Re: [Qemu-devel] [PATCH v4 RFC] spec: add qcow2-dirty-bitmaps specification

[John Snow]

On 12/14/2015 11:18 PM, Fam Zheng wrote:
> On Mon, 12/14 21:05, Max Reitz wrote:
>> On 14.12.2015 18:43, Vladimir Sementsov-Ogievskiy wrote:
>>> The new feature for qcow2: storing dirty bitmaps.
>>>
>>> Only dirty bitmaps relative to this qcow2 image should be stored in it.
>>>
>>> Strings started from +# are RFC-strings, not to be commited of course.
>>>
>>>
>>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>>> ---
>>>
>>>  docs/specs/qcow2.txt | 151 
>>> ++-
>>>  1 file changed, 150 insertions(+), 1 deletion(-)
>>
>> Overall: Looks better to me. Good enough for me to ACK it, but I still
>> have some issues with it.
>>
>> Let's evaluate the main point of critique I had: I really want this not
>> to be qemu-specific but potentially useful to all programs.
>>
>> Pretty good: You do implicitly describe what a (dirty) bitmap looks like
>> by describing how to obtain the bit offset of a certain byte guest
>> offset. So it's not an opaque binary data dump anymore.
>>
>> (Why only "pretty good"? I find the description to be a bit too
>> "implicit", I think a separate section describing the bitmap structure
>> would be better.)
>>
>> Good: The bitmap actually describes the qcow2 file.
>>
>> Not so good: While now any program knows how to read the bitmap and that
>> it does refer to this qcow2 file, it's interpretation is not so easy
>> still. Generally, a dirty bitmap has some reference point, that is the
>> state of the disk when the bitmap was cleared or created. For instance,
>> for incremental backups, whenever you create a backup based on a dirty
>> bitmap, the dirty bitmap is cleared and the backup target is then said
>> reference point.
>> I think it would be nice to put that reference point (i.e. the name of
>> an image file that contains the clean image) into the dirty bitmap
>> header, if possible.
>>
>>
>> (Note: I won't comment on orthography, because I feel like that is
>> something a native speaker should do. O:-))
>>
>>> diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
>>> index 121dfc8..3c89580 100644
>>> --- a/docs/specs/qcow2.txt
>>> +++ b/docs/specs/qcow2.txt
>>> @@ -103,7 +103,17 @@ in the description of a field.
>>>  write to an image with unknown auto-clear features if 
>>> it
>>>  clears the respective bits from this field first.
>>>  
>>> -Bits 0-63:  Reserved (set to 0)
>>> +Bit 0:  Dirty bitmaps bit.
>>> +This bit is responsible for Dirty bitmaps
>>> +extension consistency.
>>> +If it is set, but there is no Dirty bitmaps
>>> +extensions, this should be considered as an
>>> +error.
>>> +If it is not set, but there is a Dirty 
>>> bitmaps
>>> +extension, its data should be considered as
>>> +inconsistent.
>>> +
>>> +Bits 1-63:  Reserved (set to 0)
>>>  
>>>   96 -  99:  refcount_order
>>>  Describes the width of a reference count block entry 
>>> (width
>>> @@ -123,6 +133,7 @@ be stored. Each extension has a structure like the 
>>> following:
>>>  0x - End of the header extension area
>>>  0xE2792ACA - Backing file format name
>>>  0x6803f857 - Feature name table
>>> +0x23852875 - Dirty bitmaps
>>>  other  - Unknown header extension, can be 
>>> safely
>>>   ignored
>>>  
>>> @@ -166,6 +177,31 @@ the header extension data. Each entry look like this:
>>>  terminated if it has full length)
>>>  
>>>  
>>> +== Dirty bitmaps ==
>>> +
>>> +Dirty bitmaps is an optional header extension. It provides an ability to 
>>> store
>>> +dirty bitmaps in a qcow2 image. The data of this extension should be 
>>> considered
>>> +as consistent only if corresponding auto-clear feature bit is set (see
>>> +autoclear_features above).
>>> +The fields of Dirty bitmaps extension are:
>>> +
>>> +  0 -  3:  nb_dirty_bitmaps
>>> +   The number of dirty bitmaps contained in the image. 
>>> Valid
>>> +   values: 1 - 65535.
>>
>> Again, I don't see a reason for why we should impose a strict upper
>> limit here. I'd prefer "Note that qemu currently only supports up to
>> 65535 dirty bitmaps per image."
>>
>>> +# Let's be strict, the feature should be deleted with deleting last bitmap.
> 
> Do you mean unsetting the auto-clear feature bit? Yes, I think that makes 
> sense.
> 

I assumed he meant the entire bitmap header. If there's no bitmaps,
there's no reason to store the extension anymore.

>>> +
>>> +  4 -  7:  

Re: [Qemu-devel] [PATCH 1/6] arm: use "struct ARMCPU" in header files

[Peter Maydell]

On 15 December 2015 at 14:28, Paolo Bonzini  wrote:
> This removes a dependency on cpu.h.  Since this is in most cases the
> _only_ dependency on cpu.h, removing it now makes it easier to
> disentangle qemu-common.h and cpu.h.
>
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/arm/strongarm.h  |  2 +-
>  include/hw/arm/arm.h| 12 +++-
>  include/hw/arm/exynos4210.h |  5 +++--
>  include/hw/arm/omap.h   |  4 +++-
>  include/hw/arm/pxa.h|  8 +---
>  5 files changed, 19 insertions(+), 12 deletions(-)
>
> diff --git a/hw/arm/strongarm.h b/hw/arm/strongarm.h
> index 2893f94..d87e41d 100644
> --- a/hw/arm/strongarm.h
> +++ b/hw/arm/strongarm.h
> @@ -53,7 +53,7 @@ enum {
>  };
>
>  typedef struct {
> -ARMCPU *cpu;
> +struct ARMCPU *cpu;


Couldn't we just put the typedef in typedefs.h instead ?

thanks
-- PMM

Re: [Qemu-devel] [PATCH] linux-headers: update from kvm/next

[Peter Maydell]

On 15 December 2015 at 15:01, Paolo Bonzini  wrote:
> The virgl feature name was changed after the previous sync

This is why we should never sync against anything other than
mainline kernels or maybe kvm-next...

thanks
-- PMM

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Paolo Bonzini]

On 15/12/2015 17:01, Thomas Huth wrote:
> Some options work with "-net", some only work with "-netdev",
> and the ones that work with both often also behave slightly differently (see
> [1] for example).

This example is about -net nic, which you're keeping.  What are the
options that differ between them for network backends?

> One other example is the "-net nic,model=?" help text. It is inaccurate for a
> couple of machines - and if somebody tries to fix problems like this, you're
> often told something like "oh, it's the legacy -net option, simply forget 
> about
> that" [2].

Nobody mentioned legacy in that thread...  Alex just said *he* would not
bother, but if you could come up with a better way to do it, it would
surely be accepted.

For example you could print all DEVICE_CATEGORY_NETWORK devices that
support device_add.

> And if you additionally ever had to deal with all that vlan code and 
> duplicated
> option parsing stuff in the net/ code, then you certainly do not think anymore
> that this is just a little bit more than "syntactic sugar".

In fact there isn't much shared code in the is_netdev=0 and is_netdev=1
cases.  Perhaps you could just make a shared function with just

if (net_client_init_fun[opts->type](opts, name, peer, errp) < 0) {
/* FIXME drop when all init functions store an Error */
if (errp && !*errp) {
error_setg(errp, QERR_DEVICE_INIT_FAILED,
   NetClientOptionsKind_lookup[opts->type]);
}
return -1;
}


and inline all the rest of net_client_init1, net_visit, net_client_init
into two functions netdev_add and net_legacy_add.  Then -net handling
(including HMP) can be moved into a separate file which no one looks at.

> I'm fine if we keep the "-net" options for a couple of more versions of QEMU,
> but we should be prepared to be able to remove it quickly once it is getting 
> into
> the way again too much. So we better start nagging the users about "-net" 
> being
> deprecated now, than discovering later that we have to deal with this legacy
> stuff for longer than we would like to.

The thing is, people are still running QEMU from the command line.

"-net nic -net bridge,br=virbr0" is still much less of a mouthful than
"-netdev bridge,br=virbr0,id=br -device rtl8139,netdev=br" if all I want
is something I can ssh into.

It's easy to deprecate things.  It's hard to convince users that it's
worth, and you haven't convinced this user. :)

Paolo

Re: [Qemu-devel] [PATCH v5 01/10] acpi: support serialized method

[Peter Maydell]

On 11 December 2015 at 03:21, Shannon Zhao  wrote:
> From: Xiao Guangrong 
>
> Add serialized method support so that explicit Mutex can be
> avoided
>
> Signed-off-by: Xiao Guangrong 
> Signed-off-by: Igor Mammedov 
> Reviewed-by: Shannon Zhao 

Shannon, this patch needs a Signed-off-by: line from you,
since you're sending it to the list on behalf of somebody
else. (You can just reply to this email to provide it,
you don't need to resend the series.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Thomas Huth]

On 15/12/15 18:31, Paolo Bonzini wrote:
> 
> On 15/12/2015 18:15, Thomas Huth wrote:
>> On 15/12/15 17:21, Paolo Bonzini wrote:
[...]
>>> For example you could print all DEVICE_CATEGORY_NETWORK devices that
>>> support device_add.
>>
>> I think that would not work since spapr-vlan is not hot-pluggable.
> 
> cannot_instantiate_with_device_add_yet which actually refers to -device,
> not really device_add, so it would work.

I just tried:

(qemu) device_add spapr-vlan
Bus 'spapr-vio' does not support hotplugging

... did I miss something?

>>> The thing is, people are still running QEMU from the command line.
>>>
>>> "-net nic -net bridge,br=virbr0" is still much less of a mouthful than
>>> "-netdev bridge,br=virbr0,id=br -device rtl8139,netdev=br" if all I want
>>> is something I can ssh into.
>>>
>>> It's easy to deprecate things.  It's hard to convince users that it's
>>> worth, and you haven't convinced this user. :)
>>
>> Ok, if you want to maintain that legacy stuff forever - fine.
> 
> I don't want to, but I think we have to.  It would be a good idea to get
> rid of it, but unfortunately it's not a feasible idea IMHO.

If the code gets unmaintainable because there is too much legacy cruft
in it, that's IMHO even worse. At one point in time, you just have to
get rid of such stuff ... but well, maybe the time for the "-net" option
just has not come yet.

 Thomas

Re: [Qemu-devel] [PATCH v4 4/5] xlnx-zynqmp: Connect the SPI devices

[Peter Maydell]

On 23 November 2015 at 08:54, Alistair Francis
 wrote:
> Connect the Xilinx SPI devices to the ZynqMP model.
>
> Signed-off-by: Alistair Francis 

> +/* Rename each SPI bus after the SPI device to allow the board
> + * to access all of the busses from the SoC.
> + */
> +spi_bus = qdev_get_child_bus(DEVICE(>spi[i]), "spi0");
> +snprintf(bus_name, 6, "spi%d", i);
> +memcpy((char *) spi_bus->name, bus_name, 6 * sizeof(char));

This looks very dubious. If we need to be able to rename buses
can we provide a proper API to do it please, rather than just
memcpying into the name field?

thanks
-- PMM

Re: [Qemu-devel] [PATCH for-2.6 v2 04/10] fdc: add default drive type option

[Eric Blake]

On 12/14/2015 01:05 PM, John Snow wrote:

> I was actually contemplating re-spinning this for a v3:
> 
> Instead of having a "typeA" and "typeB" properties of the FDC, I'll just
> spin the properties in such a way that they write directly to
> FDCtrl.drives[n].drive, which avoids the need for two new members and a
> method designed to "fetch" the default from the controller.
> 
> I also want to add a "fallback" member to the FDC as a CLI configurable
> parameter such that when using "auto" you can configure directly what
> type of drive you'll get.
> 
> This way the default behavior will be "auto" (but configurable) and the
> fallback if the drive is empty or it cannot make a confident guess will
> be whatever the user chose as "fallback" -- presumed "144" before this
> series and "288" afterwards.
> 
> I believe this also opens up the possibility for having "fallback"
> default to "144" for machine types created prior to 2.6 ... I think.
> (I'm less familiar with machine compat code as of yet.)
> 
> Sound reasonable?

On paper, yes that sounds reasonable. I'm also not familiar enough with
machine types to know if it will let you keep 2.5 and earlier machines
with a fallback of 144, and newer machines with a fallback of 288, but
sounds promising.


-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v10 0/6] QEMU support for KVM Guest Debug on arm64

[Peter Maydell]

On 8 December 2015 at 18:32, Alex Bennée  wrote:
> Hi,
>
> Here is the latest patch set to support debugging of KVM guests on
> arm64. The main changes are fixing arm32 compiles (mostly with stubs
> for the upcomming arm32 debug) and the usual bunch of minor tweaks and
> clarifications following review.
>
> I've kept the GDB Python based test in tests/guest-debug and cleaned
> it up so it will work with python2/3 linked GDBs. It still isn't
> plumbed it in to the "make check" so can be dropped until we have a
> solution for testing against non-host binaries.
>
> So in summary the changes are:
>
>   - Fixed arm32 compile
>   - Use results of debug capability checks
>   - Whitespace and comment cleanups
>   - Py2/3 cleanliness for test script
>
> More detailed changelogs are attached to each patch.

Thanks, applied to target-arm.next. (I fixed a few typos
in comments and commit messages in a couple of places).

-- PMM

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Paolo Bonzini]

On 15/12/2015 18:50, Thomas Huth wrote:
> On 15/12/15 18:31, Paolo Bonzini wrote:
>>
>> On 15/12/2015 18:15, Thomas Huth wrote:
>>> On 15/12/15 17:21, Paolo Bonzini wrote:
> [...]
 For example you could print all DEVICE_CATEGORY_NETWORK devices that
 support device_add.
>>>
>>> I think that would not work since spapr-vlan is not hot-pluggable.
>>
>> cannot_instantiate_with_device_add_yet which actually refers to -device,
>> not really device_add, so it would work.
> 
> I just tried:
> 
> (qemu) device_add spapr-vlan
> Bus 'spapr-vio' does not support hotplugging
> 
> ... did I miss something?

When I said "support device_add" I really meant "does not have
cannot_instantiate_with_device_add_yet", but spapr-vlan should pass that
test.

 The thing is, people are still running QEMU from the command line.

 "-net nic -net bridge,br=virbr0" is still much less of a mouthful than
 "-netdev bridge,br=virbr0,id=br -device rtl8139,netdev=br" if all I want
 is something I can ssh into.

 It's easy to deprecate things.  It's hard to convince users that it's
 worth, and you haven't convinced this user. :)
>>>
>>> Ok, if you want to maintain that legacy stuff forever - fine.
>>
>> I don't want to, but I think we have to.  It would be a good idea to get
>> rid of it, but unfortunately it's not a feasible idea IMHO.
> 
> If the code gets unmaintainable because there is too much legacy cruft
> in it, that's IMHO even worse. At one point in time, you just have to
> get rid of such stuff ... but well, maybe the time for the "-net" option
> just has not come yet.

Yes, indeed.  I don't think it's unmaintainable.  It used to be much
worse, and it could be improved.

Paolo

[Qemu-devel] [PATCH 0/6] Migration: Small fixes and improvements

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

This is a set of 4 small fixes and improvements I've been collecting
during the 2.5 freeze; I've added in a couple of Zhanghailiang's patches
that are easier to merge before rather than after.
(Of which one I've added a small fix of my own, see the message)

Jiri was after events from the incoming postcopy side to make it
easy for libvirt; I'd forgotten to add them - Zhanghailiang's
patches change the way the events get sent on the incoming side.

Jiri also wanted an event on the outgoing side at each pass,
which makes it easy for libvirt to trigger the transition to postcopy.

The other two patches avoid a couple of buffer copies on the incoming
side; although in both xbzrle and multithread compression it's rare that
the destination is the slow path (but one patch is trivial and the
other saves code).

Dave

Dr. David Alan Gilbert (4):
  Postcopy: Send events/change state on incoming side
  Migration: Emit event at start of pass
  Use qemu_get_buffer_in_place for xbzrle data
  multithread decompression: Avoid one copy

zhanghailiang (2):
  migration: Export migrate_set_state()
  migration: Add state records for migration incoming

 include/migration/migration.h |  3 +++
 migration/migration.c | 52 ++-
 migration/ram.c   | 21 -
 migration/savevm.c| 22 --
 qapi/event.json   | 11 +
 5 files changed, 71 insertions(+), 38 deletions(-)

-- 
2.5.0

Re: [Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Peter Maydell]

Ping for a review request now we're pretty nearly done with 2.5 ?

thanks
-- PMM


On 16 November 2015 at 14:05, Peter Maydell  wrote:
> This patch series adds support to QEMU's core exec/memory code for
> CPUs which have more than one address space, and uses it for
> ARM TrustZone. In particular, a TZ CPU will have two physical
> address spaces (Secure and Non-secure), and the patchset allows a
> board model to create these both separately and connect them to
> the CPU, so that we can have devices or memory which are visible
> only in the Secure address space. (We already have support for
> TZ in the CPU emulation itself, and support for devices like the
> GIC which respond differently to Secure and Non-secure accesses,
> so this is the last part of the puzzle for 32-bit.)
>
> The general approach is that we allow a target-* cpu to define
> more than one address space at initialization, allocating each
> one a small integer "address space index" (asidx). The target CPU
> also defines the mapping from memory transaction attributes to
> the asidx via a new QOM CPU method asidx_from_attrs. The memory
> and cputlb core code then use the asidx to look up memory regions
> in the correct AddressSpace (both at TLB fill time and in the
> io_read/write stage at runtime).
>
> Changes since v1:
>  * the biggest change is that rather than having the target-cpu
>code pass us an asidx and storing asidxes in the IOTLB, we
>now determine the address space index from the memory transaction
>attributes. This has had effects all through the patchstack.
>  * some reshuffling of patch order (among other things, all the
>core patches are now at the front, with the target-arm patches
>next and the virt board last).
>  * added missing object_ref(OBJECT(cpu->memory)) when setting the
>default value of cpu->memory
>  * don't allow sharing of ASes that weren't created via
>address_space_init_shareable
>  * now only allocate cpu_ases array once (target has to set
>cpu->num_ases before first call to cpu_address_space_init())
>  * new patch documenting tlb_set_page_with_attrs -- I no longer need
>to add a new argument to this function, but didn't want to throw
>away the doc comment I'd written...
>
> The 'add secure memory region to virt board' patch is still RFC
> because the device tree binding to say "device is secure-only" is
> still under discussion on the kernel mailing list; patch 19
> is a pure hack, and is here for testing purposes only.
>
> You can run OP-TEE on QEMU with these patches:
> see https://github.com/OP-TEE/optee_os for details of how to
> get, build and run it. The 'make run' will use the custom QEMU
> version that comes with OP-TEE (do that first to make sure your
> OP-TEE has built and works ok). To get it to use a locally built QEMU
> with these patches do:
>
> make run-only QEMU_PATH=/path/to/your/qemu/build/directory 
> QEMU_EXTRA_ARGS='-machine secure=on'
>
> Notes on a couple of things the patchset doesn't address:
>  (1) image/romfile/kernel loading etc will load only into the nonsecure
> address space. This would be conceptually simple to implement (you just
> need to pass an AS into lots of functions) but since OP-TEE doesn't need
> it I felt it could safely be left for later rather than making this
> patchset bigger.
>
>  (2) Using multiple address spaces in one CPU won't work with KVM
> (and we assert if you try; nothing at the moment will attempt it).
> Using different address spaces in different CPUs in an SMP setup
> will also not work with KVM, but we don't assert on that because
> I wasn't sure where best to put the assert. (Also, it would be
> nice if we could do that, because the modelling for ARM SMP
> setups would really be cleaner if we could put the per-CPU
> devices and so on in a set of per-CPU ASes.)
>
> You can find a git branch with this patchset in here:
>  https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases
>
> thanks
> -- PMM
>
>
> Peter Crosthwaite (2):
>   memory: Add address_space_init_shareable()
>   qom/cpu: Add MemoryRegion property
>
> Peter Maydell (17):
>   exec.c: Don't set cpu->as until cpu_address_space_init
>   exec.c: Allow target CPUs to define multiple AddressSpaces
>   exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page
>   include/qom/cpu.h: Add new get_phys_page_attrs_debug method
>   include/qom/cpu.h: Add new asidx_from_attrs method
>   cputlb.c: Use correct address space when looking up
> MemoryRegionSection
>   exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
>   exec.c: Add cpu_get_address_space()
>   exec.c: Use cpu_get_phys_page_attrs_debug
>   exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write
>   target-arm: Add QOM property for Secure memory region
>   target-arm: Implement asidx_from_attrs
>   target-arm: Implement cpu_get_phys_page_attrs_debug
>   target-arm: Support multiple address spaces in page table walks
>   

[Qemu-devel] virtio console users wrong port (sometimes)

[Neil McGill]

Has anyone ever seen an issue with qemu where the consoles wind up
mixed up ? i.e hvc0 appears on vserial3, hvc1 on vserial0 as a
random example .

I've managed to reproduce this on qemu 2.0 and 1.0 on ubuntu LTS 14/12
and it happens 1 in every 16 times or so. However, I build qemu from
source (tried 2.4 and 1.0.1) to try and debug the problem is gone 8)

So just wondering if this has been seen before ? I'm very keen to
debug this if I can as it's driving me nuts due to the infrequence 8)

I don't *think* it's a kernel issue as the issue does seem gone when
I build my own qemu (over 30 runs with no issue)

here's the config snippet:

  -device virtio-serial,id=vserial0 \
  -chardev socket,host=0.0.0.0,port=13540,telnet,server,nowait,id=vserial0 \
  -device virtconsole,chardev=vserial0 \

  -device virtio-serial,id=vserial1 \
  -chardev socket,host=0.0.0.0,port=12804,telnet,server,nowait,id=vserial1 \
  -device virtconsole,chardev=vserial1 \

  -device virtio-serial,id=vserial2 \
  -chardev socket,host=0.0.0.0,port=18664,telnet,server,nowait,id=vserial2 \
  -device virtconsole,chardev=vserial2 \

  -device virtio-serial,id=vserial3 \
  -chardev socket,host=0.0.0.0,port=12880,telnet,server,nowait,id=vserial3 \
  -device virtconsole,chardev=vserial3 \

tx

neil

[Qemu-devel] [PATCH 1/6] migration: Export migrate_set_state()

[Dr. David Alan Gilbert (git)]

From: zhanghailiang 

Fix the first parameter of migrate_set_state(), and export it.
We will use it in later.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
 include/migration/migration.h |  2 ++
 migration/migration.c | 36 +---
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index fd018b7..8340432 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -169,6 +169,8 @@ struct MigrationState
 RAMBlock *last_req_rb;
 };
 
+void migrate_set_state(int *state, int old_state, int new_state);
+
 void process_incoming_migration(QEMUFile *f);
 
 void qemu_start_incoming_migration(const char *uri, Error **errp);
diff --git a/migration/migration.c b/migration/migration.c
index adc6b6f..ba6d4f6 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -787,9 +787,9 @@ void qmp_migrate_start_postcopy(Error **errp)
 
 /* shared migration helpers */
 
-static void migrate_set_state(MigrationState *s, int old_state, int new_state)
+void migrate_set_state(int *state, int old_state, int new_state)
 {
-if (atomic_cmpxchg(>state, old_state, new_state) == old_state) {
+if (atomic_cmpxchg(state, old_state, new_state) == old_state) {
 trace_migrate_set_state(new_state);
 migrate_generate_event(new_state);
 }
@@ -822,7 +822,7 @@ static void migrate_fd_cleanup(void *opaque)
(s->state != MIGRATION_STATUS_POSTCOPY_ACTIVE));
 
 if (s->state == MIGRATION_STATUS_CANCELLING) {
-migrate_set_state(s, MIGRATION_STATUS_CANCELLING,
+migrate_set_state(>state, MIGRATION_STATUS_CANCELLING,
   MIGRATION_STATUS_CANCELLED);
 }
 
@@ -833,7 +833,8 @@ void migrate_fd_error(MigrationState *s)
 {
 trace_migrate_fd_error();
 assert(s->file == NULL);
-migrate_set_state(s, MIGRATION_STATUS_SETUP, MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_SETUP,
+  MIGRATION_STATUS_FAILED);
 notifier_list_notify(_state_notifiers, s);
 }
 
@@ -853,7 +854,7 @@ static void migrate_fd_cancel(MigrationState *s)
 if (!migration_is_setup_or_active(old_state)) {
 break;
 }
-migrate_set_state(s, old_state, MIGRATION_STATUS_CANCELLING);
+migrate_set_state(>state, old_state, MIGRATION_STATUS_CANCELLING);
 } while (s->state != MIGRATION_STATUS_CANCELLING);
 
 /*
@@ -927,7 +928,7 @@ MigrationState *migrate_init(const MigrationParams *params)
 s->migration_thread_running = false;
 s->last_req_rb = NULL;
 
-migrate_set_state(s, MIGRATION_STATUS_NONE, MIGRATION_STATUS_SETUP);
+migrate_set_state(>state, MIGRATION_STATUS_NONE, 
MIGRATION_STATUS_SETUP);
 
 QSIMPLEQ_INIT(>src_page_requests);
 
@@ -1026,7 +1027,8 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 } else {
 error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "uri",
"a valid migration protocol");
-migrate_set_state(s, MIGRATION_STATUS_SETUP, MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_SETUP,
+  MIGRATION_STATUS_FAILED);
 return;
 }
 
@@ -1405,7 +1407,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 int ret;
 const QEMUSizedBuffer *qsb;
 int64_t time_at_stop = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
-migrate_set_state(ms, MIGRATION_STATUS_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_POSTCOPY_ACTIVE);
 
 trace_postcopy_start();
@@ -1496,7 +1498,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 ret = qemu_file_get_error(ms->file);
 if (ret) {
 error_report("postcopy_start: Migration stream errored");
-migrate_set_state(ms, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
   MIGRATION_STATUS_FAILED);
 }
 
@@ -1505,7 +1507,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 fail_closefb:
 qemu_fclose(fb);
 fail:
-migrate_set_state(ms, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
   MIGRATION_STATUS_FAILED);
 qemu_mutex_unlock_iothread();
 return -1;
@@ -1574,11 +1576,13 @@ static void migration_completion(MigrationState *s, int 
current_active_state,
 goto fail;
 }
 
-migrate_set_state(s, current_active_state, MIGRATION_STATUS_COMPLETED);
+migrate_set_state(>state, current_active_state,
+  MIGRATION_STATUS_COMPLETED);
 return;
 
 fail:
-migrate_set_state(s, current_active_state, MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, 

[Qemu-devel] [PATCH 5/6] Use qemu_get_buffer_in_place for xbzrle data

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Avoid a data copy (if we're lucky) in the xbzrle code.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/ram.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 102d1f2..994552c 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2088,10 +2088,12 @@ static int load_xbzrle(QEMUFile *f, ram_addr_t addr, 
void *host)
 {
 unsigned int xh_len;
 int xh_flags;
+uint8_t *loaded_data;
 
 if (!xbzrle_decoded_buf) {
 xbzrle_decoded_buf = g_malloc(TARGET_PAGE_SIZE);
 }
+loaded_data = xbzrle_decoded_buf;
 
 /* extract RLE header */
 xh_flags = qemu_get_byte(f);
@@ -2107,10 +2109,10 @@ static int load_xbzrle(QEMUFile *f, ram_addr_t addr, 
void *host)
 return -1;
 }
 /* load data and decode */
-qemu_get_buffer(f, xbzrle_decoded_buf, xh_len);
+qemu_get_buffer_in_place(f, _data, xh_len);
 
 /* decode RLE */
-if (xbzrle_decode_buffer(xbzrle_decoded_buf, xh_len, host,
+if (xbzrle_decode_buffer(loaded_data, xh_len, host,
  TARGET_PAGE_SIZE) == -1) {
 error_report("Failed to load XBZRLE page - decode error!");
 return -1;
-- 
2.5.0

Re: [Qemu-devel] [RFC PATCH 0/6] decouple board headers from cpu.h

[Peter Maydell]

On 15 December 2015 at 14:28, Paolo Bonzini  wrote:
> These patches are perhaps the only somewhat controversial part.
> Generally, we add opaque typedefs to typedefs.h in order to avoid
> indirect header inclusions.  However, this might not be desirable
> for target specific types such as FooCPU.  These types are used
> mostly in headers for boards, and thus this series uses struct
> explicitly in those headers.  Adding a typedef breaks on older
> compilers that do not like redefinitions of typedefs.

I would prefer us to provide the typedef. There's no problem
with older compilers because you just only define the typedef
in one place (typically in typedefs.h).

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 01/10] acpi: support serialized method

[Shannon Zhao]

On 2015/12/16 0:54, Peter Maydell wrote:

On 11 December 2015 at 03:21, Shannon Zhao  wrote:

>From: Xiao Guangrong
>
>Add serialized method support so that explicit Mutex can be
>avoided
>
>Signed-off-by: Xiao Guangrong
>Signed-off-by: Igor Mammedov
>Reviewed-by: Shannon Zhao

Shannon, this patch needs a Signed-off-by: line from you,
since you're sending it to the list on behalf of somebody
else. (You can just reply to this email to provide it,
you don't need to resend the series.)

Sure. Thanks.
Signed-off-by: Shannon Zhao 

--
Shannon

Re: [Qemu-devel] [Qemu-block] [PATCH] iscsi: fix readcapacity error message

[John Snow]

CC qemu-trivial, I think this can go in through that tree.

On 12/14/2015 10:33 PM, Zhu Lingshan wrote:
> fix:The error message for readcapacity 16 incorrectly mentioned
> a readcapacity 10 failure, fixed the error message.
> 
> Signed-off-by: Zhu Lingshan 
> ---
>  block/iscsi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/block/iscsi.c b/block/iscsi.c
> index bd1f1bf..eb28ddc 100644
> --- a/block/iscsi.c
> +++ b/block/iscsi.c
> @@ -1270,7 +1270,7 @@ static void iscsi_readcapacity_sync(IscsiLun *iscsilun, 
> Error **errp)
>   && retries-- > 0);
>  
>  if (task == NULL || task->status != SCSI_STATUS_GOOD) {
> -error_setg(errp, "iSCSI: failed to send readcapacity10 command.");
> +error_setg(errp, "iSCSI: failed to send readcapacity10/16 command");
>  } else if (!iscsilun->block_size ||
> iscsilun->block_size % BDRV_SECTOR_SIZE) {
>  error_setg(errp, "iSCSI: the target returned an invalid "
> 

Reviewed-by: John Snow 

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Thomas Huth]

On 15/12/15 17:17, Peter Maydell wrote:
> On 15 December 2015 at 12:51, Paolo Bonzini  wrote:
>> Honestly, I still do not believe that they will be removed.  They are
>> little more than syntactic sugar at this point.
> 
> If they're just syntactic sugar, what is the new-style command
> line mechanism for configuring boards with embedded network
> controller devices? Last time I looked at this that was just
> impossible...and as long as it is, you can't get rid of any
> of the backend -net config either, because it has to be either
> all -net or all new-style and not a mix (I think).

No, you can use "-netdev user,id=mynet -net nic,netdev=mynet" for
example to wire an embedded network controller to a netdev device, so
that's not a problem anymore.

 Thomas

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Paolo Bonzini]

On 15/12/2015 18:15, Thomas Huth wrote:
> On 15/12/15 17:21, Paolo Bonzini wrote:
>> On 15/12/2015 17:01, Thomas Huth wrote:
>>> Some options work with "-net", some only work with "-netdev",
>>> and the ones that work with both often also behave slightly differently (see
>>> [1] for example).
>>
>> This example is about -net nic, which you're keeping.  What are the
>> options that differ between them for network backends?
> 
> The vlan option only exists for the "-net" backends.

Yup, vlans (implicit hubs) are the main difference between -net and
-netdev.  That's pretty much the only one, and it's not specific to
single backends.

> And I somehow
> thought that all the vhost related stuff would only work with the
> "-netdev", but I can not spot that in the code anymore, so I guess I
> simply got that wrong.

vhost probably doesn't start unless you use -netdev.  It's just ignored.
 But I may also be remembering wrong.

> Ok, maybe should have cited this one here instead:
> https://lists.gnu.org/archive/html/qemu-ppc/2013-11/msg00040.html
> 
> Markus said: "My advice would be to let -net nic rot in peace."

That would have meant not supporting "-net nic,model=ibmveth" to begin
with.  Too late, so a good solution would always be accepted.  We deal
with "legacy" stuff all the time, and sometime even improve it.

To some extent HMP is considered legacy for example, but no one in their
right minds would eliminate it.

>> For example you could print all DEVICE_CATEGORY_NETWORK devices that
>> support device_add.
> 
> I think that would not work since spapr-vlan is not hot-pluggable.

cannot_instantiate_with_device_add_yet which actually refers to -device,
not really device_add, so it would work.

The only issue would be that the default name is spapr-vlan rather than
ibmveth.  That would be not too bad as a backwards-incompatible change.

>> The thing is, people are still running QEMU from the command line.
>>
>> "-net nic -net bridge,br=virbr0" is still much less of a mouthful than
>> "-netdev bridge,br=virbr0,id=br -device rtl8139,netdev=br" if all I want
>> is something I can ssh into.
>>
>> It's easy to deprecate things.  It's hard to convince users that it's
>> worth, and you haven't convinced this user. :)
> 
> Ok, if you want to maintain that legacy stuff forever - fine.

