off-by: Lan Tianyu 
---
 hw/i386/kvm/pci-assign.c | 111 ++-
 hw/i386/kvm/pci-assign.h | 109 ++
 2 files changed, 112 insertions(+), 108 deletions(-)
 create mode 100644 hw/i386/kvm/pci-assign.h

diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 74d22f4..616532d 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -37,112 +37,7 @@
 #include "hw/pci/pci.h"
 #include "hw/pci/msi.h"
 #include "kvm_i386.h"
-
-#define MSIX_PAGE_SIZE 0x1000
-
-/* From linux/ioport.h */
-#define IORESOURCE_IO   0x0100  /* Resource type */
-#define IORESOURCE_MEM  0x0200
-#define IORESOURCE_IRQ  0x0400
-#define IORESOURCE_DMA  0x0800
-#define IORESOURCE_PREFETCH 0x2000  /* No side effects */
-#define IORESOURCE_MEM_64   0x0010
-
-//#define DEVICE_ASSIGNMENT_DEBUG
-
-#ifdef DEVICE_ASSIGNMENT_DEBUG
-#define DEBUG(fmt, ...)   \
-do {  \
-fprintf(stderr, "%s: " fmt, __func__ , __VA_ARGS__);  \
-} while (0)
-#else
-#define DEBUG(fmt, ...)
-#endif
-
-typedef struct PCIRegion {
-int type;   /* Memory or port I/O */
-int valid;
-uint64_t base_addr;
-uint64_t size;/* size of the region */
-int resource_fd;
-} PCIRegion;
-
-typedef struct PCIDevRegions {
-uint8_t bus, dev, func; /* Bus inside domain, device and function */
-int irq;/* IRQ number */
-uint16_t region_number; /* number of active regions */
-
-/* Port I/O or MMIO Regions */
-PCIRegion regions[PCI_NUM_REGIONS - 1];
-int config_fd;
-} PCIDevRegions;
-
-typedef struct AssignedDevRegion {
-MemoryRegion container;
-MemoryRegion real_iomem;
-union {
-uint8_t *r_virtbase; /* mmapped access address for memory regions */
-uint32_t r_baseport; /* the base guest port for I/O regions */
-} u;
-pcibus_t e_size;/* emulated size of region in bytes */
-pcibus_t r_size;/* real size of region in bytes */
-PCIRegion *region;
-} AssignedDevRegion;
-
-#define ASSIGNED_DEVICE_PREFER_MSI_BIT  0
-#define ASSIGNED_DEVICE_SHARE_INTX_BIT  1
-
-#define ASSIGNED_DEVICE_PREFER_MSI_MASK (1 << ASSIGNED_DEVICE_PREFER_MSI_BIT)
-#define ASSIGNED_DEVICE_SHARE_INTX_MASK (1 << ASSIGNED_DEVICE_SHARE_INTX_BIT)
-
-typedef struct MSIXTableEntry {
-uint32_t addr_lo;
-uint32_t addr_hi;
-uint32_t data;
-uint32_t ctrl;
-} MSIXTableEntry;
-
-typedef enum AssignedIRQType {
-ASSIGNED_IRQ_NONE = 0,
-ASSIGNED_IRQ_INTX_HOST_INTX,
-ASSIGNED_IRQ_INTX_HOST_MSI,
-ASSIGNED_IRQ_MSI,
-ASSIGNED_IRQ_MSIX
-} AssignedIRQType;
-
-typedef struct AssignedDevice {
-PCIDevice dev;
-PCIHostDeviceAddress host;
-uint32_t dev_id;
-uint32_t features;
-int intpin;
-AssignedDevRegion v_addrs[PCI_NUM_REGIONS - 1];
-PCIDevRegions real_device;
-PCIINTxRoute intx_route;
-AssignedIRQType assigned_irq_type;
-struct {
-#define ASSIGNED_DEVICE_CAP_MSI (1 << 0)
-#define ASSIGNED_DEVICE_CAP_MSIX (1 << 1)
-uint32_t available;
-#define ASSIGNED_DEVICE_MSI_ENABLED (1 << 0)
-#define ASSIGNED_DEVICE_MSIX_ENABLED (1 << 1)
-#define ASSIGNED_DEVICE_MSIX_MASKED (1 << 2)
-uint32_t state;
-} cap;
-uint8_t emulate_config_read[PCI_CONFIG_SPACE_SIZE];
-uint8_t emulate_config_write[PCI_CONFIG_SPACE_SIZE];
-int msi_virq_nr;
-int *msi_virq;
-MSIXTableEntry *msix_table;
-hwaddr msix_table_addr;
-uint16_t msix_max;
-MemoryRegion mmio;
-char *configfd_name;
-int32_t bootindex;
-} AssignedDevice;
-
-#define TYPE_PCI_ASSIGN "kvm-pci-assign"
-#define PCI_ASSIGN(obj) OBJECT_CHECK(AssignedDevice, (obj), TYPE_PCI_ASSIGN)
+#include "pci-assign.h"
 