I don't want to, but I think we have to.  It would be a good idea to get
rid of it, but unfortunately it's not a feasible idea IMHO.

> I thought it would be a good idea to slowly get rid off it, but honestly, if
> there's so much resistance ... I've also got other stuff to do, so
> simply forget about this.

I'm sorry.  It's just that _I_ would be a bit pissed off by it, even
though I type 500-characters QEMU command lines daily, therefore I think
end users would complain even more.  I would live with it, but for
regular users I don't think we would do them a great service.

It's the same as all the other shortcut options (-hda, -drive with
if!=none, -vga).  Many of them enjoy similar amounts of cruft, but they
cannot really go away. :(

Paolo

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Peter Maydell]

On 15 December 2015 at 16:33, Thomas Huth  wrote:
> On 15/12/15 17:17, Peter Maydell wrote:
>> If they're just syntactic sugar, what is the new-style command
>> line mechanism for configuring boards with embedded network
>> controller devices? Last time I looked at this that was just
>> impossible...and as long as it is, you can't get rid of any
>> of the backend -net config either, because it has to be either
>> all -net or all new-style and not a mix (I think).
>
> No, you can use "-netdev user,id=mynet -net nic,netdev=mynet" for
> example to wire an embedded network controller to a netdev device, so
> that's not a problem anymore.

Oh good. We should probably document this on
http://wiki.qemu.org/Documentation/Networking somewhere.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2] target-arm: raise exception on misaligned LDREX operands

[Peter Maydell]

On 3 December 2015 at 18:36, Andrew Baumann
 wrote:
> Qemu does not generally perform alignment checks. However, the ARM ARM
> requires implementation of alignment exceptions for a number of cases
> including LDREX, and Windows-on-ARM relies on this.
>
> This change adds plumbing to enable alignment checks on loads using
> MO_ALIGN, a do_unaligned_access hook to raise the exception (data
> abort), and uses the new aligned loads in LDREX (for all but
> single-byte loads).
>
> Signed-off-by: Andrew Baumann 
> ---
> Thanks for the feedback on v1! I wish I had known about (or gone
> looking for) MO_ALIGN sooner...
>
> arm_regime_using_lpae_format() is a no-op wrapper I added to export
> regime_using_lpae_format (which is a static inline). Would it be
> preferable to simply export the existing function, and rename it? If
> so, is this still the correct name to use for the function?

The way you have it seems OK to me.

> +/* Raise a data fault alignment exception for the specified virtual address 
> */
> +void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, int is_write,
> + int is_user, uintptr_t retaddr)
> +{
> +ARMCPU *cpu = ARM_CPU(cs);
> +CPUARMState *env = >env;
> +int target_el;
> +bool same_el;
> +
> +if (retaddr) {
> +/* now we have a real cpu fault */
> +cpu_restore_state(cs, retaddr);
> +}
> +
> +target_el = exception_target_el(env);
> +same_el = (arm_current_el(env) == target_el);
> +
> +env->exception.vaddress = vaddr;
> +
> +/* the DFSR for an alignment fault depends on whether we're using
> + * the LPAE long descriptor format, or the short descriptor format */
> +if (arm_regime_using_lpae_format(env, cpu_mmu_index(env, false))) {
> +env->exception.fsr = 0x21;
> +} else {
> +env->exception.fsr = 0x1;
> +}
> +
> +raise_exception(env, EXCP_DATA_ABORT,
> +syn_data_abort(same_el, 0, 0, 0, 0, 0x21),
> +target_el);
> +}

This isn't propagating the 'read or write' information
from is_write into the syndrome and DFSR. You need this minor
tweak:

diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index c6995ca..3e5e0d3 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -154,8 +154,12 @@ void arm_cpu_do_unaligned_access(CPUState *cs,
vaddr vaddr, int is_write,
 env->exception.fsr = 0x1;
 }

+if (is_write == 1 && arm_feature(env, ARM_FEATURE_V6)) {
+env->exception.fsr |= (1 << 11);
+}
+
 raise_exception(env, EXCP_DATA_ABORT,
-syn_data_abort(same_el, 0, 0, 0, 0, 0x21),
+syn_data_abort(same_el, 0, 0, 0, is_write == 1, 0x21),
 target_el);
 }

(compare the similar code in tlb_fill()).

I'm just going to squash that in when I apply this to target-arm.next,
to save you having to respin.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Thomas Huth]

On 15/12/15 17:21, Paolo Bonzini wrote:
> 
> 
> On 15/12/2015 17:01, Thomas Huth wrote:
>> Some options work with "-net", some only work with "-netdev",
>> and the ones that work with both often also behave slightly differently (see
>> [1] for example).
> 
> This example is about -net nic, which you're keeping.  What are the
> options that differ between them for network backends?

The vlan option only exists for the "-net" backends. And I somehow
thought that all the vhost related stuff would only work with the
"-netdev", but I can not spot that in the code anymore, so I guess I
simply got that wrong.

>> One other example is the "-net nic,model=?" help text. It is inaccurate for a
>> couple of machines - and if somebody tries to fix problems like this, you're
>> often told something like "oh, it's the legacy -net option, simply forget 
>> about
>> that" [2].
> 
> Nobody mentioned legacy in that thread...  Alex just said *he* would not
> bother, but if you could come up with a better way to do it, it would
> surely be accepted.

Ok, maybe should have cited this one here instead:

https://lists.gnu.org/archive/html/qemu-ppc/2013-11/msg00040.html

Markus said: "My advice would be to let -net nic rot in peace."

> For example you could print all DEVICE_CATEGORY_NETWORK devices that
> support device_add.

I think that would not work since spapr-vlan is not hot-pluggable.

>> And if you additionally ever had to deal with all that vlan code and 
>> duplicated
>> option parsing stuff in the net/ code, then you certainly do not think 
>> anymore
>> that this is just a little bit more than "syntactic sugar".
> 
> In fact there isn't much shared code in the is_netdev=0 and is_netdev=1
> cases.  Perhaps you could just make a shared function with just
> 
> if (net_client_init_fun[opts->type](opts, name, peer, errp) < 0) {
> /* FIXME drop when all init functions store an Error */
> if (errp && !*errp) {
> error_setg(errp, QERR_DEVICE_INIT_FAILED,
>NetClientOptionsKind_lookup[opts->type]);
> }
> return -1;
> }
> 
> 
> and inline all the rest of net_client_init1, net_visit, net_client_init
> into two functions netdev_add and net_legacy_add.  Then -net handling
> (including HMP) can be moved into a separate file which no one looks at.

Well, moving the code into a file "which no one looks at" does not
really solve the problem. When you want to modify the net code, you can
not simply ignore this since it is still there and needs to be kept
alive when it breaks or does not compile anymore.

>> I'm fine if we keep the "-net" options for a couple of more versions of QEMU,
>> but we should be prepared to be able to remove it quickly once it is getting 
>> into
>> the way again too much. So we better start nagging the users about "-net" 
>> being
>> deprecated now, than discovering later that we have to deal with this legacy
>> stuff for longer than we would like to.
> 
> The thing is, people are still running QEMU from the command line.
> 
> "-net nic -net bridge,br=virbr0" is still much less of a mouthful than
> "-netdev bridge,br=virbr0,id=br -device rtl8139,netdev=br" if all I want
> is something I can ssh into.
> 
> It's easy to deprecate things.  It's hard to convince users that it's
> worth, and you haven't convinced this user. :)

Ok, if you want to maintain that legacy stuff forever - fine. I thought
it would be a good idea to slowly get rid off it, but honestly, if
there's so much resistance ... I've also got other stuff to do, so
simply forget about this.

 Thomas

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Peter Maydell]

On 15 December 2015 at 12:51, Paolo Bonzini  wrote:
> Honestly, I still do not believe that they will be removed.  They are
> little more than syntactic sugar at this point.

If they're just syntactic sugar, what is the new-style command
line mechanism for configuring boards with embedded network
controller devices? Last time I looked at this that was just
impossible...and as long as it is, you can't get rid of any
of the backend -net config either, because it has to be either
all -net or all new-style and not a mix (I think).

thanks
-- PMM

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Eric Blake]

On 12/15/2015 09:21 AM, Paolo Bonzini wrote:

> 
> In fact there isn't much shared code in the is_netdev=0 and is_netdev=1
> cases.  Perhaps you could just make a shared function with just
> 
> if (net_client_init_fun[opts->type](opts, name, peer, errp) < 0) {
> /* FIXME drop when all init functions store an Error */
> if (errp && !*errp) {
> error_setg(errp, QERR_DEVICE_INIT_FAILED,
>NetClientOptionsKind_lookup[opts->type]);
> }
> return -1;
> }
> 
> 
> and inline all the rest of net_client_init1, net_visit, net_client_init
> into two functions netdev_add and net_legacy_add.  Then -net handling
> (including HMP) can be moved into a separate file which no one looks at.

There's also some pending patches from qapi refactoring and from
Zoltan's work towards audio unification (which spilled over into netdev
refactoring), which may impact things here.  For my latest version, see:
http://repo.or.cz/qemu/ericb.git/shortlog/refs/heads/qapi

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH COLO-Frame v12 05/38] migration: Add state records for migration incoming

[Dr. David Alan Gilbert]

* zhanghailiang (zhang.zhanghaili...@huawei.com) wrote:
> For migration destination, we also need to know its state,
> we will use it in COLO.
> 
> Here we add a new member 'state' for MigrationIncomingState,
> and also use migrate_set_state() to modify its value.
> 
> Signed-off-by: zhanghailiang 
> Reviewed-by: Dr. David Alan Gilbert 

Actually note there is a bug here; see below

> ---
> v11:
> - Split exporting migrate_set_state() part into a new patch (Juan's 
> suggestion)
> 
> Signed-off-by: zhanghailiang 
> ---
>  include/migration/migration.h |  1 +
>  migration/migration.c | 14 +-
>  2 files changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/include/migration/migration.h b/include/migration/migration.h
> index 4b19e80..99dfa92 100644
> --- a/include/migration/migration.h
> +++ b/include/migration/migration.h
> @@ -105,6 +105,7 @@ struct MigrationIncomingState {
>  QemuMutex rp_mutex;/* We send replies from multiple threads */
>  void *postcopy_tmp_page;
>  
> +int state;
>  /* See savevm.c */
>  LoadStateEntry_Head loadvm_handlers;
>  };
> diff --git a/migration/migration.c b/migration/migration.c
> index c9cd80d..d58ce98 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -112,6 +112,7 @@ MigrationIncomingState 
> *migration_incoming_state_new(QEMUFile* f)
>  {
>  mis_current = g_new0(MigrationIncomingState, 1);
>  mis_current->from_src_file = f;
> +mis_current->state = MIGRATION_STATUS_NONE;
>  QLIST_INIT(_current->loadvm_handlers);
>  qemu_mutex_init(_current->rp_mutex);
>  qemu_event_init(_current->main_thread_load_event, false);
> @@ -332,8 +333,8 @@ static void process_incoming_migration_co(void *opaque)
>  
>  mis = migration_incoming_state_new(f);
>  postcopy_state_set(POSTCOPY_INCOMING_NONE);
> -migrate_generate_event(MIGRATION_STATUS_ACTIVE);
> -
> +migrate_set_state(>state, MIGRATION_STATUS_NONE,
> +  MIGRATION_STATUS_ACTIVE);
>  ret = qemu_loadvm_state(f);
>  
>  ps = postcopy_state_get();
> @@ -362,7 +363,8 @@ static void process_incoming_migration_co(void *opaque)
>  migration_incoming_state_destroy();

We're freeing mis now - we can't use the state later!

>  
>  if (ret < 0) {
> -migrate_generate_event(MIGRATION_STATUS_FAILED);
> +migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
> +  MIGRATION_STATUS_FAILED);
>  error_report("load of migration failed: %s", strerror(-ret));
>  migrate_decompress_threads_join();
>  exit(EXIT_FAILURE);
> @@ -371,7 +373,8 @@ static void process_incoming_migration_co(void *opaque)
>  /* Make sure all file formats flush their mutable metadata */
>  bdrv_invalidate_cache_all(_err);
>  if (local_err) {
> -migrate_generate_event(MIGRATION_STATUS_FAILED);
> +migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
> +  MIGRATION_STATUS_FAILED);
>  error_report_err(local_err);
>  migrate_decompress_threads_join();
>  exit(EXIT_FAILURE);
> @@ -403,7 +406,8 @@ static void process_incoming_migration_co(void *opaque)
>   * observer sees this event they might start to prod at the VM assuming
>   * it's ready to use.
>   */
> -migrate_generate_event(MIGRATION_STATUS_COMPLETED);
> +migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
> +  MIGRATION_STATUS_COMPLETED);

So I moved the migration_incoming_state_destroy()  to here in my world.

Dave

>  }
>  
>  void process_incoming_migration(QEMUFile *f)
> -- 
> 1.8.3.1
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v5 00/10] Add system_powerdown support on ARM for ACPI and DT

[Peter Maydell]

On 11 December 2015 at 03:21, Shannon Zhao  wrote:
> From: Shannon Zhao 
>
> ACPI SPEC 5.0 defines GPIO-signaled ACPI Events for Hardware-reduced
> platforms(like ARM). It uses GPIO pin to trigger an event to the guest.
> For QEMU, here we add PL061 GPIO controller and use PIN 3 for
> system_powerdown, reserving PIN 0, 1, 2 for PCI hotplug, CPU hotplug and
> memory hotplug.
>
> This patchset adds system_powerdown support on ARM through both ACPI and
> DT ways. It adds a GPIO controller(here is PL061) in machine virt and
> uses GPIO-singled event for ACPI while gpio-keys for DT. It has been
> tested for the guests starting by ACPI or DT while guests use systemd or
> acpid.

Thanks, applied to target-arm.next.

-- PMM

Re: [Qemu-devel] [PATCH v7 19/19] KVM: ARM64: Add a new kvm ARM PMU device

[Andrew Jones]

On Tue, Dec 15, 2015 at 03:59:31PM +, Marc Zyngier wrote:
> On 15/12/15 15:50, Shannon Zhao wrote:
> > 
> > 
> > On 2015/12/15 23:33, Marc Zyngier wrote:
> >> On 15/12/15 08:49, Shannon Zhao wrote:
>  From: Shannon Zhao
> 
>  Add a new kvm device type KVM_DEV_TYPE_ARM_PMU_V3 for ARM PMU. Implement
>  the kvm_device_ops for it.
> 
>  Signed-off-by: Shannon Zhao
>  ---
>   Documentation/virtual/kvm/devices/arm-pmu.txt |  16 
>   arch/arm64/include/uapi/asm/kvm.h |   3 +
>   include/linux/kvm_host.h  |   1 +
>   include/uapi/linux/kvm.h  |   2 +
>   virt/kvm/arm/pmu.c| 115 
>  ++
>   virt/kvm/kvm_main.c   |   4 +
>   6 files changed, 141 insertions(+)
>   create mode 100644 Documentation/virtual/kvm/devices/arm-pmu.txt
> 
>  diff --git a/Documentation/virtual/kvm/devices/arm-pmu.txt 
>  b/Documentation/virtual/kvm/devices/arm-pmu.txt
>  new file mode 100644
>  index 000..5121f1f
>  --- /dev/null
>  +++ b/Documentation/virtual/kvm/devices/arm-pmu.txt
>  @@ -0,0 +1,16 @@
>  +ARM Virtual Performance Monitor Unit (vPMU)
>  +===
>  +
>  +Device types supported:
>  +  KVM_DEV_TYPE_ARM_PMU_V3 ARM Performance Monitor Unit v3
>  +
>  +Instantiate one PMU instance for per VCPU through this API.
>  +
>  +Groups:
>  +  KVM_DEV_ARM_PMU_GRP_IRQ
>  +  Attributes:
>  +A value describing the interrupt number of PMU overflow interrupt. 
>  This
>  +interrupt should be a PPI.
>  +
>  +  Errors:
>  +-EINVAL: Value set is out of the expected range (from 16 to 31)
>  diff --git a/arch/arm64/include/uapi/asm/kvm.h 
>  b/arch/arm64/include/uapi/asm/kvm.h
>  index 2d4ca4b..568afa2 100644
>  --- a/arch/arm64/include/uapi/asm/kvm.h
>  +++ b/arch/arm64/include/uapi/asm/kvm.h
>  @@ -204,6 +204,9 @@ struct kvm_arch_memory_slot {
>   #define KVM_DEV_ARM_VGIC_GRP_CTRL   4
>   #define   KVM_DEV_ARM_VGIC_CTRL_INIT0
> 
>  +/* Device Control API: ARM PMU */
>  +#define KVM_DEV_ARM_PMU_GRP_IRQ 0
>  +
>   /* KVM_IRQ_LINE irq field index values */
>   #define KVM_ARM_IRQ_TYPE_SHIFT  24
>   #define KVM_ARM_IRQ_TYPE_MASK   0xff
>  diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
>  index c923350..608dea6 100644
>  --- a/include/linux/kvm_host.h
>  +++ b/include/linux/kvm_host.h
>  @@ -1161,6 +1161,7 @@ extern struct kvm_device_ops kvm_mpic_ops;
>   extern struct kvm_device_ops kvm_xics_ops;
>   extern struct kvm_device_ops kvm_arm_vgic_v2_ops;
>   extern struct kvm_device_ops kvm_arm_vgic_v3_ops;
>  +extern struct kvm_device_ops kvm_arm_pmu_ops;
> 
>   #ifdef CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT
> 
>  diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
>  index 03f3618..4ba6fdd 100644
>  --- a/include/uapi/linux/kvm.h
>  +++ b/include/uapi/linux/kvm.h
>  @@ -1032,6 +1032,8 @@ enum kvm_device_type {
>   #define KVM_DEV_TYPE_FLIC   KVM_DEV_TYPE_FLIC
>   KVM_DEV_TYPE_ARM_VGIC_V3,
>   #define KVM_DEV_TYPE_ARM_VGIC_V3KVM_DEV_TYPE_ARM_VGIC_V3
>  +KVM_DEV_TYPE_ARM_PMU_V3,
>  +#define KVM_DEV_TYPE_ARM_PMU_V3 KVM_DEV_TYPE_ARM_PMU_V3
>   KVM_DEV_TYPE_MAX,
>   };
> 
>  diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c
>  index d113ee4..1965d0d 100644
>  --- a/virt/kvm/arm/pmu.c
>  +++ b/virt/kvm/arm/pmu.c
>  @@ -19,6 +19,7 @@
>   #include 
>   #include 
>   #include 
>  +#include 
>   #include 
>   #include 
>   #include 
>  @@ -357,3 +358,117 @@ void kvm_pmu_set_counter_event_type(struct 
>  kvm_vcpu *vcpu, u64 data,
> 
>   pmc->perf_event = event;
>   }
>  +
>  +static inline bool kvm_arm_pmu_initialized(struct kvm_vcpu *vcpu)
>  +{
>  +return vcpu->arch.pmu.irq_num != -1;
>  +}
>  +
>  +static int kvm_arm_pmu_irq_access(struct kvm *kvm, int *irq, bool 
>  is_set)
>  +{
>  +int j;
>  +struct kvm_vcpu *vcpu;
>  +
>  +kvm_for_each_vcpu(j, vcpu, kvm) {
>  +struct kvm_pmu *pmu = >arch.pmu;
>  +
>  +if (!is_set) {
>  +if (!kvm_arm_pmu_initialized(vcpu))
>  +return -EBUSY;
> >> Returning -EBUSY is a bit odd. Maybe -EINVAL? But this seems weird
> >> anyway. Actually, why would you return an error in this case?
> >>
> > While this is a unexpected operation from user space and it's already 
> > initialized and working, so I 

Re: [Qemu-devel] [PATCH v5 02/10] acpi: extend aml_interrupt() to support multiple irqs

[Shannon Zhao]

On 2015/12/16 0:55, Peter Maydell wrote:

On 11 December 2015 at 03:21, Shannon Zhao  wrote:

>From: Igor Mammedov
>
>ASL Interrupt() macro translates to Extended Interrupt Descriptor
>which supports variable number of IRQs. It will be used for
>conversion of ASL code for pc/q35 machines that use it for
>returning several IRQs in _PSR object.
>
>Signed-off-by: Igor Mammedov
>Reviewed-by: Shannon Zhao

Shannon, this one needs your Signed-off-by too.

Signed-off-by: Shannon Zhao 

Thanks,
--
Shannon

[Qemu-devel] [PATCH 2/6] migration: Add state records for migration incoming

[Dr. David Alan Gilbert (git)]

From: zhanghailiang 

For migration destination, we also need to know its state,
we will use it in COLO.

Here we add a new member 'state' for MigrationIncomingState,
and also use migrate_set_state() to modify its value.

Signed-off-by: zhanghailiang 

dgilbert: Fixed early free of MigraitonIncomingState
Signed-off-by: Dr. David Alan Gilbert 
---
 include/migration/migration.h |  1 +
 migration/migration.c | 16 ++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 8340432..4912e7a 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -105,6 +105,7 @@ struct MigrationIncomingState {
 QemuMutex rp_mutex;/* We send replies from multiple threads */
 void *postcopy_tmp_page;
 
+int state;
 /* See savevm.c */
 LoadStateEntry_Head loadvm_handlers;
 };
diff --git a/migration/migration.c b/migration/migration.c
index ba6d4f6..50fe218 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -111,6 +111,7 @@ MigrationIncomingState 
*migration_incoming_state_new(QEMUFile* f)
 {
 mis_current = g_new0(MigrationIncomingState, 1);
 mis_current->from_src_file = f;
+mis_current->state = MIGRATION_STATUS_NONE;
 QLIST_INIT(_current->loadvm_handlers);
 qemu_mutex_init(_current->rp_mutex);
 qemu_event_init(_current->main_thread_load_event, false);
@@ -331,8 +332,8 @@ static void process_incoming_migration_co(void *opaque)
 
 mis = migration_incoming_state_new(f);
 postcopy_state_set(POSTCOPY_INCOMING_NONE);
-migrate_generate_event(MIGRATION_STATUS_ACTIVE);
-
+migrate_set_state(>state, MIGRATION_STATUS_NONE,
+  MIGRATION_STATUS_ACTIVE);
 ret = qemu_loadvm_state(f);
 
 ps = postcopy_state_get();
@@ -358,10 +359,10 @@ static void process_incoming_migration_co(void *opaque)
 
 qemu_fclose(f);
 free_xbzrle_decoded_buf();
-migration_incoming_state_destroy();
 
 if (ret < 0) {
-migrate_generate_event(MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_FAILED);
 error_report("load of migration failed: %s", strerror(-ret));
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
@@ -370,7 +371,8 @@ static void process_incoming_migration_co(void *opaque)
 /* Make sure all file formats flush their mutable metadata */
 bdrv_invalidate_cache_all(_err);
 if (local_err) {
-migrate_generate_event(MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_FAILED);
 error_report_err(local_err);
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
@@ -402,7 +404,9 @@ static void process_incoming_migration_co(void *opaque)
  * observer sees this event they might start to prod at the VM assuming
  * it's ready to use.
  */
-migrate_generate_event(MIGRATION_STATUS_COMPLETED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_COMPLETED);
+migration_incoming_state_destroy();
 }
 
 void process_incoming_migration(QEMUFile *f)
-- 
2.5.0

Re: [Qemu-devel] [PATCH] rtc: introduce nmi disable bit handler for cmos

[Radim Krcmar]

2015-12-15 05:43-0500, Paolo Bonzini:
>> Hi Paolo,
>> 
>> /* for KVM_GET/SET_VCPU_EVENTS */
>> struct kvm_vcpu_events {
>>  ...
>> struct {
>>  __u8 injected;
>>  __u8 pending;
>>  __u8 masked;
>>  __u8 pad;
>>  } nmi;
>>  ...
>> 
>> I found that the nmi.masked property does these enable or disable NMI jobs.
>> So, I think we don't need to add a new bit. Right?
> 
> nmi.masked says whether the CPU is accepting the NMIs, and is cleared
> by the next IRET instruction.  This is a different thing; it probably
> shouldn't affect NMI IPIs, and it definitely should remain set until
> cleared via the RTC.  So it should be something like
> 
> _u8 external_nmi_disabled;
> 
> or similar.
> 
> *However* I found this in the ICH9 datasheet:
> 
> The ICH9's I/O APIC can only send interrupts due to interrupts which
> do not include SMI, NMI or INIT. This means that in IA-32/Intel ® 64
> based platforms, Front Side Bus interrupt message format delivery modes
> 010 (SMI/PMI), 100 (NMI), and 101 (INIT) as indicated in this section,
> must not be used and is not supported.
> 
> In theory the PIIX4 could deliver such messages, but perhaps we could
> disable them in the KVM IOAPIC.  If we do this, there is no need for a
> change to struct kvm_vcpu_events, because all external NMI sources will
> be in userspace.
> 
> Radim, what do you think?

I looked at the 440fx, piix, and 82083aa(ioapic) datasheets and the
NMI_EN bit doesn't seem to be propagated into the IOAPIC.
The IOAPIC datasheet doesn't mention a thing about NMI masking and PIIX4
generates NMI on SERR# or IOCHK# so it seems that the NMI_EN feature
only changes the behavior of those two ...

I think it's best to do nothing in KVM.

(q35 guests shouldn't configure IOAPIC to send unsupported messages and
 disabling SMI/NMI/INIT in the in-kernel IOAPIC for piix is risky.)

[Qemu-devel] [PATCH 3/6] Postcopy: Send events/change state on incoming side

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

I missed the calls to send migration events on the destination side
as we enter postcopy.
Take care when adding them not to do it after state has been freed.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/savevm.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index 0ad1b93..c469bad 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1399,6 +1399,8 @@ static void *postcopy_ram_listen_thread(void *opaque)
 MigrationIncomingState *mis = migration_incoming_get_current();
 int load_res;
 
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+   MIGRATION_STATUS_POSTCOPY_ACTIVE);
 qemu_sem_post(>listen_thread_sem);
 trace_postcopy_ram_listen_thread_start();
 
@@ -1415,6 +1417,8 @@ static void *postcopy_ram_listen_thread(void *opaque)
 if (load_res < 0) {
 error_report("%s: loadvm failed: %d", __func__, load_res);
 qemu_file_set_error(f, load_res);
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+   MIGRATION_STATUS_FAILED);
 } else {
 /*
  * This looks good, but it's possible that the device loading in the
@@ -1424,13 +1428,6 @@ static void *postcopy_ram_listen_thread(void *opaque)
 qemu_event_wait(>main_thread_load_event);
 }
 postcopy_ram_incoming_cleanup(mis);
-/*
- * If everything has worked fine, then the main thread has waited
- * for us to start, and we're the last use of the mis.
- * (If something broke then qemu will have to exit anyway since it's
- * got a bad migration state).
- */
-migration_incoming_state_destroy();
 
 if (load_res < 0) {
 /*
@@ -1442,6 +1439,17 @@ static void *postcopy_ram_listen_thread(void *opaque)
 exit(EXIT_FAILURE);
 }
 
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+   MIGRATION_STATUS_COMPLETED);
+/*
+ * If everything has worked fine, then the main thread has waited
+ * for us to start, and we're the last use of the mis.
+ * (If something broke then qemu will have to exit anyway since it's
+ * got a bad migration state).
+ */
+migration_incoming_state_destroy();
+
+
 return NULL;
 }
 
-- 
2.5.0

Re: [Qemu-devel] [PATCH] target-arm: Fix and improve AA32 singlestep translation completion code

[Peter Maydell]

On 25 November 2015 at 18:02, Sergey Fedorov  wrote:
> The AArch32 translation completion code for singlestep enabled/active
> case was a way more confusing and too repetitive then it needs to be.
> Probably that was the cause for a bug to be introduced into it at some
> point. The bug was that SWI/HVC/SMC exception would be generated in
> condition-failed instruction code path whereas it shouldn't.
>
> This patch rewrites the code in a way similar to the non-singlestep
> case.
>
> In the condition-passed/unconditional instruction code path we need to:
>  - Write the condexec bits back to the CPU state
>  - Advance the singlestep state machine and generate a corresponding
>exception in case of SWI/HVC/SMC
>  - Write the PC back to the CPU state if it hasn't already been written
>and generate an appropriate singlestep exception otherwise
>
> In the condition-failed instruction code path we need to:
>  - Set a TCG label to jump to it if the condition is failed
>  - Write the condexec bits back to the CPU state
>  - Write the PC back to the CPU state since it hasn't been written in
>this case
>  - Generate an appropriate singlestep exception
>
> Signed-off-by: Sergey Fedorov 

This looks much clearer than the code we had, and the parallel
between the singlestep code and the non-singlestep code is nice.

Applied to target-arm.next, thanks.

-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH v2 1/2] Use error_fatal to simplify obvious fatal errors

[Peter Maydell]

On 14 December 2015 at 19:25, Markus Armbruster  wrote:
> Eduardo Habkost  writes:
>
>> On Thu, Dec 10, 2015 at 05:29:14PM +0100, Markus Armbruster wrote:
>>> Done with this admittedly crude Coccinelle semantic patch:
>>>
>>
>> Reviewed-by: Eduardo Habkost 
>>
>> You can rewrite the semantic patch as:
[...]
>> Coccinelle seems to have some magic to make "LIST," also match
>> with an empty list.
>
> Same output as my script, except it doesn't mess up zynq_init().  Sold!

Do you mean by this that you're planning to send a v3, or would you
like me to apply v2 to target-arm.next?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 3/5] xilinx_spips: Seperate the state struct into a header

[Peter Maydell]

On 23 November 2015 at 08:54, Alistair Francis
 wrote:
> Seperate out the XilinxSPIPS struct into a seperate header
> file.

If you need to respin this series it would be nice to fix
the typos here and in the subject: it is "separate".

thanks
-- PMM

[Qemu-devel] [PATCH 6/6] multithread decompression: Avoid one copy

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

qemu_get_buffer does a copy, we can avoid the memcpy, and
we can then remove the extra buffer.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/ram.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 994552c..2da3b51 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -286,7 +286,6 @@ static bool quit_comp_thread;
 static bool quit_decomp_thread;
 static DecompressParam *decomp_param;
 static QemuThread *decompress_threads;
-static uint8_t *compressed_data_buf;
 
 static int do_compress_ram_page(CompressParam *param);
 
@@ -2207,7 +2206,6 @@ void migrate_decompress_threads_create(void)
 thread_count = migrate_decompress_threads();
 decompress_threads = g_new0(QemuThread, thread_count);
 decomp_param = g_new0(DecompressParam, thread_count);
-compressed_data_buf = g_malloc0(compressBound(TARGET_PAGE_SIZE));
 quit_decomp_thread = false;
 for (i = 0; i < thread_count; i++) {
 qemu_mutex_init(_param[i].mutex);
@@ -2238,13 +2236,11 @@ void migrate_decompress_threads_join(void)
 }
 g_free(decompress_threads);
 g_free(decomp_param);
-g_free(compressed_data_buf);
 decompress_threads = NULL;
 decomp_param = NULL;
-compressed_data_buf = NULL;
 }
 
-static void decompress_data_with_multi_threads(uint8_t *compbuf,
+static void decompress_data_with_multi_threads(QEMUFile *f,
void *host, int len)
 {
 int idx, thread_count;
@@ -2253,7 +2249,7 @@ static void decompress_data_with_multi_threads(uint8_t 
*compbuf,
 while (true) {
 for (idx = 0; idx < thread_count; idx++) {
 if (!decomp_param[idx].start) {
-memcpy(decomp_param[idx].compbuf, compbuf, len);
+qemu_get_buffer(f, decomp_param[idx].compbuf, len);
 decomp_param[idx].des = host;
 decomp_param[idx].len = len;
 start_decompression(_param[idx]);
@@ -2498,8 +2494,7 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 ret = -EINVAL;
 break;
 }
-qemu_get_buffer(f, compressed_data_buf, len);
-decompress_data_with_multi_threads(compressed_data_buf, host, len);
+decompress_data_with_multi_threads(f, host, len);
 break;
 
 case RAM_SAVE_FLAG_XBZRLE:
-- 
2.5.0

[Qemu-devel] [PATCH 4/6] Migration: Emit event at start of pass

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Emit an event each time we sync the dirty bitmap on the source;
this helps libvirt use postcopy by giving it a kick when it
might be a good idea to start the postcopy.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/ram.c |  4 
 qapi/event.json | 11 +++
 2 files changed, 15 insertions(+)

diff --git a/migration/ram.c b/migration/ram.c
index 0490f00..102d1f2 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -27,6 +27,7 @@
  */
 #include 
 #include 
+#include "qapi-event.h"
 #include "qemu/bitops.h"
 #include "qemu/bitmap.h"
 #include "qemu/timer.h"
@@ -682,6 +683,9 @@ static void migration_bitmap_sync(void)
 num_dirty_pages_period = 0;
 }
 s->dirty_sync_count = bitmap_sync_count;
+if (migrate_use_events()) {
+qapi_event_send_migration_pass(bitmap_sync_count, NULL);
+}
 }
 
 /**
diff --git a/qapi/event.json b/qapi/event.json
index f0cef01..2440dbc 100644
--- a/qapi/event.json
+++ b/qapi/event.json
@@ -255,6 +255,17 @@
   'data': {'status': 'MigrationStatus'}}
 
 ##
+# @MIGRATION_PASS
+#
+# Emitted from the source side of a migration at the start of each pass
+# (when it syncs the dirty bitmap)
+#
+# Since: 2.6
+##
+{ 'event': 'MIGRATION_PASS',
+  'data': { 'pass': 'int' } }
+
+##
 # @ACPI_DEVICE_OST
 #
 # Emitted when guest executes ACPI _OST method.
-- 
2.5.0

Re: [Qemu-devel] [RFC PATCH 0/6] decouple board headers from cpu.h

[Paolo Bonzini]

On 15/12/2015 17:06, Peter Maydell wrote:
> > These patches are perhaps the only somewhat controversial part.
> > Generally, we add opaque typedefs to typedefs.h in order to avoid
> > indirect header inclusions.  However, this might not be desirable
> > for target specific types such as FooCPU.  These types are used
> > mostly in headers for boards, and thus this series uses struct
> > explicitly in those headers.  Adding a typedef breaks on older
> > compilers that do not like redefinitions of typedefs.
>
> I would prefer us to provide the typedef. There's no problem
> with older compilers because you just only define the typedef
> in one place (typically in typedefs.h).

typedefs.h generally has target-independent types only (the only
exception is AllwinnerAHCIState; plus FWCfg* and uWireSlave are close
misses).  I thought about adding target-arm/typedefs.h or
hw/arm/typedefs.h, but it seemed weird to do that for one type only.

But yes, we can do that too.  I went this way first just to check how
many files were affected.

Paolo

Re: [Qemu-devel] [PATCH] net: Inform the user about deprecated -net options

[Thomas Huth]

On 15/12/15 13:51, Paolo Bonzini wrote:
> 
> On 15/12/2015 12:46, Thomas Huth wrote:
>> We likely don't want to maintain the legacy -net options forever,
>> so let's start informing the users that this option will be
>> removed in a future version. However, there are two cases where
>> we should not spill out a message yet: First is the "-net nic"
>> option which might still be required to configure on-board NICs
>> that can not be handled via "-netdev" yet, and second is the
>> "-net user" default option that is created automatically when
>> no other networking option has been specified.
>>
>> Signed-off-by: Thomas Huth 
>> ---
>>  net/net.c | 6 ++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/net/net.c b/net/net.c
>> index ade6051..2593961 100644
>> --- a/net/net.c
>> +++ b/net/net.c
>> @@ -1006,6 +1006,12 @@ static int net_client_init1(const void *object, int 
>> is_netdev, Error **errp)
>>  return -1;
>>  }
>>  
>> +if (opts->type != NET_CLIENT_OPTIONS_KIND_NIC &&
>> +(!default_net || opts->type != NET_CLIENT_OPTIONS_KIND_USER)) {
>> +error_report("Deprecated net option - "
>> + "this will be removed in a future version!");
>> +}
> 
> Honestly, I still do not believe that they will be removed.  They are
> little more than syntactic sugar at this point.

As far as I can tell, that "-net" vs. "-netdev" dualism causes quite often 
confusion
for the users. Some options work with "-net", some only work with "-netdev",
and the ones that work with both often also behave slightly differently (see
[1] for example). I've already had to deal with a bug ticket in this area, and
it's just cumbersome to always find out and explain the differences.

One other example is the "-net nic,model=?" help text. It is inaccurate for a
couple of machines - and if somebody tries to fix problems like this, you're
often told something like "oh, it's the legacy -net option, simply forget about
that" [2].

And if you additionally ever had to deal with all that vlan code and duplicated
option parsing stuff in the net/ code, then you certainly do not think anymore
that this is just a little bit more than "syntactic sugar".

I'm fine if we keep the "-net" options for a couple of more versions of QEMU,
but we should be prepared to be able to remove it quickly once it is getting 
into
the way again too much. So we better start nagging the users about "-net" being
deprecated now, than discovering later that we have to deal with this legacy
stuff for longer than we would like to.

 Thomas


[1] 
http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/cannot-set-mac-address-with-qemu-4175490716/
[2] https://lists.gnu.org/archive/html/qemu-ppc/2013-10/msg00088.html

Re: [Qemu-devel] [PATCH v1 00/15] data-driven device registers

[Peter Maydell]

On 30 October 2015 at 08:06, Peter Maydell  wrote:
> On 30 October 2015 at 06:52, Peter Crosthwaite
>  wrote:
>> Ping^3
>>
>> This has been on list for a very long time without 3rd party review.
>> Can I send a PULL?
>
> I would prefer not to take a new unreviewed feature
> in softfreeze for 2.5...

Since we're now about to come out of 2.5 freeze I guess I
should write something about this patchset. I don't have any
fundamental objections to it, but it doesn't really excite me
either. I would like to see it reviewed by somebody else who
does think it's a good idea, because I think that increases
the chances that we will get general use of the facilities
rather than it being an odd thing used by a few Xilinx device
models and nothing else.

I hope that makes sense and doesn't seem too arbitrary a
hurdle to make you jump?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 02/10] acpi: extend aml_interrupt() to support multiple irqs

[Peter Maydell]

On 11 December 2015 at 03:21, Shannon Zhao  wrote:
> From: Igor Mammedov 
>
> ASL Interrupt() macro translates to Extended Interrupt Descriptor
> which supports variable number of IRQs. It will be used for
> conversion of ASL code for pc/q35 machines that use it for
> returning several IRQs in _PSR object.
>
> Signed-off-by: Igor Mammedov 
> Reviewed-by: Shannon Zhao 

Shannon, this one needs your Signed-off-by too.

thanks
-- PMM

Re: [Qemu-devel] [RFC PATCH v0 8/9] target-i386: Set apic_id during CPU initfn

[Bharata B Rao]

On Mon, Dec 14, 2015 at 03:44:06PM -0200, Eduardo Habkost wrote:
> On Thu, Dec 10, 2015 at 11:45:43AM +0530, Bharata B Rao wrote:
> > Move back the setting of apic_id to instance_init routine (x86_cpu_initfn)
> > This is needed to initialize X86 CPUs using generic cpu-package device.
> 
> Could you explain where exactly apic_id will be used, to make it
> necessary to initialize it earlier?

There is a check in x86_cpu_realizefn() to see if apic_id has been
initialized properly. Hence I thought x86 target will require apic_id
to have been initialized before CPU realization and that is what
the existing code does via pc_cpus_init() and pc_new_cpu(). i.e.,
apic_id property is set before setting the realize property to true.
However...

> 
> > 
> > TODO: I am not fully aware of the general direction in which apic_id
> > changes in X86 have evolved and hence not sure if this is indeed aligned 
> > with
> > the X86 way of doing things. This is just to help the PoC implementation
> > that I have in this patchset to convert PC CPUs initialization into
> > cpu-package device based initialization.
> 
> You shouldn't initialize apic_id on initfn. APIC ID depends (and
> will depend) on different CPU properties related to topology,
> including (but not limited to) CPU index and CPU topology
> properties we may introduce in the future, so it should be done
> later (at realize time), not on initfn.

... with the current patchset, I just experimented now by moving the setting
of apic_id to x86_cpu_realizefn() and things work just fine. I was in fact
pleasantly surprised to see that I could hot add a cpu core by hot plugging
the cpu-core device on x86 too.

> 
> Also, cpu_index is initialized by cpu_exec_init(), and
> cpu_exec_init() must not be called by initfn. The cpu_exec_init()
> call should (and will) be moved to realize in x86 and all other
> architectures.

Right, I have already moved cpu_exec_init() call to realizefn for PowerPC.

Regards,
Bharata.

Re: [Qemu-devel] [RFC v6 00/14] Slow-path for atomic instruction translation

[alvise rigo]

Hi Andreas,

On Mon, Dec 14, 2015 at 11:09 PM, Andreas Tobler  wrote:
> Alvise,
>
> On 14.12.15 09:41, Alvise Rigo wrote:
>>
>> This is the sixth iteration of the patch series which applies to the
>> upstream branch of QEMU (v2.5.0-rc3).
>>
>> Changes versus previous versions are at the bottom of this cover letter.
>>
>> The code is also available at following repository:
>> https://git.virtualopensystems.com/dev/qemu-mt.git
>> branch:
>> slowpath-for-atomic-v6-no-mttcg
>
>
> Thank you very much for this work. I tried to rebase myself, but it was over
> my head.
>
> I'm looking for a qemu solution where I can use my cores.
>
> My use case is doing gcc porting for aarch64-*-freebsd*. I think it doesn't
> matter which OS. This arch has not enough real affordable HW solutions on
> the market yet. So I was looking for your solution. Claudio gave me a hint
> about it.
>
> Your recent merge/rebase only covers arm itself, not aarch64, right?

Indeed, only arm. Keep in mind that this patch series applies to the
upstream version of QEMU, not to the mttcg branch.
In other words, the repo includes a version of QEMU which is
single-threaded with some changes for the atomic instructions handling
in sight of a multi-threaded emulation.

>
> Linking fails with unreferenced cpu_exclusive_addr stuff in
> target-arm/translate-a64.c

Even if aarch64 is not supported, this error should not happen. My
fault, I will fix it in the coming version.

>
> Are you working on this already? Or Claudio?

As soon as the mttcg branch will be updated, I will rebase this patch
series on top of the new branch, and possibly I will also cover the
aarch64 architecture.

Thank you,
alvise

>
>> This work has been sponsored by Huawei Technologies Duesseldorf GmbH.
>
>
> ...
>
> Thank you!
> Andreas
>

[Qemu-devel] [PATCH COLO-Frame v12 38/38] COLO: Add block replication into colo process

[zhanghailiang]

Make sure master start block replication after slave's block replication 
started.

Signed-off-by: zhanghailiang 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
 migration/colo.c | 60 
 trace-events |  2 ++
 2 files changed, 62 insertions(+)

diff --git a/migration/colo.c b/migration/colo.c
index b7a7ad6..d748fb5 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -21,6 +21,7 @@
 #include "qapi-event.h"
 #include "net/filter.h"
 #include "net/net.h"
+#include "block/block_int.h"
 
 static bool vmstate_loading;
 
@@ -55,6 +56,7 @@ static void secondary_vm_do_failover(void)
 {
 int old_state;
 MigrationIncomingState *mis = migration_incoming_get_current();
+Error *local_err = NULL;
 
 /* Can not do failover during the process of VM's loading VMstate, Or
   * it will break the secondary VM.
@@ -72,6 +74,12 @@ static void secondary_vm_do_failover(void)
 migrate_set_state(>state, MIGRATION_STATUS_COLO,
   MIGRATION_STATUS_COMPLETED);
 
+bdrv_stop_replication_all(true, _err);
+if (local_err) {
+error_report_err(local_err);
+}
+trace_colo_stop_block_replication("failover");
+
 if (!autostart) {
 error_report("\"-S\" qemu option will be ignored in secondary side");
 /* recover runstate to normal migration finish state */
@@ -107,6 +115,7 @@ static void primary_vm_do_failover(void)
 {
 MigrationState *s = migrate_get_current();
 int old_state;
+Error *local_err = NULL;
 
 migrate_set_state(>state, MIGRATION_STATUS_COLO,
   MIGRATION_STATUS_COMPLETED);
@@ -134,6 +143,12 @@ static void primary_vm_do_failover(void)
 qemu_set_default_filters_status(false);
 /* Flush the residuary buffered packts */
 qemu_release_default_filters_packets();
+
+bdrv_stop_replication_all(true, _err);
+if (local_err) {
+error_report_err(local_err);
+}
+trace_colo_stop_block_replication("failover");
 }
 
 void colo_do_failover(MigrationState *s)
@@ -240,6 +255,7 @@ static int colo_do_checkpoint_transaction(MigrationState *s,
 int colo_shutdown;
 size_t size;
 QEMUFile *trans = NULL;
+Error *local_err = NULL;
 
 ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_CHECKPOINT_REQUEST);
 if (ret < 0) {
@@ -278,6 +294,16 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s,
 goto out;
 }
 
+/* we call this api although this may do nothing on primary side */
+qemu_mutex_lock_iothread();
+bdrv_do_checkpoint_all(_err);
+qemu_mutex_unlock_iothread();
+if (local_err) {
+error_report_err(local_err);
+ret = -1;
+goto out;
+}
+
 ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_VMSTATE_SEND);
 if (ret < 0) {
 goto out;
@@ -324,6 +350,10 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s,
 qemu_release_default_filters_packets();
 
 if (colo_shutdown) {
+qemu_mutex_lock_iothread();
+bdrv_stop_replication_all(false, NULL);
+trace_colo_stop_block_replication("shutdown");
+qemu_mutex_unlock_iothread();
 colo_put_cmd(s->to_dst_file, COLO_COMMAND_GUEST_SHUTDOWN);
 qemu_fflush(s->to_dst_file);
 colo_shutdown_requested = 0;
@@ -378,6 +408,7 @@ static void colo_process_checkpoint(MigrationState *s)
 QEMUSizedBuffer *buffer = NULL;
 int64_t current_time, checkpoint_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 int ret = 0;
+Error *local_err = NULL;
 
 failover_init_state();
 ret = colo_init_buffer_filters();
@@ -414,6 +445,15 @@ static void colo_process_checkpoint(MigrationState *s)
 }
 
 qemu_mutex_lock_iothread();
+/* start block replication */
+bdrv_start_replication_all(REPLICATION_MODE_PRIMARY, _err);
+if (local_err) {
+qemu_mutex_unlock_iothread();
+error_report_err(local_err);
+ret = -EINVAL;
+goto out;
+}
+trace_colo_start_block_replication();
 vm_start();
 qemu_mutex_unlock_iothread();
 trace_colo_vm_state_change("stop", "run");
@@ -506,6 +546,8 @@ static int colo_wait_handle_cmd(QEMUFile *f, int 
*checkpoint_request)
 case COLO_COMMAND_GUEST_SHUTDOWN:
 qemu_mutex_lock_iothread();
 vm_stop_force_state(RUN_STATE_COLO);
+bdrv_stop_replication_all(false, NULL);
+trace_colo_stop_block_replication("shutdown");
 qemu_system_shutdown_request_core();
 qemu_mutex_unlock_iothread();
 /* the main thread will exit and termiante the whole
@@ -537,6 +579,7 @@ void *colo_process_incoming_thread(void *opaque)
 uint64_t  total_size;
 int ret = 0;
 uint64_t value;
+Error *local_err = NULL;
 
 migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_COLO);
@@ -572,6 +615,16 @@ 

[Qemu-devel] [PATCH COLO-Frame v12 18/38] COLO: Flush PVM's cached RAM into SVM's memory

[zhanghailiang]

During the time of VM's running, PVM may dirty some pages, we will transfer
PVM's dirty pages to SVM and store them into SVM's RAM cache at next checkpoint
time. So, the content of SVM's RAM cache will always be some with PVM's memory
after checkpoint.

Instead of flushing all content of PVM's RAM cache into SVM's MEMORY,
we do this in a more efficient way:
Only flush any page that dirtied by PVM since last checkpoint.
In this way, we can ensure SVM's memory same with PVM's.

Besides, we must ensure flush RAM cache before load device state.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add a trace point in the end of colo_flush_ram_cache() (Dave's suggestion)
- Add Reviewed-by tag
v11:
- Move the place of 'need_flush' (Dave's suggestion)
- Remove unused 'DPRINTF("Flush ram_cache\n")'
v10:
- trace the number of dirty pages that be received.

Signed-off-by: zhanghailiang 
---
 include/migration/migration.h |  1 +
 migration/colo.c  |  2 --
 migration/ram.c   | 38 ++
 trace-events  |  2 ++
 4 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index e41372d..221176b 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -336,4 +336,5 @@ PostcopyState postcopy_state_set(PostcopyState new_state);
 /* ram cache */
 int colo_init_ram_cache(void);
 void colo_release_ram_cache(void);
+void colo_flush_ram_cache(void);
 #endif
diff --git a/migration/colo.c b/migration/colo.c
index a4d49ff..e40cdb9 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -401,8 +401,6 @@ void *colo_process_incoming_thread(void *opaque)
 }
 qemu_mutex_unlock_iothread();
 
-/* TODO: flush vm state */
-
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_VMSTATE_LOADED);
 if (ret < 0) {
 goto out;
diff --git a/migration/ram.c b/migration/ram.c
index 3d5947b..8ff7f7c 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2458,6 +2458,7 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
  * be atomic
  */
 bool postcopy_running = postcopy_state_get() >= 
POSTCOPY_INCOMING_LISTENING;
+bool need_flush = false;
 
 seq_iter++;
 
@@ -2492,6 +2493,7 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 /* After going into COLO, we should load the Page into colo_cache 
*/
 if (ram_cache_enable) {
 host = colo_cache_from_block_offset(block, addr);
+need_flush = true;
 } else {
 host = host_from_ram_block_offset(block, addr);
 }
@@ -2585,6 +2587,10 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 }
 
 rcu_read_unlock();
+
+if (!ret  && ram_cache_enable && need_flush) {
+colo_flush_ram_cache();
+}
 DPRINTF("Completed load of VM with exit code %d seq iteration "
 "%" PRIu64 "\n", ret, seq_iter);
 return ret;
@@ -2657,6 +2663,38 @@ void colo_release_ram_cache(void)
 rcu_read_unlock();
 }
 
+/*
+ * Flush content of RAM cache into SVM's memory.
+ * Only flush the pages that be dirtied by PVM or SVM or both.
+ */
+void colo_flush_ram_cache(void)
+{
+RAMBlock *block = NULL;
+void *dst_host;
+void *src_host;
+ram_addr_t offset = 0;
+
+trace_colo_flush_ram_cache_begin(migration_dirty_pages);
+rcu_read_lock();
+block = QLIST_FIRST_RCU(_list.blocks);
+while (block) {
+ram_addr_t ram_addr_abs;
+offset = migration_bitmap_find_dirty(block, offset, _addr_abs);
+migration_bitmap_clear_dirty(ram_addr_abs);
+if (offset >= block->used_length) {
+offset = 0;
+block = QLIST_NEXT_RCU(block, next);
+} else {
+dst_host = block->host + offset;
+src_host = block->colo_cache + offset;
+memcpy(dst_host, src_host, TARGET_PAGE_SIZE);
+}
+}
+rcu_read_unlock();
+trace_colo_flush_ram_cache_end();
+assert(migration_dirty_pages == 0);
+}
+
 static SaveVMHandlers savevm_ram_handlers = {
 .save_live_setup = ram_save_setup,
 .save_live_iterate = ram_save_iterate,
diff --git a/trace-events b/trace-events
index 39fdd8d..7f76029 100644
--- a/trace-events
+++ b/trace-events
@@ -1264,6 +1264,8 @@ migration_throttle(void) ""
 ram_load_postcopy_loop(uint64_t addr, int flags) "@%" PRIx64 " %x"
 ram_postcopy_send_discard_bitmap(void) ""
 ram_save_queue_pages(const char *rbname, size_t start, size_t len) "%s: start: 
%zx len: %zx"
+colo_flush_ram_cache_begin(uint64_t dirty_pages) "dirty_pages %" PRIu64
+colo_flush_ram_cache_end(void) ""
 
 # hw/display/qxl.c
 disable 

[Qemu-devel] [PATCH COLO-Frame v12 27/38] COLO failover: Don't do failover during loading VM's state

[zhanghailiang]

We should not do failover work while the main thread is loading
VM's state, otherwise it will destroy the consistent of VM's memory and
device state.

Here we add a new failover status 'RELAUNCH' which means we should
relaunch the process of failover.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
 include/migration/failover.h |  2 ++
 migration/colo.c | 25 +
 2 files changed, 27 insertions(+)

diff --git a/include/migration/failover.h b/include/migration/failover.h
index fba3931..e115d25 100644
--- a/include/migration/failover.h
+++ b/include/migration/failover.h
@@ -20,6 +20,8 @@ typedef enum COLOFailoverStatus {
 FAILOVER_STATUS_REQUEST = 1, /* Request but not handled */
 FAILOVER_STATUS_HANDLING = 2, /* In the process of handling failover */
 FAILOVER_STATUS_COMPLETED = 3, /* Finish the failover process */
+/* Optional, Relaunch the failover process, again 'NONE' -> 'COMPLETED' */
+FAILOVER_STATUS_RELAUNCH = 4,
 } COLOFailoverStatus;
 
 void failover_init_state(void);
diff --git a/migration/colo.c b/migration/colo.c
index 58531e7..f4bb661 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -20,6 +20,8 @@
 #include "migration/failover.h"
 #include "qapi-event.h"
 
+static bool vmstate_loading;
+
 /* colo buffer */
 #define COLO_BUFFER_BASE_SIZE (4 * 1024 * 1024)
 
@@ -52,6 +54,19 @@ static void secondary_vm_do_failover(void)
 int old_state;
 MigrationIncomingState *mis = migration_incoming_get_current();
 
+/* Can not do failover during the process of VM's loading VMstate, Or
+  * it will break the secondary VM.
+  */
+if (vmstate_loading) {
+old_state = failover_set_state(FAILOVER_STATUS_HANDLING,
+   FAILOVER_STATUS_RELAUNCH);
+if (old_state != FAILOVER_STATUS_HANDLING) {
+error_report("Unknow error while do failover for secondary VM,"
+ "old_state: %d", old_state);
+}
+return;
+}
+
 migrate_set_state(>state, MIGRATION_STATUS_COLO,
   MIGRATION_STATUS_COMPLETED);
 
@@ -535,13 +550,23 @@ void *colo_process_incoming_thread(void *opaque)
 
 qemu_mutex_lock_iothread();
 qemu_system_reset(VMRESET_SILENT);
+vmstate_loading = true;
 if (qemu_loadvm_state(fb) < 0) {
 error_report("COLO: loadvm failed");
+vmstate_loading = false;
 qemu_mutex_unlock_iothread();
 goto out;
 }
+
+vmstate_loading = false;
 qemu_mutex_unlock_iothread();
 
+if (failover_get_state() == FAILOVER_STATUS_RELAUNCH) {
+failover_set_state(FAILOVER_STATUS_RELAUNCH, FAILOVER_STATUS_NONE);
+failover_request_active(NULL);
+goto out;
+}
+
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_VMSTATE_LOADED);
 if (ret < 0) {
 goto out;
-- 
1.8.3.1

Re: [Qemu-devel] net: vmxnet3: memory leakage issue

[Jason Wang]

On 12/15/2015 04:00 PM, P J P wrote:
> +-- On Tue, 15 Dec 2015, Dmitry Fleytman wrote --+
> | Hello Prasad,
> | 
> | Looks good.
> | Reviewed-by: Dmitry Fleytman 
>
> Great! Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>

Patch looks good to me. Queued for 2.6 first.

If you want to make this for 2.5, you may probably want to send a formal
patch with my "Reviewed-by: " to Peter directly consider we are near to
release. And use "For 2.5" as a prefix.

Thanks

Re: [Qemu-devel] [RFC PATCH v0 1/9] vl: Don't allow CPU toplogies with partially filled cores

[Bharata B Rao]

On Mon, Dec 14, 2015 at 03:37:52PM -0200, Eduardo Habkost wrote:
> On Fri, Dec 11, 2015 at 08:54:31AM +0530, Bharata B Rao wrote:
> > On Thu, Dec 10, 2015 at 10:25:28AM +, Daniel P. Berrange wrote:
> > > On Thu, Dec 10, 2015 at 11:45:36AM +0530, Bharata B Rao wrote:
> > > > Prevent guests from booting with CPU topologies that have partially
> > > > filled CPU cores or can result in partially filled CPU cores after CPU
> > > > hotplug like
> > > > 
> > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=16 or
> > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=17 or
> > > > 
> > > > Signed-off-by: Bharata B Rao 
> > > > ---
> > > >  vl.c | 13 +
> > > >  1 file changed, 13 insertions(+)
> > > > 
> > > > diff --git a/vl.c b/vl.c
> > > > index 525929b..e656f53 100644
> > > > --- a/vl.c
> > > > +++ b/vl.c
> > > > @@ -1252,6 +1252,19 @@ static void smp_parse(QemuOpts *opts)
> > > >  smp_cores = cores > 0 ? cores : 1;
> > > >  smp_threads = threads > 0 ? threads : 1;
> > > >  
> > > > +if (smp_cpus % smp_threads) {
> > > > +error_report("cpu topology: "
> > > > + "smp_cpus (%u) should be multiple of threads 
> > > > (%u)",
> > > > + smp_cpus, smp_threads);
> > > > +exit(1);
> > > > +}
> > > > +
> > > > +if (max_cpus % smp_threads) {
> > > > +error_report("cpu topology: "
> > > > + "maxcpus (%u) should be multiple of threads 
> > > > (%u)",
> > > > + max_cpus, smp_threads);
> > > > +exit(1);
> > > > +}
> > > >  }
> > > 
> > > Adding this seems like it has a pretty high chance of causing regression,
> > > ie preventing previously working guests from booting with new QEMU. I
> > > know adding the check makes sense from a semantic POV, but are we willing
> > > to risk breaking people with such odd configurations ?
> > 
> > I wasn't sure about how much risk that would be and hence in my older
> > version of PowerPC CPU hotplug patchset, I indeed supported such topologies:
> > 
> > https://lists.gnu.org/archive/html/qemu-ppc/2015-09/msg00102.html
> > 
> > But the code indeed looked ugly to support such special case.
> > 
> > There was some discussion about this recently here:
> > 
> > http://lists.gnu.org/archive/html/qemu-devel/2015-12/msg00396.html
> > 
> > from where I sensed that it may be ok to dis-allow such topologies.
> 
> I want to be as strict as possible and disallow such topologies,
> but Daniel has a point. Maybe we should make those checks
> machine-specific, so we can make pc-*-2.5 and older allow those
> broken configs.
> 
> If we make it a MachineClass::validate_smp_config() method, for
> example, we could make TYPE_MACHINE point to a generic function
> containing the checks you implemented above (so all machines have
> those checks enabled by default), but let pc <= 2.5 override the
> method.

Nice suggestion, will give it a try in the next iteration.

Regards,
Bharata.

[Qemu-devel] [PATCH COLO-Frame v12 25/38] qmp event: Add event notification for COLO error

[zhanghailiang]

If some errors happen during VM's COLO FT stage, it's important to notify the 
users
of this event. Together with 'colo_lost_heartbeat', users can intervene in 
COLO's
failover work immediately.
If users don't want to get involved in COLO's failover verdict,
it is still necessary to notify users that we exited COLO mode.

Cc: Markus Armbruster 
Cc: Michael Roth 
Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
v11:
- Fix several typos found by Eric

Signed-off-by: zhanghailiang 
---
 docs/qmp-events.txt | 17 +
 migration/colo.c| 11 +++
 qapi-schema.json| 16 
 qapi/event.json | 17 +
 4 files changed, 61 insertions(+)

diff --git a/docs/qmp-events.txt b/docs/qmp-events.txt
index d2f1ce4..19f68fc 100644
--- a/docs/qmp-events.txt
+++ b/docs/qmp-events.txt
@@ -184,6 +184,23 @@ Example:
 Note: The "ready to complete" status is always reset by a BLOCK_JOB_ERROR
 event.
 
+COLO_EXIT
+-
+
+Emitted when VM finishes COLO mode due to some errors happening or
+at the request of users.
+
+Data:
+
+ - "mode": COLO mode, primary or secondary side (json-string)
+ - "reason":  the exit reason, internal error or external request. 
(json-string)
+ - "error": error message (json-string, operation)
+
+Example:
+
+{"timestamp": {"seconds": 2032141960, "microseconds": 417172},
+ "event": "COLO_EXIT", "data": {"mode": "primary", "reason": "request" } }
+
 DEVICE_DELETED
 --
 
diff --git a/migration/colo.c b/migration/colo.c
index d1dd4e1..d06c14f 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -18,6 +18,7 @@
 #include "qemu/error-report.h"
 #include "qemu/sockets.h"
 #include "migration/failover.h"
+#include "qapi-event.h"
 
 /* colo buffer */
 #define COLO_BUFFER_BASE_SIZE (4 * 1024 * 1024)
@@ -349,6 +350,11 @@ static void colo_process_checkpoint(MigrationState *s)
 out:
 if (ret < 0) {
 error_report("%s: %s", __func__, strerror(-ret));
+qapi_event_send_colo_exit(COLO_MODE_PRIMARY, COLO_EXIT_REASON_ERROR,
+  true, strerror(-ret), NULL);
+} else {
+qapi_event_send_colo_exit(COLO_MODE_PRIMARY, COLO_EXIT_REASON_REQUEST,
+  false, NULL, NULL);
 }
 
 qsb_free(buffer);
@@ -516,6 +522,11 @@ out:
 if (ret < 0) {
 error_report("colo incoming thread will exit, detect error: %s",
  strerror(-ret));
+qapi_event_send_colo_exit(COLO_MODE_SECONDARY, COLO_EXIT_REASON_ERROR,
+  true, strerror(-ret), NULL);
+} else {
+qapi_event_send_colo_exit(COLO_MODE_SECONDARY, 
COLO_EXIT_REASON_REQUEST,
+  false, NULL, NULL);
 }
 
 if (fb) {
diff --git a/qapi-schema.json b/qapi-schema.json
index feb7d53..f6ecb88 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -778,6 +778,22 @@
   'data': [ 'unknown', 'primary', 'secondary'] }
 
 ##
+# @COLOExitReason
+#
+# The reason for a COLO exit
+#
+# @unknown: unknown reason
+#
+# @request: COLO exit is due to an external request
+#
+# @error: COLO exit is due to an internal error
+#
+# Since: 2.6
+##
+{ 'enum': 'COLOExitReason',
+  'data': [ 'unknown', 'request', 'error'] }
+
+##
 # @x-colo-lost-heartbeat
 #
 # Tell qemu that heartbeat is lost, request it to do takeover procedures.
diff --git a/qapi/event.json b/qapi/event.json
index f0cef01..f63d456 100644
--- a/qapi/event.json
+++ b/qapi/event.json
@@ -255,6 +255,23 @@
   'data': {'status': 'MigrationStatus'}}
 
 ##
+# @COLO_EXIT
+#
+# Emitted when VM finishes COLO mode due to some errors happening or
+# at the request of users.
+#
+# @mode: which COLO mode the VM was in when it exited.
+#
+# @reason: describes the reason for the COLO exit.
+#
+# @error: #optional, error message. Only present on error happening.
+#
+# Since: 2.6
+##
+{ 'event': 'COLO_EXIT',
+  'data': {'mode': 'COLOMode', 'reason': 'COLOExitReason', '*error': 'str' } }
+
+##
 # @ACPI_DEVICE_OST
 #
 # Emitted when guest executes ACPI _OST method.
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 30/38] savevm: Split load vm state function qemu_loadvm_state

[zhanghailiang]

qemu_loadvm_state is too long, and we can simplify it by splitting up
with three helper functions.