 static void assigned_dev_update_irq_routing(PCIDevice *dev);
 
@@ -1044,7 +939,7 @@ static bool assigned_dev_msix_masked(MSIXTableEntry *entry)
  * sure the physical MSI-X state tracks the guest's view, which is important
  * for some VF/PF and PF/fw communication channels.
  */
-static bool assigned_dev_msix_skipped(MSIXTableEntry *entry)
+bool assigned_dev_msix_skipped(MSIXTableEntry *entry)
 {
 return !entry->data;
 }
@@ -1114,7 +1009,7 @@ static int assigned_dev_update_msix_mmio(PCIDevice 
*pci_dev)
 return r;
 }
 
-static void assigned_dev_update_msix(PCIDevice *pci_dev)
+void assigned_dev_update_msix(PCIDevice *pci_dev)
 {
 AssignedDevice *assigned_dev = PCI_ASSIGN(pci_dev);
 uint16_t ctrl_word = pci_get_word(pci_dev->config + pci_dev->msix_cap +
diff --git a/hw/i386/kvm/pci-assign.h b/hw/i386/kvm/pci-assign.h
new file mode 100644
index 000..91d00ea
--- /dev/null
+++ b/hw/i386/kvm/pci-assign.h
@@ -0,0 +1,109 @@
+#define MSIX_PAGE_SIZE 0x1000
+
+/* From linux/ioport.h */
+#define IORESOURCE_IO   0x0100  /* Resource type */
+#define IORESOURCE_MEM  

Re: [Qemu-devel] [PATCH v2 5/5] vhost: send VHOST_USER_SET_VRING_ENABLE at start/stop

[Michael S. Tsirkin]

On Wed, Oct 21, 2015 at 09:43:16PM +0800, Yuanhan Liu wrote:
> On Wed, Oct 21, 2015 at 01:39:11PM +0300, Michael S. Tsirkin wrote:
> > On Wed, Oct 21, 2015 at 05:07:18PM +0800, Yuanhan Liu wrote:
> > > Send VHOST_USER_SET_VRING_ENABLE at start/stop when multiple queue
> > > is negotiated, to inform the backend that we are ready or not.
> > 
> > OK but that's only if MQ is set.
> 
> Maybe we could just call vhost_backend_set_vring_enable() unconditionally?
> It's nil operation when MQ is not set.
> 
> > If now, we need to do
> > RESET_OWNER followed by SET_OWNER.
> 
> Could you be more specific? Why sending RESET_OWNER followed by
> SET_OWNER?
> 
> TBH, I'm a bit confused with RESET_OWNER now: what it does, and when is
> supposed to send it :(

It's not well specified, but it does say it's analogous to RESET_OWNER
in kernel. That one is well documented:

/* Set current process as the (exclusive) owner of this file descriptor.
 * This must be called before any other vhost command.  Further calls to
 * VHOST_OWNER_SET fail until VHOST_OWNER_RESET is called. */
#define VHOST_SET_OWNER _IO(VHOST_VIRTIO, 0x01)
/* Give up ownership, and reset the device to default values.
 * Allows subsequent call to VHOST_OWNER_SET to succeed. */
#define VHOST_RESET_OWNER _IO(VHOST_VIRTIO, 0x02)


So if we want just the reset part, we need to do VHOST_RESET_OWNER
then redo everything that we did previously: VHOST_SET_OWNER
SET_VRING_CALL etc etc.