Signed-off-by: zhanghailiang 
---
 migration/savevm.c | 161 -
 1 file changed, 97 insertions(+), 64 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index f102870..c7c26d8 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1710,90 +1710,123 @@ void loadvm_free_handlers(MigrationIncomingState *mis)
 }
 }
 
+static int
+qemu_loadvm_section_start_full(QEMUFile *f, MigrationIncomingState *mis)
+{
+uint32_t instance_id, version_id, section_id;
+SaveStateEntry *se;
+LoadStateEntry *le;
+char idstr[256];
+int ret;
+
+/* Read section start */
+section_id = qemu_get_be32(f);
+if (!qemu_get_counted_string(f, idstr)) {
+error_report("Unable to read ID string for section %u",
+ section_id);
+return -EINVAL;
+}
+instance_id = qemu_get_be32(f);
+version_id = qemu_get_be32(f);
+
+trace_qemu_loadvm_state_section_startfull(section_id, idstr,
+instance_id, version_id);
+/* Find savevm section */
+se = find_se(idstr, instance_id);
+if (se == NULL) {
+error_report("Unknown savevm section or instance '%s' %d",
+ idstr, instance_id);
+ret = -EINVAL;
+return ret;
+}
+
+/* Validate version */
+if (version_id > se->version_id) {
+error_report("savevm: unsupported version %d for '%s' v%d",
+ version_id, idstr, se->version_id);
+ret = -EINVAL;
+return ret;
+}
+
+/* Add entry */
+le = g_malloc0(sizeof(*le));
+
+le->se = se;
+le->section_id = section_id;
+le->version_id = version_id;
+QLIST_INSERT_HEAD(>loadvm_handlers, le, entry);
+
+ret = vmstate_load(f, le->se, le->version_id);
+if (ret < 0) {
+error_report("error while loading state for instance 0x%x of"
+ " device '%s'", instance_id, idstr);
+return ret;
+}
+if (!check_section_footer(f, le)) {
+ret = -EINVAL;
+return ret;
+}
+
+return 0;
+}
+
+static int
+qemu_loadvm_section_part_end(QEMUFile *f, MigrationIncomingState *mis)
+{
+uint32_t section_id;
+LoadStateEntry *le;
+int ret;
+
+section_id = qemu_get_be32(f);
+
+trace_qemu_loadvm_state_section_partend(section_id);
+QLIST_FOREACH(le, >loadvm_handlers, entry) {
+if (le->section_id == section_id) {
+break;
+}
+}
+if (le == NULL) {
+error_report("Unknown savevm section %d", section_id);
+ret = -EINVAL;
+return ret;
+}
+
+ret = vmstate_load(f, le->se, le->version_id);
+if (ret < 0) {
+error_report("error while loading state section id %d(%s)",
+ section_id, le->se->idstr);
+return ret;
+}
+if (!check_section_footer(f, le)) {
+ret = -EINVAL;
+return ret;
+}
+
+return 0;
+}
+
 static int qemu_loadvm_state_main(QEMUFile *f, MigrationIncomingState *mis)
 {
 uint8_t section_type;
 int ret;
 
 while ((section_type = qemu_get_byte(f)) != QEMU_VM_EOF) {
-uint32_t instance_id, version_id, section_id;
-SaveStateEntry *se;
-LoadStateEntry *le;
-char idstr[256];
 
 trace_qemu_loadvm_state_section(section_type);
 switch (section_type) {
 case QEMU_VM_SECTION_START:
 case QEMU_VM_SECTION_FULL:
-/* Read section start */
-section_id = qemu_get_be32(f);
-if (!qemu_get_counted_string(f, idstr)) {
-error_report("Unable to read ID string for section %u",
-section_id);
-return -EINVAL;
-}
-instance_id = qemu_get_be32(f);
-version_id = qemu_get_be32(f);
-
-trace_qemu_loadvm_state_section_startfull(section_id, idstr,
-  instance_id, version_id);
-/* Find savevm section */
-se = find_se(idstr, instance_id);
-if (se == NULL) {
-error_report("Unknown savevm section or instance '%s' %d",
- idstr, instance_id);
-return -EINVAL;
-}
-
-/* Validate version */
-if (version_id > se->version_id) {
-error_report("savevm: unsupported version %d for '%s' v%d",
- version_id, idstr, se->version_id);
-return -EINVAL;
-}
-
-/* Add entry */
-le = g_malloc0(sizeof(*le));
-
-le->se = se;
-le->section_id = section_id;
-le->version_id = version_id;
-QLIST_INSERT_HEAD(>loadvm_handlers, le, entry);
-
-ret = vmstate_load(f, le->se, le->version_id);
+ 

Re: [Qemu-devel] net: vmxnet3: memory leakage issue

[P J P]

  Hello Jason,

+-- On Tue, 15 Dec 2015, Jason Wang wrote --+
| Patch looks good to me. Queued for 2.6 first.
| 
| If you want to make this for 2.5, you may probably want to send a formal
| patch with my "Reviewed-by: " to Peter directly consider we are near to
| release. And use "For 2.5" as a prefix.

  Okay, I'll do that.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH] rtc: introduce nmi disable bit handler for cmos

[Gonglei (Arei)]

Hi Paolo,

/* for KVM_GET/SET_VCPU_EVENTS */
struct kvm_vcpu_events {
 ...
struct {
__u8 injected;
__u8 pending;
__u8 masked;
__u8 pad;
} nmi;
 ...

I found that the nmi.masked property does these enable or disable NMI jobs. 
So, I think we don't need to add a new bit. Right?

Regards,
-Gonglei


> -Original Message-
> From: Gonglei (Arei)
> Sent: Tuesday, December 15, 2015 8:58 AM
> To: 'Paolo Bonzini'; qemu-devel@nongnu.org
> Cc: r...@twiddle.net; ehabk...@redhat.com; ke...@koconnor.net; Huangpeng
> (Peter)
> Subject: RE: [PATCH] rtc: introduce nmi disable bit handler for cmos
> 
> > From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> > Sent: Monday, December 14, 2015 9:37 PM
> > On 14/12/2015 14:27, Gonglei (Arei) wrote:
> > >
> > >>
> > >> On 14/12/2015 13:49, Gonglei (Arei) wrote:
> > >>> This patch introduce nmi disable bit handler to fix the problem
> > >>> and make the emulated CMOS like the real hardware.
> > >
> > > I think that this only works with -machine kernel_irqchip=off, 
> > > however.
> > >>> IIRCC, the kernel_irqchip is disabled by default, and we used the
> > >>> default
> > >> value.
> > >>
> > >> No, it's enabled by default.
> > >>
> > >
> > > Okay, yes, I saw the source code again. That means kmod finish the NMI
> > > injection wrok, and the NMI will not pass Qemu side. So, you thought
> > > this patch cannot block NMI injection when kernel_irqchip=on ?
> >
> > I am not sure.  It depends on which NMIs are blocked by the bit.  For
> > example, the IOAPIC can deliver NMIs, and they wouldn't be blocked.
> >
> > Do you have any documentation, to see whether they can actually happen on
> > emulated hardware?  I guess we support the TCO watchdog, so yes.
> >
> Yes, watchdog is one case, and we have another case which need to use NMI
> to
> tell guest do something when guest's cpu stuck or something like that.
> And I can invoke qmp command "inject-nmi" when SeaBIOS try to close NMI by
> invoking rtc_read() or rtc_write().
> 
> After the NMI injection, the guest will reboot:
> 
> [2015-12-14 16:41:57] In resume (status=0)
> [2015-12-14 16:41:57] In 32bit resume
> [2015-12-14 16:41:57] =Attempting a hard reboot
> [2015-12-14 16:41:58] SeaBIOS (version
> rel-1.8.1-0-g4adadbd-20151214_135833-linux-jAPTBr)
> 
> [snip]
> 
> So, I think we should handle those scenarios, just like the real hardware.
> 
> > > Maybe we should pass the nmi_disable bit to Kmod when
> kernel_irqchip=on ,
> > right?
> >
> > Yes, that's the idea.
> >
> That means I have much more work need to do.
> 
> > But first of all, I've read the thread you linked, and I couldn't find the 
> > place
> > where it says that the root cause is NMIs.
> >
> That's complete true. I haven't direct proof, but I think I eliminated
> all possible causes, except NMIs. Of course, if you find any other clues,
> please let me know.
> 
> The most trouble thing is I couldn't reproduce this problem. :(
> 
> Thanks,
> -Gonglei

Re: [Qemu-devel] [PATCH v4 RFC] spec: add qcow2-dirty-bitmaps specification

[Vladimir Sementsov-Ogievskiy]

Thanks everyone for comments!

On 15.12.2015 07:18, Fam Zheng wrote:

On Mon, 12/14 21:05, Max Reitz wrote:

On 14.12.2015 18:43, Vladimir Sementsov-Ogievskiy wrote:

The new feature for qcow2: storing dirty bitmaps.

Only dirty bitmaps relative to this qcow2 image should be stored in it.

Strings started from +# are RFC-strings, not to be commited of course.


Signed-off-by: Vladimir Sementsov-Ogievskiy 
---

  docs/specs/qcow2.txt | 151 ++-
  1 file changed, 150 insertions(+), 1 deletion(-)

Overall: Looks better to me. Good enough for me to ACK it, but I still
have some issues with it.

Let's evaluate the main point of critique I had: I really want this not
to be qemu-specific but potentially useful to all programs.

Pretty good: You do implicitly describe what a (dirty) bitmap looks like
by describing how to obtain the bit offset of a certain byte guest
offset. So it's not an opaque binary data dump anymore.

(Why only "pretty good"? I find the description to be a bit too
"implicit", I think a separate section describing the bitmap structure
would be better.)

Good: The bitmap actually describes the qcow2 file.

Not so good: While now any program knows how to read the bitmap and that
it does refer to this qcow2 file, it's interpretation is not so easy
still. Generally, a dirty bitmap has some reference point, that is the
state of the disk when the bitmap was cleared or created. For instance,
for incremental backups, whenever you create a backup based on a dirty
bitmap, the dirty bitmap is cleared and the backup target is then said
reference point.
I think it would be nice to put that reference point (i.e. the name of
an image file that contains the clean image) into the dirty bitmap
header, if possible.


(Note: I won't comment on orthography, because I feel like that is
something a native speaker should do. O:-))


diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
index 121dfc8..3c89580 100644
--- a/docs/specs/qcow2.txt
+++ b/docs/specs/qcow2.txt
@@ -103,7 +103,17 @@ in the description of a field.
  write to an image with unknown auto-clear features if it
  clears the respective bits from this field first.
  
-Bits 0-63:  Reserved (set to 0)

+Bit 0:  Dirty bitmaps bit.
+This bit is responsible for Dirty bitmaps
+extension consistency.
+If it is set, but there is no Dirty bitmaps
+extensions, this should be considered as an
+error.
+If it is not set, but there is a Dirty bitmaps
+extension, its data should be considered as
+inconsistent.
+
+Bits 1-63:  Reserved (set to 0)
  
   96 -  99:  refcount_order

  Describes the width of a reference count block entry 
(width
@@ -123,6 +133,7 @@ be stored. Each extension has a structure like the 
following:
  0x - End of the header extension area
  0xE2792ACA - Backing file format name
  0x6803f857 - Feature name table
+0x23852875 - Dirty bitmaps
  other  - Unknown header extension, can be safely
   ignored
  
@@ -166,6 +177,31 @@ the header extension data. Each entry look like this:

  terminated if it has full length)
  
  
+== Dirty bitmaps ==

+
+Dirty bitmaps is an optional header extension. It provides an ability to store
+dirty bitmaps in a qcow2 image. The data of this extension should be considered
+as consistent only if corresponding auto-clear feature bit is set (see
+autoclear_features above).
+The fields of Dirty bitmaps extension are:
+
+  0 -  3:  nb_dirty_bitmaps
+   The number of dirty bitmaps contained in the image. Valid
+   values: 1 - 65535.

Again, I don't see a reason for why we should impose a strict upper
limit here. I'd prefer "Note that qemu currently only supports up to
65535 dirty bitmaps per image."


+# Let's be strict, the feature should be deleted with deleting last bitmap.

Do you mean unsetting the auto-clear feature bit? Yes, I think that makes sense.


auto-clear bit should be zeroed, of course




+
+  4 -  7:  dirty_bitmap_directory_size
+   Size of the Dirty Bitmap Directory in bytes. It should be
+   equal to sum of sizes of all (nb_dirty_bitmaps) dirty bitmap
+   headers.

No, it "should" not be equal, it *must* be equal. But I think you can
just omit that last sentence, that would be just as fine.


+# This field is necessary to effectively read Dirty Bitmap Directory, because

[Qemu-devel] [PULL 1/5] usb-mtp: use a list for keeping track of children

[Gerd Hoffmann]

From: Bandan Das 

To support adding/removal of objects, we will need to update
the object cache hierarchy we have built internally. Convert
to using a Qlist for easier management.

Signed-off-by: Bandan Das 
Message-id: 1448314625-3855-2-git-send-email-...@redhat.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-mtp.c | 56 
 trace-events |  1 +
 2 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index a276267..10b657d 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -109,8 +109,9 @@ struct MTPObject {
 char *path;
 struct stat  stat;
 MTPObject*parent;
-MTPObject**children;
 uint32_t nchildren;
+QLIST_HEAD(, MTPObject) children;
+QLIST_ENTRY(MTPObject) list;
 bool have_children;
 QTAILQ_ENTRY(MTPObject) next;
 };
@@ -317,15 +318,24 @@ ignore:
 
 static void usb_mtp_object_free(MTPState *s, MTPObject *o)
 {
-int i;
+MTPObject *iter;
+
+if (!o) {
+return;
+}
 
 trace_usb_mtp_object_free(s->dev.addr, o->handle, o->path);
 
 QTAILQ_REMOVE(>objects, o, next);
-for (i = 0; i < o->nchildren; i++) {
-usb_mtp_object_free(s, o->children[i]);
+if (o->parent) {
+QLIST_REMOVE(o, list);
+o->parent->nchildren--;
+}
+
+while (!QLIST_EMPTY(>children)) {
+iter = QLIST_FIRST(>children);
+usb_mtp_object_free(s, iter);
 }
-g_free(o->children);
 g_free(o->name);
 g_free(o->path);
 g_free(o);
@@ -343,6 +353,25 @@ static MTPObject *usb_mtp_object_lookup(MTPState *s, 
uint32_t handle)
 return NULL;
 }
 
+static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o,
+char *name)
+{
+MTPObject *child =
+usb_mtp_object_alloc(s, s->next_handle++, o, name);
+
+if (child) {
+trace_usb_mtp_add_child(s->dev.addr, child->handle, child->path);
+QLIST_INSERT_HEAD(>children, child, list);
+o->nchildren++;
+
+if (child->format == FMT_ASSOCIATION) {
+QLIST_INIT(>children);
+}
+}
+
+return child;
+}
+
 static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
 {
 struct dirent *entry;
@@ -358,14 +387,7 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject 
*o)
 return;
 }
 while ((entry = readdir(dir)) != NULL) {
-if ((o->nchildren % 32) == 0) {
-o->children = g_renew(MTPObject *, o->children, o->nchildren + 32);
-}
-o->children[o->nchildren] =
-usb_mtp_object_alloc(s, s->next_handle++, o, entry->d_name);
-if (o->children[o->nchildren] != NULL) {
-o->nchildren++;
-}
+usb_mtp_add_child(s, o, entry->d_name);
 }
 closedir(dir);
 }
@@ -617,13 +639,15 @@ static MTPData *usb_mtp_get_object_handles(MTPState *s, 
MTPControl *c,
MTPObject *o)
 {
 MTPData *d = usb_mtp_data_alloc(c);
-uint32_t i, handles[o->nchildren];
+uint32_t i = 0, handles[o->nchildren];
+MTPObject *iter;
 
 trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path);
 
-for (i = 0; i < o->nchildren; i++) {
-handles[i] = o->children[i]->handle;
+QLIST_FOREACH(iter, >children, list) {
+handles[i++] = iter->handle;
 }
+assert(i == o->nchildren);
 usb_mtp_add_u32_array(d, o->nchildren, handles);
 
 return d;
diff --git a/trace-events b/trace-events
index 2fce98e..e2a20cf 100644
--- a/trace-events
+++ b/trace-events
@@ -552,6 +552,7 @@ usb_mtp_op_get_partial_object(int dev, uint32_t handle, 
const char *path, uint32
 usb_mtp_op_unknown(int dev, uint32_t code) "dev %d, command code 0x%x"
 usb_mtp_object_alloc(int dev, uint32_t handle, const char *path) "dev %d, 
handle 0x%x, path %s"
 usb_mtp_object_free(int dev, uint32_t handle, const char *path) "dev %d, 
handle 0x%x, path %s"
+usb_mtp_add_child(int dev, uint32_t handle, const char *path) "dev %d, handle 
0x%x, path %s"
 
 # hw/usb/host-libusb.c
 usb_host_open_started(int bus, int addr) "dev %d:%d"
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 01/38] configure: Add parameter for configure to enable/disable COLO support

[zhanghailiang]

configure --enable-colo/--disable-colo to switch COLO
support on/off.
COLO support is On by default.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- Turn COLO on in default (Eric's suggestion)

Signed-off-by: zhanghailiang 
---
 configure | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/configure b/configure
index b9552fd..32e466f 100755
--- a/configure
+++ b/configure
@@ -260,6 +260,7 @@ xfs=""
 vhost_net="no"
 vhost_scsi="no"
 kvm="no"
+colo="yes"
 rdma=""
 gprof="no"
 debug_tcg="no"
@@ -939,6 +940,10 @@ for opt do
   ;;
   --enable-kvm) kvm="yes"
   ;;
+  --disable-colo) colo="no"
+  ;;
+  --enable-colo) colo="yes"
+  ;;
   --disable-tcg-interpreter) tcg_interpreter="no"
   ;;
   --enable-tcg-interpreter) tcg_interpreter="yes"
@@ -1362,6 +1367,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
+  coloCOarse-grain LOck-stepping VM for Non-stop Service
   rdmaRDMA-based migration support
   uuiduuid support
   vde support for vde network
@@ -4792,6 +4798,7 @@ echo "Linux AIO support $linux_aio"
 echo "ATTR/XATTR support $attr"
 echo "Install blobs $blobs"
 echo "KVM support   $kvm"
+echo "COLO support  $colo"
 echo "RDMA support  $rdma"
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support   $fdt"
@@ -5381,6 +5388,10 @@ if have_backend "ftrace"; then
 fi
 echo "CONFIG_TRACE_FILE=$trace_file" >> $config_host_mak
 
+if test "$colo" = "yes"; then
+  echo "CONFIG_COLO=y" >> $config_host_mak
+fi
+
 if test "$rdma" = "yes" ; then
   echo "CONFIG_RDMA=y" >> $config_host_mak
 fi
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 03/38] COLO: migrate colo related info to secondary node

[zhanghailiang]

We can know if VM in destination should go into COLO mode by refer to
the info that been migrated from PVM.

We skip this section if colo is not enabled (i.e.
migrate_set_capability colo off), so that, It not break compatibility with 
migration
however the --enable-colo/disable-colo on the source/destination;

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- Add Reviewed-by tag
v10:
- Use VMSTATE_BOOL instead of VMSTATE_UNIT32 for 'colo_requested' (Dave's 
suggestion).

Signed-off-by: zhanghailiang 
---
 include/migration/colo.h |  2 ++
 migration/Makefile.objs  |  1 +
 migration/colo-comm.c| 50 
 vl.c |  3 ++-
 4 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 migration/colo-comm.c

diff --git a/include/migration/colo.h b/include/migration/colo.h
index c60a590..9b6662d 100644
--- a/include/migration/colo.h
+++ b/include/migration/colo.h
@@ -14,7 +14,9 @@
 #define QEMU_COLO_H
 
 #include "qemu-common.h"
+#include "migration/migration.h"
 
 bool colo_supported(void);
+void colo_info_mig_init(void);
 
 #endif
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 65ecc35..81b5713 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,5 +1,6 @@
 common-obj-y += migration.o tcp.o
 common-obj-$(CONFIG_COLO) += colo.o
+common-obj-y += colo-comm.o
 common-obj-y += vmstate.o
 common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o qemu-file-stdio.o
 common-obj-y += xbzrle.o postcopy-ram.o
diff --git a/migration/colo-comm.c b/migration/colo-comm.c
new file mode 100644
index 000..fb407e0
--- /dev/null
+++ b/migration/colo-comm.c
@@ -0,0 +1,50 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2015 FUJITSU LIMITED
+ * Copyright (c) 2015 Intel Corporation
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later. See the COPYING file in the top-level directory.
+ *
+ */
+
+#include 
+#include "trace.h"
+
+typedef struct {
+ bool colo_requested;
+} COLOInfo;
+
+static COLOInfo colo_info;
+
+static void colo_info_pre_save(void *opaque)
+{
+COLOInfo *s = opaque;
+
+s->colo_requested = migrate_colo_enabled();
+}
+
+static bool colo_info_need(void *opaque)
+{
+   return migrate_colo_enabled();
+}
+
+static const VMStateDescription colo_state = {
+ .name = "COLOState",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .pre_save = colo_info_pre_save,
+ .needed = colo_info_need,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(colo_requested, COLOInfo),
+ VMSTATE_END_OF_LIST()
+},
+};
+
+void colo_info_mig_init(void)
+{
+vmstate_register(NULL, 0, _state, _info);
+}
diff --git a/vl.c b/vl.c
index 4211ff1..f84fde8 100644
--- a/vl.c
+++ b/vl.c
@@ -91,6 +91,7 @@ int main(int argc, char **argv)
 #include "sysemu/dma.h"
 #include "audio/audio.h"
 #include "migration/migration.h"
+#include "migration/colo.h"
 #include "sysemu/kvm.h"
 #include "qapi/qmp/qjson.h"
 #include "qemu/option.h"
@@ -4450,7 +4451,7 @@ int main(int argc, char **argv, char **envp)
 
 blk_mig_init();
 ram_mig_init();
-
+colo_info_mig_init();
 /* If the currently selected machine wishes to override the units-per-bus
  * property of its default HBA interface type, do so now. */
 if (machine_class->units_per_default_bus) {
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 04/38] migration: Export migrate_set_state()

[zhanghailiang]

Fix the first parameter of migrate_set_state(), and export it.
We will use it in later.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
v11:
- New patch which is split from patch
  'migration: Add state records for migration incoming' (Juan's suggestion)

Signed-off-by: zhanghailiang 
---
 include/migration/migration.h |  2 ++
 migration/migration.c | 36 +---
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 1f004e4..4b19e80 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -169,6 +169,8 @@ struct MigrationState
 RAMBlock *last_req_rb;
 };
 
+void migrate_set_state(int *state, int old_state, int new_state);
+
 void process_incoming_migration(QEMUFile *f);
 
 void qemu_start_incoming_migration(const char *uri, Error **errp);
diff --git a/migration/migration.c b/migration/migration.c
index 0d525ee..c9cd80d 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -798,9 +798,9 @@ void qmp_migrate_start_postcopy(Error **errp)
 
 /* shared migration helpers */
 
-static void migrate_set_state(MigrationState *s, int old_state, int new_state)
+void migrate_set_state(int *state, int old_state, int new_state)
 {
-if (atomic_cmpxchg(>state, old_state, new_state) == old_state) {
+if (atomic_cmpxchg(state, old_state, new_state) == old_state) {
 trace_migrate_set_state(new_state);
 migrate_generate_event(new_state);
 }
@@ -833,7 +833,7 @@ static void migrate_fd_cleanup(void *opaque)
(s->state != MIGRATION_STATUS_POSTCOPY_ACTIVE));
 
 if (s->state == MIGRATION_STATUS_CANCELLING) {
-migrate_set_state(s, MIGRATION_STATUS_CANCELLING,
+migrate_set_state(>state, MIGRATION_STATUS_CANCELLING,
   MIGRATION_STATUS_CANCELLED);
 }
 
@@ -844,7 +844,8 @@ void migrate_fd_error(MigrationState *s)
 {
 trace_migrate_fd_error();
 assert(s->file == NULL);
-migrate_set_state(s, MIGRATION_STATUS_SETUP, MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_SETUP,
+  MIGRATION_STATUS_FAILED);
 notifier_list_notify(_state_notifiers, s);
 }
 
@@ -864,7 +865,7 @@ static void migrate_fd_cancel(MigrationState *s)
 if (!migration_is_setup_or_active(old_state)) {
 break;
 }
-migrate_set_state(s, old_state, MIGRATION_STATUS_CANCELLING);
+migrate_set_state(>state, old_state, MIGRATION_STATUS_CANCELLING);
 } while (s->state != MIGRATION_STATUS_CANCELLING);
 
 /*
@@ -938,7 +939,7 @@ MigrationState *migrate_init(const MigrationParams *params)
 s->migration_thread_running = false;
 s->last_req_rb = NULL;
 
-migrate_set_state(s, MIGRATION_STATUS_NONE, MIGRATION_STATUS_SETUP);
+migrate_set_state(>state, MIGRATION_STATUS_NONE, 
MIGRATION_STATUS_SETUP);
 
 QSIMPLEQ_INIT(>src_page_requests);
 
@@ -1037,7 +1038,8 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 } else {
 error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "uri",
"a valid migration protocol");
-migrate_set_state(s, MIGRATION_STATUS_SETUP, MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_SETUP,
+  MIGRATION_STATUS_FAILED);
 return;
 }
 
@@ -1416,7 +1418,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 int ret;
 const QEMUSizedBuffer *qsb;
 int64_t time_at_stop = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
-migrate_set_state(ms, MIGRATION_STATUS_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_POSTCOPY_ACTIVE);
 
 trace_postcopy_start();
@@ -1507,7 +1509,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 ret = qemu_file_get_error(ms->file);
 if (ret) {
 error_report("postcopy_start: Migration stream errored");
-migrate_set_state(ms, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
   MIGRATION_STATUS_FAILED);
 }
 
@@ -1516,7 +1518,7 @@ static int postcopy_start(MigrationState *ms, bool 
*old_vm_running)
 fail_closefb:
 qemu_fclose(fb);
 fail:
-migrate_set_state(ms, MIGRATION_STATUS_POSTCOPY_ACTIVE,
+migrate_set_state(>state, MIGRATION_STATUS_POSTCOPY_ACTIVE,
   MIGRATION_STATUS_FAILED);
 qemu_mutex_unlock_iothread();
 return -1;
@@ -1585,11 +1587,13 @@ static void migration_completion(MigrationState *s, int 
current_active_state,
 goto fail;
 }
 
-migrate_set_state(s, current_active_state, MIGRATION_STATUS_COMPLETED);
+migrate_set_state(>state, current_active_state,
+   

[Qemu-devel] [PATCH COLO-Frame v12 23/38] COLO: Implement failover work for Primary VM

[zhanghailiang]

For PVM, if there is failover request from users.
The colo thread will exit the loop while the failover BH does the
cleanup work and resumes VM.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
v12:
- Fix error report and remove unnecessary check in primary_vm_do_failover()
 (Dave's suggestion)
v11:
- Don't call migration_end() in primary_vm_do_failover(),
 The cleanup work will be done in migration_thread().
- Remove vm_start() in primary_vm_do_failover() which also been done
  in migraiton_thread()
v10:
- Call migration_end() in primary_vm_do_failover()

Signed-off-by: zhanghailiang 
---
 include/migration/colo.h |  3 +++
 include/migration/failover.h |  1 +
 migration/colo-failover.c|  7 +-
 migration/colo.c | 54 ++--
 4 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/include/migration/colo.h b/include/migration/colo.h
index ba27719..0b02e95 100644
--- a/include/migration/colo.h
+++ b/include/migration/colo.h
@@ -32,4 +32,7 @@ void *colo_process_incoming_thread(void *opaque);
 bool migration_incoming_in_colo_state(void);
 
 COLOMode get_colo_mode(void);
+
+/* failover */
+void colo_do_failover(MigrationState *s);
 #endif
diff --git a/include/migration/failover.h b/include/migration/failover.h
index 882c625..fba3931 100644
--- a/include/migration/failover.h
+++ b/include/migration/failover.h
@@ -26,5 +26,6 @@ void failover_init_state(void);
 int failover_set_state(int old_state, int new_state);
 int failover_get_state(void);
 void failover_request_active(Error **errp);
+bool failover_request_is_active(void);
 
 #endif
diff --git a/migration/colo-failover.c b/migration/colo-failover.c
index 1b1be24..0c525da 100644
--- a/migration/colo-failover.c
+++ b/migration/colo-failover.c
@@ -32,7 +32,7 @@ static void colo_failover_bh(void *opaque)
 error_report("Unkown error for failover, old_state=%d", old_state);
 return;
 }
-/*TODO: Do failover work */
+colo_do_failover(NULL);
 }
 
 void failover_request_active(Error **errp)
@@ -67,6 +67,11 @@ int failover_get_state(void)
 return atomic_read(_state);
 }
 
+bool failover_request_is_active(void)
+{
+return ((failover_get_state() != FAILOVER_STATUS_NONE));
+}
+
 void qmp_x_colo_lost_heartbeat(Error **errp)
 {
 if (get_colo_mode() == COLO_MODE_UNKNOWN) {
diff --git a/migration/colo.c b/migration/colo.c
index 176384e..977c8d8 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -41,6 +41,40 @@ bool migration_incoming_in_colo_state(void)
 return mis && (mis->state == MIGRATION_STATUS_COLO);
 }
 
+static bool colo_runstate_is_stopped(void)
+{
+return runstate_check(RUN_STATE_COLO) || !runstate_is_running();
+}
+
+static void primary_vm_do_failover(void)
+{
+MigrationState *s = migrate_get_current();
+int old_state;
+
+migrate_set_state(>state, MIGRATION_STATUS_COLO,
+  MIGRATION_STATUS_COMPLETED);
+
+old_state = failover_set_state(FAILOVER_STATUS_HANDLING,
+   FAILOVER_STATUS_COMPLETED);
+if (old_state != FAILOVER_STATUS_HANDLING) {
+error_report("Incorrect state (%d) while doing failover for Primary 
VM",
+ old_state);
+return;
+}
+}
+
+void colo_do_failover(MigrationState *s)
+{
+/* Make sure vm stopped while failover */
+if (!colo_runstate_is_stopped()) {
+vm_stop_force_state(RUN_STATE_COLO);
+}
+
+if (get_colo_mode() == COLO_MODE_PRIMARY) {
+primary_vm_do_failover();
+}
+}
+
 static int colo_put_cmd(QEMUFile *f, uint32_t cmd)
 {
 int ret;
@@ -150,9 +184,22 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s,
 }
 
 qemu_mutex_lock_iothread();
+if (failover_request_is_active()) {
+qemu_mutex_unlock_iothread();
+ret = -1;
+goto out;
+}
 vm_stop_force_state(RUN_STATE_COLO);
 qemu_mutex_unlock_iothread();
 trace_colo_vm_state_change("run", "stop");
+/*
+ * failover request bh could be called after
+ * vm_stop_force_state so we check failover_request_is_active() again.
+ */
+if (failover_request_is_active()) {
+ret = -1;
+goto out;
+}
 
 /* Disable block migration */
 s->params.blk = 0;
@@ -248,6 +295,11 @@ static void colo_process_checkpoint(MigrationState *s)
 trace_colo_vm_state_change("stop", "run");
 
 while (s->state == MIGRATION_STATUS_COLO) {
+if (failover_request_is_active()) {
+error_report("failover request");
+goto out;
+}
+
 current_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 if (current_time - checkpoint_time <
 s->parameters[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY]) {
@@ -269,8 +321,6 @@ out:
 if (ret < 0) {
 error_report("%s: %s", __func__, strerror(-ret));
 }
-

[Qemu-devel] [PATCH COLO-Frame v12 00/38] COarse-grain LOck-stepping(COLO) Virtual Machines for Non-stop Service (FT)

[zhanghailiang]

This is the 12th version of COLO.

As usual, this version of COLO is only support periodic checkpoint,
just like MicroCheckpointing and Remus does.

Here is only COLO frame part, you can get the whole codes from github:
https://github.com/coloft/qemu/commits/colo-v2.3-periodic-mode

Test procedure:
1. Startup qemu
Primary side:
#x86_64-softmmu/qemu-system-x86_64 -enable-kvm -boot c -m 2048 -smp 2 -qmp 
stdio -vnc :7 -name primary -cpu qemu64,+kvmclock -device piix3-usb-uhci 
-device usb-tablet -netdev tap,id=hn0,vhost=off -device 
virtio-net-pci,id=net-pci0,netdev=hn0 -drive 
if=virtio,id=colo-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,children.0.file.filename=/mnt/sdd/pure_IMG/linux/redhat/rhel_6.5_64_2U_ide,children.0.driver=raw
Secondary side:
#x86_64-softmmu/qemu-system-x86_64 -boot c -m 2048 -smp 2 -qmp stdio -vnc :7 
-name secondary -enable-kvm -cpu qemu64,+kvmclock -device piix3-usb-uhci 
-device usb-tablet -netdev tap,id=hn0,vhost=off -device 
virtio-net-pci,id=net-pci0,netdev=hn0 -drive 
if=none,id=colo-disk0,file.filename=/mnt/sdd/pure_IMG/linux/redhat/rhel_6.5_64_2U_ide,driver=raw,node-name=node0
 -drive 
if=virtio,id=active-disk0,throttling.bps-total=7000,driver=replication,mode=secondary,file.driver=qcow2,file.file.filename=/mnt/ramfs/active_disk.img,file.backing.driver=qcow2,file.backing.file.filename=/mnt/ramfs/hidden_disk.img,file.backing.backing=colo-disk0
 -incoming tcp:0:
2. On Secondary VM's QEMU monitor, issue command
{'execute':'qmp_capabilities'}
{'execute': 'nbd-server-start', 'arguments': {'addr': {'type': 'inet', 'data': 
{'host': '192.168.2.88', 'port': '8889'} } } }
{'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk0', 'writable': 
true } }
{'execute': 'trace-event-set-state', 'arguments': {'name': 'colo*', 'enable': 
true} }

3. On Primary VM's QEMU monitor, issue command:
{'execute':'qmp_capabilities'}
{'execute': 'human-monitor-command', 'arguments': {'command-line': 'drive_add 
buddy 
driver=replication,mode=primary,file.driver=nbd,file.host=9.61.1.7,file.port=8889,file.export=colo-disk0,node-name=node0,if=none'}}
{'execute':'x-blockdev-change', 'arguments':{'parent': 'colo-disk0', 'node': 
'node0' } }
{'execute': 'migrate-set-capabilities', 'arguments': {'capabilities': [ 
{'capability': 'x-colo', 'state': true } ] } }
{'execute': 'migrate', 'arguments': {'uri': 'tcp:192.168.2.88:' } }

4. After the above steps, you will see, whenever you make changes to PVM, SVM 
will be synced.
You can by issue command '{ "execute": "migrate-set-parameters" , "arguments":{ 
"x-checkpoint-delay": 2000 } }'
to change the checkpoint period time.

5. Failover test
You can kill Primary VM and run 'x_colo_lost_heartbeat' in Secondary VM's
monitor at the same time, then SVM will failover and client will not feel this 
change.

Before issuing '{ "execute": "x-colo-lost-heartbeat" }' command, we have to
issue block related command to stop block replication.
Primary:
  Remove the nbd child from the quorum:
  { 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
'child': 'children.1'}}
  Note: there is no qmp command to remove the blockdev now

Secondary:
  The primary host is down, so we should do the following thing:
  { 'execute': 'nbd-server-stop' }

Please review, thanks.

TODO:
1. Implement packets compare module (proxy) in qemu (Doing)
2. Checkpoint based on proxy in qemu
3. The capability of continuous FT

v12:
 - Fix the bug that default buffer filter broken vhost-net.
 - Add an flag in struct NetFilterState to help skipping default
  filter for packets travelling through filter layer.
 - Remove the default failover treatment which may cause split-brain.
 - Rename checkpoint-delay to x-checkpoint-delay.
 - Check if all netdev supports default filter before going into COLO.
 - Reconstruct send/receive helper functions in patch 10.
 - Address serveral other comments from Dave 

v11:
 - Re-implement buffer/release packets based on filter-buffer according
   to Jason Wang's suggestion. (patch 34, patch 36 ~ patch 38)
 - Rebase master to re-use some stuff introduced by post-copy.
 - Address several comments from Eric and Dave, the fixing record can
   be found in each patch.

v10:
 - Rename 'colo_lost_heartbeat' command to experimental 'x_colo_lost_heartbeat'
 - Rename migration capability 'colo' to 'x-colo' (Eric's suggestion)
 - Simplify the process of primary side by dropping colo thread and reusing
   migration thread. (Dave's suggestion)
 - Add several netfilter related APIs to support buffer/release packets
   for COLO (patch 32 ~ patch 36)

zhanghailiang (38):
  configure: Add parameter for configure to enable/disable COLO support
  migration: Introduce capability 'x-colo' to migration
  COLO: migrate colo related info to secondary node
  migration: Export migrate_set_state()
  migration: Add state records for migration incoming
  migration: Integrate COLO checkpoint process into migration
  migration: Integrate COLO checkpoint 

[Qemu-devel] [PATCH COLO-Frame v12 11/38] COLO: Add a new RunState RUN_STATE_COLO

[zhanghailiang]

Guest will enter this state when paused to save/restore VM state
under colo checkpoint.

Cc: Eric Blake 
Cc: Markus Armbruster 
Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Eric Blake 
---
 qapi-schema.json | 5 -
 vl.c | 8 
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index 85f7800..0423b47 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -154,12 +154,15 @@
 # @watchdog: the watchdog action is configured to pause and has been triggered
 #
 # @guest-panicked: guest has been panicked as a result of guest OS panic
+#
+# @colo: guest is paused to save/restore VM state under colo checkpoint (since
+# 2.6)
 ##
 { 'enum': 'RunState',
   'data': [ 'debug', 'inmigrate', 'internal-error', 'io-error', 'paused',
 'postmigrate', 'prelaunch', 'finish-migrate', 'restore-vm',
 'running', 'save-vm', 'shutdown', 'suspended', 'watchdog',
-'guest-panicked' ] }
+'guest-panicked', 'colo' ] }
 
 ##
 # @StatusInfo:
diff --git a/vl.c b/vl.c
index f84fde8..fca630b 100644
--- a/vl.c
+++ b/vl.c
@@ -594,6 +594,7 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 { RUN_STATE_INMIGRATE, RUN_STATE_WATCHDOG },
 { RUN_STATE_INMIGRATE, RUN_STATE_GUEST_PANICKED },
 { RUN_STATE_INMIGRATE, RUN_STATE_FINISH_MIGRATE },
+{ RUN_STATE_INMIGRATE, RUN_STATE_COLO },
 
 { RUN_STATE_INTERNAL_ERROR, RUN_STATE_PAUSED },
 { RUN_STATE_INTERNAL_ERROR, RUN_STATE_FINISH_MIGRATE },
@@ -603,6 +604,7 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 
 { RUN_STATE_PAUSED, RUN_STATE_RUNNING },
 { RUN_STATE_PAUSED, RUN_STATE_FINISH_MIGRATE },
+{ RUN_STATE_PAUSED, RUN_STATE_COLO},
 
 { RUN_STATE_POSTMIGRATE, RUN_STATE_RUNNING },
 { RUN_STATE_POSTMIGRATE, RUN_STATE_FINISH_MIGRATE },
@@ -613,9 +615,12 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 
 { RUN_STATE_FINISH_MIGRATE, RUN_STATE_RUNNING },
 { RUN_STATE_FINISH_MIGRATE, RUN_STATE_POSTMIGRATE },
+{ RUN_STATE_FINISH_MIGRATE, RUN_STATE_COLO},
 
 { RUN_STATE_RESTORE_VM, RUN_STATE_RUNNING },
 
+{ RUN_STATE_COLO, RUN_STATE_RUNNING },
+
 { RUN_STATE_RUNNING, RUN_STATE_DEBUG },
 { RUN_STATE_RUNNING, RUN_STATE_INTERNAL_ERROR },
 { RUN_STATE_RUNNING, RUN_STATE_IO_ERROR },
@@ -626,6 +631,7 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 { RUN_STATE_RUNNING, RUN_STATE_SHUTDOWN },
 { RUN_STATE_RUNNING, RUN_STATE_WATCHDOG },
 { RUN_STATE_RUNNING, RUN_STATE_GUEST_PANICKED },
+{ RUN_STATE_RUNNING, RUN_STATE_COLO},
 
 { RUN_STATE_SAVE_VM, RUN_STATE_RUNNING },
 
@@ -636,9 +642,11 @@ static const RunStateTransition runstate_transitions_def[] 
= {
 { RUN_STATE_RUNNING, RUN_STATE_SUSPENDED },
 { RUN_STATE_SUSPENDED, RUN_STATE_RUNNING },
 { RUN_STATE_SUSPENDED, RUN_STATE_FINISH_MIGRATE },
+{ RUN_STATE_SUSPENDED, RUN_STATE_COLO},
 
 { RUN_STATE_WATCHDOG, RUN_STATE_RUNNING },
 { RUN_STATE_WATCHDOG, RUN_STATE_FINISH_MIGRATE },
+{ RUN_STATE_WATCHDOG, RUN_STATE_COLO},
 
 { RUN_STATE_GUEST_PANICKED, RUN_STATE_RUNNING },
 { RUN_STATE_GUEST_PANICKED, RUN_STATE_FINISH_MIGRATE },
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 05/38] migration: Add state records for migration incoming

[zhanghailiang]

For migration destination, we also need to know its state,
we will use it in COLO.

Here we add a new member 'state' for MigrationIncomingState,
and also use migrate_set_state() to modify its value.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- Split exporting migrate_set_state() part into a new patch (Juan's suggestion)

Signed-off-by: zhanghailiang 
---
 include/migration/migration.h |  1 +
 migration/migration.c | 14 +-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 4b19e80..99dfa92 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -105,6 +105,7 @@ struct MigrationIncomingState {
 QemuMutex rp_mutex;/* We send replies from multiple threads */
 void *postcopy_tmp_page;
 
+int state;
 /* See savevm.c */
 LoadStateEntry_Head loadvm_handlers;
 };
diff --git a/migration/migration.c b/migration/migration.c
index c9cd80d..d58ce98 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -112,6 +112,7 @@ MigrationIncomingState 
*migration_incoming_state_new(QEMUFile* f)
 {
 mis_current = g_new0(MigrationIncomingState, 1);
 mis_current->from_src_file = f;
+mis_current->state = MIGRATION_STATUS_NONE;
 QLIST_INIT(_current->loadvm_handlers);
 qemu_mutex_init(_current->rp_mutex);
 qemu_event_init(_current->main_thread_load_event, false);
@@ -332,8 +333,8 @@ static void process_incoming_migration_co(void *opaque)
 
 mis = migration_incoming_state_new(f);
 postcopy_state_set(POSTCOPY_INCOMING_NONE);
-migrate_generate_event(MIGRATION_STATUS_ACTIVE);
-
+migrate_set_state(>state, MIGRATION_STATUS_NONE,
+  MIGRATION_STATUS_ACTIVE);
 ret = qemu_loadvm_state(f);
 
 ps = postcopy_state_get();
@@ -362,7 +363,8 @@ static void process_incoming_migration_co(void *opaque)
 migration_incoming_state_destroy();
 
 if (ret < 0) {
-migrate_generate_event(MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_FAILED);
 error_report("load of migration failed: %s", strerror(-ret));
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
@@ -371,7 +373,8 @@ static void process_incoming_migration_co(void *opaque)
 /* Make sure all file formats flush their mutable metadata */
 bdrv_invalidate_cache_all(_err);
 if (local_err) {
-migrate_generate_event(MIGRATION_STATUS_FAILED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_FAILED);
 error_report_err(local_err);
 migrate_decompress_threads_join();
 exit(EXIT_FAILURE);
@@ -403,7 +406,8 @@ static void process_incoming_migration_co(void *opaque)
  * observer sees this event they might start to prod at the VM assuming
  * it's ready to use.
  */
-migrate_generate_event(MIGRATION_STATUS_COMPLETED);
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_COMPLETED);
 }
 
 void process_incoming_migration(QEMUFile *f)
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 12/38] QEMUSizedBuffer: Introduce two help functions for qsb

[zhanghailiang]

Introduce two new QEMUSizedBuffer APIs which will be used by COLO to buffer
VM state:
One is qsb_put_buffer(), which put the content of a given QEMUSizedBuffer
into QEMUFile, this is used to send buffered VM state to secondary.
Another is qsb_fill_buffer(), read 'size' bytes of data from the file into
qsb, this is used to get VM state from socket into a buffer.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- size_t'ify these two help functions (Dave's suggestion)

Signed-off-by: zhanghailiang 
---
 include/migration/qemu-file.h |  3 ++-
 migration/qemu-file-buf.c | 61 +++
 2 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index b5d08d2..ca6a582 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -150,7 +150,8 @@ ssize_t qsb_get_buffer(const QEMUSizedBuffer *, off_t 
start, size_t count,
uint8_t *buf);
 ssize_t qsb_write_at(QEMUSizedBuffer *qsb, const uint8_t *buf,
  off_t pos, size_t count);
-
+void qsb_put_buffer(QEMUFile *f, QEMUSizedBuffer *qsb, size_t size);
+size_t qsb_fill_buffer(QEMUSizedBuffer *qsb, QEMUFile *f, size_t size);
 
 /*
  * For use on files opened with qemu_bufopen
diff --git a/migration/qemu-file-buf.c b/migration/qemu-file-buf.c
index 49516b8..c50a495 100644
--- a/migration/qemu-file-buf.c
+++ b/migration/qemu-file-buf.c
@@ -366,6 +366,67 @@ ssize_t qsb_write_at(QEMUSizedBuffer *qsb, const uint8_t 
*source,
 return count;
 }
 
+/**
+ * Put the content of a given QEMUSizedBuffer into QEMUFile.
+ *
+ * @f: A QEMUFile
+ * @qsb: A QEMUSizedBuffer
+ * @size: size of content to write
+ */
+void qsb_put_buffer(QEMUFile *f, QEMUSizedBuffer *qsb, size_t size)
+{
+size_t l;
+int i;
+
+for (i = 0; i < qsb->n_iov && size > 0; i++) {
+l = MIN(qsb->iov[i].iov_len, size);
+qemu_put_buffer(f, qsb->iov[i].iov_base, l);
+size -= l;
+}
+}
+
+/*
+ * Read 'size' bytes of data from the file into qsb.
+ * always fill from pos 0 and used after qsb_create().
+ *
+ * It will return size bytes unless there was an error, in which case it will
+ * return as many as it managed to read (assuming blocking fd's which
+ * all current QEMUFile are)
+ */
+size_t qsb_fill_buffer(QEMUSizedBuffer *qsb, QEMUFile *f, size_t size)
+{
+ssize_t rc = qsb_grow(qsb, size);
+ssize_t pending = size;
+int i;
+uint8_t *buf = NULL;
+
+qsb->used = 0;
+
+if (rc < 0) {
+return rc;
+}
+
+for (i = 0; i < qsb->n_iov && pending > 0; i++) {
+size_t doneone = 0;
+/* read until iov full */
+while (doneone < qsb->iov[i].iov_len && pending > 0) {
+size_t readone = 0;
+
+buf = qsb->iov[i].iov_base;
+readone = qemu_get_buffer(f, buf,
+MIN(qsb->iov[i].iov_len - doneone, pending));
+if (readone == 0) {
+return qsb->used;
+}
+buf += readone;
+doneone += readone;
+pending -= readone;
+qsb->used += readone;
+}
+}
+return qsb->used;
+}
+
 typedef struct QEMUBuffer {
 QEMUSizedBuffer *qsb;
 QEMUFile *file;
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 16/38] ram/COLO: Record the dirty pages that SVM received

[zhanghailiang]

We record the address of the dirty pages that received,
it will help flushing pages that cached into SVM.
We record them by re-using migration dirty bitmap.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
v11:
- Split a new helper function from original
  host_from_stream_offset() (Dave's suggestion)
- Only do recording work in this patch
v10:
- New patch split from v9's patch 13
- Rebase to master to use 'migration_bitmap_rcu'

Signed-off-by: zhanghailiang 
---
 migration/ram.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/migration/ram.c b/migration/ram.c
index db5096a..3d5947b 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2185,6 +2185,9 @@ static inline void *host_from_ram_block_offset(RAMBlock 
*block,
 static inline void *colo_cache_from_block_offset(RAMBlock *block,
  ram_addr_t offset)
 {
+unsigned long *bitmap;
+long k;
+
 if (!offset_in_ramblock(block, offset)) {
 return NULL;
 }
@@ -2193,6 +2196,17 @@ static inline void 
*colo_cache_from_block_offset(RAMBlock *block,
  __func__, block->idstr);
 return NULL;
 }
+
+k = (block->mr->ram_addr + offset) >> TARGET_PAGE_BITS;
+bitmap = atomic_rcu_read(_bitmap_rcu)->bmap;
+/*
+* During colo checkpoint, we need bitmap of these migrated pages.
+* It help us to decide which pages in ram cache should be flushed
+* into VM's RAM later.
+*/
+if (!test_and_set_bit(k, bitmap)) {
+migration_dirty_pages++;
+}
 return block->colo_cache + offset;
 }
 
@@ -2583,6 +2597,7 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 int colo_init_ram_cache(void)
 {
 RAMBlock *block;
+int64_t ram_cache_pages = last_ram_offset() >> TARGET_PAGE_BITS;
 
 rcu_read_lock();
 QLIST_FOREACH_RCU(block, _list.blocks, next) {
@@ -2597,6 +2612,15 @@ int colo_init_ram_cache(void)
 }
 rcu_read_unlock();
 ram_cache_enable = true;
+/*
+* Record the dirty pages that sent by PVM, we use this dirty bitmap 
together
+* with to decide which page in cache should be flushed into SVM's RAM. Here
+* we use the same name 'migration_bitmap_rcu' as for migration.
+*/
+migration_bitmap_rcu = g_new0(struct BitmapRcu, 1);
+migration_bitmap_rcu->bmap = bitmap_new(ram_cache_pages);
+migration_dirty_pages = 0;
+
 return 0;
 
 out_locked:
@@ -2614,9 +2638,15 @@ out_locked:
 void colo_release_ram_cache(void)
 {
 RAMBlock *block;
+struct BitmapRcu *bitmap = migration_bitmap_rcu;
 
 ram_cache_enable = false;
 
+atomic_rcu_set(_bitmap_rcu, NULL);
+if (bitmap) {
+call_rcu(bitmap, migration_bitmap_free, rcu);
+}
+
 rcu_read_lock();
 QLIST_FOREACH_RCU(block, _list.blocks, next) {
 if (block->colo_cache) {
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 31/38] COLO: Separate the process of saving/loading ram and device state

[zhanghailiang]

We separate the process of saving/loading ram and device state when do 
checkpoint,
we add new helpers for save/load ram/device. With this change, we can directly
transfer ram from master to slave without using QEMUSizeBuffer as assistant,
which also reduce the size of extra memory been used during checkpoint.

Besides, we move the colo_flush_ram_cache to the proper position after the
above change.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
v11:
- Remove load configuration section in qemu_loadvm_state_begin()

Signed-off-by: zhanghailiang 
---
 include/sysemu/sysemu.h |   6 +++
 migration/colo.c|  43 
 migration/ram.c |   5 --
 migration/savevm.c  | 132 ++--
 4 files changed, 168 insertions(+), 18 deletions(-)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 91eeda3..5deae53 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -133,7 +133,13 @@ void qemu_savevm_send_postcopy_ram_discard(QEMUFile *f, 
const char *name,
uint64_t *start_list,
uint64_t *length_list);
 
+int qemu_save_ram_precopy(QEMUFile *f);
+int qemu_save_device_state(QEMUFile *f);
+
 int qemu_loadvm_state(QEMUFile *f);
+int qemu_loadvm_state_begin(QEMUFile *f);
+int qemu_load_ram_state(QEMUFile *f);
+int qemu_load_device_state(QEMUFile *f);
 
 typedef enum DisplayType
 {
diff --git a/migration/colo.c b/migration/colo.c
index 62a0444..d253d64 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -272,21 +272,32 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s,
 goto out;
 }
 
+ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_VMSTATE_SEND);
+if (ret < 0) {
+goto out;
+}
 /* Disable block migration */
 s->params.blk = 0;
 s->params.shared = 0;
-qemu_savevm_state_header(trans);
-qemu_savevm_state_begin(trans, >params);
-qemu_mutex_lock_iothread();
-qemu_savevm_state_complete_precopy(trans, false);
-qemu_mutex_unlock_iothread();
-
-qemu_fflush(trans);
+qemu_savevm_state_begin(s->to_dst_file, >params);
+ret = qemu_file_get_error(s->to_dst_file);
+if (ret < 0) {
+error_report("save vm state begin error\n");
+goto out;
+}
 
-ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_VMSTATE_SEND);
+qemu_mutex_lock_iothread();
+/* Note: device state is saved into buffer */
+ret = qemu_save_device_state(trans);
 if (ret < 0) {
+error_report("save device state error\n");
+qemu_mutex_unlock_iothread();
 goto out;
 }
+qemu_fflush(trans);
+qemu_save_ram_precopy(s->to_dst_file);
+qemu_mutex_unlock_iothread();
+
 /* we send the total size of the vmstate first */
 size = qsb_get_length(buffer);
 ret = colo_put_cmd_value(s->to_dst_file, COLO_COMMAND_VMSTATE_SIZE, size);
@@ -545,6 +556,16 @@ void *colo_process_incoming_thread(void *opaque)
 goto out;
 }
 
+ret = qemu_loadvm_state_begin(mis->from_src_file);
+if (ret < 0) {
+error_report("load vm state begin error, ret=%d", ret);
+goto out;
+}
+ret = qemu_load_ram_state(mis->from_src_file);
+if (ret < 0) {
+error_report("load ram state error");
+goto out;
+}
 /* read the VM state total size first */
 ret = colo_get_cmd_value(mis->from_src_file,
  COLO_COMMAND_VMSTATE_SIZE, );
@@ -577,8 +598,10 @@ void *colo_process_incoming_thread(void *opaque)
 qemu_mutex_lock_iothread();
 qemu_system_reset(VMRESET_SILENT);
 vmstate_loading = true;
-if (qemu_loadvm_state(fb) < 0) {
-error_report("COLO: loadvm failed");
+colo_flush_ram_cache();
+ret = qemu_load_device_state(fb);
+if (ret < 0) {
+error_report("COLO: load device state failed\n");
 vmstate_loading = false;
 qemu_mutex_unlock_iothread();
 goto out;
diff --git a/migration/ram.c b/migration/ram.c
index 8ff7f7c..45d9332 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2458,7 +2458,6 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
  * be atomic
  */
 bool postcopy_running = postcopy_state_get() >= 
POSTCOPY_INCOMING_LISTENING;
-bool need_flush = false;
 
 seq_iter++;
 
@@ -2493,7 +2492,6 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 /* After going into COLO, we should load the Page into colo_cache 
*/
 if (ram_cache_enable) {
 host = colo_cache_from_block_offset(block, addr);
-need_flush = true;
 } else {
 host = host_from_ram_block_offset(block, addr);
  

[Qemu-devel] [PATCH COLO-Frame v12 36/38] filter-buffer: Introduce a helper function to release packets

[zhanghailiang]

We need to release all the packets from VM in COLO or Micro-checkpoint,
here we add a new helper function to realse the packets that buffered
by default buffer-filter

Signed-off-by: zhanghailiang 
Cc: Jason Wang 
Cc: Yang Hongyang 
---
v12:
- Rename this helper function
v11:
- New patch

Signed-off-by: zhanghailiang 
---
 include/net/filter.h |  1 +
 net/filter-buffer.c  | 18 ++
 2 files changed, 19 insertions(+)

diff --git a/include/net/filter.h b/include/net/filter.h
index 08aa604..52cb38b 100644
--- a/include/net/filter.h
+++ b/include/net/filter.h
@@ -84,5 +84,6 @@ static inline bool qemu_need_skip_netfilter(NetFilterState 
*nf)
 void netdev_add_default_filter_buffer(const char *netdev_id,
   NetFilterDirection direction,
   Error **errp);
+void qemu_release_default_filters_packets(void);
 void qemu_set_default_filters_status(bool enable);
 #endif /* QEMU_NET_FILTER_H */
diff --git a/net/filter-buffer.c b/net/filter-buffer.c
index 90a50cc..d53b251 100644
--- a/net/filter-buffer.c
+++ b/net/filter-buffer.c
@@ -169,6 +169,24 @@ out:
 error_propagate(errp, local_err);
 }
 
+static void release_default_filter_packets(NetFilterState *nf,
+   void *opaque,
+   Error **errp)
+{
+if (!strcmp(object_get_typename(OBJECT(nf)), TYPE_FILTER_BUFFER)) {
+
+if (nf->is_default) {
+filter_buffer_flush(nf);
+}
+}
+}
+
+/* public APIs */
+void qemu_release_default_filters_packets(void)
+{
+qemu_foreach_netfilter(release_default_filter_packets, NULL, NULL);
+}
+
 static void set_default_filter_status(NetFilterState *nf,
   void *opaque,
   Error **errp)
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 19/38] COLO: Add checkpoint-delay parameter for migrate-set-parameters

[zhanghailiang]

Add checkpoint-delay parameter for migrate-set-parameters, so that
we can control the checkpoint frequency when COLO is in periodic mode.

Cc: Luiz Capitulino 
Cc: Eric Blake 
Cc: Markus Armbruster 
Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Change checkpoint-delay to x-checkpoint-delay (Dave's suggestion)
- Add Reviewed-by tag
v11:
- Move this patch ahead of the patch where uses 'checkpoint_delay'
 (Dave's suggestion)
v10:
- Fix related qmp command

Signed-off-by: zhanghailiang 
---
 hmp.c |  7 +++
 migration/migration.c | 24 +++-
 qapi-schema.json  | 19 ---
 qmp-commands.hx   |  4 ++--
 4 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/hmp.c b/hmp.c
index 2140605..ee87d38 100644
--- a/hmp.c
+++ b/hmp.c
@@ -284,6 +284,9 @@ void hmp_info_migrate_parameters(Monitor *mon, const QDict 
*qdict)
 monitor_printf(mon, " %s: %" PRId64,
 
MigrationParameter_lookup[MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT],
 params->x_cpu_throttle_increment);
+monitor_printf(mon, " %s: %" PRId64,
+MigrationParameter_lookup[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY],
+params->x_checkpoint_delay);
 monitor_printf(mon, "\n");
 }
 
@@ -1237,6 +1240,7 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict)
 bool has_decompress_threads = false;
 bool has_x_cpu_throttle_initial = false;
 bool has_x_cpu_throttle_increment = false;
+bool has_x_checkpoint_delay = false;
 int i;
 
 for (i = 0; i < MIGRATION_PARAMETER_MAX; i++) {
@@ -1256,6 +1260,8 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict)
 break;
 case MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT:
 has_x_cpu_throttle_increment = true;
+case MIGRATION_PARAMETER_X_CHECKPOINT_DELAY:
+has_x_checkpoint_delay = true;
 break;
 }
 qmp_migrate_set_parameters(has_compress_level, value,
@@ -1263,6 +1269,7 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict)
has_decompress_threads, value,
has_x_cpu_throttle_initial, value,
has_x_cpu_throttle_increment, value,
+   has_x_checkpoint_delay, value,
);
 break;
 }
diff --git a/migration/migration.c b/migration/migration.c
index a1074c3..8988358 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -56,6 +56,11 @@
 /* Migration XBZRLE default cache size */
 #define DEFAULT_MIGRATE_CACHE_SIZE (64 * 1024 * 1024)
 
+/* The delay time (in ms) between two COLO checkpoints
+ * Note: Please change this default value to 1 when we support hybrid mode.
+ */
+#define DEFAULT_MIGRATE_X_CHECKPOINT_DELAY 200
+
 static NotifierList migration_state_notifiers =
 NOTIFIER_LIST_INITIALIZER(migration_state_notifiers);
 
@@ -91,6 +96,8 @@ MigrationState *migrate_get_current(void)
 DEFAULT_MIGRATE_X_CPU_THROTTLE_INITIAL,
 .parameters[MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT] =
 DEFAULT_MIGRATE_X_CPU_THROTTLE_INCREMENT,
+.parameters[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY] =
+DEFAULT_MIGRATE_X_CHECKPOINT_DELAY,
 };
 
 if (!once) {
@@ -530,6 +537,8 @@ MigrationParameters *qmp_query_migrate_parameters(Error 
**errp)
 s->parameters[MIGRATION_PARAMETER_X_CPU_THROTTLE_INITIAL];
 params->x_cpu_throttle_increment =
 s->parameters[MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT];
+params->x_checkpoint_delay =
+s->parameters[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY];
 
 return params;
 }
@@ -736,7 +745,10 @@ void qmp_migrate_set_parameters(bool has_compress_level,
 bool has_x_cpu_throttle_initial,
 int64_t x_cpu_throttle_initial,
 bool has_x_cpu_throttle_increment,
-int64_t x_cpu_throttle_increment, Error **errp)
+int64_t x_cpu_throttle_increment,
+bool has_x_checkpoint_delay,
+int64_t x_checkpoint_delay,
+Error **errp)
 {
 MigrationState *s = migrate_get_current();
 
@@ -771,6 +783,11 @@ void qmp_migrate_set_parameters(bool has_compress_level,
"x_cpu_throttle_increment",
"an integer in the range of 1 to 99");
 }
+if (has_x_checkpoint_delay && (x_checkpoint_delay < 0)) {
+  

[Qemu-devel] [PATCH] MAINTAINERS: Add an entry for the net/slirp.c file

[Thomas Huth]

The file net/slirp.c should be listed in the SLIRP section, too.

Signed-off-by: Thomas Huth 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index e8cee1e..a87b113 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1192,6 +1192,7 @@ SLIRP
 M: Jan Kiszka 
 S: Maintained
 F: slirp/
+F: net/slirp.c
 T: git git://git.kiszka.org/qemu.git queues/slirp
 
 Tracing
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH COLO-Frame v12 01/38] configure: Add parameter for configure to enable/disable COLO support

[Wen Congyang]

On 12/15/2015 04:22 PM, zhanghailiang wrote:
> configure --enable-colo/--disable-colo to switch COLO
> support on/off.
> COLO support is On by default.
> 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Zhijian 
> Signed-off-by: Gonglei 
> Reviewed-by: Dr. David Alan Gilbert 
> ---
> v11:
> - Turn COLO on in default (Eric's suggestion)
> 
> Signed-off-by: zhanghailiang 

I think you forgot to remove this line.

Thanks
Wen Congyang

> ---
>  configure | 11 +++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/configure b/configure
> index b9552fd..32e466f 100755
> --- a/configure
> +++ b/configure
> @@ -260,6 +260,7 @@ xfs=""
>  vhost_net="no"
>  vhost_scsi="no"
>  kvm="no"
> +colo="yes"
>  rdma=""
>  gprof="no"
>  debug_tcg="no"
> @@ -939,6 +940,10 @@ for opt do
>;;
>--enable-kvm) kvm="yes"
>;;
> +  --disable-colo) colo="no"
> +  ;;
> +  --enable-colo) colo="yes"
> +  ;;
>--disable-tcg-interpreter) tcg_interpreter="no"
>;;
>--enable-tcg-interpreter) tcg_interpreter="yes"
> @@ -1362,6 +1367,7 @@ disabled with --disable-FEATURE, default is enabled if 
> available:
>fdt fdt device tree
>bluez   bluez stack connectivity
>kvm KVM acceleration support
> +  coloCOarse-grain LOck-stepping VM for Non-stop Service
>rdmaRDMA-based migration support
>uuiduuid support
>vde support for vde network
> @@ -4792,6 +4798,7 @@ echo "Linux AIO support $linux_aio"
>  echo "ATTR/XATTR support $attr"
>  echo "Install blobs $blobs"
>  echo "KVM support   $kvm"
> +echo "COLO support  $colo"
>  echo "RDMA support  $rdma"
>  echo "TCG interpreter   $tcg_interpreter"
>  echo "fdt support   $fdt"
> @@ -5381,6 +5388,10 @@ if have_backend "ftrace"; then
>  fi
>  echo "CONFIG_TRACE_FILE=$trace_file" >> $config_host_mak
>  
> +if test "$colo" = "yes"; then
> +  echo "CONFIG_COLO=y" >> $config_host_mak
> +fi
> +
>  if test "$rdma" = "yes" ; then
>echo "CONFIG_RDMA=y" >> $config_host_mak
>  fi
> 

Re: [Qemu-devel] [PATCH v4 RFC] spec: add qcow2-dirty-bitmaps specification

[Kevin Wolf]

Am 14.12.2015 um 21:05 hat Max Reitz geschrieben:
> On 14.12.2015 18:43, Vladimir Sementsov-Ogievskiy wrote:
> > The new feature for qcow2: storing dirty bitmaps.
> > 
> > Only dirty bitmaps relative to this qcow2 image should be stored in it.
> > 
> > Strings started from +# are RFC-strings, not to be commited of course.
> > 
> > 
> > Signed-off-by: Vladimir Sementsov-Ogievskiy 

First of all, I think we may need some improvemnts on details and wording
here and there, but the format in general looks quite reasonable to me
(at the first sight at least).

> >  docs/specs/qcow2.txt | 151 
> > ++-
> >  1 file changed, 150 insertions(+), 1 deletion(-)
> 
> Overall: Looks better to me. Good enough for me to ACK it, but I still
> have some issues with it.
> 
> Let's evaluate the main point of critique I had: I really want this not
> to be qemu-specific but potentially useful to all programs.
> 
> Pretty good: You do implicitly describe what a (dirty) bitmap looks like
> by describing how to obtain the bit offset of a certain byte guest
> offset. So it's not an opaque binary data dump anymore.
> 
> (Why only "pretty good"? I find the description to be a bit too
> "implicit", I think a separate section describing the bitmap structure
> would be better.)
> 
> Good: The bitmap actually describes the qcow2 file.
> 
> Not so good: While now any program knows how to read the bitmap and that
> it does refer to this qcow2 file, it's interpretation is not so easy
> still. Generally, a dirty bitmap has some reference point, that is the
> state of the disk when the bitmap was cleared or created. For instance,
> for incremental backups, whenever you create a backup based on a dirty
> bitmap, the dirty bitmap is cleared and the backup target is then said
> reference point.
> I think it would be nice to put that reference point (i.e. the name of
> an image file that contains the clean image) into the dirty bitmap
> header, if possible.

I don't think it's a valid assumption that the reference point has a
file name. Which makes me wonder... How do dirty bitmaps and internal
snapshots play together?

What I guess could be done is storing a creation date if you think this
would be useful.

> (Note: I won't comment on orthography, because I feel like that is
> something a native speaker should do. O:-))
> 
> > diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
> > index 121dfc8..3c89580 100644
> > --- a/docs/specs/qcow2.txt
> > +++ b/docs/specs/qcow2.txt
> > @@ -103,7 +103,17 @@ in the description of a field.
> >  write to an image with unknown auto-clear features if 
> > it
> >  clears the respective bits from this field first.
> >  
> > -Bits 0-63:  Reserved (set to 0)
> > +Bit 0:  Dirty bitmaps bit.
> > +This bit is responsible for Dirty bitmaps
> > +extension consistency.
> > +If it is set, but there is no Dirty bitmaps
> > +extensions, this should be considered as an
> > +error.
> > +If it is not set, but there is a Dirty 
> > bitmaps
> > +extension, its data should be considered as
> > +inconsistent.
> > +
> > +Bits 1-63:  Reserved (set to 0)
> >  
> >   96 -  99:  refcount_order
> >  Describes the width of a reference count block entry 
> > (width
> > @@ -123,6 +133,7 @@ be stored. Each extension has a structure like the 
> > following:
> >  0x - End of the header extension area
> >  0xE2792ACA - Backing file format name
> >  0x6803f857 - Feature name table
> > +0x23852875 - Dirty bitmaps
> >  other  - Unknown header extension, can be 
> > safely
> >   ignored
> >  
> > @@ -166,6 +177,31 @@ the header extension data. Each entry look like this:
> >  terminated if it has full length)
> >  
> >  
> > +== Dirty bitmaps ==
> > +
> > +Dirty bitmaps is an optional header extension. It provides an ability to 
> > store
> > +dirty bitmaps in a qcow2 image. The data of this extension should be 
> > considered
> > +as consistent only if corresponding auto-clear feature bit is set (see
> > +autoclear_features above).
> > +The fields of Dirty bitmaps extension are:
> > +
> > +  0 -  3:  nb_dirty_bitmaps
> > +   The number of dirty bitmaps contained in the image. 
> > Valid
> > +   values: 1 - 65535.
> 
> Again, I don't see a reason for why we should impose a strict upper
> limit here. I'd prefer "Note that qemu currently only supports up to
> 65535 

Re: [Qemu-devel] [PATCH 00/34] kvm_stat: Cleanup and fixup

[Cornelia Huck]

On Thu, 10 Dec 2015 13:12:30 +0100
Janosch Frank  wrote:

> Kvm_stat is a very helpful script for checking the state of VMs, but
> when I tried to introduce new features it broke every few lines.
> 
> This patch series aims to make the script more readable and durable,
> so future additions to it will break it less likely. It also fixes
> input/output problems for all of its interface modes.
> 
> Testing was done rarely on X86_64 RHEL 6.7 and mostly on s390. Tests
> on other architectures would be beneficial.