> And, sending RESET_OWNER inside virtio_net_reset() also looks weird.
> I made a quick try before sending this patchset, and the vhost-user
> request dump doesn't look right to me: the message is sent after
> vhost dev init (GET_FEATURES, GET_PROTOCOL_FEATURE, SET_OWNER, ...,
> SET_VRING_CALL),  and before peer attach (SET_VRING_ENABLE) and
> vhost_dev_start (SET_MEM_TABLE, ... SET_VRING_KICK ...):

Food for thought.


> 
> # start of a VM
> 
> VHOST_CONFIG: new virtio connection is 28
> VHOST_CONFIG: new device, handle is 0
> VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
> VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
> VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
> VHOST_CONFIG: read message VHOST_USER_SET_OWNER
> VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:0 file:29
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:1 file:30
> VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> VHOST_CONFIG: read message VHOST_USER_GET_PROTOCOL_FEATURES
> VHOST_CONFIG: read message VHOST_USER_SET_PROTOCOL_FEATURES
> VHOST_CONFIG: read message VHOST_USER_GET_QUEUE_NUM
> VHOST_CONFIG: read message VHOST_USER_GET_FEATURES
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> ...
> ...
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:6 file:35
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:7 file:36
> 
> ==> VHOST_CONFIG: read message VHOST_USER_RESET_OWNER
> VHOST_CONFIG: read message VHOST_USER_RESET_OWNER
> 
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> VHOST_CONFIG: set queue enable: 1 to qp idx: 0
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> VHOST_CONFIG: set queue enable: 0 to qp idx: 2
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> VHOST_CONFIG: set queue enable: 0 to qp idx: 4
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_ENABLE
> VHOST_CONFIG: set queue enable: 0 to qp idx: 6
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:0 file:29
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:1 file:30
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:2 file:31
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:3 file:32
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:4 file:33
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:5 file:34
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:6 file:35
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_CALL
> VHOST_CONFIG: vring call idx:7 file:36
> VHOST_CONFIG: read message VHOST_USER_SET_FEATURES
> VHOST_CONFIG: read message VHOST_USER_SET_MEM_TABLE
> VHOST_CONFIG: mapped region 0 fd:37 to 0x2aaac000 sz:0xa off:0x0
> VHOST_CONFIG: mapped region 1 fd:38 to 0x2aab sz:0x8000 
> off:0xc
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_NUM
> VHOST_CONFIG: read message VHOST_USER_SET_VRING_BASE
> VHOST_CONFIG: read message 

Re: [Qemu-devel] [PATCH COLO-Frame v9 00/32] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service (FT)

[Dr. David Alan Gilbert]

Hi,
  Not something I found on this set; but on your older set, where you have
the experimental 'live' ram transfer; we found a test that was slowed
down (5x) by the calls to 'colo_need_live_migrate_ram'; even if it decides
not to send any RAM in the live phase, the call to 'qemu_savevm_state_pending'
can be really expensive.

  Just thought it worth mentioning.

Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH v1 0/5] Convert qemu-socket to use QAPI exclusively

[Daniel P. Berrange]

All the callers of the qemu-sockets module now use the APIs
which take a QAPI SocketAddress.

Thus we now have the fun situation with VNC & Chardevs that
they use QemuOpts to parse the CLI args, then convert to
a SocketAddress, pass it into qemu-sockets which converts
it back into a QemuOpts instance.

This series rips out all usage of QemuOpts from qemu-sockets
so that the code exclusively uses QAPI SocketAddress objects.
Now when parsing CLI args, we just convert from QemuOpts to
SocketAddress and use that directly, and when using the
monitor there's no conversion at all, we have SocketAddress
all the way.

This conversion also fixes a bug in the code where use of
ipv4=off and ipv6=off at the same time, resulted in using
PF_UNSPEC and so was in effective equivalent to using
ipv4=on and ipv6=on.  We now report an explicit error for
the ipv4=off + ipv6=off scenario, since it is an invalid
request to make.

Finally, the VNC code is fixed to honour the distinction
between ipv4/ipv6 being omitted vs set to 'off'.