The cleanup and fixes look good to me, but I'm most certainly not a
python expert :)

Paolo, would you take these through the kvm tree?

> 
> Janosch Frank (34):
>   scripts/kvm/kvm_stat: Cleanup of multiple imports
>   scripts/kvm/kvm_stat: Replaced os.listdir with os.walk
>   scripts/kvm/kvm_stat: Make constants uppercase
>   scripts/kvm/kvm_stat: Removed unneeded PERF constants
>   scripts/kvm/kvm_stat: Mark globals in functions
>   scripts/kvm/kvm_stat: Invert dictionaries
>   scripts/kvm/kvm_stat: Cleanup of path variables
>   scripts/kvm/kvm_stat: Improve debugfs access checking
>   scripts/kvm/kvm_stat: Introduce main function
>   scripts/kvm/kvm_stat: Fix spaces around keyword assignments
>   scripts/kvm/kvm_stat: Rename variables that redefine globals
>   scripts/kvm/kvm_stat: Moved DebugfsProvider
>   scripts/kvm/kvm_stat: Fixup syscall error reporting
>   scripts/kvm/kvm_stat: Set sensible no. files rlimit
>   scripts/kvm/kvm_stat: Cleanup of platform detection
>   scripts/kvm/kvm_stat: Make cpu detection a function
>   scripts/kvm/kvm_stat: Rename _perf_event_open
>   scripts/kvm/kvm_stat: Introduce properties for providers
>   scripts/kvm/kvm_stat: Cleanup of TracepointProvider
>   scripts/kvm/kvm_stat: Cleanup cpu list retrieval
>   scripts/kvm/kvm_stat: Encapsulate filters variable
>   scripts/kvm/kvm_stat: Cleanup of Stats class
>   scripts/kvm/kvm_stat: Cleanup of Groups class
>   scripts/kvm/kvm_stat: Cleanup of Event class
>   scripts/kvm/kvm_stat: Group arch specific data
>   scripts/kvm/kvm_stat: Remove unneeded X86_EXIT_REASONS
>   scripts/kvm/kvm_stat: Make tui function a class
>   scripts/kvm/kvm_stat: Fix output formatting
>   scripts/kvm/kvm_stat: Move to argparse and add description
>   scripts/kvm/kvm_stat: Cleanup and pre-init perf_event_attr
>   scripts/kvm/kvm_stat: Read event values as u64
>   scripts/kvm/kvm_stat: Fix rlimit for unprivileged users
>   scripts/kvm/kvm_stat: Fixup filtering
>   scripts/kvm/kvm_stat: Add interactive filtering
> 
>  scripts/kvm/kvm_stat | 1129 
> --
>  1 file changed, 626 insertions(+), 503 deletions(-)
> 

[Qemu-devel] [PULL 5/5] ehci: make idt processing more robust

[Gerd Hoffmann]

Make ehci_process_itd return an error in case we didn't do any actual
iso transfer because we've found no active transaction.  That'll avoid
ehci happily run in circles forever if the guest builds a loop out of
idts.

This is CVE-2015-8558.

Cc: qemu-sta...@nongnu.org
Reported-by: Qinghao Tang 
Tested-by: P J P 
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 4e2161b..d07f228 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1389,7 +1389,7 @@ static int ehci_process_itd(EHCIState *ehci,
 {
 USBDevice *dev;
 USBEndpoint *ep;
-uint32_t i, len, pid, dir, devaddr, endp;
+uint32_t i, len, pid, dir, devaddr, endp, xfers = 0;
 uint32_t pg, off, ptr1, ptr2, max, mult;
 
 ehci->periodic_sched_active = PERIODIC_ACTIVE;
@@ -1479,9 +1479,10 @@ static int ehci_process_itd(EHCIState *ehci,
 ehci_raise_irq(ehci, USBSTS_INT);
 }
 itd->transact[i] &= ~ITD_XACT_ACTIVE;
+xfers++;
 }
 }
-return 0;
+return xfers ? 0 : -1;
 }
 
 
-- 
1.8.3.1

[Qemu-devel] [PULL 4/5] usb-mtp: add support for basic mtp events

[Gerd Hoffmann]

From: Bandan Das 

When the host polls for events, we check our
events qlist and send one event at a time. Also, note
that the event packet needs to be sent in one go, so
I increased the max packet size to 64.

Tested with a linux guest.

Signed-off-by: Bandan Das 
Message-id: 1448314625-3855-5-git-send-email-...@redhat.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-mtp.c | 29 +++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index def2f5e..af056c7 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -213,7 +213,7 @@ static const USBDescIface desc_iface_full = {
 },{
 .bEndpointAddress  = USB_DIR_IN | EP_EVENT,
 .bmAttributes  = USB_ENDPOINT_XFER_INT,
-.wMaxPacketSize= 8,
+.wMaxPacketSize= 64,
 .bInterval = 0x0a,
 },
 }
@@ -255,7 +255,7 @@ static const USBDescIface desc_iface_high = {
 },{
 .bEndpointAddress  = USB_DIR_IN | EP_EVENT,
 .bmAttributes  = USB_ENDPOINT_XFER_INT,
-.wMaxPacketSize= 8,
+.wMaxPacketSize= 64,
 .bInterval = 0x0a,
 },
 }
@@ -1297,6 +1297,31 @@ static void usb_mtp_handle_data(USBDevice *dev, 
USBPacket *p)
 }
 break;
 case EP_EVENT:
+#ifdef __linux__
+if (!QTAILQ_EMPTY(>events)) {
+struct MTPMonEntry *e = QTAILQ_LAST(>events, events);
+uint32_t handle;
+int len = sizeof(container) + sizeof(uint32_t);
+
+if (p->iov.size < len) {
+trace_usb_mtp_stall(s->dev.addr,
+"packet too small to send event");
+p->status = USB_RET_STALL;
+return;
+}
+
+QTAILQ_REMOVE(>events, e, next);
+container.length = cpu_to_le32(len);
+container.type = cpu_to_le32(TYPE_EVENT);
+container.code = cpu_to_le16(e->event);
+container.trans = 0; /* no trans specific events */
+handle = cpu_to_le32(e->handle);
+usb_packet_copy(p, , sizeof(container));
+usb_packet_copy(p, , sizeof(uint32_t));
+g_free(e);
+return;
+}
+#endif
 p->status = USB_RET_NAK;
 return;
 default:
-- 
1.8.3.1

[Qemu-devel] [PULL 2/5] usb-mtp: free objects on a mtp reset

[Gerd Hoffmann]

From: Bandan Das 

On a reset, call usb_mtp_object_free on all objects and their children

Signed-off-by: Bandan Das 
Message-id: 1448314625-3855-3-git-send-email-...@redhat.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-mtp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 10b657d..5b71691 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -908,6 +908,7 @@ static void usb_mtp_handle_reset(USBDevice *dev)
 
 trace_usb_mtp_reset(s->dev.addr);
 
+usb_mtp_object_free(s, QTAILQ_FIRST(>objects));
 s->session = 0;
 usb_mtp_data_free(s->data_in);
 s->data_in = NULL;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 11/12] audio: Clean up inappropriate and unreachable use of hw_error()

[Gerd Hoffmann]

On Do, 2015-12-10 at 11:29 +0100, Markus Armbruster wrote:
> audio_init() should not use hw_error(), because dumping CPU registers
> is unhelpful there, and aborting is wrong, because it can be called
> called from an audio device's realize() method.
> 
> The two uses of hw_error() come from commit 0d9acba:
> 
> * When qemu_new_timer() fails.  It couldn't fail back then, and it
>   can't fail now.  Drop the unreachable error handling.
> 
> * When no_audio_driver can't be initialized.  It couldn't fail back
>   then, and it can't fail now.  Replace the error handling by an
>   assertion.
> 
> Cc: Gerd Hoffmann 
> Signed-off-by: Markus Armbruster 

Reviewed-by: Gerd Hoffmann 

> ---
>  audio/audio.c | 11 ++-
>  1 file changed, 2 insertions(+), 9 deletions(-)
> 
> diff --git a/audio/audio.c b/audio/audio.c
> index 5be4b15..9b855ed 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -1806,9 +1806,6 @@ static void audio_init (void)
>  atexit (audio_atexit);
>  
>  s->ts = timer_new_ns(QEMU_CLOCK_VIRTUAL, audio_timer, s);
> -if (!s->ts) {
> -hw_error("Could not create audio timer\n");
> -}
>  
>  audio_process_options ("AUDIO", audio_options);
>  
> @@ -1859,12 +1856,8 @@ static void audio_init (void)
>  
>  if (!done) {
>  done = !audio_driver_init (s, _audio_driver);
> -if (!done) {
> -hw_error("Could not initialize audio subsystem\n");
> -}
> -else {
> -dolog ("warning: Using timer based audio emulation\n");
> -}
> +assert(done);
> +dolog ("warning: Using timer based audio emulation\n");
>  }
>  
>  if (conf.period.hertz <= 0) {

Re: [Qemu-devel] net: vmxnet3: memory leakage issue

[P J P]

  Hello Miao,

+-- On Tue, 15 Dec 2015, Miao Yan wrote --+
| So far as I know, vmxnet3 doesn't have a flow control spec. Same is true for 
| e1000 emulation layer in esxi, writing to flow control register bits is 
| ignored. Maybe there are some buffering or throttling layer in-between that 
| do not rely on pause frame.

  I see, okay. Thanks much for sharing these details.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH v2 6/6] vmw_pvscsi: Introduce 'x-disable-pcie' backword compatability property

[Shmulik Ladkani]

Hi,

On Mon, 14 Dec 2015 20:26:35 +0200 "Michael S. Tsirkin"  wrote:
> > > It's set internally by machine types to avoid breaking
> > > migration.  I don't see any reason for users to set it.
> > 
> > But they do set it :) albeit only through machine types.  I don't think
> > it's different from offloads, just much more specialized.
> > 
> > Or do you mean that it could go away if we decide to remove very old
> > machine types?  I think we would remove compat properties connected to
> > those machine types as well, even without "x-".
> > 
> 
> Then we'll break users who set them directly for some reason.
> So x- means "not part of stable ABI".
> No?

BTW, different drivers use different naming approaches.

E.g. d209c744 'hw/audio/intel-hda: Fix MSI capability address'
suggests a "old_msi_addr" property (yes, underscores) for intel-hda.
Michael, you were the reviewer ;-)

Perhaps we can standartize that "c-" prefix denotes compat properties?

Regards,
Shmulik

[Qemu-devel] [PATCH COLO-Frame v12 10/38] COLO: Implement colo checkpoint protocol

[zhanghailiang]

We need communications protocol of user-defined to control the checkpoint
process.

The new checkpoint request is started by Primary VM, and the interactive process
like below:
Checkpoint synchronizing points,

   Primary Secondary
   initial work
'checkpoint-ready' <-- @

'checkpoint-request'   @ ->
   Suspend (Only in hybrid 
mode)
'checkpoint-reply' <-- @
   Suspend state
'vmstate-send' @ ->
   Send state  Receive state
'vmstate-received' <-- @
   Release packets Load state
'vmstate-load' <-- @
   Resume  Resume (Only in hybrid 
mode)

   Start Comparing (Only in hybrid mode)
NOTE:
 1) '@' who sends the message
 2) Every sync-point is synchronized by two sides with only
one handshake(single direction) for low-latency.
If more strict synchronization is required, a opposite direction
sync-point should be added.
 3) Since sync-points are single direction, the remote side may
go forward a lot when this side just receives the sync-point.
 4) For now, we only support 'periodic' checkpoint, for which
   the Secondary VM is not running, later we will support 'hybrid' mode.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Cc: Eric Blake 
---
v12:
- Rename colo_ctl_put() to colo_put_cmd()
- Rename colo_ctl_get() to colo_get_check_cmd() and drop
  the third parameter
- Rename colo_ctl_get_cmd() to colo_get_cmd()
- Remove useless 'invalid' member for COLOcommand enum.
v11:
- Add missing 'checkpoint-ready' communication in comment.
- Use parameter to return 'value' for colo_ctl_get() (Dave's suggestion)
- Fix trace for colo_ctl_get() to trace command and value both
v10:
- Rename enum COLOCmd to COLOCommand (Eric's suggestion).
- Remove unused 'ram-steal'

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 183 ++-
 qapi-schema.json |  25 
 trace-events |   2 +
 3 files changed, 208 insertions(+), 2 deletions(-)

diff --git a/migration/colo.c b/migration/colo.c
index 0ab9618..0ce2a6e 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -10,10 +10,12 @@
  * later.  See the COPYING file in the top-level directory.
  */
 
+#include 
 #include "sysemu/sysemu.h"
 #include "migration/colo.h"
 #include "trace.h"
 #include "qemu/error-report.h"
+#include "qemu/sockets.h"
 
 bool colo_supported(void)
 {
@@ -34,6 +36,100 @@ bool migration_incoming_in_colo_state(void)
 return mis && (mis->state == MIGRATION_STATUS_COLO);
 }
 
+static int colo_put_cmd(QEMUFile *f, uint32_t cmd)
+{
+int ret;
+
+if (cmd >= COLO_COMMAND_MAX) {
+error_report("%s: Invalid cmd", __func__);
+return -EINVAL;
+}
+qemu_put_be32(f, cmd);
+qemu_fflush(f);
+
+ret = qemu_file_get_error(f);
+trace_colo_put_cmd(COLOCommand_lookup[cmd]);
+
+return ret;
+}
+
+static int colo_get_cmd(QEMUFile *f, uint32_t *cmd)
+{
+int ret;
+
+*cmd = qemu_get_be32(f);
+ret = qemu_file_get_error(f);
+if (ret < 0) {
+return ret;
+}
+if (*cmd >= COLO_COMMAND_MAX) {
+error_report("%s: Invalid cmd", __func__);
+return -EINVAL;
+}
+trace_colo_get_cmd(COLOCommand_lookup[*cmd]);
+return 0;
+}
+
+static int colo_get_check_cmd(QEMUFile *f, uint32_t expect_cmd)
+{
+int ret;
+uint32_t cmd;
+
+ret = colo_get_cmd(f, );
+if (ret < 0) {
+return ret;
+}
+if (cmd != expect_cmd) {
+error_report("Unexpect colo command, expect:%d, but got cmd:%d",
+ expect_cmd, cmd);
+return -EINVAL;
+}
+
+return 0;
+}
+
+static int colo_do_checkpoint_transaction(MigrationState *s)
+{
+int ret;
+
+ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_CHECKPOINT_REQUEST);
+if (ret < 0) {
+goto out;
+}
+
+ret = colo_get_check_cmd(s->rp_state.from_dst_file,
+ COLO_COMMAND_CHECKPOINT_REPLY);
+if (ret < 0) {
+goto out;
+}
+
+/* TODO: suspend and save vm state to colo buffer */
+
+ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_VMSTATE_SEND);
+if (ret < 0) {
+goto out;
+}
+
+/* TODO: send vmstate to Secondary */
+
+ret = colo_get_check_cmd(s->rp_state.from_dst_file,
+ COLO_COMMAND_VMSTATE_RECEIVED);
+if (ret < 0) {
+goto out;
+}
+
+ret = 

[Qemu-devel] [PATCH COLO-Frame v12 20/38] COLO: synchronize PVM's state to SVM periodically

[zhanghailiang]

Do checkpoint periodically, the default interval is 200ms.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
v11:
- Fix wrong sleep time for checkpoint period. (Dave's review comment)

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/migration/colo.c b/migration/colo.c
index e40cdb9..ca5df44 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -11,6 +11,7 @@
  */
 
 #include 
+#include "qemu/timer.h"
 #include "sysemu/sysemu.h"
 #include "migration/colo.h"
 #include "trace.h"
@@ -211,6 +212,7 @@ out:
 static void colo_process_checkpoint(MigrationState *s)
 {
 QEMUSizedBuffer *buffer = NULL;
+int64_t current_time, checkpoint_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 int ret = 0;
 
 s->rp_state.from_dst_file = qemu_file_get_return_path(s->to_dst_file);
@@ -243,11 +245,21 @@ static void colo_process_checkpoint(MigrationState *s)
 trace_colo_vm_state_change("stop", "run");
 
 while (s->state == MIGRATION_STATUS_COLO) {
+current_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
+if (current_time - checkpoint_time <
+s->parameters[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY]) {
+int64_t delay_ms;
+
+delay_ms = s->parameters[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY] -
+   (current_time - checkpoint_time);
+g_usleep(delay_ms * 1000);
+}
 /* start a colo checkpoint */
 ret = colo_do_checkpoint_transaction(s, buffer);
 if (ret < 0) {
 goto out;
 }
+checkpoint_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 }
 
 out:
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 07/38] migration: Integrate COLO checkpoint process into loadvm

[zhanghailiang]

Switch from normal migration loadvm process into COLO checkpoint process if
COLO mode is enabled.
We add three new members to struct MigrationIncomingState, 
'have_colo_incoming_thread'
and 'colo_incoming_thread' record the colo related threads for secondary VM,
'migration_incoming_co' records the original migration incoming coroutine.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
v11:
- We moved the place of bdrv_invalidate_cache_all(), but done the deleting work
  in other patch. Fix it.
- Add documentation for colo in 'MigrationStatus' (Eric's review comment)
v10:
- fix a bug about fd leak which is found by Dave.

Signed-off-by: zhanghailiang 
---
 include/migration/colo.h  |  7 +++
 include/migration/migration.h |  7 +++
 migration/colo-comm.c | 10 ++
 migration/colo.c  | 22 ++
 migration/migration.c | 31 +--
 stubs/migration-colo.c| 10 ++
 6 files changed, 77 insertions(+), 10 deletions(-)

diff --git a/include/migration/colo.h b/include/migration/colo.h
index f462f06..2676c4a 100644
--- a/include/migration/colo.h
+++ b/include/migration/colo.h
@@ -15,6 +15,8 @@
 
 #include "qemu-common.h"
 #include "migration/migration.h"
+#include "qemu/coroutine_int.h"
+#include "qemu/thread.h"
 
 bool colo_supported(void);
 void colo_info_mig_init(void);
@@ -22,4 +24,9 @@ void colo_info_mig_init(void);
 void migrate_start_colo_process(MigrationState *s);
 bool migration_in_colo_state(void);
 
+/* loadvm */
+bool migration_incoming_enable_colo(void);
+void migration_incoming_exit_colo(void);
+void *colo_process_incoming_thread(void *opaque);
+bool migration_incoming_in_colo_state(void);
 #endif
diff --git a/include/migration/migration.h b/include/migration/migration.h
index 99dfa92..a57a734 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -22,6 +22,7 @@
 #include "migration/vmstate.h"
 #include "qapi-types.h"
 #include "exec/cpu-common.h"
+#include "qemu/coroutine_int.h"
 
 #define QEMU_VM_FILE_MAGIC   0x5145564d
 #define QEMU_VM_FILE_VERSION_COMPAT  0x0002
@@ -106,6 +107,12 @@ struct MigrationIncomingState {
 void *postcopy_tmp_page;
 
 int state;
+
+bool have_colo_incoming_thread;
+QemuThread colo_incoming_thread;
+/* The coroutine we should enter (back) after failover */
+Coroutine *migration_incoming_co;
+
 /* See savevm.c */
 LoadStateEntry_Head loadvm_handlers;
 };
diff --git a/migration/colo-comm.c b/migration/colo-comm.c
index fb407e0..30df3d3 100644
--- a/migration/colo-comm.c
+++ b/migration/colo-comm.c
@@ -48,3 +48,13 @@ void colo_info_mig_init(void)
 {
 vmstate_register(NULL, 0, _state, _info);
 }
+
+bool migration_incoming_enable_colo(void)
+{
+return colo_info.colo_requested;
+}
+
+void migration_incoming_exit_colo(void)
+{
+colo_info.colo_requested = 0;
+}
diff --git a/migration/colo.c b/migration/colo.c
index cf0ccb8..6880aa0 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -13,6 +13,7 @@
 #include "sysemu/sysemu.h"
 #include "migration/colo.h"
 #include "trace.h"
+#include "qemu/error-report.h"
 
 bool colo_supported(void)
 {
@@ -26,6 +27,13 @@ bool migration_in_colo_state(void)
 return (s->state == MIGRATION_STATUS_COLO);
 }
 
+bool migration_incoming_in_colo_state(void)
+{
+MigrationIncomingState *mis = migration_incoming_get_current();
+
+return mis && (mis->state == MIGRATION_STATUS_COLO);
+}
+
 static void colo_process_checkpoint(MigrationState *s)
 {
 qemu_mutex_lock_iothread();
@@ -47,3 +55,17 @@ void migrate_start_colo_process(MigrationState *s)
 colo_process_checkpoint(s);
 qemu_mutex_lock_iothread();
 }
+
+void *colo_process_incoming_thread(void *opaque)
+{
+MigrationIncomingState *mis = opaque;
+
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_COLO);
+
+/* TODO: COLO checkpoint restore loop */
+
+migration_incoming_exit_colo();
+
+return NULL;
+}
diff --git a/migration/migration.c b/migration/migration.c
index 99b870d..d5691c2 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -358,6 +358,27 @@ static void process_incoming_migration_co(void *opaque)
 /* Else if something went wrong then just fall out of the normal exit 
*/
 }
 
+if (!ret) {
+/* Make sure all file formats flush their mutable metadata */
+bdrv_invalidate_cache_all(_err);
+if (local_err) {
+error_report_err(local_err);
+migrate_decompress_threads_join();
+exit(EXIT_FAILURE);
+}
+}
+/* we get colo info, and know if we are in colo mode */
+if (!ret && migration_incoming_enable_colo()) {
+mis->migration_incoming_co = 

[Qemu-devel] [PATCH COLO-Frame v12 09/38] COLO/migration: Create a new communication path from destination to source

[zhanghailiang]

This new communication path will be used for returning messages
from destination to source.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
v11:
- Rebase master to use qemu_file_get_return_path() for opening return path
v10:
- fix the the error log (Dave's suggestion).

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/migration/colo.c b/migration/colo.c
index 6880aa0..0ab9618 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -36,6 +36,15 @@ bool migration_incoming_in_colo_state(void)
 
 static void colo_process_checkpoint(MigrationState *s)
 {
+int ret = 0;
+
+s->rp_state.from_dst_file = qemu_file_get_return_path(s->to_dst_file);
+if (!s->rp_state.from_dst_file) {
+ret = -EINVAL;
+error_report("Open QEMUFile from_dst_file failed");
+goto out;
+}
+
 qemu_mutex_lock_iothread();
 vm_start();
 qemu_mutex_unlock_iothread();
@@ -43,8 +52,16 @@ static void colo_process_checkpoint(MigrationState *s)
 
 /*TODO: COLO checkpoint savevm loop*/
 
+out:
+if (ret < 0) {
+error_report("%s: %s", __func__, strerror(-ret));
+}
 migrate_set_state(>state, MIGRATION_STATUS_COLO,
   MIGRATION_STATUS_COMPLETED);
+
+if (s->rp_state.from_dst_file) {
+qemu_fclose(s->rp_state.from_dst_file);
+}
 }
 
 void migrate_start_colo_process(MigrationState *s)
@@ -59,12 +76,34 @@ void migrate_start_colo_process(MigrationState *s)
 void *colo_process_incoming_thread(void *opaque)
 {
 MigrationIncomingState *mis = opaque;
+int ret = 0;
 
 migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_COLO);
 
+mis->to_src_file = qemu_file_get_return_path(mis->from_src_file);
+if (!mis->to_src_file) {
+ret = -EINVAL;
+error_report("colo incoming thread: Open QEMUFile to_src_file failed");
+goto out;
+}
+/* Note: We set the fd to unblocked in migration incoming coroutine,
+*  But here we are in the colo incoming thread, so it is ok to set the
+*  fd back to blocked.
+*/
+qemu_set_block(qemu_get_fd(mis->from_src_file));
+
 /* TODO: COLO checkpoint restore loop */
 
+out:
+if (ret < 0) {
+error_report("colo incoming thread will exit, detect error: %s",
+ strerror(-ret));
+}
+
+if (mis->to_src_file) {
+qemu_fclose(mis->to_src_file);
+}
 migration_incoming_exit_colo();
 
 return NULL;
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 13/38] COLO: Save PVM state to secondary side when do checkpoint

[zhanghailiang]

The main process of checkpoint is to synchronize SVM with PVM.
VM's state includes ram and device state. So we will migrate PVM's
state to SVM when do checkpoint, just like migration does.

We will cache PVM's state in slave, we use QEMUSizedBuffer
to store the data, we need to know the size of VM state, so in master,
we use qsb to store VM state temporarily, get the data size by call 
qsb_get_length()
and then migrate the data to the qsb in the secondary side.

Signed-off-by: zhanghailiang 
Signed-off-by: Gonglei 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
Cc: Dr. David Alan Gilbert 
---
v12:
- Replace the old colo_ctl_get() with the new helper function 
colo_put_cmd_value()
v11:
- Add Reviewed-by tag

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 84 
 migration/ram.c  | 39 +++---
 2 files changed, 108 insertions(+), 15 deletions(-)

diff --git a/migration/colo.c b/migration/colo.c
index 0ce2a6e..42bc6ef 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -17,6 +17,9 @@
 #include "qemu/error-report.h"
 #include "qemu/sockets.h"
 
+/* colo buffer */
+#define COLO_BUFFER_BASE_SIZE (4 * 1024 * 1024)
+
 bool colo_supported(void)
 {
 return true;
@@ -53,6 +56,22 @@ static int colo_put_cmd(QEMUFile *f, uint32_t cmd)
 return ret;
 }
 
+static int colo_put_cmd_value(QEMUFile *f, uint32_t cmd, uint64_t value)
+{
+int ret;
+
+ret = colo_put_cmd(f, cmd);
+if (ret < 0) {
+return 0;
+ }
+qemu_put_be64(f, value);
+qemu_fflush(f);
+
+ret = qemu_file_get_error(f);
+
+return ret;
+}
+
 static int colo_get_cmd(QEMUFile *f, uint32_t *cmd)
 {
 int ret;
@@ -88,9 +107,12 @@ static int colo_get_check_cmd(QEMUFile *f, uint32_t 
expect_cmd)
 return 0;
 }
 
-static int colo_do_checkpoint_transaction(MigrationState *s)
+static int colo_do_checkpoint_transaction(MigrationState *s,
+  QEMUSizedBuffer *buffer)
 {
 int ret;
+size_t size;
+QEMUFile *trans = NULL;
 
 ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_CHECKPOINT_REQUEST);
 if (ret < 0) {
@@ -102,15 +124,47 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s)
 if (ret < 0) {
 goto out;
 }
+/* Reset colo buffer and open it for write */
+qsb_set_length(buffer, 0);
+trans = qemu_bufopen("w", buffer);
+if (!trans) {
+error_report("Open colo buffer for write failed");
+goto out;
+}
 
-/* TODO: suspend and save vm state to colo buffer */
+qemu_mutex_lock_iothread();
+vm_stop_force_state(RUN_STATE_COLO);
+qemu_mutex_unlock_iothread();
+trace_colo_vm_state_change("run", "stop");
+
+/* Disable block migration */
+s->params.blk = 0;
+s->params.shared = 0;
+qemu_savevm_state_header(trans);
+qemu_savevm_state_begin(trans, >params);
+qemu_mutex_lock_iothread();
+qemu_savevm_state_complete_precopy(trans, false);
+qemu_mutex_unlock_iothread();
+
+qemu_fflush(trans);
 
 ret = colo_put_cmd(s->to_dst_file, COLO_COMMAND_VMSTATE_SEND);
 if (ret < 0) {
 goto out;
 }
+/* we send the total size of the vmstate first */
+size = qsb_get_length(buffer);
+ret = colo_put_cmd_value(s->to_dst_file, COLO_COMMAND_VMSTATE_SIZE, size);
+if (ret < 0) {
+goto out;
+}
 
-/* TODO: send vmstate to Secondary */
+qsb_put_buffer(s->to_dst_file, buffer, size);
+qemu_fflush(s->to_dst_file);
+ret = qemu_file_get_error(s->to_dst_file);
+if (ret < 0) {
+goto out;
+}
 
 ret = colo_get_check_cmd(s->rp_state.from_dst_file,
  COLO_COMMAND_VMSTATE_RECEIVED);
@@ -124,14 +178,24 @@ static int colo_do_checkpoint_transaction(MigrationState 
*s)
 goto out;
 }
 
-/* TODO: resume Primary */
+ret = 0;
+/* Resume primary guest */
+qemu_mutex_lock_iothread();
+vm_start();
+qemu_mutex_unlock_iothread();
+trace_colo_vm_state_change("stop", "run");
 
 out:
+if (trans) {
+qemu_fclose(trans);
+}
+
 return ret;
 }
 
 static void colo_process_checkpoint(MigrationState *s)
 {
+QEMUSizedBuffer *buffer = NULL;
 int ret = 0;
 
 s->rp_state.from_dst_file = qemu_file_get_return_path(s->to_dst_file);
@@ -151,6 +215,13 @@ static void colo_process_checkpoint(MigrationState *s)
 goto out;
 }
 
+buffer = qsb_create(NULL, COLO_BUFFER_BASE_SIZE);
+if (buffer == NULL) {
+ret = -ENOMEM;
+error_report("Failed to allocate colo buffer!");
+goto out;
+}
+
 qemu_mutex_lock_iothread();
 vm_start();
 qemu_mutex_unlock_iothread();
@@ -158,7 +229,7 @@ static void colo_process_checkpoint(MigrationState *s)
 
 while (s->state == 

[Qemu-devel] [PATCH COLO-Frame v12 33/38] net/filter-buffer: Add default filter-buffer for each netdev

[zhanghailiang]

We add each netdev (except vhost-net) a default filter-buffer,
which will be used for COLO or Micro-checkpoint to buffer VM's packets.
The name of default filter-buffer is 'nop'.
For the default filter-buffer, it will not buffer any packets in default.
So it has no side effect for the netdev.

Signed-off-by: zhanghailiang 
Cc: Jason Wang 
Cc: Yang Hongyang 
---
v12:
- Skip vhost-net when add default filter
- Don't go through filter layer if the filter is disabled.
v11:
- New patch

Signed-off-by: zhanghailiang 
---
 include/net/filter.h | 10 +++
 net/filter-buffer.c  | 82 
 net/filter.c |  6 +++-
 net/net.c| 12 
 4 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/include/net/filter.h b/include/net/filter.h
index 2deda36..40aa38c 100644
--- a/include/net/filter.h
+++ b/include/net/filter.h
@@ -56,6 +56,8 @@ struct NetFilterState {
 NetClientState *netdev;
 NetFilterDirection direction;
 char info_str[256];
+bool is_default;
+bool enabled;
 QTAILQ_ENTRY(NetFilterState) next;
 };
 
@@ -74,4 +76,12 @@ ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
 int iovcnt,
 void *opaque);
 
+static inline bool qemu_need_skip_netfilter(NetFilterState *nf)
+{
+return nf->enabled ? false : true;
+}
+
+void netdev_add_default_filter_buffer(const char *netdev_id,
+  NetFilterDirection direction,
+  Error **errp);
 #endif /* QEMU_NET_FILTER_H */
diff --git a/net/filter-buffer.c b/net/filter-buffer.c
index 57be149..9cf3544 100644
--- a/net/filter-buffer.c
+++ b/net/filter-buffer.c
@@ -14,6 +14,13 @@
 #include "qapi/qmp/qerror.h"
 #include "qapi-visit.h"
 #include "qom/object.h"
+#include "net/net.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp-output-visitor.h"
+#include "qapi/qmp-input-visitor.h"
+#include "monitor/monitor.h"
+#include "qmp-commands.h"
+#include "net/vhost_net.h"
 
 #define TYPE_FILTER_BUFFER "filter-buffer"
 
@@ -102,6 +109,7 @@ static void filter_buffer_cleanup(NetFilterState *nf)
 static void filter_buffer_setup(NetFilterState *nf, Error **errp)
 {
 FilterBufferState *s = FILTER_BUFFER(nf);
+char *path = object_get_canonical_path_component(OBJECT(nf));
 
 /*
  * We may want to accept zero interval when VM FT solutions like MC
@@ -114,6 +122,14 @@ static void filter_buffer_setup(NetFilterState *nf, Error 
**errp)
 }
 
 s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
+nf->is_default = !strcmp(path, "nop");
+/*
+* For the default buffer filter, it will be disabled by default,
+* So it will not buffer any packets.
+*/
+if (nf->is_default) {
+nf->enabled = false;
+}
 if (s->interval) {
 timer_init_us(>release_timer, QEMU_CLOCK_VIRTUAL,
   filter_buffer_release_timer, nf);
@@ -163,6 +179,72 @@ out:
 error_propagate(errp, local_err);
 }
 
+/*
+* This will be used by COLO or MC FT, for which they will need
+* to buffer the packets of VM's net devices, Here we add a default
+* buffer filter for each netdev. The name of default buffer filter is
+* 'nop'
+*/
+void netdev_add_default_filter_buffer(const char *netdev_id,
+  NetFilterDirection direction,
+  Error **errp)
+{
+QmpOutputVisitor *qov;
+QmpInputVisitor *qiv;
+Visitor *ov, *iv;
+QObject *obj = NULL;
+QDict *qdict;
+void *dummy = NULL;
+const char *id = "nop";
+char *queue = g_strdup(NetFilterDirection_lookup[direction]);
+NetClientState *nc = qemu_find_netdev(netdev_id);
+Error *err = NULL;
+
+/* FIXME: Not support multiple queues */
+if (!nc || nc->queue_index > 1) {
+g_free(queue);
+return;
+}
+/* Not support vhost-net */
+if (get_vhost_net(nc)) {
+g_free(queue);
+return;
+}
+qov = qmp_output_visitor_new();
+ov = qmp_output_get_visitor(qov);
+visit_start_struct(ov,  , NULL, NULL, 0, );
+if (err) {
+goto out;
+}
+visit_type_str(ov, >name, "netdev", );
+if (err) {
+goto out;
+}
+visit_type_str(ov, , "queue", );
+if (err) {
+goto out;
+}
+visit_end_struct(ov, );
+if (err) {
+goto out;
+}
+obj = qmp_output_get_qobject(qov);
+g_assert(obj != NULL);
+qdict = qobject_to_qdict(obj);
+qmp_output_visitor_cleanup(qov);
+
+qiv = qmp_input_visitor_new(obj);
+iv = qmp_input_get_visitor(qiv);
+object_add(TYPE_FILTER_BUFFER, id, qdict, iv, );
+qmp_input_visitor_cleanup(qiv);
+qobject_decref(obj);
+out:
+g_free(queue);
+if (err) {
+error_propagate(errp, err);
+

Re: [Qemu-devel] [PATCH v3 5/7] vmxnet3: The vmxnet3 device is a PCIE endpoint

[Jason Wang]

On 12/15/2015 02:09 PM, Shmulik Ladkani wrote:
> Hi Jason,
>
> On Tue, 15 Dec 2015 10:35:59 +0800 Jason Wang  wrote:
>>> Another attempt I've made is to indroduce a new type vmxnet3e (the
>>> pcie variant of vmxnet3).
>>> I dropped this approach since it was way too cumbersome, introducing
>>> lots of boiler-plate code for the two (otherwise) identical types.
>> Yes, that's another solution (as I replied for patch 6). A question
>> here. If vmware differs pci-e version of vmxnet3 from pci version,
>> probably we need do the same (and you don't even need to care for
>> compatibility in the case). At a quick glance, no much duplicated codes.
>> (if you mean the msi offsets, you can let vmxnet3e use the new offset
>> unconditionally).
> Examples of duplicated boiler plate:
>
> Split to a TYPE_VMXNET3_BASE abstract type having two concrete sub types.
>
> Introduction of 'VMStateDescription vmstate_vmxnet3e' which differs only
> due to its '.name' (must be the name of the type, i.e "vmxnet3e") and
> the use of VMSTATE_PCIE_DEVICE (instead of VMSTATE_PCI_DEVICE), but
> otherwise idential to existing 'VMStateDescription vmstate_vmxnet3'.
>
> Introduction of 'VMStateDescription vmxstate_vmxnet3e_mcast_list' which
> differs only by '.name' (must be "vmxnet3e/mcast_list" instead of
> "vmxnet3/mcast_list") but otherwise identical to existing
> 'vmxstate_vmxnet3_mcast_list'.
>
> Also, the vmxnet3 device is indeed a PCIE, and should have been so since
> start.

Yes, so this is a strong reason that we must not introduce a new type.

> The reason we're keeping the non-pcie variant is not since user would be
> interested in an environment having the the non-pcie type, but only for
> not breaking migration from old hardware versions.
>
> Thus, suggesting 2 device types, providing the non-pcie variant as a
> user visible type, exposes the user with a choice of selecting a type
> which ideally shouldn't have existed at all.
> This seems less preferrable.
>
> Regards,
> Shmulik
>

I get the point, thanks for the clarification.

[Qemu-devel] [PATCH COLO-Frame v12 06/38] migration: Integrate COLO checkpoint process into migration

[zhanghailiang]

Add a migrate state: MIGRATION_STATUS_COLO, enter this migration state
after the first live migration successfully finished.

We reuse migration thread, so if colo is enabled by user, migration thread will
go into the process of colo.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- Rebase to master
- Add Reviewed-by tag
v10:
- Simplify process by dropping colo thread and reusing migration thread.
 (Dave's suggestion)

Signed-off-by: zhanghailiang 
---
 include/migration/colo.h |  3 +++
 migration/colo.c | 31 +++
 migration/migration.c| 30 ++
 qapi-schema.json |  4 +++-
 stubs/migration-colo.c   |  9 +
 trace-events |  3 +++
 6 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/include/migration/colo.h b/include/migration/colo.h
index 9b6662d..f462f06 100644
--- a/include/migration/colo.h
+++ b/include/migration/colo.h
@@ -19,4 +19,7 @@
 bool colo_supported(void);
 void colo_info_mig_init(void);
 
+void migrate_start_colo_process(MigrationState *s);
+bool migration_in_colo_state(void);
+
 #endif
diff --git a/migration/colo.c b/migration/colo.c
index 2c40d2e..cf0ccb8 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -10,9 +10,40 @@
  * later.  See the COPYING file in the top-level directory.
  */
 
+#include "sysemu/sysemu.h"
 #include "migration/colo.h"
+#include "trace.h"
 
 bool colo_supported(void)
 {
 return true;
 }
+
+bool migration_in_colo_state(void)
+{
+MigrationState *s = migrate_get_current();
+
+return (s->state == MIGRATION_STATUS_COLO);
+}
+
+static void colo_process_checkpoint(MigrationState *s)
+{
+qemu_mutex_lock_iothread();
+vm_start();
+qemu_mutex_unlock_iothread();
+trace_colo_vm_state_change("stop", "run");
+
+/*TODO: COLO checkpoint savevm loop*/
+
+migrate_set_state(>state, MIGRATION_STATUS_COLO,
+  MIGRATION_STATUS_COMPLETED);
+}
+
+void migrate_start_colo_process(MigrationState *s)
+{
+qemu_mutex_unlock_iothread();
+migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_COLO);
+colo_process_checkpoint(s);
+qemu_mutex_lock_iothread();
+}
diff --git a/migration/migration.c b/migration/migration.c
index d58ce98..99b870d 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -640,6 +640,10 @@ MigrationInfo *qmp_query_migrate(Error **errp)
 
 get_xbzrle_cache_stats(info);
 break;
+case MIGRATION_STATUS_COLO:
+info->has_status = true;
+/* TODO: display COLO specific information (checkpoint info etc.) */
+break;
 case MIGRATION_STATUS_COMPLETED:
 get_xbzrle_cache_stats(info);
 
@@ -999,7 +1003,8 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 params.shared = has_inc && inc;
 
 if (migration_is_setup_or_active(s->state) ||
-s->state == MIGRATION_STATUS_CANCELLING) {
+s->state == MIGRATION_STATUS_CANCELLING ||
+s->state == MIGRATION_STATUS_COLO) {
 error_setg(errp, QERR_MIGRATION_ACTIVE);
 return;
 }
@@ -1591,8 +1596,11 @@ static void migration_completion(MigrationState *s, int 
current_active_state,
 goto fail;
 }
 
-migrate_set_state(>state, current_active_state,
-  MIGRATION_STATUS_COMPLETED);
+if (!migrate_colo_enabled()) {
+migrate_set_state(>state, current_active_state,
+  MIGRATION_STATUS_COMPLETED);
+}
+
 return;
 
 fail:
@@ -1624,6 +1632,7 @@ static void *migration_thread(void *opaque)
 bool entered_postcopy = false;
 /* The active state we expect to be in; ACTIVE or POSTCOPY_ACTIVE */
 enum MigrationStatus current_active_state = MIGRATION_STATUS_ACTIVE;
+bool enable_colo = migrate_colo_enabled();
 
 rcu_register_thread();
 
@@ -1731,7 +1740,11 @@ static void *migration_thread(void *opaque)
 end_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
 
 qemu_mutex_lock_iothread();
-qemu_savevm_state_cleanup();
+/* The resource has been allocated by migration will be reused in COLO
+  process, so don't release them. */
+if (!enable_colo) {
+qemu_savevm_state_cleanup();
+}
 if (s->state == MIGRATION_STATUS_COMPLETED) {
 uint64_t transferred_bytes = qemu_ftell(s->file);
 s->total_time = end_time - s->total_time;
@@ -1744,6 +1757,15 @@ static void *migration_thread(void *opaque)
 }
 runstate_set(RUN_STATE_POSTMIGRATE);
 } else {
+if (s->state == MIGRATION_STATUS_ACTIVE && enable_colo) {
+migrate_start_colo_process(s);
+qemu_savevm_state_cleanup();
+/*
+* Fixme: we will run VM in COLO no matter its old 

[Qemu-devel] [PATCH COLO-Frame v12 24/38] COLO: Implement failover work for Secondary VM

[zhanghailiang]

If users require SVM to takeover work, colo incoming thread should
exit from loop while failover BH helps backing to migration incoming
coroutine.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Reviewed-by: Dr. David Alan Gilbert 
v12:
- Improve error message that suggested by Dave
- Add Reviewed-by tag

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 42 +++---
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/migration/colo.c b/migration/colo.c
index 977c8d8..d1dd4e1 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -46,6 +46,33 @@ static bool colo_runstate_is_stopped(void)
 return runstate_check(RUN_STATE_COLO) || !runstate_is_running();
 }
 
+static void secondary_vm_do_failover(void)
+{
+int old_state;
+MigrationIncomingState *mis = migration_incoming_get_current();
+
+migrate_set_state(>state, MIGRATION_STATUS_COLO,
+  MIGRATION_STATUS_COMPLETED);
+
+if (!autostart) {
+error_report("\"-S\" qemu option will be ignored in secondary side");
+/* recover runstate to normal migration finish state */
+autostart = true;
+}
+
+old_state = failover_set_state(FAILOVER_STATUS_HANDLING,
+   FAILOVER_STATUS_COMPLETED);
+if (old_state != FAILOVER_STATUS_HANDLING) {
+error_report("Incorrect state (%d) while doing failover for "
+ "secondary VM", old_state);
+return;
+}
+/* For Secondary VM, jump to incoming co */
+if (mis->migration_incoming_co) {
+qemu_coroutine_enter(mis->migration_incoming_co, NULL);
+}
+}
+
 static void primary_vm_do_failover(void)
 {
 MigrationState *s = migrate_get_current();
@@ -72,6 +99,8 @@ void colo_do_failover(MigrationState *s)
 
 if (get_colo_mode() == COLO_MODE_PRIMARY) {
 primary_vm_do_failover();
+} else {
+secondary_vm_do_failover();
 }
 }
 
@@ -418,6 +447,12 @@ void *colo_process_incoming_thread(void *opaque)
 continue;
 }
 }
+
+if (failover_request_is_active()) {
+error_report("failover request");
+goto out;
+}
+
 /* FIXME: This is unnecessary for periodic checkpoint mode */
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_CHECKPOINT_REPLY);
 if (ret < 0) {
@@ -487,10 +522,11 @@ out:
 qemu_fclose(fb);
 }
 qsb_free(buffer);
-
-qemu_mutex_lock_iothread();
+/* Here, we can ensure BH is hold the global lock, and will join colo
+* incoming thread, so here it is not necessary to lock here again,
+* or there will be a deadlock error.
+*/
 colo_release_ram_cache();
-qemu_mutex_unlock_iothread();
 
 if (mis->to_src_file) {
 qemu_fclose(mis->to_src_file);
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 15/38] COLO: Load PVM's dirty pages into SVM's RAM cache temporarily

[zhanghailiang]

We should not load PVM's state directly into SVM, because there maybe some
errors happen when SVM is receving data, which will break SVM.

We need to ensure receving all data before load the state into SVM. We use
an extra memory to cache these data (PVM's ram). The ram cache in secondary side
is initially the same as SVM/PVM's memory. And in the process of checkpoint,
we cache the dirty pages of PVM into this ram cache firstly, so this ram cache
always the same as PVM's memory at every checkpoint, then we flush this cached 
ram
to SVM after we receive all PVM's state.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Fix minor error in error_report (Dave's comment)
- Add Reviewed-by tag
v11:
- Rename 'host_cache' to 'colo_cache' (Dave's suggestion)
v10:
- Split the process of dirty pages recording into a new patch

Signed-off-by: zhanghailiang 
---
 include/exec/ram_addr.h   |  1 +
 include/migration/migration.h |  4 +++
 migration/colo.c  |  9 ++
 migration/ram.c   | 73 ++-
 4 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index 2b31279..962d322 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -26,6 +26,7 @@ struct RAMBlock {
 struct rcu_head rcu;
 struct MemoryRegion *mr;
 uint8_t *host;
+uint8_t *colo_cache; /* For colo, VM's ram cache */
 ram_addr_t offset;
 ram_addr_t used_length;
 ram_addr_t max_length;
diff --git a/include/migration/migration.h b/include/migration/migration.h
index ba5bcec..e41372d 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -332,4 +332,8 @@ int ram_save_queue_pages(MigrationState *ms, const char 
*rbname,
 PostcopyState postcopy_state_get(void);
 /* Set the state and return the old state */
 PostcopyState postcopy_state_set(PostcopyState new_state);
+
+/* ram cache */
+int colo_init_ram_cache(void);
+void colo_release_ram_cache(void);
 #endif
diff --git a/migration/colo.c b/migration/colo.c
index 42bc6ef..5ff4946 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -304,6 +304,11 @@ void *colo_process_incoming_thread(void *opaque)
 */
 qemu_set_block(qemu_get_fd(mis->from_src_file));
 
+ret = colo_init_ram_cache();
+if (ret < 0) {
+error_report("Failed to initialize ram cache");
+goto out;
+}
 
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_CHECKPOINT_READY);
 if (ret < 0) {
@@ -354,6 +359,10 @@ out:
  strerror(-ret));
 }
 
+qemu_mutex_lock_iothread();
+colo_release_ram_cache();
+qemu_mutex_unlock_iothread();
+
 if (mis->to_src_file) {
 qemu_fclose(mis->to_src_file);
 }
diff --git a/migration/ram.c b/migration/ram.c
index 09fe6e6..db5096a 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -223,6 +223,7 @@ static RAMBlock *last_sent_block;
 static ram_addr_t last_offset;
 static QemuMutex migration_bitmap_mutex;
 static uint64_t migration_dirty_pages;
+static bool ram_cache_enable;
 static uint32_t last_version;
 static bool ram_bulk_stage;
 
@@ -2181,6 +2182,20 @@ static inline void *host_from_ram_block_offset(RAMBlock 
*block,
 return block->host + offset;
 }
 
+static inline void *colo_cache_from_block_offset(RAMBlock *block,
+ ram_addr_t offset)
+{
+if (!offset_in_ramblock(block, offset)) {
+return NULL;
+}
+if (!block->colo_cache) {
+error_report("%s: colo_cache is NULL in block :%s",
+ __func__, block->idstr);
+return NULL;
+}
+return block->colo_cache + offset;
+}
+
 /*
  * If a page (or a whole RDMA chunk) has been
  * determined to be zero, then zap it.
@@ -2460,7 +2475,12 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
  RAM_SAVE_FLAG_COMPRESS_PAGE | RAM_SAVE_FLAG_XBZRLE)) {
 RAMBlock *block = ram_block_from_stream(f, flags);
 
-host = host_from_ram_block_offset(block, addr);
+/* After going into COLO, we should load the Page into colo_cache 
*/
+if (ram_cache_enable) {
+host = colo_cache_from_block_offset(block, addr);
+} else {
+host = host_from_ram_block_offset(block, addr);
+}
 if (!host) {
 error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
 ret = -EINVAL;
@@ -2556,6 +2576,57 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 return ret;
 }
 
+/*
+ * colo cache: this is for secondary VM, we cache the whole
+ * memory of the secondary VM, it will be called after first migration.
+ */
+int 

[Qemu-devel] [PATCH COLO-Frame v12 22/38] COLO failover: Introduce state to record failover process

[zhanghailiang]

When handling failover, we do different things according to the different stage
of failover process, here we introduce a global atomic variable to record the
status of failover.

We add four failover status to indicate the different stage of failover process.
You should use the helpers to get and set the value.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
v11:
- fix several typos found by Dave
- Add Reviewed-by tag

Signed-off-by: zhanghailiang 
---
 include/migration/failover.h | 10 ++
 migration/colo-failover.c| 37 +
 migration/colo.c |  4 
 trace-events |  1 +
 4 files changed, 52 insertions(+)

diff --git a/include/migration/failover.h b/include/migration/failover.h
index 1785b52..882c625 100644
--- a/include/migration/failover.h
+++ b/include/migration/failover.h
@@ -15,6 +15,16 @@
 
 #include "qemu-common.h"
 
+typedef enum COLOFailoverStatus {
+FAILOVER_STATUS_NONE = 0,
+FAILOVER_STATUS_REQUEST = 1, /* Request but not handled */
+FAILOVER_STATUS_HANDLING = 2, /* In the process of handling failover */
+FAILOVER_STATUS_COMPLETED = 3, /* Finish the failover process */
+} COLOFailoverStatus;
+
+void failover_init_state(void);
+int failover_set_state(int old_state, int new_state);
+int failover_get_state(void);
 void failover_request_active(Error **errp);
 
 #endif
diff --git a/migration/colo-failover.c b/migration/colo-failover.c
index e3897c6..1b1be24 100644
--- a/migration/colo-failover.c
+++ b/migration/colo-failover.c
@@ -14,22 +14,59 @@
 #include "migration/failover.h"
 #include "qmp-commands.h"
 #include "qapi/qmp/qerror.h"
+#include "qemu/error-report.h"
+#include "trace.h"
 
 static QEMUBH *failover_bh;
+static COLOFailoverStatus failover_state;
 
 static void colo_failover_bh(void *opaque)
 {
+int old_state;
+
 qemu_bh_delete(failover_bh);
 failover_bh = NULL;
+old_state = failover_set_state(FAILOVER_STATUS_REQUEST,
+   FAILOVER_STATUS_HANDLING);
+if (old_state != FAILOVER_STATUS_REQUEST) {
+error_report("Unkown error for failover, old_state=%d", old_state);
+return;
+}
 /*TODO: Do failover work */
 }
 
 void failover_request_active(Error **errp)
 {
+   if (failover_set_state(FAILOVER_STATUS_NONE, FAILOVER_STATUS_REQUEST)
+ != FAILOVER_STATUS_NONE) {
+error_setg(errp, "COLO failover is already actived");
+return;
+}
 failover_bh = qemu_bh_new(colo_failover_bh, NULL);
 qemu_bh_schedule(failover_bh);
 }
 
+void failover_init_state(void)
+{
+failover_state = FAILOVER_STATUS_NONE;
+}
+
+int failover_set_state(int old_state, int new_state)
+{
+int old;
+
+old = atomic_cmpxchg(_state, old_state, new_state);
+if (old == old_state) {
+trace_colo_failover_set_state(new_state);
+}
+return old;
+}
+
+int failover_get_state(void)
+{
+return atomic_read(_state);
+}
+
 void qmp_x_colo_lost_heartbeat(Error **errp)
 {
 if (get_colo_mode() == COLO_MODE_UNKNOWN) {
diff --git a/migration/colo.c b/migration/colo.c
index 7098497..176384e 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -216,6 +216,8 @@ static void colo_process_checkpoint(MigrationState *s)
 int64_t current_time, checkpoint_time = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 int ret = 0;
 
+failover_init_state();
+
 s->rp_state.from_dst_file = qemu_file_get_return_path(s->to_dst_file);
 if (!s->rp_state.from_dst_file) {
 ret = -EINVAL;
@@ -324,6 +326,8 @@ void *colo_process_incoming_thread(void *opaque)
 migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_COLO);
 
+failover_init_state();
+
 mis->to_src_file = qemu_file_get_return_path(mis->from_src_file);
 if (!mis->to_src_file) {
 ret = -EINVAL;
diff --git a/trace-events b/trace-events
index 7f76029..3992b45 100644
--- a/trace-events
+++ b/trace-events
@@ -1583,6 +1583,7 @@ postcopy_ram_incoming_cleanup_join(void) ""
 colo_vm_state_change(const char *old, const char *new) "Change '%s' => '%s'"
 colo_put_cmd(const char *msg) "Send '%s' cmd"
 colo_get_cmd(const char *msg) "Receive '%s' cmd"
+colo_failover_set_state(int new_state) "new state %d"
 
 # kvm-all.c
 kvm_ioctl(int type, void *arg) "type 0x%x, arg %p"
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 34/38] filter-buffer: Accept zero interval

[zhanghailiang]

For default buffer filter, its 'interval' value is zero,
so here we should accept zero interval.

Signed-off-by: zhanghailiang 
Reviewed-by: Yang Hongyang 
Cc: Jason Wang 
---
v12:
- Add Reviewed-by tag
v11:
- Add comment
v10:
- new patch

Signed-off-by: zhanghailiang 
---
 net/filter-buffer.c | 10 --
 1 file changed, 10 deletions(-)

diff --git a/net/filter-buffer.c b/net/filter-buffer.c
index 9cf3544..8abac94 100644
--- a/net/filter-buffer.c
+++ b/net/filter-buffer.c
@@ -111,16 +111,6 @@ static void filter_buffer_setup(NetFilterState *nf, Error 
**errp)
 FilterBufferState *s = FILTER_BUFFER(nf);
 char *path = object_get_canonical_path_component(OBJECT(nf));
 
-/*
- * We may want to accept zero interval when VM FT solutions like MC
- * or COLO use this filter to release packets on demand.
- */
-if (!s->interval) {
-error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "interval",
-   "a non-zero interval");
-return;
-}
-
 s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
 nf->is_default = !strcmp(path, "nop");
 /*
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 21/38] COLO failover: Introduce a new command to trigger a failover

[zhanghailiang]

We leave users to choose whatever heartbeat solution they want, if the heartbeat
is lost, or other errors they detect, they can use experimental command
'x_colo_lost_heartbeat' to tell COLO to do failover, COLO will do operations
accordingly.

For example, if the command is sent to the PVM, the Primary side will
exit COLO mode and take over operation. If sent to the Secondary, the
secondary will run failover work, then take over server operation to
become the new Primary.

Cc: Luiz Capitulino 
Cc: Eric Blake 
Cc: Markus Armbruster 
Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
v11:
- Add more comments for x-colo-lost-heartbeat command (Eric's suggestion)
- Return 'enum' instead of 'int' for get_colo_mode() (Eric's suggestion)
v10:
- Rename command colo_lost_hearbeat to experimental 'x_colo_lost_heartbeat'

Signed-off-by: zhanghailiang 
---
 hmp-commands.hx  | 15 +++
 hmp.c|  8 
 hmp.h|  1 +
 include/migration/colo.h |  3 +++
 include/migration/failover.h | 20 
 migration/Makefile.objs  |  2 +-
 migration/colo-comm.c| 11 +++
 migration/colo-failover.c| 41 +
 migration/colo.c |  1 +
 qapi-schema.json | 29 +
 qmp-commands.hx  | 19 +++
 stubs/migration-colo.c   |  8 
 12 files changed, 157 insertions(+), 1 deletion(-)
 create mode 100644 include/migration/failover.h
 create mode 100644 migration/colo-failover.c

diff --git a/hmp-commands.hx b/hmp-commands.hx
index bb52e4d..a381b0b 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1039,6 +1039,21 @@ migration (or once already in postcopy).
 ETEXI
 
 {
+.name   = "x_colo_lost_heartbeat",
+.args_type  = "",
+.params = "",
+.help   = "Tell COLO that heartbeat is lost,\n\t\t\t"
+  "a failover or takeover is needed.",
+.mhandler.cmd = hmp_x_colo_lost_heartbeat,
+},
+
+STEXI
+@item x_colo_lost_heartbeat
+@findex x_colo_lost_heartbeat
+Tell COLO that heartbeat is lost, a failover or takeover is needed.
+ETEXI
+
+{
 .name   = "client_migrate_info",
 .args_type  = 
"protocol:s,hostname:s,port:i?,tls-port:i?,cert-subject:s?",
 .params = "protocol hostname port tls-port cert-subject",
diff --git a/hmp.c b/hmp.c
index ee87d38..dc6dc30 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1310,6 +1310,14 @@ void hmp_migrate_start_postcopy(Monitor *mon, const 
QDict *qdict)
 hmp_handle_error(mon, );
 }
 
+void hmp_x_colo_lost_heartbeat(Monitor *mon, const QDict *qdict)
+{
+Error *err = NULL;
+
+qmp_x_colo_lost_heartbeat();
+hmp_handle_error(mon, );
+}
+
 void hmp_set_password(Monitor *mon, const QDict *qdict)
 {
 const char *protocol  = qdict_get_str(qdict, "protocol");
diff --git a/hmp.h b/hmp.h
index a8c5b5a..864a300 100644
--- a/hmp.h
+++ b/hmp.h
@@ -70,6 +70,7 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict);
 void hmp_migrate_set_cache_size(Monitor *mon, const QDict *qdict);
 void hmp_client_migrate_info(Monitor *mon, const QDict *qdict);
 void hmp_migrate_start_postcopy(Monitor *mon, const QDict *qdict);
+void hmp_x_colo_lost_heartbeat(Monitor *mon, const QDict *qdict);
 void hmp_set_password(Monitor *mon, const QDict *qdict);
 void hmp_expire_password(Monitor *mon, const QDict *qdict);
 void hmp_eject(Monitor *mon, const QDict *qdict);
diff --git a/include/migration/colo.h b/include/migration/colo.h
index 2676c4a..ba27719 100644
--- a/include/migration/colo.h
+++ b/include/migration/colo.h
@@ -17,6 +17,7 @@
 #include "migration/migration.h"
 #include "qemu/coroutine_int.h"
 #include "qemu/thread.h"
+#include "qemu/main-loop.h"
 
 bool colo_supported(void);
 void colo_info_mig_init(void);
@@ -29,4 +30,6 @@ bool migration_incoming_enable_colo(void);
 void migration_incoming_exit_colo(void);
 void *colo_process_incoming_thread(void *opaque);
 bool migration_incoming_in_colo_state(void);
+
+COLOMode get_colo_mode(void);
 #endif
diff --git a/include/migration/failover.h b/include/migration/failover.h
new file mode 100644
index 000..1785b52
--- /dev/null
+++ b/include/migration/failover.h
@@ -0,0 +1,20 @@
+/*
+ *  COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ *  (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO.,LTD.
+ * Copyright (c) 2015 FUJITSU LIMITED
+ * Copyright (c) 2015 Intel Corporation
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_FAILOVER_H
+#define QEMU_FAILOVER_H
+
+#include "qemu-common.h"
+
+void 

[Qemu-devel] [PATCH COLO-Frame v12 29/38] COLO: Update the global runstate after going into colo state

[zhanghailiang]

If we start qemu with -S, the runstate will change from 'prelaunch' to 'running'
after going into colo state.
So it is necessary to update the global runstate after going into colo state.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
---
 migration/colo.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/migration/colo.c b/migration/colo.c
index a094991..62a0444 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -374,6 +374,11 @@ static void colo_process_checkpoint(MigrationState *s)
 qemu_mutex_unlock_iothread();
 trace_colo_vm_state_change("stop", "run");
 
+ret = global_state_store();
+if (ret < 0) {
+goto out;
+}
+
 while (s->state == MIGRATION_STATUS_COLO) {
 if (failover_request_is_active()) {
 error_report("failover request");
-- 
1.8.3.1

Re: [Qemu-devel] net: vmxnet3: memory leakage issue

[Miao Yan]

2015-12-14 19:58 GMT+08:00 P J P :
>   Hello Dmitry, Jason
>
> +-- On Sun, 13 Dec 2015, Dmitry Fleytman wrote --+
> | According to Linux driver code VMXNET3_CMD_QUIESCE_DEV does not flip
> | paused/active states. It always disables device, see vmxnet3_resume() for
> |
> | 
> ):
> |
> | Driver issues VMXNET3_CMD_QUIESCE_DEV to clear the device state and then
> | performs activate sequence to launch the device.
>
>   Yes, I did look through it. But it wasn't clear how it does flow control. As
> it resets the device on pause and loses any outstanding data. Whereas in the
> vmxnet3 emulator, upon deactivation it merely sets the 's->active_device' flag
> to be false, and the same is checked before receiving new packets. Do either
> of the vmxnet3 implementations perform flow control?(to avoid congestion)

So far as I know, vmxnet3 doesn't have a flow control spec.
Same is true for e1000 emulation layer in esxi, writing
to flow control register bits is ignored. Maybe there are
some buffering or throttling layer in-between that do not rely on pause frame.


>
> | So the correct fix should:
> |
> | 1. On device activation: check if device is active - do nothing
> | 2. In all places that set device_active to false, i.e. device quiesce, 
> reset and VMXNET3_REG_DSAL set to zero: deallocate tx/rx packets as done in 
> vmxnet3_net_uninit():
> |
> | net_tx_pkt_reset(s->tx_pkt);
> | net_tx_pkt_uninit(s->tx_pkt);
> | net_rx_pkt_uninit(s->rx_pkt);
> |
> | It could be a good idea to extend vmxnet3_deactivate_device() with those
> | lines and call it from every place that sets device_active to false or frees
> | TX/RX packets.
>
>   Right. Please see below a new tested patch which does this and fixes the
> host memory leakage issue. Does it look good?
>
> ===
> From d4b277788d518e915cc6c20488d587cb5716e96a Mon Sep 17 00:00:00 2001
> From: Prasad J Pandit 
> Date: Mon, 14 Dec 2015 16:56:52 +0530
> Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
>
> Vmxnet3 device emulator does not check if the device is active
> before activating it, also it did not free the transmit & receive
> buffers while deactivating the device, thus resulting in memory
> leakage on the host. This patch fixes both these issues to avoid
> host memory leakage.
>
> Reported-by: Qinghao Tang 
> Signed-off-by: Prasad J Pandit 
> ---
>  hw/net/vmxnet3.c | 18 --
>  1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index 37373e5..3936f12 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -1195,6 +1195,9 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
>  static void vmxnet3_deactivate_device(VMXNET3State *s)
>  {
>  VMW_CBPRN("Deactivating vmxnet3...");
> +vmxnet_tx_pkt_reset(s->tx_pkt);
> +vmxnet_tx_pkt_uninit(s->tx_pkt);
> +vmxnet_rx_pkt_uninit(s->rx_pkt);
>  s->device_active = false;
>  }
>
> @@ -1204,7 +1207,6 @@ static void vmxnet3_reset(VMXNET3State *s)
>
>  vmxnet3_deactivate_device(s);
>  vmxnet3_reset_interrupt_states(s);
> -vmxnet_tx_pkt_reset(s->tx_pkt);
>  s->drv_shmem = 0;
>  s->tx_sop = true;
>  s->skip_current_tx_pkt = false;
> @@ -1431,6 +1433,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
>  return;
>  }
>
> +/* Verify if device is active */
> +if (s->device_active) {
> +VMW_CFPRN("Vmxnet3 device is active");
> +return;
> +}
> +
>  vmxnet3_adjust_by_guest_type(s);
>  vmxnet3_update_features(s);
>  vmxnet3_update_pm_state(s);
> @@ -1627,7 +1635,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, 
> uint64_t cmd)
>  break;
>
>  case VMXNET3_CMD_QUIESCE_DEV:
> -VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
> +VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
>  vmxnet3_deactivate_device(s);
>  break;
>
> @@ -1741,7 +1749,7 @@ vmxnet3_io_bar1_write(void *opaque,
>   * shared address only after we get the high part
>   */
>  if (val == 0) {
> -s->device_active = false;
> +vmxnet3_deactivate_device(s);
>  }
>  s->temp_shared_guest_driver_memory = val;
>  s->drv_shmem = 0;
> @@ -2021,9 +2029,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
>  static void vmxnet3_net_uninit(VMXNET3State *s)
>  {
>  g_free(s->mcast_list);
> -vmxnet_tx_pkt_reset(s->tx_pkt);
> -vmxnet_tx_pkt_uninit(s->tx_pkt);
> -vmxnet_rx_pkt_uninit(s->rx_pkt);
> +vmxnet3_deactivate_device(s);
>  qemu_del_nic(s->nic);
>  }
>
> --
> 2.4.3
> ===
>
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>

[Qemu-devel] [PATCH] net/slirp: Tell the users when they are using deprecated options

[Thomas Huth]

We don't want to support the legacy -tftp, -bootp, -smb and
-net channel options forever. So let's start telling the users
that they will go away in a future version.