Daniel P. Berrange (5):
  sockets: remove use of QemuOpts from header file
  sockets: remove use of QemuOpts from socket_listen
  sockets: remove use of QemuOpts from socket_connect
  sockets: remove use of QemuOpts from socket_dgram
  vnc: distiguish between ipv4/ipv6 omitted vs set to off

 include/qemu/sockets.h |  10 --
 ui/vnc.c   |  18 ++-
 util/qemu-sockets.c| 348 +++--
 3 files changed, 173 insertions(+), 203 deletions(-)

-- 
2.4.3

Re: [Qemu-devel] [PATCH RFC V5 1/9] hw/intc: Implement GIC-500 support files

[Pavel Fedin]

 Hello!

>> See this: 
>> http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg02349.html. This 
>> is also a part of my live migration RFC.
>> I remember that Peter told long time ago that "it should really be a 
>> property", when i integrated full affinity support. But, he currently
>> refused to accept this small standalone patch because there are no users for 
>> now. My GICv3 live migration is waiting for kernel API to be
>> ready. And kernel API is waiting for kernel 4.5 development cycle to begin.
> So please resubmit it and mention me as a client.

 Ok, i'll PING, but you can also include it into your patchset. BTW, why is it 
still RFC?

> But I wonder if accessing the property in real time (not in only in 
> initialization) from the GIC code will have impact on performance.

 It can, but you can cache them during realize. For example, if you accept my 
data layout, then you can just add "uint64_t mp_affinity" to GICv3CPUState.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

[Qemu-devel] [PATCH 17/40] target-arm: Share all common TCG temporaries

[Michael Roth]

From: Richard Henderson 

This is a bug fix for aarch64.  At present, we have branches using
the 32-bit (translate.c) versions of cpu_[NZCV]F, but we set the flags
using the 64-bit (translate-a64.c) versions of cpu_[NZCV]F.  From
the view of the TCG code generator, these are unrelated variables.

The bug is hard to see because we currently only read these variables
from branches, and upon reaching a branch TCG will first spill live
variables and then reload the arguments of the branch.  Since the
32-bit versions were never live until reaching the branch, we'd re-read
the data that had just been spilled from the 64-bit versions.

There is currently no such problem with the cpu_exclusive_* variables,
but there's no point in tempting fate.

Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Message-id: 1441909103-24666-2-git-send-email-...@twiddle.net
Signed-off-by: Peter Maydell 
(cherry picked from commit 78bcaa3e37afbd0c5316634f917c13487384b6ca)
Signed-off-by: Michael Roth 
---
 target-arm/translate-a64.c | 22 --
 target-arm/translate.c | 10 +-
 target-arm/translate.h |  8 
 3 files changed, 13 insertions(+), 27 deletions(-)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 689f2be..0f923d3 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -39,16 +39,9 @@
 
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
-static TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 
 /* Load/store exclusive handling */
-static TCGv_i64 cpu_exclusive_addr;
-static TCGv_i64 cpu_exclusive_val;
 static TCGv_i64 cpu_exclusive_high;
-#ifdef CONFIG_USER_ONLY
-static TCGv_i64 cpu_exclusive_test;
-static TCGv_i32 cpu_exclusive_info;
-#endif
 
 static const char *regnames[] = {
 "x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
@@ -104,23 +97,8 @@ void a64_translate_init(void)
   regnames[i]);
 }
 
-cpu_NF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, NF), 
"NF");
-cpu_ZF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, ZF), 
"ZF");
-cpu_CF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, CF), 
"CF");
-cpu_VF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, VF), 
"VF");
-
-cpu_exclusive_addr = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
-cpu_exclusive_val = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUARMState, exclusive_val), "exclusive_val");
 cpu_exclusive_high = tcg_global_mem_new_i64(TCG_AREG0,
 offsetof(CPUARMState, exclusive_high), "exclusive_high");
-#ifdef CONFIG_USER_ONLY
-cpu_exclusive_test = tcg_global_mem_new_i64(TCG_AREG0,
-offsetof(CPUARMState, exclusive_test), "exclusive_test");
-cpu_exclusive_info = tcg_global_mem_new_i32(TCG_AREG0,
-offsetof(CPUARMState, exclusive_info), "exclusive_info");
-#endif
 }
 