Signed-off-by: Thomas Huth 
---
 net/slirp.c | 3 +++
 os-posix.c  | 3 +++
 vl.c| 6 ++
 3 files changed, 12 insertions(+)

diff --git a/net/slirp.c b/net/slirp.c
index f505570..65e3766 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -784,6 +784,9 @@ int net_slirp_parse_legacy(QemuOptsList *opts_list, const 
char *optarg, int *ret
 return 0;
 }
 
+error_report("The -net channel option is deprecated and "
+ "will be removed in a future version.");
+
 /* handle legacy -net channel,port:chr */
 optarg += strlen("channel,");
 
diff --git a/os-posix.c b/os-posix.c
index e4da406..3f62f7c 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -40,6 +40,7 @@
 #include "net/slirp.h"
 #include "qemu-options.h"
 #include "qemu/rcu.h"
+#include "qemu/error-report.h"
 
 #ifdef CONFIG_LINUX
 #include 
@@ -139,6 +140,8 @@ void os_parse_cmd_args(int index, const char *optarg)
 switch (index) {
 #ifdef CONFIG_SLIRP
 case QEMU_OPTION_smb:
+error_report("The -smb option is deprecated and "
+ "will be removed in a future version.");
 if (net_slirp_smb(optarg) < 0)
 exit(1);
 break;
diff --git a/vl.c b/vl.c
index 4211ff1..fa829c0 100644
--- a/vl.c
+++ b/vl.c
@@ -3314,12 +3314,18 @@ int main(int argc, char **argv, char **envp)
 #endif
 #ifdef CONFIG_SLIRP
 case QEMU_OPTION_tftp:
+error_report("The -tftp option is deprecated and "
+ "will be removed in a future version.");
 legacy_tftp_prefix = optarg;
 break;
 case QEMU_OPTION_bootp:
+error_report("The -bootp option is deprecated and "
+ "will be removed in a future version.");
 legacy_bootp_filename = optarg;
 break;
 case QEMU_OPTION_redir:
+error_report("The -redir option is deprecated and "
+ "will be removed in a future version.");
 if (net_slirp_redir(optarg) < 0)
 exit(1);
 break;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH COLO-Frame v12 26/38] COLO failover: Shutdown related socket fd when do failover

[Dr. David Alan Gilbert]

* zhanghailiang (zhang.zhanghaili...@huawei.com) wrote:
> If the net connection between COLO's two sides is broken while colo/colo 
> incoming
> thread is blocked in 'read'/'write' socket fd. It will not detect this error 
> until
> connect timeout. It will be a long time.
> 
> Here we shutdown all the related socket file descriptors to wake up the 
> blocking
> operation in failover BH. Besides, we should close the corresponding file 
> descriptors
> after failvoer BH shutdown them, or there will be an error.
> 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Zhijian 

Reviewed-by: Dr. David Alan Gilbert 

> ---
> v12:
> - Shutdown both QEMUFile's fd though they may use the same fd. (Dave's 
> suggestion)
> v11:
> - Only shutdown fd for once
> 
> Signed-off-by: zhanghailiang 
> ---
>  migration/colo.c | 42 --
>  1 file changed, 40 insertions(+), 2 deletions(-)
> 
> diff --git a/migration/colo.c b/migration/colo.c
> index d06c14f..58531e7 100644
> --- a/migration/colo.c
> +++ b/migration/colo.c
> @@ -60,6 +60,18 @@ static void secondary_vm_do_failover(void)
>  /* recover runstate to normal migration finish state */
>  autostart = true;
>  }
> +/*
> +* Make sure colo incoming thread not block in recv or send,
> +* If mis->from_src_file and mis->to_src_file use the same fd,
> +* The second shutdown() will return -1, we ignore this value,
> +* it is harmless.
> +*/
> +if (mis->from_src_file) {
> +qemu_file_shutdown(mis->from_src_file);
> +}
> +if (mis->to_src_file) {
> +qemu_file_shutdown(mis->to_src_file);
> +}
>  
>  old_state = failover_set_state(FAILOVER_STATUS_HANDLING,
> FAILOVER_STATUS_COMPLETED);
> @@ -82,6 +94,18 @@ static void primary_vm_do_failover(void)
>  migrate_set_state(>state, MIGRATION_STATUS_COLO,
>MIGRATION_STATUS_COMPLETED);
>  
> +/*
> +* Make sure colo thread no block in recv or send,
> +* The s->rp_state.from_dst_file and s->to_dst_file may use the
> +* same fd, but we still shutdown the fd for twice, it is harmless.
> +*/
> +if (s->to_dst_file) {
> +qemu_file_shutdown(s->to_dst_file);
> +}
> +if (s->rp_state.from_dst_file) {
> +qemu_file_shutdown(s->rp_state.from_dst_file);
> +}
> +
>  old_state = failover_set_state(FAILOVER_STATUS_HANDLING,
> FAILOVER_STATUS_COMPLETED);
>  if (old_state != FAILOVER_STATUS_HANDLING) {
> @@ -348,7 +372,7 @@ static void colo_process_checkpoint(MigrationState *s)
>  }
>  
>  out:
> -if (ret < 0) {
> +if (ret < 0 || (!ret && !failover_request_is_active())) {
>  error_report("%s: %s", __func__, strerror(-ret));
>  qapi_event_send_colo_exit(COLO_MODE_PRIMARY, COLO_EXIT_REASON_ERROR,
>true, strerror(-ret), NULL);
> @@ -360,6 +384,15 @@ out:
>  qsb_free(buffer);
>  buffer = NULL;
>  
> +/* Hope this not to be too long to loop here */
> +while (failover_get_state() != FAILOVER_STATUS_COMPLETED) {
> +;
> +}
> +/*
> +* Must be called after failover BH is completed,
> +* Or the failover BH may shutdown the wrong fd, that
> +* re-used by other thread after we release here.
> +*/
>  if (s->rp_state.from_dst_file) {
>  qemu_fclose(s->rp_state.from_dst_file);
>  }
> @@ -519,7 +552,7 @@ void *colo_process_incoming_thread(void *opaque)
>  }
>  
>  out:
> -if (ret < 0) {
> +if (ret < 0 || (!ret && !failover_request_is_active())) {
>  error_report("colo incoming thread will exit, detect error: %s",
>   strerror(-ret));
>  qapi_event_send_colo_exit(COLO_MODE_SECONDARY, 
> COLO_EXIT_REASON_ERROR,
> @@ -539,6 +572,11 @@ out:
>  */
>  colo_release_ram_cache();
>  
> +/* Hope this not to be too long to loop here */
> +while (failover_get_state() != FAILOVER_STATUS_COMPLETED) {
> +;
> +}
> +/* Must be called after failover BH is completed */
>  if (mis->to_src_file) {
>  qemu_fclose(mis->to_src_file);
>  }
> -- 
> 1.8.3.1
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PULL 3/5] usb-mtp: Add support for inotify based file monitoring

[Gerd Hoffmann]

From: Bandan Das 

For now, we use inotify watches to track only a small number of
events, namely, add, delete and modify. Note that for delete, the kernel
already deactivates the watch for us and we just need to
take care of modifying our internal state.

inotify is a linux only mechanism.

Suggested-by: Gerd Hoffman 
Signed-off-by: Bandan Das 
Message-id: 1448314625-3855-4-git-send-email-...@redhat.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-mtp.c | 229 +++
 trace-events |   1 +
 2 files changed, 230 insertions(+)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 5b71691..def2f5e 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -15,6 +15,10 @@
 
 #include 
 #include 
+#ifdef __linux__
+#include 
+#include "qemu/main-loop.h"
+#endif
 
 #include "qemu-common.h"
 #include "qemu/iov.h"
@@ -62,6 +66,11 @@ enum mtp_code {
 /* format codes */
 FMT_UNDEFINED_OBJECT   = 0x3000,
 FMT_ASSOCIATION= 0x3001,
+
+/* event codes */
+EVT_OBJ_ADDED  = 0x4002,
+EVT_OBJ_REMOVED= 0x4003,
+EVT_OBJ_INFO_CHANGED   = 0x4007,
 };
 
 typedef struct {
@@ -84,6 +93,17 @@ enum {
 EP_EVENT,
 };
 
+#ifdef __linux__
+typedef struct MTPMonEntry MTPMonEntry;
+
+struct MTPMonEntry {
+uint32_t event;
+uint32_t handle;
+
+QTAILQ_ENTRY(MTPMonEntry) next;
+};
+#endif
+
 struct MTPControl {
 uint16_t code;
 uint32_t trans;
@@ -108,6 +128,10 @@ struct MTPObject {
 char *name;
 char *path;
 struct stat  stat;
+#ifdef __linux__
+/* inotify watch cookie */
+int  watchfd;
+#endif
 MTPObject*parent;
 uint32_t nchildren;
 QLIST_HEAD(, MTPObject) children;
@@ -129,6 +153,11 @@ struct MTPState {
 uint32_t next_handle;
 
 QTAILQ_HEAD(, MTPObject) objects;
+#ifdef __linux__
+/* inotify descriptor */
+int  inotifyfd;
+QTAILQ_HEAD(events, MTPMonEntry) events;
+#endif
 };
 
 #define TYPE_USB_MTP "usb-mtp"
@@ -372,6 +401,185 @@ static MTPObject *usb_mtp_add_child(MTPState *s, 
MTPObject *o,
 return child;
 }
 
+#ifdef __linux__
+static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent,
+ char *name, int len)
+{
+MTPObject *iter;
+
+QLIST_FOREACH(iter, >children, list) {
+if (strncmp(iter->name, name, len) == 0) {
+return iter;
+}
+}
+
+return NULL;
+}
+
+static MTPObject *usb_mtp_object_lookup_wd(MTPState *s, int wd)
+{
+MTPObject *iter;
+
+QTAILQ_FOREACH(iter, >objects, next) {
+if (iter->watchfd == wd) {
+return iter;
+}
+}
+
+return NULL;
+}
+
+static void inotify_watchfn(void *arg)
+{
+MTPState *s = arg;
+ssize_t bytes;
+/* From the man page: atleast one event can be read */
+int len = sizeof(struct inotify_event) + NAME_MAX + 1;
+int pos;
+char buf[len];
+
+for (;;) {
+bytes = read(s->inotifyfd, buf, len);
+pos = 0;
+
+if (bytes <= 0) {
+/* Better luck next time */
+return;
+}
+
+/*
+ * TODO: Ignore initiator initiated events.
+ * For now we are good because the store is RO
+ */
+while (bytes > 0) {
+char *p = buf + pos;
+struct inotify_event *event = (struct inotify_event *)p;
+int watchfd = 0;
+uint32_t mask = event->mask & (IN_CREATE | IN_DELETE |
+   IN_MODIFY | IN_IGNORED);
+MTPObject *parent = usb_mtp_object_lookup_wd(s, event->wd);
+MTPMonEntry *entry = NULL;
+MTPObject *o;
+
+pos = pos + sizeof(struct inotify_event) + event->len;
+bytes = bytes - pos;
+
+if (!parent) {
+continue;
+}
+
+switch (mask) {
+case IN_CREATE:
+if (usb_mtp_object_lookup_name
+(parent, event->name, event->len)) {
+/* Duplicate create event */
+continue;
+}
+entry = g_new0(MTPMonEntry, 1);
+entry->handle = s->next_handle;
+entry->event = EVT_OBJ_ADDED;
+o = usb_mtp_add_child(s, parent, event->name);
+if (!o) {
+g_free(entry);
+continue;
+}
+o->watchfd = watchfd;
+trace_usb_mtp_inotify_event(s->dev.addr, event->name,
+event->mask, "Obj Added");
+break;
+
+case IN_DELETE:
+/*
+ * The kernel issues a IN_IGNORED event
+ * when a dir containing a watchpoint is
+ 

Re: [Qemu-devel] net: vmxnet3: memory leakage issue

[P J P]

+-- On Tue, 15 Dec 2015, Dmitry Fleytman wrote --+
| Hello Prasad,
| 
| Looks good.
| Reviewed-by: Dmitry Fleytman 

Great! Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH 3/4] error: Clean up errors with embedded newlines (again), part 2

[Markus Armbruster]

Fam Zheng  writes:

> On Mon, 12/14 10:42, Markus Armbruster wrote:
>> Laszlo Ersek  writes:
>> 
>> > On 12/10/15 18:23, Markus Armbruster wrote:
>> >> The arguments of error_setg() & friends should yield a short error
>> >> string without newlines.
>> >> 
>> >> A few places try to append additional help to the error message by
>> >> embedding newlines in the error string.  That's nice, but let's do it
>> >> the right way, with error_append_hint().  Offenders tracked down with
>> >> the Coccinelle semantic patch from commit 312fd5f.
>> >> 
>> >> Cc: Jeff Cody 
>> >> Cc: Fam Zheng 
>> >> Cc: Laszlo Ersek 
>> >> Signed-off-by: Markus Armbruster 
>> >> ---
>> >>  block/vhdx-log.c |  9 +
>> >>  block/vmdk.c |  9 ++---
>> >>  hw/i386/kvm/pci-assign.c | 12 ++--
>> >>  3 files changed, 17 insertions(+), 13 deletions(-)
>> >> 
>> >> diff --git a/block/vhdx-log.c b/block/vhdx-log.c
>> >> index 47ae4b1..2ac8693 100644
>> >> --- a/block/vhdx-log.c
>> >> +++ b/block/vhdx-log.c
>> >> @@ -786,10 +786,11 @@ int vhdx_parse_log(BlockDriverState *bs, 
>> >> BDRVVHDXState *s, bool *flushed,
>> >>  ret = -EPERM;
>> >>  error_setg_errno(errp, EPERM,
>> >>   "VHDX image file '%s' opened read-only, but 
>> >> "
>> >> - "contains a log that needs to be replayed.  
>> >> To "
>> >> - "replay the log, execute:\n qemu-img check 
>> >> -r "
>> >> - "all '%s'",
>> >> - bs->filename, bs->filename);
>> >> + "contains a log that needs to be replayed",
>> >> + bs->filename);
>> >> +error_append_hint(errp,  "To replay the log, run:\n"
>> >> +  "qemu-img check -r all '%s'\n",
>> >> +  bs->filename);
>> >
>> > This doesn't seem right. In error_report_err(), the hint is printed
>> > ("unless QMP") with an additional \n:
>> >
>> > void error_report_err(Error *err)
>> > {
>> > error_report("%s", error_get_pretty(err));
>> > if (err->hint) {
>> > error_printf_unless_qmp("%s\n", err->hint->str);
>> > }
>> > error_free(err);
>> > }
>> >
>> > Hence we shouldn't add the final \n to the hint.
>> 
>> You're right.
>> 
>> >
>> >>  goto exit;
>> >>  }
>> >>  /* now flush the log */
>> >> diff --git a/block/vmdk.c b/block/vmdk.c
>> >> index b4a224e..3a4c4ed 100644
>> >> --- a/block/vmdk.c
>> >> +++ b/block/vmdk.c
>> >> @@ -794,18 +794,21 @@ static int vmdk_parse_extents(const char *desc, 
>> >> BlockDriverState *bs,
>> >>  goto next_line;
>> >>  } else if (!strcmp(type, "FLAT")) {
>> >>  if (matches != 5 || flat_offset < 0) {
>> >> -error_setg(errp, "Invalid extent lines: \n%s", p);
>> >> +error_setg(errp, "Invalid extent lines");
>> >> +error_append_hint(errp, "%s", p);
>> >
>> > Looks good.
>> 
>> Unless @p ends with a newline.
>> 
>> error_report_err() would report this error as
>> 
>> [TIMESTAMP:][LOCATION: ]Invalid extent lines
>> 
>> 
>> 
>> 
>> I figure this would make more sense:
>> 
>> [TIMESTAMP:][LOCATION: ]Invalid extent line: > doesn't parse>
>
> Yes, it's better in every way!

Okay, I'll try to do this for v2.

[...]

[Qemu-devel] [PATCH COLO-Frame v12 02/38] migration: Introduce capability 'x-colo' to migration

[zhanghailiang]

We add helper function colo_supported() to indicate whether
colo is supported or not, with which we use to control whether or not
showing 'x-colo' string to users, they can use qmp command
'query-migrate-capabilities' or hmp command 'info migrate_capabilities'
to learn if colo is supported.

Cc: Juan Quintela 
Cc: Amit Shah 
Cc: Eric Blake 
Cc: Markus Armbruster 
Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Eric Blake 
---
v10:
- Rename capability 'colo' to experimental 'x-colo' (Eric's suggestion).
- Rename migrate_enable_colo() to migrate_colo_enabled() (Eric's suggestion).

Signed-off-by: zhanghailiang 
---
 include/migration/colo.h  | 20 
 include/migration/migration.h |  1 +
 migration/Makefile.objs   |  1 +
 migration/colo.c  | 18 ++
 migration/migration.c | 17 +
 qapi-schema.json  |  6 +-
 qmp-commands.hx   |  1 +
 stubs/Makefile.objs   |  1 +
 stubs/migration-colo.c| 18 ++
 9 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 include/migration/colo.h
 create mode 100644 migration/colo.c
 create mode 100644 stubs/migration-colo.c

diff --git a/include/migration/colo.h b/include/migration/colo.h
new file mode 100644
index 000..c60a590
--- /dev/null
+++ b/include/migration/colo.h
@@ -0,0 +1,20 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2015 FUJITSU LIMITED
+ * Copyright (c) 2015 Intel Corporation
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_COLO_H
+#define QEMU_COLO_H
+
+#include "qemu-common.h"
+
+bool colo_supported(void);
+
+#endif
diff --git a/include/migration/migration.h b/include/migration/migration.h
index fd018b7..1f004e4 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -268,6 +268,7 @@ int xbzrle_decode_buffer(uint8_t *src, int slen, uint8_t 
*dst, int dlen);
 
 int migrate_use_xbzrle(void);
 int64_t migrate_xbzrle_cache_size(void);
+bool migrate_colo_enabled(void);
 
 int64_t xbzrle_cache_resize(int64_t new_size);
 
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 0cac6d7..65ecc35 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,4 +1,5 @@
 common-obj-y += migration.o tcp.o
+common-obj-$(CONFIG_COLO) += colo.o
 common-obj-y += vmstate.o
 common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o qemu-file-stdio.o
 common-obj-y += xbzrle.o postcopy-ram.o
diff --git a/migration/colo.c b/migration/colo.c
new file mode 100644
index 000..2c40d2e
--- /dev/null
+++ b/migration/colo.c
@@ -0,0 +1,18 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2015 FUJITSU LIMITED
+ * Copyright (c) 2015 Intel Corporation
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "migration/colo.h"
+
+bool colo_supported(void)
+{
+return true;
+}
diff --git a/migration/migration.c b/migration/migration.c
index adc6b6f..0d525ee 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -33,6 +33,7 @@
 #include "qom/cpu.h"
 #include "exec/memory.h"
 #include "exec/address-spaces.h"
+#include "migration/colo.h"
 
 #define MAX_THROTTLE  (32 << 20)  /* Migration transfer speed throttling */
 
@@ -480,6 +481,9 @@ MigrationCapabilityStatusList 
*qmp_query_migrate_capabilities(Error **errp)
 
 caps = NULL; /* silence compiler warning */
 for (i = 0; i < MIGRATION_CAPABILITY_MAX; i++) {
+if (i == MIGRATION_CAPABILITY_X_COLO && !colo_supported()) {
+continue;
+}
 if (head == NULL) {
 head = g_malloc0(sizeof(*caps));
 caps = head;
@@ -679,6 +683,13 @@ void 
qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
 }
 
 for (cap = params; cap; cap = cap->next) {
+if (cap->value->capability == MIGRATION_CAPABILITY_X_COLO &&
+!colo_supported()) {
+error_setg(errp, "COLO is not currently supported, please"
+ " configure with --enable-colo option in order to"
+ " support COLO feature");
+continue;
+}
 s->enabled_capabilities[cap->value->capability] = cap->value->state;
 }
 
@@ -1581,6 

[Qemu-devel] [PATCH COLO-Frame v12 08/38] migration: Rename the'file' member of MigrationState

[zhanghailiang]

Rename the 'file' member of MigrationState to 'to_dst_file'.

Signed-off-by: zhanghailiang 
Reviewed-by: Dr. David Alan Gilbert 
---
v12:
- Add Reviewed-by tag
- Add the missed modification for RDMA migration. (Found by Wen Congyang)
v11:
- Only rename 'file' member of MigrationState

Signed-off-by: zhanghailiang 
---
 include/migration/migration.h |  2 +-
 migration/exec.c  |  4 +--
 migration/fd.c|  4 +--
 migration/migration.c | 72 ++-
 migration/postcopy-ram.c  |  6 ++--
 migration/rdma.c  |  2 +-
 migration/savevm.c|  2 +-
 migration/tcp.c   |  4 +--
 migration/unix.c  |  4 +--
 9 files changed, 52 insertions(+), 48 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index a57a734..ba5bcec 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -140,7 +140,7 @@ struct MigrationState
 size_t xfer_limit;
 QemuThread thread;
 QEMUBH *cleanup_bh;
-QEMUFile *file;
+QEMUFile *to_dst_file;
 int parameters[MIGRATION_PARAMETER_MAX];
 
 int state;
diff --git a/migration/exec.c b/migration/exec.c
index 8406d2b..9037109 100644
--- a/migration/exec.c
+++ b/migration/exec.c
@@ -36,8 +36,8 @@
 
 void exec_start_outgoing_migration(MigrationState *s, const char *command, 
Error **errp)
 {
-s->file = qemu_popen_cmd(command, "w");
-if (s->file == NULL) {
+s->to_dst_file = qemu_popen_cmd(command, "w");
+if (s->to_dst_file == NULL) {
 error_setg_errno(errp, errno, "failed to popen the migration target");
 return;
 }
diff --git a/migration/fd.c b/migration/fd.c
index 3e4bed0..9a9d6c5 100644
--- a/migration/fd.c
+++ b/migration/fd.c
@@ -50,9 +50,9 @@ void fd_start_outgoing_migration(MigrationState *s, const 
char *fdname, Error **
 }
 
 if (fd_is_socket(fd)) {
-s->file = qemu_fopen_socket(fd, "wb");
+s->to_dst_file = qemu_fopen_socket(fd, "wb");
 } else {
-s->file = qemu_fdopen(fd, "wb");
+s->to_dst_file = qemu_fdopen(fd, "wb");
 }
 
 migrate_fd_connect(s);
diff --git a/migration/migration.c b/migration/migration.c
index d5691c2..a1074c3 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -834,7 +834,7 @@ static void migrate_fd_cleanup(void *opaque)
 
 flush_page_queue(s);
 
-if (s->file) {
+if (s->to_dst_file) {
 trace_migrate_fd_cleanup();
 qemu_mutex_unlock_iothread();
 if (s->migration_thread_running) {
@@ -844,8 +844,8 @@ static void migrate_fd_cleanup(void *opaque)
 qemu_mutex_lock_iothread();
 
 migrate_compress_threads_join();
-qemu_fclose(s->file);
-s->file = NULL;
+qemu_fclose(s->to_dst_file);
+s->to_dst_file = NULL;
 }
 
 assert((s->state != MIGRATION_STATUS_ACTIVE) &&
@@ -862,7 +862,7 @@ static void migrate_fd_cleanup(void *opaque)
 void migrate_fd_error(MigrationState *s)
 {
 trace_migrate_fd_error();
-assert(s->file == NULL);
+assert(s->to_dst_file == NULL);
 migrate_set_state(>state, MIGRATION_STATUS_SETUP,
   MIGRATION_STATUS_FAILED);
 notifier_list_notify(_state_notifiers, s);
@@ -871,7 +871,7 @@ void migrate_fd_error(MigrationState *s)
 static void migrate_fd_cancel(MigrationState *s)
 {
 int old_state ;
-QEMUFile *f = migrate_get_current()->file;
+QEMUFile *f = migrate_get_current()->to_dst_file;
 trace_migrate_fd_cancel();
 
 if (s->rp_state.from_dst_file) {
@@ -942,7 +942,7 @@ MigrationState *migrate_init(const MigrationParams *params)
 s->bytes_xfer = 0;
 s->xfer_limit = 0;
 s->cleanup_bh = 0;
-s->file = NULL;
+s->to_dst_file = NULL;
 s->state = MIGRATION_STATUS_NONE;
 s->params = *params;
 s->rp_state.from_dst_file = NULL;
@@ -1122,8 +1122,9 @@ void qmp_migrate_set_speed(int64_t value, Error **errp)
 
 s = migrate_get_current();
 s->bandwidth_limit = value;
-if (s->file) {
-qemu_file_set_rate_limit(s->file, s->bandwidth_limit / 
XFER_LIMIT_RATIO);
+if (s->to_dst_file) {
+qemu_file_set_rate_limit(s->to_dst_file,
+ s->bandwidth_limit / XFER_LIMIT_RATIO);
 }
 }
 
@@ -1393,7 +1394,7 @@ out:
 static int open_return_path_on_source(MigrationState *ms)
 {
 
-ms->rp_state.from_dst_file = qemu_file_get_return_path(ms->file);
+ms->rp_state.from_dst_file = qemu_file_get_return_path(ms->to_dst_file);
 if (!ms->rp_state.from_dst_file) {
 return -1;
 }
@@ -1415,7 +1416,7 @@ static int 
await_return_path_close_on_source(MigrationState *ms)
  * rp_thread will exit, however if there's an error we need to cause
  * it to exit.
  */
-if (qemu_file_get_error(ms->file) && ms->rp_state.from_dst_file) {
+if 

[Qemu-devel] [PATCH COLO-Frame v12 17/38] COLO: Load VMState into qsb before restore it

[zhanghailiang]

We should not destroy the state of SVM (Secondary VM) until we receive the whole
state from the PVM (Primary VM), in case the primary fails in the middle of 
sending
the state, so, here we cache the device state in Secondary before restore it.

Besides, we should call qemu_system_reset() before load VM state,
which can ensure the data is intact.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Zhijian 
Signed-off-by: Gonglei 
Reviewed-by: Dr. David Alan Gilbert 
Cc: Dr. David Alan Gilbert 

---
v12:
- Use the new helper colo_get_cmd_value() instead of colo_ctl_get()

Signed-off-by: zhanghailiang 
---
 migration/colo.c | 68 ++--
 1 file changed, 66 insertions(+), 2 deletions(-)

diff --git a/migration/colo.c b/migration/colo.c
index 5ff4946..a4d49ff 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -107,6 +107,21 @@ static int colo_get_check_cmd(QEMUFile *f, uint32_t 
expect_cmd)
 return 0;
 }
 
+static int colo_get_cmd_value(QEMUFile *f, uint32_t expect_cmd, uint64_t 
*value)
+{
+int ret;
+
+ret = colo_get_check_cmd(f, expect_cmd);
+if (ret < 0) {
+return ret;
+}
+
+*value = qemu_get_be64(f);
+ret = qemu_file_get_error(f);
+
+return ret;
+}
+
 static int colo_do_checkpoint_transaction(MigrationState *s,
   QEMUSizedBuffer *buffer)
 {
@@ -287,7 +302,11 @@ static int colo_wait_handle_cmd(QEMUFile *f, int 
*checkpoint_request)
 void *colo_process_incoming_thread(void *opaque)
 {
 MigrationIncomingState *mis = opaque;
+QEMUFile *fb = NULL;
+QEMUSizedBuffer *buffer = NULL; /* Cache incoming device state */
+uint64_t  total_size;
 int ret = 0;
+uint64_t value;
 
 migrate_set_state(>state, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_COLO);
@@ -310,6 +329,12 @@ void *colo_process_incoming_thread(void *opaque)
 goto out;
 }
 
+buffer = qsb_create(NULL, COLO_BUFFER_BASE_SIZE);
+if (buffer == NULL) {
+error_report("Failed to allocate colo buffer!");
+goto out;
+}
+
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_CHECKPOINT_READY);
 if (ret < 0) {
 goto out;
@@ -338,19 +363,53 @@ void *colo_process_incoming_thread(void *opaque)
 goto out;
 }
 
-/* TODO: read migration data into colo buffer */
+/* read the VM state total size first */
+ret = colo_get_cmd_value(mis->from_src_file,
+ COLO_COMMAND_VMSTATE_SIZE, );
+if (ret < 0) {
+error_report("%s: Failed to get vmstate size", __func__);
+goto out;
+}
+
+/* read vm device state into colo buffer */
+total_size = qsb_fill_buffer(buffer, mis->from_src_file, value);
+if (total_size != value) {
+error_report("Got %lu VMState data, less than expected %lu",
+ total_size, value);
+ret = -EINVAL;
+goto out;
+}
 
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_VMSTATE_RECEIVED);
 if (ret < 0) {
 goto out;
 }
 
-/* TODO: load vm state */
+/* open colo buffer for read */
+fb = qemu_bufopen("r", buffer);
+if (!fb) {
+error_report("can't open colo buffer for read");
+goto out;
+}
+
+qemu_mutex_lock_iothread();
+qemu_system_reset(VMRESET_SILENT);
+if (qemu_loadvm_state(fb) < 0) {
+error_report("COLO: loadvm failed");
+qemu_mutex_unlock_iothread();
+goto out;
+}
+qemu_mutex_unlock_iothread();
+
+/* TODO: flush vm state */
 
 ret = colo_put_cmd(mis->to_src_file, COLO_COMMAND_VMSTATE_LOADED);
 if (ret < 0) {
 goto out;
 }
+
+qemu_fclose(fb);
+fb = NULL;
 }
 
 out:
@@ -359,6 +418,11 @@ out:
  strerror(-ret));
 }
 
+if (fb) {
+qemu_fclose(fb);
+}
+qsb_free(buffer);
+
 qemu_mutex_lock_iothread();
 colo_release_ram_cache();
 qemu_mutex_unlock_iothread();
-- 
1.8.3.1

[Qemu-devel] [PATCH COLO-Frame v12 35/38] filter-buffer: Introduce a helper function to enable/disable default filter

[zhanghailiang]

The default buffer filter doesn't buffer packets in default,
but we need to buffer packets for COLO or Micro-checkpoint,
Here we add a helper function to enable/disable filter's buffer
capability.

Signed-off-by: zhanghailiang 
Cc: Jason Wang 
Cc: Yang Hongyang 
---
v12:
- Rename the heler function to qemu_set_default_filters_status()
v11:
- New patch

Signed-off-by: zhanghailiang 
---
 include/net/filter.h |  1 +
 include/net/net.h|  4 
 net/filter-buffer.c  | 19 +++
 net/net.c| 29 +
 4 files changed, 53 insertions(+)

diff --git a/include/net/filter.h b/include/net/filter.h
index 40aa38c..08aa604 100644
--- a/include/net/filter.h
+++ b/include/net/filter.h
@@ -84,4 +84,5 @@ static inline bool qemu_need_skip_netfilter(NetFilterState 
*nf)
 void netdev_add_default_filter_buffer(const char *netdev_id,
   NetFilterDirection direction,
   Error **errp);
+void qemu_set_default_filters_status(bool enable);
 #endif /* QEMU_NET_FILTER_H */
diff --git a/include/net/net.h b/include/net/net.h
index 7af3e15..5c65c45 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -125,6 +125,10 @@ NetClientState *qemu_find_vlan_client_by_name(Monitor 
*mon, int vlan_id,
   const char *client_str);
 typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque);
 void qemu_foreach_nic(qemu_nic_foreach func, void *opaque);
+typedef void (*qemu_netfilter_foreach)(NetFilterState *nf, void *opaque,
+   Error **errp);
+void qemu_foreach_netfilter(qemu_netfilter_foreach func, void *opaque,
+Error **errp);
 int qemu_can_send_packet(NetClientState *nc);
 ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov,
   int iovcnt);
diff --git a/net/filter-buffer.c b/net/filter-buffer.c
index 8abac94..90a50cc 100644
--- a/net/filter-buffer.c
+++ b/net/filter-buffer.c
@@ -169,6 +169,25 @@ out:
 error_propagate(errp, local_err);
 }
 
+static void set_default_filter_status(NetFilterState *nf,
+  void *opaque,
+  Error **errp)
+{
+if (!strcmp(object_get_typename(OBJECT(nf)), TYPE_FILTER_BUFFER)) {
+bool *status = opaque;
+
+if (nf->is_default) {
+nf->enabled = *status;
+}
+}
+}
+
+void qemu_set_default_filters_status(bool enable)
+{
+qemu_foreach_netfilter(set_default_filter_status,
+   , NULL);
+}
+
 /*
 * This will be used by COLO or MC FT, for which they will need
 * to buffer the packets of VM's net devices, Here we add a default
diff --git a/net/net.c b/net/net.c
index d04d872..75b828e 100644
--- a/net/net.c
+++ b/net/net.c
@@ -259,6 +259,35 @@ static char *assign_name(NetClientState *nc1, const char 
*model)
 return g_strdup_printf("%s.%d", model, id);
 }
 
+void qemu_foreach_netfilter(qemu_netfilter_foreach func, void *opaque,
+Error **errp)
+{
+NetClientState *nc;
+NetFilterState *nf;
+
+QTAILQ_FOREACH(nc, _clients, next) {
+if (nc->info->type == NET_CLIENT_OPTIONS_KIND_NIC) {
+continue;
+}
+/* FIXME: Not support multiqueue */
+if (nc->queue_index > 1) {
+error_setg(errp, "%s: multiqueue is not supported", __func__);
+return;
+}
+QTAILQ_FOREACH(nf, >filters, next) {
+if (func) {
+Error *local_err = NULL;
+
+func(nf, opaque, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+}
+}
+}
+}
+
 static void qemu_net_client_destructor(NetClientState *nc)
 {
 g_free(nc);
-- 
1.8.3.1