 static inline ARMMMUIdx get_a64_user_mem_index(DisasContext *s)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 69ac18c..4385322 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -64,12 +64,12 @@ TCGv_ptr cpu_env;
 /* We reuse the same 64-bit temporaries for efficiency.  */
 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
 static TCGv_i32 cpu_R[16];
-static TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
-static TCGv_i64 cpu_exclusive_addr;
-static TCGv_i64 cpu_exclusive_val;
+TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
+TCGv_i64 cpu_exclusive_addr;
+TCGv_i64 cpu_exclusive_val;
 #ifdef CONFIG_USER_ONLY
-static TCGv_i64 cpu_exclusive_test;
-static TCGv_i32 cpu_exclusive_info;
+TCGv_i64 cpu_exclusive_test;
+TCGv_i32 cpu_exclusive_info;
 #endif
 
 /* FIXME:  These should be removed.  */
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 9ab978f..679bdbc 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -62,7 +62,15 @@ typedef struct DisasContext {
 TCGv_i64 tmp_a64[TMP_A64_MAX];
 } DisasContext;
 
+/* Share the TCG temporaries common between 32 and 64 bit modes.  */
 extern TCGv_ptr cpu_env;
+extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
+extern TCGv_i64 cpu_exclusive_addr;
+extern TCGv_i64 cpu_exclusive_val;
+#ifdef CONFIG_USER_ONLY
+extern TCGv_i64 cpu_exclusive_test;
+extern TCGv_i32 cpu_exclusive_info;
+#endif
 
 static inline int arm_dc_feature(DisasContext *dc, int feature)
 {
-- 
1.9.1

[Qemu-devel] [PATCH 03/40] target-arm/arm-semi.c: Fix broken SYS_WRITE0 via gdb

[Michael Roth]

From: Peter Maydell 

A spurious trailing "\n" in the gdb syscall format string used
for SYS_WRITE0 meant that gdb would reject the remote syscall,
with the effect that the output from the guest was silently dropped.
Remove the newline so that gdb accepts the packet.

Cc: qemu-sta...@nongnu.org

Signed-off-by: Peter Maydell 
(cherry picked from commit 857b55adb77004d9ec9202078b7f1f3a1a076112)
Signed-off-by: Michael Roth 
---
 target-arm/arm-semi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-arm/arm-semi.c b/target-arm/arm-semi.c
index a2a7369..42522a7 100644
--- a/target-arm/arm-semi.c
+++ b/target-arm/arm-semi.c
@@ -260,7 +260,7 @@ uint32_t do_arm_semihosting(CPUARMState *env)
 return (uint32_t)-1;
 len = strlen(s);
 if (use_gdb_syscalls()) {
-gdb_do_syscall(arm_semi_cb, "write,2,%x,%x\n", args, len);
+gdb_do_syscall(arm_semi_cb, "write,2,%x,%x", args, len);
 ret = env->regs[0];
 } else {
 ret = write(STDERR_FILENO, s, len);
-- 
1.9.1

[Qemu-devel] Functions to intercept Disk IO information?

[QuQ Edsel]

Hi,
My friends and I were assigned a task to find out a point to insert a
callback function to intercept Disk IO activities such as read/write a .txt
file. Our final goal is to generate a report for target process/file 's
Disk IO activities. We have QEMU 2.3 with KVM enabled. We have been looking
for such a point for long...but not so capable of such a task.
People who had this project last year done so with TEMU 1.0 (probably QEMU
0.9), and the implementation point they had is dma_buf_rw(). The
information in their report shows pid, timestamps, disk sector, buffer size
and write/read for a target file (I am not even sure if such information is
meaningful or useful)
Currently I have tried to printf in functions such as dma_buf_rw /
dma_blk_io / bdrv_aio_readv...etc. to see if they print out message when I
open/edit/save a .txt or .jpeg file. The first one just don't print at all,
and the second and third one print a lot after booting up the guest
I can see that the dma_blk_io function call in ide_dma_cb (core.c) may be
related because it prints as I have activities on files. However it also
prints sometime when I am not doing any thing... so I not that certain
about it. (and I don't know if write/read activities invoke such
function..)

Is there a correct /better point to intercept disk IO information
?(especially for activities such as read/write a .file)
Or what should I do to clearly get the needed information from Disk IO
functions?
I would be so grateful to have the information.
Thank you.

The guest environment I have is 64bit Windows 7 with qcow2 image (not sure
if relative)

Edsel

[Qemu-devel] [PATCH 01/40] scsi-disk: Fix assertion failure on WRITE SAME

[Michael Roth]

From: Fam Zheng 

The last portion of an unaligned WRITE SAME command could fail the
assertion in bdrv_aligned_pwritev:

assert(!qiov || bytes == qiov->size);

Because we updated data->iov.iov_len right above this if block, but
data->qiov still has the old size.

Reinitialize the qiov to make them equal and keep block layer happy.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Fam Zheng 
Message-Id: <1438159512-3871-2-git-send-email-f...@redhat.com>
Signed-off-by: Paolo Bonzini 
(cherry picked from commit a56537a12757a8cdee24ad8c83e5af7a9833ea70)
Signed-off-by: Michael Roth 
---
 hw/scsi/scsi-disk.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 64f0694..0e0bc64 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1683,6 +1683,10 @@ static void scsi_write_same_complete(void *opaque, int 
ret)
 if (data->iov.iov_len) {
 block_acct_start(blk_get_stats(s->qdev.conf.blk), >acct,
  data->iov.iov_len, BLOCK_ACCT_WRITE);
+/* blk_aio_write doesn't like the qiov size being different from
+ * nb_sectors, make sure they match.
+ */
+qemu_iovec_init_external(>qiov, >iov, 1);
 r->req.aiocb = blk_aio_writev(s->qdev.conf.blk, data->sector,
   >qiov, data->iov.iov_len / 512,
   scsi_write_same_complete, data);
-- 
1.9.1

[Qemu-devel] [PATCH 20/40] gtk: use setlocale() for LC_MESSAGES only

[Michael Roth]

From: Alberto Garcia 

The QEMU code is not internationalized and assumes that it runs under
the C locale, but if we use the GTK+ UI we'll end up importing the
locale settings from the environment. This can break things, such as
the JSON generator and iotest 120 in locales that use a decimal comma.

We do however have translations for a few simple strings for the GTK+
menu items, so in order to run QEMU using the C locale, and yet have a
translated UI let's use setlocale() for LC_MESSAGES only.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Alberto Garcia 
Signed-off-by: Gerd Hoffmann 
(cherry picked from commit 2cb5d2a47c655331bcf0ab16bab8fe4701182c58)
Signed-off-by: Michael Roth 
---
 ui/gtk.c | 21 -
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index df2a79e..11ea2cf 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1941,7 +1941,8 @@ void gtk_display_init(DisplayState *ds, bool full_screen, 
bool grab_on_hover)
 
 s->free_scale = FALSE;
 
-setlocale(LC_ALL, "");
+/* LC_MESSAGES only. See early_gtk_display_init() for details */
+setlocale(LC_MESSAGES, "");
 bindtextdomain("qemu", CONFIG_QEMU_LOCALEDIR);
 textdomain("qemu");
 
@@ -2010,6 +2011,24 @@ void gtk_display_init(DisplayState *ds, bool 
full_screen, bool grab_on_hover)
 
 void early_gtk_display_init(int opengl)
 {
+/* The QEMU code relies on the assumption that it's always run in
+ * the C locale. Therefore it is not prepared to deal with
+ * operations that produce different results depending on the
+ * locale, such as printf's formatting of decimal numbers, and
+ * possibly others.
+ *
+ * Since GTK+ calls setlocale() by default -importing the locale
+ * settings from the environment- we must prevent it from doing so
+ * using gtk_disable_setlocale().
+ *
+ * QEMU's GTK+ UI, however, _does_ have translations for some of
+ * the menu items. As a trade-off between a functionally correct
+ * QEMU and a fully internationalized UI we support importing
+ * LC_MESSAGES from the environment (see the setlocale() call
+ * earlier in this file). This allows us to display translated
+ * messages leaving everything else untouched.
+ */
+gtk_disable_setlocale();
 gtkinit = gtk_init_check(NULL, NULL);
 if (!gtkinit) {
 /* don't exit yet, that'll break -help */
-- 
1.9.1

[Qemu-devel] [PATCH 25/40] qom: Do not reuse errp after a possible error

[Michael Roth]

From: Markus Armbruster 

The argument for an Error **errp parameter must point to a null
pointer.  If it doesn't, and an error happens, error_set() fails its
assertion.

Instead of

foo(foos, errp);
bar(bars, errp);

you need to do something like

Error *err = NULL;

foo(foos, );
if (err) {
error_propagate(errp, err);
goto out;
}

bar(bars, errp);
out:

Screwed up in commit 0e55884 (v1.3.0): property_get_bool().

Screwed up in commit 1f21772 (v2.1.0): object_property_get_enum() and
object_property_get_uint16List().

Screwed up in commit a8e3fbe (v2.4.0): property_get_enum(),
property_set_enum().

Found by inspection, no actual crashes observed.

Fix them up.

Cc: Anthony Liguori 
Cc: Hu Tao 
Cc: Daniel P. Berrange 
Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrange 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färber 
(cherry picked from commit 4715d42efe8632b0f9d2594a80e917de45e4ef88)
Signed-off-by: Michael Roth 
---
 qom/object.c | 41 +++--
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/qom/object.c b/qom/object.c
index eea8edf..c9aedd0 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1079,6 +1079,7 @@ typedef struct EnumProperty {
 int object_property_get_enum(Object *obj, const char *name,
  const char *typename, Error **errp)
 {
+Error *err = NULL;
 StringOutputVisitor *sov;
 StringInputVisitor *siv;
 char *str;
@@ -1100,7 +1101,12 @@ int object_property_get_enum(Object *obj, const char 
*name,
 enumprop = prop->opaque;
 
 sov = string_output_visitor_new(false);
-object_property_get(obj, string_output_get_visitor(sov), name, errp);
+object_property_get(obj, string_output_get_visitor(sov), name, );
+if (err) {
+error_propagate(errp, err);
+string_output_visitor_cleanup(sov);
+return 0;
+}
 str = string_output_get_string(sov);
 siv = string_input_visitor_new(str);
 string_output_visitor_cleanup(sov);
@@ -1116,21 +1122,27 @@ int object_property_get_enum(Object *obj, const char 
*name,
 void object_property_get_uint16List(Object *obj, const char *name,
 uint16List **list, Error **errp)
 {
+Error *err = NULL;
 StringOutputVisitor *ov;
 StringInputVisitor *iv;
 char *str;
 
 ov = string_output_visitor_new(false);
 object_property_get(obj, string_output_get_visitor(ov),
-name, errp);
+name, );
+if (err) {
+error_propagate(errp, err);
+goto out;
+}
 str = string_output_get_string(ov);
 iv = string_input_visitor_new(str);
 visit_type_uint16List(string_input_get_visitor(iv),
   list, NULL, errp);
 
 g_free(str);
-string_output_visitor_cleanup(ov);
 string_input_visitor_cleanup(iv);
+out:
+string_output_visitor_cleanup(ov);
 }
 
 void object_property_parse(Object *obj, const char *string,
@@ -1646,8 +1658,14 @@ static void property_get_bool(Object *obj, Visitor *v, 
void *opaque,
 {
 BoolProperty *prop = opaque;
 bool value;
+Error *err = NULL;
+
+value = prop->get(obj, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
 
-value = prop->get(obj, errp);
 visit_type_bool(v, , name, errp);
 }
 
@@ -1701,8 +1719,14 @@ static void property_get_enum(Object *obj, Visitor *v, 
void *opaque,
 {
 EnumProperty *prop = opaque;
 int value;
+Error *err = NULL;
+
+value = prop->get(obj, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
 
-value = prop->get(obj, errp);
 visit_type_enum(v, , prop->strings, NULL, name, errp);
 }
 
@@ -1711,8 +1735,13 @@ static void property_set_enum(Object *obj, Visitor *v, 
void *opaque,
 {
 EnumProperty *prop = opaque;
 int value;
+Error *err = NULL;
 
-visit_type_enum(v, , prop->strings, NULL, name, errp);
+visit_type_enum(v, , prop->strings, NULL, name, );
+if (err) {
+error_propagate(errp, err);
+return;
+}
 prop->set(obj, value, errp);
 }
 
-- 
1.9.1